The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/dev/ral/rt2860.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
    3  * Copyright (c) 2012 Bernhard Schmidt <bschmidt@FreeBSD.org>
    4  *
    5  * Permission to use, copy, modify, and distribute this software for any
    6  * purpose with or without fee is hereby granted, provided that the above
    7  * copyright notice and this permission notice appear in all copies.
    8  *
    9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   16  *
   17  * $OpenBSD: rt2860.c,v 1.65 2010/10/23 14:24:54 damien Exp $
   18  */
   19 
   20 #include <sys/cdefs.h>
   21 __FBSDID("$FreeBSD: releng/10.0/sys/dev/ral/rt2860.c 252727 2013-07-04 21:16:49Z adrian $");
   22 
   23 /*-
   24  * Ralink Technology RT2860/RT3090/RT3390/RT3562 chipset driver
   25  * http://www.ralinktech.com/
   26  */
   27 
   28 #include <sys/param.h>
   29 #include <sys/sysctl.h>
   30 #include <sys/sockio.h>
   31 #include <sys/mbuf.h>
   32 #include <sys/kernel.h>
   33 #include <sys/socket.h>
   34 #include <sys/systm.h>
   35 #include <sys/malloc.h>
   36 #include <sys/lock.h>
   37 #include <sys/mutex.h>
   38 #include <sys/module.h>
   39 #include <sys/bus.h>
   40 #include <sys/endian.h>
   41 #include <sys/firmware.h>
   42 
   43 #include <machine/bus.h>
   44 #include <machine/resource.h>
   45 #include <sys/rman.h>
   46 
   47 #include <net/bpf.h>
   48 #include <net/if.h>
   49 #include <net/if_arp.h>
   50 #include <net/ethernet.h>
   51 #include <net/if_dl.h>
   52 #include <net/if_media.h>
   53 #include <net/if_types.h>
   54 
   55 #include <net80211/ieee80211_var.h>
   56 #include <net80211/ieee80211_radiotap.h>
   57 #include <net80211/ieee80211_regdomain.h>
   58 #include <net80211/ieee80211_ratectl.h>
   59 
   60 #include <netinet/in.h>
   61 #include <netinet/in_systm.h>
   62 #include <netinet/in_var.h>
   63 #include <netinet/ip.h>
   64 #include <netinet/if_ether.h>
   65 
   66 #include <dev/ral/rt2860reg.h>
   67 #include <dev/ral/rt2860var.h>
   68 
   69 #define RAL_DEBUG
   70 #ifdef RAL_DEBUG
   71 #define DPRINTF(x)      do { if (sc->sc_debug > 0) printf x; } while (0)
   72 #define DPRINTFN(n, x)  do { if (sc->sc_debug >= (n)) printf x; } while (0)
   73 #else
   74 #define DPRINTF(x)
   75 #define DPRINTFN(n, x)
   76 #endif
   77 
   78 static struct ieee80211vap *rt2860_vap_create(struct ieee80211com *,
   79                             const char [IFNAMSIZ], int, enum ieee80211_opmode,
   80                             int, const uint8_t [IEEE80211_ADDR_LEN],
   81                             const uint8_t [IEEE80211_ADDR_LEN]);
   82 static void     rt2860_vap_delete(struct ieee80211vap *);
   83 static void     rt2860_dma_map_addr(void *, bus_dma_segment_t *, int, int);
   84 static int      rt2860_alloc_tx_ring(struct rt2860_softc *,
   85                     struct rt2860_tx_ring *);
   86 static void     rt2860_reset_tx_ring(struct rt2860_softc *,
   87                     struct rt2860_tx_ring *);
   88 static void     rt2860_free_tx_ring(struct rt2860_softc *,
   89                     struct rt2860_tx_ring *);
   90 static int      rt2860_alloc_tx_pool(struct rt2860_softc *);
   91 static void     rt2860_free_tx_pool(struct rt2860_softc *);
   92 static int      rt2860_alloc_rx_ring(struct rt2860_softc *,
   93                     struct rt2860_rx_ring *);
   94 static void     rt2860_reset_rx_ring(struct rt2860_softc *,
   95                     struct rt2860_rx_ring *);
   96 static void     rt2860_free_rx_ring(struct rt2860_softc *,
   97                     struct rt2860_rx_ring *);
   98 static void     rt2860_updatestats(struct rt2860_softc *);
   99 static void     rt2860_newassoc(struct ieee80211_node *, int);
  100 static void     rt2860_node_free(struct ieee80211_node *);
  101 #ifdef IEEE80211_HT
  102 static int      rt2860_ampdu_rx_start(struct ieee80211com *,
  103                     struct ieee80211_node *, uint8_t);
  104 static void     rt2860_ampdu_rx_stop(struct ieee80211com *,
  105                     struct ieee80211_node *, uint8_t);
  106 #endif
  107 static int      rt2860_newstate(struct ieee80211vap *, enum ieee80211_state,
  108                     int);
  109 static uint16_t rt3090_efuse_read_2(struct rt2860_softc *, uint16_t);
  110 static uint16_t rt2860_eeprom_read_2(struct rt2860_softc *, uint16_t);
  111 static void     rt2860_intr_coherent(struct rt2860_softc *);
  112 static void     rt2860_drain_stats_fifo(struct rt2860_softc *);
  113 static void     rt2860_tx_intr(struct rt2860_softc *, int);
  114 static void     rt2860_rx_intr(struct rt2860_softc *);
  115 static void     rt2860_tbtt_intr(struct rt2860_softc *);
  116 static void     rt2860_gp_intr(struct rt2860_softc *);
  117 static int      rt2860_tx(struct rt2860_softc *, struct mbuf *,
  118                     struct ieee80211_node *);
  119 static int      rt2860_raw_xmit(struct ieee80211_node *, struct mbuf *,
  120                     const struct ieee80211_bpf_params *);
  121 static int      rt2860_tx_raw(struct rt2860_softc *, struct mbuf *,
  122                     struct ieee80211_node *,
  123                     const struct ieee80211_bpf_params *params);
  124 static void     rt2860_start(struct ifnet *);
  125 static void     rt2860_start_locked(struct ifnet *);
  126 static void     rt2860_watchdog(void *);
  127 static int      rt2860_ioctl(struct ifnet *, u_long, caddr_t);
  128 static void     rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
  129 static uint8_t  rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
  130 static void     rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
  131 static uint8_t  rt3090_rf_read(struct rt2860_softc *, uint8_t);
  132 static void     rt3090_rf_write(struct rt2860_softc *, uint8_t, uint8_t);
  133 static int      rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t, int);
  134 static void     rt2860_enable_mrr(struct rt2860_softc *);
  135 static void     rt2860_set_txpreamble(struct rt2860_softc *);
  136 static void     rt2860_set_basicrates(struct rt2860_softc *,
  137                     const struct ieee80211_rateset *);
  138 static void     rt2860_scan_start(struct ieee80211com *);
  139 static void     rt2860_scan_end(struct ieee80211com *);
  140 static void     rt2860_set_channel(struct ieee80211com *);
  141 static void     rt2860_select_chan_group(struct rt2860_softc *, int);
  142 static void     rt2860_set_chan(struct rt2860_softc *, u_int);
  143 static void     rt3090_set_chan(struct rt2860_softc *, u_int);
  144 static int      rt3090_rf_init(struct rt2860_softc *);
  145 static void     rt3090_rf_wakeup(struct rt2860_softc *);
  146 static int      rt3090_filter_calib(struct rt2860_softc *, uint8_t, uint8_t,
  147                     uint8_t *);
  148 static void     rt3090_rf_setup(struct rt2860_softc *);
  149 static void     rt2860_set_leds(struct rt2860_softc *, uint16_t);
  150 static void     rt2860_set_gp_timer(struct rt2860_softc *, int);
  151 static void     rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
  152 static void     rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
  153 static void     rt2860_update_promisc(struct ifnet *);
  154 static void     rt2860_updateslot(struct ifnet *);
  155 static void     rt2860_updateprot(struct ifnet *);
  156 static int      rt2860_updateedca(struct ieee80211com *);
  157 #ifdef HW_CRYPTO
  158 static int      rt2860_set_key(struct ieee80211com *, struct ieee80211_node *,
  159                     struct ieee80211_key *);
  160 static void     rt2860_delete_key(struct ieee80211com *,
  161                     struct ieee80211_node *, struct ieee80211_key *);
  162 #endif
  163 static int8_t   rt2860_rssi2dbm(struct rt2860_softc *, uint8_t, uint8_t);
  164 static const char *rt2860_get_rf(uint8_t);
  165 static int      rt2860_read_eeprom(struct rt2860_softc *,
  166                     uint8_t macaddr[IEEE80211_ADDR_LEN]);
  167 static int      rt2860_bbp_init(struct rt2860_softc *);
  168 static int      rt2860_txrx_enable(struct rt2860_softc *);
  169 static void     rt2860_init(void *);
  170 static void     rt2860_init_locked(struct rt2860_softc *);
  171 static void     rt2860_stop(void *);
  172 static void     rt2860_stop_locked(struct rt2860_softc *);
  173 static int      rt2860_load_microcode(struct rt2860_softc *);
  174 #ifdef NOT_YET
  175 static void     rt2860_calib(struct rt2860_softc *);
  176 #endif
  177 static void     rt3090_set_rx_antenna(struct rt2860_softc *, int);
  178 static void     rt2860_switch_chan(struct rt2860_softc *,
  179                     struct ieee80211_channel *);
  180 static int      rt2860_setup_beacon(struct rt2860_softc *,
  181                     struct ieee80211vap *);
  182 static void     rt2860_enable_tsf_sync(struct rt2860_softc *);
  183 
  184 static const struct {
  185         uint32_t        reg;
  186         uint32_t        val;
  187 } rt2860_def_mac[] = {
  188         RT2860_DEF_MAC
  189 };
  190 
  191 static const struct {
  192         uint8_t reg;
  193         uint8_t val;
  194 } rt2860_def_bbp[] = {
  195         RT2860_DEF_BBP
  196 };
  197 
  198 static const struct rfprog {
  199         uint8_t         chan;
  200         uint32_t        r1, r2, r3, r4;
  201 } rt2860_rf2850[] = {
  202         RT2860_RF2850
  203 };
  204 
  205 struct {
  206         uint8_t n, r, k;
  207 } rt3090_freqs[] = {
  208         RT3070_RF3052
  209 };
  210 
  211 static const struct {
  212         uint8_t reg;
  213         uint8_t val;
  214 }  rt3090_def_rf[] = {
  215         RT3070_DEF_RF
  216 };
  217 
  218 int
  219 rt2860_attach(device_t dev, int id)
  220 {
  221         struct rt2860_softc *sc = device_get_softc(dev);
  222         struct ieee80211com *ic;
  223         struct ifnet *ifp;
  224         uint32_t tmp;
  225         int error, ntries, qid;
  226         uint8_t bands;
  227         uint8_t macaddr[IEEE80211_ADDR_LEN];
  228 
  229         sc->sc_dev = dev;
  230         sc->sc_debug = 0;
  231 
  232         ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
  233         if (ifp == NULL) {
  234                 device_printf(sc->sc_dev, "can not if_alloc()\n");
  235                 return ENOMEM;
  236         }
  237         ic = ifp->if_l2com;
  238 
  239         mtx_init(&sc->sc_mtx, device_get_nameunit(dev), MTX_NETWORK_LOCK,
  240             MTX_DEF | MTX_RECURSE);
  241 
  242         callout_init_mtx(&sc->watchdog_ch, &sc->sc_mtx, 0);
  243 
  244         /* wait for NIC to initialize */
  245         for (ntries = 0; ntries < 100; ntries++) {
  246                 tmp = RAL_READ(sc, RT2860_ASIC_VER_ID);
  247                 if (tmp != 0 && tmp != 0xffffffff)
  248                         break;
  249                 DELAY(10);
  250         }
  251         if (ntries == 100) {
  252                 device_printf(sc->sc_dev,
  253                     "timeout waiting for NIC to initialize\n");
  254                 error = EIO;
  255                 goto fail1;
  256         }
  257         sc->mac_ver = tmp >> 16;
  258         sc->mac_rev = tmp & 0xffff;
  259 
  260         if (sc->mac_ver != 0x2860 &&
  261             (id == 0x0681 || id == 0x0781 || id == 0x1059))
  262                 sc->sc_flags |= RT2860_ADVANCED_PS;
  263 
  264         /* retrieve RF rev. no and various other things from EEPROM */
  265         rt2860_read_eeprom(sc, macaddr);
  266         if (bootverbose) {
  267                 device_printf(sc->sc_dev, "MAC/BBP RT%X (rev 0x%04X), "
  268                     "RF %s (MIMO %dT%dR), address %6D\n",
  269                     sc->mac_ver, sc->mac_rev, rt2860_get_rf(sc->rf_rev),
  270                     sc->ntxchains, sc->nrxchains, macaddr, ":");
  271         }
  272 
  273         /*
  274          * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
  275          */
  276         for (qid = 0; qid < 6; qid++) {
  277                 if ((error = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
  278                         device_printf(sc->sc_dev,
  279                             "could not allocate Tx ring %d\n", qid);
  280                         goto fail2;
  281                 }
  282         }
  283 
  284         if ((error = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
  285                 device_printf(sc->sc_dev, "could not allocate Rx ring\n");
  286                 goto fail2;
  287         }
  288 
  289         if ((error = rt2860_alloc_tx_pool(sc)) != 0) {
  290                 device_printf(sc->sc_dev, "could not allocate Tx pool\n");
  291                 goto fail3;
  292         }
  293 
  294         /* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
  295         sc->mgtqid = (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) ?
  296             WME_AC_VO : 5;
  297 
  298         ifp->if_softc = sc;
  299         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
  300         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
  301         ifp->if_init = rt2860_init;
  302         ifp->if_ioctl = rt2860_ioctl;
  303         ifp->if_start = rt2860_start;
  304         IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
  305         ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
  306         IFQ_SET_READY(&ifp->if_snd);
  307 
  308         ic->ic_ifp = ifp;
  309         ic->ic_opmode = IEEE80211_M_STA;
  310         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
  311 
  312         /* set device capabilities */
  313         ic->ic_caps =
  314                   IEEE80211_C_STA               /* station mode */
  315                 | IEEE80211_C_IBSS              /* ibss, nee adhoc, mode */
  316                 | IEEE80211_C_HOSTAP            /* hostap mode */
  317                 | IEEE80211_C_MONITOR           /* monitor mode */
  318                 | IEEE80211_C_AHDEMO            /* adhoc demo mode */
  319                 | IEEE80211_C_WDS               /* 4-address traffic works */
  320                 | IEEE80211_C_MBSS              /* mesh point link mode */
  321                 | IEEE80211_C_SHPREAMBLE        /* short preamble supported */
  322                 | IEEE80211_C_SHSLOT            /* short slot time supported */
  323                 | IEEE80211_C_WPA               /* capable of WPA1+WPA2 */
  324 #if 0
  325                 | IEEE80211_C_BGSCAN            /* capable of bg scanning */
  326 #endif
  327                 | IEEE80211_C_WME               /* 802.11e */
  328                 ;
  329 
  330         bands = 0;
  331         setbit(&bands, IEEE80211_MODE_11B);
  332         setbit(&bands, IEEE80211_MODE_11G);
  333         if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850)
  334                 setbit(&bands, IEEE80211_MODE_11A);
  335         ieee80211_init_channels(ic, NULL, &bands);
  336 
  337         ieee80211_ifattach(ic, macaddr);
  338 
  339         ic->ic_wme.wme_update = rt2860_updateedca;
  340         ic->ic_scan_start = rt2860_scan_start;
  341         ic->ic_scan_end = rt2860_scan_end;
  342         ic->ic_set_channel = rt2860_set_channel;
  343         ic->ic_updateslot = rt2860_updateslot;
  344         ic->ic_update_promisc = rt2860_update_promisc;
  345         ic->ic_raw_xmit = rt2860_raw_xmit;
  346         sc->sc_node_free = ic->ic_node_free;
  347         ic->ic_node_free = rt2860_node_free;
  348         ic->ic_newassoc = rt2860_newassoc;
  349 
  350         ic->ic_vap_create = rt2860_vap_create;
  351         ic->ic_vap_delete = rt2860_vap_delete;
  352 
  353         ieee80211_radiotap_attach(ic,
  354             &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
  355                 RT2860_TX_RADIOTAP_PRESENT,
  356             &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
  357                 RT2860_RX_RADIOTAP_PRESENT);
  358 
  359 #ifdef RAL_DEBUG
  360         SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
  361             SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
  362             "debug", CTLFLAG_RW, &sc->sc_debug, 0, "debug msgs");
  363 #endif
  364         if (bootverbose)
  365                 ieee80211_announce(ic);
  366 
  367         return 0;
  368 
  369 fail3:  rt2860_free_rx_ring(sc, &sc->rxq);
  370 fail2:  while (--qid >= 0)
  371                 rt2860_free_tx_ring(sc, &sc->txq[qid]);
  372 fail1:  mtx_destroy(&sc->sc_mtx);
  373         if_free(ifp);
  374         return error;
  375 }
  376 
  377 int
  378 rt2860_detach(void *xsc)
  379 {
  380         struct rt2860_softc *sc = xsc;
  381         struct ifnet *ifp =  sc->sc_ifp;
  382         struct ieee80211com *ic = ifp->if_l2com;
  383         int qid;
  384 
  385         RAL_LOCK(sc);
  386         rt2860_stop_locked(sc);
  387         RAL_UNLOCK(sc);
  388 
  389         ieee80211_ifdetach(ic);
  390 
  391         for (qid = 0; qid < 6; qid++)
  392                 rt2860_free_tx_ring(sc, &sc->txq[qid]);
  393         rt2860_free_rx_ring(sc, &sc->rxq);
  394         rt2860_free_tx_pool(sc);
  395 
  396         if_free(ifp);
  397 
  398         mtx_destroy(&sc->sc_mtx);
  399 
  400         return 0;
  401 }
  402 
  403 void
  404 rt2860_shutdown(void *xsc)
  405 {
  406         struct rt2860_softc *sc = xsc;
  407 
  408         rt2860_stop(sc);
  409 }
  410 
  411 void
  412 rt2860_suspend(void *xsc)
  413 {
  414         struct rt2860_softc *sc = xsc;
  415 
  416         rt2860_stop(sc);
  417 }
  418 
  419 void
  420 rt2860_resume(void *xsc)
  421 {
  422         struct rt2860_softc *sc = xsc;
  423         struct ifnet *ifp = sc->sc_ifp;
  424 
  425         if (ifp->if_flags & IFF_UP)
  426                 rt2860_init(sc);
  427 }
  428 
  429 static struct ieee80211vap *
  430 rt2860_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
  431     enum ieee80211_opmode opmode, int flags,
  432     const uint8_t bssid[IEEE80211_ADDR_LEN],
  433     const uint8_t mac[IEEE80211_ADDR_LEN])
  434 {
  435         struct ifnet *ifp = ic->ic_ifp;
  436         struct rt2860_vap *rvp;
  437         struct ieee80211vap *vap;
  438 
  439         switch (opmode) {
  440         case IEEE80211_M_STA:
  441         case IEEE80211_M_IBSS:
  442         case IEEE80211_M_AHDEMO:
  443         case IEEE80211_M_MONITOR:
  444         case IEEE80211_M_HOSTAP:
  445         case IEEE80211_M_MBSS:
  446                 /* XXXRP: TBD */
  447                 if (!TAILQ_EMPTY(&ic->ic_vaps)) {
  448                         if_printf(ifp, "only 1 vap supported\n");
  449                         return NULL;
  450                 }
  451                 if (opmode == IEEE80211_M_STA)
  452                         flags |= IEEE80211_CLONE_NOBEACONS;
  453                 break;
  454         case IEEE80211_M_WDS:
  455                 if (TAILQ_EMPTY(&ic->ic_vaps) ||
  456                     ic->ic_opmode != IEEE80211_M_HOSTAP) {
  457                         if_printf(ifp, "wds only supported in ap mode\n");
  458                         return NULL;
  459                 }
  460                 /*
  461                  * Silently remove any request for a unique
  462                  * bssid; WDS vap's always share the local
  463                  * mac address.
