2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
28 #include <sys/param.h>
29 #include <sys/sockio.h>
30 #include <sys/sysctl.h>
32 #include <sys/mutex.h>
34 #include <sys/kernel.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
40 #include <sys/endian.h>
41 #include <sys/linker.h>
42 #include <sys/firmware.h>
47 #include <net/if_arp.h>
48 #include <net/ethernet.h>
49 #include <net/if_dl.h>
50 #include <net/if_media.h>
51 #include <net/if_types.h>
53 #include <netinet/in.h>
54 #include <netinet/in_systm.h>
55 #include <netinet/in_var.h>
56 #include <netinet/if_ether.h>
57 #include <netinet/ip.h>
59 #include <net80211/ieee80211_var.h>
60 #include <net80211/ieee80211_regdomain.h>
61 #include <net80211/ieee80211_radiotap.h>
62 #include <net80211/ieee80211_ratectl.h>
64 #include <dev/usb/usb.h>
65 #include <dev/usb/usbdi.h>
68 #define USB_DEBUG_VAR run_debug
69 #include <dev/usb/usb_debug.h>
70 #include <dev/usb/usb_msctest.h>
72 #include <dev/usb/wlan/if_runreg.h>
73 #include <dev/usb/wlan/if_runvar.h>
81 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
82 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
86 #define IEEE80211_HAS_ADDR4(wh) \
87 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
90 * Because of LOR in run_key_delete(), use atomic instead.
91 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
93 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
95 static const STRUCT_USB_HOST_ID run_devs[] = {
96 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
97 #define RUN_DEV_EJECT(v,p) \
98 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
100 RUN_DEV(ABOCOM, RT2770),
101 RUN_DEV(ABOCOM, RT2870),
102 RUN_DEV(ABOCOM, RT3070),
103 RUN_DEV(ABOCOM, RT3071),
104 RUN_DEV(ABOCOM, RT3072),
105 RUN_DEV(ABOCOM2, RT2870_1),
106 RUN_DEV(ACCTON, RT2770),
107 RUN_DEV(ACCTON, RT2870_1),
108 RUN_DEV(ACCTON, RT2870_2),
109 RUN_DEV(ACCTON, RT2870_3),
110 RUN_DEV(ACCTON, RT2870_4),
111 RUN_DEV(ACCTON, RT2870_5),
112 RUN_DEV(ACCTON, RT3070),
113 RUN_DEV(ACCTON, RT3070_1),
114 RUN_DEV(ACCTON, RT3070_2),
115 RUN_DEV(ACCTON, RT3070_3),
116 RUN_DEV(ACCTON, RT3070_4),
117 RUN_DEV(ACCTON, RT3070_5),
118 RUN_DEV(AIRTIES, RT3070),
119 RUN_DEV(ALLWIN, RT2070),
120 RUN_DEV(ALLWIN, RT2770),
121 RUN_DEV(ALLWIN, RT2870),
122 RUN_DEV(ALLWIN, RT3070),
123 RUN_DEV(ALLWIN, RT3071),
124 RUN_DEV(ALLWIN, RT3072),
125 RUN_DEV(ALLWIN, RT3572),
126 RUN_DEV(AMIGO, RT2870_1),
127 RUN_DEV(AMIGO, RT2870_2),
128 RUN_DEV(AMIT, CGWLUSB2GNR),
129 RUN_DEV(AMIT, RT2870_1),
130 RUN_DEV(AMIT2, RT2870),
131 RUN_DEV(ASUS, RT2870_1),
132 RUN_DEV(ASUS, RT2870_2),
133 RUN_DEV(ASUS, RT2870_3),
134 RUN_DEV(ASUS, RT2870_4),
135 RUN_DEV(ASUS, RT2870_5),
136 RUN_DEV(ASUS, USBN13),
137 RUN_DEV(ASUS, RT3070_1),
138 RUN_DEV(ASUS, USBN66),
139 RUN_DEV(ASUS, USB_N53),
140 RUN_DEV(ASUS2, USBN11),
141 RUN_DEV(AZUREWAVE, RT2870_1),
142 RUN_DEV(AZUREWAVE, RT2870_2),
143 RUN_DEV(AZUREWAVE, RT3070_1),
144 RUN_DEV(AZUREWAVE, RT3070_2),
145 RUN_DEV(AZUREWAVE, RT3070_3),
146 RUN_DEV(BELKIN, F9L1103),
147 RUN_DEV(BELKIN, F5D8053V3),
148 RUN_DEV(BELKIN, F5D8055),
149 RUN_DEV(BELKIN, F5D8055V2),
150 RUN_DEV(BELKIN, F6D4050V1),
151 RUN_DEV(BELKIN, F6D4050V2),
152 RUN_DEV(BELKIN, RT2870_1),
153 RUN_DEV(BELKIN, RT2870_2),
154 RUN_DEV(CISCOLINKSYS, AE1000),
155 RUN_DEV(CISCOLINKSYS2, RT3070),
156 RUN_DEV(CISCOLINKSYS3, RT3070),
157 RUN_DEV(CONCEPTRONIC2, RT2870_1),
158 RUN_DEV(CONCEPTRONIC2, RT2870_2),
159 RUN_DEV(CONCEPTRONIC2, RT2870_3),
160 RUN_DEV(CONCEPTRONIC2, RT2870_4),
161 RUN_DEV(CONCEPTRONIC2, RT2870_5),
162 RUN_DEV(CONCEPTRONIC2, RT2870_6),
163 RUN_DEV(CONCEPTRONIC2, RT2870_7),
164 RUN_DEV(CONCEPTRONIC2, RT2870_8),
165 RUN_DEV(CONCEPTRONIC2, RT3070_1),
166 RUN_DEV(CONCEPTRONIC2, RT3070_2),
167 RUN_DEV(CONCEPTRONIC2, VIGORN61),
168 RUN_DEV(COREGA, CGWLUSB300GNM),
169 RUN_DEV(COREGA, RT2870_1),
170 RUN_DEV(COREGA, RT2870_2),
171 RUN_DEV(COREGA, RT2870_3),
172 RUN_DEV(COREGA, RT3070),
173 RUN_DEV(CYBERTAN, RT2870),
174 RUN_DEV(DLINK, RT2870),
175 RUN_DEV(DLINK, RT3072),
176 RUN_DEV(DLINK, DWA127),
177 RUN_DEV(DLINK, DWA140B3),
178 RUN_DEV(DLINK, DWA160B2),
179 RUN_DEV(DLINK, DWA140D1),
180 RUN_DEV(DLINK, DWA162),
181 RUN_DEV(DLINK2, DWA130),
182 RUN_DEV(DLINK2, RT2870_1),
183 RUN_DEV(DLINK2, RT2870_2),
184 RUN_DEV(DLINK2, RT3070_1),
185 RUN_DEV(DLINK2, RT3070_2),
186 RUN_DEV(DLINK2, RT3070_3),
187 RUN_DEV(DLINK2, RT3070_4),
188 RUN_DEV(DLINK2, RT3070_5),
189 RUN_DEV(DLINK2, RT3072),
190 RUN_DEV(DLINK2, RT3072_1),
191 RUN_DEV(EDIMAX, EW7717),
192 RUN_DEV(EDIMAX, EW7718),
193 RUN_DEV(EDIMAX, EW7733UND),
194 RUN_DEV(EDIMAX, RT2870_1),
195 RUN_DEV(ENCORE, RT3070_1),
196 RUN_DEV(ENCORE, RT3070_2),
197 RUN_DEV(ENCORE, RT3070_3),
198 RUN_DEV(GIGABYTE, GNWB31N),
199 RUN_DEV(GIGABYTE, GNWB32L),
200 RUN_DEV(GIGABYTE, RT2870_1),
201 RUN_DEV(GIGASET, RT3070_1),
202 RUN_DEV(GIGASET, RT3070_2),
203 RUN_DEV(GUILLEMOT, HWNU300),
204 RUN_DEV(HAWKING, HWUN2),
205 RUN_DEV(HAWKING, RT2870_1),
206 RUN_DEV(HAWKING, RT2870_2),
207 RUN_DEV(HAWKING, RT3070),
208 RUN_DEV(IODATA, RT3072_1),
209 RUN_DEV(IODATA, RT3072_2),
210 RUN_DEV(IODATA, RT3072_3),
211 RUN_DEV(IODATA, RT3072_4),
212 RUN_DEV(LINKSYS4, RT3070),
213 RUN_DEV(LINKSYS4, WUSB100),
214 RUN_DEV(LINKSYS4, WUSB54GCV3),
215 RUN_DEV(LINKSYS4, WUSB600N),
216 RUN_DEV(LINKSYS4, WUSB600NV2),
217 RUN_DEV(LOGITEC, RT2870_1),
218 RUN_DEV(LOGITEC, RT2870_2),
219 RUN_DEV(LOGITEC, RT2870_3),
220 RUN_DEV(LOGITEC, LANW300NU2),
221 RUN_DEV(LOGITEC, LANW150NU2),
222 RUN_DEV(LOGITEC, LANW300NU2S),
223 RUN_DEV(MELCO, WLIUCG300HP),
224 RUN_DEV(MELCO, RT2870_2),
225 RUN_DEV(MELCO, WLIUCAG300N),
226 RUN_DEV(MELCO, WLIUCG300N),
227 RUN_DEV(MELCO, WLIUCG301N),
228 RUN_DEV(MELCO, WLIUCGN),
229 RUN_DEV(MELCO, WLIUCGNM),
230 RUN_DEV(MELCO, WLIUCG300HPV1),
231 RUN_DEV(MELCO, WLIUCGNM2),
232 RUN_DEV(MOTOROLA4, RT2770),
233 RUN_DEV(MOTOROLA4, RT3070),
234 RUN_DEV(MSI, RT3070_1),
235 RUN_DEV(MSI, RT3070_2),
236 RUN_DEV(MSI, RT3070_3),
237 RUN_DEV(MSI, RT3070_4),
238 RUN_DEV(MSI, RT3070_5),
239 RUN_DEV(MSI, RT3070_6),
240 RUN_DEV(MSI, RT3070_7),
241 RUN_DEV(MSI, RT3070_8),
242 RUN_DEV(MSI, RT3070_9),
243 RUN_DEV(MSI, RT3070_10),
244 RUN_DEV(MSI, RT3070_11),
245 RUN_DEV(NETGEAR, WNDA4100),
246 RUN_DEV(OVISLINK, RT3072),
247 RUN_DEV(PARA, RT3070),
248 RUN_DEV(PEGATRON, RT2870),
249 RUN_DEV(PEGATRON, RT3070),
250 RUN_DEV(PEGATRON, RT3070_2),
251 RUN_DEV(PEGATRON, RT3070_3),
252 RUN_DEV(PHILIPS, RT2870),
253 RUN_DEV(PLANEX2, GWUS300MINIS),
254 RUN_DEV(PLANEX2, GWUSMICRON),
255 RUN_DEV(PLANEX2, RT2870),
256 RUN_DEV(PLANEX2, RT3070),
257 RUN_DEV(QCOM, RT2870),
258 RUN_DEV(QUANTA, RT3070),
259 RUN_DEV(RALINK, RT2070),
260 RUN_DEV(RALINK, RT2770),
261 RUN_DEV(RALINK, RT2870),
262 RUN_DEV(RALINK, RT3070),
263 RUN_DEV(RALINK, RT3071),
264 RUN_DEV(RALINK, RT3072),
265 RUN_DEV(RALINK, RT3370),
266 RUN_DEV(RALINK, RT3572),
267 RUN_DEV(RALINK, RT3573),
268 RUN_DEV(RALINK, RT5370),
269 RUN_DEV(RALINK, RT5572),
270 RUN_DEV(RALINK, RT8070),
271 RUN_DEV(SAMSUNG, WIS09ABGN),
272 RUN_DEV(SAMSUNG2, RT2870_1),
273 RUN_DEV(SENAO, RT2870_1),
274 RUN_DEV(SENAO, RT2870_2),
275 RUN_DEV(SENAO, RT2870_3),
276 RUN_DEV(SENAO, RT2870_4),
277 RUN_DEV(SENAO, RT3070),
278 RUN_DEV(SENAO, RT3071),
279 RUN_DEV(SENAO, RT3072_1),
280 RUN_DEV(SENAO, RT3072_2),
281 RUN_DEV(SENAO, RT3072_3),
282 RUN_DEV(SENAO, RT3072_4),
283 RUN_DEV(SENAO, RT3072_5),
284 RUN_DEV(SITECOMEU, RT2770),
285 RUN_DEV(SITECOMEU, RT2870_1),
286 RUN_DEV(SITECOMEU, RT2870_2),
287 RUN_DEV(SITECOMEU, RT2870_3),
288 RUN_DEV(SITECOMEU, RT2870_4),
289 RUN_DEV(SITECOMEU, RT3070),
290 RUN_DEV(SITECOMEU, RT3070_2),
291 RUN_DEV(SITECOMEU, RT3070_3),
292 RUN_DEV(SITECOMEU, RT3070_4),
293 RUN_DEV(SITECOMEU, RT3071),
294 RUN_DEV(SITECOMEU, RT3072_1),
295 RUN_DEV(SITECOMEU, RT3072_2),
296 RUN_DEV(SITECOMEU, RT3072_3),
297 RUN_DEV(SITECOMEU, RT3072_4),
298 RUN_DEV(SITECOMEU, RT3072_5),
299 RUN_DEV(SITECOMEU, RT3072_6),
300 RUN_DEV(SITECOMEU, WL608),
301 RUN_DEV(SPARKLAN, RT2870_1),
302 RUN_DEV(SPARKLAN, RT3070),
303 RUN_DEV(SWEEX2, LW153),
304 RUN_DEV(SWEEX2, LW303),
305 RUN_DEV(SWEEX2, LW313),
306 RUN_DEV(TOSHIBA, RT3070),
307 RUN_DEV(UMEDIA, RT2870_1),
308 RUN_DEV(ZCOM, RT2870_1),
309 RUN_DEV(ZCOM, RT2870_2),
310 RUN_DEV(ZINWELL, RT2870_1),
311 RUN_DEV(ZINWELL, RT2870_2),
312 RUN_DEV(ZINWELL, RT3070),
313 RUN_DEV(ZINWELL, RT3072_1),
314 RUN_DEV(ZINWELL, RT3072_2),
315 RUN_DEV(ZYXEL, RT2870_1),
316 RUN_DEV(ZYXEL, RT2870_2),
317 RUN_DEV(ZYXEL, RT3070),
318 RUN_DEV_EJECT(ZYXEL, NWD2705),
319 RUN_DEV_EJECT(RALINK, RT_STOR),
324 static device_probe_t run_match;
325 static device_attach_t run_attach;
326 static device_detach_t run_detach;
328 static usb_callback_t run_bulk_rx_callback;
329 static usb_callback_t run_bulk_tx_callback0;
330 static usb_callback_t run_bulk_tx_callback1;
331 static usb_callback_t run_bulk_tx_callback2;
332 static usb_callback_t run_bulk_tx_callback3;
333 static usb_callback_t run_bulk_tx_callback4;
334 static usb_callback_t run_bulk_tx_callback5;
336 static void run_autoinst(void *, struct usb_device *,
337 struct usb_attach_arg *);
338 static int run_driver_loaded(struct module *, int, void *);
339 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
340 usb_error_t error, u_int index);
341 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
342 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
343 const uint8_t [IEEE80211_ADDR_LEN],
344 const uint8_t [IEEE80211_ADDR_LEN]);
345 static void run_vap_delete(struct ieee80211vap *);
346 static void run_cmdq_cb(void *, int);
347 static void run_setup_tx_list(struct run_softc *,
348 struct run_endpoint_queue *);
349 static void run_unsetup_tx_list(struct run_softc *,
350 struct run_endpoint_queue *);
351 static int run_load_microcode(struct run_softc *);
352 static int run_reset(struct run_softc *);
353 static usb_error_t run_do_request(struct run_softc *,
354 struct usb_device_request *, void *);
355 static int run_read(struct run_softc *, uint16_t, uint32_t *);
356 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
357 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
358 static int run_write(struct run_softc *, uint16_t, uint32_t);
359 static int run_write_region_1(struct run_softc *, uint16_t,
360 const uint8_t *, int);
361 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
362 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
363 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
364 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
365 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
366 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
367 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
368 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
369 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
370 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
371 static const char *run_get_rf(uint16_t);
372 static void run_rt3593_get_txpower(struct run_softc *);
373 static void run_get_txpower(struct run_softc *);
374 static int run_read_eeprom(struct run_softc *);
375 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
376 const uint8_t mac[IEEE80211_ADDR_LEN]);
377 static int run_media_change(struct ifnet *);
378 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
379 static int run_wme_update(struct ieee80211com *);
380 static void run_wme_update_cb(void *);
381 static void run_key_update_begin(struct ieee80211vap *);
382 static void run_key_update_end(struct ieee80211vap *);
383 static void run_key_set_cb(void *);
384 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
385 const uint8_t mac[IEEE80211_ADDR_LEN]);
386 static void run_key_delete_cb(void *);
387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
388 static void run_ratectl_to(void *);
389 static void run_ratectl_cb(void *, int);
390 static void run_drain_fifo(void *);
391 static void run_iter_func(void *, struct ieee80211_node *);
392 static void run_newassoc_cb(void *);
393 static void run_newassoc(struct ieee80211_node *, int);
394 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
395 static void run_tx_free(struct run_endpoint_queue *pq,
396 struct run_tx_data *, int);
397 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
398 static int run_tx(struct run_softc *, struct mbuf *,
399 struct ieee80211_node *);
400 static int run_tx_mgt(struct run_softc *, struct mbuf *,
401 struct ieee80211_node *);
402 static int run_sendprot(struct run_softc *, const struct mbuf *,
403 struct ieee80211_node *, int, int);
404 static int run_tx_param(struct run_softc *, struct mbuf *,
405 struct ieee80211_node *,
406 const struct ieee80211_bpf_params *);
407 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
408 const struct ieee80211_bpf_params *);
409 static void run_start(struct ifnet *);
410 static int run_ioctl(struct ifnet *, u_long, caddr_t);
411 static void run_iq_calib(struct run_softc *, u_int);
412 static void run_set_agc(struct run_softc *, uint8_t);
413 static void run_select_chan_group(struct run_softc *, int);
414 static void run_set_rx_antenna(struct run_softc *, int);
415 static void run_rt2870_set_chan(struct run_softc *, u_int);
416 static void run_rt3070_set_chan(struct run_softc *, u_int);
417 static void run_rt3572_set_chan(struct run_softc *, u_int);
418 static void run_rt3593_set_chan(struct run_softc *, u_int);
419 static void run_rt5390_set_chan(struct run_softc *, u_int);
420 static void run_rt5592_set_chan(struct run_softc *, u_int);
421 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
422 static void run_set_channel(struct ieee80211com *);
423 static void run_scan_start(struct ieee80211com *);
424 static void run_scan_end(struct ieee80211com *);
425 static void run_update_beacon(struct ieee80211vap *, int);
426 static void run_update_beacon_cb(void *);
427 static void run_updateprot(struct ieee80211com *);
428 static void run_updateprot_cb(void *);
429 static void run_usb_timeout_cb(void *);
430 static void run_reset_livelock(struct run_softc *);
431 static void run_enable_tsf_sync(struct run_softc *);
432 static void run_enable_mrr(struct run_softc *);
433 static void run_set_txpreamble(struct run_softc *);
434 static void run_set_basicrates(struct run_softc *);
435 static void run_set_leds(struct run_softc *, uint16_t);
436 static void run_set_bssid(struct run_softc *, const uint8_t *);
437 static void run_set_macaddr(struct run_softc *, const uint8_t *);
438 static void run_updateslot(struct ifnet *);
439 static void run_updateslot_cb(void *);
440 static void run_update_mcast(struct ifnet *);
441 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
442 static void run_update_promisc_locked(struct ifnet *);
443 static void run_update_promisc(struct ifnet *);
444 static void run_rt5390_bbp_init(struct run_softc *);
445 static int run_bbp_init(struct run_softc *);
446 static int run_rt3070_rf_init(struct run_softc *);
447 static void run_rt3593_rf_init(struct run_softc *);
448 static void run_rt5390_rf_init(struct run_softc *);
449 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
451 static void run_rt3070_rf_setup(struct run_softc *);
452 static void run_rt3593_rf_setup(struct run_softc *);
453 static void run_rt5390_rf_setup(struct run_softc *);
454 static int run_txrx_enable(struct run_softc *);
455 static void run_adjust_freq_offset(struct run_softc *);
456 static void run_init(void *);
457 static void run_init_locked(struct run_softc *);
458 static void run_stop(void *);
459 static void run_delay(struct run_softc *, u_int);
461 static eventhandler_tag run_etag;
463 static const struct rt2860_rate {
466 enum ieee80211_phytype phy;
471 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
472 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
473 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
474 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
475 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
476 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
477 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
478 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
479 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
480 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
481 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
482 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
485 static const struct {
488 } rt2870_def_mac[] = {
492 static const struct {
495 } rt2860_def_bbp[] = {
497 },rt5390_def_bbp[] = {
499 },rt5592_def_bbp[] = {
504 * Default values for BBP register R196 for RT5592.
