Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/dev/usb/wlan/if_run.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD: releng/9.1/sys/dev/usb/wlan/if_run.c 236897 2012-06-11 17:23:24Z hselasky $"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 74 #include <dev/usb/wlan/if_runreg.h> 75 #include <dev/usb/wlan/if_runvar.h> 76 77 #define N(_a) ((int)(sizeof((_a)) / sizeof((_a)[0]))) 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88 #endif 89 90 #define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F5D8053V3), 146 RUN_DEV(BELKIN, F5D8055), 147 RUN_DEV(BELKIN, F5D8055V2), 148 RUN_DEV(BELKIN, F6D4050V1), 149 RUN_DEV(BELKIN, RT2870_1), 150 RUN_DEV(BELKIN, RT2870_2), 151 RUN_DEV(CISCOLINKSYS, AE1000), 152 RUN_DEV(CISCOLINKSYS2, RT3070), 153 RUN_DEV(CISCOLINKSYS3, RT3070), 154 RUN_DEV(CONCEPTRONIC2, RT2870_1), 155 RUN_DEV(CONCEPTRONIC2, RT2870_2), 156 RUN_DEV(CONCEPTRONIC2, RT2870_3), 157 RUN_DEV(CONCEPTRONIC2, RT2870_4), 158 RUN_DEV(CONCEPTRONIC2, RT2870_5), 159 RUN_DEV(CONCEPTRONIC2, RT2870_6), 160 RUN_DEV(CONCEPTRONIC2, RT2870_7), 161 RUN_DEV(CONCEPTRONIC2, RT2870_8), 162 RUN_DEV(CONCEPTRONIC2, RT3070_1), 163 RUN_DEV(CONCEPTRONIC2, RT3070_2), 164 RUN_DEV(CONCEPTRONIC2, VIGORN61), 165 RUN_DEV(COREGA, CGWLUSB300GNM), 166 RUN_DEV(COREGA, RT2870_1), 167 RUN_DEV(COREGA, RT2870_2), 168 RUN_DEV(COREGA, RT2870_3), 169 RUN_DEV(COREGA, RT3070), 170 RUN_DEV(CYBERTAN, RT2870), 171 RUN_DEV(DLINK, RT2870), 172 RUN_DEV(DLINK, RT3072), 173 RUN_DEV(DLINK2, DWA130), 174 RUN_DEV(DLINK2, RT2870_1), 175 RUN_DEV(DLINK2, RT2870_2), 176 RUN_DEV(DLINK2, RT3070_1), 177 RUN_DEV(DLINK2, RT3070_2), 178 RUN_DEV(DLINK2, RT3070_3), 179 RUN_DEV(DLINK2, RT3070_4), 180 RUN_DEV(DLINK2, RT3070_5), 181 RUN_DEV(DLINK2, RT3072), 182 RUN_DEV(DLINK2, RT3072_1), 183 RUN_DEV(EDIMAX, EW7717), 184 RUN_DEV(EDIMAX, EW7718), 185 RUN_DEV(EDIMAX, RT2870_1), 186 RUN_DEV(ENCORE, RT3070_1), 187 RUN_DEV(ENCORE, RT3070_2), 188 RUN_DEV(ENCORE, RT3070_3), 189 RUN_DEV(GIGABYTE, GNWB31N), 190 RUN_DEV(GIGABYTE, GNWB32L), 191 RUN_DEV(GIGABYTE, RT2870_1), 192 RUN_DEV(GIGASET, RT3070_1), 193 RUN_DEV(GIGASET, RT3070_2), 194 RUN_DEV(GUILLEMOT, HWNU300), 195 RUN_DEV(HAWKING, HWUN2), 196 RUN_DEV(HAWKING, RT2870_1), 197 RUN_DEV(HAWKING, RT2870_2), 198 RUN_DEV(HAWKING, RT3070), 199 RUN_DEV(IODATA, RT3072_1), 200 RUN_DEV(IODATA, RT3072_2), 201 RUN_DEV(IODATA, RT3072_3), 202 RUN_DEV(IODATA, RT3072_4), 203 RUN_DEV(LINKSYS4, RT3070), 204 RUN_DEV(LINKSYS4, WUSB100), 205 RUN_DEV(LINKSYS4, WUSB54GCV3), 206 RUN_DEV(LINKSYS4, WUSB600N), 207 RUN_DEV(LINKSYS4, WUSB600NV2), 208 RUN_DEV(LOGITEC, RT2870_1), 209 RUN_DEV(LOGITEC, RT2870_2), 210 RUN_DEV(LOGITEC, RT2870_3), 211 RUN_DEV(LOGITEC, LANW300NU2), 212 RUN_DEV(MELCO, RT2870_1), 213 RUN_DEV(MELCO, RT2870_2), 214 RUN_DEV(MELCO, WLIUCAG300N), 215 RUN_DEV(MELCO, WLIUCG300N), 216 RUN_DEV(MELCO, WLIUCG301N), 217 RUN_DEV(MELCO, WLIUCGN), 218 RUN_DEV(MELCO, WLIUCGNM), 219 RUN_DEV(MOTOROLA4, RT2770), 220 RUN_DEV(MOTOROLA4, RT3070), 221 RUN_DEV(MSI, RT3070_1), 222 RUN_DEV(MSI, RT3070_2), 223 RUN_DEV(MSI, RT3070_3), 224 RUN_DEV(MSI, RT3070_4), 225 RUN_DEV(MSI, RT3070_5), 226 RUN_DEV(MSI, RT3070_6), 227 RUN_DEV(MSI, RT3070_7), 228 RUN_DEV(MSI, RT3070_8), 229 RUN_DEV(MSI, RT3070_9), 230 RUN_DEV(MSI, RT3070_10), 231 RUN_DEV(MSI, RT3070_11), 232 RUN_DEV(OVISLINK, RT3072), 233 RUN_DEV(PARA, RT3070), 234 RUN_DEV(PEGATRON, RT2870), 235 RUN_DEV(PEGATRON, RT3070), 236 RUN_DEV(PEGATRON, RT3070_2), 237 RUN_DEV(PEGATRON, RT3070_3), 238 RUN_DEV(PHILIPS, RT2870), 239 RUN_DEV(PLANEX2, GWUS300MINIS), 240 RUN_DEV(PLANEX2, GWUSMICRON), 241 RUN_DEV(PLANEX2, RT2870), 242 RUN_DEV(PLANEX2, RT3070), 243 RUN_DEV(QCOM, RT2870), 244 RUN_DEV(QUANTA, RT3070), 245 RUN_DEV(RALINK, RT2070), 246 RUN_DEV(RALINK, RT2770), 247 RUN_DEV(RALINK, RT2870), 248 RUN_DEV(RALINK, RT3070), 249 RUN_DEV(RALINK, RT3071), 250 RUN_DEV(RALINK, RT3072), 251 RUN_DEV(RALINK, RT3370), 252 RUN_DEV(RALINK, RT3572), 253 RUN_DEV(RALINK, RT8070), 254 RUN_DEV(SAMSUNG, WIS09ABGN), 255 RUN_DEV(SAMSUNG2, RT2870_1), 256 RUN_DEV(SENAO, RT2870_1), 257 RUN_DEV(SENAO, RT2870_2), 258 RUN_DEV(SENAO, RT2870_3), 259 RUN_DEV(SENAO, RT2870_4), 260 RUN_DEV(SENAO, RT3070), 261 RUN_DEV(SENAO, RT3071), 262 RUN_DEV(SENAO, RT3072_1), 263 RUN_DEV(SENAO, RT3072_2), 264 RUN_DEV(SENAO, RT3072_3), 265 RUN_DEV(SENAO, RT3072_4), 266 RUN_DEV(SENAO, RT3072_5), 267 RUN_DEV(SITECOMEU, RT2770), 268 RUN_DEV(SITECOMEU, RT2870_1), 269 RUN_DEV(SITECOMEU, RT2870_2), 270 RUN_DEV(SITECOMEU, RT2870_3), 271 RUN_DEV(SITECOMEU, RT2870_4), 272 RUN_DEV(SITECOMEU, RT3070), 273 RUN_DEV(SITECOMEU, RT3070_2), 274 RUN_DEV(SITECOMEU, RT3070_3), 275 RUN_DEV(SITECOMEU, RT3070_4), 276 RUN_DEV(SITECOMEU, RT3071), 277 RUN_DEV(SITECOMEU, RT3072_1), 278 RUN_DEV(SITECOMEU, RT3072_2), 279 RUN_DEV(SITECOMEU, RT3072_3), 280 RUN_DEV(SITECOMEU, RT3072_4), 281 RUN_DEV(SITECOMEU, RT3072_5), 282 RUN_DEV(SITECOMEU, RT3072_6), 283 RUN_DEV(SITECOMEU, WL608), 284 RUN_DEV(SPARKLAN, RT2870_1), 285 RUN_DEV(SPARKLAN, RT3070), 286 RUN_DEV(SWEEX2, LW153), 287 RUN_DEV(SWEEX2, LW303), 288 RUN_DEV(SWEEX2, LW313), 289 RUN_DEV(TOSHIBA, RT3070), 290 RUN_DEV(UMEDIA, RT2870_1), 291 RUN_DEV(ZCOM, RT2870_1), 292 RUN_DEV(ZCOM, RT2870_2), 293 RUN_DEV(ZINWELL, RT2870_1), 294 RUN_DEV(ZINWELL, RT2870_2), 295 RUN_DEV(ZINWELL, RT3070), 296 RUN_DEV(ZINWELL, RT3072_1), 297 RUN_DEV(ZINWELL, RT3072_2), 298 RUN_DEV(ZYXEL, RT2870_1), 299 RUN_DEV(ZYXEL, RT2870_2), 300 #undef RUN_DEV 301 }; 302 303 static device_probe_t run_match; 304 static device_attach_t run_attach; 305 static device_detach_t run_detach; 306 307 static usb_callback_t run_bulk_rx_callback; 308 static usb_callback_t run_bulk_tx_callback0; 309 static usb_callback_t run_bulk_tx_callback1; 310 static usb_callback_t run_bulk_tx_callback2; 311 static usb_callback_t run_bulk_tx_callback3; 312 static usb_callback_t run_bulk_tx_callback4; 313 static usb_callback_t run_bulk_tx_callback5; 314 315 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 316 usb_error_t error, unsigned int index); 317 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 318 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 319 const uint8_t [IEEE80211_ADDR_LEN], 320 const uint8_t [IEEE80211_ADDR_LEN]); 321 static void run_vap_delete(struct ieee80211vap *); 322 static void run_cmdq_cb(void *, int); 323 static void run_setup_tx_list(struct run_softc *, 324 struct run_endpoint_queue *); 325 static void run_unsetup_tx_list(struct run_softc *, 326 struct run_endpoint_queue *); 327 static int run_load_microcode(struct run_softc *); 328 static int run_reset(struct run_softc *); 329 static usb_error_t run_do_request(struct run_softc *, 330 struct usb_device_request *, void *); 331 static int run_read(struct run_softc *, uint16_t, uint32_t *); 332 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 333 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 334 static int run_write(struct run_softc *, uint16_t, uint32_t); 335 static int run_write_region_1(struct run_softc *, uint16_t, 336 const uint8_t *, int); 337 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 338 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 339 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 340 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 341 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 342 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 343 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 344 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 345 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 346 static const char *run_get_rf(int); 347 static int run_read_eeprom(struct run_softc *); 348 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 349 const uint8_t mac[IEEE80211_ADDR_LEN]); 350 static int run_media_change(struct ifnet *); 351 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 352 static int run_wme_update(struct ieee80211com *); 353 static void run_wme_update_cb(void *); 354 static void run_key_update_begin(struct ieee80211vap *); 355 static void run_key_update_end(struct ieee80211vap *); 356 static void run_key_set_cb(void *); 357 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 358 const uint8_t mac[IEEE80211_ADDR_LEN]); 359 static void run_key_delete_cb(void *); 360 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 361 static void run_ratectl_to(void *); 362 static void run_ratectl_cb(void *, int); 363 static void run_drain_fifo(void *); 364 static void run_iter_func(void *, struct ieee80211_node *); 365 static void run_newassoc_cb(void *); 366 static void run_newassoc(struct ieee80211_node *, int); 367 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 368 static void run_tx_free(struct run_endpoint_queue *pq, 369 struct run_tx_data *, int); 370 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 371 static int run_tx(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *); 373 static int run_tx_mgt(struct run_softc *, struct mbuf *, 374 struct ieee80211_node *); 375 static int run_sendprot(struct run_softc *, const struct mbuf *, 376 struct ieee80211_node *, int, int); 377 static int run_tx_param(struct run_softc *, struct mbuf *, 378 struct ieee80211_node *, 379 const struct ieee80211_bpf_params *); 380 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 381 const struct ieee80211_bpf_params *); 382 static void run_start(struct ifnet *); 383 static int run_ioctl(struct ifnet *, u_long, caddr_t); 384 static void run_set_agc(struct run_softc *, uint8_t); 385 static void run_select_chan_group(struct run_softc *, int); 386 static void run_set_rx_antenna(struct run_softc *, int); 387 static void run_rt2870_set_chan(struct run_softc *, u_int); 388 static void run_rt3070_set_chan(struct run_softc *, u_int); 389 static void run_rt3572_set_chan(struct run_softc *, u_int); 390 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 391 static void run_set_channel(struct ieee80211com *); 392 static void run_scan_start(struct ieee80211com *); 393 static void run_scan_end(struct ieee80211com *); 394 static void run_update_beacon(struct ieee80211vap *, int); 395 static void run_update_beacon_cb(void *); 396 static void run_updateprot(struct ieee80211com *); 397 static void run_updateprot_cb(void *); 398 static void run_usb_timeout_cb(void *); 399 static void run_reset_livelock(struct run_softc *); 400 static void run_enable_tsf_sync(struct run_softc *); 401 static void run_enable_mrr(struct run_softc *); 402 static void run_set_txpreamble(struct run_softc *); 403 static void run_set_basicrates(struct run_softc *); 404 static void run_set_leds(struct run_softc *, uint16_t); 405 static void run_set_bssid(struct run_softc *, const uint8_t *); 406 static void run_set_macaddr(struct run_softc *, const uint8_t *); 407 static void run_updateslot(struct ifnet *); 408 static void run_updateslot_cb(void *); 409 static void run_update_mcast(struct ifnet *); 410 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 411 static void run_update_promisc_locked(struct ifnet *); 412 static void run_update_promisc(struct ifnet *); 413 static int run_bbp_init(struct run_softc *); 414 static int run_rt3070_rf_init(struct run_softc *); 415 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 416 uint8_t *); 417 static void run_rt3070_rf_setup(struct run_softc *); 418 static int run_txrx_enable(struct run_softc *); 419 static void run_init(void *); 420 static void run_init_locked(struct run_softc *); 421 static void run_stop(void *); 422 static void run_delay(struct run_softc *, unsigned int); 423 424 static const struct { 425 uint16_t reg; 426 uint32_t val; 427 } rt2870_def_mac[] = { 428 RT2870_DEF_MAC 429 }; 430 431 static const struct { 432 uint8_t reg; 433 uint8_t val; 434 } rt2860_def_bbp[] = { 435 RT2860_DEF_BBP 436 }; 437 438 static const struct rfprog { 439 uint8_t chan; 440 uint32_t r1, r2, r3, r4; 441 } rt2860_rf2850[] = { 442 RT2860_RF2850 443 }; 444 445 struct { 446 uint8_t n, r, k; 447 } rt3070_freqs[] = { 448 RT3070_RF3052 449 }; 450 451 static const struct { 452 uint8_t reg; 453 uint8_t val; 454 } rt3070_def_rf[] = { 455 RT3070_DEF_RF 456 },rt3572_def_rf[] = { 457 RT3572_DEF_RF 458 }; 459 460 static const struct usb_config run_config[RUN_N_XFER] = { 461 [RUN_BULK_TX_BE] = { 462 .type = UE_BULK, 463 .endpoint = UE_ADDR_ANY, 464 .ep_index = 0, 465 .direction = UE_DIR_OUT, 466 .bufsize = RUN_MAX_TXSZ, 467 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 468 .callback = run_bulk_tx_callback0, 469 .timeout = 5000, /* ms */ 470 }, 471 [RUN_BULK_TX_BK] = { 472 .type = UE_BULK, 473 .endpoint = UE_ADDR_ANY, 474 .direction = UE_DIR_OUT, 475 .ep_index = 1, 476 .bufsize = RUN_MAX_TXSZ, 477 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 478 .callback = run_bulk_tx_callback1, 479 .timeout = 5000, /* ms */ 480 }, 481 [RUN_BULK_TX_VI] = { 482 .type = UE_BULK, 483 .endpoint = UE_ADDR_ANY, 484 .direction = UE_DIR_OUT, 485 .ep_index = 2, 486 .bufsize = RUN_MAX_TXSZ, 487 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 488 .callback = run_bulk_tx_callback2, 489 .timeout = 5000, /* ms */ 490 }, 491 [RUN_BULK_TX_VO] = { 492 .type = UE_BULK, 493 .endpoint = UE_ADDR_ANY, 494 .direction = UE_DIR_OUT, 495 .ep_index = 3, 496 .bufsize = RUN_MAX_TXSZ, 497 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 498 .callback = run_bulk_tx_callback3, 499 .timeout = 5000, /* ms */ 500 }, 501 [RUN_BULK_TX_HCCA] = { 502 .type = UE_BULK, 503 .endpoint = UE_ADDR_ANY, 504 .direction = UE_DIR_OUT, 505 .ep_index = 4, 506 .bufsize = RUN_MAX_TXSZ, 507 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 508 .callback = run_bulk_tx_callback4, 509 .timeout = 5000, /* ms */ 510 }, 511 [RUN_BULK_TX_PRIO] = { 512 .type = UE_BULK, 513 .endpoint = UE_ADDR_ANY, 514 .direction = UE_DIR_OUT, 515 .ep_index = 5, 516 .bufsize = RUN_MAX_TXSZ, 517 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 518 .callback = run_bulk_tx_callback5, 519 .timeout = 5000, /* ms */ 520 }, 521 [RUN_BULK_RX] = { 522 .type = UE_BULK, 523 .endpoint = UE_ADDR_ANY, 524 .direction = UE_DIR_IN, 525 .bufsize = RUN_MAX_RXSZ, 526 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 527 .callback = run_bulk_rx_callback, 528 } 529 }; 530 531 static int 532 run_match(device_t self) 533 { 534 struct usb_attach_arg *uaa = device_get_ivars(self); 535 536 if (uaa->usb_mode != USB_MODE_HOST) 537 return (ENXIO); 538 if (uaa->info.bConfigIndex != 0) 539 return (ENXIO); 540 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 541 return (ENXIO); 542 543 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 544 } 545 546 static int 547 run_attach(device_t self) 548 { 549 struct run_softc *sc = device_get_softc(self); 550 struct usb_attach_arg *uaa = device_get_ivars(self); 551 struct ieee80211com *ic; 552 struct ifnet *ifp; 553 uint32_t ver; 554 int i, ntries, error; 555 uint8_t iface_index, bands; 556 557 device_set_usb_desc(self); 558 sc->sc_udev = uaa->device; 559 sc->sc_dev = self; 560 561 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 562 MTX_NETWORK_LOCK, MTX_DEF); 563 564 iface_index = RT2860_IFACE_INDEX; 565 566 error = usbd_transfer_setup(uaa->device, &iface_index, 567 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 568 if (error) { 569 device_printf(self, "could not allocate USB transfers, " 570 "err=%s\n", usbd_errstr(error)); 571 goto detach; 572 } 573 574 RUN_LOCK(sc); 575 576 /* wait for the chip to settle */ 577 for (ntries = 0; ntries < 100; ntries++) { 578 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 579 RUN_UNLOCK(sc); 580 goto detach; 581 } 582 if (ver != 0 && ver != 0xffffffff) 583 break; 584 run_delay(sc, 10); 585 } 586 if (ntries == 100) { 587 device_printf(sc->sc_dev, 588 "timeout waiting for NIC to initialize\n"); 589 RUN_UNLOCK(sc); 590 goto detach; 591 } 592 sc->mac_ver = ver >> 16; 593 sc->mac_rev = ver & 0xffff; 594 595 /* retrieve RF rev. no and various other things from EEPROM */ 596 run_read_eeprom(sc); 597 598 device_printf(sc->sc_dev, 599 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 600 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 601 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 602 603 RUN_UNLOCK(sc); 604 605 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 606 if (ifp == NULL) { 607 device_printf(sc->sc_dev, "can not if_alloc()\n"); 608 goto detach; 609 } 610 ic = ifp->if_l2com; 611 612 ifp->if_softc = sc; 613 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 614 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 615 ifp->if_init = run_init; 616 ifp->if_ioctl = run_ioctl; 617 ifp->if_start = run_start; 618 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 619 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 620 IFQ_SET_READY(&ifp->if_snd); 621 622 ic->ic_ifp = ifp; 623 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 624 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 625 626 /* set device capabilities */ 627 ic->ic_caps = 628 IEEE80211_C_STA | /* station mode supported */ 629 IEEE80211_C_MONITOR | /* monitor mode supported */ 630 IEEE80211_C_IBSS | 631 IEEE80211_C_HOSTAP | 632 IEEE80211_C_WDS | /* 4-address traffic works */ 633 IEEE80211_C_MBSS | 634 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 635 IEEE80211_C_SHSLOT | /* short slot time supported */ 636 IEEE80211_C_WME | /* WME */ 637 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 638 639 ic->ic_cryptocaps = 640 IEEE80211_CRYPTO_WEP | 641 IEEE80211_CRYPTO_AES_CCM | 642 IEEE80211_CRYPTO_TKIPMIC | 643 IEEE80211_CRYPTO_TKIP; 644 645 ic->ic_flags |= IEEE80211_F_DATAPAD; 646 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 647 648 bands = 0; 649 setbit(&bands, IEEE80211_MODE_11B); 650 setbit(&bands, IEEE80211_MODE_11G); 651 ieee80211_init_channels(ic, NULL, &bands); 652 653 /* 654 * Do this by own because h/w supports 655 * more channels than ieee80211_init_channels() 656 */ 657 if (sc->rf_rev == RT2860_RF_2750 || 658 sc->rf_rev == RT2860_RF_2850 || 659 sc->rf_rev == RT3070_RF_3052) { 660 /* set supported .11a rates */ 661 for (i = 14; i < N(rt2860_rf2850); i++) { 662 uint8_t chan = rt2860_rf2850[i].chan; 663 ic->ic_channels[ic->ic_nchans].ic_freq = 664 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 665 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 666 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 667 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 668 ic->ic_nchans++; 669 } 670 } 671 672 ieee80211_ifattach(ic, sc->sc_bssid); 673 674 ic->ic_scan_start = run_scan_start; 675 ic->ic_scan_end = run_scan_end; 676 ic->ic_set_channel = run_set_channel; 677 ic->ic_node_alloc = run_node_alloc; 678 ic->ic_newassoc = run_newassoc; 679 ic->ic_updateslot = run_updateslot; 680 ic->ic_update_mcast = run_update_mcast; 681 ic->ic_wme.wme_update = run_wme_update; 682 ic->ic_raw_xmit = run_raw_xmit; 683 ic->ic_update_promisc = run_update_promisc; 684 685 ic->ic_vap_create = run_vap_create; 686 ic->ic_vap_delete = run_vap_delete; 687 688 ieee80211_radiotap_attach(ic, 689 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 690 RUN_TX_RADIOTAP_PRESENT, 691 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 692 RUN_RX_RADIOTAP_PRESENT); 693 694 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 695 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 696 callout_init((struct callout *)&sc->ratectl_ch, 1); 697 698 if (bootverbose) 699 ieee80211_announce(ic); 700 701 return (0); 702 703 detach: 704 run_detach(self); 705 return (ENXIO); 706 } 707 708 static int 709 run_detach(device_t self) 710 { 711 struct run_softc *sc = device_get_softc(self); 712 struct ifnet *ifp = sc->sc_ifp; 713 struct ieee80211com *ic; 714 int i; 715 716 /* stop all USB transfers */ 717 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 718 719 RUN_LOCK(sc); 720 721 sc->ratectl_run = RUN_RATECTL_OFF; 722 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 723 724 /* free TX list, if any */ 725 for (i = 0; i != RUN_EP_QUEUES; i++) 726 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 727 RUN_UNLOCK(sc); 728 729 if (ifp) { 730 ic = ifp->if_l2com; 731 /* drain tasks */ 732 usb_callout_drain(&sc->ratectl_ch); 733 ieee80211_draintask(ic, &sc->cmdq_task); 734 ieee80211_draintask(ic, &sc->ratectl_task); 735 ieee80211_ifdetach(ic); 736 if_free(ifp); 737 } 738 739 mtx_destroy(&sc->sc_mtx); 740 741 return (0); 742 } 743 744 static struct ieee80211vap * 745 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 746 enum ieee80211_opmode opmode, int flags, 747 const uint8_t bssid[IEEE80211_ADDR_LEN], 748 const uint8_t mac[IEEE80211_ADDR_LEN]) 749 { 750 struct ifnet *ifp = ic->ic_ifp; 751 struct run_softc *sc = ifp->if_softc; 752 struct run_vap *rvp; 753 struct ieee80211vap *vap; 754 int i; 755 756 if (sc->rvp_cnt >= RUN_VAP_MAX) { 757 if_printf(ifp, "number of VAPs maxed out\n"); 758 return (NULL); 759 } 760 761 switch (opmode) { 762 case IEEE80211_M_STA: 763 /* enable s/w bmiss handling for sta mode */ 764 flags |= IEEE80211_CLONE_NOBEACONS; 765 /* fall though */ 766 case IEEE80211_M_IBSS: 767 case IEEE80211_M_MONITOR: 768 case IEEE80211_M_HOSTAP: 769 case IEEE80211_M_MBSS: 770 /* other than WDS vaps, only one at a time */ 771 if (!TAILQ_EMPTY(&ic->ic_vaps)) 772 return (NULL); 773 break; 774 case IEEE80211_M_WDS: 775 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 776 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 777 continue; 778 /* WDS vap's always share the local mac address. */ 779 flags &= ~IEEE80211_CLONE_BSSID; 780 break; 781 } 782 if (vap == NULL) { 783 if_printf(ifp, "wds only supported in ap mode\n"); 784 return (NULL); 785 } 786 break; 787 default: 788 if_printf(ifp, "unknown opmode %d\n", opmode); 789 return (NULL); 790 } 791 792 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 793 M_80211_VAP, M_NOWAIT | M_ZERO); 794 if (rvp == NULL) 795 return (NULL); 796 vap = &rvp->vap; 797 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 798 799 vap->iv_key_update_begin = run_key_update_begin; 800 vap->iv_key_update_end = run_key_update_end; 801 vap->iv_update_beacon = run_update_beacon; 802 vap->iv_max_aid = RT2870_WCID_MAX; 803 /* 804 * To delete the right key from h/w, we need wcid. 805 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 806 * and matching wcid will be written into there. So, cast 807 * some spells to remove 'const' from ieee80211_key{} 808 */ 809 vap->iv_key_delete = (void *)run_key_delete; 810 vap->iv_key_set = (void *)run_key_set; 811 812 /* override state transition machine */ 813 rvp->newstate = vap->iv_newstate; 814 vap->iv_newstate = run_newstate; 815 816 ieee80211_ratectl_init(vap); 817 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 818 819 /* complete setup */ 820 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 821 822 /* make sure id is always unique */ 823 for (i = 0; i < RUN_VAP_MAX; i++) { 824 if((sc->rvp_bmap & 1 << i) == 0){ 825 sc->rvp_bmap |= 1 << i; 826 rvp->rvp_id = i; 827 break; 828 } 829 } 830 if (sc->rvp_cnt++ == 0) 831 ic->ic_opmode = opmode; 832 833 if (opmode == IEEE80211_M_HOSTAP) 834 sc->cmdq_run = RUN_CMDQ_GO; 835 836 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 837 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 838 839 return (vap); 840 } 841 842 static void 843 run_vap_delete(struct ieee80211vap *vap) 844 { 845 struct run_vap *rvp = RUN_VAP(vap); 846 struct ifnet *ifp; 847 struct ieee80211com *ic; 848 struct run_softc *sc; 849 uint8_t rvp_id; 850 851 if (vap == NULL) 852 return; 853 854 ic = vap->iv_ic; 855 ifp = ic->ic_ifp; 856 857 sc = ifp->if_softc; 858 859 RUN_LOCK(sc); 860 861 m_freem(rvp->beacon_mbuf); 862 rvp->beacon_mbuf = NULL; 863 864 rvp_id = rvp->rvp_id; 865 sc->ratectl_run &= ~(1 << rvp_id); 866 sc->rvp_bmap &= ~(1 << rvp_id); 867 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 868 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 869 --sc->rvp_cnt; 870 871 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 872 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 873 874 RUN_UNLOCK(sc); 875 876 ieee80211_ratectl_deinit(vap); 877 ieee80211_vap_detach(vap); 878 free(rvp, M_80211_VAP); 879 } 880 881 /* 882 * There are numbers of functions need to be called in context thread. 883 * Rather than creating taskqueue event for each of those functions, 884 * here is all-for-one taskqueue callback function. This function 885 * gurantees deferred functions are executed in the same order they 886 * were enqueued. 887 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 888 */ 889 static void 890 run_cmdq_cb(void *arg, int pending) 891 { 892 struct run_softc *sc = arg; 893 uint8_t i; 894 895 /* call cmdq[].func locked */ 896 RUN_LOCK(sc); 897 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 898 i = sc->cmdq_exec, pending--) { 899 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 900 if (sc->cmdq_run == RUN_CMDQ_GO) { 901 /* 902 * If arg0 is NULL, callback func needs more 903 * than one arg. So, pass ptr to cmdq struct. 904 */ 905 if (sc->cmdq[i].arg0) 906 sc->cmdq[i].func(sc->cmdq[i].arg0); 907 else 908 sc->cmdq[i].func(&sc->cmdq[i]); 909 } 910 sc->cmdq[i].arg0 = NULL; 911 sc->cmdq[i].func = NULL; 912 sc->cmdq_exec++; 913 sc->cmdq_exec &= RUN_CMDQ_MASQ; 914 } 915 RUN_UNLOCK(sc); 916 } 917 918 static void 919 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 920 { 921 struct run_tx_data *data; 922 923 memset(pq, 0, sizeof(*pq)); 924 925 STAILQ_INIT(&pq->tx_qh); 926 STAILQ_INIT(&pq->tx_fh); 927 928 for (data = &pq->tx_data[0]; 929 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 930 data->sc = sc; 931 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 932 } 933 pq->tx_nfree = RUN_TX_RING_COUNT; 934 } 935 936 static void 937 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 938 { 939 struct run_tx_data *data; 940 941 /* make sure any subsequent use of the queues will fail */ 942 pq->tx_nfree = 0; 943 STAILQ_INIT(&pq->tx_fh); 944 STAILQ_INIT(&pq->tx_qh); 945 946 /* free up all node references and mbufs */ 947 for (data = &pq->tx_data[0]; 948 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 949 if (data->m != NULL) { 950 m_freem(data->m); 951 data->m = NULL; 952 } 953 if (data->ni != NULL) { 954 ieee80211_free_node(data->ni); 955 data->ni = NULL; 956 } 957 } 958 } 959 960 static int 961 run_load_microcode(struct run_softc *sc) 962 { 963 usb_device_request_t req; 964 const struct firmware *fw; 965 const u_char *base; 966 uint32_t tmp; 967 int ntries, error; 968 const uint64_t *temp; 969 uint64_t bytes; 970 971 RUN_UNLOCK(sc); 972 fw = firmware_get("runfw"); 973 RUN_LOCK(sc); 974 if (fw == NULL) { 975 device_printf(sc->sc_dev, 976 "failed loadfirmware of file %s\n", "runfw"); 977 return ENOENT; 978 } 979 980 if (fw->datasize != 8192) { 981 device_printf(sc->sc_dev, 982 "invalid firmware size (should be 8KB)\n"); 983 error = EINVAL; 984 goto fail; 985 } 986 987 /* 988 * RT3071/RT3072 use a different firmware 989 * run-rt2870 (8KB) contains both, 990 * first half (4KB) is for rt2870, 991 * last half is for rt3071. 992 */ 993 base = fw->data; 994 if ((sc->mac_ver) != 0x2860 && 995 (sc->mac_ver) != 0x2872 && 996 (sc->mac_ver) != 0x3070) { 997 base += 4096; 998 } 999 1000 /* cheap sanity check */ 1001 temp = fw->data; 1002 bytes = *temp; 1003 if (bytes != be64toh(0xffffff0210280210)) { 1004 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1005 error = EINVAL; 1006 goto fail; 1007 } 1008 1009 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1010 /* write microcode image */ 1011 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1012 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1013 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1014 1015 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1016 req.bRequest = RT2870_RESET; 1017 USETW(req.wValue, 8); 1018 USETW(req.wIndex, 0); 1019 USETW(req.wLength, 0); 1020 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1021 != 0) { 1022 device_printf(sc->sc_dev, "firmware reset failed\n"); 1023 goto fail; 1024 } 1025 1026 run_delay(sc, 10); 1027 1028 run_write(sc, RT2860_H2M_MAILBOX, 0); 1029 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1030 goto fail; 1031 1032 /* wait until microcontroller is ready */ 1033 for (ntries = 0; ntries < 1000; ntries++) { 1034 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1035 goto fail; 1036 } 1037 if (tmp & RT2860_MCU_READY) 1038 break; 1039 run_delay(sc, 10); 1040 } 1041 if (ntries == 1000) { 1042 device_printf(sc->sc_dev, 1043 "timeout waiting for MCU to initialize\n"); 1044 error = ETIMEDOUT; 1045 goto fail; 1046 } 1047 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1048 (base == fw->data) ? "RT2870" : "RT3071", 1049 *(base + 4092), *(base + 4093)); 1050 1051 fail: 1052 firmware_put(fw, FIRMWARE_UNLOAD); 1053 return (error); 1054 } 1055 1056 int 1057 run_reset(struct run_softc *sc) 1058 { 1059 usb_device_request_t req; 1060 1061 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1062 req.bRequest = RT2870_RESET; 1063 USETW(req.wValue, 1); 1064 USETW(req.wIndex, 0); 1065 USETW(req.wLength, 0); 1066 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1067 } 1068 1069 static usb_error_t 1070 run_do_request(struct run_softc *sc, 1071 struct usb_device_request *req, void *data) 1072 { 1073 usb_error_t err; 1074 int ntries = 10; 1075 1076 RUN_LOCK_ASSERT(sc, MA_OWNED); 1077 1078 while (ntries--) { 1079 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1080 req, data, 0, NULL, 250 /* ms */); 1081 if (err == 0) 1082 break; 1083 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1084 usbd_errstr(err)); 1085 run_delay(sc, 10); 1086 } 1087 return (err); 1088 } 1089 1090 static int 1091 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1092 { 1093 uint32_t tmp; 1094 int error; 1095 1096 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1097 if (error == 0) 1098 *val = le32toh(tmp); 1099 else 1100 *val = 0xffffffff; 1101 return (error); 1102 } 1103 1104 static int 1105 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1106 { 1107 usb_device_request_t req; 1108 1109 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1110 req.bRequest = RT2870_READ_REGION_1; 1111 USETW(req.wValue, 0); 1112 USETW(req.wIndex, reg); 1113 USETW(req.wLength, len); 1114 1115 return (run_do_request(sc, &req, buf)); 1116 } 1117 1118 static int 1119 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1120 { 1121 usb_device_request_t req; 1122 1123 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1124 req.bRequest = RT2870_WRITE_2; 1125 USETW(req.wValue, val); 1126 USETW(req.wIndex, reg); 1127 USETW(req.wLength, 0); 1128 1129 return (run_do_request(sc, &req, NULL)); 1130 } 1131 1132 static int 1133 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1134 { 1135 int error; 1136 1137 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1138 error = run_write_2(sc, reg + 2, val >> 16); 1139 return (error); 1140 } 1141 1142 static int 1143 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1144 int len) 1145 { 1146 #if 1 1147 int i, error = 0; 1148 /* 1149 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1150 * We thus issue multiple WRITE_2 commands instead. 1151 */ 1152 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1153 for (i = 0; i < len && error == 0; i += 2) 1154 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1155 return (error); 1156 #else 1157 usb_device_request_t req; 1158 1159 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1160 req.bRequest = RT2870_WRITE_REGION_1; 1161 USETW(req.wValue, 0); 1162 USETW(req.wIndex, reg); 1163 USETW(req.wLength, len); 1164 return (run_do_request(sc, &req, buf)); 1165 #endif 1166 } 1167 1168 static int 1169 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1170 { 1171 int i, error = 0; 1172 1173 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1174 for (i = 0; i < len && error == 0; i += 4) 1175 error = run_write(sc, reg + i, val); 1176 return (error); 1177 } 1178 1179 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1180 static int 1181 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1182 { 1183 uint32_t tmp; 1184 uint16_t reg; 1185 int error, ntries; 1186 1187 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1188 return (error); 1189 1190 addr *= 2; 1191 /*- 1192 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1193 * DATA0: F E D C 1194 * DATA1: B A 9 8 1195 * DATA2: 7 6 5 4 1196 * DATA3: 3 2 1 0 1197 */ 1198 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1199 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1200 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1201 for (ntries = 0; ntries < 100; ntries++) { 1202 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1203 return (error); 1204 if (!(tmp & RT3070_EFSROM_KICK)) 1205 break; 1206 run_delay(sc, 2); 1207 } 1208 if (ntries == 100) 1209 return (ETIMEDOUT); 1210 1211 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1212 *val = 0xffff; /* address not found */ 1213 return (0); 1214 } 1215 /* determine to which 32-bit register our 16-bit word belongs */ 1216 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1217 if ((error = run_read(sc, reg, &tmp)) != 0) 1218 return (error); 1219 1220 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1221 return (0); 1222 } 1223 1224 static int 1225 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1226 { 1227 usb_device_request_t req; 1228 uint16_t tmp; 1229 int error; 1230 1231 addr *= 2; 1232 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1233 req.bRequest = RT2870_EEPROM_READ; 1234 USETW(req.wValue, 0); 1235 USETW(req.wIndex, addr); 1236 USETW(req.wLength, sizeof tmp); 1237 1238 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1239 if (error == 0) 1240 *val = le16toh(tmp); 1241 else 1242 *val = 0xffff; 1243 return (error); 1244 } 1245 1246 static __inline int 1247 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1248 { 1249 /* either eFUSE ROM or EEPROM */ 1250 return sc->sc_srom_read(sc, addr, val); 1251 } 1252 1253 static int 1254 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1255 { 1256 uint32_t tmp; 1257 int error, ntries; 1258 1259 for (ntries = 0; ntries < 10; ntries++) { 1260 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1261 return (error); 1262 if (!(tmp & RT2860_RF_REG_CTRL)) 1263 break; 1264 } 1265 if (ntries == 10) 1266 return (ETIMEDOUT); 1267 1268 /* RF registers are 24-bit on the RT2860 */ 1269 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1270 (val & 0x3fffff) << 2 | (reg & 3); 1271 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1272 } 1273 1274 static int 1275 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1276 { 1277 uint32_t tmp; 1278 int error, ntries; 1279 1280 for (ntries = 0; ntries < 100; ntries++) { 1281 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1282 return (error); 1283 if (!(tmp & RT3070_RF_KICK)) 1284 break; 1285 } 1286 if (ntries == 100) 1287 return (ETIMEDOUT); 1288 1289 tmp = RT3070_RF_KICK | reg << 8; 1290 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1291 return (error); 1292 1293 for (ntries = 0; ntries < 100; ntries++) { 1294 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1295 return (error); 1296 if (!(tmp & RT3070_RF_KICK)) 1297 break; 1298 } 1299 if (ntries == 100) 1300 return (ETIMEDOUT); 1301 1302 *val = tmp & 0xff; 1303 return (0); 1304 } 1305 1306 static int 1307 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1308 { 1309 uint32_t tmp; 1310 int error, ntries; 1311 1312 for (ntries = 0; ntries < 10; ntries++) { 1313 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1314 return (error); 1315 if (!(tmp & RT3070_RF_KICK)) 1316 break; 1317 } 1318 if (ntries == 10) 1319 return (ETIMEDOUT); 1320 1321 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1322 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1323 } 1324 1325 static int 1326 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1327 { 1328 uint32_t tmp; 1329 int ntries, error; 1330 1331 for (ntries = 0; ntries < 10; ntries++) { 1332 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1333 return (error); 1334 if (!