2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
28 #include <sys/param.h>
29 #include <sys/sockio.h>
30 #include <sys/sysctl.h>
32 #include <sys/mutex.h>
34 #include <sys/kernel.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
40 #include <sys/endian.h>
41 #include <sys/linker.h>
42 #include <sys/firmware.h>
45 #include <machine/bus.h>
46 #include <machine/resource.h>
51 #include <net/if_arp.h>
52 #include <net/ethernet.h>
53 #include <net/if_dl.h>
54 #include <net/if_media.h>
55 #include <net/if_types.h>
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/if_ether.h>
61 #include <netinet/ip.h>
63 #include <net80211/ieee80211_var.h>
64 #include <net80211/ieee80211_regdomain.h>
65 #include <net80211/ieee80211_radiotap.h>
66 #include <net80211/ieee80211_ratectl.h>
68 #include <dev/usb/usb.h>
69 #include <dev/usb/usbdi.h>
72 #define USB_DEBUG_VAR run_debug
73 #include <dev/usb/usb_debug.h>
74 #include <dev/usb/usb_msctest.h>
76 #include <dev/usb/wlan/if_runreg.h>
77 #include <dev/usb/wlan/if_runvar.h>
85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
90 #define IEEE80211_HAS_ADDR4(wh) \
91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
94 * Because of LOR in run_key_delete(), use atomic instead.
95 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99 static const STRUCT_USB_HOST_ID run_devs[] = {
100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
101 #define RUN_DEV_EJECT(v,p) \
102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
104 RUN_DEV(ABOCOM, RT2770),
105 RUN_DEV(ABOCOM, RT2870),
106 RUN_DEV(ABOCOM, RT3070),
107 RUN_DEV(ABOCOM, RT3071),
108 RUN_DEV(ABOCOM, RT3072),
109 RUN_DEV(ABOCOM2, RT2870_1),
110 RUN_DEV(ACCTON, RT2770),
111 RUN_DEV(ACCTON, RT2870_1),
112 RUN_DEV(ACCTON, RT2870_2),
113 RUN_DEV(ACCTON, RT2870_3),
114 RUN_DEV(ACCTON, RT2870_4),
115 RUN_DEV(ACCTON, RT2870_5),
116 RUN_DEV(ACCTON, RT3070),
117 RUN_DEV(ACCTON, RT3070_1),
118 RUN_DEV(ACCTON, RT3070_2),
119 RUN_DEV(ACCTON, RT3070_3),
120 RUN_DEV(ACCTON, RT3070_4),
121 RUN_DEV(ACCTON, RT3070_5),
122 RUN_DEV(AIRTIES, RT3070),
123 RUN_DEV(ALLWIN, RT2070),
124 RUN_DEV(ALLWIN, RT2770),
125 RUN_DEV(ALLWIN, RT2870),
126 RUN_DEV(ALLWIN, RT3070),
127 RUN_DEV(ALLWIN, RT3071),
128 RUN_DEV(ALLWIN, RT3072),
129 RUN_DEV(ALLWIN, RT3572),
130 RUN_DEV(AMIGO, RT2870_1),
131 RUN_DEV(AMIGO, RT2870_2),
132 RUN_DEV(AMIT, CGWLUSB2GNR),
133 RUN_DEV(AMIT, RT2870_1),
134 RUN_DEV(AMIT2, RT2870),
135 RUN_DEV(ASUS, RT2870_1),
136 RUN_DEV(ASUS, RT2870_2),
137 RUN_DEV(ASUS, RT2870_3),
138 RUN_DEV(ASUS, RT2870_4),
139 RUN_DEV(ASUS, RT2870_5),
140 RUN_DEV(ASUS, USBN13),
141 RUN_DEV(ASUS, RT3070_1),
142 RUN_DEV(ASUS, USBN66),
143 RUN_DEV(ASUS, USB_N53),
144 RUN_DEV(ASUS2, USBN11),
145 RUN_DEV(AZUREWAVE, RT2870_1),
146 RUN_DEV(AZUREWAVE, RT2870_2),
147 RUN_DEV(AZUREWAVE, RT3070_1),
148 RUN_DEV(AZUREWAVE, RT3070_2),
149 RUN_DEV(AZUREWAVE, RT3070_3),
150 RUN_DEV(BELKIN, F9L1103),
151 RUN_DEV(BELKIN, F5D8053V3),
152 RUN_DEV(BELKIN, F5D8055),
153 RUN_DEV(BELKIN, F5D8055V2),
154 RUN_DEV(BELKIN, F6D4050V1),
155 RUN_DEV(BELKIN, F6D4050V2),
156 RUN_DEV(BELKIN, RT2870_1),
157 RUN_DEV(BELKIN, RT2870_2),
158 RUN_DEV(CISCOLINKSYS, AE1000),
159 RUN_DEV(CISCOLINKSYS2, RT3070),
160 RUN_DEV(CISCOLINKSYS3, RT3070),
161 RUN_DEV(CONCEPTRONIC2, RT2870_1),
162 RUN_DEV(CONCEPTRONIC2, RT2870_2),
163 RUN_DEV(CONCEPTRONIC2, RT2870_3),
164 RUN_DEV(CONCEPTRONIC2, RT2870_4),
165 RUN_DEV(CONCEPTRONIC2, RT2870_5),
166 RUN_DEV(CONCEPTRONIC2, RT2870_6),
167 RUN_DEV(CONCEPTRONIC2, RT2870_7),
168 RUN_DEV(CONCEPTRONIC2, RT2870_8),
169 RUN_DEV(CONCEPTRONIC2, RT3070_1),
170 RUN_DEV(CONCEPTRONIC2, RT3070_2),
171 RUN_DEV(CONCEPTRONIC2, VIGORN61),
172 RUN_DEV(COREGA, CGWLUSB300GNM),
173 RUN_DEV(COREGA, RT2870_1),
174 RUN_DEV(COREGA, RT2870_2),
175 RUN_DEV(COREGA, RT2870_3),
176 RUN_DEV(COREGA, RT3070),
177 RUN_DEV(CYBERTAN, RT2870),
178 RUN_DEV(DLINK, RT2870),
179 RUN_DEV(DLINK, RT3072),
180 RUN_DEV(DLINK, DWA127),
181 RUN_DEV(DLINK, DWA140B3),
182 RUN_DEV(DLINK, DWA160B2),
183 RUN_DEV(DLINK, DWA140D1),
184 RUN_DEV(DLINK, DWA162),
185 RUN_DEV(DLINK2, DWA130),
186 RUN_DEV(DLINK2, RT2870_1),
187 RUN_DEV(DLINK2, RT2870_2),
188 RUN_DEV(DLINK2, RT3070_1),
189 RUN_DEV(DLINK2, RT3070_2),
190 RUN_DEV(DLINK2, RT3070_3),
191 RUN_DEV(DLINK2, RT3070_4),
192 RUN_DEV(DLINK2, RT3070_5),
193 RUN_DEV(DLINK2, RT3072),
194 RUN_DEV(DLINK2, RT3072_1),
195 RUN_DEV(EDIMAX, EW7717),
196 RUN_DEV(EDIMAX, EW7718),
197 RUN_DEV(EDIMAX, EW7733UND),
198 RUN_DEV(EDIMAX, RT2870_1),
199 RUN_DEV(ENCORE, RT3070_1),
200 RUN_DEV(ENCORE, RT3070_2),
201 RUN_DEV(ENCORE, RT3070_3),
202 RUN_DEV(GIGABYTE, GNWB31N),
203 RUN_DEV(GIGABYTE, GNWB32L),
204 RUN_DEV(GIGABYTE, RT2870_1),
205 RUN_DEV(GIGASET, RT3070_1),
206 RUN_DEV(GIGASET, RT3070_2),
207 RUN_DEV(GUILLEMOT, HWNU300),
208 RUN_DEV(HAWKING, HWUN2),
209 RUN_DEV(HAWKING, RT2870_1),
210 RUN_DEV(HAWKING, RT2870_2),
211 RUN_DEV(HAWKING, RT3070),
212 RUN_DEV(IODATA, RT3072_1),
213 RUN_DEV(IODATA, RT3072_2),
214 RUN_DEV(IODATA, RT3072_3),
215 RUN_DEV(IODATA, RT3072_4),
216 RUN_DEV(LINKSYS4, RT3070),
217 RUN_DEV(LINKSYS4, WUSB100),
218 RUN_DEV(LINKSYS4, WUSB54GCV3),
219 RUN_DEV(LINKSYS4, WUSB600N),
220 RUN_DEV(LINKSYS4, WUSB600NV2),
221 RUN_DEV(LOGITEC, RT2870_1),
222 RUN_DEV(LOGITEC, RT2870_2),
223 RUN_DEV(LOGITEC, RT2870_3),
224 RUN_DEV(LOGITEC, LANW300NU2),
225 RUN_DEV(LOGITEC, LANW150NU2),
226 RUN_DEV(LOGITEC, LANW300NU2S),
227 RUN_DEV(MELCO, WLIUCG300HP),
228 RUN_DEV(MELCO, RT2870_2),
229 RUN_DEV(MELCO, WLIUCAG300N),
230 RUN_DEV(MELCO, WLIUCG300N),
231 RUN_DEV(MELCO, WLIUCG301N),
232 RUN_DEV(MELCO, WLIUCGN),
233 RUN_DEV(MELCO, WLIUCGNM),
234 RUN_DEV(MELCO, WLIUCG300HPV1),
235 RUN_DEV(MELCO, WLIUCGNM2),
236 RUN_DEV(MOTOROLA4, RT2770),
237 RUN_DEV(MOTOROLA4, RT3070),
238 RUN_DEV(MSI, RT3070_1),
239 RUN_DEV(MSI, RT3070_2),
240 RUN_DEV(MSI, RT3070_3),
241 RUN_DEV(MSI, RT3070_4),
242 RUN_DEV(MSI, RT3070_5),
243 RUN_DEV(MSI, RT3070_6),
244 RUN_DEV(MSI, RT3070_7),
245 RUN_DEV(MSI, RT3070_8),
246 RUN_DEV(MSI, RT3070_9),
247 RUN_DEV(MSI, RT3070_10),
248 RUN_DEV(MSI, RT3070_11),
249 RUN_DEV(OVISLINK, RT3072),
250 RUN_DEV(PARA, RT3070),
251 RUN_DEV(PEGATRON, RT2870),
252 RUN_DEV(PEGATRON, RT3070),
253 RUN_DEV(PEGATRON, RT3070_2),
254 RUN_DEV(PEGATRON, RT3070_3),
255 RUN_DEV(PHILIPS, RT2870),
256 RUN_DEV(PLANEX2, GWUS300MINIS),
257 RUN_DEV(PLANEX2, GWUSMICRON),
258 RUN_DEV(PLANEX2, RT2870),
259 RUN_DEV(PLANEX2, RT3070),
260 RUN_DEV(QCOM, RT2870),
261 RUN_DEV(QUANTA, RT3070),
262 RUN_DEV(RALINK, RT2070),
263 RUN_DEV(RALINK, RT2770),
264 RUN_DEV(RALINK, RT2870),
265 RUN_DEV(RALINK, RT3070),
266 RUN_DEV(RALINK, RT3071),
267 RUN_DEV(RALINK, RT3072),
268 RUN_DEV(RALINK, RT3370),
269 RUN_DEV(RALINK, RT3572),
270 RUN_DEV(RALINK, RT3573),
271 RUN_DEV(RALINK, RT5370),
272 RUN_DEV(RALINK, RT5572),
273 RUN_DEV(RALINK, RT8070),
274 RUN_DEV(SAMSUNG, WIS09ABGN),
275 RUN_DEV(SAMSUNG2, RT2870_1),
276 RUN_DEV(SENAO, RT2870_1),
277 RUN_DEV(SENAO, RT2870_2),
278 RUN_DEV(SENAO, RT2870_3),
279 RUN_DEV(SENAO, RT2870_4),
280 RUN_DEV(SENAO, RT3070),
281 RUN_DEV(SENAO, RT3071),
282 RUN_DEV(SENAO, RT3072_1),
283 RUN_DEV(SENAO, RT3072_2),
284 RUN_DEV(SENAO, RT3072_3),
285 RUN_DEV(SENAO, RT3072_4),
286 RUN_DEV(SENAO, RT3072_5),
287 RUN_DEV(SITECOMEU, RT2770),
288 RUN_DEV(SITECOMEU, RT2870_1),
289 RUN_DEV(SITECOMEU, RT2870_2),
290 RUN_DEV(SITECOMEU, RT2870_3),
291 RUN_DEV(SITECOMEU, RT2870_4),
292 RUN_DEV(SITECOMEU, RT3070),
293 RUN_DEV(SITECOMEU, RT3070_2),
294 RUN_DEV(SITECOMEU, RT3070_3),
295 RUN_DEV(SITECOMEU, RT3070_4),
296 RUN_DEV(SITECOMEU, RT3071),
297 RUN_DEV(SITECOMEU, RT3072_1),
298 RUN_DEV(SITECOMEU, RT3072_2),
299 RUN_DEV(SITECOMEU, RT3072_3),
300 RUN_DEV(SITECOMEU, RT3072_4),
301 RUN_DEV(SITECOMEU, RT3072_5),
302 RUN_DEV(SITECOMEU, RT3072_6),
303 RUN_DEV(SITECOMEU, WL608),
304 RUN_DEV(SPARKLAN, RT2870_1),
305 RUN_DEV(SPARKLAN, RT3070),
306 RUN_DEV(SWEEX2, LW153),
307 RUN_DEV(SWEEX2, LW303),
308 RUN_DEV(SWEEX2, LW313),
309 RUN_DEV(TOSHIBA, RT3070),
310 RUN_DEV(UMEDIA, RT2870_1),
311 RUN_DEV(ZCOM, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_2),
313 RUN_DEV(ZINWELL, RT2870_1),
314 RUN_DEV(ZINWELL, RT2870_2),
315 RUN_DEV(ZINWELL, RT3070),
316 RUN_DEV(ZINWELL, RT3072_1),
317 RUN_DEV(ZINWELL, RT3072_2),
318 RUN_DEV(ZYXEL, RT2870_1),
319 RUN_DEV(ZYXEL, RT2870_2),
320 RUN_DEV_EJECT(ZYXEL, NWD2705),
321 RUN_DEV_EJECT(RALINK, RT_STOR),
326 static device_probe_t run_match;
327 static device_attach_t run_attach;
328 static device_detach_t run_detach;
330 static usb_callback_t run_bulk_rx_callback;
331 static usb_callback_t run_bulk_tx_callback0;
332 static usb_callback_t run_bulk_tx_callback1;
333 static usb_callback_t run_bulk_tx_callback2;
334 static usb_callback_t run_bulk_tx_callback3;
335 static usb_callback_t run_bulk_tx_callback4;
336 static usb_callback_t run_bulk_tx_callback5;
338 static void run_autoinst(void *, struct usb_device *,
339 struct usb_attach_arg *);
340 static int run_driver_loaded(struct module *, int, void *);
341 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
342 usb_error_t error, u_int index);
343 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
344 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
345 const uint8_t [IEEE80211_ADDR_LEN],
346 const uint8_t [IEEE80211_ADDR_LEN]);
347 static void run_vap_delete(struct ieee80211vap *);
348 static void run_cmdq_cb(void *, int);
349 static void run_setup_tx_list(struct run_softc *,
350 struct run_endpoint_queue *);
351 static void run_unsetup_tx_list(struct run_softc *,
352 struct run_endpoint_queue *);
353 static int run_load_microcode(struct run_softc *);
354 static int run_reset(struct run_softc *);
355 static usb_error_t run_do_request(struct run_softc *,
356 struct usb_device_request *, void *);
357 static int run_read(struct run_softc *, uint16_t, uint32_t *);
358 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
359 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
360 static int run_write(struct run_softc *, uint16_t, uint32_t);
361 static int run_write_region_1(struct run_softc *, uint16_t,
362 const uint8_t *, int);
363 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
364 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
365 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
366 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
367 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
368 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
369 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
370 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
371 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
372 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
373 static const char *run_get_rf(uint16_t);
374 static void run_rt3593_get_txpower(struct run_softc *);
375 static void run_get_txpower(struct run_softc *);
376 static int run_read_eeprom(struct run_softc *);
377 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
378 const uint8_t mac[IEEE80211_ADDR_LEN]);
379 static int run_media_change(struct ifnet *);
380 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
381 static int run_wme_update(struct ieee80211com *);
382 static void run_wme_update_cb(void *);
383 static void run_key_update_begin(struct ieee80211vap *);
384 static void run_key_update_end(struct ieee80211vap *);
385 static void run_key_set_cb(void *);
386 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
387 const uint8_t mac[IEEE80211_ADDR_LEN]);
388 static void run_key_delete_cb(void *);
389 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
390 static void run_ratectl_to(void *);
391 static void run_ratectl_cb(void *, int);
392 static void run_drain_fifo(void *);
393 static void run_iter_func(void *, struct ieee80211_node *);
394 static void run_newassoc_cb(void *);
395 static void run_newassoc(struct ieee80211_node *, int);
396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
397 static void run_tx_free(struct run_endpoint_queue *pq,
398 struct run_tx_data *, int);
399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
400 static int run_tx(struct run_softc *, struct mbuf *,
401 struct ieee80211_node *);
402 static int run_tx_mgt(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *);
404 static int run_sendprot(struct run_softc *, const struct mbuf *,
405 struct ieee80211_node *, int, int);
406 static int run_tx_param(struct run_softc *, struct mbuf *,
407 struct ieee80211_node *,
408 const struct ieee80211_bpf_params *);
409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
410 const struct ieee80211_bpf_params *);
411 static void run_start(struct ifnet *);
412 static int run_ioctl(struct ifnet *, u_long, caddr_t);
413 static void run_iq_calib(struct run_softc *, u_int);
414 static void run_set_agc(struct run_softc *, uint8_t);
415 static void run_select_chan_group(struct run_softc *, int);
416 static void run_set_rx_antenna(struct run_softc *, int);
417 static void run_rt2870_set_chan(struct run_softc *, u_int);
418 static void run_rt3070_set_chan(struct run_softc *, u_int);
419 static void run_rt3572_set_chan(struct run_softc *, u_int);
420 static void run_rt3593_set_chan(struct run_softc *, u_int);
421 static void run_rt5390_set_chan(struct run_softc *, u_int);
422 static void run_rt5592_set_chan(struct run_softc *, u_int);
423 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
424 static void run_set_channel(struct ieee80211com *);
425 static void run_scan_start(struct ieee80211com *);
426 static void run_scan_end(struct ieee80211com *);
427 static void run_update_beacon(struct ieee80211vap *, int);
428 static void run_update_beacon_cb(void *);
429 static void run_updateprot(struct ieee80211com *);
430 static void run_updateprot_cb(void *);
431 static void run_usb_timeout_cb(void *);
432 static void run_reset_livelock(struct run_softc *);
433 static void run_enable_tsf_sync(struct run_softc *);
434 static void run_enable_mrr(struct run_softc *);
435 static void run_set_txpreamble(struct run_softc *);
436 static void run_set_basicrates(struct run_softc *);
437 static void run_set_leds(struct run_softc *, uint16_t);
438 static void run_set_bssid(struct run_softc *, const uint8_t *);
439 static void run_set_macaddr(struct run_softc *, const uint8_t *);
440 static void run_updateslot(struct ifnet *);
441 static void run_updateslot_cb(void *);
442 static void run_update_mcast(struct ifnet *);
443 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
444 static void run_update_promisc_locked(struct ifnet *);
445 static void run_update_promisc(struct ifnet *);
446 static void run_rt5390_bbp_init(struct run_softc *);
447 static int run_bbp_init(struct run_softc *);
448 static int run_rt3070_rf_init(struct run_softc *);
449 static void run_rt3593_rf_init(struct run_softc *);
450 static void run_rt5390_rf_init(struct run_softc *);
451 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
453 static void run_rt3070_rf_setup(struct run_softc *);
454 static void run_rt3593_rf_setup(struct run_softc *);
455 static void run_rt5390_rf_setup(struct run_softc *);
456 static int run_txrx_enable(struct run_softc *);
457 static void run_adjust_freq_offset(struct run_softc *);
458 static void run_init(void *);
459 static void run_init_locked(struct run_softc *);
460 static void run_stop(void *);
461 static void run_delay(struct run_softc *, u_int);
463 static eventhandler_tag run_etag;
465 static const struct rt2860_rate {
468 enum ieee80211_phytype phy;
473 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
474 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
475 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
476 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
477 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
478 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
479 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
480 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
481 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
482 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
483 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
484 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
487 static const struct {
490 } rt2870_def_mac[] = {
494 static const struct {
497 } rt2860_def_bbp[] = {
499 },rt5390_def_bbp[] = {
501 },rt5592_def_bbp[] = {
506 * Default values for BBP register R196 for RT5592.
