Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/dev/usb/wlan/if_run.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD: releng/8.4/sys/dev/usb/wlan/if_run.c 236667 2012-06-06 07:46:14Z marius $"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 74 #include "if_runreg.h" 75 #include "if_runvar.h" 76 77 #define N(_a) ((int)(sizeof((_a)) / sizeof((_a)[0]))) 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88 #endif 89 90 #define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F5D8053V3), 146 RUN_DEV(BELKIN, F5D8055), 147 RUN_DEV(BELKIN, F5D8055V2), 148 RUN_DEV(BELKIN, F6D4050V1), 149 RUN_DEV(BELKIN, RT2870_1), 150 RUN_DEV(BELKIN, RT2870_2), 151 RUN_DEV(CISCOLINKSYS, AE1000), 152 RUN_DEV(CISCOLINKSYS2, RT3070), 153 RUN_DEV(CISCOLINKSYS3, RT3070), 154 RUN_DEV(CONCEPTRONIC2, RT2870_1), 155 RUN_DEV(CONCEPTRONIC2, RT2870_2), 156 RUN_DEV(CONCEPTRONIC2, RT2870_3), 157 RUN_DEV(CONCEPTRONIC2, RT2870_4), 158 RUN_DEV(CONCEPTRONIC2, RT2870_5), 159 RUN_DEV(CONCEPTRONIC2, RT2870_6), 160 RUN_DEV(CONCEPTRONIC2, RT2870_7), 161 RUN_DEV(CONCEPTRONIC2, RT2870_8), 162 RUN_DEV(CONCEPTRONIC2, RT3070_1), 163 RUN_DEV(CONCEPTRONIC2, RT3070_2), 164 RUN_DEV(CONCEPTRONIC2, VIGORN61), 165 RUN_DEV(COREGA, CGWLUSB300GNM), 166 RUN_DEV(COREGA, RT2870_1), 167 RUN_DEV(COREGA, RT2870_2), 168 RUN_DEV(COREGA, RT2870_3), 169 RUN_DEV(COREGA, RT3070), 170 RUN_DEV(CYBERTAN, RT2870), 171 RUN_DEV(DLINK, RT2870), 172 RUN_DEV(DLINK, RT3072), 173 RUN_DEV(DLINK2, DWA130), 174 RUN_DEV(DLINK2, RT2870_1), 175 RUN_DEV(DLINK2, RT2870_2), 176 RUN_DEV(DLINK2, RT3070_1), 177 RUN_DEV(DLINK2, RT3070_2), 178 RUN_DEV(DLINK2, RT3070_3), 179 RUN_DEV(DLINK2, RT3070_4), 180 RUN_DEV(DLINK2, RT3070_5), 181 RUN_DEV(DLINK2, RT3072), 182 RUN_DEV(DLINK2, RT3072_1), 183 RUN_DEV(EDIMAX, EW7717), 184 RUN_DEV(EDIMAX, EW7718), 185 RUN_DEV(EDIMAX, RT2870_1), 186 RUN_DEV(ENCORE, RT3070_1), 187 RUN_DEV(ENCORE, RT3070_2), 188 RUN_DEV(ENCORE, RT3070_3), 189 RUN_DEV(GIGABYTE, GNWB31N), 190 RUN_DEV(GIGABYTE, GNWB32L), 191 RUN_DEV(GIGABYTE, RT2870_1), 192 RUN_DEV(GIGASET, RT3070_1), 193 RUN_DEV(GIGASET, RT3070_2), 194 RUN_DEV(GUILLEMOT, HWNU300), 195 RUN_DEV(HAWKING, HWUN2), 196 RUN_DEV(HAWKING, RT2870_1), 197 RUN_DEV(HAWKING, RT2870_2), 198 RUN_DEV(HAWKING, RT3070), 199 RUN_DEV(IODATA, RT3072_1), 200 RUN_DEV(IODATA, RT3072_2), 201 RUN_DEV(IODATA, RT3072_3), 202 RUN_DEV(IODATA, RT3072_4), 203 RUN_DEV(LINKSYS4, RT3070), 204 RUN_DEV(LINKSYS4, WUSB100), 205 RUN_DEV(LINKSYS4, WUSB54GCV3), 206 RUN_DEV(LINKSYS4, WUSB600N), 207 RUN_DEV(LINKSYS4, WUSB600NV2), 208 RUN_DEV(LOGITEC, RT2870_1), 209 RUN_DEV(LOGITEC, RT2870_2), 210 RUN_DEV(LOGITEC, RT2870_3), 211 RUN_DEV(LOGITEC, LANW300NU2), 212 RUN_DEV(MELCO, RT2870_1), 213 RUN_DEV(MELCO, RT2870_2), 214 RUN_DEV(MELCO, WLIUCAG300N), 215 RUN_DEV(MELCO, WLIUCG300N), 216 RUN_DEV(MELCO, WLIUCG301N), 217 RUN_DEV(MELCO, WLIUCGN), 218 RUN_DEV(MELCO, WLIUCGNM), 219 RUN_DEV(MOTOROLA4, RT2770), 220 RUN_DEV(MOTOROLA4, RT3070), 221 RUN_DEV(MSI, RT3070_1), 222 RUN_DEV(MSI, RT3070_2), 223 RUN_DEV(MSI, RT3070_3), 224 RUN_DEV(MSI, RT3070_4), 225 RUN_DEV(MSI, RT3070_5), 226 RUN_DEV(MSI, RT3070_6), 227 RUN_DEV(MSI, RT3070_7), 228 RUN_DEV(MSI, RT3070_8), 229 RUN_DEV(MSI, RT3070_9), 230 RUN_DEV(MSI, RT3070_10), 231 RUN_DEV(MSI, RT3070_11), 232 RUN_DEV(OVISLINK, RT3072), 233 RUN_DEV(PARA, RT3070), 234 RUN_DEV(PEGATRON, RT2870), 235 RUN_DEV(PEGATRON, RT3070), 236 RUN_DEV(PEGATRON, RT3070_2), 237 RUN_DEV(PEGATRON, RT3070_3), 238 RUN_DEV(PHILIPS, RT2870), 239 RUN_DEV(PLANEX2, GWUS300MINIS), 240 RUN_DEV(PLANEX2, GWUSMICRON), 241 RUN_DEV(PLANEX2, RT2870), 242 RUN_DEV(PLANEX2, RT3070), 243 RUN_DEV(QCOM, RT2870), 244 RUN_DEV(QUANTA, RT3070), 245 RUN_DEV(RALINK, RT2070), 246 RUN_DEV(RALINK, RT2770), 247 RUN_DEV(RALINK, RT2870), 248 RUN_DEV(RALINK, RT3070), 249 RUN_DEV(RALINK, RT3071), 250 RUN_DEV(RALINK, RT3072), 251 RUN_DEV(RALINK, RT3370), 252 RUN_DEV(RALINK, RT3572), 253 RUN_DEV(RALINK, RT8070), 254 RUN_DEV(SAMSUNG, WIS09ABGN), 255 RUN_DEV(SAMSUNG2, RT2870_1), 256 RUN_DEV(SENAO, RT2870_1), 257 RUN_DEV(SENAO, RT2870_2), 258 RUN_DEV(SENAO, RT2870_3), 259 RUN_DEV(SENAO, RT2870_4), 260 RUN_DEV(SENAO, RT3070), 261 RUN_DEV(SENAO, RT3071), 262 RUN_DEV(SENAO, RT3072_1), 263 RUN_DEV(SENAO, RT3072_2), 264 RUN_DEV(SENAO, RT3072_3), 265 RUN_DEV(SENAO, RT3072_4), 266 RUN_DEV(SENAO, RT3072_5), 267 RUN_DEV(SITECOMEU, RT2770), 268 RUN_DEV(SITECOMEU, RT2870_1), 269 RUN_DEV(SITECOMEU, RT2870_2), 270 RUN_DEV(SITECOMEU, RT2870_3), 271 RUN_DEV(SITECOMEU, RT2870_4), 272 RUN_DEV(SITECOMEU, RT3070), 273 RUN_DEV(SITECOMEU, RT3070_2), 274 RUN_DEV(SITECOMEU, RT3070_3), 275 RUN_DEV(SITECOMEU, RT3070_4), 276 RUN_DEV(SITECOMEU, RT3071), 277 RUN_DEV(SITECOMEU, RT3072_1), 278 RUN_DEV(SITECOMEU, RT3072_2), 279 RUN_DEV(SITECOMEU, RT3072_3), 280 RUN_DEV(SITECOMEU, RT3072_4), 281 RUN_DEV(SITECOMEU, RT3072_5), 282 RUN_DEV(SITECOMEU, RT3072_6), 283 RUN_DEV(SITECOMEU, WL608), 284 RUN_DEV(SPARKLAN, RT2870_1), 285 RUN_DEV(SPARKLAN, RT3070), 286 RUN_DEV(SWEEX2, LW153), 287 RUN_DEV(SWEEX2, LW303), 288 RUN_DEV(SWEEX2, LW313), 289 RUN_DEV(TOSHIBA, RT3070), 290 RUN_DEV(UMEDIA, RT2870_1), 291 RUN_DEV(ZCOM, RT2870_1), 292 RUN_DEV(ZCOM, RT2870_2), 293 RUN_DEV(ZINWELL, RT2870_1), 294 RUN_DEV(ZINWELL, RT2870_2), 295 RUN_DEV(ZINWELL, RT3070), 296 RUN_DEV(ZINWELL, RT3072_1), 297 RUN_DEV(ZINWELL, RT3072_2), 298 RUN_DEV(ZYXEL, RT2870_1), 299 RUN_DEV(ZYXEL, RT2870_2), 300 #undef RUN_DEV 301 }; 302 303 static device_probe_t run_match; 304 static device_attach_t run_attach; 305 static device_detach_t run_detach; 306 307 static usb_callback_t run_bulk_rx_callback; 308 static usb_callback_t run_bulk_tx_callback0; 309 static usb_callback_t run_bulk_tx_callback1; 310 static usb_callback_t run_bulk_tx_callback2; 311 static usb_callback_t run_bulk_tx_callback3; 312 static usb_callback_t run_bulk_tx_callback4; 313 static usb_callback_t run_bulk_tx_callback5; 314 315 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 316 usb_error_t error, unsigned int index); 317 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 318 const char name[IFNAMSIZ], int unit, int opmode, int flags, 319 const uint8_t bssid[IEEE80211_ADDR_LEN], const uint8_t 320 mac[IEEE80211_ADDR_LEN]); 321 static void run_vap_delete(struct ieee80211vap *); 322 static void run_cmdq_cb(void *, int); 323 static void run_setup_tx_list(struct run_softc *, 324 struct run_endpoint_queue *); 325 static void run_unsetup_tx_list(struct run_softc *, 326 struct run_endpoint_queue *); 327 static int run_load_microcode(struct run_softc *); 328 static int run_reset(struct run_softc *); 329 static usb_error_t run_do_request(struct run_softc *, 330 struct usb_device_request *, void *); 331 static int run_read(struct run_softc *, uint16_t, uint32_t *); 332 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 333 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 334 static int run_write(struct run_softc *, uint16_t, uint32_t); 335 static int run_write_region_1(struct run_softc *, uint16_t, 336 const uint8_t *, int); 337 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 338 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 339 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 340 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 341 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 342 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 343 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 344 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 345 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 346 static const char *run_get_rf(int); 347 static int run_read_eeprom(struct run_softc *); 348 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 349 const uint8_t mac[IEEE80211_ADDR_LEN]); 350 static int run_media_change(struct ifnet *); 351 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 352 static int run_wme_update(struct ieee80211com *); 353 static void run_wme_update_cb(void *); 354 static void run_key_update_begin(struct ieee80211vap *); 355 static void run_key_update_end(struct ieee80211vap *); 356 static void run_key_set_cb(void *); 357 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 358 const uint8_t mac[IEEE80211_ADDR_LEN]); 359 static void run_key_delete_cb(void *); 360 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 361 static void run_ratectl_to(void *); 362 static void run_ratectl_cb(void *, int); 363 static void run_drain_fifo(void *); 364 static void run_iter_func(void *, struct ieee80211_node *); 365 static void run_newassoc_cb(void *); 366 static void run_newassoc(struct ieee80211_node *, int); 367 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 368 static void run_tx_free(struct run_endpoint_queue *pq, 369 struct run_tx_data *, int); 370 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 371 static int run_tx(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *); 373 static int run_tx_mgt(struct run_softc *, struct mbuf *, 374 struct ieee80211_node *); 375 static int run_sendprot(struct run_softc *, const struct mbuf *, 376 struct ieee80211_node *, int, int); 377 static int run_tx_param(struct run_softc *, struct mbuf *, 378 struct ieee80211_node *, 379 const struct ieee80211_bpf_params *); 380 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 381 const struct ieee80211_bpf_params *); 382 static void run_start(struct ifnet *); 383 static int run_ioctl(struct ifnet *, u_long, caddr_t); 384 static void run_set_agc(struct run_softc *, uint8_t); 385 static void run_select_chan_group(struct run_softc *, int); 386 static void run_set_rx_antenna(struct run_softc *, int); 387 static void run_rt2870_set_chan(struct run_softc *, u_int); 388 static void run_rt3070_set_chan(struct run_softc *, u_int); 389 static void run_rt3572_set_chan(struct run_softc *, u_int); 390 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 391 static void run_set_channel(struct ieee80211com *); 392 static void run_scan_start(struct ieee80211com *); 393 static void run_scan_end(struct ieee80211com *); 394 static void run_update_beacon(struct ieee80211vap *, int); 395 static void run_update_beacon_cb(void *); 396 static void run_updateprot(struct ieee80211com *); 397 static void run_usb_timeout_cb(void *); 398 static void run_reset_livelock(struct run_softc *); 399 static void run_enable_tsf_sync(struct run_softc *); 400 static void run_enable_mrr(struct run_softc *); 401 static void run_set_txpreamble(struct run_softc *); 402 static void run_set_basicrates(struct run_softc *); 403 static void run_set_leds(struct run_softc *, uint16_t); 404 static void run_set_bssid(struct run_softc *, const uint8_t *); 405 static void run_set_macaddr(struct run_softc *, const uint8_t *); 406 static void run_updateslot(struct ifnet *); 407 static void run_update_mcast(struct ifnet *); 408 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 409 static void run_update_promisc_locked(struct ifnet *); 410 static void run_update_promisc(struct ifnet *); 411 static int run_bbp_init(struct run_softc *); 412 static int run_rt3070_rf_init(struct run_softc *); 413 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 414 uint8_t *); 415 static void run_rt3070_rf_setup(struct run_softc *); 416 static int run_txrx_enable(struct run_softc *); 417 static void run_init(void *); 418 static void run_init_locked(struct run_softc *); 419 static void run_stop(void *); 420 static void run_delay(struct run_softc *, unsigned int); 421 422 static const struct { 423 uint16_t reg; 424 uint32_t val; 425 } rt2870_def_mac[] = { 426 RT2870_DEF_MAC 427 }; 428 429 static const struct { 430 uint8_t reg; 431 uint8_t val; 432 } rt2860_def_bbp[] = { 433 RT2860_DEF_BBP 434 }; 435 436 static const struct rfprog { 437 uint8_t chan; 438 uint32_t r1, r2, r3, r4; 439 } rt2860_rf2850[] = { 440 RT2860_RF2850 441 }; 442 443 struct { 444 uint8_t n, r, k; 445 } rt3070_freqs[] = { 446 RT3070_RF3052 447 }; 448 449 static const struct { 450 uint8_t reg; 451 uint8_t val; 452 } rt3070_def_rf[] = { 453 RT3070_DEF_RF 454 },rt3572_def_rf[] = { 455 RT3572_DEF_RF 456 }; 457 458 static const struct usb_config run_config[RUN_N_XFER] = { 459 [RUN_BULK_TX_BE] = { 460 .type = UE_BULK, 461 .endpoint = UE_ADDR_ANY, 462 .ep_index = 0, 463 .direction = UE_DIR_OUT, 464 .bufsize = RUN_MAX_TXSZ, 465 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 466 .callback = run_bulk_tx_callback0, 467 .timeout = 5000, /* ms */ 468 }, 469 [RUN_BULK_TX_BK] = { 470 .type = UE_BULK, 471 .endpoint = UE_ADDR_ANY, 472 .direction = UE_DIR_OUT, 473 .ep_index = 1, 474 .bufsize = RUN_MAX_TXSZ, 475 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 476 .callback = run_bulk_tx_callback1, 477 .timeout = 5000, /* ms */ 478 }, 479 [RUN_BULK_TX_VI] = { 480 .type = UE_BULK, 481 .endpoint = UE_ADDR_ANY, 482 .direction = UE_DIR_OUT, 483 .ep_index = 2, 484 .bufsize = RUN_MAX_TXSZ, 485 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 486 .callback = run_bulk_tx_callback2, 487 .timeout = 5000, /* ms */ 488 }, 489 [RUN_BULK_TX_VO] = { 490 .type = UE_BULK, 491 .endpoint = UE_ADDR_ANY, 492 .direction = UE_DIR_OUT, 493 .ep_index = 3, 494 .bufsize = RUN_MAX_TXSZ, 495 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 496 .callback = run_bulk_tx_callback3, 497 .timeout = 5000, /* ms */ 498 }, 499 [RUN_BULK_TX_HCCA] = { 500 .type = UE_BULK, 501 .endpoint = UE_ADDR_ANY, 502 .direction = UE_DIR_OUT, 503 .ep_index = 4, 504 .bufsize = RUN_MAX_TXSZ, 505 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 506 .callback = run_bulk_tx_callback4, 507 .timeout = 5000, /* ms */ 508 }, 509 [RUN_BULK_TX_PRIO] = { 510 .type = UE_BULK, 511 .endpoint = UE_ADDR_ANY, 512 .direction = UE_DIR_OUT, 513 .ep_index = 5, 514 .bufsize = RUN_MAX_TXSZ, 515 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 516 .callback = run_bulk_tx_callback5, 517 .timeout = 5000, /* ms */ 518 }, 519 [RUN_BULK_RX] = { 520 .type = UE_BULK, 521 .endpoint = UE_ADDR_ANY, 522 .direction = UE_DIR_IN, 523 .bufsize = RUN_MAX_RXSZ, 524 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 525 .callback = run_bulk_rx_callback, 526 } 527 }; 528 529 int 530 run_match(device_t self) 531 { 532 struct usb_attach_arg *uaa = device_get_ivars(self); 533 534 if (uaa->usb_mode != USB_MODE_HOST) 535 return (ENXIO); 536 if (uaa->info.bConfigIndex != 0) 537 return (ENXIO); 538 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 539 return (ENXIO); 540 541 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 542 } 543 544 static int 545 run_attach(device_t self) 546 { 547 struct run_softc *sc = device_get_softc(self); 548 struct usb_attach_arg *uaa = device_get_ivars(self); 549 struct ieee80211com *ic; 550 struct ifnet *ifp; 551 uint32_t ver; 552 int i, ntries, error; 553 uint8_t iface_index, bands; 554 555 device_set_usb_desc(self); 556 sc->sc_udev = uaa->device; 557 sc->sc_dev = self; 558 559 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 560 MTX_NETWORK_LOCK, MTX_DEF); 561 562 iface_index = RT2860_IFACE_INDEX; 563 564 error = usbd_transfer_setup(uaa->device, &iface_index, 565 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 566 if (error) { 567 device_printf(self, "could not allocate USB transfers, " 568 "err=%s\n", usbd_errstr(error)); 569 goto detach; 570 } 571 572 RUN_LOCK(sc); 573 574 /* wait for the chip to settle */ 575 for (ntries = 0; ntries < 100; ntries++) { 576 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 577 RUN_UNLOCK(sc); 578 goto detach; 579 } 580 if (ver != 0 && ver != 0xffffffff) 581 break; 582 run_delay(sc, 10); 583 } 584 if (ntries == 100) { 585 device_printf(sc->sc_dev, 586 "timeout waiting for NIC to initialize\n"); 587 RUN_UNLOCK(sc); 588 goto detach; 589 } 590 sc->mac_ver = ver >> 16; 591 sc->mac_rev = ver & 0xffff; 592 593 /* retrieve RF rev. no and various other things from EEPROM */ 594 run_read_eeprom(sc); 595 596 device_printf(sc->sc_dev, 597 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 598 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 599 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 600 601 RUN_UNLOCK(sc); 602 603 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 604 if(ifp == NULL){ 605 device_printf(sc->sc_dev, "can not if_alloc()\n"); 606 goto detach; 607 } 608 ic = ifp->if_l2com; 609 610 ifp->if_softc = sc; 611 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 612 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 613 ifp->if_init = run_init; 614 ifp->if_ioctl = run_ioctl; 615 ifp->if_start = run_start; 616 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 617 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 618 IFQ_SET_READY(&ifp->if_snd); 619 620 ic->ic_ifp = ifp; 621 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 622 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 623 624 /* set device capabilities */ 625 ic->ic_caps = 626 IEEE80211_C_STA | /* station mode supported */ 627 IEEE80211_C_MONITOR | /* monitor mode supported */ 628 IEEE80211_C_IBSS | 629 IEEE80211_C_HOSTAP | 630 IEEE80211_C_WDS | /* 4-address traffic works */ 631 IEEE80211_C_MBSS | 632 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 633 IEEE80211_C_SHSLOT | /* short slot time supported */ 634 IEEE80211_C_WME | /* WME */ 635 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 636 637 ic->ic_cryptocaps = 638 IEEE80211_CRYPTO_WEP | 639 IEEE80211_CRYPTO_AES_CCM | 640 IEEE80211_CRYPTO_TKIPMIC | 641 IEEE80211_CRYPTO_TKIP; 642 643 ic->ic_flags |= IEEE80211_F_DATAPAD; 644 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 645 646 bands = 0; 647 setbit(&bands, IEEE80211_MODE_11B); 648 setbit(&bands, IEEE80211_MODE_11G); 649 ieee80211_init_channels(ic, NULL, &bands); 650 651 /* 652 * Do this by own because h/w supports 653 * more channels than ieee80211_init_channels() 654 */ 655 if (sc->rf_rev == RT2860_RF_2750 || 656 sc->rf_rev == RT2860_RF_2850 || 657 sc->rf_rev == RT3070_RF_3052) { 658 /* set supported .11a rates */ 659 for (i = 14; i < N(rt2860_rf2850); i++) { 660 uint8_t chan = rt2860_rf2850[i].chan; 661 ic->ic_channels[ic->ic_nchans].ic_freq = 662 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 663 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 664 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 665 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 666 ic->ic_nchans++; 667 } 668 } 669 670 ieee80211_ifattach(ic, sc->sc_bssid); 671 672 ic->ic_scan_start = run_scan_start; 673 ic->ic_scan_end = run_scan_end; 674 ic->ic_set_channel = run_set_channel; 675 ic->ic_node_alloc = run_node_alloc; 676 ic->ic_newassoc = run_newassoc; 677 //ic->ic_updateslot = run_updateslot; 678 ic->ic_update_mcast = run_update_mcast; 679 ic->ic_wme.wme_update = run_wme_update; 680 ic->ic_raw_xmit = run_raw_xmit; 681 ic->ic_update_promisc = run_update_promisc; 682 683 ic->ic_vap_create = run_vap_create; 684 ic->ic_vap_delete = run_vap_delete; 685 686 ieee80211_radiotap_attach(ic, 687 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 688 RUN_TX_RADIOTAP_PRESENT, 689 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 690 RUN_RX_RADIOTAP_PRESENT); 691 692 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 693 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 694 callout_init((struct callout *)&sc->ratectl_ch, 1); 695 696 if (bootverbose) 697 ieee80211_announce(ic); 698 699 return (0); 700 701 detach: 702 run_detach(self); 703 return (ENXIO); 704 } 705 706 static int 707 run_detach(device_t self) 708 { 709 struct run_softc *sc = device_get_softc(self); 710 struct ifnet *ifp = sc->sc_ifp; 711 struct ieee80211com *ic; 712 int i; 713 714 /* stop all USB transfers */ 715 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 716 717 RUN_LOCK(sc); 718 719 sc->ratectl_run = RUN_RATECTL_OFF; 720 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 721 722 /* free TX list, if any */ 723 for (i = 0; i != RUN_EP_QUEUES; i++) 724 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 725 RUN_UNLOCK(sc); 726 727 if (ifp) { 728 ic = ifp->if_l2com; 729 /* drain tasks */ 730 usb_callout_drain(&sc->ratectl_ch); 731 ieee80211_draintask(ic, &sc->cmdq_task); 732 ieee80211_draintask(ic, &sc->ratectl_task); 733 ieee80211_ifdetach(ic); 734 if_free(ifp); 735 } 736 737 mtx_destroy(&sc->sc_mtx); 738 739 return (0); 740 } 741 742 static struct ieee80211vap * 743 run_vap_create(struct ieee80211com *ic, 744 const char name[IFNAMSIZ], int unit, int opmode, int flags, 745 const uint8_t bssid[IEEE80211_ADDR_LEN], 746 const uint8_t mac[IEEE80211_ADDR_LEN]) 747 { 748 struct ifnet *ifp = ic->ic_ifp; 749 struct run_softc *sc = ifp->if_softc; 750 struct run_vap *rvp; 751 struct ieee80211vap *vap; 752 int i; 753 754 if (sc->rvp_cnt >= RUN_VAP_MAX) { 755 if_printf(ifp, "number of VAPs maxed out\n"); 756 return (NULL); 757 } 758 759 switch (opmode) { 760 case IEEE80211_M_STA: 761 /* enable s/w bmiss handling for sta mode */ 762 flags |= IEEE80211_CLONE_NOBEACONS; 763 /* fall though */ 764 case IEEE80211_M_IBSS: 765 case IEEE80211_M_MONITOR: 766 case IEEE80211_M_HOSTAP: 767 case IEEE80211_M_MBSS: 768 /* other than WDS vaps, only one at a time */ 769 if (!TAILQ_EMPTY(&ic->ic_vaps)) 770 return (NULL); 771 break; 772 case IEEE80211_M_WDS: 773 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 774 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 775 continue; 776 /* WDS vap's always share the local mac address. */ 777 flags &= ~IEEE80211_CLONE_BSSID; 778 break; 779 } 780 if (vap == NULL) { 781 if_printf(ifp, "wds only supported in ap mode\n"); 782 return (NULL); 783 } 784 break; 785 default: 786 if_printf(ifp, "unknown opmode %d\n", opmode); 787 return (NULL); 788 } 789 790 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 791 M_80211_VAP, M_NOWAIT | M_ZERO); 792 if (rvp == NULL) 793 return (NULL); 794 vap = &rvp->vap; 795 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 796 797 vap->iv_key_update_begin = run_key_update_begin; 798 vap->iv_key_update_end = run_key_update_end; 799 vap->iv_update_beacon = run_update_beacon; 800 vap->iv_max_aid = RT2870_WCID_MAX; 801 /* 802 * To delete the right key from h/w, we need wcid. 803 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 804 * and matching wcid will be written into there. So, cast 805 * some spells to remove 'const' from ieee80211_key{} 806 */ 807 vap->iv_key_delete = (void *)run_key_delete; 808 vap->iv_key_set = (void *)run_key_set; 809 810 /* override state transition machine */ 811 rvp->newstate = vap->iv_newstate; 812 vap->iv_newstate = run_newstate; 813 814 ieee80211_ratectl_init(vap); 815 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 816 817 /* complete setup */ 818 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 819 820 /* make sure id is always unique */ 821 for (i = 0; i < RUN_VAP_MAX; i++) { 822 if((sc->rvp_bmap & 1 << i) == 0){ 823 sc->rvp_bmap |= 1 << i; 824 rvp->rvp_id = i; 825 break; 826 } 827 } 828 if (sc->rvp_cnt++ == 0) 829 ic->ic_opmode = opmode; 830 831 if (opmode == IEEE80211_M_HOSTAP) 832 sc->cmdq_run = RUN_CMDQ_GO; 833 834 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 835 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 836 837 return (vap); 838 } 839 840 static void 841 run_vap_delete(struct ieee80211vap *vap) 842 { 843 struct run_vap *rvp = RUN_VAP(vap); 844 struct ifnet *ifp; 845 struct ieee80211com *ic; 846 struct run_softc *sc; 847 uint8_t rvp_id; 848 849 if (vap == NULL) 850 return; 851 852 ic = vap->iv_ic; 853 ifp = ic->ic_ifp; 854 855 sc = ifp->if_softc; 856 857 RUN_LOCK(sc); 858 859 rvp_id = rvp->rvp_id; 860 sc->ratectl_run &= ~(1 << rvp_id); 861 sc->rvp_bmap &= ~(1 << rvp_id); 862 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 863 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 864 --sc->rvp_cnt; 865 866 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 867 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 868 869 RUN_UNLOCK(sc); 870 871 ieee80211_ratectl_deinit(vap); 872 ieee80211_vap_detach(vap); 873 free(rvp, M_80211_VAP); 874 } 875 876 /* 877 * There are numbers of functions need to be called in context thread. 878 * Rather than creating taskqueue event for each of those functions, 879 * here is all-for-one taskqueue callback function. This function 880 * gurantees deferred functions are executed in the same order they 881 * were enqueued. 882 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 883 */ 884 static void 885 run_cmdq_cb(void *arg, int pending) 886 { 887 struct run_softc *sc = arg; 888 uint8_t i; 889 890 /* call cmdq[].func locked */ 891 RUN_LOCK(sc); 892 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 893 i = sc->cmdq_exec, pending--) { 894 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 895 if (sc->cmdq_run == RUN_CMDQ_GO) { 896 /* 897 * If arg0 is NULL, callback func needs more 898 * than one arg. So, pass ptr to cmdq struct. 899 */ 900 if (sc->cmdq[i].arg0) 901 sc->cmdq[i].func(sc->cmdq[i].arg0); 902 else 903 sc->cmdq[i].func(&sc->cmdq[i]); 904 } 905 sc->cmdq[i].arg0 = NULL; 906 sc->cmdq[i].func = NULL; 907 sc->cmdq_exec++; 908 sc->cmdq_exec &= RUN_CMDQ_MASQ; 909 } 910 RUN_UNLOCK(sc); 911 } 912 913 static void 914 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 915 { 916 struct run_tx_data *data; 917 918 memset(pq, 0, sizeof(*pq)); 919 920 STAILQ_INIT(&pq->tx_qh); 921 STAILQ_INIT(&pq->tx_fh); 922 923 for (data = &pq->tx_data[0]; 924 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 925 data->sc = sc; 926 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 927 } 928 pq->tx_nfree = RUN_TX_RING_COUNT; 929 } 930 931 static void 932 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 933 { 934 struct run_tx_data *data; 935 936 /* make sure any subsequent use of the queues will fail */ 937 pq->tx_nfree = 0; 938 STAILQ_INIT(&pq->tx_fh); 939 STAILQ_INIT(&pq->tx_qh); 940 941 /* free up all node references and mbufs */ 942 for (data = &pq->tx_data[0]; 943 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 944 if (data->m != NULL) { 945 m_freem(data->m); 946 data->m = NULL; 947 } 948 if (data->ni != NULL) { 949 ieee80211_free_node(data->ni); 950 data->ni = NULL; 951 } 952 } 953 } 954 955 int 956 run_load_microcode(struct run_softc *sc) 957 { 958 usb_device_request_t req; 959 const struct firmware *fw; 960 const u_char *base; 961 uint32_t tmp; 962 int ntries, error; 963 const uint64_t *temp; 964 uint64_t bytes; 965 966 RUN_UNLOCK(sc); 967 fw = firmware_get("runfw"); 968 RUN_LOCK(sc); 969 if (fw == NULL) { 970 device_printf(sc->sc_dev, 971 "failed loadfirmware of file %s\n", "runfw"); 972 return ENOENT; 973 } 974 975 if (fw->datasize != 8192) { 976 device_printf(sc->sc_dev, 977 "invalid firmware size (should be 8KB)\n"); 978 error = EINVAL; 979 goto fail; 980 } 981 982 /* 983 * RT3071/RT3072 use a different firmware 984 * run-rt2870 (8KB) contains both, 985 * first half (4KB) is for rt2870, 986 * last half is for rt3071. 987 */ 988 base = fw->data; 989 if ((sc->mac_ver) != 0x2860 && 990 (sc->mac_ver) != 0x2872 && 991 (sc->mac_ver) != 0x3070) { 992 base += 4096; 993 } 994 995 /* cheap sanity check */ 996 temp = fw->data; 997 bytes = *temp; 998 if (bytes != be64toh(0xffffff0210280210)) { 999 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1000 error = EINVAL; 1001 goto fail; 1002 } 1003 1004 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1005 /* write microcode image */ 1006 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1007 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1008 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1009 1010 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1011 req.bRequest = RT2870_RESET; 1012 USETW(req.wValue, 8); 1013 USETW(req.wIndex, 0); 1014 USETW(req.wLength, 0); 1015 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) != 0) { 1016 device_printf(sc->sc_dev, "firmware reset failed\n"); 1017 goto fail; 1018 } 1019 1020 run_delay(sc, 10); 1021 1022 run_write(sc, RT2860_H2M_MAILBOX, 0); 1023 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1024 goto fail; 1025 1026 /* wait until microcontroller is ready */ 1027 for (ntries = 0; ntries < 1000; ntries++) { 1028 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1029 goto fail; 1030 } 1031 if (tmp & RT2860_MCU_READY) 1032 break; 1033 run_delay(sc, 10); 1034 } 1035 if (ntries == 1000) { 1036 device_printf(sc->sc_dev, 1037 "timeout waiting for MCU to initialize\n"); 1038 error = ETIMEDOUT; 1039 goto fail; 1040 } 1041 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1042 (base == fw->data) ? "RT2870" : "RT3071", 1043 *(base + 4092), *(base + 4093)); 1044 1045 fail: 1046 firmware_put(fw, FIRMWARE_UNLOAD); 1047 return (error); 1048 } 1049 1050 int 1051 run_reset(struct run_softc *sc) 1052 { 1053 usb_device_request_t req; 1054 1055 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1056 req.bRequest = RT2870_RESET; 1057 USETW(req.wValue, 1); 1058 USETW(req.wIndex, 0); 1059 USETW(req.wLength, 0); 1060 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1061 } 1062 1063 static usb_error_t 1064 run_do_request(struct run_softc *sc, 1065 struct usb_device_request *req, void *data) 1066 { 1067 usb_error_t err; 1068 int ntries = 10; 1069 1070 RUN_LOCK_ASSERT(sc, MA_OWNED); 1071 1072 while (ntries--) { 1073 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1074 req, data, 0, NULL, 250 /* ms */); 1075 if (err == 0) 1076 break; 1077 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1078 usbd_errstr(err)); 1079 run_delay(sc, 10); 1080 } 1081 return (err); 1082 } 1083 1084 static int 1085 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1086 { 1087 uint32_t tmp; 1088 int error; 1089 1090 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1091 if (error == 0) 1092 *val = le32toh(tmp); 1093 else 1094 *val = 0xffffffff; 1095 return (error); 1096 } 1097 1098 static int 1099 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1100 { 1101 usb_device_request_t req; 1102 1103 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1104 req.bRequest = RT2870_READ_REGION_1; 1105 USETW(req.wValue, 0); 1106 USETW(req.wIndex, reg); 1107 USETW(req.wLength, len); 1108 1109 return (run_do_request(sc, &req, buf)); 1110 } 1111 1112 static int 1113 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1114 { 1115 usb_device_request_t req; 1116 1117 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1118 req.bRequest = RT2870_WRITE_2; 1119 USETW(req.wValue, val); 1120 USETW(req.wIndex, reg); 1121 USETW(req.wLength, 0); 1122 1123 return (run_do_request(sc, &req, NULL)); 1124 } 1125 1126 static int 1127 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1128 { 1129 int error; 1130 1131 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1132 error = run_write_2(sc, reg + 2, val >> 16); 1133 return (error); 1134 } 1135 1136 static int 1137 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1138 int len) 1139 { 1140 #if 1 1141 int i, error = 0; 1142 /* 1143 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1144 * We thus issue multiple WRITE_2 commands instead. 1145 */ 1146 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1147 for (i = 0; i < len && error == 0; i += 2) 1148 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1149 return (error); 1150 #else 1151 usb_device_request_t req; 1152 1153 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1154 req.bRequest = RT2870_WRITE_REGION_1; 1155 USETW(req.wValue, 0); 1156 USETW(req.wIndex, reg); 1157 USETW(req.wLength, len); 1158 return (run_do_request(sc, &req, buf)); 1159 #endif 1160 } 1161 1162 static int 1163 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1164 { 1165 int i, error = 0; 1166 1167 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1168 for (i = 0; i < len && error == 0; i += 4) 1169 error = run_write(sc, reg + i, val); 1170 return (error); 1171 } 1172 1173 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1174 static int 1175 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1176 { 1177 uint32_t tmp; 1178 uint16_t reg; 1179 int error, ntries; 1180 1181 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1182 return (error); 1183 1184 addr *= 2; 1185 /*- 1186 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1187 * DATA0: F E D C 1188 * DATA1: B A 9 8 1189 * DATA2: 7 6 5 4 1190 * DATA3: 3 2 1 0 1191 */ 1192 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1193 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1194 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1195 for (ntries = 0; ntries < 100; ntries++) { 1196 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1197 return (error); 1198 if (!(tmp & RT3070_EFSROM_KICK)) 1199 break; 1200 run_delay(sc, 2); 1201 } 1202 if (ntries == 100) 1203 return (ETIMEDOUT); 1204 1205 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1206 *val = 0xffff; /* address not found */ 1207 return (0); 1208 } 1209 /* determine to which 32-bit register our 16-bit word belongs */ 1210 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1211 if ((error = run_read(sc, reg, &tmp)) != 0) 1212 return (error); 1213 1214 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1215 return (0); 1216 } 1217 1218 static int 1219 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1220 { 1221 usb_device_request_t req; 1222 uint16_t tmp; 1223 int error; 1224 1225 addr *= 2; 1226 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1227 req.bRequest = RT2870_EEPROM_READ; 1228 USETW(req.wValue, 0); 1229 USETW(req.wIndex, addr); 1230 USETW(req.wLength, sizeof tmp); 1231 1232 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1233 if (error == 0) 1234 *val = le16toh(tmp); 1235 else 1236 *val = 0xffff; 1237 return (error); 1238 } 1239 1240 static __inline int 1241 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1242 { 1243 /* either eFUSE ROM or EEPROM */ 1244 return sc->sc_srom_read(sc, addr, val); 1245 } 1246 1247 static int 1248 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1249 { 1250 uint32_t tmp; 1251 int error, ntries; 1252 1253 for (ntries = 0; ntries < 10; ntries++) { 1254 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1255 return (error); 1256 if (!(tmp & RT2860_RF_REG_CTRL)) 1257 break; 1258 } 1259 if (ntries == 10) 1260 return (ETIMEDOUT); 1261 1262 /* RF registers are 24-bit on the RT2860 */ 1263 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1264 (val & 0x3fffff) << 2 | (reg & 3); 1265 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1266 } 1267 1268 static int 1269 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1270 { 1271 uint32_t tmp; 1272 int error, ntries; 1273 1274 for (ntries = 0; ntries < 100; ntries++) { 1275 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1276 return (error); 1277 if (!(tmp & RT3070_RF_KICK)) 1278 break; 1279 } 1280 if (ntries == 100) 1281 return (ETIMEDOUT); 1282 1283 tmp = RT3070_RF_KICK | reg << 8; 1284 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1285 return (error); 1286 1287 for (ntries = 0; ntries < 100; ntries++) { 1288 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1289 return (error); 1290 if (!(tmp & RT3070_RF_KICK)) 1291 break; 1292 } 1293 if (ntries == 100) 1294 return (ETIMEDOUT); 1295 1296 *val = tmp & 0xff; 1297 return (0); 1298 } 1299 1300 static int 1301 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1302 { 1303 uint32_t tmp; 1304 int error, ntries; 1305 1306 for (ntries = 0; ntries < 10; ntries++) { 1307 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1308 return (error); 1309 if (!