1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth support for Intel PCIe devices 5 * 6 * Copyright (C) 2024 Intel Corporation 7 */ 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/firmware.h> 12 #include <linux/overflow.h> 13 #include <linux/pci.h> 14 #include <linux/string.h> 15 #include <linux/wait.h> 16 #include <linux/delay.h> 17 #include <linux/interrupt.h> 18 19 #include <linux/unaligned.h> 20 #include <linux/devcoredump.h> 21 22 #include <net/bluetooth/bluetooth.h> 23 #include <net/bluetooth/hci_core.h> 24 #include <net/bluetooth/hci_drv.h> 25 26 #include "btintel.h" 27 #include "btintel_pcie.h" 28 29 #define VERSION "0.1" 30 31 #define BTINTEL_PCI_DEVICE(dev, subdev) \ 32 .vendor = PCI_VENDOR_ID_INTEL, \ 33 .device = (dev), \ 34 .subvendor = PCI_ANY_ID, \ 35 .subdevice = (subdev), \ 36 .driver_data = 0 37 38 #define POLL_INTERVAL_US 10 39 40 #define BTINTEL_PCIE_DMA_ALIGN_128B 128 /* 128 byte aligned */ 41 42 /* Intel Bluetooth PCIe device id table */ 43 static const struct pci_device_id btintel_pcie_table[] = { 44 /* BlazarI, Wildcat Lake */ 45 { BTINTEL_PCI_DEVICE(0x4D76, PCI_ANY_ID) }, 46 /* BlazarI, Lunar Lake */ 47 { BTINTEL_PCI_DEVICE(0xA876, PCI_ANY_ID) }, 48 /* Scorpious, Panther Lake-H484 */ 49 { BTINTEL_PCI_DEVICE(0xE376, PCI_ANY_ID) }, 50 /* Scorpious, Panther Lake-H404 */ 51 { BTINTEL_PCI_DEVICE(0xE476, PCI_ANY_ID) }, 52 /* Scorpious2, Nova Lake-PCD-H */ 53 { BTINTEL_PCI_DEVICE(0xD346, PCI_ANY_ID) }, 54 /* Scorpious2, Nova Lake-PCD-S */ 55 { BTINTEL_PCI_DEVICE(0x6E74, PCI_ANY_ID) }, 56 { 0 } 57 }; 58 MODULE_DEVICE_TABLE(pci, btintel_pcie_table); 59 60 struct btintel_pcie_dev_recovery { 61 struct list_head list; 62 u8 count; 63 time64_t last_error; 64 char name[]; 65 }; 66 67 /* Intel PCIe uses 4 bytes of HCI type instead of 1 byte BT SIG HCI type */ 68 #define BTINTEL_PCIE_HCI_TYPE_LEN 4 69 #define BTINTEL_PCIE_HCI_CMD_PKT 0x00000001 70 #define BTINTEL_PCIE_HCI_ACL_PKT 0x00000002 71 #define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003 72 #define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004 73 #define BTINTEL_PCIE_HCI_ISO_PKT 0x00000005 74 75 #define BTINTEL_PCIE_MAGIC_NUM 0xA5A5A5A5 76 77 #define BTINTEL_PCIE_BLZR_HWEXP_SIZE 1024 78 #define BTINTEL_PCIE_BLZR_HWEXP_DMP_ADDR 0xB00A7C00 79 80 #define BTINTEL_PCIE_SCP_HWEXP_SIZE 4096 81 #define BTINTEL_PCIE_SCP_HWEXP_DMP_ADDR 0xB030F800 82 83 #define BTINTEL_PCIE_SCP2_HWEXP_SIZE 4096 84 #define BTINTEL_PCIE_SCP2_HWEXP_DMP_ADDR 0xB031D000 85 86 #define BTINTEL_PCIE_MAGIC_NUM 0xA5A5A5A5 87 88 #define BTINTEL_PCIE_TRIGGER_REASON_USER_TRIGGER 0x17A2 89 #define BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT 0x1E61 90 91 #define BTINTEL_PCIE_RESET_WINDOW_SECS 5 92 #define BTINTEL_PCIE_FLR_MAX_RETRY 1 93 94 /* Alive interrupt context */ 95 enum { 96 BTINTEL_PCIE_ROM, 97 BTINTEL_PCIE_FW_DL, 98 BTINTEL_PCIE_HCI_RESET, 99 BTINTEL_PCIE_INTEL_HCI_RESET1, 100 BTINTEL_PCIE_INTEL_HCI_RESET2, 101 BTINTEL_PCIE_D0, 102 BTINTEL_PCIE_D3 103 }; 104 105 /* Structure for dbgc fragment buffer 106 * @buf_addr_lsb: LSB of the buffer's physical address 107 * @buf_addr_msb: MSB of the buffer's physical address 108 * @buf_size: Total size of the buffer 109 */ 110 struct btintel_pcie_dbgc_ctxt_buf { 111 u32 buf_addr_lsb; 112 u32 buf_addr_msb; 113 u32 buf_size; 114 }; 115 116 /* Structure for dbgc fragment 117 * @magic_num: 0XA5A5A5A5 118 * @ver: For Driver-FW compatibility 119 * @total_size: Total size of the payload debug info 120 * @num_buf: Num of allocated debug bufs 121 * @bufs: All buffer's addresses and sizes 122 */ 123 struct btintel_pcie_dbgc_ctxt { 124 u32 magic_num; 125 u32 ver; 126 u32 total_size; 127 u32 num_buf; 128 struct btintel_pcie_dbgc_ctxt_buf bufs[BTINTEL_PCIE_DBGC_BUFFER_COUNT]; 129 }; 130 131 struct btintel_pcie_removal { 132 struct pci_dev *pdev; 133 struct work_struct work; 134 }; 135 136 static LIST_HEAD(btintel_pcie_recovery_list); 137 static DEFINE_SPINLOCK(btintel_pcie_recovery_lock); 138 139 static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt) 140 { 141 switch (alive_intr_ctxt) { 142 case BTINTEL_PCIE_ROM: 143 return "rom"; 144 case BTINTEL_PCIE_FW_DL: 145 return "fw_dl"; 146 case BTINTEL_PCIE_D0: 147 return "d0"; 148 case BTINTEL_PCIE_D3: 149 return "d3"; 150 case BTINTEL_PCIE_HCI_RESET: 151 return "hci_reset"; 152 case BTINTEL_PCIE_INTEL_HCI_RESET1: 153 return "intel_reset1"; 154 case BTINTEL_PCIE_INTEL_HCI_RESET2: 155 return "intel_reset2"; 156 default: 157 return "unknown"; 158 } 159 } 160 161 /* This function initializes the memory for DBGC buffers and formats the 162 * DBGC fragment which consists header info and DBGC buffer's LSB, MSB and 163 * size as the payload 164 */ 165 static int btintel_pcie_setup_dbgc(struct btintel_pcie_data *data) 166 { 167 struct btintel_pcie_dbgc_ctxt db_frag; 168 struct data_buf *buf; 169 int i; 170 171 data->dbgc.count = BTINTEL_PCIE_DBGC_BUFFER_COUNT; 172 data->dbgc.bufs = devm_kcalloc(&data->pdev->dev, data->dbgc.count, 173 sizeof(*buf), GFP_KERNEL); 174 if (!data->dbgc.bufs) 175 return -ENOMEM; 176 177 data->dbgc.buf_v_addr = dmam_alloc_coherent(&data->pdev->dev, 178 data->dbgc.count * 179 BTINTEL_PCIE_DBGC_BUFFER_SIZE, 180 &data->dbgc.buf_p_addr, 181 GFP_KERNEL | __GFP_NOWARN); 182 if (!data->dbgc.buf_v_addr) 183 return -ENOMEM; 184 185 data->dbgc.frag_v_addr = dmam_alloc_coherent(&data->pdev->dev, 186 sizeof(struct btintel_pcie_dbgc_ctxt), 187 &data->dbgc.frag_p_addr, 188 GFP_KERNEL | __GFP_NOWARN); 189 if (!data->dbgc.frag_v_addr) 190 return -ENOMEM; 191 192 data->dbgc.frag_size = sizeof(struct btintel_pcie_dbgc_ctxt); 193 194 db_frag.magic_num = BTINTEL_PCIE_MAGIC_NUM; 195 db_frag.ver = BTINTEL_PCIE_DBGC_FRAG_VERSION; 196 db_frag.total_size = BTINTEL_PCIE_DBGC_FRAG_PAYLOAD_SIZE; 197 db_frag.num_buf = BTINTEL_PCIE_DBGC_FRAG_BUFFER_COUNT; 198 199 for (i = 0; i < data->dbgc.count; i++) { 200 buf = &data->dbgc.bufs[i]; 201 buf->data_p_addr = data->dbgc.buf_p_addr + i * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 202 buf->data = data->dbgc.buf_v_addr + i * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 203 db_frag.bufs[i].buf_addr_lsb = lower_32_bits(buf->data_p_addr); 204 db_frag.bufs[i].buf_addr_msb = upper_32_bits(buf->data_p_addr); 205 db_frag.bufs[i].buf_size = BTINTEL_PCIE_DBGC_BUFFER_SIZE; 206 } 207 208 memcpy(data->dbgc.frag_v_addr, &db_frag, sizeof(db_frag)); 209 return 0; 210 } 211 212 static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia, 213 u16 queue_num) 214 { 215 bt_dev_dbg(hdev, "IA: %s: tr-h:%02u tr-t:%02u cr-h:%02u cr-t:%02u", 216 queue_num == BTINTEL_PCIE_TXQ_NUM ? "TXQ" : "RXQ", 217 ia->tr_hia[queue_num], ia->tr_tia[queue_num], 218 ia->cr_hia[queue_num], ia->cr_tia[queue_num]); 219 } 220 221 static inline void ipc_print_urbd1(struct hci_dev *hdev, struct urbd1 *urbd1, 222 u16 index) 223 { 224 bt_dev_dbg(hdev, "RXQ:urbd1(%u) frbd_tag:%u status: 0x%x fixed:0x%x", 225 index, urbd1->frbd_tag, urbd1->status, urbd1->fixed); 226 } 227 228 static struct btintel_pcie_data *btintel_pcie_get_data(struct msix_entry *entry) 229 { 230 u8 queue = entry->entry; 231 struct msix_entry *entries = entry - queue; 232 233 return container_of(entries, struct btintel_pcie_data, msix_entries[0]); 234 } 235 236 /* Set the doorbell for TXQ to notify the device that @index (actually index-1) 237 * of the TFD is updated and ready to transmit. 238 */ 239 static void btintel_pcie_set_tx_db(struct btintel_pcie_data *data, u16 index) 240 { 241 u32 val; 242 243 val = index; 244 val |= (BTINTEL_PCIE_TX_DB_VEC << 16); 245 246 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val); 247 } 248 249 /* Copy the data to next(@tfd_index) data buffer and update the TFD(transfer 250 * descriptor) with the data length and the DMA address of the data buffer. 251 */ 252 static void btintel_pcie_prepare_tx(struct txq *txq, u16 tfd_index, 253 struct sk_buff *skb) 254 { 255 struct data_buf *buf; 256 struct tfd *tfd; 257 258 tfd = &txq->tfds[tfd_index]; 259 memset(tfd, 0, sizeof(*tfd)); 260 261 buf = &txq->bufs[tfd_index]; 262 263 tfd->size = skb->len; 264 tfd->addr = buf->data_p_addr; 265 266 /* Copy the outgoing data to DMA buffer */ 267 memcpy(buf->data, skb->data, tfd->size); 268 } 269 270 static inline void btintel_pcie_dump_debug_registers(struct hci_dev *hdev) 271 { 272 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 273 u16 cr_hia, cr_tia; 274 u32 reg, mbox_reg; 275 struct sk_buff *skb; 276 u8 buf[80]; 277 278 skb = alloc_skb(1024, GFP_ATOMIC); 279 if (!skb) 280 return; 281 282 strscpy(buf, "---- Dump of debug registers ---"); 283 bt_dev_dbg(hdev, "%s", buf); 284 skb_put_data(skb, buf, strlen(buf)); 285 286 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 287 snprintf(buf, sizeof(buf), "boot stage: 0x%8.8x", reg); 288 bt_dev_dbg(hdev, "%s", buf); 289 skb_put_data(skb, buf, strlen(buf)); 290 data->boot_stage_cache = reg; 291 292 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IPC_STATUS_REG); 293 snprintf(buf, sizeof(buf), "ipc status: 0x%8.8x", reg); 294 skb_put_data(skb, buf, strlen(buf)); 295 bt_dev_dbg(hdev, "%s", buf); 296 297 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IPC_CONTROL_REG); 298 snprintf(buf, sizeof(buf), "ipc control: 0x%8.8x", reg); 299 skb_put_data(skb, buf, strlen(buf)); 300 bt_dev_dbg(hdev, "%s", buf); 301 302 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG); 303 snprintf(buf, sizeof(buf), "ipc sleep control: 0x%8.8x", reg); 304 skb_put_data(skb, buf, strlen(buf)); 305 bt_dev_dbg(hdev, "%s", buf); 306 307 /*Read the Mail box status and registers*/ 308 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MBOX_STATUS_REG); 309 snprintf(buf, sizeof(buf), "mbox status: 0x%8.8x", reg); 310 skb_put_data(skb, buf, strlen(buf)); 311 if (reg & BTINTEL_PCIE_CSR_MBOX_STATUS_MBOX1) { 312 mbox_reg = btintel_pcie_rd_reg32(data, 313 BTINTEL_PCIE_CSR_MBOX_1_REG); 314 snprintf(buf, sizeof(buf), "mbox_1: 0x%8.8x", mbox_reg); 315 skb_put_data(skb, buf, strlen(buf)); 316 bt_dev_dbg(hdev, "%s", buf); 317 } 318 319 if (reg & BTINTEL_PCIE_CSR_MBOX_STATUS_MBOX2) { 320 mbox_reg = btintel_pcie_rd_reg32(data, 321 BTINTEL_PCIE_CSR_MBOX_2_REG); 322 snprintf(buf, sizeof(buf), "mbox_2: 0x%8.8x", mbox_reg); 323 skb_put_data(skb, buf, strlen(buf)); 324 bt_dev_dbg(hdev, "%s", buf); 325 } 326 327 if (reg & BTINTEL_PCIE_CSR_MBOX_STATUS_MBOX3) { 328 mbox_reg = btintel_pcie_rd_reg32(data, 329 BTINTEL_PCIE_CSR_MBOX_3_REG); 330 snprintf(buf, sizeof(buf), "mbox_3: 0x%8.8x", mbox_reg); 331 skb_put_data(skb, buf, strlen(buf)); 332 bt_dev_dbg(hdev, "%s", buf); 333 } 334 335 if (reg & BTINTEL_PCIE_CSR_MBOX_STATUS_MBOX4) { 336 mbox_reg = btintel_pcie_rd_reg32(data, 337 BTINTEL_PCIE_CSR_MBOX_4_REG); 338 snprintf(buf, sizeof(buf), "mbox_4: 0x%8.8x", mbox_reg); 339 