  464                  */
  465                 flags &= ~IEEE80211_CLONE_BSSID;
  466                 break;
  467         default:
  468                 if_printf(ifp, "unknown opmode %d\n", opmode);
  469                 return NULL;
  470         }
  471         rvp = malloc(sizeof(struct rt2860_vap), M_80211_VAP, M_NOWAIT | M_ZERO);
  472         if (rvp == NULL)
  473                 return NULL;
  474         vap = &rvp->ral_vap;
  475         ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
  476 
  477         /* override state transition machine */
  478         rvp->ral_newstate = vap->iv_newstate;
  479         vap->iv_newstate = rt2860_newstate;
  480 #if 0
  481         vap->iv_update_beacon = rt2860_beacon_update;
  482 #endif
  483 
  484         /* HW supports up to 255 STAs (0-254) in HostAP and IBSS modes */
  485         vap->iv_max_aid = min(IEEE80211_AID_MAX, RT2860_WCID_MAX);
  486 
  487         ieee80211_ratectl_init(vap);
  488         /* complete setup */
  489         ieee80211_vap_attach(vap, ieee80211_media_change, ieee80211_media_status);
  490         if (TAILQ_FIRST(&ic->ic_vaps) == vap)
  491                 ic->ic_opmode = opmode;
  492         return vap;
  493 }
  494 
  495 static void
  496 rt2860_vap_delete(struct ieee80211vap *vap)
  497 {
  498         struct rt2860_vap *rvp = RT2860_VAP(vap);
  499 
  500         ieee80211_ratectl_deinit(vap);
  501         ieee80211_vap_detach(vap);
  502         free(rvp, M_80211_VAP);
  503 }
  504 
  505 static void
  506 rt2860_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
  507 {
  508         if (error != 0)
  509                 return;
  510 
  511         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
  512 
  513         *(bus_addr_t *)arg = segs[0].ds_addr;
  514 }
  515 
  516 
  517 static int
  518 rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  519 {
  520         int size, error;
  521 
  522         size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
  523 
  524         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
  525             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  526             size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
  527         if (error != 0) {
  528                 device_printf(sc->sc_dev, "could not create desc DMA map\n");
  529                 goto fail;
  530         }
  531 
  532         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->txd,
  533             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
  534         if (error != 0) {
  535                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  536                 goto fail;
  537         }
  538 
  539         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->txd,
  540             size, rt2860_dma_map_addr, &ring->paddr, 0);
  541         if (error != 0) {
  542                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
  543                 goto fail;
  544         }
  545 
  546         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  547 
  548         return 0;
  549 
  550 fail:   rt2860_free_tx_ring(sc, ring);
  551         return error;
  552 }
  553 
  554 void
  555 rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  556 {
  557         struct rt2860_tx_data *data;
  558         int i;
  559 
  560         for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
  561                 if ((data = ring->data[i]) == NULL)
  562                         continue;       /* nothing mapped in this slot */
  563 
  564                 if (data->m != NULL) {
  565                         bus_dmamap_sync(sc->txwi_dmat, data->map,
  566                             BUS_DMASYNC_POSTWRITE);
  567                         bus_dmamap_unload(sc->txwi_dmat, data->map);
  568                         m_freem(data->m);
  569                         data->m = NULL;
  570                 }
  571                 if (data->ni != NULL) {
  572                         ieee80211_free_node(data->ni);
  573                         data->ni = NULL;
  574                 }
  575 
  576                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  577                 ring->data[i] = NULL;
  578         }
  579 
  580         ring->queued = 0;
  581         ring->cur = ring->next = 0;
  582 }
  583 
  584 void
  585 rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  586 {
  587         struct rt2860_tx_data *data;
  588         int i;
  589 
  590         if (ring->txd != NULL) {
  591                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
  592                     BUS_DMASYNC_POSTWRITE);
  593                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
  594                 bus_dmamem_free(ring->desc_dmat, ring->txd, ring->desc_map);
  595         }
  596         if (ring->desc_dmat != NULL)
  597                 bus_dma_tag_destroy(ring->desc_dmat);
  598 
  599         for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
  600                 if ((data = ring->data[i]) == NULL)
  601                         continue;       /* nothing mapped in this slot */
  602 
  603                 if (data->m != NULL) {
  604                         bus_dmamap_sync(sc->txwi_dmat, data->map,
  605                             BUS_DMASYNC_POSTWRITE);
  606                         bus_dmamap_unload(sc->txwi_dmat, data->map);
  607                         m_freem(data->m);
  608                 }
  609                 if (data->ni != NULL)
  610                         ieee80211_free_node(data->ni);
  611 
  612                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  613         }
  614 }
  615 
  616 /*
  617  * Allocate a pool of TX Wireless Information blocks.
  618  */
  619 int
  620 rt2860_alloc_tx_pool(struct rt2860_softc *sc)
  621 {
  622         caddr_t vaddr;
  623         bus_addr_t paddr;
  624         int i, size, error;
  625 
  626         size = RT2860_TX_POOL_COUNT * RT2860_TXWI_DMASZ;
  627 
  628         /* init data_pool early in case of failure.. */
  629         SLIST_INIT(&sc->data_pool);
  630 
  631         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
  632             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  633             size, 1, size, 0, NULL, NULL, &sc->txwi_dmat);
  634         if (error != 0) {
  635                 device_printf(sc->sc_dev, "could not create txwi DMA tag\n");
  636                 goto fail;
  637         }
  638 
  639         error = bus_dmamem_alloc(sc->txwi_dmat, (void **)&sc->txwi_vaddr,
  640             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &sc->txwi_map);
  641         if (error != 0) {
  642                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  643                 goto fail;
  644         }
  645 
  646         error = bus_dmamap_load(sc->txwi_dmat, sc->txwi_map,
  647             sc->txwi_vaddr, size, rt2860_dma_map_addr, &paddr, 0);
  648         if (error != 0) {
  649                 device_printf(sc->sc_dev, "could not load txwi DMA map\n");
  650                 goto fail;
  651         }
  652 
  653         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
  654 
  655         vaddr = sc->txwi_vaddr;
  656         for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
  657                 struct rt2860_tx_data *data = &sc->data[i];
  658 
  659                 error = bus_dmamap_create(sc->txwi_dmat, 0, &data->map);
  660                 if (error != 0) {
  661                         device_printf(sc->sc_dev, "could not create DMA map\n");
  662                         goto fail;
  663                 }
  664                 data->txwi = (struct rt2860_txwi *)vaddr;
  665                 data->paddr = paddr;
  666                 vaddr += RT2860_TXWI_DMASZ;
  667                 paddr += RT2860_TXWI_DMASZ;
  668 
  669                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  670         }
  671 
  672         return 0;
  673 
  674 fail:   rt2860_free_tx_pool(sc);
  675         return error;
  676 }
  677 
  678 void
  679 rt2860_free_tx_pool(struct rt2860_softc *sc)
  680 {
  681         if (sc->txwi_vaddr != NULL) {
  682                 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map,
  683                     BUS_DMASYNC_POSTWRITE);
  684                 bus_dmamap_unload(sc->txwi_dmat, sc->txwi_map);
  685                 bus_dmamem_free(sc->txwi_dmat, sc->txwi_vaddr, sc->txwi_map);
  686         }
  687         if (sc->txwi_dmat != NULL)
  688                 bus_dma_tag_destroy(sc->txwi_dmat);
  689 
  690         while (!SLIST_EMPTY(&sc->data_pool)) {
  691                 struct rt2860_tx_data *data;
  692                 data = SLIST_FIRST(&sc->data_pool);
  693                 bus_dmamap_destroy(sc->txwi_dmat, data->map);
  694                 SLIST_REMOVE_HEAD(&sc->data_pool, next);
  695         }
  696 }
  697 
  698 int
  699 rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  700 {
  701         bus_addr_t physaddr;
  702         int i, size, error;
  703 
  704         size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
  705 
  706         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
  707             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  708             size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
  709         if (error != 0) {
  710                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
  711                 goto fail;
  712         }
  713 
  714         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->rxd,
  715             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
  716         if (error != 0) {
  717                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  718                 goto fail;
  719         }
  720 
  721         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->rxd,
  722             size, rt2860_dma_map_addr, &ring->paddr, 0);
  723         if (error != 0) {
  724                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
  725                 goto fail;
  726         }
  727 
  728         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
  729             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
  730             1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat);
  731         if (error != 0) {
  732                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
  733                 goto fail;
  734         }
  735 
  736         for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
  737                 struct rt2860_rx_data *data = &ring->data[i];
  738                 struct rt2860_rxd *rxd = &ring->rxd[i];
  739 
  740                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
  741                 if (error != 0) {
  742                         device_printf(sc->sc_dev, "could not create DMA map\n");
  743                         goto fail;
  744                 }
  745 
  746                 data->m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
  747                 if (data->m == NULL) {
  748                         device_printf(sc->sc_dev,
  749                             "could not allocate rx mbuf\n");
  750                         error = ENOMEM;
  751                         goto fail;
  752                 }
  753 
  754                 error = bus_dmamap_load(ring->data_dmat, data->map,
  755                     mtod(data->m, void *), MCLBYTES, rt2860_dma_map_addr,
  756                     &physaddr, 0);
  757                 if (error != 0) {
  758                         device_printf(sc->sc_dev,
  759                             "could not load rx buf DMA map");
  760                         goto fail;
  761                 }
  762 
  763                 rxd->sdp0 = htole32(physaddr);
  764                 rxd->sdl0 = htole16(MCLBYTES);
  765         }
  766 
  767         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  768 
  769         return 0;
  770 
  771 fail:   rt2860_free_rx_ring(sc, ring);
  772         return error;
  773 }
  774 
  775 void
  776 rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  777 {
  778         int i;
  779 
  780         for (i = 0; i < RT2860_RX_RING_COUNT; i++)
  781                 ring->rxd[i].sdl0 &= ~htole16(RT2860_RX_DDONE);
  782 
  783         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  784 
  785         ring->cur = 0;
  786 }
  787 
  788 void
  789 rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  790 {
  791         int i;
  792 
  793         if (ring->rxd != NULL) {
  794                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
  795                     BUS_DMASYNC_POSTWRITE);
  796                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
  797                 bus_dmamem_free(ring->desc_dmat, ring->rxd, ring->desc_map);
  798         }
  799         if (ring->desc_dmat != NULL)
  800                 bus_dma_tag_destroy(ring->desc_dmat);
  801 
  802         for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
  803                 struct rt2860_rx_data *data = &ring->data[i];
  804 
  805                 if (data->m != NULL) {
  806                         bus_dmamap_sync(ring->data_dmat, data->map,
  807                             BUS_DMASYNC_POSTREAD);
  808                         bus_dmamap_unload(ring->data_dmat, data->map);
  809                         m_freem(data->m);
  810                 }
  811                 if (data->map != NULL)
  812                         bus_dmamap_destroy(ring->data_dmat, data->map);
  813         }
  814         if (ring->data_dmat != NULL)
  815                 bus_dma_tag_destroy(ring->data_dmat);
  816 }
  817 
  818 static void
  819 rt2860_updatestats(struct rt2860_softc *sc)
  820 {
  821         struct ieee80211com *ic = sc->sc_ifp->if_l2com;
  822 
  823         /*
  824          * In IBSS or HostAP modes (when the hardware sends beacons), the
  825          * MAC can run into a livelock and start sending CTS-to-self frames
  826          * like crazy if protection is enabled.  Fortunately, we can detect
  827          * when such a situation occurs and reset the MAC.
  828          */
  829         if (ic->ic_curmode != IEEE80211_M_STA) {
  830                 /* check if we're in a livelock situation.. */
  831                 uint32_t tmp = RAL_READ(sc, RT2860_DEBUG);
  832                 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
  833                         /* ..and reset MAC/BBP for a while.. */
  834                         DPRINTF(("CTS-to-self livelock detected\n"));
  835                         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
  836                         RAL_BARRIER_WRITE(sc);
  837                         DELAY(1);
  838                         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
  839                             RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
  840                 }
  841         }
  842 }
  843 
  844 static void
  845 rt2860_newassoc(struct ieee80211_node *ni, int isnew)
  846 {
  847         struct ieee80211com *ic = ni->ni_ic;
  848         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  849         uint8_t wcid;
  850 
  851         wcid = IEEE80211_AID(ni->ni_associd);
  852         if (isnew && ni->ni_associd != 0) {
  853                 sc->wcid2ni[wcid] = ni;
  854 
  855                 /* init WCID table entry */
  856                 RAL_WRITE_REGION_1(sc, RT2860_WCID_ENTRY(wcid),
  857                     ni->ni_macaddr, IEEE80211_ADDR_LEN);
  858         }
  859         DPRINTF(("new assoc isnew=%d addr=%s WCID=%d\n",
  860             isnew, ether_sprintf(ni->ni_macaddr), wcid));
  861 }
  862 
  863 static void
  864 rt2860_node_free(struct ieee80211_node *ni)
  865 {
  866         struct ieee80211com *ic = ni->ni_ic;
  867         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  868         uint8_t wcid;
  869 
  870         if (ni->ni_associd != 0) {
  871                 wcid = IEEE80211_AID(ni->ni_associd);
  872 
  873                 /* clear Rx WCID search table entry */
  874                 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(wcid), 0, 2);
  875         }
  876         sc->sc_node_free(ni);
  877 }
  878 
  879 #ifdef IEEE80211_HT
  880 static int
  881 rt2860_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
  882     uint8_t tid)
  883 {
  884         struct rt2860_softc *sc = ic->ic_softc;
  885         uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
  886         uint32_t tmp;
  887 
  888         /* update BA session mask */
  889         tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
  890         tmp |= (1 << tid) << 16;
  891         RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
  892         return 0;
  893 }
  894 
  895 static void
  896 rt2860_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni,
  897     uint8_t tid)
  898 {
  899         struct rt2860_softc *sc = ic->ic_softc;
  900         uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
  901         uint32_t tmp;
  902 
  903         /* update BA session mask */
  904         tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
  905         tmp &= ~((1 << tid) << 16);
  906         RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
  907 }
  908 #endif
  909 
  910 int
  911 rt2860_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
  912 {
  913         struct rt2860_vap *rvp = RT2860_VAP(vap);
  914         struct ieee80211com *ic = vap->iv_ic;
  915         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  916         uint32_t tmp;
  917         int error;
  918 
  919         if (vap->iv_state == IEEE80211_S_RUN) {
  920                 /* turn link LED off */
  921                 rt2860_set_leds(sc, RT2860_LED_RADIO);
  922         }
  923 
  924         if (nstate == IEEE80211_S_INIT && vap->iv_state == IEEE80211_S_RUN) {
  925                 /* abort TSF synchronization */
  926                 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
  927                 RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
  928                     tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
  929                     RT2860_TBTT_TIMER_EN));
  930         }
  931 
  932         rt2860_set_gp_timer(sc, 0);
  933 
  934         error = rvp->ral_newstate(vap, nstate, arg);
  935         if (error != 0)
  936                 return (error);
  937 
  938         if (nstate == IEEE80211_S_RUN) {
  939                 struct ieee80211_node *ni = vap->iv_bss;
  940 
  941                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
  942                         rt2860_enable_mrr(sc);
  943                         rt2860_set_txpreamble(sc);
  944                         rt2860_set_basicrates(sc, &ni->ni_rates);
  945                         rt2860_set_bssid(sc, ni->ni_bssid);
  946                 }
  947 
  948                 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
  949                     vap->iv_opmode == IEEE80211_M_IBSS ||
  950                     vap->iv_opmode == IEEE80211_M_MBSS) {
  951                         error = rt2860_setup_beacon(sc, vap);
  952                         if (error != 0)
  953                                 return error;
  954                 }
  955 
  956                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
  957                         rt2860_enable_tsf_sync(sc);
  958                         rt2860_set_gp_timer(sc, 500);
  959                 }
  960 
  961                 /* turn link LED on */
  962                 rt2860_set_leds(sc, RT2860_LED_RADIO |
  963                     (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) ?
  964                      RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
  965         }
  966         return error;
  967 }
  968 
  969 /* Read 16-bit from eFUSE ROM (>=RT3071 only.) */
  970 static uint16_t
  971 rt3090_efuse_read_2(struct rt2860_softc *sc, uint16_t addr)
  972 {
  973         uint32_t tmp;
  974         uint16_t reg;
  975         int ntries;
  976 
  977         addr *= 2;
  978         /*-
  979          * Read one 16-byte block into registers EFUSE_DATA[0-3]:
  980          * DATA0: F E D C
  981          * DATA1: B A 9 8
  982          * DATA2: 7 6 5 4
  983          * DATA3: 3 2 1 0
  984          */
  985         tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
  986         tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
  987         tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
  988         RAL_WRITE(sc, RT3070_EFUSE_CTRL, tmp);
  989         for (ntries = 0; ntries < 500; ntries++) {
  990                 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
  991                 if (!(tmp & RT3070_EFSROM_KICK))
  992                         break;
  993                 DELAY(2);
  994         }
  995         if (ntries == 500)
  996                 return 0xffff;
  997 
  998         if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK)
  999                 return 0xffff;  /* address not found */
 1000 
 1001         /* determine to which 32-bit register our 16-bit word belongs */
 1002         reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
 1003         tmp = RAL_READ(sc, reg);
 1004 
 1005         return (addr & 2) ? tmp >> 16 : tmp & 0xffff;
 1006 }
 1007 
 1008 /*
 1009  * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
 1010  * 93C66 or 93C86).
 1011  */
 1012 static uint16_t
 1013 rt2860_eeprom_read_2(struct rt2860_softc *sc, uint16_t addr)
 1014 {
 1015         uint32_t tmp;
 1016         uint16_t val;
 1017         int n;
 1018 
 1019         /* clock C once before the first command */
 1020         RT2860_EEPROM_CTL(sc, 0);
 1021 
 1022         RT2860_EEPROM_CTL(sc, RT2860_S);
 1023         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1024         RT2860_EEPROM_CTL(sc, RT2860_S);
 1025 
 1026         /* write start bit (1) */
 1027         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
 1028         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
 1029 
 1030         /* write READ opcode (10) */
 1031         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
 1032         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
 1033         RT2860_EEPROM_CTL(sc, RT2860_S);
 1034         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1035 
 1036         /* write address (A5-A0 or A7-A0) */
 1037         n = ((RAL_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
 1038         for (; n >= 0; n--) {
 1039                 RT2860_EEPROM_CTL(sc, RT2860_S |
 1040                     (((addr >> n) & 1) << RT2860_SHIFT_D));
 1041                 RT2860_EEPROM_CTL(sc, RT2860_S |
 1042                     (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
 1043         }
 1044 
 1045         RT2860_EEPROM_CTL(sc, RT2860_S);
 1046 
 1047         /* read data Q15-Q0 */
 1048         val = 0;
 1049         for (n = 15; n >= 0; n--) {
 1050                 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1051                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 1052                 val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
 1053                 RT2860_EEPROM_CTL(sc, RT2860_S);
 1054         }
 1055 
 1056         RT2860_EEPROM_CTL(sc, 0);
 1057 
 1058         /* clear Chip Select and clock C */
 1059         RT2860_EEPROM_CTL(sc, RT2860_S);
 1060         RT2860_EEPROM_CTL(sc, 0);
 1061         RT2860_EEPROM_CTL(sc, RT2860_C);
 1062 
 1063         return val;
 1064 }
 1065 
 1066 static __inline uint16_t
 1067 rt2860_srom_read(struct rt2860_softc *sc, uint8_t addr)
 1068 {
 1069         /* either eFUSE ROM or EEPROM */
 1070         return sc->sc_srom_read(sc, addr);
 1071 }
 1072 
 1073 static void
 1074 rt2860_intr_coherent(struct rt2860_softc *sc)
 1075 {
 1076         uint32_t tmp;
 1077 
 1078         /* DMA finds data coherent event when checking the DDONE bit */
 1079 
 1080         DPRINTF(("Tx/Rx Coherent interrupt\n"));
 1081 
 1082         /* restart DMA engine */
 1083         tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 1084         tmp &= ~(RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
 1085         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 1086 
 1087         (void)rt2860_txrx_enable(sc);
 1088 }
 1089 
 1090 static void
 1091 rt2860_drain_stats_fifo(struct rt2860_softc *sc)
 1092 {
 1093         struct ifnet *ifp = sc->sc_ifp;
 1094         struct ieee80211_node *ni;
 1095         uint32_t stat;
 1096         int retrycnt;
 1097         uint8_t wcid, mcs, pid;
 1098 
 1099         /* drain Tx status FIFO (maxsize = 16) */
 1100         while ((stat = RAL_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
 1101                 DPRINTFN(4, ("tx stat 0x%08x\n", stat));
 1102 
 1103                 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
 1104                 ni = sc->wcid2ni[wcid];
 1105 
 1106                 /* if no ACK was requested, no feedback is available */
 1107                 if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL)
 1108                         continue;
 1109 
 1110                 /* update per-STA AMRR stats */
 1111                 if (stat & RT2860_TXQ_OK) {
 1112                         /*
 1113                          * Check if there were retries, ie if the Tx success
 1114                          * rate is different from the requested rate.  Note
 1115                          * that it works only because we do not allow rate
 1116                          * fallback from OFDM to CCK.
