1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Bluetooth support for Intel PCIe devices
5 *
6 * Copyright (C) 2024 Intel Corporation
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/module.h>
11 #include <linux/firmware.h>
12 #include <linux/pci.h>
13 #include <linux/wait.h>
14 #include <linux/delay.h>
15 #include <linux/interrupt.h>
16
17 #include <linux/unaligned.h>
18
19 #include <net/bluetooth/bluetooth.h>
20 #include <net/bluetooth/hci_core.h>
21
22 #include "btintel.h"
23 #include "btintel_pcie.h"
24
25 #define VERSION "0.1"
26
27 #define BTINTEL_PCI_DEVICE(dev, subdev) \
28 .vendor = PCI_VENDOR_ID_INTEL, \
29 .device = (dev), \
30 .subvendor = PCI_ANY_ID, \
31 .subdevice = (subdev), \
32 .driver_data = 0
33
34 #define POLL_INTERVAL_US 10
35
36 /* Intel Bluetooth PCIe device id table */
37 static const struct pci_device_id btintel_pcie_table[] = {
38 { BTINTEL_PCI_DEVICE(0xA876, PCI_ANY_ID) },
39 { 0 }
40 };
41 MODULE_DEVICE_TABLE(pci, btintel_pcie_table);
42
43 /* Intel PCIe uses 4 bytes of HCI type instead of 1 byte BT SIG HCI type */
44 #define BTINTEL_PCIE_HCI_TYPE_LEN 4
45 #define BTINTEL_PCIE_HCI_CMD_PKT 0x00000001
46 #define BTINTEL_PCIE_HCI_ACL_PKT 0x00000002
47 #define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003
48 #define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004
49 #define BTINTEL_PCIE_HCI_ISO_PKT 0x00000005
50
51 /* Alive interrupt context */
52 enum {
53 BTINTEL_PCIE_ROM,
54 BTINTEL_PCIE_FW_DL,
55 BTINTEL_PCIE_HCI_RESET,
56 BTINTEL_PCIE_INTEL_HCI_RESET1,
57 BTINTEL_PCIE_INTEL_HCI_RESET2,
58 BTINTEL_PCIE_D0,
59 BTINTEL_PCIE_D3
60 };
61
ipc_print_ia_ring(struct hci_dev * hdev,struct ia * ia,u16 queue_num)62 static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia,
63 u16 queue_num)
64 {
65 bt_dev_dbg(hdev, "IA: %s: tr-h:%02u tr-t:%02u cr-h:%02u cr-t:%02u",
66 queue_num == BTINTEL_PCIE_TXQ_NUM ? "TXQ" : "RXQ",
67 ia->tr_hia[queue_num], ia->tr_tia[queue_num],
68 ia->cr_hia[queue_num], ia->cr_tia[queue_num]);
69 }
70
ipc_print_urbd1(struct hci_dev * hdev,struct urbd1 * urbd1,u16 index)71 static inline void ipc_print_urbd1(struct hci_dev *hdev, struct urbd1 *urbd1,
72 u16 index)
73 {
74 bt_dev_dbg(hdev, "RXQ:urbd1(%u) frbd_tag:%u status: 0x%x fixed:0x%x",
75 index, urbd1->frbd_tag, urbd1->status, urbd1->fixed);
76 }
77
btintel_pcie_get_data(struct msix_entry * entry)78 static struct btintel_pcie_data *btintel_pcie_get_data(struct msix_entry *entry)
79 {
80 u8 queue = entry->entry;
81 struct msix_entry *entries = entry - queue;
82
83 return container_of(entries, struct btintel_pcie_data, msix_entries[0]);
84 }
85
86 /* Set the doorbell for TXQ to notify the device that @index (actually index-1)
87 * of the TFD is updated and ready to transmit.
88 */
btintel_pcie_set_tx_db(struct btintel_pcie_data * data,u16 index)89 static void btintel_pcie_set_tx_db(struct btintel_pcie_data *data, u16 index)
90 {
91 u32 val;
92
93 val = index;
94 val |= (BTINTEL_PCIE_TX_DB_VEC << 16);
95
96 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
97 }
98
99 /* Copy the data to next(@tfd_index) data buffer and update the TFD(transfer
100 * descriptor) with the data length and the DMA address of the data buffer.
101 */
btintel_pcie_prepare_tx(struct txq * txq,u16 tfd_index,struct sk_buff * skb)102 static void btintel_pcie_prepare_tx(struct txq *txq, u16 tfd_index,
103 struct sk_buff *skb)
104 {
105 struct data_buf *buf;
106 struct tfd *tfd;
107
108 tfd = &txq->tfds[tfd_index];
109 memset(tfd, 0, sizeof(*tfd));
110
111 buf = &txq->bufs[tfd_index];
112
113 tfd->size = skb->len;
114 tfd->addr = buf->data_p_addr;
115
116 /* Copy the outgoing data to DMA buffer */
117 memcpy(buf->data, skb->data, tfd->size);
118 }
119
btintel_pcie_send_sync(struct btintel_pcie_data * data,struct sk_buff * skb)120 static int btintel_pcie_send_sync(struct btintel_pcie_data *data,
121 struct sk_buff *skb)
122 {
123 int ret;
124 u16 tfd_index;
125 struct txq *txq = &data->txq;
126
127 tfd_index = data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM];
128
129 if (tfd_index > txq->count)
130 return -ERANGE;
131
132 /* Prepare for TX. It updates the TFD with the length of data and
133 * address of the DMA buffer, and copy the data to the DMA buffer
134 */
135 btintel_pcie_prepare_tx(txq, tfd_index, skb);
136
137 tfd_index = (tfd_index + 1) % txq->count;
138 data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM] = tfd_index;
139
140 /* Arm wait event condition */
141 data->tx_wait_done = false;
142
143 /* Set the doorbell to notify the device */
144 btintel_pcie_set_tx_db(data, tfd_index);
145
146 /* Wait for the complete interrupt - URBD0 */
147 ret = wait_event_timeout(data->tx_wait_q, data->tx_wait_done,
148 msecs_to_jiffies(BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS));
149 if (!ret)
150 return -ETIME;
151
152 return 0;
153 }
154
155 /* Set the doorbell for RXQ to notify the device that @index (actually index-1)
156 * is available to receive the data
157 */
btintel_pcie_set_rx_db(struct btintel_pcie_data * data,u16 index)158 static void btintel_pcie_set_rx_db(struct btintel_pcie_data *data, u16 index)
159 {
160 u32 val;
161
162 val = index;
163 val |= (BTINTEL_PCIE_RX_DB_VEC << 16);
164
165 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
166 }
167
168 /* Update the FRBD (free buffer descriptor) with the @frbd_index and the
169 * DMA address of the free buffer.
