The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/dev/ral/rt2860.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
    3  * Copyright (c) 2012 Bernhard Schmidt <bschmidt@FreeBSD.org>
    4  *
    5  * Permission to use, copy, modify, and distribute this software for any
    6  * purpose with or without fee is hereby granted, provided that the above
    7  * copyright notice and this permission notice appear in all copies.
    8  *
    9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   16  *
   17  * $OpenBSD: rt2860.c,v 1.65 2010/10/23 14:24:54 damien Exp $
   18  */
   19 
   20 #include <sys/cdefs.h>
   21 __FBSDID("$FreeBSD$");
   22 
   23 /*-
   24  * Ralink Technology RT2860/RT3090/RT3390/RT3562 chipset driver
   25  * http://www.ralinktech.com/
   26  */
   27 
   28 #include <sys/param.h>
   29 #include <sys/sysctl.h>
   30 #include <sys/sockio.h>
   31 #include <sys/mbuf.h>
   32 #include <sys/kernel.h>
   33 #include <sys/socket.h>
   34 #include <sys/systm.h>
   35 #include <sys/malloc.h>
   36 #include <sys/lock.h>
   37 #include <sys/mutex.h>
   38 #include <sys/module.h>
   39 #include <sys/bus.h>
   40 #include <sys/endian.h>
   41 #include <sys/firmware.h>
   42 
   43 #include <machine/bus.h>
   44 #include <machine/resource.h>
   45 #include <sys/rman.h>
   46 
   47 #include <net/bpf.h>
   48 #include <net/if.h>
   49 #include <net/if_arp.h>
   50 #include <net/ethernet.h>
   51 #include <net/if_dl.h>
   52 #include <net/if_media.h>
   53 #include <net/if_types.h>
   54 
   55 #include <net80211/ieee80211_var.h>
   56 #include <net80211/ieee80211_radiotap.h>
   57 #include <net80211/ieee80211_regdomain.h>
   58 #include <net80211/ieee80211_ratectl.h>
   59 
   60 #include <netinet/in.h>
   61 #include <netinet/in_systm.h>
   62 #include <netinet/in_var.h>
   63 #include <netinet/ip.h>
   64 #include <netinet/if_ether.h>
   65 
   66 #include <dev/ral/rt2860reg.h>
   67 #include <dev/ral/rt2860var.h>
   68 
   69 #define RAL_DEBUG
   70 #ifdef RAL_DEBUG
   71 #define DPRINTF(x)      do { if (sc->sc_debug > 0) printf x; } while (0)
   72 #define DPRINTFN(n, x)  do { if (sc->sc_debug >= (n)) printf x; } while (0)
   73 #else
   74 #define DPRINTF(x)
   75 #define DPRINTFN(n, x)
   76 #endif
   77 
   78 static struct ieee80211vap *rt2860_vap_create(struct ieee80211com *,
   79                             const char name[IFNAMSIZ], int unit, int opmode,
   80                             int flags, const uint8_t bssid[IEEE80211_ADDR_LEN],
   81                             const uint8_t mac[IEEE80211_ADDR_LEN]);
   82 static void     rt2860_vap_delete(struct ieee80211vap *);
   83 static void     rt2860_dma_map_addr(void *, bus_dma_segment_t *, int, int);
   84 static int      rt2860_alloc_tx_ring(struct rt2860_softc *,
   85                     struct rt2860_tx_ring *);
   86 static void     rt2860_reset_tx_ring(struct rt2860_softc *,
   87                     struct rt2860_tx_ring *);
   88 static void     rt2860_free_tx_ring(struct rt2860_softc *,
   89                     struct rt2860_tx_ring *);
   90 static int      rt2860_alloc_tx_pool(struct rt2860_softc *);
   91 static void     rt2860_free_tx_pool(struct rt2860_softc *);
   92 static int      rt2860_alloc_rx_ring(struct rt2860_softc *,
   93                     struct rt2860_rx_ring *);
   94 static void     rt2860_reset_rx_ring(struct rt2860_softc *,
   95                     struct rt2860_rx_ring *);
   96 static void     rt2860_free_rx_ring(struct rt2860_softc *,
   97                     struct rt2860_rx_ring *);
   98 static void     rt2860_updatestats(struct rt2860_softc *);
   99 static void     rt2860_newassoc(struct ieee80211_node *, int);
  100 static void     rt2860_node_free(struct ieee80211_node *);
  101 #ifdef IEEE80211_HT
  102 static int      rt2860_ampdu_rx_start(struct ieee80211com *,
  103                     struct ieee80211_node *, uint8_t);
  104 static void     rt2860_ampdu_rx_stop(struct ieee80211com *,
  105                     struct ieee80211_node *, uint8_t);
  106 #endif
  107 static int      rt2860_newstate(struct ieee80211vap *, enum ieee80211_state,
  108                     int);
  109 static uint16_t rt3090_efuse_read_2(struct rt2860_softc *, uint16_t);
  110 static uint16_t rt2860_eeprom_read_2(struct rt2860_softc *, uint16_t);
  111 static void     rt2860_intr_coherent(struct rt2860_softc *);
  112 static void     rt2860_drain_stats_fifo(struct rt2860_softc *);
  113 static void     rt2860_tx_intr(struct rt2860_softc *, int);
  114 static void     rt2860_rx_intr(struct rt2860_softc *);
  115 static void     rt2860_tbtt_intr(struct rt2860_softc *);
  116 static void     rt2860_gp_intr(struct rt2860_softc *);
  117 static int      rt2860_tx(struct rt2860_softc *, struct mbuf *,
  118                     struct ieee80211_node *);
  119 static int      rt2860_raw_xmit(struct ieee80211_node *, struct mbuf *,
  120                     const struct ieee80211_bpf_params *);
  121 static int      rt2860_tx_raw(struct rt2860_softc *, struct mbuf *,
  122                     struct ieee80211_node *,
  123                     const struct ieee80211_bpf_params *params);
  124 static void     rt2860_start(struct ifnet *);
  125 static void     rt2860_start_locked(struct ifnet *);
  126 static void     rt2860_watchdog(void *);
  127 static int      rt2860_ioctl(struct ifnet *, u_long, caddr_t);
  128 static void     rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
  129 static uint8_t  rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
  130 static void     rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
  131 static uint8_t  rt3090_rf_read(struct rt2860_softc *, uint8_t);
  132 static void     rt3090_rf_write(struct rt2860_softc *, uint8_t, uint8_t);
  133 static int      rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t, int);
  134 static void     rt2860_enable_mrr(struct rt2860_softc *);
  135 static void     rt2860_set_txpreamble(struct rt2860_softc *);
  136 static void     rt2860_set_basicrates(struct rt2860_softc *,
  137                     const struct ieee80211_rateset *);
  138 static void     rt2860_scan_start(struct ieee80211com *);
  139 static void     rt2860_scan_end(struct ieee80211com *);
  140 static void     rt2860_set_channel(struct ieee80211com *);
  141 static void     rt2860_select_chan_group(struct rt2860_softc *, int);
  142 static void     rt2860_set_chan(struct rt2860_softc *, u_int);
  143 static void     rt3090_set_chan(struct rt2860_softc *, u_int);
  144 static int      rt3090_rf_init(struct rt2860_softc *);
  145 static void     rt3090_rf_wakeup(struct rt2860_softc *);
  146 static int      rt3090_filter_calib(struct rt2860_softc *, uint8_t, uint8_t,
  147                     uint8_t *);
  148 static void     rt3090_rf_setup(struct rt2860_softc *);
  149 static void     rt2860_set_leds(struct rt2860_softc *, uint16_t);
  150 static void     rt2860_set_gp_timer(struct rt2860_softc *, int);
  151 static void     rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
  152 static void     rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
  153 static void     rt2860_update_promisc(struct ifnet *);
  154 static void     rt2860_updateslot(struct ifnet *);
  155 static void     rt2860_updateprot(struct ifnet *);
  156 static int      rt2860_updateedca(struct ieee80211com *);
  157 #ifdef HW_CRYPTO
  158 static int      rt2860_set_key(struct ieee80211com *, struct ieee80211_node *,
  159                     struct ieee80211_key *);
  160 static void     rt2860_delete_key(struct ieee80211com *,
  161                     struct ieee80211_node *, struct ieee80211_key *);
  162 #endif
  163 static int8_t   rt2860_rssi2dbm(struct rt2860_softc *, uint8_t, uint8_t);
  164 static const char *rt2860_get_rf(uint8_t);
  165 static int      rt2860_read_eeprom(struct rt2860_softc *,
  166                     uint8_t macaddr[IEEE80211_ADDR_LEN]);
  167 static int      rt2860_bbp_init(struct rt2860_softc *);
  168 static int      rt2860_txrx_enable(struct rt2860_softc *);
  169 static void     rt2860_init(void *);
  170 static void     rt2860_init_locked(struct rt2860_softc *);
  171 static void     rt2860_stop(void *);
  172 static void     rt2860_stop_locked(struct rt2860_softc *);
  173 static int      rt2860_load_microcode(struct rt2860_softc *);
  174 #ifdef NOT_YET
  175 static void     rt2860_calib(struct rt2860_softc *);
  176 #endif
  177 static void     rt3090_set_rx_antenna(struct rt2860_softc *, int);
  178 static void     rt2860_switch_chan(struct rt2860_softc *,
  179                     struct ieee80211_channel *);
  180 static int      rt2860_setup_beacon(struct rt2860_softc *,
  181                     struct ieee80211vap *);
  182 static void     rt2860_enable_tsf_sync(struct rt2860_softc *);
  183 
  184 static const struct {
  185         uint32_t        reg;
  186         uint32_t        val;
  187 } rt2860_def_mac[] = {
  188         RT2860_DEF_MAC
  189 };
  190 
  191 static const struct {
  192         uint8_t reg;
  193         uint8_t val;
  194 } rt2860_def_bbp[] = {
  195         RT2860_DEF_BBP
  196 };
  197 
  198 static const struct rfprog {
  199         uint8_t         chan;
  200         uint32_t        r1, r2, r3, r4;
  201 } rt2860_rf2850[] = {
  202         RT2860_RF2850
  203 };
  204 
  205 struct {
  206         uint8_t n, r, k;
  207 } rt3090_freqs[] = {
  208         RT3070_RF3052
  209 };
  210 
  211 static const struct {
  212         uint8_t reg;
  213         uint8_t val;
  214 }  rt3090_def_rf[] = {
  215         RT3070_DEF_RF
  216 };
  217 
  218 int
  219 rt2860_attach(device_t dev, int id)
  220 {
  221         struct rt2860_softc *sc = device_get_softc(dev);
  222         struct ieee80211com *ic;
  223         struct ifnet *ifp;
  224         uint32_t tmp;
  225         int error, ntries, qid;
  226         uint8_t bands;
  227         uint8_t macaddr[IEEE80211_ADDR_LEN];
  228 
  229         sc->sc_dev = dev;
  230         sc->sc_debug = 0;
  231 
  232         ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
  233         if (ifp == NULL) {
  234                 device_printf(sc->sc_dev, "can not if_alloc()\n");
  235                 return ENOMEM;
  236         }
  237         ic = ifp->if_l2com;
  238 
  239         mtx_init(&sc->sc_mtx, device_get_nameunit(dev), MTX_NETWORK_LOCK,
  240             MTX_DEF | MTX_RECURSE);
  241 
  242         callout_init_mtx(&sc->watchdog_ch, &sc->sc_mtx, 0);
  243 
  244         /* wait for NIC to initialize */
  245         for (ntries = 0; ntries < 100; ntries++) {
  246                 tmp = RAL_READ(sc, RT2860_ASIC_VER_ID);
  247                 if (tmp != 0 && tmp != 0xffffffff)
  248                         break;
  249                 DELAY(10);
  250         }
  251         if (ntries == 100) {
  252                 device_printf(sc->sc_dev,
  253                     "timeout waiting for NIC to initialize\n");
  254                 error = EIO;
  255                 goto fail1;
  256         }
  257         sc->mac_ver = tmp >> 16;
  258         sc->mac_rev = tmp & 0xffff;
  259 
  260         if (sc->mac_ver != 0x2860 &&
  261             (id == 0x0681 || id == 0x0781 || id == 0x1059))
  262                 sc->sc_flags |= RT2860_ADVANCED_PS;
  263 
  264         /* retrieve RF rev. no and various other things from EEPROM */
  265         rt2860_read_eeprom(sc, macaddr);
  266         if (bootverbose) {
  267                 device_printf(sc->sc_dev, "MAC/BBP RT%X (rev 0x%04X), "
  268                     "RF %s (MIMO %dT%dR), address %6D\n",
  269                     sc->mac_ver, sc->mac_rev, rt2860_get_rf(sc->rf_rev),
  270                     sc->ntxchains, sc->nrxchains, macaddr, ":");
  271         }
  272 
  273         /*
  274          * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
  275          */
  276         for (qid = 0; qid < 6; qid++) {
  277                 if ((error = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
  278                         device_printf(sc->sc_dev,
  279                             "could not allocate Tx ring %d\n", qid);
  280                         goto fail2;
  281                 }
  282         }
  283 
  284         if ((error = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
  285                 device_printf(sc->sc_dev, "could not allocate Rx ring\n");
  286                 goto fail2;
  287         }
  288 
  289         if ((error = rt2860_alloc_tx_pool(sc)) != 0) {
  290                 device_printf(sc->sc_dev, "could not allocate Tx pool\n");
  291                 goto fail3;
  292         }
  293 
  294         /* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
  295         sc->mgtqid = (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) ?
  296             WME_AC_VO : 5;
  297 
  298         ifp->if_softc = sc;
  299         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
  300         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
  301         ifp->if_init = rt2860_init;
  302         ifp->if_ioctl = rt2860_ioctl;
  303         ifp->if_start = rt2860_start;
  304         IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
  305         ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
  306         IFQ_SET_READY(&ifp->if_snd);
  307 
  308         ic->ic_ifp = ifp;
  309         ic->ic_opmode = IEEE80211_M_STA;
  310         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
  311 
  312         /* set device capabilities */
  313         ic->ic_caps =
  314                   IEEE80211_C_STA               /* station mode */
  315                 | IEEE80211_C_IBSS              /* ibss, nee adhoc, mode */
  316                 | IEEE80211_C_HOSTAP            /* hostap mode */
  317                 | IEEE80211_C_MONITOR           /* monitor mode */
  318                 | IEEE80211_C_AHDEMO            /* adhoc demo mode */
  319                 | IEEE80211_C_WDS               /* 4-address traffic works */
  320                 | IEEE80211_C_MBSS              /* mesh point link mode */
  321                 | IEEE80211_C_SHPREAMBLE        /* short preamble supported */
  322                 | IEEE80211_C_SHSLOT            /* short slot time supported */
  323                 | IEEE80211_C_WPA               /* capable of WPA1+WPA2 */
  324 #if 0
  325                 | IEEE80211_C_BGSCAN            /* capable of bg scanning */
  326 #endif
  327                 | IEEE80211_C_WME               /* 802.11e */
  328                 ;
  329 
  330         bands = 0;
  331         setbit(&bands, IEEE80211_MODE_11B);
  332         setbit(&bands, IEEE80211_MODE_11G);
  333         if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850)
  334                 setbit(&bands, IEEE80211_MODE_11A);
  335         ieee80211_init_channels(ic, NULL, &bands);
  336 
  337         ieee80211_ifattach(ic, macaddr);
  338 
  339         ic->ic_wme.wme_update = rt2860_updateedca;
  340         ic->ic_scan_start = rt2860_scan_start;
  341         ic->ic_scan_end = rt2860_scan_end;
  342         ic->ic_set_channel = rt2860_set_channel;
  343         ic->ic_updateslot = rt2860_updateslot;
  344         ic->ic_update_promisc = rt2860_update_promisc;
  345         ic->ic_raw_xmit = rt2860_raw_xmit;
  346         sc->sc_node_free = ic->ic_node_free;
  347         ic->ic_node_free = rt2860_node_free;
  348         ic->ic_newassoc = rt2860_newassoc;
  349 
  350         ic->ic_vap_create = rt2860_vap_create;
  351         ic->ic_vap_delete = rt2860_vap_delete;
  352 
  353         ieee80211_radiotap_attach(ic,
  354             &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
  355                 RT2860_TX_RADIOTAP_PRESENT,
  356             &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
  357                 RT2860_RX_RADIOTAP_PRESENT);
  358 
  359 #ifdef RAL_DEBUG
  360         SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
  361             SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
  362             "debug", CTLFLAG_RW, &sc->sc_debug, 0, "debug msgs");
  363 #endif
  364         if (bootverbose)
  365                 ieee80211_announce(ic);
  366 
  367         return 0;
  368 
  369 fail3:  rt2860_free_rx_ring(sc, &sc->rxq);
  370 fail2:  while (--qid >= 0)
  371                 rt2860_free_tx_ring(sc, &sc->txq[qid]);
  372 fail1:  mtx_destroy(&sc->sc_mtx);
  373         if_free(ifp);
  374         return error;
  375 }
  376 
  377 int
  378 rt2860_detach(void *xsc)
  379 {
  380         struct rt2860_softc *sc = xsc;
  381         struct ifnet *ifp =  sc->sc_ifp;
  382         struct ieee80211com *ic = ifp->if_l2com;
  383         int qid;
  384 
  385         RAL_LOCK(sc);
  386         rt2860_stop_locked(sc);
  387         RAL_UNLOCK(sc);
  388 
  389         ieee80211_ifdetach(ic);
  390 
  391         for (qid = 0; qid < 6; qid++)
  392                 rt2860_free_tx_ring(sc, &sc->txq[qid]);
  393         rt2860_free_rx_ring(sc, &sc->rxq);
  394         rt2860_free_tx_pool(sc);
  395 
  396         if_free(ifp);
  397 
  398         mtx_destroy(&sc->sc_mtx);
  399 
  400         return 0;
  401 }
  402 
  403 void
  404 rt2860_shutdown(void *xsc)
  405 {
  406         struct rt2860_softc *sc = xsc;
  407 
  408         rt2860_stop(sc);
  409 }
  410 
  411 void
  412 rt2860_suspend(void *xsc)
  413 {
  414         struct rt2860_softc *sc = xsc;
  415 
  416         rt2860_stop(sc);
  417 }
  418 
  419 void
  420 rt2860_resume(void *xsc)
  421 {
  422         struct rt2860_softc *sc = xsc;
  423         struct ifnet *ifp = sc->sc_ifp;
  424 
  425         if (ifp->if_flags & IFF_UP)
  426                 rt2860_init(sc);
  427 }
  428 
  429 static struct ieee80211vap *
  430 rt2860_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
  431     int opmode, int flags,
  432     const uint8_t bssid[IEEE80211_ADDR_LEN],
  433     const uint8_t mac[IEEE80211_ADDR_LEN])
  434 {
  435         struct ifnet *ifp = ic->ic_ifp;
  436         struct rt2860_vap *rvp;
  437         struct ieee80211vap *vap;
  438 
  439         switch (opmode) {
  440         case IEEE80211_M_STA:
  441         case IEEE80211_M_IBSS:
  442         case IEEE80211_M_AHDEMO:
  443         case IEEE80211_M_MONITOR:
  444         case IEEE80211_M_HOSTAP:
  445         case IEEE80211_M_MBSS:
  446                 /* XXXRP: TBD */
  447                 if (!TAILQ_EMPTY(&ic->ic_vaps)) {
  448                         if_printf(ifp, "only 1 vap supported\n");
  449                         return NULL;
  450                 }
  451                 if (opmode == IEEE80211_M_STA)
  452                         flags |= IEEE80211_CLONE_NOBEACONS;
  453                 break;
  454         case IEEE80211_M_WDS:
  455                 if (TAILQ_EMPTY(&ic->ic_vaps) ||
  456                     ic->ic_opmode != IEEE80211_M_HOSTAP) {
  457                         if_printf(ifp, "wds only supported in ap mode\n");
  458                         return NULL;
  459                 }
  460                 /*
  461                  * Silently remove any request for a unique
  462                  * bssid; WDS vap's always share the local
  463                  * mac address.
