2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
30 #include <sys/param.h>
31 #include <sys/sockio.h>
32 #include <sys/sysctl.h>
34 #include <sys/mutex.h>
36 #include <sys/kernel.h>
37 #include <sys/socket.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/module.h>
42 #include <sys/endian.h>
43 #include <sys/linker.h>
44 #include <sys/firmware.h>
49 #include <net/if_var.h>
50 #include <net/if_arp.h>
51 #include <net/ethernet.h>
52 #include <net/if_dl.h>
53 #include <net/if_media.h>
54 #include <net/if_types.h>
56 #include <netinet/in.h>
57 #include <netinet/in_systm.h>
58 #include <netinet/in_var.h>
59 #include <netinet/if_ether.h>
60 #include <netinet/ip.h>
62 #include <net80211/ieee80211_var.h>
63 #include <net80211/ieee80211_regdomain.h>
64 #include <net80211/ieee80211_radiotap.h>
65 #include <net80211/ieee80211_ratectl.h>
67 #include <dev/usb/usb.h>
68 #include <dev/usb/usbdi.h>
71 #define USB_DEBUG_VAR run_debug
72 #include <dev/usb/usb_debug.h>
73 #include <dev/usb/usb_msctest.h>
75 #include <dev/usb/wlan/if_runreg.h>
76 #include <dev/usb/wlan/if_runvar.h>
84 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
85 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
89 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
90 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
91 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
92 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
93 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
94 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
95 RUN_DEBUG_USB = 0x00000040, /* usb requests */
96 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
97 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
98 RUN_DEBUG_INTR = 0x00000200, /* ISR */
99 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
100 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
101 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
102 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
103 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
104 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
105 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
106 RUN_DEBUG_CMD = 0x00020000, /* command queue */
107 RUN_DEBUG_ANY = 0xffffffff
110 #define RUN_DPRINTF(_sc, _m, ...) do { \
111 if (run_debug & (_m)) \
112 device_printf((_sc)->sc_dev, __VA_ARGS__); \
115 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
118 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
121 * Because of LOR in run_key_delete(), use atomic instead.
122 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
124 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
126 static const STRUCT_USB_HOST_ID run_devs[] = {
127 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
128 #define RUN_DEV_EJECT(v,p) \
129 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
131 RUN_DEV(ABOCOM, RT2770),
132 RUN_DEV(ABOCOM, RT2870),
133 RUN_DEV(ABOCOM, RT3070),
134 RUN_DEV(ABOCOM, RT3071),
135 RUN_DEV(ABOCOM, RT3072),
136 RUN_DEV(ABOCOM2, RT2870_1),
137 RUN_DEV(ACCTON, RT2770),
138 RUN_DEV(ACCTON, RT2870_1),
139 RUN_DEV(ACCTON, RT2870_2),
140 RUN_DEV(ACCTON, RT2870_3),
141 RUN_DEV(ACCTON, RT2870_4),
142 RUN_DEV(ACCTON, RT2870_5),
143 RUN_DEV(ACCTON, RT3070),
144 RUN_DEV(ACCTON, RT3070_1),
145 RUN_DEV(ACCTON, RT3070_2),
146 RUN_DEV(ACCTON, RT3070_3),
147 RUN_DEV(ACCTON, RT3070_4),
148 RUN_DEV(ACCTON, RT3070_5),
149 RUN_DEV(AIRTIES, RT3070),
150 RUN_DEV(ALLWIN, RT2070),
151 RUN_DEV(ALLWIN, RT2770),
152 RUN_DEV(ALLWIN, RT2870),
153 RUN_DEV(ALLWIN, RT3070),
154 RUN_DEV(ALLWIN, RT3071),
155 RUN_DEV(ALLWIN, RT3072),
156 RUN_DEV(ALLWIN, RT3572),
157 RUN_DEV(AMIGO, RT2870_1),
158 RUN_DEV(AMIGO, RT2870_2),
159 RUN_DEV(AMIT, CGWLUSB2GNR),
160 RUN_DEV(AMIT, RT2870_1),
161 RUN_DEV(AMIT2, RT2870),
162 RUN_DEV(ASUS, RT2870_1),
163 RUN_DEV(ASUS, RT2870_2),
164 RUN_DEV(ASUS, RT2870_3),
165 RUN_DEV(ASUS, RT2870_4),
166 RUN_DEV(ASUS, RT2870_5),
167 RUN_DEV(ASUS, USBN13),
168 RUN_DEV(ASUS, RT3070_1),
169 RUN_DEV(ASUS, USBN66),
170 RUN_DEV(ASUS, USB_N53),
171 RUN_DEV(ASUS2, USBN11),
172 RUN_DEV(AZUREWAVE, RT2870_1),
173 RUN_DEV(AZUREWAVE, RT2870_2),
174 RUN_DEV(AZUREWAVE, RT3070_1),
175 RUN_DEV(AZUREWAVE, RT3070_2),
176 RUN_DEV(AZUREWAVE, RT3070_3),
177 RUN_DEV(BELKIN, F9L1103),
178 RUN_DEV(BELKIN, F5D8053V3),
179 RUN_DEV(BELKIN, F5D8055),
180 RUN_DEV(BELKIN, F5D8055V2),
181 RUN_DEV(BELKIN, F6D4050V1),
182 RUN_DEV(BELKIN, F6D4050V2),
183 RUN_DEV(BELKIN, RT2870_1),
184 RUN_DEV(BELKIN, RT2870_2),
185 RUN_DEV(CISCOLINKSYS, AE1000),
186 RUN_DEV(CISCOLINKSYS2, RT3070),
187 RUN_DEV(CISCOLINKSYS3, RT3070),
188 RUN_DEV(CONCEPTRONIC2, RT2870_1),
189 RUN_DEV(CONCEPTRONIC2, RT2870_2),
190 RUN_DEV(CONCEPTRONIC2, RT2870_3),
191 RUN_DEV(CONCEPTRONIC2, RT2870_4),
192 RUN_DEV(CONCEPTRONIC2, RT2870_5),
193 RUN_DEV(CONCEPTRONIC2, RT2870_6),
194 RUN_DEV(CONCEPTRONIC2, RT2870_7),
195 RUN_DEV(CONCEPTRONIC2, RT2870_8),
196 RUN_DEV(CONCEPTRONIC2, RT3070_1),
197 RUN_DEV(CONCEPTRONIC2, RT3070_2),
198 RUN_DEV(CONCEPTRONIC2, VIGORN61),
199 RUN_DEV(COREGA, CGWLUSB300GNM),
200 RUN_DEV(COREGA, RT2870_1),
201 RUN_DEV(COREGA, RT2870_2),
202 RUN_DEV(COREGA, RT2870_3),
203 RUN_DEV(COREGA, RT3070),
204 RUN_DEV(CYBERTAN, RT2870),
205 RUN_DEV(DLINK, RT2870),
206 RUN_DEV(DLINK, RT3072),
207 RUN_DEV(DLINK, DWA125A3),
208 RUN_DEV(DLINK, DWA127),
209 RUN_DEV(DLINK, DWA140B3),
210 RUN_DEV(DLINK, DWA160B2),
211 RUN_DEV(DLINK, DWA140D1),
212 RUN_DEV(DLINK, DWA162),
213 RUN_DEV(DLINK2, DWA130),
214 RUN_DEV(DLINK2, RT2870_1),
215 RUN_DEV(DLINK2, RT2870_2),
216 RUN_DEV(DLINK2, RT3070_1),
217 RUN_DEV(DLINK2, RT3070_2),
218 RUN_DEV(DLINK2, RT3070_3),
219 RUN_DEV(DLINK2, RT3070_4),
220 RUN_DEV(DLINK2, RT3070_5),
221 RUN_DEV(DLINK2, RT3072),
222 RUN_DEV(DLINK2, RT3072_1),
223 RUN_DEV(EDIMAX, EW7717),
224 RUN_DEV(EDIMAX, EW7718),
225 RUN_DEV(EDIMAX, EW7733UND),
226 RUN_DEV(EDIMAX, RT2870_1),
227 RUN_DEV(ENCORE, RT3070_1),
228 RUN_DEV(ENCORE, RT3070_2),
229 RUN_DEV(ENCORE, RT3070_3),
230 RUN_DEV(GIGABYTE, GNWB31N),
231 RUN_DEV(GIGABYTE, GNWB32L),
232 RUN_DEV(GIGABYTE, RT2870_1),
233 RUN_DEV(GIGASET, RT3070_1),
234 RUN_DEV(GIGASET, RT3070_2),
235 RUN_DEV(GUILLEMOT, HWNU300),
236 RUN_DEV(HAWKING, HWUN2),
237 RUN_DEV(HAWKING, RT2870_1),
238 RUN_DEV(HAWKING, RT2870_2),
239 RUN_DEV(HAWKING, RT3070),
240 RUN_DEV(IODATA, RT3072_1),
241 RUN_DEV(IODATA, RT3072_2),
242 RUN_DEV(IODATA, RT3072_3),
243 RUN_DEV(IODATA, RT3072_4),
244 RUN_DEV(LINKSYS4, RT3070),
245 RUN_DEV(LINKSYS4, WUSB100),
246 RUN_DEV(LINKSYS4, WUSB54GCV3),
247 RUN_DEV(LINKSYS4, WUSB600N),
248 RUN_DEV(LINKSYS4, WUSB600NV2),
249 RUN_DEV(LOGITEC, RT2870_1),
250 RUN_DEV(LOGITEC, RT2870_2),
251 RUN_DEV(LOGITEC, RT2870_3),
252 RUN_DEV(LOGITEC, LANW300NU2),
253 RUN_DEV(LOGITEC, LANW150NU2),
254 RUN_DEV(LOGITEC, LANW300NU2S),
255 RUN_DEV(MELCO, WLIUCG300HP),
256 RUN_DEV(MELCO, RT2870_2),
257 RUN_DEV(MELCO, WLIUCAG300N),
258 RUN_DEV(MELCO, WLIUCG300N),
259 RUN_DEV(MELCO, WLIUCG301N),
260 RUN_DEV(MELCO, WLIUCGN),
261 RUN_DEV(MELCO, WLIUCGNM),
262 RUN_DEV(MELCO, WLIUCG300HPV1),
263 RUN_DEV(MELCO, WLIUCGNM2),
264 RUN_DEV(MOTOROLA4, RT2770),
265 RUN_DEV(MOTOROLA4, RT3070),
266 RUN_DEV(MSI, RT3070_1),
267 RUN_DEV(MSI, RT3070_2),
268 RUN_DEV(MSI, RT3070_3),
269 RUN_DEV(MSI, RT3070_4),
270 RUN_DEV(MSI, RT3070_5),
271 RUN_DEV(MSI, RT3070_6),
272 RUN_DEV(MSI, RT3070_7),
273 RUN_DEV(MSI, RT3070_8),
274 RUN_DEV(MSI, RT3070_9),
275 RUN_DEV(MSI, RT3070_10),
276 RUN_DEV(MSI, RT3070_11),
277 RUN_DEV(NETGEAR, WNDA4100),
278 RUN_DEV(OVISLINK, RT3072),
279 RUN_DEV(PARA, RT3070),
280 RUN_DEV(PEGATRON, RT2870),
281 RUN_DEV(PEGATRON, RT3070),
282 RUN_DEV(PEGATRON, RT3070_2),
283 RUN_DEV(PEGATRON, RT3070_3),
284 RUN_DEV(PHILIPS, RT2870),
285 RUN_DEV(PLANEX2, GWUS300MINIS),
286 RUN_DEV(PLANEX2, GWUSMICRON),
287 RUN_DEV(PLANEX2, RT2870),
288 RUN_DEV(PLANEX2, RT3070),
289 RUN_DEV(QCOM, RT2870),
290 RUN_DEV(QUANTA, RT3070),
291 RUN_DEV(RALINK, RT2070),
292 RUN_DEV(RALINK, RT2770),
293 RUN_DEV(RALINK, RT2870),
294 RUN_DEV(RALINK, RT3070),
295 RUN_DEV(RALINK, RT3071),
296 RUN_DEV(RALINK, RT3072),
297 RUN_DEV(RALINK, RT3370),
298 RUN_DEV(RALINK, RT3572),
299 RUN_DEV(RALINK, RT3573),
300 RUN_DEV(RALINK, RT5370),
301 RUN_DEV(RALINK, RT5372),
302 RUN_DEV(RALINK, RT5572),
303 RUN_DEV(RALINK, RT8070),
304 RUN_DEV(SAMSUNG, WIS09ABGN),
305 RUN_DEV(SAMSUNG2, RT2870_1),
306 RUN_DEV(SENAO, RT2870_1),
307 RUN_DEV(SENAO, RT2870_2),
308 RUN_DEV(SENAO, RT2870_3),
309 RUN_DEV(SENAO, RT2870_4),
310 RUN_DEV(SENAO, RT3070),
311 RUN_DEV(SENAO, RT3071),
312 RUN_DEV(SENAO, RT3072_1),
313 RUN_DEV(SENAO, RT3072_2),
314 RUN_DEV(SENAO, RT3072_3),
315 RUN_DEV(SENAO, RT3072_4),
316 RUN_DEV(SENAO, RT3072_5),
317 RUN_DEV(SITECOMEU, RT2770),
318 RUN_DEV(SITECOMEU, RT2870_1),
319 RUN_DEV(SITECOMEU, RT2870_2),
320 RUN_DEV(SITECOMEU, RT2870_3),
321 RUN_DEV(SITECOMEU, RT2870_4),
322 RUN_DEV(SITECOMEU, RT3070),
323 RUN_DEV(SITECOMEU, RT3070_2),
324 RUN_DEV(SITECOMEU, RT3070_3),
325 RUN_DEV(SITECOMEU, RT3070_4),
326 RUN_DEV(SITECOMEU, RT3071),
327 RUN_DEV(SITECOMEU, RT3072_1),
328 RUN_DEV(SITECOMEU, RT3072_2),
329 RUN_DEV(SITECOMEU, RT3072_3),
330 RUN_DEV(SITECOMEU, RT3072_4),
331 RUN_DEV(SITECOMEU, RT3072_5),
332 RUN_DEV(SITECOMEU, RT3072_6),
333 RUN_DEV(SITECOMEU, WL608),
334 RUN_DEV(SPARKLAN, RT2870_1),
335 RUN_DEV(SPARKLAN, RT3070),
336 RUN_DEV(SWEEX2, LW153),
337 RUN_DEV(SWEEX2, LW303),
338 RUN_DEV(SWEEX2, LW313),
339 RUN_DEV(TOSHIBA, RT3070),
340 RUN_DEV(UMEDIA, RT2870_1),
341 RUN_DEV(ZCOM, RT2870_1),
342 RUN_DEV(ZCOM, RT2870_2),
343 RUN_DEV(ZINWELL, RT2870_1),
344 RUN_DEV(ZINWELL, RT2870_2),
345 RUN_DEV(ZINWELL, RT3070),
346 RUN_DEV(ZINWELL, RT3072_1),
347 RUN_DEV(ZINWELL, RT3072_2),
348 RUN_DEV(ZYXEL, RT2870_1),
349 RUN_DEV(ZYXEL, RT2870_2),
350 RUN_DEV(ZYXEL, RT3070),
351 RUN_DEV_EJECT(ZYXEL, NWD2705),
352 RUN_DEV_EJECT(RALINK, RT_STOR),
357 static device_probe_t run_match;
358 static device_attach_t run_attach;
359 static device_detach_t run_detach;
361 static usb_callback_t run_bulk_rx_callback;
362 static usb_callback_t run_bulk_tx_callback0;
363 static usb_callback_t run_bulk_tx_callback1;
364 static usb_callback_t run_bulk_tx_callback2;
365 static usb_callback_t run_bulk_tx_callback3;
366 static usb_callback_t run_bulk_tx_callback4;
367 static usb_callback_t run_bulk_tx_callback5;
369 static void run_autoinst(void *, struct usb_device *,
370 struct usb_attach_arg *);
371 static int run_driver_loaded(struct module *, int, void *);
372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
373 usb_error_t error, u_int index);
374 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
376 const uint8_t [IEEE80211_ADDR_LEN],
377 const uint8_t [IEEE80211_ADDR_LEN]);
378 static void run_vap_delete(struct ieee80211vap *);
379 static void run_cmdq_cb(void *, int);
380 static void run_setup_tx_list(struct run_softc *,
381 struct run_endpoint_queue *);
382 static void run_unsetup_tx_list(struct run_softc *,
383 struct run_endpoint_queue *);
384 static int run_load_microcode(struct run_softc *);
385 static int run_reset(struct run_softc *);
386 static usb_error_t run_do_request(struct run_softc *,
387 struct usb_device_request *, void *);
388 static int run_read(struct run_softc *, uint16_t, uint32_t *);
389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
390 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
391 static int run_write(struct run_softc *, uint16_t, uint32_t);
392 static int run_write_region_1(struct run_softc *, uint16_t,
393 const uint8_t *, int);
394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
398 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
404 static const char *run_get_rf(uint16_t);
405 static void run_rt3593_get_txpower(struct run_softc *);
406 static void run_get_txpower(struct run_softc *);
407 static int run_read_eeprom(struct run_softc *);
408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
409 const uint8_t mac[IEEE80211_ADDR_LEN]);
410 static int run_media_change(struct ifnet *);
411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
412 static int run_wme_update(struct ieee80211com *);
413 static void run_key_set_cb(void *);
414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
415 static void run_key_delete_cb(void *);
416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
417 static void run_ratectl_to(void *);
418 static void run_ratectl_cb(void *, int);
419 static void run_drain_fifo(void *);
420 static void run_iter_func(void *, struct ieee80211_node *);
421 static void run_newassoc_cb(void *);
422 static void run_newassoc(struct ieee80211_node *, int);
423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
424 const struct ieee80211_rx_stats *, int, int);
425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
426 static void run_tx_free(struct run_endpoint_queue *pq,
427 struct run_tx_data *, int);
428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
429 static int run_tx(struct run_softc *, struct mbuf *,
430 struct ieee80211_node *);
431 static int run_tx_mgt(struct run_softc *, struct mbuf *,
432 struct ieee80211_node *);
433 static int run_sendprot(struct run_softc *, const struct mbuf *,
434 struct ieee80211_node *, int, int);
435 static int run_tx_param(struct run_softc *, struct mbuf *,
436 struct ieee80211_node *,
437 const struct ieee80211_bpf_params *);
438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
439 const struct ieee80211_bpf_params *);
440 static int run_transmit(struct ieee80211com *, struct mbuf *);
441 static void run_start(struct run_softc *);
442 static void run_parent(struct ieee80211com *);
443 static void run_iq_calib(struct run_softc *, u_int);
444 static void run_set_agc(struct run_softc *, uint8_t);
445 static void run_select_chan_group(struct run_softc *, int);
446 static void run_set_rx_antenna(struct run_softc *, int);
447 static void run_rt2870_set_chan(struct run_softc *, u_int);
448 static void run_rt3070_set_chan(struct run_softc *, u_int);
449 static void run_rt3572_set_chan(struct run_softc *, u_int);
450 static void run_rt3593_set_chan(struct run_softc *, u_int);
451 static void run_rt5390_set_chan(struct run_softc *, u_int);
452 static void run_rt5592_set_chan(struct run_softc *, u_int);
453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
454 static void run_set_channel(struct ieee80211com *);
455 static void run_getradiocaps(struct ieee80211com *, int, int *,
456 struct ieee80211_channel[]);
457 static void run_scan_start(struct ieee80211com *);
458 static void run_scan_end(struct ieee80211com *);
459 static void run_update_beacon(struct ieee80211vap *, int);
460 static void run_update_beacon_cb(void *);
461 static void run_updateprot(struct ieee80211com *);
462 static void run_updateprot_cb(void *);
463 static void run_usb_timeout_cb(void *);
464 static void run_reset_livelock(struct run_softc *);
465 static void run_enable_tsf_sync(struct run_softc *);
466 static void run_enable_tsf(struct run_softc *);
467 static void run_get_tsf(struct run_softc *, uint64_t *);
468 static void run_enable_mrr(struct run_softc *);
469 static void run_set_txpreamble(struct run_softc *);
470 static void run_set_basicrates(struct run_softc *);
471 static void run_set_leds(struct run_softc *, uint16_t);
472 static void run_set_bssid(struct run_softc *, const uint8_t *);
473 static void run_set_macaddr(struct run_softc *, const uint8_t *);
474 static void run_updateslot(struct ieee80211com *);
475 static void run_updateslot_cb(void *);
476 static void run_update_mcast(struct ieee80211com *);
477 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
478 static void run_update_promisc_locked(struct run_softc *);
479 static void run_update_promisc(struct ieee80211com *);
480 static void run_rt5390_bbp_init(struct run_softc *);
481 static int run_bbp_init(struct run_softc *);
482 static int run_rt3070_rf_init(struct run_softc *);
483 static void run_rt3593_rf_init(struct run_softc *);
484 static void run_rt5390_rf_init(struct run_softc *);
485 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
487 static void run_rt3070_rf_setup(struct run_softc *);
488 static void run_rt3593_rf_setup(struct run_softc *);
489 static void run_rt5390_rf_setup(struct run_softc *);
490 static int run_txrx_enable(struct run_softc *);
491 static void run_adjust_freq_offset(struct run_softc *);
492 static void run_init_locked(struct run_softc *);
493 static void run_stop(void *);
494 static void run_delay(struct run_softc *, u_int);
496 static eventhandler_tag run_etag;
498 static const struct rt2860_rate {
501 enum ieee80211_phytype phy;
506 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
507 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
508 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
509 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
510 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
511 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
512 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
513 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
514 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
515 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
516 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
517 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
520 static const struct {
523 } rt2870_def_mac[] = {
527 static const struct {
530 } rt2860_def_bbp[] = {
532 },rt5390_def_bbp[] = {
534 },rt5592_def_bbp[] = {
539 * Default values for BBP register R196 for RT5592.
