2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
28 #include <sys/param.h>
29 #include <sys/sockio.h>
30 #include <sys/sysctl.h>
32 #include <sys/mutex.h>
34 #include <sys/kernel.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
40 #include <sys/endian.h>
41 #include <sys/linker.h>
42 #include <sys/firmware.h>
47 #include <net/if_arp.h>
48 #include <net/ethernet.h>
49 #include <net/if_dl.h>
50 #include <net/if_media.h>
51 #include <net/if_types.h>
53 #include <netinet/in.h>
54 #include <netinet/in_systm.h>
55 #include <netinet/in_var.h>
56 #include <netinet/if_ether.h>
57 #include <netinet/ip.h>
59 #include <net80211/ieee80211_var.h>
60 #include <net80211/ieee80211_regdomain.h>
61 #include <net80211/ieee80211_radiotap.h>
62 #include <net80211/ieee80211_ratectl.h>
64 #include <dev/usb/usb.h>
65 #include <dev/usb/usbdi.h>
68 #define USB_DEBUG_VAR run_debug
69 #include <dev/usb/usb_debug.h>
70 #include <dev/usb/usb_msctest.h>
72 #include <dev/usb/wlan/if_runreg.h>
73 #include <dev/usb/wlan/if_runvar.h>
81 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
82 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
86 #define IEEE80211_HAS_ADDR4(wh) \
87 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
90 * Because of LOR in run_key_delete(), use atomic instead.
91 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
93 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
95 static const STRUCT_USB_HOST_ID run_devs[] = {
96 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
97 #define RUN_DEV_EJECT(v,p) \
98 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
100 RUN_DEV(ABOCOM, RT2770),
101 RUN_DEV(ABOCOM, RT2870),
102 RUN_DEV(ABOCOM, RT3070),
103 RUN_DEV(ABOCOM, RT3071),
104 RUN_DEV(ABOCOM, RT3072),
105 RUN_DEV(ABOCOM2, RT2870_1),
106 RUN_DEV(ACCTON, RT2770),
107 RUN_DEV(ACCTON, RT2870_1),
108 RUN_DEV(ACCTON, RT2870_2),
109 RUN_DEV(ACCTON, RT2870_3),
110 RUN_DEV(ACCTON, RT2870_4),
111 RUN_DEV(ACCTON, RT2870_5),
112 RUN_DEV(ACCTON, RT3070),
113 RUN_DEV(ACCTON, RT3070_1),
114 RUN_DEV(ACCTON, RT3070_2),
115 RUN_DEV(ACCTON, RT3070_3),
116 RUN_DEV(ACCTON, RT3070_4),
117 RUN_DEV(ACCTON, RT3070_5),
118 RUN_DEV(AIRTIES, RT3070),
119 RUN_DEV(ALLWIN, RT2070),
120 RUN_DEV(ALLWIN, RT2770),
121 RUN_DEV(ALLWIN, RT2870),
122 RUN_DEV(ALLWIN, RT3070),
123 RUN_DEV(ALLWIN, RT3071),
124 RUN_DEV(ALLWIN, RT3072),
125 RUN_DEV(ALLWIN, RT3572),
126 RUN_DEV(AMIGO, RT2870_1),
127 RUN_DEV(AMIGO, RT2870_2),
128 RUN_DEV(AMIT, CGWLUSB2GNR),
129 RUN_DEV(AMIT, RT2870_1),
130 RUN_DEV(AMIT2, RT2870),
131 RUN_DEV(ASUS, RT2870_1),
132 RUN_DEV(ASUS, RT2870_2),
133 RUN_DEV(ASUS, RT2870_3),
134 RUN_DEV(ASUS, RT2870_4),
135 RUN_DEV(ASUS, RT2870_5),
136 RUN_DEV(ASUS, USBN13),
137 RUN_DEV(ASUS, RT3070_1),
138 RUN_DEV(ASUS, USBN66),
139 RUN_DEV(ASUS, USB_N53),
140 RUN_DEV(ASUS2, USBN11),
141 RUN_DEV(AZUREWAVE, RT2870_1),
142 RUN_DEV(AZUREWAVE, RT2870_2),
143 RUN_DEV(AZUREWAVE, RT3070_1),
144 RUN_DEV(AZUREWAVE, RT3070_2),
145 RUN_DEV(AZUREWAVE, RT3070_3),
146 RUN_DEV(BELKIN, F9L1103),
147 RUN_DEV(BELKIN, F5D8053V3),
148 RUN_DEV(BELKIN, F5D8055),
149 RUN_DEV(BELKIN, F5D8055V2),
150 RUN_DEV(BELKIN, F6D4050V1),
151 RUN_DEV(BELKIN, F6D4050V2),
152 RUN_DEV(BELKIN, RT2870_1),
153 RUN_DEV(BELKIN, RT2870_2),
154 RUN_DEV(CISCOLINKSYS, AE1000),
155 RUN_DEV(CISCOLINKSYS2, RT3070),
156 RUN_DEV(CISCOLINKSYS3, RT3070),
157 RUN_DEV(CONCEPTRONIC2, RT2870_1),
158 RUN_DEV(CONCEPTRONIC2, RT2870_2),
159 RUN_DEV(CONCEPTRONIC2, RT2870_3),
160 RUN_DEV(CONCEPTRONIC2, RT2870_4),
161 RUN_DEV(CONCEPTRONIC2, RT2870_5),
162 RUN_DEV(CONCEPTRONIC2, RT2870_6),
163 RUN_DEV(CONCEPTRONIC2, RT2870_7),
164 RUN_DEV(CONCEPTRONIC2, RT2870_8),
165 RUN_DEV(CONCEPTRONIC2, RT3070_1),
166 RUN_DEV(CONCEPTRONIC2, RT3070_2),
167 RUN_DEV(CONCEPTRONIC2, VIGORN61),
168 RUN_DEV(COREGA, CGWLUSB300GNM),
169 RUN_DEV(COREGA, RT2870_1),
170 RUN_DEV(COREGA, RT2870_2),
171 RUN_DEV(COREGA, RT2870_3),
172 RUN_DEV(COREGA, RT3070),
173 RUN_DEV(CYBERTAN, RT2870),
174 RUN_DEV(DLINK, RT2870),
175 RUN_DEV(DLINK, RT3072),
176 RUN_DEV(DLINK, DWA127),
177 RUN_DEV(DLINK, DWA140B3),
178 RUN_DEV(DLINK, DWA160B2),
179 RUN_DEV(DLINK, DWA140D1),
180 RUN_DEV(DLINK, DWA162),
181 RUN_DEV(DLINK2, DWA130),
182 RUN_DEV(DLINK2, RT2870_1),
183 RUN_DEV(DLINK2, RT2870_2),
184 RUN_DEV(DLINK2, RT3070_1),
185 RUN_DEV(DLINK2, RT3070_2),
186 RUN_DEV(DLINK2, RT3070_3),
187 RUN_DEV(DLINK2, RT3070_4),
188 RUN_DEV(DLINK2, RT3070_5),
189 RUN_DEV(DLINK2, RT3072),
190 RUN_DEV(DLINK2, RT3072_1),
191 RUN_DEV(EDIMAX, EW7717),
192 RUN_DEV(EDIMAX, EW7718),
193 RUN_DEV(EDIMAX, EW7733UND),
194 RUN_DEV(EDIMAX, RT2870_1),
195 RUN_DEV(ENCORE, RT3070_1),
196 RUN_DEV(ENCORE, RT3070_2),
197 RUN_DEV(ENCORE, RT3070_3),
198 RUN_DEV(GIGABYTE, GNWB31N),
199 RUN_DEV(GIGABYTE, GNWB32L),
200 RUN_DEV(GIGABYTE, RT2870_1),
201 RUN_DEV(GIGASET, RT3070_1),
202 RUN_DEV(GIGASET, RT3070_2),
203 RUN_DEV(GUILLEMOT, HWNU300),
204 RUN_DEV(HAWKING, HWUN2),
205 RUN_DEV(HAWKING, RT2870_1),
206 RUN_DEV(HAWKING, RT2870_2),
207 RUN_DEV(HAWKING, RT3070),
208 RUN_DEV(IODATA, RT3072_1),
209 RUN_DEV(IODATA, RT3072_2),
210 RUN_DEV(IODATA, RT3072_3),
211 RUN_DEV(IODATA, RT3072_4),
212 RUN_DEV(LINKSYS4, RT3070),
213 RUN_DEV(LINKSYS4, WUSB100),
214 RUN_DEV(LINKSYS4, WUSB54GCV3),
215 RUN_DEV(LINKSYS4, WUSB600N),
216 RUN_DEV(LINKSYS4, WUSB600NV2),
217 RUN_DEV(LOGITEC, RT2870_1),
218 RUN_DEV(LOGITEC, RT2870_2),
219 RUN_DEV(LOGITEC, RT2870_3),
220 RUN_DEV(LOGITEC, LANW300NU2),
221 RUN_DEV(LOGITEC, LANW150NU2),
222 RUN_DEV(LOGITEC, LANW300NU2S),
223 RUN_DEV(MELCO, WLIUCG300HP),
224 RUN_DEV(MELCO, RT2870_2),
225 RUN_DEV(MELCO, WLIUCAG300N),
226 RUN_DEV(MELCO, WLIUCG300N),
227 RUN_DEV(MELCO, WLIUCG301N),
228 RUN_DEV(MELCO, WLIUCGN),
229 RUN_DEV(MELCO, WLIUCGNM),
230 RUN_DEV(MELCO, WLIUCG300HPV1),
231 RUN_DEV(MELCO, WLIUCGNM2),
232 RUN_DEV(MOTOROLA4, RT2770),
233 RUN_DEV(MOTOROLA4, RT3070),
234 RUN_DEV(MSI, RT3070_1),
235 RUN_DEV(MSI, RT3070_2),
236 RUN_DEV(MSI, RT3070_3),
237 RUN_DEV(MSI, RT3070_4),
238 RUN_DEV(MSI, RT3070_5),
239 RUN_DEV(MSI, RT3070_6),
240 RUN_DEV(MSI, RT3070_7),
241 RUN_DEV(MSI, RT3070_8),
242 RUN_DEV(MSI, RT3070_9),
243 RUN_DEV(MSI, RT3070_10),
244 RUN_DEV(MSI, RT3070_11),
245 RUN_DEV(NETGEAR, WNDA4100),
246 RUN_DEV(OVISLINK, RT3072),
247 RUN_DEV(PARA, RT3070),
248 RUN_DEV(PEGATRON, RT2870),
249 RUN_DEV(PEGATRON, RT3070),
250 RUN_DEV(PEGATRON, RT3070_2),
251 RUN_DEV(PEGATRON, RT3070_3),
252 RUN_DEV(PHILIPS, RT2870),
253 RUN_DEV(PLANEX2, GWUS300MINIS),
254 RUN_DEV(PLANEX2, GWUSMICRON),
255 RUN_DEV(PLANEX2, RT2870),
256 RUN_DEV(PLANEX2, RT3070),
257 RUN_DEV(QCOM, RT2870),
258 RUN_DEV(QUANTA, RT3070),
259 RUN_DEV(RALINK, RT2070),
260 RUN_DEV(RALINK, RT2770),
261 RUN_DEV(RALINK, RT2870),
262 RUN_DEV(RALINK, RT3070),
263 RUN_DEV(RALINK, RT3071),
264 RUN_DEV(RALINK, RT3072),
265 RUN_DEV(RALINK, RT3370),
266 RUN_DEV(RALINK, RT3572),
267 RUN_DEV(RALINK, RT3573),
268 RUN_DEV(RALINK, RT5370),
269 RUN_DEV(RALINK, RT5572),
270 RUN_DEV(RALINK, RT8070),
271 RUN_DEV(SAMSUNG, WIS09ABGN),
272 RUN_DEV(SAMSUNG2, RT2870_1),
273 RUN_DEV(SENAO, RT2870_1),
274 RUN_DEV(SENAO, RT2870_2),
275 RUN_DEV(SENAO, RT2870_3),
276 RUN_DEV(SENAO, RT2870_4),
277 RUN_DEV(SENAO, RT3070),
278 RUN_DEV(SENAO, RT3071),
279 RUN_DEV(SENAO, RT3072_1),
280 RUN_DEV(SENAO, RT3072_2),
281 RUN_DEV(SENAO, RT3072_3),
282 RUN_DEV(SENAO, RT3072_4),
283 RUN_DEV(SENAO, RT3072_5),
284 RUN_DEV(SITECOMEU, RT2770),
285 RUN_DEV(SITECOMEU, RT2870_1),
286 RUN_DEV(SITECOMEU, RT2870_2),
287 RUN_DEV(SITECOMEU, RT2870_3),
288 RUN_DEV(SITECOMEU, RT2870_4),
289 RUN_DEV(SITECOMEU, RT3070),
290 RUN_DEV(SITECOMEU, RT3070_2),
291 RUN_DEV(SITECOMEU, RT3070_3),
292 RUN_DEV(SITECOMEU, RT3070_4),
293 RUN_DEV(SITECOMEU, RT3071),
294 RUN_DEV(SITECOMEU, RT3072_1),
295 RUN_DEV(SITECOMEU, RT3072_2),
296 RUN_DEV(SITECOMEU, RT3072_3),
297 RUN_DEV(SITECOMEU, RT3072_4),
298 RUN_DEV(SITECOMEU, RT3072_5),
299 RUN_DEV(SITECOMEU, RT3072_6),
300 RUN_DEV(SITECOMEU, WL608),
301 RUN_DEV(SPARKLAN, RT2870_1),
302 RUN_DEV(SPARKLAN, RT3070),
303 RUN_DEV(SWEEX2, LW153),
304 RUN_DEV(SWEEX2, LW303),
305 RUN_DEV(SWEEX2, LW313),
306 RUN_DEV(TOSHIBA, RT3070),
307 RUN_DEV(UMEDIA, RT2870_1),
308 RUN_DEV(ZCOM, RT2870_1),
309 RUN_DEV(ZCOM, RT2870_2),
310 RUN_DEV(ZINWELL, RT2870_1),
311 RUN_DEV(ZINWELL, RT2870_2),
312 RUN_DEV(ZINWELL, RT3070),
313 RUN_DEV(ZINWELL, RT3072_1),
314 RUN_DEV(ZINWELL, RT3072_2),
315 RUN_DEV(ZYXEL, RT2870_1),
316 RUN_DEV(ZYXEL, RT2870_2),
317 RUN_DEV(ZYXEL, RT3070),
318 RUN_DEV_EJECT(ZYXEL, NWD2705),
319 RUN_DEV_EJECT(RALINK, RT_STOR),
324 static device_probe_t run_match;
325 static device_attach_t run_attach;
326 static device_detach_t run_detach;
328 static usb_callback_t run_bulk_rx_callback;
329 static usb_callback_t run_bulk_tx_callback0;
330 static usb_callback_t run_bulk_tx_callback1;
331 static usb_callback_t run_bulk_tx_callback2;
332 static usb_callback_t run_bulk_tx_callback3;
333 static usb_callback_t run_bulk_tx_callback4;
334 static usb_callback_t run_bulk_tx_callback5;
336 static void run_autoinst(void *, struct usb_device *,
337 struct usb_attach_arg *);
338 static int run_driver_loaded(struct module *, int, void *);
339 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
340 usb_error_t error, u_int index);
341 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
342 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
343 const uint8_t [IEEE80211_ADDR_LEN],
344 const uint8_t [IEEE80211_ADDR_LEN]);
345 static void run_vap_delete(struct ieee80211vap *);
346 static void run_cmdq_cb(void *, int);
347 static void run_setup_tx_list(struct run_softc *,
348 struct run_endpoint_queue *);
349 static void run_unsetup_tx_list(struct run_softc *,
350 struct run_endpoint_queue *);
351 static int run_load_microcode(struct run_softc *);
352 static int run_reset(struct run_softc *);
353 static usb_error_t run_do_request(struct run_softc *,
354 struct usb_device_request *, void *);
355 static int run_read(struct run_softc *, uint16_t, uint32_t *);
356 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
357 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
358 static int run_write(struct run_softc *, uint16_t, uint32_t);
359 static int run_write_region_1(struct run_softc *, uint16_t,
360 const uint8_t *, int);
361 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
362 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
363 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
364 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
365 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
366 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
367 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
368 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
369 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
370 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
371 static const char *run_get_rf(uint16_t);
372 static void run_rt3593_get_txpower(struct run_softc *);
373 static void run_get_txpower(struct run_softc *);
374 static int run_read_eeprom(struct run_softc *);
375 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
376 const uint8_t mac[IEEE80211_ADDR_LEN]);
377 static int run_media_change(struct ifnet *);
378 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
379 static int run_wme_update(struct ieee80211com *);
380 static void run_wme_update_cb(void *);
381 static void run_key_update_begin(struct ieee80211vap *);
382 static void run_key_update_end(struct ieee80211vap *);
383 static void run_key_set_cb(void *);
384 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
385 const uint8_t mac[IEEE80211_ADDR_LEN]);
386 static void run_key_delete_cb(void *);
387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
388 static void run_ratectl_to(void *);
389 static void run_ratectl_cb(void *, int);
390 static void run_drain_fifo(void *);
391 static void run_iter_func(void *, struct ieee80211_node *);
392 static void run_newassoc_cb(void *);
393 static void run_newassoc(struct ieee80211_node *, int);
394 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
395 static void run_tx_free(struct run_endpoint_queue *pq,
396 struct run_tx_data *, int);
397 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
398 static int run_tx(struct run_softc *, struct mbuf *,
399 struct ieee80211_node *);
400 static int run_tx_mgt(struct run_softc *, struct mbuf *,
401 struct ieee80211_node *);
402 static int run_sendprot(struct run_softc *, const struct mbuf *,
403 struct ieee80211_node *, int, int);
404 static int run_tx_param(struct run_softc *, struct mbuf *,
405 struct ieee80211_node *,
406 const struct ieee80211_bpf_params *);
407 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
408 const struct ieee80211_bpf_params *);
409 static void run_start(struct ifnet *);
410 static int run_ioctl(struct ifnet *, u_long, caddr_t);
411 static void run_iq_calib(struct run_softc *, u_int);
412 static void run_set_agc(struct run_softc *, uint8_t);
413 static void run_select_chan_group(struct run_softc *, int);
414 static void run_set_rx_antenna(struct run_softc *, int);
415 static void run_rt2870_set_chan(struct run_softc *, u_int);
416 static void run_rt3070_set_chan(struct run_softc *, u_int);
417 static void run_rt3572_set_chan(struct run_softc *, u_int);
418 static void run_rt3593_set_chan(struct run_softc *, u_int);
419 static void run_rt5390_set_chan(struct run_softc *, u_int);
420 static void run_rt5592_set_chan(struct run_softc *, u_int);
421 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
422 static void run_set_channel(struct ieee80211com *);
423 static void run_scan_start(struct ieee80211com *);
424 static void run_scan_end(struct ieee80211com *);
425 static void run_update_beacon(struct ieee80211vap *, int);
426 static void run_update_beacon_cb(void *);
427 static void run_updateprot(struct ieee80211com *);
428 static void run_updateprot_cb(void *);
429 static void run_usb_timeout_cb(void *);
430 static void run_reset_livelock(struct run_softc *);
431 static void run_enable_tsf_sync(struct run_softc *);
432 static void run_enable_mrr(struct run_softc *);
433 static void run_set_txpreamble(struct run_softc *);
434 static void run_set_basicrates(struct run_softc *);
435 static void run_set_leds(struct run_softc *, uint16_t);
436 static void run_set_bssid(struct run_softc *, const uint8_t *);
437 static void run_set_macaddr(struct run_softc *, const uint8_t *);
438 static void run_updateslot(struct ifnet *);
439 static void run_updateslot_cb(void *);
440 static void run_update_mcast(struct ifnet *);
441 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
442 static void run_update_promisc_locked(struct ifnet *);
443 static void run_update_promisc(struct ifnet *);
444 static void run_rt5390_bbp_init(struct run_softc *);
445 static int run_bbp_init(struct run_softc *);
446 static int run_rt3070_rf_init(struct run_softc *);
447 static void run_rt3593_rf_init(struct run_softc *);
448 static void run_rt5390_rf_init(struct run_softc *);
449 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
451 static void run_rt3070_rf_setup(struct run_softc *);
452 static void run_rt3593_rf_setup(struct run_softc *);
453 static void run_rt5390_rf_setup(struct run_softc *);
454 static int run_txrx_enable(struct run_softc *);
455 static void run_adjust_freq_offset(struct run_softc *);
456 static void run_init(void *);
457 static void run_init_locked(struct run_softc *);
458 static void run_stop(void *);
459 static void run_delay(struct run_softc *, u_int);
461 static eventhandler_tag run_etag;
463 static const struct rt2860_rate {
466 enum ieee80211_phytype phy;
471 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
472 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
473 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
474 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
475 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
476 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
477 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
478 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
479 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
480 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
481 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
482 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
485 static const struct {
488 } rt2870_def_mac[] = {
492 static const struct {
495 } rt2860_def_bbp[] = {
497 },rt5390_def_bbp[] = {
499 },rt5592_def_bbp[] = {
504 * Default values for BBP register R196 for RT5592.
