wlan - Update wlan from Adrian / FreeBSD
[dragonfly.git] / sys / bus / u4b / wlan / if_run.c
CommitLineData
12bd3c8b
SW
1/*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
cea9a87b 5 * Copyright (c) 2013-2014 Kevin Lo
12bd3c8b
SW
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
10f2cea7 18 *
cea9a87b 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 262795 2014-03-05 18:39:27Z hselasky $
12bd3c8b
SW
20 */
21
12bd3c8b 22/*-
cea9a87b 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
12bd3c8b
SW
24 * http://www.ralinktech.com/
25 */
26
27#include <sys/param.h>
28#include <sys/sockio.h>
29#include <sys/sysctl.h>
30#include <sys/lock.h>
12bd3c8b
SW
31#include <sys/mbuf.h>
32#include <sys/kernel.h>
33#include <sys/socket.h>
34#include <sys/systm.h>
35#include <sys/malloc.h>
36#include <sys/module.h>
37#include <sys/bus.h>
38#include <sys/endian.h>
39#include <sys/linker.h>
40#include <sys/firmware.h>
12bd3c8b 41
12bd3c8b
SW
42#include <sys/rman.h>
43
44#include <net/bpf.h>
45#include <net/if.h>
cea9a87b 46#include <net/if_var.h>
12bd3c8b
SW
47#include <net/if_arp.h>
48#include <net/ethernet.h>
49#include <net/if_dl.h>
50#include <net/if_media.h>
51#include <net/if_types.h>
10f2cea7 52#include <net/ifq_var.h>
12bd3c8b
SW
53
54#include <netinet/in.h>
55#include <netinet/in_systm.h>
56#include <netinet/in_var.h>
57#include <netinet/if_ether.h>
58#include <netinet/ip.h>
59
10f2cea7
SW
60#include <netproto/802_11/ieee80211_var.h>
61#include <netproto/802_11/ieee80211_regdomain.h>
62#include <netproto/802_11/ieee80211_radiotap.h>
63#include <netproto/802_11/ieee80211_ratectl.h>
12bd3c8b 64
10f2cea7
SW
65#include <bus/u4b/usb.h>
66#include <bus/u4b/usbdi.h>
ef4aa9ff 67#include "usbdevs.h"
12bd3c8b 68
cea9a87b 69#define USB_DEBUG_VAR run_debug
10f2cea7 70#include <bus/u4b/usb_debug.h>
cea9a87b 71#include <bus/u4b/usb_msctest.h>
12bd3c8b 72
10f2cea7
SW
73#include <bus/u4b/wlan/if_runreg.h>
74#include <bus/u4b/wlan/if_runvar.h>
12bd3c8b
SW
75
76#ifdef USB_DEBUG
cea9a87b 77#define RUN_DEBUG
12bd3c8b
SW
78#endif
79
80#ifdef RUN_DEBUG
81int run_debug = 0;
82static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
83SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
84 "run debug level");
85#endif
86
cea9a87b 87#define IEEE80211_HAS_ADDR4(wh) \
12bd3c8b
SW
88 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
89
90/*
91 * Because of LOR in run_key_delete(), use atomic instead.
92 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
93 */
cea9a87b 94#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
12bd3c8b
SW
95
96static const STRUCT_USB_HOST_ID run_devs[] = {
cea9a87b
SW
97#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
98#define RUN_DEV_EJECT(v,p) \
99 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
100#define RUN_EJECT 1
12bd3c8b
SW
101 RUN_DEV(ABOCOM, RT2770),
102 RUN_DEV(ABOCOM, RT2870),
103 RUN_DEV(ABOCOM, RT3070),
104 RUN_DEV(ABOCOM, RT3071),
105 RUN_DEV(ABOCOM, RT3072),
106 RUN_DEV(ABOCOM2, RT2870_1),
107 RUN_DEV(ACCTON, RT2770),
108 RUN_DEV(ACCTON, RT2870_1),
109 RUN_DEV(ACCTON, RT2870_2),
110 RUN_DEV(ACCTON, RT2870_3),
111 RUN_DEV(ACCTON, RT2870_4),
112 RUN_DEV(ACCTON, RT2870_5),
113 RUN_DEV(ACCTON, RT3070),
114 RUN_DEV(ACCTON, RT3070_1),
115 RUN_DEV(ACCTON, RT3070_2),
116 RUN_DEV(ACCTON, RT3070_3),
117 RUN_DEV(ACCTON, RT3070_4),
118 RUN_DEV(ACCTON, RT3070_5),
119 RUN_DEV(AIRTIES, RT3070),
120 RUN_DEV(ALLWIN, RT2070),
121 RUN_DEV(ALLWIN, RT2770),
122 RUN_DEV(ALLWIN, RT2870),
123 RUN_DEV(ALLWIN, RT3070),
124 RUN_DEV(ALLWIN, RT3071),
125 RUN_DEV(ALLWIN, RT3072),
126 RUN_DEV(ALLWIN, RT3572),
127 RUN_DEV(AMIGO, RT2870_1),
128 RUN_DEV(AMIGO, RT2870_2),
129 RUN_DEV(AMIT, CGWLUSB2GNR),
130 RUN_DEV(AMIT, RT2870_1),
131 RUN_DEV(AMIT2, RT2870),
132 RUN_DEV(ASUS, RT2870_1),
133 RUN_DEV(ASUS, RT2870_2),
134 RUN_DEV(ASUS, RT2870_3),
135 RUN_DEV(ASUS, RT2870_4),
136 RUN_DEV(ASUS, RT2870_5),
137 RUN_DEV(ASUS, USBN13),
138 RUN_DEV(ASUS, RT3070_1),
cea9a87b 139 RUN_DEV(ASUS, USBN66),
10f2cea7 140 RUN_DEV(ASUS, USB_N53),
12bd3c8b
SW
141 RUN_DEV(ASUS2, USBN11),
142 RUN_DEV(AZUREWAVE, RT2870_1),
143 RUN_DEV(AZUREWAVE, RT2870_2),
144 RUN_DEV(AZUREWAVE, RT3070_1),
145 RUN_DEV(AZUREWAVE, RT3070_2),
146 RUN_DEV(AZUREWAVE, RT3070_3),
cea9a87b 147 RUN_DEV(BELKIN, F9L1103),
12bd3c8b
SW
148 RUN_DEV(BELKIN, F5D8053V3),
149 RUN_DEV(BELKIN, F5D8055),
150 RUN_DEV(BELKIN, F5D8055V2),
151 RUN_DEV(BELKIN, F6D4050V1),
cea9a87b 152 RUN_DEV(BELKIN, F6D4050V2),
12bd3c8b
SW
153 RUN_DEV(BELKIN, RT2870_1),
154 RUN_DEV(BELKIN, RT2870_2),
155 RUN_DEV(CISCOLINKSYS, AE1000),
156 RUN_DEV(CISCOLINKSYS2, RT3070),
157 RUN_DEV(CISCOLINKSYS3, RT3070),
158 RUN_DEV(CONCEPTRONIC2, RT2870_1),
159 RUN_DEV(CONCEPTRONIC2, RT2870_2),
160 RUN_DEV(CONCEPTRONIC2, RT2870_3),
161 RUN_DEV(CONCEPTRONIC2, RT2870_4),
162 RUN_DEV(CONCEPTRONIC2, RT2870_5),
163 RUN_DEV(CONCEPTRONIC2, RT2870_6),
164 RUN_DEV(CONCEPTRONIC2, RT2870_7),
165 RUN_DEV(CONCEPTRONIC2, RT2870_8),
166 RUN_DEV(CONCEPTRONIC2, RT3070_1),
167 RUN_DEV(CONCEPTRONIC2, RT3070_2),
168 RUN_DEV(CONCEPTRONIC2, VIGORN61),
169 RUN_DEV(COREGA, CGWLUSB300GNM),
170 RUN_DEV(COREGA, RT2870_1),
171 RUN_DEV(COREGA, RT2870_2),
172 RUN_DEV(COREGA, RT2870_3),
173 RUN_DEV(COREGA, RT3070),
174 RUN_DEV(CYBERTAN, RT2870),
175 RUN_DEV(DLINK, RT2870),
176 RUN_DEV(DLINK, RT3072),
cea9a87b
SW
177 RUN_DEV(DLINK, DWA127),
178 RUN_DEV(DLINK, DWA140B3),
179 RUN_DEV(DLINK, DWA160B2),
180 RUN_DEV(DLINK, DWA162),
12bd3c8b
SW
181 RUN_DEV(DLINK2, DWA130),
182 RUN_DEV(DLINK2, RT2870_1),
183 RUN_DEV(DLINK2, RT2870_2),
184 RUN_DEV(DLINK2, RT3070_1),
185 RUN_DEV(DLINK2, RT3070_2),
186 RUN_DEV(DLINK2, RT3070_3),
187 RUN_DEV(DLINK2, RT3070_4),
188 RUN_DEV(DLINK2, RT3070_5),
189 RUN_DEV(DLINK2, RT3072),
190 RUN_DEV(DLINK2, RT3072_1),
191 RUN_DEV(EDIMAX, EW7717),
192 RUN_DEV(EDIMAX, EW7718),
cea9a87b 193 RUN_DEV(EDIMAX, EW7733UND),
12bd3c8b
SW
194 RUN_DEV(EDIMAX, RT2870_1),
195 RUN_DEV(ENCORE, RT3070_1),
196 RUN_DEV(ENCORE, RT3070_2),
197 RUN_DEV(ENCORE, RT3070_3),
198 RUN_DEV(GIGABYTE, GNWB31N),
199 RUN_DEV(GIGABYTE, GNWB32L),
200 RUN_DEV(GIGABYTE, RT2870_1),
201 RUN_DEV(GIGASET, RT3070_1),
202 RUN_DEV(GIGASET, RT3070_2),
203 RUN_DEV(GUILLEMOT, HWNU300),
204 RUN_DEV(HAWKING, HWUN2),
205 RUN_DEV(HAWKING, RT2870_1),
206 RUN_DEV(HAWKING, RT2870_2),
207 RUN_DEV(HAWKING, RT3070),
208 RUN_DEV(IODATA, RT3072_1),
209 RUN_DEV(IODATA, RT3072_2),
210 RUN_DEV(IODATA, RT3072_3),
211 RUN_DEV(IODATA, RT3072_4),
212 RUN_DEV(LINKSYS4, RT3070),
213 RUN_DEV(LINKSYS4, WUSB100),
214 RUN_DEV(LINKSYS4, WUSB54GCV3),
215 RUN_DEV(LINKSYS4, WUSB600N),
216 RUN_DEV(LINKSYS4, WUSB600NV2),
217 RUN_DEV(LOGITEC, RT2870_1),
218 RUN_DEV(LOGITEC, RT2870_2),
219 RUN_DEV(LOGITEC, RT2870_3),
220 RUN_DEV(LOGITEC, LANW300NU2),
10f2cea7
SW
221 RUN_DEV(LOGITEC, LANW150NU2),
222 RUN_DEV(LOGITEC, LANW300NU2S),
12bd3c8b
SW
223 RUN_DEV(MELCO, RT2870_1),
224 RUN_DEV(MELCO, RT2870_2),
225 RUN_DEV(MELCO, WLIUCAG300N),
226 RUN_DEV(MELCO, WLIUCG300N),
227 RUN_DEV(MELCO, WLIUCG301N),
228 RUN_DEV(MELCO, WLIUCGN),
229 RUN_DEV(MELCO, WLIUCGNM),
10f2cea7 230 RUN_DEV(MELCO, WLIUCGNM2),
12bd3c8b
SW
231 RUN_DEV(MOTOROLA4, RT2770),
232 RUN_DEV(MOTOROLA4, RT3070),
233 RUN_DEV(MSI, RT3070_1),
234 RUN_DEV(MSI, RT3070_2),
235 RUN_DEV(MSI, RT3070_3),
236 RUN_DEV(MSI, RT3070_4),
237 RUN_DEV(MSI, RT3070_5),
238 RUN_DEV(MSI, RT3070_6),
239 RUN_DEV(MSI, RT3070_7),
240 RUN_DEV(MSI, RT3070_8),
241 RUN_DEV(MSI, RT3070_9),
242 RUN_DEV(MSI, RT3070_10),
243 RUN_DEV(MSI, RT3070_11),
244 RUN_DEV(OVISLINK, RT3072),
245 RUN_DEV(PARA, RT3070),
246 RUN_DEV(PEGATRON, RT2870),
247 RUN_DEV(PEGATRON, RT3070),
248 RUN_DEV(PEGATRON, RT3070_2),
249 RUN_DEV(PEGATRON, RT3070_3),
250 RUN_DEV(PHILIPS, RT2870),
251 RUN_DEV(PLANEX2, GWUS300MINIS),
252 RUN_DEV(PLANEX2, GWUSMICRON),
253 RUN_DEV(PLANEX2, RT2870),
254 RUN_DEV(PLANEX2, RT3070),
255 RUN_DEV(QCOM, RT2870),
256 RUN_DEV(QUANTA, RT3070),
257 RUN_DEV(RALINK, RT2070),
258 RUN_DEV(RALINK, RT2770),
259 RUN_DEV(RALINK, RT2870),
260 RUN_DEV(RALINK, RT3070),
261 RUN_DEV(RALINK, RT3071),
262 RUN_DEV(RALINK, RT3072),
263 RUN_DEV(RALINK, RT3370),
264 RUN_DEV(RALINK, RT3572),
cea9a87b
SW
265 RUN_DEV(RALINK, RT3573),
266 RUN_DEV(RALINK, RT5370),
267 RUN_DEV(RALINK, RT5572),
12bd3c8b
SW
268 RUN_DEV(RALINK, RT8070),
269 RUN_DEV(SAMSUNG, WIS09ABGN),
270 RUN_DEV(SAMSUNG2, RT2870_1),
271 RUN_DEV(SENAO, RT2870_1),
272 RUN_DEV(SENAO, RT2870_2),
273 RUN_DEV(SENAO, RT2870_3),
274 RUN_DEV(SENAO, RT2870_4),
275 RUN_DEV(SENAO, RT3070),
276 RUN_DEV(SENAO, RT3071),
277 RUN_DEV(SENAO, RT3072_1),
278 RUN_DEV(SENAO, RT3072_2),
279 RUN_DEV(SENAO, RT3072_3),
280 RUN_DEV(SENAO, RT3072_4),
281 RUN_DEV(SENAO, RT3072_5),
282 RUN_DEV(SITECOMEU, RT2770),
283 RUN_DEV(SITECOMEU, RT2870_1),
284 RUN_DEV(SITECOMEU, RT2870_2),
285 RUN_DEV(SITECOMEU, RT2870_3),
286 RUN_DEV(SITECOMEU, RT2870_4),
287 RUN_DEV(SITECOMEU, RT3070),
288 RUN_DEV(SITECOMEU, RT3070_2),
289 RUN_DEV(SITECOMEU, RT3070_3),
290 RUN_DEV(SITECOMEU, RT3070_4),
291 RUN_DEV(SITECOMEU, RT3071),
292 RUN_DEV(SITECOMEU, RT3072_1),
293 RUN_DEV(SITECOMEU, RT3072_2),
294 RUN_DEV(SITECOMEU, RT3072_3),
295 RUN_DEV(SITECOMEU, RT3072_4),
296 RUN_DEV(SITECOMEU, RT3072_5),
297 RUN_DEV(SITECOMEU, RT3072_6),
298 RUN_DEV(SITECOMEU, WL608),
299 RUN_DEV(SPARKLAN, RT2870_1),
300 RUN_DEV(SPARKLAN, RT3070),
301 RUN_DEV(SWEEX2, LW153),
302 RUN_DEV(SWEEX2, LW303),
303 RUN_DEV(SWEEX2, LW313),
304 RUN_DEV(TOSHIBA, RT3070),
305 RUN_DEV(UMEDIA, RT2870_1),
306 RUN_DEV(ZCOM, RT2870_1),
307 RUN_DEV(ZCOM, RT2870_2),
308 RUN_DEV(ZINWELL, RT2870_1),
309 RUN_DEV(ZINWELL, RT2870_2),
310 RUN_DEV(ZINWELL, RT3070),
311 RUN_DEV(ZINWELL, RT3072_1),
312 RUN_DEV(ZINWELL, RT3072_2),
313 RUN_DEV(ZYXEL, RT2870_1),
314 RUN_DEV(ZYXEL, RT2870_2),
cea9a87b
SW
315 RUN_DEV_EJECT(ZYXEL, NWD2705),
316 RUN_DEV_EJECT(RALINK, RT_STOR),
317#undef RUN_DEV_EJECT
12bd3c8b
SW
318#undef RUN_DEV
319};
320
321static device_probe_t run_match;
322static device_attach_t run_attach;
323static device_detach_t run_detach;
324
325static usb_callback_t run_bulk_rx_callback;
326static usb_callback_t run_bulk_tx_callback0;
327static usb_callback_t run_bulk_tx_callback1;
328static usb_callback_t run_bulk_tx_callback2;
329static usb_callback_t run_bulk_tx_callback3;
330static usb_callback_t run_bulk_tx_callback4;
331static usb_callback_t run_bulk_tx_callback5;
332
cea9a87b
SW
333static void run_autoinst(void *, struct usb_device *,
334 struct usb_attach_arg *);
335static int run_driver_loaded(struct module *, int, void *);
12bd3c8b 336static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
cea9a87b 337 usb_error_t error, u_int index);
12bd3c8b
SW
338static struct ieee80211vap *run_vap_create(struct ieee80211com *,
339 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
340 const uint8_t [IEEE80211_ADDR_LEN],
341 const uint8_t [IEEE80211_ADDR_LEN]);
342static void run_vap_delete(struct ieee80211vap *);
343static void run_cmdq_cb(void *, int);
344static void run_setup_tx_list(struct run_softc *,
345 struct run_endpoint_queue *);
346static void run_unsetup_tx_list(struct run_softc *,
347 struct run_endpoint_queue *);
348static int run_load_microcode(struct run_softc *);
349static int run_reset(struct run_softc *);
350static usb_error_t run_do_request(struct run_softc *,
351 struct usb_device_request *, void *);
352static int run_read(struct run_softc *, uint16_t, uint32_t *);
353static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
354static int run_write_2(struct run_softc *, uint16_t, uint16_t);
355static int run_write(struct run_softc *, uint16_t, uint32_t);
356static int run_write_region_1(struct run_softc *, uint16_t,
357 const uint8_t *, int);
358static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
cea9a87b 359static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
12bd3c8b
SW
360static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
361static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
cea9a87b 362static int run_rt2870_rf_write(struct run_softc *, uint32_t);
12bd3c8b
SW
363static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
364static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
365static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
366static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
367static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
cea9a87b
SW
368static const char *run_get_rf(uint16_t);
369static void run_rt3593_get_txpower(struct run_softc *);
370static void run_get_txpower(struct run_softc *);
12bd3c8b
SW
371static int run_read_eeprom(struct run_softc *);
372static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
373 const uint8_t mac[IEEE80211_ADDR_LEN]);
374static int run_media_change(struct ifnet *);
375static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
376static int run_wme_update(struct ieee80211com *);
377static void run_wme_update_cb(void *);
378static void run_key_update_begin(struct ieee80211vap *);
379static void run_key_update_end(struct ieee80211vap *);
380static void run_key_set_cb(void *);
381static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
cea9a87b 382 const uint8_t mac[IEEE80211_ADDR_LEN]);
12bd3c8b
SW
383static void run_key_delete_cb(void *);
384static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
385static void run_ratectl_to(void *);
386static void run_ratectl_cb(void *, int);
387static void run_drain_fifo(void *);
388static void run_iter_func(void *, struct ieee80211_node *);
389static void run_newassoc_cb(void *);
390static void run_newassoc(struct ieee80211_node *, int);
391static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
392static void run_tx_free(struct run_endpoint_queue *pq,