541 static const uint8_t rt5592_bbp_r196[] = {
542 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
543 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
544 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
545 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
546 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
547 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
549 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
550 0x2e, 0x36, 0x30, 0x6e
553 static const struct rfprog {
555 uint32_t r1, r2, r3, r4;
556 } rt2860_rf2850[] = {
566 static const struct rt5592_freqs {
569 } rt5592_freqs_20mhz[] = {
571 },rt5592_freqs_40mhz[] = {
575 static const struct {
578 } rt3070_def_rf[] = {
580 },rt3572_def_rf[] = {
582 },rt3593_def_rf[] = {
584 },rt5390_def_rf[] = {
586 },rt5392_def_rf[] = {
588 },rt5592_def_rf[] = {
590 },rt5592_2ghz_def_rf[] = {
592 },rt5592_5ghz_def_rf[] = {
596 static const struct {
601 } rt5592_chan_5ghz[] = {
605 static const struct usb_config run_config[RUN_N_XFER] = {
608 .endpoint = UE_ADDR_ANY,
610 .direction = UE_DIR_OUT,
611 .bufsize = RUN_MAX_TXSZ,
612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
613 .callback = run_bulk_tx_callback0,
614 .timeout = 5000, /* ms */
618 .endpoint = UE_ADDR_ANY,
619 .direction = UE_DIR_OUT,
621 .bufsize = RUN_MAX_TXSZ,
622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
623 .callback = run_bulk_tx_callback1,
624 .timeout = 5000, /* ms */
628 .endpoint = UE_ADDR_ANY,
629 .direction = UE_DIR_OUT,
631 .bufsize = RUN_MAX_TXSZ,
632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
633 .callback = run_bulk_tx_callback2,
634 .timeout = 5000, /* ms */
638 .endpoint = UE_ADDR_ANY,
639 .direction = UE_DIR_OUT,
641 .bufsize = RUN_MAX_TXSZ,
642 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
643 .callback = run_bulk_tx_callback3,
644 .timeout = 5000, /* ms */
646 [RUN_BULK_TX_HCCA] = {
648 .endpoint = UE_ADDR_ANY,
649 .direction = UE_DIR_OUT,
651 .bufsize = RUN_MAX_TXSZ,
652 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
653 .callback = run_bulk_tx_callback4,
654 .timeout = 5000, /* ms */
656 [RUN_BULK_TX_PRIO] = {
658 .endpoint = UE_ADDR_ANY,
659 .direction = UE_DIR_OUT,
661 .bufsize = RUN_MAX_TXSZ,
662 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
663 .callback = run_bulk_tx_callback5,
664 .timeout = 5000, /* ms */
668 .endpoint = UE_ADDR_ANY,
669 .direction = UE_DIR_IN,
670 .bufsize = RUN_MAX_RXSZ,
671 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
672 .callback = run_bulk_rx_callback,
677 run_autoinst(void *arg, struct usb_device *udev,
678 struct usb_attach_arg *uaa)
680 struct usb_interface *iface;
681 struct usb_interface_descriptor *id;
683 if (uaa->dev_state != UAA_DEV_READY)
686 iface = usbd_get_iface(udev, 0);
690 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
692 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
695 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
696 uaa->dev_state = UAA_DEV_EJECTING;
700 run_driver_loaded(struct module *mod, int what, void *arg)
704 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
705 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
708 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
717 run_match(device_t self)
719 struct usb_attach_arg *uaa = device_get_ivars(self);
721 if (uaa->usb_mode != USB_MODE_HOST)
723 if (uaa->info.bConfigIndex != 0)
725 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
728 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
732 run_attach(device_t self)
734 struct run_softc *sc = device_get_softc(self);
735 struct usb_attach_arg *uaa = device_get_ivars(self);
736 struct ieee80211com *ic = &sc->sc_ic;
741 device_set_usb_desc(self);
742 sc->sc_udev = uaa->device;
744 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
745 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
747 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
748 MTX_NETWORK_LOCK, MTX_DEF);
749 mbufq_init(&sc->sc_snd, ifqmaxlen);
751 iface_index = RT2860_IFACE_INDEX;
753 error = usbd_transfer_setup(uaa->device, &iface_index,
754 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
756 device_printf(self, "could not allocate USB transfers, "
757 "err=%s\n", usbd_errstr(error));
763 /* wait for the chip to settle */
764 for (ntries = 0; ntries < 100; ntries++) {
765 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
769 if (ver != 0 && ver != 0xffffffff)
774 device_printf(sc->sc_dev,
775 "timeout waiting for NIC to initialize\n");
779 sc->mac_ver = ver >> 16;
780 sc->mac_rev = ver & 0xffff;
782 /* retrieve RF rev. no and various other things from EEPROM */
785 device_printf(sc->sc_dev,
786 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
787 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
788 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
793 ic->ic_name = device_get_nameunit(self);
794 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
795 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
797 /* set device capabilities */
799 IEEE80211_C_STA | /* station mode supported */
800 IEEE80211_C_MONITOR | /* monitor mode supported */
803 IEEE80211_C_WDS | /* 4-address traffic works */
805 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
806 IEEE80211_C_SHSLOT | /* short slot time supported */
807 IEEE80211_C_WME | /* WME */
808 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
811 IEEE80211_CRYPTO_WEP |
812 IEEE80211_CRYPTO_AES_CCM |
813 IEEE80211_CRYPTO_TKIPMIC |
814 IEEE80211_CRYPTO_TKIP;
816 ic->ic_flags |= IEEE80211_F_DATAPAD;
817 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
819 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
822 ieee80211_ifattach(ic);
824 ic->ic_scan_start = run_scan_start;
825 ic->ic_scan_end = run_scan_end;
826 ic->ic_set_channel = run_set_channel;
827 ic->ic_getradiocaps = run_getradiocaps;
828 ic->ic_node_alloc = run_node_alloc;
829 ic->ic_newassoc = run_newassoc;
830 ic->ic_updateslot = run_updateslot;
831 ic->ic_update_mcast = run_update_mcast;
832 ic->ic_wme.wme_update = run_wme_update;
833 ic->ic_raw_xmit = run_raw_xmit;
834 ic->ic_update_promisc = run_update_promisc;
835 ic->ic_vap_create = run_vap_create;
836 ic->ic_vap_delete = run_vap_delete;
837 ic->ic_transmit = run_transmit;
838 ic->ic_parent = run_parent;
840 ieee80211_radiotap_attach(ic,
841 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
842 RUN_TX_RADIOTAP_PRESENT,
843 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
844 RUN_RX_RADIOTAP_PRESENT);
846 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
847 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
848 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
851 ieee80211_announce(ic);
861 run_drain_mbufq(struct run_softc *sc)
864 struct ieee80211_node *ni;
866 RUN_LOCK_ASSERT(sc, MA_OWNED);
867 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
868 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
869 m->m_pkthdr.rcvif = NULL;
870 ieee80211_free_node(ni);
876 run_detach(device_t self)
878 struct run_softc *sc = device_get_softc(self);
879 struct ieee80211com *ic = &sc->sc_ic;
886 /* stop all USB transfers */
887 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
890 sc->ratectl_run = RUN_RATECTL_OFF;
891 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
893 /* free TX list, if any */
894 for (i = 0; i != RUN_EP_QUEUES; i++)
895 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
901 if (sc->sc_ic.ic_softc == sc) {
903 usb_callout_drain(&sc->ratectl_ch);
904 ieee80211_draintask(ic, &sc->cmdq_task);
905 ieee80211_draintask(ic, &sc->ratectl_task);
906 ieee80211_ifdetach(ic);
909 mtx_destroy(&sc->sc_mtx);
914 static struct ieee80211vap *
915 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
916 enum ieee80211_opmode opmode, int flags,
917 const uint8_t bssid[IEEE80211_ADDR_LEN],
918 const uint8_t mac[IEEE80211_ADDR_LEN])
920 struct run_softc *sc = ic->ic_softc;
922 struct ieee80211vap *vap;
925 if (sc->rvp_cnt >= RUN_VAP_MAX) {
926 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
931 case IEEE80211_M_STA:
932 /* enable s/w bmiss handling for sta mode */
933 flags |= IEEE80211_CLONE_NOBEACONS;
935 case IEEE80211_M_IBSS:
936 case IEEE80211_M_MONITOR:
937 case IEEE80211_M_HOSTAP:
938 case IEEE80211_M_MBSS:
939 /* other than WDS vaps, only one at a time */
940 if (!TAILQ_EMPTY(&ic->ic_vaps))
943 case IEEE80211_M_WDS:
944 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
945 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
947 /* WDS vap's always share the local mac address. */
948 flags &= ~IEEE80211_CLONE_BSSID;
952 device_printf(sc->sc_dev,
953 "wds only supported in ap mode\n");
958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
962 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
965 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
968 free(rvp, M_80211_VAP);
972 vap->iv_update_beacon = run_update_beacon;
973 vap->iv_max_aid = RT2870_WCID_MAX;
975 * To delete the right key from h/w, we need wcid.
976 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
977 * and matching wcid will be written into there. So, cast
978 * some spells to remove 'const' from ieee80211_key{}
980 vap->iv_key_delete = (void *)run_key_delete;
981 vap->iv_key_set = (void *)run_key_set;
983 /* override state transition machine */
984 rvp->newstate = vap->iv_newstate;
985 vap->iv_newstate = run_newstate;
986 if (opmode == IEEE80211_M_IBSS) {
987 rvp->recv_mgmt = vap->iv_recv_mgmt;
988 vap->iv_recv_mgmt = run_recv_mgmt;
991 ieee80211_ratectl_init(vap);
992 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
995 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
998 /* make sure id is always unique */
999 for (i = 0; i < RUN_VAP_MAX; i++) {
1000 if((sc->rvp_bmap & 1 << i) == 0){
1001 sc->rvp_bmap |= 1 << i;
1006 if (sc->rvp_cnt++ == 0)
1007 ic->ic_opmode = opmode;
1009 if (opmode == IEEE80211_M_HOSTAP)
1010 sc->cmdq_run = RUN_CMDQ_GO;
1012 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1013 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1019 run_vap_delete(struct ieee80211vap *vap)
1021 struct run_vap *rvp = RUN_VAP(vap);
1022 struct ieee80211com *ic;
1023 struct run_softc *sc;
1034 m_freem(rvp->beacon_mbuf);
1035 rvp->beacon_mbuf = NULL;
1037 rvp_id = rvp->rvp_id;
1038 sc->ratectl_run &= ~(1 << rvp_id);
1039 sc->rvp_bmap &= ~(1 << rvp_id);
1040 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1041 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1044 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1045 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1046 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1050 ieee80211_ratectl_deinit(vap);
1051 ieee80211_vap_detach(vap);
1052 free(rvp, M_80211_VAP);
1056 * There are numbers of functions need to be called in context thread.
1057 * Rather than creating taskqueue event for each of those functions,
1058 * here is all-for-one taskqueue callback function. This function
1059 * guarantees deferred functions are executed in the same order they
1061 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1064 run_cmdq_cb(void *arg, int pending)
1066 struct run_softc *sc = arg;
1069 /* call cmdq[].func locked */
1071 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1072 i = sc->cmdq_exec, pending--) {
1073 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1075 if (sc->cmdq_run == RUN_CMDQ_GO) {
1077 * If arg0 is NULL, callback func needs more
1078 * than one arg. So, pass ptr to cmdq struct.
1080 if (sc->cmdq[i].arg0)
1081 sc->cmdq[i].func(sc->cmdq[i].arg0);
1083 sc->cmdq[i].func(&sc->cmdq[i]);
1085 sc->cmdq[i].arg0 = NULL;
1086 sc->cmdq[i].func = NULL;
1088 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1094 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1096 struct run_tx_data *data;
1098 memset(pq, 0, sizeof(*pq));
1100 STAILQ_INIT(&pq->tx_qh);
1101 STAILQ_INIT(&pq->tx_fh);
1103 for (data = &pq->tx_data[0];
1104 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1106 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1108 pq->tx_nfree = RUN_TX_RING_COUNT;
1112 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1114 struct run_tx_data *data;
1116 /* make sure any subsequent use of the queues will fail */
1118 STAILQ_INIT(&pq->tx_fh);
1119 STAILQ_INIT(&pq->tx_qh);
1121 /* free up all node references and mbufs */
1122 for (data = &pq->tx_data[0];
1123 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1124 if (data->m != NULL) {
1128 if (data->ni != NULL) {
1129 ieee80211_free_node(data->ni);
1136 run_load_microcode(struct run_softc *sc)
1138 usb_device_request_t req;
1139 const struct firmware *fw;
1143 const uint64_t *temp;
1147 fw = firmware_get("runfw");
1150 device_printf(sc->sc_dev,
1151 "failed loadfirmware of file %s\n", "runfw");
1155 if (fw->datasize != 8192) {
1156 device_printf(sc->sc_dev,
1157 "invalid firmware size (should be 8KB)\n");
1163 * RT3071/RT3072 use a different firmware
1164 * run-rt2870 (8KB) contains both,
1165 * first half (4KB) is for rt2870,
1166 * last half is for rt3071.
1169 if ((sc->mac_ver) != 0x2860 &&
1170 (sc->mac_ver) != 0x2872 &&
1171 (sc->mac_ver) != 0x3070) {
1175 /* cheap sanity check */
1178 if (bytes != be64toh(0xffffff0210280210ULL)) {
1179 device_printf(sc->sc_dev, "firmware checksum failed\n");
1184 /* write microcode image */
1185 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1186 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1187 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1188 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1192 req.bRequest = RT2870_RESET;
1193 USETW(req.wValue, 8);
1194 USETW(req.wIndex, 0);
1195 USETW(req.wLength, 0);
1196 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1198 device_printf(sc->sc_dev, "firmware reset failed\n");
1204 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1205 run_write(sc, RT2860_H2M_MAILBOX, 0);
1206 run_write(sc, RT2860_H2M_INTSRC, 0);
1207 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1210 /* wait until microcontroller is ready */
1211 for (ntries = 0; ntries < 1000; ntries++) {
1212 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1214 if (tmp & RT2860_MCU_READY)
1218 if (ntries == 1000) {
1219 device_printf(sc->sc_dev,
1220 "timeout waiting for MCU to initialize\n");
1224 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1225 (base == fw->data) ? "RT2870" : "RT3071",
1226 *(base + 4092), *(base + 4093));
1229 firmware_put(fw, FIRMWARE_UNLOAD);
1234 run_reset(struct run_softc *sc)
1236 usb_device_request_t req;
1238 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1239 req.bRequest = RT2870_RESET;
1240 USETW(req.wValue, 1);
1241 USETW(req.wIndex, 0);
1242 USETW(req.wLength, 0);
1243 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1247 run_do_request(struct run_softc *sc,
1248 struct usb_device_request *req, void *data)
1253 RUN_LOCK_ASSERT(sc, MA_OWNED);
1256 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1257 req, data, 0, NULL, 250 /* ms */);
1260 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1261 "Control request failed, %s (retrying)\n",
1269 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1274 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1276 *val = le32toh(tmp);
1283 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1285 usb_device_request_t req;
1287 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1288 req.bRequest = RT2870_READ_REGION_1;
1289 USETW(req.wValue, 0);
1290 USETW(req.wIndex, reg);
1291 USETW(req.wLength, len);
1293 return (run_do_request(sc, &req, buf));
1297 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1299 usb_device_request_t req;
1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1302 req.bRequest = RT2870_WRITE_2;
1303 USETW(req.wValue, val);
1304 USETW(req.wIndex, reg);
1305 USETW(req.wLength, 0);
1307 return (run_do_request(sc, &req, NULL));
1311 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1315 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1316 error = run_write_2(sc, reg + 2, val >> 16);
1321 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1327 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1328 * We thus issue multiple WRITE_2 commands instead.
