1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Bluetooth support for Intel PCIe devices
5 *
6 * Copyright (C) 2024 Intel Corporation
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/module.h>
11 #include <linux/firmware.h>
12 #include <linux/pci.h>
13 #include <linux/wait.h>
14 #include <linux/delay.h>
15 #include <linux/interrupt.h>
16
17 #include <linux/unaligned.h>
18
19 #include <net/bluetooth/bluetooth.h>
20 #include <net/bluetooth/hci_core.h>
21
22 #include "btintel.h"
23 #include "btintel_pcie.h"
24
25 #define VERSION "0.1"
26
27 #define BTINTEL_PCI_DEVICE(dev, subdev) \
28 .vendor = PCI_VENDOR_ID_INTEL, \
29 .device = (dev), \
30 .subvendor = PCI_ANY_ID, \
31 .subdevice = (subdev), \
32 .driver_data = 0
33
34 #define POLL_INTERVAL_US 10
35
36 /* Intel Bluetooth PCIe device id table */
37 static const struct pci_device_id btintel_pcie_table[] = {
38 { BTINTEL_PCI_DEVICE(0xA876, PCI_ANY_ID) },
39 { BTINTEL_PCI_DEVICE(0xE476, PCI_ANY_ID) },
40 { 0 }
41 };
42 MODULE_DEVICE_TABLE(pci, btintel_pcie_table);
43
44 /* Intel PCIe uses 4 bytes of HCI type instead of 1 byte BT SIG HCI type */
45 #define BTINTEL_PCIE_HCI_TYPE_LEN 4
46 #define BTINTEL_PCIE_HCI_CMD_PKT 0x00000001
47 #define BTINTEL_PCIE_HCI_ACL_PKT 0x00000002
48 #define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003
49 #define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004
50 #define BTINTEL_PCIE_HCI_ISO_PKT 0x00000005
51
52 /* Alive interrupt context */
53 enum {
54 BTINTEL_PCIE_ROM,
55 BTINTEL_PCIE_FW_DL,
56 BTINTEL_PCIE_HCI_RESET,
57 BTINTEL_PCIE_INTEL_HCI_RESET1,
58 BTINTEL_PCIE_INTEL_HCI_RESET2,
59 BTINTEL_PCIE_D0,
60 BTINTEL_PCIE_D3
61 };
62
ipc_print_ia_ring(struct hci_dev * hdev,struct ia * ia,u16 queue_num)63 static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia,
64 u16 queue_num)
65 {
66 bt_dev_dbg(hdev, "IA: %s: tr-h:%02u tr-t:%02u cr-h:%02u cr-t:%02u",
67 queue_num == BTINTEL_PCIE_TXQ_NUM ? "TXQ" : "RXQ",
68 ia->tr_hia[queue_num], ia->tr_tia[queue_num],
69 ia->cr_hia[queue_num], ia->cr_tia[queue_num]);
70 }
71
ipc_print_urbd1(struct hci_dev * hdev,struct urbd1 * urbd1,u16 index)72 static inline void ipc_print_urbd1(struct hci_dev *hdev, struct urbd1 *urbd1,
73 u16 index)
74 {
75 bt_dev_dbg(hdev, "RXQ:urbd1(%u) frbd_tag:%u status: 0x%x fixed:0x%x",
76 index, urbd1->frbd_tag, urbd1->status, urbd1->fixed);
77 }
78
btintel_pcie_poll_bit(struct btintel_pcie_data * data,u32 offset,u32 bits,u32 mask,int timeout_us)79 static int btintel_pcie_poll_bit(struct btintel_pcie_data *data, u32 offset,
80 u32 bits, u32 mask, int timeout_us)
81 {
82 int t = 0;
83 u32 reg;
84
85 do {
86 reg = btintel_pcie_rd_reg32(data, offset);
87
88 if ((reg & mask) == (bits & mask))
89 return t;
90 udelay(POLL_INTERVAL_US);
91 t += POLL_INTERVAL_US;
92 } while (t < timeout_us);
93
94 return -ETIMEDOUT;
95 }
96
btintel_pcie_get_data(struct msix_entry * entry)97 static struct btintel_pcie_data *btintel_pcie_get_data(struct msix_entry *entry)
98 {
99 u8 queue = entry->entry;
100 struct msix_entry *entries = entry - queue;
101
102 return container_of(entries, struct btintel_pcie_data, msix_entries[0]);
103 }
104
105 /* Set the doorbell for TXQ to notify the device that @index (actually index-1)
106 * of the TFD is updated and ready to transmit.
107 */
btintel_pcie_set_tx_db(struct btintel_pcie_data * data,u16 index)108 static void btintel_pcie_set_tx_db(struct btintel_pcie_data *data, u16 index)
109 {
110 u32 val;
111
112 val = index;
113 val |= (BTINTEL_PCIE_TX_DB_VEC << 16);
114
115 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
116 }
117
118 /* Copy the data to next(@tfd_index) data buffer and update the TFD(transfer
119 * descriptor) with the data length and the DMA address of the data buffer.
120 */
btintel_pcie_prepare_tx(struct txq * txq,u16 tfd_index,struct sk_buff * skb)121 static void btintel_pcie_prepare_tx(struct txq *txq, u16 tfd_index,
122 struct sk_buff *skb)
123 {
124 struct data_buf *buf;
125 struct tfd *tfd;
126
127 tfd = &txq->tfds[tfd_index];
128 memset(tfd, 0, sizeof(*tfd));
129
130 buf = &txq->bufs[tfd_index];
131
132 tfd->size = skb->len;
133 tfd->addr = buf->data_p_addr;
134
135 /* Copy the outgoing data to DMA buffer */
136 memcpy(buf->data, skb->data, tfd->size);
137 }
138
btintel_pcie_send_sync(struct btintel_pcie_data * data,struct sk_buff * skb)139 static int btintel_pcie_send_sync(struct btintel_pcie_data *data,
140 struct sk_buff *skb)
141 {
142 int ret;
143 u16 tfd_index;
144 struct txq *txq = &data->txq;
145
146 tfd_index = data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM];
147
148 if (tfd_index > txq->count)
149 return -ERANGE;
150
151 /* Prepare for TX. It updates the TFD with the length of data and
152 * address of the DMA buffer, and copy the data to the DMA buffer
153 */
154 btintel_pcie_prepare_tx(txq, tfd_index, skb);
155
156 tfd_index = (tfd_index + 1) % txq->count;
157 data->ia.tr_hia[BTINTEL_PCIE_TXQ_NUM] = tfd_index;
158
159 /* Arm wait event condition */
160 data->tx_wait_done = false;
161
162 /* Set the doorbell to notify the device */
163 btintel_pcie_set_tx_db(data, tfd_index);
164
165 /* Wait for the complete interrupt - URBD0 */
166 ret = wait_event_timeout(data->tx_wait_q, data->tx_wait_done,
167 msecs_to_jiffies(BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS));
168 if (!ret)
169 return -ETIME;
170
171 return 0;
172 }
173
174 /* Set the doorbell for RXQ to notify the device that @index (actually index-1)
175 * is available to receive the data
176 */
btintel_pcie_set_rx_db(struct btintel_pcie_data * data,u16 index)177 static void btintel_pcie_set_rx_db(struct btintel_pcie_data *data, u16 index)
178 {
179 u32 val;
180
181 val = index;
182 val |= (BTINTEL_PCIE_RX_DB_VEC << 16);
183
184 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_HBUS_TARG_WRPTR, val);
185 }
186
187 /* Update the FRBD (free buffer descriptor) with the @frbd_index and the
188 * DMA address of the free buffer.