393 struct run_tx_data *, int);
394static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
395static int run_tx(struct run_softc *, struct mbuf *,
396 struct ieee80211_node *);
397static int run_tx_mgt(struct run_softc *, struct mbuf *,
398 struct ieee80211_node *);
399static int run_sendprot(struct run_softc *, const struct mbuf *,
400 struct ieee80211_node *, int, int);
401static int run_tx_param(struct run_softc *, struct mbuf *,
402 struct ieee80211_node *,
403 const struct ieee80211_bpf_params *);
404static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
405 const struct ieee80211_bpf_params *);
10f2cea7
SW
406static void run_start_locked(struct ifnet *);
407static void run_start(struct ifnet *, struct ifaltq_subque *);
408static int run_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
cea9a87b 409static void run_iq_calib(struct run_softc *, u_int);
12bd3c8b
SW
410static void run_set_agc(struct run_softc *, uint8_t);
411static void run_select_chan_group(struct run_softc *, int);
412static void run_set_rx_antenna(struct run_softc *, int);
413static void run_rt2870_set_chan(struct run_softc *, u_int);
414static void run_rt3070_set_chan(struct run_softc *, u_int);
415static void run_rt3572_set_chan(struct run_softc *, u_int);
cea9a87b
SW
416static void run_rt3593_set_chan(struct run_softc *, u_int);
417static void run_rt5390_set_chan(struct run_softc *, u_int);
418static void run_rt5592_set_chan(struct run_softc *, u_int);
12bd3c8b
SW
419static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
420static void run_set_channel(struct ieee80211com *);
421static void run_scan_start(struct ieee80211com *);
422static void run_scan_end(struct ieee80211com *);
423static void run_update_beacon(struct ieee80211vap *, int);
424static void run_update_beacon_cb(void *);
425static void run_updateprot(struct ieee80211com *);
426static void run_updateprot_cb(void *);
427static void run_usb_timeout_cb(void *);
428static void run_reset_livelock(struct run_softc *);
429static void run_enable_tsf_sync(struct run_softc *);
430static void run_enable_mrr(struct run_softc *);
431static void run_set_txpreamble(struct run_softc *);
432static void run_set_basicrates(struct run_softc *);
433static void run_set_leds(struct run_softc *, uint16_t);
434static void run_set_bssid(struct run_softc *, const uint8_t *);
435static void run_set_macaddr(struct run_softc *, const uint8_t *);
436static void run_updateslot(struct ifnet *);
437static void run_updateslot_cb(void *);
438static void run_update_mcast(struct ifnet *);
439static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
440static void run_update_promisc_locked(struct ifnet *);
441static void run_update_promisc(struct ifnet *);
cea9a87b 442static void run_rt5390_bbp_init(struct run_softc *);
12bd3c8b
SW
443static int run_bbp_init(struct run_softc *);
444static int run_rt3070_rf_init(struct run_softc *);
cea9a87b
SW
445static void run_rt3593_rf_init(struct run_softc *);
446static void run_rt5390_rf_init(struct run_softc *);
12bd3c8b
SW
447static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
448 uint8_t *);
449static void run_rt3070_rf_setup(struct run_softc *);
cea9a87b
SW
450static void run_rt3593_rf_setup(struct run_softc *);
451static void run_rt5390_rf_setup(struct run_softc *);
12bd3c8b 452static int run_txrx_enable(struct run_softc *);
cea9a87b 453static void run_adjust_freq_offset(struct run_softc *);
12bd3c8b
SW
454static void run_init(void *);
455static void run_init_locked(struct run_softc *);
456static void run_stop(void *);
cea9a87b
SW
457static void run_delay(struct run_softc *, u_int);
458
459static eventhandler_tag run_etag;
460
461static const struct rt2860_rate {
462 uint8_t rate;
463 uint8_t mcs;
464 enum ieee80211_phytype phy;
465 uint8_t ctl_ridx;
466 uint16_t sp_ack_dur;
467 uint16_t lp_ack_dur;
468} rt2860_rates[] = {
469 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
470 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
471 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
472 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
473 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
474 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
475 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
476 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
477 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
478 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
479 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
480 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
481};
12bd3c8b
SW
482
483static const struct {
484 uint16_t reg;
485 uint32_t val;
486} rt2870_def_mac[] = {
487 RT2870_DEF_MAC
488};
489
490static const struct {
491 uint8_t reg;
492 uint8_t val;
493} rt2860_def_bbp[] = {
494 RT2860_DEF_BBP
cea9a87b
SW
495},rt5390_def_bbp[] = {
496 RT5390_DEF_BBP
497},rt5592_def_bbp[] = {
498 RT5592_DEF_BBP
499};
500
501/*
502 * Default values for BBP register R196 for RT5592.
503 */
504static const uint8_t rt5592_bbp_r196[] = {
505 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
506 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
507 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
508 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
509 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
510 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
512 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
513 0x2e, 0x36, 0x30, 0x6e
12bd3c8b
SW
514};
515
516static const struct rfprog {
517 uint8_t chan;
518 uint32_t r1, r2, r3, r4;
519} rt2860_rf2850[] = {
520 RT2860_RF2850
521};
522
523struct {
524 uint8_t n, r, k;
525} rt3070_freqs[] = {
526 RT3070_RF3052
527};
528
cea9a87b
SW
529static const struct rt5592_freqs {
530 uint16_t n;
531 uint8_t k, m, r;
532} rt5592_freqs_20mhz[] = {
533 RT5592_RF5592_20MHZ
534},rt5592_freqs_40mhz[] = {
535 RT5592_RF5592_40MHZ
536};
537
12bd3c8b
SW
538static const struct {
539 uint8_t reg;
540 uint8_t val;
541} rt3070_def_rf[] = {
542 RT3070_DEF_RF
543},rt3572_def_rf[] = {
544 RT3572_DEF_RF
cea9a87b
SW
545},rt3593_def_rf[] = {
546 RT3593_DEF_RF
547},rt5390_def_rf[] = {
548 RT5390_DEF_RF
549},rt5392_def_rf[] = {
550 RT5392_DEF_RF
551},rt5592_def_rf[] = {
552 RT5592_DEF_RF
553},rt5592_2ghz_def_rf[] = {
554 RT5592_2GHZ_DEF_RF
555},rt5592_5ghz_def_rf[] = {
556 RT5592_5GHZ_DEF_RF
557};
558
559static const struct {
560 u_int firstchan;
561 u_int lastchan;
562 uint8_t reg;
563 uint8_t val;
564} rt5592_chan_5ghz[] = {
565 RT5592_CHAN_5GHZ
12bd3c8b
SW
566};
567
568static const struct usb_config run_config[RUN_N_XFER] = {
569 [RUN_BULK_TX_BE] = {
570 .type = UE_BULK,
571 .endpoint = UE_ADDR_ANY,
572 .ep_index = 0,
573 .direction = UE_DIR_OUT,
574 .bufsize = RUN_MAX_TXSZ,
575 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
576 .callback = run_bulk_tx_callback0,
577 .timeout = 5000, /* ms */
578 },
579 [RUN_BULK_TX_BK] = {
580 .type = UE_BULK,
581 .endpoint = UE_ADDR_ANY,
582 .direction = UE_DIR_OUT,
583 .ep_index = 1,
584 .bufsize = RUN_MAX_TXSZ,
585 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
586 .callback = run_bulk_tx_callback1,
587 .timeout = 5000, /* ms */
588 },
589 [RUN_BULK_TX_VI] = {
590 .type = UE_BULK,
591 .endpoint = UE_ADDR_ANY,
592 .direction = UE_DIR_OUT,
593 .ep_index = 2,
594 .bufsize = RUN_MAX_TXSZ,
595 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
596 .callback = run_bulk_tx_callback2,
597 .timeout = 5000, /* ms */
598 },
599 [RUN_BULK_TX_VO] = {
600 .type = UE_BULK,
601 .endpoint = UE_ADDR_ANY,
602 .direction = UE_DIR_OUT,
603 .ep_index = 3,
604 .bufsize = RUN_MAX_TXSZ,
605 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
606 .callback = run_bulk_tx_callback3,
607 .timeout = 5000, /* ms */
608 },
609 [RUN_BULK_TX_HCCA] = {
610 .type = UE_BULK,
611 .endpoint = UE_ADDR_ANY,
612 .direction = UE_DIR_OUT,
613 .ep_index = 4,
614 .bufsize = RUN_MAX_TXSZ,
615 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
616 .callback = run_bulk_tx_callback4,
617 .timeout = 5000, /* ms */
618 },
619 [RUN_BULK_TX_PRIO] = {
620 .type = UE_BULK,
621 .endpoint = UE_ADDR_ANY,
622 .direction = UE_DIR_OUT,
623 .ep_index = 5,
624 .bufsize = RUN_MAX_TXSZ,
625 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
626 .callback = run_bulk_tx_callback5,
627 .timeout = 5000, /* ms */
628 },
629 [RUN_BULK_RX] = {
630 .type = UE_BULK,
631 .endpoint = UE_ADDR_ANY,
632 .direction = UE_DIR_IN,
633 .bufsize = RUN_MAX_RXSZ,
634 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
635 .callback = run_bulk_rx_callback,
636 }
637};
638
cea9a87b
SW
639static void
640run_autoinst(void *arg, struct usb_device *udev,
641 struct usb_attach_arg *uaa)
642{
643 struct usb_interface *iface;
644 struct usb_interface_descriptor *id;
645
646 if (uaa->dev_state != UAA_DEV_READY)
647 return;
648
649 iface = usbd_get_iface(udev, 0);
650 if (iface == NULL)
651 return;
652 id = iface->idesc;
653 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
654 return;
655 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
656 return;
657
658 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
659 uaa->dev_state = UAA_DEV_EJECTING;
660}
661
662static int
663run_driver_loaded(struct module *mod, int what, void *arg)
664{
665 switch (what) {
666 case MOD_LOAD:
667 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
668 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
669 break;
670 case MOD_UNLOAD:
671 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
672 break;
673 default:
674 return (EOPNOTSUPP);
675 }
676 return (0);
677}
678
12bd3c8b
SW
679static int
680run_match(device_t self)
681{
682 struct usb_attach_arg *uaa = device_get_ivars(self);
683
684 if (uaa->usb_mode != USB_MODE_HOST)
685 return (ENXIO);
686 if (uaa->info.bConfigIndex != 0)
687 return (ENXIO);
688 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
689 return (ENXIO);
690
691 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
692}
693
694static int
695run_attach(device_t self)
696{
697 struct run_softc *sc = device_get_softc(self);
698 struct usb_attach_arg *uaa = device_get_ivars(self);
699 struct ieee80211com *ic;
700 struct ifnet *ifp;
701 uint32_t ver;
cea9a87b 702 int ntries, error;
12bd3c8b 703 uint8_t iface_index, bands;
10f2cea7
SW
704 char ethstr[ETHER_ADDRSTRLEN + 1];
705
706 wlan_serialize_enter();
12bd3c8b
SW
707
708 device_set_usb_desc(self);
709 sc->sc_udev = uaa->device;
710 sc->sc_dev = self;
cea9a87b
SW
711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
12bd3c8b 713
10f2cea7
SW
714 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev),
715 0, LK_CANRECURSE);
12bd3c8b
SW
716
717 iface_index = RT2860_IFACE_INDEX;
718
719 error = usbd_transfer_setup(uaa->device, &iface_index,
10f2cea7 720 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock);
12bd3c8b
SW
721 if (error) {
722 device_printf(self, "could not allocate USB transfers, "
723 "err=%s\n", usbd_errstr(error));
724 goto detach;
725 }
726
727 RUN_LOCK(sc);
728
729 /* wait for the chip to settle */
730 for (ntries = 0; ntries < 100; ntries++) {
731 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
732 RUN_UNLOCK(sc);
733 goto detach;
734 }
735 if (ver != 0 && ver != 0xffffffff)
736 break;
737 run_delay(sc, 10);
738 }
739 if (ntries == 100) {
740 device_printf(sc->sc_dev,
741 "timeout waiting for NIC to initialize\n");
742 RUN_UNLOCK(sc);
743 goto detach;
744 }
745 sc->mac_ver = ver >> 16;
746 sc->mac_rev = ver & 0xffff;
747
748 /* retrieve RF rev. no and various other things from EEPROM */
749 run_read_eeprom(sc);
750
751 device_printf(sc->sc_dev,
752 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
753 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
10f2cea7 754 sc->ntxchains, sc->nrxchains, kether_ntoa(sc->sc_bssid, ethstr));
12bd3c8b
SW
755
756 RUN_UNLOCK(sc);
757
758 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
759 if (ifp == NULL) {
760 device_printf(sc->sc_dev, "can not if_alloc()\n");
761 goto detach;
762 }
763 ic = ifp->if_l2com;
764
765 ifp->if_softc = sc;
766 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
767 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
768 ifp->if_init = run_init;
769 ifp->if_ioctl = run_ioctl;
770 ifp->if_start = run_start;
10f2cea7
SW
771 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen);
772#if 0 /* XXX swildner: see c3d4131842e47b168d93a0650d58d425ebeef789 */
773 ifq_set_ready(&ifp->if_snd);
774#endif
12bd3c8b
SW
775
776 ic->ic_ifp = ifp;
777 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
778 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
779
780 /* set device capabilities */
781 ic->ic_caps =
782 IEEE80211_C_STA | /* station mode supported */
783 IEEE80211_C_MONITOR | /* monitor mode supported */
784 IEEE80211_C_IBSS |
785 IEEE80211_C_HOSTAP |
786 IEEE80211_C_WDS | /* 4-address traffic works */
787 IEEE80211_C_MBSS |
788 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
789 IEEE80211_C_SHSLOT | /* short slot time supported */
790 IEEE80211_C_WME | /* WME */
791 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
792
793 ic->ic_cryptocaps =
794 IEEE80211_CRYPTO_WEP |
795 IEEE80211_CRYPTO_AES_CCM |
796 IEEE80211_CRYPTO_TKIPMIC |
797 IEEE80211_CRYPTO_TKIP;
798
799 ic->ic_flags |= IEEE80211_F_DATAPAD;
800 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
801
802 bands = 0;
803 setbit(&bands, IEEE80211_MODE_11B);
804 setbit(&bands, IEEE80211_MODE_11G);
cea9a87b
SW
805 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
806 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
807 sc->rf_rev == RT5592_RF_5592)
808 setbit(&bands, IEEE80211_MODE_11A);
12bd3c8b
SW