170 */
btintel_pcie_prepare_rx(struct rxq * rxq,u16 frbd_index)171 static void btintel_pcie_prepare_rx(struct rxq *rxq, u16 frbd_index)
172 {
173 struct data_buf *buf;
174 struct frbd *frbd;
175
176 /* Get the buffer of the FRBD for DMA */
177 buf = &rxq->bufs[frbd_index];
178
179 frbd = &rxq->frbds[frbd_index];
180 memset(frbd, 0, sizeof(*frbd));
181
182 /* Update FRBD */
183 frbd->tag = frbd_index;
184 frbd->addr = buf->data_p_addr;
185 }
186
btintel_pcie_submit_rx(struct btintel_pcie_data * data)187 static int btintel_pcie_submit_rx(struct btintel_pcie_data *data)
188 {
189 u16 frbd_index;
190 struct rxq *rxq = &data->rxq;
191
192 frbd_index = data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM];
193
194 if (frbd_index > rxq->count)
195 return -ERANGE;
196
197 /* Prepare for RX submit. It updates the FRBD with the address of DMA
198 * buffer
199 */
200 btintel_pcie_prepare_rx(rxq, frbd_index);
201
202 frbd_index = (frbd_index + 1) % rxq->count;
203 data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM] = frbd_index;
204 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
205
206 /* Set the doorbell to notify the device */
207 btintel_pcie_set_rx_db(data, frbd_index);
208
209 return 0;
210 }
211
btintel_pcie_start_rx(struct btintel_pcie_data * data)212 static int btintel_pcie_start_rx(struct btintel_pcie_data *data)
213 {
214 int i, ret;
215
216 for (i = 0; i < BTINTEL_PCIE_RX_MAX_QUEUE; i++) {
217 ret = btintel_pcie_submit_rx(data);
218 if (ret)
219 return ret;
220 }
221
222 return 0;
223 }
224
btintel_pcie_reset_ia(struct btintel_pcie_data * data)225 static void btintel_pcie_reset_ia(struct btintel_pcie_data *data)
226 {
227 memset(data->ia.tr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
228 memset(data->ia.tr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
229 memset(data->ia.cr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
230 memset(data->ia.cr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
231 }
232
btintel_pcie_reset_bt(struct btintel_pcie_data * data)233 static int btintel_pcie_reset_bt(struct btintel_pcie_data *data)
234 {
235 u32 reg;
236 int retry = 3;
237
238 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
239
240 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
241 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT |
242 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
243 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON;
244
245 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
246
247 do {
248 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
249 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_STS)
250 break;
251 usleep_range(10000, 12000);
252
253 } while (--retry > 0);
254 usleep_range(10000, 12000);
255
256 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
257
258 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
259 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT |
260 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
261 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET;
262 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
263 usleep_range(10000, 12000);
264
265 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
266 bt_dev_dbg(data->hdev, "csr register after reset: 0x%8.8x", reg);
267
268 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG);
269
270 /* If shared hardware reset is success then boot stage register shall be
271 * set to 0
272 */
273 return reg == 0 ? 0 : -ENODEV;
274 }
275
276 /* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in
277 * BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with
278 * BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0.
279 * Then the host reads firmware version from BTINTEL_CSR_F2D_MBX and the boot stage
280 * from BTINTEL_PCIE_CSR_BOOT_STAGE_REG.
281 */
btintel_pcie_enable_bt(struct btintel_pcie_data * data)282 static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
283 {
284 int err;
285 u32 reg;
286
287 data->gp0_received = false;
288
289 /* Update the DMA address of CI struct to CSR */
290 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG,
291 data->ci_p_addr & 0xffffffff);
292 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG,
293 (u64)data->ci_p_addr >> 32);
294
295 /* Reset the cached value of boot stage. it is updated by the MSI-X
296 * gp0 interrupt handler.
297 */
298 data->boot_stage_cache = 0x0;
299
300 /* Set MAC_INIT bit to start primary bootloader */
301 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
302 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT |
303 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON |
304 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET);
305 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
306 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT);
307
308 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg);
309
310 /* MAC is ready. Enable BT FUNC */
311 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
312 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
313
314 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
315
316 /* wait for interrupt from the device after booting up to primary
317 * bootloader.
318 */
319 data->alive_intr_ctxt = BTINTEL_PCIE_ROM;
320 err = wait_event_timeout(data->gp0_wait_q, data->gp0_received,
321 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
322 if (!err)
323 return -ETIME;
324
325 /* Check cached boot stage is BTINTEL_PCIE_CSR_BOOT_STAGE_ROM(BIT(0)) */
326 if (~data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM)
327 return -ENODEV;
328
329 return 0;
330 }
331
332 /* BIT(0) - ROM, BIT(1) - IML and BIT(3) - OP
333 * Sometimes during firmware image switching from ROM to IML or IML to OP image,
334 * the previous image bit is not cleared by firmware when alive interrupt is
335 * received. Driver needs to take care of these sticky bits when deciding the
336 * current image running on controller.
337 * Ex: 0x10 and 0x11 - both represents that controller is running IML
338 */
btintel_pcie_in_rom(struct btintel_pcie_data * data)339 static inline bool btintel_pcie_in_rom(struct btintel_pcie_data *data)
340 {
341 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM &&
342 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML) &&
343 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
344 }
345
btintel_pcie_in_op(struct btintel_pcie_data * data)346 static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data)
347 {
348 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW;
349 }
350
btintel_pcie_in_iml(struct btintel_pcie_data * data)351 static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data)
352 {
353 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML &&
354 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
355 }
356
btintel_pcie_in_d3(struct btintel_pcie_data * data)357 static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data)
358 {
359 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY;
360 }
361
btintel_pcie_in_d0(struct btintel_pcie_data * data)362 static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data)
363 {
364 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY);
365 }
366
btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data * data,u32 dxstate)367 static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data,
368 u32 dxstate)
369 {
370 bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate);
371 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate);
372 }
373
btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)374 static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)
375 {
376 switch (alive_intr_ctxt) {
377 case BTINTEL_PCIE_ROM:
378 return "rom";
379 case BTINTEL_PCIE_FW_DL:
380 return "fw_dl";
381 case BTINTEL_PCIE_D0:
382 return "d0";
383 case BTINTEL_PCIE_D3:
384 return "d3";
385 case BTINTEL_PCIE_HCI_RESET:
386 return "hci_reset";
387 case BTINTEL_PCIE_INTEL_HCI_RESET1:
388 return "intel_reset1";
389 case BTINTEL_PCIE_INTEL_HCI_RESET2:
390 return "intel_reset2";
391 default:
392 return "unknown";
393 }
394 }
395
396 /* This function handles the MSI-X interrupt for gp0 cause (bit 0 in
397 * BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response.
398 */
btintel_pcie_msix_gp0_handler(struct btintel_pcie_data * data)399 static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data)
400 {
401 bool submit_rx, signal_waitq;
402 u32 reg, old_ctxt;
403
404 /* This interrupt is for three different causes and it is not easy to
405 * know what causes the interrupt. So, it compares each register value
406 * with cached value and update it before it wake up the queue.
