1 // SPDX-License-Identifier: GPL-2.0 2 // Copyright (c) 2019 MediaTek Inc. 3 4 /* 5 * Bluetooth support for MediaTek SDIO devices 6 * 7 * This file is written based on btsdio.c and btmtkuart.c. 8 * 9 * Author: Sean Wang <sean.wang@mediatek.com> 10 * 11 */ 12 13 #include <asm/unaligned.h> 14 #include <linux/atomic.h> 15 #include <linux/init.h> 16 #include <linux/iopoll.h> 17 #include <linux/kernel.h> 18 #include <linux/module.h> 19 #include <linux/pm_runtime.h> 20 #include <linux/skbuff.h> 21 22 #include <linux/mmc/host.h> 23 #include <linux/mmc/sdio_ids.h> 24 #include <linux/mmc/sdio_func.h> 25 26 #include <net/bluetooth/bluetooth.h> 27 #include <net/bluetooth/hci_core.h> 28 29 #include "h4_recv.h" 30 #include "btmtk.h" 31 32 #define VERSION "0.1" 33 34 #define MTKBTSDIO_AUTOSUSPEND_DELAY 8000 35 36 static bool enable_autosuspend; 37 38 struct btmtksdio_data { 39 const char *fwname; 40 u16 chipid; 41 }; 42 43 static const struct btmtksdio_data mt7663_data = { 44 .fwname = FIRMWARE_MT7663, 45 .chipid = 0x7663, 46 }; 47 48 static const struct btmtksdio_data mt7668_data = { 49 .fwname = FIRMWARE_MT7668, 50 .chipid = 0x7668, 51 }; 52 53 static const struct btmtksdio_data mt7921_data = { 54 .fwname = FIRMWARE_MT7961, 55 .chipid = 0x7921, 56 }; 57 58 static const struct sdio_device_id btmtksdio_table[] = { 59 {SDIO_DEVICE(SDIO_VENDOR_ID_MEDIATEK, SDIO_DEVICE_ID_MEDIATEK_MT7663), 60 .driver_data = (kernel_ulong_t)&mt7663_data }, 61 {SDIO_DEVICE(SDIO_VENDOR_ID_MEDIATEK, SDIO_DEVICE_ID_MEDIATEK_MT7668), 62 .driver_data = (kernel_ulong_t)&mt7668_data }, 63 {SDIO_DEVICE(SDIO_VENDOR_ID_MEDIATEK, SDIO_DEVICE_ID_MEDIATEK_MT7961), 64 .driver_data = (kernel_ulong_t)&mt7921_data }, 65 { } /* Terminating entry */ 66 }; 67 MODULE_DEVICE_TABLE(sdio, btmtksdio_table); 68 69 #define MTK_REG_CHLPCR 0x4 /* W1S */ 70 #define C_INT_EN_SET BIT(0) 71 #define C_INT_EN_CLR BIT(1) 72 #define C_FW_OWN_REQ_SET BIT(8) /* For write */ 73 #define C_COM_DRV_OWN BIT(8) /* For read */ 74 #define C_FW_OWN_REQ_CLR BIT(9) 75 76 #define MTK_REG_CSDIOCSR 0x8 77 #define SDIO_RE_INIT_EN BIT(0) 78 #define SDIO_INT_CTL BIT(2) 79 80 #define MTK_REG_CHCR 0xc 81 #define C_INT_CLR_CTRL BIT(1) 82 83 /* CHISR have the same bits field definition with CHIER */ 84 #define MTK_REG_CHISR 0x10 85 #define MTK_REG_CHIER 0x14 86 #define FW_OWN_BACK_INT BIT(0) 87 #define RX_DONE_INT BIT(1) 88 #define TX_EMPTY BIT(2) 89 #define TX_FIFO_OVERFLOW BIT(8) 90 #define FW_MAILBOX_INT BIT(15) 91 #define RX_PKT_LEN GENMASK(31, 16) 92 93 #define MTK_REG_PH2DSM0R 0xc4 94 #define PH2DSM0R_DRIVER_OWN BIT(0) 95 96 #define MTK_REG_CTDR 0x18 97 98 #define MTK_REG_CRDR 0x1c 99 100 #define MTK_REG_CRPLR 0x24 101 102 #define MTK_SDIO_BLOCK_SIZE 256 103 104 #define BTMTKSDIO_TX_WAIT_VND_EVT 1 105 #define BTMTKSDIO_HW_TX_READY 2 106 #define BTMTKSDIO_FUNC_ENABLED 3 107 108 struct mtkbtsdio_hdr { 109 __le16 len; 110 __le16 reserved; 111 u8 bt_type; 112 } __packed; 113 114 struct btmtksdio_dev { 115 struct hci_dev *hdev; 116 struct sdio_func *func; 117 struct device *dev; 118 119 struct work_struct txrx_work; 120 unsigned long tx_state; 121 struct sk_buff_head txq; 122 123 struct sk_buff *evt_skb; 124 125 const struct btmtksdio_data *data; 126 }; 127 128 static int mtk_hci_wmt_sync(struct hci_dev *hdev, 129 struct btmtk_hci_wmt_params *wmt_params) 130 { 131 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 132 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 133 struct btmtk_hci_wmt_evt_reg *wmt_evt_reg; 134 u32 hlen, status = BTMTK_WMT_INVALID; 135 struct btmtk_hci_wmt_evt *wmt_evt; 136 struct btmtk_hci_wmt_cmd *wc; 137 struct btmtk_wmt_hdr *hdr; 138 int err; 139 140 /* Send the WMT command and wait until the WMT event returns */ 141 hlen = sizeof(*hdr) + wmt_params->dlen; 142 if (hlen > 255) 143 return -EINVAL; 144 145 wc = kzalloc(hlen, GFP_KERNEL); 146 if (!wc) 147 return -ENOMEM; 148 149 hdr = &wc->hdr; 150 hdr->dir = 1; 151 hdr->op = wmt_params->op; 152 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 153 hdr->flag = wmt_params->flag; 154 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 155 156 set_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state); 157 158 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 159 if (err < 0) { 160 clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state); 161 goto err_free_wc; 162 } 163 164 /* The vendor specific WMT commands are all answered by a vendor 165 * specific event and will not have the Command Status or Command 166 * Complete as with usual HCI command flow control. 