1/*-
2 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
3 * Copyright (c) 2012 Bernhard Schmidt <bschmidt@FreeBSD.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 *
17 * $OpenBSD: rt2860.c,v 1.65 2010/10/23 14:24:54 damien Exp $
18 */
19
20#include <sys/cdefs.h>
21__FBSDID("$FreeBSD: stable/11/sys/dev/ral/rt2860.c 306851 2016-10-08 16:39:21Z avos $");
22
23/*-
24 * Ralink Technology RT2860/RT3090/RT3390/RT3562/RT5390/RT5392 chipset driver
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sysctl.h>
30#include <sys/sockio.h>
31#include <sys/mbuf.h>
32#include <sys/kernel.h>
33#include <sys/socket.h>
34#include <sys/systm.h>
35#include <sys/malloc.h>
36#include <sys/lock.h>
37#include <sys/mutex.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/firmware.h>
42
43#include <machine/bus.h>
44#include <machine/resource.h>
45#include <sys/rman.h>
46
47#include <net/bpf.h>
48#include <net/if.h>
49#include <net/if_var.h>
50#include <net/if_arp.h>
51#include <net/ethernet.h>
52#include <net/if_dl.h>
53#include <net/if_media.h>
54#include <net/if_types.h>
55
56#include <net80211/ieee80211_var.h>
57#include <net80211/ieee80211_radiotap.h>
58#include <net80211/ieee80211_regdomain.h>
59#include <net80211/ieee80211_ratectl.h>
60
61#include <netinet/in.h>
62#include <netinet/in_systm.h>
63#include <netinet/in_var.h>
64#include <netinet/ip.h>
65#include <netinet/if_ether.h>
66
67#include <dev/ral/rt2860reg.h>
68#include <dev/ral/rt2860var.h>
69
70#define RAL_DEBUG
71#ifdef RAL_DEBUG
72#define DPRINTF(x)	do { if (sc->sc_debug > 0) printf x; } while (0)
73#define DPRINTFN(n, x)	do { if (sc->sc_debug >= (n)) printf x; } while (0)
74#else
75#define DPRINTF(x)
76#define DPRINTFN(n, x)
77#endif
78
79static struct ieee80211vap *rt2860_vap_create(struct ieee80211com *,
80			    const char [IFNAMSIZ], int, enum ieee80211_opmode,
81			    int, const uint8_t [IEEE80211_ADDR_LEN],
82			    const uint8_t [IEEE80211_ADDR_LEN]);
83static void	rt2860_vap_delete(struct ieee80211vap *);
84static void	rt2860_dma_map_addr(void *, bus_dma_segment_t *, int, int);
85static int	rt2860_alloc_tx_ring(struct rt2860_softc *,
86		    struct rt2860_tx_ring *);
87static void	rt2860_reset_tx_ring(struct rt2860_softc *,
88		    struct rt2860_tx_ring *);
89static void	rt2860_free_tx_ring(struct rt2860_softc *,
90		    struct rt2860_tx_ring *);
91static int	rt2860_alloc_tx_pool(struct rt2860_softc *);
92static void	rt2860_free_tx_pool(struct rt2860_softc *);
93static int	rt2860_alloc_rx_ring(struct rt2860_softc *,
94		    struct rt2860_rx_ring *);
95static void	rt2860_reset_rx_ring(struct rt2860_softc *,
96		    struct rt2860_rx_ring *);
97static void	rt2860_free_rx_ring(struct rt2860_softc *,
98		    struct rt2860_rx_ring *);
99static void	rt2860_updatestats(struct rt2860_softc *);
100static void	rt2860_newassoc(struct ieee80211_node *, int);
101static void	rt2860_node_free(struct ieee80211_node *);
102#ifdef IEEE80211_HT
103static int	rt2860_ampdu_rx_start(struct ieee80211com *,
104		    struct ieee80211_node *, uint8_t);
105static void	rt2860_ampdu_rx_stop(struct ieee80211com *,
106		    struct ieee80211_node *, uint8_t);
107#endif
108static int	rt2860_newstate(struct ieee80211vap *, enum ieee80211_state,
109		    int);
110static uint16_t	rt3090_efuse_read_2(struct rt2860_softc *, uint16_t);
111static uint16_t	rt2860_eeprom_read_2(struct rt2860_softc *, uint16_t);
112static void	rt2860_intr_coherent(struct rt2860_softc *);
113static void	rt2860_drain_stats_fifo(struct rt2860_softc *);
114static void	rt2860_tx_intr(struct rt2860_softc *, int);
115static void	rt2860_rx_intr(struct rt2860_softc *);
116static void	rt2860_tbtt_intr(struct rt2860_softc *);
117static void	rt2860_gp_intr(struct rt2860_softc *);
118static int	rt2860_tx(struct rt2860_softc *, struct mbuf *,
119		    struct ieee80211_node *);
120static int	rt2860_raw_xmit(struct ieee80211_node *, struct mbuf *,
121		    const struct ieee80211_bpf_params *);
122static int	rt2860_tx_raw(struct rt2860_softc *, struct mbuf *,
123		    struct ieee80211_node *,
124		    const struct ieee80211_bpf_params *params);
125static int	rt2860_transmit(struct ieee80211com *, struct mbuf *);
126static void	rt2860_start(struct rt2860_softc *);
127static void	rt2860_watchdog(void *);
128static void	rt2860_parent(struct ieee80211com *);
129static void	rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
130static uint8_t	rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
131static void	rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
132static uint8_t	rt3090_rf_read(struct rt2860_softc *, uint8_t);
133static void	rt3090_rf_write(struct rt2860_softc *, uint8_t, uint8_t);
134static int	rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t, int);
135static void	rt2860_enable_mrr(struct rt2860_softc *);
136static void	rt2860_set_txpreamble(struct rt2860_softc *);
137static void	rt2860_set_basicrates(struct rt2860_softc *,
138		    const struct ieee80211_rateset *);
139static void	rt2860_scan_start(struct ieee80211com *);
140static void	rt2860_scan_end(struct ieee80211com *);
141static void	rt2860_getradiocaps(struct ieee80211com *, int, int *,
142		    struct ieee80211_channel[]);
143static void	rt2860_set_channel(struct ieee80211com *);
144static void	rt2860_select_chan_group(struct rt2860_softc *, int);
145static void	rt2860_set_chan(struct rt2860_softc *, u_int);
146static void	rt3090_set_chan(struct rt2860_softc *, u_int);
147static void	rt5390_set_chan(struct rt2860_softc *, u_int);
148static int	rt3090_rf_init(struct rt2860_softc *);
149static void	rt5390_rf_init(struct rt2860_softc *);
150static void	rt3090_rf_wakeup(struct rt2860_softc *);
151static void	rt5390_rf_wakeup(struct rt2860_softc *);
152static int	rt3090_filter_calib(struct rt2860_softc *, uint8_t, uint8_t,
153		    uint8_t *);
154static void	rt3090_rf_setup(struct rt2860_softc *);
155static void	rt2860_set_leds(struct rt2860_softc *, uint16_t);
156static void	rt2860_set_gp_timer(struct rt2860_softc *, int);
157static void	rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
158static void	rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
159static void	rt2860_update_promisc(struct ieee80211com *);
160static void	rt2860_updateslot(struct ieee80211com *);
161static void	rt2860_updateprot(struct rt2860_softc *);
162static int	rt2860_updateedca(struct ieee80211com *);
163#ifdef HW_CRYPTO
164static int	rt2860_set_key(struct ieee80211com *, struct ieee80211_node *,
165		    struct ieee80211_key *);
166static void	rt2860_delete_key(struct ieee80211com *,
167		    struct ieee80211_node *, struct ieee80211_key *);
168#endif
169static int8_t	rt2860_rssi2dbm(struct rt2860_softc *, uint8_t, uint8_t);
170static const char *rt2860_get_rf(uint16_t);
171static int	rt2860_read_eeprom(struct rt2860_softc *,
172		    uint8_t macaddr[IEEE80211_ADDR_LEN]);
173static int	rt2860_bbp_init(struct rt2860_softc *);
174static void	rt5390_bbp_init(struct rt2860_softc *);
175static int	rt2860_txrx_enable(struct rt2860_softc *);
176static void	rt2860_init(void *);
177static void	rt2860_init_locked(struct rt2860_softc *);
178static void	rt2860_stop(void *);
179static void	rt2860_stop_locked(struct rt2860_softc *);
180static int	rt2860_load_microcode(struct rt2860_softc *);
181#ifdef NOT_YET
182static void	rt2860_calib(struct rt2860_softc *);
183#endif
184static void	rt3090_set_rx_antenna(struct rt2860_softc *, int);
185static void	rt2860_switch_chan(struct rt2860_softc *,
186		    struct ieee80211_channel *);
187static int	rt2860_setup_beacon(struct rt2860_softc *,
188		    struct ieee80211vap *);
189static void	rt2860_enable_tsf_sync(struct rt2860_softc *);
190
191static const struct {
192	uint32_t	reg;
193	uint32_t	val;
194} rt2860_def_mac[] = {
195	RT2860_DEF_MAC
196};
197
198static const struct {
199	uint8_t	reg;
200	uint8_t	val;
201} rt2860_def_bbp[] = {
202	RT2860_DEF_BBP
203}, rt5390_def_bbp[] = {
204	RT5390_DEF_BBP
205};
206
207static const struct rfprog {
208	uint8_t		chan;
209	uint32_t	r1, r2, r3, r4;
210} rt2860_rf2850[] = {
211	RT2860_RF2850
212};
213
214struct {
215	uint8_t	n, r, k;
216} rt3090_freqs[] = {
217	RT3070_RF3052
218};
219
220static const struct {
221	uint8_t	reg;
222	uint8_t	val;
223} rt3090_def_rf[] = {
224	RT3070_DEF_RF
225}, rt5390_def_rf[] = {
226	RT5390_DEF_RF
227}, rt5392_def_rf[] = {
228	RT5392_DEF_RF
229};
230
231static const uint8_t rt2860_chan_2ghz[] =
232	{ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 };
233static const uint8_t rt2860_chan_5ghz[] =
234	{ 36, 38, 40, 44, 46, 48, 52, 54, 56, 60, 62, 64, 100, 102, 104,
235	  108, 110, 112, 116, 118, 120, 124, 126, 128, 132, 134, 136, 140,
236	  149, 151, 153, 157, 159, 161, 165, 167, 169, 171, 173 };
237
238int
239rt2860_attach(device_t dev, int id)
240{
241	struct rt2860_softc *sc = device_get_softc(dev);
242	struct ieee80211com *ic = &sc->sc_ic;
243	uint32_t tmp;
244	int error, ntries, qid;
245
246	sc->sc_dev = dev;
247	sc->sc_debug = 0;
248
249	mtx_init(&sc->sc_mtx, device_get_nameunit(dev), MTX_NETWORK_LOCK,
250	    MTX_DEF | MTX_RECURSE);
251
252	callout_init_mtx(&sc->watchdog_ch, &sc->sc_mtx, 0);
253	mbufq_init(&sc->sc_snd, ifqmaxlen);
254
255	/* wait for NIC to initialize */
256	for (ntries = 0; ntries < 100; ntries++) {
257		tmp = RAL_READ(sc, RT2860_ASIC_VER_ID);
258		if (tmp != 0 && tmp != 0xffffffff)
259			break;
260		DELAY(10);
261	}
262	if (ntries == 100) {
263		device_printf(sc->sc_dev,
264		    "timeout waiting for NIC to initialize\n");
265		error = EIO;
266		goto fail1;
267	}
268	sc->mac_ver = tmp >> 16;
269	sc->mac_rev = tmp & 0xffff;
270
271	if (sc->mac_ver != 0x2860 &&
272	    (id == 0x0681 || id == 0x0781 || id == 0x1059))
273		sc->sc_flags |= RT2860_ADVANCED_PS;
274
275	/* retrieve RF rev. no and various other things from EEPROM */
276	rt2860_read_eeprom(sc, ic->ic_macaddr);
277	device_printf(sc->sc_dev, "MAC/BBP RT%X (rev 0x%04X), "
278	    "RF %s (MIMO %dT%dR), address %6D\n",
279	    sc->mac_ver, sc->mac_rev, rt2860_get_rf(sc->rf_rev),
280	    sc->ntxchains, sc->nrxchains, ic->ic_macaddr, ":");
281
282	/*
283	 * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
284	 */
285	for (qid = 0; qid < 6; qid++) {
286		if ((error = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
287			device_printf(sc->sc_dev,
288			    "could not allocate Tx ring %d\n", qid);
289			goto fail2;
290		}
291	}
292
293	if ((error = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
294		device_printf(sc->sc_dev, "could not allocate Rx ring\n");
295		goto fail2;
296	}
297
298	if ((error = rt2860_alloc_tx_pool(sc)) != 0) {
299		device_printf(sc->sc_dev, "could not allocate Tx pool\n");
300		goto fail3;
301	}
302
303	/* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
304	sc->mgtqid = (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) ?
305	    WME_AC_VO : 5;
306
307	ic->ic_softc = sc;
308	ic->ic_name = device_get_nameunit(dev);
309	ic->ic_opmode = IEEE80211_M_STA;
310	ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
311
312	/* set device capabilities */
313	ic->ic_caps =
314		  IEEE80211_C_STA		/* station mode */
315		| IEEE80211_C_IBSS		/* ibss, nee adhoc, mode */
316		| IEEE80211_C_HOSTAP		/* hostap mode */
317		| IEEE80211_C_MONITOR		/* monitor mode */
318		| IEEE80211_C_AHDEMO		/* adhoc demo mode */
319		| IEEE80211_C_WDS		/* 4-address traffic works */
320		| IEEE80211_C_MBSS		/* mesh point link mode */
321		| IEEE80211_C_SHPREAMBLE	/* short preamble supported */
322		| IEEE80211_C_SHSLOT		/* short slot time supported */
323		| IEEE80211_C_WPA		/* capable of WPA1+WPA2 */
324#if 0
325		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
326#endif
327		| IEEE80211_C_WME		/* 802.11e */
328		;
329
330	rt2860_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
331	    ic->ic_channels);
332
333	ieee80211_ifattach(ic);
334
335	ic->ic_wme.wme_update = rt2860_updateedca;
336	ic->ic_scan_start = rt2860_scan_start;
337	ic->ic_scan_end = rt2860_scan_end;
338	ic->ic_getradiocaps = rt2860_getradiocaps;
339	ic->ic_set_channel = rt2860_set_channel;
340	ic->ic_updateslot = rt2860_updateslot;
341	ic->ic_update_promisc = rt2860_update_promisc;
342	ic->ic_raw_xmit = rt2860_raw_xmit;
343	sc->sc_node_free = ic->ic_node_free;
344	ic->ic_node_free = rt2860_node_free;
345	ic->ic_newassoc = rt2860_newassoc;
346	ic->ic_transmit = rt2860_transmit;
347	ic->ic_parent = rt2860_parent;
348	ic->ic_vap_create = rt2860_vap_create;
349	ic->ic_vap_delete = rt2860_vap_delete;
350
351	ieee80211_radiotap_attach(ic,
352	    &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
353		RT2860_TX_RADIOTAP_PRESENT,
354	    &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
355		RT2860_RX_RADIOTAP_PRESENT);
356
357#ifdef RAL_DEBUG
358	SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
359	    SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
360	    "debug", CTLFLAG_RW, &sc->sc_debug, 0, "debug msgs");
361#endif
362	if (bootverbose)
363		ieee80211_announce(ic);
364
365	return 0;
366
367fail3:	rt2860_free_rx_ring(sc, &sc->rxq);
368fail2:	while (--qid >= 0)
369		rt2860_free_tx_ring(sc, &sc->txq[qid]);
370fail1:	mtx_destroy(&sc->sc_mtx);
371	return error;
372}
373
374int
375rt2860_detach(void *xsc)
376{
377	struct rt2860_softc *sc = xsc;
378	struct ieee80211com *ic = &sc->sc_ic;
379	int qid;
380
381	RAL_LOCK(sc);
382	rt2860_stop_locked(sc);
383	RAL_UNLOCK(sc);
384
385	ieee80211_ifdetach(ic);
386	mbufq_drain(&sc->sc_snd);
387	for (qid = 0; qid < 6; qid++)
388		rt2860_free_tx_ring(sc, &sc->txq[qid]);
389	rt2860_free_rx_ring(sc, &sc->rxq);
390	rt2860_free_tx_pool(sc);
391
392	mtx_destroy(&sc->sc_mtx);
393
394	return 0;
395}
396
397void
398rt2860_shutdown(void *xsc)
399{
400	struct rt2860_softc *sc = xsc;
401
402	rt2860_stop(sc);
403}
404
405void
406rt2860_suspend(void *xsc)
407{
408	struct rt2860_softc *sc = xsc;
409
410	rt2860_stop(sc);
411}
412
413void
414rt2860_resume(void *xsc)
415{
416	struct rt2860_softc *sc = xsc;
417
418	if (sc->sc_ic.ic_nrunning > 0)
419		rt2860_init(sc);
420}
421
422static struct ieee80211vap *
423rt2860_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
424    enum ieee80211_opmode opmode, int flags,
425    const uint8_t bssid[IEEE80211_ADDR_LEN],
426    const uint8_t mac[IEEE80211_ADDR_LEN])
427{
428	struct rt2860_softc *sc = ic->ic_softc;
429	struct rt2860_vap *rvp;
430	struct ieee80211vap *vap;
431
432	switch (opmode) {
433	case IEEE80211_M_STA:
434	case IEEE80211_M_IBSS:
435	case IEEE80211_M_AHDEMO:
436	case IEEE80211_M_MONITOR:
437	case IEEE80211_M_HOSTAP:
438	case IEEE80211_M_MBSS:
439		/* XXXRP: TBD */
440		if (!TAILQ_EMPTY(&ic->ic_vaps)) {
441			device_printf(sc->sc_dev, "only 1 vap supported\n");
442			return NULL;
443		}
444		if (opmode == IEEE80211_M_STA)
445			flags |= IEEE80211_CLONE_NOBEACONS;
446		break;
447	case IEEE80211_M_WDS:
448		if (TAILQ_EMPTY(&ic->ic_vaps) ||
449		    ic->ic_opmode != IEEE80211_M_HOSTAP) {
450			device_printf(sc->sc_dev,
451			    "wds only supported in ap mode\n");
452			return NULL;
453		}
454		/*
455		 * Silently remove any request for a unique
456		 * bssid; WDS vap's always share the local
457		 * mac address.
