Loading...
Note: File does not exist in v3.1.
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *
4 * Bluetooth support for Intel PCIe devices
5 *
6 * Copyright (C) 2024 Intel Corporation
7 */
8
9#include <linux/kernel.h>
10#include <linux/module.h>
11#include <linux/firmware.h>
12#include <linux/pci.h>
13#include <linux/wait.h>
14#include <linux/delay.h>
15#include <linux/interrupt.h>
16
17#include <linux/unaligned.h>
18
19#include <net/bluetooth/bluetooth.h>
20#include <net/bluetooth/hci_core.h>
21
22#include "btintel.h"
23#include "btintel_pcie.h"
24
25#define VERSION "0.1"
26
27#define BTINTEL_PCI_DEVICE(dev, subdev) \
28 .vendor = PCI_VENDOR_ID_INTEL, \
29 .device = (dev), \
30 .subvendor = PCI_ANY_ID, \
31 .subdevice = (subdev), \
32 .driver_data = 0
33
34#define POLL_INTERVAL_US 10
35
36/* Intel Bluetooth PCIe device id table */
37static const struct pci_device_id btintel_pcie_table[] = {
38 { BTINTEL_PCI_DEVICE(0xA876, PCI_ANY_ID) },
39 { 0 }
40};
41MODULE_DEVICE_TABLE(pci, btintel_pcie_table);
42
43/* Intel PCIe uses 4 bytes of HCI type instead of 1 byte BT SIG HCI type */
44#define BTINTEL_PCIE_HCI_TYPE_LEN 4
45#define BTINTEL_PCIE_HCI_CMD_PKT 0x00000001
46#define BTINTEL_PCIE_HCI_ACL_PKT 0x00000002
47#define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003
48#define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004
49#define BTINTEL_PCIE_HCI_ISO_PKT 0x00000005
50
51/* Alive interrupt context */
52enum {
53 BTINTEL_PCIE_ROM,
54 BTINTEL_PCIE_FW_DL,
55 BTINTEL_PCIE_HCI_RESET,
56 BTINTEL_PCIE_INTEL_HCI_RESET1,
57 BTINTEL_PCIE_INTEL_HCI_RESET2,
58 BTINTEL_PCIE_D0,
59 BTINTEL_PCIE_D3
60};
61
62static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia,
63 u16 queue_num)
64{
65 bt_dev_dbg(hdev, "IA: %s: tr-h:%02u tr-t:%02u cr-h:%02u cr-t:%02u",
66 queue_num == BTINTEL_PCIE_TXQ_NUM ? "TXQ" : "RXQ",
67 ia->tr_hia[queue_num], ia->tr_tia[queue_num],
68 ia->cr_hia[queue_num], ia->cr_tia[queue_num]);
69}
70
71static inline void ipc_print_urbd1(struct hci_dev *hdev, struct urbd1 *urbd1,
72 u16 index)
73{
74 bt_dev_dbg(hdev, "RXQ:urbd1(%u) frbd_tag:%u status: 0x%x fixed:0x%x",
75 index, urbd1->frbd_tag, urbd1->status, urbd1->fixed);
76}
77
78static struct btintel_pcie_data *btintel_pcie_get_data(struct msix_entry *entry)
79{
80 u8 queue = entry->entry;
81 struct msix_entry *entries = entry - queue;
82
83 return container_of(entries, struct btintel_pcie_data, msix_entries[0]);
84}
85
86/* Set the doorbell for TXQ to notify the device that @index (actually index-1)
87 * of the TFD is updated and ready to transmit.
88 */
89static void btintel_pcie_set_tx_db(struct btintel_pcie_data *data, u16 index)
90{
91 u32 val;
92
93 val = index;
94 val |= (BTINTEL_PCIE_TX_DB_VEC << 16);
95
96 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
97}
98
99/* Copy the data to next(@tfd_index) data buffer and update the TFD(transfer
100 * descriptor) with the data length and the DMA address of the data buffer.
101 */
102static void btintel_pcie_prepare_tx(struct txq *txq, u16 tfd_index,
103 struct sk_buff *skb)
104{
105 struct data_buf *buf;
106 struct tfd *tfd;
107
108 tfd = &txq->tfds[tfd_index];
109 memset(tfd, 0, sizeof(*tfd));
110
111 buf = &txq->bufs[tfd_index];
112
113 tfd->size = skb->len;
114 tfd->addr = buf->data_p_addr;
115
116 /* Copy the outgoing data to DMA buffer */
117 memcpy(buf->data, skb->data, tfd->size);
118}
119
120static int btintel_pcie_send_sync(struct btintel_pcie_data *data,
121 struct sk_buff *skb)
122{
123 int ret;
124 u16 tfd_index;
125 struct txq *txq = &data->txq;
126
127 tfd_index = data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM];
128
129 if (tfd_index > txq->count)
130 return -ERANGE;
131
132 /* Prepare for TX. It updates the TFD with the length of data and
133 * address of the DMA buffer, and copy the data to the DMA buffer
134 */
135 btintel_pcie_prepare_tx(txq, tfd_index, skb);
136
137 tfd_index = (tfd_index + 1) % txq->count;
138 data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM] = tfd_index;
139
140 /* Arm wait event condition */
141 data->tx_wait_done = false;
142
143 /* Set the doorbell to notify the device */
144 btintel_pcie_set_tx_db(data, tfd_index);
145
146 /* Wait for the complete interrupt - URBD0 */
147 ret = wait_event_timeout(data->tx_wait_q, data->tx_wait_done,
148 msecs_to_jiffies(BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS));
149 if (!ret)
150 return -ETIME;
151
152 return 0;
153}
154
155/* Set the doorbell for RXQ to notify the device that @index (actually index-1)
156 * is available to receive the data
157 */
158static void btintel_pcie_set_rx_db(struct btintel_pcie_data *data, u16 index)
159{
160 u32 val;
161
162 val = index;
163 val |= (BTINTEL_PCIE_RX_DB_VEC << 16);
164
165 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
166}
167
168/* Update the FRBD (free buffer descriptor) with the @frbd_index and the
169 * DMA address of the free buffer.