809 ieee80211_init_channels(ic, NULL, &bands);
810
12bd3c8b
SW
811 ieee80211_ifattach(ic, sc->sc_bssid);
812
813 ic->ic_scan_start = run_scan_start;
814 ic->ic_scan_end = run_scan_end;
815 ic->ic_set_channel = run_set_channel;
816 ic->ic_node_alloc = run_node_alloc;
817 ic->ic_newassoc = run_newassoc;
818 ic->ic_updateslot = run_updateslot;
819 ic->ic_update_mcast = run_update_mcast;
820 ic->ic_wme.wme_update = run_wme_update;
821 ic->ic_raw_xmit = run_raw_xmit;
822 ic->ic_update_promisc = run_update_promisc;
823
824 ic->ic_vap_create = run_vap_create;
825 ic->ic_vap_delete = run_vap_delete;
826
827 ieee80211_radiotap_attach(ic,
828 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
829 RUN_TX_RADIOTAP_PRESENT,
830 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
831 RUN_RX_RADIOTAP_PRESENT);
832
833 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
834 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
10f2cea7 835 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 1);
12bd3c8b
SW
836
837 if (bootverbose)
838 ieee80211_announce(ic);
839
10f2cea7 840 wlan_serialize_exit();
12bd3c8b
SW
841 return (0);
842
843detach:
10f2cea7 844 wlan_serialize_exit();
12bd3c8b
SW
845 run_detach(self);
846 return (ENXIO);
847}
848
849static int
850run_detach(device_t self)
851{
852 struct run_softc *sc = device_get_softc(self);
853 struct ifnet *ifp = sc->sc_ifp;
854 struct ieee80211com *ic;
855 int i;
856
10f2cea7
SW
857 wlan_serialize_enter();
858 sc->sc_detached = 1;
859
12bd3c8b
SW
860 /* stop all USB transfers */
861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
862
863 RUN_LOCK(sc);
864
865 sc->ratectl_run = RUN_RATECTL_OFF;
866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
867
868 /* free TX list, if any */
869 for (i = 0; i != RUN_EP_QUEUES; i++)
870 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
871 RUN_UNLOCK(sc);
872
873 if (ifp) {
874 ic = ifp->if_l2com;
875 /* drain tasks */
876 usb_callout_drain(&sc->ratectl_ch);
877 ieee80211_draintask(ic, &sc->cmdq_task);
878 ieee80211_draintask(ic, &sc->ratectl_task);
879 ieee80211_ifdetach(ic);
880 if_free(ifp);
881 }
882
10f2cea7 883 lockuninit(&sc->sc_lock);
12bd3c8b 884
10f2cea7 885 wlan_serialize_exit();
12bd3c8b
SW
886 return (0);
887}
888
889static struct ieee80211vap *
890run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
891 enum ieee80211_opmode opmode, int flags,
892 const uint8_t bssid[IEEE80211_ADDR_LEN],
893 const uint8_t mac[IEEE80211_ADDR_LEN])
894{
895 struct ifnet *ifp = ic->ic_ifp;
896 struct run_softc *sc = ifp->if_softc;
897 struct run_vap *rvp;
898 struct ieee80211vap *vap;
899 int i;
900
901 if (sc->rvp_cnt >= RUN_VAP_MAX) {
902 if_printf(ifp, "number of VAPs maxed out\n");
903 return (NULL);
904 }
905
906 switch (opmode) {
907 case IEEE80211_M_STA:
908 /* enable s/w bmiss handling for sta mode */
909 flags |= IEEE80211_CLONE_NOBEACONS;
910 /* fall though */
911 case IEEE80211_M_IBSS:
912 case IEEE80211_M_MONITOR:
913 case IEEE80211_M_HOSTAP:
914 case IEEE80211_M_MBSS:
915 /* other than WDS vaps, only one at a time */
916 if (!TAILQ_EMPTY(&ic->ic_vaps))
917 return (NULL);
918 break;
919 case IEEE80211_M_WDS:
920 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
921 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
922 continue;
923 /* WDS vap's always share the local mac address. */
924 flags &= ~IEEE80211_CLONE_BSSID;
925 break;
926 }
927 if (vap == NULL) {
928 if_printf(ifp, "wds only supported in ap mode\n");
929 return (NULL);
930 }
931 break;
932 default:
933 if_printf(ifp, "unknown opmode %d\n", opmode);
934 return (NULL);
935 }
936
10f2cea7
SW
937 rvp = (struct run_vap *) kmalloc(sizeof(struct run_vap),
938 M_80211_VAP, M_INTWAIT | M_ZERO);
12bd3c8b 939 vap = &rvp->vap;
cea9a87b
SW
940
941 if (ieee80211_vap_setup(ic, vap, name, unit,
942 opmode, flags, bssid, mac) != 0) {
943 /* out of memory */
944 kfree(rvp, M_80211_VAP);
945 return (NULL);
946 }
12bd3c8b
SW
947
948 vap->iv_key_update_begin = run_key_update_begin;
949 vap->iv_key_update_end = run_key_update_end;
950 vap->iv_update_beacon = run_update_beacon;
951 vap->iv_max_aid = RT2870_WCID_MAX;
952 /*
953 * To delete the right key from h/w, we need wcid.
954 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
955 * and matching wcid will be written into there. So, cast
956 * some spells to remove 'const' from ieee80211_key{}
957 */
958 vap->iv_key_delete = (void *)run_key_delete;
959 vap->iv_key_set = (void *)run_key_set;
960
961 /* override state transition machine */
962 rvp->newstate = vap->iv_newstate;
963 vap->iv_newstate = run_newstate;
964
965 ieee80211_ratectl_init(vap);
966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
967
968 /* complete setup */
969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
970
971 /* make sure id is always unique */
972 for (i = 0; i < RUN_VAP_MAX; i++) {
973 if((sc->rvp_bmap & 1 << i) == 0){
974 sc->rvp_bmap |= 1 << i;
975 rvp->rvp_id = i;
976 break;
977 }
978 }
979 if (sc->rvp_cnt++ == 0)
980 ic->ic_opmode = opmode;
981
982 if (opmode == IEEE80211_M_HOSTAP)
983 sc->cmdq_run = RUN_CMDQ_GO;
984
985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
987
988 return (vap);
989}
990
991static void
992run_vap_delete(struct ieee80211vap *vap)
993{
994 struct run_vap *rvp = RUN_VAP(vap);
995 struct ifnet *ifp;
996 struct ieee80211com *ic;
997 struct run_softc *sc;
998 uint8_t rvp_id;
999
1000 if (vap == NULL)
1001 return;
1002
1003 ic = vap->iv_ic;
1004 ifp = ic->ic_ifp;
1005
1006 sc = ifp->if_softc;
1007
1008 RUN_LOCK(sc);
1009
1010 m_freem(rvp->beacon_mbuf);
1011 rvp->beacon_mbuf = NULL;
1012
1013 rvp_id = rvp->rvp_id;
1014 sc->ratectl_run &= ~(1 << rvp_id);
1015 sc->rvp_bmap &= ~(1 << rvp_id);
1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1018 --sc->rvp_cnt;
1019
1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1022
1023 RUN_UNLOCK(sc);
1024
1025 ieee80211_ratectl_deinit(vap);
1026 ieee80211_vap_detach(vap);
10f2cea7 1027 kfree(rvp, M_80211_VAP);
12bd3c8b
SW
1028}
1029
1030/*
1031 * There are numbers of functions need to be called in context thread.
1032 * Rather than creating taskqueue event for each of those functions,
1033 * here is all-for-one taskqueue callback function. This function
1034 * gurantees deferred functions are executed in the same order they
1035 * were enqueued.
1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1037 */
1038static void
1039run_cmdq_cb(void *arg, int pending)
1040{
1041 struct run_softc *sc = arg;
1042 uint8_t i;
1043
1044 /* call cmdq[].func locked */
1045 RUN_LOCK(sc);
1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1047 i = sc->cmdq_exec, pending--) {
1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1049 if (sc->cmdq_run == RUN_CMDQ_GO) {
1050 /*
1051 * If arg0 is NULL, callback func needs more
1052 * than one arg. So, pass ptr to cmdq struct.
1053 */
1054 if (sc->cmdq[i].arg0)
1055 sc->cmdq[i].func(sc->cmdq[i].arg0);
1056 else
1057 sc->cmdq[i].func(&sc->cmdq[i]);
1058 }
1059 sc->cmdq[i].arg0 = NULL;
1060 sc->cmdq[i].func = NULL;
1061 sc->cmdq_exec++;
1062 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1063 }
1064 RUN_UNLOCK(sc);
1065}
1066
1067static void
1068run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1069{
1070 struct run_tx_data *data;
1071
1072 memset(pq, 0, sizeof(*pq));
1073
1074 STAILQ_INIT(&pq->tx_qh);
1075 STAILQ_INIT(&pq->tx_fh);
1076
1077 for (data = &pq->tx_data[0];
1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1079 data->sc = sc;
1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1081 }
1082 pq->tx_nfree = RUN_TX_RING_COUNT;
1083}
1084
1085static void
1086run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1087{
1088 struct run_tx_data *data;
1089
1090 /* make sure any subsequent use of the queues will fail */
1091 pq->tx_nfree = 0;
1092 STAILQ_INIT(&pq->tx_fh);
1093 STAILQ_INIT(&pq->tx_qh);
1094
1095 /* free up all node references and mbufs */
1096 for (data = &pq->tx_data[0];
1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1098 if (data->m != NULL) {
1099 m_freem(data->m);
1100 data->m = NULL;
1101 }
1102 if (data->ni != NULL) {
1103 ieee80211_free_node(data->ni);
1104 data->ni = NULL;
1105 }
1106 }
1107}
1108
1109static int
1110run_load_microcode(struct run_softc *sc)
1111{
1112 usb_device_request_t req;
1113 const struct firmware *fw;
1114 const u_char *base;
1115 uint32_t tmp;
1116 int ntries, error;
1117 const uint64_t *temp;
1118 uint64_t bytes;
1119
8e073936
SW
1120 wlan_assert_serialized();
1121
1122 wlan_serialize_exit();
12bd3c8b 1123 fw = firmware_get("runfw");
8e073936 1124 wlan_serialize_enter();
12bd3c8b
SW
1125 if (fw == NULL) {
1126 device_printf(sc->sc_dev,
1127 "failed loadfirmware of file %s\n", "runfw");
1128 return ENOENT;
1129 }
1130
1131 if (fw->datasize != 8192) {
1132 device_printf(sc->sc_dev,
1133 "invalid firmware size (should be 8KB)\n");
1134 error = EINVAL;
1135 goto fail;
1136 }
1137
1138 /*
1139 * RT3071/RT3072 use a different firmware
1140 * run-rt2870 (8KB) contains both,
1141 * first half (4KB) is for rt2870,
1142 * last half is for rt3071.
1143 */
1144 base = fw->data;
1145 if ((sc->mac_ver) != 0x2860 &&
1146 (sc->mac_ver) != 0x2872 &&
1147 (sc->mac_ver) != 0x3070) {
1148 base += 4096;
1149 }
1150
1151 /* cheap sanity check */
1152 temp = fw->data;
1153 bytes = *temp;
cea9a87b 1154 if (bytes != be64toh(0xffffff0210280210ULL)) {
12bd3c8b
SW
1155 device_printf(sc->sc_dev, "firmware checksum failed\n");
1156 error = EINVAL;
1157 goto fail;
1158 }
1159
12bd3c8b 1160 /* write microcode image */
cea9a87b
SW
1161 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1162 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1163 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1164 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1165 }
12bd3c8b
SW
1166
1167 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1168 req.bRequest = RT2870_RESET;
1169 USETW(req.wValue, 8);
1170 USETW(req.wIndex, 0);
1171 USETW(req.wLength, 0);
10f2cea7 1172 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL))
12bd3c8b
SW
1173 != 0) {
1174 device_printf(sc->sc_dev, "firmware reset failed\n");
1175 goto fail;
1176 }
1177
1178 run_delay(sc, 10);
1179
cea9a87b 1180 run_write(sc, RT2860_H2M_BBPAGENT, 0);
12bd3c8b 1181 run_write(sc, RT2860_H2M_MAILBOX, 0);
cea9a87b 1182 run_write(sc, RT2860_H2M_INTSRC, 0);
12bd3c8b
SW
1183 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1184 goto fail;
1185
1186 /* wait until microcontroller is ready */
1187 for (ntries = 0; ntries < 1000; ntries++) {
cea9a87b 1188 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
12bd3c8b 1189 goto fail;
12bd3c8b
SW
1190 if (tmp & RT2860_MCU_READY)
1191 break;
1192 run_delay(sc, 10);
1193 }
1194 if (ntries == 1000) {
1195 device_printf(sc->sc_dev,
1196 "timeout waiting for MCU to initialize\n");
1197 error = ETIMEDOUT;
1198 goto fail;
1199 }
10f2cea7
SW
1200 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1201 (base == fw->data) ? "RT2870" : "RT3071",
1202 *(base + 4092), *(base + 4093));
12bd3c8b
SW
1203
1204fail:
1205 firmware_put(fw, FIRMWARE_UNLOAD);
1206 return (error);
1207}
1208
cea9a87b 1209static int
12bd3c8b
SW
1210run_reset(struct run_softc *sc)
1211{
1212 usb_device_request_t req;
10f2cea7 1213 usb_error_t error;
12bd3c8b
SW
1214
1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1216 req.bRequest = RT2870_RESET;
1217 USETW(req.wValue, 1);
1218 USETW(req.wIndex, 0);
1219 USETW(req.wLength, 0);
10f2cea7
SW
1220 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL);
1221 return (error);
12bd3c8b
SW
1222}
1223
1224static usb_error_t
1225run_do_request(struct run_softc *sc,
1226 struct usb_device_request *req, void *data)
1227{
1228 usb_error_t err;
1229 int ntries = 10;
1230
1231 RUN_LOCK_ASSERT(sc, MA_OWNED);
1232
1233 while (ntries--) {
10f2cea7 1234 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock,
12bd3c8b
SW
1235 req, data, 0, NULL, 250 /* ms */);
1236 if (err == 0)
1237 break;
1238 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1239 usbd_errstr(err));
1240 run_delay(sc, 10);
1241 }
1242 return (err);
1243}
1244
1245static int
1246run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1247{
1248 uint32_t tmp;
1249 int error;
1250
1251 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1252 if (error == 0)
1253 *val = le32toh(tmp);
1254 else
1255 *val = 0xffffffff;
1256 return (error);
1257}
1258
1259static int
1260run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1261{
1262 usb_device_request_t req;
1263
1264 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1265 req.bRequest = RT2870_READ_REGION_1;
1266 USETW(req.wValue, 0);
1267 USETW(req.wIndex, reg);
1268 USETW(req.wLength, len);
1269
1270 return (run_do_request(sc, &req, buf));
1271}
1272
1273static int
1274run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1275{
1276 usb_device_request_t req;
1277
1278 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1279 req.bRequest = RT2870_WRITE_2;
1280 USETW(req.wValue, val);
1281 USETW(req.wIndex, reg);
1282 USETW(req.wLength, 0);
1283
1284 return (run_do_request(sc, &req, NULL));
1285}
1286
1287static int
1288run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1289{
1290 int error;
1291
1292 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1293 error = run_write_2(sc, reg + 2, val >> 16);
1294 return (error);
1295}
1296
1297static int
1298run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1299 int len)
1300{
1301#if 1
1302 int i, error = 0;
1303 /*
1304 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1305 * We thus issue multiple WRITE_2 commands instead.
