xref: /openbmc/linux/drivers/bluetooth/btmtksdio.c (revision 55fd7e02)
1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2019 MediaTek Inc.
3 
4 /*
5  * Bluetooth support for MediaTek SDIO devices
6  *
7  * This file is written based on btsdio.c and btmtkuart.c.
8  *
9  * Author: Sean Wang <sean.wang@mediatek.com>
10  *
11  */
12 
13 #include <asm/unaligned.h>
14 #include <linux/atomic.h>
15 #include <linux/firmware.h>
16 #include <linux/init.h>
17 #include <linux/iopoll.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/pm_runtime.h>
21 #include <linux/skbuff.h>
22 
23 #include <linux/mmc/host.h>
24 #include <linux/mmc/sdio_ids.h>
25 #include <linux/mmc/sdio_func.h>
26 
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 
30 #include "h4_recv.h"
31 
32 #define VERSION "0.1"
33 
34 #define FIRMWARE_MT7663		"mediatek/mt7663pr2h.bin"
35 #define FIRMWARE_MT7668		"mediatek/mt7668pr2h.bin"
36 
37 #define MTKBTSDIO_AUTOSUSPEND_DELAY	8000
38 
39 static bool enable_autosuspend;
40 
41 struct btmtksdio_data {
42 	const char *fwname;
43 };
44 
45 static const struct btmtksdio_data mt7663_data = {
46 	.fwname = FIRMWARE_MT7663,
47 };
48 
49 static const struct btmtksdio_data mt7668_data = {
50 	.fwname = FIRMWARE_MT7668,
51 };
52 
53 static const struct sdio_device_id btmtksdio_table[] = {
54 	{SDIO_DEVICE(SDIO_VENDOR_ID_MEDIATEK, SDIO_DEVICE_ID_MEDIATEK_MT7663),
55 	 .driver_data = (kernel_ulong_t)&mt7663_data },
56 	{SDIO_DEVICE(SDIO_VENDOR_ID_MEDIATEK, SDIO_DEVICE_ID_MEDIATEK_MT7668),
57 	 .driver_data = (kernel_ulong_t)&mt7668_data },
58 	{ }	/* Terminating entry */
59 };
60 MODULE_DEVICE_TABLE(sdio, btmtksdio_table);
61 
62 #define MTK_REG_CHLPCR		0x4	/* W1S */
63 #define C_INT_EN_SET		BIT(0)
64 #define C_INT_EN_CLR		BIT(1)
65 #define C_FW_OWN_REQ_SET	BIT(8)  /* For write */
66 #define C_COM_DRV_OWN		BIT(8)  /* For read */
67 #define C_FW_OWN_REQ_CLR	BIT(9)
68 
69 #define MTK_REG_CSDIOCSR	0x8
70 #define SDIO_RE_INIT_EN		BIT(0)
71 #define SDIO_INT_CTL		BIT(2)
72 
73 #define MTK_REG_CHCR		0xc
74 #define C_INT_CLR_CTRL		BIT(1)
75 
76 /* CHISR have the same bits field definition with CHIER */
77 #define MTK_REG_CHISR		0x10
78 #define MTK_REG_CHIER		0x14
79 #define FW_OWN_BACK_INT		BIT(0)
80 #define RX_DONE_INT		BIT(1)
81 #define TX_EMPTY		BIT(2)
82 #define TX_FIFO_OVERFLOW	BIT(8)
83 #define RX_PKT_LEN		GENMASK(31, 16)
84 
85 #define MTK_REG_CTDR		0x18
86 
87 #define MTK_REG_CRDR		0x1c
88 
89 #define MTK_SDIO_BLOCK_SIZE	256
90 
91 #define BTMTKSDIO_TX_WAIT_VND_EVT	1
92 
93 enum {
94 	MTK_WMT_PATCH_DWNLD = 0x1,
95 	MTK_WMT_TEST = 0x2,
96 	MTK_WMT_WAKEUP = 0x3,
97 	MTK_WMT_HIF = 0x4,
98 	MTK_WMT_FUNC_CTRL = 0x6,
99 	MTK_WMT_RST = 0x7,
100 	MTK_WMT_SEMAPHORE = 0x17,
101 };
102 
103 enum {
104 	BTMTK_WMT_INVALID,
105 	BTMTK_WMT_PATCH_UNDONE,
106 	BTMTK_WMT_PATCH_DONE,
107 	BTMTK_WMT_ON_UNDONE,
108 	BTMTK_WMT_ON_DONE,
109 	BTMTK_WMT_ON_PROGRESS,
110 };
111 
112 struct mtkbtsdio_hdr {
113 	__le16	len;
114 	__le16	reserved;
115 	u8	bt_type;
116 } __packed;
117 
118 struct mtk_wmt_hdr {
119 	u8	dir;
120 	u8	op;
121 	__le16	dlen;
122 	u8	flag;
123 } __packed;
124 
125 struct mtk_hci_wmt_cmd {
126 	struct mtk_wmt_hdr hdr;
127 	u8 data[256];
128 } __packed;
129 
130 struct btmtk_hci_wmt_evt {
131 	struct hci_event_hdr hhdr;
132 	struct mtk_wmt_hdr whdr;
133 } __packed;
134 
135 struct btmtk_hci_wmt_evt_funcc {
136 	struct btmtk_hci_wmt_evt hwhdr;
137 	__be16 status;
138 } __packed;
139 
140 struct btmtk_tci_sleep {
141 	u8 mode;
142 	__le16 duration;
143 	__le16 host_duration;
144 	u8 host_wakeup_pin;
145 	u8 time_compensation;
146 } __packed;
147 
148 struct btmtk_hci_wmt_params {
149 	u8 op;
150 	u8 flag;
151 	u16 dlen;
152 	const void *data;
153 	u32 *status;
154 };
155 