189 */
btintel_pcie_prepare_rx(struct rxq * rxq,u16 frbd_index)190 static void btintel_pcie_prepare_rx(struct rxq *rxq, u16 frbd_index)
191 {
192 struct data_buf *buf;
193 struct frbd *frbd;
194
195 /* Get the buffer of the FRBD for DMA */
196 buf = &rxq->bufs[frbd_index];
197
198 frbd = &rxq->frbds[frbd_index];
199 memset(frbd, 0, sizeof(*frbd));
200
201 /* Update FRBD */
202 frbd->tag = frbd_index;
203 frbd->addr = buf->data_p_addr;
204 }
205
btintel_pcie_submit_rx(struct btintel_pcie_data * data)206 static int btintel_pcie_submit_rx(struct btintel_pcie_data *data)
207 {
208 u16 frbd_index;
209 struct rxq *rxq = &data->rxq;
210
211 frbd_index = data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM];
212
213 if (frbd_index > rxq->count)
214 return -ERANGE;
215
216 /* Prepare for RX submit. It updates the FRBD with the address of DMA
217 * buffer
218 */
219 btintel_pcie_prepare_rx(rxq, frbd_index);
220
221 frbd_index = (frbd_index + 1) % rxq->count;
222 data->ia.tr_hia[BTINTEL_PCIE_RXQ_NUM] = frbd_index;
223 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
224
225 /* Set the doorbell to notify the device */
226 btintel_pcie_set_rx_db(data, frbd_index);
227
228 return 0;
229 }
230
btintel_pcie_start_rx(struct btintel_pcie_data * data)231 static int btintel_pcie_start_rx(struct btintel_pcie_data *data)
232 {
233 int i, ret;
234 struct rxq *rxq = &data->rxq;
235
236 /* Post (BTINTEL_PCIE_RX_DESCS_COUNT - 3) buffers to overcome the
237 * hardware issues leading to race condition at the firmware.
238 */
239
240 for (i = 0; i < rxq->count - 3; i++) {
241 ret = btintel_pcie_submit_rx(data);
242 if (ret)
243 return ret;
244 }
245
246 return 0;
247 }
248
btintel_pcie_reset_ia(struct btintel_pcie_data * data)249 static void btintel_pcie_reset_ia(struct btintel_pcie_data *data)
250 {
251 memset(data->ia.tr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
252 memset(data->ia.tr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
253 memset(data->ia.cr_hia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
254 memset(data->ia.cr_tia, 0, sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES);
255 }
256
btintel_pcie_reset_bt(struct btintel_pcie_data * data)257 static void btintel_pcie_reset_bt(struct btintel_pcie_data *data)
258 {
259 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
260 BTINTEL_PCIE_CSR_FUNC_CTRL_SW_RESET);
261 }
262
263 /* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in
264 * BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with
265 * BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0.
266 * Then the host reads firmware version from BTINTEL_CSR_F2D_MBX and the boot stage
267 * from BTINTEL_PCIE_CSR_BOOT_STAGE_REG.
268 */
btintel_pcie_enable_bt(struct btintel_pcie_data * data)269 static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
270 {
271 int err;
272
273 data->gp0_received = false;
274
275 /* Update the DMA address of CI struct to CSR */
276 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG,
277 data->ci_p_addr & 0xffffffff);
278 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG,
279 (u64)data->ci_p_addr >> 32);
280
281 /* Reset the cached value of boot stage. it is updated by the MSI-X
282 * gp0 interrupt handler.
283 */
284 data->boot_stage_cache = 0x0;
285
286 /* Set MAC_INIT bit to start primary bootloader */
287 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
288
289 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
290 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT);
291
292 /* Wait until MAC_ACCESS is granted */
293 err = btintel_pcie_poll_bit(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
294 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS,
295 BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_ACCESS_STS,
296 BTINTEL_DEFAULT_MAC_ACCESS_TIMEOUT_US);
297 if (err < 0)
298 return -ENODEV;
299
300 /* MAC is ready. Enable BT FUNC */
301 btintel_pcie_set_reg_bits(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG,
302 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_ENA |
303 BTINTEL_PCIE_CSR_FUNC_CTRL_FUNC_INIT);
304
305 btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_FUNC_CTRL_REG);
306
307 /* wait for interrupt from the device after booting up to primary
308 * bootloader.
309 */
310 data->alive_intr_ctxt = BTINTEL_PCIE_ROM;
311 err = wait_event_timeout(data->gp0_wait_q, data->gp0_received,
312 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
313 if (!err)
314 return -ETIME;
315
316 /* Check cached boot stage is BTINTEL_PCIE_CSR_BOOT_STAGE_ROM(BIT(0)) */
317 if (~data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM)
318 return -ENODEV;
319
320 return 0;
321 }
322
323 /* BIT(0) - ROM, BIT(1) - IML and BIT(3) - OP
324 * Sometimes during firmware image switching from ROM to IML or IML to OP image,
325 * the previous image bit is not cleared by firmware when alive interrupt is
326 * received. Driver needs to take care of these sticky bits when deciding the
327 * current image running on controller.
328 * Ex: 0x10 and 0x11 - both represents that controller is running IML
329 */
btintel_pcie_in_rom(struct btintel_pcie_data * data)330 static inline bool btintel_pcie_in_rom(struct btintel_pcie_data *data)
331 {
332 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM &&
333 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML) &&
334 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
335 }
336
btintel_pcie_in_op(struct btintel_pcie_data * data)337 static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data)
338 {
339 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW;
340 }
341
btintel_pcie_in_iml(struct btintel_pcie_data * data)342 static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data)
343 {
344 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML &&
345 !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
346 }
347
btintel_pcie_in_d3(struct btintel_pcie_data * data)348 static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data)
349 {
350 return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY;
351 }
352
btintel_pcie_in_d0(struct btintel_pcie_data * data)353 static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data)
354 {
355 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY);
356 }
357
btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data * data,u32 dxstate)358 static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data,
359 u32 dxstate)
360 {
361 bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate);
362 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate);
363 }
364
btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)365 static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)
366 {
367 switch (alive_intr_ctxt) {
368 case BTINTEL_PCIE_ROM:
369 return "rom";
370 case BTINTEL_PCIE_FW_DL:
371 return "fw_dl";
372 case BTINTEL_PCIE_D0:
373 return "d0";
374 case BTINTEL_PCIE_D3:
375 return "d3";
376 case BTINTEL_PCIE_HCI_RESET:
377 return "hci_reset";
378 case BTINTEL_PCIE_INTEL_HCI_RESET1:
379 return "intel_reset1";
380 case BTINTEL_PCIE_INTEL_HCI_RESET2:
381 return "intel_reset2";
382 default:
383 return "unknown";
384 }
385 return "null";
386 }
387
388 /* This function handles the MSI-X interrupt for gp0 cause (bit 0 in
389 * BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response.
390 */
btintel_pcie_msix_gp0_handler(struct btintel_pcie_data * data)391 static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data)
392 {
393 bool submit_rx, signal_waitq;
394 u32 reg, old_ctxt;
395
396 /* This interrupt is for three different causes and it is not easy to
397 * know what causes the interrupt. So, it compares each register value
398 * with cached value and update it before it wake up the queue.
