1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NXP Bluetooth driver
4 * Copyright 2023-2025 NXP
5 */
6
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <linux/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19 #include <linux/gpio/consumer.h>
20 #include <linux/of_irq.h>
21 #include <linux/regulator/consumer.h>
22 #include <linux/reset.h>
23
24 #include <net/bluetooth/bluetooth.h>
25 #include <net/bluetooth/hci_core.h>
26
27 #include "h4_recv.h"
28
29 #define MANUFACTURER_NXP 37
30
31 #define BTNXPUART_TX_STATE_ACTIVE 1
32 #define BTNXPUART_FW_DOWNLOADING 2
33 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3
34 #define BTNXPUART_SERDEV_OPEN 4
35 #define BTNXPUART_IR_IN_PROGRESS 5
36 #define BTNXPUART_FW_DOWNLOAD_ABORT 6
37 #define BTNXPUART_FW_DUMP_IN_PROGRESS 7
38
39 /* NXP HW err codes */
40 #define BTNXPUART_IR_HW_ERR 0xb0
41
42 #define FIRMWARE_W8987 "uart8987_bt.bin"
43 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin"
44 #define FIRMWARE_W8997 "uart8997_bt_v4.bin"
45 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin"
46 #define FIRMWARE_W9098 "uart9098_bt_v1.bin"
47 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin"
48 #define FIRMWARE_IW416 "uartiw416_bt.bin"
49 #define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin"
50 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se"
51 #define FIRMWARE_IW610 "uartspi_iw610.bin"
52 #define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se"
53 #define FIRMWARE_IW624 "uartiw624_bt.bin"
54 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se"
55 #define FIRMWARE_AW693 "uartaw693_bt.bin"
56 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se"
57 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin"
58 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se"
59 #define FIRMWARE_HELPER "helper_uart_3000000.bin"
60
61 #define CHIP_ID_W9098 0x5c03
62 #define CHIP_ID_IW416 0x7201
63 #define CHIP_ID_IW612 0x7601
64 #define CHIP_ID_IW624a 0x8000
65 #define CHIP_ID_IW624c 0x8001
66 #define CHIP_ID_AW693a0 0x8200
67 #define CHIP_ID_AW693a1 0x8201
68 #define CHIP_ID_IW610a0 0x8800
69 #define CHIP_ID_IW610a1 0x8801
70
71 #define FW_SECURE_MASK 0xc0
72 #define FW_OPEN 0x00
73 #define FW_AUTH_ILLEGAL 0x40
74 #define FW_AUTH_PLAIN 0x80
75 #define FW_AUTH_ENC 0xc0
76
77 #define HCI_NXP_PRI_BAUDRATE 115200
78 #define HCI_NXP_SEC_BAUDRATE_3M 3000000
79 #define HCI_NXP_SEC_BAUDRATE_4M 4000000
80
81 #define MAX_FW_FILE_NAME_LEN 50
82
83 /* Default ps timeout period in milliseconds */
84 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
85
86 /* wakeup methods */
87 #define WAKEUP_METHOD_DTR 0
88 #define WAKEUP_METHOD_BREAK 1
89 #define WAKEUP_METHOD_EXT_BREAK 2
90 #define WAKEUP_METHOD_RTS 3
91 #define WAKEUP_METHOD_GPIO 4
92 #define WAKEUP_METHOD_INVALID 0xff
93
94 /* power save mode status */
95 #define PS_MODE_DISABLE 0
96 #define PS_MODE_ENABLE 1
97
98 /* Power Save Commands to ps_work_func */
99 #define PS_CMD_EXIT_PS 1
100 #define PS_CMD_ENTER_PS 2
101
102 /* power save state */
103 #define PS_STATE_AWAKE 0
104 #define PS_STATE_SLEEP 1
105
106 /* NXP Vendor Commands. Refer user manual UM11628 on nxp.com */
107 /* Set custom BD Address */
108 #define HCI_NXP_SET_BD_ADDR 0xfc22
109 /* Set Auto-Sleep mode */
110 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
111 /* Set Wakeup method */
112 #define HCI_NXP_WAKEUP_METHOD 0xfc53
113 /* Set operational baudrate */
114 #define HCI_NXP_SET_OPER_SPEED 0xfc09
115 /* Independent Reset (Soft Reset) */
116 #define HCI_NXP_IND_RESET 0xfcfc
117 /* Bluetooth vendor command: Trigger FW dump */
118 #define HCI_NXP_TRIGGER_DUMP 0xfe91
119
120 /* Bluetooth Power State : Vendor cmd params */
121 #define BT_PS_ENABLE 0x02
122 #define BT_PS_DISABLE 0x03
123
124 /* Bluetooth Host Wakeup Methods */
125 #define BT_HOST_WAKEUP_METHOD_NONE 0x00
126 #define BT_HOST_WAKEUP_METHOD_DTR 0x01
127 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02
128 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03
129
130 /* Bluetooth Chip Wakeup Methods */
131 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00
132 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
133 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
134 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
135 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05
136
137 struct ps_data {
138 u8 target_ps_mode; /* ps mode to be set */
139 u8 cur_psmode; /* current ps_mode */
140 u8 ps_state; /* controller's power save state */
141 u8 ps_cmd;
142 u8 h2c_wakeupmode;
143 u8 cur_h2c_wakeupmode;
144 u8 c2h_wakeupmode;
145 u8 c2h_wakeup_gpio;
146 u8 h2c_wakeup_gpio;
147 bool driver_sent_cmd;
148 u16 h2c_ps_interval;
149 u16 c2h_ps_interval;
150 bool wakeup_source;
151 struct gpio_desc *h2c_ps_gpio;
152 s32 irq_handler;
153 struct hci_dev *hdev;
154 struct work_struct work;
155 struct timer_list ps_timer;
156 struct mutex ps_lock;
157 };
158
159 struct wakeup_cmd_payload {
160 u8 c2h_wakeupmode;
161 u8 c2h_wakeup_gpio;
162 u8 h2c_wakeupmode;
163 u8 h2c_wakeup_gpio;
164 } __packed;
165
166 struct psmode_cmd_payload {
167 u8 ps_cmd;
168 __le16 c2h_ps_interval;
169 } __packed;
170
171 struct btnxpuart_data {
172 const char *helper_fw_name;
173 const char *fw_name;
174 const char *fw_name_old;
175 };
176
177 enum bootloader_param_change {
178 not_changed,
179 cmd_sent,
180 changed
181 };
182
183 struct btnxpuart_dev {
184 struct hci_dev *hdev;
185 struct serdev_device *serdev;
186
187 struct work_struct tx_work;
188 unsigned long tx_state;
189 struct sk_buff_head txq;
190 struct sk_buff *rx_skb;
191
192 const struct firmware *fw;
193 u8 fw_name[MAX_FW_FILE_NAME_LEN];
194 u32 fw_dnld_v1_offset;
195 u32 fw_v1_sent_bytes;
196 u32 fw_dnld_v3_offset;
197 u32 fw_v3_offset_correction;
198 u32 fw_v3_prev_sent;
199 u32 fw_v1_expected_len;
200 u32 boot_reg_offset;
201 wait_queue_head_t fw_dnld_done_wait_q;
202 wait_queue_head_t check_boot_sign_wait_q;
203
204 u32 new_baudrate;
205 u32 current_baudrate;
206 u32 fw_init_baudrate;
207 u32 secondary_baudrate;
208 enum bootloader_param_change timeout_changed;
209 enum bootloader_param_change baudrate_changed;
210 bool helper_downloaded;
211
212 struct ps_data psdata;
213 struct btnxpuart_data *nxp_data;
214 struct reset_control *pdn;
215 };
216
217 #define NXP_V1_FW_REQ_PKT 0xa5
218 #define NXP_V1_CHIP_VER_PKT 0xaa
219 #define NXP_V3_FW_REQ_PKT 0xa7
220 #define NXP_V3_CHIP_VER_PKT 0xab
221
222 #define NXP_ACK_V1 0x5a
223 #define NXP_NAK_V1 0xbf
224 #define NXP_ACK_V3 0x7a
225 #define NXP_NAK_V3 0x7b
226 #define NXP_CRC_ERROR_V3 0x7c
227
228 /* Bootloader signature error codes: Refer AN12820 from nxp.com */
229 #define NXP_CRC_RX_ERROR BIT(0) /* CRC error in previous packet */
230 #define NXP_ACK_RX_TIMEOUT BIT(2) /* ACK not received from host */
231 #define NXP_HDR_RX_TIMEOUT BIT(3) /* FW Header chunk not received */
232 #define NXP_DATA_RX_TIMEOUT BIT(4) /* FW Data chunk not received */
233
234 #define HDR_LEN 16
235
236 #define NXP_RECV_CHIP_VER_V1 \
237 .type = NXP_V1_CHIP_VER_PKT, \
238 .hlen = 4, \
239 .loff = 0, \
240 .lsize = 0, \
241 .maxlen = 4
242
243 #define NXP_RECV_FW_REQ_V1 \
244 .type = NXP_V1_FW_REQ_PKT, \
245 .hlen = 4, \
246 .loff = 0, \
247 .lsize = 0, \
248 .maxlen = 4
249
250 #define NXP_RECV_CHIP_VER_V3 \
251 .type = NXP_V3_CHIP_VER_PKT, \
252 .hlen = 4, \
253 .loff = 0, \
254 .lsize = 0, \
255 .maxlen = 4
256
257 #define NXP_RECV_FW_REQ_V3 \
258 .type = NXP_V3_FW_REQ_PKT, \
259 .hlen = 9, \
260 .loff = 0, \
261 .lsize = 0, \
262 .maxlen = 9