1330 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1331 for (i = 0; i < len && error == 0; i += 2)
1332 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1335 usb_device_request_t req;
1339 * NOTE: It appears the WRITE_REGION_1 command cannot be
1340 * passed a huge amount of data, which will crash the
1341 * firmware. Limit amount of data passed to 64-bytes at a
1349 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1350 req.bRequest = RT2870_WRITE_REGION_1;
1351 USETW(req.wValue, 0);
1352 USETW(req.wIndex, reg);
1353 USETW(req.wLength, delta);
1354 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1366 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1370 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1371 for (i = 0; i < len && error == 0; i += 4)
1372 error = run_write(sc, reg + i, val);
1377 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1383 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1389 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1395 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1396 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1397 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1398 for (ntries = 0; ntries < 100; ntries++) {
1399 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1401 if (!(tmp & RT3070_EFSROM_KICK))
1408 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1409 *val = 0xffff; /* address not found */
1412 /* determine to which 32-bit register our 16-bit word belongs */
1413 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1414 if ((error = run_read(sc, reg, &tmp)) != 0)
1417 tmp >>= (8 * (addr & 0x3));
1418 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1423 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1425 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427 return (run_efuse_read(sc, addr, val, 2));
1431 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1433 usb_device_request_t req;
1438 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1439 req.bRequest = RT2870_EEPROM_READ;
1440 USETW(req.wValue, 0);
1441 USETW(req.wIndex, addr);
1442 USETW(req.wLength, sizeof(tmp));
1444 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1446 *val = le16toh(tmp);
1453 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1455 /* either eFUSE ROM or EEPROM */
1456 return sc->sc_srom_read(sc, addr, val);
1460 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1465 for (ntries = 0; ntries < 10; ntries++) {
1466 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1468 if (!(tmp & RT2860_RF_REG_CTRL))
1474 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1478 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1483 for (ntries = 0; ntries < 100; ntries++) {
1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1486 if (!(tmp & RT3070_RF_KICK))
1492 tmp = RT3070_RF_KICK | reg << 8;
1493 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1496 for (ntries = 0; ntries < 100; ntries++) {
1497 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1499 if (!(tmp & RT3070_RF_KICK))
1510 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1515 for (ntries = 0; ntries < 10; ntries++) {
1516 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1518 if (!(tmp & RT3070_RF_KICK))
1524 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1525 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1529 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1534 for (ntries = 0; ntries < 10; ntries++) {
1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1537 if (!(tmp & RT2860_BBP_CSR_KICK))
1543 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1544 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1547 for (ntries = 0; ntries < 10; ntries++) {
1548 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1550 if (!(tmp & RT2860_BBP_CSR_KICK))
1561 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1566 for (ntries = 0; ntries < 10; ntries++) {
1567 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1569 if (!(tmp & RT2860_BBP_CSR_KICK))
1575 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1576 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1580 * Send a command to the 8051 microcontroller unit.
1583 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1588 for (ntries = 0; ntries < 100; ntries++) {
1589 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1591 if (!(tmp & RT2860_H2M_BUSY))
1597 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1598 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1599 error = run_write(sc, RT2860_HOST_CMD, cmd);
1604 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1605 * Used to adjust per-rate Tx power registers.
1607 static __inline uint32_t
1608 b4inc(uint32_t b32, int8_t delta)
1612 for (i = 0; i < 8; i++) {
1619 b32 = b32 >> 4 | b4 << 28;
1625 run_get_rf(uint16_t rev)
1628 case RT2860_RF_2820: return "RT2820";
1629 case RT2860_RF_2850: return "RT2850";
1630 case RT2860_RF_2720: return "RT2720";
1631 case RT2860_RF_2750: return "RT2750";
1632 case RT3070_RF_3020: return "RT3020";
1633 case RT3070_RF_2020: return "RT2020";
1634 case RT3070_RF_3021: return "RT3021";
1635 case RT3070_RF_3022: return "RT3022";
1636 case RT3070_RF_3052: return "RT3052";
1637 case RT3593_RF_3053: return "RT3053";
1638 case RT5592_RF_5592: return "RT5592";
1639 case RT5390_RF_5370: return "RT5370";
1640 case RT5390_RF_5372: return "RT5372";
1646 run_rt3593_get_txpower(struct run_softc *sc)
1651 /* Read power settings for 2GHz channels. */
1652 for (i = 0; i < 14; i += 2) {
1653 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1654 RT2860_EEPROM_PWR2GHZ_BASE1;
1655 run_srom_read(sc, addr + i / 2, &val);
1656 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1657 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1659 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1660 RT2860_EEPROM_PWR2GHZ_BASE2;
1661 run_srom_read(sc, addr + i / 2, &val);
1662 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1663 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1665 if (sc->ntxchains == 3) {
1666 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1668 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1669 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1672 /* Fix broken Tx power entries. */
1673 for (i = 0; i < 14; i++) {
1674 if (sc->txpow1[i] > 31)
1676 if (sc->txpow2[i] > 31)
1678 if (sc->ntxchains == 3) {
1679 if (sc->txpow3[i] > 31)
1683 /* Read power settings for 5GHz channels. */
1684 for (i = 0; i < 40; i += 2) {
1685 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1686 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1687 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1690 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1691 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1693 if (sc->ntxchains == 3) {
1694 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1696 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1697 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1703 run_get_txpower(struct run_softc *sc)
1708 /* Read power settings for 2GHz channels. */
1709 for (i = 0; i < 14; i += 2) {
1710 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1711 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1712 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1714 if (sc->mac_ver != 0x5390) {
1716 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1717 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1718 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1721 /* Fix broken Tx power entries. */
1722 for (i = 0; i < 14; i++) {
1723 if (sc->mac_ver >= 0x5390) {
1724 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1730 if (sc->mac_ver > 0x5390) {
1731 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1733 } else if (sc->mac_ver < 0x5390) {
1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1737 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1738 "chan %d: power1=%d, power2=%d\n",
1739 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1741 /* Read power settings for 5GHz channels. */
1742 for (i = 0; i < 40; i += 2) {
1743 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1744 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1745 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1748 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1749 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1751 /* Fix broken Tx power entries. */
1752 for (i = 0; i < 40; i++ ) {
1753 if (sc->mac_ver != 0x5592) {
1754 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1755 sc->txpow1[14 + i] = 5;
1756 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1757 sc->txpow2[14 + i] = 5;
1759 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1760 "chan %d: power1=%d, power2=%d\n",
1761 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1762 sc->txpow2[14 + i]);
1767 run_read_eeprom(struct run_softc *sc)
1769 struct ieee80211com *ic = &sc->sc_ic;
1770 int8_t delta_2ghz, delta_5ghz;
1775 /* check whether the ROM is eFUSE ROM or EEPROM */
1776 sc->sc_srom_read = run_eeprom_read_2;
1777 if (sc->mac_ver >= 0x3070) {
1778 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1779 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1780 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1781 sc->sc_srom_read = run_efuse_read_2;
1784 /* read ROM version */
1785 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1786 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1787 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1789 /* read MAC address */
1790 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1791 ic->ic_macaddr[0] = val & 0xff;
1792 ic->ic_macaddr[1] = val >> 8;
1793 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1794 ic->ic_macaddr[2] = val & 0xff;
1795 ic->ic_macaddr[3] = val >> 8;
1796 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1797 ic->ic_macaddr[4] = val & 0xff;
1798 ic->ic_macaddr[5] = val >> 8;
1800 if (sc->mac_ver < 0x3593) {
1801 /* read vender BBP settings */
1802 for (i = 0; i < 10; i++) {
1803 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1804 sc->bbp[i].val = val & 0xff;
1805 sc->bbp[i].reg = val >> 8;
1806 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1807 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1809 if (sc->mac_ver >= 0x3071) {
1810 /* read vendor RF settings */
1811 for (i = 0; i < 10; i++) {
1812 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1814 sc->rf[i].val = val & 0xff;
1815 sc->rf[i].reg = val >> 8;
1816 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1817 sc->rf[i].reg, sc->rf[i].val);
1822 /* read RF frequency offset from EEPROM */
1823 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1824 RT3593_EEPROM_FREQ, &val);
1825 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1826 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1829 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1830 RT3593_EEPROM_FREQ_LEDS, &val);
1831 if (val >> 8 != 0xff) {
1832 /* read LEDs operating mode */
1833 sc->leds = val >> 8;
1834 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1835 RT3593_EEPROM_LED1, &sc->led[0]);
1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1837 RT3593_EEPROM_LED2, &sc->led[1]);
1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1839 RT3593_EEPROM_LED3, &sc->led[2]);
1841 /* broken EEPROM, use default settings */
1843 sc->led[0] = 0x5555;
1844 sc->led[1] = 0x2221;
1845 sc->led[2] = 0x5627; /* differs from RT2860 */
1847 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1848 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1849 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1851 /* read RF information */
1852 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1853 run_srom_read(sc, 0x00, &val);
1855 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1857 if (val == 0xffff) {
1858 device_printf(sc->sc_dev,
1859 "invalid EEPROM antenna info, using default\n");
1860 if (sc->mac_ver == 0x3572) {
1861 /* default to RF3052 2T2R */
1862 sc->rf_rev = RT3070_RF_3052;
1865 } else if (sc->mac_ver >= 0x3070) {
1866 /* default to RF3020 1T1R */
1867 sc->rf_rev = RT3070_RF_3020;
1871 /* default to RF2820 1T2R */
1872 sc->rf_rev = RT2860_RF_2820;
1877 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1879 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1881 sc->rf_rev = (val >> 8) & 0xf;
1882 sc->ntxchains = (val >> 4) & 0xf;
1883 sc->nrxchains = val & 0xf;
1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1886 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1888 /* check if RF supports automatic Tx access gain control */
1889 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1890 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1891 /* check if driver should patch the DAC issue */
1892 if ((val >> 8) != 0xff)
1893 sc->patch_dac = (val >> 15) & 1;
1894 if ((val & 0xff) != 0xff) {
1895 sc->ext_5ghz_lna = (val >> 3) & 1;
1896 sc->ext_2ghz_lna = (val >> 2) & 1;
1897 /* check if RF supports automatic Tx access gain control */
1898 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1899 /* check if we have a hardware radio switch */
1900 sc->rfswitch = val & 1;
1903 /* Read Tx power settings. */
1904 if (sc->mac_ver == 0x3593)
1905 run_rt3593_get_txpower(sc);
1907 run_get_txpower(sc);
1909 /* read Tx power compensation for each Tx rate */
1910 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1911 delta_2ghz = delta_5ghz = 0;
1912 if ((val & 0xff) != 0xff && (val & 0x80)) {
1913 delta_2ghz = val & 0xf;
1914 if (!(val & 0x40)) /* negative number */
1915 delta_2ghz = -delta_2ghz;
1918 if ((val & 0xff) != 0xff && (val & 0x80)) {
1919 delta_5ghz = val & 0xf;
1920 if (!(val & 0x40)) /* negative number */
1921 delta_5ghz = -delta_5ghz;
1923 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1924 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
1926 for (ridx = 0; ridx < 5; ridx++) {
1929 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1932 reg |= (uint32_t)val << 16;
1934 sc->txpow20mhz[ridx] = reg;
1935 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1936 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1938 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1939 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1940 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1941 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1944 /* Read RSSI offsets and LNA gains from EEPROM. */
1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1946 RT3593_EEPROM_RSSI1_2GHZ, &val);
1947 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1948 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1950 RT3593_EEPROM_RSSI2_2GHZ, &val);
1951 if (sc->mac_ver >= 0x3070) {
1952 if (sc->mac_ver == 0x3593) {
1953 sc->txmixgain_2ghz = 0;
1954 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1957 * On RT3070 chips (limited to 2 Rx chains), this ROM
1958 * field contains the Tx mixer gain for the 2GHz band.
1960 if ((val & 0xff) != 0xff)
1961 sc->txmixgain_2ghz = val & 0x7;
1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
1964 sc->txmixgain_2ghz);
1966 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1967 if (sc->mac_ver == 0x3593)
1968 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1969 sc->lna[2] = val >> 8; /* channel group 2 */
1971 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1972 RT3593_EEPROM_RSSI1_5GHZ, &val);
1973 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1974 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1976 RT3593_EEPROM_RSSI2_5GHZ, &val);
1977 if (sc->mac_ver == 0x3572) {
1979 * On RT3572 chips (limited to 2 Rx chains), this ROM
1980 * field contains the Tx mixer gain for the 5GHz band.
1982 if ((val & 0xff) != 0xff)
1983 sc->txmixgain_5ghz = val & 0x7;
1984 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
1985 sc->txmixgain_5ghz);
1987 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1988 if (sc->mac_ver == 0x3593) {
1989 sc->txmixgain_5ghz = 0;
1990 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1992 sc->lna[3] = val >> 8; /* channel group 3 */
1994 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1995 RT3593_EEPROM_LNA, &val);
1996 sc->lna[0] = val & 0xff; /* channel group 0 */
1997 sc->lna[1] = val >> 8; /* channel group 1 */
1999 /* fix broken 5GHz LNA entries */
2000 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2001 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2002 "invalid LNA for channel group %d\n", 2);
2003 sc->lna[2] = sc->lna[1];
2005 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2007 "invalid LNA for channel group %d\n", 3);
2008 sc->lna[3] = sc->lna[1];
2011 /* fix broken RSSI offset entries */
2012 for (ant = 0; ant < 3; ant++) {
2013 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2014 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2015 "invalid RSSI%d offset: %d (2GHz)\n",
2016 ant + 1, sc->rssi_2ghz[ant]);
2017 sc->rssi_2ghz[ant] = 0;
2019 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2021 "invalid RSSI%d offset: %d (5GHz)\n",
2022 ant + 1, sc->rssi_5ghz[ant]);
2023 sc->rssi_5ghz[ant] = 0;
2029 static struct ieee80211_node *
2030 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2032 return malloc(sizeof (struct run_node), M_80211_NODE,
2037 run_media_change(struct ifnet *ifp)
2039 struct ieee80211vap *vap = ifp->if_softc;
2040 struct ieee80211com *ic = vap->iv_ic;
2041 const struct ieee80211_txparam *tp;
2042 struct run_softc *sc = ic->ic_softc;
2048 error = ieee80211_media_change(ifp);
2049 if (error != ENETRESET) {
2054 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2055 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2056 struct ieee80211_node *ni;
2057 struct run_node *rn;
2059 rate = ic->ic_sup_rates[ic->ic_curmode].
2060 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2061 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2062 if (rt2860_rates[ridx].rate == rate)
2064 ni = ieee80211_ref_node(vap->iv_bss);
2066 rn->fix_ridx = ridx;
2067 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2068 rate, rn->fix_ridx);
2069 ieee80211_free_node(ni);
2073 if ((ifp->if_flags & IFF_UP) &&
2074 (ifp->if_drv_flags & RUN_RUNNING)){
2075 run_init_locked(sc);
2085 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2087 const struct ieee80211_txparam *tp;
2088 struct ieee80211com *ic = vap->iv_ic;
2089 struct run_softc *sc = ic->ic_softc;
2090 struct run_vap *rvp = RUN_VAP(vap);
2091 enum ieee80211_state ostate;
2095 uint8_t restart_ratectl = 0;
2096 uint8_t bid = 1 << rvp->rvp_id;
2098 ostate = vap->iv_state;
2099 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2100 ieee80211_state_name[ostate],
2101 ieee80211_state_name[nstate]);
2103 IEEE80211_UNLOCK(ic);
2106 ratectl = sc->ratectl_run; /* remember current state */
2107 sc->ratectl_run = RUN_RATECTL_OFF;
2108 usb_callout_stop(&sc->ratectl_ch);
2110 if (ostate == IEEE80211_S_RUN) {
2111 /* turn link LED off */
2112 run_set_leds(sc, RT2860_LED_RADIO);
2116 case IEEE80211_S_INIT:
2117 restart_ratectl = 1;
2119 if (ostate != IEEE80211_S_RUN)
2123 sc->runbmap &= ~bid;
2125 /* abort TSF synchronization if there is no vap running */
2126 if (--sc->running == 0) {
2127 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2128 run_write(sc, RT2860_BCN_TIME_CFG,
2129 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2130 RT2860_TBTT_TIMER_EN));
2134 case IEEE80211_S_RUN:
2135 if (!(sc->runbmap & bid)) {
2137 restart_ratectl = 1;
2141 m_freem(rvp->beacon_mbuf);
2142 rvp->beacon_mbuf = NULL;
2144 switch (vap->iv_opmode) {
2145 case IEEE80211_M_HOSTAP:
2146 case IEEE80211_M_MBSS:
2147 sc->ap_running |= bid;
2148 ic->ic_opmode = vap->iv_opmode;
2149 run_update_beacon_cb(vap);
2151 case IEEE80211_M_IBSS:
2152 sc->adhoc_running |= bid;
2153 if (!sc->ap_running)
2154 ic->ic_opmode = vap->iv_opmode;
2155 run_update_beacon_cb(vap);
2157 case IEEE80211_M_STA:
2158 sc->sta_running |= bid;
2159 if (!sc->ap_running && !sc->adhoc_running)
2160 ic->ic_opmode = vap->iv_opmode;
2162 /* read statistic counters (clear on read) */
2163 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2164 (uint8_t *)sta, sizeof sta);
2168 ic->ic_opmode = vap->iv_opmode;
2172 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2173 struct ieee80211_node *ni;
2175 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2182 run_set_txpreamble(sc);
2183 run_set_basicrates(sc);
2184 ni = ieee80211_ref_node(vap->iv_bss);
2185 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2186 run_set_bssid(sc, sc->sc_bssid);
2187 ieee80211_free_node(ni);
2188 run_enable_tsf_sync(sc);
2190 /* enable automatic rate adaptation */
2191 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2192 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2197 /* turn link LED on */
2198 run_set_leds(sc, RT2860_LED_RADIO |
2199 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2200 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2204 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2208 /* restart amrr for running VAPs */
2209 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2210 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2215 return(rvp->newstate(vap, nstate, arg));
2219 run_wme_update(struct ieee80211com *ic)
2221 struct chanAccParams chp;
2222 struct run_softc *sc = ic->ic_softc;
2223 const struct wmeParams *ac;
2226 ieee80211_wme_ic_getparams(ic, &chp);
2227 ac = chp.cap_wmeParams;
2229 /* update MAC TX configuration registers */
2231 for (aci = 0; aci < WME_NUM_AC; aci++) {
2232 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2233 ac[aci].wmep_logcwmax << 16 |
2234 ac[aci].wmep_logcwmin << 12 |
2235 ac[aci].wmep_aifsn << 8 |
2236 ac[aci].wmep_txopLimit);
2237 if (error) goto err;
2240 /* update SCH/DMA registers too */
2241 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2242 ac[WME_AC_VO].wmep_aifsn << 12 |
2243 ac[WME_AC_VI].wmep_aifsn << 8 |
2244 ac[WME_AC_BK].wmep_aifsn << 4 |
2245 ac[WME_AC_BE].wmep_aifsn);
2246 if (error) goto err;
2247 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2248 ac[WME_AC_VO].wmep_logcwmin << 12 |
2249 ac[WME_AC_VI].wmep_logcwmin << 8 |
2250 ac[WME_AC_BK].wmep_logcwmin << 4 |
2251 ac[WME_AC_BE].wmep_logcwmin);
2252 if (error) goto err;
2253 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2254 ac[WME_AC_VO].wmep_logcwmax << 12 |
2255 ac[WME_AC_VI].wmep_logcwmax << 8 |
2256 ac[WME_AC_BK].wmep_logcwmax << 4 |
2257 ac[WME_AC_BE].wmep_logcwmax);
2258 if (error) goto err;
2259 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2260 ac[WME_AC_BK].wmep_txopLimit << 16 |
2261 ac[WME_AC_BE].wmep_txopLimit);
2262 if (error) goto err;
2263 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2264 ac[WME_AC_VO].wmep_txopLimit << 16 |
2265 ac[WME_AC_VI].wmep_txopLimit);
2270 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2276 run_key_set_cb(void *arg)
2278 struct run_cmdq *cmdq = arg;
2279 struct ieee80211vap *vap = cmdq->arg1;
2280 struct ieee80211_key *k = cmdq->k;
2281 struct ieee80211com *ic = vap->iv_ic;
2282 struct run_softc *sc = ic->ic_softc;
2283 struct ieee80211_node *ni;
2284 u_int cipher = k->wk_cipher->ic_cipher;
2286 uint16_t base, associd;
2287 uint8_t mode, wcid, iv[8];
2289 RUN_LOCK_ASSERT(sc, MA_OWNED);
2291 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2292 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2295 associd = (ni != NULL) ? ni->ni_associd : 0;
2297 /* map net80211 cipher to RT2860 security mode */
2299 case IEEE80211_CIPHER_WEP:
2300 if(k->wk_keylen < 8)
2301 mode = RT2860_MODE_WEP40;
2303 mode = RT2860_MODE_WEP104;
2305 case IEEE80211_CIPHER_TKIP:
2306 mode = RT2860_MODE_TKIP;
2308 case IEEE80211_CIPHER_AES_CCM:
2309 mode = RT2860_MODE_AES_CCMP;
2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2316 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2317 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2318 associd, k->wk_keyix, mode,
2319 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2320 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2321 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2323 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2324 wcid = 0; /* NB: update WCID0 for group keys */
2325 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2327 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2328 1 : RUN_AID2WCID(associd);
2329 base = RT2860_PKEY(wcid);
2332 if (cipher == IEEE80211_CIPHER_TKIP) {
2333 if(run_write_region_1(sc, base, k->wk_key, 16))
2335 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2337 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2340 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2341 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2345 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2346 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2347 /* set initial packet number in IV+EIV */
2348 if (cipher == IEEE80211_CIPHER_WEP) {
2349 memset(iv, 0, sizeof iv);
2350 iv[3] = vap->iv_def_txkey << 6;
2352 if (cipher == IEEE80211_CIPHER_TKIP) {
2353 iv[0] = k->wk_keytsc >> 8;
2354 iv[1] = (iv[0] | 0x20) & 0x7f;
2355 iv[2] = k->wk_keytsc;
2357 iv[0] = k->wk_keytsc;
2358 iv[1] = k->wk_keytsc >> 8;
2361 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2362 iv[4] = k->wk_keytsc >> 16;
2363 iv[5] = k->wk_keytsc >> 24;
2364 iv[6] = k->wk_keytsc >> 32;
2365 iv[7] = k->wk_keytsc >> 40;
2367 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2371 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2372 /* install group key */
2373 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2375 attr &= ~(0xf << (k->wk_keyix * 4));
2376 attr |= mode << (k->wk_keyix * 4);
2377 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2380 /* install pairwise key */
2381 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2383 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2384 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2388 /* TODO create a pass-thru key entry? */
2390 /* need wcid to delete the right key later */
2395 * Don't have to be deferred, but in order to keep order of
2396 * execution, i.e. with run_key_delete(), defer this and let
2397 * run_cmdq_cb() maintain the order.
