1 /*
2  * Copyright (c) 2007-2011 Atheros Communications Inc.
3  * Copyright (c) 2011-2012 Qualcomm Atheros, Inc.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include "core.h"
19 #include "hif.h"
20 #include "debug.h"
21 #include "hif-ops.h"
22 #include "trace.h"
23 
24 #include <asm/unaligned.h>
25 
26 #define CALC_TXRX_PADDED_LEN(dev, len)  (__ALIGN_MASK((len), (dev)->block_mask))
27 
28 static void ath6kl_htc_mbox_cleanup(struct htc_target *target);
29 static void ath6kl_htc_mbox_stop(struct htc_target *target);
30 static int ath6kl_htc_mbox_add_rxbuf_multiple(struct htc_target *target,
31 					      struct list_head *pkt_queue);
32 static void ath6kl_htc_set_credit_dist(struct htc_target *target,
33 				       struct ath6kl_htc_credit_info *cred_info,
34 				       u16 svc_pri_order[], int len);
35 
36 /* threshold to re-enable Tx bundling for an AC*/
37 #define TX_RESUME_BUNDLE_THRESHOLD	1500
38 
39 /* Functions for Tx credit handling */
40 static void ath6kl_credit_deposit(struct ath6kl_htc_credit_info *cred_info,
41 				  struct htc_endpoint_credit_dist *ep_dist,
42 				  int credits)
43 {
44 	ath6kl_dbg(ATH6KL_DBG_CREDIT, "credit deposit ep %d credits %d\n",
45 		   ep_dist->endpoint, credits);
46 
47 	ep_dist->credits += credits;
48 	ep_dist->cred_assngd += credits;
49 	cred_info->cur_free_credits -= credits;
50 }
51 
52 static void ath6kl_credit_init(struct ath6kl_htc_credit_info *cred_info,
53 			       struct list_head *ep_list,
54 			       int tot_credits)
55 {
56 	struct htc_endpoint_credit_dist *cur_ep_dist;
57 	int count;
58 
59 	ath6kl_dbg(ATH6KL_DBG_CREDIT, "credit init total %d\n", tot_credits);
60 
61 	cred_info->cur_free_credits = tot_credits;
62 	cred_info->total_avail_credits = tot_credits;
63 
64 	list_for_each_entry(cur_ep_dist, ep_list, list) {
65 		if (cur_ep_dist->endpoint == ENDPOINT_0)
66 			continue;
67 
68 		cur_ep_dist->cred_min = cur_ep_dist->cred_per_msg;
69 
70 		if (tot_credits > 4) {
71 			if ((cur_ep_dist->svc_id == WMI_DATA_BK_SVC) ||
72 			    (cur_ep_dist->svc_id == WMI_DATA_BE_SVC)) {
73 				ath6kl_credit_deposit(cred_info,
74 						      cur_ep_dist,
75 						      cur_ep_dist->cred_min);
76 				cur_ep_dist->dist_flags |= HTC_EP_ACTIVE;
77 			}
78 		}
79 
80 		if (cur_ep_dist->svc_id == WMI_CONTROL_SVC) {
81 			ath6kl_credit_deposit(cred_info, cur_ep_dist,
82 					      cur_ep_dist->cred_min);
83 			/*
84 			 * Control service is always marked active, it
85 			 * never goes inactive EVER.
86 			 */
87 			cur_ep_dist->dist_flags |= HTC_EP_ACTIVE;
88 		}
89 
90 		/*
91 		 * Streams have to be created (explicit | implicit) for all
92 		 * kinds of traffic. BE endpoints are also inactive in the
93 		 * beginning. When BE traffic starts it creates implicit
94 		 * streams that redistributes credits.
95 		 *
96 		 * Note: all other endpoints have minimums set but are
97 		 * initially given NO credits. credits will be distributed
98 		 * as traffic activity demands
99 		 */
100 	}
101 
102 	/*
103 	 * For ath6kl_credit_seek function,
104 	 * it use list_for_each_entry_reverse to walk around the whole ep list.
105 	 * Therefore assign this lowestpri_ep_dist after walk around the ep_list
106 	 */
107 	cred_info->lowestpri_ep_dist = cur_ep_dist->list;
108 
109 	WARN_ON(cred_info->cur_free_credits <= 0);
110 
111 	list_for_each_entry(cur_ep_dist, ep_list, list) {
112 		if (cur_ep_dist->endpoint == ENDPOINT_0)
113 			continue;
114 
115 		if (cur_ep_dist->svc_id == WMI_CONTROL_SVC) {
116 			cur_ep_dist->cred_norm = cur_ep_dist->cred_per_msg;
117 		} else {
118 			/*
119 			 * For the remaining data endpoints, we assume that
120 			 * each cred_per_msg are the same. We use a simple
121 			 * calculation here, we take the remaining credits
122 			 * and determine how many max messages this can
123 			 * cover and then set each endpoint's normal value
124 			 * equal to 3/4 this amount.
125 			 */
126 			count = (cred_info->cur_free_credits /
127 				 cur_ep_dist->cred_per_msg)
128 				* cur_ep_dist->cred_per_msg;
129 			count = (count * 3) >> 2;
130 			count = max(count, cur_ep_dist->cred_per_msg);
131 			cur_ep_dist->cred_norm = count;
132 		}
133 
134 		ath6kl_dbg(ATH6KL_DBG_CREDIT,
135 			   "credit ep %d svc_id %d credits %d per_msg %d norm %d min %d\n",
136 			   cur_ep_dist->endpoint,
137 			   cur_ep_dist->svc_id,
138 			   cur_ep_dist->credits,
139 			   cur_ep_dist->cred_per_msg,
140 			   cur_ep_dist->cred_norm,
141 			   cur_ep_dist->cred_min);
142 	}
143 }
144 
145 /* initialize and setup credit distribution */
146 static int ath6kl_htc_mbox_credit_setup(struct htc_target *htc_target,
147 			       struct ath6kl_htc_credit_info *cred_info)
148 {
149 	u16 servicepriority[5];
150 
151 	memset(cred_info, 0, sizeof(struct ath6kl_htc_credit_info));
152 
153 	servicepriority[0] = WMI_CONTROL_SVC;  /* highest */
154 	servicepriority[1] = WMI_DATA_VO_SVC;
155 	servicepriority[2] = WMI_DATA_VI_SVC;
156 	servicepriority[3] = WMI_DATA_BE_SVC;
157 	servicepriority[4] = WMI_DATA_BK_SVC; /* lowest */
158 
159 	/* set priority list */
160 	ath6kl_htc_set_credit_dist(htc_target, cred_info, servicepriority, 5);
161 
162 	return 0;
163 }
164 
165 /* reduce an ep's credits back to a set limit */
166 static void ath6kl_credit_reduce(struct ath6kl_htc_credit_info *cred_info,
167 				 struct htc_endpoint_credit_dist *ep_dist,
168 				 int limit)
169 {
170 	int credits;
171 
172 	ath6kl_dbg(ATH6KL_DBG_CREDIT, "credit reduce ep %d limit %d\n",
173 		   ep_dist->endpoint, limit);
174 
175 	ep_dist->cred_assngd = limit;
176 
177 	if (ep_dist->credits <= limit)
178 		return;
179 
180 	credits = ep_dist->credits - limit;
181 	ep_dist->credits -= credits;
182 	cred_info->cur_free_credits += credits;
183 }
184 
185 static void ath6kl_credit_update(struct ath6kl_htc_credit_info *cred_info,
186 				 struct list_head *epdist_list)
187 {
188 	struct htc_endpoint_credit_dist *cur_list;
189 
190 	list_for_each_entry(cur_list, epdist_list, list) {
191 		if (cur_list->endpoint == ENDPOINT_0)
192 			continue;
193 
194 		if (cur_list->cred_to_dist > 0) {
195 			cur_list->credits += cur_list->cred_to_dist;
196 			cur_list->cred_to_dist = 0;
197 
198 			if (cur_list->credits > cur_list->cred_assngd)
199 				ath6kl_credit_reduce(cred_info,
200 						     cur_list,
201 						     cur_list->cred_assngd);
202 
203 			if (cur_list->credits > cur_list->cred_norm)
204 				ath6kl_credit_reduce(cred_info, cur_list,
205 						     cur_list->cred_norm);
206 
207 			if (!(cur_list->dist_flags & HTC_EP_ACTIVE)) {
208 				if (cur_list->txq_depth == 0)
209 					ath6kl_credit_reduce(cred_info,
210 							     cur_list, 0);
211 			}
212 		}
213 	}
214 }
215 
216 /*
217  * HTC has an endpoint that needs credits, ep_dist is the endpoint in
218  * question.
219  */
220 static void ath6kl_credit_seek(struct ath6kl_htc_credit_info *cred_info,
221 				struct htc_endpoint_credit_dist *ep_dist)
222 {
223 	struct htc_endpoint_credit_dist *curdist_list;
224 	int credits = 0;
225 	int need;
226 
227 	if (ep_dist->svc_id == WMI_CONTROL_SVC)
228 		goto out;
229 
230 	if ((ep_dist->svc_id == WMI_DATA_VI_SVC) ||
231 	    (ep_dist->svc_id == WMI_DATA_VO_SVC))
232 		if ((ep_dist->cred_assngd >= ep_dist->cred_norm))
233 			goto out;
234 
235 	/*
236 	 * For all other services, we follow a simple algorithm of:
237 	 *
238 	 * 1. checking the free pool for credits
239 	 * 2. checking lower priority endpoints for credits to take
240 	 */
241 
242 	credits = min(cred_info->cur_free_credits, ep_dist->seek_cred);
243 
244 	if (credits >= ep_dist->seek_cred)
245 		goto out;
246 
247 	/*
248 	 * We don't have enough in the free pool, try taking away from
249 	 * lower priority services The rule for taking away credits:
250 	 *
251 	 *   1. Only take from lower priority endpoints
252 	 *   2. Only take what is allocated above the minimum (never
253 	 *      starve an endpoint completely)
254 	 *   3. Only take what you need.
255 	 */
256 
257 	list_for_each_entry_reverse(curdist_list,
258 				    &cred_info->lowestpri_ep_dist,
259 				    list) {
260 		if (curdist_list == ep_dist)
261 			break;
262 
263 		need = ep_dist->seek_cred - cred_info->cur_free_credits;
264 
265 		if ((curdist_list->cred_assngd - need) >=
266 		     curdist_list->cred_min) {
267 			/*
268 			 * The current one has been allocated more than
269 			 * it's minimum and it has enough credits assigned
270 			 * above it's minimum to fulfill our need try to
271 			 * take away just enough to fulfill our need.
272 			 */
273 			ath6kl_credit_reduce(cred_info, curdist_list,
274 					     curdist_list->cred_assngd - need);
275 
276 			if (cred_info->cur_free_credits >=
277 			    ep_dist->seek_cred)
278 				break;
279 		}
280 
281 		if (curdist_list->endpoint == ENDPOINT_0)
282 			break;
283 	}
284 
285 	credits = min(cred_info->cur_free_credits, ep_dist->seek_cred);
286 
287 out:
288 	/* did we find some credits? */
289 	if (credits)
290 		ath6kl_credit_deposit(cred_info, ep_dist, credits);
291 
292 	ep_dist->seek_cred = 0;
293 }
294 
295 /* redistribute credits based on activity change */
296 static void ath6kl_credit_redistribute(struct ath6kl_htc_credit_info *info,
297 				       struct list_head *ep_dist_list)
298 {
299 	struct htc_endpoint_credit_dist *curdist_list;
300 
301 	list_for_each_entry(curdist_list, ep_dist_list, list) {
302 		if (curdist_list->endpoint == ENDPOINT_0)
303 			continue;
304 
305 		if ((curdist_list->svc_id == WMI_DATA_BK_SVC)  ||
306 		    (curdist_list->svc_id == WMI_DATA_BE_SVC))
307 			curdist_list->dist_flags |= HTC_EP_ACTIVE;
308 
309 		if ((curdist_list->svc_id != WMI_CONTROL_SVC) &&
310 		    !(curdist_list->dist_flags & HTC_EP_ACTIVE)) {
311 			if (curdist_list->txq_depth == 0)
312 				ath6kl_credit_reduce(info, curdist_list, 0);
313 			else
314 				ath6kl_credit_reduce(info,
315 						     curdist_list,
316 						     curdist_list->cred_min);
317 		}
318 	}
319 }
320 
321 /*
322  *
323  * This function is invoked whenever endpoints require credit
324  * distributions. A lock is held while this function is invoked, this
325  * function shall NOT block. The ep_dist_list is a list of distribution
326  * structures in prioritized order as defined by the call to the
327  * htc_set_credit_dist() api.