  464                  */
  465                 flags &= ~IEEE80211_CLONE_BSSID;
  466                 break;
  467         default:
  468                 if_printf(ifp, "unknown opmode %d\n", opmode);
  469                 return NULL;
  470         }
  471         rvp = malloc(sizeof(struct rt2860_vap), M_80211_VAP, M_NOWAIT | M_ZERO);
  472         if (rvp == NULL)
  473                 return NULL;
  474         vap = &rvp->ral_vap;
  475         ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
  476 
  477         /* override state transition machine */
  478         rvp->ral_newstate = vap->iv_newstate;
  479         vap->iv_newstate = rt2860_newstate;
  480 #if 0
  481         vap->iv_update_beacon = rt2860_beacon_update;
  482 #endif
  483 
  484         /* HW supports up to 255 STAs (0-254) in HostAP and IBSS modes */
  485         vap->iv_max_aid = min(IEEE80211_AID_MAX, RT2860_WCID_MAX);
  486 
  487         ieee80211_ratectl_init(vap);
  488         /* complete setup */
  489         ieee80211_vap_attach(vap, ieee80211_media_change, ieee80211_media_status);
  490         if (TAILQ_FIRST(&ic->ic_vaps) == vap)
  491                 ic->ic_opmode = opmode;
  492         return vap;
  493 }
  494 
  495 static void
  496 rt2860_vap_delete(struct ieee80211vap *vap)
  497 {
  498         struct rt2860_vap *rvp = RT2860_VAP(vap);
  499 
  500         ieee80211_ratectl_deinit(vap);
  501         ieee80211_vap_detach(vap);
  502         free(rvp, M_80211_VAP);
  503 }
  504 
  505 static void
  506 rt2860_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
  507 {
  508         if (error != 0)
  509                 return;
  510 
  511         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
  512 
  513         *(bus_addr_t *)arg = segs[0].ds_addr;
  514 }
  515 
  516 
  517 static int
  518 rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  519 {
  520         int size, error;
  521 
  522         size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
  523 
  524         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
  525             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  526             size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
  527         if (error != 0) {
  528                 device_printf(sc->sc_dev, "could not create desc DMA map\n");
  529                 goto fail;
  530         }
  531 
  532         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->txd,
  533             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
  534         if (error != 0) {
  535                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  536                 goto fail;
  537         }
  538 
  539         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->txd,
  540             size, rt2860_dma_map_addr, &ring->paddr, 0);
  541         if (error != 0) {
  542                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
  543                 goto fail;
  544         }
  545 
  546         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  547 
  548         return 0;
  549 
  550 fail:   rt2860_free_tx_ring(sc, ring);
  551         return error;
  552 }
  553 
  554 void
  555 rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  556 {
  557         struct rt2860_tx_data *data;
  558         int i;
  559 
  560         for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
  561                 if ((data = ring->data[i]) == NULL)
  562                         continue;       /* nothing mapped in this slot */
  563 
  564                 if (data->m != NULL) {
  565                         bus_dmamap_sync(sc->txwi_dmat, data->map,
  566                             BUS_DMASYNC_POSTWRITE);
  567                         bus_dmamap_unload(sc->txwi_dmat, data->map);
  568                         m_freem(data->m);
  569                         data->m = NULL;
  570                 }
  571                 if (data->ni != NULL) {
  572                         ieee80211_free_node(data->ni);
  573                         data->ni = NULL;
  574                 }
  575 
  576                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  577                 ring->data[i] = NULL;
  578         }
  579 
  580         ring->queued = 0;
  581         ring->cur = ring->next = 0;
  582 }
  583 
  584 void
  585 rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
  586 {
  587         struct rt2860_tx_data *data;
  588         int i;
  589 
  590         if (ring->txd != NULL) {
  591                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
  592                     BUS_DMASYNC_POSTWRITE);
  593                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
  594                 bus_dmamem_free(ring->desc_dmat, ring->txd, ring->desc_map);
  595         }
  596         if (ring->desc_dmat != NULL)
  597                 bus_dma_tag_destroy(ring->desc_dmat);
  598 
  599         for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
  600                 if ((data = ring->data[i]) == NULL)
  601                         continue;       /* nothing mapped in this slot */
  602 
  603                 if (data->m != NULL) {
  604                         bus_dmamap_sync(sc->txwi_dmat, data->map,
  605                             BUS_DMASYNC_POSTWRITE);
  606                         bus_dmamap_unload(sc->txwi_dmat, data->map);
  607                         m_freem(data->m);
  608                 }
  609                 if (data->ni != NULL)
  610                         ieee80211_free_node(data->ni);
  611 
  612                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  613         }
  614 }
  615 
  616 /*
  617  * Allocate a pool of TX Wireless Information blocks.
  618  */
  619 int
  620 rt2860_alloc_tx_pool(struct rt2860_softc *sc)
  621 {
  622         caddr_t vaddr;
  623         bus_addr_t paddr;
  624         int i, size, error;
  625 
  626         size = RT2860_TX_POOL_COUNT * RT2860_TXWI_DMASZ;
  627 
  628         /* init data_pool early in case of failure.. */
  629         SLIST_INIT(&sc->data_pool);
  630 
  631         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
  632             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  633             size, 1, size, 0, NULL, NULL, &sc->txwi_dmat);
  634         if (error != 0) {
  635                 device_printf(sc->sc_dev, "could not create txwi DMA tag\n");
  636                 goto fail;
  637         }
  638 
  639         error = bus_dmamem_alloc(sc->txwi_dmat, (void **)&sc->txwi_vaddr,
  640             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &sc->txwi_map);
  641         if (error != 0) {
  642                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  643                 goto fail;
  644         }
  645 
  646         error = bus_dmamap_load(sc->txwi_dmat, sc->txwi_map,
  647             sc->txwi_vaddr, size, rt2860_dma_map_addr, &paddr, 0);
  648         if (error != 0) {
  649                 device_printf(sc->sc_dev, "could not load txwi DMA map\n");
  650                 goto fail;
  651         }
  652 
  653         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
  654 
  655         vaddr = sc->txwi_vaddr;
  656         for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
  657                 struct rt2860_tx_data *data = &sc->data[i];
  658 
  659                 error = bus_dmamap_create(sc->txwi_dmat, 0, &data->map);
  660                 if (error != 0) {
  661                         device_printf(sc->sc_dev, "could not create DMA map\n");
  662                         goto fail;
  663                 }
  664                 data->txwi = (struct rt2860_txwi *)vaddr;
  665                 data->paddr = paddr;
  666                 vaddr += RT2860_TXWI_DMASZ;
  667                 paddr += RT2860_TXWI_DMASZ;
  668 
  669                 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
  670         }
  671 
  672         return 0;
  673 
  674 fail:   rt2860_free_tx_pool(sc);
  675         return error;
  676 }
  677 
  678 void
  679 rt2860_free_tx_pool(struct rt2860_softc *sc)
  680 {
  681         if (sc->txwi_vaddr != NULL) {
  682                 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map,
  683                     BUS_DMASYNC_POSTWRITE);
  684                 bus_dmamap_unload(sc->txwi_dmat, sc->txwi_map);
  685                 bus_dmamem_free(sc->txwi_dmat, sc->txwi_vaddr, sc->txwi_map);
  686         }
  687         if (sc->txwi_dmat != NULL)
  688                 bus_dma_tag_destroy(sc->txwi_dmat);
  689 
  690         while (!SLIST_EMPTY(&sc->data_pool)) {
  691                 struct rt2860_tx_data *data;
  692                 data = SLIST_FIRST(&sc->data_pool);
  693                 bus_dmamap_destroy(sc->txwi_dmat, data->map);
  694                 SLIST_REMOVE_HEAD(&sc->data_pool, next);
  695         }
  696 }
  697 
  698 int
  699 rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  700 {
  701         bus_addr_t physaddr;
  702         int i, size, error;
  703 
  704         size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
  705 
  706         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
  707             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
  708             size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
  709         if (error != 0) {
  710                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
  711                 goto fail;
  712         }
  713 
  714         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->rxd,
  715             BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
  716         if (error != 0) {
  717                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
  718                 goto fail;
  719         }
  720 
  721         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->rxd,
  722             size, rt2860_dma_map_addr, &ring->paddr, 0);
  723         if (error != 0) {
  724                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
  725                 goto fail;
  726         }
  727 
  728         error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
  729             BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
  730             1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat);
  731         if (error != 0) {
  732                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
  733                 goto fail;
  734         }
  735 
  736         for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
  737                 struct rt2860_rx_data *data = &ring->data[i];
  738                 struct rt2860_rxd *rxd = &ring->rxd[i];
  739 
  740                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
  741                 if (error != 0) {
  742                         device_printf(sc->sc_dev, "could not create DMA map\n");
  743                         goto fail;
  744                 }
  745 
  746                 data->m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
  747                 if (data->m == NULL) {
  748                         device_printf(sc->sc_dev,
  749                             "could not allocate rx mbuf\n");
  750                         error = ENOMEM;
  751                         goto fail;
  752                 }
  753 
  754                 error = bus_dmamap_load(ring->data_dmat, data->map,
  755                     mtod(data->m, void *), MCLBYTES, rt2860_dma_map_addr,
  756                     &physaddr, 0);
  757                 if (error != 0) {
  758                         device_printf(sc->sc_dev,
  759                             "could not load rx buf DMA map");
  760                         goto fail;
  761                 }
  762 
  763                 rxd->sdp0 = htole32(physaddr);
  764                 rxd->sdl0 = htole16(MCLBYTES);
  765         }
  766 
  767         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  768 
  769         return 0;
  770 
  771 fail:   rt2860_free_rx_ring(sc, ring);
  772         return error;
  773 }
  774 
  775 void
  776 rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  777 {
  778         int i;
  779 
  780         for (i = 0; i < RT2860_RX_RING_COUNT; i++)
  781                 ring->rxd[i].sdl0 &= ~htole16(RT2860_RX_DDONE);
  782 
  783         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
  784 
  785         ring->cur = 0;
  786 }
  787 
  788 void
  789 rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
  790 {
  791         int i;
  792 
  793         if (ring->rxd != NULL) {
  794                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
  795                     BUS_DMASYNC_POSTWRITE);
  796                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
  797                 bus_dmamem_free(ring->desc_dmat, ring->rxd, ring->desc_map);
  798         }
  799         if (ring->desc_dmat != NULL)
  800                 bus_dma_tag_destroy(ring->desc_dmat);
  801 
  802         for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
  803                 struct rt2860_rx_data *data = &ring->data[i];
  804 
  805                 if (data->m != NULL) {
  806                         bus_dmamap_sync(ring->data_dmat, data->map,
  807                             BUS_DMASYNC_POSTREAD);
  808                         bus_dmamap_unload(ring->data_dmat, data->map);
  809                         m_freem(data->m);
  810                 }
  811                 if (data->map != NULL)
  812                         bus_dmamap_destroy(ring->data_dmat, data->map);
  813         }
  814         if (ring->data_dmat != NULL)
  815                 bus_dma_tag_destroy(ring->data_dmat);
  816 }
  817 
  818 static void
  819 rt2860_updatestats(struct rt2860_softc *sc)
  820 {
  821         struct ieee80211com *ic = sc->sc_ifp->if_l2com;
  822 
  823         /*
  824          * In IBSS or HostAP modes (when the hardware sends beacons), the
  825          * MAC can run into a livelock and start sending CTS-to-self frames
  826          * like crazy if protection is enabled.  Fortunately, we can detect
  827          * when such a situation occurs and reset the MAC.
  828          */
  829         if (ic->ic_curmode != IEEE80211_M_STA) {
  830                 /* check if we're in a livelock situation.. */
  831                 uint32_t tmp = RAL_READ(sc, RT2860_DEBUG);
  832                 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
  833                         /* ..and reset MAC/BBP for a while.. */
  834                         DPRINTF(("CTS-to-self livelock detected\n"));
  835                         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
  836                         RAL_BARRIER_WRITE(sc);
  837                         DELAY(1);
  838                         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
  839                             RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
  840                 }
  841         }
  842 }
  843 
  844 static void
  845 rt2860_newassoc(struct ieee80211_node *ni, int isnew)
  846 {
  847         struct ieee80211com *ic = ni->ni_ic;
  848         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  849         uint8_t wcid;
  850 
  851         wcid = IEEE80211_AID(ni->ni_associd);
  852         if (isnew && ni->ni_associd != 0) {
  853                 sc->wcid2ni[wcid] = ni;
  854 
  855                 /* init WCID table entry */
  856                 RAL_WRITE_REGION_1(sc, RT2860_WCID_ENTRY(wcid),
  857                     ni->ni_macaddr, IEEE80211_ADDR_LEN);
  858         }
  859         DPRINTF(("new assoc isnew=%d addr=%s WCID=%d\n",
  860             isnew, ether_sprintf(ni->ni_macaddr), wcid));
  861 }
  862 
  863 static void
  864 rt2860_node_free(struct ieee80211_node *ni)
  865 {
  866         struct ieee80211com *ic = ni->ni_ic;
  867         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  868         uint8_t wcid;
  869 
  870         if (ni->ni_associd != 0) {
  871                 wcid = IEEE80211_AID(ni->ni_associd);
  872 
  873                 /* clear Rx WCID search table entry */
  874                 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(wcid), 0, 2);
  875         }
  876         sc->sc_node_free(ni);
  877 }
  878 
  879 #ifdef IEEE80211_HT
  880 static int
  881 rt2860_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
  882     uint8_t tid)
  883 {
  884         struct rt2860_softc *sc = ic->ic_softc;
  885         uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
  886         uint32_t tmp;
  887 
  888         /* update BA session mask */
  889         tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
  890         tmp |= (1 << tid) << 16;
  891         RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
  892         return 0;
  893 }
  894 
  895 static void
  896 rt2860_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni,
  897     uint8_t tid)
  898 {
  899         struct rt2860_softc *sc = ic->ic_softc;
  900         uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
  901         uint32_t tmp;
  902 
  903         /* update BA session mask */
  904         tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
  905         tmp &= ~((1 << tid) << 16);
  906         RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
  907 }
  908 #endif
  909 
  910 int
  911 rt2860_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
  912 {
  913         struct rt2860_vap *rvp = RT2860_VAP(vap);
  914         struct ieee80211com *ic = vap->iv_ic;
  915         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
  916         uint32_t tmp;
  917         int error;
  918 
  919         if (vap->iv_state == IEEE80211_S_RUN) {
  920                 /* turn link LED off */
  921                 rt2860_set_leds(sc, RT2860_LED_RADIO);
  922         }
  923 
  924         if (nstate == IEEE80211_S_INIT && vap->iv_state == IEEE80211_S_RUN) {
  925                 /* abort TSF synchronization */
  926                 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
  927                 RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
  928                     tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
  929                     RT2860_TBTT_TIMER_EN));
  930         }
  931 
  932         rt2860_set_gp_timer(sc, 0);
  933 
  934         error = rvp->ral_newstate(vap, nstate, arg);
  935         if (error != 0)
  936                 return (error);
  937 
  938         if (nstate == IEEE80211_S_RUN) {
  939                 struct ieee80211_node *ni = vap->iv_bss;
  940 
  941                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
  942                         rt2860_enable_mrr(sc);
  943                         rt2860_set_txpreamble(sc);
  944                         rt2860_set_basicrates(sc, &ni->ni_rates);
  945                         rt2860_set_bssid(sc, ni->ni_bssid);
  946                 }
  947 
  948                 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
  949                     vap->iv_opmode == IEEE80211_M_IBSS ||
  950                     vap->iv_opmode == IEEE80211_M_MBSS) {
  951                         error = rt2860_setup_beacon(sc, vap);
  952                         if (error != 0)
  953                                 return error;
  954                 }
  955 
  956                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
  957                         rt2860_enable_tsf_sync(sc);
  958                         rt2860_set_gp_timer(sc, 500);
  959                 }
  960 
  961                 /* turn link LED on */
  962                 rt2860_set_leds(sc, RT2860_LED_RADIO |
  963                     (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) ?
  964                      RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
  965         }
  966         return error;
  967 }
  968 
  969 /* Read 16-bit from eFUSE ROM (>=RT3071 only.) */
  970 static uint16_t
  971 rt3090_efuse_read_2(struct rt2860_softc *sc, uint16_t addr)
  972 {
  973         uint32_t tmp;
  974         uint16_t reg;
  975         int ntries;
  976 
  977         addr *= 2;
  978         /*-
  979          * Read one 16-byte block into registers EFUSE_DATA[0-3]:
  980          * DATA0: F E D C
  981          * DATA1: B A 9 8
  982          * DATA2: 7 6 5 4
  983          * DATA3: 3 2 1 0
  984          */
  985         tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
  986         tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
  987         tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
  988         RAL_WRITE(sc, RT3070_EFUSE_CTRL, tmp);
  989         for (ntries = 0; ntries < 500; ntries++) {
  990                 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
  991                 if (!(tmp & RT3070_EFSROM_KICK))
  992                         break;
  993                 DELAY(2);
  994         }
  995         if (ntries == 500)
  996                 return 0xffff;
  997 
  998         if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK)
  999                 return 0xffff;  /* address not found */
 1000 
 1001         /* determine to which 32-bit register our 16-bit word belongs */
 1002         reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
 1003         tmp = RAL_READ(sc, reg);
 1004 
 1005         return (addr & 2) ? tmp >> 16 : tmp & 0xffff;
 1006 }
 1007 
 1008 /*
 1009  * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
 1010  * 93C66 or 93C86).
 1011  */
 1012 static uint16_t
 1013 rt2860_eeprom_read_2(struct rt2860_softc *sc, uint16_t addr)
 1014 {
 1015         uint32_t tmp;
 1016         uint16_t val;
 1017         int n;
 1018 
 1019         /* clock C once before the first command */
 1020         RT2860_EEPROM_CTL(sc, 0);
 1021 
 1022         RT2860_EEPROM_CTL(sc, RT2860_S);
 1023         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1024         RT2860_EEPROM_CTL(sc, RT2860_S);
 1025 
 1026         /* write start bit (1) */
 1027         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
 1028         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
 1029 
 1030         /* write READ opcode (10) */
 1031         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
 1032         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
 1033         RT2860_EEPROM_CTL(sc, RT2860_S);
 1034         RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1035 
 1036         /* write address (A5-A0 or A7-A0) */
 1037         n = ((RAL_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
 1038         for (; n >= 0; n--) {
 1039                 RT2860_EEPROM_CTL(sc, RT2860_S |
 1040                     (((addr >> n) & 1) << RT2860_SHIFT_D));
 1041                 RT2860_EEPROM_CTL(sc, RT2860_S |
 1042                     (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
 1043         }
 1044 
 1045         RT2860_EEPROM_CTL(sc, RT2860_S);
 1046 
 1047         /* read data Q15-Q0 */
 1048         val = 0;
 1049         for (n = 15; n >= 0; n--) {
 1050                 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
 1051                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 1052                 val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
 1053                 RT2860_EEPROM_CTL(sc, RT2860_S);
 1054         }
 1055 
 1056         RT2860_EEPROM_CTL(sc, 0);
 1057 
 1058         /* clear Chip Select and clock C */
 1059         RT2860_EEPROM_CTL(sc, RT2860_S);
 1060         RT2860_EEPROM_CTL(sc, 0);
 1061         RT2860_EEPROM_CTL(sc, RT2860_C);
 1062 
 1063         return val;
 1064 }
 1065 
 1066 static __inline uint16_t
 1067 rt2860_srom_read(struct rt2860_softc *sc, uint8_t addr)
 1068 {
 1069         /* either eFUSE ROM or EEPROM */
 1070         return sc->sc_srom_read(sc, addr);
 1071 }
 1072 
 1073 static void
 1074 rt2860_intr_coherent(struct rt2860_softc *sc)
 1075 {
 1076         uint32_t tmp;
 1077 
 1078         /* DMA finds data coherent event when checking the DDONE bit */
 1079 
 1080         DPRINTF(("Tx/Rx Coherent interrupt\n"));
 1081 
 1082         /* restart DMA engine */
 1083         tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 1084         tmp &= ~(RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
 1085         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 1086 
 1087         (void)rt2860_txrx_enable(sc);
 1088 }
 1089 
 1090 static void
 1091 rt2860_drain_stats_fifo(struct rt2860_softc *sc)
 1092 {
 1093         struct ifnet *ifp = sc->sc_ifp;
 1094         struct ieee80211_node *ni;
 1095         uint32_t stat;
 1096         int retrycnt;
 1097         uint8_t wcid, mcs, pid;
 1098 
 1099         /* drain Tx status FIFO (maxsize = 16) */
 1100         while ((stat = RAL_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
 1101                 DPRINTFN(4, ("tx stat 0x%08x\n", stat));
 1102 
 1103                 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
 1104                 ni = sc->wcid2ni[wcid];
 1105 
 1106                 /* if no ACK was requested, no feedback is available */
 1107                 if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL)
 1108                         continue;
 1109 
 1110                 /* update per-STA AMRR stats */
 1111                 if (stat & RT2860_TXQ_OK) {
 1112                         /*
 1113                          * Check if there were retries, ie if the Tx success
 1114                          * rate is different from the requested rate.  Note
 1115                          * that it works only because we do not allow rate
 1116                          * fallback from OFDM to CCK.