399 */
400 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_BOOT_STAGE_REG);
401 if (reg != data->boot_stage_cache)
402 data->boot_stage_cache = reg;
403
404 bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x",
405 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt),
406 data->boot_stage_cache, reg);
407 reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG);
408 if (reg != data->img_resp_cache)
409 data->img_resp_cache = reg;
410
411 data->gp0_received = true;
412
413 old_ctxt = data->alive_intr_ctxt;
414 submit_rx = false;
415 signal_waitq = false;
416
417 switch (data->alive_intr_ctxt) {
418 case BTINTEL_PCIE_ROM:
419 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
420 signal_waitq = true;
421 break;
422 case BTINTEL_PCIE_FW_DL:
423 /* Error case is already handled. Ideally control shall not
424 * reach here
425 */
426 break;
427 case BTINTEL_PCIE_INTEL_HCI_RESET1:
428 if (btintel_pcie_in_op(data)) {
429 submit_rx = true;
430 break;
431 }
432
433 if (btintel_pcie_in_iml(data)) {
434 submit_rx = true;
435 data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
436 break;
437 }
438 break;
439 case BTINTEL_PCIE_INTEL_HCI_RESET2:
440 if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) {
441 btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0);
442 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
443 }
444 break;
445 case BTINTEL_PCIE_D0:
446 if (btintel_pcie_in_d3(data)) {
447 data->alive_intr_ctxt = BTINTEL_PCIE_D3;
448 signal_waitq = true;
449 break;
450 }
451 break;
452 case BTINTEL_PCIE_D3:
453 if (btintel_pcie_in_d0(data)) {
454 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
455 submit_rx = true;
456 signal_waitq = true;
457 break;
458 }
459 break;
460 case BTINTEL_PCIE_HCI_RESET:
461 data->alive_intr_ctxt = BTINTEL_PCIE_D0;
462 submit_rx = true;
463 signal_waitq = true;
464 break;
465 default:
466 bt_dev_err(data->hdev, "Unknown state: 0x%2.2x",
467 data->alive_intr_ctxt);
468 break;
469 }
470
471 if (submit_rx) {
472 btintel_pcie_reset_ia(data);
473 btintel_pcie_start_rx(data);
474 }
475
476 if (signal_waitq) {
477 bt_dev_dbg(data->hdev, "wake up gp0 wait_q");
478 wake_up(&data->gp0_wait_q);
479 }
480
481 if (old_ctxt != data->alive_intr_ctxt)
482 bt_dev_dbg(data->hdev, "alive context changed: %s -> %s",
483 btintel_pcie_alivectxt_state2str(old_ctxt),
484 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
485 }
486
487 /* This function handles the MSX-X interrupt for rx queue 0 which is for TX
488 */
btintel_pcie_msix_tx_handle(struct btintel_pcie_data * data)489 static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data)
490 {
491 u16 cr_tia, cr_hia;
492 struct txq *txq;
493 struct urbd0 *urbd0;
494
495 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM];
496 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM];
497
498 if (cr_tia == cr_hia)
499 return;
500
501 txq = &data->txq;
502
503 while (cr_tia != cr_hia) {
504 data->tx_wait_done = true;
505 wake_up(&data->tx_wait_q);
506
507 urbd0 = &txq->urbd0s[cr_tia];
508
509 if (urbd0->tfd_index > txq->count)
510 return;
511
512 cr_tia = (cr_tia + 1) % txq->count;
513 data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] = cr_tia;
514 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_TXQ_NUM);
515 }
516 }
517
btintel_pcie_recv_event(struct hci_dev * hdev,struct sk_buff * skb)518 static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
519 {
520 struct hci_event_hdr *hdr = (void *)skb->data;
521 const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
522 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
523
524 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
525 hdr->plen > 0) {
526 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
527 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
528
529 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
530 switch (skb->data[2]) {
531 case 0x02:
532 /* When switching to the operational firmware
533 * the device sends a vendor specific event
534 * indicating that the bootup completed.
535 */
536 btintel_bootup(hdev, ptr, len);
537
538 /* If bootup event is from operational image,
539 * driver needs to write sleep control register to
540 * move into D0 state
541 */
542 if (btintel_pcie_in_op(data)) {
543 btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0);
544 data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2;
545 kfree_skb(skb);
546 return 0;
547 }
548
549 if (btintel_pcie_in_iml(data)) {
550 /* In case of IML, there is no concept
551 * of D0 transition. Just mimic as if
552 * IML moved to D0 by clearing INTEL_WAIT_FOR_D0
553 * bit and waking up the task waiting on
554 * INTEL_WAIT_FOR_D0. This is required
555 * as intel_boot() is common function for
556 * both IML and OP image loading.
557 */
558 if (btintel_test_and_clear_flag(data->hdev,
559 INTEL_WAIT_FOR_D0))
560 btintel_wake_up_flag(data->hdev,
561 INTEL_WAIT_FOR_D0);
562 }
563 kfree_skb(skb);
564 return 0;
565 case 0x06:
566 /* When the firmware loading completes the
567 * device sends out a vendor specific event
568 * indicating the result of the firmware
569 * loading.
570 */
571 btintel_secure_send_result(hdev, ptr, len);
572 kfree_skb(skb);
573 return 0;
574 }
575 }
576
577 /* Handle all diagnostics events separately. May still call
578 * hci_recv_frame.
579 */
580 if (len >= sizeof(diagnostics_hdr) &&
581 memcmp(&skb->data[2], diagnostics_hdr,
582 sizeof(diagnostics_hdr)) == 0) {
583 return btintel_diagnostics(hdev, skb);
584 }
585
586 /* This is a debug event that comes from IML and OP image when it
587 * starts execution. There is no need pass this event to stack.
588 */
589 if (skb->data[2] == 0x97) {
590 hci_recv_diag(hdev, skb);
591 return 0;
592 }
593 }
594
595 return hci_recv_frame(hdev, skb);
596 }
597 /* Process the received rx data
598 * It check the frame header to identify the data type and create skb
599 * and calling HCI API
600 */
btintel_pcie_recv_frame(struct btintel_pcie_data * data,struct sk_buff * skb)601 static int btintel_pcie_recv_frame(struct btintel_pcie_data *data,
602 struct sk_buff *skb)
603 {
604 int ret;
605 u8 pkt_type;
606 u16 plen;
607 u32 pcie_pkt_type;
608 void *pdata;
609 struct hci_dev *hdev = data->hdev;
610
611 spin_lock(&data->hci_rx_lock);
612
613 /* The first 4 bytes indicates the Intel PCIe specific packet type */
614 pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN);
615 if (!pdata) {
616 bt_dev_err(hdev, "Corrupted packet received");
617 ret = -EILSEQ;
618 goto exit_error;
619 }
620
621 pcie_pkt_type = get_unaligned_le32(pdata);
622
623 switch (pcie_pkt_type) {
624 case BTINTEL_PCIE_HCI_ACL_PKT:
625 if (skb->len >= HCI_ACL_HDR_SIZE) {
626 plen = HCI_ACL_HDR_SIZE + __le16_to_cpu(hci_acl_hdr(skb)->dlen);
627 pkt_type = HCI_ACLDATA_PKT;
628 } else {
629 bt_dev_err(hdev, "ACL packet is too short");
630 ret = -EILSEQ;
631 goto exit_error;
632 }
633 break;
634
635 case BTINTEL_PCIE_HCI_SCO_PKT:
636 if (skb->len >= HCI_SCO_HDR_SIZE) {
637 plen = HCI_SCO_HDR_SIZE + hci_sco_hdr(skb)->dlen;
638 pkt_type = HCI_SCODATA_PKT;
639 } else {
640 bt_dev_err(hdev, "SCO packet is too short");
641 ret = -EILSEQ;
642 goto exit_error;
643 }
644 break;
645
646 case BTINTEL_PCIE_HCI_EVT_PKT:
647 if (skb->len >= HCI_EVENT_HDR_SIZE) {
648 plen = HCI_EVENT_HDR_SIZE + hci_event_hdr(skb)->plen;
649 pkt_type = HCI_EVENT_PKT;
650 } else {
651 bt_dev_err(hdev, "Event packet is too short");
652 ret = -EILSEQ;
653 goto exit_error;
654 }
655 break;
656
657 case BTINTEL_PCIE_HCI_ISO_PKT:
658 if (skb->len >= HCI_ISO_HDR_SIZE) {
659 plen = HCI_ISO_HDR_SIZE + __le16_to_cpu(hci_iso_hdr(skb)->dlen);
660 pkt_type = HCI_ISODATA_PKT;
661 } else {
662 bt_dev_err(hdev, "ISO packet is too short");
663 ret = -EILSEQ;
664 goto exit_error;
665 }
666 break;
667
668 default:
669 bt_dev_err(hdev, "Invalid packet type received: 0x%4.4x",
670 pcie_pkt_type);
671 ret = -EINVAL;
672 goto exit_error;
673 }
674
675 if (skb->len < plen) {
676 bt_dev_err(hdev, "Received corrupted packet. type: 0x%2.2x",
677 pkt_type);
678 ret = -EILSEQ;
679 goto exit_error;
680 }
681
682 bt_dev_dbg(hdev, "pkt_type: 0x%2.2x len: %u", pkt_type, plen);
683
684 hci_skb_pkt_type(skb) = pkt_type;
685 hdev->stat.byte_rx += plen;
686 skb_trim(skb, plen);
687
688 if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT)
689 ret = btintel_pcie_recv_event(hdev, skb);
690 else
691 ret = hci_recv_frame(hdev, skb);
692 skb = NULL; /* skb is freed in the callee */
693
694 exit_error:
695 if (skb)
696 kfree_skb(skb);
697
698 if (ret)
699 hdev->stat.err_rx++;
700
701 spin_unlock(&data->hci_rx_lock);
702
703 return ret;
704 }
705
btintel_pcie_rx_work(struct work_struct * work)706 static void btintel_pcie_rx_work(struct work_struct *work)
707 {
708 struct btintel_pcie_data *data = container_of(work,
709 struct btintel_pcie_data, rx_work);
710 struct sk_buff *skb;
711
712 /* Process the sk_buf in queue and send to the HCI layer */
713 while ((skb = skb_dequeue(&data->rx_skb_q))) {
714 btintel_pcie_recv_frame(data, skb);
715 }
716 }
717
718 /* create sk_buff with data and save it to queue and start RX work */
btintel_pcie_submit_rx_work(struct btintel_pcie_data * data,u8 status,void * buf)719 static int btintel_pcie_submit_rx_work(struct btintel_pcie_data *data, u8 status,
720 void *buf)
721 {
722 int ret, len;
723 struct rfh_hdr *rfh_hdr;
724 struct sk_buff *skb;
725
726 rfh_hdr = buf;
727
728 len = rfh_hdr->packet_len;
729 if (len <= 0) {
730 ret = -EINVAL;
731 goto resubmit;
732 }
733
734 /* Remove RFH header */
735 buf += sizeof(*rfh_hdr);
736
737 skb = alloc_skb(len, GFP_ATOMIC);
738 if (!skb) {
739 ret = -ENOMEM;
740 goto resubmit;
741 }
742
743 skb_put_data(skb, buf, len);
744 skb_queue_tail(&data->rx_skb_q, skb);
745 queue_work(data->workqueue, &data->rx_work);
746
747 resubmit:
748 ret = btintel_pcie_submit_rx(data);
749
750 return ret;
751 }
752
753 /* Handles the MSI-X interrupt for rx queue 1 which is for RX */
btintel_pcie_msix_rx_handle(struct btintel_pcie_data * data)754 static void btintel_pcie_msix_rx_handle(struct btintel_pcie_data *data)
755 {
756 u16 cr_hia, cr_tia;
757 struct rxq *rxq;
758 struct urbd1 *urbd1;
759 struct data_buf *buf;
760 int ret;
761 struct hci_dev *hdev = data->hdev;
762
763 cr_hia = data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM];
764 cr_tia = data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM];
765
766 bt_dev_dbg(hdev, "RXQ: cr_hia: %u cr_tia: %u", cr_hia, cr_tia);
767
768 /* Check CR_TIA and CR_HIA for change */
769 if (cr_tia == cr_hia)
770 return;
771
772 rxq = &data->rxq;
773
774 /* The firmware sends multiple CD in a single MSI-X and it needs to
775 * process all received CDs in this interrupt.
776 */
777 while (cr_tia != cr_hia) {
778 urbd1 = &rxq->urbd1s[cr_tia];
779 ipc_print_urbd1(data->hdev, urbd1, cr_tia);
780
781 buf = &rxq->bufs[urbd1->frbd_tag];
782 if (!buf) {
783 bt_dev_err(hdev, "RXQ: failed to get the DMA buffer for %d",
784 urbd1->frbd_tag);
785 return;
786 }
787
788 ret = btintel_pcie_submit_rx_work(data, urbd1->status,
789 buf->data);
790 if (ret) {
791 bt_dev_err(hdev, "RXQ: failed to submit rx request");
792 return;
793 }
794
795 cr_tia = (cr_tia + 1) % rxq->count;
796 data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM] = cr_tia;
797 ipc_print_ia_ring(data->hdev, &data->ia, BTINTEL_PCIE_RXQ_NUM);
798 }
799 }
800
btintel_pcie_msix_isr(int irq,void * data)801 static irqreturn_t btintel_pcie_msix_isr(int irq, void *data)
802 {
803 return IRQ_WAKE_THREAD;
804 }
805
btintel_pcie_is_rxq_empty(struct btintel_pcie_data * data)806 static inline bool btintel_pcie_is_rxq_empty(struct btintel_pcie_data *data)
807 {
808 return data->ia.cr_hia[BTINTEL_PCIE_RXQ_NUM] == data->ia.cr_tia[BTINTEL_PCIE_RXQ_NUM];
809 }
810
btintel_pcie_is_txackq_empty(struct btintel_pcie_data * data)811 static inline bool btintel_pcie_is_txackq_empty(struct btintel_pcie_data *data)
812 {
813 return data->ia.cr_tia[BTINTEL_PCIE_TXQ_NUM] == data->ia.cr_hia[BTINTEL_PCIE_TXQ_NUM];
814 }
815
btintel_pcie_irq_msix_handler(int irq,void * dev_id)816 static irqreturn_t btintel_pcie_irq_msix_handler(int irq, void *dev_id)
817 {
818 struct msix_entry *entry = dev_id;
819 struct btintel_pcie_data *data = btintel_pcie_get_data(entry);
820 u32 intr_fh, intr_hw;
821
822 spin_lock(&data->irq_lock);
823 intr_fh = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES);
824 intr_hw = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES);
825
826 /* Clear causes registers to avoid being handling the same cause */
827 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_CAUSES, intr_fh);
828 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, intr_hw);
829 spin_unlock(&data->irq_lock);
830
831 if (unlikely(!(intr_fh | intr_hw))) {
832 /* Ignore interrupt, inta == 0 */
833 return IRQ_NONE;
834 }
835
836 /* This interrupt is triggered by the firmware after updating
837 * boot_stage register and image_response register
838 */
839 if (intr_hw & BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0)
840 btintel_pcie_msix_gp0_handler(data);
841
842 /* For TX */
843 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0) {
844 btintel_pcie_msix_tx_handle(data);
845 if (!btintel_pcie_is_rxq_empty(data))
846 btintel_pcie_msix_rx_handle(data);
847 }
848
849 /* For RX */
850 if (intr_fh & BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1) {
851 btintel_pcie_msix_rx_handle(data);
852 if (!btintel_pcie_is_txackq_empty(data))
853 btintel_pcie_msix_tx_handle(data);
854 }
855
856 /*
857 * Before sending the interrupt the HW disables it to prevent a nested
858 * interrupt. This is done by writing 1 to the corresponding bit in
859 * the mask register. After handling the interrupt, it should be
860 * re-enabled by clearing this bit. This register is defined as write 1
861 * clear (W1C) register, meaning that it's cleared by writing 1
862 * to the bit.
