xref: /linux/drivers/net/wireless/ath/ath10k/sdio.c (revision eb01fe7abbe2d0b38824d2a93fdb4cc3eaf2ccc1)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2004-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2012,2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2016-2017 Erik Stromdahl <erik.stromdahl@gmail.com>
6  * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
7  */
8 
9 #include <linux/module.h>
10 #include <linux/mmc/card.h>
11 #include <linux/mmc/mmc.h>
12 #include <linux/mmc/host.h>
13 #include <linux/mmc/sdio_func.h>
14 #include <linux/mmc/sdio_ids.h>
15 #include <linux/mmc/sdio.h>
16 #include <linux/mmc/sd.h>
17 #include <linux/bitfield.h>
18 #include "core.h"
19 #include "bmi.h"
20 #include "debug.h"
21 #include "hif.h"
22 #include "htc.h"
23 #include "mac.h"
24 #include "targaddrs.h"
25 #include "trace.h"
26 #include "sdio.h"
27 #include "coredump.h"
28 
29 void ath10k_sdio_fw_crashed_dump(struct ath10k *ar);
30 
31 #define ATH10K_SDIO_VSG_BUF_SIZE	(64 * 1024)
32 
33 /* inlined helper functions */
34 
35 static inline int ath10k_sdio_calc_txrx_padded_len(struct ath10k_sdio *ar_sdio,
36 						   size_t len)
37 {
38 	return __ALIGN_MASK((len), ar_sdio->mbox_info.block_mask);
39 }
40 
41 static inline enum ath10k_htc_ep_id pipe_id_to_eid(u8 pipe_id)
42 {
43 	return (enum ath10k_htc_ep_id)pipe_id;
44 }
45 
46 static inline void ath10k_sdio_mbox_free_rx_pkt(struct ath10k_sdio_rx_data *pkt)
47 {
48 	dev_kfree_skb(pkt->skb);
49 	pkt->skb = NULL;
50 	pkt->alloc_len = 0;
51 	pkt->act_len = 0;
52 	pkt->trailer_only = false;
53 }
54 
55 static inline int ath10k_sdio_mbox_alloc_rx_pkt(struct ath10k_sdio_rx_data *pkt,
56 						size_t act_len, size_t full_len,
57 						bool part_of_bundle,
58 						bool last_in_bundle)
59 {
60 	pkt->skb = dev_alloc_skb(full_len);
61 	if (!pkt->skb)
62 		return -ENOMEM;
63 
64 	pkt->act_len = act_len;
65 	pkt->alloc_len = full_len;
66 	pkt->part_of_bundle = part_of_bundle;
67 	pkt->last_in_bundle = last_in_bundle;
68 	pkt->trailer_only = false;
69 
70 	return 0;
71 }
72 
73 static inline bool is_trailer_only_msg(struct ath10k_sdio_rx_data *pkt)
74 {
75 	bool trailer_only = false;
76 	struct ath10k_htc_hdr *htc_hdr =
77 		(struct ath10k_htc_hdr *)pkt->skb->data;
78 	u16 len = __le16_to_cpu(htc_hdr->len);
79 
80 	if (len == htc_hdr->trailer_len)
81 		trailer_only = true;
82 
83 	return trailer_only;
84 }
85 
86 /* sdio/mmc functions */
87 
88 static inline void ath10k_sdio_set_cmd52_arg(u32 *arg, u8 write, u8 raw,
89 					     unsigned int address,
90 					     unsigned char val)
91 {
92 	*arg = FIELD_PREP(BIT(31), write) |
93 	       FIELD_PREP(BIT(27), raw) |
94 	       FIELD_PREP(BIT(26), 1) |
95 	       FIELD_PREP(GENMASK(25, 9), address) |
96 	       FIELD_PREP(BIT(8), 1) |
97 	       FIELD_PREP(GENMASK(7, 0), val);
98 }
99 
100 static int ath10k_sdio_func0_cmd52_wr_byte(struct mmc_card *card,
101 					   unsigned int address,
102 					   unsigned char byte)
103 {
104 	struct mmc_command io_cmd;
105 
106 	memset(&io_cmd, 0, sizeof(io_cmd));
107 	ath10k_sdio_set_cmd52_arg(&io_cmd.arg, 1, 0, address, byte);
108 	io_cmd.opcode = SD_IO_RW_DIRECT;
109 	io_cmd.flags = MMC_RSP_R5 | MMC_CMD_AC;
110 
111 	return mmc_wait_for_cmd(card->host, &io_cmd, 0);
112 }
113 
114 static int ath10k_sdio_func0_cmd52_rd_byte(struct mmc_card *card,
115 					   unsigned int address,
116 					   unsigned char *byte)
117 {
118 	struct mmc_command io_cmd;
119 	int ret;
120 
121 	memset(&io_cmd, 0, sizeof(io_cmd));
122 	ath10k_sdio_set_cmd52_arg(&io_cmd.arg, 0, 0, address, 0);
123 	io_cmd.opcode = SD_IO_RW_DIRECT;
124 	io_cmd.flags = MMC_RSP_R5 | MMC_CMD_AC;
125 
126 	ret = mmc_wait_for_cmd(card->host, &io_cmd, 0);
127 	if (!ret)
128 		*byte = io_cmd.resp[0];
129 
130 	return ret;
131 }
132 
133 static int ath10k_sdio_config(struct ath10k *ar)
134 {
135 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
136 	struct sdio_func *func = ar_sdio->func;
137 	unsigned char byte, asyncintdelay = 2;
138 	int ret;
139 
140 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio configuration\n");
141 
142 	sdio_claim_host(func);
143 
144 	byte = 0;
145 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
146 					      SDIO_CCCR_DRIVE_STRENGTH,
147 					      &byte);
148 
149 	byte &= ~ATH10K_SDIO_DRIVE_DTSX_MASK;
150 	byte |= FIELD_PREP(ATH10K_SDIO_DRIVE_DTSX_MASK,
151 			   ATH10K_SDIO_DRIVE_DTSX_TYPE_D);
152 
153 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
154 					      SDIO_CCCR_DRIVE_STRENGTH,
155 					      byte);
156 
157 	byte = 0;
158 	ret = ath10k_sdio_func0_cmd52_rd_byte(
159 		func->card,
160 		CCCR_SDIO_DRIVER_STRENGTH_ENABLE_ADDR,
161 		&byte);
162 
163 	byte |= (CCCR_SDIO_DRIVER_STRENGTH_ENABLE_A |
164 		 CCCR_SDIO_DRIVER_STRENGTH_ENABLE_C |
165 		 CCCR_SDIO_DRIVER_STRENGTH_ENABLE_D);
166 
167 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
168 					      CCCR_SDIO_DRIVER_STRENGTH_ENABLE_ADDR,
169 					      byte);
170 	if (ret) {
171 		ath10k_warn(ar, "failed to enable driver strength: %d\n", ret);
172 		goto out;
173 	}
174 
175 	byte = 0;
176 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
177 					      CCCR_SDIO_IRQ_MODE_REG_SDIO3,
178 					      &byte);
179 
180 	byte |= SDIO_IRQ_MODE_ASYNC_4BIT_IRQ_SDIO3;
181 
182 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
183 					      CCCR_SDIO_IRQ_MODE_REG_SDIO3,
184 					      byte);
185 	if (ret) {
186 		ath10k_warn(ar, "failed to enable 4-bit async irq mode: %d\n",
187 			    ret);
188 		goto out;
189 	}
190 
191 	byte = 0;
192 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
193 					      CCCR_SDIO_ASYNC_INT_DELAY_ADDRESS,
194 					      &byte);
195 
196 	byte &= ~CCCR_SDIO_ASYNC_INT_DELAY_MASK;
197 	byte |= FIELD_PREP(CCCR_SDIO_ASYNC_INT_DELAY_MASK, asyncintdelay);
198 
199 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
200 					      CCCR_SDIO_ASYNC_INT_DELAY_ADDRESS,
201 					      byte);
202 
203 	/* give us some time to enable, in ms */
204 	func->enable_timeout = 100;
205 
206 	ret = sdio_set_block_size(func, ar_sdio->mbox_info.block_size);
207 	if (ret) {
208 		ath10k_warn(ar, "failed to set sdio block size to %d: %d\n",
209 			    ar_sdio->mbox_info.block_size, ret);
210 		goto out;
211 	}
212 
213 out:
214 	sdio_release_host(func);
215 	return ret;
216 }
217 
218 static int ath10k_sdio_write32(struct ath10k *ar, u32 addr, u32 val)
219 {
220 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
221 	struct sdio_func *func = ar_sdio->func;
222 	int ret;
223 
224 	sdio_claim_host(func);
225 
226 	sdio_writel(func, val, addr, &ret);
227 	if (ret) {
228 		ath10k_warn(ar, "failed to write 0x%x to address 0x%x: %d\n",
229 			    val, addr, ret);
230 		goto out;
231 	}
232 
233 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio write32 addr 0x%x val 0x%x\n",
234 		   addr, val);
235 
236 out:
237 	sdio_release_host(func);
238 
239 	return ret;
240 }
241 
242 static int ath10k_sdio_writesb32(struct ath10k *ar, u32 addr, u32 val)
243 {
244 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
245 	struct sdio_func *func = ar_sdio->func;
246 	__le32 *buf;
247 	int ret;
248 
249 	buf = kzalloc(sizeof(*buf), GFP_KERNEL);
250 	if (!buf)
251 		return -ENOMEM;
252 
253 	*buf = cpu_to_le32(val);
254 
255 	sdio_claim_host(func);
256 
257 	ret = sdio_writesb(func, addr, buf, sizeof(*buf));
258 	if (ret) {
259 		ath10k_warn(ar, "failed to write value 0x%x to fixed sb address 0x%x: %d\n",
260 			    val, addr, ret);
261 		goto out;
262 	}
263 
264 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio writesb32 addr 0x%x val 0x%x\n",
265 		   addr, val);
266 
267 out:
268 	sdio_release_host(func);
269 
270 	kfree(buf);
271 
272 	return ret;
273 }
274 
275 static int ath10k_sdio_read32(struct ath10k *ar, u32 addr, u32 *val)
276 {
277 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
278 	struct sdio_func *func = ar_sdio->func;
279 	int ret;
280 
281 	sdio_claim_host(func);
282 	*val = sdio_readl(func, addr, &ret);
283 	if (ret) {
284 		ath10k_warn(ar, "failed to read from address 0x%x: %d\n",
285 			    addr, ret);
286 		goto out;
287 	}
288 
289 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio read32 addr 0x%x val 0x%x\n",
290 		   addr, *val);
291 
292 out:
293 	sdio_release_host(func);
294 
295 	return ret;
296 }
297 
298 static int ath10k_sdio_read(struct ath10k *ar, u32 addr, void *buf, size_t len)
299 {
300 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
301 	struct sdio_func *func = ar_sdio->func;
302 	int ret;
303 
304 	sdio_claim_host(func);
305 
306 	ret = sdio_memcpy_fromio(func, buf, addr, len);
307 	if (ret) {
308 		ath10k_warn(ar, "failed to read from address 0x%x: %d\n",
309 			    addr, ret);
310 		goto out;
311 	}
312 
313 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio read addr 0x%x buf 0x%p len %zu\n",
314 		   addr, buf, len);
315 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio read ", buf, len);
316 
317 out:
318 	sdio_release_host(func);
319 
320 	return ret;
321 }
322 
323 static int ath10k_sdio_write(struct ath10k *ar, u32 addr, const void *buf, size_t len)
324 {
325 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
326 	struct sdio_func *func = ar_sdio->func;
327 	int ret;
328 
329 	sdio_claim_host(func);
330 
331 	/* For some reason toio() doesn't have const for the buffer, need
332 	 * an ugly hack to workaround that.
