firmware(9): Change type of data pointer
[dragonfly.git] / sys / bus / u4b / wlan / if_run.c
CommitLineData
12bd3c8b
SW
1/*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
cea9a87b 5 * Copyright (c) 2013-2014 Kevin Lo
12bd3c8b
SW
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
10f2cea7 18 *
d52983bd 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 299176 2016-05-06 15:09:21Z pfg $
12bd3c8b
SW
20 */
21
12bd3c8b 22/*-
cea9a87b 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
12bd3c8b
SW
24 * http://www.ralinktech.com/
25 */
26
27#include <sys/param.h>
28#include <sys/sockio.h>
29#include <sys/sysctl.h>
30#include <sys/lock.h>
12bd3c8b
SW
31#include <sys/mbuf.h>
32#include <sys/kernel.h>
33#include <sys/socket.h>
34#include <sys/systm.h>
35#include <sys/malloc.h>
36#include <sys/module.h>
37#include <sys/bus.h>
38#include <sys/endian.h>
39#include <sys/linker.h>
40#include <sys/firmware.h>
12bd3c8b 41
12bd3c8b
SW
42#include <sys/rman.h>
43
44#include <net/bpf.h>
45#include <net/if.h>
cea9a87b 46#include <net/if_var.h>
12bd3c8b
SW
47#include <net/if_arp.h>
48#include <net/ethernet.h>
49#include <net/if_dl.h>
50#include <net/if_media.h>
51#include <net/if_types.h>
52
53#include <netinet/in.h>
54#include <netinet/in_systm.h>
55#include <netinet/in_var.h>
56#include <netinet/if_ether.h>
57#include <netinet/ip.h>
58
10f2cea7
SW
59#include <netproto/802_11/ieee80211_var.h>
60#include <netproto/802_11/ieee80211_regdomain.h>
61#include <netproto/802_11/ieee80211_radiotap.h>
62#include <netproto/802_11/ieee80211_ratectl.h>
12bd3c8b 63
10f2cea7
SW
64#include <bus/u4b/usb.h>
65#include <bus/u4b/usbdi.h>
ef4aa9ff 66#include "usbdevs.h"
12bd3c8b 67
cea9a87b 68#define USB_DEBUG_VAR run_debug
10f2cea7 69#include <bus/u4b/usb_debug.h>
cea9a87b 70#include <bus/u4b/usb_msctest.h>
12bd3c8b 71
10f2cea7
SW
72#include <bus/u4b/wlan/if_runreg.h>
73#include <bus/u4b/wlan/if_runvar.h>
12bd3c8b
SW
74
75#ifdef USB_DEBUG
cea9a87b 76#define RUN_DEBUG
12bd3c8b
SW
77#endif
78
79#ifdef RUN_DEBUG
80int run_debug = 0;
81static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
a9b765b7 82SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
12bd3c8b
SW
83 "run debug level");
84#endif
85
d52983bd 86#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
12bd3c8b
SW
87
88/*
89 * Because of LOR in run_key_delete(), use atomic instead.
90 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
91 */
cea9a87b 92#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
12bd3c8b
SW
93
94static const STRUCT_USB_HOST_ID run_devs[] = {
cea9a87b
SW
95#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
96#define RUN_DEV_EJECT(v,p) \
97 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
98#define RUN_EJECT 1
12bd3c8b
SW
99 RUN_DEV(ABOCOM, RT2770),
100 RUN_DEV(ABOCOM, RT2870),
101 RUN_DEV(ABOCOM, RT3070),
102 RUN_DEV(ABOCOM, RT3071),
103 RUN_DEV(ABOCOM, RT3072),
104 RUN_DEV(ABOCOM2, RT2870_1),
105 RUN_DEV(ACCTON, RT2770),
106 RUN_DEV(ACCTON, RT2870_1),
107 RUN_DEV(ACCTON, RT2870_2),
108 RUN_DEV(ACCTON, RT2870_3),
109 RUN_DEV(ACCTON, RT2870_4),
110 RUN_DEV(ACCTON, RT2870_5),
111 RUN_DEV(ACCTON, RT3070),
112 RUN_DEV(ACCTON, RT3070_1),
113 RUN_DEV(ACCTON, RT3070_2),
114 RUN_DEV(ACCTON, RT3070_3),
115 RUN_DEV(ACCTON, RT3070_4),
116 RUN_DEV(ACCTON, RT3070_5),
117 RUN_DEV(AIRTIES, RT3070),
118 RUN_DEV(ALLWIN, RT2070),
119 RUN_DEV(ALLWIN, RT2770),
120 RUN_DEV(ALLWIN, RT2870),
121 RUN_DEV(ALLWIN, RT3070),
122 RUN_DEV(ALLWIN, RT3071),
123 RUN_DEV(ALLWIN, RT3072),
124 RUN_DEV(ALLWIN, RT3572),
125 RUN_DEV(AMIGO, RT2870_1),
126 RUN_DEV(AMIGO, RT2870_2),
127 RUN_DEV(AMIT, CGWLUSB2GNR),
128 RUN_DEV(AMIT, RT2870_1),
129 RUN_DEV(AMIT2, RT2870),
130 RUN_DEV(ASUS, RT2870_1),
131 RUN_DEV(ASUS, RT2870_2),
132 RUN_DEV(ASUS, RT2870_3),
133 RUN_DEV(ASUS, RT2870_4),
134 RUN_DEV(ASUS, RT2870_5),
135 RUN_DEV(ASUS, USBN13),
136 RUN_DEV(ASUS, RT3070_1),
cea9a87b 137 RUN_DEV(ASUS, USBN66),
10f2cea7 138 RUN_DEV(ASUS, USB_N53),
12bd3c8b
SW
139 RUN_DEV(ASUS2, USBN11),
140 RUN_DEV(AZUREWAVE, RT2870_1),
141 RUN_DEV(AZUREWAVE, RT2870_2),
142 RUN_DEV(AZUREWAVE, RT3070_1),
143 RUN_DEV(AZUREWAVE, RT3070_2),
144 RUN_DEV(AZUREWAVE, RT3070_3),
cea9a87b 145 RUN_DEV(BELKIN, F9L1103),
12bd3c8b
SW
146 RUN_DEV(BELKIN, F5D8053V3),
147 RUN_DEV(BELKIN, F5D8055),
148 RUN_DEV(BELKIN, F5D8055V2),
149 RUN_DEV(BELKIN, F6D4050V1),
cea9a87b 150 RUN_DEV(BELKIN, F6D4050V2),
12bd3c8b
SW
151 RUN_DEV(BELKIN, RT2870_1),
152 RUN_DEV(BELKIN, RT2870_2),
153 RUN_DEV(CISCOLINKSYS, AE1000),
154 RUN_DEV(CISCOLINKSYS2, RT3070),
155 RUN_DEV(CISCOLINKSYS3, RT3070),
156 RUN_DEV(CONCEPTRONIC2, RT2870_1),
157 RUN_DEV(CONCEPTRONIC2, RT2870_2),
158 RUN_DEV(CONCEPTRONIC2, RT2870_3),
159 RUN_DEV(CONCEPTRONIC2, RT2870_4),
160 RUN_DEV(CONCEPTRONIC2, RT2870_5),
161 RUN_DEV(CONCEPTRONIC2, RT2870_6),
162 RUN_DEV(CONCEPTRONIC2, RT2870_7),
163 RUN_DEV(CONCEPTRONIC2, RT2870_8),
164 RUN_DEV(CONCEPTRONIC2, RT3070_1),
165 RUN_DEV(CONCEPTRONIC2, RT3070_2),
166 RUN_DEV(CONCEPTRONIC2, VIGORN61),
167 RUN_DEV(COREGA, CGWLUSB300GNM),
168 RUN_DEV(COREGA, RT2870_1),
169 RUN_DEV(COREGA, RT2870_2),
170 RUN_DEV(COREGA, RT2870_3),
171 RUN_DEV(COREGA, RT3070),
172 RUN_DEV(CYBERTAN, RT2870),
173 RUN_DEV(DLINK, RT2870),
174 RUN_DEV(DLINK, RT3072),
cea9a87b
SW
175 RUN_DEV(DLINK, DWA127),
176 RUN_DEV(DLINK, DWA140B3),
177 RUN_DEV(DLINK, DWA160B2),
db706de7 178 RUN_DEV(DLINK, DWA140D1),
cea9a87b 179 RUN_DEV(DLINK, DWA162),
12bd3c8b
SW
180 RUN_DEV(DLINK2, DWA130),
181 RUN_DEV(DLINK2, RT2870_1),
182 RUN_DEV(DLINK2, RT2870_2),
183 RUN_DEV(DLINK2, RT3070_1),
184 RUN_DEV(DLINK2, RT3070_2),
185 RUN_DEV(DLINK2, RT3070_3),
186 RUN_DEV(DLINK2, RT3070_4),
187 RUN_DEV(DLINK2, RT3070_5),
188 RUN_DEV(DLINK2, RT3072),
189 RUN_DEV(DLINK2, RT3072_1),
190 RUN_DEV(EDIMAX, EW7717),
191 RUN_DEV(EDIMAX, EW7718),
cea9a87b 192 RUN_DEV(EDIMAX, EW7733UND),
12bd3c8b
SW
193 RUN_DEV(EDIMAX, RT2870_1),
194 RUN_DEV(ENCORE, RT3070_1),
195 RUN_DEV(ENCORE, RT3070_2),
196 RUN_DEV(ENCORE, RT3070_3),
197 RUN_DEV(GIGABYTE, GNWB31N),
198 RUN_DEV(GIGABYTE, GNWB32L),
199 RUN_DEV(GIGABYTE, RT2870_1),
200 RUN_DEV(GIGASET, RT3070_1),
201 RUN_DEV(GIGASET, RT3070_2),
202 RUN_DEV(GUILLEMOT, HWNU300),
203 RUN_DEV(HAWKING, HWUN2),
204 RUN_DEV(HAWKING, RT2870_1),
205 RUN_DEV(HAWKING, RT2870_2),
206 RUN_DEV(HAWKING, RT3070),
207 RUN_DEV(IODATA, RT3072_1),
208 RUN_DEV(IODATA, RT3072_2),
209 RUN_DEV(IODATA, RT3072_3),
210 RUN_DEV(IODATA, RT3072_4),
211 RUN_DEV(LINKSYS4, RT3070),
212 RUN_DEV(LINKSYS4, WUSB100),
213 RUN_DEV(LINKSYS4, WUSB54GCV3),
214 RUN_DEV(LINKSYS4, WUSB600N),
215 RUN_DEV(LINKSYS4, WUSB600NV2),
216 RUN_DEV(LOGITEC, RT2870_1),
217 RUN_DEV(LOGITEC, RT2870_2),
218 RUN_DEV(LOGITEC, RT2870_3),
219 RUN_DEV(LOGITEC, LANW300NU2),
10f2cea7
SW
220 RUN_DEV(LOGITEC, LANW150NU2),
221 RUN_DEV(LOGITEC, LANW300NU2S),
d52983bd 222 RUN_DEV(MELCO, WLIUCG300HP),
12bd3c8b
SW
223 RUN_DEV(MELCO, RT2870_2),
224 RUN_DEV(MELCO, WLIUCAG300N),
225 RUN_DEV(MELCO, WLIUCG300N),
226 RUN_DEV(MELCO, WLIUCG301N),
227 RUN_DEV(MELCO, WLIUCGN),
228 RUN_DEV(MELCO, WLIUCGNM),
d52983bd 229 RUN_DEV(MELCO, WLIUCG300HPV1),
10f2cea7 230 RUN_DEV(MELCO, WLIUCGNM2),
12bd3c8b
SW
231 RUN_DEV(MOTOROLA4, RT2770),
232 RUN_DEV(MOTOROLA4, RT3070),
233 RUN_DEV(MSI, RT3070_1),
234 RUN_DEV(MSI, RT3070_2),
235 RUN_DEV(MSI, RT3070_3),
236 RUN_DEV(MSI, RT3070_4),
237 RUN_DEV(MSI, RT3070_5),
238 RUN_DEV(MSI, RT3070_6),
239 RUN_DEV(MSI, RT3070_7),
240 RUN_DEV(MSI, RT3070_8),
241 RUN_DEV(MSI, RT3070_9),
242 RUN_DEV(MSI, RT3070_10),
243 RUN_DEV(MSI, RT3070_11),
d52983bd 244 RUN_DEV(NETGEAR, WNDA4100),
12bd3c8b
SW
245 RUN_DEV(OVISLINK, RT3072),
246 RUN_DEV(PARA, RT3070),
247 RUN_DEV(PEGATRON, RT2870),
248 RUN_DEV(PEGATRON, RT3070),
249 RUN_DEV(PEGATRON, RT3070_2),
250 RUN_DEV(PEGATRON, RT3070_3),
251 RUN_DEV(PHILIPS, RT2870),
252 RUN_DEV(PLANEX2, GWUS300MINIS),
253 RUN_DEV(PLANEX2, GWUSMICRON),
254 RUN_DEV(PLANEX2, RT2870),
255 RUN_DEV(PLANEX2, RT3070),
256 RUN_DEV(QCOM, RT2870),
257 RUN_DEV(QUANTA, RT3070),
258 RUN_DEV(RALINK, RT2070),
259 RUN_DEV(RALINK, RT2770),
260 RUN_DEV(RALINK, RT2870),
261 RUN_DEV(RALINK, RT3070),
262 RUN_DEV(RALINK, RT3071),
263 RUN_DEV(RALINK, RT3072),
264 RUN_DEV(RALINK, RT3370),
265 RUN_DEV(RALINK, RT3572),
cea9a87b
SW
266 RUN_DEV(RALINK, RT3573),
267 RUN_DEV(RALINK, RT5370),
268 RUN_DEV(RALINK, RT5572),
12bd3c8b
SW
269 RUN_DEV(RALINK, RT8070),
270 RUN_DEV(SAMSUNG, WIS09ABGN),
271 RUN_DEV(SAMSUNG2, RT2870_1),
272 RUN_DEV(SENAO, RT2870_1),
273 RUN_DEV(SENAO, RT2870_2),
274 RUN_DEV(SENAO, RT2870_3),
275 RUN_DEV(SENAO, RT2870_4),
276 RUN_DEV(SENAO, RT3070),
277 RUN_DEV(SENAO, RT3071),
278 RUN_DEV(SENAO, RT3072_1),
279 RUN_DEV(SENAO, RT3072_2),
280 RUN_DEV(SENAO, RT3072_3),
281 RUN_DEV(SENAO, RT3072_4),
282 RUN_DEV(SENAO, RT3072_5),
283 RUN_DEV(SITECOMEU, RT2770),
284 RUN_DEV(SITECOMEU, RT2870_1),
285 RUN_DEV(SITECOMEU, RT2870_2),
286 RUN_DEV(SITECOMEU, RT2870_3),
287 RUN_DEV(SITECOMEU, RT2870_4),
288 RUN_DEV(SITECOMEU, RT3070),
289 RUN_DEV(SITECOMEU, RT3070_2),
290 RUN_DEV(SITECOMEU, RT3070_3),
291 RUN_DEV(SITECOMEU, RT3070_4),
292 RUN_DEV(SITECOMEU, RT3071),
293 RUN_DEV(SITECOMEU, RT3072_1),
294 RUN_DEV(SITECOMEU, RT3072_2),
295 RUN_DEV(SITECOMEU, RT3072_3),
296 RUN_DEV(SITECOMEU, RT3072_4),
297 RUN_DEV(SITECOMEU, RT3072_5),
298 RUN_DEV(SITECOMEU, RT3072_6),
299 RUN_DEV(SITECOMEU, WL608),
300 RUN_DEV(SPARKLAN, RT2870_1),
301 RUN_DEV(SPARKLAN, RT3070),
302 RUN_DEV(SWEEX2, LW153),
303 RUN_DEV(SWEEX2, LW303),
304 RUN_DEV(SWEEX2, LW313),
305 RUN_DEV(TOSHIBA, RT3070),
306 RUN_DEV(UMEDIA, RT2870_1),
307 RUN_DEV(ZCOM, RT2870_1),
308 RUN_DEV(ZCOM, RT2870_2),
309 RUN_DEV(ZINWELL, RT2870_1),
310 RUN_DEV(ZINWELL, RT2870_2),
311 RUN_DEV(ZINWELL, RT3070),
312 RUN_DEV(ZINWELL, RT3072_1),
313 RUN_DEV(ZINWELL, RT3072_2),
314 RUN_DEV(ZYXEL, RT2870_1),
315 RUN_DEV(ZYXEL, RT2870_2),
db706de7 316 RUN_DEV(ZYXEL, RT3070),
cea9a87b
SW
317 RUN_DEV_EJECT(ZYXEL, NWD2705),
318 RUN_DEV_EJECT(RALINK, RT_STOR),
319#undef RUN_DEV_EJECT
12bd3c8b
SW
320#undef RUN_DEV
321};
322
323static device_probe_t run_match;
324static device_attach_t run_attach;
325static device_detach_t run_detach;
326
327static usb_callback_t run_bulk_rx_callback;
328static usb_callback_t run_bulk_tx_callback0;
329static usb_callback_t run_bulk_tx_callback1;
330static usb_callback_t run_bulk_tx_callback2;
331static usb_callback_t run_bulk_tx_callback3;
332static usb_callback_t run_bulk_tx_callback4;
333static usb_callback_t run_bulk_tx_callback5;
334
cea9a87b
SW
335static void run_autoinst(void *, struct usb_device *,
336 struct usb_attach_arg *);
337static int run_driver_loaded(struct module *, int, void *);
12bd3c8b 338static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
cea9a87b 339 usb_error_t error, u_int index);
12bd3c8b
SW
340static struct ieee80211vap *run_vap_create(struct ieee80211com *,
341 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
342 const uint8_t [IEEE80211_ADDR_LEN],
343 const uint8_t [IEEE80211_ADDR_LEN]);
344static void run_vap_delete(struct ieee80211vap *);
345static void run_cmdq_cb(void *, int);
346static void run_setup_tx_list(struct run_softc *,
347 struct run_endpoint_queue *);
348static void run_unsetup_tx_list(struct run_softc *,
349 struct run_endpoint_queue *);
350static int run_load_microcode(struct run_softc *);
351static int run_reset(struct run_softc *);
352static usb_error_t run_do_request(struct run_softc *,
353 struct usb_device_request *, void *);
354static int run_read(struct run_softc *, uint16_t, uint32_t *);
355static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
356static int run_write_2(struct run_softc *, uint16_t, uint16_t);
357static int run_write(struct run_softc *, uint16_t, uint32_t);
358static int run_write_region_1(struct run_softc *, uint16_t,
359 const uint8_t *, int);
360static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
cea9a87b 361static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
12bd3c8b
SW
362static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
363static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
cea9a87b 364static int run_rt2870_rf_write(struct run_softc *, uint32_t);
12bd3c8b
SW
365static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
366static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
367static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
368static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
369static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
cea9a87b
SW
370static const char *run_get_rf(uint16_t);
371static void run_rt3593_get_txpower(struct run_softc *);
372static void run_get_txpower(struct run_softc *);
12bd3c8b
SW
373static int run_read_eeprom(struct run_softc *);
374static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
375 const uint8_t mac[IEEE80211_ADDR_LEN]);
376static int run_media_change(struct ifnet *);
377static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
378static int run_wme_update(struct ieee80211com *);
12bd3c8b 379static void run_key_set_cb(void *);
d52983bd 380static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
12bd3c8b
SW
381static void run_key_delete_cb(void *);
382static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
383static void run_ratectl_to(void *);
384static void run_ratectl_cb(void *, int);
385static void run_drain_fifo(void *);
386static void run_iter_func(void *, struct ieee80211_node *);
387static void run_newassoc_cb(void *);
388static void run_newassoc(struct ieee80211_node *, int);
d52983bd
IV
389static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
390 const struct ieee80211_rx_stats *, int, int);
12bd3c8b
SW
391static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
392static void run_tx_free(struct run_endpoint_queue *pq,
393 struct run_tx_data *, int);
394static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
