2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
28 #include <sys/param.h>
29 #include <sys/sockio.h>
30 #include <sys/sysctl.h>
32 #include <sys/mutex.h>
34 #include <sys/kernel.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
40 #include <sys/endian.h>
41 #include <sys/linker.h>
42 #include <sys/firmware.h>
45 #include <machine/bus.h>
46 #include <machine/resource.h>
51 #include <net/if_var.h>
52 #include <net/if_arp.h>
53 #include <net/ethernet.h>
54 #include <net/if_dl.h>
55 #include <net/if_media.h>
56 #include <net/if_types.h>
58 #include <netinet/in.h>
59 #include <netinet/in_systm.h>
60 #include <netinet/in_var.h>
61 #include <netinet/if_ether.h>
62 #include <netinet/ip.h>
64 #include <net80211/ieee80211_var.h>
65 #include <net80211/ieee80211_regdomain.h>
66 #include <net80211/ieee80211_radiotap.h>
67 #include <net80211/ieee80211_ratectl.h>
69 #include <dev/usb/usb.h>
70 #include <dev/usb/usbdi.h>
73 #define USB_DEBUG_VAR run_debug
74 #include <dev/usb/usb_debug.h>
75 #include <dev/usb/usb_msctest.h>
77 #include <dev/usb/wlan/if_runreg.h>
78 #include <dev/usb/wlan/if_runvar.h>
86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
97 RUN_DEBUG_USB = 0x00000040, /* usb requests */
98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
100 RUN_DEBUG_INTR = 0x00000200, /* ISR */
101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
108 RUN_DEBUG_CMD = 0x00020000, /* command queue */
109 RUN_DEBUG_ANY = 0xffffffff
112 #define RUN_DPRINTF(_sc, _m, ...) do { \
113 if (run_debug & (_m)) \
114 device_printf((_sc)->sc_dev, __VA_ARGS__); \
117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
123 * Because of LOR in run_key_delete(), use atomic instead.
124 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
128 static const STRUCT_USB_HOST_ID run_devs[] = {
129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
130 #define RUN_DEV_EJECT(v,p) \
131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
133 RUN_DEV(ABOCOM, RT2770),
134 RUN_DEV(ABOCOM, RT2870),
135 RUN_DEV(ABOCOM, RT3070),
136 RUN_DEV(ABOCOM, RT3071),
137 RUN_DEV(ABOCOM, RT3072),
138 RUN_DEV(ABOCOM2, RT2870_1),
139 RUN_DEV(ACCTON, RT2770),
140 RUN_DEV(ACCTON, RT2870_1),
141 RUN_DEV(ACCTON, RT2870_2),
142 RUN_DEV(ACCTON, RT2870_3),
143 RUN_DEV(ACCTON, RT2870_4),
144 RUN_DEV(ACCTON, RT2870_5),
145 RUN_DEV(ACCTON, RT3070),
146 RUN_DEV(ACCTON, RT3070_1),
147 RUN_DEV(ACCTON, RT3070_2),
148 RUN_DEV(ACCTON, RT3070_3),
149 RUN_DEV(ACCTON, RT3070_4),
150 RUN_DEV(ACCTON, RT3070_5),
151 RUN_DEV(AIRTIES, RT3070),
152 RUN_DEV(ALLWIN, RT2070),
153 RUN_DEV(ALLWIN, RT2770),
154 RUN_DEV(ALLWIN, RT2870),
155 RUN_DEV(ALLWIN, RT3070),
156 RUN_DEV(ALLWIN, RT3071),
157 RUN_DEV(ALLWIN, RT3072),
158 RUN_DEV(ALLWIN, RT3572),
159 RUN_DEV(AMIGO, RT2870_1),
160 RUN_DEV(AMIGO, RT2870_2),
161 RUN_DEV(AMIT, CGWLUSB2GNR),
162 RUN_DEV(AMIT, RT2870_1),
163 RUN_DEV(AMIT2, RT2870),
164 RUN_DEV(ASUS, RT2870_1),
165 RUN_DEV(ASUS, RT2870_2),
166 RUN_DEV(ASUS, RT2870_3),
167 RUN_DEV(ASUS, RT2870_4),
168 RUN_DEV(ASUS, RT2870_5),
169 RUN_DEV(ASUS, USBN13),
170 RUN_DEV(ASUS, RT3070_1),
171 RUN_DEV(ASUS, USBN66),
172 RUN_DEV(ASUS, USB_N53),
173 RUN_DEV(ASUS2, USBN11),
174 RUN_DEV(AZUREWAVE, RT2870_1),
175 RUN_DEV(AZUREWAVE, RT2870_2),
176 RUN_DEV(AZUREWAVE, RT3070_1),
177 RUN_DEV(AZUREWAVE, RT3070_2),
178 RUN_DEV(AZUREWAVE, RT3070_3),
179 RUN_DEV(BELKIN, F9L1103),
180 RUN_DEV(BELKIN, F5D8053V3),
181 RUN_DEV(BELKIN, F5D8055),
182 RUN_DEV(BELKIN, F5D8055V2),
183 RUN_DEV(BELKIN, F6D4050V1),
184 RUN_DEV(BELKIN, F6D4050V2),
185 RUN_DEV(BELKIN, RT2870_1),
186 RUN_DEV(BELKIN, RT2870_2),
187 RUN_DEV(CISCOLINKSYS, AE1000),
188 RUN_DEV(CISCOLINKSYS2, RT3070),
189 RUN_DEV(CISCOLINKSYS3, RT3070),
190 RUN_DEV(CONCEPTRONIC2, RT2870_1),
191 RUN_DEV(CONCEPTRONIC2, RT2870_2),
192 RUN_DEV(CONCEPTRONIC2, RT2870_3),
193 RUN_DEV(CONCEPTRONIC2, RT2870_4),
194 RUN_DEV(CONCEPTRONIC2, RT2870_5),
195 RUN_DEV(CONCEPTRONIC2, RT2870_6),
196 RUN_DEV(CONCEPTRONIC2, RT2870_7),
197 RUN_DEV(CONCEPTRONIC2, RT2870_8),
198 RUN_DEV(CONCEPTRONIC2, RT3070_1),
199 RUN_DEV(CONCEPTRONIC2, RT3070_2),
200 RUN_DEV(CONCEPTRONIC2, VIGORN61),
201 RUN_DEV(COREGA, CGWLUSB300GNM),
202 RUN_DEV(COREGA, RT2870_1),
203 RUN_DEV(COREGA, RT2870_2),
204 RUN_DEV(COREGA, RT2870_3),
205 RUN_DEV(COREGA, RT3070),
206 RUN_DEV(CYBERTAN, RT2870),
207 RUN_DEV(DLINK, RT2870),
208 RUN_DEV(DLINK, RT3072),
209 RUN_DEV(DLINK, DWA127),
210 RUN_DEV(DLINK, DWA140B3),
211 RUN_DEV(DLINK, DWA160B2),
212 RUN_DEV(DLINK, DWA140D1),
213 RUN_DEV(DLINK, DWA162),
214 RUN_DEV(DLINK2, DWA130),
215 RUN_DEV(DLINK2, RT2870_1),
216 RUN_DEV(DLINK2, RT2870_2),
217 RUN_DEV(DLINK2, RT3070_1),
218 RUN_DEV(DLINK2, RT3070_2),
219 RUN_DEV(DLINK2, RT3070_3),
220 RUN_DEV(DLINK2, RT3070_4),
221 RUN_DEV(DLINK2, RT3070_5),
222 RUN_DEV(DLINK2, RT3072),
223 RUN_DEV(DLINK2, RT3072_1),
224 RUN_DEV(EDIMAX, EW7717),
225 RUN_DEV(EDIMAX, EW7718),
226 RUN_DEV(EDIMAX, EW7733UND),
227 RUN_DEV(EDIMAX, RT2870_1),
228 RUN_DEV(ENCORE, RT3070_1),
229 RUN_DEV(ENCORE, RT3070_2),
230 RUN_DEV(ENCORE, RT3070_3),
231 RUN_DEV(GIGABYTE, GNWB31N),
232 RUN_DEV(GIGABYTE, GNWB32L),
233 RUN_DEV(GIGABYTE, RT2870_1),
234 RUN_DEV(GIGASET, RT3070_1),
235 RUN_DEV(GIGASET, RT3070_2),
236 RUN_DEV(GUILLEMOT, HWNU300),
237 RUN_DEV(HAWKING, HWUN2),
238 RUN_DEV(HAWKING, RT2870_1),
239 RUN_DEV(HAWKING, RT2870_2),
240 RUN_DEV(HAWKING, RT3070),
241 RUN_DEV(IODATA, RT3072_1),
242 RUN_DEV(IODATA, RT3072_2),
243 RUN_DEV(IODATA, RT3072_3),
244 RUN_DEV(IODATA, RT3072_4),
245 RUN_DEV(LINKSYS4, RT3070),
246 RUN_DEV(LINKSYS4, WUSB100),
247 RUN_DEV(LINKSYS4, WUSB54GCV3),
248 RUN_DEV(LINKSYS4, WUSB600N),
249 RUN_DEV(LINKSYS4, WUSB600NV2),
250 RUN_DEV(LOGITEC, RT2870_1),
251 RUN_DEV(LOGITEC, RT2870_2),
252 RUN_DEV(LOGITEC, RT2870_3),
253 RUN_DEV(LOGITEC, LANW300NU2),
254 RUN_DEV(LOGITEC, LANW150NU2),
255 RUN_DEV(LOGITEC, LANW300NU2S),
256 RUN_DEV(MELCO, WLIUCG300HP),
257 RUN_DEV(MELCO, RT2870_2),
258 RUN_DEV(MELCO, WLIUCAG300N),
259 RUN_DEV(MELCO, WLIUCG300N),
260 RUN_DEV(MELCO, WLIUCG301N),
261 RUN_DEV(MELCO, WLIUCGN),
262 RUN_DEV(MELCO, WLIUCGNM),
263 RUN_DEV(MELCO, WLIUCG300HPV1),
264 RUN_DEV(MELCO, WLIUCGNM2),
265 RUN_DEV(MOTOROLA4, RT2770),
266 RUN_DEV(MOTOROLA4, RT3070),
267 RUN_DEV(MSI, RT3070_1),
268 RUN_DEV(MSI, RT3070_2),
269 RUN_DEV(MSI, RT3070_3),
270 RUN_DEV(MSI, RT3070_4),
271 RUN_DEV(MSI, RT3070_5),
272 RUN_DEV(MSI, RT3070_6),
273 RUN_DEV(MSI, RT3070_7),
274 RUN_DEV(MSI, RT3070_8),
275 RUN_DEV(MSI, RT3070_9),
276 RUN_DEV(MSI, RT3070_10),
277 RUN_DEV(MSI, RT3070_11),
278 RUN_DEV(NETGEAR, WNDA4100),
279 RUN_DEV(OVISLINK, RT3072),
280 RUN_DEV(PARA, RT3070),
281 RUN_DEV(PEGATRON, RT2870),
282 RUN_DEV(PEGATRON, RT3070),
283 RUN_DEV(PEGATRON, RT3070_2),
284 RUN_DEV(PEGATRON, RT3070_3),
285 RUN_DEV(PHILIPS, RT2870),
286 RUN_DEV(PLANEX2, GWUS300MINIS),
287 RUN_DEV(PLANEX2, GWUSMICRON),
288 RUN_DEV(PLANEX2, RT2870),
289 RUN_DEV(PLANEX2, RT3070),
290 RUN_DEV(QCOM, RT2870),
291 RUN_DEV(QUANTA, RT3070),
292 RUN_DEV(RALINK, RT2070),
293 RUN_DEV(RALINK, RT2770),
294 RUN_DEV(RALINK, RT2870),
295 RUN_DEV(RALINK, RT3070),
296 RUN_DEV(RALINK, RT3071),
297 RUN_DEV(RALINK, RT3072),
298 RUN_DEV(RALINK, RT3370),
299 RUN_DEV(RALINK, RT3572),
300 RUN_DEV(RALINK, RT3573),
301 RUN_DEV(RALINK, RT5370),
302 RUN_DEV(RALINK, RT5572),
303 RUN_DEV(RALINK, RT8070),
304 RUN_DEV(SAMSUNG, WIS09ABGN),
305 RUN_DEV(SAMSUNG2, RT2870_1),
306 RUN_DEV(SENAO, RT2870_1),
307 RUN_DEV(SENAO, RT2870_2),
308 RUN_DEV(SENAO, RT2870_3),
309 RUN_DEV(SENAO, RT2870_4),
310 RUN_DEV(SENAO, RT3070),
311 RUN_DEV(SENAO, RT3071),
312 RUN_DEV(SENAO, RT3072_1),
313 RUN_DEV(SENAO, RT3072_2),
314 RUN_DEV(SENAO, RT3072_3),
315 RUN_DEV(SENAO, RT3072_4),
316 RUN_DEV(SENAO, RT3072_5),
317 RUN_DEV(SITECOMEU, RT2770),
318 RUN_DEV(SITECOMEU, RT2870_1),
319 RUN_DEV(SITECOMEU, RT2870_2),
320 RUN_DEV(SITECOMEU, RT2870_3),
321 RUN_DEV(SITECOMEU, RT2870_4),
322 RUN_DEV(SITECOMEU, RT3070),
323 RUN_DEV(SITECOMEU, RT3070_2),
324 RUN_DEV(SITECOMEU, RT3070_3),
325 RUN_DEV(SITECOMEU, RT3070_4),
326 RUN_DEV(SITECOMEU, RT3071),
327 RUN_DEV(SITECOMEU, RT3072_1),
328 RUN_DEV(SITECOMEU, RT3072_2),
329 RUN_DEV(SITECOMEU, RT3072_3),
330 RUN_DEV(SITECOMEU, RT3072_4),
331 RUN_DEV(SITECOMEU, RT3072_5),
332 RUN_DEV(SITECOMEU, RT3072_6),
333 RUN_DEV(SITECOMEU, WL608),
334 RUN_DEV(SPARKLAN, RT2870_1),
335 RUN_DEV(SPARKLAN, RT3070),
336 RUN_DEV(SWEEX2, LW153),
337 RUN_DEV(SWEEX2, LW303),
338 RUN_DEV(SWEEX2, LW313),
339 RUN_DEV(TOSHIBA, RT3070),
340 RUN_DEV(UMEDIA, RT2870_1),
341 RUN_DEV(ZCOM, RT2870_1),
342 RUN_DEV(ZCOM, RT2870_2),
343 RUN_DEV(ZINWELL, RT2870_1),
344 RUN_DEV(ZINWELL, RT2870_2),
345 RUN_DEV(ZINWELL, RT3070),
346 RUN_DEV(ZINWELL, RT3072_1),
347 RUN_DEV(ZINWELL, RT3072_2),
348 RUN_DEV(ZYXEL, RT2870_1),
349 RUN_DEV(ZYXEL, RT2870_2),
350 RUN_DEV(ZYXEL, RT3070),
351 RUN_DEV_EJECT(ZYXEL, NWD2705),
352 RUN_DEV_EJECT(RALINK, RT_STOR),
357 static device_probe_t run_match;
358 static device_attach_t run_attach;
359 static device_detach_t run_detach;
361 static usb_callback_t run_bulk_rx_callback;
362 static usb_callback_t run_bulk_tx_callback0;
363 static usb_callback_t run_bulk_tx_callback1;
364 static usb_callback_t run_bulk_tx_callback2;
365 static usb_callback_t run_bulk_tx_callback3;
366 static usb_callback_t run_bulk_tx_callback4;
367 static usb_callback_t run_bulk_tx_callback5;
369 static void run_autoinst(void *, struct usb_device *,
370 struct usb_attach_arg *);
371 static int run_driver_loaded(struct module *, int, void *);
372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
373 usb_error_t error, u_int index);
374 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
376 const uint8_t [IEEE80211_ADDR_LEN],
377 const uint8_t [IEEE80211_ADDR_LEN]);
378 static void run_vap_delete(struct ieee80211vap *);
379 static void run_cmdq_cb(void *, int);
380 static void run_setup_tx_list(struct run_softc *,
381 struct run_endpoint_queue *);
382 static void run_unsetup_tx_list(struct run_softc *,
383 struct run_endpoint_queue *);
384 static int run_load_microcode(struct run_softc *);
385 static int run_reset(struct run_softc *);
386 static usb_error_t run_do_request(struct run_softc *,
387 struct usb_device_request *, void *);
388 static int run_read(struct run_softc *, uint16_t, uint32_t *);
389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
390 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
391 static int run_write(struct run_softc *, uint16_t, uint32_t);
392 static int run_write_region_1(struct run_softc *, uint16_t,
393 const uint8_t *, int);
394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
398 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
404 static const char *run_get_rf(uint16_t);
405 static void run_rt3593_get_txpower(struct run_softc *);
406 static void run_get_txpower(struct run_softc *);
407 static int run_read_eeprom(struct run_softc *);
408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
409 const uint8_t mac[IEEE80211_ADDR_LEN]);
410 static int run_media_change(struct ifnet *);
411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
412 static int run_wme_update(struct ieee80211com *);
413 static void run_key_set_cb(void *);
414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
415 static void run_key_delete_cb(void *);
416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
417 static void run_ratectl_to(void *);
418 static void run_ratectl_cb(void *, int);
419 static void run_drain_fifo(void *);
420 static void run_iter_func(void *, struct ieee80211_node *);
421 static void run_newassoc_cb(void *);
422 static void run_newassoc(struct ieee80211_node *, int);
423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
424 const struct ieee80211_rx_stats *, int, int);
425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
426 static void run_tx_free(struct run_endpoint_queue *pq,
427 struct run_tx_data *, int);
428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
429 static int run_tx(struct run_softc *, struct mbuf *,
430 struct ieee80211_node *);
431 static int run_tx_mgt(struct run_softc *, struct mbuf *,
432 struct ieee80211_node *);
433 static int run_sendprot(struct run_softc *, const struct mbuf *,
434 struct ieee80211_node *, int, int);
435 static int run_tx_param(struct run_softc *, struct mbuf *,
436 struct ieee80211_node *,
437 const struct ieee80211_bpf_params *);
438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
439 const struct ieee80211_bpf_params *);
440 static int run_transmit(struct ieee80211com *, struct mbuf *);
441 static void run_start(struct run_softc *);
442 static void run_parent(struct ieee80211com *);
443 static void run_iq_calib(struct run_softc *, u_int);
444 static void run_set_agc(struct run_softc *, uint8_t);
445 static void run_select_chan_group(struct run_softc *, int);
446 static void run_set_rx_antenna(struct run_softc *, int);
447 static void run_rt2870_set_chan(struct run_softc *, u_int);
448 static void run_rt3070_set_chan(struct run_softc *, u_int);
449 static void run_rt3572_set_chan(struct run_softc *, u_int);
450 static void run_rt3593_set_chan(struct run_softc *, u_int);
451 static void run_rt5390_set_chan(struct run_softc *, u_int);
452 static void run_rt5592_set_chan(struct run_softc *, u_int);
453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
454 static void run_set_channel(struct ieee80211com *);
455 static void run_getradiocaps(struct ieee80211com *, int, int *,
456 struct ieee80211_channel[]);
457 static void run_scan_start(struct ieee80211com *);
458 static void run_scan_end(struct ieee80211com *);
459 static void run_update_beacon(struct ieee80211vap *, int);
460 static void run_update_beacon_cb(void *);
461 static void run_updateprot(struct ieee80211com *);
462 static void run_updateprot_cb(void *);
463 static void run_usb_timeout_cb(void *);
464 static void run_reset_livelock(struct run_softc *);
465 static void run_enable_tsf_sync(struct run_softc *);
466 static void run_enable_tsf(struct run_softc *);
467 static void run_get_tsf(struct run_softc *, uint64_t *);
468 static void run_enable_mrr(struct run_softc *);
469 static void run_set_txpreamble(struct run_softc *);
470 static void run_set_basicrates(struct run_softc *);
471 static void run_set_leds(struct run_softc *, uint16_t);
472 static void run_set_bssid(struct run_softc *, const uint8_t *);
473 static void run_set_macaddr(struct run_softc *, const uint8_t *);
474 static void run_updateslot(struct ieee80211com *);
475 static void run_updateslot_cb(void *);
476 static void run_update_mcast(struct ieee80211com *);
477 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
478 static void run_update_promisc_locked(struct run_softc *);
479 static void run_update_promisc(struct ieee80211com *);
480 static void run_rt5390_bbp_init(struct run_softc *);
481 static int run_bbp_init(struct run_softc *);
482 static int run_rt3070_rf_init(struct run_softc *);
483 static void run_rt3593_rf_init(struct run_softc *);
484 static void run_rt5390_rf_init(struct run_softc *);
485 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
487 static void run_rt3070_rf_setup(struct run_softc *);
488 static void run_rt3593_rf_setup(struct run_softc *);
489 static void run_rt5390_rf_setup(struct run_softc *);
490 static int run_txrx_enable(struct run_softc *);
491 static void run_adjust_freq_offset(struct run_softc *);
492 static void run_init_locked(struct run_softc *);
493 static void run_stop(void *);
494 static void run_delay(struct run_softc *, u_int);
496 static eventhandler_tag run_etag;
498 static const struct rt2860_rate {
501 enum ieee80211_phytype phy;
506 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
507 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
508 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
509 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
510 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
511 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
512 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
513 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
514 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
515 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
516 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
517 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
520 static const struct {
523 } rt2870_def_mac[] = {
527 static const struct {
530 } rt2860_def_bbp[] = {
532 },rt5390_def_bbp[] = {
534 },rt5592_def_bbp[] = {
539 * Default values for BBP register R196 for RT5592.