407 */
408 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG);
409 if (reg != data->boot_stage_cache)
410 data->boot_stage_cache = reg;
411
412 bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x",
413 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt),
414 data->boot_stage_cache, reg);
415 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG);
416 if (reg != data->img_resp_cache)
417 data->img_resp_cache = reg;
418
419 data->gp0_received = true;
420
421 old_ctxt = data->alive_intr_ctxt;
422 submit_rx = false;
423 signal_waitq = false;
424
425 switch (data->alive_intr_ctxt) {
426 case BTINTEL_PCIE_ROM:
427 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
428 signal_waitq = true;
429 break;
430 case BTINTEL_PCIE_FW_DL:
431 /* Error case is already handled. Ideally control shall not
432 * reach here
433 */
434 break;
435 case BTINTEL_PCIE_INTEL_HCI_RESET1:
436 if (btintel_pcie_in_op(data)) {
437 submit_rx = true;
438 break;
439 }
440
441 if (btintel_pcie_in_iml(data)) {
442 submit_rx = true;
443 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
444 break;
445 }
446 break;
447 case BTINTEL_PCIE_INTEL_HCI_RESET2:
448 if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) {
449 btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0);
450 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
451 }
452 break;
453 case BTINTEL_PCIE_D0:
454 if (btintel_pcie_in_d3(data)) {
455 data->alive_intr_ctxt = BTINTEL_PCIE_D3;
456 signal_waitq = true;
457 break;
458 }
459 break;
460 case BTINTEL_PCIE_D3:
461 if (btintel_pcie_in_d0(data)) {
462 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
463 submit_rx = true;
464 signal_waitq = true;
465 break;
466 }
467 break;
468 case BTINTEL_PCIE_HCI_RESET:
469 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
470 submit_rx = true;
471 signal_waitq = true;
472 break;
473 default:
474 bt_dev_err(data->hdev, "Unknown state: 0x%2.2x",
475 data->alive_intr_ctxt);
476 break;
477 }
478
479 if (submit_rx) {
480 btintel_pcie_reset_ia(data);
481 btintel_pcie_start_rx(data);
482 }
483
484 if (signal_waitq) {
485 bt_dev_dbg(data->hdev, "wake up gp0 wait_q");
486 wake_up(&data->gp0_wait_q);
487 }
488
489 if (old_ctxt != data->alive_intr_ctxt)
490 bt_dev_dbg(data->hdev, "alive context changed: %s -> %s",
491 btintel_pcie_alivectxt_state2str(old_ctxt),
492 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
493 }
494
495 /* This function handles the MSX-X interrupt for rx queue 0 which is for TX
496 */
btintel_pcie_msix_tx_handle(struct btintel_pcie_data * data)497 static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data)
498 {
499 u16 cr_tia, cr_hia;
500 struct txq *txq;
501 struct urbd0 *urbd0;
502
503 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM];
504 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM];
505
506 if (cr_tia == cr_hia)
507 return;
508
509 txq = &data->txq;
510
511 while (cr_tia != cr_hia) {
512 data->tx_wait_done = true;
513 wake_up(&data->tx_wait_q);
514
515 urbd0 = &txq->urbd0s[cr_tia];
516
517 if (urbd0->tfd_index > txq->count)
518 return;
519
520 cr_tia = (cr_tia + 1) % txq->count;
521 data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] = cr_tia;
522 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_TXQ_NUM);
523 }
524 }
525
btintel_pcie_recv_event(struct hci_dev * hdev,struct sk_buff * skb)526 static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
527 {
528 struct hci_event_hdr *hdr = (void *)skb->data;
529 const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
530 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
531
532 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
533 hdr->plen > 0) {
534 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
535 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
536
537 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
538 switch (skb->data[2]) {
539 case 0x02:
540 /* When switching to the operational firmware
541 * the device sends a vendor specific event
542 * indicating that the bootup completed.
543 */
544 btintel_bootup(hdev, ptr, len);
545
546 /* If bootup event is from operational image,
547 * driver needs to write sleep control register to
548 * move into D0 state
549 */
550 if (btintel_pcie_in_op(data)) {
551 btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0);
552 data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2;
553 kfree_skb(skb);
554 return 0;
555 }
556
557 if (btintel_pcie_in_iml(data)) {
558 /* In case of IML, there is no concept
559 * of D0 transition. Just mimic as if
560 * IML moved to D0 by clearing INTEL_WAIT_FOR_D0
561 * bit and waking up the task waiting on
562 * INTEL_WAIT_FOR_D0. This is required
563 * as intel_boot() is common function for
564 * both IML and OP image loading.
565 */
566 if (btintel_test_and_clear_flag(data->hdev,
567 INTEL_WAIT_FOR_D0))
568 btintel_wake_up_flag(data->hdev,
569 INTEL_WAIT_FOR_D0);
570 }
571 kfree_skb(skb);
572 return 0;
573 case 0x06:
574 /* When the firmware loading completes the
575 * device sends out a vendor specific event
576 * indicating the result of the firmware
577 * loading.
578 */
579 btintel_secure_send_result(hdev, ptr, len);
580 kfree_skb(skb);
581 return 0;
582 }
583 }
584
585 /* Handle all diagnostics events separately. May still call
586 * hci_recv_frame.
587 */
588 if (len >= sizeof(diagnostics_hdr) &&
589 memcmp(&skb->data[2], diagnostics_hdr,
590 sizeof(diagnostics_hdr)) == 0) {
591 return btintel_diagnostics(hdev, skb);
592 }
593
594 /* This is a debug event that comes from IML and OP image when it
595 * starts execution. There is no need pass this event to stack.
596 */
597 if (skb->data[2] == 0x97)
598 return 0;
599 }
600
601 return hci_recv_frame(hdev, skb);
602 }
603 /* Process the received rx data
604 * It check the frame header to identify the data type and create skb
605 * and calling HCI API
606 */
btintel_pcie_recv_frame(struct btintel_pcie_data * data,struct sk_buff * skb)607 static int btintel_pcie_recv_frame(struct btintel_pcie_data *data,
608 struct sk_buff *skb)
609 {
610 int ret;
611 u8 pkt_type;
612 u16 plen;
613 u32 pcie_pkt_type;
614 struct sk_buff *new_skb;
615 void *pdata;
616 struct hci_dev *hdev = data->hdev;
617
618 spin_lock(&data->hci_rx_lock);
619
620 /* The first 4 bytes indicates the Intel PCIe specific packet type */
621 pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN);
622 if (!pdata) {
623 bt_dev_err(hdev, "Corrupted packet received");
624 ret = -EILSEQ;
625 goto exit_error;
626 }
627
628 pcie_pkt_type = get_unaligned_le32(pdata);
629
630 switch (pcie_pkt_type) {
631 case BTINTEL_PCIE_HCI_ACL_PKT:
632 if (skb->len >= HCI_ACL_HDR_SIZE) {
633 plen = HCI_ACL_HDR_SIZE + __le16_to_cpu(hci_acl_hdr(skb)->dlen);
