2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 262795 2014-03-05 18:39:27Z hselasky $
23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
24 * http://www.ralinktech.com/
27 #include <sys/param.h>
28 #include <sys/sockio.h>
29 #include <sys/sysctl.h>
32 #include <sys/kernel.h>
33 #include <sys/socket.h>
34 #include <sys/systm.h>
35 #include <sys/malloc.h>
36 #include <sys/module.h>
38 #include <sys/endian.h>
39 #include <sys/linker.h>
40 #include <sys/firmware.h>
46 #include <net/if_var.h>
47 #include <net/if_arp.h>
48 #include <net/ethernet.h>
49 #include <net/if_dl.h>
50 #include <net/if_media.h>
51 #include <net/if_types.h>
52 #include <net/ifq_var.h>
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/in_var.h>
57 #include <netinet/if_ether.h>
58 #include <netinet/ip.h>
60 #include <netproto/802_11/ieee80211_var.h>
61 #include <netproto/802_11/ieee80211_regdomain.h>
62 #include <netproto/802_11/ieee80211_radiotap.h>
63 #include <netproto/802_11/ieee80211_ratectl.h>
65 #include <bus/u4b/usb.h>
66 #include <bus/u4b/usbdi.h>
69 #define USB_DEBUG_VAR run_debug
70 #include <bus/u4b/usb_debug.h>
71 #include <bus/u4b/usb_msctest.h>
73 #include <bus/u4b/wlan/if_runreg.h>
74 #include <bus/u4b/wlan/if_runvar.h>
82 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
83 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
87 #define IEEE80211_HAS_ADDR4(wh) \
88 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
91 * Because of LOR in run_key_delete(), use atomic instead.
92 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
94 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
96 static const STRUCT_USB_HOST_ID run_devs[] = {
97 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
98 #define RUN_DEV_EJECT(v,p) \
99 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
101 RUN_DEV(ABOCOM, RT2770),
102 RUN_DEV(ABOCOM, RT2870),
103 RUN_DEV(ABOCOM, RT3070),
104 RUN_DEV(ABOCOM, RT3071),
105 RUN_DEV(ABOCOM, RT3072),
106 RUN_DEV(ABOCOM2, RT2870_1),
107 RUN_DEV(ACCTON, RT2770),
108 RUN_DEV(ACCTON, RT2870_1),
109 RUN_DEV(ACCTON, RT2870_2),
110 RUN_DEV(ACCTON, RT2870_3),
111 RUN_DEV(ACCTON, RT2870_4),
112 RUN_DEV(ACCTON, RT2870_5),
113 RUN_DEV(ACCTON, RT3070),
114 RUN_DEV(ACCTON, RT3070_1),
115 RUN_DEV(ACCTON, RT3070_2),
116 RUN_DEV(ACCTON, RT3070_3),
117 RUN_DEV(ACCTON, RT3070_4),
118 RUN_DEV(ACCTON, RT3070_5),
119 RUN_DEV(AIRTIES, RT3070),
120 RUN_DEV(ALLWIN, RT2070),
121 RUN_DEV(ALLWIN, RT2770),
122 RUN_DEV(ALLWIN, RT2870),
123 RUN_DEV(ALLWIN, RT3070),
124 RUN_DEV(ALLWIN, RT3071),
125 RUN_DEV(ALLWIN, RT3072),
126 RUN_DEV(ALLWIN, RT3572),
127 RUN_DEV(AMIGO, RT2870_1),
128 RUN_DEV(AMIGO, RT2870_2),
129 RUN_DEV(AMIT, CGWLUSB2GNR),
130 RUN_DEV(AMIT, RT2870_1),
131 RUN_DEV(AMIT2, RT2870),
132 RUN_DEV(ASUS, RT2870_1),
133 RUN_DEV(ASUS, RT2870_2),
134 RUN_DEV(ASUS, RT2870_3),
135 RUN_DEV(ASUS, RT2870_4),
136 RUN_DEV(ASUS, RT2870_5),
137 RUN_DEV(ASUS, USBN13),
138 RUN_DEV(ASUS, RT3070_1),
139 RUN_DEV(ASUS, USBN66),
140 RUN_DEV(ASUS, USB_N53),
141 RUN_DEV(ASUS2, USBN11),
142 RUN_DEV(AZUREWAVE, RT2870_1),
143 RUN_DEV(AZUREWAVE, RT2870_2),
144 RUN_DEV(AZUREWAVE, RT3070_1),
145 RUN_DEV(AZUREWAVE, RT3070_2),
146 RUN_DEV(AZUREWAVE, RT3070_3),
147 RUN_DEV(BELKIN, F9L1103),
148 RUN_DEV(BELKIN, F5D8053V3),
149 RUN_DEV(BELKIN, F5D8055),
150 RUN_DEV(BELKIN, F5D8055V2),
151 RUN_DEV(BELKIN, F6D4050V1),
152 RUN_DEV(BELKIN, F6D4050V2),
153 RUN_DEV(BELKIN, RT2870_1),
154 RUN_DEV(BELKIN, RT2870_2),
155 RUN_DEV(CISCOLINKSYS, AE1000),
156 RUN_DEV(CISCOLINKSYS2, RT3070),
157 RUN_DEV(CISCOLINKSYS3, RT3070),
158 RUN_DEV(CONCEPTRONIC2, RT2870_1),
159 RUN_DEV(CONCEPTRONIC2, RT2870_2),
160 RUN_DEV(CONCEPTRONIC2, RT2870_3),
161 RUN_DEV(CONCEPTRONIC2, RT2870_4),
162 RUN_DEV(CONCEPTRONIC2, RT2870_5),
163 RUN_DEV(CONCEPTRONIC2, RT2870_6),
164 RUN_DEV(CONCEPTRONIC2, RT2870_7),
165 RUN_DEV(CONCEPTRONIC2, RT2870_8),
166 RUN_DEV(CONCEPTRONIC2, RT3070_1),
167 RUN_DEV(CONCEPTRONIC2, RT3070_2),
168 RUN_DEV(CONCEPTRONIC2, VIGORN61),
169 RUN_DEV(COREGA, CGWLUSB300GNM),
170 RUN_DEV(COREGA, RT2870_1),
171 RUN_DEV(COREGA, RT2870_2),
172 RUN_DEV(COREGA, RT2870_3),
173 RUN_DEV(COREGA, RT3070),
174 RUN_DEV(CYBERTAN, RT2870),
175 RUN_DEV(DLINK, RT2870),
176 RUN_DEV(DLINK, RT3072),
177 RUN_DEV(DLINK, DWA127),
178 RUN_DEV(DLINK, DWA140B3),
179 RUN_DEV(DLINK, DWA160B2),
180 RUN_DEV(DLINK, DWA162),
181 RUN_DEV(DLINK2, DWA130),
182 RUN_DEV(DLINK2, RT2870_1),
183 RUN_DEV(DLINK2, RT2870_2),
184 RUN_DEV(DLINK2, RT3070_1),
185 RUN_DEV(DLINK2, RT3070_2),
186 RUN_DEV(DLINK2, RT3070_3),
187 RUN_DEV(DLINK2, RT3070_4),
188 RUN_DEV(DLINK2, RT3070_5),
189 RUN_DEV(DLINK2, RT3072),
190 RUN_DEV(DLINK2, RT3072_1),
191 RUN_DEV(EDIMAX, EW7717),
192 RUN_DEV(EDIMAX, EW7718),
193 RUN_DEV(EDIMAX, EW7733UND),
194 RUN_DEV(EDIMAX, RT2870_1),
195 RUN_DEV(ENCORE, RT3070_1),
196 RUN_DEV(ENCORE, RT3070_2),
197 RUN_DEV(ENCORE, RT3070_3),
198 RUN_DEV(GIGABYTE, GNWB31N),
199 RUN_DEV(GIGABYTE, GNWB32L),
200 RUN_DEV(GIGABYTE, RT2870_1),
201 RUN_DEV(GIGASET, RT3070_1),
202 RUN_DEV(GIGASET, RT3070_2),
203 RUN_DEV(GUILLEMOT, HWNU300),
204 RUN_DEV(HAWKING, HWUN2),
205 RUN_DEV(HAWKING, RT2870_1),
206 RUN_DEV(HAWKING, RT2870_2),
207 RUN_DEV(HAWKING, RT3070),
208 RUN_DEV(IODATA, RT3072_1),
209 RUN_DEV(IODATA, RT3072_2),
210 RUN_DEV(IODATA, RT3072_3),
211 RUN_DEV(IODATA, RT3072_4),
212 RUN_DEV(LINKSYS4, RT3070),
213 RUN_DEV(LINKSYS4, WUSB100),
214 RUN_DEV(LINKSYS4, WUSB54GCV3),
215 RUN_DEV(LINKSYS4, WUSB600N),
216 RUN_DEV(LINKSYS4, WUSB600NV2),
217 RUN_DEV(LOGITEC, RT2870_1),
218 RUN_DEV(LOGITEC, RT2870_2),
219 RUN_DEV(LOGITEC, RT2870_3),
220 RUN_DEV(LOGITEC, LANW300NU2),
221 RUN_DEV(LOGITEC, LANW150NU2),
222 RUN_DEV(LOGITEC, LANW300NU2S),
223 RUN_DEV(MELCO, RT2870_1),
224 RUN_DEV(MELCO, RT2870_2),
225 RUN_DEV(MELCO, WLIUCAG300N),
226 RUN_DEV(MELCO, WLIUCG300N),
227 RUN_DEV(MELCO, WLIUCG301N),
228 RUN_DEV(MELCO, WLIUCGN),
229 RUN_DEV(MELCO, WLIUCGNM),
230 RUN_DEV(MELCO, WLIUCGNM2),
231 RUN_DEV(MOTOROLA4, RT2770),
232 RUN_DEV(MOTOROLA4, RT3070),
233 RUN_DEV(MSI, RT3070_1),
234 RUN_DEV(MSI, RT3070_2),
235 RUN_DEV(MSI, RT3070_3),
236 RUN_DEV(MSI, RT3070_4),
237 RUN_DEV(MSI, RT3070_5),
238 RUN_DEV(MSI, RT3070_6),
239 RUN_DEV(MSI, RT3070_7),
240 RUN_DEV(MSI, RT3070_8),
241 RUN_DEV(MSI, RT3070_9),
242 RUN_DEV(MSI, RT3070_10),
243 RUN_DEV(MSI, RT3070_11),
244 RUN_DEV(OVISLINK, RT3072),
245 RUN_DEV(PARA, RT3070),
246 RUN_DEV(PEGATRON, RT2870),
247 RUN_DEV(PEGATRON, RT3070),
248 RUN_DEV(PEGATRON, RT3070_2),
249 RUN_DEV(PEGATRON, RT3070_3),
250 RUN_DEV(PHILIPS, RT2870),
251 RUN_DEV(PLANEX2, GWUS300MINIS),
252 RUN_DEV(PLANEX2, GWUSMICRON),
253 RUN_DEV(PLANEX2, RT2870),
254 RUN_DEV(PLANEX2, RT3070),
255 RUN_DEV(QCOM, RT2870),
256 RUN_DEV(QUANTA, RT3070),
257 RUN_DEV(RALINK, RT2070),
258 RUN_DEV(RALINK, RT2770),
259 RUN_DEV(RALINK, RT2870),
260 RUN_DEV(RALINK, RT3070),
261 RUN_DEV(RALINK, RT3071),
262 RUN_DEV(RALINK, RT3072),
263 RUN_DEV(RALINK, RT3370),
264 RUN_DEV(RALINK, RT3572),
265 RUN_DEV(RALINK, RT3573),
266 RUN_DEV(RALINK, RT5370),
267 RUN_DEV(RALINK, RT5572),
268 RUN_DEV(RALINK, RT8070),
269 RUN_DEV(SAMSUNG, WIS09ABGN),
270 RUN_DEV(SAMSUNG2, RT2870_1),
271 RUN_DEV(SENAO, RT2870_1),
272 RUN_DEV(SENAO, RT2870_2),
273 RUN_DEV(SENAO, RT2870_3),
274 RUN_DEV(SENAO, RT2870_4),
275 RUN_DEV(SENAO, RT3070),
276 RUN_DEV(SENAO, RT3071),
277 RUN_DEV(SENAO, RT3072_1),
278 RUN_DEV(SENAO, RT3072_2),
279 RUN_DEV(SENAO, RT3072_3),
280 RUN_DEV(SENAO, RT3072_4),
281 RUN_DEV(SENAO, RT3072_5),
282 RUN_DEV(SITECOMEU, RT2770),
283 RUN_DEV(SITECOMEU, RT2870_1),
284 RUN_DEV(SITECOMEU, RT2870_2),
285 RUN_DEV(SITECOMEU, RT2870_3),
286 RUN_DEV(SITECOMEU, RT2870_4),
287 RUN_DEV(SITECOMEU, RT3070),
288 RUN_DEV(SITECOMEU, RT3070_2),
289 RUN_DEV(SITECOMEU, RT3070_3),
290 RUN_DEV(SITECOMEU, RT3070_4),
291 RUN_DEV(SITECOMEU, RT3071),
292 RUN_DEV(SITECOMEU, RT3072_1),
293 RUN_DEV(SITECOMEU, RT3072_2),
294 RUN_DEV(SITECOMEU, RT3072_3),
295 RUN_DEV(SITECOMEU, RT3072_4),
296 RUN_DEV(SITECOMEU, RT3072_5),
297 RUN_DEV(SITECOMEU, RT3072_6),
298 RUN_DEV(SITECOMEU, WL608),
299 RUN_DEV(SPARKLAN, RT2870_1),
300 RUN_DEV(SPARKLAN, RT3070),
301 RUN_DEV(SWEEX2, LW153),
302 RUN_DEV(SWEEX2, LW303),
303 RUN_DEV(SWEEX2, LW313),
304 RUN_DEV(TOSHIBA, RT3070),
305 RUN_DEV(UMEDIA, RT2870_1),
306 RUN_DEV(ZCOM, RT2870_1),
307 RUN_DEV(ZCOM, RT2870_2),
308 RUN_DEV(ZINWELL, RT2870_1),
309 RUN_DEV(ZINWELL, RT2870_2),
310 RUN_DEV(ZINWELL, RT3070),
311 RUN_DEV(ZINWELL, RT3072_1),
312 RUN_DEV(ZINWELL, RT3072_2),
313 RUN_DEV(ZYXEL, RT2870_1),
314 RUN_DEV(ZYXEL, RT2870_2),
315 RUN_DEV_EJECT(ZYXEL, NWD2705),
316 RUN_DEV_EJECT(RALINK, RT_STOR),
321 static device_probe_t run_match;
322 static device_attach_t run_attach;
323 static device_detach_t run_detach;
325 static usb_callback_t run_bulk_rx_callback;
326 static usb_callback_t run_bulk_tx_callback0;
327 static usb_callback_t run_bulk_tx_callback1;
328 static usb_callback_t run_bulk_tx_callback2;
329 static usb_callback_t run_bulk_tx_callback3;
330 static usb_callback_t run_bulk_tx_callback4;
331 static usb_callback_t run_bulk_tx_callback5;
333 static void run_autoinst(void *, struct usb_device *,
334 struct usb_attach_arg *);
335 static int run_driver_loaded(struct module *, int, void *);
336 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
337 usb_error_t error, u_int index);
338 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
339 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
340 const uint8_t [IEEE80211_ADDR_LEN],
341 const uint8_t [IEEE80211_ADDR_LEN]);
342 static void run_vap_delete(struct ieee80211vap *);
343 static void run_cmdq_cb(void *, int);
344 static void run_setup_tx_list(struct run_softc *,
345 struct run_endpoint_queue *);
346 static void run_unsetup_tx_list(struct run_softc *,
347 struct run_endpoint_queue *);
348 static int run_load_microcode(struct run_softc *);
349 static int run_reset(struct run_softc *);
350 static usb_error_t run_do_request(struct run_softc *,
351 struct usb_device_request *, void *);
352 static int run_read(struct run_softc *, uint16_t, uint32_t *);
353 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
354 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
355 static int run_write(struct run_softc *, uint16_t, uint32_t);
356 static int run_write_region_1(struct run_softc *, uint16_t,
357 const uint8_t *, int);
358 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
359 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
360 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
361 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
362 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
363 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
364 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
365 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
366 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
367 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
368 static const char *run_get_rf(uint16_t);
369 static void run_rt3593_get_txpower(struct run_softc *);
370 static void run_get_txpower(struct run_softc *);
371 static int run_read_eeprom(struct run_softc *);
372 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
373 const uint8_t mac[IEEE80211_ADDR_LEN]);
374 static int run_media_change(struct ifnet *);
375 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
376 static int run_wme_update(struct ieee80211com *);
377 static void run_wme_update_cb(void *);
378 static void run_key_update_begin(struct ieee80211vap *);
379 static void run_key_update_end(struct ieee80211vap *);
380 static void run_key_set_cb(void *);
381 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
382 const uint8_t mac[IEEE80211_ADDR_LEN]);
383 static void run_key_delete_cb(void *);
384 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
385 static void run_ratectl_to(void *);
386 static void run_ratectl_cb(void *, int);
387 static void run_drain_fifo(void *);
388 static void run_iter_func(void *, struct ieee80211_node *);
389 static void run_newassoc_cb(void *);
390 static void run_newassoc(struct ieee80211_node *, int);
391 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
392 static void run_tx_free(struct run_endpoint_queue *pq,
393 struct run_tx_data *, int);
394 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
395 static int run_tx(struct run_softc *, struct mbuf *,
396 struct ieee80211_node *);
397 static int run_tx_mgt(struct run_softc *, struct mbuf *,
398 struct ieee80211_node *);
399 static int run_sendprot(struct run_softc *, const struct mbuf *,
400 struct ieee80211_node *, int, int);
401 static int run_tx_param(struct run_softc *, struct mbuf *,
402 struct ieee80211_node *,
403 const struct ieee80211_bpf_params *);
404 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
405 const struct ieee80211_bpf_params *);
406 static void run_start_locked(struct ifnet *);
407 static void run_start(struct ifnet *, struct ifaltq_subque *);
408 static int run_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
409 static void run_iq_calib(struct run_softc *, u_int);
410 static void run_set_agc(struct run_softc *, uint8_t);
411 static void run_select_chan_group(struct run_softc *, int);
412 static void run_set_rx_antenna(struct run_softc *, int);
413 static void run_rt2870_set_chan(struct run_softc *, u_int);
414 static void run_rt3070_set_chan(struct run_softc *, u_int);
415 static void run_rt3572_set_chan(struct run_softc *, u_int);
416 static void run_rt3593_set_chan(struct run_softc *, u_int);
417 static void run_rt5390_set_chan(struct run_softc *, u_int);
418 static void run_rt5592_set_chan(struct run_softc *, u_int);
419 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
420 static void run_set_channel(struct ieee80211com *);
421 static void run_scan_start(struct ieee80211com *);
422 static void run_scan_end(struct ieee80211com *);
423 static void run_update_beacon(struct ieee80211vap *, int);
424 static void run_update_beacon_cb(void *);
425 static void run_updateprot(struct ieee80211com *);
426 static void run_updateprot_cb(void *);
427 static void run_usb_timeout_cb(void *);
428 static void run_reset_livelock(struct run_softc *);
429 static void run_enable_tsf_sync(struct run_softc *);
430 static void run_enable_mrr(struct run_softc *);
431 static void run_set_txpreamble(struct run_softc *);
432 static void run_set_basicrates(struct run_softc *);
433 static void run_set_leds(struct run_softc *, uint16_t);
434 static void run_set_bssid(struct run_softc *, const uint8_t *);
435 static void run_set_macaddr(struct run_softc *, const uint8_t *);
436 static void run_updateslot(struct ifnet *);
437 static void run_updateslot_cb(void *);
438 static void run_update_mcast(struct ifnet *);
439 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
440 static void run_update_promisc_locked(struct ifnet *);
441 static void run_update_promisc(struct ifnet *);
442 static void run_rt5390_bbp_init(struct run_softc *);
443 static int run_bbp_init(struct run_softc *);
444 static int run_rt3070_rf_init(struct run_softc *);
445 static void run_rt3593_rf_init(struct run_softc *);
446 static void run_rt5390_rf_init(struct run_softc *);
447 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
449 static void run_rt3070_rf_setup(struct run_softc *);
450 static void run_rt3593_rf_setup(struct run_softc *);
451 static void run_rt5390_rf_setup(struct run_softc *);
452 static int run_txrx_enable(struct run_softc *);
453 static void run_adjust_freq_offset(struct run_softc *);
454 static void run_init(void *);
455 static void run_init_locked(struct run_softc *);
456 static void run_stop(void *);
457 static void run_delay(struct run_softc *, u_int);
459 static eventhandler_tag run_etag;
461 static const struct rt2860_rate {
464 enum ieee80211_phytype phy;
469 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
470 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
471 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
472 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
473 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
474 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
475 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
476 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
477 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
478 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
479 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
480 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
483 static const struct {
486 } rt2870_def_mac[] = {
490 static const struct {
493 } rt2860_def_bbp[] = {
495 },rt5390_def_bbp[] = {
497 },rt5592_def_bbp[] = {
502 * Default values for BBP register R196 for RT5592.