170 */
171static void btintel_pcie_prepare_rx(struct rxq *rxq, u16 frbd_index)
172{
173 struct data_buf *buf;
174 struct frbd *frbd;
175
176 /* Get the buffer of the FRBD for DMA */
177 buf = &rxq->bufs[frbd_index];
178
179 frbd = &rxq->frbds[frbd_index];
180 memset(frbd, 0, sizeof(*frbd));
181
182 /* Update FRBD */
183 frbd->tag = frbd_index;
184 frbd->addr = buf->data_p_addr;
185}
186
187static int btintel_pcie_submit_rx(struct btintel_pcie_data *data)
188{
189 u16 frbd_index;
190 struct rxq *rxq = &data->rxq;
191
192 frbd_index = data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM];
193
194 if (frbd_index > rxq->count)
195 return -ERANGE;
196
197 /* Prepare for RX submit. It updates the FRBD with the address of DMA
198 * buffer
199 */
200 btintel_pcie_prepare_rx(rxq, frbd_index);
201
202 frbd_index = (frbd_index + 1) % rxq->count;
203 data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM] = frbd_index;
204 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
205
206 /* Set the doorbell to notify the device */
207 btintel_pcie_set_rx_db(data, frbd_index);
208
209 return 0;
210}
211
212static int btintel_pcie_start_rx(struct btintel_pcie_data *data)
213{
214 int i, ret;
215
216 for (i = 0; i < BTINTEL_PCIE_RX_MAX_QUEUE; i++) {
217 ret = btintel_pcie_submit_rx(data);
218 if (ret)
219 return ret;
220 }
221
222 return 0;
223}
224
225static void btintel_pcie_reset_ia(struct btintel_pcie_data *data)
226{
227 memset(data->ia.tr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
228 memset(data->ia.tr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
229 memset(data->ia.cr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
230 memset(data->ia.cr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
231}
232
233static int btintel_pcie_reset_bt(struct btintel_pcie_data *data)
234{
235 u32 reg;
236 int retry = 3;
237
238 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
239
240 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
241 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT |
242 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
243 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON;
244
245 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
246
247 do {
248 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
249 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_STS)
250 break;
251 usleep_range(10000, 12000);
252
253 } while (--retry > 0);
254 usleep_range(10000, 12000);
255
256 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
257
258 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
259 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT |
260 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
261 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET;
262 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
263 usleep_range(10000, 12000);
264
265 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
266 bt_dev_dbg(data->hdev, "csr register after reset: 0x%8.8x", reg);
267
268 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG);
269
270 /* If shared hardware reset is success then boot stage register shall be
271 * set to 0
272 */
273 return reg == 0 ? 0 : -ENODEV;
274}
275
276/* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in
277 * BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with
278 * BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0.
279 * Then the host reads firmware version from BTINTEL_CSR_F2D_MBX and the boot stage
280 * from BTINTEL_PCIE_CSR_BOOT_STAGE_REG.
281 */
282static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
283{
284 int err;
285 u32 reg;
286
287 data->gp0_received = false;
288
289 /* Update the DMA address of CI struct to CSR */
290 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG,
291 data->ci_p_addr & 0xffffffff);
292 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG,
293 (u64)data->ci_p_addr >> 32);
294
295 /* Reset the cached value of boot stage. it is updated by the MSI-X
296 * gp0 interrupt handler.
297 */
298 data->boot_stage_cache = 0x0;
299
300 /* Set MAC_INIT bit to start primary bootloader */
301 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
302 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT |
303 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON |
304 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET);
305 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
306 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT);
307
308 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
309
310 /* MAC is ready. Enable BT FUNC */
311 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
312 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
313
314 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
315
316 /* wait for interrupt from the device after booting up to primary
317 * bootloader.
318 */
319 data->alive_intr_ctxt = BTINTEL_PCIE_ROM;
320 err = wait_event_timeout(data->gp0_wait_q, data->gp0_received,
321 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
322 if (!err)
323 return -ETIME;
324
325 /* Check cached boot stage is BTINTEL_PCIE_CSR_BOOT_STAGE_ROM(BIT(0)) */
326 if (~data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM)
327 return -ENODEV;
328
329 return 0;
330}
331
332/* BIT(0) - ROM, BIT(1) - IML and BIT(3) - OP
333 * Sometimes during firmware image switching from ROM to IML or IML to OP image,
334 * the previous image bit is not cleared by firmware when alive interrupt is
335 * received. Driver needs to take care of these sticky bits when deciding the
336 * current image running on controller.
337 * Ex: 0x10 and 0x11 - both represents that controller is running IML
338 */
339static inline bool btintel_pcie_in_rom(struct btintel_pcie_data *data)
340{
341 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM &&
342 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML) &&
343 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
344}
345
346static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data)
347{
348 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW;
349}
350
351static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data)
352{
353 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML &&
354 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
355}
356
357static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data)
358{
359 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY;
360}
361
362static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data)
363{
364 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY);
365}
366
367static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data,
368 u32 dxstate)
369{
370 bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate);
371 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate);
372}
373
374static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)
375{
376 switch (alive_intr_ctxt) {
377 case BTINTEL_PCIE_ROM:
378 return "rom";
379 case BTINTEL_PCIE_FW_DL:
380 return "fw_dl";
381 case BTINTEL_PCIE_D0:
382 return "d0";
383 case BTINTEL_PCIE_D3:
384 return "d3";
385 case BTINTEL_PCIE_HCI_RESET:
386 return "hci_reset";
387 case BTINTEL_PCIE_INTEL_HCI_RESET1:
388 return "intel_reset1";
389 case BTINTEL_PCIE_INTEL_HCI_RESET2:
390 return "intel_reset2";
391 default:
392 return "unknown";
393 }
394}
395
396/* This function handles the MSI-X interrupt for gp0 cause (bit 0 in
397 * BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response.
398 */
399static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data)
400{
401 bool submit_rx, signal_waitq;
402 u32 reg, old_ctxt;
403
404 /* This interrupt is for three different causes and it is not easy to
405 * know what causes the interrupt. So, it compares each register value
406 * with cached value and update it before it wake up the queue.