(tmp & RT3070_RF_KICK)) 1310 break; 1311 } 1312 if (ntries == 10) 1313 return (ETIMEDOUT); 1314 1315 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1316 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1317 } 1318 1319 static int 1320 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1321 { 1322 uint32_t tmp; 1323 int ntries, error; 1324 1325 for (ntries = 0; ntries < 10; ntries++) { 1326 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1327 return (error); 1328 if (!(tmp & RT2860_BBP_CSR_KICK)) 1329 break; 1330 } 1331 if (ntries == 10) 1332 return (ETIMEDOUT); 1333 1334 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1335 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1336 return (error); 1337 1338 for (ntries = 0; ntries < 10; ntries++) { 1339 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1340 return (error); 1341 if (!(tmp & RT2860_BBP_CSR_KICK)) 1342 break; 1343 } 1344 if (ntries == 10) 1345 return (ETIMEDOUT); 1346 1347 *val = tmp & 0xff; 1348 return (0); 1349 } 1350 1351 static int 1352 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1353 { 1354 uint32_t tmp; 1355 int ntries, error; 1356 1357 for (ntries = 0; ntries < 10; ntries++) { 1358 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1359 return (error); 1360 if (!(tmp & RT2860_BBP_CSR_KICK)) 1361 break; 1362 } 1363 if (ntries == 10) 1364 return (ETIMEDOUT); 1365 1366 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1367 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1368 } 1369 1370 /* 1371 * Send a command to the 8051 microcontroller unit. 1372 */ 1373 static int 1374 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1375 { 1376 uint32_t tmp; 1377 int error, ntries; 1378 1379 for (ntries = 0; ntries < 100; ntries++) { 1380 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1381 return error; 1382 if (!(tmp & RT2860_H2M_BUSY)) 1383 break; 1384 } 1385 if (ntries == 100) 1386 return ETIMEDOUT; 1387 1388 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1389 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1390 error = run_write(sc, RT2860_HOST_CMD, cmd); 1391 return (error); 1392 } 1393 1394 /* 1395 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1396 * Used to adjust per-rate Tx power registers. 1397 */ 1398 static __inline uint32_t 1399 b4inc(uint32_t b32, int8_t delta) 1400 { 1401 int8_t i, b4; 1402 1403 for (i = 0; i < 8; i++) { 1404 b4 = b32 & 0xf; 1405 b4 += delta; 1406 if (b4 < 0) 1407 b4 = 0; 1408 else if (b4 > 0xf) 1409 b4 = 0xf; 1410 b32 = b32 >> 4 | b4 << 28; 1411 } 1412 return (b32); 1413 } 1414 1415 static const char * 1416 run_get_rf(int rev) 1417 { 1418 switch (rev) { 1419 case RT2860_RF_2820: return "RT2820"; 1420 case RT2860_RF_2850: return "RT2850"; 1421 case RT2860_RF_2720: return "RT2720"; 1422 case RT2860_RF_2750: return "RT2750"; 1423 case RT3070_RF_3020: return "RT3020"; 1424 case RT3070_RF_2020: return "RT2020"; 1425 case RT3070_RF_3021: return "RT3021"; 1426 case RT3070_RF_3022: return "RT3022"; 1427 case RT3070_RF_3052: return "RT3052"; 1428 } 1429 return ("unknown"); 1430 } 1431 1432 int 1433 run_read_eeprom(struct run_softc *sc) 1434 { 1435 int8_t delta_2ghz, delta_5ghz; 1436 uint32_t tmp; 1437 uint16_t val; 1438 int ridx, ant, i; 1439 1440 /* check whether the ROM is eFUSE ROM or EEPROM */ 1441 sc->sc_srom_read = run_eeprom_read_2; 1442 if (sc->mac_ver >= 0x3070) { 1443 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1444 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1445 if (tmp & RT3070_SEL_EFUSE) 1446 sc->sc_srom_read = run_efuse_read_2; 1447 } 1448 1449 /* read ROM version */ 1450 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1451 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1452 1453 /* read MAC address */ 1454 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1455 sc->sc_bssid[0] = val & 0xff; 1456 sc->sc_bssid[1] = val >> 8; 1457 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1458 sc->sc_bssid[2] = val & 0xff; 1459 sc->sc_bssid[3] = val >> 8; 1460 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1461 sc->sc_bssid[4] = val & 0xff; 1462 sc->sc_bssid[5] = val >> 8; 1463 1464 /* read vender BBP settings */ 1465 for (i = 0; i < 10; i++) { 1466 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1467 sc->bbp[i].val = val & 0xff; 1468 sc->bbp[i].reg = val >> 8; 1469 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1470 } 1471 if (sc->mac_ver >= 0x3071) { 1472 /* read vendor RF settings */ 1473 for (i = 0; i < 10; i++) { 1474 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1475 sc->rf[i].val = val & 0xff; 1476 sc->rf[i].reg = val >> 8; 1477 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1478 sc->rf[i].val); 1479 } 1480 } 1481 1482 /* read RF frequency offset from EEPROM */ 1483 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1484 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1485 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1486 1487 if (val >> 8 != 0xff) { 1488 /* read LEDs operating mode */ 1489 sc->leds = val >> 8; 1490 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1491 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1492 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1493 } else { 1494 /* broken EEPROM, use default settings */ 1495 sc->leds = 0x01; 1496 sc->led[0] = 0x5555; 1497 sc->led[1] = 0x2221; 1498 sc->led[2] = 0x5627; /* differs from RT2860 */ 1499 } 1500 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1501 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1502 1503 /* read RF information */ 1504 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1505 if (val == 0xffff) { 1506 DPRINTF("invalid EEPROM antenna info, using default\n"); 1507 if (sc->mac_ver == 0x3572) { 1508 /* default to RF3052 2T2R */ 1509 sc->rf_rev = RT3070_RF_3052; 1510 sc->ntxchains = 2; 1511 sc->nrxchains = 2; 1512 } else if (sc->mac_ver >= 0x3070) { 1513 /* default to RF3020 1T1R */ 1514 sc->rf_rev = RT3070_RF_3020; 1515 sc->ntxchains = 1; 1516 sc->nrxchains = 1; 1517 } else { 1518 /* default to RF2820 1T2R */ 1519 sc->rf_rev = RT2860_RF_2820; 1520 sc->ntxchains = 1; 1521 sc->nrxchains = 2; 1522 } 1523 } else { 1524 sc->rf_rev = (val >> 8) & 0xf; 1525 sc->ntxchains = (val >> 4) & 0xf; 1526 sc->nrxchains = val & 0xf; 1527 } 1528 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1529 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1530 1531 /* check if RF supports automatic Tx access gain control */ 1532 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1533 DPRINTF("EEPROM CFG 0x%04x\n", val); 1534 /* check if driver should patch the DAC issue */ 1535 if ((val >> 8) != 0xff) 1536 sc->patch_dac = (val >> 15) & 1; 1537 if ((val & 0xff) != 0xff) { 1538 sc->ext_5ghz_lna = (val >> 3) & 1; 1539 sc->ext_2ghz_lna = (val >> 2) & 1; 1540 /* check if RF supports automatic Tx access gain control */ 1541 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1542 /* check if we have a hardware radio switch */ 1543 sc->rfswitch = val & 1; 1544 } 1545 1546 /* read power settings for 2GHz channels */ 1547 for (i = 0; i < 14; i += 2) { 1548 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1549 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1550 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1551 1552 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1553 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1554 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1555 } 1556 /* fix broken Tx power entries */ 1557 for (i = 0; i < 14; i++) { 1558 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1559 sc->txpow1[i] = 5; 1560 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1561 sc->txpow2[i] = 5; 1562 DPRINTF("chan %d: power1=%d, power2=%d\n", 1563 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1564 } 1565 /* read power settings for 5GHz channels */ 1566 for (i = 0; i < 40; i += 2) { 1567 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1568 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1569 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1570 1571 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1572 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1573 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1574 } 1575 /* fix broken Tx power entries */ 1576 for (i = 0; i < 40; i++) { 1577 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1578 sc->txpow1[14 + i] = 5; 1579 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1580 sc->txpow2[14 + i] = 5; 1581 DPRINTF("chan %d: power1=%d, power2=%d\n", 1582 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1583 sc->txpow2[14 + i]); 1584 } 1585 1586 /* read Tx power compensation for each Tx rate */ 1587 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1588 delta_2ghz = delta_5ghz = 0; 1589 if ((val & 0xff) != 0xff && (val & 0x80)) { 1590 delta_2ghz = val & 0xf; 1591 if (!(val & 0x40)) /* negative number */ 1592 delta_2ghz = -delta_2ghz; 1593 } 1594 val >>= 8; 1595 if ((val & 0xff) != 0xff && (val & 0x80)) { 1596 delta_5ghz = val & 0xf; 1597 if (!(val & 0x40)) /* negative number */ 1598 delta_5ghz = -delta_5ghz; 1599 } 1600 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1601 delta_2ghz, delta_5ghz); 1602 1603 for (ridx = 0; ridx < 5; ridx++) { 1604 uint32_t reg; 1605 1606 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1607 reg = val; 1608 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1609 reg |= (uint32_t)val << 16; 1610 1611 sc->txpow20mhz[ridx] = reg; 1612 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1613 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1614 1615 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1616 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1617 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1618 } 1619 1620 /* read RSSI offsets and LNA gains from EEPROM */ 1621 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1622 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1623 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1624 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1625 if (sc->mac_ver >= 0x3070) { 1626 /* 1627 * On RT3070 chips (limited to 2 Rx chains), this ROM 1628 * field contains the Tx mixer gain for the 2GHz band. 1629 */ 1630 if ((val & 0xff) != 0xff) 1631 sc->txmixgain_2ghz = val & 0x7; 1632 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1633 } else 1634 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1635 sc->lna[2] = val >> 8; /* channel group 2 */ 1636 1637 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1638 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1639 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1640 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1641 if (sc->mac_ver == 0x3572) { 1642 /* 1643 * On RT3572 chips (limited to 2 Rx chains), this ROM 1644 * field contains the Tx mixer gain for the 5GHz band. 1645 */ 1646 if ((val & 0xff) != 0xff) 1647 sc->txmixgain_5ghz = val & 0x7; 1648 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1649 } else 1650 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1651 sc->lna[3] = val >> 8; /* channel group 3 */ 1652 1653 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1654 sc->lna[0] = val & 0xff; /* channel group 0 */ 1655 sc->lna[1] = val >> 8; /* channel group 1 */ 1656 1657 /* fix broken 5GHz LNA entries */ 1658 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1659 DPRINTF("invalid LNA for channel group %d\n", 2); 1660 sc->lna[2] = sc->lna[1]; 1661 } 1662 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1663 DPRINTF("invalid LNA for channel group %d\n", 3); 1664 sc->lna[3] = sc->lna[1]; 1665 } 1666 1667 /* fix broken RSSI offset entries */ 1668 for (ant = 0; ant < 3; ant++) { 1669 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1670 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1671 ant + 1, sc->rssi_2ghz[ant]); 1672 sc->rssi_2ghz[ant] = 0; 1673 } 1674 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1675 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1676 ant + 1, sc->rssi_5ghz[ant]); 1677 sc->rssi_5ghz[ant] = 0; 1678 } 1679 } 1680 return (0); 1681 } 1682 1683 struct ieee80211_node * 1684 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1685 { 1686 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1687 } 1688 1689 static int 1690 run_media_change(struct ifnet *ifp) 1691 { 1692 struct ieee80211vap *vap = ifp->if_softc; 1693 struct ieee80211com *ic = vap->iv_ic; 1694 const struct ieee80211_txparam *tp; 1695 struct run_softc *sc = ic->ic_ifp->if_softc; 1696 uint8_t rate, ridx; 1697 int error; 1698 1699 RUN_LOCK(sc); 1700 1701 error = ieee80211_media_change(ifp); 1702 if (error != ENETRESET) { 1703 RUN_UNLOCK(sc); 1704 return (error); 1705 } 1706 1707 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1708 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1709 struct ieee80211_node *ni; 1710 struct run_node *rn; 1711 1712 rate = ic->ic_sup_rates[ic->ic_curmode]. 1713 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1714 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1715 if (rt2860_rates[ridx].rate == rate) 1716 break; 1717 ni = ieee80211_ref_node(vap->iv_bss); 1718 rn = (struct run_node *)ni; 1719 rn->fix_ridx = ridx; 1720 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1721 ieee80211_free_node(ni); 1722 } 1723 1724 #if 0 1725 if ((ifp->if_flags & IFF_UP) && 1726 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1727 run_init_locked(sc); 1728 } 1729 #endif 1730 1731 RUN_UNLOCK(sc); 1732 1733 return (0); 1734 } 1735 1736 static int 1737 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1738 { 1739 const struct ieee80211_txparam *tp; 1740 struct ieee80211com *ic = vap->iv_ic; 1741 struct run_softc *sc = ic->ic_ifp->if_softc; 1742 struct run_vap *rvp = RUN_VAP(vap); 1743 enum ieee80211_state ostate; 1744 uint32_t sta[3]; 1745 uint32_t tmp; 1746 uint8_t ratectl; 1747 uint8_t restart_ratectl = 0; 1748 uint8_t bid = 1 << rvp->rvp_id; 1749 1750 ostate = vap->iv_state; 1751 DPRINTF("%s -> %s\n", 1752 ieee80211_state_name[ostate], 1753 ieee80211_state_name[nstate]); 1754 1755 IEEE80211_UNLOCK(ic); 1756 RUN_LOCK(sc); 1757 1758 ratectl = sc->ratectl_run; /* remember current state */ 1759 sc->ratectl_run = RUN_RATECTL_OFF; 1760 usb_callout_stop(&sc->ratectl_ch); 1761 1762 if (ostate == IEEE80211_S_RUN) { 1763 /* turn link LED off */ 1764 run_set_leds(sc, RT2860_LED_RADIO); 1765 } 1766 1767 switch (nstate) { 1768 case IEEE80211_S_INIT: 1769 restart_ratectl = 1; 1770 1771 if (ostate != IEEE80211_S_RUN) 1772 break; 1773 1774 ratectl &= ~bid; 1775 sc->runbmap &= ~bid; 1776 1777 /* abort TSF synchronization if there is no vap running */ 1778 if (--sc->running == 0) { 1779 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1780 run_write(sc, RT2860_BCN_TIME_CFG, 1781 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1782 RT2860_TBTT_TIMER_EN)); 1783 } 1784 break; 1785 1786 1787 case IEEE80211_S_RUN: 1788 if (!(sc->runbmap & bid)) { 1789 if(sc->running++) 1790 restart_ratectl = 1; 1791 sc->runbmap |= bid; 1792 } 1793 1794 switch (vap->iv_opmode) { 1795 case IEEE80211_M_HOSTAP: 1796 case IEEE80211_M_MBSS: 1797 sc->ap_running |= bid; 1798 ic->ic_opmode = vap->iv_opmode; 1799 run_update_beacon_cb(vap); 1800 break; 1801 case IEEE80211_M_IBSS: 1802 sc->adhoc_running |= bid; 1803 if (!sc->ap_running) 1804 ic->ic_opmode = vap->iv_opmode; 1805 run_update_beacon_cb(vap); 1806 break; 1807 case IEEE80211_M_STA: 1808 sc->sta_running |= bid; 1809 if (!sc->ap_running && !sc->adhoc_running) 1810 ic->ic_opmode = vap->iv_opmode; 1811 1812 /* read statistic counters (clear on read) */ 1813 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1814 (uint8_t *)sta, sizeof sta); 1815 1816 break; 1817 default: 1818 ic->ic_opmode = vap->iv_opmode; 1819 break; 1820 } 1821 1822 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1823 struct ieee80211_node *ni; 1824 1825 run_updateslot(ic->ic_ifp); 1826 run_enable_mrr(sc); 1827 run_set_txpreamble(sc); 1828 run_set_basicrates(sc); 1829 ni = ieee80211_ref_node(vap->iv_bss); 1830 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1831 run_set_bssid(sc, ni->ni_bssid); 1832 ieee80211_free_node(ni); 1833 run_enable_tsf_sync(sc); 1834 1835 /* enable automatic rate adaptation */ 1836 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1837 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1838 ratectl |= bid; 1839 } 1840 1841 /* turn link LED on */ 1842 run_set_leds(sc, RT2860_LED_RADIO | 1843 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1844 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1845 1846 break; 1847 default: 1848 DPRINTFN(6, "undefined case\n"); 1849 break; 1850 } 1851 1852 /* restart amrr for running VAPs */ 1853 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1854 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1855 1856 RUN_UNLOCK(sc); 1857 IEEE80211_LOCK(ic); 1858 1859 return(rvp->newstate(vap, nstate, arg)); 1860 } 1861 1862 /* ARGSUSED */ 1863 static void 1864 run_wme_update_cb(void *arg) 1865 { 1866 struct ieee80211com *ic = arg; 1867 struct run_softc *sc = ic->ic_ifp->if_softc; 1868 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1869 int aci, error = 0; 1870 1871 RUN_LOCK_ASSERT(sc, MA_OWNED); 1872 1873 /* update MAC TX configuration registers */ 1874 for (aci = 0; aci < WME_NUM_AC; aci++) { 1875 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1876 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1877 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1878 wmesp->wme_params[aci].wmep_aifsn << 8 | 1879 wmesp->wme_params[aci].wmep_txopLimit); 1880 if (error) goto err; 1881 } 1882 1883 /* update SCH/DMA registers too */ 1884 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1885 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1886 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1887 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1888 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1889 if (error) goto err; 1890 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1891 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1892 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1893 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1894 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1895 if (error) goto err; 1896 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1897 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1898 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1899 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1900 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1901 if (error) goto err; 1902 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1903 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1904 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1905 if (error) goto err; 1906 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1907 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1908 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1909 1910 err: 1911 if (error) 1912 DPRINTF("WME update failed\n"); 1913 1914 return; 1915 } 1916 1917 static int 1918 run_wme_update(struct ieee80211com *ic) 1919 { 1920 struct run_softc *sc = ic->ic_ifp->if_softc; 1921 1922 /* sometime called wothout lock */ 1923 if (mtx_owned(&ic->ic_comlock.mtx)) { 1924 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1925 DPRINTF("cmdq_store=%d\n", i); 1926 sc->cmdq[i].func = run_wme_update_cb; 1927 sc->cmdq[i].arg0 = ic; 1928 ieee80211_runtask(ic, &sc->cmdq_task); 1929 return (0); 1930 } 1931 1932 RUN_LOCK(sc); 1933 run_wme_update_cb(ic); 1934 RUN_UNLOCK(sc); 1935 1936 /* return whatever, upper layer desn't care anyway */ 1937 return (0); 1938 } 1939 1940 static void 1941 run_key_update_begin(struct ieee80211vap *vap) 1942 { 1943 /* 1944 * To avoid out-of-order events, both run_key_set() and 1945 * _delete() are deferred and handled by run_cmdq_cb(). 