504 static const uint8_t rt5592_bbp_r196[] = {
505 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
506 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
507 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
508 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
509 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
510 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
512 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
513 0x2e, 0x36, 0x30, 0x6e
516 static const struct rfprog {
518 uint32_t r1, r2, r3, r4;
519 } rt2860_rf2850[] = {
529 static const struct rt5592_freqs {
532 } rt5592_freqs_20mhz[] = {
534 },rt5592_freqs_40mhz[] = {
538 static const struct {
541 } rt3070_def_rf[] = {
543 },rt3572_def_rf[] = {
545 },rt3593_def_rf[] = {
547 },rt5390_def_rf[] = {
549 },rt5392_def_rf[] = {
551 },rt5592_def_rf[] = {
553 },rt5592_2ghz_def_rf[] = {
555 },rt5592_5ghz_def_rf[] = {
559 static const struct {
564 } rt5592_chan_5ghz[] = {
568 static const struct usb_config run_config[RUN_N_XFER] = {
571 .endpoint = UE_ADDR_ANY,
573 .direction = UE_DIR_OUT,
574 .bufsize = RUN_MAX_TXSZ,
575 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
576 .callback = run_bulk_tx_callback0,
577 .timeout = 5000, /* ms */
581 .endpoint = UE_ADDR_ANY,
582 .direction = UE_DIR_OUT,
584 .bufsize = RUN_MAX_TXSZ,
585 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
586 .callback = run_bulk_tx_callback1,
587 .timeout = 5000, /* ms */
591 .endpoint = UE_ADDR_ANY,
592 .direction = UE_DIR_OUT,
594 .bufsize = RUN_MAX_TXSZ,
595 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
596 .callback = run_bulk_tx_callback2,
597 .timeout = 5000, /* ms */
601 .endpoint = UE_ADDR_ANY,
602 .direction = UE_DIR_OUT,
604 .bufsize = RUN_MAX_TXSZ,
605 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
606 .callback = run_bulk_tx_callback3,
607 .timeout = 5000, /* ms */
609 [RUN_BULK_TX_HCCA] = {
611 .endpoint = UE_ADDR_ANY,
612 .direction = UE_DIR_OUT,
614 .bufsize = RUN_MAX_TXSZ,
615 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
616 .callback = run_bulk_tx_callback4,
617 .timeout = 5000, /* ms */
619 [RUN_BULK_TX_PRIO] = {
621 .endpoint = UE_ADDR_ANY,
622 .direction = UE_DIR_OUT,
624 .bufsize = RUN_MAX_TXSZ,
625 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
626 .callback = run_bulk_tx_callback5,
627 .timeout = 5000, /* ms */
631 .endpoint = UE_ADDR_ANY,
632 .direction = UE_DIR_IN,
633 .bufsize = RUN_MAX_RXSZ,
634 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
635 .callback = run_bulk_rx_callback,
640 run_autoinst(void *arg, struct usb_device *udev,
641 struct usb_attach_arg *uaa)
643 struct usb_interface *iface;
644 struct usb_interface_descriptor *id;
646 if (uaa->dev_state != UAA_DEV_READY)
649 iface = usbd_get_iface(udev, 0);
653 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
655 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
658 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
659 uaa->dev_state = UAA_DEV_EJECTING;
663 run_driver_loaded(struct module *mod, int what, void *arg)
667 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
668 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
671 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
680 run_match(device_t self)
682 struct usb_attach_arg *uaa = device_get_ivars(self);
684 if (uaa->usb_mode != USB_MODE_HOST)
686 if (uaa->info.bConfigIndex != 0)
688 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
691 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
695 run_attach(device_t self)
697 struct run_softc *sc = device_get_softc(self);
698 struct usb_attach_arg *uaa = device_get_ivars(self);
699 struct ieee80211com *ic;
703 uint8_t iface_index, bands;
704 char ethstr[ETHER_ADDRSTRLEN + 1];
706 wlan_serialize_enter();
708 device_set_usb_desc(self);
709 sc->sc_udev = uaa->device;
711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
714 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev),
717 iface_index = RT2860_IFACE_INDEX;
719 error = usbd_transfer_setup(uaa->device, &iface_index,
720 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock);
722 device_printf(self, "could not allocate USB transfers, "
723 "err=%s\n", usbd_errstr(error));
729 /* wait for the chip to settle */
730 for (ntries = 0; ntries < 100; ntries++) {
731 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
735 if (ver != 0 && ver != 0xffffffff)
740 device_printf(sc->sc_dev,
741 "timeout waiting for NIC to initialize\n");
745 sc->mac_ver = ver >> 16;
746 sc->mac_rev = ver & 0xffff;
748 /* retrieve RF rev. no and various other things from EEPROM */
751 device_printf(sc->sc_dev,
752 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
753 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
754 sc->ntxchains, sc->nrxchains, kether_ntoa(sc->sc_bssid, ethstr));
758 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
760 device_printf(sc->sc_dev, "can not if_alloc()\n");
766 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
767 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
768 ifp->if_init = run_init;
769 ifp->if_ioctl = run_ioctl;
770 ifp->if_start = run_start;
771 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen);
772 #if 0 /* XXX swildner: see c3d4131842e47b168d93a0650d58d425ebeef789 */
773 ifq_set_ready(&ifp->if_snd);
777 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
778 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
780 /* set device capabilities */
782 IEEE80211_C_STA | /* station mode supported */
783 IEEE80211_C_MONITOR | /* monitor mode supported */
786 IEEE80211_C_WDS | /* 4-address traffic works */
788 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
789 IEEE80211_C_SHSLOT | /* short slot time supported */
790 IEEE80211_C_WME | /* WME */
791 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
794 IEEE80211_CRYPTO_WEP |
795 IEEE80211_CRYPTO_AES_CCM |
796 IEEE80211_CRYPTO_TKIPMIC |
797 IEEE80211_CRYPTO_TKIP;
799 ic->ic_flags |= IEEE80211_F_DATAPAD;
800 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
803 setbit(&bands, IEEE80211_MODE_11B);
804 setbit(&bands, IEEE80211_MODE_11G);
805 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
806 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
807 sc->rf_rev == RT5592_RF_5592)
808 setbit(&bands, IEEE80211_MODE_11A);
809 ieee80211_init_channels(ic, NULL, &bands);
811 ieee80211_ifattach(ic, sc->sc_bssid);
813 ic->ic_scan_start = run_scan_start;
814 ic->ic_scan_end = run_scan_end;
815 ic->ic_set_channel = run_set_channel;
816 ic->ic_node_alloc = run_node_alloc;
817 ic->ic_newassoc = run_newassoc;
818 ic->ic_updateslot = run_updateslot;
819 ic->ic_update_mcast = run_update_mcast;
820 ic->ic_wme.wme_update = run_wme_update;
821 ic->ic_raw_xmit = run_raw_xmit;
822 ic->ic_update_promisc = run_update_promisc;
824 ic->ic_vap_create = run_vap_create;
825 ic->ic_vap_delete = run_vap_delete;
827 ieee80211_radiotap_attach(ic,
828 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
829 RUN_TX_RADIOTAP_PRESENT,
830 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
831 RUN_RX_RADIOTAP_PRESENT);
833 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
834 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
835 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 1);
838 ieee80211_announce(ic);
840 wlan_serialize_exit();
844 wlan_serialize_exit();
850 run_detach(device_t self)
852 struct run_softc *sc = device_get_softc(self);
853 struct ifnet *ifp = sc->sc_ifp;
854 struct ieee80211com *ic;
857 wlan_serialize_enter();
860 /* stop all USB transfers */
861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
865 sc->ratectl_run = RUN_RATECTL_OFF;
866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
868 /* free TX list, if any */
869 for (i = 0; i != RUN_EP_QUEUES; i++)
870 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
876 usb_callout_drain(&sc->ratectl_ch);
877 ieee80211_draintask(ic, &sc->cmdq_task);
878 ieee80211_draintask(ic, &sc->ratectl_task);
879 ieee80211_ifdetach(ic);
883 lockuninit(&sc->sc_lock);
885 wlan_serialize_exit();
889 static struct ieee80211vap *
890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
891 enum ieee80211_opmode opmode, int flags,
892 const uint8_t bssid[IEEE80211_ADDR_LEN],
893 const uint8_t mac[IEEE80211_ADDR_LEN])
895 struct ifnet *ifp = ic->ic_ifp;
896 struct run_softc *sc = ifp->if_softc;
898 struct ieee80211vap *vap;
901 if (sc->rvp_cnt >= RUN_VAP_MAX) {
902 if_printf(ifp, "number of VAPs maxed out\n");
907 case IEEE80211_M_STA:
908 /* enable s/w bmiss handling for sta mode */
909 flags |= IEEE80211_CLONE_NOBEACONS;
911 case IEEE80211_M_IBSS:
912 case IEEE80211_M_MONITOR:
913 case IEEE80211_M_HOSTAP:
914 case IEEE80211_M_MBSS:
915 /* other than WDS vaps, only one at a time */
916 if (!TAILQ_EMPTY(&ic->ic_vaps))
919 case IEEE80211_M_WDS:
920 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
921 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
923 /* WDS vap's always share the local mac address. */
924 flags &= ~IEEE80211_CLONE_BSSID;
928 if_printf(ifp, "wds only supported in ap mode\n");
933 if_printf(ifp, "unknown opmode %d\n", opmode);
937 rvp = (struct run_vap *) kmalloc(sizeof(struct run_vap),
938 M_80211_VAP, M_INTWAIT | M_ZERO);
941 if (ieee80211_vap_setup(ic, vap, name, unit,
942 opmode, flags, bssid, mac) != 0) {
944 kfree(rvp, M_80211_VAP);
948 vap->iv_key_update_begin = run_key_update_begin;
949 vap->iv_key_update_end = run_key_update_end;
950 vap->iv_update_beacon = run_update_beacon;
951 vap->iv_max_aid = RT2870_WCID_MAX;
953 * To delete the right key from h/w, we need wcid.
954 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
955 * and matching wcid will be written into there. So, cast
956 * some spells to remove 'const' from ieee80211_key{}
958 vap->iv_key_delete = (void *)run_key_delete;
959 vap->iv_key_set = (void *)run_key_set;
961 /* override state transition machine */
962 rvp->newstate = vap->iv_newstate;
963 vap->iv_newstate = run_newstate;
965 ieee80211_ratectl_init(vap);
966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
971 /* make sure id is always unique */
972 for (i = 0; i < RUN_VAP_MAX; i++) {
973 if((sc->rvp_bmap & 1 << i) == 0){
974 sc->rvp_bmap |= 1 << i;
979 if (sc->rvp_cnt++ == 0)
980 ic->ic_opmode = opmode;
982 if (opmode == IEEE80211_M_HOSTAP)
983 sc->cmdq_run = RUN_CMDQ_GO;
985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
992 run_vap_delete(struct ieee80211vap *vap)
994 struct run_vap *rvp = RUN_VAP(vap);
996 struct ieee80211com *ic;
997 struct run_softc *sc;
1010 m_freem(rvp->beacon_mbuf);
1011 rvp->beacon_mbuf = NULL;
1013 rvp_id = rvp->rvp_id;
1014 sc->ratectl_run &= ~(1 << rvp_id);
1015 sc->rvp_bmap &= ~(1 << rvp_id);
1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1025 ieee80211_ratectl_deinit(vap);
1026 ieee80211_vap_detach(vap);
1027 kfree(rvp, M_80211_VAP);
1031 * There are numbers of functions need to be called in context thread.
1032 * Rather than creating taskqueue event for each of those functions,
1033 * here is all-for-one taskqueue callback function. This function
1034 * gurantees deferred functions are executed in the same order they
1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1039 run_cmdq_cb(void *arg, int pending)
1041 struct run_softc *sc = arg;
1044 /* call cmdq[].func locked */
1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1047 i = sc->cmdq_exec, pending--) {
1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1049 if (sc->cmdq_run == RUN_CMDQ_GO) {
1051 * If arg0 is NULL, callback func needs more
1052 * than one arg. So, pass ptr to cmdq struct.
1054 if (sc->cmdq[i].arg0)
1055 sc->cmdq[i].func(sc->cmdq[i].arg0);
1057 sc->cmdq[i].func(&sc->cmdq[i]);
1059 sc->cmdq[i].arg0 = NULL;
1060 sc->cmdq[i].func = NULL;
1062 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1068 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1070 struct run_tx_data *data;
1072 memset(pq, 0, sizeof(*pq));
1074 STAILQ_INIT(&pq->tx_qh);
1075 STAILQ_INIT(&pq->tx_fh);
1077 for (data = &pq->tx_data[0];
1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1082 pq->tx_nfree = RUN_TX_RING_COUNT;
1086 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1088 struct run_tx_data *data;
1090 /* make sure any subsequent use of the queues will fail */
1092 STAILQ_INIT(&pq->tx_fh);
1093 STAILQ_INIT(&pq->tx_qh);
1095 /* free up all node references and mbufs */
1096 for (data = &pq->tx_data[0];
1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1098 if (data->m != NULL) {
1102 if (data->ni != NULL) {
1103 ieee80211_free_node(data->ni);
1110 run_load_microcode(struct run_softc *sc)
1112 usb_device_request_t req;
1113 const struct firmware *fw;
1117 const uint64_t *temp;
1120 wlan_assert_serialized();
1122 wlan_serialize_exit();
1123 fw = firmware_get("runfw");
1124 wlan_serialize_enter();
1126 device_printf(sc->sc_dev,
1127 "failed loadfirmware of file %s\n", "runfw");
1131 if (fw->datasize != 8192) {
1132 device_printf(sc->sc_dev,
1133 "invalid firmware size (should be 8KB)\n");
1139 * RT3071/RT3072 use a different firmware
1140 * run-rt2870 (8KB) contains both,
1141 * first half (4KB) is for rt2870,
1142 * last half is for rt3071.
1145 if ((sc->mac_ver) != 0x2860 &&
1146 (sc->mac_ver) != 0x2872 &&
1147 (sc->mac_ver) != 0x3070) {
1151 /* cheap sanity check */
1154 if (bytes != be64toh(0xffffff0210280210ULL)) {
1155 device_printf(sc->sc_dev, "firmware checksum failed\n");
1160 /* write microcode image */
1161 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1162 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1163 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1164 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1167 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1168 req.bRequest = RT2870_RESET;
1169 USETW(req.wValue, 8);
1170 USETW(req.wIndex, 0);
1171 USETW(req.wLength, 0);
1172 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL))
1174 device_printf(sc->sc_dev, "firmware reset failed\n");
1180 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1181 run_write(sc, RT2860_H2M_MAILBOX, 0);
1182 run_write(sc, RT2860_H2M_INTSRC, 0);
1183 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1186 /* wait until microcontroller is ready */
1187 for (ntries = 0; ntries < 1000; ntries++) {
1188 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1190 if (tmp & RT2860_MCU_READY)
1194 if (ntries == 1000) {
1195 device_printf(sc->sc_dev,
1196 "timeout waiting for MCU to initialize\n");
1200 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1201 (base == fw->data) ? "RT2870" : "RT3071",
1202 *(base + 4092), *(base + 4093));
1205 firmware_put(fw, FIRMWARE_UNLOAD);
1210 run_reset(struct run_softc *sc)
1212 usb_device_request_t req;
1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1216 req.bRequest = RT2870_RESET;
1217 USETW(req.wValue, 1);
1218 USETW(req.wIndex, 0);
1219 USETW(req.wLength, 0);
1220 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL);
1225 run_do_request(struct run_softc *sc,
1226 struct usb_device_request *req, void *data)
1231 RUN_LOCK_ASSERT(sc, MA_OWNED);
1234 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock,
1235 req, data, 0, NULL, 250 /* ms */);
1238 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1246 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1251 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1253 *val = le32toh(tmp);
1260 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1262 usb_device_request_t req;
1264 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1265 req.bRequest = RT2870_READ_REGION_1;
1266 USETW(req.wValue, 0);
1267 USETW(req.wIndex, reg);
1268 USETW(req.wLength, len);
1270 return (run_do_request(sc, &req, buf));
1274 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1276 usb_device_request_t req;
1278 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1279 req.bRequest = RT2870_WRITE_2;
1280 USETW(req.wValue, val);
1281 USETW(req.wIndex, reg);
1282 USETW(req.wLength, 0);
1284 return (run_do_request(sc, &req, NULL));
1288 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1292 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1293 error = run_write_2(sc, reg + 2, val >> 16);
1298 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1304 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1305 * We thus issue multiple WRITE_2 commands instead.
