1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  FM Driver for Connectivity chip of Texas Instruments.
4  *
5  *  This sub-module of FM driver is common for FM RX and TX
6  *  functionality. This module is responsible for:
7  *  1) Forming group of Channel-8 commands to perform particular
8  *     functionality (eg., frequency set require more than
9  *     one Channel-8 command to be sent to the chip).
10  *  2) Sending each Channel-8 command to the chip and reading
11  *     response back over Shared Transport.
12  *  3) Managing TX and RX Queues and Tasklets.
13  *  4) Handling FM Interrupt packet and taking appropriate action.
14  *  5) Loading FM firmware to the chip (common, FM TX, and FM RX
15  *     firmware files based on mode selection)
16  *
17  *  Copyright (C) 2011 Texas Instruments
18  *  Author: Raja Mani <raja_mani@ti.com>
19  *  Author: Manjunatha Halli <manjunatha_halli@ti.com>
20  */
21 
22 #include <linux/delay.h>
23 #include <linux/firmware.h>
24 #include <linux/module.h>
25 #include <linux/nospec.h>
26 
27 #include "fmdrv.h"
28 #include "fmdrv_v4l2.h"
29 #include "fmdrv_common.h"
30 #include <linux/ti_wilink_st.h>
31 #include "fmdrv_rx.h"
32 #include "fmdrv_tx.h"
33 
34 /* Region info */
35 static struct region_info region_configs[] = {
36 	/* Europe/US */
37 	{
38 	 .chanl_space = FM_CHANNEL_SPACING_200KHZ * FM_FREQ_MUL,
39 	 .bot_freq = 87500,	/* 87.5 MHz */
40 	 .top_freq = 108000,	/* 108 MHz */
41 	 .fm_band = 0,
42 	 },
43 	/* Japan */
44 	{
45 	 .chanl_space = FM_CHANNEL_SPACING_200KHZ * FM_FREQ_MUL,
46 	 .bot_freq = 76000,	/* 76 MHz */
47 	 .top_freq = 90000,	/* 90 MHz */
48 	 .fm_band = 1,
49 	 },
50 };
51 
52 /* Band selection */
53 static u8 default_radio_region;	/* Europe/US */
54 module_param(default_radio_region, byte, 0);
55 MODULE_PARM_DESC(default_radio_region, "Region: 0=Europe/US, 1=Japan");
56 
57 /* RDS buffer blocks */
58 static u32 default_rds_buf = 300;
59 module_param(default_rds_buf, uint, 0444);
60 MODULE_PARM_DESC(default_rds_buf, "RDS buffer entries");
61 
62 /* Radio Nr */
63 static u32 radio_nr = -1;
64 module_param(radio_nr, int, 0444);
65 MODULE_PARM_DESC(radio_nr, "Radio Nr");
66 
67 /* FM irq handlers forward declaration */
68 static void fm_irq_send_flag_getcmd(struct fmdev *);
69 static void fm_irq_handle_flag_getcmd_resp(struct fmdev *);
70 static void fm_irq_handle_hw_malfunction(struct fmdev *);
71 static void fm_irq_handle_rds_start(struct fmdev *);
72 static void fm_irq_send_rdsdata_getcmd(struct fmdev *);
73 static void fm_irq_handle_rdsdata_getcmd_resp(struct fmdev *);
74 static void fm_irq_handle_rds_finish(struct fmdev *);
75 static void fm_irq_handle_tune_op_ended(struct fmdev *);
76 static void fm_irq_handle_power_enb(struct fmdev *);
77 static void fm_irq_handle_low_rssi_start(struct fmdev *);
78 static void fm_irq_afjump_set_pi(struct fmdev *);
79 static void fm_irq_handle_set_pi_resp(struct fmdev *);
80 static void fm_irq_afjump_set_pimask(struct fmdev *);
81 static void fm_irq_handle_set_pimask_resp(struct fmdev *);
82 static void fm_irq_afjump_setfreq(struct fmdev *);
83 static void fm_irq_handle_setfreq_resp(struct fmdev *);
84 static void fm_irq_afjump_enableint(struct fmdev *);
85 static void fm_irq_afjump_enableint_resp(struct fmdev *);
86 static void fm_irq_start_afjump(struct fmdev *);
87 static void fm_irq_handle_start_afjump_resp(struct fmdev *);
88 static void fm_irq_afjump_rd_freq(struct fmdev *);
89 static void fm_irq_afjump_rd_freq_resp(struct fmdev *);
90 static void fm_irq_handle_low_rssi_finish(struct fmdev *);
91 static void fm_irq_send_intmsk_cmd(struct fmdev *);
92 static void fm_irq_handle_intmsk_cmd_resp(struct fmdev *);
93 
94 /*
95  * When FM common module receives interrupt packet, following handlers
96  * will be executed one after another to service the interrupt(s)
97  */
98 enum fmc_irq_handler_index {
99 	FM_SEND_FLAG_GETCMD_IDX,
100 	FM_HANDLE_FLAG_GETCMD_RESP_IDX,
101 
102 	/* HW malfunction irq handler */
103 	FM_HW_MAL_FUNC_IDX,
104 
105 	/* RDS threshold reached irq handler */
106 	FM_RDS_START_IDX,
107 	FM_RDS_SEND_RDS_GETCMD_IDX,
108 	FM_RDS_HANDLE_RDS_GETCMD_RESP_IDX,
109 	FM_RDS_FINISH_IDX,
110 
111 	/* Tune operation ended irq handler */
112 	FM_HW_TUNE_OP_ENDED_IDX,
113 
114 	/* TX power enable irq handler */
115 	FM_HW_POWER_ENB_IDX,
116 
117 	/* Low RSSI irq handler */
118 	FM_LOW_RSSI_START_IDX,
119 	FM_AF_JUMP_SETPI_IDX,
120 	FM_AF_JUMP_HANDLE_SETPI_RESP_IDX,
121 	FM_AF_JUMP_SETPI_MASK_IDX,
122 	FM_AF_JUMP_HANDLE_SETPI_MASK_RESP_IDX,
123 	FM_AF_JUMP_SET_AF_FREQ_IDX,
124 	FM_AF_JUMP_HANDLE_SET_AFFREQ_RESP_IDX,
125 	FM_AF_JUMP_ENABLE_INT_IDX,
126 	FM_AF_JUMP_ENABLE_INT_RESP_IDX,
127 	FM_AF_JUMP_START_AFJUMP_IDX,
128 	FM_AF_JUMP_HANDLE_START_AFJUMP_RESP_IDX,
129 	FM_AF_JUMP_RD_FREQ_IDX,
130 	FM_AF_JUMP_RD_FREQ_RESP_IDX,
131 	FM_LOW_RSSI_FINISH_IDX,
132 
133 	/* Interrupt process post action */
134 	FM_SEND_INTMSK_CMD_IDX,
135 	FM_HANDLE_INTMSK_CMD_RESP_IDX,
136 };
137 
138 /* FM interrupt handler table */
139 static int_handler_prototype int_handler_table[] = {
140 	fm_irq_send_flag_getcmd,
141 	fm_irq_handle_flag_getcmd_resp,
142 	fm_irq_handle_hw_malfunction,
143 	fm_irq_handle_rds_start, /* RDS threshold reached irq handler */
144 	fm_irq_send_rdsdata_getcmd,
145 	fm_irq_handle_rdsdata_getcmd_resp,
146 	fm_irq_handle_rds_finish,
147 	fm_irq_handle_tune_op_ended,
148 	fm_irq_handle_power_enb, /* TX power enable irq handler */
149 	fm_irq_handle_low_rssi_start,
150 	fm_irq_afjump_set_pi,
151 	fm_irq_handle_set_pi_resp,
152 	fm_irq_afjump_set_pimask,
153 	fm_irq_handle_set_pimask_resp,
154 	fm_irq_afjump_setfreq,
155 	fm_irq_handle_setfreq_resp,
156 	fm_irq_afjump_enableint,
157 	fm_irq_afjump_enableint_resp,
158 	fm_irq_start_afjump,
159 	fm_irq_handle_start_afjump_resp,
160 	fm_irq_afjump_rd_freq,
161 	fm_irq_afjump_rd_freq_resp,
162 	fm_irq_handle_low_rssi_finish,
163 	fm_irq_send_intmsk_cmd, /* Interrupt process post action */
164 	fm_irq_handle_intmsk_cmd_resp
165 };
166 
167 static long (*g_st_write) (struct sk_buff *skb);
168 static struct completion wait_for_fmdrv_reg_comp;
169 
170 static inline void fm_irq_call(struct fmdev *fmdev)
171 {
172 	fmdev->irq_info.handlers[fmdev->irq_info.stage](fmdev);
173 }
174 
175 /* Continue next function in interrupt handler table */
176 static inline void fm_irq_call_stage(struct fmdev *fmdev, u8 stage)
177 {
178 	fmdev->irq_info.stage = stage;
179 	fm_irq_call(fmdev);
180 }
181 
182 static inline void fm_irq_timeout_stage(struct fmdev *fmdev, u8 stage)
183 {
184 	fmdev->irq_info.stage = stage;
185 	mod_timer(&fmdev->irq_info.timer, jiffies + FM_DRV_TX_TIMEOUT);
186 }
187 
188 #ifdef FM_DUMP_TXRX_PKT
189  /* To dump outgoing FM Channel-8 packets */
190 inline void dump_tx_skb_data(struct sk_buff *skb)
191 {
192 	int len, len_org;
193 	u8 index;
