1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2004-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2012,2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2016-2017 Erik Stromdahl <erik.stromdahl@gmail.com>
6  */
7 
8 #include <linux/module.h>
9 #include <linux/mmc/card.h>
10 #include <linux/mmc/mmc.h>
11 #include <linux/mmc/host.h>
12 #include <linux/mmc/sdio_func.h>
13 #include <linux/mmc/sdio_ids.h>
14 #include <linux/mmc/sdio.h>
15 #include <linux/mmc/sd.h>
16 #include <linux/bitfield.h>
17 #include "core.h"
18 #include "bmi.h"
19 #include "debug.h"
20 #include "hif.h"
21 #include "htc.h"
22 #include "mac.h"
23 #include "targaddrs.h"
24 #include "trace.h"
25 #include "sdio.h"
26 
27 /* inlined helper functions */
28 
29 static inline int ath10k_sdio_calc_txrx_padded_len(struct ath10k_sdio *ar_sdio,
30 						   size_t len)
31 {
32 	return __ALIGN_MASK((len), ar_sdio->mbox_info.block_mask);
33 }
34 
35 static inline enum ath10k_htc_ep_id pipe_id_to_eid(u8 pipe_id)
36 {
37 	return (enum ath10k_htc_ep_id)pipe_id;
38 }
39 
40 static inline void ath10k_sdio_mbox_free_rx_pkt(struct ath10k_sdio_rx_data *pkt)
41 {
42 	dev_kfree_skb(pkt->skb);
43 	pkt->skb = NULL;
44 	pkt->alloc_len = 0;
45 	pkt->act_len = 0;
46 	pkt->trailer_only = false;
47 }
48 
49 static inline int ath10k_sdio_mbox_alloc_rx_pkt(struct ath10k_sdio_rx_data *pkt,
50 						size_t act_len, size_t full_len,
51 						bool part_of_bundle,
52 						bool last_in_bundle)
53 {
54 	pkt->skb = dev_alloc_skb(full_len);
55 	if (!pkt->skb)
56 		return -ENOMEM;
57 
58 	pkt->act_len = act_len;
59 	pkt->alloc_len = full_len;
60 	pkt->part_of_bundle = part_of_bundle;
61 	pkt->last_in_bundle = last_in_bundle;
62 	pkt->trailer_only = false;
63 
64 	return 0;
65 }
66 
67 static inline bool is_trailer_only_msg(struct ath10k_sdio_rx_data *pkt)
68 {
69 	bool trailer_only = false;
70 	struct ath10k_htc_hdr *htc_hdr =
71 		(struct ath10k_htc_hdr *)pkt->skb->data;
72 	u16 len = __le16_to_cpu(htc_hdr->len);
73 
74 	if (len == htc_hdr->trailer_len)
75 		trailer_only = true;
76 
77 	return trailer_only;
78 }
79 
80 /* sdio/mmc functions */
81 
82 static inline void ath10k_sdio_set_cmd52_arg(u32 *arg, u8 write, u8 raw,
83 					     unsigned int address,
84 					     unsigned char val)
85 {
86 	*arg = FIELD_PREP(BIT(31), write) |
87 	       FIELD_PREP(BIT(27), raw) |
88 	       FIELD_PREP(BIT(26), 1) |
89 	       FIELD_PREP(GENMASK(25, 9), address) |
90 	       FIELD_PREP(BIT(8), 1) |
91 	       FIELD_PREP(GENMASK(7, 0), val);
92 }
93 
94 static int ath10k_sdio_func0_cmd52_wr_byte(struct mmc_card *card,
95 					   unsigned int address,
96 					   unsigned char byte)
97 {
98 	struct mmc_command io_cmd;
99 
100 	memset(&io_cmd, 0, sizeof(io_cmd));
101 	ath10k_sdio_set_cmd52_arg(&io_cmd.arg, 1, 0, address, byte);
102 	io_cmd.opcode = SD_IO_RW_DIRECT;
103 	io_cmd.flags = MMC_RSP_R5 | MMC_CMD_AC;
104 
105 	return mmc_wait_for_cmd(card->host, &io_cmd, 0);
106 }
107 
108 static int ath10k_sdio_func0_cmd52_rd_byte(struct mmc_card *card,
109 					   unsigned int address,
110 					   unsigned char *byte)
111 {
112 	struct mmc_command io_cmd;
113 	int ret;
114 
115 	memset(&io_cmd, 0, sizeof(io_cmd));
116 	ath10k_sdio_set_cmd52_arg(&io_cmd.arg, 0, 0, address, 0);
117 	io_cmd.opcode = SD_IO_RW_DIRECT;
118 	io_cmd.flags = MMC_RSP_R5 | MMC_CMD_AC;
119 
120 	ret = mmc_wait_for_cmd(card->host, &io_cmd, 0);
121 	if (!ret)
122 		*byte = io_cmd.resp[0];
123 
124 	return ret;
125 }
126 
127 static int ath10k_sdio_config(struct ath10k *ar)
128 {
129 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
130 	struct sdio_func *func = ar_sdio->func;
131 	unsigned char byte, asyncintdelay = 2;
132 	int ret;
133 
134 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio configuration\n");
135 
136 	sdio_claim_host(func);
137 
138 	byte = 0;
139 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
140 					      SDIO_CCCR_DRIVE_STRENGTH,
141 					      &byte);
142 
143 	byte &= ~ATH10K_SDIO_DRIVE_DTSX_MASK;
144 	byte |= FIELD_PREP(ATH10K_SDIO_DRIVE_DTSX_MASK,
145 			   ATH10K_SDIO_DRIVE_DTSX_TYPE_D);
146 
147 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
148 					      SDIO_CCCR_DRIVE_STRENGTH,
149 					      byte);
150 
151 	byte = 0;
152 	ret = ath10k_sdio_func0_cmd52_rd_byte(
153 		func->card,
154 		CCCR_SDIO_DRIVER_STRENGTH_ENABLE_ADDR,
155 		&byte);
156 
157 	byte |= (CCCR_SDIO_DRIVER_STRENGTH_ENABLE_A |
158 		 CCCR_SDIO_DRIVER_STRENGTH_ENABLE_C |
159 		 CCCR_SDIO_DRIVER_STRENGTH_ENABLE_D);
160 
161 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
162 					      CCCR_SDIO_DRIVER_STRENGTH_ENABLE_ADDR,
163 					      byte);
164 	if (ret) {
165 		ath10k_warn(ar, "failed to enable driver strength: %d\n", ret);
166 		goto out;
167 	}
168 
169 	byte = 0;
170 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
171 					      CCCR_SDIO_IRQ_MODE_REG_SDIO3,
172 					      &byte);
173 
174 	byte |= SDIO_IRQ_MODE_ASYNC_4BIT_IRQ_SDIO3;
175 
176 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
177 					      CCCR_SDIO_IRQ_MODE_REG_SDIO3,
178 					      byte);
179 	if (ret) {
180 		ath10k_warn(ar, "failed to enable 4-bit async irq mode: %d\n",
181 			    ret);
182 		goto out;
183 	}
184 
185 	byte = 0;
186 	ret = ath10k_sdio_func0_cmd52_rd_byte(func->card,
187 					      CCCR_SDIO_ASYNC_INT_DELAY_ADDRESS,
188 					      &byte);
189 
190 	byte &= ~CCCR_SDIO_ASYNC_INT_DELAY_MASK;
191 	byte |= FIELD_PREP(CCCR_SDIO_ASYNC_INT_DELAY_MASK, asyncintdelay);
192 
193 	ret = ath10k_sdio_func0_cmd52_wr_byte(func->card,
194 					      CCCR_SDIO_ASYNC_INT_DELAY_ADDRESS,
195 					      byte);
196 
197 	/* give us some time to enable, in ms */
198 	func->enable_timeout = 100;
199 
200 	ret = sdio_set_block_size(func, ar_sdio->mbox_info.block_size);
201 	if (ret) {
202 		ath10k_warn(ar, "failed to set sdio block size to %d: %d\n",
203 			    ar_sdio->mbox_info.block_size, ret);
204 		goto out;
205 	}
206 
207 out:
208 	sdio_release_host(func);
209 	return ret;
210 }
211 
212 static int ath10k_sdio_write32(struct ath10k *ar, u32 addr, u32 val)
213 {
214 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
215 	struct sdio_func *func = ar_sdio->func;
216 	int ret;
217 
218 	sdio_claim_host(func);
219 
220 	sdio_writel(func, val, addr, &ret);
221 	if (ret) {
222 		ath10k_warn(ar, "failed to write 0x%x to address 0x%x: %d\n",
223 			    val, addr, ret);
224 		goto out;
225 	}
226 
227 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio write32 addr 0x%x val 0x%x\n",
228 		   addr, val);
229 
230 out:
231 	sdio_release_host(func);
232 
233 	return ret;
234 }
235 
236 static int ath10k_sdio_writesb32(struct ath10k *ar, u32 addr, u32 val)
237 {
238 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
239 	struct sdio_func *func = ar_sdio->func;
240 	__le32 *buf;
241 	int ret;
242 
243 	buf = kzalloc(sizeof(*buf), GFP_KERNEL);
244 	if (!buf)
245 		return -ENOMEM;
246 
247 	*buf = cpu_to_le32(val);
248 
249 	sdio_claim_host(func);
250 
251 	ret = sdio_writesb(func, addr, buf, sizeof(*buf));
252 	if (ret) {
253 		ath10k_warn(ar, "failed to write value 0x%x to fixed sb address 0x%x: %d\n",
254 			    val, addr, ret);
255 		goto out;
256 	}
257 
258 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio writesb32 addr 0x%x val 0x%x\n",
259 		   addr, val);
260 
261 out:
262 	sdio_release_host(func);
263 
264 	kfree(buf);
265 
266 	return ret;
267 }
268 
269 static int ath10k_sdio_read32(struct ath10k *ar, u32 addr, u32 *val)
270 {
271 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
272 	struct sdio_func *func = ar_sdio->func;
273 	int ret;
274 
275 	sdio_claim_host(func);
276 	*val = sdio_readl(func, addr, &ret);
277 	if (ret) {
278 		ath10k_warn(ar, "failed to read from address 0x%x: %d\n",
279 			    addr, ret);
280 		goto out;
281 	}
282 
283 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio read32 addr 0x%x val 0x%x\n",
284 		   addr, *val);
285 
286 out:
287 	sdio_release_host(func);
288 
289 	return ret;
290 }
291 
292 static int ath10k_sdio_read(struct ath10k *ar, u32 addr, void *buf, size_t len)
293 {
294 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
295 	struct sdio_func *func = ar_sdio->func;
296 	int ret;
297 
298 	sdio_claim_host(func);
299 
300 	ret = sdio_memcpy_fromio(func, buf, addr, len);
301 	if (ret) {
302 		ath10k_warn(ar, "failed to read from address 0x%x: %d\n",
303 			    addr, ret);
304 		goto out;
305 	}
306 
307 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio read addr 0x%x buf 0x%p len %zu\n",
308 		   addr, buf, len);
309 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio read ", buf, len);
310 
311 out:
312 	sdio_release_host(func);
313 
314 	return ret;
315 }
316 
317 static int ath10k_sdio_write(struct ath10k *ar, u32 addr, const void *buf, size_t len)
318 {
319 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
320 	struct sdio_func *func = ar_sdio->func;
321 	int ret;
322 
323 	sdio_claim_host(func);
324 
325 	/* For some reason toio() doesn't have const for the buffer, need
326 	 * an ugly hack to workaround that.
