xref: /linux/drivers/bluetooth/btmtk.c (revision 150b567e0d572342ef08bace7ee7aff80fd75327)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2021 MediaTek Inc.
3  *
4  */
5 #include <linux/module.h>
6 #include <linux/firmware.h>
7 #include <linux/usb.h>
8 #include <linux/iopoll.h>
9 #include <linux/unaligned.h>
10 
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13 
14 #include "btmtk.h"
15 
16 #define VERSION "0.1"
17 
18 /* It is for mt79xx download rom patch*/
19 #define MTK_FW_ROM_PATCH_HEADER_SIZE	32
20 #define MTK_FW_ROM_PATCH_GD_SIZE	64
21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE	64
22 #define MTK_SEC_MAP_COMMON_SIZE	12
23 #define MTK_SEC_MAP_NEED_SEND_SIZE	52
24 
25 /* It is for mt79xx iso data transmission setting */
26 #define MTK_ISO_THRESHOLD	264
27 
28 struct btmtk_patch_header {
29 	u8 datetime[16];
30 	u8 platform[4];
31 	__le16 hwver;
32 	__le16 swver;
33 	__le32 magicnum;
34 } __packed;
35 
36 struct btmtk_global_desc {
37 	__le32 patch_ver;
38 	__le32 sub_sys;
39 	__le32 feature_opt;
40 	__le32 section_num;
41 } __packed;
42 
43 struct btmtk_section_map {
44 	__le32 sectype;
45 	__le32 secoffset;
46 	__le32 secsize;
47 	union {
48 		__le32 u4SecSpec[13];
49 		struct {
50 			__le32 dlAddr;
51 			__le32 dlsize;
52 			__le32 seckeyidx;
53 			__le32 alignlen;
54 			__le32 sectype;
55 			__le32 dlmodecrctype;
56 			__le32 crc;
57 			__le32 reserved[6];
58 		} bin_info_spec;
59 	};
60 } __packed;
61 
btmtk_coredump(struct hci_dev * hdev)62 static void btmtk_coredump(struct hci_dev *hdev)
63 {
64 	int err;
65 
66 	err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
67 	if (err < 0)
68 		bt_dev_err(hdev, "Coredump failed (%d)", err);
69 }
70 
btmtk_coredump_hdr(struct hci_dev * hdev,struct sk_buff * skb)71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73 	struct btmtk_data *data = hci_get_priv(hdev);
74 	char buf[80];
75 
76 	snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
77 		 data->dev_id);
78 	skb_put_data(skb, buf, strlen(buf));
79 
80 	snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
81 		 data->cd_info.fw_version);
82 	skb_put_data(skb, buf, strlen(buf));
83 
84 	snprintf(buf, sizeof(buf), "Driver: %s\n",
85 		 data->cd_info.driver_name);
86 	skb_put_data(skb, buf, strlen(buf));
87 
88 	snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
89 	skb_put_data(skb, buf, strlen(buf));
90 }
91 
btmtk_coredump_notify(struct hci_dev * hdev,int state)92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
93 {
94 	struct btmtk_data *data = hci_get_priv(hdev);
95 
96 	switch (state) {
97 	case HCI_DEVCOREDUMP_IDLE:
98 		data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
99 		break;
100 	case HCI_DEVCOREDUMP_ACTIVE:
101 		data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
102 		break;
103 	case HCI_DEVCOREDUMP_TIMEOUT:
104 	case HCI_DEVCOREDUMP_ABORT:
105 	case HCI_DEVCOREDUMP_DONE:
106 		data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
107 		btmtk_reset_sync(hdev);
108 		break;
109 	}
110 }
111 
btmtk_fw_get_filename(char * buf,size_t size,u32 dev_id,u32 fw_ver,u32 fw_flavor)112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver,
113 			   u32 fw_flavor)
114 {
115 	if (dev_id == 0x7925)
116 		snprintf(buf, size,
117 			 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
118 			 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1);
119 	else if (dev_id == 0x7961 && fw_flavor)
120 		snprintf(buf, size,
121 			 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
122 			 dev_id & 0xffff, (fw_ver & 0xff) + 1);
123 	else
124 		snprintf(buf, size,
125 			 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
126 			 dev_id & 0xffff, (fw_ver & 0xff) + 1);
127 }
128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename);
129 
btmtk_setup_firmware_79xx(struct hci_dev * hdev,const char * fwname,wmt_cmd_sync_func_t wmt_cmd_sync)130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
131 			      wmt_cmd_sync_func_t wmt_cmd_sync)
132 {
133 	struct btmtk_hci_wmt_params wmt_params;
134 	struct btmtk_patch_header *hdr;
135 	struct btmtk_global_desc *globaldesc = NULL;
136 	struct btmtk_section_map *sectionmap;
137 	const struct firmware *fw;
138 	const u8 *fw_ptr;
139 	const u8 *fw_bin_ptr;
140 	int err, dlen, i, status;
141 	u8 flag, first_block, retry;
142 	u32 section_num, dl_size, section_offset;
143 	u8 cmd[64];
144 
145 	err = request_firmware(&fw, fwname, &hdev->dev);
146 	if (err < 0) {
147 		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
148 		return err;
149 	}
150 
151 	fw_ptr = fw->data;
152 	fw_bin_ptr = fw_ptr;
153 	hdr = (struct btmtk_patch_header *)fw_ptr;
154 	globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
155 	section_num = le32_to_cpu(globaldesc->section_num);
156 
157 	bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
158 		    le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
159 
160 	for (i = 0; i < section_num; i++) {
161 		first_block = 1;
162 		fw_ptr = fw_bin_ptr;
163 		sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