1307 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1308 for (i = 0; i < len && error == 0; i += 2)
1309 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1312 usb_device_request_t req;
1316 * NOTE: It appears the WRITE_REGION_1 command cannot be
1317 * passed a huge amount of data, which will crash the
1318 * firmware. Limit amount of data passed to 64-bytes at a
1326 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1327 req.bRequest = RT2870_WRITE_REGION_1;
1328 USETW(req.wValue, 0);
1329 USETW(req.wIndex, reg);
1330 USETW(req.wLength, delta);
1331 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1343 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1347 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1348 for (i = 0; i < len && error == 0; i += 4)
1349 error = run_write(sc, reg + i, val);
1354 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1360 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1366 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1372 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1373 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1374 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1375 for (ntries = 0; ntries < 100; ntries++) {
1376 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1378 if (!(tmp & RT3070_EFSROM_KICK))
1385 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1386 *val = 0xffff; /* address not found */
1389 /* determine to which 32-bit register our 16-bit word belongs */
1390 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1391 if ((error = run_read(sc, reg, &tmp)) != 0)
1394 tmp >>= (8 * (addr & 0x3));
1395 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1400 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1402 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1404 return (run_efuse_read(sc, addr, val, 2));
1408 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1410 usb_device_request_t req;
1415 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1416 req.bRequest = RT2870_EEPROM_READ;
1417 USETW(req.wValue, 0);
1418 USETW(req.wIndex, addr);
1419 USETW(req.wLength, sizeof(tmp));
1421 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp);
1423 *val = le16toh(tmp);
1430 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1432 /* either eFUSE ROM or EEPROM */
1433 return sc->sc_srom_read(sc, addr, val);
1437 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1442 for (ntries = 0; ntries < 10; ntries++) {
1443 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1445 if (!(tmp & RT2860_RF_REG_CTRL))
1451 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1455 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1460 for (ntries = 0; ntries < 100; ntries++) {
1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1463 if (!(tmp & RT3070_RF_KICK))
1469 tmp = RT3070_RF_KICK | reg << 8;
1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1473 for (ntries = 0; ntries < 100; ntries++) {
1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1476 if (!(tmp & RT3070_RF_KICK))
1487 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1492 for (ntries = 0; ntries < 10; ntries++) {
1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1495 if (!(tmp & RT3070_RF_KICK))
1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1506 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1511 for (ntries = 0; ntries < 10; ntries++) {
1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1514 if (!(tmp & RT2860_BBP_CSR_KICK))
1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1524 for (ntries = 0; ntries < 10; ntries++) {
1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1527 if (!(tmp & RT2860_BBP_CSR_KICK))
1538 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1543 for (ntries = 0; ntries < 10; ntries++) {
1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1546 if (!(tmp & RT2860_BBP_CSR_KICK))
1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1557 * Send a command to the 8051 microcontroller unit.
1560 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1565 for (ntries = 0; ntries < 100; ntries++) {
1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1568 if (!(tmp & RT2860_H2M_BUSY))
1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1576 error = run_write(sc, RT2860_HOST_CMD, cmd);
1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1582 * Used to adjust per-rate Tx power registers.
1584 static __inline uint32_t
1585 b4inc(uint32_t b32, int8_t delta)
1589 for (i = 0; i < 8; i++) {
1596 b32 = b32 >> 4 | b4 << 28;
1602 run_get_rf(uint16_t rev)
1605 case RT2860_RF_2820: return "RT2820";
1606 case RT2860_RF_2850: return "RT2850";
1607 case RT2860_RF_2720: return "RT2720";
1608 case RT2860_RF_2750: return "RT2750";
1609 case RT3070_RF_3020: return "RT3020";
1610 case RT3070_RF_2020: return "RT2020";
1611 case RT3070_RF_3021: return "RT3021";
1612 case RT3070_RF_3022: return "RT3022";
1613 case RT3070_RF_3052: return "RT3052";
1614 case RT3593_RF_3053: return "RT3053";
1615 case RT5592_RF_5592: return "RT5592";
1616 case RT5390_RF_5370: return "RT5370";
1617 case RT5390_RF_5372: return "RT5372";
1623 run_rt3593_get_txpower(struct run_softc *sc)
1628 /* Read power settings for 2GHz channels. */
1629 for (i = 0; i < 14; i += 2) {
1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1631 RT2860_EEPROM_PWR2GHZ_BASE1;
1632 run_srom_read(sc, addr + i / 2, &val);
1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1634 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1637 RT2860_EEPROM_PWR2GHZ_BASE2;
1638 run_srom_read(sc, addr + i / 2, &val);
1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1640 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1642 if (sc->ntxchains == 3) {
1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1646 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1649 /* Fix broken Tx power entries. */
1650 for (i = 0; i < 14; i++) {
1651 if (sc->txpow1[i] > 31)
1653 if (sc->txpow2[i] > 31)
1655 if (sc->ntxchains == 3) {
1656 if (sc->txpow3[i] > 31)
1660 /* Read power settings for 5GHz channels. */
1661 for (i = 0; i < 40; i += 2) {
1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1664 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1668 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1670 if (sc->ntxchains == 3) {
1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1674 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1680 run_get_txpower(struct run_softc *sc)
1685 /* Read power settings for 2GHz channels. */
1686 for (i = 0; i < 14; i += 2) {
1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1689 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1691 if (sc->mac_ver != 0x5390) {
1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1695 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1698 /* Fix broken Tx power entries. */
1699 for (i = 0; i < 14; i++) {
1700 if (sc->mac_ver >= 0x5390) {
1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1707 if (sc->mac_ver > 0x5390) {
1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1710 } else if (sc->mac_ver < 0x5390) {
1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1714 DPRINTF("chan %d: power1=%d, power2=%d\n",
1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1717 /* Read power settings for 5GHz channels. */
1718 for (i = 0; i < 40; i += 2) {
1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1721 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1725 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1727 /* Fix broken Tx power entries. */
1728 for (i = 0; i < 40; i++ ) {
1729 if (sc->mac_ver != 0x5592) {
1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1731 sc->txpow1[14 + i] = 5;
1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1733 sc->txpow2[14 + i] = 5;
1735 DPRINTF("chan %d: power1=%d, power2=%d\n",
1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1737 sc->txpow2[14 + i]);
1742 run_read_eeprom(struct run_softc *sc)
1744 int8_t delta_2ghz, delta_5ghz;
1749 /* check whether the ROM is eFUSE ROM or EEPROM */
1750 sc->sc_srom_read = run_eeprom_read_2;
1751 if (sc->mac_ver >= 0x3070) {
1752 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1753 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1754 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1755 sc->sc_srom_read = run_efuse_read_2;
1758 /* read ROM version */
1759 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1760 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1762 /* read MAC address */
1763 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1764 sc->sc_bssid[0] = val & 0xff;
1765 sc->sc_bssid[1] = val >> 8;
1766 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1767 sc->sc_bssid[2] = val & 0xff;
1768 sc->sc_bssid[3] = val >> 8;
1769 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1770 sc->sc_bssid[4] = val & 0xff;
1771 sc->sc_bssid[5] = val >> 8;
1773 if (sc->mac_ver < 0x3593) {
1774 /* read vender BBP settings */
1775 for (i = 0; i < 10; i++) {
1776 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1777 sc->bbp[i].val = val & 0xff;
1778 sc->bbp[i].reg = val >> 8;
1779 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1782 if (sc->mac_ver >= 0x3071) {
1783 /* read vendor RF settings */
1784 for (i = 0; i < 10; i++) {
1785 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1787 sc->rf[i].val = val & 0xff;
1788 sc->rf[i].reg = val >> 8;
1789 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1795 /* read RF frequency offset from EEPROM */
1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1797 RT3593_EEPROM_FREQ, &val);
1798 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1799 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1802 RT3593_EEPROM_FREQ_LEDS, &val);
1803 if (val >> 8 != 0xff) {
1804 /* read LEDs operating mode */
1805 sc->leds = val >> 8;
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1807 RT3593_EEPROM_LED1, &sc->led[0]);
1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1809 RT3593_EEPROM_LED2, &sc->led[1]);
1810 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1811 RT3593_EEPROM_LED3, &sc->led[2]);
1813 /* broken EEPROM, use default settings */
1815 sc->led[0] = 0x5555;
1816 sc->led[1] = 0x2221;
1817 sc->led[2] = 0x5627; /* differs from RT2860 */
1819 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1820 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1822 /* read RF information */
1823 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1824 run_srom_read(sc, 0x00, &val);
1826 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1828 if (val == 0xffff) {
1829 device_printf(sc->sc_dev,
1830 "invalid EEPROM antenna info, using default\n");
1831 DPRINTF("invalid EEPROM antenna info, using default\n");
1832 if (sc->mac_ver == 0x3572) {
1833 /* default to RF3052 2T2R */
1834 sc->rf_rev = RT3070_RF_3052;
1837 } else if (sc->mac_ver >= 0x3070) {
1838 /* default to RF3020 1T1R */
1839 sc->rf_rev = RT3070_RF_3020;
1843 /* default to RF2820 1T2R */
1844 sc->rf_rev = RT2860_RF_2820;
1849 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1851 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1853 sc->rf_rev = (val >> 8) & 0xf;
1854 sc->ntxchains = (val >> 4) & 0xf;
1855 sc->nrxchains = val & 0xf;
1857 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1858 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1860 /* check if RF supports automatic Tx access gain control */
1861 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1862 DPRINTF("EEPROM CFG 0x%04x\n", val);
1863 /* check if driver should patch the DAC issue */
1864 if ((val >> 8) != 0xff)
1865 sc->patch_dac = (val >> 15) & 1;
1866 if ((val & 0xff) != 0xff) {
1867 sc->ext_5ghz_lna = (val >> 3) & 1;
1868 sc->ext_2ghz_lna = (val >> 2) & 1;
1869 /* check if RF supports automatic Tx access gain control */
1870 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1871 /* check if we have a hardware radio switch */
1872 sc->rfswitch = val & 1;
1875 /* Read Tx power settings. */
1876 if (sc->mac_ver == 0x3593)
1877 run_rt3593_get_txpower(sc);
1879 run_get_txpower(sc);
1881 /* read Tx power compensation for each Tx rate */
1882 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1883 delta_2ghz = delta_5ghz = 0;
1884 if ((val & 0xff) != 0xff && (val & 0x80)) {
1885 delta_2ghz = val & 0xf;
1886 if (!(val & 0x40)) /* negative number */
1887 delta_2ghz = -delta_2ghz;
1890 if ((val & 0xff) != 0xff && (val & 0x80)) {
1891 delta_5ghz = val & 0xf;
1892 if (!(val & 0x40)) /* negative number */
1893 delta_5ghz = -delta_5ghz;
1895 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1896 delta_2ghz, delta_5ghz);
1898 for (ridx = 0; ridx < 5; ridx++) {
1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1903 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1904 reg |= (uint32_t)val << 16;
1906 sc->txpow20mhz[ridx] = reg;
1907 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1908 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1910 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1911 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1912 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1915 /* Read RSSI offsets and LNA gains from EEPROM. */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1917 RT3593_EEPROM_RSSI1_2GHZ, &val);
1918 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1919 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1921 RT3593_EEPROM_RSSI2_2GHZ, &val);
1922 if (sc->mac_ver >= 0x3070) {
1923 if (sc->mac_ver == 0x3593) {
1924 sc->txmixgain_2ghz = 0;
1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1928 * On RT3070 chips (limited to 2 Rx chains), this ROM
1929 * field contains the Tx mixer gain for the 2GHz band.
1931 if ((val & 0xff) != 0xff)
1932 sc->txmixgain_2ghz = val & 0x7;
1934 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1936 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1937 if (sc->mac_ver == 0x3593)
1938 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1939 sc->lna[2] = val >> 8; /* channel group 2 */
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1942 RT3593_EEPROM_RSSI1_5GHZ, &val);
1943 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1944 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1946 RT3593_EEPROM_RSSI2_5GHZ, &val);
1947 if (sc->mac_ver == 0x3572) {
1949 * On RT3572 chips (limited to 2 Rx chains), this ROM
1950 * field contains the Tx mixer gain for the 5GHz band.
1952 if ((val & 0xff) != 0xff)
1953 sc->txmixgain_5ghz = val & 0x7;
1954 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1956 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1957 if (sc->mac_ver == 0x3593) {
1958 sc->txmixgain_5ghz = 0;
1959 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1961 sc->lna[3] = val >> 8; /* channel group 3 */
1963 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1964 RT3593_EEPROM_LNA, &val);
1965 sc->lna[0] = val & 0xff; /* channel group 0 */
1966 sc->lna[1] = val >> 8; /* channel group 1 */
1968 /* fix broken 5GHz LNA entries */
1969 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 2);
1971 sc->lna[2] = sc->lna[1];
1973 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1974 DPRINTF("invalid LNA for channel group %d\n", 3);
1975 sc->lna[3] = sc->lna[1];
1978 /* fix broken RSSI offset entries */
1979 for (ant = 0; ant < 3; ant++) {
1980 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1981 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1982 ant + 1, sc->rssi_2ghz[ant]);
1983 sc->rssi_2ghz[ant] = 0;
1985 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1986 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1987 ant + 1, sc->rssi_5ghz[ant]);
1988 sc->rssi_5ghz[ant] = 0;
1994 static struct ieee80211_node *
1995 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1997 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO);
2001 run_media_change(struct ifnet *ifp)
2003 struct ieee80211vap *vap = ifp->if_softc;
2004 struct ieee80211com *ic = vap->iv_ic;
2005 const struct ieee80211_txparam *tp;
2006 struct run_softc *sc = ic->ic_ifp->if_softc;
2012 error = ieee80211_media_change(ifp);
2013 if (error != ENETRESET) {
2018 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2019 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2020 struct ieee80211_node *ni;
2021 struct run_node *rn;
2023 rate = ic->ic_sup_rates[ic->ic_curmode].
2024 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2025 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2026 if (rt2860_rates[ridx].rate == rate)
2028 ni = ieee80211_ref_node(vap->iv_bss);
2029 rn = (struct run_node *)ni;
2030 rn->fix_ridx = ridx;
2031 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2032 ieee80211_free_node(ni);
2036 if ((ifp->if_flags & IFF_UP) &&
2037 (ifp->if_flags & IFF_RUNNING)){
2038 run_init_locked(sc);
2048 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2050 const struct ieee80211_txparam *tp;
2051 struct ieee80211com *ic = vap->iv_ic;
2052 struct run_softc *sc = ic->ic_ifp->if_softc;
2053 struct run_vap *rvp = RUN_VAP(vap);
2054 enum ieee80211_state ostate;
2058 uint8_t restart_ratectl = 0;
2059 uint8_t bid = 1 << rvp->rvp_id;
2061 ostate = vap->iv_state;
2062 DPRINTF("%s -> %s\n",
2063 ieee80211_state_name[ostate],
2064 ieee80211_state_name[nstate]);
2068 ratectl = sc->ratectl_run; /* remember current state */
2069 sc->ratectl_run = RUN_RATECTL_OFF;
2070 usb_callout_stop(&sc->ratectl_ch);
2072 if (ostate == IEEE80211_S_RUN) {
2073 /* turn link LED off */
2074 run_set_leds(sc, RT2860_LED_RADIO);
2078 case IEEE80211_S_INIT:
2079 restart_ratectl = 1;
2081 if (ostate != IEEE80211_S_RUN)
2085 sc->runbmap &= ~bid;
2087 /* abort TSF synchronization if there is no vap running */
2088 if (--sc->running == 0) {
2089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2090 run_write(sc, RT2860_BCN_TIME_CFG,
2091 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2092 RT2860_TBTT_TIMER_EN));
2096 case IEEE80211_S_RUN:
2097 if (!(sc->runbmap & bid)) {
2099 restart_ratectl = 1;
2103 m_freem(rvp->beacon_mbuf);
2104 rvp->beacon_mbuf = NULL;
2106 switch (vap->iv_opmode) {
2107 case IEEE80211_M_HOSTAP:
2108 case IEEE80211_M_MBSS:
2109 sc->ap_running |= bid;
2110 ic->ic_opmode = vap->iv_opmode;
2111 run_update_beacon_cb(vap);
2113 case IEEE80211_M_IBSS:
2114 sc->adhoc_running |= bid;
2115 if (!sc->ap_running)
2116 ic->ic_opmode = vap->iv_opmode;
2117 run_update_beacon_cb(vap);
2119 case IEEE80211_M_STA:
2120 sc->sta_running |= bid;
2121 if (!sc->ap_running && !sc->adhoc_running)
2122 ic->ic_opmode = vap->iv_opmode;
2124 /* read statistic counters (clear on read) */
2125 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2126 (uint8_t *)sta, sizeof sta);
2130 ic->ic_opmode = vap->iv_opmode;
2134 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2135 struct ieee80211_node *ni;
2137 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
2139 run_updateslot(ic->ic_ifp);
2141 run_set_txpreamble(sc);
2142 run_set_basicrates(sc);
2143 ni = ieee80211_ref_node(vap->iv_bss);
2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2145 run_set_bssid(sc, ni->ni_bssid);
2146 ieee80211_free_node(ni);
2147 run_enable_tsf_sync(sc);
2149 /* enable automatic rate adaptation */
2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2155 /* turn link LED on */
2156 run_set_leds(sc, RT2860_LED_RADIO |
2157 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2158 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2162 DPRINTFN(6, "undefined case\n");
2166 /* restart amrr for running VAPs */
2167 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2168 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2172 return(rvp->newstate(vap, nstate, arg));
2177 run_wme_update_cb(void *arg)
2179 struct ieee80211com *ic = arg;
2180 struct run_softc *sc = ic->ic_ifp->if_softc;
2181 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2184 RUN_LOCK_ASSERT(sc, MA_OWNED);
2186 /* update MAC TX configuration registers */
2187 for (aci = 0; aci < WME_NUM_AC; aci++) {
2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2189 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2190 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2191 wmesp->wme_params[aci].wmep_aifsn << 8 |
2192 wmesp->wme_params[aci].wmep_txopLimit);
2193 if (error) goto err;
2196 /* update SCH/DMA registers too */
2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2198 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2199 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2200 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2201 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2202 if (error) goto err;
2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2204 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2205 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2206 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2207 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2208 if (error) goto err;
2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2210 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2211 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2212 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2213 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2214 if (error) goto err;
2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2216 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2217 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2218 if (error) goto err;
2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2220 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2221 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2225 DPRINTF("WME update failed\n");
2231 run_wme_update(struct ieee80211com *ic)
2233 struct run_softc *sc = ic->ic_ifp->if_softc;
2235 #if 0 /* XXX swildner */
2236 /* sometime called without lock */
2237 if (mtx_owned(&ic->ic_comlock.mtx)) {
2238 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2239 DPRINTF("cmdq_store=%d\n", i);
2240 sc->cmdq[i].func = run_wme_update_cb;
2241 sc->cmdq[i].arg0 = ic;
2242 ieee80211_runtask(ic, &sc->cmdq_task);
2248 run_wme_update_cb(ic);
2251 /* return whatever, upper layer desn't care anyway */
2256 run_key_update_begin(struct ieee80211vap *vap)
2259 * To avoid out-of-order events, both run_key_set() and
2260 * _delete() are deferred and handled by run_cmdq_cb().
2261 * So, there is nothing we need to do here.
2266 run_key_update_end(struct ieee80211vap *vap)
2272 run_key_set_cb(void *arg)
2274 struct run_cmdq *cmdq = arg;
2275 struct ieee80211vap *vap = cmdq->arg1;
2276 struct ieee80211_key *k = cmdq->k;
2277 struct ieee80211com *ic = vap->iv_ic;
2278 struct run_softc *sc = ic->ic_ifp->if_softc;
2279 struct ieee80211_node *ni;
2281 uint16_t base, associd;
2282 uint8_t mode, wcid, iv[8];
2284 RUN_LOCK_ASSERT(sc, MA_OWNED);
2286 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2287 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2290 associd = (ni != NULL) ? ni->ni_associd : 0;
2292 /* map net80211 cipher to RT2860 security mode */
2293 switch (k->wk_cipher->ic_cipher) {
2294 case IEEE80211_CIPHER_WEP:
2295 if(k->wk_keylen < 8)
2296 mode = RT2860_MODE_WEP40;
2298 mode = RT2860_MODE_WEP104;
2300 case IEEE80211_CIPHER_TKIP:
2301 mode = RT2860_MODE_TKIP;
2303 case IEEE80211_CIPHER_AES_CCM:
2304 mode = RT2860_MODE_AES_CCMP;
2307 DPRINTF("undefined case\n");
2311 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2312 associd, k->wk_keyix, mode,
2313 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2314 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2315 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2317 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2318 wcid = 0; /* NB: update WCID0 for group keys */
2319 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2321 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2322 1 : RUN_AID2WCID(associd);
2323 base = RT2860_PKEY(wcid);
2326 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2327 if(run_write_region_1(sc, base, k->wk_key, 16))
2329 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2331 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2334 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2335 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2339 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2340 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2341 /* set initial packet number in IV+EIV */
2342 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2343 memset(iv, 0, sizeof iv);
2344 iv[3] = vap->iv_def_txkey << 6;
2346 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2347 iv[0] = k->wk_keytsc >> 8;
2348 iv[1] = (iv[0] | 0x20) & 0x7f;
2349 iv[2] = k->wk_keytsc;
2351 iv[0] = k->wk_keytsc;
2352 iv[1] = k->wk_keytsc >> 8;
2355 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2356 iv[4] = k->wk_keytsc >> 16;
2357 iv[5] = k->wk_keytsc >> 24;
2358 iv[6] = k->wk_keytsc >> 32;
2359 iv[7] = k->wk_keytsc >> 40;
2361 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2365 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2366 /* install group key */
2367 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2369 attr &= ~(0xf << (k->wk_keyix * 4));
2370 attr |= mode << (k->wk_keyix * 4);
2371 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2374 /* install pairwise key */
2375 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2377 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2378 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2382 /* TODO create a pass-thru key entry? */
2384 /* need wcid to delete the right key later */
2389 * Don't have to be deferred, but in order to keep order of
2390 * execution, i.e. with run_key_delete(), defer this and let
2391 * run_cmdq_cb() maintain the order.