506 static const uint8_t rt5592_bbp_r196[] = {
507 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
508 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
509 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
510 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
511 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
512 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
514 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
515 0x2e, 0x36, 0x30, 0x6e
518 static const struct rfprog {
520 uint32_t r1, r2, r3, r4;
521 } rt2860_rf2850[] = {
531 static const struct rt5592_freqs {
534 } rt5592_freqs_20mhz[] = {
536 },rt5592_freqs_40mhz[] = {
540 static const struct {
543 } rt3070_def_rf[] = {
545 },rt3572_def_rf[] = {
547 },rt3593_def_rf[] = {
549 },rt5390_def_rf[] = {
551 },rt5392_def_rf[] = {
553 },rt5592_def_rf[] = {
555 },rt5592_2ghz_def_rf[] = {
557 },rt5592_5ghz_def_rf[] = {
561 static const struct {
566 } rt5592_chan_5ghz[] = {
570 static const struct usb_config run_config[RUN_N_XFER] = {
573 .endpoint = UE_ADDR_ANY,
575 .direction = UE_DIR_OUT,
576 .bufsize = RUN_MAX_TXSZ,
577 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
578 .callback = run_bulk_tx_callback0,
579 .timeout = 5000, /* ms */
583 .endpoint = UE_ADDR_ANY,
584 .direction = UE_DIR_OUT,
586 .bufsize = RUN_MAX_TXSZ,
587 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
588 .callback = run_bulk_tx_callback1,
589 .timeout = 5000, /* ms */
593 .endpoint = UE_ADDR_ANY,
594 .direction = UE_DIR_OUT,
596 .bufsize = RUN_MAX_TXSZ,
597 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
598 .callback = run_bulk_tx_callback2,
599 .timeout = 5000, /* ms */
603 .endpoint = UE_ADDR_ANY,
604 .direction = UE_DIR_OUT,
606 .bufsize = RUN_MAX_TXSZ,
607 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
608 .callback = run_bulk_tx_callback3,
609 .timeout = 5000, /* ms */
611 [RUN_BULK_TX_HCCA] = {
613 .endpoint = UE_ADDR_ANY,
614 .direction = UE_DIR_OUT,
616 .bufsize = RUN_MAX_TXSZ,
617 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
618 .callback = run_bulk_tx_callback4,
619 .timeout = 5000, /* ms */
621 [RUN_BULK_TX_PRIO] = {
623 .endpoint = UE_ADDR_ANY,
624 .direction = UE_DIR_OUT,
626 .bufsize = RUN_MAX_TXSZ,
627 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
628 .callback = run_bulk_tx_callback5,
629 .timeout = 5000, /* ms */
633 .endpoint = UE_ADDR_ANY,
634 .direction = UE_DIR_IN,
635 .bufsize = RUN_MAX_RXSZ,
636 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
637 .callback = run_bulk_rx_callback,
642 run_autoinst(void *arg, struct usb_device *udev,
643 struct usb_attach_arg *uaa)
645 struct usb_interface *iface;
646 struct usb_interface_descriptor *id;
648 if (uaa->dev_state != UAA_DEV_READY)
651 iface = usbd_get_iface(udev, 0);
655 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
657 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
660 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
661 uaa->dev_state = UAA_DEV_EJECTING;
665 run_driver_loaded(struct module *mod, int what, void *arg)
669 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
670 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
673 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
682 run_match(device_t self)
684 struct usb_attach_arg *uaa = device_get_ivars(self);
686 if (uaa->usb_mode != USB_MODE_HOST)
688 if (uaa->info.bConfigIndex != 0)
690 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
693 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
697 run_attach(device_t self)
699 struct run_softc *sc = device_get_softc(self);
700 struct usb_attach_arg *uaa = device_get_ivars(self);
701 struct ieee80211com *ic;
705 uint8_t iface_index, bands;
707 device_set_usb_desc(self);
708 sc->sc_udev = uaa->device;
710 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
711 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
713 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
714 MTX_NETWORK_LOCK, MTX_DEF);
716 iface_index = RT2860_IFACE_INDEX;
718 error = usbd_transfer_setup(uaa->device, &iface_index,
719 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
721 device_printf(self, "could not allocate USB transfers, "
722 "err=%s\n", usbd_errstr(error));
728 /* wait for the chip to settle */
729 for (ntries = 0; ntries < 100; ntries++) {
730 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
734 if (ver != 0 && ver != 0xffffffff)
739 device_printf(sc->sc_dev,
740 "timeout waiting for NIC to initialize\n");
744 sc->mac_ver = ver >> 16;
745 sc->mac_rev = ver & 0xffff;
747 /* retrieve RF rev. no and various other things from EEPROM */
750 device_printf(sc->sc_dev,
751 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
752 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
753 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
757 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
759 device_printf(sc->sc_dev, "can not if_alloc()\n");
765 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
766 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
767 ifp->if_init = run_init;
768 ifp->if_ioctl = run_ioctl;
769 ifp->if_start = run_start;
770 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
771 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
772 IFQ_SET_READY(&ifp->if_snd);
775 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
776 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
778 /* set device capabilities */
780 IEEE80211_C_STA | /* station mode supported */
781 IEEE80211_C_MONITOR | /* monitor mode supported */
784 IEEE80211_C_WDS | /* 4-address traffic works */
786 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
787 IEEE80211_C_SHSLOT | /* short slot time supported */
788 IEEE80211_C_WME | /* WME */
789 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
792 IEEE80211_CRYPTO_WEP |
793 IEEE80211_CRYPTO_AES_CCM |
794 IEEE80211_CRYPTO_TKIPMIC |
795 IEEE80211_CRYPTO_TKIP;
797 ic->ic_flags |= IEEE80211_F_DATAPAD;
798 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
801 setbit(&bands, IEEE80211_MODE_11B);
802 setbit(&bands, IEEE80211_MODE_11G);
803 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
804 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
805 sc->rf_rev == RT5592_RF_5592)
806 setbit(&bands, IEEE80211_MODE_11A);
807 ieee80211_init_channels(ic, NULL, &bands);
809 ieee80211_ifattach(ic, sc->sc_bssid);
811 ic->ic_scan_start = run_scan_start;
812 ic->ic_scan_end = run_scan_end;
813 ic->ic_set_channel = run_set_channel;
814 ic->ic_node_alloc = run_node_alloc;
815 ic->ic_newassoc = run_newassoc;
816 ic->ic_updateslot = run_updateslot;
817 ic->ic_update_mcast = run_update_mcast;
818 ic->ic_wme.wme_update = run_wme_update;
819 ic->ic_raw_xmit = run_raw_xmit;
820 ic->ic_update_promisc = run_update_promisc;
822 ic->ic_vap_create = run_vap_create;
823 ic->ic_vap_delete = run_vap_delete;
825 ieee80211_radiotap_attach(ic,
826 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
827 RUN_TX_RADIOTAP_PRESENT,
828 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
829 RUN_RX_RADIOTAP_PRESENT);
831 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
832 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
833 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
836 ieee80211_announce(ic);
846 run_detach(device_t self)
848 struct run_softc *sc = device_get_softc(self);
849 struct ifnet *ifp = sc->sc_ifp;
850 struct ieee80211com *ic;
857 /* stop all USB transfers */
858 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
861 sc->ratectl_run = RUN_RATECTL_OFF;
862 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
864 /* free TX list, if any */
865 for (i = 0; i != RUN_EP_QUEUES; i++)
866 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
872 usb_callout_drain(&sc->ratectl_ch);
873 ieee80211_draintask(ic, &sc->cmdq_task);
874 ieee80211_draintask(ic, &sc->ratectl_task);
875 ieee80211_ifdetach(ic);
879 mtx_destroy(&sc->sc_mtx);
884 static struct ieee80211vap *
885 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
886 enum ieee80211_opmode opmode, int flags,
887 const uint8_t bssid[IEEE80211_ADDR_LEN],
888 const uint8_t mac[IEEE80211_ADDR_LEN])
890 struct ifnet *ifp = ic->ic_ifp;
891 struct run_softc *sc = ifp->if_softc;
893 struct ieee80211vap *vap;
896 if (sc->rvp_cnt >= RUN_VAP_MAX) {
897 if_printf(ifp, "number of VAPs maxed out\n");
902 case IEEE80211_M_STA:
903 /* enable s/w bmiss handling for sta mode */
904 flags |= IEEE80211_CLONE_NOBEACONS;
906 case IEEE80211_M_IBSS:
907 case IEEE80211_M_MONITOR:
908 case IEEE80211_M_HOSTAP:
909 case IEEE80211_M_MBSS:
910 /* other than WDS vaps, only one at a time */
911 if (!TAILQ_EMPTY(&ic->ic_vaps))
914 case IEEE80211_M_WDS:
915 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
916 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
918 /* WDS vap's always share the local mac address. */
919 flags &= ~IEEE80211_CLONE_BSSID;
923 if_printf(ifp, "wds only supported in ap mode\n");
928 if_printf(ifp, "unknown opmode %d\n", opmode);
932 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
933 M_80211_VAP, M_NOWAIT | M_ZERO);
938 if (ieee80211_vap_setup(ic, vap, name, unit,
939 opmode, flags, bssid, mac) != 0) {
941 free(rvp, M_80211_VAP);
945 vap->iv_key_update_begin = run_key_update_begin;
946 vap->iv_key_update_end = run_key_update_end;
947 vap->iv_update_beacon = run_update_beacon;
948 vap->iv_max_aid = RT2870_WCID_MAX;
950 * To delete the right key from h/w, we need wcid.
951 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
952 * and matching wcid will be written into there. So, cast
953 * some spells to remove 'const' from ieee80211_key{}
955 vap->iv_key_delete = (void *)run_key_delete;
956 vap->iv_key_set = (void *)run_key_set;
958 /* override state transition machine */
959 rvp->newstate = vap->iv_newstate;
960 vap->iv_newstate = run_newstate;
962 ieee80211_ratectl_init(vap);
963 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
966 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
968 /* make sure id is always unique */
969 for (i = 0; i < RUN_VAP_MAX; i++) {
970 if((sc->rvp_bmap & 1 << i) == 0){
971 sc->rvp_bmap |= 1 << i;
976 if (sc->rvp_cnt++ == 0)
977 ic->ic_opmode = opmode;
979 if (opmode == IEEE80211_M_HOSTAP)
980 sc->cmdq_run = RUN_CMDQ_GO;
982 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
983 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
989 run_vap_delete(struct ieee80211vap *vap)
991 struct run_vap *rvp = RUN_VAP(vap);
993 struct ieee80211com *ic;
994 struct run_softc *sc;
1007 m_freem(rvp->beacon_mbuf);
1008 rvp->beacon_mbuf = NULL;
1010 rvp_id = rvp->rvp_id;
1011 sc->ratectl_run &= ~(1 << rvp_id);
1012 sc->rvp_bmap &= ~(1 << rvp_id);
1013 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1014 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1017 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1018 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1022 ieee80211_ratectl_deinit(vap);
1023 ieee80211_vap_detach(vap);
1024 free(rvp, M_80211_VAP);
1028 * There are numbers of functions need to be called in context thread.
1029 * Rather than creating taskqueue event for each of those functions,
1030 * here is all-for-one taskqueue callback function. This function
1031 * gurantees deferred functions are executed in the same order they
1033 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1036 run_cmdq_cb(void *arg, int pending)
1038 struct run_softc *sc = arg;
1041 /* call cmdq[].func locked */
1043 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1044 i = sc->cmdq_exec, pending--) {
1045 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1046 if (sc->cmdq_run == RUN_CMDQ_GO) {
1048 * If arg0 is NULL, callback func needs more
1049 * than one arg. So, pass ptr to cmdq struct.
1051 if (sc->cmdq[i].arg0)
1052 sc->cmdq[i].func(sc->cmdq[i].arg0);
1054 sc->cmdq[i].func(&sc->cmdq[i]);
1056 sc->cmdq[i].arg0 = NULL;
1057 sc->cmdq[i].func = NULL;
1059 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1065 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1067 struct run_tx_data *data;
1069 memset(pq, 0, sizeof(*pq));
1071 STAILQ_INIT(&pq->tx_qh);
1072 STAILQ_INIT(&pq->tx_fh);
1074 for (data = &pq->tx_data[0];
1075 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1077 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1079 pq->tx_nfree = RUN_TX_RING_COUNT;
1083 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1085 struct run_tx_data *data;
1087 /* make sure any subsequent use of the queues will fail */
1089 STAILQ_INIT(&pq->tx_fh);
1090 STAILQ_INIT(&pq->tx_qh);
1092 /* free up all node references and mbufs */
1093 for (data = &pq->tx_data[0];
1094 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1095 if (data->m != NULL) {
1099 if (data->ni != NULL) {
1100 ieee80211_free_node(data->ni);
1107 run_load_microcode(struct run_softc *sc)
1109 usb_device_request_t req;
1110 const struct firmware *fw;
1114 const uint64_t *temp;
1118 fw = firmware_get("runfw");
1121 device_printf(sc->sc_dev,
1122 "failed loadfirmware of file %s\n", "runfw");
1126 if (fw->datasize != 8192) {
1127 device_printf(sc->sc_dev,
1128 "invalid firmware size (should be 8KB)\n");
1134 * RT3071/RT3072 use a different firmware
1135 * run-rt2870 (8KB) contains both,
1136 * first half (4KB) is for rt2870,
1137 * last half is for rt3071.
1140 if ((sc->mac_ver) != 0x2860 &&
1141 (sc->mac_ver) != 0x2872 &&
1142 (sc->mac_ver) != 0x3070) {
1146 /* cheap sanity check */
1149 if (bytes != be64toh(0xffffff0210280210ULL)) {
1150 device_printf(sc->sc_dev, "firmware checksum failed\n");
1155 /* write microcode image */
1156 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1157 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1158 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1159 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1162 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1163 req.bRequest = RT2870_RESET;
1164 USETW(req.wValue, 8);
1165 USETW(req.wIndex, 0);
1166 USETW(req.wLength, 0);
1167 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1169 device_printf(sc->sc_dev, "firmware reset failed\n");
1175 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1176 run_write(sc, RT2860_H2M_MAILBOX, 0);
1177 run_write(sc, RT2860_H2M_INTSRC, 0);
1178 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1181 /* wait until microcontroller is ready */
1182 for (ntries = 0; ntries < 1000; ntries++) {
1183 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1185 if (tmp & RT2860_MCU_READY)
1189 if (ntries == 1000) {
1190 device_printf(sc->sc_dev,
1191 "timeout waiting for MCU to initialize\n");
1195 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1196 (base == fw->data) ? "RT2870" : "RT3071",
1197 *(base + 4092), *(base + 4093));
1200 firmware_put(fw, FIRMWARE_UNLOAD);
1205 run_reset(struct run_softc *sc)
1207 usb_device_request_t req;
1209 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1210 req.bRequest = RT2870_RESET;
1211 USETW(req.wValue, 1);
1212 USETW(req.wIndex, 0);
1213 USETW(req.wLength, 0);
1214 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1218 run_do_request(struct run_softc *sc,
1219 struct usb_device_request *req, void *data)
1224 RUN_LOCK_ASSERT(sc, MA_OWNED);
1227 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1228 req, data, 0, NULL, 250 /* ms */);
1231 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1239 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1244 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1246 *val = le32toh(tmp);
1253 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1255 usb_device_request_t req;
1257 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1258 req.bRequest = RT2870_READ_REGION_1;
1259 USETW(req.wValue, 0);
1260 USETW(req.wIndex, reg);
1261 USETW(req.wLength, len);
1263 return (run_do_request(sc, &req, buf));
1267 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1269 usb_device_request_t req;
1271 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1272 req.bRequest = RT2870_WRITE_2;
1273 USETW(req.wValue, val);
1274 USETW(req.wIndex, reg);
1275 USETW(req.wLength, 0);
1277 return (run_do_request(sc, &req, NULL));
1281 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1285 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1286 error = run_write_2(sc, reg + 2, val >> 16);
1291 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1297 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1298 * We thus issue multiple WRITE_2 commands instead.