164 			      MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
165 
166 		section_offset = le32_to_cpu(sectionmap->secoffset);
167 		dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
168 
169 		if (dl_size > 0) {
170 			retry = 20;
171 			while (retry > 0) {
172 				cmd[0] = 0; /* 0 means legacy dl mode. */
173 				memcpy(cmd + 1,
174 				       fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
175 				       MTK_FW_ROM_PATCH_GD_SIZE +
176 				       MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
177 				       MTK_SEC_MAP_COMMON_SIZE,
178 				       MTK_SEC_MAP_NEED_SEND_SIZE + 1);
179 
180 				wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
181 				wmt_params.status = &status;
182 				wmt_params.flag = 0;
183 				wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
184 				wmt_params.data = &cmd;
185 
186 				err = wmt_cmd_sync(hdev, &wmt_params);
187 				if (err < 0) {
188 					bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
189 						   err);
190 					goto err_release_fw;
191 				}
192 
193 				if (status == BTMTK_WMT_PATCH_UNDONE) {
194 					break;
195 				} else if (status == BTMTK_WMT_PATCH_PROGRESS) {
196 					msleep(100);
197 					retry--;
198 				} else if (status == BTMTK_WMT_PATCH_DONE) {
199 					goto next_section;
200 				} else {
201 					bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
202 						   status);
203 					err = -EIO;
204 					goto err_release_fw;
205 				}
206 			}
207 
208 			fw_ptr += section_offset;
209 			wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
210 			wmt_params.status = NULL;
211 
212 			while (dl_size > 0) {
213 				dlen = min_t(int, 250, dl_size);
214 				if (first_block == 1) {
215 					flag = 1;
216 					first_block = 0;
217 				} else if (dl_size - dlen <= 0) {
218 					flag = 3;
219 				} else {
220 					flag = 2;
221 				}
222 
223 				wmt_params.flag = flag;
224 				wmt_params.dlen = dlen;
225 				wmt_params.data = fw_ptr;
226 
227 				err = wmt_cmd_sync(hdev, &wmt_params);
228 				if (err < 0) {
229 					bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
230 						   err);
231 					goto err_release_fw;
232 				}
233 
234 				dl_size -= dlen;
235 				fw_ptr += dlen;
236 			}
237 		}
238 next_section:
239 		continue;
240 	}
241 	/* Wait a few moments for firmware activation done */
242 	usleep_range(100000, 120000);
243 
244 err_release_fw:
245 	release_firmware(fw);
246 
247 	return err;
248 }
249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx);
250 
btmtk_setup_firmware(struct hci_dev * hdev,const char * fwname,wmt_cmd_sync_func_t wmt_cmd_sync)251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
252 			 wmt_cmd_sync_func_t wmt_cmd_sync)
253 {
254 	struct btmtk_hci_wmt_params wmt_params;
255 	const struct firmware *fw;
256 	const u8 *fw_ptr;
257 	size_t fw_size;
258 	int err, dlen;
259 	u8 flag, param;
260 
261 	err = request_firmware(&fw, fwname, &hdev->dev);
262 	if (err < 0) {
263 		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
264 		return err;
265 	}
266 
267 	/* Power on data RAM the firmware relies on. */
268 	param = 1;
269 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
270 	wmt_params.flag = 3;
271 	wmt_params.dlen = sizeof(param);
272 	wmt_params.data = &param;
273 	wmt_params.status = NULL;
274 
275 	err = wmt_cmd_sync(hdev, &wmt_params);
276 	if (err < 0) {
277 		bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
278 		goto err_release_fw;
279 	}
280 
281 	fw_ptr = fw->data;
282 	fw_size = fw->size;
283 
284 	/* The size of patch header is 30 bytes, should be skip */
285 	if (fw_size < 30) {
286 		err = -EINVAL;
287 		goto err_release_fw;
288 	}
289 
290 	fw_size -= 30;
291 	fw_ptr += 30;
292 	flag = 1;
293 
294 	wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
295 	wmt_params.status = NULL;
296 
297 	while (fw_size > 0) {
298 		dlen = min_t(int, 250, fw_size);
299 
300 		/* Tell device the position in sequence */
301 		if (fw_size - dlen <= 0)
302 			flag = 3;
303 		else if (fw_size < fw->size - 30)
304 			flag = 2;
305 
306 		wmt_params.flag = flag;
307 		wmt_params.dlen = dlen;
308 		wmt_params.data = fw_ptr;
309 
310 		err = wmt_cmd_sync(hdev, &wmt_params);
311 		if (err < 0) {
312 			bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
313 				   err);
314 			goto err_release_fw;
315 		}
316 
317 		fw_size -= dlen;
318 		fw_ptr += dlen;
319 	}
320 
321 	wmt_params.op = BTMTK_WMT_RST;
322 	wmt_params.flag = 4;
323 	wmt_params.dlen = 0;
324 	wmt_params.data = NULL;
325 	wmt_params.status = NULL;
326 
327 	/* Activate function the firmware providing to */
328 	err = wmt_cmd_sync(hdev, &wmt_params);
329 	if (err < 0) {
330 		bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
331 		goto err_release_fw;
332 	}
333 
334 	/* Wait a few moments for firmware activation done */
335 	usleep_range(10000, 12000);
336 
337 err_release_fw:
338 	release_firmware(fw);
339 
340 	return err;
341 }
342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware);
343 
btmtk_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
345 {
346 	struct sk_buff *skb;