333 	 */
334 	ret = sdio_memcpy_toio(func, addr, (void *)buf, len);
335 	if (ret) {
336 		ath10k_warn(ar, "failed to write to address 0x%x: %d\n",
337 			    addr, ret);
338 		goto out;
339 	}
340 
341 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio write addr 0x%x buf 0x%p len %zu\n",
342 		   addr, buf, len);
343 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio write ", buf, len);
344 
345 out:
346 	sdio_release_host(func);
347 
348 	return ret;
349 }
350 
351 static int ath10k_sdio_readsb(struct ath10k *ar, u32 addr, void *buf, size_t len)
352 {
353 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
354 	struct sdio_func *func = ar_sdio->func;
355 	int ret;
356 
357 	sdio_claim_host(func);
358 
359 	len = round_down(len, ar_sdio->mbox_info.block_size);
360 
361 	ret = sdio_readsb(func, buf, addr, len);
362 	if (ret) {
363 		ath10k_warn(ar, "failed to read from fixed (sb) address 0x%x: %d\n",
364 			    addr, ret);
365 		goto out;
366 	}
367 
368 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio readsb addr 0x%x buf 0x%p len %zu\n",
369 		   addr, buf, len);
370 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio readsb ", buf, len);
371 
372 out:
373 	sdio_release_host(func);
374 
375 	return ret;
376 }
377 
378 /* HIF mbox functions */
379 
380 static int ath10k_sdio_mbox_rx_process_packet(struct ath10k *ar,
381 					      struct ath10k_sdio_rx_data *pkt,
382 					      u32 *lookaheads,
383 					      int *n_lookaheads)
384 {
385 	struct ath10k_htc *htc = &ar->htc;
386 	struct sk_buff *skb = pkt->skb;
387 	struct ath10k_htc_hdr *htc_hdr = (struct ath10k_htc_hdr *)skb->data;
388 	bool trailer_present = htc_hdr->flags & ATH10K_HTC_FLAG_TRAILER_PRESENT;
389 	enum ath10k_htc_ep_id eid;
390 	u8 *trailer;
391 	int ret;
392 
393 	if (trailer_present) {
394 		trailer = skb->data + skb->len - htc_hdr->trailer_len;
395 
396 		eid = pipe_id_to_eid(htc_hdr->eid);
397 
398 		ret = ath10k_htc_process_trailer(htc,
399 						 trailer,
400 						 htc_hdr->trailer_len,
401 						 eid,
402 						 lookaheads,
403 						 n_lookaheads);
404 		if (ret)
405 			return ret;
406 
407 		if (is_trailer_only_msg(pkt))
408 			pkt->trailer_only = true;
409 
410 		skb_trim(skb, skb->len - htc_hdr->trailer_len);
411 	}
412 
413 	skb_pull(skb, sizeof(*htc_hdr));
414 
415 	return 0;
416 }
417 
418 static int ath10k_sdio_mbox_rx_process_packets(struct ath10k *ar,
419 					       u32 lookaheads[],
420 					       int *n_lookahead)
421 {
422 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
423 	struct ath10k_htc *htc = &ar->htc;
424 	struct ath10k_sdio_rx_data *pkt;
425 	struct ath10k_htc_ep *ep;
426 	struct ath10k_skb_rxcb *cb;
427 	enum ath10k_htc_ep_id id;
428 	int ret, i, *n_lookahead_local;
429 	u32 *lookaheads_local;
430 	int lookahead_idx = 0;
431 
432 	for (i = 0; i < ar_sdio->n_rx_pkts; i++) {
433 		lookaheads_local = lookaheads;
434 		n_lookahead_local = n_lookahead;
435 
436 		id = ((struct ath10k_htc_hdr *)
437 		      &lookaheads[lookahead_idx++])->eid;
438 
439 		if (id >= ATH10K_HTC_EP_COUNT) {
440 			ath10k_warn(ar, "invalid endpoint in look-ahead: %d\n",
441 				    id);
442 			ret = -ENOMEM;
443 			goto out;
444 		}
445 
446 		ep = &htc->endpoint[id];
447 
448 		if (ep->service_id == 0) {
449 			ath10k_warn(ar, "ep %d is not connected\n", id);
450 			ret = -ENOMEM;
451 			goto out;
452 		}
453 
454 		pkt = &ar_sdio->rx_pkts[i];
455 
456 		if (pkt->part_of_bundle && !pkt->last_in_bundle) {
457 			/* Only read lookahead's from RX trailers
458 			 * for the last packet in a bundle.
459 			 */
460 			lookahead_idx--;
461 			lookaheads_local = NULL;
462 			n_lookahead_local = NULL;
463 		}
464 
465 		ret = ath10k_sdio_mbox_rx_process_packet(ar,
466 							 pkt,
467 							 lookaheads_local,
468 							 n_lookahead_local);
469 		if (ret)
470 			goto out;
471 
472 		if (!pkt->trailer_only) {
473 			cb = ATH10K_SKB_RXCB(pkt->skb);
474 			cb->eid = id;
475 
476 			skb_queue_tail(&ar_sdio->rx_head, pkt->skb);
477 			queue_work(ar->workqueue_aux,
478 				   &ar_sdio->async_work_rx);
479 		} else {
480 			kfree_skb(pkt->skb);
481 		}
482 
483 		/* The RX complete handler now owns the skb...*/
484 		pkt->skb = NULL;
485 		pkt->alloc_len = 0;
486 	}
487 
488 	ret = 0;
489 
490 out:
491 	/* Free all packets that was not passed on to the RX completion
492 	 * handler...
493 	 */
494 	for (; i < ar_sdio->n_rx_pkts; i++)
495 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
496 
497 	return ret;
498 }
499 
500 static int ath10k_sdio_mbox_alloc_bundle(struct ath10k *ar,
501 					 struct ath10k_sdio_rx_data *rx_pkts,
502 					 struct ath10k_htc_hdr *htc_hdr,
503 					 size_t full_len, size_t act_len,
504 					 size_t *bndl_cnt)
505 {
506 	int ret, i;
507 	u8 max_msgs = ar->htc.max_msgs_per_htc_bundle;
508 
509 	*bndl_cnt = ath10k_htc_get_bundle_count(max_msgs, htc_hdr->flags);
510 
511 	if (*bndl_cnt > max_msgs) {
512 		ath10k_warn(ar,
513 			    "HTC bundle length %u exceeds maximum %u\n",
514 			    le16_to_cpu(htc_hdr->len),
515 			    max_msgs);
516 		return -ENOMEM;
517 	}
518 
519 	/* Allocate bndl_cnt extra skb's for the bundle.
520 	 * The package containing the
521 	 * ATH10K_HTC_FLAG_BUNDLE_MASK flag is not included
522 	 * in bndl_cnt. The skb for that packet will be
523 	 * allocated separately.
524 	 */
525 	for (i = 0; i < *bndl_cnt; i++) {
526 		ret = ath10k_sdio_mbox_alloc_rx_pkt(&rx_pkts[i],
527 						    act_len,
528 						    full_len,
529 						    true,
530 						    false);
531 		if (ret)
532 			return ret;
533 	}
534 
535 	return 0;
536 }
537 
538 static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar,
539 				     u32 lookaheads[], int n_lookaheads)
540 {
541 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
542 	struct ath10k_htc_hdr *htc_hdr;
543 	size_t full_len, act_len;
544 	bool last_in_bundle;
545 	int ret, i;
546 	int pkt_cnt = 0;
547 
548 	if (n_lookaheads > ATH10K_SDIO_MAX_RX_MSGS) {
549 		ath10k_warn(ar, "the total number of pkts to be fetched (%u) exceeds maximum %u\n",
550 			    n_lookaheads, ATH10K_SDIO_MAX_RX_MSGS);
551 		ret = -ENOMEM;
552 		goto err;
553 	}
554 
555 	for (i = 0; i < n_lookaheads; i++) {
556 		htc_hdr = (struct ath10k_htc_hdr *)&lookaheads[i];
557 		last_in_bundle = false;
558 
559 		if (le16_to_cpu(htc_hdr->len) > ATH10K_HTC_MBOX_MAX_PAYLOAD_LENGTH) {
560 			ath10k_warn(ar, "payload length %d exceeds max htc length: %zu\n",
561 				    le16_to_cpu(htc_hdr->len),
562 				    ATH10K_HTC_MBOX_MAX_PAYLOAD_LENGTH);
563 			ret = -ENOMEM;
564 
565 			ath10k_core_start_recovery(ar);
566 			ath10k_warn(ar, "exceeds length, start recovery\n");
567 
568 			goto err;
569 		}
570 
571 		act_len = le16_to_cpu(htc_hdr->len) + sizeof(*htc_hdr);
572 		full_len = ath10k_sdio_calc_txrx_padded_len(ar_sdio, act_len);
573 
574 		if (full_len > ATH10K_SDIO_MAX_BUFFER_SIZE) {
575 			ath10k_warn(ar, "rx buffer requested with invalid htc_hdr length (%d, 0x%x): %d\n",
576 				    htc_hdr->eid, htc_hdr->flags,
577 				    le16_to_cpu(htc_hdr->len));
578 			ret = -EINVAL;
579 			goto err;
580 		}
581 
582 		if (ath10k_htc_get_bundle_count(
583 			ar->htc.max_msgs_per_htc_bundle, htc_hdr->flags)) {
584 			/* HTC header indicates that every packet to follow
585 			 * has the same padded length so that it can be
586 			 * optimally fetched as a full bundle.
587 			 */
588 			size_t bndl_cnt;
589 
590 			ret = ath10k_sdio_mbox_alloc_bundle(ar,
591 							    &ar_sdio->rx_pkts[pkt_cnt],
592 							    htc_hdr,
593 							    full_len,
594 							    act_len,
595 							    &bndl_cnt);
596 
597 			if (ret) {
598 				ath10k_warn(ar, "failed to allocate a bundle: %d\n",
599 					    ret);
600 				goto err;
601 			}
602 
603 			pkt_cnt += bndl_cnt;
604 
605 			/* next buffer will be the last in the bundle */
606 			last_in_bundle = true;
607 		}
608 
609 		/* Allocate skb for packet. If the packet had the
610 		 * ATH10K_HTC_FLAG_BUNDLE_MASK flag set, all bundled
611 		 * packet skb's have been allocated in the previous step.
612 		 */
613 		if (htc_hdr->flags & ATH10K_HTC_FLAGS_RECV_1MORE_BLOCK)
614 			full_len += ATH10K_HIF_MBOX_BLOCK_SIZE;
615 
616 		ret = ath10k_sdio_mbox_alloc_rx_pkt(&ar_sdio->rx_pkts[pkt_cnt],
617 						    act_len,
618 						    full_len,
619 						    last_in_bundle,
620 						    last_in_bundle);
621 		if (ret) {
622 			ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret);
623 			goto err;
624 		}
625 
626 		pkt_cnt++;
627 	}
628 
629 	ar_sdio->n_rx_pkts = pkt_cnt;
630 
631 	return 0;
632 
633 err:
634 	for (i = 0; i < ATH10K_SDIO_MAX_RX_MSGS; i++) {
635 		if (!ar_sdio->rx_pkts[i].alloc_len)
636 			break;
637 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
638 	}
639 
640 	return ret;
641 }
642 
643 static int ath10k_sdio_mbox_rx_fetch(struct ath10k *ar)
644 {
645 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
646 	struct ath10k_sdio_rx_data *pkt = &ar_sdio->rx_pkts[0];
647 	struct sk_buff *skb = pkt->skb;
648 	struct ath10k_htc_hdr *htc_hdr;
649 	int ret;
650 
651 	ret = ath10k_sdio_readsb(ar, ar_sdio->mbox_info.htc_addr,
652 				 skb->data, pkt->alloc_len);
653 	if (ret)
654 		goto err;
655 
656 	htc_hdr = (struct ath10k_htc_hdr *)skb->data;
657 	pkt->act_len = le16_to_cpu(htc_hdr->len) + sizeof(*htc_hdr);
658 
659 	if (pkt->act_len > pkt->alloc_len) {
660 		ret = -EINVAL;
661 		goto err;
662 	}
663 
664 	skb_put(skb, pkt->act_len);
665 	return 0;
666 
667 err:
668 	ar_sdio->n_rx_pkts = 0;
669 	ath10k_sdio_mbox_free_rx_pkt(pkt);
670 
671 	return ret;
672 }
673 
674 static int ath10k_sdio_mbox_rx_fetch_bundle(struct ath10k *ar)
675 {
676 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
677 	struct ath10k_sdio_rx_data *pkt;
678 	struct ath10k_htc_hdr *htc_hdr;
679 	int ret, i;
680 	u32 pkt_offset, virt_pkt_len;
681 
682 	virt_pkt_len = 0;
683 	for (i = 0; i < ar_sdio->n_rx_pkts; i++)
684 		virt_pkt_len += ar_sdio->rx_pkts[i].alloc_len;
685 
686 	if (virt_pkt_len > ATH10K_SDIO_VSG_BUF_SIZE) {
687 		ath10k_warn(ar, "sdio vsg buffer size limit: %d\n", virt_pkt_len);
688 		ret = -E2BIG;
689 		goto err;
690 	}
691 
692 	ret = ath10k_sdio_readsb(ar, ar_sdio->mbox_info.htc_addr,
693 				 ar_sdio->vsg_buffer, virt_pkt_len);
694 	if (ret) {
695 		ath10k_warn(ar, "failed to read bundle packets: %d", ret);
696 		goto err;
697 	}
698 
699 	pkt_offset = 0;
700 	for (i = 0; i < ar_sdio->n_rx_pkts; i++) {
701 		pkt = &ar_sdio->rx_pkts[i];
702 		htc_hdr = (struct ath10k_htc_hdr *)(ar_sdio->vsg_buffer + pkt_offset);
703 		pkt->act_len = le16_to_cpu(htc_hdr->len) + sizeof(*htc_hdr);
704 
705 		if (pkt->act_len > pkt->alloc_len) {
706 			ret = -EINVAL;
707 			goto err;
708 		}
709 
710 		skb_put_data(pkt->skb, htc_hdr, pkt->act_len);
711 		pkt_offset += pkt->alloc_len;
712 	}
713 
714 	return 0;
715 
716 err:
717 	/* Free all packets that was not successfully fetched. */
718 	for (i = 0; i < ar_sdio->n_rx_pkts; i++)
719 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
720 
721 	ar_sdio->n_rx_pkts = 0;
722 
723 	return ret;
724 }
725 
726 /* This is the timeout for mailbox processing done in the sdio irq
727  * handler. The timeout is deliberately set quite high since SDIO dump logs
728  * over serial port can/will add a substantial overhead to the processing
729  * (if enabled).