263
264 struct v1_data_req {
265 __le16 len;
266 __le16 len_comp;
267 } __packed;
268
269 struct v1_start_ind {
270 __le16 chip_id;
271 __le16 chip_id_comp;
272 } __packed;
273
274 struct v3_data_req {
275 __le16 len;
276 __le32 offset;
277 __le16 error;
278 u8 crc;
279 } __packed;
280
281 struct v3_start_ind {
282 __le16 chip_id;
283 u8 loader_ver;
284 u8 crc;
285 } __packed;
286
287 /* UART register addresses of BT chip */
288 #define CLKDIVADDR 0x7f00008f
289 #define UARTDIVADDR 0x7f000090
290 #define UARTMCRADDR 0x7f000091
291 #define UARTREINITADDR 0x7f000092
292 #define UARTICRADDR 0x7f000093
293 #define UARTFCRADDR 0x7f000094
294
295 #define MCR 0x00000022
296 #define INIT 0x00000001
297 #define ICR 0x000000c7
298 #define FCR 0x000000c7
299
300 #define POLYNOMIAL8 0x07
301
302 struct uart_reg {
303 __le32 address;
304 __le32 value;
305 } __packed;
306
307 struct uart_config {
308 struct uart_reg clkdiv;
309 struct uart_reg uartdiv;
310 struct uart_reg mcr;
311 struct uart_reg re_init;
312 struct uart_reg icr;
313 struct uart_reg fcr;
314 __be32 crc;
315 } __packed;
316
317 struct nxp_bootloader_cmd {
318 __le32 header;
319 __le32 arg;
320 __le32 payload_len;
321 __be32 crc;
322 } __packed;
323
324 struct nxp_v3_rx_timeout_nak {
325 u8 nak;
326 __le32 offset;
327 u8 crc;
328 } __packed;
329
330 union nxp_v3_rx_timeout_nak_u {
331 struct nxp_v3_rx_timeout_nak pkt;
332 u8 buf[6];
333 };
334
335 struct nxp_v3_crc_nak {
336 u8 nak;
337 u8 crc;
338 } __packed;
339
340 union nxp_v3_crc_nak_u {
341 struct nxp_v3_crc_nak pkt;
342 u8 buf[2];
343 };
344
345 /* FW dump */
346 #define NXP_FW_DUMP_SIZE (1024 * 1000)
347
348 struct nxp_fw_dump_hdr {
349 __le16 seq_num;
350 __le16 reserved;
351 __le16 buf_type;
352 __le16 buf_len;
353 };
354
355 union nxp_set_bd_addr_payload {
356 struct {
357 u8 param_id;
358 u8 param_len;
359 u8 param[6];
360 } __packed data;
361 u8 buf[8];
362 };
363
364 static u8 crc8_table[CRC8_TABLE_SIZE];
365
366 /* Default configurations */
367 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
368 #define DEFAULT_PS_MODE PS_MODE_ENABLE
369 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
370
nxp_drv_send_cmd(struct hci_dev * hdev,u16 opcode,u32 plen,void * param,bool resp)371 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
372 u32 plen,
373 void *param,
374 bool resp)
375 {
376 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
377 struct ps_data *psdata = &nxpdev->psdata;
378 struct sk_buff *skb = NULL;
379
380 /* set flag to prevent nxp_enqueue from parsing values from this command and
381 * calling hci_cmd_sync_queue() again.
382 */
383 psdata->driver_sent_cmd = true;
384 if (resp) {
385 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
386 } else {
387 __hci_cmd_send(hdev, opcode, plen, param);
388 /* Allow command to be sent before tx_work is cancelled
389 * by btnxpuart_flush()
390 */
391 msleep(20);
392 }
393 psdata->driver_sent_cmd = false;
394
395 return skb;
396 }
397
btnxpuart_tx_wakeup(struct btnxpuart_dev * nxpdev)398 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
399 {
400 if (schedule_work(&nxpdev->tx_work))
401 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
402 }
403
404 /* NXP Power Save Feature */
ps_start_timer(struct btnxpuart_dev * nxpdev)405 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
406 {
407 struct ps_data *psdata = &nxpdev->psdata;
408
409 if (!psdata)
410 return;
411
412 if (psdata->cur_psmode == PS_MODE_ENABLE)
413 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
414
415 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
416 cancel_work_sync(&psdata->work);
417 }
418
ps_cancel_timer(struct btnxpuart_dev * nxpdev)419 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
420 {
421 struct ps_data *psdata = &nxpdev->psdata;
422
423 flush_work(&psdata->work);
424 timer_shutdown_sync(&psdata->ps_timer);
425 }
426
ps_control(struct hci_dev * hdev,u8 ps_state)427 static void ps_control(struct hci_dev *hdev, u8 ps_state)
428 {
429 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
430 struct ps_data *psdata = &nxpdev->psdata;
431 int status = 0;
432
433 if (psdata->ps_state == ps_state ||
434 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
435 return;
436
437 mutex_lock(&psdata->ps_lock);
438 switch (psdata->cur_h2c_wakeupmode) {
439 case WAKEUP_METHOD_GPIO:
440 if (ps_state == PS_STATE_AWAKE)
441 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
442 else
443 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1);
444 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s",
445 str_high_low(ps_state == PS_STATE_SLEEP));
446 break;
447 case WAKEUP_METHOD_DTR:
448 if (ps_state == PS_STATE_AWAKE)
449 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
450 else
451 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
452 break;
453 case WAKEUP_METHOD_BREAK:
454 default:
455 if (ps_state == PS_STATE_AWAKE)
456 status = serdev_device_break_ctl(nxpdev->serdev, 0);
457 else
458 status = serdev_device_break_ctl(nxpdev->serdev, -1);
459 msleep(20); /* Allow chip to detect UART-break and enter sleep */
460 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
461 str_on_off(ps_state == PS_STATE_SLEEP), status);
462 break;
463 }
464 if (!status)
465 psdata->ps_state = ps_state;
466 mutex_unlock(&psdata->ps_lock);
467
468 if (ps_state == PS_STATE_AWAKE)
469 btnxpuart_tx_wakeup(nxpdev);
470 }
471
ps_work_func(struct work_struct * work)472 static void ps_work_func(struct work_struct *work)
473 {
474 struct ps_data *data = container_of(work, struct ps_data, work);
475
476 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
477 ps_control(data->hdev, PS_STATE_SLEEP);
478 else if (data->ps_cmd == PS_CMD_EXIT_PS)
479 ps_control(data->hdev, PS_STATE_AWAKE);
480 }
481
ps_timeout_func(struct timer_list * t)482 static void ps_timeout_func(struct timer_list *t)
483 {
484 struct ps_data *data = timer_container_of(data, t, ps_timer);
485 struct hci_dev *hdev = data->hdev;
486 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
487
488 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
489 ps_start_timer(nxpdev);
490 } else {
491 data->ps_cmd = PS_CMD_ENTER_PS;
492 schedule_work(&data->work);
493 }
494 }
495
ps_host_wakeup_irq_handler(int irq,void * priv)496 static irqreturn_t ps_host_wakeup_irq_handler(int irq, void *priv)
497 {
498 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)priv;
499
500 bt_dev_dbg(nxpdev->hdev, "Host wakeup interrupt");
501 return IRQ_HANDLED;
502 }
ps_setup(struct hci_dev * hdev)503 static int ps_setup(struct hci_dev *hdev)
504 {
505 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
506 struct serdev_device *serdev = nxpdev->serdev;
507 struct ps_data *psdata = &nxpdev->psdata;
508 int ret;
509
510 /* Out-Of-Band Device Wakeup */
511 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup",
512 GPIOD_OUT_LOW);
513 if (IS_ERR(psdata->h2c_ps_gpio)) {
514 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld",
515 PTR_ERR(psdata->h2c_ps_gpio));
516 return PTR_ERR(psdata->h2c_ps_gpio);
517 }
518
519 if (device_property_read_u8(&serdev->dev, "nxp,wakein-pin", &psdata->h2c_wakeup_gpio)) {
520 psdata->h2c_wakeup_gpio = 0xff; /* 0xff: use default pin/gpio */
521 } else if (!psdata->h2c_ps_gpio) {
522 bt_dev_warn(hdev, "nxp,wakein-pin property without device-wakeup-gpios");
523 psdata->h2c_wakeup_gpio = 0xff;
524 }
525
526 /* Out-Of-Band Host Wakeup */
527 if (of_property_read_bool(serdev->dev.of_node, "wakeup-source")) {
528 psdata->irq_handler = of_irq_get_byname(serdev->dev.of_node, "wakeup");