407 */
408 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG);
409 if (reg != data->boot_stage_cache)
410 data->boot_stage_cache = reg;
411
412 bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x",
413 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt),
414 data->boot_stage_cache, reg);
415 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG);
416 if (reg != data->img_resp_cache)
417 data->img_resp_cache = reg;
418
419 data->gp0_received = true;
420
421 old_ctxt = data->alive_intr_ctxt;
422 submit_rx = false;
423 signal_waitq = false;
424
425 switch (data->alive_intr_ctxt) {
426 case BTINTEL_PCIE_ROM:
427 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
428 signal_waitq = true;
429 break;
430 case BTINTEL_PCIE_FW_DL:
431 /* Error case is already handled. Ideally control shall not
432 * reach here
433 */
434 break;
435 case BTINTEL_PCIE_INTEL_HCI_RESET1:
436 if (btintel_pcie_in_op(data)) {
437 submit_rx = true;
438 break;
439 }
440
441 if (btintel_pcie_in_iml(data)) {
442 submit_rx = true;
443 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
444 break;
445 }
446 break;
447 case BTINTEL_PCIE_INTEL_HCI_RESET2:
448 if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) {
449 btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0);
450 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
451 }
452 break;
453 case BTINTEL_PCIE_D0:
454 if (btintel_pcie_in_d3(data)) {
455 data->alive_intr_ctxt = BTINTEL_PCIE_D3;
456 signal_waitq = true;
457 break;
458 }
459 break;
460 case BTINTEL_PCIE_D3:
461 if (btintel_pcie_in_d0(data)) {
462 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
463 submit_rx = true;
464 signal_waitq = true;
465 break;
466 }
467 break;
468 case BTINTEL_PCIE_HCI_RESET:
469 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
470 submit_rx = true;
471 signal_waitq = true;
472 break;
473 default:
474 bt_dev_err(data->hdev, "Unknown state: 0x%2.2x",
475 data->alive_intr_ctxt);
476 break;
477 }
478
479 if (submit_rx) {
480 btintel_pcie_reset_ia(data);
481 btintel_pcie_start_rx(data);
482 }
483
484 if (signal_waitq) {
485 bt_dev_dbg(data->hdev, "wake up gp0 wait_q");
486 wake_up(&data->gp0_wait_q);
487 }
488
489 if (old_ctxt != data->alive_intr_ctxt)
490 bt_dev_dbg(data->hdev, "alive context changed: %s -> %s",
491 btintel_pcie_alivectxt_state2str(old_ctxt),
492 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
493}
494
495/* This function handles the MSX-X interrupt for rx queue 0 which is for TX
496 */
497static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data)
498{
499 u16 cr_tia, cr_hia;
500 struct txq *txq;
501 struct urbd0 *urbd0;
502
503 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM];
504 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM];
505
506 if (cr_tia == cr_hia)
507 return;
508
509 txq = &data->txq;
510
511 while (cr_tia != cr_hia) {
512 data->tx_wait_done = true;
513 wake_up(&data->tx_wait_q);
514
515 urbd0 = &txq->urbd0s[cr_tia];
516
517 if (urbd0->tfd_index > txq->count)
518 return;
519
520 cr_tia = (cr_tia + 1) % txq->count;
521 data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] = cr_tia;
522 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_TXQ_NUM);
523 }
524}
525
526static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
527{
528 struct hci_event_hdr *hdr = (void *)skb->data;
529 const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
530 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
531
532 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
533 hdr->plen > 0) {
534 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
535 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
536
537 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
538 switch (skb->data[2]) {
539 case 0x02:
540 /* When switching to the operational firmware
541 * the device sends a vendor specific event
542 * indicating that the bootup completed.
543 */
544 btintel_bootup(hdev, ptr, len);
545
546 /* If bootup event is from operational image,
547 * driver needs to write sleep control register to
548 * move into D0 state
549 */
550 if (btintel_pcie_in_op(data)) {
551 btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0);
552 data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2;
553 kfree_skb(skb);
554 return 0;
555 }
556
557 if (btintel_pcie_in_iml(data)) {
558 /* In case of IML, there is no concept
559 * of D0 transition. Just mimic as if
560 * IML moved to D0 by clearing INTEL_WAIT_FOR_D0
561 * bit and waking up the task waiting on
562 * INTEL_WAIT_FOR_D0. This is required
563 * as intel_boot() is common function for
564 * both IML and OP image loading.
565 */
566 if (btintel_test_and_clear_flag(data->hdev,
567 INTEL_WAIT_FOR_D0))
568 btintel_wake_up_flag(data->hdev,
569 INTEL_WAIT_FOR_D0);
570 }
571 kfree_skb(skb);
572 return 0;
573 case 0x06:
574 /* When the firmware loading completes the
575 * device sends out a vendor specific event
576 * indicating the result of the firmware
577 * loading.
578 */
579 btintel_secure_send_result(hdev, ptr, len);
580 kfree_skb(skb);
581 return 0;
582 }
583 }
584
585 /* Handle all diagnostics events separately. May still call
586 * hci_recv_frame.
587 */
588 if (len >= sizeof(diagnostics_hdr) &&
589 memcmp(&skb->data[2], diagnostics_hdr,
590 sizeof(diagnostics_hdr)) == 0) {
591 return btintel_diagnostics(hdev, skb);
592 }
593
594 /* This is a debug event that comes from IML and OP image when it
595 * starts execution. There is no need pass this event to stack.
596 */
597 if (skb->data[2] == 0x97)
598 return 0;
599 }
600
601 return hci_recv_frame(hdev, skb);
602}
603/* Process the received rx data
604 * It check the frame header to identify the data type and create skb
605 * and calling HCI API
606 */
607static int btintel_pcie_recv_frame(struct btintel_pcie_data *data,
608 struct sk_buff *skb)
609{
610 int ret;
611 u8 pkt_type;
612 u16 plen;
613 u32 pcie_pkt_type;
614 struct sk_buff *new_skb;
615 void *pdata;
616 struct hci_dev *hdev = data->hdev;
617
618 spin_lock(&data->hci_rx_lock);
619
620 /* The first 4 bytes indicates the Intel PCIe specific packet type */
621 pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN);
622 if (!pdata) {
623 bt_dev_err(hdev, "Corrupted packet received");
624 ret = -EILSEQ;
625 goto exit_error;
626 }
627
628 pcie_pkt_type = get_unaligned_le32(pdata);
629
630 switch (pcie_pkt_type) {
631 case BTINTEL_PCIE_HCI_ACL_PKT:
632 if (skb->len >= HCI_ACL_HDR_SIZE) {
633 plen = HCI_ACL_HDR_SIZE + __le16_to_cpu(hci_acl_hdr(skb)->dlen);
634 pkt_type = HCI_ACLDATA_PKT;
635 } else {
636 bt_dev_err(hdev, "ACL packet is too short");