730  */
731 #define SDIO_MBOX_PROCESSING_TIMEOUT_HZ (20 * HZ)
732 
733 static int ath10k_sdio_mbox_rxmsg_pending_handler(struct ath10k *ar,
734 						  u32 msg_lookahead, bool *done)
735 {
736 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
737 	u32 lookaheads[ATH10K_SDIO_MAX_RX_MSGS];
738 	int n_lookaheads = 1;
739 	unsigned long timeout;
740 	int ret;
741 
742 	*done = true;
743 
744 	/* Copy the lookahead obtained from the HTC register table into our
745 	 * temp array as a start value.
746 	 */
747 	lookaheads[0] = msg_lookahead;
748 
749 	timeout = jiffies + SDIO_MBOX_PROCESSING_TIMEOUT_HZ;
750 	do {
751 		/* Try to allocate as many HTC RX packets indicated by
752 		 * n_lookaheads.
753 		 */
754 		ret = ath10k_sdio_mbox_rx_alloc(ar, lookaheads,
755 						n_lookaheads);
756 		if (ret)
757 			break;
758 
759 		if (ar_sdio->n_rx_pkts >= 2)
760 			/* A recv bundle was detected, force IRQ status
761 			 * re-check again.
762 			 */
763 			*done = false;
764 
765 		if (ar_sdio->n_rx_pkts > 1)
766 			ret = ath10k_sdio_mbox_rx_fetch_bundle(ar);
767 		else
768 			ret = ath10k_sdio_mbox_rx_fetch(ar);
769 
770 		/* Process fetched packets. This will potentially update
771 		 * n_lookaheads depending on if the packets contain lookahead
772 		 * reports.
773 		 */
774 		n_lookaheads = 0;
775 		ret = ath10k_sdio_mbox_rx_process_packets(ar,
776 							  lookaheads,
777 							  &n_lookaheads);
778 
779 		if (!n_lookaheads || ret)
780 			break;
781 
782 		/* For SYNCH processing, if we get here, we are running
783 		 * through the loop again due to updated lookaheads. Set
784 		 * flag that we should re-check IRQ status registers again
785 		 * before leaving IRQ processing, this can net better
786 		 * performance in high throughput situations.
787 		 */
788 		*done = false;
789 	} while (time_before(jiffies, timeout));
790 
791 	if (ret && (ret != -ECANCELED))
792 		ath10k_warn(ar, "failed to get pending recv messages: %d\n",
793 			    ret);
794 
795 	return ret;
796 }
797 
798 static int ath10k_sdio_mbox_proc_dbg_intr(struct ath10k *ar)
799 {
800 	u32 val;
801 	int ret;
802 
803 	/* TODO: Add firmware crash handling */
804 	ath10k_warn(ar, "firmware crashed\n");
805 
806 	/* read counter to clear the interrupt, the debug error interrupt is
807 	 * counter 0.
808 	 */
809 	ret = ath10k_sdio_read32(ar, MBOX_COUNT_DEC_ADDRESS, &val);
810 	if (ret)
811 		ath10k_warn(ar, "failed to clear debug interrupt: %d\n", ret);
812 
813 	return ret;
814 }
815 
816 static int ath10k_sdio_mbox_proc_counter_intr(struct ath10k *ar)
817 {
818 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
819 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
820 	u8 counter_int_status;
821 	int ret;
822 
823 	mutex_lock(&irq_data->mtx);
824 	counter_int_status = irq_data->irq_proc_reg->counter_int_status &
825 			     irq_data->irq_en_reg->cntr_int_status_en;
826 
827 	/* NOTE: other modules like GMBOX may use the counter interrupt for
828 	 * credit flow control on other counters, we only need to check for
829 	 * the debug assertion counter interrupt.
830 	 */
831 	if (counter_int_status & ATH10K_SDIO_TARGET_DEBUG_INTR_MASK)
832 		ret = ath10k_sdio_mbox_proc_dbg_intr(ar);
833 	else
834 		ret = 0;
835 
836 	mutex_unlock(&irq_data->mtx);
837 
838 	return ret;
839 }
840 
841 static int ath10k_sdio_mbox_proc_err_intr(struct ath10k *ar)
842 {
843 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
844 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
845 	u8 error_int_status;
846 	int ret;
847 
848 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio error interrupt\n");
849 
850 	error_int_status = irq_data->irq_proc_reg->error_int_status & 0x0F;
851 	if (!error_int_status) {
852 		ath10k_warn(ar, "invalid error interrupt status: 0x%x\n",
853 			    error_int_status);
854 		return -EIO;
855 	}
856 
857 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
858 		   "sdio error_int_status 0x%x\n", error_int_status);
859 
860 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_WAKEUP_MASK,
861 		      error_int_status))
862 		ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio interrupt error wakeup\n");
863 
864 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_RX_UNDERFLOW_MASK,
865 		      error_int_status))
866 		ath10k_warn(ar, "rx underflow interrupt error\n");
867 
868 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_TX_OVERFLOW_MASK,
869 		      error_int_status))
870 		ath10k_warn(ar, "tx overflow interrupt error\n");
871 
872 	/* Clear the interrupt */
873 	irq_data->irq_proc_reg->error_int_status &= ~error_int_status;
874 
875 	/* set W1C value to clear the interrupt, this hits the register first */
876 	ret = ath10k_sdio_writesb32(ar, MBOX_ERROR_INT_STATUS_ADDRESS,
877 				    error_int_status);
878 	if (ret) {
879 		ath10k_warn(ar, "unable to write to error int status address: %d\n",
880 			    ret);
881 		return ret;
882 	}
883 
884 	return 0;
885 }
886 
887 static int ath10k_sdio_mbox_proc_cpu_intr(struct ath10k *ar)
888 {
889 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
890 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
891 	u8 cpu_int_status;
892 	int ret;
893 
894 	mutex_lock(&irq_data->mtx);
895 	cpu_int_status = irq_data->irq_proc_reg->cpu_int_status &
896 			 irq_data->irq_en_reg->cpu_int_status_en;
897 	if (!cpu_int_status) {
898 		ath10k_warn(ar, "CPU interrupt status is zero\n");
899 		ret = -EIO;
900 		goto out;
901 	}
902 
903 	/* Clear the interrupt */
904 	irq_data->irq_proc_reg->cpu_int_status &= ~cpu_int_status;
905 
906 	/* Set up the register transfer buffer to hit the register 4 times,
907 	 * this is done to make the access 4-byte aligned to mitigate issues
908 	 * with host bus interconnects that restrict bus transfer lengths to
909 	 * be a multiple of 4-bytes.
910 	 *
911 	 * Set W1C value to clear the interrupt, this hits the register first.
912 	 */
913 	ret = ath10k_sdio_writesb32(ar, MBOX_CPU_INT_STATUS_ADDRESS,
914 				    cpu_int_status);
915 	if (ret) {
916 		ath10k_warn(ar, "unable to write to cpu interrupt status address: %d\n",
917 			    ret);
918 		goto out;
919 	}
920 
921 out:
922 	mutex_unlock(&irq_data->mtx);
923 	if (cpu_int_status & MBOX_CPU_STATUS_ENABLE_ASSERT_MASK)
924 		ath10k_sdio_fw_crashed_dump(ar);
925 
926 	return ret;
927 }
928 
929 static int ath10k_sdio_mbox_read_int_status(struct ath10k *ar,
930 					    u8 *host_int_status,
931 					    u32 *lookahead)
932 {
933 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
934 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
935 	struct ath10k_sdio_irq_proc_regs *irq_proc_reg = irq_data->irq_proc_reg;
936 	struct ath10k_sdio_irq_enable_regs *irq_en_reg = irq_data->irq_en_reg;
937 	u8 htc_mbox = FIELD_PREP(ATH10K_HTC_MAILBOX_MASK, 1);
938 	int ret;
939 
940 	mutex_lock(&irq_data->mtx);
941 
942 	*lookahead = 0;
943 	*host_int_status = 0;
944 
945 	/* int_status_en is supposed to be non zero, otherwise interrupts
946 	 * shouldn't be enabled. There is however a short time frame during
947 	 * initialization between the irq register and int_status_en init
948 	 * where this can happen.
949 	 * We silently ignore this condition.
950 	 */
951 	if (!irq_en_reg->int_status_en) {
952 		ret = 0;
953 		goto out;
954 	}
955 
956 	/* Read the first sizeof(struct ath10k_irq_proc_registers)
957 	 * bytes of the HTC register table. This
958 	 * will yield us the value of different int status
959 	 * registers and the lookahead registers.
960 	 */
961 	ret = ath10k_sdio_read(ar, MBOX_HOST_INT_STATUS_ADDRESS,
962 			       irq_proc_reg, sizeof(*irq_proc_reg));
963 	if (ret) {
964 		ath10k_core_start_recovery(ar);
965 		ath10k_warn(ar, "read int status fail, start recovery\n");
966 		goto out;
967 	}
968 
969 	/* Update only those registers that are enabled */
970 	*host_int_status = irq_proc_reg->host_int_status &
971 			   irq_en_reg->int_status_en;
972 
973 	/* Look at mbox status */
974 	if (!(*host_int_status & htc_mbox)) {
975 		*lookahead = 0;
976 		ret = 0;
977 		goto out;
978 	}
979 
980 	/* Mask out pending mbox value, we use look ahead as
981 	 * the real flag for mbox processing.
982 	 */
983 	*host_int_status &= ~htc_mbox;
984 	if (irq_proc_reg->rx_lookahead_valid & htc_mbox) {
985 		*lookahead = le32_to_cpu(
986 			irq_proc_reg->rx_lookahead[ATH10K_HTC_MAILBOX]);
987 		if (!*lookahead)
988 			ath10k_warn(ar, "sdio mbox lookahead is zero\n");
989 	}
990 
991 out:
992 	mutex_unlock(&irq_data->mtx);
993 	return ret;
994 }
995 
996 static int ath10k_sdio_mbox_proc_pending_irqs(struct ath10k *ar,
997 					      bool *done)
998 {
999 	u8 host_int_status;
1000 	u32 lookahead;
1001 	int ret;
1002 
1003 	/* NOTE: HIF implementation guarantees that the context of this
1004 	 * call allows us to perform SYNCHRONOUS I/O, that is we can block,
1005 	 * sleep or call any API that can block or switch thread/task
1006 	 * contexts. This is a fully schedulable context.
1007 	 */
1008 
1009 	ret = ath10k_sdio_mbox_read_int_status(ar,
1010 					       &host_int_status,
1011 					       &lookahead);
1012 	if (ret) {
1013 		*done = true;
1014 		goto out;
1015 	}
1016 
1017 	if (!host_int_status && !lookahead) {
1018 		ret = 0;
1019 		*done = true;
1020 		goto out;
1021 	}
1022 
1023 	if (lookahead) {
1024 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1025 			   "sdio pending mailbox msg lookahead 0x%08x\n",
1026 			   lookahead);
1027 
1028 		ret = ath10k_sdio_mbox_rxmsg_pending_handler(ar,
1029 							     lookahead,
1030 							     done);
1031 		if (ret)
1032 			goto out;
1033 	}
1034 
1035 	/* now, handle the rest of the interrupts */
1036 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
1037 		   "sdio host_int_status 0x%x\n", host_int_status);
1038 
1039 	if (FIELD_GET(MBOX_HOST_INT_STATUS_CPU_MASK, host_int_status)) {
1040 		/* CPU Interrupt */
1041 		ret = ath10k_sdio_mbox_proc_cpu_intr(ar);
1042 		if (ret)
1043 			goto out;
1044 	}
1045 
1046 	if (FIELD_GET(MBOX_HOST_INT_STATUS_ERROR_MASK, host_int_status)) {
1047 		/* Error Interrupt */
1048 		ret = ath10k_sdio_mbox_proc_err_intr(ar);
1049 		if (ret)
1050 			goto out;
1051 	}
1052 
1053 	if (FIELD_GET(MBOX_HOST_INT_STATUS_COUNTER_MASK, host_int_status))
1054 		/* Counter Interrupt */
1055 		ret = ath10k_sdio_mbox_proc_counter_intr(ar);
1056 
1057 	ret = 0;
1058 
1059 out:
1060 	/* An optimization to bypass reading the IRQ status registers
1061 	 * unnecessarily which can re-wake the target, if upper layers
1062 	 * determine that we are in a low-throughput mode, we can rely on
1063 	 * taking another interrupt rather than re-checking the status
1064 	 * registers which can re-wake the target.
1065 	 *
1066 	 * NOTE : for host interfaces that makes use of detecting pending
1067 	 * mbox messages at hif can not use this optimization due to
1068 	 * possible side effects, SPI requires the host to drain all
1069 	 * messages from the mailbox before exiting the ISR routine.