328  */
329 static void ath6kl_credit_distribute(struct ath6kl_htc_credit_info *cred_info,
330 				     struct list_head *ep_dist_list,
331 			      enum htc_credit_dist_reason reason)
332 {
333 	switch (reason) {
334 	case HTC_CREDIT_DIST_SEND_COMPLETE:
335 		ath6kl_credit_update(cred_info, ep_dist_list);
336 		break;
337 	case HTC_CREDIT_DIST_ACTIVITY_CHANGE:
338 		ath6kl_credit_redistribute(cred_info, ep_dist_list);
339 		break;
340 	default:
341 		break;
342 	}
343 
344 	WARN_ON(cred_info->cur_free_credits > cred_info->total_avail_credits);
345 	WARN_ON(cred_info->cur_free_credits < 0);
346 }
347 
348 static void ath6kl_htc_tx_buf_align(u8 **buf, unsigned long len)
349 {
350 	u8 *align_addr;
351 
352 	if (!IS_ALIGNED((unsigned long) *buf, 4)) {
353 		align_addr = PTR_ALIGN(*buf - 4, 4);
354 		memmove(align_addr, *buf, len);
355 		*buf = align_addr;
356 	}
357 }
358 
359 static void ath6kl_htc_tx_prep_pkt(struct htc_packet *packet, u8 flags,
360 				   int ctrl0, int ctrl1)
361 {
362 	struct htc_frame_hdr *hdr;
363 
364 	packet->buf -= HTC_HDR_LENGTH;
365 	hdr =  (struct htc_frame_hdr *)packet->buf;
366 
367 	/* Endianess? */
368 	put_unaligned((u16)packet->act_len, &hdr->payld_len);
369 	hdr->flags = flags;
370 	hdr->eid = packet->endpoint;
371 	hdr->ctrl[0] = ctrl0;
372 	hdr->ctrl[1] = ctrl1;
373 }
374 
375 static void htc_reclaim_txctrl_buf(struct htc_target *target,
376 				   struct htc_packet *pkt)
377 {
378 	spin_lock_bh(&target->htc_lock);
379 	list_add_tail(&pkt->list, &target->free_ctrl_txbuf);
380 	spin_unlock_bh(&target->htc_lock);
381 }
382 
383 static struct htc_packet *htc_get_control_buf(struct htc_target *target,
384 					      bool tx)
385 {
386 	struct htc_packet *packet = NULL;
387 	struct list_head *buf_list;
388 
389 	buf_list = tx ? &target->free_ctrl_txbuf : &target->free_ctrl_rxbuf;
390 
391 	spin_lock_bh(&target->htc_lock);
392 
393 	if (list_empty(buf_list)) {
394 		spin_unlock_bh(&target->htc_lock);
395 		return NULL;
396 	}
397 
398 	packet = list_first_entry(buf_list, struct htc_packet, list);
399 	list_del(&packet->list);
400 	spin_unlock_bh(&target->htc_lock);
401 
402 	if (tx)
403 		packet->buf = packet->buf_start + HTC_HDR_LENGTH;
404 
405 	return packet;
406 }
407 
408 static void htc_tx_comp_update(struct htc_target *target,
409 			       struct htc_endpoint *endpoint,
410 			       struct htc_packet *packet)
411 {
412 	packet->completion = NULL;
413 	packet->buf += HTC_HDR_LENGTH;
414 
415 	if (!packet->status)
416 		return;
417 
418 	ath6kl_err("req failed (status:%d, ep:%d, len:%d creds:%d)\n",
419 		   packet->status, packet->endpoint, packet->act_len,
420 		   packet->info.tx.cred_used);
421 
422 	/* on failure to submit, reclaim credits for this packet */
423 	spin_lock_bh(&target->tx_lock);
424 	endpoint->cred_dist.cred_to_dist +=
425 				packet->info.tx.cred_used;
426 	endpoint->cred_dist.txq_depth = get_queue_depth(&endpoint->txq);
427 
428 	ath6kl_dbg(ATH6KL_DBG_HTC, "htc tx ctxt 0x%p dist 0x%p\n",
429 		   target->credit_info, &target->cred_dist_list);
430 
431 	ath6kl_credit_distribute(target->credit_info,
432 				 &target->cred_dist_list,
433 				 HTC_CREDIT_DIST_SEND_COMPLETE);
434 
435 	spin_unlock_bh(&target->tx_lock);
436 }
437 
438 static void htc_tx_complete(struct htc_endpoint *endpoint,
439 			    struct list_head *txq)
440 {
441 	if (list_empty(txq))
442 		return;
443 
444 	ath6kl_dbg(ATH6KL_DBG_HTC,
445 		   "htc tx complete ep %d pkts %d\n",
446 		   endpoint->eid, get_queue_depth(txq));
447 
448 	ath6kl_tx_complete(endpoint->target, txq);
449 }
450 
451 static void htc_tx_comp_handler(struct htc_target *target,
452 				struct htc_packet *packet)
453 {
454 	struct htc_endpoint *endpoint = &target->endpoint[packet->endpoint];
455 	struct list_head container;
456 
457 	ath6kl_dbg(ATH6KL_DBG_HTC, "htc tx complete seqno %d\n",
458 		   packet->info.tx.seqno);
459 
460 	htc_tx_comp_update(target, endpoint, packet);
461 	INIT_LIST_HEAD(&container);
462 	list_add_tail(&packet->list, &container);
463 	/* do completion */
464 	htc_tx_complete(endpoint, &container);
465 }
466 
467 static void htc_async_tx_scat_complete(struct htc_target *target,
468 				       struct hif_scatter_req *scat_req)
469 {
470 	struct htc_endpoint *endpoint;
471 	struct htc_packet *packet;
472 	struct list_head tx_compq;
473 	int i;
474 
475 	INIT_LIST_HEAD(&tx_compq);
476 
477 	ath6kl_dbg(ATH6KL_DBG_HTC,
478 		   "htc tx scat complete len %d entries %d\n",
479 		   scat_req->len, scat_req->scat_entries);
480 
481 	if (scat_req->status)
482 		ath6kl_err("send scatter req failed: %d\n", scat_req->status);
483 
484 	packet = scat_req->scat_list[0].packet;
485 	endpoint = &target->endpoint[packet->endpoint];
486 
487 	/* walk through the scatter list and process */
488 	for (i = 0; i < scat_req->scat_entries; i++) {
489 		packet = scat_req->scat_list[i].packet;
490 		if (!packet) {
491 			WARN_ON(1);
492 			return;
493 		}
494 
495 		packet->status = scat_req->status;
496 		htc_tx_comp_update(target, endpoint, packet);
497 		list_add_tail(&packet->list, &tx_compq);
498 	}
499 
500 	/* free scatter request */
501 	hif_scatter_req_add(target->dev->ar, scat_req);
502 
503 	/* complete all packets */
504 	htc_tx_complete(endpoint, &tx_compq);
505 }
506 
507 static int ath6kl_htc_tx_issue(struct htc_target *target,
508 			       struct htc_packet *packet)
509 {
510 	int status;
511 	bool sync = false;
512 	u32 padded_len, send_len;
513 
514 	if (!packet->completion)
515 		sync = true;
516 
517 	send_len = packet->act_len + HTC_HDR_LENGTH;
518 
519 	padded_len = CALC_TXRX_PADDED_LEN(target, send_len);
520 
521 	ath6kl_dbg(ATH6KL_DBG_HTC,
522 		   "htc tx issue len %d seqno %d padded_len %d mbox 0x%X %s\n",
523 		   send_len, packet->info.tx.seqno, padded_len,
524 		   target->dev->ar->mbox_info.htc_addr,
525 		   sync ? "sync" : "async");
526 
527 	if (sync) {
528 		status = hif_read_write_sync(target->dev->ar,
529 				target->dev->ar->mbox_info.htc_addr,
530 				 packet->buf, padded_len,
531 				 HIF_WR_SYNC_BLOCK_INC);
532 
533 		packet->status = status;
534 		packet->buf += HTC_HDR_LENGTH;
535 	} else
536 		status = hif_write_async(target->dev->ar,
537 				target->dev->ar->mbox_info.htc_addr,
538 				packet->buf, padded_len,
539 				HIF_WR_ASYNC_BLOCK_INC, packet);
540 
541 	trace_ath6kl_htc_tx(status, packet->endpoint, packet->buf, send_len);
542 
543 	return status;
544 }
545 
546 static int htc_check_credits(struct htc_target *target,
547 			     struct htc_endpoint *ep, u8 *flags,
548 			     enum htc_endpoint_id eid, unsigned int len,
549 			     int *req_cred)
550 {
551 	*req_cred = (len > target->tgt_cred_sz) ?
552 		     DIV_ROUND_UP(len, target->tgt_cred_sz) : 1;
553 
554 	ath6kl_dbg(ATH6KL_DBG_CREDIT, "credit check need %d got %d\n",
555 		   *req_cred, ep->cred_dist.credits);
556 
557 	if (ep->cred_dist.credits < *req_cred) {
558 		if (eid == ENDPOINT_0)
559 			return -EINVAL;
560 
561 		/* Seek more credits */
562 		ep->cred_dist.seek_cred = *req_cred - ep->cred_dist.credits;
563 
564 		ath6kl_credit_seek(target->credit_info, &ep->cred_dist);
565 
566 		ep->cred_dist.seek_cred = 0;
567 
568 		if (ep->cred_dist.credits < *req_cred) {
569 			ath6kl_dbg(ATH6KL_DBG_CREDIT,
570 				   "credit not found for ep %d\n",
571 				   eid);
572 			return -EINVAL;
573 		}
574 	}
575 
576 	ep->cred_dist.credits -= *req_cred;
577 	ep->ep_st.cred_cosumd += *req_cred;
578 
579 	 /* When we are getting low on credits, ask for more */
580 	if (ep->cred_dist.credits < ep->cred_dist.cred_per_msg) {
581 		ep->cred_dist.seek_cred =
582 		ep->cred_dist.cred_per_msg - ep->cred_dist.credits;
583 
584 		ath6kl_credit_seek(target->credit_info, &ep->cred_dist);
585 
586 		/* see if we were successful in getting more */
587 		if (ep->cred_dist.credits < ep->cred_dist.cred_per_msg) {
588 			/* tell the target we need credits ASAP! */
589 			*flags |= HTC_FLAGS_NEED_CREDIT_UPDATE;
590 			ep->ep_st.cred_low_indicate += 1;
591 			ath6kl_dbg(ATH6KL_DBG_CREDIT,
592 				   "credit we need credits asap\n");
593 		}
594 	}
595 
596 	return 0;
597 }
598 
599 static void ath6kl_htc_tx_pkts_get(struct htc_target *target,
600 				   struct htc_endpoint *endpoint,
601 				   struct list_head *queue)
602 {
603 	int req_cred;
604 	u8 flags;
605 	struct htc_packet *packet;
606 	unsigned int len;
607 
608 	while (true) {
609 		flags = 0;
610 
611 		if (list_empty(&endpoint->txq))
612 			break;
613 		packet = list_first_entry(&endpoint->txq, struct htc_packet,
614 					  list);
615 
616 		ath6kl_dbg(ATH6KL_DBG_HTC,
617 			   "htc tx got packet 0x%p queue depth %d\n",
618 			   packet, get_queue_depth(&endpoint->txq));
619 
620 		len = CALC_TXRX_PADDED_LEN(target,
621 					   packet->act_len + HTC_HDR_LENGTH);
622 
623 		if (htc_check_credits(target, endpoint, &flags,
624 				      packet->endpoint, len, &req_cred))
625 			break;
626 
627 		/* now we can fully move onto caller's queue */
628 		packet = list_first_entry(&endpoint->txq, struct htc_packet,
629 					  list);
630 		list_move_tail(&packet->list, queue);
631 
632 		/* save the number of credits this packet consumed */
633 		packet->info.tx.cred_used = req_cred;
634 
635 		/* all TX packets are handled asynchronously */
636 		packet->completion = htc_tx_comp_handler;
637 		packet->context = target;
638 		endpoint->ep_st.tx_issued += 1;
639 
640 		/* save send flags */
641 		packet->info.tx.flags = flags;
642 		packet->info.tx.seqno = endpoint->seqno;
643 		endpoint->seqno++;
644 	}
645 }
646 
647 /* See if the padded tx length falls on a credit boundary */
648 static int htc_get_credit_padding(unsigned int cred_sz, int *len,
649 				  struct htc_endpoint *ep)
650 {
651 	int rem_cred, cred_pad;
652 
653 	rem_cred = *len % cred_sz;
654 
655 	/* No padding needed */
656 	if  (!rem_cred)
657 		return 0;
658 
659 	if (!(ep->conn_flags & HTC_FLGS_TX_BNDL_PAD_EN))
660 		return -1;
661 
662 	/*
663 	 * The transfer consumes a "partial" credit, this
664 	 * packet cannot be bundled unless we add
665 	 * additional "dummy" padding (max 255 bytes) to
666 	 * consume the entire credit.