156 struct btmtksdio_dev {
157 	struct hci_dev *hdev;
158 	struct sdio_func *func;
159 	struct device *dev;
160 
161 	struct work_struct tx_work;
162 	unsigned long tx_state;
163 	struct sk_buff_head txq;
164 
165 	struct sk_buff *evt_skb;
166 
167 	const struct btmtksdio_data *data;
168 };
169 
170 static int mtk_hci_wmt_sync(struct hci_dev *hdev,
171 			    struct btmtk_hci_wmt_params *wmt_params)
172 {
173 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
174 	struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
175 	u32 hlen, status = BTMTK_WMT_INVALID;
176 	struct btmtk_hci_wmt_evt *wmt_evt;
177 	struct mtk_hci_wmt_cmd wc;
178 	struct mtk_wmt_hdr *hdr;
179 	int err;
180 
181 	hlen = sizeof(*hdr) + wmt_params->dlen;
182 	if (hlen > 255)
183 		return -EINVAL;
184 
185 	hdr = (struct mtk_wmt_hdr *)&wc;
186 	hdr->dir = 1;
187 	hdr->op = wmt_params->op;
188 	hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
189 	hdr->flag = wmt_params->flag;
190 	memcpy(wc.data, wmt_params->data, wmt_params->dlen);
191 
192 	set_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state);
193 
194 	err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
195 	if (err < 0) {
196 		clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state);
197 		return err;
198 	}
199 
200 	/* The vendor specific WMT commands are all answered by a vendor
201 	 * specific event and will not have the Command Status or Command
202 	 * Complete as with usual HCI command flow control.
203 	 *
204 	 * After sending the command, wait for BTMTKSDIO_TX_WAIT_VND_EVT
205 	 * state to be cleared. The driver specific event receive routine
206 	 * will clear that state and with that indicate completion of the
207 	 * WMT command.
208 	 */
209 	err = wait_on_bit_timeout(&bdev->tx_state, BTMTKSDIO_TX_WAIT_VND_EVT,
210 				  TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
211 	if (err == -EINTR) {
212 		bt_dev_err(hdev, "Execution of wmt command interrupted");
213 		clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state);
214 		return err;
215 	}
216 
217 	if (err) {
218 		bt_dev_err(hdev, "Execution of wmt command timed out");
219 		clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state);
220 		return -ETIMEDOUT;
221 	}
222 
223 	/* Parse and handle the return WMT event */
224 	wmt_evt = (struct btmtk_hci_wmt_evt *)bdev->evt_skb->data;
225 	if (wmt_evt->whdr.op != hdr->op) {
226 		bt_dev_err(hdev, "Wrong op received %d expected %d",
227 			   wmt_evt->whdr.op, hdr->op);
228 		err = -EIO;
229 		goto err_free_skb;
230 	}
231 
232 	switch (wmt_evt->whdr.op) {
233 	case MTK_WMT_SEMAPHORE:
234 		if (wmt_evt->whdr.flag == 2)
235 			status = BTMTK_WMT_PATCH_UNDONE;
236 		else
237 			status = BTMTK_WMT_PATCH_DONE;
238 		break;
239 	case MTK_WMT_FUNC_CTRL:
240 		wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
241 		if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
242 			status = BTMTK_WMT_ON_DONE;
243 		else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
244 			status = BTMTK_WMT_ON_PROGRESS;
245 		else
246 			status = BTMTK_WMT_ON_UNDONE;
247 		break;
248 	}
249 
250 	if (wmt_params->status)
251 		*wmt_params->status = status;
252 
253 err_free_skb:
254 	kfree_skb(bdev->evt_skb);
255 	bdev->evt_skb = NULL;
256 
257 	return err;
258 }
259 
260 static int btmtksdio_tx_packet(struct btmtksdio_dev *bdev,
261 			       struct sk_buff *skb)
262 {
263 	struct mtkbtsdio_hdr *sdio_hdr;
264 	int err;
265 
266 	/* Make sure that there are enough rooms for SDIO header */
267 	if (unlikely(skb_headroom(skb) < sizeof(*sdio_hdr))) {
268 		err = pskb_expand_head(skb, sizeof(*sdio_hdr), 0,
269 				       GFP_ATOMIC);
270 		if (err < 0)
271 			return err;
272 	}
273 
274 	/* Prepend MediaTek SDIO Specific Header */