458		 */
459		flags &= ~IEEE80211_CLONE_BSSID;
460		break;
461	default:
462		device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
463		return NULL;
464	}
465	rvp = malloc(sizeof(struct rt2860_vap), M_80211_VAP, M_WAITOK | M_ZERO);
466	vap = &rvp->ral_vap;
467	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
468
469	/* override state transition machine */
470	rvp->ral_newstate = vap->iv_newstate;
471	vap->iv_newstate = rt2860_newstate;
472#if 0
473	vap->iv_update_beacon = rt2860_beacon_update;
474#endif
475
476	/* HW supports up to 255 STAs (0-254) in HostAP and IBSS modes */
477	vap->iv_max_aid = min(IEEE80211_AID_MAX, RT2860_WCID_MAX);
478
479	ieee80211_ratectl_init(vap);
480	/* complete setup */
481	ieee80211_vap_attach(vap, ieee80211_media_change,
482	    ieee80211_media_status, mac);
483	if (TAILQ_FIRST(&ic->ic_vaps) == vap)
484		ic->ic_opmode = opmode;
485	return vap;
486}
487
488static void
489rt2860_vap_delete(struct ieee80211vap *vap)
490{
491	struct rt2860_vap *rvp = RT2860_VAP(vap);
492
493	ieee80211_ratectl_deinit(vap);
494	ieee80211_vap_detach(vap);
495	free(rvp, M_80211_VAP);
496}
497
498static void
499rt2860_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
500{
501	if (error != 0)
502		return;
503
504	KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
505
506	*(bus_addr_t *)arg = segs[0].ds_addr;
507}
508
509
510static int
511rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
512{
513	int size, error;
514
515	size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
516
517	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
518	    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
519	    size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
520	if (error != 0) {
521		device_printf(sc->sc_dev, "could not create desc DMA tag\n");
522		goto fail;
523	}
524
525	error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->txd,
526	    BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
527	if (error != 0) {
528		device_printf(sc->sc_dev, "could not allocate DMA memory\n");
529		goto fail;
530	}
531
532	error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->txd,
533	    size, rt2860_dma_map_addr, &ring->paddr, 0);
534	if (error != 0) {
535		device_printf(sc->sc_dev, "could not load desc DMA map\n");
536		goto fail;
537	}
538
539	bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
540
541	return 0;
542
543fail:	rt2860_free_tx_ring(sc, ring);
544	return error;
545}
546
547void
548rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
549{
550	struct rt2860_tx_data *data;
551	int i;
552
553	for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
554		if ((data = ring->data[i]) == NULL)
555			continue;	/* nothing mapped in this slot */
556
557		if (data->m != NULL) {
558			bus_dmamap_sync(sc->txwi_dmat, data->map,
559			    BUS_DMASYNC_POSTWRITE);
560			bus_dmamap_unload(sc->txwi_dmat, data->map);
561			m_freem(data->m);
562			data->m = NULL;
563		}
564		if (data->ni != NULL) {
565			ieee80211_free_node(data->ni);
566			data->ni = NULL;
567		}
568
569		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
570		ring->data[i] = NULL;
571	}
572
573	ring->queued = 0;
574	ring->cur = ring->next = 0;
575}
576
577void
578rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
579{
580	struct rt2860_tx_data *data;
581	int i;
582
583	if (ring->txd != NULL) {
584		bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
585		    BUS_DMASYNC_POSTWRITE);
586		bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
587		bus_dmamem_free(ring->desc_dmat, ring->txd, ring->desc_map);
588	}
589	if (ring->desc_dmat != NULL)
590		bus_dma_tag_destroy(ring->desc_dmat);
591
592	for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
593		if ((data = ring->data[i]) == NULL)
594			continue;	/* nothing mapped in this slot */
595
596		if (data->m != NULL) {
597			bus_dmamap_sync(sc->txwi_dmat, data->map,
598			    BUS_DMASYNC_POSTWRITE);
599			bus_dmamap_unload(sc->txwi_dmat, data->map);
600			m_freem(data->m);
601		}
602		if (data->ni != NULL)
603			ieee80211_free_node(data->ni);
604
605		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
606	}
607}
608
609/*
610 * Allocate a pool of TX Wireless Information blocks.
611 */
612int
613rt2860_alloc_tx_pool(struct rt2860_softc *sc)
614{
615	caddr_t vaddr;
616	bus_addr_t paddr;
617	int i, size, error;
618
619	size = RT2860_TX_POOL_COUNT * RT2860_TXWI_DMASZ;
620
621	/* init data_pool early in case of failure.. */
622	SLIST_INIT(&sc->data_pool);
623
624	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
625	    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
626	    size, 1, size, 0, NULL, NULL, &sc->txwi_dmat);
627	if (error != 0) {
628		device_printf(sc->sc_dev, "could not create txwi DMA tag\n");
629		goto fail;
630	}
631
632	error = bus_dmamem_alloc(sc->txwi_dmat, (void **)&sc->txwi_vaddr,
633	    BUS_DMA_NOWAIT | BUS_DMA_ZERO, &sc->txwi_map);
634	if (error != 0) {
635		device_printf(sc->sc_dev, "could not allocate DMA memory\n");
636		goto fail;
637	}
638
639	error = bus_dmamap_load(sc->txwi_dmat, sc->txwi_map,
640	    sc->txwi_vaddr, size, rt2860_dma_map_addr, &paddr, 0);
641	if (error != 0) {
642		device_printf(sc->sc_dev, "could not load txwi DMA map\n");
643		goto fail;
644	}
645
646	bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
647
648	vaddr = sc->txwi_vaddr;
649	for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
650		struct rt2860_tx_data *data = &sc->data[i];
651
652		error = bus_dmamap_create(sc->txwi_dmat, 0, &data->map);
653		if (error != 0) {
654			device_printf(sc->sc_dev, "could not create DMA map\n");
655			goto fail;
656		}
657		data->txwi = (struct rt2860_txwi *)vaddr;
658		data->paddr = paddr;
659		vaddr += RT2860_TXWI_DMASZ;
660		paddr += RT2860_TXWI_DMASZ;
661
662		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
663	}
664
665	return 0;
666
667fail:	rt2860_free_tx_pool(sc);
668	return error;
669}
670
671void
672rt2860_free_tx_pool(struct rt2860_softc *sc)
673{
674	if (sc->txwi_vaddr != NULL) {
675		bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map,
676		    BUS_DMASYNC_POSTWRITE);
677		bus_dmamap_unload(sc->txwi_dmat, sc->txwi_map);
678		bus_dmamem_free(sc->txwi_dmat, sc->txwi_vaddr, sc->txwi_map);
679	}
680	if (sc->txwi_dmat != NULL)
681		bus_dma_tag_destroy(sc->txwi_dmat);
682
683	while (!SLIST_EMPTY(&sc->data_pool)) {
684		struct rt2860_tx_data *data;
685		data = SLIST_FIRST(&sc->data_pool);
686		bus_dmamap_destroy(sc->txwi_dmat, data->map);
687		SLIST_REMOVE_HEAD(&sc->data_pool, next);
688	}
689}
690
691int
692rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
693{
694	bus_addr_t physaddr;
695	int i, size, error;
696
697	size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
698
699	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
700	    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
701	    size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
702	if (error != 0) {
703		device_printf(sc->sc_dev, "could not create desc DMA tag\n");
704		goto fail;
705	}
706
707	error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->rxd,
708	    BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
709	if (error != 0) {
710		device_printf(sc->sc_dev, "could not allocate DMA memory\n");
711		goto fail;
712	}
713
714	error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->rxd,
715	    size, rt2860_dma_map_addr, &ring->paddr, 0);
716	if (error != 0) {
717		device_printf(sc->sc_dev, "could not load desc DMA map\n");
718		goto fail;
719	}
720
721	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
722	    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
723	    1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat);
724	if (error != 0) {
725		device_printf(sc->sc_dev, "could not create data DMA tag\n");
726		goto fail;
727	}
728
729	for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
730		struct rt2860_rx_data *data = &ring->data[i];
731		struct rt2860_rxd *rxd = &ring->rxd[i];
732
733		error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
734		if (error != 0) {
735			device_printf(sc->sc_dev, "could not create DMA map\n");
736			goto fail;
737		}
738
739		data->m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
740		if (data->m == NULL) {
741			device_printf(sc->sc_dev,
742			    "could not allocate rx mbuf\n");
743			error = ENOMEM;
744			goto fail;
745		}
746
747		error = bus_dmamap_load(ring->data_dmat, data->map,
748		    mtod(data->m, void *), MCLBYTES, rt2860_dma_map_addr,
749		    &physaddr, 0);
750		if (error != 0) {
751			device_printf(sc->sc_dev,
752			    "could not load rx buf DMA map");
753			goto fail;
754		}
755
756		rxd->sdp0 = htole32(physaddr);
757		rxd->sdl0 = htole16(MCLBYTES);
758	}
759
760	bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
761
762	return 0;
763
764fail:	rt2860_free_rx_ring(sc, ring);
765	return error;
766}
767
768void
769rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
770{
771	int i;
772
773	for (i = 0; i < RT2860_RX_RING_COUNT; i++)
774		ring->rxd[i].sdl0 &= ~htole16(RT2860_RX_DDONE);
775
776	bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
777
778	ring->cur = 0;
779}
780
781void
782rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
783{
784	int i;
785
786	if (ring->rxd != NULL) {
787		bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
788		    BUS_DMASYNC_POSTWRITE);
789		bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
790		bus_dmamem_free(ring->desc_dmat, ring->rxd, ring->desc_map);
791	}
792	if (ring->desc_dmat != NULL)
793		bus_dma_tag_destroy(ring->desc_dmat);
794
795	for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
796		struct rt2860_rx_data *data = &ring->data[i];
797
798		if (data->m != NULL) {
799			bus_dmamap_sync(ring->data_dmat, data->map,
800			    BUS_DMASYNC_POSTREAD);
801			bus_dmamap_unload(ring->data_dmat, data->map);
802			m_freem(data->m);
803		}
804		if (data->map != NULL)
805			bus_dmamap_destroy(ring->data_dmat, data->map);
806	}
807	if (ring->data_dmat != NULL)
808		bus_dma_tag_destroy(ring->data_dmat);
809}
810
811static void
812rt2860_updatestats(struct rt2860_softc *sc)
813{
814	struct ieee80211com *ic = &sc->sc_ic;
815
816	/*
817	 * In IBSS or HostAP modes (when the hardware sends beacons), the
818	 * MAC can run into a livelock and start sending CTS-to-self frames
819	 * like crazy if protection is enabled.  Fortunately, we can detect
820	 * when such a situation occurs and reset the MAC.
821	 */
822	if (ic->ic_curmode != IEEE80211_M_STA) {
823		/* check if we're in a livelock situation.. */
824		uint32_t tmp = RAL_READ(sc, RT2860_DEBUG);
825		if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
826			/* ..and reset MAC/BBP for a while.. */
827			DPRINTF(("CTS-to-self livelock detected\n"));
828			RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
829			RAL_BARRIER_WRITE(sc);
830			DELAY(1);
831			RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
832			    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
833		}
834	}
835}
836
837static void
838rt2860_newassoc(struct ieee80211_node *ni, int isnew)
839{
840	struct ieee80211com *ic = ni->ni_ic;
841	struct rt2860_softc *sc = ic->ic_softc;
842	uint8_t wcid;
843
844	wcid = IEEE80211_AID(ni->ni_associd);
845	if (isnew && ni->ni_associd != 0) {
846		sc->wcid2ni[wcid] = ni;
847
848		/* init WCID table entry */
849		RAL_WRITE_REGION_1(sc, RT2860_WCID_ENTRY(wcid),
850		    ni->ni_macaddr, IEEE80211_ADDR_LEN);
851	}
852	DPRINTF(("new assoc isnew=%d addr=%s WCID=%d\n",
853	    isnew, ether_sprintf(ni->ni_macaddr), wcid));
854}
855
856static void
857rt2860_node_free(struct ieee80211_node *ni)
858{
859	struct ieee80211com *ic = ni->ni_ic;
860	struct rt2860_softc *sc = ic->ic_softc;
861	uint8_t wcid;
862
863	if (ni->ni_associd != 0) {
864		wcid = IEEE80211_AID(ni->ni_associd);
865
866		/* clear Rx WCID search table entry */
867		RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(wcid), 0, 2);
868	}
869	sc->sc_node_free(ni);
870}
871
872#ifdef IEEE80211_HT
873static int
874rt2860_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
875    uint8_t tid)
876{
877	struct rt2860_softc *sc = ic->ic_softc;
878	uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
879	uint32_t tmp;
880
881	/* update BA session mask */
882	tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
883	tmp |= (1 << tid) << 16;
884	RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
885	return 0;
886}
887
888static void
889rt2860_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni,
890    uint8_t tid)
891{
892	struct rt2860_softc *sc = ic->ic_softc;
893	uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
894	uint32_t tmp;
895
896	/* update BA session mask */
897	tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
898	tmp &= ~((1 << tid) << 16);
899	RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
900}
901#endif
902
903static int
904rt2860_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
905{
906	struct rt2860_vap *rvp = RT2860_VAP(vap);
907	struct ieee80211com *ic = vap->iv_ic;
908	struct rt2860_softc *sc = ic->ic_softc;
909	uint32_t tmp;
910	int error;
911
912	if (vap->iv_state == IEEE80211_S_RUN) {
913		/* turn link LED off */
914		rt2860_set_leds(sc, RT2860_LED_RADIO);
915	}
916
917	if (nstate == IEEE80211_S_INIT && vap->iv_state == IEEE80211_S_RUN) {
918		/* abort TSF synchronization */
919		tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
920		RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
921		    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
922		    RT2860_TBTT_TIMER_EN));
923	}
924
925	rt2860_set_gp_timer(sc, 0);
926
927	error = rvp->ral_newstate(vap, nstate, arg);
928	if (error != 0)
929		return (error);
930
931	if (nstate == IEEE80211_S_RUN) {
932		struct ieee80211_node *ni = vap->iv_bss;
933
934		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
935			rt2860_enable_mrr(sc);
936			rt2860_set_txpreamble(sc);
937			rt2860_set_basicrates(sc, &ni->ni_rates);
938			rt2860_set_bssid(sc, ni->ni_bssid);
939		}
940
941		if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
942		    vap->iv_opmode == IEEE80211_M_IBSS ||
943		    vap->iv_opmode == IEEE80211_M_MBSS) {
944			error = rt2860_setup_beacon(sc, vap);
945			if (error != 0)
946				return error;
947		}
948
949		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
950			rt2860_enable_tsf_sync(sc);
951			rt2860_set_gp_timer(sc, 500);
952		}
953
954		/* turn link LED on */
955		rt2860_set_leds(sc, RT2860_LED_RADIO |
956		    (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) ?
957		     RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
958	}
959	return error;
960}
961
962/* Read 16-bit from eFUSE ROM (>=RT3071 only.) */
963static uint16_t
964rt3090_efuse_read_2(struct rt2860_softc *sc, uint16_t addr)
965{
966	uint32_t tmp;
967	uint16_t reg;
968	int ntries;
969
970	addr *= 2;
971	/*-
972	 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
973	 * DATA0: F E D C
974	 * DATA1: B A 9 8
975	 * DATA2: 7 6 5 4
976	 * DATA3: 3 2 1 0
977	 */
978	tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
979	tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
980	tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
981	RAL_WRITE(sc, RT3070_EFUSE_CTRL, tmp);
982	for (ntries = 0; ntries < 500; ntries++) {
983		tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
984		if (!(tmp & RT3070_EFSROM_KICK))
985			break;
986		DELAY(2);
987	}
988	if (ntries == 500)
989		return 0xffff;
990
991	if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK)
992		return 0xffff;	/* address not found */
993
994	/* determine to which 32-bit register our 16-bit word belongs */
995	reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
996	tmp = RAL_READ(sc, reg);
997
998	return (addr & 2) ? tmp >> 16 : tmp & 0xffff;
999}
1000
1001/*
1002 * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
1003 * 93C66 or 93C86).
1004 */
1005static uint16_t
1006rt2860_eeprom_read_2(struct rt2860_softc *sc, uint16_t addr)
1007{
1008	uint32_t tmp;
1009	uint16_t val;
1010	int n;
1011
1012	/* clock C once before the first command */
1013	RT2860_EEPROM_CTL(sc, 0);
1014
1015	RT2860_EEPROM_CTL(sc, RT2860_S);
1016	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1017	RT2860_EEPROM_CTL(sc, RT2860_S);
1018
1019	/* write start bit (1) */
1020	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
1021	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
1022
1023	/* write READ opcode (10) */
1024	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
1025	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
1026	RT2860_EEPROM_CTL(sc, RT2860_S);
1027	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1028
1029	/* write address (A5-A0 or A7-A0) */
1030	n = ((RAL_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
1031	for (; n >= 0; n--) {
1032		RT2860_EEPROM_CTL(sc, RT2860_S |
1033		    (((addr >> n) & 1) << RT2860_SHIFT_D));
1034		RT2860_EEPROM_CTL(sc, RT2860_S |
1035		    (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
1036	}
1037
1038	RT2860_EEPROM_CTL(sc, RT2860_S);
1039
1040	/* read data Q15-Q0 */
1041	val = 0;
1042	for (n = 15; n >= 0; n--) {
1043		RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1044		tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
1045		val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
1046		RT2860_EEPROM_CTL(sc, RT2860_S);
1047	}
1048
1049	RT2860_EEPROM_CTL(sc, 0);
1050
1051	/* clear Chip Select and clock C */
1052	RT2860_EEPROM_CTL(sc, RT2860_S);
1053	RT2860_EEPROM_CTL(sc, 0);
1054	RT2860_EEPROM_CTL(sc, RT2860_C);
1055
1056	return val;
1057}
1058
1059static __inline uint16_t
1060rt2860_srom_read(struct rt2860_softc *sc, uint8_t addr)
1061{
1062	/* either eFUSE ROM or EEPROM */
1063	return sc->sc_srom_read(sc, addr);
1064}
1065
1066static void
1067rt2860_intr_coherent(struct rt2860_softc *sc)
1068{
1069	uint32_t tmp;
1070
1071	/* DMA finds data coherent event when checking the DDONE bit */
1072
1073	DPRINTF(("Tx/Rx Coherent interrupt\n"));
1074
1075	/* restart DMA engine */
1076	tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
1077	tmp &= ~(RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
1078	RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
1079
1080	(void)rt2860_txrx_enable(sc);
1081}
1082
1083static void
1084rt2860_drain_stats_fifo(struct rt2860_softc *sc)
1085{
1086	struct ieee80211_node *ni;
1087	uint32_t stat;
1088	int retrycnt;
1089	uint8_t wcid, mcs, pid;
1090
1091	/* drain Tx status FIFO (maxsize = 16) */
1092	while ((stat = RAL_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
1093		DPRINTFN(4, ("tx stat 0x%08x\n", stat));
1094
1095		wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
1096		ni = sc->wcid2ni[wcid];
1097
1098		/* if no ACK was requested, no feedback is available */
1099		if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL)
1100			continue;
1101
1102		/* update per-STA AMRR stats */
1103		if (stat & RT2860_TXQ_OK) {
1104			/*
1105			 * Check if there were retries, ie if the Tx success
1106			 * rate is different from the requested rate.  Note
1107			 * that it works only because we do not allow rate
1108			 * fallback from OFDM to CCK.
1109			 */
1110			mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
1111			pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
1112			if (mcs + 1 != pid)
1113				retrycnt = 1;
1114			else
1115				retrycnt = 0;
1116			ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
1117			    IEEE80211_RATECTL_TX_SUCCESS, &retrycnt, NULL);
1118		} else {
1119			ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
1120			    IEEE80211_RATECTL_TX_FAILURE, &retrycnt, NULL);
1121			if_inc_counter(ni->ni_vap->iv_ifp,
1122			    IFCOUNTER_OERRORS, 1);
1123		}
1124	}
1125}
1126
1127static void
1128rt2860_tx_intr(struct rt2860_softc *sc, int qid)
1129{
1130	struct rt2860_tx_ring *ring = &sc->txq[qid];
1131	uint32_t hw;
1132
1133	rt2860_drain_stats_fifo(sc);
1134
1135	hw = RAL_READ(sc, RT2860_TX_DTX_IDX(qid));
1136	while (ring->next != hw) {
1137		struct rt2860_tx_data *data = ring->data[ring->next];
1138
1139		if (data != NULL) {
1140			bus_dmamap_sync(sc->txwi_dmat, data->map,
1141			    BUS_DMASYNC_POSTWRITE);
1142			bus_dmamap_unload(sc->txwi_dmat, data->map);
1143			ieee80211_tx_complete(data->ni, data->m, 0);
1144			data->ni = NULL;
1145			data->m = NULL;
1146			SLIST_INSERT_HEAD(&sc->data_pool, data, next);
1147			ring->data[ring->next] = NULL;
1148		}
1149		ring->queued--;
1150		ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
1151	}
1152
1153	sc->sc_tx_timer = 0;
1154	if (ring->queued < RT2860_TX_RING_COUNT)
1155		sc->qfullmsk &= ~(1 << qid);
1156	rt2860_start(sc);
1157}
1158
1159/*
1160 * Return the Rx chain with the highest RSSI for a given frame.