347 	long ret;
348 
349 	skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT);
350 	if (IS_ERR(skb)) {
351 		ret = PTR_ERR(skb);
352 		bt_dev_err(hdev, "changing Mediatek device address failed (%ld)",
353 			   ret);
354 		return ret;
355 	}
356 	kfree_skb(skb);
357 
358 	return 0;
359 }
360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
361 
btmtk_reset_sync(struct hci_dev * hdev)362 void btmtk_reset_sync(struct hci_dev *hdev)
363 {
364 	struct btmtk_data *reset_work = hci_get_priv(hdev);
365 	int err;
366 
367 	hci_dev_lock(hdev);
368 
369 	err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
370 	if (err)
371 		bt_dev_err(hdev, "failed to reset (%d)", err);
372 
373 	hci_dev_unlock(hdev);
374 }
375 EXPORT_SYMBOL_GPL(btmtk_reset_sync);
376 
btmtk_register_coredump(struct hci_dev * hdev,const char * name,u32 fw_version)377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
378 			    u32 fw_version)
379 {
380 	struct btmtk_data *data = hci_get_priv(hdev);
381 
382 	if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
383 		return -EOPNOTSUPP;
384 
385 	data->cd_info.fw_version = fw_version;
386 	data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
387 	data->cd_info.driver_name = name;
388 
389 	return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
390 				  btmtk_coredump_notify);
391 }
392 EXPORT_SYMBOL_GPL(btmtk_register_coredump);
393 
btmtk_process_coredump(struct hci_dev * hdev,struct sk_buff * skb)394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
395 {
396 	struct btmtk_data *data = hci_get_priv(hdev);
397 	int err;
398 	bool complete = false;
399 
400 	if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
401 		kfree_skb(skb);
402 		return 0;
403 	}
404 
405 	switch (data->cd_info.state) {
406 	case HCI_DEVCOREDUMP_IDLE:
407 		err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
408 		if (err < 0) {
409 			kfree_skb(skb);
410 			break;
411 		}
412 		data->cd_info.cnt = 0;
413 
414 		/* It is supposed coredump can be done within 5 seconds */
415 		schedule_delayed_work(&hdev->dump.dump_timeout,
416 				      msecs_to_jiffies(5000));
417 		fallthrough;
418 	case HCI_DEVCOREDUMP_ACTIVE:
419 	default:
420 		/* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
421 		if (data->cd_info.cnt >= MTK_COREDUMP_NUM &&
422 		    skb->len > MTK_COREDUMP_END_LEN)
423 			if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
424 				    MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1))
425 				complete = true;
426 
427 		err = hci_devcd_append(hdev, skb);
428 		if (err < 0)
429 			break;
430 		data->cd_info.cnt++;
431 
432 		if (complete) {
433 			bt_dev_info(hdev, "Mediatek coredump end");
434 			hci_devcd_complete(hdev);
435 		}
436 
437 		break;
438 	}
439 
440 	return err;
441 }
442 EXPORT_SYMBOL_GPL(btmtk_process_coredump);
443 
444 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK)
btmtk_usb_wmt_recv(struct urb * urb)445 static void btmtk_usb_wmt_recv(struct urb *urb)
446 {
447 	struct hci_dev *hdev = urb->context;
448 	struct btmtk_data *data = hci_get_priv(hdev);
449 	struct sk_buff *skb;
450 	int err;
451 
452 	if (urb->status == 0 && urb->actual_length > 0) {
453 		hdev->stat.byte_rx += urb->actual_length;
454 
455 		/* WMT event shouldn't be fragmented and the size should be
456 		 * less than HCI_WMT_MAX_EVENT_SIZE.
457 		 */
458 		skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
459 		if (!skb) {
460 			hdev->stat.err_rx++;
461 			kfree(urb->setup_packet);
462 			return;
463 		}
464 
465 		hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
466 		skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
467 
468 		/* When someone waits for the WMT event, the skb is being cloned
469 		 * and being processed the events from there then.
470 		 */
471 		if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) {
472 			data->evt_skb = skb_clone(skb, GFP_ATOMIC);
473 			if (!data->evt_skb) {
474 				kfree_skb(skb);
475 				kfree(urb->setup_packet);
476 				return;
477 			}
478 		}
479 
480 		err = hci_recv_frame(hdev, skb);
481 		if (err < 0) {
482 			kfree_skb(data->evt_skb);
483 			data->evt_skb = NULL;
484 			kfree(urb->setup_packet);
485 			return;
486 		}
487 
488 		if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT,
489 				       &data->flags)) {
490 			/* Barrier to sync with other CPUs */
491 			smp_mb__after_atomic();
492 			wake_up_bit(&data->flags,
493 				    BTMTK_TX_WAIT_VND_EVT);
494 		}
495 		kfree(urb->setup_packet);
496 		return;
497 	} else if (urb->status == -ENOENT) {
498 		/* Avoid suspend failed when usb_kill_urb */
499 		return;
500 	}
501 
502 	usb_mark_last_busy(data->udev);
503 
504 	/* The URB complete handler is still called with urb->actual_length = 0
505 	 * when the event is not available, so we should keep re-submitting
506 	 * URB until WMT event returns, Also, It's necessary to wait some time
507 	 * between the two consecutive control URBs to relax the target device
508 	 * to generate the event. Otherwise, the WMT event cannot return from
509 	 * the device successfully.