395static int run_tx(struct run_softc *, struct mbuf *,
396 struct ieee80211_node *);
397static int run_tx_mgt(struct run_softc *, struct mbuf *,
398 struct ieee80211_node *);
399static int run_sendprot(struct run_softc *, const struct mbuf *,
400 struct ieee80211_node *, int, int);
401static int run_tx_param(struct run_softc *, struct mbuf *,
402 struct ieee80211_node *,
403 const struct ieee80211_bpf_params *);
404static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
405 const struct ieee80211_bpf_params *);
d52983bd
IV
406static int run_transmit(struct ieee80211com *, struct mbuf *);
407static void run_start(struct run_softc *);
408static void run_parent(struct ieee80211com *);
cea9a87b 409static void run_iq_calib(struct run_softc *, u_int);
12bd3c8b
SW
410static void run_set_agc(struct run_softc *, uint8_t);
411static void run_select_chan_group(struct run_softc *, int);
412static void run_set_rx_antenna(struct run_softc *, int);
413static void run_rt2870_set_chan(struct run_softc *, u_int);
414static void run_rt3070_set_chan(struct run_softc *, u_int);
415static void run_rt3572_set_chan(struct run_softc *, u_int);
cea9a87b
SW
416static void run_rt3593_set_chan(struct run_softc *, u_int);
417static void run_rt5390_set_chan(struct run_softc *, u_int);
418static void run_rt5592_set_chan(struct run_softc *, u_int);
12bd3c8b
SW
419static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
420static void run_set_channel(struct ieee80211com *);
421static void run_scan_start(struct ieee80211com *);
422static void run_scan_end(struct ieee80211com *);
423static void run_update_beacon(struct ieee80211vap *, int);
424static void run_update_beacon_cb(void *);
425static void run_updateprot(struct ieee80211com *);
426static void run_updateprot_cb(void *);
427static void run_usb_timeout_cb(void *);
428static void run_reset_livelock(struct run_softc *);
429static void run_enable_tsf_sync(struct run_softc *);
d52983bd
IV
430static void run_enable_tsf(struct run_softc *);
431static void run_get_tsf(struct run_softc *, uint64_t *);
12bd3c8b
SW
432static void run_enable_mrr(struct run_softc *);
433static void run_set_txpreamble(struct run_softc *);
434static void run_set_basicrates(struct run_softc *);
435static void run_set_leds(struct run_softc *, uint16_t);
436static void run_set_bssid(struct run_softc *, const uint8_t *);
437static void run_set_macaddr(struct run_softc *, const uint8_t *);
4f898719 438static void run_updateslot(struct ieee80211com *);
12bd3c8b 439static void run_updateslot_cb(void *);
4f898719 440static void run_update_mcast(struct ieee80211com *);
12bd3c8b 441static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
4f898719
IV
442static void run_update_promisc_locked(struct run_softc *);
443static void run_update_promisc(struct ieee80211com *);
cea9a87b 444static void run_rt5390_bbp_init(struct run_softc *);
12bd3c8b
SW
445static int run_bbp_init(struct run_softc *);
446static int run_rt3070_rf_init(struct run_softc *);
cea9a87b
SW
447static void run_rt3593_rf_init(struct run_softc *);
448static void run_rt5390_rf_init(struct run_softc *);
12bd3c8b
SW
449static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
450 uint8_t *);
451static void run_rt3070_rf_setup(struct run_softc *);
cea9a87b
SW
452static void run_rt3593_rf_setup(struct run_softc *);
453static void run_rt5390_rf_setup(struct run_softc *);
12bd3c8b 454static int run_txrx_enable(struct run_softc *);
cea9a87b 455static void run_adjust_freq_offset(struct run_softc *);
12bd3c8b
SW
456static void run_init_locked(struct run_softc *);
457static void run_stop(void *);
cea9a87b
SW
458static void run_delay(struct run_softc *, u_int);
459
460static eventhandler_tag run_etag;
461
462static const struct rt2860_rate {
463 uint8_t rate;
464 uint8_t mcs;
465 enum ieee80211_phytype phy;
466 uint8_t ctl_ridx;
467 uint16_t sp_ack_dur;
468 uint16_t lp_ack_dur;
469} rt2860_rates[] = {
470 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
471 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
472 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
473 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
474 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
475 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
476 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
477 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
478 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
479 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
480 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
481 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
482};
12bd3c8b
SW
483
484static const struct {
485 uint16_t reg;
486 uint32_t val;
487} rt2870_def_mac[] = {
488 RT2870_DEF_MAC
489};
490
491static const struct {
492 uint8_t reg;
493 uint8_t val;
494} rt2860_def_bbp[] = {
495 RT2860_DEF_BBP
cea9a87b
SW
496},rt5390_def_bbp[] = {
497 RT5390_DEF_BBP
498},rt5592_def_bbp[] = {
499 RT5592_DEF_BBP
500};
501
502/*
503 * Default values for BBP register R196 for RT5592.
504 */
505static const uint8_t rt5592_bbp_r196[] = {
506 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
507 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
508 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
509 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
510 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
511 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
513 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
514 0x2e, 0x36, 0x30, 0x6e
12bd3c8b
SW
515};
516
517static const struct rfprog {
518 uint8_t chan;
519 uint32_t r1, r2, r3, r4;
520} rt2860_rf2850[] = {
521 RT2860_RF2850
522};
523
524struct {
525 uint8_t n, r, k;
526} rt3070_freqs[] = {
527 RT3070_RF3052
528};
529
cea9a87b
SW
530static const struct rt5592_freqs {
531 uint16_t n;
532 uint8_t k, m, r;
533} rt5592_freqs_20mhz[] = {
534 RT5592_RF5592_20MHZ
535},rt5592_freqs_40mhz[] = {
536 RT5592_RF5592_40MHZ
537};
538
12bd3c8b
SW
539static const struct {
540 uint8_t reg;
541 uint8_t val;
542} rt3070_def_rf[] = {
543 RT3070_DEF_RF
544},rt3572_def_rf[] = {
545 RT3572_DEF_RF
cea9a87b
SW
546},rt3593_def_rf[] = {
547 RT3593_DEF_RF
548},rt5390_def_rf[] = {
549 RT5390_DEF_RF
550},rt5392_def_rf[] = {
551 RT5392_DEF_RF
552},rt5592_def_rf[] = {
553 RT5592_DEF_RF
554},rt5592_2ghz_def_rf[] = {
555 RT5592_2GHZ_DEF_RF
556},rt5592_5ghz_def_rf[] = {
557 RT5592_5GHZ_DEF_RF
558};
559
560static const struct {
561 u_int firstchan;
562 u_int lastchan;
563 uint8_t reg;
564 uint8_t val;
565} rt5592_chan_5ghz[] = {
566 RT5592_CHAN_5GHZ
12bd3c8b
SW
567};
568
569static const struct usb_config run_config[RUN_N_XFER] = {
570 [RUN_BULK_TX_BE] = {
571 .type = UE_BULK,
572 .endpoint = UE_ADDR_ANY,
573 .ep_index = 0,
574 .direction = UE_DIR_OUT,
575 .bufsize = RUN_MAX_TXSZ,
576 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
577 .callback = run_bulk_tx_callback0,
578 .timeout = 5000, /* ms */
579 },
580 [RUN_BULK_TX_BK] = {
581 .type = UE_BULK,
582 .endpoint = UE_ADDR_ANY,
583 .direction = UE_DIR_OUT,
584 .ep_index = 1,
585 .bufsize = RUN_MAX_TXSZ,
586 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
587 .callback = run_bulk_tx_callback1,
588 .timeout = 5000, /* ms */
589 },
590 [RUN_BULK_TX_VI] = {
591 .type = UE_BULK,
592 .endpoint = UE_ADDR_ANY,
593 .direction = UE_DIR_OUT,
594 .ep_index = 2,
595 .bufsize = RUN_MAX_TXSZ,
596 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
597 .callback = run_bulk_tx_callback2,
598 .timeout = 5000, /* ms */
599 },
600 [RUN_BULK_TX_VO] = {
601 .type = UE_BULK,
602 .endpoint = UE_ADDR_ANY,
603 .direction = UE_DIR_OUT,
604 .ep_index = 3,
605 .bufsize = RUN_MAX_TXSZ,
606 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
607 .callback = run_bulk_tx_callback3,
608 .timeout = 5000, /* ms */
609 },
610 [RUN_BULK_TX_HCCA] = {
611 .type = UE_BULK,
612 .endpoint = UE_ADDR_ANY,
613 .direction = UE_DIR_OUT,
614 .ep_index = 4,
615 .bufsize = RUN_MAX_TXSZ,
616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
617 .callback = run_bulk_tx_callback4,
618 .timeout = 5000, /* ms */
619 },
620 [RUN_BULK_TX_PRIO] = {
621 .type = UE_BULK,
622 .endpoint = UE_ADDR_ANY,
623 .direction = UE_DIR_OUT,
624 .ep_index = 5,
625 .bufsize = RUN_MAX_TXSZ,
626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
627 .callback = run_bulk_tx_callback5,
628 .timeout = 5000, /* ms */
629 },
630 [RUN_BULK_RX] = {
631 .type = UE_BULK,
632 .endpoint = UE_ADDR_ANY,
633 .direction = UE_DIR_IN,
634 .bufsize = RUN_MAX_RXSZ,
635 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
636 .callback = run_bulk_rx_callback,
637 }
638};
639
cea9a87b
SW
640static void
641run_autoinst(void *arg, struct usb_device *udev,
642 struct usb_attach_arg *uaa)
643{
644 struct usb_interface *iface;
645 struct usb_interface_descriptor *id;
646
647 if (uaa->dev_state != UAA_DEV_READY)
648 return;
649
650 iface = usbd_get_iface(udev, 0);
651 if (iface == NULL)
652 return;
653 id = iface->idesc;
654 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
655 return;
656 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
657 return;
658
659 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
660 uaa->dev_state = UAA_DEV_EJECTING;
661}
662
663static int
664run_driver_loaded(struct module *mod, int what, void *arg)
665{
666 switch (what) {
667 case MOD_LOAD:
668 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
669 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
670 break;
671 case MOD_UNLOAD:
672 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
673 break;
674 default:
675 return (EOPNOTSUPP);
676 }
677 return (0);
678}
679
12bd3c8b
SW
680static int
681run_match(device_t self)
682{
683 struct usb_attach_arg *uaa = device_get_ivars(self);
684
685 if (uaa->usb_mode != USB_MODE_HOST)
686 return (ENXIO);
687 if (uaa->info.bConfigIndex != 0)
688 return (ENXIO);
689 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
690 return (ENXIO);
691
692 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
693}
694
695static int
696run_attach(device_t self)
697{
698 struct run_softc *sc = device_get_softc(self);
699 struct usb_attach_arg *uaa = device_get_ivars(self);
d52983bd 700 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b 701 uint32_t ver;
d52983bd
IV
702 uint8_t bands[IEEE80211_MODE_BYTES];
703 uint8_t iface_index;
cea9a87b 704 int ntries, error;
12bd3c8b
SW
705
706 device_set_usb_desc(self);
707 sc->sc_udev = uaa->device;
708 sc->sc_dev = self;
cea9a87b
SW
709 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
710 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
12bd3c8b 711
d52983bd 712#if defined(__DragonFly__)
10f2cea7
SW
713 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev),
714 0, LK_CANRECURSE);
d52983bd
IV
715#else
716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
717 MTX_NETWORK_LOCK, MTX_DEF);
718#endif
719 mbufq_init(&sc->sc_snd, ifqmaxlen);
12bd3c8b
SW
720
721 iface_index = RT2860_IFACE_INDEX;
722
723 error = usbd_transfer_setup(uaa->device, &iface_index,
10f2cea7 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock);
12bd3c8b
SW
725 if (error) {
726 device_printf(self, "could not allocate USB transfers, "
727 "err=%s\n", usbd_errstr(error));
728 goto detach;
729 }
730
731 RUN_LOCK(sc);
732
733 /* wait for the chip to settle */
734 for (ntries = 0; ntries < 100; ntries++) {
735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
736 RUN_UNLOCK(sc);
737 goto detach;
738 }
739 if (ver != 0 && ver != 0xffffffff)
740 break;
741 run_delay(sc, 10);
742 }
743 if (ntries == 100) {
744 device_printf(sc->sc_dev,
745 "timeout waiting for NIC to initialize\n");
746 RUN_UNLOCK(sc);
747 goto detach;
748 }
749 sc->mac_ver = ver >> 16;
750 sc->mac_rev = ver & 0xffff;
751
752 /* retrieve RF rev. no and various other things from EEPROM */
753 run_read_eeprom(sc);
754
755 device_printf(sc->sc_dev,
756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
d52983bd 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
12bd3c8b
SW
759
760 RUN_UNLOCK(sc);
761
6153be8c 762 ic->ic_softc = sc;
d52983bd 763 ic->ic_name = device_get_nameunit(self);
12bd3c8b
SW
764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
766
767 /* set device capabilities */
768 ic->ic_caps =
769 IEEE80211_C_STA | /* station mode supported */
770 IEEE80211_C_MONITOR | /* monitor mode supported */
771 IEEE80211_C_IBSS |
772 IEEE80211_C_HOSTAP |
773 IEEE80211_C_WDS | /* 4-address traffic works */
774 IEEE80211_C_MBSS |
775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
776 IEEE80211_C_SHSLOT | /* short slot time supported */
777 IEEE80211_C_WME | /* WME */
778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
779
780 ic->ic_cryptocaps =
781 IEEE80211_CRYPTO_WEP |
782 IEEE80211_CRYPTO_AES_CCM |
783 IEEE80211_CRYPTO_TKIPMIC |
784 IEEE80211_CRYPTO_TKIP;
785
786 ic->ic_flags |= IEEE80211_F_DATAPAD;
787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
788
d52983bd
IV
789 memset(bands, 0, sizeof(bands));
790 setbit(bands, IEEE80211_MODE_11B);
791 setbit(bands, IEEE80211_MODE_11G);
cea9a87b
SW
792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
794 sc->rf_rev == RT5592_RF_5592)
d52983bd
IV
795 setbit(bands, IEEE80211_MODE_11A);
796 ieee80211_init_channels(ic, NULL, bands);
12bd3c8b 797
d52983bd 798 ieee80211_ifattach(ic);
12bd3c8b
SW
799
800 ic->ic_scan_start = run_scan_start;
801 ic->ic_scan_end = run_scan_end;
802 ic->ic_set_channel = run_set_channel;
803 ic->ic_node_alloc = run_node_alloc;
804 ic->ic_newassoc = run_newassoc;
805 ic->ic_updateslot = run_updateslot;
806 ic->ic_update_mcast = run_update_mcast;
807 ic->ic_wme.wme_update = run_wme_update;
808 ic->ic_raw_xmit = run_raw_xmit;
809 ic->ic_update_promisc = run_update_promisc;
12bd3c8b
SW
810 ic->ic_vap_create = run_vap_create;
811 ic->ic_vap_delete = run_vap_delete;
d52983bd
IV