327 	 */
328 	ret = sdio_memcpy_toio(func, addr, (void *)buf, len);
329 	if (ret) {
330 		ath10k_warn(ar, "failed to write to address 0x%x: %d\n",
331 			    addr, ret);
332 		goto out;
333 	}
334 
335 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio write addr 0x%x buf 0x%p len %zu\n",
336 		   addr, buf, len);
337 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio write ", buf, len);
338 
339 out:
340 	sdio_release_host(func);
341 
342 	return ret;
343 }
344 
345 static int ath10k_sdio_readsb(struct ath10k *ar, u32 addr, void *buf, size_t len)
346 {
347 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
348 	struct sdio_func *func = ar_sdio->func;
349 	int ret;
350 
351 	sdio_claim_host(func);
352 
353 	len = round_down(len, ar_sdio->mbox_info.block_size);
354 
355 	ret = sdio_readsb(func, buf, addr, len);
356 	if (ret) {
357 		ath10k_warn(ar, "failed to read from fixed (sb) address 0x%x: %d\n",
358 			    addr, ret);
359 		goto out;
360 	}
361 
362 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio readsb addr 0x%x buf 0x%p len %zu\n",
363 		   addr, buf, len);
364 	ath10k_dbg_dump(ar, ATH10K_DBG_SDIO_DUMP, NULL, "sdio readsb ", buf, len);
365 
366 out:
367 	sdio_release_host(func);
368 
369 	return ret;
370 }
371 
372 /* HIF mbox functions */
373 
374 static int ath10k_sdio_mbox_rx_process_packet(struct ath10k *ar,
375 					      struct ath10k_sdio_rx_data *pkt,
376 					      u32 *lookaheads,
377 					      int *n_lookaheads)
378 {
379 	struct ath10k_htc *htc = &ar->htc;
380 	struct sk_buff *skb = pkt->skb;
381 	struct ath10k_htc_hdr *htc_hdr = (struct ath10k_htc_hdr *)skb->data;
382 	bool trailer_present = htc_hdr->flags & ATH10K_HTC_FLAG_TRAILER_PRESENT;
383 	enum ath10k_htc_ep_id eid;
384 	u16 payload_len;
385 	u8 *trailer;
386 	int ret;
387 
388 	payload_len = le16_to_cpu(htc_hdr->len);
389 	skb->len = payload_len + sizeof(struct ath10k_htc_hdr);
390 
391 	if (trailer_present) {
392 		trailer = skb->data + sizeof(*htc_hdr) +
393 			  payload_len - htc_hdr->trailer_len;
394 
395 		eid = pipe_id_to_eid(htc_hdr->eid);
396 
397 		ret = ath10k_htc_process_trailer(htc,
398 						 trailer,
399 						 htc_hdr->trailer_len,
400 						 eid,
401 						 lookaheads,
402 						 n_lookaheads);
403 		if (ret)
404 			return ret;
405 
406 		if (is_trailer_only_msg(pkt))
407 			pkt->trailer_only = true;
408 
409 		skb_trim(skb, skb->len - htc_hdr->trailer_len);
410 	}
411 
412 	skb_pull(skb, sizeof(*htc_hdr));
413 
414 	return 0;
415 }
416 
417 static int ath10k_sdio_mbox_rx_process_packets(struct ath10k *ar,
418 					       u32 lookaheads[],
419 					       int *n_lookahead)
420 {
421 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
422 	struct ath10k_htc *htc = &ar->htc;
423 	struct ath10k_sdio_rx_data *pkt;
424 	struct ath10k_htc_ep *ep;
425 	enum ath10k_htc_ep_id id;
426 	int ret, i, *n_lookahead_local;
427 	u32 *lookaheads_local;
428 	int lookahead_idx = 0;
429 
430 	for (i = 0; i < ar_sdio->n_rx_pkts; i++) {
431 		lookaheads_local = lookaheads;
432 		n_lookahead_local = n_lookahead;
433 
434 		id = ((struct ath10k_htc_hdr *)
435 		      &lookaheads[lookahead_idx++])->eid;
436 
437 		if (id >= ATH10K_HTC_EP_COUNT) {
438 			ath10k_warn(ar, "invalid endpoint in look-ahead: %d\n",
439 				    id);
440 			ret = -ENOMEM;
441 			goto out;
442 		}
443 
444 		ep = &htc->endpoint[id];
445 
446 		if (ep->service_id == 0) {
447 			ath10k_warn(ar, "ep %d is not connected\n", id);
448 			ret = -ENOMEM;
449 			goto out;
450 		}
451 
452 		pkt = &ar_sdio->rx_pkts[i];
453 
454 		if (pkt->part_of_bundle && !pkt->last_in_bundle) {
455 			/* Only read lookahead's from RX trailers
456 			 * for the last packet in a bundle.
457 			 */
458 			lookahead_idx--;
459 			lookaheads_local = NULL;
460 			n_lookahead_local = NULL;
461 		}
462 
463 		ret = ath10k_sdio_mbox_rx_process_packet(ar,
464 							 pkt,
465 							 lookaheads_local,
466 							 n_lookahead_local);
467 		if (ret)
468 			goto out;
469 
470 		if (!pkt->trailer_only)
471 			ep->ep_ops.ep_rx_complete(ar_sdio->ar, pkt->skb);
472 		else
473 			kfree_skb(pkt->skb);
474 
475 		/* The RX complete handler now owns the skb...*/
476 		pkt->skb = NULL;
477 		pkt->alloc_len = 0;
478 	}
479 
480 	ret = 0;
481 
482 out:
483 	/* Free all packets that was not passed on to the RX completion
484 	 * handler...
485 	 */
486 	for (; i < ar_sdio->n_rx_pkts; i++)
487 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
488 
489 	return ret;
490 }
491 
492 static int ath10k_sdio_mbox_alloc_pkt_bundle(struct ath10k *ar,
493 					     struct ath10k_sdio_rx_data *rx_pkts,
494 					     struct ath10k_htc_hdr *htc_hdr,
495 					     size_t full_len, size_t act_len,
496 					     size_t *bndl_cnt)
497 {
498 	int ret, i;
499 
500 	*bndl_cnt = FIELD_GET(ATH10K_HTC_FLAG_BUNDLE_MASK, htc_hdr->flags);
501 
502 	if (*bndl_cnt > HTC_HOST_MAX_MSG_PER_RX_BUNDLE) {
503 		ath10k_warn(ar,
504 			    "HTC bundle length %u exceeds maximum %u\n",
505 			    le16_to_cpu(htc_hdr->len),
506 			    HTC_HOST_MAX_MSG_PER_RX_BUNDLE);
507 		return -ENOMEM;
508 	}
509 
510 	/* Allocate bndl_cnt extra skb's for the bundle.
511 	 * The package containing the
512 	 * ATH10K_HTC_FLAG_BUNDLE_MASK flag is not included
513 	 * in bndl_cnt. The skb for that packet will be
514 	 * allocated separately.
515 	 */
516 	for (i = 0; i < *bndl_cnt; i++) {
517 		ret = ath10k_sdio_mbox_alloc_rx_pkt(&rx_pkts[i],
518 						    act_len,
519 						    full_len,
520 						    true,
521 						    false);
522 		if (ret)
523 			return ret;
524 	}
525 
526 	return 0;
527 }
528 
529 static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar,
530 				     u32 lookaheads[], int n_lookaheads)
531 {
532 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
533 	struct ath10k_htc_hdr *htc_hdr;
534 	size_t full_len, act_len;
535 	bool last_in_bundle;
536 	int ret, i;
537 
538 	if (n_lookaheads > ATH10K_SDIO_MAX_RX_MSGS) {
539 		ath10k_warn(ar,
540 			    "the total number of pkgs to be fetched (%u) exceeds maximum %u\n",
541 			    n_lookaheads,
542 			    ATH10K_SDIO_MAX_RX_MSGS);
543 		ret = -ENOMEM;
544 		goto err;
545 	}
546 
547 	for (i = 0; i < n_lookaheads; i++) {
548 		htc_hdr = (struct ath10k_htc_hdr *)&lookaheads[i];
549 		last_in_bundle = false;
550 
551 		if (le16_to_cpu(htc_hdr->len) >
552 		    ATH10K_HTC_MBOX_MAX_PAYLOAD_LENGTH) {
553 			ath10k_warn(ar,
554 				    "payload length %d exceeds max htc length: %zu\n",
555 				    le16_to_cpu(htc_hdr->len),
556 				    ATH10K_HTC_MBOX_MAX_PAYLOAD_LENGTH);
557 			ret = -ENOMEM;
558 			goto err;
559 		}
560 
561 		act_len = le16_to_cpu(htc_hdr->len) + sizeof(*htc_hdr);
562 		full_len = ath10k_sdio_calc_txrx_padded_len(ar_sdio, act_len);
563 
564 		if (full_len > ATH10K_SDIO_MAX_BUFFER_SIZE) {
565 			ath10k_warn(ar,
566 				    "rx buffer requested with invalid htc_hdr length (%d, 0x%x): %d\n",
567 				    htc_hdr->eid, htc_hdr->flags,
568 				    le16_to_cpu(htc_hdr->len));
569 			ret = -EINVAL;
570 			goto err;
571 		}
572 
573 		if (htc_hdr->flags & ATH10K_HTC_FLAG_BUNDLE_MASK) {
574 			/* HTC header indicates that every packet to follow
575 			 * has the same padded length so that it can be
576 			 * optimally fetched as a full bundle.