637 ret = -EILSEQ;
638 goto exit_error;
639 }
640 break;
641
642 case BTINTEL_PCIE_HCI_SCO_PKT:
643 if (skb->len >= HCI_SCO_HDR_SIZE) {
644 plen = HCI_SCO_HDR_SIZE + hci_sco_hdr(skb)->dlen;
645 pkt_type = HCI_SCODATA_PKT;
646 } else {
647 bt_dev_err(hdev, "SCO packet is too short");
648 ret = -EILSEQ;
649 goto exit_error;
650 }
651 break;
652
653 case BTINTEL_PCIE_HCI_EVT_PKT:
654 if (skb->len >= HCI_EVENT_HDR_SIZE) {
655 plen = HCI_EVENT_HDR_SIZE + hci_event_hdr(skb)->plen;
656 pkt_type = HCI_EVENT_PKT;
657 } else {
658 bt_dev_err(hdev, "Event packet is too short");
659 ret = -EILSEQ;
660 goto exit_error;
661 }
662 break;
663
664 case BTINTEL_PCIE_HCI_ISO_PKT:
665 if (skb->len >= HCI_ISO_HDR_SIZE) {
666 plen = HCI_ISO_HDR_SIZE + __le16_to_cpu(hci_iso_hdr(skb)->dlen);
667 pkt_type = HCI_ISODATA_PKT;
668 } else {
669 bt_dev_err(hdev, "ISO packet is too short");
670 ret = -EILSEQ;
671 goto exit_error;
672 }
673 break;
674
675 default:
676 bt_dev_err(hdev, "Invalid packet type received: 0x%4.4x",
677 pcie_pkt_type);
678 ret = -EINVAL;
679 goto exit_error;
680 }
681
682 if (skb->len < plen) {
683 bt_dev_err(hdev, "Received corrupted packet. type: 0x%2.2x",
684 pkt_type);
685 ret = -EILSEQ;
686 goto exit_error;
687 }
688
689 bt_dev_dbg(hdev, "pkt_type: 0x%2.2x len: %u", pkt_type, plen);
690
691 new_skb = bt_skb_alloc(plen, GFP_ATOMIC);
692 if (!new_skb) {
693 bt_dev_err(hdev, "Failed to allocate memory for skb of len: %u",
694 skb->len);
695 ret = -ENOMEM;
696 goto exit_error;
697 }
698
699 hci_skb_pkt_type(new_skb) = pkt_type;
700 skb_put_data(new_skb, skb->data, plen);
701 hdev->stat.byte_rx += plen;
702
703 if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT)
704 ret = btintel_pcie_recv_event(hdev, new_skb);
705 else
706 ret = hci_recv_frame(hdev, new_skb);
707
708exit_error:
709 if (ret)
710 hdev->stat.err_rx++;
711
712 spin_unlock(&data->hci_rx_lock);
713
714 return ret;
715}
716
717static void btintel_pcie_rx_work(struct work_struct *work)
718{
719 struct btintel_pcie_data *data = container_of(work,
720 struct btintel_pcie_data, rx_work);
721 struct sk_buff *skb;
722 int err;
723 struct hci_dev *hdev = data->hdev;
724
725 /* Process the sk_buf in queue and send to the HCI layer */
726 while ((skb = skb_dequeue(&data->rx_skb_q))) {
727 err = btintel_pcie_recv_frame(data, skb);
728 if (err)
729 bt_dev_err(hdev, "Failed to send received frame: %d",
730 err);
731 kfree_skb(skb);
732 }
733}
734
735/* create sk_buff with data and save it to queue and start RX work */
736static int btintel_pcie_submit_rx_work(struct btintel_pcie_data *data, u8 status,
737 void *buf)
738{
739 int ret, len;
740 struct rfh_hdr *rfh_hdr;
741 struct sk_buff *skb;
742
743 rfh_hdr = buf;
744
745 len = rfh_hdr->packet_len;
746 if (len <= 0) {
747 ret = -EINVAL;
748 goto resubmit;
749 }
750
751 /* Remove RFH header */
752 buf += sizeof(*rfh_hdr);
753
754 skb = alloc_skb(len, GFP_ATOMIC);
755 if (!skb)
756 goto resubmit;
757
758 skb_put_data(skb, buf, len);
759 skb_queue_tail(&data->rx_skb_q, skb);
760 queue_work(data->workqueue, &data->rx_work);
761
762resubmit:
763 ret = btintel_pcie_submit_rx(data);
764
765 return ret;
766}
767
768/* Handles the MSI-X interrupt for rx queue 1 which is for RX */
769static void btintel_pcie_msix_rx_handle(struct btintel_pcie_data *data)
770{
771 u16 cr_hia, cr_tia;
772 struct rxq *rxq;
773 struct urbd1 *urbd1;
774 struct data_buf *buf;
775 int ret;
776 struct hci_dev *hdev = data->hdev;
777
778 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM];
779 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM];
780
781 bt_dev_dbg(hdev, "RXQ: cr_hia: %u cr_tia: %u", cr_hia, cr_tia);
782
783 /* Check CR_TIA and CR_HIA for change */
784 if (cr_tia == cr_hia) {
785 bt_dev_warn(hdev, "RXQ: no new CD found");
786 return;
787 }
788
789 rxq = &data->rxq;
790
791 /* The firmware sends multiple CD in a single MSI-X and it needs to
792 * process all received CDs in this interrupt.
793 */
794 while (cr_tia != cr_hia) {
795 urbd1 = &rxq->urbd1s[cr_tia];
796 ipc_print_urbd1(data->hdev, urbd1, cr_tia);
797
798 buf = &rxq->bufs[urbd1->frbd_tag];
799 if (!buf) {
800 bt_dev_err(hdev, "RXQ: failed to get the DMA buffer for %d",
801 urbd1->frbd_tag);
802 return;
803 }
804
805 ret = btintel_pcie_submit_rx_work(data, urbd1->status,
806 buf->data);
807 if (ret) {
808 bt_dev_err(hdev, "RXQ: failed to submit rx request");
809 return;
810 }
811
812 cr_tia = (cr_tia + 1) % rxq->count;
813 data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM] = cr_tia;
814 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
815 }
816}
817
818static irqreturn_t btintel_pcie_msix_isr(int irq, void *data)
819{
820 return IRQ_WAKE_THREAD;
821}
822
823static irqreturn_t btintel_pcie_irq_msix_handler(int irq, void *dev_id)
824{
825 struct msix_entry *entry = dev_id;
826 struct btintel_pcie_data *data = btintel_pcie_get_data(entry);
827 u32 intr_fh, intr_hw;
828
829 spin_lock(&data->irq_lock);
830 intr_fh = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES);
831 intr_hw = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES);
832
833 /* Clear causes registers to avoid being handling the same cause */
834 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES, intr_fh);
835 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, intr_hw);
836 spin_unlock(&data->irq_lock);
837
838 if (unlikely(!(intr_fh | intr_hw))) {
839 /* Ignore interrupt, inta == 0 */
840 return IRQ_NONE;
841 }
842
843 /* This interrupt is triggered by the firmware after updating
844 * boot_stage register and image_response register
845 */
846 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0)
847 btintel_pcie_msix_gp0_handler(data);
848
849 /* For TX */
850 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0)
851 btintel_pcie_msix_tx_handle(data);
852
853 /* For RX */
854 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1)
855 btintel_pcie_msix_rx_handle(data);
856
857 /*
858 * Before sending the interrupt the HW disables it to prevent a nested
859 * interrupt. This is done by writing 1 to the corresponding bit in
860 * the mask register. After handling the interrupt, it should be
861 * re-enabled by clearing this bit. This register is defined as write 1
862 * clear (W1C) register, meaning that it's cleared by writing 1
863 * to the bit.
864 */
865 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_AUTOMASK_ST,
866 BIT(entry->entry));
867
868 return IRQ_HANDLED;
869}
870
871/* This function requests the irq for MSI-X and registers the handlers per irq.
872 * Currently, it requests only 1 irq for all interrupt causes.