812 ic->ic_transmit = run_transmit;
813 ic->ic_parent = run_parent;
12bd3c8b
SW
814
815 ieee80211_radiotap_attach(ic,
816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
817 RUN_TX_RADIOTAP_PRESENT,
818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
819 RUN_RX_RADIOTAP_PRESENT);
820
821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
d52983bd 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 0);
12bd3c8b
SW
824
825 if (bootverbose)
826 ieee80211_announce(ic);
827
828 return (0);
829
830detach:
831 run_detach(self);
832 return (ENXIO);
833}
834
d52983bd
IV
835static void
836run_drain_mbufq(struct run_softc *sc)
837{
838 struct mbuf *m;
839 struct ieee80211_node *ni;
840
841 RUN_LOCK_ASSERT(sc, MA_OWNED);
842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
844 m->m_pkthdr.rcvif = NULL;
845 ieee80211_free_node(ni);
846 m_freem(m);
847 }
848}
849
12bd3c8b
SW
850static int
851run_detach(device_t self)
852{
853 struct run_softc *sc = device_get_softc(self);
d52983bd 854 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
855 int i;
856
d52983bd 857 RUN_LOCK(sc);
10f2cea7 858 sc->sc_detached = 1;
d52983bd 859 RUN_UNLOCK(sc);
10f2cea7 860
12bd3c8b
SW
861 /* stop all USB transfers */
862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
863
864 RUN_LOCK(sc);
12bd3c8b
SW
865 sc->ratectl_run = RUN_RATECTL_OFF;
866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
867
868 /* free TX list, if any */
869 for (i = 0; i != RUN_EP_QUEUES; i++)
870 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
d52983bd
IV
871
872 /* Free TX queue */
873 run_drain_mbufq(sc);
12bd3c8b
SW
874 RUN_UNLOCK(sc);
875
d52983bd 876 if (sc->sc_ic.ic_softc == sc) {
12bd3c8b
SW
877 /* drain tasks */
878 usb_callout_drain(&sc->ratectl_ch);
879 ieee80211_draintask(ic, &sc->cmdq_task);
880 ieee80211_draintask(ic, &sc->ratectl_task);
881 ieee80211_ifdetach(ic);
12bd3c8b
SW
882 }
883
d52983bd 884#if defined(__DragonFly__)
10f2cea7 885 lockuninit(&sc->sc_lock);
d52983bd
IV
886#else
887 mtx_destroy(&sc->sc_mtx);
888#endif
12bd3c8b
SW
889
890 return (0);
891}
892
893static struct ieee80211vap *
894run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
895 enum ieee80211_opmode opmode, int flags,
896 const uint8_t bssid[IEEE80211_ADDR_LEN],
897 const uint8_t mac[IEEE80211_ADDR_LEN])
898{
b5730aca 899 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
900 struct run_vap *rvp;
901 struct ieee80211vap *vap;
902 int i;
903
904 if (sc->rvp_cnt >= RUN_VAP_MAX) {
d52983bd 905 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
12bd3c8b
SW
906 return (NULL);
907 }
908
909 switch (opmode) {
910 case IEEE80211_M_STA:
911 /* enable s/w bmiss handling for sta mode */
912 flags |= IEEE80211_CLONE_NOBEACONS;
913 /* fall though */
914 case IEEE80211_M_IBSS:
915 case IEEE80211_M_MONITOR:
916 case IEEE80211_M_HOSTAP:
917 case IEEE80211_M_MBSS:
918 /* other than WDS vaps, only one at a time */
919 if (!TAILQ_EMPTY(&ic->ic_vaps))
920 return (NULL);
921 break;
922 case IEEE80211_M_WDS:
923 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
924 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
925 continue;
926 /* WDS vap's always share the local mac address. */
927 flags &= ~IEEE80211_CLONE_BSSID;
928 break;
929 }
930 if (vap == NULL) {
d52983bd
IV
931 device_printf(sc->sc_dev,
932 "wds only supported in ap mode\n");
12bd3c8b
SW
933 return (NULL);
934 }
935 break;
936 default:
d52983bd 937 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
12bd3c8b
SW
938 return (NULL);
939 }
940
d52983bd 941 rvp = kmalloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
12bd3c8b 942 vap = &rvp->vap;
cea9a87b 943
d52983bd
IV
944 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
945 bssid) != 0) {
cea9a87b
SW
946 /* out of memory */
947 kfree(rvp, M_80211_VAP);
948 return (NULL);
949 }
12bd3c8b 950
12bd3c8b
SW
951 vap->iv_update_beacon = run_update_beacon;
952 vap->iv_max_aid = RT2870_WCID_MAX;
953 /*
954 * To delete the right key from h/w, we need wcid.
955 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
956 * and matching wcid will be written into there. So, cast
957 * some spells to remove 'const' from ieee80211_key{}
958 */
959 vap->iv_key_delete = (void *)run_key_delete;
960 vap->iv_key_set = (void *)run_key_set;
961
962 /* override state transition machine */
963 rvp->newstate = vap->iv_newstate;
964 vap->iv_newstate = run_newstate;
d52983bd
IV
965 if (opmode == IEEE80211_M_IBSS) {
966 rvp->recv_mgmt = vap->iv_recv_mgmt;
967 vap->iv_recv_mgmt = run_recv_mgmt;
968 }
12bd3c8b
SW
969
970 ieee80211_ratectl_init(vap);
971 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
972
973 /* complete setup */
d52983bd
IV
974 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
975 mac);
12bd3c8b
SW
976
977 /* make sure id is always unique */
978 for (i = 0; i < RUN_VAP_MAX; i++) {
979 if((sc->rvp_bmap & 1 << i) == 0){
980 sc->rvp_bmap |= 1 << i;
981 rvp->rvp_id = i;
982 break;
983 }
984 }
985 if (sc->rvp_cnt++ == 0)
986 ic->ic_opmode = opmode;
987
988 if (opmode == IEEE80211_M_HOSTAP)
989 sc->cmdq_run = RUN_CMDQ_GO;
990
991 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
992 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
993
994 return (vap);
995}
996
997static void
998run_vap_delete(struct ieee80211vap *vap)
999{
1000 struct run_vap *rvp = RUN_VAP(vap);
12bd3c8b
SW
1001 struct ieee80211com *ic;
1002 struct run_softc *sc;
1003 uint8_t rvp_id;
1004
1005 if (vap == NULL)
1006 return;
1007
1008 ic = vap->iv_ic;
b5730aca 1009 sc = ic->ic_softc;
12bd3c8b
SW
1010
1011 RUN_LOCK(sc);
1012
1013 m_freem(rvp->beacon_mbuf);
1014 rvp->beacon_mbuf = NULL;
1015
1016 rvp_id = rvp->rvp_id;
1017 sc->ratectl_run &= ~(1 << rvp_id);
1018 sc->rvp_bmap &= ~(1 << rvp_id);
1019 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1020 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1021 --sc->rvp_cnt;
1022
1023 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1024 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1025
1026 RUN_UNLOCK(sc);
1027
1028 ieee80211_ratectl_deinit(vap);
1029 ieee80211_vap_detach(vap);
10f2cea7 1030 kfree(rvp, M_80211_VAP);
12bd3c8b
SW
1031}
1032
1033/*
1034 * There are numbers of functions need to be called in context thread.
1035 * Rather than creating taskqueue event for each of those functions,
1036 * here is all-for-one taskqueue callback function. This function
d52983bd 1037 * guarantees deferred functions are executed in the same order they
12bd3c8b
SW
1038 * were enqueued.
1039 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1040 */
1041static void
1042run_cmdq_cb(void *arg, int pending)
1043{
1044 struct run_softc *sc = arg;
1045 uint8_t i;
1046
1047 /* call cmdq[].func locked */
1048 RUN_LOCK(sc);
1049 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1050 i = sc->cmdq_exec, pending--) {
1051 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1052 if (sc->cmdq_run == RUN_CMDQ_GO) {
1053 /*
1054 * If arg0 is NULL, callback func needs more
1055 * than one arg. So, pass ptr to cmdq struct.
1056 */
1057 if (sc->cmdq[i].arg0)
1058 sc->cmdq[i].func(sc->cmdq[i].arg0);
1059 else
1060 sc->cmdq[i].func(&sc->cmdq[i]);
1061 }
1062 sc->cmdq[i].arg0 = NULL;
1063 sc->cmdq[i].func = NULL;
1064 sc->cmdq_exec++;
1065 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1066 }
1067 RUN_UNLOCK(sc);
1068}
1069
1070static void
1071run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1072{
1073 struct run_tx_data *data;
1074
1075 memset(pq, 0, sizeof(*pq));
1076
1077 STAILQ_INIT(&pq->tx_qh);
1078 STAILQ_INIT(&pq->tx_fh);
1079
1080 for (data = &pq->tx_data[0];
1081 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1082 data->sc = sc;
1083 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1084 }
1085 pq->tx_nfree = RUN_TX_RING_COUNT;
1086}
1087
1088static void
1089run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1090{
1091 struct run_tx_data *data;
1092
1093 /* make sure any subsequent use of the queues will fail */
1094 pq->tx_nfree = 0;
1095 STAILQ_INIT(&pq->tx_fh);
1096 STAILQ_INIT(&pq->tx_qh);
1097
1098 /* free up all node references and mbufs */
1099 for (data = &pq->tx_data[0];
1100 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1101 if (data->m != NULL) {
1102 m_freem(data->m);
1103 data->m = NULL;
1104 }
1105 if (data->ni != NULL) {
1106 ieee80211_free_node(data->ni);
1107 data->ni = NULL;
1108 }
1109 }
1110}
1111
1112static int
1113run_load_microcode(struct run_softc *sc)
1114{
1115 usb_device_request_t req;
1116 const struct firmware *fw;
1117 const u_char *base;
1118 uint32_t tmp;
1119 int ntries, error;
1120 const uint64_t *temp;
1121 uint64_t bytes;
1122
d52983bd 1123 RUN_UNLOCK(sc);
12bd3c8b 1124 fw = firmware_get("runfw");
d52983bd 1125 RUN_LOCK(sc);
12bd3c8b
SW
1126 if (fw == NULL) {
1127 device_printf(sc->sc_dev,
1128 "failed loadfirmware of file %s\n", "runfw");
1129 return ENOENT;
1130 }
1131
1132 if (fw->datasize != 8192) {
1133 device_printf(sc->sc_dev,
1134 "invalid firmware size (should be 8KB)\n");
1135 error = EINVAL;
1136 goto fail;
1137 }
1138
1139 /*
1140 * RT3071/RT3072 use a different firmware
1141 * run-rt2870 (8KB) contains both,
1142 * first half (4KB) is for rt2870,
1143 * last half is for rt3071.
1144 */
1145 base = fw->data;
1146 if ((sc->mac_ver) != 0x2860 &&
1147 (sc->mac_ver) != 0x2872 &&
1148 (sc->mac_ver) != 0x3070) {
1149 base += 4096;
1150 }
1151
1152 /* cheap sanity check */
9d2642a2 1153 temp = (const void *)fw->data;
12bd3c8b 1154 bytes = *temp;
cea9a87b 1155 if (bytes != be64toh(0xffffff0210280210ULL)) {
12bd3c8b
SW
1156 device_printf(sc->sc_dev, "firmware checksum failed\n");
1157 error = EINVAL;
1158 goto fail;
1159 }
1160
12bd3c8b 1161 /* write microcode image */
cea9a87b
SW
1162 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1163 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1164 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1165 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1166 }
12bd3c8b
SW
1167
1168 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1169 req.bRequest = RT2870_RESET;
1170 USETW(req.wValue, 8);
1171 USETW(req.wIndex, 0);
1172 USETW(req.wLength, 0);
10f2cea7 1173 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL))
12bd3c8b
SW
1174 != 0) {
1175 device_printf(sc->sc_dev, "firmware reset failed\n");
1176 goto fail;
1177 }
1178
1179 run_delay(sc, 10);
1180
cea9a87b 1181 run_write(sc, RT2860_H2M_BBPAGENT, 0);
12bd3c8b 1182 run_write(sc, RT2860_H2M_MAILBOX, 0);
cea9a87b 1183 run_write(sc, RT2860_H2M_INTSRC, 0);
12bd3c8b
SW
1184 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1185 goto fail;
1186
1187 /* wait until microcontroller is ready */
1188 for (ntries = 0; ntries < 1000; ntries++) {
cea9a87b 1189 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
12bd3c8b 1190 goto fail;
12bd3c8b
SW
1191 if (tmp & RT2860_MCU_READY)
1192 break;
1193 run_delay(sc, 10);
1194 }
1195 if (ntries == 1000) {
1196 device_printf(sc->sc_dev,
1197 "timeout waiting for MCU to initialize\n");
1198 error = ETIMEDOUT;
1199 goto fail;
1200 }
10f2cea7
SW
1201 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1202 (base == fw->data) ? "RT2870" : "RT3071",
1203 *(base + 4092), *(base + 4093));
12bd3c8b
SW
1204
1205fail:
1206 firmware_put(fw, FIRMWARE_UNLOAD);
1207 return (error);
1208}
1209
cea9a87b 1210static int
12bd3c8b
SW
1211run_reset(struct run_softc *sc)
1212{
1213 usb_device_request_t req;
1214
1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1216 req.bRequest = RT2870_RESET;
1217 USETW(req.wValue, 1);
1218 USETW(req.wIndex, 0);
1219 USETW(req.wLength, 0);
d52983bd 1220 return (usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL));
12bd3c8b
SW
1221}
1222
1223static usb_error_t
1224run_do_request(struct run_softc *sc,
1225 struct usb_device_request *req, void *data)
1226{
57e09377 1227 usb_error_t err = 0; /* assign to whack bogus gcc warning */
12bd3c8b
SW
1228 int ntries = 10;
1229
1230 RUN_LOCK_ASSERT(sc, MA_OWNED);
1231
1232 while (ntries--) {
10f2cea7 1233 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock,
12bd3c8b
SW
1234 req, data, 0, NULL, 250 /* ms */);
1235 if (err == 0)
1236 break;
1237 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1238 usbd_errstr(err));
1239 run_delay(sc, 10);
1240 }
1241 return (err);
1242}
1243
1244static int
1245run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1246{
1247 uint32_t tmp;
1248 int error;
1249
1250 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1251 if (error == 0)
1252 *val = le32toh(tmp);
1253 else
1254 *val = 0xffffffff;
1255 return (error);
1256}
1257
1258static int
1259run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1260{
1261 usb_device_request_t req;
1262
1263 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1264 req.bRequest = RT2870_READ_REGION_1;
1265 USETW(req.wValue, 0);
1266 USETW(req.wIndex, reg);
1267 USETW(req.wLength, len);
1268
1269 return (run_do_request(sc, &req, buf));
1270}
1271
1272static int
1273run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1274{
1275 usb_device_request_t req;
1276
1277 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1278 req.bRequest = RT2870_WRITE_2;
1279 USETW(req.wValue, val);
1280 USETW(req.wIndex, reg);
1281 USETW(req.wLength, 0);
1282
1283 return (run_do_request(sc, &req, NULL));
1284}
1285
1286static int
1287run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1288{
1289 int error;
1290
1291 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1292 error = run_write_2(sc, reg + 2, val >> 16);
1293 return (error);
1294}
1295
1296static int
1297run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1298 int len)
1299{
1300#if 1
1301 int i, error = 0;
1302 /*
1303 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1304 * We thus issue multiple WRITE_2 commands instead.