275 	skb_push(skb, sizeof(*sdio_hdr));
276 
277 	sdio_hdr = (void *)skb->data;
278 	sdio_hdr->len = cpu_to_le16(skb->len);
279 	sdio_hdr->reserved = cpu_to_le16(0);
280 	sdio_hdr->bt_type = hci_skb_pkt_type(skb);
281 
282 	err = sdio_writesb(bdev->func, MTK_REG_CTDR, skb->data,
283 			   round_up(skb->len, MTK_SDIO_BLOCK_SIZE));
284 	if (err < 0)
285 		goto err_skb_pull;
286 
287 	bdev->hdev->stat.byte_tx += skb->len;
288 
289 	kfree_skb(skb);
290 
291 	return 0;
292 
293 err_skb_pull:
294 	skb_pull(skb, sizeof(*sdio_hdr));
295 
296 	return err;
297 }
298 
299 static u32 btmtksdio_drv_own_query(struct btmtksdio_dev *bdev)
300 {
301 	return sdio_readl(bdev->func, MTK_REG_CHLPCR, NULL);
302 }
303 
304 static void btmtksdio_tx_work(struct work_struct *work)
305 {
306 	struct btmtksdio_dev *bdev = container_of(work, struct btmtksdio_dev,
307 						  tx_work);
308 	struct sk_buff *skb;
309 	int err;
310 
311 	pm_runtime_get_sync(bdev->dev);
312 
313 	sdio_claim_host(bdev->func);
314 
315 	while ((skb = skb_dequeue(&bdev->txq))) {
316 		err = btmtksdio_tx_packet(bdev, skb);
317 		if (err < 0) {
318 			bdev->hdev->stat.err_tx++;
319 			skb_queue_head(&bdev->txq, skb);
320 			break;
321 		}
322 	}
323 
324 	sdio_release_host(bdev->func);
325 
326 	pm_runtime_mark_last_busy(bdev->dev);
327 	pm_runtime_put_autosuspend(bdev->dev);
328 }
329 
330 static int btmtksdio_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
331 {
332 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
333 	struct hci_event_hdr *hdr = (void *)skb->data;
334 	int err;
335 
336 	/* Fix up the vendor event id with 0xff for vendor specific instead
337 	 * of 0xe4 so that event send via monitoring socket can be parsed
338 	 * properly.
339 	 */
340 	if (hdr->evt == 0xe4)
341 		hdr->evt = HCI_EV_VENDOR;
342 
343 	/* When someone waits for the WMT event, the skb is being cloned
344 	 * and being processed the events from there then.
345 	 */
346 	if (test_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state)) {
347 		bdev->evt_skb = skb_clone(skb, GFP_KERNEL);
348 		if (!bdev->evt_skb) {
349 			err = -ENOMEM;
350 			goto err_out;
351 		}
352 	}
353 
354 	err = hci_recv_frame(hdev, skb);
355 	if (err < 0)
356 		goto err_free_skb;
357 
358 	if (hdr->evt == HCI_EV_VENDOR) {
359 		if (test_and_clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT,
360 				       &bdev->tx_state)) {
361 			/* Barrier to sync with other CPUs */
362 			smp_mb__after_atomic();
363 			wake_up_bit(&bdev->tx_state, BTMTKSDIO_TX_WAIT_VND_EVT);
364 		}
365 	}
366 
367 	return 0;
368 
369 err_free_skb:
370 	kfree_skb(bdev->evt_skb);
371 	bdev->evt_skb = NULL;
372 
373 err_out:
374 	return err;
375 }
376 
377 static const struct h4_recv_pkt mtk_recv_pkts[] = {
378 	{ H4_RECV_ACL,      .recv = hci_recv_frame },
379 	{ H4_RECV_SCO,      .recv = hci_recv_frame },
380 	{ H4_RECV_EVENT,    .recv = btmtksdio_recv_event },
381 };
382 
383 static int btmtksdio_rx_packet(struct btmtksdio_dev *bdev, u16 rx_size)
384 {
385 	const struct h4_recv_pkt *pkts = mtk_recv_pkts;
386 	int pkts_count = ARRAY_SIZE(mtk_recv_pkts);
387 	struct mtkbtsdio_hdr *sdio_hdr;
388 	int err, i, pad_size;
389 	struct sk_buff *skb;
390 	u16 dlen;
391 
392 	if (rx_size < sizeof(*sdio_hdr))
393 		return -EILSEQ;
394 
395 	/* A SDIO packet is exactly containing a Bluetooth packet */
396 	skb = bt_skb_alloc(rx_size, GFP_KERNEL);
397 	if (!skb)
398 		return -ENOMEM;
399 
400 	skb_put(skb, rx_size);
401 
402 	err = sdio_readsb(bdev->func, skb->data, MTK_REG_CRDR, rx_size);
403 	if (err < 0)
404 		goto err_kfree_skb;
405 
406 	sdio_hdr = (void *)skb->data;
407 
408 	/* We assume the default error as -EILSEQ simply to make the error path
409 	 * be cleaner.
