1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth support for Intel PCIe devices 5 * 6 * Copyright (C) 2024 Intel Corporation 7 */ 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/firmware.h> 12 #include <linux/pci.h> 13 #include <linux/wait.h> 14 #include <linux/delay.h> 15 #include <linux/interrupt.h> 16 17 #include <linux/unaligned.h> 18 19 #include <net/bluetooth/bluetooth.h> 20 #include <net/bluetooth/hci_core.h> 21 22 #include "btintel.h" 23 #include "btintel_pcie.h" 24 25 #define VERSION "0.1" 26 27 #define BTINTEL_PCI_DEVICE(dev, subdev) \ 28 .vendor = PCI_VENDOR_ID_INTEL, \ 29 .device = (dev), \ 30 .subvendor = PCI_ANY_ID, \ 31 .subdevice = (subdev), \ 32 .driver_data = 0 33 34 #define POLL_INTERVAL_US 10 35 36 /* Intel Bluetooth PCIe device id table */ 37 static const struct pci_device_id btintel_pcie_table[] = { 38 { BTINTEL_PCI_DEVICE(0xA876, PCI_ANY_ID) }, 39 { BTINTEL_PCI_DEVICE(0xE476, PCI_ANY_ID) }, 40 { 0 } 41 }; 42 MODULE_DEVICE_TABLE(pci, btintel_pcie_table); 43 44 /* Intel PCIe uses 4 bytes of HCI type instead of 1 byte BT SIG HCI type */ 45 #define BTINTEL_PCIE_HCI_TYPE_LEN 4 46 #define BTINTEL_PCIE_HCI_CMD_PKT 0x00000001 47 #define BTINTEL_PCIE_HCI_ACL_PKT 0x00000002 48 #define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003 49 #define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004 50 #define BTINTEL_PCIE_HCI_ISO_PKT 0x00000005 51 52 #define BTINTEL_PCIE_MAGIC_NUM 0xA5A5A5A5 53 54 #define BTINTEL_PCIE_BLZR_HWEXP_SIZE 1024 55 #define BTINTEL_PCIE_BLZR_HWEXP_DMP_ADDR 0xB00A7C00 56 57 #define BTINTEL_PCIE_SCP_HWEXP_SIZE 4096 58 #define BTINTEL_PCIE_SCP_HWEXP_DMP_ADDR 0xB030F800 59 60 #define BTINTEL_PCIE_MAGIC_NUM 0xA5A5A5A5 61 62 #define BTINTEL_PCIE_TRIGGER_REASON_USER_TRIGGER 0x17A2 63 #define BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT 0x1E61 64 65 /* Alive interrupt context */ 66 enum { 67 BTINTEL_PCIE_ROM, 68 BTINTEL_PCIE_FW_DL, 69 BTINTEL_PCIE_HCI_RESET, 70 BTINTEL_PCIE_INTEL_HCI_RESET1, 71 BTINTEL_PCIE_INTEL_HCI_RESET2, 72 BTINTEL_PCIE_D0, 73 BTINTEL_PCIE_D3 74 }; 75 76 /* Structure for dbgc fragment buffer 77 * @buf_addr_lsb: LSB of the buffer's physical address 78 * @buf_addr_msb: MSB of the buffer's physical address 79 * @buf_size: Total size of the buffer 80 */ 81 struct btintel_pcie_dbgc_ctxt_buf { 82 u32 buf_addr_lsb; 83 u32 buf_addr_msb; 84 u32 buf_size; 85 }; 86 87 /* Structure for dbgc fragment 88 * @magic_num: 0XA5A5A5A5 89 * @ver: For Driver-FW compatibility 90 * @total_size: Total size of the payload debug info 91 * @num_buf: Num of allocated debug bufs 92 * @bufs: All buffer's addresses and sizes 93 */ 94 struct btintel_pcie_dbgc_ctxt { 95 u32 magic_num; 96 u32 ver; 97 u32 total_size; 98 u32 num_buf; 99 struct btintel_pcie_dbgc_ctxt_buf bufs[BTINTEL_PCIE_DBGC_BUFFER_COUNT]; 100 }; 101 102 /* This function initializes the memory for DBGC buffers and formats the 103 * DBGC fragment which consists header info and DBGC buffer's LSB, MSB and 104 * size as the payload 105 */ 106 static int btintel_pcie_setup_dbgc(struct btintel_pcie_data *data) 107 { 108 struct btintel_pcie_dbgc_ctxt db_frag; 109 struct data_buf *buf; 110 int i; 111 112 data->dbgc.count = BTINTEL_PCIE_DBGC_BUFFER_COUNT; 113 data->dbgc.bufs = devm_kcalloc(&data->pdev->dev, data->dbgc.count, 114 sizeof(*buf), GFP_KERNEL); 115 if (!data->dbgc.bufs) 116 return -ENOMEM; 117 118 data->dbgc.buf_v_addr = dmam_alloc_coherent(&data->pdev->dev, 119 data->dbgc.count * 120 BTINTEL_PCIE_DBGC_BUFFER_SIZE, 121 &data->dbgc.buf_p_addr, 122 GFP_KERNEL | __GFP_NOWARN); 123 if (!data->dbgc.buf_v_addr) 124 return -ENOMEM; 125 126 data->dbgc.frag_v_addr = dmam_alloc_coherent(&data->pdev->dev, 127 sizeof(struct btintel_pcie_dbgc_ctxt), 128 &data->dbgc.frag_p_addr, 129 GFP_KERNEL | __GFP_NOWARN); 130 if (!data->dbgc.frag_v_addr) 131 return -ENOMEM; 132 133 data->dbgc.frag_size = sizeof(struct btintel_pcie_dbgc_ctxt); 134 135 db_frag.magic_num = BTINTEL_PCIE_MAGIC_NUM; 136 db_frag.ver = BTINTEL_PCIE_DBGC_FRAG_VERSION; 137 db_frag.total_size = BTINTEL_PCIE_DBGC_FRAG_PAYLOAD_SIZE; 138 db_frag.num_buf = BTINTEL_PCIE_DBGC_FRAG_BUFFER_COUNT; 139 140 for (i = 0; i < data->dbgc.count; i++) { 141 buf = &data->dbgc.bufs[i]; 142 buf->data_p_addr = data->dbgc.buf_p_addr + i * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 143 buf->data = data->dbgc.buf_v_addr + i * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 144 db_frag.bufs[i].buf_addr_lsb = lower_32_bits(buf->data_p_addr); 145 db_frag.bufs[i].buf_addr_msb = upper_32_bits(buf->data_p_addr); 146 db_frag.bufs[i].buf_size = BTINTEL_PCIE_DBGC_BUFFER_SIZE; 147 } 148 149 memcpy(data->dbgc.frag_v_addr, &db_frag, sizeof(db_frag)); 150 return 0; 151 } 152 153 static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia, 154 u16 queue_num) 155 { 156 bt_dev_dbg(hdev, "IA: %s: tr-h:%02u tr-t:%02u cr-h:%02u cr-t:%02u", 157 queue_num == BTINTEL_PCIE_TXQ_NUM ? "TXQ" : "RXQ", 158 ia->tr_hia[queue_num], ia->tr_tia[queue_num], 159 ia->cr_hia[queue_num], ia->cr_tia[queue_num]); 160 } 161 162 static inline void ipc_print_urbd1(struct hci_dev *hdev, struct urbd1 *urbd1, 163 u16 index) 164 { 165 bt_dev_dbg(hdev, "RXQ:urbd1(%u) frbd_tag:%u status: 0x%x fixed:0x%x", 166 index, urbd1->frbd_tag, urbd1->status, urbd1->fixed); 167 } 168 169 static struct btintel_pcie_data *btintel_pcie_get_data(struct msix_entry *entry) 170 { 171 u8 queue = entry->entry; 172 struct msix_entry *entries = entry - queue; 173 174 return container_of(entries, struct btintel_pcie_data, msix_entries[0]); 175 } 176 177 /* Set the doorbell for TXQ to notify the device that @index (actually index-1) 178 * of the TFD is updated and ready to transmit. 179 */ 180 static void btintel_pcie_set_tx_db(struct btintel_pcie_data *data, u16 index) 181 { 182 u32 val; 183 184 val = index; 185 val |= (BTINTEL_PCIE_TX_DB_VEC << 16); 186 187 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val); 188 } 189 190 /* Copy the data to next(@tfd_index) data buffer and update the TFD(transfer 191 * descriptor) with the data length and the DMA address of the data buffer. 192 */ 193 static void btintel_pcie_prepare_tx(struct txq *txq, u16 tfd_index, 194 struct sk_buff *skb) 195 { 196 struct data_buf *buf; 197 struct tfd *tfd; 198 199 tfd = &txq->tfds[tfd_index]; 200 memset(tfd, 0, sizeof(*tfd)); 201 202 buf = &txq->bufs[tfd_index]; 203 204 tfd->size = skb->len; 205 tfd->addr = buf->data_p_addr; 206 207 /* Copy the outgoing data to DMA buffer */ 208 memcpy(buf->data, skb->data, tfd->size); 209 } 210 211 static int btintel_pcie_send_sync(struct btintel_pcie_data *data, 212 struct sk_buff *skb) 213 { 214 int ret; 215 u16 tfd_index; 216 struct txq *txq = &data->txq; 217 218 tfd_index = data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM]; 219 220 if (tfd_index > txq->count) 221 return -ERANGE; 222 223 /* Prepare for TX. It updates the TFD with the length of data and 224 * address of the DMA buffer, and copy the data to the DMA buffer 225 */ 226 btintel_pcie_prepare_tx(txq, tfd_index, skb); 227 228 tfd_index = (tfd_index + 1) % txq->count; 229 data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM] = tfd_index; 230 231 /* Arm wait event condition */ 232 data->tx_wait_done = false; 233 234 /* Set the doorbell to notify the device */ 235 btintel_pcie_set_tx_db(data, tfd_index); 236 237 /* Wait for the complete interrupt - URBD0 */ 238 ret = wait_event_timeout(data->tx_wait_q, data->tx_wait_done, 239 msecs_to_jiffies(BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS)); 240 if (!ret) 241 return -ETIME; 242 243 return 0; 244 } 245 246 /* Set the doorbell for RXQ to notify the device that @index (actually index-1) 247 * is available to receive the data 248 */ 249 static void btintel_pcie_set_rx_db(struct btintel_pcie_data *data, u16 index) 250 { 251 u32 val; 252 253 val = index; 254 val |= (BTINTEL_PCIE_RX_DB_VEC << 16); 255 256 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val); 257 } 258 259 /* Update the FRBD (free buffer descriptor) with the @frbd_index and the 260 * DMA address of the free buffer. 