1070 	 */
1071 
1072 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
1073 		   "sdio pending irqs done %d status %d",
1074 		   *done, ret);
1075 
1076 	return ret;
1077 }
1078 
1079 static void ath10k_sdio_set_mbox_info(struct ath10k *ar)
1080 {
1081 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1082 	struct ath10k_mbox_info *mbox_info = &ar_sdio->mbox_info;
1083 	u16 device = ar_sdio->func->device, dev_id_base, dev_id_chiprev;
1084 
1085 	mbox_info->htc_addr = ATH10K_HIF_MBOX_BASE_ADDR;
1086 	mbox_info->block_size = ATH10K_HIF_MBOX_BLOCK_SIZE;
1087 	mbox_info->block_mask = ATH10K_HIF_MBOX_BLOCK_SIZE - 1;
1088 	mbox_info->gmbox_addr = ATH10K_HIF_GMBOX_BASE_ADDR;
1089 	mbox_info->gmbox_sz = ATH10K_HIF_GMBOX_WIDTH;
1090 
1091 	mbox_info->ext_info[0].htc_ext_addr = ATH10K_HIF_MBOX0_EXT_BASE_ADDR;
1092 
1093 	dev_id_base = (device & 0x0F00);
1094 	dev_id_chiprev = (device & 0x00FF);
1095 	switch (dev_id_base) {
1096 	case (SDIO_DEVICE_ID_ATHEROS_AR6005 & 0x0F00):
1097 		if (dev_id_chiprev < 4)
1098 			mbox_info->ext_info[0].htc_ext_sz =
1099 				ATH10K_HIF_MBOX0_EXT_WIDTH;
1100 		else
1101 			/* from QCA6174 2.0(0x504), the width has been extended
1102 			 * to 56K
1103 			 */
1104 			mbox_info->ext_info[0].htc_ext_sz =
1105 				ATH10K_HIF_MBOX0_EXT_WIDTH_ROME_2_0;
1106 		break;
1107 	case (SDIO_DEVICE_ID_ATHEROS_QCA9377 & 0x0F00):
1108 		mbox_info->ext_info[0].htc_ext_sz =
1109 			ATH10K_HIF_MBOX0_EXT_WIDTH_ROME_2_0;
1110 		break;
1111 	default:
1112 		mbox_info->ext_info[0].htc_ext_sz =
1113 				ATH10K_HIF_MBOX0_EXT_WIDTH;
1114 	}
1115 
1116 	mbox_info->ext_info[1].htc_ext_addr =
1117 		mbox_info->ext_info[0].htc_ext_addr +
1118 		mbox_info->ext_info[0].htc_ext_sz +
1119 		ATH10K_HIF_MBOX_DUMMY_SPACE_SIZE;
1120 	mbox_info->ext_info[1].htc_ext_sz = ATH10K_HIF_MBOX1_EXT_WIDTH;
1121 }
1122 
1123 /* BMI functions */
1124 
1125 static int ath10k_sdio_bmi_credits(struct ath10k *ar)
1126 {
1127 	u32 addr, cmd_credits;
1128 	unsigned long timeout;
1129 	int ret;
1130 
1131 	/* Read the counter register to get the command credits */
1132 	addr = MBOX_COUNT_DEC_ADDRESS + ATH10K_HIF_MBOX_NUM_MAX * 4;
1133 	timeout = jiffies + BMI_COMMUNICATION_TIMEOUT_HZ;
1134 	cmd_credits = 0;
1135 
1136 	while (time_before(jiffies, timeout) && !cmd_credits) {
1137 		/* Hit the credit counter with a 4-byte access, the first byte
1138 		 * read will hit the counter and cause a decrement, while the
1139 		 * remaining 3 bytes has no effect. The rationale behind this
1140 		 * is to make all HIF accesses 4-byte aligned.
1141 		 */
1142 		ret = ath10k_sdio_read32(ar, addr, &cmd_credits);
1143 		if (ret) {
1144 			ath10k_warn(ar,
1145 				    "unable to decrement the command credit count register: %d\n",
1146 				    ret);
1147 			return ret;
1148 		}
1149 
1150 		/* The counter is only 8 bits.
1151 		 * Ignore anything in the upper 3 bytes
1152 		 */
1153 		cmd_credits &= 0xFF;
1154 	}
1155 
1156 	if (!cmd_credits) {
1157 		ath10k_warn(ar, "bmi communication timeout\n");
1158 		return -ETIMEDOUT;
1159 	}
1160 
1161 	return 0;
1162 }
1163 
1164 static int ath10k_sdio_bmi_get_rx_lookahead(struct ath10k *ar)
1165 {
1166 	unsigned long timeout;
1167 	u32 rx_word;
1168 	int ret;
1169 
1170 	timeout = jiffies + BMI_COMMUNICATION_TIMEOUT_HZ;
1171 	rx_word = 0;
1172 
1173 	while ((time_before(jiffies, timeout)) && !rx_word) {
1174 		ret = ath10k_sdio_read32(ar,
1175 					 MBOX_HOST_INT_STATUS_ADDRESS,
1176 					 &rx_word);
1177 		if (ret) {
1178 			ath10k_warn(ar, "unable to read RX_LOOKAHEAD_VALID: %d\n", ret);
1179 			return ret;
1180 		}
1181 
1182 		 /* all we really want is one bit */
1183 		rx_word &= 1;
1184 	}
1185 
1186 	if (!rx_word) {
1187 		ath10k_warn(ar, "bmi_recv_buf FIFO empty\n");
1188 		return -EINVAL;
1189 	}
1190 
1191 	return ret;
1192 }
1193 
1194 static int ath10k_sdio_bmi_exchange_msg(struct ath10k *ar,
1195 					void *req, u32 req_len,
1196 					void *resp, u32 *resp_len)
1197 {
1198 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1199 	u32 addr;
1200 	int ret;
1201 
1202 	if (req) {
1203 		ret = ath10k_sdio_bmi_credits(ar);
1204 		if (ret)
1205 			return ret;
1206 
1207 		addr = ar_sdio->mbox_info.htc_addr;
1208 
1209 		memcpy(ar_sdio->bmi_buf, req, req_len);
1210 		ret = ath10k_sdio_write(ar, addr, ar_sdio->bmi_buf, req_len);
1211 		if (ret) {
1212 			ath10k_warn(ar,
1213 				    "unable to send the bmi data to the device: %d\n",
1214 				    ret);
1215 			return ret;
1216 		}
1217 	}
1218 
1219 	if (!resp || !resp_len)
1220 		/* No response expected */
1221 		return 0;
1222 
1223 	/* During normal bootup, small reads may be required.
1224 	 * Rather than issue an HIF Read and then wait as the Target
1225 	 * adds successive bytes to the FIFO, we wait here until
1226 	 * we know that response data is available.
1227 	 *
1228 	 * This allows us to cleanly timeout on an unexpected
1229 	 * Target failure rather than risk problems at the HIF level.
1230 	 * In particular, this avoids SDIO timeouts and possibly garbage
1231 	 * data on some host controllers.  And on an interconnect
1232 	 * such as Compact Flash (as well as some SDIO masters) which
1233 	 * does not provide any indication on data timeout, it avoids
1234 	 * a potential hang or garbage response.
1235 	 *
1236 	 * Synchronization is more difficult for reads larger than the
1237 	 * size of the MBOX FIFO (128B), because the Target is unable
1238 	 * to push the 129th byte of data until AFTER the Host posts an
1239 	 * HIF Read and removes some FIFO data.  So for large reads the
1240 	 * Host proceeds to post an HIF Read BEFORE all the data is
1241 	 * actually available to read.  Fortunately, large BMI reads do
1242 	 * not occur in practice -- they're supported for debug/development.
1243 	 *
1244 	 * So Host/Target BMI synchronization is divided into these cases:
1245 	 *  CASE 1: length < 4
1246 	 *        Should not happen
1247 	 *
1248 	 *  CASE 2: 4 <= length <= 128
1249 	 *        Wait for first 4 bytes to be in FIFO
1250 	 *        If CONSERVATIVE_BMI_READ is enabled, also wait for
1251 	 *        a BMI command credit, which indicates that the ENTIRE
1252 	 *        response is available in the FIFO
1253 	 *
1254 	 *  CASE 3: length > 128
1255 	 *        Wait for the first 4 bytes to be in FIFO
1256 	 *
1257 	 * For most uses, a small timeout should be sufficient and we will
1258 	 * usually see a response quickly; but there may be some unusual
1259 	 * (debug) cases of BMI_EXECUTE where we want an larger timeout.
1260 	 * For now, we use an unbounded busy loop while waiting for
1261 	 * BMI_EXECUTE.
1262 	 *
1263 	 * If BMI_EXECUTE ever needs to support longer-latency execution,
1264 	 * especially in production, this code needs to be enhanced to sleep
1265 	 * and yield.  Also note that BMI_COMMUNICATION_TIMEOUT is currently
1266 	 * a function of Host processor speed.
1267 	 */
1268 	ret = ath10k_sdio_bmi_get_rx_lookahead(ar);
1269 	if (ret)
1270 		return ret;
1271 
1272 	/* We always read from the start of the mbox address */
1273 	addr = ar_sdio->mbox_info.htc_addr;
1274 	ret = ath10k_sdio_read(ar, addr, ar_sdio->bmi_buf, *resp_len);
1275 	if (ret) {
1276 		ath10k_warn(ar,
1277 			    "unable to read the bmi data from the device: %d\n",
1278 			    ret);
1279 		return ret;
1280 	}
1281 
1282 	memcpy(resp, ar_sdio->bmi_buf, *resp_len);
1283 
1284 	return 0;
1285 }
1286 
1287 /* sdio async handling functions */
1288 
1289 static struct ath10k_sdio_bus_request
1290 *ath10k_sdio_alloc_busreq(struct ath10k *ar)
1291 {
1292 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1293 	struct ath10k_sdio_bus_request *bus_req;
1294 
1295 	spin_lock_bh(&ar_sdio->lock);
1296 
1297 	if (list_empty(&ar_sdio->bus_req_freeq)) {
1298 		bus_req = NULL;
1299 		goto out;
1300 	}
1301 
1302 	bus_req = list_first_entry(&ar_sdio->bus_req_freeq,
1303 				   struct ath10k_sdio_bus_request, list);
1304 	list_del(&bus_req->list);
1305 
1306 out:
1307 	spin_unlock_bh(&ar_sdio->lock);
1308 	return bus_req;
1309 }
1310 
1311 static void ath10k_sdio_free_bus_req(struct ath10k *ar,
1312 				     struct ath10k_sdio_bus_request *bus_req)
1313 {
1314 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1315 
1316 	memset(bus_req, 0, sizeof(*bus_req));
1317 
1318 	spin_lock_bh(&ar_sdio->lock);
1319 	list_add_tail(&bus_req->list, &ar_sdio->bus_req_freeq);
1320 	spin_unlock_bh(&ar_sdio->lock);
1321 }
1322 
1323 static void __ath10k_sdio_write_async(struct ath10k *ar,
1324 				      struct ath10k_sdio_bus_request *req)
1325 {
1326 	struct ath10k_htc_ep *ep;
1327 	struct sk_buff *skb;
1328 	int ret;
1329 
1330 	skb = req->skb;
1331 	ret = ath10k_sdio_write(ar, req->address, skb->data, skb->len);
1332 	if (ret)
1333 		ath10k_warn(ar, "failed to write skb to 0x%x asynchronously: %d",
1334 			    req->address, ret);
1335 
1336 	if (req->htc_msg) {
1337 		ep = &ar->htc.endpoint[req->eid];
1338 		ath10k_htc_notify_tx_completion(ep, skb);
1339 	} else if (req->comp) {
1340 		complete(req->comp);
1341 	}
1342 
1343 	ath10k_sdio_free_bus_req(ar, req);
1344 }
1345 
1346 /* To improve throughput use workqueue to deliver packets to HTC layer,
1347  * this way SDIO bus is utilised much better.