863 */
864 btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_MSIX_AUTOMASK_ST,
865 BIT(entry->entry));
866
867 return IRQ_HANDLED;
868 }
869
870 /* This function requests the irq for MSI-X and registers the handlers per irq.
871 * Currently, it requests only 1 irq for all interrupt causes.
872 */
btintel_pcie_setup_irq(struct btintel_pcie_data * data)873 static int btintel_pcie_setup_irq(struct btintel_pcie_data *data)
874 {
875 int err;
876 int num_irqs, i;
877
878 for (i = 0; i < BTINTEL_PCIE_MSIX_VEC_MAX; i++)
879 data->msix_entries[i].entry = i;
880
881 num_irqs = pci_alloc_irq_vectors(data->pdev, BTINTEL_PCIE_MSIX_VEC_MIN,
882 BTINTEL_PCIE_MSIX_VEC_MAX, PCI_IRQ_MSIX);
883 if (num_irqs < 0)
884 return num_irqs;
885
886 data->alloc_vecs = num_irqs;
887 data->msix_enabled = 1;
888 data->def_irq = 0;
889
890 /* setup irq handler */
891 for (i = 0; i < data->alloc_vecs; i++) {
892 struct msix_entry *msix_entry;
893
894 msix_entry = &data->msix_entries[i];
895 msix_entry->vector = pci_irq_vector(data->pdev, i);
896
897 err = devm_request_threaded_irq(&data->pdev->dev,
898 msix_entry->vector,
899 btintel_pcie_msix_isr,
900 btintel_pcie_irq_msix_handler,
901 IRQF_SHARED,
902 KBUILD_MODNAME,
903 msix_entry);
904 if (err) {
905 pci_free_irq_vectors(data->pdev);
906 data->alloc_vecs = 0;
907 return err;
908 }
909 }
910 return 0;
911 }
912
913 struct btintel_pcie_causes_list {
914 u32 cause;
915 u32 mask_reg;
916 u8 cause_num;
917 };
918
919 static struct btintel_pcie_causes_list causes_list[] = {
920 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_0, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x00 },
921 { BTINTEL_PCIE_MSIX_FH_INT_CAUSES_1, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK, 0x01 },
922 { BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK, 0x20 },
923 };
924
925 /* This function configures the interrupt masks for both HW_INT_CAUSES and
926 * FH_INT_CAUSES which are meaningful to us.
927 *
928 * After resetting BT function via PCIE FLR or FUNC_CTRL reset, the driver
929 * need to call this function again to configure since the masks
930 * are reset to 0xFFFFFFFF after reset.
931 */
btintel_pcie_config_msix(struct btintel_pcie_data * data)932 static void btintel_pcie_config_msix(struct btintel_pcie_data *data)
933 {
934 int i;
935 int val = data->def_irq | BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE;
936
937 /* Set Non Auto Clear Cause */
938 for (i = 0; i < ARRAY_SIZE(causes_list); i++) {
939 btintel_pcie_wr_reg8(data,
940 BTINTEL_PCIE_CSR_MSIX_IVAR(causes_list[i].cause_num),
941 val);
942 btintel_pcie_clr_reg_bits(data,
943 causes_list[i].mask_reg,
944 causes_list[i].cause);
945 }
946
947 /* Save the initial interrupt mask */
948 data->fh_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_FH_INT_MASK);
949 data->hw_init_mask = ~btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_MSIX_HW_INT_MASK);
950 }
951
btintel_pcie_config_pcie(struct pci_dev * pdev,struct btintel_pcie_data * data)952 static int btintel_pcie_config_pcie(struct pci_dev *pdev,
953 struct btintel_pcie_data *data)
954 {
955 int err;
956
957 err = pcim_enable_device(pdev);
958 if (err)
959 return err;
960
961 pci_set_master(pdev);
962
963 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
964 if (err) {
965 err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
966 if (err)
967 return err;
968 }
969
970 err = pcim_iomap_regions(pdev, BIT(0), KBUILD_MODNAME);
971 if (err)
972 return err;
973
974 data->base_addr = pcim_iomap_table(pdev)[0];
975 if (!data->base_addr)
976 return -ENODEV;
977
978 err = btintel_pcie_setup_irq(data);
979 if (err)
980 return err;
981
982 /* Configure MSI-X with causes list */
983 btintel_pcie_config_msix(data);
984
985 return 0;
986 }
987
btintel_pcie_init_ci(struct btintel_pcie_data * data,struct ctx_info * ci)988 static void btintel_pcie_init_ci(struct btintel_pcie_data *data,
989 struct ctx_info *ci)
990 {
991 ci->version = 0x1;
992 ci->size = sizeof(*ci);
993 ci->config = 0x0000;
994 ci->addr_cr_hia = data->ia.cr_hia_p_addr;
995 ci->addr_tr_tia = data->ia.tr_tia_p_addr;
996 ci->addr_cr_tia = data->ia.cr_tia_p_addr;
997 ci->addr_tr_hia = data->ia.tr_hia_p_addr;
998 ci->num_cr_ia = BTINTEL_PCIE_NUM_QUEUES;
999 ci->num_tr_ia = BTINTEL_PCIE_NUM_QUEUES;
1000 ci->addr_urbdq0 = data->txq.urbd0s_p_addr;
1001 ci->addr_tfdq = data->txq.tfds_p_addr;
1002 ci->num_tfdq = data->txq.count;
1003 ci->num_urbdq0 = data->txq.count;
1004 ci->tfdq_db_vec = BTINTEL_PCIE_TXQ_NUM;
1005 ci->urbdq0_db_vec = BTINTEL_PCIE_TXQ_NUM;
1006 ci->rbd_size = BTINTEL_PCIE_RBD_SIZE_4K;
1007 ci->addr_frbdq = data->rxq.frbds_p_addr;
1008 ci->num_frbdq = data->rxq.count;
1009 ci->frbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1010 ci->addr_urbdq1 = data->rxq.urbd1s_p_addr;
1011 ci->num_urbdq1 = data->rxq.count;
1012 ci->urbdq_db_vec = BTINTEL_PCIE_RXQ_NUM;
1013 }
1014
btintel_pcie_free_txq_bufs(struct btintel_pcie_data * data,struct txq * txq)1015 static void btintel_pcie_free_txq_bufs(struct btintel_pcie_data *data,
1016 struct txq *txq)
1017 {
1018 /* Free data buffers first */
1019 dma_free_coherent(&data->pdev->dev, txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1020 txq->buf_v_addr, txq->buf_p_addr);
1021 kfree(txq->bufs);
1022 }
1023
btintel_pcie_setup_txq_bufs(struct btintel_pcie_data * data,struct txq * txq)1024 static int btintel_pcie_setup_txq_bufs(struct btintel_pcie_data *data,
1025 struct txq *txq)
1026 {
1027 int i;
1028 struct data_buf *buf;
1029
1030 /* Allocate the same number of buffers as the descriptor */
1031 txq->bufs = kmalloc_array(txq->count, sizeof(*buf), GFP_KERNEL);
1032 if (!txq->bufs)
1033 return -ENOMEM;
1034
1035 /* Allocate full chunk of data buffer for DMA first and do indexing and
1036 * initialization next, so it can be freed easily
1037 */
1038 txq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1039 txq->count * BTINTEL_PCIE_BUFFER_SIZE,
1040 &txq->buf_p_addr,
1041 GFP_KERNEL | __GFP_NOWARN);
1042 if (!txq->buf_v_addr) {
1043 kfree(txq->bufs);
1044 return -ENOMEM;
1045 }
1046
1047 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1048 * have virtual address and physical address
1049 */
1050 for (i = 0; i < txq->count; i++) {
1051 buf = &txq->bufs[i];
1052 buf->data_p_addr = txq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1053 buf->data = txq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1054 }
1055
1056 return 0;
1057 }
1058
btintel_pcie_free_rxq_bufs(struct btintel_pcie_data * data,struct rxq * rxq)1059 static void btintel_pcie_free_rxq_bufs(struct btintel_pcie_data *data,