634 pkt_type = HCI_ACLDATA_PKT;
635 } else {
636 bt_dev_err(hdev, "ACL packet is too short");
637 ret = -EILSEQ;
638 goto exit_error;
639 }
640 break;
641
642 case BTINTEL_PCIE_HCI_SCO_PKT:
643 if (skb->len >= HCI_SCO_HDR_SIZE) {
644 plen = HCI_SCO_HDR_SIZE + hci_sco_hdr(skb)->dlen;
645 pkt_type = HCI_SCODATA_PKT;
646 } else {
647 bt_dev_err(hdev, "SCO packet is too short");
648 ret = -EILSEQ;
649 goto exit_error;
650 }
651 break;
652
653 case BTINTEL_PCIE_HCI_EVT_PKT:
654 if (skb->len >= HCI_EVENT_HDR_SIZE) {
655 plen = HCI_EVENT_HDR_SIZE + hci_event_hdr(skb)->plen;
656 pkt_type = HCI_EVENT_PKT;
657 } else {
658 bt_dev_err(hdev, "Event packet is too short");
659 ret = -EILSEQ;
660 goto exit_error;
661 }
662 break;
663
664 case BTINTEL_PCIE_HCI_ISO_PKT:
665 if (skb->len >= HCI_ISO_HDR_SIZE) {
666 plen = HCI_ISO_HDR_SIZE + __le16_to_cpu(hci_iso_hdr(skb)->dlen);
667 pkt_type = HCI_ISODATA_PKT;
668 } else {
669 bt_dev_err(hdev, "ISO packet is too short");
670 ret = -EILSEQ;
671 goto exit_error;
672 }
673 break;
674
675 default:
676 bt_dev_err(hdev, "Invalid packet type received: 0x%4.4x",
677 pcie_pkt_type);
678 ret = -EINVAL;
679 goto exit_error;
680 }
681
682 if (skb->len < plen) {
683 bt_dev_err(hdev, "Received corrupted packet. type: 0x%2.2x",
684 pkt_type);
685 ret = -EILSEQ;
686 goto exit_error;
687 }
688
689 bt_dev_dbg(hdev, "pkt_type: 0x%2.2x len: %u", pkt_type, plen);
690
691 new_skb = bt_skb_alloc(plen, GFP_ATOMIC);
692 if (!new_skb) {
693 bt_dev_err(hdev, "Failed to allocate memory for skb of len: %u",
694 skb->len);
695 ret = -ENOMEM;
696 goto exit_error;
697 }
698
699 hci_skb_pkt_type(new_skb) = pkt_type;
700 skb_put_data(new_skb, skb->data, plen);
701 hdev->stat.byte_rx += plen;
702
703 if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT)
704 ret = btintel_pcie_recv_event(hdev, new_skb);
705 else
706 ret = hci_recv_frame(hdev, new_skb);
707
708 exit_error:
709 if (ret)
710 hdev->stat.err_rx++;
711
712 spin_unlock(&data->hci_rx_lock);
713
714 return ret;
715 }
716
btintel_pcie_rx_work(struct work_struct * work)717 static void btintel_pcie_rx_work(struct work_struct *work)
718 {
719 struct btintel_pcie_data *data = container_of(work,
720 struct btintel_pcie_data, rx_work);
721 struct sk_buff *skb;
722 int err;
723 struct hci_dev *hdev = data->hdev;
724
725 /* Process the sk_buf in queue and send to the HCI layer */
726 while ((skb = skb_dequeue(&data->rx_skb_q))) {
727 err = btintel_pcie_recv_frame(data, skb);
728 if (err)
729 bt_dev_err(hdev, "Failed to send received frame: %d",
730 err);
731 kfree_skb(skb);
732 }
733 }
734
735 /* create sk_buff with data and save it to queue and start RX work */
btintel_pcie_submit_rx_work(struct btintel_pcie_data * data,u8 status,void * buf)736 static int btintel_pcie_submit_rx_work(struct btintel_pcie_data *data, u8 status,
737 void *buf)
738 {
739 int ret, len;
740 struct rfh_hdr *rfh_hdr;
741 struct sk_buff *skb;
742
743 rfh_hdr = buf;
744
745 len = rfh_hdr->packet_len;
746 if (len <= 0) {
747 ret = -EINVAL;
748 goto resubmit;
749 }
750
751 /* Remove RFH header */
752 buf += sizeof(*rfh_hdr);
753
754 skb = alloc_skb(len, GFP_ATOMIC);
755 if (!skb)
756 goto resubmit;
757
758 skb_put_data(skb, buf, len);
759 skb_queue_tail(&data->rx_skb_q, skb);
760 queue_work(data->workqueue, &data->rx_work);
761
762 resubmit:
763 ret = btintel_pcie_submit_rx(data);
764
765 return ret;
766 }
767
768 /* Handles the MSI-X interrupt for rx queue 1 which is for RX */
btintel_pcie_msix_rx_handle(struct btintel_pcie_data * data)769 static void btintel_pcie_msix_rx_handle(struct btintel_pcie_data *data)
770 {
771 u16 cr_hia, cr_tia;
772 struct rxq *rxq;
773 struct urbd1 *urbd1;
774 struct data_buf *buf;
775 int ret;
776 struct hci_dev *hdev = data->hdev;
777
778 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM];
779 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM];
780
781 bt_dev_dbg(hdev, "RXQ: cr_hia: %u cr_tia: %u", cr_hia, cr_tia);
782
783 /* Check CR_TIA and CR_HIA for change */
784 if (cr_tia == cr_hia) {
785 bt_dev_warn(hdev, "RXQ: no new CD found");
786 return;
787 }
788
789 rxq = &data->rxq;
790
791 /* The firmware sends multiple CD in a single MSI-X and it needs to
792 * process all received CDs in this interrupt.
793 */
794 while (cr_tia != cr_hia) {
795 urbd1 = &rxq->urbd1s[cr_tia];
796 ipc_print_urbd1(data->hdev, urbd1, cr_tia);
797
798 buf = &rxq->bufs[urbd1->frbd_tag];
799 if (!buf) {
800 bt_dev_err(hdev, "RXQ: failed to get the DMA buffer for %d",
801 urbd1->frbd_tag);
802 return;
803 }
804
805 ret = btintel_pcie_submit_rx_work(data, urbd1->status,
806 buf->data);
807 if (ret) {
808 bt_dev_err(hdev, "RXQ: failed to submit rx request");
809 return;
810 }
811
812 cr_tia = (cr_tia + 1) % rxq->count;
813 data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM] = cr_tia;
814 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
815 }
816 }
817
btintel_pcie_msix_isr(int irq,void * data)818 static irqreturn_t btintel_pcie_msix_isr(int irq, void *data)
819 {
820 return IRQ_WAKE_THREAD;
821 }
822
btintel_pcie_irq_msix_handler(int irq,void * dev_id)823 static irqreturn_t btintel_pcie_irq_msix_handler(int irq, void *dev_id)
824 {
825 struct msix_entry *entry = dev_id;
826 struct btintel_pcie_data *data = btintel_pcie_get_data(entry);
827 u32 intr_fh, intr_hw;
828
829 spin_lock(&data->irq_lock);
830 intr_fh = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES);
831 intr_hw = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES);
832
833 /* Clear causes registers to avoid being handling the same cause */
834 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES, intr_fh);
835 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, intr_hw);
836 spin_unlock(&data->irq_lock);
837
838 if (unlikely(!(intr_fh | intr_hw))) {
839 /* Ignore interrupt, inta == 0 */
840 return IRQ_NONE;
841 }
842
843 /* This interrupt is triggered by the firmware after updating
844 * boot_stage register and image_response register
845 */
846 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0)
847 btintel_pcie_msix_gp0_handler(data);
848
849 /* For TX */
850 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0)
851 btintel_pcie_msix_tx_handle(data);
852
853 /* For RX */
854 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1)
855 btintel_pcie_msix_rx_handle(data);
856
857 /*
858 * Before sending the interrupt the HW disables it to prevent a nested
859 * interrupt. This is done by writing 1 to the corresponding bit in
860 * the mask register. After handling the interrupt, it should be
861 * re-enabled by clearing this bit. This register is defined as write 1
862 * clear (W1C) register, meaning that it's cleared by writing 1
863 * to the bit.