541 static const uint8_t rt5592_bbp_r196[] = {
542 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
543 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
544 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
545 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
546 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
547 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
549 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
550 0x2e, 0x36, 0x30, 0x6e
553 static const struct rfprog {
555 uint32_t r1, r2, r3, r4;
556 } rt2860_rf2850[] = {
566 static const struct rt5592_freqs {
569 } rt5592_freqs_20mhz[] = {
571 },rt5592_freqs_40mhz[] = {
575 static const struct {
578 } rt3070_def_rf[] = {
580 },rt3572_def_rf[] = {
582 },rt3593_def_rf[] = {
584 },rt5390_def_rf[] = {
586 },rt5392_def_rf[] = {
588 },rt5592_def_rf[] = {
590 },rt5592_2ghz_def_rf[] = {
592 },rt5592_5ghz_def_rf[] = {
596 static const struct {
601 } rt5592_chan_5ghz[] = {
605 static const struct usb_config run_config[RUN_N_XFER] = {
608 .endpoint = UE_ADDR_ANY,
610 .direction = UE_DIR_OUT,
611 .bufsize = RUN_MAX_TXSZ,
612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
613 .callback = run_bulk_tx_callback0,
614 .timeout = 5000, /* ms */
618 .endpoint = UE_ADDR_ANY,
619 .direction = UE_DIR_OUT,
621 .bufsize = RUN_MAX_TXSZ,
622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
623 .callback = run_bulk_tx_callback1,
624 .timeout = 5000, /* ms */
628 .endpoint = UE_ADDR_ANY,
629 .direction = UE_DIR_OUT,
631 .bufsize = RUN_MAX_TXSZ,
632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
633 .callback = run_bulk_tx_callback2,
634 .timeout = 5000, /* ms */
638 .endpoint = UE_ADDR_ANY,
639 .direction = UE_DIR_OUT,
641 .bufsize = RUN_MAX_TXSZ,
642 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
643 .callback = run_bulk_tx_callback3,
644 .timeout = 5000, /* ms */
646 [RUN_BULK_TX_HCCA] = {
648 .endpoint = UE_ADDR_ANY,
649 .direction = UE_DIR_OUT,
651 .bufsize = RUN_MAX_TXSZ,
652 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
653 .callback = run_bulk_tx_callback4,
654 .timeout = 5000, /* ms */
656 [RUN_BULK_TX_PRIO] = {
658 .endpoint = UE_ADDR_ANY,
659 .direction = UE_DIR_OUT,
661 .bufsize = RUN_MAX_TXSZ,
662 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
663 .callback = run_bulk_tx_callback5,
664 .timeout = 5000, /* ms */
668 .endpoint = UE_ADDR_ANY,
669 .direction = UE_DIR_IN,
670 .bufsize = RUN_MAX_RXSZ,
671 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
672 .callback = run_bulk_rx_callback,
677 run_autoinst(void *arg, struct usb_device *udev,
678 struct usb_attach_arg *uaa)
680 struct usb_interface *iface;
681 struct usb_interface_descriptor *id;
683 if (uaa->dev_state != UAA_DEV_READY)
686 iface = usbd_get_iface(udev, 0);
690 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
692 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
695 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
696 uaa->dev_state = UAA_DEV_EJECTING;
700 run_driver_loaded(struct module *mod, int what, void *arg)
704 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
705 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
708 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
717 run_match(device_t self)
719 struct usb_attach_arg *uaa = device_get_ivars(self);
721 if (uaa->usb_mode != USB_MODE_HOST)
723 if (uaa->info.bConfigIndex != 0)
725 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
728 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
732 run_attach(device_t self)
734 struct run_softc *sc = device_get_softc(self);
735 struct usb_attach_arg *uaa = device_get_ivars(self);
736 struct ieee80211com *ic = &sc->sc_ic;
741 device_set_usb_desc(self);
742 sc->sc_udev = uaa->device;
744 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
745 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
747 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
748 MTX_NETWORK_LOCK, MTX_DEF);
749 mbufq_init(&sc->sc_snd, ifqmaxlen);
751 iface_index = RT2860_IFACE_INDEX;
753 error = usbd_transfer_setup(uaa->device, &iface_index,
754 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
756 device_printf(self, "could not allocate USB transfers, "
757 "err=%s\n", usbd_errstr(error));
763 /* wait for the chip to settle */
764 for (ntries = 0; ntries < 100; ntries++) {
765 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
769 if (ver != 0 && ver != 0xffffffff)
774 device_printf(sc->sc_dev,
775 "timeout waiting for NIC to initialize\n");
779 sc->mac_ver = ver >> 16;
780 sc->mac_rev = ver & 0xffff;
782 /* retrieve RF rev. no and various other things from EEPROM */
785 device_printf(sc->sc_dev,
786 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
787 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
788 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
793 ic->ic_name = device_get_nameunit(self);
794 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
795 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
797 /* set device capabilities */
799 IEEE80211_C_STA | /* station mode supported */
800 IEEE80211_C_MONITOR | /* monitor mode supported */
803 IEEE80211_C_WDS | /* 4-address traffic works */
805 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
806 IEEE80211_C_SHSLOT | /* short slot time supported */
807 IEEE80211_C_WME | /* WME */
808 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
811 IEEE80211_CRYPTO_WEP |
812 IEEE80211_CRYPTO_AES_CCM |
813 IEEE80211_CRYPTO_TKIPMIC |
814 IEEE80211_CRYPTO_TKIP;
816 ic->ic_flags |= IEEE80211_F_DATAPAD;
817 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
819 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
822 ieee80211_ifattach(ic);
824 ic->ic_scan_start = run_scan_start;
825 ic->ic_scan_end = run_scan_end;
826 ic->ic_set_channel = run_set_channel;
827 ic->ic_getradiocaps = run_getradiocaps;
828 ic->ic_node_alloc = run_node_alloc;
829 ic->ic_newassoc = run_newassoc;
830 ic->ic_updateslot = run_updateslot;
831 ic->ic_update_mcast = run_update_mcast;
832 ic->ic_wme.wme_update = run_wme_update;
833 ic->ic_raw_xmit = run_raw_xmit;
834 ic->ic_update_promisc = run_update_promisc;
835 ic->ic_vap_create = run_vap_create;
836 ic->ic_vap_delete = run_vap_delete;
837 ic->ic_transmit = run_transmit;
838 ic->ic_parent = run_parent;
840 ieee80211_radiotap_attach(ic,
841 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
842 RUN_TX_RADIOTAP_PRESENT,
843 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
844 RUN_RX_RADIOTAP_PRESENT);
846 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
847 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
848 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
851 ieee80211_announce(ic);
861 run_drain_mbufq(struct run_softc *sc)
864 struct ieee80211_node *ni;
866 RUN_LOCK_ASSERT(sc, MA_OWNED);
867 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
868 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
869 m->m_pkthdr.rcvif = NULL;
870 ieee80211_free_node(ni);
876 run_detach(device_t self)
878 struct run_softc *sc = device_get_softc(self);
879 struct ieee80211com *ic = &sc->sc_ic;
886 /* stop all USB transfers */
887 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
890 sc->ratectl_run = RUN_RATECTL_OFF;
891 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
893 /* free TX list, if any */
894 for (i = 0; i != RUN_EP_QUEUES; i++)
895 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
901 if (sc->sc_ic.ic_softc == sc) {
903 usb_callout_drain(&sc->ratectl_ch);
904 ieee80211_draintask(ic, &sc->cmdq_task);
905 ieee80211_draintask(ic, &sc->ratectl_task);
906 ieee80211_ifdetach(ic);
909 mtx_destroy(&sc->sc_mtx);
914 static struct ieee80211vap *
915 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
916 enum ieee80211_opmode opmode, int flags,
917 const uint8_t bssid[IEEE80211_ADDR_LEN],
918 const uint8_t mac[IEEE80211_ADDR_LEN])
920 struct run_softc *sc = ic->ic_softc;
922 struct ieee80211vap *vap;
925 if (sc->rvp_cnt >= RUN_VAP_MAX) {
926 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
931 case IEEE80211_M_STA:
932 /* enable s/w bmiss handling for sta mode */
933 flags |= IEEE80211_CLONE_NOBEACONS;
935 case IEEE80211_M_IBSS:
936 case IEEE80211_M_MONITOR:
937 case IEEE80211_M_HOSTAP:
938 case IEEE80211_M_MBSS:
939 /* other than WDS vaps, only one at a time */
940 if (!TAILQ_EMPTY(&ic->ic_vaps))
943 case IEEE80211_M_WDS:
944 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
945 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
947 /* WDS vap's always share the local mac address. */
948 flags &= ~IEEE80211_CLONE_BSSID;
952 device_printf(sc->sc_dev,
953 "wds only supported in ap mode\n");
958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
962 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
965 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
968 free(rvp, M_80211_VAP);
972 vap->iv_update_beacon = run_update_beacon;
973 vap->iv_max_aid = RT2870_WCID_MAX;
975 * To delete the right key from h/w, we need wcid.
976 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
977 * and matching wcid will be written into there. So, cast
978 * some spells to remove 'const' from ieee80211_key{}
980 vap->iv_key_delete = (void *)run_key_delete;
981 vap->iv_key_set = (void *)run_key_set;
983 /* override state transition machine */
984 rvp->newstate = vap->iv_newstate;
985 vap->iv_newstate = run_newstate;
986 if (opmode == IEEE80211_M_IBSS) {
987 rvp->recv_mgmt = vap->iv_recv_mgmt;
988 vap->iv_recv_mgmt = run_recv_mgmt;
991 ieee80211_ratectl_init(vap);
992 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
995 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
998 /* make sure id is always unique */
999 for (i = 0; i < RUN_VAP_MAX; i++) {
1000 if((sc->rvp_bmap & 1 << i) == 0){
1001 sc->rvp_bmap |= 1 << i;
1006 if (sc->rvp_cnt++ == 0)
1007 ic->ic_opmode = opmode;
1009 if (opmode == IEEE80211_M_HOSTAP)
1010 sc->cmdq_run = RUN_CMDQ_GO;
1012 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1013 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1019 run_vap_delete(struct ieee80211vap *vap)
1021 struct run_vap *rvp = RUN_VAP(vap);
1022 struct ieee80211com *ic;
1023 struct run_softc *sc;
1034 m_freem(rvp->beacon_mbuf);
1035 rvp->beacon_mbuf = NULL;
1037 rvp_id = rvp->rvp_id;
1038 sc->ratectl_run &= ~(1 << rvp_id);
1039 sc->rvp_bmap &= ~(1 << rvp_id);
1040 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1041 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1044 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1045 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1046 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1050 ieee80211_ratectl_deinit(vap);
1051 ieee80211_vap_detach(vap);
1052 free(rvp, M_80211_VAP);
1056 * There are numbers of functions need to be called in context thread.
1057 * Rather than creating taskqueue event for each of those functions,
1058 * here is all-for-one taskqueue callback function. This function
1059 * guarantees deferred functions are executed in the same order they
1061 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1064 run_cmdq_cb(void *arg, int pending)
1066 struct run_softc *sc = arg;
1069 /* call cmdq[].func locked */
1071 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1072 i = sc->cmdq_exec, pending--) {
1073 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1075 if (sc->cmdq_run == RUN_CMDQ_GO) {
1077 * If arg0 is NULL, callback func needs more
1078 * than one arg. So, pass ptr to cmdq struct.
1080 if (sc->cmdq[i].arg0)
1081 sc->cmdq[i].func(sc->cmdq[i].arg0);
1083 sc->cmdq[i].func(&sc->cmdq[i]);
1085 sc->cmdq[i].arg0 = NULL;
1086 sc->cmdq[i].func = NULL;
1088 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1094 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1096 struct run_tx_data *data;
1098 memset(pq, 0, sizeof(*pq));
1100 STAILQ_INIT(&pq->tx_qh);
1101 STAILQ_INIT(&pq->tx_fh);
1103 for (data = &pq->tx_data[0];
1104 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1106 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1108 pq->tx_nfree = RUN_TX_RING_COUNT;
1112 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1114 struct run_tx_data *data;
1116 /* make sure any subsequent use of the queues will fail */
1118 STAILQ_INIT(&pq->tx_fh);
1119 STAILQ_INIT(&pq->tx_qh);
1121 /* free up all node references and mbufs */
1122 for (data = &pq->tx_data[0];
1123 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1124 if (data->m != NULL) {
1128 if (data->ni != NULL) {
1129 ieee80211_free_node(data->ni);
1136 run_load_microcode(struct run_softc *sc)
1138 usb_device_request_t req;
1139 const struct firmware *fw;
1143 const uint64_t *temp;
1147 fw = firmware_get("runfw");
1150 device_printf(sc->sc_dev,
1151 "failed loadfirmware of file %s\n", "runfw");
1155 if (fw->datasize != 8192) {
1156 device_printf(sc->sc_dev,
1157 "invalid firmware size (should be 8KB)\n");
1163 * RT3071/RT3072 use a different firmware
1164 * run-rt2870 (8KB) contains both,
1165 * first half (4KB) is for rt2870,
1166 * last half is for rt3071.
1169 if ((sc->mac_ver) != 0x2860 &&
1170 (sc->mac_ver) != 0x2872 &&
1171 (sc->mac_ver) != 0x3070) {
1175 /* cheap sanity check */
1178 if (bytes != be64toh(0xffffff0210280210ULL)) {
1179 device_printf(sc->sc_dev, "firmware checksum failed\n");
1184 /* write microcode image */
1185 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1186 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1187 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1188 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1192 req.bRequest = RT2870_RESET;
1193 USETW(req.wValue, 8);
1194 USETW(req.wIndex, 0);
1195 USETW(req.wLength, 0);
1196 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1198 device_printf(sc->sc_dev, "firmware reset failed\n");
1204 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1205 run_write(sc, RT2860_H2M_MAILBOX, 0);
1206 run_write(sc, RT2860_H2M_INTSRC, 0);
1207 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1210 /* wait until microcontroller is ready */
1211 for (ntries = 0; ntries < 1000; ntries++) {
1212 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1214 if (tmp & RT2860_MCU_READY)
1218 if (ntries == 1000) {
1219 device_printf(sc->sc_dev,
1220 "timeout waiting for MCU to initialize\n");
1224 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1225 (base == fw->data) ? "RT2870" : "RT3071",
1226 *(base + 4092), *(base + 4093));
1229 firmware_put(fw, FIRMWARE_UNLOAD);
1234 run_reset(struct run_softc *sc)
1236 usb_device_request_t req;
1238 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1239 req.bRequest = RT2870_RESET;
1240 USETW(req.wValue, 1);
1241 USETW(req.wIndex, 0);
1242 USETW(req.wLength, 0);
1243 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1247 run_do_request(struct run_softc *sc,
1248 struct usb_device_request *req, void *data)
1253 RUN_LOCK_ASSERT(sc, MA_OWNED);
1256 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1257 req, data, 0, NULL, 250 /* ms */);
1260 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1261 "Control request failed, %s (retrying)\n",
1269 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1274 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1276 *val = le32toh(tmp);
1283 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1285 usb_device_request_t req;
1287 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1288 req.bRequest = RT2870_READ_REGION_1;
1289 USETW(req.wValue, 0);
1290 USETW(req.wIndex, reg);
1291 USETW(req.wLength, len);
1293 return (run_do_request(sc, &req, buf));
1297 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1299 usb_device_request_t req;
1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1302 req.bRequest = RT2870_WRITE_2;
1303 USETW(req.wValue, val);
1304 USETW(req.wIndex, reg);
1305 USETW(req.wLength, 0);
1307 return (run_do_request(sc, &req, NULL));
1311 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1315 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1316 error = run_write_2(sc, reg + 2, val >> 16);
1321 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1327 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1328 * We thus issue multiple WRITE_2 commands instead.