508 static const uint8_t rt5592_bbp_r196[] = {
509 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
510 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
511 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
512 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
513 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
514 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
516 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
517 0x2e, 0x36, 0x30, 0x6e
520 static const struct rfprog {
522 uint32_t r1, r2, r3, r4;
523 } rt2860_rf2850[] = {
533 static const struct rt5592_freqs {
536 } rt5592_freqs_20mhz[] = {
538 },rt5592_freqs_40mhz[] = {
542 static const struct {
545 } rt3070_def_rf[] = {
547 },rt3572_def_rf[] = {
549 },rt3593_def_rf[] = {
551 },rt5390_def_rf[] = {
553 },rt5392_def_rf[] = {
555 },rt5592_def_rf[] = {
557 },rt5592_2ghz_def_rf[] = {
559 },rt5592_5ghz_def_rf[] = {
563 static const struct {
568 } rt5592_chan_5ghz[] = {
572 static const struct usb_config run_config[RUN_N_XFER] = {
575 .endpoint = UE_ADDR_ANY,
577 .direction = UE_DIR_OUT,
578 .bufsize = RUN_MAX_TXSZ,
579 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
580 .callback = run_bulk_tx_callback0,
581 .timeout = 5000, /* ms */
585 .endpoint = UE_ADDR_ANY,
586 .direction = UE_DIR_OUT,
588 .bufsize = RUN_MAX_TXSZ,
589 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
590 .callback = run_bulk_tx_callback1,
591 .timeout = 5000, /* ms */
595 .endpoint = UE_ADDR_ANY,
596 .direction = UE_DIR_OUT,
598 .bufsize = RUN_MAX_TXSZ,
599 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
600 .callback = run_bulk_tx_callback2,
601 .timeout = 5000, /* ms */
605 .endpoint = UE_ADDR_ANY,
606 .direction = UE_DIR_OUT,
608 .bufsize = RUN_MAX_TXSZ,
609 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
610 .callback = run_bulk_tx_callback3,
611 .timeout = 5000, /* ms */
613 [RUN_BULK_TX_HCCA] = {
615 .endpoint = UE_ADDR_ANY,
616 .direction = UE_DIR_OUT,
618 .bufsize = RUN_MAX_TXSZ,
619 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
620 .callback = run_bulk_tx_callback4,
621 .timeout = 5000, /* ms */
623 [RUN_BULK_TX_PRIO] = {
625 .endpoint = UE_ADDR_ANY,
626 .direction = UE_DIR_OUT,
628 .bufsize = RUN_MAX_TXSZ,
629 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
630 .callback = run_bulk_tx_callback5,
631 .timeout = 5000, /* ms */
635 .endpoint = UE_ADDR_ANY,
636 .direction = UE_DIR_IN,
637 .bufsize = RUN_MAX_RXSZ,
638 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
639 .callback = run_bulk_rx_callback,
644 run_autoinst(void *arg, struct usb_device *udev,
645 struct usb_attach_arg *uaa)
647 struct usb_interface *iface;
648 struct usb_interface_descriptor *id;
650 if (uaa->dev_state != UAA_DEV_READY)
653 iface = usbd_get_iface(udev, 0);
657 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
659 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
662 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
663 uaa->dev_state = UAA_DEV_EJECTING;
667 run_driver_loaded(struct module *mod, int what, void *arg)
671 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
672 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
675 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
684 run_match(device_t self)
686 struct usb_attach_arg *uaa = device_get_ivars(self);
688 if (uaa->usb_mode != USB_MODE_HOST)
690 if (uaa->info.bConfigIndex != 0)
692 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
695 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
699 run_attach(device_t self)
701 struct run_softc *sc = device_get_softc(self);
702 struct usb_attach_arg *uaa = device_get_ivars(self);
703 struct ieee80211com *ic;
707 uint8_t iface_index, bands;
709 device_set_usb_desc(self);
710 sc->sc_udev = uaa->device;
712 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
713 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
715 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
716 MTX_NETWORK_LOCK, MTX_DEF);
718 iface_index = RT2860_IFACE_INDEX;
720 error = usbd_transfer_setup(uaa->device, &iface_index,
721 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
723 device_printf(self, "could not allocate USB transfers, "
724 "err=%s\n", usbd_errstr(error));
730 /* wait for the chip to settle */
731 for (ntries = 0; ntries < 100; ntries++) {
732 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
736 if (ver != 0 && ver != 0xffffffff)
741 device_printf(sc->sc_dev,
742 "timeout waiting for NIC to initialize\n");
746 sc->mac_ver = ver >> 16;
747 sc->mac_rev = ver & 0xffff;
749 /* retrieve RF rev. no and various other things from EEPROM */
752 device_printf(sc->sc_dev,
753 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
754 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
755 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
759 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
761 device_printf(sc->sc_dev, "can not if_alloc()\n");
767 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
768 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
769 ifp->if_init = run_init;
770 ifp->if_ioctl = run_ioctl;
771 ifp->if_start = run_start;
772 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
773 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
774 IFQ_SET_READY(&ifp->if_snd);
777 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
778 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
780 /* set device capabilities */
782 IEEE80211_C_STA | /* station mode supported */
783 IEEE80211_C_MONITOR | /* monitor mode supported */
786 IEEE80211_C_WDS | /* 4-address traffic works */
788 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
789 IEEE80211_C_SHSLOT | /* short slot time supported */
790 IEEE80211_C_WME | /* WME */
791 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
794 IEEE80211_CRYPTO_WEP |
795 IEEE80211_CRYPTO_AES_CCM |
796 IEEE80211_CRYPTO_TKIPMIC |
797 IEEE80211_CRYPTO_TKIP;
799 ic->ic_flags |= IEEE80211_F_DATAPAD;
800 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
803 setbit(&bands, IEEE80211_MODE_11B);
804 setbit(&bands, IEEE80211_MODE_11G);
805 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
806 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
807 sc->rf_rev == RT5592_RF_5592)
808 setbit(&bands, IEEE80211_MODE_11A);
809 ieee80211_init_channels(ic, NULL, &bands);
811 ieee80211_ifattach(ic, sc->sc_bssid);
813 ic->ic_scan_start = run_scan_start;
814 ic->ic_scan_end = run_scan_end;
815 ic->ic_set_channel = run_set_channel;
816 ic->ic_node_alloc = run_node_alloc;
817 ic->ic_newassoc = run_newassoc;
818 ic->ic_updateslot = run_updateslot;
819 ic->ic_update_mcast = run_update_mcast;
820 ic->ic_wme.wme_update = run_wme_update;
821 ic->ic_raw_xmit = run_raw_xmit;
822 ic->ic_update_promisc = run_update_promisc;
824 ic->ic_vap_create = run_vap_create;
825 ic->ic_vap_delete = run_vap_delete;
827 ieee80211_radiotap_attach(ic,
828 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
829 RUN_TX_RADIOTAP_PRESENT,
830 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
831 RUN_RX_RADIOTAP_PRESENT);
833 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
834 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
835 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
838 ieee80211_announce(ic);
848 run_detach(device_t self)
850 struct run_softc *sc = device_get_softc(self);
851 struct ifnet *ifp = sc->sc_ifp;
852 struct ieee80211com *ic;
859 /* stop all USB transfers */
860 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
863 sc->ratectl_run = RUN_RATECTL_OFF;
864 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
866 /* free TX list, if any */
867 for (i = 0; i != RUN_EP_QUEUES; i++)
868 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
874 usb_callout_drain(&sc->ratectl_ch);
875 ieee80211_draintask(ic, &sc->cmdq_task);
876 ieee80211_draintask(ic, &sc->ratectl_task);
877 ieee80211_ifdetach(ic);
881 mtx_destroy(&sc->sc_mtx);
886 static struct ieee80211vap *
887 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
888 enum ieee80211_opmode opmode, int flags,
889 const uint8_t bssid[IEEE80211_ADDR_LEN],
890 const uint8_t mac[IEEE80211_ADDR_LEN])
892 struct ifnet *ifp = ic->ic_ifp;
893 struct run_softc *sc = ifp->if_softc;
895 struct ieee80211vap *vap;
898 if (sc->rvp_cnt >= RUN_VAP_MAX) {
899 if_printf(ifp, "number of VAPs maxed out\n");
904 case IEEE80211_M_STA:
905 /* enable s/w bmiss handling for sta mode */
906 flags |= IEEE80211_CLONE_NOBEACONS;
908 case IEEE80211_M_IBSS:
909 case IEEE80211_M_MONITOR:
910 case IEEE80211_M_HOSTAP:
911 case IEEE80211_M_MBSS:
912 /* other than WDS vaps, only one at a time */
913 if (!TAILQ_EMPTY(&ic->ic_vaps))
916 case IEEE80211_M_WDS:
917 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
918 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
920 /* WDS vap's always share the local mac address. */
921 flags &= ~IEEE80211_CLONE_BSSID;
925 if_printf(ifp, "wds only supported in ap mode\n");
930 if_printf(ifp, "unknown opmode %d\n", opmode);
934 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
935 M_80211_VAP, M_NOWAIT | M_ZERO);
940 if (ieee80211_vap_setup(ic, vap, name, unit,
941 opmode, flags, bssid, mac) != 0) {
943 free(rvp, M_80211_VAP);
947 vap->iv_key_update_begin = run_key_update_begin;
948 vap->iv_key_update_end = run_key_update_end;
949 vap->iv_update_beacon = run_update_beacon;
950 vap->iv_max_aid = RT2870_WCID_MAX;
952 * To delete the right key from h/w, we need wcid.
953 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
954 * and matching wcid will be written into there. So, cast
955 * some spells to remove 'const' from ieee80211_key{}
957 vap->iv_key_delete = (void *)run_key_delete;
958 vap->iv_key_set = (void *)run_key_set;
960 /* override state transition machine */
961 rvp->newstate = vap->iv_newstate;
962 vap->iv_newstate = run_newstate;
964 ieee80211_ratectl_init(vap);
965 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
968 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
970 /* make sure id is always unique */
971 for (i = 0; i < RUN_VAP_MAX; i++) {
972 if((sc->rvp_bmap & 1 << i) == 0){
973 sc->rvp_bmap |= 1 << i;
978 if (sc->rvp_cnt++ == 0)
979 ic->ic_opmode = opmode;
981 if (opmode == IEEE80211_M_HOSTAP)
982 sc->cmdq_run = RUN_CMDQ_GO;
984 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
985 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
991 run_vap_delete(struct ieee80211vap *vap)
993 struct run_vap *rvp = RUN_VAP(vap);
995 struct ieee80211com *ic;
996 struct run_softc *sc;
1009 m_freem(rvp->beacon_mbuf);
1010 rvp->beacon_mbuf = NULL;
1012 rvp_id = rvp->rvp_id;
1013 sc->ratectl_run &= ~(1 << rvp_id);
1014 sc->rvp_bmap &= ~(1 << rvp_id);
1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1024 ieee80211_ratectl_deinit(vap);
1025 ieee80211_vap_detach(vap);
1026 free(rvp, M_80211_VAP);
1030 * There are numbers of functions need to be called in context thread.
1031 * Rather than creating taskqueue event for each of those functions,
1032 * here is all-for-one taskqueue callback function. This function
1033 * gurantees deferred functions are executed in the same order they
1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1038 run_cmdq_cb(void *arg, int pending)
1040 struct run_softc *sc = arg;
1043 /* call cmdq[].func locked */
1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1046 i = sc->cmdq_exec, pending--) {
1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1048 if (sc->cmdq_run == RUN_CMDQ_GO) {
1050 * If arg0 is NULL, callback func needs more
1051 * than one arg. So, pass ptr to cmdq struct.
1053 if (sc->cmdq[i].arg0)
1054 sc->cmdq[i].func(sc->cmdq[i].arg0);
1056 sc->cmdq[i].func(&sc->cmdq[i]);
1058 sc->cmdq[i].arg0 = NULL;
1059 sc->cmdq[i].func = NULL;
1061 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1069 struct run_tx_data *data;
1071 memset(pq, 0, sizeof(*pq));
1073 STAILQ_INIT(&pq->tx_qh);
1074 STAILQ_INIT(&pq->tx_fh);
1076 for (data = &pq->tx_data[0];
1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1081 pq->tx_nfree = RUN_TX_RING_COUNT;
1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1087 struct run_tx_data *data;
1089 /* make sure any subsequent use of the queues will fail */
1091 STAILQ_INIT(&pq->tx_fh);
1092 STAILQ_INIT(&pq->tx_qh);
1094 /* free up all node references and mbufs */
1095 for (data = &pq->tx_data[0];
1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1097 if (data->m != NULL) {
1101 if (data->ni != NULL) {
1102 ieee80211_free_node(data->ni);
1109 run_load_microcode(struct run_softc *sc)
1111 usb_device_request_t req;
1112 const struct firmware *fw;
1116 const uint64_t *temp;
1120 fw = firmware_get("runfw");
1123 device_printf(sc->sc_dev,
1124 "failed loadfirmware of file %s\n", "runfw");
1128 if (fw->datasize != 8192) {
1129 device_printf(sc->sc_dev,
1130 "invalid firmware size (should be 8KB)\n");
1136 * RT3071/RT3072 use a different firmware
1137 * run-rt2870 (8KB) contains both,
1138 * first half (4KB) is for rt2870,
1139 * last half is for rt3071.
1142 if ((sc->mac_ver) != 0x2860 &&
1143 (sc->mac_ver) != 0x2872 &&
1144 (sc->mac_ver) != 0x3070) {
1148 /* cheap sanity check */
1151 if (bytes != be64toh(0xffffff0210280210ULL)) {
1152 device_printf(sc->sc_dev, "firmware checksum failed\n");
1157 /* write microcode image */
1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1165 req.bRequest = RT2870_RESET;
1166 USETW(req.wValue, 8);
1167 USETW(req.wIndex, 0);
1168 USETW(req.wLength, 0);
1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1171 device_printf(sc->sc_dev, "firmware reset failed\n");
1177 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1178 run_write(sc, RT2860_H2M_MAILBOX, 0);
1179 run_write(sc, RT2860_H2M_INTSRC, 0);
1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1183 /* wait until microcontroller is ready */
1184 for (ntries = 0; ntries < 1000; ntries++) {
1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1187 if (tmp & RT2860_MCU_READY)
1191 if (ntries == 1000) {
1192 device_printf(sc->sc_dev,
1193 "timeout waiting for MCU to initialize\n");
1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1198 (base == fw->data) ? "RT2870" : "RT3071",
1199 *(base + 4092), *(base + 4093));
1202 firmware_put(fw, FIRMWARE_UNLOAD);
1207 run_reset(struct run_softc *sc)
1209 usb_device_request_t req;
1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1212 req.bRequest = RT2870_RESET;
1213 USETW(req.wValue, 1);
1214 USETW(req.wIndex, 0);
1215 USETW(req.wLength, 0);
1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1220 run_do_request(struct run_softc *sc,
1221 struct usb_device_request *req, void *data)
1226 RUN_LOCK_ASSERT(sc, MA_OWNED);
1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1230 req, data, 0, NULL, 250 /* ms */);
1233 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1248 *val = le32toh(tmp);
1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1257 usb_device_request_t req;
1259 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1260 req.bRequest = RT2870_READ_REGION_1;
1261 USETW(req.wValue, 0);
1262 USETW(req.wIndex, reg);
1263 USETW(req.wLength, len);
1265 return (run_do_request(sc, &req, buf));
1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1271 usb_device_request_t req;
1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1274 req.bRequest = RT2870_WRITE_2;
1275 USETW(req.wValue, val);
1276 USETW(req.wIndex, reg);
1277 USETW(req.wLength, 0);
1279 return (run_do_request(sc, &req, NULL));
1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1288 error = run_write_2(sc, reg + 2, val >> 16);
1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1299 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1300 * We thus issue multiple WRITE_2 commands instead.
1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1303 for (i = 0; i < len && error == 0; i += 2)
1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1307 usb_device_request_t req;
1311 * NOTE: It appears the WRITE_REGION_1 command cannot be
1312 * passed a huge amount of data, which will crash the
1313 * firmware. Limit amount of data passed to 64-bytes at a
1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1322 req.bRequest = RT2870_WRITE_REGION_1;
1323 USETW(req.wValue, 0);
1324 USETW(req.wIndex, reg);
1325 USETW(req.wLength, delta);
1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1343 for (i = 0; i < len && error == 0; i += 4)
1344 error = run_write(sc, reg + i, val);
1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1369 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1370 for (ntries = 0; ntries < 100; ntries++) {
1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1373 if (!(tmp & RT3070_EFSROM_KICK))
1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1381 *val = 0xffff; /* address not found */
1384 /* determine to which 32-bit register our 16-bit word belongs */
1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1386 if ((error = run_read(sc, reg, &tmp)) != 0)
1389 tmp >>= (8 * (addr & 0x3));
1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1399 return (run_efuse_read(sc, addr, val, 2));
1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1405 usb_device_request_t req;
1410 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1411 req.bRequest = RT2870_EEPROM_READ;
1412 USETW(req.wValue, 0);
1413 USETW(req.wIndex, addr);
1414 USETW(req.wLength, sizeof(tmp));
1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1418 *val = le16toh(tmp);
1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427 /* either eFUSE ROM or EEPROM */
1428 return sc->sc_srom_read(sc, addr, val);
1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1437 for (ntries = 0; ntries < 10; ntries++) {
1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1440 if (!(tmp & RT2860_RF_REG_CTRL))
1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1455 for (ntries = 0; ntries < 100; ntries++) {
1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1458 if (!(tmp & RT3070_RF_KICK))
1464 tmp = RT3070_RF_KICK | reg << 8;
1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1468 for (ntries = 0; ntries < 100; ntries++) {
1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1471 if (!(tmp & RT3070_RF_KICK))
1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1487 for (ntries = 0; ntries < 10; ntries++) {
1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1490 if (!(tmp & RT3070_RF_KICK))
1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1506 for (ntries = 0; ntries < 10; ntries++) {
1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1509 if (!(tmp & RT2860_BBP_CSR_KICK))
1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1519 for (ntries = 0; ntries < 10; ntries++) {
1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1522 if (!(tmp & RT2860_BBP_CSR_KICK))
1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1538 for (ntries = 0; ntries < 10; ntries++) {
1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1541 if (!(tmp & RT2860_BBP_CSR_KICK))
1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1552 * Send a command to the 8051 microcontroller unit.