261 */ 262 static void btintel_pcie_prepare_rx(struct rxq *rxq, u16 frbd_index) 263 { 264 struct data_buf *buf; 265 struct frbd *frbd; 266 267 /* Get the buffer of the FRBD for DMA */ 268 buf = &rxq->bufs[frbd_index]; 269 270 frbd = &rxq->frbds[frbd_index]; 271 memset(frbd, 0, sizeof(*frbd)); 272 273 /* Update FRBD */ 274 frbd->tag = frbd_index; 275 frbd->addr = buf->data_p_addr; 276 } 277 278 static int btintel_pcie_submit_rx(struct btintel_pcie_data *data) 279 { 280 u16 frbd_index; 281 struct rxq *rxq = &data->rxq; 282 283 frbd_index = data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM]; 284 285 if (frbd_index > rxq->count) 286 return -ERANGE; 287 288 /* Prepare for RX submit. It updates the FRBD with the address of DMA 289 * buffer 290 */ 291 btintel_pcie_prepare_rx(rxq, frbd_index); 292 293 frbd_index = (frbd_index + 1) % rxq->count; 294 data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM] = frbd_index; 295 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM); 296 297 /* Set the doorbell to notify the device */ 298 btintel_pcie_set_rx_db(data, frbd_index); 299 300 return 0; 301 } 302 303 static int btintel_pcie_start_rx(struct btintel_pcie_data *data) 304 { 305 int i, ret; 306 307 for (i = 0; i < BTINTEL_PCIE_RX_MAX_QUEUE; i++) { 308 ret = btintel_pcie_submit_rx(data); 309 if (ret) 310 return ret; 311 } 312 313 return 0; 314 } 315 316 static void btintel_pcie_reset_ia(struct btintel_pcie_data *data) 317 { 318 memset(data->ia.tr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 319 memset(data->ia.tr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 320 memset(data->ia.cr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 321 memset(data->ia.cr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES); 322 } 323 324 static int btintel_pcie_reset_bt(struct btintel_pcie_data *data) 325 { 326 u32 reg; 327 int retry = 3; 328 329 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 330 331 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 332 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT | 333 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 334 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON; 335 336 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 337 338 do { 339 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 340 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_STS) 341 break; 342 usleep_range(10000, 12000); 343 344 } while (--retry > 0); 345 usleep_range(10000, 12000); 346 347 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 348 349 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 350 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT | 351 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 352 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET; 353 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 354 usleep_range(10000, 12000); 355 356 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 357 bt_dev_dbg(data->hdev, "csr register after reset: 0x%8.8x", reg); 358 359 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 360 361 /* If shared hardware reset is success then boot stage register shall be 362 * set to 0 363 */ 364 return reg == 0 ? 0 : -ENODEV; 365 } 366 367 static void btintel_pcie_mac_init(struct btintel_pcie_data *data) 368 { 369 u32 reg; 370 371 /* Set MAC_INIT bit to start primary bootloader */ 372 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 373 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT | 374 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON | 375 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET); 376 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 377 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT); 378 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 379 } 380 381 static int btintel_pcie_add_dmp_data(struct hci_dev *hdev, const void *data, int size) 382 { 383 struct sk_buff *skb; 384 int err; 385 386 skb = alloc_skb(size, GFP_ATOMIC); 387 if (!skb) 388 return -ENOMEM; 389 390 skb_put_data(skb, data, size); 391 err = hci_devcd_append(hdev, skb); 392 if (err) { 393 bt_dev_err(hdev, "Failed to append data in the coredump"); 394 return err; 395 } 396 397 return 0; 398 } 399 400 static int btintel_pcie_get_mac_access(struct btintel_pcie_data *data) 401 { 402 u32 reg; 403 int retry = 15; 404 405 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 406 407 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS; 408 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ; 409 if ((reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS) == 0) 410 reg |= BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ; 411 412 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 413 414 do { 415 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 416 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS) 417 return 0; 418 /* Need delay here for Target Access harwdware to settle down*/ 419 usleep_range(1000, 1200); 420 421 } while (--retry > 0); 422 423 return -ETIME; 424 } 425 426 static void btintel_pcie_release_mac_access(struct btintel_pcie_data *data) 427 { 428 u32 reg; 429 430 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 431 432 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ) 433 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_REQ; 434 435 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS) 436 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_STOP_MAC_ACCESS_DIS; 437 438 if (reg & BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ) 439 reg &= ~BTINTEL_PCIE_CSR_FUNC_CTRL_XTAL_CLK_REQ; 440 441 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 442 } 443 444 static void btintel_pcie_copy_tlv(struct sk_buff *skb, enum btintel_pcie_tlv_type type, 445 void *data, int size) 446 { 447 struct intel_tlv *tlv; 448 449 tlv = skb_put(skb, sizeof(*tlv) + size); 450 tlv->type = type; 451 tlv->len = size; 452 memcpy(tlv->val, data, tlv->len); 453 } 454 455 static int btintel_pcie_read_dram_buffers(struct btintel_pcie_data *data) 456 { 457 u32 offset, prev_size, wr_ptr_status, dump_size, i; 458 struct btintel_pcie_dbgc *dbgc = &data->dbgc; 459 u8 buf_idx, dump_time_len, fw_build; 460 struct hci_dev *hdev = data->hdev; 461 struct intel_tlv *tlv; 462 struct timespec64 now; 463 struct sk_buff *skb; 464 struct tm tm_now; 465 char buf[256]; 466 u16 hdr_len; 467 int ret; 468 469 wr_ptr_status = btintel_pcie_rd_dev_mem(data, BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS); 470 offset = wr_ptr_status & BTINTEL_PCIE_DBG_OFFSET_BIT_MASK; 471 472 buf_idx = BTINTEL_PCIE_DBGC_DBG_BUF_IDX(wr_ptr_status); 473 if (buf_idx > dbgc->count) { 474 bt_dev_warn(hdev, "Buffer index is invalid"); 475 return -EINVAL; 476 } 477 478 prev_size = buf_idx * BTINTEL_PCIE_DBGC_BUFFER_SIZE; 479 if (prev_size + offset >= prev_size) 480 data->dmp_hdr.write_ptr = prev_size + offset; 481 else 482 return -EINVAL; 483 484 ktime_get_real_ts64(&now); 485 time64_to_tm(now.tv_sec, 0, &tm_now); 486 dump_time_len = snprintf(buf, sizeof(buf), "Dump Time: %02d-%02d-%04ld %02d:%02d:%02d", 487 tm_now.tm_mday, tm_now.tm_mon + 1, tm_now.tm_year + 1900, 488 tm_now.tm_hour, tm_now.tm_min, tm_now.tm_sec); 489 490 fw_build = snprintf(buf + dump_time_len, sizeof(buf) - dump_time_len, 491 "Firmware Timestamp: Year %u WW %02u buildtype %u build %u", 492 2000 + (data->dmp_hdr.fw_timestamp >> 8), 493 data->dmp_hdr.fw_timestamp & 0xff, data->dmp_hdr.fw_build_type, 494 data->dmp_hdr.fw_build_num); 495 496 hdr_len = sizeof(*tlv) + sizeof(data->dmp_hdr.cnvi_bt) + 497 sizeof(*tlv) + sizeof(data->dmp_hdr.write_ptr) + 498 sizeof(*tlv) + sizeof(data->dmp_hdr.wrap_ctr) + 499 sizeof(*tlv) + sizeof(data->dmp_hdr.trigger_reason) + 500 sizeof(*tlv) + sizeof(data->dmp_hdr.fw_git_sha1) + 501 sizeof(*tlv) + sizeof(data->dmp_hdr.cnvr_top) + 502 sizeof(*tlv) + sizeof(data->dmp_hdr.cnvi_top) + 503 sizeof(*tlv) + dump_time_len + 504 sizeof(*tlv) + fw_build; 505 506 dump_size = hdr_len + sizeof(hdr_len); 507 508 skb = alloc_skb(dump_size, GFP_KERNEL); 509 if (!skb) 510 return -ENOMEM; 511 512 /* Add debug buffers data length to dump size */ 513 dump_size += BTINTEL_PCIE_DBGC_BUFFER_SIZE * dbgc->count; 514 515 ret = hci_devcd_init(hdev, dump_size); 516 if (ret) { 517 bt_dev_err(hdev, "Failed to init devcoredump, err %d", ret); 518 kfree_skb(skb); 519 return ret; 520 } 521 522 skb_put_data(skb, &hdr_len, sizeof(hdr_len)); 523 524 btintel_pcie_copy_tlv(skb, BTINTEL_CNVI_BT, &data->dmp_hdr.cnvi_bt, 525 sizeof(data->dmp_hdr.cnvi_bt)); 526 527 btintel_pcie_copy_tlv(skb, BTINTEL_WRITE_PTR, &data->dmp_hdr.write_ptr, 528 sizeof(data->dmp_hdr.write_ptr)); 529 530 data->dmp_hdr.wrap_ctr = btintel_pcie_rd_dev_mem(data, 531 BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND); 532 533 btintel_pcie_copy_tlv(skb, BTINTEL_WRAP_CTR, &data->dmp_hdr.wrap_ctr, 534 