1330 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1331 for (i = 0; i < len && error == 0; i += 2)
1332 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1335 usb_device_request_t req;
1339 * NOTE: It appears the WRITE_REGION_1 command cannot be
1340 * passed a huge amount of data, which will crash the
1341 * firmware. Limit amount of data passed to 64-bytes at a
1349 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1350 req.bRequest = RT2870_WRITE_REGION_1;
1351 USETW(req.wValue, 0);
1352 USETW(req.wIndex, reg);
1353 USETW(req.wLength, delta);
1354 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1366 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1370 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1371 for (i = 0; i < len && error == 0; i += 4)
1372 error = run_write(sc, reg + i, val);
1377 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1383 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1389 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1395 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1396 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1397 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1398 for (ntries = 0; ntries < 100; ntries++) {
1399 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1401 if (!(tmp & RT3070_EFSROM_KICK))
1408 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1409 *val = 0xffff; /* address not found */
1412 /* determine to which 32-bit register our 16-bit word belongs */
1413 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1414 if ((error = run_read(sc, reg, &tmp)) != 0)
1417 tmp >>= (8 * (addr & 0x3));
1418 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1423 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1425 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427 return (run_efuse_read(sc, addr, val, 2));
1431 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1433 usb_device_request_t req;
1438 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1439 req.bRequest = RT2870_EEPROM_READ;
1440 USETW(req.wValue, 0);
1441 USETW(req.wIndex, addr);
1442 USETW(req.wLength, sizeof(tmp));
1444 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1446 *val = le16toh(tmp);
1453 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1455 /* either eFUSE ROM or EEPROM */
1456 return sc->sc_srom_read(sc, addr, val);
1460 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1465 for (ntries = 0; ntries < 10; ntries++) {
1466 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1468 if (!(tmp & RT2860_RF_REG_CTRL))
1474 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1478 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1483 for (ntries = 0; ntries < 100; ntries++) {
1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1486 if (!(tmp & RT3070_RF_KICK))
1492 tmp = RT3070_RF_KICK | reg << 8;
1493 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1496 for (ntries = 0; ntries < 100; ntries++) {
1497 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1499 if (!(tmp & RT3070_RF_KICK))
1510 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1515 for (ntries = 0; ntries < 10; ntries++) {
1516 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1518 if (!(tmp & RT3070_RF_KICK))
1524 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1525 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1529 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1534 for (ntries = 0; ntries < 10; ntries++) {
1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1537 if (!(tmp & RT2860_BBP_CSR_KICK))
1543 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1544 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1547 for (ntries = 0; ntries < 10; ntries++) {
1548 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1550 if (!(tmp & RT2860_BBP_CSR_KICK))
1561 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1566 for (ntries = 0; ntries < 10; ntries++) {
1567 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1569 if (!(tmp & RT2860_BBP_CSR_KICK))
1575 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1576 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1580 * Send a command to the 8051 microcontroller unit.
1583 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1588 for (ntries = 0; ntries < 100; ntries++) {
1589 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1591 if (!(tmp & RT2860_H2M_BUSY))
1597 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1598 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1599 error = run_write(sc, RT2860_HOST_CMD, cmd);
1604 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1605 * Used to adjust per-rate Tx power registers.
1607 static __inline uint32_t
1608 b4inc(uint32_t b32, int8_t delta)
1612 for (i = 0; i < 8; i++) {
1619 b32 = b32 >> 4 | b4 << 28;
1625 run_get_rf(uint16_t rev)
1628 case RT2860_RF_2820: return "RT2820";
1629 case RT2860_RF_2850: return "RT2850";
1630 case RT2860_RF_2720: return "RT2720";
1631 case RT2860_RF_2750: return "RT2750";
1632 case RT3070_RF_3020: return "RT3020";
1633 case RT3070_RF_2020: return "RT2020";
1634 case RT3070_RF_3021: return "RT3021";
1635 case RT3070_RF_3022: return "RT3022";
1636 case RT3070_RF_3052: return "RT3052";
1637 case RT3593_RF_3053: return "RT3053";
1638 case RT5592_RF_5592: return "RT5592";
1639 case RT5390_RF_5370: return "RT5370";
1640 case RT5390_RF_5372: return "RT5372";
1646 run_rt3593_get_txpower(struct run_softc *sc)
1651 /* Read power settings for 2GHz channels. */
1652 for (i = 0; i < 14; i += 2) {
1653 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1654 RT2860_EEPROM_PWR2GHZ_BASE1;
1655 run_srom_read(sc, addr + i / 2, &val);
1656 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1657 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1659 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1660 RT2860_EEPROM_PWR2GHZ_BASE2;
1661 run_srom_read(sc, addr + i / 2, &val);
1662 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1663 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1665 if (sc->ntxchains == 3) {
1666 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1668 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1669 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1672 /* Fix broken Tx power entries. */
1673 for (i = 0; i < 14; i++) {
1674 if (sc->txpow1[i] > 31)
1676 if (sc->txpow2[i] > 31)
1678 if (sc->ntxchains == 3) {
1679 if (sc->txpow3[i] > 31)
1683 /* Read power settings for 5GHz channels. */
1684 for (i = 0; i < 40; i += 2) {
1685 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1686 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1687 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1690 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1691 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1693 if (sc->ntxchains == 3) {
1694 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1696 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1697 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1703 run_get_txpower(struct run_softc *sc)
1708 /* Read power settings for 2GHz channels. */
1709 for (i = 0; i < 14; i += 2) {
1710 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1711 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1712 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1714 if (sc->mac_ver != 0x5390) {
1716 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1717 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1718 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1721 /* Fix broken Tx power entries. */
1722 for (i = 0; i < 14; i++) {
1723 if (sc->mac_ver >= 0x5390) {
1724 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1730 if (sc->mac_ver > 0x5390) {
1731 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1733 } else if (sc->mac_ver < 0x5390) {
1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1737 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1738 "chan %d: power1=%d, power2=%d\n",
1739 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1741 /* Read power settings for 5GHz channels. */
1742 for (i = 0; i < 40; i += 2) {
1743 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1744 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1745 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1748 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1749 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1751 /* Fix broken Tx power entries. */
1752 for (i = 0; i < 40; i++ ) {
1753 if (sc->mac_ver != 0x5592) {
1754 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1755 sc->txpow1[14 + i] = 5;
1756 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1757 sc->txpow2[14 + i] = 5;
1759 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1760 "chan %d: power1=%d, power2=%d\n",
1761 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1762 sc->txpow2[14 + i]);
1767 run_read_eeprom(struct run_softc *sc)
1769 struct ieee80211com *ic = &sc->sc_ic;
1770 int8_t delta_2ghz, delta_5ghz;
1775 /* check whether the ROM is eFUSE ROM or EEPROM */
1776 sc->sc_srom_read = run_eeprom_read_2;
1777 if (sc->mac_ver >= 0x3070) {
1778 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1779 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1780 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1781 sc->sc_srom_read = run_efuse_read_2;
1784 /* read ROM version */
1785 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1786 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1787 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1789 /* read MAC address */
1790 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1791 ic->ic_macaddr[0] = val & 0xff;
1792 ic->ic_macaddr[1] = val >> 8;
1793 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1794 ic->ic_macaddr[2] = val & 0xff;
1795 ic->ic_macaddr[3] = val >> 8;
1796 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1797 ic->ic_macaddr[4] = val & 0xff;
1798 ic->ic_macaddr[5] = val >> 8;
1800 if (sc->mac_ver < 0x3593) {
1801 /* read vender BBP settings */
1802 for (i = 0; i < 10; i++) {
1803 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1804 sc->bbp[i].val = val & 0xff;
1805 sc->bbp[i].reg = val >> 8;
1806 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1807 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1809 if (sc->mac_ver >= 0x3071) {
1810 /* read vendor RF settings */
1811 for (i = 0; i < 10; i++) {
1812 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1814 sc->rf[i].val = val & 0xff;
1815 sc->rf[i].reg = val >> 8;
1816 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1817 sc->rf[i].reg, sc->rf[i].val);
1822 /* read RF frequency offset from EEPROM */
1823 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1824 RT3593_EEPROM_FREQ, &val);
1825 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1826 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1829 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1830 RT3593_EEPROM_FREQ_LEDS, &val);
1831 if (val >> 8 != 0xff) {
1832 /* read LEDs operating mode */
1833 sc->leds = val >> 8;
1834 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1835 RT3593_EEPROM_LED1, &sc->led[0]);
1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1837 RT3593_EEPROM_LED2, &sc->led[1]);
1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1839 RT3593_EEPROM_LED3, &sc->led[2]);
1841 /* broken EEPROM, use default settings */
1843 sc->led[0] = 0x5555;
1844 sc->led[1] = 0x2221;
1845 sc->led[2] = 0x5627; /* differs from RT2860 */
1847 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1848 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1849 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1851 /* read RF information */
1852 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1853 run_srom_read(sc, 0x00, &val);
1855 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1857 if (val == 0xffff) {
1858 device_printf(sc->sc_dev,
1859 "invalid EEPROM antenna info, using default\n");
1860 if (sc->mac_ver == 0x3572) {
1861 /* default to RF3052 2T2R */
1862 sc->rf_rev = RT3070_RF_3052;
1865 } else if (sc->mac_ver >= 0x3070) {
1866 /* default to RF3020 1T1R */
1867 sc->rf_rev = RT3070_RF_3020;
1871 /* default to RF2820 1T2R */
1872 sc->rf_rev = RT2860_RF_2820;
1877 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1879 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1881 sc->rf_rev = (val >> 8) & 0xf;
1882 sc->ntxchains = (val >> 4) & 0xf;
1883 sc->nrxchains = val & 0xf;
1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1886 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1888 /* check if RF supports automatic Tx access gain control */
1889 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1890 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1891 /* check if driver should patch the DAC issue */
1892 if ((val >> 8) != 0xff)
1893 sc->patch_dac = (val >> 15) & 1;
1894 if ((val & 0xff) != 0xff) {
1895 sc->ext_5ghz_lna = (val >> 3) & 1;
1896 sc->ext_2ghz_lna = (val >> 2) & 1;
1897 /* check if RF supports automatic Tx access gain control */
1898 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1899 /* check if we have a hardware radio switch */
1900 sc->rfswitch = val & 1;
1903 /* Read Tx power settings. */
1904 if (sc->mac_ver == 0x3593)
1905 run_rt3593_get_txpower(sc);
1907 run_get_txpower(sc);
1909 /* read Tx power compensation for each Tx rate */
1910 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1911 delta_2ghz = delta_5ghz = 0;
1912 if ((val & 0xff) != 0xff && (val & 0x80)) {
1913 delta_2ghz = val & 0xf;
1914 if (!(val & 0x40)) /* negative number */
1915 delta_2ghz = -delta_2ghz;
1918 if ((val & 0xff) != 0xff && (val & 0x80)) {
1919 delta_5ghz = val & 0xf;
1920 if (!(val & 0x40)) /* negative number */
1921 delta_5ghz = -delta_5ghz;
1923 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1924 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
1926 for (ridx = 0; ridx < 5; ridx++) {
1929 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1932 reg |= (uint32_t)val << 16;
1934 sc->txpow20mhz[ridx] = reg;
1935 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1936 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1938 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1939 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1940 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1941 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1944 /* Read RSSI offsets and LNA gains from EEPROM. */
1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1946 RT3593_EEPROM_RSSI1_2GHZ, &val);
1947 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1948 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1950 RT3593_EEPROM_RSSI2_2GHZ, &val);
1951 if (sc->mac_ver >= 0x3070) {
1952 if (sc->mac_ver == 0x3593) {
1953 sc->txmixgain_2ghz = 0;
1954 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1957 * On RT3070 chips (limited to 2 Rx chains), this ROM
1958 * field contains the Tx mixer gain for the 2GHz band.
1960 if ((val & 0xff) != 0xff)
1961 sc->txmixgain_2ghz = val & 0x7;
1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
1964 sc->txmixgain_2ghz);
1966 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1967 if (sc->mac_ver == 0x3593)
1968 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1969 sc->lna[2] = val >> 8; /* channel group 2 */
1971 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1972 RT3593_EEPROM_RSSI1_5GHZ, &val);
1973 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1974 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1976 RT3593_EEPROM_RSSI2_5GHZ, &val);
1977 if (sc->mac_ver == 0x3572) {
1979 * On RT3572 chips (limited to 2 Rx chains), this ROM
1980 * field contains the Tx mixer gain for the 5GHz band.
1982 if ((val & 0xff) != 0xff)
1983 sc->txmixgain_5ghz = val & 0x7;
1984 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
1985 sc->txmixgain_5ghz);
1987 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1988 if (sc->mac_ver == 0x3593) {
1989 sc->txmixgain_5ghz = 0;
1990 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1992 sc->lna[3] = val >> 8; /* channel group 3 */
1994 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1995 RT3593_EEPROM_LNA, &val);
1996 sc->lna[0] = val & 0xff; /* channel group 0 */
1997 sc->lna[1] = val >> 8; /* channel group 1 */
1999 /* fix broken 5GHz LNA entries */
2000 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2001 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2002 "invalid LNA for channel group %d\n", 2);
2003 sc->lna[2] = sc->lna[1];
2005 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2007 "invalid LNA for channel group %d\n", 3);
2008 sc->lna[3] = sc->lna[1];
2011 /* fix broken RSSI offset entries */
2012 for (ant = 0; ant < 3; ant++) {
2013 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2014 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2015 "invalid RSSI%d offset: %d (2GHz)\n",
2016 ant + 1, sc->rssi_2ghz[ant]);
2017 sc->rssi_2ghz[ant] = 0;
2019 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2021 "invalid RSSI%d offset: %d (5GHz)\n",
2022 ant + 1, sc->rssi_5ghz[ant]);
2023 sc->rssi_5ghz[ant] = 0;
2029 static struct ieee80211_node *
2030 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2032 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
2036 run_media_change(struct ifnet *ifp)
2038 struct ieee80211vap *vap = ifp->if_softc;
2039 struct ieee80211com *ic = vap->iv_ic;
2040 const struct ieee80211_txparam *tp;
2041 struct run_softc *sc = ic->ic_softc;
2047 error = ieee80211_media_change(ifp);
2048 if (error != ENETRESET) {
2053 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2054 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2055 struct ieee80211_node *ni;
2056 struct run_node *rn;
2058 rate = ic->ic_sup_rates[ic->ic_curmode].
2059 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2060 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2061 if (rt2860_rates[ridx].rate == rate)
2063 ni = ieee80211_ref_node(vap->iv_bss);
2065 rn->fix_ridx = ridx;
2066 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2067 rate, rn->fix_ridx);
2068 ieee80211_free_node(ni);
2072 if ((ifp->if_flags & IFF_UP) &&
2073 (ifp->if_drv_flags & RUN_RUNNING)){
2074 run_init_locked(sc);
2084 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2086 const struct ieee80211_txparam *tp;
2087 struct ieee80211com *ic = vap->iv_ic;
2088 struct run_softc *sc = ic->ic_softc;
2089 struct run_vap *rvp = RUN_VAP(vap);
2090 enum ieee80211_state ostate;
2094 uint8_t restart_ratectl = 0;
2095 uint8_t bid = 1 << rvp->rvp_id;
2097 ostate = vap->iv_state;
2098 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2099 ieee80211_state_name[ostate],
2100 ieee80211_state_name[nstate]);
2102 IEEE80211_UNLOCK(ic);
2105 ratectl = sc->ratectl_run; /* remember current state */
2106 sc->ratectl_run = RUN_RATECTL_OFF;
2107 usb_callout_stop(&sc->ratectl_ch);
2109 if (ostate == IEEE80211_S_RUN) {
2110 /* turn link LED off */
2111 run_set_leds(sc, RT2860_LED_RADIO);
2115 case IEEE80211_S_INIT:
2116 restart_ratectl = 1;
2118 if (ostate != IEEE80211_S_RUN)
2122 sc->runbmap &= ~bid;
2124 /* abort TSF synchronization if there is no vap running */
2125 if (--sc->running == 0) {
2126 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2127 run_write(sc, RT2860_BCN_TIME_CFG,
2128 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2129 RT2860_TBTT_TIMER_EN));
2133 case IEEE80211_S_RUN:
2134 if (!(sc->runbmap & bid)) {
2136 restart_ratectl = 1;
2140 m_freem(rvp->beacon_mbuf);
2141 rvp->beacon_mbuf = NULL;
2143 switch (vap->iv_opmode) {
2144 case IEEE80211_M_HOSTAP:
2145 case IEEE80211_M_MBSS:
2146 sc->ap_running |= bid;
2147 ic->ic_opmode = vap->iv_opmode;
2148 run_update_beacon_cb(vap);
2150 case IEEE80211_M_IBSS:
2151 sc->adhoc_running |= bid;
2152 if (!sc->ap_running)
2153 ic->ic_opmode = vap->iv_opmode;
2154 run_update_beacon_cb(vap);
2156 case IEEE80211_M_STA:
2157 sc->sta_running |= bid;
2158 if (!sc->ap_running && !sc->adhoc_running)
2159 ic->ic_opmode = vap->iv_opmode;
2161 /* read statistic counters (clear on read) */
2162 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2163 (uint8_t *)sta, sizeof sta);
2167 ic->ic_opmode = vap->iv_opmode;
2171 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2172 struct ieee80211_node *ni;
2174 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2181 run_set_txpreamble(sc);
2182 run_set_basicrates(sc);
2183 ni = ieee80211_ref_node(vap->iv_bss);
2184 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2185 run_set_bssid(sc, sc->sc_bssid);
2186 ieee80211_free_node(ni);
2187 run_enable_tsf_sync(sc);
2189 /* enable automatic rate adaptation */
2190 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2191 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2196 /* turn link LED on */
2197 run_set_leds(sc, RT2860_LED_RADIO |
2198 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2199 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2203 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2207 /* restart amrr for running VAPs */
2208 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2209 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2214 return(rvp->newstate(vap, nstate, arg));
2218 run_wme_update(struct ieee80211com *ic)
2220 struct run_softc *sc = ic->ic_softc;
2221 const struct wmeParams *ac =
2222 ic->ic_wme.wme_chanParams.cap_wmeParams;
2225 /* update MAC TX configuration registers */
2227 for (aci = 0; aci < WME_NUM_AC; aci++) {
2228 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2229 ac[aci].wmep_logcwmax << 16 |
2230 ac[aci].wmep_logcwmin << 12 |
2231 ac[aci].wmep_aifsn << 8 |
2232 ac[aci].wmep_txopLimit);
2233 if (error) goto err;
2236 /* update SCH/DMA registers too */
2237 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2238 ac[WME_AC_VO].wmep_aifsn << 12 |
2239 ac[WME_AC_VI].wmep_aifsn << 8 |
2240 ac[WME_AC_BK].wmep_aifsn << 4 |
2241 ac[WME_AC_BE].wmep_aifsn);
2242 if (error) goto err;
2243 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2244 ac[WME_AC_VO].wmep_logcwmin << 12 |
2245 ac[WME_AC_VI].wmep_logcwmin << 8 |
2246 ac[WME_AC_BK].wmep_logcwmin << 4 |
2247 ac[WME_AC_BE].wmep_logcwmin);
2248 if (error) goto err;
2249 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2250 ac[WME_AC_VO].wmep_logcwmax << 12 |
2251 ac[WME_AC_VI].wmep_logcwmax << 8 |
2252 ac[WME_AC_BK].wmep_logcwmax << 4 |
2253 ac[WME_AC_BE].wmep_logcwmax);
2254 if (error) goto err;
2255 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2256 ac[WME_AC_BK].wmep_txopLimit << 16 |
2257 ac[WME_AC_BE].wmep_txopLimit);
2258 if (error) goto err;
2259 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2260 ac[WME_AC_VO].wmep_txopLimit << 16 |
2261 ac[WME_AC_VI].wmep_txopLimit);
2266 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2272 run_key_set_cb(void *arg)
2274 struct run_cmdq *cmdq = arg;
2275 struct ieee80211vap *vap = cmdq->arg1;
2276 struct ieee80211_key *k = cmdq->k;
2277 struct ieee80211com *ic = vap->iv_ic;
2278 struct run_softc *sc = ic->ic_softc;
2279 struct ieee80211_node *ni;
2280 u_int cipher = k->wk_cipher->ic_cipher;
2282 uint16_t base, associd;
2283 uint8_t mode, wcid, iv[8];
2285 RUN_LOCK_ASSERT(sc, MA_OWNED);
2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2291 associd = (ni != NULL) ? ni->ni_associd : 0;
2293 /* map net80211 cipher to RT2860 security mode */
2295 case IEEE80211_CIPHER_WEP:
2296 if(k->wk_keylen < 8)
2297 mode = RT2860_MODE_WEP40;
2299 mode = RT2860_MODE_WEP104;
2301 case IEEE80211_CIPHER_TKIP:
2302 mode = RT2860_MODE_TKIP;
2304 case IEEE80211_CIPHER_AES_CCM:
2305 mode = RT2860_MODE_AES_CCMP;
2308 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2313 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2314 associd, k->wk_keyix, mode,
2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2319 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2320 wcid = 0; /* NB: update WCID0 for group keys */
2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2324 1 : RUN_AID2WCID(associd);
2325 base = RT2860_PKEY(wcid);
2328 if (cipher == IEEE80211_CIPHER_TKIP) {
2329 if(run_write_region_1(sc, base, k->wk_key, 16))
2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2343 /* set initial packet number in IV+EIV */
2344 if (cipher == IEEE80211_CIPHER_WEP) {
2345 memset(iv, 0, sizeof iv);
2346 iv[3] = vap->iv_def_txkey << 6;
2348 if (cipher == IEEE80211_CIPHER_TKIP) {
2349 iv[0] = k->wk_keytsc >> 8;
2350 iv[1] = (iv[0] | 0x20) & 0x7f;
2351 iv[2] = k->wk_keytsc;
2353 iv[0] = k->wk_keytsc;
2354 iv[1] = k->wk_keytsc >> 8;
2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2358 iv[4] = k->wk_keytsc >> 16;
2359 iv[5] = k->wk_keytsc >> 24;
2360 iv[6] = k->wk_keytsc >> 32;
2361 iv[7] = k->wk_keytsc >> 40;
2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2367 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2368 /* install group key */
2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2371 attr &= ~(0xf << (k->wk_keyix * 4));
2372 attr |= mode << (k->wk_keyix * 4);
2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2376 /* install pairwise key */
2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2384 /* TODO create a pass-thru key entry? */
2386 /* need wcid to delete the right key later */
2391 * Don't have to be deferred, but in order to keep order of
2392 * execution, i.e. with run_key_delete(), defer this and let
2393 * run_cmdq_cb() maintain the order.