skb_put_data(skb, buf, strlen(buf)); 340 bt_dev_dbg(hdev, "%s", buf); 341 } 342 343 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM]; 344 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM]; 345 snprintf(buf, sizeof(buf), "rxq: cr_tia: %u cr_hia: %u", cr_tia, cr_hia); 346 skb_put_data(skb, buf, strlen(buf)); 347 bt_dev_dbg(hdev, "%s", buf); 348 349 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM]; 350 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM]; 351 snprintf(buf, sizeof(buf), "txq: cr_tia: %u cr_hia: %u", cr_tia, cr_hia); 352 skb_put_data(skb, buf, strlen(buf)); 353 bt_dev_dbg(hdev, "%s", buf); 354 strscpy(buf, "--------------------------------"); 355 bt_dev_dbg(hdev, "%s", buf); 356 357 hci_recv_diag(hdev, skb); 358 } 359 360 static int btintel_pcie_send_sync(struct btintel_pcie_data *data, 361 struct sk_buff *skb, u32 pkt_type, u16 opcode) 362 { 363 int ret; 364 u16 tfd_index; 365 u32 old_ctxt; 366 bool wait_on_alive = false; 367 struct hci_dev *hdev = data->hdev; 368 369 struct txq *txq = &data->txq; 370 371 tfd_index = data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM]; 372 373 if (tfd_index > txq->count) 374 return -ERANGE; 375 376 /* Firmware raises alive interrupt on HCI_OP_RESET or 377 * BTINTEL_HCI_OP_RESET 378 */ 379 wait_on_alive = (pkt_type == BTINTEL_PCIE_HCI_CMD_PKT && 380 (opcode == BTINTEL_HCI_OP_RESET || opcode == HCI_OP_RESET)); 381 382 if (wait_on_alive) { 383 data->gp0_received = false; 384 old_ctxt = data->alive_intr_ctxt; 385 data->alive_intr_ctxt = 386 (opcode == BTINTEL_HCI_OP_RESET ? BTINTEL_PCIE_INTEL_HCI_RESET1 : 387 BTINTEL_PCIE_HCI_RESET); 388 bt_dev_dbg(data->hdev, "sending cmd: 0x%4.4x alive context changed: %s -> %s", 389 opcode, btintel_pcie_alivectxt_state2str(old_ctxt), 390 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 391 } 392 393 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &pkt_type, 394 BTINTEL_PCIE_HCI_TYPE_LEN); 395 396 /* Prepare for TX. It updates the TFD with the length of data and 397 * address of the DMA buffer, and copy the data to the DMA buffer 398 */ 399 btintel_pcie_prepare_tx(txq, tfd_index, skb); 400 401 tfd_index = (tfd_index + 1) % txq->count; 402 data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM] = tfd_index; 403 404 /* Arm wait event condition */ 405 data->tx_wait_done = false; 406 407 /* Set the doorbell to notify the device */ 408 btintel_pcie_set_tx_db(data, tfd_index); 409 410 /* Wait for the complete interrupt - URBD0 */ 411 ret = wait_event_timeout(data->tx_wait_q, data->tx_wait_done, 412 msecs_to_jiffies(BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS)); 413 if (!ret) { 414 bt_dev_err(data->hdev, "Timeout (%u ms) on tx completion", 415 BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS); 416 btintel_pcie_dump_debug_registers(data->hdev); 417 return -ETIME; 418 } 419 420 if (wait_on_alive) { 421 ret = wait_event_timeout(data->gp0_wait_q, 422 data->gp0_received, 423 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 424 if (!ret) { 425 hdev->stat.err_tx++; 426 bt_dev_err(hdev, "Timeout (%u ms) on alive interrupt, alive context: %s", 427 BTINTEL_DEFAULT_INTR_TIMEOUT_MS, 428 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 429 return -ETIME; 430 } 431 } 432 return 0; 433 } 434 435 /* Set the doorbell for RXQ to notify the device that @index (actually index-1) 436 * is available to receive the data 437 */ 438 static void btintel_pcie_set_rx_db(struct btintel_pcie_data *data, u16 index) 439 { 440 u32 val; 441 442 val = index; 443 val |= (BTINTEL_PCIE_RX_DB_VEC << 16); 444 445 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val); 446 } 447 448 /* Update the FRBD (free buffer descriptor) with the @frbd_index and the 449 * DMA address of the free buffer. 450 */ 451 static void btintel_pcie_prepare_rx(struct rxq *rxq, u16 frbd_index) 452 { 453 struct data_buf *buf; 454 struct frbd *frbd; 455 456 /* Get the buffer of the FRBD for DMA */ 457 buf = &rxq->bufs[frbd_index]; 458 459 frbd = &rxq->frbds[frbd_index]; 460 memset(frbd, 0, sizeof(*frbd)); 461 462 /* Update FRBD */ 463 frbd->tag = frbd_index; 464 frbd->addr = buf->data_p_addr; 465 } 466 467 static int btintel_pcie_submit_rx(struct btintel_pcie_data *data) 468 { 469 u16 frbd_index; 470 struct rxq *rxq = &data->rxq; 471 472 frbd_index = data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM]; 473 474 if (frbd_index > rxq->count) 475 return -ERANGE; 476 477 /* Prepare for RX submit. It updates the FRBD with the address of DMA 478 * buffer 479 */ 480 btintel_pcie_prepare_rx(rxq, frbd_index); 481 482 frbd_index = (frbd_index + 1) % rxq->count; 483 data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM] = frbd_index; 484 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM); 485 486 /* Set the doorbell to notify the device */ 487 btintel_pcie_set_rx_db(data, frbd_index); 488 489 return 0; 490 } 491 492 static int btintel_pcie_start_rx(struct btintel_pcie_data *data) 493 { 494 int i, ret; 495 struct rxq *rxq = &data->rxq; 496 497 /* Post (BTINTEL_PCIE_RX_DESCS_COUNT - 3) buffers to overcome the 498 * hardware issues leading to race condition at the firmware. 499 */ 500 501 for (i = 0; i < rxq->count - 3; i++) { 502 ret = btintel_pcie_submit_rx(data); 503 if (ret) 504 return ret; 505 } 506 507 return 0; 508 } 509 510 static void btintel_pcie_reset_ia(struct btintel_pcie_data *data) 511 { 512 memset(data->ia.tr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 513 memset(data->ia.tr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 514 memset(data->ia.cr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 515 memset(data->ia.cr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 516 } 517 518 static int btintel_pcie_reset_bt(struct btintel_pcie_data *data) 519 { 520 u32 reg; 521 int retry = 3; 522 523 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 524 525 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 526 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT | 527 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 528 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON; 529 530 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 531 532 do { 533 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 534 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_STS) 535 break; 536 usleep_range(10000, 12000); 537 538 } while (--retry > 0); 539 usleep_range(10000, 12000); 540 541 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 542 543 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 544 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT | 545 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 546 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET; 547 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 548 usleep_range(10000, 12000); 549 550 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 551 bt_dev_dbg(data->hdev, "csr register after reset: 0x%8.8x", reg); 552 553 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 554 555 /* If shared hardware reset is success then boot stage register shall be 556 * set to 0 557 */ 558 return reg == 0 ? 0 : -ENODEV; 559 } 560 561 static void btintel_pcie_mac_init(struct btintel_pcie_data *data) 562 { 563 u32 reg; 564 565 /* Set MAC_INIT bit to start primary bootloader */ 566 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 567 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT | 568 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON | 569 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET); 570 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 571 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT); 572 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 573 } 574 575 static int btintel_pcie_get_mac_access(struct btintel_pcie_data *data) 576 { 577 u32 reg; 578 int retry = 15; 579 580 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 581 582 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS; 583 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ; 584 if ((reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS) == 0) 585 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ; 586 587 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 588 589 do { 590 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 591 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS) 592 return 0; 593 /* Need delay here for Target Access harwdware to settle down*/ 594 usleep_range(1000, 1200); 595 596 } while (--retry > 0); 597 598 return -ETIME; 599 } 600 601 static void btintel_pcie_release_mac_access(struct btintel_pcie_data *data) 602 { 603 u32 reg; 604 605 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 606 607 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ) 608 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ; 609 610 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS) 611 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS; 612 613 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ) 614 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ; 615 616 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 617 } 618 619 static void *btintel_pcie_copy_tlv(void *dest, enum btintel_pcie_tlv_type type, 620 void *data, size_t size) 621 { 622 struct intel_tlv *tlv; 623 624 tlv = dest; 625 tlv->type = type; 626 tlv->len = size; 627 memcpy(tlv->val, data, tlv->len); 628 return dest + sizeof(*tlv) + size; 629 } 630 631 static int btintel_pcie_read_dram_buffers(struct btintel_pcie_data *data) 632 { 633 u32 offset, prev_size, wr_ptr_status, dump_size, data_len; 634 struct btintel_pcie_dbgc *dbgc = &data->dbgc; 635 struct hci_dev *hdev = data->hdev; 636 u8 *pdata, *p, buf_idx; 637 struct intel_tlv *tlv; 638 struct timespec64 now; 639 struct tm tm_now; 640 char fw_build[128]; 641 char ts[128]; 642 char vendor[64]; 643 char driver[64]; 644 645 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 646 return -EOPNOTSUPP; 647 648 649 wr_ptr_status = btintel_pcie_rd_dev_mem(data, BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS); 650 offset = wr_ptr_status & BTINTEL_PCIE_DBG_OFFSET_BIT_MASK; 651 652 buf_idx = BTINTEL_PCIE_DBGC_DBG_BUF_IDX(wr_ptr_status); 653 if (buf_idx > dbgc->count) { 654 bt_dev_warn(hdev, "Buffer index is invalid"); 655 return -EINVAL; 656 } 657 658 prev_size = buf_idx * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 659 if (prev_size + offset >= prev_size) 660 data->dmp_hdr.write_ptr = prev_size + offset; 661 else 662 return -EINVAL; 663 664 strscpy(vendor, "Vendor: Intel\n"); 665 snprintf(driver, sizeof(driver), "Driver: %s\n", 666 data->dmp_hdr.driver_name); 667 668 ktime_get_real_ts64(&now); 669 time64_to_tm(now.tv_sec, 0, &tm_now); 670 snprintf(ts, sizeof(ts), "Dump Time: %02d-%02d-%04ld %02d:%02d:%02d", 671 tm_now.tm_mday, tm_now.tm_mon + 1, tm_now.tm_year + 1900, 672 tm_now.tm_hour, tm_now.tm_min, tm_now.tm_sec); 673 674 snprintf(fw_build, sizeof(fw_build), 675 "Firmware Timestamp: Year %u WW %02u buildtype %u build %u", 676 2000 + (data->dmp_hdr.fw_timestamp >> 8), 677 data->dmp_hdr.fw_timestamp & 0xff, data->dmp_hdr.fw_build_type, 678 data->dmp_hdr.fw_build_num); 679 680 data_len = sizeof(*tlv) + sizeof(data->dmp_hdr.cnvi_bt) + 681 sizeof(*tlv) + sizeof(data->dmp_hdr.write_ptr) + 682 sizeof(*tlv) + sizeof(data->dmp_hdr.wrap_ctr) + 683 sizeof(*tlv) + sizeof(data->dmp_hdr.trigger_reason) + 684 sizeof(*tlv) + sizeof(data->dmp_hdr.fw_git_sha1) + 685 sizeof(*tlv) + sizeof(data->dmp_hdr.cnvr_top) + 686 sizeof(*tlv) + sizeof(data->dmp_hdr.cnvi_top) + 687 sizeof(*tlv) + strlen(ts) + 688 sizeof(*tlv) + strlen(fw_build) + 689 sizeof(*tlv) + strlen(vendor) + 690 sizeof(*tlv) + strlen(driver); 691 692 /* 693 * sizeof(u32) - signature 694 * sizeof(data_len) - to store tlv data size 695 * data_len - TLV data 696 */ 697 dump_size = sizeof(u32) + sizeof(data_len) + data_len; 698 699 700 /* Add debug buffers data length to dump size */ 701 dump_size += BTINTEL_PCIE_DBGC_BUFFER_SIZE * dbgc->count; 702 703 pdata = vmalloc(dump_size); 704 if (!pdata) 705 return -ENOMEM; 706 p = pdata; 707 708 *(u32 *)p = BTINTEL_PCIE_MAGIC_NUM; 709 p += sizeof(u32); 710 711 *(u32 *)p = data_len; 712 p += sizeof(u32); 713 714 715 p = btintel_pcie_copy_tlv(p, BTINTEL_VENDOR, vendor, strlen(vendor)); 716 p = btintel_pcie_copy_tlv(p, BTINTEL_DRIVER, driver, strlen(driver)); 717 p = btintel_pcie_copy_tlv(p, BTINTEL_DUMP_TIME, ts, strlen(ts)); 718 p = btintel_pcie_copy_tlv(p, BTINTEL_FW_BUILD, fw_build, 719 strlen(fw_build)); 720 p = btintel_pcie_copy_tlv(p, BTINTEL_CNVI_BT, &data->dmp_hdr.cnvi_bt, 721 sizeof(data->dmp_hdr.cnvi_bt)); 722 p = btintel_pcie_copy_tlv(p, BTINTEL_WRITE_PTR, &data->dmp_hdr.write_ptr, 723 sizeof(data->dmp_hdr.write_ptr)); 724 p = btintel_pcie_copy_tlv(p, BTINTEL_WRAP_CTR, &data->dmp_hdr.wrap_ctr, 725 sizeof(data->dmp_hdr.wrap_ctr)); 726 727 data->dmp_hdr.wrap_ctr = btintel_pcie_rd_dev_mem(data, 728 BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND); 729 730 p = btintel_pcie_copy_tlv(p, BTINTEL_TRIGGER_REASON, &data->dmp_hdr.trigger_reason, 731 sizeof(data->dmp_hdr.trigger_reason)); 732 p = btintel_pcie_copy_tlv(p, BTINTEL_FW_SHA, &data->dmp_hdr.fw_git_sha1, 733 sizeof(data->dmp_hdr.fw_git_sha1)); 734 p = btintel_pcie_copy_tlv(p, BTINTEL_CNVR_TOP, &data->dmp_hdr.cnvr_top, 735 sizeof(data->dmp_hdr.cnvr_top)); 736 p = btintel_pcie_copy_tlv(p, BTINTEL_CNVI_TOP, &data->dmp_hdr.cnvi_top, 737 sizeof(data->dmp_hdr.cnvi_top)); 738 739 memcpy(p, dbgc->bufs[0].data, dbgc->count * BTINTEL_PCIE_DBGC_BUFFER_SIZE); 740 dev_coredumpv(&hdev->dev, pdata, dump_size, GFP_KERNEL); 741 return 0; 742 } 743 744 static void btintel_pcie_dump_traces(struct hci_dev *hdev) 745 { 746 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 747 int ret = 0; 748 749 ret = btintel_pcie_get_mac_access(data); 750 if (ret) { 751 bt_dev_err(hdev, "Failed to get mac access: (%d)", ret); 752 return; 753 } 754 755 ret = btintel_pcie_read_dram_buffers(data); 756 757 btintel_pcie_release_mac_access(data); 758 759 if (ret) 760 bt_dev_err(hdev, "Failed to dump traces: (%d)", ret); 761 } 762 763 /* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in 764 * BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with 765 * BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0. 766 * Then the host reads firmware version from BTINTEL_CSR_F2D_MBX and the boot stage 767 * from BTINTEL_PCIE_CSR_BOOT_STAGE_REG. 768 */ 769 static int btintel_pcie_enable_bt(struct btintel_pcie_data *data) 770 { 771 int err; 772 u32 reg; 773 774 data->gp0_received = false; 775 776 /* Update the DMA address of CI struct to CSR */ 777 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG, 778 data->ci_p_addr & 0xffffffff); 779 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG, 780 (u64)data->ci_p_addr >> 32); 781 782 /* Reset the cached value of boot stage. it is updated by the MSI-X 783 * gp0 interrupt handler. 784 */ 785 data->boot_stage_cache = 0x0; 786 787 /* Set MAC_INIT bit to start primary bootloader */ 788 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 789 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT | 790 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON | 791 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET); 792 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 793 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT); 794 795 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 796 797 /* MAC is ready. Enable BT FUNC */ 798 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, 799 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 800 801 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 802 803 /* wait for interrupt from the device after booting up to primary 804 * bootloader. 805 */ 806 data->alive_intr_ctxt = BTINTEL_PCIE_ROM; 807 err = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 808 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 809 if (!err) 810 return -ETIME; 811 812 /* Check cached boot stage is BTINTEL_PCIE_CSR_BOOT_STAGE_ROM(BIT(0)) */ 813 if (~data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM) 814 return -ENODEV; 815 816 return 0; 817 } 818 819 static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data) 820 { 821 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW; 822 } 823 824 static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data) 825 { 826 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML && 827 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW); 828 } 829 830 static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data) 831 { 832 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY; 833 } 834 835 static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data) 836 { 837 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY); 838 } 839 840 static inline bool btintel_pcie_in_device_halt(struct btintel_pcie_data *data) 841 { 842 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_DEVICE_HALTED; 843 } 844 845 static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data, 846 u32 dxstate) 847 { 848 bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate); 849 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate); 850 } 851 852 static int btintel_pcie_read_device_mem(struct btintel_pcie_data *data, 853 void *buf, u32 dev_addr, int len) 854 { 855 int err; 856 u32 *val = buf; 857 858 /* Get device mac access */ 859 err = btintel_pcie_get_mac_access(data); 860 if (err) { 861 bt_dev_err(data->hdev, "Failed to get mac access %d", err); 862 return err; 863 } 864 865 for (; len > 0; len -= 4, dev_addr += 4, val++) 866 *val = btintel_pcie_rd_dev_mem(data, dev_addr); 867 868 btintel_pcie_release_mac_access(data); 869 870 return 0; 871 } 872 873 static inline bool btintel_pcie_in_lockdown(struct btintel_pcie_data *data) 874 { 875 return (data->boot_stage_cache & 876 BTINTEL_PCIE_CSR_BOOT_STAGE_ROM_LOCKDOWN) || 877 (data->boot_stage_cache & 878 BTINTEL_PCIE_CSR_BOOT_STAGE_IML_LOCKDOWN); 879 } 880 881 static inline bool btintel_pcie_in_error(struct btintel_pcie_data *data) 882 { 883 return (data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_DEVICE_ERR) || 884 (data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ABORT_HANDLER); 885 } 886 887 static void btintel_pcie_msix_gp1_handler(struct btintel_pcie_data *data) 888 { 889 bt_dev_err(data->hdev, "Received gp1 mailbox interrupt"); 890 btintel_pcie_dump_debug_registers(data->hdev); 891 } 892 893 /* This function handles the MSI-X interrupt for gp0 cause (bit 0 in 894 * BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response. 895 */ 896 static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data) 897 { 898 bool submit_rx, signal_waitq; 899 u32 reg, old_ctxt; 900 901 /* This interrupt is for three different causes and it is not easy to 902 * know what causes the interrupt. So, it compares each register value 903 * with cached value and update it before it wake up the queue. 904 */ 905 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 906 if (reg != data->boot_stage_cache) 907 data->boot_stage_cache = reg; 908 909 bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x", 910 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt), 911 data->boot_stage_cache, reg); 912 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG); 913 if (reg != data->img_resp_cache) 914 data->img_resp_cache = reg; 915 916 if (btintel_pcie_in_error(data)) { 917 bt_dev_err(data->hdev, "Controller in error state"); 918 btintel_pcie_dump_debug_registers(data->hdev); 919 return; 920 } 921 922 if (btintel_pcie_in_lockdown(data)) { 923 bt_dev_err(data->hdev, "Controller in lockdown state"); 924 btintel_pcie_dump_debug_registers(data->hdev); 925 return; 926 } 927 928 data->gp0_received = true; 929 930 old_ctxt = data->alive_intr_ctxt; 931 submit_rx = false; 932 signal_waitq = false; 933 934 switch (data->alive_intr_ctxt) { 935 case BTINTEL_PCIE_ROM: 936 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL; 937 signal_waitq = true; 938 break; 939 case BTINTEL_PCIE_FW_DL: 940 /* Error case is already handled. Ideally control shall not 941 * reach here 942 */ 943 break; 944 case BTINTEL_PCIE_INTEL_HCI_RESET1: 945 if (btintel_pcie_in_op(data)) { 946 submit_rx = true; 947 signal_waitq = true; 948 break; 949 } 950 951 if (btintel_pcie_in_iml(data)) { 952 submit_rx = true; 953 signal_waitq = true; 954 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL; 955 break; 956 } 957 break; 958 case BTINTEL_PCIE_INTEL_HCI_RESET2: 959 if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) { 960 btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0); 961 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 962 } 963 break; 964 case BTINTEL_PCIE_D0: 965 if (btintel_pcie_in_d3(data)) { 966 data->alive_intr_ctxt = BTINTEL_PCIE_D3; 967 signal_waitq = true; 968 break; 969 } 970 break; 971 case BTINTEL_PCIE_D3: 972 if (btintel_pcie_in_d0(data)) { 973 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 974 submit_rx = true; 975 signal_waitq = true; 976 break; 977 } 978 break; 979 case BTINTEL_PCIE_HCI_RESET: 980 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 981 submit_rx = true; 982 signal_waitq = true; 983 break; 984 default: 985 bt_dev_err(data->hdev, "Unknown state: 0x%2.2x", 986 data->alive_intr_ctxt); 987 break; 988 } 989 990 if (submit_rx) { 991 btintel_pcie_reset_ia(data); 992 btintel_pcie_start_rx(data); 993 } 994 995 if (signal_waitq) { 996 bt_dev_dbg(data->hdev, "wake up gp0 wait_q"); 997 wake_up(&data->gp0_wait_q); 998 } 999 