410 	 */
411 	err = -EILSEQ;
412 
413 	if (rx_size != le16_to_cpu(sdio_hdr->len)) {
414 		bt_dev_err(bdev->hdev, "Rx size in sdio header is mismatched ");
415 		goto err_kfree_skb;
416 	}
417 
418 	hci_skb_pkt_type(skb) = sdio_hdr->bt_type;
419 
420 	/* Remove MediaTek SDIO header */
421 	skb_pull(skb, sizeof(*sdio_hdr));
422 
423 	/* We have to dig into the packet to get payload size and then know how
424 	 * many padding bytes at the tail, these padding bytes should be removed
425 	 * before the packet is indicated to the core layer.
426 	 */
427 	for (i = 0; i < pkts_count; i++) {
428 		if (sdio_hdr->bt_type == (&pkts[i])->type)
429 			break;
430 	}
431 
432 	if (i >= pkts_count) {
433 		bt_dev_err(bdev->hdev, "Invalid bt type 0x%02x",
434 			   sdio_hdr->bt_type);
435 		goto err_kfree_skb;
436 	}
437 
438 	/* Remaining bytes cannot hold a header*/
439 	if (skb->len < (&pkts[i])->hlen) {
440 		bt_dev_err(bdev->hdev, "The size of bt header is mismatched");
441 		goto err_kfree_skb;
442 	}
443 
444 	switch ((&pkts[i])->lsize) {
445 		case 1:
446 			dlen = skb->data[(&pkts[i])->loff];
447 			break;
448 		case 2:
449 			dlen = get_unaligned_le16(skb->data +
450 						  (&pkts[i])->loff);
451 			break;
452 		default:
453 			goto err_kfree_skb;
454 	}
455 
456 	pad_size = skb->len - (&pkts[i])->hlen -  dlen;
457 
458 	/* Remaining bytes cannot hold a payload */
459 	if (pad_size < 0) {
460 		bt_dev_err(bdev->hdev, "The size of bt payload is mismatched");
461 		goto err_kfree_skb;
462 	}
463 
464 	/* Remove padding bytes */
465 	skb_trim(skb, skb->len - pad_size);
466 
467 	/* Complete frame */
468 	(&pkts[i])->recv(bdev->hdev, skb);
469 
470 	bdev->hdev->stat.byte_rx += rx_size;
471 
472 	return 0;
473 
474 err_kfree_skb:
475 	kfree_skb(skb);
476 
477 	return err;
478 }
479 
480 static void btmtksdio_interrupt(struct sdio_func *func)
481 {
482 	struct btmtksdio_dev *bdev = sdio_get_drvdata(func);
483 	u32 int_status;
484 	u16 rx_size;
485 
486 	/* It is required that the host gets ownership from the device before
487 	 * accessing any register, however, if SDIO host is not being released,
488 	 * a potential deadlock probably happens in a circular wait between SDIO
489 	 * IRQ work and PM runtime work. So, we have to explicitly release SDIO
490 	 * host here and claim again after the PM runtime work is all done.
491 	 */
492 	sdio_release_host(bdev->func);
493 
494 	pm_runtime_get_sync(bdev->dev);
495 
496 	sdio_claim_host(bdev->func);
497 
498 	/* Disable interrupt */
499 	sdio_writel(func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0);
500 
501 	int_status = sdio_readl(func, MTK_REG_CHISR, NULL);
502 
503 	/* Ack an interrupt as soon as possible before any operation on
504 	 * hardware.
505 	 *
506 	 * Note that we don't ack any status during operations to avoid race
507 	 * condition between the host and the device such as it's possible to
508 	 * mistakenly ack RX_DONE for the next packet and then cause interrupts
509 	 * not be raised again but there is still pending data in the hardware
510 	 * FIFO.