167 * 168 * After sending the command, wait for BTMTKSDIO_TX_WAIT_VND_EVT 169 * state to be cleared. The driver specific event receive routine 170 * will clear that state and with that indicate completion of the 171 * WMT command. 172 */ 173 err = wait_on_bit_timeout(&bdev->tx_state, BTMTKSDIO_TX_WAIT_VND_EVT, 174 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 175 if (err == -EINTR) { 176 bt_dev_err(hdev, "Execution of wmt command interrupted"); 177 clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state); 178 goto err_free_wc; 179 } 180 181 if (err) { 182 bt_dev_err(hdev, "Execution of wmt command timed out"); 183 clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state); 184 err = -ETIMEDOUT; 185 goto err_free_wc; 186 } 187 188 /* Parse and handle the return WMT event */ 189 wmt_evt = (struct btmtk_hci_wmt_evt *)bdev->evt_skb->data; 190 if (wmt_evt->whdr.op != hdr->op) { 191 bt_dev_err(hdev, "Wrong op received %d expected %d", 192 wmt_evt->whdr.op, hdr->op); 193 err = -EIO; 194 goto err_free_skb; 195 } 196 197 switch (wmt_evt->whdr.op) { 198 case BTMTK_WMT_SEMAPHORE: 199 if (wmt_evt->whdr.flag == 2) 200 status = BTMTK_WMT_PATCH_UNDONE; 201 else 202 status = BTMTK_WMT_PATCH_DONE; 203 break; 204 case BTMTK_WMT_FUNC_CTRL: 205 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 206 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 207 status = BTMTK_WMT_ON_DONE; 208 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 209 status = BTMTK_WMT_ON_PROGRESS; 210 else 211 status = BTMTK_WMT_ON_UNDONE; 212 break; 213 case BTMTK_WMT_PATCH_DWNLD: 214 if (wmt_evt->whdr.flag == 2) 215 status = BTMTK_WMT_PATCH_DONE; 216 else if (wmt_evt->whdr.flag == 1) 217 status = BTMTK_WMT_PATCH_PROGRESS; 218 else 219 status = BTMTK_WMT_PATCH_UNDONE; 220 break; 221 case BTMTK_WMT_REGISTER: 222 wmt_evt_reg = (struct btmtk_hci_wmt_evt_reg *)wmt_evt; 223 if (le16_to_cpu(wmt_evt->whdr.dlen) == 12) 224 status = le32_to_cpu(wmt_evt_reg->val); 225 break; 226 } 227 228 if (wmt_params->status) 229 *wmt_params->status = status; 230 231 err_free_skb: 232 kfree_skb(bdev->evt_skb); 233 bdev->evt_skb = NULL; 234 err_free_wc: 235 kfree(wc); 236 237 return err; 238 } 239 240 static int btmtksdio_tx_packet(struct btmtksdio_dev *bdev, 241 struct sk_buff *skb) 242 { 243 struct mtkbtsdio_hdr *sdio_hdr; 244 int err; 245 246 /* Make sure that there are enough rooms for SDIO header */ 247 if (unlikely(skb_headroom(skb) < sizeof(*sdio_hdr))) { 248 err = pskb_expand_head(skb, sizeof(*sdio_hdr), 0, 249 GFP_ATOMIC); 250 if (err < 0) 251 return err; 252 } 253 254 /* Prepend MediaTek SDIO Specific Header */ 255 skb_push(skb, sizeof(*sdio_hdr)); 256 257 sdio_hdr = (void *)skb->data; 258 sdio_hdr->len = cpu_to_le16(skb->len); 259 sdio_hdr->reserved = cpu_to_le16(0); 260 sdio_hdr->bt_type = hci_skb_pkt_type(skb); 261 262 clear_bit(BTMTKSDIO_HW_TX_READY, &bdev->tx_state); 263 err = sdio_writesb(bdev->func, MTK_REG_CTDR, skb->data, 264 round_up(skb->len, MTK_SDIO_BLOCK_SIZE)); 265 if (err < 0) 266 goto err_skb_pull; 267 268 bdev->hdev->stat.byte_tx += skb->len; 269 270 kfree_skb(skb); 271 272 return 0; 273 274 err_skb_pull: 275 skb_pull(skb, sizeof(*sdio_hdr)); 276 277 return err; 278 } 279 280 static u32 btmtksdio_drv_own_query(struct btmtksdio_dev *bdev) 281 { 282 return sdio_readl(bdev->func, MTK_REG_CHLPCR, NULL); 283 } 284 285 static int btmtksdio_fw_pmctrl(struct btmtksdio_dev *bdev) 286 { 287 u32 status; 288 int err; 289 290 sdio_claim_host(bdev->func); 291 292 /* Return ownership to the device */ 293 sdio_writel(bdev->func, C_FW_OWN_REQ_SET, MTK_REG_CHLPCR, &err); 294 if (err < 0) 295 goto out; 296 297 err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status, 298 !