667 	 */
668 	cred_pad = *len < cred_sz ? (cred_sz - *len) : rem_cred;
669 
670 	if ((cred_pad > 0) && (cred_pad <= 255))
671 		*len += cred_pad;
672 	else
673 		/* The amount of padding is too large, send as non-bundled */
674 		return -1;
675 
676 	return cred_pad;
677 }
678 
679 static int ath6kl_htc_tx_setup_scat_list(struct htc_target *target,
680 					 struct htc_endpoint *endpoint,
681 					 struct hif_scatter_req *scat_req,
682 					 int n_scat,
683 					 struct list_head *queue)
684 {
685 	struct htc_packet *packet;
686 	int i, len, rem_scat, cred_pad;
687 	int status = 0;
688 	u8 flags;
689 
690 	rem_scat = target->max_tx_bndl_sz;
691 
692 	for (i = 0; i < n_scat; i++) {
693 		scat_req->scat_list[i].packet = NULL;
694 
695 		if (list_empty(queue))
696 			break;
697 
698 		packet = list_first_entry(queue, struct htc_packet, list);
699 		len = CALC_TXRX_PADDED_LEN(target,
700 					   packet->act_len + HTC_HDR_LENGTH);
701 
702 		cred_pad = htc_get_credit_padding(target->tgt_cred_sz,
703 						  &len, endpoint);
704 		if (cred_pad < 0 || rem_scat < len) {
705 			status = -ENOSPC;
706 			break;
707 		}
708 
709 		rem_scat -= len;
710 		/* now remove it from the queue */
711 		list_del(&packet->list);
712 
713 		scat_req->scat_list[i].packet = packet;
714 		/* prepare packet and flag message as part of a send bundle */
715 		flags = packet->info.tx.flags | HTC_FLAGS_SEND_BUNDLE;
716 		ath6kl_htc_tx_prep_pkt(packet, flags,
717 				       cred_pad, packet->info.tx.seqno);
718 		/* Make sure the buffer is 4-byte aligned */
719 		ath6kl_htc_tx_buf_align(&packet->buf,
720 					packet->act_len + HTC_HDR_LENGTH);
721 		scat_req->scat_list[i].buf = packet->buf;
722 		scat_req->scat_list[i].len = len;
723 
724 		scat_req->len += len;
725 		scat_req->scat_entries++;
726 		ath6kl_dbg(ATH6KL_DBG_HTC,
727 			   "htc tx adding (%d) pkt 0x%p seqno %d len %d remaining %d\n",
728 			   i, packet, packet->info.tx.seqno, len, rem_scat);
729 	}
730 
731 	/* Roll back scatter setup in case of any failure */
732 	if (scat_req->scat_entries < HTC_MIN_HTC_MSGS_TO_BUNDLE) {
733 		for (i = scat_req->scat_entries - 1; i >= 0; i--) {
734 			packet = scat_req->scat_list[i].packet;
735 			if (packet) {
736 				packet->buf += HTC_HDR_LENGTH;
737 				list_add(&packet->list, queue);
738 			}
739 		}
740 		return -EAGAIN;
741 	}
742 
743 	return status;
744 }
745 
746 /*
747  * Drain a queue and send as bundles this function may return without fully
748  * draining the queue when
749  *
750  *    1. scatter resources are exhausted
751  *    2. a message that will consume a partial credit will stop the
752  *    bundling process early
753  *    3. we drop below the minimum number of messages for a bundle
754  */
755 static void ath6kl_htc_tx_bundle(struct htc_endpoint *endpoint,
756 				 struct list_head *queue,
757 				 int *sent_bundle, int *n_bundle_pkts)
758 {
759 	struct htc_target *target = endpoint->target;
760 	struct hif_scatter_req *scat_req = NULL;
761 	int n_scat, n_sent_bundle = 0, tot_pkts_bundle = 0, i;
762 	struct htc_packet *packet;
763 	int status;
764 	u32 txb_mask;
765 	u8 ac = WMM_NUM_AC;
766 
767 	if ((HTC_CTRL_RSVD_SVC != endpoint->svc_id) &&
768 	    (WMI_CONTROL_SVC != endpoint->svc_id))
769 		ac = target->dev->ar->ep2ac_map[endpoint->eid];
770 
771 	while (true) {
772 		status = 0;
773 		n_scat = get_queue_depth(queue);
774 		n_scat = min(n_scat, target->msg_per_bndl_max);
775 
776 		if (n_scat < HTC_MIN_HTC_MSGS_TO_BUNDLE)
777 			/* not enough to bundle */
778 			break;
779 
780 		scat_req = hif_scatter_req_get(target->dev->ar);
781 
782 		if (!scat_req) {
783 			/* no scatter resources  */
784 			ath6kl_dbg(ATH6KL_DBG_HTC,
785 				   "htc tx no more scatter resources\n");
786 			break;
787 		}
788 
789 		if ((ac < WMM_NUM_AC) && (ac != WMM_AC_BK)) {
790 			if (WMM_AC_BE == ac)
791 				/*
792 				 * BE, BK have priorities and bit
793 				 * positions reversed
794 				 */
795 				txb_mask = (1 << WMM_AC_BK);
796 			else
797 				/*
798 				 * any AC with priority lower than
799 				 * itself
800 				 */
801 				txb_mask = ((1 << ac) - 1);
802 
803 			/*
804 			 * when the scatter request resources drop below a
805 			 * certain threshold, disable Tx bundling for all
806 			 * AC's with priority lower than the current requesting
807 			 * AC. Otherwise re-enable Tx bundling for them
808 			 */
809 			if (scat_req->scat_q_depth < ATH6KL_SCATTER_REQS)
810 				target->tx_bndl_mask &= ~txb_mask;
811 			else
812 				target->tx_bndl_mask |= txb_mask;
813 		}
814 
815 		ath6kl_dbg(ATH6KL_DBG_HTC, "htc tx pkts to scatter: %d\n",
816 			   n_scat);
817 
818 		scat_req->len = 0;
819 		scat_req->scat_entries = 0;
820 
821 		status = ath6kl_htc_tx_setup_scat_list(target, endpoint,
822 						       scat_req, n_scat,
823 						       queue);
824 		if (status == -EAGAIN) {
825 			hif_scatter_req_add(target->dev->ar, scat_req);
826 			break;
827 		}
828 
829 		/* send path is always asynchronous */
830 		scat_req->complete = htc_async_tx_scat_complete;
831 		n_sent_bundle++;
832 		tot_pkts_bundle += scat_req->scat_entries;
833 
834 		ath6kl_dbg(ATH6KL_DBG_HTC,
835 			   "htc tx scatter bytes %d entries %d\n",
836 			   scat_req->len, scat_req->scat_entries);
837 
838 		for (i = 0; i < scat_req->scat_entries; i++) {
839 			packet = scat_req->scat_list[i].packet;
840 			trace_ath6kl_htc_tx(packet->status, packet->endpoint,
841 					    packet->buf, packet->act_len);
842 		}
843 
844 		ath6kl_hif_submit_scat_req(target->dev, scat_req, false);
845 
846 		if (status)
847 			break;
848 	}
849 
850 	*sent_bundle = n_sent_bundle;
851 	*n_bundle_pkts = tot_pkts_bundle;
852 	ath6kl_dbg(ATH6KL_DBG_HTC, "htc tx bundle sent %d pkts\n",
853 		   n_sent_bundle);
854 
855 	return;
856 }
857 
858 static void ath6kl_htc_tx_from_queue(struct htc_target *target,
859 				     struct htc_endpoint *endpoint)
860 {
861 	struct list_head txq;
862 	struct htc_packet *packet;
863 	int bundle_sent;
864 	int n_pkts_bundle;
865 	u8 ac = WMM_NUM_AC;
866 	int status;
867 
868 	spin_lock_bh(&target->tx_lock);
869 
870 	endpoint->tx_proc_cnt++;
871 	if (endpoint->tx_proc_cnt > 1) {
872 		endpoint->tx_proc_cnt--;
873 		spin_unlock_bh(&target->tx_lock);
874 		ath6kl_dbg(ATH6KL_DBG_HTC, "htc tx busy\n");
875 		return;
876 	}
877 
878 	/*
879 	 * drain the endpoint TX queue for transmission as long
880 	 * as we have enough credits.
881 	 */
882 	INIT_LIST_HEAD(&txq);
883 
884 	if ((HTC_CTRL_RSVD_SVC != endpoint->svc_id) &&
885 	    (WMI_CONTROL_SVC != endpoint->svc_id))
886 		ac = target->dev->ar->ep2ac_map[endpoint->eid];
887 
888 	while (true) {
889 		if (list_empty(&endpoint->txq))
890 			break;
891 
892 		ath6kl_htc_tx_pkts_get(target, endpoint, &txq);
893 
894 		if (list_empty(&txq))
895 			break;
896 
897 		spin_unlock_bh(&target->tx_lock);
898 
899 		bundle_sent = 0;
900 		n_pkts_bundle = 0;
901 
902 		while (true) {
903 			/* try to send a bundle on each pass */
904 			if ((target->tx_bndl_mask) &&
905 			    (get_queue_depth(&txq) >=
906 			    HTC_MIN_HTC_MSGS_TO_BUNDLE)) {
907 				int temp1 = 0, temp2 = 0;
908 
909 				/* check if bundling is enabled for an AC */
910 				if (target->tx_bndl_mask & (1 << ac)) {
911 					ath6kl_htc_tx_bundle(endpoint, &txq,
912 							     &temp1, &temp2);
913 					bundle_sent += temp1;
914 					n_pkts_bundle += temp2;
915 				}
916 			}
917 
918 			if (list_empty(&txq))
919 				break;
920 
921 			packet = list_first_entry(&txq, struct htc_packet,
922 						  list);
923 			list_del(&packet->list);
924 
925 			ath6kl_htc_tx_prep_pkt(packet, packet->info.tx.flags,
926 					       0, packet->info.tx.seqno);
927 			status = ath6kl_htc_tx_issue(target, packet);
928 
929 			if (status) {
930 				packet->status = status;
931 				packet->completion(packet->context, packet);
932 			}
933 		}
934 
935 		spin_lock_bh(&target->tx_lock);
936 
937 		endpoint->ep_st.tx_bundles += bundle_sent;
938 		endpoint->ep_st.tx_pkt_bundled += n_pkts_bundle;
939 
940 		/*
941 		 * if an AC has bundling disabled and no tx bundling
942 		 * has occured continously for a certain number of TX,
943 		 * enable tx bundling for this AC
944 		 */
945 		if (!bundle_sent) {
946 			if (!(target->tx_bndl_mask & (1 << ac)) &&
947 			    (ac < WMM_NUM_AC)) {
948 				if (++target->ac_tx_count[ac] >=
949 					TX_RESUME_BUNDLE_THRESHOLD) {
950 					target->ac_tx_count[ac] = 0;
951 					target->tx_bndl_mask |= (1 << ac);
952 				}
953 			}
954 		} else {
955 			/* tx bundling will reset the counter */
956 			if (ac < WMM_NUM_AC)
957 				target->ac_tx_count[ac] = 0;
958 		}
959 	}
960 
961 	endpoint->tx_proc_cnt = 0;
962 	spin_unlock_bh(&target->tx_lock);
963 }
964 
965 static bool ath6kl_htc_tx_try(struct htc_target *target,
966 			      struct htc_endpoint *endpoint,
967 			      struct htc_packet *tx_pkt)
968 {
969 	struct htc_ep_callbacks ep_cb;
970 	int txq_depth;
971 	bool overflow = false;
972 
973 	ep_cb = endpoint->ep_cb;
974 
975 	spin_lock_bh(&target->tx_lock);
976 	txq_depth = get_queue_depth(&endpoint->txq);
977 	spin_unlock_bh(&target->tx_lock);
978 
979 	if (txq_depth >= endpoint->max_txq_depth)
980 		overflow = true;
981 
982 	if (overflow)
983 		ath6kl_dbg(ATH6KL_DBG_HTC,
984 			   "htc tx overflow ep %d depth %d max %d\n",
985 			   endpoint->eid, txq_depth,
986 			   endpoint->max_txq_depth);
987 
988 	if (overflow && ep_cb.tx_full) {
989 		if (ep_cb.tx_full(endpoint->target, tx_pkt) ==
990 		    HTC_SEND_FULL_DROP) {
991 			endpoint->ep_st.tx_dropped += 1;
992 			return false;
993 		}
994 	}
995 
996 	spin_lock_bh(&target->tx_lock);
997 	list_add_tail(&tx_pkt->list, &endpoint->txq);
998 	spin_unlock_bh(&target->tx_lock);
999 
1000 	ath6kl_htc_tx_from_queue(target, endpoint);
1001 
1002 	return true;
1003 }
1004 
1005 static void htc_chk_ep_txq(struct htc_target *target)
1006 {
1007 	struct htc_endpoint *endpoint;
1008 	struct htc_endpoint_credit_dist *cred_dist;
1009 
1010 	/*
1011 	 * Run through the credit distribution list to see if there are
1012 	 * packets queued. NOTE: no locks need to be taken since the
1013 	 * distribution list is not dynamic (cannot be re-ordered) and we
1014 	 * are not modifying any state.
1015 	 */
1016 	list_for_each_entry(cred_dist, &target->cred_dist_list, list) {
1017 		endpoint = cred_dist->htc_ep;
1018 
1019 		spin_lock_bh(&target->tx_lock);
1020 		if (!list_empty(&endpoint->txq)) {
1021 			ath6kl_dbg(ATH6KL_DBG_HTC,
1022 				   "htc creds ep %d credits %d pkts %d\n",
1023 				   cred_dist->endpoint,
1024 				   endpoint->cred_dist.credits,
1025 				   get_queue_depth(&endpoint->txq));
1026 			spin_unlock_bh(&target->tx_lock);
1027 			/*
1028 			 * Try to start the stalled queue, this list is
1029 			 * ordered by priority. If there are credits
1030 			 * available the highest priority queue will get a
1031 			 * chance to reclaim credits from lower priority
1032 			 * ones.
1033 			 */
1034 			ath6kl_htc_tx_from_queue(target, endpoint);
1035 			spin_lock_bh(&target->tx_lock);
1036 		}
1037 		spin_unlock_bh(&target->tx_lock);
1038 	}
1039 }
1040 
1041 static int htc_setup_tx_complete(struct htc_target *target)
1042 {
1043 	struct htc_packet *send_pkt = NULL;
1044 	int status;
1045 
1046 	send_pkt = htc_get_control_buf(target, true);
1047 
1048 	if (!send_pkt)
1049 		return -ENOMEM;
1050 
1051 	if (target->htc_tgt_ver >= HTC_VERSION_2P1) {
1052 		struct htc_setup_comp_ext_msg *setup_comp_ext;
1053 		u32 flags = 0;
1054 
1055 		setup_comp_ext =
1056 		    (struct htc_setup_comp_ext_msg *)send_pkt->buf;
1057 		memset(setup_comp_ext, 0, sizeof(*setup_comp_ext));
1058 		setup_comp_ext->msg_id =
1059 			cpu_to_le16(HTC_MSG_SETUP_COMPLETE_EX_ID);
1060 
1061 		if (target->msg_per_bndl_max > 0) {
1062 			/* Indicate HTC bundling to the target */
1063 			flags |= HTC_SETUP_COMP_FLG_RX_BNDL_EN;
1064 			setup_comp_ext->msg_per_rxbndl =
1065 						target->msg_per_bndl_max;
1066 		}
1067 
1068 		memcpy(&setup_comp_ext->flags, &flags,
1069 		       sizeof(setup_comp_ext->flags));
1070 		set_htc_pkt_info(send_pkt, NULL, (u8 *) setup_comp_ext,
1071 				 sizeof(struct htc_setup_comp_ext_msg),
1072 				 ENDPOINT_0, HTC_SERVICE_TX_PACKET_TAG);
1073 
1074 	} else {
1075 		struct htc_setup_comp_msg *setup_comp;
1076 		setup_comp = (struct htc_setup_comp_msg *)send_pkt->buf;
1077 		memset(setup_comp, 0, sizeof(struct htc_setup_comp_msg));
1078 		setup_comp->msg_id = cpu_to_le16(HTC_MSG_SETUP_COMPLETE_ID);
1079 		set_htc_pkt_info(send_pkt, NULL, (u8 *) setup_comp,
1080 				 sizeof(struct htc_setup_comp_msg),
1081 				 ENDPOINT_0, HTC_SERVICE_TX_PACKET_TAG);
1082 	}
1083 
1084 	/* we want synchronous operation */
1085 	send_pkt->completion = NULL;
1086 	ath6kl_htc_tx_prep_pkt(send_pkt, 0, 0, 0);
1087 	status = ath6kl_htc_tx_issue(target, send_pkt);
1088 
1089 	if (send_pkt != NULL)
1090 		htc_reclaim_txctrl_buf(target, send_pkt);
1091 
1092 	return status;
1093 }
1094 
1095 static void ath6kl_htc_set_credit_dist(struct htc_target *target,
1096 				struct ath6kl_htc_credit_info *credit_info,
1097 				u16 srvc_pri_order[], int list_len)
1098 {
1099 	struct htc_endpoint *endpoint;
1100 	int i, ep;
1101 
1102 	target->credit_info = credit_info;
1103 
1104 	list_add_tail(&target->endpoint[ENDPOINT_0].cred_dist.list,
1105 		      &target->cred_dist_list);
1106 
1107 	for (i = 0; i < list_len; i++) {
1108 		for (ep = ENDPOINT_1; ep < ENDPOINT_MAX; ep++) {
1109 			endpoint = &target->endpoint[ep];
1110 			if (endpoint->svc_id == srvc_pri_order[i]) {
1111 				list_add_tail(&endpoint->cred_dist.list,
1112 					      &target->cred_dist_list);
1113 				break;
1114 			}
1115 		}
1116 		if (ep >= ENDPOINT_MAX) {
1117 			WARN_ON(1);
1118 			return;
1119 		}
1120 	}
1121 }
1122 
1123 static int ath6kl_htc_mbox_tx(struct htc_target *target,
1124 			      struct htc_packet *packet)
1125 {
1126 	struct htc_endpoint *endpoint;
1127 	struct list_head queue;
1128 
1129 	ath6kl_dbg(ATH6KL_DBG_HTC,
1130 		   "htc tx ep id %d buf 0x%p len %d\n",
1131 		   packet->endpoint, packet->buf, packet->act_len);
1132 
1133 	if (packet->endpoint >= ENDPOINT_MAX) {
1134 		WARN_ON(1);
1135 		return -EINVAL;
1136 	}
1137 
1138 	endpoint = &target->endpoint[packet->endpoint];
1139 
1140 	if (!ath6kl_htc_tx_try(target, endpoint, packet)) {
1141 		packet->status = (target->htc_flags & HTC_OP_STATE_STOPPING) ?