529 bt_dev_info(nxpdev->hdev, "irq_handler: %d", psdata->irq_handler);
530 if (psdata->irq_handler > 0)
531 psdata->wakeup_source = true;
532 }
533
534 if (device_property_read_u8(&serdev->dev, "nxp,wakeout-pin", &psdata->c2h_wakeup_gpio)) {
535 psdata->c2h_wakeup_gpio = 0xff;
536 if (psdata->wakeup_source) {
537 bt_dev_warn(hdev, "host wakeup interrupt without nxp,wakeout-pin");
538 psdata->wakeup_source = false;
539 }
540 } else if (!psdata->wakeup_source) {
541 bt_dev_warn(hdev, "nxp,wakeout-pin property without host wakeup interrupt");
542 psdata->c2h_wakeup_gpio = 0xff;
543 }
544
545 if (psdata->wakeup_source) {
546 ret = devm_request_irq(&serdev->dev, psdata->irq_handler,
547 ps_host_wakeup_irq_handler,
548 IRQF_ONESHOT | IRQF_TRIGGER_FALLING,
549 dev_name(&serdev->dev), nxpdev);
550 if (ret)
551 bt_dev_info(hdev, "error setting wakeup IRQ handler, ignoring\n");
552 disable_irq(psdata->irq_handler);
553 device_init_wakeup(&serdev->dev, true);
554 }
555
556 psdata->hdev = hdev;
557 INIT_WORK(&psdata->work, ps_work_func);
558 mutex_init(&psdata->ps_lock);
559 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
560
561 return 0;
562 }
563
ps_wakeup(struct btnxpuart_dev * nxpdev)564 static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
565 {
566 struct ps_data *psdata = &nxpdev->psdata;
567 u8 ps_state;
568
569 mutex_lock(&psdata->ps_lock);
570 ps_state = psdata->ps_state;
571 mutex_unlock(&psdata->ps_lock);
572
573 if (ps_state != PS_STATE_AWAKE) {
574 psdata->ps_cmd = PS_CMD_EXIT_PS;
575 schedule_work(&psdata->work);
576 return true;
577 }
578 return false;
579 }
580
ps_cleanup(struct btnxpuart_dev * nxpdev)581 static void ps_cleanup(struct btnxpuart_dev *nxpdev)
582 {
583 struct ps_data *psdata = &nxpdev->psdata;
584 u8 ps_state;
585
586 mutex_lock(&psdata->ps_lock);
587 ps_state = psdata->ps_state;
588 mutex_unlock(&psdata->ps_lock);
589
590 if (ps_state != PS_STATE_AWAKE)
591 ps_control(psdata->hdev, PS_STATE_AWAKE);
592
593 ps_cancel_timer(nxpdev);
594 cancel_work_sync(&psdata->work);
595 mutex_destroy(&psdata->ps_lock);
596 }
597
send_ps_cmd(struct hci_dev * hdev,void * data)598 static int send_ps_cmd(struct hci_dev *hdev, void *data)
599 {
600 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
601 struct ps_data *psdata = &nxpdev->psdata;
602 struct psmode_cmd_payload pcmd;
603 struct sk_buff *skb;
604 u8 *status;
605
606 if (psdata->target_ps_mode == PS_MODE_ENABLE)
607 pcmd.ps_cmd = BT_PS_ENABLE;
608 else
609 pcmd.ps_cmd = BT_PS_DISABLE;
610 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
611
612 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd),
613 &pcmd, true);
614 if (IS_ERR(skb)) {
615 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
616 return PTR_ERR(skb);
617 }
618
619 status = skb_pull_data(skb, 1);
620 if (status) {
621 if (!*status)
622 psdata->cur_psmode = psdata->target_ps_mode;
623 else
624 psdata->target_ps_mode = psdata->cur_psmode;
625 if (psdata->cur_psmode == PS_MODE_ENABLE)
626 ps_start_timer(nxpdev);
627 else
628 ps_wakeup(nxpdev);
629 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
630 *status, psdata->cur_psmode);
631 }
632 kfree_skb(skb);
633
634 return 0;
635 }
636
send_wakeup_method_cmd(struct hci_dev * hdev,void * data)637 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
638 {
639 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
640 struct ps_data *psdata = &nxpdev->psdata;
641 struct wakeup_cmd_payload pcmd;
642 struct sk_buff *skb;
643 u8 *status;
644
645 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
646 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
647 pcmd.h2c_wakeup_gpio = 0xff;
648 switch (psdata->h2c_wakeupmode) {
649 case WAKEUP_METHOD_GPIO:
650 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO;
651 pcmd.h2c_wakeup_gpio = psdata->h2c_wakeup_gpio;
652 break;
653 case WAKEUP_METHOD_DTR:
654 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
655 break;
656 case WAKEUP_METHOD_BREAK:
657 default:
658 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
659 break;
660 }
661
662 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd),
663 &pcmd, true);
664 if (IS_ERR(skb)) {
665 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
666 return PTR_ERR(skb);
667 }
668
669 status = skb_pull_data(skb, 1);
670 if (status) {
671 if (*status == 0)
672 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
673 else
674 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
675 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
676 *status, psdata->cur_h2c_wakeupmode);
677 }
678 kfree_skb(skb);
679
680 return 0;
681 }
682
ps_init(struct hci_dev * hdev)683 static void ps_init(struct hci_dev *hdev)
684 {
685 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
686 struct ps_data *psdata = &nxpdev->psdata;
687 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE;
688
689 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
690 usleep_range(5000, 10000);
691 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
692 usleep_range(5000, 10000);
693
694 psdata->ps_state = PS_STATE_AWAKE;
695
696 if (psdata->c2h_wakeup_gpio != 0xff)
697 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_GPIO;
698 else
699 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
700
701 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
702 if (psdata->h2c_ps_gpio)
703 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO;
704
705 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
706
707 switch (default_h2c_wakeup_mode) {
708 case WAKEUP_METHOD_GPIO:
709 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
710 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
711 usleep_range(5000, 10000);
712 break;
713 case WAKEUP_METHOD_DTR:
714 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
715 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
716 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
717 break;
718 case WAKEUP_METHOD_BREAK:
719 default:
720 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
721 serdev_device_break_ctl(nxpdev->serdev, -1);
722 usleep_range(5000, 10000);
723 serdev_device_break_ctl(nxpdev->serdev, 0);
724 usleep_range(5000, 10000);
725 break;
726 }
727
728 psdata->cur_psmode = PS_MODE_DISABLE;
729 psdata->target_ps_mode = DEFAULT_PS_MODE;
730 }
731
732 /* NXP Firmware Download Feature */
nxp_download_firmware(struct hci_dev * hdev)733 static int nxp_download_firmware(struct hci_dev *hdev)
734 {
735 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
736 int err = 0;
737
738 nxpdev->fw_dnld_v1_offset = 0;
739 nxpdev->fw_v1_sent_bytes = 0;
740 nxpdev->fw_v1_expected_len = HDR_LEN;
741 nxpdev->boot_reg_offset = 0;
742 nxpdev->fw_dnld_v3_offset = 0;
743 nxpdev->fw_v3_offset_correction = 0;
744 nxpdev->baudrate_changed = not_changed;
745 nxpdev->timeout_changed = not_changed;
746 nxpdev->helper_downloaded = false;
747
748 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
749 serdev_device_set_flow_control(nxpdev->serdev, false);
750 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
751
752 /* Wait till FW is downloaded */
753 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
754 !test_bit(BTNXPUART_FW_DOWNLOADING,
755 &nxpdev->tx_state),
756 msecs_to_jiffies(60000));
757
758 if (nxpdev->fw && strlen(nxpdev->fw_name)) {
759 release_firmware(nxpdev->fw);
760 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
761 }
762
763 if (err == 0) {
764 bt_dev_err(hdev, "FW Download Timeout. offset: %d",
765 nxpdev->fw_dnld_v1_offset ?