 1117                          */
 1118                         mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
 1119                         pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
 1120                         if (mcs + 1 != pid)
 1121                                 retrycnt = 1;
 1122                         else
 1123                                 retrycnt = 0;
 1124                         ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
 1125                             IEEE80211_RATECTL_TX_SUCCESS, &retrycnt, NULL);
 1126                 } else {
 1127                         ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
 1128                             IEEE80211_RATECTL_TX_FAILURE, &retrycnt, NULL);
 1129                         ifp->if_oerrors++;
 1130                 }
 1131         }
 1132 }
 1133 
 1134 static void
 1135 rt2860_tx_intr(struct rt2860_softc *sc, int qid)
 1136 {
 1137         struct ifnet *ifp = sc->sc_ifp;
 1138         struct rt2860_tx_ring *ring = &sc->txq[qid];
 1139         uint32_t hw;
 1140 
 1141         rt2860_drain_stats_fifo(sc);
 1142 
 1143         hw = RAL_READ(sc, RT2860_TX_DTX_IDX(qid));
 1144         while (ring->next != hw) {
 1145                 struct rt2860_tx_data *data = ring->data[ring->next];
 1146 
 1147                 if (data != NULL) {
 1148                         bus_dmamap_sync(sc->txwi_dmat, data->map,
 1149                             BUS_DMASYNC_POSTWRITE);
 1150                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1151                         if (data->m->m_flags & M_TXCB) {
 1152                                 ieee80211_process_callback(data->ni, data->m,
 1153                                     0);
 1154                         }
 1155                         m_freem(data->m);
 1156                         ieee80211_free_node(data->ni);
 1157                         data->m = NULL;
 1158                         data->ni = NULL;
 1159 
 1160                         SLIST_INSERT_HEAD(&sc->data_pool, data, next);
 1161                         ring->data[ring->next] = NULL;
 1162 
 1163                         ifp->if_opackets++;
 1164                 }
 1165                 ring->queued--;
 1166                 ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
 1167         }
 1168 
 1169         sc->sc_tx_timer = 0;
 1170         if (ring->queued < RT2860_TX_RING_COUNT)
 1171                 sc->qfullmsk &= ~(1 << qid);
 1172         ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
 1173         rt2860_start_locked(ifp);
 1174 }
 1175 
 1176 /*
 1177  * Return the Rx chain with the highest RSSI for a given frame.
 1178  */
 1179 static __inline uint8_t
 1180 rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
 1181 {
 1182         uint8_t rxchain = 0;
 1183 
 1184         if (sc->nrxchains > 1) {
 1185                 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
 1186                         rxchain = 1;
 1187                 if (sc->nrxchains > 2)
 1188                         if (rxwi->rssi[2] > rxwi->rssi[rxchain])
 1189                                 rxchain = 2;
 1190         }
 1191         return rxchain;
 1192 }
 1193 
 1194 static void
 1195 rt2860_rx_intr(struct rt2860_softc *sc)
 1196 {
 1197         struct rt2860_rx_radiotap_header *tap;
 1198         struct ifnet *ifp = sc->sc_ifp;
 1199         struct ieee80211com *ic = ifp->if_l2com;
 1200         struct ieee80211_frame *wh;
 1201         struct ieee80211_node *ni;
 1202         struct mbuf *m, *m1;
 1203         bus_addr_t physaddr;
 1204         uint32_t hw;
 1205         uint16_t phy;
 1206         uint8_t ant;
 1207         int8_t rssi, nf;
 1208         int error;
 1209 
 1210         hw = RAL_READ(sc, RT2860_FS_DRX_IDX) & 0xfff;
 1211         while (sc->rxq.cur != hw) {
 1212                 struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
 1213                 struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
 1214                 struct rt2860_rxwi *rxwi;
 1215 
 1216                 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
 1217                     BUS_DMASYNC_POSTREAD);
 1218 
 1219                 if (__predict_false(!(rxd->sdl0 & htole16(RT2860_RX_DDONE)))) {
 1220                         DPRINTF(("RXD DDONE bit not set!\n"));
 1221                         break;  /* should not happen */
 1222                 }
 1223 
 1224                 if (__predict_false(rxd->flags &
 1225                     htole32(RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
 1226                         ifp->if_ierrors++;
 1227                         goto skip;
 1228                 }
 1229 
 1230 #ifdef HW_CRYPTO
 1231                 if (__predict_false(rxd->flags & htole32(RT2860_RX_MICERR))) {
 1232                         /* report MIC failures to net80211 for TKIP */
 1233                         ic->ic_stats.is_rx_locmicfail++;
 1234                         ieee80211_michael_mic_failure(ic, 0/* XXX */);
 1235                         ifp->if_ierrors++;
 1236                         goto skip;
 1237                 }
 1238 #endif
 1239 
 1240                 m1 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
 1241                 if (__predict_false(m1 == NULL)) {
 1242                         ifp->if_ierrors++;
 1243                         goto skip;
 1244                 }
 1245 
 1246                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
 1247                     BUS_DMASYNC_POSTREAD);
 1248                 bus_dmamap_unload(sc->rxq.data_dmat, data->map);
 1249 
 1250                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
 1251                     mtod(m1, void *), MCLBYTES, rt2860_dma_map_addr,
 1252                     &physaddr, 0);
 1253                 if (__predict_false(error != 0)) {
 1254                         m_freem(m1);
 1255 
 1256                         /* try to reload the old mbuf */
 1257                         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
 1258                             mtod(data->m, void *), MCLBYTES,
 1259                             rt2860_dma_map_addr, &physaddr, 0);
 1260                         if (__predict_false(error != 0)) {
 1261                                 panic("%s: could not load old rx mbuf",
 1262                                     device_get_name(sc->sc_dev));
 1263                         }
 1264                         /* physical address may have changed */
 1265                         rxd->sdp0 = htole32(physaddr);
 1266                         ifp->if_ierrors++;
 1267                         goto skip;
 1268                 }
 1269 
 1270                 /*
 1271                  * New mbuf successfully loaded, update Rx ring and continue
 1272                  * processing.
 1273                  */
 1274                 m = data->m;
 1275                 data->m = m1;
 1276                 rxd->sdp0 = htole32(physaddr);
 1277 
 1278                 rxwi = mtod(m, struct rt2860_rxwi *);
 1279 
 1280                 /* finalize mbuf */
 1281                 m->m_pkthdr.rcvif = ifp;
 1282                 m->m_data = (caddr_t)(rxwi + 1);
 1283                 m->m_pkthdr.len = m->m_len = le16toh(rxwi->len) & 0xfff;
 1284 
 1285                 wh = mtod(m, struct ieee80211_frame *);
 1286 #ifdef HW_CRYPTO
 1287                 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
 1288                         /* frame is decrypted by hardware */
 1289                         wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
 1290                 }
 1291 #endif
 1292 
 1293                 /* HW may insert 2 padding bytes after 802.11 header */
 1294                 if (rxd->flags & htole32(RT2860_RX_L2PAD)) {
 1295                         u_int hdrlen = ieee80211_hdrsize(wh);
 1296                         ovbcopy(wh, (caddr_t)wh + 2, hdrlen);
 1297                         m->m_data += 2;
 1298                         wh = mtod(m, struct ieee80211_frame *);
 1299                 }
 1300 
 1301                 ant = rt2860_maxrssi_chain(sc, rxwi);
 1302                 rssi = rt2860_rssi2dbm(sc, rxwi->rssi[ant], ant);
 1303                 nf = RT2860_NOISE_FLOOR;
 1304 
 1305                 if (ieee80211_radiotap_active(ic)) {
 1306                         tap = &sc->sc_rxtap;
 1307                         tap->wr_flags = 0;
 1308                         tap->wr_antenna = ant;
 1309                         tap->wr_antsignal = nf + rssi;
 1310                         tap->wr_antnoise = nf;
 1311                         /* in case it can't be found below */
 1312                         tap->wr_rate = 2;
 1313                         phy = le16toh(rxwi->phy);
 1314                         switch (phy & RT2860_PHY_MODE) {
 1315                         case RT2860_PHY_CCK:
 1316                                 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
 1317                                 case 0: tap->wr_rate =   2; break;
 1318                                 case 1: tap->wr_rate =   4; break;
 1319                                 case 2: tap->wr_rate =  11; break;
 1320                                 case 3: tap->wr_rate =  22; break;
 1321                                 }
 1322                                 if (phy & RT2860_PHY_SHPRE)
 1323                                         tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1324                                 break;
 1325                         case RT2860_PHY_OFDM:
 1326                                 switch (phy & RT2860_PHY_MCS) {
 1327                                 case 0: tap->wr_rate =  12; break;
 1328                                 case 1: tap->wr_rate =  18; break;
 1329                                 case 2: tap->wr_rate =  24; break;
 1330                                 case 3: tap->wr_rate =  36; break;
 1331                                 case 4: tap->wr_rate =  48; break;
 1332                                 case 5: tap->wr_rate =  72; break;
 1333                                 case 6: tap->wr_rate =  96; break;
 1334                                 case 7: tap->wr_rate = 108; break;
 1335                                 }
 1336                                 break;
 1337                         }
 1338                 }
 1339 
 1340                 RAL_UNLOCK(sc);
 1341                 wh = mtod(m, struct ieee80211_frame *);
 1342 
 1343                 /* send the frame to the 802.11 layer */
 1344                 ni = ieee80211_find_rxnode(ic,
 1345                     (struct ieee80211_frame_min *)wh);
 1346                 if (ni != NULL) {
 1347                         (void)ieee80211_input(ni, m, rssi - nf, nf);
 1348                         ieee80211_free_node(ni);
 1349                 } else
 1350                         (void)ieee80211_input_all(ic, m, rssi - nf, nf);
 1351 
 1352                 RAL_LOCK(sc);
 1353 
 1354 skip:           rxd->sdl0 &= ~htole16(RT2860_RX_DDONE);
 1355 
 1356                 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
 1357                     BUS_DMASYNC_PREWRITE);
 1358 
 1359                 sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
 1360         }
 1361 
 1362         /* tell HW what we have processed */
 1363         RAL_WRITE(sc, RT2860_RX_CALC_IDX,
 1364             (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
 1365 }
 1366 
 1367 static void
 1368 rt2860_tbtt_intr(struct rt2860_softc *sc)
 1369 {
 1370 #if 0
 1371         struct ieee80211com *ic = &sc->sc_ic;
 1372 
 1373 #ifndef IEEE80211_STA_ONLY
 1374         if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
 1375                 /* one less beacon until next DTIM */
 1376                 if (ic->ic_dtim_count == 0)
 1377                         ic->ic_dtim_count = ic->ic_dtim_period - 1;
 1378                 else
 1379                         ic->ic_dtim_count--;
 1380 
 1381                 /* update dynamic parts of beacon */
 1382                 rt2860_setup_beacon(sc);
 1383 
 1384                 /* flush buffered multicast frames */
 1385                 if (ic->ic_dtim_count == 0)
 1386                         ieee80211_notify_dtim(ic);
 1387         }
 1388 #endif
 1389         /* check if protection mode has changed */
 1390         if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
 1391                 rt2860_updateprot(ic);
 1392                 sc->sc_ic_flags = ic->ic_flags;
 1393         }
 1394 #endif
 1395 }
 1396 
 1397 static void
 1398 rt2860_gp_intr(struct rt2860_softc *sc)
 1399 {
 1400         struct ieee80211com *ic = sc->sc_ifp->if_l2com;
 1401         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 1402 
 1403         DPRINTFN(2, ("GP timeout state=%d\n", vap->iv_state));
 1404 
 1405         if (vap->iv_state == IEEE80211_S_RUN)
 1406                 rt2860_updatestats(sc);
 1407 }
 1408 
 1409 void
 1410 rt2860_intr(void *arg)
 1411 {
 1412         struct rt2860_softc *sc = arg;
 1413         uint32_t r;
 1414 
 1415         RAL_LOCK(sc);
 1416 
 1417         r = RAL_READ(sc, RT2860_INT_STATUS);
 1418         if (__predict_false(r == 0xffffffff)) {
 1419                 RAL_UNLOCK(sc);
 1420                 return; /* device likely went away */
 1421         }
 1422         if (r == 0) {
 1423                 RAL_UNLOCK(sc);
 1424                 return; /* not for us */
 1425         }
 1426 
 1427         /* acknowledge interrupts */
 1428         RAL_WRITE(sc, RT2860_INT_STATUS, r);
 1429 
 1430         if (r & RT2860_TX_RX_COHERENT)
 1431                 rt2860_intr_coherent(sc);
 1432 
 1433         if (r & RT2860_MAC_INT_2)       /* TX status */
 1434                 rt2860_drain_stats_fifo(sc);
 1435 
 1436         if (r & RT2860_TX_DONE_INT5)
 1437                 rt2860_tx_intr(sc, 5);
 1438 
 1439         if (r & RT2860_RX_DONE_INT)
 1440                 rt2860_rx_intr(sc);
 1441 
 1442         if (r & RT2860_TX_DONE_INT4)
 1443                 rt2860_tx_intr(sc, 4);
 1444 
 1445         if (r & RT2860_TX_DONE_INT3)
 1446                 rt2860_tx_intr(sc, 3);
 1447 
 1448         if (r & RT2860_TX_DONE_INT2)
 1449                 rt2860_tx_intr(sc, 2);
 1450 
 1451         if (r & RT2860_TX_DONE_INT1)
 1452                 rt2860_tx_intr(sc, 1);
 1453 
 1454         if (r & RT2860_TX_DONE_INT0)
 1455                 rt2860_tx_intr(sc, 0);
 1456 
 1457         if (r & RT2860_MAC_INT_0)       /* TBTT */
 1458                 rt2860_tbtt_intr(sc);
 1459 
 1460         if (r & RT2860_MAC_INT_3)       /* Auto wakeup */
 1461                 /* TBD wakeup */;
 1462 
 1463         if (r & RT2860_MAC_INT_4)       /* GP timer */
 1464                 rt2860_gp_intr(sc);
 1465 
 1466         RAL_UNLOCK(sc);
 1467 }
 1468 
 1469 static int
 1470 rt2860_tx(struct rt2860_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
 1471 {
 1472         struct ifnet *ifp = sc->sc_ifp;
 1473         struct ieee80211com *ic = ifp->if_l2com;
 1474         struct ieee80211vap *vap = ni->ni_vap;
 1475         struct rt2860_tx_ring *ring;
 1476         struct rt2860_tx_data *data;
 1477         struct rt2860_txd *txd;
 1478         struct rt2860_txwi *txwi;
 1479         struct ieee80211_frame *wh;
 1480         const struct ieee80211_txparam *tp;
 1481         struct ieee80211_key *k;
 1482         struct mbuf *m1;
 1483         bus_dma_segment_t segs[RT2860_MAX_SCATTER];
 1484         bus_dma_segment_t *seg;
 1485         u_int hdrlen;
 1486         uint16_t qos, dur;
 1487         uint8_t type, qsel, mcs, pid, tid, qid;
 1488         int i, nsegs, ntxds, pad, rate, ridx, error;
 1489 
 1490         /* the data pool contains at least one element, pick the first */
 1491         data = SLIST_FIRST(&sc->data_pool);
 1492 
 1493         wh = mtod(m, struct ieee80211_frame *);
 1494 
 1495         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
 1496                 k = ieee80211_crypto_encap(ni, m);
 1497                 if (k == NULL) {
 1498                         m_freem(m);
 1499                         return ENOBUFS;
 1500                 }
 1501 
 1502                 /* packet header may have moved, reset our local pointer */
 1503                 wh = mtod(m, struct ieee80211_frame *);
 1504         }
 1505 
 1506         hdrlen = ieee80211_anyhdrsize(wh);
 1507         type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 1508 
 1509         tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
 1510         if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 1511                 rate = tp->mcastrate;
 1512         } else if (m->m_flags & M_EAPOL) {
 1513                 rate = tp->mgmtrate;
 1514         } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
 1515                 rate = tp->ucastrate;
 1516         } else {
 1517                 (void) ieee80211_ratectl_rate(ni, NULL, 0);
 1518                 rate = ni->ni_txrate;
 1519         }
 1520         rate &= IEEE80211_RATE_VAL;
 1521 
 1522         qid = M_WME_GETAC(m);
 1523         if (IEEE80211_QOS_HAS_SEQ(wh)) {
 1524                 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
 1525                 tid = qos & IEEE80211_QOS_TID;
 1526         } else {
 1527                 qos = 0;
 1528                 tid = 0;
 1529         }
 1530         ring = &sc->txq[qid];
 1531         ridx = ic->ic_rt->rateCodeToIndex[rate];
 1532 
 1533         /* get MCS code from rate index */
 1534         mcs = rt2860_rates[ridx].mcs;
 1535 
 1536         /* setup TX Wireless Information */
 1537         txwi = data->txwi;
 1538         txwi->flags = 0;
 1539         /* let HW generate seq numbers for non-QoS frames */
 1540         txwi->xflags = qos ? 0 : RT2860_TX_NSEQ;
 1541         if (type == IEEE80211_FC0_TYPE_DATA)
 1542                 txwi->wcid = IEEE80211_AID(ni->ni_associd);
 1543         else
 1544                 txwi->wcid = 0xff;
 1545         txwi->len = htole16(m->m_pkthdr.len);
 1546         if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
 1547                 txwi->phy = htole16(RT2860_PHY_CCK);
 1548                 if (ridx != RT2860_RIDX_CCK1 &&
 1549                     (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
 1550                         mcs |= RT2860_PHY_SHPRE;
 1551         } else
 1552                 txwi->phy = htole16(RT2860_PHY_OFDM);
 1553         txwi->phy |= htole16(mcs);
 1554 
 1555         /*
 1556          * We store the MCS code into the driver-private PacketID field.
 1557          * The PacketID is latched into TX_STAT_FIFO when Tx completes so
 1558          * that we know at which initial rate the frame was transmitted.
 1559          * We add 1 to the MCS code because setting the PacketID field to
 1560          * 0 means that we don't want feedback in TX_STAT_FIFO.