194 	struct fm_cmd_msg_hdr *cmd_hdr;
195 
196 	cmd_hdr = (struct fm_cmd_msg_hdr *)skb->data;
197 	printk(KERN_INFO "<<%shdr:%02x len:%02x opcode:%02x type:%s dlen:%02x",
198 	       fm_cb(skb)->completion ? " " : "*", cmd_hdr->hdr,
199 	       cmd_hdr->len, cmd_hdr->op,
200 	       cmd_hdr->rd_wr ? "RD" : "WR", cmd_hdr->dlen);
201 
202 	len_org = skb->len - FM_CMD_MSG_HDR_SIZE;
203 	if (len_org > 0) {
204 		printk(KERN_CONT "\n   data(%d): ", cmd_hdr->dlen);
205 		len = min(len_org, 14);
206 		for (index = 0; index < len; index++)
207 			printk(KERN_CONT "%x ",
208 			       skb->data[FM_CMD_MSG_HDR_SIZE + index]);
209 		printk(KERN_CONT "%s", (len_org > 14) ? ".." : "");
210 	}
211 	printk(KERN_CONT "\n");
212 }
213 
214  /* To dump incoming FM Channel-8 packets */
215 inline void dump_rx_skb_data(struct sk_buff *skb)
216 {
217 	int len, len_org;
218 	u8 index;
219 	struct fm_event_msg_hdr *evt_hdr;
220 
221 	evt_hdr = (struct fm_event_msg_hdr *)skb->data;
222 	printk(KERN_INFO ">> hdr:%02x len:%02x sts:%02x numhci:%02x opcode:%02x type:%s dlen:%02x",
223 	       evt_hdr->hdr, evt_hdr->len,
224 	       evt_hdr->status, evt_hdr->num_fm_hci_cmds, evt_hdr->op,
225 	       (evt_hdr->rd_wr) ? "RD" : "WR", evt_hdr->dlen);
226 
227 	len_org = skb->len - FM_EVT_MSG_HDR_SIZE;
228 	if (len_org > 0) {
229 		printk(KERN_CONT "\n   data(%d): ", evt_hdr->dlen);
230 		len = min(len_org, 14);
231 		for (index = 0; index < len; index++)
232 			printk(KERN_CONT "%x ",
233 			       skb->data[FM_EVT_MSG_HDR_SIZE + index]);
234 		printk(KERN_CONT "%s", (len_org > 14) ? ".." : "");
235 	}
236 	printk(KERN_CONT "\n");
237 }
238 #endif
239 
240 void fmc_update_region_info(struct fmdev *fmdev, u8 region_to_set)
241 {
242 	fmdev->rx.region = region_configs[region_to_set];
243 }
244 
245 /*
246  * FM common sub-module will schedule this tasklet whenever it receives
247  * FM packet from ST driver.
248  */
249 static void recv_tasklet(struct tasklet_struct *t)
250 {
251 	struct fmdev *fmdev;
252 	struct fm_irq *irq_info;
253 	struct fm_event_msg_hdr *evt_hdr;
254 	struct sk_buff *skb;
255 	u8 num_fm_hci_cmds;
256 	unsigned long flags;
257 
258 	fmdev = from_tasklet(fmdev, t, tx_task);
259 	irq_info = &fmdev->irq_info;
260 	/* Process all packets in the RX queue */
261 	while ((skb = skb_dequeue(&fmdev->rx_q))) {
262 		if (skb->len < sizeof(struct fm_event_msg_hdr)) {
263 			fmerr("skb(%p) has only %d bytes, at least need %zu bytes to decode\n",
264 			      skb,
265 			      skb->len, sizeof(struct fm_event_msg_hdr));
266 			kfree_skb(skb);
267 			continue;
268 		}
269 
270 		evt_hdr = (void *)skb->data;
271 		num_fm_hci_cmds = evt_hdr->num_fm_hci_cmds;
272 
273 		/* FM interrupt packet? */
274 		if (evt_hdr->op == FM_INTERRUPT) {
275 			/* FM interrupt handler started already? */
276 			if (!test_bit(FM_INTTASK_RUNNING, &fmdev->flag)) {
277 				set_bit(FM_INTTASK_RUNNING, &fmdev->flag);
278 				if (irq_info->stage != 0) {
279 					fmerr("Inval stage resetting to zero\n");
280 					irq_info->stage = 0;
281 				}
282 
283 				/*
284 				 * Execute first function in interrupt handler
285 				 * table.
286 				 */
287 				irq_info->handlers[irq_info->stage](fmdev);
288 			} else {
289 				set_bit(FM_INTTASK_SCHEDULE_PENDING, &fmdev->flag);
290 			}
291 			kfree_skb(skb);
292 		}
293 		/* Anyone waiting for this with completion handler? */
294 		else if (evt_hdr->op == fmdev->pre_op && fmdev->resp_comp != NULL) {
295 
296 			spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
297 			fmdev->resp_skb = skb;
298 			spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
299 			complete(fmdev->resp_comp);
300 
301 			fmdev->resp_comp = NULL;
302 			atomic_set(&fmdev->tx_cnt, 1);
303 		}
304 		/* Is this for interrupt handler? */
305 		else if (evt_hdr->op == fmdev->pre_op && fmdev->resp_comp == NULL) {
306 			if (fmdev->resp_skb != NULL)
307 				fmerr("Response SKB ptr not NULL\n");
308 
309 			spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
310 			fmdev->resp_skb = skb;
311 			spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
312 
313 			/* Execute interrupt handler where state index points */
314 			irq_info->handlers[irq_info->stage](fmdev);
315 
316 			kfree_skb(skb);
317 			atomic_set(&fmdev->tx_cnt, 1);
318 		} else {
319 			fmerr("Nobody claimed SKB(%p),purging\n", skb);
320 		}
321 
322 		/*
323 		 * Check flow control field. If Num_FM_HCI_Commands field is
324 		 * not zero, schedule FM TX tasklet.
325 		 */
326 		if (num_fm_hci_cmds && atomic_read(&fmdev->tx_cnt))
327 			if (!skb_queue_empty(&fmdev->tx_q))
328 				tasklet_schedule(&fmdev->tx_task);
329 	}
330 }
331 
332 /* FM send tasklet: is scheduled when FM packet has to be sent to chip */
333 static void send_tasklet(struct tasklet_struct *t)
334 {
335 	struct fmdev *fmdev;
336 	struct sk_buff *skb;
337 	int len;
338 
339 	fmdev = from_tasklet(fmdev, t, tx_task);
340 
341 	if (!atomic_read(&fmdev->tx_cnt))
342 		return;
343 
344 	/* Check, is there any timeout happened to last transmitted packet */
345 	if ((jiffies - fmdev->last_tx_jiffies) > FM_DRV_TX_TIMEOUT) {
346 		fmerr("TX timeout occurred\n");
347 		atomic_set(&fmdev->tx_cnt, 1);
348 	}
349 
350 	/* Send queued FM TX packets */
351 	skb = skb_dequeue(&fmdev->tx_q);
352 	if (!skb)
353 		return;
354 
355 	atomic_dec(&fmdev->tx_cnt);
356 	fmdev->pre_op = fm_cb(skb)->fm_op;
357 
358 	if (fmdev->resp_comp != NULL)
359 		fmerr("Response completion handler is not NULL\n");
360 
361 	fmdev->resp_comp = fm_cb(skb)->completion;
362 
363 	/* Write FM packet to ST driver */
364 	len = g_st_write(skb);
365 	if (len < 0) {
366 		kfree_skb(skb);
367 		fmdev->resp_comp = NULL;
368 		fmerr("TX tasklet failed to send skb(%p)\n", skb);
369 		atomic_set(&fmdev->tx_cnt, 1);
370 	} else {
371 		fmdev->last_tx_jiffies = jiffies;
372 	}
373 }
374 
375 /*
376  * Queues FM Channel-8 packet to FM TX queue and schedules FM TX tasklet for
377  * transmission
378  */
379 static int fm_send_cmd(struct fmdev *fmdev, u8 fm_op, u16 type,	void *payload,
380 		int payload_len, struct completion *wait_completion)
381 {
382 	struct sk_buff *skb;
383 	struct fm_cmd_msg_hdr *hdr;
384 	int size;
385 
386 	if (fm_op >= FM_INTERRUPT) {
387 		fmerr("Invalid fm opcode - %d\n", fm_op);
388 		return -EINVAL;
389 	}
390 	if (test_bit(FM_FW_DW_INPROGRESS, &fmdev->flag) && payload == NULL) {
391 		fmerr("Payload data is NULL during fw download\n");
392 		return -EINVAL;
393 	}
394 	if (!test_bit(FM_FW_DW_INPROGRESS, &fmdev->flag))
395 		size =
396 		    FM_CMD_MSG_HDR_SIZE + ((payload == NULL) ? 0 : payload_len);
397 	else
398 		size = payload_len;
399 
400 	skb = alloc_skb(size, GFP_ATOMIC);
401 	if (!skb) {
402 		fmerr("No memory to create new SKB\n");
403 		return -ENOMEM;
404 	}
405 	/*
406 	 * Don't fill FM header info for the commands which come from
407 	 * FM firmware file.