873 */
874static int btintel_pcie_setup_irq(struct btintel_pcie_data *data)
875{
876 int err;
877 int num_irqs, i;
878
879 for (i = 0; i < BTINTEL_PCIE_MSIX_VEC_MAX; i++)
880 data->msix_entries[i].entry = i;
881
882 num_irqs = pci_alloc_irq_vectors(data->pdev, BTINTEL_PCIE_MSIX_VEC_MIN,
883 BTINTEL_PCIE_MSIX_VEC_MAX, PCI_IRQ_MSIX);
884 if (num_irqs < 0)
885 return num_irqs;
886
887 data->alloc_vecs = num_irqs;
888 data->msix_enabled = 1;
889 data->def_irq = 0;
890
891 /* setup irq handler */
892 for (i = 0; i < data->alloc_vecs; i++) {
893 struct msix_entry *msix_entry;
894
895 msix_entry = &data->msix_entries[i];
896 msix_entry->vector = pci_irq_vector(data->pdev, i);
897
898 err = devm_request_threaded_irq(&data->pdev->dev,
899 msix_entry->vector,
900 btintel_pcie_msix_isr,
901 btintel_pcie_irq_msix_handler,
902 IRQF_SHARED,
903 KBUILD_MODNAME,
904 msix_entry);
905 if (err) {
906 pci_free_irq_vectors(data->pdev);
907 data->alloc_vecs = 0;
908 return err;
909 }
910 }
911 return 0;
912}
913
914struct btintel_pcie_causes_list {
915 u32 cause;
916 u32 mask_reg;
917 u8 cause_num;
918};
919
920static struct btintel_pcie_causes_list causes_list[] = {
921 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x00 },
922 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x01 },
923 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x20 },
924};
925
926/* This function configures the interrupt masks for both HW_INT_CAUSES and
927 * FH_INT_CAUSES which are meaningful to us.
928 *
929 * After resetting BT function via PCIE FLR or FUNC_CTRL reset, the driver
930 * need to call this function again to configure since the masks
931 * are reset to 0xFFFFFFFF after reset.
932 */
933static void btintel_pcie_config_msix(struct btintel_pcie_data *data)
934{
935 int i;
936 int val = data->def_irq | BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE;
937
938 /* Set Non Auto Clear Cause */
939 for (i = 0; i < ARRAY_SIZE(causes_list); i++) {
940 btintel_pcie_wr_reg8(data,
941 BTINTEL_PCIE_CSR_MSIX_IVAR(causes_list[i].cause_num),
942 val);
943 btintel_pcie_clr_reg_bits(data,
944 causes_list[i].mask_reg,
945 causes_list[i].cause);
946 }
947
948 /* Save the initial interrupt mask */
949 data->fh_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK);
950 data->hw_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK);
951}
952
953static int btintel_pcie_config_pcie(struct pci_dev *pdev,
954 struct btintel_pcie_data *data)
955{
956 int err;
957
958 err = pcim_enable_device(pdev);
959 if (err)
960 return err;
961
962 pci_set_master(pdev);
963
964 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
965 if (err) {
966 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
967 if (err)
968 return err;
969 }
970
971 data->base_addr = pcim_iomap_region(pdev, 0, KBUILD_MODNAME);
972 if (IS_ERR(data->base_addr))
973 return PTR_ERR(data->base_addr);
974
975 err = btintel_pcie_setup_irq(data);
976 if (err)
977 return err;
978
979 /* Configure MSI-X with causes list */
980 btintel_pcie_config_msix(data);
981
982 return 0;
983}
984
985static void btintel_pcie_init_ci(struct btintel_pcie_data *data,
986 struct ctx_info *ci)
987{
988 ci->version = 0x1;
989 ci->size = sizeof(*ci);
990 ci->config = 0x0000;
991 ci->addr_cr_hia = data->ia.cr_hia_p_addr;
992 ci->addr_tr_tia = data->ia.tr_tia_p_addr;
993 ci->addr_cr_tia = data->ia.cr_tia_p_addr;
994 ci->addr_tr_hia = data->ia.tr_hia_p_addr;
995 ci->num_cr_ia = BTINTEL_PCIE_NUM_QUEUES;
996 ci->num_tr_ia = BTINTEL_PCIE_NUM_QUEUES;
997 ci->addr_urbdq0 = data->txq.urbd0s_p_addr;
998 ci->addr_tfdq = data->txq.tfds_p_addr;
999 ci->num_tfdq = data->txq.count;
1000 ci->num_urbdq0 = data->txq.count;
1001 ci->tfdq_db_vec = BTINTEL_PCIE_TXQ_NUM;
1002 ci->urbdq0_db_vec = BTINTEL_PCIE_TXQ_NUM;
1003 ci->rbd_size = BTINTEL_PCIE_RBD_SIZE_4K;
1004 ci->addr_frbdq = data->rxq.frbds_p_addr;
1005 ci->num_frbdq = data->rxq.count;
1006 ci->frbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1007 ci->addr_urbdq1 = data->rxq.urbd1s_p_addr;
1008 ci->num_urbdq1 = data->rxq.count;
1009 ci->urbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1010}
1011
1012static void btintel_pcie_free_txq_bufs(struct btintel_pcie_data *data,
1013 struct txq *txq)
1014{
1015 /* Free data buffers first */
1016 dma_free_coherent(&data->pdev->dev, txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1017 txq->buf_v_addr, txq->buf_p_addr);
1018 kfree(txq->bufs);
1019}
1020
1021static int btintel_pcie_setup_txq_bufs(struct btintel_pcie_data *data,
1022 struct txq *txq)
1023{
1024 int i;
1025 struct data_buf *buf;
1026
1027 /* Allocate the same number of buffers as the descriptor */
1028 txq->bufs = kmalloc_array(txq->count, sizeof(*buf), GFP_KERNEL);
1029 if (!txq->bufs)
1030 return -ENOMEM;
1031
1032 /* Allocate full chunk of data buffer for DMA first and do indexing and
1033 * initialization next, so it can be freed easily
1034 */
1035 txq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1036 txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1037 &txq->buf_p_addr,
1038 GFP_KERNEL | __GFP_NOWARN);
1039 if (!txq->buf_v_addr) {
1040 kfree(txq->bufs);
1041 return -ENOMEM;
1042 }
1043
1044 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1045 * have virtual address and physical address
1046 */
1047 for (i = 0; i < txq->count; i++) {
1048 buf = &txq->bufs[i];
1049 buf->data_p_addr = txq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1050 buf->data = txq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1051 }
1052
1053 return 0;
1054}
1055
1056static void btintel_pcie_free_rxq_bufs(struct btintel_pcie_data *data,
1057 struct rxq *rxq)
1058{
1059 /* Free data buffers first */
1060 dma_free_coherent(&data->pdev->dev, rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1061 rxq->buf_v_addr, rxq->buf_p_addr);
1062 kfree(rxq->bufs);
1063}
1064
1065static int btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data *data,
1066 struct rxq *rxq)
1067{
1068 int i;
1069 struct data_buf *buf;
1070
1071 /* Allocate the same number of buffers as the descriptor */
1072 rxq->bufs = kmalloc_array(rxq->count, sizeof(*buf), GFP_KERNEL);
1073 if (!rxq->bufs)
1074 return -ENOMEM;
1075
1076 /* Allocate full chunk of data buffer for DMA first and do indexing and
1077 * initialization next, so it can be freed easily
1078 */
1079 rxq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1080 rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1081 &rxq->buf_p_addr,
1082 GFP_KERNEL | __GFP_NOWARN);
1083 if (!rxq->buf_v_addr) {
1084 kfree(rxq->bufs);