2396 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2397 const uint8_t mac[IEEE80211_ADDR_LEN])
2399 struct ieee80211com *ic = vap->iv_ic;
2400 struct run_softc *sc = ic->ic_ifp->if_softc;
2403 i = RUN_CMDQ_GET(&sc->cmdq_store);
2404 DPRINTF("cmdq_store=%d\n", i);
2405 sc->cmdq[i].func = run_key_set_cb;
2406 sc->cmdq[i].arg0 = NULL;
2407 sc->cmdq[i].arg1 = vap;
2409 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2410 ieee80211_runtask(ic, &sc->cmdq_task);
2413 * To make sure key will be set when hostapd
2414 * calls iv_key_set() before if_init().
2416 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2418 sc->cmdq_key_set = RUN_CMDQ_GO;
2426 * If wlan is destroyed without being brought down i.e. without
2427 * wlan down or wpa_cli terminate, this function is called after
2428 * vap is gone. Don't refer it.
2431 run_key_delete_cb(void *arg)
2433 struct run_cmdq *cmdq = arg;
2434 struct run_softc *sc = cmdq->arg1;
2435 struct ieee80211_key *k = &cmdq->key;
2439 RUN_LOCK_ASSERT(sc, MA_OWNED);
2441 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2442 /* remove group key */
2443 DPRINTF("removing group key\n");
2444 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2445 attr &= ~(0xf << (k->wk_keyix * 4));
2446 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2448 /* remove pairwise key */
2449 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2450 /* matching wcid was written to wk_pad in run_key_set() */
2452 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2454 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2455 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2465 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2467 struct ieee80211com *ic = vap->iv_ic;
2468 struct run_softc *sc = ic->ic_ifp->if_softc;
2469 struct ieee80211_key *k0;
2473 * When called back, key might be gone. So, make a copy
2474 * of some values need to delete keys before deferring.
2475 * But, because of LOR with node lock, cannot use lock here.
2476 * So, use atomic instead.
2478 i = RUN_CMDQ_GET(&sc->cmdq_store);
2479 DPRINTF("cmdq_store=%d\n", i);
2480 sc->cmdq[i].func = run_key_delete_cb;
2481 sc->cmdq[i].arg0 = NULL;
2482 sc->cmdq[i].arg1 = sc;
2483 k0 = &sc->cmdq[i].key;
2484 k0->wk_flags = k->wk_flags;
2485 k0->wk_keyix = k->wk_keyix;
2486 /* matching wcid was written to wk_pad in run_key_set() */
2487 k0->wk_pad = k->wk_pad;
2488 ieee80211_runtask(ic, &sc->cmdq_task);
2489 return (1); /* return fake success */
2494 run_ratectl_to(void *arg)
2496 struct run_softc *sc = arg;
2498 /* do it in a process context, so it can go sleep */
2499 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2500 /* next timeout will be rescheduled in the callback task */
2505 run_ratectl_cb(void *arg, int pending)
2507 struct run_softc *sc = arg;
2508 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2509 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2514 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2516 * run_reset_livelock() doesn't do anything with AMRR,
2517 * but Ralink wants us to call it every 1 sec. So, we
2518 * piggyback here rather than creating another callout.
2519 * Livelock may occur only in HOSTAP or IBSS mode
2520 * (when h/w is sending beacons).
2523 run_reset_livelock(sc);
2524 /* just in case, there are some stats to drain */
2529 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2532 if(sc->ratectl_run != RUN_RATECTL_OFF)
2533 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2538 run_drain_fifo(void *arg)
2540 struct run_softc *sc = arg;
2541 struct ifnet *ifp = sc->sc_ifp;
2543 uint16_t (*wstat)[3];
2544 uint8_t wcid, mcs, pid;
2547 RUN_LOCK_ASSERT(sc, MA_OWNED);
2550 /* drain Tx status FIFO (maxsize = 16) */
2551 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2552 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2553 if (!(stat & RT2860_TXQ_VLD))
2556 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2558 /* if no ACK was requested, no feedback is available */
2559 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2564 * Even though each stat is Tx-complete-status like format,
2565 * the device can poll stats. Because there is no guarantee
2566 * that the referring node is still around when read the stats.
2567 * So that, if we use ieee80211_ratectl_tx_update(), we will
2568 * have hard time not to refer already freed node.
2570 * To eliminate such page faults, we poll stats in softc.
2571 * Then, update the rates later with ieee80211_ratectl_tx_update().
2573 wstat = &(sc->wcid_stats[wcid]);
2574 (*wstat)[RUN_TXCNT]++;
2575 if (stat & RT2860_TXQ_OK)
2576 (*wstat)[RUN_SUCCESS]++;
2580 * Check if there were retries, ie if the Tx success rate is
2581 * different from the requested rate. Note that it works only
2582 * because we do not allow rate fallback from OFDM to CCK.
2584 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2585 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2586 if ((retry = pid -1 - mcs) > 0) {
2587 (*wstat)[RUN_TXCNT] += retry;
2588 (*wstat)[RUN_RETRY] += retry;
2591 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2597 run_iter_func(void *arg, struct ieee80211_node *ni)
2599 struct run_softc *sc = arg;
2600 struct ieee80211vap *vap = ni->ni_vap;
2601 struct ieee80211com *ic = ni->ni_ic;
2602 struct ifnet *ifp = ic->ic_ifp;
2603 struct run_node *rn = (void *)ni;
2604 union run_stats sta[2];
2605 uint16_t (*wstat)[3];
2606 int txcnt, success, retrycnt, error;
2610 /* Check for special case */
2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2615 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2616 vap->iv_opmode == IEEE80211_M_STA)) {
2617 /* read statistic counters (clear on read) and update AMRR state */
2618 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2623 /* count failed TX as errors */
2624 ifp->if_oerrors += le16toh(sta[0].error.fail);
2626 retrycnt = le16toh(sta[1].tx.retry);
2627 success = le16toh(sta[1].tx.success);
2628 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2630 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2631 retrycnt, success, le16toh(sta[0].error.fail));
2633 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2635 if (wstat == &(sc->wcid_stats[0]) ||
2636 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2639 txcnt = (*wstat)[RUN_TXCNT];
2640 success = (*wstat)[RUN_SUCCESS];
2641 retrycnt = (*wstat)[RUN_RETRY];
2642 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2643 retrycnt, txcnt, success);
2645 memset(wstat, 0, sizeof(*wstat));
2648 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2649 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2654 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2658 run_newassoc_cb(void *arg)
2660 struct run_cmdq *cmdq = arg;
2661 struct ieee80211_node *ni = cmdq->arg1;
2662 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2663 uint8_t wcid = cmdq->wcid;
2665 RUN_LOCK_ASSERT(sc, MA_OWNED);
2667 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2668 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2670 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2674 run_newassoc(struct ieee80211_node *ni, int isnew)
2676 struct run_node *rn = (void *)ni;
2677 struct ieee80211_rateset *rs = &ni->ni_rates;
2678 struct ieee80211vap *vap = ni->ni_vap;
2679 struct ieee80211com *ic = vap->iv_ic;
2680 struct run_softc *sc = ic->ic_ifp->if_softc;
2686 char ethstr[ETHER_ADDRSTRLEN + 1];
2689 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2690 1 : RUN_AID2WCID(ni->ni_associd);
2692 if (wcid > RT2870_WCID_MAX) {
2693 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2697 /* only interested in true associations */
2698 if (isnew && ni->ni_associd != 0) {
2701 * This function could is called though timeout function.
2704 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2705 DPRINTF("cmdq_store=%d\n", cnt);
2706 sc->cmdq[cnt].func = run_newassoc_cb;
2707 sc->cmdq[cnt].arg0 = NULL;
2708 sc->cmdq[cnt].arg1 = ni;
2709 sc->cmdq[cnt].wcid = wcid;
2710 ieee80211_runtask(ic, &sc->cmdq_task);
2713 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2714 isnew, ni->ni_associd, kether_ntoa(ni->ni_macaddr, ethstr));
2716 for (i = 0; i < rs->rs_nrates; i++) {
2717 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2718 /* convert 802.11 rate to hardware rate index */
2719 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2720 if (rt2860_rates[ridx].rate == rate)
2723 /* determine rate of control response frames */
2724 for (j = i; j >= 0; j--) {
2725 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2726 rt2860_rates[rn->ridx[i]].phy ==
2727 rt2860_rates[rn->ridx[j]].phy)
2731 rn->ctl_ridx[i] = rn->ridx[j];
2733 /* no basic rate found, use mandatory one */
2734 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2736 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2737 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2739 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2740 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2741 if (rt2860_rates[ridx].rate == rate)
2743 rn->mgt_ridx = ridx;
2744 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2747 if(sc->ratectl_run != RUN_RATECTL_OFF)
2748 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2753 * Return the Rx chain with the highest RSSI for a given frame.
2755 static __inline uint8_t
2756 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2758 uint8_t rxchain = 0;
2760 if (sc->nrxchains > 1) {
2761 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2763 if (sc->nrxchains > 2)
2764 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2771 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2773 struct ifnet *ifp = sc->sc_ifp;
2774 struct ieee80211com *ic = ifp->if_l2com;
2775 struct ieee80211_frame *wh;
2776 struct ieee80211_node *ni;
2777 struct rt2870_rxd *rxd;
2778 struct rt2860_rxwi *rxwi;
2780 uint16_t len, rxwisize;
2784 rxwi = mtod(m, struct rt2860_rxwi *);
2785 len = le16toh(rxwi->len) & 0xfff;
2786 rxwisize = sizeof(struct rt2860_rxwi);
2787 if (sc->mac_ver == 0x5592)
2788 rxwisize += sizeof(uint64_t);
2789 else if (sc->mac_ver == 0x3593)
2790 rxwisize += sizeof(uint32_t);
2791 if (__predict_false(len > dmalen)) {
2794 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2797 /* Rx descriptor is located at the end */
2798 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2799 flags = le32toh(rxd->flags);
2801 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2804 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2808 m->m_data += rxwisize;
2809 m->m_pkthdr.len = m->m_len -= rxwisize;
2811 wh = mtod(m, struct ieee80211_frame *);
2813 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
2814 wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
2815 m->m_flags |= M_WEP;
2818 if (flags & RT2860_RX_L2PAD) {
2819 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2823 ni = ieee80211_find_rxnode(ic,
2824 mtod(m, struct ieee80211_frame_min *));
2826 if (__predict_false(flags & RT2860_RX_MICERR)) {
2827 /* report MIC failures to net80211 for TKIP */
2829 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2833 DPRINTF("MIC error. Someone is lying.\n");
2837 ant = run_maxrssi_chain(sc, rxwi);
2838 rssi = rxwi->rssi[ant];
2839 nf = run_rssi2dbm(sc, rssi, ant);
2841 m->m_pkthdr.rcvif = ifp;
2842 m->m_pkthdr.len = m->m_len = len;
2845 (void)ieee80211_input(ni, m, rssi, nf);
2846 ieee80211_free_node(ni);
2848 (void)ieee80211_input_all(ic, m, rssi, nf);
2851 if (__predict_false(ieee80211_radiotap_active(ic))) {
2852 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2856 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2857 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2858 tap->wr_antsignal = rssi;
2859 tap->wr_antenna = ant;
2860 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2861 tap->wr_rate = 2; /* in case it can't be found below */
2862 phy = le16toh(rxwi->phy);
2863 switch (phy & RT2860_PHY_MODE) {
2864 case RT2860_PHY_CCK:
2865 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2866 case 0: tap->wr_rate = 2; break;
2867 case 1: tap->wr_rate = 4; break;
2868 case 2: tap->wr_rate = 11; break;
2869 case 3: tap->wr_rate = 22; break;
2871 if (phy & RT2860_PHY_SHPRE)
2872 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2874 case RT2860_PHY_OFDM:
2875 switch (phy & RT2860_PHY_MCS) {
2876 case 0: tap->wr_rate = 12; break;
2877 case 1: tap->wr_rate = 18; break;
2878 case 2: tap->wr_rate = 24; break;
2879 case 3: tap->wr_rate = 36; break;
2880 case 4: tap->wr_rate = 48; break;
2881 case 5: tap->wr_rate = 72; break;
2882 case 6: tap->wr_rate = 96; break;
2883 case 7: tap->wr_rate = 108; break;
2891 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2893 struct run_softc *sc = usbd_xfer_softc(xfer);
2894 struct ifnet *ifp = sc->sc_ifp;
2895 struct mbuf *m = NULL;
2901 rxwisize = sizeof(struct rt2860_rxwi);
2902 if (sc->mac_ver == 0x5592)
2903 rxwisize += sizeof(uint64_t);
2904 else if (sc->mac_ver == 0x3593)
2905 rxwisize += sizeof(uint32_t);
2907 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2909 switch (USB_GET_STATE(xfer)) {
2910 case USB_ST_TRANSFERRED:
2912 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2914 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2915 sizeof(struct rt2870_rxd))) {
2916 DPRINTF("xfer too short %d\n", xferlen);
2926 if (sc->rx_m == NULL) {
2927 sc->rx_m = m_getjcl(MB_DONTWAIT, MT_DATA, M_PKTHDR,
2928 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2930 if (sc->rx_m == NULL) {
2931 DPRINTF("could not allocate mbuf - idle with stall\n");
2933 usbd_xfer_set_stall(xfer);
2934 usbd_xfer_set_frames(xfer, 0);
2937 * Directly loading a mbuf cluster into DMA to
2938 * save some data copying. This works because
2939 * there is only one cluster.
2941 usbd_xfer_set_frame_data(xfer, 0,
2942 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2943 usbd_xfer_set_frames(xfer, 1);
2945 usbd_transfer_submit(xfer);
2948 default: /* Error */
2949 if (error != USB_ERR_CANCELLED) {
2950 /* try to clear stall first */
2951 usbd_xfer_set_stall(xfer);
2953 if (error == USB_ERR_TIMEOUT)
2954 device_printf(sc->sc_dev, "device timeout\n");
2960 if (sc->rx_m != NULL) {
2970 /* inputting all the frames must be last */
2974 m->m_pkthdr.len = m->m_len = xferlen;
2976 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2978 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2980 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2981 ((dmalen & 3) != 0)) {
2982 DPRINTF("bad DMA length %u\n", dmalen);
2985 if ((dmalen + 8) > (uint32_t)xferlen) {
2986 DPRINTF("bad DMA length %u > %d\n",
2987 dmalen + 8, xferlen);
2991 /* If it is the last one or a single frame, we won't copy. */
2992 if ((xferlen -= dmalen + 8) <= 8) {
2993 /* trim 32-bit DMA-len header */
2995 m->m_pkthdr.len = m->m_len -= 4;
2996 run_rx_frame(sc, m, dmalen);
2997 m = NULL; /* don't free source buffer */
3001 /* copy aggregated frames to another mbuf */
3002 m0 = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
3003 if (__predict_false(m0 == NULL)) {
3004 DPRINTF("could not allocate mbuf\n");
3008 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3009 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3010 m0->m_pkthdr.len = m0->m_len =
3011 dmalen + sizeof(struct rt2870_rxd);
3012 run_rx_frame(sc, m0, dmalen);
3014 /* update data ptr */
3015 m->m_data += dmalen + 8;
3016 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3019 /* make sure we free the source buffer, if any */
3026 run_tx_free(struct run_endpoint_queue *pq,
3027 struct run_tx_data *data, int txerr)
3029 if (data->m != NULL) {
3030 if (data->m->m_flags & M_TXCB)
3031 ieee80211_process_callback(data->ni, data->m,
3032 txerr ? ETIMEDOUT : 0);
3036 if (data->ni == NULL) {
3037 DPRINTF("no node\n");
3039 ieee80211_free_node(data->ni);
3044 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3049 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3051 struct run_softc *sc = usbd_xfer_softc(xfer);
3052 struct ifnet *ifp = sc->sc_ifp;
3053 struct ieee80211com *ic = ifp->if_l2com;
3054 struct run_tx_data *data;
3055 struct ieee80211vap *vap = NULL;
3056 struct usb_page_cache *pc;
3057 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3059 usb_frlength_t size;
3063 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3065 switch (USB_GET_STATE(xfer)) {
3066 case USB_ST_TRANSFERRED:
3067 DPRINTFN(11, "transfer complete: %d "
3068 "bytes @ index %d\n", actlen, index);
3070 data = usbd_xfer_get_priv(xfer);
3072 run_tx_free(pq, data, 0);
3073 ifq_clr_oactive(&ifp->if_snd);
3075 usbd_xfer_set_priv(xfer, NULL);
3082 data = STAILQ_FIRST(&pq->tx_qh);
3086 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3089 size = (sc->mac_ver == 0x5592) ?