408 	 */
409 	if (!test_bit(FM_FW_DW_INPROGRESS, &fmdev->flag) ||
410 			test_bit(FM_INTTASK_RUNNING, &fmdev->flag)) {
411 		/* Fill command header info */
412 		hdr = skb_put(skb, FM_CMD_MSG_HDR_SIZE);
413 		hdr->hdr = FM_PKT_LOGICAL_CHAN_NUMBER;	/* 0x08 */
414 
415 		/* 3 (fm_opcode,rd_wr,dlen) + payload len) */
416 		hdr->len = ((payload == NULL) ? 0 : payload_len) + 3;
417 
418 		/* FM opcode */
419 		hdr->op = fm_op;
420 
421 		/* read/write type */
422 		hdr->rd_wr = type;
423 		hdr->dlen = payload_len;
424 		fm_cb(skb)->fm_op = fm_op;
425 
426 		/*
427 		 * If firmware download has finished and the command is
428 		 * not a read command then payload is != NULL - a write
429 		 * command with u16 payload - convert to be16
430 		 */
431 		if (payload != NULL)
432 			*(__be16 *)payload = cpu_to_be16(*(u16 *)payload);
433 
434 	} else if (payload != NULL) {
435 		fm_cb(skb)->fm_op = *((u8 *)payload + 2);
436 	}
437 	if (payload != NULL)
438 		skb_put_data(skb, payload, payload_len);
439 
440 	fm_cb(skb)->completion = wait_completion;
441 	skb_queue_tail(&fmdev->tx_q, skb);
442 	tasklet_schedule(&fmdev->tx_task);
443 
444 	return 0;
445 }
446 
447 /* Sends FM Channel-8 command to the chip and waits for the response */
448 int fmc_send_cmd(struct fmdev *fmdev, u8 fm_op, u16 type, void *payload,
449 		unsigned int payload_len, void *response, int *response_len)
450 {
451 	struct sk_buff *skb;
452 	struct fm_event_msg_hdr *evt_hdr;
453 	unsigned long flags;
454 	int ret;
455 
456 	init_completion(&fmdev->maintask_comp);
457 	ret = fm_send_cmd(fmdev, fm_op, type, payload, payload_len,
458 			    &fmdev->maintask_comp);
459 	if (ret)
460 		return ret;
461 
462 	if (!wait_for_completion_timeout(&fmdev->maintask_comp,
463 					 FM_DRV_TX_TIMEOUT)) {
464 		fmerr("Timeout(%d sec),didn't get regcompletion signal from RX tasklet\n",
465 			   jiffies_to_msecs(FM_DRV_TX_TIMEOUT) / 1000);
466 		return -ETIMEDOUT;
467 	}
468 	if (!fmdev->resp_skb) {
469 		fmerr("Response SKB is missing\n");
470 		return -EFAULT;
471 	}
472 	spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
473 	skb = fmdev->resp_skb;
474 	fmdev->resp_skb = NULL;
475 	spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
476 
477 	evt_hdr = (void *)skb->data;
478 	if (evt_hdr->status != 0) {
479 		fmerr("Received event pkt status(%d) is not zero\n",
480 			   evt_hdr->status);
481 		kfree_skb(skb);
482 		return -EIO;
483 	}
484 	/* Send response data to caller */
485 	if (response != NULL && response_len != NULL && evt_hdr->dlen &&
486 	    evt_hdr->dlen <= payload_len) {
487 		/* Skip header info and copy only response data */
488 		skb_pull(skb, sizeof(struct fm_event_msg_hdr));
489 		memcpy(response, skb->data, evt_hdr->dlen);
490 		*response_len = evt_hdr->dlen;
491 	} else if (response_len != NULL && evt_hdr->dlen == 0) {
492 		*response_len = 0;
493 	}
494 	kfree_skb(skb);
495 
496 	return 0;
497 }
498 
499 /* --- Helper functions used in FM interrupt handlers ---*/
500 static inline int check_cmdresp_status(struct fmdev *fmdev,
501 		struct sk_buff **skb)
502 {
503 	struct fm_event_msg_hdr *fm_evt_hdr;
504 	unsigned long flags;
505 
506 	del_timer(&fmdev->irq_info.timer);
507 
508 	spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
509 	*skb = fmdev->resp_skb;
510 	fmdev->resp_skb = NULL;
511 	spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
512 
513 	fm_evt_hdr = (void *)(*skb)->data;
514 	if (fm_evt_hdr->status != 0) {
515 		fmerr("irq: opcode %x response status is not zero Initiating irq recovery process\n",
516 				fm_evt_hdr->op);
517 
518 		mod_timer(&fmdev->irq_info.timer, jiffies + FM_DRV_TX_TIMEOUT);
519 		return -1;
520 	}
521 
522 	return 0;
523 }
524 
525 static inline void fm_irq_common_cmd_resp_helper(struct fmdev *fmdev, u8 stage)
526 {
527 	struct sk_buff *skb;
528 
529 	if (!check_cmdresp_status(fmdev, &skb))
530 		fm_irq_call_stage(fmdev, stage);
531 }
532 
533 /*
534  * Interrupt process timeout handler.
535  * One of the irq handler did not get proper response from the chip. So take
536  * recovery action here. FM interrupts are disabled in the beginning of
537  * interrupt process. Therefore reset stage index to re-enable default
538  * interrupts. So that next interrupt will be processed as usual.
539  */
540 static void int_timeout_handler(struct timer_list *t)
541 {
542 	struct fmdev *fmdev;
543 	struct fm_irq *fmirq;
544 
545 	fmdbg("irq: timeout,trying to re-enable fm interrupts\n");
546 	fmdev = from_timer(fmdev, t, irq_info.timer);
547 	fmirq = &fmdev->irq_info;
548 	fmirq->retry++;
549 
550 	if (fmirq->retry > FM_IRQ_TIMEOUT_RETRY_MAX) {
551 		/* Stop recovery action (interrupt reenable process) and
552 		 * reset stage index & retry count values */
553 		fmirq->stage = 0;
554 		fmirq->retry = 0;
555 		fmerr("Recovery action failed duringirq processing, max retry reached\n");
556 		return;
557 	}
558 	fm_irq_call_stage(fmdev, FM_SEND_INTMSK_CMD_IDX);
559 }
560 
561 /* --------- FM interrupt handlers ------------*/
562 static void fm_irq_send_flag_getcmd(struct fmdev *fmdev)
563 {
564 	u16 flag;
565 
566 	/* Send FLAG_GET command , to know the source of interrupt */
567 	if (!fm_send_cmd(fmdev, FLAG_GET, REG_RD, NULL, sizeof(flag), NULL))
568 		fm_irq_timeout_stage(fmdev, FM_HANDLE_FLAG_GETCMD_RESP_IDX);
569 }
570 
571 static void fm_irq_handle_flag_getcmd_resp(struct fmdev *fmdev)
572 {
573 	struct sk_buff *skb;
574 	struct fm_event_msg_hdr *fm_evt_hdr;
575 
576 	if (check_cmdresp_status(fmdev, &skb))
577 		return;
578 
579 	fm_evt_hdr = (void *)skb->data;
580 	if (fm_evt_hdr->dlen > sizeof(fmdev->irq_info.flag))
581 		return;
582 
583 	/* Skip header info and copy only response data */
584 	skb_pull(skb, sizeof(struct fm_event_msg_hdr));
585 	memcpy(&fmdev->irq_info.flag, skb->data, fm_evt_hdr->dlen);
586 
587 	fmdev->irq_info.flag = be16_to_cpu((__force __be16)fmdev->irq_info.flag);
588 	fmdbg("irq: flag register(0x%x)\n", fmdev->irq_info.flag);
589 
590 	/* Continue next function in interrupt handler table */
591 	fm_irq_call_stage(fmdev, FM_HW_MAL_FUNC_IDX);
592 }
593 
594 static void fm_irq_handle_hw_malfunction(struct fmdev *fmdev)
595 {
596 	if (fmdev->irq_info.flag & FM_MAL_EVENT & fmdev->irq_info.mask)
597 		fmerr("irq: HW MAL int received - do nothing\n");
598 
599 	/* Continue next function in interrupt handler table */
600 	fm_irq_call_stage(fmdev, FM_RDS_START_IDX);
601 }
602 
603 static void fm_irq_handle_rds_start(struct fmdev *fmdev)
604 {
605 	if (fmdev->irq_info.flag & FM_RDS_EVENT & fmdev->irq_info.mask) {
606 		fmdbg("irq: rds threshold reached\n");
607 		fmdev->irq_info.stage = FM_RDS_SEND_RDS_GETCMD_IDX;
608 	} else {
609 		/* Continue next function in interrupt handler table */
610 		fmdev->irq_info.stage = FM_HW_TUNE_OP_ENDED_IDX;
611 	}
612 
613 	fm_irq_call(fmdev);
614 }
615 
616 static void fm_irq_send_rdsdata_getcmd(struct fmdev *fmdev)
617 {
618 	/* Send the command to read RDS data from the chip */
619 	if (!fm_send_cmd(fmdev, RDS_DATA_GET, REG_RD, NULL,
620 			    (FM_RX_RDS_FIFO_THRESHOLD * 3), NULL))
621 		fm_irq_timeout_stage(fmdev, FM_RDS_HANDLE_RDS_GETCMD_RESP_IDX);
622 }
623 
624 /* Keeps track of current RX channel AF (Alternate Frequency) */
625 static void fm_rx_update_af_cache(struct fmdev *fmdev, u8 af)
626 {
627 	struct tuned_station_info *stat_info = &fmdev->rx.stat_info;
628 	u8 reg_idx = fmdev->rx.region.fm_band;
629 	u8 index;
630 	u32 freq;
631 
632 	/* First AF indicates the number of AF follows. Reset the list */
633 	if ((af >= FM_RDS_1_AF_FOLLOWS) && (af <= FM_RDS_25_AF_FOLLOWS)) {
634 		fmdev->rx.stat_info.af_list_max = (af - FM_RDS_1_AF_FOLLOWS + 1);
635 		fmdev->rx.stat_info.afcache_size = 0;
636 		fmdbg("No of expected AF : %d\n", fmdev->rx.stat_info.af_list_max);
637 		return;
638 	}
639 
640 	if (af < FM_RDS_MIN_AF)
641 		return;
642 	if (reg_idx == FM_BAND_EUROPE_US && af > FM_RDS_MAX_AF)
643 		return;
644 	if (reg_idx == FM_BAND_JAPAN && af > FM_RDS_MAX_AF_JAPAN)
645 		return;
646 
647 	freq = fmdev->rx.region.bot_freq + (af * 100);
648 	if (freq == fmdev->rx.freq) {
649 		fmdbg("Current freq(%d) is matching with received AF(%d)\n",
650 				fmdev->rx.freq, freq);
651 		return;
652 	}
653 	/* Do check in AF cache */
654 	for (index = 0; index < stat_info->afcache_size; index++) {
655 		if (stat_info->af_cache[index] == freq)
656 			break;
657 	}
658 	/* Reached the limit of the list - ignore the next AF */
659 	if (index == stat_info->af_list_max) {
660 		fmdbg("AF cache is full\n");
661 		return;
662 	}
663 	/*
664 	 * If we reached the end of the list then this AF is not
665 	 * in the list - add it.