(status & C_COM_DRV_OWN), 2000, 1000000); 299 300 out: 301 sdio_release_host(bdev->func); 302 303 if (err < 0) 304 bt_dev_err(bdev->hdev, "Cannot return ownership to device"); 305 306 return err; 307 } 308 309 static int btmtksdio_drv_pmctrl(struct btmtksdio_dev *bdev) 310 { 311 u32 status; 312 int err; 313 314 sdio_claim_host(bdev->func); 315 316 /* Get ownership from the device */ 317 sdio_writel(bdev->func, C_FW_OWN_REQ_CLR, MTK_REG_CHLPCR, &err); 318 if (err < 0) 319 goto out; 320 321 err = readx_poll_timeout(btmtksdio_drv_own_query, bdev, status, 322 status & C_COM_DRV_OWN, 2000, 1000000); 323 324 out: 325 sdio_release_host(bdev->func); 326 327 if (err < 0) 328 bt_dev_err(bdev->hdev, "Cannot get ownership from device"); 329 330 return err; 331 } 332 333 static int btmtksdio_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 334 { 335 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 336 struct hci_event_hdr *hdr = (void *)skb->data; 337 int err; 338 339 /* Fix up the vendor event id with 0xff for vendor specific instead 340 * of 0xe4 so that event send via monitoring socket can be parsed 341 * properly. 342 */ 343 if (hdr->evt == 0xe4) 344 hdr->evt = HCI_EV_VENDOR; 345 346 /* When someone waits for the WMT event, the skb is being cloned 347 * and being processed the events from there then. 348 */ 349 if (test_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state)) { 350 bdev->evt_skb = skb_clone(skb, GFP_KERNEL); 351 if (!bdev->evt_skb) { 352 err = -ENOMEM; 353 goto err_out; 354 } 355 } 356 357 err = hci_recv_frame(hdev, skb); 358 if (err < 0) 359 goto err_free_skb; 360 361 if (hdr->evt == HCI_EV_VENDOR) { 362 if (test_and_clear_bit(BTMTKSDIO_TX_WAIT_VND_EVT, 363 &bdev->tx_state)) { 364 /* Barrier to sync with other CPUs */ 365 smp_mb__after_atomic(); 366 wake_up_bit(&bdev->tx_state, BTMTKSDIO_TX_WAIT_VND_EVT); 367 } 368 } 369 370 return 0; 371 372 err_free_skb: 373 kfree_skb(bdev->evt_skb); 374 bdev->evt_skb = NULL; 375 376 err_out: 377 return err; 378 } 379 380 static int btmtksdio_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 381 { 382 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 383 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 384 385 switch (handle) { 386 case 0xfc6f: 387 /* Firmware dump from device: when the firmware hangs, the 388 * device can no longer suspend and thus disable auto-suspend. 389 */ 390 pm_runtime_forbid(bdev->dev); 391 fallthrough; 392 case 0x05ff: 393 case 0x05fe: 394 /* Firmware debug logging */ 395 return hci_recv_diag(hdev, skb); 396 } 397 398 return hci_recv_frame(hdev, skb); 399 } 400 401 static const struct h4_recv_pkt mtk_recv_pkts[] = { 402 { H4_RECV_ACL, .recv = btmtksdio_recv_acl }, 403 { H4_RECV_SCO, .recv = hci_recv_frame }, 404 { H4_RECV_EVENT, .recv = btmtksdio_recv_event }, 405 }; 406 407 static int btmtksdio_rx_packet(struct btmtksdio_dev *bdev, u16 rx_size) 408 { 409 const struct h4_recv_pkt *pkts = mtk_recv_pkts; 410 int pkts_count = ARRAY_SIZE(mtk_recv_pkts); 411 struct mtkbtsdio_hdr *sdio_hdr; 412 int err, i, pad_size; 413 struct sk_buff *skb; 414 u16 dlen; 415 416 if (rx_size < sizeof(*sdio_hdr)) 417 return -EILSEQ; 418 419 /* A SDIO packet is exactly containing a Bluetooth packet */ 420 skb = bt_skb_alloc(rx_size, GFP_KERNEL); 421 if (!skb) 422 return -ENOMEM; 423 424 skb_put(skb, rx_size); 425 426 err = sdio_readsb(bdev->func, skb->data, MTK_REG_CRDR, rx_size); 427 if (err < 0) 428 goto err_kfree_skb; 429 430 sdio_hdr = (void *)skb->data; 431 432 /* We assume the default error as -EILSEQ simply to make the error path 433 * be cleaner. 434 */ 435 err = -EILSEQ; 436 437 if (rx_size != le16_to_cpu(sdio_hdr->len)) { 438 bt_dev_err(bdev->hdev, "Rx size in sdio header is mismatched "); 439 goto err_kfree_skb; 440 } 441 442 hci_skb_pkt_type(skb) = sdio_hdr->bt_type; 443 444 /* Remove MediaTek SDIO header */ 445 skb_pull(skb, sizeof(*sdio_hdr)); 446 447 /* We have to dig into the packet to get payload size and then know how 448 * many padding bytes at the tail, these padding bytes should be removed 449 * before the packet is indicated to the core layer. 