2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2400 struct ieee80211com *ic = vap->iv_ic;
2401 struct run_softc *sc = ic->ic_softc;
2404 i = RUN_CMDQ_GET(&sc->cmdq_store);
2405 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2406 sc->cmdq[i].func = run_key_set_cb;
2407 sc->cmdq[i].arg0 = NULL;
2408 sc->cmdq[i].arg1 = vap;
2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2411 ieee80211_runtask(ic, &sc->cmdq_task);
2414 * To make sure key will be set when hostapd
2415 * calls iv_key_set() before if_init().
2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2419 sc->cmdq_key_set = RUN_CMDQ_GO;
2427 * If wlan is destroyed without being brought down i.e. without
2428 * wlan down or wpa_cli terminate, this function is called after
2429 * vap is gone. Don't refer it.
2432 run_key_delete_cb(void *arg)
2434 struct run_cmdq *cmdq = arg;
2435 struct run_softc *sc = cmdq->arg1;
2436 struct ieee80211_key *k = &cmdq->key;
2440 RUN_LOCK_ASSERT(sc, MA_OWNED);
2442 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2443 /* remove group key */
2444 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2446 attr &= ~(0xf << (k->wk_keyix * 4));
2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2449 /* remove pairwise key */
2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2451 "removing key for wcid %x\n", k->wk_pad);
2452 /* matching wcid was written to wk_pad in run_key_set() */
2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2469 struct ieee80211com *ic = vap->iv_ic;
2470 struct run_softc *sc = ic->ic_softc;
2471 struct ieee80211_key *k0;
2475 * When called back, key might be gone. So, make a copy
2476 * of some values need to delete keys before deferring.
2477 * But, because of LOR with node lock, cannot use lock here.
2478 * So, use atomic instead.
2480 i = RUN_CMDQ_GET(&sc->cmdq_store);
2481 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2482 sc->cmdq[i].func = run_key_delete_cb;
2483 sc->cmdq[i].arg0 = NULL;
2484 sc->cmdq[i].arg1 = sc;
2485 k0 = &sc->cmdq[i].key;
2486 k0->wk_flags = k->wk_flags;
2487 k0->wk_keyix = k->wk_keyix;
2488 /* matching wcid was written to wk_pad in run_key_set() */
2489 k0->wk_pad = k->wk_pad;
2490 ieee80211_runtask(ic, &sc->cmdq_task);
2491 return (1); /* return fake success */
2496 run_ratectl_to(void *arg)
2498 struct run_softc *sc = arg;
2500 /* do it in a process context, so it can go sleep */
2501 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2502 /* next timeout will be rescheduled in the callback task */
2507 run_ratectl_cb(void *arg, int pending)
2509 struct run_softc *sc = arg;
2510 struct ieee80211com *ic = &sc->sc_ic;
2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2518 * run_reset_livelock() doesn't do anything with AMRR,
2519 * but Ralink wants us to call it every 1 sec. So, we
2520 * piggyback here rather than creating another callout.
2521 * Livelock may occur only in HOSTAP or IBSS mode
2522 * (when h/w is sending beacons).
2525 run_reset_livelock(sc);
2526 /* just in case, there are some stats to drain */
2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2534 if(sc->ratectl_run != RUN_RATECTL_OFF)
2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2540 run_drain_fifo(void *arg)
2542 struct run_softc *sc = arg;
2544 uint16_t (*wstat)[3];
2545 uint8_t wcid, mcs, pid;
2548 RUN_LOCK_ASSERT(sc, MA_OWNED);
2551 /* drain Tx status FIFO (maxsize = 16) */
2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2553 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2554 if (!(stat & RT2860_TXQ_VLD))
2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2559 /* if no ACK was requested, no feedback is available */
2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2565 * Even though each stat is Tx-complete-status like format,
2566 * the device can poll stats. Because there is no guarantee
2567 * that the referring node is still around when read the stats.
2568 * So that, if we use ieee80211_ratectl_tx_update(), we will
2569 * have hard time not to refer already freed node.
2571 * To eliminate such page faults, we poll stats in softc.
2572 * Then, update the rates later with ieee80211_ratectl_tx_update().
2574 wstat = &(sc->wcid_stats[wcid]);
2575 (*wstat)[RUN_TXCNT]++;
2576 if (stat & RT2860_TXQ_OK)
2577 (*wstat)[RUN_SUCCESS]++;
2579 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2581 * Check if there were retries, ie if the Tx success rate is
2582 * different from the requested rate. Note that it works only
2583 * because we do not allow rate fallback from OFDM to CCK.
2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2587 if ((retry = pid -1 - mcs) > 0) {
2588 (*wstat)[RUN_TXCNT] += retry;
2589 (*wstat)[RUN_RETRY] += retry;
2592 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2598 run_iter_func(void *arg, struct ieee80211_node *ni)
2600 struct run_softc *sc = arg;
2601 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2602 struct ieee80211vap *vap = ni->ni_vap;
2603 struct run_node *rn = RUN_NODE(ni);
2604 union run_stats sta[2];
2605 uint16_t (*wstat)[3];
2610 /* Check for special case */
2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2615 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2616 IEEE80211_RATECTL_TX_STATS_RETRIES;
2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2619 vap->iv_opmode == IEEE80211_M_STA)) {
2620 /* read statistic counters (clear on read) and update AMRR state */
2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2626 /* count failed TX as errors */
2627 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2628 le16toh(sta[0].error.fail));
2630 txs->nretries = le16toh(sta[1].tx.retry);
2631 txs->nsuccess = le16toh(sta[1].tx.success);
2633 txs->nframes = txs->nretries + txs->nsuccess +
2634 le16toh(sta[0].error.fail);
2636 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2637 "retrycnt=%d success=%d failcnt=%d\n",
2638 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2640 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2642 if (wstat == &(sc->wcid_stats[0]) ||
2643 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2646 txs->nretries = (*wstat)[RUN_RETRY];
2647 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2648 txs->nframes = (*wstat)[RUN_TXCNT];
2649 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2650 "retrycnt=%d txcnt=%d success=%d\n",
2651 txs->nretries, txs->nframes, txs->nsuccess);
2653 memset(wstat, 0, sizeof(*wstat));
2656 ieee80211_ratectl_tx_update(vap, txs);
2657 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2662 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx);
2666 run_newassoc_cb(void *arg)
2668 struct run_cmdq *cmdq = arg;
2669 struct ieee80211_node *ni = cmdq->arg1;
2670 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2671 uint8_t wcid = cmdq->wcid;
2673 RUN_LOCK_ASSERT(sc, MA_OWNED);
2675 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2676 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2678 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2682 run_newassoc(struct ieee80211_node *ni, int isnew)
2684 struct run_node *rn = RUN_NODE(ni);
2685 struct ieee80211_rateset *rs = &ni->ni_rates;
2686 struct ieee80211vap *vap = ni->ni_vap;
2687 struct ieee80211com *ic = vap->iv_ic;
2688 struct run_softc *sc = ic->ic_softc;
2694 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2695 1 : RUN_AID2WCID(ni->ni_associd);
2697 if (wcid > RT2870_WCID_MAX) {
2698 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2702 /* only interested in true associations */
2703 if (isnew && ni->ni_associd != 0) {
2706 * This function could is called though timeout function.
2709 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2710 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2711 sc->cmdq[cnt].func = run_newassoc_cb;
2712 sc->cmdq[cnt].arg0 = NULL;
2713 sc->cmdq[cnt].arg1 = ni;
2714 sc->cmdq[cnt].wcid = wcid;
2715 ieee80211_runtask(ic, &sc->cmdq_task);
2718 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2719 "new assoc isnew=%d associd=%x addr=%s\n",
2720 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2722 for (i = 0; i < rs->rs_nrates; i++) {
2723 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2724 /* convert 802.11 rate to hardware rate index */
2725 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2726 if (rt2860_rates[ridx].rate == rate)
2729 /* determine rate of control response frames */
2730 for (j = i; j >= 0; j--) {
2731 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2732 rt2860_rates[rn->ridx[i]].phy ==
2733 rt2860_rates[rn->ridx[j]].phy)
2737 rn->ctl_ridx[i] = rn->ridx[j];
2739 /* no basic rate found, use mandatory one */
2740 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2742 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2743 "rate=0x%02x ridx=%d ctl_ridx=%d\n",
2744 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2746 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2747 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2748 if (rt2860_rates[ridx].rate == rate)
2750 rn->mgt_ridx = ridx;
2751 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2752 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2755 if(sc->ratectl_run != RUN_RATECTL_OFF)
2756 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2761 * Return the Rx chain with the highest RSSI for a given frame.
2763 static __inline uint8_t
2764 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2766 uint8_t rxchain = 0;
2768 if (sc->nrxchains > 1) {
2769 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2771 if (sc->nrxchains > 2)
2772 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2779 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2780 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2782 struct ieee80211vap *vap = ni->ni_vap;
2783 struct run_softc *sc = vap->iv_ic->ic_softc;
2784 struct run_vap *rvp = RUN_VAP(vap);
2785 uint64_t ni_tstamp, rx_tstamp;
2787 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2789 if (vap->iv_state == IEEE80211_S_RUN &&
2790 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2791 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2792 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2794 run_get_tsf(sc, &rx_tstamp);
2796 rx_tstamp = le64toh(rx_tstamp);
2798 if (ni_tstamp >= rx_tstamp) {
2799 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2800 "ibss merge, tsf %ju tstamp %ju\n",
2801 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2802 (void) ieee80211_ibss_merge(ni);
2808 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2810 struct ieee80211com *ic = &sc->sc_ic;
2811 struct ieee80211_frame *wh;
2812 struct ieee80211_node *ni;
2813 struct rt2870_rxd *rxd;
2814 struct rt2860_rxwi *rxwi;
2816 uint16_t len, rxwisize;
2820 rxwi = mtod(m, struct rt2860_rxwi *);
2821 len = le16toh(rxwi->len) & 0xfff;
2822 rxwisize = sizeof(struct rt2860_rxwi);
2823 if (sc->mac_ver == 0x5592)
2824 rxwisize += sizeof(uint64_t);
2825 else if (sc->mac_ver == 0x3593)
2826 rxwisize += sizeof(uint32_t);
2827 if (__predict_false(len > dmalen)) {
2829 counter_u64_add(ic->ic_ierrors, 1);
2830 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2831 "bad RXWI length %u > %u\n", len, dmalen);
2834 /* Rx descriptor is located at the end */
2835 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2836 flags = le32toh(rxd->flags);
2838 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2840 counter_u64_add(ic->ic_ierrors, 1);
2841 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2842 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2846 m->m_data += rxwisize;
2847 m->m_pkthdr.len = m->m_len -= rxwisize;
2849 wh = mtod(m, struct ieee80211_frame *);
2851 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2852 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2853 m->m_flags |= M_WEP;
2856 if (flags & RT2860_RX_L2PAD) {
2857 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2858 "received RT2860_RX_L2PAD frame\n");
2862 ni = ieee80211_find_rxnode(ic,
2863 mtod(m, struct ieee80211_frame_min *));
2865 if (__predict_false(flags & RT2860_RX_MICERR)) {
2866 /* report MIC failures to net80211 for TKIP */
2868 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2871 counter_u64_add(ic->ic_ierrors, 1);
2872 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2873 "MIC error. Someone is lying.\n");
2877 ant = run_maxrssi_chain(sc, rxwi);
2878 rssi = rxwi->rssi[ant];
2879 nf = run_rssi2dbm(sc, rssi, ant);
2881 m->m_pkthdr.len = m->m_len = len;
2883 if (__predict_false(ieee80211_radiotap_active(ic))) {
2884 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2888 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2889 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2890 tap->wr_antsignal = rssi;
2891 tap->wr_antenna = ant;
2892 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2893 tap->wr_rate = 2; /* in case it can't be found below */
2895 run_get_tsf(sc, &tap->wr_tsf);
2897 phy = le16toh(rxwi->phy);
2898 switch (phy & RT2860_PHY_MODE) {
2899 case RT2860_PHY_CCK:
2900 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2901 case 0: tap->wr_rate = 2; break;
2902 case 1: tap->wr_rate = 4; break;
2903 case 2: tap->wr_rate = 11; break;
2904 case 3: tap->wr_rate = 22; break;
2906 if (phy & RT2860_PHY_SHPRE)
2907 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2909 case RT2860_PHY_OFDM:
2910 switch (phy & RT2860_PHY_MCS) {
2911 case 0: tap->wr_rate = 12; break;
2912 case 1: tap->wr_rate = 18; break;
2913 case 2: tap->wr_rate = 24; break;
2914 case 3: tap->wr_rate = 36; break;
2915 case 4: tap->wr_rate = 48; break;
2916 case 5: tap->wr_rate = 72; break;
2917 case 6: tap->wr_rate = 96; break;
2918 case 7: tap->wr_rate = 108; break;
2925 (void)ieee80211_input(ni, m, rssi, nf);
2926 ieee80211_free_node(ni);
2928 (void)ieee80211_input_all(ic, m, rssi, nf);
2933 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2935 struct run_softc *sc = usbd_xfer_softc(xfer);
2936 struct ieee80211com *ic = &sc->sc_ic;
2937 struct mbuf *m = NULL;
2943 rxwisize = sizeof(struct rt2860_rxwi);
2944 if (sc->mac_ver == 0x5592)
2945 rxwisize += sizeof(uint64_t);
2946 else if (sc->mac_ver == 0x3593)
2947 rxwisize += sizeof(uint32_t);
2949 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2951 switch (USB_GET_STATE(xfer)) {
2952 case USB_ST_TRANSFERRED:
2954 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2955 "rx done, actlen=%d\n", xferlen);
2957 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2958 sizeof(struct rt2870_rxd))) {
2959 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
2960 "xfer too short %d\n", xferlen);
2970 if (sc->rx_m == NULL) {
2971 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2972 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2974 if (sc->rx_m == NULL) {
2975 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC,
2976 "could not allocate mbuf - idle with stall\n");
2977 counter_u64_add(ic->ic_ierrors, 1);
2978 usbd_xfer_set_stall(xfer);
2979 usbd_xfer_set_frames(xfer, 0);
2982 * Directly loading a mbuf cluster into DMA to
2983 * save some data copying. This works because
2984 * there is only one cluster.
2986 usbd_xfer_set_frame_data(xfer, 0,
2987 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2988 usbd_xfer_set_frames(xfer, 1);
2990 usbd_transfer_submit(xfer);
2993 default: /* Error */
2994 if (error != USB_ERR_CANCELLED) {
2995 /* try to clear stall first */
2996 usbd_xfer_set_stall(xfer);
2997 if (error == USB_ERR_TIMEOUT)
2998 device_printf(sc->sc_dev, "device timeout\n");
2999 counter_u64_add(ic->ic_ierrors, 1);
3002 if (sc->rx_m != NULL) {
3012 /* inputting all the frames must be last */
3016 m->m_pkthdr.len = m->m_len = xferlen;
3018 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3020 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3022 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3023 ((dmalen & 3) != 0)) {
3024 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3025 "bad DMA length %u\n", dmalen);
3028 if ((dmalen + 8) > (uint32_t)xferlen) {
3029 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3030 "bad DMA length %u > %d\n",
3031 dmalen + 8, xferlen);
3035 /* If it is the last one or a single frame, we won't copy. */
3036 if ((xferlen -= dmalen + 8) <= 8) {
3037 /* trim 32-bit DMA-len header */
3039 m->m_pkthdr.len = m->m_len -= 4;
3040 run_rx_frame(sc, m, dmalen);
3041 m = NULL; /* don't free source buffer */
3045 /* copy aggregated frames to another mbuf */
3046 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3047 if (__predict_false(m0 == NULL)) {
3048 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3049 "could not allocate mbuf\n");
3050 counter_u64_add(ic->ic_ierrors, 1);
3053 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3054 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3055 m0->m_pkthdr.len = m0->m_len =
3056 dmalen + sizeof(struct rt2870_rxd);
3057 run_rx_frame(sc, m0, dmalen);
3059 /* update data ptr */
3060 m->m_data += dmalen + 8;
3061 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3064 /* make sure we free the source buffer, if any */
3071 run_tx_free(struct run_endpoint_queue *pq,
3072 struct run_tx_data *data, int txerr)
3075 ieee80211_tx_complete(data->ni, data->m, txerr);
3080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3085 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3087 struct run_softc *sc = usbd_xfer_softc(xfer);
3088 struct ieee80211com *ic = &sc->sc_ic;
3089 struct run_tx_data *data;
3090 struct ieee80211vap *vap = NULL;
3091 struct usb_page_cache *pc;
3092 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3094 usb_frlength_t size;
3098 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3100 switch (USB_GET_STATE(xfer)) {
3101 case USB_ST_TRANSFERRED:
3102 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3103 "transfer complete: %d bytes @ index %d\n", actlen, index);
3105 data = usbd_xfer_get_priv(xfer);
3106 run_tx_free(pq, data, 0);
3107 usbd_xfer_set_priv(xfer, NULL);
3112 data = STAILQ_FIRST(&pq->tx_qh);
3116 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3119 size = (sc->mac_ver == 0x5592) ?