(tmp & RT2860_BBP_CSR_KICK)) 1335 break; 1336 } 1337 if (ntries == 10) 1338 return (ETIMEDOUT); 1339 1340 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1341 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1342 return (error); 1343 1344 for (ntries = 0; ntries < 10; ntries++) { 1345 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1346 return (error); 1347 if (!(tmp & RT2860_BBP_CSR_KICK)) 1348 break; 1349 } 1350 if (ntries == 10) 1351 return (ETIMEDOUT); 1352 1353 *val = tmp & 0xff; 1354 return (0); 1355 } 1356 1357 static int 1358 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1359 { 1360 uint32_t tmp; 1361 int ntries, error; 1362 1363 for (ntries = 0; ntries < 10; ntries++) { 1364 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1365 return (error); 1366 if (!(tmp & RT2860_BBP_CSR_KICK)) 1367 break; 1368 } 1369 if (ntries == 10) 1370 return (ETIMEDOUT); 1371 1372 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1373 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1374 } 1375 1376 /* 1377 * Send a command to the 8051 microcontroller unit. 1378 */ 1379 static int 1380 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1381 { 1382 uint32_t tmp; 1383 int error, ntries; 1384 1385 for (ntries = 0; ntries < 100; ntries++) { 1386 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1387 return error; 1388 if (!(tmp & RT2860_H2M_BUSY)) 1389 break; 1390 } 1391 if (ntries == 100) 1392 return ETIMEDOUT; 1393 1394 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1395 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1396 error = run_write(sc, RT2860_HOST_CMD, cmd); 1397 return (error); 1398 } 1399 1400 /* 1401 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1402 * Used to adjust per-rate Tx power registers. 1403 */ 1404 static __inline uint32_t 1405 b4inc(uint32_t b32, int8_t delta) 1406 { 1407 int8_t i, b4; 1408 1409 for (i = 0; i < 8; i++) { 1410 b4 = b32 & 0xf; 1411 b4 += delta; 1412 if (b4 < 0) 1413 b4 = 0; 1414 else if (b4 > 0xf) 1415 b4 = 0xf; 1416 b32 = b32 >> 4 | b4 << 28; 1417 } 1418 return (b32); 1419 } 1420 1421 static const char * 1422 run_get_rf(int rev) 1423 { 1424 switch (rev) { 1425 case RT2860_RF_2820: return "RT2820"; 1426 case RT2860_RF_2850: return "RT2850"; 1427 case RT2860_RF_2720: return "RT2720"; 1428 case RT2860_RF_2750: return "RT2750"; 1429 case RT3070_RF_3020: return "RT3020"; 1430 case RT3070_RF_2020: return "RT2020"; 1431 case RT3070_RF_3021: return "RT3021"; 1432 case RT3070_RF_3022: return "RT3022"; 1433 case RT3070_RF_3052: return "RT3052"; 1434 } 1435 return ("unknown"); 1436 } 1437 1438 int 1439 run_read_eeprom(struct run_softc *sc) 1440 { 1441 int8_t delta_2ghz, delta_5ghz; 1442 uint32_t tmp; 1443 uint16_t val; 1444 int ridx, ant, i; 1445 1446 /* check whether the ROM is eFUSE ROM or EEPROM */ 1447 sc->sc_srom_read = run_eeprom_read_2; 1448 if (sc->mac_ver >= 0x3070) { 1449 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1450 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1451 if (tmp & RT3070_SEL_EFUSE) 1452 sc->sc_srom_read = run_efuse_read_2; 1453 } 1454 1455 /* read ROM version */ 1456 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1457 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1458 1459 /* read MAC address */ 1460 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1461 sc->sc_bssid[0] = val & 0xff; 1462 sc->sc_bssid[1] = val >> 8; 1463 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1464 sc->sc_bssid[2] = val & 0xff; 1465 sc->sc_bssid[3] = val >> 8; 1466 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1467 sc->sc_bssid[4] = val & 0xff; 1468 sc->sc_bssid[5] = val >> 8; 1469 1470 /* read vender BBP settings */ 1471 for (i = 0; i < 10; i++) { 1472 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1473 sc->bbp[i].val = val & 0xff; 1474 sc->bbp[i].reg = val >> 8; 1475 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1476 } 1477 if (sc->mac_ver >= 0x3071) { 1478 /* read vendor RF settings */ 1479 for (i = 0; i < 10; i++) { 1480 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1481 sc->rf[i].val = val & 0xff; 1482 sc->rf[i].reg = val >> 8; 1483 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1484 sc->rf[i].val); 1485 } 1486 } 1487 1488 /* read RF frequency offset from EEPROM */ 1489 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1490 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1491 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1492 1493 if (val >> 8 != 0xff) { 1494 /* read LEDs operating mode */ 1495 sc->leds = val >> 8; 1496 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1497 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1498 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1499 } else { 1500 /* broken EEPROM, use default settings */ 1501 sc->leds = 0x01; 1502 sc->led[0] = 0x5555; 1503 sc->led[1] = 0x2221; 1504 sc->led[2] = 0x5627; /* differs from RT2860 */ 1505 } 1506 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1507 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1508 1509 /* read RF information */ 1510 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1511 if (val == 0xffff) { 1512 DPRINTF("invalid EEPROM antenna info, using default\n"); 1513 if (sc->mac_ver == 0x3572) { 1514 /* default to RF3052 2T2R */ 1515 sc->rf_rev = RT3070_RF_3052; 1516 sc->ntxchains = 2; 1517 sc->nrxchains = 2; 1518 } else if (sc->mac_ver >= 0x3070) { 1519 /* default to RF3020 1T1R */ 1520 sc->rf_rev = RT3070_RF_3020; 1521 sc->ntxchains = 1; 1522 sc->nrxchains = 1; 1523 } else { 1524 /* default to RF2820 1T2R */ 1525 sc->rf_rev = RT2860_RF_2820; 1526 sc->ntxchains = 1; 1527 sc->nrxchains = 2; 1528 } 1529 } else { 1530 sc->rf_rev = (val >> 8) & 0xf; 1531 sc->ntxchains = (val >> 4) & 0xf; 1532 sc->nrxchains = val & 0xf; 1533 } 1534 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1535 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1536 1537 /* check if RF supports automatic Tx access gain control */ 1538 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1539 DPRINTF("EEPROM CFG 0x%04x\n", val); 1540 /* check if driver should patch the DAC issue */ 1541 if ((val >> 8) != 0xff) 1542 sc->patch_dac = (val >> 15) & 1; 1543 if ((val & 0xff) != 0xff) { 1544 sc->ext_5ghz_lna = (val >> 3) & 1; 1545 sc->ext_2ghz_lna = (val >> 2) & 1; 1546 /* check if RF supports automatic Tx access gain control */ 1547 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1548 /* check if we have a hardware radio switch */ 1549 sc->rfswitch = val & 1; 1550 } 1551 1552 /* read power settings for 2GHz channels */ 1553 for (i = 0; i < 14; i += 2) { 1554 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1555 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1556 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1557 1558 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1559 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1560 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1561 } 1562 /* fix broken Tx power entries */ 1563 for (i = 0; i < 14; i++) { 1564 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1565 sc->txpow1[i] = 5; 1566 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1567 sc->txpow2[i] = 5; 1568 DPRINTF("chan %d: power1=%d, power2=%d\n", 1569 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1570 } 1571 /* read power settings for 5GHz channels */ 1572 for (i = 0; i < 40; i += 2) { 1573 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1574 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1575 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1576 1577 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1578 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1579 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1580 } 1581 /* fix broken Tx power entries */ 1582 for (i = 0; i < 40; i++) { 1583 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1584 sc->txpow1[14 + i] = 5; 1585 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1586 sc->txpow2[14 + i] = 5; 1587 DPRINTF("chan %d: power1=%d, power2=%d\n", 1588 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1589 sc->txpow2[14 + i]); 1590 } 1591 1592 /* read Tx power compensation for each Tx rate */ 1593 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1594 delta_2ghz = delta_5ghz = 0; 1595 if ((val & 0xff) != 0xff && (val & 0x80)) { 1596 delta_2ghz = val & 0xf; 1597 if (!(val & 0x40)) /* negative number */ 1598 delta_2ghz = -delta_2ghz; 1599 } 1600 val >>= 8; 1601 if ((val & 0xff) != 0xff && (val & 0x80)) { 1602 delta_5ghz = val & 0xf; 1603 if (!(val & 0x40)) /* negative number */ 1604 delta_5ghz = -delta_5ghz; 1605 } 1606 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1607 delta_2ghz, delta_5ghz); 1608 1609 for (ridx = 0; ridx < 5; ridx++) { 1610 uint32_t reg; 1611 1612 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1613 reg = val; 1614 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1615 reg |= (uint32_t)val << 16; 1616 1617 sc->txpow20mhz[ridx] = reg; 1618 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1619 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1620 1621 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1622 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1623 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1624 } 1625 1626 /* read RSSI offsets and LNA gains from EEPROM */ 1627 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1628 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1629 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1630 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1631 if (sc->mac_ver >= 0x3070) { 1632 /* 1633 * On RT3070 chips (limited to 2 Rx chains), this ROM 1634 * field contains the Tx mixer gain for the 2GHz band. 1635 */ 1636 if ((val & 0xff) != 0xff) 1637 sc->txmixgain_2ghz = val & 0x7; 1638 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1639 } else 1640 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1641 sc->lna[2] = val >> 8; /* channel group 2 */ 1642 1643 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1644 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1645 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1646 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1647 if (sc->mac_ver == 0x3572) { 1648 /* 1649 * On RT3572 chips (limited to 2 Rx chains), this ROM 1650 * field contains the Tx mixer gain for the 5GHz band. 1651 */ 1652 if ((val & 0xff) != 0xff) 1653 sc->txmixgain_5ghz = val & 0x7; 1654 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1655 } else 1656 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1657 sc->lna[3] = val >> 8; /* channel group 3 */ 1658 1659 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1660 sc->lna[0] = val & 0xff; /* channel group 0 */ 1661 sc->lna[1] = val >> 8; /* channel group 1 */ 1662 1663 /* fix broken 5GHz LNA entries */ 1664 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1665 DPRINTF("invalid LNA for channel group %d\n", 2); 1666 sc->lna[2] = sc->lna[1]; 1667 } 1668 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1669 DPRINTF("invalid LNA for channel group %d\n", 3); 1670 sc->lna[3] = sc->lna[1]; 1671 } 1672 1673 /* fix broken RSSI offset entries */ 1674 for (ant = 0; ant < 3; ant++) { 1675 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1676 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1677 ant + 1, sc->rssi_2ghz[ant]); 1678 sc->rssi_2ghz[ant] = 0; 1679 } 1680 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1681 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1682 ant + 1, sc->rssi_5ghz[ant]); 1683 sc->rssi_5ghz[ant] = 0; 1684 } 1685 } 1686 return (0); 1687 } 1688 1689 static struct ieee80211_node * 1690 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1691 { 1692 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1693 } 1694 1695 static int 1696 run_media_change(struct ifnet *ifp) 1697 { 1698 struct ieee80211vap *vap = ifp->if_softc; 1699 struct ieee80211com *ic = vap->iv_ic; 1700 const struct ieee80211_txparam *tp; 1701 struct run_softc *sc = ic->ic_ifp->if_softc; 1702 uint8_t rate, ridx; 1703 int error; 1704 1705 RUN_LOCK(sc); 1706 1707 error = ieee80211_media_change(ifp); 1708 if (error != ENETRESET) { 1709 RUN_UNLOCK(sc); 1710 return (error); 1711 } 1712 1713 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1714 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1715 struct ieee80211_node *ni; 1716 struct run_node *rn; 1717 1718 rate = ic->ic_sup_rates[ic->ic_curmode]. 1719 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1720 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1721 if (rt2860_rates[ridx].rate == rate) 1722 break; 1723 ni = ieee80211_ref_node(vap->iv_bss); 1724 rn = (struct run_node *)ni; 1725 rn->fix_ridx = ridx; 1726 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1727 ieee80211_free_node(ni); 1728 } 1729 1730 #if 0 1731 if ((ifp->if_flags & IFF_UP) && 1732 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1733 run_init_locked(sc); 1734 } 1735 #endif 1736 1737 RUN_UNLOCK(sc); 1738 1739 return (0); 1740 } 1741 1742 static int 1743 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1744 { 1745 const struct ieee80211_txparam *tp; 1746 struct ieee80211com *ic = vap->iv_ic; 1747 struct run_softc *sc = ic->ic_ifp->if_softc; 1748 struct run_vap *rvp = RUN_VAP(vap); 1749 enum ieee80211_state ostate; 1750 uint32_t sta[3]; 1751 uint32_t tmp; 1752 uint8_t ratectl; 1753 uint8_t restart_ratectl = 0; 1754 uint8_t bid = 1 << rvp->rvp_id; 1755 1756 ostate = vap->iv_state; 1757 DPRINTF("%s -> %s\n", 1758 ieee80211_state_name[ostate], 1759 ieee80211_state_name[nstate]); 1760 1761 IEEE80211_UNLOCK(ic); 1762 RUN_LOCK(sc); 1763 1764 ratectl = sc->ratectl_run; /* remember current state */ 1765 sc->ratectl_run = RUN_RATECTL_OFF; 1766 usb_callout_stop(&sc->ratectl_ch); 1767 1768 if (ostate == IEEE80211_S_RUN) { 1769 /* turn link LED off */ 1770 run_set_leds(sc, RT2860_LED_RADIO); 1771 } 1772 1773 switch (nstate) { 1774 case IEEE80211_S_INIT: 1775 restart_ratectl = 1; 1776 1777 if (ostate != IEEE80211_S_RUN) 1778 break; 1779 1780 ratectl &= ~bid; 1781 sc->runbmap &= ~bid; 1782 1783 /* abort TSF synchronization if there is no vap running */ 1784 if (--sc->running == 0) { 1785 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1786 run_write(sc, RT2860_BCN_TIME_CFG, 1787 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1788 RT2860_TBTT_TIMER_EN)); 1789 } 1790 break; 1791 1792 case IEEE80211_S_RUN: 1793 if (!(sc->runbmap & bid)) { 1794 if(sc->running++) 1795 restart_ratectl = 1; 1796 sc->runbmap |= bid; 1797 } 1798 1799 m_freem(rvp->beacon_mbuf); 1800 rvp->beacon_mbuf = NULL; 1801 1802 switch (vap->iv_opmode) { 1803 case IEEE80211_M_HOSTAP: 1804 case IEEE80211_M_MBSS: 1805 sc->ap_running |= bid; 1806 ic->ic_opmode = vap->iv_opmode; 1807 run_update_beacon_cb(vap); 1808 break; 1809 case IEEE80211_M_IBSS: 1810 sc->adhoc_running |= bid; 1811 if (!sc->ap_running) 1812 ic->ic_opmode = vap->iv_opmode; 1813 run_update_beacon_cb(vap); 1814 break; 1815 case IEEE80211_M_STA: 1816 sc->sta_running |= bid; 1817 if (!sc->ap_running && !sc->adhoc_running) 1818 ic->ic_opmode = vap->iv_opmode; 1819 1820 /* read statistic counters (clear on read) */ 1821 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1822 (uint8_t *)sta, sizeof sta); 1823 1824 break; 1825 default: 1826 ic->ic_opmode = vap->iv_opmode; 1827 break; 1828 } 1829 1830 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1831 struct ieee80211_node *ni; 1832 1833 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 1834 RUN_UNLOCK(sc); 1835 IEEE80211_LOCK(ic); 1836 return (-1); 1837 } 1838 run_updateslot(ic->ic_ifp); 1839 run_enable_mrr(sc); 1840 run_set_txpreamble(sc); 1841 run_set_basicrates(sc); 1842 ni = ieee80211_ref_node(vap->iv_bss); 1843 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1844 run_set_bssid(sc, ni->ni_bssid); 1845 ieee80211_free_node(ni); 1846 run_enable_tsf_sync(sc); 1847 1848 /* enable automatic rate adaptation */ 1849 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1850 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1851 ratectl |= bid; 1852 } 1853 1854 /* turn link LED on */ 1855 run_set_leds(sc, RT2860_LED_RADIO | 1856 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1857 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1858 1859 break; 1860 default: 1861 DPRINTFN(6, "undefined case\n"); 1862 break; 1863 } 1864 1865 /* restart amrr for running VAPs */ 1866 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1867 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1868 1869 RUN_UNLOCK(sc); 1870 IEEE80211_LOCK(ic); 1871 1872 return(rvp->newstate(vap, nstate, arg)); 1873 } 1874 1875 /* ARGSUSED */ 1876 static void 1877 run_wme_update_cb(void *arg) 1878 { 1879 struct ieee80211com *ic = arg; 1880 struct run_softc *sc = ic->ic_ifp->if_softc; 1881 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1882 int aci, error = 0; 1883 1884 RUN_LOCK_ASSERT(sc, MA_OWNED); 1885 1886 /* update MAC TX configuration registers */ 1887 for (aci = 0; aci < WME_NUM_AC; aci++) { 1888 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1889 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1890 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1891 wmesp->wme_params[aci].wmep_aifsn << 8 | 1892 wmesp->wme_params[aci].wmep_txopLimit); 1893 if (error) goto err; 1894 } 1895 1896 /* update SCH/DMA registers too */ 1897 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1898 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1899 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1900 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1901 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1902 if (error) goto err; 1903 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1904 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1905 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1906 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1907 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1908 if (error) goto err; 1909 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1910 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1911 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1912 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1913 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1914 if (error) goto err; 1915 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1916 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1917 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1918 if (error) goto err; 1919 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1920 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1921 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1922 1923 err: 1924 if (error) 1925 DPRINTF("WME update failed\n"); 1926 1927 return; 1928 } 1929 1930 static int 1931 run_wme_update(struct ieee80211com *ic) 1932 { 1933 struct run_softc *sc = ic->ic_ifp->if_softc; 1934 1935 /* sometime called wothout lock */ 1936 if (mtx_owned(&ic->ic_comlock.mtx)) { 1937 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1938 DPRINTF("cmdq_store=%d\n", i); 1939 sc->cmdq[i].func = run_wme_update_cb; 1940 sc->cmdq[i].arg0 = ic; 1941 ieee80211_runtask(ic, &sc->cmdq_task); 1942 return (0); 1943 } 1944 1945 RUN_LOCK(sc); 1946 run_wme_update_cb(ic); 1947 RUN_UNLOCK(sc); 1948 1949 /* return whatever, upper layer desn't care anyway */ 1950 return (0); 1951 } 1952 1953 static void 1954 run_key_update_begin(struct ieee80211vap *vap) 1955 { 1956 /* 1957 * To avoid out-of-order events, both run_key_set() and 1958 * _delete() are deferred and handled by run_cmdq_cb(). 