511 	 */
512 	sdio_writel(func, int_status, MTK_REG_CHISR, NULL);
513 
514 	if (unlikely(!int_status))
515 		bt_dev_err(bdev->hdev, "CHISR is 0");
516 
517 	if (int_status & FW_OWN_BACK_INT)
518 		bt_dev_dbg(bdev->hdev, "Get fw own back");
519 
520 	if (int_status & TX_EMPTY)
521 		schedule_work(&bdev->tx_work);
522 	else if (unlikely(int_status & TX_FIFO_OVERFLOW))
523 		bt_dev_warn(bdev->hdev, "Tx fifo overflow");
524 
525 	if (int_status & RX_DONE_INT) {
526 		rx_size = (int_status & RX_PKT_LEN) >> 16;
527 
528 		if (btmtksdio_rx_packet(bdev, rx_size) < 0)
529 			bdev->hdev->stat.err_rx++;
530 	}
531 
532 	/* Enable interrupt */
533 	sdio_writel(func, C_INT_EN_SET, MTK_REG_CHLPCR, 0);
534 
535 	pm_runtime_mark_last_busy(bdev->dev);
536 	pm_runtime_put_autosuspend(bdev->dev);
537 }
538 
539 static int btmtksdio_open(struct hci_dev *hdev)
540 {
541 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
542 	int err;
543 	u32 status;
544 
545 	sdio_claim_host(bdev->func);
546 
547 	err = sdio_enable_func(bdev->func);
548 	if (err < 0)
549 		goto err_release_host;
550 
551 	/* Get ownership from the device */
552 	sdio_writel(bdev->func, C_FW_OWN_REQ_CLR, MTK_REG_CHLPCR, &err);
553 	if (err < 0)
554 		goto err_disable_func;
555 
556 	err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status,
557 				 status & C_COM_DRV_OWN, 2000, 1000000);
558 	if (err < 0) {
559 		bt_dev_err(bdev->hdev, "Cannot get ownership from device");
560 		goto err_disable_func;
561 	}
562 
563 	/* Disable interrupt & mask out all interrupt sources */
564 	sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, &err);
565 	if (err < 0)
566 		goto err_disable_func;
567 
568 	sdio_writel(bdev->func, 0, MTK_REG_CHIER, &err);
569 	if (err < 0)
570 		goto err_disable_func;
571 
572 	err = sdio_claim_irq(bdev->func, btmtksdio_interrupt);
573 	if (err < 0)
574 		goto err_disable_func;
575 
576 	err = sdio_set_block_size(bdev->func, MTK_SDIO_BLOCK_SIZE);
577 	if (err < 0)
578 		goto err_release_irq;
579 
580 	/* SDIO CMD 5 allows the SDIO device back to idle state an
581 	 * synchronous interrupt is supported in SDIO 4-bit mode
582 	 */
583 	sdio_writel(bdev->func, SDIO_INT_CTL | SDIO_RE_INIT_EN,
584 		    MTK_REG_CSDIOCSR, &err);
585 	if (err < 0)
586 		goto err_release_irq;
587 
588 	/* Setup write-1-clear for CHISR register */
589 	sdio_writel(bdev->func, C_INT_CLR_CTRL, MTK_REG_CHCR, &err);
590 	if (err < 0)
591 		goto err_release_irq;
592 
593 	/* Setup interrupt sources */
594 	sdio_writel(bdev->func, RX_DONE_INT | TX_EMPTY | TX_FIFO_OVERFLOW,
595 		    MTK_REG_CHIER, &err);
596 	if (err < 0)
597 		goto err_release_irq;
598 
599 	/* Enable interrupt */
600 	sdio_writel(bdev->func, C_INT_EN_SET, MTK_REG_CHLPCR, &err);
601 	if (err < 0)
602 		goto err_release_irq;
603 
604 	sdio_release_host(bdev->func);
605 
606 	return 0;
607 
608 err_release_irq:
609 	sdio_release_irq(bdev->func);
610 
611 err_disable_func:
612 	sdio_disable_func(bdev->func);
613 
614 err_release_host:
615 	sdio_release_host(bdev->func);
616 
617 	return err;
618 }
619 
620 static int btmtksdio_close(struct hci_dev *hdev)
621 {
622 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
623 	u32 status;
624 	int err;
625 
626 	sdio_claim_host(bdev->func);
627 
628 	/* Disable interrupt */
629 	sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, NULL);
630 
631 	sdio_release_irq(bdev->func);
632 
633 	/* Return ownership to the device */
634 	sdio_writel(bdev->func, C_FW_OWN_REQ_SET, MTK_REG_CHLPCR, NULL);
635 
636 	err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status,
637 				 !(status & C_COM_DRV_OWN), 2000, 1000000);
638 	if (err < 0)
639 		bt_dev_err(bdev->hdev, "Cannot return ownership to device");
640 
641 	sdio_disable_func(bdev->func);
642 
643 	sdio_release_host(bdev->func);
644 
645 	return 0;
646 }
647 
648 static int btmtksdio_flush(struct hci_dev *hdev)
649 {
650 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
651 
652 	skb_queue_purge(&bdev->txq);
653 
654 	cancel_work_sync(&bdev->tx_work);
655 
656 	return 0;
657 }
658 
659 static int btmtksdio_func_query(struct hci_dev *hdev)
660 {
661 	struct btmtk_hci_wmt_params wmt_params;
662 	int status, err;
663 	u8 param = 0;
664 
665 	/* Query whether the function is enabled */
666 	wmt_params.op = MTK_WMT_FUNC_CTRL;
667 	wmt_params.flag = 4;
668 	wmt_params.dlen = sizeof(param);
669 	wmt_params.data = &param;
670 	wmt_params.status = &status;
671 
672 	err = mtk_hci_wmt_sync(hdev, &wmt_params);
673 	if (err < 0) {
674 		bt_dev_err(hdev, "Failed to query function status (%d)", err);
675 		return err;
676 	}
677 
678 	return status;
679 }
680 
681 static int mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
682 {