 1117                          */
 1118                         mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
 1119                         pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
 1120                         if (mcs + 1 != pid)
 1121                                 retrycnt = 1;
 1122                         else
 1123                                 retrycnt = 0;
 1124                         ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
 1125                             IEEE80211_RATECTL_TX_SUCCESS, &retrycnt, NULL);
 1126                 } else {
 1127                         ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
 1128                             IEEE80211_RATECTL_TX_FAILURE, &retrycnt, NULL);
 1129                         ifp->if_oerrors++;
 1130                 }
 1131         }
 1132 }
 1133 
 1134 static void
 1135 rt2860_tx_intr(struct rt2860_softc *sc, int qid)
 1136 {
 1137         struct ifnet *ifp = sc->sc_ifp;
 1138         struct rt2860_tx_ring *ring = &sc->txq[qid];
 1139         uint32_t hw;
 1140 
 1141         rt2860_drain_stats_fifo(sc);
 1142 
 1143         hw = RAL_READ(sc, RT2860_TX_DTX_IDX(qid));
 1144         while (ring->next != hw) {
 1145                 struct rt2860_tx_data *data = ring->data[ring->next];
 1146 
 1147                 if (data != NULL) {
 1148                         bus_dmamap_sync(sc->txwi_dmat, data->map,
 1149                             BUS_DMASYNC_POSTWRITE);
 1150                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1151                         if (data->m->m_flags & M_TXCB) {
 1152                                 ieee80211_process_callback(data->ni, data->m,
 1153                                     0);
 1154                         }
 1155                         m_freem(data->m);
 1156                         ieee80211_free_node(data->ni);
 1157                         data->m = NULL;
 1158                         data->ni = NULL;
 1159 
 1160                         SLIST_INSERT_HEAD(&sc->data_pool, data, next);
 1161                         ring->data[ring->next] = NULL;
 1162 
 1163                         ifp->if_opackets++;
 1164                 }
 1165                 ring->queued--;
 1166                 ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
 1167         }
 1168 
 1169         sc->sc_tx_timer = 0;
 1170         if (ring->queued < RT2860_TX_RING_COUNT)
 1171                 sc->qfullmsk &= ~(1 << qid);
 1172         ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
 1173         rt2860_start_locked(ifp);
 1174 }
 1175 
 1176 /*
 1177  * Return the Rx chain with the highest RSSI for a given frame.
 1178  */
 1179 static __inline uint8_t
 1180 rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
 1181 {
 1182         uint8_t rxchain = 0;
 1183 
 1184         if (sc->nrxchains > 1) {
 1185                 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
 1186                         rxchain = 1;
 1187                 if (sc->nrxchains > 2)
 1188                         if (rxwi->rssi[2] > rxwi->rssi[rxchain])
 1189                                 rxchain = 2;
 1190         }
 1191         return rxchain;
 1192 }
 1193 
 1194 static void
 1195 rt2860_rx_intr(struct rt2860_softc *sc)
 1196 {
 1197         struct rt2860_rx_radiotap_header *tap;
 1198         struct ifnet *ifp = sc->sc_ifp;
 1199         struct ieee80211com *ic = ifp->if_l2com;
 1200         struct ieee80211_frame *wh;
 1201         struct ieee80211_node *ni;
 1202         struct mbuf *m, *m1;
 1203         bus_addr_t physaddr;
 1204         uint32_t hw;
 1205         uint16_t phy;
 1206         uint8_t ant;
 1207         int8_t rssi, nf;
 1208         int error;
 1209 
 1210         hw = RAL_READ(sc, RT2860_FS_DRX_IDX) & 0xfff;
 1211         while (sc->rxq.cur != hw) {
 1212                 struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
 1213                 struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
 1214                 struct rt2860_rxwi *rxwi;
 1215 
 1216                 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
 1217                     BUS_DMASYNC_POSTREAD);
 1218 
 1219                 if (__predict_false(!(rxd->sdl0 & htole16(RT2860_RX_DDONE)))) {
 1220                         DPRINTF(("RXD DDONE bit not set!\n"));
 1221                         break;  /* should not happen */
 1222                 }
 1223 
 1224                 if (__predict_false(rxd->flags &
 1225                     htole32(RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
 1226                         ifp->if_ierrors++;
 1227                         goto skip;
 1228                 }
 1229 
 1230 #ifdef HW_CRYPTO
 1231                 if (__predict_false(rxd->flags & htole32(RT2860_RX_MICERR))) {
 1232                         /* report MIC failures to net80211 for TKIP */
 1233                         ic->ic_stats.is_rx_locmicfail++;
 1234                         ieee80211_michael_mic_failure(ic, 0/* XXX */);
 1235                         ifp->if_ierrors++;
 1236                         goto skip;
 1237                 }
 1238 #endif
 1239 
 1240                 m1 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
 1241                 if (__predict_false(m1 == NULL)) {
 1242                         ifp->if_ierrors++;
 1243                         goto skip;
 1244                 }
 1245 
 1246                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
 1247                     BUS_DMASYNC_POSTREAD);
 1248                 bus_dmamap_unload(sc->rxq.data_dmat, data->map);
 1249 
 1250                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
 1251                     mtod(m1, void *), MCLBYTES, rt2860_dma_map_addr,
 1252                     &physaddr, 0);
 1253                 if (__predict_false(error != 0)) {
 1254                         m_freem(m1);
 1255 
 1256                         /* try to reload the old mbuf */
 1257                         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
 1258                             mtod(data->m, void *), MCLBYTES,
 1259                             rt2860_dma_map_addr, &physaddr, 0);
 1260                         if (__predict_false(error != 0)) {
 1261                                 panic("%s: could not load old rx mbuf",
 1262                                     device_get_name(sc->sc_dev));
 1263                         }
 1264                         /* physical address may have changed */
 1265                         rxd->sdp0 = htole32(physaddr);
 1266                         ifp->if_ierrors++;
 1267                         goto skip;
 1268                 }
 1269 
 1270                 /*
 1271                  * New mbuf successfully loaded, update Rx ring and continue
 1272                  * processing.
 1273                  */
 1274                 m = data->m;
 1275                 data->m = m1;
 1276                 rxd->sdp0 = htole32(physaddr);
 1277 
 1278                 rxwi = mtod(m, struct rt2860_rxwi *);
 1279 
 1280                 /* finalize mbuf */
 1281                 m->m_pkthdr.rcvif = ifp;
 1282                 m->m_data = (caddr_t)(rxwi + 1);
 1283                 m->m_pkthdr.len = m->m_len = le16toh(rxwi->len) & 0xfff;
 1284 
 1285                 wh = mtod(m, struct ieee80211_frame *);
 1286 #ifdef HW_CRYPTO
 1287                 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
 1288                         /* frame is decrypted by hardware */
 1289                         wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
 1290                 }
 1291 #endif
 1292 
 1293                 /* HW may insert 2 padding bytes after 802.11 header */
 1294                 if (rxd->flags & htole32(RT2860_RX_L2PAD)) {
 1295                         u_int hdrlen = ieee80211_hdrsize(wh);
 1296                         ovbcopy(wh, (caddr_t)wh + 2, hdrlen);
 1297                         m->m_data += 2;
 1298                         wh = mtod(m, struct ieee80211_frame *);
 1299                 }
 1300 
 1301                 ant = rt2860_maxrssi_chain(sc, rxwi);
 1302                 rssi = rt2860_rssi2dbm(sc, rxwi->rssi[ant], ant);
 1303                 nf = RT2860_NOISE_FLOOR;
 1304 
 1305                 if (ieee80211_radiotap_active(ic)) {
 1306                         tap = &sc->sc_rxtap;
 1307                         tap->wr_flags = 0;
 1308                         tap->wr_antenna = ant;
 1309                         tap->wr_antsignal = nf + rssi;
 1310                         tap->wr_antnoise = nf;
 1311                         /* in case it can't be found below */
 1312                         tap->wr_rate = 2;
 1313                         phy = le16toh(rxwi->phy);
 1314                         switch (phy & RT2860_PHY_MODE) {
 1315                         case RT2860_PHY_CCK:
 1316                                 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
 1317                                 case 0: tap->wr_rate =   2; break;
 1318                                 case 1: tap->wr_rate =   4; break;
 1319                                 case 2: tap->wr_rate =  11; break;
 1320                                 case 3: tap->wr_rate =  22; break;
 1321                                 }
 1322                                 if (phy & RT2860_PHY_SHPRE)
 1323                                         tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1324                                 break;
 1325                         case RT2860_PHY_OFDM:
 1326                                 switch (phy & RT2860_PHY_MCS) {
 1327                                 case 0: tap->wr_rate =  12; break;
 1328                                 case 1: tap->wr_rate =  18; break;
 1329                                 case 2: tap->wr_rate =  24; break;
 1330                                 case 3: tap->wr_rate =  36; break;
 1331                                 case 4: tap->wr_rate =  48; break;
 1332                                 case 5: tap->wr_rate =  72; break;
 1333                                 case 6: tap->wr_rate =  96; break;
 1334                                 case 7: tap->wr_rate = 108; break;
 1335                                 }
 1336                                 break;
 1337                         }
 1338                 }
 1339 
 1340                 RAL_UNLOCK(sc);
 1341                 wh = mtod(m, struct ieee80211_frame *);
 1342 
 1343                 /* send the frame to the 802.11 layer */
 1344                 ni = ieee80211_find_rxnode(ic,
 1345                     (struct ieee80211_frame_min *)wh);
 1346                 if (ni != NULL) {
 1347                         (void)ieee80211_input(ni, m, rssi - nf, nf);
 1348                         ieee80211_free_node(ni);
 1349                 } else
 1350                         (void)ieee80211_input_all(ic, m, rssi - nf, nf);
 1351 
 1352                 RAL_LOCK(sc);
 1353 
 1354 skip:           rxd->sdl0 &= ~htole16(RT2860_RX_DDONE);
 1355 
 1356                 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
 1357                     BUS_DMASYNC_PREWRITE);
 1358 
 1359                 sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
 1360         }
 1361 
 1362         /* tell HW what we have processed */
 1363         RAL_WRITE(sc, RT2860_RX_CALC_IDX,
 1364             (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
 1365 }
 1366 
 1367 static void
 1368 rt2860_tbtt_intr(struct rt2860_softc *sc)
 1369 {
 1370 #if 0
 1371         struct ieee80211com *ic = &sc->sc_ic;
 1372 
 1373 #ifndef IEEE80211_STA_ONLY
 1374         if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
 1375                 /* one less beacon until next DTIM */
 1376                 if (ic->ic_dtim_count == 0)
 1377                         ic->ic_dtim_count = ic->ic_dtim_period - 1;
 1378                 else
 1379                         ic->ic_dtim_count--;
 1380 
 1381                 /* update dynamic parts of beacon */
 1382                 rt2860_setup_beacon(sc);
 1383 
 1384                 /* flush buffered multicast frames */
 1385                 if (ic->ic_dtim_count == 0)
 1386                         ieee80211_notify_dtim(ic);
 1387         }
 1388 #endif
 1389         /* check if protection mode has changed */
 1390         if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
 1391                 rt2860_updateprot(ic);
 1392                 sc->sc_ic_flags = ic->ic_flags;
 1393         }
 1394 #endif
 1395 }
 1396 
 1397 static void
 1398 rt2860_gp_intr(struct rt2860_softc *sc)
 1399 {
 1400         struct ieee80211com *ic = sc->sc_ifp->if_l2com;
 1401         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 1402 
 1403         DPRINTFN(2, ("GP timeout state=%d\n", vap->iv_state));
 1404 
 1405         if (vap->iv_state == IEEE80211_S_RUN)
 1406                 rt2860_updatestats(sc);
 1407 }
 1408 
 1409 void
 1410 rt2860_intr(void *arg)
 1411 {
 1412         struct rt2860_softc *sc = arg;
 1413         uint32_t r;
 1414 
 1415         RAL_LOCK(sc);
 1416 
 1417         r = RAL_READ(sc, RT2860_INT_STATUS);
 1418         if (__predict_false(r == 0xffffffff)) {
 1419                 RAL_UNLOCK(sc);
 1420                 return; /* device likely went away */
 1421         }
 1422         if (r == 0) {
 1423                 RAL_UNLOCK(sc);
 1424                 return; /* not for us */
 1425         }
 1426 
 1427         /* acknowledge interrupts */
 1428         RAL_WRITE(sc, RT2860_INT_STATUS, r);
 1429 
 1430         if (r & RT2860_TX_RX_COHERENT)
 1431                 rt2860_intr_coherent(sc);
 1432 
 1433         if (r & RT2860_MAC_INT_2)       /* TX status */
 1434                 rt2860_drain_stats_fifo(sc);
 1435 
 1436         if (r & RT2860_TX_DONE_INT5)
 1437                 rt2860_tx_intr(sc, 5);
 1438 
 1439         if (r & RT2860_RX_DONE_INT)
 1440                 rt2860_rx_intr(sc);
 1441 
 1442         if (r & RT2860_TX_DONE_INT4)
 1443                 rt2860_tx_intr(sc, 4);
 1444 
 1445         if (r & RT2860_TX_DONE_INT3)
 1446                 rt2860_tx_intr(sc, 3);
 1447 
 1448         if (r & RT2860_TX_DONE_INT2)
 1449                 rt2860_tx_intr(sc, 2);
 1450 
 1451         if (r & RT2860_TX_DONE_INT1)
 1452                 rt2860_tx_intr(sc, 1);
 1453 
 1454         if (r & RT2860_TX_DONE_INT0)
 1455                 rt2860_tx_intr(sc, 0);
 1456 
 1457         if (r & RT2860_MAC_INT_0)       /* TBTT */
 1458                 rt2860_tbtt_intr(sc);
 1459 
 1460         if (r & RT2860_MAC_INT_3)       /* Auto wakeup */
 1461                 /* TBD wakeup */;
 1462 
 1463         if (r & RT2860_MAC_INT_4)       /* GP timer */
 1464                 rt2860_gp_intr(sc);
 1465 
 1466         RAL_UNLOCK(sc);
 1467 }
 1468 
 1469 static int
 1470 rt2860_tx(struct rt2860_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
 1471 {
 1472         struct ifnet *ifp = sc->sc_ifp;
 1473         struct ieee80211com *ic = ifp->if_l2com;
 1474         struct ieee80211vap *vap = ni->ni_vap;
 1475         struct rt2860_tx_ring *ring;
 1476         struct rt2860_tx_data *data;
 1477         struct rt2860_txd *txd;
 1478         struct rt2860_txwi *txwi;
 1479         struct ieee80211_frame *wh;
 1480         const struct ieee80211_txparam *tp;
 1481         struct ieee80211_key *k;
 1482         struct mbuf *m1;
 1483         bus_dma_segment_t segs[RT2860_MAX_SCATTER];
 1484         bus_dma_segment_t *seg;
 1485         u_int hdrlen;
 1486         uint16_t qos, dur;
 1487         uint8_t type, qsel, mcs, pid, tid, qid;
 1488         int i, nsegs, ntxds, pad, rate, ridx, error;
 1489 
 1490         /* the data pool contains at least one element, pick the first */
 1491         data = SLIST_FIRST(&sc->data_pool);
 1492 
 1493         wh = mtod(m, struct ieee80211_frame *);
 1494 
 1495         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
 1496                 k = ieee80211_crypto_encap(ni, m);
 1497                 if (k == NULL) {
 1498                         m_freem(m);
 1499                         return ENOBUFS;
 1500                 }
 1501 
 1502                 /* packet header may have moved, reset our local pointer */
 1503                 wh = mtod(m, struct ieee80211_frame *);
 1504         }
 1505 
 1506         hdrlen = ieee80211_anyhdrsize(wh);
 1507         type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 1508 
 1509         tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
 1510         if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 1511                 rate = tp->mcastrate;
 1512         } else if (m->m_flags & M_EAPOL) {
 1513                 rate = tp->mgmtrate;
 1514         } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
 1515                 rate = tp->ucastrate;
 1516         } else {
 1517                 (void) ieee80211_ratectl_rate(ni, NULL, 0);
 1518                 rate = ni->ni_txrate;
 1519         }
 1520         rate &= IEEE80211_RATE_VAL;
 1521 
 1522         qid = M_WME_GETAC(m);
 1523         if (IEEE80211_QOS_HAS_SEQ(wh)) {
 1524                 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
 1525                 tid = qos & IEEE80211_QOS_TID;
 1526         } else {
 1527                 qos = 0;
 1528                 tid = 0;
 1529         }
 1530         ring = &sc->txq[qid];
 1531         ridx = ieee80211_legacy_rate_lookup(ic->ic_rt, rate);
 1532 
 1533         /* get MCS code from rate index */
 1534         mcs = rt2860_rates[ridx].mcs;
 1535 
 1536         /* setup TX Wireless Information */
 1537         txwi = data->txwi;
 1538         txwi->flags = 0;
 1539         /* let HW generate seq numbers for non-QoS frames */
 1540         txwi->xflags = qos ? 0 : RT2860_TX_NSEQ;
 1541         if (type == IEEE80211_FC0_TYPE_DATA)
 1542                 txwi->wcid = IEEE80211_AID(ni->ni_associd);
 1543         else
 1544                 txwi->wcid = 0xff;
 1545         txwi->len = htole16(m->m_pkthdr.len);
 1546         if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
 1547                 txwi->phy = htole16(RT2860_PHY_CCK);
 1548                 if (ridx != RT2860_RIDX_CCK1 &&
 1549                     (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
 1550                         mcs |= RT2860_PHY_SHPRE;
 1551         } else
 1552                 txwi->phy = htole16(RT2860_PHY_OFDM);
 1553         txwi->phy |= htole16(mcs);
 1554 
 1555         /*
 1556          * We store the MCS code into the driver-private PacketID field.
 1557          * The PacketID is latched into TX_STAT_FIFO when Tx completes so
 1558          * that we know at which initial rate the frame was transmitted.
 1559          * We add 1 to the MCS code because setting the PacketID field to
 1560          * 0 means that we don't want feedback in TX_STAT_FIFO.