510 	 */
511 	udelay(500);
512 
513 	usb_anchor_urb(urb, data->ctrl_anchor);
514 	err = usb_submit_urb(urb, GFP_ATOMIC);
515 	if (err < 0) {
516 		kfree(urb->setup_packet);
517 		/* -EPERM: urb is being killed;
518 		 * -ENODEV: device got disconnected
519 		 */
520 		if (err != -EPERM && err != -ENODEV)
521 			bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
522 				   urb, -err);
523 		usb_unanchor_urb(urb);
524 	}
525 }
526 
btmtk_usb_submit_wmt_recv_urb(struct hci_dev * hdev)527 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev)
528 {
529 	struct btmtk_data *data = hci_get_priv(hdev);
530 	struct usb_ctrlrequest *dr;
531 	unsigned char *buf;
532 	int err, size = 64;
533 	unsigned int pipe;
534 	struct urb *urb;
535 
536 	urb = usb_alloc_urb(0, GFP_KERNEL);
537 	if (!urb)
538 		return -ENOMEM;
539 
540 	dr = kmalloc(sizeof(*dr), GFP_KERNEL);
541 	if (!dr) {
542 		usb_free_urb(urb);
543 		return -ENOMEM;
544 	}
545 
546 	dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
547 	dr->bRequest     = 1;
548 	dr->wIndex       = cpu_to_le16(0);
549 	dr->wValue       = cpu_to_le16(48);
550 	dr->wLength      = cpu_to_le16(size);
551 
552 	buf = kmalloc(size, GFP_KERNEL);
553 	if (!buf) {
554 		kfree(dr);
555 		usb_free_urb(urb);
556 		return -ENOMEM;
557 	}
558 
559 	pipe = usb_rcvctrlpipe(data->udev, 0);
560 
561 	usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
562 			     buf, size, btmtk_usb_wmt_recv, hdev);
563 
564 	urb->transfer_flags |= URB_FREE_BUFFER;
565 
566 	usb_anchor_urb(urb, data->ctrl_anchor);
567 	err = usb_submit_urb(urb, GFP_KERNEL);
568 	if (err < 0) {
569 		if (err != -EPERM && err != -ENODEV)
570 			bt_dev_err(hdev, "urb %p submission failed (%d)",
571 				   urb, -err);
572 		usb_unanchor_urb(urb);
573 	}
574 
575 	usb_free_urb(urb);
576 
577 	return err;
578 }
579 
btmtk_usb_hci_wmt_sync(struct hci_dev * hdev,struct btmtk_hci_wmt_params * wmt_params)580 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev,
581 				  struct btmtk_hci_wmt_params *wmt_params)
582 {
583 	struct btmtk_data *data = hci_get_priv(hdev);
584 	struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
585 	u32 hlen, status = BTMTK_WMT_INVALID;
586 	struct btmtk_hci_wmt_evt *wmt_evt;
587 	struct btmtk_hci_wmt_cmd *wc;
588 	struct btmtk_wmt_hdr *hdr;
589 	int err;
590 
591 	/* Send the WMT command and wait until the WMT event returns */
592 	hlen = sizeof(*hdr) + wmt_params->dlen;
593 	if (hlen > 255)
594 		return -EINVAL;
595 
596 	wc = kzalloc(hlen, GFP_KERNEL);
597 	if (!wc)
598 		return -ENOMEM;
599 
600 	hdr = &wc->hdr;
601 	hdr->dir = 1;
602 	hdr->op = wmt_params->op;
603 	hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
604 	hdr->flag = wmt_params->flag;
605 	memcpy(wc->data, wmt_params->data, wmt_params->dlen);
606 
607 	set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
608 
609 	/* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
610 	 * it needs constantly polling control pipe until the host received the
611 	 * WMT event, thus, we should require to specifically acquire PM counter
612 	 * on the USB to prevent the interface from entering auto suspended
613 	 * while WMT cmd/event in progress.
614 	 */
615 	err = usb_autopm_get_interface(data->intf);
616 	if (err < 0)
617 		goto err_free_wc;
618 
619 	err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
620 
621 	if (err < 0) {
622 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
623 		usb_autopm_put_interface(data->intf);
624 		goto err_free_wc;
625 	}
626 
627 	/* Submit control IN URB on demand to process the WMT event */
628 	err = btmtk_usb_submit_wmt_recv_urb(hdev);
629 
630 	usb_autopm_put_interface(data->intf);
631 
632 	if (err < 0)
633 		goto err_free_wc;
634 
635 	/* The vendor specific WMT commands are all answered by a vendor
636 	 * specific event and will have the Command Status or Command
637 	 * Complete as with usual HCI command flow control.
638 	 *
639 	 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
640 	 * state to be cleared. The driver specific event receive routine
641 	 * will clear that state and with that indicate completion of the
642 	 * WMT command.
643 	 */
644 	err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT,
645 				  TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
646 	if (err == -EINTR) {
647 		bt_dev_err(hdev, "Execution of wmt command interrupted");
648 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
649 		goto err_free_wc;
650 	}
651 
652 	if (err) {
653 		bt_dev_err(hdev, "Execution of wmt command timed out");
654 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
655 		err = -ETIMEDOUT;
656 		goto err_free_wc;
657 	}
658 
659 	if (data->evt_skb == NULL)
660 		goto err_free_wc;
661 
662 	/* Parse and handle the return WMT event */
663 	wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
664 	if (wmt_evt->whdr.op != hdr->op) {
665 		bt_dev_err(hdev, "Wrong op received %d expected %d",
666 			   wmt_evt->whdr.op, hdr->op);
667 		err = -EIO;
668 		goto err_free_skb;
669 	}
670 
671 	switch (wmt_evt->whdr.op) {
672 	case BTMTK_WMT_SEMAPHORE:
673 		if (wmt_evt->whdr.flag == 2)
674 			status = BTMTK_WMT_PATCH_UNDONE;
675 		else
676 			status = BTMTK_WMT_PATCH_DONE;
677 		break;
678 	case BTMTK_WMT_FUNC_CTRL:
679 		wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
680 		if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
681 			status = BTMTK_WMT_ON_DONE;
682 		else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
683 			status = BTMTK_WMT_ON_PROGRESS;
684 		else
685 			status = BTMTK_WMT_ON_UNDONE;
686 		break;
687 	case BTMTK_WMT_PATCH_DWNLD:
688 		if (wmt_evt->whdr.flag == 2)
689 			status = BTMTK_WMT_PATCH_DONE;
690 		else if (wmt_evt->whdr.flag == 1)
691 			status = BTMTK_WMT_PATCH_PROGRESS;
692 		else
693 			status = BTMTK_WMT_PATCH_UNDONE;
694 		break;
695 	}
696 
697 	if (wmt_params->status)
698 		*wmt_params->status = status;
699 
700 err_free_skb:
701 	kfree_skb(data->evt_skb);
702 	data->evt_skb = NULL;
703 err_free_wc:
704 	kfree(wc);
705 	return err;
706 }
707 
btmtk_usb_func_query(struct hci_dev * hdev)708 static int btmtk_usb_func_query(struct hci_dev *hdev)
709 {
710 	struct btmtk_hci_wmt_params wmt_params;
711 	int status, err;
712 	u8 param = 0;
713 
714 	/* Query whether the function is enabled */
715 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
716 	wmt_params.flag = 4;
717 	wmt_params.dlen = sizeof(param);
718 	wmt_params.data = &param;
719 	wmt_params.status = &status;
720 
721 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
722 	if (err < 0) {
723 		bt_dev_err(hdev, "Failed to query function status (%d)", err);
724 		return err;
725 	}