1300 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1301 for (i = 0; i < len && error == 0; i += 2)
1302 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1305 usb_device_request_t req;
1309 * NOTE: It appears the WRITE_REGION_1 command cannot be
1310 * passed a huge amount of data, which will crash the
1311 * firmware. Limit amount of data passed to 64-bytes at a
1319 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1320 req.bRequest = RT2870_WRITE_REGION_1;
1321 USETW(req.wValue, 0);
1322 USETW(req.wIndex, reg);
1323 USETW(req.wLength, delta);
1324 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1336 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1340 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1341 for (i = 0; i < len && error == 0; i += 4)
1342 error = run_write(sc, reg + i, val);
1347 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1353 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1359 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1365 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1366 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1367 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1368 for (ntries = 0; ntries < 100; ntries++) {
1369 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1371 if (!(tmp & RT3070_EFSROM_KICK))
1378 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1379 *val = 0xffff; /* address not found */
1382 /* determine to which 32-bit register our 16-bit word belongs */
1383 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1384 if ((error = run_read(sc, reg, &tmp)) != 0)
1387 tmp >>= (8 * (addr & 0x3));
1388 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1393 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1395 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1397 return (run_efuse_read(sc, addr, val, 2));
1401 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1403 usb_device_request_t req;
1408 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1409 req.bRequest = RT2870_EEPROM_READ;
1410 USETW(req.wValue, 0);
1411 USETW(req.wIndex, addr);
1412 USETW(req.wLength, sizeof(tmp));
1414 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1416 *val = le16toh(tmp);
1423 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1425 /* either eFUSE ROM or EEPROM */
1426 return sc->sc_srom_read(sc, addr, val);
1430 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1435 for (ntries = 0; ntries < 10; ntries++) {
1436 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1438 if (!(tmp & RT2860_RF_REG_CTRL))
1444 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1448 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1453 for (ntries = 0; ntries < 100; ntries++) {
1454 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1456 if (!(tmp & RT3070_RF_KICK))
1462 tmp = RT3070_RF_KICK | reg << 8;
1463 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1466 for (ntries = 0; ntries < 100; ntries++) {
1467 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1469 if (!(tmp & RT3070_RF_KICK))
1480 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1485 for (ntries = 0; ntries < 10; ntries++) {
1486 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1488 if (!(tmp & RT3070_RF_KICK))
1494 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1495 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1499 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1504 for (ntries = 0; ntries < 10; ntries++) {
1505 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1507 if (!(tmp & RT2860_BBP_CSR_KICK))
1513 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1514 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1517 for (ntries = 0; ntries < 10; ntries++) {
1518 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1520 if (!(tmp & RT2860_BBP_CSR_KICK))
1531 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1536 for (ntries = 0; ntries < 10; ntries++) {
1537 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1539 if (!(tmp & RT2860_BBP_CSR_KICK))
1545 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1546 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1550 * Send a command to the 8051 microcontroller unit.
1553 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1558 for (ntries = 0; ntries < 100; ntries++) {
1559 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1561 if (!(tmp & RT2860_H2M_BUSY))
1567 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1568 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1569 error = run_write(sc, RT2860_HOST_CMD, cmd);
1574 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1575 * Used to adjust per-rate Tx power registers.
1577 static __inline uint32_t
1578 b4inc(uint32_t b32, int8_t delta)
1582 for (i = 0; i < 8; i++) {
1589 b32 = b32 >> 4 | b4 << 28;
1595 run_get_rf(uint16_t rev)
1598 case RT2860_RF_2820: return "RT2820";
1599 case RT2860_RF_2850: return "RT2850";
1600 case RT2860_RF_2720: return "RT2720";
1601 case RT2860_RF_2750: return "RT2750";
1602 case RT3070_RF_3020: return "RT3020";
1603 case RT3070_RF_2020: return "RT2020";
1604 case RT3070_RF_3021: return "RT3021";
1605 case RT3070_RF_3022: return "RT3022";
1606 case RT3070_RF_3052: return "RT3052";
1607 case RT3593_RF_3053: return "RT3053";
1608 case RT5592_RF_5592: return "RT5592";
1609 case RT5390_RF_5370: return "RT5370";
1610 case RT5390_RF_5372: return "RT5372";
1616 run_rt3593_get_txpower(struct run_softc *sc)
1621 /* Read power settings for 2GHz channels. */
1622 for (i = 0; i < 14; i += 2) {
1623 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1624 RT2860_EEPROM_PWR2GHZ_BASE1;
1625 run_srom_read(sc, addr + i / 2, &val);
1626 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1627 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1629 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1630 RT2860_EEPROM_PWR2GHZ_BASE2;
1631 run_srom_read(sc, addr + i / 2, &val);
1632 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1633 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1635 if (sc->ntxchains == 3) {
1636 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1638 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1639 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1642 /* Fix broken Tx power entries. */
1643 for (i = 0; i < 14; i++) {
1644 if (sc->txpow1[i] > 31)
1646 if (sc->txpow2[i] > 31)
1648 if (sc->ntxchains == 3) {
1649 if (sc->txpow3[i] > 31)
1653 /* Read power settings for 5GHz channels. */
1654 for (i = 0; i < 40; i += 2) {
1655 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1656 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1657 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1659 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1660 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1661 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1663 if (sc->ntxchains == 3) {
1664 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1666 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1667 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1673 run_get_txpower(struct run_softc *sc)
1678 /* Read power settings for 2GHz channels. */
1679 for (i = 0; i < 14; i += 2) {
1680 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1681 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1682 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1684 if (sc->mac_ver != 0x5390) {
1686 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1687 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1688 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1691 /* Fix broken Tx power entries. */
1692 for (i = 0; i < 14; i++) {
1693 if (sc->mac_ver >= 0x5390) {
1694 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1697 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1700 if (sc->mac_ver > 0x5390) {
1701 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1703 } else if (sc->mac_ver < 0x5390) {
1704 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1707 DPRINTF("chan %d: power1=%d, power2=%d\n",
1708 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1710 /* Read power settings for 5GHz channels. */
1711 for (i = 0; i < 40; i += 2) {
1712 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1713 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1714 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1716 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1717 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1718 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1720 /* Fix broken Tx power entries. */
1721 for (i = 0; i < 40; i++ ) {
1722 if (sc->mac_ver != 0x5592) {
1723 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1724 sc->txpow1[14 + i] = 5;
1725 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1726 sc->txpow2[14 + i] = 5;
1728 DPRINTF("chan %d: power1=%d, power2=%d\n",
1729 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1730 sc->txpow2[14 + i]);
1735 run_read_eeprom(struct run_softc *sc)
1737 int8_t delta_2ghz, delta_5ghz;
1742 /* check whether the ROM is eFUSE ROM or EEPROM */
1743 sc->sc_srom_read = run_eeprom_read_2;
1744 if (sc->mac_ver >= 0x3070) {
1745 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1746 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1747 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1748 sc->sc_srom_read = run_efuse_read_2;
1751 /* read ROM version */
1752 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1753 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1755 /* read MAC address */
1756 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1757 sc->sc_bssid[0] = val & 0xff;
1758 sc->sc_bssid[1] = val >> 8;
1759 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1760 sc->sc_bssid[2] = val & 0xff;
1761 sc->sc_bssid[3] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1763 sc->sc_bssid[4] = val & 0xff;
1764 sc->sc_bssid[5] = val >> 8;
1766 if (sc->mac_ver < 0x3593) {
1767 /* read vender BBP settings */
1768 for (i = 0; i < 10; i++) {
1769 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1770 sc->bbp[i].val = val & 0xff;
1771 sc->bbp[i].reg = val >> 8;
1772 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1775 if (sc->mac_ver >= 0x3071) {
1776 /* read vendor RF settings */
1777 for (i = 0; i < 10; i++) {
1778 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1780 sc->rf[i].val = val & 0xff;
1781 sc->rf[i].reg = val >> 8;
1782 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1788 /* read RF frequency offset from EEPROM */
1789 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1790 RT3593_EEPROM_FREQ, &val);
1791 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1792 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1794 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1795 RT3593_EEPROM_FREQ_LEDS, &val);
1796 if (val >> 8 != 0xff) {
1797 /* read LEDs operating mode */
1798 sc->leds = val >> 8;
1799 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1800 RT3593_EEPROM_LED1, &sc->led[0]);
1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1802 RT3593_EEPROM_LED2, &sc->led[1]);
1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1804 RT3593_EEPROM_LED3, &sc->led[2]);
1806 /* broken EEPROM, use default settings */
1808 sc->led[0] = 0x5555;
1809 sc->led[1] = 0x2221;
1810 sc->led[2] = 0x5627; /* differs from RT2860 */
1812 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1813 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1815 /* read RF information */
1816 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1817 run_srom_read(sc, 0x00, &val);
1819 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1821 if (val == 0xffff) {
1822 device_printf(sc->sc_dev,
1823 "invalid EEPROM antenna info, using default\n");
1824 DPRINTF("invalid EEPROM antenna info, using default\n");
1825 if (sc->mac_ver == 0x3572) {
1826 /* default to RF3052 2T2R */
1827 sc->rf_rev = RT3070_RF_3052;
1830 } else if (sc->mac_ver >= 0x3070) {
1831 /* default to RF3020 1T1R */
1832 sc->rf_rev = RT3070_RF_3020;
1836 /* default to RF2820 1T2R */
1837 sc->rf_rev = RT2860_RF_2820;
1842 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1844 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1846 sc->rf_rev = (val >> 8) & 0xf;
1847 sc->ntxchains = (val >> 4) & 0xf;
1848 sc->nrxchains = val & 0xf;
1850 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1851 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1853 /* check if RF supports automatic Tx access gain control */
1854 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1855 DPRINTF("EEPROM CFG 0x%04x\n", val);
1856 /* check if driver should patch the DAC issue */
1857 if ((val >> 8) != 0xff)
1858 sc->patch_dac = (val >> 15) & 1;
1859 if ((val & 0xff) != 0xff) {
1860 sc->ext_5ghz_lna = (val >> 3) & 1;
1861 sc->ext_2ghz_lna = (val >> 2) & 1;
1862 /* check if RF supports automatic Tx access gain control */
1863 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1864 /* check if we have a hardware radio switch */
1865 sc->rfswitch = val & 1;
1868 /* Read Tx power settings. */
1869 if (sc->mac_ver == 0x3593)
1870 run_rt3593_get_txpower(sc);
1872 run_get_txpower(sc);
1874 /* read Tx power compensation for each Tx rate */
1875 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1876 delta_2ghz = delta_5ghz = 0;
1877 if ((val & 0xff) != 0xff && (val & 0x80)) {
1878 delta_2ghz = val & 0xf;
1879 if (!(val & 0x40)) /* negative number */
1880 delta_2ghz = -delta_2ghz;
1883 if ((val & 0xff) != 0xff && (val & 0x80)) {
1884 delta_5ghz = val & 0xf;
1885 if (!(val & 0x40)) /* negative number */
1886 delta_5ghz = -delta_5ghz;
1888 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1889 delta_2ghz, delta_5ghz);
1891 for (ridx = 0; ridx < 5; ridx++) {
1894 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1896 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1897 reg |= (uint32_t)val << 16;
1899 sc->txpow20mhz[ridx] = reg;
1900 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1901 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1903 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1904 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1905 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1908 /* Read RSSI offsets and LNA gains from EEPROM. */
1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1910 RT3593_EEPROM_RSSI1_2GHZ, &val);
1911 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1912 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1913 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1914 RT3593_EEPROM_RSSI2_2GHZ, &val);
1915 if (sc->mac_ver >= 0x3070) {
1916 if (sc->mac_ver == 0x3593) {
1917 sc->txmixgain_2ghz = 0;
1918 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1921 * On RT3070 chips (limited to 2 Rx chains), this ROM
1922 * field contains the Tx mixer gain for the 2GHz band.
1924 if ((val & 0xff) != 0xff)
1925 sc->txmixgain_2ghz = val & 0x7;
1927 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1929 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1930 if (sc->mac_ver == 0x3593)
1931 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1932 sc->lna[2] = val >> 8; /* channel group 2 */
1934 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1935 RT3593_EEPROM_RSSI1_5GHZ, &val);
1936 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1937 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1938 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1939 RT3593_EEPROM_RSSI2_5GHZ, &val);
1940 if (sc->mac_ver == 0x3572) {
1942 * On RT3572 chips (limited to 2 Rx chains), this ROM
1943 * field contains the Tx mixer gain for the 5GHz band.
1945 if ((val & 0xff) != 0xff)
1946 sc->txmixgain_5ghz = val & 0x7;
1947 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1949 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1950 if (sc->mac_ver == 0x3593) {
1951 sc->txmixgain_5ghz = 0;
1952 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1954 sc->lna[3] = val >> 8; /* channel group 3 */
1956 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1957 RT3593_EEPROM_LNA, &val);
1958 sc->lna[0] = val & 0xff; /* channel group 0 */
1959 sc->lna[1] = val >> 8; /* channel group 1 */
1961 /* fix broken 5GHz LNA entries */
1962 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1963 DPRINTF("invalid LNA for channel group %d\n", 2);
1964 sc->lna[2] = sc->lna[1];
1966 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1967 DPRINTF("invalid LNA for channel group %d\n", 3);
1968 sc->lna[3] = sc->lna[1];
1971 /* fix broken RSSI offset entries */
1972 for (ant = 0; ant < 3; ant++) {
1973 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1974 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1975 ant + 1, sc->rssi_2ghz[ant]);
1976 sc->rssi_2ghz[ant] = 0;
1978 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1979 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1980 ant + 1, sc->rssi_5ghz[ant]);
1981 sc->rssi_5ghz[ant] = 0;
1987 static struct ieee80211_node *
1988 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1990 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1994 run_media_change(struct ifnet *ifp)
1996 struct ieee80211vap *vap = ifp->if_softc;
1997 struct ieee80211com *ic = vap->iv_ic;
1998 const struct ieee80211_txparam *tp;
1999 struct run_softc *sc = ic->ic_ifp->if_softc;
2005 error = ieee80211_media_change(ifp);
2006 if (error != ENETRESET) {
2011 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2012 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2013 struct ieee80211_node *ni;
2014 struct run_node *rn;
2016 rate = ic->ic_sup_rates[ic->ic_curmode].
2017 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2018 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2019 if (rt2860_rates[ridx].rate == rate)
2021 ni = ieee80211_ref_node(vap->iv_bss);
2022 rn = (struct run_node *)ni;
2023 rn->fix_ridx = ridx;
2024 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2025 ieee80211_free_node(ni);
2029 if ((ifp->if_flags & IFF_UP) &&
2030 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2031 run_init_locked(sc);
2041 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2043 const struct ieee80211_txparam *tp;
2044 struct ieee80211com *ic = vap->iv_ic;
2045 struct run_softc *sc = ic->ic_ifp->if_softc;
2046 struct run_vap *rvp = RUN_VAP(vap);
2047 enum ieee80211_state ostate;
2051 uint8_t restart_ratectl = 0;
2052 uint8_t bid = 1 << rvp->rvp_id;
2054 ostate = vap->iv_state;
2055 DPRINTF("%s -> %s\n",
2056 ieee80211_state_name[ostate],
2057 ieee80211_state_name[nstate]);
2059 IEEE80211_UNLOCK(ic);
2062 ratectl = sc->ratectl_run; /* remember current state */
2063 sc->ratectl_run = RUN_RATECTL_OFF;
2064 usb_callout_stop(&sc->ratectl_ch);
2066 if (ostate == IEEE80211_S_RUN) {
2067 /* turn link LED off */
2068 run_set_leds(sc, RT2860_LED_RADIO);
2072 case IEEE80211_S_INIT:
2073 restart_ratectl = 1;
2075 if (ostate != IEEE80211_S_RUN)
2079 sc->runbmap &= ~bid;
2081 /* abort TSF synchronization if there is no vap running */
2082 if (--sc->running == 0) {
2083 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2084 run_write(sc, RT2860_BCN_TIME_CFG,
2085 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2086 RT2860_TBTT_TIMER_EN));
2090 case IEEE80211_S_RUN:
2091 if (!(sc->runbmap & bid)) {
2093 restart_ratectl = 1;
2097 m_freem(rvp->beacon_mbuf);
2098 rvp->beacon_mbuf = NULL;
2100 switch (vap->iv_opmode) {
2101 case IEEE80211_M_HOSTAP:
2102 case IEEE80211_M_MBSS:
2103 sc->ap_running |= bid;
2104 ic->ic_opmode = vap->iv_opmode;
2105 run_update_beacon_cb(vap);
2107 case IEEE80211_M_IBSS:
2108 sc->adhoc_running |= bid;
2109 if (!sc->ap_running)
2110 ic->ic_opmode = vap->iv_opmode;
2111 run_update_beacon_cb(vap);
2113 case IEEE80211_M_STA:
2114 sc->sta_running |= bid;
2115 if (!sc->ap_running && !sc->adhoc_running)
2116 ic->ic_opmode = vap->iv_opmode;
2118 /* read statistic counters (clear on read) */
2119 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2120 (uint8_t *)sta, sizeof sta);
2124 ic->ic_opmode = vap->iv_opmode;
2128 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2129 struct ieee80211_node *ni;
2131 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2136 run_updateslot(ic->ic_ifp);
2138 run_set_txpreamble(sc);
2139 run_set_basicrates(sc);
2140 ni = ieee80211_ref_node(vap->iv_bss);
2141 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2142 run_set_bssid(sc, ni->ni_bssid);
2143 ieee80211_free_node(ni);
2144 run_enable_tsf_sync(sc);
2146 /* enable automatic rate adaptation */
2147 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2148 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2152 /* turn link LED on */
2153 run_set_leds(sc, RT2860_LED_RADIO |
2154 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2155 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2159 DPRINTFN(6, "undefined case\n");
2163 /* restart amrr for running VAPs */
2164 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2165 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2170 return(rvp->newstate(vap, nstate, arg));
2175 run_wme_update_cb(void *arg)
2177 struct ieee80211com *ic = arg;
2178 struct run_softc *sc = ic->ic_ifp->if_softc;
2179 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2182 RUN_LOCK_ASSERT(sc, MA_OWNED);
2184 /* update MAC TX configuration registers */
2185 for (aci = 0; aci < WME_NUM_AC; aci++) {
2186 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2187 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2188 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2189 wmesp->wme_params[aci].wmep_aifsn << 8 |
2190 wmesp->wme_params[aci].wmep_txopLimit);
2191 if (error) goto err;
2194 /* update SCH/DMA registers too */
2195 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2196 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2197 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2198 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2199 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2200 if (error) goto err;
2201 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2202 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2203 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2204 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2205 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2206 if (error) goto err;
2207 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2208 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2209 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2210 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2211 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2212 if (error) goto err;
2213 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2214 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2215 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2216 if (error) goto err;
2217 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2218 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2219 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2223 DPRINTF("WME update failed\n");
2229 run_wme_update(struct ieee80211com *ic)
2231 struct run_softc *sc = ic->ic_ifp->if_softc;
2233 /* sometime called wothout lock */
2234 if (mtx_owned(&ic->ic_comlock.mtx)) {
2235 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2236 DPRINTF("cmdq_store=%d\n", i);
2237 sc->cmdq[i].func = run_wme_update_cb;
2238 sc->cmdq[i].arg0 = ic;
2239 ieee80211_runtask(ic, &sc->cmdq_task);
2244 run_wme_update_cb(ic);
2247 /* return whatever, upper layer desn't care anyway */
2252 run_key_update_begin(struct ieee80211vap *vap)
2255 * To avoid out-of-order events, both run_key_set() and
2256 * _delete() are deferred and handled by run_cmdq_cb().
2257 * So, there is nothing we need to do here.