577 			 */
578 			size_t bndl_cnt;
579 
580 			ret = ath10k_sdio_mbox_alloc_pkt_bundle(ar,
581 								&ar_sdio->rx_pkts[i],
582 								htc_hdr,
583 								full_len,
584 								act_len,
585 								&bndl_cnt);
586 
587 			n_lookaheads += bndl_cnt;
588 			i += bndl_cnt;
589 			/*Next buffer will be the last in the bundle */
590 			last_in_bundle = true;
591 		}
592 
593 		/* Allocate skb for packet. If the packet had the
594 		 * ATH10K_HTC_FLAG_BUNDLE_MASK flag set, all bundled
595 		 * packet skb's have been allocated in the previous step.
596 		 */
597 		if (htc_hdr->flags & ATH10K_HTC_FLAGS_RECV_1MORE_BLOCK)
598 			full_len += ATH10K_HIF_MBOX_BLOCK_SIZE;
599 
600 		ret = ath10k_sdio_mbox_alloc_rx_pkt(&ar_sdio->rx_pkts[i],
601 						    act_len,
602 						    full_len,
603 						    last_in_bundle,
604 						    last_in_bundle);
605 	}
606 
607 	ar_sdio->n_rx_pkts = i;
608 
609 	return 0;
610 
611 err:
612 	for (i = 0; i < ATH10K_SDIO_MAX_RX_MSGS; i++) {
613 		if (!ar_sdio->rx_pkts[i].alloc_len)
614 			break;
615 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
616 	}
617 
618 	return ret;
619 }
620 
621 static int ath10k_sdio_mbox_rx_packet(struct ath10k *ar,
622 				      struct ath10k_sdio_rx_data *pkt)
623 {
624 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
625 	struct sk_buff *skb = pkt->skb;
626 	int ret;
627 
628 	ret = ath10k_sdio_readsb(ar, ar_sdio->mbox_info.htc_addr,
629 				 skb->data, pkt->alloc_len);
630 	pkt->status = ret;
631 	if (!ret)
632 		skb_put(skb, pkt->act_len);
633 
634 	return ret;
635 }
636 
637 static int ath10k_sdio_mbox_rx_fetch(struct ath10k *ar)
638 {
639 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
640 	int ret, i;
641 
642 	for (i = 0; i < ar_sdio->n_rx_pkts; i++) {
643 		ret = ath10k_sdio_mbox_rx_packet(ar,
644 						 &ar_sdio->rx_pkts[i]);
645 		if (ret)
646 			goto err;
647 	}
648 
649 	return 0;
650 
651 err:
652 	/* Free all packets that was not successfully fetched. */
653 	for (; i < ar_sdio->n_rx_pkts; i++)
654 		ath10k_sdio_mbox_free_rx_pkt(&ar_sdio->rx_pkts[i]);
655 
656 	return ret;
657 }
658 
659 /* This is the timeout for mailbox processing done in the sdio irq
660  * handler. The timeout is deliberately set quite high since SDIO dump logs
661  * over serial port can/will add a substantial overhead to the processing
662  * (if enabled).
663  */
664 #define SDIO_MBOX_PROCESSING_TIMEOUT_HZ (20 * HZ)
665 
666 static int ath10k_sdio_mbox_rxmsg_pending_handler(struct ath10k *ar,
667 						  u32 msg_lookahead, bool *done)
668 {
669 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
670 	u32 lookaheads[ATH10K_SDIO_MAX_RX_MSGS];
671 	int n_lookaheads = 1;
672 	unsigned long timeout;
673 	int ret;
674 
675 	*done = true;
676 
677 	/* Copy the lookahead obtained from the HTC register table into our
678 	 * temp array as a start value.
679 	 */
680 	lookaheads[0] = msg_lookahead;
681 
682 	timeout = jiffies + SDIO_MBOX_PROCESSING_TIMEOUT_HZ;
683 	do {
684 		/* Try to allocate as many HTC RX packets indicated by
685 		 * n_lookaheads.
686 		 */
687 		ret = ath10k_sdio_mbox_rx_alloc(ar, lookaheads,
688 						n_lookaheads);
689 		if (ret)
690 			break;
691 
692 		if (ar_sdio->n_rx_pkts >= 2)
693 			/* A recv bundle was detected, force IRQ status
694 			 * re-check again.
695 			 */
696 			*done = false;
697 
698 		ret = ath10k_sdio_mbox_rx_fetch(ar);
699 
700 		/* Process fetched packets. This will potentially update
701 		 * n_lookaheads depending on if the packets contain lookahead
702 		 * reports.
703 		 */
704 		n_lookaheads = 0;
705 		ret = ath10k_sdio_mbox_rx_process_packets(ar,
706 							  lookaheads,
707 							  &n_lookaheads);
708 
709 		if (!n_lookaheads || ret)
710 			break;
711 
712 		/* For SYNCH processing, if we get here, we are running
713 		 * through the loop again due to updated lookaheads. Set
714 		 * flag that we should re-check IRQ status registers again
715 		 * before leaving IRQ processing, this can net better
716 		 * performance in high throughput situations.
717 		 */
718 		*done = false;
719 	} while (time_before(jiffies, timeout));
720 
721 	if (ret && (ret != -ECANCELED))
722 		ath10k_warn(ar, "failed to get pending recv messages: %d\n",
723 			    ret);
724 
725 	return ret;
726 }
727 
728 static int ath10k_sdio_mbox_proc_dbg_intr(struct ath10k *ar)
729 {
730 	u32 val;
731 	int ret;
732 
733 	/* TODO: Add firmware crash handling */
734 	ath10k_warn(ar, "firmware crashed\n");
735 
736 	/* read counter to clear the interrupt, the debug error interrupt is
737 	 * counter 0.
738 	 */
739 	ret = ath10k_sdio_read32(ar, MBOX_COUNT_DEC_ADDRESS, &val);
740 	if (ret)
741 		ath10k_warn(ar, "failed to clear debug interrupt: %d\n", ret);
742 
743 	return ret;
744 }
745 
746 static int ath10k_sdio_mbox_proc_counter_intr(struct ath10k *ar)
747 {
748 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
749 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
750 	u8 counter_int_status;
751 	int ret;
752 
753 	mutex_lock(&irq_data->mtx);
754 	counter_int_status = irq_data->irq_proc_reg->counter_int_status &
755 			     irq_data->irq_en_reg->cntr_int_status_en;
756 
757 	/* NOTE: other modules like GMBOX may use the counter interrupt for
758 	 * credit flow control on other counters, we only need to check for
759 	 * the debug assertion counter interrupt.
760 	 */
761 	if (counter_int_status & ATH10K_SDIO_TARGET_DEBUG_INTR_MASK)
762 		ret = ath10k_sdio_mbox_proc_dbg_intr(ar);
763 	else
764 		ret = 0;
765 
766 	mutex_unlock(&irq_data->mtx);
767 
768 	return ret;
769 }
770 
771 static int ath10k_sdio_mbox_proc_err_intr(struct ath10k *ar)
772 {
773 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
774 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
775 	u8 error_int_status;
776 	int ret;
777 
778 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio error interrupt\n");
779 
780 	error_int_status = irq_data->irq_proc_reg->error_int_status & 0x0F;
781 	if (!error_int_status) {
782 		ath10k_warn(ar, "invalid error interrupt status: 0x%x\n",
783 			    error_int_status);
784 		return -EIO;
785 	}
786 
787 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
788 		   "sdio error_int_status 0x%x\n", error_int_status);
789 
790 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_WAKEUP_MASK,
791 		      error_int_status))
792 		ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio interrupt error wakeup\n");
793 
794 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_RX_UNDERFLOW_MASK,
795 		      error_int_status))
796 		ath10k_warn(ar, "rx underflow interrupt error\n");
797 
798 	if (FIELD_GET(MBOX_ERROR_INT_STATUS_TX_OVERFLOW_MASK,
799 		      error_int_status))
800 		ath10k_warn(ar, "tx overflow interrupt error\n");
801 
802 	/* Clear the interrupt */
803 	irq_data->irq_proc_reg->error_int_status &= ~error_int_status;
804 
805 	/* set W1C value to clear the interrupt, this hits the register first */
806 	ret = ath10k_sdio_writesb32(ar, MBOX_ERROR_INT_STATUS_ADDRESS,
807 				    error_int_status);
808 	if (ret) {
809 		ath10k_warn(ar, "unable to write to error int status address: %d\n",
810 			    ret);
811 		return ret;
812 	}
813 
814 	return 0;
815 }
816 
817 static int ath10k_sdio_mbox_proc_cpu_intr(struct ath10k *ar)
818 {
819 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
820 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
821 	u8 cpu_int_status;
822 	int ret;
823 
824 	mutex_lock(&irq_data->mtx);
825 	cpu_int_status = irq_data->irq_proc_reg->cpu_int_status &
826 			 irq_data->irq_en_reg->cpu_int_status_en;
827 	if (!cpu_int_status) {
828 		ath10k_warn(ar, "CPU interrupt status is zero\n");
829 		ret = -EIO;
830 		goto out;
831 	}
832 
833 	/* Clear the interrupt */
834 	irq_data->irq_proc_reg->cpu_int_status &= ~cpu_int_status;
835 
836 	/* Set up the register transfer buffer to hit the register 4 times,
837 	 * this is done to make the access 4-byte aligned to mitigate issues
838 	 * with host bus interconnects that restrict bus transfer lengths to
839 	 * be a multiple of 4-bytes.
840 	 *
841 	 * Set W1C value to clear the interrupt, this hits the register first.