1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1560 for (ntries = 0; ntries < 100; ntries++) {
1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1563 if (!(tmp & RT2860_H2M_BUSY))
1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1571 error = run_write(sc, RT2860_HOST_CMD, cmd);
1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1577 * Used to adjust per-rate Tx power registers.
1579 static __inline uint32_t
1580 b4inc(uint32_t b32, int8_t delta)
1584 for (i = 0; i < 8; i++) {
1591 b32 = b32 >> 4 | b4 << 28;
1597 run_get_rf(uint16_t rev)
1600 case RT2860_RF_2820: return "RT2820";
1601 case RT2860_RF_2850: return "RT2850";
1602 case RT2860_RF_2720: return "RT2720";
1603 case RT2860_RF_2750: return "RT2750";
1604 case RT3070_RF_3020: return "RT3020";
1605 case RT3070_RF_2020: return "RT2020";
1606 case RT3070_RF_3021: return "RT3021";
1607 case RT3070_RF_3022: return "RT3022";
1608 case RT3070_RF_3052: return "RT3052";
1609 case RT3593_RF_3053: return "RT3053";
1610 case RT5592_RF_5592: return "RT5592";
1611 case RT5390_RF_5370: return "RT5370";
1612 case RT5390_RF_5372: return "RT5372";
1618 run_rt3593_get_txpower(struct run_softc *sc)
1623 /* Read power settings for 2GHz channels. */
1624 for (i = 0; i < 14; i += 2) {
1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1626 RT2860_EEPROM_PWR2GHZ_BASE1;
1627 run_srom_read(sc, addr + i / 2, &val);
1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1629 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1632 RT2860_EEPROM_PWR2GHZ_BASE2;
1633 run_srom_read(sc, addr + i / 2, &val);
1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1635 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1637 if (sc->ntxchains == 3) {
1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1641 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1644 /* Fix broken Tx power entries. */
1645 for (i = 0; i < 14; i++) {
1646 if (sc->txpow1[i] > 31)
1648 if (sc->txpow2[i] > 31)
1650 if (sc->ntxchains == 3) {
1651 if (sc->txpow3[i] > 31)
1655 /* Read power settings for 5GHz channels. */
1656 for (i = 0; i < 40; i += 2) {
1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1659 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1663 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1665 if (sc->ntxchains == 3) {
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1669 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1675 run_get_txpower(struct run_softc *sc)
1680 /* Read power settings for 2GHz channels. */
1681 for (i = 0; i < 14; i += 2) {
1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1684 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1686 if (sc->mac_ver != 0x5390) {
1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1690 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1693 /* Fix broken Tx power entries. */
1694 for (i = 0; i < 14; i++) {
1695 if (sc->mac_ver >= 0x5390) {
1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1702 if (sc->mac_ver > 0x5390) {
1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1705 } else if (sc->mac_ver < 0x5390) {
1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1709 DPRINTF("chan %d: power1=%d, power2=%d\n",
1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1712 /* Read power settings for 5GHz channels. */
1713 for (i = 0; i < 40; i += 2) {
1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1716 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1720 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1722 /* Fix broken Tx power entries. */
1723 for (i = 0; i < 40; i++ ) {
1724 if (sc->mac_ver != 0x5592) {
1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1726 sc->txpow1[14 + i] = 5;
1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1728 sc->txpow2[14 + i] = 5;
1730 DPRINTF("chan %d: power1=%d, power2=%d\n",
1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1732 sc->txpow2[14 + i]);
1737 run_read_eeprom(struct run_softc *sc)
1739 int8_t delta_2ghz, delta_5ghz;
1744 /* check whether the ROM is eFUSE ROM or EEPROM */
1745 sc->sc_srom_read = run_eeprom_read_2;
1746 if (sc->mac_ver >= 0x3070) {
1747 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1748 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1749 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1750 sc->sc_srom_read = run_efuse_read_2;
1753 /* read ROM version */
1754 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1755 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1757 /* read MAC address */
1758 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1759 sc->sc_bssid[0] = val & 0xff;
1760 sc->sc_bssid[1] = val >> 8;
1761 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1762 sc->sc_bssid[2] = val & 0xff;
1763 sc->sc_bssid[3] = val >> 8;
1764 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1765 sc->sc_bssid[4] = val & 0xff;
1766 sc->sc_bssid[5] = val >> 8;
1768 if (sc->mac_ver < 0x3593) {
1769 /* read vender BBP settings */
1770 for (i = 0; i < 10; i++) {
1771 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1772 sc->bbp[i].val = val & 0xff;
1773 sc->bbp[i].reg = val >> 8;
1774 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1777 if (sc->mac_ver >= 0x3071) {
1778 /* read vendor RF settings */
1779 for (i = 0; i < 10; i++) {
1780 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1782 sc->rf[i].val = val & 0xff;
1783 sc->rf[i].reg = val >> 8;
1784 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1790 /* read RF frequency offset from EEPROM */
1791 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1792 RT3593_EEPROM_FREQ, &val);
1793 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1794 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1797 RT3593_EEPROM_FREQ_LEDS, &val);
1798 if (val >> 8 != 0xff) {
1799 /* read LEDs operating mode */
1800 sc->leds = val >> 8;
1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1802 RT3593_EEPROM_LED1, &sc->led[0]);
1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1804 RT3593_EEPROM_LED2, &sc->led[1]);
1805 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1806 RT3593_EEPROM_LED3, &sc->led[2]);
1808 /* broken EEPROM, use default settings */
1810 sc->led[0] = 0x5555;
1811 sc->led[1] = 0x2221;
1812 sc->led[2] = 0x5627; /* differs from RT2860 */
1814 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1815 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1817 /* read RF information */
1818 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1819 run_srom_read(sc, 0x00, &val);
1821 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1823 if (val == 0xffff) {
1824 device_printf(sc->sc_dev,
1825 "invalid EEPROM antenna info, using default\n");
1826 DPRINTF("invalid EEPROM antenna info, using default\n");
1827 if (sc->mac_ver == 0x3572) {
1828 /* default to RF3052 2T2R */
1829 sc->rf_rev = RT3070_RF_3052;
1832 } else if (sc->mac_ver >= 0x3070) {
1833 /* default to RF3020 1T1R */
1834 sc->rf_rev = RT3070_RF_3020;
1838 /* default to RF2820 1T2R */
1839 sc->rf_rev = RT2860_RF_2820;
1844 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1846 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1848 sc->rf_rev = (val >> 8) & 0xf;
1849 sc->ntxchains = (val >> 4) & 0xf;
1850 sc->nrxchains = val & 0xf;
1852 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1853 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1855 /* check if RF supports automatic Tx access gain control */
1856 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1857 DPRINTF("EEPROM CFG 0x%04x\n", val);
1858 /* check if driver should patch the DAC issue */
1859 if ((val >> 8) != 0xff)
1860 sc->patch_dac = (val >> 15) & 1;
1861 if ((val & 0xff) != 0xff) {
1862 sc->ext_5ghz_lna = (val >> 3) & 1;
1863 sc->ext_2ghz_lna = (val >> 2) & 1;
1864 /* check if RF supports automatic Tx access gain control */
1865 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1866 /* check if we have a hardware radio switch */
1867 sc->rfswitch = val & 1;
1870 /* Read Tx power settings. */
1871 if (sc->mac_ver == 0x3593)
1872 run_rt3593_get_txpower(sc);
1874 run_get_txpower(sc);
1876 /* read Tx power compensation for each Tx rate */
1877 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1878 delta_2ghz = delta_5ghz = 0;
1879 if ((val & 0xff) != 0xff && (val & 0x80)) {
1880 delta_2ghz = val & 0xf;
1881 if (!(val & 0x40)) /* negative number */
1882 delta_2ghz = -delta_2ghz;
1885 if ((val & 0xff) != 0xff && (val & 0x80)) {
1886 delta_5ghz = val & 0xf;
1887 if (!(val & 0x40)) /* negative number */
1888 delta_5ghz = -delta_5ghz;
1890 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1891 delta_2ghz, delta_5ghz);
1893 for (ridx = 0; ridx < 5; ridx++) {
1896 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1898 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1899 reg |= (uint32_t)val << 16;
1901 sc->txpow20mhz[ridx] = reg;
1902 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1903 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1905 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1906 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1907 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1910 /* Read RSSI offsets and LNA gains from EEPROM. */
1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1912 RT3593_EEPROM_RSSI1_2GHZ, &val);
1913 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1914 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1916 RT3593_EEPROM_RSSI2_2GHZ, &val);
1917 if (sc->mac_ver >= 0x3070) {
1918 if (sc->mac_ver == 0x3593) {
1919 sc->txmixgain_2ghz = 0;
1920 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1923 * On RT3070 chips (limited to 2 Rx chains), this ROM
1924 * field contains the Tx mixer gain for the 2GHz band.
1926 if ((val & 0xff) != 0xff)
1927 sc->txmixgain_2ghz = val & 0x7;
1929 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1931 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1932 if (sc->mac_ver == 0x3593)
1933 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1934 sc->lna[2] = val >> 8; /* channel group 2 */
1936 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1937 RT3593_EEPROM_RSSI1_5GHZ, &val);
1938 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1939 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1940 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1941 RT3593_EEPROM_RSSI2_5GHZ, &val);
1942 if (sc->mac_ver == 0x3572) {
1944 * On RT3572 chips (limited to 2 Rx chains), this ROM
1945 * field contains the Tx mixer gain for the 5GHz band.
1947 if ((val & 0xff) != 0xff)
1948 sc->txmixgain_5ghz = val & 0x7;
1949 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1951 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1952 if (sc->mac_ver == 0x3593) {
1953 sc->txmixgain_5ghz = 0;
1954 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1956 sc->lna[3] = val >> 8; /* channel group 3 */
1958 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1959 RT3593_EEPROM_LNA, &val);
1960 sc->lna[0] = val & 0xff; /* channel group 0 */
1961 sc->lna[1] = val >> 8; /* channel group 1 */
1963 /* fix broken 5GHz LNA entries */
1964 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1965 DPRINTF("invalid LNA for channel group %d\n", 2);
1966 sc->lna[2] = sc->lna[1];
1968 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1969 DPRINTF("invalid LNA for channel group %d\n", 3);
1970 sc->lna[3] = sc->lna[1];
1973 /* fix broken RSSI offset entries */
1974 for (ant = 0; ant < 3; ant++) {
1975 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1976 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1977 ant + 1, sc->rssi_2ghz[ant]);
1978 sc->rssi_2ghz[ant] = 0;
1980 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1981 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1982 ant + 1, sc->rssi_5ghz[ant]);
1983 sc->rssi_5ghz[ant] = 0;
1989 static struct ieee80211_node *
1990 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1992 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1996 run_media_change(struct ifnet *ifp)
1998 struct ieee80211vap *vap = ifp->if_softc;
1999 struct ieee80211com *ic = vap->iv_ic;
2000 const struct ieee80211_txparam *tp;
2001 struct run_softc *sc = ic->ic_ifp->if_softc;
2007 error = ieee80211_media_change(ifp);
2008 if (error != ENETRESET) {
2013 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2014 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2015 struct ieee80211_node *ni;
2016 struct run_node *rn;
2018 rate = ic->ic_sup_rates[ic->ic_curmode].
2019 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2020 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2021 if (rt2860_rates[ridx].rate == rate)
2023 ni = ieee80211_ref_node(vap->iv_bss);
2024 rn = (struct run_node *)ni;
2025 rn->fix_ridx = ridx;
2026 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2027 ieee80211_free_node(ni);
2031 if ((ifp->if_flags & IFF_UP) &&
2032 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2033 run_init_locked(sc);
2043 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2045 const struct ieee80211_txparam *tp;
2046 struct ieee80211com *ic = vap->iv_ic;
2047 struct run_softc *sc = ic->ic_ifp->if_softc;
2048 struct run_vap *rvp = RUN_VAP(vap);
2049 enum ieee80211_state ostate;
2053 uint8_t restart_ratectl = 0;
2054 uint8_t bid = 1 << rvp->rvp_id;
2056 ostate = vap->iv_state;
2057 DPRINTF("%s -> %s\n",
2058 ieee80211_state_name[ostate],
2059 ieee80211_state_name[nstate]);
2061 IEEE80211_UNLOCK(ic);
2064 ratectl = sc->ratectl_run; /* remember current state */
2065 sc->ratectl_run = RUN_RATECTL_OFF;
2066 usb_callout_stop(&sc->ratectl_ch);
2068 if (ostate == IEEE80211_S_RUN) {
2069 /* turn link LED off */
2070 run_set_leds(sc, RT2860_LED_RADIO);
2074 case IEEE80211_S_INIT:
2075 restart_ratectl = 1;
2077 if (ostate != IEEE80211_S_RUN)
2081 sc->runbmap &= ~bid;
2083 /* abort TSF synchronization if there is no vap running */
2084 if (--sc->running == 0) {
2085 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2086 run_write(sc, RT2860_BCN_TIME_CFG,
2087 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2088 RT2860_TBTT_TIMER_EN));
2092 case IEEE80211_S_RUN:
2093 if (!(sc->runbmap & bid)) {
2095 restart_ratectl = 1;
2099 m_freem(rvp->beacon_mbuf);
2100 rvp->beacon_mbuf = NULL;
2102 switch (vap->iv_opmode) {
2103 case IEEE80211_M_HOSTAP:
2104 case IEEE80211_M_MBSS:
2105 sc->ap_running |= bid;
2106 ic->ic_opmode = vap->iv_opmode;
2107 run_update_beacon_cb(vap);
2109 case IEEE80211_M_IBSS:
2110 sc->adhoc_running |= bid;
2111 if (!sc->ap_running)
2112 ic->ic_opmode = vap->iv_opmode;
2113 run_update_beacon_cb(vap);
2115 case IEEE80211_M_STA:
2116 sc->sta_running |= bid;
2117 if (!sc->ap_running && !sc->adhoc_running)
2118 ic->ic_opmode = vap->iv_opmode;
2120 /* read statistic counters (clear on read) */
2121 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2122 (uint8_t *)sta, sizeof sta);
2126 ic->ic_opmode = vap->iv_opmode;
2130 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2131 struct ieee80211_node *ni;
2133 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2138 run_updateslot(ic->ic_ifp);
2140 run_set_txpreamble(sc);
2141 run_set_basicrates(sc);
2142 ni = ieee80211_ref_node(vap->iv_bss);
2143 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2144 run_set_bssid(sc, ni->ni_bssid);
2145 ieee80211_free_node(ni);
2146 run_enable_tsf_sync(sc);
2148 /* enable automatic rate adaptation */
2149 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2150 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2154 /* turn link LED on */
2155 run_set_leds(sc, RT2860_LED_RADIO |
2156 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2157 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2161 DPRINTFN(6, "undefined case\n");
2165 /* restart amrr for running VAPs */
2166 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2167 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2172 return(rvp->newstate(vap, nstate, arg));
2177 run_wme_update_cb(void *arg)
2179 struct ieee80211com *ic = arg;
2180 struct run_softc *sc = ic->ic_ifp->if_softc;
2181 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2184 RUN_LOCK_ASSERT(sc, MA_OWNED);
2186 /* update MAC TX configuration registers */
2187 for (aci = 0; aci < WME_NUM_AC; aci++) {
2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2189 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2190 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2191 wmesp->wme_params[aci].wmep_aifsn << 8 |
2192 wmesp->wme_params[aci].wmep_txopLimit);
2193 if (error) goto err;
2196 /* update SCH/DMA registers too */
2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2198 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2199 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2200 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2201 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2202 if (error) goto err;
2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2204 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2205 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2206 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2207 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2208 if (error) goto err;
2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2210 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2211 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2212 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2213 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2214 if (error) goto err;
2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2216 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2217 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2218 if (error) goto err;
2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2220 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2221 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2225 DPRINTF("WME update failed\n");
2231 run_wme_update(struct ieee80211com *ic)
2233 struct run_softc *sc = ic->ic_ifp->if_softc;
2235 /* sometime called wothout lock */
2236 if (mtx_owned(&ic->ic_comlock.mtx)) {
2237 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2238 DPRINTF("cmdq_store=%d\n", i);
2239 sc->cmdq[i].func = run_wme_update_cb;
2240 sc->cmdq[i].arg0 = ic;
2241 ieee80211_runtask(ic, &sc->cmdq_task);
2246 run_wme_update_cb(ic);
2249 /* return whatever, upper layer desn't care anyway */
2254 run_key_update_begin(struct ieee80211vap *vap)
2257 * To avoid out-of-order events, both run_key_set() and
2258 * _delete() are deferred and handled by run_cmdq_cb().
2259 * So, there is nothing we need to do here.