1946 * So, there is nothing we need to do here. 1947 */ 1948 } 1949 1950 static void 1951 run_key_update_end(struct ieee80211vap *vap) 1952 { 1953 /* null */ 1954 } 1955 1956 static void 1957 run_key_set_cb(void *arg) 1958 { 1959 struct run_cmdq *cmdq = arg; 1960 struct ieee80211vap *vap = cmdq->arg1; 1961 struct ieee80211_key *k = cmdq->k; 1962 struct ieee80211com *ic = vap->iv_ic; 1963 struct run_softc *sc = ic->ic_ifp->if_softc; 1964 struct ieee80211_node *ni; 1965 uint32_t attr; 1966 uint16_t base, associd; 1967 uint8_t mode, wcid, iv[8]; 1968 1969 RUN_LOCK_ASSERT(sc, MA_OWNED); 1970 1971 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1972 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1973 else 1974 ni = vap->iv_bss; 1975 associd = (ni != NULL) ? ni->ni_associd : 0; 1976 1977 /* map net80211 cipher to RT2860 security mode */ 1978 switch (k->wk_cipher->ic_cipher) { 1979 case IEEE80211_CIPHER_WEP: 1980 if(k->wk_keylen < 8) 1981 mode = RT2860_MODE_WEP40; 1982 else 1983 mode = RT2860_MODE_WEP104; 1984 break; 1985 case IEEE80211_CIPHER_TKIP: 1986 mode = RT2860_MODE_TKIP; 1987 break; 1988 case IEEE80211_CIPHER_AES_CCM: 1989 mode = RT2860_MODE_AES_CCMP; 1990 break; 1991 default: 1992 DPRINTF("undefined case\n"); 1993 return; 1994 } 1995 1996 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 1997 associd, k->wk_keyix, mode, 1998 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 1999 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2000 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2001 2002 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2003 wcid = 0; /* NB: update WCID0 for group keys */ 2004 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2005 } else { 2006 wcid = RUN_AID2WCID(associd); 2007 base = RT2860_PKEY(wcid); 2008 } 2009 2010 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2011 if(run_write_region_1(sc, base, k->wk_key, 16)) 2012 return; 2013 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2014 return; 2015 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2016 return; 2017 } else { 2018 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2019 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2020 return; 2021 } 2022 2023 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2024 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2025 /* set initial packet number in IV+EIV */ 2026 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2027 memset(iv, 0, sizeof iv); 2028 iv[3] = vap->iv_def_txkey << 6; 2029 } else { 2030 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2031 iv[0] = k->wk_keytsc >> 8; 2032 iv[1] = (iv[0] | 0x20) & 0x7f; 2033 iv[2] = k->wk_keytsc; 2034 } else /* CCMP */ { 2035 iv[0] = k->wk_keytsc; 2036 iv[1] = k->wk_keytsc >> 8; 2037 iv[2] = 0; 2038 } 2039 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2040 iv[4] = k->wk_keytsc >> 16; 2041 iv[5] = k->wk_keytsc >> 24; 2042 iv[6] = k->wk_keytsc >> 32; 2043 iv[7] = k->wk_keytsc >> 40; 2044 } 2045 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2046 return; 2047 } 2048 2049 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2050 /* install group key */ 2051 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2052 return; 2053 attr &= ~(0xf << (k->wk_keyix * 4)); 2054 attr |= mode << (k->wk_keyix * 4); 2055 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2056 return; 2057 } else { 2058 /* install pairwise key */ 2059 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2060 return; 2061 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2062 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2063 return; 2064 } 2065 2066 /* TODO create a pass-thru key entry? */ 2067 2068 /* need wcid to delete the right key later */ 2069 k->wk_pad = wcid; 2070 } 2071 2072 /* 2073 * Don't have to be deferred, but in order to keep order of 2074 * execution, i.e. with run_key_delete(), defer this and let 2075 * run_cmdq_cb() maintain the order. 2076 * 2077 * return 0 on error 2078 */ 2079 static int 2080 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2081 const uint8_t mac[IEEE80211_ADDR_LEN]) 2082 { 2083 struct ieee80211com *ic = vap->iv_ic; 2084 struct run_softc *sc = ic->ic_ifp->if_softc; 2085 uint32_t i; 2086 2087 i = RUN_CMDQ_GET(&sc->cmdq_store); 2088 DPRINTF("cmdq_store=%d\n", i); 2089 sc->cmdq[i].func = run_key_set_cb; 2090 sc->cmdq[i].arg0 = NULL; 2091 sc->cmdq[i].arg1 = vap; 2092 sc->cmdq[i].k = k; 2093 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2094 ieee80211_runtask(ic, &sc->cmdq_task); 2095 2096 /* 2097 * To make sure key will be set when hostapd 2098 * calls iv_key_set() before if_init(). 2099 */ 2100 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2101 RUN_LOCK(sc); 2102 sc->cmdq_key_set = RUN_CMDQ_GO; 2103 RUN_UNLOCK(sc); 2104 } 2105 2106 return (1); 2107 } 2108 2109 /* 2110 * If wlan is destroyed without being brought down i.e. without 2111 * wlan down or wpa_cli terminate, this function is called after 2112 * vap is gone. Don't refer it. 2113 */ 2114 static void 2115 run_key_delete_cb(void *arg) 2116 { 2117 struct run_cmdq *cmdq = arg; 2118 struct run_softc *sc = cmdq->arg1; 2119 struct ieee80211_key *k = &cmdq->key; 2120 uint32_t attr; 2121 uint8_t wcid; 2122 2123 RUN_LOCK_ASSERT(sc, MA_OWNED); 2124 2125 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2126 /* remove group key */ 2127 DPRINTF("removing group key\n"); 2128 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2129 attr &= ~(0xf << (k->wk_keyix * 4)); 2130 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2131 } else { 2132 /* remove pairwise key */ 2133 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2134 /* matching wcid was written to wk_pad in run_key_set() */ 2135 wcid = k->wk_pad; 2136 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2137 attr &= ~0xf; 2138 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2139 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2140 } 2141 2142 k->wk_pad = 0; 2143 } 2144 2145 /* 2146 * return 0 on error 2147 */ 2148 static int 2149 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2150 { 2151 struct ieee80211com *ic = vap->iv_ic; 2152 struct run_softc *sc = ic->ic_ifp->if_softc; 2153 struct ieee80211_key *k0; 2154 uint32_t i; 2155 2156 /* 2157 * When called back, key might be gone. So, make a copy 2158 * of some values need to delete keys before deferring. 2159 * But, because of LOR with node lock, cannot use lock here. 2160 * So, use atomic instead. 2161 */ 2162 i = RUN_CMDQ_GET(&sc->cmdq_store); 2163 DPRINTF("cmdq_store=%d\n", i); 2164 sc->cmdq[i].func = run_key_delete_cb; 2165 sc->cmdq[i].arg0 = NULL; 2166 sc->cmdq[i].arg1 = sc; 2167 k0 = &sc->cmdq[i].key; 2168 k0->wk_flags = k->wk_flags; 2169 k0->wk_keyix = k->wk_keyix; 2170 /* matching wcid was written to wk_pad in run_key_set() */ 2171 k0->wk_pad = k->wk_pad; 2172 ieee80211_runtask(ic, &sc->cmdq_task); 2173 return (1); /* return fake success */ 2174 2175 } 2176 2177 static void 2178 run_ratectl_to(void *arg) 2179 { 2180 struct run_softc *sc = arg; 2181 2182 /* do it in a process context, so it can go sleep */ 2183 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2184 /* next timeout will be rescheduled in the callback task */ 2185 } 2186 2187 /* ARGSUSED */ 2188 static void 2189 run_ratectl_cb(void *arg, int pending) 2190 { 2191 struct run_softc *sc = arg; 2192 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2193 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2194 2195 if (vap == NULL) 2196 return; 2197 2198 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2199 run_iter_func(sc, vap->iv_bss); 2200 else { 2201 /* 2202 * run_reset_livelock() doesn't do anything with AMRR, 2203 * but Ralink wants us to call it every 1 sec. So, we 2204 * piggyback here rather than creating another callout. 2205 * Livelock may occur only in HOSTAP or IBSS mode 2206 * (when h/w is sending beacons). 2207 */ 2208 RUN_LOCK(sc); 2209 run_reset_livelock(sc); 2210 /* just in case, there are some stats to drain */ 2211 run_drain_fifo(sc); 2212 RUN_UNLOCK(sc); 2213 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2214 } 2215 2216 if(sc->ratectl_run != RUN_RATECTL_OFF) 2217 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2218 } 2219 2220 static void 2221 run_drain_fifo(void *arg) 2222 { 2223 struct run_softc *sc = arg; 2224 struct ifnet *ifp = sc->sc_ifp; 2225 struct ieee80211_node *ni = sc->sc_ni[0]; /* make compiler happy */ 2226 uint32_t stat; 2227 int retrycnt = 0; 2228 uint8_t wcid, mcs, pid; 2229 2230 RUN_LOCK_ASSERT(sc, MA_OWNED); 2231 2232 for (;;) { 2233 /* drain Tx status FIFO (maxsize = 16) */ 2234 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2235 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2236 if (!(stat & RT2860_TXQ_VLD)) 2237 break; 2238 2239 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2240 2241 /* if no ACK was requested, no feedback is available */ 2242 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2243 wcid == 0) 2244 continue; 2245 2246 ni = sc->sc_ni[wcid]; 2247 if (ni->ni_rctls == NULL) 2248 continue; 2249 2250 /* update per-STA AMRR stats */ 2251 if (stat & RT2860_TXQ_OK) { 2252 /* 2253 * Check if there were retries, ie if the Tx 2254 * success rate is different from the requested 2255 * rate. Note that it works only because we do 2256 * not allow rate fallback from OFDM to CCK. 2257 */ 2258 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2259 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2260 if (mcs + 1 != pid) 2261 retrycnt = 1; 2262 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2263 IEEE80211_RATECTL_TX_SUCCESS, 2264 &retrycnt, NULL); 2265 } else { 2266 retrycnt = 1; 2267 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2268 IEEE80211_RATECTL_TX_FAILURE, 2269 &retrycnt, NULL); 2270 ifp->if_oerrors++; 2271 } 2272 } 2273 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2274 2275 sc->fifo_cnt = 0; 2276 } 2277 2278 static void 2279 run_iter_func(void *arg, struct ieee80211_node *ni) 2280 { 2281 struct run_softc *sc = arg; 2282 struct ieee80211vap *vap = ni->ni_vap; 2283 struct ieee80211com *ic = ni->ni_ic; 2284 struct ifnet *ifp = ic->ic_ifp; 2285 struct run_node *rn = (void *)ni; 2286 uint32_t sta[3]; 2287 int txcnt = 0, success = 0, retrycnt = 0; 2288 int error; 2289 2290 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2291 vap->iv_opmode == IEEE80211_M_STA)) { 2292 RUN_LOCK(sc); 2293 2294 /* read statistic counters (clear on read) and update AMRR state */ 2295 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2296 sizeof sta); 2297 if (error != 0) 2298 return; 2299 2300 DPRINTFN(3, "retrycnt=%d txcnt=%d failcnt=%d\n", 2301 le32toh(sta[1]) >> 16, le32toh(sta[1]) & 0xffff, 2302 le32toh(sta[0]) & 0xffff); 2303 2304 /* count failed TX as errors */ 2305 ifp->if_oerrors += le32toh(sta[0]) & 0xffff; 2306 2307 retrycnt = 2308 (le32toh(sta[0]) & 0xffff) + /* failed TX count */ 2309 (le32toh(sta[1]) >> 16); /* TX retransmission count */ 2310 2311 txcnt = 2312 retrycnt + 2313 (le32toh(sta[1]) & 0xffff); /* successful TX count */ 2314 2315 success = 2316 (le32toh(sta[1]) >> 16) + 2317 (le32toh(sta[1]) & 0xffff); 2318 2319 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, 2320 &retrycnt); 2321 2322 RUN_UNLOCK(sc); 2323 } 2324 2325 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2326 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2327 } 2328 2329 static void 2330 run_newassoc_cb(void *arg) 2331 { 2332 struct run_cmdq *cmdq = arg; 2333 struct ieee80211_node *ni = cmdq->arg1; 2334 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2335 uint8_t wcid = cmdq->wcid; 2336 2337 RUN_LOCK_ASSERT(sc, MA_OWNED); 2338 2339 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2340 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2341 } 2342 2343 static void 2344 run_newassoc(struct ieee80211_node *ni, int isnew) 2345 { 2346 struct run_node *rn = (void *)ni; 2347 struct ieee80211_rateset *rs = &ni->ni_rates; 2348 struct ieee80211vap *vap = ni->ni_vap; 2349 struct ieee80211com *ic = vap->iv_ic; 2350 struct run_softc *sc = ic->ic_ifp->if_softc; 2351 uint8_t rate; 2352 uint8_t ridx; 2353 uint8_t wcid = RUN_AID2WCID(ni->ni_associd); 2354 int i, j; 2355 2356 if (wcid > RT2870_WCID_MAX) { 2357 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2358 return; 2359 } 2360 2361 /* only interested in true associations */ 2362 if (isnew && ni->ni_associd != 0) { 2363 2364 /* 2365 * This function could is called though timeout function. 2366 * Need to defer. 2367 */ 2368 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2369 DPRINTF("cmdq_store=%d\n", cnt); 2370 sc->cmdq[cnt].func = run_newassoc_cb; 2371 sc->cmdq[cnt].arg0 = NULL; 2372 sc->cmdq[cnt].arg1 = ni; 2373 sc->cmdq[cnt].wcid = wcid; 2374 ieee80211_runtask(ic, &sc->cmdq_task); 2375 } 2376 2377 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2378 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2379 2380 sc->sc_ni[wcid] = ni; 2381 2382 for (i = 0; i < rs->rs_nrates; i++) { 2383 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2384 /* convert 802.11 rate to hardware rate index */ 2385 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2386 if (rt2860_rates[ridx].rate == rate) 2387 break; 2388 rn->ridx[i] = ridx; 2389 /* determine rate of control response frames */ 2390 for (j = i; j >= 0; j--) { 2391 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2392 rt2860_rates[rn->ridx[i]].phy == 2393 rt2860_rates[rn->ridx[j]].phy) 2394 break; 2395 } 2396 if (j >= 0) { 2397 rn->ctl_ridx[i] = rn->ridx[j]; 2398 } else { 2399 /* no basic rate found, use mandatory one */ 2400 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2401 } 2402 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2403 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2404 } 2405 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2406 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2407 if (rt2860_rates[ridx].rate == rate) 2408 break; 2409 rn->mgt_ridx = ridx; 2410 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2411 2412 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2413 } 2414 2415 /* 2416 * Return the Rx chain with the highest RSSI for a given frame. 2417 */ 2418 static __inline uint8_t 2419 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2420 { 2421 uint8_t rxchain = 0; 2422 2423 if (sc->nrxchains > 1) { 2424 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2425 rxchain = 1; 2426 if (sc->nrxchains > 2) 2427 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2428 rxchain = 2; 2429 } 2430 return (rxchain); 2431 } 2432 2433 static void 2434 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2435 { 2436 struct ifnet *ifp = sc->sc_ifp; 2437 struct ieee80211com *ic = ifp->if_l2com; 2438 struct ieee80211_frame *wh; 2439 struct ieee80211_node *ni; 2440 struct rt2870_rxd *rxd; 2441 struct rt2860_rxwi *rxwi; 2442 uint32_t flags; 2443 uint16_t len, phy; 2444 uint8_t ant, rssi; 2445 int8_t nf; 2446 2447 rxwi = mtod(m, struct rt2860_rxwi *); 2448 len = le16toh(rxwi->len) & 0xfff; 2449 if (__predict_false(len > dmalen)) { 2450 m_freem(m); 2451 ifp->if_ierrors++; 2452 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2453 return; 2454 } 2455 /* Rx descriptor is located at the end */ 2456 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2457 flags = le32toh(rxd->flags); 2458 2459 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2460 m_freem(m); 2461 ifp->if_ierrors++; 2462 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2463 return; 2464 } 2465 2466 m->m_data += sizeof(struct rt2860_rxwi); 2467 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2468 2469 wh = mtod(m, struct ieee80211_frame *); 2470 2471 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2472 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2473 m->m_flags |= M_WEP; 2474 } 2475 2476 if (flags & RT2860_RX_L2PAD) { 2477 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2478 len += 2; 2479 } 2480 2481 ni = ieee80211_find_rxnode(ic, 2482 mtod(m, struct ieee80211_frame_min *)); 2483 2484 if (__predict_false(flags & RT2860_RX_MICERR)) { 2485 /* report MIC failures to net80211 for TKIP */ 2486 if (ni != NULL) 2487 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2488 m_freem(m); 2489 ifp->if_ierrors++; 2490 DPRINTF("MIC error. Someone is lying.