683 	struct btmtk_hci_wmt_params wmt_params;
684 	const struct firmware *fw;
685 	const u8 *fw_ptr;
686 	size_t fw_size;
687 	int err, dlen;
688 	u8 flag;
689 
690 	err = request_firmware(&fw, fwname, &hdev->dev);
691 	if (err < 0) {
692 		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
693 		return err;
694 	}
695 
696 	fw_ptr = fw->data;
697 	fw_size = fw->size;
698 
699 	/* The size of patch header is 30 bytes, should be skip */
700 	if (fw_size < 30) {
701 		err = -EINVAL;
702 		goto free_fw;
703 	}
704 
705 	fw_size -= 30;
706 	fw_ptr += 30;
707 	flag = 1;
708 
709 	wmt_params.op = MTK_WMT_PATCH_DWNLD;
710 	wmt_params.status = NULL;
711 
712 	while (fw_size > 0) {
713 		dlen = min_t(int, 250, fw_size);
714 
715 		/* Tell device the position in sequence */
716 		if (fw_size - dlen <= 0)
717 			flag = 3;
718 		else if (fw_size < fw->size - 30)
719 			flag = 2;
720 
721 		wmt_params.flag = flag;
722 		wmt_params.dlen = dlen;
723 		wmt_params.data = fw_ptr;
724 
725 		err = mtk_hci_wmt_sync(hdev, &wmt_params);
726 		if (err < 0) {
727 			bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
728 				   err);
729 			goto free_fw;
730 		}
731 
732 		fw_size -= dlen;
733 		fw_ptr += dlen;
734 	}
735 
736 	wmt_params.op = MTK_WMT_RST;
737 	wmt_params.flag = 4;
738 	wmt_params.dlen = 0;
739 	wmt_params.data = NULL;
740 	wmt_params.status = NULL;
741 
742 	/* Activate funciton the firmware providing to */
743 	err = mtk_hci_wmt_sync(hdev, &wmt_params);
744 	if (err < 0) {
745 		bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
746 		goto free_fw;
747 	}
748 
749 	/* Wait a few moments for firmware activation done */
750 	usleep_range(10000, 12000);
751 
752 free_fw:
753 	release_firmware(fw);
754 	return err;
755 }
756 
757 static int btmtksdio_setup(struct hci_dev *hdev)
758 {
759 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
760 	struct btmtk_hci_wmt_params wmt_params;
761 	ktime_t calltime, delta, rettime;
762 	struct btmtk_tci_sleep tci_sleep;
763 	unsigned long long duration;
764 	struct sk_buff *skb;
765 	int err, status;
766 	u8 param = 0x1;
767 
768 	calltime = ktime_get();
769 
770 	/* Query whether the firmware is already download */
771 	wmt_params.op = MTK_WMT_SEMAPHORE;
772 	wmt_params.flag = 1;
773 	wmt_params.dlen = 0;
774 	wmt_params.data = NULL;
775 	wmt_params.status = &status;
776 
777 	err = mtk_hci_wmt_sync(hdev, &wmt_params);
778 	if (err < 0) {
779 		bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
780 		return err;
781 	}
782 
783 	if (status == BTMTK_WMT_PATCH_DONE) {
784 		bt_dev_info(hdev, "Firmware already downloaded");
785 		goto ignore_setup_fw;
786 	}
787 
788 	/* Setup a firmware which the device definitely requires */
789 	err = mtk_setup_firmware(hdev, bdev->data->fwname);
790 	if (err < 0)
791 		return err;
792 
793 ignore_setup_fw:
794 	/* Query whether the device is already enabled */
795 	err = readx_poll_timeout(btmtksdio_func_query, hdev, status,
796 				 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
797 				 2000, 5000000);
798 	/* -ETIMEDOUT happens */
799 	if (err < 0)
800 		return err;
801 
802 	/* The other errors happen in btusb_mtk_func_query */
803 	if (status < 0)
804 		return status;
805 
806 	if (status == BTMTK_WMT_ON_DONE) {
807 		bt_dev_info(hdev, "function already on");
808 		goto ignore_func_on;
809 	}
810 
811 	/* Enable Bluetooth protocol */
812 	wmt_params.op = MTK_WMT_FUNC_CTRL;
813 	wmt_params.flag = 0;
814 	wmt_params.dlen = sizeof(param);
815 	wmt_params.data = &param;
816 	wmt_params.status = NULL;
817 
818 	err = mtk_hci_wmt_sync(hdev, &wmt_params);
819 	if (err < 0) {
820 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
821 		return err;
822 	}
823 
824 ignore_func_on:
825 	/* Apply the low power environment setup */
826 	tci_sleep.mode = 0x5;
827 	tci_sleep.duration = cpu_to_le16(0x640);
828 	tci_sleep.host_duration = cpu_to_le16(0x640);
829 	tci_sleep.host_wakeup_pin = 0;
830 	tci_sleep.time_compensation = 0;
831 
832 	skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
833 			     HCI_INIT_TIMEOUT);
834 	if (IS_ERR(skb)) {
835 		err = PTR_ERR(skb);
836 		bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
837 		return err;
838 	}
839 	kfree_skb(skb);
840 
841 	rettime = ktime_get();
842 	delta = ktime_sub(rettime, calltime);
843 	duration = (unsigned long long)ktime_to_ns(delta) >> 10;
844 
845 	pm_runtime_set_autosuspend_delay(bdev->dev,
846 					 MTKBTSDIO_AUTOSUSPEND_DELAY);
847 	pm_runtime_use_autosuspend(bdev->dev);
848 
849 	err = pm_runtime_set_active(bdev->dev);
850 	if (err < 0)
851 		return err;
852 
853 	/* Default forbid runtime auto suspend, that can be allowed by
854 	 * enable_autosuspend flag or the PM runtime entry under sysfs.