450 */ 451 for (i = 0; i < pkts_count; i++) { 452 if (sdio_hdr->bt_type == (&pkts[i])->type) 453 break; 454 } 455 456 if (i >= pkts_count) { 457 bt_dev_err(bdev->hdev, "Invalid bt type 0x%02x", 458 sdio_hdr->bt_type); 459 goto err_kfree_skb; 460 } 461 462 /* Remaining bytes cannot hold a header*/ 463 if (skb->len < (&pkts[i])->hlen) { 464 bt_dev_err(bdev->hdev, "The size of bt header is mismatched"); 465 goto err_kfree_skb; 466 } 467 468 switch ((&pkts[i])->lsize) { 469 case 1: 470 dlen = skb->data[(&pkts[i])->loff]; 471 break; 472 case 2: 473 dlen = get_unaligned_le16(skb->data + 474 (&pkts[i])->loff); 475 break; 476 default: 477 goto err_kfree_skb; 478 } 479 480 pad_size = skb->len - (&pkts[i])->hlen - dlen; 481 482 /* Remaining bytes cannot hold a payload */ 483 if (pad_size < 0) { 484 bt_dev_err(bdev->hdev, "The size of bt payload is mismatched"); 485 goto err_kfree_skb; 486 } 487 488 /* Remove padding bytes */ 489 skb_trim(skb, skb->len - pad_size); 490 491 /* Complete frame */ 492 (&pkts[i])->recv(bdev->hdev, skb); 493 494 bdev->hdev->stat.byte_rx += rx_size; 495 496 return 0; 497 498 err_kfree_skb: 499 kfree_skb(skb); 500 501 return err; 502 } 503 504 static void btmtksdio_txrx_work(struct work_struct *work) 505 { 506 struct btmtksdio_dev *bdev = container_of(work, struct btmtksdio_dev, 507 txrx_work); 508 unsigned long txrx_timeout; 509 u32 int_status, rx_size; 510 struct sk_buff *skb; 511 int err; 512 513 pm_runtime_get_sync(bdev->dev); 514 515 sdio_claim_host(bdev->func); 516 517 /* Disable interrupt */ 518 sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0); 519 520 txrx_timeout = jiffies + 5 * HZ; 521 522 do { 523 int_status = sdio_readl(bdev->func, MTK_REG_CHISR, NULL); 524 525 /* Ack an interrupt as soon as possible before any operation on 526 * hardware. 527 * 528 * Note that we don't ack any status during operations to avoid race 529 * condition between the host and the device such as it's possible to 530 * mistakenly ack RX_DONE for the next packet and then cause interrupts 531 * not be raised again but there is still pending data in the hardware 532 * FIFO. 533 */ 534 sdio_writel(bdev->func, int_status, MTK_REG_CHISR, NULL); 535 536 if ((int_status & FW_MAILBOX_INT) && 537 bdev->data->chipid == 0x7921) { 538 sdio_writel(bdev->func, PH2DSM0R_DRIVER_OWN, 539 MTK_REG_PH2DSM0R, 0); 540 } 541 542 if (int_status & FW_OWN_BACK_INT) 543 bt_dev_dbg(bdev->hdev, "Get fw own back"); 544 545 if (int_status & TX_EMPTY) 546 set_bit(BTMTKSDIO_HW_TX_READY, &bdev->tx_state); 547 548 else if (unlikely(int_status & TX_FIFO_OVERFLOW)) 549 bt_dev_warn(bdev->hdev, "Tx fifo overflow"); 550 551 if (test_bit(BTMTKSDIO_HW_TX_READY, &bdev->tx_state)) { 552 skb = skb_dequeue(&bdev->txq); 553 if (skb) { 554 err = btmtksdio_tx_packet(bdev, skb); 555 if (err < 0) { 556 bdev->hdev->stat.err_tx++; 557 skb_queue_head(&bdev->txq, skb); 558 } 559 } 560 } 561 562 if (int_status & RX_DONE_INT) { 563 rx_size = sdio_readl(bdev->func, MTK_REG_CRPLR, NULL); 564 rx_size = (rx_size & RX_PKT_LEN) >> 16; 565 if (btmtksdio_rx_packet(bdev, rx_size) < 0) 566 bdev->hdev->stat.err_rx++; 567 } 568 } while (int_status || time_is_before_jiffies(txrx_timeout)); 569 570 /* Enable interrupt */ 571 sdio_writel(bdev->func, C_INT_EN_SET, MTK_REG_CHLPCR, 0); 572 573 sdio_release_host(bdev->func); 574 575 pm_runtime_mark_last_busy(bdev->dev); 576 pm_runtime_put_autosuspend(bdev->dev); 577 } 578 579 static void btmtksdio_interrupt(struct sdio_func *func) 580 { 581 struct btmtksdio_dev *bdev = sdio_get_drvdata(func); 582 583 /* Disable interrupt */ 584 sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0); 585 586 schedule_work(&bdev->txrx_work); 587 } 588 589 static int btmtksdio_open(struct hci_dev *hdev) 590 { 591 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 592 u32 val; 593 int err; 594 595 sdio_claim_host(bdev->func); 596 597 err = sdio_enable_func(bdev->func); 598 if (err < 0) 599 goto err_release_host; 600 601 set_bit(BTMTKSDIO_FUNC_ENABLED, &bdev->tx_state); 602 603 err = btmtksdio_drv_pmctrl(bdev); 604 if (err < 0) 605 goto err_disable_func; 606 607 /* Disable interrupt & mask out all interrupt sources */ 608 sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, &err); 609 if (err < 0) 610 goto err_disable_func; 611 612 sdio_writel(bdev->func, 0, MTK_REG_CHIER, &err); 613 if (err < 0) 614 goto err_disable_func; 615 616 err = sdio_claim_irq(bdev->func, btmtksdio_interrupt); 617 if (err < 0) 618 goto