 1561          */
 1562         pid = (mcs + 1) & 0xf;
 1563         txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
 1564 
 1565         /* check if RTS/CTS or CTS-to-self protection is required */
 1566         if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
 1567             (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
 1568              ((ic->ic_flags & IEEE80211_F_USEPROT) &&
 1569               rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
 1570                 txwi->txop = RT2860_TX_TXOP_HT;
 1571         else
 1572                 txwi->txop = RT2860_TX_TXOP_BACKOFF;
 1573 
 1574         if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
 1575             (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
 1576              IEEE80211_QOS_ACKPOLICY_NOACK)) {
 1577                 txwi->xflags |= RT2860_TX_ACK;
 1578 
 1579                 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 1580                         dur = rt2860_rates[ridx].sp_ack_dur;
 1581                 else
 1582                         dur = rt2860_rates[ridx].lp_ack_dur;
 1583                 *(uint16_t *)wh->i_dur = htole16(dur);
 1584         }
 1585         /* ask MAC to insert timestamp into probe responses */
 1586         if ((wh->i_fc[0] &
 1587              (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
 1588              (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
 1589             /* NOTE: beacons do not pass through tx_data() */
 1590                 txwi->flags |= RT2860_TX_TS;
 1591 
 1592         if (ieee80211_radiotap_active_vap(vap)) {
 1593                 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
 1594 
 1595                 tap->wt_flags = 0;
 1596                 tap->wt_rate = rate;
 1597                 if (mcs & RT2860_PHY_SHPRE)
 1598                         tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1599 
 1600                 ieee80211_radiotap_tx(vap, m);
 1601         }
 1602 
 1603         pad = (hdrlen + 3) & ~3;
 1604 
 1605         /* copy and trim 802.11 header */
 1606         memcpy(txwi + 1, wh, hdrlen);
 1607         m_adj(m, hdrlen);
 1608 
 1609         error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
 1610             &nsegs, 0);
 1611         if (__predict_false(error != 0 && error != EFBIG)) {
 1612                 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1613                     error);
 1614                 m_freem(m);
 1615                 return error;
 1616         }
 1617         if (__predict_true(error == 0)) {
 1618                 /* determine how many TXDs are required */
 1619                 ntxds = 1 + (nsegs / 2);
 1620 
 1621                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1622                         /* not enough free TXDs, force mbuf defrag */
 1623                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1624                         error = EFBIG;
 1625                 }
 1626         }
 1627         if (__predict_false(error != 0)) {
 1628                 m1 = m_defrag(m, M_NOWAIT);
 1629                 if (m1 == NULL) {
 1630                         device_printf(sc->sc_dev,
 1631                             "could not defragment mbuf\n");
 1632                         m_freem(m);
 1633                         return ENOBUFS;
 1634                 }
 1635                 m = m1;
 1636 
 1637                 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
 1638                     segs, &nsegs, 0);
 1639                 if (__predict_false(error != 0)) {
 1640                         device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1641                             error);
 1642                         m_freem(m);
 1643                         return error;
 1644                 }
 1645 
 1646                 /* determine how many TXDs are now required */
 1647                 ntxds = 1 + (nsegs / 2);
 1648 
 1649                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1650                         /* this is a hopeless case, drop the mbuf! */
 1651                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1652                         m_freem(m);
 1653                         return ENOBUFS;
 1654                 }
 1655         }
 1656 
 1657         qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
 1658 
 1659         /* first segment is TXWI + 802.11 header */
 1660         txd = &ring->txd[ring->cur];
 1661         txd->sdp0 = htole32(data->paddr);
 1662         txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
 1663         txd->flags = qsel;
 1664 
 1665         /* setup payload segments */
 1666         seg = &segs[0];
 1667         for (i = nsegs; i >= 2; i -= 2) {
 1668                 txd->sdp1 = htole32(seg->ds_addr);
 1669                 txd->sdl1 = htole16(seg->ds_len);
 1670                 seg++;
 1671                 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1672                 /* grab a new Tx descriptor */
 1673                 txd = &ring->txd[ring->cur];
 1674                 txd->sdp0 = htole32(seg->ds_addr);
 1675                 txd->sdl0 = htole16(seg->ds_len);
 1676                 txd->flags = qsel;
 1677                 seg++;
 1678         }
 1679         /* finalize last segment */
 1680         if (i > 0) {
 1681                 txd->sdp1 = htole32(seg->ds_addr);
 1682                 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
 1683         } else {
 1684                 txd->sdl0 |= htole16(RT2860_TX_LS0);
 1685                 txd->sdl1 = 0;
 1686         }
 1687 
 1688         /* remove from the free pool and link it into the SW Tx slot */
 1689         SLIST_REMOVE_HEAD(&sc->data_pool, next);
 1690         data->m = m;
 1691         data->ni = ni;
 1692         ring->data[ring->cur] = data;
 1693 
 1694         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
 1695         bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
 1696         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
 1697 
 1698         DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
 1699             qid, txwi->wcid, nsegs, ridx));
 1700 
 1701         ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1702         ring->queued += ntxds;
 1703         if (ring->queued >= RT2860_TX_RING_COUNT)
 1704                 sc->qfullmsk |= 1 << qid;
 1705 
 1706         /* kick Tx */
 1707         RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
 1708 
 1709         return 0;
 1710 }
 1711 
 1712 static int
 1713 rt2860_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
 1714     const struct ieee80211_bpf_params *params)
 1715 {
 1716         struct ieee80211com *ic = ni->ni_ic;
 1717         struct ifnet *ifp = ic->ic_ifp;
 1718         struct rt2860_softc *sc = ifp->if_softc;
 1719         int error;
 1720 
 1721         RAL_LOCK(sc);
 1722 
 1723         /* prevent management frames from being sent if we're not ready */
 1724         if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
 1725                 RAL_UNLOCK(sc);
 1726                 m_freem(m);
 1727                 ieee80211_free_node(ni);
 1728                 return ENETDOWN;
 1729         }
 1730         if (params == NULL) {
 1731                 /*
 1732                  * Legacy path; interpret frame contents to decide
 1733                  * precisely how to send the frame.
 1734                  */
 1735                 error = rt2860_tx(sc, m, ni);
 1736         } else {
 1737                 /*
 1738                  * Caller supplied explicit parameters to use in
 1739                  * sending the frame.
 1740                  */
 1741                 error = rt2860_tx_raw(sc, m, ni, params);
 1742         }
 1743         if (error != 0) {
 1744                 /* NB: m is reclaimed on tx failure */
 1745                 ieee80211_free_node(ni);
 1746                 ifp->if_oerrors++;
 1747         }
 1748         sc->sc_tx_timer = 5;
 1749         RAL_UNLOCK(sc);
 1750         return error;
 1751 }
 1752 
 1753 static int
 1754 rt2860_tx_raw(struct rt2860_softc *sc, struct mbuf *m,
 1755     struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
 1756 {
 1757         struct ifnet *ifp = sc->sc_ifp;
 1758         struct ieee80211com *ic = ifp->if_l2com;
 1759         struct ieee80211vap *vap = ni->ni_vap;
 1760         struct rt2860_tx_ring *ring;
 1761         struct rt2860_tx_data *data;
 1762         struct rt2860_txd *txd;
 1763         struct rt2860_txwi *txwi;
 1764         struct ieee80211_frame *wh;
 1765         struct mbuf *m1;
 1766         bus_dma_segment_t segs[RT2860_MAX_SCATTER];
 1767         bus_dma_segment_t *seg;
 1768         u_int hdrlen;
 1769         uint16_t dur;
 1770         uint8_t type, qsel, mcs, pid, tid, qid;
 1771         int i, nsegs, ntxds, pad, rate, ridx, error;
 1772 
 1773         /* the data pool contains at least one element, pick the first */
 1774         data = SLIST_FIRST(&sc->data_pool);
 1775 
 1776         wh = mtod(m, struct ieee80211_frame *);
 1777         hdrlen = ieee80211_hdrsize(wh);
 1778         type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 1779 
 1780         /* Choose a TX rate index. */
 1781         rate = params->ibp_rate0;
 1782         ridx = ieee80211_legacy_rate_lookup(ic->ic_rt,
 1783             rate & IEEE80211_RATE_VAL);
 1784         if (ridx == (uint8_t)-1) {
 1785                 /* XXX fall back to mcast/mgmt rate? */
 1786                 m_freem(m);
 1787                 return EINVAL;
 1788         }
 1789 
 1790         qid = params->ibp_pri & 3;
 1791         tid = 0;
 1792         ring = &sc->txq[qid];
 1793 
 1794         /* get MCS code from rate index */
 1795         mcs = rt2860_rates[ridx].mcs;
 1796 
 1797         /* setup TX Wireless Information */
 1798         txwi = data->txwi;
 1799         txwi->flags = 0;
 1800         /* let HW generate seq numbers for non-QoS frames */
 1801         txwi->xflags = params->ibp_pri & 3 ? 0 : RT2860_TX_NSEQ;
 1802         txwi->wcid = 0xff;
 1803         txwi->len = htole16(m->m_pkthdr.len);
 1804         if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
 1805                 txwi->phy = htole16(RT2860_PHY_CCK);
 1806                 if (ridx != RT2860_RIDX_CCK1 &&
 1807                     (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
 1808                         mcs |= RT2860_PHY_SHPRE;
 1809         } else
 1810                 txwi->phy = htole16(RT2860_PHY_OFDM);
 1811         txwi->phy |= htole16(mcs);
 1812 
 1813         /*
 1814          * We store the MCS code into the driver-private PacketID field.
 1815          * The PacketID is latched into TX_STAT_FIFO when Tx completes so
 1816          * that we know at which initial rate the frame was transmitted.
 1817          * We add 1 to the MCS code because setting the PacketID field to
 1818          * 0 means that we don't want feedback in TX_STAT_FIFO.
 1819          */
 1820         pid = (mcs + 1) & 0xf;
 1821         txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
 1822 
 1823         /* check if RTS/CTS or CTS-to-self protection is required */
 1824         if (params->ibp_flags & IEEE80211_BPF_RTS ||
 1825             params->ibp_flags & IEEE80211_BPF_CTS)
 1826                 txwi->txop = RT2860_TX_TXOP_HT;
 1827         else
 1828                 txwi->txop = RT2860_TX_TXOP_BACKOFF;
 1829         if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) {
 1830                 txwi->xflags |= RT2860_TX_ACK;
 1831 
 1832                 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 1833                         dur = rt2860_rates[ridx].sp_ack_dur;
 1834                 else
 1835                         dur = rt2860_rates[ridx].lp_ack_dur;
 1836                 *(uint16_t *)wh->i_dur = htole16(dur);
 1837         }
 1838         /* ask MAC to insert timestamp into probe responses */
 1839         if ((wh->i_fc[0] &
 1840              (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
 1841              (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
 1842             /* NOTE: beacons do not pass through tx_data() */
 1843                 txwi->flags |= RT2860_TX_TS;
 1844 
 1845         if (ieee80211_radiotap_active_vap(vap)) {
 1846                 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
 1847 
 1848                 tap->wt_flags = 0;
 1849                 tap->wt_rate = rate;
 1850                 if (mcs & RT2860_PHY_SHPRE)
 1851                         tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1852 
 1853                 ieee80211_radiotap_tx(vap, m);
 1854         }
 1855 
 1856         pad = (hdrlen + 3) & ~3;
 1857 
 1858         /* copy and trim 802.11 header */
 1859         memcpy(txwi + 1, wh, hdrlen);
 1860         m_adj(m, hdrlen);
 1861 
 1862         error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
 1863             &nsegs, 0);
 1864         if (__predict_false(error != 0 && error != EFBIG)) {
 1865                 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1866                     error);
 1867                 m_freem(m);
 1868                 return error;
 1869         }
 1870         if (__predict_true(error == 0)) {
 1871                 /* determine how many TXDs are required */
 1872                 ntxds = 1 + (nsegs / 2);
 1873 
 1874                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1875                         /* not enough free TXDs, force mbuf defrag */
 1876                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1877                         error = EFBIG;
 1878                 }
 1879         }
 1880         if (__predict_false(error != 0)) {
 1881                 m1 = m_defrag(m, M_NOWAIT);
 1882                 if (m1 == NULL) {
 1883                         device_printf(sc->sc_dev,
 1884                             "could not defragment mbuf\n");
 1885                         m_freem(m);
 1886                         return ENOBUFS;
 1887                 }
 1888                 m = m1;
 1889 
 1890                 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
 1891                     segs, &nsegs, 0);
 1892                 if (__predict_false(error != 0)) {
 1893                         device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1894                             error);
 1895                         m_freem(m);
 1896                         return error;
 1897                 }
 1898 
 1899                 /* determine how many TXDs are now required */
 1900                 ntxds = 1 + (nsegs / 2);
 1901 
 1902                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1903                         /* this is a hopeless case, drop the mbuf! */
 1904                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1905                         m_freem(m);
 1906                         return ENOBUFS;
 1907                 }
 1908         }
 1909 
 1910         qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
 1911 
 1912         /* first segment is TXWI + 802.11 header */
 1913         txd = &ring->txd[ring->cur];
 1914         txd->sdp0 = htole32(data->paddr);
 1915         txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
 1916         txd->flags = qsel;
 1917 
 1918         /* setup payload segments */
 1919         seg = &segs[0];
 1920         for (i = nsegs; i >= 2; i -= 2) {
 1921                 txd->sdp1 = htole32(seg->ds_addr);
 1922                 txd->sdl1 = htole16(seg->ds_len);
 1923                 seg++;
 1924                 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1925                 /* grab a new Tx descriptor */
 1926                 txd = &ring->txd[ring->cur];
 1927                 txd->sdp0 = htole32(seg->ds_addr);
 1928                 txd->sdl0 = htole16(seg->ds_len);
 1929                 txd->flags = qsel;
 1930                 seg++;
 1931         }
 1932         /* finalize last segment */
 1933         if (i > 0) {
 1934                 txd->sdp1 = htole32(seg->ds_addr);
 1935                 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
 1936         } else {
 1937                 txd->sdl0 |= htole16(RT2860_TX_LS0);
 1938                 txd->sdl1 = 0;
 1939         }
 1940 
 1941         /* remove from the free pool and link it into the SW Tx slot */
 1942         SLIST_REMOVE_HEAD(&sc->data_pool, next);
 1943         data->m = m;
 1944         data->ni = ni;
 1945         ring->data[ring->cur] = data;
 1946 
 1947         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
 1948         bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
 1949         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
 1950 
 1951         DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
 1952             qid, txwi->wcid, nsegs, ridx));
 1953 
 1954         ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1955         ring->queued += ntxds;
 1956         if (ring->queued >= RT2860_TX_RING_COUNT)
 1957                 sc->qfullmsk |= 1 << qid;
 1958 
 1959         /* kick Tx */
 1960         RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
 1961 
 1962         return 0;
 1963 }
 1964 
 1965 static void
 1966 rt2860_start(struct ifnet *ifp)
 1967 {
 1968         struct rt2860_softc *sc = ifp->if_softc;
 1969 
 1970         RAL_LOCK(sc);
 1971         rt2860_start_locked(ifp);
 1972         RAL_UNLOCK(sc);
 1973 }
 1974 
 1975 static void
 1976 rt2860_start_locked(struct ifnet *ifp)
 1977 {
 1978         struct rt2860_softc *sc = ifp->if_softc;
 1979         struct ieee80211_node *ni;
 1980         struct mbuf *m;
 1981 
 1982         RAL_LOCK_ASSERT(sc);
 1983 
 1984         if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 1985             (ifp->if_drv_flags & IFF_DRV_OACTIVE))
 1986                 return;
 1987 
 1988         for (;;) {
 1989                 if (SLIST_EMPTY(&sc->data_pool) || sc->qfullmsk != 0) {
 1990                         ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 1991                         break;
 1992                 }
 1993                 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
 1994                 if (m == NULL)
 1995                         break;
 1996                 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
 1997                 if (rt2860_tx(sc, m, ni) != 0) {
 1998                         ieee80211_free_node(ni);
 1999                         ifp->if_oerrors++;
 2000                         continue;
 2001                 }
 2002                 sc->sc_tx_timer = 5;
 2003         }
 2004 }
 2005 
 2006 static void
 2007 rt2860_watchdog(void *arg)
 2008 {
 2009         struct rt2860_softc *sc = arg;
 2010         struct ifnet *ifp = sc->sc_ifp;
 2011 
 2012         RAL_LOCK_ASSERT(sc);
 2013 
 2014         KASSERT(ifp->if_drv_flags & IFF_DRV_RUNNING, ("not running"));
 2015 
 2016         if (sc->sc_invalid)             /* card ejected */
 2017                 return;
 2018 
 2019         if (sc->sc_tx_timer > 0 && --sc->sc_tx_timer == 0) {
 2020                 if_printf(ifp, "device timeout\n");
 2021                 rt2860_stop_locked(sc);
 2022                 rt2860_init_locked(sc);
 2023                 ifp->if_oerrors++;
 2024                 return;
 2025         }
 2026         callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
 2027 }
 2028 
 2029 static int
 2030 rt2860_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 2031 {
 2032         struct rt2860_softc *sc = ifp->if_softc;
 2033         struct ieee80211com *ic = ifp->if_l2com;
 2034         struct ifreq *ifr = (struct ifreq *)data;
 2035         int error = 0, startall = 0;
 2036 
 2037         switch (cmd) {
 2038         case SIOCSIFFLAGS:
 2039                 RAL_LOCK(sc);
 2040                 if (ifp->if_flags & IFF_UP) {
 2041                         if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
 2042                                 rt2860_init_locked(sc);
 2043                                 startall = 1;
 2044                         } else
 2045                                 rt2860_update_promisc(ifp);
 2046                 } else {
 2047                         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 2048                                 rt2860_stop_locked(sc);
 2049                 }
 2050                 RAL_UNLOCK(sc);
 2051                 if (startall)
 2052                         ieee80211_start_all(ic);
 2053                 break;
 2054         case SIOCGIFMEDIA:
 2055                 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
 2056                 break;
 2057         case SIOCSIFADDR:
 2058                 error = ether_ioctl(ifp, cmd, data);
 2059                 break;
 2060         default:
 2061                 error = EINVAL;
 2062                 break;
 2063         }
 2064         return error;
 2065 }
 2066 
 2067 /*
 2068  * Reading and writing from/to the BBP is different from RT2560 and RT2661.
 2069  * We access the BBP through the 8051 microcontroller unit which means that
 2070  * the microcode must be loaded first.
 2071  */
 2072 void
 2073 rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
 2074 {
 2075         int ntries;
 2076 
 2077         for (ntries = 0; ntries < 100; ntries++) {
 2078                 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
 2079                         break;
 2080                 DELAY(1);
 2081         }
 2082         if (ntries == 100) {
 2083                 device_printf(sc->sc_dev,
 2084                     "could not write to BBP through MCU\n");
 2085                 return;
 2086         }
 2087 
 2088         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
 2089             RT2860_BBP_CSR_KICK | reg << 8 | val);
 2090         RAL_BARRIER_WRITE(sc);
 2091 
 2092         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
 2093         DELAY(1000);
 2094 }
 2095 
 2096 uint8_t
 2097 rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
 2098 {
 2099         uint32_t val;
 2100         int ntries;
 2101 
 2102         for (ntries = 0; ntries < 100; ntries++) {
 2103                 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
 2104                         break;
 2105                 DELAY(1);
 2106         }
 2107         if (ntries == 100) {
 2108                 device_printf(sc->sc_dev,
 2109                     "could not read from BBP through MCU\n");
 2110                 return 0;
 2111         }
 2112 
 2113         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
 2114             RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
 2115         RAL_BARRIER_WRITE(sc);
 2116 
 2117         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
 2118         DELAY(1000);
 2119 
 2120         for (ntries = 0; ntries < 100; ntries++) {
 2121                 val = RAL_READ(sc, RT2860_H2M_BBPAGENT);
 2122                 if (!(val & RT2860_BBP_CSR_KICK))
 2123                         return val & 0xff;
 2124                 DELAY(1);
 2125         }
 2126         device_printf(sc->sc_dev, "could not read from BBP through MCU\n");
 2127 
 2128         return 0;
 2129 }
 2130 
 2131 /*
 2132  * Write to one of the 4 programmable 24-bit RF registers.