3090 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3091 if ((m->m_pkthdr.len +
3092 size + 3 + 8) > RUN_MAX_TXSZ) {
3093 DPRINTF("data overflow, %u bytes\n",
3098 run_tx_free(pq, data, 1);
3103 pc = usbd_xfer_get_frame(xfer, 0);
3104 usbd_copy_in(pc, 0, &data->desc, size);
3105 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3106 size += m->m_pkthdr.len;
3108 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3109 * 4-byte padding), and be sure to zero those trailing
3112 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3113 size += ((-size) & 3) + 8;
3115 vap = data->ni->ni_vap;
3116 if (ieee80211_radiotap_active_vap(vap)) {
3117 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3118 struct rt2860_txwi *txwi =
3119 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3121 tap->wt_rate = rt2860_rates[data->ridx].rate;
3122 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3123 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3124 tap->wt_hwqueue = index;
3125 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3126 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3128 ieee80211_radiotap_tx(vap, m);
3131 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3132 m->m_pkthdr.len, size, index);
3134 usbd_xfer_set_frame_len(xfer, 0, size);
3135 usbd_xfer_set_priv(xfer, data);
3137 usbd_transfer_submit(xfer);
3139 run_start_locked(ifp);
3144 DPRINTF("USB transfer error, %s\n",
3145 usbd_errstr(error));
3147 data = usbd_xfer_get_priv(xfer);
3152 if(data->ni != NULL)
3153 vap = data->ni->ni_vap;
3154 run_tx_free(pq, data, error);
3155 usbd_xfer_set_priv(xfer, NULL);
3158 vap = TAILQ_FIRST(&ic->ic_vaps);
3160 if (error != USB_ERR_CANCELLED) {
3161 if (error == USB_ERR_TIMEOUT) {
3162 device_printf(sc->sc_dev, "device timeout\n");
3163 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3164 DPRINTF("cmdq_store=%d\n", i);
3165 sc->cmdq[i].func = run_usb_timeout_cb;
3166 sc->cmdq[i].arg0 = vap;
3167 ieee80211_runtask(ic, &sc->cmdq_task);
3171 * Try to clear stall first, also if other
3172 * errors occur, hence clearing stall
3173 * introduces a 50 ms delay:
3175 usbd_xfer_set_stall(xfer);
3183 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3185 run_bulk_tx_callbackN(xfer, error, 0);
3189 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3191 run_bulk_tx_callbackN(xfer, error, 1);
3195 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3197 run_bulk_tx_callbackN(xfer, error, 2);
3201 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3203 run_bulk_tx_callbackN(xfer, error, 3);
3207 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3209 run_bulk_tx_callbackN(xfer, error, 4);
3213 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3215 run_bulk_tx_callbackN(xfer, error, 5);
3219 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3221 struct mbuf *m = data->m;
3222 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3223 struct ieee80211vap *vap = data->ni->ni_vap;
3224 struct ieee80211_frame *wh;
3225 struct rt2870_txd *txd;
3226 struct rt2860_txwi *txwi;
3227 uint16_t xferlen, txwisize;
3229 uint8_t ridx = data->ridx;
3232 /* get MCS code from rate index */
3233 mcs = rt2860_rates[ridx].mcs;
3235 txwisize = (sc->mac_ver == 0x5592) ?
3236 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3237 xferlen = txwisize + m->m_pkthdr.len;
3239 /* roundup to 32-bit alignment */
3240 xferlen = (xferlen + 3) & ~3;
3242 txd = (struct rt2870_txd *)&data->desc;
3243 txd->len = htole16(xferlen);
3245 wh = mtod(m, struct ieee80211_frame *);
3248 * Ether both are true or both are false, the header
3249 * are nicely aligned to 32-bit. So, no L2 padding.
3251 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3256 /* setup TX Wireless Information */
3257 txwi = (struct rt2860_txwi *)(txd + 1);
3258 txwi->len = htole16(m->m_pkthdr.len - pad);
3259 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3260 txwi->phy = htole16(RT2860_PHY_CCK);
3261 if (ridx != RT2860_RIDX_CCK1 &&
3262 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3263 mcs |= RT2860_PHY_SHPRE;
3265 txwi->phy = htole16(RT2860_PHY_OFDM);
3266 txwi->phy |= htole16(mcs);
3268 /* check if RTS/CTS or CTS-to-self protection is required */
3269 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3270 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3271 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3272 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3273 txwi->txop |= RT2860_TX_TXOP_HT;
3275 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3277 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3278 txwi->xflags |= RT2860_TX_NSEQ;
3281 /* This function must be called locked */
3283 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3285 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3286 struct ieee80211vap *vap = ni->ni_vap;
3287 struct ieee80211_frame *wh;
3288 struct ieee80211_channel *chan;
3289 const struct ieee80211_txparam *tp;
3290 struct run_node *rn = (void *)ni;
3291 struct run_tx_data *data;
3292 struct rt2870_txd *txd;
3293 struct rt2860_txwi *txwi;
3305 #if 0 /* XXX swildner: lock needed? */
3306 RUN_LOCK_ASSERT(sc, MA_OWNED);
3309 wh = mtod(m, struct ieee80211_frame *);
3311 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3314 * There are 7 bulk endpoints: 1 for RX
3315 * and 6 for TX (4 EDCAs + HCCA + Prio).
3316 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3317 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3319 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3322 if(IEEE80211_HAS_ADDR4(wh))
3323 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3325 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3327 qos = le16toh(*(const uint16_t *)frm);
3328 tid = qos & IEEE80211_QOS_TID;
3329 qid = TID_TO_WME_AC(tid);
3335 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3337 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3338 qos, qid, tid, qflags);
3340 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3341 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3343 /* pickup a rate index */
3344 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3345 type != IEEE80211_FC0_TYPE_DATA) {
3346 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3347 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3348 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3350 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3351 ridx = rn->fix_ridx;
3353 ridx = rn->amrr_ridx;
3354 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3357 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3358 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3359 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3360 xflags |= RT2860_TX_ACK;
3361 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3362 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3364 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3365 USETW(wh->i_dur, dur);
3368 /* reserve slots for mgmt packets, just in case */
3369 if (sc->sc_epq[qid].tx_nfree < 3) {
3370 DPRINTFN(10, "tx ring %d is full\n", qid);
3374 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3375 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3376 sc->sc_epq[qid].tx_nfree--;
3378 txd = (struct rt2870_txd *)&data->desc;
3379 txd->flags = qflags;
3380 txwi = (struct rt2860_txwi *)(txd + 1);
3381 txwi->xflags = xflags;
3382 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3385 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3386 1 : RUN_AID2WCID(ni->ni_associd);
3388 /* clear leftover garbage bits */
3396 run_set_tx_desc(sc, data);
3399 * The chip keeps track of 2 kind of Tx stats,
3400 * * TX_STAT_FIFO, for per WCID stats, and
3401 * * TX_STA_CNT0 for all-TX-in-one stats.
3403 * To use FIFO stats, we need to store MCS into the driver-private
3404 * PacketID field. So that, we can tell whose stats when we read them.
3405 * We add 1 to the MCS because setting the PacketID field to 0 means
3406 * that we don't want feedback in TX_STAT_FIFO.
3407 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3409 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3411 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3412 vap->iv_opmode == IEEE80211_M_MBSS) {
3413 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3414 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3417 * Unlike PCI based devices, we don't get any interrupt from
3418 * USB devices, so we simulate FIFO-is-full interrupt here.
3419 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3420 * quickly get fulled. To prevent overflow, increment a counter on
3421 * every FIFO stat request, so we know how many slots are left.
3422 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3423 * are used only in those modes.
3424 * We just drain stats. AMRR gets updated every 1 sec by
3425 * run_ratectl_cb() via callout.
3426 * Call it early. Otherwise overflow.
3428 if (sc->fifo_cnt++ == 10) {
3430 * With multiple vaps or if_bridge, if_start() is called
3431 * with a non-sleepable lock, tcpinp. So, need to defer.
3433 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3434 DPRINTFN(6, "cmdq_store=%d\n", i);
3435 sc->cmdq[i].func = run_drain_fifo;
3436 sc->cmdq[i].arg0 = sc;
3437 ieee80211_runtask(ic, &sc->cmdq_task);
3441 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3444 usbd_transfer_start(sc->sc_xfer[qid]);
3447 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3448 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3449 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3455 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3457 struct ifnet *ifp = sc->sc_ifp;
3458 struct ieee80211com *ic = ifp->if_l2com;
3459 struct run_node *rn = (void *)ni;
3460 struct run_tx_data *data;
3461 struct ieee80211_frame *wh;
3462 struct rt2870_txd *txd;
3463 struct rt2860_txwi *txwi;
3465 uint8_t ridx = rn->mgt_ridx;
3470 RUN_LOCK_ASSERT(sc, MA_OWNED);
3472 wh = mtod(m, struct ieee80211_frame *);
3474 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3476 /* tell hardware to add timestamp for probe responses */
3478 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3479 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3480 wflags |= RT2860_TX_TS;
3481 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3482 xflags |= RT2860_TX_ACK;
3484 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3485 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3486 USETW(wh->i_dur, dur);
3489 if (sc->sc_epq[0].tx_nfree == 0) {
3490 /* let caller free mbuf */
3491 ifq_set_oactive(&ifp->if_snd);
3494 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3495 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3496 sc->sc_epq[0].tx_nfree--;
3498 txd = (struct rt2870_txd *)&data->desc;
3499 txd->flags = RT2860_TX_QSEL_EDCA;
3500 txwi = (struct rt2860_txwi *)(txd + 1);
3502 txwi->flags = wflags;
3503 txwi->xflags = xflags;
3504 txwi->txop = 0; /* clear leftover garbage bits */
3510 run_set_tx_desc(sc, data);
3512 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3513 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3514 rt2860_rates[ridx].rate);
3516 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3518 usbd_transfer_start(sc->sc_xfer[0]);
3524 run_sendprot(struct run_softc *sc,
3525 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3527 struct ieee80211com *ic = ni->ni_ic;
3528 struct ieee80211_frame *wh;
3529 struct run_tx_data *data;
3530 struct rt2870_txd *txd;
3531 struct rt2860_txwi *txwi;
3543 RUN_LOCK_ASSERT(sc, MA_OWNED);
3545 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3546 ("protection %d", prot));
3548 wh = mtod(m, struct ieee80211_frame *);
3549 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3550 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3552 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3553 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3555 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3556 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3557 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3558 wflags = RT2860_TX_FRAG;
3560 /* check that there are free slots before allocating the mbuf */
3561 if (sc->sc_epq[0].tx_nfree == 0) {
3562 /* let caller free mbuf */
3563 ifq_set_oactive(&sc->sc_ifp->if_snd);
3567 if (prot == IEEE80211_PROT_RTSCTS) {
3568 /* NB: CTS is the same size as an ACK */
3569 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3570 xflags |= RT2860_TX_ACK;
3571 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3573 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3575 if (mprot == NULL) {
3576 sc->sc_ifp->if_oerrors++;
3577 DPRINTF("could not allocate mbuf\n");
3581 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3582 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3583 sc->sc_epq[0].tx_nfree--;
3585 txd = (struct rt2870_txd *)&data->desc;
3586 txd->flags = RT2860_TX_QSEL_EDCA;
3587 txwi = (struct rt2860_txwi *)(txd + 1);
3589 txwi->flags = wflags;
3590 txwi->xflags = xflags;
3591 txwi->txop = 0; /* clear leftover garbage bits */
3594 data->ni = ieee80211_ref_node(ni);
3596 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3597 if (rt2860_rates[ridx].rate == protrate)
3601 run_set_tx_desc(sc, data);
3603 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3604 m->m_pkthdr.len, rate);
3606 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3608 usbd_transfer_start(sc->sc_xfer[0]);
3614 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3615 const struct ieee80211_bpf_params *params)
3617 struct ieee80211com *ic = ni->ni_ic;
3618 struct ieee80211_frame *wh;
3619 struct run_tx_data *data;
3620 struct rt2870_txd *txd;
3621 struct rt2860_txwi *txwi;
3625 uint8_t opflags = 0;
3629 RUN_LOCK_ASSERT(sc, MA_OWNED);
3631 KASSERT(params != NULL, ("no raw xmit params"));
3633 wh = mtod(m, struct ieee80211_frame *);
3634 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3636 rate = params->ibp_rate0;
3637 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3638 /* let caller free mbuf */
3642 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3643 xflags |= RT2860_TX_ACK;
3644 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3645 error = run_sendprot(sc, m, ni,
3646 params->ibp_flags & IEEE80211_BPF_RTS ?
3647 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3650 /* let caller free mbuf */
3653 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3656 if (sc->sc_epq[0].tx_nfree == 0) {
3657 /* let caller free mbuf */
3658 ifq_set_oactive(&sc->sc_ifp->if_snd);
3659 DPRINTF("sending raw frame, but tx ring is full\n");
3662 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3663 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3664 sc->sc_epq[0].tx_nfree--;
3666 txd = (struct rt2870_txd *)&data->desc;
3667 txd->flags = RT2860_TX_QSEL_EDCA;
3668 txwi = (struct rt2860_txwi *)(txd + 1);
3670 txwi->xflags = xflags;
3671 txwi->txop = opflags;
3672 txwi->flags = 0; /* clear leftover garbage bits */
3676 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3677 if (rt2860_rates[ridx].rate == rate)
3681 run_set_tx_desc(sc, data);
3683 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3684 m->m_pkthdr.len, rate);
3686 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3688 usbd_transfer_start(sc->sc_xfer[0]);
3694 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3695 const struct ieee80211_bpf_params *params)
3697 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3698 struct run_softc *sc = ifp->if_softc;
3703 /* prevent management frames from being sent if we're not ready */
3704 if (!(ifp->if_flags & IFF_RUNNING)) {
3709 if (params == NULL) {
3711 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3713 DPRINTF("mgt tx failed\n");
3717 /* tx raw packet with param */
3718 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3720 DPRINTF("tx with param failed\n");
3733 ieee80211_free_node(ni);
3740 run_start_locked(struct ifnet *ifp)
3742 struct run_softc *sc = ifp->if_softc;
3743 struct ieee80211_node *ni;
3744 struct mbuf *m = NULL;
3746 if ((ifp->if_flags & IFF_RUNNING) == 0)
3750 /* send data frames */
3751 m = ifq_dequeue(&ifp->if_snd);
3755 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3756 if (run_tx(sc, m, ni) != 0) {
3757 ifq_prepend(&ifp->if_snd, m);
3758 ifq_set_oactive(&ifp->if_snd);
3765 run_start(struct ifnet *ifp, struct ifaltq_subque *ifsq)
3767 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq);
3768 run_start_locked(ifp);
3772 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
3774 struct run_softc *sc = ifp->if_softc;
3775 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3776 struct ifreq *ifr = (struct ifreq *) data;
3781 error = sc->sc_detached ? ENXIO : 0;
3789 if (ifp->if_flags & IFF_UP) {
3790 if (!(ifp->if_flags & IFF_RUNNING)){
3792 run_init_locked(sc);
3794 run_update_promisc_locked(ifp);
3796 if (ifp->if_flags & IFF_RUNNING &&
3797 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3803 ieee80211_start_all(ic);
3806 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3809 error = ether_ioctl(ifp, cmd, data);
3820 run_iq_calib(struct run_softc *sc, u_int chan)
3825 run_bbp_write(sc, 158, 0x2c);
3827 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3828 else if (chan <= 64) {
3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3832 } else if (chan <= 138) {
3834 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3836 } else if (chan <= 165) {
3838 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3842 run_bbp_write(sc, 159, val);
3845 run_bbp_write(sc, 158, 0x2d);
3847 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3849 } else if (chan <= 64) {
3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3853 } else if (chan <= 138) {
3855 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3857 } else if (chan <= 165) {
3859 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3863 run_bbp_write(sc, 159, val);
3866 run_bbp_write(sc, 158, 0x4a);
3868 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3870 } else if (chan <= 64) {
3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3874 } else if (chan <= 138) {
3876 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3878 } else if (chan <= 165) {
3880 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3884 run_bbp_write(sc, 159, val);
3887 run_bbp_write(sc, 158, 0x4b);
3889 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3891 } else if (chan <= 64) {
3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3895 } else if (chan <= 138) {
3897 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3899 } else if (chan <= 165) {
3901 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3905 run_bbp_write(sc, 159, val);
3907 /* RF IQ compensation control. */
3908 run_bbp_write(sc, 158, 0x04);
3909 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3911 run_bbp_write(sc, 159, val);
3913 /* RF IQ imbalance compensation control. */
3914 run_bbp_write(sc, 158, 0x03);
3916 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3917 run_bbp_write(sc, 159, val);
3921 run_set_agc(struct run_softc *sc, uint8_t agc)
3925 if (sc->mac_ver == 0x3572) {