3120 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3121 if ((m->m_pkthdr.len +
3122 size + 3 + 8) > RUN_MAX_TXSZ) {
3123 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3124 "data overflow, %u bytes\n", m->m_pkthdr.len);
3125 run_tx_free(pq, data, 1);
3129 pc = usbd_xfer_get_frame(xfer, 0);
3130 usbd_copy_in(pc, 0, &data->desc, size);
3131 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3132 size += m->m_pkthdr.len;
3134 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3135 * 4-byte padding), and be sure to zero those trailing
3138 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3139 size += ((-size) & 3) + 8;
3141 vap = data->ni->ni_vap;
3142 if (ieee80211_radiotap_active_vap(vap)) {
3143 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3144 struct rt2860_txwi *txwi =
3145 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3147 tap->wt_rate = rt2860_rates[data->ridx].rate;
3148 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3149 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3150 tap->wt_hwqueue = index;
3151 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3152 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3154 ieee80211_radiotap_tx(vap, m);
3157 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3158 "sending frame len=%u/%u @ index %d\n",
3159 m->m_pkthdr.len, size, index);
3161 usbd_xfer_set_frame_len(xfer, 0, size);
3162 usbd_xfer_set_priv(xfer, data);
3163 usbd_transfer_submit(xfer);
3169 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3170 "USB transfer error, %s\n", usbd_errstr(error));
3172 data = usbd_xfer_get_priv(xfer);
3175 if(data->ni != NULL)
3176 vap = data->ni->ni_vap;
3177 run_tx_free(pq, data, error);
3178 usbd_xfer_set_priv(xfer, NULL);
3182 vap = TAILQ_FIRST(&ic->ic_vaps);
3184 if (error != USB_ERR_CANCELLED) {
3185 if (error == USB_ERR_TIMEOUT) {
3186 device_printf(sc->sc_dev, "device timeout\n");
3187 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3188 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3189 "cmdq_store=%d\n", i);
3190 sc->cmdq[i].func = run_usb_timeout_cb;
3191 sc->cmdq[i].arg0 = vap;
3192 ieee80211_runtask(ic, &sc->cmdq_task);
3196 * Try to clear stall first, also if other
3197 * errors occur, hence clearing stall
3198 * introduces a 50 ms delay:
3200 usbd_xfer_set_stall(xfer);
3208 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3210 run_bulk_tx_callbackN(xfer, error, 0);
3214 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3216 run_bulk_tx_callbackN(xfer, error, 1);
3220 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3222 run_bulk_tx_callbackN(xfer, error, 2);
3226 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3228 run_bulk_tx_callbackN(xfer, error, 3);
3232 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3234 run_bulk_tx_callbackN(xfer, error, 4);
3238 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3240 run_bulk_tx_callbackN(xfer, error, 5);
3244 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3246 struct mbuf *m = data->m;
3247 struct ieee80211com *ic = &sc->sc_ic;
3248 struct ieee80211vap *vap = data->ni->ni_vap;
3249 struct ieee80211_frame *wh;
3250 struct rt2870_txd *txd;
3251 struct rt2860_txwi *txwi;
3252 uint16_t xferlen, txwisize;
3254 uint8_t ridx = data->ridx;
3257 /* get MCS code from rate index */
3258 mcs = rt2860_rates[ridx].mcs;
3260 txwisize = (sc->mac_ver == 0x5592) ?
3261 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3262 xferlen = txwisize + m->m_pkthdr.len;
3264 /* roundup to 32-bit alignment */
3265 xferlen = (xferlen + 3) & ~3;
3267 txd = (struct rt2870_txd *)&data->desc;
3268 txd->len = htole16(xferlen);
3270 wh = mtod(m, struct ieee80211_frame *);
3273 * Ether both are true or both are false, the header
3274 * are nicely aligned to 32-bit. So, no L2 padding.
3276 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3281 /* setup TX Wireless Information */
3282 txwi = (struct rt2860_txwi *)(txd + 1);
3283 txwi->len = htole16(m->m_pkthdr.len - pad);
3284 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3285 mcs |= RT2860_PHY_CCK;
3286 if (ridx != RT2860_RIDX_CCK1 &&
3287 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3288 mcs |= RT2860_PHY_SHPRE;
3290 mcs |= RT2860_PHY_OFDM;
3291 txwi->phy = htole16(mcs);
3293 /* check if RTS/CTS or CTS-to-self protection is required */
3294 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3295 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3296 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3297 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3298 txwi->txop |= RT2860_TX_TXOP_HT;
3300 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3302 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3303 txwi->xflags |= RT2860_TX_NSEQ;
3306 /* This function must be called locked */
3308 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3310 struct ieee80211com *ic = &sc->sc_ic;
3311 struct ieee80211vap *vap = ni->ni_vap;
3312 struct ieee80211_frame *wh;
3313 const struct ieee80211_txparam *tp = ni->ni_txparms;
3314 struct run_node *rn = RUN_NODE(ni);
3315 struct run_tx_data *data;
3316 struct rt2870_txd *txd;
3317 struct rt2860_txwi *txwi;
3329 RUN_LOCK_ASSERT(sc, MA_OWNED);
3331 wh = mtod(m, struct ieee80211_frame *);
3333 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3336 * There are 7 bulk endpoints: 1 for RX
3337 * and 6 for TX (4 EDCAs + HCCA + Prio).
3338 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3339 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3341 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3344 if(IEEE80211_HAS_ADDR4(wh))
3345 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3347 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3349 qos = le16toh(*(const uint16_t *)frm);
3350 tid = qos & IEEE80211_QOS_TID;
3351 qid = TID_TO_WME_AC(tid);
3357 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3359 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3360 qos, qid, tid, qflags);
3362 /* pickup a rate index */
3363 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3364 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3365 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3366 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3367 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3369 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3370 ridx = rn->fix_ridx;
3372 ridx = rn->amrr_ridx;
3373 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3376 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3377 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3378 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3379 xflags |= RT2860_TX_ACK;
3380 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3381 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3383 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3384 USETW(wh->i_dur, dur);
3387 /* reserve slots for mgmt packets, just in case */
3388 if (sc->sc_epq[qid].tx_nfree < 3) {
3389 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3393 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3394 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3395 sc->sc_epq[qid].tx_nfree--;
3397 txd = (struct rt2870_txd *)&data->desc;
3398 txd->flags = qflags;
3399 txwi = (struct rt2860_txwi *)(txd + 1);
3400 txwi->xflags = xflags;
3401 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3404 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3405 1 : RUN_AID2WCID(ni->ni_associd);
3407 /* clear leftover garbage bits */
3415 run_set_tx_desc(sc, data);
3418 * The chip keeps track of 2 kind of Tx stats,
3419 * * TX_STAT_FIFO, for per WCID stats, and
3420 * * TX_STA_CNT0 for all-TX-in-one stats.
3422 * To use FIFO stats, we need to store MCS into the driver-private
3423 * PacketID field. So that, we can tell whose stats when we read them.
3424 * We add 1 to the MCS because setting the PacketID field to 0 means
3425 * that we don't want feedback in TX_STAT_FIFO.
3426 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3428 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3430 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3431 vap->iv_opmode == IEEE80211_M_MBSS) {
3432 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3433 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3436 * Unlike PCI based devices, we don't get any interrupt from
3437 * USB devices, so we simulate FIFO-is-full interrupt here.
3438 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3439 * quickly get fulled. To prevent overflow, increment a counter on
3440 * every FIFO stat request, so we know how many slots are left.
3441 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3442 * are used only in those modes.
3443 * We just drain stats. AMRR gets updated every 1 sec by
3444 * run_ratectl_cb() via callout.
3445 * Call it early. Otherwise overflow.
3447 if (sc->fifo_cnt++ == 10) {
3449 * With multiple vaps or if_bridge, if_start() is called
3450 * with a non-sleepable lock, tcpinp. So, need to defer.
3452 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3453 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3454 sc->cmdq[i].func = run_drain_fifo;
3455 sc->cmdq[i].arg0 = sc;
3456 ieee80211_runtask(ic, &sc->cmdq_task);
3460 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3462 usbd_transfer_start(sc->sc_xfer[qid]);
3464 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3465 "sending data frame len=%d rate=%d qid=%d\n",
3466 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3467 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3473 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3475 struct ieee80211com *ic = &sc->sc_ic;
3476 struct run_node *rn = RUN_NODE(ni);
3477 struct run_tx_data *data;
3478 struct ieee80211_frame *wh;
3479 struct rt2870_txd *txd;
3480 struct rt2860_txwi *txwi;
3482 uint8_t ridx = rn->mgt_ridx;
3487 RUN_LOCK_ASSERT(sc, MA_OWNED);
3489 wh = mtod(m, struct ieee80211_frame *);
3491 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3493 /* tell hardware to add timestamp for probe responses */
3495 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3496 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3497 wflags |= RT2860_TX_TS;
3498 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3499 xflags |= RT2860_TX_ACK;
3501 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3502 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3503 USETW(wh->i_dur, dur);
3506 if (sc->sc_epq[0].tx_nfree == 0)
3507 /* let caller free mbuf */
3509 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3510 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3511 sc->sc_epq[0].tx_nfree--;
3513 txd = (struct rt2870_txd *)&data->desc;
3514 txd->flags = RT2860_TX_QSEL_EDCA;
3515 txwi = (struct rt2860_txwi *)(txd + 1);
3517 txwi->flags = wflags;
3518 txwi->xflags = xflags;
3519 txwi->txop = 0; /* clear leftover garbage bits */
3525 run_set_tx_desc(sc, data);
3527 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3528 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3529 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3531 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3533 usbd_transfer_start(sc->sc_xfer[0]);
3539 run_sendprot(struct run_softc *sc,
3540 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3542 struct ieee80211com *ic = ni->ni_ic;
3543 struct ieee80211_frame *wh;
3544 struct run_tx_data *data;
3545 struct rt2870_txd *txd;
3546 struct rt2860_txwi *txwi;
3558 RUN_LOCK_ASSERT(sc, MA_OWNED);
3560 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3561 ("protection %d", prot));
3563 wh = mtod(m, struct ieee80211_frame *);
3564 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3565 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3567 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3568 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3570 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3571 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3572 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3573 wflags = RT2860_TX_FRAG;
3575 /* check that there are free slots before allocating the mbuf */
3576 if (sc->sc_epq[0].tx_nfree == 0)
3577 /* let caller free mbuf */
3580 if (prot == IEEE80211_PROT_RTSCTS) {
3581 /* NB: CTS is the same size as an ACK */
3582 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3583 xflags |= RT2860_TX_ACK;
3584 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3586 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3588 if (mprot == NULL) {
3589 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3590 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3594 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3595 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3596 sc->sc_epq[0].tx_nfree--;
3598 txd = (struct rt2870_txd *)&data->desc;
3599 txd->flags = RT2860_TX_QSEL_EDCA;
3600 txwi = (struct rt2860_txwi *)(txd + 1);
3602 txwi->flags = wflags;
3603 txwi->xflags = xflags;
3604 txwi->txop = 0; /* clear leftover garbage bits */
3607 data->ni = ieee80211_ref_node(ni);
3609 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3610 if (rt2860_rates[ridx].rate == protrate)
3614 run_set_tx_desc(sc, data);
3616 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3617 m->m_pkthdr.len, rate);
3619 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3621 usbd_transfer_start(sc->sc_xfer[0]);
3627 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3628 const struct ieee80211_bpf_params *params)
3630 struct ieee80211com *ic = ni->ni_ic;
3631 struct ieee80211_frame *wh;
3632 struct run_tx_data *data;
3633 struct rt2870_txd *txd;
3634 struct rt2860_txwi *txwi;
3638 uint8_t opflags = 0;
3642 RUN_LOCK_ASSERT(sc, MA_OWNED);
3644 KASSERT(params != NULL, ("no raw xmit params"));
3646 wh = mtod(m, struct ieee80211_frame *);
3647 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3649 rate = params->ibp_rate0;
3650 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3651 /* let caller free mbuf */
3655 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3656 xflags |= RT2860_TX_ACK;
3657 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3658 error = run_sendprot(sc, m, ni,
3659 params->ibp_flags & IEEE80211_BPF_RTS ?
3660 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3663 /* let caller free mbuf */
3666 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3669 if (sc->sc_epq[0].tx_nfree == 0) {
3670 /* let caller free mbuf */
3671 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3672 "sending raw frame, but tx ring is full\n");
3675 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3676 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3677 sc->sc_epq[0].tx_nfree--;
3679 txd = (struct rt2870_txd *)&data->desc;
3680 txd->flags = RT2860_TX_QSEL_EDCA;
3681 txwi = (struct rt2860_txwi *)(txd + 1);
3683 txwi->xflags = xflags;
3684 txwi->txop = opflags;
3685 txwi->flags = 0; /* clear leftover garbage bits */
3689 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3690 if (rt2860_rates[ridx].rate == rate)
3694 run_set_tx_desc(sc, data);
3696 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3697 m->m_pkthdr.len, rate);
3699 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3701 usbd_transfer_start(sc->sc_xfer[0]);
3707 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3708 const struct ieee80211_bpf_params *params)
3710 struct run_softc *sc = ni->ni_ic->ic_softc;
3715 /* prevent management frames from being sent if we're not ready */
3716 if (!(sc->sc_flags & RUN_RUNNING)) {
3721 if (params == NULL) {
3723 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3724 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3728 /* tx raw packet with param */
3729 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3730 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3747 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3749 struct run_softc *sc = ic->ic_softc;
3753 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3757 error = mbufq_enqueue(&sc->sc_snd, m);
3769 run_start(struct run_softc *sc)
3771 struct ieee80211_node *ni;
3774 RUN_LOCK_ASSERT(sc, MA_OWNED);
3776 if ((sc->sc_flags & RUN_RUNNING) == 0)
3779 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3780 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3781 if (run_tx(sc, m, ni) != 0) {
3782 mbufq_prepend(&sc->sc_snd, m);
3789 run_parent(struct ieee80211com *ic)
3791 struct run_softc *sc = ic->ic_softc;
3795 if (sc->sc_detached) {
3800 if (ic->ic_nrunning > 0) {
3801 if (!(sc->sc_flags & RUN_RUNNING)) {
3803 run_init_locked(sc);
3805 run_update_promisc_locked(sc);
3806 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3810 ieee80211_start_all(ic);
3814 run_iq_calib(struct run_softc *sc, u_int chan)
3819 run_bbp_write(sc, 158, 0x2c);
3821 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3822 else if (chan <= 64) {
3824 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3826 } else if (chan <= 138) {
3828 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3830 } else if (chan <= 165) {
3832 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3836 run_bbp_write(sc, 159, val);
3839 run_bbp_write(sc, 158, 0x2d);
3841 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3843 } else if (chan <= 64) {
3845 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3847 } else if (chan <= 138) {
3849 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3851 } else if (chan <= 165) {
3853 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3857 run_bbp_write(sc, 159, val);
3860 run_bbp_write(sc, 158, 0x4a);
3862 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3864 } else if (chan <= 64) {
3866 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3868 } else if (chan <= 138) {
3870 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3872 } else if (chan <= 165) {
3874 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3878 run_bbp_write(sc, 159, val);
3881 run_bbp_write(sc, 158, 0x4b);
3883 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3885 } else if (chan <= 64) {
3887 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3889 } else if (chan <= 138) {
3891 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3893 } else if (chan <= 165) {
3895 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3899 run_bbp_write(sc, 159, val);
3901 /* RF IQ compensation control. */
3902 run_bbp_write(sc, 158, 0x04);
3903 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3905 run_bbp_write(sc, 159, val);
3907 /* RF IQ imbalance compensation control. */
3908 run_bbp_write(sc, 158, 0x03);
3910 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3911 run_bbp_write(sc, 159, val);
3915 run_set_agc(struct run_softc *sc, uint8_t agc)
3919 if (sc->mac_ver == 0x3572) {
3920 run_bbp_read(sc, 27, &bbp);
3922 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3923 run_bbp_write(sc, 66, agc);
3924 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3925 run_bbp_write(sc, 66, agc);