1959 * So, there is nothing we need to do here. 1960 */ 1961 } 1962 1963 static void 1964 run_key_update_end(struct ieee80211vap *vap) 1965 { 1966 /* null */ 1967 } 1968 1969 static void 1970 run_key_set_cb(void *arg) 1971 { 1972 struct run_cmdq *cmdq = arg; 1973 struct ieee80211vap *vap = cmdq->arg1; 1974 struct ieee80211_key *k = cmdq->k; 1975 struct ieee80211com *ic = vap->iv_ic; 1976 struct run_softc *sc = ic->ic_ifp->if_softc; 1977 struct ieee80211_node *ni; 1978 uint32_t attr; 1979 uint16_t base, associd; 1980 uint8_t mode, wcid, iv[8]; 1981 1982 RUN_LOCK_ASSERT(sc, MA_OWNED); 1983 1984 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1985 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1986 else 1987 ni = vap->iv_bss; 1988 associd = (ni != NULL) ? ni->ni_associd : 0; 1989 1990 /* map net80211 cipher to RT2860 security mode */ 1991 switch (k->wk_cipher->ic_cipher) { 1992 case IEEE80211_CIPHER_WEP: 1993 if(k->wk_keylen < 8) 1994 mode = RT2860_MODE_WEP40; 1995 else 1996 mode = RT2860_MODE_WEP104; 1997 break; 1998 case IEEE80211_CIPHER_TKIP: 1999 mode = RT2860_MODE_TKIP; 2000 break; 2001 case IEEE80211_CIPHER_AES_CCM: 2002 mode = RT2860_MODE_AES_CCMP; 2003 break; 2004 default: 2005 DPRINTF("undefined case\n"); 2006 return; 2007 } 2008 2009 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2010 associd, k->wk_keyix, mode, 2011 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2012 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2013 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2014 2015 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2016 wcid = 0; /* NB: update WCID0 for group keys */ 2017 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2018 } else { 2019 wcid = RUN_AID2WCID(associd); 2020 base = RT2860_PKEY(wcid); 2021 } 2022 2023 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2024 if(run_write_region_1(sc, base, k->wk_key, 16)) 2025 return; 2026 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2027 return; 2028 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2029 return; 2030 } else { 2031 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2032 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2033 return; 2034 } 2035 2036 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2037 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2038 /* set initial packet number in IV+EIV */ 2039 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2040 memset(iv, 0, sizeof iv); 2041 iv[3] = vap->iv_def_txkey << 6; 2042 } else { 2043 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2044 iv[0] = k->wk_keytsc >> 8; 2045 iv[1] = (iv[0] | 0x20) & 0x7f; 2046 iv[2] = k->wk_keytsc; 2047 } else /* CCMP */ { 2048 iv[0] = k->wk_keytsc; 2049 iv[1] = k->wk_keytsc >> 8; 2050 iv[2] = 0; 2051 } 2052 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2053 iv[4] = k->wk_keytsc >> 16; 2054 iv[5] = k->wk_keytsc >> 24; 2055 iv[6] = k->wk_keytsc >> 32; 2056 iv[7] = k->wk_keytsc >> 40; 2057 } 2058 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2059 return; 2060 } 2061 2062 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2063 /* install group key */ 2064 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2065 return; 2066 attr &= ~(0xf << (k->wk_keyix * 4)); 2067 attr |= mode << (k->wk_keyix * 4); 2068 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2069 return; 2070 } else { 2071 /* install pairwise key */ 2072 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2073 return; 2074 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2075 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2076 return; 2077 } 2078 2079 /* TODO create a pass-thru key entry? */ 2080 2081 /* need wcid to delete the right key later */ 2082 k->wk_pad = wcid; 2083 } 2084 2085 /* 2086 * Don't have to be deferred, but in order to keep order of 2087 * execution, i.e. with run_key_delete(), defer this and let 2088 * run_cmdq_cb() maintain the order. 2089 * 2090 * return 0 on error 2091 */ 2092 static int 2093 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2094 const uint8_t mac[IEEE80211_ADDR_LEN]) 2095 { 2096 struct ieee80211com *ic = vap->iv_ic; 2097 struct run_softc *sc = ic->ic_ifp->if_softc; 2098 uint32_t i; 2099 2100 i = RUN_CMDQ_GET(&sc->cmdq_store); 2101 DPRINTF("cmdq_store=%d\n", i); 2102 sc->cmdq[i].func = run_key_set_cb; 2103 sc->cmdq[i].arg0 = NULL; 2104 sc->cmdq[i].arg1 = vap; 2105 sc->cmdq[i].k = k; 2106 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2107 ieee80211_runtask(ic, &sc->cmdq_task); 2108 2109 /* 2110 * To make sure key will be set when hostapd 2111 * calls iv_key_set() before if_init(). 2112 */ 2113 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2114 RUN_LOCK(sc); 2115 sc->cmdq_key_set = RUN_CMDQ_GO; 2116 RUN_UNLOCK(sc); 2117 } 2118 2119 return (1); 2120 } 2121 2122 /* 2123 * If wlan is destroyed without being brought down i.e. without 2124 * wlan down or wpa_cli terminate, this function is called after 2125 * vap is gone. Don't refer it. 2126 */ 2127 static void 2128 run_key_delete_cb(void *arg) 2129 { 2130 struct run_cmdq *cmdq = arg; 2131 struct run_softc *sc = cmdq->arg1; 2132 struct ieee80211_key *k = &cmdq->key; 2133 uint32_t attr; 2134 uint8_t wcid; 2135 2136 RUN_LOCK_ASSERT(sc, MA_OWNED); 2137 2138 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2139 /* remove group key */ 2140 DPRINTF("removing group key\n"); 2141 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2142 attr &= ~(0xf << (k->wk_keyix * 4)); 2143 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2144 } else { 2145 /* remove pairwise key */ 2146 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2147 /* matching wcid was written to wk_pad in run_key_set() */ 2148 wcid = k->wk_pad; 2149 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2150 attr &= ~0xf; 2151 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2152 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2153 } 2154 2155 k->wk_pad = 0; 2156 } 2157 2158 /* 2159 * return 0 on error 2160 */ 2161 static int 2162 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2163 { 2164 struct ieee80211com *ic = vap->iv_ic; 2165 struct run_softc *sc = ic->ic_ifp->if_softc; 2166 struct ieee80211_key *k0; 2167 uint32_t i; 2168 2169 /* 2170 * When called back, key might be gone. So, make a copy 2171 * of some values need to delete keys before deferring. 2172 * But, because of LOR with node lock, cannot use lock here. 2173 * So, use atomic instead. 2174 */ 2175 i = RUN_CMDQ_GET(&sc->cmdq_store); 2176 DPRINTF("cmdq_store=%d\n", i); 2177 sc->cmdq[i].func = run_key_delete_cb; 2178 sc->cmdq[i].arg0 = NULL; 2179 sc->cmdq[i].arg1 = sc; 2180 k0 = &sc->cmdq[i].key; 2181 k0->wk_flags = k->wk_flags; 2182 k0->wk_keyix = k->wk_keyix; 2183 /* matching wcid was written to wk_pad in run_key_set() */ 2184 k0->wk_pad = k->wk_pad; 2185 ieee80211_runtask(ic, &sc->cmdq_task); 2186 return (1); /* return fake success */ 2187 2188 } 2189 2190 static void 2191 run_ratectl_to(void *arg) 2192 { 2193 struct run_softc *sc = arg; 2194 2195 /* do it in a process context, so it can go sleep */ 2196 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2197 /* next timeout will be rescheduled in the callback task */ 2198 } 2199 2200 /* ARGSUSED */ 2201 static void 2202 run_ratectl_cb(void *arg, int pending) 2203 { 2204 struct run_softc *sc = arg; 2205 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2206 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2207 2208 if (vap == NULL) 2209 return; 2210 2211 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2212 run_iter_func(sc, vap->iv_bss); 2213 else { 2214 /* 2215 * run_reset_livelock() doesn't do anything with AMRR, 2216 * but Ralink wants us to call it every 1 sec. So, we 2217 * piggyback here rather than creating another callout. 2218 * Livelock may occur only in HOSTAP or IBSS mode 2219 * (when h/w is sending beacons). 2220 */ 2221 RUN_LOCK(sc); 2222 run_reset_livelock(sc); 2223 /* just in case, there are some stats to drain */ 2224 run_drain_fifo(sc); 2225 RUN_UNLOCK(sc); 2226 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2227 } 2228 2229 if(sc->ratectl_run != RUN_RATECTL_OFF) 2230 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2231 } 2232 2233 static void 2234 run_drain_fifo(void *arg) 2235 { 2236 struct run_softc *sc = arg; 2237 struct ifnet *ifp = sc->sc_ifp; 2238 uint32_t stat; 2239 uint16_t (*wstat)[3]; 2240 uint8_t wcid, mcs, pid; 2241 int8_t retry; 2242 2243 RUN_LOCK_ASSERT(sc, MA_OWNED); 2244 2245 for (;;) { 2246 /* drain Tx status FIFO (maxsize = 16) */ 2247 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2248 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2249 if (!(stat & RT2860_TXQ_VLD)) 2250 break; 2251 2252 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2253 2254 /* if no ACK was requested, no feedback is available */ 2255 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2256 wcid == 0) 2257 continue; 2258 2259 /* 2260 * Even though each stat is Tx-complete-status like format, 2261 * the device can poll stats. Because there is no guarantee 2262 * that the referring node is still around when read the stats. 2263 * So that, if we use ieee80211_ratectl_tx_update(), we will 2264 * have hard time not to refer already freed node. 2265 * 2266 * To eliminate such page faults, we poll stats in softc. 2267 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2268 */ 2269 wstat = &(sc->wcid_stats[wcid]); 2270 (*wstat)[RUN_TXCNT]++; 2271 if (stat & RT2860_TXQ_OK) 2272 (*wstat)[RUN_SUCCESS]++; 2273 else 2274 ifp->if_oerrors++; 2275 /* 2276 * Check if there were retries, ie if the Tx success rate is 2277 * different from the requested rate. Note that it works only 2278 * because we do not allow rate fallback from OFDM to CCK. 2279 */ 2280 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2281 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2282 if ((retry = pid -1 - mcs) > 0) { 2283 (*wstat)[RUN_TXCNT] += retry; 2284 (*wstat)[RUN_RETRY] += retry; 2285 } 2286 } 2287 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2288 2289 sc->fifo_cnt = 0; 2290 } 2291 2292 static void 2293 run_iter_func(void *arg, struct ieee80211_node *ni) 2294 { 2295 struct run_softc *sc = arg; 2296 struct ieee80211vap *vap = ni->ni_vap; 2297 struct ieee80211com *ic = ni->ni_ic; 2298 struct ifnet *ifp = ic->ic_ifp; 2299 struct run_node *rn = (void *)ni; 2300 union run_stats sta[2]; 2301 uint16_t (*wstat)[3]; 2302 int txcnt, success, retrycnt, error; 2303 2304 RUN_LOCK(sc); 2305 2306 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2307 vap->iv_opmode == IEEE80211_M_STA)) { 2308 /* read statistic counters (clear on read) and update AMRR state */ 2309 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2310 sizeof sta); 2311 if (error != 0) 2312 goto fail; 2313 2314 /* count failed TX as errors */ 2315 ifp->if_oerrors += le16toh(sta[0].error.fail); 2316 2317 retrycnt = le16toh(sta[1].tx.retry); 2318 success = le16toh(sta[1].tx.success); 2319 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2320 2321 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2322 retrycnt, success, le16toh(sta[0].error.fail)); 2323 } else { 2324 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2325 2326 if (wstat == &(sc->wcid_stats[0]) || 2327 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2328 goto fail; 2329 2330 txcnt = (*wstat)[RUN_TXCNT]; 2331 success = (*wstat)[RUN_SUCCESS]; 2332 retrycnt = (*wstat)[RUN_RETRY]; 2333 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2334 retrycnt, txcnt, success); 2335 2336 memset(wstat, 0, sizeof(*wstat)); 2337 } 2338 2339 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2340 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2341 2342 fail: 2343 RUN_UNLOCK(sc); 2344 2345 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2346 } 2347 2348 static void 2349 run_newassoc_cb(void *arg) 2350 { 2351 struct run_cmdq *cmdq = arg; 2352 struct ieee80211_node *ni = cmdq->arg1; 2353 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2354 uint8_t wcid = cmdq->wcid; 2355 2356 RUN_LOCK_ASSERT(sc, MA_OWNED); 2357 2358 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2359 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2360 2361 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2362 } 2363 2364 static void 2365 run_newassoc(struct ieee80211_node *ni, int isnew) 2366 { 2367 struct run_node *rn = (void *)ni; 2368 struct ieee80211_rateset *rs = &ni->ni_rates; 2369 struct ieee80211vap *vap = ni->ni_vap; 2370 struct ieee80211com *ic = vap->iv_ic; 2371 struct run_softc *sc = ic->ic_ifp->if_softc; 2372 uint8_t rate; 2373 uint8_t ridx; 2374 uint8_t wcid = RUN_AID2WCID(ni->ni_associd); 2375 int i, j; 2376 2377 if (wcid > RT2870_WCID_MAX) { 2378 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2379 return; 2380 } 2381 2382 /* only interested in true associations */ 2383 if (isnew && ni->ni_associd != 0) { 2384 2385 /* 2386 * This function could is called though timeout function. 2387 * Need to defer. 2388 */ 2389 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2390 DPRINTF("cmdq_store=%d\n", cnt); 2391 sc->cmdq[cnt].func = run_newassoc_cb; 2392 sc->cmdq[cnt].arg0 = NULL; 2393 sc->cmdq[cnt].arg1 = ni; 2394 sc->cmdq[cnt].wcid = wcid; 2395 ieee80211_runtask(ic, &sc->cmdq_task); 2396 } 2397 2398 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2399 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2400 2401 for (i = 0; i < rs->rs_nrates; i++) { 2402 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2403 /* convert 802.11 rate to hardware rate index */ 2404 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2405 if (rt2860_rates[ridx].rate == rate) 2406 break; 2407 rn->ridx[i] = ridx; 2408 /* determine rate of control response frames */ 2409 for (j = i; j >= 0; j--) { 2410 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2411 rt2860_rates[rn->ridx[i]].phy == 2412 rt2860_rates[rn->ridx[j]].phy) 2413 break; 2414 } 2415 if (j >= 0) { 2416 rn->ctl_ridx[i] = rn->ridx[j]; 2417 } else { 2418 /* no basic rate found, use mandatory one */ 2419 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2420 } 2421 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2422 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2423 } 2424 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2425 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2426 if (rt2860_rates[ridx].rate == rate) 2427 break; 2428 rn->mgt_ridx = ridx; 2429 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2430 2431 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2432 } 2433 2434 /* 2435 * Return the Rx chain with the highest RSSI for a given frame. 2436 */ 2437 static __inline uint8_t 2438 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2439 { 2440 uint8_t rxchain = 0; 2441 2442 if (sc->nrxchains > 1) { 2443 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2444 rxchain = 1; 2445 if (sc->nrxchains > 2) 2446 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2447 rxchain = 2; 2448 } 2449 return (rxchain); 2450 } 2451 2452 static void 2453 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2454 { 2455 struct ifnet *ifp = sc->sc_ifp; 2456 struct ieee80211com *ic = ifp->if_l2com; 2457 struct ieee80211_frame *wh; 2458 struct ieee80211_node *ni; 2459 struct rt2870_rxd *rxd; 2460 struct rt2860_rxwi *rxwi; 2461 uint32_t flags; 2462 uint16_t len, phy; 2463 uint8_t ant, rssi; 2464 int8_t nf; 2465 2466 rxwi = mtod(m, struct rt2860_rxwi *); 2467 len = le16toh(rxwi->len) & 0xfff; 2468 if (__predict_false(len > dmalen)) { 2469 m_freem(m); 2470 ifp->if_ierrors++; 2471 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2472 return; 2473 } 2474 /* Rx descriptor is located at the end */ 2475 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2476 flags = le32toh(rxd->flags); 2477 2478 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2479 m_freem(m); 2480 ifp->if_ierrors++; 2481 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2482 return; 2483 } 2484 2485 m->m_data += sizeof(struct rt2860_rxwi); 2486 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2487 2488 wh = mtod(m, struct ieee80211_frame *); 2489 2490 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2491 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2492 m->m_flags |= M_WEP; 2493 } 2494 2495 if (flags & RT2860_RX_L2PAD) { 2496 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2497 len += 2; 2498 } 2499 2500 ni = ieee80211_find_rxnode(ic, 2501 mtod(m, struct ieee80211_frame_min *)); 2502 2503 if (__predict_false(flags & RT2860_RX_MICERR)) { 2504 /* report MIC failures to net80211 for TKIP */ 2505 if (ni != NULL) 2506 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2507 m_freem(m); 2508 ifp->if_ierrors++; 2509 DPRINTF("MIC error. Someone is lying.