3926 run_bbp_read(sc, 27, &bbp);
3928 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3929 run_bbp_write(sc, 66, agc);
3930 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3931 run_bbp_write(sc, 66, agc);
3933 run_bbp_write(sc, 66, agc);
3937 run_select_chan_group(struct run_softc *sc, int group)
3942 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3943 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3944 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3945 if (sc->mac_ver < 0x3572)
3946 run_bbp_write(sc, 86, 0x00);
3948 if (sc->mac_ver == 0x3593) {
3949 run_bbp_write(sc, 77, 0x98);
3950 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3954 if (sc->ext_2ghz_lna) {
3955 if (sc->mac_ver >= 0x5390)
3956 run_bbp_write(sc, 75, 0x52);
3958 run_bbp_write(sc, 82, 0x62);
3959 run_bbp_write(sc, 75, 0x46);
3962 if (sc->mac_ver == 0x5592) {
3963 run_bbp_write(sc, 79, 0x1c);
3964 run_bbp_write(sc, 80, 0x0e);
3965 run_bbp_write(sc, 81, 0x3a);
3966 run_bbp_write(sc, 82, 0x62);
3968 run_bbp_write(sc, 195, 0x80);
3969 run_bbp_write(sc, 196, 0xe0);
3970 run_bbp_write(sc, 195, 0x81);
3971 run_bbp_write(sc, 196, 0x1f);
3972 run_bbp_write(sc, 195, 0x82);
3973 run_bbp_write(sc, 196, 0x38);
3974 run_bbp_write(sc, 195, 0x83);
3975 run_bbp_write(sc, 196, 0x32);
3976 run_bbp_write(sc, 195, 0x85);
3977 run_bbp_write(sc, 196, 0x28);
3978 run_bbp_write(sc, 195, 0x86);
3979 run_bbp_write(sc, 196, 0x19);
3980 } else if (sc->mac_ver >= 0x5390)
3981 run_bbp_write(sc, 75, 0x50);
3983 run_bbp_write(sc, 82,
3984 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3985 run_bbp_write(sc, 75, 0x50);
3989 if (sc->mac_ver == 0x5592) {
3990 run_bbp_write(sc, 79, 0x18);
3991 run_bbp_write(sc, 80, 0x08);
3992 run_bbp_write(sc, 81, 0x38);
3993 run_bbp_write(sc, 82, 0x92);
3995 run_bbp_write(sc, 195, 0x80);
3996 run_bbp_write(sc, 196, 0xf0);
3997 run_bbp_write(sc, 195, 0x81);
3998 run_bbp_write(sc, 196, 0x1e);
3999 run_bbp_write(sc, 195, 0x82);
4000 run_bbp_write(sc, 196, 0x28);
4001 run_bbp_write(sc, 195, 0x83);
4002 run_bbp_write(sc, 196, 0x20);
4003 run_bbp_write(sc, 195, 0x85);
4004 run_bbp_write(sc, 196, 0x7f);
4005 run_bbp_write(sc, 195, 0x86);
4006 run_bbp_write(sc, 196, 0x7f);
4007 } else if (sc->mac_ver == 0x3572)
4008 run_bbp_write(sc, 82, 0x94);
4010 run_bbp_write(sc, 82,
4011 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4012 if (sc->ext_5ghz_lna)
4013 run_bbp_write(sc, 75, 0x46);
4015 run_bbp_write(sc, 75, 0x50);
4018 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4019 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4020 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4021 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4023 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4024 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4025 if (sc->mac_ver == 0x3593)
4026 tmp |= 1 << 29 | 1 << 28;
4027 if (sc->nrxchains > 1)
4028 tmp |= RT2860_LNA_PE1_EN;
4029 if (group == 0) { /* 2GHz */
4030 tmp |= RT2860_PA_PE_G0_EN;
4031 if (sc->ntxchains > 1)
4032 tmp |= RT2860_PA_PE_G1_EN;
4033 if (sc->mac_ver == 0x3593) {
4034 if (sc->ntxchains > 2)
4038 tmp |= RT2860_PA_PE_A0_EN;
4039 if (sc->ntxchains > 1)
4040 tmp |= RT2860_PA_PE_A1_EN;
4042 if (sc->mac_ver == 0x3572) {
4043 run_rt3070_rf_write(sc, 8, 0x00);
4044 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4045 run_rt3070_rf_write(sc, 8, 0x80);
4047 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4049 if (sc->mac_ver == 0x5592) {
4050 run_bbp_write(sc, 195, 0x8d);
4051 run_bbp_write(sc, 196, 0x1a);
4054 if (sc->mac_ver == 0x3593) {
4055 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4059 tmp = (tmp & ~0x00009090) | 0x00000090;
4060 run_write(sc, RT2860_GPIO_CTRL, tmp);
4063 /* set initial AGC value */
4064 if (group == 0) { /* 2GHz band */
4065 if (sc->mac_ver >= 0x3070)
4066 agc = 0x1c + sc->lna[0] * 2;
4068 agc = 0x2e + sc->lna[0];
4069 } else { /* 5GHz band */
4070 if (sc->mac_ver == 0x5592)
4071 agc = 0x24 + sc->lna[group] * 2;
4072 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4073 agc = 0x22 + (sc->lna[group] * 5) / 3;
4075 agc = 0x32 + (sc->lna[group] * 5) / 3;
4077 run_set_agc(sc, agc);
4081 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4083 const struct rfprog *rfprog = rt2860_rf2850;
4084 uint32_t r2, r3, r4;
4085 int8_t txpow1, txpow2;
4088 /* find the settings for this channel (we know it exists) */
4089 for (i = 0; rfprog[i].chan != chan; i++);
4092 if (sc->ntxchains == 1)
4093 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4094 if (sc->nrxchains == 1)
4095 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4096 else if (sc->nrxchains == 2)
4097 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4099 /* use Tx power values from EEPROM */
4100 txpow1 = sc->txpow1[i];
4101 txpow2 = sc->txpow2[i];
4103 /* Initialize RF R3 and R4. */
4104 r3 = rfprog[i].r3 & 0xffffc1ff;
4105 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4108 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4109 r3 |= (txpow1 << 10) | (1 << 9);
4113 /* txpow1 is not possible larger than 15. */
4114 r3 |= (txpow1 << 10);
4117 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4118 r4 |= (txpow2 << 7) | (1 << 6);
4121 r4 |= (txpow2 << 7);
4124 /* Set Tx0 power. */
4125 r3 |= (txpow1 << 9);
4127 /* Set frequency offset and Tx1 power. */
4128 r4 |= (txpow2 << 6);
4131 run_rt2870_rf_write(sc, rfprog[i].r1);
4132 run_rt2870_rf_write(sc, r2);
4133 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4134 run_rt2870_rf_write(sc, r4);
4138 run_rt2870_rf_write(sc, rfprog[i].r1);
4139 run_rt2870_rf_write(sc, r2);
4140 run_rt2870_rf_write(sc, r3 | (1 << 2));
4141 run_rt2870_rf_write(sc, r4);
4145 run_rt2870_rf_write(sc, rfprog[i].r1);
4146 run_rt2870_rf_write(sc, r2);
4147 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4148 run_rt2870_rf_write(sc, r4);
4152 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4154 int8_t txpow1, txpow2;
4158 /* find the settings for this channel (we know it exists) */
4159 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4161 /* use Tx power values from EEPROM */
4162 txpow1 = sc->txpow1[i];
4163 txpow2 = sc->txpow2[i];
4165 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4167 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4168 run_rt3070_rf_read(sc, 3, &rf);
4169 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4170 run_rt3070_rf_write(sc, 3, rf);
4172 run_rt3070_rf_read(sc, 6, &rf);
4173 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4174 run_rt3070_rf_write(sc, 6, rf);
4177 run_rt3070_rf_read(sc, 12, &rf);
4178 rf = (rf & ~0x1f) | txpow1;
4179 run_rt3070_rf_write(sc, 12, rf);
4182 run_rt3070_rf_read(sc, 13, &rf);
4183 rf = (rf & ~0x1f) | txpow2;
4184 run_rt3070_rf_write(sc, 13, rf);
4186 run_rt3070_rf_read(sc, 1, &rf);
4188 if (sc->ntxchains == 1)
4189 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4190 else if (sc->ntxchains == 2)
4191 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4192 if (sc->nrxchains == 1)
4193 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4194 else if (sc->nrxchains == 2)
4195 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4196 run_rt3070_rf_write(sc, 1, rf);
4199 run_rt3070_rf_read(sc, 23, &rf);
4200 rf = (rf & ~0x7f) | sc->freq;
4201 run_rt3070_rf_write(sc, 23, rf);
4203 /* program RF filter */
4204 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4205 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4206 run_rt3070_rf_write(sc, 24, rf);
4207 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4208 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4209 run_rt3070_rf_write(sc, 31, rf);
4211 /* enable RF tuning */
4212 run_rt3070_rf_read(sc, 7, &rf);
4213 run_rt3070_rf_write(sc, 7, rf | 0x01);
4217 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4219 int8_t txpow1, txpow2;
4224 /* find the settings for this channel (we know it exists) */
4225 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4227 /* use Tx power values from EEPROM */
4228 txpow1 = sc->txpow1[i];
4229 txpow2 = sc->txpow2[i];
4232 run_bbp_write(sc, 25, sc->bbp25);
4233 run_bbp_write(sc, 26, sc->bbp26);
4235 /* enable IQ phase correction */
4236 run_bbp_write(sc, 25, 0x09);
4237 run_bbp_write(sc, 26, 0xff);
4240 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4241 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4242 run_rt3070_rf_read(sc, 6, &rf);
4243 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4244 rf |= (chan <= 14) ? 0x08 : 0x04;
4245 run_rt3070_rf_write(sc, 6, rf);
4248 run_rt3070_rf_read(sc, 5, &rf);
4249 rf &= ~(0x08 | 0x04);
4250 rf |= (chan <= 14) ? 0x04 : 0x08;
4251 run_rt3070_rf_write(sc, 5, rf);
4253 /* set Tx power for chain 0 */
4257 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4258 run_rt3070_rf_write(sc, 12, rf);
4260 /* set Tx power for chain 1 */
4264 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4265 run_rt3070_rf_write(sc, 13, rf);
4267 /* set Tx/Rx streams */
4268 run_rt3070_rf_read(sc, 1, &rf);
4270 if (sc->ntxchains == 1)
4271 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4272 else if (sc->ntxchains == 2)
4273 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4274 if (sc->nrxchains == 1)
4275 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4276 else if (sc->nrxchains == 2)
4277 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4278 run_rt3070_rf_write(sc, 1, rf);
4281 run_rt3070_rf_read(sc, 23, &rf);
4282 rf = (rf & ~0x7f) | sc->freq;
4283 run_rt3070_rf_write(sc, 23, rf);
4285 /* program RF filter */
4286 rf = sc->rf24_20mhz;
4287 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4288 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4290 /* enable RF tuning */
4291 run_rt3070_rf_read(sc, 7, &rf);
4292 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4293 run_rt3070_rf_write(sc, 7, rf);
4296 rf = (chan <= 14) ? 0xc3 : 0xc0;
4297 run_rt3070_rf_write(sc, 9, rf);
4299 /* set loop filter 1 */
4300 run_rt3070_rf_write(sc, 10, 0xf1);
4301 /* set loop filter 2 */
4302 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4305 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4308 rf = 0x48 | sc->txmixgain_2ghz;
4310 rf = 0x78 | sc->txmixgain_5ghz;
4311 run_rt3070_rf_write(sc, 16, rf);
4314 run_rt3070_rf_write(sc, 17, 0x23);
4318 else if (chan <= 64)
4320 else if (chan <= 128)
4324 run_rt3070_rf_write(sc, 19, rf);
4329 else if (chan <= 64)
4331 else if (chan <= 128)
4335 run_rt3070_rf_write(sc, 20, rf);
4340 else if (chan <= 64)
4344 run_rt3070_rf_write(sc, 25, rf);
4347 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4349 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4351 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4353 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4357 run_write(sc, RT2860_GPIO_CTRL, tmp);
4359 /* enable RF tuning */
4360 run_rt3070_rf_read(sc, 7, &rf);
4361 run_rt3070_rf_write(sc, 7, rf | 0x01);
4367 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4369 int8_t txpow1, txpow2, txpow3;
4373 /* find the settings for this channel (we know it exists) */
4374 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4376 /* use Tx power values from EEPROM */
4377 txpow1 = sc->txpow1[i];
4378 txpow2 = sc->txpow2[i];
4379 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4382 run_bbp_write(sc, 25, sc->bbp25);
4383 run_bbp_write(sc, 26, sc->bbp26);
4385 /* Enable IQ phase correction. */
4386 run_bbp_write(sc, 25, 0x09);
4387 run_bbp_write(sc, 26, 0xff);
4390 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4391 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4392 run_rt3070_rf_read(sc, 11, &rf);
4393 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4394 run_rt3070_rf_write(sc, 11, rf);
4397 run_rt3070_rf_read(sc, 11, &rf);
4399 rf |= (chan <= 14) ? 0x44 : 0x48;
4400 run_rt3070_rf_write(sc, 11, rf);
4405 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4406 run_rt3070_rf_write(sc, 53, rf);
4411 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4412 run_rt3070_rf_write(sc, 55, rf);
4417 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4418 run_rt3070_rf_write(sc, 54, rf);
4420 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4421 if (sc->ntxchains == 3)
4422 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4424 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4425 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4426 run_rt3070_rf_write(sc, 1, rf);
4428 run_adjust_freq_offset(sc);
4430 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4432 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4433 run_rt3070_rf_read(sc, 30, &rf);
4434 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4435 run_rt3070_rf_write(sc, 30, rf);
4437 run_rt3070_rf_read(sc, 36, &rf);
4442 run_rt3070_rf_write(sc, 36, rf);
4445 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4446 /* Set pfd_delay. */
4447 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4449 /* Set vco bias current control. */
4450 run_rt3070_rf_read(sc, 6, &rf);
4454 else if (chan <= 128)
4458 run_rt3070_rf_write(sc, 6, rf);
4460 run_rt3070_rf_read(sc, 30, &rf);
4461 rf = (rf & ~0x18) | 0x10;
4462 run_rt3070_rf_write(sc, 30, rf);
4464 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4465 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4467 run_rt3070_rf_read(sc, 51, &rf);
4468 rf = (rf & ~0x03) | 0x01;
4469 run_rt3070_rf_write(sc, 51, rf);
4470 /* Set tx_mx1_cc. */
4471 run_rt3070_rf_read(sc, 51, &rf);
4473 rf |= (chan <= 14) ? 0x14 : 0x10;
4474 run_rt3070_rf_write(sc, 51, rf);
4475 /* Set tx_mx1_ic. */
4476 run_rt3070_rf_read(sc, 51, &rf);
4478 rf |= (chan <= 14) ? 0x60 : 0x40;
4479 run_rt3070_rf_write(sc, 51, rf);
4480 /* Set tx_lo1_ic. */
4481 run_rt3070_rf_read(sc, 49, &rf);
4483 rf |= (chan <= 14) ? 0x0c : 0x08;
4484 run_rt3070_rf_write(sc, 49, rf);
4485 /* Set tx_lo1_en. */
4486 run_rt3070_rf_read(sc, 50, &rf);
4487 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4489 run_rt3070_rf_read(sc, 57, &rf);
4491 rf |= (chan <= 14) ? 0x6c : 0x3c;
4492 run_rt3070_rf_write(sc, 57, rf);
4493 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4494 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4495 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4496 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4497 /* Enable VCO calibration. */
4498 run_rt3070_rf_read(sc, 3, &rf);
4499 rf &= ~RT5390_VCOCAL;
4500 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4501 run_rt3070_rf_write(sc, 3, rf);
4505 else if (chan <= 64)
4507 else if (chan <= 128)
4511 run_rt3070_rf_write(sc, 39, rf);
4514 else if (chan <= 64)
4516 else if (chan <= 128)
4520 run_rt3070_rf_write(sc, 45, rf);
4522 /* Set FEQ/AEQ control. */
4523 run_bbp_write(sc, 105, 0x34);
4527 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4529 int8_t txpow1, txpow2;
4533 /* find the settings for this channel (we know it exists) */
4534 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4536 /* use Tx power values from EEPROM */
4537 txpow1 = sc->txpow1[i];
4538 txpow2 = sc->txpow2[i];
4540 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4541 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4542 run_rt3070_rf_read(sc, 11, &rf);
4543 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4544 run_rt3070_rf_write(sc, 11, rf);
4546 run_rt3070_rf_read(sc, 49, &rf);
4547 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4548 /* The valid range of the RF R49 is 0x00 to 0x27. */
4549 if ((rf & 0x3f) > 0x27)
4550 rf = (rf & ~0x3f) | 0x27;
4551 run_rt3070_rf_write(sc, 49, rf);
4553 if (sc->mac_ver == 0x5392) {
4554 run_rt3070_rf_read(sc, 50, &rf);
4555 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4556 /* The valid range of the RF R50 is 0x00 to 0x27. */
4557 if ((rf & 0x3f) > 0x27)
4558 rf = (rf & ~0x3f) | 0x27;
4559 run_rt3070_rf_write(sc, 50, rf);
4562 run_rt3070_rf_read(sc, 1, &rf);
4563 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4564 if (sc->mac_ver == 0x5392)
4565 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4566 run_rt3070_rf_write(sc, 1, rf);
4568 if (sc->mac_ver != 0x5392) {
4569 run_rt3070_rf_read(sc, 2, &rf);
4571 run_rt3070_rf_write(sc, 2, rf);
4574 run_rt3070_rf_write(sc, 2, rf);
4577 run_adjust_freq_offset(sc);
4579 if (sc->mac_ver == 0x5392) {
4580 /* Fix for RT5392C. */
4581 if (sc->mac_rev >= 0x0223) {
4584 else if (chan >= 5 && chan <= 7)
4588 run_rt3070_rf_write(sc, 23, rf);
4594 else if (chan >= 6 && chan <= 7)
4596 else if (chan >= 8 && chan <= 10)
4600 run_rt3070_rf_write(sc, 59, rf);
4606 run_rt3070_rf_write(sc, 59, rf);
4609 /* Fix for RT5390F. */
4610 if (sc->mac_rev >= 0x0502) {
4615 run_rt3070_rf_write(sc, 55, rf);
4619 else if (chan == 12)
4623 run_rt3070_rf_write(sc, 59, rf);
4625 run_rt3070_rf_write(sc, 55, 0x44);
4626 run_rt3070_rf_write(sc, 59, 0x8f);
4630 /* Enable VCO calibration. */
4631 run_rt3070_rf_read(sc, 3, &rf);
4632 rf |= RT5390_VCOCAL;
4633 run_rt3070_rf_write(sc, 3, rf);
4637 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4639 const struct rt5592_freqs *freqs;
4641 uint8_t reg, rf, txpow_bound;
4642 int8_t txpow1, txpow2;
4645 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4646 freqs = (tmp & RT5592_SEL_XTAL) ?
4647 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4649 /* find the settings for this channel (we know it exists) */
4650 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4652 /* use Tx power values from EEPROM */
4653 txpow1 = sc->txpow1[i];
4654 txpow2 = sc->txpow2[i];
4656 run_read(sc, RT3070_LDO_CFG0, &tmp);
4660 run_write(sc, RT3070_LDO_CFG0, tmp);
4663 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4664 run_rt3070_rf_read(sc, 9, &rf);
4666 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4667 run_rt3070_rf_write(sc, 9, rf);
4670 run_rt3070_rf_read(sc, 9, &rf);
4672 rf |= (freqs->k & 0x0f);
4673 run_rt3070_rf_write(sc, 9, rf);
4676 run_rt3070_rf_read(sc, 11, &rf);
4678 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4679 run_rt3070_rf_write(sc, 11, rf);
4680 run_rt3070_rf_read(sc, 9, &rf);
4682 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4683 run_rt3070_rf_write(sc, 9, rf);
4686 run_rt3070_rf_read(sc, 11, &rf);
4688 rf |= (freqs->r - 0x1);
4689 run_rt3070_rf_write(sc, 11, rf);
4692 /* Initialize RF registers for 2GHZ. */
4693 for (i = 0; i < NELEM(rt5592_2ghz_def_rf); i++) {
4694 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4695 rt5592_2ghz_def_rf[i].val);
4698 rf = (chan <= 10) ? 0x07 : 0x06;
4699 run_rt3070_rf_write(sc, 23, rf);
4700 run_rt3070_rf_write(sc, 59, rf);
4702 run_rt3070_rf_write(sc, 55, 0x43);
4705 * RF R49/R50 Tx power ALC code.
4706 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4711 /* Initialize RF registers for 5GHZ. */
4712 for (i = 0; i < NELEM(rt5592_5ghz_def_rf); i++) {
4713 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4714 rt5592_5ghz_def_rf[i].val);
4716 for (i = 0; i < NELEM(rt5592_chan_5ghz); i++) {
4717 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4718 chan <= rt5592_chan_5ghz[i].lastchan) {
4719 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4720 rt5592_chan_5ghz[i].val);
4725 * RF R49/R50 Tx power ALC code.