842 	 */
843 	ret = ath10k_sdio_writesb32(ar, MBOX_CPU_INT_STATUS_ADDRESS,
844 				    cpu_int_status);
845 	if (ret) {
846 		ath10k_warn(ar, "unable to write to cpu interrupt status address: %d\n",
847 			    ret);
848 		goto out;
849 	}
850 
851 out:
852 	mutex_unlock(&irq_data->mtx);
853 	return ret;
854 }
855 
856 static int ath10k_sdio_mbox_read_int_status(struct ath10k *ar,
857 					    u8 *host_int_status,
858 					    u32 *lookahead)
859 {
860 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
861 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
862 	struct ath10k_sdio_irq_proc_regs *irq_proc_reg = irq_data->irq_proc_reg;
863 	struct ath10k_sdio_irq_enable_regs *irq_en_reg = irq_data->irq_en_reg;
864 	u8 htc_mbox = FIELD_PREP(ATH10K_HTC_MAILBOX_MASK, 1);
865 	int ret;
866 
867 	mutex_lock(&irq_data->mtx);
868 
869 	*lookahead = 0;
870 	*host_int_status = 0;
871 
872 	/* int_status_en is supposed to be non zero, otherwise interrupts
873 	 * shouldn't be enabled. There is however a short time frame during
874 	 * initialization between the irq register and int_status_en init
875 	 * where this can happen.
876 	 * We silently ignore this condition.
877 	 */
878 	if (!irq_en_reg->int_status_en) {
879 		ret = 0;
880 		goto out;
881 	}
882 
883 	/* Read the first sizeof(struct ath10k_irq_proc_registers)
884 	 * bytes of the HTC register table. This
885 	 * will yield us the value of different int status
886 	 * registers and the lookahead registers.
887 	 */
888 	ret = ath10k_sdio_read(ar, MBOX_HOST_INT_STATUS_ADDRESS,
889 			       irq_proc_reg, sizeof(*irq_proc_reg));
890 	if (ret)
891 		goto out;
892 
893 	/* Update only those registers that are enabled */
894 	*host_int_status = irq_proc_reg->host_int_status &
895 			   irq_en_reg->int_status_en;
896 
897 	/* Look at mbox status */
898 	if (!(*host_int_status & htc_mbox)) {
899 		*lookahead = 0;
900 		ret = 0;
901 		goto out;
902 	}
903 
904 	/* Mask out pending mbox value, we use look ahead as
905 	 * the real flag for mbox processing.
906 	 */
907 	*host_int_status &= ~htc_mbox;
908 	if (irq_proc_reg->rx_lookahead_valid & htc_mbox) {
909 		*lookahead = le32_to_cpu(
910 			irq_proc_reg->rx_lookahead[ATH10K_HTC_MAILBOX]);
911 		if (!*lookahead)
912 			ath10k_warn(ar, "sdio mbox lookahead is zero\n");
913 	}
914 
915 out:
916 	mutex_unlock(&irq_data->mtx);
917 	return ret;
918 }
919 
920 static int ath10k_sdio_mbox_proc_pending_irqs(struct ath10k *ar,
921 					      bool *done)
922 {
923 	u8 host_int_status;
924 	u32 lookahead;
925 	int ret;
926 
927 	/* NOTE: HIF implementation guarantees that the context of this
928 	 * call allows us to perform SYNCHRONOUS I/O, that is we can block,
929 	 * sleep or call any API that can block or switch thread/task
930 	 * contexts. This is a fully schedulable context.
931 	 */
932 
933 	ret = ath10k_sdio_mbox_read_int_status(ar,
934 					       &host_int_status,
935 					       &lookahead);
936 	if (ret) {
937 		*done = true;
938 		goto out;
939 	}
940 
941 	if (!host_int_status && !lookahead) {
942 		ret = 0;
943 		*done = true;
944 		goto out;
945 	}
946 
947 	if (lookahead) {
948 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
949 			   "sdio pending mailbox msg lookahead 0x%08x\n",
950 			   lookahead);
951 
952 		ret = ath10k_sdio_mbox_rxmsg_pending_handler(ar,
953 							     lookahead,
954 							     done);
955 		if (ret)
956 			goto out;
957 	}
958 
959 	/* now, handle the rest of the interrupts */
960 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
961 		   "sdio host_int_status 0x%x\n", host_int_status);
962 
963 	if (FIELD_GET(MBOX_HOST_INT_STATUS_CPU_MASK, host_int_status)) {
964 		/* CPU Interrupt */
965 		ret = ath10k_sdio_mbox_proc_cpu_intr(ar);
966 		if (ret)
967 			goto out;
968 	}
969 
970 	if (FIELD_GET(MBOX_HOST_INT_STATUS_ERROR_MASK, host_int_status)) {
971 		/* Error Interrupt */
972 		ret = ath10k_sdio_mbox_proc_err_intr(ar);
973 		if (ret)
974 			goto out;
975 	}
976 
977 	if (FIELD_GET(MBOX_HOST_INT_STATUS_COUNTER_MASK, host_int_status))
978 		/* Counter Interrupt */
979 		ret = ath10k_sdio_mbox_proc_counter_intr(ar);
980 
981 	ret = 0;
982 
983 out:
984 	/* An optimization to bypass reading the IRQ status registers
985 	 * unecessarily which can re-wake the target, if upper layers
986 	 * determine that we are in a low-throughput mode, we can rely on
987 	 * taking another interrupt rather than re-checking the status
988 	 * registers which can re-wake the target.
989 	 *
990 	 * NOTE : for host interfaces that makes use of detecting pending
991 	 * mbox messages at hif can not use this optimization due to
992 	 * possible side effects, SPI requires the host to drain all
993 	 * messages from the mailbox before exiting the ISR routine.
994 	 */
995 
996 	ath10k_dbg(ar, ATH10K_DBG_SDIO,
997 		   "sdio pending irqs done %d status %d",
998 		   *done, ret);
999 
1000 	return ret;
1001 }
1002 
1003 static void ath10k_sdio_set_mbox_info(struct ath10k *ar)
1004 {
1005 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1006 	struct ath10k_mbox_info *mbox_info = &ar_sdio->mbox_info;
1007 	u16 device = ar_sdio->func->device, dev_id_base, dev_id_chiprev;
1008 
1009 	mbox_info->htc_addr = ATH10K_HIF_MBOX_BASE_ADDR;
1010 	mbox_info->block_size = ATH10K_HIF_MBOX_BLOCK_SIZE;
1011 	mbox_info->block_mask = ATH10K_HIF_MBOX_BLOCK_SIZE - 1;
1012 	mbox_info->gmbox_addr = ATH10K_HIF_GMBOX_BASE_ADDR;
1013 	mbox_info->gmbox_sz = ATH10K_HIF_GMBOX_WIDTH;
1014 
1015 	mbox_info->ext_info[0].htc_ext_addr = ATH10K_HIF_MBOX0_EXT_BASE_ADDR;
1016 
1017 	dev_id_base = FIELD_GET(QCA_MANUFACTURER_ID_BASE, device);
1018 	dev_id_chiprev = FIELD_GET(QCA_MANUFACTURER_ID_REV_MASK, device);
1019 	switch (dev_id_base) {
1020 	case QCA_MANUFACTURER_ID_AR6005_BASE:
1021 		if (dev_id_chiprev < 4)
1022 			mbox_info->ext_info[0].htc_ext_sz =
1023 				ATH10K_HIF_MBOX0_EXT_WIDTH;
1024 		else
1025 			/* from QCA6174 2.0(0x504), the width has been extended
1026 			 * to 56K
1027 			 */
1028 			mbox_info->ext_info[0].htc_ext_sz =
1029 				ATH10K_HIF_MBOX0_EXT_WIDTH_ROME_2_0;
1030 		break;
1031 	case QCA_MANUFACTURER_ID_QCA9377_BASE:
1032 		mbox_info->ext_info[0].htc_ext_sz =
1033 			ATH10K_HIF_MBOX0_EXT_WIDTH_ROME_2_0;
1034 		break;
1035 	default:
1036 		mbox_info->ext_info[0].htc_ext_sz =
1037 				ATH10K_HIF_MBOX0_EXT_WIDTH;
1038 	}
1039 
1040 	mbox_info->ext_info[1].htc_ext_addr =
1041 		mbox_info->ext_info[0].htc_ext_addr +
1042 		mbox_info->ext_info[0].htc_ext_sz +
1043 		ATH10K_HIF_MBOX_DUMMY_SPACE_SIZE;
1044 	mbox_info->ext_info[1].htc_ext_sz = ATH10K_HIF_MBOX1_EXT_WIDTH;
1045 }
1046 
1047 /* BMI functions */
1048 
1049 static int ath10k_sdio_bmi_credits(struct ath10k *ar)
1050 {
1051 	u32 addr, cmd_credits;
1052 	unsigned long timeout;
1053 	int ret;
1054 
1055 	/* Read the counter register to get the command credits */
1056 	addr = MBOX_COUNT_DEC_ADDRESS + ATH10K_HIF_MBOX_NUM_MAX * 4;
1057 	timeout = jiffies + BMI_COMMUNICATION_TIMEOUT_HZ;
1058 	cmd_credits = 0;
1059 
1060 	while (time_before(jiffies, timeout) && !cmd_credits) {
1061 		/* Hit the credit counter with a 4-byte access, the first byte
1062 		 * read will hit the counter and cause a decrement, while the
1063 		 * remaining 3 bytes has no effect. The rationale behind this
1064 		 * is to make all HIF accesses 4-byte aligned.
1065 		 */
1066 		ret = ath10k_sdio_read32(ar, addr, &cmd_credits);
1067 		if (ret) {
1068 			ath10k_warn(ar,
1069 				    "unable to decrement the command credit count register: %d\n",
1070 				    ret);
1071 			return ret;
1072 		}
1073 
1074 		/* The counter is only 8 bits.