766 nxpdev->fw_dnld_v1_offset :
767 nxpdev->fw_dnld_v3_offset);
768 return -ETIMEDOUT;
769 }
770 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
771 bt_dev_err(hdev, "FW Download Aborted");
772 return -EINTR;
773 }
774
775 serdev_device_set_flow_control(nxpdev->serdev, true);
776
777 /* Allow the downloaded FW to initialize */
778 msleep(1200);
779
780 return 0;
781 }
782
nxp_send_ack(u8 ack,struct hci_dev * hdev)783 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
784 {
785 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
786 u8 ack_nak[2];
787 int len = 1;
788
789 ack_nak[0] = ack;
790 if (ack == NXP_ACK_V3) {
791 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
792 len = 2;
793 }
794 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
795 }
796
nxp_fw_change_baudrate(struct hci_dev * hdev,u16 req_len)797 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
798 {
799 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
800 struct nxp_bootloader_cmd nxp_cmd5;
801 struct uart_config uart_config;
802 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
803 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
804 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
805 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
806 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
807 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
808
809 if (req_len == sizeof(nxp_cmd5)) {
810 nxp_cmd5.header = __cpu_to_le32(5);
811 nxp_cmd5.arg = 0;
812 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
813 /* FW expects swapped CRC bytes */
814 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
815 sizeof(nxp_cmd5) - 4));
816
817 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
818 nxpdev->fw_v3_offset_correction += req_len;
819 } else if (req_len == sizeof(uart_config)) {
820 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
821 if (nxpdev->new_baudrate == HCI_NXP_SEC_BAUDRATE_4M)
822 uart_config.clkdiv.value = __cpu_to_le32(0x01000000);
823 else
824 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
825 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
826 uart_config.uartdiv.value = __cpu_to_le32(1);
827 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
828 uart_config.mcr.value = __cpu_to_le32(MCR);
829 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
830 uart_config.re_init.value = __cpu_to_le32(INIT);
831 uart_config.icr.address = __cpu_to_le32(uarticraddr);
832 uart_config.icr.value = __cpu_to_le32(ICR);
833 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
834 uart_config.fcr.value = __cpu_to_le32(FCR);
835 /* FW expects swapped CRC bytes */
836 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
837 sizeof(uart_config) - 4));
838
839 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
840 serdev_device_wait_until_sent(nxpdev->serdev, 0);
841 nxpdev->fw_v3_offset_correction += req_len;
842 return true;
843 }
844 return false;
845 }
846
nxp_fw_change_timeout(struct hci_dev * hdev,u16 req_len)847 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
848 {
849 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
850 struct nxp_bootloader_cmd nxp_cmd7;
851
852 if (req_len != sizeof(nxp_cmd7))
853 return false;
854
855 nxp_cmd7.header = __cpu_to_le32(7);
856 nxp_cmd7.arg = __cpu_to_le32(0x70);
857 nxp_cmd7.payload_len = 0;
858 /* FW expects swapped CRC bytes */
859 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
860 sizeof(nxp_cmd7) - 4));
861 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
862 serdev_device_wait_until_sent(nxpdev->serdev, 0);
863 nxpdev->fw_v3_offset_correction += req_len;
864 return true;
865 }
866
nxp_get_data_len(const u8 * buf)867 static u32 nxp_get_data_len(const u8 *buf)
868 {
869 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
870
871 return __le32_to_cpu(hdr->payload_len);
872 }
873
is_fw_downloading(struct btnxpuart_dev * nxpdev)874 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
875 {
876 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
877 }
878
ind_reset_in_progress(struct btnxpuart_dev * nxpdev)879 static bool ind_reset_in_progress(struct btnxpuart_dev *nxpdev)
880 {
881 return test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
882 }
883
fw_dump_in_progress(struct btnxpuart_dev * nxpdev)884 static bool fw_dump_in_progress(struct btnxpuart_dev *nxpdev)
885 {
886 return test_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state);
887 }
888
process_boot_signature(struct btnxpuart_dev * nxpdev)889 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
890 {
891 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
892 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
893 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
894 return false;
895 }
896 return is_fw_downloading(nxpdev);
897 }
898
nxp_request_firmware(struct hci_dev * hdev,const char * fw_name,const char * fw_name_old)899 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name,
900 const char *fw_name_old)
901 {
902 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
903 const char *fw_name_dt;
904 int err = 0;
905
906 if (!fw_name)
907 return -ENOENT;
908
909 if (!strlen(nxpdev->fw_name)) {
910 if (strcmp(fw_name, FIRMWARE_HELPER) &&
911 !device_property_read_string(&nxpdev->serdev->dev,
912 "firmware-name",
913 &fw_name_dt))
914 fw_name = fw_name_dt;
915 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name);
916 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
917 if (err < 0 && fw_name_old) {
918 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old);
919 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
920 }
921
922 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name);
923 if (err < 0) {
924 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
925 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
926 }
927 }
928 return err;
929 }
930
931 /* for legacy chipsets with V1 bootloader */
nxp_recv_chip_ver_v1(struct hci_dev * hdev,struct sk_buff * skb)932 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
933 {
934 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
935 struct v1_start_ind *req;
936 __u16 chip_id;
937
938 req = skb_pull_data(skb, sizeof(*req));
939 if (!req)
940 goto free_skb;
941
942 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
943 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
944 nxpdev->fw_dnld_v1_offset = 0;
945 nxpdev->fw_v1_sent_bytes = 0;
946 nxpdev->fw_v1_expected_len = HDR_LEN;
947 release_firmware(nxpdev->fw);
948 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
949 nxp_send_ack(NXP_ACK_V1, hdev);
950 }
951
952 free_skb:
953 kfree_skb(skb);
954 return 0;
955 }
956
nxp_recv_fw_req_v1(struct hci_dev * hdev,struct sk_buff * skb)957 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
958 {
959 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
960 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
961 struct v1_data_req *req;
962 __u16 len;
963
964 if (!process_boot_signature(nxpdev))
965 goto free_skb;
966
967 req = skb_pull_data(skb, sizeof(*req));
968 if (!req)
969 goto free_skb;
970
971 len = __le16_to_cpu(req->len ^ req->len_comp);
972 if (len != 0xffff) {
973 bt_dev_dbg(hdev, "ERR: Send NAK");
974 nxp_send_ack(NXP_NAK_V1, hdev);
975 goto free_skb;
976 }
977 nxp_send_ack(NXP_ACK_V1, hdev);
978
979 len = __le16_to_cpu(req->len);
980
981 if (!nxp_data->helper_fw_name) {
982 if (nxpdev->timeout_changed != changed) {
983 nxp_fw_change_timeout(hdev, len);
984 nxpdev->timeout_changed = changed;
985 goto free_skb;
986 }
987 if (nxpdev->baudrate_changed != changed) {
988 nxpdev->new_baudrate = nxpdev->secondary_baudrate;
989 if (nxp_fw_change_baudrate(hdev, len)) {
990 nxpdev->baudrate_changed = changed;
991 serdev_device_set_baudrate(nxpdev->serdev,
992 nxpdev->secondary_baudrate);
993 serdev_device_set_flow_control(nxpdev->serdev, true);
994 nxpdev->current_baudrate = nxpdev->secondary_baudrate;
995 }
996 goto free_skb;
997 }
998 }
999
1000 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
1001 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old))
1002 goto free_skb;
1003 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
1004 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL))
1005 goto free_skb;
1006 }
1007
1008 if (!len) {
1009 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1010 nxpdev->fw->size);
1011 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
1012 nxpdev->helper_downloaded = true;
1013 serdev_device_wait_until_sent(nxpdev->serdev, 0);
1014 serdev_device_set_baudrate(nxpdev->serdev,
1015 HCI_NXP_SEC_BAUDRATE_3M);
1016 serdev_device_set_flow_control(nxpdev->serdev, true);
1017 } else {
1018 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1019 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1020 }
1021 goto free_skb;
1022 }
1023 if (len & 0x01) {
1024 /* The CRC did not match at the other end.
1025 * Simply send the same bytes again.
1026 */
1027 len = nxpdev->fw_v1_sent_bytes;
1028 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
1029 } else {
1030 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
1031
1032 /* The FW bin file is made up of many blocks of
1033 * 16 byte header and payload data chunks. If the
1034 * FW has requested a header, read the payload length
1035 * info from the header, before sending the header.
1036 * In the next iteration, the FW should request the
1037 * payload data chunk, which should be equal to the
1038 * payload length read from header. If there is a
1039 * mismatch, clearly the driver and FW are out of sync,
1040 * and we need to re-send the previous header again.