sizeof(data->dmp_hdr.wrap_ctr)); 535 536 btintel_pcie_copy_tlv(skb, BTINTEL_TRIGGER_REASON, &data->dmp_hdr.trigger_reason, 537 sizeof(data->dmp_hdr.trigger_reason)); 538 539 btintel_pcie_copy_tlv(skb, BTINTEL_FW_SHA, &data->dmp_hdr.fw_git_sha1, 540 sizeof(data->dmp_hdr.fw_git_sha1)); 541 542 btintel_pcie_copy_tlv(skb, BTINTEL_CNVR_TOP, &data->dmp_hdr.cnvr_top, 543 sizeof(data->dmp_hdr.cnvr_top)); 544 545 btintel_pcie_copy_tlv(skb, BTINTEL_CNVI_TOP, &data->dmp_hdr.cnvi_top, 546 sizeof(data->dmp_hdr.cnvi_top)); 547 548 btintel_pcie_copy_tlv(skb, BTINTEL_DUMP_TIME, buf, dump_time_len); 549 550 btintel_pcie_copy_tlv(skb, BTINTEL_FW_BUILD, buf + dump_time_len, fw_build); 551 552 ret = hci_devcd_append(hdev, skb); 553 if (ret) 554 goto exit_err; 555 556 for (i = 0; i < dbgc->count; i++) { 557 ret = btintel_pcie_add_dmp_data(hdev, dbgc->bufs[i].data, 558 BTINTEL_PCIE_DBGC_BUFFER_SIZE); 559 if (ret) 560 break; 561 } 562 563 exit_err: 564 hci_devcd_complete(hdev); 565 return ret; 566 } 567 568 static void btintel_pcie_dump_traces(struct hci_dev *hdev) 569 { 570 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 571 int ret = 0; 572 573 ret = btintel_pcie_get_mac_access(data); 574 if (ret) { 575 bt_dev_err(hdev, "Failed to get mac access: (%d)", ret); 576 return; 577 } 578 579 ret = btintel_pcie_read_dram_buffers(data); 580 581 btintel_pcie_release_mac_access(data); 582 583 if (ret) 584 bt_dev_err(hdev, "Failed to dump traces: (%d)", ret); 585 } 586 587 static void btintel_pcie_dump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 588 { 589 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 590 u16 len = skb->len; 591 u16 *hdrlen_ptr; 592 char buf[80]; 593 594 hdrlen_ptr = skb_put_zero(skb, sizeof(len)); 595 596 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 597 INTEL_HW_VARIANT(data->dmp_hdr.cnvi_bt)); 598 skb_put_data(skb, buf, strlen(buf)); 599 600 snprintf(buf, sizeof(buf), "Firmware Build Number: %u\n", 601 data->dmp_hdr.fw_build_num); 602 skb_put_data(skb, buf, strlen(buf)); 603 604 snprintf(buf, sizeof(buf), "Driver: %s\n", data->dmp_hdr.driver_name); 605 skb_put_data(skb, buf, strlen(buf)); 606 607 snprintf(buf, sizeof(buf), "Vendor: Intel\n"); 608 skb_put_data(skb, buf, strlen(buf)); 609 610 *hdrlen_ptr = skb->len - len; 611 } 612 613 static void btintel_pcie_dump_notify(struct hci_dev *hdev, int state) 614 { 615 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 616 617 switch (state) { 618 case HCI_DEVCOREDUMP_IDLE: 619 data->dmp_hdr.state = HCI_DEVCOREDUMP_IDLE; 620 break; 621 case HCI_DEVCOREDUMP_ACTIVE: 622 data->dmp_hdr.state = HCI_DEVCOREDUMP_ACTIVE; 623 break; 624 case HCI_DEVCOREDUMP_TIMEOUT: 625 case HCI_DEVCOREDUMP_ABORT: 626 case HCI_DEVCOREDUMP_DONE: 627 data->dmp_hdr.state = HCI_DEVCOREDUMP_IDLE; 628 break; 629 } 630 } 631 632 /* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in 633 * BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with 634 * BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0. 635 * Then the host reads firmware version from BTINTEL_CSR_F2D_MBX and the boot stage 636 * from BTINTEL_PCIE_CSR_BOOT_STAGE_REG. 637 */ 638 static int btintel_pcie_enable_bt(struct btintel_pcie_data *data) 639 { 640 int err; 641 u32 reg; 642 643 data->gp0_received = false; 644 645 /* Update the DMA address of CI struct to CSR */ 646 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG, 647 data->ci_p_addr & 0xffffffff); 648 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG, 649 (u64)data->ci_p_addr >> 32); 650 651 /* Reset the cached value of boot stage. it is updated by the MSI-X 652 * gp0 interrupt handler. 653 */ 654 data->boot_stage_cache = 0x0; 655 656 /* Set MAC_INIT bit to start primary bootloader */ 657 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 658 reg &= ~(BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT | 659 BTINTEL_PCIE_CSR_FUNC_CTRL_BUS_MASTER_DISCON | 660 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET); 661 reg |= (BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA | 662 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT); 663 664 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, reg); 665 666 /* MAC is ready. Enable BT FUNC */ 667 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG, 668 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT); 669 670 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG); 671 672 /* wait for interrupt from the device after booting up to primary 673 * bootloader. 674 */ 675 data->alive_intr_ctxt = BTINTEL_PCIE_ROM; 676 err = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 677 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 678 if (!err) 679 return -ETIME; 680 681 /* Check cached boot stage is BTINTEL_PCIE_CSR_BOOT_STAGE_ROM(BIT(0)) */ 682 if (~data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM) 683 return -ENODEV; 684 685 return 0; 686 } 687 688 static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data) 689 { 690 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW; 691 } 692 693 static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data) 694 { 695 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML && 696 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW); 697 } 698 699 static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data) 700 { 701 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY; 702 } 703 704 static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data) 705 { 706 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY); 707 } 708 709 static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data, 710 u32 dxstate) 711 { 712 bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate); 713 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate); 714 } 715 716 static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt) 717 { 718 switch (alive_intr_ctxt) { 719 case BTINTEL_PCIE_ROM: 720 return "rom"; 721 case BTINTEL_PCIE_FW_DL: 722 return "fw_dl"; 723 case BTINTEL_PCIE_D0: 724 return "d0"; 725 case BTINTEL_PCIE_D3: 726 return "d3"; 727 case BTINTEL_PCIE_HCI_RESET: 728 return "hci_reset"; 729 case BTINTEL_PCIE_INTEL_HCI_RESET1: 730 return "intel_reset1"; 731 case BTINTEL_PCIE_INTEL_HCI_RESET2: 732 return "intel_reset2"; 733 default: 734 return "unknown"; 735 } 736 } 737 738 static int btintel_pcie_read_device_mem(struct btintel_pcie_data *data, 739 void *buf, u32 dev_addr, int len) 740 { 741 int err; 742 u32 *val = buf; 743 744 /* Get device mac access */ 745 err = btintel_pcie_get_mac_access(data); 746 if (err) { 747 bt_dev_err(data->hdev, "Failed to get mac access %d", err); 748 return err; 749 } 750 751 for (; len > 0; len -= 4, dev_addr += 4, val++) 752 *val = btintel_pcie_rd_dev_mem(data, dev_addr); 753 754 btintel_pcie_release_mac_access(data); 755 756 return 0; 757 } 758 759 /* This function handles the MSI-X interrupt for gp0 cause (bit 0 in 760 * BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response. 761 */ 762 static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data) 763 { 764 bool submit_rx, signal_waitq; 765 u32 reg, old_ctxt; 766 767 /* This interrupt is for three different causes and it is not easy to 768 * know what causes the interrupt. So, it compares each register value 769 * with cached value and update it before it wake up the queue. 