 1561          */
 1562         pid = (mcs + 1) & 0xf;
 1563         txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
 1564 
 1565         /* check if RTS/CTS or CTS-to-self protection is required */
 1566         if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
 1567             (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
 1568              ((ic->ic_flags & IEEE80211_F_USEPROT) &&
 1569               rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
 1570                 txwi->txop = RT2860_TX_TXOP_HT;
 1571         else
 1572                 txwi->txop = RT2860_TX_TXOP_BACKOFF;
 1573 
 1574         if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
 1575             (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
 1576              IEEE80211_QOS_ACKPOLICY_NOACK)) {
 1577                 txwi->xflags |= RT2860_TX_ACK;
 1578 
 1579                 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 1580                         dur = rt2860_rates[ridx].sp_ack_dur;
 1581                 else
 1582                         dur = rt2860_rates[ridx].lp_ack_dur;
 1583                 *(uint16_t *)wh->i_dur = htole16(dur);
 1584         }
 1585         /* ask MAC to insert timestamp into probe responses */
 1586         if ((wh->i_fc[0] &
 1587              (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
 1588              (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
 1589             /* NOTE: beacons do not pass through tx_data() */
 1590                 txwi->flags |= RT2860_TX_TS;
 1591 
 1592         if (ieee80211_radiotap_active_vap(vap)) {
 1593                 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
 1594 
 1595                 tap->wt_flags = 0;
 1596                 tap->wt_rate = rate;
 1597                 if (mcs & RT2860_PHY_SHPRE)
 1598                         tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1599 
 1600                 ieee80211_radiotap_tx(vap, m);
 1601         }
 1602 
 1603         pad = (hdrlen + 3) & ~3;
 1604 
 1605         /* copy and trim 802.11 header */
 1606         memcpy(txwi + 1, wh, hdrlen);
 1607         m_adj(m, hdrlen);
 1608 
 1609         error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
 1610             &nsegs, 0);
 1611         if (__predict_false(error != 0 && error != EFBIG)) {
 1612                 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1613                     error);
 1614                 m_freem(m);
 1615                 return error;
 1616         }
 1617         if (__predict_true(error == 0)) {
 1618                 /* determine how many TXDs are required */
 1619                 ntxds = 1 + (nsegs / 2);
 1620 
 1621                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1622                         /* not enough free TXDs, force mbuf defrag */
 1623                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1624                         error = EFBIG;
 1625                 }
 1626         }
 1627         if (__predict_false(error != 0)) {
 1628                 m1 = m_defrag(m, M_DONTWAIT);
 1629                 if (m1 == NULL) {
 1630                         device_printf(sc->sc_dev,
 1631                             "could not defragment mbuf\n");
 1632                         m_freem(m);
 1633                         return ENOBUFS;
 1634                 }
 1635                 m = m1;
 1636 
 1637                 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
 1638                     segs, &nsegs, 0);
 1639                 if (__predict_false(error != 0)) {
 1640                         device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1641                             error);
 1642                         m_freem(m);
 1643                         return error;
 1644                 }
 1645 
 1646                 /* determine how many TXDs are now required */
 1647                 ntxds = 1 + (nsegs / 2);
 1648 
 1649                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1650                         /* this is a hopeless case, drop the mbuf! */
 1651                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1652                         m_freem(m);
 1653                         return ENOBUFS;
 1654                 }
 1655         }
 1656 
 1657         qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
 1658 
 1659         /* first segment is TXWI + 802.11 header */
 1660         txd = &ring->txd[ring->cur];
 1661         txd->sdp0 = htole32(data->paddr);
 1662         txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
 1663         txd->flags = qsel;
 1664 
 1665         /* setup payload segments */
 1666         seg = &segs[0];
 1667         for (i = nsegs; i >= 2; i -= 2) {
 1668                 txd->sdp1 = htole32(seg->ds_addr);
 1669                 txd->sdl1 = htole16(seg->ds_len);
 1670                 seg++;
 1671                 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1672                 /* grab a new Tx descriptor */
 1673                 txd = &ring->txd[ring->cur];
 1674                 txd->sdp0 = htole32(seg->ds_addr);
 1675                 txd->sdl0 = htole16(seg->ds_len);
 1676                 txd->flags = qsel;
 1677                 seg++;
 1678         }
 1679         /* finalize last segment */
 1680         if (i > 0) {
 1681                 txd->sdp1 = htole32(seg->ds_addr);
 1682                 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
 1683         } else {
 1684                 txd->sdl0 |= htole16(RT2860_TX_LS0);
 1685                 txd->sdl1 = 0;
 1686         }
 1687 
 1688         /* remove from the free pool and link it into the SW Tx slot */
 1689         SLIST_REMOVE_HEAD(&sc->data_pool, next);
 1690         data->m = m;
 1691         data->ni = ni;
 1692         ring->data[ring->cur] = data;
 1693 
 1694         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
 1695         bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
 1696         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
 1697 
 1698         DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
 1699             qid, txwi->wcid, nsegs, ridx));
 1700 
 1701         ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1702         ring->queued += ntxds;
 1703         if (ring->queued >= RT2860_TX_RING_COUNT)
 1704                 sc->qfullmsk |= 1 << qid;
 1705 
 1706         /* kick Tx */
 1707         RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
 1708 
 1709         return 0;
 1710 }
 1711 
 1712 static int
 1713 rt2860_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
 1714     const struct ieee80211_bpf_params *params)
 1715 {
 1716         struct ieee80211com *ic = ni->ni_ic;
 1717         struct ifnet *ifp = ic->ic_ifp;
 1718         struct rt2860_softc *sc = ifp->if_softc;
 1719         int error;
 1720 
 1721         RAL_LOCK(sc);
 1722 
 1723         /* prevent management frames from being sent if we're not ready */
 1724         if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
 1725                 RAL_UNLOCK(sc);
 1726                 m_freem(m);
 1727                 ieee80211_free_node(ni);
 1728                 return ENETDOWN;
 1729         }
 1730         if (params == NULL) {
 1731                 /*
 1732                  * Legacy path; interpret frame contents to decide
 1733                  * precisely how to send the frame.
 1734                  */
 1735                 error = rt2860_tx(sc, m, ni);
 1736         } else {
 1737                 /*
 1738                  * Caller supplied explicit parameters to use in
 1739                  * sending the frame.
 1740                  */
 1741                 error = rt2860_tx_raw(sc, m, ni, params);
 1742         }
 1743         if (error != 0) {
 1744                 /* NB: m is reclaimed on tx failure */
 1745                 ieee80211_free_node(ni);
 1746                 ifp->if_oerrors++;
 1747         }
 1748         sc->sc_tx_timer = 5;
 1749         RAL_UNLOCK(sc);
 1750         return error;
 1751 }
 1752 
 1753 static int
 1754 rt2860_tx_raw(struct rt2860_softc *sc, struct mbuf *m,
 1755     struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
 1756 {
 1757         struct ifnet *ifp = sc->sc_ifp;
 1758         struct ieee80211com *ic = ifp->if_l2com;
 1759         struct ieee80211vap *vap = ni->ni_vap;
 1760         struct rt2860_tx_ring *ring;
 1761         struct rt2860_tx_data *data;
 1762         struct rt2860_txd *txd;
 1763         struct rt2860_txwi *txwi;
 1764         struct ieee80211_frame *wh;
 1765         struct mbuf *m1;
 1766         bus_dma_segment_t segs[RT2860_MAX_SCATTER];
 1767         bus_dma_segment_t *seg;
 1768         u_int hdrlen;
 1769         uint16_t dur;
 1770         uint8_t type, qsel, mcs, pid, tid, qid;
 1771         int i, nsegs, ntxds, pad, rate, ridx, error;
 1772 
 1773         /* the data pool contains at least one element, pick the first */
 1774         data = SLIST_FIRST(&sc->data_pool);
 1775 
 1776         wh = mtod(m, struct ieee80211_frame *);
 1777         hdrlen = ieee80211_hdrsize(wh);
 1778         type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 1779 
 1780         /* Choose a TX rate index. */
 1781         rate = params->ibp_rate0;
 1782         ridx = ic->ic_rt->rateCodeToIndex[rate];
 1783         if (ridx == (uint8_t)-1) {
 1784                 /* XXX fall back to mcast/mgmt rate? */
 1785                 m_freem(m);
 1786                 return EINVAL;
 1787         }
 1788 
 1789         qid = params->ibp_pri & 3;
 1790         tid = 0;
 1791         ring = &sc->txq[qid];
 1792 
 1793         /* get MCS code from rate index */
 1794         mcs = rt2860_rates[ridx].mcs;
 1795 
 1796         /* setup TX Wireless Information */
 1797         txwi = data->txwi;
 1798         txwi->flags = 0;
 1799         /* let HW generate seq numbers for non-QoS frames */
 1800         txwi->xflags = params->ibp_pri & 3 ? 0 : RT2860_TX_NSEQ;
 1801         txwi->wcid = 0xff;
 1802         txwi->len = htole16(m->m_pkthdr.len);
 1803         if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
 1804                 txwi->phy = htole16(RT2860_PHY_CCK);
 1805                 if (ridx != RT2860_RIDX_CCK1 &&
 1806                     (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
 1807                         mcs |= RT2860_PHY_SHPRE;
 1808         } else
 1809                 txwi->phy = htole16(RT2860_PHY_OFDM);
 1810         txwi->phy |= htole16(mcs);
 1811 
 1812         /*
 1813          * We store the MCS code into the driver-private PacketID field.
 1814          * The PacketID is latched into TX_STAT_FIFO when Tx completes so
 1815          * that we know at which initial rate the frame was transmitted.
 1816          * We add 1 to the MCS code because setting the PacketID field to
 1817          * 0 means that we don't want feedback in TX_STAT_FIFO.
 1818          */
 1819         pid = (mcs + 1) & 0xf;
 1820         txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
 1821 
 1822         /* check if RTS/CTS or CTS-to-self protection is required */
 1823         if (params->ibp_flags & IEEE80211_BPF_RTS ||
 1824             params->ibp_flags & IEEE80211_BPF_CTS)
 1825                 txwi->txop = RT2860_TX_TXOP_HT;
 1826         else
 1827                 txwi->txop = RT2860_TX_TXOP_BACKOFF;
 1828         if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) {
 1829                 txwi->xflags |= RT2860_TX_ACK;
 1830 
 1831                 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 1832                         dur = rt2860_rates[ridx].sp_ack_dur;
 1833                 else
 1834                         dur = rt2860_rates[ridx].lp_ack_dur;
 1835                 *(uint16_t *)wh->i_dur = htole16(dur);
 1836         }
 1837         /* ask MAC to insert timestamp into probe responses */
 1838         if ((wh->i_fc[0] &
 1839              (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
 1840              (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
 1841             /* NOTE: beacons do not pass through tx_data() */
 1842                 txwi->flags |= RT2860_TX_TS;
 1843 
 1844         if (ieee80211_radiotap_active_vap(vap)) {
 1845                 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
 1846 
 1847                 tap->wt_flags = 0;
 1848                 tap->wt_rate = rate;
 1849                 if (mcs & RT2860_PHY_SHPRE)
 1850                         tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
 1851 
 1852                 ieee80211_radiotap_tx(vap, m);
 1853         }
 1854 
 1855         pad = (hdrlen + 3) & ~3;
 1856 
 1857         /* copy and trim 802.11 header */
 1858         memcpy(txwi + 1, wh, hdrlen);
 1859         m_adj(m, hdrlen);
 1860 
 1861         error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
 1862             &nsegs, 0);
 1863         if (__predict_false(error != 0 && error != EFBIG)) {
 1864                 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1865                     error);
 1866                 m_freem(m);
 1867                 return error;
 1868         }
 1869         if (__predict_true(error == 0)) {
 1870                 /* determine how many TXDs are required */
 1871                 ntxds = 1 + (nsegs / 2);
 1872 
 1873                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1874                         /* not enough free TXDs, force mbuf defrag */
 1875                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1876                         error = EFBIG;
 1877                 }
 1878         }
 1879         if (__predict_false(error != 0)) {
 1880                 m1 = m_defrag(m, M_DONTWAIT);
 1881                 if (m1 == NULL) {
 1882                         device_printf(sc->sc_dev,
 1883                             "could not defragment mbuf\n");
 1884                         m_freem(m);
 1885                         return ENOBUFS;
 1886                 }
 1887                 m = m1;
 1888 
 1889                 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
 1890                     segs, &nsegs, 0);
 1891                 if (__predict_false(error != 0)) {
 1892                         device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
 1893                             error);
 1894                         m_freem(m);
 1895                         return error;
 1896                 }
 1897 
 1898                 /* determine how many TXDs are now required */
 1899                 ntxds = 1 + (nsegs / 2);
 1900 
 1901                 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
 1902                         /* this is a hopeless case, drop the mbuf! */
 1903                         bus_dmamap_unload(sc->txwi_dmat, data->map);
 1904                         m_freem(m);
 1905                         return ENOBUFS;
 1906                 }
 1907         }
 1908 
 1909         qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
 1910 
 1911         /* first segment is TXWI + 802.11 header */
 1912         txd = &ring->txd[ring->cur];
 1913         txd->sdp0 = htole32(data->paddr);
 1914         txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
 1915         txd->flags = qsel;
 1916 
 1917         /* setup payload segments */
 1918         seg = &segs[0];
 1919         for (i = nsegs; i >= 2; i -= 2) {
 1920                 txd->sdp1 = htole32(seg->ds_addr);
 1921                 txd->sdl1 = htole16(seg->ds_len);
 1922                 seg++;
 1923                 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1924                 /* grab a new Tx descriptor */
 1925                 txd = &ring->txd[ring->cur];
 1926                 txd->sdp0 = htole32(seg->ds_addr);
 1927                 txd->sdl0 = htole16(seg->ds_len);
 1928                 txd->flags = qsel;
 1929                 seg++;
 1930         }
 1931         /* finalize last segment */
 1932         if (i > 0) {
 1933                 txd->sdp1 = htole32(seg->ds_addr);
 1934                 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
 1935         } else {
 1936                 txd->sdl0 |= htole16(RT2860_TX_LS0);
 1937                 txd->sdl1 = 0;
 1938         }
 1939 
 1940         /* remove from the free pool and link it into the SW Tx slot */
 1941         SLIST_REMOVE_HEAD(&sc->data_pool, next);
 1942         data->m = m;
 1943         data->ni = ni;
 1944         ring->data[ring->cur] = data;
 1945 
 1946         bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
 1947         bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
 1948         bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
 1949 
 1950         DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
 1951             qid, txwi->wcid, nsegs, ridx));
 1952 
 1953         ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
 1954         ring->queued += ntxds;
 1955         if (ring->queued >= RT2860_TX_RING_COUNT)
 1956                 sc->qfullmsk |= 1 << qid;
 1957 
 1958         /* kick Tx */
 1959         RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
 1960 
 1961         return 0;
 1962 }
 1963 
 1964 static void
 1965 rt2860_start(struct ifnet *ifp)
 1966 {
 1967         struct rt2860_softc *sc = ifp->if_softc;
 1968 
 1969         RAL_LOCK(sc);
 1970         rt2860_start_locked(ifp);
 1971         RAL_UNLOCK(sc);
 1972 }
 1973 
 1974 static void
 1975 rt2860_start_locked(struct ifnet *ifp)
 1976 {
 1977         struct rt2860_softc *sc = ifp->if_softc;
 1978         struct ieee80211_node *ni;
 1979         struct mbuf *m;
 1980 
 1981         RAL_LOCK_ASSERT(sc);
 1982 
 1983         if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 1984             (ifp->if_drv_flags & IFF_DRV_OACTIVE))
 1985                 return;
 1986 
 1987         for (;;) {
 1988                 if (SLIST_EMPTY(&sc->data_pool) || sc->qfullmsk != 0) {
 1989                         ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 1990                         break;
 1991                 }
 1992                 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
 1993                 if (m == NULL)
 1994                         break;
 1995                 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
 1996                 if (rt2860_tx(sc, m, ni) != 0) {
 1997                         ieee80211_free_node(ni);
 1998                         ifp->if_oerrors++;
 1999                         continue;
 2000                 }
 2001                 sc->sc_tx_timer = 5;
 2002         }
 2003 }
 2004 
 2005 static void
 2006 rt2860_watchdog(void *arg)
 2007 {
 2008         struct rt2860_softc *sc = arg;
 2009         struct ifnet *ifp = sc->sc_ifp;
 2010 
 2011         RAL_LOCK_ASSERT(sc);
 2012 
 2013         KASSERT(ifp->if_drv_flags & IFF_DRV_RUNNING, ("not running"));
 2014 
 2015         if (sc->sc_invalid)             /* card ejected */
 2016                 return;
 2017 
 2018         if (sc->sc_tx_timer > 0 && --sc->sc_tx_timer == 0) {
 2019                 if_printf(ifp, "device timeout\n");
 2020                 rt2860_stop_locked(sc);
 2021                 rt2860_init_locked(sc);
 2022                 ifp->if_oerrors++;
 2023                 return;
 2024         }
 2025         callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
 2026 }
 2027 
 2028 static int
 2029 rt2860_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 2030 {
 2031         struct rt2860_softc *sc = ifp->if_softc;
 2032         struct ieee80211com *ic = ifp->if_l2com;
 2033         struct ifreq *ifr = (struct ifreq *)data;
 2034         int error = 0, startall = 0;
 2035 
 2036         switch (cmd) {
 2037         case SIOCSIFFLAGS:
 2038                 RAL_LOCK(sc);
 2039                 if (ifp->if_flags & IFF_UP) {
 2040                         if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
 2041                                 rt2860_init_locked(sc);
 2042                                 startall = 1;
 2043                         } else
 2044                                 rt2860_update_promisc(ifp);
 2045                 } else {
 2046                         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 2047                                 rt2860_stop_locked(sc);
 2048                 }
 2049                 RAL_UNLOCK(sc);
 2050                 if (startall)
 2051                         ieee80211_start_all(ic);
 2052                 break;
 2053         case SIOCGIFMEDIA:
 2054                 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
 2055                 break;
 2056         case SIOCSIFADDR:
 2057                 error = ether_ioctl(ifp, cmd, data);
 2058                 break;
 2059         default:
 2060                 error = EINVAL;
 2061                 break;
 2062         }
 2063         return error;
 2064 }
 2065 
 2066 /*
 2067  * Reading and writing from/to the BBP is different from RT2560 and RT2661.
 2068  * We access the BBP through the 8051 microcontroller unit which means that
 2069  * the microcode must be loaded first.
 2070  */
 2071 void
 2072 rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
 2073 {
 2074         int ntries;
 2075 
 2076         for (ntries = 0; ntries < 100; ntries++) {
 2077                 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
 2078                         break;
 2079                 DELAY(1);
 2080         }
 2081         if (ntries == 100) {
 2082                 device_printf(sc->sc_dev,
 2083                     "could not write to BBP through MCU\n");
 2084                 return;
 2085         }
 2086 
 2087         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
 2088             RT2860_BBP_CSR_KICK | reg << 8 | val);
 2089         RAL_BARRIER_WRITE(sc);
 2090 
 2091         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
 2092         DELAY(1000);
 2093 }
 2094 
 2095 uint8_t
 2096 rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
 2097 {
 2098         uint32_t val;
 2099         int ntries;
 2100 
 2101         for (ntries = 0; ntries < 100; ntries++) {
 2102                 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
 2103                         break;
 2104                 DELAY(1);
 2105         }
 2106         if (ntries == 100) {
 2107                 device_printf(sc->sc_dev,
 2108                     "could not read from BBP through MCU\n");
 2109                 return 0;
 2110         }
 2111 
 2112         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
 2113             RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
 2114         RAL_BARRIER_WRITE(sc);
 2115 
 2116         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
 2117         DELAY(1000);
 2118 
 2119         for (ntries = 0; ntries < 100; ntries++) {
 2120                 val = RAL_READ(sc, RT2860_H2M_BBPAGENT);
 2121                 if (!(val & RT2860_BBP_CSR_KICK))
 2122                         return val & 0xff;
 2123                 DELAY(1);
 2124         }
 2125         device_printf(sc->sc_dev, "could not read from BBP through MCU\n");
 2126 
 2127         return 0;
 2128 }
 2129 
 2130 /*
 2131  * Write to one of the 4 programmable 24-bit RF registers.