1306 */
1307 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1308 for (i = 0; i < len && error == 0; i += 2)
1309 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1310 return (error);
1311#else
1312 usb_device_request_t req;
cea9a87b 1313 int error = 0;
12bd3c8b 1314
cea9a87b
SW
1315 /*
1316 * NOTE: It appears the WRITE_REGION_1 command cannot be
1317 * passed a huge amount of data, which will crash the
1318 * firmware. Limit amount of data passed to 64-bytes at a
1319 * time.
1320 */
1321 while (len > 0) {
1322 int delta = 64;
1323 if (delta > len)
1324 delta = len;
1325
1326 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1327 req.bRequest = RT2870_WRITE_REGION_1;
1328 USETW(req.wValue, 0);
1329 USETW(req.wIndex, reg);
1330 USETW(req.wLength, delta);
1331 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1332 if (error != 0)
1333 break;
1334 reg += delta;
1335 buf += delta;
1336 len -= delta;
1337 }
1338 return (error);
12bd3c8b
SW
1339#endif
1340}
1341
1342static int
1343run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1344{
1345 int i, error = 0;
1346
1347 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1348 for (i = 0; i < len && error == 0; i += 4)
1349 error = run_write(sc, reg + i, val);
1350 return (error);
1351}
1352
12bd3c8b 1353static int
cea9a87b 1354run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
12bd3c8b
SW
1355{
1356 uint32_t tmp;
1357 uint16_t reg;
1358 int error, ntries;
1359
1360 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1361 return (error);
1362
cea9a87b
SW
1363 if (count == 2)
1364 addr *= 2;
12bd3c8b
SW
1365 /*-
1366 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1367 * DATA0: F E D C
1368 * DATA1: B A 9 8
1369 * DATA2: 7 6 5 4
1370 * DATA3: 3 2 1 0
1371 */
1372 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1373 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1374 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1375 for (ntries = 0; ntries < 100; ntries++) {
1376 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1377 return (error);
1378 if (!(tmp & RT3070_EFSROM_KICK))
1379 break;
1380 run_delay(sc, 2);
1381 }
1382 if (ntries == 100)
1383 return (ETIMEDOUT);
1384
1385 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1386 *val = 0xffff; /* address not found */
1387 return (0);
1388 }
1389 /* determine to which 32-bit register our 16-bit word belongs */
1390 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1391 if ((error = run_read(sc, reg, &tmp)) != 0)
1392 return (error);
1393
cea9a87b
SW
1394 tmp >>= (8 * (addr & 0x3));
1395 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1396
12bd3c8b
SW
1397 return (0);
1398}
1399
cea9a87b
SW
1400/* Read 16-bit from eFUSE ROM for RT3xxx. */
1401static int
1402run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1403{
1404 return (run_efuse_read(sc, addr, val, 2));
1405}
1406
12bd3c8b
SW
1407static int
1408run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1409{
1410 usb_device_request_t req;
1411 uint16_t tmp;
1412 int error;
1413
1414 addr *= 2;
1415 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1416 req.bRequest = RT2870_EEPROM_READ;
1417 USETW(req.wValue, 0);
1418 USETW(req.wIndex, addr);
cea9a87b 1419 USETW(req.wLength, sizeof(tmp));
12bd3c8b 1420
10f2cea7 1421 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp);
12bd3c8b
SW
1422 if (error == 0)
1423 *val = le16toh(tmp);
1424 else
1425 *val = 0xffff;
1426 return (error);
1427}
1428
1429static __inline int
1430run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1431{
1432 /* either eFUSE ROM or EEPROM */
1433 return sc->sc_srom_read(sc, addr, val);
1434}
1435
1436static int
cea9a87b 1437run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
12bd3c8b
SW
1438{
1439 uint32_t tmp;
1440 int error, ntries;
1441
1442 for (ntries = 0; ntries < 10; ntries++) {
1443 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1444 return (error);
1445 if (!(tmp & RT2860_RF_REG_CTRL))
1446 break;
1447 }
1448 if (ntries == 10)
1449 return (ETIMEDOUT);
1450
cea9a87b 1451 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
12bd3c8b
SW
1452}
1453
1454static int
1455run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1456{
1457 uint32_t tmp;
1458 int error, ntries;
1459
1460 for (ntries = 0; ntries < 100; ntries++) {
1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1462 return (error);
1463 if (!(tmp & RT3070_RF_KICK))
1464 break;
1465 }
1466 if (ntries == 100)
1467 return (ETIMEDOUT);
1468
1469 tmp = RT3070_RF_KICK | reg << 8;
1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1471 return (error);
1472
1473 for (ntries = 0; ntries < 100; ntries++) {
1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1475 return (error);
1476 if (!(tmp & RT3070_RF_KICK))
1477 break;
1478 }
1479 if (ntries == 100)
1480 return (ETIMEDOUT);
1481
1482 *val = tmp & 0xff;
1483 return (0);
1484}
1485
1486static int
1487run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1488{
1489 uint32_t tmp;
1490 int error, ntries;
1491
1492 for (ntries = 0; ntries < 10; ntries++) {
1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1494 return (error);
1495 if (!(tmp & RT3070_RF_KICK))
1496 break;
1497 }
1498 if (ntries == 10)
1499 return (ETIMEDOUT);
1500
1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1503}
1504
1505static int
1506run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1507{
1508 uint32_t tmp;
1509 int ntries, error;
1510
1511 for (ntries = 0; ntries < 10; ntries++) {
1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1513 return (error);
1514 if (!(tmp & RT2860_BBP_CSR_KICK))
1515 break;
1516 }
1517 if (ntries == 10)
1518 return (ETIMEDOUT);
1519
1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1522 return (error);
1523
1524 for (ntries = 0; ntries < 10; ntries++) {
1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1526 return (error);
1527 if (!(tmp & RT2860_BBP_CSR_KICK))
1528 break;
1529 }
1530 if (ntries == 10)
1531 return (ETIMEDOUT);
1532
1533 *val = tmp & 0xff;
1534 return (0);
1535}
1536
1537static int
1538run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1539{
1540 uint32_t tmp;
1541 int ntries, error;
1542
1543 for (ntries = 0; ntries < 10; ntries++) {
1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1545 return (error);
1546 if (!(tmp & RT2860_BBP_CSR_KICK))
1547 break;
1548 }
1549 if (ntries == 10)
1550 return (ETIMEDOUT);
1551
1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1554}
1555
1556/*
1557 * Send a command to the 8051 microcontroller unit.
1558 */
1559static int
1560run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1561{
1562 uint32_t tmp;
1563 int error, ntries;
1564
1565 for (ntries = 0; ntries < 100; ntries++) {
1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1567 return error;
1568 if (!(tmp & RT2860_H2M_BUSY))
1569 break;
1570 }
1571 if (ntries == 100)
1572 return ETIMEDOUT;
1573
1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1576 error = run_write(sc, RT2860_HOST_CMD, cmd);
1577 return (error);
1578}
1579
1580/*
1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1582 * Used to adjust per-rate Tx power registers.
1583 */
1584static __inline uint32_t
1585b4inc(uint32_t b32, int8_t delta)
1586{
1587 int8_t i, b4;
1588
1589 for (i = 0; i < 8; i++) {
1590 b4 = b32 & 0xf;
1591 b4 += delta;
1592 if (b4 < 0)
1593 b4 = 0;
1594 else if (b4 > 0xf)
1595 b4 = 0xf;
1596 b32 = b32 >> 4 | b4 << 28;
1597 }
1598 return (b32);
1599}
1600
1601static const char *
cea9a87b 1602run_get_rf(uint16_t rev)
12bd3c8b
SW
1603{
1604 switch (rev) {
1605 case RT2860_RF_2820: return "RT2820";
1606 case RT2860_RF_2850: return "RT2850";
1607 case RT2860_RF_2720: return "RT2720";
1608 case RT2860_RF_2750: return "RT2750";
1609 case RT3070_RF_3020: return "RT3020";
1610 case RT3070_RF_2020: return "RT2020";
1611 case RT3070_RF_3021: return "RT3021";
1612 case RT3070_RF_3022: return "RT3022";
1613 case RT3070_RF_3052: return "RT3052";
cea9a87b
SW
1614 case RT3593_RF_3053: return "RT3053";
1615 case RT5592_RF_5592: return "RT5592";
1616 case RT5390_RF_5370: return "RT5370";
1617 case RT5390_RF_5372: return "RT5372";
12bd3c8b
SW
1618 }
1619 return ("unknown");
1620}
1621
cea9a87b
SW
1622static void
1623run_rt3593_get_txpower(struct run_softc *sc)
1624{
1625 uint16_t addr, val;
1626 int i;
1627
1628 /* Read power settings for 2GHz channels. */
1629 for (i = 0; i < 14; i += 2) {
1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1631 RT2860_EEPROM_PWR2GHZ_BASE1;
1632 run_srom_read(sc, addr + i / 2, &val);
1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1634 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1635
1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1637 RT2860_EEPROM_PWR2GHZ_BASE2;
1638 run_srom_read(sc, addr + i / 2, &val);
1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1640 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1641
1642 if (sc->ntxchains == 3) {
1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1644 &val);
1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1646 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1647 }
1648 }
1649 /* Fix broken Tx power entries. */
1650 for (i = 0; i < 14; i++) {
1651 if (sc->txpow1[i] > 31)
1652 sc->txpow1[i] = 5;
1653 if (sc->txpow2[i] > 31)
1654 sc->txpow2[i] = 5;
1655 if (sc->ntxchains == 3) {
1656 if (sc->txpow3[i] > 31)
1657 sc->txpow3[i] = 5;
1658 }
1659 }
1660 /* Read power settings for 5GHz channels. */
1661 for (i = 0; i < 40; i += 2) {
1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1664 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1665
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1668 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1669
1670 if (sc->ntxchains == 3) {
1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1672 &val);
1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1674 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1675 }
1676 }
1677}
1678
1679static void
1680run_get_txpower(struct run_softc *sc)
1681{
1682 uint16_t val;
1683 int i;
1684
1685 /* Read power settings for 2GHz channels. */
1686 for (i = 0; i < 14; i += 2) {
1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1689 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1690
1691 if (sc->mac_ver != 0x5390) {
1692 run_srom_read(sc,
1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1695 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1696 }
1697 }
1698 /* Fix broken Tx power entries. */
1699 for (i = 0; i < 14; i++) {
1700 if (sc->mac_ver >= 0x5390) {
1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1702 sc->txpow1[i] = 5;
1703 } else {
1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1705 sc->txpow1[i] = 5;
1706 }
1707 if (sc->mac_ver > 0x5390) {
1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1709 sc->txpow2[i] = 5;
1710 } else if (sc->mac_ver < 0x5390) {
1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1712 sc->txpow2[i] = 5;
1713 }
1714 DPRINTF("chan %d: power1=%d, power2=%d\n",
1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1716 }
1717 /* Read power settings for 5GHz channels. */
1718 for (i = 0; i < 40; i += 2) {
1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1721 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1722
1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1725 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1726 }
1727 /* Fix broken Tx power entries. */
1728 for (i = 0; i < 40; i++ ) {
1729 if (sc->mac_ver != 0x5592) {
1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1731 sc->txpow1[14 + i] = 5;
1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1733 sc->txpow2[14 + i] = 5;
1734 }
1735 DPRINTF("chan %d: power1=%d, power2=%d\n",
1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1737 sc->txpow2[14 + i]);
1738 }
1739}
1740
1741static int
12bd3c8b
SW
1742run_read_eeprom(struct run_softc *sc)
1743{
1744 int8_t delta_2ghz, delta_5ghz;
1745 uint32_t tmp;
1746 uint16_t val;
1747 int ridx, ant, i;
1748
1749 /* check whether the ROM is eFUSE ROM or EEPROM */
1750 sc->sc_srom_read = run_eeprom_read_2;
1751 if (sc->mac_ver >= 0x3070) {
1752 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1753 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
cea9a87b 1754 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
12bd3c8b
SW
1755 sc->sc_srom_read = run_efuse_read_2;
1756 }
1757
1758 /* read ROM version */
1759 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1760 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1761
1762 /* read MAC address */
1763 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1764 sc->sc_bssid[0] = val & 0xff;
1765 sc->sc_bssid[1] = val >> 8;
1766 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1767 sc->sc_bssid[2] = val & 0xff;
1768 sc->sc_bssid[3] = val >> 8;
1769 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1770 sc->sc_bssid[4] = val & 0xff;
1771 sc->sc_bssid[5] = val >> 8;
1772
cea9a87b
SW
1773 if (sc->mac_ver < 0x3593) {
1774 /* read vender BBP settings */
12bd3c8b 1775 for (i = 0; i < 10; i++) {
cea9a87b
SW
1776 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1777 sc->bbp[i].val = val & 0xff;
1778 sc->bbp[i].reg = val >> 8;
1779 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1780 sc->bbp[i].val);
1781 }
1782 if (sc->mac_ver >= 0x3071) {
1783 /* read vendor RF settings */
1784 for (i = 0; i < 10; i++) {
1785 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1786 &val);
1787 sc->rf[i].val = val & 0xff;
1788 sc->rf[i].reg = val >> 8;
1789 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1790 sc->rf[i].val);
1791 }
12bd3c8b
SW
1792 }
1793 }
1794
1795 /* read RF frequency offset from EEPROM */
cea9a87b
SW
1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1797 RT3593_EEPROM_FREQ, &val);
12bd3c8b
SW
1798 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1799 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1800
cea9a87b
SW
1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1802 RT3593_EEPROM_FREQ_LEDS, &val);
12bd3c8b
SW
1803 if (val >> 8 != 0xff) {
1804 /* read LEDs operating mode */
1805 sc->leds = val >> 8;
cea9a87b
SW
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1807 RT3593_EEPROM_LED1, &sc->led[0]);
1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1809 RT3593_EEPROM_LED2, &sc->led[1]);
1810 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1811 RT3593_EEPROM_LED3, &sc->led[2]);
12bd3c8b
SW
1812 } else {
1813 /* broken EEPROM, use default settings */
1814 sc->leds = 0x01;
1815 sc->led[0] = 0x5555;
1816 sc->led[1] = 0x2221;
1817 sc->led[2] = 0x5627; /* differs from RT2860 */
1818 }
1819 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1820 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1821
1822 /* read RF information */
cea9a87b
SW
1823 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1824 run_srom_read(sc, 0x00, &val);
1825 else
1826 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1827
12bd3c8b 1828 if (val == 0xffff) {
cea9a87b
SW
1829 device_printf(sc->sc_dev,
1830 "invalid EEPROM antenna info, using default\n");
12bd3c8b
SW
1831 DPRINTF("invalid EEPROM antenna info, using default\n");
1832 if (sc->mac_ver == 0x3572) {
1833 /* default to RF3052 2T2R */
1834 sc->rf_rev = RT3070_RF_3052;
1835 sc->ntxchains = 2;
1836 sc->nrxchains = 2;
1837 } else if (sc->mac_ver >= 0x3070) {
1838 /* default to RF3020 1T1R */
1839 sc->rf_rev = RT3070_RF_3020;
1840 sc->ntxchains = 1;
1841 sc->nrxchains = 1;
1842 } else {
1843 /* default to RF2820 1T2R */
1844 sc->rf_rev = RT2860_RF_2820;
1845 sc->ntxchains = 1;
1846 sc->nrxchains = 2;
1847 }
1848 } else {
cea9a87b
SW
1849 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1850 sc->rf_rev = val;
1851 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1852 } else
1853 sc->rf_rev = (val >> 8) & 0xf;
12bd3c8b
SW
1854 sc->ntxchains = (val >> 4) & 0xf;
1855 sc->nrxchains = val & 0xf;
1856 }
cea9a87b 1857 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
12bd3c8b
SW
1858 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1859
1860 /* check if RF supports automatic Tx access gain control */
1861 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1862 DPRINTF("EEPROM CFG 0x%04x\n", val);
1863 /* check if driver should patch the DAC issue */
1864 if ((val >> 8) != 0xff)
1865 sc->patch_dac = (val >> 15) & 1;
1866 if ((val & 0xff) != 0xff) {
1867 sc->ext_5ghz_lna = (val >> 3) & 1;
1868 sc->ext_2ghz_lna = (val >> 2) & 1;
1869 /* check if RF supports automatic Tx access gain control */
1870 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1871 /* check if we have a hardware radio switch */
1872 sc->rfswitch = val & 1;
1873 }
1874
cea9a87b
SW
1875 /* Read Tx power settings. */
1876 if (sc->mac_ver == 0x3593)
1877 run_rt3593_get_txpower(sc);
1878 else
1879 run_get_txpower(sc);
12bd3c8b
SW
1880
1881 /* read Tx power compensation for each Tx rate */
1882 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1883 delta_2ghz = delta_5ghz = 0;
1884 if ((val & 0xff) != 0xff && (val & 0x80)) {
1885 delta_2ghz = val & 0xf;
1886 if (!(val & 0x40)) /* negative number */
1887 delta_2ghz = -delta_2ghz;
1888 }
1889 val >>= 8;
1890 if ((val & 0xff) != 0xff && (val & 0x80)) {
1891 delta_5ghz = val & 0xf;
1892 if (!(val & 0x40)) /* negative number */
1893 delta_5ghz = -delta_5ghz;
1894 }
1895 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1896 delta_2ghz, delta_5ghz);
1897
1898 for (ridx = 0; ridx < 5; ridx++) {
1899 uint32_t reg;
1900
1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1902 reg = val;
1903 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1904 reg |= (uint32_t)val << 16;
1905
1906 sc->txpow20mhz[ridx] = reg;
1907 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1908 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1909
1910 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1911 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1912 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1913 }
1914
cea9a87b
SW
1915 /* Read RSSI offsets and LNA gains from EEPROM. */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1917 RT3593_EEPROM_RSSI1_2GHZ, &val);
12bd3c8b
SW
1918 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1919 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
cea9a87b
SW
1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1921 RT3593_EEPROM_RSSI2_2GHZ, &val);
12bd3c8b 1922 if (sc->mac_ver >= 0x3070) {
cea9a87b
SW
1923 if (sc->mac_ver == 0x3593) {
1924 sc->txmixgain_2ghz = 0;
1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1926 } else {
1927 /*
1928 * On RT3070 chips (limited to 2 Rx chains), this ROM
1929 * field contains the Tx mixer gain for the 2GHz band.