666 	 */
667 	if (index == stat_info->afcache_size) {
668 		fmdbg("Storing AF %d to cache index %d\n", freq, index);
669 		stat_info->af_cache[index] = freq;
670 		stat_info->afcache_size++;
671 	}
672 }
673 
674 /*
675  * Converts RDS buffer data from big endian format
676  * to little endian format.
677  */
678 static void fm_rdsparse_swapbytes(struct fmdev *fmdev,
679 		struct fm_rdsdata_format *rds_format)
680 {
681 	u8 index = 0;
682 	u8 *rds_buff;
683 
684 	/*
685 	 * Since in Orca the 2 RDS Data bytes are in little endian and
686 	 * in Dolphin they are in big endian, the parsing of the RDS data
687 	 * is chip dependent
688 	 */
689 	if (fmdev->asci_id != 0x6350) {
690 		rds_buff = &rds_format->data.groupdatabuff.buff[0];
691 		while (index + 1 < FM_RX_RDS_INFO_FIELD_MAX) {
692 			swap(rds_buff[index], rds_buff[index + 1]);
693 			index += 2;
694 		}
695 	}
696 }
697 
698 static void fm_irq_handle_rdsdata_getcmd_resp(struct fmdev *fmdev)
699 {
700 	struct sk_buff *skb;
701 	struct fm_rdsdata_format rds_fmt;
702 	struct fm_rds *rds = &fmdev->rx.rds;
703 	unsigned long group_idx, flags;
704 	u8 *rds_data, meta_data, tmpbuf[FM_RDS_BLK_SIZE];
705 	u8 type, blk_idx, idx;
706 	u16 cur_picode;
707 	u32 rds_len;
708 
709 	if (check_cmdresp_status(fmdev, &skb))
710 		return;
711 
712 	/* Skip header info */
713 	skb_pull(skb, sizeof(struct fm_event_msg_hdr));
714 	rds_data = skb->data;
715 	rds_len = skb->len;
716 
717 	/* Parse the RDS data */
718 	while (rds_len >= FM_RDS_BLK_SIZE) {
719 		meta_data = rds_data[2];
720 		/* Get the type: 0=A, 1=B, 2=C, 3=C', 4=D, 5=E */
721 		type = (meta_data & 0x07);
722 
723 		/* Transform the blk type into index sequence (0, 1, 2, 3, 4) */
724 		blk_idx = (type <= FM_RDS_BLOCK_C ? type : (type - 1));
725 		fmdbg("Block index:%d(%s)\n", blk_idx,
726 			   (meta_data & FM_RDS_STATUS_ERR_MASK) ? "Bad" : "Ok");
727 
728 		if ((meta_data & FM_RDS_STATUS_ERR_MASK) != 0)
729 			break;
730 
731 		if (blk_idx > FM_RDS_BLK_IDX_D) {
732 			fmdbg("Block sequence mismatch\n");
733 			rds->last_blk_idx = -1;
734 			break;
735 		}
736 
737 		/* Skip checkword (control) byte and copy only data byte */
738 		idx = array_index_nospec(blk_idx * (FM_RDS_BLK_SIZE - 1),
739 					 FM_RX_RDS_INFO_FIELD_MAX - (FM_RDS_BLK_SIZE - 1));
740 
741 		memcpy(&rds_fmt.data.groupdatabuff.buff[idx], rds_data,
742 		       FM_RDS_BLK_SIZE - 1);
743 
744 		rds->last_blk_idx = blk_idx;
745 
746 		/* If completed a whole group then handle it */
747 		if (blk_idx == FM_RDS_BLK_IDX_D) {
748 			fmdbg("Good block received\n");
749 			fm_rdsparse_swapbytes(fmdev, &rds_fmt);
750 
751 			/*
752 			 * Extract PI code and store in local cache.
753 			 * We need this during AF switch processing.
754 			 */
755 			cur_picode = be16_to_cpu((__force __be16)rds_fmt.data.groupgeneral.pidata);
756 			if (fmdev->rx.stat_info.picode != cur_picode)
757 				fmdev->rx.stat_info.picode = cur_picode;
758 
759 			fmdbg("picode:%d\n", cur_picode);
760 
761 			group_idx = (rds_fmt.data.groupgeneral.blk_b[0] >> 3);
762 			fmdbg("(fmdrv):Group:%ld%s\n", group_idx/2,
763 					(group_idx % 2) ? "B" : "A");
764 
765 			group_idx = 1 << (rds_fmt.data.groupgeneral.blk_b[0] >> 3);
766 			if (group_idx == FM_RDS_GROUP_TYPE_MASK_0A) {
767 				fm_rx_update_af_cache(fmdev, rds_fmt.data.group0A.af[0]);
768 				fm_rx_update_af_cache(fmdev, rds_fmt.data.group0A.af[1]);
769 			}
770 		}
771 		rds_len -= FM_RDS_BLK_SIZE;
772 		rds_data += FM_RDS_BLK_SIZE;
773 	}
774 
775 	/* Copy raw rds data to internal rds buffer */
776 	rds_data = skb->data;
777 	rds_len = skb->len;
778 
779 	spin_lock_irqsave(&fmdev->rds_buff_lock, flags);
780 	while (rds_len > 0) {
781 		/*
782 		 * Fill RDS buffer as per V4L2 specification.