2402 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2404 struct ieee80211com *ic = vap->iv_ic;
2405 struct run_softc *sc = ic->ic_softc;
2408 i = RUN_CMDQ_GET(&sc->cmdq_store);
2409 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2410 sc->cmdq[i].func = run_key_set_cb;
2411 sc->cmdq[i].arg0 = NULL;
2412 sc->cmdq[i].arg1 = vap;
2414 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2415 ieee80211_runtask(ic, &sc->cmdq_task);
2418 * To make sure key will be set when hostapd
2419 * calls iv_key_set() before if_init().
2421 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2423 sc->cmdq_key_set = RUN_CMDQ_GO;
2431 * If wlan is destroyed without being brought down i.e. without
2432 * wlan down or wpa_cli terminate, this function is called after
2433 * vap is gone. Don't refer it.
2436 run_key_delete_cb(void *arg)
2438 struct run_cmdq *cmdq = arg;
2439 struct run_softc *sc = cmdq->arg1;
2440 struct ieee80211_key *k = &cmdq->key;
2444 RUN_LOCK_ASSERT(sc, MA_OWNED);
2446 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2447 /* remove group key */
2448 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2449 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2450 attr &= ~(0xf << (k->wk_keyix * 4));
2451 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2453 /* remove pairwise key */
2454 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2455 "removing key for wcid %x\n", k->wk_pad);
2456 /* matching wcid was written to wk_pad in run_key_set() */
2458 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2460 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2461 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2471 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2473 struct ieee80211com *ic = vap->iv_ic;
2474 struct run_softc *sc = ic->ic_softc;
2475 struct ieee80211_key *k0;
2479 * When called back, key might be gone. So, make a copy
2480 * of some values need to delete keys before deferring.
2481 * But, because of LOR with node lock, cannot use lock here.
2482 * So, use atomic instead.
2484 i = RUN_CMDQ_GET(&sc->cmdq_store);
2485 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2486 sc->cmdq[i].func = run_key_delete_cb;
2487 sc->cmdq[i].arg0 = NULL;
2488 sc->cmdq[i].arg1 = sc;
2489 k0 = &sc->cmdq[i].key;
2490 k0->wk_flags = k->wk_flags;
2491 k0->wk_keyix = k->wk_keyix;
2492 /* matching wcid was written to wk_pad in run_key_set() */
2493 k0->wk_pad = k->wk_pad;
2494 ieee80211_runtask(ic, &sc->cmdq_task);
2495 return (1); /* return fake success */
2500 run_ratectl_to(void *arg)
2502 struct run_softc *sc = arg;
2504 /* do it in a process context, so it can go sleep */
2505 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2506 /* next timeout will be rescheduled in the callback task */
2511 run_ratectl_cb(void *arg, int pending)
2513 struct run_softc *sc = arg;
2514 struct ieee80211com *ic = &sc->sc_ic;
2515 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2520 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2522 * run_reset_livelock() doesn't do anything with AMRR,
2523 * but Ralink wants us to call it every 1 sec. So, we
2524 * piggyback here rather than creating another callout.
2525 * Livelock may occur only in HOSTAP or IBSS mode
2526 * (when h/w is sending beacons).
2529 run_reset_livelock(sc);
2530 /* just in case, there are some stats to drain */
2535 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2538 if(sc->ratectl_run != RUN_RATECTL_OFF)
2539 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2544 run_drain_fifo(void *arg)
2546 struct run_softc *sc = arg;
2548 uint16_t (*wstat)[3];
2549 uint8_t wcid, mcs, pid;
2552 RUN_LOCK_ASSERT(sc, MA_OWNED);
2555 /* drain Tx status FIFO (maxsize = 16) */
2556 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2557 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2558 if (!(stat & RT2860_TXQ_VLD))
2561 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2563 /* if no ACK was requested, no feedback is available */
2564 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2569 * Even though each stat is Tx-complete-status like format,
2570 * the device can poll stats. Because there is no guarantee
2571 * that the referring node is still around when read the stats.
2572 * So that, if we use ieee80211_ratectl_tx_update(), we will
2573 * have hard time not to refer already freed node.
2575 * To eliminate such page faults, we poll stats in softc.
2576 * Then, update the rates later with ieee80211_ratectl_tx_update().
2578 wstat = &(sc->wcid_stats[wcid]);
2579 (*wstat)[RUN_TXCNT]++;
2580 if (stat & RT2860_TXQ_OK)
2581 (*wstat)[RUN_SUCCESS]++;
2583 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2585 * Check if there were retries, ie if the Tx success rate is
2586 * different from the requested rate. Note that it works only
2587 * because we do not allow rate fallback from OFDM to CCK.
2589 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2590 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2591 if ((retry = pid -1 - mcs) > 0) {
2592 (*wstat)[RUN_TXCNT] += retry;
2593 (*wstat)[RUN_RETRY] += retry;
2596 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2602 run_iter_func(void *arg, struct ieee80211_node *ni)
2604 struct run_softc *sc = arg;
2605 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2606 struct ieee80211vap *vap = ni->ni_vap;
2607 struct run_node *rn = RUN_NODE(ni);
2608 union run_stats sta[2];
2609 uint16_t (*wstat)[3];
2614 /* Check for special case */
2615 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2619 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2620 IEEE80211_RATECTL_TX_STATS_RETRIES;
2622 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2623 vap->iv_opmode == IEEE80211_M_STA)) {
2624 /* read statistic counters (clear on read) and update AMRR state */
2625 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2630 /* count failed TX as errors */
2631 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2632 le16toh(sta[0].error.fail));
2634 txs->nretries = le16toh(sta[1].tx.retry);
2635 txs->nsuccess = le16toh(sta[1].tx.success);
2637 txs->nframes = txs->nretries + txs->nsuccess +
2638 le16toh(sta[0].error.fail);
2640 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2641 "retrycnt=%d success=%d failcnt=%d\n",
2642 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2644 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2646 if (wstat == &(sc->wcid_stats[0]) ||
2647 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2650 txs->nretries = (*wstat)[RUN_RETRY];
2651 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2652 txs->nframes = (*wstat)[RUN_TXCNT];
2653 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2654 "retrycnt=%d txcnt=%d success=%d\n",
2655 txs->nretries, txs->nframes, txs->nsuccess);
2657 memset(wstat, 0, sizeof(*wstat));
2660 ieee80211_ratectl_tx_update(vap, txs);
2661 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2666 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx);
2670 run_newassoc_cb(void *arg)
2672 struct run_cmdq *cmdq = arg;
2673 struct ieee80211_node *ni = cmdq->arg1;
2674 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2675 uint8_t wcid = cmdq->wcid;
2677 RUN_LOCK_ASSERT(sc, MA_OWNED);
2679 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2680 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2682 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2686 run_newassoc(struct ieee80211_node *ni, int isnew)
2688 struct run_node *rn = RUN_NODE(ni);
2689 struct ieee80211_rateset *rs = &ni->ni_rates;
2690 struct ieee80211vap *vap = ni->ni_vap;
2691 struct ieee80211com *ic = vap->iv_ic;
2692 struct run_softc *sc = ic->ic_softc;
2698 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2699 1 : RUN_AID2WCID(ni->ni_associd);
2701 if (wcid > RT2870_WCID_MAX) {
2702 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2706 /* only interested in true associations */
2707 if (isnew && ni->ni_associd != 0) {
2710 * This function could is called though timeout function.
2713 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2714 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2715 sc->cmdq[cnt].func = run_newassoc_cb;
2716 sc->cmdq[cnt].arg0 = NULL;
2717 sc->cmdq[cnt].arg1 = ni;
2718 sc->cmdq[cnt].wcid = wcid;
2719 ieee80211_runtask(ic, &sc->cmdq_task);
2722 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2723 "new assoc isnew=%d associd=%x addr=%s\n",
2724 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2726 for (i = 0; i < rs->rs_nrates; i++) {
2727 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2728 /* convert 802.11 rate to hardware rate index */
2729 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2730 if (rt2860_rates[ridx].rate == rate)
2733 /* determine rate of control response frames */
2734 for (j = i; j >= 0; j--) {
2735 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2736 rt2860_rates[rn->ridx[i]].phy ==
2737 rt2860_rates[rn->ridx[j]].phy)
2741 rn->ctl_ridx[i] = rn->ridx[j];
2743 /* no basic rate found, use mandatory one */
2744 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2746 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2747 "rate=0x%02x ridx=%d ctl_ridx=%d\n",
2748 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2750 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2751 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2752 if (rt2860_rates[ridx].rate == rate)
2754 rn->mgt_ridx = ridx;
2755 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2756 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2759 if(sc->ratectl_run != RUN_RATECTL_OFF)
2760 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2765 * Return the Rx chain with the highest RSSI for a given frame.
2767 static __inline uint8_t
2768 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2770 uint8_t rxchain = 0;
2772 if (sc->nrxchains > 1) {
2773 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2775 if (sc->nrxchains > 2)
2776 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2783 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2784 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2786 struct ieee80211vap *vap = ni->ni_vap;
2787 struct run_softc *sc = vap->iv_ic->ic_softc;
2788 struct run_vap *rvp = RUN_VAP(vap);
2789 uint64_t ni_tstamp, rx_tstamp;
2791 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2793 if (vap->iv_state == IEEE80211_S_RUN &&
2794 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2795 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2796 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2798 run_get_tsf(sc, &rx_tstamp);
2800 rx_tstamp = le64toh(rx_tstamp);
2802 if (ni_tstamp >= rx_tstamp) {
2803 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2804 "ibss merge, tsf %ju tstamp %ju\n",
2805 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2806 (void) ieee80211_ibss_merge(ni);
2812 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2814 struct ieee80211com *ic = &sc->sc_ic;
2815 struct ieee80211_frame *wh;
2816 struct ieee80211_node *ni;
2817 struct rt2870_rxd *rxd;
2818 struct rt2860_rxwi *rxwi;
2820 uint16_t len, rxwisize;
2824 rxwisize = sizeof(struct rt2860_rxwi);
2825 if (sc->mac_ver == 0x5592)
2826 rxwisize += sizeof(uint64_t);
2827 else if (sc->mac_ver == 0x3593)
2828 rxwisize += sizeof(uint32_t);
2830 if (__predict_false(dmalen <
2831 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2832 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2833 "payload is too short: dma length %u < %zu\n",
2834 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2838 rxwi = mtod(m, struct rt2860_rxwi *);
2839 len = le16toh(rxwi->len) & 0xfff;
2841 if (__predict_false(len > dmalen - rxwisize)) {
2842 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2843 "bad RXWI length %u > %u\n", len, dmalen);
2847 /* Rx descriptor is located at the end */
2848 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2849 flags = le32toh(rxd->flags);
2851 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2852 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2853 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2857 if (flags & RT2860_RX_L2PAD) {
2859 * XXX OpenBSD removes padding between header
2860 * and payload here...
2862 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2863 "received RT2860_RX_L2PAD frame\n");
2867 m->m_data += rxwisize;
2868 m->m_pkthdr.len = m->m_len = len;
2870 wh = mtod(m, struct ieee80211_frame *);
2872 /* XXX wrong for monitor mode */
2873 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2874 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2875 m->m_flags |= M_WEP;
2878 if (len >= sizeof(struct ieee80211_frame_min)) {
2879 ni = ieee80211_find_rxnode(ic,
2880 mtod(m, struct ieee80211_frame_min *));
2884 if (__predict_false(flags & RT2860_RX_MICERR)) {
2885 /* report MIC failures to net80211 for TKIP */
2887 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2889 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2890 "MIC error. Someone is lying.\n");
2894 ant = run_maxrssi_chain(sc, rxwi);
2895 rssi = rxwi->rssi[ant];
2896 nf = run_rssi2dbm(sc, rssi, ant);
2898 if (__predict_false(ieee80211_radiotap_active(ic))) {
2899 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2903 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2904 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2905 tap->wr_antsignal = rssi;
2906 tap->wr_antenna = ant;
2907 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2908 tap->wr_rate = 2; /* in case it can't be found below */
2910 run_get_tsf(sc, &tap->wr_tsf);
2912 phy = le16toh(rxwi->phy);
2913 switch (phy & RT2860_PHY_MODE) {
2914 case RT2860_PHY_CCK:
2915 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2916 case 0: tap->wr_rate = 2; break;
2917 case 1: tap->wr_rate = 4; break;
2918 case 2: tap->wr_rate = 11; break;
2919 case 3: tap->wr_rate = 22; break;
2921 if (phy & RT2860_PHY_SHPRE)
2922 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2924 case RT2860_PHY_OFDM:
2925 switch (phy & RT2860_PHY_MCS) {
2926 case 0: tap->wr_rate = 12; break;
2927 case 1: tap->wr_rate = 18; break;
2928 case 2: tap->wr_rate = 24; break;
2929 case 3: tap->wr_rate = 36; break;
2930 case 4: tap->wr_rate = 48; break;
2931 case 5: tap->wr_rate = 72; break;
2932 case 6: tap->wr_rate = 96; break;
2933 case 7: tap->wr_rate = 108; break;
2940 (void)ieee80211_input(ni, m, rssi, nf);
2941 ieee80211_free_node(ni);
2943 (void)ieee80211_input_all(ic, m, rssi, nf);
2950 counter_u64_add(ic->ic_ierrors, 1);
2954 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2956 struct run_softc *sc = usbd_xfer_softc(xfer);
2957 struct ieee80211com *ic = &sc->sc_ic;
2958 struct mbuf *m = NULL;
2960 uint32_t dmalen, mbuf_len;
2964 rxwisize = sizeof(struct rt2860_rxwi);
2965 if (sc->mac_ver == 0x5592)
2966 rxwisize += sizeof(uint64_t);
2967 else if (sc->mac_ver == 0x3593)
2968 rxwisize += sizeof(uint32_t);
2970 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2972 switch (USB_GET_STATE(xfer)) {
2973 case USB_ST_TRANSFERRED:
2975 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2976 "rx done, actlen=%d\n", xferlen);
2978 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2979 sizeof(struct rt2870_rxd))) {
2980 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
2981 "xfer too short %d\n", xferlen);
2991 if (sc->rx_m == NULL) {
2992 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2993 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2995 if (sc->rx_m == NULL) {
2996 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC,
2997 "could not allocate mbuf - idle with stall\n");
2998 counter_u64_add(ic->ic_ierrors, 1);
2999 usbd_xfer_set_stall(xfer);
3000 usbd_xfer_set_frames(xfer, 0);
3003 * Directly loading a mbuf cluster into DMA to
3004 * save some data copying. This works because
3005 * there is only one cluster.
3007 usbd_xfer_set_frame_data(xfer, 0,
3008 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3009 usbd_xfer_set_frames(xfer, 1);
3011 usbd_transfer_submit(xfer);
3014 default: /* Error */
3015 if (error != USB_ERR_CANCELLED) {
3016 /* try to clear stall first */
3017 usbd_xfer_set_stall(xfer);
3018 if (error == USB_ERR_TIMEOUT)
3019 device_printf(sc->sc_dev, "device timeout\n");
3020 counter_u64_add(ic->ic_ierrors, 1);
3023 if (sc->rx_m != NULL) {
3033 /* inputting all the frames must be last */
3037 m->m_pkthdr.len = m->m_len = xferlen;
3039 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3041 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3043 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3044 ((dmalen & 3) != 0)) {
3045 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3046 "bad DMA length %u\n", dmalen);
3049 if ((dmalen + 8) > (uint32_t)xferlen) {
3050 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3051 "bad DMA length %u > %d\n",
3052 dmalen + 8, xferlen);
3056 /* If it is the last one or a single frame, we won't copy. */
3057 if ((xferlen -= dmalen + 8) <= 8) {
3058 /* trim 32-bit DMA-len header */
3060 m->m_pkthdr.len = m->m_len -= 4;
3061 run_rx_frame(sc, m, dmalen);
3062 m = NULL; /* don't free source buffer */
3066 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3067 if (__predict_false(mbuf_len > MCLBYTES)) {
3068 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3069 "payload is too big: mbuf_len %u\n", mbuf_len);
3070 counter_u64_add(ic->ic_ierrors, 1);
3074 /* copy aggregated frames to another mbuf */
3075 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3076 if (__predict_false(m0 == NULL)) {
3077 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3078 "could not allocate mbuf\n");
3079 counter_u64_add(ic->ic_ierrors, 1);
3082 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3083 mbuf_len, mtod(m0, caddr_t));
3084 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3085 run_rx_frame(sc, m0, dmalen);
3087 /* update data ptr */
3088 m->m_data += mbuf_len + 4;
3089 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3092 /* make sure we free the source buffer, if any */
3099 run_tx_free(struct run_endpoint_queue *pq,
3100 struct run_tx_data *data, int txerr)
3103 ieee80211_tx_complete(data->ni, data->m, txerr);
3108 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3113 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3115 struct run_softc *sc = usbd_xfer_softc(xfer);
3116 struct ieee80211com *ic = &sc->sc_ic;
3117 struct run_tx_data *data;
3118 struct ieee80211vap *vap = NULL;
3119 struct usb_page_cache *pc;
3120 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3122 usb_frlength_t size;
3126 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3128 switch (USB_GET_STATE(xfer)) {
3129 case USB_ST_TRANSFERRED:
3130 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3131 "transfer complete: %d bytes @ index %d\n", actlen, index);
3133 data = usbd_xfer_get_priv(xfer);
3134 run_tx_free(pq, data, 0);
3135 usbd_xfer_set_priv(xfer, NULL);
3140 data = STAILQ_FIRST(&pq->tx_qh);
3144 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3147 size = (sc->mac_ver == 0x5592) ?