1305 */
1306 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1307 for (i = 0; i < len && error == 0; i += 2)
1308 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1309 return (error);
1310#else
1311 usb_device_request_t req;
cea9a87b 1312 int error = 0;
12bd3c8b 1313
cea9a87b
SW
1314 /*
1315 * NOTE: It appears the WRITE_REGION_1 command cannot be
1316 * passed a huge amount of data, which will crash the
1317 * firmware. Limit amount of data passed to 64-bytes at a
1318 * time.
1319 */
1320 while (len > 0) {
1321 int delta = 64;
1322 if (delta > len)
1323 delta = len;
1324
1325 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1326 req.bRequest = RT2870_WRITE_REGION_1;
1327 USETW(req.wValue, 0);
1328 USETW(req.wIndex, reg);
1329 USETW(req.wLength, delta);
1330 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1331 if (error != 0)
1332 break;
1333 reg += delta;
1334 buf += delta;
1335 len -= delta;
1336 }
1337 return (error);
12bd3c8b
SW
1338#endif
1339}
1340
1341static int
1342run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1343{
1344 int i, error = 0;
1345
1346 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1347 for (i = 0; i < len && error == 0; i += 4)
1348 error = run_write(sc, reg + i, val);
1349 return (error);
1350}
1351
12bd3c8b 1352static int
cea9a87b 1353run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
12bd3c8b
SW
1354{
1355 uint32_t tmp;
1356 uint16_t reg;
1357 int error, ntries;
1358
1359 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1360 return (error);
1361
cea9a87b
SW
1362 if (count == 2)
1363 addr *= 2;
12bd3c8b
SW
1364 /*-
1365 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1366 * DATA0: F E D C
1367 * DATA1: B A 9 8
1368 * DATA2: 7 6 5 4
1369 * DATA3: 3 2 1 0
1370 */
1371 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1372 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1373 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1374 for (ntries = 0; ntries < 100; ntries++) {
1375 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1376 return (error);
1377 if (!(tmp & RT3070_EFSROM_KICK))
1378 break;
1379 run_delay(sc, 2);
1380 }
1381 if (ntries == 100)
1382 return (ETIMEDOUT);
1383
1384 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1385 *val = 0xffff; /* address not found */
1386 return (0);
1387 }
1388 /* determine to which 32-bit register our 16-bit word belongs */
1389 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1390 if ((error = run_read(sc, reg, &tmp)) != 0)
1391 return (error);
1392
cea9a87b
SW
1393 tmp >>= (8 * (addr & 0x3));
1394 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1395
12bd3c8b
SW
1396 return (0);
1397}
1398
cea9a87b
SW
1399/* Read 16-bit from eFUSE ROM for RT3xxx. */
1400static int
1401run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1402{
1403 return (run_efuse_read(sc, addr, val, 2));
1404}
1405
12bd3c8b
SW
1406static int
1407run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1408{
1409 usb_device_request_t req;
1410 uint16_t tmp;
1411 int error;
1412
1413 addr *= 2;
1414 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1415 req.bRequest = RT2870_EEPROM_READ;
1416 USETW(req.wValue, 0);
1417 USETW(req.wIndex, addr);
cea9a87b 1418 USETW(req.wLength, sizeof(tmp));
12bd3c8b 1419
10f2cea7 1420 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp);
12bd3c8b
SW
1421 if (error == 0)
1422 *val = le16toh(tmp);
1423 else
1424 *val = 0xffff;
1425 return (error);
1426}
1427
1428static __inline int
1429run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1430{
1431 /* either eFUSE ROM or EEPROM */
1432 return sc->sc_srom_read(sc, addr, val);
1433}
1434
1435static int
cea9a87b 1436run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
12bd3c8b
SW
1437{
1438 uint32_t tmp;
1439 int error, ntries;
1440
1441 for (ntries = 0; ntries < 10; ntries++) {
1442 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1443 return (error);
1444 if (!(tmp & RT2860_RF_REG_CTRL))
1445 break;
1446 }
1447 if (ntries == 10)
1448 return (ETIMEDOUT);
1449
cea9a87b 1450 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
12bd3c8b
SW
1451}
1452
1453static int
1454run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1455{
1456 uint32_t tmp;
1457 int error, ntries;
1458
57e09377 1459 *val = 0;
12bd3c8b
SW
1460 for (ntries = 0; ntries < 100; ntries++) {
1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1462 return (error);
1463 if (!(tmp & RT3070_RF_KICK))
1464 break;
1465 }
1466 if (ntries == 100)
1467 return (ETIMEDOUT);
1468
1469 tmp = RT3070_RF_KICK | reg << 8;
1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1471 return (error);
1472
1473 for (ntries = 0; ntries < 100; ntries++) {
1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1475 return (error);
1476 if (!(tmp & RT3070_RF_KICK))
1477 break;
1478 }
1479 if (ntries == 100)
1480 return (ETIMEDOUT);
1481
1482 *val = tmp & 0xff;
1483 return (0);
1484}
1485
1486static int
1487run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1488{
1489 uint32_t tmp;
1490 int error, ntries;
1491
1492 for (ntries = 0; ntries < 10; ntries++) {
1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1494 return (error);
1495 if (!(tmp & RT3070_RF_KICK))
1496 break;
1497 }
1498 if (ntries == 10)
1499 return (ETIMEDOUT);
1500
1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1503}
1504
1505static int
1506run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1507{
1508 uint32_t tmp;
1509 int ntries, error;
1510
1511 for (ntries = 0; ntries < 10; ntries++) {
1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1513 return (error);
1514 if (!(tmp & RT2860_BBP_CSR_KICK))
1515 break;
1516 }
1517 if (ntries == 10)
1518 return (ETIMEDOUT);
1519
1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1522 return (error);
1523
1524 for (ntries = 0; ntries < 10; ntries++) {
1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1526 return (error);
1527 if (!(tmp & RT2860_BBP_CSR_KICK))
1528 break;
1529 }
1530 if (ntries == 10)
1531 return (ETIMEDOUT);
1532
1533 *val = tmp & 0xff;
1534 return (0);
1535}
1536
1537static int
1538run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1539{
1540 uint32_t tmp;
1541 int ntries, error;
1542
1543 for (ntries = 0; ntries < 10; ntries++) {
1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1545 return (error);
1546 if (!(tmp & RT2860_BBP_CSR_KICK))
1547 break;
1548 }
1549 if (ntries == 10)
1550 return (ETIMEDOUT);
1551
1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1554}
1555
1556/*
1557 * Send a command to the 8051 microcontroller unit.
1558 */
1559static int
1560run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1561{
1562 uint32_t tmp;
1563 int error, ntries;
1564
1565 for (ntries = 0; ntries < 100; ntries++) {
1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1567 return error;
1568 if (!(tmp & RT2860_H2M_BUSY))
1569 break;
1570 }
1571 if (ntries == 100)
1572 return ETIMEDOUT;
1573
1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1576 error = run_write(sc, RT2860_HOST_CMD, cmd);
1577 return (error);
1578}
1579
1580/*
1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1582 * Used to adjust per-rate Tx power registers.
1583 */
1584static __inline uint32_t
1585b4inc(uint32_t b32, int8_t delta)
1586{
1587 int8_t i, b4;
1588
1589 for (i = 0; i < 8; i++) {
1590 b4 = b32 & 0xf;
1591 b4 += delta;
1592 if (b4 < 0)
1593 b4 = 0;
1594 else if (b4 > 0xf)
1595 b4 = 0xf;
1596 b32 = b32 >> 4 | b4 << 28;
1597 }
1598 return (b32);
1599}
1600
1601static const char *
cea9a87b 1602run_get_rf(uint16_t rev)
12bd3c8b
SW
1603{
1604 switch (rev) {
1605 case RT2860_RF_2820: return "RT2820";
1606 case RT2860_RF_2850: return "RT2850";
1607 case RT2860_RF_2720: return "RT2720";
1608 case RT2860_RF_2750: return "RT2750";
1609 case RT3070_RF_3020: return "RT3020";
1610 case RT3070_RF_2020: return "RT2020";
1611 case RT3070_RF_3021: return "RT3021";
1612 case RT3070_RF_3022: return "RT3022";
1613 case RT3070_RF_3052: return "RT3052";
cea9a87b
SW
1614 case RT3593_RF_3053: return "RT3053";
1615 case RT5592_RF_5592: return "RT5592";
1616 case RT5390_RF_5370: return "RT5370";
1617 case RT5390_RF_5372: return "RT5372";
12bd3c8b
SW
1618 }
1619 return ("unknown");
1620}
1621
cea9a87b
SW
1622static void
1623run_rt3593_get_txpower(struct run_softc *sc)
1624{
1625 uint16_t addr, val;
1626 int i;
1627
1628 /* Read power settings for 2GHz channels. */
1629 for (i = 0; i < 14; i += 2) {
1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1631 RT2860_EEPROM_PWR2GHZ_BASE1;
1632 run_srom_read(sc, addr + i / 2, &val);
1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1634 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1635
1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1637 RT2860_EEPROM_PWR2GHZ_BASE2;
1638 run_srom_read(sc, addr + i / 2, &val);
1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1640 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1641
1642 if (sc->ntxchains == 3) {
1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1644 &val);
1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1646 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1647 }
1648 }
1649 /* Fix broken Tx power entries. */
1650 for (i = 0; i < 14; i++) {
1651 if (sc->txpow1[i] > 31)
1652 sc->txpow1[i] = 5;
1653 if (sc->txpow2[i] > 31)
1654 sc->txpow2[i] = 5;
1655 if (sc->ntxchains == 3) {
1656 if (sc->txpow3[i] > 31)
1657 sc->txpow3[i] = 5;
1658 }
1659 }
1660 /* Read power settings for 5GHz channels. */
1661 for (i = 0; i < 40; i += 2) {
1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1664 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1665
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1668 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1669
1670 if (sc->ntxchains == 3) {
1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1672 &val);
1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1674 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1675 }
1676 }
1677}
1678
1679static void
1680run_get_txpower(struct run_softc *sc)
1681{
1682 uint16_t val;
1683 int i;
1684
1685 /* Read power settings for 2GHz channels. */
1686 for (i = 0; i < 14; i += 2) {
1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1689 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1690
1691 if (sc->mac_ver != 0x5390) {
1692 run_srom_read(sc,
1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1695 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1696 }
1697 }
1698 /* Fix broken Tx power entries. */
1699 for (i = 0; i < 14; i++) {
1700 if (sc->mac_ver >= 0x5390) {
d52983bd 1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
cea9a87b
SW
1702 sc->txpow1[i] = 5;
1703 } else {
1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1705 sc->txpow1[i] = 5;
1706 }
1707 if (sc->mac_ver > 0x5390) {
d52983bd 1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
cea9a87b
SW
1709 sc->txpow2[i] = 5;
1710 } else if (sc->mac_ver < 0x5390) {
1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1712 sc->txpow2[i] = 5;
1713 }
1714 DPRINTF("chan %d: power1=%d, power2=%d\n",
1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1716 }
1717 /* Read power settings for 5GHz channels. */
1718 for (i = 0; i < 40; i += 2) {
1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1721 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1722
1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1725 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1726 }
1727 /* Fix broken Tx power entries. */
1728 for (i = 0; i < 40; i++ ) {
1729 if (sc->mac_ver != 0x5592) {
1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1731 sc->txpow1[14 + i] = 5;
1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1733 sc->txpow2[14 + i] = 5;
1734 }
1735 DPRINTF("chan %d: power1=%d, power2=%d\n",
1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1737 sc->txpow2[14 + i]);
1738 }
1739}
1740
1741static int
12bd3c8b
SW
1742run_read_eeprom(struct run_softc *sc)
1743{
d52983bd 1744 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
1745 int8_t delta_2ghz, delta_5ghz;
1746 uint32_t tmp;
1747 uint16_t val;
1748 int ridx, ant, i;
1749
1750 /* check whether the ROM is eFUSE ROM or EEPROM */
1751 sc->sc_srom_read = run_eeprom_read_2;
1752 if (sc->mac_ver >= 0x3070) {
1753 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1754 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
cea9a87b 1755 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
12bd3c8b
SW
1756 sc->sc_srom_read = run_efuse_read_2;
1757 }
1758
1759 /* read ROM version */
1760 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
d52983bd 1761 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
12bd3c8b
SW
1762
1763 /* read MAC address */
1764 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
d52983bd
IV
1765 ic->ic_macaddr[0] = val & 0xff;
1766 ic->ic_macaddr[1] = val >> 8;
12bd3c8b 1767 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
d52983bd
IV
1768 ic->ic_macaddr[2] = val & 0xff;
1769 ic->ic_macaddr[3] = val >> 8;
12bd3c8b 1770 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
d52983bd
IV
1771 ic->ic_macaddr[4] = val & 0xff;
1772 ic->ic_macaddr[5] = val >> 8;
12bd3c8b 1773
cea9a87b
SW
1774 if (sc->mac_ver < 0x3593) {
1775 /* read vender BBP settings */
12bd3c8b 1776 for (i = 0; i < 10; i++) {
cea9a87b
SW
1777 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1778 sc->bbp[i].val = val & 0xff;
1779 sc->bbp[i].reg = val >> 8;
1780 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1781 sc->bbp[i].val);
1782 }
1783 if (sc->mac_ver >= 0x3071) {
1784 /* read vendor RF settings */
1785 for (i = 0; i < 10; i++) {
1786 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1787 &val);
1788 sc->rf[i].val = val & 0xff;
1789 sc->rf[i].reg = val >> 8;
1790 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1791 sc->rf[i].val);
1792 }
12bd3c8b
SW
1793 }
1794 }
1795
1796 /* read RF frequency offset from EEPROM */
cea9a87b
SW
1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1798 RT3593_EEPROM_FREQ, &val);
12bd3c8b
SW
1799 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1800 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1801
cea9a87b
SW
1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1803 RT3593_EEPROM_FREQ_LEDS, &val);
12bd3c8b
SW
1804 if (val >> 8 != 0xff) {
1805 /* read LEDs operating mode */
1806 sc->leds = val >> 8;
cea9a87b
SW
1807 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1808 RT3593_EEPROM_LED1, &sc->led[0]);
1809 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1810 RT3593_EEPROM_LED2, &sc->led[1]);
1811 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1812 RT3593_EEPROM_LED3, &sc->led[2]);
12bd3c8b
SW
1813 } else {
1814 /* broken EEPROM, use default settings */
1815 sc->leds = 0x01;
1816 sc->led[0] = 0x5555;
1817 sc->led[1] = 0x2221;
1818 sc->led[2] = 0x5627; /* differs from RT2860 */
1819 }
1820 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1821 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1822
1823 /* read RF information */
cea9a87b
SW
1824 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1825 run_srom_read(sc, 0x00, &val);
1826 else
1827 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1828
12bd3c8b 1829 if (val == 0xffff) {
cea9a87b
SW
1830 device_printf(sc->sc_dev,
1831 "invalid EEPROM antenna info, using default\n");
12bd3c8b
SW
1832 DPRINTF("invalid EEPROM antenna info, using default\n");
1833 if (sc->mac_ver == 0x3572) {
1834 /* default to RF3052 2T2R */
1835 sc->rf_rev = RT3070_RF_3052;
1836 sc->ntxchains = 2;
1837 sc->nrxchains = 2;
1838 } else if (sc->mac_ver >= 0x3070) {
1839 /* default to RF3020 1T1R */
1840 sc->rf_rev = RT3070_RF_3020;
1841 sc->ntxchains = 1;
1842 sc->nrxchains = 1;
1843 } else {
1844 /* default to RF2820 1T2R */
1845 sc->rf_rev = RT2860_RF_2820;
1846 sc->ntxchains = 1;
1847 sc->nrxchains = 2;
1848 }
1849 } else {
cea9a87b
SW
1850 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1851 sc->rf_rev = val;
1852 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1853 } else
1854 sc->rf_rev = (val >> 8) & 0xf;
12bd3c8b
SW
1855 sc->ntxchains = (val >> 4) & 0xf;
1856 sc->nrxchains = val & 0xf;
1857 }
cea9a87b 1858 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
12bd3c8b
SW
1859 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1860
1861 /* check if RF supports automatic Tx access gain control */
1862 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1863 DPRINTF("EEPROM CFG 0x%04x\n", val);
1864 /* check if driver should patch the DAC issue */
1865 if ((val >> 8) != 0xff)
1866 sc->patch_dac = (val >> 15) & 1;
1867 if ((val & 0xff) != 0xff) {
1868 sc->ext_5ghz_lna = (val >> 3) & 1;
1869 sc->ext_2ghz_lna = (val >> 2) & 1;
1870 /* check if RF supports automatic Tx access gain control */
1871 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1872 /* check if we have a hardware radio switch */
1873 sc->rfswitch = val & 1;
1874 }
1875
cea9a87b
SW
1876 /* Read Tx power settings. */
1877 if (sc->mac_ver == 0x3593)
1878 run_rt3593_get_txpower(sc);
1879 else
1880 run_get_txpower(sc);
12bd3c8b
SW
1881
1882 /* read Tx power compensation for each Tx rate */
1883 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1884 delta_2ghz = delta_5ghz = 0;
1885 if ((val & 0xff) != 0xff && (val & 0x80)) {
1886 delta_2ghz = val & 0xf;
1887 if (!(val & 0x40)) /* negative number */
1888 delta_2ghz = -delta_2ghz;
1889 }
1890 val >>= 8;
1891 if ((val & 0xff) != 0xff && (val & 0x80)) {
1892 delta_5ghz = val & 0xf;
1893 if (!(val & 0x40)) /* negative number */
1894 delta_5ghz = -delta_5ghz;
1895 }
1896 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1897 delta_2ghz, delta_5ghz);
1898
1899 for (ridx = 0; ridx < 5; ridx++) {
1900 uint32_t reg;
1901
1902 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1903 reg = val;
1904 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1905 reg |= (uint32_t)val << 16;
1906
1907 sc->txpow20mhz[ridx] = reg;
1908 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1909 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1910
1911 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1912 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1913 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1914 }
1915
cea9a87b
SW
1916 /* Read RSSI offsets and LNA gains from EEPROM. */
1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1918 RT3593_EEPROM_RSSI1_2GHZ, &val);
12bd3c8b
SW
1919 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1920 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
cea9a87b
SW
1921 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1922 RT3593_EEPROM_RSSI2_2GHZ, &val);
12bd3c8b 1923 if (sc->mac_ver >= 0x3070) {
cea9a87b
SW
1924 if (sc->mac_ver == 0x3593) {
1925 sc->txmixgain_2ghz = 0;
1926 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1927 } else {
1928 /*
1929 * On RT3070 chips (limited to 2 Rx chains), this ROM
1930 * field contains the Tx mixer gain for the 2GHz band.