err_disable_func; 619 620 err = sdio_set_block_size(bdev->func, MTK_SDIO_BLOCK_SIZE); 621 if (err < 0) 622 goto err_release_irq; 623 624 /* SDIO CMD 5 allows the SDIO device back to idle state an 625 * synchronous interrupt is supported in SDIO 4-bit mode 626 */ 627 val = sdio_readl(bdev->func, MTK_REG_CSDIOCSR, &err); 628 if (err < 0) 629 goto err_release_irq; 630 631 val |= SDIO_INT_CTL; 632 sdio_writel(bdev->func, val, MTK_REG_CSDIOCSR, &err); 633 if (err < 0) 634 goto err_release_irq; 635 636 /* Explitly set write-1-clear method */ 637 val = sdio_readl(bdev->func, MTK_REG_CHCR, &err); 638 if (err < 0) 639 goto err_release_irq; 640 641 val |= C_INT_CLR_CTRL; 642 sdio_writel(bdev->func, val, MTK_REG_CHCR, &err); 643 if (err < 0) 644 goto err_release_irq; 645 646 /* Setup interrupt sources */ 647 sdio_writel(bdev->func, RX_DONE_INT | TX_EMPTY | TX_FIFO_OVERFLOW, 648 MTK_REG_CHIER, &err); 649 if (err < 0) 650 goto err_release_irq; 651 652 /* Enable interrupt */ 653 sdio_writel(bdev->func, C_INT_EN_SET, MTK_REG_CHLPCR, &err); 654 if (err < 0) 655 goto err_release_irq; 656 657 sdio_release_host(bdev->func); 658 659 return 0; 660 661 err_release_irq: 662 sdio_release_irq(bdev->func); 663 664 err_disable_func: 665 sdio_disable_func(bdev->func); 666 667 err_release_host: 668 sdio_release_host(bdev->func); 669 670 return err; 671 } 672 673 static int btmtksdio_close(struct hci_dev *hdev) 674 { 675 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 676 677 sdio_claim_host(bdev->func); 678 679 /* Disable interrupt */ 680 sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, NULL); 681 682 sdio_release_irq(bdev->func); 683 684 cancel_work_sync(&bdev->txrx_work); 685 686 btmtksdio_fw_pmctrl(bdev); 687 688 clear_bit(BTMTKSDIO_FUNC_ENABLED, &bdev->tx_state); 689 sdio_disable_func(bdev->func); 690 691 sdio_release_host(bdev->func); 692 693 return 0; 694 } 695 696 static int btmtksdio_flush(struct hci_dev *hdev) 697 { 698 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 699 700 skb_queue_purge(&bdev->txq); 701 702 cancel_work_sync(&bdev->txrx_work); 703 704 return 0; 705 } 706 707 static int btmtksdio_func_query(struct hci_dev *hdev) 708 { 709 struct btmtk_hci_wmt_params wmt_params; 710 int status, err; 711 u8 param = 0; 712 713 /* Query whether the function is enabled */ 714 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 715 wmt_params.flag = 4; 716 wmt_params.dlen = sizeof(param); 717 wmt_params.data = ¶m; 718 wmt_params.status = &status; 719 720 err = mtk_hci_wmt_sync(hdev, &wmt_params); 721 if (err < 0) { 722 bt_dev_err(hdev, "Failed to query function status (%d)", err); 723 return err; 724 } 725 726 return status; 727 } 728 729 static int mt76xx_setup(struct hci_dev *hdev, const char *fwname) 730 { 731 struct btmtk_hci_wmt_params wmt_params; 732 struct btmtk_tci_sleep tci_sleep; 733 struct sk_buff *skb; 734 int err, status; 735 u8 param = 0x1; 736 737 /* Query whether the firmware is already download */ 738 wmt_params.op = BTMTK_WMT_SEMAPHORE; 739 wmt_params.flag = 1; 740 wmt_params.dlen = 0; 741 wmt_params.data = NULL; 742 wmt_params.status = &status; 743 744 err = mtk_hci_wmt_sync(hdev, &wmt_params); 745 if (err < 0) { 746 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 747 return err; 748 } 749 750 if (status == BTMTK_WMT_PATCH_DONE) { 751 bt_dev_info(hdev, "Firmware already downloaded"); 752 goto ignore_setup_fw; 753 } 754 755 /* Setup a firmware which the device definitely requires */ 756 err = btmtk_setup_firmware(hdev, fwname, mtk_hci_wmt_sync); 757 if (err < 0) 758 return err; 759 760 ignore_setup_fw: 761 /* Query whether the device is already enabled */ 762 err = readx_poll_timeout(btmtksdio_func_query, hdev, status, 763 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 764 2000, 5000000); 765 /* -ETIMEDOUT happens */ 766 if (err < 0) 767 return err; 768 769 /* The other errors happen in btusb_mtk_func_query */ 770 if (status < 0) 771 return status; 772 773 if (status == BTMTK_WMT_ON_DONE) { 774 bt_dev_info(hdev, "function already on"); 775 goto ignore_func_on; 776 } 777 778 /* Enable Bluetooth protocol */ 779 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 780 wmt_params.flag = 0; 781 wmt_params.dlen = sizeof(param); 782 wmt_params.data = ¶m; 783 wmt_params.status = NULL; 784 785 err = mtk_hci_wmt_sync(hdev, &wmt_params); 786 if (err < 0) { 787 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 788 return err; 789 } 790 791 ignore_func_on: 792 /* Apply the low power environment setup */ 793 tci_sleep.mode = 0x5; 794 tci_sleep.duration = cpu_to_le16(0x640); 795 tci_sleep.host_duration = cpu_to_le16(0x640); 796 tci_sleep.host_wakeup_pin = 0; 797 tci_sleep.time_compensation = 0; 798 799 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 800 HCI_INIT_TIMEOUT); 801 if (IS_ERR(skb)) { 802 err = PTR_ERR(skb); 803 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 804 return err; 805 } 806 kfree_skb(skb); 807 808 return 0; 809 } 810 811 static int mt79xx_setup(struct hci_dev *hdev, const char *fwname) 812 { 813 struct btmtk_hci_wmt_params wmt_params; 814 u8 param = 0x1; 815 int err; 816 817 err = btmtk_setup_firmware_79xx(hdev, fwname, mtk_hci_wmt_sync); 818 if (err < 0) { 819 bt_dev_err(hdev, "Failed to setup 79xx firmware (%d)", err); 820 return err; 821 } 822 823 /* Enable Bluetooth protocol */ 824 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 825 wmt_params.flag = 0; 826 wmt_params.dlen = sizeof(param); 827 wmt_params.data = ¶m; 828 wmt_params.status = NULL; 829 830 err = mtk_hci_wmt_sync(hdev, &wmt_params); 831 if (err < 0) { 832 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 833 return err; 834 } 835 836 hci_set_msft_opcode(hdev, 0xFD30); 837 hci_set_aosp_capable(hdev); 838 839 return err; 840 } 841 842 static int btmtksdio_mtk_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 843 { 844 struct btmtk_hci_wmt_params wmt_params; 845 struct reg_read_cmd reg_read = { 846 .type = 1, 847 .num = 1, 848 }; 849 u32 status; 850 int err; 851 852 reg_read.addr = cpu_to_le32(reg); 853 wmt_params.op = BTMTK_WMT_REGISTER; 854 wmt_params.flag = BTMTK_WMT_REG_READ; 855 wmt_params.dlen = sizeof(reg_read); 856 wmt_params.data = ®_read; 857 wmt_params.status = &status; 858 859 err = mtk_hci_wmt_sync(hdev, &wmt_params); 860 if (err < 0) { 861 bt_dev_err(hdev, "Failed to read reg (%d)", err); 862 return err; 863 } 864 865 *val = status; 866 867 return err; 868 } 869 870 static int btmtksdio_mtk_reg_write(struct hci_dev *hdev, u32 reg, u32 val, u32 mask) 871 { 872 struct btmtk_hci_wmt_params wmt_params; 873 const struct reg_write_cmd reg_write = { 874 .type = 1, 875 .num = 1, 876 .addr = cpu_to_le32(reg), 877 .data = cpu_to_le32(val), 878 .mask = cpu_to_le32(mask), 879 }; 880 int err, status; 881 882 wmt_params.op = BTMTK_WMT_REGISTER; 883 wmt_params.flag = BTMTK_WMT_REG_WRITE; 884 wmt_params.dlen = sizeof(reg_write); 885 wmt_params.data = ®_write; 886 wmt_params.status = &status; 887 888 err = mtk_hci_wmt_sync(hdev, &wmt_params); 889 if (err < 0) 890 bt_dev_err(hdev, "Failed to write reg (%d)", err); 891 892 return err; 893 } 894 895 static int btmtksdio_sco_setting(struct hci_dev *hdev) 896 { 897 const struct btmtk_sco sco_setting = { 898 .clock_config = 0x49, 899 .channel_format_config = 0x80, 900 }; 901 struct sk_buff *skb; 902 u32 val; 903 int err; 904 905 /* Enable SCO over I2S/PCM for MediaTek chipset */ 906 skb = __hci_cmd_sync(hdev, 0xfc72, sizeof(sco_setting), 907 &sco_setting, HCI_CMD_TIMEOUT); 908 if (IS_ERR(skb)) 909 return PTR_ERR(skb); 910 911 kfree_skb(skb); 912 913 err = btmtksdio_mtk_reg_read(hdev, MT7921_PINMUX_0, &val); 914 if (err < 0) 915 return err; 916 917 val |= 0x11000000; 918 err = btmtksdio_mtk_reg_write(hdev, MT7921_PINMUX_0, val, ~0); 919 if (err < 0) 920 return err; 921 922 err = btmtksdio_mtk_reg_read(hdev, MT7921_PINMUX_1, &val); 923 if (err < 0) 924 return err; 925 926 val |= 0x00000101; 927 return btmtksdio_mtk_reg_write(hdev, MT7921_PINMUX_1, val, ~0); 928 } 929 930 static int btmtksdio_setup(struct hci_dev *hdev) 931 { 932 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 933 ktime_t calltime, delta, rettime; 934 unsigned long long duration; 935 char fwname[64]; 936 int err, dev_id; 937 u32 fw_version = 0; 938 939 calltime = ktime_get(); 940 set_bit(BTMTKSDIO_HW_TX_READY, &bdev->tx_state); 941 942 switch (bdev->data->chipid) { 943 case 0x7921: 944 err = btmtksdio_mtk_reg_read(hdev, 