1075 		 * Ignore anything in the upper 3 bytes
1076 		 */
1077 		cmd_credits &= 0xFF;
1078 	}
1079 
1080 	if (!cmd_credits) {
1081 		ath10k_warn(ar, "bmi communication timeout\n");
1082 		return -ETIMEDOUT;
1083 	}
1084 
1085 	return 0;
1086 }
1087 
1088 static int ath10k_sdio_bmi_get_rx_lookahead(struct ath10k *ar)
1089 {
1090 	unsigned long timeout;
1091 	u32 rx_word;
1092 	int ret;
1093 
1094 	timeout = jiffies + BMI_COMMUNICATION_TIMEOUT_HZ;
1095 	rx_word = 0;
1096 
1097 	while ((time_before(jiffies, timeout)) && !rx_word) {
1098 		ret = ath10k_sdio_read32(ar,
1099 					 MBOX_HOST_INT_STATUS_ADDRESS,
1100 					 &rx_word);
1101 		if (ret) {
1102 			ath10k_warn(ar, "unable to read RX_LOOKAHEAD_VALID: %d\n", ret);
1103 			return ret;
1104 		}
1105 
1106 		 /* all we really want is one bit */
1107 		rx_word &= 1;
1108 	}
1109 
1110 	if (!rx_word) {
1111 		ath10k_warn(ar, "bmi_recv_buf FIFO empty\n");
1112 		return -EINVAL;
1113 	}
1114 
1115 	return ret;
1116 }
1117 
1118 static int ath10k_sdio_bmi_exchange_msg(struct ath10k *ar,
1119 					void *req, u32 req_len,
1120 					void *resp, u32 *resp_len)
1121 {
1122 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1123 	u32 addr;
1124 	int ret;
1125 
1126 	if (req) {
1127 		ret = ath10k_sdio_bmi_credits(ar);
1128 		if (ret)
1129 			return ret;
1130 
1131 		addr = ar_sdio->mbox_info.htc_addr;
1132 
1133 		memcpy(ar_sdio->bmi_buf, req, req_len);
1134 		ret = ath10k_sdio_write(ar, addr, ar_sdio->bmi_buf, req_len);
1135 		if (ret) {
1136 			ath10k_warn(ar,
1137 				    "unable to send the bmi data to the device: %d\n",
1138 				    ret);
1139 			return ret;
1140 		}
1141 	}
1142 
1143 	if (!resp || !resp_len)
1144 		/* No response expected */
1145 		return 0;
1146 
1147 	/* During normal bootup, small reads may be required.
1148 	 * Rather than issue an HIF Read and then wait as the Target
1149 	 * adds successive bytes to the FIFO, we wait here until
1150 	 * we know that response data is available.
1151 	 *
1152 	 * This allows us to cleanly timeout on an unexpected
1153 	 * Target failure rather than risk problems at the HIF level.
1154 	 * In particular, this avoids SDIO timeouts and possibly garbage
1155 	 * data on some host controllers.  And on an interconnect
1156 	 * such as Compact Flash (as well as some SDIO masters) which
1157 	 * does not provide any indication on data timeout, it avoids
1158 	 * a potential hang or garbage response.
1159 	 *
1160 	 * Synchronization is more difficult for reads larger than the
1161 	 * size of the MBOX FIFO (128B), because the Target is unable
1162 	 * to push the 129th byte of data until AFTER the Host posts an
1163 	 * HIF Read and removes some FIFO data.  So for large reads the
1164 	 * Host proceeds to post an HIF Read BEFORE all the data is
1165 	 * actually available to read.  Fortunately, large BMI reads do
1166 	 * not occur in practice -- they're supported for debug/development.
1167 	 *
1168 	 * So Host/Target BMI synchronization is divided into these cases:
1169 	 *  CASE 1: length < 4
1170 	 *        Should not happen
1171 	 *
1172 	 *  CASE 2: 4 <= length <= 128
1173 	 *        Wait for first 4 bytes to be in FIFO
1174 	 *        If CONSERVATIVE_BMI_READ is enabled, also wait for
1175 	 *        a BMI command credit, which indicates that the ENTIRE
1176 	 *        response is available in the the FIFO
1177 	 *
1178 	 *  CASE 3: length > 128
1179 	 *        Wait for the first 4 bytes to be in FIFO
1180 	 *
1181 	 * For most uses, a small timeout should be sufficient and we will
1182 	 * usually see a response quickly; but there may be some unusual
1183 	 * (debug) cases of BMI_EXECUTE where we want an larger timeout.
1184 	 * For now, we use an unbounded busy loop while waiting for
1185 	 * BMI_EXECUTE.
1186 	 *
1187 	 * If BMI_EXECUTE ever needs to support longer-latency execution,
1188 	 * especially in production, this code needs to be enhanced to sleep
1189 	 * and yield.  Also note that BMI_COMMUNICATION_TIMEOUT is currently
1190 	 * a function of Host processor speed.
1191 	 */
1192 	ret = ath10k_sdio_bmi_get_rx_lookahead(ar);
1193 	if (ret)
1194 		return ret;
1195 
1196 	/* We always read from the start of the mbox address */
1197 	addr = ar_sdio->mbox_info.htc_addr;
1198 	ret = ath10k_sdio_read(ar, addr, ar_sdio->bmi_buf, *resp_len);
1199 	if (ret) {
1200 		ath10k_warn(ar,
1201 			    "unable to read the bmi data from the device: %d\n",
1202 			    ret);
1203 		return ret;
1204 	}
1205 
1206 	memcpy(resp, ar_sdio->bmi_buf, *resp_len);
1207 
1208 	return 0;
1209 }
1210 
1211 /* sdio async handling functions */
1212 
1213 static struct ath10k_sdio_bus_request
1214 *ath10k_sdio_alloc_busreq(struct ath10k *ar)
1215 {
1216 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1217 	struct ath10k_sdio_bus_request *bus_req;
1218 
1219 	spin_lock_bh(&ar_sdio->lock);
1220 
1221 	if (list_empty(&ar_sdio->bus_req_freeq)) {
1222 		bus_req = NULL;
1223 		goto out;
1224 	}
1225 
1226 	bus_req = list_first_entry(&ar_sdio->bus_req_freeq,
1227 				   struct ath10k_sdio_bus_request, list);
1228 	list_del(&bus_req->list);
1229 
1230 out:
1231 	spin_unlock_bh(&ar_sdio->lock);
1232 	return bus_req;
1233 }
1234 
1235 static void ath10k_sdio_free_bus_req(struct ath10k *ar,
1236 				     struct ath10k_sdio_bus_request *bus_req)
1237 {
1238 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1239 
1240 	memset(bus_req, 0, sizeof(*bus_req));
1241 
1242 	spin_lock_bh(&ar_sdio->lock);
1243 	list_add_tail(&bus_req->list, &ar_sdio->bus_req_freeq);
1244 	spin_unlock_bh(&ar_sdio->lock);
1245 }
1246 
1247 static void __ath10k_sdio_write_async(struct ath10k *ar,
1248 				      struct ath10k_sdio_bus_request *req)
1249 {
1250 	struct ath10k_htc_ep *ep;
1251 	struct sk_buff *skb;
1252 	int ret;
1253 
1254 	skb = req->skb;
1255 	ret = ath10k_sdio_write(ar, req->address, skb->data, skb->len);
1256 	if (ret)
1257 		ath10k_warn(ar, "failed to write skb to 0x%x asynchronously: %d",
1258 			    req->address, ret);
1259 
1260 	if (req->htc_msg) {
1261 		ep = &ar->htc.endpoint[req->eid];
1262 		ath10k_htc_notify_tx_completion(ep, skb);
1263 	} else if (req->comp) {
1264 		complete(req->comp);
1265 	}
1266 
1267 	ath10k_sdio_free_bus_req(ar, req);
1268 }
1269 
1270 static void ath10k_sdio_write_async_work(struct work_struct *work)
1271 {
1272 	struct ath10k_sdio *ar_sdio = container_of(work, struct ath10k_sdio,
1273 						   wr_async_work);
1274 	struct ath10k *ar = ar_sdio->ar;
1275 	struct ath10k_sdio_bus_request *req, *tmp_req;
1276 
1277 	spin_lock_bh(&ar_sdio->wr_async_lock);
1278 
1279 	list_for_each_entry_safe(req, tmp_req, &ar_sdio->wr_asyncq, list) {
1280 		list_del(&req->list);
1281 		spin_unlock_bh(&ar_sdio->wr_async_lock);
1282 		__ath10k_sdio_write_async(ar, req);
1283 		spin_lock_bh(&ar_sdio->wr_async_lock);
1284 	}
1285 
1286 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1287 }
1288 
1289 static int ath10k_sdio_prep_async_req(struct ath10k *ar, u32 addr,
1290 				      struct sk_buff *skb,
1291 				      struct completion *comp,
1292 				      bool htc_msg, enum ath10k_htc_ep_id eid)
1293 {
1294 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1295 	struct ath10k_sdio_bus_request *bus_req;
1296 
1297 	/* Allocate a bus request for the message and queue it on the
1298 	 * SDIO workqueue.
1299 	 */
1300 	bus_req = ath10k_sdio_alloc_busreq(ar);
1301 	if (!bus_req) {
1302 		ath10k_warn(ar,
1303 			    "unable to allocate bus request for async request\n");
1304 		return -ENOMEM;
1305 	}
1306 
1307 	bus_req->skb = skb;
1308 	bus_req->eid = eid;
1309 	bus_req->address = addr;
1310 	bus_req->htc_msg = htc_msg;
1311 	bus_req->comp = comp;
1312 
1313 	spin_lock_bh(&ar_sdio->wr_async_lock);
1314 	list_add_tail(&bus_req->list, &ar_sdio->wr_asyncq);
1315 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1316 
1317 	return 0;
1318 }
1319 
1320 /* IRQ handler */
1321 
1322 static void ath10k_sdio_irq_handler(struct sdio_func *func)
1323 {
1324 	struct ath10k_sdio *ar_sdio = sdio_get_drvdata(func);
1325 	struct ath10k *ar = ar_sdio->ar;
1326 	unsigned long timeout;
1327 	bool done = false;
1328 	int ret;
1329 
1330 	/* Release the host during interrupts so we can pick it back up when
1331 	 * we process commands.
1332 	 */
1333 	sdio_release_host(ar_sdio->func);
1334 
1335 	timeout = jiffies + ATH10K_SDIO_HIF_COMMUNICATION_TIMEOUT_HZ;
1336 	do {
1337 		ret = ath10k_sdio_mbox_proc_pending_irqs(ar, &done);
1338 		if (ret)
1339 			break;
1340 	} while (time_before(jiffies, timeout) && !done);
1341 
1342 	ath10k_mac_tx_push_pending(ar);
1343 
1344 	sdio_claim_host(ar_sdio->func);
1345 
1346 	if (ret && ret != -ECANCELED)
1347 		ath10k_warn(ar, "failed to process pending SDIO interrupts: %d\n",
1348 			    ret);
1349 }
1350 
1351 /* sdio HIF functions */
1352 
1353 static int ath10k_sdio_hif_disable_intrs(struct ath10k *ar)
1354 {
1355 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1356 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1357 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1358 	int ret;
1359 
1360 	mutex_lock(&irq_data->mtx);
1361 
1362 	memset(regs, 0, sizeof(*regs));
1363 	ret = ath10k_sdio_write(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1364 				&regs->int_status_en, sizeof(*regs));
1365 	if (ret)
1366 		ath10k_warn(ar, "unable to disable sdio interrupts: %d\n", ret);
1367 
1368 	mutex_unlock(&irq_data->mtx);
1369 
1370 	return ret;
1371 }
1372 
1373 static int ath10k_sdio_hif_power_up(struct ath10k *ar,
1374 				    enum ath10k_firmware_mode fw_mode)
1375 {
1376 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1377 	struct sdio_func *func = ar_sdio->func;
1378 	int ret;
1379 
1380 	if (!ar_sdio->is_disabled)
1381 		return 0;
1382 
1383 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio power on\n");
1384 
1385 	ret = ath10k_sdio_config(ar);
1386 	if (ret) {
1387 		ath10k_err(ar, "failed to config sdio: %d\n", ret);
1388 		return ret;
1389 	}
1390 
1391 	sdio_claim_host(func);
1392 
1393 	ret = sdio_enable_func(func);
1394 	if (ret) {
1395 		ath10k_warn(ar, "unable to enable sdio function: %d)\n", ret);
1396 		sdio_release_host(func);
1397 		return ret;
1398 	}
1399 
1400 	sdio_release_host(func);
1401 
1402 	/* Wait for hardware to initialise. It should take a lot less than
1403 	 * 20 ms but let's be conservative here.