1142 				 -ECANCELED : -ENOSPC;
1143 		INIT_LIST_HEAD(&queue);
1144 		list_add(&packet->list, &queue);
1145 		htc_tx_complete(endpoint, &queue);
1146 	}
1147 
1148 	return 0;
1149 }
1150 
1151 /* flush endpoint TX queue */
1152 static void ath6kl_htc_mbox_flush_txep(struct htc_target *target,
1153 			   enum htc_endpoint_id eid, u16 tag)
1154 {
1155 	struct htc_packet *packet, *tmp_pkt;
1156 	struct list_head discard_q, container;
1157 	struct htc_endpoint *endpoint = &target->endpoint[eid];
1158 
1159 	if (!endpoint->svc_id) {
1160 		WARN_ON(1);
1161 		return;
1162 	}
1163 
1164 	/* initialize the discard queue */
1165 	INIT_LIST_HEAD(&discard_q);
1166 
1167 	spin_lock_bh(&target->tx_lock);
1168 
1169 	list_for_each_entry_safe(packet, tmp_pkt, &endpoint->txq, list) {
1170 		if ((tag == HTC_TX_PACKET_TAG_ALL) ||
1171 		    (tag == packet->info.tx.tag))
1172 			list_move_tail(&packet->list, &discard_q);
1173 	}
1174 
1175 	spin_unlock_bh(&target->tx_lock);
1176 
1177 	list_for_each_entry_safe(packet, tmp_pkt, &discard_q, list) {
1178 		packet->status = -ECANCELED;
1179 		list_del(&packet->list);
1180 		ath6kl_dbg(ATH6KL_DBG_HTC,
1181 			   "htc tx flushing pkt 0x%p len %d  ep %d tag 0x%x\n",
1182 			   packet, packet->act_len,
1183 			   packet->endpoint, packet->info.tx.tag);
1184 
1185 		INIT_LIST_HEAD(&container);
1186 		list_add_tail(&packet->list, &container);
1187 		htc_tx_complete(endpoint, &container);
1188 	}
1189 }
1190 
1191 static void ath6kl_htc_flush_txep_all(struct htc_target *target)
1192 {
1193 	struct htc_endpoint *endpoint;
1194 	int i;
1195 
1196 	dump_cred_dist_stats(target);
1197 
1198 	for (i = ENDPOINT_0; i < ENDPOINT_MAX; i++) {
1199 		endpoint = &target->endpoint[i];
1200 		if (endpoint->svc_id == 0)
1201 			/* not in use.. */
1202 			continue;
1203 		ath6kl_htc_mbox_flush_txep(target, i, HTC_TX_PACKET_TAG_ALL);
1204 	}
1205 }
1206 
1207 static void ath6kl_htc_mbox_activity_changed(struct htc_target *target,
1208 					     enum htc_endpoint_id eid,
1209 					     bool active)
1210 {
1211 	struct htc_endpoint *endpoint = &target->endpoint[eid];
1212 	bool dist = false;
1213 
1214 	if (endpoint->svc_id == 0) {
1215 		WARN_ON(1);
1216 		return;
1217 	}
1218 
1219 	spin_lock_bh(&target->tx_lock);
1220 
1221 	if (active) {
1222 		if (!(endpoint->cred_dist.dist_flags & HTC_EP_ACTIVE)) {
1223 			endpoint->cred_dist.dist_flags |= HTC_EP_ACTIVE;
1224 			dist = true;
1225 		}
1226 	} else {
1227 		if (endpoint->cred_dist.dist_flags & HTC_EP_ACTIVE) {
1228 			endpoint->cred_dist.dist_flags &= ~HTC_EP_ACTIVE;
1229 			dist = true;
1230 		}
1231 	}
1232 
1233 	if (dist) {
1234 		endpoint->cred_dist.txq_depth =
1235 			get_queue_depth(&endpoint->txq);
1236 
1237 		ath6kl_dbg(ATH6KL_DBG_HTC,
1238 			   "htc tx activity ctxt 0x%p dist 0x%p\n",
1239 			   target->credit_info, &target->cred_dist_list);
1240 
1241 		ath6kl_credit_distribute(target->credit_info,
1242 					 &target->cred_dist_list,
1243 					 HTC_CREDIT_DIST_ACTIVITY_CHANGE);
1244 	}
1245 
1246 	spin_unlock_bh(&target->tx_lock);
1247 
1248 	if (dist && !active)
1249 		htc_chk_ep_txq(target);
1250 }
1251 
1252 /* HTC Rx */
1253 
1254 static inline void ath6kl_htc_rx_update_stats(struct htc_endpoint *endpoint,
1255 					      int n_look_ahds)
1256 {
1257 	endpoint->ep_st.rx_pkts++;
1258 	if (n_look_ahds == 1)
1259 		endpoint->ep_st.rx_lkahds++;
1260 	else if (n_look_ahds > 1)
1261 		endpoint->ep_st.rx_bundle_lkahd++;
1262 }
1263 
1264 static inline bool htc_valid_rx_frame_len(struct htc_target *target,
1265 					  enum htc_endpoint_id eid, int len)
1266 {
1267 	return (eid == target->dev->ar->ctrl_ep) ?
1268 		len <= ATH6KL_BUFFER_SIZE : len <= ATH6KL_AMSDU_BUFFER_SIZE;
1269 }
1270 
1271 static int htc_add_rxbuf(struct htc_target *target, struct htc_packet *packet)
1272 {
1273 	struct list_head queue;
1274 
1275 	INIT_LIST_HEAD(&queue);
1276 	list_add_tail(&packet->list, &queue);
1277 	return ath6kl_htc_mbox_add_rxbuf_multiple(target, &queue);
1278 }
1279 
1280 static void htc_reclaim_rxbuf(struct htc_target *target,
1281 			      struct htc_packet *packet,
1282 			      struct htc_endpoint *ep)
1283 {
1284 	if (packet->info.rx.rx_flags & HTC_RX_PKT_NO_RECYCLE) {
1285 		htc_rxpkt_reset(packet);
1286 		packet->status = -ECANCELED;
1287 		ep->ep_cb.rx(ep->target, packet);
1288 	} else {
1289 		htc_rxpkt_reset(packet);
1290 		htc_add_rxbuf((void *)(target), packet);
1291 	}
1292 }
1293 
1294 static void reclaim_rx_ctrl_buf(struct htc_target *target,
1295 				struct htc_packet *packet)
1296 {
1297 	spin_lock_bh(&target->htc_lock);
1298 	list_add_tail(&packet->list, &target->free_ctrl_rxbuf);
1299 	spin_unlock_bh(&target->htc_lock);
1300 }
1301 
1302 static int ath6kl_htc_rx_packet(struct htc_target *target,
1303 				struct htc_packet *packet,
1304 				u32 rx_len)
1305 {
1306 	struct ath6kl_device *dev = target->dev;
1307 	u32 padded_len;
1308 	int status;
1309 
1310 	padded_len = CALC_TXRX_PADDED_LEN(target, rx_len);
1311 
1312 	if (padded_len > packet->buf_len) {
1313 		ath6kl_err("not enough receive space for packet - padlen %d recvlen %d bufferlen %d\n",
1314 			   padded_len, rx_len, packet->buf_len);
1315 		return -ENOMEM;
1316 	}
1317 
1318 	ath6kl_dbg(ATH6KL_DBG_HTC,
1319 		   "htc rx 0x%p hdr 0x%x len %d mbox 0x%x\n",
1320 		   packet, packet->info.rx.exp_hdr,
1321 		   padded_len, dev->ar->mbox_info.htc_addr);
1322 
1323 	status = hif_read_write_sync(dev->ar,
1324 				     dev->ar->mbox_info.htc_addr,
1325 				     packet->buf, padded_len,
1326 				     HIF_RD_SYNC_BLOCK_FIX);
1327 
1328 	packet->status = status;
1329 
1330 	return status;
1331 }
1332 
1333 /*
1334  * optimization for recv packets, we can indicate a
1335  * "hint" that there are more  single-packets to fetch
1336  * on this endpoint.
1337  */
1338 static void ath6kl_htc_rx_set_indicate(u32 lk_ahd,
1339 				       struct htc_endpoint *endpoint,
1340 				       struct htc_packet *packet)
1341 {
1342 	struct htc_frame_hdr *htc_hdr = (struct htc_frame_hdr *)&lk_ahd;
1343 
1344 	if (htc_hdr->eid == packet->endpoint) {
1345 		if (!list_empty(&endpoint->rx_bufq))
1346 			packet->info.rx.indicat_flags |=
1347 					HTC_RX_FLAGS_INDICATE_MORE_PKTS;
1348 	}
1349 }
1350 
1351 static void ath6kl_htc_rx_chk_water_mark(struct htc_endpoint *endpoint)
1352 {
1353 	struct htc_ep_callbacks ep_cb = endpoint->ep_cb;
1354 
1355 	if (ep_cb.rx_refill_thresh > 0) {
1356 		spin_lock_bh(&endpoint->target->rx_lock);
1357 		if (get_queue_depth(&endpoint->rx_bufq)
1358 		    < ep_cb.rx_refill_thresh) {
1359 			spin_unlock_bh(&endpoint->target->rx_lock);
1360 			ep_cb.rx_refill(endpoint->target, endpoint->eid);
1361 			return;
1362 		}
1363 		spin_unlock_bh(&endpoint->target->rx_lock);
1364 	}
1365 }
1366 
1367 /* This function is called with rx_lock held */
1368 static int ath6kl_htc_rx_setup(struct htc_target *target,
1369 			       struct htc_endpoint *ep,
1370 			       u32 *lk_ahds, struct list_head *queue, int n_msg)
1371 {
1372 	struct htc_packet *packet;
1373 	/* FIXME: type of lk_ahds can't be right */
1374 	struct htc_frame_hdr *htc_hdr = (struct htc_frame_hdr *)lk_ahds;
1375 	struct htc_ep_callbacks ep_cb;
1376 	int status = 0, j, full_len;
1377 	bool no_recycle;
1378 
1379 	full_len = CALC_TXRX_PADDED_LEN(target,
1380 					le16_to_cpu(htc_hdr->payld_len) +
1381 					sizeof(*htc_hdr));
1382 
1383 	if (!htc_valid_rx_frame_len(target, ep->eid, full_len)) {
1384 		ath6kl_warn("Rx buffer requested with invalid length htc_hdr:eid %d, flags 0x%x, len %d\n",
1385 			    htc_hdr->eid, htc_hdr->flags,
1386 			    le16_to_cpu(htc_hdr->payld_len));
1387 		return -EINVAL;
1388 	}
1389 
1390 	ep_cb = ep->ep_cb;
1391 	for (j = 0; j < n_msg; j++) {
1392 		/*
1393 		 * Reset flag, any packets allocated using the
1394 		 * rx_alloc() API cannot be recycled on
1395 		 * cleanup,they must be explicitly returned.
1396 		 */
1397 		no_recycle = false;
1398 
1399 		if (ep_cb.rx_allocthresh &&
1400 		    (full_len > ep_cb.rx_alloc_thresh)) {
1401 			ep->ep_st.rx_alloc_thresh_hit += 1;
1402 			ep->ep_st.rxalloc_thresh_byte +=
1403 				le16_to_cpu(htc_hdr->payld_len);
1404 
1405 			spin_unlock_bh(&target->rx_lock);
1406 			no_recycle = true;
1407 
1408 			packet = ep_cb.rx_allocthresh(ep->target, ep->eid,
1409 						      full_len);
1410 			spin_lock_bh(&target->rx_lock);
1411 		} else {
1412 			/* refill handler is being used */
1413 			if (list_empty(&ep->rx_bufq)) {
1414 				if (ep_cb.rx_refill) {
1415 					spin_unlock_bh(&target->rx_lock);
1416 					ep_cb.rx_refill(ep->target, ep->eid);
1417 					spin_lock_bh(&target->rx_lock);
1418 				}
1419 			}
1420 
1421 			if (list_empty(&ep->rx_bufq)) {
1422 				packet = NULL;
1423 			} else {
1424 				packet = list_first_entry(&ep->rx_bufq,
1425 						struct htc_packet, list);
1426 				list_del(&packet->list);
1427 			}
1428 		}
1429 
1430 		if (!packet) {
1431 			target->rx_st_flags |= HTC_RECV_WAIT_BUFFERS;
1432 			target->ep_waiting = ep->eid;
1433 			return -ENOSPC;
1434 		}
1435 
1436 		/* clear flags */
1437 		packet->info.rx.rx_flags = 0;
1438 		packet->info.rx.indicat_flags = 0;
1439 		packet->status = 0;
1440 
1441 		if (no_recycle)
1442 			/*
1443 			 * flag that these packets cannot be
1444 			 * recycled, they have to be returned to
1445 			 * the user
1446 			 */
1447 			packet->info.rx.rx_flags |= HTC_RX_PKT_NO_RECYCLE;
1448 
1449 		/* Caller needs to free this upon any failure */
1450 		list_add_tail(&packet->list, queue);
1451 
1452 		if (target->htc_flags & HTC_OP_STATE_STOPPING) {
1453 			status = -ECANCELED;
1454 			break;
1455 		}
1456 
1457 		if (j) {
1458 			packet->info.rx.rx_flags |= HTC_RX_PKT_REFRESH_HDR;
1459 			packet->info.rx.exp_hdr = 0xFFFFFFFF;
1460 		} else
1461 			/* set expected look ahead */
1462 			packet->info.rx.exp_hdr = *lk_ahds;
1463 
1464 		packet->act_len = le16_to_cpu(htc_hdr->payld_len) +
1465 			HTC_HDR_LENGTH;
1466 	}
1467 
1468 	return status;
1469 }
1470 
1471 static int ath6kl_htc_rx_alloc(struct htc_target *target,
1472 			       u32 lk_ahds[], int msg,
1473 			       struct htc_endpoint *endpoint,
1474 			       struct list_head *queue)
1475 {
1476 	int status = 0;
1477 	struct htc_packet *packet, *tmp_pkt;
1478 	struct htc_frame_hdr *htc_hdr;
1479 	int i, n_msg;
1480 
1481 	spin_lock_bh(&target->rx_lock);
1482 
1483 	for (i = 0; i < msg; i++) {
1484 		htc_hdr = (struct htc_frame_hdr *)&lk_ahds[i];
1485 
1486 		if (htc_hdr->eid >= ENDPOINT_MAX) {
1487 			ath6kl_err("invalid ep in look-ahead: %d\n",
1488 				   htc_hdr->eid);
1489 			status = -ENOMEM;
1490 			break;
1491 		}
1492 
1493 		if (htc_hdr->eid != endpoint->eid) {
1494 			ath6kl_err("invalid ep in look-ahead: %d should be : %d (index:%d)\n",
1495 				   htc_hdr->eid, endpoint->eid, i);
1496 			status = -ENOMEM;
1497 			break;
1498 		}
1499 
1500 		if (le16_to_cpu(htc_hdr->payld_len) > HTC_MAX_PAYLOAD_LENGTH) {
1501 			ath6kl_err("payload len %d exceeds max htc : %d !\n",
1502 				   htc_hdr->payld_len,
1503 				   (u32) HTC_MAX_PAYLOAD_LENGTH);
1504 			status = -ENOMEM;
1505 			break;
1506 		}
1507 
1508 		if (endpoint->svc_id == 0) {
1509 			ath6kl_err("ep %d is not connected !\n", htc_hdr->eid);
1510 			status = -ENOMEM;
1511 			break;
1512 		}
1513 
1514 		if (htc_hdr->flags & HTC_FLG_RX_BNDL_CNT) {
1515 			/*
1516 			 * HTC header indicates that every packet to follow
1517 			 * has the same padded length so that it can be
1518 			 * optimally fetched as a full bundle.