1161 */
1162static __inline uint8_t
1163rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
1164{
1165	uint8_t rxchain = 0;
1166
1167	if (sc->nrxchains > 1) {
1168		if (rxwi->rssi[1] > rxwi->rssi[rxchain])
1169			rxchain = 1;
1170		if (sc->nrxchains > 2)
1171			if (rxwi->rssi[2] > rxwi->rssi[rxchain])
1172				rxchain = 2;
1173	}
1174	return rxchain;
1175}
1176
1177static void
1178rt2860_rx_intr(struct rt2860_softc *sc)
1179{
1180	struct rt2860_rx_radiotap_header *tap;
1181	struct ieee80211com *ic = &sc->sc_ic;
1182	struct ieee80211_frame *wh;
1183	struct ieee80211_node *ni;
1184	struct mbuf *m, *m1;
1185	bus_addr_t physaddr;
1186	uint32_t hw;
1187	uint16_t phy;
1188	uint8_t ant;
1189	int8_t rssi, nf;
1190	int error;
1191
1192	hw = RAL_READ(sc, RT2860_FS_DRX_IDX) & 0xfff;
1193	while (sc->rxq.cur != hw) {
1194		struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1195		struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
1196		struct rt2860_rxwi *rxwi;
1197
1198		bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
1199		    BUS_DMASYNC_POSTREAD);
1200
1201		if (__predict_false(!(rxd->sdl0 & htole16(RT2860_RX_DDONE)))) {
1202			DPRINTF(("RXD DDONE bit not set!\n"));
1203			break;	/* should not happen */
1204		}
1205
1206		if (__predict_false(rxd->flags &
1207		    htole32(RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
1208			counter_u64_add(ic->ic_ierrors, 1);
1209			goto skip;
1210		}
1211
1212#ifdef HW_CRYPTO
1213		if (__predict_false(rxd->flags & htole32(RT2860_RX_MICERR))) {
1214			/* report MIC failures to net80211 for TKIP */
1215			ic->ic_stats.is_rx_locmicfail++;
1216			ieee80211_michael_mic_failure(ic, 0/* XXX */);
1217			counter_u64_add(ic->ic_ierrors, 1);
1218			goto skip;
1219		}
1220#endif
1221
1222		m1 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1223		if (__predict_false(m1 == NULL)) {
1224			counter_u64_add(ic->ic_ierrors, 1);
1225			goto skip;
1226		}
1227
1228		bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1229		    BUS_DMASYNC_POSTREAD);
1230		bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1231
1232		error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1233		    mtod(m1, void *), MCLBYTES, rt2860_dma_map_addr,
1234		    &physaddr, 0);
1235		if (__predict_false(error != 0)) {
1236			m_freem(m1);
1237
1238			/* try to reload the old mbuf */
1239			error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1240			    mtod(data->m, void *), MCLBYTES,
1241			    rt2860_dma_map_addr, &physaddr, 0);
1242			if (__predict_false(error != 0)) {
1243				panic("%s: could not load old rx mbuf",
1244				    device_get_name(sc->sc_dev));
1245			}
1246			/* physical address may have changed */
1247			rxd->sdp0 = htole32(physaddr);
1248			counter_u64_add(ic->ic_ierrors, 1);
1249			goto skip;
1250		}
1251
1252		/*
1253		 * New mbuf successfully loaded, update Rx ring and continue
1254		 * processing.
1255		 */
1256		m = data->m;
1257		data->m = m1;
1258		rxd->sdp0 = htole32(physaddr);
1259
1260		rxwi = mtod(m, struct rt2860_rxwi *);
1261
1262		/* finalize mbuf */
1263		m->m_data = (caddr_t)(rxwi + 1);
1264		m->m_pkthdr.len = m->m_len = le16toh(rxwi->len) & 0xfff;
1265
1266		wh = mtod(m, struct ieee80211_frame *);
1267#ifdef HW_CRYPTO
1268		if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1269			/* frame is decrypted by hardware */
1270			wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
1271		}
1272#endif
1273
1274		/* HW may insert 2 padding bytes after 802.11 header */
1275		if (rxd->flags & htole32(RT2860_RX_L2PAD)) {
1276			u_int hdrlen = ieee80211_hdrsize(wh);
1277			ovbcopy(wh, (caddr_t)wh + 2, hdrlen);
1278			m->m_data += 2;
1279			wh = mtod(m, struct ieee80211_frame *);
1280		}
1281
1282		ant = rt2860_maxrssi_chain(sc, rxwi);
1283		rssi = rt2860_rssi2dbm(sc, rxwi->rssi[ant], ant);
1284		nf = RT2860_NOISE_FLOOR;
1285
1286		if (ieee80211_radiotap_active(ic)) {
1287			tap = &sc->sc_rxtap;
1288			tap->wr_flags = 0;
1289			tap->wr_antenna = ant;
1290			tap->wr_antsignal = nf + rssi;
1291			tap->wr_antnoise = nf;
1292			/* in case it can't be found below */
1293			tap->wr_rate = 2;
1294			phy = le16toh(rxwi->phy);
1295			switch (phy & RT2860_PHY_MODE) {
1296			case RT2860_PHY_CCK:
1297				switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
1298				case 0:	tap->wr_rate =   2; break;
1299				case 1:	tap->wr_rate =   4; break;
1300				case 2:	tap->wr_rate =  11; break;
1301				case 3:	tap->wr_rate =  22; break;
1302				}
1303				if (phy & RT2860_PHY_SHPRE)
1304					tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1305				break;
1306			case RT2860_PHY_OFDM:
1307				switch (phy & RT2860_PHY_MCS) {
1308				case 0:	tap->wr_rate =  12; break;
1309				case 1:	tap->wr_rate =  18; break;
1310				case 2:	tap->wr_rate =  24; break;
1311				case 3:	tap->wr_rate =  36; break;
1312				case 4:	tap->wr_rate =  48; break;
1313				case 5:	tap->wr_rate =  72; break;
1314				case 6:	tap->wr_rate =  96; break;
1315				case 7:	tap->wr_rate = 108; break;
1316				}
1317				break;
1318			}
1319		}
1320
1321		RAL_UNLOCK(sc);
1322		wh = mtod(m, struct ieee80211_frame *);
1323
1324		/* send the frame to the 802.11 layer */
1325		ni = ieee80211_find_rxnode(ic,
1326		    (struct ieee80211_frame_min *)wh);
1327		if (ni != NULL) {
1328			(void)ieee80211_input(ni, m, rssi - nf, nf);
1329			ieee80211_free_node(ni);
1330		} else
1331			(void)ieee80211_input_all(ic, m, rssi - nf, nf);
1332
1333		RAL_LOCK(sc);
1334
1335skip:		rxd->sdl0 &= ~htole16(RT2860_RX_DDONE);
1336
1337		bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
1338		    BUS_DMASYNC_PREWRITE);
1339
1340		sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
1341	}
1342
1343	/* tell HW what we have processed */
1344	RAL_WRITE(sc, RT2860_RX_CALC_IDX,
1345	    (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
1346}
1347
1348static void
1349rt2860_tbtt_intr(struct rt2860_softc *sc)
1350{
1351#if 0
1352	struct ieee80211com *ic = &sc->sc_ic;
1353
1354#ifndef IEEE80211_STA_ONLY
1355	if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
1356		/* one less beacon until next DTIM */
1357		if (ic->ic_dtim_count == 0)
1358			ic->ic_dtim_count = ic->ic_dtim_period - 1;
1359		else
1360			ic->ic_dtim_count--;
1361
1362		/* update dynamic parts of beacon */
1363		rt2860_setup_beacon(sc);
1364
1365		/* flush buffered multicast frames */
1366		if (ic->ic_dtim_count == 0)
1367			ieee80211_notify_dtim(ic);
1368	}
1369#endif
1370	/* check if protection mode has changed */
1371	if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
1372		rt2860_updateprot(sc);
1373		sc->sc_ic_flags = ic->ic_flags;
1374	}
1375#endif
1376}
1377
1378static void
1379rt2860_gp_intr(struct rt2860_softc *sc)
1380{
1381	struct ieee80211com *ic = &sc->sc_ic;
1382	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1383
1384	DPRINTFN(2, ("GP timeout state=%d\n", vap->iv_state));
1385
1386	if (vap->iv_state == IEEE80211_S_RUN)
1387		rt2860_updatestats(sc);
1388}
1389
1390void
1391rt2860_intr(void *arg)
1392{
1393	struct rt2860_softc *sc = arg;
1394	uint32_t r;
1395
1396	RAL_LOCK(sc);
1397
1398	r = RAL_READ(sc, RT2860_INT_STATUS);
1399	if (__predict_false(r == 0xffffffff)) {
1400		RAL_UNLOCK(sc);
1401		return;	/* device likely went away */
1402	}
1403	if (r == 0) {
1404		RAL_UNLOCK(sc);
1405		return;	/* not for us */
1406	}
1407
1408	/* acknowledge interrupts */
1409	RAL_WRITE(sc, RT2860_INT_STATUS, r);
1410
1411	if (r & RT2860_TX_RX_COHERENT)
1412		rt2860_intr_coherent(sc);
1413
1414	if (r & RT2860_MAC_INT_2)	/* TX status */
1415		rt2860_drain_stats_fifo(sc);
1416
1417	if (r & RT2860_TX_DONE_INT5)
1418		rt2860_tx_intr(sc, 5);
1419
1420	if (r & RT2860_RX_DONE_INT)
1421		rt2860_rx_intr(sc);
1422
1423	if (r & RT2860_TX_DONE_INT4)
1424		rt2860_tx_intr(sc, 4);
1425
1426	if (r & RT2860_TX_DONE_INT3)
1427		rt2860_tx_intr(sc, 3);
1428
1429	if (r & RT2860_TX_DONE_INT2)
1430		rt2860_tx_intr(sc, 2);
1431
1432	if (r & RT2860_TX_DONE_INT1)
1433		rt2860_tx_intr(sc, 1);
1434
1435	if (r & RT2860_TX_DONE_INT0)
1436		rt2860_tx_intr(sc, 0);
1437
1438	if (r & RT2860_MAC_INT_0)	/* TBTT */
1439		rt2860_tbtt_intr(sc);
1440
1441	if (r & RT2860_MAC_INT_3)	/* Auto wakeup */
1442		/* TBD wakeup */;
1443
1444	if (r & RT2860_MAC_INT_4)	/* GP timer */
1445		rt2860_gp_intr(sc);
1446
1447	RAL_UNLOCK(sc);
1448}
1449
1450static int
1451rt2860_tx(struct rt2860_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
1452{
1453	struct ieee80211com *ic = &sc->sc_ic;
1454	struct ieee80211vap *vap = ni->ni_vap;
1455	struct rt2860_tx_ring *ring;
1456	struct rt2860_tx_data *data;
1457	struct rt2860_txd *txd;
1458	struct rt2860_txwi *txwi;
1459	struct ieee80211_frame *wh;
1460	const struct ieee80211_txparam *tp;
1461	struct ieee80211_key *k;
1462	struct mbuf *m1;
1463	bus_dma_segment_t segs[RT2860_MAX_SCATTER];
1464	bus_dma_segment_t *seg;
1465	u_int hdrlen;
1466	uint16_t qos, dur;
1467	uint8_t type, qsel, mcs, pid, tid, qid;
1468	int i, nsegs, ntxds, pad, rate, ridx, error;
1469
1470	/* the data pool contains at least one element, pick the first */
1471	data = SLIST_FIRST(&sc->data_pool);
1472
1473	wh = mtod(m, struct ieee80211_frame *);
1474
1475	if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1476		k = ieee80211_crypto_encap(ni, m);
1477		if (k == NULL) {
1478			m_freem(m);
1479			return ENOBUFS;
1480		}
1481
1482		/* packet header may have moved, reset our local pointer */
1483		wh = mtod(m, struct ieee80211_frame *);
1484	}
1485
1486	hdrlen = ieee80211_anyhdrsize(wh);
1487	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1488
1489	tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
1490	if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1491		rate = tp->mcastrate;
1492	} else if (m->m_flags & M_EAPOL) {
1493		rate = tp->mgmtrate;
1494	} else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
1495		rate = tp->ucastrate;
1496	} else {
1497		(void) ieee80211_ratectl_rate(ni, NULL, 0);
1498		rate = ni->ni_txrate;
1499	}
1500	rate &= IEEE80211_RATE_VAL;
1501
1502	qid = M_WME_GETAC(m);
1503	if (IEEE80211_QOS_HAS_SEQ(wh)) {
1504		qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
1505		tid = qos & IEEE80211_QOS_TID;
1506	} else {
1507		qos = 0;
1508		tid = 0;
1509	}
1510	ring = &sc->txq[qid];
1511	ridx = ieee80211_legacy_rate_lookup(ic->ic_rt, rate);
1512
1513	/* get MCS code from rate index */
1514	mcs = rt2860_rates[ridx].mcs;
1515
1516	/* setup TX Wireless Information */
1517	txwi = data->txwi;
1518	txwi->flags = 0;
1519	/* let HW generate seq numbers for non-QoS frames */
1520	txwi->xflags = qos ? 0 : RT2860_TX_NSEQ;
1521	if (type == IEEE80211_FC0_TYPE_DATA)
1522		txwi->wcid = IEEE80211_AID(ni->ni_associd);
1523	else
1524		txwi->wcid = 0xff;
1525	txwi->len = htole16(m->m_pkthdr.len);
1526	if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
1527		txwi->phy = htole16(RT2860_PHY_CCK);
1528		if (ridx != RT2860_RIDX_CCK1 &&
1529		    (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1530			mcs |= RT2860_PHY_SHPRE;
1531	} else
1532		txwi->phy = htole16(RT2860_PHY_OFDM);
1533	txwi->phy |= htole16(mcs);
1534
1535	/*
1536	 * We store the MCS code into the driver-private PacketID field.
1537	 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1538	 * that we know at which initial rate the frame was transmitted.
1539	 * We add 1 to the MCS code because setting the PacketID field to
1540	 * 0 means that we don't want feedback in TX_STAT_FIFO.
1541	 */
1542	pid = (mcs + 1) & 0xf;
1543	txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
1544
1545	/* check if RTS/CTS or CTS-to-self protection is required */
1546	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1547	    (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
1548	     ((ic->ic_flags & IEEE80211_F_USEPROT) &&
1549	      rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
1550		txwi->txop = RT2860_TX_TXOP_HT;
1551	else
1552		txwi->txop = RT2860_TX_TXOP_BACKOFF;
1553
1554	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1555	    (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
1556	     IEEE80211_QOS_ACKPOLICY_NOACK)) {
1557		txwi->xflags |= RT2860_TX_ACK;
1558
1559		if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1560			dur = rt2860_rates[ridx].sp_ack_dur;
1561		else
1562			dur = rt2860_rates[ridx].lp_ack_dur;
1563		*(uint16_t *)wh->i_dur = htole16(dur);
1564	}
1565	/* ask MAC to insert timestamp into probe responses */
1566	if ((wh->i_fc[0] &
1567	     (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
1568	     (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
1569	    /* NOTE: beacons do not pass through tx_data() */
1570		txwi->flags |= RT2860_TX_TS;
1571
1572	if (ieee80211_radiotap_active_vap(vap)) {
1573		struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
1574
1575		tap->wt_flags = 0;
1576		tap->wt_rate = rate;
1577		if (mcs & RT2860_PHY_SHPRE)
1578			tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1579
1580		ieee80211_radiotap_tx(vap, m);
1581	}
1582
1583	pad = (hdrlen + 3) & ~3;
1584
1585	/* copy and trim 802.11 header */
1586	memcpy(txwi + 1, wh, hdrlen);
1587	m_adj(m, hdrlen);
1588
1589	error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
1590	    &nsegs, 0);
1591	if (__predict_false(error != 0 && error != EFBIG)) {
1592		device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1593		    error);
1594		m_freem(m);
1595		return error;
1596	}
1597	if (__predict_true(error == 0)) {
1598		/* determine how many TXDs are required */
1599		ntxds = 1 + (nsegs / 2);
1600
1601		if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1602			/* not enough free TXDs, force mbuf defrag */
1603			bus_dmamap_unload(sc->txwi_dmat, data->map);
1604			error = EFBIG;
1605		}
1606	}
1607	if (__predict_false(error != 0)) {
1608		m1 = m_defrag(m, M_NOWAIT);
1609		if (m1 == NULL) {
1610			device_printf(sc->sc_dev,
1611			    "could not defragment mbuf\n");
1612			m_freem(m);
1613			return ENOBUFS;
1614		}
1615		m = m1;
1616
1617		error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
1618		    segs, &nsegs, 0);
1619		if (__predict_false(error != 0)) {
1620			device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1621			    error);
1622			m_freem(m);
1623			return error;
1624		}
1625
1626		/* determine how many TXDs are now required */
1627		ntxds = 1 + (nsegs / 2);
1628
1629		if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1630			/* this is a hopeless case, drop the mbuf! */
1631			bus_dmamap_unload(sc->txwi_dmat, data->map);
1632			m_freem(m);
1633			return ENOBUFS;
1634		}
1635	}
1636
1637	qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1638
1639	/* first segment is TXWI + 802.11 header */
1640	txd = &ring->txd[ring->cur];
1641	txd->sdp0 = htole32(data->paddr);
1642	txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
1643	txd->flags = qsel;
1644
1645	/* setup payload segments */
1646	seg = &segs[0];
1647	for (i = nsegs; i >= 2; i -= 2) {
1648		txd->sdp1 = htole32(seg->ds_addr);
1649		txd->sdl1 = htole16(seg->ds_len);
1650		seg++;
1651		ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1652		/* grab a new Tx descriptor */
1653		txd = &ring->txd[ring->cur];
1654		txd->sdp0 = htole32(seg->ds_addr);
1655		txd->sdl0 = htole16(seg->ds_len);
1656		txd->flags = qsel;
1657		seg++;
1658	}
1659	/* finalize last segment */
1660	if (i > 0) {
1661		txd->sdp1 = htole32(seg->ds_addr);
1662		txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
1663	} else {
1664		txd->sdl0 |= htole16(RT2860_TX_LS0);
1665		txd->sdl1 = 0;
1666	}
1667
1668	/* remove from the free pool and link it into the SW Tx slot */
1669	SLIST_REMOVE_HEAD(&sc->data_pool, next);
1670	data->m = m;
1671	data->ni = ni;
1672	ring->data[ring->cur] = data;
1673
1674	bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
1675	bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
1676	bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
1677
1678	DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
1679	    qid, txwi->wcid, nsegs, ridx));
1680
1681	ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1682	ring->queued += ntxds;
1683	if (ring->queued >= RT2860_TX_RING_COUNT)
1684		sc->qfullmsk |= 1 << qid;
1685
1686	/* kick Tx */
1687	RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1688
1689	return 0;
1690}
1691
1692static int
1693rt2860_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
1694    const struct ieee80211_bpf_params *params)
1695{
1696	struct ieee80211com *ic = ni->ni_ic;
1697	struct rt2860_softc *sc = ic->ic_softc;
1698	int error;
1699
1700	RAL_LOCK(sc);
1701
1702	/* prevent management frames from being sent if we're not ready */
1703	if (!(sc->sc_flags & RT2860_RUNNING)) {
1704		RAL_UNLOCK(sc);
1705		m_freem(m);
1706		return ENETDOWN;
1707	}
1708	if (params == NULL) {
1709		/*
1710		 * Legacy path; interpret frame contents to decide
1711		 * precisely how to send the frame.