1931 */
1932 if ((val & 0xff) != 0xff)
1933 sc->txmixgain_2ghz = val & 0x7;
1934 }
12bd3c8b
SW
1935 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1936 } else
1937 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
cea9a87b
SW
1938 if (sc->mac_ver == 0x3593)
1939 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
12bd3c8b
SW
1940 sc->lna[2] = val >> 8; /* channel group 2 */
1941
cea9a87b
SW
1942 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1943 RT3593_EEPROM_RSSI1_5GHZ, &val);
12bd3c8b
SW
1944 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1945 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
cea9a87b
SW
1946 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1947 RT3593_EEPROM_RSSI2_5GHZ, &val);
12bd3c8b
SW
1948 if (sc->mac_ver == 0x3572) {
1949 /*
1950 * On RT3572 chips (limited to 2 Rx chains), this ROM
1951 * field contains the Tx mixer gain for the 5GHz band.
1952 */
1953 if ((val & 0xff) != 0xff)
1954 sc->txmixgain_5ghz = val & 0x7;
1955 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1956 } else
1957 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
cea9a87b
SW
1958 if (sc->mac_ver == 0x3593) {
1959 sc->txmixgain_5ghz = 0;
1960 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1961 }
12bd3c8b
SW
1962 sc->lna[3] = val >> 8; /* channel group 3 */
1963
cea9a87b
SW
1964 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1965 RT3593_EEPROM_LNA, &val);
12bd3c8b
SW
1966 sc->lna[0] = val & 0xff; /* channel group 0 */
1967 sc->lna[1] = val >> 8; /* channel group 1 */
1968
1969 /* fix broken 5GHz LNA entries */
1970 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1971 DPRINTF("invalid LNA for channel group %d\n", 2);
1972 sc->lna[2] = sc->lna[1];
1973 }
1974 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1975 DPRINTF("invalid LNA for channel group %d\n", 3);
1976 sc->lna[3] = sc->lna[1];
1977 }
1978
1979 /* fix broken RSSI offset entries */
1980 for (ant = 0; ant < 3; ant++) {
1981 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1982 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1983 ant + 1, sc->rssi_2ghz[ant]);
1984 sc->rssi_2ghz[ant] = 0;
1985 }
1986 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1987 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1988 ant + 1, sc->rssi_5ghz[ant]);
1989 sc->rssi_5ghz[ant] = 0;
1990 }
1991 }
1992 return (0);
1993}
1994
1995static struct ieee80211_node *
1996run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1997{
10f2cea7 1998 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO);
12bd3c8b
SW
1999}
2000
2001static int
2002run_media_change(struct ifnet *ifp)
2003{
2004 struct ieee80211vap *vap = ifp->if_softc;
2005 struct ieee80211com *ic = vap->iv_ic;
2006 const struct ieee80211_txparam *tp;
b5730aca 2007 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
2008 uint8_t rate, ridx;
2009 int error;
2010
2011 RUN_LOCK(sc);
2012
2013 error = ieee80211_media_change(ifp);
2014 if (error != ENETRESET) {
2015 RUN_UNLOCK(sc);
2016 return (error);
2017 }
2018
2019 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2020 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2021 struct ieee80211_node *ni;
2022 struct run_node *rn;
2023
2024 rate = ic->ic_sup_rates[ic->ic_curmode].
2025 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2026 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2027 if (rt2860_rates[ridx].rate == rate)
2028 break;
2029 ni = ieee80211_ref_node(vap->iv_bss);
d52983bd 2030 rn = RUN_NODE(ni);
12bd3c8b
SW
2031 rn->fix_ridx = ridx;
2032 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2033 ieee80211_free_node(ni);
2034 }
2035
2036#if 0
2037 if ((ifp->if_flags & IFF_UP) &&
d52983bd 2038 (ifp->if_drv_flags & RUN_RUNNING)){
12bd3c8b
SW
2039 run_init_locked(sc);
2040 }
2041#endif
2042
2043 RUN_UNLOCK(sc);
2044
2045 return (0);
2046}
2047
2048static int
2049run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2050{
2051 const struct ieee80211_txparam *tp;
2052 struct ieee80211com *ic = vap->iv_ic;
b5730aca 2053 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
2054 struct run_vap *rvp = RUN_VAP(vap);
2055 enum ieee80211_state ostate;
2056 uint32_t sta[3];
2057 uint32_t tmp;
2058 uint8_t ratectl;
2059 uint8_t restart_ratectl = 0;
2060 uint8_t bid = 1 << rvp->rvp_id;
2061
2062 ostate = vap->iv_state;
2063 DPRINTF("%s -> %s\n",
2064 ieee80211_state_name[ostate],
2065 ieee80211_state_name[nstate]);
2066
d52983bd 2067 IEEE80211_UNLOCK(ic);
12bd3c8b
SW
2068 RUN_LOCK(sc);
2069
2070 ratectl = sc->ratectl_run; /* remember current state */
2071 sc->ratectl_run = RUN_RATECTL_OFF;
2072 usb_callout_stop(&sc->ratectl_ch);
2073
2074 if (ostate == IEEE80211_S_RUN) {
2075 /* turn link LED off */
2076 run_set_leds(sc, RT2860_LED_RADIO);
2077 }
2078
2079 switch (nstate) {
2080 case IEEE80211_S_INIT:
2081 restart_ratectl = 1;
2082
2083 if (ostate != IEEE80211_S_RUN)
2084 break;
2085
2086 ratectl &= ~bid;
2087 sc->runbmap &= ~bid;
2088
2089 /* abort TSF synchronization if there is no vap running */
2090 if (--sc->running == 0) {
2091 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2092 run_write(sc, RT2860_BCN_TIME_CFG,
2093 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2094 RT2860_TBTT_TIMER_EN));
2095 }
2096 break;
2097
2098 case IEEE80211_S_RUN:
2099 if (!(sc->runbmap & bid)) {
2100 if(sc->running++)
2101 restart_ratectl = 1;
2102 sc->runbmap |= bid;
2103 }
2104
2105 m_freem(rvp->beacon_mbuf);
2106 rvp->beacon_mbuf = NULL;
2107
2108 switch (vap->iv_opmode) {
2109 case IEEE80211_M_HOSTAP:
2110 case IEEE80211_M_MBSS:
2111 sc->ap_running |= bid;
2112 ic->ic_opmode = vap->iv_opmode;
2113 run_update_beacon_cb(vap);
2114 break;
2115 case IEEE80211_M_IBSS:
2116 sc->adhoc_running |= bid;
2117 if (!sc->ap_running)
2118 ic->ic_opmode = vap->iv_opmode;
2119 run_update_beacon_cb(vap);
2120 break;
2121 case IEEE80211_M_STA:
2122 sc->sta_running |= bid;
2123 if (!sc->ap_running && !sc->adhoc_running)
2124 ic->ic_opmode = vap->iv_opmode;
2125
2126 /* read statistic counters (clear on read) */
2127 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2128 (uint8_t *)sta, sizeof sta);
2129
2130 break;
2131 default:
2132 ic->ic_opmode = vap->iv_opmode;
2133 break;
2134 }
2135
2136 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2137 struct ieee80211_node *ni;
2138
c4a44ec5
SW
2139 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2140 RUN_UNLOCK(sc);
d52983bd 2141 IEEE80211_LOCK(ic);
10f2cea7 2142 return (-1);
c4a44ec5 2143 }
4f898719 2144 run_updateslot(ic);
12bd3c8b
SW
2145 run_enable_mrr(sc);
2146 run_set_txpreamble(sc);
2147 run_set_basicrates(sc);
2148 ni = ieee80211_ref_node(vap->iv_bss);
2149 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
d52983bd 2150 run_set_bssid(sc, sc->sc_bssid);
12bd3c8b
SW
2151 ieee80211_free_node(ni);
2152 run_enable_tsf_sync(sc);
2153
2154 /* enable automatic rate adaptation */
2155 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2156 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2157 ratectl |= bid;
d52983bd
IV
2158 } else
2159 run_enable_tsf(sc);
12bd3c8b
SW
2160
2161 /* turn link LED on */
2162 run_set_leds(sc, RT2860_LED_RADIO |
2163 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2164 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2165
2166 break;
2167 default:
2168 DPRINTFN(6, "undefined case\n");
2169 break;
2170 }
2171
2172 /* restart amrr for running VAPs */
2173 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2174 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2175
2176 RUN_UNLOCK(sc);
d52983bd 2177 IEEE80211_LOCK(ic);
12bd3c8b
SW
2178
2179 return(rvp->newstate(vap, nstate, arg));
2180}
2181
d52983bd
IV
2182static int
2183run_wme_update(struct ieee80211com *ic)
12bd3c8b 2184{
b5730aca 2185 struct run_softc *sc = ic->ic_softc;
d52983bd
IV
2186 const struct wmeParams *ac =
2187 ic->ic_wme.wme_chanParams.cap_wmeParams;
12bd3c8b
SW
2188 int aci, error = 0;
2189
12bd3c8b 2190 /* update MAC TX configuration registers */
d52983bd 2191 RUN_LOCK(sc);
12bd3c8b
SW
2192 for (aci = 0; aci < WME_NUM_AC; aci++) {
2193 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
d52983bd
IV
2194 ac[aci].wmep_logcwmax << 16 |
2195 ac[aci].wmep_logcwmin << 12 |
2196 ac[aci].wmep_aifsn << 8 |
2197 ac[aci].wmep_txopLimit);
12bd3c8b
SW
2198 if (error) goto err;
2199 }
2200
2201 /* update SCH/DMA registers too */
2202 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
d52983bd
IV
2203 ac[WME_AC_VO].wmep_aifsn << 12 |
2204 ac[WME_AC_VI].wmep_aifsn << 8 |
2205 ac[WME_AC_BK].wmep_aifsn << 4 |
2206 ac[WME_AC_BE].wmep_aifsn);
12bd3c8b
SW
2207 if (error) goto err;
2208 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
d52983bd
IV
2209 ac[WME_AC_VO].wmep_logcwmin << 12 |
2210 ac[WME_AC_VI].wmep_logcwmin << 8 |
2211 ac[WME_AC_BK].wmep_logcwmin << 4 |
2212 ac[WME_AC_BE].wmep_logcwmin);
12bd3c8b
SW
2213 if (error) goto err;
2214 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
d52983bd
IV
2215 ac[WME_AC_VO].wmep_logcwmax << 12 |
2216 ac[WME_AC_VI].wmep_logcwmax << 8 |
2217 ac[WME_AC_BK].wmep_logcwmax << 4 |
2218 ac[WME_AC_BE].wmep_logcwmax);
12bd3c8b
SW
2219 if (error) goto err;
2220 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
d52983bd
IV
2221 ac[WME_AC_BK].wmep_txopLimit << 16 |
2222 ac[WME_AC_BE].wmep_txopLimit);
12bd3c8b
SW
2223 if (error) goto err;
2224 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
d52983bd
IV
2225 ac[WME_AC_VO].wmep_txopLimit << 16 |
2226 ac[WME_AC_VI].wmep_txopLimit);
12bd3c8b
SW
2227
2228err:
d52983bd 2229 RUN_UNLOCK(sc);
12bd3c8b
SW
2230 if (error)
2231 DPRINTF("WME update failed\n");
2232
d52983bd 2233 return (error);
12bd3c8b
SW
2234}
2235
2236static void
2237run_key_set_cb(void *arg)
2238{
2239 struct run_cmdq *cmdq = arg;
2240 struct ieee80211vap *vap = cmdq->arg1;
2241 struct ieee80211_key *k = cmdq->k;
2242 struct ieee80211com *ic = vap->iv_ic;
b5730aca 2243 struct run_softc *sc = ic->ic_softc;
12bd3c8b 2244 struct ieee80211_node *ni;
d52983bd 2245 u_int cipher = k->wk_cipher->ic_cipher;
12bd3c8b
SW
2246 uint32_t attr;
2247 uint16_t base, associd;
2248 uint8_t mode, wcid, iv[8];
2249
2250 RUN_LOCK_ASSERT(sc, MA_OWNED);
2251
2252 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2253 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2254 else
2255 ni = vap->iv_bss;
2256 associd = (ni != NULL) ? ni->ni_associd : 0;
2257
2258 /* map net80211 cipher to RT2860 security mode */
d52983bd 2259 switch (cipher) {
12bd3c8b
SW
2260 case IEEE80211_CIPHER_WEP:
2261 if(k->wk_keylen < 8)
2262 mode = RT2860_MODE_WEP40;
2263 else
2264 mode = RT2860_MODE_WEP104;
2265 break;
2266 case IEEE80211_CIPHER_TKIP:
2267 mode = RT2860_MODE_TKIP;
2268 break;
2269 case IEEE80211_CIPHER_AES_CCM:
2270 mode = RT2860_MODE_AES_CCMP;
2271 break;
2272 default:
2273 DPRINTF("undefined case\n");
2274 return;
2275 }
2276
2277 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2278 associd, k->wk_keyix, mode,
2279 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2280 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2281 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2282
2283 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2284 wcid = 0; /* NB: update WCID0 for group keys */
2285 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2286 } else {
10f2cea7
SW
2287 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2288 1 : RUN_AID2WCID(associd);
12bd3c8b
SW
2289 base = RT2860_PKEY(wcid);
2290 }
2291
d52983bd 2292 if (cipher == IEEE80211_CIPHER_TKIP) {
12bd3c8b
SW
2293 if(run_write_region_1(sc, base, k->wk_key, 16))
2294 return;
2295 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2296 return;
2297 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2298 return;
2299 } else {
2300 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2301 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2302 return;
2303 }
2304
2305 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2306 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2307 /* set initial packet number in IV+EIV */
d52983bd 2308 if (cipher == IEEE80211_CIPHER_WEP) {
12bd3c8b
SW
2309 memset(iv, 0, sizeof iv);
2310 iv[3] = vap->iv_def_txkey << 6;
2311 } else {
d52983bd 2312 if (cipher == IEEE80211_CIPHER_TKIP) {
12bd3c8b
SW
2313 iv[0] = k->wk_keytsc >> 8;
2314 iv[1] = (iv[0] | 0x20) & 0x7f;
2315 iv[2] = k->wk_keytsc;
2316 } else /* CCMP */ {
2317 iv[0] = k->wk_keytsc;
2318 iv[1] = k->wk_keytsc >> 8;
2319 iv[2] = 0;
2320 }
2321 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2322 iv[4] = k->wk_keytsc >> 16;
2323 iv[5] = k->wk_keytsc >> 24;
2324 iv[6] = k->wk_keytsc >> 32;
2325 iv[7] = k->wk_keytsc >> 40;
2326 }
2327 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2328 return;
2329 }
2330
2331 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2332 /* install group key */
2333 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2334 return;
2335 attr &= ~(0xf << (k->wk_keyix * 4));
2336 attr |= mode << (k->wk_keyix * 4);
2337 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2338 return;
2339 } else {
2340 /* install pairwise key */
2341 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2342 return;
2343 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2344 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2345 return;
2346 }
2347
2348 /* TODO create a pass-thru key entry? */
2349
2350 /* need wcid to delete the right key later */
2351 k->wk_pad = wcid;
2352}
2353
2354/*
2355 * Don't have to be deferred, but in order to keep order of
2356 * execution, i.e. with run_key_delete(), defer this and let
2357 * run_cmdq_cb() maintain the order.