770 */ 771 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 772 if (reg != data->boot_stage_cache) 773 data->boot_stage_cache = reg; 774 775 bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x", 776 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt), 777 data->boot_stage_cache, reg); 778 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG); 779 if (reg != data->img_resp_cache) 780 data->img_resp_cache = reg; 781 782 data->gp0_received = true; 783 784 old_ctxt = data->alive_intr_ctxt; 785 submit_rx = false; 786 signal_waitq = false; 787 788 switch (data->alive_intr_ctxt) { 789 case BTINTEL_PCIE_ROM: 790 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL; 791 signal_waitq = true; 792 break; 793 case BTINTEL_PCIE_FW_DL: 794 /* Error case is already handled. Ideally control shall not 795 * reach here 796 */ 797 break; 798 case BTINTEL_PCIE_INTEL_HCI_RESET1: 799 if (btintel_pcie_in_op(data)) { 800 submit_rx = true; 801 break; 802 } 803 804 if (btintel_pcie_in_iml(data)) { 805 submit_rx = true; 806 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL; 807 break; 808 } 809 break; 810 case BTINTEL_PCIE_INTEL_HCI_RESET2: 811 if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) { 812 btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0); 813 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 814 } 815 break; 816 case BTINTEL_PCIE_D0: 817 if (btintel_pcie_in_d3(data)) { 818 data->alive_intr_ctxt = BTINTEL_PCIE_D3; 819 signal_waitq = true; 820 break; 821 } 822 break; 823 case BTINTEL_PCIE_D3: 824 if (btintel_pcie_in_d0(data)) { 825 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 826 submit_rx = true; 827 signal_waitq = true; 828 break; 829 } 830 break; 831 case BTINTEL_PCIE_HCI_RESET: 832 data->alive_intr_ctxt = BTINTEL_PCIE_D0; 833 submit_rx = true; 834 signal_waitq = true; 835 break; 836 default: 837 bt_dev_err(data->hdev, "Unknown state: 0x%2.2x", 838 data->alive_intr_ctxt); 839 break; 840 } 841 842 if (submit_rx) { 843 btintel_pcie_reset_ia(data); 844 btintel_pcie_start_rx(data); 845 } 846 847 if (signal_waitq) { 848 bt_dev_dbg(data->hdev, "wake up gp0 wait_q"); 849 wake_up(&data->gp0_wait_q); 850 } 851 852 if (old_ctxt != data->alive_intr_ctxt) 853 bt_dev_dbg(data->hdev, "alive context changed: %s -> %s", 854 btintel_pcie_alivectxt_state2str(old_ctxt), 855 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 856 } 857 858 /* This function handles the MSX-X interrupt for rx queue 0 which is for TX 859 */ 860 static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data) 861 { 862 u16 cr_tia, cr_hia; 863 struct txq *txq; 864 struct urbd0 *urbd0; 865 866 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM]; 867 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM]; 868 869 if (cr_tia == cr_hia) 870 return; 871 872 txq = &data->txq; 873 874 while (cr_tia != cr_hia) { 875 data->tx_wait_done = true; 876 wake_up(&data->tx_wait_q); 877 878 urbd0 = &txq->urbd0s[cr_tia]; 879 880 if (urbd0->tfd_index > txq->count) 881 return; 882 883 cr_tia = (cr_tia + 1) % txq->count; 884 data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] = cr_tia; 885 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_TXQ_NUM); 886 } 887 } 888 889 static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 890 { 891 struct hci_event_hdr *hdr = (void *)skb->data; 892 const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 }; 893 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 894 895 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 896 hdr->plen > 0) { 897 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 898 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 899 900 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 901 switch (skb->data[2]) { 902 case 0x02: 903 /* When switching to the operational firmware 904 * the device sends a vendor specific event 905 * indicating that the bootup completed. 906 */ 907 btintel_bootup(hdev, ptr, len); 908 909 /* If bootup event is from operational image, 910 * driver needs to write sleep control register to 911 * move into D0 state 912 */ 913 if (btintel_pcie_in_op(data)) { 914 btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0); 915 data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2; 916 kfree_skb(skb); 917 return 0; 918 } 919 920 if (btintel_pcie_in_iml(data)) { 921 /* In case of IML, there is no concept 922 * of D0 transition. Just mimic as if 923 * IML moved to D0 by clearing INTEL_WAIT_FOR_D0 924 * bit and waking up the task waiting on 925 * INTEL_WAIT_FOR_D0. This is required 926 * as intel_boot() is common function for 927 * both IML and OP image loading. 928 */ 929 if (btintel_test_and_clear_flag(data->hdev, 930 INTEL_WAIT_FOR_D0)) 931 btintel_wake_up_flag(data->hdev, 932 INTEL_WAIT_FOR_D0); 933 } 934 kfree_skb(skb); 935 return 0; 936 case 0x06: 937 /* When the firmware loading completes the 938 * device sends out a vendor specific event 939 * indicating the result of the firmware 940 * loading. 941 */ 942 btintel_secure_send_result(hdev, ptr, len); 943 kfree_skb(skb); 944 return 0; 945 } 946 } 947 948 /* Handle all diagnostics events separately. May still call 949 * hci_recv_frame. 950 */ 951 if (len >= sizeof(diagnostics_hdr) && 952 memcmp(&skb->data[2], diagnostics_hdr, 953 sizeof(diagnostics_hdr)) == 0) { 954 return btintel_diagnostics(hdev, skb); 955 } 956 957 /* This is a debug event that comes from IML and OP image when it 958 * starts execution. There is no need pass this event to stack. 959 */ 960 if (skb->data[2] == 0x97) 961 return 0; 962 } 963 964 return hci_recv_frame(hdev, skb); 965 } 966 /* Process the received rx data 967 * It check the frame header to identify the data type and create skb 968 * and calling HCI API 969 */ 970 static int btintel_pcie_recv_frame(struct btintel_pcie_data *data, 971 struct sk_buff *skb) 972 { 973 int ret; 974 u8 pkt_type; 975 u16 plen; 976 u32 pcie_pkt_type; 977 struct sk_buff *new_skb; 978 void *pdata; 979 struct hci_dev *hdev = data->hdev; 980 981 spin_lock(&data->hci_rx_lock); 982 983 /* The first 4 bytes indicates the Intel PCIe specific packet type */ 984 pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN); 985 if (!pdata) { 986 bt_dev_err(hdev, "Corrupted packet received"); 987 ret = -EILSEQ; 988 goto exit_error; 989 } 990 991 pcie_pkt_type = get_unaligned_le32(pdata); 992 993 switch (pcie_pkt_type) { 994 case BTINTEL_PCIE_HCI_ACL_PKT: 995 if (skb->len >= HCI_ACL_HDR_SIZE) { 996 plen = HCI_ACL_HDR_SIZE + __le16_to_cpu(hci_acl_hdr(skb)->dlen); 997 pkt_type = HCI_ACLDATA_PKT; 998 } else { 999 bt_dev_err(hdev, "ACL packet is too short"); 1000 ret = -EILSEQ; 1001 goto exit_error; 1002 } 1003 break; 1004 1005 case BTINTEL_PCIE_HCI_SCO_PKT: 1006 if (skb->len >= HCI_SCO_HDR_SIZE) { 1007 plen = HCI_SCO_HDR_SIZE + hci_sco_hdr(skb)->dlen; 1008 pkt_type = HCI_SCODATA_PKT; 1009 } else { 1010 bt_dev_err(hdev, "SCO packet is too short"); 1011 ret = -EILSEQ; 1012 goto exit_error; 1013 } 1014 break; 1015 1016 case BTINTEL_PCIE_HCI_EVT_PKT: 1017 if (skb->len >= HCI_EVENT_HDR_SIZE) { 1018 plen = HCI_EVENT_HDR_SIZE + hci_event_hdr(skb)->plen; 1019 pkt_type = HCI_EVENT_PKT; 1020 } else { 1021 bt_dev_err(hdev, "Event packet is too short"); 1022 ret = -EILSEQ; 1023 goto exit_error; 1024 } 1025 break; 1026 1027 case BTINTEL_PCIE_HCI_ISO_PKT: 1028 if (skb->len >= HCI_ISO_HDR_SIZE) { 1029 plen = HCI_ISO_HDR_SIZE + __le16_to_cpu(hci_iso_hdr(skb)->dlen); 1030 pkt_type = HCI_ISODATA_PKT; 1031 } else { 1032 bt_dev_err(hdev, "ISO packet is too short"); 1033 ret = -EILSEQ; 1034 goto exit_error; 1035 } 1036 break; 1037 1038 default: 1039 bt_dev_err(hdev, "Invalid packet type received: 0x%4.4x", 1040 pcie_pkt_type); 1041 ret = -EINVAL; 1042 goto exit_error; 1043 } 1044 1045 if (skb->len < plen) { 1046 bt_dev_err(hdev, "Received corrupted packet. type: 0x%2.2x", 1047 pkt_type); 1048 ret = -EILSEQ; 1049 goto exit_error; 1050 } 1051 1052 bt_dev_dbg(hdev, "pkt_type: 0x%2.2x len: %u", pkt_type, plen); 1053 1054 new_skb = bt_skb_alloc(plen, GFP_ATOMIC); 1055 if (!new_skb) { 1056 bt_dev_err(hdev, "Failed to allocate memory for skb of len: %u", 1057 skb->len); 1058 ret = -ENOMEM; 1059 goto exit_error; 1060 } 1061 1062 hci_skb_pkt_type(new_skb) = pkt_type; 1063 skb_put_data(new_skb, skb->data, plen); 1064 hdev->stat.byte_rx += plen; 1065 1066 if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT) 1067 ret = btintel_pcie_recv_event(hdev, new_skb); 1068 else 1069 ret = hci_recv_frame(hdev, new_skb); 1070 1071 exit_error: 1072 if (ret) 1073 hdev->stat.err_rx++; 1074 1075 spin_unlock(&data->hci_rx_lock); 1076 1077 return ret; 1078 } 1079 1080 static void btintel_pcie_read_hwexp(struct btintel_pcie_data *data) 1081 { 1082 int len, err, offset, pending; 1083 struct sk_buff *skb; 1084 u8 *buf, prefix[64]; 1085 u32 addr, val; 1086 u16 pkt_len; 1087 1088 struct tlv { 1089 u8 type; 1090 __le16 len; 1091 u8 val[]; 1092 } __packed; 1093 1094 struct tlv *tlv; 1095 1096 switch (data->dmp_hdr.cnvi_top & 0xfff) { 1097 case BTINTEL_CNVI_BLAZARI: 1098 case BTINTEL_CNVI_BLAZARIW: 1099 /* only from step B0 onwards */ 1100 if (INTEL_CNVX_TOP_STEP(data->dmp_hdr.cnvi_top) != 0x01) 1101 return; 1102 len = BTINTEL_PCIE_BLZR_HWEXP_SIZE; /* exception data length */ 1103 addr = BTINTEL_PCIE_BLZR_HWEXP_DMP_ADDR; 1104 break; 1105 case BTINTEL_CNVI_SCP: 1106 len = BTINTEL_PCIE_SCP_HWEXP_SIZE; 1107 addr = BTINTEL_PCIE_SCP_HWEXP_DMP_ADDR; 1108 break; 1109 default: 1110 bt_dev_err(data->hdev, "Unsupported cnvi 0x%8.8x", data->dmp_hdr.cnvi_top); 1111 return; 1112 } 1113 1114 buf = kzalloc(len, GFP_KERNEL); 1115 if (!buf) 1116 