1519 			 */
1520 			n_msg = (htc_hdr->flags & HTC_FLG_RX_BNDL_CNT) >>
1521 				HTC_FLG_RX_BNDL_CNT_S;
1522 
1523 			/* the count doesn't include the starter frame */
1524 			n_msg++;
1525 			if (n_msg > target->msg_per_bndl_max) {
1526 				status = -ENOMEM;
1527 				break;
1528 			}
1529 
1530 			endpoint->ep_st.rx_bundle_from_hdr += 1;
1531 			ath6kl_dbg(ATH6KL_DBG_HTC,
1532 				   "htc rx bundle pkts %d\n",
1533 				   n_msg);
1534 		} else
1535 			/* HTC header only indicates 1 message to fetch */
1536 			n_msg = 1;
1537 
1538 		/* Setup packet buffers for each message */
1539 		status = ath6kl_htc_rx_setup(target, endpoint, &lk_ahds[i],
1540 					     queue, n_msg);
1541 
1542 		/*
1543 		 * This is due to unavailabilty of buffers to rx entire data.
1544 		 * Return no error so that free buffers from queue can be used
1545 		 * to receive partial data.
1546 		 */
1547 		if (status == -ENOSPC) {
1548 			spin_unlock_bh(&target->rx_lock);
1549 			return 0;
1550 		}
1551 
1552 		if (status)
1553 			break;
1554 	}
1555 
1556 	spin_unlock_bh(&target->rx_lock);
1557 
1558 	if (status) {
1559 		list_for_each_entry_safe(packet, tmp_pkt, queue, list) {
1560 			list_del(&packet->list);
1561 			htc_reclaim_rxbuf(target, packet,
1562 					  &target->endpoint[packet->endpoint]);
1563 		}
1564 	}
1565 
1566 	return status;
1567 }
1568 
1569 static void htc_ctrl_rx(struct htc_target *context, struct htc_packet *packets)
1570 {
1571 	if (packets->endpoint != ENDPOINT_0) {
1572 		WARN_ON(1);
1573 		return;
1574 	}
1575 
1576 	if (packets->status == -ECANCELED) {
1577 		reclaim_rx_ctrl_buf(context, packets);
1578 		return;
1579 	}
1580 
1581 	if (packets->act_len > 0) {
1582 		ath6kl_err("htc_ctrl_rx, got message with len:%zu\n",
1583 			   packets->act_len + HTC_HDR_LENGTH);
1584 
1585 		ath6kl_dbg_dump(ATH6KL_DBG_HTC,
1586 				"htc rx unexpected endpoint 0 message", "",
1587 				packets->buf - HTC_HDR_LENGTH,
1588 				packets->act_len + HTC_HDR_LENGTH);
1589 	}
1590 
1591 	htc_reclaim_rxbuf(context, packets, &context->endpoint[0]);
1592 }
1593 
1594 static void htc_proc_cred_rpt(struct htc_target *target,
1595 			      struct htc_credit_report *rpt,
1596 			      int n_entries,
1597 			      enum htc_endpoint_id from_ep)
1598 {
1599 	struct htc_endpoint *endpoint;
1600 	int tot_credits = 0, i;
1601 	bool dist = false;
1602 
1603 	spin_lock_bh(&target->tx_lock);
1604 
1605 	for (i = 0; i < n_entries; i++, rpt++) {
1606 		if (rpt->eid >= ENDPOINT_MAX) {
1607 			WARN_ON(1);
1608 			spin_unlock_bh(&target->tx_lock);
1609 			return;
1610 		}
1611 
1612 		endpoint = &target->endpoint[rpt->eid];
1613 
1614 		ath6kl_dbg(ATH6KL_DBG_CREDIT,
1615 			   "credit report ep %d credits %d\n",
1616 			   rpt->eid, rpt->credits);
1617 
1618 		endpoint->ep_st.tx_cred_rpt += 1;
1619 		endpoint->ep_st.cred_retnd += rpt->credits;
1620 
1621 		if (from_ep == rpt->eid) {
1622 			/*
1623 			 * This credit report arrived on the same endpoint
1624 			 * indicating it arrived in an RX packet.
1625 			 */
1626 			endpoint->ep_st.cred_from_rx += rpt->credits;
1627 			endpoint->ep_st.cred_rpt_from_rx += 1;
1628 		} else if (from_ep == ENDPOINT_0) {
1629 			/* credit arrived on endpoint 0 as a NULL message */
1630 			endpoint->ep_st.cred_from_ep0 += rpt->credits;
1631 			endpoint->ep_st.cred_rpt_ep0 += 1;
1632 		} else {
1633 			endpoint->ep_st.cred_from_other += rpt->credits;
1634 			endpoint->ep_st.cred_rpt_from_other += 1;
1635 		}
1636 
1637 		if (rpt->eid == ENDPOINT_0)
1638 			/* always give endpoint 0 credits back */
1639 			endpoint->cred_dist.credits += rpt->credits;
1640 		else {
1641 			endpoint->cred_dist.cred_to_dist += rpt->credits;
1642 			dist = true;
1643 		}
1644 
1645 		/*
1646 		 * Refresh tx depth for distribution function that will
1647 		 * recover these credits NOTE: this is only valid when
1648 		 * there are credits to recover!
1649 		 */
1650 		endpoint->cred_dist.txq_depth =
1651 			get_queue_depth(&endpoint->txq);
1652 
1653 		tot_credits += rpt->credits;
1654 	}
1655 
1656 	if (dist) {
1657 		/*
1658 		 * This was a credit return based on a completed send
1659 		 * operations note, this is done with the lock held
1660 		 */
1661 		ath6kl_credit_distribute(target->credit_info,
1662 					 &target->cred_dist_list,
1663 					 HTC_CREDIT_DIST_SEND_COMPLETE);
1664 	}
1665 
1666 	spin_unlock_bh(&target->tx_lock);
1667 
1668 	if (tot_credits)
1669 		htc_chk_ep_txq(target);
1670 }
1671 
1672 static int htc_parse_trailer(struct htc_target *target,
1673 			     struct htc_record_hdr *record,
1674 			     u8 *record_buf, u32 *next_lk_ahds,
1675 			     enum htc_endpoint_id endpoint,
1676 			     int *n_lk_ahds)
1677 {
1678 	struct htc_bundle_lkahd_rpt *bundle_lkahd_rpt;
1679 	struct htc_lookahead_report *lk_ahd;
1680 	int len;
1681 
1682 	switch (record->rec_id) {
1683 	case HTC_RECORD_CREDITS:
1684 		len = record->len / sizeof(struct htc_credit_report);
1685 		if (!len) {
1686 			WARN_ON(1);
1687 			return -EINVAL;
1688 		}
1689 
1690 		htc_proc_cred_rpt(target,
1691 				  (struct htc_credit_report *) record_buf,
1692 				  len, endpoint);
1693 		break;
1694 	case HTC_RECORD_LOOKAHEAD:
1695 		len = record->len / sizeof(*lk_ahd);
1696 		if (!len) {
1697 			WARN_ON(1);
1698 			return -EINVAL;
1699 		}
1700 
1701 		lk_ahd = (struct htc_lookahead_report *) record_buf;
1702 		if ((lk_ahd->pre_valid == ((~lk_ahd->post_valid) & 0xFF)) &&
1703 		    next_lk_ahds) {
1704 			ath6kl_dbg(ATH6KL_DBG_HTC,
1705 				   "htc rx lk_ahd found pre_valid 0x%x post_valid 0x%x\n",
1706 				   lk_ahd->pre_valid, lk_ahd->post_valid);
1707 
1708 			/* look ahead bytes are valid, copy them over */
1709 			memcpy((u8 *)&next_lk_ahds[0], lk_ahd->lk_ahd, 4);
1710 
1711 			ath6kl_dbg_dump(ATH6KL_DBG_HTC,
1712 					"htc rx next look ahead",
1713 					"", next_lk_ahds, 4);
1714 
1715 			*n_lk_ahds = 1;
1716 		}
1717 		break;
1718 	case HTC_RECORD_LOOKAHEAD_BUNDLE:
1719 		len = record->len / sizeof(*bundle_lkahd_rpt);
1720 		if (!len || (len > HTC_HOST_MAX_MSG_PER_BUNDLE)) {
1721 			WARN_ON(1);
1722 			return -EINVAL;
1723 		}
1724 
1725 		if (next_lk_ahds) {
1726 			int i;
1727 
1728 			bundle_lkahd_rpt =
1729 				(struct htc_bundle_lkahd_rpt *) record_buf;
1730 
1731 			ath6kl_dbg_dump(ATH6KL_DBG_HTC, "htc rx bundle lk_ahd",
1732 					"", record_buf, record->len);
1733 
1734 			for (i = 0; i < len; i++) {
1735 				memcpy((u8 *)&next_lk_ahds[i],
1736 				       bundle_lkahd_rpt->lk_ahd, 4);
1737 				bundle_lkahd_rpt++;
1738 			}
1739 
1740 			*n_lk_ahds = i;
1741 		}
1742 		break;
1743 	default:
1744 		ath6kl_err("unhandled record: id:%d len:%d\n",
1745 			   record->rec_id, record->len);
1746 		break;
1747 	}
1748 
1749 	return 0;
1750 }
1751 
1752 static int htc_proc_trailer(struct htc_target *target,
1753 			    u8 *buf, int len, u32 *next_lk_ahds,
1754 			    int *n_lk_ahds, enum htc_endpoint_id endpoint)
1755 {
1756 	struct htc_record_hdr *record;
1757 	int orig_len;
1758 	int status;
1759 	u8 *record_buf;
1760 	u8 *orig_buf;
1761 
1762 	ath6kl_dbg(ATH6KL_DBG_HTC, "htc rx trailer len %d\n", len);
1763 	ath6kl_dbg_dump(ATH6KL_DBG_HTC, NULL, "", buf, len);
1764 
1765 	orig_buf = buf;
1766 	orig_len = len;
1767 	status = 0;
1768 
1769 	while (len > 0) {
1770 		if (len < sizeof(struct htc_record_hdr)) {
1771 			status = -ENOMEM;
1772 			break;
1773 		}
1774 		/* these are byte aligned structs */
1775 		record = (struct htc_record_hdr *) buf;
1776 		len -= sizeof(struct htc_record_hdr);
1777 		buf += sizeof(struct htc_record_hdr);
1778 
1779 		if (record->len > len) {
1780 			ath6kl_err("invalid record len: %d (id:%d) buf has: %d bytes left\n",
1781 				   record->len, record->rec_id, len);
1782 			status = -ENOMEM;
1783 			break;
1784 		}
1785 		record_buf = buf;
1786 
1787 		status = htc_parse_trailer(target, record, record_buf,
1788 					   next_lk_ahds, endpoint, n_lk_ahds);
1789 
1790 		if (status)
1791 			break;
1792 
1793 		/* advance buffer past this record for next time around */
1794 		buf += record->len;
1795 		len -= record->len;
1796 	}
1797 
1798 	if (status)
1799 		ath6kl_dbg_dump(ATH6KL_DBG_HTC, "htc rx bad trailer",
1800 				"", orig_buf, orig_len);
1801 
1802 	return status;
1803 }
1804 
1805 static int ath6kl_htc_rx_process_hdr(struct htc_target *target,
1806 				     struct htc_packet *packet,
1807 				     u32 *next_lkahds, int *n_lkahds)
1808 {
1809 	int status = 0;
1810 	u16 payload_len;
1811 	u32 lk_ahd;
1812 	struct htc_frame_hdr *htc_hdr = (struct htc_frame_hdr *)packet->buf;
1813 
1814 	if (n_lkahds != NULL)
1815 		*n_lkahds = 0;
1816 
1817 	/*
1818 	 * NOTE: we cannot assume the alignment of buf, so we use the safe
1819 	 * macros to retrieve 16 bit fields.
1820 	 */
1821 	payload_len = le16_to_cpu(get_unaligned(&htc_hdr->payld_len));
1822 
1823 	memcpy((u8 *)&lk_ahd, packet->buf, sizeof(lk_ahd));
1824 
1825 	if (packet->info.rx.rx_flags & HTC_RX_PKT_REFRESH_HDR) {
1826 		/*
1827 		 * Refresh the expected header and the actual length as it
1828 		 * was unknown when this packet was grabbed as part of the
1829 		 * bundle.
1830 		 */
1831 		packet->info.rx.exp_hdr = lk_ahd;
1832 		packet->act_len = payload_len + HTC_HDR_LENGTH;
1833 
1834 		/* validate the actual header that was refreshed  */
1835 		if (packet->act_len > packet->buf_len) {
1836 			ath6kl_err("refreshed hdr payload len (%d) in bundled recv is invalid (hdr: 0x%X)\n",
1837 				   payload_len, lk_ahd);
1838 			/*
1839 			 * Limit this to max buffer just to print out some
1840 			 * of the buffer.