506 static const uint8_t rt5592_bbp_r196[] = {
507 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
508 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
509 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
510 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
511 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
512 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
514 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
515 0x2e, 0x36, 0x30, 0x6e
518 static const struct rfprog {
520 uint32_t r1, r2, r3, r4;
521 } rt2860_rf2850[] = {
531 static const struct rt5592_freqs {
534 } rt5592_freqs_20mhz[] = {
536 },rt5592_freqs_40mhz[] = {
540 static const struct {
543 } rt3070_def_rf[] = {
545 },rt3572_def_rf[] = {
547 },rt3593_def_rf[] = {
549 },rt5390_def_rf[] = {
551 },rt5392_def_rf[] = {
553 },rt5592_def_rf[] = {
555 },rt5592_2ghz_def_rf[] = {
557 },rt5592_5ghz_def_rf[] = {
561 static const struct {
566 } rt5592_chan_5ghz[] = {
570 static const struct usb_config run_config[RUN_N_XFER] = {
573 .endpoint = UE_ADDR_ANY,
575 .direction = UE_DIR_OUT,
576 .bufsize = RUN_MAX_TXSZ,
577 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
578 .callback = run_bulk_tx_callback0,
579 .timeout = 5000, /* ms */
583 .endpoint = UE_ADDR_ANY,
584 .direction = UE_DIR_OUT,
586 .bufsize = RUN_MAX_TXSZ,
587 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
588 .callback = run_bulk_tx_callback1,
589 .timeout = 5000, /* ms */
593 .endpoint = UE_ADDR_ANY,
594 .direction = UE_DIR_OUT,
596 .bufsize = RUN_MAX_TXSZ,
597 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
598 .callback = run_bulk_tx_callback2,
599 .timeout = 5000, /* ms */
603 .endpoint = UE_ADDR_ANY,
604 .direction = UE_DIR_OUT,
606 .bufsize = RUN_MAX_TXSZ,
607 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
608 .callback = run_bulk_tx_callback3,
609 .timeout = 5000, /* ms */
611 [RUN_BULK_TX_HCCA] = {
613 .endpoint = UE_ADDR_ANY,
614 .direction = UE_DIR_OUT,
616 .bufsize = RUN_MAX_TXSZ,
617 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
618 .callback = run_bulk_tx_callback4,
619 .timeout = 5000, /* ms */
621 [RUN_BULK_TX_PRIO] = {
623 .endpoint = UE_ADDR_ANY,
624 .direction = UE_DIR_OUT,
626 .bufsize = RUN_MAX_TXSZ,
627 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
628 .callback = run_bulk_tx_callback5,
629 .timeout = 5000, /* ms */
633 .endpoint = UE_ADDR_ANY,
634 .direction = UE_DIR_IN,
635 .bufsize = RUN_MAX_RXSZ,
636 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
637 .callback = run_bulk_rx_callback,
642 run_autoinst(void *arg, struct usb_device *udev,
643 struct usb_attach_arg *uaa)
645 struct usb_interface *iface;
646 struct usb_interface_descriptor *id;
648 if (uaa->dev_state != UAA_DEV_READY)
651 iface = usbd_get_iface(udev, 0);
655 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
657 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
660 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
661 uaa->dev_state = UAA_DEV_EJECTING;
665 run_driver_loaded(struct module *mod, int what, void *arg)
669 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
670 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
673 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
682 run_match(device_t self)
684 struct usb_attach_arg *uaa = device_get_ivars(self);
686 if (uaa->usb_mode != USB_MODE_HOST)
688 if (uaa->info.bConfigIndex != 0)
690 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
693 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
697 run_attach(device_t self)
699 struct run_softc *sc = device_get_softc(self);
700 struct usb_attach_arg *uaa = device_get_ivars(self);
701 struct ieee80211com *ic;
705 uint8_t iface_index, bands;
707 device_set_usb_desc(self);
708 sc->sc_udev = uaa->device;
710 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
711 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
713 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
714 MTX_NETWORK_LOCK, MTX_DEF);
716 iface_index = RT2860_IFACE_INDEX;
718 error = usbd_transfer_setup(uaa->device, &iface_index,
719 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
721 device_printf(self, "could not allocate USB transfers, "
722 "err=%s\n", usbd_errstr(error));
728 /* wait for the chip to settle */
729 for (ntries = 0; ntries < 100; ntries++) {
730 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
734 if (ver != 0 && ver != 0xffffffff)
739 device_printf(sc->sc_dev,
740 "timeout waiting for NIC to initialize\n");
744 sc->mac_ver = ver >> 16;
745 sc->mac_rev = ver & 0xffff;
747 /* retrieve RF rev. no and various other things from EEPROM */
750 device_printf(sc->sc_dev,
751 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
752 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
753 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
757 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
759 device_printf(sc->sc_dev, "can not if_alloc()\n");
765 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
766 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
767 ifp->if_init = run_init;
768 ifp->if_ioctl = run_ioctl;
769 ifp->if_start = run_start;
770 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
771 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
772 IFQ_SET_READY(&ifp->if_snd);
775 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
776 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
778 /* set device capabilities */
780 IEEE80211_C_STA | /* station mode supported */
781 IEEE80211_C_MONITOR | /* monitor mode supported */
784 IEEE80211_C_WDS | /* 4-address traffic works */
786 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
787 IEEE80211_C_SHSLOT | /* short slot time supported */
788 IEEE80211_C_WME | /* WME */
789 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
792 IEEE80211_CRYPTO_WEP |
793 IEEE80211_CRYPTO_AES_CCM |
794 IEEE80211_CRYPTO_TKIPMIC |
795 IEEE80211_CRYPTO_TKIP;
797 ic->ic_flags |= IEEE80211_F_DATAPAD;
798 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
801 setbit(&bands, IEEE80211_MODE_11B);
802 setbit(&bands, IEEE80211_MODE_11G);
803 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
804 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
805 sc->rf_rev == RT5592_RF_5592)
806 setbit(&bands, IEEE80211_MODE_11A);
807 ieee80211_init_channels(ic, NULL, &bands);
809 ieee80211_ifattach(ic, sc->sc_bssid);
811 ic->ic_scan_start = run_scan_start;
812 ic->ic_scan_end = run_scan_end;
813 ic->ic_set_channel = run_set_channel;
814 ic->ic_node_alloc = run_node_alloc;
815 ic->ic_newassoc = run_newassoc;
816 ic->ic_updateslot = run_updateslot;
817 ic->ic_update_mcast = run_update_mcast;
818 ic->ic_wme.wme_update = run_wme_update;
819 ic->ic_raw_xmit = run_raw_xmit;
820 ic->ic_update_promisc = run_update_promisc;
822 ic->ic_vap_create = run_vap_create;
823 ic->ic_vap_delete = run_vap_delete;
825 ieee80211_radiotap_attach(ic,
826 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
827 RUN_TX_RADIOTAP_PRESENT,
828 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
829 RUN_RX_RADIOTAP_PRESENT);
831 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
832 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
833 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
836 ieee80211_announce(ic);
846 run_detach(device_t self)
848 struct run_softc *sc = device_get_softc(self);
849 struct ifnet *ifp = sc->sc_ifp;
850 struct ieee80211com *ic;
857 /* stop all USB transfers */
858 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
861 sc->ratectl_run = RUN_RATECTL_OFF;
862 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
864 /* free TX list, if any */
865 for (i = 0; i != RUN_EP_QUEUES; i++)
866 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
872 usb_callout_drain(&sc->ratectl_ch);
873 ieee80211_draintask(ic, &sc->cmdq_task);
874 ieee80211_draintask(ic, &sc->ratectl_task);
875 ieee80211_ifdetach(ic);
879 mtx_destroy(&sc->sc_mtx);
884 static struct ieee80211vap *
885 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
886 enum ieee80211_opmode opmode, int flags,
887 const uint8_t bssid[IEEE80211_ADDR_LEN],
888 const uint8_t mac[IEEE80211_ADDR_LEN])
890 struct ifnet *ifp = ic->ic_ifp;
891 struct run_softc *sc = ifp->if_softc;
893 struct ieee80211vap *vap;
896 if (sc->rvp_cnt >= RUN_VAP_MAX) {
897 if_printf(ifp, "number of VAPs maxed out\n");
902 case IEEE80211_M_STA:
903 /* enable s/w bmiss handling for sta mode */
904 flags |= IEEE80211_CLONE_NOBEACONS;
906 case IEEE80211_M_IBSS:
907 case IEEE80211_M_MONITOR:
908 case IEEE80211_M_HOSTAP:
909 case IEEE80211_M_MBSS:
910 /* other than WDS vaps, only one at a time */
911 if (!TAILQ_EMPTY(&ic->ic_vaps))
914 case IEEE80211_M_WDS:
915 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
916 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
918 /* WDS vap's always share the local mac address. */
919 flags &= ~IEEE80211_CLONE_BSSID;
923 if_printf(ifp, "wds only supported in ap mode\n");
928 if_printf(ifp, "unknown opmode %d\n", opmode);
932 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
933 M_80211_VAP, M_NOWAIT | M_ZERO);
938 if (ieee80211_vap_setup(ic, vap, name, unit,
939 opmode, flags, bssid, mac) != 0) {
941 free(rvp, M_80211_VAP);
945 vap->iv_key_update_begin = run_key_update_begin;
946 vap->iv_key_update_end = run_key_update_end;
947 vap->iv_update_beacon = run_update_beacon;
948 vap->iv_max_aid = RT2870_WCID_MAX;
950 * To delete the right key from h/w, we need wcid.
951 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
952 * and matching wcid will be written into there. So, cast
953 * some spells to remove 'const' from ieee80211_key{}
955 vap->iv_key_delete = (void *)run_key_delete;
956 vap->iv_key_set = (void *)run_key_set;
958 /* override state transition machine */
959 rvp->newstate = vap->iv_newstate;
960 vap->iv_newstate = run_newstate;
962 ieee80211_ratectl_init(vap);
963 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
966 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
968 /* make sure id is always unique */
969 for (i = 0; i < RUN_VAP_MAX; i++) {
970 if((sc->rvp_bmap & 1 << i) == 0){
971 sc->rvp_bmap |= 1 << i;
976 if (sc->rvp_cnt++ == 0)
977 ic->ic_opmode = opmode;
979 if (opmode == IEEE80211_M_HOSTAP)
980 sc->cmdq_run = RUN_CMDQ_GO;
982 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
983 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
989 run_vap_delete(struct ieee80211vap *vap)
991 struct run_vap *rvp = RUN_VAP(vap);
993 struct ieee80211com *ic;
994 struct run_softc *sc;
1007 m_freem(rvp->beacon_mbuf);
1008 rvp->beacon_mbuf = NULL;
1010 rvp_id = rvp->rvp_id;
1011 sc->ratectl_run &= ~(1 << rvp_id);
1012 sc->rvp_bmap &= ~(1 << rvp_id);
1013 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1014 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1017 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1018 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1022 ieee80211_ratectl_deinit(vap);
1023 ieee80211_vap_detach(vap);
1024 free(rvp, M_80211_VAP);
1028 * There are numbers of functions need to be called in context thread.
1029 * Rather than creating taskqueue event for each of those functions,
1030 * here is all-for-one taskqueue callback function. This function
1031 * gurantees deferred functions are executed in the same order they
1033 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1036 run_cmdq_cb(void *arg, int pending)
1038 struct run_softc *sc = arg;
1041 /* call cmdq[].func locked */
1043 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1044 i = sc->cmdq_exec, pending--) {
1045 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1046 if (sc->cmdq_run == RUN_CMDQ_GO) {
1048 * If arg0 is NULL, callback func needs more
1049 * than one arg. So, pass ptr to cmdq struct.
1051 if (sc->cmdq[i].arg0)
1052 sc->cmdq[i].func(sc->cmdq[i].arg0);
1054 sc->cmdq[i].func(&sc->cmdq[i]);
1056 sc->cmdq[i].arg0 = NULL;
1057 sc->cmdq[i].func = NULL;
1059 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1065 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1067 struct run_tx_data *data;
1069 memset(pq, 0, sizeof(*pq));
1071 STAILQ_INIT(&pq->tx_qh);
1072 STAILQ_INIT(&pq->tx_fh);
1074 for (data = &pq->tx_data[0];
1075 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1077 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1079 pq->tx_nfree = RUN_TX_RING_COUNT;
1083 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1085 struct run_tx_data *data;
1087 /* make sure any subsequent use of the queues will fail */
1089 STAILQ_INIT(&pq->tx_fh);
1090 STAILQ_INIT(&pq->tx_qh);
1092 /* free up all node references and mbufs */
1093 for (data = &pq->tx_data[0];
1094 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1095 if (data->m != NULL) {
1099 if (data->ni != NULL) {
1100 ieee80211_free_node(data->ni);
1107 run_load_microcode(struct run_softc *sc)
1109 usb_device_request_t req;
1110 const struct firmware *fw;
1114 const uint64_t *temp;
1118 fw = firmware_get("runfw");
1121 device_printf(sc->sc_dev,
1122 "failed loadfirmware of file %s\n", "runfw");
1126 if (fw->datasize != 8192) {
1127 device_printf(sc->sc_dev,
1128 "invalid firmware size (should be 8KB)\n");
1134 * RT3071/RT3072 use a different firmware
1135 * run-rt2870 (8KB) contains both,
1136 * first half (4KB) is for rt2870,
1137 * last half is for rt3071.
1140 if ((sc->mac_ver) != 0x2860 &&
1141 (sc->mac_ver) != 0x2872 &&
1142 (sc->mac_ver) != 0x3070) {
1146 /* cheap sanity check */
1149 if (bytes != be64toh(0xffffff0210280210ULL)) {
1150 device_printf(sc->sc_dev, "firmware checksum failed\n");
1155 /* write microcode image */
1156 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1157 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1158 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1159 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1162 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1163 req.bRequest = RT2870_RESET;
1164 USETW(req.wValue, 8);
1165 USETW(req.wIndex, 0);
1166 USETW(req.wLength, 0);
1167 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1169 device_printf(sc->sc_dev, "firmware reset failed\n");
1175 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1176 run_write(sc, RT2860_H2M_MAILBOX, 0);
1177 run_write(sc, RT2860_H2M_INTSRC, 0);
1178 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1181 /* wait until microcontroller is ready */
1182 for (ntries = 0; ntries < 1000; ntries++) {
1183 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1185 if (tmp & RT2860_MCU_READY)
1189 if (ntries == 1000) {
1190 device_printf(sc->sc_dev,
1191 "timeout waiting for MCU to initialize\n");
1195 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1196 (base == fw->data) ? "RT2870" : "RT3071",
1197 *(base + 4092), *(base + 4093));
1200 firmware_put(fw, FIRMWARE_UNLOAD);
1205 run_reset(struct run_softc *sc)
1207 usb_device_request_t req;
1209 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1210 req.bRequest = RT2870_RESET;
1211 USETW(req.wValue, 1);
1212 USETW(req.wIndex, 0);
1213 USETW(req.wLength, 0);
1214 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1218 run_do_request(struct run_softc *sc,
1219 struct usb_device_request *req, void *data)
1224 RUN_LOCK_ASSERT(sc, MA_OWNED);
1227 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1228 req, data, 0, NULL, 250 /* ms */);
1231 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1239 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1244 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1246 *val = le32toh(tmp);
1253 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1255 usb_device_request_t req;
1257 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1258 req.bRequest = RT2870_READ_REGION_1;
1259 USETW(req.wValue, 0);
1260 USETW(req.wIndex, reg);
1261 USETW(req.wLength, len);
1263 return (run_do_request(sc, &req, buf));
1267 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1269 usb_device_request_t req;
1271 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1272 req.bRequest = RT2870_WRITE_2;
1273 USETW(req.wValue, val);
1274 USETW(req.wIndex, reg);
1275 USETW(req.wLength, 0);
1277 return (run_do_request(sc, &req, NULL));
1281 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1285 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1286 error = run_write_2(sc, reg + 2, val >> 16);
1291 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1297 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1298 * We thus issue multiple WRITE_2 commands instead.