goto exit_on_error; 1117 1118 btintel_pcie_mac_init(data); 1119 1120 err = btintel_pcie_read_device_mem(data, buf, addr, len); 1121 if (err) 1122 goto exit_on_error; 1123 1124 val = get_unaligned_le32(buf); 1125 if (val != BTINTEL_PCIE_MAGIC_NUM) { 1126 bt_dev_err(data->hdev, "Invalid exception dump signature: 0x%8.8x", 1127 val); 1128 goto exit_on_error; 1129 } 1130 1131 snprintf(prefix, sizeof(prefix), "Bluetooth: %s: ", bt_dev_name(data->hdev)); 1132 1133 offset = 4; 1134 do { 1135 pending = len - offset; 1136 if (pending < sizeof(*tlv)) 1137 break; 1138 tlv = (struct tlv *)(buf + offset); 1139 1140 /* If type == 0, then there are no more TLVs to be parsed */ 1141 if (!tlv->type) { 1142 bt_dev_dbg(data->hdev, "Invalid TLV type 0"); 1143 break; 1144 } 1145 pkt_len = le16_to_cpu(tlv->len); 1146 offset += sizeof(*tlv); 1147 pending = len - offset; 1148 if (pkt_len > pending) 1149 break; 1150 1151 offset += pkt_len; 1152 1153 /* Only TLVs of type == 1 are HCI events, no need to process other 1154 * TLVs 1155 */ 1156 if (tlv->type != 1) 1157 continue; 1158 1159 bt_dev_dbg(data->hdev, "TLV packet length: %u", pkt_len); 1160 if (pkt_len > HCI_MAX_EVENT_SIZE) 1161 break; 1162 skb = bt_skb_alloc(pkt_len, GFP_KERNEL); 1163 if (!skb) 1164 goto exit_on_error; 1165 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1166 skb_put_data(skb, tlv->val, pkt_len); 1167 1168 /* copy Intel specific pcie packet type */ 1169 val = BTINTEL_PCIE_HCI_EVT_PKT; 1170 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &val, 1171 BTINTEL_PCIE_HCI_TYPE_LEN); 1172 1173 print_hex_dump(KERN_DEBUG, prefix, DUMP_PREFIX_OFFSET, 16, 1, 1174 tlv->val, pkt_len, false); 1175 1176 btintel_pcie_recv_frame(data, skb); 1177 } while (offset < len); 1178 1179 exit_on_error: 1180 kfree(buf); 1181 } 1182 1183 static void btintel_pcie_msix_hw_exp_handler(struct btintel_pcie_data *data) 1184 { 1185 bt_dev_err(data->hdev, "Received hw exception interrupt"); 1186 1187 if (test_and_set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags)) 1188 return; 1189 1190 if (test_and_set_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags)) 1191 return; 1192 1193 /* Trigger device core dump when there is HW exception */ 1194 if (!test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) 1195 data->dmp_hdr.trigger_reason = BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT; 1196 1197 queue_work(data->workqueue, &data->rx_work); 1198 } 1199 1200 static void btintel_pcie_rx_work(struct work_struct *work) 1201 { 1202 struct btintel_pcie_data *data = container_of(work, 1203 struct btintel_pcie_data, rx_work); 1204 struct sk_buff *skb; 1205 int err; 1206 struct hci_dev *hdev = data->hdev; 1207 1208 if (test_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags)) { 1209 /* Unlike usb products, controller will not send hardware 1210 * exception event on exception. Instead controller writes the 1211 * hardware event to device memory along with optional debug 1212 * events, raises MSIX and halts. Driver shall read the 1213 * exception event from device memory and passes it stack for 1214 * further processing. 1215 */ 1216 btintel_pcie_read_hwexp(data); 1217 clear_bit(BTINTEL_PCIE_HWEXP_INPROGRESS, &data->flags); 1218 } 1219 1220 if (test_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) { 1221 btintel_pcie_dump_traces(data->hdev); 1222 clear_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags); 1223 } 1224 1225 /* Process the sk_buf in queue and send to the HCI layer */ 1226 while ((skb = skb_dequeue(&data->rx_skb_q))) { 1227 err = btintel_pcie_recv_frame(data, skb); 1228 if (err) 1229 bt_dev_err(hdev, "Failed to send received frame: %d", 1230 err); 1231 kfree_skb(skb); 1232 } 1233 } 1234 1235 /* create sk_buff with data and save it to queue and start RX work */ 1236 static int btintel_pcie_submit_rx_work(struct btintel_pcie_data *data, u8 status, 1237 void *buf) 1238 { 1239 int ret, len; 1240 struct rfh_hdr *rfh_hdr; 1241 struct sk_buff *skb; 1242 1243 rfh_hdr = buf; 1244 1245 len = rfh_hdr->packet_len; 1246 if (len <= 0) { 1247 ret = -EINVAL; 1248 goto resubmit; 1249 } 1250 1251 /* Remove RFH header */ 1252 buf += sizeof(*rfh_hdr); 1253 1254 skb = alloc_skb(len, GFP_ATOMIC); 1255 if (!skb) 1256 goto resubmit; 1257 1258 skb_put_data(skb, buf, len); 1259 skb_queue_tail(&data->rx_skb_q, skb); 1260 queue_work(data->workqueue, &data->rx_work); 1261 1262 resubmit: 1263 ret = btintel_pcie_submit_rx(data); 1264 1265 return ret; 1266 } 1267 1268 /* Handles the MSI-X interrupt for rx queue 1 which is for RX */ 1269 static void btintel_pcie_msix_rx_handle(struct btintel_pcie_data *data) 1270 { 1271 u16 cr_hia, cr_tia; 1272 struct rxq *rxq; 1273 struct urbd1 *urbd1; 1274 struct data_buf *buf; 1275 int ret; 1276 struct hci_dev *hdev = data->hdev; 1277 1278 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM]; 1279 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM]; 1280 1281 bt_dev_dbg(hdev, "RXQ: cr_hia: %u cr_tia: %u", cr_hia, cr_tia); 1282 1283 /* Check CR_TIA and CR_HIA for change */ 1284 if (cr_tia == cr_hia) { 1285 bt_dev_warn(hdev, "RXQ: no new CD found"); 1286 return; 1287 } 1288 1289 rxq = &data->rxq; 1290 1291 /* The firmware sends multiple CD in a single MSI-X and it needs to 1292 * process all received CDs in this interrupt. 1293 */ 1294 while (cr_tia != cr_hia) { 1295 urbd1 = &rxq->urbd1s[cr_tia]; 1296 ipc_print_urbd1(data->hdev, urbd1, cr_tia); 1297 1298 buf = &rxq->bufs[urbd1->frbd_tag]; 1299 if (!buf) { 1300 bt_dev_err(hdev, "RXQ: failed to get the DMA buffer for %d", 1301 urbd1->frbd_tag); 1302 return; 1303 } 1304 1305 ret = btintel_pcie_submit_rx_work(data, urbd1->status, 1306 buf->data); 1307 if (ret) { 1308 bt_dev_err(hdev, "RXQ: failed to submit rx request"); 1309 return; 1310 } 1311 1312 cr_tia = (cr_tia + 1) % rxq->count; 1313 data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM] = cr_tia; 1314 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM); 1315 } 1316 } 1317 1318 static irqreturn_t btintel_pcie_msix_isr(int irq, void *data) 1319 { 1320 return IRQ_WAKE_THREAD; 1321 } 1322 1323 static irqreturn_t btintel_pcie_irq_msix_handler(int irq, void *dev_id) 1324 { 1325 struct msix_entry *entry = dev_id; 1326 struct btintel_pcie_data *data = btintel_pcie_get_data(entry); 1327 u32 intr_fh, intr_hw; 1328 1329 spin_lock(&data->irq_lock); 1330 intr_fh = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES); 1331 intr_hw = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES); 1332 1333 /* Clear causes registers to avoid being handling the same cause */ 1334 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES, intr_fh); 1335 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, intr_hw); 1336 spin_unlock(&data->irq_lock); 1337 1338 if (unlikely(!(intr_fh | intr_hw))) { 1339 /* Ignore interrupt, inta == 0 */ 1340 return IRQ_NONE; 1341 } 1342 1343 /* This interrupt is raised when there is an hardware exception */ 1344 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_HWEXP) 1345 btintel_pcie_msix_hw_exp_handler(data); 1346 1347 /* This interrupt is triggered by the firmware after updating 1348 * boot_stage register and image_response register 1349 */ 1350 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0) 1351 btintel_pcie_msix_gp0_handler(data); 1352 1353 /* For TX */ 1354 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0) 1355 btintel_pcie_msix_tx_handle(data); 1356 1357 /* For RX */ 1358 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1) 1359 btintel_pcie_msix_rx_handle(data); 1360 1361 /* 1362 * Before sending the interrupt the HW disables it to prevent a nested 1363 * interrupt. This is done by writing 1 to the corresponding bit in 1364 * the mask register. After handling the interrupt, it should be 1365 * re-enabled by clearing this bit. This register is defined as write 1 1366 * clear (W1C) register, meaning that it's cleared by writing 1 1367 * to the bit. 1368 */ 1369 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_AUTOMASK_ST, 1370 BIT(entry->entry)); 1371 1372 return IRQ_HANDLED; 1373 } 1374 1375 /* This function requests the irq for MSI-X and registers the handlers per irq. 1376 * Currently, it requests only 1 irq for all interrupt causes. 