1060 struct rxq *rxq)
1061 {
1062 /* Free data buffers first */
1063 dma_free_coherent(&data->pdev->dev, rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1064 rxq->buf_v_addr, rxq->buf_p_addr);
1065 kfree(rxq->bufs);
1066 }
1067
btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data * data,struct rxq * rxq)1068 static int btintel_pcie_setup_rxq_bufs(struct btintel_pcie_data *data,
1069 struct rxq *rxq)
1070 {
1071 int i;
1072 struct data_buf *buf;
1073
1074 /* Allocate the same number of buffers as the descriptor */
1075 rxq->bufs = kmalloc_array(rxq->count, sizeof(*buf), GFP_KERNEL);
1076 if (!rxq->bufs)
1077 return -ENOMEM;
1078
1079 /* Allocate full chunk of data buffer for DMA first and do indexing and
1080 * initialization next, so it can be freed easily
1081 */
1082 rxq->buf_v_addr = dma_alloc_coherent(&data->pdev->dev,
1083 rxq->count * BTINTEL_PCIE_BUFFER_SIZE,
1084 &rxq->buf_p_addr,
1085 GFP_KERNEL | __GFP_NOWARN);
1086 if (!rxq->buf_v_addr) {
1087 kfree(rxq->bufs);
1088 return -ENOMEM;
1089 }
1090
1091 /* Setup the allocated DMA buffer to bufs. Each data_buf should
1092 * have virtual address and physical address
1093 */
1094 for (i = 0; i < rxq->count; i++) {
1095 buf = &rxq->bufs[i];
1096 buf->data_p_addr = rxq->buf_p_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1097 buf->data = rxq->buf_v_addr + (i * BTINTEL_PCIE_BUFFER_SIZE);
1098 }
1099
1100 return 0;
1101 }
1102
btintel_pcie_setup_ia(struct btintel_pcie_data * data,dma_addr_t p_addr,void * v_addr,struct ia * ia)1103 static void btintel_pcie_setup_ia(struct btintel_pcie_data *data,
1104 dma_addr_t p_addr, void *v_addr,
1105 struct ia *ia)
1106 {
1107 /* TR Head Index Array */
1108 ia->tr_hia_p_addr = p_addr;
1109 ia->tr_hia = v_addr;
1110
1111 /* TR Tail Index Array */
1112 ia->tr_tia_p_addr = p_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1113 ia->tr_tia = v_addr + sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES;
1114
1115 /* CR Head index Array */
1116 ia->cr_hia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1117 ia->cr_hia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 2);
1118
1119 /* CR Tail Index Array */
1120 ia->cr_tia_p_addr = p_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1121 ia->cr_tia = v_addr + (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 3);
1122 }
1123
btintel_pcie_free(struct btintel_pcie_data * data)1124 static void btintel_pcie_free(struct btintel_pcie_data *data)
1125 {
1126 btintel_pcie_free_rxq_bufs(data, &data->rxq);
1127 btintel_pcie_free_txq_bufs(data, &data->txq);
1128
1129 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1130 dma_pool_destroy(data->dma_pool);
1131 }
1132
1133 /* Allocate tx and rx queues, any related data structures and buffers.
1134 */
btintel_pcie_alloc(struct btintel_pcie_data * data)1135 static int btintel_pcie_alloc(struct btintel_pcie_data *data)
1136 {
1137 int err = 0;
1138 size_t total;
1139 dma_addr_t p_addr;
1140 void *v_addr;
1141
1142 /* Allocate the chunk of DMA memory for descriptors, index array, and
1143 * context information, instead of allocating individually.
1144 * The DMA memory for data buffer is allocated while setting up the
1145 * each queue.
1146 *
1147 * Total size is sum of the following
1148 * + size of TFD * Number of descriptors in queue
1149 * + size of URBD0 * Number of descriptors in queue
1150 * + size of FRBD * Number of descriptors in queue
1151 * + size of URBD1 * Number of descriptors in queue
1152 * + size of index * Number of queues(2) * type of index array(4)
1153 * + size of context information
1154 */
1155 total = (sizeof(struct tfd) + sizeof(struct urbd0)) * BTINTEL_PCIE_TX_DESCS_COUNT;
1156 total += (sizeof(struct frbd) + sizeof(struct urbd1)) * BTINTEL_PCIE_RX_DESCS_COUNT;
1157
1158 /* Add the sum of size of index array and size of ci struct */
1159 total += (sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4) + sizeof(struct ctx_info);
1160
1161 /* Allocate DMA Pool */
1162 data->dma_pool = dma_pool_create(KBUILD_MODNAME, &data->pdev->dev,
1163 total, BTINTEL_PCIE_DMA_POOL_ALIGNMENT, 0);
1164 if (!data->dma_pool) {
1165 err = -ENOMEM;
1166 goto exit_error;
1167 }
1168
1169 v_addr = dma_pool_zalloc(data->dma_pool, GFP_KERNEL | __GFP_NOWARN,
1170 &p_addr);
1171 if (!v_addr) {
1172 dma_pool_destroy(data->dma_pool);
1173 err = -ENOMEM;
1174 goto exit_error;
1175 }
1176
1177 data->dma_p_addr = p_addr;
1178 data->dma_v_addr = v_addr;
1179
1180 /* Setup descriptor count */
1181 data->txq.count = BTINTEL_PCIE_TX_DESCS_COUNT;
1182 data->rxq.count = BTINTEL_PCIE_RX_DESCS_COUNT;
1183
1184 /* Setup tfds */
1185 data->txq.tfds_p_addr = p_addr;
1186 data->txq.tfds = v_addr;
1187
1188 p_addr += (sizeof(struct tfd) * BTINTEL_PCIE_TX_DESCS_COUNT);
1189 v_addr += (sizeof(struct tfd) * BTINTEL_PCIE_TX_DESCS_COUNT);
1190
1191 /* Setup urbd0 */
1192 data->txq.urbd0s_p_addr = p_addr;
1193 data->txq.urbd0s = v_addr;
1194
1195 p_addr += (sizeof(struct urbd0) * BTINTEL_PCIE_TX_DESCS_COUNT);
1196 v_addr += (sizeof(struct urbd0) * BTINTEL_PCIE_TX_DESCS_COUNT);
1197
1198 /* Setup FRBD*/
1199 data->rxq.frbds_p_addr = p_addr;
1200 data->rxq.frbds = v_addr;
1201
1202 p_addr += (sizeof(struct frbd) * BTINTEL_PCIE_RX_DESCS_COUNT);
1203 v_addr += (sizeof(struct frbd) * BTINTEL_PCIE_RX_DESCS_COUNT);
1204
1205 /* Setup urbd1 */
1206 data->rxq.urbd1s_p_addr = p_addr;
1207 data->rxq.urbd1s = v_addr;
1208
1209 p_addr += (sizeof(struct urbd1) * BTINTEL_PCIE_RX_DESCS_COUNT);
1210 v_addr += (sizeof(struct urbd1) * BTINTEL_PCIE_RX_DESCS_COUNT);
1211
1212 /* Setup data buffers for txq */
1213 err = btintel_pcie_setup_txq_bufs(data, &data->txq);
1214 if (err)
1215 goto exit_error_pool;
1216
1217 /* Setup data buffers for rxq */
1218 err = btintel_pcie_setup_rxq_bufs(data, &data->rxq);
1219 if (err)
1220 goto exit_error_txq;
1221
1222 /* Setup Index Array */
1223 btintel_pcie_setup_ia(data, p_addr, v_addr, &data->ia);
1224
1225 /* Setup Context Information */
1226 p_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1227 v_addr += sizeof(u16) * BTINTEL_PCIE_NUM_QUEUES * 4;
1228
1229 data->ci = v_addr;
1230 data->ci_p_addr = p_addr;
1231
1232 /* Initialize the CI */
1233 btintel_pcie_init_ci(data, data->ci);
1234
1235 return 0;
1236
1237 exit_error_txq:
1238 btintel_pcie_free_txq_bufs(data, &data->txq);
1239 exit_error_pool:
1240 dma_pool_free(data->dma_pool, data->dma_v_addr, data->dma_p_addr);
1241 dma_pool_destroy(data->dma_pool);
1242 exit_error:
1243 return err;
1244 }
1245