1085 return -ENOMEM;
1086 }
1087
1088 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1089 * have virtual address and physical address
1090 */
1091 for (i = 0; i < rxq->count; i++) {
1092 buf = &rxq->bufs[i];
1093 buf->data_p_addr = rxq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1094 buf->data = rxq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1095 }
1096
1097 return 0;
1098}
1099
1100static void btintel_pcie_setup_ia(struct btintel_pcie_data *data,
1101 dma_addr_t p_addr, void *v_addr,
1102 struct ia *ia)
1103{
1104 /* TR Head Index Array */
1105 ia->tr_hia_p_addr = p_addr;
1106 ia->tr_hia = v_addr;
1107
1108 /* TR Tail Index Array */
1109 ia->tr_tia_p_addr = p_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1110 ia->tr_tia = v_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1111
1112 /* CR Head index Array */
1113 ia->cr_hia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1114 ia->cr_hia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1115
1116 /* CR Tail Index Array */
1117 ia->cr_tia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1118 ia->cr_tia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1119}
1120
1121static void btintel_pcie_free(struct btintel_pcie_data *data)
1122{
1123 btintel_pcie_free_rxq_bufs(data, &data->rxq);
1124 btintel_pcie_free_txq_bufs(data, &data->txq);
1125
1126 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1127 dma_pool_destroy(data->dma_pool);
1128}
1129
1130/* Allocate tx and rx queues, any related data structures and buffers.
1131 */
1132static int btintel_pcie_alloc(struct btintel_pcie_data *data)
1133{
1134 int err = 0;
1135 size_t total;
1136 dma_addr_t p_addr;
1137 void *v_addr;
1138
1139 /* Allocate the chunk of DMA memory for descriptors, index array, and
1140 * context information, instead of allocating individually.
1141 * The DMA memory for data buffer is allocated while setting up the
1142 * each queue.
1143 *
1144 * Total size is sum of the following
1145 * + size of TFD * Number of descriptors in queue
1146 * + size of URBD0 * Number of descriptors in queue
1147 * + size of FRBD * Number of descriptors in queue
1148 * + size of URBD1 * Number of descriptors in queue
1149 * + size of index * Number of queues(2) * type of index array(4)
1150 * + size of context information
1151 */
1152 total = (sizeof(struct tfd) + sizeof(struct urbd0) + sizeof(struct frbd)
1153 + sizeof(struct urbd1)) * BTINTEL_DESCS_COUNT;
1154
1155 /* Add the sum of size of index array and size of ci struct */
1156 total += (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4) + sizeof(struct ctx_info);
1157
1158 /* Allocate DMA Pool */
1159 data->dma_pool = dma_pool_create(KBUILD_MODNAME, &data->pdev->dev,
1160 total, BTINTEL_PCIE_DMA_POOL_ALIGNMENT, 0);
1161 if (!data->dma_pool) {
1162 err = -ENOMEM;
1163 goto exit_error;
1164 }
1165
1166 v_addr = dma_pool_zalloc(data->dma_pool, GFP_KERNEL | __GFP_NOWARN,
1167 &p_addr);
1168 if (!v_addr) {
1169 dma_pool_destroy(data->dma_pool);
1170 err = -ENOMEM;
1171 goto exit_error;
1172 }
1173
1174 data->dma_p_addr = p_addr;
1175 data->dma_v_addr = v_addr;
1176
1177 /* Setup descriptor count */
1178 data->txq.count = BTINTEL_DESCS_COUNT;
1179 data->rxq.count = BTINTEL_DESCS_COUNT;
1180
1181 /* Setup tfds */
1182 data->txq.tfds_p_addr = p_addr;
1183 data->txq.tfds = v_addr;
1184
1185 p_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT);
1186 v_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT);
1187
1188 /* Setup urbd0 */
1189 data->txq.urbd0s_p_addr = p_addr;
1190 data->txq.urbd0s = v_addr;
1191
1192 p_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT);
1193 v_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT);
1194
1195 /* Setup FRBD*/
1196 data->rxq.frbds_p_addr = p_addr;
1197 data->rxq.frbds = v_addr;
1198
1199 p_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT);
1200 v_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT);
1201
1202 /* Setup urbd1 */
1203 data->rxq.urbd1s_p_addr = p_addr;
1204 data->rxq.urbd1s = v_addr;
1205
1206 p_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT);
1207 v_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT);
1208
1209 /* Setup data buffers for txq */
1210 err = btintel_pcie_setup_txq_bufs(data, &data->txq);
1211 if (err)
1212 goto exit_error_pool;
1213
1214 /* Setup data buffers for rxq */
1215 err = btintel_pcie_setup_rxq_bufs(data, &data->rxq);
1216 if (err)
1217 goto exit_error_txq;
1218
1219 /* Setup Index Array */
1220 btintel_pcie_setup_ia(data, p_addr, v_addr, &data->ia);
1221
1222 /* Setup Context Information */
1223 p_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1224 v_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1225
1226 data->ci = v_addr;
1227 data->ci_p_addr = p_addr;
1228
1229 /* Initialize the CI */
1230 btintel_pcie_init_ci(data, data->ci);
1231
1232 return 0;
1233
1234exit_error_txq:
1235 btintel_pcie_free_txq_bufs(data, &data->txq);
1236exit_error_pool:
1237 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1238 dma_pool_destroy(data->dma_pool);
1239exit_error:
1240 return err;
1241}
1242
1243static int btintel_pcie_open(struct hci_dev *hdev)
1244{
1245 bt_dev_dbg(hdev, "");
1246
1247 return 0;
1248}
1249
1250static int btintel_pcie_close(struct hci_dev *hdev)
1251{
1252 bt_dev_dbg(hdev, "");
1253
1254 return 0;
1255}
1256
1257static int btintel_pcie_inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1258{
1259 struct sk_buff *skb;
1260 struct hci_event_hdr *hdr;
1261 struct hci_ev_cmd_complete *evt;
1262
1263 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1264 if (!skb)
1265 return -ENOMEM;
1266
1267 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
1268 hdr->evt = HCI_EV_CMD_COMPLETE;
1269 hdr->plen = sizeof(*evt) + 1;
1270
1271 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
1272 evt->ncmd = 0x01;
1273 evt->opcode = cpu_to_le16(opcode);
1274
1275 *(u8 *)skb_put(skb, 1) = 0x00;
1276
1277 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1278
1279 return hci_recv_frame(hdev, skb);
1280}
1281
1282static int btintel_pcie_send_frame(struct hci_dev *hdev,
1283 struct sk_buff *skb)
1284{
1285 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
1286 struct hci_command_hdr *cmd;
1287 __u16 opcode = ~0;
1288 int ret;
1289 u32 type;
1290 u32 old_ctxt;
1291
1292 /* Due to the fw limitation, the type header of the packet should be
1293 * 4 bytes unlike 1 byte for UART. In UART, the firmware can read
1294 * the first byte to get the packet type and redirect the rest of data
1295 * packet to the right handler.