1348  */
1349 static void ath10k_rx_indication_async_work(struct work_struct *work)
1350 {
1351 	struct ath10k_sdio *ar_sdio = container_of(work, struct ath10k_sdio,
1352 						   async_work_rx);
1353 	struct ath10k *ar = ar_sdio->ar;
1354 	struct ath10k_htc_ep *ep;
1355 	struct ath10k_skb_rxcb *cb;
1356 	struct sk_buff *skb;
1357 
1358 	while (true) {
1359 		skb = skb_dequeue(&ar_sdio->rx_head);
1360 		if (!skb)
1361 			break;
1362 		cb = ATH10K_SKB_RXCB(skb);
1363 		ep = &ar->htc.endpoint[cb->eid];
1364 		ep->ep_ops.ep_rx_complete(ar, skb);
1365 	}
1366 
1367 	if (test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags)) {
1368 		local_bh_disable();
1369 		napi_schedule(&ar->napi);
1370 		local_bh_enable();
1371 	}
1372 }
1373 
1374 static int ath10k_sdio_read_rtc_state(struct ath10k_sdio *ar_sdio, unsigned char *state)
1375 {
1376 	struct ath10k *ar = ar_sdio->ar;
1377 	unsigned char rtc_state = 0;
1378 	int ret = 0;
1379 
1380 	rtc_state = sdio_f0_readb(ar_sdio->func, ATH10K_CIS_RTC_STATE_ADDR, &ret);
1381 	if (ret) {
1382 		ath10k_warn(ar, "failed to read rtc state: %d\n", ret);
1383 		return ret;
1384 	}
1385 
1386 	*state = rtc_state & 0x3;
1387 
1388 	return ret;
1389 }
1390 
1391 static int ath10k_sdio_set_mbox_sleep(struct ath10k *ar, bool enable_sleep)
1392 {
1393 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1394 	u32 val;
1395 	int retry = ATH10K_CIS_READ_RETRY, ret = 0;
1396 	unsigned char rtc_state = 0;
1397 
1398 	sdio_claim_host(ar_sdio->func);
1399 
1400 	ret = ath10k_sdio_read32(ar, ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL, &val);
1401 	if (ret) {
1402 		ath10k_warn(ar, "failed to read fifo/chip control register: %d\n",
1403 			    ret);
1404 		goto release;
1405 	}
1406 
1407 	if (enable_sleep) {
1408 		val &= ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL_DISABLE_SLEEP_OFF;
1409 		ar_sdio->mbox_state = SDIO_MBOX_SLEEP_STATE;
1410 	} else {
1411 		val |= ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL_DISABLE_SLEEP_ON;
1412 		ar_sdio->mbox_state = SDIO_MBOX_AWAKE_STATE;
1413 	}
1414 
1415 	ret = ath10k_sdio_write32(ar, ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL, val);
1416 	if (ret) {
1417 		ath10k_warn(ar, "failed to write to FIFO_TIMEOUT_AND_CHIP_CONTROL: %d",
1418 			    ret);
1419 	}
1420 
1421 	if (!enable_sleep) {
1422 		do {
1423 			udelay(ATH10K_CIS_READ_WAIT_4_RTC_CYCLE_IN_US);
1424 			ret = ath10k_sdio_read_rtc_state(ar_sdio, &rtc_state);
1425 
1426 			if (ret) {
1427 				ath10k_warn(ar, "failed to disable mbox sleep: %d", ret);
1428 				break;
1429 			}
1430 
1431 			ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio read rtc state: %d\n",
1432 				   rtc_state);
1433 
1434 			if (rtc_state == ATH10K_CIS_RTC_STATE_ON)
1435 				break;
1436 
1437 			udelay(ATH10K_CIS_XTAL_SETTLE_DURATION_IN_US);
1438 			retry--;
1439 		} while (retry > 0);
1440 	}
1441 
1442 release:
1443 	sdio_release_host(ar_sdio->func);
1444 
1445 	return ret;
1446 }
1447 
1448 static void ath10k_sdio_sleep_timer_handler(struct timer_list *t)
1449 {
1450 	struct ath10k_sdio *ar_sdio = from_timer(ar_sdio, t, sleep_timer);
1451 
1452 	ar_sdio->mbox_state = SDIO_MBOX_REQUEST_TO_SLEEP_STATE;
1453 	queue_work(ar_sdio->workqueue, &ar_sdio->wr_async_work);
1454 }
1455 
1456 static void ath10k_sdio_write_async_work(struct work_struct *work)
1457 {
1458 	struct ath10k_sdio *ar_sdio = container_of(work, struct ath10k_sdio,
1459 						   wr_async_work);
1460 	struct ath10k *ar = ar_sdio->ar;
1461 	struct ath10k_sdio_bus_request *req, *tmp_req;
1462 	struct ath10k_mbox_info *mbox_info = &ar_sdio->mbox_info;
1463 
1464 	spin_lock_bh(&ar_sdio->wr_async_lock);
1465 
1466 	list_for_each_entry_safe(req, tmp_req, &ar_sdio->wr_asyncq, list) {
1467 		list_del(&req->list);
1468 		spin_unlock_bh(&ar_sdio->wr_async_lock);
1469 
1470 		if (req->address >= mbox_info->htc_addr &&
1471 		    ar_sdio->mbox_state == SDIO_MBOX_SLEEP_STATE) {
1472 			ath10k_sdio_set_mbox_sleep(ar, false);
1473 			mod_timer(&ar_sdio->sleep_timer, jiffies +
1474 				  msecs_to_jiffies(ATH10K_MIN_SLEEP_INACTIVITY_TIME_MS));
1475 		}
1476 
1477 		__ath10k_sdio_write_async(ar, req);
1478 		spin_lock_bh(&ar_sdio->wr_async_lock);
1479 	}
1480 
1481 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1482 
1483 	if (ar_sdio->mbox_state == SDIO_MBOX_REQUEST_TO_SLEEP_STATE)
1484 		ath10k_sdio_set_mbox_sleep(ar, true);
1485 }
1486 
1487 static int ath10k_sdio_prep_async_req(struct ath10k *ar, u32 addr,
1488 				      struct sk_buff *skb,
1489 				      struct completion *comp,
1490 				      bool htc_msg, enum ath10k_htc_ep_id eid)
1491 {
1492 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1493 	struct ath10k_sdio_bus_request *bus_req;
1494 
1495 	/* Allocate a bus request for the message and queue it on the
1496 	 * SDIO workqueue.
1497 	 */
1498 	bus_req = ath10k_sdio_alloc_busreq(ar);
1499 	if (!bus_req) {
1500 		ath10k_warn(ar,
1501 			    "unable to allocate bus request for async request\n");
1502 		return -ENOMEM;
1503 	}
1504 
1505 	bus_req->skb = skb;
1506 	bus_req->eid = eid;
1507 	bus_req->address = addr;
1508 	bus_req->htc_msg = htc_msg;
1509 	bus_req->comp = comp;
1510 
1511 	spin_lock_bh(&ar_sdio->wr_async_lock);
1512 	list_add_tail(&bus_req->list, &ar_sdio->wr_asyncq);
1513 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1514 
1515 	return 0;
1516 }
1517 
1518 /* IRQ handler */
1519 
1520 static void ath10k_sdio_irq_handler(struct sdio_func *func)
1521 {
1522 	struct ath10k_sdio *ar_sdio = sdio_get_drvdata(func);
1523 	struct ath10k *ar = ar_sdio->ar;
1524 	unsigned long timeout;
1525 	bool done = false;
1526 	int ret;
1527 
1528 	/* Release the host during interrupts so we can pick it back up when
1529 	 * we process commands.
1530 	 */
1531 	sdio_release_host(ar_sdio->func);
1532 
1533 	timeout = jiffies + ATH10K_SDIO_HIF_COMMUNICATION_TIMEOUT_HZ;
1534 	do {
1535 		ret = ath10k_sdio_mbox_proc_pending_irqs(ar, &done);
1536 		if (ret)
1537 			break;
1538 	} while (time_before(jiffies, timeout) && !done);
1539 
1540 	ath10k_mac_tx_push_pending(ar);
1541 
1542 	sdio_claim_host(ar_sdio->func);
1543 
1544 	if (ret && ret != -ECANCELED)
1545 		ath10k_warn(ar, "failed to process pending SDIO interrupts: %d\n",
1546 			    ret);
1547 }
1548 
1549 /* sdio HIF functions */
1550 
1551 static int ath10k_sdio_disable_intrs(struct ath10k *ar)
1552 {
1553 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1554 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1555 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1556 	int ret;
1557 
1558 	mutex_lock(&irq_data->mtx);
1559 
1560 	memset(regs, 0, sizeof(*regs));
1561 	ret = ath10k_sdio_write(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1562 				&regs->int_status_en, sizeof(*regs));
1563 	if (ret)
1564 		ath10k_warn(ar, "unable to disable sdio interrupts: %d\n", ret);
1565 
1566 	mutex_unlock(&irq_data->mtx);
1567 
1568 	return ret;
1569 }
1570 
1571 static int ath10k_sdio_hif_power_up(struct ath10k *ar,
1572 				    enum ath10k_firmware_mode fw_mode)
1573 {
1574 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1575 	struct sdio_func *func = ar_sdio->func;
1576 	int ret;
1577 
1578 	if (!ar_sdio->is_disabled)
1579 		return 0;
1580 
1581 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio power on\n");
1582 
1583 	ret = ath10k_sdio_config(ar);
1584 	if (ret) {
1585 		ath10k_err(ar, "failed to config sdio: %d\n", ret);
1586 		return ret;
1587 	}
1588 
1589 	sdio_claim_host(func);
1590 
1591 	ret = sdio_enable_func(func);
1592 	if (ret) {
1593 		ath10k_warn(ar, "unable to enable sdio function: %d)\n", ret);
1594 		sdio_release_host(func);
1595 		return ret;
1596 	}
1597 
1598 	sdio_release_host(func);
1599 
1600 	/* Wait for hardware to initialise. It should take a lot less than
1601 	 * 20 ms but let's be conservative here.
1602 	 */
1603 	msleep(20);
1604 
1605 	ar_sdio->is_disabled = false;
1606 
1607 	ret = ath10k_sdio_disable_intrs(ar);
1608 	if (ret)
1609 		return ret;
1610 
1611 	return 0;
1612 }
1613 
1614 static void ath10k_sdio_hif_power_down(struct ath10k *ar)
1615 {
1616 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1617 	int ret;
1618 
1619 	if (ar_sdio->is_disabled)
1620 		return;
1621 
1622 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio power off\n");
1623 
1624 	del_timer_sync(&ar_sdio->sleep_timer);
1625 	ath10k_sdio_set_mbox_sleep(ar, true);
1626 
1627 	/* Disable the card */
1628 	sdio_claim_host(ar_sdio->func);
1629 
1630 	ret = sdio_disable_func(ar_sdio->func);
1631 	if (ret) {
1632 		ath10k_warn(ar, "unable to disable sdio function: %d\n", ret);
1633 		sdio_release_host(ar_sdio->func);
1634 		return;
1635 	}
1636 
1637 	ret = mmc_hw_reset(ar_sdio->func->card);
1638 	if (ret)
1639 		ath10k_warn(ar, "unable to reset sdio: %d\n", ret);
1640 
1641 	sdio_release_host(ar_sdio->func);
1642 
1643 	ar_sdio->is_disabled = true;
1644 }
1645 
1646 static int ath10k_sdio_hif_tx_sg(struct ath10k *ar, u8 pipe_id,
1647 				 struct ath10k_hif_sg_item *items, int n_items)
1648 {
1649 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1650 	enum ath10k_htc_ep_id eid;
1651 	struct sk_buff *skb;
1652 	int ret, i;
1653 
1654 	eid = pipe_id_to_eid(pipe_id);
1655 
1656 	for (i = 0; i < n_items; i++) {
1657 		size_t padded_len;
1658 		u32 address;
1659 
1660 		skb = items[i].transfer_context;
1661 		padded_len = ath10k_sdio_calc_txrx_padded_len(ar_sdio,
1662 							      skb->len);
1663 		skb_trim(skb, padded_len);
1664 
1665 		/* Write TX data to the end of the mbox address space */
1666 		address = ar_sdio->mbox_addr[eid] + ar_sdio->mbox_size[eid] -
1667 			  skb->len;
1668 		ret = ath10k_sdio_prep_async_req(ar, address, skb,
1669 						 NULL, true, eid);
1670 		if (ret)
1671 			return ret;
1672 	}
1673 
1674 	queue_work(ar_sdio->workqueue, &ar_sdio->wr_async_work);
1675 
1676 	return 0;
1677 }
1678 
1679 static int ath10k_sdio_enable_intrs(struct ath10k *ar)
1680 {
1681 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1682 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1683 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1684 	int ret;
1685 
1686 	mutex_lock(&irq_data->mtx);
1687 
1688 	/* Enable all but CPU interrupts */
1689 	regs->int_status_en = FIELD_PREP(MBOX_INT_STATUS_ENABLE_ERROR_MASK, 1) |
1690 			      FIELD_PREP(MBOX_INT_STATUS_ENABLE_CPU_MASK, 1) |
1691 			      FIELD_PREP(MBOX_INT_STATUS_ENABLE_COUNTER_MASK, 1);
1692 
1693 	/* NOTE: There are some cases where HIF can do detection of
1694 	 * pending mbox messages which is disabled now.
1695 	 */
1696 	regs->int_status_en |=
1697 		FIELD_PREP(MBOX_INT_STATUS_ENABLE_MBOX_DATA_MASK, 1);
1698 
1699 	/* Set up the CPU Interrupt Status Register, enable CPU sourced interrupt #0
1700 	 * #0 is used for report assertion from target
1701 	 */
1702 	regs->cpu_int_status_en = FIELD_PREP(MBOX_CPU_STATUS_ENABLE_ASSERT_MASK, 1);
1703 
1704 	/* Set up the Error Interrupt status Register */
1705 	regs->err_int_status_en =
1706 		FIELD_PREP(MBOX_ERROR_STATUS_ENABLE_RX_UNDERFLOW_MASK, 1) |
1707 		FIELD_PREP(MBOX_ERROR_STATUS_ENABLE_TX_OVERFLOW_MASK, 1);
1708 
1709 	/* Enable Counter interrupt status register to get fatal errors for
1710 	 * debugging.