1300 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1301 for (i = 0; i < len && error == 0; i += 2)
1302 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1305 usb_device_request_t req;
1309 * NOTE: It appears the WRITE_REGION_1 command cannot be
1310 * passed a huge amount of data, which will crash the
1311 * firmware. Limit amount of data passed to 64-bytes at a
1319 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1320 req.bRequest = RT2870_WRITE_REGION_1;
1321 USETW(req.wValue, 0);
1322 USETW(req.wIndex, reg);
1323 USETW(req.wLength, delta);
1324 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1336 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1340 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1341 for (i = 0; i < len && error == 0; i += 4)
1342 error = run_write(sc, reg + i, val);
1347 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1353 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1359 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1365 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1366 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1367 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1368 for (ntries = 0; ntries < 100; ntries++) {
1369 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1371 if (!(tmp & RT3070_EFSROM_KICK))
1378 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1379 *val = 0xffff; /* address not found */
1382 /* determine to which 32-bit register our 16-bit word belongs */
1383 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1384 if ((error = run_read(sc, reg, &tmp)) != 0)
1387 tmp >>= (8 * (addr & 0x3));
1388 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1393 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1395 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1397 return (run_efuse_read(sc, addr, val, 2));
1401 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1403 usb_device_request_t req;
1408 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1409 req.bRequest = RT2870_EEPROM_READ;
1410 USETW(req.wValue, 0);
1411 USETW(req.wIndex, addr);
1412 USETW(req.wLength, sizeof(tmp));
1414 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1416 *val = le16toh(tmp);
1423 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1425 /* either eFUSE ROM or EEPROM */
1426 return sc->sc_srom_read(sc, addr, val);
1430 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1435 for (ntries = 0; ntries < 10; ntries++) {
1436 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1438 if (!(tmp & RT2860_RF_REG_CTRL))
1444 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1448 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1453 for (ntries = 0; ntries < 100; ntries++) {
1454 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1456 if (!(tmp & RT3070_RF_KICK))
1462 tmp = RT3070_RF_KICK | reg << 8;
1463 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1466 for (ntries = 0; ntries < 100; ntries++) {
1467 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1469 if (!(tmp & RT3070_RF_KICK))
1480 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1485 for (ntries = 0; ntries < 10; ntries++) {
1486 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1488 if (!(tmp & RT3070_RF_KICK))
1494 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1495 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1499 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1504 for (ntries = 0; ntries < 10; ntries++) {
1505 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1507 if (!(tmp & RT2860_BBP_CSR_KICK))
1513 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1514 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1517 for (ntries = 0; ntries < 10; ntries++) {
1518 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1520 if (!(tmp & RT2860_BBP_CSR_KICK))
1531 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1536 for (ntries = 0; ntries < 10; ntries++) {
1537 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1539 if (!(tmp & RT2860_BBP_CSR_KICK))
1545 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1546 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1550 * Send a command to the 8051 microcontroller unit.
1553 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1558 for (ntries = 0; ntries < 100; ntries++) {
1559 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1561 if (!(tmp & RT2860_H2M_BUSY))
1567 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1568 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1569 error = run_write(sc, RT2860_HOST_CMD, cmd);
1574 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1575 * Used to adjust per-rate Tx power registers.
1577 static __inline uint32_t
1578 b4inc(uint32_t b32, int8_t delta)
1582 for (i = 0; i < 8; i++) {
1589 b32 = b32 >> 4 | b4 << 28;
1595 run_get_rf(uint16_t rev)
1598 case RT2860_RF_2820: return "RT2820";
1599 case RT2860_RF_2850: return "RT2850";
1600 case RT2860_RF_2720: return "RT2720";
1601 case RT2860_RF_2750: return "RT2750";
1602 case RT3070_RF_3020: return "RT3020";
1603 case RT3070_RF_2020: return "RT2020";
1604 case RT3070_RF_3021: return "RT3021";
1605 case RT3070_RF_3022: return "RT3022";
1606 case RT3070_RF_3052: return "RT3052";
1607 case RT3593_RF_3053: return "RT3053";
1608 case RT5592_RF_5592: return "RT5592";
1609 case RT5390_RF_5370: return "RT5370";
1610 case RT5390_RF_5372: return "RT5372";
1616 run_rt3593_get_txpower(struct run_softc *sc)
1621 /* Read power settings for 2GHz channels. */
1622 for (i = 0; i < 14; i += 2) {
1623 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1624 RT2860_EEPROM_PWR2GHZ_BASE1;
1625 run_srom_read(sc, addr + i / 2, &val);
1626 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1627 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1629 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1630 RT2860_EEPROM_PWR2GHZ_BASE2;
1631 run_srom_read(sc, addr + i / 2, &val);
1632 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1633 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1635 if (sc->ntxchains == 3) {
1636 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1638 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1639 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1642 /* Fix broken Tx power entries. */
1643 for (i = 0; i < 14; i++) {
1644 if (sc->txpow1[i] > 31)
1646 if (sc->txpow2[i] > 31)
1648 if (sc->ntxchains == 3) {
1649 if (sc->txpow3[i] > 31)
1653 /* Read power settings for 5GHz channels. */
1654 for (i = 0; i < 40; i += 2) {
1655 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1656 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1657 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1659 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1660 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1661 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1663 if (sc->ntxchains == 3) {
1664 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1666 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1667 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1673 run_get_txpower(struct run_softc *sc)
1678 /* Read power settings for 2GHz channels. */
1679 for (i = 0; i < 14; i += 2) {
1680 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1681 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1682 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1684 if (sc->mac_ver != 0x5390) {
1686 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1687 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1688 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1691 /* Fix broken Tx power entries. */
1692 for (i = 0; i < 14; i++) {
1693 if (sc->mac_ver >= 0x5390) {
1694 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1697 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1700 if (sc->mac_ver > 0x5390) {
1701 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1703 } else if (sc->mac_ver < 0x5390) {
1704 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1707 DPRINTF("chan %d: power1=%d, power2=%d\n",
1708 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1710 /* Read power settings for 5GHz channels. */
1711 for (i = 0; i < 40; i += 2) {
1712 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1713 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1714 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1716 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1717 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1718 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1720 /* Fix broken Tx power entries. */
1721 for (i = 0; i < 40; i++ ) {
1722 if (sc->mac_ver != 0x5592) {
1723 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1724 sc->txpow1[14 + i] = 5;
1725 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1726 sc->txpow2[14 + i] = 5;
1728 DPRINTF("chan %d: power1=%d, power2=%d\n",
1729 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1730 sc->txpow2[14 + i]);
1735 run_read_eeprom(struct run_softc *sc)
1737 int8_t delta_2ghz, delta_5ghz;
1742 /* check whether the ROM is eFUSE ROM or EEPROM */
1743 sc->sc_srom_read = run_eeprom_read_2;
1744 if (sc->mac_ver >= 0x3070) {
1745 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1746 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1747 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1748 sc->sc_srom_read = run_efuse_read_2;
1751 /* read ROM version */
1752 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1753 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1755 /* read MAC address */
1756 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1757 sc->sc_bssid[0] = val & 0xff;
1758 sc->sc_bssid[1] = val >> 8;
1759 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1760 sc->sc_bssid[2] = val & 0xff;
1761 sc->sc_bssid[3] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1763 sc->sc_bssid[4] = val & 0xff;
1764 sc->sc_bssid[5] = val >> 8;
1766 if (sc->mac_ver < 0x3593) {
1767 /* read vender BBP settings */
1768 for (i = 0; i < 10; i++) {
1769 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1770 sc->bbp[i].val = val & 0xff;
1771 sc->bbp[i].reg = val >> 8;
1772 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1775 if (sc->mac_ver >= 0x3071) {
1776 /* read vendor RF settings */
1777 for (i = 0; i < 10; i++) {
1778 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1780 sc->rf[i].val = val & 0xff;
1781 sc->rf[i].reg = val >> 8;
1782 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1788 /* read RF frequency offset from EEPROM */
1789 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1790 RT3593_EEPROM_FREQ, &val);
1791 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1792 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1794 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1795 RT3593_EEPROM_FREQ_LEDS, &val);
1796 if (val >> 8 != 0xff) {
1797 /* read LEDs operating mode */
1798 sc->leds = val >> 8;
1799 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1800 RT3593_EEPROM_LED1, &sc->led[0]);
1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1802 RT3593_EEPROM_LED2, &sc->led[1]);
1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1804 RT3593_EEPROM_LED3, &sc->led[2]);
1806 /* broken EEPROM, use default settings */
1808 sc->led[0] = 0x5555;
1809 sc->led[1] = 0x2221;
1810 sc->led[2] = 0x5627; /* differs from RT2860 */
1812 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1813 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1815 /* read RF information */
1816 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1817 run_srom_read(sc, 0x00, &val);
1819 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1821 if (val == 0xffff) {
1822 device_printf(sc->sc_dev,
1823 "invalid EEPROM antenna info, using default\n");
1824 DPRINTF("invalid EEPROM antenna info, using default\n");
1825 if (sc->mac_ver == 0x3572) {
1826 /* default to RF3052 2T2R */
1827 sc->rf_rev = RT3070_RF_3052;
1830 } else if (sc->mac_ver >= 0x3070) {
1831 /* default to RF3020 1T1R */
1832 sc->rf_rev = RT3070_RF_3020;
1836 /* default to RF2820 1T2R */
1837 sc->rf_rev = RT2860_RF_2820;
1842 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1844 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1846 sc->rf_rev = (val >> 8) & 0xf;
1847 sc->ntxchains = (val >> 4) & 0xf;
1848 sc->nrxchains = val & 0xf;
1850 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1851 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1853 /* check if RF supports automatic Tx access gain control */
1854 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1855 DPRINTF("EEPROM CFG 0x%04x\n", val);
1856 /* check if driver should patch the DAC issue */
1857 if ((val >> 8) != 0xff)
1858 sc->patch_dac = (val >> 15) & 1;
1859 if ((val & 0xff) != 0xff) {
1860 sc->ext_5ghz_lna = (val >> 3) & 1;
1861 sc->ext_2ghz_lna = (val >> 2) & 1;
1862 /* check if RF supports automatic Tx access gain control */
1863 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1864 /* check if we have a hardware radio switch */
1865 sc->rfswitch = val & 1;
1868 /* Read Tx power settings. */
1869 if (sc->mac_ver == 0x3593)
1870 run_rt3593_get_txpower(sc);
1872 run_get_txpower(sc);
1874 /* read Tx power compensation for each Tx rate */
1875 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1876 delta_2ghz = delta_5ghz = 0;
1877 if ((val & 0xff) != 0xff && (val & 0x80)) {
1878 delta_2ghz = val & 0xf;
1879 if (!(val & 0x40)) /* negative number */
1880 delta_2ghz = -delta_2ghz;
1883 if ((val & 0xff) != 0xff && (val & 0x80)) {
1884 delta_5ghz = val & 0xf;
1885 if (!(val & 0x40)) /* negative number */
1886 delta_5ghz = -delta_5ghz;
1888 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1889 delta_2ghz, delta_5ghz);
1891 for (ridx = 0; ridx < 5; ridx++) {
1894 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1896 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1897 reg |= (uint32_t)val << 16;
1899 sc->txpow20mhz[ridx] = reg;
1900 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1901 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1903 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1904 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1905 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1908 /* Read RSSI offsets and LNA gains from EEPROM. */
1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1910 RT3593_EEPROM_RSSI1_2GHZ, &val);
1911 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1912 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1913 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1914 RT3593_EEPROM_RSSI2_2GHZ, &val);
1915 if (sc->mac_ver >= 0x3070) {
1916 if (sc->mac_ver == 0x3593) {
1917 sc->txmixgain_2ghz = 0;
1918 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1921 * On RT3070 chips (limited to 2 Rx chains), this ROM
1922 * field contains the Tx mixer gain for the 2GHz band.
1924 if ((val & 0xff) != 0xff)
1925 sc->txmixgain_2ghz = val & 0x7;
1927 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1929 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1930 if (sc->mac_ver == 0x3593)
1931 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1932 sc->lna[2] = val >> 8; /* channel group 2 */
1934 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1935 RT3593_EEPROM_RSSI1_5GHZ, &val);
1936 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1937 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1938 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1939 RT3593_EEPROM_RSSI2_5GHZ, &val);
1940 if (sc->mac_ver == 0x3572) {
1942 * On RT3572 chips (limited to 2 Rx chains), this ROM
1943 * field contains the Tx mixer gain for the 5GHz band.
1945 if ((val & 0xff) != 0xff)
1946 sc->txmixgain_5ghz = val & 0x7;
1947 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1949 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1950 if (sc->mac_ver == 0x3593) {
1951 sc->txmixgain_5ghz = 0;
1952 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1954 sc->lna[3] = val >> 8; /* channel group 3 */
1956 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1957 RT3593_EEPROM_LNA, &val);
1958 sc->lna[0] = val & 0xff; /* channel group 0 */
1959 sc->lna[1] = val >> 8; /* channel group 1 */
1961 /* fix broken 5GHz LNA entries */
1962 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1963 DPRINTF("invalid LNA for channel group %d\n", 2);
1964 sc->lna[2] = sc->lna[1];
1966 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1967 DPRINTF("invalid LNA for channel group %d\n", 3);
1968 sc->lna[3] = sc->lna[1];
1971 /* fix broken RSSI offset entries */
1972 for (ant = 0; ant < 3; ant++) {
1973 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1974 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1975 ant + 1, sc->rssi_2ghz[ant]);
1976 sc->rssi_2ghz[ant] = 0;
1978 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1979 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1980 ant + 1, sc->rssi_5ghz[ant]);
1981 sc->rssi_5ghz[ant] = 0;
1987 static struct ieee80211_node *
1988 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1990 return malloc(sizeof (struct run_node), M_80211_NODE,
1995 run_media_change(struct ifnet *ifp)
1997 struct ieee80211vap *vap = ifp->if_softc;
1998 struct ieee80211com *ic = vap->iv_ic;
1999 const struct ieee80211_txparam *tp;
2000 struct run_softc *sc = ic->ic_ifp->if_softc;
2006 error = ieee80211_media_change(ifp);
2007 if (error != ENETRESET) {
2012 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2013 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2014 struct ieee80211_node *ni;
2015 struct run_node *rn;
2017 rate = ic->ic_sup_rates[ic->ic_curmode].
2018 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2019 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2020 if (rt2860_rates[ridx].rate == rate)
2022 ni = ieee80211_ref_node(vap->iv_bss);
2023 rn = (struct run_node *)ni;
2024 rn->fix_ridx = ridx;
2025 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2026 ieee80211_free_node(ni);
2030 if ((ifp->if_flags & IFF_UP) &&
2031 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2032 run_init_locked(sc);
2042 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2044 const struct ieee80211_txparam *tp;
2045 struct ieee80211com *ic = vap->iv_ic;
2046 struct run_softc *sc = ic->ic_ifp->if_softc;
2047 struct run_vap *rvp = RUN_VAP(vap);
2048 enum ieee80211_state ostate;
2052 uint8_t restart_ratectl = 0;
2053 uint8_t bid = 1 << rvp->rvp_id;
2055 ostate = vap->iv_state;
2056 DPRINTF("%s -> %s\n",
2057 ieee80211_state_name[ostate],
2058 ieee80211_state_name[nstate]);
2060 IEEE80211_UNLOCK(ic);
2063 ratectl = sc->ratectl_run; /* remember current state */
2064 sc->ratectl_run = RUN_RATECTL_OFF;
2065 usb_callout_stop(&sc->ratectl_ch);
2067 if (ostate == IEEE80211_S_RUN) {
2068 /* turn link LED off */
2069 run_set_leds(sc, RT2860_LED_RADIO);
2073 case IEEE80211_S_INIT:
2074 restart_ratectl = 1;
2076 if (ostate != IEEE80211_S_RUN)
2080 sc->runbmap &= ~bid;
2082 /* abort TSF synchronization if there is no vap running */
2083 if (--sc->running == 0) {
2084 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2085 run_write(sc, RT2860_BCN_TIME_CFG,
2086 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2087 RT2860_TBTT_TIMER_EN));
2091 case IEEE80211_S_RUN:
2092 if (!(sc->runbmap & bid)) {
2094 restart_ratectl = 1;
2098 m_freem(rvp->beacon_mbuf);
2099 rvp->beacon_mbuf = NULL;
2101 switch (vap->iv_opmode) {
2102 case IEEE80211_M_HOSTAP:
2103 case IEEE80211_M_MBSS:
2104 sc->ap_running |= bid;
2105 ic->ic_opmode = vap->iv_opmode;
2106 run_update_beacon_cb(vap);
2108 case IEEE80211_M_IBSS:
2109 sc->adhoc_running |= bid;
2110 if (!sc->ap_running)
2111 ic->ic_opmode = vap->iv_opmode;
2112 run_update_beacon_cb(vap);
2114 case IEEE80211_M_STA:
2115 sc->sta_running |= bid;
2116 if (!sc->ap_running && !sc->adhoc_running)
2117 ic->ic_opmode = vap->iv_opmode;
2119 /* read statistic counters (clear on read) */
2120 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2121 (uint8_t *)sta, sizeof sta);
2125 ic->ic_opmode = vap->iv_opmode;
2129 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2130 struct ieee80211_node *ni;
2132 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2137 run_updateslot(ic->ic_ifp);
2139 run_set_txpreamble(sc);
2140 run_set_basicrates(sc);
2141 ni = ieee80211_ref_node(vap->iv_bss);
2142 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2143 run_set_bssid(sc, ni->ni_bssid);
2144 ieee80211_free_node(ni);
2145 run_enable_tsf_sync(sc);
2147 /* enable automatic rate adaptation */
2148 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2149 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2153 /* turn link LED on */
2154 run_set_leds(sc, RT2860_LED_RADIO |
2155 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2156 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2160 DPRINTFN(6, "undefined case\n");
2164 /* restart amrr for running VAPs */
2165 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2166 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2171 return(rvp->newstate(vap, nstate, arg));
2176 run_wme_update_cb(void *arg)
2178 struct ieee80211com *ic = arg;
2179 struct run_softc *sc = ic->ic_ifp->if_softc;
2180 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2183 RUN_LOCK_ASSERT(sc, MA_OWNED);
2185 /* update MAC TX configuration registers */
2186 for (aci = 0; aci < WME_NUM_AC; aci++) {
2187 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2188 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2189 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2190 wmesp->wme_params[aci].wmep_aifsn << 8 |
2191 wmesp->wme_params[aci].wmep_txopLimit);
2192 if (error) goto err;
2195 /* update SCH/DMA registers too */
2196 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2197 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2198 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2199 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2200 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2201 if (error) goto err;
2202 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2203 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2204 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2205 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2206 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2207 if (error) goto err;
2208 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2209 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2210 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2211 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2212 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2213 if (error) goto err;
2214 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2215 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2216 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2217 if (error) goto err;
2218 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2219 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2220 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2224 DPRINTF("WME update failed\n");
2230 run_wme_update(struct ieee80211com *ic)
2232 struct run_softc *sc = ic->ic_ifp->if_softc;
2234 /* sometime called wothout lock */
2235 if (mtx_owned(&ic->ic_comlock.mtx)) {
2236 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2237 DPRINTF("cmdq_store=%d\n", i);
2238 sc->cmdq[i].func = run_wme_update_cb;
2239 sc->cmdq[i].arg0 = ic;
2240 ieee80211_runtask(ic, &sc->cmdq_task);
2245 run_wme_update_cb(ic);
2248 /* return whatever, upper layer desn't care anyway */
2253 run_key_update_begin(struct ieee80211vap *vap)
2256 * To avoid out-of-order events, both run_key_set() and
2257 * _delete() are deferred and handled by run_cmdq_cb().
2258 * So, there is nothing we need to do here.