2262 run_key_update_end(struct ieee80211vap *vap)
2268 run_key_set_cb(void *arg)
2270 struct run_cmdq *cmdq = arg;
2271 struct ieee80211vap *vap = cmdq->arg1;
2272 struct ieee80211_key *k = cmdq->k;
2273 struct ieee80211com *ic = vap->iv_ic;
2274 struct run_softc *sc = ic->ic_ifp->if_softc;
2275 struct ieee80211_node *ni;
2277 uint16_t base, associd;
2278 uint8_t mode, wcid, iv[8];
2280 RUN_LOCK_ASSERT(sc, MA_OWNED);
2282 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2283 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2286 associd = (ni != NULL) ? ni->ni_associd : 0;
2288 /* map net80211 cipher to RT2860 security mode */
2289 switch (k->wk_cipher->ic_cipher) {
2290 case IEEE80211_CIPHER_WEP:
2291 if(k->wk_keylen < 8)
2292 mode = RT2860_MODE_WEP40;
2294 mode = RT2860_MODE_WEP104;
2296 case IEEE80211_CIPHER_TKIP:
2297 mode = RT2860_MODE_TKIP;
2299 case IEEE80211_CIPHER_AES_CCM:
2300 mode = RT2860_MODE_AES_CCMP;
2303 DPRINTF("undefined case\n");
2307 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2308 associd, k->wk_keyix, mode,
2309 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2310 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2311 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2313 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2314 wcid = 0; /* NB: update WCID0 for group keys */
2315 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2317 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2318 1 : RUN_AID2WCID(associd);
2319 base = RT2860_PKEY(wcid);
2322 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2323 if(run_write_region_1(sc, base, k->wk_key, 16))
2325 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2327 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2330 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2331 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2335 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2336 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2337 /* set initial packet number in IV+EIV */
2338 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2339 memset(iv, 0, sizeof iv);
2340 iv[3] = vap->iv_def_txkey << 6;
2342 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2343 iv[0] = k->wk_keytsc >> 8;
2344 iv[1] = (iv[0] | 0x20) & 0x7f;
2345 iv[2] = k->wk_keytsc;
2347 iv[0] = k->wk_keytsc;
2348 iv[1] = k->wk_keytsc >> 8;
2351 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2352 iv[4] = k->wk_keytsc >> 16;
2353 iv[5] = k->wk_keytsc >> 24;
2354 iv[6] = k->wk_keytsc >> 32;
2355 iv[7] = k->wk_keytsc >> 40;
2357 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2361 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2362 /* install group key */
2363 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2365 attr &= ~(0xf << (k->wk_keyix * 4));
2366 attr |= mode << (k->wk_keyix * 4);
2367 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2370 /* install pairwise key */
2371 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2373 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2374 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2378 /* TODO create a pass-thru key entry? */
2380 /* need wcid to delete the right key later */
2385 * Don't have to be deferred, but in order to keep order of
2386 * execution, i.e. with run_key_delete(), defer this and let
2387 * run_cmdq_cb() maintain the order.
2392 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2393 const uint8_t mac[IEEE80211_ADDR_LEN])
2395 struct ieee80211com *ic = vap->iv_ic;
2396 struct run_softc *sc = ic->ic_ifp->if_softc;
2399 i = RUN_CMDQ_GET(&sc->cmdq_store);
2400 DPRINTF("cmdq_store=%d\n", i);
2401 sc->cmdq[i].func = run_key_set_cb;
2402 sc->cmdq[i].arg0 = NULL;
2403 sc->cmdq[i].arg1 = vap;
2405 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2406 ieee80211_runtask(ic, &sc->cmdq_task);
2409 * To make sure key will be set when hostapd
2410 * calls iv_key_set() before if_init().
2412 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2414 sc->cmdq_key_set = RUN_CMDQ_GO;
2422 * If wlan is destroyed without being brought down i.e. without
2423 * wlan down or wpa_cli terminate, this function is called after
2424 * vap is gone. Don't refer it.
2427 run_key_delete_cb(void *arg)
2429 struct run_cmdq *cmdq = arg;
2430 struct run_softc *sc = cmdq->arg1;
2431 struct ieee80211_key *k = &cmdq->key;
2435 RUN_LOCK_ASSERT(sc, MA_OWNED);
2437 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2438 /* remove group key */
2439 DPRINTF("removing group key\n");
2440 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2441 attr &= ~(0xf << (k->wk_keyix * 4));
2442 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2444 /* remove pairwise key */
2445 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2446 /* matching wcid was written to wk_pad in run_key_set() */
2448 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2450 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2451 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2461 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2463 struct ieee80211com *ic = vap->iv_ic;
2464 struct run_softc *sc = ic->ic_ifp->if_softc;
2465 struct ieee80211_key *k0;
2469 * When called back, key might be gone. So, make a copy
2470 * of some values need to delete keys before deferring.
2471 * But, because of LOR with node lock, cannot use lock here.
2472 * So, use atomic instead.
2474 i = RUN_CMDQ_GET(&sc->cmdq_store);
2475 DPRINTF("cmdq_store=%d\n", i);
2476 sc->cmdq[i].func = run_key_delete_cb;
2477 sc->cmdq[i].arg0 = NULL;
2478 sc->cmdq[i].arg1 = sc;
2479 k0 = &sc->cmdq[i].key;
2480 k0->wk_flags = k->wk_flags;
2481 k0->wk_keyix = k->wk_keyix;
2482 /* matching wcid was written to wk_pad in run_key_set() */
2483 k0->wk_pad = k->wk_pad;
2484 ieee80211_runtask(ic, &sc->cmdq_task);
2485 return (1); /* return fake success */
2490 run_ratectl_to(void *arg)
2492 struct run_softc *sc = arg;
2494 /* do it in a process context, so it can go sleep */
2495 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2496 /* next timeout will be rescheduled in the callback task */
2501 run_ratectl_cb(void *arg, int pending)
2503 struct run_softc *sc = arg;
2504 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2505 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2510 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2512 * run_reset_livelock() doesn't do anything with AMRR,
2513 * but Ralink wants us to call it every 1 sec. So, we
2514 * piggyback here rather than creating another callout.
2515 * Livelock may occur only in HOSTAP or IBSS mode
2516 * (when h/w is sending beacons).
2519 run_reset_livelock(sc);
2520 /* just in case, there are some stats to drain */
2525 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2528 if(sc->ratectl_run != RUN_RATECTL_OFF)
2529 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2534 run_drain_fifo(void *arg)
2536 struct run_softc *sc = arg;
2537 struct ifnet *ifp = sc->sc_ifp;
2539 uint16_t (*wstat)[3];
2540 uint8_t wcid, mcs, pid;
2543 RUN_LOCK_ASSERT(sc, MA_OWNED);
2546 /* drain Tx status FIFO (maxsize = 16) */
2547 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2548 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2549 if (!(stat & RT2860_TXQ_VLD))
2552 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2554 /* if no ACK was requested, no feedback is available */
2555 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2560 * Even though each stat is Tx-complete-status like format,
2561 * the device can poll stats. Because there is no guarantee
2562 * that the referring node is still around when read the stats.
2563 * So that, if we use ieee80211_ratectl_tx_update(), we will
2564 * have hard time not to refer already freed node.
2566 * To eliminate such page faults, we poll stats in softc.
2567 * Then, update the rates later with ieee80211_ratectl_tx_update().
2569 wstat = &(sc->wcid_stats[wcid]);
2570 (*wstat)[RUN_TXCNT]++;
2571 if (stat & RT2860_TXQ_OK)
2572 (*wstat)[RUN_SUCCESS]++;
2576 * Check if there were retries, ie if the Tx success rate is
2577 * different from the requested rate. Note that it works only
2578 * because we do not allow rate fallback from OFDM to CCK.
2580 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2581 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2582 if ((retry = pid -1 - mcs) > 0) {
2583 (*wstat)[RUN_TXCNT] += retry;
2584 (*wstat)[RUN_RETRY] += retry;
2587 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2593 run_iter_func(void *arg, struct ieee80211_node *ni)
2595 struct run_softc *sc = arg;
2596 struct ieee80211vap *vap = ni->ni_vap;
2597 struct ieee80211com *ic = ni->ni_ic;
2598 struct ifnet *ifp = ic->ic_ifp;
2599 struct run_node *rn = (void *)ni;
2600 union run_stats sta[2];
2601 uint16_t (*wstat)[3];
2602 int txcnt, success, retrycnt, error;
2606 /* Check for special case */
2607 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2611 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2612 vap->iv_opmode == IEEE80211_M_STA)) {
2613 /* read statistic counters (clear on read) and update AMRR state */
2614 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2619 /* count failed TX as errors */
2620 ifp->if_oerrors += le16toh(sta[0].error.fail);
2622 retrycnt = le16toh(sta[1].tx.retry);
2623 success = le16toh(sta[1].tx.success);
2624 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2626 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2627 retrycnt, success, le16toh(sta[0].error.fail));
2629 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2631 if (wstat == &(sc->wcid_stats[0]) ||
2632 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2635 txcnt = (*wstat)[RUN_TXCNT];
2636 success = (*wstat)[RUN_SUCCESS];
2637 retrycnt = (*wstat)[RUN_RETRY];
2638 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2639 retrycnt, txcnt, success);
2641 memset(wstat, 0, sizeof(*wstat));
2644 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2645 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2650 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2654 run_newassoc_cb(void *arg)
2656 struct run_cmdq *cmdq = arg;
2657 struct ieee80211_node *ni = cmdq->arg1;
2658 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2659 uint8_t wcid = cmdq->wcid;
2661 RUN_LOCK_ASSERT(sc, MA_OWNED);
2663 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2664 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2666 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2670 run_newassoc(struct ieee80211_node *ni, int isnew)
2672 struct run_node *rn = (void *)ni;
2673 struct ieee80211_rateset *rs = &ni->ni_rates;
2674 struct ieee80211vap *vap = ni->ni_vap;
2675 struct ieee80211com *ic = vap->iv_ic;
2676 struct run_softc *sc = ic->ic_ifp->if_softc;
2682 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2683 1 : RUN_AID2WCID(ni->ni_associd);
2685 if (wcid > RT2870_WCID_MAX) {
2686 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2690 /* only interested in true associations */
2691 if (isnew && ni->ni_associd != 0) {
2694 * This function could is called though timeout function.
2697 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2698 DPRINTF("cmdq_store=%d\n", cnt);
2699 sc->cmdq[cnt].func = run_newassoc_cb;
2700 sc->cmdq[cnt].arg0 = NULL;
2701 sc->cmdq[cnt].arg1 = ni;
2702 sc->cmdq[cnt].wcid = wcid;
2703 ieee80211_runtask(ic, &sc->cmdq_task);
2706 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2707 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2709 for (i = 0; i < rs->rs_nrates; i++) {
2710 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2711 /* convert 802.11 rate to hardware rate index */
2712 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2713 if (rt2860_rates[ridx].rate == rate)
2716 /* determine rate of control response frames */
2717 for (j = i; j >= 0; j--) {
2718 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2719 rt2860_rates[rn->ridx[i]].phy ==
2720 rt2860_rates[rn->ridx[j]].phy)
2724 rn->ctl_ridx[i] = rn->ridx[j];
2726 /* no basic rate found, use mandatory one */
2727 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2729 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2730 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2732 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2733 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2734 if (rt2860_rates[ridx].rate == rate)
2736 rn->mgt_ridx = ridx;
2737 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2740 if(sc->ratectl_run != RUN_RATECTL_OFF)
2741 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2746 * Return the Rx chain with the highest RSSI for a given frame.
2748 static __inline uint8_t
2749 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2751 uint8_t rxchain = 0;
2753 if (sc->nrxchains > 1) {
2754 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2756 if (sc->nrxchains > 2)
2757 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2764 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2766 struct ifnet *ifp = sc->sc_ifp;
2767 struct ieee80211com *ic = ifp->if_l2com;
2768 struct ieee80211_frame *wh;
2769 struct ieee80211_node *ni;
2770 struct rt2870_rxd *rxd;
2771 struct rt2860_rxwi *rxwi;
2773 uint16_t len, rxwisize;
2777 rxwi = mtod(m, struct rt2860_rxwi *);
2778 len = le16toh(rxwi->len) & 0xfff;
2779 rxwisize = sizeof(struct rt2860_rxwi);
2780 if (sc->mac_ver == 0x5592)
2781 rxwisize += sizeof(uint64_t);
2782 else if (sc->mac_ver == 0x3593)
2783 rxwisize += sizeof(uint32_t);
2784 if (__predict_false(len > dmalen)) {
2787 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2790 /* Rx descriptor is located at the end */
2791 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2792 flags = le32toh(rxd->flags);
2794 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2797 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2801 m->m_data += rxwisize;
2802 m->m_pkthdr.len = m->m_len -= rxwisize;
2804 wh = mtod(m, struct ieee80211_frame *);
2806 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2807 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2808 m->m_flags |= M_WEP;
2811 if (flags & RT2860_RX_L2PAD) {
2812 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2816 ni = ieee80211_find_rxnode(ic,
2817 mtod(m, struct ieee80211_frame_min *));
2819 if (__predict_false(flags & RT2860_RX_MICERR)) {
2820 /* report MIC failures to net80211 for TKIP */
2822 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2826 DPRINTF("MIC error. Someone is lying.\n");
2830 ant = run_maxrssi_chain(sc, rxwi);
2831 rssi = rxwi->rssi[ant];
2832 nf = run_rssi2dbm(sc, rssi, ant);
2834 m->m_pkthdr.rcvif = ifp;
2835 m->m_pkthdr.len = m->m_len = len;
2838 (void)ieee80211_input(ni, m, rssi, nf);
2839 ieee80211_free_node(ni);
2841 (void)ieee80211_input_all(ic, m, rssi, nf);
2844 if (__predict_false(ieee80211_radiotap_active(ic))) {
2845 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2849 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2850 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2851 tap->wr_antsignal = rssi;
2852 tap->wr_antenna = ant;
2853 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2854 tap->wr_rate = 2; /* in case it can't be found below */
2855 phy = le16toh(rxwi->phy);
2856 switch (phy & RT2860_PHY_MODE) {
2857 case RT2860_PHY_CCK:
2858 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2859 case 0: tap->wr_rate = 2; break;
2860 case 1: tap->wr_rate = 4; break;
2861 case 2: tap->wr_rate = 11; break;
2862 case 3: tap->wr_rate = 22; break;
2864 if (phy & RT2860_PHY_SHPRE)
2865 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2867 case RT2860_PHY_OFDM:
2868 switch (phy & RT2860_PHY_MCS) {
2869 case 0: tap->wr_rate = 12; break;
2870 case 1: tap->wr_rate = 18; break;
2871 case 2: tap->wr_rate = 24; break;
2872 case 3: tap->wr_rate = 36; break;
2873 case 4: tap->wr_rate = 48; break;
2874 case 5: tap->wr_rate = 72; break;
2875 case 6: tap->wr_rate = 96; break;
2876 case 7: tap->wr_rate = 108; break;
2884 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2886 struct run_softc *sc = usbd_xfer_softc(xfer);
2887 struct ifnet *ifp = sc->sc_ifp;
2888 struct mbuf *m = NULL;
2894 rxwisize = sizeof(struct rt2860_rxwi);
2895 if (sc->mac_ver == 0x5592)
2896 rxwisize += sizeof(uint64_t);
2897 else if (sc->mac_ver == 0x3593)
2898 rxwisize += sizeof(uint32_t);
2900 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2902 switch (USB_GET_STATE(xfer)) {
2903 case USB_ST_TRANSFERRED:
2905 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2907 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2908 sizeof(struct rt2870_rxd))) {
2909 DPRINTF("xfer too short %d\n", xferlen);
2919 if (sc->rx_m == NULL) {
2920 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2921 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2923 if (sc->rx_m == NULL) {
2924 DPRINTF("could not allocate mbuf - idle with stall\n");
2926 usbd_xfer_set_stall(xfer);
2927 usbd_xfer_set_frames(xfer, 0);
2930 * Directly loading a mbuf cluster into DMA to
2931 * save some data copying. This works because
2932 * there is only one cluster.
2934 usbd_xfer_set_frame_data(xfer, 0,
2935 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2936 usbd_xfer_set_frames(xfer, 1);
2938 usbd_transfer_submit(xfer);
2941 default: /* Error */
2942 if (error != USB_ERR_CANCELLED) {
2943 /* try to clear stall first */
2944 usbd_xfer_set_stall(xfer);
2946 if (error == USB_ERR_TIMEOUT)
2947 device_printf(sc->sc_dev, "device timeout\n");
2953 if (sc->rx_m != NULL) {
2963 /* inputting all the frames must be last */
2967 m->m_pkthdr.len = m->m_len = xferlen;
2969 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2971 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2973 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2974 ((dmalen & 3) != 0)) {
2975 DPRINTF("bad DMA length %u\n", dmalen);
2978 if ((dmalen + 8) > (uint32_t)xferlen) {
2979 DPRINTF("bad DMA length %u > %d\n",
2980 dmalen + 8, xferlen);
2984 /* If it is the last one or a single frame, we won't copy. */
2985 if ((xferlen -= dmalen + 8) <= 8) {
2986 /* trim 32-bit DMA-len header */
2988 m->m_pkthdr.len = m->m_len -= 4;
2989 run_rx_frame(sc, m, dmalen);
2990 m = NULL; /* don't free source buffer */
2994 /* copy aggregated frames to another mbuf */
2995 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2996 if (__predict_false(m0 == NULL)) {
2997 DPRINTF("could not allocate mbuf\n");
3001 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3002 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3003 m0->m_pkthdr.len = m0->m_len =
3004 dmalen + sizeof(struct rt2870_rxd);
3005 run_rx_frame(sc, m0, dmalen);
3007 /* update data ptr */
3008 m->m_data += dmalen + 8;
3009 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3012 /* make sure we free the source buffer, if any */
3019 run_tx_free(struct run_endpoint_queue *pq,
3020 struct run_tx_data *data, int txerr)
3022 if (data->m != NULL) {
3023 if (data->m->m_flags & M_TXCB)
3024 ieee80211_process_callback(data->ni, data->m,
3025 txerr ? ETIMEDOUT : 0);
3029 if (data->ni == NULL) {
3030 DPRINTF("no node\n");
3032 ieee80211_free_node(data->ni);
3037 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3042 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3044 struct run_softc *sc = usbd_xfer_softc(xfer);
3045 struct ifnet *ifp = sc->sc_ifp;
3046 struct ieee80211com *ic = ifp->if_l2com;
3047 struct run_tx_data *data;
3048 struct ieee80211vap *vap = NULL;
3049 struct usb_page_cache *pc;
3050 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3052 usb_frlength_t size;
3056 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3058 switch (USB_GET_STATE(xfer)) {
3059 case USB_ST_TRANSFERRED:
3060 DPRINTFN(11, "transfer complete: %d "
3061 "bytes @ index %d\n", actlen, index);
3063 data = usbd_xfer_get_priv(xfer);
3065 run_tx_free(pq, data, 0);
3066 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3068 usbd_xfer_set_priv(xfer, NULL);
3075 data = STAILQ_FIRST(&pq->tx_qh);
3079 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3082 size = (sc->mac_ver == 0x5592) ?