783 		 * Store control byte
784 		 */
785 		type = (rds_data[2] & 0x07);
786 		blk_idx = (type <= FM_RDS_BLOCK_C ? type : (type - 1));
787 		tmpbuf[2] = blk_idx;	/* Offset name */
788 		tmpbuf[2] |= blk_idx << 3;	/* Received offset */
789 
790 		/* Store data byte */
791 		tmpbuf[0] = rds_data[0];
792 		tmpbuf[1] = rds_data[1];
793 
794 		memcpy(&rds->buff[rds->wr_idx], &tmpbuf, FM_RDS_BLK_SIZE);
795 		rds->wr_idx = (rds->wr_idx + FM_RDS_BLK_SIZE) % rds->buf_size;
796 
797 		/* Check for overflow & start over */
798 		if (rds->wr_idx == rds->rd_idx) {
799 			fmdbg("RDS buffer overflow\n");
800 			rds->wr_idx = 0;
801 			rds->rd_idx = 0;
802 			break;
803 		}
804 		rds_len -= FM_RDS_BLK_SIZE;
805 		rds_data += FM_RDS_BLK_SIZE;
806 	}
807 	spin_unlock_irqrestore(&fmdev->rds_buff_lock, flags);
808 
809 	/* Wakeup read queue */
810 	if (rds->wr_idx != rds->rd_idx)
811 		wake_up_interruptible(&rds->read_queue);
812 
813 	fm_irq_call_stage(fmdev, FM_RDS_FINISH_IDX);
814 }
815 
816 static void fm_irq_handle_rds_finish(struct fmdev *fmdev)
817 {
818 	fm_irq_call_stage(fmdev, FM_HW_TUNE_OP_ENDED_IDX);
819 }
820 
821 static void fm_irq_handle_tune_op_ended(struct fmdev *fmdev)
822 {
823 	if (fmdev->irq_info.flag & (FM_FR_EVENT | FM_BL_EVENT) & fmdev->
824 	    irq_info.mask) {
825 		fmdbg("irq: tune ended/bandlimit reached\n");
826 		if (test_and_clear_bit(FM_AF_SWITCH_INPROGRESS, &fmdev->flag)) {
827 			fmdev->irq_info.stage = FM_AF_JUMP_RD_FREQ_IDX;
828 		} else {
829 			complete(&fmdev->maintask_comp);
830 			fmdev->irq_info.stage = FM_HW_POWER_ENB_IDX;
831 		}
832 	} else
833 		fmdev->irq_info.stage = FM_HW_POWER_ENB_IDX;
834 
835 	fm_irq_call(fmdev);
836 }
837 
838 static void fm_irq_handle_power_enb(struct fmdev *fmdev)
839 {
840 	if (fmdev->irq_info.flag & FM_POW_ENB_EVENT) {
841 		fmdbg("irq: Power Enabled/Disabled\n");
842 		complete(&fmdev->maintask_comp);
843 	}
844 
845 	fm_irq_call_stage(fmdev, FM_LOW_RSSI_START_IDX);
846 }
847 
848 static void fm_irq_handle_low_rssi_start(struct fmdev *fmdev)
849 {
850 	if ((fmdev->rx.af_mode == FM_RX_RDS_AF_SWITCH_MODE_ON) &&
851 	    (fmdev->irq_info.flag & FM_LEV_EVENT & fmdev->irq_info.mask) &&
852 	    (fmdev->rx.freq != FM_UNDEFINED_FREQ) &&
853 	    (fmdev->rx.stat_info.afcache_size != 0)) {
854 		fmdbg("irq: rssi level has fallen below threshold level\n");
855 
856 		/* Disable further low RSSI interrupts */
857 		fmdev->irq_info.mask &= ~FM_LEV_EVENT;
858 
859 		fmdev->rx.afjump_idx = 0;
860 		fmdev->rx.freq_before_jump = fmdev->rx.freq;
861 		fmdev->irq_info.stage = FM_AF_JUMP_SETPI_IDX;
862 	} else {
863 		/* Continue next function in interrupt handler table */
864 		fmdev->irq_info.stage = FM_SEND_INTMSK_CMD_IDX;
865 	}
866 
867 	fm_irq_call(fmdev);
868 }
869 
870 static void fm_irq_afjump_set_pi(struct fmdev *fmdev)
871 {
872 	u16 payload;
873 
874 	/* Set PI code - must be updated if the AF list is not empty */
875 	payload = fmdev->rx.stat_info.picode;
876 	if (!fm_send_cmd(fmdev, RDS_PI_SET, REG_WR, &payload, sizeof(payload), NULL))
877 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_HANDLE_SETPI_RESP_IDX);
878 }
879 
880 static void fm_irq_handle_set_pi_resp(struct fmdev *fmdev)
881 {
882 	fm_irq_common_cmd_resp_helper(fmdev, FM_AF_JUMP_SETPI_MASK_IDX);
883 }
884 
885 /*
886  * Set PI mask.
887  * 0xFFFF = Enable PI code matching
888  * 0x0000 = Disable PI code matching
889  */
890 static void fm_irq_afjump_set_pimask(struct fmdev *fmdev)
891 {
892 	u16 payload;
893 
894 	payload = 0x0000;
895 	if (!fm_send_cmd(fmdev, RDS_PI_MASK_SET, REG_WR, &payload, sizeof(payload), NULL))
896 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_HANDLE_SETPI_MASK_RESP_IDX);
897 }
898 
899 static void fm_irq_handle_set_pimask_resp(struct fmdev *fmdev)
900 {
901 	fm_irq_common_cmd_resp_helper(fmdev, FM_AF_JUMP_SET_AF_FREQ_IDX);
902 }
903 
904 static void fm_irq_afjump_setfreq(struct fmdev *fmdev)
905 {
906 	u16 frq_index;
907 	u16 payload;
908 
909 	fmdbg("Switch to %d KHz\n", fmdev->rx.stat_info.af_cache[fmdev->rx.afjump_idx]);
910 	frq_index = (fmdev->rx.stat_info.af_cache[fmdev->rx.afjump_idx] -
911 	     fmdev->rx.region.bot_freq) / FM_FREQ_MUL;
912 
913 	payload = frq_index;
914 	if (!fm_send_cmd(fmdev, AF_FREQ_SET, REG_WR, &payload, sizeof(payload), NULL))
915 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_HANDLE_SET_AFFREQ_RESP_IDX);
916 }
917 
918 static void fm_irq_handle_setfreq_resp(struct fmdev *fmdev)
919 {
920 	fm_irq_common_cmd_resp_helper(fmdev, FM_AF_JUMP_ENABLE_INT_IDX);
921 }
922 
923 static void fm_irq_afjump_enableint(struct fmdev *fmdev)
924 {
925 	u16 payload;
926 
927 	/* Enable FR (tuning operation ended) interrupt */
928 	payload = FM_FR_EVENT;
929 	if (!fm_send_cmd(fmdev, INT_MASK_SET, REG_WR, &payload, sizeof(payload), NULL))
930 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_ENABLE_INT_RESP_IDX);
931 }
932 
933 static void fm_irq_afjump_enableint_resp(struct fmdev *fmdev)
934 {
935 	fm_irq_common_cmd_resp_helper(fmdev, FM_AF_JUMP_START_AFJUMP_IDX);
936 }
937 
938 static void fm_irq_start_afjump(struct fmdev *fmdev)
939 {
940 	u16 payload;
941 
942 	payload = FM_TUNER_AF_JUMP_MODE;
943 	if (!fm_send_cmd(fmdev, TUNER_MODE_SET, REG_WR, &payload,
944 			sizeof(payload), NULL))
945 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_HANDLE_START_AFJUMP_RESP_IDX);
946 }
947 
948 static void fm_irq_handle_start_afjump_resp(struct fmdev *fmdev)
949 {
950 	struct sk_buff *skb;
951 
952 	if (check_cmdresp_status(fmdev, &skb))
953 		return;
954 
955 	fmdev->irq_info.stage = FM_SEND_FLAG_GETCMD_IDX;
956 	set_bit(FM_AF_SWITCH_INPROGRESS, &fmdev->flag);
957 	clear_bit(FM_INTTASK_RUNNING, &fmdev->flag);
958 }
959 
960 static void fm_irq_afjump_rd_freq(struct fmdev *fmdev)
961 {
962 	u16 payload;
963 
964 	if (!fm_send_cmd(fmdev, FREQ_SET, REG_RD, NULL, sizeof(payload), NULL))
965 		fm_irq_timeout_stage(fmdev, FM_AF_JUMP_RD_FREQ_RESP_IDX);
966 }
967 
968 static void fm_irq_afjump_rd_freq_resp(struct fmdev *fmdev)
969 {
970 	struct sk_buff *skb;
971 	u16 read_freq;
972 	u32 curr_freq, jumped_freq;
973 
974 	if (check_cmdresp_status(fmdev, &skb))
975 		return;
976 
977 	/* Skip header info and copy only response data */
978 	skb_pull(skb, sizeof(struct fm_event_msg_hdr));
979 	memcpy(&read_freq, skb->data, sizeof(read_freq));
980 	read_freq = be16_to_cpu((__force __be16)read_freq);
981 	curr_freq = fmdev->rx.region.bot_freq + ((u32)read_freq * FM_FREQ_MUL);
982 
983 	jumped_freq = fmdev->rx.stat_info.af_cache[fmdev->rx.afjump_idx];
984 
985 	/* If the frequency was changed the jump succeeded */
986 	if ((curr_freq != fmdev->rx.freq_before_jump) && (curr_freq == jumped_freq)) {
987 		fmdbg("Successfully switched to alternate freq %d\n", curr_freq);
988 		fmdev->rx.freq = curr_freq;
989 		fm_rx_reset_rds_cache(fmdev);
990 
991 		/* AF feature is on, enable low level RSSI interrupt */
992 		if (fmdev->rx.af_mode == FM_RX_RDS_AF_SWITCH_MODE_ON)
993 			fmdev->irq_info.mask |= FM_LEV_EVENT;
994 
995 		fmdev->irq_info.stage = FM_LOW_RSSI_FINISH_IDX;
996 	} else {		/* jump to the next freq in the AF list */
997 		fmdev->rx.afjump_idx++;
998 
999 		/* If we reached the end of the list - stop searching */
1000 		if (fmdev->rx.afjump_idx >= fmdev->rx.stat_info.afcache_size) {
1001 			fmdbg("AF switch processing failed\n");
1002 			fmdev->irq_info.stage = FM_LOW_RSSI_FINISH_IDX;
1003 		} else {	/* AF List is not over - try next one */
1004 
1005 			fmdbg("Trying next freq in AF cache\n");
1006 			fmdev->irq_info.stage = FM_AF_JUMP_SETPI_IDX;
1007 		}
1008 	}
1009 	fm_irq_call(fmdev);
1010 }
1011 
1012 static void fm_irq_handle_low_rssi_finish(struct fmdev *fmdev)
1013 {
1014 	fm_irq_call_stage(fmdev, FM_SEND_INTMSK_CMD_IDX);
1015 }
1016 
1017 static void fm_irq_send_intmsk_cmd(struct fmdev *fmdev)
1018 {
1019 	u16 payload;
1020 
1021 	/* Re-enable FM interrupts */
1022 	payload = fmdev->irq_info.mask;
1023 
1024 	if (!fm_send_cmd(fmdev, INT_MASK_SET, REG_WR, &payload,
1025 			sizeof(payload), NULL))
1026 		fm_irq_timeout_stage(fmdev, FM_HANDLE_INTMSK_CMD_RESP_IDX);
1027 }
1028 
1029 static void fm_irq_handle_intmsk_cmd_resp(struct fmdev *fmdev)
1030 {
1031 	struct sk_buff *skb;
1032 
1033 	if (check_cmdresp_status(fmdev, &skb))
1034 		return;
1035 	/*
1036 	 * This is last function in interrupt table to be executed.