\n"); 2491 return; 2492 } 2493 2494 ant = run_maxrssi_chain(sc, rxwi); 2495 rssi = rxwi->rssi[ant]; 2496 nf = run_rssi2dbm(sc, rssi, ant); 2497 2498 m->m_pkthdr.rcvif = ifp; 2499 m->m_pkthdr.len = m->m_len = len; 2500 2501 if (ni != NULL) { 2502 (void)ieee80211_input(ni, m, rssi, nf); 2503 ieee80211_free_node(ni); 2504 } else { 2505 (void)ieee80211_input_all(ic, m, rssi, nf); 2506 } 2507 2508 if (__predict_false(ieee80211_radiotap_active(ic))) { 2509 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2510 2511 tap->wr_flags = 0; 2512 tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq); 2513 tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags); 2514 tap->wr_antsignal = rssi; 2515 tap->wr_antenna = ant; 2516 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2517 tap->wr_rate = 2; /* in case it can't be found below */ 2518 phy = le16toh(rxwi->phy); 2519 switch (phy & RT2860_PHY_MODE) { 2520 case RT2860_PHY_CCK: 2521 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2522 case 0: tap->wr_rate = 2; break; 2523 case 1: tap->wr_rate = 4; break; 2524 case 2: tap->wr_rate = 11; break; 2525 case 3: tap->wr_rate = 22; break; 2526 } 2527 if (phy & RT2860_PHY_SHPRE) 2528 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2529 break; 2530 case RT2860_PHY_OFDM: 2531 switch (phy & RT2860_PHY_MCS) { 2532 case 0: tap->wr_rate = 12; break; 2533 case 1: tap->wr_rate = 18; break; 2534 case 2: tap->wr_rate = 24; break; 2535 case 3: tap->wr_rate = 36; break; 2536 case 4: tap->wr_rate = 48; break; 2537 case 5: tap->wr_rate = 72; break; 2538 case 6: tap->wr_rate = 96; break; 2539 case 7: tap->wr_rate = 108; break; 2540 } 2541 break; 2542 } 2543 } 2544 } 2545 2546 static void 2547 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2548 { 2549 struct run_softc *sc = usbd_xfer_softc(xfer); 2550 struct ifnet *ifp = sc->sc_ifp; 2551 struct mbuf *m = NULL; 2552 struct mbuf *m0; 2553 uint32_t dmalen; 2554 int xferlen; 2555 2556 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2557 2558 switch (USB_GET_STATE(xfer)) { 2559 case USB_ST_TRANSFERRED: 2560 2561 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2562 2563 if (xferlen < (int)(sizeof(uint32_t) + 2564 sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) { 2565 DPRINTF("xfer too short %d\n", xferlen); 2566 goto tr_setup; 2567 } 2568 2569 m = sc->rx_m; 2570 sc->rx_m = NULL; 2571 2572 /* FALLTHROUGH */ 2573 case USB_ST_SETUP: 2574 tr_setup: 2575 if (sc->rx_m == NULL) { 2576 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, 2577 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2578 } 2579 if (sc->rx_m == NULL) { 2580 DPRINTF("could not allocate mbuf - idle with stall\n"); 2581 ifp->if_ierrors++; 2582 usbd_xfer_set_stall(xfer); 2583 usbd_xfer_set_frames(xfer, 0); 2584 } else { 2585 /* 2586 * Directly loading a mbuf cluster into DMA to 2587 * save some data copying. This works because 2588 * there is only one cluster. 2589 */ 2590 usbd_xfer_set_frame_data(xfer, 0, 2591 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2592 usbd_xfer_set_frames(xfer, 1); 2593 } 2594 usbd_transfer_submit(xfer); 2595 break; 2596 2597 default: /* Error */ 2598 if (error != USB_ERR_CANCELLED) { 2599 /* try to clear stall first */ 2600 usbd_xfer_set_stall(xfer); 2601 2602 if (error == USB_ERR_TIMEOUT) 2603 device_printf(sc->sc_dev, "device timeout\n"); 2604 2605 ifp->if_ierrors++; 2606 2607 goto tr_setup; 2608 } 2609 if (sc->rx_m != NULL) { 2610 m_freem(sc->rx_m); 2611 sc->rx_m = NULL; 2612 } 2613 break; 2614 } 2615 2616 if (m == NULL) 2617 return; 2618 2619 /* inputting all the frames must be last */ 2620 2621 RUN_UNLOCK(sc); 2622 2623 m->m_pkthdr.len = m->m_len = xferlen; 2624 2625 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2626 for(;;) { 2627 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2628 2629 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2630 ((dmalen & 3) != 0)) { 2631 DPRINTF("bad DMA length %u\n", dmalen); 2632 break; 2633 } 2634 if ((dmalen + 8) > (uint32_t)xferlen) { 2635 DPRINTF("bad DMA length %u > %d\n", 2636 dmalen + 8, xferlen); 2637 break; 2638 } 2639 2640 /* If it is the last one or a single frame, we won't copy. */ 2641 if ((xferlen -= dmalen + 8) <= 8) { 2642 /* trim 32-bit DMA-len header */ 2643 m->m_data += 4; 2644 m->m_pkthdr.len = m->m_len -= 4; 2645 run_rx_frame(sc, m, dmalen); 2646 break; 2647 } 2648 2649 /* copy aggregated frames to another mbuf */ 2650 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2651 if (__predict_false(m0 == NULL)) { 2652 DPRINTF("could not allocate mbuf\n"); 2653 ifp->if_ierrors++; 2654 break; 2655 } 2656 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2657 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2658 m0->m_pkthdr.len = m0->m_len = 2659 dmalen + sizeof(struct rt2870_rxd); 2660 run_rx_frame(sc, m0, dmalen); 2661 2662 /* update data ptr */ 2663 m->m_data += dmalen + 8; 2664 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2665 } 2666 2667 RUN_LOCK(sc); 2668 } 2669 2670 static void 2671 run_tx_free(struct run_endpoint_queue *pq, 2672 struct run_tx_data *data, int txerr) 2673 { 2674 if (data->m != NULL) { 2675 if (data->m->m_flags & M_TXCB) 2676 ieee80211_process_callback(data->ni, data->m, 2677 txerr ? ETIMEDOUT : 0); 2678 m_freem(data->m); 2679 data->m = NULL; 2680 2681 if (data->ni == NULL) { 2682 DPRINTF("no node\n"); 2683 } else { 2684 ieee80211_free_node(data->ni); 2685 data->ni = NULL; 2686 } 2687 } 2688 2689 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2690 pq->tx_nfree++; 2691 } 2692 2693 static void 2694 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2695 { 2696 struct run_softc *sc = usbd_xfer_softc(xfer); 2697 struct ifnet *ifp = sc->sc_ifp; 2698 struct ieee80211com *ic = ifp->if_l2com; 2699 struct run_tx_data *data; 2700 struct ieee80211vap *vap = NULL; 2701 struct usb_page_cache *pc; 2702 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2703 struct mbuf *m; 2704 usb_frlength_t size; 2705 unsigned int len; 2706 int actlen; 2707 int sumlen; 2708 2709 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2710 2711 switch (USB_GET_STATE(xfer)) { 2712 case USB_ST_TRANSFERRED: 2713 DPRINTFN(11, "transfer complete: %d " 2714 "bytes @ index %d\n", actlen, index); 2715 2716 data = usbd_xfer_get_priv(xfer); 2717 2718 run_tx_free(pq, data, 0); 2719 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2720 2721 usbd_xfer_set_priv(xfer, NULL); 2722 2723 ifp->if_opackets++; 2724 2725 /* FALLTHROUGH */ 2726 case USB_ST_SETUP: 2727 tr_setup: 2728 data = STAILQ_FIRST(&pq->tx_qh); 2729 if (data == NULL) 2730 break; 2731 2732 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2733 2734 m = data->m; 2735 if (m->m_pkthdr.len > RUN_MAX_TXSZ) { 2736 DPRINTF("data overflow, %u bytes\n", 2737 m->m_pkthdr.len); 2738 2739 ifp->if_oerrors++; 2740 2741 run_tx_free(pq, data, 1); 2742 2743 goto tr_setup; 2744 } 2745 2746 pc = usbd_xfer_get_frame(xfer, 0); 2747 size = sizeof(data->desc); 2748 usbd_copy_in(pc, 0, &data->desc, size); 2749 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2750 2751 vap = data->ni->ni_vap; 2752 if (ieee80211_radiotap_active_vap(vap)) { 2753 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2754 struct rt2860_txwi *txwi = 2755 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2756 2757 tap->wt_flags = 0; 2758 tap->wt_rate = rt2860_rates[data->ridx].rate; 2759 tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq); 2760 tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags); 2761 tap->wt_hwqueue = index; 2762 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2763 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2764 2765 ieee80211_radiotap_tx(vap, m); 2766 } 2767 2768 /* align end on a 4-bytes boundary */ 2769 len = (size + IEEE80211_CRC_LEN + m->m_pkthdr.len + 3) & ~3; 2770 2771 DPRINTFN(11, "sending frame len=%u xferlen=%u @ index %d\n", 2772 m->m_pkthdr.len, len, index); 2773 2774 usbd_xfer_set_frame_len(xfer, 0, len); 2775 usbd_xfer_set_priv(xfer, data); 2776 2777 usbd_transfer_submit(xfer); 2778 2779 RUN_UNLOCK(sc); 2780 run_start(ifp); 2781 RUN_LOCK(sc); 2782 2783 break; 2784 2785 default: 2786 DPRINTF("USB transfer error, %s\n", 2787 usbd_errstr(error)); 2788 2789 data = usbd_xfer_get_priv(xfer); 2790 2791 ifp->if_oerrors++; 2792 2793 if (data != NULL) { 2794 if(data->ni != NULL) 2795 vap = data->ni->ni_vap; 2796 run_tx_free(pq, data, error); 2797 usbd_xfer_set_priv(xfer, NULL); 2798 } 2799 if (vap == NULL) 2800 vap = TAILQ_FIRST(&ic->ic_vaps); 2801 2802 if (error != USB_ERR_CANCELLED) { 2803 if (error == USB_ERR_TIMEOUT) { 2804 device_printf(sc->sc_dev, "device timeout\n"); 2805 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2806 DPRINTF("cmdq_store=%d\n", i); 2807 sc->cmdq[i].func = run_usb_timeout_cb; 2808 sc->cmdq[i].arg0 = vap; 2809 ieee80211_runtask(ic, &sc->cmdq_task); 2810 } 2811 2812 /* 2813 * Try to clear stall first, also if other 2814 * errors occur, hence clearing stall 2815 * introduces a 50 ms delay: 2816 */ 2817 usbd_xfer_set_stall(xfer); 2818 goto tr_setup; 2819 } 2820 break; 2821 } 2822 } 2823 2824 static void 2825 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2826 { 2827 run_bulk_tx_callbackN(xfer, error, 0); 2828 } 2829 2830 static void 2831 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2832 { 2833 run_bulk_tx_callbackN(xfer, error, 1); 2834 } 2835 2836 static void 2837 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2838 { 2839 run_bulk_tx_callbackN(xfer, error, 2); 2840 } 2841 2842 static void 2843 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2844 { 2845 run_bulk_tx_callbackN(xfer, error, 3); 2846 } 2847 2848 static void 2849 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2850 { 2851 run_bulk_tx_callbackN(xfer, error, 4); 2852 } 2853 2854 static void 2855 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2856 { 2857 run_bulk_tx_callbackN(xfer, error, 5); 2858 } 2859 2860 static void 2861 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2862 { 2863 struct mbuf *m = data->m; 2864 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2865 struct ieee80211vap *vap = data->ni->ni_vap; 2866 struct ieee80211_frame *wh; 2867 struct rt2870_txd *txd; 2868 struct rt2860_txwi *txwi; 2869 uint16_t xferlen; 2870 uint16_t mcs; 2871 uint8_t ridx = data->ridx; 2872 uint8_t pad; 2873 2874 /* get MCS code from rate index */ 2875 mcs = rt2860_rates[ridx].mcs; 2876 2877 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2878 2879 /* roundup to 32-bit alignment */ 2880 xferlen = (xferlen + 3) & ~3; 2881 2882 txd = (struct rt2870_txd *)&data->desc; 2883 txd->len = htole16(xferlen); 2884 2885 wh = mtod(m, struct ieee80211_frame *); 2886 2887 /* 2888 * Ether both are true or both are false, the header 2889 * are nicely aligned to 32-bit. So, no L2 padding. 2890 */ 2891 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2892 pad = 0; 2893 else 2894 pad = 2; 2895 2896 /* setup TX Wireless Information */ 2897 txwi = (struct rt2860_txwi *)(txd + 1); 2898 txwi->len = htole16(m->m_pkthdr.len - pad); 2899 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2900 txwi->phy = htole16(RT2860_PHY_CCK); 2901 if (ridx != RT2860_RIDX_CCK1 && 2902 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2903 mcs |= RT2860_PHY_SHPRE; 2904 } else 2905 txwi->phy = htole16(RT2860_PHY_OFDM); 2906 txwi->phy |= htole16(mcs); 2907 2908 /* check if RTS/CTS or CTS-to-self protection is required */ 2909 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2910 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2911 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2912 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2913 txwi->txop |= RT2860_TX_TXOP_HT; 2914 else 2915 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2916 2917 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2918 txwi->xflags |= RT2860_TX_NSEQ; 2919 } 2920 2921 /* This function must be called locked */ 2922 static int 2923 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2924 { 2925 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2926 struct ieee80211vap *vap = ni->ni_vap; 2927 struct ieee80211_frame *wh; 2928 struct ieee80211_channel *chan; 2929 const struct ieee80211_txparam *tp; 2930 struct run_node *rn = (void *)ni; 2931 struct run_tx_data *data; 2932 struct rt2870_txd *txd; 2933 struct rt2860_txwi *txwi; 2934 uint16_t qos; 2935 uint16_t dur; 2936 uint16_t qid; 2937 uint8_t type; 2938 uint8_t tid; 2939 uint8_t ridx; 2940 uint8_t ctl_ridx; 2941 uint8_t qflags; 2942 uint8_t xflags = 0; 2943 int hasqos; 2944 2945 RUN_LOCK_ASSERT(sc, MA_OWNED); 2946 2947 wh = mtod(m, struct ieee80211_frame *); 2948 2949 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2950 2951 /* 2952 * There are 7 bulk endpoints: 1 for RX 2953 * and 6 for TX (4 EDCAs + HCCA + Prio). 2954 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2955 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2956 */ 2957 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2958 uint8_t *frm; 2959 2960 if(IEEE80211_HAS_ADDR4(wh)) 2961 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2962 else 2963 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2964 2965 qos = le16toh(*(const uint16_t *)frm); 2966 tid = qos & IEEE80211_QOS_TID; 2967 qid = TID_TO_WME_AC(tid); 2968 } else { 2969 qos = 0; 2970 tid = 0; 2971 qid = WME_AC_BE; 2972 } 2973 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 2974 2975 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 2976 qos, qid, tid, qflags); 2977 2978 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 2979 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2980 2981 /* pickup a rate index */ 2982 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2983 type != IEEE80211_FC0_TYPE_DATA) { 2984 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2985 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 2986 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2987 } else { 2988 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2989 ridx = rn->fix_ridx; 2990 else 2991 ridx = rn->amrr_ridx; 2992 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2993 } 2994 2995 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2996 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 2997 IEEE80211_QOS_ACKPOLICY_NOACK)) { 2998 xflags |= RT2860_TX_ACK; 2999 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3000 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3001 else 3002 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3003 *(uint16_t *)wh->i_dur = htole16(dur); 3004 } 3005 3006 /* reserve slots for mgmt packets, just in case */ 3007 if (sc->sc_epq[qid].tx_nfree < 3) { 3008 DPRINTFN(10, "tx ring %d is full\n", qid); 3009 return (-1); 3010 } 3011 3012 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3013 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3014 sc->sc_epq[qid].tx_nfree--; 3015 3016 txd = (struct rt2870_txd *)&data->desc; 3017 txd->flags = qflags; 3018 txwi = (struct rt2860_txwi *)(txd + 1); 3019 txwi->xflags = xflags; 3020 txwi->wcid = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 3021 0 : RUN_AID2WCID(ni->ni_associd); 3022 /* clear leftover garbage bits */ 3023 txwi->flags = 0; 3024 txwi->txop = 0; 3025 3026 data->m = m; 3027 data->ni = ni; 3028 data->ridx = ridx; 3029 3030 run_set_tx_desc(sc, data); 3031 3032 /* 3033 * The chip keeps track of 2 kind of Tx stats, 3034 * * TX_STAT_FIFO, for per WCID stats, and 3035 * * TX_STA_CNT0 for all-TX-in-one stats. 3036 * 3037 * To use FIFO stats, we need to store MCS into the driver-private 3038 * PacketID field. So that, we can tell whose stats when we read them. 3039 * We add 1 to the MCS because setting the PacketID field to 0 means 3040 * that we don't want feedback in TX_STAT_FIFO. 3041 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3042 * 3043 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3044 */ 3045 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3046 vap->iv_opmode == IEEE80211_M_MBSS) { 3047 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3048 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3049 3050 /* 3051 * Unlike PCI based devices, we don't get any interrupt from 3052 * USB devices, so we simulate FIFO-is-full interrupt here. 3053 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3054 * quickly get fulled. To prevent overflow, increment a counter on 3055 * every FIFO stat request, so we know how many slots are left. 3056 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3057 * are used only in those modes. 3058 * We just drain stats. AMRR gets updated every 1 sec by 3059 * run_ratectl_cb() via callout. 3060 * Call it early. Otherwise overflow. 