1041 */
1042 if (len == nxpdev->fw_v1_expected_len) {
1043 if (len == HDR_LEN)
1044 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
1045 nxpdev->fw_dnld_v1_offset);
1046 else
1047 nxpdev->fw_v1_expected_len = HDR_LEN;
1048 } else if (len == HDR_LEN) {
1049 /* FW download out of sync. Send previous chunk again */
1050 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
1051 nxpdev->fw_v1_expected_len = HDR_LEN;
1052 }
1053 }
1054
1055 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
1056 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1057 nxpdev->fw_dnld_v1_offset, len);
1058 nxpdev->fw_v1_sent_bytes = len;
1059
1060 free_skb:
1061 kfree_skb(skb);
1062 return 0;
1063 }
1064
nxp_get_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)1065 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1066 u8 loader_ver)
1067 {
1068 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1069 char *fw_name = NULL;
1070
1071 switch (chipid) {
1072 case CHIP_ID_W9098:
1073 fw_name = FIRMWARE_W9098;
1074 break;
1075 case CHIP_ID_IW416:
1076 fw_name = FIRMWARE_IW416;
1077 break;
1078 case CHIP_ID_IW612:
1079 fw_name = FIRMWARE_IW612;
1080 break;
1081 case CHIP_ID_IW624a:
1082 case CHIP_ID_IW624c:
1083 nxpdev->boot_reg_offset = 1;
1084 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1085 fw_name = FIRMWARE_IW624;
1086 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1087 fw_name = FIRMWARE_SECURE_IW624;
1088 else
1089 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1090 break;
1091 case CHIP_ID_AW693a0:
1092 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1093 fw_name = FIRMWARE_AW693;
1094 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1095 fw_name = FIRMWARE_SECURE_AW693;
1096 else
1097 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1098 break;
1099 case CHIP_ID_AW693a1:
1100 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1101 fw_name = FIRMWARE_AW693_A1;
1102 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1103 fw_name = FIRMWARE_SECURE_AW693_A1;
1104 else
1105 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1106 break;
1107 case CHIP_ID_IW610a0:
1108 case CHIP_ID_IW610a1:
1109 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1110 fw_name = FIRMWARE_IW610;
1111 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1112 fw_name = FIRMWARE_SECURE_IW610;
1113 else
1114 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1115 break;
1116 default:
1117 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
1118 break;
1119 }
1120 return fw_name;
1121 }
1122
nxp_get_old_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)1123 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1124 u8 loader_ver)
1125 {
1126 char *fw_name_old = NULL;
1127
1128 switch (chipid) {
1129 case CHIP_ID_W9098:
1130 fw_name_old = FIRMWARE_W9098_OLD;
1131 break;
1132 case CHIP_ID_IW416:
1133 fw_name_old = FIRMWARE_IW416_OLD;
1134 break;
1135 }
1136 return fw_name_old;
1137 }
1138
nxp_recv_chip_ver_v3(struct hci_dev * hdev,struct sk_buff * skb)1139 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
1140 {
1141 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
1142 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1143 const char *fw_name;
1144 const char *fw_name_old;
1145 u16 chip_id;
1146 u8 loader_ver;
1147
1148 if (!process_boot_signature(nxpdev))
1149 goto free_skb;
1150
1151 chip_id = le16_to_cpu(req->chip_id);
1152 loader_ver = req->loader_ver;
1153 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver);
1154 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver);
1155 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver);
1156 if (!nxp_request_firmware(hdev, fw_name, fw_name_old))
1157 nxp_send_ack(NXP_ACK_V3, hdev);
1158
1159 free_skb:
1160 kfree_skb(skb);
1161 return 0;
1162 }
1163
nxp_handle_fw_download_error(struct hci_dev * hdev,struct v3_data_req * req)1164 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
1165 {
1166 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1167 __u32 offset = __le32_to_cpu(req->offset);
1168 __u16 err = __le16_to_cpu(req->error);
1169 union nxp_v3_rx_timeout_nak_u timeout_nak_buf;
1170 union nxp_v3_crc_nak_u crc_nak_buf;
1171
1172 if (err & NXP_CRC_RX_ERROR) {
1173 crc_nak_buf.pkt.nak = NXP_CRC_ERROR_V3;
1174 crc_nak_buf.pkt.crc = crc8(crc8_table, crc_nak_buf.buf,
1175 sizeof(crc_nak_buf) - 1, 0xff);
1176 serdev_device_write_buf(nxpdev->serdev, crc_nak_buf.buf,
1177 sizeof(crc_nak_buf));
1178 } else if (err & NXP_ACK_RX_TIMEOUT ||
1179 err & NXP_HDR_RX_TIMEOUT ||
1180 err & NXP_DATA_RX_TIMEOUT) {
1181 timeout_nak_buf.pkt.nak = NXP_NAK_V3;
1182 timeout_nak_buf.pkt.offset = __cpu_to_le32(offset);
1183 timeout_nak_buf.pkt.crc = crc8(crc8_table, timeout_nak_buf.buf,
1184 sizeof(timeout_nak_buf) - 1, 0xff);
1185 serdev_device_write_buf(nxpdev->serdev, timeout_nak_buf.buf,
1186 sizeof(timeout_nak_buf));
1187 } else {
1188 bt_dev_err(hdev, "Unknown bootloader error code: %d", err);
1189 }
1190 }
1191
nxp_recv_fw_req_v3(struct hci_dev * hdev,struct sk_buff * skb)1192 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
1193 {
1194 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1195 struct v3_data_req *req;
1196 __u16 len = 0;
1197 __u16 err = 0;
1198 __u32 offset;
1199
1200 if (!process_boot_signature(nxpdev))
1201 goto free_skb;
1202
1203 req = skb_pull_data(skb, sizeof(*req));
1204 if (!req || !nxpdev->fw)
1205 goto free_skb;
1206
1207 err = __le16_to_cpu(req->error);
1208
1209 if (!err) {
1210 nxp_send_ack(NXP_ACK_V3, hdev);
1211 if (nxpdev->timeout_changed == cmd_sent)
1212 nxpdev->timeout_changed = changed;
1213 if (nxpdev->baudrate_changed == cmd_sent)
1214 nxpdev->baudrate_changed = changed;
1215 } else {
1216 nxp_handle_fw_download_error(hdev, req);
1217 if (nxpdev->timeout_changed == cmd_sent &&
1218 err == NXP_CRC_RX_ERROR) {
1219 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent;
1220 nxpdev->timeout_changed = not_changed;
1221 }
1222 if (nxpdev->baudrate_changed == cmd_sent &&
1223 err == NXP_CRC_RX_ERROR) {
1224 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent;
1225 nxpdev->baudrate_changed = not_changed;
1226 }
1227 goto free_skb;
1228 }
1229
1230 len = __le16_to_cpu(req->len);
1231
1232 if (nxpdev->timeout_changed != changed) {
1233 nxp_fw_change_timeout(hdev, len);
1234 nxpdev->timeout_changed = cmd_sent;
1235 goto free_skb;
1236 }
1237
1238 if (nxpdev->baudrate_changed != changed) {
1239 nxpdev->new_baudrate = nxpdev->secondary_baudrate;
1240 if (nxp_fw_change_baudrate(hdev, len)) {
1241 nxpdev->baudrate_changed = cmd_sent;
1242 serdev_device_set_baudrate(nxpdev->serdev,
1243 nxpdev->secondary_baudrate);
1244 serdev_device_set_flow_control(nxpdev->serdev, true);
1245 nxpdev->current_baudrate = nxpdev->secondary_baudrate;
1246 }
1247 goto free_skb;
1248 }
1249
1250 if (req->len == 0) {
1251 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1252 nxpdev->fw->size);
1253 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1254 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1255 goto free_skb;
1256 }
1257
1258 offset = __le32_to_cpu(req->offset);
1259 if (offset < nxpdev->fw_v3_offset_correction) {
1260 /* This scenario should ideally never occur. But if it ever does,
1261 * FW is out of sync and needs a power cycle.