btintel_pcie_open(struct hci_dev * hdev)1246 static int btintel_pcie_open(struct hci_dev *hdev)
1247 {
1248 bt_dev_dbg(hdev, "");
1249
1250 return 0;
1251 }
1252
btintel_pcie_close(struct hci_dev * hdev)1253 static int btintel_pcie_close(struct hci_dev *hdev)
1254 {
1255 bt_dev_dbg(hdev, "");
1256
1257 return 0;
1258 }
1259
btintel_pcie_inject_cmd_complete(struct hci_dev * hdev,__u16 opcode)1260 static int btintel_pcie_inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1261 {
1262 struct sk_buff *skb;
1263 struct hci_event_hdr *hdr;
1264 struct hci_ev_cmd_complete *evt;
1265
1266 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1267 if (!skb)
1268 return -ENOMEM;
1269
1270 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
1271 hdr->evt = HCI_EV_CMD_COMPLETE;
1272 hdr->plen = sizeof(*evt) + 1;
1273
1274 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
1275 evt->ncmd = 0x01;
1276 evt->opcode = cpu_to_le16(opcode);
1277
1278 *(u8 *)skb_put(skb, 1) = 0x00;
1279
1280 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1281
1282 return hci_recv_frame(hdev, skb);
1283 }
1284
btintel_pcie_send_frame(struct hci_dev * hdev,struct sk_buff * skb)1285 static int btintel_pcie_send_frame(struct hci_dev *hdev,
1286 struct sk_buff *skb)
1287 {
1288 struct btintel_pcie_data *data = hci_get_drvdata(hdev);
1289 struct hci_command_hdr *cmd;
1290 __u16 opcode = ~0;
1291 int ret;
1292 u32 type;
1293 u32 old_ctxt;
1294
1295 /* Due to the fw limitation, the type header of the packet should be
1296 * 4 bytes unlike 1 byte for UART. In UART, the firmware can read
1297 * the first byte to get the packet type and redirect the rest of data
1298 * packet to the right handler.
1299 *
1300 * But for PCIe, THF(Transfer Flow Handler) fetches the 4 bytes of data
1301 * from DMA memory and by the time it reads the first 4 bytes, it has
1302 * already consumed some part of packet. Thus the packet type indicator
1303 * for iBT PCIe is 4 bytes.
1304 *
1305 * Luckily, when HCI core creates the skb, it allocates 8 bytes of
1306 * head room for profile and driver use, and before sending the data
1307 * to the device, append the iBT PCIe packet type in the front.
1308 */
1309 switch (hci_skb_pkt_type(skb)) {
1310 case HCI_COMMAND_PKT:
1311 type = BTINTEL_PCIE_HCI_CMD_PKT;
1312 cmd = (void *)skb->data;
1313 opcode = le16_to_cpu(cmd->opcode);
1314 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1315 struct hci_command_hdr *cmd = (void *)skb->data;
1316 __u16 opcode = le16_to_cpu(cmd->opcode);
1317
1318 /* When the 0xfc01 command is issued to boot into
1319 * the operational firmware, it will actually not
1320 * send a command complete event. To keep the flow
1321 * control working inject that event here.
1322 */
1323 if (opcode == 0xfc01)
1324 btintel_pcie_inject_cmd_complete(hdev, opcode);
1325 }
1326 /* Firmware raises alive interrupt on HCI_OP_RESET */
1327 if (opcode == HCI_OP_RESET)
1328 data->gp0_received = false;
1329
1330 hdev->stat.cmd_tx++;
1331 break;
1332 case HCI_ACLDATA_PKT:
1333 type = BTINTEL_PCIE_HCI_ACL_PKT;
1334 hdev->stat.acl_tx++;
1335 break;
1336 case HCI_SCODATA_PKT:
1337 type = BTINTEL_PCIE_HCI_SCO_PKT;
1338 hdev->stat.sco_tx++;
1339 break;
1340 case HCI_ISODATA_PKT:
1341 type = BTINTEL_PCIE_HCI_ISO_PKT;
1342 break;
1343 default:
1344 bt_dev_err(hdev, "Unknown HCI packet type");
1345 return -EILSEQ;
1346 }
1347 memcpy(skb_push(skb, BTINTEL_PCIE_HCI_TYPE_LEN), &type,
1348 BTINTEL_PCIE_HCI_TYPE_LEN);
1349
1350 ret = btintel_pcie_send_sync(data, skb);
1351 if (ret) {
1352 hdev->stat.err_tx++;
1353 bt_dev_err(hdev, "Failed to send frame (%d)", ret);
1354 goto exit_error;
1355 }
1356
1357 if (type == BTINTEL_PCIE_HCI_CMD_PKT &&
1358 (opcode == HCI_OP_RESET || opcode == 0xfc01)) {
1359 old_ctxt = data->alive_intr_ctxt;
1360 data->alive_intr_ctxt =
1361 (opcode == 0xfc01 ? BTINTEL_PCIE_INTEL_HCI_RESET1 :
1362 BTINTEL_PCIE_HCI_RESET);
1363 bt_dev_dbg(data->hdev, "sent cmd: 0x%4.4x alive context changed: %s -> %s",
1364 opcode, btintel_pcie_alivectxt_state2str(old_ctxt),
1365 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1366 if (opcode == HCI_OP_RESET) {
1367 ret = wait_event_timeout(data->gp0_wait_q,
1368 data->gp0_received,
1369 msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
1370 if (!ret) {
1371 hdev->stat.err_tx++;
1372 bt_dev_err(hdev, "No alive interrupt received for %s",
1373 btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
1374 ret = -ETIME;
1375 goto exit_error;
1376 }
1377 }
1378 }
1379 hdev->stat.byte_tx += skb->len;
1380 kfree_skb(skb);
1381
1382 exit_error:
1383 return ret;
1384 }
1385
btintel_pcie_release_hdev(struct btintel_pcie_data * data)1386 static void btintel_pcie_release_hdev(struct btintel_pcie_data *data)
1387 {
1388 struct hci_dev *hdev;
1389
1390 hdev = data->hdev;
1391 hci_unregister_dev(hdev);
1392 hci_free_dev(hdev);
1393 data->hdev = NULL;
1394 }
1395
btintel_pcie_setup(struct hci_dev * hdev)1396 static int btintel_pcie_setup(struct hci_dev *hdev)
1397 {
1398 const u8 param[1] = { 0xFF };
1399 struct intel_version_tlv ver_tlv;
1400 struct sk_buff *skb;
1401 int err;
1402
1403 BT_DBG("%s", hdev->name);
1404
1405 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
1406 if (IS_ERR(skb)) {
1407 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
1408 PTR_ERR(skb));
1409 return PTR_ERR(skb);
1410 }
1411
1412 /* Check the status */
1413 if (skb->data[0]) {
1414 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
1415 skb->data[0]);
1416 err = -EIO;
1417 goto exit_error;
1418 }
1419
1420 /* Apply the common HCI quirks for Intel device */
1421 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
1422 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1423 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
1424
1425 /* Set up the quality report callback for Intel devices */
1426 hdev->set_quality_report = btintel_set_quality_report;
1427
1428 memset(&ver_tlv, 0, sizeof(ver_tlv));
1429 /* For TLV type device, parse the tlv data */
1430 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
1431 if (err) {
1432 bt_dev_err(hdev, "Failed to parse TLV version information");
1433 goto exit_error;
1434 }
1435
1436 switch (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)) {
1437 case 0x37:
1438 break;
1439 default:
1440 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
1441 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
1442 err = -EINVAL;
1443 goto exit_error;
1444 }
1445
1446 /* Check for supported iBT hardware variants of this firmware
1447 * loading method.