864 */
865 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_AUTOMASK_ST,
866 BIT(entry->entry));
867
868 return IRQ_HANDLED;
869 }
870
871 /* This function requests the irq for MSI-X and registers the handlers per irq.
872 * Currently, it requests only 1 irq for all interrupt causes.
873 */
btintel_pcie_setup_irq(struct btintel_pcie_data * data)874 static int btintel_pcie_setup_irq(struct btintel_pcie_data *data)
875 {
876 int err;
877 int num_irqs, i;
878
879 for (i = 0; i < BTINTEL_PCIE_MSIX_VEC_MAX; i++)
880 data->msix_entries[i].entry = i;
881
882 num_irqs = pci_alloc_irq_vectors(data->pdev, BTINTEL_PCIE_MSIX_VEC_MIN,
883 BTINTEL_PCIE_MSIX_VEC_MAX, PCI_IRQ_MSIX);
884 if (num_irqs < 0)
885 return num_irqs;
886
887 data->alloc_vecs = num_irqs;
888 data->msix_enabled = 1;
889 data->def_irq = 0;
890
891 /* setup irq handler */
892 for (i = 0; i < data->alloc_vecs; i++) {
893 struct msix_entry *msix_entry;
894
895 msix_entry = &data->msix_entries[i];
896 msix_entry->vector = pci_irq_vector(data->pdev, i);
897
898 err = devm_request_threaded_irq(&data->pdev->dev,
899 msix_entry->vector,
900 btintel_pcie_msix_isr,
901 btintel_pcie_irq_msix_handler,
902 IRQF_SHARED,
903 KBUILD_MODNAME,
904 msix_entry);
905 if (err) {
906 pci_free_irq_vectors(data->pdev);
907 data->alloc_vecs = 0;
908 return err;
909 }
910 }
911 return 0;
912 }
913
914 struct btintel_pcie_causes_list {
915 u32 cause;
916 u32 mask_reg;
917 u8 cause_num;
918 };
919
920 static struct btintel_pcie_causes_list causes_list[] = {
921 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x00 },
922 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x01 },
923 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x20 },
924 };
925
926 /* This function configures the interrupt masks for both HW_INT_CAUSES and
927 * FH_INT_CAUSES which are meaningful to us.
928 *
929 * After resetting BT function via PCIE FLR or FUNC_CTRL reset, the driver
930 * need to call this function again to configure since the masks
931 * are reset to 0xFFFFFFFF after reset.
932 */
btintel_pcie_config_msix(struct btintel_pcie_data * data)933 static void btintel_pcie_config_msix(struct btintel_pcie_data *data)
934 {
935 int i;
936 int val = data->def_irq | BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE;
937
938 /* Set Non Auto Clear Cause */
939 for (i = 0; i < ARRAY_SIZE(causes_list); i++) {
940 btintel_pcie_wr_reg8(data,
941 BTINTEL_PCIE_CSR_MSIX_IVAR(causes_list[i].cause_num),
942 val);
943 btintel_pcie_clr_reg_bits(data,
944 causes_list[i].mask_reg,
945 causes_list[i].cause);
946 }
947
948 /* Save the initial interrupt mask */
949 data->fh_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK);
950 data->hw_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK);
951 }
952
btintel_pcie_config_pcie(struct pci_dev * pdev,struct btintel_pcie_data * data)953 static int btintel_pcie_config_pcie(struct pci_dev *pdev,
954 struct btintel_pcie_data *data)
955 {
956 int err;
957
958 err = pcim_enable_device(pdev);
959 if (err)
960 return err;
961
962 pci_set_master(pdev);
963
964 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
965 if (err) {
966 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
967 if (err)
968 return err;
969 }
970
971 data->base_addr = pcim_iomap_region(pdev, 0, KBUILD_MODNAME);
972 if (IS_ERR(data->base_addr))
973 return PTR_ERR(data->base_addr);
974
975 err = btintel_pcie_setup_irq(data);
976 if (err)
977 return err;
978
979 /* Configure MSI-X with causes list */
980 btintel_pcie_config_msix(data);
981
982 return 0;
983 }
984
btintel_pcie_init_ci(struct btintel_pcie_data * data,struct ctx_info * ci)985 static void btintel_pcie_init_ci(struct btintel_pcie_data *data,
986 struct ctx_info *ci)
987 {
988 ci->version = 0x1;
989 ci->size = sizeof(*ci);
990 ci->config = 0x0000;
991 ci->addr_cr_hia = data->ia.cr_hia_p_addr;
992 ci->addr_tr_tia = data->ia.tr_tia_p_addr;
993 ci->addr_cr_tia = data->ia.cr_tia_p_addr;
994 ci->addr_tr_hia = data->ia.tr_hia_p_addr;
995 ci->num_cr_ia = BTINTEL_PCIE_NUM_QUEUES;
996 ci->num_tr_ia = BTINTEL_PCIE_NUM_QUEUES;
997 ci->addr_urbdq0 = data->txq.urbd0s_p_addr;
998 ci->addr_tfdq = data->txq.tfds_p_addr;
999 ci->num_tfdq = data->txq.count;
1000 ci->num_urbdq0 = data->txq.count;
1001 ci->tfdq_db_vec = BTINTEL_PCIE_TXQ_NUM;
1002 ci->urbdq0_db_vec = BTINTEL_PCIE_TXQ_NUM;
1003 ci->rbd_size = BTINTEL_PCIE_RBD_SIZE_4K;
1004 ci->addr_frbdq = data->rxq.frbds_p_addr;
1005 ci->num_frbdq = data->rxq.count;
1006 ci->frbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1007 ci->addr_urbdq1 = data->rxq.urbd1s_p_addr;
1008 ci->num_urbdq1 = data->rxq.count;
1009 ci->urbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1010 }
1011
btintel_pcie_free_txq_bufs(struct btintel_pcie_data * data,struct txq * txq)1012 static void btintel_pcie_free_txq_bufs(struct btintel_pcie_data *data,
1013 struct txq *txq)
1014 {
1015 /* Free data buffers first */
1016 dma_free_coherent(&data->pdev->dev, txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1017 txq->buf_v_addr, txq->buf_p_addr);
1018 kfree(txq->bufs);
1019 }
1020
btintel_pcie_setup_txq_bufs(struct btintel_pcie_data * data,struct txq * txq)1021 static int btintel_pcie_setup_txq_bufs(struct btintel_pcie_data *data,
1022 struct txq *txq)
1023 {
1024 int i;
1025 struct data_buf *buf;
1026
1027 /* Allocate the same number of buffers as the descriptor */
1028 txq->bufs = kmalloc_array(txq->count, sizeof(*buf), GFP_KERNEL);
1029 if (!txq->bufs)
1030 return -ENOMEM;
1031
1032 /* Allocate full chunk of data buffer for DMA first and do indexing and
1033 * initialization next, so it can be freed easily
1034 */
1035 txq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1036 txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1037 &txq->buf_p_addr,
1038 GFP_KERNEL | __GFP_NOWARN);
1039 if (!txq->buf_v_addr) {
1040 kfree(txq->bufs);
1041 return -ENOMEM;
1042 }
1043
1044 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1045 * have virtual address and physical address
1046 */
1047 for (i = 0; i < txq->count; i++) {
1048 buf = &txq->bufs[i];
1049 buf->data_p_addr = txq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1050 buf->data = txq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1051 }
1052
1053 return 0;
1054 }
1055
btintel_pcie_free_rxq_bufs(struct btintel_pcie_data * data,struct rxq * rxq)1056 static void btintel_pcie_free_rxq_bufs(struct btintel_pcie_data *data,
1057 struct rxq *rxq)
1058 {
1059 /* Free data buffers first */
1060 dma_free_coherent(&data->pdev->dev, rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1061 rxq->buf_v_addr, rxq->buf_p_addr);
1062 kfree(rxq->bufs);
1063 }
1064
btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data * data,struct rxq * rxq)1065 static int btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data *data,
1066 struct rxq *rxq)
1067 {
1068 int i;
1069 struct data_buf *buf;
1070
1071 /* Allocate the same number of buffers as the descriptor */
1072 rxq->bufs = kmalloc_array(rxq->count, sizeof(*buf), GFP_KERNEL);
1073 if (!rxq->bufs)
1074 return -ENOMEM;
1075
1076 /* Allocate full chunk of data buffer for DMA first and do indexing and
1077 * initialization next, so it can be freed easily
1078 */