4726 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4732 /* RF R49 ch0 Tx power ALC code. */
4733 run_rt3070_rf_read(sc, 49, &rf);
4736 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4737 if ((rf & 0x3f) > txpow_bound)
4738 rf = (rf & ~0x3f) | txpow_bound;
4739 run_rt3070_rf_write(sc, 49, rf);
4741 /* RF R50 ch1 Tx power ALC code. */
4742 run_rt3070_rf_read(sc, 50, &rf);
4743 rf &= ~(1 << 7 | 1 << 6);
4745 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4746 if ((rf & 0x3f) > txpow_bound)
4747 rf = (rf & ~0x3f) | txpow_bound;
4748 run_rt3070_rf_write(sc, 50, rf);
4750 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4751 run_rt3070_rf_read(sc, 1, &rf);
4752 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4753 if (sc->ntxchains > 1)
4754 rf |= RT3070_TX1_PD;
4755 if (sc->nrxchains > 1)
4756 rf |= RT3070_RX1_PD;
4757 run_rt3070_rf_write(sc, 1, rf);
4759 run_rt3070_rf_write(sc, 6, 0xe4);
4761 run_rt3070_rf_write(sc, 30, 0x10);
4762 run_rt3070_rf_write(sc, 31, 0x80);
4763 run_rt3070_rf_write(sc, 32, 0x80);
4765 run_adjust_freq_offset(sc);
4767 /* Enable VCO calibration. */
4768 run_rt3070_rf_read(sc, 3, &rf);
4769 rf |= RT5390_VCOCAL;
4770 run_rt3070_rf_write(sc, 3, rf);
4774 run_set_rx_antenna(struct run_softc *sc, int aux)
4780 if (sc->rf_rev == RT5390_RF_5370) {
4781 run_bbp_read(sc, 152, &bbp152);
4782 run_bbp_write(sc, 152, bbp152 & ~0x80);
4784 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4785 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4786 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4789 if (sc->rf_rev == RT5390_RF_5370) {
4790 run_bbp_read(sc, 152, &bbp152);
4791 run_bbp_write(sc, 152, bbp152 | 0x80);
4793 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4794 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4795 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4801 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4803 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4806 chan = ieee80211_chan2ieee(ic, c);
4807 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4810 if (sc->mac_ver == 0x5592)
4811 run_rt5592_set_chan(sc, chan);
4812 else if (sc->mac_ver >= 0x5390)
4813 run_rt5390_set_chan(sc, chan);
4814 else if (sc->mac_ver == 0x3593)
4815 run_rt3593_set_chan(sc, chan);
4816 else if (sc->mac_ver == 0x3572)
4817 run_rt3572_set_chan(sc, chan);
4818 else if (sc->mac_ver >= 0x3070)
4819 run_rt3070_set_chan(sc, chan);
4821 run_rt2870_set_chan(sc, chan);
4823 /* determine channel group */
4826 else if (chan <= 64)
4828 else if (chan <= 128)
4833 /* XXX necessary only when group has changed! */
4834 run_select_chan_group(sc, group);
4838 /* Perform IQ calibration. */
4839 if (sc->mac_ver >= 0x5392)
4840 run_iq_calib(sc, chan);
4846 run_set_channel(struct ieee80211com *ic)
4848 struct run_softc *sc = ic->ic_ifp->if_softc;
4851 run_set_chan(sc, ic->ic_curchan);
4858 run_scan_start(struct ieee80211com *ic)
4860 struct run_softc *sc = ic->ic_ifp->if_softc;
4865 /* abort TSF synchronization */
4866 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4867 run_write(sc, RT2860_BCN_TIME_CFG,
4868 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4869 RT2860_TBTT_TIMER_EN));
4870 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4878 run_scan_end(struct ieee80211com *ic)
4880 struct run_softc *sc = ic->ic_ifp->if_softc;
4884 run_enable_tsf_sync(sc);
4885 /* XXX keep local copy */
4886 run_set_bssid(sc, sc->sc_bssid);
4894 * Could be called from ieee80211_node_timeout()
4895 * (non-sleepable thread)
4898 run_update_beacon(struct ieee80211vap *vap, int item)
4900 struct ieee80211com *ic = vap->iv_ic;
4901 struct run_softc *sc = ic->ic_ifp->if_softc;
4902 struct run_vap *rvp = RUN_VAP(vap);
4906 KASSERT(vap != NULL, ("no beacon"));
4909 case IEEE80211_BEACON_ERP:
4910 run_updateslot(ic->ic_ifp);
4912 case IEEE80211_BEACON_HTINFO:
4915 case IEEE80211_BEACON_TIM:
4922 setbit(rvp->bo.bo_flags, item);
4923 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4925 i = RUN_CMDQ_GET(&sc->cmdq_store);
4926 DPRINTF("cmdq_store=%d\n", i);
4927 sc->cmdq[i].func = run_update_beacon_cb;
4928 sc->cmdq[i].arg0 = vap;
4929 ieee80211_runtask(ic, &sc->cmdq_task);
4935 run_update_beacon_cb(void *arg)
4937 struct ieee80211vap *vap = arg;
4938 struct run_vap *rvp = RUN_VAP(vap);
4939 struct ieee80211com *ic = vap->iv_ic;
4940 struct run_softc *sc = ic->ic_ifp->if_softc;
4941 struct rt2860_txwi txwi;
4946 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4948 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4952 * No need to call ieee80211_beacon_update(), run_update_beacon()
4953 * is taking care of apropriate calls.
4955 if (rvp->beacon_mbuf == NULL) {
4956 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4958 if (rvp->beacon_mbuf == NULL)
4961 m = rvp->beacon_mbuf;
4963 memset(&txwi, 0, sizeof(txwi));
4965 txwi.len = htole16(m->m_pkthdr.len);
4967 /* send beacons at the lowest available rate */
4968 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4969 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4970 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4971 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4972 txwi.phy |= htole16(RT2860_PHY_OFDM);
4973 txwi.txop = RT2860_TX_TXOP_HT;
4974 txwi.flags = RT2860_TX_TS;
4975 txwi.xflags = RT2860_TX_NSEQ;
4977 txwisize = (sc->mac_ver == 0x5592) ?
4978 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4979 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4981 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4982 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4986 run_updateprot(struct ieee80211com *ic)
4988 struct run_softc *sc = ic->ic_ifp->if_softc;
4991 i = RUN_CMDQ_GET(&sc->cmdq_store);
4992 DPRINTF("cmdq_store=%d\n", i);
4993 sc->cmdq[i].func = run_updateprot_cb;
4994 sc->cmdq[i].arg0 = ic;
4995 ieee80211_runtask(ic, &sc->cmdq_task);
4999 run_updateprot_cb(void *arg)
5001 struct ieee80211com *ic = arg;
5002 struct run_softc *sc = ic->ic_ifp->if_softc;
5005 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5006 /* setup protection frame rate (MCS code) */
5007 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5008 rt2860_rates[RT2860_RIDX_OFDM6].mcs :
5009 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5011 /* CCK frames don't require protection */
5012 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5013 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5014 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5015 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5016 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5017 tmp |= RT2860_PROT_CTRL_CTS;
5019 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5023 run_usb_timeout_cb(void *arg)
5025 struct ieee80211vap *vap = arg;
5026 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5028 RUN_LOCK_ASSERT(sc, MA_OWNED);
5030 if(vap->iv_state == IEEE80211_S_RUN &&
5031 vap->iv_opmode != IEEE80211_M_STA)
5032 run_reset_livelock(sc);
5033 else if (vap->iv_state == IEEE80211_S_SCAN) {
5034 DPRINTF("timeout caused by scan\n");
5036 ieee80211_cancel_scan(vap);
5038 DPRINTF("timeout by unknown cause\n");
5042 run_reset_livelock(struct run_softc *sc)
5046 RUN_LOCK_ASSERT(sc, MA_OWNED);
5049 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5050 * can run into a livelock and start sending CTS-to-self frames like
5051 * crazy if protection is enabled. Reset MAC/BBP for a while
5053 run_read(sc, RT2860_DEBUG, &tmp);
5054 DPRINTFN(3, "debug reg %08x\n", tmp);
5055 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5056 DPRINTF("CTS-to-self livelock detected\n");
5057 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5059 run_write(sc, RT2860_MAC_SYS_CTRL,
5060 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5065 run_update_promisc_locked(struct ifnet *ifp)
5067 struct run_softc *sc = ifp->if_softc;
5070 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5072 tmp |= RT2860_DROP_UC_NOME;
5073 if (ifp->if_flags & IFF_PROMISC)
5074 tmp &= ~RT2860_DROP_UC_NOME;
5076 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5078 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5079 "entering" : "leaving");
5083 run_update_promisc(struct ifnet *ifp)
5085 struct run_softc *sc = ifp->if_softc;
5087 if ((ifp->if_flags & IFF_RUNNING) == 0)
5091 run_update_promisc_locked(ifp);
5096 run_enable_tsf_sync(struct run_softc *sc)
5098 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5099 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5102 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5105 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5107 tmp |= vap->iv_bss->ni_intval * 16;
5108 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5110 if (ic->ic_opmode == IEEE80211_M_STA) {
5112 * Local TSF is always updated with remote TSF on beacon
5115 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5116 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5117 tmp |= RT2860_BCN_TX_EN;
5119 * Local TSF is updated with remote TSF on beacon reception
5120 * only if the remote TSF is greater than local TSF.
5122 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5123 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5124 ic->ic_opmode == IEEE80211_M_MBSS) {
5125 tmp |= RT2860_BCN_TX_EN;
5126 /* SYNC with nobody */
5127 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5129 DPRINTF("Enabling TSF failed. undefined opmode\n");
5133 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5137 run_enable_mrr(struct run_softc *sc)
5139 #define CCK(mcs) (mcs)
5140 #define OFDM(mcs) (1 << 3 | (mcs))
5141 run_write(sc, RT2860_LG_FBK_CFG0,
5142 OFDM(6) << 28 | /* 54->48 */
5143 OFDM(5) << 24 | /* 48->36 */
5144 OFDM(4) << 20 | /* 36->24 */
5145 OFDM(3) << 16 | /* 24->18 */
5146 OFDM(2) << 12 | /* 18->12 */
5147 OFDM(1) << 8 | /* 12-> 9 */
5148 OFDM(0) << 4 | /* 9-> 6 */
5149 OFDM(0)); /* 6-> 6 */
5151 run_write(sc, RT2860_LG_FBK_CFG1,
5152 CCK(2) << 12 | /* 11->5.5 */
5153 CCK(1) << 8 | /* 5.5-> 2 */
5154 CCK(0) << 4 | /* 2-> 1 */
5155 CCK(0)); /* 1-> 1 */
5161 run_set_txpreamble(struct run_softc *sc)
5163 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5166 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5167 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5168 tmp |= RT2860_CCK_SHORT_EN;
5170 tmp &= ~RT2860_CCK_SHORT_EN;
5171 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5175 run_set_basicrates(struct run_softc *sc)
5177 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5179 /* set basic rates mask */
5180 if (ic->ic_curmode == IEEE80211_MODE_11B)
5181 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5182 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5183 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5185 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5189 run_set_leds(struct run_softc *sc, uint16_t which)
5191 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5192 which | (sc->leds & 0x7f));
5196 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5198 run_write(sc, RT2860_MAC_BSSID_DW0,
5199 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5200 run_write(sc, RT2860_MAC_BSSID_DW1,
5201 bssid[4] | bssid[5] << 8);
5205 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5207 run_write(sc, RT2860_MAC_ADDR_DW0,
5208 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5209 run_write(sc, RT2860_MAC_ADDR_DW1,
5210 addr[4] | addr[5] << 8 | 0xff << 16);
5214 run_updateslot(struct ifnet *ifp)
5216 struct run_softc *sc = ifp->if_softc;
5217 struct ieee80211com *ic = ifp->if_l2com;
5220 i = RUN_CMDQ_GET(&sc->cmdq_store);
5221 DPRINTF("cmdq_store=%d\n", i);
5222 sc->cmdq[i].func = run_updateslot_cb;
5223 sc->cmdq[i].arg0 = ifp;
5224 ieee80211_runtask(ic, &sc->cmdq_task);
5231 run_updateslot_cb(void *arg)
5233 struct ifnet *ifp = arg;
5234 struct run_softc *sc = ifp->if_softc;
5235 struct ieee80211com *ic = ifp->if_l2com;
5238 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5240 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5241 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5245 run_update_mcast(struct ifnet *ifp)
5247 /* h/w filter supports getting everything or nothing */
5248 ifp->if_flags |= IFF_ALLMULTI;
5252 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5254 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5255 struct ieee80211_channel *c = ic->ic_curchan;
5258 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5259 u_int chan = ieee80211_chan2ieee(ic, c);
5260 delta = sc->rssi_5ghz[rxchain];
5262 /* determine channel group */
5264 delta -= sc->lna[1];
5265 else if (chan <= 128)
5266 delta -= sc->lna[2];
5268 delta -= sc->lna[3];
5270 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5272 return (-12 - delta - rssi);
5276 run_rt5390_bbp_init(struct run_softc *sc)
5281 /* Apply maximum likelihood detection for 2 stream case. */
5282 run_bbp_read(sc, 105, &bbp);
5283 if (sc->nrxchains > 1)
5284 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5286 /* Avoid data lost and CRC error. */
5287 run_bbp_read(sc, 4, &bbp);
5288 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5290 if (sc->mac_ver == 0x5592) {
5291 for (i = 0; i < NELEM(rt5592_def_bbp); i++) {
5292 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5293 rt5592_def_bbp[i].val);
5295 for (i = 0; i < NELEM(rt5592_bbp_r196); i++) {
5296 run_bbp_write(sc, 195, i + 0x80);
5297 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5300 for (i = 0; i < NELEM(rt5390_def_bbp); i++) {
5301 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5302 rt5390_def_bbp[i].val);
5305 if (sc->mac_ver == 0x5392) {
5306 run_bbp_write(sc, 88, 0x90);
5307 run_bbp_write(sc, 95, 0x9a);
5308 run_bbp_write(sc, 98, 0x12);
5309 run_bbp_write(sc, 106, 0x12);
5310 run_bbp_write(sc, 134, 0xd0);
5311 run_bbp_write(sc, 135, 0xf6);
5312 run_bbp_write(sc, 148, 0x84);
5315 run_bbp_read(sc, 152, &bbp);
5316 run_bbp_write(sc, 152, bbp | 0x80);
5318 /* Fix BBP254 for RT5592C. */
5319 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5320 run_bbp_read(sc, 254, &bbp);
5321 run_bbp_write(sc, 254, bbp | 0x80);
5324 /* Disable hardware antenna diversity. */
5325 if (sc->mac_ver == 0x5390)
5326 run_bbp_write(sc, 154, 0);
5328 /* Initialize Rx CCK/OFDM frequency offset report. */
5329 run_bbp_write(sc, 142, 1);
5330 run_bbp_write(sc, 143, 57);
5334 run_bbp_init(struct run_softc *sc)
5336 int i, error, ntries;
5339 /* wait for BBP to wake up */
5340 for (ntries = 0; ntries < 20; ntries++) {
5341 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5343 if (bbp0 != 0 && bbp0 != 0xff)
5349 /* initialize BBP registers to default values */
5350 if (sc->mac_ver >= 0x5390)
5351 run_rt5390_bbp_init(sc);
5353 for (i = 0; i < NELEM(rt2860_def_bbp); i++) {
5354 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5355 rt2860_def_bbp[i].val);
5359 if (sc->mac_ver == 0x3593) {
5360 run_bbp_write(sc, 79, 0x13);
5361 run_bbp_write(sc, 80, 0x05);
5362 run_bbp_write(sc, 81, 0x33);
5363 run_bbp_write(sc, 86, 0x46);
5364 run_bbp_write(sc, 137, 0x0f);
5367 /* fix BBP84 for RT2860E */
5368 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5369 run_bbp_write(sc, 84, 0x19);
5371 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5372 sc->mac_ver != 0x5592)) {
5373 run_bbp_write(sc, 79, 0x13);
5374 run_bbp_write(sc, 80, 0x05);
5375 run_bbp_write(sc, 81, 0x33);
5376 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5377 run_bbp_write(sc, 69, 0x16);
5378 run_bbp_write(sc, 73, 0x12);
5384 run_rt3070_rf_init(struct run_softc *sc)
5387 uint8_t bbp4, mingain, rf, target;
5390 run_rt3070_rf_read(sc, 30, &rf);
5391 /* toggle RF R30 bit 7 */
5392 run_rt3070_rf_write(sc, 30, rf | 0x80);
5394 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5396 /* initialize RF registers to default value */
5397 if (sc->mac_ver == 0x3572) {
5398 for (i = 0; i < NELEM(rt3572_def_rf); i++) {
5399 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5400 rt3572_def_rf[i].val);
5403 for (i = 0; i < NELEM(rt3070_def_rf); i++) {
5404 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5405 rt3070_def_rf[i].val);
5409 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5411 * Change voltage from 1.2V to 1.35V for RT3070.
5412 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5415 run_read(sc, RT3070_LDO_CFG0, &tmp);
5416 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5417 run_write(sc, RT3070_LDO_CFG0, tmp);
5419 } else if (sc->mac_ver == 0x3071) {
5420 run_rt3070_rf_read(sc, 6, &rf);
5421 run_rt3070_rf_write(sc, 6, rf | 0x40);
5422 run_rt3070_rf_write(sc, 31, 0x14);
5424 run_read(sc, RT3070_LDO_CFG0, &tmp);
5426 if (sc->mac_rev < 0x0211)
5427 tmp |= 0x0d000000; /* 1.3V */
5429 tmp |= 0x01000000; /* 1.2V */
5430 run_write(sc, RT3070_LDO_CFG0, tmp);
5432 /* patch LNA_PE_G1 */
5433 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5434 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5436 } else if (sc->mac_ver == 0x3572) {
5437 run_rt3070_rf_read(sc, 6, &rf);
5438 run_rt3070_rf_write(sc, 6, rf | 0x40);
5440 /* increase voltage from 1.2V to 1.35V */
5441 run_read(sc, RT3070_LDO_CFG0, &tmp);
5442 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5443 run_write(sc, RT3070_LDO_CFG0, tmp);
5445 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5446 run_delay(sc, 1); /* wait for 1msec */
5447 /* decrease voltage back to 1.2V */
5448 tmp = (tmp & ~0x1f000000) | 0x01000000;
5449 run_write(sc, RT3070_LDO_CFG0, tmp);
5453 /* select 20MHz bandwidth */
5454 run_rt3070_rf_read(sc, 31, &rf);
5455 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5457 /* calibrate filter for 20MHz bandwidth */
5458 sc->rf24_20mhz = 0x1f; /* default value */
5459 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5460 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5462 /* select 40MHz bandwidth */
5463 run_bbp_read(sc, 4, &bbp4);
5464 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5465 run_rt3070_rf_read(sc, 31, &rf);
5466 run_rt3070_rf_write(sc, 31, rf | 0x20);
5468 /* calibrate filter for 40MHz bandwidth */
5469 sc->rf24_40mhz = 0x2f; /* default value */
5470 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5471 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5473 /* go back to 20MHz bandwidth */
5474 run_bbp_read(sc, 4, &bbp4);
5475 run_bbp_write(sc, 4, bbp4 & ~0x18);
5477 if (sc->mac_ver == 0x3572) {
5478 /* save default BBP registers 25 and 26 values */
5479 run_bbp_read(sc, 25, &sc->bbp25);
5480 run_bbp_read(sc, 26, &sc->bbp26);
5481 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5482 run_rt3070_rf_write(sc, 27, 0x03);
5484 run_read(sc, RT3070_OPT_14, &tmp);
5485 run_write(sc, RT3070_OPT_14, tmp | 1);
5487 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5488 run_rt3070_rf_read(sc, 17, &rf);
5489 rf &= ~RT3070_TX_LO1;
5490 if ((sc->mac_ver == 0x3070 ||
5491 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5493 rf |= 0x20; /* fix for long range Rx issue */
5494 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5495 if (sc->txmixgain_2ghz >= mingain)
5496 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5497 run_rt3070_rf_write(sc, 17, rf);
5500 if (sc->mac_rev == 0x3071) {
5501 run_rt3070_rf_read(sc, 1, &rf);
5502 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5503 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5504 run_rt3070_rf_write(sc, 1, rf);
5506 run_rt3070_rf_read(sc, 15, &rf);
5507 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5509 run_rt3070_rf_read(sc, 20, &rf);
5510 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5512 run_rt3070_rf_read(sc, 21, &rf);
5513 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5516 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5517 /* fix Tx to Rx IQ glitch by raising RF voltage */
5518 run_rt3070_rf_read(sc, 27, &rf);
5520 if (sc->mac_rev < 0x0211)
5522 run_rt3070_rf_write(sc, 27, rf);
5528 run_rt3593_rf_init(struct run_softc *sc)
5534 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5535 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5536 tmp &= ~(1 << 4 | 1 << 7);
5537 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5539 /* Initialize RF registers to default value. */
5540 for (i = 0; i < NELEM(rt3593_def_rf); i++) {
5541 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5542 rt3593_def_rf[i].val);
5545 /* Toggle RF R2 to initiate calibration. */
5546 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5548 /* Initialize RF frequency offset. */
5549 run_adjust_freq_offset(sc);
5551 run_rt3070_rf_read(sc, 18, &rf);
5552 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5555 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5556 * decrease voltage back to 1.2V.