3061 */ 3062 if (sc->fifo_cnt++ == 10) { 3063 /* 3064 * With multiple vaps or if_bridge, if_start() is called 3065 * with a non-sleepable lock, tcpinp. So, need to defer. 3066 */ 3067 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3068 DPRINTFN(6, "cmdq_store=%d\n", i); 3069 sc->cmdq[i].func = run_drain_fifo; 3070 sc->cmdq[i].arg0 = sc; 3071 ieee80211_runtask(ic, &sc->cmdq_task); 3072 } 3073 } 3074 3075 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3076 3077 usbd_transfer_start(sc->sc_xfer[qid]); 3078 3079 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3080 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3081 rt2860_rates[ridx].rate, qid); 3082 3083 return (0); 3084 } 3085 3086 static int 3087 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3088 { 3089 struct ifnet *ifp = sc->sc_ifp; 3090 struct ieee80211com *ic = ifp->if_l2com; 3091 struct run_node *rn = (void *)ni; 3092 struct run_tx_data *data; 3093 struct ieee80211_frame *wh; 3094 struct rt2870_txd *txd; 3095 struct rt2860_txwi *txwi; 3096 uint16_t dur; 3097 uint8_t ridx = rn->mgt_ridx; 3098 uint8_t type; 3099 uint8_t xflags = 0; 3100 uint8_t wflags = 0; 3101 3102 RUN_LOCK_ASSERT(sc, MA_OWNED); 3103 3104 wh = mtod(m, struct ieee80211_frame *); 3105 3106 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3107 3108 /* tell hardware to add timestamp for probe responses */ 3109 if ((wh->i_fc[0] & 3110 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3111 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3112 wflags |= RT2860_TX_TS; 3113 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3114 xflags |= RT2860_TX_ACK; 3115 3116 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3117 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3118 *(uint16_t *)wh->i_dur = htole16(dur); 3119 } 3120 3121 if (sc->sc_epq[0].tx_nfree == 0) { 3122 /* let caller free mbuf */ 3123 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3124 return (EIO); 3125 } 3126 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3127 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3128 sc->sc_epq[0].tx_nfree--; 3129 3130 txd = (struct rt2870_txd *)&data->desc; 3131 txd->flags = RT2860_TX_QSEL_EDCA; 3132 txwi = (struct rt2860_txwi *)(txd + 1); 3133 txwi->wcid = 0xff; 3134 txwi->flags = wflags; 3135 txwi->xflags = xflags; 3136 txwi->txop = 0; /* clear leftover garbage bits */ 3137 3138 data->m = m; 3139 data->ni = ni; 3140 data->ridx = ridx; 3141 3142 run_set_tx_desc(sc, data); 3143 3144 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3145 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3146 rt2860_rates[ridx].rate); 3147 3148 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3149 3150 usbd_transfer_start(sc->sc_xfer[0]); 3151 3152 return (0); 3153 } 3154 3155 static int 3156 run_sendprot(struct run_softc *sc, 3157 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3158 { 3159 struct ieee80211com *ic = ni->ni_ic; 3160 struct ieee80211_frame *wh; 3161 struct run_tx_data *data; 3162 struct rt2870_txd *txd; 3163 struct rt2860_txwi *txwi; 3164 struct mbuf *mprot; 3165 int ridx; 3166 int protrate; 3167 int ackrate; 3168 int pktlen; 3169 int isshort; 3170 uint16_t dur; 3171 uint8_t type; 3172 uint8_t wflags = 0; 3173 uint8_t xflags = 0; 3174 3175 RUN_LOCK_ASSERT(sc, MA_OWNED); 3176 3177 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3178 ("protection %d", prot)); 3179 3180 wh = mtod(m, struct ieee80211_frame *); 3181 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3182 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3183 3184 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3185 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3186 3187 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3188 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3189 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3190 wflags = RT2860_TX_FRAG; 3191 3192 /* check that there are free slots before allocating the mbuf */ 3193 if (sc->sc_epq[0].tx_nfree == 0) { 3194 /* let caller free mbuf */ 3195 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3196 return (ENOBUFS); 3197 } 3198 3199 if (prot == IEEE80211_PROT_RTSCTS) { 3200 /* NB: CTS is the same size as an ACK */ 3201 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3202 xflags |= RT2860_TX_ACK; 3203 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3204 } else { 3205 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3206 } 3207 if (mprot == NULL) { 3208 sc->sc_ifp->if_oerrors++; 3209 DPRINTF("could not allocate mbuf\n"); 3210 return (ENOBUFS); 3211 } 3212 3213 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3214 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3215 sc->sc_epq[0].tx_nfree--; 3216 3217 txd = (struct rt2870_txd *)&data->desc; 3218 txd->flags = RT2860_TX_QSEL_EDCA; 3219 txwi = (struct rt2860_txwi *)(txd + 1); 3220 txwi->wcid = 0xff; 3221 txwi->flags = wflags; 3222 txwi->xflags = xflags; 3223 txwi->txop = 0; /* clear leftover garbage bits */ 3224 3225 data->m = mprot; 3226 data->ni = ieee80211_ref_node(ni); 3227 3228 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3229 if (rt2860_rates[ridx].rate == protrate) 3230 break; 3231 data->ridx = ridx; 3232 3233 run_set_tx_desc(sc, data); 3234 3235 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3236 m->m_pkthdr.len, rate); 3237 3238 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3239 3240 usbd_transfer_start(sc->sc_xfer[0]); 3241 3242 return (0); 3243 } 3244 3245 static int 3246 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3247 const struct ieee80211_bpf_params *params) 3248 { 3249 struct ieee80211com *ic = ni->ni_ic; 3250 struct ieee80211_frame *wh; 3251 struct run_tx_data *data; 3252 struct rt2870_txd *txd; 3253 struct rt2860_txwi *txwi; 3254 uint8_t type; 3255 uint8_t ridx; 3256 uint8_t rate; 3257 uint8_t opflags = 0; 3258 uint8_t xflags = 0; 3259 int error; 3260 3261 RUN_LOCK_ASSERT(sc, MA_OWNED); 3262 3263 KASSERT(params != NULL, ("no raw xmit params")); 3264 3265 wh = mtod(m, struct ieee80211_frame *); 3266 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3267 3268 rate = params->ibp_rate0; 3269 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3270 /* let caller free mbuf */ 3271 return (EINVAL); 3272 } 3273 3274 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3275 xflags |= RT2860_TX_ACK; 3276 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3277 error = run_sendprot(sc, m, ni, 3278 params->ibp_flags & IEEE80211_BPF_RTS ? 3279 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3280 rate); 3281 if (error) { 3282 /* let caller free mbuf */ 3283 return error; 3284 } 3285 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3286 } 3287 3288 if (sc->sc_epq[0].tx_nfree == 0) { 3289 /* let caller free mbuf */ 3290 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3291 DPRINTF("sending raw frame, but tx ring is full\n"); 3292 return (EIO); 3293 } 3294 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3295 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3296 sc->sc_epq[0].tx_nfree--; 3297 3298 txd = (struct rt2870_txd *)&data->desc; 3299 txd->flags = RT2860_TX_QSEL_EDCA; 3300 txwi = (struct rt2860_txwi *)(txd + 1); 3301 txwi->wcid = 0xff; 3302 txwi->xflags = xflags; 3303 txwi->txop = opflags; 3304 txwi->flags = 0; /* clear leftover garbage bits */ 3305 3306 data->m = m; 3307 data->ni = ni; 3308 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3309 if (rt2860_rates[ridx].rate == rate) 3310 break; 3311 data->ridx = ridx; 3312 3313 run_set_tx_desc(sc, data); 3314 3315 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3316 m->m_pkthdr.len, rate); 3317 3318 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3319 3320 usbd_transfer_start(sc->sc_xfer[0]); 3321 3322 return (0); 3323 } 3324 3325 static int 3326 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3327 const struct ieee80211_bpf_params *params) 3328 { 3329 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3330 struct run_softc *sc = ifp->if_softc; 3331 int error = 0; 3332 3333 RUN_LOCK(sc); 3334 3335 /* prevent management frames from being sent if we're not ready */ 3336 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3337 error = ENETDOWN; 3338 goto done; 3339 } 3340 3341 if (params == NULL) { 3342 /* tx mgt packet */ 3343 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3344 ifp->if_oerrors++; 3345 DPRINTF("mgt tx failed\n"); 3346 goto done; 3347 } 3348 } else { 3349 /* tx raw packet with param */ 3350 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3351 ifp->if_oerrors++; 3352 DPRINTF("tx with param failed\n"); 3353 goto done; 3354 } 3355 } 3356 3357 ifp->if_opackets++; 3358 3359 done: 3360 RUN_UNLOCK(sc); 3361 3362 if (error != 0) { 3363 if(m != NULL) 3364 m_freem(m); 3365 ieee80211_free_node(ni); 3366 } 3367 3368 return (error); 3369 } 3370 3371 static void 3372 run_start(struct ifnet *ifp) 3373 { 3374 struct run_softc *sc = ifp->if_softc; 3375 struct ieee80211_node *ni; 3376 struct mbuf *m; 3377 3378 RUN_LOCK(sc); 3379 3380 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3381 RUN_UNLOCK(sc); 3382 return; 3383 } 3384 3385 for (;;) { 3386 /* send data frames */ 3387 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3388 if (m == NULL) 3389 break; 3390 3391 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3392 if (run_tx(sc, m, ni) != 0) { 3393 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3394 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3395 break; 3396 } 3397 } 3398 3399 RUN_UNLOCK(sc); 3400 } 3401 3402 static int 3403 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3404 { 3405 struct run_softc *sc = ifp->if_softc; 3406 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3407 struct ifreq *ifr = (struct ifreq *) data; 3408 int startall = 0; 3409 int error = 0; 3410 3411 switch (cmd) { 3412 case SIOCSIFFLAGS: 3413 RUN_LOCK(sc); 3414 if (ifp->if_flags & IFF_UP) { 3415 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3416 startall = 1; 3417 run_init_locked(sc); 3418 } else 3419 run_update_promisc_locked(ifp); 3420 } else { 3421 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3422 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3423 run_stop(sc); 3424 } 3425 } 3426 RUN_UNLOCK(sc); 3427 if (startall) 3428 ieee80211_start_all(ic); 3429 break; 3430 case SIOCGIFMEDIA: 3431 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3432 break; 3433 case SIOCGIFADDR: 3434 error = ether_ioctl(ifp, cmd, data); 3435 break; 3436 default: 3437 error = EINVAL; 3438 break; 3439 } 3440 3441 return (error); 3442 } 3443 3444 static void 3445 run_set_agc(struct run_softc *sc, uint8_t agc) 3446 { 3447 uint8_t bbp; 3448 3449 if (sc->mac_ver == 0x3572) { 3450 run_bbp_read(sc, 27, &bbp); 3451 bbp &= ~(0x3 << 5); 3452 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3453 run_bbp_write(sc, 66, agc); 3454 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3455 run_bbp_write(sc, 66, agc); 3456 } else 3457 run_bbp_write(sc, 66, agc); 3458 } 3459 3460 static void 3461 run_select_chan_group(struct run_softc *sc, int group) 3462 { 3463 uint32_t tmp; 3464 uint8_t agc; 3465 3466 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3467 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3468 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3469 run_bbp_write(sc, 86, 0x00); 3470 3471 if (group == 0) { 3472 if (sc->ext_2ghz_lna) { 3473 run_bbp_write(sc, 82, 0x62); 3474 run_bbp_write(sc, 75, 0x46); 3475 } else { 3476 run_bbp_write(sc, 82, 0x84); 3477 run_bbp_write(sc, 75, 0x50); 3478 } 3479 } else { 3480 if (sc->mac_ver == 0x3572) 3481 run_bbp_write(sc, 82, 0x94); 3482 else 3483 run_bbp_write(sc, 82, 0xf2); 3484 if (sc->ext_5ghz_lna) 3485 run_bbp_write(sc, 75, 0x46); 3486 else 3487 run_bbp_write(sc, 75, 0x50); 3488 } 3489 3490 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3491 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3492 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3493 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3494 3495 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3496 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3497 if (sc->nrxchains > 1) 3498 tmp |= RT2860_LNA_PE1_EN; 3499 if (group == 0) { /* 2GHz */ 3500 tmp |= RT2860_PA_PE_G0_EN; 3501 if (sc->ntxchains > 1) 3502 tmp |= RT2860_PA_PE_G1_EN; 3503 } else { /* 5GHz */ 3504 tmp |= RT2860_PA_PE_A0_EN; 3505 if (sc->ntxchains > 1) 3506 tmp |= RT2860_PA_PE_A1_EN; 3507 } 3508 if (sc->mac_ver == 0x3572) { 3509 run_rt3070_rf_write(sc, 8, 0x00); 3510 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3511 run_rt3070_rf_write(sc, 8, 0x80); 3512 } else 3513 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3514 3515 /* set initial AGC value */ 3516 if (group == 0) { /* 2GHz band */ 3517 if (sc->mac_ver >= 0x3070) 3518 agc = 0x1c + sc->lna[0] * 2; 3519 else 3520 agc = 0x2e + sc->lna[0]; 3521 } else { /* 5GHz band */ 3522 if (sc->mac_ver == 0x3572) 3523 agc = 0x22 + (sc->lna[group] * 5) / 3; 3524 else 3525 agc = 0x32 + (sc->lna[group] * 5) / 3; 3526 } 3527 run_set_agc(sc, agc); 3528 } 3529 3530 static void 3531 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3532 { 3533 const struct rfprog *rfprog = rt2860_rf2850; 3534 uint32_t r2, r3, r4; 3535 int8_t txpow1, txpow2; 3536 int i; 3537 3538 /* find the settings for this channel (we know it exists) */ 3539 for (i = 0; rfprog[i].chan != chan; i++); 3540 3541 r2 = rfprog[i].r2; 3542 if (sc->ntxchains == 1) 3543 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3544 if (sc->nrxchains == 1) 3545 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3546 else if (sc->nrxchains == 2) 3547 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3548 3549 /* use Tx power values from EEPROM */ 3550 txpow1 = sc->txpow1[i]; 3551 txpow2 = sc->txpow2[i]; 3552 if (chan > 14) { 3553 if (txpow1 >= 0) 3554 txpow1 = txpow1 << 1 | 1; 3555 else 3556 txpow1 = (7 + txpow1) << 1; 3557 if (txpow2 >= 0) 3558 txpow2 = txpow2 << 1 | 1; 3559 else 3560 txpow2 = (7 + txpow2) << 1; 3561 } 3562 r3 = rfprog[i].r3 | txpow1 << 7; 3563 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3564 3565 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3566 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3567 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3568 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3569 3570 run_delay(sc, 10); 3571 3572 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3573 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3574 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3575 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3576 3577 run_delay(sc, 10); 3578 3579 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3580 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3581 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3582 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3583 } 3584 3585 static void 3586 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3587 { 3588 int8_t txpow1, txpow2; 3589 uint8_t rf; 3590 int i; 3591 3592 /* RT3070 is 2GHz only */ 3593 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3594 3595 /* find the settings for this channel (we know it exists) */ 3596 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3597 3598 /* use Tx power values from EEPROM */ 3599 txpow1 = sc->txpow1[i]; 3600 txpow2 = sc->txpow2[i]; 3601 3602 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3603 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3604 run_rt3070_rf_read(sc, 6, &rf); 3605 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3606 run_rt3070_rf_write(sc, 6, rf); 3607 3608 /* set Tx0 power */ 3609 run_rt3070_rf_read(sc, 12, &rf); 3610 rf = (rf & ~0x1f) | txpow1; 3611 run_rt3070_rf_write(sc, 12, rf); 3612 3613 /* set Tx1 power */ 3614 run_rt3070_rf_read(sc, 13, &rf); 3615 rf = (rf & ~0x1f) | txpow2; 3616 run_rt3070_rf_write(sc, 13, rf); 3617 3618 run_rt3070_rf_read(sc, 1, &rf); 3619 rf &= ~0xfc; 3620 if (sc->ntxchains == 1) 3621 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3622 else if (sc->ntxchains == 2) 3623 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3624 if (sc->nrxchains == 1) 3625 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3626 else if (sc->nrxchains == 2) 3627 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3628 run_rt3070_rf_write(sc, 1, rf); 3629 3630 /* set RF offset */ 3631 run_rt3070_rf_read(sc, 23, &rf); 3632 rf = (rf & ~0x7f) | sc->freq; 3633 run_rt3070_rf_write(sc, 23, rf); 3634 3635 /* program RF filter */ 3636 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3637 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3638 run_rt3070_rf_write(sc, 24, rf); 3639 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3640 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3641 run_rt3070_rf_write(sc, 31, rf); 3642 3643 /* enable RF tuning */ 3644 run_rt3070_rf_read(sc, 7, &rf); 3645 run_rt3070_rf_write(sc, 7, rf | 0x01); 3646 } 3647 3648 static void 3649 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3650 { 3651 int8_t txpow1, txpow2; 3652 uint32_t tmp; 3653 uint8_t rf; 3654 int i; 3655 3656 /* find the settings for this channel (we know it exists) */ 3657 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3658 3659 /* use Tx power values from EEPROM */ 3660 txpow1 = sc->txpow1[i]; 3661 txpow2 = sc->txpow2[i]; 3662 3663 if (chan <= 14) { 3664 run_bbp_write(sc, 25, sc->bbp25); 3665 run_bbp_write(sc, 26, sc->bbp26); 3666 } else { 3667 /* enable IQ phase correction */ 3668 run_bbp_write(sc, 25, 0x09); 3669 run_bbp_write(sc, 26, 0xff); 3670 } 3671 3672 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3673 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3674 run_rt3070_rf_read(sc, 6, &rf); 3675 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3676 rf |= (chan <= 14) ? 