1000 if (old_ctxt != data->alive_intr_ctxt) 1001 bt_dev_dbg(data->hdev, "alive context changed: %s -> %s", 1002 btintel_pcie_alivectxt_state2str(old_ctxt), 1003 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 1004 } 1005 1006 /* This function handles the MSX-X interrupt for rx queue 0 which is for TX 1007 */ 1008 static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data) 1009 { 1010 u16 cr_tia, cr_hia; 1011 struct txq *txq; 1012 struct urbd0 *urbd0; 1013 1014 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM]; 1015 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM]; 1016 1017 if (cr_tia == cr_hia) 1018 return; 1019 1020 txq = &data->txq; 1021 1022 while (cr_tia != cr_hia) { 1023 data->tx_wait_done = true; 1024 wake_up(&data->tx_wait_q); 1025 1026 urbd0 = &txq->urbd0s[cr_tia]; 1027 1028 if (urbd0->tfd_index > txq->count) 1029 return; 1030 1031 cr_tia = (cr_tia + 1) % txq->count; 1032 data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] = cr_tia; 1033 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_TXQ_NUM); 1034 } 1035 } 1036 1037 static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 1038 { 1039 struct hci_event_hdr *hdr = (void *)skb->data; 1040 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 1041 1042 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 1043 hdr->plen > 0) { 1044 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 1045 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 1046 1047 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1048 switch (skb->data[2]) { 1049 case 0x02: 1050 /* When switching to the operational firmware 1051 * the device sends a vendor specific event 1052 * indicating that the bootup completed. 1053 */ 1054 btintel_bootup(hdev, ptr, len); 1055 1056 /* If bootup event is from operational image, 1057 * driver needs to write sleep control register to 1058 * move into D0 state 1059 */ 1060 if (btintel_pcie_in_op(data)) { 1061 btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0); 1062 data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2; 1063 kfree_skb(skb); 1064 return 0; 1065 } 1066 1067 if (btintel_pcie_in_iml(data)) { 1068 /* In case of IML, there is no concept 1069 * of D0 transition. Just mimic as if 1070 * IML moved to D0 by clearing INTEL_WAIT_FOR_D0 1071 * bit and waking up the task waiting on 1072 * INTEL_WAIT_FOR_D0. This is required 1073 * as intel_boot() is common function for 1074 * both IML and OP image loading. 1075 */ 1076 if (btintel_test_and_clear_flag(data->hdev, 1077 INTEL_WAIT_FOR_D0)) 1078 btintel_wake_up_flag(data->hdev, 1079 INTEL_WAIT_FOR_D0); 1080 } 1081 kfree_skb(skb); 1082 return 0; 1083 case 0x06: 1084 /* When the firmware loading completes the 1085 * device sends out a vendor specific event 1086 * indicating the result of the firmware 1087 * loading. 1088 */ 1089 btintel_secure_send_result(hdev, ptr, len); 1090 kfree_skb(skb); 1091 return 0; 1092 } 1093 } 1094 1095 /* This is a debug event that comes from IML and OP image when it 1096 * starts execution. There is no need pass this event to stack. 1097 */ 1098 if (skb->data[2] == 0x97) { 1099 hci_recv_diag(hdev, skb); 1100 return 0; 1101 } 1102 } 1103 1104 return hci_recv_frame(hdev, skb); 1105 } 1106 /* Process the received rx data 1107 * It check the frame header to identify the data type and create skb 1108 * and calling HCI API 1109 */ 1110 static int btintel_pcie_recv_frame(struct btintel_pcie_data *data, 1111 struct sk_buff *skb) 1112 { 1113 int ret; 1114 u8 pkt_type; 1115 u16 plen; 1116 u32 pcie_pkt_type; 1117 void *pdata; 1118 struct hci_dev *hdev = data->hdev; 1119 1120 spin_lock(&data->hci_rx_lock); 1121 1122 /* The first 4 bytes indicates the Intel PCIe specific packet type */ 1123 pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN); 1124 if (!pdata) { 1125 bt_dev_err(hdev, "Corrupted packet received"); 1126 ret = -EILSEQ; 1127 goto exit_error; 1128 } 1129 1130 pcie_pkt_type = get_unaligned_le32(pdata); 1131 1132 switch (pcie_pkt_type) { 1133 case BTINTEL_PCIE_HCI_ACL_PKT: 1134 if (skb->len >= HCI_ACL_HDR_SIZE) { 1135 plen = HCI_ACL_HDR_SIZE + __le16_to_cpu(hci_acl_hdr(skb)->dlen); 1136 pkt_type = HCI_ACLDATA_PKT; 1137 } else { 1138 bt_dev_err(hdev, "ACL packet is too short"); 1139 ret = -EILSEQ; 1140 goto exit_error; 1141 } 1142 break; 1143 1144 case BTINTEL_PCIE_HCI_SCO_PKT: 1145 if (skb->len >= HCI_SCO_HDR_SIZE) { 1146 plen = HCI_SCO_HDR_SIZE + hci_sco_hdr(skb)->dlen; 1147 pkt_type = HCI_SCODATA_PKT; 1148 } else { 1149 bt_dev_err(hdev, "SCO packet is too short"); 1150 ret = -EILSEQ; 1151 goto exit_error; 1152 } 1153 break; 1154 1155 case BTINTEL_PCIE_HCI_EVT_PKT: 1156 if (skb->len >= HCI_EVENT_HDR_SIZE) { 1157 plen = HCI_EVENT_HDR_SIZE + hci_event_hdr(skb)->plen; 1158 pkt_type = HCI_EVENT_PKT; 1159 } else { 1160 bt_dev_err(hdev, "Event packet is too short"); 1161 ret = -EILSEQ; 1162 goto exit_error; 1163 } 1164 break; 1165 1166 case BTINTEL_PCIE_HCI_ISO_PKT: 1167 if (skb->len >= HCI_ISO_HDR_SIZE) { 1168 plen = HCI_ISO_HDR_SIZE + __le16_to_cpu(hci_iso_hdr(skb)->dlen); 1169 pkt_type = HCI_ISODATA_PKT; 1170 } else { 1171 bt_dev_err(hdev, "ISO packet is too short"); 1172 ret = -EILSEQ; 1173 goto exit_error; 1174 } 1175 break; 1176 1177 default: 1178 bt_dev_err(hdev, "Invalid packet type received: 0x%4.4x", 1179 pcie_pkt_type); 1180 ret = -EINVAL; 1181 goto exit_error; 1182 } 1183 1184 if (skb->len < plen) { 1185 bt_dev_err(hdev, "Received corrupted packet. type: 0x%2.2x", 1186 pkt_type); 1187 ret = -EILSEQ; 1188 goto exit_error; 1189 } 1190 1191 bt_dev_dbg(hdev, "pkt_type: 0x%2.2x len: %u", pkt_type, plen); 1192 1193 hci_skb_pkt_type(skb) = pkt_type; 1194 hdev->stat.byte_rx += plen; 1195 skb_trim(skb, plen); 1196 1197 if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT) 1198 ret = btintel_pcie_recv_event(hdev, skb); 1199 else 1200 ret = hci_recv_frame(hdev, skb); 1201 skb = NULL; /* skb is freed in the callee */ 1202 1203 exit_error: 1204 kfree_skb(skb); 1205 1206 if (ret) 1207 hdev->stat.err_rx++; 1208 1209 spin_unlock(&data->hci_rx_lock); 1210 1211 return ret; 1212 } 1213 1214 static void btintel_pcie_read_hwexp(struct btintel_pcie_data *data) 1215 { 1216 int len, err, offset, pending; 1217 struct sk_buff *skb; 1218 u8 *buf, prefix[64]; 1219 u32 addr, val; 1220 u16 pkt_len; 1221 1222 struct tlv { 1223 u8 type; 1224 __le16 len; 1225 u8 val[]; 1226 } __packed; 1227 1228 struct tlv *tlv; 1229 1230 switch (data->dmp_hdr.cnvi_top & 0xfff) { 1231 case BTINTEL_CNVI_BLAZARI: 1232 case BTINTEL_CNVI_BLAZARIW: 1233 /* only from step B0 onwards */ 1234 if (INTEL_CNVX_TOP_STEP(data->dmp_hdr.cnvi_top) != 0x01) 1235 return; 1236 len = BTINTEL_PCIE_BLZR_HWEXP_SIZE; /* exception data length */ 1237 addr = BTINTEL_PCIE_BLZR_HWEXP_DMP_ADDR; 1238 break; 1239 case BTINTEL_CNVI_SCP: 1240 len = BTINTEL_PCIE_SCP_HWEXP_SIZE; 1241 addr = BTINTEL_PCIE_SCP_HWEXP_DMP_ADDR; 1242 break; 1243 case BTINTEL_CNVI_SCP2: 1244 case BTINTEL_CNVI_SCP2F: 1245 len = BTINTEL_PCIE_SCP2_HWEXP_SIZE; 1246 addr = BTINTEL_PCIE_SCP2_HWEXP_DMP_ADDR; 1247 break; 1248 default: 1249 bt_dev_err(data->hdev, "Unsupported cnvi 0x%8.8x", data->dmp_hdr.cnvi_top); 1250 return; 1251 } 1252 1253 buf = kzalloc(len, GFP_KERNEL); 1254 if (!buf) 1255 goto exit_on_error; 1256 1257 btintel_pcie_mac_init(data); 1258 1259 err = btintel_pcie_read_device_mem(data, buf, addr, len); 1260 if (err) 1261 goto exit_on_error; 1262 1263 val = get_unaligned_le32(buf); 1264 if (val != BTINTEL_PCIE_MAGIC_NUM) { 1265 bt_dev_err(data->hdev, "Invalid exception dump signature: 0x%8.8x", 1266 val); 1267 goto exit_on_error; 1268 } 1269 1270 snprintf(prefix, sizeof(prefix), "Bluetooth: %s: ", bt_dev_name(data->hdev)); 1271 1272 offset = 4; 1273 do { 1274 pending = len - offset; 1275 if (pending < sizeof(*tlv)) 1276 break; 1277 tlv = (struct tlv *)(buf + offset); 1278 1279 /* If type == 0, then there are no more TLVs to be parsed */ 1280 if (!tlv->type) { 1281 bt_dev_dbg(data->hdev, "Invalid TLV type 0"); 1282 break; 1283 } 1284 pkt_len = le16_to_cpu(tlv->len); 1285 offset += sizeof(*tlv); 1286 pending = len - offset; 1287 if (pkt_len > pending) 1288 break; 1289 1290 offset += pkt_len; 1291 1292 /* Only TLVs of type == 1 are HCI events, no need to process other 1293 * TLVs 1294 */ 1295 if (tlv->type != 1) 1296 continue; 1297 1298 bt_dev_dbg(data->hdev, "TLV packet length: %u", pkt_len); 1299 if (pkt_len > HCI_MAX_EVENT_SIZE) 1300 break; 1301 skb = bt_skb_alloc(pkt_len, GFP_KERNEL); 1302 if (!skb) 1303 goto exit_on_error; 1304 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1305 skb_put_data(skb, tlv->val, pkt_len); 1306 1307 /* copy Intel specific pcie packet type */ 1308 val = BTINTEL_PCIE_HCI_EVT_PKT; 1309 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &val, 1310 BTINTEL_PCIE_HCI_TYPE_LEN); 1311 1312 print_hex_dump(KERN_DEBUG, prefix, DUMP_PREFIX_OFFSET, 16, 1, 1313 tlv->val, pkt_len, false); 1314 1315 btintel_pcie_recv_frame(data, skb); 1316 } while (offset < len); 1317 1318 exit_on_error: 1319 kfree(buf); 1320 } 1321 1322 static void btintel_pcie_msix_hw_exp_handler(struct btintel_pcie_data *data) 1323 { 1324 bt_dev_err(data->hdev, "Received hw exception interrupt"); 1325 1326 if (test_and_set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags)) 1327 return; 1328 1329 if (test_and_set_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags)) 1330 return; 1331 1332 /* Trigger device core dump when there is HW exception */ 1333 if (!test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) 1334 data->dmp_hdr.trigger_reason = BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT; 1335 1336 queue_work(data->workqueue, &data->rx_work); 1337 } 1338 1339 static void btintel_pcie_rx_work(struct work_struct *work) 1340 { 1341 struct btintel_pcie_data *data = container_of(work, 1342 struct btintel_pcie_data, rx_work); 1343 struct sk_buff *skb; 1344 1345 if (test_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) { 1346 btintel_pcie_dump_traces(data->hdev); 1347 clear_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags); 1348 } 1349 1350 if (test_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags)) { 1351 /* Unlike usb products, controller will not send hardware 1352 * exception event on exception. Instead controller writes the 1353 * hardware event to device memory along with optional debug 1354 * events, raises MSIX and halts. Driver shall read the 1355 * exception event from device memory and passes it stack for 1356 * further processing. 