3148 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3149 if ((m->m_pkthdr.len +
3150 size + 3 + 8) > RUN_MAX_TXSZ) {
3151 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3152 "data overflow, %u bytes\n", m->m_pkthdr.len);
3153 run_tx_free(pq, data, 1);
3157 pc = usbd_xfer_get_frame(xfer, 0);
3158 usbd_copy_in(pc, 0, &data->desc, size);
3159 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3160 size += m->m_pkthdr.len;
3162 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3163 * 4-byte padding), and be sure to zero those trailing
3166 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3167 size += ((-size) & 3) + 8;
3169 vap = data->ni->ni_vap;
3170 if (ieee80211_radiotap_active_vap(vap)) {
3171 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3172 struct rt2860_txwi *txwi =
3173 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3175 tap->wt_rate = rt2860_rates[data->ridx].rate;
3176 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3177 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3178 tap->wt_hwqueue = index;
3179 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3180 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3182 ieee80211_radiotap_tx(vap, m);
3185 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3186 "sending frame len=%u/%u @ index %d\n",
3187 m->m_pkthdr.len, size, index);
3189 usbd_xfer_set_frame_len(xfer, 0, size);
3190 usbd_xfer_set_priv(xfer, data);
3191 usbd_transfer_submit(xfer);
3197 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3198 "USB transfer error, %s\n", usbd_errstr(error));
3200 data = usbd_xfer_get_priv(xfer);
3203 if(data->ni != NULL)
3204 vap = data->ni->ni_vap;
3205 run_tx_free(pq, data, error);
3206 usbd_xfer_set_priv(xfer, NULL);
3210 vap = TAILQ_FIRST(&ic->ic_vaps);
3212 if (error != USB_ERR_CANCELLED) {
3213 if (error == USB_ERR_TIMEOUT) {
3214 device_printf(sc->sc_dev, "device timeout\n");
3215 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3216 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3217 "cmdq_store=%d\n", i);
3218 sc->cmdq[i].func = run_usb_timeout_cb;
3219 sc->cmdq[i].arg0 = vap;
3220 ieee80211_runtask(ic, &sc->cmdq_task);
3224 * Try to clear stall first, also if other
3225 * errors occur, hence clearing stall
3226 * introduces a 50 ms delay:
3228 usbd_xfer_set_stall(xfer);
3236 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3238 run_bulk_tx_callbackN(xfer, error, 0);
3242 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3244 run_bulk_tx_callbackN(xfer, error, 1);
3248 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3250 run_bulk_tx_callbackN(xfer, error, 2);
3254 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3256 run_bulk_tx_callbackN(xfer, error, 3);
3260 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3262 run_bulk_tx_callbackN(xfer, error, 4);
3266 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3268 run_bulk_tx_callbackN(xfer, error, 5);
3272 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3274 struct mbuf *m = data->m;
3275 struct ieee80211com *ic = &sc->sc_ic;
3276 struct ieee80211vap *vap = data->ni->ni_vap;
3277 struct ieee80211_frame *wh;
3278 struct rt2870_txd *txd;
3279 struct rt2860_txwi *txwi;
3280 uint16_t xferlen, txwisize;
3282 uint8_t ridx = data->ridx;
3285 /* get MCS code from rate index */
3286 mcs = rt2860_rates[ridx].mcs;
3288 txwisize = (sc->mac_ver == 0x5592) ?
3289 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3290 xferlen = txwisize + m->m_pkthdr.len;
3292 /* roundup to 32-bit alignment */
3293 xferlen = (xferlen + 3) & ~3;
3295 txd = (struct rt2870_txd *)&data->desc;
3296 txd->len = htole16(xferlen);
3298 wh = mtod(m, struct ieee80211_frame *);
3301 * Ether both are true or both are false, the header
3302 * are nicely aligned to 32-bit. So, no L2 padding.
3304 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3309 /* setup TX Wireless Information */
3310 txwi = (struct rt2860_txwi *)(txd + 1);
3311 txwi->len = htole16(m->m_pkthdr.len - pad);
3312 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3313 mcs |= RT2860_PHY_CCK;
3314 if (ridx != RT2860_RIDX_CCK1 &&
3315 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3316 mcs |= RT2860_PHY_SHPRE;
3318 mcs |= RT2860_PHY_OFDM;
3319 txwi->phy = htole16(mcs);
3321 /* check if RTS/CTS or CTS-to-self protection is required */
3322 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3323 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3324 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3325 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3326 txwi->txop |= RT2860_TX_TXOP_HT;
3328 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3330 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3331 txwi->xflags |= RT2860_TX_NSEQ;
3334 /* This function must be called locked */
3336 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3338 struct ieee80211com *ic = &sc->sc_ic;
3339 struct ieee80211vap *vap = ni->ni_vap;
3340 struct ieee80211_frame *wh;
3341 const struct ieee80211_txparam *tp = ni->ni_txparms;
3342 struct run_node *rn = RUN_NODE(ni);
3343 struct run_tx_data *data;
3344 struct rt2870_txd *txd;
3345 struct rt2860_txwi *txwi;
3357 RUN_LOCK_ASSERT(sc, MA_OWNED);
3359 wh = mtod(m, struct ieee80211_frame *);
3361 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3364 * There are 7 bulk endpoints: 1 for RX
3365 * and 6 for TX (4 EDCAs + HCCA + Prio).
3366 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3367 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3369 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3372 frm = ieee80211_getqos(wh);
3373 qos = le16toh(*(const uint16_t *)frm);
3374 tid = qos & IEEE80211_QOS_TID;
3375 qid = TID_TO_WME_AC(tid);
3381 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3383 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3384 qos, qid, tid, qflags);
3386 /* pickup a rate index */
3387 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3388 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3389 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3390 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3391 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3393 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3394 ridx = rn->fix_ridx;
3396 ridx = rn->amrr_ridx;
3397 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3400 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3401 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3402 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3403 xflags |= RT2860_TX_ACK;
3404 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3405 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3407 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3408 USETW(wh->i_dur, dur);
3411 /* reserve slots for mgmt packets, just in case */
3412 if (sc->sc_epq[qid].tx_nfree < 3) {
3413 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3417 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3418 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3419 sc->sc_epq[qid].tx_nfree--;
3421 txd = (struct rt2870_txd *)&data->desc;
3422 txd->flags = qflags;
3423 txwi = (struct rt2860_txwi *)(txd + 1);
3424 txwi->xflags = xflags;
3425 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3428 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3429 1 : RUN_AID2WCID(ni->ni_associd);
3431 /* clear leftover garbage bits */
3439 run_set_tx_desc(sc, data);
3442 * The chip keeps track of 2 kind of Tx stats,
3443 * * TX_STAT_FIFO, for per WCID stats, and
3444 * * TX_STA_CNT0 for all-TX-in-one stats.
3446 * To use FIFO stats, we need to store MCS into the driver-private
3447 * PacketID field. So that, we can tell whose stats when we read them.
3448 * We add 1 to the MCS because setting the PacketID field to 0 means
3449 * that we don't want feedback in TX_STAT_FIFO.
3450 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3452 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3454 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3455 vap->iv_opmode == IEEE80211_M_MBSS) {
3456 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3457 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3460 * Unlike PCI based devices, we don't get any interrupt from
3461 * USB devices, so we simulate FIFO-is-full interrupt here.
3462 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3463 * quickly get fulled. To prevent overflow, increment a counter on
3464 * every FIFO stat request, so we know how many slots are left.
3465 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3466 * are used only in those modes.
3467 * We just drain stats. AMRR gets updated every 1 sec by
3468 * run_ratectl_cb() via callout.
3469 * Call it early. Otherwise overflow.
3471 if (sc->fifo_cnt++ == 10) {
3473 * With multiple vaps or if_bridge, if_start() is called
3474 * with a non-sleepable lock, tcpinp. So, need to defer.
3476 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3477 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3478 sc->cmdq[i].func = run_drain_fifo;
3479 sc->cmdq[i].arg0 = sc;
3480 ieee80211_runtask(ic, &sc->cmdq_task);
3484 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3486 usbd_transfer_start(sc->sc_xfer[qid]);
3488 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3489 "sending data frame len=%d rate=%d qid=%d\n",
3490 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3491 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3497 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3499 struct ieee80211com *ic = &sc->sc_ic;
3500 struct run_node *rn = RUN_NODE(ni);
3501 struct run_tx_data *data;
3502 struct ieee80211_frame *wh;
3503 struct rt2870_txd *txd;
3504 struct rt2860_txwi *txwi;
3506 uint8_t ridx = rn->mgt_ridx;
3510 RUN_LOCK_ASSERT(sc, MA_OWNED);
3512 wh = mtod(m, struct ieee80211_frame *);
3514 /* tell hardware to add timestamp for probe responses */
3516 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3517 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3518 wflags |= RT2860_TX_TS;
3519 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3520 xflags |= RT2860_TX_ACK;
3522 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3523 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3524 USETW(wh->i_dur, dur);
3527 if (sc->sc_epq[0].tx_nfree == 0)
3528 /* let caller free mbuf */
3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3532 sc->sc_epq[0].tx_nfree--;
3534 txd = (struct rt2870_txd *)&data->desc;
3535 txd->flags = RT2860_TX_QSEL_EDCA;
3536 txwi = (struct rt2860_txwi *)(txd + 1);
3538 txwi->flags = wflags;
3539 txwi->xflags = xflags;
3540 txwi->txop = 0; /* clear leftover garbage bits */
3546 run_set_tx_desc(sc, data);
3548 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3549 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3550 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3552 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3554 usbd_transfer_start(sc->sc_xfer[0]);
3560 run_sendprot(struct run_softc *sc,
3561 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3563 struct ieee80211com *ic = ni->ni_ic;
3564 struct run_tx_data *data;
3565 struct rt2870_txd *txd;
3566 struct rt2860_txwi *txwi;
3573 RUN_LOCK_ASSERT(sc, MA_OWNED);
3575 /* check that there are free slots before allocating the mbuf */
3576 if (sc->sc_epq[0].tx_nfree == 0)
3577 /* let caller free mbuf */
3580 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3581 if (mprot == NULL) {
3582 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3583 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3587 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3588 wflags = RT2860_TX_FRAG;
3590 if (prot == IEEE80211_PROT_RTSCTS)
3591 xflags |= RT2860_TX_ACK;
3593 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3594 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3595 sc->sc_epq[0].tx_nfree--;
3597 txd = (struct rt2870_txd *)&data->desc;
3598 txd->flags = RT2860_TX_QSEL_EDCA;
3599 txwi = (struct rt2860_txwi *)(txd + 1);
3601 txwi->flags = wflags;
3602 txwi->xflags = xflags;
3603 txwi->txop = 0; /* clear leftover garbage bits */
3606 data->ni = ieee80211_ref_node(ni);
3608 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3609 if (rt2860_rates[ridx].rate == protrate)
3613 run_set_tx_desc(sc, data);
3615 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3616 m->m_pkthdr.len, rate);
3618 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3620 usbd_transfer_start(sc->sc_xfer[0]);
3626 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3627 const struct ieee80211_bpf_params *params)
3629 struct ieee80211com *ic = ni->ni_ic;
3630 struct run_tx_data *data;
3631 struct rt2870_txd *txd;
3632 struct rt2860_txwi *txwi;
3635 uint8_t opflags = 0;
3639 RUN_LOCK_ASSERT(sc, MA_OWNED);
3641 KASSERT(params != NULL, ("no raw xmit params"));
3643 rate = params->ibp_rate0;
3644 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3645 /* let caller free mbuf */
3649 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3650 xflags |= RT2860_TX_ACK;
3651 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3652 error = run_sendprot(sc, m, ni,
3653 params->ibp_flags & IEEE80211_BPF_RTS ?
3654 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3657 /* let caller free mbuf */
3660 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3663 if (sc->sc_epq[0].tx_nfree == 0) {
3664 /* let caller free mbuf */
3665 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3666 "sending raw frame, but tx ring is full\n");
3669 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3670 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3671 sc->sc_epq[0].tx_nfree--;
3673 txd = (struct rt2870_txd *)&data->desc;
3674 txd->flags = RT2860_TX_QSEL_EDCA;
3675 txwi = (struct rt2860_txwi *)(txd + 1);
3677 txwi->xflags = xflags;
3678 txwi->txop = opflags;
3679 txwi->flags = 0; /* clear leftover garbage bits */
3683 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3684 if (rt2860_rates[ridx].rate == rate)
3688 run_set_tx_desc(sc, data);
3690 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3691 m->m_pkthdr.len, rate);
3693 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3695 usbd_transfer_start(sc->sc_xfer[0]);
3701 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3702 const struct ieee80211_bpf_params *params)
3704 struct run_softc *sc = ni->ni_ic->ic_softc;
3709 /* prevent management frames from being sent if we're not ready */
3710 if (!(sc->sc_flags & RUN_RUNNING)) {
3715 if (params == NULL) {
3717 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3718 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3722 /* tx raw packet with param */
3723 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3724 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3741 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3743 struct run_softc *sc = ic->ic_softc;
3747 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3751 error = mbufq_enqueue(&sc->sc_snd, m);
3763 run_start(struct run_softc *sc)
3765 struct ieee80211_node *ni;
3768 RUN_LOCK_ASSERT(sc, MA_OWNED);
3770 if ((sc->sc_flags & RUN_RUNNING) == 0)
3773 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3774 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3775 if (run_tx(sc, m, ni) != 0) {
3776 mbufq_prepend(&sc->sc_snd, m);
3783 run_parent(struct ieee80211com *ic)
3785 struct run_softc *sc = ic->ic_softc;
3789 if (sc->sc_detached) {
3794 if (ic->ic_nrunning > 0) {
3795 if (!(sc->sc_flags & RUN_RUNNING)) {
3797 run_init_locked(sc);
3799 run_update_promisc_locked(sc);
3800 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3804 ieee80211_start_all(ic);
3808 run_iq_calib(struct run_softc *sc, u_int chan)
3813 run_bbp_write(sc, 158, 0x2c);
3815 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3816 else if (chan <= 64) {
3818 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3820 } else if (chan <= 138) {
3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3824 } else if (chan <= 165) {
3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3830 run_bbp_write(sc, 159, val);
3833 run_bbp_write(sc, 158, 0x2d);
3835 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3837 } else if (chan <= 64) {
3839 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3841 } else if (chan <= 138) {
3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3845 } else if (chan <= 165) {
3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3851 run_bbp_write(sc, 159, val);
3854 run_bbp_write(sc, 158, 0x4a);
3856 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3858 } else if (chan <= 64) {
3860 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3862 } else if (chan <= 138) {
3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3866 } else if (chan <= 165) {
3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3872 run_bbp_write(sc, 159, val);
3875 run_bbp_write(sc, 158, 0x4b);
3877 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3879 } else if (chan <= 64) {
3881 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3883 } else if (chan <= 138) {
3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3887 } else if (chan <= 165) {
3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3893 run_bbp_write(sc, 159, val);
3895 /* RF IQ compensation control. */
3896 run_bbp_write(sc, 158, 0x04);
3897 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3899 run_bbp_write(sc, 159, val);
3901 /* RF IQ imbalance compensation control. */
3902 run_bbp_write(sc, 158, 0x03);
3904 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3905 run_bbp_write(sc, 159, val);
3909 run_set_agc(struct run_softc *sc, uint8_t agc)
3913 if (sc->mac_ver == 0x3572) {
3914 run_bbp_read(sc, 27, &bbp);
3916 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3917 run_bbp_write(sc, 66, agc);
3918 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3919 run_bbp_write(sc, 66, agc);
3921 run_bbp_write(sc, 66, agc);
3925 run_select_chan_group(struct run_softc *sc, int group)
3930 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3931 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3932 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3933 if (sc->mac_ver < 0x3572)
3934 run_bbp_write(sc, 86, 0x00);
3936 if (sc->mac_ver == 0x3593) {
3937 run_bbp_write(sc, 77, 0x98);
3938 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3942 if (sc->ext_2ghz_lna) {
3943 if (sc->mac_ver >= 0x5390)