0x08 : 0x04; 3677 run_rt3070_rf_write(sc, 6, rf); 3678 3679 /* set PLL mode */ 3680 run_rt3070_rf_read(sc, 5, &rf); 3681 rf &= ~(0x08 | 0x04); 3682 rf |= (chan <= 14) ? 0x04 : 0x08; 3683 run_rt3070_rf_write(sc, 5, rf); 3684 3685 /* set Tx power for chain 0 */ 3686 if (chan <= 14) 3687 rf = 0x60 | txpow1; 3688 else 3689 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3690 run_rt3070_rf_write(sc, 12, rf); 3691 3692 /* set Tx power for chain 1 */ 3693 if (chan <= 14) 3694 rf = 0x60 | txpow2; 3695 else 3696 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3697 run_rt3070_rf_write(sc, 13, rf); 3698 3699 /* set Tx/Rx streams */ 3700 run_rt3070_rf_read(sc, 1, &rf); 3701 rf &= ~0xfc; 3702 if (sc->ntxchains == 1) 3703 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3704 else if (sc->ntxchains == 2) 3705 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3706 if (sc->nrxchains == 1) 3707 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3708 else if (sc->nrxchains == 2) 3709 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3710 run_rt3070_rf_write(sc, 1, rf); 3711 3712 /* set RF offset */ 3713 run_rt3070_rf_read(sc, 23, &rf); 3714 rf = (rf & ~0x7f) | sc->freq; 3715 run_rt3070_rf_write(sc, 23, rf); 3716 3717 /* program RF filter */ 3718 rf = sc->rf24_20mhz; 3719 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3720 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3721 3722 /* enable RF tuning */ 3723 run_rt3070_rf_read(sc, 7, &rf); 3724 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3725 run_rt3070_rf_write(sc, 7, rf); 3726 3727 /* TSSI */ 3728 rf = (chan <= 14) ? 0xc3 : 0xc0; 3729 run_rt3070_rf_write(sc, 9, rf); 3730 3731 /* set loop filter 1 */ 3732 run_rt3070_rf_write(sc, 10, 0xf1); 3733 /* set loop filter 2 */ 3734 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3735 3736 /* set tx_mx2_ic */ 3737 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3738 /* set tx_mx1_ic */ 3739 if (chan <= 14) 3740 rf = 0x48 | sc->txmixgain_2ghz; 3741 else 3742 rf = 0x78 | sc->txmixgain_5ghz; 3743 run_rt3070_rf_write(sc, 16, rf); 3744 3745 /* set tx_lo1 */ 3746 run_rt3070_rf_write(sc, 17, 0x23); 3747 /* set tx_lo2 */ 3748 if (chan <= 14) 3749 rf = 0x93; 3750 else if (chan <= 64) 3751 rf = 0xb7; 3752 else if (chan <= 128) 3753 rf = 0x74; 3754 else 3755 rf = 0x72; 3756 run_rt3070_rf_write(sc, 19, rf); 3757 3758 /* set rx_lo1 */ 3759 if (chan <= 14) 3760 rf = 0xb3; 3761 else if (chan <= 64) 3762 rf = 0xf6; 3763 else if (chan <= 128) 3764 rf = 0xf4; 3765 else 3766 rf = 0xf3; 3767 run_rt3070_rf_write(sc, 20, rf); 3768 3769 /* set pfd_delay */ 3770 if (chan <= 14) 3771 rf = 0x15; 3772 else if (chan <= 64) 3773 rf = 0x3d; 3774 else 3775 rf = 0x01; 3776 run_rt3070_rf_write(sc, 25, rf); 3777 3778 /* set rx_lo2 */ 3779 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3780 /* set ldo_rf_vc */ 3781 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3782 /* set drv_cc */ 3783 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3784 3785 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3786 tmp &= ~0x8080; 3787 if (chan <= 14) 3788 tmp |= 0x80; 3789 run_write(sc, RT2860_GPIO_CTRL, tmp); 3790 3791 /* enable RF tuning */ 3792 run_rt3070_rf_read(sc, 7, &rf); 3793 run_rt3070_rf_write(sc, 7, rf | 0x01); 3794 3795 run_delay(sc, 2); 3796 } 3797 3798 static void 3799 run_set_rx_antenna(struct run_softc *sc, int aux) 3800 { 3801 uint32_t tmp; 3802 3803 if (aux) { 3804 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3805 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3806 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3807 } else { 3808 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3809 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3810 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3811 } 3812 } 3813 3814 static int 3815 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3816 { 3817 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3818 uint32_t chan, group; 3819 3820 chan = ieee80211_chan2ieee(ic, c); 3821 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3822 return (EINVAL); 3823 3824 if (sc->mac_ver == 0x3572) 3825 run_rt3572_set_chan(sc, chan); 3826 else if (sc->mac_ver >= 0x3070) 3827 run_rt3070_set_chan(sc, chan); 3828 else 3829 run_rt2870_set_chan(sc, chan); 3830 3831 /* determine channel group */ 3832 if (chan <= 14) 3833 group = 0; 3834 else if (chan <= 64) 3835 group = 1; 3836 else if (chan <= 128) 3837 group = 2; 3838 else 3839 group = 3; 3840 3841 /* XXX necessary only when group has changed! */ 3842 run_select_chan_group(sc, group); 3843 3844 run_delay(sc, 10); 3845 3846 return (0); 3847 } 3848 3849 static void 3850 run_set_channel(struct ieee80211com *ic) 3851 { 3852 struct run_softc *sc = ic->ic_ifp->if_softc; 3853 3854 RUN_LOCK(sc); 3855 run_set_chan(sc, ic->ic_curchan); 3856 RUN_UNLOCK(sc); 3857 3858 return; 3859 } 3860 3861 static void 3862 run_scan_start(struct ieee80211com *ic) 3863 { 3864 struct run_softc *sc = ic->ic_ifp->if_softc; 3865 uint32_t tmp; 3866 3867 RUN_LOCK(sc); 3868 3869 /* abort TSF synchronization */ 3870 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3871 run_write(sc, RT2860_BCN_TIME_CFG, 3872 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3873 RT2860_TBTT_TIMER_EN)); 3874 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3875 3876 RUN_UNLOCK(sc); 3877 3878 return; 3879 } 3880 3881 static void 3882 run_scan_end(struct ieee80211com *ic) 3883 { 3884 struct run_softc *sc = ic->ic_ifp->if_softc; 3885 3886 RUN_LOCK(sc); 3887 3888 run_enable_tsf_sync(sc); 3889 /* XXX keep local copy */ 3890 run_set_bssid(sc, sc->sc_bssid); 3891 3892 RUN_UNLOCK(sc); 3893 3894 return; 3895 } 3896 3897 /* 3898 * Could be called from ieee80211_node_timeout() 3899 * (non-sleepable thread) 3900 */ 3901 static void 3902 run_update_beacon(struct ieee80211vap *vap, int item) 3903 { 3904 struct ieee80211com *ic = vap->iv_ic; 3905 struct run_softc *sc = ic->ic_ifp->if_softc; 3906 uint32_t i; 3907 3908 i = RUN_CMDQ_GET(&sc->cmdq_store); 3909 DPRINTF("cmdq_store=%d\n", i); 3910 sc->cmdq[i].func = run_update_beacon_cb; 3911 sc->cmdq[i].arg0 = vap; 3912 ieee80211_runtask(ic, &sc->cmdq_task); 3913 3914 return; 3915 } 3916 3917 static void 3918 run_update_beacon_cb(void *arg) 3919 { 3920 struct ieee80211vap *vap = arg; 3921 struct ieee80211com *ic = vap->iv_ic; 3922 struct run_softc *sc = ic->ic_ifp->if_softc; 3923 struct rt2860_txwi txwi; 3924 struct mbuf *m; 3925 uint8_t ridx; 3926 3927 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3928 return; 3929 3930 if ((m = ieee80211_beacon_alloc(vap->iv_bss, &RUN_VAP(vap)->bo)) == NULL) 3931 return; 3932 3933 memset(&txwi, 0, sizeof txwi); 3934 txwi.wcid = 0xff; 3935 txwi.len = htole16(m->m_pkthdr.len); 3936 /* send beacons at the lowest available rate */ 3937 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3938 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3939 txwi.phy = htole16(rt2860_rates[ridx].mcs); 3940 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 3941 txwi.phy |= htole16(RT2860_PHY_OFDM); 3942 txwi.txop = RT2860_TX_TXOP_HT; 3943 txwi.flags = RT2860_TX_TS; 3944 txwi.xflags = RT2860_TX_NSEQ; 3945 3946 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id), 3947 (uint8_t *)&txwi, sizeof txwi); 3948 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id) + sizeof txwi, 3949 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 3950 3951 m_freem(m); 3952 3953 return; 3954 } 3955 3956 static void 3957 run_updateprot(struct ieee80211com *ic) 3958 { 3959 struct run_softc *sc = ic->ic_ifp->if_softc; 3960 uint32_t tmp; 3961 3962 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 3963 /* setup protection frame rate (MCS code) */ 3964 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 3965 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 3966 rt2860_rates[RT2860_RIDX_CCK11].mcs; 3967 3968 /* CCK frames don't require protection */ 3969 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 3970 if (ic->ic_flags & IEEE80211_F_USEPROT) { 3971 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 3972 tmp |= RT2860_PROT_CTRL_RTS_CTS; 3973 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 3974 tmp |= RT2860_PROT_CTRL_CTS; 3975 } 3976 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 3977 } 3978 3979 static void 3980 run_usb_timeout_cb(void *arg) 3981 { 3982 struct ieee80211vap *vap = arg; 3983 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 3984 3985 RUN_LOCK_ASSERT(sc, MA_OWNED); 3986 3987 if(vap->iv_state == IEEE80211_S_RUN && 3988 vap->iv_opmode != IEEE80211_M_STA) 3989 run_reset_livelock(sc); 3990 else if (vap->iv_state == IEEE80211_S_SCAN) { 3991 DPRINTF("timeout caused by scan\n"); 3992 /* cancel bgscan */ 3993 ieee80211_cancel_scan(vap); 3994 } else 3995 DPRINTF("timeout by unknown cause\n"); 3996 } 3997 3998 static void 3999 run_reset_livelock(struct run_softc *sc) 4000 { 4001 uint32_t tmp; 4002 4003 RUN_LOCK_ASSERT(sc, MA_OWNED); 4004 4005 /* 4006 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4007 * can run into a livelock and start sending CTS-to-self frames like 4008 * crazy if protection is enabled. Reset MAC/BBP for a while 4009 */ 4010 run_read(sc, RT2860_DEBUG, &tmp); 4011 DPRINTFN(3, "debug reg %08x\n", tmp); 4012 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4013 DPRINTF("CTS-to-self livelock detected\n"); 4014 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4015 run_delay(sc, 1); 4016 run_write(sc, RT2860_MAC_SYS_CTRL, 4017 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4018 } 4019 } 4020 4021 static void 4022 run_update_promisc_locked(struct ifnet *ifp) 4023 { 4024 struct run_softc *sc = ifp->if_softc; 4025 uint32_t tmp; 4026 4027 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4028 4029 tmp |= RT2860_DROP_UC_NOME; 4030 if (ifp->if_flags & IFF_PROMISC) 4031 tmp &= ~RT2860_DROP_UC_NOME; 4032 4033 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4034 4035 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4036 "entering" : "leaving"); 4037 } 4038 4039 static void 4040 run_update_promisc(struct ifnet *ifp) 4041 { 4042 struct run_softc *sc = ifp->if_softc; 4043 4044 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4045 return; 4046 4047 RUN_LOCK(sc); 4048 run_update_promisc_locked(ifp); 4049 RUN_UNLOCK(sc); 4050 } 4051 4052 static void 4053 run_enable_tsf_sync(struct run_softc *sc) 4054 { 4055 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4056 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4057 uint32_t tmp; 4058 4059 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4060 4061 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4062 tmp &= ~0x1fffff; 4063 tmp |= vap->iv_bss->ni_intval * 16; 4064 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4065 4066 if (ic->ic_opmode == IEEE80211_M_STA) { 4067 /* 4068 * Local TSF is always updated with remote TSF on beacon 4069 * reception. 4070 */ 4071 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4072 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4073 tmp |= RT2860_BCN_TX_EN; 4074 /* 4075 * Local TSF is updated with remote TSF on beacon reception 4076 * only if the remote TSF is greater than local TSF. 4077 */ 4078 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4079 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4080 ic->ic_opmode == IEEE80211_M_MBSS) { 4081 tmp |= RT2860_BCN_TX_EN; 4082 /* SYNC with nobody */ 4083 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4084 } else { 4085 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4086 return; 4087 } 4088 4089 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4090 } 4091 4092 static void 4093 run_enable_mrr(struct run_softc *sc) 4094 { 4095 #define CCK(mcs) (mcs) 4096 #define OFDM(mcs) (1 << 3 | (mcs)) 4097 run_write(sc, RT2860_LG_FBK_CFG0, 4098 OFDM(6) << 28 | /* 54->48 */ 4099 OFDM(5) << 24 | /* 48->36 */ 4100 OFDM(4) << 20 | /* 36->24 */ 4101 OFDM(3) << 16 | /* 24->18 */ 4102 OFDM(2) << 12 | /* 18->12 */ 4103 OFDM(1) << 8 | /* 12-> 9 */ 4104 OFDM(0) << 4 | /* 9-> 6 */ 4105 OFDM(0)); /* 6-> 6 */ 4106 4107 run_write(sc, RT2860_LG_FBK_CFG1, 4108 CCK(2) << 12 | /* 11->5.5 */ 4109 CCK(1) << 8 | /* 5.5-> 2 */ 4110 CCK(0) << 4 | /* 2-> 1 */ 4111 CCK(0)); /* 1-> 1 */ 4112 #undef OFDM 4113 #undef CCK 4114 } 4115 4116 static void 4117 run_set_txpreamble(struct run_softc *sc) 4118 { 4119 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4120 uint32_t tmp; 4121 4122 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4123 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4124 tmp |= RT2860_CCK_SHORT_EN; 4125 else 4126 tmp &= ~RT2860_CCK_SHORT_EN; 4127 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4128 } 4129 4130 static void 4131 run_set_basicrates(struct run_softc *sc) 4132 { 4133 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4134 4135 /* set basic rates mask */ 4136 if (ic->ic_curmode == IEEE80211_MODE_11B) 4137 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4138 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4139 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4140 else /* 11g */ 4141 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4142 } 4143 4144 static void 4145 run_set_leds(struct run_softc *sc, uint16_t which) 4146 { 4147 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4148 which | (sc->leds & 0x7f)); 4149 } 4150 4151 static void 4152 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4153 { 4154 run_write(sc, RT2860_MAC_BSSID_DW0, 4155 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4156 run_write(sc, RT2860_MAC_BSSID_DW1, 4157 bssid[4] | bssid[5] << 8); 4158 } 4159 4160 static void 4161 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4162 { 4163 run_write(sc, RT2860_MAC_ADDR_DW0, 4164 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4165 run_write(sc, RT2860_MAC_ADDR_DW1, 4166 addr[4] | addr[5] << 8 | 0xff << 16); 4167 } 4168 4169 /* ARGSUSED */ 4170 static void 4171 run_updateslot(struct ifnet *ifp) 4172 { 4173 struct run_softc *sc = ifp->if_softc; 4174 struct ieee80211com *ic = ifp->if_l2com; 4175 uint32_t tmp; 4176 4177 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4178 tmp &= ~0xff; 4179 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4180 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4181 } 4182 4183 static void 4184 run_update_mcast(struct ifnet *ifp) 4185 { 4186 /* h/w filter supports getting everything or nothing */ 4187 ifp->if_flags |= IFF_ALLMULTI; 4188 } 4189 4190 static int8_t 4191 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4192 { 4193 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4194 struct ieee80211_channel *c = ic->ic_curchan; 4195 int delta; 4196 4197 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4198 uint32_t chan = ieee80211_chan2ieee(ic, c); 4199 delta = sc->rssi_5ghz[rxchain]; 4200 4201 /* determine channel group */ 4202 if (chan <= 64) 4203 delta -= sc->lna[1]; 4204 else if (chan <= 128) 4205 delta -= sc->lna[2]; 4206 else 4207 delta -= sc->lna[3]; 4208 } else 4209 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4210 4211 return (-12 - delta - rssi); 4212 } 4213 4214 static int 4215 run_bbp_init(struct run_softc *sc) 4216 { 4217 int i, error, ntries; 4218 uint8_t bbp0; 4219 4220 /* wait for BBP to wake up */ 4221 for (ntries = 0; ntries < 20; ntries++) { 4222 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4223 return error; 4224 if (bbp0 != 0 && bbp0 != 0xff) 4225 break; 4226 } 4227 if (ntries == 20) 4228 return (ETIMEDOUT); 4229 4230 /* initialize BBP registers to default values */ 4231 for (i = 0; i < N(rt2860_def_bbp); i++) { 4232 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4233 rt2860_def_bbp[i].val); 4234 } 4235 4236 /* fix BBP84 for RT2860E */ 4237 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4238 run_bbp_write(sc, 84, 0x19); 4239 4240 if (sc->mac_ver >= 0x3070) { 4241 run_bbp_write(sc, 79, 0x13); 4242 run_bbp_write(sc, 80, 0x05); 4243 run_bbp_write(sc, 81, 0x33); 4244 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4245 run_bbp_write(sc, 69, 0x16); 4246 run_bbp_write(sc, 73, 0x12); 4247 } 4248 return (0); 4249 } 4250 4251 static int 4252 run_rt3070_rf_init(struct run_softc *sc) 4253 { 4254 uint32_t tmp; 4255 uint8_t rf, target, bbp4; 4256 int i; 4257 4258 run_rt3070_rf_read(sc, 30, &rf); 4259 /* toggle RF R30 bit 7 */ 4260 run_rt3070_rf_write(sc, 30, rf | 0x80); 4261 run_delay(sc, 10); 4262 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4263 4264 /* initialize RF registers to default value */ 4265 if (sc->mac_ver == 0x3572) { 4266 for (i = 0; i < N(rt3572_def_rf); i++) { 4267 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4268 rt3572_def_rf[i].val); 4269 } 4270 } else { 4271 for (i = 0; i < N(rt3070_def_rf); i++) { 4272 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4273 rt3070_def_rf[i].val); 4274 } 4275 } 4276 4277 if (sc->mac_ver == 0x3070) { 4278 /* change voltage from 1.2V to 1.35V for RT3070 */ 4279 run_read(sc, RT3070_LDO_CFG0, &tmp); 4280 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4281 run_write(sc, RT3070_LDO_CFG0, tmp); 4282 4283 } else if (sc->mac_ver == 0x3071) { 4284 run_rt3070_rf_read(sc, 6, &rf); 4285 run_rt3070_rf_write(sc, 6, rf | 0x40); 4286 run_rt3070_rf_write(sc, 31, 0x14); 4287 4288 run_read(sc, RT3070_LDO_CFG0, &tmp); 4289 tmp &= ~0x1f000000; 4290 if (sc->mac_rev < 0x0211) 4291 tmp |= 0x0d000000; /* 1.3V */ 4292 else 4293 tmp |= 0x01000000; /* 1.2V */ 