2264 run_key_update_end(struct ieee80211vap *vap)
2270 run_key_set_cb(void *arg)
2272 struct run_cmdq *cmdq = arg;
2273 struct ieee80211vap *vap = cmdq->arg1;
2274 struct ieee80211_key *k = cmdq->k;
2275 struct ieee80211com *ic = vap->iv_ic;
2276 struct run_softc *sc = ic->ic_ifp->if_softc;
2277 struct ieee80211_node *ni;
2279 uint16_t base, associd;
2280 uint8_t mode, wcid, iv[8];
2282 RUN_LOCK_ASSERT(sc, MA_OWNED);
2284 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2285 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2288 associd = (ni != NULL) ? ni->ni_associd : 0;
2290 /* map net80211 cipher to RT2860 security mode */
2291 switch (k->wk_cipher->ic_cipher) {
2292 case IEEE80211_CIPHER_WEP:
2293 if(k->wk_keylen < 8)
2294 mode = RT2860_MODE_WEP40;
2296 mode = RT2860_MODE_WEP104;
2298 case IEEE80211_CIPHER_TKIP:
2299 mode = RT2860_MODE_TKIP;
2301 case IEEE80211_CIPHER_AES_CCM:
2302 mode = RT2860_MODE_AES_CCMP;
2305 DPRINTF("undefined case\n");
2309 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2310 associd, k->wk_keyix, mode,
2311 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2312 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2313 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2315 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2316 wcid = 0; /* NB: update WCID0 for group keys */
2317 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2319 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2320 1 : RUN_AID2WCID(associd);
2321 base = RT2860_PKEY(wcid);
2324 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2325 if(run_write_region_1(sc, base, k->wk_key, 16))
2327 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2329 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2332 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2333 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2337 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2338 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2339 /* set initial packet number in IV+EIV */
2340 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2341 memset(iv, 0, sizeof iv);
2342 iv[3] = vap->iv_def_txkey << 6;
2344 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2345 iv[0] = k->wk_keytsc >> 8;
2346 iv[1] = (iv[0] | 0x20) & 0x7f;
2347 iv[2] = k->wk_keytsc;
2349 iv[0] = k->wk_keytsc;
2350 iv[1] = k->wk_keytsc >> 8;
2353 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2354 iv[4] = k->wk_keytsc >> 16;
2355 iv[5] = k->wk_keytsc >> 24;
2356 iv[6] = k->wk_keytsc >> 32;
2357 iv[7] = k->wk_keytsc >> 40;
2359 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2363 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2364 /* install group key */
2365 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2367 attr &= ~(0xf << (k->wk_keyix * 4));
2368 attr |= mode << (k->wk_keyix * 4);
2369 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2372 /* install pairwise key */
2373 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2375 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2376 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2380 /* TODO create a pass-thru key entry? */
2382 /* need wcid to delete the right key later */
2387 * Don't have to be deferred, but in order to keep order of
2388 * execution, i.e. with run_key_delete(), defer this and let
2389 * run_cmdq_cb() maintain the order.
2394 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2395 const uint8_t mac[IEEE80211_ADDR_LEN])
2397 struct ieee80211com *ic = vap->iv_ic;
2398 struct run_softc *sc = ic->ic_ifp->if_softc;
2401 i = RUN_CMDQ_GET(&sc->cmdq_store);
2402 DPRINTF("cmdq_store=%d\n", i);
2403 sc->cmdq[i].func = run_key_set_cb;
2404 sc->cmdq[i].arg0 = NULL;
2405 sc->cmdq[i].arg1 = vap;
2407 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2408 ieee80211_runtask(ic, &sc->cmdq_task);
2411 * To make sure key will be set when hostapd
2412 * calls iv_key_set() before if_init().
2414 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2416 sc->cmdq_key_set = RUN_CMDQ_GO;
2424 * If wlan is destroyed without being brought down i.e. without
2425 * wlan down or wpa_cli terminate, this function is called after
2426 * vap is gone. Don't refer it.
2429 run_key_delete_cb(void *arg)
2431 struct run_cmdq *cmdq = arg;
2432 struct run_softc *sc = cmdq->arg1;
2433 struct ieee80211_key *k = &cmdq->key;
2437 RUN_LOCK_ASSERT(sc, MA_OWNED);
2439 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2440 /* remove group key */
2441 DPRINTF("removing group key\n");
2442 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2443 attr &= ~(0xf << (k->wk_keyix * 4));
2444 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2446 /* remove pairwise key */
2447 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2448 /* matching wcid was written to wk_pad in run_key_set() */
2450 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2452 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2453 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2463 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2465 struct ieee80211com *ic = vap->iv_ic;
2466 struct run_softc *sc = ic->ic_ifp->if_softc;
2467 struct ieee80211_key *k0;
2471 * When called back, key might be gone. So, make a copy
2472 * of some values need to delete keys before deferring.
2473 * But, because of LOR with node lock, cannot use lock here.
2474 * So, use atomic instead.
2476 i = RUN_CMDQ_GET(&sc->cmdq_store);
2477 DPRINTF("cmdq_store=%d\n", i);
2478 sc->cmdq[i].func = run_key_delete_cb;
2479 sc->cmdq[i].arg0 = NULL;
2480 sc->cmdq[i].arg1 = sc;
2481 k0 = &sc->cmdq[i].key;
2482 k0->wk_flags = k->wk_flags;
2483 k0->wk_keyix = k->wk_keyix;
2484 /* matching wcid was written to wk_pad in run_key_set() */
2485 k0->wk_pad = k->wk_pad;
2486 ieee80211_runtask(ic, &sc->cmdq_task);
2487 return (1); /* return fake success */
2492 run_ratectl_to(void *arg)
2494 struct run_softc *sc = arg;
2496 /* do it in a process context, so it can go sleep */
2497 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2498 /* next timeout will be rescheduled in the callback task */
2503 run_ratectl_cb(void *arg, int pending)
2505 struct run_softc *sc = arg;
2506 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2507 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2512 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2514 * run_reset_livelock() doesn't do anything with AMRR,
2515 * but Ralink wants us to call it every 1 sec. So, we
2516 * piggyback here rather than creating another callout.
2517 * Livelock may occur only in HOSTAP or IBSS mode
2518 * (when h/w is sending beacons).
2521 run_reset_livelock(sc);
2522 /* just in case, there are some stats to drain */
2527 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2530 if(sc->ratectl_run != RUN_RATECTL_OFF)
2531 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2536 run_drain_fifo(void *arg)
2538 struct run_softc *sc = arg;
2539 struct ifnet *ifp = sc->sc_ifp;
2541 uint16_t (*wstat)[3];
2542 uint8_t wcid, mcs, pid;
2545 RUN_LOCK_ASSERT(sc, MA_OWNED);
2548 /* drain Tx status FIFO (maxsize = 16) */
2549 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2550 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2551 if (!(stat & RT2860_TXQ_VLD))
2554 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2556 /* if no ACK was requested, no feedback is available */
2557 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2562 * Even though each stat is Tx-complete-status like format,
2563 * the device can poll stats. Because there is no guarantee
2564 * that the referring node is still around when read the stats.
2565 * So that, if we use ieee80211_ratectl_tx_update(), we will
2566 * have hard time not to refer already freed node.
2568 * To eliminate such page faults, we poll stats in softc.
2569 * Then, update the rates later with ieee80211_ratectl_tx_update().
2571 wstat = &(sc->wcid_stats[wcid]);
2572 (*wstat)[RUN_TXCNT]++;
2573 if (stat & RT2860_TXQ_OK)
2574 (*wstat)[RUN_SUCCESS]++;
2578 * Check if there were retries, ie if the Tx success rate is
2579 * different from the requested rate. Note that it works only
2580 * because we do not allow rate fallback from OFDM to CCK.
2582 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2583 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2584 if ((retry = pid -1 - mcs) > 0) {
2585 (*wstat)[RUN_TXCNT] += retry;
2586 (*wstat)[RUN_RETRY] += retry;
2589 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2595 run_iter_func(void *arg, struct ieee80211_node *ni)
2597 struct run_softc *sc = arg;
2598 struct ieee80211vap *vap = ni->ni_vap;
2599 struct ieee80211com *ic = ni->ni_ic;
2600 struct ifnet *ifp = ic->ic_ifp;
2601 struct run_node *rn = (void *)ni;
2602 union run_stats sta[2];
2603 uint16_t (*wstat)[3];
2604 int txcnt, success, retrycnt, error;
2608 /* Check for special case */
2609 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2613 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2614 vap->iv_opmode == IEEE80211_M_STA)) {
2615 /* read statistic counters (clear on read) and update AMRR state */
2616 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2621 /* count failed TX as errors */
2622 ifp->if_oerrors += le16toh(sta[0].error.fail);
2624 retrycnt = le16toh(sta[1].tx.retry);
2625 success = le16toh(sta[1].tx.success);
2626 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2628 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2629 retrycnt, success, le16toh(sta[0].error.fail));
2631 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2633 if (wstat == &(sc->wcid_stats[0]) ||
2634 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2637 txcnt = (*wstat)[RUN_TXCNT];
2638 success = (*wstat)[RUN_SUCCESS];
2639 retrycnt = (*wstat)[RUN_RETRY];
2640 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2641 retrycnt, txcnt, success);
2643 memset(wstat, 0, sizeof(*wstat));
2646 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2647 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2652 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2656 run_newassoc_cb(void *arg)
2658 struct run_cmdq *cmdq = arg;
2659 struct ieee80211_node *ni = cmdq->arg1;
2660 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2661 uint8_t wcid = cmdq->wcid;
2663 RUN_LOCK_ASSERT(sc, MA_OWNED);
2665 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2666 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2668 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2672 run_newassoc(struct ieee80211_node *ni, int isnew)
2674 struct run_node *rn = (void *)ni;
2675 struct ieee80211_rateset *rs = &ni->ni_rates;
2676 struct ieee80211vap *vap = ni->ni_vap;
2677 struct ieee80211com *ic = vap->iv_ic;
2678 struct run_softc *sc = ic->ic_ifp->if_softc;
2684 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2685 1 : RUN_AID2WCID(ni->ni_associd);
2687 if (wcid > RT2870_WCID_MAX) {
2688 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2692 /* only interested in true associations */
2693 if (isnew && ni->ni_associd != 0) {
2696 * This function could is called though timeout function.
2699 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2700 DPRINTF("cmdq_store=%d\n", cnt);
2701 sc->cmdq[cnt].func = run_newassoc_cb;
2702 sc->cmdq[cnt].arg0 = NULL;
2703 sc->cmdq[cnt].arg1 = ni;
2704 sc->cmdq[cnt].wcid = wcid;
2705 ieee80211_runtask(ic, &sc->cmdq_task);
2708 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2709 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2711 for (i = 0; i < rs->rs_nrates; i++) {
2712 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2713 /* convert 802.11 rate to hardware rate index */
2714 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2715 if (rt2860_rates[ridx].rate == rate)
2718 /* determine rate of control response frames */
2719 for (j = i; j >= 0; j--) {
2720 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2721 rt2860_rates[rn->ridx[i]].phy ==
2722 rt2860_rates[rn->ridx[j]].phy)
2726 rn->ctl_ridx[i] = rn->ridx[j];
2728 /* no basic rate found, use mandatory one */
2729 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2731 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2732 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2734 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2735 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2736 if (rt2860_rates[ridx].rate == rate)
2738 rn->mgt_ridx = ridx;
2739 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2742 if(sc->ratectl_run != RUN_RATECTL_OFF)
2743 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2748 * Return the Rx chain with the highest RSSI for a given frame.
2750 static __inline uint8_t
2751 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2753 uint8_t rxchain = 0;
2755 if (sc->nrxchains > 1) {
2756 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2758 if (sc->nrxchains > 2)
2759 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2766 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2768 struct ifnet *ifp = sc->sc_ifp;
2769 struct ieee80211com *ic = ifp->if_l2com;
2770 struct ieee80211_frame *wh;
2771 struct ieee80211_node *ni;
2772 struct rt2870_rxd *rxd;
2773 struct rt2860_rxwi *rxwi;
2775 uint16_t len, rxwisize;
2779 rxwi = mtod(m, struct rt2860_rxwi *);
2780 len = le16toh(rxwi->len) & 0xfff;
2781 rxwisize = sizeof(struct rt2860_rxwi);
2782 if (sc->mac_ver == 0x5592)
2783 rxwisize += sizeof(uint64_t);
2784 else if (sc->mac_ver == 0x3593)
2785 rxwisize += sizeof(uint32_t);
2786 if (__predict_false(len > dmalen)) {
2789 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2792 /* Rx descriptor is located at the end */
2793 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2794 flags = le32toh(rxd->flags);
2796 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2799 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2803 m->m_data += rxwisize;
2804 m->m_pkthdr.len = m->m_len -= rxwisize;
2806 wh = mtod(m, struct ieee80211_frame *);
2808 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2809 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2810 m->m_flags |= M_WEP;
2813 if (flags & RT2860_RX_L2PAD) {
2814 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2818 ni = ieee80211_find_rxnode(ic,
2819 mtod(m, struct ieee80211_frame_min *));
2821 if (__predict_false(flags & RT2860_RX_MICERR)) {
2822 /* report MIC failures to net80211 for TKIP */
2824 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2828 DPRINTF("MIC error. Someone is lying.\n");
2832 ant = run_maxrssi_chain(sc, rxwi);
2833 rssi = rxwi->rssi[ant];
2834 nf = run_rssi2dbm(sc, rssi, ant);
2836 m->m_pkthdr.rcvif = ifp;
2837 m->m_pkthdr.len = m->m_len = len;
2840 (void)ieee80211_input(ni, m, rssi, nf);
2841 ieee80211_free_node(ni);
2843 (void)ieee80211_input_all(ic, m, rssi, nf);
2846 if (__predict_false(ieee80211_radiotap_active(ic))) {
2847 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2851 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2852 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2853 tap->wr_antsignal = rssi;
2854 tap->wr_antenna = ant;
2855 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2856 tap->wr_rate = 2; /* in case it can't be found below */
2857 phy = le16toh(rxwi->phy);
2858 switch (phy & RT2860_PHY_MODE) {
2859 case RT2860_PHY_CCK:
2860 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2861 case 0: tap->wr_rate = 2; break;
2862 case 1: tap->wr_rate = 4; break;
2863 case 2: tap->wr_rate = 11; break;
2864 case 3: tap->wr_rate = 22; break;
2866 if (phy & RT2860_PHY_SHPRE)
2867 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2869 case RT2860_PHY_OFDM:
2870 switch (phy & RT2860_PHY_MCS) {
2871 case 0: tap->wr_rate = 12; break;
2872 case 1: tap->wr_rate = 18; break;
2873 case 2: tap->wr_rate = 24; break;
2874 case 3: tap->wr_rate = 36; break;
2875 case 4: tap->wr_rate = 48; break;
2876 case 5: tap->wr_rate = 72; break;
2877 case 6: tap->wr_rate = 96; break;
2878 case 7: tap->wr_rate = 108; break;
2886 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2888 struct run_softc *sc = usbd_xfer_softc(xfer);
2889 struct ifnet *ifp = sc->sc_ifp;
2890 struct mbuf *m = NULL;
2896 rxwisize = sizeof(struct rt2860_rxwi);
2897 if (sc->mac_ver == 0x5592)
2898 rxwisize += sizeof(uint64_t);
2899 else if (sc->mac_ver == 0x3593)
2900 rxwisize += sizeof(uint32_t);
2902 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2904 switch (USB_GET_STATE(xfer)) {
2905 case USB_ST_TRANSFERRED:
2907 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2909 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2910 sizeof(struct rt2870_rxd))) {
2911 DPRINTF("xfer too short %d\n", xferlen);
2921 if (sc->rx_m == NULL) {
2922 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2923 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2925 if (sc->rx_m == NULL) {
2926 DPRINTF("could not allocate mbuf - idle with stall\n");
2928 usbd_xfer_set_stall(xfer);
2929 usbd_xfer_set_frames(xfer, 0);
2932 * Directly loading a mbuf cluster into DMA to
2933 * save some data copying. This works because
2934 * there is only one cluster.
2936 usbd_xfer_set_frame_data(xfer, 0,
2937 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2938 usbd_xfer_set_frames(xfer, 1);
2940 usbd_transfer_submit(xfer);
2943 default: /* Error */
2944 if (error != USB_ERR_CANCELLED) {
2945 /* try to clear stall first */
2946 usbd_xfer_set_stall(xfer);
2948 if (error == USB_ERR_TIMEOUT)
2949 device_printf(sc->sc_dev, "device timeout\n");
2955 if (sc->rx_m != NULL) {
2965 /* inputting all the frames must be last */
2969 m->m_pkthdr.len = m->m_len = xferlen;
2971 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2973 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2975 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2976 ((dmalen & 3) != 0)) {
2977 DPRINTF("bad DMA length %u\n", dmalen);
2980 if ((dmalen + 8) > (uint32_t)xferlen) {
2981 DPRINTF("bad DMA length %u > %d\n",
2982 dmalen + 8, xferlen);
2986 /* If it is the last one or a single frame, we won't copy. */
2987 if ((xferlen -= dmalen + 8) <= 8) {
2988 /* trim 32-bit DMA-len header */
2990 m->m_pkthdr.len = m->m_len -= 4;
2991 run_rx_frame(sc, m, dmalen);
2992 m = NULL; /* don't free source buffer */
2996 /* copy aggregated frames to another mbuf */
2997 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2998 if (__predict_false(m0 == NULL)) {
2999 DPRINTF("could not allocate mbuf\n");
3003 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3004 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3005 m0->m_pkthdr.len = m0->m_len =
3006 dmalen + sizeof(struct rt2870_rxd);
3007 run_rx_frame(sc, m0, dmalen);
3009 /* update data ptr */
3010 m->m_data += dmalen + 8;
3011 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3014 /* make sure we free the source buffer, if any */
3021 run_tx_free(struct run_endpoint_queue *pq,
3022 struct run_tx_data *data, int txerr)
3024 if (data->m != NULL) {
3025 if (data->m->m_flags & M_TXCB)
3026 ieee80211_process_callback(data->ni, data->m,
3027 txerr ? ETIMEDOUT : 0);
3031 if (data->ni == NULL) {
3032 DPRINTF("no node\n");
3034 ieee80211_free_node(data->ni);
3039 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3044 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3046 struct run_softc *sc = usbd_xfer_softc(xfer);
3047 struct ifnet *ifp = sc->sc_ifp;
3048 struct ieee80211com *ic = ifp->if_l2com;
3049 struct run_tx_data *data;
3050 struct ieee80211vap *vap = NULL;
3051 struct usb_page_cache *pc;
3052 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3054 usb_frlength_t size;
3058 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3060 switch (USB_GET_STATE(xfer)) {
3061 case USB_ST_TRANSFERRED:
3062 DPRINTFN(11, "transfer complete: %d "
3063 "bytes @ index %d\n", actlen, index);
3065 data = usbd_xfer_get_priv(xfer);
3067 run_tx_free(pq, data, 0);
3068 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3070 usbd_xfer_set_priv(xfer, NULL);
3077 data = STAILQ_FIRST(&pq->tx_qh);
3081 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3084 size = (sc->mac_ver == 0x5592) ?