1296 *
1297 * But for PCIe, THF(Transfer Flow Handler) fetches the 4 bytes of data
1298 * from DMA memory and by the time it reads the first 4 bytes, it has
1299 * already consumed some part of packet. Thus the packet type indicator
1300 * for iBT PCIe is 4 bytes.
1301 *
1302 * Luckily, when HCI core creates the skb, it allocates 8 bytes of
1303 * head room for profile and driver use, and before sending the data
1304 * to the device, append the iBT PCIe packet type in the front.
1305 */
1306 switch (hci_skb_pkt_type(skb)) {
1307 case HCI_COMMAND_PKT:
1308 type = BTINTEL_PCIE_HCI_CMD_PKT;
1309 cmd = (void *)skb->data;
1310 opcode = le16_to_cpu(cmd->opcode);
1311 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1312 struct hci_command_hdr *cmd = (void *)skb->data;
1313 __u16 opcode = le16_to_cpu(cmd->opcode);
1314
1315 /* When the 0xfc01 command is issued to boot into
1316 * the operational firmware, it will actually not
1317 * send a command complete event. To keep the flow
1318 * control working inject that event here.
1319 */
1320 if (opcode == 0xfc01)
1321 btintel_pcie_inject_cmd_complete(hdev, opcode);
1322 }
1323 /* Firmware raises alive interrupt on HCI_OP_RESET */
1324 if (opcode == HCI_OP_RESET)
1325 data->gp0_received = false;
1326
1327 hdev->stat.cmd_tx++;
1328 break;
1329 case HCI_ACLDATA_PKT:
1330 type = BTINTEL_PCIE_HCI_ACL_PKT;
1331 hdev->stat.acl_tx++;
1332 break;
1333 case HCI_SCODATA_PKT:
1334 type = BTINTEL_PCIE_HCI_SCO_PKT;
1335 hdev->stat.sco_tx++;
1336 break;
1337 case HCI_ISODATA_PKT:
1338 type = BTINTEL_PCIE_HCI_ISO_PKT;
1339 break;
1340 default:
1341 bt_dev_err(hdev, "Unknown HCI packet type");
1342 return -EILSEQ;
1343 }
1344 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &type,
1345 BTINTEL_PCIE_HCI_TYPE_LEN);
1346
1347 ret = btintel_pcie_send_sync(data, skb);
1348 if (ret) {
1349 hdev->stat.err_tx++;
1350 bt_dev_err(hdev, "Failed to send frame (%d)", ret);
1351 goto exit_error;
1352 }
1353
1354 if (type == BTINTEL_PCIE_HCI_CMD_PKT &&
1355 (opcode == HCI_OP_RESET || opcode == 0xfc01)) {
1356 old_ctxt = data->alive_intr_ctxt;
1357 data->alive_intr_ctxt =
1358 (opcode == 0xfc01 ? BTINTEL_PCIE_INTEL_HCI_RESET1 :
1359 BTINTEL_PCIE_HCI_RESET);
1360 bt_dev_dbg(data->hdev, "sent cmd: 0x%4.4x alive context changed: %s -> %s",
1361 opcode, btintel_pcie_alivectxt_state2str(old_ctxt),
1362 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1363 if (opcode == HCI_OP_RESET) {
1364 ret = wait_event_timeout(data->gp0_wait_q,
1365 data->gp0_received,
1366 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
1367 if (!ret) {
1368 hdev->stat.err_tx++;
1369 bt_dev_err(hdev, "No alive interrupt received for %s",
1370 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1371 ret = -ETIME;
1372 goto exit_error;
1373 }
1374 }
1375 }
1376 hdev->stat.byte_tx += skb->len;
1377 kfree_skb(skb);
1378
1379exit_error:
1380 return ret;
1381}
1382
1383static void btintel_pcie_release_hdev(struct btintel_pcie_data *data)
1384{
1385 struct hci_dev *hdev;
1386
1387 hdev = data->hdev;
1388 hci_unregister_dev(hdev);
1389 hci_free_dev(hdev);
1390 data->hdev = NULL;
1391}
1392
1393static int btintel_pcie_setup_internal(struct hci_dev *hdev)
1394{
1395 const u8 param[1] = { 0xFF };
1396 struct intel_version_tlv ver_tlv;
1397 struct sk_buff *skb;
1398 int err;
1399
1400 BT_DBG("%s", hdev->name);
1401
1402 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
1403 if (IS_ERR(skb)) {
1404 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
1405 PTR_ERR(skb));
1406 return PTR_ERR(skb);
1407 }
1408
1409 /* Check the status */
1410 if (skb->data[0]) {
1411 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
1412 skb->data[0]);
1413 err = -EIO;
1414 goto exit_error;
1415 }
1416
1417 /* Apply the common HCI quirks for Intel device */
1418 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
1419 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1420 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
1421
1422 /* Set up the quality report callback for Intel devices */
1423 hdev->set_quality_report = btintel_set_quality_report;
1424
1425 memset(&ver_tlv, 0, sizeof(ver_tlv));
1426 /* For TLV type device, parse the tlv data */
1427 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
1428 if (err) {
1429 bt_dev_err(hdev, "Failed to parse TLV version information");
1430 goto exit_error;
1431 }
1432
1433 switch (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)) {
1434 case 0x37:
1435 break;
1436 default:
1437 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
1438 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
1439 err = -EINVAL;
1440 goto exit_error;
1441 }
1442
1443 /* Check for supported iBT hardware variants of this firmware
1444 * loading method.
1445 *
1446 * This check has been put in place to ensure correct forward
1447 * compatibility options when newer hardware variants come
1448 * along.