3927 run_bbp_write(sc, 66, agc);
3931 run_select_chan_group(struct run_softc *sc, int group)
3936 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3937 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3938 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3939 if (sc->mac_ver < 0x3572)
3940 run_bbp_write(sc, 86, 0x00);
3942 if (sc->mac_ver == 0x3593) {
3943 run_bbp_write(sc, 77, 0x98);
3944 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3948 if (sc->ext_2ghz_lna) {
3949 if (sc->mac_ver >= 0x5390)
3950 run_bbp_write(sc, 75, 0x52);
3952 run_bbp_write(sc, 82, 0x62);
3953 run_bbp_write(sc, 75, 0x46);
3956 if (sc->mac_ver == 0x5592) {
3957 run_bbp_write(sc, 79, 0x1c);
3958 run_bbp_write(sc, 80, 0x0e);
3959 run_bbp_write(sc, 81, 0x3a);
3960 run_bbp_write(sc, 82, 0x62);
3962 run_bbp_write(sc, 195, 0x80);
3963 run_bbp_write(sc, 196, 0xe0);
3964 run_bbp_write(sc, 195, 0x81);
3965 run_bbp_write(sc, 196, 0x1f);
3966 run_bbp_write(sc, 195, 0x82);
3967 run_bbp_write(sc, 196, 0x38);
3968 run_bbp_write(sc, 195, 0x83);
3969 run_bbp_write(sc, 196, 0x32);
3970 run_bbp_write(sc, 195, 0x85);
3971 run_bbp_write(sc, 196, 0x28);
3972 run_bbp_write(sc, 195, 0x86);
3973 run_bbp_write(sc, 196, 0x19);
3974 } else if (sc->mac_ver >= 0x5390)
3975 run_bbp_write(sc, 75, 0x50);
3977 run_bbp_write(sc, 82,
3978 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3979 run_bbp_write(sc, 75, 0x50);
3983 if (sc->mac_ver == 0x5592) {
3984 run_bbp_write(sc, 79, 0x18);
3985 run_bbp_write(sc, 80, 0x08);
3986 run_bbp_write(sc, 81, 0x38);
3987 run_bbp_write(sc, 82, 0x92);
3989 run_bbp_write(sc, 195, 0x80);
3990 run_bbp_write(sc, 196, 0xf0);
3991 run_bbp_write(sc, 195, 0x81);
3992 run_bbp_write(sc, 196, 0x1e);
3993 run_bbp_write(sc, 195, 0x82);
3994 run_bbp_write(sc, 196, 0x28);
3995 run_bbp_write(sc, 195, 0x83);
3996 run_bbp_write(sc, 196, 0x20);
3997 run_bbp_write(sc, 195, 0x85);
3998 run_bbp_write(sc, 196, 0x7f);
3999 run_bbp_write(sc, 195, 0x86);
4000 run_bbp_write(sc, 196, 0x7f);
4001 } else if (sc->mac_ver == 0x3572)
4002 run_bbp_write(sc, 82, 0x94);
4004 run_bbp_write(sc, 82,
4005 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4006 if (sc->ext_5ghz_lna)
4007 run_bbp_write(sc, 75, 0x46);
4009 run_bbp_write(sc, 75, 0x50);
4012 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4013 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4014 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4015 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4017 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4018 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4019 if (sc->mac_ver == 0x3593)
4020 tmp |= 1 << 29 | 1 << 28;
4021 if (sc->nrxchains > 1)
4022 tmp |= RT2860_LNA_PE1_EN;
4023 if (group == 0) { /* 2GHz */
4024 tmp |= RT2860_PA_PE_G0_EN;
4025 if (sc->ntxchains > 1)
4026 tmp |= RT2860_PA_PE_G1_EN;
4027 if (sc->mac_ver == 0x3593) {
4028 if (sc->ntxchains > 2)
4032 tmp |= RT2860_PA_PE_A0_EN;
4033 if (sc->ntxchains > 1)
4034 tmp |= RT2860_PA_PE_A1_EN;
4036 if (sc->mac_ver == 0x3572) {
4037 run_rt3070_rf_write(sc, 8, 0x00);
4038 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4039 run_rt3070_rf_write(sc, 8, 0x80);
4041 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4043 if (sc->mac_ver == 0x5592) {
4044 run_bbp_write(sc, 195, 0x8d);
4045 run_bbp_write(sc, 196, 0x1a);
4048 if (sc->mac_ver == 0x3593) {
4049 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4053 tmp = (tmp & ~0x00009090) | 0x00000090;
4054 run_write(sc, RT2860_GPIO_CTRL, tmp);
4057 /* set initial AGC value */
4058 if (group == 0) { /* 2GHz band */
4059 if (sc->mac_ver >= 0x3070)
4060 agc = 0x1c + sc->lna[0] * 2;
4062 agc = 0x2e + sc->lna[0];
4063 } else { /* 5GHz band */
4064 if (sc->mac_ver == 0x5592)
4065 agc = 0x24 + sc->lna[group] * 2;
4066 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4067 agc = 0x22 + (sc->lna[group] * 5) / 3;
4069 agc = 0x32 + (sc->lna[group] * 5) / 3;
4071 run_set_agc(sc, agc);
4075 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4077 const struct rfprog *rfprog = rt2860_rf2850;
4078 uint32_t r2, r3, r4;
4079 int8_t txpow1, txpow2;
4082 /* find the settings for this channel (we know it exists) */
4083 for (i = 0; rfprog[i].chan != chan; i++);
4086 if (sc->ntxchains == 1)
4087 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4088 if (sc->nrxchains == 1)
4089 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4090 else if (sc->nrxchains == 2)
4091 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4093 /* use Tx power values from EEPROM */
4094 txpow1 = sc->txpow1[i];
4095 txpow2 = sc->txpow2[i];
4097 /* Initialize RF R3 and R4. */
4098 r3 = rfprog[i].r3 & 0xffffc1ff;
4099 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4102 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4103 r3 |= (txpow1 << 10) | (1 << 9);
4107 /* txpow1 is not possible larger than 15. */
4108 r3 |= (txpow1 << 10);
4111 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4112 r4 |= (txpow2 << 7) | (1 << 6);
4115 r4 |= (txpow2 << 7);
4118 /* Set Tx0 power. */
4119 r3 |= (txpow1 << 9);
4121 /* Set frequency offset and Tx1 power. */
4122 r4 |= (txpow2 << 6);
4125 run_rt2870_rf_write(sc, rfprog[i].r1);
4126 run_rt2870_rf_write(sc, r2);
4127 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4128 run_rt2870_rf_write(sc, r4);
4132 run_rt2870_rf_write(sc, rfprog[i].r1);
4133 run_rt2870_rf_write(sc, r2);
4134 run_rt2870_rf_write(sc, r3 | (1 << 2));
4135 run_rt2870_rf_write(sc, r4);
4139 run_rt2870_rf_write(sc, rfprog[i].r1);
4140 run_rt2870_rf_write(sc, r2);
4141 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4142 run_rt2870_rf_write(sc, r4);
4146 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4148 int8_t txpow1, txpow2;
4152 /* find the settings for this channel (we know it exists) */
4153 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4155 /* use Tx power values from EEPROM */
4156 txpow1 = sc->txpow1[i];
4157 txpow2 = sc->txpow2[i];
4159 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4161 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4162 run_rt3070_rf_read(sc, 3, &rf);
4163 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4164 run_rt3070_rf_write(sc, 3, rf);
4166 run_rt3070_rf_read(sc, 6, &rf);
4167 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4168 run_rt3070_rf_write(sc, 6, rf);
4171 run_rt3070_rf_read(sc, 12, &rf);
4172 rf = (rf & ~0x1f) | txpow1;
4173 run_rt3070_rf_write(sc, 12, rf);
4176 run_rt3070_rf_read(sc, 13, &rf);
4177 rf = (rf & ~0x1f) | txpow2;
4178 run_rt3070_rf_write(sc, 13, rf);
4180 run_rt3070_rf_read(sc, 1, &rf);
4182 if (sc->ntxchains == 1)
4183 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4184 else if (sc->ntxchains == 2)
4185 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4186 if (sc->nrxchains == 1)
4187 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4188 else if (sc->nrxchains == 2)
4189 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4190 run_rt3070_rf_write(sc, 1, rf);
4193 run_rt3070_rf_read(sc, 23, &rf);
4194 rf = (rf & ~0x7f) | sc->freq;
4195 run_rt3070_rf_write(sc, 23, rf);
4197 /* program RF filter */
4198 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4199 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4200 run_rt3070_rf_write(sc, 24, rf);
4201 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4202 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4203 run_rt3070_rf_write(sc, 31, rf);
4205 /* enable RF tuning */
4206 run_rt3070_rf_read(sc, 7, &rf);
4207 run_rt3070_rf_write(sc, 7, rf | 0x01);
4211 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4213 int8_t txpow1, txpow2;
4218 /* find the settings for this channel (we know it exists) */
4219 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4221 /* use Tx power values from EEPROM */
4222 txpow1 = sc->txpow1[i];
4223 txpow2 = sc->txpow2[i];
4226 run_bbp_write(sc, 25, sc->bbp25);
4227 run_bbp_write(sc, 26, sc->bbp26);
4229 /* enable IQ phase correction */
4230 run_bbp_write(sc, 25, 0x09);
4231 run_bbp_write(sc, 26, 0xff);
4234 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4235 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4236 run_rt3070_rf_read(sc, 6, &rf);
4237 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4238 rf |= (chan <= 14) ? 0x08 : 0x04;
4239 run_rt3070_rf_write(sc, 6, rf);
4242 run_rt3070_rf_read(sc, 5, &rf);
4243 rf &= ~(0x08 | 0x04);
4244 rf |= (chan <= 14) ? 0x04 : 0x08;
4245 run_rt3070_rf_write(sc, 5, rf);
4247 /* set Tx power for chain 0 */
4251 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4252 run_rt3070_rf_write(sc, 12, rf);
4254 /* set Tx power for chain 1 */
4258 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4259 run_rt3070_rf_write(sc, 13, rf);
4261 /* set Tx/Rx streams */
4262 run_rt3070_rf_read(sc, 1, &rf);
4264 if (sc->ntxchains == 1)
4265 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4266 else if (sc->ntxchains == 2)
4267 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4268 if (sc->nrxchains == 1)
4269 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4270 else if (sc->nrxchains == 2)
4271 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4272 run_rt3070_rf_write(sc, 1, rf);
4275 run_rt3070_rf_read(sc, 23, &rf);
4276 rf = (rf & ~0x7f) | sc->freq;
4277 run_rt3070_rf_write(sc, 23, rf);
4279 /* program RF filter */
4280 rf = sc->rf24_20mhz;
4281 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4282 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4284 /* enable RF tuning */
4285 run_rt3070_rf_read(sc, 7, &rf);
4286 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4287 run_rt3070_rf_write(sc, 7, rf);
4290 rf = (chan <= 14) ? 0xc3 : 0xc0;
4291 run_rt3070_rf_write(sc, 9, rf);
4293 /* set loop filter 1 */
4294 run_rt3070_rf_write(sc, 10, 0xf1);
4295 /* set loop filter 2 */
4296 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4299 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4302 rf = 0x48 | sc->txmixgain_2ghz;
4304 rf = 0x78 | sc->txmixgain_5ghz;
4305 run_rt3070_rf_write(sc, 16, rf);
4308 run_rt3070_rf_write(sc, 17, 0x23);
4312 else if (chan <= 64)
4314 else if (chan <= 128)
4318 run_rt3070_rf_write(sc, 19, rf);
4323 else if (chan <= 64)
4325 else if (chan <= 128)
4329 run_rt3070_rf_write(sc, 20, rf);
4334 else if (chan <= 64)
4338 run_rt3070_rf_write(sc, 25, rf);
4341 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4343 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4345 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4347 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4351 run_write(sc, RT2860_GPIO_CTRL, tmp);
4353 /* enable RF tuning */
4354 run_rt3070_rf_read(sc, 7, &rf);
4355 run_rt3070_rf_write(sc, 7, rf | 0x01);
4361 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4363 int8_t txpow1, txpow2, txpow3;
4367 /* find the settings for this channel (we know it exists) */
4368 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4370 /* use Tx power values from EEPROM */
4371 txpow1 = sc->txpow1[i];
4372 txpow2 = sc->txpow2[i];
4373 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4376 run_bbp_write(sc, 25, sc->bbp25);
4377 run_bbp_write(sc, 26, sc->bbp26);
4379 /* Enable IQ phase correction. */
4380 run_bbp_write(sc, 25, 0x09);
4381 run_bbp_write(sc, 26, 0xff);
4384 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4385 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4386 run_rt3070_rf_read(sc, 11, &rf);
4387 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4388 run_rt3070_rf_write(sc, 11, rf);
4391 run_rt3070_rf_read(sc, 11, &rf);
4393 rf |= (chan <= 14) ? 0x44 : 0x48;
4394 run_rt3070_rf_write(sc, 11, rf);
4399 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4400 run_rt3070_rf_write(sc, 53, rf);
4405 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4406 run_rt3070_rf_write(sc, 55, rf);
4411 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4412 run_rt3070_rf_write(sc, 54, rf);
4414 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4415 if (sc->ntxchains == 3)
4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4418 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4419 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4420 run_rt3070_rf_write(sc, 1, rf);
4422 run_adjust_freq_offset(sc);
4424 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4426 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4427 run_rt3070_rf_read(sc, 30, &rf);
4428 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4429 run_rt3070_rf_write(sc, 30, rf);
4431 run_rt3070_rf_read(sc, 36, &rf);
4436 run_rt3070_rf_write(sc, 36, rf);
4439 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4440 /* Set pfd_delay. */
4441 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4443 /* Set vco bias current control. */
4444 run_rt3070_rf_read(sc, 6, &rf);
4448 else if (chan <= 128)
4452 run_rt3070_rf_write(sc, 6, rf);
4454 run_rt3070_rf_read(sc, 30, &rf);
4455 rf = (rf & ~0x18) | 0x10;
4456 run_rt3070_rf_write(sc, 30, rf);
4458 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4459 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4461 run_rt3070_rf_read(sc, 51, &rf);
4462 rf = (rf & ~0x03) | 0x01;
4463 run_rt3070_rf_write(sc, 51, rf);
4464 /* Set tx_mx1_cc. */
4465 run_rt3070_rf_read(sc, 51, &rf);
4467 rf |= (chan <= 14) ? 0x14 : 0x10;
4468 run_rt3070_rf_write(sc, 51, rf);
4469 /* Set tx_mx1_ic. */
4470 run_rt3070_rf_read(sc, 51, &rf);
4472 rf |= (chan <= 14) ? 0x60 : 0x40;
4473 run_rt3070_rf_write(sc, 51, rf);
4474 /* Set tx_lo1_ic. */
4475 run_rt3070_rf_read(sc, 49, &rf);
4477 rf |= (chan <= 14) ? 0x0c : 0x08;
4478 run_rt3070_rf_write(sc, 49, rf);
4479 /* Set tx_lo1_en. */
4480 run_rt3070_rf_read(sc, 50, &rf);
4481 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4483 run_rt3070_rf_read(sc, 57, &rf);
4485 rf |= (chan <= 14) ? 0x6c : 0x3c;
4486 run_rt3070_rf_write(sc, 57, rf);
4487 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4488 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4489 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4490 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4491 /* Enable VCO calibration. */
4492 run_rt3070_rf_read(sc, 3, &rf);
4493 rf &= ~RT5390_VCOCAL;
4494 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4495 run_rt3070_rf_write(sc, 3, rf);
4499 else if (chan <= 64)
4501 else if (chan <= 128)
4505 run_rt3070_rf_write(sc, 39, rf);
4508 else if (chan <= 64)
4510 else if (chan <= 128)
4514 run_rt3070_rf_write(sc, 45, rf);
4516 /* Set FEQ/AEQ control. */
4517 run_bbp_write(sc, 105, 0x34);
4521 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4523 int8_t txpow1, txpow2;
4527 /* find the settings for this channel (we know it exists) */
4528 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4530 /* use Tx power values from EEPROM */
4531 txpow1 = sc->txpow1[i];
4532 txpow2 = sc->txpow2[i];
4534 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4535 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4536 run_rt3070_rf_read(sc, 11, &rf);
4537 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4538 run_rt3070_rf_write(sc, 11, rf);
4540 run_rt3070_rf_read(sc, 49, &rf);
4541 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4542 /* The valid range of the RF R49 is 0x00 to 0x27. */
4543 if ((rf & 0x3f) > 0x27)
4544 rf = (rf & ~0x3f) | 0x27;
4545 run_rt3070_rf_write(sc, 49, rf);
4547 if (sc->mac_ver == 0x5392) {
4548 run_rt3070_rf_read(sc, 50, &rf);
4549 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4550 /* The valid range of the RF R50 is 0x00 to 0x27. */
4551 if ((rf & 0x3f) > 0x27)
4552 rf = (rf & ~0x3f) | 0x27;
4553 run_rt3070_rf_write(sc, 50, rf);
4556 run_rt3070_rf_read(sc, 1, &rf);
4557 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4558 if (sc->mac_ver == 0x5392)
4559 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4560 run_rt3070_rf_write(sc, 1, rf);
4562 if (sc->mac_ver != 0x5392) {
4563 run_rt3070_rf_read(sc, 2, &rf);
4565 run_rt3070_rf_write(sc, 2, rf);
4568 run_rt3070_rf_write(sc, 2, rf);
4571 run_adjust_freq_offset(sc);
4573 if (sc->mac_ver == 0x5392) {
4574 /* Fix for RT5392C. */
4575 if (sc->mac_rev >= 0x0223) {
4578 else if (chan >= 5 && chan <= 7)
4582 run_rt3070_rf_write(sc, 23, rf);
4588 else if (chan >= 6 && chan <= 7)
4590 else if (chan >= 8 && chan <= 10)
4594 run_rt3070_rf_write(sc, 59, rf);
4600 run_rt3070_rf_write(sc, 59, rf);
4603 /* Fix for RT5390F. */
4604 if (sc->mac_rev >= 0x0502) {
4609 run_rt3070_rf_write(sc, 55, rf);
4613 else if (chan == 12)
4617 run_rt3070_rf_write(sc, 59, rf);
4619 run_rt3070_rf_write(sc, 55, 0x44);
4620 run_rt3070_rf_write(sc, 59, 0x8f);
4624 /* Enable VCO calibration. */
4625 run_rt3070_rf_read(sc, 3, &rf);
4626 rf |= RT5390_VCOCAL;
4627 run_rt3070_rf_write(sc, 3, rf);
4631 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4633 const struct rt5592_freqs *freqs;
4635 uint8_t reg, rf, txpow_bound;
4636 int8_t txpow1, txpow2;
4639 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4640 freqs = (tmp & RT5592_SEL_XTAL) ?
4641 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4643 /* find the settings for this channel (we know it exists) */
4644 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4646 /* use Tx power values from EEPROM */
4647 txpow1 = sc->txpow1[i];
4648 txpow2 = sc->txpow2[i];
4650 run_read(sc, RT3070_LDO_CFG0, &tmp);
4654 run_write(sc, RT3070_LDO_CFG0, tmp);
4657 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4658 run_rt3070_rf_read(sc, 9, &rf);
4660 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4661 run_rt3070_rf_write(sc, 9, rf);
4664 run_rt3070_rf_read(sc, 9, &rf);
4666 rf |= (freqs->k & 0x0f);
4667 run_rt3070_rf_write(sc, 9, rf);
4670 run_rt3070_rf_read(sc, 11, &rf);
4672 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4673 run_rt3070_rf_write(sc, 11, rf);
4674 run_rt3070_rf_read(sc, 9, &rf);
4676 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4677 run_rt3070_rf_write(sc, 9, rf);
4680 run_rt3070_rf_read(sc, 11, &rf);
4682 rf |= (freqs->r - 0x1);
4683 run_rt3070_rf_write(sc, 11, rf);
4686 /* Initialize RF registers for 2GHZ. */
4687 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4688 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4689 rt5592_2ghz_def_rf[i].val);
4692 rf = (chan <= 10) ? 0x07 : 0x06;
4693 run_rt3070_rf_write(sc, 23, rf);
4694 run_rt3070_rf_write(sc, 59, rf);
4696 run_rt3070_rf_write(sc, 55, 0x43);
4699 * RF R49/R50 Tx power ALC code.
4700 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4705 /* Initialize RF registers for 5GHZ. */
4706 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4707 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4708 rt5592_5ghz_def_rf[i].val);
4710 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4711 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4712 chan <= rt5592_chan_5ghz[i].lastchan) {
4713 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4714 rt5592_chan_5ghz[i].val);
4719 * RF R49/R50 Tx power ALC code.