2263 run_key_update_end(struct ieee80211vap *vap)
2269 run_key_set_cb(void *arg)
2271 struct run_cmdq *cmdq = arg;
2272 struct ieee80211vap *vap = cmdq->arg1;
2273 struct ieee80211_key *k = cmdq->k;
2274 struct ieee80211com *ic = vap->iv_ic;
2275 struct run_softc *sc = ic->ic_ifp->if_softc;
2276 struct ieee80211_node *ni;
2278 uint16_t base, associd;
2279 uint8_t mode, wcid, iv[8];
2281 RUN_LOCK_ASSERT(sc, MA_OWNED);
2283 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2284 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2287 associd = (ni != NULL) ? ni->ni_associd : 0;
2289 /* map net80211 cipher to RT2860 security mode */
2290 switch (k->wk_cipher->ic_cipher) {
2291 case IEEE80211_CIPHER_WEP:
2292 if(k->wk_keylen < 8)
2293 mode = RT2860_MODE_WEP40;
2295 mode = RT2860_MODE_WEP104;
2297 case IEEE80211_CIPHER_TKIP:
2298 mode = RT2860_MODE_TKIP;
2300 case IEEE80211_CIPHER_AES_CCM:
2301 mode = RT2860_MODE_AES_CCMP;
2304 DPRINTF("undefined case\n");
2308 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2309 associd, k->wk_keyix, mode,
2310 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2311 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2312 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2314 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2315 wcid = 0; /* NB: update WCID0 for group keys */
2316 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2318 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2319 1 : RUN_AID2WCID(associd);
2320 base = RT2860_PKEY(wcid);
2323 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2324 if(run_write_region_1(sc, base, k->wk_key, 16))
2326 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2328 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2331 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2332 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2336 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2337 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2338 /* set initial packet number in IV+EIV */
2339 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2340 memset(iv, 0, sizeof iv);
2341 iv[3] = vap->iv_def_txkey << 6;
2343 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2344 iv[0] = k->wk_keytsc >> 8;
2345 iv[1] = (iv[0] | 0x20) & 0x7f;
2346 iv[2] = k->wk_keytsc;
2348 iv[0] = k->wk_keytsc;
2349 iv[1] = k->wk_keytsc >> 8;
2352 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2353 iv[4] = k->wk_keytsc >> 16;
2354 iv[5] = k->wk_keytsc >> 24;
2355 iv[6] = k->wk_keytsc >> 32;
2356 iv[7] = k->wk_keytsc >> 40;
2358 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2362 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2363 /* install group key */
2364 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2366 attr &= ~(0xf << (k->wk_keyix * 4));
2367 attr |= mode << (k->wk_keyix * 4);
2368 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2371 /* install pairwise key */
2372 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2374 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2375 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2379 /* TODO create a pass-thru key entry? */
2381 /* need wcid to delete the right key later */
2386 * Don't have to be deferred, but in order to keep order of
2387 * execution, i.e. with run_key_delete(), defer this and let
2388 * run_cmdq_cb() maintain the order.
2393 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2394 const uint8_t mac[IEEE80211_ADDR_LEN])
2396 struct ieee80211com *ic = vap->iv_ic;
2397 struct run_softc *sc = ic->ic_ifp->if_softc;
2400 i = RUN_CMDQ_GET(&sc->cmdq_store);
2401 DPRINTF("cmdq_store=%d\n", i);
2402 sc->cmdq[i].func = run_key_set_cb;
2403 sc->cmdq[i].arg0 = NULL;
2404 sc->cmdq[i].arg1 = vap;
2406 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2407 ieee80211_runtask(ic, &sc->cmdq_task);
2410 * To make sure key will be set when hostapd
2411 * calls iv_key_set() before if_init().
2413 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2415 sc->cmdq_key_set = RUN_CMDQ_GO;
2423 * If wlan is destroyed without being brought down i.e. without
2424 * wlan down or wpa_cli terminate, this function is called after
2425 * vap is gone. Don't refer it.
2428 run_key_delete_cb(void *arg)
2430 struct run_cmdq *cmdq = arg;
2431 struct run_softc *sc = cmdq->arg1;
2432 struct ieee80211_key *k = &cmdq->key;
2436 RUN_LOCK_ASSERT(sc, MA_OWNED);
2438 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2439 /* remove group key */
2440 DPRINTF("removing group key\n");
2441 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2442 attr &= ~(0xf << (k->wk_keyix * 4));
2443 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2445 /* remove pairwise key */
2446 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2447 /* matching wcid was written to wk_pad in run_key_set() */
2449 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2451 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2452 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2462 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2464 struct ieee80211com *ic = vap->iv_ic;
2465 struct run_softc *sc = ic->ic_ifp->if_softc;
2466 struct ieee80211_key *k0;
2470 * When called back, key might be gone. So, make a copy
2471 * of some values need to delete keys before deferring.
2472 * But, because of LOR with node lock, cannot use lock here.
2473 * So, use atomic instead.
2475 i = RUN_CMDQ_GET(&sc->cmdq_store);
2476 DPRINTF("cmdq_store=%d\n", i);
2477 sc->cmdq[i].func = run_key_delete_cb;
2478 sc->cmdq[i].arg0 = NULL;
2479 sc->cmdq[i].arg1 = sc;
2480 k0 = &sc->cmdq[i].key;
2481 k0->wk_flags = k->wk_flags;
2482 k0->wk_keyix = k->wk_keyix;
2483 /* matching wcid was written to wk_pad in run_key_set() */
2484 k0->wk_pad = k->wk_pad;
2485 ieee80211_runtask(ic, &sc->cmdq_task);
2486 return (1); /* return fake success */
2491 run_ratectl_to(void *arg)
2493 struct run_softc *sc = arg;
2495 /* do it in a process context, so it can go sleep */
2496 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2497 /* next timeout will be rescheduled in the callback task */
2502 run_ratectl_cb(void *arg, int pending)
2504 struct run_softc *sc = arg;
2505 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2506 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2511 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2513 * run_reset_livelock() doesn't do anything with AMRR,
2514 * but Ralink wants us to call it every 1 sec. So, we
2515 * piggyback here rather than creating another callout.
2516 * Livelock may occur only in HOSTAP or IBSS mode
2517 * (when h/w is sending beacons).
2520 run_reset_livelock(sc);
2521 /* just in case, there are some stats to drain */
2526 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2529 if(sc->ratectl_run != RUN_RATECTL_OFF)
2530 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2535 run_drain_fifo(void *arg)
2537 struct run_softc *sc = arg;
2538 struct ifnet *ifp = sc->sc_ifp;
2540 uint16_t (*wstat)[3];
2541 uint8_t wcid, mcs, pid;
2544 RUN_LOCK_ASSERT(sc, MA_OWNED);
2547 /* drain Tx status FIFO (maxsize = 16) */
2548 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2549 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2550 if (!(stat & RT2860_TXQ_VLD))
2553 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2555 /* if no ACK was requested, no feedback is available */
2556 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2561 * Even though each stat is Tx-complete-status like format,
2562 * the device can poll stats. Because there is no guarantee
2563 * that the referring node is still around when read the stats.
2564 * So that, if we use ieee80211_ratectl_tx_update(), we will
2565 * have hard time not to refer already freed node.
2567 * To eliminate such page faults, we poll stats in softc.
2568 * Then, update the rates later with ieee80211_ratectl_tx_update().
2570 wstat = &(sc->wcid_stats[wcid]);
2571 (*wstat)[RUN_TXCNT]++;
2572 if (stat & RT2860_TXQ_OK)
2573 (*wstat)[RUN_SUCCESS]++;
2577 * Check if there were retries, ie if the Tx success rate is
2578 * different from the requested rate. Note that it works only
2579 * because we do not allow rate fallback from OFDM to CCK.
2581 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2582 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2583 if ((retry = pid -1 - mcs) > 0) {
2584 (*wstat)[RUN_TXCNT] += retry;
2585 (*wstat)[RUN_RETRY] += retry;
2588 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2594 run_iter_func(void *arg, struct ieee80211_node *ni)
2596 struct run_softc *sc = arg;
2597 struct ieee80211vap *vap = ni->ni_vap;
2598 struct ieee80211com *ic = ni->ni_ic;
2599 struct ifnet *ifp = ic->ic_ifp;
2600 struct run_node *rn = (void *)ni;
2601 union run_stats sta[2];
2602 uint16_t (*wstat)[3];
2603 int txcnt, success, retrycnt, error;
2607 /* Check for special case */
2608 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2612 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2613 vap->iv_opmode == IEEE80211_M_STA)) {
2614 /* read statistic counters (clear on read) and update AMRR state */
2615 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2620 /* count failed TX as errors */
2621 ifp->if_oerrors += le16toh(sta[0].error.fail);
2623 retrycnt = le16toh(sta[1].tx.retry);
2624 success = le16toh(sta[1].tx.success);
2625 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2627 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2628 retrycnt, success, le16toh(sta[0].error.fail));
2630 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2632 if (wstat == &(sc->wcid_stats[0]) ||
2633 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2636 txcnt = (*wstat)[RUN_TXCNT];
2637 success = (*wstat)[RUN_SUCCESS];
2638 retrycnt = (*wstat)[RUN_RETRY];
2639 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2640 retrycnt, txcnt, success);
2642 memset(wstat, 0, sizeof(*wstat));
2645 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2646 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2651 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2655 run_newassoc_cb(void *arg)
2657 struct run_cmdq *cmdq = arg;
2658 struct ieee80211_node *ni = cmdq->arg1;
2659 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2660 uint8_t wcid = cmdq->wcid;
2662 RUN_LOCK_ASSERT(sc, MA_OWNED);
2664 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2665 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2667 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2671 run_newassoc(struct ieee80211_node *ni, int isnew)
2673 struct run_node *rn = (void *)ni;
2674 struct ieee80211_rateset *rs = &ni->ni_rates;
2675 struct ieee80211vap *vap = ni->ni_vap;
2676 struct ieee80211com *ic = vap->iv_ic;
2677 struct run_softc *sc = ic->ic_ifp->if_softc;
2683 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2684 1 : RUN_AID2WCID(ni->ni_associd);
2686 if (wcid > RT2870_WCID_MAX) {
2687 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2691 /* only interested in true associations */
2692 if (isnew && ni->ni_associd != 0) {
2695 * This function could is called though timeout function.
2698 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2699 DPRINTF("cmdq_store=%d\n", cnt);
2700 sc->cmdq[cnt].func = run_newassoc_cb;
2701 sc->cmdq[cnt].arg0 = NULL;
2702 sc->cmdq[cnt].arg1 = ni;
2703 sc->cmdq[cnt].wcid = wcid;
2704 ieee80211_runtask(ic, &sc->cmdq_task);
2707 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2708 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2710 for (i = 0; i < rs->rs_nrates; i++) {
2711 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2712 /* convert 802.11 rate to hardware rate index */
2713 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2714 if (rt2860_rates[ridx].rate == rate)
2717 /* determine rate of control response frames */
2718 for (j = i; j >= 0; j--) {
2719 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2720 rt2860_rates[rn->ridx[i]].phy ==
2721 rt2860_rates[rn->ridx[j]].phy)
2725 rn->ctl_ridx[i] = rn->ridx[j];
2727 /* no basic rate found, use mandatory one */
2728 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2730 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2731 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2733 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2734 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2735 if (rt2860_rates[ridx].rate == rate)
2737 rn->mgt_ridx = ridx;
2738 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2741 if(sc->ratectl_run != RUN_RATECTL_OFF)
2742 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2747 * Return the Rx chain with the highest RSSI for a given frame.
2749 static __inline uint8_t
2750 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2752 uint8_t rxchain = 0;
2754 if (sc->nrxchains > 1) {
2755 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2757 if (sc->nrxchains > 2)
2758 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2765 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2767 struct ifnet *ifp = sc->sc_ifp;
2768 struct ieee80211com *ic = ifp->if_l2com;
2769 struct ieee80211_frame *wh;
2770 struct ieee80211_node *ni;
2771 struct rt2870_rxd *rxd;
2772 struct rt2860_rxwi *rxwi;
2774 uint16_t len, rxwisize;
2778 rxwi = mtod(m, struct rt2860_rxwi *);
2779 len = le16toh(rxwi->len) & 0xfff;
2780 rxwisize = sizeof(struct rt2860_rxwi);
2781 if (sc->mac_ver == 0x5592)
2782 rxwisize += sizeof(uint64_t);
2783 else if (sc->mac_ver == 0x3593)
2784 rxwisize += sizeof(uint32_t);
2785 if (__predict_false(len > dmalen)) {
2788 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2791 /* Rx descriptor is located at the end */
2792 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2793 flags = le32toh(rxd->flags);
2795 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2798 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2802 m->m_data += rxwisize;
2803 m->m_pkthdr.len = m->m_len -= rxwisize;
2805 wh = mtod(m, struct ieee80211_frame *);
2807 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2808 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2809 m->m_flags |= M_WEP;
2812 if (flags & RT2860_RX_L2PAD) {
2813 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2817 ni = ieee80211_find_rxnode(ic,
2818 mtod(m, struct ieee80211_frame_min *));
2820 if (__predict_false(flags & RT2860_RX_MICERR)) {
2821 /* report MIC failures to net80211 for TKIP */
2823 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2827 DPRINTF("MIC error. Someone is lying.\n");
2831 ant = run_maxrssi_chain(sc, rxwi);
2832 rssi = rxwi->rssi[ant];
2833 nf = run_rssi2dbm(sc, rssi, ant);
2835 m->m_pkthdr.rcvif = ifp;
2836 m->m_pkthdr.len = m->m_len = len;
2839 (void)ieee80211_input(ni, m, rssi, nf);
2840 ieee80211_free_node(ni);
2842 (void)ieee80211_input_all(ic, m, rssi, nf);
2845 if (__predict_false(ieee80211_radiotap_active(ic))) {
2846 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2850 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2851 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2852 tap->wr_antsignal = rssi;
2853 tap->wr_antenna = ant;
2854 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2855 tap->wr_rate = 2; /* in case it can't be found below */
2856 phy = le16toh(rxwi->phy);
2857 switch (phy & RT2860_PHY_MODE) {
2858 case RT2860_PHY_CCK:
2859 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2860 case 0: tap->wr_rate = 2; break;
2861 case 1: tap->wr_rate = 4; break;
2862 case 2: tap->wr_rate = 11; break;
2863 case 3: tap->wr_rate = 22; break;
2865 if (phy & RT2860_PHY_SHPRE)
2866 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2868 case RT2860_PHY_OFDM:
2869 switch (phy & RT2860_PHY_MCS) {
2870 case 0: tap->wr_rate = 12; break;
2871 case 1: tap->wr_rate = 18; break;
2872 case 2: tap->wr_rate = 24; break;
2873 case 3: tap->wr_rate = 36; break;
2874 case 4: tap->wr_rate = 48; break;
2875 case 5: tap->wr_rate = 72; break;
2876 case 6: tap->wr_rate = 96; break;
2877 case 7: tap->wr_rate = 108; break;
2885 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2887 struct run_softc *sc = usbd_xfer_softc(xfer);
2888 struct ifnet *ifp = sc->sc_ifp;
2889 struct mbuf *m = NULL;
2895 rxwisize = sizeof(struct rt2860_rxwi);
2896 if (sc->mac_ver == 0x5592)
2897 rxwisize += sizeof(uint64_t);
2898 else if (sc->mac_ver == 0x3593)
2899 rxwisize += sizeof(uint32_t);
2901 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2903 switch (USB_GET_STATE(xfer)) {
2904 case USB_ST_TRANSFERRED:
2906 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2908 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2909 sizeof(struct rt2870_rxd))) {
2910 DPRINTF("xfer too short %d\n", xferlen);
2920 if (sc->rx_m == NULL) {
2921 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2922 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2924 if (sc->rx_m == NULL) {
2925 DPRINTF("could not allocate mbuf - idle with stall\n");
2927 usbd_xfer_set_stall(xfer);
2928 usbd_xfer_set_frames(xfer, 0);
2931 * Directly loading a mbuf cluster into DMA to
2932 * save some data copying. This works because
2933 * there is only one cluster.
2935 usbd_xfer_set_frame_data(xfer, 0,
2936 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2937 usbd_xfer_set_frames(xfer, 1);
2939 usbd_transfer_submit(xfer);
2942 default: /* Error */
2943 if (error != USB_ERR_CANCELLED) {
2944 /* try to clear stall first */
2945 usbd_xfer_set_stall(xfer);
2947 if (error == USB_ERR_TIMEOUT)
2948 device_printf(sc->sc_dev, "device timeout\n");
2954 if (sc->rx_m != NULL) {
2964 /* inputting all the frames must be last */
2968 m->m_pkthdr.len = m->m_len = xferlen;
2970 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2972 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2974 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2975 ((dmalen & 3) != 0)) {
2976 DPRINTF("bad DMA length %u\n", dmalen);
2979 if ((dmalen + 8) > (uint32_t)xferlen) {
2980 DPRINTF("bad DMA length %u > %d\n",
2981 dmalen + 8, xferlen);
2985 /* If it is the last one or a single frame, we won't copy. */
2986 if ((xferlen -= dmalen + 8) <= 8) {
2987 /* trim 32-bit DMA-len header */
2989 m->m_pkthdr.len = m->m_len -= 4;
2990 run_rx_frame(sc, m, dmalen);
2991 m = NULL; /* don't free source buffer */
2995 /* copy aggregated frames to another mbuf */
2996 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2997 if (__predict_false(m0 == NULL)) {
2998 DPRINTF("could not allocate mbuf\n");
3002 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3003 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3004 m0->m_pkthdr.len = m0->m_len =
3005 dmalen + sizeof(struct rt2870_rxd);
3006 run_rx_frame(sc, m0, dmalen);
3008 /* update data ptr */
3009 m->m_data += dmalen + 8;
3010 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3013 /* make sure we free the source buffer, if any */
3020 run_tx_free(struct run_endpoint_queue *pq,
3021 struct run_tx_data *data, int txerr)
3023 if (data->m != NULL) {
3024 if (data->m->m_flags & M_TXCB)
3025 ieee80211_process_callback(data->ni, data->m,
3026 txerr ? ETIMEDOUT : 0);
3030 if (data->ni == NULL) {
3031 DPRINTF("no node\n");
3033 ieee80211_free_node(data->ni);
3038 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3043 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3045 struct run_softc *sc = usbd_xfer_softc(xfer);
3046 struct ifnet *ifp = sc->sc_ifp;
3047 struct ieee80211com *ic = ifp->if_l2com;
3048 struct run_tx_data *data;
3049 struct ieee80211vap *vap = NULL;
3050 struct usb_page_cache *pc;
3051 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3053 usb_frlength_t size;
3057 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3059 switch (USB_GET_STATE(xfer)) {
3060 case USB_ST_TRANSFERRED:
3061 DPRINTFN(11, "transfer complete: %d "
3062 "bytes @ index %d\n", actlen, index);
3064 data = usbd_xfer_get_priv(xfer);
3066 run_tx_free(pq, data, 0);
3067 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3069 usbd_xfer_set_priv(xfer, NULL);
3076 data = STAILQ_FIRST(&pq->tx_qh);
3080 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3083 size = (sc->mac_ver == 0x5592) ?