1711 	 */
1712 	regs->cntr_int_status_en =
1713 		FIELD_PREP(MBOX_COUNTER_INT_STATUS_ENABLE_BIT_MASK,
1714 			   ATH10K_SDIO_TARGET_DEBUG_INTR_MASK);
1715 
1716 	ret = ath10k_sdio_write(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1717 				&regs->int_status_en, sizeof(*regs));
1718 	if (ret)
1719 		ath10k_warn(ar,
1720 			    "failed to update mbox interrupt status register : %d\n",
1721 			    ret);
1722 
1723 	mutex_unlock(&irq_data->mtx);
1724 	return ret;
1725 }
1726 
1727 /* HIF diagnostics */
1728 
1729 static int ath10k_sdio_hif_diag_read(struct ath10k *ar, u32 address, void *buf,
1730 				     size_t buf_len)
1731 {
1732 	int ret;
1733 	void *mem;
1734 
1735 	mem = kzalloc(buf_len, GFP_KERNEL);
1736 	if (!mem)
1737 		return -ENOMEM;
1738 
1739 	/* set window register to start read cycle */
1740 	ret = ath10k_sdio_write32(ar, MBOX_WINDOW_READ_ADDR_ADDRESS, address);
1741 	if (ret) {
1742 		ath10k_warn(ar, "failed to set mbox window read address: %d", ret);
1743 		goto out;
1744 	}
1745 
1746 	/* read the data */
1747 	ret = ath10k_sdio_read(ar, MBOX_WINDOW_DATA_ADDRESS, mem, buf_len);
1748 	if (ret) {
1749 		ath10k_warn(ar, "failed to read from mbox window data address: %d\n",
1750 			    ret);
1751 		goto out;
1752 	}
1753 
1754 	memcpy(buf, mem, buf_len);
1755 
1756 out:
1757 	kfree(mem);
1758 
1759 	return ret;
1760 }
1761 
1762 static int ath10k_sdio_diag_read32(struct ath10k *ar, u32 address,
1763 				   u32 *value)
1764 {
1765 	__le32 *val;
1766 	int ret;
1767 
1768 	val = kzalloc(sizeof(*val), GFP_KERNEL);
1769 	if (!val)
1770 		return -ENOMEM;
1771 
1772 	ret = ath10k_sdio_hif_diag_read(ar, address, val, sizeof(*val));
1773 	if (ret)
1774 		goto out;
1775 
1776 	*value = __le32_to_cpu(*val);
1777 
1778 out:
1779 	kfree(val);
1780 
1781 	return ret;
1782 }
1783 
1784 static int ath10k_sdio_hif_diag_write_mem(struct ath10k *ar, u32 address,
1785 					  const void *data, int nbytes)
1786 {
1787 	int ret;
1788 
1789 	/* set write data */
1790 	ret = ath10k_sdio_write(ar, MBOX_WINDOW_DATA_ADDRESS, data, nbytes);
1791 	if (ret) {
1792 		ath10k_warn(ar,
1793 			    "failed to write 0x%p to mbox window data address: %d\n",
1794 			    data, ret);
1795 		return ret;
1796 	}
1797 
1798 	/* set window register, which starts the write cycle */
1799 	ret = ath10k_sdio_write32(ar, MBOX_WINDOW_WRITE_ADDR_ADDRESS, address);
1800 	if (ret) {
1801 		ath10k_warn(ar, "failed to set mbox window write address: %d", ret);
1802 		return ret;
1803 	}
1804 
1805 	return 0;
1806 }
1807 
1808 static int ath10k_sdio_hif_start_post(struct ath10k *ar)
1809 {
1810 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1811 	u32 addr, val;
1812 	int ret = 0;
1813 
1814 	addr = host_interest_item_address(HI_ITEM(hi_acs_flags));
1815 
1816 	ret = ath10k_sdio_diag_read32(ar, addr, &val);
1817 	if (ret) {
1818 		ath10k_warn(ar, "unable to read hi_acs_flags : %d\n", ret);
1819 		return ret;
1820 	}
1821 
1822 	if (val & HI_ACS_FLAGS_SDIO_SWAP_MAILBOX_FW_ACK) {
1823 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1824 			   "sdio mailbox swap service enabled\n");
1825 		ar_sdio->swap_mbox = true;
1826 	} else {
1827 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1828 			   "sdio mailbox swap service disabled\n");
1829 		ar_sdio->swap_mbox = false;
1830 	}
1831 
1832 	ath10k_sdio_set_mbox_sleep(ar, true);
1833 
1834 	return 0;
1835 }
1836 
1837 static int ath10k_sdio_get_htt_tx_complete(struct ath10k *ar)
1838 {
1839 	u32 addr, val;
1840 	int ret;
1841 
1842 	addr = host_interest_item_address(HI_ITEM(hi_acs_flags));
1843 
1844 	ret = ath10k_sdio_diag_read32(ar, addr, &val);
1845 	if (ret) {
1846 		ath10k_warn(ar,
1847 			    "unable to read hi_acs_flags for htt tx comple : %d\n", ret);
1848 		return ret;
1849 	}
1850 
1851 	ret = (val & HI_ACS_FLAGS_SDIO_REDUCE_TX_COMPL_FW_ACK);
1852 
1853 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio reduce tx complete fw%sack\n",
1854 		   ret ? " " : " not ");
1855 
1856 	return ret;
1857 }
1858 
1859 /* HIF start/stop */
1860 
1861 static int ath10k_sdio_hif_start(struct ath10k *ar)
1862 {
1863 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1864 	int ret;
1865 
1866 	ath10k_core_napi_enable(ar);
1867 
1868 	/* Sleep 20 ms before HIF interrupts are disabled.
1869 	 * This will give target plenty of time to process the BMI done
1870 	 * request before interrupts are disabled.
1871 	 */
1872 	msleep(20);
1873 	ret = ath10k_sdio_disable_intrs(ar);
1874 	if (ret)
1875 		return ret;
1876 
1877 	/* eid 0 always uses the lower part of the extended mailbox address
1878 	 * space (ext_info[0].htc_ext_addr).
1879 	 */
1880 	ar_sdio->mbox_addr[0] = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
1881 	ar_sdio->mbox_size[0] = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
1882 
1883 	sdio_claim_host(ar_sdio->func);
1884 
1885 	/* Register the isr */
1886 	ret =  sdio_claim_irq(ar_sdio->func, ath10k_sdio_irq_handler);
1887 	if (ret) {
1888 		ath10k_warn(ar, "failed to claim sdio interrupt: %d\n", ret);
1889 		sdio_release_host(ar_sdio->func);
1890 		return ret;
1891 	}
1892 
1893 	sdio_release_host(ar_sdio->func);
1894 
1895 	ret = ath10k_sdio_enable_intrs(ar);
1896 	if (ret)
1897 		ath10k_warn(ar, "failed to enable sdio interrupts: %d\n", ret);
1898 
1899 	/* Enable sleep and then disable it again */
1900 	ret = ath10k_sdio_set_mbox_sleep(ar, true);
1901 	if (ret)
1902 		return ret;
1903 
1904 	/* Wait for 20ms for the written value to take effect */
1905 	msleep(20);
1906 
1907 	ret = ath10k_sdio_set_mbox_sleep(ar, false);
1908 	if (ret)
1909 		return ret;
1910 
1911 	return 0;
1912 }
1913 
1914 #define SDIO_IRQ_DISABLE_TIMEOUT_HZ (3 * HZ)
1915 
1916 static void ath10k_sdio_irq_disable(struct ath10k *ar)
1917 {
1918 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1919 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1920 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1921 	struct sk_buff *skb;
1922 	struct completion irqs_disabled_comp;
1923 	int ret;
1924 
1925 	skb = dev_alloc_skb(sizeof(*regs));
1926 	if (!skb)
1927 		return;
1928 
1929 	mutex_lock(&irq_data->mtx);
1930 
1931 	memset(regs, 0, sizeof(*regs)); /* disable all interrupts */
1932 	memcpy(skb->data, regs, sizeof(*regs));
1933 	skb_put(skb, sizeof(*regs));
1934 
1935 	mutex_unlock(&irq_data->mtx);
1936 
1937 	init_completion(&irqs_disabled_comp);
1938 	ret = ath10k_sdio_prep_async_req(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1939 					 skb, &irqs_disabled_comp, false, 0);
1940 	if (ret)
1941 		goto out;
1942 
1943 	queue_work(ar_sdio->workqueue, &ar_sdio->wr_async_work);
1944 
1945 	/* Wait for the completion of the IRQ disable request.
1946 	 * If there is a timeout we will try to disable irq's anyway.
1947 	 */
1948 	ret = wait_for_completion_timeout(&irqs_disabled_comp,
1949 					  SDIO_IRQ_DISABLE_TIMEOUT_HZ);
1950 	if (!ret)
1951 		ath10k_warn(ar, "sdio irq disable request timed out\n");
1952 
1953 	sdio_claim_host(ar_sdio->func);
1954 
1955 	ret = sdio_release_irq(ar_sdio->func);
1956 	if (ret)
1957 		ath10k_warn(ar, "failed to release sdio interrupt: %d\n", ret);
1958 
1959 	sdio_release_host(ar_sdio->func);
1960 
1961 out:
1962 	kfree_skb(skb);
1963 }
1964 
1965 static void ath10k_sdio_hif_stop(struct ath10k *ar)
1966 {
1967 	struct ath10k_sdio_bus_request *req, *tmp_req;
1968 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1969 	struct sk_buff *skb;
1970 
1971 	ath10k_sdio_irq_disable(ar);
1972 
1973 	cancel_work_sync(&ar_sdio->async_work_rx);
1974 
1975 	while ((skb = skb_dequeue(&ar_sdio->rx_head)))
1976 		dev_kfree_skb_any(skb);
1977 
1978 	cancel_work_sync(&ar_sdio->wr_async_work);
1979 
1980 	spin_lock_bh(&ar_sdio->wr_async_lock);
1981 
1982 	/* Free all bus requests that have not been handled */
1983 	list_for_each_entry_safe(req, tmp_req, &ar_sdio->wr_asyncq, list) {
1984 		struct ath10k_htc_ep *ep;
1985 
1986 		list_del(&req->list);
1987 
1988 		if (req->htc_msg) {
1989 			ep = &ar->htc.endpoint[req->eid];
1990 			ath10k_htc_notify_tx_completion(ep, req->skb);
1991 		} else if (req->skb) {
1992 			kfree_skb(req->skb);
1993 		}
1994 		ath10k_sdio_free_bus_req(ar, req);
1995 	}
1996 
1997 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1998 
1999 	ath10k_core_napi_sync_disable(ar);
2000 }
2001 
2002 #ifdef CONFIG_PM
2003 
2004 static int ath10k_sdio_hif_suspend(struct ath10k *ar)
2005 {
2006 	return 0;
2007 }
2008 
2009 static int ath10k_sdio_hif_resume(struct ath10k *ar)
2010 {
2011 	switch (ar->state) {
2012 	case ATH10K_STATE_OFF:
2013 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
2014 			   "sdio resume configuring sdio\n");
2015 
2016 		/* need to set sdio settings after power is cut from sdio */
2017 		ath10k_sdio_config(ar);
2018 		break;
2019 
2020 	case ATH10K_STATE_ON:
2021 	default:
2022 		break;
2023 	}
2024 
2025 	return 0;
2026 }
2027 #endif
2028 
2029 static int ath10k_sdio_hif_map_service_to_pipe(struct ath10k *ar,
2030 					       u16 service_id,
2031 					       u8 *ul_pipe, u8 *dl_pipe)
2032 {
2033 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
2034 	struct ath10k_htc *htc = &ar->htc;
2035 	u32 htt_addr, wmi_addr, htt_mbox_size, wmi_mbox_size;
2036 	enum ath10k_htc_ep_id eid;
2037 	bool ep_found = false;
2038 	int i;
2039 
2040 	/* For sdio, we are interested in the mapping between eid
2041 	 * and pipeid rather than service_id to pipe_id.
2042 	 * First we find out which eid has been allocated to the
2043 	 * service...
2044 	 */
2045 	for (i = 0; i < ATH10K_HTC_EP_COUNT; i++) {
2046 		if (htc->endpoint[i].service_id == service_id) {
2047 			eid = htc->endpoint[i].eid;
2048 			ep_found = true;
2049 			break;
2050 		}
2051 	}
2052 
2053 	if (!ep_found)
2054 		return -EINVAL;
2055 
2056 	/* Then we create the simplest mapping possible between pipeid
2057 	 * and eid
2058 	 */
2059 	*ul_pipe = *dl_pipe = (u8)eid;
2060 
2061 	/* Normally, HTT will use the upper part of the extended
2062 	 * mailbox address space (ext_info[1].htc_ext_addr) and WMI ctrl
2063 	 * the lower part (ext_info[0].htc_ext_addr).