3083 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3084 if ((m->m_pkthdr.len +
3085 size + 3 + 8) > RUN_MAX_TXSZ) {
3086 DPRINTF("data overflow, %u bytes\n",
3091 run_tx_free(pq, data, 1);
3096 pc = usbd_xfer_get_frame(xfer, 0);
3097 usbd_copy_in(pc, 0, &data->desc, size);
3098 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3099 size += m->m_pkthdr.len;
3101 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3102 * 4-byte padding), and be sure to zero those trailing
3105 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3106 size += ((-size) & 3) + 8;
3108 vap = data->ni->ni_vap;
3109 if (ieee80211_radiotap_active_vap(vap)) {
3110 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3111 struct rt2860_txwi *txwi =
3112 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3114 tap->wt_rate = rt2860_rates[data->ridx].rate;
3115 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3116 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3117 tap->wt_hwqueue = index;
3118 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3119 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3121 ieee80211_radiotap_tx(vap, m);
3124 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3125 m->m_pkthdr.len, size, index);
3127 usbd_xfer_set_frame_len(xfer, 0, size);
3128 usbd_xfer_set_priv(xfer, data);
3130 usbd_transfer_submit(xfer);
3139 DPRINTF("USB transfer error, %s\n",
3140 usbd_errstr(error));
3142 data = usbd_xfer_get_priv(xfer);
3147 if(data->ni != NULL)
3148 vap = data->ni->ni_vap;
3149 run_tx_free(pq, data, error);
3150 usbd_xfer_set_priv(xfer, NULL);
3153 vap = TAILQ_FIRST(&ic->ic_vaps);
3155 if (error != USB_ERR_CANCELLED) {
3156 if (error == USB_ERR_TIMEOUT) {
3157 device_printf(sc->sc_dev, "device timeout\n");
3158 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3159 DPRINTF("cmdq_store=%d\n", i);
3160 sc->cmdq[i].func = run_usb_timeout_cb;
3161 sc->cmdq[i].arg0 = vap;
3162 ieee80211_runtask(ic, &sc->cmdq_task);
3166 * Try to clear stall first, also if other
3167 * errors occur, hence clearing stall
3168 * introduces a 50 ms delay:
3170 usbd_xfer_set_stall(xfer);
3178 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3180 run_bulk_tx_callbackN(xfer, error, 0);
3184 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3186 run_bulk_tx_callbackN(xfer, error, 1);
3190 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3192 run_bulk_tx_callbackN(xfer, error, 2);
3196 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3198 run_bulk_tx_callbackN(xfer, error, 3);
3202 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3204 run_bulk_tx_callbackN(xfer, error, 4);
3208 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3210 run_bulk_tx_callbackN(xfer, error, 5);
3214 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3216 struct mbuf *m = data->m;
3217 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3218 struct ieee80211vap *vap = data->ni->ni_vap;
3219 struct ieee80211_frame *wh;
3220 struct rt2870_txd *txd;
3221 struct rt2860_txwi *txwi;
3222 uint16_t xferlen, txwisize;
3224 uint8_t ridx = data->ridx;
3227 /* get MCS code from rate index */
3228 mcs = rt2860_rates[ridx].mcs;
3230 txwisize = (sc->mac_ver == 0x5592) ?
3231 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3232 xferlen = txwisize + m->m_pkthdr.len;
3234 /* roundup to 32-bit alignment */
3235 xferlen = (xferlen + 3) & ~3;
3237 txd = (struct rt2870_txd *)&data->desc;
3238 txd->len = htole16(xferlen);
3240 wh = mtod(m, struct ieee80211_frame *);
3243 * Ether both are true or both are false, the header
3244 * are nicely aligned to 32-bit. So, no L2 padding.
3246 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3251 /* setup TX Wireless Information */
3252 txwi = (struct rt2860_txwi *)(txd + 1);
3253 txwi->len = htole16(m->m_pkthdr.len - pad);
3254 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3255 mcs |= RT2860_PHY_CCK;
3256 if (ridx != RT2860_RIDX_CCK1 &&
3257 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3258 mcs |= RT2860_PHY_SHPRE;
3260 mcs |= RT2860_PHY_OFDM;
3261 txwi->phy = htole16(mcs);
3263 /* check if RTS/CTS or CTS-to-self protection is required */
3264 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3265 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3266 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3267 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3268 txwi->txop |= RT2860_TX_TXOP_HT;
3270 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3272 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3273 txwi->xflags |= RT2860_TX_NSEQ;
3276 /* This function must be called locked */
3278 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3280 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3281 struct ieee80211vap *vap = ni->ni_vap;
3282 struct ieee80211_frame *wh;
3283 struct ieee80211_channel *chan;
3284 const struct ieee80211_txparam *tp;
3285 struct run_node *rn = (void *)ni;
3286 struct run_tx_data *data;
3287 struct rt2870_txd *txd;
3288 struct rt2860_txwi *txwi;
3300 RUN_LOCK_ASSERT(sc, MA_OWNED);
3302 wh = mtod(m, struct ieee80211_frame *);
3304 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3307 * There are 7 bulk endpoints: 1 for RX
3308 * and 6 for TX (4 EDCAs + HCCA + Prio).
3309 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3310 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3312 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3315 if(IEEE80211_HAS_ADDR4(wh))
3316 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3318 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3320 qos = le16toh(*(const uint16_t *)frm);
3321 tid = qos & IEEE80211_QOS_TID;
3322 qid = TID_TO_WME_AC(tid);
3328 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3330 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3331 qos, qid, tid, qflags);
3333 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3334 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3336 /* pickup a rate index */
3337 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3338 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3339 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3340 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3341 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3343 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3344 ridx = rn->fix_ridx;
3346 ridx = rn->amrr_ridx;
3347 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3350 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3351 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3352 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3353 xflags |= RT2860_TX_ACK;
3354 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3355 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3357 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3358 USETW(wh->i_dur, dur);
3361 /* reserve slots for mgmt packets, just in case */
3362 if (sc->sc_epq[qid].tx_nfree < 3) {
3363 DPRINTFN(10, "tx ring %d is full\n", qid);
3367 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3368 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3369 sc->sc_epq[qid].tx_nfree--;
3371 txd = (struct rt2870_txd *)&data->desc;
3372 txd->flags = qflags;
3373 txwi = (struct rt2860_txwi *)(txd + 1);
3374 txwi->xflags = xflags;
3375 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3378 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3379 1 : RUN_AID2WCID(ni->ni_associd);
3381 /* clear leftover garbage bits */
3389 run_set_tx_desc(sc, data);
3392 * The chip keeps track of 2 kind of Tx stats,
3393 * * TX_STAT_FIFO, for per WCID stats, and
3394 * * TX_STA_CNT0 for all-TX-in-one stats.
3396 * To use FIFO stats, we need to store MCS into the driver-private
3397 * PacketID field. So that, we can tell whose stats when we read them.
3398 * We add 1 to the MCS because setting the PacketID field to 0 means
3399 * that we don't want feedback in TX_STAT_FIFO.
3400 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3402 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3404 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3405 vap->iv_opmode == IEEE80211_M_MBSS) {
3406 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3407 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3410 * Unlike PCI based devices, we don't get any interrupt from
3411 * USB devices, so we simulate FIFO-is-full interrupt here.
3412 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3413 * quickly get fulled. To prevent overflow, increment a counter on
3414 * every FIFO stat request, so we know how many slots are left.
3415 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3416 * are used only in those modes.
3417 * We just drain stats. AMRR gets updated every 1 sec by
3418 * run_ratectl_cb() via callout.
3419 * Call it early. Otherwise overflow.
3421 if (sc->fifo_cnt++ == 10) {
3423 * With multiple vaps or if_bridge, if_start() is called
3424 * with a non-sleepable lock, tcpinp. So, need to defer.
3426 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3427 DPRINTFN(6, "cmdq_store=%d\n", i);
3428 sc->cmdq[i].func = run_drain_fifo;
3429 sc->cmdq[i].arg0 = sc;
3430 ieee80211_runtask(ic, &sc->cmdq_task);
3434 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3436 usbd_transfer_start(sc->sc_xfer[qid]);
3438 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3439 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3440 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3446 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3448 struct ifnet *ifp = sc->sc_ifp;
3449 struct ieee80211com *ic = ifp->if_l2com;
3450 struct run_node *rn = (void *)ni;
3451 struct run_tx_data *data;
3452 struct ieee80211_frame *wh;
3453 struct rt2870_txd *txd;
3454 struct rt2860_txwi *txwi;
3456 uint8_t ridx = rn->mgt_ridx;
3461 RUN_LOCK_ASSERT(sc, MA_OWNED);
3463 wh = mtod(m, struct ieee80211_frame *);
3465 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3467 /* tell hardware to add timestamp for probe responses */
3469 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3470 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3471 wflags |= RT2860_TX_TS;
3472 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3473 xflags |= RT2860_TX_ACK;
3475 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3476 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3477 USETW(wh->i_dur, dur);
3480 if (sc->sc_epq[0].tx_nfree == 0) {
3481 /* let caller free mbuf */
3482 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3485 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3486 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3487 sc->sc_epq[0].tx_nfree--;
3489 txd = (struct rt2870_txd *)&data->desc;
3490 txd->flags = RT2860_TX_QSEL_EDCA;
3491 txwi = (struct rt2860_txwi *)(txd + 1);
3493 txwi->flags = wflags;
3494 txwi->xflags = xflags;
3495 txwi->txop = 0; /* clear leftover garbage bits */
3501 run_set_tx_desc(sc, data);
3503 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3504 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3505 rt2860_rates[ridx].rate);
3507 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3509 usbd_transfer_start(sc->sc_xfer[0]);
3515 run_sendprot(struct run_softc *sc,
3516 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3518 struct ieee80211com *ic = ni->ni_ic;
3519 struct ieee80211_frame *wh;
3520 struct run_tx_data *data;
3521 struct rt2870_txd *txd;
3522 struct rt2860_txwi *txwi;
3534 RUN_LOCK_ASSERT(sc, MA_OWNED);
3536 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3537 ("protection %d", prot));
3539 wh = mtod(m, struct ieee80211_frame *);
3540 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3541 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3543 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3544 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3546 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3547 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3548 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3549 wflags = RT2860_TX_FRAG;
3551 /* check that there are free slots before allocating the mbuf */
3552 if (sc->sc_epq[0].tx_nfree == 0) {
3553 /* let caller free mbuf */
3554 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3558 if (prot == IEEE80211_PROT_RTSCTS) {
3559 /* NB: CTS is the same size as an ACK */
3560 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3561 xflags |= RT2860_TX_ACK;
3562 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3564 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3566 if (mprot == NULL) {
3567 sc->sc_ifp->if_oerrors++;
3568 DPRINTF("could not allocate mbuf\n");
3572 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3573 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3574 sc->sc_epq[0].tx_nfree--;
3576 txd = (struct rt2870_txd *)&data->desc;
3577 txd->flags = RT2860_TX_QSEL_EDCA;
3578 txwi = (struct rt2860_txwi *)(txd + 1);
3580 txwi->flags = wflags;
3581 txwi->xflags = xflags;
3582 txwi->txop = 0; /* clear leftover garbage bits */
3585 data->ni = ieee80211_ref_node(ni);
3587 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3588 if (rt2860_rates[ridx].rate == protrate)
3592 run_set_tx_desc(sc, data);
3594 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3595 m->m_pkthdr.len, rate);
3597 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3599 usbd_transfer_start(sc->sc_xfer[0]);
3605 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3606 const struct ieee80211_bpf_params *params)
3608 struct ieee80211com *ic = ni->ni_ic;
3609 struct ieee80211_frame *wh;
3610 struct run_tx_data *data;
3611 struct rt2870_txd *txd;
3612 struct rt2860_txwi *txwi;
3616 uint8_t opflags = 0;
3620 RUN_LOCK_ASSERT(sc, MA_OWNED);
3622 KASSERT(params != NULL, ("no raw xmit params"));
3624 wh = mtod(m, struct ieee80211_frame *);
3625 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3627 rate = params->ibp_rate0;
3628 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3629 /* let caller free mbuf */
3633 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3634 xflags |= RT2860_TX_ACK;
3635 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3636 error = run_sendprot(sc, m, ni,
3637 params->ibp_flags & IEEE80211_BPF_RTS ?
3638 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3641 /* let caller free mbuf */
3644 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3647 if (sc->sc_epq[0].tx_nfree == 0) {
3648 /* let caller free mbuf */
3649 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3650 DPRINTF("sending raw frame, but tx ring is full\n");
3653 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3654 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3655 sc->sc_epq[0].tx_nfree--;
3657 txd = (struct rt2870_txd *)&data->desc;
3658 txd->flags = RT2860_TX_QSEL_EDCA;
3659 txwi = (struct rt2860_txwi *)(txd + 1);
3661 txwi->xflags = xflags;
3662 txwi->txop = opflags;
3663 txwi->flags = 0; /* clear leftover garbage bits */
3667 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3668 if (rt2860_rates[ridx].rate == rate)
3672 run_set_tx_desc(sc, data);
3674 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3675 m->m_pkthdr.len, rate);
3677 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3679 usbd_transfer_start(sc->sc_xfer[0]);
3685 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3686 const struct ieee80211_bpf_params *params)
3688 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3689 struct run_softc *sc = ifp->if_softc;
3694 /* prevent management frames from being sent if we're not ready */
3695 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3700 if (params == NULL) {
3702 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3704 DPRINTF("mgt tx failed\n");
3708 /* tx raw packet with param */
3709 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3711 DPRINTF("tx with param failed\n");
3724 ieee80211_free_node(ni);
3731 run_start(struct ifnet *ifp)
3733 struct run_softc *sc = ifp->if_softc;
3734 struct ieee80211_node *ni;
3739 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3745 /* send data frames */
3746 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3750 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3751 if (run_tx(sc, m, ni) != 0) {
3752 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3753 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3762 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3764 struct run_softc *sc = ifp->if_softc;
3765 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3766 struct ifreq *ifr = (struct ifreq *) data;
3771 error = sc->sc_detached ? ENXIO : 0;
3779 if (ifp->if_flags & IFF_UP) {
3780 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3782 run_init_locked(sc);
3784 run_update_promisc_locked(ifp);
3786 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3787 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3793 ieee80211_start_all(ic);
3796 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3799 error = ether_ioctl(ifp, cmd, data);
3810 run_iq_calib(struct run_softc *sc, u_int chan)
3815 run_bbp_write(sc, 158, 0x2c);
3817 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3818 else if (chan <= 64) {
3820 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3822 } else if (chan <= 138) {
3824 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3826 } else if (chan <= 165) {
3828 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3832 run_bbp_write(sc, 159, val);
3835 run_bbp_write(sc, 158, 0x2d);
3837 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3839 } else if (chan <= 64) {
3841 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3843 } else if (chan <= 138) {
3845 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3847 } else if (chan <= 165) {
3849 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3853 run_bbp_write(sc, 159, val);
3856 run_bbp_write(sc, 158, 0x4a);
3858 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3860 } else if (chan <= 64) {
3862 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3864 } else if (chan <= 138) {
3866 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3868 } else if (chan <= 165) {
3870 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3874 run_bbp_write(sc, 159, val);
3877 run_bbp_write(sc, 158, 0x4b);
3879 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3881 } else if (chan <= 64) {
3883 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3885 } else if (chan <= 138) {
3887 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3889 } else if (chan <= 165) {
3891 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3895 run_bbp_write(sc, 159, val);
3897 /* RF IQ compensation control. */
3898 run_bbp_write(sc, 158, 0x04);
3899 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3901 run_bbp_write(sc, 159, val);
3903 /* RF IQ imbalance compensation control. */
3904 run_bbp_write(sc, 158, 0x03);
3906 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3907 run_bbp_write(sc, 159, val);
3911 run_set_agc(struct run_softc *sc, uint8_t agc)
3915 if (sc->mac_ver == 0x3572) {
3916 run_bbp_read(sc, 27, &bbp);