 2132  */
 2133 static void
 2134 rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
 2135 {
 2136         uint32_t tmp;
 2137         int ntries;
 2138 
 2139         for (ntries = 0; ntries < 100; ntries++) {
 2140                 if (!(RAL_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
 2141                         break;
 2142                 DELAY(1);
 2143         }
 2144         if (ntries == 100) {
 2145                 device_printf(sc->sc_dev, "could not write to RF\n");
 2146                 return;
 2147         }
 2148 
 2149         /* RF registers are 24-bit on the RT2860 */
 2150         tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
 2151             (val & 0x3fffff) << 2 | (reg & 3);
 2152         RAL_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
 2153 }
 2154 
 2155 static uint8_t
 2156 rt3090_rf_read(struct rt2860_softc *sc, uint8_t reg)
 2157 {
 2158         uint32_t tmp;
 2159         int ntries;
 2160 
 2161         for (ntries = 0; ntries < 100; ntries++) {
 2162                 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
 2163                         break;
 2164                 DELAY(1);
 2165         }
 2166         if (ntries == 100) {
 2167                 device_printf(sc->sc_dev, "could not read RF register\n");
 2168                 return 0xff;
 2169         }
 2170         tmp = RT3070_RF_KICK | reg << 8;
 2171         RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
 2172 
 2173         for (ntries = 0; ntries < 100; ntries++) {
 2174                 tmp = RAL_READ(sc, RT3070_RF_CSR_CFG);
 2175                 if (!(tmp & RT3070_RF_KICK))
 2176                         break;
 2177                 DELAY(1);
 2178         }
 2179         if (ntries == 100) {
 2180                 device_printf(sc->sc_dev, "could not read RF register\n");
 2181                 return 0xff;
 2182         }
 2183         return tmp & 0xff;
 2184 }
 2185 
 2186 void
 2187 rt3090_rf_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
 2188 {
 2189         uint32_t tmp;
 2190         int ntries;
 2191 
 2192         for (ntries = 0; ntries < 10; ntries++) {
 2193                 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
 2194                         break;
 2195                 DELAY(10);
 2196         }
 2197         if (ntries == 10) {
 2198                 device_printf(sc->sc_dev, "could not write to RF\n");
 2199                 return;
 2200         }
 2201 
 2202         tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
 2203         RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
 2204 }
 2205 
 2206 /*
 2207  * Send a command to the 8051 microcontroller unit.
 2208  */
 2209 int
 2210 rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg, int wait)
 2211 {
 2212         int slot, ntries;
 2213         uint32_t tmp;
 2214         uint8_t cid;
 2215 
 2216         for (ntries = 0; ntries < 100; ntries++) {
 2217                 if (!(RAL_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
 2218                         break;
 2219                 DELAY(2);
 2220         }
 2221         if (ntries == 100)
 2222                 return EIO;
 2223 
 2224         cid = wait ? cmd : RT2860_TOKEN_NO_INTR;
 2225         RAL_WRITE(sc, RT2860_H2M_MAILBOX, RT2860_H2M_BUSY | cid << 16 | arg);
 2226         RAL_BARRIER_WRITE(sc);
 2227         RAL_WRITE(sc, RT2860_HOST_CMD, cmd);
 2228 
 2229         if (!wait)
 2230                 return 0;
 2231         /* wait for the command to complete */
 2232         for (ntries = 0; ntries < 200; ntries++) {
 2233                 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_CID);
 2234                 /* find the command slot */
 2235                 for (slot = 0; slot < 4; slot++, tmp >>= 8)
 2236                         if ((tmp & 0xff) == cid)
 2237                                 break;
 2238                 if (slot < 4)
 2239                         break;
 2240                 DELAY(100);
 2241         }
 2242         if (ntries == 200) {
 2243                 /* clear command and status */
 2244                 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
 2245                 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
 2246                 return ETIMEDOUT;
 2247         }
 2248         /* get command status (1 means success) */
 2249         tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_STATUS);
 2250         tmp = (tmp >> (slot * 8)) & 0xff;
 2251         DPRINTF(("MCU command=0x%02x slot=%d status=0x%02x\n",
 2252             cmd, slot, tmp));
 2253         /* clear command and status */
 2254         RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
 2255         RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
 2256         return (tmp == 1) ? 0 : EIO;
 2257 }
 2258 
 2259 static void
 2260 rt2860_enable_mrr(struct rt2860_softc *sc)
 2261 {
 2262 #define CCK(mcs)        (mcs)
 2263 #define OFDM(mcs)       (1 << 3 | (mcs))
 2264         RAL_WRITE(sc, RT2860_LG_FBK_CFG0,
 2265             OFDM(6) << 28 |     /* 54->48 */
 2266             OFDM(5) << 24 |     /* 48->36 */
 2267             OFDM(4) << 20 |     /* 36->24 */
 2268             OFDM(3) << 16 |     /* 24->18 */
 2269             OFDM(2) << 12 |     /* 18->12 */
 2270             OFDM(1) <<  8 |     /* 12-> 9 */
 2271             OFDM(0) <<  4 |     /*  9-> 6 */
 2272             OFDM(0));           /*  6-> 6 */
 2273 
 2274         RAL_WRITE(sc, RT2860_LG_FBK_CFG1,
 2275             CCK(2) << 12 |      /* 11->5.5 */
 2276             CCK(1) <<  8 |      /* 5.5-> 2 */
 2277             CCK(0) <<  4 |      /*   2-> 1 */
 2278             CCK(0));            /*   1-> 1 */
 2279 #undef OFDM
 2280 #undef CCK
 2281 }
 2282 
 2283 static void
 2284 rt2860_set_txpreamble(struct rt2860_softc *sc)
 2285 {
 2286         struct ifnet *ifp = sc->sc_ifp;
 2287         struct ieee80211com *ic = ifp->if_l2com;
 2288         uint32_t tmp;
 2289 
 2290         tmp = RAL_READ(sc, RT2860_AUTO_RSP_CFG);
 2291         tmp &= ~RT2860_CCK_SHORT_EN;
 2292         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 2293                 tmp |= RT2860_CCK_SHORT_EN;
 2294         RAL_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
 2295 }
 2296 
 2297 void
 2298 rt2860_set_basicrates(struct rt2860_softc *sc,
 2299     const struct ieee80211_rateset *rs)
 2300 {
 2301 #define RV(r)   ((r) & IEEE80211_RATE_VAL)
 2302         struct ifnet *ifp = sc->sc_ifp;
 2303         struct ieee80211com *ic = ifp->if_l2com;
 2304         uint32_t mask = 0;
 2305         uint8_t rate;
 2306         int i;
 2307 
 2308         for (i = 0; i < rs->rs_nrates; i++) {
 2309                 rate = rs->rs_rates[i];
 2310 
 2311                 if (!(rate & IEEE80211_RATE_BASIC))
 2312                         continue;
 2313 
 2314                 mask |= 1 << ic->ic_rt->rateCodeToIndex[RV(rate)];
 2315         }
 2316 
 2317         RAL_WRITE(sc, RT2860_LEGACY_BASIC_RATE, mask);
 2318 #undef RV
 2319 }
 2320 
 2321 static void
 2322 rt2860_scan_start(struct ieee80211com *ic)
 2323 {
 2324         struct ifnet *ifp = ic->ic_ifp;
 2325         struct rt2860_softc *sc = ifp->if_softc;
 2326         uint32_t tmp;
 2327 
 2328         tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
 2329         RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
 2330             tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
 2331             RT2860_TBTT_TIMER_EN));
 2332         rt2860_set_gp_timer(sc, 0);
 2333 }
 2334 
 2335 static void
 2336 rt2860_scan_end(struct ieee80211com *ic)
 2337 {
 2338         struct ifnet *ifp = ic->ic_ifp;
 2339         struct rt2860_softc *sc = ifp->if_softc;
 2340         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 2341 
 2342         if (vap->iv_state == IEEE80211_S_RUN) {
 2343                 rt2860_enable_tsf_sync(sc);
 2344                 rt2860_set_gp_timer(sc, 500);
 2345         }
 2346 }
 2347 
 2348 static void
 2349 rt2860_set_channel(struct ieee80211com *ic)
 2350 {
 2351         struct ifnet *ifp = ic->ic_ifp;
 2352         struct rt2860_softc *sc = ifp->if_softc;
 2353 
 2354         RAL_LOCK(sc);
 2355         rt2860_switch_chan(sc, ic->ic_curchan);
 2356         RAL_UNLOCK(sc);
 2357 }
 2358 
 2359 static void
 2360 rt2860_select_chan_group(struct rt2860_softc *sc, int group)
 2361 {
 2362         uint32_t tmp;
 2363         uint8_t agc;
 2364 
 2365         rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
 2366         rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
 2367         rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
 2368         rt2860_mcu_bbp_write(sc, 86, 0x00);
 2369 
 2370         if (group == 0) {
 2371                 if (sc->ext_2ghz_lna) {
 2372                         rt2860_mcu_bbp_write(sc, 82, 0x62);
 2373                         rt2860_mcu_bbp_write(sc, 75, 0x46);
 2374                 } else {
 2375                         rt2860_mcu_bbp_write(sc, 82, 0x84);
 2376                         rt2860_mcu_bbp_write(sc, 75, 0x50);
 2377                 }
 2378         } else {
 2379                 if (sc->ext_5ghz_lna) {
 2380                         rt2860_mcu_bbp_write(sc, 82, 0xf2);
 2381                         rt2860_mcu_bbp_write(sc, 75, 0x46);
 2382                 } else {
 2383                         rt2860_mcu_bbp_write(sc, 82, 0xf2);
 2384                         rt2860_mcu_bbp_write(sc, 75, 0x50);
 2385                 }
 2386         }
 2387 
 2388         tmp = RAL_READ(sc, RT2860_TX_BAND_CFG);
 2389         tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
 2390         tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
 2391         RAL_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
 2392 
 2393         /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
 2394         tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
 2395         if (sc->nrxchains > 1)
 2396                 tmp |= RT2860_LNA_PE1_EN;
 2397         if (sc->mac_ver == 0x3593 && sc->nrxchains > 2)
 2398                 tmp |= RT3593_LNA_PE2_EN;
 2399         if (group == 0) {       /* 2GHz */
 2400                 tmp |= RT2860_PA_PE_G0_EN;
 2401                 if (sc->ntxchains > 1)
 2402                         tmp |= RT2860_PA_PE_G1_EN;
 2403                 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
 2404                         tmp |= RT3593_PA_PE_G2_EN;
 2405         } else {                /* 5GHz */
 2406                 tmp |= RT2860_PA_PE_A0_EN;
 2407                 if (sc->ntxchains > 1)
 2408                         tmp |= RT2860_PA_PE_A1_EN;
 2409                 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
 2410                         tmp |= RT3593_PA_PE_A2_EN;
 2411         }
 2412         RAL_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
 2413 
 2414         if (sc->mac_ver == 0x3593) {
 2415                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 2416                 if (sc->sc_flags & RT2860_PCIE) {
 2417                         tmp &= ~0x01010000;
 2418                         if (group == 0)
 2419                                 tmp |= 0x00010000;
 2420                 } else {
 2421                         tmp &= ~0x00008080;
 2422                         if (group == 0)
 2423                                 tmp |= 0x00000080;
 2424                 }
 2425                 tmp = (tmp & ~0x00001000) | 0x00000010;
 2426                 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp);
 2427         }
 2428 
 2429         /* set initial AGC value */
 2430         if (group == 0) {       /* 2GHz band */
 2431                 if (sc->mac_ver >= 0x3071)
 2432                         agc = 0x1c + sc->lna[0] * 2;
 2433                 else
 2434                         agc = 0x2e + sc->lna[0];
 2435         } else {                /* 5GHz band */
 2436                 agc = 0x32 + (sc->lna[group] * 5) / 3;
 2437         }
 2438         rt2860_mcu_bbp_write(sc, 66, agc);
 2439 
 2440         DELAY(1000);
 2441 }
 2442 
 2443 static void
 2444 rt2860_set_chan(struct rt2860_softc *sc, u_int chan)
 2445 {
 2446         const struct rfprog *rfprog = rt2860_rf2850;
 2447         uint32_t r2, r3, r4;
 2448         int8_t txpow1, txpow2;
 2449         u_int i;
 2450 
 2451         /* find the settings for this channel (we know it exists) */
 2452         for (i = 0; rfprog[i].chan != chan; i++);
 2453 
 2454         r2 = rfprog[i].r2;
 2455         if (sc->ntxchains == 1)
 2456                 r2 |= 1 << 12;          /* 1T: disable Tx chain 2 */
 2457         if (sc->nrxchains == 1)
 2458                 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
 2459         else if (sc->nrxchains == 2)
 2460                 r2 |= 1 << 4;           /* 2R: disable Rx chain 3 */
 2461 
 2462         /* use Tx power values from EEPROM */
 2463         txpow1 = sc->txpow1[i];
 2464         txpow2 = sc->txpow2[i];
 2465         if (chan > 14) {
 2466                 if (txpow1 >= 0)
 2467                         txpow1 = txpow1 << 1 | 1;
 2468                 else
 2469                         txpow1 = (7 + txpow1) << 1;
 2470                 if (txpow2 >= 0)
 2471                         txpow2 = txpow2 << 1 | 1;
 2472                 else
 2473                         txpow2 = (7 + txpow2) << 1;
 2474         }
 2475         r3 = rfprog[i].r3 | txpow1 << 7;
 2476         r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
 2477 
 2478         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2479         rt2860_rf_write(sc, RT2860_RF2, r2);
 2480         rt2860_rf_write(sc, RT2860_RF3, r3);
 2481         rt2860_rf_write(sc, RT2860_RF4, r4);
 2482 
 2483         DELAY(200);
 2484 
 2485         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2486         rt2860_rf_write(sc, RT2860_RF2, r2);
 2487         rt2860_rf_write(sc, RT2860_RF3, r3 | 1);
 2488         rt2860_rf_write(sc, RT2860_RF4, r4);
 2489 
 2490         DELAY(200);
 2491 
 2492         rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
 2493         rt2860_rf_write(sc, RT2860_RF2, r2);
 2494         rt2860_rf_write(sc, RT2860_RF3, r3);
 2495         rt2860_rf_write(sc, RT2860_RF4, r4);
 2496 }
 2497 
 2498 static void
 2499 rt3090_set_chan(struct rt2860_softc *sc, u_int chan)
 2500 {
 2501         int8_t txpow1, txpow2;
 2502         uint8_t rf;
 2503         int i;
 2504 
 2505         /* RT3090 is 2GHz only */
 2506         KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
 2507 
 2508         /* find the settings for this channel (we know it exists) */
 2509         for (i = 0; rt2860_rf2850[i].chan != chan; i++);
 2510 
 2511         /* use Tx power values from EEPROM */
 2512         txpow1 = sc->txpow1[i];
 2513         txpow2 = sc->txpow2[i];
 2514 
 2515         rt3090_rf_write(sc, 2, rt3090_freqs[i].n);
 2516         rf = rt3090_rf_read(sc, 3);
 2517         rf = (rf & ~0x0f) | rt3090_freqs[i].k;
 2518         rt3090_rf_write(sc, 3, rf);
 2519         rf = rt3090_rf_read(sc, 6);
 2520         rf = (rf & ~0x03) | rt3090_freqs[i].r;
 2521         rt3090_rf_write(sc, 6, rf);
 2522 
 2523         /* set Tx0 power */
 2524         rf = rt3090_rf_read(sc, 12);
 2525         rf = (rf & ~0x1f) | txpow1;
 2526         rt3090_rf_write(sc, 12, rf);
 2527 
 2528         /* set Tx1 power */
 2529         rf = rt3090_rf_read(sc, 13);
 2530         rf = (rf & ~0x1f) | txpow2;
 2531         rt3090_rf_write(sc, 13, rf);
 2532 
 2533         rf = rt3090_rf_read(sc, 1);
 2534         rf &= ~0xfc;
 2535         if (sc->ntxchains == 1)
 2536                 rf |= RT3070_TX1_PD | RT3070_TX2_PD;
 2537         else if (sc->ntxchains == 2)
 2538                 rf |= RT3070_TX2_PD;
 2539         if (sc->nrxchains == 1)
 2540                 rf |= RT3070_RX1_PD | RT3070_RX2_PD;
 2541         else if (sc->nrxchains == 2)
 2542                 rf |= RT3070_RX2_PD;
 2543         rt3090_rf_write(sc, 1, rf);
 2544 
 2545         /* set RF offset */
 2546         rf = rt3090_rf_read(sc, 23);
 2547         rf = (rf & ~0x7f) | sc->freq;
 2548         rt3090_rf_write(sc, 23, rf);
 2549 
 2550         /* program RF filter */
 2551         rf = rt3090_rf_read(sc, 24);    /* Tx */
 2552         rf = (rf & ~0x3f) | sc->rf24_20mhz;
 2553         rt3090_rf_write(sc, 24, rf);
 2554         rf = rt3090_rf_read(sc, 31);    /* Rx */
 2555         rf = (rf & ~0x3f) | sc->rf24_20mhz;
 2556         rt3090_rf_write(sc, 31, rf);
 2557 
 2558         /* enable RF tuning */
 2559         rf = rt3090_rf_read(sc, 7);
 2560         rt3090_rf_write(sc, 7, rf | RT3070_TUNE);
 2561 }
 2562 
 2563 static int
 2564 rt3090_rf_init(struct rt2860_softc *sc)
 2565 {
 2566 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 2567         uint32_t tmp;
 2568         uint8_t rf, bbp;
 2569         int i;
 2570 
 2571         rf = rt3090_rf_read(sc, 30);
 2572         /* toggle RF R30 bit 7 */
 2573         rt3090_rf_write(sc, 30, rf | 0x80);
 2574         DELAY(1000);
 2575         rt3090_rf_write(sc, 30, rf & ~0x80);
 2576 
 2577         tmp = RAL_READ(sc, RT3070_LDO_CFG0);
 2578         tmp &= ~0x1f000000;
 2579         if (sc->patch_dac && sc->mac_rev < 0x0211)
 2580                 tmp |= 0x0d000000;      /* 1.35V */
 2581         else
 2582                 tmp |= 0x01000000;      /* 1.2V */
 2583         RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
 2584 
 2585         /* patch LNA_PE_G1 */
 2586         tmp = RAL_READ(sc, RT3070_GPIO_SWITCH);
 2587         RAL_WRITE(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
 2588 
 2589         /* initialize RF registers to default value */
 2590         for (i = 0; i < N(rt3090_def_rf); i++) {
 2591                 rt3090_rf_write(sc, rt3090_def_rf[i].reg,
 2592                     rt3090_def_rf[i].val);
 2593         }
 2594 
 2595         /* select 20MHz bandwidth */
 2596         rt3090_rf_write(sc, 31, 0x14);
 2597 
 2598         rf = rt3090_rf_read(sc, 6);
 2599         rt3090_rf_write(sc, 6, rf | 0x40);
 2600 
 2601         if (sc->mac_ver != 0x3593) {
 2602                 /* calibrate filter for 20MHz bandwidth */
 2603                 sc->rf24_20mhz = 0x1f;  /* default value */
 2604                 rt3090_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz);
 2605 
 2606                 /* select 40MHz bandwidth */
 2607                 bbp = rt2860_mcu_bbp_read(sc, 4);
 2608                 rt2860_mcu_bbp_write(sc, 4, (bbp & ~0x08) | 0x10);
 2609                 rf = rt3090_rf_read(sc, 31);
 2610                 rt3090_rf_write(sc, 31, rf | 0x20);
 2611 
 2612                 /* calibrate filter for 40MHz bandwidth */
 2613                 sc->rf24_40mhz = 0x2f;  /* default value */
 2614                 rt3090_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz);
 2615 
 2616                 /* go back to 20MHz bandwidth */
 2617                 bbp = rt2860_mcu_bbp_read(sc, 4);
 2618                 rt2860_mcu_bbp_write(sc, 4, bbp & ~0x18);
 2619         }
 2620         if (sc->mac_rev < 0x0211)
 2621                 rt3090_rf_write(sc, 27, 0x03);
 2622 
 2623         tmp = RAL_READ(sc, RT3070_OPT_14);
 2624         RAL_WRITE(sc, RT3070_OPT_14, tmp | 1);
 2625 
 2626         if (sc->rf_rev == RT3070_RF_3020)
 2627                 rt3090_set_rx_antenna(sc, 0);
 2628 
 2629         bbp = rt2860_mcu_bbp_read(sc, 138);
 2630         if (sc->mac_ver == 0x3593) {
 2631                 if (sc->ntxchains == 1)
 2632                         bbp |= 0x60;    /* turn off DAC1 and DAC2 */
 2633                 else if (sc->ntxchains == 2)
 2634                         bbp |= 0x40;    /* turn off DAC2 */
 2635                 if (sc->nrxchains == 1)
 2636                         bbp &= ~0x06;   /* turn off ADC1 and ADC2 */
 2637                 else if (sc->nrxchains == 2)
 2638                         bbp &= ~0x04;   /* turn off ADC2 */
 2639         } else {
 2640                 if (sc->ntxchains == 1)
 2641                         bbp |= 0x20;    /* turn off DAC1 */
 2642                 if (sc->nrxchains == 1)
 2643                         bbp &= ~0x02;   /* turn off ADC1 */