 2133  */
 2134 static void
 2135 rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
 2136 {
 2137         uint32_t tmp;
 2138         int ntries;
 2139 
 2140         for (ntries = 0; ntries < 100; ntries++) {
 2141                 if (!(RAL_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
 2142                         break;
 2143                 DELAY(1);
 2144         }
 2145         if (ntries == 100) {
 2146                 device_printf(sc->sc_dev, "could not write to RF\n");
 2147                 return;
 2148         }
 2149 
 2150         /* RF registers are 24-bit on the RT2860 */
 2151         tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
 2152             (val & 0x3fffff) << 2 | (reg & 3);
 2153         RAL_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
 2154 }
 2155 
 2156 static uint8_t
 2157 rt3090_rf_read(struct rt2860_softc *sc, uint8_t reg)
 2158 {
 2159         uint32_t tmp;
 2160         int ntries;
 2161 
 2162         for (ntries = 0; ntries < 100; ntries++) {
 2163                 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
 2164                         break;
 2165                 DELAY(1);
 2166         }
 2167         if (ntries == 100) {
 2168                 device_printf(sc->sc_dev, "could not read RF register\n");
 2169                 return 0xff;
 2170         }
 2171         tmp = RT3070_RF_KICK | reg << 8;
 2172         RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
 2173 
 2174         for (ntries = 0; ntries < 100; ntries++) {
 2175                 tmp = RAL_READ(sc, RT3070_RF_CSR_CFG);
 2176                 if (!(tmp & RT3070_RF_KICK))
 2177                         break;
 2178                 DELAY(1);
 2179         }
 2180         if (ntries == 100) {
 2181                 device_printf(sc->sc_dev, "could not read RF register\n");
 2182                 return 0xff;
 2183         }
 2184         return tmp & 0xff;
 2185 }
 2186 
 2187 void
 2188 rt3090_rf_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
 2189 {
 2190         uint32_t tmp;
 2191         int ntries;
 2192 
 2193         for (ntries = 0; ntries < 10; ntries++) {
 2194                 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
 2195                         break;
 2196                 DELAY(10);
 2197         }
 2198         if (ntries == 10) {
 2199                 device_printf(sc->sc_dev, "could not write to RF\n");
 2200                 return;
 2201         }
 2202 
 2203         tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
 2204         RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
 2205 }
 2206 
 2207 /*
 2208  * Send a command to the 8051 microcontroller unit.
 2209  */
 2210 int
 2211 rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg, int wait)
 2212 {
 2213         int slot, ntries;
 2214         uint32_t tmp;
 2215         uint8_t cid;
 2216 
 2217         for (ntries = 0; ntries < 100; ntries++) {
 2218                 if (!(RAL_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
 2219                         break;
 2220                 DELAY(2);
 2221         }
 2222         if (ntries == 100)
 2223                 return EIO;
 2224 
 2225         cid = wait ? cmd : RT2860_TOKEN_NO_INTR;
 2226         RAL_WRITE(sc, RT2860_H2M_MAILBOX, RT2860_H2M_BUSY | cid << 16 | arg);
 2227         RAL_BARRIER_WRITE(sc);
 2228         RAL_WRITE(sc, RT2860_HOST_CMD, cmd);
 2229 
 2230         if (!wait)
 2231                 return 0;
 2232         /* wait for the command to complete */
 2233         for (ntries = 0; ntries < 200; ntries++) {
 2234                 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_CID);
 2235                 /* find the command slot */
 2236                 for (slot = 0; slot < 4; slot++, tmp >>= 8)
 2237                         if ((tmp & 0xff) == cid)
 2238                                 break;
 2239                 if (slot < 4)
 2240                         break;
 2241                 DELAY(100);
 2242         }
 2243         if (ntries == 200) {
 2244                 /* clear command and status */
 2245                 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
 2246                 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
 2247                 return ETIMEDOUT;
 2248         }
 2249         /* get command status (1 means success) */
 2250         tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_STATUS);
 2251         tmp = (tmp >> (slot * 8)) & 0xff;
 2252         DPRINTF(("MCU command=0x%02x slot=%d status=0x%02x\n",
 2253             cmd, slot, tmp));
 2254         /* clear command and status */
 2255         RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
 2256         RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
 2257         return (tmp == 1) ? 0 : EIO;
 2258 }
 2259 
 2260 static void
 2261 rt2860_enable_mrr(struct rt2860_softc *sc)
 2262 {
 2263 #define CCK(mcs)        (mcs)
 2264 #define OFDM(mcs)       (1 << 3 | (mcs))
 2265         RAL_WRITE(sc, RT2860_LG_FBK_CFG0,
 2266             OFDM(6) << 28 |     /* 54->48 */
 2267             OFDM(5) << 24 |     /* 48->36 */
 2268             OFDM(4) << 20 |     /* 36->24 */
 2269             OFDM(3) << 16 |     /* 24->18 */
 2270             OFDM(2) << 12 |     /* 18->12 */
 2271             OFDM(1) <<  8 |     /* 12-> 9 */
 2272             OFDM(0) <<  4 |     /*  9-> 6 */
 2273             OFDM(0));           /*  6-> 6 */
 2274 
 2275         RAL_WRITE(sc, RT2860_LG_FBK_CFG1,
 2276             CCK(2) << 12 |      /* 11->5.5 */
 2277             CCK(1) <<  8 |      /* 5.5-> 2 */
 2278             CCK(0) <<  4 |      /*   2-> 1 */
 2279             CCK(0));            /*   1-> 1 */
 2280 #undef OFDM
 2281 #undef CCK
 2282 }
 2283 
 2284 static void
 2285 rt2860_set_txpreamble(struct rt2860_softc *sc)
 2286 {
 2287         struct ifnet *ifp = sc->sc_ifp;
 2288         struct ieee80211com *ic = ifp->if_l2com;
 2289         uint32_t tmp;
 2290 
 2291         tmp = RAL_READ(sc, RT2860_AUTO_RSP_CFG);
 2292         tmp &= ~RT2860_CCK_SHORT_EN;
 2293         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 2294                 tmp |= RT2860_CCK_SHORT_EN;
 2295         RAL_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
 2296 }
 2297 
 2298 void
 2299 rt2860_set_basicrates(struct rt2860_softc *sc,
 2300     const struct ieee80211_rateset *rs)
 2301 {
 2302 #define RV(r)   ((r) & IEEE80211_RATE_VAL)
 2303         struct ifnet *ifp = sc->sc_ifp;
 2304         struct ieee80211com *ic = ifp->if_l2com;
 2305         uint32_t mask = 0;
 2306         uint8_t rate;
 2307         int i;
 2308 
 2309         for (i = 0; i < rs->rs_nrates; i++) {
 2310                 rate = rs->rs_rates[i];
 2311 
 2312                 if (!(rate & IEEE80211_RATE_BASIC))
 2313                         continue;
 2314 
 2315                 mask |= 1 << ieee80211_legacy_rate_lookup(ic->ic_rt, RV(rate));
 2316         }
 2317 
 2318         RAL_WRITE(sc, RT2860_LEGACY_BASIC_RATE, mask);
 2319 #undef RV
 2320 }
 2321 
 2322 static void
 2323 rt2860_scan_start(struct ieee80211com *ic)
 2324 {
 2325         struct ifnet *ifp = ic->ic_ifp;
 2326         struct rt2860_softc *sc = ifp->if_softc;
 2327         uint32_t tmp;
 2328 
 2329         tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
 2330         RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
 2331             tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
 2332             RT2860_TBTT_TIMER_EN));
 2333         rt2860_set_gp_timer(sc, 0);
 2334 }
 2335 
 2336 static void
 2337 rt2860_scan_end(struct ieee80211com *ic)
 2338 {
 2339         struct ifnet *ifp = ic->ic_ifp;
 2340         struct rt2860_softc *sc = ifp->if_softc;
 2341         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 2342 
 2343         if (vap->iv_state == IEEE80211_S_RUN) {
 2344                 rt2860_enable_tsf_sync(sc);
 2345                 rt2860_set_gp_timer(sc, 500);
 2346         }
 2347 }
 2348 
 2349 static void
 2350 rt2860_set_channel(struct ieee80211com *ic)
 2351 {
 2352         struct ifnet *ifp = ic->ic_ifp;
 2353         struct rt2860_softc *sc = ifp->if_softc;
 2354 
 2355         RAL_LOCK(sc);
 2356         rt2860_switch_chan(sc, ic->ic_curchan);
 2357         RAL_UNLOCK(sc);
 2358 }
 2359 
 2360 static void
 2361 rt2860_select_chan_group(struct rt2860_softc *sc, int group)
 2362 {
 2363         uint32_t tmp;
 2364         uint8_t agc;
 2365 
 2366         rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
 2367         rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
 2368         rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
 2369         rt2860_mcu_bbp_write(sc, 86, 0x00);
 2370 
 2371         if (group == 0) {
 2372                 if (sc->ext_2ghz_lna) {
 2373                         rt2860_mcu_bbp_write(sc, 82, 0x62);
 2374                         rt2860_mcu_bbp_write(sc, 75, 0x46);
 2375                 } else {
 2376                         rt2860_mcu_bbp_write(sc, 82, 0x84);
 2377                         rt2860_mcu_bbp_write(sc, 75, 0x50);
 2378                 }
 2379         } else {
 2380                 if (sc->ext_5ghz_lna) {
 2381                         rt2860_mcu_bbp_write(sc, 82, 0xf2);
 2382                         rt2860_mcu_bbp_write(sc, 75, 0x46);
 2383                 } else {
 2384                         rt2860_mcu_bbp_write(sc, 82, 0xf2);
 2385                         rt2860_mcu_bbp_write(sc, 75, 0x50);
 2386                 }
 2387         }
 2388 
 2389         tmp = RAL_READ(sc, RT2860_TX_BAND_CFG);
 2390         tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
 2391         tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
 2392         RAL_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
 2393 
 2394         /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
 2395         tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
 2396         if (sc->nrxchains > 1)
 2397                 tmp |= RT2860_LNA_PE1_EN;
 2398         if (sc->mac_ver == 0x3593 && sc->nrxchains > 2)
 2399                 tmp |= RT3593_LNA_PE2_EN;
 2400         if (group == 0) {       /* 2GHz */
 2401                 tmp |= RT2860_PA_PE_G0_EN;
 2402                 if (sc->ntxchains > 1)
 2403                         tmp |= RT2860_PA_PE_G1_EN;
 2404                 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
 2405                         tmp |= RT3593_PA_PE_G2_EN;
 2406         } else {                /* 5GHz */
 2407                 tmp |= RT2860_PA_PE_A0_EN;
 2408                 if (sc->ntxchains > 1)
 2409                         tmp |= RT2860_PA_PE_A1_EN;
 2410                 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
 2411                         tmp |= RT3593_PA_PE_A2_EN;
 2412         }
 2413         RAL_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
 2414 
 2415         if (sc->mac_ver == 0x3593) {
 2416                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 2417                 if (sc->sc_flags & RT2860_PCIE) {
 2418                         tmp &= ~0x01010000;
 2419                         if (group == 0)
 2420                                 tmp |= 0x00010000;
 2421                 } else {
 2422                         tmp &= ~0x00008080;
 2423                         if (group == 0)
 2424                                 tmp |= 0x00000080;
 2425                 }
 2426                 tmp = (tmp & ~0x00001000) | 0x00000010;
 2427                 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp);
 2428         }
 2429 
 2430         /* set initial AGC value */
 2431         if (group == 0) {       /* 2GHz band */
 2432                 if (sc->mac_ver >= 0x3071)
 2433                         agc = 0x1c + sc->lna[0] * 2;
 2434                 else
 2435                         agc = 0x2e + sc->lna[0];
 2436         } else {                /* 5GHz band */
 2437                 agc = 0x32 + (sc->lna[group] * 5) / 3;
 2438         }
 2439         rt2860_mcu_bbp_write(sc, 66, agc);
 2440 
 2441         DELAY(1000);
 2442 }
 2443 
 2444 static void
 2445 rt2860_set_chan(struct rt2860_softc *sc, u_int chan)
 2446 {
 2447         const struct rfprog *rfprog = rt2860_rf2850;
 2448         uint32_t r2, r3, r4;
 2449         int8_t txpow1, txpow2;
 2450         u_int i;
 2451 
 2452         /* find the settings for this channel (we know it exists) */
 2453         for (i = 0; rfprog[i].chan != chan; i++);
 2454 
 2455         r2 = rfprog[i].r2;
 2456         if (sc->ntxchains == 1)
 2457                 r2 |= 1 << 12;          /* 1T: disable Tx chain 2 */
 2458         if (sc->nrxchains == 1)
 2459                 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
 2460         else if (sc->nrxchains == 2)
 2461                 r2 |= 1 << 4;           /* 2R: disable Rx chain 3 */
 2462 
 2463         /* use Tx power values from EEPROM */
 2464         txpow1 = sc->txpow1[i];
 2465         txpow2 = sc->txpow2[i];
 2466         if (chan > 14) {
 2467                 if (txpow1 >= 0)
 2468                         txpow1 = txpow1 << 1 | 1;
 2469                 else
 2470                         txpow1 = (7 + txpow1) << 1;
 2471                 if (txpow2 >= 0)
 2472                         txpow2 = txpow2 << 1 | 1;
 2473                 else
 2474                         txpow2 = (7 + txpow2) << 1;
 2475         }
 2476         r3 = rfprog[i].r3 | txpow1 << 7;
 2477         r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
 2478 
 2479         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2480         rt2860_rf_write(sc, RT2860_RF2, r2);
 2481         rt2860_rf_write(sc, RT2860_RF3, r3);
 2482         rt2860_rf_write(sc, RT2860_RF4, r4);
 2483 
 2484         DELAY(200);
 2485 
 2486         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2487         rt2860_rf_write(sc, RT2860_RF2, r2);
 2488         rt2860_rf_write(sc, RT2860_RF3, r3 | 1);
 2489         rt2860_rf_write(sc, RT2860_RF4, r4);
 2490 
 2491         DELAY(200);
 2492 
 2493         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2494         rt2860_rf_write(sc, RT2860_RF2, r2);
 2495         rt2860_rf_write(sc, RT2860_RF3, r3);
 2496         rt2860_rf_write(sc, RT2860_RF4, r4);
 2497 }
 2498 
 2499 static void
 2500 rt3090_set_chan(struct rt2860_softc *sc, u_int chan)
 2501 {
 2502         int8_t txpow1, txpow2;
 2503         uint8_t rf;
 2504         int i;
 2505 
 2506         /* RT3090 is 2GHz only */
 2507         KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
 2508 
 2509         /* find the settings for this channel (we know it exists) */
 2510         for (i = 0; rt2860_rf2850[i].chan != chan; i++);
 2511 
 2512         /* use Tx power values from EEPROM */
 2513         txpow1 = sc->txpow1[i];
 2514         txpow2 = sc->txpow2[i];
 2515 
 2516         rt3090_rf_write(sc, 2, rt3090_freqs[i].n);
 2517         rf = rt3090_rf_read(sc, 3);
 2518         rf = (rf & ~0x0f) | rt3090_freqs[i].k;
 2519         rt3090_rf_write(sc, 3, rf);
 2520         rf = rt3090_rf_read(sc, 6);
 2521         rf = (rf & ~0x03) | rt3090_freqs[i].r;
 2522         rt3090_rf_write(sc, 6, rf);
 2523 
 2524         /* set Tx0 power */
 2525         rf = rt3090_rf_read(sc, 12);
 2526         rf = (rf & ~0x1f) | txpow1;
 2527         rt3090_rf_write(sc, 12, rf);
 2528 
 2529         /* set Tx1 power */
 2530         rf = rt3090_rf_read(sc, 13);
 2531         rf = (rf & ~0x1f) | txpow2;
 2532         rt3090_rf_write(sc, 13, rf);
 2533 
 2534         rf = rt3090_rf_read(sc, 1);
 2535         rf &= ~0xfc;
 2536         if (sc->ntxchains == 1)
 2537                 rf |= RT3070_TX1_PD | RT3070_TX2_PD;
 2538         else if (sc->ntxchains == 2)
 2539                 rf |= RT3070_TX2_PD;
 2540         if (sc->nrxchains == 1)
 2541                 rf |= RT3070_RX1_PD | RT3070_RX2_PD;
 2542         else if (sc->nrxchains == 2)
 2543                 rf |= RT3070_RX2_PD;
 2544         rt3090_rf_write(sc, 1, rf);
 2545 
 2546         /* set RF offset */
 2547         rf = rt3090_rf_read(sc, 23);
 2548         rf = (rf & ~0x7f) | sc->freq;
 2549         rt3090_rf_write(sc, 23, rf);
 2550 
 2551         /* program RF filter */
 2552         rf = rt3090_rf_read(sc, 24);    /* Tx */
 2553         rf = (rf & ~0x3f) | sc->rf24_20mhz;
 2554         rt3090_rf_write(sc, 24, rf);
 2555         rf = rt3090_rf_read(sc, 31);    /* Rx */
 2556         rf = (rf & ~0x3f) | sc->rf24_20mhz;
 2557         rt3090_rf_write(sc, 31, rf);
 2558 
 2559         /* enable RF tuning */
 2560         rf = rt3090_rf_read(sc, 7);
 2561         rt3090_rf_write(sc, 7, rf | RT3070_TUNE);
 2562 }
 2563 
 2564 static int
 2565 rt3090_rf_init(struct rt2860_softc *sc)
 2566 {
 2567 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 2568         uint32_t tmp;
 2569         uint8_t rf, bbp;
 2570         int i;
 2571 
 2572         rf = rt3090_rf_read(sc, 30);
 2573         /* toggle RF R30 bit 7 */
 2574         rt3090_rf_write(sc, 30, rf | 0x80);
 2575         DELAY(1000);
 2576         rt3090_rf_write(sc, 30, rf & ~0x80);
 2577 
 2578         tmp = RAL_READ(sc, RT3070_LDO_CFG0);
 2579         tmp &= ~0x1f000000;
 2580         if (sc->patch_dac && sc->mac_rev < 0x0211)
 2581                 tmp |= 0x0d000000;      /* 1.35V */
 2582         else
 2583                 tmp |= 0x01000000;      /* 1.2V */
 2584         RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
 2585 
 2586         /* patch LNA_PE_G1 */
 2587         tmp = RAL_READ(sc, RT3070_GPIO_SWITCH);
 2588         RAL_WRITE(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
 2589 
 2590         /* initialize RF registers to default value */
 2591         for (i = 0; i < N(rt3090_def_rf); i++) {
 2592                 rt3090_rf_write(sc, rt3090_def_rf[i].reg,
 2593                     rt3090_def_rf[i].val);
 2594         }
 2595 
 2596         /* select 20MHz bandwidth */
 2597         rt3090_rf_write(sc, 31, 0x14);
 2598 
 2599         rf = rt3090_rf_read(sc, 6);
 2600         rt3090_rf_write(sc, 6, rf | 0x40);
 2601 
 2602         if (sc->mac_ver != 0x3593) {
 2603                 /* calibrate filter for 20MHz bandwidth */
 2604                 sc->rf24_20mhz = 0x1f;  /* default value */
 2605                 rt3090_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz);
 2606 
 2607                 /* select 40MHz bandwidth */
 2608                 bbp = rt2860_mcu_bbp_read(sc, 4);
 2609                 rt2860_mcu_bbp_write(sc, 4, (bbp & ~0x08) | 0x10);
 2610                 rf = rt3090_rf_read(sc, 31);
 2611                 rt3090_rf_write(sc, 31, rf | 0x20);
 2612 
 2613                 /* calibrate filter for 40MHz bandwidth */
 2614                 sc->rf24_40mhz = 0x2f;  /* default value */
 2615                 rt3090_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz);
 2616 
 2617                 /* go back to 20MHz bandwidth */
 2618                 bbp = rt2860_mcu_bbp_read(sc, 4);
 2619                 rt2860_mcu_bbp_write(sc, 4, bbp & ~0x18);
 2620         }
 2621         if (sc->mac_rev < 0x0211)
 2622                 rt3090_rf_write(sc, 27, 0x03);
 2623 
 2624         tmp = RAL_READ(sc, RT3070_OPT_14);
 2625         RAL_WRITE(sc, RT3070_OPT_14, tmp | 1);
 2626 
 2627         if (sc->rf_rev == RT3070_RF_3020)
 2628                 rt3090_set_rx_antenna(sc, 0);
 2629 
 2630         bbp = rt2860_mcu_bbp_read(sc, 138);
 2631         if (sc->mac_ver == 0x3593) {
 2632                 if (sc->ntxchains == 1)
 2633                         bbp |= 0x60;    /* turn off DAC1 and DAC2 */
 2634                 else if (sc->ntxchains == 2)
 2635                         bbp |= 0x40;    /* turn off DAC2 */
 2636                 if (sc->nrxchains == 1)
 2637                         bbp &= ~0x06;   /* turn off ADC1 and ADC2 */
 2638                 else if (sc->nrxchains == 2)
 2639                         bbp &= ~0x04;   /* turn off ADC2 */
 2640         } else {
 2641                 if (sc->ntxchains == 1)
 2642                         bbp |= 0x20;    /* turn off DAC1 */
 2643                 if (sc->nrxchains == 1)
 2644                         bbp &= ~0x02;   /* turn off ADC1 */