3085 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3086 if ((m->m_pkthdr.len +
3087 size + 3 + 8) > RUN_MAX_TXSZ) {
3088 DPRINTF("data overflow, %u bytes\n",
3093 run_tx_free(pq, data, 1);
3098 pc = usbd_xfer_get_frame(xfer, 0);
3099 usbd_copy_in(pc, 0, &data->desc, size);
3100 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3101 size += m->m_pkthdr.len;
3103 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3104 * 4-byte padding), and be sure to zero those trailing
3107 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3108 size += ((-size) & 3) + 8;
3110 vap = data->ni->ni_vap;
3111 if (ieee80211_radiotap_active_vap(vap)) {
3112 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3113 struct rt2860_txwi *txwi =
3114 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3116 tap->wt_rate = rt2860_rates[data->ridx].rate;
3117 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3118 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3119 tap->wt_hwqueue = index;
3120 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3121 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3123 ieee80211_radiotap_tx(vap, m);
3126 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3127 m->m_pkthdr.len, size, index);
3129 usbd_xfer_set_frame_len(xfer, 0, size);
3130 usbd_xfer_set_priv(xfer, data);
3132 usbd_transfer_submit(xfer);
3141 DPRINTF("USB transfer error, %s\n",
3142 usbd_errstr(error));
3144 data = usbd_xfer_get_priv(xfer);
3149 if(data->ni != NULL)
3150 vap = data->ni->ni_vap;
3151 run_tx_free(pq, data, error);
3152 usbd_xfer_set_priv(xfer, NULL);
3155 vap = TAILQ_FIRST(&ic->ic_vaps);
3157 if (error != USB_ERR_CANCELLED) {
3158 if (error == USB_ERR_TIMEOUT) {
3159 device_printf(sc->sc_dev, "device timeout\n");
3160 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3161 DPRINTF("cmdq_store=%d\n", i);
3162 sc->cmdq[i].func = run_usb_timeout_cb;
3163 sc->cmdq[i].arg0 = vap;
3164 ieee80211_runtask(ic, &sc->cmdq_task);
3168 * Try to clear stall first, also if other
3169 * errors occur, hence clearing stall
3170 * introduces a 50 ms delay:
3172 usbd_xfer_set_stall(xfer);
3180 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3182 run_bulk_tx_callbackN(xfer, error, 0);
3186 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3188 run_bulk_tx_callbackN(xfer, error, 1);
3192 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3194 run_bulk_tx_callbackN(xfer, error, 2);
3198 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3200 run_bulk_tx_callbackN(xfer, error, 3);
3204 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3206 run_bulk_tx_callbackN(xfer, error, 4);
3210 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3212 run_bulk_tx_callbackN(xfer, error, 5);
3216 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3218 struct mbuf *m = data->m;
3219 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3220 struct ieee80211vap *vap = data->ni->ni_vap;
3221 struct ieee80211_frame *wh;
3222 struct rt2870_txd *txd;
3223 struct rt2860_txwi *txwi;
3224 uint16_t xferlen, txwisize;
3226 uint8_t ridx = data->ridx;
3229 /* get MCS code from rate index */
3230 mcs = rt2860_rates[ridx].mcs;
3232 txwisize = (sc->mac_ver == 0x5592) ?
3233 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3234 xferlen = txwisize + m->m_pkthdr.len;
3236 /* roundup to 32-bit alignment */
3237 xferlen = (xferlen + 3) & ~3;
3239 txd = (struct rt2870_txd *)&data->desc;
3240 txd->len = htole16(xferlen);
3242 wh = mtod(m, struct ieee80211_frame *);
3245 * Ether both are true or both are false, the header
3246 * are nicely aligned to 32-bit. So, no L2 padding.
3248 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3253 /* setup TX Wireless Information */
3254 txwi = (struct rt2860_txwi *)(txd + 1);
3255 txwi->len = htole16(m->m_pkthdr.len - pad);
3256 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3257 mcs |= RT2860_PHY_CCK;
3258 if (ridx != RT2860_RIDX_CCK1 &&
3259 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3260 mcs |= RT2860_PHY_SHPRE;
3262 mcs |= RT2860_PHY_OFDM;
3263 txwi->phy = htole16(mcs);
3265 /* check if RTS/CTS or CTS-to-self protection is required */
3266 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3267 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3268 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3269 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3270 txwi->txop |= RT2860_TX_TXOP_HT;
3272 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3274 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3275 txwi->xflags |= RT2860_TX_NSEQ;
3278 /* This function must be called locked */
3280 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3282 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3283 struct ieee80211vap *vap = ni->ni_vap;
3284 struct ieee80211_frame *wh;
3285 struct ieee80211_channel *chan;
3286 const struct ieee80211_txparam *tp;
3287 struct run_node *rn = (void *)ni;
3288 struct run_tx_data *data;
3289 struct rt2870_txd *txd;
3290 struct rt2860_txwi *txwi;
3302 RUN_LOCK_ASSERT(sc, MA_OWNED);
3304 wh = mtod(m, struct ieee80211_frame *);
3306 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3309 * There are 7 bulk endpoints: 1 for RX
3310 * and 6 for TX (4 EDCAs + HCCA + Prio).
3311 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3312 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3314 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3317 if(IEEE80211_HAS_ADDR4(wh))
3318 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3320 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3322 qos = le16toh(*(const uint16_t *)frm);
3323 tid = qos & IEEE80211_QOS_TID;
3324 qid = TID_TO_WME_AC(tid);
3330 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3332 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3333 qos, qid, tid, qflags);
3335 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3336 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3338 /* pickup a rate index */
3339 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3340 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3341 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3342 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3343 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3345 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3346 ridx = rn->fix_ridx;
3348 ridx = rn->amrr_ridx;
3349 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3352 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3353 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3354 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3355 xflags |= RT2860_TX_ACK;
3356 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3357 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3359 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3360 USETW(wh->i_dur, dur);
3363 /* reserve slots for mgmt packets, just in case */
3364 if (sc->sc_epq[qid].tx_nfree < 3) {
3365 DPRINTFN(10, "tx ring %d is full\n", qid);
3369 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3370 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3371 sc->sc_epq[qid].tx_nfree--;
3373 txd = (struct rt2870_txd *)&data->desc;
3374 txd->flags = qflags;
3375 txwi = (struct rt2860_txwi *)(txd + 1);
3376 txwi->xflags = xflags;
3377 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3380 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3381 1 : RUN_AID2WCID(ni->ni_associd);
3383 /* clear leftover garbage bits */
3391 run_set_tx_desc(sc, data);
3394 * The chip keeps track of 2 kind of Tx stats,
3395 * * TX_STAT_FIFO, for per WCID stats, and
3396 * * TX_STA_CNT0 for all-TX-in-one stats.
3398 * To use FIFO stats, we need to store MCS into the driver-private
3399 * PacketID field. So that, we can tell whose stats when we read them.
3400 * We add 1 to the MCS because setting the PacketID field to 0 means
3401 * that we don't want feedback in TX_STAT_FIFO.
3402 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3404 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3406 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3407 vap->iv_opmode == IEEE80211_M_MBSS) {
3408 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3409 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3412 * Unlike PCI based devices, we don't get any interrupt from
3413 * USB devices, so we simulate FIFO-is-full interrupt here.
3414 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3415 * quickly get fulled. To prevent overflow, increment a counter on
3416 * every FIFO stat request, so we know how many slots are left.
3417 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3418 * are used only in those modes.
3419 * We just drain stats. AMRR gets updated every 1 sec by
3420 * run_ratectl_cb() via callout.
3421 * Call it early. Otherwise overflow.
3423 if (sc->fifo_cnt++ == 10) {
3425 * With multiple vaps or if_bridge, if_start() is called
3426 * with a non-sleepable lock, tcpinp. So, need to defer.
3428 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3429 DPRINTFN(6, "cmdq_store=%d\n", i);
3430 sc->cmdq[i].func = run_drain_fifo;
3431 sc->cmdq[i].arg0 = sc;
3432 ieee80211_runtask(ic, &sc->cmdq_task);
3436 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3438 usbd_transfer_start(sc->sc_xfer[qid]);
3440 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3441 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3442 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3448 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3450 struct ifnet *ifp = sc->sc_ifp;
3451 struct ieee80211com *ic = ifp->if_l2com;
3452 struct run_node *rn = (void *)ni;
3453 struct run_tx_data *data;
3454 struct ieee80211_frame *wh;
3455 struct rt2870_txd *txd;
3456 struct rt2860_txwi *txwi;
3458 uint8_t ridx = rn->mgt_ridx;
3463 RUN_LOCK_ASSERT(sc, MA_OWNED);
3465 wh = mtod(m, struct ieee80211_frame *);
3467 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3469 /* tell hardware to add timestamp for probe responses */
3471 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3472 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3473 wflags |= RT2860_TX_TS;
3474 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3475 xflags |= RT2860_TX_ACK;
3477 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3478 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3479 USETW(wh->i_dur, dur);
3482 if (sc->sc_epq[0].tx_nfree == 0) {
3483 /* let caller free mbuf */
3484 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3487 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3488 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3489 sc->sc_epq[0].tx_nfree--;
3491 txd = (struct rt2870_txd *)&data->desc;
3492 txd->flags = RT2860_TX_QSEL_EDCA;
3493 txwi = (struct rt2860_txwi *)(txd + 1);
3495 txwi->flags = wflags;
3496 txwi->xflags = xflags;
3497 txwi->txop = 0; /* clear leftover garbage bits */
3503 run_set_tx_desc(sc, data);
3505 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3506 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3507 rt2860_rates[ridx].rate);
3509 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3511 usbd_transfer_start(sc->sc_xfer[0]);
3517 run_sendprot(struct run_softc *sc,
3518 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3520 struct ieee80211com *ic = ni->ni_ic;
3521 struct ieee80211_frame *wh;
3522 struct run_tx_data *data;
3523 struct rt2870_txd *txd;
3524 struct rt2860_txwi *txwi;
3536 RUN_LOCK_ASSERT(sc, MA_OWNED);
3538 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3539 ("protection %d", prot));
3541 wh = mtod(m, struct ieee80211_frame *);
3542 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3543 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3545 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3546 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3548 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3549 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3550 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3551 wflags = RT2860_TX_FRAG;
3553 /* check that there are free slots before allocating the mbuf */
3554 if (sc->sc_epq[0].tx_nfree == 0) {
3555 /* let caller free mbuf */
3556 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3560 if (prot == IEEE80211_PROT_RTSCTS) {
3561 /* NB: CTS is the same size as an ACK */
3562 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3563 xflags |= RT2860_TX_ACK;
3564 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3566 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3568 if (mprot == NULL) {
3569 sc->sc_ifp->if_oerrors++;
3570 DPRINTF("could not allocate mbuf\n");
3574 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3575 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3576 sc->sc_epq[0].tx_nfree--;
3578 txd = (struct rt2870_txd *)&data->desc;
3579 txd->flags = RT2860_TX_QSEL_EDCA;
3580 txwi = (struct rt2860_txwi *)(txd + 1);
3582 txwi->flags = wflags;
3583 txwi->xflags = xflags;
3584 txwi->txop = 0; /* clear leftover garbage bits */
3587 data->ni = ieee80211_ref_node(ni);
3589 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3590 if (rt2860_rates[ridx].rate == protrate)
3594 run_set_tx_desc(sc, data);
3596 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3597 m->m_pkthdr.len, rate);
3599 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3601 usbd_transfer_start(sc->sc_xfer[0]);
3607 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3608 const struct ieee80211_bpf_params *params)
3610 struct ieee80211com *ic = ni->ni_ic;
3611 struct ieee80211_frame *wh;
3612 struct run_tx_data *data;
3613 struct rt2870_txd *txd;
3614 struct rt2860_txwi *txwi;
3618 uint8_t opflags = 0;
3622 RUN_LOCK_ASSERT(sc, MA_OWNED);
3624 KASSERT(params != NULL, ("no raw xmit params"));
3626 wh = mtod(m, struct ieee80211_frame *);
3627 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3629 rate = params->ibp_rate0;
3630 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3631 /* let caller free mbuf */
3635 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3636 xflags |= RT2860_TX_ACK;
3637 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3638 error = run_sendprot(sc, m, ni,
3639 params->ibp_flags & IEEE80211_BPF_RTS ?
3640 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3643 /* let caller free mbuf */
3646 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3649 if (sc->sc_epq[0].tx_nfree == 0) {
3650 /* let caller free mbuf */
3651 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3652 DPRINTF("sending raw frame, but tx ring is full\n");
3655 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3656 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3657 sc->sc_epq[0].tx_nfree--;
3659 txd = (struct rt2870_txd *)&data->desc;
3660 txd->flags = RT2860_TX_QSEL_EDCA;
3661 txwi = (struct rt2860_txwi *)(txd + 1);
3663 txwi->xflags = xflags;
3664 txwi->txop = opflags;
3665 txwi->flags = 0; /* clear leftover garbage bits */
3669 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3670 if (rt2860_rates[ridx].rate == rate)
3674 run_set_tx_desc(sc, data);
3676 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3677 m->m_pkthdr.len, rate);
3679 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3681 usbd_transfer_start(sc->sc_xfer[0]);
3687 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3688 const struct ieee80211_bpf_params *params)
3690 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3691 struct run_softc *sc = ifp->if_softc;
3696 /* prevent management frames from being sent if we're not ready */
3697 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3702 if (params == NULL) {
3704 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3706 DPRINTF("mgt tx failed\n");
3710 /* tx raw packet with param */
3711 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3713 DPRINTF("tx with param failed\n");
3726 ieee80211_free_node(ni);
3733 run_start(struct ifnet *ifp)
3735 struct run_softc *sc = ifp->if_softc;
3736 struct ieee80211_node *ni;
3741 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3747 /* send data frames */
3748 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3752 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3753 if (run_tx(sc, m, ni) != 0) {
3754 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3755 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3764 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3766 struct run_softc *sc = ifp->if_softc;
3767 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3768 struct ifreq *ifr = (struct ifreq *) data;
3773 error = sc->sc_detached ? ENXIO : 0;
3781 if (ifp->if_flags & IFF_UP) {
3782 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3784 run_init_locked(sc);
3786 run_update_promisc_locked(ifp);
3788 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3789 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3795 ieee80211_start_all(ic);
3798 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3801 error = ether_ioctl(ifp, cmd, data);
3812 run_iq_calib(struct run_softc *sc, u_int chan)
3817 run_bbp_write(sc, 158, 0x2c);
3819 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3820 else if (chan <= 64) {
3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3824 } else if (chan <= 138) {
3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3828 } else if (chan <= 165) {
3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3834 run_bbp_write(sc, 159, val);
3837 run_bbp_write(sc, 158, 0x2d);
3839 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3841 } else if (chan <= 64) {
3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3845 } else if (chan <= 138) {
3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3849 } else if (chan <= 165) {
3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3855 run_bbp_write(sc, 159, val);
3858 run_bbp_write(sc, 158, 0x4a);
3860 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3862 } else if (chan <= 64) {
3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3866 } else if (chan <= 138) {
3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3870 } else if (chan <= 165) {
3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3876 run_bbp_write(sc, 159, val);
3879 run_bbp_write(sc, 158, 0x4b);
3881 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3883 } else if (chan <= 64) {
3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3887 } else if (chan <= 138) {
3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3891 } else if (chan <= 165) {
3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3897 run_bbp_write(sc, 159, val);
3899 /* RF IQ compensation control. */
3900 run_bbp_write(sc, 158, 0x04);
3901 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3903 run_bbp_write(sc, 159, val);
3905 /* RF IQ imbalance compensation control. */
3906 run_bbp_write(sc, 158, 0x03);
3908 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3909 run_bbp_write(sc, 159, val);
3913 run_set_agc(struct run_softc *sc, uint8_t agc)
3917 if (sc->mac_ver == 0x3572) {
3918 run_bbp_read(sc, 27, &bbp);