4720 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4726 /* RF R49 ch0 Tx power ALC code. */
4727 run_rt3070_rf_read(sc, 49, &rf);
4730 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4731 if ((rf & 0x3f) > txpow_bound)
4732 rf = (rf & ~0x3f) | txpow_bound;
4733 run_rt3070_rf_write(sc, 49, rf);
4735 /* RF R50 ch1 Tx power ALC code. */
4736 run_rt3070_rf_read(sc, 50, &rf);
4737 rf &= ~(1 << 7 | 1 << 6);
4739 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4740 if ((rf & 0x3f) > txpow_bound)
4741 rf = (rf & ~0x3f) | txpow_bound;
4742 run_rt3070_rf_write(sc, 50, rf);
4744 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4745 run_rt3070_rf_read(sc, 1, &rf);
4746 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4747 if (sc->ntxchains > 1)
4748 rf |= RT3070_TX1_PD;
4749 if (sc->nrxchains > 1)
4750 rf |= RT3070_RX1_PD;
4751 run_rt3070_rf_write(sc, 1, rf);
4753 run_rt3070_rf_write(sc, 6, 0xe4);
4755 run_rt3070_rf_write(sc, 30, 0x10);
4756 run_rt3070_rf_write(sc, 31, 0x80);
4757 run_rt3070_rf_write(sc, 32, 0x80);
4759 run_adjust_freq_offset(sc);
4761 /* Enable VCO calibration. */
4762 run_rt3070_rf_read(sc, 3, &rf);
4763 rf |= RT5390_VCOCAL;
4764 run_rt3070_rf_write(sc, 3, rf);
4768 run_set_rx_antenna(struct run_softc *sc, int aux)
4774 if (sc->rf_rev == RT5390_RF_5370) {
4775 run_bbp_read(sc, 152, &bbp152);
4776 run_bbp_write(sc, 152, bbp152 & ~0x80);
4778 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4779 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4780 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4783 if (sc->rf_rev == RT5390_RF_5370) {
4784 run_bbp_read(sc, 152, &bbp152);
4785 run_bbp_write(sc, 152, bbp152 | 0x80);
4787 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4788 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4789 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4795 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4797 struct ieee80211com *ic = &sc->sc_ic;
4800 chan = ieee80211_chan2ieee(ic, c);
4801 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4804 if (sc->mac_ver == 0x5592)
4805 run_rt5592_set_chan(sc, chan);
4806 else if (sc->mac_ver >= 0x5390)
4807 run_rt5390_set_chan(sc, chan);
4808 else if (sc->mac_ver == 0x3593)
4809 run_rt3593_set_chan(sc, chan);
4810 else if (sc->mac_ver == 0x3572)
4811 run_rt3572_set_chan(sc, chan);
4812 else if (sc->mac_ver >= 0x3070)
4813 run_rt3070_set_chan(sc, chan);
4815 run_rt2870_set_chan(sc, chan);
4817 /* determine channel group */
4820 else if (chan <= 64)
4822 else if (chan <= 128)
4827 /* XXX necessary only when group has changed! */
4828 run_select_chan_group(sc, group);
4832 /* Perform IQ calibration. */
4833 if (sc->mac_ver >= 0x5392)
4834 run_iq_calib(sc, chan);
4840 run_set_channel(struct ieee80211com *ic)
4842 struct run_softc *sc = ic->ic_softc;
4845 run_set_chan(sc, ic->ic_curchan);
4852 run_getradiocaps(struct ieee80211com *ic,
4853 int maxchans, int *nchans, struct ieee80211_channel chans[])
4855 struct run_softc *sc = ic->ic_softc;
4856 uint8_t bands[IEEE80211_MODE_BYTES];
4858 memset(bands, 0, sizeof(bands));
4859 setbit(bands, IEEE80211_MODE_11B);
4860 setbit(bands, IEEE80211_MODE_11G);
4861 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
4862 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0);
4864 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4865 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4866 sc->rf_rev == RT5592_RF_5592) {
4867 setbit(bands, IEEE80211_MODE_11A);
4868 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4869 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4874 run_scan_start(struct ieee80211com *ic)
4876 struct run_softc *sc = ic->ic_softc;
4881 /* abort TSF synchronization */
4882 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4883 run_write(sc, RT2860_BCN_TIME_CFG,
4884 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4885 RT2860_TBTT_TIMER_EN));
4886 run_set_bssid(sc, ieee80211broadcastaddr);
4894 run_scan_end(struct ieee80211com *ic)
4896 struct run_softc *sc = ic->ic_softc;
4900 run_enable_tsf_sync(sc);
4901 run_set_bssid(sc, sc->sc_bssid);
4909 * Could be called from ieee80211_node_timeout()
4910 * (non-sleepable thread)
4913 run_update_beacon(struct ieee80211vap *vap, int item)
4915 struct ieee80211com *ic = vap->iv_ic;
4916 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4917 struct ieee80211_node *ni = vap->iv_bss;
4918 struct run_softc *sc = ic->ic_softc;
4919 struct run_vap *rvp = RUN_VAP(vap);
4924 case IEEE80211_BEACON_ERP:
4927 case IEEE80211_BEACON_HTINFO:
4930 case IEEE80211_BEACON_TIM:
4937 setbit(bo->bo_flags, item);
4938 if (rvp->beacon_mbuf == NULL) {
4939 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4940 if (rvp->beacon_mbuf == NULL)
4943 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4945 i = RUN_CMDQ_GET(&sc->cmdq_store);
4946 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4947 sc->cmdq[i].func = run_update_beacon_cb;
4948 sc->cmdq[i].arg0 = vap;
4949 ieee80211_runtask(ic, &sc->cmdq_task);
4955 run_update_beacon_cb(void *arg)
4957 struct ieee80211vap *vap = arg;
4958 struct ieee80211_node *ni = vap->iv_bss;
4959 struct run_vap *rvp = RUN_VAP(vap);
4960 struct ieee80211com *ic = vap->iv_ic;
4961 struct run_softc *sc = ic->ic_softc;
4962 struct rt2860_txwi txwi;
4967 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4969 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4973 * No need to call ieee80211_beacon_update(), run_update_beacon()
4974 * is taking care of appropriate calls.
4976 if (rvp->beacon_mbuf == NULL) {
4977 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4978 if (rvp->beacon_mbuf == NULL)
4981 m = rvp->beacon_mbuf;
4983 memset(&txwi, 0, sizeof(txwi));
4985 txwi.len = htole16(m->m_pkthdr.len);
4987 /* send beacons at the lowest available rate */
4988 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4989 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4990 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4991 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4992 txwi.phy |= htole16(RT2860_PHY_OFDM);
4993 txwi.txop = RT2860_TX_TXOP_HT;
4994 txwi.flags = RT2860_TX_TS;
4995 txwi.xflags = RT2860_TX_NSEQ;
4997 txwisize = (sc->mac_ver == 0x5592) ?
4998 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4999 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
5001 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
5002 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
5006 run_updateprot(struct ieee80211com *ic)
5008 struct run_softc *sc = ic->ic_softc;
5011 i = RUN_CMDQ_GET(&sc->cmdq_store);
5012 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5013 sc->cmdq[i].func = run_updateprot_cb;
5014 sc->cmdq[i].arg0 = ic;
5015 ieee80211_runtask(ic, &sc->cmdq_task);
5019 run_updateprot_cb(void *arg)
5021 struct ieee80211com *ic = arg;
5022 struct run_softc *sc = ic->ic_softc;
5025 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5026 /* setup protection frame rate (MCS code) */
5027 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5028 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5029 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5031 /* CCK frames don't require protection */
5032 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5033 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5034 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5035 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5036 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5037 tmp |= RT2860_PROT_CTRL_CTS;
5039 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5043 run_usb_timeout_cb(void *arg)
5045 struct ieee80211vap *vap = arg;
5046 struct run_softc *sc = vap->iv_ic->ic_softc;
5048 RUN_LOCK_ASSERT(sc, MA_OWNED);
5050 if(vap->iv_state == IEEE80211_S_RUN &&
5051 vap->iv_opmode != IEEE80211_M_STA)
5052 run_reset_livelock(sc);
5053 else if (vap->iv_state == IEEE80211_S_SCAN) {
5054 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5055 "timeout caused by scan\n");
5057 ieee80211_cancel_scan(vap);
5059 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5060 "timeout by unknown cause\n");
5064 run_reset_livelock(struct run_softc *sc)
5068 RUN_LOCK_ASSERT(sc, MA_OWNED);
5071 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5072 * can run into a livelock and start sending CTS-to-self frames like
5073 * crazy if protection is enabled. Reset MAC/BBP for a while
5075 run_read(sc, RT2860_DEBUG, &tmp);
5076 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5077 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5078 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5079 "CTS-to-self livelock detected\n");
5080 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5082 run_write(sc, RT2860_MAC_SYS_CTRL,
5083 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5088 run_update_promisc_locked(struct run_softc *sc)
5092 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5094 tmp |= RT2860_DROP_UC_NOME;
5095 if (sc->sc_ic.ic_promisc > 0)
5096 tmp &= ~RT2860_DROP_UC_NOME;
5098 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5100 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5101 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5105 run_update_promisc(struct ieee80211com *ic)
5107 struct run_softc *sc = ic->ic_softc;
5109 if ((sc->sc_flags & RUN_RUNNING) == 0)
5113 run_update_promisc_locked(sc);
5118 run_enable_tsf_sync(struct run_softc *sc)
5120 struct ieee80211com *ic = &sc->sc_ic;
5121 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5124 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5125 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5127 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5129 tmp |= vap->iv_bss->ni_intval * 16;
5130 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5132 if (ic->ic_opmode == IEEE80211_M_STA) {
5134 * Local TSF is always updated with remote TSF on beacon
5137 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5138 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5139 tmp |= RT2860_BCN_TX_EN;
5141 * Local TSF is updated with remote TSF on beacon reception
5142 * only if the remote TSF is greater than local TSF.
5144 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5145 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5146 ic->ic_opmode == IEEE80211_M_MBSS) {
5147 tmp |= RT2860_BCN_TX_EN;
5148 /* SYNC with nobody */
5149 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5151 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5152 "Enabling TSF failed. undefined opmode\n");
5156 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5160 run_enable_tsf(struct run_softc *sc)
5164 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5165 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5166 tmp |= RT2860_TSF_TIMER_EN;
5167 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5172 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5174 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5179 run_enable_mrr(struct run_softc *sc)
5181 #define CCK(mcs) (mcs)
5182 #define OFDM(mcs) (1 << 3 | (mcs))
5183 run_write(sc, RT2860_LG_FBK_CFG0,
5184 OFDM(6) << 28 | /* 54->48 */
5185 OFDM(5) << 24 | /* 48->36 */
5186 OFDM(4) << 20 | /* 36->24 */
5187 OFDM(3) << 16 | /* 24->18 */
5188 OFDM(2) << 12 | /* 18->12 */
5189 OFDM(1) << 8 | /* 12-> 9 */
5190 OFDM(0) << 4 | /* 9-> 6 */
5191 OFDM(0)); /* 6-> 6 */
5193 run_write(sc, RT2860_LG_FBK_CFG1,
5194 CCK(2) << 12 | /* 11->5.5 */
5195 CCK(1) << 8 | /* 5.5-> 2 */
5196 CCK(0) << 4 | /* 2-> 1 */
5197 CCK(0)); /* 1-> 1 */
5203 run_set_txpreamble(struct run_softc *sc)
5205 struct ieee80211com *ic = &sc->sc_ic;
5208 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5209 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5210 tmp |= RT2860_CCK_SHORT_EN;
5212 tmp &= ~RT2860_CCK_SHORT_EN;
5213 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5217 run_set_basicrates(struct run_softc *sc)
5219 struct ieee80211com *ic = &sc->sc_ic;
5221 /* set basic rates mask */
5222 if (ic->ic_curmode == IEEE80211_MODE_11B)
5223 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5224 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5225 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5227 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5231 run_set_leds(struct run_softc *sc, uint16_t which)
5233 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5234 which | (sc->leds & 0x7f));
5238 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5240 run_write(sc, RT2860_MAC_BSSID_DW0,
5241 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5242 run_write(sc, RT2860_MAC_BSSID_DW1,
5243 bssid[4] | bssid[5] << 8);
5247 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5249 run_write(sc, RT2860_MAC_ADDR_DW0,
5250 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5251 run_write(sc, RT2860_MAC_ADDR_DW1,
5252 addr[4] | addr[5] << 8 | 0xff << 16);
5256 run_updateslot(struct ieee80211com *ic)
5258 struct run_softc *sc = ic->ic_softc;
5261 i = RUN_CMDQ_GET(&sc->cmdq_store);
5262 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5263 sc->cmdq[i].func = run_updateslot_cb;
5264 sc->cmdq[i].arg0 = ic;
5265 ieee80211_runtask(ic, &sc->cmdq_task);
5272 run_updateslot_cb(void *arg)
5274 struct ieee80211com *ic = arg;
5275 struct run_softc *sc = ic->ic_softc;
5278 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5280 tmp |= IEEE80211_GET_SLOTTIME(ic);
5281 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5285 run_update_mcast(struct ieee80211com *ic)
5290 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5292 struct ieee80211com *ic = &sc->sc_ic;
5293 struct ieee80211_channel *c = ic->ic_curchan;
5296 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5297 u_int chan = ieee80211_chan2ieee(ic, c);
5298 delta = sc->rssi_5ghz[rxchain];
5300 /* determine channel group */
5302 delta -= sc->lna[1];
5303 else if (chan <= 128)
5304 delta -= sc->lna[2];
5306 delta -= sc->lna[3];
5308 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5310 return (-12 - delta - rssi);
5314 run_rt5390_bbp_init(struct run_softc *sc)
5319 /* Apply maximum likelihood detection for 2 stream case. */
5320 run_bbp_read(sc, 105, &bbp);
5321 if (sc->nrxchains > 1)
5322 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5324 /* Avoid data lost and CRC error. */
5325 run_bbp_read(sc, 4, &bbp);
5326 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5328 if (sc->mac_ver == 0x5592) {
5329 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5330 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5331 rt5592_def_bbp[i].val);
5333 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5334 run_bbp_write(sc, 195, i + 0x80);
5335 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5338 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5339 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5340 rt5390_def_bbp[i].val);
5343 if (sc->mac_ver == 0x5392) {
5344 run_bbp_write(sc, 88, 0x90);
5345 run_bbp_write(sc, 95, 0x9a);
5346 run_bbp_write(sc, 98, 0x12);
5347 run_bbp_write(sc, 106, 0x12);
5348 run_bbp_write(sc, 134, 0xd0);
5349 run_bbp_write(sc, 135, 0xf6);
5350 run_bbp_write(sc, 148, 0x84);
5353 run_bbp_read(sc, 152, &bbp);
5354 run_bbp_write(sc, 152, bbp | 0x80);
5356 /* Fix BBP254 for RT5592C. */
5357 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5358 run_bbp_read(sc, 254, &bbp);
5359 run_bbp_write(sc, 254, bbp | 0x80);
5362 /* Disable hardware antenna diversity. */
5363 if (sc->mac_ver == 0x5390)
5364 run_bbp_write(sc, 154, 0);
5366 /* Initialize Rx CCK/OFDM frequency offset report. */
5367 run_bbp_write(sc, 142, 1);
5368 run_bbp_write(sc, 143, 57);
5372 run_bbp_init(struct run_softc *sc)
5374 int i, error, ntries;
5377 /* wait for BBP to wake up */
5378 for (ntries = 0; ntries < 20; ntries++) {
5379 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5381 if (bbp0 != 0 && bbp0 != 0xff)
5387 /* initialize BBP registers to default values */
5388 if (sc->mac_ver >= 0x5390)
5389 run_rt5390_bbp_init(sc);
5391 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5392 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5393 rt2860_def_bbp[i].val);
5397 if (sc->mac_ver == 0x3593) {
5398 run_bbp_write(sc, 79, 0x13);
5399 run_bbp_write(sc, 80, 0x05);
5400 run_bbp_write(sc, 81, 0x33);
5401 run_bbp_write(sc, 86, 0x46);
5402 run_bbp_write(sc, 137, 0x0f);
5405 /* fix BBP84 for RT2860E */
5406 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5407 run_bbp_write(sc, 84, 0x19);
5409 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5410 sc->mac_ver != 0x5592)) {
5411 run_bbp_write(sc, 79, 0x13);
5412 run_bbp_write(sc, 80, 0x05);
5413 run_bbp_write(sc, 81, 0x33);
5414 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5415 run_bbp_write(sc, 69, 0x16);
5416 run_bbp_write(sc, 73, 0x12);
5422 run_rt3070_rf_init(struct run_softc *sc)
5425 uint8_t bbp4, mingain, rf, target;
5428 run_rt3070_rf_read(sc, 30, &rf);
5429 /* toggle RF R30 bit 7 */
5430 run_rt3070_rf_write(sc, 30, rf | 0x80);
5432 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5434 /* initialize RF registers to default value */
5435 if (sc->mac_ver == 0x3572) {
5436 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5437 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5438 rt3572_def_rf[i].val);
5441 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5442 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5443 rt3070_def_rf[i].val);
5447 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5449 * Change voltage from 1.2V to 1.35V for RT3070.
5450 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5453 run_read(sc, RT3070_LDO_CFG0, &tmp);
5454 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5455 run_write(sc, RT3070_LDO_CFG0, tmp);
5457 } else if (sc->mac_ver == 0x3071) {
5458 run_rt3070_rf_read(sc, 6, &rf);
5459 run_rt3070_rf_write(sc, 6, rf | 0x40);
5460 run_rt3070_rf_write(sc, 31, 0x14);
5462 run_read(sc, RT3070_LDO_CFG0, &tmp);
5464 if (sc->mac_rev < 0x0211)
5465 tmp |= 0x0d000000; /* 1.3V */
5467 tmp |= 0x01000000; /* 1.2V */
5468 run_write(sc, RT3070_LDO_CFG0, tmp);
5470 /* patch LNA_PE_G1 */
5471 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5472 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5474 } else if (sc->mac_ver == 0x3572) {
5475 run_rt3070_rf_read(sc, 6, &rf);
5476 run_rt3070_rf_write(sc, 6, rf | 0x40);
5478 /* increase voltage from 1.2V to 1.35V */
5479 run_read(sc, RT3070_LDO_CFG0, &tmp);
5480 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5481 run_write(sc, RT3070_LDO_CFG0, tmp);
5483 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5484 run_delay(sc, 1); /* wait for 1msec */
5485 /* decrease voltage back to 1.2V */
5486 tmp = (tmp & ~0x1f000000) | 0x01000000;
5487 run_write(sc, RT3070_LDO_CFG0, tmp);
5491 /* select 20MHz bandwidth */
5492 run_rt3070_rf_read(sc, 31, &rf);
5493 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5495 /* calibrate filter for 20MHz bandwidth */
5496 sc->rf24_20mhz = 0x1f; /* default value */
5497 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5498 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5500 /* select 40MHz bandwidth */
5501 run_bbp_read(sc, 4, &bbp4);
5502 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5503 run_rt3070_rf_read(sc, 31, &rf);
5504 run_rt3070_rf_write(sc, 31, rf | 0x20);
5506 /* calibrate filter for 40MHz bandwidth */
5507 sc->rf24_40mhz = 0x2f; /* default value */
5508 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5509 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5511 /* go back to 20MHz bandwidth */
5512 run_bbp_read(sc, 4, &bbp4);
5513 run_bbp_write(sc, 4, bbp4 & ~0x18);
5515 if (sc->mac_ver == 0x3572) {
5516 /* save default BBP registers 25 and 26 values */
5517 run_bbp_read(sc, 25, &sc->bbp25);
5518 run_bbp_read(sc, 26, &sc->bbp26);
5519 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5520 run_rt3070_rf_write(sc, 27, 0x03);
5522 run_read(sc, RT3070_OPT_14, &tmp);
5523 run_write(sc, RT3070_OPT_14, tmp | 1);
5525 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5526 run_rt3070_rf_read(sc, 17, &rf);
5527 rf &= ~RT3070_TX_LO1;
5528 if ((sc->mac_ver == 0x3070 ||
5529 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5531 rf |= 0x20; /* fix for long range Rx issue */
5532 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5533 if (sc->txmixgain_2ghz >= mingain)
5534 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5535 run_rt3070_rf_write(sc, 17, rf);
5538 if (sc->mac_ver == 0x3071) {
5539 run_rt3070_rf_read(sc, 1, &rf);
5540 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5541 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5542 run_rt3070_rf_write(sc, 1, rf);
5544 run_rt3070_rf_read(sc, 15, &rf);
5545 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5547 run_rt3070_rf_read(sc, 20, &rf);
5548 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5550 run_rt3070_rf_read(sc, 21, &rf);
5551 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5554 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5555 /* fix Tx to Rx IQ glitch by raising RF voltage */
5556 run_rt3070_rf_read(sc, 27, &rf);
5558 if (sc->mac_rev < 0x0211)
5560 run_rt3070_rf_write(sc, 27, rf);
5566 run_rt3593_rf_init(struct run_softc *sc)
5572 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5573 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5574 tmp &= ~(1 << 4 | 1 << 7);
5575 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5577 /* Initialize RF registers to default value. */
5578 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5579 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5580 rt3593_def_rf[i].val);
5583 /* Toggle RF R2 to initiate calibration. */
5584 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5586 /* Initialize RF frequency offset. */
5587 run_adjust_freq_offset(sc);
5589 run_rt3070_rf_read(sc, 18, &rf);
5590 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5593 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5594 * decrease voltage back to 1.2V.