1930 */
1931 if ((val & 0xff) != 0xff)
1932 sc->txmixgain_2ghz = val & 0x7;
1933 }
12bd3c8b
SW
1934 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1935 } else
1936 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
cea9a87b
SW
1937 if (sc->mac_ver == 0x3593)
1938 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
12bd3c8b
SW
1939 sc->lna[2] = val >> 8; /* channel group 2 */
1940
cea9a87b
SW
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1942 RT3593_EEPROM_RSSI1_5GHZ, &val);
12bd3c8b
SW
1943 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1944 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
cea9a87b
SW
1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1946 RT3593_EEPROM_RSSI2_5GHZ, &val);
12bd3c8b
SW
1947 if (sc->mac_ver == 0x3572) {
1948 /*
1949 * On RT3572 chips (limited to 2 Rx chains), this ROM
1950 * field contains the Tx mixer gain for the 5GHz band.
1951 */
1952 if ((val & 0xff) != 0xff)
1953 sc->txmixgain_5ghz = val & 0x7;
1954 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1955 } else
1956 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
cea9a87b
SW
1957 if (sc->mac_ver == 0x3593) {
1958 sc->txmixgain_5ghz = 0;
1959 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1960 }
12bd3c8b
SW
1961 sc->lna[3] = val >> 8; /* channel group 3 */
1962
cea9a87b
SW
1963 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1964 RT3593_EEPROM_LNA, &val);
12bd3c8b
SW
1965 sc->lna[0] = val & 0xff; /* channel group 0 */
1966 sc->lna[1] = val >> 8; /* channel group 1 */
1967
1968 /* fix broken 5GHz LNA entries */
1969 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 2);
1971 sc->lna[2] = sc->lna[1];
1972 }
1973 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1974 DPRINTF("invalid LNA for channel group %d\n", 3);
1975 sc->lna[3] = sc->lna[1];
1976 }
1977
1978 /* fix broken RSSI offset entries */
1979 for (ant = 0; ant < 3; ant++) {
1980 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1981 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1982 ant + 1, sc->rssi_2ghz[ant]);
1983 sc->rssi_2ghz[ant] = 0;
1984 }
1985 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1986 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1987 ant + 1, sc->rssi_5ghz[ant]);
1988 sc->rssi_5ghz[ant] = 0;
1989 }
1990 }
1991 return (0);
1992}
1993
1994static struct ieee80211_node *
1995run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1996{
10f2cea7 1997 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO);
12bd3c8b
SW
1998}
1999
2000static int
2001run_media_change(struct ifnet *ifp)
2002{
2003 struct ieee80211vap *vap = ifp->if_softc;
2004 struct ieee80211com *ic = vap->iv_ic;
2005 const struct ieee80211_txparam *tp;
2006 struct run_softc *sc = ic->ic_ifp->if_softc;
2007 uint8_t rate, ridx;
2008 int error;
2009
2010 RUN_LOCK(sc);
2011
2012 error = ieee80211_media_change(ifp);
2013 if (error != ENETRESET) {
2014 RUN_UNLOCK(sc);
2015 return (error);
2016 }
2017
2018 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2019 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2020 struct ieee80211_node *ni;
2021 struct run_node *rn;
2022
2023 rate = ic->ic_sup_rates[ic->ic_curmode].
2024 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2025 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2026 if (rt2860_rates[ridx].rate == rate)
2027 break;
2028 ni = ieee80211_ref_node(vap->iv_bss);
2029 rn = (struct run_node *)ni;
2030 rn->fix_ridx = ridx;
2031 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2032 ieee80211_free_node(ni);
2033 }
2034
2035#if 0
2036 if ((ifp->if_flags & IFF_UP) &&
10f2cea7 2037 (ifp->if_flags & IFF_RUNNING)){
12bd3c8b
SW
2038 run_init_locked(sc);
2039 }
2040#endif
2041
2042 RUN_UNLOCK(sc);
2043
2044 return (0);
2045}
2046
2047static int
2048run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2049{
2050 const struct ieee80211_txparam *tp;
2051 struct ieee80211com *ic = vap->iv_ic;
2052 struct run_softc *sc = ic->ic_ifp->if_softc;
2053 struct run_vap *rvp = RUN_VAP(vap);
2054 enum ieee80211_state ostate;
2055 uint32_t sta[3];
2056 uint32_t tmp;
2057 uint8_t ratectl;
2058 uint8_t restart_ratectl = 0;
2059 uint8_t bid = 1 << rvp->rvp_id;
2060
2061 ostate = vap->iv_state;
2062 DPRINTF("%s -> %s\n",
2063 ieee80211_state_name[ostate],
2064 ieee80211_state_name[nstate]);
2065
12bd3c8b
SW
2066 RUN_LOCK(sc);
2067
2068 ratectl = sc->ratectl_run; /* remember current state */
2069 sc->ratectl_run = RUN_RATECTL_OFF;
2070 usb_callout_stop(&sc->ratectl_ch);
2071
2072 if (ostate == IEEE80211_S_RUN) {
2073 /* turn link LED off */
2074 run_set_leds(sc, RT2860_LED_RADIO);
2075 }
2076
2077 switch (nstate) {
2078 case IEEE80211_S_INIT:
2079 restart_ratectl = 1;
2080
2081 if (ostate != IEEE80211_S_RUN)
2082 break;
2083
2084 ratectl &= ~bid;
2085 sc->runbmap &= ~bid;
2086
2087 /* abort TSF synchronization if there is no vap running */
2088 if (--sc->running == 0) {
2089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2090 run_write(sc, RT2860_BCN_TIME_CFG,
2091 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2092 RT2860_TBTT_TIMER_EN));
2093 }
2094 break;
2095
2096 case IEEE80211_S_RUN:
2097 if (!(sc->runbmap & bid)) {
2098 if(sc->running++)
2099 restart_ratectl = 1;
2100 sc->runbmap |= bid;
2101 }
2102
2103 m_freem(rvp->beacon_mbuf);
2104 rvp->beacon_mbuf = NULL;
2105
2106 switch (vap->iv_opmode) {
2107 case IEEE80211_M_HOSTAP:
2108 case IEEE80211_M_MBSS:
2109 sc->ap_running |= bid;
2110 ic->ic_opmode = vap->iv_opmode;
2111 run_update_beacon_cb(vap);
2112 break;
2113 case IEEE80211_M_IBSS:
2114 sc->adhoc_running |= bid;
2115 if (!sc->ap_running)
2116 ic->ic_opmode = vap->iv_opmode;
2117 run_update_beacon_cb(vap);
2118 break;
2119 case IEEE80211_M_STA:
2120 sc->sta_running |= bid;
2121 if (!sc->ap_running && !sc->adhoc_running)
2122 ic->ic_opmode = vap->iv_opmode;
2123
2124 /* read statistic counters (clear on read) */
2125 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2126 (uint8_t *)sta, sizeof sta);
2127
2128 break;
2129 default:
2130 ic->ic_opmode = vap->iv_opmode;
2131 break;
2132 }
2133
2134 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2135 struct ieee80211_node *ni;
2136
c4a44ec5
SW
2137 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2138 RUN_UNLOCK(sc);
10f2cea7 2139 return (-1);
c4a44ec5 2140 }
12bd3c8b
SW
2141 run_updateslot(ic->ic_ifp);
2142 run_enable_mrr(sc);
2143 run_set_txpreamble(sc);
2144 run_set_basicrates(sc);
2145 ni = ieee80211_ref_node(vap->iv_bss);
2146 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2147 run_set_bssid(sc, ni->ni_bssid);
2148 ieee80211_free_node(ni);
2149 run_enable_tsf_sync(sc);
2150
2151 /* enable automatic rate adaptation */
2152 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2153 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2154 ratectl |= bid;
2155 }
2156
2157 /* turn link LED on */
2158 run_set_leds(sc, RT2860_LED_RADIO |
2159 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2160 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2161
2162 break;
2163 default:
2164 DPRINTFN(6, "undefined case\n");
2165 break;
2166 }
2167
2168 /* restart amrr for running VAPs */
2169 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2170 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2171
2172 RUN_UNLOCK(sc);
12bd3c8b
SW
2173
2174 return(rvp->newstate(vap, nstate, arg));
2175}
2176
2177/* ARGSUSED */
2178static void
2179run_wme_update_cb(void *arg)
2180{
2181 struct ieee80211com *ic = arg;
2182 struct run_softc *sc = ic->ic_ifp->if_softc;
2183 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2184 int aci, error = 0;
2185
2186 RUN_LOCK_ASSERT(sc, MA_OWNED);
2187
2188 /* update MAC TX configuration registers */
2189 for (aci = 0; aci < WME_NUM_AC; aci++) {
2190 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2191 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2192 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2193 wmesp->wme_params[aci].wmep_aifsn << 8 |
2194 wmesp->wme_params[aci].wmep_txopLimit);
2195 if (error) goto err;
2196 }
2197
2198 /* update SCH/DMA registers too */
2199 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2200 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2201 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2202 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2203 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2204 if (error) goto err;
2205 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2206 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2207 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2208 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2209 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2210 if (error) goto err;
2211 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2212 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2213 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2214 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2215 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2216 if (error) goto err;
2217 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2218 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2219 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2220 if (error) goto err;
2221 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2222 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2223 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2224
2225err:
2226 if (error)
2227 DPRINTF("WME update failed\n");
2228
2229 return;
2230}
2231
2232static int
2233run_wme_update(struct ieee80211com *ic)
2234{
2235 struct run_softc *sc = ic->ic_ifp->if_softc;
2236
10f2cea7
SW
2237#if 0 /* XXX swildner */
2238 /* sometime called without lock */
12bd3c8b
SW
2239 if (mtx_owned(&ic->ic_comlock.mtx)) {
2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2241 DPRINTF("cmdq_store=%d\n", i);
2242 sc->cmdq[i].func = run_wme_update_cb;
2243 sc->cmdq[i].arg0 = ic;
2244 ieee80211_runtask(ic, &sc->cmdq_task);
2245 return (0);
2246 }
10f2cea7 2247#endif
12bd3c8b
SW
2248
2249 RUN_LOCK(sc);
2250 run_wme_update_cb(ic);
2251 RUN_UNLOCK(sc);
2252
2253 /* return whatever, upper layer desn't care anyway */
2254 return (0);
2255}
2256
2257static void
2258run_key_update_begin(struct ieee80211vap *vap)
2259{
2260 /*
2261 * To avoid out-of-order events, both run_key_set() and
2262 * _delete() are deferred and handled by run_cmdq_cb().
2263 * So, there is nothing we need to do here.
2264 */
2265}
2266
2267static void
2268run_key_update_end(struct ieee80211vap *vap)
2269{
2270 /* null */
2271}
2272
2273static void
2274run_key_set_cb(void *arg)
2275{
2276 struct run_cmdq *cmdq = arg;
2277 struct ieee80211vap *vap = cmdq->arg1;
2278 struct ieee80211_key *k = cmdq->k;
2279 struct ieee80211com *ic = vap->iv_ic;
2280 struct run_softc *sc = ic->ic_ifp->if_softc;
2281 struct ieee80211_node *ni;
2282 uint32_t attr;
2283 uint16_t base, associd;
2284 uint8_t mode, wcid, iv[8];
2285
2286 RUN_LOCK_ASSERT(sc, MA_OWNED);
2287
2288 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2289 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2290 else
2291 ni = vap->iv_bss;
2292 associd = (ni != NULL) ? ni->ni_associd : 0;
2293
2294 /* map net80211 cipher to RT2860 security mode */
2295 switch (k->wk_cipher->ic_cipher) {
2296 case IEEE80211_CIPHER_WEP:
2297 if(k->wk_keylen < 8)
2298 mode = RT2860_MODE_WEP40;
2299 else
2300 mode = RT2860_MODE_WEP104;
2301 break;
2302 case IEEE80211_CIPHER_TKIP:
2303 mode = RT2860_MODE_TKIP;
2304 break;
2305 case IEEE80211_CIPHER_AES_CCM:
2306 mode = RT2860_MODE_AES_CCMP;
2307 break;
2308 default:
2309 DPRINTF("undefined case\n");
2310 return;
2311 }
2312
2313 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2314 associd, k->wk_keyix, mode,
2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2318
2319 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2320 wcid = 0; /* NB: update WCID0 for group keys */
2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2322 } else {
10f2cea7
SW
2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2324 1 : RUN_AID2WCID(associd);
12bd3c8b
SW
2325 base = RT2860_PKEY(wcid);
2326 }
2327
2328 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2329 if(run_write_region_1(sc, base, k->wk_key, 16))
2330 return;
2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2332 return;
2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2334 return;
2335 } else {
2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2338 return;
2339 }
2340
2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2343 /* set initial packet number in IV+EIV */
2344 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2345 memset(iv, 0, sizeof iv);
2346 iv[3] = vap->iv_def_txkey << 6;
2347 } else {
2348 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2349 iv[0] = k->wk_keytsc >> 8;
2350 iv[1] = (iv[0] | 0x20) & 0x7f;
2351 iv[2] = k->wk_keytsc;
2352 } else /* CCMP */ {
2353 iv[0] = k->wk_keytsc;
2354 iv[1] = k->wk_keytsc >> 8;
2355 iv[2] = 0;
2356 }
2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2358 iv[4] = k->wk_keytsc >> 16;
2359 iv[5] = k->wk_keytsc >> 24;
2360 iv[6] = k->wk_keytsc >> 32;
2361 iv[7] = k->wk_keytsc >> 40;
2362 }
2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2364 return;
2365 }
2366
2367 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2368 /* install group key */
2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2370 return;
2371 attr &= ~(0xf << (k->wk_keyix * 4));
2372 attr |= mode << (k->wk_keyix * 4);
2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2374 return;
2375 } else {
2376 /* install pairwise key */
2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2378 return;
2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2381 return;
2382 }
2383
2384 /* TODO create a pass-thru key entry? */
2385
2386 /* need wcid to delete the right key later */
2387 k->wk_pad = wcid;
2388}
2389
2390/*
2391 * Don't have to be deferred, but in order to keep order of
2392 * execution, i.e. with run_key_delete(), defer this and let
2393 * run_cmdq_cb() maintain the order.