1404 	 */
1405 	msleep(20);
1406 
1407 	ar_sdio->is_disabled = false;
1408 
1409 	ret = ath10k_sdio_hif_disable_intrs(ar);
1410 	if (ret)
1411 		return ret;
1412 
1413 	return 0;
1414 }
1415 
1416 static void ath10k_sdio_hif_power_down(struct ath10k *ar)
1417 {
1418 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1419 	int ret;
1420 
1421 	if (ar_sdio->is_disabled)
1422 		return;
1423 
1424 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "sdio power off\n");
1425 
1426 	/* Disable the card */
1427 	sdio_claim_host(ar_sdio->func);
1428 
1429 	ret = sdio_disable_func(ar_sdio->func);
1430 	if (ret) {
1431 		ath10k_warn(ar, "unable to disable sdio function: %d\n", ret);
1432 		sdio_release_host(ar_sdio->func);
1433 		return;
1434 	}
1435 
1436 	ret = mmc_hw_reset(ar_sdio->func->card->host);
1437 	if (ret)
1438 		ath10k_warn(ar, "unable to reset sdio: %d\n", ret);
1439 
1440 	sdio_release_host(ar_sdio->func);
1441 
1442 	ar_sdio->is_disabled = true;
1443 }
1444 
1445 static int ath10k_sdio_hif_tx_sg(struct ath10k *ar, u8 pipe_id,
1446 				 struct ath10k_hif_sg_item *items, int n_items)
1447 {
1448 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1449 	enum ath10k_htc_ep_id eid;
1450 	struct sk_buff *skb;
1451 	int ret, i;
1452 
1453 	eid = pipe_id_to_eid(pipe_id);
1454 
1455 	for (i = 0; i < n_items; i++) {
1456 		size_t padded_len;
1457 		u32 address;
1458 
1459 		skb = items[i].transfer_context;
1460 		padded_len = ath10k_sdio_calc_txrx_padded_len(ar_sdio,
1461 							      skb->len);
1462 		skb_trim(skb, padded_len);
1463 
1464 		/* Write TX data to the end of the mbox address space */
1465 		address = ar_sdio->mbox_addr[eid] + ar_sdio->mbox_size[eid] -
1466 			  skb->len;
1467 		ret = ath10k_sdio_prep_async_req(ar, address, skb,
1468 						 NULL, true, eid);
1469 		if (ret)
1470 			return ret;
1471 	}
1472 
1473 	queue_work(ar_sdio->workqueue, &ar_sdio->wr_async_work);
1474 
1475 	return 0;
1476 }
1477 
1478 static int ath10k_sdio_hif_enable_intrs(struct ath10k *ar)
1479 {
1480 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1481 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1482 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1483 	int ret;
1484 
1485 	mutex_lock(&irq_data->mtx);
1486 
1487 	/* Enable all but CPU interrupts */
1488 	regs->int_status_en = FIELD_PREP(MBOX_INT_STATUS_ENABLE_ERROR_MASK, 1) |
1489 			      FIELD_PREP(MBOX_INT_STATUS_ENABLE_CPU_MASK, 1) |
1490 			      FIELD_PREP(MBOX_INT_STATUS_ENABLE_COUNTER_MASK, 1);
1491 
1492 	/* NOTE: There are some cases where HIF can do detection of
1493 	 * pending mbox messages which is disabled now.
1494 	 */
1495 	regs->int_status_en |=
1496 		FIELD_PREP(MBOX_INT_STATUS_ENABLE_MBOX_DATA_MASK, 1);
1497 
1498 	/* Set up the CPU Interrupt status Register */
1499 	regs->cpu_int_status_en = 0;
1500 
1501 	/* Set up the Error Interrupt status Register */
1502 	regs->err_int_status_en =
1503 		FIELD_PREP(MBOX_ERROR_STATUS_ENABLE_RX_UNDERFLOW_MASK, 1) |
1504 		FIELD_PREP(MBOX_ERROR_STATUS_ENABLE_TX_OVERFLOW_MASK, 1);
1505 
1506 	/* Enable Counter interrupt status register to get fatal errors for
1507 	 * debugging.
1508 	 */
1509 	regs->cntr_int_status_en =
1510 		FIELD_PREP(MBOX_COUNTER_INT_STATUS_ENABLE_BIT_MASK,
1511 			   ATH10K_SDIO_TARGET_DEBUG_INTR_MASK);
1512 
1513 	ret = ath10k_sdio_write(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1514 				&regs->int_status_en, sizeof(*regs));
1515 	if (ret)
1516 		ath10k_warn(ar,
1517 			    "failed to update mbox interrupt status register : %d\n",
1518 			    ret);
1519 
1520 	mutex_unlock(&irq_data->mtx);
1521 	return ret;
1522 }
1523 
1524 static int ath10k_sdio_hif_set_mbox_sleep(struct ath10k *ar, bool enable_sleep)
1525 {
1526 	u32 val;
1527 	int ret;
1528 
1529 	ret = ath10k_sdio_read32(ar, ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL, &val);
1530 	if (ret) {
1531 		ath10k_warn(ar, "failed to read fifo/chip control register: %d\n",
1532 			    ret);
1533 		return ret;
1534 	}
1535 
1536 	if (enable_sleep)
1537 		val &= ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL_DISABLE_SLEEP_OFF;
1538 	else
1539 		val |= ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL_DISABLE_SLEEP_ON;
1540 
1541 	ret = ath10k_sdio_write32(ar, ATH10K_FIFO_TIMEOUT_AND_CHIP_CONTROL, val);
1542 	if (ret) {
1543 		ath10k_warn(ar, "failed to write to FIFO_TIMEOUT_AND_CHIP_CONTROL: %d",
1544 			    ret);
1545 		return ret;
1546 	}
1547 
1548 	return 0;
1549 }
1550 
1551 /* HIF diagnostics */
1552 
1553 static int ath10k_sdio_hif_diag_read(struct ath10k *ar, u32 address, void *buf,
1554 				     size_t buf_len)
1555 {
1556 	int ret;
1557 
1558 	/* set window register to start read cycle */
1559 	ret = ath10k_sdio_write32(ar, MBOX_WINDOW_READ_ADDR_ADDRESS, address);
1560 	if (ret) {
1561 		ath10k_warn(ar, "failed to set mbox window read address: %d", ret);
1562 		return ret;
1563 	}
1564 
1565 	/* read the data */
1566 	ret = ath10k_sdio_read(ar, MBOX_WINDOW_DATA_ADDRESS, buf, buf_len);
1567 	if (ret) {
1568 		ath10k_warn(ar, "failed to read from mbox window data address: %d\n",
1569 			    ret);
1570 		return ret;
1571 	}
1572 
1573 	return 0;
1574 }
1575 
1576 static int ath10k_sdio_hif_diag_read32(struct ath10k *ar, u32 address,
1577 				       u32 *value)
1578 {
1579 	__le32 *val;
1580 	int ret;
1581 
1582 	val = kzalloc(sizeof(*val), GFP_KERNEL);
1583 	if (!val)
1584 		return -ENOMEM;
1585 
1586 	ret = ath10k_sdio_hif_diag_read(ar, address, val, sizeof(*val));
1587 	if (ret)
1588 		goto out;
1589 
1590 	*value = __le32_to_cpu(*val);
1591 
1592 out:
1593 	kfree(val);
1594 
1595 	return ret;
1596 }
1597 
1598 static int ath10k_sdio_hif_diag_write_mem(struct ath10k *ar, u32 address,
1599 					  const void *data, int nbytes)
1600 {
1601 	int ret;
1602 
1603 	/* set write data */
1604 	ret = ath10k_sdio_write(ar, MBOX_WINDOW_DATA_ADDRESS, data, nbytes);
1605 	if (ret) {
1606 		ath10k_warn(ar,
1607 			    "failed to write 0x%p to mbox window data address: %d\n",
1608 			    data, ret);
1609 		return ret;
1610 	}
1611 
1612 	/* set window register, which starts the write cycle */
1613 	ret = ath10k_sdio_write32(ar, MBOX_WINDOW_WRITE_ADDR_ADDRESS, address);
1614 	if (ret) {
1615 		ath10k_warn(ar, "failed to set mbox window write address: %d", ret);
1616 		return ret;
1617 	}
1618 
1619 	return 0;
1620 }
1621 
1622 static int ath10k_sdio_hif_swap_mailbox(struct ath10k *ar)
1623 {
1624 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1625 	u32 addr, val;
1626 	int ret = 0;
1627 
1628 	addr = host_interest_item_address(HI_ITEM(hi_acs_flags));
1629 
1630 	ret = ath10k_sdio_hif_diag_read32(ar, addr, &val);
1631 	if (ret) {
1632 		ath10k_warn(ar, "unable to read hi_acs_flags : %d\n", ret);
1633 		return ret;
1634 	}
1635 
1636 	if (val & HI_ACS_FLAGS_SDIO_SWAP_MAILBOX_FW_ACK) {
1637 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1638 			   "sdio mailbox swap service enabled\n");
1639 		ar_sdio->swap_mbox = true;
1640 	}
1641 	return 0;
1642 }
1643 
1644 /* HIF start/stop */
1645 
1646 static int ath10k_sdio_hif_start(struct ath10k *ar)
1647 {
1648 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1649 	int ret;
1650 
1651 	/* Sleep 20 ms before HIF interrupts are disabled.