2358 *
2359 * return 0 on error
2360 */
2361static int
d52983bd 2362run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
12bd3c8b
SW
2363{
2364 struct ieee80211com *ic = vap->iv_ic;
b5730aca 2365 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
2366 uint32_t i;
2367
2368 i = RUN_CMDQ_GET(&sc->cmdq_store);
2369 DPRINTF("cmdq_store=%d\n", i);
2370 sc->cmdq[i].func = run_key_set_cb;
2371 sc->cmdq[i].arg0 = NULL;
2372 sc->cmdq[i].arg1 = vap;
2373 sc->cmdq[i].k = k;
d52983bd 2374 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
12bd3c8b
SW
2375 ieee80211_runtask(ic, &sc->cmdq_task);
2376
2377 /*
2378 * To make sure key will be set when hostapd
2379 * calls iv_key_set() before if_init().
2380 */
2381 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2382 RUN_LOCK(sc);
2383 sc->cmdq_key_set = RUN_CMDQ_GO;
2384 RUN_UNLOCK(sc);
2385 }
2386
2387 return (1);
2388}
2389
2390/*
2391 * If wlan is destroyed without being brought down i.e. without
2392 * wlan down or wpa_cli terminate, this function is called after
2393 * vap is gone. Don't refer it.
2394 */
2395static void
2396run_key_delete_cb(void *arg)
2397{
2398 struct run_cmdq *cmdq = arg;
2399 struct run_softc *sc = cmdq->arg1;
2400 struct ieee80211_key *k = &cmdq->key;
2401 uint32_t attr;
2402 uint8_t wcid;
2403
2404 RUN_LOCK_ASSERT(sc, MA_OWNED);
2405
2406 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2407 /* remove group key */
2408 DPRINTF("removing group key\n");
2409 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2410 attr &= ~(0xf << (k->wk_keyix * 4));
2411 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2412 } else {
2413 /* remove pairwise key */
2414 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2415 /* matching wcid was written to wk_pad in run_key_set() */
2416 wcid = k->wk_pad;
2417 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2418 attr &= ~0xf;
2419 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2420 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2421 }
2422
2423 k->wk_pad = 0;
2424}
2425
2426/*
2427 * return 0 on error
2428 */
2429static int
2430run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2431{
2432 struct ieee80211com *ic = vap->iv_ic;
b5730aca 2433 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
2434 struct ieee80211_key *k0;
2435 uint32_t i;
2436
2437 /*
2438 * When called back, key might be gone. So, make a copy
2439 * of some values need to delete keys before deferring.
2440 * But, because of LOR with node lock, cannot use lock here.
2441 * So, use atomic instead.
2442 */
2443 i = RUN_CMDQ_GET(&sc->cmdq_store);
2444 DPRINTF("cmdq_store=%d\n", i);
2445 sc->cmdq[i].func = run_key_delete_cb;
2446 sc->cmdq[i].arg0 = NULL;
2447 sc->cmdq[i].arg1 = sc;
2448 k0 = &sc->cmdq[i].key;
2449 k0->wk_flags = k->wk_flags;
2450 k0->wk_keyix = k->wk_keyix;
2451 /* matching wcid was written to wk_pad in run_key_set() */
2452 k0->wk_pad = k->wk_pad;
2453 ieee80211_runtask(ic, &sc->cmdq_task);
2454 return (1); /* return fake success */
2455
2456}
2457
2458static void
2459run_ratectl_to(void *arg)
2460{
2461 struct run_softc *sc = arg;
2462
2463 /* do it in a process context, so it can go sleep */
d52983bd 2464 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
12bd3c8b
SW
2465 /* next timeout will be rescheduled in the callback task */
2466}
2467
2468/* ARGSUSED */
2469static void
2470run_ratectl_cb(void *arg, int pending)
2471{
2472 struct run_softc *sc = arg;
d52983bd 2473 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
2474 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2475
2476 if (vap == NULL)
2477 return;
2478
cea9a87b 2479 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
12bd3c8b
SW
2480 /*
2481 * run_reset_livelock() doesn't do anything with AMRR,
2482 * but Ralink wants us to call it every 1 sec. So, we
2483 * piggyback here rather than creating another callout.
2484 * Livelock may occur only in HOSTAP or IBSS mode
2485 * (when h/w is sending beacons).
2486 */
2487 RUN_LOCK(sc);
2488 run_reset_livelock(sc);
2489 /* just in case, there are some stats to drain */
2490 run_drain_fifo(sc);
2491 RUN_UNLOCK(sc);
12bd3c8b
SW
2492 }
2493
cea9a87b
SW
2494 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2495
2496 RUN_LOCK(sc);
12bd3c8b
SW
2497 if(sc->ratectl_run != RUN_RATECTL_OFF)
2498 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
cea9a87b 2499 RUN_UNLOCK(sc);
12bd3c8b
SW
2500}
2501
2502static void
2503run_drain_fifo(void *arg)
2504{
2505 struct run_softc *sc = arg;
12bd3c8b
SW
2506 uint32_t stat;
2507 uint16_t (*wstat)[3];
2508 uint8_t wcid, mcs, pid;
2509 int8_t retry;
2510
2511 RUN_LOCK_ASSERT(sc, MA_OWNED);
2512
2513 for (;;) {
2514 /* drain Tx status FIFO (maxsize = 16) */
2515 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2516 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2517 if (!(stat & RT2860_TXQ_VLD))
2518 break;
2519
2520 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2521
2522 /* if no ACK was requested, no feedback is available */
2523 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2524 wcid == 0)
2525 continue;
2526
2527 /*
2528 * Even though each stat is Tx-complete-status like format,
2529 * the device can poll stats. Because there is no guarantee
2530 * that the referring node is still around when read the stats.
2531 * So that, if we use ieee80211_ratectl_tx_update(), we will
2532 * have hard time not to refer already freed node.
2533 *
2534 * To eliminate such page faults, we poll stats in softc.
2535 * Then, update the rates later with ieee80211_ratectl_tx_update().
2536 */
2537 wstat = &(sc->wcid_stats[wcid]);
2538 (*wstat)[RUN_TXCNT]++;
d52983bd 2539 if (stat & RT2860_TXQ_OK) {
12bd3c8b 2540 (*wstat)[RUN_SUCCESS]++;
d52983bd
IV
2541 } else {
2542#if defined(__DragonFly__)
2543 ++sc->sc_ic.ic_oerrors;
2544#else
2545 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2546#endif
2547 }
12bd3c8b
SW
2548 /*
2549 * Check if there were retries, ie if the Tx success rate is
2550 * different from the requested rate. Note that it works only
2551 * because we do not allow rate fallback from OFDM to CCK.
2552 */
2553 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2554 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2555 if ((retry = pid -1 - mcs) > 0) {
2556 (*wstat)[RUN_TXCNT] += retry;
2557 (*wstat)[RUN_RETRY] += retry;
2558 }
2559 }
2560 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2561
2562 sc->fifo_cnt = 0;
2563}
2564
2565static void
2566run_iter_func(void *arg, struct ieee80211_node *ni)
2567{
2568 struct run_softc *sc = arg;
2569 struct ieee80211vap *vap = ni->ni_vap;
d52983bd 2570 struct run_node *rn = RUN_NODE(ni);
12bd3c8b
SW
2571 union run_stats sta[2];
2572 uint16_t (*wstat)[3];
2573 int txcnt, success, retrycnt, error;
2574
2575 RUN_LOCK(sc);
2576
cea9a87b
SW
2577 /* Check for special case */
2578 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2579 ni != vap->iv_bss)
2580 goto fail;
2581
12bd3c8b
SW
2582 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2583 vap->iv_opmode == IEEE80211_M_STA)) {
2584 /* read statistic counters (clear on read) and update AMRR state */
2585 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2586 sizeof sta);
2587 if (error != 0)
2588 goto fail;
2589
2590 /* count failed TX as errors */
d52983bd
IV
2591 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2592 le16toh(sta[0].error.fail));
12bd3c8b
SW
2593
2594 retrycnt = le16toh(sta[1].tx.retry);
2595 success = le16toh(sta[1].tx.success);
2596 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2597
2598 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2599 retrycnt, success, le16toh(sta[0].error.fail));
2600 } else {
2601 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2602
2603 if (wstat == &(sc->wcid_stats[0]) ||
2604 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2605 goto fail;
2606
2607 txcnt = (*wstat)[RUN_TXCNT];
2608 success = (*wstat)[RUN_SUCCESS];
2609 retrycnt = (*wstat)[RUN_RETRY];
2610 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2611 retrycnt, txcnt, success);
2612
2613 memset(wstat, 0, sizeof(*wstat));
2614 }
2615
2616 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2617 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2618
2619fail:
2620 RUN_UNLOCK(sc);
2621
2622 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2623}
2624
2625static void
2626run_newassoc_cb(void *arg)
2627{
2628 struct run_cmdq *cmdq = arg;
2629 struct ieee80211_node *ni = cmdq->arg1;
b5730aca 2630 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
12bd3c8b
SW
2631 uint8_t wcid = cmdq->wcid;
2632
2633 RUN_LOCK_ASSERT(sc, MA_OWNED);
2634
2635 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2636 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2637
2638 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2639}
2640
2641static void
2642run_newassoc(struct ieee80211_node *ni, int isnew)
2643{
d52983bd 2644 struct run_node *rn = RUN_NODE(ni);
12bd3c8b
SW
2645 struct ieee80211_rateset *rs = &ni->ni_rates;
2646 struct ieee80211vap *vap = ni->ni_vap;
2647 struct ieee80211com *ic = vap->iv_ic;
b5730aca 2648 struct run_softc *sc = ic->ic_softc;
12bd3c8b
SW
2649 uint8_t rate;
2650 uint8_t ridx;
10f2cea7 2651 uint8_t wcid;
12bd3c8b 2652 int i, j;
10f2cea7
SW
2653
2654 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2655 1 : RUN_AID2WCID(ni->ni_associd);
12bd3c8b
SW
2656
2657 if (wcid > RT2870_WCID_MAX) {
2658 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2659 return;
2660 }
2661
2662 /* only interested in true associations */
2663 if (isnew && ni->ni_associd != 0) {
2664
2665 /*
2666 * This function could is called though timeout function.
2667 * Need to defer.
2668 */
2669 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2670 DPRINTF("cmdq_store=%d\n", cnt);
2671 sc->cmdq[cnt].func = run_newassoc_cb;
2672 sc->cmdq[cnt].arg0 = NULL;
2673 sc->cmdq[cnt].arg1 = ni;
2674 sc->cmdq[cnt].wcid = wcid;
2675 ieee80211_runtask(ic, &sc->cmdq_task);
2676 }
2677
2678 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
d52983bd 2679 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
12bd3c8b
SW
2680
2681 for (i = 0; i < rs->rs_nrates; i++) {
2682 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2683 /* convert 802.11 rate to hardware rate index */
2684 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2685 if (rt2860_rates[ridx].rate == rate)
2686 break;
2687 rn->ridx[i] = ridx;
2688 /* determine rate of control response frames */
2689 for (j = i; j >= 0; j--) {
2690 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2691 rt2860_rates[rn->ridx[i]].phy ==
2692 rt2860_rates[rn->ridx[j]].phy)
2693 break;
2694 }
2695 if (j >= 0) {
2696 rn->ctl_ridx[i] = rn->ridx[j];
2697 } else {
2698 /* no basic rate found, use mandatory one */
2699 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2700 }
2701 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2702 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2703 }
2704 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2705 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2706 if (rt2860_rates[ridx].rate == rate)
2707 break;
2708 rn->mgt_ridx = ridx;
2709 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2710
cea9a87b
SW
2711 RUN_LOCK(sc);
2712 if(sc->ratectl_run != RUN_RATECTL_OFF)
2713 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2714 RUN_UNLOCK(sc);
12bd3c8b
SW
2715}
2716
2717/*
2718 * Return the Rx chain with the highest RSSI for a given frame.