2394 *
2395 * return 0 on error
2396 */
2397static int
2398run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2399 const uint8_t mac[IEEE80211_ADDR_LEN])
2400{
2401 struct ieee80211com *ic = vap->iv_ic;
2402 struct run_softc *sc = ic->ic_ifp->if_softc;
2403 uint32_t i;
2404
2405 i = RUN_CMDQ_GET(&sc->cmdq_store);
2406 DPRINTF("cmdq_store=%d\n", i);
2407 sc->cmdq[i].func = run_key_set_cb;
2408 sc->cmdq[i].arg0 = NULL;
2409 sc->cmdq[i].arg1 = vap;
2410 sc->cmdq[i].k = k;
2411 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2412 ieee80211_runtask(ic, &sc->cmdq_task);
2413
2414 /*
2415 * To make sure key will be set when hostapd
2416 * calls iv_key_set() before if_init().
2417 */
2418 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2419 RUN_LOCK(sc);
2420 sc->cmdq_key_set = RUN_CMDQ_GO;
2421 RUN_UNLOCK(sc);
2422 }
2423
2424 return (1);
2425}
2426
2427/*
2428 * If wlan is destroyed without being brought down i.e. without
2429 * wlan down or wpa_cli terminate, this function is called after
2430 * vap is gone. Don't refer it.
2431 */
2432static void
2433run_key_delete_cb(void *arg)
2434{
2435 struct run_cmdq *cmdq = arg;
2436 struct run_softc *sc = cmdq->arg1;
2437 struct ieee80211_key *k = &cmdq->key;
2438 uint32_t attr;
2439 uint8_t wcid;
2440
2441 RUN_LOCK_ASSERT(sc, MA_OWNED);
2442
2443 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2444 /* remove group key */
2445 DPRINTF("removing group key\n");
2446 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2447 attr &= ~(0xf << (k->wk_keyix * 4));
2448 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2449 } else {
2450 /* remove pairwise key */
2451 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2452 /* matching wcid was written to wk_pad in run_key_set() */
2453 wcid = k->wk_pad;
2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2455 attr &= ~0xf;
2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2458 }
2459
2460 k->wk_pad = 0;
2461}
2462
2463/*
2464 * return 0 on error
2465 */
2466static int
2467run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2468{
2469 struct ieee80211com *ic = vap->iv_ic;
2470 struct run_softc *sc = ic->ic_ifp->if_softc;
2471 struct ieee80211_key *k0;
2472 uint32_t i;
2473
2474 /*
2475 * When called back, key might be gone. So, make a copy
2476 * of some values need to delete keys before deferring.
2477 * But, because of LOR with node lock, cannot use lock here.
2478 * So, use atomic instead.
2479 */
2480 i = RUN_CMDQ_GET(&sc->cmdq_store);
2481 DPRINTF("cmdq_store=%d\n", i);
2482 sc->cmdq[i].func = run_key_delete_cb;
2483 sc->cmdq[i].arg0 = NULL;
2484 sc->cmdq[i].arg1 = sc;
2485 k0 = &sc->cmdq[i].key;
2486 k0->wk_flags = k->wk_flags;
2487 k0->wk_keyix = k->wk_keyix;
2488 /* matching wcid was written to wk_pad in run_key_set() */
2489 k0->wk_pad = k->wk_pad;
2490 ieee80211_runtask(ic, &sc->cmdq_task);
2491 return (1); /* return fake success */
2492
2493}
2494
2495static void
2496run_ratectl_to(void *arg)
2497{
2498 struct run_softc *sc = arg;
2499
2500 /* do it in a process context, so it can go sleep */
2501 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2502 /* next timeout will be rescheduled in the callback task */
2503}
2504
2505/* ARGSUSED */
2506static void
2507run_ratectl_cb(void *arg, int pending)
2508{
2509 struct run_softc *sc = arg;
2510 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2512
2513 if (vap == NULL)
2514 return;
2515
cea9a87b 2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
12bd3c8b
SW
2517 /*
2518 * run_reset_livelock() doesn't do anything with AMRR,
2519 * but Ralink wants us to call it every 1 sec. So, we
2520 * piggyback here rather than creating another callout.
2521 * Livelock may occur only in HOSTAP or IBSS mode
2522 * (when h/w is sending beacons).
2523 */
2524 RUN_LOCK(sc);
2525 run_reset_livelock(sc);
2526 /* just in case, there are some stats to drain */
2527 run_drain_fifo(sc);
2528 RUN_UNLOCK(sc);
12bd3c8b
SW
2529 }
2530
cea9a87b
SW
2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2532
2533 RUN_LOCK(sc);
12bd3c8b
SW
2534 if(sc->ratectl_run != RUN_RATECTL_OFF)
2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
cea9a87b 2536 RUN_UNLOCK(sc);
12bd3c8b
SW
2537}
2538
2539static void
2540run_drain_fifo(void *arg)
2541{
2542 struct run_softc *sc = arg;
2543 struct ifnet *ifp = sc->sc_ifp;
2544 uint32_t stat;
2545 uint16_t (*wstat)[3];
2546 uint8_t wcid, mcs, pid;
2547 int8_t retry;
2548
2549 RUN_LOCK_ASSERT(sc, MA_OWNED);
2550
2551 for (;;) {
2552 /* drain Tx status FIFO (maxsize = 16) */
2553 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2554 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2555 if (!(stat & RT2860_TXQ_VLD))
2556 break;
2557
2558 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2559
2560 /* if no ACK was requested, no feedback is available */
2561 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2562 wcid == 0)
2563 continue;
2564
2565 /*
2566 * Even though each stat is Tx-complete-status like format,
2567 * the device can poll stats. Because there is no guarantee
2568 * that the referring node is still around when read the stats.
2569 * So that, if we use ieee80211_ratectl_tx_update(), we will
2570 * have hard time not to refer already freed node.
2571 *
2572 * To eliminate such page faults, we poll stats in softc.
2573 * Then, update the rates later with ieee80211_ratectl_tx_update().
2574 */
2575 wstat = &(sc->wcid_stats[wcid]);
2576 (*wstat)[RUN_TXCNT]++;
2577 if (stat & RT2860_TXQ_OK)
2578 (*wstat)[RUN_SUCCESS]++;
2579 else
2580 ifp->if_oerrors++;
2581 /*
2582 * Check if there were retries, ie if the Tx success rate is
2583 * different from the requested rate. Note that it works only
2584 * because we do not allow rate fallback from OFDM to CCK.
2585 */
2586 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2587 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2588 if ((retry = pid -1 - mcs) > 0) {
2589 (*wstat)[RUN_TXCNT] += retry;
2590 (*wstat)[RUN_RETRY] += retry;
2591 }
2592 }
2593 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2594
2595 sc->fifo_cnt = 0;
2596}
2597
2598static void
2599run_iter_func(void *arg, struct ieee80211_node *ni)
2600{
2601 struct run_softc *sc = arg;
2602 struct ieee80211vap *vap = ni->ni_vap;
2603 struct ieee80211com *ic = ni->ni_ic;
2604 struct ifnet *ifp = ic->ic_ifp;
2605 struct run_node *rn = (void *)ni;
2606 union run_stats sta[2];
2607 uint16_t (*wstat)[3];
2608 int txcnt, success, retrycnt, error;
2609
2610 RUN_LOCK(sc);
2611
cea9a87b
SW
2612 /* Check for special case */
2613 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2614 ni != vap->iv_bss)
2615 goto fail;
2616
12bd3c8b
SW
2617 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2618 vap->iv_opmode == IEEE80211_M_STA)) {
2619 /* read statistic counters (clear on read) and update AMRR state */
2620 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2621 sizeof sta);
2622 if (error != 0)
2623 goto fail;
2624
2625 /* count failed TX as errors */
2626 ifp->if_oerrors += le16toh(sta[0].error.fail);
2627
2628 retrycnt = le16toh(sta[1].tx.retry);
2629 success = le16toh(sta[1].tx.success);
2630 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2631
2632 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2633 retrycnt, success, le16toh(sta[0].error.fail));
2634 } else {
2635 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2636
2637 if (wstat == &(sc->wcid_stats[0]) ||
2638 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2639 goto fail;
2640
2641 txcnt = (*wstat)[RUN_TXCNT];
2642 success = (*wstat)[RUN_SUCCESS];
2643 retrycnt = (*wstat)[RUN_RETRY];
2644 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2645 retrycnt, txcnt, success);
2646
2647 memset(wstat, 0, sizeof(*wstat));
2648 }
2649
2650 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2651 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2652
2653fail:
2654 RUN_UNLOCK(sc);
2655
2656 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2657}
2658
2659static void
2660run_newassoc_cb(void *arg)
2661{
2662 struct run_cmdq *cmdq = arg;
2663 struct ieee80211_node *ni = cmdq->arg1;
2664 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2665 uint8_t wcid = cmdq->wcid;
2666
2667 RUN_LOCK_ASSERT(sc, MA_OWNED);
2668
2669 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2670 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2671
2672 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2673}
2674
2675static void
2676run_newassoc(struct ieee80211_node *ni, int isnew)
2677{
2678 struct run_node *rn = (void *)ni;
2679 struct ieee80211_rateset *rs = &ni->ni_rates;
2680 struct ieee80211vap *vap = ni->ni_vap;
2681 struct ieee80211com *ic = vap->iv_ic;
2682 struct run_softc *sc = ic->ic_ifp->if_softc;
2683 uint8_t rate;
2684 uint8_t ridx;
10f2cea7 2685 uint8_t wcid;
12bd3c8b 2686 int i, j;
1a468664 2687#ifdef RUN_DEBUG
10f2cea7 2688 char ethstr[ETHER_ADDRSTRLEN + 1];
1a468664 2689#endif
10f2cea7
SW
2690
2691 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2692 1 : RUN_AID2WCID(ni->ni_associd);
12bd3c8b
SW
2693
2694 if (wcid > RT2870_WCID_MAX) {
2695 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2696 return;
2697 }
2698
2699 /* only interested in true associations */
2700 if (isnew && ni->ni_associd != 0) {
2701
2702 /*
2703 * This function could is called though timeout function.
2704 * Need to defer.
2705 */
2706 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2707 DPRINTF("cmdq_store=%d\n", cnt);
2708 sc->cmdq[cnt].func = run_newassoc_cb;
2709 sc->cmdq[cnt].arg0 = NULL;
2710 sc->cmdq[cnt].arg1 = ni;
2711 sc->cmdq[cnt].wcid = wcid;
2712 ieee80211_runtask(ic, &sc->cmdq_task);
2713 }
2714
2715 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
10f2cea7 2716 isnew, ni->ni_associd, kether_ntoa(ni->ni_macaddr, ethstr));
12bd3c8b
SW
2717
2718 for (i = 0; i < rs->rs_nrates; i++) {
2719 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2720 /* convert 802.11 rate to hardware rate index */
2721 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2722 if (rt2860_rates[ridx].rate == rate)
2723 break;
2724 rn->ridx[i] = ridx;
2725 /* determine rate of control response frames */
2726 for (j = i; j >= 0; j--) {
2727 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2728 rt2860_rates[rn->ridx[i]].phy ==
2729 rt2860_rates[rn->ridx[j]].phy)
2730 break;
2731 }
2732 if (j >= 0) {
2733 rn->ctl_ridx[i] = rn->ridx[j];
2734 } else {
2735 /* no basic rate found, use mandatory one */
2736 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2737 }
2738 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2739 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2740 }
2741 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2742 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2743 if (rt2860_rates[ridx].rate == rate)
2744 break;
2745 rn->mgt_ridx = ridx;
2746 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2747
cea9a87b
SW
2748 RUN_LOCK(sc);
2749 if(sc->ratectl_run != RUN_RATECTL_OFF)
2750 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2751 RUN_UNLOCK(sc);
12bd3c8b
SW
2752}
2753
2754/*
2755 * Return the Rx chain with the highest RSSI for a given frame.
2756 */
2757static __inline uint8_t
2758run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2759{
2760 uint8_t rxchain = 0;
2761
2762 if (sc->nrxchains > 1) {
2763 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2764 rxchain = 1;
2765 if (sc->nrxchains > 2)
2766 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2767 rxchain = 2;
2768 }
2769 return (rxchain);
2770}
2771
2772static void
2773run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2774{
2775 struct ifnet *ifp = sc->sc_ifp;
2776 struct ieee80211com *ic = ifp->if_l2com;
2777 struct ieee80211_frame *wh;
2778 struct ieee80211_node *ni;
2779 struct rt2870_rxd *rxd;
2780 struct rt2860_rxwi *rxwi;
2781 uint32_t flags;
cea9a87b 2782 uint16_t len, rxwisize;
12bd3c8b
SW
2783 uint8_t ant, rssi;
2784 int8_t nf;
2785
2786 rxwi = mtod(m, struct rt2860_rxwi *);
2787 len = le16toh(rxwi->len) & 0xfff;
cea9a87b
SW
2788 rxwisize = sizeof(struct rt2860_rxwi);
2789 if (sc->mac_ver == 0x5592)
2790 rxwisize += sizeof(uint64_t);
2791 else if (sc->mac_ver == 0x3593)
2792 rxwisize += sizeof(uint32_t);
12bd3c8b
SW
2793 if (__predict_false(len > dmalen)) {
2794 m_freem(m);
2795 ifp->if_ierrors++;
2796 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2797 return;
2798 }
2799 /* Rx descriptor is located at the end */
2800 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2801 flags = le32toh(rxd->flags);
2802
2803 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2804 m_freem(m);
2805 ifp->if_ierrors++;
2806 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2807 return;
2808 }
2809
cea9a87b
SW
2810 m->m_data += rxwisize;
2811 m->m_pkthdr.len = m->m_len -= rxwisize;
12bd3c8b
SW
2812
2813 wh = mtod(m, struct ieee80211_frame *);
2814
085ff963
MD
2815 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2816 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
12bd3c8b
SW
2817 m->m_flags |= M_WEP;
2818 }
2819
2820 if (flags & RT2860_RX_L2PAD) {
2821 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2822 len += 2;
2823 }
2824
2825 ni = ieee80211_find_rxnode(ic,
2826 mtod(m, struct ieee80211_frame_min *));
2827
2828 if (__predict_false(flags & RT2860_RX_MICERR)) {
2829 /* report MIC failures to net80211 for TKIP */
2830 if (ni != NULL)
cea9a87b
SW
2831 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2832 rxwi->keyidx);
12bd3c8b
SW
2833 m_freem(m);
2834 ifp->if_ierrors++;
2835 DPRINTF("MIC error. Someone is lying.\n");
2836 return;
2837 }
2838
2839 ant = run_maxrssi_chain(sc, rxwi);
2840 rssi = rxwi->rssi[ant];
2841 nf = run_rssi2dbm(sc, rssi, ant);
2842
2843 m->m_pkthdr.rcvif = ifp;
2844 m->m_pkthdr.len = m->m_len = len;
2845
2846 if (ni != NULL) {
2847 (void)ieee80211_input(ni, m, rssi, nf);
2848 ieee80211_free_node(ni);
2849 } else {
2850 (void)ieee80211_input_all(ic, m, rssi, nf);
2851 }
2852
2853 if (__predict_false(ieee80211_radiotap_active(ic))) {
2854 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
cea9a87b 2855 uint16_t phy;
12bd3c8b
SW
2856
2857 tap->wr_flags = 0;
10f2cea7
SW
2858 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2859 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
12bd3c8b
SW
2860 tap->wr_antsignal = rssi;
2861 tap->wr_antenna = ant;
2862 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2863 tap->wr_rate = 2; /* in case it can't be found below */
2864 phy = le16toh(rxwi->phy);
2865 switch (phy & RT2860_PHY_MODE) {
2866 case RT2860_PHY_CCK:
2867 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2868 case 0: tap->wr_rate = 2; break;
2869 case 1: tap->wr_rate = 4; break;
2870 case 2: tap->wr_rate = 11; break;
2871 case 3: tap->wr_rate = 22; break;
2872 }
2873 if (phy & RT2860_PHY_SHPRE)
2874 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2875 break;
2876 case RT2860_PHY_OFDM:
2877 switch (phy & RT2860_PHY_MCS) {
2878 case 0: tap->wr_rate = 12; break;
2879 case 1: tap->wr_rate = 18; break;
2880 case 2: tap->wr_rate = 24; break;
2881 case 3: tap->wr_rate = 36; break;
2882 case 4: tap->wr_rate = 48; break;
2883 case 5: tap->wr_rate = 72; break;
2884 case 6: tap->wr_rate = 96; break;
2885 case 7: tap->wr_rate = 108; break;
2886 }
2887 break;
2888 }
2889 }
2890}
2891
2892static void
2893run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2894{
2895 struct run_softc *sc = usbd_xfer_softc(xfer);
2896 struct ifnet *ifp = sc->sc_ifp;
2897 struct mbuf *m = NULL;
2898 struct mbuf *m0;
2899 uint32_t dmalen;
cea9a87b 2900 uint16_t rxwisize;
12bd3c8b
SW
2901 int xferlen;
2902
cea9a87b
SW
2903 rxwisize = sizeof(struct rt2860_rxwi);
2904 if (sc->mac_ver == 0x5592)
2905 rxwisize += sizeof(uint64_t);
2906 else if (sc->mac_ver == 0x3593)
2907 rxwisize += sizeof(uint32_t);
2908
12bd3c8b
SW
2909 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2910
2911 switch (USB_GET_STATE(xfer)) {
2912 case USB_ST_TRANSFERRED:
2913
2914 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2915
cea9a87b
SW
2916 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2917 sizeof(struct rt2870_rxd))) {
12bd3c8b
SW
2918 DPRINTF("xfer too short %d\n", xferlen);
2919 goto tr_setup;
2920 }
2921
2922 m = sc->rx_m;
2923 sc->rx_m = NULL;
2924
2925 /* FALLTHROUGH */
2926 case USB_ST_SETUP:
2927tr_setup:
2928 if (sc->rx_m == NULL) {
10f2cea7 2929 sc->rx_m = m_getjcl(MB_DONTWAIT, MT_DATA, M_PKTHDR,
12bd3c8b
SW
2930 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2931 }
2932 if (sc->rx_m == NULL) {
2933 DPRINTF("could not allocate mbuf - idle with stall\n");
2934 ifp->if_ierrors++;
2935 usbd_xfer_set_stall(xfer);
2936 usbd_xfer_set_frames(xfer, 0);
2937 } else {
2938 /*
2939 * Directly loading a mbuf cluster into DMA to
2940 * save some data copying. This works because
2941 * there is only one cluster.