1357 */ 1358 btintel_pcie_read_hwexp(data); 1359 clear_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags); 1360 } 1361 1362 /* Process the sk_buf in queue and send to the HCI layer */ 1363 while ((skb = skb_dequeue(&data->rx_skb_q))) { 1364 btintel_pcie_recv_frame(data, skb); 1365 } 1366 } 1367 1368 /* create sk_buff with data and save it to queue and start RX work */ 1369 static int btintel_pcie_submit_rx_work(struct btintel_pcie_data *data, u8 status, 1370 void *buf) 1371 { 1372 int ret, len; 1373 struct rfh_hdr *rfh_hdr; 1374 struct sk_buff *skb; 1375 1376 rfh_hdr = buf; 1377 1378 len = rfh_hdr->packet_len; 1379 if (len <= 0) { 1380 ret = -EINVAL; 1381 goto resubmit; 1382 } 1383 1384 /* Remove RFH header */ 1385 buf += sizeof(*rfh_hdr); 1386 1387 skb = alloc_skb(len, GFP_ATOMIC); 1388 if (!skb) 1389 goto resubmit; 1390 1391 skb_put_data(skb, buf, len); 1392 skb_queue_tail(&data->rx_skb_q, skb); 1393 queue_work(data->workqueue, &data->rx_work); 1394 1395 resubmit: 1396 ret = btintel_pcie_submit_rx(data); 1397 1398 return ret; 1399 } 1400 1401 /* Handles the MSI-X interrupt for rx queue 1 which is for RX */ 1402 static void btintel_pcie_msix_rx_handle(struct btintel_pcie_data *data) 1403 { 1404 u16 cr_hia, cr_tia; 1405 struct rxq *rxq; 1406 struct urbd1 *urbd1; 1407 struct data_buf *buf; 1408 int ret; 1409 struct hci_dev *hdev = data->hdev; 1410 1411 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM]; 1412 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM]; 1413 1414 bt_dev_dbg(hdev, "RXQ: cr_hia: %u cr_tia: %u", cr_hia, cr_tia); 1415 1416 /* Check CR_TIA and CR_HIA for change */ 1417 if (cr_tia == cr_hia) 1418 return; 1419 1420 rxq = &data->rxq; 1421 1422 /* The firmware sends multiple CD in a single MSI-X and it needs to 1423 * process all received CDs in this interrupt. 1424 */ 1425 while (cr_tia != cr_hia) { 1426 urbd1 = &rxq->urbd1s[cr_tia]; 1427 ipc_print_urbd1(data->hdev, urbd1, cr_tia); 1428 1429 buf = &rxq->bufs[urbd1->frbd_tag]; 1430 if (!buf) { 1431 bt_dev_err(hdev, "RXQ: failed to get the DMA buffer for %d", 1432 urbd1->frbd_tag); 1433 return; 1434 } 1435 1436 ret = btintel_pcie_submit_rx_work(data, urbd1->status, 1437 buf->data); 1438 if (ret) { 1439 bt_dev_err(hdev, "RXQ: failed to submit rx request"); 1440 return; 1441 } 1442 1443 cr_tia = (cr_tia + 1) % rxq->count; 1444 data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM] = cr_tia; 1445 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM); 1446 } 1447 } 1448 1449 static inline bool btintel_pcie_is_rxq_empty(struct btintel_pcie_data *data) 1450 { 1451 return data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM] == data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM]; 1452 } 1453 1454 static inline bool btintel_pcie_is_txackq_empty(struct btintel_pcie_data *data) 1455 { 1456 return data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] == data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM]; 1457 } 1458 1459 static irqreturn_t btintel_pcie_irq_msix_handler(int irq, void *dev_id) 1460 { 1461 struct msix_entry *entry = dev_id; 1462 struct btintel_pcie_data *data = btintel_pcie_get_data(entry); 1463 u32 intr_fh, intr_hw; 1464 1465 spin_lock(&data->irq_lock); 1466 intr_fh = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES); 1467 intr_hw = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES); 1468 1469 /* Clear causes registers to avoid being handling the same cause */ 1470 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES, intr_fh); 1471 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, intr_hw); 1472 spin_unlock(&data->irq_lock); 1473 1474 if (unlikely(!(intr_fh | intr_hw))) { 1475 /* Ignore interrupt, inta == 0 */ 1476 return IRQ_NONE; 1477 } 1478 1479 /* This interrupt is raised when there is an hardware exception */ 1480 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_HWEXP) 1481 btintel_pcie_msix_hw_exp_handler(data); 1482 1483 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP1) 1484 btintel_pcie_msix_gp1_handler(data); 1485 1486 1487 /* For TX */ 1488 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0) { 1489 btintel_pcie_msix_tx_handle(data); 1490 if (!btintel_pcie_is_rxq_empty(data)) 1491 btintel_pcie_msix_rx_handle(data); 1492 } 1493 1494 /* For RX */ 1495 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1) { 1496 btintel_pcie_msix_rx_handle(data); 1497 if (!btintel_pcie_is_txackq_empty(data)) 1498 btintel_pcie_msix_tx_handle(data); 1499 } 1500 1501 /* This interrupt is triggered by the firmware after updating 1502 * boot_stage register and image_response register 1503 */ 1504 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0) 1505 btintel_pcie_msix_gp0_handler(data); 1506 1507 /* 1508 * Before sending the interrupt the HW disables it to prevent a nested 1509 * interrupt. This is done by writing 1 to the corresponding bit in 1510 * the mask register. After handling the interrupt, it should be 1511 * re-enabled by clearing this bit. This register is defined as write 1 1512 * clear (W1C) register, meaning that it's cleared by writing 1 1513 * to the bit. 1514 */ 1515 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_AUTOMASK_ST, 1516 BIT(entry->entry)); 1517 1518 return IRQ_HANDLED; 1519 } 1520 1521 /* This function requests the irq for MSI-X and registers the handlers per irq. 1522 * Currently, it requests only 1 irq for all interrupt causes. 1523 */ 1524 static int btintel_pcie_setup_irq(struct btintel_pcie_data *data) 1525 { 1526 int err; 1527 int num_irqs, i; 1528 1529 for (i = 0; i < BTINTEL_PCIE_MSIX_VEC_MAX; i++) 1530 data->msix_entries[i].entry = i; 1531 1532 num_irqs = pci_alloc_irq_vectors(data->pdev, BTINTEL_PCIE_MSIX_VEC_MIN, 1533 BTINTEL_PCIE_MSIX_VEC_MAX, PCI_IRQ_MSIX); 1534 if (num_irqs < 0) 1535 return num_irqs; 1536 1537 data->alloc_vecs = num_irqs; 1538 data->msix_enabled = 1; 1539 data->def_irq = 0; 1540 1541 /* setup irq handler */ 1542 for (i = 0; i < data->alloc_vecs; i++) { 1543 struct msix_entry *msix_entry; 1544 1545 msix_entry = &data->msix_entries[i]; 1546 msix_entry->vector = pci_irq_vector(data->pdev, i); 1547 1548 err = devm_request_threaded_irq(&data->pdev->dev, 1549 msix_entry->vector, 1550 NULL, 1551 btintel_pcie_irq_msix_handler, 1552 IRQF_ONESHOT | IRQF_SHARED, 1553 KBUILD_MODNAME, 1554 msix_entry); 1555 if (err) { 1556 pci_free_irq_vectors(data->pdev); 1557 data->alloc_vecs = 0; 1558 return err; 1559 } 1560 } 1561 return 0; 1562 } 1563 1564 struct btintel_pcie_causes_list { 1565 u32 cause; 1566 u32 mask_reg; 1567 u8 cause_num; 1568 }; 1569 1570 static struct btintel_pcie_causes_list causes_list[] = { 1571 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x00 }, 1572 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x01 }, 1573 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x20 }, 1574 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_HWEXP, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x23 }, 1575 }; 1576 1577 /* This function configures the interrupt masks for both HW_INT_CAUSES and 1578 * FH_INT_CAUSES which are meaningful to us. 1579 * 1580 * After resetting BT function via PCIE FLR or FUNC_CTRL reset, the driver 1581 * need to call this function again to configure since the masks 1582 * are reset to 0xFFFFFFFF after reset. 1583 */ 1584 static void btintel_pcie_config_msix(struct btintel_pcie_data *data) 1585 { 1586 int i; 1587 int val = data->def_irq | BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE; 1588 1589 /* Set Non Auto Clear Cause */ 1590 for (i = 0; i < ARRAY_SIZE(causes_list); i++) { 1591 btintel_pcie_wr_reg8(data, 1592 BTINTEL_PCIE_CSR_MSIX_IVAR(causes_list[i].cause_num), 1593 val); 1594 btintel_pcie_clr_reg_bits(data, 1595 causes_list[i].mask_reg, 1596 causes_list[i].cause); 1597 } 1598 1599 /* Save the initial interrupt mask */ 1600 data->fh_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK); 1601 data->hw_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK); 1602 } 1603 1604 static int btintel_pcie_config_pcie(struct pci_dev *pdev, 1605 struct btintel_pcie_data *data) 1606 { 1607 int err; 1608 1609 err = pcim_enable_device(pdev); 1610 if (err) 1611 return err; 1612 1613 pci_set_master(pdev); 1614 1615 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64)); 1616 if (err) { 1617 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32)); 1618 if (err) 1619 return err; 1620 } 1621 1622 data->base_addr = pcim_iomap_region(pdev, 0, KBUILD_MODNAME); 1623 if (IS_ERR(data->base_addr)) 1624 return PTR_ERR(data->base_addr); 1625 1626 err = btintel_pcie_setup_irq(data); 1627 if (err) 1628 return err; 1629 1630 /* Configure MSI-X with causes list */ 1631 btintel_pcie_config_msix(data); 1632 1633 return 0; 1634 } 1635 1636 static void btintel_pcie_init_ci(struct btintel_pcie_data *data, 1637 struct ctx_info *ci) 1638 { 1639 ci->version = 0x1; 1640 ci->size = sizeof(*ci); 1641 ci->config = 0x0000; 1642 ci->addr_cr_hia = data->ia.cr_hia_p_addr; 1643 ci->addr_tr_tia = data->ia.tr_tia_p_addr; 1644 ci->addr_cr_tia = data->ia.cr_tia_p_addr; 1645 ci->addr_tr_hia = data->ia.tr_hia_p_addr; 1646 ci->num_cr_ia = BTINTEL_PCIE_NUM_QUEUES; 1647 ci->num_tr_ia = BTINTEL_PCIE_NUM_QUEUES; 1648 ci->addr_urbdq0 = data->txq.urbd0s_p_addr; 1649 ci->addr_tfdq = data->txq.tfds_p_addr; 1650 ci->num_tfdq = data->txq.count; 1651 ci->num_urbdq0 = data->txq.count; 1652 ci->tfdq_db_vec = BTINTEL_PCIE_TXQ_NUM; 1653 ci->urbdq0_db_vec = BTINTEL_PCIE_TXQ_NUM; 1654 ci->rbd_size = BTINTEL_PCIE_RBD_SIZE_4K; 1655 ci->addr_frbdq = data->rxq.frbds_p_addr; 1656 ci->num_frbdq = data->rxq.count; 1657 ci->frbdq_db_vec = BTINTEL_PCIE_RXQ_NUM; 1658 ci->addr_urbdq1 = data->rxq.urbd1s_p_addr; 1659 ci->num_urbdq1 = data->rxq.count; 1660 ci->urbdq_db_vec = BTINTEL_PCIE_RXQ_NUM; 1661 1662 ci->dbg_output_mode = 0x01; 1663 ci->dbgc_addr = data->dbgc.frag_p_addr; 1664 ci->dbgc_size = data->dbgc.frag_size; 1665 ci->dbg_preset = 0x00; 1666 } 1667 1668 static void btintel_pcie_free_txq_bufs(struct btintel_pcie_data *data, 1669 struct txq *txq) 1670 { 1671 /* Free data buffers first */ 1672 dma_free_coherent(&data->pdev->dev, txq->count * BTINTEL_PCIE_BUFFER_SIZE, 1673 txq->buf_v_addr, txq->buf_p_addr); 1674 kfree(txq->bufs); 1675 } 1676 1677 static int btintel_pcie_setup_txq_bufs(struct btintel_pcie_data *data, 1678 struct txq *txq) 1679 { 1680 int i; 1681 struct data_buf *buf; 1682 1683 /* Allocate the same number of buffers as the descriptor */ 1684 txq->bufs = kmalloc_objs(*buf, txq->count); 1685 if (!txq->bufs) 1686 return -ENOMEM; 1687 1688 /* Allocate full chunk of data buffer for DMA first and do indexing and 1689 * initialization next, so it can be freed easily 1690 */ 1691 txq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev, 1692 txq->count * BTINTEL_PCIE_BUFFER_SIZE, 1693 &txq->buf_p_addr, 1694 GFP_KERNEL | __GFP_NOWARN); 1695 if (!txq->buf_v_addr) { 1696 kfree(txq->bufs); 1697 return -ENOMEM; 1698 } 1699 1700 /* Setup the allocated DMA buffer to bufs. Each data_buf should 1701 * have virtual address