1712		 */
1713		error = rt2860_tx(sc, m, ni);
1714	} else {
1715		/*
1716		 * Caller supplied explicit parameters to use in
1717		 * sending the frame.
1718		 */
1719		error = rt2860_tx_raw(sc, m, ni, params);
1720	}
1721	sc->sc_tx_timer = 5;
1722	RAL_UNLOCK(sc);
1723	return error;
1724}
1725
1726static int
1727rt2860_tx_raw(struct rt2860_softc *sc, struct mbuf *m,
1728    struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
1729{
1730	struct ieee80211com *ic = &sc->sc_ic;
1731	struct ieee80211vap *vap = ni->ni_vap;
1732	struct rt2860_tx_ring *ring;
1733	struct rt2860_tx_data *data;
1734	struct rt2860_txd *txd;
1735	struct rt2860_txwi *txwi;
1736	struct ieee80211_frame *wh;
1737	struct mbuf *m1;
1738	bus_dma_segment_t segs[RT2860_MAX_SCATTER];
1739	bus_dma_segment_t *seg;
1740	u_int hdrlen;
1741	uint16_t dur;
1742	uint8_t type, qsel, mcs, pid, tid, qid;
1743	int i, nsegs, ntxds, pad, rate, ridx, error;
1744
1745	/* the data pool contains at least one element, pick the first */
1746	data = SLIST_FIRST(&sc->data_pool);
1747
1748	wh = mtod(m, struct ieee80211_frame *);
1749	hdrlen = ieee80211_hdrsize(wh);
1750	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1751
1752	/* Choose a TX rate index. */
1753	rate = params->ibp_rate0;
1754	ridx = ieee80211_legacy_rate_lookup(ic->ic_rt,
1755	    rate & IEEE80211_RATE_VAL);
1756	if (ridx == (uint8_t)-1) {
1757		/* XXX fall back to mcast/mgmt rate? */
1758		m_freem(m);
1759		return EINVAL;
1760	}
1761
1762	qid = params->ibp_pri & 3;
1763	tid = 0;
1764	ring = &sc->txq[qid];
1765
1766	/* get MCS code from rate index */
1767	mcs = rt2860_rates[ridx].mcs;
1768
1769	/* setup TX Wireless Information */
1770	txwi = data->txwi;
1771	txwi->flags = 0;
1772	/* let HW generate seq numbers for non-QoS frames */
1773	txwi->xflags = params->ibp_pri & 3 ? 0 : RT2860_TX_NSEQ;
1774	txwi->wcid = 0xff;
1775	txwi->len = htole16(m->m_pkthdr.len);
1776	if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
1777		txwi->phy = htole16(RT2860_PHY_CCK);
1778		if (ridx != RT2860_RIDX_CCK1 &&
1779		    (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1780			mcs |= RT2860_PHY_SHPRE;
1781	} else
1782		txwi->phy = htole16(RT2860_PHY_OFDM);
1783	txwi->phy |= htole16(mcs);
1784
1785	/*
1786	 * We store the MCS code into the driver-private PacketID field.
1787	 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1788	 * that we know at which initial rate the frame was transmitted.
1789	 * We add 1 to the MCS code because setting the PacketID field to
1790	 * 0 means that we don't want feedback in TX_STAT_FIFO.
1791	 */
1792	pid = (mcs + 1) & 0xf;
1793	txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
1794
1795	/* check if RTS/CTS or CTS-to-self protection is required */
1796	if (params->ibp_flags & IEEE80211_BPF_RTS ||
1797	    params->ibp_flags & IEEE80211_BPF_CTS)
1798		txwi->txop = RT2860_TX_TXOP_HT;
1799	else
1800		txwi->txop = RT2860_TX_TXOP_BACKOFF;
1801	if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) {
1802		txwi->xflags |= RT2860_TX_ACK;
1803
1804		if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1805			dur = rt2860_rates[ridx].sp_ack_dur;
1806		else
1807			dur = rt2860_rates[ridx].lp_ack_dur;
1808		*(uint16_t *)wh->i_dur = htole16(dur);
1809	}
1810	/* ask MAC to insert timestamp into probe responses */
1811	if ((wh->i_fc[0] &
1812	     (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
1813	     (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
1814	    /* NOTE: beacons do not pass through tx_data() */
1815		txwi->flags |= RT2860_TX_TS;
1816
1817	if (ieee80211_radiotap_active_vap(vap)) {
1818		struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
1819
1820		tap->wt_flags = 0;
1821		tap->wt_rate = rate;
1822		if (mcs & RT2860_PHY_SHPRE)
1823			tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1824
1825		ieee80211_radiotap_tx(vap, m);
1826	}
1827
1828	pad = (hdrlen + 3) & ~3;
1829
1830	/* copy and trim 802.11 header */
1831	memcpy(txwi + 1, wh, hdrlen);
1832	m_adj(m, hdrlen);
1833
1834	error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
1835	    &nsegs, 0);
1836	if (__predict_false(error != 0 && error != EFBIG)) {
1837		device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1838		    error);
1839		m_freem(m);
1840		return error;
1841	}
1842	if (__predict_true(error == 0)) {
1843		/* determine how many TXDs are required */
1844		ntxds = 1 + (nsegs / 2);
1845
1846		if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1847			/* not enough free TXDs, force mbuf defrag */
1848			bus_dmamap_unload(sc->txwi_dmat, data->map);
1849			error = EFBIG;
1850		}
1851	}
1852	if (__predict_false(error != 0)) {
1853		m1 = m_defrag(m, M_NOWAIT);
1854		if (m1 == NULL) {
1855			device_printf(sc->sc_dev,
1856			    "could not defragment mbuf\n");
1857			m_freem(m);
1858			return ENOBUFS;
1859		}
1860		m = m1;
1861
1862		error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
1863		    segs, &nsegs, 0);
1864		if (__predict_false(error != 0)) {
1865			device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1866			    error);
1867			m_freem(m);
1868			return error;
1869		}
1870
1871		/* determine how many TXDs are now required */
1872		ntxds = 1 + (nsegs / 2);
1873
1874		if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1875			/* this is a hopeless case, drop the mbuf! */
1876			bus_dmamap_unload(sc->txwi_dmat, data->map);
1877			m_freem(m);
1878			return ENOBUFS;
1879		}
1880	}
1881
1882	qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1883
1884	/* first segment is TXWI + 802.11 header */
1885	txd = &ring->txd[ring->cur];
1886	txd->sdp0 = htole32(data->paddr);
1887	txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
1888	txd->flags = qsel;
1889
1890	/* setup payload segments */
1891	seg = &segs[0];
1892	for (i = nsegs; i >= 2; i -= 2) {
1893		txd->sdp1 = htole32(seg->ds_addr);
1894		txd->sdl1 = htole16(seg->ds_len);
1895		seg++;
1896		ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1897		/* grab a new Tx descriptor */
1898		txd = &ring->txd[ring->cur];
1899		txd->sdp0 = htole32(seg->ds_addr);
1900		txd->sdl0 = htole16(seg->ds_len);
1901		txd->flags = qsel;
1902		seg++;
1903	}
1904	/* finalize last segment */
1905	if (i > 0) {
1906		txd->sdp1 = htole32(seg->ds_addr);
1907		txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
1908	} else {
1909		txd->sdl0 |= htole16(RT2860_TX_LS0);
1910		txd->sdl1 = 0;
1911	}
1912
1913	/* remove from the free pool and link it into the SW Tx slot */
1914	SLIST_REMOVE_HEAD(&sc->data_pool, next);
1915	data->m = m;
1916	data->ni = ni;
1917	ring->data[ring->cur] = data;
1918
1919	bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
1920	bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
1921	bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
1922
1923	DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
1924	    qid, txwi->wcid, nsegs, ridx));
1925
1926	ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1927	ring->queued += ntxds;
1928	if (ring->queued >= RT2860_TX_RING_COUNT)
1929		sc->qfullmsk |= 1 << qid;
1930
1931	/* kick Tx */
1932	RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1933
1934	return 0;
1935}
1936
1937static int
1938rt2860_transmit(struct ieee80211com *ic, struct mbuf *m)
1939{
1940	struct rt2860_softc *sc = ic->ic_softc;
1941	int error;
1942
1943	RAL_LOCK(sc);
1944	if ((sc->sc_flags & RT2860_RUNNING) == 0) {
1945		RAL_UNLOCK(sc);
1946		return (ENXIO);
1947	}
1948	error = mbufq_enqueue(&sc->sc_snd, m);
1949	if (error) {
1950		RAL_UNLOCK(sc);
1951		return (error);
1952	}
1953	rt2860_start(sc);
1954	RAL_UNLOCK(sc);
1955
1956	return (0);
1957}
1958
1959static void
1960rt2860_start(struct rt2860_softc *sc)
1961{
1962	struct ieee80211_node *ni;
1963	struct mbuf *m;
1964
1965	RAL_LOCK_ASSERT(sc);
1966
1967	if ((sc->sc_flags & RT2860_RUNNING) == 0)
1968		return;
1969
1970	while (!SLIST_EMPTY(&sc->data_pool) && sc->qfullmsk == 0 &&
1971	    (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
1972		ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
1973		if (rt2860_tx(sc, m, ni) != 0) {
1974			if_inc_counter(ni->ni_vap->iv_ifp,
1975			    IFCOUNTER_OERRORS, 1);
1976			ieee80211_free_node(ni);
1977			continue;
1978		}
1979		sc->sc_tx_timer = 5;
1980	}
1981}
1982
1983static void
1984rt2860_watchdog(void *arg)
1985{
1986	struct rt2860_softc *sc = arg;
1987
1988	RAL_LOCK_ASSERT(sc);
1989
1990	KASSERT(sc->sc_flags & RT2860_RUNNING, ("not running"));
1991
1992	if (sc->sc_invalid)		/* card ejected */
1993		return;
1994
1995	if (sc->sc_tx_timer > 0 && --sc->sc_tx_timer == 0) {
1996		device_printf(sc->sc_dev, "device timeout\n");
1997		rt2860_stop_locked(sc);
1998		rt2860_init_locked(sc);
1999		counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2000		return;
2001	}
2002	callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
2003}
2004
2005static void
2006rt2860_parent(struct ieee80211com *ic)
2007{
2008	struct rt2860_softc *sc = ic->ic_softc;
2009	int startall = 0;
2010
2011	RAL_LOCK(sc);
2012	if (ic->ic_nrunning> 0) {
2013		if (!(sc->sc_flags & RT2860_RUNNING)) {
2014			rt2860_init_locked(sc);
2015			startall = 1;
2016		} else
2017			rt2860_update_promisc(ic);
2018	} else if (sc->sc_flags & RT2860_RUNNING)
2019		rt2860_stop_locked(sc);
2020	RAL_UNLOCK(sc);
2021	if (startall)
2022		ieee80211_start_all(ic);
2023}
2024
2025/*
2026 * Reading and writing from/to the BBP is different from RT2560 and RT2661.
2027 * We access the BBP through the 8051 microcontroller unit which means that
2028 * the microcode must be loaded first.
2029 */
2030void
2031rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2032{
2033	int ntries;
2034
2035	for (ntries = 0; ntries < 100; ntries++) {
2036		if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2037			break;
2038		DELAY(1);
2039	}
2040	if (ntries == 100) {
2041		device_printf(sc->sc_dev,
2042			"could not write to BBP through MCU\n");
2043		return;
2044	}
2045
2046	RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2047	    RT2860_BBP_CSR_KICK | reg << 8 | val);
2048	RAL_BARRIER_WRITE(sc);
2049
2050	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
2051	DELAY(1000);
2052}
2053
2054uint8_t
2055rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
2056{
2057	uint32_t val;
2058	int ntries;
2059
2060	for (ntries = 0; ntries < 100; ntries++) {
2061		if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2062			break;
2063		DELAY(1);
2064	}
2065	if (ntries == 100) {
2066		device_printf(sc->sc_dev,
2067		    "could not read from BBP through MCU\n");
2068		return 0;
2069	}
2070
2071	RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2072	    RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
2073	RAL_BARRIER_WRITE(sc);
2074
2075	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
2076	DELAY(1000);
2077
2078	for (ntries = 0; ntries < 100; ntries++) {
2079		val = RAL_READ(sc, RT2860_H2M_BBPAGENT);
2080		if (!(val & RT2860_BBP_CSR_KICK))
2081			return val & 0xff;
2082		DELAY(1);
2083	}
2084	device_printf(sc->sc_dev, "could not read from BBP through MCU\n");
2085
2086	return 0;
2087}
2088
2089/*
2090 * Write to one of the 4 programmable 24-bit RF registers.
2091 */
2092static void
2093rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
2094{
2095	uint32_t tmp;
2096	int ntries;
2097
2098	for (ntries = 0; ntries < 100; ntries++) {
2099		if (!(RAL_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
2100			break;
2101		DELAY(1);
2102	}
2103	if (ntries == 100) {
2104		device_printf(sc->sc_dev, "could not write to RF\n");
2105		return;
2106	}
2107
2108	/* RF registers are 24-bit on the RT2860 */
2109	tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
2110	    (val & 0x3fffff) << 2 | (reg & 3);
2111	RAL_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
2112}
2113
2114static uint8_t
2115rt3090_rf_read(struct rt2860_softc *sc, uint8_t reg)
2116{
2117	uint32_t tmp;
2118	int ntries;
2119
2120	for (ntries = 0; ntries < 100; ntries++) {
2121		if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
2122			break;
2123		DELAY(1);
2124	}
2125	if (ntries == 100) {
2126		device_printf(sc->sc_dev, "could not read RF register\n");
2127		return 0xff;
2128	}
2129	tmp = RT3070_RF_KICK | reg << 8;
2130	RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
2131
2132	for (ntries = 0; ntries < 100; ntries++) {
2133		tmp = RAL_READ(sc, RT3070_RF_CSR_CFG);
2134		if (!(tmp & RT3070_RF_KICK))
2135			break;
2136		DELAY(1);
2137	}
2138	if (ntries == 100) {
2139		device_printf(sc->sc_dev, "could not read RF register\n");
2140		return 0xff;
2141	}
2142	return tmp & 0xff;
2143}
2144
2145void
2146rt3090_rf_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2147{
2148	uint32_t tmp;
2149	int ntries;
2150
2151	for (ntries = 0; ntries < 10; ntries++) {
2152		if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
2153			break;
2154		DELAY(10);
2155	}
2156	if (ntries == 10) {
2157		device_printf(sc->sc_dev, "could not write to RF\n");
2158		return;
2159	}
2160
2161	tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
2162	RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
2163}
2164
2165/*
2166 * Send a command to the 8051 microcontroller unit.