1037 	 * So, reset stage index to 0.
1038 	 */
1039 	fmdev->irq_info.stage = FM_SEND_FLAG_GETCMD_IDX;
1040 
1041 	/* Start processing any pending interrupt */
1042 	if (test_and_clear_bit(FM_INTTASK_SCHEDULE_PENDING, &fmdev->flag))
1043 		fmdev->irq_info.handlers[fmdev->irq_info.stage](fmdev);
1044 	else
1045 		clear_bit(FM_INTTASK_RUNNING, &fmdev->flag);
1046 }
1047 
1048 /* Returns availability of RDS data in internal buffer */
1049 int fmc_is_rds_data_available(struct fmdev *fmdev, struct file *file,
1050 				struct poll_table_struct *pts)
1051 {
1052 	poll_wait(file, &fmdev->rx.rds.read_queue, pts);
1053 	if (fmdev->rx.rds.rd_idx != fmdev->rx.rds.wr_idx)
1054 		return 0;
1055 
1056 	return -EAGAIN;
1057 }
1058 
1059 /* Copies RDS data from internal buffer to user buffer */
1060 int fmc_transfer_rds_from_internal_buff(struct fmdev *fmdev, struct file *file,
1061 		u8 __user *buf, size_t count)
1062 {
1063 	u32 block_count;
1064 	u8 tmpbuf[FM_RDS_BLK_SIZE];
1065 	unsigned long flags;
1066 	int ret;
1067 
1068 	if (fmdev->rx.rds.wr_idx == fmdev->rx.rds.rd_idx) {
1069 		if (file->f_flags & O_NONBLOCK)
1070 			return -EWOULDBLOCK;
1071 
1072 		ret = wait_event_interruptible(fmdev->rx.rds.read_queue,
1073 				(fmdev->rx.rds.wr_idx != fmdev->rx.rds.rd_idx));
1074 		if (ret)
1075 			return -EINTR;
1076 	}
1077 
1078 	/* Calculate block count from byte count */
1079 	count /= FM_RDS_BLK_SIZE;
1080 	block_count = 0;
1081 	ret = 0;
1082 
1083 	while (block_count < count) {
1084 		spin_lock_irqsave(&fmdev->rds_buff_lock, flags);
1085 
1086 		if (fmdev->rx.rds.wr_idx == fmdev->rx.rds.rd_idx) {
1087 			spin_unlock_irqrestore(&fmdev->rds_buff_lock, flags);
1088 			break;
1089 		}
1090 		memcpy(tmpbuf, &fmdev->rx.rds.buff[fmdev->rx.rds.rd_idx],
1091 					FM_RDS_BLK_SIZE);
1092 		fmdev->rx.rds.rd_idx += FM_RDS_BLK_SIZE;
1093 		if (fmdev->rx.rds.rd_idx >= fmdev->rx.rds.buf_size)
1094 			fmdev->rx.rds.rd_idx = 0;
1095 
1096 		spin_unlock_irqrestore(&fmdev->rds_buff_lock, flags);
1097 
1098 		if (copy_to_user(buf, tmpbuf, FM_RDS_BLK_SIZE))
1099 			break;
1100 
1101 		block_count++;
1102 		buf += FM_RDS_BLK_SIZE;
1103 		ret += FM_RDS_BLK_SIZE;
1104 	}
1105 	return ret;
1106 }
1107 
1108 int fmc_set_freq(struct fmdev *fmdev, u32 freq_to_set)
1109 {
1110 	switch (fmdev->curr_fmmode) {
1111 	case FM_MODE_RX:
1112 		return fm_rx_set_freq(fmdev, freq_to_set);
1113 
1114 	case FM_MODE_TX:
1115 		return fm_tx_set_freq(fmdev, freq_to_set);
1116 
1117 	default:
1118 		return -EINVAL;
1119 	}
1120 }
1121 
1122 int fmc_get_freq(struct fmdev *fmdev, u32 *cur_tuned_frq)
1123 {
1124 	if (fmdev->rx.freq == FM_UNDEFINED_FREQ) {
1125 		fmerr("RX frequency is not set\n");
1126 		return -EPERM;
1127 	}
1128 	if (cur_tuned_frq == NULL) {
1129 		fmerr("Invalid memory\n");
1130 		return -ENOMEM;
1131 	}
1132 
1133 	switch (fmdev->curr_fmmode) {
1134 	case FM_MODE_RX:
1135 		*cur_tuned_frq = fmdev->rx.freq;
1136 		return 0;
1137 
1138 	case FM_MODE_TX:
1139 		*cur_tuned_frq = 0;	/* TODO : Change this later */
1140 		return 0;
1141 
1142 	default:
1143 		return -EINVAL;
1144 	}
1145 
1146 }
1147 
1148 int fmc_set_region(struct fmdev *fmdev, u8 region_to_set)
1149 {
1150 	switch (fmdev->curr_fmmode) {
1151 	case FM_MODE_RX:
1152 		return fm_rx_set_region(fmdev, region_to_set);
1153 
1154 	case FM_MODE_TX:
1155 		return fm_tx_set_region(fmdev, region_to_set);
1156 
1157 	default:
1158 		return -EINVAL;
1159 	}
1160 }
1161 
1162 int fmc_set_mute_mode(struct fmdev *fmdev, u8 mute_mode_toset)
1163 {
1164 	switch (fmdev->curr_fmmode) {
1165 	case FM_MODE_RX:
1166 		return fm_rx_set_mute_mode(fmdev, mute_mode_toset);
1167 
1168 	case FM_MODE_TX:
1169 		return fm_tx_set_mute_mode(fmdev, mute_mode_toset);
1170 
1171 	default:
1172 		return -EINVAL;
1173 	}
1174 }
1175 
1176 int fmc_set_stereo_mono(struct fmdev *fmdev, u16 mode)
1177 {
1178 	switch (fmdev->curr_fmmode) {
1179 	case FM_MODE_RX:
1180 		return fm_rx_set_stereo_mono(fmdev, mode);
1181 
1182 	case FM_MODE_TX:
1183 		return fm_tx_set_stereo_mono(fmdev, mode);
1184 
1185 	default:
1186 		return -EINVAL;
1187 	}
1188 }
1189 
1190 int fmc_set_rds_mode(struct fmdev *fmdev, u8 rds_en_dis)
1191 {
1192 	switch (fmdev->curr_fmmode) {
1193 	case FM_MODE_RX:
1194 		return fm_rx_set_rds_mode(fmdev, rds_en_dis);
1195 
1196 	case FM_MODE_TX:
1197 		return fm_tx_set_rds_mode(fmdev, rds_en_dis);
1198 
1199 	default:
1200 		return -EINVAL;
1201 	}
1202 }
1203 
1204 /* Sends power off command to the chip */
1205 static int fm_power_down(struct fmdev *fmdev)
1206 {
1207 	u16 payload;
1208 	int ret;
1209 
1210 	if (!test_bit(FM_CORE_READY, &fmdev->flag)) {
1211 		fmerr("FM core is not ready\n");
1212 		return -EPERM;
1213 	}
1214 	if (fmdev->curr_fmmode == FM_MODE_OFF) {
1215 		fmdbg("FM chip is already in OFF state\n");
1216 		return 0;
1217 	}
1218 
1219 	payload = 0x0;
1220 	ret = fmc_send_cmd(fmdev, FM_POWER_MODE, REG_WR, &payload,
1221 		sizeof(payload), NULL, NULL);
1222 	if (ret < 0)
1223 		return ret;
1224 
1225 	return fmc_release(fmdev);
1226 }
1227 
1228 /* Reads init command from FM firmware file and loads to the chip */
1229 static int fm_download_firmware(struct fmdev *fmdev, const u8 *fw_name)
1230 {
1231 	const struct firmware *fw_entry;
1232 	struct bts_header *fw_header;
1233 	struct bts_action *action;
1234 	struct bts_action_delay *delay;
1235 	u8 *fw_data;
1236 	int ret, fw_len, cmd_cnt;
1237 
1238 	cmd_cnt = 0;
1239 	set_bit(FM_FW_DW_INPROGRESS, &fmdev->flag);
1240 
1241 	ret = request_firmware(&fw_entry, fw_name,
1242 				&fmdev->radio_dev->dev);
1243 	if (ret < 0) {
1244 		fmerr("Unable to read firmware(%s) content\n", fw_name);
1245 		return ret;
1246 	}
1247 	fmdbg("Firmware(%s) length : %zu bytes\n", fw_name, fw_entry->size);
1248 
1249 	fw_data = (void *)fw_entry->data;
1250 	fw_len = fw_entry->size;
1251 
1252 	fw_header = (struct bts_header *)fw_data;
1253 	if (fw_header->magic != FM_FW_FILE_HEADER_MAGIC) {