and physical address 1702 */ 1703 for (i = 0; i < txq->count; i++) { 1704 buf = &txq->bufs[i]; 1705 buf->data_p_addr = txq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1706 buf->data = txq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1707 } 1708 1709 return 0; 1710 } 1711 1712 static void btintel_pcie_free_rxq_bufs(struct btintel_pcie_data *data, 1713 struct rxq *rxq) 1714 { 1715 /* Free data buffers first */ 1716 dma_free_coherent(&data->pdev->dev, rxq->count * BTINTEL_PCIE_BUFFER_SIZE, 1717 rxq->buf_v_addr, rxq->buf_p_addr); 1718 kfree(rxq->bufs); 1719 } 1720 1721 static int btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data *data, 1722 struct rxq *rxq) 1723 { 1724 int i; 1725 struct data_buf *buf; 1726 1727 /* Allocate the same number of buffers as the descriptor */ 1728 rxq->bufs = kmalloc_objs(*buf, rxq->count); 1729 if (!rxq->bufs) 1730 return -ENOMEM; 1731 1732 /* Allocate full chunk of data buffer for DMA first and do indexing and 1733 * initialization next, so it can be freed easily 1734 */ 1735 rxq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev, 1736 rxq->count * BTINTEL_PCIE_BUFFER_SIZE, 1737 &rxq->buf_p_addr, 1738 GFP_KERNEL | __GFP_NOWARN); 1739 if (!rxq->buf_v_addr) { 1740 kfree(rxq->bufs); 1741 return -ENOMEM; 1742 } 1743 1744 /* Setup the allocated DMA buffer to bufs. Each data_buf should 1745 * have virtual address and physical address 1746 */ 1747 for (i = 0; i < rxq->count; i++) { 1748 buf = &rxq->bufs[i]; 1749 buf->data_p_addr = rxq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1750 buf->data = rxq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1751 } 1752 1753 return 0; 1754 } 1755 1756 static void btintel_pcie_free(struct btintel_pcie_data *data) 1757 { 1758 btintel_pcie_free_rxq_bufs(data, &data->rxq); 1759 btintel_pcie_free_txq_bufs(data, &data->txq); 1760 1761 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr); 1762 dma_pool_destroy(data->dma_pool); 1763 } 1764 1765 /* Allocate tx and rx queues, any related data structures and buffers. 1766 */ 1767 static int btintel_pcie_alloc(struct btintel_pcie_data *data) 1768 { 1769 int err = 0; 1770 size_t total; 1771 dma_addr_t p_addr; 1772 void *v_addr; 1773 size_t tfd_size, frbd_size, ctx_size, ci_size, urbd0_size, urbd1_size; 1774 1775 /* Allocate the chunk of DMA memory for descriptors, index array, and 1776 * context information, instead of allocating individually. 1777 * The DMA memory for data buffer is allocated while setting up the 1778 * each queue. 1779 * 1780 * Total size is sum of the following and each of the individual sizes 1781 * are aligned to 128 bytes before adding up. 1782 * 1783 * + size of TFD * Number of descriptors in queue 1784 * + size of URBD0 * Number of descriptors in queue 1785 * + size of FRBD * Number of descriptors in queue 1786 * + size of URBD1 * Number of descriptors in queue 1787 * + size of index * Number of queues(2) * type of index array(4) 1788 * + size of context information 1789 */ 1790 tfd_size = ALIGN(sizeof(struct tfd) * BTINTEL_PCIE_TX_DESCS_COUNT, 1791 BTINTEL_PCIE_DMA_ALIGN_128B); 1792 urbd0_size = ALIGN(sizeof(struct urbd0) * BTINTEL_PCIE_TX_DESCS_COUNT, 1793 BTINTEL_PCIE_DMA_ALIGN_128B); 1794 1795 frbd_size = ALIGN(sizeof(struct frbd) * BTINTEL_PCIE_RX_DESCS_COUNT, 1796 BTINTEL_PCIE_DMA_ALIGN_128B); 1797 urbd1_size = ALIGN(sizeof(struct urbd1) * BTINTEL_PCIE_RX_DESCS_COUNT, 1798 BTINTEL_PCIE_DMA_ALIGN_128B); 1799 1800 ci_size = ALIGN(sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES, 1801 BTINTEL_PCIE_DMA_ALIGN_128B); 1802 1803 ctx_size = ALIGN(sizeof(struct ctx_info), BTINTEL_PCIE_DMA_ALIGN_128B); 1804 1805 total = tfd_size + urbd0_size + frbd_size + urbd1_size + ctx_size + ci_size * 4; 1806 1807 data->dma_pool = dma_pool_create(KBUILD_MODNAME, &data->pdev->dev, 1808 total, BTINTEL_PCIE_DMA_ALIGN_128B, 0); 1809 if (!data->dma_pool) { 1810 err = -ENOMEM; 1811 goto exit_error; 1812 } 1813 1814 v_addr = dma_pool_zalloc(data->dma_pool, GFP_KERNEL | __GFP_NOWARN, 1815 &p_addr); 1816 if (!v_addr) { 1817 dma_pool_destroy(data->dma_pool); 1818 err = -ENOMEM; 1819 goto exit_error; 1820 } 1821 1822 data->dma_p_addr = p_addr; 1823 data->dma_v_addr = v_addr; 1824 1825 /* Setup descriptor count */ 1826 data->txq.count = BTINTEL_PCIE_TX_DESCS_COUNT; 1827 data->rxq.count = BTINTEL_PCIE_RX_DESCS_COUNT; 1828 1829 /* Setup tfds */ 1830 data->txq.tfds_p_addr = p_addr; 1831 data->txq.tfds = v_addr; 1832 1833 p_addr += tfd_size; 1834 v_addr += tfd_size; 1835 1836 /* Setup urbd0 */ 1837 data->txq.urbd0s_p_addr = p_addr; 1838 data->txq.urbd0s = v_addr; 1839 1840 p_addr += urbd0_size; 1841 v_addr += urbd0_size; 1842 1843 /* Setup FRBD*/ 1844 data->rxq.frbds_p_addr = p_addr; 1845 data->rxq.frbds = v_addr; 1846 1847 p_addr += frbd_size; 1848 v_addr += frbd_size; 1849 1850 /* Setup urbd1 */ 1851 data->rxq.urbd1s_p_addr = p_addr; 1852 data->rxq.urbd1s = v_addr; 1853 1854 p_addr += urbd1_size; 1855 v_addr += urbd1_size; 1856 1857 /* Setup data buffers for txq */ 1858 err = btintel_pcie_setup_txq_bufs(data, &data->txq); 1859 if (err) 1860 goto exit_error_pool; 1861 1862 /* Setup data buffers for rxq */ 1863 err = btintel_pcie_setup_rxq_bufs(data, &data->rxq); 1864 if (err) 1865 goto exit_error_txq; 1866 1867 /* TR Head Index Array */ 1868 data->ia.tr_hia_p_addr = p_addr; 1869 data->ia.tr_hia = v_addr; 1870 p_addr += ci_size; 1871 v_addr += ci_size; 1872 1873 /* TR Tail Index Array */ 1874 data->ia.tr_tia_p_addr = p_addr; 1875 data->ia.tr_tia = v_addr; 1876 p_addr += ci_size; 1877 v_addr += ci_size; 1878 1879 /* CR Head index Array */ 1880 data->ia.cr_hia_p_addr = p_addr; 1881 data->ia.cr_hia = v_addr; 1882 p_addr += ci_size; 1883 v_addr += ci_size; 1884 1885 /* CR Tail Index Array */ 1886 data->ia.cr_tia_p_addr = p_addr; 1887 data->ia.cr_tia = v_addr; 1888 p_addr += ci_size; 1889 v_addr += ci_size; 1890 1891 /* Setup data buffers for dbgc */ 1892 err = btintel_pcie_setup_dbgc(data); 1893 if (err) 1894 goto exit_error_txq; 1895 1896 /* Setup Context Information */ 1897 data->ci = v_addr; 1898 data->ci_p_addr = p_addr; 1899 1900 /* Initialize the CI */ 1901 btintel_pcie_init_ci(data, data->ci); 1902 1903 return 0; 1904 1905 exit_error_txq: 1906 btintel_pcie_free_txq_bufs(data, &data->txq); 1907 exit_error_pool: 1908 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr); 1909 dma_pool_destroy(data->dma_pool); 1910 exit_error: 1911 return err; 1912 } 1913 1914 static int btintel_pcie_open(struct hci_dev *hdev) 1915 { 1916 bt_dev_dbg(hdev, ""); 1917 1918 return 0; 1919 } 1920 1921 static int btintel_pcie_close(struct hci_dev *hdev) 1922 { 1923 bt_dev_dbg(hdev, ""); 1924 1925 return 0; 1926 } 1927 1928 static int btintel_pcie_inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1929 { 1930 struct sk_buff *skb; 1931 struct hci_event_hdr *hdr; 1932 struct hci_ev_cmd_complete *evt; 1933 1934 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 1935 if (!skb) 1936 return -ENOMEM; 1937 1938 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); 1939 hdr->evt = HCI_EV_CMD_COMPLETE; 1940 hdr->plen = sizeof(*evt) + 1; 1941 1942 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); 1943 evt->ncmd = 0x01; 1944 evt->opcode = cpu_to_le16(opcode); 1945 1946 *(u8 *)skb_put(skb, 1) = 0x00; 1947 1948 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1949 1950 return hci_recv_frame(hdev, skb); 1951 } 1952 1953 static int btintel_pcie_send_frame(struct hci_dev *hdev, 1954 struct sk_buff *skb) 1955 { 1956 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 1957 struct hci_command_hdr *cmd; 1958 __u16 opcode = ~0; 1959 int ret; 1960 u32 type; 1961 1962 if (test_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags)) 1963 return -ENODEV; 1964 1965 /* Due to the fw limitation, the type header of the packet should be 1966 * 4 bytes unlike 1 byte for UART. In UART, the firmware can read 1967 * the first byte to get the packet type and redirect the rest of data 1968 * packet to the right handler. 1969 * 1970 * But for PCIe, THF(Transfer Flow Handler) fetches the 4 bytes of data 1971 * from DMA memory and by the time it reads the first 4 bytes, it has 1972 * already consumed some part of packet. Thus the packet type indicator 1973 * for iBT PCIe is 4 bytes. 1974 * 1975 * Luckily, when HCI core creates the skb, it allocates 8 bytes of 1976 * head room for profile and driver use, and before sending the data 1977 * to the device, append the iBT PCIe packet type in the front. 1978 */ 1979 switch (hci_skb_pkt_type(skb)) { 1980 case HCI_COMMAND_PKT: 1981 type = BTINTEL_PCIE_HCI_CMD_PKT; 1982 cmd = (void *)skb->data; 1983 opcode = le16_to_cpu(cmd->opcode); 1984 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1985 struct hci_command_hdr *cmd = (void *)skb->data; 1986 __u16 opcode = le16_to_cpu(cmd->opcode); 1987 1988 /* When the BTINTEL_HCI_OP_RESET command is issued to 1989 * boot into the operational firmware, it will actually 1990 * not send a command complete event. To keep the flow 1991 * control working inject that event here. 1992 */ 1993 if (opcode == BTINTEL_HCI_OP_RESET) 1994 btintel_pcie_inject_cmd_complete(hdev, opcode); 1995 } 1996 1997 hdev->stat.cmd_tx++; 1998 break; 1999 case HCI_ACLDATA_PKT: 2000 type = BTINTEL_PCIE_HCI_ACL_PKT; 2001 hdev->stat.acl_tx++; 2002 break; 2003 case HCI_SCODATA_PKT: 2004 type = BTINTEL_PCIE_HCI_SCO_PKT; 2005 hdev->stat.sco_tx++; 2006 break; 2007 case HCI_ISODATA_PKT: 2008 type = BTINTEL_PCIE_HCI_ISO_PKT; 2009 break; 2010 default: 2011 bt_dev_err(hdev, "Unknown HCI packet type"); 2012 return -EILSEQ; 2013 } 2014 2015 ret = btintel_pcie_send_sync(data, skb, type, opcode); 2016 if (ret) { 2017 hdev->stat.err_tx++; 2018 bt_dev_err(hdev, "Failed to send frame (%d)", ret); 2019 goto exit_error; 2020 } 2021 2022 hdev->stat.byte_tx += skb->len; 2023 kfree_skb(skb); 2024 2025 exit_error: 2026 return ret; 2027 } 2028 2029 static void btintel_pcie_release_hdev(struct btintel_pcie_data *data) 2030 { 2031 struct hci_dev *hdev; 2032 2033 hdev = data->hdev; 2034 hci_unregister_dev(hdev); 2035 hci_free_dev(hdev); 2036 data->hdev = NULL; 2037 } 2038 2039 static void btintel_pcie_disable_interrupts(struct btintel_pcie_data *data) 2040 { 2041 spin_lock(&data->irq_lock); 2042 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, data->fh_init_mask); 2043 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, data->hw_init_mask); 2044 spin_unlock(&data->irq_lock); 2045 } 2046 2047 static void btintel_pcie_enable_interrupts(struct btintel_pcie_data *data) 2048 { 2049 spin_lock(&data->irq_lock); 2050 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, ~data->fh_init_mask); 2051 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, ~data->hw_init_mask); 2052 spin_unlock(&data->irq_lock); 