0x70010200, &dev_id); 945 if (err < 0) { 946 bt_dev_err(hdev, "Failed to get device id (%d)", err); 947 return err; 948 } 949 950 err = btmtksdio_mtk_reg_read(hdev, 0x80021004, &fw_version); 951 if (err < 0) { 952 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 953 return err; 954 } 955 956 snprintf(fwname, sizeof(fwname), 957 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 958 dev_id & 0xffff, (fw_version & 0xff) + 1); 959 err = mt79xx_setup(hdev, fwname); 960 if (err < 0) 961 return err; 962 963 /* Enable SCO over I2S/PCM */ 964 err = btmtksdio_sco_setting(hdev); 965 if (err < 0) { 966 bt_dev_err(hdev, "Failed to enable SCO setting (%d)", err); 967 return err; 968 } 969 970 break; 971 case 0x7663: 972 case 0x7668: 973 err = mt76xx_setup(hdev, bdev->data->fwname); 974 if (err < 0) 975 return err; 976 break; 977 default: 978 return -ENODEV; 979 } 980 981 rettime = ktime_get(); 982 delta = ktime_sub(rettime, calltime); 983 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 984 985 pm_runtime_set_autosuspend_delay(bdev->dev, 986 MTKBTSDIO_AUTOSUSPEND_DELAY); 987 pm_runtime_use_autosuspend(bdev->dev); 988 989 err = pm_runtime_set_active(bdev->dev); 990 if (err < 0) 991 return err; 992 993 /* Default forbid runtime auto suspend, that can be allowed by 994 * enable_autosuspend flag or the PM runtime entry under sysfs. 995 */ 996 pm_runtime_forbid(bdev->dev); 997 pm_runtime_enable(bdev->dev); 998 999 if (enable_autosuspend) 1000 pm_runtime_allow(bdev->dev); 1001 1002 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1003 1004 return 0; 1005 } 1006 1007 static int btmtksdio_shutdown(struct hci_dev *hdev) 1008 { 1009 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 1010 struct btmtk_hci_wmt_params wmt_params; 1011 u8 param = 0x0; 1012 int err; 1013 1014 /* Get back the state to be consistent with the state 1015 * in btmtksdio_setup. 1016 */ 1017 pm_runtime_get_sync(bdev->dev); 1018 1019 /* Disable the device */ 1020 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1021 wmt_params.flag = 0; 1022 wmt_params.dlen = sizeof(param); 1023 wmt_params.data = ¶m; 1024 wmt_params.status = NULL; 1025 1026 err = mtk_hci_wmt_sync(hdev, &wmt_params); 1027 if (err < 0) { 1028 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1029 return err; 1030 } 1031 1032 pm_runtime_put_noidle(bdev->dev); 1033 pm_runtime_disable(bdev->dev); 1034 1035 return 0; 1036 } 1037 1038 static int btmtksdio_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1039 { 1040 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 1041 1042 switch (hci_skb_pkt_type(skb)) { 1043 case HCI_COMMAND_PKT: 1044 hdev->stat.cmd_tx++; 1045 break; 1046 1047 case HCI_ACLDATA_PKT: 1048 hdev->stat.acl_tx++; 1049 break; 1050 1051 case HCI_SCODATA_PKT: 1052 hdev->stat.sco_tx++; 1053 break; 1054 1055 default: 1056 return -EILSEQ; 1057 } 1058 1059 skb_queue_tail(&bdev->txq, skb); 1060 1061 schedule_work(&bdev->txrx_work); 1062 1063 return 0; 1064 } 1065 1066 static bool btmtksdio_sdio_wakeup(struct hci_dev *hdev) 1067 { 1068 struct btmtksdio_dev *bdev = hci_get_drvdata(hdev); 1069 bool may_wakeup = device_may_wakeup(bdev->dev); 1070 const struct btmtk_wakeon bt_awake = { 1071 .mode = 0x1, 1072 .gpo = 0, 1073 .active_high = 0x1, 1074 .enable_delay = cpu_to_le16(0xc80), 1075 .wakeup_delay = cpu_to_le16(0x20), 1076 }; 1077 1078 if (may_wakeup && bdev->data->chipid == 0x7921) { 1079 struct sk_buff *skb; 1080 1081 skb = __hci_cmd_sync(hdev, 0xfc27, sizeof(bt_awake), 1082 &bt_awake, HCI_CMD_TIMEOUT); 1083 if (IS_ERR(skb)) 1084 may_wakeup = false; 1085 1086 kfree_skb(skb); 1087 } 1088 1089 return may_wakeup; 1090 } 1091 1092 static int btmtksdio_probe(struct sdio_func *func, 1093 const struct sdio_device_id *id) 1094 { 1095 struct btmtksdio_dev *bdev; 1096 struct hci_dev *hdev; 1097 int err; 1098 1099 bdev = devm_kzalloc(&func->dev, sizeof(*bdev), GFP_KERNEL); 1100 if (!bdev) 1101 return -ENOMEM; 1102 1103 bdev->data = (void *)id->driver_data; 1104 if (!bdev->data) 1105 return -ENODEV; 1106 1107 bdev->dev = &func->dev; 1108 bdev->func = func; 1109 1110 INIT_WORK(&bdev->txrx_work, btmtksdio_txrx_work); 1111 skb_queue_head_init(&bdev->txq); 1112 1113 /* Initialize and register HCI device */ 1114 hdev = hci_alloc_dev(); 1115 if (!hdev) { 1116 dev_err(&func->dev, "Can't allocate HCI device\n"); 1117 return -ENOMEM; 1118 } 1119 1120 bdev->hdev = hdev; 1121 1122 hdev->bus = HCI_SDIO; 1123 hci_set_drvdata(hdev, bdev); 1124 1125 hdev->open = btmtksdio_open; 1126 hdev->close = btmtksdio_close; 1127 hdev->flush = btmtksdio_flush; 1128 hdev->setup = btmtksdio_setup; 1129 hdev->shutdown = btmtksdio_shutdown; 1130 hdev->send = btmtksdio_send_frame; 1131 hdev->wakeup = btmtksdio_sdio_wakeup; 1132 hdev->set_bdaddr = btmtk_set_bdaddr; 1133 1134 SET_HCIDEV_DEV(hdev, &func->dev); 1135 1136 hdev->manufacturer = 70; 1137 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks); 1138 1139 err = hci_register_dev(hdev); 1140 if (err < 0) { 1141 dev_err(&func->dev, "Can't register HCI device\n"); 1142 hci_free_dev(hdev); 1143 return err; 1144 } 1145 1146 sdio_set_drvdata(func, bdev); 1147 1148 /* pm_runtime_enable would be done after the firmware is being 1149 * downloaded because the core layer probably already enables 1150 * runtime PM for this func such as the case host->caps & 1151 * MMC_CAP_POWER_OFF_CARD. 1152 */ 1153 if (pm_runtime_enabled(bdev->dev)) 1154 pm_runtime_disable(bdev->dev); 1155 1156 /* As explaination in drivers/mmc/core/sdio_bus.c tells us: 1157 * Unbound SDIO functions are always suspended. 1158 * During probe, the function is set active and the usage count 1159 * is incremented. If the driver supports runtime PM, 1160 * it should call pm_runtime_put_noidle() in its probe routine and 1161 * pm_runtime_get_noresume() in its remove routine. 1162 * 1163 * So, put a pm_runtime_put_noidle here ! 1164 */ 1165 pm_runtime_put_noidle(bdev->dev); 1166 1167 err = device_init_wakeup(bdev->dev, true); 1168 if (err) 1169 bt_dev_err(hdev, "failed to initialize device wakeup"); 1170 1171 return err; 1172 } 1173 1174 static void btmtksdio_remove(struct sdio_func *func) 1175 { 1176 struct btmtksdio_dev *bdev = sdio_get_drvdata(func); 1177 struct hci_dev *hdev; 1178 1179 if (!bdev) 1180 return; 1181 1182 /* Be consistent the state in btmtksdio_probe */ 1183 pm_runtime_get_noresume(bdev->dev); 1184 1185 hdev = bdev->hdev; 1186 1187 sdio_set_drvdata(func, NULL); 1188 hci_unregister_dev(hdev); 1189 hci_free_dev(hdev); 1190 } 1191 1192 #ifdef CONFIG_PM 1193 static int btmtksdio_runtime_suspend(struct device *dev) 1194 { 1195 struct sdio_func *func = dev_to_sdio_func(dev); 1196 struct btmtksdio_dev *bdev; 1197 int err; 1198 1199 bdev = sdio_get_drvdata(func); 1200 if (!bdev) 1201 return 0; 1202 1203 if (!test_bit(BTMTKSDIO_FUNC_ENABLED, &bdev->tx_state)) 1204 return 0; 1205 1206 sdio_set_host_pm_flags(func, MMC_PM_KEEP_POWER); 1207 1208 err = btmtksdio_fw_pmctrl(bdev); 1209 1210 bt_dev_info(bdev->hdev, "status (%d) return ownership to device", err); 1211 1212 return err; 1213 } 1214 1215 static int btmtksdio_runtime_resume(struct device *dev) 1216 { 1217 struct sdio_func *func = dev_to_sdio_func(dev); 1218 struct btmtksdio_dev *bdev; 1219 int err; 1220 1221 bdev = sdio_get_drvdata(func); 1222 if (!bdev) 1223 return 0; 1224 1225 if (!test_bit(BTMTKSDIO_FUNC_ENABLED, &bdev->tx_state)) 1226 return 0; 1227 1228 err = btmtksdio_drv_pmctrl(bdev); 1229 1230 bt_dev_info(bdev->hdev, "status (%d) get ownership from device", err); 1231 1232 return err; 1233 } 1234 1235 static UNIVERSAL_DEV_PM_OPS(btmtksdio_pm_ops, btmtksdio_runtime_suspend, 1236 btmtksdio_runtime_resume, NULL); 1237 #define BTMTKSDIO_PM_OPS (&btmtksdio_pm_ops) 1238 #else /* CONFIG_PM */ 1239 #define BTMTKSDIO_PM_OPS NULL 1240 #endif /* CONFIG_PM */ 1241 1242 static struct sdio_driver btmtksdio_driver = { 1243 .name = "btmtksdio", 1244 .probe = btmtksdio_probe, 1245 .remove = btmtksdio_remove, 1246 .id_table = btmtksdio_table, 1247 .drv = { 1248 .owner = THIS_MODULE, 1249 .pm = BTMTKSDIO_PM_OPS, 1250 } 1251 }; 1252 1253 module_sdio_driver(btmtksdio_driver); 1254 1255 module_param(enable_autosuspend, bool, 0644); 1256 MODULE_PARM_DESC(enable_autosuspend, "Enable autosuspend by default"); 1257 1258 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1259 MODULE_DESCRIPTION("MediaTek Bluetooth SDIO driver ver " VERSION); 1260 MODULE_VERSION(VERSION); 1261 MODULE_LICENSE("GPL"); 1262