1841 			 */
1842 			packet->act_len = min(packet->act_len, packet->buf_len);
1843 			status = -ENOMEM;
1844 			goto fail_rx;
1845 		}
1846 
1847 		if (packet->endpoint != htc_hdr->eid) {
1848 			ath6kl_err("refreshed hdr ep (%d) does not match expected ep (%d)\n",
1849 				   htc_hdr->eid, packet->endpoint);
1850 			status = -ENOMEM;
1851 			goto fail_rx;
1852 		}
1853 	}
1854 
1855 	if (lk_ahd != packet->info.rx.exp_hdr) {
1856 		ath6kl_err("%s(): lk_ahd mismatch! (pPkt:0x%p flags:0x%X)\n",
1857 			   __func__, packet, packet->info.rx.rx_flags);
1858 		ath6kl_dbg_dump(ATH6KL_DBG_HTC, "htc rx expected lk_ahd",
1859 				"", &packet->info.rx.exp_hdr, 4);
1860 		ath6kl_dbg_dump(ATH6KL_DBG_HTC, "htc rx current header",
1861 				"", (u8 *)&lk_ahd, sizeof(lk_ahd));
1862 		status = -ENOMEM;
1863 		goto fail_rx;
1864 	}
1865 
1866 	if (htc_hdr->flags & HTC_FLG_RX_TRAILER) {
1867 		if (htc_hdr->ctrl[0] < sizeof(struct htc_record_hdr) ||
1868 		    htc_hdr->ctrl[0] > payload_len) {
1869 			ath6kl_err("%s(): invalid hdr (payload len should be :%d, CB[0] is:%d)\n",
1870 				   __func__, payload_len, htc_hdr->ctrl[0]);
1871 			status = -ENOMEM;
1872 			goto fail_rx;
1873 		}
1874 
1875 		if (packet->info.rx.rx_flags & HTC_RX_PKT_IGNORE_LOOKAHEAD) {
1876 			next_lkahds = NULL;
1877 			n_lkahds = NULL;
1878 		}
1879 
1880 		status = htc_proc_trailer(target, packet->buf + HTC_HDR_LENGTH
1881 					  + payload_len - htc_hdr->ctrl[0],
1882 					  htc_hdr->ctrl[0], next_lkahds,
1883 					   n_lkahds, packet->endpoint);
1884 
1885 		if (status)
1886 			goto fail_rx;
1887 
1888 		packet->act_len -= htc_hdr->ctrl[0];
1889 	}
1890 
1891 	packet->buf += HTC_HDR_LENGTH;
1892 	packet->act_len -= HTC_HDR_LENGTH;
1893 
1894 fail_rx:
1895 	if (status)
1896 		ath6kl_dbg_dump(ATH6KL_DBG_HTC, "htc rx bad packet",
1897 				"", packet->buf, packet->act_len);
1898 
1899 	return status;
1900 }
1901 
1902 static void ath6kl_htc_rx_complete(struct htc_endpoint *endpoint,
1903 				   struct htc_packet *packet)
1904 {
1905 		ath6kl_dbg(ATH6KL_DBG_HTC,
1906 			   "htc rx complete ep %d packet 0x%p\n",
1907 			   endpoint->eid, packet);
1908 
1909 		endpoint->ep_cb.rx(endpoint->target, packet);
1910 }
1911 
1912 static int ath6kl_htc_rx_bundle(struct htc_target *target,
1913 				struct list_head *rxq,
1914 				struct list_head *sync_compq,
1915 				int *n_pkt_fetched, bool part_bundle)
1916 {
1917 	struct hif_scatter_req *scat_req;
1918 	struct htc_packet *packet;
1919 	int rem_space = target->max_rx_bndl_sz;
1920 	int n_scat_pkt, status = 0, i, len;
1921 
1922 	n_scat_pkt = get_queue_depth(rxq);
1923 	n_scat_pkt = min(n_scat_pkt, target->msg_per_bndl_max);
1924 
1925 	if ((get_queue_depth(rxq) - n_scat_pkt) > 0) {
1926 		/*
1927 		 * We were forced to split this bundle receive operation
1928 		 * all packets in this partial bundle must have their
1929 		 * lookaheads ignored.
1930 		 */
1931 		part_bundle = true;
1932 
1933 		/*
1934 		 * This would only happen if the target ignored our max
1935 		 * bundle limit.
1936 		 */
1937 		ath6kl_warn("%s(): partial bundle detected num:%d , %d\n",
1938 			    __func__, get_queue_depth(rxq), n_scat_pkt);
1939 	}
1940 
1941 	len = 0;
1942 
1943 	ath6kl_dbg(ATH6KL_DBG_HTC,
1944 		   "htc rx bundle depth %d pkts %d\n",
1945 		   get_queue_depth(rxq), n_scat_pkt);
1946 
1947 	scat_req = hif_scatter_req_get(target->dev->ar);
1948 
1949 	if (scat_req == NULL)
1950 		goto fail_rx_pkt;
1951 
1952 	for (i = 0; i < n_scat_pkt; i++) {
1953 		int pad_len;
1954 
1955 		packet = list_first_entry(rxq, struct htc_packet, list);
1956 		list_del(&packet->list);
1957 
1958 		pad_len = CALC_TXRX_PADDED_LEN(target,
1959 						   packet->act_len);
1960 
1961 		if ((rem_space - pad_len) < 0) {
1962 			list_add(&packet->list, rxq);
1963 			break;
1964 		}
1965 
1966 		rem_space -= pad_len;
1967 
1968 		if (part_bundle || (i < (n_scat_pkt - 1)))
1969 			/*
1970 			 * Packet 0..n-1 cannot be checked for look-aheads
1971 			 * since we are fetching a bundle the last packet
1972 			 * however can have it's lookahead used
1973 			 */
1974 			packet->info.rx.rx_flags |=
1975 			    HTC_RX_PKT_IGNORE_LOOKAHEAD;
1976 
1977 		/* NOTE: 1 HTC packet per scatter entry */
1978 		scat_req->scat_list[i].buf = packet->buf;
1979 		scat_req->scat_list[i].len = pad_len;
1980 
1981 		packet->info.rx.rx_flags |= HTC_RX_PKT_PART_OF_BUNDLE;
1982 
1983 		list_add_tail(&packet->list, sync_compq);
1984 
1985 		WARN_ON(!scat_req->scat_list[i].len);
1986 		len += scat_req->scat_list[i].len;
1987 	}
1988 
1989 	scat_req->len = len;
1990 	scat_req->scat_entries = i;
1991 
1992 	status = ath6kl_hif_submit_scat_req(target->dev, scat_req, true);
1993 
1994 	if (!status)
1995 		*n_pkt_fetched = i;
1996 
1997 	/* free scatter request */
1998 	hif_scatter_req_add(target->dev->ar, scat_req);
1999 
2000 fail_rx_pkt:
2001 
2002 	return status;
2003 }
2004 
2005 static int ath6kl_htc_rx_process_packets(struct htc_target *target,
2006 					 struct list_head *comp_pktq,
2007 					 u32 lk_ahds[],
2008 					 int *n_lk_ahd)
2009 {
2010 	struct htc_packet *packet, *tmp_pkt;
2011 	struct htc_endpoint *ep;
2012 	int status = 0;
2013 
2014 	list_for_each_entry_safe(packet, tmp_pkt, comp_pktq, list) {
2015 		ep = &target->endpoint[packet->endpoint];
2016 
2017 		trace_ath6kl_htc_rx(packet->status, packet->endpoint,
2018 				    packet->buf, packet->act_len);
2019 
2020 		/* process header for each of the recv packet */
2021 		status = ath6kl_htc_rx_process_hdr(target, packet, lk_ahds,
2022 						   n_lk_ahd);
2023 		if (status)
2024 			return status;
2025 
2026 		list_del(&packet->list);
2027 
2028 		if (list_empty(comp_pktq)) {
2029 			/*
2030 			 * Last packet's more packet flag is set
2031 			 * based on the lookahead.
2032 			 */
2033 			if (*n_lk_ahd > 0)
2034 				ath6kl_htc_rx_set_indicate(lk_ahds[0],
2035 							   ep, packet);
2036 		} else
2037 			/*
2038 			 * Packets in a bundle automatically have
2039 			 * this flag set.
2040 			 */
2041 			packet->info.rx.indicat_flags |=
2042 				HTC_RX_FLAGS_INDICATE_MORE_PKTS;
2043 
2044 		ath6kl_htc_rx_update_stats(ep, *n_lk_ahd);
2045 
2046 		if (packet->info.rx.rx_flags & HTC_RX_PKT_PART_OF_BUNDLE)
2047 			ep->ep_st.rx_bundl += 1;
2048 
2049 		ath6kl_htc_rx_complete(ep, packet);
2050 	}
2051 
2052 	return status;
2053 }
2054 
2055 static int ath6kl_htc_rx_fetch(struct htc_target *target,
2056 			       struct list_head *rx_pktq,
2057 			       struct list_head *comp_pktq)
2058 {
2059 	int fetched_pkts;
2060 	bool part_bundle = false;
2061 	int status = 0;
2062 	struct list_head tmp_rxq;
2063 	struct htc_packet *packet, *tmp_pkt;
2064 
2065 	/* now go fetch the list of HTC packets */
2066 	while (!list_empty(rx_pktq)) {
2067 		fetched_pkts = 0;
2068 
2069 		INIT_LIST_HEAD(&tmp_rxq);
2070 
2071 		if (target->rx_bndl_enable && (get_queue_depth(rx_pktq) > 1)) {
2072 			/*
2073 			 * There are enough packets to attempt a
2074 			 * bundle transfer and recv bundling is
2075 			 * allowed.
2076 			 */
2077 			status = ath6kl_htc_rx_bundle(target, rx_pktq,
2078 						      &tmp_rxq,
2079 						      &fetched_pkts,
2080 						      part_bundle);
2081 			if (status)
2082 				goto fail_rx;
2083 
2084 			if (!list_empty(rx_pktq))
2085 				part_bundle = true;
2086 
2087 			list_splice_tail_init(&tmp_rxq, comp_pktq);
2088 		}
2089 
2090 		if (!fetched_pkts) {
2091 			packet = list_first_entry(rx_pktq, struct htc_packet,
2092 						   list);
2093 
2094 			/* fully synchronous */
2095 			packet->completion = NULL;
2096 
2097 			if (!list_is_singular(rx_pktq))
2098 				/*
2099 				 * look_aheads in all packet
2100 				 * except the last one in the
2101 				 * bundle must be ignored
2102 				 */
2103 				packet->info.rx.rx_flags |=
2104 					HTC_RX_PKT_IGNORE_LOOKAHEAD;
2105 
2106 			/* go fetch the packet */
2107 			status = ath6kl_htc_rx_packet(target, packet,
2108 						      packet->act_len);
2109 
2110 			list_move_tail(&packet->list, &tmp_rxq);
2111 
2112 			if (status)
2113 				goto fail_rx;
2114 
2115 			list_splice_tail_init(&tmp_rxq, comp_pktq);
2116 		}
2117 	}
2118 
2119 	return 0;
2120 
2121 fail_rx:
2122 
2123 	/*
2124 	 * Cleanup any packets we allocated but didn't use to
2125 	 * actually fetch any packets.
2126 	 */
2127 
2128 	list_for_each_entry_safe(packet, tmp_pkt, rx_pktq, list) {
2129 		list_del(&packet->list);
2130 		htc_reclaim_rxbuf(target, packet,
2131 				  &target->endpoint[packet->endpoint]);
2132 	}
2133 
2134 	list_for_each_entry_safe(packet, tmp_pkt, &tmp_rxq, list) {
2135 		list_del(&packet->list);
2136 		htc_reclaim_rxbuf(target, packet,
2137 				  &target->endpoint[packet->endpoint]);
2138 	}
2139 
2140 	return status;
2141 }
2142 
2143 int ath6kl_htc_rxmsg_pending_handler(struct htc_target *target,
2144 				     u32 msg_look_ahead, int *num_pkts)
2145 {
2146 	struct htc_packet *packets, *tmp_pkt;
2147 	struct htc_endpoint *endpoint;
2148 	struct list_head rx_pktq, comp_pktq;
2149 	int status = 0;
2150 	u32 look_aheads[HTC_HOST_MAX_MSG_PER_BUNDLE];
2151 	int num_look_ahead = 1;
2152 	enum htc_endpoint_id id;
2153 	int n_fetched = 0;
2154 
2155 	INIT_LIST_HEAD(&comp_pktq);
2156 	*num_pkts = 0;
2157 
2158 	/*
2159 	 * On first entry copy the look_aheads into our temp array for
2160 	 * processing
2161 	 */
2162 	look_aheads[0] = msg_look_ahead;
2163 
2164 	while (true) {
2165 		/*
2166 		 * First lookahead sets the expected endpoint IDs for all
2167 		 * packets in a bundle.
2168 		 */
2169 		id = ((struct htc_frame_hdr *)&look_aheads[0])->eid;
2170 		endpoint = &target->endpoint[id];
2171 
2172 		if (id >= ENDPOINT_MAX) {
2173 			ath6kl_err("MsgPend, invalid endpoint in look-ahead: %d\n",
2174 				   id);
2175 			status = -ENOMEM;
2176 			break;
2177 		}
2178 
2179 		INIT_LIST_HEAD(&rx_pktq);
2180 		INIT_LIST_HEAD(&comp_pktq);
2181 
2182 		/*
2183 		 * Try to allocate as many HTC RX packets indicated by the
2184 		 * look_aheads.
2185 		 */
2186 		status = ath6kl_htc_rx_alloc(target, look_aheads,
2187 					     num_look_ahead, endpoint,
2188 					     &rx_pktq);
2189 		if (status)
2190 			break;
2191 
2192 		if (get_queue_depth(&rx_pktq) >= 2)
2193 			/*
2194 			 * A recv bundle was detected, force IRQ status
2195 			 * re-check again
2196 			 */
2197 			target->chk_irq_status_cnt = 1;
2198 
2199 		n_fetched += get_queue_depth(&rx_pktq);
2200 
2201 		num_look_ahead = 0;
2202 
2203 		status = ath6kl_htc_rx_fetch(target, &rx_pktq, &comp_pktq);
2204 
2205 		if (!status)
2206 			ath6kl_htc_rx_chk_water_mark(endpoint);
2207 
2208 		/* Process fetched packets */
2209 		status = ath6kl_htc_rx_process_packets(target, &comp_pktq,
2210 						       look_aheads,
2211 						       &num_look_ahead);
2212 
2213 		if (!num_look_ahead || status)
2214 			break;
2215 
2216 		/*
2217 		 * For SYNCH processing, if we get here, we are running
2218 		 * through the loop again due to a detected lookahead. Set
2219 		 * flag that we should re-check IRQ status registers again
2220 		 * before leaving IRQ processing, this can net better
2221 		 * performance in high throughput situations.
2222 		 */
2223 		target->chk_irq_status_cnt = 1;
2224 	}
2225 
2226 	if (status) {
2227 		ath6kl_err("failed to get pending recv messages: %d\n",
2228 			   status);
2229 
2230 		/* cleanup any packets in sync completion queue */
2231 		list_for_each_entry_safe(packets, tmp_pkt, &comp_pktq, list) {
2232 			list_del(&packets->list);
2233 			htc_reclaim_rxbuf(target, packets,
2234 					  &target->endpoint[packets->endpoint]);
2235 		}
2236 
2237 		if (target->htc_flags & HTC_OP_STATE_STOPPING) {
2238 			ath6kl_warn("host is going to stop blocking receiver for htc_stop\n");
2239 			ath6kl_hif_rx_control(target->dev, false);
2240 		}
2241 	}
2242 
2243 	/*
2244 	 * Before leaving, check to see if host ran out of buffers and
2245 	 * needs to stop the receiver.