1652 	 * This will give target plenty of time to process the BMI done
1653 	 * request before interrupts are disabled.
1654 	 */
1655 	msleep(20);
1656 	ret = ath10k_sdio_hif_disable_intrs(ar);
1657 	if (ret)
1658 		return ret;
1659 
1660 	/* eid 0 always uses the lower part of the extended mailbox address
1661 	 * space (ext_info[0].htc_ext_addr).
1662 	 */
1663 	ar_sdio->mbox_addr[0] = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
1664 	ar_sdio->mbox_size[0] = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
1665 
1666 	sdio_claim_host(ar_sdio->func);
1667 
1668 	/* Register the isr */
1669 	ret =  sdio_claim_irq(ar_sdio->func, ath10k_sdio_irq_handler);
1670 	if (ret) {
1671 		ath10k_warn(ar, "failed to claim sdio interrupt: %d\n", ret);
1672 		sdio_release_host(ar_sdio->func);
1673 		return ret;
1674 	}
1675 
1676 	sdio_release_host(ar_sdio->func);
1677 
1678 	ret = ath10k_sdio_hif_enable_intrs(ar);
1679 	if (ret)
1680 		ath10k_warn(ar, "failed to enable sdio interrupts: %d\n", ret);
1681 
1682 	/* Enable sleep and then disable it again */
1683 	ret = ath10k_sdio_hif_set_mbox_sleep(ar, true);
1684 	if (ret)
1685 		return ret;
1686 
1687 	/* Wait for 20ms for the written value to take effect */
1688 	msleep(20);
1689 
1690 	ret = ath10k_sdio_hif_set_mbox_sleep(ar, false);
1691 	if (ret)
1692 		return ret;
1693 
1694 	return 0;
1695 }
1696 
1697 #define SDIO_IRQ_DISABLE_TIMEOUT_HZ (3 * HZ)
1698 
1699 static void ath10k_sdio_irq_disable(struct ath10k *ar)
1700 {
1701 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1702 	struct ath10k_sdio_irq_data *irq_data = &ar_sdio->irq_data;
1703 	struct ath10k_sdio_irq_enable_regs *regs = irq_data->irq_en_reg;
1704 	struct sk_buff *skb;
1705 	struct completion irqs_disabled_comp;
1706 	int ret;
1707 
1708 	skb = dev_alloc_skb(sizeof(*regs));
1709 	if (!skb)
1710 		return;
1711 
1712 	mutex_lock(&irq_data->mtx);
1713 
1714 	memset(regs, 0, sizeof(*regs)); /* disable all interrupts */
1715 	memcpy(skb->data, regs, sizeof(*regs));
1716 	skb_put(skb, sizeof(*regs));
1717 
1718 	mutex_unlock(&irq_data->mtx);
1719 
1720 	init_completion(&irqs_disabled_comp);
1721 	ret = ath10k_sdio_prep_async_req(ar, MBOX_INT_STATUS_ENABLE_ADDRESS,
1722 					 skb, &irqs_disabled_comp, false, 0);
1723 	if (ret)
1724 		goto out;
1725 
1726 	queue_work(ar_sdio->workqueue, &ar_sdio->wr_async_work);
1727 
1728 	/* Wait for the completion of the IRQ disable request.
1729 	 * If there is a timeout we will try to disable irq's anyway.
1730 	 */
1731 	ret = wait_for_completion_timeout(&irqs_disabled_comp,
1732 					  SDIO_IRQ_DISABLE_TIMEOUT_HZ);
1733 	if (!ret)
1734 		ath10k_warn(ar, "sdio irq disable request timed out\n");
1735 
1736 	sdio_claim_host(ar_sdio->func);
1737 
1738 	ret = sdio_release_irq(ar_sdio->func);
1739 	if (ret)
1740 		ath10k_warn(ar, "failed to release sdio interrupt: %d\n", ret);
1741 
1742 	sdio_release_host(ar_sdio->func);
1743 
1744 out:
1745 	kfree_skb(skb);
1746 }
1747 
1748 static void ath10k_sdio_hif_stop(struct ath10k *ar)
1749 {
1750 	struct ath10k_sdio_bus_request *req, *tmp_req;
1751 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1752 
1753 	ath10k_sdio_irq_disable(ar);
1754 
1755 	cancel_work_sync(&ar_sdio->wr_async_work);
1756 
1757 	spin_lock_bh(&ar_sdio->wr_async_lock);
1758 
1759 	/* Free all bus requests that have not been handled */
1760 	list_for_each_entry_safe(req, tmp_req, &ar_sdio->wr_asyncq, list) {
1761 		struct ath10k_htc_ep *ep;
1762 
1763 		list_del(&req->list);
1764 
1765 		if (req->htc_msg) {
1766 			ep = &ar->htc.endpoint[req->eid];
1767 			ath10k_htc_notify_tx_completion(ep, req->skb);
1768 		} else if (req->skb) {
1769 			kfree_skb(req->skb);
1770 		}
1771 		ath10k_sdio_free_bus_req(ar, req);
1772 	}
1773 
1774 	spin_unlock_bh(&ar_sdio->wr_async_lock);
1775 }
1776 
1777 #ifdef CONFIG_PM
1778 
1779 static int ath10k_sdio_hif_suspend(struct ath10k *ar)
1780 {
1781 	return -EOPNOTSUPP;
1782 }
1783 
1784 static int ath10k_sdio_hif_resume(struct ath10k *ar)
1785 {
1786 	switch (ar->state) {
1787 	case ATH10K_STATE_OFF:
1788 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1789 			   "sdio resume configuring sdio\n");
1790 
1791 		/* need to set sdio settings after power is cut from sdio */
1792 		ath10k_sdio_config(ar);
1793 		break;
1794 
1795 	case ATH10K_STATE_ON:
1796 	default:
1797 		break;
1798 	}
1799 
1800 	return 0;
1801 }
1802 #endif
1803 
1804 static int ath10k_sdio_hif_map_service_to_pipe(struct ath10k *ar,
1805 					       u16 service_id,
1806 					       u8 *ul_pipe, u8 *dl_pipe)
1807 {
1808 	struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar);
1809 	struct ath10k_htc *htc = &ar->htc;
1810 	u32 htt_addr, wmi_addr, htt_mbox_size, wmi_mbox_size;
1811 	enum ath10k_htc_ep_id eid;
1812 	bool ep_found = false;
1813 	int i;
1814 
1815 	/* For sdio, we are interested in the mapping between eid
1816 	 * and pipeid rather than service_id to pipe_id.
1817 	 * First we find out which eid has been allocated to the
1818 	 * service...
1819 	 */
1820 	for (i = 0; i < ATH10K_HTC_EP_COUNT; i++) {
1821 		if (htc->endpoint[i].service_id == service_id) {
1822 			eid = htc->endpoint[i].eid;
1823 			ep_found = true;
1824 			break;
1825 		}
1826 	}
1827 
1828 	if (!ep_found)
1829 		return -EINVAL;
1830 
1831 	/* Then we create the simplest mapping possible between pipeid
1832 	 * and eid
1833 	 */
1834 	*ul_pipe = *dl_pipe = (u8)eid;
1835 
1836 	/* Normally, HTT will use the upper part of the extended
1837 	 * mailbox address space (ext_info[1].htc_ext_addr) and WMI ctrl
1838 	 * the lower part (ext_info[0].htc_ext_addr).
1839 	 * If fw wants swapping of mailbox addresses, the opposite is true.
1840 	 */
1841 	if (ar_sdio->swap_mbox) {
1842 		htt_addr = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
1843 		wmi_addr = ar_sdio->mbox_info.ext_info[1].htc_ext_addr;
1844 		htt_mbox_size = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
1845 		wmi_mbox_size = ar_sdio->mbox_info.ext_info[1].htc_ext_sz;
1846 	} else {
1847 		htt_addr = ar_sdio->mbox_info.ext_info[1].htc_ext_addr;
1848 		wmi_addr = ar_sdio->mbox_info.ext_info[0].htc_ext_addr;
1849 		htt_mbox_size = ar_sdio->mbox_info.ext_info[1].htc_ext_sz;
1850 		wmi_mbox_size = ar_sdio->mbox_info.ext_info[0].htc_ext_sz;
1851 	}
1852 
1853 	switch (service_id) {
1854 	case ATH10K_HTC_SVC_ID_RSVD_CTRL:
1855 		/* HTC ctrl ep mbox address has already been setup in
1856 		 * ath10k_sdio_hif_start
1857 		 */
1858 		break;
1859 	case ATH10K_HTC_SVC_ID_WMI_CONTROL:
1860 		ar_sdio->mbox_addr[eid] = wmi_addr;
1861 		ar_sdio->mbox_size[eid] = wmi_mbox_size;
1862 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1863 			   "sdio wmi ctrl mbox_addr 0x%x mbox_size %d\n",
1864 			   ar_sdio->mbox_addr[eid], ar_sdio->mbox_size[eid]);
1865 		break;
1866 	case ATH10K_HTC_SVC_ID_HTT_DATA_MSG:
1867 		ar_sdio->mbox_addr[eid] = htt_addr;
1868 		ar_sdio->mbox_size[eid] = htt_mbox_size;
1869 		ath10k_dbg(ar, ATH10K_DBG_SDIO,
1870 			   "sdio htt data mbox_addr 0x%x mbox_size %d\n",
1871 			   ar_sdio->mbox_addr[eid], ar_sdio->mbox_size[eid]);
1872 		break;
1873 	default:
1874 		ath10k_warn(ar, "unsupported HTC service id: %d\n",
1875 			    service_id);
1876 		return -EINVAL;
1877 	}
1878 
1879 	return 0;
1880 }
1881 
1882 static void ath10k_sdio_hif_get_default_pipe(struct ath10k *ar,
1883 					     u8 *ul_pipe, u8 *dl_pipe)
1884 {
1885 	ath10k_dbg(ar, ATH10K_DBG_SDIO, "sdio hif get default pipe\n");
1886 
1887 	/* HTC ctrl ep (SVC id 1) always has eid (and pipe_id in our
1888 	 * case) == 0
1889 	 */
1890 	*ul_pipe = 0;
1891 	*dl_pipe = 0;
1892 }
1893 
1894 /* This op is currently only used by htc_wait_target if the HTC ready
1895  * message times out. It is not applicable for SDIO since there is nothing
1896  * we can do if the HTC ready message does not arrive in time.