3944 run_bbp_write(sc, 75, 0x52);
3946 run_bbp_write(sc, 82, 0x62);
3947 run_bbp_write(sc, 75, 0x46);
3950 if (sc->mac_ver == 0x5592) {
3951 run_bbp_write(sc, 79, 0x1c);
3952 run_bbp_write(sc, 80, 0x0e);
3953 run_bbp_write(sc, 81, 0x3a);
3954 run_bbp_write(sc, 82, 0x62);
3956 run_bbp_write(sc, 195, 0x80);
3957 run_bbp_write(sc, 196, 0xe0);
3958 run_bbp_write(sc, 195, 0x81);
3959 run_bbp_write(sc, 196, 0x1f);
3960 run_bbp_write(sc, 195, 0x82);
3961 run_bbp_write(sc, 196, 0x38);
3962 run_bbp_write(sc, 195, 0x83);
3963 run_bbp_write(sc, 196, 0x32);
3964 run_bbp_write(sc, 195, 0x85);
3965 run_bbp_write(sc, 196, 0x28);
3966 run_bbp_write(sc, 195, 0x86);
3967 run_bbp_write(sc, 196, 0x19);
3968 } else if (sc->mac_ver >= 0x5390)
3969 run_bbp_write(sc, 75, 0x50);
3971 run_bbp_write(sc, 82,
3972 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3973 run_bbp_write(sc, 75, 0x50);
3977 if (sc->mac_ver == 0x5592) {
3978 run_bbp_write(sc, 79, 0x18);
3979 run_bbp_write(sc, 80, 0x08);
3980 run_bbp_write(sc, 81, 0x38);
3981 run_bbp_write(sc, 82, 0x92);
3983 run_bbp_write(sc, 195, 0x80);
3984 run_bbp_write(sc, 196, 0xf0);
3985 run_bbp_write(sc, 195, 0x81);
3986 run_bbp_write(sc, 196, 0x1e);
3987 run_bbp_write(sc, 195, 0x82);
3988 run_bbp_write(sc, 196, 0x28);
3989 run_bbp_write(sc, 195, 0x83);
3990 run_bbp_write(sc, 196, 0x20);
3991 run_bbp_write(sc, 195, 0x85);
3992 run_bbp_write(sc, 196, 0x7f);
3993 run_bbp_write(sc, 195, 0x86);
3994 run_bbp_write(sc, 196, 0x7f);
3995 } else if (sc->mac_ver == 0x3572)
3996 run_bbp_write(sc, 82, 0x94);
3998 run_bbp_write(sc, 82,
3999 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4000 if (sc->ext_5ghz_lna)
4001 run_bbp_write(sc, 75, 0x46);
4003 run_bbp_write(sc, 75, 0x50);
4006 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4007 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4008 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4009 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4011 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4012 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4013 if (sc->mac_ver == 0x3593)
4014 tmp |= 1 << 29 | 1 << 28;
4015 if (sc->nrxchains > 1)
4016 tmp |= RT2860_LNA_PE1_EN;
4017 if (group == 0) { /* 2GHz */
4018 tmp |= RT2860_PA_PE_G0_EN;
4019 if (sc->ntxchains > 1)
4020 tmp |= RT2860_PA_PE_G1_EN;
4021 if (sc->mac_ver == 0x3593) {
4022 if (sc->ntxchains > 2)
4026 tmp |= RT2860_PA_PE_A0_EN;
4027 if (sc->ntxchains > 1)
4028 tmp |= RT2860_PA_PE_A1_EN;
4030 if (sc->mac_ver == 0x3572) {
4031 run_rt3070_rf_write(sc, 8, 0x00);
4032 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4033 run_rt3070_rf_write(sc, 8, 0x80);
4035 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4037 if (sc->mac_ver == 0x5592) {
4038 run_bbp_write(sc, 195, 0x8d);
4039 run_bbp_write(sc, 196, 0x1a);
4042 if (sc->mac_ver == 0x3593) {
4043 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4047 tmp = (tmp & ~0x00009090) | 0x00000090;
4048 run_write(sc, RT2860_GPIO_CTRL, tmp);
4051 /* set initial AGC value */
4052 if (group == 0) { /* 2GHz band */
4053 if (sc->mac_ver >= 0x3070)
4054 agc = 0x1c + sc->lna[0] * 2;
4056 agc = 0x2e + sc->lna[0];
4057 } else { /* 5GHz band */
4058 if (sc->mac_ver == 0x5592)
4059 agc = 0x24 + sc->lna[group] * 2;
4060 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4061 agc = 0x22 + (sc->lna[group] * 5) / 3;
4063 agc = 0x32 + (sc->lna[group] * 5) / 3;
4065 run_set_agc(sc, agc);
4069 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4071 const struct rfprog *rfprog = rt2860_rf2850;
4072 uint32_t r2, r3, r4;
4073 int8_t txpow1, txpow2;
4076 /* find the settings for this channel (we know it exists) */
4077 for (i = 0; rfprog[i].chan != chan; i++);
4080 if (sc->ntxchains == 1)
4081 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4082 if (sc->nrxchains == 1)
4083 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4084 else if (sc->nrxchains == 2)
4085 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4087 /* use Tx power values from EEPROM */
4088 txpow1 = sc->txpow1[i];
4089 txpow2 = sc->txpow2[i];
4091 /* Initialize RF R3 and R4. */
4092 r3 = rfprog[i].r3 & 0xffffc1ff;
4093 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4096 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4097 r3 |= (txpow1 << 10) | (1 << 9);
4101 /* txpow1 is not possible larger than 15. */
4102 r3 |= (txpow1 << 10);
4105 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4106 r4 |= (txpow2 << 7) | (1 << 6);
4109 r4 |= (txpow2 << 7);
4112 /* Set Tx0 power. */
4113 r3 |= (txpow1 << 9);
4115 /* Set frequency offset and Tx1 power. */
4116 r4 |= (txpow2 << 6);
4119 run_rt2870_rf_write(sc, rfprog[i].r1);
4120 run_rt2870_rf_write(sc, r2);
4121 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4122 run_rt2870_rf_write(sc, r4);
4126 run_rt2870_rf_write(sc, rfprog[i].r1);
4127 run_rt2870_rf_write(sc, r2);
4128 run_rt2870_rf_write(sc, r3 | (1 << 2));
4129 run_rt2870_rf_write(sc, r4);
4133 run_rt2870_rf_write(sc, rfprog[i].r1);
4134 run_rt2870_rf_write(sc, r2);
4135 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4136 run_rt2870_rf_write(sc, r4);
4140 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4142 int8_t txpow1, txpow2;
4146 /* find the settings for this channel (we know it exists) */
4147 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4149 /* use Tx power values from EEPROM */
4150 txpow1 = sc->txpow1[i];
4151 txpow2 = sc->txpow2[i];
4153 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4155 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4156 run_rt3070_rf_read(sc, 3, &rf);
4157 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4158 run_rt3070_rf_write(sc, 3, rf);
4160 run_rt3070_rf_read(sc, 6, &rf);
4161 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4162 run_rt3070_rf_write(sc, 6, rf);
4165 run_rt3070_rf_read(sc, 12, &rf);
4166 rf = (rf & ~0x1f) | txpow1;
4167 run_rt3070_rf_write(sc, 12, rf);
4170 run_rt3070_rf_read(sc, 13, &rf);
4171 rf = (rf & ~0x1f) | txpow2;
4172 run_rt3070_rf_write(sc, 13, rf);
4174 run_rt3070_rf_read(sc, 1, &rf);
4176 if (sc->ntxchains == 1)
4177 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4178 else if (sc->ntxchains == 2)
4179 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4180 if (sc->nrxchains == 1)
4181 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4182 else if (sc->nrxchains == 2)
4183 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4184 run_rt3070_rf_write(sc, 1, rf);
4187 run_rt3070_rf_read(sc, 23, &rf);
4188 rf = (rf & ~0x7f) | sc->freq;
4189 run_rt3070_rf_write(sc, 23, rf);
4191 /* program RF filter */
4192 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4193 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4194 run_rt3070_rf_write(sc, 24, rf);
4195 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4196 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4197 run_rt3070_rf_write(sc, 31, rf);
4199 /* enable RF tuning */
4200 run_rt3070_rf_read(sc, 7, &rf);
4201 run_rt3070_rf_write(sc, 7, rf | 0x01);
4205 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4207 int8_t txpow1, txpow2;
4212 /* find the settings for this channel (we know it exists) */
4213 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4215 /* use Tx power values from EEPROM */
4216 txpow1 = sc->txpow1[i];
4217 txpow2 = sc->txpow2[i];
4220 run_bbp_write(sc, 25, sc->bbp25);
4221 run_bbp_write(sc, 26, sc->bbp26);
4223 /* enable IQ phase correction */
4224 run_bbp_write(sc, 25, 0x09);
4225 run_bbp_write(sc, 26, 0xff);
4228 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4229 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4230 run_rt3070_rf_read(sc, 6, &rf);
4231 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4232 rf |= (chan <= 14) ? 0x08 : 0x04;
4233 run_rt3070_rf_write(sc, 6, rf);
4236 run_rt3070_rf_read(sc, 5, &rf);
4237 rf &= ~(0x08 | 0x04);
4238 rf |= (chan <= 14) ? 0x04 : 0x08;
4239 run_rt3070_rf_write(sc, 5, rf);
4241 /* set Tx power for chain 0 */
4245 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4246 run_rt3070_rf_write(sc, 12, rf);
4248 /* set Tx power for chain 1 */
4252 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4253 run_rt3070_rf_write(sc, 13, rf);
4255 /* set Tx/Rx streams */
4256 run_rt3070_rf_read(sc, 1, &rf);
4258 if (sc->ntxchains == 1)
4259 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4260 else if (sc->ntxchains == 2)
4261 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4262 if (sc->nrxchains == 1)
4263 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4264 else if (sc->nrxchains == 2)
4265 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4266 run_rt3070_rf_write(sc, 1, rf);
4269 run_rt3070_rf_read(sc, 23, &rf);
4270 rf = (rf & ~0x7f) | sc->freq;
4271 run_rt3070_rf_write(sc, 23, rf);
4273 /* program RF filter */
4274 rf = sc->rf24_20mhz;
4275 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4276 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4278 /* enable RF tuning */
4279 run_rt3070_rf_read(sc, 7, &rf);
4280 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4281 run_rt3070_rf_write(sc, 7, rf);
4284 rf = (chan <= 14) ? 0xc3 : 0xc0;
4285 run_rt3070_rf_write(sc, 9, rf);
4287 /* set loop filter 1 */
4288 run_rt3070_rf_write(sc, 10, 0xf1);
4289 /* set loop filter 2 */
4290 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4293 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4296 rf = 0x48 | sc->txmixgain_2ghz;
4298 rf = 0x78 | sc->txmixgain_5ghz;
4299 run_rt3070_rf_write(sc, 16, rf);
4302 run_rt3070_rf_write(sc, 17, 0x23);
4306 else if (chan <= 64)
4308 else if (chan <= 128)
4312 run_rt3070_rf_write(sc, 19, rf);
4317 else if (chan <= 64)
4319 else if (chan <= 128)
4323 run_rt3070_rf_write(sc, 20, rf);
4328 else if (chan <= 64)
4332 run_rt3070_rf_write(sc, 25, rf);
4335 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4337 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4339 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4341 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4345 run_write(sc, RT2860_GPIO_CTRL, tmp);
4347 /* enable RF tuning */
4348 run_rt3070_rf_read(sc, 7, &rf);
4349 run_rt3070_rf_write(sc, 7, rf | 0x01);
4355 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4357 int8_t txpow1, txpow2, txpow3;
4361 /* find the settings for this channel (we know it exists) */
4362 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4364 /* use Tx power values from EEPROM */
4365 txpow1 = sc->txpow1[i];
4366 txpow2 = sc->txpow2[i];
4367 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4370 run_bbp_write(sc, 25, sc->bbp25);
4371 run_bbp_write(sc, 26, sc->bbp26);
4373 /* Enable IQ phase correction. */
4374 run_bbp_write(sc, 25, 0x09);
4375 run_bbp_write(sc, 26, 0xff);
4378 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4379 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4380 run_rt3070_rf_read(sc, 11, &rf);
4381 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4382 run_rt3070_rf_write(sc, 11, rf);
4385 run_rt3070_rf_read(sc, 11, &rf);
4387 rf |= (chan <= 14) ? 0x44 : 0x48;
4388 run_rt3070_rf_write(sc, 11, rf);
4393 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4394 run_rt3070_rf_write(sc, 53, rf);
4399 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4400 run_rt3070_rf_write(sc, 55, rf);
4405 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4406 run_rt3070_rf_write(sc, 54, rf);
4408 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4409 if (sc->ntxchains == 3)
4410 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4412 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4413 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4414 run_rt3070_rf_write(sc, 1, rf);
4416 run_adjust_freq_offset(sc);
4418 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4420 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4421 run_rt3070_rf_read(sc, 30, &rf);
4422 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4423 run_rt3070_rf_write(sc, 30, rf);
4425 run_rt3070_rf_read(sc, 36, &rf);
4430 run_rt3070_rf_write(sc, 36, rf);
4433 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4434 /* Set pfd_delay. */
4435 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4437 /* Set vco bias current control. */
4438 run_rt3070_rf_read(sc, 6, &rf);
4442 else if (chan <= 128)
4446 run_rt3070_rf_write(sc, 6, rf);
4448 run_rt3070_rf_read(sc, 30, &rf);
4449 rf = (rf & ~0x18) | 0x10;
4450 run_rt3070_rf_write(sc, 30, rf);
4452 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4453 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4455 run_rt3070_rf_read(sc, 51, &rf);
4456 rf = (rf & ~0x03) | 0x01;
4457 run_rt3070_rf_write(sc, 51, rf);
4458 /* Set tx_mx1_cc. */
4459 run_rt3070_rf_read(sc, 51, &rf);
4461 rf |= (chan <= 14) ? 0x14 : 0x10;
4462 run_rt3070_rf_write(sc, 51, rf);
4463 /* Set tx_mx1_ic. */
4464 run_rt3070_rf_read(sc, 51, &rf);
4466 rf |= (chan <= 14) ? 0x60 : 0x40;
4467 run_rt3070_rf_write(sc, 51, rf);
4468 /* Set tx_lo1_ic. */
4469 run_rt3070_rf_read(sc, 49, &rf);
4471 rf |= (chan <= 14) ? 0x0c : 0x08;
4472 run_rt3070_rf_write(sc, 49, rf);
4473 /* Set tx_lo1_en. */
4474 run_rt3070_rf_read(sc, 50, &rf);
4475 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4477 run_rt3070_rf_read(sc, 57, &rf);
4479 rf |= (chan <= 14) ? 0x6c : 0x3c;
4480 run_rt3070_rf_write(sc, 57, rf);
4481 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4482 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4483 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4484 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4485 /* Enable VCO calibration. */
4486 run_rt3070_rf_read(sc, 3, &rf);
4487 rf &= ~RT5390_VCOCAL;
4488 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4489 run_rt3070_rf_write(sc, 3, rf);
4493 else if (chan <= 64)
4495 else if (chan <= 128)
4499 run_rt3070_rf_write(sc, 39, rf);
4502 else if (chan <= 64)
4504 else if (chan <= 128)
4508 run_rt3070_rf_write(sc, 45, rf);
4510 /* Set FEQ/AEQ control. */
4511 run_bbp_write(sc, 105, 0x34);
4515 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4517 int8_t txpow1, txpow2;
4521 /* find the settings for this channel (we know it exists) */
4522 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4524 /* use Tx power values from EEPROM */
4525 txpow1 = sc->txpow1[i];
4526 txpow2 = sc->txpow2[i];
4528 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4529 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4530 run_rt3070_rf_read(sc, 11, &rf);
4531 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4532 run_rt3070_rf_write(sc, 11, rf);
4534 run_rt3070_rf_read(sc, 49, &rf);
4535 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4536 /* The valid range of the RF R49 is 0x00 to 0x27. */
4537 if ((rf & 0x3f) > 0x27)
4538 rf = (rf & ~0x3f) | 0x27;
4539 run_rt3070_rf_write(sc, 49, rf);
4541 if (sc->mac_ver == 0x5392) {
4542 run_rt3070_rf_read(sc, 50, &rf);
4543 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4544 /* The valid range of the RF R50 is 0x00 to 0x27. */
4545 if ((rf & 0x3f) > 0x27)
4546 rf = (rf & ~0x3f) | 0x27;
4547 run_rt3070_rf_write(sc, 50, rf);
4550 run_rt3070_rf_read(sc, 1, &rf);
4551 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4552 if (sc->mac_ver == 0x5392)
4553 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4554 run_rt3070_rf_write(sc, 1, rf);
4556 if (sc->mac_ver != 0x5392) {
4557 run_rt3070_rf_read(sc, 2, &rf);
4559 run_rt3070_rf_write(sc, 2, rf);
4562 run_rt3070_rf_write(sc, 2, rf);
4565 run_adjust_freq_offset(sc);
4567 if (sc->mac_ver == 0x5392) {
4568 /* Fix for RT5392C. */
4569 if (sc->mac_rev >= 0x0223) {
4572 else if (chan >= 5 && chan <= 7)
4576 run_rt3070_rf_write(sc, 23, rf);
4582 else if (chan >= 6 && chan <= 7)
4584 else if (chan >= 8 && chan <= 10)
4588 run_rt3070_rf_write(sc, 59, rf);
4594 run_rt3070_rf_write(sc, 59, rf);
4597 /* Fix for RT5390F. */
4598 if (sc->mac_rev >= 0x0502) {
4603 run_rt3070_rf_write(sc, 55, rf);
4607 else if (chan == 12)
4611 run_rt3070_rf_write(sc, 59, rf);
4613 run_rt3070_rf_write(sc, 55, 0x44);
4614 run_rt3070_rf_write(sc, 59, 0x8f);
4618 /* Enable VCO calibration. */
4619 run_rt3070_rf_read(sc, 3, &rf);
4620 rf |= RT5390_VCOCAL;
4621 run_rt3070_rf_write(sc, 3, rf);
4625 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4627 const struct rt5592_freqs *freqs;
4629 uint8_t reg, rf, txpow_bound;
4630 int8_t txpow1, txpow2;
4633 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4634 freqs = (tmp & RT5592_SEL_XTAL) ?
4635 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4637 /* find the settings for this channel (we know it exists) */
4638 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4640 /* use Tx power values from EEPROM */
4641 txpow1 = sc->txpow1[i];
4642 txpow2 = sc->txpow2[i];
4644 run_read(sc, RT3070_LDO_CFG0, &tmp);
4648 run_write(sc, RT3070_LDO_CFG0, tmp);
4651 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4652 run_rt3070_rf_read(sc, 9, &rf);
4654 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4655 run_rt3070_rf_write(sc, 9, rf);
4658 run_rt3070_rf_read(sc, 9, &rf);
4660 rf |= (freqs->k & 0x0f);
4661 run_rt3070_rf_write(sc, 9, rf);
4664 run_rt3070_rf_read(sc, 11, &rf);
4666 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4667 run_rt3070_rf_write(sc, 11, rf);
4668 run_rt3070_rf_read(sc, 9, &rf);
4670 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4671 run_rt3070_rf_write(sc, 9, rf);
4674 run_rt3070_rf_read(sc, 11, &rf);
4676 rf |= (freqs->r - 0x1);
4677 run_rt3070_rf_write(sc, 11, rf);
4680 /* Initialize RF registers for 2GHZ. */
4681 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4682 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4683 rt5592_2ghz_def_rf[i].val);
4686 rf = (chan <= 10) ? 0x07 : 0x06;
4687 run_rt3070_rf_write(sc, 23, rf);
4688 run_rt3070_rf_write(sc, 59, rf);
4690 run_rt3070_rf_write(sc, 55, 0x43);
4693 * RF R49/R50 Tx power ALC code.
4694 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4699 /* Initialize RF registers for 5GHZ. */
4700 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4701 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4702 rt5592_5ghz_def_rf[i].val);
4704 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4705 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4706 chan <= rt5592_chan_5ghz[i].lastchan) {
4707 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4708 rt5592_chan_5ghz[i].val);
4713 * RF R49/R50 Tx power ALC code.