3918 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3919 run_bbp_write(sc, 66, agc);
3920 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3921 run_bbp_write(sc, 66, agc);
3923 run_bbp_write(sc, 66, agc);
3927 run_select_chan_group(struct run_softc *sc, int group)
3932 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3933 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3934 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3935 if (sc->mac_ver < 0x3572)
3936 run_bbp_write(sc, 86, 0x00);
3938 if (sc->mac_ver == 0x3593) {
3939 run_bbp_write(sc, 77, 0x98);
3940 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3944 if (sc->ext_2ghz_lna) {
3945 if (sc->mac_ver >= 0x5390)
3946 run_bbp_write(sc, 75, 0x52);
3948 run_bbp_write(sc, 82, 0x62);
3949 run_bbp_write(sc, 75, 0x46);
3952 if (sc->mac_ver == 0x5592) {
3953 run_bbp_write(sc, 79, 0x1c);
3954 run_bbp_write(sc, 80, 0x0e);
3955 run_bbp_write(sc, 81, 0x3a);
3956 run_bbp_write(sc, 82, 0x62);
3958 run_bbp_write(sc, 195, 0x80);
3959 run_bbp_write(sc, 196, 0xe0);
3960 run_bbp_write(sc, 195, 0x81);
3961 run_bbp_write(sc, 196, 0x1f);
3962 run_bbp_write(sc, 195, 0x82);
3963 run_bbp_write(sc, 196, 0x38);
3964 run_bbp_write(sc, 195, 0x83);
3965 run_bbp_write(sc, 196, 0x32);
3966 run_bbp_write(sc, 195, 0x85);
3967 run_bbp_write(sc, 196, 0x28);
3968 run_bbp_write(sc, 195, 0x86);
3969 run_bbp_write(sc, 196, 0x19);
3970 } else if (sc->mac_ver >= 0x5390)
3971 run_bbp_write(sc, 75, 0x50);
3973 run_bbp_write(sc, 82,
3974 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3975 run_bbp_write(sc, 75, 0x50);
3979 if (sc->mac_ver == 0x5592) {
3980 run_bbp_write(sc, 79, 0x18);
3981 run_bbp_write(sc, 80, 0x08);
3982 run_bbp_write(sc, 81, 0x38);
3983 run_bbp_write(sc, 82, 0x92);
3985 run_bbp_write(sc, 195, 0x80);
3986 run_bbp_write(sc, 196, 0xf0);
3987 run_bbp_write(sc, 195, 0x81);
3988 run_bbp_write(sc, 196, 0x1e);
3989 run_bbp_write(sc, 195, 0x82);
3990 run_bbp_write(sc, 196, 0x28);
3991 run_bbp_write(sc, 195, 0x83);
3992 run_bbp_write(sc, 196, 0x20);
3993 run_bbp_write(sc, 195, 0x85);
3994 run_bbp_write(sc, 196, 0x7f);
3995 run_bbp_write(sc, 195, 0x86);
3996 run_bbp_write(sc, 196, 0x7f);
3997 } else if (sc->mac_ver == 0x3572)
3998 run_bbp_write(sc, 82, 0x94);
4000 run_bbp_write(sc, 82,
4001 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4002 if (sc->ext_5ghz_lna)
4003 run_bbp_write(sc, 75, 0x46);
4005 run_bbp_write(sc, 75, 0x50);
4008 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4009 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4010 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4011 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4013 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4014 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4015 if (sc->mac_ver == 0x3593)
4016 tmp |= 1 << 29 | 1 << 28;
4017 if (sc->nrxchains > 1)
4018 tmp |= RT2860_LNA_PE1_EN;
4019 if (group == 0) { /* 2GHz */
4020 tmp |= RT2860_PA_PE_G0_EN;
4021 if (sc->ntxchains > 1)
4022 tmp |= RT2860_PA_PE_G1_EN;
4023 if (sc->mac_ver == 0x3593) {
4024 if (sc->ntxchains > 2)
4028 tmp |= RT2860_PA_PE_A0_EN;
4029 if (sc->ntxchains > 1)
4030 tmp |= RT2860_PA_PE_A1_EN;
4032 if (sc->mac_ver == 0x3572) {
4033 run_rt3070_rf_write(sc, 8, 0x00);
4034 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4035 run_rt3070_rf_write(sc, 8, 0x80);
4037 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4039 if (sc->mac_ver == 0x5592) {
4040 run_bbp_write(sc, 195, 0x8d);
4041 run_bbp_write(sc, 196, 0x1a);
4044 if (sc->mac_ver == 0x3593) {
4045 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4049 tmp = (tmp & ~0x00009090) | 0x00000090;
4050 run_write(sc, RT2860_GPIO_CTRL, tmp);
4053 /* set initial AGC value */
4054 if (group == 0) { /* 2GHz band */
4055 if (sc->mac_ver >= 0x3070)
4056 agc = 0x1c + sc->lna[0] * 2;
4058 agc = 0x2e + sc->lna[0];
4059 } else { /* 5GHz band */
4060 if (sc->mac_ver == 0x5592)
4061 agc = 0x24 + sc->lna[group] * 2;
4062 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4063 agc = 0x22 + (sc->lna[group] * 5) / 3;
4065 agc = 0x32 + (sc->lna[group] * 5) / 3;
4067 run_set_agc(sc, agc);
4071 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4073 const struct rfprog *rfprog = rt2860_rf2850;
4074 uint32_t r2, r3, r4;
4075 int8_t txpow1, txpow2;
4078 /* find the settings for this channel (we know it exists) */
4079 for (i = 0; rfprog[i].chan != chan; i++);
4082 if (sc->ntxchains == 1)
4083 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4084 if (sc->nrxchains == 1)
4085 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4086 else if (sc->nrxchains == 2)
4087 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4089 /* use Tx power values from EEPROM */
4090 txpow1 = sc->txpow1[i];
4091 txpow2 = sc->txpow2[i];
4093 /* Initialize RF R3 and R4. */
4094 r3 = rfprog[i].r3 & 0xffffc1ff;
4095 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4098 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4099 r3 |= (txpow1 << 10) | (1 << 9);
4103 /* txpow1 is not possible larger than 15. */
4104 r3 |= (txpow1 << 10);
4107 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4108 r4 |= (txpow2 << 7) | (1 << 6);
4111 r4 |= (txpow2 << 7);
4114 /* Set Tx0 power. */
4115 r3 |= (txpow1 << 9);
4117 /* Set frequency offset and Tx1 power. */
4118 r4 |= (txpow2 << 6);
4121 run_rt2870_rf_write(sc, rfprog[i].r1);
4122 run_rt2870_rf_write(sc, r2);
4123 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4124 run_rt2870_rf_write(sc, r4);
4128 run_rt2870_rf_write(sc, rfprog[i].r1);
4129 run_rt2870_rf_write(sc, r2);
4130 run_rt2870_rf_write(sc, r3 | (1 << 2));
4131 run_rt2870_rf_write(sc, r4);
4135 run_rt2870_rf_write(sc, rfprog[i].r1);
4136 run_rt2870_rf_write(sc, r2);
4137 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4138 run_rt2870_rf_write(sc, r4);
4142 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4144 int8_t txpow1, txpow2;
4148 /* find the settings for this channel (we know it exists) */
4149 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4151 /* use Tx power values from EEPROM */
4152 txpow1 = sc->txpow1[i];
4153 txpow2 = sc->txpow2[i];
4155 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4157 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4158 run_rt3070_rf_read(sc, 3, &rf);
4159 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4160 run_rt3070_rf_write(sc, 3, rf);
4162 run_rt3070_rf_read(sc, 6, &rf);
4163 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4164 run_rt3070_rf_write(sc, 6, rf);
4167 run_rt3070_rf_read(sc, 12, &rf);
4168 rf = (rf & ~0x1f) | txpow1;
4169 run_rt3070_rf_write(sc, 12, rf);
4172 run_rt3070_rf_read(sc, 13, &rf);
4173 rf = (rf & ~0x1f) | txpow2;
4174 run_rt3070_rf_write(sc, 13, rf);
4176 run_rt3070_rf_read(sc, 1, &rf);
4178 if (sc->ntxchains == 1)
4179 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4180 else if (sc->ntxchains == 2)
4181 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4182 if (sc->nrxchains == 1)
4183 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4184 else if (sc->nrxchains == 2)
4185 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4186 run_rt3070_rf_write(sc, 1, rf);
4189 run_rt3070_rf_read(sc, 23, &rf);
4190 rf = (rf & ~0x7f) | sc->freq;
4191 run_rt3070_rf_write(sc, 23, rf);
4193 /* program RF filter */
4194 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4195 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4196 run_rt3070_rf_write(sc, 24, rf);
4197 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4198 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4199 run_rt3070_rf_write(sc, 31, rf);
4201 /* enable RF tuning */
4202 run_rt3070_rf_read(sc, 7, &rf);
4203 run_rt3070_rf_write(sc, 7, rf | 0x01);
4207 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4209 int8_t txpow1, txpow2;
4214 /* find the settings for this channel (we know it exists) */
4215 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4217 /* use Tx power values from EEPROM */
4218 txpow1 = sc->txpow1[i];
4219 txpow2 = sc->txpow2[i];
4222 run_bbp_write(sc, 25, sc->bbp25);
4223 run_bbp_write(sc, 26, sc->bbp26);
4225 /* enable IQ phase correction */
4226 run_bbp_write(sc, 25, 0x09);
4227 run_bbp_write(sc, 26, 0xff);
4230 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4231 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4232 run_rt3070_rf_read(sc, 6, &rf);
4233 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4234 rf |= (chan <= 14) ? 0x08 : 0x04;
4235 run_rt3070_rf_write(sc, 6, rf);
4238 run_rt3070_rf_read(sc, 5, &rf);
4239 rf &= ~(0x08 | 0x04);
4240 rf |= (chan <= 14) ? 0x04 : 0x08;
4241 run_rt3070_rf_write(sc, 5, rf);
4243 /* set Tx power for chain 0 */
4247 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4248 run_rt3070_rf_write(sc, 12, rf);
4250 /* set Tx power for chain 1 */
4254 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4255 run_rt3070_rf_write(sc, 13, rf);
4257 /* set Tx/Rx streams */
4258 run_rt3070_rf_read(sc, 1, &rf);
4260 if (sc->ntxchains == 1)
4261 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4262 else if (sc->ntxchains == 2)
4263 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4264 if (sc->nrxchains == 1)
4265 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4266 else if (sc->nrxchains == 2)
4267 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4268 run_rt3070_rf_write(sc, 1, rf);
4271 run_rt3070_rf_read(sc, 23, &rf);
4272 rf = (rf & ~0x7f) | sc->freq;
4273 run_rt3070_rf_write(sc, 23, rf);
4275 /* program RF filter */
4276 rf = sc->rf24_20mhz;
4277 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4278 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4280 /* enable RF tuning */
4281 run_rt3070_rf_read(sc, 7, &rf);
4282 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4283 run_rt3070_rf_write(sc, 7, rf);
4286 rf = (chan <= 14) ? 0xc3 : 0xc0;
4287 run_rt3070_rf_write(sc, 9, rf);
4289 /* set loop filter 1 */
4290 run_rt3070_rf_write(sc, 10, 0xf1);
4291 /* set loop filter 2 */
4292 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4295 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4298 rf = 0x48 | sc->txmixgain_2ghz;
4300 rf = 0x78 | sc->txmixgain_5ghz;
4301 run_rt3070_rf_write(sc, 16, rf);
4304 run_rt3070_rf_write(sc, 17, 0x23);
4308 else if (chan <= 64)
4310 else if (chan <= 128)
4314 run_rt3070_rf_write(sc, 19, rf);
4319 else if (chan <= 64)
4321 else if (chan <= 128)
4325 run_rt3070_rf_write(sc, 20, rf);
4330 else if (chan <= 64)
4334 run_rt3070_rf_write(sc, 25, rf);
4337 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4339 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4341 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4343 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4347 run_write(sc, RT2860_GPIO_CTRL, tmp);
4349 /* enable RF tuning */
4350 run_rt3070_rf_read(sc, 7, &rf);
4351 run_rt3070_rf_write(sc, 7, rf | 0x01);
4357 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4359 int8_t txpow1, txpow2, txpow3;
4363 /* find the settings for this channel (we know it exists) */
4364 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4366 /* use Tx power values from EEPROM */
4367 txpow1 = sc->txpow1[i];
4368 txpow2 = sc->txpow2[i];
4369 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4372 run_bbp_write(sc, 25, sc->bbp25);
4373 run_bbp_write(sc, 26, sc->bbp26);
4375 /* Enable IQ phase correction. */
4376 run_bbp_write(sc, 25, 0x09);
4377 run_bbp_write(sc, 26, 0xff);
4380 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4381 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4382 run_rt3070_rf_read(sc, 11, &rf);
4383 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4384 run_rt3070_rf_write(sc, 11, rf);
4387 run_rt3070_rf_read(sc, 11, &rf);
4389 rf |= (chan <= 14) ? 0x44 : 0x48;
4390 run_rt3070_rf_write(sc, 11, rf);
4395 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4396 run_rt3070_rf_write(sc, 53, rf);
4401 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4402 run_rt3070_rf_write(sc, 55, rf);
4407 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4408 run_rt3070_rf_write(sc, 54, rf);
4410 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4411 if (sc->ntxchains == 3)
4412 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4414 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4415 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4416 run_rt3070_rf_write(sc, 1, rf);
4418 run_adjust_freq_offset(sc);
4420 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4422 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4423 run_rt3070_rf_read(sc, 30, &rf);
4424 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4425 run_rt3070_rf_write(sc, 30, rf);
4427 run_rt3070_rf_read(sc, 36, &rf);
4432 run_rt3070_rf_write(sc, 36, rf);
4435 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4436 /* Set pfd_delay. */
4437 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4439 /* Set vco bias current control. */
4440 run_rt3070_rf_read(sc, 6, &rf);
4444 else if (chan <= 128)
4448 run_rt3070_rf_write(sc, 6, rf);
4450 run_rt3070_rf_read(sc, 30, &rf);
4451 rf = (rf & ~0x18) | 0x10;
4452 run_rt3070_rf_write(sc, 30, rf);
4454 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4455 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4457 run_rt3070_rf_read(sc, 51, &rf);
4458 rf = (rf & ~0x03) | 0x01;
4459 run_rt3070_rf_write(sc, 51, rf);
4460 /* Set tx_mx1_cc. */
4461 run_rt3070_rf_read(sc, 51, &rf);
4463 rf |= (chan <= 14) ? 0x14 : 0x10;
4464 run_rt3070_rf_write(sc, 51, rf);
4465 /* Set tx_mx1_ic. */
4466 run_rt3070_rf_read(sc, 51, &rf);
4468 rf |= (chan <= 14) ? 0x60 : 0x40;
4469 run_rt3070_rf_write(sc, 51, rf);
4470 /* Set tx_lo1_ic. */
4471 run_rt3070_rf_read(sc, 49, &rf);
4473 rf |= (chan <= 14) ? 0x0c : 0x08;
4474 run_rt3070_rf_write(sc, 49, rf);
4475 /* Set tx_lo1_en. */
4476 run_rt3070_rf_read(sc, 50, &rf);
4477 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4479 run_rt3070_rf_read(sc, 57, &rf);
4481 rf |= (chan <= 14) ? 0x6c : 0x3c;
4482 run_rt3070_rf_write(sc, 57, rf);
4483 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4484 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4485 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4486 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4487 /* Enable VCO calibration. */
4488 run_rt3070_rf_read(sc, 3, &rf);
4489 rf &= ~RT5390_VCOCAL;
4490 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4491 run_rt3070_rf_write(sc, 3, rf);
4495 else if (chan <= 64)
4497 else if (chan <= 128)
4501 run_rt3070_rf_write(sc, 39, rf);
4504 else if (chan <= 64)
4506 else if (chan <= 128)
4510 run_rt3070_rf_write(sc, 45, rf);
4512 /* Set FEQ/AEQ control. */
4513 run_bbp_write(sc, 105, 0x34);
4517 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4519 int8_t txpow1, txpow2;
4523 /* find the settings for this channel (we know it exists) */
4524 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4526 /* use Tx power values from EEPROM */
4527 txpow1 = sc->txpow1[i];
4528 txpow2 = sc->txpow2[i];
4530 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4531 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4532 run_rt3070_rf_read(sc, 11, &rf);
4533 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4534 run_rt3070_rf_write(sc, 11, rf);
4536 run_rt3070_rf_read(sc, 49, &rf);
4537 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4538 /* The valid range of the RF R49 is 0x00 to 0x27. */
4539 if ((rf & 0x3f) > 0x27)
4540 rf = (rf & ~0x3f) | 0x27;
4541 run_rt3070_rf_write(sc, 49, rf);
4543 if (sc->mac_ver == 0x5392) {
4544 run_rt3070_rf_read(sc, 50, &rf);
4545 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4546 /* The valid range of the RF R50 is 0x00 to 0x27. */
4547 if ((rf & 0x3f) > 0x27)
4548 rf = (rf & ~0x3f) | 0x27;
4549 run_rt3070_rf_write(sc, 50, rf);
4552 run_rt3070_rf_read(sc, 1, &rf);
4553 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4554 if (sc->mac_ver == 0x5392)
4555 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4556 run_rt3070_rf_write(sc, 1, rf);
4558 if (sc->mac_ver != 0x5392) {
4559 run_rt3070_rf_read(sc, 2, &rf);
4561 run_rt3070_rf_write(sc, 2, rf);
4564 run_rt3070_rf_write(sc, 2, rf);
4567 run_adjust_freq_offset(sc);
4569 if (sc->mac_ver == 0x5392) {
4570 /* Fix for RT5392C. */
4571 if (sc->mac_rev >= 0x0223) {
4574 else if (chan >= 5 && chan <= 7)
4578 run_rt3070_rf_write(sc, 23, rf);
4584 else if (chan >= 6 && chan <= 7)
4586 else if (chan >= 8 && chan <= 10)
4590 run_rt3070_rf_write(sc, 59, rf);
4596 run_rt3070_rf_write(sc, 59, rf);
4599 /* Fix for RT5390F. */
4600 if (sc->mac_rev >= 0x0502) {
4605 run_rt3070_rf_write(sc, 55, rf);
4609 else if (chan == 12)
4613 run_rt3070_rf_write(sc, 59, rf);
4615 run_rt3070_rf_write(sc, 55, 0x44);
4616 run_rt3070_rf_write(sc, 59, 0x8f);
4620 /* Enable VCO calibration. */
4621 run_rt3070_rf_read(sc, 3, &rf);
4622 rf |= RT5390_VCOCAL;
4623 run_rt3070_rf_write(sc, 3, rf);
4627 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4629 const struct rt5592_freqs *freqs;
4631 uint8_t reg, rf, txpow_bound;
4632 int8_t txpow1, txpow2;
4635 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4636 freqs = (tmp & RT5592_SEL_XTAL) ?
4637 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4639 /* find the settings for this channel (we know it exists) */
4640 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4642 /* use Tx power values from EEPROM */
4643 txpow1 = sc->txpow1[i];
4644 txpow2 = sc->txpow2[i];
4646 run_read(sc, RT3070_LDO_CFG0, &tmp);
4650 run_write(sc, RT3070_LDO_CFG0, tmp);
4653 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4654 run_rt3070_rf_read(sc, 9, &rf);
4656 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4657 run_rt3070_rf_write(sc, 9, rf);
4660 run_rt3070_rf_read(sc, 9, &rf);
4662 rf |= (freqs->k & 0x0f);
4663 run_rt3070_rf_write(sc, 9, rf);
4666 run_rt3070_rf_read(sc, 11, &rf);
4668 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4669 run_rt3070_rf_write(sc, 11, rf);
4670 run_rt3070_rf_read(sc, 9, &rf);
4672 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4673 run_rt3070_rf_write(sc, 9, rf);
4676 run_rt3070_rf_read(sc, 11, &rf);
4678 rf |= (freqs->r - 0x1);
4679 run_rt3070_rf_write(sc, 11, rf);
4682 /* Initialize RF registers for 2GHZ. */
4683 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4684 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4685 rt5592_2ghz_def_rf[i].val);
4688 rf = (chan <= 10) ? 0x07 : 0x06;
4689 run_rt3070_rf_write(sc, 23, rf);
4690 run_rt3070_rf_write(sc, 59, rf);
4692 run_rt3070_rf_write(sc, 55, 0x43);
4695 * RF R49/R50 Tx power ALC code.
4696 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4701 /* Initialize RF registers for 5GHZ. */
4702 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4703 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4704 rt5592_5ghz_def_rf[i].val);
4706 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4707 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4708 chan <= rt5592_chan_5ghz[i].lastchan) {
4709 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4710 rt5592_chan_5ghz[i].val);
4715 * RF R49/R50 Tx power ALC code.