1449 */
1450 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
1451 case 0x1e: /* BzrI */
1452 /* Display version information of TLV type */
1453 btintel_version_info_tlv(hdev, &ver_tlv);
1454
1455 /* Apply the device specific HCI quirks for TLV based devices
1456 *
1457 * All TLV based devices support WBS
1458 */
1459 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1460
1461 /* Setup MSFT Extension support */
1462 btintel_set_msft_opcode(hdev,
1463 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1464
1465 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
1466 if (err)
1467 goto exit_error;
1468 break;
1469 default:
1470 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
1471 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1472 err = -EINVAL;
1473 goto exit_error;
1474 break;
1475 }
1476
1477 btintel_print_fseq_info(hdev);
1478exit_error:
1479 kfree_skb(skb);
1480
1481 return err;
1482}
1483
1484static int btintel_pcie_setup(struct hci_dev *hdev)
1485{
1486 int err, fw_dl_retry = 0;
1487 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
1488
1489 while ((err = btintel_pcie_setup_internal(hdev)) && fw_dl_retry++ < 1) {
1490 bt_dev_err(hdev, "Firmware download retry count: %d",
1491 fw_dl_retry);
1492 err = btintel_pcie_reset_bt(data);
1493 if (err) {
1494 bt_dev_err(hdev, "Failed to do shr reset: %d", err);
1495 break;
1496 }
1497 usleep_range(10000, 12000);
1498 btintel_pcie_reset_ia(data);
1499 btintel_pcie_config_msix(data);
1500 err = btintel_pcie_enable_bt(data);
1501 if (err) {
1502 bt_dev_err(hdev, "Failed to enable hardware: %d", err);
1503 break;
1504 }
1505 btintel_pcie_start_rx(data);
1506 }
1507 return err;
1508}
1509
1510static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data)
1511{
1512 int err;
1513 struct hci_dev *hdev;
1514
1515 hdev = hci_alloc_dev_priv(sizeof(struct btintel_data));
1516 if (!hdev)
1517 return -ENOMEM;
1518
1519 hdev->bus = HCI_PCI;
1520 hci_set_drvdata(hdev, data);
1521
1522 data->hdev = hdev;
1523 SET_HCIDEV_DEV(hdev, &data->pdev->dev);
1524
1525 hdev->manufacturer = 2;
1526 hdev->open = btintel_pcie_open;
1527 hdev->close = btintel_pcie_close;
1528 hdev->send = btintel_pcie_send_frame;
1529 hdev->setup = btintel_pcie_setup;
1530 hdev->shutdown = btintel_shutdown_combined;
1531 hdev->hw_error = btintel_hw_error;
1532 hdev->set_diag = btintel_set_diag;
1533 hdev->set_bdaddr = btintel_set_bdaddr;
1534
1535 err = hci_register_dev(hdev);
1536 if (err < 0) {
1537 BT_ERR("Failed to register to hdev (%d)", err);
1538 goto exit_error;
1539 }
1540
1541 return 0;
1542
1543exit_error:
1544 hci_free_dev(hdev);
1545 return err;
1546}
1547
1548static int btintel_pcie_probe(struct pci_dev *pdev,
1549 const struct pci_device_id *ent)
1550{
1551 int err;
1552 struct btintel_pcie_data *data;
1553
1554 if (!pdev)
1555 return -ENODEV;
1556
1557 data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL);
1558 if (!data)
1559 return -ENOMEM;
1560
1561 data->pdev = pdev;
1562
1563 spin_lock_init(&data->irq_lock);
1564 spin_lock_init(&data->hci_rx_lock);
1565
1566 init_waitqueue_head(&data->gp0_wait_q);
1567 data->gp0_received = false;
1568
1569 init_waitqueue_head(&data->tx_wait_q);
1570 data->tx_wait_done = false;
1571
1572 data->workqueue = alloc_ordered_workqueue(KBUILD_MODNAME, WQ_HIGHPRI);
1573 if (!data->workqueue)
1574 return -ENOMEM;
1575
1576 skb_queue_head_init(&data->rx_skb_q);
1577 INIT_WORK(&data->rx_work, btintel_pcie_rx_work);
1578
1579 data->boot_stage_cache = 0x00;
1580 data->img_resp_cache = 0x00;
1581
1582 err = btintel_pcie_config_pcie(pdev, data);
1583 if (err)
1584 goto exit_error;
1585
1586 pci_set_drvdata(pdev, data);
1587
1588 err = btintel_pcie_alloc(data);
1589 if (err)
1590 goto exit_error;
1591
1592 err = btintel_pcie_enable_bt(data);
1593 if (err)
1594 goto exit_error;
1595
1596 /* CNV information (CNVi and CNVr) is in CSR */
1597 data->cnvi = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_HW_REV_REG);
1598
1599 data->cnvr = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_RF_ID_REG);
1600
1601 err = btintel_pcie_start_rx(data);
1602 if (err)
1603 goto exit_error;
1604
1605 err = btintel_pcie_setup_hdev(data);
1606 if (err)
1607 goto exit_error;
1608
1609 bt_dev_dbg(data->hdev, "cnvi: 0x%8.8x cnvr: 0x%8.8x", data->cnvi,
1610 data->cnvr);
1611 return 0;
1612
1613exit_error:
1614 /* reset device before exit */
1615 btintel_pcie_reset_bt(data);
1616
1617 pci_clear_master(pdev);
1618
1619 pci_set_drvdata(pdev, NULL);
1620
1621 return err;
1622}
1623
1624static void btintel_pcie_remove(struct pci_dev *pdev)
1625{
1626 struct btintel_pcie_data *data;
1627
1628 data = pci_get_drvdata(pdev);
1629
1630 btintel_pcie_reset_bt(data);
1631 for (int i = 0; i < data->alloc_vecs; i++) {
1632 struct msix_entry *msix_entry;
1633
1634 msix_entry = &data->msix_entries[i];
1635 free_irq(msix_entry->vector, msix_entry);
1636 }
1637
1638 pci_free_irq_vectors(pdev);
1639
1640 btintel_pcie_release_hdev(data);
1641
1642 flush_work(&data->rx_work);
1643
1644 destroy_workqueue(data->workqueue);
1645
1646 btintel_pcie_free(data);
1647
1648 pci_clear_master(pdev);
1649
1650 pci_set_drvdata(pdev, NULL);
1651}
1652
1653static struct pci_driver btintel_pcie_driver = {
1654 .name = KBUILD_MODNAME,
1655 .id_table = btintel_pcie_table,
1656 .probe = btintel_pcie_probe,
1657 .remove = btintel_pcie_remove,
1658};
1659module_pci_driver(btintel_pcie_driver);
1660
1661MODULE_AUTHOR("Tedd Ho-Jeong An <tedd.an@intel.com>");
1662MODULE_DESCRIPTION("Intel Bluetooth PCIe transport driver ver " VERSION);
1663MODULE_VERSION(VERSION);
1664MODULE_LICENSE("GPL");