 2645         }
 2646         rt2860_mcu_bbp_write(sc, 138, bbp);
 2647 
 2648         rf = rt3090_rf_read(sc, 1);
 2649         rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
 2650         rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
 2651         rt3090_rf_write(sc, 1, rf);
 2652 
 2653         rf = rt3090_rf_read(sc, 15);
 2654         rt3090_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
 2655 
 2656         rf = rt3090_rf_read(sc, 17);
 2657         rf &= ~RT3070_TX_LO1;
 2658         if (sc->mac_rev >= 0x0211 && !sc->ext_2ghz_lna)
 2659                 rf |= 0x20;     /* fix for long range Rx issue */
 2660         if (sc->txmixgain_2ghz >= 2)
 2661                 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
 2662         rt3090_rf_write(sc, 17, rf);
 2663 
 2664         rf = rt3090_rf_read(sc, 20);
 2665         rt3090_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
 2666 
 2667         rf = rt3090_rf_read(sc, 21);
 2668         rt3090_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
 2669 
 2670         return 0;
 2671 #undef N
 2672 }
 2673 
 2674 void
 2675 rt3090_rf_wakeup(struct rt2860_softc *sc)
 2676 {
 2677         uint32_t tmp;
 2678         uint8_t rf;
 2679 
 2680         if (sc->mac_ver == 0x3593) {
 2681                 /* enable VCO */
 2682                 rf = rt3090_rf_read(sc, 1);
 2683                 rt3090_rf_write(sc, 1, rf | RT3593_VCO);
 2684 
 2685                 /* initiate VCO calibration */
 2686                 rf = rt3090_rf_read(sc, 3);
 2687                 rt3090_rf_write(sc, 3, rf | RT3593_VCOCAL);
 2688 
 2689                 /* enable VCO bias current control */
 2690                 rf = rt3090_rf_read(sc, 6);
 2691                 rt3090_rf_write(sc, 6, rf | RT3593_VCO_IC);
 2692 
 2693                 /* initiate res calibration */
 2694                 rf = rt3090_rf_read(sc, 2);
 2695                 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
 2696 
 2697                 /* set reference current control to 0.33 mA */
 2698                 rf = rt3090_rf_read(sc, 22);
 2699                 rf &= ~RT3593_CP_IC_MASK;
 2700                 rf |= 1 << RT3593_CP_IC_SHIFT;
 2701                 rt3090_rf_write(sc, 22, rf);
 2702 
 2703                 /* enable RX CTB */
 2704                 rf = rt3090_rf_read(sc, 46);
 2705                 rt3090_rf_write(sc, 46, rf | RT3593_RX_CTB);
 2706 
 2707                 rf = rt3090_rf_read(sc, 20);
 2708                 rf &= ~(RT3593_LDO_RF_VC_MASK | RT3593_LDO_PLL_VC_MASK);
 2709                 rt3090_rf_write(sc, 20, rf);
 2710         } else {
 2711                 /* enable RF block */
 2712                 rf = rt3090_rf_read(sc, 1);
 2713                 rt3090_rf_write(sc, 1, rf | RT3070_RF_BLOCK);
 2714 
 2715                 /* enable VCO bias current control */
 2716                 rf = rt3090_rf_read(sc, 7);
 2717                 rt3090_rf_write(sc, 7, rf | 0x30);
 2718 
 2719                 rf = rt3090_rf_read(sc, 9);
 2720                 rt3090_rf_write(sc, 9, rf | 0x0e);
 2721 
 2722                 /* enable RX CTB */
 2723                 rf = rt3090_rf_read(sc, 21);
 2724                 rt3090_rf_write(sc, 21, rf | RT3070_RX_CTB);
 2725 
 2726                 /* fix Tx to Rx IQ glitch by raising RF voltage */
 2727                 rf = rt3090_rf_read(sc, 27);
 2728                 rf &= ~0x77;
 2729                 if (sc->mac_rev < 0x0211)
 2730                         rf |= 0x03;
 2731                 rt3090_rf_write(sc, 27, rf);
 2732         }
 2733         if (sc->patch_dac && sc->mac_rev < 0x0211) {
 2734                 tmp = RAL_READ(sc, RT3070_LDO_CFG0);
 2735                 tmp = (tmp & ~0x1f000000) | 0x0d000000;
 2736                 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
 2737         }
 2738 }
 2739 
 2740 int
 2741 rt3090_filter_calib(struct rt2860_softc *sc, uint8_t init, uint8_t target,
 2742     uint8_t *val)
 2743 {
 2744         uint8_t rf22, rf24;
 2745         uint8_t bbp55_pb, bbp55_sb, delta;
 2746         int ntries;
 2747 
 2748         /* program filter */
 2749         rf24 = rt3090_rf_read(sc, 24);
 2750         rf24 = (rf24 & 0xc0) | init;    /* initial filter value */
 2751         rt3090_rf_write(sc, 24, rf24);
 2752 
 2753         /* enable baseband loopback mode */
 2754         rf22 = rt3090_rf_read(sc, 22);
 2755         rt3090_rf_write(sc, 22, rf22 | RT3070_BB_LOOPBACK);
 2756 
 2757         /* set power and frequency of passband test tone */
 2758         rt2860_mcu_bbp_write(sc, 24, 0x00);
 2759         for (ntries = 0; ntries < 100; ntries++) {
 2760                 /* transmit test tone */
 2761                 rt2860_mcu_bbp_write(sc, 25, 0x90);
 2762                 DELAY(1000);
 2763                 /* read received power */
 2764                 bbp55_pb = rt2860_mcu_bbp_read(sc, 55);
 2765                 if (bbp55_pb != 0)
 2766                         break;
 2767         }
 2768         if (ntries == 100)
 2769                 return ETIMEDOUT;
 2770 
 2771         /* set power and frequency of stopband test tone */
 2772         rt2860_mcu_bbp_write(sc, 24, 0x06);
 2773         for (ntries = 0; ntries < 100; ntries++) {
 2774                 /* transmit test tone */
 2775                 rt2860_mcu_bbp_write(sc, 25, 0x90);
 2776                 DELAY(1000);
 2777                 /* read received power */
 2778                 bbp55_sb = rt2860_mcu_bbp_read(sc, 55);
 2779 
 2780                 delta = bbp55_pb - bbp55_sb;
 2781                 if (delta > target)
 2782                         break;
 2783 
 2784                 /* reprogram filter */
 2785                 rf24++;
 2786                 rt3090_rf_write(sc, 24, rf24);
 2787         }
 2788         if (ntries < 100) {
 2789                 if (rf24 != init)
 2790                         rf24--; /* backtrack */
 2791                 *val = rf24;
 2792                 rt3090_rf_write(sc, 24, rf24);
 2793         }
 2794 
 2795         /* restore initial state */
 2796         rt2860_mcu_bbp_write(sc, 24, 0x00);
 2797 
 2798         /* disable baseband loopback mode */
 2799         rf22 = rt3090_rf_read(sc, 22);
 2800         rt3090_rf_write(sc, 22, rf22 & ~RT3070_BB_LOOPBACK);
 2801 
 2802         return 0;
 2803 }
 2804 
 2805 static void
 2806 rt3090_rf_setup(struct rt2860_softc *sc)
 2807 {
 2808         uint8_t bbp;
 2809         int i;
 2810 
 2811         if (sc->mac_rev >= 0x0211) {
 2812                 /* enable DC filter */
 2813                 rt2860_mcu_bbp_write(sc, 103, 0xc0);
 2814 
 2815                 /* improve power consumption */
 2816                 bbp = rt2860_mcu_bbp_read(sc, 31);
 2817                 rt2860_mcu_bbp_write(sc, 31, bbp & ~0x03);
 2818         }
 2819 
 2820         RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
 2821         if (sc->mac_rev < 0x0211) {
 2822                 RAL_WRITE(sc, RT2860_TX_SW_CFG2,
 2823                     sc->patch_dac ? 0x2c : 0x0f);
 2824         } else
 2825                 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
 2826 
 2827         /* initialize RF registers from ROM */
 2828         for (i = 0; i < 10; i++) {
 2829                 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
 2830                         continue;
 2831                 rt3090_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
 2832         }
 2833 }
 2834 
 2835 static void
 2836 rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
 2837 {
 2838         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
 2839             which | (sc->leds & 0x7f), 0);
 2840 }
 2841 
 2842 /*
 2843  * Hardware has a general-purpose programmable timer interrupt that can
 2844  * periodically raise MAC_INT_4.
 2845  */
 2846 static void
 2847 rt2860_set_gp_timer(struct rt2860_softc *sc, int ms)
 2848 {
 2849         uint32_t tmp;
 2850 
 2851         /* disable GP timer before reprogramming it */
 2852         tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
 2853         RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp & ~RT2860_GP_TIMER_EN);
 2854 
 2855         if (ms == 0)
 2856                 return;
 2857 
 2858         tmp = RAL_READ(sc, RT2860_INT_TIMER_CFG);
 2859         ms *= 16;       /* Unit: 64us */
 2860         tmp = (tmp & 0xffff) | ms << RT2860_GP_TIMER_SHIFT;
 2861         RAL_WRITE(sc, RT2860_INT_TIMER_CFG, tmp);
 2862 
 2863         /* enable GP timer */
 2864         tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
 2865         RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp | RT2860_GP_TIMER_EN);
 2866 }
 2867 
 2868 static void
 2869 rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
 2870 {
 2871         RAL_WRITE(sc, RT2860_MAC_BSSID_DW0,
 2872             bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
 2873         RAL_WRITE(sc, RT2860_MAC_BSSID_DW1,
 2874             bssid[4] | bssid[5] << 8);
 2875 }
 2876 
 2877 static void
 2878 rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
 2879 {
 2880         RAL_WRITE(sc, RT2860_MAC_ADDR_DW0,
 2881             addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
 2882         RAL_WRITE(sc, RT2860_MAC_ADDR_DW1,
 2883             addr[4] | addr[5] << 8 | 0xff << 16);
 2884 }
 2885 
 2886 static void
 2887 rt2860_updateslot(struct ifnet *ifp)
 2888 {
 2889         struct rt2860_softc *sc = ifp->if_softc;
 2890         struct ieee80211com *ic = ifp->if_l2com;
 2891         uint32_t tmp;
 2892 
 2893         tmp = RAL_READ(sc, RT2860_BKOFF_SLOT_CFG);
 2894         tmp &= ~0xff;
 2895         tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
 2896         RAL_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
 2897 }
 2898 
 2899 static void
 2900 rt2860_updateprot(struct ifnet *ifp)
 2901 {
 2902         struct rt2860_softc *sc = ifp->if_softc;
 2903         struct ieee80211com *ic = ifp->if_l2com;
 2904         uint32_t tmp;
 2905 
 2906         tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
 2907         /* setup protection frame rate (MCS code) */
 2908         tmp |= IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ?
 2909             rt2860_rates[RT2860_RIDX_OFDM6].mcs :
 2910             rt2860_rates[RT2860_RIDX_CCK11].mcs;
 2911 
 2912         /* CCK frames don't require protection */
 2913         RAL_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
 2914 
 2915         if (ic->ic_flags & IEEE80211_F_USEPROT) {
 2916                 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
 2917                         tmp |= RT2860_PROT_CTRL_RTS_CTS;
 2918                 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
 2919                         tmp |= RT2860_PROT_CTRL_CTS;
 2920         }
 2921         RAL_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
 2922 }
 2923 
 2924 static void
 2925 rt2860_update_promisc(struct ifnet *ifp)
 2926 {
 2927         struct rt2860_softc *sc = ifp->if_softc;
 2928         uint32_t tmp;
 2929 
 2930         tmp = RAL_READ(sc, RT2860_RX_FILTR_CFG);
 2931         tmp &= ~RT2860_DROP_NOT_MYBSS;
 2932         if (!(ifp->if_flags & IFF_PROMISC))
 2933                 tmp |= RT2860_DROP_NOT_MYBSS;
 2934         RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
 2935 }
 2936 
 2937 static int
 2938 rt2860_updateedca(struct ieee80211com *ic)
 2939 {
 2940         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
 2941         const struct wmeParams *wmep;
 2942         int aci;
 2943 
 2944         wmep = ic->ic_wme.wme_chanParams.cap_wmeParams;
 2945 
 2946         /* update MAC TX configuration registers */
 2947         for (aci = 0; aci < WME_NUM_AC; aci++) {
 2948                 RAL_WRITE(sc, RT2860_EDCA_AC_CFG(aci),
 2949                     wmep[aci].wmep_logcwmax << 16 |
 2950                     wmep[aci].wmep_logcwmin << 12 |
 2951                     wmep[aci].wmep_aifsn  <<  8 |
 2952                     wmep[aci].wmep_txopLimit);
 2953         }
 2954 
 2955         /* update SCH/DMA registers too */
 2956         RAL_WRITE(sc, RT2860_WMM_AIFSN_CFG,
 2957             wmep[WME_AC_VO].wmep_aifsn  << 12 |
 2958             wmep[WME_AC_VI].wmep_aifsn  <<  8 |
 2959             wmep[WME_AC_BK].wmep_aifsn  <<  4 |
 2960             wmep[WME_AC_BE].wmep_aifsn);
 2961         RAL_WRITE(sc, RT2860_WMM_CWMIN_CFG,
 2962             wmep[WME_AC_VO].wmep_logcwmin << 12 |
 2963             wmep[WME_AC_VI].wmep_logcwmin <<  8 |
 2964             wmep[WME_AC_BK].wmep_logcwmin <<  4 |
 2965             wmep[WME_AC_BE].wmep_logcwmin);
 2966         RAL_WRITE(sc, RT2860_WMM_CWMAX_CFG,
 2967             wmep[WME_AC_VO].wmep_logcwmax << 12 |
 2968             wmep[WME_AC_VI].wmep_logcwmax <<  8 |
 2969             wmep[WME_AC_BK].wmep_logcwmax <<  4 |
 2970             wmep[WME_AC_BE].wmep_logcwmax);
 2971         RAL_WRITE(sc, RT2860_WMM_TXOP0_CFG,
 2972             wmep[WME_AC_BK].wmep_txopLimit << 16 |
 2973             wmep[WME_AC_BE].wmep_txopLimit);
 2974         RAL_WRITE(sc, RT2860_WMM_TXOP1_CFG,
 2975             wmep[WME_AC_VO].wmep_txopLimit << 16 |
 2976             wmep[WME_AC_VI].wmep_txopLimit);
 2977 
 2978         return 0;
 2979 }
 2980 
 2981 #ifdef HW_CRYPTO
 2982 static int
 2983 rt2860_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 2984     struct ieee80211_key *k)
 2985 {
 2986         struct rt2860_softc *sc = ic->ic_softc;
 2987         bus_size_t base;
 2988         uint32_t attr;
 2989         uint8_t mode, wcid, iv[8];
 2990 
 2991         /* defer setting of WEP keys until interface is brought up */
 2992         if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
 2993             (IFF_UP | IFF_RUNNING))
 2994                 return 0;
 2995 
 2996         /* map net80211 cipher to RT2860 security mode */
 2997         switch (k->k_cipher) {
 2998         case IEEE80211_CIPHER_WEP40:
 2999                 mode = RT2860_MODE_WEP40;
 3000                 break;
 3001         case IEEE80211_CIPHER_WEP104:
 3002                 mode = RT2860_MODE_WEP104;
 3003                 break;
 3004         case IEEE80211_CIPHER_TKIP:
 3005                 mode = RT2860_MODE_TKIP;
 3006                 break;
 3007         case IEEE80211_CIPHER_CCMP:
 3008                 mode = RT2860_MODE_AES_CCMP;
 3009                 break;
 3010         default:
 3011                 return EINVAL;
 3012         }
 3013 
 3014         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3015                 wcid = 0;       /* NB: update WCID0 for group keys */
 3016                 base = RT2860_SKEY(0, k->k_id);
 3017         } else {
 3018                 wcid = ((struct rt2860_node *)ni)->wcid;
 3019                 base = RT2860_PKEY(wcid);
 3020         }
 3021 
 3022         if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
 3023                 RAL_WRITE_REGION_1(sc, base, k->k_key, 16);
 3024 #ifndef IEEE80211_STA_ONLY
 3025                 if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
 3026                         RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[16], 8);
 3027                         RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[24], 8);
 3028                 } else
 3029 #endif
 3030                 {
 3031                         RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[24], 8);
 3032                         RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[16], 8);
 3033                 }
 3034         } else
 3035                 RAL_WRITE_REGION_1(sc, base, k->k_key, k->k_len);
 3036 
 3037         if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
 3038             (k->k_flags & IEEE80211_KEY_TX)) {
 3039                 /* set initial packet number in IV+EIV */
 3040                 if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
 3041                     k->k_cipher == IEEE80211_CIPHER_WEP104) {
 3042                         uint32_t val = arc4random();
 3043                         /* skip weak IVs from Fluhrer/Mantin/Shamir */
 3044                         if (val >= 0x03ff00 && (val & 0xf8ff00) == 0x00ff00)
 3045                                 val += 0x000100;
 3046                         iv[0] = val;
 3047                         iv[1] = val >> 8;
 3048                         iv[2] = val >> 16;
 3049                         iv[3] = k->k_id << 6;
 3050                         iv[4] = iv[5] = iv[6] = iv[7] = 0;
 3051                 } else {
 3052                         if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
 3053                                 iv[0] = k->k_tsc >> 8;
 3054                                 iv[1] = (iv[0] | 0x20) & 0x7f;
 3055                                 iv[2] = k->k_tsc;
 3056                         } else /* CCMP */ {
 3057                                 iv[0] = k->k_tsc;
 3058                                 iv[1] = k->k_tsc >> 8;
 3059                                 iv[2] = 0;
 3060                         }
 3061                         iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
 3062                         iv[4] = k->k_tsc >> 16;
 3063                         iv[5] = k->k_tsc >> 24;
 3064                         iv[6] = k->k_tsc >> 32;
 3065                         iv[7] = k->k_tsc >> 40;
 3066                 }
 3067                 RAL_WRITE_REGION_1(sc, RT2860_IVEIV(wcid), iv, 8);
 3068         }
 3069 
 3070         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3071                 /* install group key */
 3072                 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
 3073                 attr &= ~(0xf << (k->k_id * 4));
 3074                 attr |= mode << (k->k_id * 4);
 3075                 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
 3076         } else {
 3077                 /* install pairwise key */
 3078                 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
 3079                 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
 3080                 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
 3081         }
 3082         return 0;
 3083 }
 3084 
 3085 static void
 3086 rt2860_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 3087     struct ieee80211_key *k)
 3088 {
 3089         struct rt2860_softc *sc = ic->ic_softc;
 3090         uint32_t attr;
 3091         uint8_t wcid;
 3092 
 3093         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3094                 /* remove group key */
 3095                 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
 3096                 attr &= ~(0xf << (k->k_id * 4));
 3097                 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
 3098 
 3099         } else {
 3100                 /* remove pairwise key */
 3101                 wcid = ((struct rt2860_node *)ni)->wcid;
 3102                 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
 3103                 attr &= ~0xf;
 3104                 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
 3105         }
 3106 }
 3107 #endif
 3108 
 3109 static int8_t
 3110 rt2860_rssi2dbm(struct rt2860_softc *sc, uint8_t rssi, uint8_t rxchain)
 3111 {
 3112         struct ifnet *ifp = sc->sc_ifp;
 3113         struct ieee80211com *ic = ifp->if_l2com;
 3114         struct ieee80211_channel *c = ic->ic_curchan;
 3115         int delta;
 3116 
 3117         if (IEEE80211_IS_CHAN_5GHZ(c)) {
 3118                 u_int chan = ieee80211_chan2ieee(ic, c);
 3119                 delta = sc->rssi_5ghz[rxchain];
 3120 
 3121                 /* determine channel group */
 3122                 if (chan <= 64)
 3123                         delta -= sc->lna[1];
 3124                 else if (chan <= 128)
 3125                         delta -= sc->lna[2];
 3126                 else
 3127                         delta -= sc->lna[3];
 3128         } else
 3129                 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
 3130 
 3131         return -12 - delta - rssi;
 3132 }
 3133 
 3134 /*
 3135  * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
 3136  * Used to adjust per-rate Tx power registers.