1262 */
1263 bt_dev_err(hdev, "Something went wrong during FW download");
1264 bt_dev_err(hdev, "Please power cycle and try again");
1265 goto free_skb;
1266 }
1267
1268 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1269 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1270 nxpdev->fw_dnld_v3_offset, len);
1271
1272 free_skb:
1273 nxpdev->fw_v3_prev_sent = len;
1274 kfree_skb(skb);
1275 return 0;
1276 }
1277
nxp_set_baudrate_cmd(struct hci_dev * hdev,void * data)1278 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1279 {
1280 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1281 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1282 struct ps_data *psdata = &nxpdev->psdata;
1283 struct sk_buff *skb;
1284 u8 *status;
1285
1286 if (!psdata)
1287 return 0;
1288
1289 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4,
1290 (u8 *)&new_baudrate, true);
1291 if (IS_ERR(skb)) {
1292 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1293 return PTR_ERR(skb);
1294 }
1295
1296 status = (u8 *)skb_pull_data(skb, 1);
1297 if (status) {
1298 if (*status == 0) {
1299 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1300 nxpdev->current_baudrate = nxpdev->new_baudrate;
1301 }
1302 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1303 *status, nxpdev->new_baudrate);
1304 }
1305 kfree_skb(skb);
1306
1307 return 0;
1308 }
1309
nxp_check_boot_sign(struct btnxpuart_dev * nxpdev)1310 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1311 {
1312 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1313 if (ind_reset_in_progress(nxpdev))
1314 serdev_device_set_flow_control(nxpdev->serdev, false);
1315 else
1316 serdev_device_set_flow_control(nxpdev->serdev, true);
1317 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1318
1319 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1320 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1321 &nxpdev->tx_state),
1322 msecs_to_jiffies(1000));
1323 }
1324
nxp_set_ind_reset(struct hci_dev * hdev,void * data)1325 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1326 {
1327 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1328 0x01, BTNXPUART_IR_HW_ERR };
1329 struct sk_buff *skb;
1330
1331 skb = bt_skb_alloc(3, GFP_ATOMIC);
1332 if (!skb)
1333 return -ENOMEM;
1334
1335 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1336 skb_put_data(skb, ir_hw_err, 3);
1337
1338 /* Inject Hardware Error to upper stack */
1339 return hci_recv_frame(hdev, skb);
1340 }
1341
1342 /* Firmware dump */
nxp_coredump(struct hci_dev * hdev)1343 static void nxp_coredump(struct hci_dev *hdev)
1344 {
1345 struct sk_buff *skb;
1346 u8 pcmd = 2;
1347
1348 skb = nxp_drv_send_cmd(hdev, HCI_NXP_TRIGGER_DUMP, 1, &pcmd, true);
1349 if (IS_ERR(skb))
1350 bt_dev_err(hdev, "Failed to trigger FW Dump. (%ld)", PTR_ERR(skb));
1351 else
1352 kfree_skb(skb);
1353 }
1354
nxp_coredump_hdr(struct hci_dev * hdev,struct sk_buff * skb)1355 static void nxp_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
1356 {
1357 /* Nothing to be added in FW dump header */
1358 }
1359
nxp_process_fw_dump(struct hci_dev * hdev,struct sk_buff * skb)1360 static int nxp_process_fw_dump(struct hci_dev *hdev, struct sk_buff *skb)
1361 {
1362 struct hci_acl_hdr *acl_hdr = (struct hci_acl_hdr *)skb_pull_data(skb,
1363 sizeof(*acl_hdr));
1364 struct nxp_fw_dump_hdr *fw_dump_hdr = (struct nxp_fw_dump_hdr *)skb->data;
1365 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1366 __u16 seq_num = __le16_to_cpu(fw_dump_hdr->seq_num);
1367 __u16 buf_len = __le16_to_cpu(fw_dump_hdr->buf_len);
1368 int err;
1369
1370 if (seq_num == 0x0001) {
1371 if (test_and_set_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state)) {
1372 bt_dev_err(hdev, "FW dump already in progress");
1373 goto free_skb;
1374 }
1375 bt_dev_warn(hdev, "==== Start FW dump ===");
1376 err = hci_devcd_init(hdev, NXP_FW_DUMP_SIZE);
1377 if (err < 0)
1378 goto free_skb;
1379
1380 schedule_delayed_work(&hdev->dump.dump_timeout,
1381 msecs_to_jiffies(20000));
1382 }
1383
1384 err = hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC));
1385 if (err < 0)
1386 goto free_skb;
1387
1388 if (buf_len == 0) {
1389 bt_dev_warn(hdev, "==== FW dump complete ===");
1390 hci_devcd_complete(hdev);
1391 nxp_set_ind_reset(hdev, NULL);
1392 }
1393
1394 free_skb:
1395 kfree_skb(skb);
1396 return 0;
1397 }
1398
nxp_recv_acl_pkt(struct hci_dev * hdev,struct sk_buff * skb)1399 static int nxp_recv_acl_pkt(struct hci_dev *hdev, struct sk_buff *skb)
1400 {
1401 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle);
1402
1403 /* FW dump chunks are ACL packets with conn handle 0xfff */
1404 if ((handle & 0x0FFF) == 0xFFF)
1405 return nxp_process_fw_dump(hdev, skb);
1406 else
1407 return hci_recv_frame(hdev, skb);
1408 }
1409
nxp_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)1410 static int nxp_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1411 {
1412 union nxp_set_bd_addr_payload pcmd;
1413 int err;
1414
1415 pcmd.data.param_id = 0xfe;
1416 pcmd.data.param_len = 6;
1417 memcpy(pcmd.data.param, bdaddr, 6);
1418
1419 /* BD address can be assigned only after first reset command. */
1420 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL,
1421 HCI_INIT_TIMEOUT);
1422 if (err) {
1423 bt_dev_err(hdev,
1424 "Reset before setting local-bd-addr failed (%d)",
1425 err);
1426 return err;
1427 }
1428
1429 err = __hci_cmd_sync_status(hdev, HCI_NXP_SET_BD_ADDR, sizeof(pcmd),
1430 pcmd.buf, HCI_CMD_TIMEOUT);
1431 if (err) {
1432 bt_dev_err(hdev, "Changing device address failed (%d)", err);
1433 return err;
1434 }
1435
1436 return 0;
1437 }
1438
1439 /* NXP protocol */
nxp_setup(struct hci_dev * hdev)1440 static int nxp_setup(struct hci_dev *hdev)
1441 {
1442 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1443 struct serdev_device *serdev = nxpdev->serdev;
1444 char device_string[30];
1445 char event_string[50];
1446 char *envp[] = {device_string, event_string, NULL};
1447 int err = 0;
1448
1449 if (nxp_check_boot_sign(nxpdev)) {
1450 bt_dev_dbg(hdev, "Need FW Download.");
1451 err = nxp_download_firmware(hdev);
1452 if (err < 0)
1453 return err;
1454 } else {
1455 bt_dev_info(hdev, "FW already running.");
1456 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1457 }
1458
1459 snprintf(device_string, 30, "BTNXPUART_DEV=%s", dev_name(&serdev->dev));
1460 snprintf(event_string, 50, "BTNXPUART_STATE=FW_READY");
1461 bt_dev_dbg(hdev, "==== Send uevent: %s:%s ===", device_string,
1462 event_string);
1463 kobject_uevent_env(&serdev->dev.kobj, KOBJ_CHANGE, envp);
1464
1465 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1466 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1467
1468 ps_init(hdev);
1469
1470 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1471 hci_dev_clear_flag(hdev, HCI_SETUP);
1472
1473 return 0;
1474 }
1475
nxp_post_init(struct hci_dev * hdev)1476 static int nxp_post_init(struct hci_dev *hdev)
1477 {
1478 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1479 struct ps_data *psdata = &nxpdev->psdata;
1480
1481 if (nxpdev->current_baudrate != nxpdev->secondary_baudrate) {
1482 nxpdev->new_baudrate = nxpdev->secondary_baudrate;
1483 nxp_set_baudrate_cmd(hdev, NULL);
1484 }
1485 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
1486 send_wakeup_method_cmd(hdev, NULL);
1487 if (psdata->cur_psmode != psdata->target_ps_mode)
1488 send_ps_cmd(hdev, NULL);
1489 return 0;
1490 }
1491
nxp_hw_err(struct hci_dev * hdev,u8 code)1492 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1493 {
1494 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1495
1496 switch (code) {
1497 case BTNXPUART_IR_HW_ERR:
1498 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1499 hci_dev_set_flag(hdev, HCI_SETUP);
1500 break;
1501 default:
1502 break;
1503 }
1504 }
1505
nxp_shutdown(struct hci_dev * hdev)1506 static int nxp_shutdown(struct hci_dev *hdev)
1507 {
1508 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1509 struct sk_buff *skb;
1510 u8 pcmd = 0;
1511
1512 if (ind_reset_in_progress(nxpdev)) {
1513 if (test_and_clear_bit(BTNXPUART_FW_DUMP_IN_PROGRESS,
1514 &nxpdev->tx_state))
1515 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1,
1516 &pcmd, false);
1517 else
1518 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1,
1519 &pcmd, true);
1520 serdev_device_set_flow_control(nxpdev->serdev, false);
1521 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1522 /* HCI_NXP_IND_RESET command may not returns any response */
1523 if (!IS_ERR(skb))
1524 kfree_skb(skb);
1525 }
1526
1527 return 0;
1528 }
1529
nxp_wakeup(struct hci_dev * hdev)1530 static bool nxp_wakeup(struct hci_dev *hdev)
1531 {
1532 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1533 struct ps_data *psdata = &nxpdev->psdata;
1534
1535 if (psdata->c2h_wakeupmode != BT_HOST_WAKEUP_METHOD_NONE)
1536 return true;
1537
1538 return false;
1539 }
1540
nxp_reset(struct hci_dev * hdev)1541 static void nxp_reset(struct hci_dev *hdev)
1542 {
1543 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1544
1545 if (!ind_reset_in_progress(nxpdev) && !fw_dump_in_progress(nxpdev)) {
1546 bt_dev_dbg(hdev, "CMD Timeout detected. Resetting.");
1547 nxp_set_ind_reset(hdev, NULL);
1548 }
1549 }
1550
btnxpuart_queue_skb(struct hci_dev * hdev,struct sk_buff * skb)1551 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1552 {
1553 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1554
1555 /* Prepend skb with frame type */
1556 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1557 skb_queue_tail(&nxpdev->txq, skb);
1558 btnxpuart_tx_wakeup(nxpdev);
1559 return 0;
1560 }
1561
nxp_enqueue(struct hci_dev * hdev,struct sk_buff * skb)1562 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1563 {
1564 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1565 struct ps_data *psdata = &nxpdev->psdata;
1566 struct hci_command_hdr *hdr;
1567 struct psmode_cmd_payload ps_parm;
1568 struct wakeup_cmd_payload wakeup_parm;
1569 __le32 baudrate_parm;
1570
1571 if (fw_dump_in_progress(nxpdev))
1572 return -EBUSY;
1573
1574 /* if vendor commands are received from user space (e.g. hcitool), update
1575 * driver flags accordingly and ask driver to re-send the command to FW.