2053 } 2054 2055 static void btintel_pcie_synchronize_irqs(struct btintel_pcie_data *data) 2056 { 2057 for (int i = 0; i < data->alloc_vecs; i++) 2058 synchronize_irq(data->msix_entries[i].vector); 2059 } 2060 2061 static int btintel_pcie_setup_internal(struct hci_dev *hdev) 2062 { 2063 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 2064 const u8 param[1] = { 0xFF }; 2065 struct intel_version_tlv ver_tlv; 2066 struct sk_buff *skb; 2067 int err; 2068 2069 BT_DBG("%s", hdev->name); 2070 2071 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 2072 if (IS_ERR(skb)) { 2073 bt_dev_err(hdev, "Reading Intel version command failed (%ld)", 2074 PTR_ERR(skb)); 2075 return PTR_ERR(skb); 2076 } 2077 2078 /* Check the status */ 2079 if (skb->data[0]) { 2080 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 2081 skb->data[0]); 2082 err = -EIO; 2083 goto exit_error; 2084 } 2085 2086 /* Apply the common HCI quirks for Intel device */ 2087 hci_set_quirk(hdev, HCI_QUIRK_STRICT_DUPLICATE_FILTER); 2088 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 2089 hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_DIAG); 2090 2091 /* Set up the quality report callback for Intel devices */ 2092 hdev->set_quality_report = btintel_set_quality_report; 2093 2094 memset(&ver_tlv, 0, sizeof(ver_tlv)); 2095 /* For TLV type device, parse the tlv data */ 2096 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); 2097 if (err) { 2098 bt_dev_err(hdev, "Failed to parse TLV version information"); 2099 goto exit_error; 2100 } 2101 2102 switch (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)) { 2103 case 0x37: 2104 break; 2105 default: 2106 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 2107 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); 2108 err = -EINVAL; 2109 goto exit_error; 2110 } 2111 2112 /* Check for supported iBT hardware variants of this firmware 2113 * loading method. 2114 * 2115 * This check has been put in place to ensure correct forward 2116 * compatibility options when newer hardware variants come 2117 * along. 2118 */ 2119 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { 2120 case 0x1e: /* BzrI */ 2121 case 0x1f: /* ScP */ 2122 case 0x20: /* ScP2 */ 2123 case 0x21: /* ScP2 F */ 2124 case 0x22: /* BzrIW */ 2125 /* Display version information of TLV type */ 2126 btintel_version_info_tlv(hdev, &ver_tlv); 2127 2128 /* Apply the device specific HCI quirks for TLV based devices 2129 * 2130 * All TLV based devices support WBS 2131 */ 2132 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 2133 2134 /* Setup MSFT Extension support */ 2135 btintel_set_msft_opcode(hdev, 2136 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2137 2138 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); 2139 if (err) 2140 goto exit_error; 2141 break; 2142 default: 2143 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2144 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2145 err = -EINVAL; 2146 goto exit_error; 2147 break; 2148 } 2149 2150 data->dmp_hdr.cnvi_top = ver_tlv.cnvi_top; 2151 data->dmp_hdr.cnvr_top = ver_tlv.cnvr_top; 2152 data->dmp_hdr.fw_timestamp = ver_tlv.timestamp; 2153 data->dmp_hdr.fw_build_type = ver_tlv.build_type; 2154 data->dmp_hdr.fw_build_num = ver_tlv.build_num; 2155 data->dmp_hdr.cnvi_bt = ver_tlv.cnvi_bt; 2156 2157 if (ver_tlv.img_type == 0x02 || ver_tlv.img_type == 0x03) 2158 data->dmp_hdr.fw_git_sha1 = ver_tlv.git_sha1; 2159 2160 btintel_print_fseq_info(hdev); 2161 exit_error: 2162 kfree_skb(skb); 2163 2164 return err; 2165 } 2166 2167 static int btintel_pcie_setup(struct hci_dev *hdev) 2168 { 2169 int err, fw_dl_retry = 0; 2170 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 2171 2172 while ((err = btintel_pcie_setup_internal(hdev)) && fw_dl_retry++ < 1) { 2173 bt_dev_err(hdev, "Firmware download retry count: %d", 2174 fw_dl_retry); 2175 btintel_pcie_dump_debug_registers(hdev); 2176 btintel_pcie_disable_interrupts(data); 2177 btintel_pcie_synchronize_irqs(data); 2178 err = btintel_pcie_reset_bt(data); 2179 if (err) { 2180 bt_dev_err(hdev, "Failed to do shr reset: %d", err); 2181 break; 2182 } 2183 usleep_range(10000, 12000); 2184 btintel_pcie_reset_ia(data); 2185 btintel_pcie_enable_interrupts(data); 2186 btintel_pcie_config_msix(data); 2187 err = btintel_pcie_enable_bt(data); 2188 if (err) { 2189 bt_dev_err(hdev, "Failed to enable hardware: %d", err); 2190 break; 2191 } 2192 btintel_pcie_start_rx(data); 2193 } 2194 2195 if (!err) 2196 set_bit(BTINTEL_PCIE_SETUP_DONE, &data->flags); 2197 return err; 2198 } 2199 2200 static struct btintel_pcie_dev_recovery * 2201 btintel_pcie_get_recovery(struct pci_dev *pdev, struct device *dev) 2202 { 2203 struct btintel_pcie_dev_recovery *tmp, *data = NULL; 2204 const char *name = pci_name(pdev); 2205 const size_t name_len = strlen(name) + 1; 2206 struct hci_dev *hdev = to_hci_dev(dev); 2207 2208 spin_lock(&btintel_pcie_recovery_lock); 2209 list_for_each_entry(tmp, &btintel_pcie_recovery_list, list) { 2210 if (strcmp(tmp->name, name)) 2211 continue; 2212 data = tmp; 2213 break; 2214 } 2215 spin_unlock(&btintel_pcie_recovery_lock); 2216 2217 if (data) { 2218 bt_dev_dbg(hdev, "Found restart data for BDF: %s", data->name); 2219 return data; 2220 } 2221 2222 data = kzalloc_flex(*data, name, name_len, GFP_ATOMIC); 2223 if (!data) 2224 return NULL; 2225 2226 strscpy(data->name, name, name_len); 2227 spin_lock(&btintel_pcie_recovery_lock); 2228 list_add_tail(&data->list, &btintel_pcie_recovery_list); 2229 spin_unlock(&btintel_pcie_recovery_lock); 2230 2231 return data; 2232 } 2233 2234 static void btintel_pcie_free_restart_list(void) 2235 { 2236 struct btintel_pcie_dev_recovery *tmp; 2237 2238 while ((tmp = list_first_entry_or_null(&btintel_pcie_recovery_list, 2239 typeof(*tmp), list))) { 2240 list_del(&tmp->list); 2241 kfree(tmp); 2242 } 2243 } 2244 2245 static void btintel_pcie_inc_recovery_count(struct pci_dev *pdev, 2246 struct device *dev) 2247 { 2248 struct btintel_pcie_dev_recovery *data; 2249 time64_t retry_window; 2250 2251 data = btintel_pcie_get_recovery(pdev, dev); 2252 if (!data) 2253 return; 2254 2255 retry_window = ktime_get_boottime_seconds() - data->last_error; 2256 if (data->count == 0) { 2257 data->last_error = ktime_get_boottime_seconds(); 2258 data->count++; 2259 } else if (retry_window < BTINTEL_PCIE_RESET_WINDOW_SECS && 2260 data->count <= BTINTEL_PCIE_FLR_MAX_RETRY) { 2261 data->count++; 2262 } else if (retry_window > BTINTEL_PCIE_RESET_WINDOW_SECS) { 2263 data->last_error = 0; 2264 data->count = 0; 2265 } 2266 } 2267 2268 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data); 2269 2270 static void btintel_pcie_removal_work(struct work_struct *wk) 2271 { 2272 struct btintel_pcie_removal *removal = 2273 container_of(wk, struct btintel_pcie_removal, work); 2274 struct pci_dev *pdev = removal->pdev; 2275 struct btintel_pcie_data *data; 2276 int err; 2277 2278 pci_lock_rescan_remove(); 2279 2280 if (!pdev->bus) 2281 goto error; 2282 2283 data = pci_get_drvdata(pdev); 2284 2285 btintel_pcie_disable_interrupts(data); 2286 btintel_pcie_synchronize_irqs(data); 2287 2288 flush_work(&data->rx_work); 2289 2290 bt_dev_dbg(data->hdev, "Release bluetooth interface"); 2291 btintel_pcie_release_hdev(data); 2292 2293 err = pci_reset_function(pdev); 2294 if (err) { 2295 BT_ERR("Failed resetting the pcie device (%d)", err); 2296 goto error; 2297 } 2298 2299 btintel_pcie_enable_interrupts(data); 2300 btintel_pcie_config_msix(data); 2301 2302 err = btintel_pcie_enable_bt(data); 2303 if (err) { 2304 BT_ERR("Failed to enable bluetooth hardware after reset (%d)", 2305 err); 2306 goto error; 2307 } 2308 2309 btintel_pcie_reset_ia(data); 2310 btintel_pcie_start_rx(data); 2311 data->flags = 0; 2312 2313 err = btintel_pcie_setup_hdev(data); 2314 if (err) { 2315 BT_ERR("Failed registering hdev (%d)", err); 2316 goto error; 2317 } 2318 error: 2319 pci_dev_put(pdev); 2320 pci_unlock_rescan_remove(); 2321 kfree(removal); 2322 } 2323 2324 static void btintel_pcie_reset(struct hci_dev *hdev) 2325 { 2326 struct btintel_pcie_removal *removal; 2327 struct btintel_pcie_data *data; 2328 2329 data = hci_get_drvdata(hdev); 2330 2331 if (!test_bit(BTINTEL_PCIE_SETUP_DONE, &data->flags)) 2332 return; 2333 2334 if (test_and_set_bit(BTINTEL_PCIE_RECOVERY_IN_PROGRESS, &data->flags)) 2335 return; 2336 2337 removal = kzalloc_obj(*removal, GFP_ATOMIC); 2338 if (!removal) 2339 return; 2340 2341 removal->pdev = data->pdev; 2342 INIT_WORK(&removal->work, btintel_pcie_removal_work); 2343 pci_dev_get(removal->pdev); 2344 schedule_work(&removal->work); 2345 } 2346 2347 static void btintel_pcie_hw_error(struct hci_dev *hdev, u8 code) 2348 { 2349 struct btintel_pcie_dev_recovery *data; 2350 struct btintel_pcie_data *dev_data = hci_get_drvdata(hdev); 2351 struct pci_dev *pdev = dev_data->pdev; 2352 time64_t retry_window; 2353 2354 if (code == 0x13) { 2355 bt_dev_err(hdev, "Encountered top exception"); 2356 return; 2357 } 2358 2359 data = btintel_pcie_get_recovery(pdev, &hdev->dev); 2360 if (!data) 2361 return; 2362 2363 retry_window = ktime_get_boottime_seconds() - data->last_error; 2364 2365 if (retry_window < BTINTEL_PCIE_RESET_WINDOW_SECS && 2366 data->count >= BTINTEL_PCIE_FLR_MAX_RETRY) { 2367 bt_dev_err(hdev, "Exhausted maximum: %d recovery attempts: %d", 2368 BTINTEL_PCIE_FLR_MAX_RETRY, data->count); 2369 bt_dev_dbg(hdev, "Boot time: %lld seconds", 2370 ktime_get_boottime_seconds()); 2371 bt_dev_dbg(hdev, "last error at: %lld seconds", 2372 data->last_error); 2373 return; 2374 } 2375 btintel_pcie_inc_recovery_count(pdev, &hdev->dev); 2376 btintel_pcie_reset(hdev); 2377 } 2378 2379 static bool btintel_pcie_wakeup(struct hci_dev *hdev) 2380 { 2381 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 2382 2383 return device_may_wakeup(&data->pdev->dev); 2384 } 2385 2386 static const struct { 2387 u16 opcode; 2388 const char *desc; 2389 } btintel_pcie_hci_drv_supported_commands[] = { 2390 /* Common commands */ 2391 { HCI_DRV_OP_READ_INFO, "Read Info" }, 2392 }; 2393 2394 static int btintel_pcie_hci_drv_read_info(struct hci_dev *hdev, void *data, 2395 u16 data_len) 2396 { 2397 struct hci_drv_rp_read_info *rp; 2398 size_t rp_size; 2399 int err, i; 2400 u16 opcode, num_supported_commands = 2401 ARRAY_SIZE(btintel_pcie_hci_drv_supported_commands); 2402 2403 rp_size = struct_size(rp, supported_commands, num_supported_commands); 2404 2405 rp = kmalloc(rp_size, GFP_KERNEL); 2406 if (!rp) 2407 return -ENOMEM; 2408 2409 strscpy_pad(rp->driver_name, KBUILD_MODNAME); 2410 2411 rp->num_supported_commands = cpu_to_le16(num_supported_commands); 2412 for (i = 0; i < num_supported_commands; i++) { 2413 opcode = btintel_pcie_hci_drv_supported_commands[i].opcode; 2414 bt_dev_dbg(hdev, 2415 "Supported HCI