855 	 */
856 	pm_runtime_forbid(bdev->dev);
857 	pm_runtime_enable(bdev->dev);
858 
859 	if (enable_autosuspend)
860 		pm_runtime_allow(bdev->dev);
861 
862 	bt_dev_info(hdev, "Device setup in %llu usecs", duration);
863 
864 	return 0;
865 }
866 
867 static int btmtksdio_shutdown(struct hci_dev *hdev)
868 {
869 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
870 	struct btmtk_hci_wmt_params wmt_params;
871 	u8 param = 0x0;
872 	int err;
873 
874 	/* Get back the state to be consistent with the state
875 	 * in btmtksdio_setup.
876 	 */
877 	pm_runtime_get_sync(bdev->dev);
878 
879 	/* Disable the device */
880 	wmt_params.op = MTK_WMT_FUNC_CTRL;
881 	wmt_params.flag = 0;
882 	wmt_params.dlen = sizeof(param);
883 	wmt_params.data = &param;
884 	wmt_params.status = NULL;
885 
886 	err = mtk_hci_wmt_sync(hdev, &wmt_params);
887 	if (err < 0) {
888 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
889 		return err;
890 	}
891 
892 	pm_runtime_put_noidle(bdev->dev);
893 	pm_runtime_disable(bdev->dev);
894 
895 	return 0;
896 }
897 
898 static int btmtksdio_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
899 {
900 	struct btmtksdio_dev *bdev = hci_get_drvdata(hdev);
901 
902 	switch (hci_skb_pkt_type(skb)) {
903 	case HCI_COMMAND_PKT:
904 		hdev->stat.cmd_tx++;
905 		break;
906 
907 	case HCI_ACLDATA_PKT:
908 		hdev->stat.acl_tx++;
909 		break;
910 
911 	case HCI_SCODATA_PKT:
912 		hdev->stat.sco_tx++;
913 		break;
914 
915 	default:
916 		return -EILSEQ;
917 	}
918 
919 	skb_queue_tail(&bdev->txq, skb);
920 
921 	schedule_work(&bdev->tx_work);
922 
923 	return 0;
924 }
925 
926 static int btmtksdio_probe(struct sdio_func *func,
927 			   const struct sdio_device_id *id)
928 {
929 	struct btmtksdio_dev *bdev;
930 	struct hci_dev *hdev;
931 	int err;
932 
933 	bdev = devm_kzalloc(&func->dev, sizeof(*bdev), GFP_KERNEL);
934 	if (!bdev)
935 		return -ENOMEM;
936 
937 	bdev->data = (void *)id->driver_data;
938 	if (!bdev->data)
939 		return -ENODEV;
940 
941 	bdev->dev = &func->dev;
942 	bdev->func = func;
943 
944 	INIT_WORK(&bdev->tx_work, btmtksdio_tx_work);
945 	skb_queue_head_init(&bdev->txq);
946 
947 	/* Initialize and register HCI device */
948 	hdev = hci_alloc_dev();
949 	if (!hdev) {
950 		dev_err(&func->dev, "Can't allocate HCI device\n");
951 		return -ENOMEM;
952 	}
953 
954 	bdev->hdev = hdev;
955 
956 	hdev->bus = HCI_SDIO;
957 	hci_set_drvdata(hdev, bdev);
958 
959 	hdev->open     = btmtksdio_open;
960 	hdev->close    = btmtksdio_close;
961 	hdev->flush    = btmtksdio_flush;
962 	hdev->setup    = btmtksdio_setup;
963 	hdev->shutdown = btmtksdio_shutdown;
964 	hdev->send     = btmtksdio_send_frame;
965 	SET_HCIDEV_DEV(hdev, &func->dev);
966 
967 	hdev->manufacturer = 70;
968 	set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
969 
970 	err = hci_register_dev(hdev);
971 	if (err < 0) {
972 		dev_err(&func->dev, "Can't register HCI device\n");
973 		hci_free_dev(hdev);
974 		return err;
975 	}
976 
977 	sdio_set_drvdata(func, bdev);
978 
979 	/* pm_runtime_enable would be done after the firmware is being
980 	 * downloaded because the core layer probably already enables
981 	 * runtime PM for this func such as the case host->caps &
982 	 * MMC_CAP_POWER_OFF_CARD.