1079 rxq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1080 rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1081 &rxq->buf_p_addr,
1082 GFP_KERNEL | __GFP_NOWARN);
1083 if (!rxq->buf_v_addr) {
1084 kfree(rxq->bufs);
1085 return -ENOMEM;
1086 }
1087
1088 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1089 * have virtual address and physical address
1090 */
1091 for (i = 0; i < rxq->count; i++) {
1092 buf = &rxq->bufs[i];
1093 buf->data_p_addr = rxq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1094 buf->data = rxq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1095 }
1096
1097 return 0;
1098 }
1099
btintel_pcie_setup_ia(struct btintel_pcie_data * data,dma_addr_t p_addr,void * v_addr,struct ia * ia)1100 static void btintel_pcie_setup_ia(struct btintel_pcie_data *data,
1101 dma_addr_t p_addr, void *v_addr,
1102 struct ia *ia)
1103 {
1104 /* TR Head Index Array */
1105 ia->tr_hia_p_addr = p_addr;
1106 ia->tr_hia = v_addr;
1107
1108 /* TR Tail Index Array */
1109 ia->tr_tia_p_addr = p_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1110 ia->tr_tia = v_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1111
1112 /* CR Head index Array */
1113 ia->cr_hia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1114 ia->cr_hia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1115
1116 /* CR Tail Index Array */
1117 ia->cr_tia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1118 ia->cr_tia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1119 }
1120
btintel_pcie_free(struct btintel_pcie_data * data)1121 static void btintel_pcie_free(struct btintel_pcie_data *data)
1122 {
1123 btintel_pcie_free_rxq_bufs(data, &data->rxq);
1124 btintel_pcie_free_txq_bufs(data, &data->txq);
1125
1126 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1127 dma_pool_destroy(data->dma_pool);
1128 }
1129
1130 /* Allocate tx and rx queues, any related data structures and buffers.
1131 */
btintel_pcie_alloc(struct btintel_pcie_data * data)1132 static int btintel_pcie_alloc(struct btintel_pcie_data *data)
1133 {
1134 int err = 0;
1135 size_t total;
1136 dma_addr_t p_addr;
1137 void *v_addr;
1138
1139 /* Allocate the chunk of DMA memory for descriptors, index array, and
1140 * context information, instead of allocating individually.
1141 * The DMA memory for data buffer is allocated while setting up the
1142 * each queue.
1143 *
1144 * Total size is sum of the following
1145 * + size of TFD * Number of descriptors in queue
1146 * + size of URBD0 * Number of descriptors in queue
1147 * + size of FRBD * Number of descriptors in queue
1148 * + size of URBD1 * Number of descriptors in queue
1149 * + size of index * Number of queues(2) * type of index array(4)
1150 * + size of context information
1151 */
1152 total = (sizeof(struct tfd) + sizeof(struct urbd0) + sizeof(struct frbd)
1153 + sizeof(struct urbd1)) * BTINTEL_DESCS_COUNT;
1154
1155 /* Add the sum of size of index array and size of ci struct */
1156 total += (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4) + sizeof(struct ctx_info);
1157
1158 /* Allocate DMA Pool */
1159 data->dma_pool = dma_pool_create(KBUILD_MODNAME, &data->pdev->dev,
1160 total, BTINTEL_PCIE_DMA_POOL_ALIGNMENT, 0);
1161 if (!data->dma_pool) {
1162 err = -ENOMEM;
1163 goto exit_error;
1164 }
1165
1166 v_addr = dma_pool_zalloc(data->dma_pool, GFP_KERNEL | __GFP_NOWARN,
1167 &p_addr);
1168 if (!v_addr) {
1169 dma_pool_destroy(data->dma_pool);
1170 err = -ENOMEM;
1171 goto exit_error;
1172 }
1173
1174 data->dma_p_addr = p_addr;
1175 data->dma_v_addr = v_addr;
1176
1177 /* Setup descriptor count */
1178 data->txq.count = BTINTEL_DESCS_COUNT;
1179 data->rxq.count = BTINTEL_DESCS_COUNT;
1180
1181 /* Setup tfds */
1182 data->txq.tfds_p_addr = p_addr;
1183 data->txq.tfds = v_addr;
1184
1185 p_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT);
1186 v_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT);
1187
1188 /* Setup urbd0 */
1189 data->txq.urbd0s_p_addr = p_addr;
1190 data->txq.urbd0s = v_addr;
1191
1192 p_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT);
1193 v_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT);
1194
1195 /* Setup FRBD*/
1196 data->rxq.frbds_p_addr = p_addr;
1197 data->rxq.frbds = v_addr;
1198
1199 p_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT);
1200 v_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT);
1201
1202 /* Setup urbd1 */
1203 data->rxq.urbd1s_p_addr = p_addr;
1204 data->rxq.urbd1s = v_addr;
1205
1206 p_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT);
1207 v_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT);
1208
1209 /* Setup data buffers for txq */
1210 err = btintel_pcie_setup_txq_bufs(data, &data->txq);
1211 if (err)
1212 goto exit_error_pool;
1213
1214 /* Setup data buffers for rxq */
1215 err = btintel_pcie_setup_rxq_bufs(data, &data->rxq);
1216 if (err)
1217 goto exit_error_txq;
1218
1219 /* Setup Index Array */
1220 btintel_pcie_setup_ia(data, p_addr, v_addr, &data->ia);
1221
1222 /* Setup Context Information */
1223 p_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1224 v_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1225
1226 data->ci = v_addr;
1227 data->ci_p_addr = p_addr;
1228
1229 /* Initialize the CI */
1230 btintel_pcie_init_ci(data, data->ci);
1231
1232 return 0;
1233
1234 exit_error_txq:
1235 btintel_pcie_free_txq_bufs(data, &data->txq);
1236 exit_error_pool:
1237 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1238 dma_pool_destroy(data->dma_pool);
1239 exit_error:
1240 return err;
1241 }
1242
btintel_pcie_open(struct hci_dev * hdev)1243 static int btintel_pcie_open(struct hci_dev *hdev)
1244 {
1245 bt_dev_dbg(hdev, "");
1246
1247 return 0;
1248 }
1249
btintel_pcie_close(struct hci_dev * hdev)1250 static int btintel_pcie_close(struct hci_dev *hdev)
1251 {
1252 bt_dev_dbg(hdev, "");
1253
1254 return 0;
1255 }
1256
btintel_pcie_inject_cmd_complete(struct hci_dev * hdev,__u16 opcode)1257 static int btintel_pcie_inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1258 {
1259 struct sk_buff *skb;
1260 struct hci_event_hdr *hdr;
1261 struct hci_ev_cmd_complete *evt;
1262
1263 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1264 if (!skb)
1265 return -ENOMEM;
1266
1267 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
1268 hdr->evt = HCI_EV_CMD_COMPLETE;
1269 hdr->plen = sizeof(*evt) + 1;
1270
1271 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
1272 evt->ncmd = 0x01;
1273 evt->opcode = cpu_to_le16(opcode);
1274
1275 *(u8 *)skb_put(skb, 1) = 0x00;
1276
1277 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1278
1279 return hci_recv_frame(hdev, skb);
1280 }
1281
btintel_pcie_send_frame(struct hci_dev * hdev,struct sk_buff * skb)1282 static int btintel_pcie_send_frame(struct hci_dev *hdev,
1283 struct sk_buff *skb)
1284 {
1285 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
1286 struct hci_command_hdr *cmd;
1287 __u16 opcode = ~0;
1288 int ret;
1289 u32 type;
1290 u32 old_ctxt;
1291
1292 /* Due to the fw limitation, the type header of the packet should be
1293 * 4 bytes unlike 1 byte for UART. In UART, the firmware can read
1294 * the first byte to get the packet type and redirect the rest of data
1295 * packet to the right handler.