726 
727 	return status;
728 }
729 
btmtk_usb_uhw_reg_write(struct hci_dev * hdev,u32 reg,u32 val)730 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val)
731 {
732 	struct btmtk_data *data = hci_get_priv(hdev);
733 	int pipe, err;
734 	void *buf;
735 
736 	buf = kzalloc(4, GFP_KERNEL);
737 	if (!buf)
738 		return -ENOMEM;
739 
740 	put_unaligned_le32(val, buf);
741 
742 	pipe = usb_sndctrlpipe(data->udev, 0);
743 	err = usb_control_msg(data->udev, pipe, 0x02,
744 			      0x5E,
745 			      reg >> 16, reg & 0xffff,
746 			      buf, 4, USB_CTRL_SET_TIMEOUT);
747 	if (err < 0)
748 		bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
749 
750 	kfree(buf);
751 
752 	return err;
753 }
754 
btmtk_usb_uhw_reg_read(struct hci_dev * hdev,u32 reg,u32 * val)755 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
756 {
757 	struct btmtk_data *data = hci_get_priv(hdev);
758 	int pipe, err;
759 	void *buf;
760 
761 	buf = kzalloc(4, GFP_KERNEL);
762 	if (!buf)
763 		return -ENOMEM;
764 
765 	pipe = usb_rcvctrlpipe(data->udev, 0);
766 	err = usb_control_msg(data->udev, pipe, 0x01,
767 			      0xDE,
768 			      reg >> 16, reg & 0xffff,
769 			      buf, 4, USB_CTRL_GET_TIMEOUT);
770 	if (err < 0) {
771 		bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
772 		goto err_free_buf;
773 	}
774 
775 	*val = get_unaligned_le32(buf);
776 	bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
777 
778 err_free_buf:
779 	kfree(buf);
780 
781 	return err;
782 }
783 
btmtk_usb_reg_read(struct hci_dev * hdev,u32 reg,u32 * val)784 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
785 {
786 	struct btmtk_data *data = hci_get_priv(hdev);
787 	int pipe, err, size = sizeof(u32);
788 	void *buf;
789 
790 	buf = kzalloc(size, GFP_KERNEL);
791 	if (!buf)
792 		return -ENOMEM;
793 
794 	pipe = usb_rcvctrlpipe(data->udev, 0);
795 	err = usb_control_msg(data->udev, pipe, 0x63,
796 			      USB_TYPE_VENDOR | USB_DIR_IN,
797 			      reg >> 16, reg & 0xffff,
798 			      buf, size, USB_CTRL_GET_TIMEOUT);
799 	if (err < 0)
800 		goto err_free_buf;
801 
802 	*val = get_unaligned_le32(buf);
803 
804 err_free_buf:
805 	kfree(buf);
806 
807 	return err;
808 }
809 
btmtk_usb_id_get(struct hci_dev * hdev,u32 reg,u32 * id)810 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id)
811 {
812 	return btmtk_usb_reg_read(hdev, reg, id);
813 }
814 
btmtk_usb_reset_done(struct hci_dev * hdev)815 static u32 btmtk_usb_reset_done(struct hci_dev *hdev)
816 {
817 	u32 val = 0;
818 
819 	btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val);
820 
821 	return val & MTK_BT_RST_DONE;
822 }
823 
btmtk_usb_subsys_reset(struct hci_dev * hdev,u32 dev_id)824 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id)
825 {
826 	u32 val;
827 	int err;
828 
829 	if (dev_id == 0x7922) {
830 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
831 		if (err < 0)
832 			return err;
833 		val |= 0x00002020;
834 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
835 		if (err < 0)
836 			return err;
837 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
838 		if (err < 0)
839 			return err;
840 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
841 		if (err < 0)
842 			return err;
843 		val |= BIT(0);
844 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
845 		if (err < 0)
846 			return err;
847 		msleep(100);
848 	} else if (dev_id == 0x7925) {
849 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
850 		if (err < 0)
851 			return err;
852 		val |= (1 << 5);
853 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
854 		if (err < 0)
855 			return err;
856 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
857 		if (err < 0)
858 			return err;
859 		val &= 0xFFFF00FF;
860 		val |= (1 << 13);
861 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
862 		if (err < 0)
863 			return err;
864 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
865 		if (err < 0)
866 			return err;
867 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
868 		if (err < 0)
869 			return err;
870 		val |= (1 << 0);
871 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
872 		if (err < 0)
873 			return err;
874 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
875 		if (err < 0)
876 			return err;
877 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
878 		if (err < 0)
879 			return err;
880 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
881 		if (err < 0)
882 			return err;
883 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
884 		if (err < 0)
885 			return err;
886 		msleep(100);
887 	} else {
888 		/* It's Device EndPoint Reset Option Register */
889 		bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
890 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
891 		if (err < 0)
892 			return err;
893 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val);
894 		if (err < 0)
895 			return err;
896 		/* Reset the bluetooth chip via USB interface. */
897 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1);
898 		if (err < 0)
899 			return err;
900 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
901 		if (err < 0)
902 			return err;
903 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
904 		if (err < 0)
905 			return err;
906 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
907 		if (err < 0)
908 			return err;
909 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
910 		if (err < 0)
911 			return err;
912 		/* MT7921 need to delay 20ms between toggle reset bit */
913 		msleep(20);
914 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0);
915 		if (err < 0)
916 			return err;
917 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
918 		if (err < 0)
919 			return err;
920 	}
921 
922 	err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val,
923 				 val & MTK_BT_RST_DONE, 20000, 1000000);
924 	if (err < 0)
925 		bt_dev_err(hdev, "Reset timeout");
926 
927 	if (dev_id == 0x7922) {
928 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
929 		if (err < 0)
930 			return err;
931 	}
932 
933 	err = btmtk_usb_id_get(hdev, 0x70010200, &val);
934 	if (err < 0 || !val)
935 		bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
936 
937 	return err;
938 }
939 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset);
940 
btmtk_usb_recv_acl(struct hci_dev * hdev,struct sk_buff * skb)941 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb)
942 {
943 	struct btmtk_data *data = hci_get_priv(hdev);
944 	u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
945 
946 	switch (handle) {
947 	case 0xfc6f:		/* Firmware dump from device */
948 		/* When the firmware hangs, the device can no longer
949 		 * suspend and thus disable auto-suspend.