1576 * In case the payload for any command does not match expected payload
1577 * length, let the firmware and user space program handle it, or throw
1578 * an error.
1579 */
1580 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1581 hdr = (struct hci_command_hdr *)skb->data;
1582 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1583 return btnxpuart_queue_skb(hdev, skb);
1584
1585 switch (__le16_to_cpu(hdr->opcode)) {
1586 case HCI_NXP_AUTO_SLEEP_MODE:
1587 if (hdr->plen == sizeof(ps_parm)) {
1588 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1589 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1590 psdata->target_ps_mode = PS_MODE_ENABLE;
1591 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1592 psdata->target_ps_mode = PS_MODE_DISABLE;
1593 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1594 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1595 goto free_skb;
1596 }
1597 break;
1598 case HCI_NXP_WAKEUP_METHOD:
1599 if (hdr->plen == sizeof(wakeup_parm)) {
1600 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1601 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1602 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1603 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1604 switch (wakeup_parm.h2c_wakeupmode) {
1605 case BT_CTRL_WAKEUP_METHOD_GPIO:
1606 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
1607 break;
1608 case BT_CTRL_WAKEUP_METHOD_DSR:
1609 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1610 break;
1611 case BT_CTRL_WAKEUP_METHOD_BREAK:
1612 default:
1613 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1614 break;
1615 }
1616 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1617 goto free_skb;
1618 }
1619 break;
1620 case HCI_NXP_SET_OPER_SPEED:
1621 if (hdr->plen == sizeof(baudrate_parm)) {
1622 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1623 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1624 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1625 goto free_skb;
1626 }
1627 break;
1628 case HCI_NXP_IND_RESET:
1629 if (hdr->plen == 1) {
1630 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1631 goto free_skb;
1632 }
1633 break;
1634 default:
1635 break;
1636 }
1637 }
1638
1639 return btnxpuart_queue_skb(hdev, skb);
1640
1641 free_skb:
1642 kfree_skb(skb);
1643 return 0;
1644 }
1645
nxp_dequeue(void * data)1646 static struct sk_buff *nxp_dequeue(void *data)
1647 {
1648 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1649
1650 ps_start_timer(nxpdev);
1651 return skb_dequeue(&nxpdev->txq);
1652 }
1653
1654 /* btnxpuart based on serdev */
btnxpuart_tx_work(struct work_struct * work)1655 static void btnxpuart_tx_work(struct work_struct *work)
1656 {
1657 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1658 tx_work);
1659 struct serdev_device *serdev = nxpdev->serdev;
1660 struct hci_dev *hdev = nxpdev->hdev;
1661 struct sk_buff *skb;
1662 int len;
1663
1664 if (ps_wakeup(nxpdev))
1665 return;
1666
1667 while ((skb = nxp_dequeue(nxpdev))) {
1668 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1669 hdev->stat.byte_tx += len;
1670
1671 skb_pull(skb, len);
1672 if (skb->len > 0) {
1673 skb_queue_head(&nxpdev->txq, skb);
1674 continue;
1675 }
1676
1677 switch (hci_skb_pkt_type(skb)) {
1678 case HCI_COMMAND_PKT:
1679 hdev->stat.cmd_tx++;
1680 break;
1681 case HCI_ACLDATA_PKT:
1682 hdev->stat.acl_tx++;
1683 break;
1684 case HCI_SCODATA_PKT:
1685 hdev->stat.sco_tx++;
1686 break;
1687 }
1688
1689 kfree_skb(skb);
1690 }
1691 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1692 }
1693
btnxpuart_open(struct hci_dev * hdev)1694 static int btnxpuart_open(struct hci_dev *hdev)
1695 {
1696 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1697 int err = 0;
1698
1699 err = serdev_device_open(nxpdev->serdev);
1700 if (err) {
1701 bt_dev_err(hdev, "Unable to open UART device %s",
1702 dev_name(&nxpdev->serdev->dev));
1703 } else {
1704 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1705 }
1706 return err;
1707 }
1708
btnxpuart_close(struct hci_dev * hdev)1709 static int btnxpuart_close(struct hci_dev *hdev)
1710 {
1711 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1712
1713 serdev_device_close(nxpdev->serdev);
1714 skb_queue_purge(&nxpdev->txq);
1715 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1716 kfree_skb(nxpdev->rx_skb);
1717 nxpdev->rx_skb = NULL;
1718 }
1719 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1720 return 0;
1721 }
1722
btnxpuart_flush(struct hci_dev * hdev)1723 static int btnxpuart_flush(struct hci_dev *hdev)
1724 {
1725 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1726
1727 /* Flush any pending characters */
1728 serdev_device_write_flush(nxpdev->serdev);
1729 skb_queue_purge(&nxpdev->txq);
1730
1731 cancel_work_sync(&nxpdev->tx_work);
1732
1733 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1734 kfree_skb(nxpdev->rx_skb);
1735 nxpdev->rx_skb = NULL;
1736 }
1737
1738 return 0;
1739 }
1740
1741 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1742 { H4_RECV_ACL, .recv = nxp_recv_acl_pkt },
1743 { H4_RECV_SCO, .recv = hci_recv_frame },
1744 { H4_RECV_EVENT, .recv = hci_recv_frame },
1745 { H4_RECV_ISO, .recv = hci_recv_frame },
1746 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1747 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1748 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1749 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1750 };
1751
btnxpuart_receive_buf(struct serdev_device * serdev,const u8 * data,size_t count)1752 static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1753 const u8 *data, size_t count)
1754 {
1755 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1756
1757 ps_start_timer(nxpdev);
1758
1759 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1760 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1761 if (IS_ERR(nxpdev->rx_skb)) {
1762 int err = PTR_ERR(nxpdev->rx_skb);
1763 /* Safe to ignore out-of-sync bootloader signatures */
1764 if (!is_fw_downloading(nxpdev) &&
1765 !ind_reset_in_progress(nxpdev))
1766 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1767 return count;
1768 }
1769 if (!is_fw_downloading(nxpdev) &&
1770 !ind_reset_in_progress(nxpdev))
1771 nxpdev->hdev->stat.byte_rx += count;
1772 return count;
1773 }
1774
btnxpuart_write_wakeup(struct serdev_device * serdev)1775 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1776 {
1777 serdev_device_write_wakeup(serdev);
1778 }
1779
1780 static const struct serdev_device_ops btnxpuart_client_ops = {
1781 .receive_buf = btnxpuart_receive_buf,
1782 .write_wakeup = btnxpuart_write_wakeup,
1783 };
1784
nxp_coredump_notify(struct hci_dev * hdev,int state)1785 static void nxp_coredump_notify(struct hci_dev *hdev, int state)
1786 {
1787 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1788 struct serdev_device *serdev = nxpdev->serdev;
1789 char device_string[30];
1790 char event_string[50];
1791 char *envp[] = {device_string, event_string, NULL};
1792
1793 snprintf(device_string, 30, "BTNXPUART_DEV=%s", dev_name(&serdev->dev));
1794 switch (state) {
1795 case HCI_DEVCOREDUMP_ACTIVE:
1796 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_ACTIVE");
1797 break;
1798 case HCI_DEVCOREDUMP_DONE:
1799 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_DONE");
1800 break;
1801 case HCI_DEVCOREDUMP_TIMEOUT:
1802 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_TIMEOUT");
1803 break;
1804 default:
1805 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_STATE_%d",
1806 state);
1807 break;
1808 }
1809 bt_dev_dbg(hdev, "==== Send uevent: %s:%s ===", device_string,
1810 event_string);
1811 kobject_uevent_env(&serdev->dev.kobj, KOBJ_CHANGE, envp);
1812 }
1813
nxp_serdev_probe(struct serdev_device * serdev)1814 static int nxp_serdev_probe(struct serdev_device *serdev)
1815 {
1816 struct hci_dev *hdev;
1817 struct btnxpuart_dev *nxpdev;
1818 bdaddr_t ba = {0};
1819 int err;
1820
1821 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1822 if (!nxpdev)
1823 return -ENOMEM;
1824
1825 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1826
1827 nxpdev->serdev = serdev;
1828 serdev_device_set_drvdata(serdev, nxpdev);
1829
1830 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1831
1832 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1833 skb_queue_head_init(&nxpdev->txq);
1834
1835 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1836 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1837
1838 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1839 &nxpdev->fw_init_baudrate);
1840 if (!nxpdev->fw_init_baudrate)
1841 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1842
1843 device_property_read_u32(&nxpdev->serdev->dev, "max-speed",
1844 &nxpdev->secondary_baudrate);
1845 if (!nxpdev->secondary_baudrate ||
1846 (nxpdev->secondary_baudrate != HCI_NXP_SEC_BAUDRATE_3M &&
1847 nxpdev->secondary_baudrate != HCI_NXP_SEC_BAUDRATE_4M)) {
1848 if (nxpdev->secondary_baudrate)
1849 dev_err(&serdev->dev,
1850 "Invalid max-speed. Using default 3000000.");
1851 nxpdev->secondary_baudrate = HCI_NXP_SEC_BAUDRATE_3M;
1852 }
1853
1854 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1855
1856 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1857
1858 nxpdev->pdn = devm_reset_control_get_optional_shared(&serdev->dev, NULL);
1859 if (IS_ERR(nxpdev->pdn))
1860 return PTR_ERR(nxpdev->pdn);
1861
1862 err = devm_regulator_get_enable(&serdev->dev, "vcc");
1863 if (err) {
1864 dev_err(&serdev->dev, "Failed to enable vcc regulator\n");
1865 return err;
1866 }
1867
1868 /* Initialize and register HCI device */
1869 hdev = hci_alloc_dev();
1870 if (!hdev) {
1871 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1872 return -ENOMEM;
1873 }
1874
1875 reset_control_deassert(nxpdev->pdn);
1876
1877 nxpdev->hdev = hdev;
1878
1879 hdev->bus = HCI_UART;
1880 hci_set_drvdata(hdev, nxpdev);
1881
1882 hdev->manufacturer = MANUFACTURER_NXP;
1883 hdev->open = btnxpuart_open;
1884 hdev->close = btnxpuart_close;
1885 hdev->flush = btnxpuart_flush;
1886 hdev->setup = nxp_setup;
1887 hdev->post_init = nxp_post_init;
1888 hdev->send = nxp_enqueue;
1889 hdev->hw_error = nxp_hw_err;
1890 hdev->shutdown = nxp_shutdown;
1891 hdev->wakeup = nxp_wakeup;
1892 hdev->reset = nxp_reset;
1893 hdev->set_bdaddr = nxp_set_bdaddr;
1894 SET_HCIDEV_DEV(hdev, &serdev->dev);
1895
1896 device_property_read_u8_array(&nxpdev->serdev->dev,
1897 "local-bd-address",
1898 (u8 *)&ba, sizeof(ba));
1899 if (bacmp(&ba, BDADDR_ANY))
1900 hci_set_quirk(hdev, HCI_QUIRK_USE_BDADDR_PROPERTY);
1901
1902 if (hci_register_dev(hdev) < 0) {
1903 dev_err(&serdev->dev, "Can't register HCI device\n");
1904 goto probe_fail;
1905 }
1906
1907 if (ps_setup(hdev))
1908 goto probe_fail;
1909
1910 hci_devcd_register(hdev, nxp_coredump, nxp_coredump_hdr,
1911 nxp_coredump_notify);
1912
1913 return 0;
1914
1915 probe_fail:
1916 reset_control_assert(nxpdev->pdn);
1917 hci_free_dev(hdev);
1918 return -ENODEV;
1919 }
1920
nxp_serdev_remove(struct serdev_device * serdev)1921 static void nxp_serdev_remove(struct serdev_device *serdev)
1922 {
1923 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1924 struct hci_dev *hdev = nxpdev->hdev;
1925
1926 if (is_fw_downloading(nxpdev)) {
1927 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1928 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1929 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1930 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1931 } else {
1932 /* Restore FW baudrate to fw_init_baudrate if changed.
1933 * This will ensure FW baudrate is in sync with
1934 * driver baudrate in case this driver is re-inserted.
1935 */
1936 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1937 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1938 nxp_set_baudrate_cmd(hdev, NULL);
1939 }
1940 }
1941
1942 ps_cleanup(nxpdev);
1943 hci_unregister_dev(hdev);
1944 reset_control_assert(nxpdev->pdn);
1945 hci_free_dev(hdev);
1946 }
1947
1948 #ifdef CONFIG_PM_SLEEP
nxp_serdev_suspend(struct device * dev)1949 static int nxp_serdev_suspend(struct device *dev)
1950 {
1951 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1952 struct ps_data *psdata = &nxpdev->psdata;
1953
1954 ps_control(psdata->hdev, PS_STATE_SLEEP);
1955
1956 if (psdata->wakeup_source) {
1957 enable_irq_wake(psdata->irq_handler);
1958 enable_irq(psdata->irq_handler);
1959 }
1960 return 0;
1961 }
1962
nxp_serdev_resume(struct device * dev)1963 static int nxp_serdev_resume(struct device *dev)
1964 {
1965 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1966 struct ps_data *psdata = &nxpdev->psdata;
1967
1968 if (psdata->wakeup_source) {
1969 disable_irq(psdata->irq_handler);
1970 disable_irq_wake(psdata->irq_handler);
1971 }
1972
1973 ps_control(psdata->hdev, PS_STATE_AWAKE);
1974 return 0;
1975 }
1976 #endif
1977
1978 #ifdef CONFIG_DEV_COREDUMP
nxp_serdev_coredump(struct device * dev)1979 static void nxp_serdev_coredump(struct device *dev)
1980 {
1981 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1982 struct hci_dev *hdev = nxpdev->hdev;
1983
1984 if (hdev->dump.coredump)
1985 hdev->dump.coredump(hdev);
1986 }
1987 #endif
1988
1989 static struct btnxpuart_data w8987_data __maybe_unused = {
1990 .helper_fw_name = NULL,
1991 .fw_name = FIRMWARE_W8987,
1992 .fw_name_old = FIRMWARE_W8987_OLD,
1993 };
1994
1995 static struct btnxpuart_data w8997_data __maybe_unused = {
1996 .helper_fw_name = FIRMWARE_HELPER,
1997 .fw_name = FIRMWARE_W8997,
1998 .fw_name_old = FIRMWARE_W8997_OLD,
1999 };
2000
2001 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
2002 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
2003 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
2004 { }
2005 };
2006 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
2007
2008 static const struct dev_pm_ops nxp_pm_ops = {
2009 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume)
2010 };
2011
2012 static struct serdev_device_driver nxp_serdev_driver = {
2013 .probe = nxp_serdev_probe,
2014 .remove = nxp_serdev_remove,
2015 .driver = {
2016 .name = "btnxpuart",
2017 .of_match_table = of_match_ptr(nxpuart_of_match_table),
2018 .pm = &nxp_pm_ops,
2019 #ifdef CONFIG_DEV_COREDUMP
2020 .coredump = nxp_serdev_coredump,
2021 #endif
2022 },
2023 };
2024
2025 module_serdev_device_driver(nxp_serdev_driver);
2026
2027 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
2028 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
2029 MODULE_LICENSE("GPL");
2030