3920 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3921 run_bbp_write(sc, 66, agc);
3922 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3923 run_bbp_write(sc, 66, agc);
3925 run_bbp_write(sc, 66, agc);
3929 run_select_chan_group(struct run_softc *sc, int group)
3934 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3935 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3936 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3937 if (sc->mac_ver < 0x3572)
3938 run_bbp_write(sc, 86, 0x00);
3940 if (sc->mac_ver == 0x3593) {
3941 run_bbp_write(sc, 77, 0x98);
3942 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3946 if (sc->ext_2ghz_lna) {
3947 if (sc->mac_ver >= 0x5390)
3948 run_bbp_write(sc, 75, 0x52);
3950 run_bbp_write(sc, 82, 0x62);
3951 run_bbp_write(sc, 75, 0x46);
3954 if (sc->mac_ver == 0x5592) {
3955 run_bbp_write(sc, 79, 0x1c);
3956 run_bbp_write(sc, 80, 0x0e);
3957 run_bbp_write(sc, 81, 0x3a);
3958 run_bbp_write(sc, 82, 0x62);
3960 run_bbp_write(sc, 195, 0x80);
3961 run_bbp_write(sc, 196, 0xe0);
3962 run_bbp_write(sc, 195, 0x81);
3963 run_bbp_write(sc, 196, 0x1f);
3964 run_bbp_write(sc, 195, 0x82);
3965 run_bbp_write(sc, 196, 0x38);
3966 run_bbp_write(sc, 195, 0x83);
3967 run_bbp_write(sc, 196, 0x32);
3968 run_bbp_write(sc, 195, 0x85);
3969 run_bbp_write(sc, 196, 0x28);
3970 run_bbp_write(sc, 195, 0x86);
3971 run_bbp_write(sc, 196, 0x19);
3972 } else if (sc->mac_ver >= 0x5390)
3973 run_bbp_write(sc, 75, 0x50);
3975 run_bbp_write(sc, 82,
3976 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3977 run_bbp_write(sc, 75, 0x50);
3981 if (sc->mac_ver == 0x5592) {
3982 run_bbp_write(sc, 79, 0x18);
3983 run_bbp_write(sc, 80, 0x08);
3984 run_bbp_write(sc, 81, 0x38);
3985 run_bbp_write(sc, 82, 0x92);
3987 run_bbp_write(sc, 195, 0x80);
3988 run_bbp_write(sc, 196, 0xf0);
3989 run_bbp_write(sc, 195, 0x81);
3990 run_bbp_write(sc, 196, 0x1e);
3991 run_bbp_write(sc, 195, 0x82);
3992 run_bbp_write(sc, 196, 0x28);
3993 run_bbp_write(sc, 195, 0x83);
3994 run_bbp_write(sc, 196, 0x20);
3995 run_bbp_write(sc, 195, 0x85);
3996 run_bbp_write(sc, 196, 0x7f);
3997 run_bbp_write(sc, 195, 0x86);
3998 run_bbp_write(sc, 196, 0x7f);
3999 } else if (sc->mac_ver == 0x3572)
4000 run_bbp_write(sc, 82, 0x94);
4002 run_bbp_write(sc, 82,
4003 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4004 if (sc->ext_5ghz_lna)
4005 run_bbp_write(sc, 75, 0x46);
4007 run_bbp_write(sc, 75, 0x50);
4010 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4011 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4012 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4013 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4015 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4016 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4017 if (sc->mac_ver == 0x3593)
4018 tmp |= 1 << 29 | 1 << 28;
4019 if (sc->nrxchains > 1)
4020 tmp |= RT2860_LNA_PE1_EN;
4021 if (group == 0) { /* 2GHz */
4022 tmp |= RT2860_PA_PE_G0_EN;
4023 if (sc->ntxchains > 1)
4024 tmp |= RT2860_PA_PE_G1_EN;
4025 if (sc->mac_ver == 0x3593) {
4026 if (sc->ntxchains > 2)
4030 tmp |= RT2860_PA_PE_A0_EN;
4031 if (sc->ntxchains > 1)
4032 tmp |= RT2860_PA_PE_A1_EN;
4034 if (sc->mac_ver == 0x3572) {
4035 run_rt3070_rf_write(sc, 8, 0x00);
4036 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4037 run_rt3070_rf_write(sc, 8, 0x80);
4039 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4041 if (sc->mac_ver == 0x5592) {
4042 run_bbp_write(sc, 195, 0x8d);
4043 run_bbp_write(sc, 196, 0x1a);
4046 if (sc->mac_ver == 0x3593) {
4047 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4051 tmp = (tmp & ~0x00009090) | 0x00000090;
4052 run_write(sc, RT2860_GPIO_CTRL, tmp);
4055 /* set initial AGC value */
4056 if (group == 0) { /* 2GHz band */
4057 if (sc->mac_ver >= 0x3070)
4058 agc = 0x1c + sc->lna[0] * 2;
4060 agc = 0x2e + sc->lna[0];
4061 } else { /* 5GHz band */
4062 if (sc->mac_ver == 0x5592)
4063 agc = 0x24 + sc->lna[group] * 2;
4064 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4065 agc = 0x22 + (sc->lna[group] * 5) / 3;
4067 agc = 0x32 + (sc->lna[group] * 5) / 3;
4069 run_set_agc(sc, agc);
4073 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4075 const struct rfprog *rfprog = rt2860_rf2850;
4076 uint32_t r2, r3, r4;
4077 int8_t txpow1, txpow2;
4080 /* find the settings for this channel (we know it exists) */
4081 for (i = 0; rfprog[i].chan != chan; i++);
4084 if (sc->ntxchains == 1)
4085 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4086 if (sc->nrxchains == 1)
4087 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4088 else if (sc->nrxchains == 2)
4089 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4091 /* use Tx power values from EEPROM */
4092 txpow1 = sc->txpow1[i];
4093 txpow2 = sc->txpow2[i];
4095 /* Initialize RF R3 and R4. */
4096 r3 = rfprog[i].r3 & 0xffffc1ff;
4097 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4100 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4101 r3 |= (txpow1 << 10) | (1 << 9);
4105 /* txpow1 is not possible larger than 15. */
4106 r3 |= (txpow1 << 10);
4109 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4110 r4 |= (txpow2 << 7) | (1 << 6);
4113 r4 |= (txpow2 << 7);
4116 /* Set Tx0 power. */
4117 r3 |= (txpow1 << 9);
4119 /* Set frequency offset and Tx1 power. */
4120 r4 |= (txpow2 << 6);
4123 run_rt2870_rf_write(sc, rfprog[i].r1);
4124 run_rt2870_rf_write(sc, r2);
4125 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4126 run_rt2870_rf_write(sc, r4);
4130 run_rt2870_rf_write(sc, rfprog[i].r1);
4131 run_rt2870_rf_write(sc, r2);
4132 run_rt2870_rf_write(sc, r3 | (1 << 2));
4133 run_rt2870_rf_write(sc, r4);
4137 run_rt2870_rf_write(sc, rfprog[i].r1);
4138 run_rt2870_rf_write(sc, r2);
4139 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4140 run_rt2870_rf_write(sc, r4);
4144 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4146 int8_t txpow1, txpow2;
4150 /* find the settings for this channel (we know it exists) */
4151 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4153 /* use Tx power values from EEPROM */
4154 txpow1 = sc->txpow1[i];
4155 txpow2 = sc->txpow2[i];
4157 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4159 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4160 run_rt3070_rf_read(sc, 3, &rf);
4161 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4162 run_rt3070_rf_write(sc, 3, rf);
4164 run_rt3070_rf_read(sc, 6, &rf);
4165 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4166 run_rt3070_rf_write(sc, 6, rf);
4169 run_rt3070_rf_read(sc, 12, &rf);
4170 rf = (rf & ~0x1f) | txpow1;
4171 run_rt3070_rf_write(sc, 12, rf);
4174 run_rt3070_rf_read(sc, 13, &rf);
4175 rf = (rf & ~0x1f) | txpow2;
4176 run_rt3070_rf_write(sc, 13, rf);
4178 run_rt3070_rf_read(sc, 1, &rf);
4180 if (sc->ntxchains == 1)
4181 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4182 else if (sc->ntxchains == 2)
4183 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4184 if (sc->nrxchains == 1)
4185 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4186 else if (sc->nrxchains == 2)
4187 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4188 run_rt3070_rf_write(sc, 1, rf);
4191 run_rt3070_rf_read(sc, 23, &rf);
4192 rf = (rf & ~0x7f) | sc->freq;
4193 run_rt3070_rf_write(sc, 23, rf);
4195 /* program RF filter */
4196 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4197 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4198 run_rt3070_rf_write(sc, 24, rf);
4199 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4200 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4201 run_rt3070_rf_write(sc, 31, rf);
4203 /* enable RF tuning */
4204 run_rt3070_rf_read(sc, 7, &rf);
4205 run_rt3070_rf_write(sc, 7, rf | 0x01);
4209 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4211 int8_t txpow1, txpow2;
4216 /* find the settings for this channel (we know it exists) */
4217 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4219 /* use Tx power values from EEPROM */
4220 txpow1 = sc->txpow1[i];
4221 txpow2 = sc->txpow2[i];
4224 run_bbp_write(sc, 25, sc->bbp25);
4225 run_bbp_write(sc, 26, sc->bbp26);
4227 /* enable IQ phase correction */
4228 run_bbp_write(sc, 25, 0x09);
4229 run_bbp_write(sc, 26, 0xff);
4232 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4233 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4234 run_rt3070_rf_read(sc, 6, &rf);
4235 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4236 rf |= (chan <= 14) ? 0x08 : 0x04;
4237 run_rt3070_rf_write(sc, 6, rf);
4240 run_rt3070_rf_read(sc, 5, &rf);
4241 rf &= ~(0x08 | 0x04);
4242 rf |= (chan <= 14) ? 0x04 : 0x08;
4243 run_rt3070_rf_write(sc, 5, rf);
4245 /* set Tx power for chain 0 */
4249 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4250 run_rt3070_rf_write(sc, 12, rf);
4252 /* set Tx power for chain 1 */
4256 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4257 run_rt3070_rf_write(sc, 13, rf);
4259 /* set Tx/Rx streams */
4260 run_rt3070_rf_read(sc, 1, &rf);
4262 if (sc->ntxchains == 1)
4263 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4264 else if (sc->ntxchains == 2)
4265 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4266 if (sc->nrxchains == 1)
4267 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4268 else if (sc->nrxchains == 2)
4269 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4270 run_rt3070_rf_write(sc, 1, rf);
4273 run_rt3070_rf_read(sc, 23, &rf);
4274 rf = (rf & ~0x7f) | sc->freq;
4275 run_rt3070_rf_write(sc, 23, rf);
4277 /* program RF filter */
4278 rf = sc->rf24_20mhz;
4279 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4280 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4282 /* enable RF tuning */
4283 run_rt3070_rf_read(sc, 7, &rf);
4284 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4285 run_rt3070_rf_write(sc, 7, rf);
4288 rf = (chan <= 14) ? 0xc3 : 0xc0;
4289 run_rt3070_rf_write(sc, 9, rf);
4291 /* set loop filter 1 */
4292 run_rt3070_rf_write(sc, 10, 0xf1);
4293 /* set loop filter 2 */
4294 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4297 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4300 rf = 0x48 | sc->txmixgain_2ghz;
4302 rf = 0x78 | sc->txmixgain_5ghz;
4303 run_rt3070_rf_write(sc, 16, rf);
4306 run_rt3070_rf_write(sc, 17, 0x23);
4310 else if (chan <= 64)
4312 else if (chan <= 128)
4316 run_rt3070_rf_write(sc, 19, rf);
4321 else if (chan <= 64)
4323 else if (chan <= 128)
4327 run_rt3070_rf_write(sc, 20, rf);
4332 else if (chan <= 64)
4336 run_rt3070_rf_write(sc, 25, rf);
4339 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4341 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4343 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4345 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4349 run_write(sc, RT2860_GPIO_CTRL, tmp);
4351 /* enable RF tuning */
4352 run_rt3070_rf_read(sc, 7, &rf);
4353 run_rt3070_rf_write(sc, 7, rf | 0x01);
4359 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4361 int8_t txpow1, txpow2, txpow3;
4365 /* find the settings for this channel (we know it exists) */
4366 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4368 /* use Tx power values from EEPROM */
4369 txpow1 = sc->txpow1[i];
4370 txpow2 = sc->txpow2[i];
4371 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4374 run_bbp_write(sc, 25, sc->bbp25);
4375 run_bbp_write(sc, 26, sc->bbp26);
4377 /* Enable IQ phase correction. */
4378 run_bbp_write(sc, 25, 0x09);
4379 run_bbp_write(sc, 26, 0xff);
4382 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4383 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4384 run_rt3070_rf_read(sc, 11, &rf);
4385 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4386 run_rt3070_rf_write(sc, 11, rf);
4389 run_rt3070_rf_read(sc, 11, &rf);
4391 rf |= (chan <= 14) ? 0x44 : 0x48;
4392 run_rt3070_rf_write(sc, 11, rf);
4397 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4398 run_rt3070_rf_write(sc, 53, rf);
4403 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4404 run_rt3070_rf_write(sc, 55, rf);
4409 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4410 run_rt3070_rf_write(sc, 54, rf);
4412 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4413 if (sc->ntxchains == 3)
4414 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4417 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4418 run_rt3070_rf_write(sc, 1, rf);
4420 run_adjust_freq_offset(sc);
4422 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4424 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4425 run_rt3070_rf_read(sc, 30, &rf);
4426 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4427 run_rt3070_rf_write(sc, 30, rf);
4429 run_rt3070_rf_read(sc, 36, &rf);
4434 run_rt3070_rf_write(sc, 36, rf);
4437 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4438 /* Set pfd_delay. */
4439 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4441 /* Set vco bias current control. */
4442 run_rt3070_rf_read(sc, 6, &rf);
4446 else if (chan <= 128)
4450 run_rt3070_rf_write(sc, 6, rf);
4452 run_rt3070_rf_read(sc, 30, &rf);
4453 rf = (rf & ~0x18) | 0x10;
4454 run_rt3070_rf_write(sc, 30, rf);
4456 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4457 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4459 run_rt3070_rf_read(sc, 51, &rf);
4460 rf = (rf & ~0x03) | 0x01;
4461 run_rt3070_rf_write(sc, 51, rf);
4462 /* Set tx_mx1_cc. */
4463 run_rt3070_rf_read(sc, 51, &rf);
4465 rf |= (chan <= 14) ? 0x14 : 0x10;
4466 run_rt3070_rf_write(sc, 51, rf);
4467 /* Set tx_mx1_ic. */
4468 run_rt3070_rf_read(sc, 51, &rf);
4470 rf |= (chan <= 14) ? 0x60 : 0x40;
4471 run_rt3070_rf_write(sc, 51, rf);
4472 /* Set tx_lo1_ic. */
4473 run_rt3070_rf_read(sc, 49, &rf);
4475 rf |= (chan <= 14) ? 0x0c : 0x08;
4476 run_rt3070_rf_write(sc, 49, rf);
4477 /* Set tx_lo1_en. */
4478 run_rt3070_rf_read(sc, 50, &rf);
4479 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4481 run_rt3070_rf_read(sc, 57, &rf);
4483 rf |= (chan <= 14) ? 0x6c : 0x3c;
4484 run_rt3070_rf_write(sc, 57, rf);
4485 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4486 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4487 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4488 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4489 /* Enable VCO calibration. */
4490 run_rt3070_rf_read(sc, 3, &rf);
4491 rf &= ~RT5390_VCOCAL;
4492 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4493 run_rt3070_rf_write(sc, 3, rf);
4497 else if (chan <= 64)
4499 else if (chan <= 128)
4503 run_rt3070_rf_write(sc, 39, rf);
4506 else if (chan <= 64)
4508 else if (chan <= 128)
4512 run_rt3070_rf_write(sc, 45, rf);
4514 /* Set FEQ/AEQ control. */
4515 run_bbp_write(sc, 105, 0x34);
4519 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4521 int8_t txpow1, txpow2;
4525 /* find the settings for this channel (we know it exists) */
4526 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4528 /* use Tx power values from EEPROM */
4529 txpow1 = sc->txpow1[i];
4530 txpow2 = sc->txpow2[i];
4532 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4533 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4534 run_rt3070_rf_read(sc, 11, &rf);
4535 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4536 run_rt3070_rf_write(sc, 11, rf);
4538 run_rt3070_rf_read(sc, 49, &rf);
4539 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4540 /* The valid range of the RF R49 is 0x00 to 0x27. */
4541 if ((rf & 0x3f) > 0x27)
4542 rf = (rf & ~0x3f) | 0x27;
4543 run_rt3070_rf_write(sc, 49, rf);
4545 if (sc->mac_ver == 0x5392) {
4546 run_rt3070_rf_read(sc, 50, &rf);
4547 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4548 /* The valid range of the RF R50 is 0x00 to 0x27. */
4549 if ((rf & 0x3f) > 0x27)
4550 rf = (rf & ~0x3f) | 0x27;
4551 run_rt3070_rf_write(sc, 50, rf);
4554 run_rt3070_rf_read(sc, 1, &rf);
4555 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4556 if (sc->mac_ver == 0x5392)
4557 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4558 run_rt3070_rf_write(sc, 1, rf);
4560 if (sc->mac_ver != 0x5392) {
4561 run_rt3070_rf_read(sc, 2, &rf);
4563 run_rt3070_rf_write(sc, 2, rf);
4566 run_rt3070_rf_write(sc, 2, rf);
4569 run_adjust_freq_offset(sc);
4571 if (sc->mac_ver == 0x5392) {
4572 /* Fix for RT5392C. */
4573 if (sc->mac_rev >= 0x0223) {
4576 else if (chan >= 5 && chan <= 7)
4580 run_rt3070_rf_write(sc, 23, rf);
4586 else if (chan >= 6 && chan <= 7)
4588 else if (chan >= 8 && chan <= 10)
4592 run_rt3070_rf_write(sc, 59, rf);
4598 run_rt3070_rf_write(sc, 59, rf);
4601 /* Fix for RT5390F. */
4602 if (sc->mac_rev >= 0x0502) {
4607 run_rt3070_rf_write(sc, 55, rf);
4611 else if (chan == 12)
4615 run_rt3070_rf_write(sc, 59, rf);
4617 run_rt3070_rf_write(sc, 55, 0x44);
4618 run_rt3070_rf_write(sc, 59, 0x8f);
4622 /* Enable VCO calibration. */
4623 run_rt3070_rf_read(sc, 3, &rf);
4624 rf |= RT5390_VCOCAL;
4625 run_rt3070_rf_write(sc, 3, rf);
4629 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4631 const struct rt5592_freqs *freqs;
4633 uint8_t reg, rf, txpow_bound;
4634 int8_t txpow1, txpow2;
4637 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4638 freqs = (tmp & RT5592_SEL_XTAL) ?
4639 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4641 /* find the settings for this channel (we know it exists) */
4642 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4644 /* use Tx power values from EEPROM */
4645 txpow1 = sc->txpow1[i];
4646 txpow2 = sc->txpow2[i];
4648 run_read(sc, RT3070_LDO_CFG0, &tmp);
4652 run_write(sc, RT3070_LDO_CFG0, tmp);
4655 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4656 run_rt3070_rf_read(sc, 9, &rf);
4658 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4659 run_rt3070_rf_write(sc, 9, rf);
4662 run_rt3070_rf_read(sc, 9, &rf);
4664 rf |= (freqs->k & 0x0f);
4665 run_rt3070_rf_write(sc, 9, rf);
4668 run_rt3070_rf_read(sc, 11, &rf);
4670 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4671 run_rt3070_rf_write(sc, 11, rf);
4672 run_rt3070_rf_read(sc, 9, &rf);
4674 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4675 run_rt3070_rf_write(sc, 9, rf);
4678 run_rt3070_rf_read(sc, 11, &rf);
4680 rf |= (freqs->r - 0x1);
4681 run_rt3070_rf_write(sc, 11, rf);
4684 /* Initialize RF registers for 2GHZ. */
4685 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4686 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4687 rt5592_2ghz_def_rf[i].val);
4690 rf = (chan <= 10) ? 0x07 : 0x06;
4691 run_rt3070_rf_write(sc, 23, rf);
4692 run_rt3070_rf_write(sc, 59, rf);
4694 run_rt3070_rf_write(sc, 55, 0x43);
4697 * RF R49/R50 Tx power ALC code.
4698 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4703 /* Initialize RF registers for 5GHZ. */
4704 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4705 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4706 rt5592_5ghz_def_rf[i].val);
4708 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4709 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4710 chan <= rt5592_chan_5ghz[i].lastchan) {
4711 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4712 rt5592_chan_5ghz[i].val);
4717 * RF R49/R50 Tx power ALC code.