1448 *
1449 * This check has been put in place to ensure correct forward
1450 * compatibility options when newer hardware variants come
1451 * along.
1452 */
1453 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
1454 case 0x1e: /* BzrI */
1455 /* Display version information of TLV type */
1456 btintel_version_info_tlv(hdev, &ver_tlv);
1457
1458 /* Apply the device specific HCI quirks for TLV based devices
1459 *
1460 * All TLV based devices support WBS
1461 */
1462 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1463
1464 /* Setup MSFT Extension support */
1465 btintel_set_msft_opcode(hdev,
1466 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1467
1468 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
1469 if (err)
1470 goto exit_error;
1471 break;
1472 default:
1473 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
1474 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
1475 err = -EINVAL;
1476 goto exit_error;
1477 break;
1478 }
1479
1480 btintel_print_fseq_info(hdev);
1481 exit_error:
1482 kfree_skb(skb);
1483
1484 return err;
1485 }
1486
btintel_pcie_setup_hdev(struct btintel_pcie_data * data)1487 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data)
1488 {
1489 int err;
1490 struct hci_dev *hdev;
1491
1492 hdev = hci_alloc_dev_priv(sizeof(struct btintel_data));
1493 if (!hdev)
1494 return -ENOMEM;
1495
1496 hdev->bus = HCI_PCI;
1497 hci_set_drvdata(hdev, data);
1498
1499 data->hdev = hdev;
1500 SET_HCIDEV_DEV(hdev, &data->pdev->dev);
1501
1502 hdev->manufacturer = 2;
1503 hdev->open = btintel_pcie_open;
1504 hdev->close = btintel_pcie_close;
1505 hdev->send = btintel_pcie_send_frame;
1506 hdev->setup = btintel_pcie_setup;
1507 hdev->shutdown = btintel_shutdown_combined;
1508 hdev->hw_error = btintel_hw_error;
1509 hdev->set_diag = btintel_set_diag;
1510 hdev->set_bdaddr = btintel_set_bdaddr;
1511
1512 err = hci_register_dev(hdev);
1513 if (err < 0) {
1514 BT_ERR("Failed to register to hdev (%d)", err);
1515 goto exit_error;
1516 }
1517
1518 return 0;
1519
1520 exit_error:
1521 hci_free_dev(hdev);
1522 return err;
1523 }
1524
btintel_pcie_probe(struct pci_dev * pdev,const struct pci_device_id * ent)1525 static int btintel_pcie_probe(struct pci_dev *pdev,
1526 const struct pci_device_id *ent)
1527 {
1528 int err;
1529 struct btintel_pcie_data *data;
1530
1531 if (!pdev)
1532 return -ENODEV;
1533
1534 data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL);
1535 if (!data)
1536 return -ENOMEM;
1537
1538 data->pdev = pdev;
1539
1540 spin_lock_init(&data->irq_lock);
1541 spin_lock_init(&data->hci_rx_lock);
1542
1543 init_waitqueue_head(&data->gp0_wait_q);
1544 data->gp0_received = false;
1545
1546 init_waitqueue_head(&data->tx_wait_q);
1547 data->tx_wait_done = false;
1548
1549 data->workqueue = alloc_ordered_workqueue(KBUILD_MODNAME, WQ_HIGHPRI);
1550 if (!data->workqueue)
1551 return -ENOMEM;
1552
1553 skb_queue_head_init(&data->rx_skb_q);
1554 INIT_WORK(&data->rx_work, btintel_pcie_rx_work);
1555
1556 data->boot_stage_cache = 0x00;
1557 data->img_resp_cache = 0x00;
1558
1559 err = btintel_pcie_config_pcie(pdev, data);
1560 if (err)
1561 goto exit_error;
1562
1563 pci_set_drvdata(pdev, data);
1564
1565 err = btintel_pcie_alloc(data);
1566 if (err)
1567 goto exit_error;
1568
1569 err = btintel_pcie_enable_bt(data);
1570 if (err)
1571 goto exit_error;
1572
1573 /* CNV information (CNVi and CNVr) is in CSR */
1574 data->cnvi = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_HW_REV_REG);
1575
1576 data->cnvr = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_RF_ID_REG);
1577
1578 err = btintel_pcie_start_rx(data);
1579 if (err)
1580 goto exit_error;
1581
1582 err = btintel_pcie_setup_hdev(data);
1583 if (err)
1584 goto exit_error;
1585
1586 bt_dev_dbg(data->hdev, "cnvi: 0x%8.8x cnvr: 0x%8.8x", data->cnvi,
1587 data->cnvr);
1588 return 0;
1589
1590 exit_error:
1591 /* reset device before exit */
1592 btintel_pcie_reset_bt(data);
1593
1594 pci_clear_master(pdev);
1595
1596 pci_set_drvdata(pdev, NULL);
1597
1598 return err;
1599 }
1600
btintel_pcie_remove(struct pci_dev * pdev)1601 static void btintel_pcie_remove(struct pci_dev *pdev)
1602 {
1603 struct btintel_pcie_data *data;
1604
1605 data = pci_get_drvdata(pdev);
1606
1607 btintel_pcie_reset_bt(data);
1608 for (int i = 0; i < data->alloc_vecs; i++) {
1609 struct msix_entry *msix_entry;
1610
1611 msix_entry = &data->msix_entries[i];
1612 free_irq(msix_entry->vector, msix_entry);
1613 }
1614
1615 pci_free_irq_vectors(pdev);
1616
1617 btintel_pcie_release_hdev(data);
1618
1619 flush_work(&data->rx_work);
1620
1621 destroy_workqueue(data->workqueue);
1622
1623 btintel_pcie_free(data);
1624
1625 pci_clear_master(pdev);
1626
1627 pci_set_drvdata(pdev, NULL);
1628 }
1629
1630 static struct pci_driver btintel_pcie_driver = {
1631 .name = KBUILD_MODNAME,
1632 .id_table = btintel_pcie_table,
1633 .probe = btintel_pcie_probe,
1634 .remove = btintel_pcie_remove,
1635 };
1636 module_pci_driver(btintel_pcie_driver);
1637
1638 MODULE_AUTHOR("Tedd Ho-Jeong An <tedd.an@intel.com>");
1639 MODULE_DESCRIPTION("Intel Bluetooth PCIe transport driver ver " VERSION);
1640 MODULE_VERSION(VERSION);
1641 MODULE_LICENSE("GPL");
1642