1377 */ 1378 static int btintel_pcie_setup_irq(struct btintel_pcie_data *data) 1379 { 1380 int err; 1381 int num_irqs, i; 1382 1383 for (i = 0; i < BTINTEL_PCIE_MSIX_VEC_MAX; i++) 1384 data->msix_entries[i].entry = i; 1385 1386 num_irqs = pci_alloc_irq_vectors(data->pdev, BTINTEL_PCIE_MSIX_VEC_MIN, 1387 BTINTEL_PCIE_MSIX_VEC_MAX, PCI_IRQ_MSIX); 1388 if (num_irqs < 0) 1389 return num_irqs; 1390 1391 data->alloc_vecs = num_irqs; 1392 data->msix_enabled = 1; 1393 data->def_irq = 0; 1394 1395 /* setup irq handler */ 1396 for (i = 0; i < data->alloc_vecs; i++) { 1397 struct msix_entry *msix_entry; 1398 1399 msix_entry = &data->msix_entries[i]; 1400 msix_entry->vector = pci_irq_vector(data->pdev, i); 1401 1402 err = devm_request_threaded_irq(&data->pdev->dev, 1403 msix_entry->vector, 1404 btintel_pcie_msix_isr, 1405 btintel_pcie_irq_msix_handler, 1406 IRQF_SHARED, 1407 KBUILD_MODNAME, 1408 msix_entry); 1409 if (err) { 1410 pci_free_irq_vectors(data->pdev); 1411 data->alloc_vecs = 0; 1412 return err; 1413 } 1414 } 1415 return 0; 1416 } 1417 1418 struct btintel_pcie_causes_list { 1419 u32 cause; 1420 u32 mask_reg; 1421 u8 cause_num; 1422 }; 1423 1424 static struct btintel_pcie_causes_list causes_list[] = { 1425 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x00 }, 1426 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x01 }, 1427 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x20 }, 1428 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_HWEXP, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x23 }, 1429 }; 1430 1431 /* This function configures the interrupt masks for both HW_INT_CAUSES and 1432 * FH_INT_CAUSES which are meaningful to us. 1433 * 1434 * After resetting BT function via PCIE FLR or FUNC_CTRL reset, the driver 1435 * need to call this function again to configure since the masks 1436 * are reset to 0xFFFFFFFF after reset. 1437 */ 1438 static void btintel_pcie_config_msix(struct btintel_pcie_data *data) 1439 { 1440 int i; 1441 int val = data->def_irq | BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE; 1442 1443 /* Set Non Auto Clear Cause */ 1444 for (i = 0; i < ARRAY_SIZE(causes_list); i++) { 1445 btintel_pcie_wr_reg8(data, 1446 BTINTEL_PCIE_CSR_MSIX_IVAR(causes_list[i].cause_num), 1447 val); 1448 btintel_pcie_clr_reg_bits(data, 1449 causes_list[i].mask_reg, 1450 causes_list[i].cause); 1451 } 1452 1453 /* Save the initial interrupt mask */ 1454 data->fh_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK); 1455 data->hw_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK); 1456 } 1457 1458 static int btintel_pcie_config_pcie(struct pci_dev *pdev, 1459 struct btintel_pcie_data *data) 1460 { 1461 int err; 1462 1463 err = pcim_enable_device(pdev); 1464 if (err) 1465 return err; 1466 1467 pci_set_master(pdev); 1468 1469 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64)); 1470 if (err) { 1471 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32)); 1472 if (err) 1473 return err; 1474 } 1475 1476 data->base_addr = pcim_iomap_region(pdev, 0, KBUILD_MODNAME); 1477 if (IS_ERR(data->base_addr)) 1478 return PTR_ERR(data->base_addr); 1479 1480 err = btintel_pcie_setup_irq(data); 1481 if (err) 1482 return err; 1483 1484 /* Configure MSI-X with causes list */ 1485 btintel_pcie_config_msix(data); 1486 1487 return 0; 1488 } 1489 1490 static void btintel_pcie_init_ci(struct btintel_pcie_data *data, 1491 struct ctx_info *ci) 1492 { 1493 ci->version = 0x1; 1494 ci->size = sizeof(*ci); 1495 ci->config = 0x0000; 1496 ci->addr_cr_hia = data->ia.cr_hia_p_addr; 1497 ci->addr_tr_tia = data->ia.tr_tia_p_addr; 1498 ci->addr_cr_tia = data->ia.cr_tia_p_addr; 1499 ci->addr_tr_hia = data->ia.tr_hia_p_addr; 1500 ci->num_cr_ia = BTINTEL_PCIE_NUM_QUEUES; 1501 ci->num_tr_ia = BTINTEL_PCIE_NUM_QUEUES; 1502 ci->addr_urbdq0 = data->txq.urbd0s_p_addr; 1503 ci->addr_tfdq = data->txq.tfds_p_addr; 1504 ci->num_tfdq = data->txq.count; 1505 ci->num_urbdq0 = data->txq.count; 1506 ci->tfdq_db_vec = BTINTEL_PCIE_TXQ_NUM; 1507 ci->urbdq0_db_vec = BTINTEL_PCIE_TXQ_NUM; 1508 ci->rbd_size = BTINTEL_PCIE_RBD_SIZE_4K; 1509 ci->addr_frbdq = data->rxq.frbds_p_addr; 1510 ci->num_frbdq = data->rxq.count; 1511 ci->frbdq_db_vec = BTINTEL_PCIE_RXQ_NUM; 1512 ci->addr_urbdq1 = data->rxq.urbd1s_p_addr; 1513 ci->num_urbdq1 = data->rxq.count; 1514 ci->urbdq_db_vec = BTINTEL_PCIE_RXQ_NUM; 1515 1516 ci->dbg_output_mode = 0x01; 1517 ci->dbgc_addr = data->dbgc.frag_p_addr; 1518 ci->dbgc_size = data->dbgc.frag_size; 1519 ci->dbg_preset = 0x00; 1520 } 1521 1522 static void btintel_pcie_free_txq_bufs(struct btintel_pcie_data *data, 1523 struct txq *txq) 1524 { 1525 /* Free data buffers first */ 1526 dma_free_coherent(&data->pdev->dev, txq->count * BTINTEL_PCIE_BUFFER_SIZE, 1527 txq->buf_v_addr, txq->buf_p_addr); 1528 kfree(txq->bufs); 1529 } 1530 1531 static int btintel_pcie_setup_txq_bufs(struct btintel_pcie_data *data, 1532 struct txq *txq) 1533 { 1534 int i; 1535 struct data_buf *buf; 1536 1537 /* Allocate the same number of buffers as the descriptor */ 1538 txq->bufs = kmalloc_array(txq->count, sizeof(*buf), GFP_KERNEL); 1539 if (!txq->bufs) 1540 return -ENOMEM; 1541 1542 /* Allocate full chunk of data buffer for DMA first and do indexing and 1543 * initialization next, so it can be freed easily 1544 */ 1545 txq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev, 1546 txq->count * BTINTEL_PCIE_BUFFER_SIZE, 1547 &txq->buf_p_addr, 1548 GFP_KERNEL | __GFP_NOWARN); 1549 if (!txq->buf_v_addr) { 1550 kfree(txq->bufs); 1551 return -ENOMEM; 1552 } 1553 1554 /* Setup the allocated DMA buffer to bufs. Each data_buf should 1555 * have virtual address and physical address 1556 */ 1557 for (i = 0; i < txq->count; i++) { 1558 buf = &txq->bufs[i]; 1559 buf->data_p_addr = txq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1560 buf->data = txq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1561 } 1562 1563 return 0; 1564 } 1565 1566 static void btintel_pcie_free_rxq_bufs(struct btintel_pcie_data *data, 1567 struct rxq *rxq) 1568 { 1569 /* Free data buffers first */ 1570 dma_free_coherent(&data->pdev->dev, rxq->count * BTINTEL_PCIE_BUFFER_SIZE, 1571 rxq->buf_v_addr, rxq->buf_p_addr); 1572 kfree(rxq->bufs); 1573 } 1574 1575 static int btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data *data, 1576 struct rxq *rxq) 1577 { 1578 int i; 1579 struct data_buf *buf; 1580 1581 /* Allocate the same number of buffers as the descriptor */ 1582 rxq->bufs = kmalloc_array(rxq->count, sizeof(*buf), GFP_KERNEL); 1583 if (!rxq->bufs) 1584 return -ENOMEM; 1585 1586 /* Allocate full chunk of data buffer for DMA first and do indexing and 1587 * initialization next, so it can be freed easily 1588 */ 1589 rxq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev, 1590 rxq->count * BTINTEL_PCIE_BUFFER_SIZE, 1591 &rxq->buf_p_addr, 1592 GFP_KERNEL | __GFP_NOWARN); 1593 if (!rxq->buf_v_addr) { 1594 kfree(rxq->bufs); 1595 return -ENOMEM; 1596 } 1597 1598 /* Setup the allocated DMA buffer to bufs. Each data_buf should 1599 * have virtual address and physical address 1600 */ 1601 for (i = 0; i < rxq->count; i++) { 1602 buf = &rxq->bufs[i]; 1603 buf->data_p_addr = rxq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1604 buf->data = rxq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE); 1605 } 1606 1607 return 0; 1608 } 1609 1610 static void btintel_pcie_setup_ia(struct btintel_pcie_data *data, 1611 dma_addr_t p_addr, void *v_addr, 1612 struct ia *ia) 1613 { 1614 /* TR Head Index Array */ 1615 ia->tr_hia_p_addr = p_addr; 1616 ia->tr_hia = v_addr; 1617 1618 /* TR Tail Index Array */ 1619 ia->tr_tia_p_addr = p_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES; 1620 ia->tr_tia = v_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES; 1621 1622 /* CR Head index Array */ 1623 ia->cr_hia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2); 1624 ia->cr_hia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2); 1625 1626 /* CR Tail Index Array */ 1627 ia->cr_tia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3); 1628 ia->cr_tia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3); 1629 } 1630 1631 static void btintel_pcie_free(struct btintel_pcie_data *data) 1632 { 1633 btintel_pcie_free_rxq_bufs(data, &data->rxq); 1634 btintel_pcie_free_txq_bufs(data, &data->txq); 1635 1636 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr); 1637 dma_pool_destroy(data->dma_pool); 1638 } 1639 1640 /* Allocate tx and rx queues, any related data structures and buffers. 1641 */ 1642 static int btintel_pcie_alloc(struct btintel_pcie_data *data) 1643 { 1644 int err = 0; 1645 size_t total; 1646 dma_addr_t p_addr; 1647 void *v_addr; 1648 1649 /* Allocate the chunk of DMA memory for descriptors, index array, and 1650 * context information, instead of allocating individually. 