950 		 */
951 		usb_disable_autosuspend(data->udev);
952 
953 		/* We need to forward the diagnostic packet to userspace daemon
954 		 * for backward compatibility, so we have to clone the packet
955 		 * extraly for the in-kernel coredump support.
956 		 */
957 		if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
958 			struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
959 
960 			if (skb_cd)
961 				btmtk_process_coredump(hdev, skb_cd);
962 		}
963 
964 		fallthrough;
965 	case 0x05ff:		/* Firmware debug logging 1 */
966 	case 0x05fe:		/* Firmware debug logging 2 */
967 		return hci_recv_diag(hdev, skb);
968 	}
969 
970 	return hci_recv_frame(hdev, skb);
971 }
972 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl);
973 
btmtk_isopkt_pad(struct hci_dev * hdev,struct sk_buff * skb)974 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb)
975 {
976 	if (skb->len > MTK_ISO_THRESHOLD)
977 		return -EINVAL;
978 
979 	if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len))
980 		return -ENOMEM;
981 
982 	__skb_put(skb, MTK_ISO_THRESHOLD - skb->len);
983 
984 	return 0;
985 }
986 
__set_mtk_intr_interface(struct hci_dev * hdev)987 static int __set_mtk_intr_interface(struct hci_dev *hdev)
988 {
989 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
990 	struct usb_interface *intf = btmtk_data->isopkt_intf;
991 	int i, err;
992 
993 	if (!btmtk_data->isopkt_intf)
994 		return -ENODEV;
995 
996 	err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1);
997 	if (err < 0) {
998 		bt_dev_err(hdev, "setting interface failed (%d)", -err);
999 		return err;
1000 	}
1001 
1002 	btmtk_data->isopkt_tx_ep = NULL;
1003 	btmtk_data->isopkt_rx_ep = NULL;
1004 
1005 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1006 		struct usb_endpoint_descriptor *ep_desc;
1007 
1008 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1009 
1010 		if (!btmtk_data->isopkt_tx_ep &&
1011 		    usb_endpoint_is_int_out(ep_desc)) {
1012 			btmtk_data->isopkt_tx_ep = ep_desc;
1013 			continue;
1014 		}
1015 
1016 		if (!btmtk_data->isopkt_rx_ep &&
1017 		    usb_endpoint_is_int_in(ep_desc)) {
1018 			btmtk_data->isopkt_rx_ep = ep_desc;
1019 			continue;
1020 		}
1021 	}
1022 
1023 	if (!btmtk_data->isopkt_tx_ep ||
1024 	    !btmtk_data->isopkt_rx_ep) {
1025 		bt_dev_err(hdev, "invalid interrupt descriptors");
1026 		return -ENODEV;
1027 	}
1028 
1029 	return 0;
1030 }
1031 
alloc_mtk_intr_urb(struct hci_dev * hdev,struct sk_buff * skb,usb_complete_t tx_complete)1032 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb,
1033 			       usb_complete_t tx_complete)
1034 {
1035 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1036 	struct urb *urb;
1037 	unsigned int pipe;
1038 
1039 	if (!btmtk_data->isopkt_tx_ep)
1040 		return ERR_PTR(-ENODEV);
1041 
1042 	urb = usb_alloc_urb(0, GFP_KERNEL);
1043 	if (!urb)
1044 		return ERR_PTR(-ENOMEM);
1045 
1046 	if (btmtk_isopkt_pad(hdev, skb))
1047 		return ERR_PTR(-EINVAL);
1048 
1049 	pipe = usb_sndintpipe(btmtk_data->udev,
1050 			      btmtk_data->isopkt_tx_ep->bEndpointAddress);
1051 
1052 	usb_fill_int_urb(urb, btmtk_data->udev, pipe,
1053 			 skb->data, skb->len, tx_complete,
1054 			 skb, btmtk_data->isopkt_tx_ep->bInterval);
1055 
1056 	skb->dev = (void *)hdev;
1057 
1058 	return urb;
1059 }
1060 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb);
1061 
btmtk_recv_isopkt(struct hci_dev * hdev,void * buffer,int count)1062 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count)
1063 {
1064 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1065 	struct sk_buff *skb;
1066 	unsigned long flags;
1067 	int err = 0;
1068 
1069 	spin_lock_irqsave(&btmtk_data->isorxlock, flags);
1070 	skb = btmtk_data->isopkt_skb;
1071 
1072 	while (count) {
1073 		int len;
1074 
1075 		if (!skb) {
1076 			skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC);
1077 			if (!skb) {
1078 				err = -ENOMEM;
1079 				break;
1080 			}
1081 
1082 			hci_skb_pkt_type(skb) = HCI_ISODATA_PKT;
1083 			hci_skb_expect(skb) = HCI_ISO_HDR_SIZE;
1084 		}
1085 
1086 		len = min_t(uint, hci_skb_expect(skb), count);
1087 		skb_put_data(skb, buffer, len);
1088 
1089 		count -= len;
1090 		buffer += len;
1091 		hci_skb_expect(skb) -= len;
1092 
1093 		if (skb->len == HCI_ISO_HDR_SIZE) {
1094 			__le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen;
1095 
1096 			/* Complete ISO header */
1097 			hci_skb_expect(skb) = __le16_to_cpu(dlen);
1098 
1099 			if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1100 				kfree_skb(skb);
1101 				skb = NULL;
1102 
1103 				err = -EILSEQ;
1104 				break;
1105 			}
1106 		}
1107 
1108 		if (!hci_skb_expect(skb)) {
1109 			/* Complete frame */