Drv command (0x%02x|0x%04x): %s", 2416 hci_opcode_ogf(opcode), 2417 hci_opcode_ocf(opcode), 2418 btintel_pcie_hci_drv_supported_commands[i].desc); 2419 rp->supported_commands[i] = cpu_to_le16(opcode); 2420 } 2421 2422 err = hci_drv_cmd_complete(hdev, HCI_DRV_OP_READ_INFO, 2423 HCI_DRV_STATUS_SUCCESS, 2424 rp, rp_size); 2425 2426 kfree(rp); 2427 return err; 2428 } 2429 2430 static const struct hci_drv_handler btintel_pcie_hci_drv_common_handlers[] = { 2431 { btintel_pcie_hci_drv_read_info, HCI_DRV_READ_INFO_SIZE }, 2432 }; 2433 2434 static const struct hci_drv_handler btintel_pcie_hci_drv_specific_handlers[] = {}; 2435 2436 static struct hci_drv btintel_pcie_hci_drv = { 2437 .common_handler_count = ARRAY_SIZE(btintel_pcie_hci_drv_common_handlers), 2438 .common_handlers = btintel_pcie_hci_drv_common_handlers, 2439 .specific_handler_count = ARRAY_SIZE(btintel_pcie_hci_drv_specific_handlers), 2440 .specific_handlers = btintel_pcie_hci_drv_specific_handlers, 2441 }; 2442 2443 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data) 2444 { 2445 int err; 2446 struct hci_dev *hdev; 2447 2448 hdev = hci_alloc_dev_priv(sizeof(struct btintel_data)); 2449 if (!hdev) 2450 return -ENOMEM; 2451 2452 hdev->bus = HCI_PCI; 2453 hci_set_drvdata(hdev, data); 2454 2455 data->hdev = hdev; 2456 SET_HCIDEV_DEV(hdev, &data->pdev->dev); 2457 2458 hdev->manufacturer = 2; 2459 hdev->open = btintel_pcie_open; 2460 hdev->close = btintel_pcie_close; 2461 hdev->send = btintel_pcie_send_frame; 2462 hdev->setup = btintel_pcie_setup; 2463 hdev->shutdown = btintel_shutdown_combined; 2464 hdev->hw_error = btintel_pcie_hw_error; 2465 hdev->set_diag = btintel_set_diag; 2466 hdev->set_bdaddr = btintel_set_bdaddr; 2467 hdev->reset = btintel_pcie_reset; 2468 hdev->wakeup = btintel_pcie_wakeup; 2469 hdev->hci_drv = &btintel_pcie_hci_drv; 2470 2471 err = hci_register_dev(hdev); 2472 if (err < 0) { 2473 BT_ERR("Failed to register to hdev (%d)", err); 2474 goto exit_error; 2475 } 2476 2477 data->dmp_hdr.driver_name = KBUILD_MODNAME; 2478 return 0; 2479 2480 exit_error: 2481 hci_free_dev(hdev); 2482 return err; 2483 } 2484 2485 static int btintel_pcie_probe(struct pci_dev *pdev, 2486 const struct pci_device_id *ent) 2487 { 2488 int err; 2489 struct btintel_pcie_data *data; 2490 2491 if (!pdev) 2492 return -ENODEV; 2493 2494 data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL); 2495 if (!data) 2496 return -ENOMEM; 2497 2498 data->pdev = pdev; 2499 2500 spin_lock_init(&data->irq_lock); 2501 spin_lock_init(&data->hci_rx_lock); 2502 2503 init_waitqueue_head(&data->gp0_wait_q); 2504 data->gp0_received = false; 2505 2506 init_waitqueue_head(&data->tx_wait_q); 2507 data->tx_wait_done = false; 2508 2509 data->workqueue = alloc_ordered_workqueue(KBUILD_MODNAME, WQ_HIGHPRI); 2510 if (!data->workqueue) 2511 return -ENOMEM; 2512 2513 skb_queue_head_init(&data->rx_skb_q); 2514 INIT_WORK(&data->rx_work, btintel_pcie_rx_work); 2515 2516 data->boot_stage_cache = 0x00; 2517 data->img_resp_cache = 0x00; 2518 2519 err = btintel_pcie_config_pcie(pdev, data); 2520 if (err) 2521 goto exit_error; 2522 2523 pci_set_drvdata(pdev, data); 2524 2525 err = btintel_pcie_alloc(data); 2526 if (err) 2527 goto exit_error; 2528 2529 err = btintel_pcie_enable_bt(data); 2530 if (err) 2531 goto exit_error; 2532 2533 /* CNV information (CNVi and CNVr) is in CSR */ 2534 data->cnvi = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_HW_REV_REG); 2535 2536 data->cnvr = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_RF_ID_REG); 2537 2538 err = btintel_pcie_start_rx(data); 2539 if (err) 2540 goto exit_error; 2541 2542 err = btintel_pcie_setup_hdev(data); 2543 if (err) 2544 goto exit_error; 2545 2546 bt_dev_dbg(data->hdev, "cnvi: 0x%8.8x cnvr: 0x%8.8x", data->cnvi, 2547 data->cnvr); 2548 return 0; 2549 2550 exit_error: 2551 /* reset device before exit */ 2552 btintel_pcie_reset_bt(data); 2553 2554 pci_clear_master(pdev); 2555 2556 pci_set_drvdata(pdev, NULL); 2557 2558 return err; 2559 } 2560 2561 static void btintel_pcie_remove(struct pci_dev *pdev) 2562 { 2563 struct btintel_pcie_data *data; 2564 2565 data = pci_get_drvdata(pdev); 2566 2567 btintel_pcie_disable_interrupts(data); 2568 2569 btintel_pcie_synchronize_irqs(data); 2570 2571 flush_work(&data->rx_work); 2572 2573 btintel_pcie_reset_bt(data); 2574 for (int i = 0; i < data->alloc_vecs; i++) { 2575 struct msix_entry *msix_entry; 2576 2577 msix_entry = &data->msix_entries[i]; 2578 free_irq(msix_entry->vector, msix_entry); 2579 } 2580 2581 pci_free_irq_vectors(pdev); 2582 2583 btintel_pcie_release_hdev(data); 2584 2585 destroy_workqueue(data->workqueue); 2586 2587 btintel_pcie_free(data); 2588 2589 pci_clear_master(pdev); 2590 2591 pci_set_drvdata(pdev, NULL); 2592 } 2593 2594 #ifdef CONFIG_DEV_COREDUMP 2595 static void btintel_pcie_coredump(struct device *dev) 2596 { 2597 struct pci_dev *pdev = to_pci_dev(dev); 2598 struct btintel_pcie_data *data = pci_get_drvdata(pdev); 2599 2600 if (test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) 2601 return; 2602 2603 data->dmp_hdr.trigger_reason = BTINTEL_PCIE_TRIGGER_REASON_USER_TRIGGER; 2604 queue_work(data->workqueue, &data->rx_work); 2605 } 2606 #endif 2607 2608 static int btintel_pcie_set_dxstate(struct btintel_pcie_data *data, u32 dxstate) 2609 { 2610 int retry = 0, status; 2611 u32 dx_intr_timeout_ms = 200; 2612 2613 do { 2614 data->gp0_received = false; 2615 2616 btintel_pcie_wr_sleep_cntrl(data, dxstate); 2617 2618 status = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 2619 msecs_to_jiffies(dx_intr_timeout_ms)); 2620 2621 if (status) 2622 return 0; 2623 2624 bt_dev_warn(data->hdev, 2625 "Timeout (%u ms) on alive interrupt for D%d entry, retry count %d", 2626 dx_intr_timeout_ms, dxstate, retry); 2627 2628 /* clear gp0 cause */ 2629 btintel_pcie_clr_reg_bits(data, 2630 BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, 2631 BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0); 2632 2633 /* A hardware bug may cause the alive interrupt to be missed. 2634 * Check if the controller reached the expected state and retry 2635 * the operation only if it hasn't. 2636 */ 2637 if (dxstate == BTINTEL_PCIE_STATE_D0) { 2638 if (btintel_pcie_in_d0(data)) 2639 return 0; 2640 } else { 2641 if (btintel_pcie_in_d3(data)) 2642 return 0; 2643 } 2644 2645 } while (++retry < BTINTEL_PCIE_DX_TRANSITION_MAX_RETRIES); 2646 2647 return -EBUSY; 2648 } 2649 2650 static int btintel_pcie_suspend_late(struct device *dev, pm_message_t mesg) 2651 { 2652 struct pci_dev *pdev = to_pci_dev(dev); 2653 struct btintel_pcie_data *data; 2654 ktime_t start; 2655 u32 dxstate; 2656 int err; 2657 2658 data = pci_get_drvdata(pdev); 2659 2660 dxstate = (mesg.event == PM_EVENT_SUSPEND ? 2661 BTINTEL_PCIE_STATE_D3_HOT : BTINTEL_PCIE_STATE_D3_COLD); 2662 2663 data->pm_sx_event = mesg.event; 2664 2665 start = ktime_get(); 2666 2667 /* Refer: 6.4.11.7 -> Platform power management */ 2668 err = btintel_pcie_set_dxstate(data, dxstate); 2669 2670 if (err) 2671 return err; 2672 2673 bt_dev_dbg(data->hdev, 2674 "device entered into d3 state from d0 in %lld us", 2675 ktime_to_us(ktime_get() - start)); 2676 return err; 2677 } 2678 2679 static int btintel_pcie_suspend(struct device *dev) 2680 { 2681 return btintel_pcie_suspend_late(dev, PMSG_SUSPEND); 2682 } 2683 2684 static int btintel_pcie_hibernate(struct device *dev) 2685 { 2686 return btintel_pcie_suspend_late(dev, PMSG_HIBERNATE); 2687 } 2688 2689 static int btintel_pcie_freeze(struct device *dev) 2690 { 2691 return btintel_pcie_suspend_late(dev, PMSG_FREEZE); 2692 } 2693 2694 static int btintel_pcie_resume(struct device *dev) 2695 { 2696 struct pci_dev *pdev = to_pci_dev(dev); 2697 struct btintel_pcie_data *data; 2698 ktime_t start; 2699 int err; 2700 2701 data = pci_get_drvdata(pdev); 2702 data->gp0_received = false; 2703 2704 start = ktime_get(); 2705 2706 /* When the system enters S4 (hibernate) mode, bluetooth device loses 2707 * power, which results in the erasure of its loaded firmware. 2708 * Consequently, function level reset (flr) is required on system 2709 * resume to bring the controller back into an operational state by 2710 * initiating a new firmware download. 2711 */ 2712 2713 if (data->pm_sx_event == PM_EVENT_FREEZE || 2714 data->pm_sx_event == PM_EVENT_HIBERNATE) { 2715 set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags); 2716 btintel_pcie_reset(data->hdev); 2717 return 0; 2718 } 2719 2720 /* Refer: 6.4.11.7 -> Platform power management */ 2721 err = btintel_pcie_set_dxstate(data, BTINTEL_PCIE_STATE_D0); 2722 2723 if (err == 0) { 2724 bt_dev_dbg(data->hdev, 2725 "device entered into d0 state from d3 in %lld us", 2726 ktime_to_us(ktime_get() - start)); 2727 return err; 2728 } 2729 2730 /* Trigger function level reset if the controller is in error 2731 * state during resume() to bring back the controller to 2732 * operational mode 2733 */ 2734 2735 data->boot_stage_cache = btintel_pcie_rd_reg32(data, 2736 BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 2737 if (btintel_pcie_in_error(data) || 2738 btintel_pcie_in_device_halt(data)) { 2739 bt_dev_err(data->hdev, "Controller in error state for D0 entry"); 2740 if (!test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, 2741 &data->flags)) { 2742 data->dmp_hdr.trigger_reason = 2743 BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT; 2744 queue_work(data->workqueue, &data->rx_work); 2745 } 2746 set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags); 2747 btintel_pcie_reset(data->hdev); 2748 } 2749 return err; 2750 } 2751 2752 static const struct dev_pm_ops btintel_pcie_pm_ops = { 2753 .suspend = btintel_pcie_suspend, 2754 .resume = btintel_pcie_resume, 2755 .freeze = btintel_pcie_freeze, 2756 .thaw = btintel_pcie_resume, 2757 .poweroff = btintel_pcie_hibernate, 2758 .restore = btintel_pcie_resume, 2759 }; 2760 2761 static struct pci_driver btintel_pcie_driver = { 2762 .name = KBUILD_MODNAME, 2763 .id_table = btintel_pcie_table, 2764 .probe = btintel_pcie_probe, 2765 .remove = btintel_pcie_remove, 2766 .driver.pm = pm_sleep_ptr(&btintel_pcie_pm_ops), 2767 #ifdef CONFIG_DEV_COREDUMP 2768 .driver.coredump = btintel_pcie_coredump 2769 #endif 2770 }; 2771 2772 static int __init btintel_pcie_init(void) 2773 { 2774 return pci_register_driver(&btintel_pcie_driver); 2775 } 2776 2777 static void __exit btintel_pcie_exit(void) 2778 { 2779 pci_unregister_driver(&btintel_pcie_driver); 2780 btintel_pcie_free_restart_list(); 2781 } 2782 2783 module_init(btintel_pcie_init); 2784 module_exit(btintel_pcie_exit); 2785 2786 MODULE_AUTHOR("Tedd Ho-Jeong An <tedd.an@intel.com>"); 2787 MODULE_DESCRIPTION("Intel Bluetooth PCIe transport driver ver " VERSION); 2788 MODULE_VERSION(VERSION); 2789 MODULE_LICENSE("GPL"); 2790