5596 run_read(sc, RT3070_LDO_CFG0, &tmp);
5597 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5598 run_write(sc, RT3070_LDO_CFG0, tmp);
5600 tmp = (tmp & ~0x1f000000) | 0x01000000;
5601 run_write(sc, RT3070_LDO_CFG0, tmp);
5603 sc->rf24_20mhz = 0x1f;
5604 sc->rf24_40mhz = 0x2f;
5606 /* Save default BBP registers 25 and 26 values. */
5607 run_bbp_read(sc, 25, &sc->bbp25);
5608 run_bbp_read(sc, 26, &sc->bbp26);
5610 run_read(sc, RT3070_OPT_14, &tmp);
5611 run_write(sc, RT3070_OPT_14, tmp | 1);
5615 run_rt5390_rf_init(struct run_softc *sc)
5621 /* Toggle RF R2 to initiate calibration. */
5622 if (sc->mac_ver == 0x5390) {
5623 run_rt3070_rf_read(sc, 2, &rf);
5624 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5626 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5628 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5632 /* Initialize RF registers to default value. */
5633 if (sc->mac_ver == 0x5592) {
5634 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5635 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5636 rt5592_def_rf[i].val);
5638 /* Initialize RF frequency offset. */
5639 run_adjust_freq_offset(sc);
5640 } else if (sc->mac_ver == 0x5392) {
5641 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5642 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5643 rt5392_def_rf[i].val);
5645 if (sc->mac_rev >= 0x0223) {
5646 run_rt3070_rf_write(sc, 23, 0x0f);
5647 run_rt3070_rf_write(sc, 24, 0x3e);
5648 run_rt3070_rf_write(sc, 51, 0x32);
5649 run_rt3070_rf_write(sc, 53, 0x22);
5650 run_rt3070_rf_write(sc, 56, 0xc1);
5651 run_rt3070_rf_write(sc, 59, 0x0f);
5654 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5655 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5656 rt5390_def_rf[i].val);
5658 if (sc->mac_rev >= 0x0502) {
5659 run_rt3070_rf_write(sc, 6, 0xe0);
5660 run_rt3070_rf_write(sc, 25, 0x80);
5661 run_rt3070_rf_write(sc, 46, 0x73);
5662 run_rt3070_rf_write(sc, 53, 0x00);
5663 run_rt3070_rf_write(sc, 56, 0x42);
5664 run_rt3070_rf_write(sc, 61, 0xd1);
5668 sc->rf24_20mhz = 0x1f; /* default value */
5669 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5671 if (sc->mac_rev < 0x0211)
5672 run_rt3070_rf_write(sc, 27, 0x3);
5674 run_read(sc, RT3070_OPT_14, &tmp);
5675 run_write(sc, RT3070_OPT_14, tmp | 1);
5679 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5683 uint8_t bbp55_pb, bbp55_sb, delta;
5686 /* program filter */
5687 run_rt3070_rf_read(sc, 24, &rf24);
5688 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5689 run_rt3070_rf_write(sc, 24, rf24);
5691 /* enable baseband loopback mode */
5692 run_rt3070_rf_read(sc, 22, &rf22);
5693 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5695 /* set power and frequency of passband test tone */
5696 run_bbp_write(sc, 24, 0x00);
5697 for (ntries = 0; ntries < 100; ntries++) {
5698 /* transmit test tone */
5699 run_bbp_write(sc, 25, 0x90);
5701 /* read received power */
5702 run_bbp_read(sc, 55, &bbp55_pb);
5709 /* set power and frequency of stopband test tone */
5710 run_bbp_write(sc, 24, 0x06);
5711 for (ntries = 0; ntries < 100; ntries++) {
5712 /* transmit test tone */
5713 run_bbp_write(sc, 25, 0x90);
5715 /* read received power */
5716 run_bbp_read(sc, 55, &bbp55_sb);
5718 delta = bbp55_pb - bbp55_sb;
5722 /* reprogram filter */
5724 run_rt3070_rf_write(sc, 24, rf24);
5728 rf24--; /* backtrack */
5730 run_rt3070_rf_write(sc, 24, rf24);
5733 /* restore initial state */
5734 run_bbp_write(sc, 24, 0x00);
5736 /* disable baseband loopback mode */
5737 run_rt3070_rf_read(sc, 22, &rf22);
5738 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5744 run_rt3070_rf_setup(struct run_softc *sc)
5749 if (sc->mac_ver == 0x3572) {
5750 /* enable DC filter */
5751 if (sc->mac_rev >= 0x0201)
5752 run_bbp_write(sc, 103, 0xc0);
5754 run_bbp_read(sc, 138, &bbp);
5755 if (sc->ntxchains == 1)
5756 bbp |= 0x20; /* turn off DAC1 */
5757 if (sc->nrxchains == 1)
5758 bbp &= ~0x02; /* turn off ADC1 */
5759 run_bbp_write(sc, 138, bbp);
5761 if (sc->mac_rev >= 0x0211) {
5762 /* improve power consumption */
5763 run_bbp_read(sc, 31, &bbp);
5764 run_bbp_write(sc, 31, bbp & ~0x03);
5767 run_rt3070_rf_read(sc, 16, &rf);
5768 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5769 run_rt3070_rf_write(sc, 16, rf);
5771 } else if (sc->mac_ver == 0x3071) {
5772 if (sc->mac_rev >= 0x0211) {
5773 /* enable DC filter */
5774 run_bbp_write(sc, 103, 0xc0);
5776 /* improve power consumption */
5777 run_bbp_read(sc, 31, &bbp);
5778 run_bbp_write(sc, 31, bbp & ~0x03);
5781 run_bbp_read(sc, 138, &bbp);
5782 if (sc->ntxchains == 1)
5783 bbp |= 0x20; /* turn off DAC1 */
5784 if (sc->nrxchains == 1)
5785 bbp &= ~0x02; /* turn off ADC1 */
5786 run_bbp_write(sc, 138, bbp);
5788 run_write(sc, RT2860_TX_SW_CFG1, 0);
5789 if (sc->mac_rev < 0x0211) {
5790 run_write(sc, RT2860_TX_SW_CFG2,
5791 sc->patch_dac ? 0x2c : 0x0f);
5793 run_write(sc, RT2860_TX_SW_CFG2, 0);
5795 } else if (sc->mac_ver == 0x3070) {
5796 if (sc->mac_rev >= 0x0201) {
5797 /* enable DC filter */
5798 run_bbp_write(sc, 103, 0xc0);
5800 /* improve power consumption */
5801 run_bbp_read(sc, 31, &bbp);
5802 run_bbp_write(sc, 31, bbp & ~0x03);
5805 if (sc->mac_rev < 0x0201) {
5806 run_write(sc, RT2860_TX_SW_CFG1, 0);
5807 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5809 run_write(sc, RT2860_TX_SW_CFG2, 0);
5812 /* initialize RF registers from ROM for >=RT3071*/
5813 if (sc->mac_ver >= 0x3071) {
5814 for (i = 0; i < 10; i++) {
5815 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5817 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5823 run_rt3593_rf_setup(struct run_softc *sc)
5827 if (sc->mac_rev >= 0x0211) {
5828 /* Enable DC filter. */
5829 run_bbp_write(sc, 103, 0xc0);
5831 run_write(sc, RT2860_TX_SW_CFG1, 0);
5832 if (sc->mac_rev < 0x0211) {
5833 run_write(sc, RT2860_TX_SW_CFG2,
5834 sc->patch_dac ? 0x2c : 0x0f);
5836 run_write(sc, RT2860_TX_SW_CFG2, 0);
5838 run_rt3070_rf_read(sc, 50, &rf);
5839 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5841 run_rt3070_rf_read(sc, 51, &rf);
5842 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5843 ((sc->txmixgain_2ghz & 0x07) << 2);
5844 run_rt3070_rf_write(sc, 51, rf);
5846 run_rt3070_rf_read(sc, 38, &rf);
5847 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5849 run_rt3070_rf_read(sc, 39, &rf);
5850 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5852 run_rt3070_rf_read(sc, 1, &rf);
5853 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5855 run_rt3070_rf_read(sc, 30, &rf);
5856 rf = (rf & ~0x18) | 0x10;
5857 run_rt3070_rf_write(sc, 30, rf);
5859 /* Apply maximum likelihood detection for 2 stream case. */
5860 run_bbp_read(sc, 105, &bbp);
5861 if (sc->nrxchains > 1)
5862 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5864 /* Avoid data lost and CRC error. */
5865 run_bbp_read(sc, 4, &bbp);
5866 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5868 run_bbp_write(sc, 92, 0x02);
5869 run_bbp_write(sc, 82, 0x82);
5870 run_bbp_write(sc, 106, 0x05);
5871 run_bbp_write(sc, 104, 0x92);
5872 run_bbp_write(sc, 88, 0x90);
5873 run_bbp_write(sc, 148, 0xc8);
5874 run_bbp_write(sc, 47, 0x48);
5875 run_bbp_write(sc, 120, 0x50);
5877 run_bbp_write(sc, 163, 0x9d);
5880 run_bbp_write(sc, 142, 0x06);
5881 run_bbp_write(sc, 143, 0xa0);
5882 run_bbp_write(sc, 142, 0x07);
5883 run_bbp_write(sc, 143, 0xa1);
5884 run_bbp_write(sc, 142, 0x08);
5885 run_bbp_write(sc, 143, 0xa2);
5887 run_bbp_write(sc, 31, 0x08);
5888 run_bbp_write(sc, 68, 0x0b);
5889 run_bbp_write(sc, 105, 0x04);
5893 run_rt5390_rf_setup(struct run_softc *sc)
5897 if (sc->mac_rev >= 0x0211) {
5898 /* Enable DC filter. */
5899 run_bbp_write(sc, 103, 0xc0);
5901 if (sc->mac_ver != 0x5592) {
5902 /* Improve power consumption. */
5903 run_bbp_read(sc, 31, &bbp);
5904 run_bbp_write(sc, 31, bbp & ~0x03);
5908 run_bbp_read(sc, 138, &bbp);
5909 if (sc->ntxchains == 1)
5910 bbp |= 0x20; /* turn off DAC1 */
5911 if (sc->nrxchains == 1)
5912 bbp &= ~0x02; /* turn off ADC1 */
5913 run_bbp_write(sc, 138, bbp);
5915 run_rt3070_rf_read(sc, 38, &rf);
5916 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5918 run_rt3070_rf_read(sc, 39, &rf);
5919 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5921 /* Avoid data lost and CRC error. */
5922 run_bbp_read(sc, 4, &bbp);
5923 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5925 run_rt3070_rf_read(sc, 30, &rf);
5926 rf = (rf & ~0x18) | 0x10;
5927 run_rt3070_rf_write(sc, 30, rf);
5929 if (sc->mac_ver != 0x5592) {
5930 run_write(sc, RT2860_TX_SW_CFG1, 0);
5931 if (sc->mac_rev < 0x0211) {
5932 run_write(sc, RT2860_TX_SW_CFG2,
5933 sc->patch_dac ? 0x2c : 0x0f);
5935 run_write(sc, RT2860_TX_SW_CFG2, 0);
5940 run_txrx_enable(struct run_softc *sc)
5942 struct ieee80211com *ic = &sc->sc_ic;
5946 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5947 for (ntries = 0; ntries < 200; ntries++) {
5948 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5950 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5959 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5960 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5962 /* enable Rx bulk aggregation (set timeout and limit) */
5963 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5964 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5965 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5968 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5969 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5970 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5971 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5972 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5973 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5974 if (ic->ic_opmode == IEEE80211_M_STA)
5975 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5977 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5979 run_write(sc, RT2860_MAC_SYS_CTRL,
5980 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5986 run_adjust_freq_offset(struct run_softc *sc)
5990 run_rt3070_rf_read(sc, 17, &rf);
5992 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5996 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
6000 run_init_locked(struct run_softc *sc)
6002 struct ieee80211com *ic = &sc->sc_ic;
6003 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6010 if (ic->ic_nrunning > 1)
6015 if (run_load_microcode(sc) != 0) {
6016 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6020 for (ntries = 0; ntries < 100; ntries++) {
6021 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6023 if (tmp != 0 && tmp != 0xffffffff)
6030 for (i = 0; i != RUN_EP_QUEUES; i++)
6031 run_setup_tx_list(sc, &sc->sc_epq[i]);
6033 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6035 for (ntries = 0; ntries < 100; ntries++) {
6036 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6038 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6042 if (ntries == 100) {
6043 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6047 tmp |= RT2860_TX_WB_DDONE;
6048 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6050 /* turn off PME_OEN to solve high-current issue */
6051 run_read(sc, RT2860_SYS_CTRL, &tmp);
6052 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6054 run_write(sc, RT2860_MAC_SYS_CTRL,
6055 RT2860_BBP_HRST | RT2860_MAC_SRST);
6056 run_write(sc, RT2860_USB_DMA_CFG, 0);
6058 if (run_reset(sc) != 0) {
6059 device_printf(sc->sc_dev, "could not reset chipset\n");
6063 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6065 /* init Tx power for all Tx rates (from EEPROM) */
6066 for (ridx = 0; ridx < 5; ridx++) {
6067 if (sc->txpow20mhz[ridx] == 0xffffffff)
6069 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6072 for (i = 0; i < nitems(rt2870_def_mac); i++)
6073 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6074 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6075 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6076 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6078 if (sc->mac_ver >= 0x5390) {
6079 run_write(sc, RT2860_TX_SW_CFG0,
6080 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6081 if (sc->mac_ver >= 0x5392) {
6082 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6083 if (sc->mac_ver == 0x5592) {
6084 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6085 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6087 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6088 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6091 } else if (sc->mac_ver == 0x3593) {
6092 run_write(sc, RT2860_TX_SW_CFG0,
6093 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6094 } else if (sc->mac_ver >= 0x3070) {
6095 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6096 run_write(sc, RT2860_TX_SW_CFG0,
6097 4 << RT2860_DLY_PAPE_EN_SHIFT);
6100 /* wait while MAC is busy */
6101 for (ntries = 0; ntries < 100; ntries++) {
6102 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6104 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6111 /* clear Host to MCU mailbox */
6112 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6113 run_write(sc, RT2860_H2M_MAILBOX, 0);
6116 if (run_bbp_init(sc) != 0) {
6117 device_printf(sc->sc_dev, "could not initialize BBP\n");
6121 /* abort TSF synchronization */
6122 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6123 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6124 RT2860_TBTT_TIMER_EN);
6125 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6127 /* clear RX WCID search table */
6128 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6129 /* clear WCID attribute table */
6130 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6132 /* hostapd sets a key before init. So, don't clear it. */
6133 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6134 /* clear shared key table */
6135 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6136 /* clear shared key mode */
6137 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6140 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6141 tmp = (tmp & ~0xff) | 0x1e;
6142 run_write(sc, RT2860_US_CYC_CNT, tmp);
6144 if (sc->mac_rev != 0x0101)
6145 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6147 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6148 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6150 /* write vendor-specific BBP values (from EEPROM) */
6151 if (sc->mac_ver < 0x3593) {
6152 for (i = 0; i < 10; i++) {
6153 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6155 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6159 /* select Main antenna for 1T1R devices */
6160 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6161 run_set_rx_antenna(sc, 0);
6163 /* send LEDs operating mode to microcontroller */
6164 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6165 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6166 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6168 if (sc->mac_ver >= 0x5390)
6169 run_rt5390_rf_init(sc);
6170 else if (sc->mac_ver == 0x3593)
6171 run_rt3593_rf_init(sc);
6172 else if (sc->mac_ver >= 0x3070)
6173 run_rt3070_rf_init(sc);
6175 /* disable non-existing Rx chains */
6176 run_bbp_read(sc, 3, &bbp3);
6177 bbp3 &= ~(1 << 3 | 1 << 4);
6178 if (sc->nrxchains == 2)
6180 else if (sc->nrxchains == 3)
6182 run_bbp_write(sc, 3, bbp3);
6184 /* disable non-existing Tx chains */
6185 run_bbp_read(sc, 1, &bbp1);
6186 if (sc->ntxchains == 1)
6187 bbp1 &= ~(1 << 3 | 1 << 4);
6188 run_bbp_write(sc, 1, bbp1);
6190 if (sc->mac_ver >= 0x5390)
6191 run_rt5390_rf_setup(sc);
6192 else if (sc->mac_ver == 0x3593)
6193 run_rt3593_rf_setup(sc);
6194 else if (sc->mac_ver >= 0x3070)
6195 run_rt3070_rf_setup(sc);
6197 /* select default channel */
6198 run_set_chan(sc, ic->ic_curchan);
6200 /* setup initial protection mode */
6201 run_updateprot_cb(ic);
6203 /* turn radio LED on */
6204 run_set_leds(sc, RT2860_LED_RADIO);
6206 sc->sc_flags |= RUN_RUNNING;
6207 sc->cmdq_run = RUN_CMDQ_GO;
6209 for (i = 0; i != RUN_N_XFER; i++)
6210 usbd_xfer_set_stall(sc->sc_xfer[i]);
6212 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6214 if (run_txrx_enable(sc) != 0)
6226 struct run_softc *sc = (struct run_softc *)arg;
6231 RUN_LOCK_ASSERT(sc, MA_OWNED);
6233 if (sc->sc_flags & RUN_RUNNING)
6234 run_set_leds(sc, 0); /* turn all LEDs off */
6236 sc->sc_flags &= ~RUN_RUNNING;
6238 sc->ratectl_run = RUN_RATECTL_OFF;
6239 sc->cmdq_run = sc->cmdq_key_set;
6243 for(i = 0; i < RUN_N_XFER; i++)
6244 usbd_transfer_drain(sc->sc_xfer[i]);
6248 run_drain_mbufq(sc);
6250 if (sc->rx_m != NULL) {
6255 /* Disable Tx/Rx DMA. */
6256 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6258 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6259 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6261 for (ntries = 0; ntries < 100; ntries++) {
6262 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6264 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6268 if (ntries == 100) {
6269 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6274 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6275 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6276 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6278 /* wait for pending Tx to complete */
6279 for (ntries = 0; ntries < 100; ntries++) {
6280 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6281 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6282 "Cannot read Tx queue count\n");
6285 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6286 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6287 "All Tx cleared\n");
6293 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6294 "There are still pending Tx\n");
6296 run_write(sc, RT2860_USB_DMA_CFG, 0);
6298 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6299 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6301 for (i = 0; i != RUN_EP_QUEUES; i++)
6302 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6306 run_delay(struct run_softc *sc, u_int ms)
6308 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6309 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6312 static device_method_t run_methods[] = {
6313 /* Device interface */
6314 DEVMETHOD(device_probe, run_match),
6315 DEVMETHOD(device_attach, run_attach),
6316 DEVMETHOD(device_detach, run_detach),
6320 static driver_t run_driver = {
6322 .methods = run_methods,
6323 .size = sizeof(struct run_softc)
6326 static devclass_t run_devclass;
6328 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6329 MODULE_DEPEND(run, wlan, 1, 1, 1);
6330 MODULE_DEPEND(run, usb, 1, 1, 1);
6331 MODULE_DEPEND(run, firmware, 1, 1, 1);
6332 MODULE_VERSION(run, 1);
6333 USB_PNP_HOST_INFO(run_devs);
projects / FreeBSD / FreeBSD.git / blob