\n"); 2510 return; 2511 } 2512 2513 ant = run_maxrssi_chain(sc, rxwi); 2514 rssi = rxwi->rssi[ant]; 2515 nf = run_rssi2dbm(sc, rssi, ant); 2516 2517 m->m_pkthdr.rcvif = ifp; 2518 m->m_pkthdr.len = m->m_len = len; 2519 2520 if (ni != NULL) { 2521 (void)ieee80211_input(ni, m, rssi, nf); 2522 ieee80211_free_node(ni); 2523 } else { 2524 (void)ieee80211_input_all(ic, m, rssi, nf); 2525 } 2526 2527 if (__predict_false(ieee80211_radiotap_active(ic))) { 2528 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2529 2530 tap->wr_flags = 0; 2531 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2532 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2533 tap->wr_antsignal = rssi; 2534 tap->wr_antenna = ant; 2535 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2536 tap->wr_rate = 2; /* in case it can't be found below */ 2537 phy = le16toh(rxwi->phy); 2538 switch (phy & RT2860_PHY_MODE) { 2539 case RT2860_PHY_CCK: 2540 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2541 case 0: tap->wr_rate = 2; break; 2542 case 1: tap->wr_rate = 4; break; 2543 case 2: tap->wr_rate = 11; break; 2544 case 3: tap->wr_rate = 22; break; 2545 } 2546 if (phy & RT2860_PHY_SHPRE) 2547 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2548 break; 2549 case RT2860_PHY_OFDM: 2550 switch (phy & RT2860_PHY_MCS) { 2551 case 0: tap->wr_rate = 12; break; 2552 case 1: tap->wr_rate = 18; break; 2553 case 2: tap->wr_rate = 24; break; 2554 case 3: tap->wr_rate = 36; break; 2555 case 4: tap->wr_rate = 48; break; 2556 case 5: tap->wr_rate = 72; break; 2557 case 6: tap->wr_rate = 96; break; 2558 case 7: tap->wr_rate = 108; break; 2559 } 2560 break; 2561 } 2562 } 2563 } 2564 2565 static void 2566 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2567 { 2568 struct run_softc *sc = usbd_xfer_softc(xfer); 2569 struct ifnet *ifp = sc->sc_ifp; 2570 struct mbuf *m = NULL; 2571 struct mbuf *m0; 2572 uint32_t dmalen; 2573 int xferlen; 2574 2575 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2576 2577 switch (USB_GET_STATE(xfer)) { 2578 case USB_ST_TRANSFERRED: 2579 2580 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2581 2582 if (xferlen < (int)(sizeof(uint32_t) + 2583 sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) { 2584 DPRINTF("xfer too short %d\n", xferlen); 2585 goto tr_setup; 2586 } 2587 2588 m = sc->rx_m; 2589 sc->rx_m = NULL; 2590 2591 /* FALLTHROUGH */ 2592 case USB_ST_SETUP: 2593 tr_setup: 2594 if (sc->rx_m == NULL) { 2595 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, 2596 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2597 } 2598 if (sc->rx_m == NULL) { 2599 DPRINTF("could not allocate mbuf - idle with stall\n"); 2600 ifp->if_ierrors++; 2601 usbd_xfer_set_stall(xfer); 2602 usbd_xfer_set_frames(xfer, 0); 2603 } else { 2604 /* 2605 * Directly loading a mbuf cluster into DMA to 2606 * save some data copying. This works because 2607 * there is only one cluster. 2608 */ 2609 usbd_xfer_set_frame_data(xfer, 0, 2610 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2611 usbd_xfer_set_frames(xfer, 1); 2612 } 2613 usbd_transfer_submit(xfer); 2614 break; 2615 2616 default: /* Error */ 2617 if (error != USB_ERR_CANCELLED) { 2618 /* try to clear stall first */ 2619 usbd_xfer_set_stall(xfer); 2620 2621 if (error == USB_ERR_TIMEOUT) 2622 device_printf(sc->sc_dev, "device timeout\n"); 2623 2624 ifp->if_ierrors++; 2625 2626 goto tr_setup; 2627 } 2628 if (sc->rx_m != NULL) { 2629 m_freem(sc->rx_m); 2630 sc->rx_m = NULL; 2631 } 2632 break; 2633 } 2634 2635 if (m == NULL) 2636 return; 2637 2638 /* inputting all the frames must be last */ 2639 2640 RUN_UNLOCK(sc); 2641 2642 m->m_pkthdr.len = m->m_len = xferlen; 2643 2644 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2645 for(;;) { 2646 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2647 2648 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2649 ((dmalen & 3) != 0)) { 2650 DPRINTF("bad DMA length %u\n", dmalen); 2651 break; 2652 } 2653 if ((dmalen + 8) > (uint32_t)xferlen) { 2654 DPRINTF("bad DMA length %u > %d\n", 2655 dmalen + 8, xferlen); 2656 break; 2657 } 2658 2659 /* If it is the last one or a single frame, we won't copy. */ 2660 if ((xferlen -= dmalen + 8) <= 8) { 2661 /* trim 32-bit DMA-len header */ 2662 m->m_data += 4; 2663 m->m_pkthdr.len = m->m_len -= 4; 2664 run_rx_frame(sc, m, dmalen); 2665 break; 2666 } 2667 2668 /* copy aggregated frames to another mbuf */ 2669 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2670 if (__predict_false(m0 == NULL)) { 2671 DPRINTF("could not allocate mbuf\n"); 2672 ifp->if_ierrors++; 2673 break; 2674 } 2675 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2676 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2677 m0->m_pkthdr.len = m0->m_len = 2678 dmalen + sizeof(struct rt2870_rxd); 2679 run_rx_frame(sc, m0, dmalen); 2680 2681 /* update data ptr */ 2682 m->m_data += dmalen + 8; 2683 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2684 } 2685 2686 RUN_LOCK(sc); 2687 } 2688 2689 static void 2690 run_tx_free(struct run_endpoint_queue *pq, 2691 struct run_tx_data *data, int txerr) 2692 { 2693 if (data->m != NULL) { 2694 if (data->m->m_flags & M_TXCB) 2695 ieee80211_process_callback(data->ni, data->m, 2696 txerr ? ETIMEDOUT : 0); 2697 m_freem(data->m); 2698 data->m = NULL; 2699 2700 if (data->ni == NULL) { 2701 DPRINTF("no node\n"); 2702 } else { 2703 ieee80211_free_node(data->ni); 2704 data->ni = NULL; 2705 } 2706 } 2707 2708 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2709 pq->tx_nfree++; 2710 } 2711 2712 static void 2713 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2714 { 2715 struct run_softc *sc = usbd_xfer_softc(xfer); 2716 struct ifnet *ifp = sc->sc_ifp; 2717 struct ieee80211com *ic = ifp->if_l2com; 2718 struct run_tx_data *data; 2719 struct ieee80211vap *vap = NULL; 2720 struct usb_page_cache *pc; 2721 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2722 struct mbuf *m; 2723 usb_frlength_t size; 2724 int actlen; 2725 int sumlen; 2726 2727 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2728 2729 switch (USB_GET_STATE(xfer)) { 2730 case USB_ST_TRANSFERRED: 2731 DPRINTFN(11, "transfer complete: %d " 2732 "bytes @ index %d\n", actlen, index); 2733 2734 data = usbd_xfer_get_priv(xfer); 2735 2736 run_tx_free(pq, data, 0); 2737 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2738 2739 usbd_xfer_set_priv(xfer, NULL); 2740 2741 ifp->if_opackets++; 2742 2743 /* FALLTHROUGH */ 2744 case USB_ST_SETUP: 2745 tr_setup: 2746 data = STAILQ_FIRST(&pq->tx_qh); 2747 if (data == NULL) 2748 break; 2749 2750 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2751 2752 m = data->m; 2753 if ((m->m_pkthdr.len + 2754 sizeof(data->desc) + 3 + 8) > RUN_MAX_TXSZ) { 2755 DPRINTF("data overflow, %u bytes\n", 2756 m->m_pkthdr.len); 2757 2758 ifp->if_oerrors++; 2759 2760 run_tx_free(pq, data, 1); 2761 2762 goto tr_setup; 2763 } 2764 2765 pc = usbd_xfer_get_frame(xfer, 0); 2766 size = sizeof(data->desc); 2767 usbd_copy_in(pc, 0, &data->desc, size); 2768 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2769 size += m->m_pkthdr.len; 2770 /* 2771 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2772 * 4-byte padding), and be sure to zero those trailing 2773 * bytes: 2774 */ 2775 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2776 size += ((-size) & 3) + 8; 2777 2778 vap = data->ni->ni_vap; 2779 if (ieee80211_radiotap_active_vap(vap)) { 2780 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2781 struct rt2860_txwi *txwi = 2782 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2783 2784 tap->wt_flags = 0; 2785 tap->wt_rate = rt2860_rates[data->ridx].rate; 2786 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2787 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2788 tap->wt_hwqueue = index; 2789 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2790 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2791 2792 ieee80211_radiotap_tx(vap, m); 2793 } 2794 2795 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2796 m->m_pkthdr.len, size, index); 2797 2798 usbd_xfer_set_frame_len(xfer, 0, size); 2799 usbd_xfer_set_priv(xfer, data); 2800 2801 usbd_transfer_submit(xfer); 2802 2803 RUN_UNLOCK(sc); 2804 run_start(ifp); 2805 RUN_LOCK(sc); 2806 2807 break; 2808 2809 default: 2810 DPRINTF("USB transfer error, %s\n", 2811 usbd_errstr(error)); 2812 2813 data = usbd_xfer_get_priv(xfer); 2814 2815 ifp->if_oerrors++; 2816 2817 if (data != NULL) { 2818 if(data->ni != NULL) 2819 vap = data->ni->ni_vap; 2820 run_tx_free(pq, data, error); 2821 usbd_xfer_set_priv(xfer, NULL); 2822 } 2823 if (vap == NULL) 2824 vap = TAILQ_FIRST(&ic->ic_vaps); 2825 2826 if (error != USB_ERR_CANCELLED) { 2827 if (error == USB_ERR_TIMEOUT) { 2828 device_printf(sc->sc_dev, "device timeout\n"); 2829 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2830 DPRINTF("cmdq_store=%d\n", i); 2831 sc->cmdq[i].func = run_usb_timeout_cb; 2832 sc->cmdq[i].arg0 = vap; 2833 ieee80211_runtask(ic, &sc->cmdq_task); 2834 } 2835 2836 /* 2837 * Try to clear stall first, also if other 2838 * errors occur, hence clearing stall 2839 * introduces a 50 ms delay: 2840 */ 2841 usbd_xfer_set_stall(xfer); 2842 goto tr_setup; 2843 } 2844 break; 2845 } 2846 } 2847 2848 static void 2849 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2850 { 2851 run_bulk_tx_callbackN(xfer, error, 0); 2852 } 2853 2854 static void 2855 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2856 { 2857 run_bulk_tx_callbackN(xfer, error, 1); 2858 } 2859 2860 static void 2861 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2862 { 2863 run_bulk_tx_callbackN(xfer, error, 2); 2864 } 2865 2866 static void 2867 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2868 { 2869 run_bulk_tx_callbackN(xfer, error, 3); 2870 } 2871 2872 static void 2873 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2874 { 2875 run_bulk_tx_callbackN(xfer, error, 4); 2876 } 2877 2878 static void 2879 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2880 { 2881 run_bulk_tx_callbackN(xfer, error, 5); 2882 } 2883 2884 static void 2885 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2886 { 2887 struct mbuf *m = data->m; 2888 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2889 struct ieee80211vap *vap = data->ni->ni_vap; 2890 struct ieee80211_frame *wh; 2891 struct rt2870_txd *txd; 2892 struct rt2860_txwi *txwi; 2893 uint16_t xferlen; 2894 uint16_t mcs; 2895 uint8_t ridx = data->ridx; 2896 uint8_t pad; 2897 2898 /* get MCS code from rate index */ 2899 mcs = rt2860_rates[ridx].mcs; 2900 2901 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2902 2903 /* roundup to 32-bit alignment */ 2904 xferlen = (xferlen + 3) & ~3; 2905 2906 txd = (struct rt2870_txd *)&data->desc; 2907 txd->len = htole16(xferlen); 2908 2909 wh = mtod(m, struct ieee80211_frame *); 2910 2911 /* 2912 * Ether both are true or both are false, the header 2913 * are nicely aligned to 32-bit. So, no L2 padding. 2914 */ 2915 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2916 pad = 0; 2917 else 2918 pad = 2; 2919 2920 /* setup TX Wireless Information */ 2921 txwi = (struct rt2860_txwi *)(txd + 1); 2922 txwi->len = htole16(m->m_pkthdr.len - pad); 2923 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2924 txwi->phy = htole16(RT2860_PHY_CCK); 2925 if (ridx != RT2860_RIDX_CCK1 && 2926 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2927 mcs |= RT2860_PHY_SHPRE; 2928 } else 2929 txwi->phy = htole16(RT2860_PHY_OFDM); 2930 txwi->phy |= htole16(mcs); 2931 2932 /* check if RTS/CTS or CTS-to-self protection is required */ 2933 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2934 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2935 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2936 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2937 txwi->txop |= RT2860_TX_TXOP_HT; 2938 else 2939 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2940 2941 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2942 txwi->xflags |= RT2860_TX_NSEQ; 2943 } 2944 2945 /* This function must be called locked */ 2946 static int 2947 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2948 { 2949 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2950 struct ieee80211vap *vap = ni->ni_vap; 2951 struct ieee80211_frame *wh; 2952 struct ieee80211_channel *chan; 2953 const struct ieee80211_txparam *tp; 2954 struct run_node *rn = (void *)ni; 2955 struct run_tx_data *data; 2956 struct rt2870_txd *txd; 2957 struct rt2860_txwi *txwi; 2958 uint16_t qos; 2959 uint16_t dur; 2960 uint16_t qid; 2961 uint8_t type; 2962 uint8_t tid; 2963 uint8_t ridx; 2964 uint8_t ctl_ridx; 2965 uint8_t qflags; 2966 uint8_t xflags = 0; 2967 int hasqos; 2968 2969 RUN_LOCK_ASSERT(sc, MA_OWNED); 2970 2971 wh = mtod(m, struct ieee80211_frame *); 2972 2973 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2974 2975 /* 2976 * There are 7 bulk endpoints: 1 for RX 2977 * and 6 for TX (4 EDCAs + HCCA + Prio). 2978 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2979 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2980 */ 2981 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2982 uint8_t *frm; 2983 2984 if(IEEE80211_HAS_ADDR4(wh)) 2985 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2986 else 2987 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2988 2989 qos = le16toh(*(const uint16_t *)frm); 2990 tid = qos & IEEE80211_QOS_TID; 2991 qid = TID_TO_WME_AC(tid); 2992 } else { 2993 qos = 0; 2994 tid = 0; 2995 qid = WME_AC_BE; 2996 } 2997 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 2998 2999 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3000 qos, qid, tid, qflags); 3001 3002 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3003 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3004 3005 /* pickup a rate index */ 3006 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3007 type != IEEE80211_FC0_TYPE_DATA) { 3008 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3009 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3010 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3011 } else { 3012 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3013 ridx = rn->fix_ridx; 3014 else 3015 ridx = rn->amrr_ridx; 3016 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3017 } 3018 3019 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3020 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3021 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3022 xflags |= RT2860_TX_ACK; 3023 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3024 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3025 else 3026 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3027 *(uint16_t *)wh->i_dur = htole16(dur); 3028 } 3029 3030 /* reserve slots for mgmt packets, just in case */ 3031 if (sc->sc_epq[qid].tx_nfree < 3) { 3032 DPRINTFN(10, "tx ring %d is full\n", qid); 3033 return (-1); 3034 } 3035 3036 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3037 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3038 sc->sc_epq[qid].tx_nfree--; 3039 3040 txd = (struct rt2870_txd *)&data->desc; 3041 txd->flags = qflags; 3042 txwi = (struct rt2860_txwi *)(txd + 1); 3043 txwi->xflags = xflags; 3044 txwi->wcid = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 3045 0 : RUN_AID2WCID(ni->ni_associd); 3046 /* clear leftover garbage bits */ 3047 txwi->flags = 0; 3048 txwi->txop = 0; 3049 3050 data->m = m; 3051 data->ni = ni; 3052 data->ridx = ridx; 3053 3054 run_set_tx_desc(sc, data); 3055 3056 /* 3057 * The chip keeps track of 2 kind of Tx stats, 3058 * * TX_STAT_FIFO, for per WCID stats, and 3059 * * TX_STA_CNT0 for all-TX-in-one stats. 3060 * 3061 * To use FIFO stats, we need to store MCS into the driver-private 3062 * PacketID field. So that, we can tell whose stats when we read them. 3063 * We add 1 to the MCS because setting the PacketID field to 0 means 3064 * that we don't want feedback in TX_STAT_FIFO. 3065 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3066 * 3067 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3068 */ 3069 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3070 vap->iv_opmode == IEEE80211_M_MBSS) { 3071 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3072 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3073 3074 /* 3075 * Unlike PCI based devices, we don't get any interrupt from 3076 * USB devices, so we simulate FIFO-is-full interrupt here. 3077 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3078 * quickly get fulled. To prevent overflow, increment a counter on 3079 * every FIFO stat request, so we know how many slots are left. 3080 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3081 * are used only in those modes. 3082 * We just drain stats. AMRR gets updated every 1 sec by 3083 * run_ratectl_cb() via callout. 3084 * Call it early. Otherwise overflow. 3085 */ 3086 if (sc->fifo_cnt++ == 10) { 3087 /* 3088 * With multiple vaps or if_bridge, if_start() is called 3089 * with a non-sleepable lock, tcpinp. So, need to defer. 