2167 */
2168int
2169rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg, int wait)
2170{
2171	int slot, ntries;
2172	uint32_t tmp;
2173	uint8_t cid;
2174
2175	for (ntries = 0; ntries < 100; ntries++) {
2176		if (!(RAL_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
2177			break;
2178		DELAY(2);
2179	}
2180	if (ntries == 100)
2181		return EIO;
2182
2183	cid = wait ? cmd : RT2860_TOKEN_NO_INTR;
2184	RAL_WRITE(sc, RT2860_H2M_MAILBOX, RT2860_H2M_BUSY | cid << 16 | arg);
2185	RAL_BARRIER_WRITE(sc);
2186	RAL_WRITE(sc, RT2860_HOST_CMD, cmd);
2187
2188	if (!wait)
2189		return 0;
2190	/* wait for the command to complete */
2191	for (ntries = 0; ntries < 200; ntries++) {
2192		tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_CID);
2193		/* find the command slot */
2194		for (slot = 0; slot < 4; slot++, tmp >>= 8)
2195			if ((tmp & 0xff) == cid)
2196				break;
2197		if (slot < 4)
2198			break;
2199		DELAY(100);
2200	}
2201	if (ntries == 200) {
2202		/* clear command and status */
2203		RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
2204		RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
2205		return ETIMEDOUT;
2206	}
2207	/* get command status (1 means success) */
2208	tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_STATUS);
2209	tmp = (tmp >> (slot * 8)) & 0xff;
2210	DPRINTF(("MCU command=0x%02x slot=%d status=0x%02x\n",
2211	    cmd, slot, tmp));
2212	/* clear command and status */
2213	RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
2214	RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
2215	return (tmp == 1) ? 0 : EIO;
2216}
2217
2218static void
2219rt2860_enable_mrr(struct rt2860_softc *sc)
2220{
2221#define CCK(mcs)	(mcs)
2222#define OFDM(mcs)	(1 << 3 | (mcs))
2223	RAL_WRITE(sc, RT2860_LG_FBK_CFG0,
2224	    OFDM(6) << 28 |	/* 54->48 */
2225	    OFDM(5) << 24 |	/* 48->36 */
2226	    OFDM(4) << 20 |	/* 36->24 */
2227	    OFDM(3) << 16 |	/* 24->18 */
2228	    OFDM(2) << 12 |	/* 18->12 */
2229	    OFDM(1) <<  8 |	/* 12-> 9 */
2230	    OFDM(0) <<  4 |	/*  9-> 6 */
2231	    OFDM(0));		/*  6-> 6 */
2232
2233	RAL_WRITE(sc, RT2860_LG_FBK_CFG1,
2234	    CCK(2) << 12 |	/* 11->5.5 */
2235	    CCK(1) <<  8 |	/* 5.5-> 2 */
2236	    CCK(0) <<  4 |	/*   2-> 1 */
2237	    CCK(0));		/*   1-> 1 */
2238#undef OFDM
2239#undef CCK
2240}
2241
2242static void
2243rt2860_set_txpreamble(struct rt2860_softc *sc)
2244{
2245	struct ieee80211com *ic = &sc->sc_ic;
2246	uint32_t tmp;
2247
2248	tmp = RAL_READ(sc, RT2860_AUTO_RSP_CFG);
2249	tmp &= ~RT2860_CCK_SHORT_EN;
2250	if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2251		tmp |= RT2860_CCK_SHORT_EN;
2252	RAL_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
2253}
2254
2255void
2256rt2860_set_basicrates(struct rt2860_softc *sc,
2257    const struct ieee80211_rateset *rs)
2258{
2259	struct ieee80211com *ic = &sc->sc_ic;
2260	uint32_t mask = 0;
2261	uint8_t rate;
2262	int i;
2263
2264	for (i = 0; i < rs->rs_nrates; i++) {
2265		rate = rs->rs_rates[i];
2266
2267		if (!(rate & IEEE80211_RATE_BASIC))
2268			continue;
2269
2270		mask |= 1 << ieee80211_legacy_rate_lookup(ic->ic_rt,
2271		    IEEE80211_RV(rate));
2272	}
2273
2274	RAL_WRITE(sc, RT2860_LEGACY_BASIC_RATE, mask);
2275}
2276
2277static void
2278rt2860_scan_start(struct ieee80211com *ic)
2279{
2280	struct rt2860_softc *sc = ic->ic_softc;
2281	uint32_t tmp;
2282
2283	tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
2284	RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
2285	    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2286	    RT2860_TBTT_TIMER_EN));
2287	rt2860_set_gp_timer(sc, 0);
2288}
2289
2290static void
2291rt2860_scan_end(struct ieee80211com *ic)
2292{
2293	struct rt2860_softc *sc = ic->ic_softc;
2294	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2295
2296	if (vap->iv_state == IEEE80211_S_RUN) {
2297		rt2860_enable_tsf_sync(sc);
2298		rt2860_set_gp_timer(sc, 500);
2299	}
2300}
2301
2302static void
2303rt2860_getradiocaps(struct ieee80211com *ic, int maxchans, int *nchans,
2304    struct ieee80211_channel chans[])
2305{
2306	struct rt2860_softc *sc = ic->ic_softc;
2307	uint8_t bands[IEEE80211_MODE_BYTES];
2308
2309	memset(bands, 0, sizeof(bands));
2310	setbit(bands, IEEE80211_MODE_11B);
2311	setbit(bands, IEEE80211_MODE_11G);
2312	ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
2313	    rt2860_chan_2ghz, nitems(rt2860_chan_2ghz), bands, 0);
2314
2315	if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850) {
2316		setbit(bands, IEEE80211_MODE_11A);
2317		ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
2318		    rt2860_chan_5ghz, nitems(rt2860_chan_5ghz), bands, 0);
2319	}
2320}
2321
2322static void
2323rt2860_set_channel(struct ieee80211com *ic)
2324{
2325	struct rt2860_softc *sc = ic->ic_softc;
2326
2327	RAL_LOCK(sc);
2328	rt2860_switch_chan(sc, ic->ic_curchan);
2329	RAL_UNLOCK(sc);
2330}
2331
2332static void
2333rt2860_select_chan_group(struct rt2860_softc *sc, int group)
2334{
2335	uint32_t tmp;
2336	uint8_t agc;
2337
2338	rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
2339	rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
2340	rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
2341	rt2860_mcu_bbp_write(sc, 86, 0x00);
2342
2343	if (group == 0) {
2344		if (sc->ext_2ghz_lna) {
2345			rt2860_mcu_bbp_write(sc, 82, 0x62);
2346			rt2860_mcu_bbp_write(sc, 75, 0x46);
2347		} else {
2348			rt2860_mcu_bbp_write(sc, 82, 0x84);
2349			rt2860_mcu_bbp_write(sc, 75, 0x50);
2350		}
2351	} else {
2352		if (sc->ext_5ghz_lna) {
2353			rt2860_mcu_bbp_write(sc, 82, 0xf2);
2354			rt2860_mcu_bbp_write(sc, 75, 0x46);
2355		} else {
2356			rt2860_mcu_bbp_write(sc, 82, 0xf2);
2357			rt2860_mcu_bbp_write(sc, 75, 0x50);
2358		}
2359	}
2360
2361	tmp = RAL_READ(sc, RT2860_TX_BAND_CFG);
2362	tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
2363	tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
2364	RAL_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
2365
2366	/* enable appropriate Power Amplifiers and Low Noise Amplifiers */
2367	tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
2368	if (sc->nrxchains > 1)
2369		tmp |= RT2860_LNA_PE1_EN;
2370	if (sc->mac_ver == 0x3593 && sc->nrxchains > 2)
2371		tmp |= RT3593_LNA_PE2_EN;
2372	if (group == 0) {	/* 2GHz */
2373		tmp |= RT2860_PA_PE_G0_EN;
2374		if (sc->ntxchains > 1)
2375			tmp |= RT2860_PA_PE_G1_EN;
2376		if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
2377			tmp |= RT3593_PA_PE_G2_EN;
2378	} else {		/* 5GHz */
2379		tmp |= RT2860_PA_PE_A0_EN;
2380		if (sc->ntxchains > 1)
2381			tmp |= RT2860_PA_PE_A1_EN;
2382		if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
2383			tmp |= RT3593_PA_PE_A2_EN;
2384	}
2385	RAL_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
2386
2387	if (sc->mac_ver == 0x3593) {
2388		tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
2389		if (sc->sc_flags & RT2860_PCIE) {
2390			tmp &= ~0x01010000;
2391			if (group == 0)
2392				tmp |= 0x00010000;
2393		} else {
2394			tmp &= ~0x00008080;
2395			if (group == 0)
2396				tmp |= 0x00000080;
2397		}
2398		tmp = (tmp & ~0x00001000) | 0x00000010;
2399		RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp);
2400	}
2401
2402	/* set initial AGC value */
2403	if (group == 0) {	/* 2GHz band */
2404		if (sc->mac_ver >= 0x3071)
2405			agc = 0x1c + sc->lna[0] * 2;
2406		else
2407			agc = 0x2e + sc->lna[0];
2408	} else {		/* 5GHz band */
2409		agc = 0x32 + (sc->lna[group] * 5) / 3;
2410	}
2411	rt2860_mcu_bbp_write(sc, 66, agc);
2412
2413	DELAY(1000);
2414}
2415
2416static void
2417rt2860_set_chan(struct rt2860_softc *sc, u_int chan)
2418{
2419	const struct rfprog *rfprog = rt2860_rf2850;
2420	uint32_t r2, r3, r4;
2421	int8_t txpow1, txpow2;
2422	u_int i;
2423
2424	/* find the settings for this channel (we know it exists) */
2425	for (i = 0; rfprog[i].chan != chan; i++);
2426
2427	r2 = rfprog[i].r2;
2428	if (sc->ntxchains == 1)
2429		r2 |= 1 << 12;		/* 1T: disable Tx chain 2 */
2430	if (sc->nrxchains == 1)
2431		r2 |= 1 << 15 | 1 << 4;	/* 1R: disable Rx chains 2 & 3 */
2432	else if (sc->nrxchains == 2)
2433		r2 |= 1 << 4;		/* 2R: disable Rx chain 3 */
2434
2435	/* use Tx power values from EEPROM */
2436	txpow1 = sc->txpow1[i];
2437	txpow2 = sc->txpow2[i];
2438	if (chan > 14) {
2439		if (txpow1 >= 0)
2440			txpow1 = txpow1 << 1 | 1;
2441		else
2442			txpow1 = (7 + txpow1) << 1;
2443		if (txpow2 >= 0)
2444			txpow2 = txpow2 << 1 | 1;
2445		else
2446			txpow2 = (7 + txpow2) << 1;
2447	}
2448	r3 = rfprog[i].r3 | txpow1 << 7;
2449	r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
2450
2451	rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2452	rt2860_rf_write(sc, RT2860_RF2, r2);
2453	rt2860_rf_write(sc, RT2860_RF3, r3);
2454	rt2860_rf_write(sc, RT2860_RF4, r4);
2455
2456	DELAY(200);
2457
2458	rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2459	rt2860_rf_write(sc, RT2860_RF2, r2);
2460	rt2860_rf_write(sc, RT2860_RF3, r3 | 1);
2461	rt2860_rf_write(sc, RT2860_RF4, r4);
2462
2463	DELAY(200);
2464
2465	rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2466	rt2860_rf_write(sc, RT2860_RF2, r2);
2467	rt2860_rf_write(sc, RT2860_RF3, r3);
2468	rt2860_rf_write(sc, RT2860_RF4, r4);
2469}
2470
2471static void
2472rt3090_set_chan(struct rt2860_softc *sc, u_int chan)
2473{
2474	int8_t txpow1, txpow2;
2475	uint8_t rf;
2476	int i;
2477
2478	/* RT3090 is 2GHz only */
2479	KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
2480
2481	/* find the settings for this channel (we know it exists) */
2482	for (i = 0; rt2860_rf2850[i].chan != chan; i++);
2483
2484	/* use Tx power values from EEPROM */
2485	txpow1 = sc->txpow1[i];
2486	txpow2 = sc->txpow2[i];
2487
2488	rt3090_rf_write(sc, 2, rt3090_freqs[i].n);
2489	rf = rt3090_rf_read(sc, 3);
2490	rf = (rf & ~0x0f) | rt3090_freqs[i].k;
2491	rt3090_rf_write(sc, 3, rf);
2492	rf = rt3090_rf_read(sc, 6);
2493	rf = (rf & ~0x03) | rt3090_freqs[i].r;
2494	rt3090_rf_write(sc, 6, rf);
2495
2496	/* set Tx0 power */
2497	rf = rt3090_rf_read(sc, 12);
2498	rf = (rf & ~0x1f) | txpow1;
2499	rt3090_rf_write(sc, 12, rf);
2500
2501	/* set Tx1 power */
2502	rf = rt3090_rf_read(sc, 13);
2503	rf = (rf & ~0x1f) | txpow2;
2504	rt3090_rf_write(sc, 13, rf);
2505
2506	rf = rt3090_rf_read(sc, 1);
2507	rf &= ~0xfc;
2508	if (sc->ntxchains == 1)
2509		rf |= RT3070_TX1_PD | RT3070_TX2_PD;
2510	else if (sc->ntxchains == 2)
2511		rf |= RT3070_TX2_PD;
2512	if (sc->nrxchains == 1)
2513		rf |= RT3070_RX1_PD | RT3070_RX2_PD;
2514	else if (sc->nrxchains == 2)
2515		rf |= RT3070_RX2_PD;
2516	rt3090_rf_write(sc, 1, rf);
2517
2518	/* set RF offset */
2519	rf = rt3090_rf_read(sc, 23);
2520	rf = (rf & ~0x7f) | sc->freq;
2521	rt3090_rf_write(sc, 23, rf);
2522
2523	/* program RF filter */
2524	rf = rt3090_rf_read(sc, 24);	/* Tx */
2525	rf = (rf & ~0x3f) | sc->rf24_20mhz;
2526	rt3090_rf_write(sc, 24, rf);
2527	rf = rt3090_rf_read(sc, 31);	/* Rx */
2528	rf = (rf & ~0x3f) | sc->rf24_20mhz;
2529	rt3090_rf_write(sc, 31, rf);
2530
2531	/* enable RF tuning */
2532	rf = rt3090_rf_read(sc, 7);
2533	rt3090_rf_write(sc, 7, rf | RT3070_TUNE);
2534}
2535
2536static void
2537rt5390_set_chan(struct rt2860_softc *sc, u_int chan)
2538{
2539	uint8_t h20mhz, rf, tmp;
2540	int8_t txpow1, txpow2;
2541	int i;
2542
2543	/* RT5390 is 2GHz only */
2544	KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
2545
2546	/* find the settings for this channel (we know it exists) */
2547	for (i = 0; rt2860_rf2850[i].chan != chan; i++);
2548
2549	/* use Tx power values from EEPROM */
2550	txpow1 = sc->txpow1[i];
2551	txpow2 = sc->txpow2[i];
2552
2553	rt3090_rf_write(sc, 8, rt3090_freqs[i].n);
2554	rt3090_rf_write(sc, 9, rt3090_freqs[i].k & 0x0f);
2555	rf = rt3090_rf_read(sc, 11);
2556	rf = (rf & ~0x03) | (rt3090_freqs[i].r & 0x03);
2557	rt3090_rf_write(sc, 11, rf);
2558
2559	rf = rt3090_rf_read(sc, 49);
2560	rf = (rf & ~0x3f) | (txpow1 & 0x3f);
2561	/* the valid range of the RF R49 is 0x00~0x27 */
2562	if ((rf & 0x3f) > 0x27)
2563		rf = (rf & ~0x3f) | 0x27;
2564	rt3090_rf_write(sc, 49, rf);
2565	if (sc->mac_ver == 0x5392) {
2566		rf = rt3090_rf_read(sc, 50);
2567		rf = (rf & ~0x3f) | (txpow2 & 0x3f);
2568		/* the valid range of the RF R50 is 0x00~0x27 */
2569		if ((rf & 0x3f) > 0x27)
2570			rf = (rf & ~0x3f) | 0x27;
2571		rt3090_rf_write(sc, 50, rf);
2572	}
2573
2574	rf = rt3090_rf_read(sc, 1);
2575	rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
2576	if (sc->mac_ver == 0x5392)
2577		rf |= RT3070_RX1_PD | RT3070_TX1_PD;
2578	rt3090_rf_write(sc, 1, rf);
2579
2580	rf = rt3090_rf_read(sc, 2);
2581	rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2582	DELAY(1000);
2583	rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL);
2584
2585	rf = rt3090_rf_read(sc, 17);
2586	tmp = rf;
2587	rf = (rf & ~0x7f) | (sc->freq & 0x7f);
2588	rf = MIN(rf, 0x5f);
2589	if (tmp != rf)
2590		rt2860_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf, 0);
2591
2592	if (sc->mac_ver == 0x5390) {
2593		if (chan <= 4)
2594			rf = 0x73;
2595		else if (chan >= 5 && chan <= 6)
2596			rf = 0x63;
2597		else if (chan >= 7 && chan <= 10)
2598			rf = 0x53;
2599		else
2600			rf = 43;
2601		rt3090_rf_write(sc, 55, rf);
2602
2603		if (chan == 1)
2604			rf = 0x0c;
2605		else if (chan == 2)
2606			rf = 0x0b;
2607		else if (chan == 3)
2608			rf = 0x0a;
2609		else if (chan >= 4 && chan <= 6)
2610			rf = 0x09;
2611		else if (chan >= 7 && chan <= 12)
2612			rf = 0x08;
2613		else if (chan == 13)
2614			rf = 0x07;
2615		else
2616			rf = 0x06;
2617		rt3090_rf_write(sc, 59, rf);
2618	}
2619
2620	/* Tx/Rx h20M */
2621	h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
2622	rf = rt3090_rf_read(sc, 30);
2623	rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
2624	rt3090_rf_write(sc, 30, rf);
2625
2626	/* Rx BB filter VCM */
2627	rf = rt3090_rf_read(sc, 30);
2628	rf = (rf & ~0x18) | 0x10;
2629	rt3090_rf_write(sc, 30, rf);
2630
2631	/* Initiate VCO calibration. */
2632	rf = rt3090_rf_read(sc, 3);
2633	rf |= RT3593_VCOCAL;
2634	rt3090_rf_write(sc, 3, rf);
2635}
2636
2637static int
2638rt3090_rf_init(struct rt2860_softc *sc)
2639{
2640	uint32_t tmp;
2641	uint8_t rf, bbp;
2642	int i;
2643
2644	rf = rt3090_rf_read(sc, 30);
2645	/* toggle RF R30 bit 7 */
2646	rt3090_rf_write(sc, 30, rf | 0x80);
2647	DELAY(1000);
2648	rt3090_rf_write(sc, 30, rf & ~0x80);
2649
2650	tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2651	tmp &= ~0x1f000000;
2652	if (sc->patch_dac && sc->mac_rev < 0x0211)
2653		tmp |= 0x0d000000;	/* 1.35V */
2654	else
2655		tmp |= 0x01000000;	/* 1.2V */
2656	RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2657
2658	/* patch LNA_PE_G1 */
2659	tmp = RAL_READ(sc, RT3070_GPIO_SWITCH);
2660	RAL_WRITE(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
2661
2662	/* initialize RF registers to default value */
2663	for (i = 0; i < nitems(rt3090_def_rf); i++) {
2664		rt3090_rf_write(sc, rt3090_def_rf[i].reg,
2665		    rt3090_def_rf[i].val);
2666	}
2667
2668	/* select 20MHz bandwidth */
2669	rt3090_rf_write(sc, 31, 0x14);
2670
2671	rf = rt3090_rf_read(sc, 6);
2672	rt3090_rf_write(sc, 6, rf | 0x40);
2673
2674	if (sc->mac_ver != 0x3593) {
2675		/* calibrate filter for 20MHz bandwidth */
2676		sc->rf24_20mhz = 0x1f;	/* default value */
2677		rt3090_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz);
2678
2679		/* select 40MHz bandwidth */
2680		bbp = rt2860_mcu_bbp_read(sc, 4);
2681		rt2860_mcu_bbp_write(sc, 4, (bbp & ~0x08) | 0x10);
2682		rf = rt3090_rf_read(sc, 31);
2683		rt3090_rf_write(sc, 31, rf | 0x20);
2684
2685		/* calibrate filter for 40MHz bandwidth */
2686		sc->rf24_40mhz = 0x2f;	/* default value */
2687		rt3090_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz);
2688
2689		/* go back to 20MHz bandwidth */
2690		bbp = rt2860_mcu_bbp_read(sc, 4);
2691		rt2860_mcu_bbp_write(sc, 4, bbp & ~0x18);
2692	}
2693	if (sc->mac_rev < 0x0211)
2694		rt3090_rf_write(sc, 27, 0x03);
2695
2696	tmp = RAL_READ(sc, RT3070_OPT_14);
2697	RAL_WRITE(sc, RT3070_OPT_14, tmp | 1);
2698
2699	if (sc->rf_rev == RT3070_RF_3020)
2700		rt3090_set_rx_antenna(sc, 0);
2701
2702	bbp = rt2860_mcu_bbp_read(sc, 138);
2703	if (sc->mac_ver == 0x3593) {
2704		if (sc->ntxchains == 1)
2705			bbp |= 0x60;	/* turn off DAC1 and DAC2 */
2706		else if (sc->ntxchains == 2)
2707			bbp |= 0x40;	/* turn off DAC2 */
2708		if (sc->nrxchains == 1)
2709			bbp &= ~0x06;	/* turn off ADC1 and ADC2 */
2710		else if (sc->nrxchains == 2)
2711			bbp &= ~0x04;	/* turn off ADC2 */
2712	} else {
2713		if (sc->ntxchains == 1)
2714			bbp |= 0x20;	/* turn off DAC1 */
2715		if (sc->nrxchains == 1)
2716			bbp &= ~0x02;	/* turn off ADC1 */
2717	}
2718	rt2860_mcu_bbp_write(sc, 138, bbp);
2719
2720	rf = rt3090_rf_read(sc, 1);
2721	rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
2722	rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
2723	rt3090_rf_write(sc, 1, rf);
2724
2725	rf = rt3090_rf_read(sc, 15);
2726	rt3090_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
2727
2728	rf = rt3090_rf_read(sc, 17);
2729	rf &= ~RT3070_TX_LO1;
2730	if (sc->mac_rev >= 0x0211 && !sc->ext_2ghz_lna)
2731		rf |= 0x20;	/* fix for long range Rx issue */
2732	if (sc->txmixgain_2ghz >= 2)
2733		rf = (rf & ~0x7) | sc->txmixgain_2ghz;
2734	rt3090_rf_write(sc, 17, rf);
2735
2736	rf = rt3090_rf_read(sc, 20);
2737	rt3090_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
2738
2739	rf = rt3090_rf_read(sc, 21);
2740	rt3090_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
2741
2742	return (0);
2743}
2744
2745static void