 3137  */
 3138 static __inline uint32_t
 3139 b4inc(uint32_t b32, int8_t delta)
 3140 {
 3141         int8_t i, b4;
 3142 
 3143         for (i = 0; i < 8; i++) {
 3144                 b4 = b32 & 0xf;
 3145                 b4 += delta;
 3146                 if (b4 < 0)
 3147                         b4 = 0;
 3148                 else if (b4 > 0xf)
 3149                         b4 = 0xf;
 3150                 b32 = b32 >> 4 | b4 << 28;
 3151         }
 3152         return b32;
 3153 }
 3154 
 3155 static const char *
 3156 rt2860_get_rf(uint8_t rev)
 3157 {
 3158         switch (rev) {
 3159         case RT2860_RF_2820:    return "RT2820";
 3160         case RT2860_RF_2850:    return "RT2850";
 3161         case RT2860_RF_2720:    return "RT2720";
 3162         case RT2860_RF_2750:    return "RT2750";
 3163         case RT3070_RF_3020:    return "RT3020";
 3164         case RT3070_RF_2020:    return "RT2020";
 3165         case RT3070_RF_3021:    return "RT3021";
 3166         case RT3070_RF_3022:    return "RT3022";
 3167         case RT3070_RF_3052:    return "RT3052";
 3168         case RT3070_RF_3320:    return "RT3320";
 3169         case RT3070_RF_3053:    return "RT3053";
 3170         default:                return "unknown";
 3171         }
 3172 }
 3173 
 3174 static int
 3175 rt2860_read_eeprom(struct rt2860_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
 3176 {
 3177         int8_t delta_2ghz, delta_5ghz;
 3178         uint32_t tmp;
 3179         uint16_t val;
 3180         int ridx, ant, i;
 3181 
 3182         /* check whether the ROM is eFUSE ROM or EEPROM */
 3183         sc->sc_srom_read = rt2860_eeprom_read_2;
 3184         if (sc->mac_ver >= 0x3071) {
 3185                 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
 3186                 DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp));
 3187                 if (tmp & RT3070_SEL_EFUSE)
 3188                         sc->sc_srom_read = rt3090_efuse_read_2;
 3189         }
 3190 
 3191         /* read EEPROM version */
 3192         val = rt2860_srom_read(sc, RT2860_EEPROM_VERSION);
 3193         DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8));
 3194 
 3195         /* read MAC address */
 3196         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC01);
 3197         macaddr[0] = val & 0xff;
 3198         macaddr[1] = val >> 8;
 3199         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC23);
 3200         macaddr[2] = val & 0xff;
 3201         macaddr[3] = val >> 8;
 3202         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC45);
 3203         macaddr[4] = val & 0xff;
 3204         macaddr[5] = val >> 8;
 3205 
 3206         /* read country code */
 3207         val = rt2860_srom_read(sc, RT2860_EEPROM_COUNTRY);
 3208         DPRINTF(("EEPROM region code=0x%04x\n", val));
 3209 
 3210         /* read vendor BBP settings */
 3211         for (i = 0; i < 8; i++) {
 3212                 val = rt2860_srom_read(sc, RT2860_EEPROM_BBP_BASE + i);
 3213                 sc->bbp[i].val = val & 0xff;
 3214                 sc->bbp[i].reg = val >> 8;
 3215                 DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val));
 3216         }
 3217         if (sc->mac_ver >= 0x3071) {
 3218                 /* read vendor RF settings */
 3219                 for (i = 0; i < 10; i++) {
 3220                         val = rt2860_srom_read(sc, RT3071_EEPROM_RF_BASE + i);
 3221                         sc->rf[i].val = val & 0xff;
 3222                         sc->rf[i].reg = val >> 8;
 3223                         DPRINTF(("RF%d=0x%02x\n", sc->rf[i].reg,
 3224                             sc->rf[i].val));
 3225                 }
 3226         }
 3227 
 3228         /* read RF frequency offset from EEPROM */
 3229         val = rt2860_srom_read(sc, RT2860_EEPROM_FREQ_LEDS);
 3230         sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
 3231         DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff));
 3232         if ((val >> 8) != 0xff) {
 3233                 /* read LEDs operating mode */
 3234                 sc->leds = val >> 8;
 3235                 sc->led[0] = rt2860_srom_read(sc, RT2860_EEPROM_LED1);
 3236                 sc->led[1] = rt2860_srom_read(sc, RT2860_EEPROM_LED2);
 3237                 sc->led[2] = rt2860_srom_read(sc, RT2860_EEPROM_LED3);
 3238         } else {
 3239                 /* broken EEPROM, use default settings */
 3240                 sc->leds = 0x01;
 3241                 sc->led[0] = 0x5555;
 3242                 sc->led[1] = 0x2221;
 3243                 sc->led[2] = 0xa9f8;
 3244         }
 3245         DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
 3246             sc->leds, sc->led[0], sc->led[1], sc->led[2]));
 3247 
 3248         /* read RF information */
 3249         val = rt2860_srom_read(sc, RT2860_EEPROM_ANTENNA);
 3250         if (val == 0xffff) {
 3251                 DPRINTF(("invalid EEPROM antenna info, using default\n"));
 3252                 if (sc->mac_ver == 0x3593) {
 3253                         /* default to RF3053 3T3R */
 3254                         sc->rf_rev = RT3070_RF_3053;
 3255                         sc->ntxchains = 3;
 3256                         sc->nrxchains = 3;
 3257                 } else if (sc->mac_ver >= 0x3071) {
 3258                         /* default to RF3020 1T1R */
 3259                         sc->rf_rev = RT3070_RF_3020;
 3260                         sc->ntxchains = 1;
 3261                         sc->nrxchains = 1;
 3262                 } else {
 3263                         /* default to RF2820 1T2R */
 3264                         sc->rf_rev = RT2860_RF_2820;
 3265                         sc->ntxchains = 1;
 3266                         sc->nrxchains = 2;
 3267                 }
 3268         } else {
 3269                 sc->rf_rev = (val >> 8) & 0xf;
 3270                 sc->ntxchains = (val >> 4) & 0xf;
 3271                 sc->nrxchains = val & 0xf;
 3272         }
 3273         DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
 3274             sc->rf_rev, sc->ntxchains, sc->nrxchains));
 3275 
 3276         /* check if RF supports automatic Tx access gain control */
 3277         val = rt2860_srom_read(sc, RT2860_EEPROM_CONFIG);
 3278         DPRINTF(("EEPROM CFG 0x%04x\n", val));
 3279         /* check if driver should patch the DAC issue */
 3280         if ((val >> 8) != 0xff)
 3281                 sc->patch_dac = (val >> 15) & 1;
 3282         if ((val & 0xff) != 0xff) {
 3283                 sc->ext_5ghz_lna = (val >> 3) & 1;
 3284                 sc->ext_2ghz_lna = (val >> 2) & 1;
 3285                 /* check if RF supports automatic Tx access gain control */
 3286                 sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */;
 3287                 /* check if we have a hardware radio switch */
 3288                 sc->rfswitch = val & 1;
 3289         }
 3290         if (sc->sc_flags & RT2860_ADVANCED_PS) {
 3291                 /* read PCIe power save level */
 3292                 val = rt2860_srom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
 3293                 if ((val & 0xff) != 0xff) {
 3294                         sc->pslevel = val & 0x3;
 3295                         val = rt2860_srom_read(sc, RT2860_EEPROM_REV);
 3296                         if ((val & 0xff80) != 0x9280)
 3297                                 sc->pslevel = MIN(sc->pslevel, 1);
 3298                         DPRINTF(("EEPROM PCIe PS Level=%d\n", sc->pslevel));
 3299                 }
 3300         }
 3301 
 3302         /* read power settings for 2GHz channels */
 3303         for (i = 0; i < 14; i += 2) {
 3304                 val = rt2860_srom_read(sc,
 3305                     RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
 3306                 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
 3307                 sc->txpow1[i + 1] = (int8_t)(val >> 8);
 3308 
 3309                 val = rt2860_srom_read(sc,
 3310                     RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
 3311                 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
 3312                 sc->txpow2[i + 1] = (int8_t)(val >> 8);
 3313         }
 3314         /* fix broken Tx power entries */
 3315         for (i = 0; i < 14; i++) {
 3316                 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
 3317                         sc->txpow1[i] = 5;
 3318                 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
 3319                         sc->txpow2[i] = 5;
 3320                 DPRINTF(("chan %d: power1=%d, power2=%d\n",
 3321                     rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]));
 3322         }
 3323         /* read power settings for 5GHz channels */
 3324         for (i = 0; i < 40; i += 2) {
 3325                 val = rt2860_srom_read(sc,
 3326                     RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
 3327                 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
 3328                 sc->txpow1[i + 15] = (int8_t)(val >> 8);
 3329 
 3330                 val = rt2860_srom_read(sc,
 3331                     RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
 3332                 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
 3333                 sc->txpow2[i + 15] = (int8_t)(val >> 8);
 3334         }
 3335         /* fix broken Tx power entries */
 3336         for (i = 0; i < 40; i++) {
 3337                 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
 3338                         sc->txpow1[14 + i] = 5;
 3339                 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
 3340                         sc->txpow2[14 + i] = 5;
 3341                 DPRINTF(("chan %d: power1=%d, power2=%d\n",
 3342                     rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
 3343                     sc->txpow2[14 + i]));
 3344         }
 3345 
 3346         /* read Tx power compensation for each Tx rate */
 3347         val = rt2860_srom_read(sc, RT2860_EEPROM_DELTAPWR);
 3348         delta_2ghz = delta_5ghz = 0;
 3349         if ((val & 0xff) != 0xff && (val & 0x80)) {
 3350                 delta_2ghz = val & 0xf;
 3351                 if (!(val & 0x40))      /* negative number */
 3352                         delta_2ghz = -delta_2ghz;
 3353         }
 3354         val >>= 8;
 3355         if ((val & 0xff) != 0xff && (val & 0x80)) {
 3356                 delta_5ghz = val & 0xf;
 3357                 if (!(val & 0x40))      /* negative number */
 3358                         delta_5ghz = -delta_5ghz;
 3359         }
 3360         DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
 3361             delta_2ghz, delta_5ghz));
 3362 
 3363         for (ridx = 0; ridx < 5; ridx++) {
 3364                 uint32_t reg;
 3365 
 3366                 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2);
 3367                 reg = val;
 3368                 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1);
 3369                 reg |= (uint32_t)val << 16;
 3370 
 3371                 sc->txpow20mhz[ridx] = reg;
 3372                 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
 3373                 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
 3374 
 3375                 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
 3376                     "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
 3377                     sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
 3378         }
 3379 
 3380         /* read factory-calibrated samples for temperature compensation */
 3381         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
 3382         sc->tssi_2ghz[0] = val & 0xff;  /* [-4] */
 3383         sc->tssi_2ghz[1] = val >> 8;    /* [-3] */
 3384         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
 3385         sc->tssi_2ghz[2] = val & 0xff;  /* [-2] */
 3386         sc->tssi_2ghz[3] = val >> 8;    /* [-1] */
 3387         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
 3388         sc->tssi_2ghz[4] = val & 0xff;  /* [+0] */
 3389         sc->tssi_2ghz[5] = val >> 8;    /* [+1] */
 3390         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
 3391         sc->tssi_2ghz[6] = val & 0xff;  /* [+2] */
 3392         sc->tssi_2ghz[7] = val >> 8;    /* [+3] */
 3393         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
 3394         sc->tssi_2ghz[8] = val & 0xff;  /* [+4] */
 3395         sc->step_2ghz = val >> 8;
 3396         DPRINTF(("TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
 3397             "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
 3398             sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
 3399             sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
 3400             sc->tssi_2ghz[8], sc->step_2ghz));
 3401         /* check that ref value is correct, otherwise disable calibration */
 3402         if (sc->tssi_2ghz[4] == 0xff)
 3403                 sc->calib_2ghz = 0;
 3404 
 3405         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
 3406         sc->tssi_5ghz[0] = val & 0xff;  /* [-4] */
 3407         sc->tssi_5ghz[1] = val >> 8;    /* [-3] */
 3408         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
 3409         sc->tssi_5ghz[2] = val & 0xff;  /* [-2] */
 3410         sc->tssi_5ghz[3] = val >> 8;    /* [-1] */
 3411         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
 3412         sc->tssi_5ghz[4] = val & 0xff;  /* [+0] */
 3413         sc->tssi_5ghz[5] = val >> 8;    /* [+1] */
 3414         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
 3415         sc->tssi_5ghz[6] = val & 0xff;  /* [+2] */
 3416         sc->tssi_5ghz[7] = val >> 8;    /* [+3] */
 3417         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
 3418         sc->tssi_5ghz[8] = val & 0xff;  /* [+4] */
 3419         sc->step_5ghz = val >> 8;
 3420         DPRINTF(("TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
 3421             "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
 3422             sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
 3423             sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
 3424             sc->tssi_5ghz[8], sc->step_5ghz));
 3425         /* check that ref value is correct, otherwise disable calibration */
 3426         if (sc->tssi_5ghz[4] == 0xff)
 3427                 sc->calib_5ghz = 0;
 3428 
 3429         /* read RSSI offsets and LNA gains from EEPROM */
 3430         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
 3431         sc->rssi_2ghz[0] = val & 0xff;  /* Ant A */
 3432         sc->rssi_2ghz[1] = val >> 8;    /* Ant B */
 3433         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
 3434         if (sc->mac_ver >= 0x3071) {
 3435                 /*
 3436                  * On RT3090 chips (limited to 2 Rx chains), this ROM
 3437                  * field contains the Tx mixer gain for the 2GHz band.