2064 	 * If fw wants swapping of mailbox addresses, the opposite is true.
2065 	 */
2066 	if (ar_sdio->swap_mbox) {
2067 		htt_addr = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
2068 		wmi_addr = ar_sdio->mbox_info.ext_info[1].htc_ext_addr;
2069 		htt_mbox_size = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
2070 		wmi_mbox_size = ar_sdio->mbox_info.ext_info[1].htc_ext_sz;
2071 	} else {
2072 		htt_addr = ar_sdio->mbox_info.ext_info[1].htc_ext_addr;
2073 		wmi_addr = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
2074 		htt_mbox_size = ar_sdio->mbox_info.ext_info[1].htc_ext_sz;
2075 		wmi_mbox_size = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
2076 	}
2077 
2078 	switch (service_id) {
2079 	case ATH10K_HTC_SVC_ID_RSVD_CTRL:
2080 		/* HTC ctrl ep mbox address has already been setup in
2081 		 * ath10k_sdio_hif_start
2082 		 */
2083 		break;
2084 	case ATH10K_HTC_SVC_ID_WMI_CONTROL:
2085 		ar_sdio->mbox_addr[eid] = wmi_addr;
2086 		ar_sdio->mbox_size[eid] = wmi_mbox_size;
2087 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
2088 			   "sdio wmi ctrl mbox_addr 0x%x mbox_size %d\n",
2089 			   ar_sdio->mbox_addr[eid], ar_sdio->mbox_size[eid]);
2090 		break;
2091 	case ATH10K_HTC_SVC_ID_HTT_DATA_MSG:
2092 		ar_sdio->mbox_addr[eid] = htt_addr;
2093 		ar_sdio->mbox_size[eid] = htt_mbox_size;
2094 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
2095 			   "sdio htt data mbox_addr 0x%x mbox_size %d\n",
2096 			   ar_sdio->mbox_addr[eid], ar_sdio->mbox_size[eid]);
2097 		break;
2098 	default:
2099 		ath10k_warn(ar, "unsupported HTC service id: %d\n",
2100 			    service_id);
2101 		return -EINVAL;
2102 	}
2103 
2104 	return 0;
2105 }
2106 
2107 static void ath10k_sdio_hif_get_default_pipe(struct ath10k *ar,
2108 					     u8 *ul_pipe, u8 *dl_pipe)
2109 {
2110 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio hif get default pipe\n");
2111 
2112 	/* HTC ctrl ep (SVC id 1) always has eid (and pipe_id in our
2113 	 * case) == 0
2114 	 */
2115 	*ul_pipe = 0;
2116 	*dl_pipe = 0;
2117 }
2118 
2119 static const struct ath10k_hif_ops ath10k_sdio_hif_ops = {
2120 	.tx_sg			= ath10k_sdio_hif_tx_sg,
2121 	.diag_read		= ath10k_sdio_hif_diag_read,
2122 	.diag_write		= ath10k_sdio_hif_diag_write_mem,
2123 	.exchange_bmi_msg	= ath10k_sdio_bmi_exchange_msg,
2124 	.start			= ath10k_sdio_hif_start,
2125 	.stop			= ath10k_sdio_hif_stop,
2126 	.start_post		= ath10k_sdio_hif_start_post,
2127 	.get_htt_tx_complete	= ath10k_sdio_get_htt_tx_complete,
2128 	.map_service_to_pipe	= ath10k_sdio_hif_map_service_to_pipe,
2129 	.get_default_pipe	= ath10k_sdio_hif_get_default_pipe,
2130 	.power_up		= ath10k_sdio_hif_power_up,
2131 	.power_down		= ath10k_sdio_hif_power_down,
2132 #ifdef CONFIG_PM
2133 	.suspend		= ath10k_sdio_hif_suspend,
2134 	.resume			= ath10k_sdio_hif_resume,
2135 #endif
2136 };
2137 
2138 #ifdef CONFIG_PM_SLEEP
2139 
2140 /* Empty handlers so that mmc subsystem doesn't remove us entirely during
2141  * suspend. We instead follow cfg80211 suspend/resume handlers.
2142  */
2143 static int ath10k_sdio_pm_suspend(struct device *device)
2144 {
2145 	struct sdio_func *func = dev_to_sdio_func(device);
2146 	struct ath10k_sdio *ar_sdio = sdio_get_drvdata(func);
2147 	struct ath10k *ar = ar_sdio->ar;
2148 	mmc_pm_flag_t pm_flag, pm_caps;
2149 	int ret;
2150 
2151 	if (!device_may_wakeup(ar->dev))
2152 		return 0;
2153 
2154 	ath10k_sdio_set_mbox_sleep(ar, true);
2155 
2156 	pm_flag = MMC_PM_KEEP_POWER;
2157 
2158 	ret = sdio_set_host_pm_flags(func, pm_flag);
2159 	if (ret) {
2160 		pm_caps = sdio_get_host_pm_caps(func);
2161 		ath10k_warn(ar, "failed to set sdio host pm flags (0x%x, 0x%x): %d\n",
2162 			    pm_flag, pm_caps, ret);
2163 		return ret;
2164 	}
2165 
2166 	return ret;
2167 }
2168 
2169 static int ath10k_sdio_pm_resume(struct device *device)
2170 {
2171 	return 0;
2172 }
2173 
2174 static SIMPLE_DEV_PM_OPS(ath10k_sdio_pm_ops, ath10k_sdio_pm_suspend,
2175 			 ath10k_sdio_pm_resume);
2176 
2177 #define ATH10K_SDIO_PM_OPS (&ath10k_sdio_pm_ops)
2178 
2179 #else
2180 
2181 #define ATH10K_SDIO_PM_OPS NULL
2182 
2183 #endif /* CONFIG_PM_SLEEP */
2184 
2185 static int ath10k_sdio_napi_poll(struct napi_struct *ctx, int budget)
2186 {
2187 	struct ath10k *ar = container_of(ctx, struct ath10k, napi);
2188 	int done;
2189 
2190 	done = ath10k_htt_rx_hl_indication(ar, budget);
2191 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "napi poll: done: %d, budget:%d\n", done, budget);
2192 
2193 	if (done < budget)
2194 		napi_complete_done(ctx, done);
2195 
2196 	return done;
2197 }
2198 
2199 static int ath10k_sdio_read_host_interest_value(struct ath10k *ar,
2200 						u32 item_offset,
2201 						u32 *val)
2202 {
2203 	u32 addr;
2204 	int ret;
2205 
2206 	addr = host_interest_item_address(item_offset);
2207 
2208 	ret = ath10k_sdio_diag_read32(ar, addr, val);
2209 
2210 	if (ret)
2211 		ath10k_warn(ar, "unable to read host interest offset %d value\n",
2212 			    item_offset);
2213 
2214 	return ret;
2215 }
2216 
2217 static int ath10k_sdio_read_mem(struct ath10k *ar, u32 address, void *buf,
2218 				u32 buf_len)
2219 {
2220 	u32 val;
2221 	int i, ret;
2222 
2223 	for (i = 0; i < buf_len; i += 4) {
2224 		ret = ath10k_sdio_diag_read32(ar, address + i, &val);
2225 		if (ret) {
2226 			ath10k_warn(ar, "unable to read mem %d value\n", address + i);
2227 			break;
2228 		}
2229 		memcpy(buf + i, &val, 4);
2230 	}
2231 
2232 	return ret;
2233 }
2234 
2235 static bool ath10k_sdio_is_fast_dump_supported(struct ath10k *ar)
2236 {
2237 	u32 param;
2238 
2239 	ath10k_sdio_read_host_interest_value(ar, HI_ITEM(hi_option_flag2), &param);
2240 
2241 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio hi_option_flag2 %x\n", param);
2242 
2243 	return !!(param & HI_OPTION_SDIO_CRASH_DUMP_ENHANCEMENT_FW);
2244 }
2245 
2246 static void ath10k_sdio_dump_registers(struct ath10k *ar,
2247 				       struct ath10k_fw_crash_data *crash_data,
2248 				       bool fast_dump)
2249 {
2250 	u32 reg_dump_values[REG_DUMP_COUNT_QCA988X] = {};
2251 	int i, ret;
2252 	u32 reg_dump_area;
2253 
2254 	ret = ath10k_sdio_read_host_interest_value(ar, HI_ITEM(hi_failure_state),
2255 						   &reg_dump_area);
2256 	if (ret) {
2257 		ath10k_warn(ar, "failed to read firmware dump area: %d\n", ret);
2258 		return;
2259 	}
2260 
2261 	if (fast_dump)
2262 		ret = ath10k_bmi_read_memory(ar, reg_dump_area, reg_dump_values,
2263 					     sizeof(reg_dump_values));
2264 	else
2265 		ret = ath10k_sdio_read_mem(ar, reg_dump_area, reg_dump_values,
2266 					   sizeof(reg_dump_values));
2267 
2268 	if (ret) {
2269 		ath10k_warn(ar, "failed to read firmware dump value: %d\n", ret);
2270 		return;
2271 	}
2272 
2273 	ath10k_err(ar, "firmware register dump:\n");
2274 	for (i = 0; i < ARRAY_SIZE(reg_dump_values); i += 4)
2275 		ath10k_err(ar, "[%02d]: 0x%08X 0x%08X 0x%08X 0x%08X\n",
2276 			   i,
2277 			   reg_dump_values[i],
2278 			   reg_dump_values[i + 1],
2279 			   reg_dump_values[i + 2],
2280 			   reg_dump_values[i + 3]);
2281 
2282 	if (!crash_data)
2283 		return;
2284 
2285 	for (i = 0; i < ARRAY_SIZE(reg_dump_values); i++)
2286 		crash_data->registers[i] = __cpu_to_le32(reg_dump_values[i]);
2287 }
2288 
2289 static int ath10k_sdio_dump_memory_section(struct ath10k *ar,
2290 					   const struct ath10k_mem_region *mem_region,
2291 					   u8 *buf, size_t buf_len)
2292 {
2293 	const struct ath10k_mem_section *cur_section, *next_section;
2294 	unsigned int count, section_size, skip_size;
2295 	int ret, i, j;
2296 
2297 	if (!mem_region || !buf)
2298 		return 0;
2299 
2300 	cur_section = &mem_region->section_table.sections[0];
2301 
2302 	if (mem_region->start > cur_section->start) {
2303 		ath10k_warn(ar, "incorrect memdump region 0x%x with section start address 0x%x.\n",
2304 			    mem_region->start, cur_section->start);
2305 		return 0;
2306 	}
2307 
2308 	skip_size = cur_section->start - mem_region->start;
2309 
2310 	/* fill the gap between the first register section and register
2311 	 * start address
2312 	 */
2313 	for (i = 0; i < skip_size; i++) {
2314 		*buf = ATH10K_MAGIC_NOT_COPIED;
2315 		buf++;
2316 	}
2317 
2318 	count = 0;
2319 	i = 0;
2320 	for (; cur_section; cur_section = next_section) {
2321 		section_size = cur_section->end - cur_section->start;
2322 
2323 		if (section_size <= 0) {
2324 			ath10k_warn(ar, "incorrect ramdump format with start address 0x%x and stop address 0x%x\n",
2325 				    cur_section->start,
2326 				    cur_section->end);
2327 			break;
2328 		}
2329 
2330 		if (++i == mem_region->section_table.size) {
2331 			/* last section */
2332 			next_section = NULL;
2333 			skip_size = 0;
2334 		} else {
2335 			next_section = cur_section + 1;
2336 
2337 			if (cur_section->end > next_section->start) {
2338 				ath10k_warn(ar, "next ramdump section 0x%x is smaller than current end address 0x%x\n",
2339 					    next_section->start,
2340 					    cur_section->end);
2341 				break;
2342 			}
2343 
2344 			skip_size = next_section->start - cur_section->end;
2345 		}
2346 
2347 		if (buf_len < (skip_size + section_size)) {
2348 			ath10k_warn(ar, "ramdump buffer is too small: %zu\n", buf_len);
2349 			break;
2350 		}
2351 
2352 		buf_len -= skip_size + section_size;
2353 
2354 		/* read section to dest memory */
2355 		ret = ath10k_sdio_read_mem(ar, cur_section->start,
2356 					   buf, section_size);
2357 		if (ret) {
2358 			ath10k_warn(ar, "failed to read ramdump from section 0x%x: %d\n",
2359 				    cur_section->start, ret);
2360 			break;
2361 		}
2362 
2363 		buf += section_size;
2364 		count += section_size;
2365 
2366 		/* fill in the gap between this section and the next */
2367 		for (j = 0; j < skip_size; j++) {
2368 			*buf = ATH10K_MAGIC_NOT_COPIED;
2369 			buf++;
2370 		}
2371 
2372 		count += skip_size;
2373 	}
2374 
2375 	return count;
2376 }
2377 
2378 /* if an error happened returns < 0, otherwise the length */
2379 static int ath10k_sdio_dump_memory_generic(struct ath10k *ar,
2380 					   const struct ath10k_mem_region *current_region,
2381 					   u8 *buf,
2382 					   bool fast_dump)
2383 {
2384 	int ret;
2385 
2386 	if (current_region->section_table.size > 0)
2387 		/* Copy each section individually. */
2388 		return ath10k_sdio_dump_memory_section(ar,
2389 						      current_region,
2390 						      buf,
2391 						      current_region->len);
2392 
2393 	/* No individual memory sections defined so we can
2394 	 * copy the entire memory region.