4718 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4724 /* RF R49 ch0 Tx power ALC code. */
4725 run_rt3070_rf_read(sc, 49, &rf);
4728 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4729 if ((rf & 0x3f) > txpow_bound)
4730 rf = (rf & ~0x3f) | txpow_bound;
4731 run_rt3070_rf_write(sc, 49, rf);
4733 /* RF R50 ch1 Tx power ALC code. */
4734 run_rt3070_rf_read(sc, 50, &rf);
4735 rf &= ~(1 << 7 | 1 << 6);
4737 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4738 if ((rf & 0x3f) > txpow_bound)
4739 rf = (rf & ~0x3f) | txpow_bound;
4740 run_rt3070_rf_write(sc, 50, rf);
4742 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4743 run_rt3070_rf_read(sc, 1, &rf);
4744 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4745 if (sc->ntxchains > 1)
4746 rf |= RT3070_TX1_PD;
4747 if (sc->nrxchains > 1)
4748 rf |= RT3070_RX1_PD;
4749 run_rt3070_rf_write(sc, 1, rf);
4751 run_rt3070_rf_write(sc, 6, 0xe4);
4753 run_rt3070_rf_write(sc, 30, 0x10);
4754 run_rt3070_rf_write(sc, 31, 0x80);
4755 run_rt3070_rf_write(sc, 32, 0x80);
4757 run_adjust_freq_offset(sc);
4759 /* Enable VCO calibration. */
4760 run_rt3070_rf_read(sc, 3, &rf);
4761 rf |= RT5390_VCOCAL;
4762 run_rt3070_rf_write(sc, 3, rf);
4766 run_set_rx_antenna(struct run_softc *sc, int aux)
4772 if (sc->rf_rev == RT5390_RF_5370) {
4773 run_bbp_read(sc, 152, &bbp152);
4774 run_bbp_write(sc, 152, bbp152 & ~0x80);
4776 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4777 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4778 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4781 if (sc->rf_rev == RT5390_RF_5370) {
4782 run_bbp_read(sc, 152, &bbp152);
4783 run_bbp_write(sc, 152, bbp152 | 0x80);
4785 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4786 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4787 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4793 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4795 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4798 chan = ieee80211_chan2ieee(ic, c);
4799 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4802 if (sc->mac_ver == 0x5592)
4803 run_rt5592_set_chan(sc, chan);
4804 else if (sc->mac_ver >= 0x5390)
4805 run_rt5390_set_chan(sc, chan);
4806 else if (sc->mac_ver == 0x3593)
4807 run_rt3593_set_chan(sc, chan);
4808 else if (sc->mac_ver == 0x3572)
4809 run_rt3572_set_chan(sc, chan);
4810 else if (sc->mac_ver >= 0x3070)
4811 run_rt3070_set_chan(sc, chan);
4813 run_rt2870_set_chan(sc, chan);
4815 /* determine channel group */
4818 else if (chan <= 64)
4820 else if (chan <= 128)
4825 /* XXX necessary only when group has changed! */
4826 run_select_chan_group(sc, group);
4830 /* Perform IQ calibration. */
4831 if (sc->mac_ver >= 0x5392)
4832 run_iq_calib(sc, chan);
4838 run_set_channel(struct ieee80211com *ic)
4840 struct run_softc *sc = ic->ic_ifp->if_softc;
4843 run_set_chan(sc, ic->ic_curchan);
4850 run_scan_start(struct ieee80211com *ic)
4852 struct run_softc *sc = ic->ic_ifp->if_softc;
4857 /* abort TSF synchronization */
4858 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4859 run_write(sc, RT2860_BCN_TIME_CFG,
4860 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4861 RT2860_TBTT_TIMER_EN));
4862 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4870 run_scan_end(struct ieee80211com *ic)
4872 struct run_softc *sc = ic->ic_ifp->if_softc;
4876 run_enable_tsf_sync(sc);
4877 /* XXX keep local copy */
4878 run_set_bssid(sc, sc->sc_bssid);
4886 * Could be called from ieee80211_node_timeout()
4887 * (non-sleepable thread)
4890 run_update_beacon(struct ieee80211vap *vap, int item)
4892 struct ieee80211com *ic = vap->iv_ic;
4893 struct run_softc *sc = ic->ic_ifp->if_softc;
4894 struct run_vap *rvp = RUN_VAP(vap);
4898 KASSERT(vap != NULL, ("no beacon"));
4901 case IEEE80211_BEACON_ERP:
4902 run_updateslot(ic->ic_ifp);
4904 case IEEE80211_BEACON_HTINFO:
4907 case IEEE80211_BEACON_TIM:
4914 setbit(rvp->bo.bo_flags, item);
4915 if (rvp->beacon_mbuf == NULL) {
4916 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4918 if (rvp->beacon_mbuf == NULL)
4921 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4923 i = RUN_CMDQ_GET(&sc->cmdq_store);
4924 DPRINTF("cmdq_store=%d\n", i);
4925 sc->cmdq[i].func = run_update_beacon_cb;
4926 sc->cmdq[i].arg0 = vap;
4927 ieee80211_runtask(ic, &sc->cmdq_task);
4933 run_update_beacon_cb(void *arg)
4935 struct ieee80211vap *vap = arg;
4936 struct run_vap *rvp = RUN_VAP(vap);
4937 struct ieee80211com *ic = vap->iv_ic;
4938 struct run_softc *sc = ic->ic_ifp->if_softc;
4939 struct rt2860_txwi txwi;
4944 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4946 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4950 * No need to call ieee80211_beacon_update(), run_update_beacon()
4951 * is taking care of apropriate calls.
4953 if (rvp->beacon_mbuf == NULL) {
4954 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4956 if (rvp->beacon_mbuf == NULL)
4959 m = rvp->beacon_mbuf;
4961 memset(&txwi, 0, sizeof(txwi));
4963 txwi.len = htole16(m->m_pkthdr.len);
4965 /* send beacons at the lowest available rate */
4966 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4967 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4968 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4969 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4970 txwi.phy |= htole16(RT2860_PHY_OFDM);
4971 txwi.txop = RT2860_TX_TXOP_HT;
4972 txwi.flags = RT2860_TX_TS;
4973 txwi.xflags = RT2860_TX_NSEQ;
4975 txwisize = (sc->mac_ver == 0x5592) ?
4976 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4977 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4979 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4980 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4984 run_updateprot(struct ieee80211com *ic)
4986 struct run_softc *sc = ic->ic_ifp->if_softc;
4989 i = RUN_CMDQ_GET(&sc->cmdq_store);
4990 DPRINTF("cmdq_store=%d\n", i);
4991 sc->cmdq[i].func = run_updateprot_cb;
4992 sc->cmdq[i].arg0 = ic;
4993 ieee80211_runtask(ic, &sc->cmdq_task);
4997 run_updateprot_cb(void *arg)
4999 struct ieee80211com *ic = arg;
5000 struct run_softc *sc = ic->ic_ifp->if_softc;
5003 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5004 /* setup protection frame rate (MCS code) */
5005 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5006 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5007 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5009 /* CCK frames don't require protection */
5010 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5011 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5012 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5013 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5014 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5015 tmp |= RT2860_PROT_CTRL_CTS;
5017 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5021 run_usb_timeout_cb(void *arg)
5023 struct ieee80211vap *vap = arg;
5024 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5026 RUN_LOCK_ASSERT(sc, MA_OWNED);
5028 if(vap->iv_state == IEEE80211_S_RUN &&
5029 vap->iv_opmode != IEEE80211_M_STA)
5030 run_reset_livelock(sc);
5031 else if (vap->iv_state == IEEE80211_S_SCAN) {
5032 DPRINTF("timeout caused by scan\n");
5034 ieee80211_cancel_scan(vap);
5036 DPRINTF("timeout by unknown cause\n");
5040 run_reset_livelock(struct run_softc *sc)
5044 RUN_LOCK_ASSERT(sc, MA_OWNED);
5047 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5048 * can run into a livelock and start sending CTS-to-self frames like
5049 * crazy if protection is enabled. Reset MAC/BBP for a while
5051 run_read(sc, RT2860_DEBUG, &tmp);
5052 DPRINTFN(3, "debug reg %08x\n", tmp);
5053 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5054 DPRINTF("CTS-to-self livelock detected\n");
5055 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5057 run_write(sc, RT2860_MAC_SYS_CTRL,
5058 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5063 run_update_promisc_locked(struct ifnet *ifp)
5065 struct run_softc *sc = ifp->if_softc;
5068 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5070 tmp |= RT2860_DROP_UC_NOME;
5071 if (ifp->if_flags & IFF_PROMISC)
5072 tmp &= ~RT2860_DROP_UC_NOME;
5074 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5076 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5077 "entering" : "leaving");
5081 run_update_promisc(struct ifnet *ifp)
5083 struct run_softc *sc = ifp->if_softc;
5085 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5089 run_update_promisc_locked(ifp);
5094 run_enable_tsf_sync(struct run_softc *sc)
5096 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5097 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5100 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5103 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5105 tmp |= vap->iv_bss->ni_intval * 16;
5106 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5108 if (ic->ic_opmode == IEEE80211_M_STA) {
5110 * Local TSF is always updated with remote TSF on beacon
5113 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5114 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5115 tmp |= RT2860_BCN_TX_EN;
5117 * Local TSF is updated with remote TSF on beacon reception
5118 * only if the remote TSF is greater than local TSF.
5120 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5121 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5122 ic->ic_opmode == IEEE80211_M_MBSS) {
5123 tmp |= RT2860_BCN_TX_EN;
5124 /* SYNC with nobody */
5125 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5127 DPRINTF("Enabling TSF failed. undefined opmode\n");
5131 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5135 run_enable_mrr(struct run_softc *sc)
5137 #define CCK(mcs) (mcs)
5138 #define OFDM(mcs) (1 << 3 | (mcs))
5139 run_write(sc, RT2860_LG_FBK_CFG0,
5140 OFDM(6) << 28 | /* 54->48 */
5141 OFDM(5) << 24 | /* 48->36 */
5142 OFDM(4) << 20 | /* 36->24 */
5143 OFDM(3) << 16 | /* 24->18 */
5144 OFDM(2) << 12 | /* 18->12 */
5145 OFDM(1) << 8 | /* 12-> 9 */
5146 OFDM(0) << 4 | /* 9-> 6 */
5147 OFDM(0)); /* 6-> 6 */
5149 run_write(sc, RT2860_LG_FBK_CFG1,
5150 CCK(2) << 12 | /* 11->5.5 */
5151 CCK(1) << 8 | /* 5.5-> 2 */
5152 CCK(0) << 4 | /* 2-> 1 */
5153 CCK(0)); /* 1-> 1 */
5159 run_set_txpreamble(struct run_softc *sc)
5161 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5164 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5165 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5166 tmp |= RT2860_CCK_SHORT_EN;
5168 tmp &= ~RT2860_CCK_SHORT_EN;
5169 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5173 run_set_basicrates(struct run_softc *sc)
5175 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5177 /* set basic rates mask */
5178 if (ic->ic_curmode == IEEE80211_MODE_11B)
5179 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5180 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5181 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5183 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5187 run_set_leds(struct run_softc *sc, uint16_t which)
5189 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5190 which | (sc->leds & 0x7f));
5194 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5196 run_write(sc, RT2860_MAC_BSSID_DW0,
5197 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5198 run_write(sc, RT2860_MAC_BSSID_DW1,
5199 bssid[4] | bssid[5] << 8);
5203 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5205 run_write(sc, RT2860_MAC_ADDR_DW0,
5206 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5207 run_write(sc, RT2860_MAC_ADDR_DW1,
5208 addr[4] | addr[5] << 8 | 0xff << 16);
5212 run_updateslot(struct ifnet *ifp)
5214 struct run_softc *sc = ifp->if_softc;
5215 struct ieee80211com *ic = ifp->if_l2com;
5218 i = RUN_CMDQ_GET(&sc->cmdq_store);
5219 DPRINTF("cmdq_store=%d\n", i);
5220 sc->cmdq[i].func = run_updateslot_cb;
5221 sc->cmdq[i].arg0 = ifp;
5222 ieee80211_runtask(ic, &sc->cmdq_task);
5229 run_updateslot_cb(void *arg)
5231 struct ifnet *ifp = arg;
5232 struct run_softc *sc = ifp->if_softc;
5233 struct ieee80211com *ic = ifp->if_l2com;
5236 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5238 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5239 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5243 run_update_mcast(struct ifnet *ifp)
5245 /* h/w filter supports getting everything or nothing */
5246 ifp->if_flags |= IFF_ALLMULTI;
5250 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5252 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5253 struct ieee80211_channel *c = ic->ic_curchan;
5256 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5257 u_int chan = ieee80211_chan2ieee(ic, c);
5258 delta = sc->rssi_5ghz[rxchain];
5260 /* determine channel group */
5262 delta -= sc->lna[1];
5263 else if (chan <= 128)
5264 delta -= sc->lna[2];
5266 delta -= sc->lna[3];
5268 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5270 return (-12 - delta - rssi);
5274 run_rt5390_bbp_init(struct run_softc *sc)
5279 /* Apply maximum likelihood detection for 2 stream case. */
5280 run_bbp_read(sc, 105, &bbp);
5281 if (sc->nrxchains > 1)
5282 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5284 /* Avoid data lost and CRC error. */
5285 run_bbp_read(sc, 4, &bbp);
5286 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5288 if (sc->mac_ver == 0x5592) {
5289 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5290 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5291 rt5592_def_bbp[i].val);
5293 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5294 run_bbp_write(sc, 195, i + 0x80);
5295 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5298 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5299 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5300 rt5390_def_bbp[i].val);
5303 if (sc->mac_ver == 0x5392) {
5304 run_bbp_write(sc, 88, 0x90);
5305 run_bbp_write(sc, 95, 0x9a);
5306 run_bbp_write(sc, 98, 0x12);
5307 run_bbp_write(sc, 106, 0x12);
5308 run_bbp_write(sc, 134, 0xd0);
5309 run_bbp_write(sc, 135, 0xf6);
5310 run_bbp_write(sc, 148, 0x84);
5313 run_bbp_read(sc, 152, &bbp);
5314 run_bbp_write(sc, 152, bbp | 0x80);
5316 /* Fix BBP254 for RT5592C. */
5317 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5318 run_bbp_read(sc, 254, &bbp);
5319 run_bbp_write(sc, 254, bbp | 0x80);
5322 /* Disable hardware antenna diversity. */
5323 if (sc->mac_ver == 0x5390)
5324 run_bbp_write(sc, 154, 0);
5326 /* Initialize Rx CCK/OFDM frequency offset report. */
5327 run_bbp_write(sc, 142, 1);
5328 run_bbp_write(sc, 143, 57);
5332 run_bbp_init(struct run_softc *sc)
5334 int i, error, ntries;
5337 /* wait for BBP to wake up */
5338 for (ntries = 0; ntries < 20; ntries++) {
5339 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5341 if (bbp0 != 0 && bbp0 != 0xff)
5347 /* initialize BBP registers to default values */
5348 if (sc->mac_ver >= 0x5390)
5349 run_rt5390_bbp_init(sc);
5351 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5352 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5353 rt2860_def_bbp[i].val);
5357 if (sc->mac_ver == 0x3593) {
5358 run_bbp_write(sc, 79, 0x13);
5359 run_bbp_write(sc, 80, 0x05);
5360 run_bbp_write(sc, 81, 0x33);
5361 run_bbp_write(sc, 86, 0x46);
5362 run_bbp_write(sc, 137, 0x0f);
5365 /* fix BBP84 for RT2860E */
5366 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5367 run_bbp_write(sc, 84, 0x19);
5369 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5370 sc->mac_ver != 0x5592)) {
5371 run_bbp_write(sc, 79, 0x13);
5372 run_bbp_write(sc, 80, 0x05);
5373 run_bbp_write(sc, 81, 0x33);
5374 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5375 run_bbp_write(sc, 69, 0x16);
5376 run_bbp_write(sc, 73, 0x12);
5382 run_rt3070_rf_init(struct run_softc *sc)
5385 uint8_t bbp4, mingain, rf, target;
5388 run_rt3070_rf_read(sc, 30, &rf);
5389 /* toggle RF R30 bit 7 */
5390 run_rt3070_rf_write(sc, 30, rf | 0x80);
5392 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5394 /* initialize RF registers to default value */
5395 if (sc->mac_ver == 0x3572) {
5396 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5397 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5398 rt3572_def_rf[i].val);
5401 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5402 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5403 rt3070_def_rf[i].val);
5407 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5409 * Change voltage from 1.2V to 1.35V for RT3070.
5410 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5413 run_read(sc, RT3070_LDO_CFG0, &tmp);
5414 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5415 run_write(sc, RT3070_LDO_CFG0, tmp);
5417 } else if (sc->mac_ver == 0x3071) {
5418 run_rt3070_rf_read(sc, 6, &rf);
5419 run_rt3070_rf_write(sc, 6, rf | 0x40);
5420 run_rt3070_rf_write(sc, 31, 0x14);
5422 run_read(sc, RT3070_LDO_CFG0, &tmp);
5424 if (sc->mac_rev < 0x0211)
5425 tmp |= 0x0d000000; /* 1.3V */
5427 tmp |= 0x01000000; /* 1.2V */
5428 run_write(sc, RT3070_LDO_CFG0, tmp);
5430 /* patch LNA_PE_G1 */
5431 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5432 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5434 } else if (sc->mac_ver == 0x3572) {
5435 run_rt3070_rf_read(sc, 6, &rf);
5436 run_rt3070_rf_write(sc, 6, rf | 0x40);
5438 /* increase voltage from 1.2V to 1.35V */
5439 run_read(sc, RT3070_LDO_CFG0, &tmp);
5440 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5441 run_write(sc, RT3070_LDO_CFG0, tmp);
5443 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5444 run_delay(sc, 1); /* wait for 1msec */
5445 /* decrease voltage back to 1.2V */
5446 tmp = (tmp & ~0x1f000000) | 0x01000000;
5447 run_write(sc, RT3070_LDO_CFG0, tmp);
5451 /* select 20MHz bandwidth */
5452 run_rt3070_rf_read(sc, 31, &rf);
5453 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5455 /* calibrate filter for 20MHz bandwidth */
5456 sc->rf24_20mhz = 0x1f; /* default value */
5457 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5458 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5460 /* select 40MHz bandwidth */
5461 run_bbp_read(sc, 4, &bbp4);
5462 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5463 run_rt3070_rf_read(sc, 31, &rf);
5464 run_rt3070_rf_write(sc, 31, rf | 0x20);
5466 /* calibrate filter for 40MHz bandwidth */
5467 sc->rf24_40mhz = 0x2f; /* default value */
5468 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5469 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5471 /* go back to 20MHz bandwidth */
5472 run_bbp_read(sc, 4, &bbp4);
5473 run_bbp_write(sc, 4, bbp4 & ~0x18);
5475 if (sc->mac_ver == 0x3572) {
5476 /* save default BBP registers 25 and 26 values */
5477 run_bbp_read(sc, 25, &sc->bbp25);
5478 run_bbp_read(sc, 26, &sc->bbp26);
5479 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5480 run_rt3070_rf_write(sc, 27, 0x03);
5482 run_read(sc, RT3070_OPT_14, &tmp);
5483 run_write(sc, RT3070_OPT_14, tmp | 1);
5485 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5486 run_rt3070_rf_read(sc, 17, &rf);
5487 rf &= ~RT3070_TX_LO1;
5488 if ((sc->mac_ver == 0x3070 ||
5489 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5491 rf |= 0x20; /* fix for long range Rx issue */
5492 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5493 if (sc->txmixgain_2ghz >= mingain)
5494 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5495 run_rt3070_rf_write(sc, 17, rf);
5498 if (sc->mac_ver == 0x3071) {
5499 run_rt3070_rf_read(sc, 1, &rf);
5500 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5501 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5502 run_rt3070_rf_write(sc, 1, rf);
5504 run_rt3070_rf_read(sc, 15, &rf);
5505 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5507 run_rt3070_rf_read(sc, 20, &rf);
5508 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5510 run_rt3070_rf_read(sc, 21, &rf);
5511 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5514 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5515 /* fix Tx to Rx IQ glitch by raising RF voltage */
5516 run_rt3070_rf_read(sc, 27, &rf);
5518 if (sc->mac_rev < 0x0211)
5520 run_rt3070_rf_write(sc, 27, rf);
5526 run_rt3593_rf_init(struct run_softc *sc)
5532 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5533 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5534 tmp &= ~(1 << 4 | 1 << 7);
5535 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5537 /* Initialize RF registers to default value. */
5538 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5539 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5540 rt3593_def_rf[i].val);
5543 /* Toggle RF R2 to initiate calibration. */
5544 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5546 /* Initialize RF frequency offset. */
5547 run_adjust_freq_offset(sc);
5549 run_rt3070_rf_read(sc, 18, &rf);
5550 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5553 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5554 * decrease voltage back to 1.2V.