2746rt5390_rf_init(struct rt2860_softc *sc)
2747{
2748	uint8_t rf, bbp;
2749	int i;
2750
2751	rf = rt3090_rf_read(sc, 2);
2752	/* Toggle RF R2 bit 7. */
2753	rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2754	DELAY(1000);
2755	rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL);
2756
2757	/* Initialize RF registers to default value. */
2758	if (sc->mac_ver == 0x5392) {
2759		for (i = 0; i < nitems(rt5392_def_rf); i++) {
2760			rt3090_rf_write(sc, rt5392_def_rf[i].reg,
2761			    rt5392_def_rf[i].val);
2762		}
2763	} else {
2764		for (i = 0; i < nitems(rt5390_def_rf); i++) {
2765			rt3090_rf_write(sc, rt5390_def_rf[i].reg,
2766			    rt5390_def_rf[i].val);
2767		}
2768	}
2769
2770	sc->rf24_20mhz = 0x1f;
2771	sc->rf24_40mhz = 0x2f;
2772
2773	if (sc->mac_rev < 0x0211)
2774		rt3090_rf_write(sc, 27, 0x03);
2775
2776	/* Set led open drain enable. */
2777	RAL_WRITE(sc, RT3070_OPT_14, RAL_READ(sc, RT3070_OPT_14) | 1);
2778
2779	RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
2780	RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
2781
2782	if (sc->mac_ver == 0x5390)
2783		rt3090_set_rx_antenna(sc, 0);
2784
2785	/* Patch RSSI inaccurate issue. */
2786	rt2860_mcu_bbp_write(sc, 79, 0x13);
2787	rt2860_mcu_bbp_write(sc, 80, 0x05);
2788	rt2860_mcu_bbp_write(sc, 81, 0x33);
2789
2790	/* Enable DC filter. */
2791	if (sc->mac_rev >= 0x0211)
2792		rt2860_mcu_bbp_write(sc, 103, 0xc0);
2793
2794	bbp = rt2860_mcu_bbp_read(sc, 138);
2795	if (sc->ntxchains == 1)
2796		bbp |= 0x20;	/* Turn off DAC1. */
2797	if (sc->nrxchains == 1)
2798		bbp &= ~0x02;	/* Turn off ADC1. */
2799	rt2860_mcu_bbp_write(sc, 138, bbp);
2800
2801	/* Enable RX LO1 and LO2. */
2802	rt3090_rf_write(sc, 38, rt3090_rf_read(sc, 38) & ~RT5390_RX_LO1);
2803	rt3090_rf_write(sc, 39, rt3090_rf_read(sc, 39) & ~RT5390_RX_LO2);
2804
2805	/* Avoid data lost and CRC error. */
2806	rt2860_mcu_bbp_write(sc, 4,
2807	    rt2860_mcu_bbp_read(sc, 4) | RT5390_MAC_IF_CTRL);
2808
2809	rf = rt3090_rf_read(sc, 30);
2810	rf = (rf & ~0x18) | 0x10;
2811	rt3090_rf_write(sc, 30, rf);
2812}
2813
2814static void
2815rt3090_rf_wakeup(struct rt2860_softc *sc)
2816{
2817	uint32_t tmp;
2818	uint8_t rf;
2819
2820	if (sc->mac_ver == 0x3593) {
2821		/* enable VCO */
2822		rf = rt3090_rf_read(sc, 1);
2823		rt3090_rf_write(sc, 1, rf | RT3593_VCO);
2824
2825		/* initiate VCO calibration */
2826		rf = rt3090_rf_read(sc, 3);
2827		rt3090_rf_write(sc, 3, rf | RT3593_VCOCAL);
2828
2829		/* enable VCO bias current control */
2830		rf = rt3090_rf_read(sc, 6);
2831		rt3090_rf_write(sc, 6, rf | RT3593_VCO_IC);
2832
2833		/* initiate res calibration */
2834		rf = rt3090_rf_read(sc, 2);
2835		rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2836
2837		/* set reference current control to 0.33 mA */
2838		rf = rt3090_rf_read(sc, 22);
2839		rf &= ~RT3593_CP_IC_MASK;
2840		rf |= 1 << RT3593_CP_IC_SHIFT;
2841		rt3090_rf_write(sc, 22, rf);
2842
2843		/* enable RX CTB */
2844		rf = rt3090_rf_read(sc, 46);
2845		rt3090_rf_write(sc, 46, rf | RT3593_RX_CTB);
2846
2847		rf = rt3090_rf_read(sc, 20);
2848		rf &= ~(RT3593_LDO_RF_VC_MASK | RT3593_LDO_PLL_VC_MASK);
2849		rt3090_rf_write(sc, 20, rf);
2850	} else {
2851		/* enable RF block */
2852		rf = rt3090_rf_read(sc, 1);
2853		rt3090_rf_write(sc, 1, rf | RT3070_RF_BLOCK);
2854
2855		/* enable VCO bias current control */
2856		rf = rt3090_rf_read(sc, 7);
2857		rt3090_rf_write(sc, 7, rf | 0x30);
2858
2859		rf = rt3090_rf_read(sc, 9);
2860		rt3090_rf_write(sc, 9, rf | 0x0e);
2861
2862		/* enable RX CTB */
2863		rf = rt3090_rf_read(sc, 21);
2864		rt3090_rf_write(sc, 21, rf | RT3070_RX_CTB);
2865
2866		/* fix Tx to Rx IQ glitch by raising RF voltage */
2867		rf = rt3090_rf_read(sc, 27);
2868		rf &= ~0x77;
2869		if (sc->mac_rev < 0x0211)
2870			rf |= 0x03;
2871		rt3090_rf_write(sc, 27, rf);
2872	}
2873	if (sc->patch_dac && sc->mac_rev < 0x0211) {
2874		tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2875		tmp = (tmp & ~0x1f000000) | 0x0d000000;
2876		RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2877	}
2878}
2879
2880static void
2881rt5390_rf_wakeup(struct rt2860_softc *sc)
2882{
2883	uint32_t tmp;
2884	uint8_t rf;
2885
2886	rf = rt3090_rf_read(sc, 1);
2887	rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD |
2888	    RT3070_TX0_PD;
2889	if (sc->mac_ver == 0x5392)
2890		rf |= RT3070_RX1_PD | RT3070_TX1_PD;
2891	rt3090_rf_write(sc, 1, rf);
2892
2893	rf = rt3090_rf_read(sc, 6);
2894	rf |= RT3593_VCO_IC | RT3593_VCOCAL;
2895	if (sc->mac_ver == 0x5390)
2896		rf &= ~RT3593_VCO_IC;
2897	rt3090_rf_write(sc, 6, rf);
2898
2899	rt3090_rf_write(sc, 2, rt3090_rf_read(sc, 2) | RT3593_RESCAL);
2900
2901	rf = rt3090_rf_read(sc, 22);
2902	rf = (rf & ~0xe0) | 0x20;
2903	rt3090_rf_write(sc, 22, rf);
2904
2905	rt3090_rf_write(sc, 42, rt3090_rf_read(sc, 42) | RT5390_RX_CTB);
2906	rt3090_rf_write(sc, 20, rt3090_rf_read(sc, 20) & ~0x77);
2907	rt3090_rf_write(sc, 3, rt3090_rf_read(sc, 3) | RT3593_VCOCAL);
2908
2909	if (sc->patch_dac && sc->mac_rev < 0x0211) {
2910		tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2911		tmp = (tmp & ~0x1f000000) | 0x0d000000;
2912		RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2913	}
2914}
2915
2916static int
2917rt3090_filter_calib(struct rt2860_softc *sc, uint8_t init, uint8_t target,
2918    uint8_t *val)
2919{
2920	uint8_t rf22, rf24;
2921	uint8_t bbp55_pb, bbp55_sb, delta;
2922	int ntries;
2923
2924	/* program filter */
2925	rf24 = rt3090_rf_read(sc, 24);
2926	rf24 = (rf24 & 0xc0) | init;	/* initial filter value */
2927	rt3090_rf_write(sc, 24, rf24);
2928
2929	/* enable baseband loopback mode */
2930	rf22 = rt3090_rf_read(sc, 22);
2931	rt3090_rf_write(sc, 22, rf22 | RT3070_BB_LOOPBACK);
2932
2933	/* set power and frequency of passband test tone */
2934	rt2860_mcu_bbp_write(sc, 24, 0x00);
2935	for (ntries = 0; ntries < 100; ntries++) {
2936		/* transmit test tone */
2937		rt2860_mcu_bbp_write(sc, 25, 0x90);
2938		DELAY(1000);
2939		/* read received power */
2940		bbp55_pb = rt2860_mcu_bbp_read(sc, 55);
2941		if (bbp55_pb != 0)
2942			break;
2943	}
2944	if (ntries == 100)
2945		return (ETIMEDOUT);
2946
2947	/* set power and frequency of stopband test tone */
2948	rt2860_mcu_bbp_write(sc, 24, 0x06);
2949	for (ntries = 0; ntries < 100; ntries++) {
2950		/* transmit test tone */
2951		rt2860_mcu_bbp_write(sc, 25, 0x90);
2952		DELAY(1000);
2953		/* read received power */
2954		bbp55_sb = rt2860_mcu_bbp_read(sc, 55);
2955
2956		delta = bbp55_pb - bbp55_sb;
2957		if (delta > target)
2958			break;
2959
2960		/* reprogram filter */
2961		rf24++;
2962		rt3090_rf_write(sc, 24, rf24);
2963	}
2964	if (ntries < 100) {
2965		if (rf24 != init)
2966			rf24--;	/* backtrack */
2967		*val = rf24;
2968		rt3090_rf_write(sc, 24, rf24);
2969	}
2970
2971	/* restore initial state */
2972	rt2860_mcu_bbp_write(sc, 24, 0x00);
2973
2974	/* disable baseband loopback mode */
2975	rf22 = rt3090_rf_read(sc, 22);
2976	rt3090_rf_write(sc, 22, rf22 & ~RT3070_BB_LOOPBACK);
2977
2978	return (0);
2979}
2980
2981static void
2982rt3090_rf_setup(struct rt2860_softc *sc)
2983{
2984	uint8_t bbp;
2985	int i;
2986
2987	if (sc->mac_rev >= 0x0211) {
2988		/* enable DC filter */
2989		rt2860_mcu_bbp_write(sc, 103, 0xc0);
2990
2991		/* improve power consumption */
2992		bbp = rt2860_mcu_bbp_read(sc, 31);
2993		rt2860_mcu_bbp_write(sc, 31, bbp & ~0x03);
2994	}
2995
2996	RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
2997	if (sc->mac_rev < 0x0211) {
2998		RAL_WRITE(sc, RT2860_TX_SW_CFG2,
2999		    sc->patch_dac ? 0x2c : 0x0f);
3000	} else
3001		RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
3002
3003	/* initialize RF registers from ROM */
3004	if (sc->mac_ver < 0x5390) {
3005		for (i = 0; i < 10; i++) {
3006			if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
3007				continue;
3008			rt3090_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
3009		}
3010	}
3011}
3012
3013static void
3014rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
3015{
3016	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
3017	    which | (sc->leds & 0x7f), 0);
3018}
3019
3020/*
3021 * Hardware has a general-purpose programmable timer interrupt that can
3022 * periodically raise MAC_INT_4.
3023 */
3024static void
3025rt2860_set_gp_timer(struct rt2860_softc *sc, int ms)
3026{
3027	uint32_t tmp;
3028
3029	/* disable GP timer before reprogramming it */
3030	tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
3031	RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp & ~RT2860_GP_TIMER_EN);
3032
3033	if (ms == 0)
3034		return;
3035
3036	tmp = RAL_READ(sc, RT2860_INT_TIMER_CFG);
3037	ms *= 16;	/* Unit: 64us */
3038	tmp = (tmp & 0xffff) | ms << RT2860_GP_TIMER_SHIFT;
3039	RAL_WRITE(sc, RT2860_INT_TIMER_CFG, tmp);
3040
3041	/* enable GP timer */
3042	tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
3043	RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp | RT2860_GP_TIMER_EN);
3044}
3045
3046static void
3047rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
3048{
3049	RAL_WRITE(sc, RT2860_MAC_BSSID_DW0,
3050	    bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
3051	RAL_WRITE(sc, RT2860_MAC_BSSID_DW1,
3052	    bssid[4] | bssid[5] << 8);
3053}
3054
3055static void
3056rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
3057{
3058	RAL_WRITE(sc, RT2860_MAC_ADDR_DW0,
3059	    addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
3060	RAL_WRITE(sc, RT2860_MAC_ADDR_DW1,
3061	    addr[4] | addr[5] << 8 | 0xff << 16);
3062}
3063
3064static void
3065rt2860_updateslot(struct ieee80211com *ic)
3066{
3067	struct rt2860_softc *sc = ic->ic_softc;
3068	uint32_t tmp;
3069
3070	tmp = RAL_READ(sc, RT2860_BKOFF_SLOT_CFG);
3071	tmp &= ~0xff;
3072	tmp |= IEEE80211_GET_SLOTTIME(ic);
3073	RAL_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
3074}
3075
3076static void
3077rt2860_updateprot(struct rt2860_softc *sc)
3078{
3079	struct ieee80211com *ic = &sc->sc_ic;
3080	uint32_t tmp;
3081
3082	tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
3083	/* setup protection frame rate (MCS code) */
3084	tmp |= IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ?
3085	    rt2860_rates[RT2860_RIDX_OFDM6].mcs :
3086	    rt2860_rates[RT2860_RIDX_CCK11].mcs;
3087
3088	/* CCK frames don't require protection */
3089	RAL_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
3090
3091	if (ic->ic_flags & IEEE80211_F_USEPROT) {
3092		if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
3093			tmp |= RT2860_PROT_CTRL_RTS_CTS;
3094		else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
3095			tmp |= RT2860_PROT_CTRL_CTS;
3096	}
3097	RAL_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
3098}
3099
3100static void
3101rt2860_update_promisc(struct ieee80211com *ic)
3102{
3103	struct rt2860_softc *sc = ic->ic_softc;
3104	uint32_t tmp;
3105
3106	tmp = RAL_READ(sc, RT2860_RX_FILTR_CFG);
3107	tmp &= ~RT2860_DROP_NOT_MYBSS;
3108	if (ic->ic_promisc == 0)
3109		tmp |= RT2860_DROP_NOT_MYBSS;
3110	RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
3111}
3112
3113static int
3114rt2860_updateedca(struct ieee80211com *ic)
3115{
3116	struct rt2860_softc *sc = ic->ic_softc;
3117	const struct wmeParams *wmep;
3118	int aci;
3119
3120	wmep = ic->ic_wme.wme_chanParams.cap_wmeParams;
3121
3122	/* update MAC TX configuration registers */
3123	for (aci = 0; aci < WME_NUM_AC; aci++) {
3124		RAL_WRITE(sc, RT2860_EDCA_AC_CFG(aci),
3125		    wmep[aci].wmep_logcwmax << 16 |
3126		    wmep[aci].wmep_logcwmin << 12 |
3127		    wmep[aci].wmep_aifsn  <<  8 |
3128		    wmep[aci].wmep_txopLimit);
3129	}
3130
3131	/* update SCH/DMA registers too */
3132	RAL_WRITE(sc, RT2860_WMM_AIFSN_CFG,
3133	    wmep[WME_AC_VO].wmep_aifsn  << 12 |
3134	    wmep[WME_AC_VI].wmep_aifsn  <<  8 |
3135	    wmep[WME_AC_BK].wmep_aifsn  <<  4 |
3136	    wmep[WME_AC_BE].wmep_aifsn);
3137	RAL_WRITE(sc, RT2860_WMM_CWMIN_CFG,
3138	    wmep[WME_AC_VO].wmep_logcwmin << 12 |
3139	    wmep[WME_AC_VI].wmep_logcwmin <<  8 |
3140	    wmep[WME_AC_BK].wmep_logcwmin <<  4 |
3141	    wmep[WME_AC_BE].wmep_logcwmin);
3142	RAL_WRITE(sc, RT2860_WMM_CWMAX_CFG,
3143	    wmep[WME_AC_VO].wmep_logcwmax << 12 |
3144	    wmep[WME_AC_VI].wmep_logcwmax <<  8 |
3145	    wmep[WME_AC_BK].wmep_logcwmax <<  4 |
3146	    wmep[WME_AC_BE].wmep_logcwmax);
3147	RAL_WRITE(sc, RT2860_WMM_TXOP0_CFG,
3148	    wmep[WME_AC_BK].wmep_txopLimit << 16 |
3149	    wmep[WME_AC_BE].wmep_txopLimit);
3150	RAL_WRITE(sc, RT2860_WMM_TXOP1_CFG,
3151	    wmep[WME_AC_VO].wmep_txopLimit << 16 |
3152	    wmep[WME_AC_VI].wmep_txopLimit);
3153
3154	return 0;
3155}
3156
3157#ifdef HW_CRYPTO
3158static int
3159rt2860_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
3160    struct ieee80211_key *k)
3161{
3162	struct rt2860_softc *sc = ic->ic_softc;
3163	bus_size_t base;
3164	uint32_t attr;
3165	uint8_t mode, wcid, iv[8];
3166
3167	/* defer setting of WEP keys until interface is brought up */
3168	if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
3169	    (IFF_UP | IFF_RUNNING))
3170		return 0;
3171
3172	/* map net80211 cipher to RT2860 security mode */
3173	switch (k->k_cipher) {
3174	case IEEE80211_CIPHER_WEP40:
3175		mode = RT2860_MODE_WEP40;
3176		break;
3177	case IEEE80211_CIPHER_WEP104:
3178		mode = RT2860_MODE_WEP104;
3179		break;
3180	case IEEE80211_CIPHER_TKIP:
3181		mode = RT2860_MODE_TKIP;
3182		break;
3183	case IEEE80211_CIPHER_CCMP:
3184		mode = RT2860_MODE_AES_CCMP;
3185		break;
3186	default:
3187		return EINVAL;
3188	}
3189
3190	if (k->k_flags & IEEE80211_KEY_GROUP) {
3191		wcid = 0;	/* NB: update WCID0 for group keys */
3192		base = RT2860_SKEY(0, k->k_id);
3193	} else {
3194		wcid = ((struct rt2860_node *)ni)->wcid;
3195		base = RT2860_PKEY(wcid);
3196	}
3197
3198	if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
3199		RAL_WRITE_REGION_1(sc, base, k->k_key, 16);
3200#ifndef IEEE80211_STA_ONLY
3201		if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
3202			RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[16], 8);
3203			RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[24], 8);
3204		} else
3205#endif
3206		{
3207			RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[24], 8);
3208			RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[16], 8);
3209		}
3210	} else
3211		RAL_WRITE_REGION_1(sc, base, k->k_key, k->k_len);
3212
3213	if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
3214	    (k->k_flags & IEEE80211_KEY_TX)) {
3215		/* set initial packet number in IV+EIV */
3216		if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
3217		    k->k_cipher == IEEE80211_CIPHER_WEP104) {
3218			uint32_t val = arc4random();
3219			/* skip weak IVs from Fluhrer/Mantin/Shamir */
3220			if (val >= 0x03ff00 && (val & 0xf8ff00) == 0x00ff00)
3221				val += 0x000100;
3222			iv[0] = val;
3223			iv[1] = val >> 8;
3224			iv[2] = val >> 16;
3225			iv[3] = k->k_id << 6;
3226			iv[4] = iv[5] = iv[6] = iv[7] = 0;
3227		} else {
3228			if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
3229				iv[0] = k->k_tsc >> 8;
3230				iv[1] = (iv[0] | 0x20) & 0x7f;
3231				iv[2] = k->k_tsc;
3232			} else /* CCMP */ {
3233				iv[0] = k->k_tsc;
3234				iv[1] = k->k_tsc >> 8;
3235				iv[2] = 0;
3236			}
3237			iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
3238			iv[4] = k->k_tsc >> 16;
3239			iv[5] = k->k_tsc >> 24;
3240			iv[6] = k->k_tsc >> 32;
3241			iv[7] = k->k_tsc >> 40;
3242		}
3243		RAL_WRITE_REGION_1(sc, RT2860_IVEIV(wcid), iv, 8);
3244	}
3245
3246	if (k->k_flags & IEEE80211_KEY_GROUP) {
3247		/* install group key */
3248		attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
3249		attr &= ~(0xf << (k->k_id * 4));
3250		attr |= mode << (k->k_id * 4);
3251		RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
3252	} else {
3253		/* install pairwise key */
3254		attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
3255		attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
3256		RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
3257	}
3258	return 0;
3259}
3260
3261static void
3262rt2860_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
3263    struct ieee80211_key *k)
3264{
3265	struct rt2860_softc *sc = ic->ic_softc;
3266	uint32_t attr;
3267	uint8_t wcid;
3268
3269	if (k->k_flags & IEEE80211_KEY_GROUP) {
3270		/* remove group key */
3271		attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
3272		attr &= ~(0xf << (k->k_id * 4));
3273		RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
3274
3275	} else {
3276		/* remove pairwise key */
3277		wcid = ((struct rt2860_node *)ni)->wcid;
3278		attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
3279		attr &= ~0xf;
3280		RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
3281	}
3282}
3283#endif
3284
3285static int8_t
3286rt2860_rssi2dbm(struct rt2860_softc *sc, uint8_t rssi, uint8_t rxchain)
3287{
3288	struct ieee80211com *ic = &sc->sc_ic;
3289	struct ieee80211_channel *c = ic->ic_curchan;
3290	int delta;
3291
3292	if (IEEE80211_IS_CHAN_5GHZ(c)) {
3293		u_int chan = ieee80211_chan2ieee(ic, c);
3294		delta = sc->rssi_5ghz[rxchain];
3295
3296		/* determine channel group */
3297		if (chan <= 64)
3298			delta -= sc->lna[1];
3299		else if (chan <= 128)
3300			delta -= sc->lna[2];
3301		else
3302			delta -= sc->lna[3];
3303	} else
3304		delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
3305
3306	return -12 - delta - rssi;
3307}
3308
3309/*
3310 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
3311 * Used to adjust per-rate Tx power registers.