1110 			hci_recv_frame(hdev, skb);
1111 			skb = NULL;
1112 		}
1113 	}
1114 
1115 	btmtk_data->isopkt_skb = skb;
1116 	spin_unlock_irqrestore(&btmtk_data->isorxlock, flags);
1117 
1118 	return err;
1119 }
1120 
btmtk_intr_complete(struct urb * urb)1121 static void btmtk_intr_complete(struct urb *urb)
1122 {
1123 	struct hci_dev *hdev = urb->context;
1124 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1125 	int err;
1126 
1127 	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1128 	       urb->actual_length);
1129 
1130 	if (!test_bit(HCI_RUNNING, &hdev->flags))
1131 		return;
1132 
1133 	if (hdev->suspended)
1134 		return;
1135 
1136 	if (urb->status == 0) {
1137 		hdev->stat.byte_rx += urb->actual_length;
1138 
1139 		if (btmtk_recv_isopkt(hdev, urb->transfer_buffer,
1140 				      urb->actual_length) < 0) {
1141 			bt_dev_err(hdev, "corrupted iso packet");
1142 			hdev->stat.err_rx++;
1143 		}
1144 	} else if (urb->status == -ENOENT) {
1145 		/* Avoid suspend failed when usb_kill_urb */
1146 		return;
1147 	}
1148 
1149 	usb_mark_last_busy(btmtk_data->udev);
1150 	usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1151 
1152 	err = usb_submit_urb(urb, GFP_ATOMIC);
1153 	if (err < 0) {
1154 		/* -EPERM: urb is being killed;
1155 		 * -ENODEV: device got disconnected
1156 		 */
1157 		if (err != -EPERM && err != -ENODEV)
1158 			bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1159 				   urb, -err);
1160 		if (err != -EPERM)
1161 			hci_cmd_sync_cancel(hdev, -err);
1162 		usb_unanchor_urb(urb);
1163 	}
1164 }
1165 
btmtk_submit_intr_urb(struct hci_dev * hdev,gfp_t mem_flags)1166 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1167 {
1168 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1169 	unsigned char *buf;
1170 	unsigned int pipe;
1171 	struct urb *urb;
1172 	int err, size;
1173 
1174 	BT_DBG("%s", hdev->name);
1175 
1176 	if (!btmtk_data->isopkt_rx_ep)
1177 		return -ENODEV;
1178 
1179 	urb = usb_alloc_urb(0, mem_flags);
1180 	if (!urb)
1181 		return -ENOMEM;
1182 	size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize);
1183 
1184 	buf = kmalloc(size, mem_flags);
1185 	if (!buf) {
1186 		usb_free_urb(urb);
1187 		return -ENOMEM;
1188 	}
1189 
1190 	pipe = usb_rcvintpipe(btmtk_data->udev,
1191 			      btmtk_data->isopkt_rx_ep->bEndpointAddress);
1192 
1193 	usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size,
1194 			 btmtk_intr_complete, hdev,
1195 			 btmtk_data->isopkt_rx_ep->bInterval);
1196 
1197 	urb->transfer_flags |= URB_FREE_BUFFER;
1198 
1199 	usb_mark_last_busy(btmtk_data->udev);
1200 	usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1201 
1202 	err = usb_submit_urb(urb, mem_flags);
1203 	if (err < 0) {
1204 		if (err != -EPERM && err != -ENODEV)
1205 			bt_dev_err(hdev, "urb %p submission failed (%d)",
1206 				   urb, -err);
1207 		usb_unanchor_urb(urb);
1208 	}
1209 
1210 	usb_free_urb(urb);
1211 
1212 	return err;
1213 }
1214 
btmtk_usb_isointf_init(struct hci_dev * hdev)1215 static int btmtk_usb_isointf_init(struct hci_dev *hdev)
1216 {
1217 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1218 	u8 iso_param[2] = { 0x08, 0x01 };
1219 	struct sk_buff *skb;
1220 	int err;
1221 
1222 	spin_lock_init(&btmtk_data->isorxlock);
1223 
1224 	__set_mtk_intr_interface(hdev);
1225 
1226 	err = btmtk_submit_intr_urb(hdev, GFP_KERNEL);
1227 	if (err < 0) {
1228 		usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1229 		bt_dev_err(hdev, "ISO intf not support (%d)", err);
1230 		return err;
1231 	}
1232 
1233 	skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param,
1234 			     HCI_INIT_TIMEOUT);
1235 	if (IS_ERR(skb)) {
1236 		bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb));
1237 		return PTR_ERR(skb);
1238 	}
1239 	kfree_skb(skb);
1240 
1241 	return 0;
1242 }
1243 
btmtk_usb_resume(struct hci_dev * hdev)1244 int btmtk_usb_resume(struct hci_dev *hdev)
1245 {
1246 	/* This function describes the specific additional steps taken by MediaTek
1247 	 * when Bluetooth usb driver's resume function is called.
1248 	 */
1249 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1250 
1251 	/* Resubmit urb for iso data transmission */
1252 	if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) {
1253 		if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0)
1254 			clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1255 	}
1256 
1257 	return 0;
1258 }
1259 EXPORT_SYMBOL_GPL(btmtk_usb_resume);
1260 
btmtk_usb_suspend(struct hci_dev * hdev)1261 int btmtk_usb_suspend(struct hci_dev *hdev)
1262 {
1263 	/* This function describes the specific additional steps taken by MediaTek
1264 	 * when Bluetooth usb driver's suspend function is called.