1897  * TODO: Make this op non mandatory by introducing a NULL check in the
1898  * hif op wrapper.
1899  */
1900 static void ath10k_sdio_hif_send_complete_check(struct ath10k *ar,
1901 						u8 pipe, int force)
1902 {
1903 }
1904 
1905 static const struct ath10k_hif_ops ath10k_sdio_hif_ops = {
1906 	.tx_sg			= ath10k_sdio_hif_tx_sg,
1907 	.diag_read		= ath10k_sdio_hif_diag_read,
1908 	.diag_write		= ath10k_sdio_hif_diag_write_mem,
1909 	.exchange_bmi_msg	= ath10k_sdio_bmi_exchange_msg,
1910 	.start			= ath10k_sdio_hif_start,
1911 	.stop			= ath10k_sdio_hif_stop,
1912 	.swap_mailbox		= ath10k_sdio_hif_swap_mailbox,
1913 	.map_service_to_pipe	= ath10k_sdio_hif_map_service_to_pipe,
1914 	.get_default_pipe	= ath10k_sdio_hif_get_default_pipe,
1915 	.send_complete_check	= ath10k_sdio_hif_send_complete_check,
1916 	.power_up		= ath10k_sdio_hif_power_up,
1917 	.power_down		= ath10k_sdio_hif_power_down,
1918 #ifdef CONFIG_PM
1919 	.suspend		= ath10k_sdio_hif_suspend,
1920 	.resume			= ath10k_sdio_hif_resume,
1921 #endif
1922 };
1923 
1924 #ifdef CONFIG_PM_SLEEP
1925 
1926 /* Empty handlers so that mmc subsystem doesn't remove us entirely during
1927  * suspend. We instead follow cfg80211 suspend/resume handlers.
1928  */
1929 static int ath10k_sdio_pm_suspend(struct device *device)
1930 {
1931 	return 0;
1932 }
1933 
1934 static int ath10k_sdio_pm_resume(struct device *device)
1935 {
1936 	return 0;
1937 }
1938 
1939 static SIMPLE_DEV_PM_OPS(ath10k_sdio_pm_ops, ath10k_sdio_pm_suspend,
1940 			 ath10k_sdio_pm_resume);
1941 
1942 #define ATH10K_SDIO_PM_OPS (&ath10k_sdio_pm_ops)
1943 
1944 #else
1945 
1946 #define ATH10K_SDIO_PM_OPS NULL
1947 
1948 #endif /* CONFIG_PM_SLEEP */
1949 
1950 static int ath10k_sdio_probe(struct sdio_func *func,
1951 			     const struct sdio_device_id *id)
1952 {
1953 	struct ath10k_sdio *ar_sdio;
1954 	struct ath10k *ar;
1955 	enum ath10k_hw_rev hw_rev;
1956 	u32 dev_id_base;
1957 	struct ath10k_bus_params bus_params;
1958 	int ret, i;
1959 
1960 	/* Assumption: All SDIO based chipsets (so far) are QCA6174 based.
1961 	 * If there will be newer chipsets that does not use the hw reg
1962 	 * setup as defined in qca6174_regs and qca6174_values, this
1963 	 * assumption is no longer valid and hw_rev must be setup differently
1964 	 * depending on chipset.
1965 	 */
1966 	hw_rev = ATH10K_HW_QCA6174;
1967 
1968 	ar = ath10k_core_create(sizeof(*ar_sdio), &func->dev, ATH10K_BUS_SDIO,
1969 				hw_rev, &ath10k_sdio_hif_ops);
1970 	if (!ar) {
1971 		dev_err(&func->dev, "failed to allocate core\n");
1972 		return -ENOMEM;
1973 	}
1974 
1975 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
1976 		   "sdio new func %d vendor 0x%x device 0x%x block 0x%x/0x%x\n",
1977 		   func->num, func->vendor, func->device,
1978 		   func->max_blksize, func->cur_blksize);
1979 
1980 	ar_sdio = ath10k_sdio_priv(ar);
1981 
1982 	ar_sdio->irq_data.irq_proc_reg =
1983 		devm_kzalloc(ar->dev, sizeof(struct ath10k_sdio_irq_proc_regs),
1984 			     GFP_KERNEL);
1985 	if (!ar_sdio->irq_data.irq_proc_reg) {
1986 		ret = -ENOMEM;
1987 		goto err_core_destroy;
1988 	}
1989 
1990 	ar_sdio->irq_data.irq_en_reg =
1991 		devm_kzalloc(ar->dev, sizeof(struct ath10k_sdio_irq_enable_regs),
1992 			     GFP_KERNEL);
1993 	if (!ar_sdio->irq_data.irq_en_reg) {
1994 		ret = -ENOMEM;
1995 		goto err_core_destroy;
1996 	}
1997 
1998 	ar_sdio->bmi_buf = devm_kzalloc(ar->dev, BMI_MAX_CMDBUF_SIZE, GFP_KERNEL);
1999 	if (!ar_sdio->bmi_buf) {
2000 		ret = -ENOMEM;
2001 		goto err_core_destroy;
2002 	}
2003 
2004 	ar_sdio->func = func;
2005 	sdio_set_drvdata(func, ar_sdio);
2006 
2007 	ar_sdio->is_disabled = true;
2008 	ar_sdio->ar = ar;
2009 
2010 	spin_lock_init(&ar_sdio->lock);
2011 	spin_lock_init(&ar_sdio->wr_async_lock);
2012 	mutex_init(&ar_sdio->irq_data.mtx);
2013 
2014 	INIT_LIST_HEAD(&ar_sdio->bus_req_freeq);
2015 	INIT_LIST_HEAD(&ar_sdio->wr_asyncq);
2016 
2017 	INIT_WORK(&ar_sdio->wr_async_work, ath10k_sdio_write_async_work);
2018 	ar_sdio->workqueue = create_singlethread_workqueue("ath10k_sdio_wq");
2019 	if (!ar_sdio->workqueue) {
2020 		ret = -ENOMEM;
2021 		goto err_core_destroy;
2022 	}
2023 
2024 	for (i = 0; i < ATH10K_SDIO_BUS_REQUEST_MAX_NUM; i++)
2025 		ath10k_sdio_free_bus_req(ar, &ar_sdio->bus_req[i]);
2026 
2027 	dev_id_base = FIELD_GET(QCA_MANUFACTURER_ID_BASE, id->device);
2028 	switch (dev_id_base) {
2029 	case QCA_MANUFACTURER_ID_AR6005_BASE:
2030 	case QCA_MANUFACTURER_ID_QCA9377_BASE:
2031 		ar->dev_id = QCA9377_1_0_DEVICE_ID;
2032 		break;
2033 	default:
2034 		ret = -ENODEV;
2035 		ath10k_err(ar, "unsupported device id %u (0x%x)\n",
2036 			   dev_id_base, id->device);
2037 		goto err_free_wq;
2038 	}
2039 
2040 	ar->id.vendor = id->vendor;
2041 	ar->id.device = id->device;
2042 
2043 	ath10k_sdio_set_mbox_info(ar);
2044 
2045 	bus_params.dev_type = ATH10K_DEV_TYPE_HL;
2046 	/* TODO: don't know yet how to get chip_id with SDIO */
2047 	bus_params.chip_id = 0;
2048 	ret = ath10k_core_register(ar, &bus_params);
2049 	if (ret) {
2050 		ath10k_err(ar, "failed to register driver core: %d\n", ret);
2051 		goto err_free_wq;
2052 	}
2053 
2054 	/* TODO: remove this once SDIO support is fully implemented */
2055 	ath10k_warn(ar, "WARNING: ath10k SDIO support is incomplete, don't expect anything to work!\n");
2056 
2057 	return 0;
2058 
2059 err_free_wq:
2060 	destroy_workqueue(ar_sdio->workqueue);
2061 err_core_destroy:
2062 	ath10k_core_destroy(ar);
2063 
2064 	return ret;
2065 }
2066 
2067 static void ath10k_sdio_remove(struct sdio_func *func)
2068 {
2069 	struct ath10k_sdio *ar_sdio = sdio_get_drvdata(func);
2070 	struct ath10k *ar = ar_sdio->ar;
2071 
2072 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
2073 		   "sdio removed func %d vendor 0x%x device 0x%x\n",
2074 		   func->num, func->vendor, func->device);
2075 
2076 	ath10k_core_unregister(ar);
2077 	ath10k_core_destroy(ar);
2078 }
2079 
2080 static const struct sdio_device_id ath10k_sdio_devices[] = {
2081 	{SDIO_DEVICE(QCA_MANUFACTURER_CODE,
2082 		     (QCA_SDIO_ID_AR6005_BASE | 0xA))},
2083 	{SDIO_DEVICE(QCA_MANUFACTURER_CODE,
2084 		     (QCA_SDIO_ID_QCA9377_BASE | 0x1))},
2085 	{},
2086 };
2087 
2088 MODULE_DEVICE_TABLE(sdio, ath10k_sdio_devices);
2089 
2090 static struct sdio_driver ath10k_sdio_driver = {
2091 	.name = "ath10k_sdio",
2092 	.id_table = ath10k_sdio_devices,
2093 	.probe = ath10k_sdio_probe,
2094 	.remove = ath10k_sdio_remove,
2095 	.drv = {
2096 		.owner = THIS_MODULE,
2097 		.pm = ATH10K_SDIO_PM_OPS,
2098 	},
2099 };
2100 
2101 static int __init ath10k_sdio_init(void)
2102 {
2103 	int ret;
2104 
2105 	ret = sdio_register_driver(&ath10k_sdio_driver);
2106 	if (ret)
2107 		pr_err("sdio driver registration failed: %d\n", ret);
2108 
2109 	return ret;
2110 }
2111 
2112 static void __exit ath10k_sdio_exit(void)
2113 {
2114 	sdio_unregister_driver(&ath10k_sdio_driver);
2115 }
2116 
2117 module_init(ath10k_sdio_init);
2118 module_exit(ath10k_sdio_exit);
2119 
2120 MODULE_AUTHOR("Qualcomm Atheros");
2121 MODULE_DESCRIPTION("Driver support for Qualcomm Atheros 802.11ac WLAN SDIO devices");
2122 MODULE_LICENSE("Dual BSD/GPL");
2123