3090 */ 3091 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3092 DPRINTFN(6, "cmdq_store=%d\n", i); 3093 sc->cmdq[i].func = run_drain_fifo; 3094 sc->cmdq[i].arg0 = sc; 3095 ieee80211_runtask(ic, &sc->cmdq_task); 3096 } 3097 } 3098 3099 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3100 3101 usbd_transfer_start(sc->sc_xfer[qid]); 3102 3103 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3104 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3105 rt2860_rates[ridx].rate, qid); 3106 3107 return (0); 3108 } 3109 3110 static int 3111 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3112 { 3113 struct ifnet *ifp = sc->sc_ifp; 3114 struct ieee80211com *ic = ifp->if_l2com; 3115 struct run_node *rn = (void *)ni; 3116 struct run_tx_data *data; 3117 struct ieee80211_frame *wh; 3118 struct rt2870_txd *txd; 3119 struct rt2860_txwi *txwi; 3120 uint16_t dur; 3121 uint8_t ridx = rn->mgt_ridx; 3122 uint8_t type; 3123 uint8_t xflags = 0; 3124 uint8_t wflags = 0; 3125 3126 RUN_LOCK_ASSERT(sc, MA_OWNED); 3127 3128 wh = mtod(m, struct ieee80211_frame *); 3129 3130 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3131 3132 /* tell hardware to add timestamp for probe responses */ 3133 if ((wh->i_fc[0] & 3134 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3135 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3136 wflags |= RT2860_TX_TS; 3137 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3138 xflags |= RT2860_TX_ACK; 3139 3140 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3141 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3142 *(uint16_t *)wh->i_dur = htole16(dur); 3143 } 3144 3145 if (sc->sc_epq[0].tx_nfree == 0) { 3146 /* let caller free mbuf */ 3147 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3148 return (EIO); 3149 } 3150 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3151 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3152 sc->sc_epq[0].tx_nfree--; 3153 3154 txd = (struct rt2870_txd *)&data->desc; 3155 txd->flags = RT2860_TX_QSEL_EDCA; 3156 txwi = (struct rt2860_txwi *)(txd + 1); 3157 txwi->wcid = 0xff; 3158 txwi->flags = wflags; 3159 txwi->xflags = xflags; 3160 txwi->txop = 0; /* clear leftover garbage bits */ 3161 3162 data->m = m; 3163 data->ni = ni; 3164 data->ridx = ridx; 3165 3166 run_set_tx_desc(sc, data); 3167 3168 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3169 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3170 rt2860_rates[ridx].rate); 3171 3172 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3173 3174 usbd_transfer_start(sc->sc_xfer[0]); 3175 3176 return (0); 3177 } 3178 3179 static int 3180 run_sendprot(struct run_softc *sc, 3181 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3182 { 3183 struct ieee80211com *ic = ni->ni_ic; 3184 struct ieee80211_frame *wh; 3185 struct run_tx_data *data; 3186 struct rt2870_txd *txd; 3187 struct rt2860_txwi *txwi; 3188 struct mbuf *mprot; 3189 int ridx; 3190 int protrate; 3191 int ackrate; 3192 int pktlen; 3193 int isshort; 3194 uint16_t dur; 3195 uint8_t type; 3196 uint8_t wflags = 0; 3197 uint8_t xflags = 0; 3198 3199 RUN_LOCK_ASSERT(sc, MA_OWNED); 3200 3201 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3202 ("protection %d", prot)); 3203 3204 wh = mtod(m, struct ieee80211_frame *); 3205 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3206 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3207 3208 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3209 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3210 3211 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3212 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3213 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3214 wflags = RT2860_TX_FRAG; 3215 3216 /* check that there are free slots before allocating the mbuf */ 3217 if (sc->sc_epq[0].tx_nfree == 0) { 3218 /* let caller free mbuf */ 3219 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3220 return (ENOBUFS); 3221 } 3222 3223 if (prot == IEEE80211_PROT_RTSCTS) { 3224 /* NB: CTS is the same size as an ACK */ 3225 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3226 xflags |= RT2860_TX_ACK; 3227 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3228 } else { 3229 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3230 } 3231 if (mprot == NULL) { 3232 sc->sc_ifp->if_oerrors++; 3233 DPRINTF("could not allocate mbuf\n"); 3234 return (ENOBUFS); 3235 } 3236 3237 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3238 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3239 sc->sc_epq[0].tx_nfree--; 3240 3241 txd = (struct rt2870_txd *)&data->desc; 3242 txd->flags = RT2860_TX_QSEL_EDCA; 3243 txwi = (struct rt2860_txwi *)(txd + 1); 3244 txwi->wcid = 0xff; 3245 txwi->flags = wflags; 3246 txwi->xflags = xflags; 3247 txwi->txop = 0; /* clear leftover garbage bits */ 3248 3249 data->m = mprot; 3250 data->ni = ieee80211_ref_node(ni); 3251 3252 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3253 if (rt2860_rates[ridx].rate == protrate) 3254 break; 3255 data->ridx = ridx; 3256 3257 run_set_tx_desc(sc, data); 3258 3259 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3260 m->m_pkthdr.len, rate); 3261 3262 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3263 3264 usbd_transfer_start(sc->sc_xfer[0]); 3265 3266 return (0); 3267 } 3268 3269 static int 3270 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3271 const struct ieee80211_bpf_params *params) 3272 { 3273 struct ieee80211com *ic = ni->ni_ic; 3274 struct ieee80211_frame *wh; 3275 struct run_tx_data *data; 3276 struct rt2870_txd *txd; 3277 struct rt2860_txwi *txwi; 3278 uint8_t type; 3279 uint8_t ridx; 3280 uint8_t rate; 3281 uint8_t opflags = 0; 3282 uint8_t xflags = 0; 3283 int error; 3284 3285 RUN_LOCK_ASSERT(sc, MA_OWNED); 3286 3287 KASSERT(params != NULL, ("no raw xmit params")); 3288 3289 wh = mtod(m, struct ieee80211_frame *); 3290 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3291 3292 rate = params->ibp_rate0; 3293 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3294 /* let caller free mbuf */ 3295 return (EINVAL); 3296 } 3297 3298 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3299 xflags |= RT2860_TX_ACK; 3300 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3301 error = run_sendprot(sc, m, ni, 3302 params->ibp_flags & IEEE80211_BPF_RTS ? 3303 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3304 rate); 3305 if (error) { 3306 /* let caller free mbuf */ 3307 return error; 3308 } 3309 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3310 } 3311 3312 if (sc->sc_epq[0].tx_nfree == 0) { 3313 /* let caller free mbuf */ 3314 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3315 DPRINTF("sending raw frame, but tx ring is full\n"); 3316 return (EIO); 3317 } 3318 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3319 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3320 sc->sc_epq[0].tx_nfree--; 3321 3322 txd = (struct rt2870_txd *)&data->desc; 3323 txd->flags = RT2860_TX_QSEL_EDCA; 3324 txwi = (struct rt2860_txwi *)(txd + 1); 3325 txwi->wcid = 0xff; 3326 txwi->xflags = xflags; 3327 txwi->txop = opflags; 3328 txwi->flags = 0; /* clear leftover garbage bits */ 3329 3330 data->m = m; 3331 data->ni = ni; 3332 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3333 if (rt2860_rates[ridx].rate == rate) 3334 break; 3335 data->ridx = ridx; 3336 3337 run_set_tx_desc(sc, data); 3338 3339 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3340 m->m_pkthdr.len, rate); 3341 3342 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3343 3344 usbd_transfer_start(sc->sc_xfer[0]); 3345 3346 return (0); 3347 } 3348 3349 static int 3350 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3351 const struct ieee80211_bpf_params *params) 3352 { 3353 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3354 struct run_softc *sc = ifp->if_softc; 3355 int error = 0; 3356 3357 RUN_LOCK(sc); 3358 3359 /* prevent management frames from being sent if we're not ready */ 3360 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3361 error = ENETDOWN; 3362 goto done; 3363 } 3364 3365 if (params == NULL) { 3366 /* tx mgt packet */ 3367 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3368 ifp->if_oerrors++; 3369 DPRINTF("mgt tx failed\n"); 3370 goto done; 3371 } 3372 } else { 3373 /* tx raw packet with param */ 3374 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3375 ifp->if_oerrors++; 3376 DPRINTF("tx with param failed\n"); 3377 goto done; 3378 } 3379 } 3380 3381 ifp->if_opackets++; 3382 3383 done: 3384 RUN_UNLOCK(sc); 3385 3386 if (error != 0) { 3387 if(m != NULL) 3388 m_freem(m); 3389 ieee80211_free_node(ni); 3390 } 3391 3392 return (error); 3393 } 3394 3395 static void 3396 run_start(struct ifnet *ifp) 3397 { 3398 struct run_softc *sc = ifp->if_softc; 3399 struct ieee80211_node *ni; 3400 struct mbuf *m; 3401 3402 RUN_LOCK(sc); 3403 3404 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3405 RUN_UNLOCK(sc); 3406 return; 3407 } 3408 3409 for (;;) { 3410 /* send data frames */ 3411 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3412 if (m == NULL) 3413 break; 3414 3415 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3416 if (run_tx(sc, m, ni) != 0) { 3417 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3418 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3419 break; 3420 } 3421 } 3422 3423 RUN_UNLOCK(sc); 3424 } 3425 3426 static int 3427 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3428 { 3429 struct run_softc *sc = ifp->if_softc; 3430 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3431 struct ifreq *ifr = (struct ifreq *) data; 3432 int startall = 0; 3433 int error = 0; 3434 3435 switch (cmd) { 3436 case SIOCSIFFLAGS: 3437 RUN_LOCK(sc); 3438 if (ifp->if_flags & IFF_UP) { 3439 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3440 startall = 1; 3441 run_init_locked(sc); 3442 } else 3443 run_update_promisc_locked(ifp); 3444 } else { 3445 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3446 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3447 run_stop(sc); 3448 } 3449 } 3450 RUN_UNLOCK(sc); 3451 if (startall) 3452 ieee80211_start_all(ic); 3453 break; 3454 case SIOCGIFMEDIA: 3455 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3456 break; 3457 case SIOCGIFADDR: 3458 error = ether_ioctl(ifp, cmd, data); 3459 break; 3460 default: 3461 error = EINVAL; 3462 break; 3463 } 3464 3465 return (error); 3466 } 3467 3468 static void 3469 run_set_agc(struct run_softc *sc, uint8_t agc) 3470 { 3471 uint8_t bbp; 3472 3473 if (sc->mac_ver == 0x3572) { 3474 run_bbp_read(sc, 27, &bbp); 3475 bbp &= ~(0x3 << 5); 3476 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3477 run_bbp_write(sc, 66, agc); 3478 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3479 run_bbp_write(sc, 66, agc); 3480 } else 3481 run_bbp_write(sc, 66, agc); 3482 } 3483 3484 static void 3485 run_select_chan_group(struct run_softc *sc, int group) 3486 { 3487 uint32_t tmp; 3488 uint8_t agc; 3489 3490 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3491 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3492 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3493 run_bbp_write(sc, 86, 0x00); 3494 3495 if (group == 0) { 3496 if (sc->ext_2ghz_lna) { 3497 run_bbp_write(sc, 82, 0x62); 3498 run_bbp_write(sc, 75, 0x46); 3499 } else { 3500 run_bbp_write(sc, 82, 0x84); 3501 run_bbp_write(sc, 75, 0x50); 3502 } 3503 } else { 3504 if (sc->mac_ver == 0x3572) 3505 run_bbp_write(sc, 82, 0x94); 3506 else 3507 run_bbp_write(sc, 82, 0xf2); 3508 if (sc->ext_5ghz_lna) 3509 run_bbp_write(sc, 75, 0x46); 3510 else 3511 run_bbp_write(sc, 75, 0x50); 3512 } 3513 3514 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3515 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3516 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3517 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3518 3519 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3520 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3521 if (sc->nrxchains > 1) 3522 tmp |= RT2860_LNA_PE1_EN; 3523 if (group == 0) { /* 2GHz */ 3524 tmp |= RT2860_PA_PE_G0_EN; 3525 if (sc->ntxchains > 1) 3526 tmp |= RT2860_PA_PE_G1_EN; 3527 } else { /* 5GHz */ 3528 tmp |= RT2860_PA_PE_A0_EN; 3529 if (sc->ntxchains > 1) 3530 tmp |= RT2860_PA_PE_A1_EN; 3531 } 3532 if (sc->mac_ver == 0x3572) { 3533 run_rt3070_rf_write(sc, 8, 0x00); 3534 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3535 run_rt3070_rf_write(sc, 8, 0x80); 3536 } else 3537 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3538 3539 /* set initial AGC value */ 3540 if (group == 0) { /* 2GHz band */ 3541 if (sc->mac_ver >= 0x3070) 3542 agc = 0x1c + sc->lna[0] * 2; 3543 else 3544 agc = 0x2e + sc->lna[0]; 3545 } else { /* 5GHz band */ 3546 if (sc->mac_ver == 0x3572) 3547 agc = 0x22 + (sc->lna[group] * 5) / 3; 3548 else 3549 agc = 0x32 + (sc->lna[group] * 5) / 3; 3550 } 3551 run_set_agc(sc, agc); 3552 } 3553 3554 static void 3555 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3556 { 3557 const struct rfprog *rfprog = rt2860_rf2850; 3558 uint32_t r2, r3, r4; 3559 int8_t txpow1, txpow2; 3560 int i; 3561 3562 /* find the settings for this channel (we know it exists) */ 3563 for (i = 0; rfprog[i].chan != chan; i++); 3564 3565 r2 = rfprog[i].r2; 3566 if (sc->ntxchains == 1) 3567 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3568 if (sc->nrxchains == 1) 3569 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3570 else if (sc->nrxchains == 2) 3571 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3572 3573 /* use Tx power values from EEPROM */ 3574 txpow1 = sc->txpow1[i]; 3575 txpow2 = sc->txpow2[i]; 3576 if (chan > 14) { 3577 if (txpow1 >= 0) 3578 txpow1 = txpow1 << 1 | 1; 3579 else 3580 txpow1 = (7 + txpow1) << 1; 3581 if (txpow2 >= 0) 3582 txpow2 = txpow2 << 1 | 1; 3583 else 3584 txpow2 = (7 + txpow2) << 1; 3585 } 3586 r3 = rfprog[i].r3 | txpow1 << 7; 3587 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3588 3589 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3590 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3591 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3592 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3593 3594 run_delay(sc, 10); 3595 3596 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3597 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3598 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3599 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3600 3601 run_delay(sc, 10); 3602 3603 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3604 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3605 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3606 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3607 } 3608 3609 static void 3610 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3611 { 3612 int8_t txpow1, txpow2; 3613 uint8_t rf; 3614 int i; 3615 3616 /* RT3070 is 2GHz only */ 3617 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3618 3619 /* find the settings for this channel (we know it exists) */ 3620 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3621 3622 /* use Tx power values from EEPROM */ 3623 txpow1 = sc->txpow1[i]; 3624 txpow2 = sc->txpow2[i]; 3625 3626 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3627 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3628 run_rt3070_rf_read(sc, 6, &rf); 3629 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3630 run_rt3070_rf_write(sc, 6, rf); 3631 3632 /* set Tx0 power */ 3633 run_rt3070_rf_read(sc, 12, &rf); 3634 rf = (rf & ~0x1f) | txpow1; 3635 run_rt3070_rf_write(sc, 12, rf); 3636 3637 /* set Tx1 power */ 3638 run_rt3070_rf_read(sc, 13, &rf); 3639 rf = (rf & ~0x1f) | txpow2; 3640 run_rt3070_rf_write(sc, 13, rf); 3641 3642 run_rt3070_rf_read(sc, 1, &rf); 3643 rf &= ~0xfc; 3644 if (sc->ntxchains == 1) 3645 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3646 else if (sc->ntxchains == 2) 3647 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3648 if (sc->nrxchains == 1) 3649 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3650 else if (sc->nrxchains == 2) 3651 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3652 run_rt3070_rf_write(sc, 1, rf); 3653 3654 /* set RF offset */ 3655 run_rt3070_rf_read(sc, 23, &rf); 3656 rf = (rf & ~0x7f) | sc->freq; 3657 run_rt3070_rf_write(sc, 23, rf); 3658 3659 /* program RF filter */ 3660 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3661 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3662 run_rt3070_rf_write(sc, 24, rf); 3663 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3664 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3665 run_rt3070_rf_write(sc, 31, rf); 3666 3667 /* enable RF tuning */ 3668 run_rt3070_rf_read(sc, 7, &rf); 3669 run_rt3070_rf_write(sc, 7, rf | 0x01); 3670 } 3671 3672 static void 3673 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3674 { 3675 int8_t txpow1, txpow2; 3676 uint32_t tmp; 3677 uint8_t rf; 3678 int i; 3679 3680 /* find the settings for this channel (we know it exists) */ 3681 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3682 3683 /* use Tx power values from EEPROM */ 3684 txpow1 = sc->txpow1[i]; 3685 txpow2 = sc->txpow2[i]; 3686 3687 if (chan <= 14) { 3688 run_bbp_write(sc, 25, sc->bbp25); 3689 run_bbp_write(sc, 26, sc->bbp26); 3690 } else { 3691 /* enable IQ phase correction */ 3692 run_bbp_write(sc, 25, 0x09); 3693 run_bbp_write(sc, 26, 0xff); 3694 } 3695 3696 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3697 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3698 run_rt3070_rf_read(sc, 6, &rf); 3699 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3700 rf |= (chan <= 14) ? 0x08 : 0x04; 3701 run_rt3070_rf_write(sc, 6, rf); 3702 3703 /* set PLL mode */ 3704 run_rt3070_rf_read(sc, 5, &rf); 3705 rf &= ~(0x08 | 0x04); 3706 rf |= (chan <= 14) ? 