1296 *
1297 * But for PCIe, THF(Transfer Flow Handler) fetches the 4 bytes of data
1298 * from DMA memory and by the time it reads the first 4 bytes, it has
1299 * already consumed some part of packet. Thus the packet type indicator
1300 * for iBT PCIe is 4 bytes.
1301 *
1302 * Luckily, when HCI core creates the skb, it allocates 8 bytes of
1303 * head room for profile and driver use, and before sending the data
1304 * to the device, append the iBT PCIe packet type in the front.
1305 */
1306 switch (hci_skb_pkt_type(skb)) {
1307 case HCI_COMMAND_PKT:
1308 type = BTINTEL_PCIE_HCI_CMD_PKT;
1309 cmd = (void *)skb->data;
1310 opcode = le16_to_cpu(cmd->opcode);
1311 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1312 struct hci_command_hdr *cmd = (void *)skb->data;
1313 __u16 opcode = le16_to_cpu(cmd->opcode);
1314
1315 /* When the 0xfc01 command is issued to boot into
1316 * the operational firmware, it will actually not
1317 * send a command complete event. To keep the flow
1318 * control working inject that event here.
1319 */
1320 if (opcode == 0xfc01)
1321 btintel_pcie_inject_cmd_complete(hdev, opcode);
1322 }
1323 hdev->stat.cmd_tx++;
1324 break;
1325 case HCI_ACLDATA_PKT:
1326 type = BTINTEL_PCIE_HCI_ACL_PKT;
1327 hdev->stat.acl_tx++;
1328 break;
1329 case HCI_SCODATA_PKT:
1330 type = BTINTEL_PCIE_HCI_SCO_PKT;
1331 hdev->stat.sco_tx++;
1332 break;
1333 case HCI_ISODATA_PKT:
1334 type = BTINTEL_PCIE_HCI_ISO_PKT;
1335 break;
1336 default:
1337 bt_dev_err(hdev, "Unknown HCI packet type");
1338 return -EILSEQ;
1339 }
1340 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &type,
1341 BTINTEL_PCIE_HCI_TYPE_LEN);
1342
1343 ret = btintel_pcie_send_sync(data, skb);
1344 if (ret) {
1345 hdev->stat.err_tx++;
1346 bt_dev_err(hdev, "Failed to send frame (%d)", ret);
1347 goto exit_error;
1348 }
1349
1350 if (type == BTINTEL_PCIE_HCI_CMD_PKT &&
1351 (opcode == HCI_OP_RESET || opcode == 0xfc01)) {
1352 old_ctxt = data->alive_intr_ctxt;
1353 data->alive_intr_ctxt =
1354 (opcode == 0xfc01 ? BTINTEL_PCIE_INTEL_HCI_RESET1 :
1355 BTINTEL_PCIE_HCI_RESET);
1356 bt_dev_dbg(data->hdev, "sent cmd: 0x%4.4x alive context changed: %s -> %s",
1357 opcode, btintel_pcie_alivectxt_state2str(old_ctxt),
1358 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1359 if (opcode == HCI_OP_RESET) {
1360 data->gp0_received = false;
1361 ret = wait_event_timeout(data->gp0_wait_q,
1362 data->gp0_received,
1363 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
1364 if (!ret) {
1365 hdev->stat.err_tx++;
1366 bt_dev_err(hdev, "No alive interrupt received for %s",
1367 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1368 ret = -ETIME;
1369 goto exit_error;
1370 }
1371 }
1372 }
1373 hdev->stat.byte_tx += skb->len;
1374 kfree_skb(skb);
1375
1376 exit_error:
1377 return ret;
1378 }
1379
btintel_pcie_release_hdev(struct btintel_pcie_data * data)1380 static void btintel_pcie_release_hdev(struct btintel_pcie_data *data)
1381 {
1382 struct hci_dev *hdev;
1383
1384 hdev = data->hdev;
1385 hci_unregister_dev(hdev);
1386 hci_free_dev(hdev);
1387 data->hdev = NULL;
1388 }
1389
btintel_pcie_setup_internal(struct hci_dev * hdev)1390 static int btintel_pcie_setup_internal(struct hci_dev *hdev)
1391 {
1392 const u8 param[1] = { 0xFF };
1393 struct intel_version_tlv ver_tlv;
1394 struct sk_buff *skb;
1395 int err;
1396
1397 BT_DBG("%s", hdev->name);
1398
1399 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
1400 if (IS_ERR(skb)) {
1401 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
1402 PTR_ERR(skb));
1403 return PTR_ERR(skb);
1404 }
1405
1406 /* Check the status */
1407 if (skb->data[0]) {
1408 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
1409 skb->data[0]);
1410 err = -EIO;
1411 goto exit_error;
1412 }
1413
1414 /* Apply the common HCI quirks for Intel device */
1415 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
1416 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1417 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
1418
1419 /* Set up the quality report callback for Intel devices */
1420 hdev->set_quality_report = btintel_set_quality_report;
1421
1422 memset(&ver_tlv, 0, sizeof(ver_tlv));
1423 /* For TLV type device, parse the tlv data */
1424 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
1425 if (err) {
1426 bt_dev_err(hdev, "Failed to parse TLV version information");
1427 goto exit_error;
1428 }
1429
1430 switch (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)) {
1431 case 0x37:
1432 break;
1433 default:
1434 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
1435 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
1436 err = -EINVAL;
1437 goto exit_error;
1438 }
1439
1440 /* Check for supported iBT hardware variants of this firmware
1441 * loading method.
1442 *
1443 * This check has been put in place to ensure correct forward
1444 * compatibility options when newer hardware variants come
1445 * along.