3084 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3085 if ((m->m_pkthdr.len +
3086 size + 3 + 8) > RUN_MAX_TXSZ) {
3087 DPRINTF("data overflow, %u bytes\n",
3092 run_tx_free(pq, data, 1);
3097 pc = usbd_xfer_get_frame(xfer, 0);
3098 usbd_copy_in(pc, 0, &data->desc, size);
3099 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3100 size += m->m_pkthdr.len;
3102 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3103 * 4-byte padding), and be sure to zero those trailing
3106 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3107 size += ((-size) & 3) + 8;
3109 vap = data->ni->ni_vap;
3110 if (ieee80211_radiotap_active_vap(vap)) {
3111 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3112 struct rt2860_txwi *txwi =
3113 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3115 tap->wt_rate = rt2860_rates[data->ridx].rate;
3116 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3117 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3118 tap->wt_hwqueue = index;
3119 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3120 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3122 ieee80211_radiotap_tx(vap, m);
3125 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3126 m->m_pkthdr.len, size, index);
3128 usbd_xfer_set_frame_len(xfer, 0, size);
3129 usbd_xfer_set_priv(xfer, data);
3131 usbd_transfer_submit(xfer);
3140 DPRINTF("USB transfer error, %s\n",
3141 usbd_errstr(error));
3143 data = usbd_xfer_get_priv(xfer);
3148 if(data->ni != NULL)
3149 vap = data->ni->ni_vap;
3150 run_tx_free(pq, data, error);
3151 usbd_xfer_set_priv(xfer, NULL);
3154 vap = TAILQ_FIRST(&ic->ic_vaps);
3156 if (error != USB_ERR_CANCELLED) {
3157 if (error == USB_ERR_TIMEOUT) {
3158 device_printf(sc->sc_dev, "device timeout\n");
3159 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3160 DPRINTF("cmdq_store=%d\n", i);
3161 sc->cmdq[i].func = run_usb_timeout_cb;
3162 sc->cmdq[i].arg0 = vap;
3163 ieee80211_runtask(ic, &sc->cmdq_task);
3167 * Try to clear stall first, also if other
3168 * errors occur, hence clearing stall
3169 * introduces a 50 ms delay:
3171 usbd_xfer_set_stall(xfer);
3179 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3181 run_bulk_tx_callbackN(xfer, error, 0);
3185 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3187 run_bulk_tx_callbackN(xfer, error, 1);
3191 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3193 run_bulk_tx_callbackN(xfer, error, 2);
3197 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3199 run_bulk_tx_callbackN(xfer, error, 3);
3203 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3205 run_bulk_tx_callbackN(xfer, error, 4);
3209 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3211 run_bulk_tx_callbackN(xfer, error, 5);
3215 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3217 struct mbuf *m = data->m;
3218 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3219 struct ieee80211vap *vap = data->ni->ni_vap;
3220 struct ieee80211_frame *wh;
3221 struct rt2870_txd *txd;
3222 struct rt2860_txwi *txwi;
3223 uint16_t xferlen, txwisize;
3225 uint8_t ridx = data->ridx;
3228 /* get MCS code from rate index */
3229 mcs = rt2860_rates[ridx].mcs;
3231 txwisize = (sc->mac_ver == 0x5592) ?
3232 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3233 xferlen = txwisize + m->m_pkthdr.len;
3235 /* roundup to 32-bit alignment */
3236 xferlen = (xferlen + 3) & ~3;
3238 txd = (struct rt2870_txd *)&data->desc;
3239 txd->len = htole16(xferlen);
3241 wh = mtod(m, struct ieee80211_frame *);
3244 * Ether both are true or both are false, the header
3245 * are nicely aligned to 32-bit. So, no L2 padding.
3247 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3252 /* setup TX Wireless Information */
3253 txwi = (struct rt2860_txwi *)(txd + 1);
3254 txwi->len = htole16(m->m_pkthdr.len - pad);
3255 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3256 mcs |= RT2860_PHY_CCK;
3257 if (ridx != RT2860_RIDX_CCK1 &&
3258 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3259 mcs |= RT2860_PHY_SHPRE;
3261 mcs |= RT2860_PHY_OFDM;
3262 txwi->phy = htole16(mcs);
3264 /* check if RTS/CTS or CTS-to-self protection is required */
3265 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3266 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3267 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3268 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3269 txwi->txop |= RT2860_TX_TXOP_HT;
3271 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3273 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3274 txwi->xflags |= RT2860_TX_NSEQ;
3277 /* This function must be called locked */
3279 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3281 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3282 struct ieee80211vap *vap = ni->ni_vap;
3283 struct ieee80211_frame *wh;
3284 struct ieee80211_channel *chan;
3285 const struct ieee80211_txparam *tp;
3286 struct run_node *rn = (void *)ni;
3287 struct run_tx_data *data;
3288 struct rt2870_txd *txd;
3289 struct rt2860_txwi *txwi;
3301 RUN_LOCK_ASSERT(sc, MA_OWNED);
3303 wh = mtod(m, struct ieee80211_frame *);
3305 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3308 * There are 7 bulk endpoints: 1 for RX
3309 * and 6 for TX (4 EDCAs + HCCA + Prio).
3310 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3311 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3313 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3316 if(IEEE80211_HAS_ADDR4(wh))
3317 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3319 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3321 qos = le16toh(*(const uint16_t *)frm);
3322 tid = qos & IEEE80211_QOS_TID;
3323 qid = TID_TO_WME_AC(tid);
3329 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3331 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3332 qos, qid, tid, qflags);
3334 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3335 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3337 /* pickup a rate index */
3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3339 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3340 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3341 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3342 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3344 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3345 ridx = rn->fix_ridx;
3347 ridx = rn->amrr_ridx;
3348 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3351 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3352 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3353 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3354 xflags |= RT2860_TX_ACK;
3355 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3356 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3358 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3359 USETW(wh->i_dur, dur);
3362 /* reserve slots for mgmt packets, just in case */
3363 if (sc->sc_epq[qid].tx_nfree < 3) {
3364 DPRINTFN(10, "tx ring %d is full\n", qid);
3368 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3369 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3370 sc->sc_epq[qid].tx_nfree--;
3372 txd = (struct rt2870_txd *)&data->desc;
3373 txd->flags = qflags;
3374 txwi = (struct rt2860_txwi *)(txd + 1);
3375 txwi->xflags = xflags;
3376 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3379 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3380 1 : RUN_AID2WCID(ni->ni_associd);
3382 /* clear leftover garbage bits */
3390 run_set_tx_desc(sc, data);
3393 * The chip keeps track of 2 kind of Tx stats,
3394 * * TX_STAT_FIFO, for per WCID stats, and
3395 * * TX_STA_CNT0 for all-TX-in-one stats.
3397 * To use FIFO stats, we need to store MCS into the driver-private
3398 * PacketID field. So that, we can tell whose stats when we read them.
3399 * We add 1 to the MCS because setting the PacketID field to 0 means
3400 * that we don't want feedback in TX_STAT_FIFO.
3401 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3403 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3405 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3406 vap->iv_opmode == IEEE80211_M_MBSS) {
3407 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3408 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3411 * Unlike PCI based devices, we don't get any interrupt from
3412 * USB devices, so we simulate FIFO-is-full interrupt here.
3413 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3414 * quickly get fulled. To prevent overflow, increment a counter on
3415 * every FIFO stat request, so we know how many slots are left.
3416 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3417 * are used only in those modes.
3418 * We just drain stats. AMRR gets updated every 1 sec by
3419 * run_ratectl_cb() via callout.
3420 * Call it early. Otherwise overflow.
3422 if (sc->fifo_cnt++ == 10) {
3424 * With multiple vaps or if_bridge, if_start() is called
3425 * with a non-sleepable lock, tcpinp. So, need to defer.
3427 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3428 DPRINTFN(6, "cmdq_store=%d\n", i);
3429 sc->cmdq[i].func = run_drain_fifo;
3430 sc->cmdq[i].arg0 = sc;
3431 ieee80211_runtask(ic, &sc->cmdq_task);
3435 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3437 usbd_transfer_start(sc->sc_xfer[qid]);
3439 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3440 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3441 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3447 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3449 struct ifnet *ifp = sc->sc_ifp;
3450 struct ieee80211com *ic = ifp->if_l2com;
3451 struct run_node *rn = (void *)ni;
3452 struct run_tx_data *data;
3453 struct ieee80211_frame *wh;
3454 struct rt2870_txd *txd;
3455 struct rt2860_txwi *txwi;
3457 uint8_t ridx = rn->mgt_ridx;
3462 RUN_LOCK_ASSERT(sc, MA_OWNED);
3464 wh = mtod(m, struct ieee80211_frame *);
3466 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3468 /* tell hardware to add timestamp for probe responses */
3470 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3471 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3472 wflags |= RT2860_TX_TS;
3473 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3474 xflags |= RT2860_TX_ACK;
3476 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3477 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3478 USETW(wh->i_dur, dur);
3481 if (sc->sc_epq[0].tx_nfree == 0) {
3482 /* let caller free mbuf */
3483 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3486 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3487 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3488 sc->sc_epq[0].tx_nfree--;
3490 txd = (struct rt2870_txd *)&data->desc;
3491 txd->flags = RT2860_TX_QSEL_EDCA;
3492 txwi = (struct rt2860_txwi *)(txd + 1);
3494 txwi->flags = wflags;
3495 txwi->xflags = xflags;
3496 txwi->txop = 0; /* clear leftover garbage bits */
3502 run_set_tx_desc(sc, data);
3504 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3505 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3506 rt2860_rates[ridx].rate);
3508 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3510 usbd_transfer_start(sc->sc_xfer[0]);
3516 run_sendprot(struct run_softc *sc,
3517 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3519 struct ieee80211com *ic = ni->ni_ic;
3520 struct ieee80211_frame *wh;
3521 struct run_tx_data *data;
3522 struct rt2870_txd *txd;
3523 struct rt2860_txwi *txwi;
3535 RUN_LOCK_ASSERT(sc, MA_OWNED);
3537 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3538 ("protection %d", prot));
3540 wh = mtod(m, struct ieee80211_frame *);
3541 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3542 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3544 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3545 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3547 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3548 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3549 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3550 wflags = RT2860_TX_FRAG;
3552 /* check that there are free slots before allocating the mbuf */
3553 if (sc->sc_epq[0].tx_nfree == 0) {
3554 /* let caller free mbuf */
3555 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3559 if (prot == IEEE80211_PROT_RTSCTS) {
3560 /* NB: CTS is the same size as an ACK */
3561 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3562 xflags |= RT2860_TX_ACK;
3563 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3565 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3567 if (mprot == NULL) {
3568 sc->sc_ifp->if_oerrors++;
3569 DPRINTF("could not allocate mbuf\n");
3573 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3574 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3575 sc->sc_epq[0].tx_nfree--;
3577 txd = (struct rt2870_txd *)&data->desc;
3578 txd->flags = RT2860_TX_QSEL_EDCA;
3579 txwi = (struct rt2860_txwi *)(txd + 1);
3581 txwi->flags = wflags;
3582 txwi->xflags = xflags;
3583 txwi->txop = 0; /* clear leftover garbage bits */
3586 data->ni = ieee80211_ref_node(ni);
3588 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3589 if (rt2860_rates[ridx].rate == protrate)
3593 run_set_tx_desc(sc, data);
3595 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3596 m->m_pkthdr.len, rate);
3598 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3600 usbd_transfer_start(sc->sc_xfer[0]);
3606 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3607 const struct ieee80211_bpf_params *params)
3609 struct ieee80211com *ic = ni->ni_ic;
3610 struct ieee80211_frame *wh;
3611 struct run_tx_data *data;
3612 struct rt2870_txd *txd;
3613 struct rt2860_txwi *txwi;
3617 uint8_t opflags = 0;
3621 RUN_LOCK_ASSERT(sc, MA_OWNED);
3623 KASSERT(params != NULL, ("no raw xmit params"));
3625 wh = mtod(m, struct ieee80211_frame *);
3626 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3628 rate = params->ibp_rate0;
3629 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3630 /* let caller free mbuf */
3634 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3635 xflags |= RT2860_TX_ACK;
3636 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3637 error = run_sendprot(sc, m, ni,
3638 params->ibp_flags & IEEE80211_BPF_RTS ?
3639 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3642 /* let caller free mbuf */
3645 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3648 if (sc->sc_epq[0].tx_nfree == 0) {
3649 /* let caller free mbuf */
3650 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3651 DPRINTF("sending raw frame, but tx ring is full\n");
3654 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3655 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3656 sc->sc_epq[0].tx_nfree--;
3658 txd = (struct rt2870_txd *)&data->desc;
3659 txd->flags = RT2860_TX_QSEL_EDCA;
3660 txwi = (struct rt2860_txwi *)(txd + 1);
3662 txwi->xflags = xflags;
3663 txwi->txop = opflags;
3664 txwi->flags = 0; /* clear leftover garbage bits */
3668 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3669 if (rt2860_rates[ridx].rate == rate)
3673 run_set_tx_desc(sc, data);
3675 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3676 m->m_pkthdr.len, rate);
3678 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3680 usbd_transfer_start(sc->sc_xfer[0]);
3686 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3687 const struct ieee80211_bpf_params *params)
3689 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3690 struct run_softc *sc = ifp->if_softc;
3695 /* prevent management frames from being sent if we're not ready */
3696 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3701 if (params == NULL) {
3703 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3705 DPRINTF("mgt tx failed\n");
3709 /* tx raw packet with param */
3710 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3712 DPRINTF("tx with param failed\n");
3725 ieee80211_free_node(ni);
3732 run_start(struct ifnet *ifp)
3734 struct run_softc *sc = ifp->if_softc;
3735 struct ieee80211_node *ni;
3740 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3746 /* send data frames */
3747 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3751 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3752 if (run_tx(sc, m, ni) != 0) {
3753 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3754 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3763 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3765 struct run_softc *sc = ifp->if_softc;
3766 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3767 struct ifreq *ifr = (struct ifreq *) data;
3772 error = sc->sc_detached ? ENXIO : 0;
3780 if (ifp->if_flags & IFF_UP) {
3781 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3783 run_init_locked(sc);
3785 run_update_promisc_locked(ifp);
3787 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3788 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3794 ieee80211_start_all(ic);
3797 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3800 error = ether_ioctl(ifp, cmd, data);
3811 run_iq_calib(struct run_softc *sc, u_int chan)
3816 run_bbp_write(sc, 158, 0x2c);
3818 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3819 else if (chan <= 64) {
3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3823 } else if (chan <= 138) {
3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3827 } else if (chan <= 165) {
3829 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3833 run_bbp_write(sc, 159, val);
3836 run_bbp_write(sc, 158, 0x2d);
3838 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3840 } else if (chan <= 64) {
3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3844 } else if (chan <= 138) {
3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3848 } else if (chan <= 165) {
3850 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3854 run_bbp_write(sc, 159, val);
3857 run_bbp_write(sc, 158, 0x4a);
3859 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3861 } else if (chan <= 64) {
3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3865 } else if (chan <= 138) {
3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3869 } else if (chan <= 165) {
3871 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3875 run_bbp_write(sc, 159, val);
3878 run_bbp_write(sc, 158, 0x4b);
3880 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3882 } else if (chan <= 64) {
3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3886 } else if (chan <= 138) {
3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3890 } else if (chan <= 165) {
3892 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3896 run_bbp_write(sc, 159, val);
3898 /* RF IQ compensation control. */
3899 run_bbp_write(sc, 158, 0x04);
3900 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3902 run_bbp_write(sc, 159, val);
3904 /* RF IQ imbalance compensation control. */
3905 run_bbp_write(sc, 158, 0x03);
3907 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3908 run_bbp_write(sc, 159, val);
3912 run_set_agc(struct run_softc *sc, uint8_t agc)
3916 if (sc->mac_ver == 0x3572) {
3917 run_bbp_read(sc, 27, &bbp);