4294 run_write(sc, RT3070_LDO_CFG0, tmp); 4295 4296 /* patch LNA_PE_G1 */ 4297 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4298 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4299 4300 } else if (sc->mac_ver == 0x3572) { 4301 run_rt3070_rf_read(sc, 6, &rf); 4302 run_rt3070_rf_write(sc, 6, rf | 0x40); 4303 4304 /* increase voltage from 1.2V to 1.35V */ 4305 run_read(sc, RT3070_LDO_CFG0, &tmp); 4306 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4307 run_write(sc, RT3070_LDO_CFG0, tmp); 4308 4309 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4310 run_delay(sc, 1); /* wait for 1msec */ 4311 /* decrease voltage back to 1.2V */ 4312 tmp = (tmp & ~0x1f000000) | 0x01000000; 4313 run_write(sc, RT3070_LDO_CFG0, tmp); 4314 } 4315 } 4316 4317 /* select 20MHz bandwidth */ 4318 run_rt3070_rf_read(sc, 31, &rf); 4319 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4320 4321 /* calibrate filter for 20MHz bandwidth */ 4322 sc->rf24_20mhz = 0x1f; /* default value */ 4323 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4324 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4325 4326 /* select 40MHz bandwidth */ 4327 run_bbp_read(sc, 4, &bbp4); 4328 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4329 run_rt3070_rf_read(sc, 31, &rf); 4330 run_rt3070_rf_write(sc, 31, rf | 0x20); 4331 4332 /* calibrate filter for 40MHz bandwidth */ 4333 sc->rf24_40mhz = 0x2f; /* default value */ 4334 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4335 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4336 4337 /* go back to 20MHz bandwidth */ 4338 run_bbp_read(sc, 4, &bbp4); 4339 run_bbp_write(sc, 4, bbp4 & ~0x18); 4340 4341 if (sc->mac_ver == 0x3572) { 4342 /* save default BBP registers 25 and 26 values */ 4343 run_bbp_read(sc, 25, &sc->bbp25); 4344 run_bbp_read(sc, 26, &sc->bbp26); 4345 } else if (sc->mac_rev < 0x0211) 4346 run_rt3070_rf_write(sc, 27, 0x03); 4347 4348 run_read(sc, RT3070_OPT_14, &tmp); 4349 run_write(sc, RT3070_OPT_14, tmp | 1); 4350 4351 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4352 run_rt3070_rf_read(sc, 17, &rf); 4353 rf &= ~RT3070_TX_LO1; 4354 if ((sc->mac_ver == 0x3070 || 4355 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4356 !sc->ext_2ghz_lna) 4357 rf |= 0x20; /* fix for long range Rx issue */ 4358 if (sc->txmixgain_2ghz >= 1) 4359 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4360 run_rt3070_rf_write(sc, 17, rf); 4361 } 4362 4363 if (sc->mac_rev == 0x3071) { 4364 run_rt3070_rf_read(sc, 1, &rf); 4365 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4366 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4367 run_rt3070_rf_write(sc, 1, rf); 4368 4369 run_rt3070_rf_read(sc, 15, &rf); 4370 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4371 4372 run_rt3070_rf_read(sc, 20, &rf); 4373 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4374 4375 run_rt3070_rf_read(sc, 21, &rf); 4376 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4377 } 4378 4379 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4380 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4381 run_rt3070_rf_read(sc, 27, &rf); 4382 rf &= ~0x77; 4383 if (sc->mac_rev < 0x0211) 4384 rf |= 0x03; 4385 run_rt3070_rf_write(sc, 27, rf); 4386 } 4387 return (0); 4388 } 4389 4390 static int 4391 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4392 uint8_t *val) 4393 { 4394 uint8_t rf22, rf24; 4395 uint8_t bbp55_pb, bbp55_sb, delta; 4396 int ntries; 4397 4398 /* program filter */ 4399 run_rt3070_rf_read(sc, 24, &rf24); 4400 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4401 run_rt3070_rf_write(sc, 24, rf24); 4402 4403 /* enable baseband loopback mode */ 4404 run_rt3070_rf_read(sc, 22, &rf22); 4405 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4406 4407 /* set power and frequency of passband test tone */ 4408 run_bbp_write(sc, 24, 0x00); 4409 for (ntries = 0; ntries < 100; ntries++) { 4410 /* transmit test tone */ 4411 run_bbp_write(sc, 25, 0x90); 4412 run_delay(sc, 10); 4413 /* read received power */ 4414 run_bbp_read(sc, 55, &bbp55_pb); 4415 if (bbp55_pb != 0) 4416 break; 4417 } 4418 if (ntries == 100) 4419 return ETIMEDOUT; 4420 4421 /* set power and frequency of stopband test tone */ 4422 run_bbp_write(sc, 24, 0x06); 4423 for (ntries = 0; ntries < 100; ntries++) { 4424 /* transmit test tone */ 4425 run_bbp_write(sc, 25, 0x90); 4426 run_delay(sc, 10); 4427 /* read received power */ 4428 run_bbp_read(sc, 55, &bbp55_sb); 4429 4430 delta = bbp55_pb - bbp55_sb; 4431 if (delta > target) 4432 break; 4433 4434 /* reprogram filter */ 4435 rf24++; 4436 run_rt3070_rf_write(sc, 24, rf24); 4437 } 4438 if (ntries < 100) { 4439 if (rf24 != init) 4440 rf24--; /* backtrack */ 4441 *val = rf24; 4442 run_rt3070_rf_write(sc, 24, rf24); 4443 } 4444 4445 /* restore initial state */ 4446 run_bbp_write(sc, 24, 0x00); 4447 4448 /* disable baseband loopback mode */ 4449 run_rt3070_rf_read(sc, 22, &rf22); 4450 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4451 4452 return (0); 4453 } 4454 4455 static void 4456 run_rt3070_rf_setup(struct run_softc *sc) 4457 { 4458 uint8_t bbp, rf; 4459 int i; 4460 4461 if (sc->mac_ver == 0x3572) { 4462 /* enable DC filter */ 4463 if (sc->mac_rev >= 0x0201) 4464 run_bbp_write(sc, 103, 0xc0); 4465 4466 run_bbp_read(sc, 138, &bbp); 4467 if (sc->ntxchains == 1) 4468 bbp |= 0x20; /* turn off DAC1 */ 4469 if (sc->nrxchains == 1) 4470 bbp &= ~0x02; /* turn off ADC1 */ 4471 run_bbp_write(sc, 138, bbp); 4472 4473 if (sc->mac_rev >= 0x0211) { 4474 /* improve power consumption */ 4475 run_bbp_read(sc, 31, &bbp); 4476 run_bbp_write(sc, 31, bbp & ~0x03); 4477 } 4478 4479 run_rt3070_rf_read(sc, 16, &rf); 4480 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4481 run_rt3070_rf_write(sc, 16, rf); 4482 4483 } else if (sc->mac_ver == 0x3071) { 4484 /* enable DC filter */ 4485 if (sc->mac_rev >= 0x0201) 4486 run_bbp_write(sc, 103, 0xc0); 4487 4488 run_bbp_read(sc, 138, &bbp); 4489 if (sc->ntxchains == 1) 4490 bbp |= 0x20; /* turn off DAC1 */ 4491 if (sc->nrxchains == 1) 4492 bbp &= ~0x02; /* turn off ADC1 */ 4493 run_bbp_write(sc, 138, bbp); 4494 4495 if (sc->mac_rev >= 0x0211) { 4496 /* improve power consumption */ 4497 run_bbp_read(sc, 31, &bbp); 4498 run_bbp_write(sc, 31, bbp & ~0x03); 4499 } 4500 4501 run_write(sc, RT2860_TX_SW_CFG1, 0); 4502 if (sc->mac_rev < 0x0211) { 4503 run_write(sc, RT2860_TX_SW_CFG2, 4504 sc->patch_dac ? 0x2c : 0x0f); 4505 } else 4506 run_write(sc, RT2860_TX_SW_CFG2, 0); 4507 4508 } else if (sc->mac_ver == 0x3070) { 4509 if (sc->mac_rev >= 0x0201) { 4510 /* enable DC filter */ 4511 run_bbp_write(sc, 103, 0xc0); 4512 4513 /* improve power consumption */ 4514 run_bbp_read(sc, 31, &bbp); 4515 run_bbp_write(sc, 31, bbp & ~0x03); 4516 } 4517 4518 if (sc->mac_rev < 0x0211) { 4519 run_write(sc, RT2860_TX_SW_CFG1, 0); 4520 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4521 } else 4522 run_write(sc, RT2860_TX_SW_CFG2, 0); 4523 } 4524 4525 /* initialize RF registers from ROM for >=RT3071*/ 4526 if (sc->mac_ver >= 0x3071) { 4527 for (i = 0; i < 10; i++) { 4528 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4529 continue; 4530 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4531 } 4532 } 4533 } 4534 4535 static int 4536 run_txrx_enable(struct run_softc *sc) 4537 { 4538 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4539 uint32_t tmp; 4540 int error, ntries; 4541 4542 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4543 for (ntries = 0; ntries < 200; ntries++) { 4544 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4545 return error; 4546 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4547 break; 4548 run_delay(sc, 50); 4549 } 4550 if (ntries == 200) 4551 return ETIMEDOUT; 4552 4553 run_delay(sc, 50); 4554 4555 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4556 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4557 4558 /* enable Rx bulk aggregation (set timeout and limit) */ 4559 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4560 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4561 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4562 4563 /* set Rx filter */ 4564 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4565 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4566 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4567 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4568 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4569 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4570 if (ic->ic_opmode == IEEE80211_M_STA) 4571 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4572 } 4573 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4574 4575 run_write(sc, RT2860_MAC_SYS_CTRL, 4576 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4577 4578 return (0); 4579 } 4580 4581 static void 4582 run_init_locked(struct run_softc *sc) 4583 { 4584 struct ifnet *ifp = sc->sc_ifp; 4585 struct ieee80211com *ic = ifp->if_l2com; 4586 uint32_t tmp; 4587 uint8_t bbp1, bbp3; 4588 int i; 4589 int ridx; 4590 int ntries; 4591 4592 if (ic->ic_nrunning > 1) 4593 return; 4594 4595 run_stop(sc); 4596 4597 if (run_load_microcode(sc) != 0) { 4598 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 4599 goto fail; 4600 } 4601 4602 for (ntries = 0; ntries < 100; ntries++) { 4603 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4604 goto fail; 4605 if (tmp != 0 && tmp != 0xffffffff) 4606 break; 4607 run_delay(sc, 10); 4608 } 4609 if (ntries == 100) 4610 goto fail; 4611 4612 for (i = 0; i != RUN_EP_QUEUES; i++) 4613 run_setup_tx_list(sc, &sc->sc_epq[i]); 4614 4615 run_set_macaddr(sc, IF_LLADDR(ifp)); 4616 4617 for (ntries = 0; ntries < 100; ntries++) { 4618 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4619 goto fail; 4620 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4621 break; 4622 run_delay(sc, 10); 4623 } 4624 if (ntries == 100) { 4625 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4626 goto fail; 4627 } 4628 tmp &= 0xff0; 4629 tmp |= RT2860_TX_WB_DDONE; 4630 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4631 4632 /* turn off PME_OEN to solve high-current issue */ 4633 run_read(sc, RT2860_SYS_CTRL, &tmp); 4634 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4635 4636 run_write(sc, RT2860_MAC_SYS_CTRL, 4637 RT2860_BBP_HRST | RT2860_MAC_SRST); 4638 run_write(sc, RT2860_USB_DMA_CFG, 0); 4639 4640 if (run_reset(sc) != 0) { 4641 device_printf(sc->sc_dev, "could not reset chipset\n"); 4642 goto fail; 4643 } 4644 4645 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4646 4647 /* init Tx power for all Tx rates (from EEPROM) */ 4648 for (ridx = 0; ridx < 5; ridx++) { 4649 if (sc->txpow20mhz[ridx] == 0xffffffff) 4650 continue; 4651 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4652 } 4653 4654 for (i = 0; i < N(rt2870_def_mac); i++) 4655 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4656 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4657 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4658 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4659 4660 if (sc->mac_ver >= 0x3070) { 4661 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4662 run_write(sc, RT2860_TX_SW_CFG0, 4663 4 << RT2860_DLY_PAPE_EN_SHIFT); 4664 } 4665 4666 /* wait while MAC is busy */ 4667 for (ntries = 0; ntries < 100; ntries++) { 4668 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4669 goto fail; 4670 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4671 break; 4672 run_delay(sc, 10); 4673 } 4674 if (ntries == 100) 4675 goto fail; 4676 4677 /* clear Host to MCU mailbox */ 4678 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4679 run_write(sc, RT2860_H2M_MAILBOX, 0); 4680 run_delay(sc, 10); 4681 4682 if (run_bbp_init(sc) != 0) { 4683 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4684 goto fail; 4685 } 4686 4687 /* abort TSF synchronization */ 4688 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4689 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4690 RT2860_TBTT_TIMER_EN); 4691 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4692 4693 /* clear RX WCID search table */ 4694 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4695 /* clear WCID attribute table */ 4696 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4697 4698 /* hostapd sets a key before init. So, don't clear it. */ 4699 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4700 /* clear shared key table */ 4701 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4702 /* clear shared key mode */ 4703 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4704 } 4705 4706 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4707 tmp = (tmp & ~0xff) | 0x1e; 4708 run_write(sc, RT2860_US_CYC_CNT, tmp); 4709 4710 if (sc->mac_rev != 0x0101) 4711 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4712 4713 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4714 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4715 4716 /* write vendor-specific BBP values (from EEPROM) */ 4717 for (i = 0; i < 10; i++) { 4718 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4719 continue; 4720 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4721 } 4722 4723 /* select Main antenna for 1T1R devices */ 4724 if (sc->rf_rev == RT3070_RF_3020) 4725 run_set_rx_antenna(sc, 0); 4726 4727 /* send LEDs operating mode to microcontroller */ 4728 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4729 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4730 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4731 4732 if (sc->mac_ver >= 0x3070) 4733 run_rt3070_rf_init(sc); 4734 4735 /* disable non-existing Rx chains */ 4736 run_bbp_read(sc, 3, &bbp3); 4737 bbp3 &= ~(1 << 3 | 1 << 4); 4738 if (sc->nrxchains == 2) 4739 bbp3 |= 1 << 3; 4740 else if (sc->nrxchains == 3) 4741 bbp3 |= 1 << 4; 4742 run_bbp_write(sc, 3, bbp3); 4743 4744 /* disable non-existing Tx chains */ 4745 run_bbp_read(sc, 1, &bbp1); 4746 if (sc->ntxchains == 1) 4747 bbp1 &= ~(1 << 3 | 1 << 4); 4748 run_bbp_write(sc, 1, bbp1); 4749 4750 if (sc->mac_ver >= 0x3070) 4751 run_rt3070_rf_setup(sc); 4752 4753 /* select default channel */ 4754 run_set_chan(sc, ic->ic_curchan); 4755 4756 /* setup initial protection mode */ 4757 run_updateprot(ic); 4758 4759 /* turn radio LED on */ 4760 run_set_leds(sc, RT2860_LED_RADIO); 4761 4762 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4763 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4764 sc->cmdq_run = RUN_CMDQ_GO; 4765 4766 for (i = 0; i != RUN_N_XFER; i++) 4767 usbd_xfer_set_stall(sc->sc_xfer[i]); 4768 4769 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4770 4771 if (run_txrx_enable(sc) != 0) 4772 goto fail; 4773 4774 return; 4775 4776 fail: 4777 run_stop(sc); 4778 } 4779 4780 static void 4781 run_init(void *arg) 4782 { 4783 struct run_softc *sc = arg; 4784 struct ifnet *ifp = sc->sc_ifp; 4785 struct ieee80211com *ic = ifp->if_l2com; 4786 4787 RUN_LOCK(sc); 4788 run_init_locked(sc); 4789 RUN_UNLOCK(sc); 4790 4791 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4792 ieee80211_start_all(ic); 4793 } 4794 4795 static void 4796 run_stop(void *arg) 4797 { 4798 struct run_softc *sc = (struct run_softc *)arg; 4799 struct ifnet *ifp = sc->sc_ifp; 4800 uint32_t tmp; 4801 int i; 4802 int ntries; 4803 4804 RUN_LOCK_ASSERT(sc, MA_OWNED); 4805 4806 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4807 run_set_leds(sc, 0); /* turn all LEDs off */ 4808 4809 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4810 4811 sc->ratectl_run = RUN_RATECTL_OFF; 4812 sc->cmdq_run = sc->cmdq_key_set; 4813 4814 RUN_UNLOCK(sc); 4815 4816 for(i = 0; i < RUN_N_XFER; i++) 4817 usbd_transfer_drain(sc->sc_xfer[i]); 4818 4819 RUN_LOCK(sc); 4820 4821 if (sc->rx_m != NULL) { 4822 m_free(sc->rx_m); 4823 sc->rx_m = NULL; 4824 } 4825 4826 /* disable Tx/Rx */ 4827 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4828 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4829 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4830 4831 /* wait for pending Tx to complete */ 4832 for (ntries = 0; ntries < 100; ntries++) { 4833 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4834 DPRINTF("Cannot read Tx queue count\n"); 4835 break; 4836 } 4837 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4838 DPRINTF("All Tx cleared\n"); 4839 break; 4840 } 4841 run_delay(sc, 10); 4842 } 4843 if (ntries >= 100) 4844 DPRINTF("There are still pending Tx\n"); 4845 run_delay(sc, 10); 4846 run_write(sc, RT2860_USB_DMA_CFG, 0); 4847 4848 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4849 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4850 4851 for (i = 0; i != RUN_EP_QUEUES; i++) 4852 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4853 4854 return; 4855 } 4856 4857 static void 4858 run_delay(struct run_softc *sc, unsigned int ms) 4859 { 4860 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4861 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4862 } 4863 4864 static device_method_t run_methods[] = { 4865 /* Device interface */ 4866 DEVMETHOD(device_probe, run_match), 4867 DEVMETHOD(device_attach, run_attach), 4868 DEVMETHOD(device_detach, run_detach), 4869 4870 { 0, 0 } 4871 }; 4872 4873 static driver_t run_driver = { 4874 .name = "run", 4875 .methods = run_methods, 4876 .size = sizeof(struct run_softc) 4877 }; 4878 4879 static devclass_t run_devclass; 4880 4881 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4882 MODULE_DEPEND(run, wlan, 1, 1, 1); 4883 MODULE_DEPEND(run, usb, 1, 1, 1); 4884 MODULE_DEPEND(run, firmware, 1, 1, 1); 4885 MODULE_VERSION(run, 1);
Cache object: daa80481bb172a60150ae0e32472469e
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]