1651 * The DMA memory for data buffer is allocated while setting up the 1652 * each queue. 1653 * 1654 * Total size is sum of the following 1655 * + size of TFD * Number of descriptors in queue 1656 * + size of URBD0 * Number of descriptors in queue 1657 * + size of FRBD * Number of descriptors in queue 1658 * + size of URBD1 * Number of descriptors in queue 1659 * + size of index * Number of queues(2) * type of index array(4) 1660 * + size of context information 1661 */ 1662 total = (sizeof(struct tfd) + sizeof(struct urbd0) + sizeof(struct frbd) 1663 + sizeof(struct urbd1)) * BTINTEL_DESCS_COUNT; 1664 1665 /* Add the sum of size of index array and size of ci struct */ 1666 total += (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4) + sizeof(struct ctx_info); 1667 1668 /* Allocate DMA Pool */ 1669 data->dma_pool = dma_pool_create(KBUILD_MODNAME, &data->pdev->dev, 1670 total, BTINTEL_PCIE_DMA_POOL_ALIGNMENT, 0); 1671 if (!data->dma_pool) { 1672 err = -ENOMEM; 1673 goto exit_error; 1674 } 1675 1676 v_addr = dma_pool_zalloc(data->dma_pool, GFP_KERNEL | __GFP_NOWARN, 1677 &p_addr); 1678 if (!v_addr) { 1679 dma_pool_destroy(data->dma_pool); 1680 err = -ENOMEM; 1681 goto exit_error; 1682 } 1683 1684 data->dma_p_addr = p_addr; 1685 data->dma_v_addr = v_addr; 1686 1687 /* Setup descriptor count */ 1688 data->txq.count = BTINTEL_DESCS_COUNT; 1689 data->rxq.count = BTINTEL_DESCS_COUNT; 1690 1691 /* Setup tfds */ 1692 data->txq.tfds_p_addr = p_addr; 1693 data->txq.tfds = v_addr; 1694 1695 p_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT); 1696 v_addr += (sizeof(struct tfd) * BTINTEL_DESCS_COUNT); 1697 1698 /* Setup urbd0 */ 1699 data->txq.urbd0s_p_addr = p_addr; 1700 data->txq.urbd0s = v_addr; 1701 1702 p_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT); 1703 v_addr += (sizeof(struct urbd0) * BTINTEL_DESCS_COUNT); 1704 1705 /* Setup FRBD*/ 1706 data->rxq.frbds_p_addr = p_addr; 1707 data->rxq.frbds = v_addr; 1708 1709 p_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT); 1710 v_addr += (sizeof(struct frbd) * BTINTEL_DESCS_COUNT); 1711 1712 /* Setup urbd1 */ 1713 data->rxq.urbd1s_p_addr = p_addr; 1714 data->rxq.urbd1s = v_addr; 1715 1716 p_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT); 1717 v_addr += (sizeof(struct urbd1) * BTINTEL_DESCS_COUNT); 1718 1719 /* Setup data buffers for txq */ 1720 err = btintel_pcie_setup_txq_bufs(data, &data->txq); 1721 if (err) 1722 goto exit_error_pool; 1723 1724 /* Setup data buffers for rxq */ 1725 err = btintel_pcie_setup_rxq_bufs(data, &data->rxq); 1726 if (err) 1727 goto exit_error_txq; 1728 1729 /* Setup Index Array */ 1730 btintel_pcie_setup_ia(data, p_addr, v_addr, &data->ia); 1731 1732 /* Setup data buffers for dbgc */ 1733 err = btintel_pcie_setup_dbgc(data); 1734 if (err) 1735 goto exit_error_txq; 1736 1737 /* Setup Context Information */ 1738 p_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4; 1739 v_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4; 1740 1741 data->ci = v_addr; 1742 data->ci_p_addr = p_addr; 1743 1744 /* Initialize the CI */ 1745 btintel_pcie_init_ci(data, data->ci); 1746 1747 return 0; 1748 1749 exit_error_txq: 1750 btintel_pcie_free_txq_bufs(data, &data->txq); 1751 exit_error_pool: 1752 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr); 1753 dma_pool_destroy(data->dma_pool); 1754 exit_error: 1755 return err; 1756 } 1757 1758 static int btintel_pcie_open(struct hci_dev *hdev) 1759 { 1760 bt_dev_dbg(hdev, ""); 1761 1762 return 0; 1763 } 1764 1765 static int btintel_pcie_close(struct hci_dev *hdev) 1766 { 1767 bt_dev_dbg(hdev, ""); 1768 1769 return 0; 1770 } 1771 1772 static int btintel_pcie_inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1773 { 1774 struct sk_buff *skb; 1775 struct hci_event_hdr *hdr; 1776 struct hci_ev_cmd_complete *evt; 1777 1778 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 1779 if (!skb) 1780 return -ENOMEM; 1781 1782 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); 1783 hdr->evt = HCI_EV_CMD_COMPLETE; 1784 hdr->plen = sizeof(*evt) + 1; 1785 1786 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); 1787 evt->ncmd = 0x01; 1788 evt->opcode = cpu_to_le16(opcode); 1789 1790 *(u8 *)skb_put(skb, 1) = 0x00; 1791 1792 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1793 1794 return hci_recv_frame(hdev, skb); 1795 } 1796 1797 static int btintel_pcie_send_frame(struct hci_dev *hdev, 1798 struct sk_buff *skb) 1799 { 1800 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 1801 struct hci_command_hdr *cmd; 1802 __u16 opcode = ~0; 1803 int ret; 1804 u32 type; 1805 u32 old_ctxt; 1806 1807 /* Due to the fw limitation, the type header of the packet should be 1808 * 4 bytes unlike 1 byte for UART. In UART, the firmware can read 1809 * the first byte to get the packet type and redirect the rest of data 1810 * packet to the right handler. 1811 * 1812 * But for PCIe, THF(Transfer Flow Handler) fetches the 4 bytes of data 1813 * from DMA memory and by the time it reads the first 4 bytes, it has 1814 * already consumed some part of packet. Thus the packet type indicator 1815 * for iBT PCIe is 4 bytes. 1816 * 1817 * Luckily, when HCI core creates the skb, it allocates 8 bytes of 1818 * head room for profile and driver use, and before sending the data 1819 * to the device, append the iBT PCIe packet type in the front. 1820 */ 1821 switch (hci_skb_pkt_type(skb)) { 1822 case HCI_COMMAND_PKT: 1823 type = BTINTEL_PCIE_HCI_CMD_PKT; 1824 cmd = (void *)skb->data; 1825 opcode = le16_to_cpu(cmd->opcode); 1826 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1827 struct hci_command_hdr *cmd = (void *)skb->data; 1828 __u16 opcode = le16_to_cpu(cmd->opcode); 1829 1830 /* When the 0xfc01 command is issued to boot into 1831 * the operational firmware, it will actually not 1832 * send a command complete event. To keep the flow 1833 * control working inject that event here. 1834 */ 1835 if (opcode == 0xfc01) 1836 btintel_pcie_inject_cmd_complete(hdev, opcode); 1837 } 1838 /* Firmware raises alive interrupt on HCI_OP_RESET */ 1839 if (opcode == HCI_OP_RESET) 1840 data->gp0_received = false; 1841 1842 hdev->stat.cmd_tx++; 1843 break; 1844 case HCI_ACLDATA_PKT: 1845 type = BTINTEL_PCIE_HCI_ACL_PKT; 1846 hdev->stat.acl_tx++; 1847 break; 1848 case HCI_SCODATA_PKT: 1849 type = BTINTEL_PCIE_HCI_SCO_PKT; 1850 hdev->stat.sco_tx++; 1851 break; 1852 case HCI_ISODATA_PKT: 1853 type = BTINTEL_PCIE_HCI_ISO_PKT; 1854 break; 1855 default: 1856 bt_dev_err(hdev, "Unknown HCI packet type"); 1857 return -EILSEQ; 1858 } 1859 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &type, 1860 BTINTEL_PCIE_HCI_TYPE_LEN); 1861 1862 ret = btintel_pcie_send_sync(data, skb); 1863 if (ret) { 1864 hdev->stat.err_tx++; 1865 bt_dev_err(hdev, "Failed to send frame (%d)", ret); 1866 goto exit_error; 1867 } 1868 1869 if (type == BTINTEL_PCIE_HCI_CMD_PKT && 1870 (opcode == HCI_OP_RESET || opcode == 0xfc01)) { 1871 old_ctxt = data->alive_intr_ctxt; 1872 data->alive_intr_ctxt = 1873 (opcode == 0xfc01 ? BTINTEL_PCIE_INTEL_HCI_RESET1 : 1874 BTINTEL_PCIE_HCI_RESET); 1875 bt_dev_dbg(data->hdev, "sent cmd: 0x%4.4x alive context changed: %s -> %s", 1876 opcode, btintel_pcie_alivectxt_state2str(old_ctxt), 1877 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 1878 if (opcode == HCI_OP_RESET) { 1879 ret = wait_event_timeout(data->gp0_wait_q, 1880 data->gp0_received, 1881 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 1882 if (!ret) { 1883 hdev->stat.err_tx++; 1884 bt_dev_err(hdev, "No alive interrupt received for %s", 1885 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt)); 1886 ret = -ETIME; 1887 goto exit_error; 1888 } 1889 } 1890 } 1891 hdev->stat.byte_tx += skb->len; 1892 kfree_skb(skb); 1893 1894 exit_error: 1895 return ret; 1896 } 1897 1898 static void btintel_pcie_release_hdev(struct btintel_pcie_data *data) 1899 { 1900 struct hci_dev *hdev; 1901 1902 hdev = data->hdev; 1903 hci_unregister_dev(hdev); 1904 hci_free_dev(hdev); 1905 data->hdev = NULL; 1906 } 1907 1908 static int btintel_pcie_setup_internal(struct hci_dev *hdev) 1909 { 1910 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 1911 const u8 param[1] = { 0xFF }; 1912 struct intel_version_tlv ver_tlv; 1913 struct sk_buff *skb; 1914 int err; 1915 1916 BT_DBG("%s", hdev->name); 1917 1918 