1254 		fmerr("%s not a legal TI firmware file\n", fw_name);
1255 		ret = -EINVAL;
1256 		goto rel_fw;
1257 	}
1258 	fmdbg("FW(%s) magic number : 0x%x\n", fw_name, fw_header->magic);
1259 
1260 	/* Skip file header info , we already verified it */
1261 	fw_data += sizeof(struct bts_header);
1262 	fw_len -= sizeof(struct bts_header);
1263 
1264 	while (fw_data && fw_len > 0) {
1265 		action = (struct bts_action *)fw_data;
1266 
1267 		switch (action->type) {
1268 		case ACTION_SEND_COMMAND:	/* Send */
1269 			ret = fmc_send_cmd(fmdev, 0, 0, action->data,
1270 					   action->size, NULL, NULL);
1271 			if (ret)
1272 				goto rel_fw;
1273 
1274 			cmd_cnt++;
1275 			break;
1276 
1277 		case ACTION_DELAY:	/* Delay */
1278 			delay = (struct bts_action_delay *)action->data;
1279 			mdelay(delay->msec);
1280 			break;
1281 		}
1282 
1283 		fw_data += (sizeof(struct bts_action) + (action->size));
1284 		fw_len -= (sizeof(struct bts_action) + (action->size));
1285 	}
1286 	fmdbg("Firmware commands(%d) loaded to chip\n", cmd_cnt);
1287 rel_fw:
1288 	release_firmware(fw_entry);
1289 	clear_bit(FM_FW_DW_INPROGRESS, &fmdev->flag);
1290 
1291 	return ret;
1292 }
1293 
1294 /* Loads default RX configuration to the chip */
1295 static int load_default_rx_configuration(struct fmdev *fmdev)
1296 {
1297 	int ret;
1298 
1299 	ret = fm_rx_set_volume(fmdev, FM_DEFAULT_RX_VOLUME);
1300 	if (ret < 0)
1301 		return ret;
1302 
1303 	return fm_rx_set_rssi_threshold(fmdev, FM_DEFAULT_RSSI_THRESHOLD);
1304 }
1305 
1306 /* Does FM power on sequence */
1307 static int fm_power_up(struct fmdev *fmdev, u8 mode)
1308 {
1309 	u16 payload;
1310 	__be16 asic_id = 0, asic_ver = 0;
1311 	int resp_len, ret;
1312 	u8 fw_name[50];
1313 
1314 	if (mode >= FM_MODE_ENTRY_MAX) {
1315 		fmerr("Invalid firmware download option\n");
1316 		return -EINVAL;
1317 	}
1318 
1319 	/*
1320 	 * Initialize FM common module. FM GPIO toggling is
1321 	 * taken care in Shared Transport driver.
1322 	 */
1323 	ret = fmc_prepare(fmdev);
1324 	if (ret < 0) {
1325 		fmerr("Unable to prepare FM Common\n");
1326 		return ret;
1327 	}
1328 
1329 	payload = FM_ENABLE;
1330 	if (fmc_send_cmd(fmdev, FM_POWER_MODE, REG_WR, &payload,
1331 			sizeof(payload), NULL, NULL))
1332 		goto rel;
1333 
1334 	/* Allow the chip to settle down in Channel-8 mode */
1335 	msleep(20);
1336 
1337 	if (fmc_send_cmd(fmdev, ASIC_ID_GET, REG_RD, NULL,
1338 			sizeof(asic_id), &asic_id, &resp_len))
1339 		goto rel;
1340 
1341 	if (fmc_send_cmd(fmdev, ASIC_VER_GET, REG_RD, NULL,
1342 			sizeof(asic_ver), &asic_ver, &resp_len))
1343 		goto rel;
1344 
1345 	fmdbg("ASIC ID: 0x%x , ASIC Version: %d\n",
1346 		be16_to_cpu(asic_id), be16_to_cpu(asic_ver));
1347 
1348 	sprintf(fw_name, "%s_%x.%d.bts", FM_FMC_FW_FILE_START,
1349 		be16_to_cpu(asic_id), be16_to_cpu(asic_ver));
1350 
1351 	ret = fm_download_firmware(fmdev, fw_name);
1352 	if (ret < 0) {
1353 		fmdbg("Failed to download firmware file %s\n", fw_name);
1354 		goto rel;
1355 	}
1356 	sprintf(fw_name, "%s_%x.%d.bts", (mode == FM_MODE_RX) ?
1357 			FM_RX_FW_FILE_START : FM_TX_FW_FILE_START,
1358 			be16_to_cpu(asic_id), be16_to_cpu(asic_ver));
1359 
1360 	ret = fm_download_firmware(fmdev, fw_name);
1361 	if (ret < 0) {
1362 		fmdbg("Failed to download firmware file %s\n", fw_name);
1363 		goto rel;
1364 	} else
1365 		return ret;
1366 rel:
1367 	return fmc_release(fmdev);
1368 }
1369 
1370 /* Set FM Modes(TX, RX, OFF) */
1371 int fmc_set_mode(struct fmdev *fmdev, u8 fm_mode)
1372 {
1373 	int ret = 0;
1374 
1375 	if (fm_mode >= FM_MODE_ENTRY_MAX) {
1376 		fmerr("Invalid FM mode\n");
1377 		return -EINVAL;
1378 	}
1379 	if (fmdev->curr_fmmode == fm_mode) {
1380 		fmdbg("Already fm is in mode(%d)\n", fm_mode);
1381 		return ret;
1382 	}
1383 
1384 	switch (fm_mode) {
1385 	case FM_MODE_OFF:	/* OFF Mode */
1386 		ret = fm_power_down(fmdev);
1387 		if (ret < 0) {
1388 			fmerr("Failed to set OFF mode\n");
1389 			return ret;
1390 		}
1391 		break;
1392 
1393 	case FM_MODE_TX:	/* TX Mode */
1394 	case FM_MODE_RX:	/* RX Mode */
1395 		/* Power down before switching to TX or RX mode */
1396 		if (fmdev->curr_fmmode != FM_MODE_OFF) {
1397 			ret = fm_power_down(fmdev);
1398 			if (ret < 0) {
1399 				fmerr("Failed to set OFF mode\n");
1400 				return ret;
1401 			}
1402 			msleep(30);
1403 		}
1404 		ret = fm_power_up(fmdev, fm_mode);
1405 		if (ret < 0) {
1406 			fmerr("Failed to load firmware\n");
1407 			return ret;
1408 		}
1409 	}
1410 	fmdev->curr_fmmode = fm_mode;
1411 
1412 	/* Set default configuration */
1413 	if (fmdev->curr_fmmode == FM_MODE_RX) {
1414 		fmdbg("Loading default rx configuration..\n");
1415 		ret = load_default_rx_configuration(fmdev);
1416 		if (ret < 0)
1417 			fmerr("Failed to load default values\n");
1418 	}
1419 
1420 	return ret;
1421 }
1422 
1423 /* Returns current FM mode (TX, RX, OFF) */
1424 int fmc_get_mode(struct fmdev *fmdev, u8 *fmmode)
1425 {
1426 	if (!test_bit(FM_CORE_READY, &fmdev->flag)) {
1427 		fmerr("FM core is not ready\n");
1428 		return -EPERM;
1429 	}
1430 	if (fmmode == NULL) {
1431 		fmerr("Invalid memory\n");
1432 		return -ENOMEM;
1433 	}
1434 
1435 	*fmmode = fmdev->curr_fmmode;
1436 	return 0;
1437 }
1438 
1439 /* Called by ST layer when FM packet is available */
1440 static long fm_st_receive(void *arg, struct sk_buff *skb)
1441 {
1442 	struct fmdev *fmdev;
1443 
1444 	fmdev = (struct fmdev *)arg;
1445 
1446 	if (skb == NULL) {
1447 		fmerr("Invalid SKB received from ST\n");
1448 		return -EFAULT;
1449 	}
1450 
1451 	if (skb->cb[0] != FM_PKT_LOGICAL_CHAN_NUMBER) {
1452 		fmerr("Received SKB (%p) is not FM Channel 8 pkt\n", skb);
1453 		return -EINVAL;
1454 	}
1455 
1456 	memcpy(skb_push(skb, 1), &skb->cb[0], 1);
1457 	skb_queue_tail(&fmdev->rx_q, skb);
1458 	tasklet_schedule(&fmdev->rx_task);
1459 
1460 	return 0;
1461 }
1462 
1463 /*
1464  * Called by ST layer to indicate protocol registration completion
1465  * status.