 2644         }
 2645         rt2860_mcu_bbp_write(sc, 138, bbp);
 2646 
 2647         rf = rt3090_rf_read(sc, 1);
 2648         rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
 2649         rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
 2650         rt3090_rf_write(sc, 1, rf);
 2651 
 2652         rf = rt3090_rf_read(sc, 15);
 2653         rt3090_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
 2654 
 2655         rf = rt3090_rf_read(sc, 17);
 2656         rf &= ~RT3070_TX_LO1;
 2657         if (sc->mac_rev >= 0x0211 && !sc->ext_2ghz_lna)
 2658                 rf |= 0x20;     /* fix for long range Rx issue */
 2659         if (sc->txmixgain_2ghz >= 2)
 2660                 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
 2661         rt3090_rf_write(sc, 17, rf);
 2662 
 2663         rf = rt3090_rf_read(sc, 20);
 2664         rt3090_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
 2665 
 2666         rf = rt3090_rf_read(sc, 21);
 2667         rt3090_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
 2668 
 2669         return 0;
 2670 #undef N
 2671 }
 2672 
 2673 void
 2674 rt3090_rf_wakeup(struct rt2860_softc *sc)
 2675 {
 2676         uint32_t tmp;
 2677         uint8_t rf;
 2678 
 2679         if (sc->mac_ver == 0x3593) {
 2680                 /* enable VCO */
 2681                 rf = rt3090_rf_read(sc, 1);
 2682                 rt3090_rf_write(sc, 1, rf | RT3593_VCO);
 2683 
 2684                 /* initiate VCO calibration */
 2685                 rf = rt3090_rf_read(sc, 3);
 2686                 rt3090_rf_write(sc, 3, rf | RT3593_VCOCAL);
 2687 
 2688                 /* enable VCO bias current control */
 2689                 rf = rt3090_rf_read(sc, 6);
 2690                 rt3090_rf_write(sc, 6, rf | RT3593_VCO_IC);
 2691 
 2692                 /* initiate res calibration */
 2693                 rf = rt3090_rf_read(sc, 2);
 2694                 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
 2695 
 2696                 /* set reference current control to 0.33 mA */
 2697                 rf = rt3090_rf_read(sc, 22);
 2698                 rf &= ~RT3593_CP_IC_MASK;
 2699                 rf |= 1 << RT3593_CP_IC_SHIFT;
 2700                 rt3090_rf_write(sc, 22, rf);
 2701 
 2702                 /* enable RX CTB */
 2703                 rf = rt3090_rf_read(sc, 46);
 2704                 rt3090_rf_write(sc, 46, rf | RT3593_RX_CTB);
 2705 
 2706                 rf = rt3090_rf_read(sc, 20);
 2707                 rf &= ~(RT3593_LDO_RF_VC_MASK | RT3593_LDO_PLL_VC_MASK);
 2708                 rt3090_rf_write(sc, 20, rf);
 2709         } else {
 2710                 /* enable RF block */
 2711                 rf = rt3090_rf_read(sc, 1);
 2712                 rt3090_rf_write(sc, 1, rf | RT3070_RF_BLOCK);
 2713 
 2714                 /* enable VCO bias current control */
 2715                 rf = rt3090_rf_read(sc, 7);
 2716                 rt3090_rf_write(sc, 7, rf | 0x30);
 2717 
 2718                 rf = rt3090_rf_read(sc, 9);
 2719                 rt3090_rf_write(sc, 9, rf | 0x0e);
 2720 
 2721                 /* enable RX CTB */
 2722                 rf = rt3090_rf_read(sc, 21);
 2723                 rt3090_rf_write(sc, 21, rf | RT3070_RX_CTB);
 2724 
 2725                 /* fix Tx to Rx IQ glitch by raising RF voltage */
 2726                 rf = rt3090_rf_read(sc, 27);
 2727                 rf &= ~0x77;
 2728                 if (sc->mac_rev < 0x0211)
 2729                         rf |= 0x03;
 2730                 rt3090_rf_write(sc, 27, rf);
 2731         }
 2732         if (sc->patch_dac && sc->mac_rev < 0x0211) {
 2733                 tmp = RAL_READ(sc, RT3070_LDO_CFG0);
 2734                 tmp = (tmp & ~0x1f000000) | 0x0d000000;
 2735                 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
 2736         }
 2737 }
 2738 
 2739 int
 2740 rt3090_filter_calib(struct rt2860_softc *sc, uint8_t init, uint8_t target,
 2741     uint8_t *val)
 2742 {
 2743         uint8_t rf22, rf24;
 2744         uint8_t bbp55_pb, bbp55_sb, delta;
 2745         int ntries;
 2746 
 2747         /* program filter */
 2748         rf24 = rt3090_rf_read(sc, 24);
 2749         rf24 = (rf24 & 0xc0) | init;    /* initial filter value */
 2750         rt3090_rf_write(sc, 24, rf24);
 2751 
 2752         /* enable baseband loopback mode */
 2753         rf22 = rt3090_rf_read(sc, 22);
 2754         rt3090_rf_write(sc, 22, rf22 | RT3070_BB_LOOPBACK);
 2755 
 2756         /* set power and frequency of passband test tone */
 2757         rt2860_mcu_bbp_write(sc, 24, 0x00);
 2758         for (ntries = 0; ntries < 100; ntries++) {
 2759                 /* transmit test tone */
 2760                 rt2860_mcu_bbp_write(sc, 25, 0x90);
 2761                 DELAY(1000);
 2762                 /* read received power */
 2763                 bbp55_pb = rt2860_mcu_bbp_read(sc, 55);
 2764                 if (bbp55_pb != 0)
 2765                         break;
 2766         }
 2767         if (ntries == 100)
 2768                 return ETIMEDOUT;
 2769 
 2770         /* set power and frequency of stopband test tone */
 2771         rt2860_mcu_bbp_write(sc, 24, 0x06);
 2772         for (ntries = 0; ntries < 100; ntries++) {
 2773                 /* transmit test tone */
 2774                 rt2860_mcu_bbp_write(sc, 25, 0x90);
 2775                 DELAY(1000);
 2776                 /* read received power */
 2777                 bbp55_sb = rt2860_mcu_bbp_read(sc, 55);
 2778 
 2779                 delta = bbp55_pb - bbp55_sb;
 2780                 if (delta > target)
 2781                         break;
 2782 
 2783                 /* reprogram filter */
 2784                 rf24++;
 2785                 rt3090_rf_write(sc, 24, rf24);
 2786         }
 2787         if (ntries < 100) {
 2788                 if (rf24 != init)
 2789                         rf24--; /* backtrack */
 2790                 *val = rf24;
 2791                 rt3090_rf_write(sc, 24, rf24);
 2792         }
 2793 
 2794         /* restore initial state */
 2795         rt2860_mcu_bbp_write(sc, 24, 0x00);
 2796 
 2797         /* disable baseband loopback mode */
 2798         rf22 = rt3090_rf_read(sc, 22);
 2799         rt3090_rf_write(sc, 22, rf22 & ~RT3070_BB_LOOPBACK);
 2800 
 2801         return 0;
 2802 }
 2803 
 2804 static void
 2805 rt3090_rf_setup(struct rt2860_softc *sc)
 2806 {
 2807         uint8_t bbp;
 2808         int i;
 2809 
 2810         if (sc->mac_rev >= 0x0211) {
 2811                 /* enable DC filter */
 2812                 rt2860_mcu_bbp_write(sc, 103, 0xc0);
 2813 
 2814                 /* improve power consumption */
 2815                 bbp = rt2860_mcu_bbp_read(sc, 31);
 2816                 rt2860_mcu_bbp_write(sc, 31, bbp & ~0x03);
 2817         }
 2818 
 2819         RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
 2820         if (sc->mac_rev < 0x0211) {
 2821                 RAL_WRITE(sc, RT2860_TX_SW_CFG2,
 2822                     sc->patch_dac ? 0x2c : 0x0f);
 2823         } else
 2824                 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
 2825 
 2826         /* initialize RF registers from ROM */
 2827         for (i = 0; i < 10; i++) {
 2828                 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
 2829                         continue;
 2830                 rt3090_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
 2831         }
 2832 }
 2833 
 2834 static void
 2835 rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
 2836 {
 2837         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
 2838             which | (sc->leds & 0x7f), 0);
 2839 }
 2840 
 2841 /*
 2842  * Hardware has a general-purpose programmable timer interrupt that can
 2843  * periodically raise MAC_INT_4.
 2844  */
 2845 static void
 2846 rt2860_set_gp_timer(struct rt2860_softc *sc, int ms)
 2847 {
 2848         uint32_t tmp;
 2849 
 2850         /* disable GP timer before reprogramming it */
 2851         tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
 2852         RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp & ~RT2860_GP_TIMER_EN);
 2853 
 2854         if (ms == 0)
 2855                 return;
 2856 
 2857         tmp = RAL_READ(sc, RT2860_INT_TIMER_CFG);
 2858         ms *= 16;       /* Unit: 64us */
 2859         tmp = (tmp & 0xffff) | ms << RT2860_GP_TIMER_SHIFT;
 2860         RAL_WRITE(sc, RT2860_INT_TIMER_CFG, tmp);
 2861 
 2862         /* enable GP timer */
 2863         tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
 2864         RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp | RT2860_GP_TIMER_EN);
 2865 }
 2866 
 2867 static void
 2868 rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
 2869 {
 2870         RAL_WRITE(sc, RT2860_MAC_BSSID_DW0,
 2871             bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
 2872         RAL_WRITE(sc, RT2860_MAC_BSSID_DW1,
 2873             bssid[4] | bssid[5] << 8);
 2874 }
 2875 
 2876 static void
 2877 rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
 2878 {
 2879         RAL_WRITE(sc, RT2860_MAC_ADDR_DW0,
 2880             addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
 2881         RAL_WRITE(sc, RT2860_MAC_ADDR_DW1,
 2882             addr[4] | addr[5] << 8 | 0xff << 16);
 2883 }
 2884 
 2885 static void
 2886 rt2860_updateslot(struct ifnet *ifp)
 2887 {
 2888         struct rt2860_softc *sc = ifp->if_softc;
 2889         struct ieee80211com *ic = ifp->if_l2com;
 2890         uint32_t tmp;
 2891 
 2892         tmp = RAL_READ(sc, RT2860_BKOFF_SLOT_CFG);
 2893         tmp &= ~0xff;
 2894         tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
 2895         RAL_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
 2896 }
 2897 
 2898 static void
 2899 rt2860_updateprot(struct ifnet *ifp)
 2900 {
 2901         struct rt2860_softc *sc = ifp->if_softc;
 2902         struct ieee80211com *ic = ifp->if_l2com;
 2903         uint32_t tmp;
 2904 
 2905         tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
 2906         /* setup protection frame rate (MCS code) */
 2907         tmp |= IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ?
 2908             rt2860_rates[RT2860_RIDX_OFDM6].mcs :
 2909             rt2860_rates[RT2860_RIDX_CCK11].mcs;
 2910 
 2911         /* CCK frames don't require protection */
 2912         RAL_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
 2913 
 2914         if (ic->ic_flags & IEEE80211_F_USEPROT) {
 2915                 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
 2916                         tmp |= RT2860_PROT_CTRL_RTS_CTS;
 2917                 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
 2918                         tmp |= RT2860_PROT_CTRL_CTS;
 2919         }
 2920         RAL_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
 2921 }
 2922 
 2923 static void
 2924 rt2860_update_promisc(struct ifnet *ifp)
 2925 {
 2926         struct rt2860_softc *sc = ifp->if_softc;
 2927         uint32_t tmp;
 2928 
 2929         tmp = RAL_READ(sc, RT2860_RX_FILTR_CFG);
 2930         tmp &= ~RT2860_DROP_NOT_MYBSS;
 2931         if (!(ifp->if_flags & IFF_PROMISC))
 2932                 tmp |= RT2860_DROP_NOT_MYBSS;
 2933         RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
 2934 }
 2935 
 2936 static int
 2937 rt2860_updateedca(struct ieee80211com *ic)
 2938 {
 2939         struct rt2860_softc *sc = ic->ic_ifp->if_softc;
 2940         const struct wmeParams *wmep;
 2941         int aci;
 2942 
 2943         wmep = ic->ic_wme.wme_chanParams.cap_wmeParams;
 2944 
 2945         /* update MAC TX configuration registers */
 2946         for (aci = 0; aci < WME_NUM_AC; aci++) {
 2947                 RAL_WRITE(sc, RT2860_EDCA_AC_CFG(aci),
 2948                     wmep[aci].wmep_logcwmax << 16 |
 2949                     wmep[aci].wmep_logcwmin << 12 |
 2950                     wmep[aci].wmep_aifsn  <<  8 |
 2951                     wmep[aci].wmep_txopLimit);
 2952         }
 2953 
 2954         /* update SCH/DMA registers too */
 2955         RAL_WRITE(sc, RT2860_WMM_AIFSN_CFG,
 2956             wmep[WME_AC_VO].wmep_aifsn  << 12 |
 2957             wmep[WME_AC_VI].wmep_aifsn  <<  8 |
 2958             wmep[WME_AC_BK].wmep_aifsn  <<  4 |
 2959             wmep[WME_AC_BE].wmep_aifsn);
 2960         RAL_WRITE(sc, RT2860_WMM_CWMIN_CFG,
 2961             wmep[WME_AC_VO].wmep_logcwmin << 12 |
 2962             wmep[WME_AC_VI].wmep_logcwmin <<  8 |
 2963             wmep[WME_AC_BK].wmep_logcwmin <<  4 |
 2964             wmep[WME_AC_BE].wmep_logcwmin);
 2965         RAL_WRITE(sc, RT2860_WMM_CWMAX_CFG,
 2966             wmep[WME_AC_VO].wmep_logcwmax << 12 |
 2967             wmep[WME_AC_VI].wmep_logcwmax <<  8 |
 2968             wmep[WME_AC_BK].wmep_logcwmax <<  4 |
 2969             wmep[WME_AC_BE].wmep_logcwmax);
 2970         RAL_WRITE(sc, RT2860_WMM_TXOP0_CFG,
 2971             wmep[WME_AC_BK].wmep_txopLimit << 16 |
 2972             wmep[WME_AC_BE].wmep_txopLimit);
 2973         RAL_WRITE(sc, RT2860_WMM_TXOP1_CFG,
 2974             wmep[WME_AC_VO].wmep_txopLimit << 16 |
 2975             wmep[WME_AC_VI].wmep_txopLimit);
 2976 
 2977         return 0;
 2978 }
 2979 
 2980 #ifdef HW_CRYPTO
 2981 static int
 2982 rt2860_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 2983     struct ieee80211_key *k)
 2984 {
 2985         struct rt2860_softc *sc = ic->ic_softc;
 2986         bus_size_t base;
 2987         uint32_t attr;
 2988         uint8_t mode, wcid, iv[8];
 2989 
 2990         /* defer setting of WEP keys until interface is brought up */
 2991         if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
 2992             (IFF_UP | IFF_RUNNING))
 2993                 return 0;
 2994 
 2995         /* map net80211 cipher to RT2860 security mode */
 2996         switch (k->k_cipher) {
 2997         case IEEE80211_CIPHER_WEP40:
 2998                 mode = RT2860_MODE_WEP40;
 2999                 break;
 3000         case IEEE80211_CIPHER_WEP104:
 3001                 mode = RT2860_MODE_WEP104;
 3002                 break;
 3003         case IEEE80211_CIPHER_TKIP:
 3004                 mode = RT2860_MODE_TKIP;
 3005                 break;
 3006         case IEEE80211_CIPHER_CCMP:
 3007                 mode = RT2860_MODE_AES_CCMP;
 3008                 break;
 3009         default:
 3010                 return EINVAL;
 3011         }
 3012 
 3013         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3014                 wcid = 0;       /* NB: update WCID0 for group keys */
 3015                 base = RT2860_SKEY(0, k->k_id);
 3016         } else {
 3017                 wcid = ((struct rt2860_node *)ni)->wcid;
 3018                 base = RT2860_PKEY(wcid);
 3019         }
 3020 
 3021         if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
 3022                 RAL_WRITE_REGION_1(sc, base, k->k_key, 16);
 3023 #ifndef IEEE80211_STA_ONLY
 3024                 if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
 3025                         RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[16], 8);
 3026                         RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[24], 8);
 3027                 } else
 3028 #endif
 3029                 {
 3030                         RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[24], 8);
 3031                         RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[16], 8);
 3032                 }
 3033         } else
 3034                 RAL_WRITE_REGION_1(sc, base, k->k_key, k->k_len);
 3035 
 3036         if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
 3037             (k->k_flags & IEEE80211_KEY_TX)) {
 3038                 /* set initial packet number in IV+EIV */
 3039                 if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
 3040                     k->k_cipher == IEEE80211_CIPHER_WEP104) {
 3041                         uint32_t val = arc4random();
 3042                         /* skip weak IVs from Fluhrer/Mantin/Shamir */
 3043                         if (val >= 0x03ff00 && (val & 0xf8ff00) == 0x00ff00)
 3044                                 val += 0x000100;
 3045                         iv[0] = val;
 3046                         iv[1] = val >> 8;
 3047                         iv[2] = val >> 16;
 3048                         iv[3] = k->k_id << 6;
 3049                         iv[4] = iv[5] = iv[6] = iv[7] = 0;
 3050                 } else {
 3051                         if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
 3052                                 iv[0] = k->k_tsc >> 8;
 3053                                 iv[1] = (iv[0] | 0x20) & 0x7f;
 3054                                 iv[2] = k->k_tsc;
 3055                         } else /* CCMP */ {
 3056                                 iv[0] = k->k_tsc;
 3057                                 iv[1] = k->k_tsc >> 8;
 3058                                 iv[2] = 0;
 3059                         }
 3060                         iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
 3061                         iv[4] = k->k_tsc >> 16;
 3062                         iv[5] = k->k_tsc >> 24;
 3063                         iv[6] = k->k_tsc >> 32;
 3064                         iv[7] = k->k_tsc >> 40;
 3065                 }
 3066                 RAL_WRITE_REGION_1(sc, RT2860_IVEIV(wcid), iv, 8);
 3067         }
 3068 
 3069         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3070                 /* install group key */
 3071                 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
 3072                 attr &= ~(0xf << (k->k_id * 4));
 3073                 attr |= mode << (k->k_id * 4);
 3074                 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
 3075         } else {
 3076                 /* install pairwise key */
 3077                 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
 3078                 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
 3079                 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
 3080         }
 3081         return 0;
 3082 }
 3083 
 3084 static void
 3085 rt2860_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 3086     struct ieee80211_key *k)
 3087 {
 3088         struct rt2860_softc *sc = ic->ic_softc;
 3089         uint32_t attr;
 3090         uint8_t wcid;
 3091 
 3092         if (k->k_flags & IEEE80211_KEY_GROUP) {
 3093                 /* remove group key */
 3094                 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
 3095                 attr &= ~(0xf << (k->k_id * 4));
 3096                 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
 3097 
 3098         } else {
 3099                 /* remove pairwise key */
 3100                 wcid = ((struct rt2860_node *)ni)->wcid;
 3101                 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
 3102                 attr &= ~0xf;
 3103                 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
 3104         }
 3105 }
 3106 #endif
 3107 
 3108 static int8_t
 3109 rt2860_rssi2dbm(struct rt2860_softc *sc, uint8_t rssi, uint8_t rxchain)
 3110 {
 3111         struct ifnet *ifp = sc->sc_ifp;
 3112         struct ieee80211com *ic = ifp->if_l2com;
 3113         struct ieee80211_channel *c = ic->ic_curchan;
 3114         int delta;
 3115 
 3116         if (IEEE80211_IS_CHAN_5GHZ(c)) {
 3117                 u_int chan = ieee80211_chan2ieee(ic, c);
 3118                 delta = sc->rssi_5ghz[rxchain];
 3119 
 3120                 /* determine channel group */
 3121                 if (chan <= 64)
 3122                         delta -= sc->lna[1];
 3123                 else if (chan <= 128)
 3124                         delta -= sc->lna[2];
 3125                 else
 3126                         delta -= sc->lna[3];
 3127         } else
 3128                 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
 3129 
 3130         return -12 - delta - rssi;
 3131 }
 3132 
 3133 /*
 3134  * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
 3135  * Used to adjust per-rate Tx power registers.