0x04 : 0x08; 3707 run_rt3070_rf_write(sc, 5, rf); 3708 3709 /* set Tx power for chain 0 */ 3710 if (chan <= 14) 3711 rf = 0x60 | txpow1; 3712 else 3713 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3714 run_rt3070_rf_write(sc, 12, rf); 3715 3716 /* set Tx power for chain 1 */ 3717 if (chan <= 14) 3718 rf = 0x60 | txpow2; 3719 else 3720 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3721 run_rt3070_rf_write(sc, 13, rf); 3722 3723 /* set Tx/Rx streams */ 3724 run_rt3070_rf_read(sc, 1, &rf); 3725 rf &= ~0xfc; 3726 if (sc->ntxchains == 1) 3727 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3728 else if (sc->ntxchains == 2) 3729 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3730 if (sc->nrxchains == 1) 3731 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3732 else if (sc->nrxchains == 2) 3733 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3734 run_rt3070_rf_write(sc, 1, rf); 3735 3736 /* set RF offset */ 3737 run_rt3070_rf_read(sc, 23, &rf); 3738 rf = (rf & ~0x7f) | sc->freq; 3739 run_rt3070_rf_write(sc, 23, rf); 3740 3741 /* program RF filter */ 3742 rf = sc->rf24_20mhz; 3743 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3744 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3745 3746 /* enable RF tuning */ 3747 run_rt3070_rf_read(sc, 7, &rf); 3748 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3749 run_rt3070_rf_write(sc, 7, rf); 3750 3751 /* TSSI */ 3752 rf = (chan <= 14) ? 0xc3 : 0xc0; 3753 run_rt3070_rf_write(sc, 9, rf); 3754 3755 /* set loop filter 1 */ 3756 run_rt3070_rf_write(sc, 10, 0xf1); 3757 /* set loop filter 2 */ 3758 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3759 3760 /* set tx_mx2_ic */ 3761 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3762 /* set tx_mx1_ic */ 3763 if (chan <= 14) 3764 rf = 0x48 | sc->txmixgain_2ghz; 3765 else 3766 rf = 0x78 | sc->txmixgain_5ghz; 3767 run_rt3070_rf_write(sc, 16, rf); 3768 3769 /* set tx_lo1 */ 3770 run_rt3070_rf_write(sc, 17, 0x23); 3771 /* set tx_lo2 */ 3772 if (chan <= 14) 3773 rf = 0x93; 3774 else if (chan <= 64) 3775 rf = 0xb7; 3776 else if (chan <= 128) 3777 rf = 0x74; 3778 else 3779 rf = 0x72; 3780 run_rt3070_rf_write(sc, 19, rf); 3781 3782 /* set rx_lo1 */ 3783 if (chan <= 14) 3784 rf = 0xb3; 3785 else if (chan <= 64) 3786 rf = 0xf6; 3787 else if (chan <= 128) 3788 rf = 0xf4; 3789 else 3790 rf = 0xf3; 3791 run_rt3070_rf_write(sc, 20, rf); 3792 3793 /* set pfd_delay */ 3794 if (chan <= 14) 3795 rf = 0x15; 3796 else if (chan <= 64) 3797 rf = 0x3d; 3798 else 3799 rf = 0x01; 3800 run_rt3070_rf_write(sc, 25, rf); 3801 3802 /* set rx_lo2 */ 3803 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3804 /* set ldo_rf_vc */ 3805 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3806 /* set drv_cc */ 3807 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3808 3809 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3810 tmp &= ~0x8080; 3811 if (chan <= 14) 3812 tmp |= 0x80; 3813 run_write(sc, RT2860_GPIO_CTRL, tmp); 3814 3815 /* enable RF tuning */ 3816 run_rt3070_rf_read(sc, 7, &rf); 3817 run_rt3070_rf_write(sc, 7, rf | 0x01); 3818 3819 run_delay(sc, 2); 3820 } 3821 3822 static void 3823 run_set_rx_antenna(struct run_softc *sc, int aux) 3824 { 3825 uint32_t tmp; 3826 3827 if (aux) { 3828 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3829 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3830 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3831 } else { 3832 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3833 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3834 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3835 } 3836 } 3837 3838 static int 3839 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3840 { 3841 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3842 uint32_t chan, group; 3843 3844 chan = ieee80211_chan2ieee(ic, c); 3845 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3846 return (EINVAL); 3847 3848 if (sc->mac_ver == 0x3572) 3849 run_rt3572_set_chan(sc, chan); 3850 else if (sc->mac_ver >= 0x3070) 3851 run_rt3070_set_chan(sc, chan); 3852 else 3853 run_rt2870_set_chan(sc, chan); 3854 3855 /* determine channel group */ 3856 if (chan <= 14) 3857 group = 0; 3858 else if (chan <= 64) 3859 group = 1; 3860 else if (chan <= 128) 3861 group = 2; 3862 else 3863 group = 3; 3864 3865 /* XXX necessary only when group has changed! */ 3866 run_select_chan_group(sc, group); 3867 3868 run_delay(sc, 10); 3869 3870 return (0); 3871 } 3872 3873 static void 3874 run_set_channel(struct ieee80211com *ic) 3875 { 3876 struct run_softc *sc = ic->ic_ifp->if_softc; 3877 3878 RUN_LOCK(sc); 3879 run_set_chan(sc, ic->ic_curchan); 3880 RUN_UNLOCK(sc); 3881 3882 return; 3883 } 3884 3885 static void 3886 run_scan_start(struct ieee80211com *ic) 3887 { 3888 struct run_softc *sc = ic->ic_ifp->if_softc; 3889 uint32_t tmp; 3890 3891 RUN_LOCK(sc); 3892 3893 /* abort TSF synchronization */ 3894 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3895 run_write(sc, RT2860_BCN_TIME_CFG, 3896 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3897 RT2860_TBTT_TIMER_EN)); 3898 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3899 3900 RUN_UNLOCK(sc); 3901 3902 return; 3903 } 3904 3905 static void 3906 run_scan_end(struct ieee80211com *ic) 3907 { 3908 struct run_softc *sc = ic->ic_ifp->if_softc; 3909 3910 RUN_LOCK(sc); 3911 3912 run_enable_tsf_sync(sc); 3913 /* XXX keep local copy */ 3914 run_set_bssid(sc, sc->sc_bssid); 3915 3916 RUN_UNLOCK(sc); 3917 3918 return; 3919 } 3920 3921 /* 3922 * Could be called from ieee80211_node_timeout() 3923 * (non-sleepable thread) 3924 */ 3925 static void 3926 run_update_beacon(struct ieee80211vap *vap, int item) 3927 { 3928 struct ieee80211com *ic = vap->iv_ic; 3929 struct run_softc *sc = ic->ic_ifp->if_softc; 3930 struct run_vap *rvp = RUN_VAP(vap); 3931 int mcast = 0; 3932 uint32_t i; 3933 3934 KASSERT(vap != NULL, ("no beacon")); 3935 3936 switch (item) { 3937 case IEEE80211_BEACON_ERP: 3938 run_updateslot(ic->ic_ifp); 3939 break; 3940 case IEEE80211_BEACON_HTINFO: 3941 run_updateprot(ic); 3942 break; 3943 case IEEE80211_BEACON_TIM: 3944 mcast = 1; /*TODO*/ 3945 break; 3946 default: 3947 break; 3948 } 3949 3950 setbit(rvp->bo.bo_flags, item); 3951 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 3952 3953 i = RUN_CMDQ_GET(&sc->cmdq_store); 3954 DPRINTF("cmdq_store=%d\n", i); 3955 sc->cmdq[i].func = run_update_beacon_cb; 3956 sc->cmdq[i].arg0 = vap; 3957 ieee80211_runtask(ic, &sc->cmdq_task); 3958 3959 return; 3960 } 3961 3962 static void 3963 run_update_beacon_cb(void *arg) 3964 { 3965 struct ieee80211vap *vap = arg; 3966 struct run_vap *rvp = RUN_VAP(vap); 3967 struct ieee80211com *ic = vap->iv_ic; 3968 struct run_softc *sc = ic->ic_ifp->if_softc; 3969 struct rt2860_txwi txwi; 3970 struct mbuf *m; 3971 uint8_t ridx; 3972 3973 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3974 return; 3975 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 3976 return; 3977 3978 /* 3979 * No need to call ieee80211_beacon_update(), run_update_beacon() 3980 * is taking care of apropriate calls. 3981 */ 3982 if (rvp->beacon_mbuf == NULL) { 3983 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 3984 &rvp->bo); 3985 if (rvp->beacon_mbuf == NULL) 3986 return; 3987 } 3988 m = rvp->beacon_mbuf; 3989 3990 memset(&txwi, 0, sizeof txwi); 3991 txwi.wcid = 0xff; 3992 txwi.len = htole16(m->m_pkthdr.len); 3993 /* send beacons at the lowest available rate */ 3994 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3995 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3996 txwi.phy = htole16(rt2860_rates[ridx].mcs); 3997 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 3998 txwi.phy |= htole16(RT2860_PHY_OFDM); 3999 txwi.txop = RT2860_TX_TXOP_HT; 4000 txwi.flags = RT2860_TX_TS; 4001 txwi.xflags = RT2860_TX_NSEQ; 4002 4003 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), 4004 (uint8_t *)&txwi, sizeof txwi); 4005 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi, 4006 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 4007 4008 return; 4009 } 4010 4011 static void 4012 run_updateprot(struct ieee80211com *ic) 4013 { 4014 struct run_softc *sc = ic->ic_ifp->if_softc; 4015 uint32_t i; 4016 4017 i = RUN_CMDQ_GET(&sc->cmdq_store); 4018 DPRINTF("cmdq_store=%d\n", i); 4019 sc->cmdq[i].func = run_updateprot_cb; 4020 sc->cmdq[i].arg0 = ic; 4021 ieee80211_runtask(ic, &sc->cmdq_task); 4022 } 4023 4024 static void 4025 run_updateprot_cb(void *arg) 4026 { 4027 struct ieee80211com *ic = arg; 4028 struct run_softc *sc = ic->ic_ifp->if_softc; 4029 uint32_t tmp; 4030 4031 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4032 /* setup protection frame rate (MCS code) */ 4033 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4034 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4035 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4036 4037 /* CCK frames don't require protection */ 4038 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4039 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4040 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4041 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4042 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4043 tmp |= RT2860_PROT_CTRL_CTS; 4044 } 4045 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4046 } 4047 4048 static void 4049 run_usb_timeout_cb(void *arg) 4050 { 4051 struct ieee80211vap *vap = arg; 4052 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4053 4054 RUN_LOCK_ASSERT(sc, MA_OWNED); 4055 4056 if(vap->iv_state == IEEE80211_S_RUN && 4057 vap->iv_opmode != IEEE80211_M_STA) 4058 run_reset_livelock(sc); 4059 else if (vap->iv_state == IEEE80211_S_SCAN) { 4060 DPRINTF("timeout caused by scan\n"); 4061 /* cancel bgscan */ 4062 ieee80211_cancel_scan(vap); 4063 } else 4064 DPRINTF("timeout by unknown cause\n"); 4065 } 4066 4067 static void 4068 run_reset_livelock(struct run_softc *sc) 4069 { 4070 uint32_t tmp; 4071 4072 RUN_LOCK_ASSERT(sc, MA_OWNED); 4073 4074 /* 4075 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4076 * can run into a livelock and start sending CTS-to-self frames like 4077 * crazy if protection is enabled. Reset MAC/BBP for a while 4078 */ 4079 run_read(sc, RT2860_DEBUG, &tmp); 4080 DPRINTFN(3, "debug reg %08x\n", tmp); 4081 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4082 DPRINTF("CTS-to-self livelock detected\n"); 4083 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4084 run_delay(sc, 1); 4085 run_write(sc, RT2860_MAC_SYS_CTRL, 4086 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4087 } 4088 } 4089 4090 static void 4091 run_update_promisc_locked(struct ifnet *ifp) 4092 { 4093 struct run_softc *sc = ifp->if_softc; 4094 uint32_t tmp; 4095 4096 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4097 4098 tmp |= RT2860_DROP_UC_NOME; 4099 if (ifp->if_flags & IFF_PROMISC) 4100 tmp &= ~RT2860_DROP_UC_NOME; 4101 4102 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4103 4104 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4105 "entering" : "leaving"); 4106 } 4107 4108 static void 4109 run_update_promisc(struct ifnet *ifp) 4110 { 4111 struct run_softc *sc = ifp->if_softc; 4112 4113 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4114 return; 4115 4116 RUN_LOCK(sc); 4117 run_update_promisc_locked(ifp); 4118 RUN_UNLOCK(sc); 4119 } 4120 4121 static void 4122 run_enable_tsf_sync(struct run_softc *sc) 4123 { 4124 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4125 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4126 uint32_t tmp; 4127 4128 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4129 4130 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4131 tmp &= ~0x1fffff; 4132 tmp |= vap->iv_bss->ni_intval * 16; 4133 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4134 4135 if (ic->ic_opmode == IEEE80211_M_STA) { 4136 /* 4137 * Local TSF is always updated with remote TSF on beacon 4138 * reception. 4139 */ 4140 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4141 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4142 tmp |= RT2860_BCN_TX_EN; 4143 /* 4144 * Local TSF is updated with remote TSF on beacon reception 4145 * only if the remote TSF is greater than local TSF. 4146 */ 4147 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4148 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4149 ic->ic_opmode == IEEE80211_M_MBSS) { 4150 tmp |= RT2860_BCN_TX_EN; 4151 /* SYNC with nobody */ 4152 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4153 } else { 4154 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4155 return; 4156 } 4157 4158 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4159 } 4160 4161 static void 4162 run_enable_mrr(struct run_softc *sc) 4163 { 4164 #define CCK(mcs) (mcs) 4165 #define OFDM(mcs) (1 << 3 | (mcs)) 4166 run_write(sc, RT2860_LG_FBK_CFG0, 4167 OFDM(6) << 28 | /* 54->48 */ 4168 OFDM(5) << 24 | /* 48->36 */ 4169 OFDM(4) << 20 | /* 36->24 */ 4170 OFDM(3) << 16 | /* 24->18 */ 4171 OFDM(2) << 12 | /* 18->12 */ 4172 OFDM(1) << 8 | /* 12-> 9 */ 4173 OFDM(0) << 4 | /* 9-> 6 */ 4174 OFDM(0)); /* 6-> 6 */ 4175 4176 run_write(sc, RT2860_LG_FBK_CFG1, 4177 CCK(2) << 12 | /* 11->5.5 */ 4178 CCK(1) << 8 | /* 5.5-> 2 */ 4179 CCK(0) << 4 | /* 2-> 1 */ 4180 CCK(0)); /* 1-> 1 */ 4181 #undef OFDM 4182 #undef CCK 4183 } 4184 4185 static void 4186 run_set_txpreamble(struct run_softc *sc) 4187 { 4188 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4189 uint32_t tmp; 4190 4191 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4192 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4193 tmp |= RT2860_CCK_SHORT_EN; 4194 else 4195 tmp &= ~RT2860_CCK_SHORT_EN; 4196 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4197 } 4198 4199 static void 4200 run_set_basicrates(struct run_softc *sc) 4201 { 4202 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4203 4204 /* set basic rates mask */ 4205 if (ic->ic_curmode == IEEE80211_MODE_11B) 4206 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4207 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4208 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4209 else /* 11g */ 4210 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4211 } 4212 4213 static void 4214 run_set_leds(struct run_softc *sc, uint16_t which) 4215 { 4216 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4217 which | (sc->leds & 0x7f)); 4218 } 4219 4220 static void 4221 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4222 { 4223 run_write(sc, RT2860_MAC_BSSID_DW0, 4224 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4225 run_write(sc, RT2860_MAC_BSSID_DW1, 4226 bssid[4] | bssid[5] << 8); 4227 } 4228 4229 static void 4230 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4231 { 4232 run_write(sc, RT2860_MAC_ADDR_DW0, 4233 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4234 run_write(sc, RT2860_MAC_ADDR_DW1, 4235 addr[4] | addr[5] << 8 | 0xff << 16); 4236 } 4237 4238 static void 4239 run_updateslot(struct ifnet *ifp) 4240 { 4241 struct run_softc *sc = ifp->if_softc; 4242 struct ieee80211com *ic = ifp->if_l2com; 4243 uint32_t i; 4244 4245 i = RUN_CMDQ_GET(&sc->cmdq_store); 4246 DPRINTF("cmdq_store=%d\n", i); 4247 sc->cmdq[i].func = run_updateslot_cb; 4248 sc->cmdq[i].arg0 = ifp; 4249 ieee80211_runtask(ic, &sc->cmdq_task); 4250 4251 return; 4252 } 4253 4254 /* ARGSUSED */ 4255 static void 4256 run_updateslot_cb(void *arg) 4257 { 4258 struct ifnet *ifp = arg; 4259 struct run_softc *sc = ifp->if_softc; 4260 struct ieee80211com *ic = ifp->if_l2com; 4261 uint32_t tmp; 4262 4263 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4264 tmp &= ~0xff; 4265 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4266 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4267 } 4268 4269 static void 4270 run_update_mcast(struct ifnet *ifp) 4271 { 4272 /* h/w filter supports getting everything or nothing */ 4273 ifp->if_flags |= IFF_ALLMULTI; 4274 } 4275 4276 static int8_t 4277 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4278 { 4279 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4280 struct ieee80211_channel *c = ic->ic_curchan; 4281 int delta; 4282 4283 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4284 uint32_t chan = ieee80211_chan2ieee(ic, c); 4285 delta = sc->rssi_5ghz[rxchain]; 4286 4287 /* determine channel group */ 4288 if (chan <= 64) 4289 delta -= sc->lna[1]; 4290 else if (chan <= 128) 4291 delta -= sc->lna[2]; 4292 else 4293 delta -= sc->lna[3]; 4294 } else 4295 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4296 4297 return (-12 - delta - rssi); 4298 } 4299 4300 static int 4301 run_bbp_init(struct run_softc *sc) 4302 { 4303 int i, error, ntries; 4304 uint8_t bbp0; 4305 4306 /* wait for BBP to wake up */ 4307 for (ntries = 0; ntries < 20; ntries++) { 4308 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4309 return error; 4310 if (bbp0 != 0 && bbp0 != 0xff) 4311 break; 4312 } 4313 if (ntries == 20) 4314 return (ETIMEDOUT); 4315 4316 /* initialize BBP registers to default values */ 4317 for (i = 0; i < N(rt2860_def_bbp); i++) { 4318 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4319 rt2860_def_bbp[i].val); 4320 } 4321 4322 /* fix BBP84 for RT2860E */ 4323 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4324 run_bbp_write(sc, 84, 0x19); 4325 4326 if (sc->mac_ver >= 0x3070) { 4327 run_bbp_write(sc, 79, 0x13); 4328 run_bbp_write(sc, 80, 0x05); 4329 run_bbp_write(sc, 81, 0x33); 4330 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4331 run_bbp_write(sc, 69, 0x16); 4332 run_bbp_write(sc, 73, 0x12); 4333 } 4334 return (0); 4335 } 4336 4337 static int 4338 run_rt3070_rf_init(struct run_softc *sc) 4339 { 4340 uint32_t tmp; 4341 uint8_t rf, target, bbp4; 4342 int i; 4343 4344 run_rt3070_rf_read(sc, 30, &rf); 4345 /* toggle RF R30 bit 7 */ 4346 run_rt3070_rf_write(sc, 30, rf | 0x80); 4347 run_delay(sc, 10); 4348 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4349 4350 /* initialize RF registers to default value */ 4351 if (sc->mac_ver == 0x3572) { 4352 for (i = 0; i < N(rt3572_def_rf); i++) { 4353 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4354 rt3572_def_rf[i].val); 4355 } 4356 } else { 4357 for (i = 0; i < N(rt3070_def_rf); i++) { 4358 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4359 rt3070_def_rf[i].val); 4360 } 4361 } 4362 4363 if (sc->mac_ver == 0x3070) { 4364 /* change voltage from 1.2V to 1.35V for RT3070 */ 4365 run_read(sc, RT3070_LDO_CFG0, &tmp); 4366 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4367 run_write(sc, RT3070_LDO_CFG0, tmp); 4368 4369 } else if (sc->mac_ver == 0x3071) { 4370 run_rt3070_rf_read(sc, 6, &rf); 4371 run_rt3070_rf_write(sc, 6, rf | 0x40); 4372 run_rt3070_rf_write(sc, 31, 0x14); 4373 4374 run_read(sc, RT3070_LDO_CFG0, &tmp); 4375 tmp &= ~0x1f000000; 4376 if (sc->mac_rev < 0x0211) 4377 tmp |= 0x0d000000; /* 1.3V */ 4378 else 4379 tmp |= 0x01000000; /* 1.2V */ 4380 run_write(sc, RT3070_LDO_CFG0, tmp); 4381 4382 /* patch LNA_PE_G1 */ 4383 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4384 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4385 4386 } else if (sc->mac_ver == 0x3572) { 4387 run_rt3070_rf_read(sc, 6, &rf); 4388 run_rt3070_rf_write(sc, 6, rf | 0x40); 4389 4390 /* increase voltage from 1.2V to 1.35V */ 4391 run_read(sc, RT3070_LDO_CFG0, &tmp); 4392 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4393 run_write(sc, RT3070_LDO_CFG0, tmp); 4394 4395 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4396 run_delay(sc, 1); /* wait for 1msec */ 4397 /* decrease voltage back to 1.2V */ 4398 tmp = (tmp & ~0x1f000000) | 0x01000000; 4399 run_write(sc, RT3070_LDO_CFG0, tmp); 4400 } 4401 } 4402 4403 /* select 20MHz bandwidth */ 4404 run_rt3070_rf_read(sc, 31, &rf); 4405 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4406 4407 /* calibrate filter for 20MHz bandwidth */ 4408 sc->rf24_20mhz = 0x1f; /* default value */ 4409 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4410 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4411 4412 /* select 40MHz bandwidth */ 4413 run_bbp_read(sc, 4, &bbp4); 4414 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4415 run_rt3070_rf_read(sc, 31, &rf); 4416 run_rt3070_rf_write(sc, 31, rf | 0x20); 4417 4418 /* calibrate filter for 40MHz bandwidth */ 4419 sc->rf24_40mhz = 0x2f; /* default value */ 4420 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4421 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4422 4423 /* go back to 20MHz bandwidth */ 4424 run_bbp_read(sc, 4, &bbp4); 4425 run_bbp_write(sc, 4, bbp4 & ~0x18); 4426 4427 if (sc->mac_ver == 0x3572) { 4428 /* save default BBP registers 25 and 26 values */ 4429 run_bbp_read(sc, 25, &sc->bbp25); 4430 run_bbp_read(sc, 26, &sc->bbp26); 4431 } else if (sc->mac_rev < 0x0211) 4432 run_rt3070_rf_write(sc, 27, 0x03); 4433 4434 run_read(sc, RT3070_OPT_14, &tmp); 4435 run_write(sc, RT3070_OPT_14, tmp | 1); 4436 4437 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4438 run_rt3070_rf_read(sc, 17, &rf); 4439 rf &= ~RT3070_TX_LO1; 4440 if ((sc->mac_ver == 0x3070 || 4441 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4442 !sc->ext_2ghz_lna) 4443 rf |= 0x20; /* fix for long range Rx issue */ 4444 if (sc->txmixgain_2ghz >= 1) 4445 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4446 run_rt3070_rf_write(sc, 17, rf); 4447 } 4448 4449 if (sc->mac_rev == 0x3071) { 4450 run_rt3070_rf_read(sc, 1, &rf); 4451 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4452 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4453 run_rt3070_rf_write(sc, 1, rf); 4454 4455 run_rt3070_rf_read(sc, 15, &rf); 4456 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4457 4458 run_rt3070_rf_read(sc, 20, &rf); 4459 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4460 4461 run_rt3070_rf_read(sc, 21, &rf); 4462 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4463 } 4464 4465 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4466 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4467 run_rt3070_rf_read(sc, 27, &rf); 4468 rf &= ~0x77; 4469 if (sc->mac_rev < 0x0211) 4470 rf |= 0x03; 4471 run_rt3070_rf_write(sc, 27, rf); 4472 } 4473 return (0); 4474 } 4475 4476 static int 4477 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4478 uint8_t *val) 4479 { 4480 uint8_t rf22, rf24; 4481 uint8_t bbp55_pb, bbp55_sb, delta; 4482 int ntries; 4483 4484 /* program filter */ 4485 run_rt3070_rf_read(sc, 24, &rf24); 4486 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4487 run_rt3070_rf_write(sc, 24, rf24); 4488 4489 /* enable baseband loopback mode */ 4490 run_rt3070_rf_read(sc, 22, &rf22); 4491 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4492 4493 /* set power and frequency of passband test tone */ 4494 run_bbp_write(sc, 24, 0x00); 4495 for (ntries = 0; ntries < 100; ntries++) { 4496 /* transmit test tone */ 4497 run_bbp_write(sc, 25, 0x90); 4498 run_delay(sc, 10); 4499 /* read received power */ 4500 run_bbp_read(sc, 55, &bbp55_pb); 4501 if (bbp55_pb != 0) 4502 break; 4503 } 4504 if (ntries == 100) 4505 return ETIMEDOUT; 4506 4507 /* set power and frequency of stopband test tone */ 4508 run_bbp_write(sc, 24, 0x06); 4509 for (ntries = 0; ntries < 100; ntries++) { 4510 /* transmit test tone */ 4511 run_bbp_write(sc, 25, 0x90); 4512 run_delay(sc, 10); 4513 /* read received power */ 4514 run_bbp_read(sc, 55, &bbp55_sb); 4515 4516 delta = bbp55_pb - bbp55_sb; 4517 if (delta > target) 4518 break; 4519 4520 /* reprogram filter */ 4521 rf24++; 4522 run_rt3070_rf_write(sc, 24, rf24); 4523 } 4524 if (ntries < 100) { 4525 if (rf24 != init) 4526 rf24--; /* backtrack */ 4527 *val = rf24; 4528 run_rt3070_rf_write(sc, 24, rf24); 4529 } 4530 4531 /* restore initial state */ 4532 run_bbp_write(sc, 24, 0x00); 4533 4534 /* disable baseband loopback mode */ 4535 run_rt3070_rf_read(sc, 22, &rf22); 4536 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4537 4538 return (0); 4539 } 4540 4541 static void 4542 run_rt3070_rf_setup(struct run_softc *sc) 4543 { 4544 uint8_t bbp, rf; 4545 int i; 4546 4547 if (sc->mac_ver == 0x3572) { 4548 /* enable DC filter */ 4549 if (sc->mac_rev >= 0x0201) 4550 run_bbp_write(sc, 103, 0xc0); 4551 4552 run_bbp_read(sc, 138, &bbp); 4553 if (sc->ntxchains == 1) 4554 bbp |= 0x20; /* turn off DAC1 */ 4555 if (sc->nrxchains == 1) 4556 bbp &= ~0x02; /* turn off ADC1 */ 4557 run_bbp_write(sc, 138, bbp); 4558 4559 if (sc->mac_rev >= 0x0211) { 4560 /* improve power consumption */ 4561 run_bbp_read(sc, 31, &bbp); 4562 run_bbp_write(sc, 31, bbp & ~0x03); 4563 } 4564 4565 run_rt3070_rf_read(sc, 16, &rf); 4566 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4567 run_rt3070_rf_write(sc, 16, rf); 4568 4569 } else if (sc->mac_ver == 0x3071) { 4570 /* enable DC filter */ 4571 if (sc->mac_rev >= 0x0201) 4572 run_bbp_write(sc, 103, 0xc0); 4573 4574 run_bbp_read(sc, 138, &bbp); 4575 if (sc->ntxchains == 1) 4576 bbp |= 0x20; /* turn off DAC1 */ 4577 if (sc->nrxchains == 1) 4578 bbp &= ~0x02; /* turn off ADC1 */ 4579 run_bbp_write(sc, 138, bbp); 4580 4581 if (sc->mac_rev >= 0x0211) { 4582 /* improve power consumption */ 4583 run_bbp_read(sc, 31, &bbp); 4584 run_bbp_write(sc, 31, bbp & ~0x03); 4585 } 4586 4587 run_write(sc, RT2860_TX_SW_CFG1, 0); 4588 if (sc->mac_rev < 0x0211) { 4589 run_write(sc, RT2860_TX_SW_CFG2, 4590 sc->patch_dac ? 0x2c : 0x0f); 4591 } else 4592 run_write(sc, RT2860_TX_SW_CFG2, 0); 4593 4594 } else if (sc->mac_ver == 0x3070) { 4595 if (sc->mac_rev >= 0x0201) { 4596 /* enable DC filter */ 4597 run_bbp_write(sc, 103, 0xc0); 4598 4599 /* improve power consumption */ 4600 run_bbp_read(sc, 31, &bbp); 4601 run_bbp_write(sc, 31, bbp & ~0x03); 4602 } 4603 4604 if (sc->mac_rev < 0x0211) { 4605 run_write(sc, RT2860_TX_SW_CFG1, 0); 4606 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4607 } else 4608 run_write(sc, RT2860_TX_SW_CFG2, 0); 4609 } 4610 4611 /* initialize RF registers from ROM for >=RT3071*/ 4612 if (sc->mac_ver >= 0x3071) { 4613 for (i = 0; i < 10; i++) { 4614 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4615 continue; 4616 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4617 } 4618 } 4619 } 4620 4621 static int 4622 run_txrx_enable(struct run_softc *sc) 4623 { 4624 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4625 uint32_t tmp; 4626 int error, ntries; 4627 4628 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4629 for (ntries = 0; ntries < 200; ntries++) { 4630 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4631 return error; 4632 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4633 break; 4634 run_delay(sc, 50); 4635 } 4636 if (ntries == 200) 4637 return ETIMEDOUT; 4638 4639 run_delay(sc, 50); 4640 4641 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4642 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4643 4644 /* enable Rx bulk aggregation (set timeout and limit) */ 4645 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4646 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4647 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4648 4649 /* set Rx filter */ 4650 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4651 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4652 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4653 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4654 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4655 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4656 if (ic->ic_opmode == IEEE80211_M_STA) 4657 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4658 } 4659 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4660 4661 run_write(sc, RT2860_MAC_SYS_CTRL, 4662 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4663 4664 return (0); 4665 } 4666 4667 static void 4668 run_init_locked(struct run_softc *sc) 4669 { 4670 struct ifnet *ifp = sc->sc_ifp; 4671 struct ieee80211com *ic = ifp->if_l2com; 4672 uint32_t tmp; 4673 uint8_t bbp1, bbp3; 4674 int i; 4675 int ridx; 4676 int ntries; 4677 4678 if (ic->ic_nrunning > 1) 4679 return; 4680 4681 run_stop(sc); 4682 4683 if (run_load_microcode(sc) != 0) { 4684 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 4685 goto fail; 4686 } 4687 4688 for (ntries = 0; ntries < 100; ntries++) { 4689 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4690 goto fail; 4691 if (tmp != 0 && tmp != 0xffffffff) 4692 break; 4693 run_delay(sc, 10); 4694 } 4695 if (ntries == 100) 4696 goto fail; 4697 4698 for (i = 0; i != RUN_EP_QUEUES; i++) 4699 run_setup_tx_list(sc, &sc->sc_epq[i]); 4700 4701 run_set_macaddr(sc, IF_LLADDR(ifp)); 4702 4703 for (ntries = 0; ntries < 100; ntries++) { 4704 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4705 goto fail; 4706 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4707 break; 4708 run_delay(sc, 10); 4709 } 4710 if (ntries == 100) { 4711 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4712 goto fail; 4713 } 4714 tmp &= 0xff0; 4715 tmp |= RT2860_TX_WB_DDONE; 4716 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4717 4718 /* turn off PME_OEN to solve high-current issue */ 4719 run_read(sc, RT2860_SYS_CTRL, &tmp); 4720 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4721 4722 run_write(sc, RT2860_MAC_SYS_CTRL, 4723 RT2860_BBP_HRST | RT2860_MAC_SRST); 4724 run_write(sc, RT2860_USB_DMA_CFG, 0); 4725 4726 if (run_reset(sc) != 0) { 4727 device_printf(sc->sc_dev, "could not reset chipset\n"); 4728 goto fail; 4729 } 4730 4731 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4732 4733 /* init Tx power for all Tx rates (from EEPROM) */ 4734 for (ridx = 0; ridx < 5; ridx++) { 4735 if (sc->txpow20mhz[ridx] == 0xffffffff) 4736 continue; 4737 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4738 } 4739 4740 for (i = 0; i < N(rt2870_def_mac); i++) 4741 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4742 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4743 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4744 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4745 4746 if (sc->mac_ver >= 0x3070) { 4747 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4748 run_write(sc, RT2860_TX_SW_CFG0, 4749 4 << RT2860_DLY_PAPE_EN_SHIFT); 4750 } 4751 4752 /* wait while MAC is busy */ 4753 for (ntries = 0; ntries < 100; ntries++) { 4754 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4755 goto fail; 4756 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4757 break; 4758 run_delay(sc, 10); 4759 } 4760 if (ntries == 100) 4761 goto fail; 4762 4763 /* clear Host to MCU mailbox */ 4764 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4765 run_write(sc, RT2860_H2M_MAILBOX, 0); 4766 run_delay(sc, 10); 4767 4768 if (run_bbp_init(sc) != 0) { 4769 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4770 goto fail; 4771 } 4772 4773 /* abort TSF synchronization */ 4774 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4775 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4776 RT2860_TBTT_TIMER_EN); 4777 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4778 4779 /* clear RX WCID search table */ 4780 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4781 /* clear WCID attribute table */ 4782 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4783 4784 /* hostapd sets a key before init. So, don't clear it. */ 4785 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4786 /* clear shared key table */ 4787 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4788 /* clear shared key mode */ 4789 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4790 } 4791 4792 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4793 tmp = (tmp & ~0xff) | 0x1e; 4794 run_write(sc, RT2860_US_CYC_CNT, tmp); 4795 4796 if (sc->mac_rev != 0x0101) 4797 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4798 4799 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4800 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4801 4802 /* write vendor-specific BBP values (from EEPROM) */ 4803 for (i = 0; i < 10; i++) { 4804 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4805 continue; 4806 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4807 } 4808 4809 /* select Main antenna for 1T1R devices */ 4810 if (sc->rf_rev == RT3070_RF_3020) 4811 run_set_rx_antenna(sc, 0); 4812 4813 /* send LEDs operating mode to microcontroller */ 4814 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4815 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4816 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4817 4818 if (sc->mac_ver >= 0x3070) 4819 run_rt3070_rf_init(sc); 4820 4821 /* disable non-existing Rx chains */ 4822 run_bbp_read(sc, 3, &bbp3); 4823 bbp3 &= ~(1 << 3 | 1 << 4); 4824 if (sc->nrxchains == 2) 4825 bbp3 |= 1 << 3; 4826 else if (sc->nrxchains == 3) 4827 bbp3 |= 1 << 4; 4828 run_bbp_write(sc, 3, bbp3); 4829 4830 /* disable non-existing Tx chains */ 4831 run_bbp_read(sc, 1, &bbp1); 4832 if (sc->ntxchains == 1) 4833 bbp1 &= ~(1 << 3 | 1 << 4); 4834 run_bbp_write(sc, 1, bbp1); 4835 4836 if (sc->mac_ver >= 0x3070) 4837 run_rt3070_rf_setup(sc); 4838 4839 /* select default channel */ 4840 run_set_chan(sc, ic->ic_curchan); 4841 4842 /* setup initial protection mode */ 4843 run_updateprot_cb(ic); 4844 4845 /* turn radio LED on */ 4846 run_set_leds(sc, RT2860_LED_RADIO); 4847 4848 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4849 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4850 sc->cmdq_run = RUN_CMDQ_GO; 4851 4852 for (i = 0; i != RUN_N_XFER; i++) 4853 usbd_xfer_set_stall(sc->sc_xfer[i]); 4854 4855 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4856 4857 if (run_txrx_enable(sc) != 0) 4858 goto fail; 4859 4860 return; 4861 4862 fail: 4863 run_stop(sc); 4864 } 4865 4866 static void 4867 run_init(void *arg) 4868 { 4869 struct run_softc *sc = arg; 4870 struct ifnet *ifp = sc->sc_ifp; 4871 struct ieee80211com *ic = ifp->if_l2com; 4872 4873 RUN_LOCK(sc); 4874 run_init_locked(sc); 4875 RUN_UNLOCK(sc); 4876 4877 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4878 ieee80211_start_all(ic); 4879 } 4880 4881 static void 4882 run_stop(void *arg) 4883 { 4884 struct run_softc *sc = (struct run_softc *)arg; 4885 struct ifnet *ifp = sc->sc_ifp; 4886 uint32_t tmp; 4887 int i; 4888 int ntries; 4889 4890 RUN_LOCK_ASSERT(sc, MA_OWNED); 4891 4892 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4893 run_set_leds(sc, 0); /* turn all LEDs off */ 4894 4895 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4896 4897 sc->ratectl_run = RUN_RATECTL_OFF; 4898 sc->cmdq_run = sc->cmdq_key_set; 4899 4900 RUN_UNLOCK(sc); 4901 4902 for(i = 0; i < RUN_N_XFER; i++) 4903 usbd_transfer_drain(sc->sc_xfer[i]); 4904 4905 RUN_LOCK(sc); 4906 4907 if (sc->rx_m != NULL) { 4908 m_free(sc->rx_m); 4909 sc->rx_m = NULL; 4910 } 4911 4912 /* disable Tx/Rx */ 4913 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4914 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4915 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4916 4917 /* wait for pending Tx to complete */ 4918 for (ntries = 0; ntries < 100; ntries++) { 4919 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4920 DPRINTF("Cannot read Tx queue count\n"); 4921 break; 4922 } 4923 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4924 DPRINTF("All Tx cleared\n"); 4925 break; 4926 } 4927 run_delay(sc, 10); 4928 } 4929 if (ntries >= 100) 4930 DPRINTF("There are still pending Tx\n"); 4931 run_delay(sc, 10); 4932 run_write(sc, RT2860_USB_DMA_CFG, 0); 4933 4934 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4935 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4936 4937 for (i = 0; i != RUN_EP_QUEUES; i++) 4938 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4939 4940 return; 4941 } 4942 4943 static void 4944 run_delay(struct run_softc *sc, unsigned int ms) 4945 { 4946 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4947 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4948 } 4949 4950 static device_method_t run_methods[] = { 4951 /* Device interface */ 4952 DEVMETHOD(device_probe, run_match), 4953 DEVMETHOD(device_attach, run_attach), 4954 DEVMETHOD(device_detach, run_detach), 4955 4956 { 0, 0 } 4957 }; 4958 4959 static driver_t run_driver = { 4960 .name = "run", 4961 .methods = run_methods, 4962 .size = sizeof(struct run_softc) 4963 }; 4964 4965 static devclass_t run_devclass; 4966 4967 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4968 MODULE_DEPEND(run, wlan, 1, 1, 1); 4969 MODULE_DEPEND(run, usb, 1, 1, 1); 4970 MODULE_DEPEND(run, firmware, 1, 1, 1); 4971 MODULE_VERSION(run, 1);
Cache object: 9a7b56ef9f82531054a22e3b2064e4e2
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]