4716 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4722 /* RF R49 ch0 Tx power ALC code. */
4723 run_rt3070_rf_read(sc, 49, &rf);
4726 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4727 if ((rf & 0x3f) > txpow_bound)
4728 rf = (rf & ~0x3f) | txpow_bound;
4729 run_rt3070_rf_write(sc, 49, rf);
4731 /* RF R50 ch1 Tx power ALC code. */
4732 run_rt3070_rf_read(sc, 50, &rf);
4733 rf &= ~(1 << 7 | 1 << 6);
4735 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4736 if ((rf & 0x3f) > txpow_bound)
4737 rf = (rf & ~0x3f) | txpow_bound;
4738 run_rt3070_rf_write(sc, 50, rf);
4740 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4741 run_rt3070_rf_read(sc, 1, &rf);
4742 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4743 if (sc->ntxchains > 1)
4744 rf |= RT3070_TX1_PD;
4745 if (sc->nrxchains > 1)
4746 rf |= RT3070_RX1_PD;
4747 run_rt3070_rf_write(sc, 1, rf);
4749 run_rt3070_rf_write(sc, 6, 0xe4);
4751 run_rt3070_rf_write(sc, 30, 0x10);
4752 run_rt3070_rf_write(sc, 31, 0x80);
4753 run_rt3070_rf_write(sc, 32, 0x80);
4755 run_adjust_freq_offset(sc);
4757 /* Enable VCO calibration. */
4758 run_rt3070_rf_read(sc, 3, &rf);
4759 rf |= RT5390_VCOCAL;
4760 run_rt3070_rf_write(sc, 3, rf);
4764 run_set_rx_antenna(struct run_softc *sc, int aux)
4770 if (sc->rf_rev == RT5390_RF_5370) {
4771 run_bbp_read(sc, 152, &bbp152);
4772 run_bbp_write(sc, 152, bbp152 & ~0x80);
4774 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4775 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4776 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4779 if (sc->rf_rev == RT5390_RF_5370) {
4780 run_bbp_read(sc, 152, &bbp152);
4781 run_bbp_write(sc, 152, bbp152 | 0x80);
4783 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4784 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4785 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4791 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4793 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4796 chan = ieee80211_chan2ieee(ic, c);
4797 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4800 if (sc->mac_ver == 0x5592)
4801 run_rt5592_set_chan(sc, chan);
4802 else if (sc->mac_ver >= 0x5390)
4803 run_rt5390_set_chan(sc, chan);
4804 else if (sc->mac_ver == 0x3593)
4805 run_rt3593_set_chan(sc, chan);
4806 else if (sc->mac_ver == 0x3572)
4807 run_rt3572_set_chan(sc, chan);
4808 else if (sc->mac_ver >= 0x3070)
4809 run_rt3070_set_chan(sc, chan);
4811 run_rt2870_set_chan(sc, chan);
4813 /* determine channel group */
4816 else if (chan <= 64)
4818 else if (chan <= 128)
4823 /* XXX necessary only when group has changed! */
4824 run_select_chan_group(sc, group);
4828 /* Perform IQ calibration. */
4829 if (sc->mac_ver >= 0x5392)
4830 run_iq_calib(sc, chan);
4836 run_set_channel(struct ieee80211com *ic)
4838 struct run_softc *sc = ic->ic_ifp->if_softc;
4841 run_set_chan(sc, ic->ic_curchan);
4848 run_scan_start(struct ieee80211com *ic)
4850 struct run_softc *sc = ic->ic_ifp->if_softc;
4855 /* abort TSF synchronization */
4856 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4857 run_write(sc, RT2860_BCN_TIME_CFG,
4858 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4859 RT2860_TBTT_TIMER_EN));
4860 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4868 run_scan_end(struct ieee80211com *ic)
4870 struct run_softc *sc = ic->ic_ifp->if_softc;
4874 run_enable_tsf_sync(sc);
4875 /* XXX keep local copy */
4876 run_set_bssid(sc, sc->sc_bssid);
4884 * Could be called from ieee80211_node_timeout()
4885 * (non-sleepable thread)
4888 run_update_beacon(struct ieee80211vap *vap, int item)
4890 struct ieee80211com *ic = vap->iv_ic;
4891 struct run_softc *sc = ic->ic_ifp->if_softc;
4892 struct run_vap *rvp = RUN_VAP(vap);
4896 KASSERT(vap != NULL, ("no beacon"));
4899 case IEEE80211_BEACON_ERP:
4900 run_updateslot(ic->ic_ifp);
4902 case IEEE80211_BEACON_HTINFO:
4905 case IEEE80211_BEACON_TIM:
4912 setbit(rvp->bo.bo_flags, item);
4913 if (rvp->beacon_mbuf == NULL) {
4914 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4916 if (rvp->beacon_mbuf == NULL)
4919 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4921 i = RUN_CMDQ_GET(&sc->cmdq_store);
4922 DPRINTF("cmdq_store=%d\n", i);
4923 sc->cmdq[i].func = run_update_beacon_cb;
4924 sc->cmdq[i].arg0 = vap;
4925 ieee80211_runtask(ic, &sc->cmdq_task);
4931 run_update_beacon_cb(void *arg)
4933 struct ieee80211vap *vap = arg;
4934 struct run_vap *rvp = RUN_VAP(vap);
4935 struct ieee80211com *ic = vap->iv_ic;
4936 struct run_softc *sc = ic->ic_ifp->if_softc;
4937 struct rt2860_txwi txwi;
4942 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4944 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4948 * No need to call ieee80211_beacon_update(), run_update_beacon()
4949 * is taking care of apropriate calls.
4951 if (rvp->beacon_mbuf == NULL) {
4952 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4954 if (rvp->beacon_mbuf == NULL)
4957 m = rvp->beacon_mbuf;
4959 memset(&txwi, 0, sizeof(txwi));
4961 txwi.len = htole16(m->m_pkthdr.len);
4963 /* send beacons at the lowest available rate */
4964 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4965 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4966 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4967 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4968 txwi.phy |= htole16(RT2860_PHY_OFDM);
4969 txwi.txop = RT2860_TX_TXOP_HT;
4970 txwi.flags = RT2860_TX_TS;
4971 txwi.xflags = RT2860_TX_NSEQ;
4973 txwisize = (sc->mac_ver == 0x5592) ?
4974 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4975 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4977 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4978 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4982 run_updateprot(struct ieee80211com *ic)
4984 struct run_softc *sc = ic->ic_ifp->if_softc;
4987 i = RUN_CMDQ_GET(&sc->cmdq_store);
4988 DPRINTF("cmdq_store=%d\n", i);
4989 sc->cmdq[i].func = run_updateprot_cb;
4990 sc->cmdq[i].arg0 = ic;
4991 ieee80211_runtask(ic, &sc->cmdq_task);
4995 run_updateprot_cb(void *arg)
4997 struct ieee80211com *ic = arg;
4998 struct run_softc *sc = ic->ic_ifp->if_softc;
5001 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5002 /* setup protection frame rate (MCS code) */
5003 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5004 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5005 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5007 /* CCK frames don't require protection */
5008 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5009 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5010 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5011 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5012 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5013 tmp |= RT2860_PROT_CTRL_CTS;
5015 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5019 run_usb_timeout_cb(void *arg)
5021 struct ieee80211vap *vap = arg;
5022 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5024 RUN_LOCK_ASSERT(sc, MA_OWNED);
5026 if(vap->iv_state == IEEE80211_S_RUN &&
5027 vap->iv_opmode != IEEE80211_M_STA)
5028 run_reset_livelock(sc);
5029 else if (vap->iv_state == IEEE80211_S_SCAN) {
5030 DPRINTF("timeout caused by scan\n");
5032 ieee80211_cancel_scan(vap);
5034 DPRINTF("timeout by unknown cause\n");
5038 run_reset_livelock(struct run_softc *sc)
5042 RUN_LOCK_ASSERT(sc, MA_OWNED);
5045 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5046 * can run into a livelock and start sending CTS-to-self frames like
5047 * crazy if protection is enabled. Reset MAC/BBP for a while
5049 run_read(sc, RT2860_DEBUG, &tmp);
5050 DPRINTFN(3, "debug reg %08x\n", tmp);
5051 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5052 DPRINTF("CTS-to-self livelock detected\n");
5053 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5055 run_write(sc, RT2860_MAC_SYS_CTRL,
5056 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5061 run_update_promisc_locked(struct ifnet *ifp)
5063 struct run_softc *sc = ifp->if_softc;
5066 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5068 tmp |= RT2860_DROP_UC_NOME;
5069 if (ifp->if_flags & IFF_PROMISC)
5070 tmp &= ~RT2860_DROP_UC_NOME;
5072 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5074 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5075 "entering" : "leaving");
5079 run_update_promisc(struct ifnet *ifp)
5081 struct run_softc *sc = ifp->if_softc;
5083 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5087 run_update_promisc_locked(ifp);
5092 run_enable_tsf_sync(struct run_softc *sc)
5094 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5095 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5098 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5101 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5103 tmp |= vap->iv_bss->ni_intval * 16;
5104 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5106 if (ic->ic_opmode == IEEE80211_M_STA) {
5108 * Local TSF is always updated with remote TSF on beacon
5111 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5112 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5113 tmp |= RT2860_BCN_TX_EN;
5115 * Local TSF is updated with remote TSF on beacon reception
5116 * only if the remote TSF is greater than local TSF.
5118 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5119 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5120 ic->ic_opmode == IEEE80211_M_MBSS) {
5121 tmp |= RT2860_BCN_TX_EN;
5122 /* SYNC with nobody */
5123 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5125 DPRINTF("Enabling TSF failed. undefined opmode\n");
5129 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5133 run_enable_mrr(struct run_softc *sc)
5135 #define CCK(mcs) (mcs)
5136 #define OFDM(mcs) (1 << 3 | (mcs))
5137 run_write(sc, RT2860_LG_FBK_CFG0,
5138 OFDM(6) << 28 | /* 54->48 */
5139 OFDM(5) << 24 | /* 48->36 */
5140 OFDM(4) << 20 | /* 36->24 */
5141 OFDM(3) << 16 | /* 24->18 */
5142 OFDM(2) << 12 | /* 18->12 */
5143 OFDM(1) << 8 | /* 12-> 9 */
5144 OFDM(0) << 4 | /* 9-> 6 */
5145 OFDM(0)); /* 6-> 6 */
5147 run_write(sc, RT2860_LG_FBK_CFG1,
5148 CCK(2) << 12 | /* 11->5.5 */
5149 CCK(1) << 8 | /* 5.5-> 2 */
5150 CCK(0) << 4 | /* 2-> 1 */
5151 CCK(0)); /* 1-> 1 */
5157 run_set_txpreamble(struct run_softc *sc)
5159 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5162 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5163 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5164 tmp |= RT2860_CCK_SHORT_EN;
5166 tmp &= ~RT2860_CCK_SHORT_EN;
5167 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5171 run_set_basicrates(struct run_softc *sc)
5173 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5175 /* set basic rates mask */
5176 if (ic->ic_curmode == IEEE80211_MODE_11B)
5177 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5178 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5179 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5181 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5185 run_set_leds(struct run_softc *sc, uint16_t which)
5187 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5188 which | (sc->leds & 0x7f));
5192 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5194 run_write(sc, RT2860_MAC_BSSID_DW0,
5195 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5196 run_write(sc, RT2860_MAC_BSSID_DW1,
5197 bssid[4] | bssid[5] << 8);
5201 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5203 run_write(sc, RT2860_MAC_ADDR_DW0,
5204 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5205 run_write(sc, RT2860_MAC_ADDR_DW1,
5206 addr[4] | addr[5] << 8 | 0xff << 16);
5210 run_updateslot(struct ifnet *ifp)
5212 struct run_softc *sc = ifp->if_softc;
5213 struct ieee80211com *ic = ifp->if_l2com;
5216 i = RUN_CMDQ_GET(&sc->cmdq_store);
5217 DPRINTF("cmdq_store=%d\n", i);
5218 sc->cmdq[i].func = run_updateslot_cb;
5219 sc->cmdq[i].arg0 = ifp;
5220 ieee80211_runtask(ic, &sc->cmdq_task);
5227 run_updateslot_cb(void *arg)
5229 struct ifnet *ifp = arg;
5230 struct run_softc *sc = ifp->if_softc;
5231 struct ieee80211com *ic = ifp->if_l2com;
5234 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5236 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5237 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5241 run_update_mcast(struct ifnet *ifp)
5243 /* h/w filter supports getting everything or nothing */
5244 ifp->if_flags |= IFF_ALLMULTI;
5248 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5250 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5251 struct ieee80211_channel *c = ic->ic_curchan;
5254 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5255 u_int chan = ieee80211_chan2ieee(ic, c);
5256 delta = sc->rssi_5ghz[rxchain];
5258 /* determine channel group */
5260 delta -= sc->lna[1];
5261 else if (chan <= 128)
5262 delta -= sc->lna[2];
5264 delta -= sc->lna[3];
5266 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5268 return (-12 - delta - rssi);
5272 run_rt5390_bbp_init(struct run_softc *sc)
5277 /* Apply maximum likelihood detection for 2 stream case. */
5278 run_bbp_read(sc, 105, &bbp);
5279 if (sc->nrxchains > 1)
5280 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5282 /* Avoid data lost and CRC error. */
5283 run_bbp_read(sc, 4, &bbp);
5284 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5286 if (sc->mac_ver == 0x5592) {
5287 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5288 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5289 rt5592_def_bbp[i].val);
5291 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5292 run_bbp_write(sc, 195, i + 0x80);
5293 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5296 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5297 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5298 rt5390_def_bbp[i].val);
5301 if (sc->mac_ver == 0x5392) {
5302 run_bbp_write(sc, 88, 0x90);
5303 run_bbp_write(sc, 95, 0x9a);
5304 run_bbp_write(sc, 98, 0x12);
5305 run_bbp_write(sc, 106, 0x12);
5306 run_bbp_write(sc, 134, 0xd0);
5307 run_bbp_write(sc, 135, 0xf6);
5308 run_bbp_write(sc, 148, 0x84);
5311 run_bbp_read(sc, 152, &bbp);
5312 run_bbp_write(sc, 152, bbp | 0x80);
5314 /* Fix BBP254 for RT5592C. */
5315 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5316 run_bbp_read(sc, 254, &bbp);
5317 run_bbp_write(sc, 254, bbp | 0x80);
5320 /* Disable hardware antenna diversity. */
5321 if (sc->mac_ver == 0x5390)
5322 run_bbp_write(sc, 154, 0);
5324 /* Initialize Rx CCK/OFDM frequency offset report. */
5325 run_bbp_write(sc, 142, 1);
5326 run_bbp_write(sc, 143, 57);
5330 run_bbp_init(struct run_softc *sc)
5332 int i, error, ntries;
5335 /* wait for BBP to wake up */
5336 for (ntries = 0; ntries < 20; ntries++) {
5337 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5339 if (bbp0 != 0 && bbp0 != 0xff)
5345 /* initialize BBP registers to default values */
5346 if (sc->mac_ver >= 0x5390)
5347 run_rt5390_bbp_init(sc);
5349 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5350 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5351 rt2860_def_bbp[i].val);
5355 if (sc->mac_ver == 0x3593) {
5356 run_bbp_write(sc, 79, 0x13);
5357 run_bbp_write(sc, 80, 0x05);
5358 run_bbp_write(sc, 81, 0x33);
5359 run_bbp_write(sc, 86, 0x46);
5360 run_bbp_write(sc, 137, 0x0f);
5363 /* fix BBP84 for RT2860E */
5364 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5365 run_bbp_write(sc, 84, 0x19);
5367 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5368 sc->mac_ver != 0x5592)) {
5369 run_bbp_write(sc, 79, 0x13);
5370 run_bbp_write(sc, 80, 0x05);
5371 run_bbp_write(sc, 81, 0x33);
5372 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5373 run_bbp_write(sc, 69, 0x16);
5374 run_bbp_write(sc, 73, 0x12);
5380 run_rt3070_rf_init(struct run_softc *sc)
5383 uint8_t bbp4, mingain, rf, target;
5386 run_rt3070_rf_read(sc, 30, &rf);
5387 /* toggle RF R30 bit 7 */
5388 run_rt3070_rf_write(sc, 30, rf | 0x80);
5390 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5392 /* initialize RF registers to default value */
5393 if (sc->mac_ver == 0x3572) {
5394 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5395 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5396 rt3572_def_rf[i].val);
5399 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5400 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5401 rt3070_def_rf[i].val);
5405 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5407 * Change voltage from 1.2V to 1.35V for RT3070.
5408 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5411 run_read(sc, RT3070_LDO_CFG0, &tmp);
5412 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5413 run_write(sc, RT3070_LDO_CFG0, tmp);
5415 } else if (sc->mac_ver == 0x3071) {
5416 run_rt3070_rf_read(sc, 6, &rf);
5417 run_rt3070_rf_write(sc, 6, rf | 0x40);
5418 run_rt3070_rf_write(sc, 31, 0x14);
5420 run_read(sc, RT3070_LDO_CFG0, &tmp);
5422 if (sc->mac_rev < 0x0211)
5423 tmp |= 0x0d000000; /* 1.3V */
5425 tmp |= 0x01000000; /* 1.2V */
5426 run_write(sc, RT3070_LDO_CFG0, tmp);
5428 /* patch LNA_PE_G1 */
5429 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5430 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5432 } else if (sc->mac_ver == 0x3572) {
5433 run_rt3070_rf_read(sc, 6, &rf);
5434 run_rt3070_rf_write(sc, 6, rf | 0x40);
5436 /* increase voltage from 1.2V to 1.35V */
5437 run_read(sc, RT3070_LDO_CFG0, &tmp);
5438 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5439 run_write(sc, RT3070_LDO_CFG0, tmp);
5441 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5442 run_delay(sc, 1); /* wait for 1msec */
5443 /* decrease voltage back to 1.2V */
5444 tmp = (tmp & ~0x1f000000) | 0x01000000;
5445 run_write(sc, RT3070_LDO_CFG0, tmp);
5449 /* select 20MHz bandwidth */
5450 run_rt3070_rf_read(sc, 31, &rf);
5451 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5453 /* calibrate filter for 20MHz bandwidth */
5454 sc->rf24_20mhz = 0x1f; /* default value */
5455 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5456 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5458 /* select 40MHz bandwidth */
5459 run_bbp_read(sc, 4, &bbp4);
5460 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5461 run_rt3070_rf_read(sc, 31, &rf);
5462 run_rt3070_rf_write(sc, 31, rf | 0x20);
5464 /* calibrate filter for 40MHz bandwidth */
5465 sc->rf24_40mhz = 0x2f; /* default value */
5466 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5467 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5469 /* go back to 20MHz bandwidth */
5470 run_bbp_read(sc, 4, &bbp4);
5471 run_bbp_write(sc, 4, bbp4 & ~0x18);
5473 if (sc->mac_ver == 0x3572) {
5474 /* save default BBP registers 25 and 26 values */
5475 run_bbp_read(sc, 25, &sc->bbp25);
5476 run_bbp_read(sc, 26, &sc->bbp26);
5477 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5478 run_rt3070_rf_write(sc, 27, 0x03);
5480 run_read(sc, RT3070_OPT_14, &tmp);
5481 run_write(sc, RT3070_OPT_14, tmp | 1);
5483 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5484 run_rt3070_rf_read(sc, 17, &rf);
5485 rf &= ~RT3070_TX_LO1;
5486 if ((sc->mac_ver == 0x3070 ||
5487 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5489 rf |= 0x20; /* fix for long range Rx issue */
5490 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5491 if (sc->txmixgain_2ghz >= mingain)
5492 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5493 run_rt3070_rf_write(sc, 17, rf);
5496 if (sc->mac_ver == 0x3071) {
5497 run_rt3070_rf_read(sc, 1, &rf);
5498 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5499 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5500 run_rt3070_rf_write(sc, 1, rf);
5502 run_rt3070_rf_read(sc, 15, &rf);
5503 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5505 run_rt3070_rf_read(sc, 20, &rf);
5506 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5508 run_rt3070_rf_read(sc, 21, &rf);
5509 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5512 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5513 /* fix Tx to Rx IQ glitch by raising RF voltage */
5514 run_rt3070_rf_read(sc, 27, &rf);
5516 if (sc->mac_rev < 0x0211)
5518 run_rt3070_rf_write(sc, 27, rf);
5524 run_rt3593_rf_init(struct run_softc *sc)
5530 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5531 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5532 tmp &= ~(1 << 4 | 1 << 7);
5533 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5535 /* Initialize RF registers to default value. */
5536 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5537 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5538 rt3593_def_rf[i].val);
5541 /* Toggle RF R2 to initiate calibration. */
5542 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5544 /* Initialize RF frequency offset. */
5545 run_adjust_freq_offset(sc);
5547 run_rt3070_rf_read(sc, 18, &rf);
5548 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5551 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5552 * decrease voltage back to 1.2V.