3312 */
3313static __inline uint32_t
3314b4inc(uint32_t b32, int8_t delta)
3315{
3316	int8_t i, b4;
3317
3318	for (i = 0; i < 8; i++) {
3319		b4 = b32 & 0xf;
3320		b4 += delta;
3321		if (b4 < 0)
3322			b4 = 0;
3323		else if (b4 > 0xf)
3324			b4 = 0xf;
3325		b32 = b32 >> 4 | b4 << 28;
3326	}
3327	return b32;
3328}
3329
3330static const char *
3331rt2860_get_rf(uint16_t rev)
3332{
3333	switch (rev) {
3334	case RT2860_RF_2820:	return "RT2820";
3335	case RT2860_RF_2850:	return "RT2850";
3336	case RT2860_RF_2720:	return "RT2720";
3337	case RT2860_RF_2750:	return "RT2750";
3338	case RT3070_RF_3020:	return "RT3020";
3339	case RT3070_RF_2020:	return "RT2020";
3340	case RT3070_RF_3021:	return "RT3021";
3341	case RT3070_RF_3022:	return "RT3022";
3342	case RT3070_RF_3052:	return "RT3052";
3343	case RT3070_RF_3320:	return "RT3320";
3344	case RT3070_RF_3053:	return "RT3053";
3345	case RT5390_RF_5360:	return "RT5360";
3346	case RT5390_RF_5390:	return "RT5390";
3347	default:		return "unknown";
3348	}
3349}
3350
3351static int
3352rt2860_read_eeprom(struct rt2860_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
3353{
3354	int8_t delta_2ghz, delta_5ghz;
3355	uint32_t tmp;
3356	uint16_t val;
3357	int ridx, ant, i;
3358
3359	/* check whether the ROM is eFUSE ROM or EEPROM */
3360	sc->sc_srom_read = rt2860_eeprom_read_2;
3361	if (sc->mac_ver >= 0x3071) {
3362		tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
3363		DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp));
3364		if (tmp & RT3070_SEL_EFUSE)
3365			sc->sc_srom_read = rt3090_efuse_read_2;
3366	}
3367
3368#ifdef RAL_DEBUG
3369	/* read EEPROM version */
3370	val = rt2860_srom_read(sc, RT2860_EEPROM_VERSION);
3371	DPRINTF(("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff));
3372#endif
3373
3374	/* read MAC address */
3375	val = rt2860_srom_read(sc, RT2860_EEPROM_MAC01);
3376	macaddr[0] = val & 0xff;
3377	macaddr[1] = val >> 8;
3378	val = rt2860_srom_read(sc, RT2860_EEPROM_MAC23);
3379	macaddr[2] = val & 0xff;
3380	macaddr[3] = val >> 8;
3381	val = rt2860_srom_read(sc, RT2860_EEPROM_MAC45);
3382	macaddr[4] = val & 0xff;
3383	macaddr[5] = val >> 8;
3384
3385#ifdef RAL_DEBUG
3386	/* read country code */
3387	val = rt2860_srom_read(sc, RT2860_EEPROM_COUNTRY);
3388	DPRINTF(("EEPROM region code=0x%04x\n", val));
3389#endif
3390
3391	/* read vendor BBP settings */
3392	for (i = 0; i < 8; i++) {
3393		val = rt2860_srom_read(sc, RT2860_EEPROM_BBP_BASE + i);
3394		sc->bbp[i].val = val & 0xff;
3395		sc->bbp[i].reg = val >> 8;
3396		DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val));
3397	}
3398	if (sc->mac_ver >= 0x3071) {
3399		/* read vendor RF settings */
3400		for (i = 0; i < 10; i++) {
3401			val = rt2860_srom_read(sc, RT3071_EEPROM_RF_BASE + i);
3402			sc->rf[i].val = val & 0xff;
3403			sc->rf[i].reg = val >> 8;
3404			DPRINTF(("RF%d=0x%02x\n", sc->rf[i].reg,
3405			    sc->rf[i].val));
3406		}
3407	}
3408
3409	/* read RF frequency offset from EEPROM */
3410	val = rt2860_srom_read(sc, RT2860_EEPROM_FREQ_LEDS);
3411	sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
3412	DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff));
3413	if ((val >> 8) != 0xff) {
3414		/* read LEDs operating mode */
3415		sc->leds = val >> 8;
3416		sc->led[0] = rt2860_srom_read(sc, RT2860_EEPROM_LED1);
3417		sc->led[1] = rt2860_srom_read(sc, RT2860_EEPROM_LED2);
3418		sc->led[2] = rt2860_srom_read(sc, RT2860_EEPROM_LED3);
3419	} else {
3420		/* broken EEPROM, use default settings */
3421		sc->leds = 0x01;
3422		sc->led[0] = 0x5555;
3423		sc->led[1] = 0x2221;
3424		sc->led[2] = 0xa9f8;
3425	}
3426	DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
3427	    sc->leds, sc->led[0], sc->led[1], sc->led[2]));
3428
3429	/* read RF information */
3430	val = rt2860_srom_read(sc, RT2860_EEPROM_ANTENNA);
3431	if (sc->mac_ver >= 0x5390)
3432		sc->rf_rev = rt2860_srom_read(sc, RT2860_EEPROM_CHIPID);
3433	else
3434		sc->rf_rev = (val >> 8) & 0xf;
3435	sc->ntxchains = (val >> 4) & 0xf;
3436	sc->nrxchains = val & 0xf;
3437	DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
3438	    sc->rf_rev, sc->ntxchains, sc->nrxchains));
3439
3440	/* check if RF supports automatic Tx access gain control */
3441	val = rt2860_srom_read(sc, RT2860_EEPROM_CONFIG);
3442	DPRINTF(("EEPROM CFG 0x%04x\n", val));
3443	/* check if driver should patch the DAC issue */
3444	if ((val >> 8) != 0xff)
3445		sc->patch_dac = (val >> 15) & 1;
3446	if ((val & 0xff) != 0xff) {
3447		sc->ext_5ghz_lna = (val >> 3) & 1;
3448		sc->ext_2ghz_lna = (val >> 2) & 1;
3449		/* check if RF supports automatic Tx access gain control */
3450		sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */
3451		/* check if we have a hardware radio switch */
3452		sc->rfswitch = val & 1;
3453	}
3454	if (sc->sc_flags & RT2860_ADVANCED_PS) {
3455		/* read PCIe power save level */
3456		val = rt2860_srom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
3457		if ((val & 0xff) != 0xff) {
3458			sc->pslevel = val & 0x3;
3459			val = rt2860_srom_read(sc, RT2860_EEPROM_REV);
3460			if ((val & 0xff80) != 0x9280)
3461				sc->pslevel = MIN(sc->pslevel, 1);
3462			DPRINTF(("EEPROM PCIe PS Level=%d\n", sc->pslevel));
3463		}
3464	}
3465
3466	/* read power settings for 2GHz channels */
3467	for (i = 0; i < 14; i += 2) {
3468		val = rt2860_srom_read(sc,
3469		    RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
3470		sc->txpow1[i + 0] = (int8_t)(val & 0xff);
3471		sc->txpow1[i + 1] = (int8_t)(val >> 8);
3472
3473		if (sc->mac_ver != 0x5390) {
3474			val = rt2860_srom_read(sc,
3475			    RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
3476			sc->txpow2[i + 0] = (int8_t)(val & 0xff);
3477			sc->txpow2[i + 1] = (int8_t)(val >> 8);
3478		}
3479	}
3480	/* fix broken Tx power entries */
3481	for (i = 0; i < 14; i++) {
3482		if (sc->txpow1[i] < 0 ||
3483		    sc->txpow1[i] > ((sc->mac_ver >= 0x5390) ? 39 : 31))
3484			sc->txpow1[i] = 5;
3485		if (sc->mac_ver != 0x5390) {
3486			if (sc->txpow2[i] < 0 ||
3487			    sc->txpow2[i] > ((sc->mac_ver == 0x5392) ? 39 : 31))
3488				sc->txpow2[i] = 5;
3489		}
3490		DPRINTF(("chan %d: power1=%d, power2=%d\n",
3491		    rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]));
3492	}
3493	/* read power settings for 5GHz channels */
3494	for (i = 0; i < 40; i += 2) {
3495		val = rt2860_srom_read(sc,
3496		    RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
3497		sc->txpow1[i + 14] = (int8_t)(val & 0xff);
3498		sc->txpow1[i + 15] = (int8_t)(val >> 8);
3499
3500		val = rt2860_srom_read(sc,
3501		    RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
3502		sc->txpow2[i + 14] = (int8_t)(val & 0xff);
3503		sc->txpow2[i + 15] = (int8_t)(val >> 8);
3504	}
3505	/* fix broken Tx power entries */
3506	for (i = 0; i < 40; i++) {
3507		if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
3508			sc->txpow1[14 + i] = 5;
3509		if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
3510			sc->txpow2[14 + i] = 5;
3511		DPRINTF(("chan %d: power1=%d, power2=%d\n",
3512		    rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
3513		    sc->txpow2[14 + i]));
3514	}
3515
3516	/* read Tx power compensation for each Tx rate */
3517	val = rt2860_srom_read(sc, RT2860_EEPROM_DELTAPWR);
3518	delta_2ghz = delta_5ghz = 0;
3519	if ((val & 0xff) != 0xff && (val & 0x80)) {
3520		delta_2ghz = val & 0xf;
3521		if (!(val & 0x40))	/* negative number */
3522			delta_2ghz = -delta_2ghz;
3523	}
3524	val >>= 8;
3525	if ((val & 0xff) != 0xff && (val & 0x80)) {
3526		delta_5ghz = val & 0xf;
3527		if (!(val & 0x40))	/* negative number */
3528			delta_5ghz = -delta_5ghz;
3529	}
3530	DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
3531	    delta_2ghz, delta_5ghz));
3532
3533	for (ridx = 0; ridx < 5; ridx++) {
3534		uint32_t reg;
3535
3536		val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2);
3537		reg = val;
3538		val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1);
3539		reg |= (uint32_t)val << 16;
3540
3541		sc->txpow20mhz[ridx] = reg;
3542		sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
3543		sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
3544
3545		DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
3546		    "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
3547		    sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
3548	}
3549
3550	/* read factory-calibrated samples for temperature compensation */
3551	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
3552	sc->tssi_2ghz[0] = val & 0xff;	/* [-4] */
3553	sc->tssi_2ghz[1] = val >> 8;	/* [-3] */
3554	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
3555	sc->tssi_2ghz[2] = val & 0xff;	/* [-2] */
3556	sc->tssi_2ghz[3] = val >> 8;	/* [-1] */
3557	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
3558	sc->tssi_2ghz[4] = val & 0xff;	/* [+0] */
3559	sc->tssi_2ghz[5] = val >> 8;	/* [+1] */
3560	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
3561	sc->tssi_2ghz[6] = val & 0xff;	/* [+2] */
3562	sc->tssi_2ghz[7] = val >> 8;	/* [+3] */
3563	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
3564	sc->tssi_2ghz[8] = val & 0xff;	/* [+4] */
3565	sc->step_2ghz = val >> 8;
3566	DPRINTF(("TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
3567	    "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
3568	    sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
3569	    sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
3570	    sc->tssi_2ghz[8], sc->step_2ghz));
3571	/* check that ref value is correct, otherwise disable calibration */
3572	if (sc->tssi_2ghz[4] == 0xff)
3573		sc->calib_2ghz = 0;
3574
3575	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
3576	sc->tssi_5ghz[0] = val & 0xff;	/* [-4] */
3577	sc->tssi_5ghz[1] = val >> 8;	/* [-3] */
3578	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
3579	sc->tssi_5ghz[2] = val & 0xff;	/* [-2] */
3580	sc->tssi_5ghz[3] = val >> 8;	/* [-1] */
3581	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
3582	sc->tssi_5ghz[4] = val & 0xff;	/* [+0] */
3583	sc->tssi_5ghz[5] = val >> 8;	/* [+1] */
3584	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
3585	sc->tssi_5ghz[6] = val & 0xff;	/* [+2] */
3586	sc->tssi_5ghz[7] = val >> 8;	/* [+3] */
3587	val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
3588	sc->tssi_5ghz[8] = val & 0xff;	/* [+4] */
3589	sc->step_5ghz = val >> 8;
3590	DPRINTF(("TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
3591	    "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
3592	    sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
3593	    sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
3594	    sc->tssi_5ghz[8], sc->step_5ghz));
3595	/* check that ref value is correct, otherwise disable calibration */
3596	if (sc->tssi_5ghz[4] == 0xff)
3597		sc->calib_5ghz = 0;
3598
3599	/* read RSSI offsets and LNA gains from EEPROM */
3600	val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
3601	sc->rssi_2ghz[0] = val & 0xff;	/* Ant A */
3602	sc->rssi_2ghz[1] = val >> 8;	/* Ant B */
3603	val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
3604	if (sc->mac_ver >= 0x3071) {
3605		/*
3606		 * On RT3090 chips (limited to 2 Rx chains), this ROM
3607		 * field contains the Tx mixer gain for the 2GHz band.