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 1919 if (IS_ERR(skb)) { 1920 bt_dev_err(hdev, "Reading Intel version command failed (%ld)", 1921 PTR_ERR(skb)); 1922 return PTR_ERR(skb); 1923 } 1924 1925 /* Check the status */ 1926 if (skb->data[0]) { 1927 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 1928 skb->data[0]); 1929 err = -EIO; 1930 goto exit_error; 1931 } 1932 1933 /* Apply the common HCI quirks for Intel device */ 1934 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 1935 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1936 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 1937 1938 /* Set up the quality report callback for Intel devices */ 1939 hdev->set_quality_report = btintel_set_quality_report; 1940 1941 memset(&ver_tlv, 0, sizeof(ver_tlv)); 1942 /* For TLV type device, parse the tlv data */ 1943 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); 1944 if (err) { 1945 bt_dev_err(hdev, "Failed to parse TLV version information"); 1946 goto exit_error; 1947 } 1948 1949 switch (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)) { 1950 case 0x37: 1951 break; 1952 default: 1953 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 1954 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); 1955 err = -EINVAL; 1956 goto exit_error; 1957 } 1958 1959 /* Check for supported iBT hardware variants of this firmware 1960 * loading method. 1961 * 1962 * This check has been put in place to ensure correct forward 1963 * compatibility options when newer hardware variants come 1964 * along. 1965 */ 1966 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { 1967 case 0x1e: /* BzrI */ 1968 case 0x1f: /* ScP */ 1969 /* Display version information of TLV type */ 1970 btintel_version_info_tlv(hdev, &ver_tlv); 1971 1972 /* Apply the device specific HCI quirks for TLV based devices 1973 * 1974 * All TLV based devices support WBS 1975 */ 1976 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 1977 1978 /* Setup MSFT Extension support */ 1979 btintel_set_msft_opcode(hdev, 1980 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 1981 1982 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); 1983 if (err) 1984 goto exit_error; 1985 break; 1986 default: 1987 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 1988 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 1989 err = -EINVAL; 1990 goto exit_error; 1991 break; 1992 } 1993 1994 data->dmp_hdr.cnvi_top = ver_tlv.cnvi_top; 1995 data->dmp_hdr.cnvr_top = ver_tlv.cnvr_top; 1996 data->dmp_hdr.fw_timestamp = ver_tlv.timestamp; 1997 data->dmp_hdr.fw_build_type = ver_tlv.build_type; 1998 data->dmp_hdr.fw_build_num = ver_tlv.build_num; 1999 data->dmp_hdr.cnvi_bt = ver_tlv.cnvi_bt; 2000 2001 if (ver_tlv.img_type == 0x02 || ver_tlv.img_type == 0x03) 2002 data->dmp_hdr.fw_git_sha1 = ver_tlv.git_sha1; 2003 2004 err = hci_devcd_register(hdev, btintel_pcie_dump_traces, btintel_pcie_dump_hdr, 2005 btintel_pcie_dump_notify); 2006 if (err) { 2007 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 2008 goto exit_error; 2009 } 2010 2011 btintel_print_fseq_info(hdev); 2012 exit_error: 2013 kfree_skb(skb); 2014 2015 return err; 2016 } 2017 2018 static int btintel_pcie_setup(struct hci_dev *hdev) 2019 { 2020 int err, fw_dl_retry = 0; 2021 struct btintel_pcie_data *data = hci_get_drvdata(hdev); 2022 2023 while ((err = btintel_pcie_setup_internal(hdev)) && fw_dl_retry++ < 1) { 2024 bt_dev_err(hdev, "Firmware download retry count: %d", 2025 fw_dl_retry); 2026 err = btintel_pcie_reset_bt(data); 2027 if (err) { 2028 bt_dev_err(hdev, "Failed to do shr reset: %d", err); 2029 break; 2030 } 2031 usleep_range(10000, 12000); 2032 btintel_pcie_reset_ia(data); 2033 btintel_pcie_config_msix(data); 2034 err = btintel_pcie_enable_bt(data); 2035 if (err) { 2036 bt_dev_err(hdev, "Failed to enable hardware: %d", err); 2037 break; 2038 } 2039 btintel_pcie_start_rx(data); 2040 } 2041 return err; 2042 } 2043 2044 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data) 2045 { 2046 int err; 2047 struct hci_dev *hdev; 2048 2049 hdev = hci_alloc_dev_priv(sizeof(struct btintel_data)); 2050 if (!hdev) 2051 return -ENOMEM; 2052 2053 hdev->bus = HCI_PCI; 2054 hci_set_drvdata(hdev, data); 2055 2056 data->hdev = hdev; 2057 SET_HCIDEV_DEV(hdev, &data->pdev->dev); 2058 2059 hdev->manufacturer = 2; 2060 hdev->open = btintel_pcie_open; 2061 hdev->close = btintel_pcie_close; 2062 hdev->send = btintel_pcie_send_frame; 2063 hdev->setup = btintel_pcie_setup; 2064 hdev->shutdown = btintel_shutdown_combined; 2065 hdev->hw_error = btintel_hw_error; 2066 hdev->set_diag = btintel_set_diag; 2067 hdev->set_bdaddr = btintel_set_bdaddr; 2068 2069 err = hci_register_dev(hdev); 2070 if (err < 0) { 2071 BT_ERR("Failed to register to hdev (%d)", err); 2072 goto exit_error; 2073 } 2074 2075 data->dmp_hdr.driver_name = KBUILD_MODNAME; 2076 return 0; 2077 2078 exit_error: 2079 hci_free_dev(hdev); 2080 return err; 2081 } 2082 2083 static int btintel_pcie_probe(struct pci_dev *pdev, 2084 const struct pci_device_id *ent) 2085 { 2086 int err; 2087 struct btintel_pcie_data *data; 2088 2089 if (!pdev) 2090 return -ENODEV; 2091 2092 data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL); 2093 if (!data) 2094 return -ENOMEM; 2095 2096 data->pdev = pdev; 2097 2098 spin_lock_init(&data->irq_lock); 2099 spin_lock_init(&data->hci_rx_lock); 2100 2101 init_waitqueue_head(&data->gp0_wait_q); 2102 data->gp0_received = false; 2103 2104 init_waitqueue_head(&data->tx_wait_q); 2105 data->tx_wait_done = false; 2106 2107 data->workqueue = alloc_ordered_workqueue(KBUILD_MODNAME, WQ_HIGHPRI); 2108 if (!data->workqueue) 2109 return -ENOMEM; 2110 2111 skb_queue_head_init(&data->rx_skb_q); 2112 INIT_WORK(&data->rx_work, btintel_pcie_rx_work); 2113 2114 data->boot_stage_cache = 0x00; 2115 data->img_resp_cache = 0x00; 2116 2117 err = btintel_pcie_config_pcie(pdev, data); 2118 if (err) 2119 goto exit_error; 2120 2121 pci_set_drvdata(pdev, data); 2122 2123 err = btintel_pcie_alloc(data); 2124 if (err) 2125 goto exit_error; 2126 2127 err = btintel_pcie_enable_bt(data); 2128 if (err) 2129 goto exit_error; 2130 2131 /* CNV information (CNVi and CNVr) is in CSR */ 2132 data->cnvi = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_HW_REV_REG); 2133 2134 data->cnvr = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_RF_ID_REG); 2135 2136 err = btintel_pcie_start_rx(data); 2137 if (err) 2138 goto exit_error; 2139 2140 err = btintel_pcie_setup_hdev(data); 2141 if (err) 2142 goto exit_error; 2143 2144 bt_dev_dbg(data->hdev, "cnvi: 0x%8.8x cnvr: 0x%8.8x", data->cnvi, 2145 data->cnvr); 2146 return 0; 2147 2148 exit_error: 2149 /* reset device before exit */ 2150 btintel_pcie_reset_bt(data); 2151 2152 pci_clear_master(pdev); 2153 2154 pci_set_drvdata(pdev, NULL); 2155 2156 return err; 2157 } 2158 2159 static void btintel_pcie_remove(struct pci_dev *pdev) 2160 { 2161 struct btintel_pcie_data *data; 2162 2163 data = pci_get_drvdata(pdev); 2164 2165 btintel_pcie_reset_bt(data); 2166 for (int i = 0; i < data->alloc_vecs; i++) { 2167 struct msix_entry *msix_entry; 2168 2169 msix_entry = &data->msix_entries[i]; 2170 free_irq(msix_entry->vector, msix_entry); 2171 } 2172 2173 pci_free_irq_vectors(pdev); 2174 2175 btintel_pcie_release_hdev(data); 2176 2177 flush_work(&data->rx_work); 2178 2179 destroy_workqueue(data->workqueue); 2180 2181 btintel_pcie_free(data); 2182 2183 pci_clear_master(pdev); 2184 2185 pci_set_drvdata(pdev, NULL); 2186 } 2187 2188 #ifdef CONFIG_DEV_COREDUMP 2189 static void btintel_pcie_coredump(struct device *dev) 2190 { 2191 struct pci_dev *pdev = to_pci_dev(dev); 2192 struct btintel_pcie_data *data = pci_get_drvdata(pdev); 2193 2194 if (test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, &data->flags)) 2195 return; 2196 2197 data->dmp_hdr.trigger_reason = BTINTEL_PCIE_TRIGGER_REASON_USER_TRIGGER; 2198 queue_work(data->workqueue, &data->rx_work); 2199 } 2200 #endif 2201 2202 static struct pci_driver btintel_pcie_driver = { 2203 .name = KBUILD_MODNAME, 2204 .id_table = btintel_pcie_table, 2205 .probe = btintel_pcie_probe, 2206 .remove = btintel_pcie_remove, 2207 #ifdef CONFIG_DEV_COREDUMP 2208 .driver.coredump = btintel_pcie_coredump 2209 #endif 2210 }; 2211 module_pci_driver(btintel_pcie_driver); 2212 2213 MODULE_AUTHOR("Tedd Ho-Jeong An <tedd.an@intel.com>"); 2214 MODULE_DESCRIPTION("Intel Bluetooth PCIe transport driver ver " VERSION); 2215 MODULE_VERSION(VERSION); 2216 MODULE_LICENSE("GPL"); 2217