1446 */
1447 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
1448 case 0x1e: /* BzrI */
1449 /* Display version information of TLV type */
1450 btintel_version_info_tlv(hdev, &ver_tlv);
1451
1452 /* Apply the device specific HCI quirks for TLV based devices
1453 *
1454 * All TLV based devices support WBS
1455 */
1456 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1457
1458 /* Setup MSFT Extension support */
1459 btintel_set_msft_opcode(hdev,
1460 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1461
1462 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
1463 if (err)
1464 goto exit_error;
1465 break;
1466 default:
1467 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
1468 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1469 err = -EINVAL;
1470 goto exit_error;
1471 break;
1472 }
1473
1474 btintel_print_fseq_info(hdev);
1475 exit_error:
1476 kfree_skb(skb);
1477
1478 return err;
1479 }
1480
btintel_pcie_setup(struct hci_dev * hdev)1481 static int btintel_pcie_setup(struct hci_dev *hdev)
1482 {
1483 int err, fw_dl_retry = 0;
1484 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
1485
1486 while ((err = btintel_pcie_setup_internal(hdev)) && fw_dl_retry++ < 1) {
1487 bt_dev_err(hdev, "Firmware download retry count: %d",
1488 fw_dl_retry);
1489 err = btintel_pcie_reset_bt(data);
1490 if (err) {
1491 bt_dev_err(hdev, "Failed to do shr reset: %d", err);
1492 break;
1493 }
1494 usleep_range(10000, 12000);
1495 btintel_pcie_reset_ia(data);
1496 btintel_pcie_config_msix(data);
1497 err = btintel_pcie_enable_bt(data);
1498 if (err) {
1499 bt_dev_err(hdev, "Failed to enable hardware: %d", err);
1500 break;
1501 }
1502 btintel_pcie_start_rx(data);
1503 }
1504 return err;
1505 }
1506
btintel_pcie_setup_hdev(struct btintel_pcie_data * data)1507 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data)
1508 {
1509 int err;
1510 struct hci_dev *hdev;
1511
1512 hdev = hci_alloc_dev_priv(sizeof(struct btintel_data));
1513 if (!hdev)
1514 return -ENOMEM;
1515
1516 hdev->bus = HCI_PCI;
1517 hci_set_drvdata(hdev, data);
1518
1519 data->hdev = hdev;
1520 SET_HCIDEV_DEV(hdev, &data->pdev->dev);
1521
1522 hdev->manufacturer = 2;
1523 hdev->open = btintel_pcie_open;
1524 hdev->close = btintel_pcie_close;
1525 hdev->send = btintel_pcie_send_frame;
1526 hdev->setup = btintel_pcie_setup;
1527 hdev->shutdown = btintel_shutdown_combined;
1528 hdev->hw_error = btintel_hw_error;
1529 hdev->set_diag = btintel_set_diag;
1530 hdev->set_bdaddr = btintel_set_bdaddr;
1531
1532 err = hci_register_dev(hdev);
1533 if (err < 0) {
1534 BT_ERR("Failed to register to hdev (%d)", err);
1535 goto exit_error;
1536 }
1537
1538 return 0;
1539
1540 exit_error:
1541 hci_free_dev(hdev);
1542 return err;
1543 }
1544
btintel_pcie_probe(struct pci_dev * pdev,const struct pci_device_id * ent)1545 static int btintel_pcie_probe(struct pci_dev *pdev,
1546 const struct pci_device_id *ent)
1547 {
1548 int err;
1549 struct btintel_pcie_data *data;
1550
1551 if (!pdev)
1552 return -ENODEV;
1553
1554 data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL);
1555 if (!data)
1556 return -ENOMEM;
1557
1558 data->pdev = pdev;
1559
1560 spin_lock_init(&data->irq_lock);
1561 spin_lock_init(&data->hci_rx_lock);
1562
1563 init_waitqueue_head(&data->gp0_wait_q);
1564 data->gp0_received = false;
1565
1566 init_waitqueue_head(&data->tx_wait_q);
1567 data->tx_wait_done = false;
1568
1569 data->workqueue = alloc_ordered_workqueue(KBUILD_MODNAME, WQ_HIGHPRI);
1570 if (!data->workqueue)
1571 return -ENOMEM;
1572
1573 skb_queue_head_init(&data->rx_skb_q);
1574 INIT_WORK(&data->rx_work, btintel_pcie_rx_work);
1575
1576 data->boot_stage_cache = 0x00;
1577 data->img_resp_cache = 0x00;
1578
1579 err = btintel_pcie_config_pcie(pdev, data);
1580 if (err)
1581 goto exit_error;
1582
1583 pci_set_drvdata(pdev, data);
1584
1585 err = btintel_pcie_alloc(data);
1586 if (err)
1587 goto exit_error;
1588
1589 err = btintel_pcie_enable_bt(data);
1590 if (err)
1591 goto exit_error;
1592
1593 /* CNV information (CNVi and CNVr) is in CSR */
1594 data->cnvi = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_HW_REV_REG);
1595
1596 data->cnvr = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_RF_ID_REG);
1597
1598 err = btintel_pcie_start_rx(data);
1599 if (err)
1600 goto exit_error;
1601
1602 err = btintel_pcie_setup_hdev(data);
1603 if (err)
1604 goto exit_error;
1605
1606 bt_dev_dbg(data->hdev, "cnvi: 0x%8.8x cnvr: 0x%8.8x", data->cnvi,
1607 data->cnvr);
1608 return 0;
1609
1610 exit_error:
1611 /* reset device before exit */
1612 btintel_pcie_reset_bt(data);
1613
1614 pci_clear_master(pdev);
1615
1616 pci_set_drvdata(pdev, NULL);
1617
1618 return err;
1619 }
1620
btintel_pcie_remove(struct pci_dev * pdev)1621 static void btintel_pcie_remove(struct pci_dev *pdev)
1622 {
1623 struct btintel_pcie_data *data;
1624
1625 data = pci_get_drvdata(pdev);
1626
1627 btintel_pcie_reset_bt(data);
1628 for (int i = 0; i < data->alloc_vecs; i++) {
1629 struct msix_entry *msix_entry;
1630
1631 msix_entry = &data->msix_entries[i];
1632 free_irq(msix_entry->vector, msix_entry);
1633 }
1634
1635 pci_free_irq_vectors(pdev);
1636
1637 btintel_pcie_release_hdev(data);
1638
1639 flush_work(&data->rx_work);
1640
1641 destroy_workqueue(data->workqueue);
1642
1643 btintel_pcie_free(data);
1644
1645 pci_clear_master(pdev);
1646
1647 pci_set_drvdata(pdev, NULL);
1648 }
1649
1650 static struct pci_driver btintel_pcie_driver = {
1651 .name = KBUILD_MODNAME,
1652 .id_table = btintel_pcie_table,
1653 .probe = btintel_pcie_probe,
1654 .remove = btintel_pcie_remove,
1655 };
1656 module_pci_driver(btintel_pcie_driver);
1657
1658 MODULE_AUTHOR("Tedd Ho-Jeong An <tedd.an@intel.com>");
1659 MODULE_DESCRIPTION("Intel Bluetooth PCIe transport driver ver " VERSION);
1660 MODULE_VERSION(VERSION);
1661 MODULE_LICENSE("GPL");
1662