5554 run_read(sc, RT3070_LDO_CFG0, &tmp);
5555 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5556 run_write(sc, RT3070_LDO_CFG0, tmp);
5558 tmp = (tmp & ~0x1f000000) | 0x01000000;
5559 run_write(sc, RT3070_LDO_CFG0, tmp);
5561 sc->rf24_20mhz = 0x1f;
5562 sc->rf24_40mhz = 0x2f;
5564 /* Save default BBP registers 25 and 26 values. */
5565 run_bbp_read(sc, 25, &sc->bbp25);
5566 run_bbp_read(sc, 26, &sc->bbp26);
5568 run_read(sc, RT3070_OPT_14, &tmp);
5569 run_write(sc, RT3070_OPT_14, tmp | 1);
5573 run_rt5390_rf_init(struct run_softc *sc)
5579 /* Toggle RF R2 to initiate calibration. */
5580 if (sc->mac_ver == 0x5390) {
5581 run_rt3070_rf_read(sc, 2, &rf);
5582 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5584 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5586 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5590 /* Initialize RF registers to default value. */
5591 if (sc->mac_ver == 0x5592) {
5592 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5593 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5594 rt5592_def_rf[i].val);
5596 /* Initialize RF frequency offset. */
5597 run_adjust_freq_offset(sc);
5598 } else if (sc->mac_ver == 0x5392) {
5599 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5600 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5601 rt5392_def_rf[i].val);
5603 if (sc->mac_rev >= 0x0223) {
5604 run_rt3070_rf_write(sc, 23, 0x0f);
5605 run_rt3070_rf_write(sc, 24, 0x3e);
5606 run_rt3070_rf_write(sc, 51, 0x32);
5607 run_rt3070_rf_write(sc, 53, 0x22);
5608 run_rt3070_rf_write(sc, 56, 0xc1);
5609 run_rt3070_rf_write(sc, 59, 0x0f);
5612 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5613 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5614 rt5390_def_rf[i].val);
5616 if (sc->mac_rev >= 0x0502) {
5617 run_rt3070_rf_write(sc, 6, 0xe0);
5618 run_rt3070_rf_write(sc, 25, 0x80);
5619 run_rt3070_rf_write(sc, 46, 0x73);
5620 run_rt3070_rf_write(sc, 53, 0x00);
5621 run_rt3070_rf_write(sc, 56, 0x42);
5622 run_rt3070_rf_write(sc, 61, 0xd1);
5626 sc->rf24_20mhz = 0x1f; /* default value */
5627 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5629 if (sc->mac_rev < 0x0211)
5630 run_rt3070_rf_write(sc, 27, 0x3);
5632 run_read(sc, RT3070_OPT_14, &tmp);
5633 run_write(sc, RT3070_OPT_14, tmp | 1);
5637 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5641 uint8_t bbp55_pb, bbp55_sb, delta;
5644 /* program filter */
5645 run_rt3070_rf_read(sc, 24, &rf24);
5646 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5647 run_rt3070_rf_write(sc, 24, rf24);
5649 /* enable baseband loopback mode */
5650 run_rt3070_rf_read(sc, 22, &rf22);
5651 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5653 /* set power and frequency of passband test tone */
5654 run_bbp_write(sc, 24, 0x00);
5655 for (ntries = 0; ntries < 100; ntries++) {
5656 /* transmit test tone */
5657 run_bbp_write(sc, 25, 0x90);
5659 /* read received power */
5660 run_bbp_read(sc, 55, &bbp55_pb);
5667 /* set power and frequency of stopband test tone */
5668 run_bbp_write(sc, 24, 0x06);
5669 for (ntries = 0; ntries < 100; ntries++) {
5670 /* transmit test tone */
5671 run_bbp_write(sc, 25, 0x90);
5673 /* read received power */
5674 run_bbp_read(sc, 55, &bbp55_sb);
5676 delta = bbp55_pb - bbp55_sb;
5680 /* reprogram filter */
5682 run_rt3070_rf_write(sc, 24, rf24);
5686 rf24--; /* backtrack */
5688 run_rt3070_rf_write(sc, 24, rf24);
5691 /* restore initial state */
5692 run_bbp_write(sc, 24, 0x00);
5694 /* disable baseband loopback mode */
5695 run_rt3070_rf_read(sc, 22, &rf22);
5696 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5702 run_rt3070_rf_setup(struct run_softc *sc)
5707 if (sc->mac_ver == 0x3572) {
5708 /* enable DC filter */
5709 if (sc->mac_rev >= 0x0201)
5710 run_bbp_write(sc, 103, 0xc0);
5712 run_bbp_read(sc, 138, &bbp);
5713 if (sc->ntxchains == 1)
5714 bbp |= 0x20; /* turn off DAC1 */
5715 if (sc->nrxchains == 1)
5716 bbp &= ~0x02; /* turn off ADC1 */
5717 run_bbp_write(sc, 138, bbp);
5719 if (sc->mac_rev >= 0x0211) {
5720 /* improve power consumption */
5721 run_bbp_read(sc, 31, &bbp);
5722 run_bbp_write(sc, 31, bbp & ~0x03);
5725 run_rt3070_rf_read(sc, 16, &rf);
5726 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5727 run_rt3070_rf_write(sc, 16, rf);
5729 } else if (sc->mac_ver == 0x3071) {
5730 if (sc->mac_rev >= 0x0211) {
5731 /* enable DC filter */
5732 run_bbp_write(sc, 103, 0xc0);
5734 /* improve power consumption */
5735 run_bbp_read(sc, 31, &bbp);
5736 run_bbp_write(sc, 31, bbp & ~0x03);
5739 run_bbp_read(sc, 138, &bbp);
5740 if (sc->ntxchains == 1)
5741 bbp |= 0x20; /* turn off DAC1 */
5742 if (sc->nrxchains == 1)
5743 bbp &= ~0x02; /* turn off ADC1 */
5744 run_bbp_write(sc, 138, bbp);
5746 run_write(sc, RT2860_TX_SW_CFG1, 0);
5747 if (sc->mac_rev < 0x0211) {
5748 run_write(sc, RT2860_TX_SW_CFG2,
5749 sc->patch_dac ? 0x2c : 0x0f);
5751 run_write(sc, RT2860_TX_SW_CFG2, 0);
5753 } else if (sc->mac_ver == 0x3070) {
5754 if (sc->mac_rev >= 0x0201) {
5755 /* enable DC filter */
5756 run_bbp_write(sc, 103, 0xc0);
5758 /* improve power consumption */
5759 run_bbp_read(sc, 31, &bbp);
5760 run_bbp_write(sc, 31, bbp & ~0x03);
5763 if (sc->mac_rev < 0x0201) {
5764 run_write(sc, RT2860_TX_SW_CFG1, 0);
5765 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5767 run_write(sc, RT2860_TX_SW_CFG2, 0);
5770 /* initialize RF registers from ROM for >=RT3071*/
5771 if (sc->mac_ver >= 0x3071) {
5772 for (i = 0; i < 10; i++) {
5773 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5775 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5781 run_rt3593_rf_setup(struct run_softc *sc)
5785 if (sc->mac_rev >= 0x0211) {
5786 /* Enable DC filter. */
5787 run_bbp_write(sc, 103, 0xc0);
5789 run_write(sc, RT2860_TX_SW_CFG1, 0);
5790 if (sc->mac_rev < 0x0211) {
5791 run_write(sc, RT2860_TX_SW_CFG2,
5792 sc->patch_dac ? 0x2c : 0x0f);
5794 run_write(sc, RT2860_TX_SW_CFG2, 0);
5796 run_rt3070_rf_read(sc, 50, &rf);
5797 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5799 run_rt3070_rf_read(sc, 51, &rf);
5800 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5801 ((sc->txmixgain_2ghz & 0x07) << 2);
5802 run_rt3070_rf_write(sc, 51, rf);
5804 run_rt3070_rf_read(sc, 38, &rf);
5805 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5807 run_rt3070_rf_read(sc, 39, &rf);
5808 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5810 run_rt3070_rf_read(sc, 1, &rf);
5811 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5813 run_rt3070_rf_read(sc, 30, &rf);
5814 rf = (rf & ~0x18) | 0x10;
5815 run_rt3070_rf_write(sc, 30, rf);
5817 /* Apply maximum likelihood detection for 2 stream case. */
5818 run_bbp_read(sc, 105, &bbp);
5819 if (sc->nrxchains > 1)
5820 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5822 /* Avoid data lost and CRC error. */
5823 run_bbp_read(sc, 4, &bbp);
5824 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5826 run_bbp_write(sc, 92, 0x02);
5827 run_bbp_write(sc, 82, 0x82);
5828 run_bbp_write(sc, 106, 0x05);
5829 run_bbp_write(sc, 104, 0x92);
5830 run_bbp_write(sc, 88, 0x90);
5831 run_bbp_write(sc, 148, 0xc8);
5832 run_bbp_write(sc, 47, 0x48);
5833 run_bbp_write(sc, 120, 0x50);
5835 run_bbp_write(sc, 163, 0x9d);
5838 run_bbp_write(sc, 142, 0x06);
5839 run_bbp_write(sc, 143, 0xa0);
5840 run_bbp_write(sc, 142, 0x07);
5841 run_bbp_write(sc, 143, 0xa1);
5842 run_bbp_write(sc, 142, 0x08);
5843 run_bbp_write(sc, 143, 0xa2);
5845 run_bbp_write(sc, 31, 0x08);
5846 run_bbp_write(sc, 68, 0x0b);
5847 run_bbp_write(sc, 105, 0x04);
5851 run_rt5390_rf_setup(struct run_softc *sc)
5855 if (sc->mac_rev >= 0x0211) {
5856 /* Enable DC filter. */
5857 run_bbp_write(sc, 103, 0xc0);
5859 if (sc->mac_ver != 0x5592) {
5860 /* Improve power consumption. */
5861 run_bbp_read(sc, 31, &bbp);
5862 run_bbp_write(sc, 31, bbp & ~0x03);
5866 run_bbp_read(sc, 138, &bbp);
5867 if (sc->ntxchains == 1)
5868 bbp |= 0x20; /* turn off DAC1 */
5869 if (sc->nrxchains == 1)
5870 bbp &= ~0x02; /* turn off ADC1 */
5871 run_bbp_write(sc, 138, bbp);
5873 run_rt3070_rf_read(sc, 38, &rf);
5874 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5876 run_rt3070_rf_read(sc, 39, &rf);
5877 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5879 /* Avoid data lost and CRC error. */
5880 run_bbp_read(sc, 4, &bbp);
5881 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5883 run_rt3070_rf_read(sc, 30, &rf);
5884 rf = (rf & ~0x18) | 0x10;
5885 run_rt3070_rf_write(sc, 30, rf);
5887 if (sc->mac_ver != 0x5592) {
5888 run_write(sc, RT2860_TX_SW_CFG1, 0);
5889 if (sc->mac_rev < 0x0211) {
5890 run_write(sc, RT2860_TX_SW_CFG2,
5891 sc->patch_dac ? 0x2c : 0x0f);
5893 run_write(sc, RT2860_TX_SW_CFG2, 0);
5898 run_txrx_enable(struct run_softc *sc)
5900 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5904 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5905 for (ntries = 0; ntries < 200; ntries++) {
5906 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5908 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5917 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5918 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5920 /* enable Rx bulk aggregation (set timeout and limit) */
5921 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5922 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5923 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5926 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5927 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5928 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5929 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5930 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5931 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5932 if (ic->ic_opmode == IEEE80211_M_STA)
5933 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5935 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5937 run_write(sc, RT2860_MAC_SYS_CTRL,
5938 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5944 run_adjust_freq_offset(struct run_softc *sc)
5948 run_rt3070_rf_read(sc, 17, &rf);
5950 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5954 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5958 run_init_locked(struct run_softc *sc)
5960 struct ifnet *ifp = sc->sc_ifp;
5961 struct ieee80211com *ic = ifp->if_l2com;
5968 if (ic->ic_nrunning > 1)
5973 if (run_load_microcode(sc) != 0) {
5974 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5978 for (ntries = 0; ntries < 100; ntries++) {
5979 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5981 if (tmp != 0 && tmp != 0xffffffff)
5988 for (i = 0; i != RUN_EP_QUEUES; i++)
5989 run_setup_tx_list(sc, &sc->sc_epq[i]);
5991 run_set_macaddr(sc, IF_LLADDR(ifp));
5993 for (ntries = 0; ntries < 100; ntries++) {
5994 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
5996 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6000 if (ntries == 100) {
6001 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6005 tmp |= RT2860_TX_WB_DDONE;
6006 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6008 /* turn off PME_OEN to solve high-current issue */
6009 run_read(sc, RT2860_SYS_CTRL, &tmp);
6010 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6012 run_write(sc, RT2860_MAC_SYS_CTRL,
6013 RT2860_BBP_HRST | RT2860_MAC_SRST);
6014 run_write(sc, RT2860_USB_DMA_CFG, 0);
6016 if (run_reset(sc) != 0) {
6017 device_printf(sc->sc_dev, "could not reset chipset\n");
6021 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6023 /* init Tx power for all Tx rates (from EEPROM) */
6024 for (ridx = 0; ridx < 5; ridx++) {
6025 if (sc->txpow20mhz[ridx] == 0xffffffff)
6027 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6030 for (i = 0; i < nitems(rt2870_def_mac); i++)
6031 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6032 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6033 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6034 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6036 if (sc->mac_ver >= 0x5390) {
6037 run_write(sc, RT2860_TX_SW_CFG0,
6038 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6039 if (sc->mac_ver >= 0x5392) {
6040 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6041 if (sc->mac_ver == 0x5592) {
6042 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6043 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6045 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6046 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6049 } else if (sc->mac_ver == 0x3593) {
6050 run_write(sc, RT2860_TX_SW_CFG0,
6051 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6052 } else if (sc->mac_ver >= 0x3070) {
6053 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6054 run_write(sc, RT2860_TX_SW_CFG0,
6055 4 << RT2860_DLY_PAPE_EN_SHIFT);
6058 /* wait while MAC is busy */
6059 for (ntries = 0; ntries < 100; ntries++) {
6060 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6062 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6069 /* clear Host to MCU mailbox */
6070 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6071 run_write(sc, RT2860_H2M_MAILBOX, 0);
6074 if (run_bbp_init(sc) != 0) {
6075 device_printf(sc->sc_dev, "could not initialize BBP\n");
6079 /* abort TSF synchronization */
6080 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6081 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6082 RT2860_TBTT_TIMER_EN);
6083 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6085 /* clear RX WCID search table */
6086 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6087 /* clear WCID attribute table */
6088 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6090 /* hostapd sets a key before init. So, don't clear it. */
6091 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6092 /* clear shared key table */
6093 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6094 /* clear shared key mode */
6095 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6098 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6099 tmp = (tmp & ~0xff) | 0x1e;
6100 run_write(sc, RT2860_US_CYC_CNT, tmp);
6102 if (sc->mac_rev != 0x0101)
6103 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6105 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6106 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6108 /* write vendor-specific BBP values (from EEPROM) */
6109 if (sc->mac_ver < 0x3593) {
6110 for (i = 0; i < 10; i++) {
6111 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6113 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6117 /* select Main antenna for 1T1R devices */
6118 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6119 run_set_rx_antenna(sc, 0);
6121 /* send LEDs operating mode to microcontroller */
6122 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6123 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6124 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6126 if (sc->mac_ver >= 0x5390)
6127 run_rt5390_rf_init(sc);
6128 else if (sc->mac_ver == 0x3593)
6129 run_rt3593_rf_init(sc);
6130 else if (sc->mac_ver >= 0x3070)
6131 run_rt3070_rf_init(sc);
6133 /* disable non-existing Rx chains */
6134 run_bbp_read(sc, 3, &bbp3);
6135 bbp3 &= ~(1 << 3 | 1 << 4);
6136 if (sc->nrxchains == 2)
6138 else if (sc->nrxchains == 3)
6140 run_bbp_write(sc, 3, bbp3);
6142 /* disable non-existing Tx chains */
6143 run_bbp_read(sc, 1, &bbp1);
6144 if (sc->ntxchains == 1)
6145 bbp1 &= ~(1 << 3 | 1 << 4);
6146 run_bbp_write(sc, 1, bbp1);
6148 if (sc->mac_ver >= 0x5390)
6149 run_rt5390_rf_setup(sc);
6150 else if (sc->mac_ver == 0x3593)
6151 run_rt3593_rf_setup(sc);
6152 else if (sc->mac_ver >= 0x3070)
6153 run_rt3070_rf_setup(sc);
6155 /* select default channel */
6156 run_set_chan(sc, ic->ic_curchan);
6158 /* setup initial protection mode */
6159 run_updateprot_cb(ic);
6161 /* turn radio LED on */
6162 run_set_leds(sc, RT2860_LED_RADIO);
6164 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6165 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6166 sc->cmdq_run = RUN_CMDQ_GO;
6168 for (i = 0; i != RUN_N_XFER; i++)
6169 usbd_xfer_set_stall(sc->sc_xfer[i]);
6171 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6173 if (run_txrx_enable(sc) != 0)
6185 struct run_softc *sc = arg;
6186 struct ifnet *ifp = sc->sc_ifp;
6187 struct ieee80211com *ic = ifp->if_l2com;
6190 run_init_locked(sc);
6193 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6194 ieee80211_start_all(ic);
6200 struct run_softc *sc = (struct run_softc *)arg;
6201 struct ifnet *ifp = sc->sc_ifp;
6206 RUN_LOCK_ASSERT(sc, MA_OWNED);
6208 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6209 run_set_leds(sc, 0); /* turn all LEDs off */
6211 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6213 sc->ratectl_run = RUN_RATECTL_OFF;
6214 sc->cmdq_run = sc->cmdq_key_set;
6218 for(i = 0; i < RUN_N_XFER; i++)
6219 usbd_transfer_drain(sc->sc_xfer[i]);
6223 if (sc->rx_m != NULL) {
6228 /* Disable Tx/Rx DMA. */
6229 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6231 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6232 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6234 for (ntries = 0; ntries < 100; ntries++) {
6235 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6237 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6241 if (ntries == 100) {
6242 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6247 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6248 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6249 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6251 /* wait for pending Tx to complete */
6252 for (ntries = 0; ntries < 100; ntries++) {
6253 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6254 DPRINTF("Cannot read Tx queue count\n");
6257 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6258 DPRINTF("All Tx cleared\n");
6264 DPRINTF("There are still pending Tx\n");
6266 run_write(sc, RT2860_USB_DMA_CFG, 0);
6268 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6269 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6271 for (i = 0; i != RUN_EP_QUEUES; i++)
6272 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6276 run_delay(struct run_softc *sc, u_int ms)
6278 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6279 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6282 static device_method_t run_methods[] = {
6283 /* Device interface */
6284 DEVMETHOD(device_probe, run_match),
6285 DEVMETHOD(device_attach, run_attach),
6286 DEVMETHOD(device_detach, run_detach),
6290 static driver_t run_driver = {
6292 .methods = run_methods,
6293 .size = sizeof(struct run_softc)
6296 static devclass_t run_devclass;
6298 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6299 MODULE_DEPEND(run, wlan, 1, 1, 1);
6300 MODULE_DEPEND(run, usb, 1, 1, 1);
6301 MODULE_DEPEND(run, firmware, 1, 1, 1);
6302 MODULE_VERSION(run, 1);
projects / FreeBSD / stable / 10.git / blob