5558 run_read(sc, RT3070_LDO_CFG0, &tmp);
5559 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5560 run_write(sc, RT3070_LDO_CFG0, tmp);
5562 tmp = (tmp & ~0x1f000000) | 0x01000000;
5563 run_write(sc, RT3070_LDO_CFG0, tmp);
5565 sc->rf24_20mhz = 0x1f;
5566 sc->rf24_40mhz = 0x2f;
5568 /* Save default BBP registers 25 and 26 values. */
5569 run_bbp_read(sc, 25, &sc->bbp25);
5570 run_bbp_read(sc, 26, &sc->bbp26);
5572 run_read(sc, RT3070_OPT_14, &tmp);
5573 run_write(sc, RT3070_OPT_14, tmp | 1);
5577 run_rt5390_rf_init(struct run_softc *sc)
5583 /* Toggle RF R2 to initiate calibration. */
5584 if (sc->mac_ver == 0x5390) {
5585 run_rt3070_rf_read(sc, 2, &rf);
5586 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5588 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5590 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5594 /* Initialize RF registers to default value. */
5595 if (sc->mac_ver == 0x5592) {
5596 for (i = 0; i < NELEM(rt5592_def_rf); i++) {
5597 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5598 rt5592_def_rf[i].val);
5600 /* Initialize RF frequency offset. */
5601 run_adjust_freq_offset(sc);
5602 } else if (sc->mac_ver == 0x5392) {
5603 for (i = 0; i < NELEM(rt5392_def_rf); i++) {
5604 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5605 rt5392_def_rf[i].val);
5607 if (sc->mac_rev >= 0x0223) {
5608 run_rt3070_rf_write(sc, 23, 0x0f);
5609 run_rt3070_rf_write(sc, 24, 0x3e);
5610 run_rt3070_rf_write(sc, 51, 0x32);
5611 run_rt3070_rf_write(sc, 53, 0x22);
5612 run_rt3070_rf_write(sc, 56, 0xc1);
5613 run_rt3070_rf_write(sc, 59, 0x0f);
5616 for (i = 0; i < NELEM(rt5390_def_rf); i++) {
5617 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5618 rt5390_def_rf[i].val);
5620 if (sc->mac_rev >= 0x0502) {
5621 run_rt3070_rf_write(sc, 6, 0xe0);
5622 run_rt3070_rf_write(sc, 25, 0x80);
5623 run_rt3070_rf_write(sc, 46, 0x73);
5624 run_rt3070_rf_write(sc, 53, 0x00);
5625 run_rt3070_rf_write(sc, 56, 0x42);
5626 run_rt3070_rf_write(sc, 61, 0xd1);
5630 sc->rf24_20mhz = 0x1f; /* default value */
5631 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5633 if (sc->mac_rev < 0x0211)
5634 run_rt3070_rf_write(sc, 27, 0x3);
5636 run_read(sc, RT3070_OPT_14, &tmp);
5637 run_write(sc, RT3070_OPT_14, tmp | 1);
5641 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5645 uint8_t bbp55_pb, bbp55_sb, delta;
5648 /* program filter */
5649 run_rt3070_rf_read(sc, 24, &rf24);
5650 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5651 run_rt3070_rf_write(sc, 24, rf24);
5653 /* enable baseband loopback mode */
5654 run_rt3070_rf_read(sc, 22, &rf22);
5655 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5657 /* set power and frequency of passband test tone */
5658 run_bbp_write(sc, 24, 0x00);
5659 for (ntries = 0; ntries < 100; ntries++) {
5660 /* transmit test tone */
5661 run_bbp_write(sc, 25, 0x90);
5663 /* read received power */
5664 run_bbp_read(sc, 55, &bbp55_pb);
5671 /* set power and frequency of stopband test tone */
5672 run_bbp_write(sc, 24, 0x06);
5673 for (ntries = 0; ntries < 100; ntries++) {
5674 /* transmit test tone */
5675 run_bbp_write(sc, 25, 0x90);
5677 /* read received power */
5678 run_bbp_read(sc, 55, &bbp55_sb);
5680 delta = bbp55_pb - bbp55_sb;
5684 /* reprogram filter */
5686 run_rt3070_rf_write(sc, 24, rf24);
5690 rf24--; /* backtrack */
5692 run_rt3070_rf_write(sc, 24, rf24);
5695 /* restore initial state */
5696 run_bbp_write(sc, 24, 0x00);
5698 /* disable baseband loopback mode */
5699 run_rt3070_rf_read(sc, 22, &rf22);
5700 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5706 run_rt3070_rf_setup(struct run_softc *sc)
5711 if (sc->mac_ver == 0x3572) {
5712 /* enable DC filter */
5713 if (sc->mac_rev >= 0x0201)
5714 run_bbp_write(sc, 103, 0xc0);
5716 run_bbp_read(sc, 138, &bbp);
5717 if (sc->ntxchains == 1)
5718 bbp |= 0x20; /* turn off DAC1 */
5719 if (sc->nrxchains == 1)
5720 bbp &= ~0x02; /* turn off ADC1 */
5721 run_bbp_write(sc, 138, bbp);
5723 if (sc->mac_rev >= 0x0211) {
5724 /* improve power consumption */
5725 run_bbp_read(sc, 31, &bbp);
5726 run_bbp_write(sc, 31, bbp & ~0x03);
5729 run_rt3070_rf_read(sc, 16, &rf);
5730 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5731 run_rt3070_rf_write(sc, 16, rf);
5733 } else if (sc->mac_ver == 0x3071) {
5734 if (sc->mac_rev >= 0x0211) {
5735 /* enable DC filter */
5736 run_bbp_write(sc, 103, 0xc0);
5738 /* improve power consumption */
5739 run_bbp_read(sc, 31, &bbp);
5740 run_bbp_write(sc, 31, bbp & ~0x03);
5743 run_bbp_read(sc, 138, &bbp);
5744 if (sc->ntxchains == 1)
5745 bbp |= 0x20; /* turn off DAC1 */
5746 if (sc->nrxchains == 1)
5747 bbp &= ~0x02; /* turn off ADC1 */
5748 run_bbp_write(sc, 138, bbp);
5750 run_write(sc, RT2860_TX_SW_CFG1, 0);
5751 if (sc->mac_rev < 0x0211) {
5752 run_write(sc, RT2860_TX_SW_CFG2,
5753 sc->patch_dac ? 0x2c : 0x0f);
5755 run_write(sc, RT2860_TX_SW_CFG2, 0);
5757 } else if (sc->mac_ver == 0x3070) {
5758 if (sc->mac_rev >= 0x0201) {
5759 /* enable DC filter */
5760 run_bbp_write(sc, 103, 0xc0);
5762 /* improve power consumption */
5763 run_bbp_read(sc, 31, &bbp);
5764 run_bbp_write(sc, 31, bbp & ~0x03);
5767 if (sc->mac_rev < 0x0201) {
5768 run_write(sc, RT2860_TX_SW_CFG1, 0);
5769 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5771 run_write(sc, RT2860_TX_SW_CFG2, 0);
5774 /* initialize RF registers from ROM for >=RT3071*/
5775 if (sc->mac_ver >= 0x3071) {
5776 for (i = 0; i < 10; i++) {
5777 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5779 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5785 run_rt3593_rf_setup(struct run_softc *sc)
5789 if (sc->mac_rev >= 0x0211) {
5790 /* Enable DC filter. */
5791 run_bbp_write(sc, 103, 0xc0);
5793 run_write(sc, RT2860_TX_SW_CFG1, 0);
5794 if (sc->mac_rev < 0x0211) {
5795 run_write(sc, RT2860_TX_SW_CFG2,
5796 sc->patch_dac ? 0x2c : 0x0f);
5798 run_write(sc, RT2860_TX_SW_CFG2, 0);
5800 run_rt3070_rf_read(sc, 50, &rf);
5801 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5803 run_rt3070_rf_read(sc, 51, &rf);
5804 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5805 ((sc->txmixgain_2ghz & 0x07) << 2);
5806 run_rt3070_rf_write(sc, 51, rf);
5808 run_rt3070_rf_read(sc, 38, &rf);
5809 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5811 run_rt3070_rf_read(sc, 39, &rf);
5812 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5814 run_rt3070_rf_read(sc, 1, &rf);
5815 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5817 run_rt3070_rf_read(sc, 30, &rf);
5818 rf = (rf & ~0x18) | 0x10;
5819 run_rt3070_rf_write(sc, 30, rf);
5821 /* Apply maximum likelihood detection for 2 stream case. */
5822 run_bbp_read(sc, 105, &bbp);
5823 if (sc->nrxchains > 1)
5824 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5826 /* Avoid data lost and CRC error. */
5827 run_bbp_read(sc, 4, &bbp);
5828 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5830 run_bbp_write(sc, 92, 0x02);
5831 run_bbp_write(sc, 82, 0x82);
5832 run_bbp_write(sc, 106, 0x05);
5833 run_bbp_write(sc, 104, 0x92);
5834 run_bbp_write(sc, 88, 0x90);
5835 run_bbp_write(sc, 148, 0xc8);
5836 run_bbp_write(sc, 47, 0x48);
5837 run_bbp_write(sc, 120, 0x50);
5839 run_bbp_write(sc, 163, 0x9d);
5842 run_bbp_write(sc, 142, 0x06);
5843 run_bbp_write(sc, 143, 0xa0);
5844 run_bbp_write(sc, 142, 0x07);
5845 run_bbp_write(sc, 143, 0xa1);
5846 run_bbp_write(sc, 142, 0x08);
5847 run_bbp_write(sc, 143, 0xa2);
5849 run_bbp_write(sc, 31, 0x08);
5850 run_bbp_write(sc, 68, 0x0b);
5851 run_bbp_write(sc, 105, 0x04);
5855 run_rt5390_rf_setup(struct run_softc *sc)
5859 if (sc->mac_rev >= 0x0211) {
5860 /* Enable DC filter. */
5861 run_bbp_write(sc, 103, 0xc0);
5863 if (sc->mac_ver != 0x5592) {
5864 /* Improve power consumption. */
5865 run_bbp_read(sc, 31, &bbp);
5866 run_bbp_write(sc, 31, bbp & ~0x03);
5870 run_bbp_read(sc, 138, &bbp);
5871 if (sc->ntxchains == 1)
5872 bbp |= 0x20; /* turn off DAC1 */
5873 if (sc->nrxchains == 1)
5874 bbp &= ~0x02; /* turn off ADC1 */
5875 run_bbp_write(sc, 138, bbp);
5877 run_rt3070_rf_read(sc, 38, &rf);
5878 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5880 run_rt3070_rf_read(sc, 39, &rf);
5881 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5883 /* Avoid data lost and CRC error. */
5884 run_bbp_read(sc, 4, &bbp);
5885 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5887 run_rt3070_rf_read(sc, 30, &rf);
5888 rf = (rf & ~0x18) | 0x10;
5889 run_rt3070_rf_write(sc, 30, rf);
5891 if (sc->mac_ver != 0x5592) {
5892 run_write(sc, RT2860_TX_SW_CFG1, 0);
5893 if (sc->mac_rev < 0x0211) {
5894 run_write(sc, RT2860_TX_SW_CFG2,
5895 sc->patch_dac ? 0x2c : 0x0f);
5897 run_write(sc, RT2860_TX_SW_CFG2, 0);
5902 run_txrx_enable(struct run_softc *sc)
5904 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5908 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5909 for (ntries = 0; ntries < 200; ntries++) {
5910 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5912 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5921 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5922 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5924 /* enable Rx bulk aggregation (set timeout and limit) */
5925 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5926 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5927 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5930 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5931 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5932 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5933 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5934 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5935 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5936 if (ic->ic_opmode == IEEE80211_M_STA)
5937 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5939 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5941 run_write(sc, RT2860_MAC_SYS_CTRL,
5942 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5948 run_adjust_freq_offset(struct run_softc *sc)
5952 run_rt3070_rf_read(sc, 17, &rf);
5954 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5958 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5962 run_init_locked(struct run_softc *sc)
5964 struct ifnet *ifp = sc->sc_ifp;
5965 struct ieee80211com *ic = ifp->if_l2com;
5972 if (ic->ic_nrunning > 1)
5977 if (run_load_microcode(sc) != 0) {
5978 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5982 for (ntries = 0; ntries < 100; ntries++) {
5983 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5985 if (tmp != 0 && tmp != 0xffffffff)
5992 for (i = 0; i != RUN_EP_QUEUES; i++)
5993 run_setup_tx_list(sc, &sc->sc_epq[i]);
5995 run_set_macaddr(sc, IF_LLADDR(ifp));
5997 for (ntries = 0; ntries < 100; ntries++) {
5998 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6000 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6004 if (ntries == 100) {
6005 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6009 tmp |= RT2860_TX_WB_DDONE;
6010 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6012 /* turn off PME_OEN to solve high-current issue */
6013 run_read(sc, RT2860_SYS_CTRL, &tmp);
6014 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6016 run_write(sc, RT2860_MAC_SYS_CTRL,
6017 RT2860_BBP_HRST | RT2860_MAC_SRST);
6018 run_write(sc, RT2860_USB_DMA_CFG, 0);
6020 if (run_reset(sc) != 0) {
6021 device_printf(sc->sc_dev, "could not reset chipset\n");
6025 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6027 /* init Tx power for all Tx rates (from EEPROM) */
6028 for (ridx = 0; ridx < 5; ridx++) {
6029 if (sc->txpow20mhz[ridx] == 0xffffffff)
6031 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6034 for (i = 0; i < NELEM(rt2870_def_mac); i++)
6035 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6036 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6037 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6038 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6040 if (sc->mac_ver >= 0x5390) {
6041 run_write(sc, RT2860_TX_SW_CFG0,
6042 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6043 if (sc->mac_ver >= 0x5392) {
6044 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6045 if (sc->mac_ver == 0x5592) {
6046 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6047 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6049 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6050 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6053 } else if (sc->mac_ver == 0x3593) {
6054 run_write(sc, RT2860_TX_SW_CFG0,
6055 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6056 } else if (sc->mac_ver >= 0x3070) {
6057 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6058 run_write(sc, RT2860_TX_SW_CFG0,
6059 4 << RT2860_DLY_PAPE_EN_SHIFT);
6062 /* wait while MAC is busy */
6063 for (ntries = 0; ntries < 100; ntries++) {
6064 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6066 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6073 /* clear Host to MCU mailbox */
6074 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6075 run_write(sc, RT2860_H2M_MAILBOX, 0);
6078 if (run_bbp_init(sc) != 0) {
6079 device_printf(sc->sc_dev, "could not initialize BBP\n");
6083 /* abort TSF synchronization */
6084 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6085 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6086 RT2860_TBTT_TIMER_EN);
6087 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6089 /* clear RX WCID search table */
6090 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6091 /* clear WCID attribute table */
6092 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6094 /* hostapd sets a key before init. So, don't clear it. */
6095 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6096 /* clear shared key table */
6097 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6098 /* clear shared key mode */
6099 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6102 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6103 tmp = (tmp & ~0xff) | 0x1e;
6104 run_write(sc, RT2860_US_CYC_CNT, tmp);
6106 if (sc->mac_rev != 0x0101)
6107 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6109 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6110 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6112 /* write vendor-specific BBP values (from EEPROM) */
6113 if (sc->mac_ver < 0x3593) {
6114 for (i = 0; i < 10; i++) {
6115 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6117 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6121 /* select Main antenna for 1T1R devices */
6122 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6123 run_set_rx_antenna(sc, 0);
6125 /* send LEDs operating mode to microcontroller */
6126 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6127 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6130 if (sc->mac_ver >= 0x5390)
6131 run_rt5390_rf_init(sc);
6132 else if (sc->mac_ver == 0x3593)
6133 run_rt3593_rf_init(sc);
6134 else if (sc->mac_ver >= 0x3070)
6135 run_rt3070_rf_init(sc);
6137 /* disable non-existing Rx chains */
6138 run_bbp_read(sc, 3, &bbp3);
6139 bbp3 &= ~(1 << 3 | 1 << 4);
6140 if (sc->nrxchains == 2)
6142 else if (sc->nrxchains == 3)
6144 run_bbp_write(sc, 3, bbp3);
6146 /* disable non-existing Tx chains */
6147 run_bbp_read(sc, 1, &bbp1);
6148 if (sc->ntxchains == 1)
6149 bbp1 &= ~(1 << 3 | 1 << 4);
6150 run_bbp_write(sc, 1, bbp1);
6152 if (sc->mac_ver >= 0x5390)
6153 run_rt5390_rf_setup(sc);
6154 else if (sc->mac_ver == 0x3593)
6155 run_rt3593_rf_setup(sc);
6156 else if (sc->mac_ver >= 0x3070)
6157 run_rt3070_rf_setup(sc);
6159 /* select default channel */
6160 run_set_chan(sc, ic->ic_curchan);
6162 /* setup initial protection mode */
6163 run_updateprot_cb(ic);
6165 /* turn radio LED on */
6166 run_set_leds(sc, RT2860_LED_RADIO);
6168 ifq_clr_oactive(&ifp->if_snd);
6169 ifp->if_flags |= IFF_RUNNING;
6170 sc->cmdq_run = RUN_CMDQ_GO;
6172 for (i = 0; i != RUN_N_XFER; i++)
6173 usbd_xfer_set_stall(sc->sc_xfer[i]);
6175 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6177 if (run_txrx_enable(sc) != 0)
6189 struct run_softc *sc = arg;
6190 struct ifnet *ifp = sc->sc_ifp;
6191 struct ieee80211com *ic = ifp->if_l2com;
6194 run_init_locked(sc);
6197 if (ifp->if_flags & IFF_RUNNING)
6198 ieee80211_start_all(ic);
6204 struct run_softc *sc = (struct run_softc *)arg;
6205 struct ifnet *ifp = sc->sc_ifp;
6210 RUN_LOCK_ASSERT(sc, MA_OWNED);
6212 if (ifp->if_flags & IFF_RUNNING)
6213 run_set_leds(sc, 0); /* turn all LEDs off */
6215 ifp->if_flags &= ~IFF_RUNNING;
6216 ifq_clr_oactive(&ifp->if_snd);
6218 sc->ratectl_run = RUN_RATECTL_OFF;
6219 sc->cmdq_run = sc->cmdq_key_set;
6223 for(i = 0; i < RUN_N_XFER; i++)
6224 usbd_transfer_drain(sc->sc_xfer[i]);
6228 if (sc->rx_m != NULL) {
6233 /* Disable Tx/Rx DMA. */
6234 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6236 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6237 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6239 for (ntries = 0; ntries < 100; ntries++) {
6240 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6242 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6246 if (ntries == 100) {
6247 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6252 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6253 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6254 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6256 /* wait for pending Tx to complete */
6257 for (ntries = 0; ntries < 100; ntries++) {
6258 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6259 DPRINTF("Cannot read Tx queue count\n");
6262 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6263 DPRINTF("All Tx cleared\n");
6269 DPRINTF("There are still pending Tx\n");
6271 run_write(sc, RT2860_USB_DMA_CFG, 0);
6273 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6274 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6276 for (i = 0; i != RUN_EP_QUEUES; i++)
6277 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6281 run_delay(struct run_softc *sc, u_int ms)
6283 zsleep(sc, &wlan_global_serializer, 0, "rundelay",
6284 USB_MS_TO_TICKS(ms));
6285 // usb_pause_mtx(lockowned(&sc->sc_lock) ?
6286 // &sc->sc_lock : NULL, USB_MS_TO_TICKS(ms));
6289 static device_method_t run_methods[] = {
6290 /* Device interface */
6291 DEVMETHOD(device_probe, run_match),
6292 DEVMETHOD(device_attach, run_attach),
6293 DEVMETHOD(device_detach, run_detach),
6297 static driver_t run_driver = {
6299 .methods = run_methods,
6300 .size = sizeof(struct run_softc)
6303 static devclass_t run_devclass;
6305 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6306 MODULE_DEPEND(run, wlan, 1, 1, 1);
6307 MODULE_DEPEND(run, usb, 1, 1, 1);
6308 MODULE_DEPEND(run, firmware, 1, 1, 1);
6309 MODULE_VERSION(run, 1);