2719 */
2720static __inline uint8_t
2721run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2722{
2723 uint8_t rxchain = 0;
2724
2725 if (sc->nrxchains > 1) {
2726 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2727 rxchain = 1;
2728 if (sc->nrxchains > 2)
2729 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2730 rxchain = 2;
2731 }
2732 return (rxchain);
2733}
2734
d52983bd
IV
2735static void
2736run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2737 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2738{
2739 struct ieee80211vap *vap = ni->ni_vap;
2740 struct run_softc *sc = vap->iv_ic->ic_softc;
2741 struct run_vap *rvp = RUN_VAP(vap);
2742 uint64_t ni_tstamp, rx_tstamp;
2743
2744 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2745
2746 if (vap->iv_state == IEEE80211_S_RUN &&
2747 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2748 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2749 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2750 RUN_LOCK(sc);
2751 run_get_tsf(sc, &rx_tstamp);
2752 RUN_UNLOCK(sc);
2753 rx_tstamp = le64toh(rx_tstamp);
2754
2755 if (ni_tstamp >= rx_tstamp) {
2756 DPRINTF("ibss merge, tsf %ju tstamp %ju\n",
2757 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2758 (void) ieee80211_ibss_merge(ni);
2759 }
2760 }
2761}
2762
12bd3c8b
SW
2763static void
2764run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2765{
d52983bd 2766 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
2767 struct ieee80211_frame *wh;
2768 struct ieee80211_node *ni;
2769 struct rt2870_rxd *rxd;
2770 struct rt2860_rxwi *rxwi;
2771 uint32_t flags;
cea9a87b 2772 uint16_t len, rxwisize;
12bd3c8b
SW
2773 uint8_t ant, rssi;
2774 int8_t nf;
2775
2776 rxwi = mtod(m, struct rt2860_rxwi *);
2777 len = le16toh(rxwi->len) & 0xfff;
cea9a87b
SW
2778 rxwisize = sizeof(struct rt2860_rxwi);
2779 if (sc->mac_ver == 0x5592)
2780 rxwisize += sizeof(uint64_t);
2781 else if (sc->mac_ver == 0x3593)
2782 rxwisize += sizeof(uint32_t);
12bd3c8b
SW
2783 if (__predict_false(len > dmalen)) {
2784 m_freem(m);
d52983bd
IV
2785#if defined(__DragonFly__)
2786 ++ic->ic_ierrors;
2787#else
2788 counter_u64_add(ic->ic_ierrors, 1);
2789#endif
12bd3c8b
SW
2790 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2791 return;
2792 }
2793 /* Rx descriptor is located at the end */
2794 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2795 flags = le32toh(rxd->flags);
2796
2797 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2798 m_freem(m);
d52983bd
IV
2799#if defined(__DragonFly__)
2800 ++ic->ic_ierrors;
2801#else
2802 counter_u64_add(ic->ic_ierrors, 1);
2803#endif
12bd3c8b
SW
2804 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2805 return;
2806 }
2807
cea9a87b
SW
2808 m->m_data += rxwisize;
2809 m->m_pkthdr.len = m->m_len -= rxwisize;
12bd3c8b
SW
2810
2811 wh = mtod(m, struct ieee80211_frame *);
2812
085ff963
MD
2813 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2814 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
12bd3c8b
SW
2815 m->m_flags |= M_WEP;
2816 }
2817
2818 if (flags & RT2860_RX_L2PAD) {
2819 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2820 len += 2;
2821 }
2822
2823 ni = ieee80211_find_rxnode(ic,
2824 mtod(m, struct ieee80211_frame_min *));
2825
2826 if (__predict_false(flags & RT2860_RX_MICERR)) {
2827 /* report MIC failures to net80211 for TKIP */
2828 if (ni != NULL)
cea9a87b
SW
2829 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2830 rxwi->keyidx);
12bd3c8b 2831 m_freem(m);
d52983bd
IV
2832#if defined(__DragonFly__)
2833 ++ic->ic_ierrors;
2834#else
2835 counter_u64_add(ic->ic_ierrors, 1);
2836#endif
12bd3c8b
SW
2837 DPRINTF("MIC error. Someone is lying.\n");
2838 return;
2839 }
2840
2841 ant = run_maxrssi_chain(sc, rxwi);
2842 rssi = rxwi->rssi[ant];
2843 nf = run_rssi2dbm(sc, rssi, ant);
2844
12bd3c8b
SW
2845 m->m_pkthdr.len = m->m_len = len;
2846
12bd3c8b
SW
2847 if (__predict_false(ieee80211_radiotap_active(ic))) {
2848 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
cea9a87b 2849 uint16_t phy;
12bd3c8b
SW
2850
2851 tap->wr_flags = 0;
10f2cea7
SW
2852 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2853 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
12bd3c8b
SW
2854 tap->wr_antsignal = rssi;
2855 tap->wr_antenna = ant;
2856 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2857 tap->wr_rate = 2; /* in case it can't be found below */
ee25e75c 2858 RUN_LOCK(sc);
d52983bd 2859 run_get_tsf(sc, &tap->wr_tsf);
ee25e75c 2860 RUN_UNLOCK(sc);
12bd3c8b
SW
2861 phy = le16toh(rxwi->phy);
2862 switch (phy & RT2860_PHY_MODE) {
2863 case RT2860_PHY_CCK:
2864 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2865 case 0: tap->wr_rate = 2; break;
2866 case 1: tap->wr_rate = 4; break;
2867 case 2: tap->wr_rate = 11; break;
2868 case 3: tap->wr_rate = 22; break;
2869 }
2870 if (phy & RT2860_PHY_SHPRE)
2871 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2872 break;
2873 case RT2860_PHY_OFDM:
2874 switch (phy & RT2860_PHY_MCS) {
2875 case 0: tap->wr_rate = 12; break;
2876 case 1: tap->wr_rate = 18; break;
2877 case 2: tap->wr_rate = 24; break;
2878 case 3: tap->wr_rate = 36; break;
2879 case 4: tap->wr_rate = 48; break;
2880 case 5: tap->wr_rate = 72; break;
2881 case 6: tap->wr_rate = 96; break;
2882 case 7: tap->wr_rate = 108; break;
2883 }
2884 break;
2885 }
2886 }
d52983bd
IV
2887
2888 if (ni != NULL) {
2889 (void)ieee80211_input(ni, m, rssi, nf);
2890 ieee80211_free_node(ni);
2891 } else {
2892 (void)ieee80211_input_all(ic, m, rssi, nf);
2893 }
12bd3c8b
SW
2894}
2895
2896static void
2897run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2898{
2899 struct run_softc *sc = usbd_xfer_softc(xfer);
d52983bd 2900 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
2901 struct mbuf *m = NULL;
2902 struct mbuf *m0;
2903 uint32_t dmalen;
cea9a87b 2904 uint16_t rxwisize;
12bd3c8b
SW
2905 int xferlen;
2906
cea9a87b
SW
2907 rxwisize = sizeof(struct rt2860_rxwi);
2908 if (sc->mac_ver == 0x5592)
2909 rxwisize += sizeof(uint64_t);
2910 else if (sc->mac_ver == 0x3593)
2911 rxwisize += sizeof(uint32_t);
2912
12bd3c8b
SW
2913 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2914
2915 switch (USB_GET_STATE(xfer)) {
2916 case USB_ST_TRANSFERRED:
2917
2918 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2919
cea9a87b
SW
2920 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2921 sizeof(struct rt2870_rxd))) {
12bd3c8b
SW
2922 DPRINTF("xfer too short %d\n", xferlen);
2923 goto tr_setup;
2924 }
2925
2926 m = sc->rx_m;
2927 sc->rx_m = NULL;
2928
2929 /* FALLTHROUGH */
2930 case USB_ST_SETUP:
2931tr_setup:
2932 if (sc->rx_m == NULL) {
b5523eac 2933 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
12bd3c8b
SW
2934 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2935 }
2936 if (sc->rx_m == NULL) {
2937 DPRINTF("could not allocate mbuf - idle with stall\n");
d52983bd
IV
2938#if defined(__DragonFly__)
2939 ++ic->ic_ierrors;
2940#else
2941 counter_u64_add(ic->ic_ierrors, 1);
2942#endif
12bd3c8b
SW
2943 usbd_xfer_set_stall(xfer);
2944 usbd_xfer_set_frames(xfer, 0);
2945 } else {
2946 /*
2947 * Directly loading a mbuf cluster into DMA to
2948 * save some data copying. This works because
2949 * there is only one cluster.
2950 */
2951 usbd_xfer_set_frame_data(xfer, 0,
2952 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2953 usbd_xfer_set_frames(xfer, 1);
2954 }
2955 usbd_transfer_submit(xfer);
2956 break;
2957
2958 default: /* Error */
2959 if (error != USB_ERR_CANCELLED) {
2960 /* try to clear stall first */
2961 usbd_xfer_set_stall(xfer);
12bd3c8b
SW
2962 if (error == USB_ERR_TIMEOUT)
2963 device_printf(sc->sc_dev, "device timeout\n");
d52983bd
IV
2964#if defined(__DragonFly__)
2965 ++ic->ic_ierrors;
2966#else
2967 counter_u64_add(ic->ic_ierrors, 1);
2968#endif
12bd3c8b
SW
2969 goto tr_setup;
2970 }
2971 if (sc->rx_m != NULL) {
2972 m_freem(sc->rx_m);
2973 sc->rx_m = NULL;
2974 }
2975 break;
2976 }
2977
2978 if (m == NULL)
2979 return;
2980
2981 /* inputting all the frames must be last */
2982
2983 RUN_UNLOCK(sc);
2984
2985 m->m_pkthdr.len = m->m_len = xferlen;
2986
2987 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2988 for(;;) {
2989 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2990
10f2cea7
SW
2991 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2992 ((dmalen & 3) != 0)) {
12bd3c8b
SW
2993 DPRINTF("bad DMA length %u\n", dmalen);
2994 break;
2995 }
10f2cea7 2996 if ((dmalen + 8) > (uint32_t)xferlen) {
12bd3c8b
SW
2997 DPRINTF("bad DMA length %u > %d\n",
2998 dmalen + 8, xferlen);
2999 break;
3000 }
3001
3002 /* If it is the last one or a single frame, we won't copy. */
3003 if ((xferlen -= dmalen + 8) <= 8) {
3004 /* trim 32-bit DMA-len header */
3005 m->m_data += 4;
3006 m->m_pkthdr.len = m->m_len -= 4;
3007 run_rx_frame(sc, m, dmalen);
cea9a87b 3008 m = NULL; /* don't free source buffer */
12bd3c8b
SW
3009 break;
3010 }
3011
3012 /* copy aggregated frames to another mbuf */
b5523eac 3013 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
12bd3c8b
SW
3014 if (__predict_false(m0 == NULL)) {
3015 DPRINTF("could not allocate mbuf\n");
d52983bd
IV
3016#if defined(__DragonFly__)
3017 ++ic->ic_ierrors;
3018#else
3019 counter_u64_add(ic->ic_ierrors, 1);
3020#endif
12bd3c8b
SW
3021 break;
3022 }
3023 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3024 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3025 m0->m_pkthdr.len = m0->m_len =
3026 dmalen + sizeof(struct rt2870_rxd);
3027 run_rx_frame(sc, m0, dmalen);
3028
3029 /* update data ptr */
3030 m->m_data += dmalen + 8;
3031 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3032 }
3033
cea9a87b
SW
3034 /* make sure we free the source buffer, if any */
3035 m_freem(m);
3036
12bd3c8b
SW
3037 RUN_LOCK(sc);
3038}
3039
3040static void
3041run_tx_free(struct run_endpoint_queue *pq,
3042 struct run_tx_data *data, int txerr)
3043{
d52983bd
IV
3044
3045 ieee80211_tx_complete(data->ni, data->m, txerr);
3046
3047 data->m = NULL;
3048 data->ni = NULL;
12bd3c8b
SW
3049
3050 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3051 pq->tx_nfree++;
3052}
3053
3054static void
cea9a87b 3055run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
12bd3c8b
SW
3056{
3057 struct run_softc *sc = usbd_xfer_softc(xfer);
d52983bd 3058 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
3059 struct run_tx_data *data;
3060 struct ieee80211vap *vap = NULL;
3061 struct usb_page_cache *pc;
3062 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3063 struct mbuf *m;
3064 usb_frlength_t size;
3065 int actlen;
3066 int sumlen;
3067
3068 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3069
3070 switch (USB_GET_STATE(xfer)) {
3071 case USB_ST_TRANSFERRED:
3072 DPRINTFN(11, "transfer complete: %d "
3073 "bytes @ index %d\n", actlen, index);
3074
3075 data = usbd_xfer_get_priv(xfer);
12bd3c8b 3076 run_tx_free(pq, data, 0);
12bd3c8b
SW
3077 usbd_xfer_set_priv(xfer, NULL);
3078
12bd3c8b
SW
3079 /* FALLTHROUGH */
3080 case USB_ST_SETUP:
3081tr_setup:
3082 data = STAILQ_FIRST(&pq->tx_qh);
3083 if (data == NULL)
3084 break;
3085
3086 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3087
3088 m = data->m;
cea9a87b
SW
3089 size = (sc->mac_ver == 0x5592) ?
3090 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
12bd3c8b 3091 if ((m->m_pkthdr.len +
cea9a87b 3092 size + 3 + 8) > RUN_MAX_TXSZ) {
12bd3c8b
SW
3093 DPRINTF("data overflow, %u bytes\n",
3094 m->m_pkthdr.len);
12bd3c8b 3095 run_tx_free(pq, data, 1);
12bd3c8b
SW
3096 goto tr_setup;
3097 }
3098
3099 pc = usbd_xfer_get_frame(xfer, 0);
12bd3c8b
SW
3100 usbd_copy_in(pc, 0, &data->desc, size);
3101 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3102 size += m->m_pkthdr.len;
3103 /*
3104 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3105 * 4-byte padding), and be sure to zero those trailing
3106 * bytes:
3107 */
3108 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3109 size += ((-size) & 3) + 8;
3110
3111 vap = data->ni->ni_vap;
3112 if (ieee80211_radiotap_active_vap(vap)) {
3113 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
cea9a87b 3114 struct rt2860_txwi *txwi =
12bd3c8b 3115 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
12bd3c8b
SW
3116 tap->wt_flags = 0;
3117 tap->wt_rate = rt2860_rates[data->ridx].rate;
d52983bd 3118 run_get_tsf(sc, &tap->wt_tsf);
10f2cea7
SW
3119 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3120 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
12bd3c8b
SW
3121 tap->wt_hwqueue = index;
3122 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3123 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3124
3125 ieee80211_radiotap_tx(vap, m);
3126 }
3127
3128 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3129 m->m_pkthdr.len, size, index);
3130
3131 usbd_xfer_set_frame_len(xfer, 0, size);
3132 usbd_xfer_set_priv(xfer, data);
12bd3c8b 3133 usbd_transfer_submit(xfer);
d52983bd 3134 run_start(sc);
12bd3c8b
SW
3135
3136 break;
3137
3138 default:
3139 DPRINTF("USB transfer error, %s\n",
3140 usbd_errstr(error));
3141
3142 data = usbd_xfer_get_priv(xfer);
3143
12bd3c8b
SW
3144 if (data != NULL) {
3145 if(data->ni != NULL)
3146 vap = data->ni->ni_vap;
3147 run_tx_free(pq, data, error);
3148 usbd_xfer_set_priv(xfer, NULL);
3149 }
d52983bd 3150
12bd3c8b
SW
3151 if (vap == NULL)
3152 vap = TAILQ_FIRST(&ic->ic_vaps);
3153
3154 if (error != USB_ERR_CANCELLED) {
3155 if (error == USB_ERR_TIMEOUT) {
3156 device_printf(sc->sc_dev, "device timeout\n");
3157 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3158 DPRINTF("cmdq_store=%d\n", i);
3159 sc->cmdq[i].func = run_usb_timeout_cb;
3160 sc->cmdq[i].arg0 = vap;
3161 ieee80211_runtask(ic, &sc->cmdq_task);
3162 }
3163
3164 /*
3165 * Try to clear stall first, also if other
3166 * errors occur, hence clearing stall
3167 * introduces a 50 ms delay:
3168 */
3169 usbd_xfer_set_stall(xfer);
3170 goto tr_setup;
3171 }
3172 break;
3173 }
3174}
3175
3176static void
3177run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3178{
3179 run_bulk_tx_callbackN(xfer, error, 0);
3180}
3181
3182static void
3183run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3184{
3185 run_bulk_tx_callbackN(xfer, error, 1);
3186}
3187
3188static void
3189run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3190{
3191 run_bulk_tx_callbackN(xfer, error, 2);
3192}
3193
3194static void
3195run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3196{
3197 run_bulk_tx_callbackN(xfer, error, 3);
3198}
3199
3200static void
3201run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3202{
3203 run_bulk_tx_callbackN(xfer, error, 4);
3204}
3205
3206static void
3207run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3208{
3209 run_bulk_tx_callbackN(xfer, error, 5);
3210}
3211
3212static void
3213run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3214{
3215 struct mbuf *m = data->m;
d52983bd 3216 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
3217 struct ieee80211vap *vap = data->ni->ni_vap;
3218 struct ieee80211_frame *wh;
3219 struct rt2870_txd *txd;
3220 struct rt2860_txwi *txwi;
cea9a87b 3221 uint16_t xferlen, txwisize;
12bd3c8b
SW
3222 uint16_t mcs;
3223 uint8_t ridx = data->ridx;
3224 uint8_t pad;
3225
3226 /* get MCS code from rate index */
3227 mcs = rt2860_rates[ridx].mcs;
3228
cea9a87b
SW
3229 txwisize = (sc->mac_ver == 0x5592) ?
3230 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3231 xferlen = txwisize + m->m_pkthdr.len;
12bd3c8b
SW
3232
3233 /* roundup to 32-bit alignment */
3234 xferlen = (xferlen + 3) & ~3;
3235
3236 txd = (struct rt2870_txd *)&data->desc;
3237 txd->len = htole16(xferlen);
3238
3239 wh = mtod(m, struct ieee80211_frame *);
3240
3241 /*
3242 * Ether both are true or both are false, the header
3243 * are nicely aligned to 32-bit. So, no L2 padding.