2246 	 */
2247 	if (target->rx_st_flags & HTC_RECV_WAIT_BUFFERS) {
2248 		ath6kl_warn("host has no rx buffers blocking receiver to prevent overrun\n");
2249 		ath6kl_hif_rx_control(target->dev, false);
2250 	}
2251 	*num_pkts = n_fetched;
2252 
2253 	return status;
2254 }
2255 
2256 /*
2257  * Synchronously wait for a control message from the target,
2258  * This function is used at initialization time ONLY.  At init messages
2259  * on ENDPOINT 0 are expected.
2260  */
2261 static struct htc_packet *htc_wait_for_ctrl_msg(struct htc_target *target)
2262 {
2263 	struct htc_packet *packet = NULL;
2264 	struct htc_frame_hdr *htc_hdr;
2265 	u32 look_ahead;
2266 
2267 	if (ath6kl_hif_poll_mboxmsg_rx(target->dev, &look_ahead,
2268 				       HTC_TARGET_RESPONSE_TIMEOUT))
2269 		return NULL;
2270 
2271 	ath6kl_dbg(ATH6KL_DBG_HTC,
2272 		   "htc rx wait ctrl look_ahead 0x%X\n", look_ahead);
2273 
2274 	htc_hdr = (struct htc_frame_hdr *)&look_ahead;
2275 
2276 	if (htc_hdr->eid != ENDPOINT_0)
2277 		return NULL;
2278 
2279 	packet = htc_get_control_buf(target, false);
2280 
2281 	if (!packet)
2282 		return NULL;
2283 
2284 	packet->info.rx.rx_flags = 0;
2285 	packet->info.rx.exp_hdr = look_ahead;
2286 	packet->act_len = le16_to_cpu(htc_hdr->payld_len) + HTC_HDR_LENGTH;
2287 
2288 	if (packet->act_len > packet->buf_len)
2289 		goto fail_ctrl_rx;
2290 
2291 	/* we want synchronous operation */
2292 	packet->completion = NULL;
2293 
2294 	/* get the message from the device, this will block */
2295 	if (ath6kl_htc_rx_packet(target, packet, packet->act_len))
2296 		goto fail_ctrl_rx;
2297 
2298 	trace_ath6kl_htc_rx(packet->status, packet->endpoint,
2299 			    packet->buf, packet->act_len);
2300 
2301 	/* process receive header */
2302 	packet->status = ath6kl_htc_rx_process_hdr(target, packet, NULL, NULL);
2303 
2304 	if (packet->status) {
2305 		ath6kl_err("htc_wait_for_ctrl_msg, ath6kl_htc_rx_process_hdr failed (status = %d)\n",
2306 			   packet->status);
2307 		goto fail_ctrl_rx;
2308 	}
2309 
2310 	return packet;
2311 
2312 fail_ctrl_rx:
2313 	if (packet != NULL) {
2314 		htc_rxpkt_reset(packet);
2315 		reclaim_rx_ctrl_buf(target, packet);
2316 	}
2317 
2318 	return NULL;
2319 }
2320 
2321 static int ath6kl_htc_mbox_add_rxbuf_multiple(struct htc_target *target,
2322 				  struct list_head *pkt_queue)
2323 {
2324 	struct htc_endpoint *endpoint;
2325 	struct htc_packet *first_pkt;
2326 	bool rx_unblock = false;
2327 	int status = 0, depth;
2328 
2329 	if (list_empty(pkt_queue))
2330 		return -ENOMEM;
2331 
2332 	first_pkt = list_first_entry(pkt_queue, struct htc_packet, list);
2333 
2334 	if (first_pkt->endpoint >= ENDPOINT_MAX)
2335 		return status;
2336 
2337 	depth = get_queue_depth(pkt_queue);
2338 
2339 	ath6kl_dbg(ATH6KL_DBG_HTC,
2340 		   "htc rx add multiple ep id %d cnt %d len %d\n",
2341 		first_pkt->endpoint, depth, first_pkt->buf_len);
2342 
2343 	endpoint = &target->endpoint[first_pkt->endpoint];
2344 
2345 	if (target->htc_flags & HTC_OP_STATE_STOPPING) {
2346 		struct htc_packet *packet, *tmp_pkt;
2347 
2348 		/* walk through queue and mark each one canceled */
2349 		list_for_each_entry_safe(packet, tmp_pkt, pkt_queue, list) {
2350 			packet->status = -ECANCELED;
2351 			list_del(&packet->list);
2352 			ath6kl_htc_rx_complete(endpoint, packet);
2353 		}
2354 
2355 		return status;
2356 	}
2357 
2358 	spin_lock_bh(&target->rx_lock);
2359 
2360 	list_splice_tail_init(pkt_queue, &endpoint->rx_bufq);
2361 
2362 	/* check if we are blocked waiting for a new buffer */
2363 	if (target->rx_st_flags & HTC_RECV_WAIT_BUFFERS) {
2364 		if (target->ep_waiting == first_pkt->endpoint) {
2365 			ath6kl_dbg(ATH6KL_DBG_HTC,
2366 				   "htc rx blocked on ep %d, unblocking\n",
2367 				   target->ep_waiting);
2368 			target->rx_st_flags &= ~HTC_RECV_WAIT_BUFFERS;
2369 			target->ep_waiting = ENDPOINT_MAX;
2370 			rx_unblock = true;
2371 		}
2372 	}
2373 
2374 	spin_unlock_bh(&target->rx_lock);
2375 
2376 	if (rx_unblock && !(target->htc_flags & HTC_OP_STATE_STOPPING))
2377 		/* TODO : implement a buffer threshold count? */
2378 		ath6kl_hif_rx_control(target->dev, true);
2379 
2380 	return status;
2381 }
2382 
2383 static void ath6kl_htc_mbox_flush_rx_buf(struct htc_target *target)
2384 {
2385 	struct htc_endpoint *endpoint;
2386 	struct htc_packet *packet, *tmp_pkt;
2387 	int i;
2388 
2389 	for (i = ENDPOINT_0; i < ENDPOINT_MAX; i++) {
2390 		endpoint = &target->endpoint[i];
2391 		if (!endpoint->svc_id)
2392 			/* not in use.. */
2393 			continue;
2394 
2395 		spin_lock_bh(&target->rx_lock);
2396 		list_for_each_entry_safe(packet, tmp_pkt,
2397 					 &endpoint->rx_bufq, list) {
2398 			list_del(&packet->list);
2399 			spin_unlock_bh(&target->rx_lock);
2400 			ath6kl_dbg(ATH6KL_DBG_HTC,
2401 				   "htc rx flush pkt 0x%p  len %d  ep %d\n",
2402 				   packet, packet->buf_len,
2403 				   packet->endpoint);
2404 			/*
2405 			 * packets in rx_bufq of endpoint 0 have originally
2406 			 * been queued from target->free_ctrl_rxbuf where
2407 			 * packet and packet->buf_start are allocated
2408 			 * separately using kmalloc(). For other endpoint
2409 			 * rx_bufq, it is allocated as skb where packet is
2410 			 * skb->head. Take care of this difference while freeing
2411 			 * the memory.
2412 			 */
2413 			if (packet->endpoint == ENDPOINT_0) {
2414 				kfree(packet->buf_start);
2415 				kfree(packet);
2416 			} else {
2417 				dev_kfree_skb(packet->pkt_cntxt);
2418 			}
2419 			spin_lock_bh(&target->rx_lock);
2420 		}
2421 		spin_unlock_bh(&target->rx_lock);
2422 	}
2423 }
2424 
2425 static int ath6kl_htc_mbox_conn_service(struct htc_target *target,
2426 			    struct htc_service_connect_req *conn_req,
2427 			    struct htc_service_connect_resp *conn_resp)
2428 {
2429 	struct htc_packet *rx_pkt = NULL;
2430 	struct htc_packet *tx_pkt = NULL;
2431 	struct htc_conn_service_resp *resp_msg;
2432 	struct htc_conn_service_msg *conn_msg;
2433 	struct htc_endpoint *endpoint;
2434 	enum htc_endpoint_id assigned_ep = ENDPOINT_MAX;
2435 	unsigned int max_msg_sz = 0;
2436 	int status = 0;
2437 	u16 msg_id;
2438 
2439 	ath6kl_dbg(ATH6KL_DBG_HTC,
2440 		   "htc connect service target 0x%p service id 0x%x\n",
2441 		   target, conn_req->svc_id);
2442 
2443 	if (conn_req->svc_id == HTC_CTRL_RSVD_SVC) {
2444 		/* special case for pseudo control service */
2445 		assigned_ep = ENDPOINT_0;
2446 		max_msg_sz = HTC_MAX_CTRL_MSG_LEN;
2447 	} else {
2448 		/* allocate a packet to send to the target */
2449 		tx_pkt = htc_get_control_buf(target, true);
2450 
2451 		if (!tx_pkt)
2452 			return -ENOMEM;
2453 
2454 		conn_msg = (struct htc_conn_service_msg *)tx_pkt->buf;
2455 		memset(conn_msg, 0, sizeof(*conn_msg));
2456 		conn_msg->msg_id = cpu_to_le16(HTC_MSG_CONN_SVC_ID);
2457 		conn_msg->svc_id = cpu_to_le16(conn_req->svc_id);
2458 		conn_msg->conn_flags = cpu_to_le16(conn_req->conn_flags);
2459 
2460 		set_htc_pkt_info(tx_pkt, NULL, (u8 *) conn_msg,
2461 				 sizeof(*conn_msg) + conn_msg->svc_meta_len,
2462 				 ENDPOINT_0, HTC_SERVICE_TX_PACKET_TAG);
2463 
2464 		/* we want synchronous operation */
2465 		tx_pkt->completion = NULL;
2466 		ath6kl_htc_tx_prep_pkt(tx_pkt, 0, 0, 0);
2467 		status = ath6kl_htc_tx_issue(target, tx_pkt);
2468 
2469 		if (status)
2470 			goto fail_tx;
2471 
2472 		/* wait for response */
2473 		rx_pkt = htc_wait_for_ctrl_msg(target);
2474 
2475 		if (!rx_pkt) {
2476 			status = -ENOMEM;
2477 			goto fail_tx;
2478 		}
2479 
2480 		resp_msg = (struct htc_conn_service_resp *)rx_pkt->buf;
2481 		msg_id = le16_to_cpu(resp_msg->msg_id);
2482 
2483 		if ((msg_id != HTC_MSG_CONN_SVC_RESP_ID) ||
2484 		    (rx_pkt->act_len < sizeof(*resp_msg))) {
2485 			status = -ENOMEM;
2486 			goto fail_tx;
2487 		}
2488 
2489 		conn_resp->resp_code = resp_msg->status;
2490 		/* check response status */
2491 		if (resp_msg->status != HTC_SERVICE_SUCCESS) {
2492 			ath6kl_err("target failed service 0x%X connect request (status:%d)\n",
2493 				   resp_msg->svc_id, resp_msg->status);
2494 			status = -ENOMEM;
2495 			goto fail_tx;
2496 		}
2497 
2498 		assigned_ep = (enum htc_endpoint_id)resp_msg->eid;
2499 		max_msg_sz = le16_to_cpu(resp_msg->max_msg_sz);
2500 	}
2501 
2502 	if (WARN_ON_ONCE(assigned_ep == ENDPOINT_UNUSED ||
2503 			 assigned_ep >= ENDPOINT_MAX || !max_msg_sz)) {
2504 		status = -ENOMEM;
2505 		goto fail_tx;
2506 	}
2507 
2508 	endpoint = &target->endpoint[assigned_ep];
2509 	endpoint->eid = assigned_ep;
2510 	if (endpoint->svc_id) {
2511 		status = -ENOMEM;
2512 		goto fail_tx;
2513 	}
2514 
2515 	/* return assigned endpoint to caller */
2516 	conn_resp->endpoint = assigned_ep;
2517 	conn_resp->len_max = max_msg_sz;
2518 
2519 	/* setup the endpoint */
2520 
2521 	/* this marks the endpoint in use */
2522 	endpoint->svc_id = conn_req->svc_id;
2523 
2524 	endpoint->max_txq_depth = conn_req->max_txq_depth;
2525 	endpoint->len_max = max_msg_sz;
2526 	endpoint->ep_cb = conn_req->ep_cb;
2527 	endpoint->cred_dist.svc_id = conn_req->svc_id;
2528 	endpoint->cred_dist.htc_ep = endpoint;
2529 	endpoint->cred_dist.endpoint = assigned_ep;
2530 	endpoint->cred_dist.cred_sz = target->tgt_cred_sz;
2531 
2532 	switch (endpoint->svc_id) {
2533 	case WMI_DATA_BK_SVC:
2534 		endpoint->tx_drop_packet_threshold = MAX_DEF_COOKIE_NUM / 3;
2535 		break;
2536 	default:
2537 		endpoint->tx_drop_packet_threshold = MAX_HI_COOKIE_NUM;
2538 		break;
2539 	}
2540 
2541 	if (conn_req->max_rxmsg_sz) {
2542 		/*
2543 		 * Override cred_per_msg calculation, this optimizes
2544 		 * the credit-low indications since the host will actually
2545 		 * issue smaller messages in the Send path.