3919 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3920 run_bbp_write(sc, 66, agc);
3921 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3922 run_bbp_write(sc, 66, agc);
3924 run_bbp_write(sc, 66, agc);
3928 run_select_chan_group(struct run_softc *sc, int group)
3933 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3934 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3935 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3936 if (sc->mac_ver < 0x3572)
3937 run_bbp_write(sc, 86, 0x00);
3939 if (sc->mac_ver == 0x3593) {
3940 run_bbp_write(sc, 77, 0x98);
3941 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3945 if (sc->ext_2ghz_lna) {
3946 if (sc->mac_ver >= 0x5390)
3947 run_bbp_write(sc, 75, 0x52);
3949 run_bbp_write(sc, 82, 0x62);
3950 run_bbp_write(sc, 75, 0x46);
3953 if (sc->mac_ver == 0x5592) {
3954 run_bbp_write(sc, 79, 0x1c);
3955 run_bbp_write(sc, 80, 0x0e);
3956 run_bbp_write(sc, 81, 0x3a);
3957 run_bbp_write(sc, 82, 0x62);
3959 run_bbp_write(sc, 195, 0x80);
3960 run_bbp_write(sc, 196, 0xe0);
3961 run_bbp_write(sc, 195, 0x81);
3962 run_bbp_write(sc, 196, 0x1f);
3963 run_bbp_write(sc, 195, 0x82);
3964 run_bbp_write(sc, 196, 0x38);
3965 run_bbp_write(sc, 195, 0x83);
3966 run_bbp_write(sc, 196, 0x32);
3967 run_bbp_write(sc, 195, 0x85);
3968 run_bbp_write(sc, 196, 0x28);
3969 run_bbp_write(sc, 195, 0x86);
3970 run_bbp_write(sc, 196, 0x19);
3971 } else if (sc->mac_ver >= 0x5390)
3972 run_bbp_write(sc, 75, 0x50);
3974 run_bbp_write(sc, 82,
3975 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3976 run_bbp_write(sc, 75, 0x50);
3980 if (sc->mac_ver == 0x5592) {
3981 run_bbp_write(sc, 79, 0x18);
3982 run_bbp_write(sc, 80, 0x08);
3983 run_bbp_write(sc, 81, 0x38);
3984 run_bbp_write(sc, 82, 0x92);
3986 run_bbp_write(sc, 195, 0x80);
3987 run_bbp_write(sc, 196, 0xf0);
3988 run_bbp_write(sc, 195, 0x81);
3989 run_bbp_write(sc, 196, 0x1e);
3990 run_bbp_write(sc, 195, 0x82);
3991 run_bbp_write(sc, 196, 0x28);
3992 run_bbp_write(sc, 195, 0x83);
3993 run_bbp_write(sc, 196, 0x20);
3994 run_bbp_write(sc, 195, 0x85);
3995 run_bbp_write(sc, 196, 0x7f);
3996 run_bbp_write(sc, 195, 0x86);
3997 run_bbp_write(sc, 196, 0x7f);
3998 } else if (sc->mac_ver == 0x3572)
3999 run_bbp_write(sc, 82, 0x94);
4001 run_bbp_write(sc, 82,
4002 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4003 if (sc->ext_5ghz_lna)
4004 run_bbp_write(sc, 75, 0x46);
4006 run_bbp_write(sc, 75, 0x50);
4009 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4010 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4011 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4012 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4014 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4015 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4016 if (sc->mac_ver == 0x3593)
4017 tmp |= 1 << 29 | 1 << 28;
4018 if (sc->nrxchains > 1)
4019 tmp |= RT2860_LNA_PE1_EN;
4020 if (group == 0) { /* 2GHz */
4021 tmp |= RT2860_PA_PE_G0_EN;
4022 if (sc->ntxchains > 1)
4023 tmp |= RT2860_PA_PE_G1_EN;
4024 if (sc->mac_ver == 0x3593) {
4025 if (sc->ntxchains > 2)
4029 tmp |= RT2860_PA_PE_A0_EN;
4030 if (sc->ntxchains > 1)
4031 tmp |= RT2860_PA_PE_A1_EN;
4033 if (sc->mac_ver == 0x3572) {
4034 run_rt3070_rf_write(sc, 8, 0x00);
4035 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4036 run_rt3070_rf_write(sc, 8, 0x80);
4038 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4040 if (sc->mac_ver == 0x5592) {
4041 run_bbp_write(sc, 195, 0x8d);
4042 run_bbp_write(sc, 196, 0x1a);
4045 if (sc->mac_ver == 0x3593) {
4046 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4050 tmp = (tmp & ~0x00009090) | 0x00000090;
4051 run_write(sc, RT2860_GPIO_CTRL, tmp);
4054 /* set initial AGC value */
4055 if (group == 0) { /* 2GHz band */
4056 if (sc->mac_ver >= 0x3070)
4057 agc = 0x1c + sc->lna[0] * 2;
4059 agc = 0x2e + sc->lna[0];
4060 } else { /* 5GHz band */
4061 if (sc->mac_ver == 0x5592)
4062 agc = 0x24 + sc->lna[group] * 2;
4063 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4064 agc = 0x22 + (sc->lna[group] * 5) / 3;
4066 agc = 0x32 + (sc->lna[group] * 5) / 3;
4068 run_set_agc(sc, agc);
4072 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4074 const struct rfprog *rfprog = rt2860_rf2850;
4075 uint32_t r2, r3, r4;
4076 int8_t txpow1, txpow2;
4079 /* find the settings for this channel (we know it exists) */
4080 for (i = 0; rfprog[i].chan != chan; i++);
4083 if (sc->ntxchains == 1)
4084 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4085 if (sc->nrxchains == 1)
4086 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4087 else if (sc->nrxchains == 2)
4088 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4090 /* use Tx power values from EEPROM */
4091 txpow1 = sc->txpow1[i];
4092 txpow2 = sc->txpow2[i];
4094 /* Initialize RF R3 and R4. */
4095 r3 = rfprog[i].r3 & 0xffffc1ff;
4096 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4099 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4100 r3 |= (txpow1 << 10) | (1 << 9);
4104 /* txpow1 is not possible larger than 15. */
4105 r3 |= (txpow1 << 10);
4108 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4109 r4 |= (txpow2 << 7) | (1 << 6);
4112 r4 |= (txpow2 << 7);
4115 /* Set Tx0 power. */
4116 r3 |= (txpow1 << 9);
4118 /* Set frequency offset and Tx1 power. */
4119 r4 |= (txpow2 << 6);
4122 run_rt2870_rf_write(sc, rfprog[i].r1);
4123 run_rt2870_rf_write(sc, r2);
4124 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4125 run_rt2870_rf_write(sc, r4);
4129 run_rt2870_rf_write(sc, rfprog[i].r1);
4130 run_rt2870_rf_write(sc, r2);
4131 run_rt2870_rf_write(sc, r3 | (1 << 2));
4132 run_rt2870_rf_write(sc, r4);
4136 run_rt2870_rf_write(sc, rfprog[i].r1);
4137 run_rt2870_rf_write(sc, r2);
4138 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4139 run_rt2870_rf_write(sc, r4);
4143 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4145 int8_t txpow1, txpow2;
4149 /* find the settings for this channel (we know it exists) */
4150 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4152 /* use Tx power values from EEPROM */
4153 txpow1 = sc->txpow1[i];
4154 txpow2 = sc->txpow2[i];
4156 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4158 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4159 run_rt3070_rf_read(sc, 3, &rf);
4160 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4161 run_rt3070_rf_write(sc, 3, rf);
4163 run_rt3070_rf_read(sc, 6, &rf);
4164 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4165 run_rt3070_rf_write(sc, 6, rf);
4168 run_rt3070_rf_read(sc, 12, &rf);
4169 rf = (rf & ~0x1f) | txpow1;
4170 run_rt3070_rf_write(sc, 12, rf);
4173 run_rt3070_rf_read(sc, 13, &rf);
4174 rf = (rf & ~0x1f) | txpow2;
4175 run_rt3070_rf_write(sc, 13, rf);
4177 run_rt3070_rf_read(sc, 1, &rf);
4179 if (sc->ntxchains == 1)
4180 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4181 else if (sc->ntxchains == 2)
4182 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4183 if (sc->nrxchains == 1)
4184 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4185 else if (sc->nrxchains == 2)
4186 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4187 run_rt3070_rf_write(sc, 1, rf);
4190 run_rt3070_rf_read(sc, 23, &rf);
4191 rf = (rf & ~0x7f) | sc->freq;
4192 run_rt3070_rf_write(sc, 23, rf);
4194 /* program RF filter */
4195 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4196 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4197 run_rt3070_rf_write(sc, 24, rf);
4198 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4199 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4200 run_rt3070_rf_write(sc, 31, rf);
4202 /* enable RF tuning */
4203 run_rt3070_rf_read(sc, 7, &rf);
4204 run_rt3070_rf_write(sc, 7, rf | 0x01);
4208 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4210 int8_t txpow1, txpow2;
4215 /* find the settings for this channel (we know it exists) */
4216 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4218 /* use Tx power values from EEPROM */
4219 txpow1 = sc->txpow1[i];
4220 txpow2 = sc->txpow2[i];
4223 run_bbp_write(sc, 25, sc->bbp25);
4224 run_bbp_write(sc, 26, sc->bbp26);
4226 /* enable IQ phase correction */
4227 run_bbp_write(sc, 25, 0x09);
4228 run_bbp_write(sc, 26, 0xff);
4231 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4232 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4233 run_rt3070_rf_read(sc, 6, &rf);
4234 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4235 rf |= (chan <= 14) ? 0x08 : 0x04;
4236 run_rt3070_rf_write(sc, 6, rf);
4239 run_rt3070_rf_read(sc, 5, &rf);
4240 rf &= ~(0x08 | 0x04);
4241 rf |= (chan <= 14) ? 0x04 : 0x08;
4242 run_rt3070_rf_write(sc, 5, rf);
4244 /* set Tx power for chain 0 */
4248 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4249 run_rt3070_rf_write(sc, 12, rf);
4251 /* set Tx power for chain 1 */
4255 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4256 run_rt3070_rf_write(sc, 13, rf);
4258 /* set Tx/Rx streams */
4259 run_rt3070_rf_read(sc, 1, &rf);
4261 if (sc->ntxchains == 1)
4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4263 else if (sc->ntxchains == 2)
4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4265 if (sc->nrxchains == 1)
4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4267 else if (sc->nrxchains == 2)
4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4269 run_rt3070_rf_write(sc, 1, rf);
4272 run_rt3070_rf_read(sc, 23, &rf);
4273 rf = (rf & ~0x7f) | sc->freq;
4274 run_rt3070_rf_write(sc, 23, rf);
4276 /* program RF filter */
4277 rf = sc->rf24_20mhz;
4278 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4279 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4281 /* enable RF tuning */
4282 run_rt3070_rf_read(sc, 7, &rf);
4283 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4284 run_rt3070_rf_write(sc, 7, rf);
4287 rf = (chan <= 14) ? 0xc3 : 0xc0;
4288 run_rt3070_rf_write(sc, 9, rf);
4290 /* set loop filter 1 */
4291 run_rt3070_rf_write(sc, 10, 0xf1);
4292 /* set loop filter 2 */
4293 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4296 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4299 rf = 0x48 | sc->txmixgain_2ghz;
4301 rf = 0x78 | sc->txmixgain_5ghz;
4302 run_rt3070_rf_write(sc, 16, rf);
4305 run_rt3070_rf_write(sc, 17, 0x23);
4309 else if (chan <= 64)
4311 else if (chan <= 128)
4315 run_rt3070_rf_write(sc, 19, rf);
4320 else if (chan <= 64)
4322 else if (chan <= 128)
4326 run_rt3070_rf_write(sc, 20, rf);
4331 else if (chan <= 64)
4335 run_rt3070_rf_write(sc, 25, rf);
4338 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4340 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4342 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4344 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4348 run_write(sc, RT2860_GPIO_CTRL, tmp);
4350 /* enable RF tuning */
4351 run_rt3070_rf_read(sc, 7, &rf);
4352 run_rt3070_rf_write(sc, 7, rf | 0x01);
4358 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4360 int8_t txpow1, txpow2, txpow3;
4364 /* find the settings for this channel (we know it exists) */
4365 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4367 /* use Tx power values from EEPROM */
4368 txpow1 = sc->txpow1[i];
4369 txpow2 = sc->txpow2[i];
4370 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4373 run_bbp_write(sc, 25, sc->bbp25);
4374 run_bbp_write(sc, 26, sc->bbp26);
4376 /* Enable IQ phase correction. */
4377 run_bbp_write(sc, 25, 0x09);
4378 run_bbp_write(sc, 26, 0xff);
4381 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4382 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4383 run_rt3070_rf_read(sc, 11, &rf);
4384 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4385 run_rt3070_rf_write(sc, 11, rf);
4388 run_rt3070_rf_read(sc, 11, &rf);
4390 rf |= (chan <= 14) ? 0x44 : 0x48;
4391 run_rt3070_rf_write(sc, 11, rf);
4396 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4397 run_rt3070_rf_write(sc, 53, rf);
4402 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4403 run_rt3070_rf_write(sc, 55, rf);
4408 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4409 run_rt3070_rf_write(sc, 54, rf);
4411 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4412 if (sc->ntxchains == 3)
4413 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4415 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4416 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4417 run_rt3070_rf_write(sc, 1, rf);
4419 run_adjust_freq_offset(sc);
4421 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4423 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4424 run_rt3070_rf_read(sc, 30, &rf);
4425 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4426 run_rt3070_rf_write(sc, 30, rf);
4428 run_rt3070_rf_read(sc, 36, &rf);
4433 run_rt3070_rf_write(sc, 36, rf);
4436 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4437 /* Set pfd_delay. */
4438 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4440 /* Set vco bias current control. */
4441 run_rt3070_rf_read(sc, 6, &rf);
4445 else if (chan <= 128)
4449 run_rt3070_rf_write(sc, 6, rf);
4451 run_rt3070_rf_read(sc, 30, &rf);
4452 rf = (rf & ~0x18) | 0x10;
4453 run_rt3070_rf_write(sc, 30, rf);
4455 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4456 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4458 run_rt3070_rf_read(sc, 51, &rf);
4459 rf = (rf & ~0x03) | 0x01;
4460 run_rt3070_rf_write(sc, 51, rf);
4461 /* Set tx_mx1_cc. */
4462 run_rt3070_rf_read(sc, 51, &rf);
4464 rf |= (chan <= 14) ? 0x14 : 0x10;
4465 run_rt3070_rf_write(sc, 51, rf);
4466 /* Set tx_mx1_ic. */
4467 run_rt3070_rf_read(sc, 51, &rf);
4469 rf |= (chan <= 14) ? 0x60 : 0x40;
4470 run_rt3070_rf_write(sc, 51, rf);
4471 /* Set tx_lo1_ic. */
4472 run_rt3070_rf_read(sc, 49, &rf);
4474 rf |= (chan <= 14) ? 0x0c : 0x08;
4475 run_rt3070_rf_write(sc, 49, rf);
4476 /* Set tx_lo1_en. */
4477 run_rt3070_rf_read(sc, 50, &rf);
4478 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4480 run_rt3070_rf_read(sc, 57, &rf);
4482 rf |= (chan <= 14) ? 0x6c : 0x3c;
4483 run_rt3070_rf_write(sc, 57, rf);
4484 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4485 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4486 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4487 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4488 /* Enable VCO calibration. */
4489 run_rt3070_rf_read(sc, 3, &rf);
4490 rf &= ~RT5390_VCOCAL;
4491 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4492 run_rt3070_rf_write(sc, 3, rf);
4496 else if (chan <= 64)
4498 else if (chan <= 128)
4502 run_rt3070_rf_write(sc, 39, rf);
4505 else if (chan <= 64)
4507 else if (chan <= 128)
4511 run_rt3070_rf_write(sc, 45, rf);
4513 /* Set FEQ/AEQ control. */
4514 run_bbp_write(sc, 105, 0x34);
4518 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4520 int8_t txpow1, txpow2;
4524 /* find the settings for this channel (we know it exists) */
4525 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4527 /* use Tx power values from EEPROM */
4528 txpow1 = sc->txpow1[i];
4529 txpow2 = sc->txpow2[i];
4531 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4532 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4533 run_rt3070_rf_read(sc, 11, &rf);
4534 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4535 run_rt3070_rf_write(sc, 11, rf);
4537 run_rt3070_rf_read(sc, 49, &rf);
4538 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4539 /* The valid range of the RF R49 is 0x00 to 0x27. */
4540 if ((rf & 0x3f) > 0x27)
4541 rf = (rf & ~0x3f) | 0x27;
4542 run_rt3070_rf_write(sc, 49, rf);
4544 if (sc->mac_ver == 0x5392) {
4545 run_rt3070_rf_read(sc, 50, &rf);
4546 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4547 /* The valid range of the RF R50 is 0x00 to 0x27. */
4548 if ((rf & 0x3f) > 0x27)
4549 rf = (rf & ~0x3f) | 0x27;
4550 run_rt3070_rf_write(sc, 50, rf);
4553 run_rt3070_rf_read(sc, 1, &rf);
4554 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4555 if (sc->mac_ver == 0x5392)
4556 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4557 run_rt3070_rf_write(sc, 1, rf);
4559 if (sc->mac_ver != 0x5392) {
4560 run_rt3070_rf_read(sc, 2, &rf);
4562 run_rt3070_rf_write(sc, 2, rf);
4565 run_rt3070_rf_write(sc, 2, rf);
4568 run_adjust_freq_offset(sc);
4570 if (sc->mac_ver == 0x5392) {
4571 /* Fix for RT5392C. */
4572 if (sc->mac_rev >= 0x0223) {
4575 else if (chan >= 5 && chan <= 7)
4579 run_rt3070_rf_write(sc, 23, rf);
4585 else if (chan >= 6 && chan <= 7)
4587 else if (chan >= 8 && chan <= 10)
4591 run_rt3070_rf_write(sc, 59, rf);
4597 run_rt3070_rf_write(sc, 59, rf);
4600 /* Fix for RT5390F. */
4601 if (sc->mac_rev >= 0x0502) {
4606 run_rt3070_rf_write(sc, 55, rf);
4610 else if (chan == 12)
4614 run_rt3070_rf_write(sc, 59, rf);
4616 run_rt3070_rf_write(sc, 55, 0x44);
4617 run_rt3070_rf_write(sc, 59, 0x8f);
4621 /* Enable VCO calibration. */
4622 run_rt3070_rf_read(sc, 3, &rf);
4623 rf |= RT5390_VCOCAL;
4624 run_rt3070_rf_write(sc, 3, rf);
4628 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4630 const struct rt5592_freqs *freqs;
4632 uint8_t reg, rf, txpow_bound;
4633 int8_t txpow1, txpow2;
4636 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4637 freqs = (tmp & RT5592_SEL_XTAL) ?
4638 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4640 /* find the settings for this channel (we know it exists) */
4641 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4643 /* use Tx power values from EEPROM */
4644 txpow1 = sc->txpow1[i];
4645 txpow2 = sc->txpow2[i];
4647 run_read(sc, RT3070_LDO_CFG0, &tmp);
4651 run_write(sc, RT3070_LDO_CFG0, tmp);
4654 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4655 run_rt3070_rf_read(sc, 9, &rf);
4657 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4658 run_rt3070_rf_write(sc, 9, rf);
4661 run_rt3070_rf_read(sc, 9, &rf);
4663 rf |= (freqs->k & 0x0f);
4664 run_rt3070_rf_write(sc, 9, rf);
4667 run_rt3070_rf_read(sc, 11, &rf);
4669 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4670 run_rt3070_rf_write(sc, 11, rf);
4671 run_rt3070_rf_read(sc, 9, &rf);
4673 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4674 run_rt3070_rf_write(sc, 9, rf);
4677 run_rt3070_rf_read(sc, 11, &rf);
4679 rf |= (freqs->r - 0x1);
4680 run_rt3070_rf_write(sc, 11, rf);
4683 /* Initialize RF registers for 2GHZ. */
4684 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4685 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4686 rt5592_2ghz_def_rf[i].val);
4689 rf = (chan <= 10) ? 0x07 : 0x06;
4690 run_rt3070_rf_write(sc, 23, rf);
4691 run_rt3070_rf_write(sc, 59, rf);
4693 run_rt3070_rf_write(sc, 55, 0x43);
4696 * RF R49/R50 Tx power ALC code.
4697 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4702 /* Initialize RF registers for 5GHZ. */
4703 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4704 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4705 rt5592_5ghz_def_rf[i].val);
4707 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4708 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4709 chan <= rt5592_chan_5ghz[i].lastchan) {
4710 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4711 rt5592_chan_5ghz[i].val);
4716 * RF R49/R50 Tx power ALC code.