 3136  */
 3137 static __inline uint32_t
 3138 b4inc(uint32_t b32, int8_t delta)
 3139 {
 3140         int8_t i, b4;
 3141 
 3142         for (i = 0; i < 8; i++) {
 3143                 b4 = b32 & 0xf;
 3144                 b4 += delta;
 3145                 if (b4 < 0)
 3146                         b4 = 0;
 3147                 else if (b4 > 0xf)
 3148                         b4 = 0xf;
 3149                 b32 = b32 >> 4 | b4 << 28;
 3150         }
 3151         return b32;
 3152 }
 3153 
 3154 static const char *
 3155 rt2860_get_rf(uint8_t rev)
 3156 {
 3157         switch (rev) {
 3158         case RT2860_RF_2820:    return "RT2820";
 3159         case RT2860_RF_2850:    return "RT2850";
 3160         case RT2860_RF_2720:    return "RT2720";
 3161         case RT2860_RF_2750:    return "RT2750";
 3162         case RT3070_RF_3020:    return "RT3020";
 3163         case RT3070_RF_2020:    return "RT2020";
 3164         case RT3070_RF_3021:    return "RT3021";
 3165         case RT3070_RF_3022:    return "RT3022";
 3166         case RT3070_RF_3052:    return "RT3052";
 3167         case RT3070_RF_3320:    return "RT3320";
 3168         case RT3070_RF_3053:    return "RT3053";
 3169         default:                return "unknown";
 3170         }
 3171 }
 3172 
 3173 static int
 3174 rt2860_read_eeprom(struct rt2860_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
 3175 {
 3176         int8_t delta_2ghz, delta_5ghz;
 3177         uint32_t tmp;
 3178         uint16_t val;
 3179         int ridx, ant, i;
 3180 
 3181         /* check whether the ROM is eFUSE ROM or EEPROM */
 3182         sc->sc_srom_read = rt2860_eeprom_read_2;
 3183         if (sc->mac_ver >= 0x3071) {
 3184                 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
 3185                 DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp));
 3186                 if (tmp & RT3070_SEL_EFUSE)
 3187                         sc->sc_srom_read = rt3090_efuse_read_2;
 3188         }
 3189 
 3190         /* read EEPROM version */
 3191         val = rt2860_srom_read(sc, RT2860_EEPROM_VERSION);
 3192         DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8));
 3193 
 3194         /* read MAC address */
 3195         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC01);
 3196         macaddr[0] = val & 0xff;
 3197         macaddr[1] = val >> 8;
 3198         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC23);
 3199         macaddr[2] = val & 0xff;
 3200         macaddr[3] = val >> 8;
 3201         val = rt2860_srom_read(sc, RT2860_EEPROM_MAC45);
 3202         macaddr[4] = val & 0xff;
 3203         macaddr[5] = val >> 8;
 3204 
 3205         /* read country code */
 3206         val = rt2860_srom_read(sc, RT2860_EEPROM_COUNTRY);
 3207         DPRINTF(("EEPROM region code=0x%04x\n", val));
 3208 
 3209         /* read vendor BBP settings */
 3210         for (i = 0; i < 8; i++) {
 3211                 val = rt2860_srom_read(sc, RT2860_EEPROM_BBP_BASE + i);
 3212                 sc->bbp[i].val = val & 0xff;
 3213                 sc->bbp[i].reg = val >> 8;
 3214                 DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val));
 3215         }
 3216         if (sc->mac_ver >= 0x3071) {
 3217                 /* read vendor RF settings */
 3218                 for (i = 0; i < 10; i++) {
 3219                         val = rt2860_srom_read(sc, RT3071_EEPROM_RF_BASE + i);
 3220                         sc->rf[i].val = val & 0xff;
 3221                         sc->rf[i].reg = val >> 8;
 3222                         DPRINTF(("RF%d=0x%02x\n", sc->rf[i].reg,
 3223                             sc->rf[i].val));
 3224                 }
 3225         }
 3226 
 3227         /* read RF frequency offset from EEPROM */
 3228         val = rt2860_srom_read(sc, RT2860_EEPROM_FREQ_LEDS);
 3229         sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
 3230         DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff));
 3231         if ((val >> 8) != 0xff) {
 3232                 /* read LEDs operating mode */
 3233                 sc->leds = val >> 8;
 3234                 sc->led[0] = rt2860_srom_read(sc, RT2860_EEPROM_LED1);
 3235                 sc->led[1] = rt2860_srom_read(sc, RT2860_EEPROM_LED2);
 3236                 sc->led[2] = rt2860_srom_read(sc, RT2860_EEPROM_LED3);
 3237         } else {
 3238                 /* broken EEPROM, use default settings */
 3239                 sc->leds = 0x01;
 3240                 sc->led[0] = 0x5555;
 3241                 sc->led[1] = 0x2221;
 3242                 sc->led[2] = 0xa9f8;
 3243         }
 3244         DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
 3245             sc->leds, sc->led[0], sc->led[1], sc->led[2]));
 3246 
 3247         /* read RF information */
 3248         val = rt2860_srom_read(sc, RT2860_EEPROM_ANTENNA);
 3249         if (val == 0xffff) {
 3250                 DPRINTF(("invalid EEPROM antenna info, using default\n"));
 3251                 if (sc->mac_ver == 0x3593) {
 3252                         /* default to RF3053 3T3R */
 3253                         sc->rf_rev = RT3070_RF_3053;
 3254                         sc->ntxchains = 3;
 3255                         sc->nrxchains = 3;
 3256                 } else if (sc->mac_ver >= 0x3071) {
 3257                         /* default to RF3020 1T1R */
 3258                         sc->rf_rev = RT3070_RF_3020;
 3259                         sc->ntxchains = 1;
 3260                         sc->nrxchains = 1;
 3261                 } else {
 3262                         /* default to RF2820 1T2R */
 3263                         sc->rf_rev = RT2860_RF_2820;
 3264                         sc->ntxchains = 1;
 3265                         sc->nrxchains = 2;
 3266                 }
 3267         } else {
 3268                 sc->rf_rev = (val >> 8) & 0xf;
 3269                 sc->ntxchains = (val >> 4) & 0xf;
 3270                 sc->nrxchains = val & 0xf;
 3271         }
 3272         DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
 3273             sc->rf_rev, sc->ntxchains, sc->nrxchains));
 3274 
 3275         /* check if RF supports automatic Tx access gain control */
 3276         val = rt2860_srom_read(sc, RT2860_EEPROM_CONFIG);
 3277         DPRINTF(("EEPROM CFG 0x%04x\n", val));
 3278         /* check if driver should patch the DAC issue */
 3279         if ((val >> 8) != 0xff)
 3280                 sc->patch_dac = (val >> 15) & 1;
 3281         if ((val & 0xff) != 0xff) {
 3282                 sc->ext_5ghz_lna = (val >> 3) & 1;
 3283                 sc->ext_2ghz_lna = (val >> 2) & 1;
 3284                 /* check if RF supports automatic Tx access gain control */
 3285                 sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */;
 3286                 /* check if we have a hardware radio switch */
 3287                 sc->rfswitch = val & 1;
 3288         }
 3289         if (sc->sc_flags & RT2860_ADVANCED_PS) {
 3290                 /* read PCIe power save level */
 3291                 val = rt2860_srom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
 3292                 if ((val & 0xff) != 0xff) {
 3293                         sc->pslevel = val & 0x3;
 3294                         val = rt2860_srom_read(sc, RT2860_EEPROM_REV);
 3295                         if ((val & 0xff80) != 0x9280)
 3296                                 sc->pslevel = MIN(sc->pslevel, 1);
 3297                         DPRINTF(("EEPROM PCIe PS Level=%d\n", sc->pslevel));
 3298                 }
 3299         }
 3300 
 3301         /* read power settings for 2GHz channels */
 3302         for (i = 0; i < 14; i += 2) {
 3303                 val = rt2860_srom_read(sc,
 3304                     RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
 3305                 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
 3306                 sc->txpow1[i + 1] = (int8_t)(val >> 8);
 3307 
 3308                 val = rt2860_srom_read(sc,
 3309                     RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
 3310                 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
 3311                 sc->txpow2[i + 1] = (int8_t)(val >> 8);
 3312         }
 3313         /* fix broken Tx power entries */
 3314         for (i = 0; i < 14; i++) {
 3315                 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
 3316                         sc->txpow1[i] = 5;
 3317                 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
 3318                         sc->txpow2[i] = 5;
 3319                 DPRINTF(("chan %d: power1=%d, power2=%d\n",
 3320                     rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]));
 3321         }
 3322         /* read power settings for 5GHz channels */
 3323         for (i = 0; i < 40; i += 2) {
 3324                 val = rt2860_srom_read(sc,
 3325                     RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
 3326                 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
 3327                 sc->txpow1[i + 15] = (int8_t)(val >> 8);
 3328 
 3329                 val = rt2860_srom_read(sc,
 3330                     RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
 3331                 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
 3332                 sc->txpow2[i + 15] = (int8_t)(val >> 8);
 3333         }
 3334         /* fix broken Tx power entries */
 3335         for (i = 0; i < 40; i++) {
 3336                 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
 3337                         sc->txpow1[14 + i] = 5;
 3338                 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
 3339                         sc->txpow2[14 + i] = 5;
 3340                 DPRINTF(("chan %d: power1=%d, power2=%d\n",
 3341                     rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
 3342                     sc->txpow2[14 + i]));
 3343         }
 3344 
 3345         /* read Tx power compensation for each Tx rate */
 3346         val = rt2860_srom_read(sc, RT2860_EEPROM_DELTAPWR);
 3347         delta_2ghz = delta_5ghz = 0;
 3348         if ((val & 0xff) != 0xff && (val & 0x80)) {
 3349                 delta_2ghz = val & 0xf;
 3350                 if (!(val & 0x40))      /* negative number */
 3351                         delta_2ghz = -delta_2ghz;
 3352         }
 3353         val >>= 8;
 3354         if ((val & 0xff) != 0xff && (val & 0x80)) {
 3355                 delta_5ghz = val & 0xf;
 3356                 if (!(val & 0x40))      /* negative number */
 3357                         delta_5ghz = -delta_5ghz;
 3358         }
 3359         DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
 3360             delta_2ghz, delta_5ghz));
 3361 
 3362         for (ridx = 0; ridx < 5; ridx++) {
 3363                 uint32_t reg;
 3364 
 3365                 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2);
 3366                 reg = val;
 3367                 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1);
 3368                 reg |= (uint32_t)val << 16;
 3369 
 3370                 sc->txpow20mhz[ridx] = reg;
 3371                 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
 3372                 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
 3373 
 3374                 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
 3375                     "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
 3376                     sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
 3377         }
 3378 
 3379         /* read factory-calibrated samples for temperature compensation */
 3380         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
 3381         sc->tssi_2ghz[0] = val & 0xff;  /* [-4] */
 3382         sc->tssi_2ghz[1] = val >> 8;    /* [-3] */
 3383         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
 3384         sc->tssi_2ghz[2] = val & 0xff;  /* [-2] */
 3385         sc->tssi_2ghz[3] = val >> 8;    /* [-1] */
 3386         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
 3387         sc->tssi_2ghz[4] = val & 0xff;  /* [+0] */
 3388         sc->tssi_2ghz[5] = val >> 8;    /* [+1] */
 3389         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
 3390         sc->tssi_2ghz[6] = val & 0xff;  /* [+2] */
 3391         sc->tssi_2ghz[7] = val >> 8;    /* [+3] */
 3392         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
 3393         sc->tssi_2ghz[8] = val & 0xff;  /* [+4] */
 3394         sc->step_2ghz = val >> 8;
 3395         DPRINTF(("TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
 3396             "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
 3397             sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
 3398             sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
 3399             sc->tssi_2ghz[8], sc->step_2ghz));
 3400         /* check that ref value is correct, otherwise disable calibration */
 3401         if (sc->tssi_2ghz[4] == 0xff)
 3402                 sc->calib_2ghz = 0;
 3403 
 3404         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
 3405         sc->tssi_5ghz[0] = val & 0xff;  /* [-4] */
 3406         sc->tssi_5ghz[1] = val >> 8;    /* [-3] */
 3407         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
 3408         sc->tssi_5ghz[2] = val & 0xff;  /* [-2] */
 3409         sc->tssi_5ghz[3] = val >> 8;    /* [-1] */
 3410         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
 3411         sc->tssi_5ghz[4] = val & 0xff;  /* [+0] */
 3412         sc->tssi_5ghz[5] = val >> 8;    /* [+1] */
 3413         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
 3414         sc->tssi_5ghz[6] = val & 0xff;  /* [+2] */
 3415         sc->tssi_5ghz[7] = val >> 8;    /* [+3] */
 3416         val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
 3417         sc->tssi_5ghz[8] = val & 0xff;  /* [+4] */
 3418         sc->step_5ghz = val >> 8;
 3419         DPRINTF(("TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
 3420             "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
 3421             sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
 3422             sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
 3423             sc->tssi_5ghz[8], sc->step_5ghz));
 3424         /* check that ref value is correct, otherwise disable calibration */
 3425         if (sc->tssi_5ghz[4] == 0xff)
 3426                 sc->calib_5ghz = 0;
 3427 
 3428         /* read RSSI offsets and LNA gains from EEPROM */
 3429         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
 3430         sc->rssi_2ghz[0] = val & 0xff;  /* Ant A */
 3431         sc->rssi_2ghz[1] = val >> 8;    /* Ant B */
 3432         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
 3433         if (sc->mac_ver >= 0x3071) {
 3434                 /*
 3435                  * On RT3090 chips (limited to 2 Rx chains), this ROM
 3436                  * field contains the Tx mixer gain for the 2GHz band.