2942 */
2943 usbd_xfer_set_frame_data(xfer, 0,
2944 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2945 usbd_xfer_set_frames(xfer, 1);
2946 }
2947 usbd_transfer_submit(xfer);
2948 break;
2949
2950 default: /* Error */
2951 if (error != USB_ERR_CANCELLED) {
2952 /* try to clear stall first */
2953 usbd_xfer_set_stall(xfer);
2954
2955 if (error == USB_ERR_TIMEOUT)
2956 device_printf(sc->sc_dev, "device timeout\n");
2957
2958 ifp->if_ierrors++;
2959
2960 goto tr_setup;
2961 }
2962 if (sc->rx_m != NULL) {
2963 m_freem(sc->rx_m);
2964 sc->rx_m = NULL;
2965 }
2966 break;
2967 }
2968
2969 if (m == NULL)
2970 return;
2971
2972 /* inputting all the frames must be last */
2973
2974 RUN_UNLOCK(sc);
2975
2976 m->m_pkthdr.len = m->m_len = xferlen;
2977
2978 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2979 for(;;) {
2980 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2981
10f2cea7
SW
2982 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2983 ((dmalen & 3) != 0)) {
12bd3c8b
SW
2984 DPRINTF("bad DMA length %u\n", dmalen);
2985 break;
2986 }
10f2cea7 2987 if ((dmalen + 8) > (uint32_t)xferlen) {
12bd3c8b
SW
2988 DPRINTF("bad DMA length %u > %d\n",
2989 dmalen + 8, xferlen);
2990 break;
2991 }
2992
2993 /* If it is the last one or a single frame, we won't copy. */
2994 if ((xferlen -= dmalen + 8) <= 8) {
2995 /* trim 32-bit DMA-len header */
2996 m->m_data += 4;
2997 m->m_pkthdr.len = m->m_len -= 4;
2998 run_rx_frame(sc, m, dmalen);
cea9a87b 2999 m = NULL; /* don't free source buffer */
12bd3c8b
SW
3000 break;
3001 }
3002
3003 /* copy aggregated frames to another mbuf */
10f2cea7 3004 m0 = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
12bd3c8b
SW
3005 if (__predict_false(m0 == NULL)) {
3006 DPRINTF("could not allocate mbuf\n");
3007 ifp->if_ierrors++;
3008 break;
3009 }
3010 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3011 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3012 m0->m_pkthdr.len = m0->m_len =
3013 dmalen + sizeof(struct rt2870_rxd);
3014 run_rx_frame(sc, m0, dmalen);
3015
3016 /* update data ptr */
3017 m->m_data += dmalen + 8;
3018 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3019 }
3020
cea9a87b
SW
3021 /* make sure we free the source buffer, if any */
3022 m_freem(m);
3023
12bd3c8b
SW
3024 RUN_LOCK(sc);
3025}
3026
3027static void
3028run_tx_free(struct run_endpoint_queue *pq,
3029 struct run_tx_data *data, int txerr)
3030{
3031 if (data->m != NULL) {
3032 if (data->m->m_flags & M_TXCB)
3033 ieee80211_process_callback(data->ni, data->m,
3034 txerr ? ETIMEDOUT : 0);
3035 m_freem(data->m);
3036 data->m = NULL;
3037
3038 if (data->ni == NULL) {
3039 DPRINTF("no node\n");
3040 } else {
3041 ieee80211_free_node(data->ni);
3042 data->ni = NULL;
3043 }
3044 }
3045
3046 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3047 pq->tx_nfree++;
3048}
3049
3050static void
cea9a87b 3051run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
12bd3c8b
SW
3052{
3053 struct run_softc *sc = usbd_xfer_softc(xfer);
3054 struct ifnet *ifp = sc->sc_ifp;
3055 struct ieee80211com *ic = ifp->if_l2com;
3056 struct run_tx_data *data;
3057 struct ieee80211vap *vap = NULL;
3058 struct usb_page_cache *pc;
3059 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3060 struct mbuf *m;
3061 usb_frlength_t size;
3062 int actlen;
3063 int sumlen;
3064
3065 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3066
3067 switch (USB_GET_STATE(xfer)) {
3068 case USB_ST_TRANSFERRED:
3069 DPRINTFN(11, "transfer complete: %d "
3070 "bytes @ index %d\n", actlen, index);
3071
3072 data = usbd_xfer_get_priv(xfer);
3073
3074 run_tx_free(pq, data, 0);
10f2cea7 3075 ifq_clr_oactive(&ifp->if_snd);
12bd3c8b
SW
3076
3077 usbd_xfer_set_priv(xfer, NULL);
3078
3079 ifp->if_opackets++;
3080
3081 /* FALLTHROUGH */
3082 case USB_ST_SETUP:
3083tr_setup:
3084 data = STAILQ_FIRST(&pq->tx_qh);
3085 if (data == NULL)
3086 break;
3087
3088 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3089
3090 m = data->m;
cea9a87b
SW
3091 size = (sc->mac_ver == 0x5592) ?
3092 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
12bd3c8b 3093 if ((m->m_pkthdr.len +
cea9a87b 3094 size + 3 + 8) > RUN_MAX_TXSZ) {
12bd3c8b
SW
3095 DPRINTF("data overflow, %u bytes\n",
3096 m->m_pkthdr.len);
3097
3098 ifp->if_oerrors++;
3099
3100 run_tx_free(pq, data, 1);
3101
3102 goto tr_setup;
3103 }
3104
3105 pc = usbd_xfer_get_frame(xfer, 0);
12bd3c8b
SW
3106 usbd_copy_in(pc, 0, &data->desc, size);
3107 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3108 size += m->m_pkthdr.len;
3109 /*
3110 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3111 * 4-byte padding), and be sure to zero those trailing
3112 * bytes:
3113 */
3114 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3115 size += ((-size) & 3) + 8;
3116
3117 vap = data->ni->ni_vap;
3118 if (ieee80211_radiotap_active_vap(vap)) {
3119 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
cea9a87b 3120 struct rt2860_txwi *txwi =
12bd3c8b 3121 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
12bd3c8b
SW
3122 tap->wt_flags = 0;
3123 tap->wt_rate = rt2860_rates[data->ridx].rate;
10f2cea7
SW
3124 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3125 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
12bd3c8b
SW
3126 tap->wt_hwqueue = index;
3127 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3128 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3129
3130 ieee80211_radiotap_tx(vap, m);
3131 }
3132
3133 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3134 m->m_pkthdr.len, size, index);
3135
3136 usbd_xfer_set_frame_len(xfer, 0, size);
3137 usbd_xfer_set_priv(xfer, data);
3138
3139 usbd_transfer_submit(xfer);
3140
10f2cea7 3141 run_start_locked(ifp);
12bd3c8b
SW
3142
3143 break;
3144
3145 default:
3146 DPRINTF("USB transfer error, %s\n",
3147 usbd_errstr(error));
3148
3149 data = usbd_xfer_get_priv(xfer);
3150
3151 ifp->if_oerrors++;
3152
3153 if (data != NULL) {
3154 if(data->ni != NULL)
3155 vap = data->ni->ni_vap;
3156 run_tx_free(pq, data, error);
3157 usbd_xfer_set_priv(xfer, NULL);
3158 }
3159 if (vap == NULL)
3160 vap = TAILQ_FIRST(&ic->ic_vaps);
3161
3162 if (error != USB_ERR_CANCELLED) {
3163 if (error == USB_ERR_TIMEOUT) {
3164 device_printf(sc->sc_dev, "device timeout\n");
3165 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3166 DPRINTF("cmdq_store=%d\n", i);
3167 sc->cmdq[i].func = run_usb_timeout_cb;
3168 sc->cmdq[i].arg0 = vap;
3169 ieee80211_runtask(ic, &sc->cmdq_task);
3170 }
3171
3172 /*
3173 * Try to clear stall first, also if other
3174 * errors occur, hence clearing stall
3175 * introduces a 50 ms delay:
3176 */
3177 usbd_xfer_set_stall(xfer);
3178 goto tr_setup;
3179 }
3180 break;
3181 }
3182}
3183
3184static void
3185run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3186{
3187 run_bulk_tx_callbackN(xfer, error, 0);
3188}
3189
3190static void
3191run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3192{
3193 run_bulk_tx_callbackN(xfer, error, 1);
3194}
3195
3196static void
3197run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3198{
3199 run_bulk_tx_callbackN(xfer, error, 2);
3200}
3201
3202static void
3203run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3204{
3205 run_bulk_tx_callbackN(xfer, error, 3);
3206}
3207
3208static void
3209run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3210{
3211 run_bulk_tx_callbackN(xfer, error, 4);
3212}
3213
3214static void
3215run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3216{
3217 run_bulk_tx_callbackN(xfer, error, 5);
3218}
3219
3220static void
3221run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3222{
3223 struct mbuf *m = data->m;
3224 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3225 struct ieee80211vap *vap = data->ni->ni_vap;
3226 struct ieee80211_frame *wh;
3227 struct rt2870_txd *txd;
3228 struct rt2860_txwi *txwi;
cea9a87b 3229 uint16_t xferlen, txwisize;
12bd3c8b
SW
3230 uint16_t mcs;
3231 uint8_t ridx = data->ridx;
3232 uint8_t pad;
3233
3234 /* get MCS code from rate index */
3235 mcs = rt2860_rates[ridx].mcs;
3236
cea9a87b
SW
3237 txwisize = (sc->mac_ver == 0x5592) ?
3238 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3239 xferlen = txwisize + m->m_pkthdr.len;
12bd3c8b
SW
3240
3241 /* roundup to 32-bit alignment */
3242 xferlen = (xferlen + 3) & ~3;
3243
3244 txd = (struct rt2870_txd *)&data->desc;
3245 txd->len = htole16(xferlen);
3246
3247 wh = mtod(m, struct ieee80211_frame *);
3248
3249 /*
3250 * Ether both are true or both are false, the header
3251 * are nicely aligned to 32-bit. So, no L2 padding.
3252 */
3253 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3254 pad = 0;
3255 else
3256 pad = 2;
3257
3258 /* setup TX Wireless Information */
3259 txwi = (struct rt2860_txwi *)(txd + 1);
3260 txwi->len = htole16(m->m_pkthdr.len - pad);
3261 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3262 txwi->phy = htole16(RT2860_PHY_CCK);
3263 if (ridx != RT2860_RIDX_CCK1 &&
3264 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3265 mcs |= RT2860_PHY_SHPRE;
3266 } else
3267 txwi->phy = htole16(RT2860_PHY_OFDM);
3268 txwi->phy |= htole16(mcs);
3269
3270 /* check if RTS/CTS or CTS-to-self protection is required */
3271 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3272 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3273 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3274 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3275 txwi->txop |= RT2860_TX_TXOP_HT;
3276 else
3277 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3278
3279 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3280 txwi->xflags |= RT2860_TX_NSEQ;
3281}
3282
3283/* This function must be called locked */
3284static int
3285run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3286{
3287 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3288 struct ieee80211vap *vap = ni->ni_vap;
3289 struct ieee80211_frame *wh;
3290 struct ieee80211_channel *chan;
3291 const struct ieee80211_txparam *tp;
3292 struct run_node *rn = (void *)ni;
3293 struct run_tx_data *data;
3294 struct rt2870_txd *txd;
3295 struct rt2860_txwi *txwi;
3296 uint16_t qos;
3297 uint16_t dur;
3298 uint16_t qid;
3299 uint8_t type;
3300 uint8_t tid;
3301 uint8_t ridx;
3302 uint8_t ctl_ridx;
3303 uint8_t qflags;
3304 uint8_t xflags = 0;
3305 int hasqos;
3306
10f2cea7 3307#if 0 /* XXX swildner: lock needed? */
12bd3c8b 3308 RUN_LOCK_ASSERT(sc, MA_OWNED);
10f2cea7 3309#endif
12bd3c8b
SW
3310
3311 wh = mtod(m, struct ieee80211_frame *);
3312
3313 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3314
3315 /*
3316 * There are 7 bulk endpoints: 1 for RX
3317 * and 6 for TX (4 EDCAs + HCCA + Prio).
3318 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3319 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3320 */
3321 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3322 uint8_t *frm;
3323
3324 if(IEEE80211_HAS_ADDR4(wh))
3325 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3326 else
3327 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3328
3329 qos = le16toh(*(const uint16_t *)frm);
3330 tid = qos & IEEE80211_QOS_TID;
3331 qid = TID_TO_WME_AC(tid);
3332 } else {
3333 qos = 0;
3334 tid = 0;
3335 qid = WME_AC_BE;
3336 }
3337 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3338
3339 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3340 qos, qid, tid, qflags);
3341
3342 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3343 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3344
3345 /* pickup a rate index */
3346 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3347 type != IEEE80211_FC0_TYPE_DATA) {
3348 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3349 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3350 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3351 } else {
3352 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3353 ridx = rn->fix_ridx;
3354 else
3355 ridx = rn->amrr_ridx;
3356 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3357 }
3358
3359 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3360 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3361 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3362 xflags |= RT2860_TX_ACK;
3363 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3364 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3365 else
3366 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
cea9a87b 3367 USETW(wh->i_dur, dur);
12bd3c8b
SW
3368 }
3369
3370 /* reserve slots for mgmt packets, just in case */
3371 if (sc->sc_epq[qid].tx_nfree < 3) {
3372 DPRINTFN(10, "tx ring %d is full\n", qid);
3373 return (-1);
3374 }
3375
3376 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3377 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3378 sc->sc_epq[qid].tx_nfree--;
3379
3380 txd = (struct rt2870_txd *)&data->desc;
3381 txd->flags = qflags;
3382 txwi = (struct rt2860_txwi *)(txd + 1);
3383 txwi->xflags = xflags;
cea9a87b 3384 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
10f2cea7 3385 txwi->wcid = 0;
cea9a87b 3386 else
10f2cea7
SW
3387 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3388 1 : RUN_AID2WCID(ni->ni_associd);
cea9a87b 3389
12bd3c8b
SW
3390 /* clear leftover garbage bits */
3391 txwi->flags = 0;
3392 txwi->txop = 0;
3393
3394 data->m = m;
3395 data->ni = ni;
3396 data->ridx = ridx;
3397
3398 run_set_tx_desc(sc, data);
3399
3400 /*
3401 * The chip keeps track of 2 kind of Tx stats,
3402 * * TX_STAT_FIFO, for per WCID stats, and
3403 * * TX_STA_CNT0 for all-TX-in-one stats.
3404 *
3405 * To use FIFO stats, we need to store MCS into the driver-private
3406 * PacketID field. So that, we can tell whose stats when we read them.
3407 * We add 1 to the MCS because setting the PacketID field to 0 means
3408 * that we don't want feedback in TX_STAT_FIFO.