4717 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4723 /* RF R49 ch0 Tx power ALC code. */
4724 run_rt3070_rf_read(sc, 49, &rf);
4727 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4728 if ((rf & 0x3f) > txpow_bound)
4729 rf = (rf & ~0x3f) | txpow_bound;
4730 run_rt3070_rf_write(sc, 49, rf);
4732 /* RF R50 ch1 Tx power ALC code. */
4733 run_rt3070_rf_read(sc, 50, &rf);
4734 rf &= ~(1 << 7 | 1 << 6);
4736 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4737 if ((rf & 0x3f) > txpow_bound)
4738 rf = (rf & ~0x3f) | txpow_bound;
4739 run_rt3070_rf_write(sc, 50, rf);
4741 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4742 run_rt3070_rf_read(sc, 1, &rf);
4743 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4744 if (sc->ntxchains > 1)
4745 rf |= RT3070_TX1_PD;
4746 if (sc->nrxchains > 1)
4747 rf |= RT3070_RX1_PD;
4748 run_rt3070_rf_write(sc, 1, rf);
4750 run_rt3070_rf_write(sc, 6, 0xe4);
4752 run_rt3070_rf_write(sc, 30, 0x10);
4753 run_rt3070_rf_write(sc, 31, 0x80);
4754 run_rt3070_rf_write(sc, 32, 0x80);
4756 run_adjust_freq_offset(sc);
4758 /* Enable VCO calibration. */
4759 run_rt3070_rf_read(sc, 3, &rf);
4760 rf |= RT5390_VCOCAL;
4761 run_rt3070_rf_write(sc, 3, rf);
4765 run_set_rx_antenna(struct run_softc *sc, int aux)
4771 if (sc->rf_rev == RT5390_RF_5370) {
4772 run_bbp_read(sc, 152, &bbp152);
4773 run_bbp_write(sc, 152, bbp152 & ~0x80);
4775 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4776 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4777 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4780 if (sc->rf_rev == RT5390_RF_5370) {
4781 run_bbp_read(sc, 152, &bbp152);
4782 run_bbp_write(sc, 152, bbp152 | 0x80);
4784 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4785 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4786 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4792 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4794 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4797 chan = ieee80211_chan2ieee(ic, c);
4798 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4801 if (sc->mac_ver == 0x5592)
4802 run_rt5592_set_chan(sc, chan);
4803 else if (sc->mac_ver >= 0x5390)
4804 run_rt5390_set_chan(sc, chan);
4805 else if (sc->mac_ver == 0x3593)
4806 run_rt3593_set_chan(sc, chan);
4807 else if (sc->mac_ver == 0x3572)
4808 run_rt3572_set_chan(sc, chan);
4809 else if (sc->mac_ver >= 0x3070)
4810 run_rt3070_set_chan(sc, chan);
4812 run_rt2870_set_chan(sc, chan);
4814 /* determine channel group */
4817 else if (chan <= 64)
4819 else if (chan <= 128)
4824 /* XXX necessary only when group has changed! */
4825 run_select_chan_group(sc, group);
4829 /* Perform IQ calibration. */
4830 if (sc->mac_ver >= 0x5392)
4831 run_iq_calib(sc, chan);
4837 run_set_channel(struct ieee80211com *ic)
4839 struct run_softc *sc = ic->ic_ifp->if_softc;
4842 run_set_chan(sc, ic->ic_curchan);
4849 run_scan_start(struct ieee80211com *ic)
4851 struct run_softc *sc = ic->ic_ifp->if_softc;
4856 /* abort TSF synchronization */
4857 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4858 run_write(sc, RT2860_BCN_TIME_CFG,
4859 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4860 RT2860_TBTT_TIMER_EN));
4861 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4869 run_scan_end(struct ieee80211com *ic)
4871 struct run_softc *sc = ic->ic_ifp->if_softc;
4875 run_enable_tsf_sync(sc);
4876 /* XXX keep local copy */
4877 run_set_bssid(sc, sc->sc_bssid);
4885 * Could be called from ieee80211_node_timeout()
4886 * (non-sleepable thread)
4889 run_update_beacon(struct ieee80211vap *vap, int item)
4891 struct ieee80211com *ic = vap->iv_ic;
4892 struct run_softc *sc = ic->ic_ifp->if_softc;
4893 struct run_vap *rvp = RUN_VAP(vap);
4897 KASSERT(vap != NULL, ("no beacon"));
4900 case IEEE80211_BEACON_ERP:
4901 run_updateslot(ic->ic_ifp);
4903 case IEEE80211_BEACON_HTINFO:
4906 case IEEE80211_BEACON_TIM:
4913 setbit(rvp->bo.bo_flags, item);
4914 if (rvp->beacon_mbuf == NULL) {
4915 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4917 if (rvp->beacon_mbuf == NULL)
4920 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4922 i = RUN_CMDQ_GET(&sc->cmdq_store);
4923 DPRINTF("cmdq_store=%d\n", i);
4924 sc->cmdq[i].func = run_update_beacon_cb;
4925 sc->cmdq[i].arg0 = vap;
4926 ieee80211_runtask(ic, &sc->cmdq_task);
4932 run_update_beacon_cb(void *arg)
4934 struct ieee80211vap *vap = arg;
4935 struct run_vap *rvp = RUN_VAP(vap);
4936 struct ieee80211com *ic = vap->iv_ic;
4937 struct run_softc *sc = ic->ic_ifp->if_softc;
4938 struct rt2860_txwi txwi;
4943 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4945 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4949 * No need to call ieee80211_beacon_update(), run_update_beacon()
4950 * is taking care of apropriate calls.
4952 if (rvp->beacon_mbuf == NULL) {
4953 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4955 if (rvp->beacon_mbuf == NULL)
4958 m = rvp->beacon_mbuf;
4960 memset(&txwi, 0, sizeof(txwi));
4962 txwi.len = htole16(m->m_pkthdr.len);
4964 /* send beacons at the lowest available rate */
4965 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4966 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4967 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4968 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4969 txwi.phy |= htole16(RT2860_PHY_OFDM);
4970 txwi.txop = RT2860_TX_TXOP_HT;
4971 txwi.flags = RT2860_TX_TS;
4972 txwi.xflags = RT2860_TX_NSEQ;
4974 txwisize = (sc->mac_ver == 0x5592) ?
4975 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4976 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4978 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4979 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4983 run_updateprot(struct ieee80211com *ic)
4985 struct run_softc *sc = ic->ic_ifp->if_softc;
4988 i = RUN_CMDQ_GET(&sc->cmdq_store);
4989 DPRINTF("cmdq_store=%d\n", i);
4990 sc->cmdq[i].func = run_updateprot_cb;
4991 sc->cmdq[i].arg0 = ic;
4992 ieee80211_runtask(ic, &sc->cmdq_task);
4996 run_updateprot_cb(void *arg)
4998 struct ieee80211com *ic = arg;
4999 struct run_softc *sc = ic->ic_ifp->if_softc;
5002 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5003 /* setup protection frame rate (MCS code) */
5004 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5005 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5006 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5008 /* CCK frames don't require protection */
5009 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5010 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5011 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5012 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5013 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5014 tmp |= RT2860_PROT_CTRL_CTS;
5016 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5020 run_usb_timeout_cb(void *arg)
5022 struct ieee80211vap *vap = arg;
5023 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5025 RUN_LOCK_ASSERT(sc, MA_OWNED);
5027 if(vap->iv_state == IEEE80211_S_RUN &&
5028 vap->iv_opmode != IEEE80211_M_STA)
5029 run_reset_livelock(sc);
5030 else if (vap->iv_state == IEEE80211_S_SCAN) {
5031 DPRINTF("timeout caused by scan\n");
5033 ieee80211_cancel_scan(vap);
5035 DPRINTF("timeout by unknown cause\n");
5039 run_reset_livelock(struct run_softc *sc)
5043 RUN_LOCK_ASSERT(sc, MA_OWNED);
5046 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5047 * can run into a livelock and start sending CTS-to-self frames like
5048 * crazy if protection is enabled. Reset MAC/BBP for a while
5050 run_read(sc, RT2860_DEBUG, &tmp);
5051 DPRINTFN(3, "debug reg %08x\n", tmp);
5052 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5053 DPRINTF("CTS-to-self livelock detected\n");
5054 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5056 run_write(sc, RT2860_MAC_SYS_CTRL,
5057 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5062 run_update_promisc_locked(struct ifnet *ifp)
5064 struct run_softc *sc = ifp->if_softc;
5067 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5069 tmp |= RT2860_DROP_UC_NOME;
5070 if (ifp->if_flags & IFF_PROMISC)
5071 tmp &= ~RT2860_DROP_UC_NOME;
5073 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5075 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5076 "entering" : "leaving");
5080 run_update_promisc(struct ifnet *ifp)
5082 struct run_softc *sc = ifp->if_softc;
5084 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5088 run_update_promisc_locked(ifp);
5093 run_enable_tsf_sync(struct run_softc *sc)
5095 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5096 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5099 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5102 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5104 tmp |= vap->iv_bss->ni_intval * 16;
5105 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5107 if (ic->ic_opmode == IEEE80211_M_STA) {
5109 * Local TSF is always updated with remote TSF on beacon
5112 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5113 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5114 tmp |= RT2860_BCN_TX_EN;
5116 * Local TSF is updated with remote TSF on beacon reception
5117 * only if the remote TSF is greater than local TSF.
5119 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5120 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5121 ic->ic_opmode == IEEE80211_M_MBSS) {
5122 tmp |= RT2860_BCN_TX_EN;
5123 /* SYNC with nobody */
5124 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5126 DPRINTF("Enabling TSF failed. undefined opmode\n");
5130 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5134 run_enable_mrr(struct run_softc *sc)
5136 #define CCK(mcs) (mcs)
5137 #define OFDM(mcs) (1 << 3 | (mcs))
5138 run_write(sc, RT2860_LG_FBK_CFG0,
5139 OFDM(6) << 28 | /* 54->48 */
5140 OFDM(5) << 24 | /* 48->36 */
5141 OFDM(4) << 20 | /* 36->24 */
5142 OFDM(3) << 16 | /* 24->18 */
5143 OFDM(2) << 12 | /* 18->12 */
5144 OFDM(1) << 8 | /* 12-> 9 */
5145 OFDM(0) << 4 | /* 9-> 6 */
5146 OFDM(0)); /* 6-> 6 */
5148 run_write(sc, RT2860_LG_FBK_CFG1,
5149 CCK(2) << 12 | /* 11->5.5 */
5150 CCK(1) << 8 | /* 5.5-> 2 */
5151 CCK(0) << 4 | /* 2-> 1 */
5152 CCK(0)); /* 1-> 1 */
5158 run_set_txpreamble(struct run_softc *sc)
5160 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5163 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5164 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5165 tmp |= RT2860_CCK_SHORT_EN;
5167 tmp &= ~RT2860_CCK_SHORT_EN;
5168 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5172 run_set_basicrates(struct run_softc *sc)
5174 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5176 /* set basic rates mask */
5177 if (ic->ic_curmode == IEEE80211_MODE_11B)
5178 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5179 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5180 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5182 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5186 run_set_leds(struct run_softc *sc, uint16_t which)
5188 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5189 which | (sc->leds & 0x7f));
5193 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5195 run_write(sc, RT2860_MAC_BSSID_DW0,
5196 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5197 run_write(sc, RT2860_MAC_BSSID_DW1,
5198 bssid[4] | bssid[5] << 8);
5202 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5204 run_write(sc, RT2860_MAC_ADDR_DW0,
5205 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5206 run_write(sc, RT2860_MAC_ADDR_DW1,
5207 addr[4] | addr[5] << 8 | 0xff << 16);
5211 run_updateslot(struct ifnet *ifp)
5213 struct run_softc *sc = ifp->if_softc;
5214 struct ieee80211com *ic = ifp->if_l2com;
5217 i = RUN_CMDQ_GET(&sc->cmdq_store);
5218 DPRINTF("cmdq_store=%d\n", i);
5219 sc->cmdq[i].func = run_updateslot_cb;
5220 sc->cmdq[i].arg0 = ifp;
5221 ieee80211_runtask(ic, &sc->cmdq_task);
5228 run_updateslot_cb(void *arg)
5230 struct ifnet *ifp = arg;
5231 struct run_softc *sc = ifp->if_softc;
5232 struct ieee80211com *ic = ifp->if_l2com;
5235 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5237 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5238 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5242 run_update_mcast(struct ifnet *ifp)
5244 /* h/w filter supports getting everything or nothing */
5245 ifp->if_flags |= IFF_ALLMULTI;
5249 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5251 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5252 struct ieee80211_channel *c = ic->ic_curchan;
5255 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5256 u_int chan = ieee80211_chan2ieee(ic, c);
5257 delta = sc->rssi_5ghz[rxchain];
5259 /* determine channel group */
5261 delta -= sc->lna[1];
5262 else if (chan <= 128)
5263 delta -= sc->lna[2];
5265 delta -= sc->lna[3];
5267 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5269 return (-12 - delta - rssi);
5273 run_rt5390_bbp_init(struct run_softc *sc)
5278 /* Apply maximum likelihood detection for 2 stream case. */
5279 run_bbp_read(sc, 105, &bbp);
5280 if (sc->nrxchains > 1)
5281 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5283 /* Avoid data lost and CRC error. */
5284 run_bbp_read(sc, 4, &bbp);
5285 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5287 if (sc->mac_ver == 0x5592) {
5288 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5289 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5290 rt5592_def_bbp[i].val);
5292 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5293 run_bbp_write(sc, 195, i + 0x80);
5294 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5297 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5298 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5299 rt5390_def_bbp[i].val);
5302 if (sc->mac_ver == 0x5392) {
5303 run_bbp_write(sc, 88, 0x90);
5304 run_bbp_write(sc, 95, 0x9a);
5305 run_bbp_write(sc, 98, 0x12);
5306 run_bbp_write(sc, 106, 0x12);
5307 run_bbp_write(sc, 134, 0xd0);
5308 run_bbp_write(sc, 135, 0xf6);
5309 run_bbp_write(sc, 148, 0x84);
5312 run_bbp_read(sc, 152, &bbp);
5313 run_bbp_write(sc, 152, bbp | 0x80);
5315 /* Fix BBP254 for RT5592C. */
5316 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5317 run_bbp_read(sc, 254, &bbp);
5318 run_bbp_write(sc, 254, bbp | 0x80);
5321 /* Disable hardware antenna diversity. */
5322 if (sc->mac_ver == 0x5390)
5323 run_bbp_write(sc, 154, 0);
5325 /* Initialize Rx CCK/OFDM frequency offset report. */
5326 run_bbp_write(sc, 142, 1);
5327 run_bbp_write(sc, 143, 57);
5331 run_bbp_init(struct run_softc *sc)
5333 int i, error, ntries;
5336 /* wait for BBP to wake up */
5337 for (ntries = 0; ntries < 20; ntries++) {
5338 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5340 if (bbp0 != 0 && bbp0 != 0xff)
5346 /* initialize BBP registers to default values */
5347 if (sc->mac_ver >= 0x5390)
5348 run_rt5390_bbp_init(sc);
5350 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5351 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5352 rt2860_def_bbp[i].val);
5356 if (sc->mac_ver == 0x3593) {
5357 run_bbp_write(sc, 79, 0x13);
5358 run_bbp_write(sc, 80, 0x05);
5359 run_bbp_write(sc, 81, 0x33);
5360 run_bbp_write(sc, 86, 0x46);
5361 run_bbp_write(sc, 137, 0x0f);
5364 /* fix BBP84 for RT2860E */
5365 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5366 run_bbp_write(sc, 84, 0x19);
5368 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5369 sc->mac_ver != 0x5592)) {
5370 run_bbp_write(sc, 79, 0x13);
5371 run_bbp_write(sc, 80, 0x05);
5372 run_bbp_write(sc, 81, 0x33);
5373 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5374 run_bbp_write(sc, 69, 0x16);
5375 run_bbp_write(sc, 73, 0x12);
5381 run_rt3070_rf_init(struct run_softc *sc)
5384 uint8_t bbp4, mingain, rf, target;
5387 run_rt3070_rf_read(sc, 30, &rf);
5388 /* toggle RF R30 bit 7 */
5389 run_rt3070_rf_write(sc, 30, rf | 0x80);
5391 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5393 /* initialize RF registers to default value */
5394 if (sc->mac_ver == 0x3572) {
5395 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5396 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5397 rt3572_def_rf[i].val);
5400 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5401 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5402 rt3070_def_rf[i].val);
5406 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5408 * Change voltage from 1.2V to 1.35V for RT3070.
5409 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5412 run_read(sc, RT3070_LDO_CFG0, &tmp);
5413 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5414 run_write(sc, RT3070_LDO_CFG0, tmp);
5416 } else if (sc->mac_ver == 0x3071) {
5417 run_rt3070_rf_read(sc, 6, &rf);
5418 run_rt3070_rf_write(sc, 6, rf | 0x40);
5419 run_rt3070_rf_write(sc, 31, 0x14);
5421 run_read(sc, RT3070_LDO_CFG0, &tmp);
5423 if (sc->mac_rev < 0x0211)
5424 tmp |= 0x0d000000; /* 1.3V */
5426 tmp |= 0x01000000; /* 1.2V */
5427 run_write(sc, RT3070_LDO_CFG0, tmp);
5429 /* patch LNA_PE_G1 */
5430 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5431 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5433 } else if (sc->mac_ver == 0x3572) {
5434 run_rt3070_rf_read(sc, 6, &rf);
5435 run_rt3070_rf_write(sc, 6, rf | 0x40);
5437 /* increase voltage from 1.2V to 1.35V */
5438 run_read(sc, RT3070_LDO_CFG0, &tmp);
5439 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5440 run_write(sc, RT3070_LDO_CFG0, tmp);
5442 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5443 run_delay(sc, 1); /* wait for 1msec */
5444 /* decrease voltage back to 1.2V */
5445 tmp = (tmp & ~0x1f000000) | 0x01000000;
5446 run_write(sc, RT3070_LDO_CFG0, tmp);
5450 /* select 20MHz bandwidth */
5451 run_rt3070_rf_read(sc, 31, &rf);
5452 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5454 /* calibrate filter for 20MHz bandwidth */
5455 sc->rf24_20mhz = 0x1f; /* default value */
5456 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5457 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5459 /* select 40MHz bandwidth */
5460 run_bbp_read(sc, 4, &bbp4);
5461 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5462 run_rt3070_rf_read(sc, 31, &rf);
5463 run_rt3070_rf_write(sc, 31, rf | 0x20);
5465 /* calibrate filter for 40MHz bandwidth */
5466 sc->rf24_40mhz = 0x2f; /* default value */
5467 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5468 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5470 /* go back to 20MHz bandwidth */
5471 run_bbp_read(sc, 4, &bbp4);
5472 run_bbp_write(sc, 4, bbp4 & ~0x18);
5474 if (sc->mac_ver == 0x3572) {
5475 /* save default BBP registers 25 and 26 values */
5476 run_bbp_read(sc, 25, &sc->bbp25);
5477 run_bbp_read(sc, 26, &sc->bbp26);
5478 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5479 run_rt3070_rf_write(sc, 27, 0x03);
5481 run_read(sc, RT3070_OPT_14, &tmp);
5482 run_write(sc, RT3070_OPT_14, tmp | 1);
5484 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5485 run_rt3070_rf_read(sc, 17, &rf);
5486 rf &= ~RT3070_TX_LO1;
5487 if ((sc->mac_ver == 0x3070 ||
5488 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5490 rf |= 0x20; /* fix for long range Rx issue */
5491 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5492 if (sc->txmixgain_2ghz >= mingain)
5493 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5494 run_rt3070_rf_write(sc, 17, rf);
5497 if (sc->mac_ver == 0x3071) {
5498 run_rt3070_rf_read(sc, 1, &rf);
5499 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5500 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5501 run_rt3070_rf_write(sc, 1, rf);
5503 run_rt3070_rf_read(sc, 15, &rf);
5504 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5506 run_rt3070_rf_read(sc, 20, &rf);
5507 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5509 run_rt3070_rf_read(sc, 21, &rf);
5510 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5513 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5514 /* fix Tx to Rx IQ glitch by raising RF voltage */
5515 run_rt3070_rf_read(sc, 27, &rf);
5517 if (sc->mac_rev < 0x0211)
5519 run_rt3070_rf_write(sc, 27, rf);
5525 run_rt3593_rf_init(struct run_softc *sc)
5531 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5532 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5533 tmp &= ~(1 << 4 | 1 << 7);
5534 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5536 /* Initialize RF registers to default value. */
5537 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5538 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5539 rt3593_def_rf[i].val);
5542 /* Toggle RF R2 to initiate calibration. */
5543 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5545 /* Initialize RF frequency offset. */
5546 run_adjust_freq_offset(sc);
5548 run_rt3070_rf_read(sc, 18, &rf);
5549 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5552 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5553 * decrease voltage back to 1.2V.