 3437                  */
 3438                 if ((val & 0xff) != 0xff)
 3439                         sc->txmixgain_2ghz = val & 0x7;
 3440                 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
 3441         } else
 3442                 sc->rssi_2ghz[2] = val & 0xff;  /* Ant C */
 3443         sc->lna[2] = val >> 8;          /* channel group 2 */
 3444 
 3445         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
 3446         sc->rssi_5ghz[0] = val & 0xff;  /* Ant A */
 3447         sc->rssi_5ghz[1] = val >> 8;    /* Ant B */
 3448         val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
 3449         sc->rssi_5ghz[2] = val & 0xff;  /* Ant C */
 3450         sc->lna[3] = val >> 8;          /* channel group 3 */
 3451 
 3452         val = rt2860_srom_read(sc, RT2860_EEPROM_LNA);
 3453         if (sc->mac_ver >= 0x3071)
 3454                 sc->lna[0] = RT3090_DEF_LNA;
 3455         else                            /* channel group 0 */
 3456                 sc->lna[0] = val & 0xff;
 3457         sc->lna[1] = val >> 8;          /* channel group 1 */
 3458 
 3459         /* fix broken 5GHz LNA entries */
 3460         if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
 3461                 DPRINTF(("invalid LNA for channel group %d\n", 2));
 3462                 sc->lna[2] = sc->lna[1];
 3463         }
 3464         if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
 3465                 DPRINTF(("invalid LNA for channel group %d\n", 3));
 3466                 sc->lna[3] = sc->lna[1];
 3467         }
 3468 
 3469         /* fix broken RSSI offset entries */
 3470         for (ant = 0; ant < 3; ant++) {
 3471                 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
 3472                         DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
 3473                             ant + 1, sc->rssi_2ghz[ant]));
 3474                         sc->rssi_2ghz[ant] = 0;
 3475                 }
 3476                 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
 3477                         DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
 3478                             ant + 1, sc->rssi_5ghz[ant]));
 3479                         sc->rssi_5ghz[ant] = 0;
 3480                 }
 3481         }
 3482 
 3483         return 0;
 3484 }
 3485 
 3486 int
 3487 rt2860_bbp_init(struct rt2860_softc *sc)
 3488 {
 3489 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 3490         int i, ntries;
 3491 
 3492         /* wait for BBP to wake up */
 3493         for (ntries = 0; ntries < 20; ntries++) {
 3494                 uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
 3495                 if (bbp0 != 0 && bbp0 != 0xff)
 3496                         break;
 3497         }
 3498         if (ntries == 20) {
 3499                 device_printf(sc->sc_dev,
 3500                     "timeout waiting for BBP to wake up\n");
 3501                 return ETIMEDOUT;
 3502         }
 3503 
 3504         /* initialize BBP registers to default values */
 3505         for (i = 0; i < N(rt2860_def_bbp); i++) {
 3506                 rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
 3507                     rt2860_def_bbp[i].val);
 3508         }
 3509 
 3510         /* fix BBP84 for RT2860E */
 3511         if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
 3512                 rt2860_mcu_bbp_write(sc, 84, 0x19);
 3513 
 3514         if (sc->mac_ver >= 0x3071) {
 3515                 rt2860_mcu_bbp_write(sc, 79, 0x13);
 3516                 rt2860_mcu_bbp_write(sc, 80, 0x05);
 3517                 rt2860_mcu_bbp_write(sc, 81, 0x33);
 3518         } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
 3519                 rt2860_mcu_bbp_write(sc, 69, 0x16);
 3520                 rt2860_mcu_bbp_write(sc, 73, 0x12);
 3521         }
 3522 
 3523         return 0;
 3524 #undef N
 3525 }
 3526 
 3527 static int
 3528 rt2860_txrx_enable(struct rt2860_softc *sc)
 3529 {
 3530         struct ifnet *ifp = sc->sc_ifp;
 3531         struct ieee80211com *ic = ifp->if_l2com;
 3532         uint32_t tmp;
 3533         int ntries;
 3534 
 3535         /* enable Tx/Rx DMA engine */
 3536         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
 3537         RAL_BARRIER_READ_WRITE(sc);
 3538         for (ntries = 0; ntries < 200; ntries++) {
 3539                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3540                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3541                         break;
 3542                 DELAY(1000);
 3543         }
 3544         if (ntries == 200) {
 3545                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3546                 return ETIMEDOUT;
 3547         }
 3548 
 3549         DELAY(50);
 3550 
 3551         tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
 3552             RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
 3553         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3554 
 3555         /* set Rx filter */
 3556         tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
 3557         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
 3558                 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
 3559                     RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
 3560                     RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
 3561                     RT2860_DROP_CFACK | RT2860_DROP_CFEND;
 3562                 if (ic->ic_opmode == IEEE80211_M_STA)
 3563                         tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
 3564         }
 3565         RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
 3566 
 3567         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
 3568             RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
 3569 
 3570         return 0;
 3571 }
 3572 
 3573 static void
 3574 rt2860_init(void *arg)
 3575 {
 3576         struct rt2860_softc *sc = arg;
 3577         struct ifnet *ifp = sc->sc_ifp;
 3578         struct ieee80211com *ic = ifp->if_l2com;
 3579 
 3580         RAL_LOCK(sc);
 3581         rt2860_init_locked(sc);
 3582         RAL_UNLOCK(sc);
 3583 
 3584         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 3585                 ieee80211_start_all(ic);
 3586 }
 3587 
 3588 static void
 3589 rt2860_init_locked(struct rt2860_softc *sc)
 3590 {
 3591 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
 3592         struct ifnet *ifp = sc->sc_ifp;
 3593         struct ieee80211com *ic = ifp->if_l2com;
 3594         uint32_t tmp;
 3595         uint8_t bbp1, bbp3;
 3596         int i, qid, ridx, ntries, error;
 3597 
 3598         RAL_LOCK_ASSERT(sc);
 3599 
 3600         if (sc->rfswitch) {
 3601                 /* hardware has a radio switch on GPIO pin 2 */
 3602                 if (!(RAL_READ(sc, RT2860_GPIO_CTRL) & (1 << 2))) {
 3603                         device_printf(sc->sc_dev,
 3604                             "radio is disabled by hardware switch\n");
 3605 #ifdef notyet
 3606                         rt2860_stop_locked(sc);
 3607                         return;
 3608 #endif
 3609                 }
 3610         }
 3611         RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE);
 3612 
 3613         /* disable DMA */
 3614         tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3615         tmp &= 0xff0;
 3616         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3617 
 3618         /* PBF hardware reset */
 3619         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
 3620         RAL_BARRIER_WRITE(sc);
 3621         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
 3622 
 3623         if ((error = rt2860_load_microcode(sc)) != 0) {
 3624                 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
 3625                 rt2860_stop_locked(sc);
 3626                 return;
 3627         }
 3628 
 3629         rt2860_set_macaddr(sc, IF_LLADDR(ifp));
 3630 
 3631         /* init Tx power for all Tx rates (from EEPROM) */
 3632         for (ridx = 0; ridx < 5; ridx++) {
 3633                 if (sc->txpow20mhz[ridx] == 0xffffffff)
 3634                         continue;
 3635                 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
 3636         }
 3637 
 3638         for (ntries = 0; ntries < 100; ntries++) {
 3639                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3640                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3641                         break;
 3642                 DELAY(1000);
 3643         }
 3644         if (ntries == 100) {
 3645                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3646                 rt2860_stop_locked(sc);
 3647                 return;
 3648         }
 3649         tmp &= 0xff0;
 3650         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3651 
 3652         /* reset Rx ring and all 6 Tx rings */
 3653         RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
 3654 
 3655         /* PBF hardware reset */
 3656         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
 3657         RAL_BARRIER_WRITE(sc);
 3658         RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
 3659 
 3660         RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE | RT2860_IO_RF_PE);
 3661 
 3662         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
 3663         RAL_BARRIER_WRITE(sc);
 3664         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
 3665 
 3666         for (i = 0; i < N(rt2860_def_mac); i++)
 3667                 RAL_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
 3668         if (sc->mac_ver >= 0x3071) {
 3669                 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
 3670                 RAL_WRITE(sc, RT2860_TX_SW_CFG0,
 3671                     4 << RT2860_DLY_PAPE_EN_SHIFT);
 3672         }
 3673 
 3674         if (!(RAL_READ(sc, RT2860_PCI_CFG) & RT2860_PCI_CFG_PCI)) {
 3675                 sc->sc_flags |= RT2860_PCIE;
 3676                 /* PCIe has different clock cycle count than PCI */
 3677                 tmp = RAL_READ(sc, RT2860_US_CYC_CNT);
 3678                 tmp = (tmp & ~0xff) | 0x7d;
 3679                 RAL_WRITE(sc, RT2860_US_CYC_CNT, tmp);
 3680         }
 3681 
 3682         /* wait while MAC is busy */
 3683         for (ntries = 0; ntries < 100; ntries++) {
 3684                 if (!(RAL_READ(sc, RT2860_MAC_STATUS_REG) &
 3685                     (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
 3686                         break;
 3687                 DELAY(1000);
 3688         }
 3689         if (ntries == 100) {
 3690                 device_printf(sc->sc_dev, "timeout waiting for MAC\n");
 3691                 rt2860_stop_locked(sc);
 3692                 return;
 3693         }
 3694 
 3695         /* clear Host to MCU mailbox */
 3696         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
 3697         RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
 3698 
 3699         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
 3700         DELAY(1000);
 3701 
 3702         if ((error = rt2860_bbp_init(sc)) != 0) {
 3703                 rt2860_stop_locked(sc);
 3704                 return;
 3705         }
 3706 
 3707         /* clear RX WCID search table */
 3708         RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
 3709         /* clear pairwise key table */
 3710         RAL_SET_REGION_4(sc, RT2860_PKEY(0), 0, 2048);
 3711         /* clear IV/EIV table */
 3712         RAL_SET_REGION_4(sc, RT2860_IVEIV(0), 0, 512);
 3713         /* clear WCID attribute table */
 3714         RAL_SET_REGION_4(sc, RT2860_WCID_ATTR(0), 0, 256);
 3715         /* clear shared key table */
 3716         RAL_SET_REGION_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
 3717         /* clear shared key mode */
 3718         RAL_SET_REGION_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
 3719 
 3720         /* init Tx rings (4 EDCAs + HCCA + Mgt) */
 3721         for (qid = 0; qid < 6; qid++) {
 3722                 RAL_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
 3723                 RAL_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
 3724                 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
 3725         }
 3726 
 3727         /* init Rx ring */
 3728         RAL_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
 3729         RAL_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
 3730         RAL_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
 3731 
 3732         /* setup maximum buffer sizes */
 3733         RAL_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
 3734             (MCLBYTES - sizeof (struct rt2860_rxwi) - 2));
 3735 
 3736         for (ntries = 0; ntries < 100; ntries++) {
 3737                 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
 3738                 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
 3739                         break;
 3740                 DELAY(1000);
 3741         }
 3742         if (ntries == 100) {
 3743                 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
 3744                 rt2860_stop_locked(sc);
 3745                 return;
 3746         }
 3747         tmp &= 0xff0;
 3748         RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
 3749 
 3750         /* disable interrupts mitigation */
 3751         RAL_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
 3752 
 3753         /* write vendor-specific BBP values (from EEPROM) */
 3754         for (i = 0; i < 8; i++) {
 3755                 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
 3756                         continue;
 3757                 rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
 3758         }
 3759 
 3760         /* select Main antenna for 1T1R devices */
 3761         if (sc->rf_rev == RT3070_RF_2020 ||
 3762             sc->rf_rev == RT3070_RF_3020 ||
 3763             sc->rf_rev == RT3070_RF_3320)
 3764                 rt3090_set_rx_antenna(sc, 0);
 3765 
 3766         /* send LEDs operating mode to microcontroller */
 3767         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0], 0);
 3768         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1], 0);
 3769         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2], 0);
 3770 
 3771         if (sc->mac_ver >= 0x3071)
 3772                 rt3090_rf_init(sc);
 3773 
 3774         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_SLEEP, 0x02ff, 1);
 3775         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_WAKEUP, 0, 1);
 3776 
 3777         if (sc->mac_ver >= 0x3071)
 3778                 rt3090_rf_wakeup(sc);
 3779 
 3780         /* disable non-existing Rx chains */
 3781         bbp3 = rt2860_mcu_bbp_read(sc, 3);
 3782         bbp3 &= ~(1 << 3 | 1 << 4);
 3783         if (sc->nrxchains == 2)
 3784                 bbp3 |= 1 << 3;
 3785         else if (sc->nrxchains == 3)
 3786                 bbp3 |= 1 << 4;
 3787         rt2860_mcu_bbp_write(sc, 3, bbp3);
 3788 
 3789         /* disable non-existing Tx chains */
 3790         bbp1 = rt2860_mcu_bbp_read(sc, 1);
 3791         if (sc->ntxchains == 1)
 3792                 bbp1 = (bbp1 & ~(1 << 3 | 1 << 4));
 3793         else if (sc->mac_ver == 0x3593 && sc->ntxchains == 2)
 3794                 bbp1 = (bbp1 & ~(1 << 4)) | 1 << 3;
 3795         else if (sc->mac_ver == 0x3593 && sc->ntxchains == 3)
 3796                 bbp1 = (bbp1 & ~(1 << 3)) | 1 << 4;
 3797         rt2860_mcu_bbp_write(sc, 1, bbp1);
 3798 
 3799         if (sc->mac_ver >= 0x3071)
 3800                 rt3090_rf_setup(sc);
 3801 
 3802         /* select default channel */
 3803         rt2860_switch_chan(sc, ic->ic_curchan);
 3804 
 3805         /* reset RF from MCU */
 3806         rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
 3807 
 3808         /* set RTS threshold */
 3809         tmp = RAL_READ(sc, RT2860_TX_RTS_CFG);
 3810         tmp &= ~0xffff00;
 3811         tmp |= IEEE80211_RTS_DEFAULT << 8;
 3812         RAL_WRITE(sc, RT2860_TX_RTS_CFG, tmp);
 3813 
 3814         /* setup initial protection mode */
 3815         rt2860_updateprot(ifp);
 3816 
 3817         /* turn radio LED on */
 3818         rt2860_set_leds(sc, RT2860_LED_RADIO);
 3819 
 3820         /* enable Tx/Rx DMA engine */
 3821         if ((error = rt2860_txrx_enable(sc)) != 0) {
 3822                 rt2860_stop_locked(sc);
 3823                 return;
 3824         }
 3825 
 3826         /* clear pending interrupts */
 3827         RAL_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
 3828         /* enable interrupts */
 3829         RAL_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
 3830 
 3831         if (sc->sc_flags & RT2860_ADVANCED_PS)
 3832                 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel, 0);
 3833 
 3834         ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
 3835         ifp->if_drv_flags |= IFF_DRV_RUNNING;
 3836 
 3837         callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
 3838 #undef N
 3839 }
 3840 
 3841 static void
 3842 rt2860_stop(void *arg)
 3843 {
 3844         struct rt2860_softc *sc = arg;
 3845 
 3846         RAL_LOCK(sc);
 3847         rt2860_stop_locked(sc);
 3848         RAL_UNLOCK(sc);
 3849 }
 3850 
 3851 static void
 3852 rt2860_stop_locked(struct rt2860_softc *sc)
 3853 {
 3854         struct ifnet *ifp = sc->sc_ifp;
 3855         uint32_t tmp;
 3856         int qid;
 3857 
 3858         if (ifp->if_drv_flags & IFF_DRV_RUNNING)
 3859                 rt2860_set_leds(sc, 0); /* turn all LEDs off */
 3860 
 3861         callout_stop(&sc->watchdog_ch);
 3862         sc->sc_tx_timer = 0;
 3863         ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
 3864 
 3865         /* disable interrupts */
 3866         RAL_WRITE(sc, RT2860_INT_MASK, 0);
 3867 
 3868         /* disable GP timer */
 3869         rt2860_set_gp_timer(sc, 0);
 3870 
 3871         /* disable Rx */
 3872         tmp = RAL_READ(sc, RT2860_MAC_SYS_CTRL);
 3873         tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
 3874         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
 3875 
 3876         /* reset adapter */
 3877         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
 3878         RAL_BARRIER_WRITE(sc);
 3879         RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
 3880 
 3881         /* reset Tx and Rx rings (and reclaim TXWIs) */
 3882         sc->qfullmsk = 0;
 3883         for (qid = 0; qid < 6; qid++)
 3884                 rt2860_reset_tx_ring(sc, &sc->txq[qid]);
 3885         rt2860_reset_rx_ring(sc, &sc->rxq);
 3886 }
 3887 
 3888 int
 3889 rt2860_load_microcode(struct rt2860_softc *sc)
 3890 {
 3891         const struct firmware *fp;
 3892         int ntries, error;
 3893 
 3894         RAL_LOCK_ASSERT(sc);
 3895 
 3896         RAL_UNLOCK(sc);
 3897         fp = firmware_get("rt2860fw");
 3898         RAL_LOCK(sc);
 3899         if (fp == NULL) {
 3900                 device_printf(sc->sc_dev,
 3901                     "unable to receive rt2860fw firmware image\n");
 3902                 return EINVAL;
 3903         }
 3904 
 3905         /* set "host program ram write selection" bit */
 3906         RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
 3907         /* write microcode image */
 3908         RAL_WRITE_REGION_1(sc, RT2860_FW_BASE, fp->data, fp->datasize);
 3909         /* kick microcontroller unit */
 3910         RAL_WRITE(sc, RT2860_SYS_CTRL, 0);
 3911         RAL_BARRIER_WRITE(sc);
 3912         RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
 3913 
 3914         RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
 3915         RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
 3916 
 3917         /* wait until microcontroller is ready */
 3918         RAL_BARRIER_READ_WRITE(sc);
 3919         for (ntries = 0; ntries < 1000; ntries++) {
 3920                 if (RAL_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
 3921                         break;
 3922                 DELAY(1000);
 3923         }
 3924         if (ntries == 1000) {
 3925                 device_printf(sc->sc_dev,
 3926                     "timeout waiting for MCU to initialize\n");
 3927                 error = ETIMEDOUT;
 3928         } else
 3929                 error = 0;
 3930 
 3931         firmware_put(fp, FIRMWARE_UNLOAD);
 3932         return error;
 3933 }
 3934 
 3935 /*
 3936  * This function is called periodically to adjust Tx power based on
 3937  * temperature variation.
 3938  */
 3939 #ifdef NOT_YET
 3940 static void
 3941 rt2860_calib(struct rt2860_softc *sc)
 3942 {
 3943         struct ieee80211com *ic = &sc->sc_ic;
 3944         const uint8_t *tssi;
 3945         uint8_t step, bbp49;
 3946         int8_t ridx, d;
 3947 
 3948         /* read current temperature */
 3949         bbp49 = rt2860_mcu_bbp_read(sc, 49);
 3950 
 3951         if (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan)) {
 3952                 tssi = &sc->tssi_2ghz[4];
 3953                 step = sc->step_2ghz;
 3954         } else {
 3955                 tssi = &sc->tssi_5ghz[4];
 3956                 step = sc->step_5ghz;
 3957         }
 3958 
 3959         if (bbp49 < tssi[0]) {          /* lower than reference */
 3960                 /* use higher Tx power than default */
 3961                 for (d = 0; d > -4 && bbp49 <= tssi[d - 1]; d--);
 3962         } else if (bbp49 > tssi[0]) {   /* greater than reference */
 3963                 /* use lower Tx power than default */
 3964                 for (d = 0; d < +4 && bbp49 >= tssi[d + 1]; d++);
 3965         } else {
 3966                 /* use default Tx power */
 3967                 d = 0;
 3968         }
 3969         d *= step;
 3970 
 3971         DPRINTF(("BBP49=0x%02x, adjusting Tx power by %d\n", bbp49, d));
 3972 
 3973         /* write adjusted Tx power values for each Tx rate */
 3974         for (ridx = 0; ridx < 5; ridx++) {
 3975                 if (sc->txpow20mhz[ridx] == 0xffffffff)
 3976                         continue;
 3977                 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx),
 3978                     b4inc(sc->txpow20mhz[ridx], d));
 3979         }
 3980 }
 3981 #endif
 3982 
 3983 static void
 3984 rt3090_set_rx_antenna(struct rt2860_softc *sc, int aux)
 3985 {
 3986         uint32_t tmp;
 3987 
 3988         if (aux) {
 3989                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 3990                 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C);
 3991                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 3992                 RAL_WRITE(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
 3993         } else {
 3994                 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
 3995                 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp | RT2860_C);
 3996                 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
 3997                 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
 3998         }
 3999 }
 4000 
 4001 static void
 4002 rt2860_switch_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
 4003 {
 4004         struct ifnet *ifp = sc->sc_ifp;
 4005         struct ieee80211com *ic = ifp->if_l2com;
 4006         u_int chan, group;
 4007 
 4008         chan = ieee80211_chan2ieee(ic, c);
 4009         if (chan == 0 || chan == IEEE80211_CHAN_ANY)
 4010                 return;
 4011 
 4012         if (sc->mac_ver >= 0x3071)
 4013                 rt3090_set_chan(sc, chan);
 4014         else
 4015                 rt2860_set_chan(sc, chan);
 4016 
 4017         /* determine channel group */
 4018         if (chan <= 14)
 4019                 group = 0;
 4020         else if (chan <= 64)
 4021                 group = 1;
 4022         else if (chan <= 128)
 4023                 group = 2;
 4024         else
 4025                 group = 3;
 4026 
 4027         /* XXX necessary only when group has changed! */
 4028         rt2860_select_chan_group(sc, group);
 4029 
 4030         DELAY(1000);
 4031 }
 4032 
 4033 static int
 4034 rt2860_setup_beacon(struct rt2860_softc *sc, struct ieee80211vap *vap)
 4035 {
 4036         struct ieee80211com *ic = vap->iv_ic;
 4037         struct ieee80211_beacon_offsets bo;
 4038         struct rt2860_txwi txwi;
 4039         struct mbuf *m;
 4040         int ridx;
 4041 
 4042         if ((m = ieee80211_beacon_alloc(vap->iv_bss, &bo)) == NULL)
 4043                 return ENOBUFS;
 4044 
 4045         memset(&txwi, 0, sizeof txwi);
 4046         txwi.wcid = 0xff;
 4047         txwi.len = htole16(m->m_pkthdr.len);
 4048         /* send beacons at the lowest available rate */
 4049         ridx = IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan) ?
 4050             RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
 4051         txwi.phy = htole16(rt2860_rates[ridx].mcs);
 4052         if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
 4053                 txwi.phy |= htole16(RT2860_PHY_OFDM);
 4054         txwi.txop = RT2860_TX_TXOP_HT;
 4055         txwi.flags = RT2860_TX_TS;
 4056         txwi.xflags = RT2860_TX_NSEQ;
 4057 
 4058         RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0),
 4059             (uint8_t *)&txwi, sizeof txwi);
 4060         RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0) + sizeof txwi,
 4061             mtod(m, uint8_t *), m->m_pkthdr.len);
 4062 
 4063         m_freem(m);
 4064 
 4065         return 0;
 4066 }
 4067 
 4068 static void
 4069 rt2860_enable_tsf_sync(struct rt2860_softc *sc)
 4070 {
 4071         struct ifnet *ifp = sc->sc_ifp;
 4072         struct ieee80211com *ic = ifp->if_l2com;
 4073         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 4074         uint32_t tmp;
 4075 
 4076         tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
 4077 
 4078         tmp &= ~0x1fffff;
 4079         tmp |= vap->iv_bss->ni_intval * 16;
 4080         tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
 4081         if (vap->iv_opmode == IEEE80211_M_STA) {
 4082                 /*
 4083                  * Local TSF is always updated with remote TSF on beacon
 4084                  * reception.
 4085                  */
 4086                 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
 4087         }
 4088         else if (vap->iv_opmode == IEEE80211_M_IBSS ||
 4089             vap->iv_opmode == IEEE80211_M_MBSS) {
 4090                 tmp |= RT2860_BCN_TX_EN;
 4091                 /*
 4092                  * Local TSF is updated with remote TSF on beacon reception
 4093                  * only if the remote TSF is greater than local TSF.
 4094                  */
 4095                 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
 4096         } else if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
 4097                 tmp |= RT2860_BCN_TX_EN;
 4098                 /* SYNC with nobody */
 4099                 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
 4100         }
 4101 
 4102         RAL_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
 4103 }

Cache object: 100a935fcab49e7971cd561ebb429c64


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.