4714 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4720 /* RF R49 ch0 Tx power ALC code. */
4721 run_rt3070_rf_read(sc, 49, &rf);
4724 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4725 if ((rf & 0x3f) > txpow_bound)
4726 rf = (rf & ~0x3f) | txpow_bound;
4727 run_rt3070_rf_write(sc, 49, rf);
4729 /* RF R50 ch1 Tx power ALC code. */
4730 run_rt3070_rf_read(sc, 50, &rf);
4731 rf &= ~(1 << 7 | 1 << 6);
4733 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4734 if ((rf & 0x3f) > txpow_bound)
4735 rf = (rf & ~0x3f) | txpow_bound;
4736 run_rt3070_rf_write(sc, 50, rf);
4738 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4739 run_rt3070_rf_read(sc, 1, &rf);
4740 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4741 if (sc->ntxchains > 1)
4742 rf |= RT3070_TX1_PD;
4743 if (sc->nrxchains > 1)
4744 rf |= RT3070_RX1_PD;
4745 run_rt3070_rf_write(sc, 1, rf);
4747 run_rt3070_rf_write(sc, 6, 0xe4);
4749 run_rt3070_rf_write(sc, 30, 0x10);
4750 run_rt3070_rf_write(sc, 31, 0x80);
4751 run_rt3070_rf_write(sc, 32, 0x80);
4753 run_adjust_freq_offset(sc);
4755 /* Enable VCO calibration. */
4756 run_rt3070_rf_read(sc, 3, &rf);
4757 rf |= RT5390_VCOCAL;
4758 run_rt3070_rf_write(sc, 3, rf);
4762 run_set_rx_antenna(struct run_softc *sc, int aux)
4768 if (sc->rf_rev == RT5390_RF_5370) {
4769 run_bbp_read(sc, 152, &bbp152);
4770 run_bbp_write(sc, 152, bbp152 & ~0x80);
4772 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4773 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4774 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4777 if (sc->rf_rev == RT5390_RF_5370) {
4778 run_bbp_read(sc, 152, &bbp152);
4779 run_bbp_write(sc, 152, bbp152 | 0x80);
4781 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4782 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4783 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4789 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4791 struct ieee80211com *ic = &sc->sc_ic;
4794 chan = ieee80211_chan2ieee(ic, c);
4795 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4798 if (sc->mac_ver == 0x5592)
4799 run_rt5592_set_chan(sc, chan);
4800 else if (sc->mac_ver >= 0x5390)
4801 run_rt5390_set_chan(sc, chan);
4802 else if (sc->mac_ver == 0x3593)
4803 run_rt3593_set_chan(sc, chan);
4804 else if (sc->mac_ver == 0x3572)
4805 run_rt3572_set_chan(sc, chan);
4806 else if (sc->mac_ver >= 0x3070)
4807 run_rt3070_set_chan(sc, chan);
4809 run_rt2870_set_chan(sc, chan);
4811 /* determine channel group */
4814 else if (chan <= 64)
4816 else if (chan <= 128)
4821 /* XXX necessary only when group has changed! */
4822 run_select_chan_group(sc, group);
4826 /* Perform IQ calibration. */
4827 if (sc->mac_ver >= 0x5392)
4828 run_iq_calib(sc, chan);
4834 run_set_channel(struct ieee80211com *ic)
4836 struct run_softc *sc = ic->ic_softc;
4839 run_set_chan(sc, ic->ic_curchan);
4846 run_getradiocaps(struct ieee80211com *ic,
4847 int maxchans, int *nchans, struct ieee80211_channel chans[])
4849 struct run_softc *sc = ic->ic_softc;
4850 uint8_t bands[IEEE80211_MODE_BYTES];
4852 memset(bands, 0, sizeof(bands));
4853 setbit(bands, IEEE80211_MODE_11B);
4854 setbit(bands, IEEE80211_MODE_11G);
4855 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4857 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4858 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4859 sc->rf_rev == RT5592_RF_5592) {
4860 setbit(bands, IEEE80211_MODE_11A);
4861 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4862 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4867 run_scan_start(struct ieee80211com *ic)
4869 struct run_softc *sc = ic->ic_softc;
4874 /* abort TSF synchronization */
4875 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4876 run_write(sc, RT2860_BCN_TIME_CFG,
4877 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4878 RT2860_TBTT_TIMER_EN));
4879 run_set_bssid(sc, ieee80211broadcastaddr);
4887 run_scan_end(struct ieee80211com *ic)
4889 struct run_softc *sc = ic->ic_softc;
4893 run_enable_tsf_sync(sc);
4894 run_set_bssid(sc, sc->sc_bssid);
4902 * Could be called from ieee80211_node_timeout()
4903 * (non-sleepable thread)
4906 run_update_beacon(struct ieee80211vap *vap, int item)
4908 struct ieee80211com *ic = vap->iv_ic;
4909 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4910 struct ieee80211_node *ni = vap->iv_bss;
4911 struct run_softc *sc = ic->ic_softc;
4912 struct run_vap *rvp = RUN_VAP(vap);
4917 case IEEE80211_BEACON_ERP:
4920 case IEEE80211_BEACON_HTINFO:
4923 case IEEE80211_BEACON_TIM:
4930 setbit(bo->bo_flags, item);
4931 if (rvp->beacon_mbuf == NULL) {
4932 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4933 if (rvp->beacon_mbuf == NULL)
4936 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4938 i = RUN_CMDQ_GET(&sc->cmdq_store);
4939 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4940 sc->cmdq[i].func = run_update_beacon_cb;
4941 sc->cmdq[i].arg0 = vap;
4942 ieee80211_runtask(ic, &sc->cmdq_task);
4948 run_update_beacon_cb(void *arg)
4950 struct ieee80211vap *vap = arg;
4951 struct ieee80211_node *ni = vap->iv_bss;
4952 struct run_vap *rvp = RUN_VAP(vap);
4953 struct ieee80211com *ic = vap->iv_ic;
4954 struct run_softc *sc = ic->ic_softc;
4955 struct rt2860_txwi txwi;
4960 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4962 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4966 * No need to call ieee80211_beacon_update(), run_update_beacon()
4967 * is taking care of appropriate calls.
4969 if (rvp->beacon_mbuf == NULL) {
4970 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4971 if (rvp->beacon_mbuf == NULL)
4974 m = rvp->beacon_mbuf;
4976 memset(&txwi, 0, sizeof(txwi));
4978 txwi.len = htole16(m->m_pkthdr.len);
4980 /* send beacons at the lowest available rate */
4981 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4982 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4983 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4984 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4985 txwi.phy |= htole16(RT2860_PHY_OFDM);
4986 txwi.txop = RT2860_TX_TXOP_HT;
4987 txwi.flags = RT2860_TX_TS;
4988 txwi.xflags = RT2860_TX_NSEQ;
4990 txwisize = (sc->mac_ver == 0x5592) ?
4991 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4992 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4994 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4995 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4999 run_updateprot(struct ieee80211com *ic)
5001 struct run_softc *sc = ic->ic_softc;
5004 i = RUN_CMDQ_GET(&sc->cmdq_store);
5005 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5006 sc->cmdq[i].func = run_updateprot_cb;
5007 sc->cmdq[i].arg0 = ic;
5008 ieee80211_runtask(ic, &sc->cmdq_task);
5012 run_updateprot_cb(void *arg)
5014 struct ieee80211com *ic = arg;
5015 struct run_softc *sc = ic->ic_softc;
5018 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5019 /* setup protection frame rate (MCS code) */
5020 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5021 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5022 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5024 /* CCK frames don't require protection */
5025 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5026 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5027 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5028 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5029 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5030 tmp |= RT2860_PROT_CTRL_CTS;
5032 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5036 run_usb_timeout_cb(void *arg)
5038 struct ieee80211vap *vap = arg;
5039 struct run_softc *sc = vap->iv_ic->ic_softc;
5041 RUN_LOCK_ASSERT(sc, MA_OWNED);
5043 if(vap->iv_state == IEEE80211_S_RUN &&
5044 vap->iv_opmode != IEEE80211_M_STA)
5045 run_reset_livelock(sc);
5046 else if (vap->iv_state == IEEE80211_S_SCAN) {
5047 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5048 "timeout caused by scan\n");
5050 ieee80211_cancel_scan(vap);
5052 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5053 "timeout by unknown cause\n");
5057 run_reset_livelock(struct run_softc *sc)
5061 RUN_LOCK_ASSERT(sc, MA_OWNED);
5064 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5065 * can run into a livelock and start sending CTS-to-self frames like
5066 * crazy if protection is enabled. Reset MAC/BBP for a while
5068 run_read(sc, RT2860_DEBUG, &tmp);
5069 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5070 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5071 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5072 "CTS-to-self livelock detected\n");
5073 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5075 run_write(sc, RT2860_MAC_SYS_CTRL,
5076 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5081 run_update_promisc_locked(struct run_softc *sc)
5085 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5087 tmp |= RT2860_DROP_UC_NOME;
5088 if (sc->sc_ic.ic_promisc > 0)
5089 tmp &= ~RT2860_DROP_UC_NOME;
5091 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5093 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5094 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5098 run_update_promisc(struct ieee80211com *ic)
5100 struct run_softc *sc = ic->ic_softc;
5102 if ((sc->sc_flags & RUN_RUNNING) == 0)
5106 run_update_promisc_locked(sc);
5111 run_enable_tsf_sync(struct run_softc *sc)
5113 struct ieee80211com *ic = &sc->sc_ic;
5114 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5117 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5118 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5120 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5122 tmp |= vap->iv_bss->ni_intval * 16;
5123 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5125 if (ic->ic_opmode == IEEE80211_M_STA) {
5127 * Local TSF is always updated with remote TSF on beacon
5130 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5131 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5132 tmp |= RT2860_BCN_TX_EN;
5134 * Local TSF is updated with remote TSF on beacon reception
5135 * only if the remote TSF is greater than local TSF.
5137 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5138 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5139 ic->ic_opmode == IEEE80211_M_MBSS) {
5140 tmp |= RT2860_BCN_TX_EN;
5141 /* SYNC with nobody */
5142 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5144 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5145 "Enabling TSF failed. undefined opmode\n");
5149 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5153 run_enable_tsf(struct run_softc *sc)
5157 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5158 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5159 tmp |= RT2860_TSF_TIMER_EN;
5160 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5165 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5167 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5172 run_enable_mrr(struct run_softc *sc)
5174 #define CCK(mcs) (mcs)
5175 #define OFDM(mcs) (1 << 3 | (mcs))
5176 run_write(sc, RT2860_LG_FBK_CFG0,
5177 OFDM(6) << 28 | /* 54->48 */
5178 OFDM(5) << 24 | /* 48->36 */
5179 OFDM(4) << 20 | /* 36->24 */
5180 OFDM(3) << 16 | /* 24->18 */
5181 OFDM(2) << 12 | /* 18->12 */
5182 OFDM(1) << 8 | /* 12-> 9 */
5183 OFDM(0) << 4 | /* 9-> 6 */
5184 OFDM(0)); /* 6-> 6 */
5186 run_write(sc, RT2860_LG_FBK_CFG1,
5187 CCK(2) << 12 | /* 11->5.5 */
5188 CCK(1) << 8 | /* 5.5-> 2 */
5189 CCK(0) << 4 | /* 2-> 1 */
5190 CCK(0)); /* 1-> 1 */
5196 run_set_txpreamble(struct run_softc *sc)
5198 struct ieee80211com *ic = &sc->sc_ic;
5201 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5202 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5203 tmp |= RT2860_CCK_SHORT_EN;
5205 tmp &= ~RT2860_CCK_SHORT_EN;
5206 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5210 run_set_basicrates(struct run_softc *sc)
5212 struct ieee80211com *ic = &sc->sc_ic;
5214 /* set basic rates mask */
5215 if (ic->ic_curmode == IEEE80211_MODE_11B)
5216 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5217 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5218 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5220 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5224 run_set_leds(struct run_softc *sc, uint16_t which)
5226 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5227 which | (sc->leds & 0x7f));
5231 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5233 run_write(sc, RT2860_MAC_BSSID_DW0,
5234 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5235 run_write(sc, RT2860_MAC_BSSID_DW1,
5236 bssid[4] | bssid[5] << 8);
5240 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5242 run_write(sc, RT2860_MAC_ADDR_DW0,
5243 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5244 run_write(sc, RT2860_MAC_ADDR_DW1,
5245 addr[4] | addr[5] << 8 | 0xff << 16);
5249 run_updateslot(struct ieee80211com *ic)
5251 struct run_softc *sc = ic->ic_softc;
5254 i = RUN_CMDQ_GET(&sc->cmdq_store);
5255 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5256 sc->cmdq[i].func = run_updateslot_cb;
5257 sc->cmdq[i].arg0 = ic;
5258 ieee80211_runtask(ic, &sc->cmdq_task);
5265 run_updateslot_cb(void *arg)
5267 struct ieee80211com *ic = arg;
5268 struct run_softc *sc = ic->ic_softc;
5271 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5273 tmp |= IEEE80211_GET_SLOTTIME(ic);
5274 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5278 run_update_mcast(struct ieee80211com *ic)
5283 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5285 struct ieee80211com *ic = &sc->sc_ic;
5286 struct ieee80211_channel *c = ic->ic_curchan;
5289 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5290 u_int chan = ieee80211_chan2ieee(ic, c);
5291 delta = sc->rssi_5ghz[rxchain];
5293 /* determine channel group */
5295 delta -= sc->lna[1];
5296 else if (chan <= 128)
5297 delta -= sc->lna[2];
5299 delta -= sc->lna[3];
5301 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5303 return (-12 - delta - rssi);
5307 run_rt5390_bbp_init(struct run_softc *sc)
5312 /* Apply maximum likelihood detection for 2 stream case. */
5313 run_bbp_read(sc, 105, &bbp);
5314 if (sc->nrxchains > 1)
5315 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5317 /* Avoid data lost and CRC error. */
5318 run_bbp_read(sc, 4, &bbp);
5319 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5321 if (sc->mac_ver == 0x5592) {
5322 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5323 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5324 rt5592_def_bbp[i].val);
5326 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5327 run_bbp_write(sc, 195, i + 0x80);
5328 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5331 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5332 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5333 rt5390_def_bbp[i].val);
5336 if (sc->mac_ver == 0x5392) {
5337 run_bbp_write(sc, 88, 0x90);
5338 run_bbp_write(sc, 95, 0x9a);
5339 run_bbp_write(sc, 98, 0x12);
5340 run_bbp_write(sc, 106, 0x12);
5341 run_bbp_write(sc, 134, 0xd0);
5342 run_bbp_write(sc, 135, 0xf6);
5343 run_bbp_write(sc, 148, 0x84);
5346 run_bbp_read(sc, 152, &bbp);
5347 run_bbp_write(sc, 152, bbp | 0x80);
5349 /* Fix BBP254 for RT5592C. */
5350 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5351 run_bbp_read(sc, 254, &bbp);
5352 run_bbp_write(sc, 254, bbp | 0x80);
5355 /* Disable hardware antenna diversity. */
5356 if (sc->mac_ver == 0x5390)
5357 run_bbp_write(sc, 154, 0);
5359 /* Initialize Rx CCK/OFDM frequency offset report. */
5360 run_bbp_write(sc, 142, 1);
5361 run_bbp_write(sc, 143, 57);
5365 run_bbp_init(struct run_softc *sc)
5367 int i, error, ntries;
5370 /* wait for BBP to wake up */
5371 for (ntries = 0; ntries < 20; ntries++) {
5372 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5374 if (bbp0 != 0 && bbp0 != 0xff)
5380 /* initialize BBP registers to default values */
5381 if (sc->mac_ver >= 0x5390)
5382 run_rt5390_bbp_init(sc);
5384 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5385 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5386 rt2860_def_bbp[i].val);
5390 if (sc->mac_ver == 0x3593) {
5391 run_bbp_write(sc, 79, 0x13);
5392 run_bbp_write(sc, 80, 0x05);
5393 run_bbp_write(sc, 81, 0x33);
5394 run_bbp_write(sc, 86, 0x46);
5395 run_bbp_write(sc, 137, 0x0f);
5398 /* fix BBP84 for RT2860E */
5399 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5400 run_bbp_write(sc, 84, 0x19);
5402 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5403 sc->mac_ver != 0x5592)) {
5404 run_bbp_write(sc, 79, 0x13);
5405 run_bbp_write(sc, 80, 0x05);
5406 run_bbp_write(sc, 81, 0x33);
5407 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5408 run_bbp_write(sc, 69, 0x16);
5409 run_bbp_write(sc, 73, 0x12);
5415 run_rt3070_rf_init(struct run_softc *sc)
5418 uint8_t bbp4, mingain, rf, target;
5421 run_rt3070_rf_read(sc, 30, &rf);
5422 /* toggle RF R30 bit 7 */
5423 run_rt3070_rf_write(sc, 30, rf | 0x80);
5425 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5427 /* initialize RF registers to default value */
5428 if (sc->mac_ver == 0x3572) {
5429 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5430 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5431 rt3572_def_rf[i].val);
5434 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5435 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5436 rt3070_def_rf[i].val);
5440 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5442 * Change voltage from 1.2V to 1.35V for RT3070.
5443 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5446 run_read(sc, RT3070_LDO_CFG0, &tmp);
5447 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5448 run_write(sc, RT3070_LDO_CFG0, tmp);
5450 } else if (sc->mac_ver == 0x3071) {
5451 run_rt3070_rf_read(sc, 6, &rf);
5452 run_rt3070_rf_write(sc, 6, rf | 0x40);
5453 run_rt3070_rf_write(sc, 31, 0x14);
5455 run_read(sc, RT3070_LDO_CFG0, &tmp);
5457 if (sc->mac_rev < 0x0211)
5458 tmp |= 0x0d000000; /* 1.3V */
5460 tmp |= 0x01000000; /* 1.2V */
5461 run_write(sc, RT3070_LDO_CFG0, tmp);
5463 /* patch LNA_PE_G1 */
5464 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5465 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5467 } else if (sc->mac_ver == 0x3572) {
5468 run_rt3070_rf_read(sc, 6, &rf);
5469 run_rt3070_rf_write(sc, 6, rf | 0x40);
5471 /* increase voltage from 1.2V to 1.35V */
5472 run_read(sc, RT3070_LDO_CFG0, &tmp);
5473 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5474 run_write(sc, RT3070_LDO_CFG0, tmp);
5476 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5477 run_delay(sc, 1); /* wait for 1msec */
5478 /* decrease voltage back to 1.2V */
5479 tmp = (tmp & ~0x1f000000) | 0x01000000;
5480 run_write(sc, RT3070_LDO_CFG0, tmp);
5484 /* select 20MHz bandwidth */
5485 run_rt3070_rf_read(sc, 31, &rf);
5486 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5488 /* calibrate filter for 20MHz bandwidth */
5489 sc->rf24_20mhz = 0x1f; /* default value */
5490 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5491 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5493 /* select 40MHz bandwidth */
5494 run_bbp_read(sc, 4, &bbp4);
5495 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5496 run_rt3070_rf_read(sc, 31, &rf);
5497 run_rt3070_rf_write(sc, 31, rf | 0x20);
5499 /* calibrate filter for 40MHz bandwidth */
5500 sc->rf24_40mhz = 0x2f; /* default value */
5501 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5502 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5504 /* go back to 20MHz bandwidth */
5505 run_bbp_read(sc, 4, &bbp4);
5506 run_bbp_write(sc, 4, bbp4 & ~0x18);
5508 if (sc->mac_ver == 0x3572) {
5509 /* save default BBP registers 25 and 26 values */
5510 run_bbp_read(sc, 25, &sc->bbp25);
5511 run_bbp_read(sc, 26, &sc->bbp26);
5512 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5513 run_rt3070_rf_write(sc, 27, 0x03);
5515 run_read(sc, RT3070_OPT_14, &tmp);
5516 run_write(sc, RT3070_OPT_14, tmp | 1);
5518 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5519 run_rt3070_rf_read(sc, 17, &rf);
5520 rf &= ~RT3070_TX_LO1;
5521 if ((sc->mac_ver == 0x3070 ||
5522 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5524 rf |= 0x20; /* fix for long range Rx issue */
5525 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5526 if (sc->txmixgain_2ghz >= mingain)
5527 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5528 run_rt3070_rf_write(sc, 17, rf);
5531 if (sc->mac_ver == 0x3071) {
5532 run_rt3070_rf_read(sc, 1, &rf);
5533 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5534 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5535 run_rt3070_rf_write(sc, 1, rf);
5537 run_rt3070_rf_read(sc, 15, &rf);
5538 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5540 run_rt3070_rf_read(sc, 20, &rf);
5541 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5543 run_rt3070_rf_read(sc, 21, &rf);
5544 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5547 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5548 /* fix Tx to Rx IQ glitch by raising RF voltage */
5549 run_rt3070_rf_read(sc, 27, &rf);
5551 if (sc->mac_rev < 0x0211)
5553 run_rt3070_rf_write(sc, 27, rf);
5559 run_rt3593_rf_init(struct run_softc *sc)
5565 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5566 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5567 tmp &= ~(1 << 4 | 1 << 7);
5568 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5570 /* Initialize RF registers to default value. */
5571 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5572 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5573 rt3593_def_rf[i].val);
5576 /* Toggle RF R2 to initiate calibration. */
5577 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5579 /* Initialize RF frequency offset. */
5580 run_adjust_freq_offset(sc);
5582 run_rt3070_rf_read(sc, 18, &rf);
5583 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5586 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5587 * decrease voltage back to 1.2V.