2395 	 */
2396 	if (fast_dump)
2397 		ret = ath10k_bmi_read_memory(ar,
2398 					     current_region->start,
2399 					     buf,
2400 					     current_region->len);
2401 	else
2402 		ret = ath10k_sdio_read_mem(ar,
2403 					   current_region->start,
2404 					   buf,
2405 					   current_region->len);
2406 
2407 	if (ret) {
2408 		ath10k_warn(ar, "failed to copy ramdump region %s: %d\n",
2409 			    current_region->name, ret);
2410 		return ret;
2411 	}
2412 
2413 	return current_region->len;
2414 }
2415 
2416 static void ath10k_sdio_dump_memory(struct ath10k *ar,
2417 				    struct ath10k_fw_crash_data *crash_data,
2418 				    bool fast_dump)
2419 {
2420 	const struct ath10k_hw_mem_layout *mem_layout;
2421 	const struct ath10k_mem_region *current_region;
2422 	struct ath10k_dump_ram_data_hdr *hdr;
2423 	u32 count;
2424 	size_t buf_len;
2425 	int ret, i;
2426 	u8 *buf;
2427 
2428 	if (!crash_data)
2429 		return;
2430 
2431 	mem_layout = ath10k_coredump_get_mem_layout(ar);
2432 	if (!mem_layout)
2433 		return;
2434 
2435 	current_region = &mem_layout->region_table.regions[0];
2436 
2437 	buf = crash_data->ramdump_buf;
2438 	buf_len = crash_data->ramdump_buf_len;
2439 
2440 	memset(buf, 0, buf_len);
2441 
2442 	for (i = 0; i < mem_layout->region_table.size; i++) {
2443 		count = 0;
2444 
2445 		if (current_region->len > buf_len) {
2446 			ath10k_warn(ar, "memory region %s size %d is larger that remaining ramdump buffer size %zu\n",
2447 				    current_region->name,
2448 				    current_region->len,
2449 				    buf_len);
2450 			break;
2451 		}
2452 
2453 		/* Reserve space for the header. */
2454 		hdr = (void *)buf;
2455 		buf += sizeof(*hdr);
2456 		buf_len -= sizeof(*hdr);
2457 
2458 		ret = ath10k_sdio_dump_memory_generic(ar, current_region, buf,
2459 						      fast_dump);
2460 		if (ret >= 0)
2461 			count = ret;
2462 
2463 		hdr->region_type = cpu_to_le32(current_region->type);
2464 		hdr->start = cpu_to_le32(current_region->start);
2465 		hdr->length = cpu_to_le32(count);
2466 
2467 		if (count == 0)
2468 			/* Note: the header remains, just with zero length. */
2469 			break;
2470 
2471 		buf += count;
2472 		buf_len -= count;
2473 
2474 		current_region++;
2475 	}
2476 }
2477 
2478 void ath10k_sdio_fw_crashed_dump(struct ath10k *ar)
2479 {
2480 	struct ath10k_fw_crash_data *crash_data;
2481 	char guid[UUID_STRING_LEN + 1];
2482 	bool fast_dump;
2483 
2484 	fast_dump = ath10k_sdio_is_fast_dump_supported(ar);
2485 
2486 	if (fast_dump)
2487 		ath10k_bmi_start(ar);
2488 
2489 	ar->stats.fw_crash_counter++;
2490 
2491 	ath10k_sdio_disable_intrs(ar);
2492 
2493 	crash_data = ath10k_coredump_new(ar);
2494 
2495 	if (crash_data)
2496 		scnprintf(guid, sizeof(guid), "%pUl", &crash_data->guid);
2497 	else
2498 		scnprintf(guid, sizeof(guid), "n/a");
2499 
2500 	ath10k_err(ar, "firmware crashed! (guid %s)\n", guid);
2501 	ath10k_print_driver_info(ar);
2502 	ath10k_sdio_dump_registers(ar, crash_data, fast_dump);
2503 	ath10k_sdio_dump_memory(ar, crash_data, fast_dump);
2504 
2505 	ath10k_sdio_enable_intrs(ar);
2506 
2507 	ath10k_core_start_recovery(ar);
2508 }
2509 
2510 static int ath10k_sdio_probe(struct sdio_func *func,
2511 			     const struct sdio_device_id *id)
2512 {
2513 	struct ath10k_sdio *ar_sdio;
2514 	struct ath10k *ar;
2515 	enum ath10k_hw_rev hw_rev;
2516 	u32 dev_id_base;
2517 	struct ath10k_bus_params bus_params = {};
2518 	int ret, i;
2519 
2520 	/* Assumption: All SDIO based chipsets (so far) are QCA6174 based.
2521 	 * If there will be newer chipsets that does not use the hw reg
2522 	 * setup as defined in qca6174_regs and qca6174_values, this
2523 	 * assumption is no longer valid and hw_rev must be setup differently
2524 	 * depending on chipset.
2525 	 */
2526 	hw_rev = ATH10K_HW_QCA6174;
2527 
2528 	ar = ath10k_core_create(sizeof(*ar_sdio), &func->dev, ATH10K_BUS_SDIO,
2529 				hw_rev, &ath10k_sdio_hif_ops);
2530 	if (!ar) {
2531 		dev_err(&func->dev, "failed to allocate core\n");
2532 		return -ENOMEM;
2533 	}
2534 
2535 	netif_napi_add(&ar->napi_dev, &ar->napi, ath10k_sdio_napi_poll);
2536 
2537 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
2538 		   "sdio new func %d vendor 0x%x device 0x%x block 0x%x/0x%x\n",
2539 		   func->num, func->vendor, func->device,
2540 		   func->max_blksize, func->cur_blksize);
2541 
2542 	ar_sdio = ath10k_sdio_priv(ar);
2543 
2544 	ar_sdio->irq_data.irq_proc_reg =
2545 		devm_kzalloc(ar->dev, sizeof(struct ath10k_sdio_irq_proc_regs),
2546 			     GFP_KERNEL);
2547 	if (!ar_sdio->irq_data.irq_proc_reg) {
2548 		ret = -ENOMEM;
2549 		goto err_core_destroy;
2550 	}
2551 
2552 	ar_sdio->vsg_buffer = devm_kmalloc(ar->dev, ATH10K_SDIO_VSG_BUF_SIZE, GFP_KERNEL);
2553 	if (!ar_sdio->vsg_buffer) {
2554 		ret = -ENOMEM;
2555 		goto err_core_destroy;
2556 	}
2557 
2558 	ar_sdio->irq_data.irq_en_reg =
2559 		devm_kzalloc(ar->dev, sizeof(struct ath10k_sdio_irq_enable_regs),
2560 			     GFP_KERNEL);
2561 	if (!ar_sdio->irq_data.irq_en_reg) {
2562 		ret = -ENOMEM;
2563 		goto err_core_destroy;
2564 	}
2565 
2566 	ar_sdio->bmi_buf = devm_kzalloc(ar->dev, BMI_MAX_LARGE_CMDBUF_SIZE, GFP_KERNEL);
2567 	if (!ar_sdio->bmi_buf) {
2568 		ret = -ENOMEM;
2569 		goto err_core_destroy;
2570 	}
2571 
2572 	ar_sdio->func = func;
2573 	sdio_set_drvdata(func, ar_sdio);
2574 
2575 	ar_sdio->is_disabled = true;
2576 	ar_sdio->ar = ar;
2577 
2578 	spin_lock_init(&ar_sdio->lock);
2579 	spin_lock_init(&ar_sdio->wr_async_lock);
2580 	mutex_init(&ar_sdio->irq_data.mtx);
2581 
2582 	INIT_LIST_HEAD(&ar_sdio->bus_req_freeq);
2583 	INIT_LIST_HEAD(&ar_sdio->wr_asyncq);
2584 
2585 	INIT_WORK(&ar_sdio->wr_async_work, ath10k_sdio_write_async_work);
2586 	ar_sdio->workqueue = create_singlethread_workqueue("ath10k_sdio_wq");
2587 	if (!ar_sdio->workqueue) {
2588 		ret = -ENOMEM;
2589 		goto err_core_destroy;
2590 	}
2591 
2592 	for (i = 0; i < ATH10K_SDIO_BUS_REQUEST_MAX_NUM; i++)
2593 		ath10k_sdio_free_bus_req(ar, &ar_sdio->bus_req[i]);
2594 
2595 	skb_queue_head_init(&ar_sdio->rx_head);
2596 	INIT_WORK(&ar_sdio->async_work_rx, ath10k_rx_indication_async_work);
2597 
2598 	dev_id_base = (id->device & 0x0F00);
2599 	if (dev_id_base != (SDIO_DEVICE_ID_ATHEROS_AR6005 & 0x0F00) &&
2600 	    dev_id_base != (SDIO_DEVICE_ID_ATHEROS_QCA9377 & 0x0F00)) {
2601 		ret = -ENODEV;
2602 		ath10k_err(ar, "unsupported device id %u (0x%x)\n",
2603 			   dev_id_base, id->device);
2604 		goto err_free_wq;
2605 	}
2606 
2607 	ar->dev_id = QCA9377_1_0_DEVICE_ID;
2608 	ar->id.vendor = id->vendor;
2609 	ar->id.device = id->device;
2610 
2611 	ath10k_sdio_set_mbox_info(ar);
2612 
2613 	bus_params.dev_type = ATH10K_DEV_TYPE_HL;
2614 	/* TODO: don't know yet how to get chip_id with SDIO */
2615 	bus_params.chip_id = 0;
2616 	bus_params.hl_msdu_ids = true;
2617 
2618 	ar->hw->max_mtu = ETH_DATA_LEN;
2619 
2620 	ret = ath10k_core_register(ar, &bus_params);
2621 	if (ret) {
2622 		ath10k_err(ar, "failed to register driver core: %d\n", ret);
2623 		goto err_free_wq;
2624 	}
2625 
2626 	timer_setup(&ar_sdio->sleep_timer, ath10k_sdio_sleep_timer_handler, 0);
2627 
2628 	return 0;
2629 
2630 err_free_wq:
2631 	destroy_workqueue(ar_sdio->workqueue);
2632 err_core_destroy:
2633 	ath10k_core_destroy(ar);
2634 
2635 	return ret;
2636 }
2637 
2638 static void ath10k_sdio_remove(struct sdio_func *func)
2639 {
2640 	struct ath10k_sdio *ar_sdio = sdio_get_drvdata(func);
2641 	struct ath10k *ar = ar_sdio->ar;
2642 
2643 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
2644 		   "sdio removed func %d vendor 0x%x device 0x%x\n",
2645 		   func->num, func->vendor, func->device);
2646 
2647 	ath10k_core_unregister(ar);
2648 
2649 	netif_napi_del(&ar->napi);
2650 
2651 	ath10k_core_destroy(ar);
2652 
2653 	destroy_workqueue(ar_sdio->workqueue);
2654 }
2655 
2656 static const struct sdio_device_id ath10k_sdio_devices[] = {
2657 	{SDIO_DEVICE(SDIO_VENDOR_ID_ATHEROS, SDIO_DEVICE_ID_ATHEROS_AR6005)},
2658 	{SDIO_DEVICE(SDIO_VENDOR_ID_ATHEROS, SDIO_DEVICE_ID_ATHEROS_QCA9377)},
2659 	{},
2660 };
2661 
2662 MODULE_DEVICE_TABLE(sdio, ath10k_sdio_devices);
2663 
2664 static struct sdio_driver ath10k_sdio_driver = {
2665 	.name = "ath10k_sdio",
2666 	.id_table = ath10k_sdio_devices,
2667 	.probe = ath10k_sdio_probe,
2668 	.remove = ath10k_sdio_remove,
2669 	.drv = {
2670 		.owner = THIS_MODULE,
2671 		.pm = ATH10K_SDIO_PM_OPS,
2672 	},
2673 };
2674 
2675 static int __init ath10k_sdio_init(void)
2676 {
2677 	int ret;
2678 
2679 	ret = sdio_register_driver(&ath10k_sdio_driver);
2680 	if (ret)
2681 		pr_err("sdio driver registration failed: %d\n", ret);
2682 
2683 	return ret;
2684 }
2685 
2686 static void __exit ath10k_sdio_exit(void)
2687 {
2688 	sdio_unregister_driver(&ath10k_sdio_driver);
2689 }
2690 
2691 module_init(ath10k_sdio_init);
2692 module_exit(ath10k_sdio_exit);
2693 
2694 MODULE_AUTHOR("Qualcomm Atheros");
2695 MODULE_DESCRIPTION("Driver support for Qualcomm Atheros 802.11ac WLAN SDIO devices");
2696 MODULE_LICENSE("Dual BSD/GPL");
2697