5555 run_read(sc, RT3070_LDO_CFG0, &tmp);
5556 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5557 run_write(sc, RT3070_LDO_CFG0, tmp);
5559 tmp = (tmp & ~0x1f000000) | 0x01000000;
5560 run_write(sc, RT3070_LDO_CFG0, tmp);
5562 sc->rf24_20mhz = 0x1f;
5563 sc->rf24_40mhz = 0x2f;
5565 /* Save default BBP registers 25 and 26 values. */
5566 run_bbp_read(sc, 25, &sc->bbp25);
5567 run_bbp_read(sc, 26, &sc->bbp26);
5569 run_read(sc, RT3070_OPT_14, &tmp);
5570 run_write(sc, RT3070_OPT_14, tmp | 1);
5574 run_rt5390_rf_init(struct run_softc *sc)
5580 /* Toggle RF R2 to initiate calibration. */
5581 if (sc->mac_ver == 0x5390) {
5582 run_rt3070_rf_read(sc, 2, &rf);
5583 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5585 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5587 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5591 /* Initialize RF registers to default value. */
5592 if (sc->mac_ver == 0x5592) {
5593 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5594 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5595 rt5592_def_rf[i].val);
5597 /* Initialize RF frequency offset. */
5598 run_adjust_freq_offset(sc);
5599 } else if (sc->mac_ver == 0x5392) {
5600 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5601 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5602 rt5392_def_rf[i].val);
5604 if (sc->mac_rev >= 0x0223) {
5605 run_rt3070_rf_write(sc, 23, 0x0f);
5606 run_rt3070_rf_write(sc, 24, 0x3e);
5607 run_rt3070_rf_write(sc, 51, 0x32);
5608 run_rt3070_rf_write(sc, 53, 0x22);
5609 run_rt3070_rf_write(sc, 56, 0xc1);
5610 run_rt3070_rf_write(sc, 59, 0x0f);
5613 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5614 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5615 rt5390_def_rf[i].val);
5617 if (sc->mac_rev >= 0x0502) {
5618 run_rt3070_rf_write(sc, 6, 0xe0);
5619 run_rt3070_rf_write(sc, 25, 0x80);
5620 run_rt3070_rf_write(sc, 46, 0x73);
5621 run_rt3070_rf_write(sc, 53, 0x00);
5622 run_rt3070_rf_write(sc, 56, 0x42);
5623 run_rt3070_rf_write(sc, 61, 0xd1);
5627 sc->rf24_20mhz = 0x1f; /* default value */
5628 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5630 if (sc->mac_rev < 0x0211)
5631 run_rt3070_rf_write(sc, 27, 0x3);
5633 run_read(sc, RT3070_OPT_14, &tmp);
5634 run_write(sc, RT3070_OPT_14, tmp | 1);
5638 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5642 uint8_t bbp55_pb, bbp55_sb, delta;
5645 /* program filter */
5646 run_rt3070_rf_read(sc, 24, &rf24);
5647 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5648 run_rt3070_rf_write(sc, 24, rf24);
5650 /* enable baseband loopback mode */
5651 run_rt3070_rf_read(sc, 22, &rf22);
5652 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5654 /* set power and frequency of passband test tone */
5655 run_bbp_write(sc, 24, 0x00);
5656 for (ntries = 0; ntries < 100; ntries++) {
5657 /* transmit test tone */
5658 run_bbp_write(sc, 25, 0x90);
5660 /* read received power */
5661 run_bbp_read(sc, 55, &bbp55_pb);
5668 /* set power and frequency of stopband test tone */
5669 run_bbp_write(sc, 24, 0x06);
5670 for (ntries = 0; ntries < 100; ntries++) {
5671 /* transmit test tone */
5672 run_bbp_write(sc, 25, 0x90);
5674 /* read received power */
5675 run_bbp_read(sc, 55, &bbp55_sb);
5677 delta = bbp55_pb - bbp55_sb;
5681 /* reprogram filter */
5683 run_rt3070_rf_write(sc, 24, rf24);
5687 rf24--; /* backtrack */
5689 run_rt3070_rf_write(sc, 24, rf24);
5692 /* restore initial state */
5693 run_bbp_write(sc, 24, 0x00);
5695 /* disable baseband loopback mode */
5696 run_rt3070_rf_read(sc, 22, &rf22);
5697 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5703 run_rt3070_rf_setup(struct run_softc *sc)
5708 if (sc->mac_ver == 0x3572) {
5709 /* enable DC filter */
5710 if (sc->mac_rev >= 0x0201)
5711 run_bbp_write(sc, 103, 0xc0);
5713 run_bbp_read(sc, 138, &bbp);
5714 if (sc->ntxchains == 1)
5715 bbp |= 0x20; /* turn off DAC1 */
5716 if (sc->nrxchains == 1)
5717 bbp &= ~0x02; /* turn off ADC1 */
5718 run_bbp_write(sc, 138, bbp);
5720 if (sc->mac_rev >= 0x0211) {
5721 /* improve power consumption */
5722 run_bbp_read(sc, 31, &bbp);
5723 run_bbp_write(sc, 31, bbp & ~0x03);
5726 run_rt3070_rf_read(sc, 16, &rf);
5727 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5728 run_rt3070_rf_write(sc, 16, rf);
5730 } else if (sc->mac_ver == 0x3071) {
5731 if (sc->mac_rev >= 0x0211) {
5732 /* enable DC filter */
5733 run_bbp_write(sc, 103, 0xc0);
5735 /* improve power consumption */
5736 run_bbp_read(sc, 31, &bbp);
5737 run_bbp_write(sc, 31, bbp & ~0x03);
5740 run_bbp_read(sc, 138, &bbp);
5741 if (sc->ntxchains == 1)
5742 bbp |= 0x20; /* turn off DAC1 */
5743 if (sc->nrxchains == 1)
5744 bbp &= ~0x02; /* turn off ADC1 */
5745 run_bbp_write(sc, 138, bbp);
5747 run_write(sc, RT2860_TX_SW_CFG1, 0);
5748 if (sc->mac_rev < 0x0211) {
5749 run_write(sc, RT2860_TX_SW_CFG2,
5750 sc->patch_dac ? 0x2c : 0x0f);
5752 run_write(sc, RT2860_TX_SW_CFG2, 0);
5754 } else if (sc->mac_ver == 0x3070) {
5755 if (sc->mac_rev >= 0x0201) {
5756 /* enable DC filter */
5757 run_bbp_write(sc, 103, 0xc0);
5759 /* improve power consumption */
5760 run_bbp_read(sc, 31, &bbp);
5761 run_bbp_write(sc, 31, bbp & ~0x03);
5764 if (sc->mac_rev < 0x0201) {
5765 run_write(sc, RT2860_TX_SW_CFG1, 0);
5766 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5768 run_write(sc, RT2860_TX_SW_CFG2, 0);
5771 /* initialize RF registers from ROM for >=RT3071*/
5772 if (sc->mac_ver >= 0x3071) {
5773 for (i = 0; i < 10; i++) {
5774 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5776 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5782 run_rt3593_rf_setup(struct run_softc *sc)
5786 if (sc->mac_rev >= 0x0211) {
5787 /* Enable DC filter. */
5788 run_bbp_write(sc, 103, 0xc0);
5790 run_write(sc, RT2860_TX_SW_CFG1, 0);
5791 if (sc->mac_rev < 0x0211) {
5792 run_write(sc, RT2860_TX_SW_CFG2,
5793 sc->patch_dac ? 0x2c : 0x0f);
5795 run_write(sc, RT2860_TX_SW_CFG2, 0);
5797 run_rt3070_rf_read(sc, 50, &rf);
5798 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5800 run_rt3070_rf_read(sc, 51, &rf);
5801 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5802 ((sc->txmixgain_2ghz & 0x07) << 2);
5803 run_rt3070_rf_write(sc, 51, rf);
5805 run_rt3070_rf_read(sc, 38, &rf);
5806 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5808 run_rt3070_rf_read(sc, 39, &rf);
5809 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5811 run_rt3070_rf_read(sc, 1, &rf);
5812 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5814 run_rt3070_rf_read(sc, 30, &rf);
5815 rf = (rf & ~0x18) | 0x10;
5816 run_rt3070_rf_write(sc, 30, rf);
5818 /* Apply maximum likelihood detection for 2 stream case. */
5819 run_bbp_read(sc, 105, &bbp);
5820 if (sc->nrxchains > 1)
5821 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5823 /* Avoid data lost and CRC error. */
5824 run_bbp_read(sc, 4, &bbp);
5825 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5827 run_bbp_write(sc, 92, 0x02);
5828 run_bbp_write(sc, 82, 0x82);
5829 run_bbp_write(sc, 106, 0x05);
5830 run_bbp_write(sc, 104, 0x92);
5831 run_bbp_write(sc, 88, 0x90);
5832 run_bbp_write(sc, 148, 0xc8);
5833 run_bbp_write(sc, 47, 0x48);
5834 run_bbp_write(sc, 120, 0x50);
5836 run_bbp_write(sc, 163, 0x9d);
5839 run_bbp_write(sc, 142, 0x06);
5840 run_bbp_write(sc, 143, 0xa0);
5841 run_bbp_write(sc, 142, 0x07);
5842 run_bbp_write(sc, 143, 0xa1);
5843 run_bbp_write(sc, 142, 0x08);
5844 run_bbp_write(sc, 143, 0xa2);
5846 run_bbp_write(sc, 31, 0x08);
5847 run_bbp_write(sc, 68, 0x0b);
5848 run_bbp_write(sc, 105, 0x04);
5852 run_rt5390_rf_setup(struct run_softc *sc)
5856 if (sc->mac_rev >= 0x0211) {
5857 /* Enable DC filter. */
5858 run_bbp_write(sc, 103, 0xc0);
5860 if (sc->mac_ver != 0x5592) {
5861 /* Improve power consumption. */
5862 run_bbp_read(sc, 31, &bbp);
5863 run_bbp_write(sc, 31, bbp & ~0x03);
5867 run_bbp_read(sc, 138, &bbp);
5868 if (sc->ntxchains == 1)
5869 bbp |= 0x20; /* turn off DAC1 */
5870 if (sc->nrxchains == 1)
5871 bbp &= ~0x02; /* turn off ADC1 */
5872 run_bbp_write(sc, 138, bbp);
5874 run_rt3070_rf_read(sc, 38, &rf);
5875 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5877 run_rt3070_rf_read(sc, 39, &rf);
5878 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5880 /* Avoid data lost and CRC error. */
5881 run_bbp_read(sc, 4, &bbp);
5882 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5884 run_rt3070_rf_read(sc, 30, &rf);
5885 rf = (rf & ~0x18) | 0x10;
5886 run_rt3070_rf_write(sc, 30, rf);
5888 if (sc->mac_ver != 0x5592) {
5889 run_write(sc, RT2860_TX_SW_CFG1, 0);
5890 if (sc->mac_rev < 0x0211) {
5891 run_write(sc, RT2860_TX_SW_CFG2,
5892 sc->patch_dac ? 0x2c : 0x0f);
5894 run_write(sc, RT2860_TX_SW_CFG2, 0);
5899 run_txrx_enable(struct run_softc *sc)
5901 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5905 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5906 for (ntries = 0; ntries < 200; ntries++) {
5907 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5909 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5918 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5919 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5921 /* enable Rx bulk aggregation (set timeout and limit) */
5922 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5923 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5924 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5927 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5928 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5929 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5930 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5931 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5932 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5933 if (ic->ic_opmode == IEEE80211_M_STA)
5934 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5936 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5938 run_write(sc, RT2860_MAC_SYS_CTRL,
5939 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5945 run_adjust_freq_offset(struct run_softc *sc)
5949 run_rt3070_rf_read(sc, 17, &rf);
5951 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5955 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5959 run_init_locked(struct run_softc *sc)
5961 struct ifnet *ifp = sc->sc_ifp;
5962 struct ieee80211com *ic = ifp->if_l2com;
5969 if (ic->ic_nrunning > 1)
5974 if (run_load_microcode(sc) != 0) {
5975 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5979 for (ntries = 0; ntries < 100; ntries++) {
5980 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5982 if (tmp != 0 && tmp != 0xffffffff)
5989 for (i = 0; i != RUN_EP_QUEUES; i++)
5990 run_setup_tx_list(sc, &sc->sc_epq[i]);
5992 run_set_macaddr(sc, IF_LLADDR(ifp));
5994 for (ntries = 0; ntries < 100; ntries++) {
5995 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
5997 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6001 if (ntries == 100) {
6002 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6006 tmp |= RT2860_TX_WB_DDONE;
6007 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6009 /* turn off PME_OEN to solve high-current issue */
6010 run_read(sc, RT2860_SYS_CTRL, &tmp);
6011 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6013 run_write(sc, RT2860_MAC_SYS_CTRL,
6014 RT2860_BBP_HRST | RT2860_MAC_SRST);
6015 run_write(sc, RT2860_USB_DMA_CFG, 0);
6017 if (run_reset(sc) != 0) {
6018 device_printf(sc->sc_dev, "could not reset chipset\n");
6022 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6024 /* init Tx power for all Tx rates (from EEPROM) */
6025 for (ridx = 0; ridx < 5; ridx++) {
6026 if (sc->txpow20mhz[ridx] == 0xffffffff)
6028 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6031 for (i = 0; i < nitems(rt2870_def_mac); i++)
6032 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6033 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6034 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6035 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6037 if (sc->mac_ver >= 0x5390) {
6038 run_write(sc, RT2860_TX_SW_CFG0,
6039 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6040 if (sc->mac_ver >= 0x5392) {
6041 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6042 if (sc->mac_ver == 0x5592) {
6043 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6044 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6046 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6047 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6050 } else if (sc->mac_ver == 0x3593) {
6051 run_write(sc, RT2860_TX_SW_CFG0,
6052 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6053 } else if (sc->mac_ver >= 0x3070) {
6054 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6055 run_write(sc, RT2860_TX_SW_CFG0,
6056 4 << RT2860_DLY_PAPE_EN_SHIFT);
6059 /* wait while MAC is busy */
6060 for (ntries = 0; ntries < 100; ntries++) {
6061 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6063 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6070 /* clear Host to MCU mailbox */
6071 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6072 run_write(sc, RT2860_H2M_MAILBOX, 0);
6075 if (run_bbp_init(sc) != 0) {
6076 device_printf(sc->sc_dev, "could not initialize BBP\n");
6080 /* abort TSF synchronization */
6081 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6082 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6083 RT2860_TBTT_TIMER_EN);
6084 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6086 /* clear RX WCID search table */
6087 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6088 /* clear WCID attribute table */
6089 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6091 /* hostapd sets a key before init. So, don't clear it. */
6092 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6093 /* clear shared key table */
6094 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6095 /* clear shared key mode */
6096 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6099 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6100 tmp = (tmp & ~0xff) | 0x1e;
6101 run_write(sc, RT2860_US_CYC_CNT, tmp);
6103 if (sc->mac_rev != 0x0101)
6104 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6106 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6107 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6109 /* write vendor-specific BBP values (from EEPROM) */
6110 if (sc->mac_ver < 0x3593) {
6111 for (i = 0; i < 10; i++) {
6112 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6114 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6118 /* select Main antenna for 1T1R devices */
6119 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6120 run_set_rx_antenna(sc, 0);
6122 /* send LEDs operating mode to microcontroller */
6123 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6124 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6125 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6127 if (sc->mac_ver >= 0x5390)
6128 run_rt5390_rf_init(sc);
6129 else if (sc->mac_ver == 0x3593)
6130 run_rt3593_rf_init(sc);
6131 else if (sc->mac_ver >= 0x3070)
6132 run_rt3070_rf_init(sc);
6134 /* disable non-existing Rx chains */
6135 run_bbp_read(sc, 3, &bbp3);
6136 bbp3 &= ~(1 << 3 | 1 << 4);
6137 if (sc->nrxchains == 2)
6139 else if (sc->nrxchains == 3)
6141 run_bbp_write(sc, 3, bbp3);
6143 /* disable non-existing Tx chains */
6144 run_bbp_read(sc, 1, &bbp1);
6145 if (sc->ntxchains == 1)
6146 bbp1 &= ~(1 << 3 | 1 << 4);
6147 run_bbp_write(sc, 1, bbp1);
6149 if (sc->mac_ver >= 0x5390)
6150 run_rt5390_rf_setup(sc);
6151 else if (sc->mac_ver == 0x3593)
6152 run_rt3593_rf_setup(sc);
6153 else if (sc->mac_ver >= 0x3070)
6154 run_rt3070_rf_setup(sc);
6156 /* select default channel */
6157 run_set_chan(sc, ic->ic_curchan);
6159 /* setup initial protection mode */
6160 run_updateprot_cb(ic);
6162 /* turn radio LED on */
6163 run_set_leds(sc, RT2860_LED_RADIO);
6165 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6166 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6167 sc->cmdq_run = RUN_CMDQ_GO;
6169 for (i = 0; i != RUN_N_XFER; i++)
6170 usbd_xfer_set_stall(sc->sc_xfer[i]);
6172 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6174 if (run_txrx_enable(sc) != 0)
6186 struct run_softc *sc = arg;
6187 struct ifnet *ifp = sc->sc_ifp;
6188 struct ieee80211com *ic = ifp->if_l2com;
6191 run_init_locked(sc);
6194 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6195 ieee80211_start_all(ic);
6201 struct run_softc *sc = (struct run_softc *)arg;
6202 struct ifnet *ifp = sc->sc_ifp;
6207 RUN_LOCK_ASSERT(sc, MA_OWNED);
6209 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6210 run_set_leds(sc, 0); /* turn all LEDs off */
6212 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6214 sc->ratectl_run = RUN_RATECTL_OFF;
6215 sc->cmdq_run = sc->cmdq_key_set;
6219 for(i = 0; i < RUN_N_XFER; i++)
6220 usbd_transfer_drain(sc->sc_xfer[i]);
6224 if (sc->rx_m != NULL) {
6229 /* Disable Tx/Rx DMA. */
6230 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6232 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6233 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6235 for (ntries = 0; ntries < 100; ntries++) {
6236 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6238 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6242 if (ntries == 100) {
6243 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6248 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6249 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6250 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6252 /* wait for pending Tx to complete */
6253 for (ntries = 0; ntries < 100; ntries++) {
6254 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6255 DPRINTF("Cannot read Tx queue count\n");
6258 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6259 DPRINTF("All Tx cleared\n");
6265 DPRINTF("There are still pending Tx\n");
6267 run_write(sc, RT2860_USB_DMA_CFG, 0);
6269 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6270 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6272 for (i = 0; i != RUN_EP_QUEUES; i++)
6273 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6277 run_delay(struct run_softc *sc, u_int ms)
6279 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6280 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6283 static device_method_t run_methods[] = {
6284 /* Device interface */
6285 DEVMETHOD(device_probe, run_match),
6286 DEVMETHOD(device_attach, run_attach),
6287 DEVMETHOD(device_detach, run_detach),
6291 static driver_t run_driver = {
6293 .methods = run_methods,
6294 .size = sizeof(struct run_softc)
6297 static devclass_t run_devclass;
6299 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6300 MODULE_DEPEND(run, wlan, 1, 1, 1);
6301 MODULE_DEPEND(run, usb, 1, 1, 1);
6302 MODULE_DEPEND(run, firmware, 1, 1, 1);
6303 MODULE_VERSION(run, 1);
projects / FreeBSD / stable / 10.git / blob