5589 run_read(sc, RT3070_LDO_CFG0, &tmp);
5590 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5591 run_write(sc, RT3070_LDO_CFG0, tmp);
5593 tmp = (tmp & ~0x1f000000) | 0x01000000;
5594 run_write(sc, RT3070_LDO_CFG0, tmp);
5596 sc->rf24_20mhz = 0x1f;
5597 sc->rf24_40mhz = 0x2f;
5599 /* Save default BBP registers 25 and 26 values. */
5600 run_bbp_read(sc, 25, &sc->bbp25);
5601 run_bbp_read(sc, 26, &sc->bbp26);
5603 run_read(sc, RT3070_OPT_14, &tmp);
5604 run_write(sc, RT3070_OPT_14, tmp | 1);
5608 run_rt5390_rf_init(struct run_softc *sc)
5614 /* Toggle RF R2 to initiate calibration. */
5615 if (sc->mac_ver == 0x5390) {
5616 run_rt3070_rf_read(sc, 2, &rf);
5617 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5619 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5621 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5625 /* Initialize RF registers to default value. */
5626 if (sc->mac_ver == 0x5592) {
5627 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5628 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5629 rt5592_def_rf[i].val);
5631 /* Initialize RF frequency offset. */
5632 run_adjust_freq_offset(sc);
5633 } else if (sc->mac_ver == 0x5392) {
5634 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5635 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5636 rt5392_def_rf[i].val);
5638 if (sc->mac_rev >= 0x0223) {
5639 run_rt3070_rf_write(sc, 23, 0x0f);
5640 run_rt3070_rf_write(sc, 24, 0x3e);
5641 run_rt3070_rf_write(sc, 51, 0x32);
5642 run_rt3070_rf_write(sc, 53, 0x22);
5643 run_rt3070_rf_write(sc, 56, 0xc1);
5644 run_rt3070_rf_write(sc, 59, 0x0f);
5647 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5648 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5649 rt5390_def_rf[i].val);
5651 if (sc->mac_rev >= 0x0502) {
5652 run_rt3070_rf_write(sc, 6, 0xe0);
5653 run_rt3070_rf_write(sc, 25, 0x80);
5654 run_rt3070_rf_write(sc, 46, 0x73);
5655 run_rt3070_rf_write(sc, 53, 0x00);
5656 run_rt3070_rf_write(sc, 56, 0x42);
5657 run_rt3070_rf_write(sc, 61, 0xd1);
5661 sc->rf24_20mhz = 0x1f; /* default value */
5662 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5664 if (sc->mac_rev < 0x0211)
5665 run_rt3070_rf_write(sc, 27, 0x3);
5667 run_read(sc, RT3070_OPT_14, &tmp);
5668 run_write(sc, RT3070_OPT_14, tmp | 1);
5672 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5676 uint8_t bbp55_pb, bbp55_sb, delta;
5679 /* program filter */
5680 run_rt3070_rf_read(sc, 24, &rf24);
5681 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5682 run_rt3070_rf_write(sc, 24, rf24);
5684 /* enable baseband loopback mode */
5685 run_rt3070_rf_read(sc, 22, &rf22);
5686 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5688 /* set power and frequency of passband test tone */
5689 run_bbp_write(sc, 24, 0x00);
5690 for (ntries = 0; ntries < 100; ntries++) {
5691 /* transmit test tone */
5692 run_bbp_write(sc, 25, 0x90);
5694 /* read received power */
5695 run_bbp_read(sc, 55, &bbp55_pb);
5702 /* set power and frequency of stopband test tone */
5703 run_bbp_write(sc, 24, 0x06);
5704 for (ntries = 0; ntries < 100; ntries++) {
5705 /* transmit test tone */
5706 run_bbp_write(sc, 25, 0x90);
5708 /* read received power */
5709 run_bbp_read(sc, 55, &bbp55_sb);
5711 delta = bbp55_pb - bbp55_sb;
5715 /* reprogram filter */
5717 run_rt3070_rf_write(sc, 24, rf24);
5721 rf24--; /* backtrack */
5723 run_rt3070_rf_write(sc, 24, rf24);
5726 /* restore initial state */
5727 run_bbp_write(sc, 24, 0x00);
5729 /* disable baseband loopback mode */
5730 run_rt3070_rf_read(sc, 22, &rf22);
5731 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5737 run_rt3070_rf_setup(struct run_softc *sc)
5742 if (sc->mac_ver == 0x3572) {
5743 /* enable DC filter */
5744 if (sc->mac_rev >= 0x0201)
5745 run_bbp_write(sc, 103, 0xc0);
5747 run_bbp_read(sc, 138, &bbp);
5748 if (sc->ntxchains == 1)
5749 bbp |= 0x20; /* turn off DAC1 */
5750 if (sc->nrxchains == 1)
5751 bbp &= ~0x02; /* turn off ADC1 */
5752 run_bbp_write(sc, 138, bbp);
5754 if (sc->mac_rev >= 0x0211) {
5755 /* improve power consumption */
5756 run_bbp_read(sc, 31, &bbp);
5757 run_bbp_write(sc, 31, bbp & ~0x03);
5760 run_rt3070_rf_read(sc, 16, &rf);
5761 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5762 run_rt3070_rf_write(sc, 16, rf);
5764 } else if (sc->mac_ver == 0x3071) {
5765 if (sc->mac_rev >= 0x0211) {
5766 /* enable DC filter */
5767 run_bbp_write(sc, 103, 0xc0);
5769 /* improve power consumption */
5770 run_bbp_read(sc, 31, &bbp);
5771 run_bbp_write(sc, 31, bbp & ~0x03);
5774 run_bbp_read(sc, 138, &bbp);
5775 if (sc->ntxchains == 1)
5776 bbp |= 0x20; /* turn off DAC1 */
5777 if (sc->nrxchains == 1)
5778 bbp &= ~0x02; /* turn off ADC1 */
5779 run_bbp_write(sc, 138, bbp);
5781 run_write(sc, RT2860_TX_SW_CFG1, 0);
5782 if (sc->mac_rev < 0x0211) {
5783 run_write(sc, RT2860_TX_SW_CFG2,
5784 sc->patch_dac ? 0x2c : 0x0f);
5786 run_write(sc, RT2860_TX_SW_CFG2, 0);
5788 } else if (sc->mac_ver == 0x3070) {
5789 if (sc->mac_rev >= 0x0201) {
5790 /* enable DC filter */
5791 run_bbp_write(sc, 103, 0xc0);
5793 /* improve power consumption */
5794 run_bbp_read(sc, 31, &bbp);
5795 run_bbp_write(sc, 31, bbp & ~0x03);
5798 if (sc->mac_rev < 0x0201) {
5799 run_write(sc, RT2860_TX_SW_CFG1, 0);
5800 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5802 run_write(sc, RT2860_TX_SW_CFG2, 0);
5805 /* initialize RF registers from ROM for >=RT3071*/
5806 if (sc->mac_ver >= 0x3071) {
5807 for (i = 0; i < 10; i++) {
5808 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5810 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5816 run_rt3593_rf_setup(struct run_softc *sc)
5820 if (sc->mac_rev >= 0x0211) {
5821 /* Enable DC filter. */
5822 run_bbp_write(sc, 103, 0xc0);
5824 run_write(sc, RT2860_TX_SW_CFG1, 0);
5825 if (sc->mac_rev < 0x0211) {
5826 run_write(sc, RT2860_TX_SW_CFG2,
5827 sc->patch_dac ? 0x2c : 0x0f);
5829 run_write(sc, RT2860_TX_SW_CFG2, 0);
5831 run_rt3070_rf_read(sc, 50, &rf);
5832 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5834 run_rt3070_rf_read(sc, 51, &rf);
5835 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5836 ((sc->txmixgain_2ghz & 0x07) << 2);
5837 run_rt3070_rf_write(sc, 51, rf);
5839 run_rt3070_rf_read(sc, 38, &rf);
5840 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5842 run_rt3070_rf_read(sc, 39, &rf);
5843 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5845 run_rt3070_rf_read(sc, 1, &rf);
5846 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5848 run_rt3070_rf_read(sc, 30, &rf);
5849 rf = (rf & ~0x18) | 0x10;
5850 run_rt3070_rf_write(sc, 30, rf);
5852 /* Apply maximum likelihood detection for 2 stream case. */
5853 run_bbp_read(sc, 105, &bbp);
5854 if (sc->nrxchains > 1)
5855 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5857 /* Avoid data lost and CRC error. */
5858 run_bbp_read(sc, 4, &bbp);
5859 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5861 run_bbp_write(sc, 92, 0x02);
5862 run_bbp_write(sc, 82, 0x82);
5863 run_bbp_write(sc, 106, 0x05);
5864 run_bbp_write(sc, 104, 0x92);
5865 run_bbp_write(sc, 88, 0x90);
5866 run_bbp_write(sc, 148, 0xc8);
5867 run_bbp_write(sc, 47, 0x48);
5868 run_bbp_write(sc, 120, 0x50);
5870 run_bbp_write(sc, 163, 0x9d);
5873 run_bbp_write(sc, 142, 0x06);
5874 run_bbp_write(sc, 143, 0xa0);
5875 run_bbp_write(sc, 142, 0x07);
5876 run_bbp_write(sc, 143, 0xa1);
5877 run_bbp_write(sc, 142, 0x08);
5878 run_bbp_write(sc, 143, 0xa2);
5880 run_bbp_write(sc, 31, 0x08);
5881 run_bbp_write(sc, 68, 0x0b);
5882 run_bbp_write(sc, 105, 0x04);
5886 run_rt5390_rf_setup(struct run_softc *sc)
5890 if (sc->mac_rev >= 0x0211) {
5891 /* Enable DC filter. */
5892 run_bbp_write(sc, 103, 0xc0);
5894 if (sc->mac_ver != 0x5592) {
5895 /* Improve power consumption. */
5896 run_bbp_read(sc, 31, &bbp);
5897 run_bbp_write(sc, 31, bbp & ~0x03);
5901 run_bbp_read(sc, 138, &bbp);
5902 if (sc->ntxchains == 1)
5903 bbp |= 0x20; /* turn off DAC1 */
5904 if (sc->nrxchains == 1)
5905 bbp &= ~0x02; /* turn off ADC1 */
5906 run_bbp_write(sc, 138, bbp);
5908 run_rt3070_rf_read(sc, 38, &rf);
5909 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5911 run_rt3070_rf_read(sc, 39, &rf);
5912 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5914 /* Avoid data lost and CRC error. */
5915 run_bbp_read(sc, 4, &bbp);
5916 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5918 run_rt3070_rf_read(sc, 30, &rf);
5919 rf = (rf & ~0x18) | 0x10;
5920 run_rt3070_rf_write(sc, 30, rf);
5922 if (sc->mac_ver != 0x5592) {
5923 run_write(sc, RT2860_TX_SW_CFG1, 0);
5924 if (sc->mac_rev < 0x0211) {
5925 run_write(sc, RT2860_TX_SW_CFG2,
5926 sc->patch_dac ? 0x2c : 0x0f);
5928 run_write(sc, RT2860_TX_SW_CFG2, 0);
5933 run_txrx_enable(struct run_softc *sc)
5935 struct ieee80211com *ic = &sc->sc_ic;
5939 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5940 for (ntries = 0; ntries < 200; ntries++) {
5941 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5943 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5952 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5953 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5955 /* enable Rx bulk aggregation (set timeout and limit) */
5956 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5957 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5958 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5961 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5962 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5963 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5964 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5965 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5966 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5967 if (ic->ic_opmode == IEEE80211_M_STA)
5968 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5970 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5972 run_write(sc, RT2860_MAC_SYS_CTRL,
5973 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5979 run_adjust_freq_offset(struct run_softc *sc)
5983 run_rt3070_rf_read(sc, 17, &rf);
5985 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5989 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5993 run_init_locked(struct run_softc *sc)
5995 struct ieee80211com *ic = &sc->sc_ic;
5996 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6003 if (ic->ic_nrunning > 1)
6008 if (run_load_microcode(sc) != 0) {
6009 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6013 for (ntries = 0; ntries < 100; ntries++) {
6014 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6016 if (tmp != 0 && tmp != 0xffffffff)
6023 for (i = 0; i != RUN_EP_QUEUES; i++)
6024 run_setup_tx_list(sc, &sc->sc_epq[i]);
6026 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6028 for (ntries = 0; ntries < 100; ntries++) {
6029 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6031 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6035 if (ntries == 100) {
6036 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6040 tmp |= RT2860_TX_WB_DDONE;
6041 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6043 /* turn off PME_OEN to solve high-current issue */
6044 run_read(sc, RT2860_SYS_CTRL, &tmp);
6045 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6047 run_write(sc, RT2860_MAC_SYS_CTRL,
6048 RT2860_BBP_HRST | RT2860_MAC_SRST);
6049 run_write(sc, RT2860_USB_DMA_CFG, 0);
6051 if (run_reset(sc) != 0) {
6052 device_printf(sc->sc_dev, "could not reset chipset\n");
6056 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6058 /* init Tx power for all Tx rates (from EEPROM) */
6059 for (ridx = 0; ridx < 5; ridx++) {
6060 if (sc->txpow20mhz[ridx] == 0xffffffff)
6062 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6065 for (i = 0; i < nitems(rt2870_def_mac); i++)
6066 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6067 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6068 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6069 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6071 if (sc->mac_ver >= 0x5390) {
6072 run_write(sc, RT2860_TX_SW_CFG0,
6073 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6074 if (sc->mac_ver >= 0x5392) {
6075 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6076 if (sc->mac_ver == 0x5592) {
6077 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6078 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6080 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6081 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6084 } else if (sc->mac_ver == 0x3593) {
6085 run_write(sc, RT2860_TX_SW_CFG0,
6086 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6087 } else if (sc->mac_ver >= 0x3070) {
6088 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6089 run_write(sc, RT2860_TX_SW_CFG0,
6090 4 << RT2860_DLY_PAPE_EN_SHIFT);
6093 /* wait while MAC is busy */
6094 for (ntries = 0; ntries < 100; ntries++) {
6095 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6097 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6104 /* clear Host to MCU mailbox */
6105 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6106 run_write(sc, RT2860_H2M_MAILBOX, 0);
6109 if (run_bbp_init(sc) != 0) {
6110 device_printf(sc->sc_dev, "could not initialize BBP\n");
6114 /* abort TSF synchronization */
6115 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6116 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6117 RT2860_TBTT_TIMER_EN);
6118 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6120 /* clear RX WCID search table */
6121 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6122 /* clear WCID attribute table */
6123 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6125 /* hostapd sets a key before init. So, don't clear it. */
6126 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6127 /* clear shared key table */
6128 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6129 /* clear shared key mode */
6130 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6133 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6134 tmp = (tmp & ~0xff) | 0x1e;
6135 run_write(sc, RT2860_US_CYC_CNT, tmp);
6137 if (sc->mac_rev != 0x0101)
6138 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6140 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6141 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6143 /* write vendor-specific BBP values (from EEPROM) */
6144 if (sc->mac_ver < 0x3593) {
6145 for (i = 0; i < 10; i++) {
6146 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6148 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6152 /* select Main antenna for 1T1R devices */
6153 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6154 run_set_rx_antenna(sc, 0);
6156 /* send LEDs operating mode to microcontroller */
6157 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6158 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6159 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6161 if (sc->mac_ver >= 0x5390)
6162 run_rt5390_rf_init(sc);
6163 else if (sc->mac_ver == 0x3593)
6164 run_rt3593_rf_init(sc);
6165 else if (sc->mac_ver >= 0x3070)
6166 run_rt3070_rf_init(sc);
6168 /* disable non-existing Rx chains */
6169 run_bbp_read(sc, 3, &bbp3);
6170 bbp3 &= ~(1 << 3 | 1 << 4);
6171 if (sc->nrxchains == 2)
6173 else if (sc->nrxchains == 3)
6175 run_bbp_write(sc, 3, bbp3);
6177 /* disable non-existing Tx chains */
6178 run_bbp_read(sc, 1, &bbp1);
6179 if (sc->ntxchains == 1)
6180 bbp1 &= ~(1 << 3 | 1 << 4);
6181 run_bbp_write(sc, 1, bbp1);
6183 if (sc->mac_ver >= 0x5390)
6184 run_rt5390_rf_setup(sc);
6185 else if (sc->mac_ver == 0x3593)
6186 run_rt3593_rf_setup(sc);
6187 else if (sc->mac_ver >= 0x3070)
6188 run_rt3070_rf_setup(sc);
6190 /* select default channel */
6191 run_set_chan(sc, ic->ic_curchan);
6193 /* setup initial protection mode */
6194 run_updateprot_cb(ic);
6196 /* turn radio LED on */
6197 run_set_leds(sc, RT2860_LED_RADIO);
6199 sc->sc_flags |= RUN_RUNNING;
6200 sc->cmdq_run = RUN_CMDQ_GO;
6202 for (i = 0; i != RUN_N_XFER; i++)
6203 usbd_xfer_set_stall(sc->sc_xfer[i]);
6205 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6207 if (run_txrx_enable(sc) != 0)
6219 struct run_softc *sc = (struct run_softc *)arg;
6224 RUN_LOCK_ASSERT(sc, MA_OWNED);
6226 if (sc->sc_flags & RUN_RUNNING)
6227 run_set_leds(sc, 0); /* turn all LEDs off */
6229 sc->sc_flags &= ~RUN_RUNNING;
6231 sc->ratectl_run = RUN_RATECTL_OFF;
6232 sc->cmdq_run = sc->cmdq_key_set;
6236 for(i = 0; i < RUN_N_XFER; i++)
6237 usbd_transfer_drain(sc->sc_xfer[i]);
6241 run_drain_mbufq(sc);
6243 if (sc->rx_m != NULL) {
6248 /* Disable Tx/Rx DMA. */
6249 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6251 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6252 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6254 for (ntries = 0; ntries < 100; ntries++) {
6255 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6257 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6261 if (ntries == 100) {
6262 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6267 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6268 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6269 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6271 /* wait for pending Tx to complete */
6272 for (ntries = 0; ntries < 100; ntries++) {
6273 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6274 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6275 "Cannot read Tx queue count\n");
6278 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6279 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6280 "All Tx cleared\n");
6286 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6287 "There are still pending Tx\n");
6289 run_write(sc, RT2860_USB_DMA_CFG, 0);
6291 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6292 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6294 for (i = 0; i != RUN_EP_QUEUES; i++)
6295 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6299 run_delay(struct run_softc *sc, u_int ms)
6301 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6302 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6305 static device_method_t run_methods[] = {
6306 /* Device interface */
6307 DEVMETHOD(device_probe, run_match),
6308 DEVMETHOD(device_attach, run_attach),
6309 DEVMETHOD(device_detach, run_detach),
6313 static driver_t run_driver = {
6315 .methods = run_methods,
6316 .size = sizeof(struct run_softc)
6319 static devclass_t run_devclass;
6321 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6322 MODULE_DEPEND(run, wlan, 1, 1, 1);
6323 MODULE_DEPEND(run, usb, 1, 1, 1);
6324 MODULE_DEPEND(run, firmware, 1, 1, 1);
6325 MODULE_VERSION(run, 1);
6326 USB_PNP_HOST_INFO(run_devs);
projects / FreeBSD / FreeBSD.git / blob