 3438                  */
 3439                 if ((val & 0xff) != 0xff)
 3440                         sc->txmixgain_2ghz = val & 0x7;
 3441                 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
 3442         } else
 3443                 sc->rssi_2ghz[2] = val & 0xff;  /* Ant C */
 3444         sc->lna[2] = val >> 8;          /* channel group 2 */
 3445 
 3446         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
 3447         sc->rssi_5ghz[0] = val & 0xff;  /* Ant A */
 3448         sc->rssi_5ghz[1] = val >> 8;    /* Ant B */
 3449         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
 3450         sc->rssi_5ghz[2] = val & 0xff;  /* Ant C */
 3451         sc->lna[3] = val >> 8;          /* channel group 3 */
 3452 
 3453         val = rt2860_srom_read(sc, RT2860_EEPROM_LNA);
 3454         if (sc->mac_ver >= 0x3071)
 3455                 sc->lna[0] = RT3090_DEF_LNA;
 3456         else                            /* channel group 0 */
 3457                 sc->lna[0] = val & 0xff;
 3458         sc->lna[1] = val >> 8;          /* channel group 1 */
 3459 
 3460         /* fix broken 5GHz LNA entries */
 3461         if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
 3462                 DPRINTF(("invalid LNA for channel group %d\n", 2));
 3463                 sc->lna[2] = sc->lna[1];
 3464         }
 3465         if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
 3466                 DPRINTF(("invalid LNA for channel group %d\n", 3));
 3467                 sc->lna[3] = sc->lna[1];
 3468         }
 3469 
 3470         /* fix broken RSSI offset entries */
 3471         for (ant = 0; ant < 3; ant++) {
 3472                 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
 3473                         DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
 3474                             ant + 1, sc->rssi_2ghz[ant]));
 3475                         sc->rssi_2ghz[ant] = 0;
 3476                 }
 3477                 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
 3478                         DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
 3479                             ant + 1, sc->rssi_5ghz[ant]));
 3480                         sc->rssi_5ghz[ant] = 0;
 3481                 }
 3482         }
 3483 
 3484         return 0;
 3485 }
 3486 
 3487 int
 3488 rt2860_bbp_init(struct rt2860_softc *sc)
 3489 {
 3490 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 3491         int i, ntries;
 3492 
 3493         /* wait for BBP to wake up */
 3494         for (ntries = 0; ntries < 20; ntries++) {
 3495                 uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
 3496                 if (bbp0 != 0 && bbp0 != 0xff)
 3497                         break;
 3498         }
 3499         if (ntries == 20) {
 3500                 device_printf(sc->sc_dev,
 3501                     "timeout waiting for BBP to wake up\n");
 3502                 return ETIMEDOUT;
 3503         }
 3504 
 3505         /* initialize BBP registers to default values */
 3506         for (i = 0; i < N(rt2860_def_bbp); i++) {
 3507                 rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
 3508                     rt2860_def_bbp[i].val);
 3509         }
 3510 
 3511         /* fix BBP84 for RT2860E */
 3512         if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
 3513                 rt2860_mcu_bbp_write(sc, 84, 0x19);
 3514 
 3515         if (sc->mac_ver >= 0x3071) {
 3516                 rt2860_mcu_bbp_write(sc, 79, 0x13);
 3517                 rt2860_mcu_bbp_write(sc, 80, 0x05);
 3518                 rt2860_mcu_bbp_write(sc, 81, 0x33);
 3519         } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
 3520                 rt2860_mcu_bbp_write(sc, 69, 0x16);
 3521                 rt2860_mcu_bbp_write(sc, 73, 0x12);
 3522         }
 3523 
 3524         return 0;
 3525 #undef N
 3526 }
 3527 
 3528 static int
 3529 rt2860_txrx_enable(struct rt2860_softc *sc)
 3530 {
 3531         struct ifnet *ifp = sc->sc_ifp;
 3532         struct ieee80211com *ic = ifp->if_l2com;
 3533         uint32_t tmp;
 3534         int ntries;
 3535 
 3536         /* enable Tx/Rx DMA engine */
 3537         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
 3538         RAL_BARRIER_READ_WRITE(sc);
 3539         for (ntries = 0; ntries < 200; ntries++) {
 3540                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3541                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3542                         break;
 3543                 DELAY(1000);
 3544         }
 3545         if (ntries == 200) {
 3546                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3547                 return ETIMEDOUT;
 3548         }
 3549 
 3550         DELAY(50);
 3551 
 3552         tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
 3553             RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
 3554         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3555 
 3556         /* set Rx filter */
 3557         tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
 3558         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
 3559                 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
 3560                     RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
 3561                     RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
 3562                     RT2860_DROP_CFACK | RT2860_DROP_CFEND;
 3563                 if (ic->ic_opmode == IEEE80211_M_STA)
 3564                         tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
 3565         }
 3566         RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
 3567 
 3568         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
 3569             RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
 3570 
 3571         return 0;
 3572 }
 3573 
 3574 static void
 3575 rt2860_init(void *arg)
 3576 {
 3577         struct rt2860_softc *sc = arg;
 3578         struct ifnet *ifp = sc->sc_ifp;
 3579         struct ieee80211com *ic = ifp->if_l2com;
 3580 
 3581         RAL_LOCK(sc);
 3582         rt2860_init_locked(sc);
 3583         RAL_UNLOCK(sc);
 3584 
 3585         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 3586                 ieee80211_start_all(ic);
 3587 }
 3588 
 3589 static void
 3590 rt2860_init_locked(struct rt2860_softc *sc)
 3591 {
 3592 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 3593         struct ifnet *ifp = sc->sc_ifp;
 3594         struct ieee80211com *ic = ifp->if_l2com;
 3595         uint32_t tmp;
 3596         uint8_t bbp1, bbp3;
 3597         int i, qid, ridx, ntries, error;
 3598 
 3599         RAL_LOCK_ASSERT(sc);
 3600 
 3601         if (sc->rfswitch) {
 3602                 /* hardware has a radio switch on GPIO pin 2 */
 3603                 if (!(RAL_READ(sc, RT2860_GPIO_CTRL) & (1 << 2))) {
 3604                         device_printf(sc->sc_dev,
 3605                             "radio is disabled by hardware switch\n");
 3606 #ifdef notyet
 3607                         rt2860_stop_locked(sc);
 3608                         return;
 3609 #endif
 3610                 }
 3611         }
 3612         RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE);
 3613 
 3614         /* disable DMA */
 3615         tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3616         tmp &= 0xff0;
 3617         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3618 
 3619         /* PBF hardware reset */
 3620         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
 3621         RAL_BARRIER_WRITE(sc);
 3622         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
 3623 
 3624         if ((error = rt2860_load_microcode(sc)) != 0) {
 3625                 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
 3626                 rt2860_stop_locked(sc);
 3627                 return;
 3628         }
 3629 
 3630         rt2860_set_macaddr(sc, IF_LLADDR(ifp));
 3631 
 3632         /* init Tx power for all Tx rates (from EEPROM) */
 3633         for (ridx = 0; ridx < 5; ridx++) {
 3634                 if (sc->txpow20mhz[ridx] == 0xffffffff)
 3635                         continue;
 3636                 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
 3637         }
 3638 
 3639         for (ntries = 0; ntries < 100; ntries++) {
 3640                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3641                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3642                         break;
 3643                 DELAY(1000);
 3644         }
 3645         if (ntries == 100) {
 3646                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3647                 rt2860_stop_locked(sc);
 3648                 return;
 3649         }
 3650         tmp &= 0xff0;
 3651         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3652 
 3653         /* reset Rx ring and all 6 Tx rings */
 3654         RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
 3655 
 3656         /* PBF hardware reset */
 3657         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
 3658         RAL_BARRIER_WRITE(sc);
 3659         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
 3660 
 3661         RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE | RT2860_IO_RF_PE);
 3662 
 3663         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
 3664         RAL_BARRIER_WRITE(sc);
 3665         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
 3666 
 3667         for (i = 0; i < N(rt2860_def_mac); i++)
 3668                 RAL_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
 3669         if (sc->mac_ver >= 0x3071) {
 3670                 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
 3671                 RAL_WRITE(sc, RT2860_TX_SW_CFG0,
 3672                     4 << RT2860_DLY_PAPE_EN_SHIFT);
 3673         }
 3674 
 3675         if (!(RAL_READ(sc, RT2860_PCI_CFG) & RT2860_PCI_CFG_PCI)) {
 3676                 sc->sc_flags |= RT2860_PCIE;
 3677                 /* PCIe has different clock cycle count than PCI */
 3678                 tmp = RAL_READ(sc, RT2860_US_CYC_CNT);
 3679                 tmp = (tmp & ~0xff) | 0x7d;
 3680                 RAL_WRITE(sc, RT2860_US_CYC_CNT, tmp);
 3681         }
 3682 
 3683         /* wait while MAC is busy */
 3684         for (ntries = 0; ntries < 100; ntries++) {
 3685                 if (!(RAL_READ(sc, RT2860_MAC_STATUS_REG) &
 3686                     (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
 3687                         break;
 3688                 DELAY(1000);
 3689         }
 3690         if (ntries == 100) {
 3691                 device_printf(sc->sc_dev, "timeout waiting for MAC\n");
 3692                 rt2860_stop_locked(sc);
 3693                 return;
 3694         }
 3695 
 3696         /* clear Host to MCU mailbox */
 3697         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
 3698         RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
 3699 
 3700         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
 3701         DELAY(1000);
 3702 
 3703         if ((error = rt2860_bbp_init(sc)) != 0) {
 3704                 rt2860_stop_locked(sc);
 3705                 return;
 3706         }
 3707 
 3708         /* clear RX WCID search table */
 3709         RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
 3710         /* clear pairwise key table */
 3711         RAL_SET_REGION_4(sc, RT2860_PKEY(0), 0, 2048);
 3712         /* clear IV/EIV table */
 3713         RAL_SET_REGION_4(sc, RT2860_IVEIV(0), 0, 512);
 3714         /* clear WCID attribute table */
 3715         RAL_SET_REGION_4(sc, RT2860_WCID_ATTR(0), 0, 256);
 3716         /* clear shared key table */
 3717         RAL_SET_REGION_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
 3718         /* clear shared key mode */
 3719         RAL_SET_REGION_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
 3720 
 3721         /* init Tx rings (4 EDCAs + HCCA + Mgt) */
 3722         for (qid = 0; qid < 6; qid++) {
 3723                 RAL_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
 3724                 RAL_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
 3725                 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
 3726         }
 3727 
 3728         /* init Rx ring */
 3729         RAL_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
 3730         RAL_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
 3731         RAL_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
 3732 
 3733         /* setup maximum buffer sizes */
 3734         RAL_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
 3735             (MCLBYTES - sizeof (struct rt2860_rxwi) - 2));
 3736 
 3737         for (ntries = 0; ntries < 100; ntries++) {
 3738                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3739                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3740                         break;
 3741                 DELAY(1000);
 3742         }
 3743         if (ntries == 100) {
 3744                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3745                 rt2860_stop_locked(sc);
 3746                 return;
 3747         }
 3748         tmp &= 0xff0;
 3749         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3750 
 3751         /* disable interrupts mitigation */
 3752         RAL_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
 3753 
 3754         /* write vendor-specific BBP values (from EEPROM) */
 3755         for (i = 0; i < 8; i++) {
 3756                 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
 3757                         continue;
 3758                 rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
 3759         }
 3760 
 3761         /* select Main antenna for 1T1R devices */
 3762         if (sc->rf_rev == RT3070_RF_2020 ||
 3763             sc->rf_rev == RT3070_RF_3020 ||
 3764             sc->rf_rev == RT3070_RF_3320)
 3765                 rt3090_set_rx_antenna(sc, 0);
 3766 
 3767         /* send LEDs operating mode to microcontroller */
 3768         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0], 0);
 3769         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1], 0);
 3770         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2], 0);
 3771 
 3772         if (sc->mac_ver >= 0x3071)
 3773                 rt3090_rf_init(sc);
 3774 
 3775         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_SLEEP, 0x02ff, 1);
 3776         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_WAKEUP, 0, 1);
 3777 
 3778         if (sc->mac_ver >= 0x3071)
 3779                 rt3090_rf_wakeup(sc);
 3780 
 3781         /* disable non-existing Rx chains */
 3782         bbp3 = rt2860_mcu_bbp_read(sc, 3);
 3783         bbp3 &= ~(1 << 3 | 1 << 4);
 3784         if (sc->nrxchains == 2)
 3785                 bbp3 |= 1 << 3;
 3786         else if (sc->nrxchains == 3)
 3787                 bbp3 |= 1 << 4;
 3788         rt2860_mcu_bbp_write(sc, 3, bbp3);
 3789 
 3790         /* disable non-existing Tx chains */
 3791         bbp1 = rt2860_mcu_bbp_read(sc, 1);
 3792         if (sc->ntxchains == 1)
 3793                 bbp1 = (bbp1 & ~(1 << 3 | 1 << 4));
 3794         else if (sc->mac_ver == 0x3593 && sc->ntxchains == 2)
 3795                 bbp1 = (bbp1 & ~(1 << 4)) | 1 << 3;
 3796         else if (sc->mac_ver == 0x3593 && sc->ntxchains == 3)
 3797                 bbp1 = (bbp1 & ~(1 << 3)) | 1 << 4;
 3798         rt2860_mcu_bbp_write(sc, 1, bbp1);
 3799 
 3800         if (sc->mac_ver >= 0x3071)
 3801                 rt3090_rf_setup(sc);
 3802 
 3803         /* select default channel */
 3804         rt2860_switch_chan(sc, ic->ic_curchan);
 3805 
 3806         /* reset RF from MCU */
 3807         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
 3808 
 3809         /* set RTS threshold */
 3810         tmp = RAL_READ(sc, RT2860_TX_RTS_CFG);
 3811         tmp &= ~0xffff00;
 3812         tmp |= IEEE80211_RTS_DEFAULT << 8;
 3813         RAL_WRITE(sc, RT2860_TX_RTS_CFG, tmp);
 3814 
 3815         /* setup initial protection mode */
 3816         rt2860_updateprot(ifp);
 3817 
 3818         /* turn radio LED on */
 3819         rt2860_set_leds(sc, RT2860_LED_RADIO);
 3820 
 3821         /* enable Tx/Rx DMA engine */
 3822         if ((error = rt2860_txrx_enable(sc)) != 0) {
 3823                 rt2860_stop_locked(sc);
 3824                 return;
 3825         }
 3826 
 3827         /* clear pending interrupts */
 3828         RAL_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
 3829         /* enable interrupts */
 3830         RAL_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
 3831 
 3832         if (sc->sc_flags & RT2860_ADVANCED_PS)
 3833                 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel, 0);
 3834 
 3835         ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
 3836         ifp->if_drv_flags |= IFF_DRV_RUNNING;
 3837 
 3838         callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
 3839 #undef N
 3840 }
 3841 
 3842 static void
 3843 rt2860_stop(void *arg)
 3844 {
 3845         struct rt2860_softc *sc = arg;
 3846 
 3847         RAL_LOCK(sc);
 3848         rt2860_stop_locked(sc);
 3849         RAL_UNLOCK(sc);
 3850 }
 3851 
 3852 static void
 3853 rt2860_stop_locked(struct rt2860_softc *sc)
 3854 {
 3855         struct ifnet *ifp = sc->sc_ifp;
 3856         uint32_t tmp;
 3857         int qid;
 3858 
 3859         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 3860                 rt2860_set_leds(sc, 0); /* turn all LEDs off */
 3861 
 3862         callout_stop(&sc->watchdog_ch);
 3863         sc->sc_tx_timer = 0;
 3864         ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
 3865 
 3866         /* disable interrupts */
 3867         RAL_WRITE(sc, RT2860_INT_MASK, 0);
 3868 
 3869         /* disable GP timer */
 3870         rt2860_set_gp_timer(sc, 0);
 3871 
 3872         /* disable Rx */
 3873         tmp = RAL_READ(sc, RT2860_MAC_SYS_CTRL);
 3874         tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
 3875         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
 3876 
 3877         /* reset adapter */
 3878         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
 3879         RAL_BARRIER_WRITE(sc);
 3880         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
 3881 
 3882         /* reset Tx and Rx rings (and reclaim TXWIs) */
 3883         sc->qfullmsk = 0;
 3884         for (qid = 0; qid < 6; qid++)
 3885                 rt2860_reset_tx_ring(sc, &sc->txq[qid]);
 3886         rt2860_reset_rx_ring(sc, &sc->rxq);
 3887 }
 3888 
 3889 int
 3890 rt2860_load_microcode(struct rt2860_softc *sc)
 3891 {
 3892         const struct firmware *fp;
 3893         int ntries, error;
 3894 
 3895         RAL_LOCK_ASSERT(sc);
 3896 
 3897         RAL_UNLOCK(sc);
 3898         fp = firmware_get("rt2860fw");
 3899         RAL_LOCK(sc);
 3900         if (fp == NULL) {
 3901                 device_printf(sc->sc_dev,
 3902                     "unable to receive rt2860fw firmware image\n");
 3903                 return EINVAL;
 3904         }
 3905 
 3906         /* set "host program ram write selection" bit */
 3907         RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
 3908         /* write microcode image */
 3909         RAL_WRITE_REGION_1(sc, RT2860_FW_BASE, fp->data, fp->datasize);
 3910         /* kick microcontroller unit */
 3911         RAL_WRITE(sc, RT2860_SYS_CTRL, 0);
 3912         RAL_BARRIER_WRITE(sc);
 3913         RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
 3914 
 3915         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
 3916         RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
 3917 
 3918         /* wait until microcontroller is ready */
 3919         RAL_BARRIER_READ_WRITE(sc);
 3920         for (ntries = 0; ntries < 1000; ntries++) {
 3921                 if (RAL_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
 3922                         break;
 3923                 DELAY(1000);
 3924         }
 3925         if (ntries == 1000) {
 3926                 device_printf(sc->sc_dev,
 3927                     "timeout waiting for MCU to initialize\n");
 3928                 error = ETIMEDOUT;
 3929         } else
 3930                 error = 0;
 3931 
 3932         firmware_put(fp, FIRMWARE_UNLOAD);
 3933         return error;
 3934 }
 3935 
 3936 /*
 3937  * This function is called periodically to adjust Tx power based on
 3938  * temperature variation.
 3939  */
 3940 #ifdef NOT_YET
 3941 static void
 3942 rt2860_calib(struct rt2860_softc *sc)
 3943 {
 3944         struct ieee80211com *ic = &sc->sc_ic;
 3945         const uint8_t *tssi;
 3946         uint8_t step, bbp49;
 3947         int8_t ridx, d;
 3948 
 3949         /* read current temperature */
 3950         bbp49 = rt2860_mcu_bbp_read(sc, 49);
 3951 
 3952         if (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan)) {
 3953                 tssi = &sc->tssi_2ghz[4];
 3954                 step = sc->step_2ghz;
 3955         } else {
 3956                 tssi = &sc->tssi_5ghz[4];
 3957                 step = sc->step_5ghz;
 3958         }
 3959 
 3960         if (bbp49 < tssi[0]) {          /* lower than reference */
 3961                 /* use higher Tx power than default */
 3962                 for (d = 0; d > -4 && bbp49 <= tssi[d - 1]; d--);
 3963         } else if (bbp49 > tssi[0]) {   /* greater than reference */
 3964                 /* use lower Tx power than default */
 3965                 for (d = 0; d < +4 && bbp49 >= tssi[d + 1]; d++);
 3966         } else {
 3967                 /* use default Tx power */
 3968                 d = 0;
 3969         }
 3970         d *= step;
 3971 
 3972         DPRINTF(("BBP49=0x%02x, adjusting Tx power by %d\n", bbp49, d));
 3973 
 3974         /* write adjusted Tx power values for each Tx rate */
 3975         for (ridx = 0; ridx < 5; ridx++) {
 3976                 if (sc->txpow20mhz[ridx] == 0xffffffff)
 3977                         continue;
 3978                 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx),
 3979                     b4inc(sc->txpow20mhz[ridx], d));
 3980         }
 3981 }
 3982 #endif
 3983 
 3984 static void
 3985 rt3090_set_rx_antenna(struct rt2860_softc *sc, int aux)
 3986 {
 3987         uint32_t tmp;
 3988 
 3989         if (aux) {
 3990                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 3991                 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C);
 3992                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 3993                 RAL_WRITE(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
 3994         } else {
 3995                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 3996                 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp | RT2860_C);
 3997                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 3998                 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
 3999         }
 4000 }
 4001 
 4002 static void
 4003 rt2860_switch_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
 4004 {
 4005         struct ifnet *ifp = sc->sc_ifp;
 4006         struct ieee80211com *ic = ifp->if_l2com;
 4007         u_int chan, group;
 4008 
 4009         chan = ieee80211_chan2ieee(ic, c);
 4010         if (chan == 0 || chan == IEEE80211_CHAN_ANY)
 4011                 return;
 4012 
 4013         if (sc->mac_ver >= 0x3071)
 4014                 rt3090_set_chan(sc, chan);
 4015         else
 4016                 rt2860_set_chan(sc, chan);
 4017 
 4018         /* determine channel group */
 4019         if (chan <= 14)
 4020                 group = 0;
 4021         else if (chan <= 64)
 4022                 group = 1;
 4023         else if (chan <= 128)
 4024                 group = 2;
 4025         else
 4026                 group = 3;
 4027 
 4028         /* XXX necessary only when group has changed! */
 4029         rt2860_select_chan_group(sc, group);
 4030 
 4031         DELAY(1000);
 4032 }
 4033 
 4034 static int
 4035 rt2860_setup_beacon(struct rt2860_softc *sc, struct ieee80211vap *vap)
 4036 {
 4037         struct ieee80211com *ic = vap->iv_ic;
 4038         struct ieee80211_beacon_offsets bo;
 4039         struct rt2860_txwi txwi;
 4040         struct mbuf *m;
 4041         int ridx;
 4042 
 4043         if ((m = ieee80211_beacon_alloc(vap->iv_bss, &bo)) == NULL)
 4044                 return ENOBUFS;
 4045 
 4046         memset(&txwi, 0, sizeof txwi);
 4047         txwi.wcid = 0xff;
 4048         txwi.len = htole16(m->m_pkthdr.len);
 4049         /* send beacons at the lowest available rate */
 4050         ridx = IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan) ?
 4051             RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
 4052         txwi.phy = htole16(rt2860_rates[ridx].mcs);
 4053         if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
 4054                 txwi.phy |= htole16(RT2860_PHY_OFDM);
 4055         txwi.txop = RT2860_TX_TXOP_HT;
 4056         txwi.flags = RT2860_TX_TS;
 4057         txwi.xflags = RT2860_TX_NSEQ;
 4058 
 4059         RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0),
 4060             (uint8_t *)&txwi, sizeof txwi);
 4061         RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0) + sizeof txwi,
 4062             mtod(m, uint8_t *), m->m_pkthdr.len);
 4063 
 4064         m_freem(m);
 4065 
 4066         return 0;
 4067 }
 4068 
 4069 static void
 4070 rt2860_enable_tsf_sync(struct rt2860_softc *sc)
 4071 {
 4072         struct ifnet *ifp = sc->sc_ifp;
 4073         struct ieee80211com *ic = ifp->if_l2com;
 4074         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 4075         uint32_t tmp;
 4076 
 4077         tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
 4078 
 4079         tmp &= ~0x1fffff;
 4080         tmp |= vap->iv_bss->ni_intval * 16;
 4081         tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
 4082         if (vap->iv_opmode == IEEE80211_M_STA) {
 4083                 /*
 4084                  * Local TSF is always updated with remote TSF on beacon
 4085                  * reception.
 4086                  */
 4087                 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
 4088         }
 4089         else if (vap->iv_opmode == IEEE80211_M_IBSS ||
 4090             vap->iv_opmode == IEEE80211_M_MBSS) {
 4091                 tmp |= RT2860_BCN_TX_EN;
 4092                 /*
 4093                  * Local TSF is updated with remote TSF on beacon reception
 4094                  * only if the remote TSF is greater than local TSF.
 4095                  */
 4096                 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
 4097         } else if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
 4098                 tmp |= RT2860_BCN_TX_EN;
 4099                 /* SYNC with nobody */
 4100                 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
 4101         }
 4102 
 4103         RAL_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
 4104 }

Cache object: e620029a57a0c00b596cb9e465ed6ba4


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.