983 	 */
984 	if (pm_runtime_enabled(bdev->dev))
985 		pm_runtime_disable(bdev->dev);
986 
987 	/* As explaination in drivers/mmc/core/sdio_bus.c tells us:
988 	 * Unbound SDIO functions are always suspended.
989 	 * During probe, the function is set active and the usage count
990 	 * is incremented.  If the driver supports runtime PM,
991 	 * it should call pm_runtime_put_noidle() in its probe routine and
992 	 * pm_runtime_get_noresume() in its remove routine.
993 	 *
994 	 * So, put a pm_runtime_put_noidle here !
995 	 */
996 	pm_runtime_put_noidle(bdev->dev);
997 
998 	return 0;
999 }
1000 
1001 static void btmtksdio_remove(struct sdio_func *func)
1002 {
1003 	struct btmtksdio_dev *bdev = sdio_get_drvdata(func);
1004 	struct hci_dev *hdev;
1005 
1006 	if (!bdev)
1007 		return;
1008 
1009 	/* Be consistent the state in btmtksdio_probe */
1010 	pm_runtime_get_noresume(bdev->dev);
1011 
1012 	hdev = bdev->hdev;
1013 
1014 	sdio_set_drvdata(func, NULL);
1015 	hci_unregister_dev(hdev);
1016 	hci_free_dev(hdev);
1017 }
1018 
1019 #ifdef CONFIG_PM
1020 static int btmtksdio_runtime_suspend(struct device *dev)
1021 {
1022 	struct sdio_func *func = dev_to_sdio_func(dev);
1023 	struct btmtksdio_dev *bdev;
1024 	u32 status;
1025 	int err;
1026 
1027 	bdev = sdio_get_drvdata(func);
1028 	if (!bdev)
1029 		return 0;
1030 
1031 	sdio_claim_host(bdev->func);
1032 
1033 	sdio_writel(bdev->func, C_FW_OWN_REQ_SET, MTK_REG_CHLPCR, &err);
1034 	if (err < 0)
1035 		goto out;
1036 
1037 	err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status,
1038 				 !(status & C_COM_DRV_OWN), 2000, 1000000);
1039 out:
1040 	bt_dev_info(bdev->hdev, "status (%d) return ownership to device", err);
1041 
1042 	sdio_release_host(bdev->func);
1043 
1044 	return err;
1045 }
1046 
1047 static int btmtksdio_runtime_resume(struct device *dev)
1048 {
1049 	struct sdio_func *func = dev_to_sdio_func(dev);
1050 	struct btmtksdio_dev *bdev;
1051 	u32 status;
1052 	int err;
1053 
1054 	bdev = sdio_get_drvdata(func);
1055 	if (!bdev)
1056 		return 0;
1057 
1058 	sdio_claim_host(bdev->func);
1059 
1060 	sdio_writel(bdev->func, C_FW_OWN_REQ_CLR, MTK_REG_CHLPCR, &err);
1061 	if (err < 0)
1062 		goto out;
1063 
1064 	err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status,
1065 				 status & C_COM_DRV_OWN, 2000, 1000000);
1066 out:
1067 	bt_dev_info(bdev->hdev, "status (%d) get ownership from device", err);
1068 
1069 	sdio_release_host(bdev->func);
1070 
1071 	return err;
1072 }
1073 
1074 static UNIVERSAL_DEV_PM_OPS(btmtksdio_pm_ops, btmtksdio_runtime_suspend,
1075 			    btmtksdio_runtime_resume, NULL);
1076 #define BTMTKSDIO_PM_OPS (&btmtksdio_pm_ops)
1077 #else	/* CONFIG_PM */
1078 #define BTMTKSDIO_PM_OPS NULL
1079 #endif	/* CONFIG_PM */
1080 
1081 static struct sdio_driver btmtksdio_driver = {
1082 	.name		= "btmtksdio",
1083 	.probe		= btmtksdio_probe,
1084 	.remove		= btmtksdio_remove,
1085 	.id_table	= btmtksdio_table,
1086 	.drv = {
1087 		.owner = THIS_MODULE,
1088 		.pm = BTMTKSDIO_PM_OPS,
1089 	}
1090 };
1091 
1092 module_sdio_driver(btmtksdio_driver);
1093 
1094 module_param(enable_autosuspend, bool, 0644);
1095 MODULE_PARM_DESC(enable_autosuspend, "Enable autosuspend by default");
1096 
1097 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>");
1098 MODULE_DESCRIPTION("MediaTek Bluetooth SDIO driver ver " VERSION);
1099 MODULE_VERSION(VERSION);
1100 MODULE_LICENSE("GPL");
1101 MODULE_FIRMWARE(FIRMWARE_MT7663);
1102 MODULE_FIRMWARE(FIRMWARE_MT7668);
1103