3608		 */
3609		if ((val & 0xff) != 0xff)
3610			sc->txmixgain_2ghz = val & 0x7;
3611		DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
3612	} else
3613		sc->rssi_2ghz[2] = val & 0xff;	/* Ant C */
3614	sc->lna[2] = val >> 8;		/* channel group 2 */
3615
3616	val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
3617	sc->rssi_5ghz[0] = val & 0xff;	/* Ant A */
3618	sc->rssi_5ghz[1] = val >> 8;	/* Ant B */
3619	val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
3620	sc->rssi_5ghz[2] = val & 0xff;	/* Ant C */
3621	sc->lna[3] = val >> 8;		/* channel group 3 */
3622
3623	val = rt2860_srom_read(sc, RT2860_EEPROM_LNA);
3624	if (sc->mac_ver >= 0x3071)
3625		sc->lna[0] = RT3090_DEF_LNA;
3626	else				/* channel group 0 */
3627		sc->lna[0] = val & 0xff;
3628	sc->lna[1] = val >> 8;		/* channel group 1 */
3629
3630	/* fix broken 5GHz LNA entries */
3631	if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
3632		DPRINTF(("invalid LNA for channel group %d\n", 2));
3633		sc->lna[2] = sc->lna[1];
3634	}
3635	if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
3636		DPRINTF(("invalid LNA for channel group %d\n", 3));
3637		sc->lna[3] = sc->lna[1];
3638	}
3639
3640	/* fix broken RSSI offset entries */
3641	for (ant = 0; ant < 3; ant++) {
3642		if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
3643			DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
3644			    ant + 1, sc->rssi_2ghz[ant]));
3645			sc->rssi_2ghz[ant] = 0;
3646		}
3647		if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
3648			DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
3649			    ant + 1, sc->rssi_5ghz[ant]));
3650			sc->rssi_5ghz[ant] = 0;
3651		}
3652	}
3653
3654	return 0;
3655}
3656
3657static int
3658rt2860_bbp_init(struct rt2860_softc *sc)
3659{
3660	int i, ntries;
3661
3662	/* wait for BBP to wake up */
3663	for (ntries = 0; ntries < 20; ntries++) {
3664		uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
3665		if (bbp0 != 0 && bbp0 != 0xff)
3666			break;
3667	}
3668	if (ntries == 20) {
3669		device_printf(sc->sc_dev,
3670		    "timeout waiting for BBP to wake up\n");
3671		return (ETIMEDOUT);
3672	}
3673
3674	/* initialize BBP registers to default values */
3675	if (sc->mac_ver >= 0x5390)
3676		rt5390_bbp_init(sc);
3677	else {
3678		for (i = 0; i < nitems(rt2860_def_bbp); i++) {
3679			rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
3680			    rt2860_def_bbp[i].val);
3681		}
3682	}
3683
3684	/* fix BBP84 for RT2860E */
3685	if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
3686		rt2860_mcu_bbp_write(sc, 84, 0x19);
3687
3688	if (sc->mac_ver >= 0x3071) {
3689		rt2860_mcu_bbp_write(sc, 79, 0x13);
3690		rt2860_mcu_bbp_write(sc, 80, 0x05);
3691		rt2860_mcu_bbp_write(sc, 81, 0x33);
3692	} else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
3693		rt2860_mcu_bbp_write(sc, 69, 0x16);
3694		rt2860_mcu_bbp_write(sc, 73, 0x12);
3695	}
3696
3697	return 0;
3698}
3699
3700static void
3701rt5390_bbp_init(struct rt2860_softc *sc)
3702{
3703	uint8_t bbp;
3704	int i;
3705
3706	/* Apply maximum likelihood detection for 2 stream case. */
3707	if (sc->nrxchains > 1) {
3708		bbp = rt2860_mcu_bbp_read(sc, 105);
3709		rt2860_mcu_bbp_write(sc, 105, bbp | RT5390_MLD);
3710	}
3711
3712	/* Avoid data lost and CRC error. */
3713	bbp = rt2860_mcu_bbp_read(sc, 4);
3714	rt2860_mcu_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
3715
3716	for (i = 0; i < nitems(rt5390_def_bbp); i++) {
3717		rt2860_mcu_bbp_write(sc, rt5390_def_bbp[i].reg,
3718		    rt5390_def_bbp[i].val);
3719	}
3720
3721	if (sc->mac_ver == 0x5392) {
3722		rt2860_mcu_bbp_write(sc, 84, 0x9a);
3723		rt2860_mcu_bbp_write(sc, 95, 0x9a);
3724		rt2860_mcu_bbp_write(sc, 98, 0x12);
3725		rt2860_mcu_bbp_write(sc, 106, 0x05);
3726		rt2860_mcu_bbp_write(sc, 134, 0xd0);
3727		rt2860_mcu_bbp_write(sc, 135, 0xf6);
3728	}
3729
3730	bbp = rt2860_mcu_bbp_read(sc, 152);
3731	rt2860_mcu_bbp_write(sc, 152, bbp | 0x80);
3732
3733	/* Disable hardware antenna diversity. */
3734	if (sc->mac_ver == 0x5390)
3735		rt2860_mcu_bbp_write(sc, 154, 0);
3736}
3737
3738static int
3739rt2860_txrx_enable(struct rt2860_softc *sc)
3740{
3741	struct ieee80211com *ic = &sc->sc_ic;
3742	uint32_t tmp;
3743	int ntries;
3744
3745	/* enable Tx/Rx DMA engine */
3746	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
3747	RAL_BARRIER_READ_WRITE(sc);
3748	for (ntries = 0; ntries < 200; ntries++) {
3749		tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3750		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
3751			break;
3752		DELAY(1000);
3753	}
3754	if (ntries == 200) {
3755		device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
3756		return ETIMEDOUT;
3757	}
3758
3759	DELAY(50);
3760
3761	tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
3762	    RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
3763	RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3764
3765	/* set Rx filter */
3766	tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
3767	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
3768		tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
3769		    RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
3770		    RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
3771		    RT2860_DROP_CFACK | RT2860_DROP_CFEND;
3772		if (ic->ic_opmode == IEEE80211_M_STA)
3773			tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
3774	}
3775	RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
3776
3777	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
3778	    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
3779
3780	return 0;
3781}
3782
3783static void
3784rt2860_init(void *arg)
3785{
3786	struct rt2860_softc *sc = arg;
3787	struct ieee80211com *ic = &sc->sc_ic;
3788
3789	RAL_LOCK(sc);
3790	rt2860_init_locked(sc);
3791	RAL_UNLOCK(sc);
3792
3793	if (sc->sc_flags & RT2860_RUNNING)
3794		ieee80211_start_all(ic);
3795}
3796
3797static void
3798rt2860_init_locked(struct rt2860_softc *sc)
3799{
3800	struct ieee80211com *ic = &sc->sc_ic;
3801	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3802	uint32_t tmp;
3803	uint8_t bbp1, bbp3;
3804	int i, qid, ridx, ntries, error;
3805
3806	RAL_LOCK_ASSERT(sc);
3807
3808	if (sc->rfswitch) {
3809		/* hardware has a radio switch on GPIO pin 2 */
3810		if (!(RAL_READ(sc, RT2860_GPIO_CTRL) & (1 << 2))) {
3811			device_printf(sc->sc_dev,
3812			    "radio is disabled by hardware switch\n");
3813#ifdef notyet
3814			rt2860_stop_locked(sc);
3815			return;
3816#endif
3817		}
3818	}
3819	RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE);
3820
3821	/* disable DMA */
3822	tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3823	tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY |
3824	    RT2860_TX_DMA_EN);
3825	tmp |= RT2860_TX_WB_DDONE;
3826	RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3827
3828	/* reset DMA indexes */
3829	RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, RT2860_RST_DRX_IDX0 |
3830	    RT2860_RST_DTX_IDX5 | RT2860_RST_DTX_IDX4 | RT2860_RST_DTX_IDX3 |
3831	    RT2860_RST_DTX_IDX2 | RT2860_RST_DTX_IDX1 | RT2860_RST_DTX_IDX0);
3832
3833	/* PBF hardware reset */
3834	RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
3835	RAL_BARRIER_WRITE(sc);
3836	RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
3837
3838	if ((error = rt2860_load_microcode(sc)) != 0) {
3839		device_printf(sc->sc_dev, "could not load 8051 microcode\n");
3840		rt2860_stop_locked(sc);
3841		return;
3842	}
3843
3844	rt2860_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
3845
3846	/* init Tx power for all Tx rates (from EEPROM) */
3847	for (ridx = 0; ridx < 5; ridx++) {
3848		if (sc->txpow20mhz[ridx] == 0xffffffff)
3849			continue;
3850		RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
3851	}
3852
3853	for (ntries = 0; ntries < 100; ntries++) {
3854		tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3855		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
3856			break;
3857		DELAY(1000);
3858	}
3859	if (ntries == 100) {
3860		device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
3861		rt2860_stop_locked(sc);
3862		return;
3863	}
3864	tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY |
3865	    RT2860_TX_DMA_EN);
3866	tmp |= RT2860_TX_WB_DDONE;
3867	RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3868
3869	/* reset Rx ring and all 6 Tx rings */
3870	RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
3871
3872	/* PBF hardware reset */
3873	RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
3874	RAL_BARRIER_WRITE(sc);
3875	RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
3876
3877	RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE | RT2860_IO_RF_PE);
3878
3879	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
3880	RAL_BARRIER_WRITE(sc);
3881	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
3882
3883	for (i = 0; i < nitems(rt2860_def_mac); i++)
3884		RAL_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
3885	if (sc->mac_ver >= 0x5390)
3886		RAL_WRITE(sc, RT2860_TX_SW_CFG0, 0x00000404);
3887	else if (sc->mac_ver >= 0x3071) {
3888		/* set delay of PA_PE assertion to 1us (unit of 0.25us) */
3889		RAL_WRITE(sc, RT2860_TX_SW_CFG0,
3890		    4 << RT2860_DLY_PAPE_EN_SHIFT);
3891	}
3892
3893	if (!(RAL_READ(sc, RT2860_PCI_CFG) & RT2860_PCI_CFG_PCI)) {
3894		sc->sc_flags |= RT2860_PCIE;
3895		/* PCIe has different clock cycle count than PCI */
3896		tmp = RAL_READ(sc, RT2860_US_CYC_CNT);
3897		tmp = (tmp & ~0xff) | 0x7d;
3898		RAL_WRITE(sc, RT2860_US_CYC_CNT, tmp);
3899	}
3900
3901	/* wait while MAC is busy */
3902	for (ntries = 0; ntries < 100; ntries++) {
3903		if (!(RAL_READ(sc, RT2860_MAC_STATUS_REG) &
3904		    (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
3905			break;
3906		DELAY(1000);
3907	}
3908	if (ntries == 100) {
3909		device_printf(sc->sc_dev, "timeout waiting for MAC\n");
3910		rt2860_stop_locked(sc);
3911		return;
3912	}
3913
3914	/* clear Host to MCU mailbox */
3915	RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
3916	RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
3917
3918	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
3919	DELAY(1000);
3920
3921	if ((error = rt2860_bbp_init(sc)) != 0) {
3922		rt2860_stop_locked(sc);
3923		return;
3924	}
3925
3926	/* clear RX WCID search table */
3927	RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
3928	/* clear pairwise key table */
3929	RAL_SET_REGION_4(sc, RT2860_PKEY(0), 0, 2048);
3930	/* clear IV/EIV table */
3931	RAL_SET_REGION_4(sc, RT2860_IVEIV(0), 0, 512);
3932	/* clear WCID attribute table */
3933	RAL_SET_REGION_4(sc, RT2860_WCID_ATTR(0), 0, 256);
3934	/* clear shared key table */
3935	RAL_SET_REGION_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
3936	/* clear shared key mode */
3937	RAL_SET_REGION_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
3938
3939	/* init Tx rings (4 EDCAs + HCCA + Mgt) */
3940	for (qid = 0; qid < 6; qid++) {
3941		RAL_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
3942		RAL_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
3943		RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
3944	}
3945
3946	/* init Rx ring */
3947	RAL_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
3948	RAL_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
3949	RAL_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
3950
3951	/* setup maximum buffer sizes */
3952	RAL_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
3953	    (MCLBYTES - sizeof (struct rt2860_rxwi) - 2));
3954
3955	for (ntries = 0; ntries < 100; ntries++) {
3956		tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3957		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
3958			break;
3959		DELAY(1000);
3960	}
3961	if (ntries == 100) {
3962		device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
3963		rt2860_stop_locked(sc);
3964		return;
3965	}
3966	tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY |
3967	    RT2860_TX_DMA_EN);
3968	tmp |= RT2860_TX_WB_DDONE;
3969	RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3970
3971	/* disable interrupts mitigation */
3972	RAL_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
3973
3974	/* write vendor-specific BBP values (from EEPROM) */
3975	for (i = 0; i < 8; i++) {
3976		if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
3977			continue;
3978		rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
3979	}
3980
3981	/* select Main antenna for 1T1R devices */
3982	if (sc->rf_rev == RT3070_RF_2020 ||
3983	    sc->rf_rev == RT3070_RF_3020 ||
3984	    sc->rf_rev == RT3070_RF_3320 ||
3985	    sc->mac_ver == 0x5390)
3986		rt3090_set_rx_antenna(sc, 0);
3987
3988	/* send LEDs operating mode to microcontroller */
3989	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0], 0);
3990	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1], 0);
3991	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2], 0);
3992
3993	if (sc->mac_ver >= 0x5390)
3994		rt5390_rf_init(sc);
3995	else if (sc->mac_ver >= 0x3071) {
3996		if ((error = rt3090_rf_init(sc)) != 0) {
3997			rt2860_stop_locked(sc);
3998			return;
3999		}
4000	}
4001
4002	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_SLEEP, 0x02ff, 1);
4003	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_WAKEUP, 0, 1);
4004
4005	if (sc->mac_ver >= 0x5390)
4006		rt5390_rf_wakeup(sc);
4007	else if (sc->mac_ver >= 0x3071)
4008		rt3090_rf_wakeup(sc);
4009
4010	/* disable non-existing Rx chains */
4011	bbp3 = rt2860_mcu_bbp_read(sc, 3);
4012	bbp3 &= ~(1 << 3 | 1 << 4);
4013	if (sc->nrxchains == 2)
4014		bbp3 |= 1 << 3;
4015	else if (sc->nrxchains == 3)
4016		bbp3 |= 1 << 4;
4017	rt2860_mcu_bbp_write(sc, 3, bbp3);
4018
4019	/* disable non-existing Tx chains */
4020	bbp1 = rt2860_mcu_bbp_read(sc, 1);
4021	if (sc->ntxchains == 1)
4022		bbp1 = (bbp1 & ~(1 << 3 | 1 << 4));
4023	else if (sc->mac_ver == 0x3593 && sc->ntxchains == 2)
4024		bbp1 = (bbp1 & ~(1 << 4)) | 1 << 3;
4025	else if (sc->mac_ver == 0x3593 && sc->ntxchains == 3)
4026		bbp1 = (bbp1 & ~(1 << 3)) | 1 << 4;
4027	rt2860_mcu_bbp_write(sc, 1, bbp1);
4028
4029	if (sc->mac_ver >= 0x3071)
4030		rt3090_rf_setup(sc);
4031
4032	/* select default channel */
4033	rt2860_switch_chan(sc, ic->ic_curchan);
4034
4035	/* reset RF from MCU */
4036	rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
4037
4038	/* set RTS threshold */
4039	tmp = RAL_READ(sc, RT2860_TX_RTS_CFG);
4040	tmp &= ~0xffff00;
4041	tmp |= IEEE80211_RTS_DEFAULT << 8;
4042	RAL_WRITE(sc, RT2860_TX_RTS_CFG, tmp);
4043
4044	/* setup initial protection mode */
4045	rt2860_updateprot(sc);
4046
4047	/* turn radio LED on */
4048	rt2860_set_leds(sc, RT2860_LED_RADIO);
4049
4050	/* enable Tx/Rx DMA engine */
4051	if ((error = rt2860_txrx_enable(sc)) != 0) {
4052		rt2860_stop_locked(sc);
4053		return;
4054	}
4055
4056	/* clear pending interrupts */
4057	RAL_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
4058	/* enable interrupts */
4059	RAL_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
4060
4061	if (sc->sc_flags & RT2860_ADVANCED_PS)
4062		rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel, 0);
4063
4064	sc->sc_flags |= RT2860_RUNNING;
4065
4066	callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
4067}
4068
4069static void
4070rt2860_stop(void *arg)
4071{
4072	struct rt2860_softc *sc = arg;
4073
4074	RAL_LOCK(sc);
4075	rt2860_stop_locked(sc);
4076	RAL_UNLOCK(sc);
4077}
4078
4079static void
4080rt2860_stop_locked(struct rt2860_softc *sc)
4081{
4082	uint32_t tmp;
4083	int qid;
4084
4085	if (sc->sc_flags & RT2860_RUNNING)
4086		rt2860_set_leds(sc, 0);	/* turn all LEDs off */
4087
4088	callout_stop(&sc->watchdog_ch);
4089	sc->sc_tx_timer = 0;
4090	sc->sc_flags &= ~RT2860_RUNNING;
4091
4092	/* disable interrupts */
4093	RAL_WRITE(sc, RT2860_INT_MASK, 0);
4094
4095	/* disable GP timer */
4096	rt2860_set_gp_timer(sc, 0);
4097
4098	/* disable Rx */
4099	tmp = RAL_READ(sc, RT2860_MAC_SYS_CTRL);
4100	tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4101	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
4102
4103	/* reset adapter */
4104	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
4105	RAL_BARRIER_WRITE(sc);
4106	RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
4107
4108	/* reset Tx and Rx rings (and reclaim TXWIs) */
4109	sc->qfullmsk = 0;
4110	for (qid = 0; qid < 6; qid++)
4111		rt2860_reset_tx_ring(sc, &sc->txq[qid]);
4112	rt2860_reset_rx_ring(sc, &sc->rxq);
4113}
4114
4115int
4116rt2860_load_microcode(struct rt2860_softc *sc)
4117{
4118	const struct firmware *fp;
4119	int ntries, error;
4120
4121	RAL_LOCK_ASSERT(sc);
4122
4123	RAL_UNLOCK(sc);
4124	fp = firmware_get("rt2860fw");
4125	RAL_LOCK(sc);
4126	if (fp == NULL) {
4127		device_printf(sc->sc_dev,
4128		    "unable to receive rt2860fw firmware image\n");
4129		return EINVAL;
4130	}
4131
4132	/* set "host program ram write selection" bit */
4133	RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
4134	/* write microcode image */
4135	RAL_WRITE_REGION_1(sc, RT2860_FW_BASE, fp->data, fp->datasize);
4136	/* kick microcontroller unit */
4137	RAL_WRITE(sc, RT2860_SYS_CTRL, 0);
4138	RAL_BARRIER_WRITE(sc);
4139	RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
4140
4141	RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
4142	RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
4143
4144	/* wait until microcontroller is ready */
4145	RAL_BARRIER_READ_WRITE(sc);
4146	for (ntries = 0; ntries < 1000; ntries++) {
4147		if (RAL_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
4148			break;
4149		DELAY(1000);
4150	}
4151	if (ntries == 1000) {
4152		device_printf(sc->sc_dev,
4153		    "timeout waiting for MCU to initialize\n");
4154		error = ETIMEDOUT;
4155	} else
4156		error = 0;
4157
4158	firmware_put(fp, FIRMWARE_UNLOAD);
4159	return error;
4160}
4161
4162/*
4163 * This function is called periodically to adjust Tx power based on
4164 * temperature variation.
4165 */
4166#ifdef NOT_YET
4167static void
4168rt2860_calib(struct rt2860_softc *sc)
4169{
4170	struct ieee80211com *ic = &sc->sc_ic;
4171	const uint8_t *tssi;
4172	uint8_t step, bbp49;
4173	int8_t ridx, d;
4174
4175	/* read current temperature */
4176	bbp49 = rt2860_mcu_bbp_read(sc, 49);
4177
4178	if (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan)) {
4179		tssi = &sc->tssi_2ghz[4];
4180		step = sc->step_2ghz;
4181	} else {
4182		tssi = &sc->tssi_5ghz[4];
4183		step = sc->step_5ghz;
4184	}
4185
4186	if (bbp49 < tssi[0]) {		/* lower than reference */
4187		/* use higher Tx power than default */
4188		for (d = 0; d > -4 && bbp49 <= tssi[d - 1]; d--);
4189	} else if (bbp49 > tssi[0]) {	/* greater than reference */
4190		/* use lower Tx power than default */
4191		for (d = 0; d < +4 && bbp49 >= tssi[d + 1]; d++);
4192	} else {
4193		/* use default Tx power */
4194		d = 0;
4195	}
4196	d *= step;
4197
4198	DPRINTF(("BBP49=0x%02x, adjusting Tx power by %d\n", bbp49, d));
4199
4200	/* write adjusted Tx power values for each Tx rate */
4201	for (ridx = 0; ridx < 5; ridx++) {
4202		if (sc->txpow20mhz[ridx] == 0xffffffff)
4203			continue;
4204		RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx),
4205		    b4inc(sc->txpow20mhz[ridx], d));
4206	}
4207}
4208#endif
4209
4210static void
4211rt3090_set_rx_antenna(struct rt2860_softc *sc, int aux)
4212{
4213	uint32_t tmp;
4214
4215	if (aux) {
4216		if (sc->mac_ver == 0x5390) {
4217			rt2860_mcu_bbp_write(sc, 152,
4218			    rt2860_mcu_bbp_read(sc, 152) & ~0x80);
4219		} else {
4220			tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
4221			RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C);
4222			tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
4223			RAL_WRITE(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4224		}
4225	} else {
4226		if (sc->mac_ver == 0x5390) {
4227			rt2860_mcu_bbp_write(sc, 152,
4228			    rt2860_mcu_bbp_read(sc, 152) | 0x80);
4229		} else {
4230			tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
4231			RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp | RT2860_C);
4232			tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
4233			RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4234		}
4235	}
4236}
4237
4238static void
4239rt2860_switch_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
4240{
4241	struct ieee80211com *ic = &sc->sc_ic;
4242	u_int chan, group;
4243
4244	chan = ieee80211_chan2ieee(ic, c);
4245	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4246		return;
4247
4248	if (sc->mac_ver >= 0x5390)
4249		rt5390_set_chan(sc, chan);
4250	else if (sc->mac_ver >= 0x3071)
4251		rt3090_set_chan(sc, chan);
4252	else
4253		rt2860_set_chan(sc, chan);
4254
4255	/* determine channel group */
4256	if (chan <= 14)
4257		group = 0;
4258	else if (chan <= 64)
4259		group = 1;
4260	else if (chan <= 128)
4261		group = 2;
4262	else
4263		group = 3;
4264
4265	/* XXX necessary only when group has changed! */
4266	if (sc->mac_ver < 0x5390)
4267		rt2860_select_chan_group(sc, group);
4268
4269	DELAY(1000);
4270}
4271
4272static int
4273rt2860_setup_beacon(struct rt2860_softc *sc, struct ieee80211vap *vap)
4274{
4275	struct ieee80211com *ic = vap->iv_ic;
4276	struct rt2860_txwi txwi;
4277	struct mbuf *m;
4278	int ridx;
4279
4280	if ((m = ieee80211_beacon_alloc(vap->iv_bss)) == NULL)
4281		return ENOBUFS;
4282
4283	memset(&txwi, 0, sizeof txwi);
4284	txwi.wcid = 0xff;
4285	txwi.len = htole16(m->m_pkthdr.len);
4286	/* send beacons at the lowest available rate */
4287	ridx = IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan) ?
4288	    RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4289	txwi.phy = htole16(rt2860_rates[ridx].mcs);
4290	if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4291		txwi.phy |= htole16(RT2860_PHY_OFDM);
4292	txwi.txop = RT2860_TX_TXOP_HT;
4293	txwi.flags = RT2860_TX_TS;
4294	txwi.xflags = RT2860_TX_NSEQ;
4295
4296	RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0),
4297	    (uint8_t *)&txwi, sizeof txwi);
4298	RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0) + sizeof txwi,
4299	    mtod(m, uint8_t *), m->m_pkthdr.len);
4300
4301	m_freem(m);
4302
4303	return 0;
4304}
4305
4306static void
4307rt2860_enable_tsf_sync(struct rt2860_softc *sc)
4308{
4309	struct ieee80211com *ic = &sc->sc_ic;
4310	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4311	uint32_t tmp;
4312
4313	tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
4314
4315	tmp &= ~0x1fffff;
4316	tmp |= vap->iv_bss->ni_intval * 16;
4317	tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
4318	if (vap->iv_opmode == IEEE80211_M_STA) {
4319		/*
4320		 * Local TSF is always updated with remote TSF on beacon
4321		 * reception.
4322		 */
4323		tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
4324	}
4325	else if (vap->iv_opmode == IEEE80211_M_IBSS ||
4326	    vap->iv_opmode == IEEE80211_M_MBSS) {
4327		tmp |= RT2860_BCN_TX_EN;
4328		/*
4329		 * Local TSF is updated with remote TSF on beacon reception
4330		 * only if the remote TSF is greater than local TSF.
4331		 */
4332		tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
4333	} else if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
4334		tmp |= RT2860_BCN_TX_EN;
4335		/* SYNC with nobody */
4336		tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
4337	}
4338
4339	RAL_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
4340}
4341