1466  */
1467 static void fm_st_reg_comp_cb(void *arg, int data)
1468 {
1469 	struct fmdev *fmdev;
1470 
1471 	fmdev = (struct fmdev *)arg;
1472 	fmdev->streg_cbdata = data;
1473 	complete(&wait_for_fmdrv_reg_comp);
1474 }
1475 
1476 /*
1477  * This function will be called from FM V4L2 open function.
1478  * Register with ST driver and initialize driver data.
1479  */
1480 int fmc_prepare(struct fmdev *fmdev)
1481 {
1482 	static struct st_proto_s fm_st_proto;
1483 	int ret;
1484 
1485 	if (test_bit(FM_CORE_READY, &fmdev->flag)) {
1486 		fmdbg("FM Core is already up\n");
1487 		return 0;
1488 	}
1489 
1490 	memset(&fm_st_proto, 0, sizeof(fm_st_proto));
1491 	fm_st_proto.recv = fm_st_receive;
1492 	fm_st_proto.match_packet = NULL;
1493 	fm_st_proto.reg_complete_cb = fm_st_reg_comp_cb;
1494 	fm_st_proto.write = NULL; /* TI ST driver will fill write pointer */
1495 	fm_st_proto.priv_data = fmdev;
1496 	fm_st_proto.chnl_id = 0x08;
1497 	fm_st_proto.max_frame_size = 0xff;
1498 	fm_st_proto.hdr_len = 1;
1499 	fm_st_proto.offset_len_in_hdr = 0;
1500 	fm_st_proto.len_size = 1;
1501 	fm_st_proto.reserve = 1;
1502 
1503 	ret = st_register(&fm_st_proto);
1504 	if (ret == -EINPROGRESS) {
1505 		init_completion(&wait_for_fmdrv_reg_comp);
1506 		fmdev->streg_cbdata = -EINPROGRESS;
1507 		fmdbg("%s waiting for ST reg completion signal\n", __func__);
1508 
1509 		if (!wait_for_completion_timeout(&wait_for_fmdrv_reg_comp,
1510 						 FM_ST_REG_TIMEOUT)) {
1511 			fmerr("Timeout(%d sec), didn't get reg completion signal from ST\n",
1512 					jiffies_to_msecs(FM_ST_REG_TIMEOUT) / 1000);
1513 			return -ETIMEDOUT;
1514 		}
1515 		if (fmdev->streg_cbdata != 0) {
1516 			fmerr("ST reg comp CB called with error status %d\n",
1517 			      fmdev->streg_cbdata);
1518 			return -EAGAIN;
1519 		}
1520 
1521 		ret = 0;
1522 	} else if (ret < 0) {
1523 		fmerr("st_register failed %d\n", ret);
1524 		return -EAGAIN;
1525 	}
1526 
1527 	if (fm_st_proto.write != NULL) {
1528 		g_st_write = fm_st_proto.write;
1529 	} else {
1530 		fmerr("Failed to get ST write func pointer\n");
1531 		ret = st_unregister(&fm_st_proto);
1532 		if (ret < 0)
1533 			fmerr("st_unregister failed %d\n", ret);
1534 		return -EAGAIN;
1535 	}
1536 
1537 	spin_lock_init(&fmdev->rds_buff_lock);
1538 	spin_lock_init(&fmdev->resp_skb_lock);
1539 
1540 	/* Initialize TX queue and TX tasklet */
1541 	skb_queue_head_init(&fmdev->tx_q);
1542 	tasklet_setup(&fmdev->tx_task, send_tasklet);
1543 
1544 	/* Initialize RX Queue and RX tasklet */
1545 	skb_queue_head_init(&fmdev->rx_q);
1546 	tasklet_setup(&fmdev->rx_task, recv_tasklet);
1547 
1548 	fmdev->irq_info.stage = 0;
1549 	atomic_set(&fmdev->tx_cnt, 1);
1550 	fmdev->resp_comp = NULL;
1551 
1552 	timer_setup(&fmdev->irq_info.timer, int_timeout_handler, 0);
1553 	/*TODO: add FM_STIC_EVENT later */
1554 	fmdev->irq_info.mask = FM_MAL_EVENT;
1555 
1556 	/* Region info */
1557 	fmdev->rx.region = region_configs[default_radio_region];
1558 
1559 	fmdev->rx.mute_mode = FM_MUTE_OFF;
1560 	fmdev->rx.rf_depend_mute = FM_RX_RF_DEPENDENT_MUTE_OFF;
1561 	fmdev->rx.rds.flag = FM_RDS_DISABLE;
1562 	fmdev->rx.freq = FM_UNDEFINED_FREQ;
1563 	fmdev->rx.rds_mode = FM_RDS_SYSTEM_RDS;
1564 	fmdev->rx.af_mode = FM_RX_RDS_AF_SWITCH_MODE_OFF;
1565 	fmdev->irq_info.retry = 0;
1566 
1567 	fm_rx_reset_rds_cache(fmdev);
1568 	init_waitqueue_head(&fmdev->rx.rds.read_queue);
1569 
1570 	fm_rx_reset_station_info(fmdev);
1571 	set_bit(FM_CORE_READY, &fmdev->flag);
1572 
1573 	return ret;
1574 }
1575 
1576 /*
1577  * This function will be called from FM V4L2 release function.
1578  * Unregister from ST driver.
1579  */
1580 int fmc_release(struct fmdev *fmdev)
1581 {
1582 	static struct st_proto_s fm_st_proto;
1583 	int ret;
1584 
1585 	if (!test_bit(FM_CORE_READY, &fmdev->flag)) {
1586 		fmdbg("FM Core is already down\n");
1587 		return 0;
1588 	}
1589 	/* Service pending read */
1590 	wake_up_interruptible(&fmdev->rx.rds.read_queue);
1591 
1592 	tasklet_kill(&fmdev->tx_task);
1593 	tasklet_kill(&fmdev->rx_task);
1594 
1595 	skb_queue_purge(&fmdev->tx_q);
1596 	skb_queue_purge(&fmdev->rx_q);
1597 
1598 	fmdev->resp_comp = NULL;
1599 	fmdev->rx.freq = 0;
1600 
1601 	memset(&fm_st_proto, 0, sizeof(fm_st_proto));
1602 	fm_st_proto.chnl_id = 0x08;
1603 
1604 	ret = st_unregister(&fm_st_proto);
1605 
1606 	if (ret < 0)
1607 		fmerr("Failed to de-register FM from ST %d\n", ret);
1608 	else
1609 		fmdbg("Successfully unregistered from ST\n");
1610 
1611 	clear_bit(FM_CORE_READY, &fmdev->flag);
1612 	return ret;
1613 }
1614 
1615 /*
1616  * Module init function. Ask FM V4L module to register video device.
1617  * Allocate memory for FM driver context and RX RDS buffer.
1618  */
1619 static int __init fm_drv_init(void)
1620 {
1621 	struct fmdev *fmdev = NULL;
1622 	int ret = -ENOMEM;
1623 
1624 	fmdbg("FM driver version %s\n", FM_DRV_VERSION);
1625 
1626 	fmdev = kzalloc(sizeof(struct fmdev), GFP_KERNEL);
1627 	if (NULL == fmdev) {
1628 		fmerr("Can't allocate operation structure memory\n");
1629 		return ret;
1630 	}
1631 	fmdev->rx.rds.buf_size = default_rds_buf * FM_RDS_BLK_SIZE;
1632 	fmdev->rx.rds.buff = kzalloc(fmdev->rx.rds.buf_size, GFP_KERNEL);
1633 	if (NULL == fmdev->rx.rds.buff) {
1634 		fmerr("Can't allocate rds ring buffer\n");
1635 		goto rel_dev;
1636 	}
1637 
1638 	ret = fm_v4l2_init_video_device(fmdev, radio_nr);
1639 	if (ret < 0)
1640 		goto rel_rdsbuf;
1641 
1642 	fmdev->irq_info.handlers = int_handler_table;
1643 	fmdev->curr_fmmode = FM_MODE_OFF;
1644 	fmdev->tx_data.pwr_lvl = FM_PWR_LVL_DEF;
1645 	fmdev->tx_data.preemph = FM_TX_PREEMPH_50US;
1646 	return ret;
1647 
1648 rel_rdsbuf:
1649 	kfree(fmdev->rx.rds.buff);
1650 rel_dev:
1651 	kfree(fmdev);
1652 
1653 	return ret;
1654 }
1655 
1656 /* Module exit function. Ask FM V4L module to unregister video device */
1657 static void __exit fm_drv_exit(void)
1658 {
1659 	struct fmdev *fmdev = NULL;
1660 
1661 	fmdev = fm_v4l2_deinit_video_device();
1662 	if (fmdev != NULL) {
1663 		kfree(fmdev->rx.rds.buff);
1664 		kfree(fmdev);
1665 	}
1666 }
1667 
1668 module_init(fm_drv_init);
1669 module_exit(fm_drv_exit);
1670 
1671 /* ------------- Module Info ------------- */
1672 MODULE_AUTHOR("Manjunatha Halli <manjunatha_halli@ti.com>");
1673 MODULE_DESCRIPTION("FM Driver for TI's Connectivity chip. " FM_DRV_VERSION);
1674 MODULE_VERSION(FM_DRV_VERSION);
1675 MODULE_LICENSE("GPL");
1676