3244 */
3245 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3246 pad = 0;
3247 else
3248 pad = 2;
3249
3250 /* setup TX Wireless Information */
3251 txwi = (struct rt2860_txwi *)(txd + 1);
3252 txwi->len = htole16(m->m_pkthdr.len - pad);
3253 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
db706de7 3254 mcs |= RT2860_PHY_CCK;
12bd3c8b
SW
3255 if (ridx != RT2860_RIDX_CCK1 &&
3256 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3257 mcs |= RT2860_PHY_SHPRE;
3258 } else
db706de7 3259 mcs |= RT2860_PHY_OFDM;
d52983bd 3260 txwi->phy = htole16(mcs);
12bd3c8b
SW
3261
3262 /* check if RTS/CTS or CTS-to-self protection is required */
3263 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3264 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3265 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3266 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3267 txwi->txop |= RT2860_TX_TXOP_HT;
3268 else
3269 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3270
3271 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3272 txwi->xflags |= RT2860_TX_NSEQ;
3273}
3274
3275/* This function must be called locked */
3276static int
3277run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3278{
d52983bd 3279 struct ieee80211com *ic = &sc->sc_ic;
12bd3c8b
SW
3280 struct ieee80211vap *vap = ni->ni_vap;
3281 struct ieee80211_frame *wh;
3282 struct ieee80211_channel *chan;
3283 const struct ieee80211_txparam *tp;
d52983bd 3284 struct run_node *rn = RUN_NODE(ni);
12bd3c8b
SW
3285 struct run_tx_data *data;
3286 struct rt2870_txd *txd;
3287 struct rt2860_txwi *txwi;
3288 uint16_t qos;
3289 uint16_t dur;
3290 uint16_t qid;
3291 uint8_t type;
3292 uint8_t tid;
3293 uint8_t ridx;
3294 uint8_t ctl_ridx;
3295 uint8_t qflags;
3296 uint8_t xflags = 0;
3297 int hasqos;
3298
3299 RUN_LOCK_ASSERT(sc, MA_OWNED);
3300
3301 wh = mtod(m, struct ieee80211_frame *);
3302
3303 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3304
3305 /*
3306 * There are 7 bulk endpoints: 1 for RX
3307 * and 6 for TX (4 EDCAs + HCCA + Prio).
3308 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3309 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3310 */
3311 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3312 uint8_t *frm;
3313
3314 if(IEEE80211_HAS_ADDR4(wh))
3315 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3316 else
3317 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3318
3319 qos = le16toh(*(const uint16_t *)frm);
3320 tid = qos & IEEE80211_QOS_TID;
3321 qid = TID_TO_WME_AC(tid);
3322 } else {
3323 qos = 0;
3324 tid = 0;
3325 qid = WME_AC_BE;
3326 }
3327 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3328
3329 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3330 qos, qid, tid, qflags);
3331
3332 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3333 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3334
3335 /* pickup a rate index */
3336 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
db706de7 3337 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
12bd3c8b
SW
3338 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3339 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3340 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3341 } else {
3342 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3343 ridx = rn->fix_ridx;
3344 else
3345 ridx = rn->amrr_ridx;
3346 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3347 }
3348
3349 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3350 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3351 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3352 xflags |= RT2860_TX_ACK;
3353 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3354 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3355 else
3356 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
cea9a87b 3357 USETW(wh->i_dur, dur);
12bd3c8b
SW
3358 }
3359
3360 /* reserve slots for mgmt packets, just in case */
3361 if (sc->sc_epq[qid].tx_nfree < 3) {
3362 DPRINTFN(10, "tx ring %d is full\n", qid);
3363 return (-1);
3364 }
3365
3366 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3367 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3368 sc->sc_epq[qid].tx_nfree--;
3369
3370 txd = (struct rt2870_txd *)&data->desc;
3371 txd->flags = qflags;
3372 txwi = (struct rt2860_txwi *)(txd + 1);
3373 txwi->xflags = xflags;
cea9a87b 3374 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
10f2cea7 3375 txwi->wcid = 0;
cea9a87b 3376 else
10f2cea7
SW
3377 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3378 1 : RUN_AID2WCID(ni->ni_associd);
cea9a87b 3379
12bd3c8b
SW
3380 /* clear leftover garbage bits */
3381 txwi->flags = 0;
3382 txwi->txop = 0;
3383
3384 data->m = m;
3385 data->ni = ni;
3386 data->ridx = ridx;
3387
3388 run_set_tx_desc(sc, data);
3389
3390 /*
3391 * The chip keeps track of 2 kind of Tx stats,
3392 * * TX_STAT_FIFO, for per WCID stats, and
3393 * * TX_STA_CNT0 for all-TX-in-one stats.
3394 *
3395 * To use FIFO stats, we need to store MCS into the driver-private
3396 * PacketID field. So that, we can tell whose stats when we read them.
3397 * We add 1 to the MCS because setting the PacketID field to 0 means
3398 * that we don't want feedback in TX_STAT_FIFO.
3399 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3400 *
3401 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3402 */
3403 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3404 vap->iv_opmode == IEEE80211_M_MBSS) {
3405 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3406 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3407
3408 /*
3409 * Unlike PCI based devices, we don't get any interrupt from
3410 * USB devices, so we simulate FIFO-is-full interrupt here.
d52983bd 3411 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
12bd3c8b
SW
3412 * quickly get fulled. To prevent overflow, increment a counter on
3413 * every FIFO stat request, so we know how many slots are left.
3414 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3415 * are used only in those modes.
3416 * We just drain stats. AMRR gets updated every 1 sec by
3417 * run_ratectl_cb() via callout.
3418 * Call it early. Otherwise overflow.
3419 */
3420 if (sc->fifo_cnt++ == 10) {
3421 /*
3422 * With multiple vaps or if_bridge, if_start() is called
3423 * with a non-sleepable lock, tcpinp. So, need to defer.
3424 */
3425 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3426 DPRINTFN(6, "cmdq_store=%d\n", i);
3427 sc->cmdq[i].func = run_drain_fifo;
3428 sc->cmdq[i].arg0 = sc;
3429 ieee80211_runtask(ic, &sc->cmdq_task);
3430 }
3431 }
3432
3433 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3434
3435 usbd_transfer_start(sc->sc_xfer[qid]);
3436
cea9a87b
SW
3437 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3438 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3439 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
12bd3c8b
SW
3440
3441 return (0);
3442}
3443
3444static int
3445run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3446{
d52983bd
IV
3447 struct ieee80211com *ic = &sc->sc_ic;
3448 struct run_node *rn = RUN_NODE(ni);
12bd3c8b
SW
3449 struct run_tx_data *data;
3450 struct ieee80211_frame *wh;
3451 struct rt2870_txd *txd;
3452 struct rt2860_txwi *txwi;
3453 uint16_t dur;
3454 uint8_t ridx = rn->mgt_ridx;
3455 uint8_t type;
3456 uint8_t xflags = 0;
3457 uint8_t wflags = 0;
3458
3459 RUN_LOCK_ASSERT(sc, MA_OWNED);
3460
3461 wh = mtod(m, struct ieee80211_frame *);
3462
3463 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3464
3465 /* tell hardware to add timestamp for probe responses */
3466 if ((wh->i_fc[0] &
3467 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3468 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3469 wflags |= RT2860_TX_TS;
3470 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3471 xflags |= RT2860_TX_ACK;
3472
3473 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3474 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
cea9a87b 3475 USETW(wh->i_dur, dur);
12bd3c8b
SW
3476 }
3477
d52983bd 3478 if (sc->sc_epq[0].tx_nfree == 0)
12bd3c8b 3479 /* let caller free mbuf */
12bd3c8b 3480 return (EIO);
12bd3c8b
SW
3481 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3482 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3483 sc->sc_epq[0].tx_nfree--;
3484
3485 txd = (struct rt2870_txd *)&data->desc;
3486 txd->flags = RT2860_TX_QSEL_EDCA;
3487 txwi = (struct rt2860_txwi *)(txd + 1);
3488 txwi->wcid = 0xff;
3489 txwi->flags = wflags;
3490 txwi->xflags = xflags;
3491 txwi->txop = 0; /* clear leftover garbage bits */
3492
3493 data->m = m;
3494 data->ni = ni;
3495 data->ridx = ridx;
3496
3497 run_set_tx_desc(sc, data);
3498
3499 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
cea9a87b 3500 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
12bd3c8b
SW
3501 rt2860_rates[ridx].rate);
3502
3503 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3504
3505 usbd_transfer_start(sc->sc_xfer[0]);
3506
3507 return (0);
3508}
3509
3510static int
3511run_sendprot(struct run_softc *sc,
3512 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3513{
3514 struct ieee80211com *ic = ni->ni_ic;
3515 struct ieee80211_frame *wh;
3516 struct run_tx_data *data;
3517 struct rt2870_txd *txd;
3518 struct rt2860_txwi *txwi;
3519 struct mbuf *mprot;
3520 int ridx;
3521 int protrate;
3522 int ackrate;
3523 int pktlen;
3524 int isshort;
3525 uint16_t dur;
3526 uint8_t type;
3527 uint8_t wflags = 0;
3528 uint8_t xflags = 0;
3529
3530 RUN_LOCK_ASSERT(sc, MA_OWNED);
3531
3532 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3533 ("protection %d", prot));
3534
3535 wh = mtod(m, struct ieee80211_frame *);
3536 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3537 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3538
3539 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3540 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3541
3542 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3543 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3544 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3545 wflags = RT2860_TX_FRAG;
3546
3547 /* check that there are free slots before allocating the mbuf */
d52983bd 3548 if (sc->sc_epq[0].tx_nfree == 0)
12bd3c8b 3549 /* let caller free mbuf */
12bd3c8b 3550 return (ENOBUFS);
12bd3c8b
SW
3551
3552 if (prot == IEEE80211_PROT_RTSCTS) {
3553 /* NB: CTS is the same size as an ACK */
3554 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3555 xflags |= RT2860_TX_ACK;
3556 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3557 } else {
3558 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3559 }
3560 if (mprot == NULL) {
d52983bd 3561 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
12bd3c8b
SW
3562 DPRINTF("could not allocate mbuf\n");
3563 return (ENOBUFS);
3564 }
3565
3566 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3567 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3568 sc->sc_epq[0].tx_nfree--;
3569
3570 txd = (struct rt2870_txd *)&data->desc;
3571 txd->flags = RT2860_TX_QSEL_EDCA;
3572 txwi = (struct rt2860_txwi *)(txd + 1);
3573 txwi->wcid = 0xff;
3574 txwi->flags = wflags;
3575 txwi->xflags = xflags;
3576 txwi->txop = 0; /* clear leftover garbage bits */
3577
3578 data->m = mprot;
3579 data->ni = ieee80211_ref_node(ni);
3580
3581 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3582 if (rt2860_rates[ridx].rate == protrate)
3583 break;
3584 data->ridx = ridx;
3585
3586 run_set_tx_desc(sc, data);
3587
3588 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3589 m->m_pkthdr.len, rate);
3590
3591 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3592
3593 usbd_transfer_start(sc->sc_xfer[0]);
3594
3595 return (0);
3596}
3597
3598static int
3599run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3600 const struct ieee80211_bpf_params *params)
3601{
3602 struct ieee80211com *ic = ni->ni_ic;
3603 struct ieee80211_frame *wh;
3604 struct run_tx_data *data;
3605 struct rt2870_txd *txd;
3606 struct rt2860_txwi *txwi;
3607 uint8_t type;
3608 uint8_t ridx;
3609 uint8_t rate;
3610 uint8_t opflags = 0;
3611 uint8_t xflags = 0;
3612 int error;
3613
3614 RUN_LOCK_ASSERT(sc, MA_OWNED);
3615
3616 KASSERT(params != NULL, ("no raw xmit params"));
3617
3618 wh = mtod(m, struct ieee80211_frame *);
3619 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3620
3621 rate = params->ibp_rate0;
3622 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3623 /* let caller free mbuf */
3624 return (EINVAL);
3625 }
3626
3627 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3628 xflags |= RT2860_TX_ACK;
3629 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3630 error = run_sendprot(sc, m, ni,
3631 params->ibp_flags & IEEE80211_BPF_RTS ?
3632 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3633 rate);
3634 if (error) {
3635 /* let caller free mbuf */
3636 return error;
3637 }
3638 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3639 }
3640
3641 if (sc->sc_epq[0].tx_nfree == 0) {
3642 /* let caller free mbuf */
12bd3c8b
SW
3643 DPRINTF("sending raw frame, but tx ring is full\n");
3644 return (EIO);
3645 }
3646 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3647 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3648 sc->sc_epq[0].tx_nfree--;
3649
3650 txd = (struct rt2870_txd *)&data->desc;
3651 txd->flags = RT2860_TX_QSEL_EDCA;
3652 txwi = (struct rt2860_txwi *)(txd + 1);
3653 txwi->wcid = 0xff;
3654 txwi->xflags = xflags;
3655 txwi->txop = opflags;
3656 txwi->flags = 0; /* clear leftover garbage bits */
3657
3658 data->m = m;
3659 data->ni = ni;
3660 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3661 if (rt2860_rates[ridx].rate == rate)
3662 break;
3663 data->ridx = ridx;
3664
3665 run_set_tx_desc(sc, data);
3666
3667 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3668 m->m_pkthdr.len, rate);
3669
3670 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3671
3672 usbd_transfer_start(sc->sc_xfer[0]);
3673
3674 return (0);
3675}
3676
3677static int
3678run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3679 const struct ieee80211_bpf_params *params)
3680{
b5730aca 3681 struct run_softc *sc = ni->ni_ic->ic_softc;
12bd3c8b
SW
3682 int error = 0;
3683
3684 RUN_LOCK(sc);
3685
3686 /* prevent management frames from being sent if we're not ready */
d52983bd 3687 if (!(sc->sc_flags & RUN_RUNNING)) {
3b964699 3688 error = ENETDOWN;
12bd3c8b
SW
3689 goto done;
3690 }
3691
3692 if (params == NULL) {
3693 /* tx mgt packet */
3694 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
12bd3c8b
SW
3695 DPRINTF("mgt tx failed\n");
3696 goto done;
3697 }
3698 } else {
3699 /* tx raw packet with param */
3700 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
12bd3c8b
SW
3701 DPRINTF("tx with param failed\n");
3702 goto done;
3703 }
3704 }
3705
12bd3c8b
SW
3706done:
3707 RUN_UNLOCK(sc);
3708
3709 if (error != 0) {
3710 if(m != NULL)
3711 m_freem(m);
12bd3c8b
SW
3712 }
3713
3714 return (error);
3715}
3716
d52983bd
IV
3717static int
3718run_transmit(struct ieee80211com *ic, struct mbuf *m)
3719{
3720 struct run_softc *sc = ic->ic_softc;
3721 int error;
3722
3723 RUN_LOCK(sc);
3724 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3725 RUN_UNLOCK(sc);
3726 return (ENXIO);
3727 }
3728 error = mbufq_enqueue(&sc->sc_snd, m);
3729 if (error) {
3730 RUN_UNLOCK(sc);
3731 return (error);
3732 }
3733 run_start(sc);
3734 RUN_UNLOCK(sc);
3735
3736 return (0);
3737}
3738
12bd3c8b 3739static void
d52983bd 3740run_start(struct run_softc *sc)
12bd3c8b 3741{
12bd3c8b 3742 struct ieee80211_node *ni;
d52983bd 3743 struct mbuf *m;
12bd3c8b 3744
d52983bd 3745 RUN_LOCK_ASSERT(sc, MA_OWNED);
12bd3c8b 3746
d52983bd
IV
3747 if ((sc->sc_flags & RUN_RUNNING) == 0)
3748 return;
12bd3c8b 3749
d52983bd 3750 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
12bd3c8b
SW
3751 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3752 if (run_tx(sc, m, ni) != 0) {
d52983bd 3753 mbufq_prepend(&sc->sc_snd, m);
12bd3c8b
SW
3754 break;
3755 }
3756 }
12bd3c8b
SW
3757}
3758
d52983bd
IV
3759static void
3760run_parent(struct ieee80211com *ic)
12bd3c8b 3761{
b5730aca 3762 struct run_softc *sc = ic->ic_softc;
12bd3c8b 3763 int startall = 0;
10f2cea7
SW
3764
3765 RUN_LOCK(sc);
d52983bd 3766 if (sc->sc_detached) {
12bd3c8b 3767 RUN_UNLOCK(sc);
d52983bd 3768 return;
12bd3c8b
SW
3769 }
3770
d52983bd
IV
3771 if (ic->ic_nrunning > 0) {
3772 if (!(sc->sc_flags & RUN_RUNNING)) {
3773 startall = 1;
3774 run_init_locked(sc);
3775 } else
3776 run_update_promisc_locked(sc);
3777 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3778 run_stop(sc);
3779 RUN_UNLOCK(sc);
3780 if (startall)
3781 ieee80211_start_all(ic);
12bd3c8b
SW
3782}
3783
cea9a87b
SW
3784static void
3785run_iq_calib(struct run_softc *sc, u_int chan)
3786{
3787 uint16_t val;
3788
3789 /* Tx0 IQ gain. */
3790 run_bbp_write(sc, 158, 0x2c);
3791 if (chan <= 14)
3792 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3793 else if (chan <= 64) {