5556 run_read(sc, RT3070_LDO_CFG0, &tmp);
5557 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5558 run_write(sc, RT3070_LDO_CFG0, tmp);
5560 tmp = (tmp & ~0x1f000000) | 0x01000000;
5561 run_write(sc, RT3070_LDO_CFG0, tmp);
5563 sc->rf24_20mhz = 0x1f;
5564 sc->rf24_40mhz = 0x2f;
5566 /* Save default BBP registers 25 and 26 values. */
5567 run_bbp_read(sc, 25, &sc->bbp25);
5568 run_bbp_read(sc, 26, &sc->bbp26);
5570 run_read(sc, RT3070_OPT_14, &tmp);
5571 run_write(sc, RT3070_OPT_14, tmp | 1);
5575 run_rt5390_rf_init(struct run_softc *sc)
5581 /* Toggle RF R2 to initiate calibration. */
5582 if (sc->mac_ver == 0x5390) {
5583 run_rt3070_rf_read(sc, 2, &rf);
5584 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5586 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5588 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5592 /* Initialize RF registers to default value. */
5593 if (sc->mac_ver == 0x5592) {
5594 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5595 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5596 rt5592_def_rf[i].val);
5598 /* Initialize RF frequency offset. */
5599 run_adjust_freq_offset(sc);
5600 } else if (sc->mac_ver == 0x5392) {
5601 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5602 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5603 rt5392_def_rf[i].val);
5605 if (sc->mac_rev >= 0x0223) {
5606 run_rt3070_rf_write(sc, 23, 0x0f);
5607 run_rt3070_rf_write(sc, 24, 0x3e);
5608 run_rt3070_rf_write(sc, 51, 0x32);
5609 run_rt3070_rf_write(sc, 53, 0x22);
5610 run_rt3070_rf_write(sc, 56, 0xc1);
5611 run_rt3070_rf_write(sc, 59, 0x0f);
5614 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5615 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5616 rt5390_def_rf[i].val);
5618 if (sc->mac_rev >= 0x0502) {
5619 run_rt3070_rf_write(sc, 6, 0xe0);
5620 run_rt3070_rf_write(sc, 25, 0x80);
5621 run_rt3070_rf_write(sc, 46, 0x73);
5622 run_rt3070_rf_write(sc, 53, 0x00);
5623 run_rt3070_rf_write(sc, 56, 0x42);
5624 run_rt3070_rf_write(sc, 61, 0xd1);
5628 sc->rf24_20mhz = 0x1f; /* default value */
5629 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5631 if (sc->mac_rev < 0x0211)
5632 run_rt3070_rf_write(sc, 27, 0x3);
5634 run_read(sc, RT3070_OPT_14, &tmp);
5635 run_write(sc, RT3070_OPT_14, tmp | 1);
5639 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5643 uint8_t bbp55_pb, bbp55_sb, delta;
5646 /* program filter */
5647 run_rt3070_rf_read(sc, 24, &rf24);
5648 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5649 run_rt3070_rf_write(sc, 24, rf24);
5651 /* enable baseband loopback mode */
5652 run_rt3070_rf_read(sc, 22, &rf22);
5653 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5655 /* set power and frequency of passband test tone */
5656 run_bbp_write(sc, 24, 0x00);
5657 for (ntries = 0; ntries < 100; ntries++) {
5658 /* transmit test tone */
5659 run_bbp_write(sc, 25, 0x90);
5661 /* read received power */
5662 run_bbp_read(sc, 55, &bbp55_pb);
5669 /* set power and frequency of stopband test tone */
5670 run_bbp_write(sc, 24, 0x06);
5671 for (ntries = 0; ntries < 100; ntries++) {
5672 /* transmit test tone */
5673 run_bbp_write(sc, 25, 0x90);
5675 /* read received power */
5676 run_bbp_read(sc, 55, &bbp55_sb);
5678 delta = bbp55_pb - bbp55_sb;
5682 /* reprogram filter */
5684 run_rt3070_rf_write(sc, 24, rf24);
5688 rf24--; /* backtrack */
5690 run_rt3070_rf_write(sc, 24, rf24);
5693 /* restore initial state */
5694 run_bbp_write(sc, 24, 0x00);
5696 /* disable baseband loopback mode */
5697 run_rt3070_rf_read(sc, 22, &rf22);
5698 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5704 run_rt3070_rf_setup(struct run_softc *sc)
5709 if (sc->mac_ver == 0x3572) {
5710 /* enable DC filter */
5711 if (sc->mac_rev >= 0x0201)
5712 run_bbp_write(sc, 103, 0xc0);
5714 run_bbp_read(sc, 138, &bbp);
5715 if (sc->ntxchains == 1)
5716 bbp |= 0x20; /* turn off DAC1 */
5717 if (sc->nrxchains == 1)
5718 bbp &= ~0x02; /* turn off ADC1 */
5719 run_bbp_write(sc, 138, bbp);
5721 if (sc->mac_rev >= 0x0211) {
5722 /* improve power consumption */
5723 run_bbp_read(sc, 31, &bbp);
5724 run_bbp_write(sc, 31, bbp & ~0x03);
5727 run_rt3070_rf_read(sc, 16, &rf);
5728 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5729 run_rt3070_rf_write(sc, 16, rf);
5731 } else if (sc->mac_ver == 0x3071) {
5732 if (sc->mac_rev >= 0x0211) {
5733 /* enable DC filter */
5734 run_bbp_write(sc, 103, 0xc0);
5736 /* improve power consumption */
5737 run_bbp_read(sc, 31, &bbp);
5738 run_bbp_write(sc, 31, bbp & ~0x03);
5741 run_bbp_read(sc, 138, &bbp);
5742 if (sc->ntxchains == 1)
5743 bbp |= 0x20; /* turn off DAC1 */
5744 if (sc->nrxchains == 1)
5745 bbp &= ~0x02; /* turn off ADC1 */
5746 run_bbp_write(sc, 138, bbp);
5748 run_write(sc, RT2860_TX_SW_CFG1, 0);
5749 if (sc->mac_rev < 0x0211) {
5750 run_write(sc, RT2860_TX_SW_CFG2,
5751 sc->patch_dac ? 0x2c : 0x0f);
5753 run_write(sc, RT2860_TX_SW_CFG2, 0);
5755 } else if (sc->mac_ver == 0x3070) {
5756 if (sc->mac_rev >= 0x0201) {
5757 /* enable DC filter */
5758 run_bbp_write(sc, 103, 0xc0);
5760 /* improve power consumption */
5761 run_bbp_read(sc, 31, &bbp);
5762 run_bbp_write(sc, 31, bbp & ~0x03);
5765 if (sc->mac_rev < 0x0201) {
5766 run_write(sc, RT2860_TX_SW_CFG1, 0);
5767 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5769 run_write(sc, RT2860_TX_SW_CFG2, 0);
5772 /* initialize RF registers from ROM for >=RT3071*/
5773 if (sc->mac_ver >= 0x3071) {
5774 for (i = 0; i < 10; i++) {
5775 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5777 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5783 run_rt3593_rf_setup(struct run_softc *sc)
5787 if (sc->mac_rev >= 0x0211) {
5788 /* Enable DC filter. */
5789 run_bbp_write(sc, 103, 0xc0);
5791 run_write(sc, RT2860_TX_SW_CFG1, 0);
5792 if (sc->mac_rev < 0x0211) {
5793 run_write(sc, RT2860_TX_SW_CFG2,
5794 sc->patch_dac ? 0x2c : 0x0f);
5796 run_write(sc, RT2860_TX_SW_CFG2, 0);
5798 run_rt3070_rf_read(sc, 50, &rf);
5799 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5801 run_rt3070_rf_read(sc, 51, &rf);
5802 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5803 ((sc->txmixgain_2ghz & 0x07) << 2);
5804 run_rt3070_rf_write(sc, 51, rf);
5806 run_rt3070_rf_read(sc, 38, &rf);
5807 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5809 run_rt3070_rf_read(sc, 39, &rf);
5810 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5812 run_rt3070_rf_read(sc, 1, &rf);
5813 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5815 run_rt3070_rf_read(sc, 30, &rf);
5816 rf = (rf & ~0x18) | 0x10;
5817 run_rt3070_rf_write(sc, 30, rf);
5819 /* Apply maximum likelihood detection for 2 stream case. */
5820 run_bbp_read(sc, 105, &bbp);
5821 if (sc->nrxchains > 1)
5822 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5824 /* Avoid data lost and CRC error. */
5825 run_bbp_read(sc, 4, &bbp);
5826 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5828 run_bbp_write(sc, 92, 0x02);
5829 run_bbp_write(sc, 82, 0x82);
5830 run_bbp_write(sc, 106, 0x05);
5831 run_bbp_write(sc, 104, 0x92);
5832 run_bbp_write(sc, 88, 0x90);
5833 run_bbp_write(sc, 148, 0xc8);
5834 run_bbp_write(sc, 47, 0x48);
5835 run_bbp_write(sc, 120, 0x50);
5837 run_bbp_write(sc, 163, 0x9d);
5840 run_bbp_write(sc, 142, 0x06);
5841 run_bbp_write(sc, 143, 0xa0);
5842 run_bbp_write(sc, 142, 0x07);
5843 run_bbp_write(sc, 143, 0xa1);
5844 run_bbp_write(sc, 142, 0x08);
5845 run_bbp_write(sc, 143, 0xa2);
5847 run_bbp_write(sc, 31, 0x08);
5848 run_bbp_write(sc, 68, 0x0b);
5849 run_bbp_write(sc, 105, 0x04);
5853 run_rt5390_rf_setup(struct run_softc *sc)
5857 if (sc->mac_rev >= 0x0211) {
5858 /* Enable DC filter. */
5859 run_bbp_write(sc, 103, 0xc0);
5861 if (sc->mac_ver != 0x5592) {
5862 /* Improve power consumption. */
5863 run_bbp_read(sc, 31, &bbp);
5864 run_bbp_write(sc, 31, bbp & ~0x03);
5868 run_bbp_read(sc, 138, &bbp);
5869 if (sc->ntxchains == 1)
5870 bbp |= 0x20; /* turn off DAC1 */
5871 if (sc->nrxchains == 1)
5872 bbp &= ~0x02; /* turn off ADC1 */
5873 run_bbp_write(sc, 138, bbp);
5875 run_rt3070_rf_read(sc, 38, &rf);
5876 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5878 run_rt3070_rf_read(sc, 39, &rf);
5879 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5881 /* Avoid data lost and CRC error. */
5882 run_bbp_read(sc, 4, &bbp);
5883 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5885 run_rt3070_rf_read(sc, 30, &rf);
5886 rf = (rf & ~0x18) | 0x10;
5887 run_rt3070_rf_write(sc, 30, rf);
5889 if (sc->mac_ver != 0x5592) {
5890 run_write(sc, RT2860_TX_SW_CFG1, 0);
5891 if (sc->mac_rev < 0x0211) {
5892 run_write(sc, RT2860_TX_SW_CFG2,
5893 sc->patch_dac ? 0x2c : 0x0f);
5895 run_write(sc, RT2860_TX_SW_CFG2, 0);
5900 run_txrx_enable(struct run_softc *sc)
5902 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5906 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5907 for (ntries = 0; ntries < 200; ntries++) {
5908 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5910 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5919 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5920 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5922 /* enable Rx bulk aggregation (set timeout and limit) */
5923 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5924 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5925 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5928 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5929 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5930 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5931 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5932 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5933 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5934 if (ic->ic_opmode == IEEE80211_M_STA)
5935 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5937 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5939 run_write(sc, RT2860_MAC_SYS_CTRL,
5940 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5946 run_adjust_freq_offset(struct run_softc *sc)
5950 run_rt3070_rf_read(sc, 17, &rf);
5952 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5956 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5960 run_init_locked(struct run_softc *sc)
5962 struct ifnet *ifp = sc->sc_ifp;
5963 struct ieee80211com *ic = ifp->if_l2com;
5970 if (ic->ic_nrunning > 1)
5975 if (run_load_microcode(sc) != 0) {
5976 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5980 for (ntries = 0; ntries < 100; ntries++) {
5981 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5983 if (tmp != 0 && tmp != 0xffffffff)
5990 for (i = 0; i != RUN_EP_QUEUES; i++)
5991 run_setup_tx_list(sc, &sc->sc_epq[i]);
5993 run_set_macaddr(sc, IF_LLADDR(ifp));
5995 for (ntries = 0; ntries < 100; ntries++) {
5996 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
5998 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6002 if (ntries == 100) {
6003 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6007 tmp |= RT2860_TX_WB_DDONE;
6008 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6010 /* turn off PME_OEN to solve high-current issue */
6011 run_read(sc, RT2860_SYS_CTRL, &tmp);
6012 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6014 run_write(sc, RT2860_MAC_SYS_CTRL,
6015 RT2860_BBP_HRST | RT2860_MAC_SRST);
6016 run_write(sc, RT2860_USB_DMA_CFG, 0);
6018 if (run_reset(sc) != 0) {
6019 device_printf(sc->sc_dev, "could not reset chipset\n");
6023 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6025 /* init Tx power for all Tx rates (from EEPROM) */
6026 for (ridx = 0; ridx < 5; ridx++) {
6027 if (sc->txpow20mhz[ridx] == 0xffffffff)
6029 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6032 for (i = 0; i < nitems(rt2870_def_mac); i++)
6033 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6034 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6035 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6036 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6038 if (sc->mac_ver >= 0x5390) {
6039 run_write(sc, RT2860_TX_SW_CFG0,
6040 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6041 if (sc->mac_ver >= 0x5392) {
6042 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6043 if (sc->mac_ver == 0x5592) {
6044 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6045 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6047 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6048 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6051 } else if (sc->mac_ver == 0x3593) {
6052 run_write(sc, RT2860_TX_SW_CFG0,
6053 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6054 } else if (sc->mac_ver >= 0x3070) {
6055 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6056 run_write(sc, RT2860_TX_SW_CFG0,
6057 4 << RT2860_DLY_PAPE_EN_SHIFT);
6060 /* wait while MAC is busy */
6061 for (ntries = 0; ntries < 100; ntries++) {
6062 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6064 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6071 /* clear Host to MCU mailbox */
6072 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6073 run_write(sc, RT2860_H2M_MAILBOX, 0);
6076 if (run_bbp_init(sc) != 0) {
6077 device_printf(sc->sc_dev, "could not initialize BBP\n");
6081 /* abort TSF synchronization */
6082 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6083 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6084 RT2860_TBTT_TIMER_EN);
6085 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6087 /* clear RX WCID search table */
6088 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6089 /* clear WCID attribute table */
6090 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6092 /* hostapd sets a key before init. So, don't clear it. */
6093 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6094 /* clear shared key table */
6095 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6096 /* clear shared key mode */
6097 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6100 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6101 tmp = (tmp & ~0xff) | 0x1e;
6102 run_write(sc, RT2860_US_CYC_CNT, tmp);
6104 if (sc->mac_rev != 0x0101)
6105 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6107 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6108 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6110 /* write vendor-specific BBP values (from EEPROM) */
6111 if (sc->mac_ver < 0x3593) {
6112 for (i = 0; i < 10; i++) {
6113 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6115 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6119 /* select Main antenna for 1T1R devices */
6120 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6121 run_set_rx_antenna(sc, 0);
6123 /* send LEDs operating mode to microcontroller */
6124 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6125 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6126 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6128 if (sc->mac_ver >= 0x5390)
6129 run_rt5390_rf_init(sc);
6130 else if (sc->mac_ver == 0x3593)
6131 run_rt3593_rf_init(sc);
6132 else if (sc->mac_ver >= 0x3070)
6133 run_rt3070_rf_init(sc);
6135 /* disable non-existing Rx chains */
6136 run_bbp_read(sc, 3, &bbp3);
6137 bbp3 &= ~(1 << 3 | 1 << 4);
6138 if (sc->nrxchains == 2)
6140 else if (sc->nrxchains == 3)
6142 run_bbp_write(sc, 3, bbp3);
6144 /* disable non-existing Tx chains */
6145 run_bbp_read(sc, 1, &bbp1);
6146 if (sc->ntxchains == 1)
6147 bbp1 &= ~(1 << 3 | 1 << 4);
6148 run_bbp_write(sc, 1, bbp1);
6150 if (sc->mac_ver >= 0x5390)
6151 run_rt5390_rf_setup(sc);
6152 else if (sc->mac_ver == 0x3593)
6153 run_rt3593_rf_setup(sc);
6154 else if (sc->mac_ver >= 0x3070)
6155 run_rt3070_rf_setup(sc);
6157 /* select default channel */
6158 run_set_chan(sc, ic->ic_curchan);
6160 /* setup initial protection mode */
6161 run_updateprot_cb(ic);
6163 /* turn radio LED on */
6164 run_set_leds(sc, RT2860_LED_RADIO);
6166 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6167 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6168 sc->cmdq_run = RUN_CMDQ_GO;
6170 for (i = 0; i != RUN_N_XFER; i++)
6171 usbd_xfer_set_stall(sc->sc_xfer[i]);
6173 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6175 if (run_txrx_enable(sc) != 0)
6187 struct run_softc *sc = arg;
6188 struct ifnet *ifp = sc->sc_ifp;
6189 struct ieee80211com *ic = ifp->if_l2com;
6192 run_init_locked(sc);
6195 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6196 ieee80211_start_all(ic);
6202 struct run_softc *sc = (struct run_softc *)arg;
6203 struct ifnet *ifp = sc->sc_ifp;
6208 RUN_LOCK_ASSERT(sc, MA_OWNED);
6210 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6211 run_set_leds(sc, 0); /* turn all LEDs off */
6213 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6215 sc->ratectl_run = RUN_RATECTL_OFF;
6216 sc->cmdq_run = sc->cmdq_key_set;
6220 for(i = 0; i < RUN_N_XFER; i++)
6221 usbd_transfer_drain(sc->sc_xfer[i]);
6225 if (sc->rx_m != NULL) {
6230 /* Disable Tx/Rx DMA. */
6231 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6233 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6234 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6236 for (ntries = 0; ntries < 100; ntries++) {
6237 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6239 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6243 if (ntries == 100) {
6244 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6249 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6250 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6251 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6253 /* wait for pending Tx to complete */
6254 for (ntries = 0; ntries < 100; ntries++) {
6255 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6256 DPRINTF("Cannot read Tx queue count\n");
6259 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6260 DPRINTF("All Tx cleared\n");
6266 DPRINTF("There are still pending Tx\n");
6268 run_write(sc, RT2860_USB_DMA_CFG, 0);
6270 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6271 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6273 for (i = 0; i != RUN_EP_QUEUES; i++)
6274 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6278 run_delay(struct run_softc *sc, u_int ms)
6280 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6281 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6284 static device_method_t run_methods[] = {
6285 /* Device interface */
6286 DEVMETHOD(device_probe, run_match),
6287 DEVMETHOD(device_attach, run_attach),
6288 DEVMETHOD(device_detach, run_detach),
6292 static driver_t run_driver = {
6294 .methods = run_methods,
6295 .size = sizeof(struct run_softc)
6298 static devclass_t run_devclass;
6300 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6301 MODULE_DEPEND(run, wlan, 1, 1, 1);
6302 MODULE_DEPEND(run, usb, 1, 1, 1);
6303 MODULE_DEPEND(run, firmware, 1, 1, 1);
6304 MODULE_VERSION(run, 1);
projects / FreeBSD / releng / 10.2.git / blob