2546 		 */
2547 		if (conn_req->max_rxmsg_sz > max_msg_sz) {
2548 			status = -ENOMEM;
2549 			goto fail_tx;
2550 		}
2551 		endpoint->cred_dist.cred_per_msg =
2552 		    conn_req->max_rxmsg_sz / target->tgt_cred_sz;
2553 	} else
2554 		endpoint->cred_dist.cred_per_msg =
2555 		    max_msg_sz / target->tgt_cred_sz;
2556 
2557 	if (!endpoint->cred_dist.cred_per_msg)
2558 		endpoint->cred_dist.cred_per_msg = 1;
2559 
2560 	/* save local connection flags */
2561 	endpoint->conn_flags = conn_req->flags;
2562 
2563 fail_tx:
2564 	if (tx_pkt)
2565 		htc_reclaim_txctrl_buf(target, tx_pkt);
2566 
2567 	if (rx_pkt) {
2568 		htc_rxpkt_reset(rx_pkt);
2569 		reclaim_rx_ctrl_buf(target, rx_pkt);
2570 	}
2571 
2572 	return status;
2573 }
2574 
2575 static void reset_ep_state(struct htc_target *target)
2576 {
2577 	struct htc_endpoint *endpoint;
2578 	int i;
2579 
2580 	for (i = ENDPOINT_0; i < ENDPOINT_MAX; i++) {
2581 		endpoint = &target->endpoint[i];
2582 		memset(&endpoint->cred_dist, 0, sizeof(endpoint->cred_dist));
2583 		endpoint->svc_id = 0;
2584 		endpoint->len_max = 0;
2585 		endpoint->max_txq_depth = 0;
2586 		memset(&endpoint->ep_st, 0,
2587 		       sizeof(endpoint->ep_st));
2588 		INIT_LIST_HEAD(&endpoint->rx_bufq);
2589 		INIT_LIST_HEAD(&endpoint->txq);
2590 		endpoint->target = target;
2591 	}
2592 
2593 	/* reset distribution list */
2594 	/* FIXME: free existing entries */
2595 	INIT_LIST_HEAD(&target->cred_dist_list);
2596 }
2597 
2598 static int ath6kl_htc_mbox_get_rxbuf_num(struct htc_target *target,
2599 			     enum htc_endpoint_id endpoint)
2600 {
2601 	int num;
2602 
2603 	spin_lock_bh(&target->rx_lock);
2604 	num = get_queue_depth(&(target->endpoint[endpoint].rx_bufq));
2605 	spin_unlock_bh(&target->rx_lock);
2606 	return num;
2607 }
2608 
2609 static void htc_setup_msg_bndl(struct htc_target *target)
2610 {
2611 	/* limit what HTC can handle */
2612 	target->msg_per_bndl_max = min(HTC_HOST_MAX_MSG_PER_BUNDLE,
2613 				       target->msg_per_bndl_max);
2614 
2615 	if (ath6kl_hif_enable_scatter(target->dev->ar)) {
2616 		target->msg_per_bndl_max = 0;
2617 		return;
2618 	}
2619 
2620 	/* limit bundle what the device layer can handle */
2621 	target->msg_per_bndl_max = min(target->max_scat_entries,
2622 				       target->msg_per_bndl_max);
2623 
2624 	ath6kl_dbg(ATH6KL_DBG_BOOT,
2625 		   "htc bundling allowed msg_per_bndl_max %d\n",
2626 		   target->msg_per_bndl_max);
2627 
2628 	/* Max rx bundle size is limited by the max tx bundle size */
2629 	target->max_rx_bndl_sz = target->max_xfer_szper_scatreq;
2630 	/* Max tx bundle size if limited by the extended mbox address range */
2631 	target->max_tx_bndl_sz = min(HIF_MBOX0_EXT_WIDTH,
2632 				     target->max_xfer_szper_scatreq);
2633 
2634 	ath6kl_dbg(ATH6KL_DBG_BOOT, "htc max_rx_bndl_sz %d max_tx_bndl_sz %d\n",
2635 		   target->max_rx_bndl_sz, target->max_tx_bndl_sz);
2636 
2637 	if (target->max_tx_bndl_sz)
2638 		/* tx_bndl_mask is enabled per AC, each has 1 bit */
2639 		target->tx_bndl_mask = (1 << WMM_NUM_AC) - 1;
2640 
2641 	if (target->max_rx_bndl_sz)
2642 		target->rx_bndl_enable = true;
2643 
2644 	if ((target->tgt_cred_sz % target->block_sz) != 0) {
2645 		ath6kl_warn("credit size: %d is not block aligned! Disabling send bundling\n",
2646 			    target->tgt_cred_sz);
2647 
2648 		/*
2649 		 * Disallow send bundling since the credit size is
2650 		 * not aligned to a block size the I/O block
2651 		 * padding will spill into the next credit buffer
2652 		 * which is fatal.
2653 		 */
2654 		target->tx_bndl_mask = 0;
2655 	}
2656 }
2657 
2658 static int ath6kl_htc_mbox_wait_target(struct htc_target *target)
2659 {
2660 	struct htc_packet *packet = NULL;
2661 	struct htc_ready_ext_msg *rdy_msg;
2662 	struct htc_service_connect_req connect;
2663 	struct htc_service_connect_resp resp;
2664 	int status;
2665 
2666 	/* we should be getting 1 control message that the target is ready */
2667 	packet = htc_wait_for_ctrl_msg(target);
2668 
2669 	if (!packet)
2670 		return -ENOMEM;
2671 
2672 	/* we controlled the buffer creation so it's properly aligned */
2673 	rdy_msg = (struct htc_ready_ext_msg *)packet->buf;
2674 
2675 	if ((le16_to_cpu(rdy_msg->ver2_0_info.msg_id) != HTC_MSG_READY_ID) ||
2676 	    (packet->act_len < sizeof(struct htc_ready_msg))) {
2677 		status = -ENOMEM;
2678 		goto fail_wait_target;
2679 	}
2680 
2681 	if (!rdy_msg->ver2_0_info.cred_cnt || !rdy_msg->ver2_0_info.cred_sz) {
2682 		status = -ENOMEM;
2683 		goto fail_wait_target;
2684 	}
2685 
2686 	target->tgt_creds = le16_to_cpu(rdy_msg->ver2_0_info.cred_cnt);
2687 	target->tgt_cred_sz = le16_to_cpu(rdy_msg->ver2_0_info.cred_sz);
2688 
2689 	ath6kl_dbg(ATH6KL_DBG_BOOT,
2690 		   "htc target ready credits %d size %d\n",
2691 		   target->tgt_creds, target->tgt_cred_sz);
2692 
2693 	/* check if this is an extended ready message */
2694 	if (packet->act_len >= sizeof(struct htc_ready_ext_msg)) {
2695 		/* this is an extended message */
2696 		target->htc_tgt_ver = rdy_msg->htc_ver;
2697 		target->msg_per_bndl_max = rdy_msg->msg_per_htc_bndl;
2698 	} else {
2699 		/* legacy */
2700 		target->htc_tgt_ver = HTC_VERSION_2P0;
2701 		target->msg_per_bndl_max = 0;
2702 	}
2703 
2704 	ath6kl_dbg(ATH6KL_DBG_BOOT, "htc using protocol %s (%d)\n",
2705 		   (target->htc_tgt_ver == HTC_VERSION_2P0) ? "2.0" : ">= 2.1",
2706 		   target->htc_tgt_ver);
2707 
2708 	if (target->msg_per_bndl_max > 0)
2709 		htc_setup_msg_bndl(target);
2710 
2711 	/* setup our pseudo HTC control endpoint connection */
2712 	memset(&connect, 0, sizeof(connect));
2713 	memset(&resp, 0, sizeof(resp));
2714 	connect.ep_cb.rx = htc_ctrl_rx;
2715 	connect.ep_cb.rx_refill = NULL;
2716 	connect.ep_cb.tx_full = NULL;
2717 	connect.max_txq_depth = NUM_CONTROL_BUFFERS;
2718 	connect.svc_id = HTC_CTRL_RSVD_SVC;
2719 
2720 	/* connect fake service */
2721 	status = ath6kl_htc_mbox_conn_service((void *)target, &connect, &resp);
2722 
2723 	if (status)
2724 		/*
2725 		 * FIXME: this call doesn't make sense, the caller should
2726 		 * call ath6kl_htc_mbox_cleanup() when it wants remove htc
2727 		 */
2728 		ath6kl_hif_cleanup_scatter(target->dev->ar);
2729 
2730 fail_wait_target:
2731 	if (packet) {
2732 		htc_rxpkt_reset(packet);
2733 		reclaim_rx_ctrl_buf(target, packet);
2734 	}
2735 
2736 	return status;
2737 }
2738 
2739 /*
2740  * Start HTC, enable interrupts and let the target know
2741  * host has finished setup.
2742  */
2743 static int ath6kl_htc_mbox_start(struct htc_target *target)
2744 {
2745 	struct htc_packet *packet;
2746 	int status;
2747 
2748 	memset(&target->dev->irq_proc_reg, 0,
2749 	       sizeof(target->dev->irq_proc_reg));
2750 
2751 	/* Disable interrupts at the chip level */
2752 	ath6kl_hif_disable_intrs(target->dev);
2753 
2754 	target->htc_flags = 0;
2755 	target->rx_st_flags = 0;
2756 
2757 	/* Push control receive buffers into htc control endpoint */
2758 	while ((packet = htc_get_control_buf(target, false)) != NULL) {
2759 		status = htc_add_rxbuf(target, packet);
2760 		if (status)
2761 			return status;
2762 	}
2763 
2764 	/* NOTE: the first entry in the distribution list is ENDPOINT_0 */
2765 	ath6kl_credit_init(target->credit_info, &target->cred_dist_list,
2766 			   target->tgt_creds);
2767 
2768 	dump_cred_dist_stats(target);
2769 
2770 	/* Indicate to the target of the setup completion */
2771 	status = htc_setup_tx_complete(target);
2772 
2773 	if (status)
2774 		return status;
2775 
2776 	/* unmask interrupts */
2777 	status = ath6kl_hif_unmask_intrs(target->dev);
2778 
2779 	if (status)
2780 		ath6kl_htc_mbox_stop(target);
2781 
2782 	return status;
2783 }
2784 
2785 static int ath6kl_htc_reset(struct htc_target *target)
2786 {
2787 	u32 block_size, ctrl_bufsz;
2788 	struct htc_packet *packet;
2789 	int i;
2790 
2791 	reset_ep_state(target);
2792 
2793 	block_size = target->dev->ar->mbox_info.block_size;
2794 
2795 	ctrl_bufsz = (block_size > HTC_MAX_CTRL_MSG_LEN) ?
2796 		      (block_size + HTC_HDR_LENGTH) :
2797 		      (HTC_MAX_CTRL_MSG_LEN + HTC_HDR_LENGTH);
2798 
2799 	for (i = 0; i < NUM_CONTROL_BUFFERS; i++) {
2800 		packet = kzalloc(sizeof(*packet), GFP_KERNEL);
2801 		if (!packet)
2802 			return -ENOMEM;
2803 
2804 		packet->buf_start = kzalloc(ctrl_bufsz, GFP_KERNEL);
2805 		if (!packet->buf_start) {
2806 			kfree(packet);
2807 			return -ENOMEM;
2808 		}
2809 
2810 		packet->buf_len = ctrl_bufsz;
2811 		if (i < NUM_CONTROL_RX_BUFFERS) {
2812 			packet->act_len = 0;
2813 			packet->buf = packet->buf_start;
2814 			packet->endpoint = ENDPOINT_0;
2815 			list_add_tail(&packet->list, &target->free_ctrl_rxbuf);
2816 		} else {
2817 			list_add_tail(&packet->list, &target->free_ctrl_txbuf);
2818 		}
2819 	}
2820 
2821 	return 0;
2822 }
2823 
2824 /* htc_stop: stop interrupt reception, and flush all queued buffers */
2825 static void ath6kl_htc_mbox_stop(struct htc_target *target)
2826 {
2827 	spin_lock_bh(&target->htc_lock);
2828 	target->htc_flags |= HTC_OP_STATE_STOPPING;
2829 	spin_unlock_bh(&target->htc_lock);
2830 
2831 	/*
2832 	 * Masking interrupts is a synchronous operation, when this
2833 	 * function returns all pending HIF I/O has completed, we can
2834 	 * safely flush the queues.
2835 	 */
2836 	ath6kl_hif_mask_intrs(target->dev);
2837 
2838 	ath6kl_htc_flush_txep_all(target);
2839 
2840 	ath6kl_htc_mbox_flush_rx_buf(target);
2841 
2842 	ath6kl_htc_reset(target);
2843 }
2844 
2845 static void *ath6kl_htc_mbox_create(struct ath6kl *ar)
2846 {
2847 	struct htc_target *target = NULL;
2848 	int status = 0;
2849 
2850 	target = kzalloc(sizeof(*target), GFP_KERNEL);
2851 	if (!target) {
2852 		ath6kl_err("unable to allocate memory\n");
2853 		return NULL;
2854 	}
2855 
2856 	target->dev = kzalloc(sizeof(*target->dev), GFP_KERNEL);
2857 	if (!target->dev) {
2858 		ath6kl_err("unable to allocate memory\n");
2859 		status = -ENOMEM;
2860 		goto err_htc_cleanup;
2861 	}
2862 
2863 	spin_lock_init(&target->htc_lock);
2864 	spin_lock_init(&target->rx_lock);
2865 	spin_lock_init(&target->tx_lock);
2866 
2867 	INIT_LIST_HEAD(&target->free_ctrl_txbuf);
2868 	INIT_LIST_HEAD(&target->free_ctrl_rxbuf);
2869 	INIT_LIST_HEAD(&target->cred_dist_list);
2870 
2871 	target->dev->ar = ar;
2872 	target->dev->htc_cnxt = target;
2873 	target->ep_waiting = ENDPOINT_MAX;
2874 
2875 	status = ath6kl_hif_setup(target->dev);
2876 	if (status)
2877 		goto err_htc_cleanup;
2878 
2879 	status = ath6kl_htc_reset(target);
2880 	if (status)
2881 		goto err_htc_cleanup;
2882 
2883 	return target;
2884 
2885 err_htc_cleanup:
2886 	ath6kl_htc_mbox_cleanup(target);
2887 
2888 	return NULL;
2889 }
2890 
2891 /* cleanup the HTC instance */
2892 static void ath6kl_htc_mbox_cleanup(struct htc_target *target)
2893 {
2894 	struct htc_packet *packet, *tmp_packet;
2895 
2896 	ath6kl_hif_cleanup_scatter(target->dev->ar);
2897 
2898 	list_for_each_entry_safe(packet, tmp_packet,
2899 				 &target->free_ctrl_txbuf, list) {
2900 		list_del(&packet->list);
2901 		kfree(packet->buf_start);
2902 		kfree(packet);
2903 	}
2904 
2905 	list_for_each_entry_safe(packet, tmp_packet,
2906 				 &target->free_ctrl_rxbuf, list) {
2907 		list_del(&packet->list);
2908 		kfree(packet->buf_start);
2909 		kfree(packet);
2910 	}
2911 
2912 	kfree(target->dev);
2913 	kfree(target);
2914 }
2915 
2916 static const struct ath6kl_htc_ops ath6kl_htc_mbox_ops = {
2917 	.create = ath6kl_htc_mbox_create,
2918 	.wait_target = ath6kl_htc_mbox_wait_target,
2919 	.start = ath6kl_htc_mbox_start,
2920 	.conn_service = ath6kl_htc_mbox_conn_service,
2921 	.tx = ath6kl_htc_mbox_tx,
2922 	.stop = ath6kl_htc_mbox_stop,
2923 	.cleanup = ath6kl_htc_mbox_cleanup,
2924 	.flush_txep = ath6kl_htc_mbox_flush_txep,
2925 	.flush_rx_buf = ath6kl_htc_mbox_flush_rx_buf,
2926 	.activity_changed = ath6kl_htc_mbox_activity_changed,
2927 	.get_rxbuf_num = ath6kl_htc_mbox_get_rxbuf_num,
2928 	.add_rxbuf_multiple = ath6kl_htc_mbox_add_rxbuf_multiple,
2929 	.credit_setup = ath6kl_htc_mbox_credit_setup,
2930 };
2931 
2932 void ath6kl_htc_mbox_attach(struct ath6kl *ar)
2933 {
2934 	ar->htc_ops = &ath6kl_htc_mbox_ops;
2935 }
2936