3409 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3410 *
3411 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3412 */
3413 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3414 vap->iv_opmode == IEEE80211_M_MBSS) {
3415 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3416 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3417
3418 /*
3419 * Unlike PCI based devices, we don't get any interrupt from
3420 * USB devices, so we simulate FIFO-is-full interrupt here.
3421 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3422 * quickly get fulled. To prevent overflow, increment a counter on
3423 * every FIFO stat request, so we know how many slots are left.
3424 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3425 * are used only in those modes.
3426 * We just drain stats. AMRR gets updated every 1 sec by
3427 * run_ratectl_cb() via callout.
3428 * Call it early. Otherwise overflow.
3429 */
3430 if (sc->fifo_cnt++ == 10) {
3431 /*
3432 * With multiple vaps or if_bridge, if_start() is called
3433 * with a non-sleepable lock, tcpinp. So, need to defer.
3434 */
3435 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3436 DPRINTFN(6, "cmdq_store=%d\n", i);
3437 sc->cmdq[i].func = run_drain_fifo;
3438 sc->cmdq[i].arg0 = sc;
3439 ieee80211_runtask(ic, &sc->cmdq_task);
3440 }
3441 }
3442
3443 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3444
10f2cea7 3445 RUN_LOCK(sc);
12bd3c8b 3446 usbd_transfer_start(sc->sc_xfer[qid]);
10f2cea7 3447 RUN_UNLOCK(sc);
12bd3c8b 3448
cea9a87b
SW
3449 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3450 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3451 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
12bd3c8b
SW
3452
3453 return (0);
3454}
3455
3456static int
3457run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3458{
3459 struct ifnet *ifp = sc->sc_ifp;
3460 struct ieee80211com *ic = ifp->if_l2com;
3461 struct run_node *rn = (void *)ni;
3462 struct run_tx_data *data;
3463 struct ieee80211_frame *wh;
3464 struct rt2870_txd *txd;
3465 struct rt2860_txwi *txwi;
3466 uint16_t dur;
3467 uint8_t ridx = rn->mgt_ridx;
3468 uint8_t type;
3469 uint8_t xflags = 0;
3470 uint8_t wflags = 0;
3471
3472 RUN_LOCK_ASSERT(sc, MA_OWNED);
3473
3474 wh = mtod(m, struct ieee80211_frame *);
3475
3476 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3477
3478 /* tell hardware to add timestamp for probe responses */
3479 if ((wh->i_fc[0] &
3480 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3481 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3482 wflags |= RT2860_TX_TS;
3483 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3484 xflags |= RT2860_TX_ACK;
3485
3486 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3487 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
cea9a87b 3488 USETW(wh->i_dur, dur);
12bd3c8b
SW
3489 }
3490
3491 if (sc->sc_epq[0].tx_nfree == 0) {
3492 /* let caller free mbuf */
10f2cea7 3493 ifq_set_oactive(&ifp->if_snd);
12bd3c8b
SW
3494 return (EIO);
3495 }
3496 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3497 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3498 sc->sc_epq[0].tx_nfree--;
3499
3500 txd = (struct rt2870_txd *)&data->desc;
3501 txd->flags = RT2860_TX_QSEL_EDCA;
3502 txwi = (struct rt2860_txwi *)(txd + 1);
3503 txwi->wcid = 0xff;
3504 txwi->flags = wflags;
3505 txwi->xflags = xflags;
3506 txwi->txop = 0; /* clear leftover garbage bits */
3507
3508 data->m = m;
3509 data->ni = ni;
3510 data->ridx = ridx;
3511
3512 run_set_tx_desc(sc, data);
3513
3514 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
cea9a87b 3515 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
12bd3c8b
SW
3516 rt2860_rates[ridx].rate);
3517
3518 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3519
3520 usbd_transfer_start(sc->sc_xfer[0]);
3521
3522 return (0);
3523}
3524
3525static int
3526run_sendprot(struct run_softc *sc,
3527 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3528{
3529 struct ieee80211com *ic = ni->ni_ic;
3530 struct ieee80211_frame *wh;
3531 struct run_tx_data *data;
3532 struct rt2870_txd *txd;
3533 struct rt2860_txwi *txwi;
3534 struct mbuf *mprot;
3535 int ridx;
3536 int protrate;
3537 int ackrate;
3538 int pktlen;
3539 int isshort;
3540 uint16_t dur;
3541 uint8_t type;
3542 uint8_t wflags = 0;
3543 uint8_t xflags = 0;
3544
3545 RUN_LOCK_ASSERT(sc, MA_OWNED);
3546
3547 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3548 ("protection %d", prot));
3549
3550 wh = mtod(m, struct ieee80211_frame *);
3551 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3552 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3553
3554 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3555 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3556
3557 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3558 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3559 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3560 wflags = RT2860_TX_FRAG;
3561
3562 /* check that there are free slots before allocating the mbuf */
3563 if (sc->sc_epq[0].tx_nfree == 0) {
3564 /* let caller free mbuf */
10f2cea7 3565 ifq_set_oactive(&sc->sc_ifp->if_snd);
12bd3c8b
SW
3566 return (ENOBUFS);
3567 }
3568
3569 if (prot == IEEE80211_PROT_RTSCTS) {
3570 /* NB: CTS is the same size as an ACK */
3571 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3572 xflags |= RT2860_TX_ACK;
3573 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3574 } else {
3575 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3576 }
3577 if (mprot == NULL) {
3578 sc->sc_ifp->if_oerrors++;
3579 DPRINTF("could not allocate mbuf\n");
3580 return (ENOBUFS);
3581 }
3582
3583 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3584 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3585 sc->sc_epq[0].tx_nfree--;
3586
3587 txd = (struct rt2870_txd *)&data->desc;
3588 txd->flags = RT2860_TX_QSEL_EDCA;
3589 txwi = (struct rt2860_txwi *)(txd + 1);
3590 txwi->wcid = 0xff;
3591 txwi->flags = wflags;
3592 txwi->xflags = xflags;
3593 txwi->txop = 0; /* clear leftover garbage bits */
3594
3595 data->m = mprot;
3596 data->ni = ieee80211_ref_node(ni);
3597
3598 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3599 if (rt2860_rates[ridx].rate == protrate)
3600 break;
3601 data->ridx = ridx;
3602
3603 run_set_tx_desc(sc, data);
3604
3605 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3606 m->m_pkthdr.len, rate);
3607
3608 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3609
3610 usbd_transfer_start(sc->sc_xfer[0]);
3611
3612 return (0);
3613}
3614
3615static int
3616run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3617 const struct ieee80211_bpf_params *params)
3618{
3619 struct ieee80211com *ic = ni->ni_ic;
3620 struct ieee80211_frame *wh;
3621 struct run_tx_data *data;
3622 struct rt2870_txd *txd;
3623 struct rt2860_txwi *txwi;
3624 uint8_t type;
3625 uint8_t ridx;
3626 uint8_t rate;
3627 uint8_t opflags = 0;
3628 uint8_t xflags = 0;
3629 int error;
3630
3631 RUN_LOCK_ASSERT(sc, MA_OWNED);
3632
3633 KASSERT(params != NULL, ("no raw xmit params"));
3634
3635 wh = mtod(m, struct ieee80211_frame *);
3636 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3637
3638 rate = params->ibp_rate0;
3639 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3640 /* let caller free mbuf */
3641 return (EINVAL);
3642 }
3643
3644 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3645 xflags |= RT2860_TX_ACK;
3646 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3647 error = run_sendprot(sc, m, ni,
3648 params->ibp_flags & IEEE80211_BPF_RTS ?
3649 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3650 rate);
3651 if (error) {
3652 /* let caller free mbuf */
3653 return error;
3654 }
3655 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3656 }
3657
3658 if (sc->sc_epq[0].tx_nfree == 0) {
3659 /* let caller free mbuf */
10f2cea7 3660 ifq_set_oactive(&sc->sc_ifp->if_snd);
12bd3c8b
SW
3661 DPRINTF("sending raw frame, but tx ring is full\n");
3662 return (EIO);
3663 }
3664 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3665 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3666 sc->sc_epq[0].tx_nfree--;
3667
3668 txd = (struct rt2870_txd *)&data->desc;
3669 txd->flags = RT2860_TX_QSEL_EDCA;
3670 txwi = (struct rt2860_txwi *)(txd + 1);
3671 txwi->wcid = 0xff;
3672 txwi->xflags = xflags;
3673 txwi->txop = opflags;
3674 txwi->flags = 0; /* clear leftover garbage bits */
3675
3676 data->m = m;
3677 data->ni = ni;
3678 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3679 if (rt2860_rates[ridx].rate == rate)
3680 break;
3681 data->ridx = ridx;
3682
3683 run_set_tx_desc(sc, data);
3684
3685 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3686 m->m_pkthdr.len, rate);
3687
3688 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3689
3690 usbd_transfer_start(sc->sc_xfer[0]);
3691
3692 return (0);
3693}
3694
3695static int
3696run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3697 const struct ieee80211_bpf_params *params)
3698{
3699 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3700 struct run_softc *sc = ifp->if_softc;
3701 int error = 0;
3702
3703 RUN_LOCK(sc);
3704
3705 /* prevent management frames from being sent if we're not ready */
10f2cea7 3706 if (!(ifp->if_flags & IFF_RUNNING)) {
12bd3c8b
SW
3707 error = ENETDOWN;
3708 goto done;
3709 }
3710
3711 if (params == NULL) {
3712 /* tx mgt packet */
3713 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3714 ifp->if_oerrors++;
3715 DPRINTF("mgt tx failed\n");
3716 goto done;
3717 }
3718 } else {
3719 /* tx raw packet with param */
3720 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3721 ifp->if_oerrors++;
3722 DPRINTF("tx with param failed\n");
3723 goto done;
3724 }
3725 }
3726
3727 ifp->if_opackets++;
3728
3729done:
3730 RUN_UNLOCK(sc);
3731
3732 if (error != 0) {
3733 if(m != NULL)
3734 m_freem(m);
3735 ieee80211_free_node(ni);
3736 }
3737
3738 return (error);
3739}
3740
3741static void
10f2cea7 3742run_start_locked(struct ifnet *ifp)
12bd3c8b
SW
3743{
3744 struct run_softc *sc = ifp->if_softc;
3745 struct ieee80211_node *ni;
10f2cea7 3746 struct mbuf *m = NULL;
12bd3c8b 3747
ce73fac0 3748 if ((ifp->if_flags & IFF_RUNNING) == 0)
12bd3c8b 3749 return;
12bd3c8b
SW
3750
3751 for (;;) {
3752 /* send data frames */
10f2cea7 3753 m = ifq_dequeue(&ifp->if_snd);
12bd3c8b
SW
3754 if (m == NULL)
3755 break;
3756
3757 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3758 if (run_tx(sc, m, ni) != 0) {
10f2cea7
SW
3759 ifq_prepend(&ifp->if_snd, m);
3760 ifq_set_oactive(&ifp->if_snd);
12bd3c8b
SW
3761 break;
3762 }
3763 }
10f2cea7 3764}
12bd3c8b 3765
10f2cea7
SW
3766static void
3767run_start(struct ifnet *ifp, struct ifaltq_subque *ifsq)
3768{
3769 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq);
3770 run_start_locked(ifp);
12bd3c8b
SW
3771}
3772
3773static int
10f2cea7 3774run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
12bd3c8b
SW
3775{
3776 struct run_softc *sc = ifp->if_softc;
3777 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3778 struct ifreq *ifr = (struct ifreq *) data;
3779 int startall = 0;
10f2cea7
SW
3780 int error;
3781
3782 RUN_LOCK(sc);
3783 error = sc->sc_detached ? ENXIO : 0;
3784 RUN_UNLOCK(sc);
3785 if (error)
3786 return (error);
12bd3c8b
SW
3787
3788 switch (cmd) {
3789 case SIOCSIFFLAGS:
3790 RUN_LOCK(sc);
3791 if (ifp->if_flags & IFF_UP) {
10f2cea7 3792 if (!(ifp->if_flags & IFF_RUNNING)){
12bd3c8b
SW
3793 startall = 1;
3794 run_init_locked(sc);
3795 } else
3796 run_update_promisc_locked(ifp);
3797 } else {
10f2cea7 3798 if (ifp->if_flags & IFF_RUNNING &&
12bd3c8b
SW
3799 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3800 run_stop(sc);
3801 }
3802 }
3803 RUN_UNLOCK(sc);
3804 if (startall)
3805 ieee80211_start_all(ic);
3806 break;
3807 case SIOCGIFMEDIA:
3808 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3809 break;
3810 case SIOCGIFADDR:
3811 error = ether_ioctl(ifp, cmd, data);
3812 break;
3813 default:
3814 error = EINVAL;
3815 break;
3816 }
3817
3818 return (error);
3819}
3820
cea9a87b
SW
3821static void
3822run_iq_calib(struct run_softc *sc, u_int chan)
3823{
3824 uint16_t val;
3825
3826 /* Tx0 IQ gain. */
3827 run_bbp_write(sc, 158, 0x2c);
3828 if (chan <= 14)
3829 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3830 else if (chan <= 64) {
3831 run_efuse_read(sc,
3832 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3833 &val, 1);
3834 } else if (chan <= 138) {
3835 run_efuse_read(sc,
3836 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3837 &val, 1);
3838 } else if (chan <= 165) {
3839 run_efuse_read(sc,
3840 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3841 &val, 1);
3842 } else
3843 val = 0;
3844 run_bbp_write(sc, 159, val);
3845
3846 /* Tx0 IQ phase. */
3847 run_bbp_write(sc, 158, 0x2d);
3848 if (chan <= 14) {
3849 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3850 &val, 1);
3851 } else if (chan <= 64) {
3852 run_efuse_read(sc,
3853 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3854 &val, 1);
3855 } else if (chan <= 138) {
3856 run_efuse_read(sc,
3857 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3858 &val, 1);
3859 } else if (chan <= 165) {
3860 run_efuse_read(sc,
3861 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3862 &val, 1);
3863 } else
3864 val = 0;
3865 run_bbp_write(sc, 159, val);
3866
3867 /* Tx1 IQ gain. */
3868 run_bbp_write(sc, 158, 0x4a);
3869 if (chan <= 14) {
3870 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3871 &val, 1);
3872 } else if (chan <= 64) {
3873 run_efuse_read(sc,
3874 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3875 &val, 1);
3876 } else if (chan <= 138) {
3877 run_efuse_read(sc,
3878 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3879 &val, 1);
3880 } else if (chan <= 165) {
3881 run_efuse_read(sc,
3882 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3883 &val, 1);
3884 } else
3885 val = 0;
3886 run_bbp_write(sc, 159, val);
3887
3888 /* Tx1 IQ phase. */
3889 run_bbp_write(sc, 158, 0x4b);
3890 if (chan <= 14) {
3891 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3892 &val, 1);
3893 } else if (chan <= 64) {
3894 run_efuse_read(sc,
3895 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3896 &val, 1);
3897 } else if (chan <= 138) {
3898 run_efuse_read(sc,
3899 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3900 &val, 1);
3901 } else if (chan <= 165) {
3902 run_efuse_read(sc,
3903 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3904 &val, 1);
3905 } else
3906 val = 0;
3907 run_bbp_write(sc, 159, val);
3908
3909 /* RF IQ compensation control. */
3910 run_bbp_write(sc, 158, 0x04);
3911 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3912 &val, 1);
3913 run_bbp_write(sc, 159, val);
3914
3915 /* RF IQ imbalance compensation control. */
3916 run_bbp_write(sc, 158, 0x03);
3917 run_efuse_read(sc,
3918 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3919 run_bbp_write(sc, 159, val);
3920}
3921
12bd3c8b
SW
3922static void
3923run_set_agc(struct run_softc *sc, uint8_t agc)
3924{
3925 uint8_t bbp;
3926
3927 if (sc->mac_ver == 0x3572) {
3928 run_bbp_read(sc, 27, &bbp);
3929 bbp &= ~(0x3 << 5);
3930 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3931 run_bbp_write(sc, 66, agc);
3932 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3933 run_bbp_write(sc, 66, agc);
3934 } else
3935 run_bbp_write(sc, 66, agc);
3936}
3937
3938static void
3939run_select_chan_group(struct run_softc *sc, int group)
3940{
3941 uint32_t tmp;
3942 uint8_t agc;
3943
3944 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3945 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3946 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
cea9a87b
SW
3947 if (sc->mac_ver < 0x3572)
3948 run_bbp_write(sc, 86, 0x00);
3949