1265 	 */
1266 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1267 
1268 	/* Stop urb anchor for iso data transmission */
1269 	if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags))
1270 		usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1271 
1272 	return 0;
1273 }
1274 EXPORT_SYMBOL_GPL(btmtk_usb_suspend);
1275 
btmtk_usb_setup(struct hci_dev * hdev)1276 int btmtk_usb_setup(struct hci_dev *hdev)
1277 {
1278 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1279 	struct btmtk_hci_wmt_params wmt_params;
1280 	ktime_t calltime, delta, rettime;
1281 	struct btmtk_tci_sleep tci_sleep;
1282 	unsigned long long duration;
1283 	struct sk_buff *skb;
1284 	const char *fwname;
1285 	int err, status;
1286 	u32 dev_id = 0;
1287 	char fw_bin_name[64];
1288 	u32 fw_version = 0, fw_flavor = 0;
1289 	u8 param;
1290 
1291 	calltime = ktime_get();
1292 
1293 	err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id);
1294 	if (err < 0) {
1295 		bt_dev_err(hdev, "Failed to get device id (%d)", err);
1296 		return err;
1297 	}
1298 
1299 	if (!dev_id || dev_id != 0x7663) {
1300 		err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id);
1301 		if (err < 0) {
1302 			bt_dev_err(hdev, "Failed to get device id (%d)", err);
1303 			return err;
1304 		}
1305 		err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version);
1306 		if (err < 0) {
1307 			bt_dev_err(hdev, "Failed to get fw version (%d)", err);
1308 			return err;
1309 		}
1310 		err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor);
1311 		if (err < 0) {
1312 			bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
1313 			return err;
1314 		}
1315 		fw_flavor = (fw_flavor & 0x00000080) >> 7;
1316 	}
1317 
1318 	btmtk_data->dev_id = dev_id;
1319 
1320 	err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version);
1321 	if (err < 0)
1322 		bt_dev_err(hdev, "Failed to register coredump (%d)", err);
1323 
1324 	switch (dev_id) {
1325 	case 0x7663:
1326 		fwname = FIRMWARE_MT7663;
1327 		break;
1328 	case 0x7668:
1329 		fwname = FIRMWARE_MT7668;
1330 		break;
1331 	case 0x7922:
1332 	case 0x7961:
1333 	case 0x7925:
1334 		/* Reset the device to ensure it's in the initial state before
1335 		 * downloading the firmware to ensure.
1336 		 */
1337 
1338 		if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags))
1339 			btmtk_usb_subsys_reset(hdev, dev_id);
1340 
1341 		btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id,
1342 				      fw_version, fw_flavor);
1343 
1344 		err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
1345 						btmtk_usb_hci_wmt_sync);
1346 		if (err < 0) {
1347 			bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
1348 			clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1349 			return err;
1350 		}
1351 
1352 		set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1353 
1354 		/* It's Device EndPoint Reset Option Register */
1355 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT,
1356 					      MTK_EP_RST_IN_OUT_OPT);
1357 		if (err < 0)
1358 			return err;
1359 
1360 		/* Enable Bluetooth protocol */
1361 		param = 1;
1362 		wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1363 		wmt_params.flag = 0;
1364 		wmt_params.dlen = sizeof(param);
1365 		wmt_params.data = &param;
1366 		wmt_params.status = NULL;
1367 
1368 		err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1369 		if (err < 0) {
1370 			bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1371 			return err;
1372 		}
1373 
1374 		hci_set_msft_opcode(hdev, 0xFD30);
1375 		hci_set_aosp_capable(hdev);
1376 
1377 		/* Set up ISO interface after protocol enabled */
1378 		if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
1379 			if (!btmtk_usb_isointf_init(hdev))
1380 				set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1381 		}
1382 
1383 		goto done;
1384 	default:
1385 		bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
1386 			   dev_id);
1387 		return -ENODEV;
1388 	}
1389 
1390 	/* Query whether the firmware is already download */
1391 	wmt_params.op = BTMTK_WMT_SEMAPHORE;
1392 	wmt_params.flag = 1;
1393 	wmt_params.dlen = 0;
1394 	wmt_params.data = NULL;
1395 	wmt_params.status = &status;
1396 
1397 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1398 	if (err < 0) {
1399 		bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
1400 		return err;
1401 	}
1402 
1403 	if (status == BTMTK_WMT_PATCH_DONE) {
1404 		bt_dev_info(hdev, "firmware already downloaded");
1405 		goto ignore_setup_fw;
1406 	}
1407 
1408 	/* Setup a firmware which the device definitely requires */
1409 	err = btmtk_setup_firmware(hdev, fwname,
1410 				   btmtk_usb_hci_wmt_sync);
1411 	if (err < 0)
1412 		return err;
1413 
1414 ignore_setup_fw:
1415 	err = readx_poll_timeout(btmtk_usb_func_query, hdev, status,
1416 				 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
1417 				 2000, 5000000);
1418 	/* -ETIMEDOUT happens */
1419 	if (err < 0)
1420 		return err;
1421 
1422 	/* The other errors happen in btmtk_usb_func_query */
1423 	if (status < 0)
1424 		return status;
1425 
1426 	if (status == BTMTK_WMT_ON_DONE) {
1427 		bt_dev_info(hdev, "function already on");
1428 		goto ignore_func_on;
1429 	}
1430 
1431 	/* Enable Bluetooth protocol */
1432 	param = 1;
1433 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1434 	wmt_params.flag = 0;
1435 	wmt_params.dlen = sizeof(param);
1436 	wmt_params.data = &param;
1437 	wmt_params.status = NULL;
1438 
1439 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1440 	if (err < 0) {
1441 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1442 		return err;
1443 	}
1444 
1445 ignore_func_on:
1446 	/* Apply the low power environment setup */
1447 	tci_sleep.mode = 0x5;
1448 	tci_sleep.duration = cpu_to_le16(0x640);
1449 	tci_sleep.host_duration = cpu_to_le16(0x640);
1450 	tci_sleep.host_wakeup_pin = 0;
1451 	tci_sleep.time_compensation = 0;
1452 
1453 	skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
1454 			     HCI_INIT_TIMEOUT);
1455 	if (IS_ERR(skb)) {
1456 		err = PTR_ERR(skb);
1457 		bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
1458 		return err;
1459 	}
1460 	kfree_skb(skb);
1461 
1462 done:
1463 	rettime = ktime_get();
1464 	delta = ktime_sub(rettime, calltime);
1465 	duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1466 
1467 	bt_dev_info(hdev, "Device setup in %llu usecs", duration);
1468 
1469 	return 0;
1470 }
1471 EXPORT_SYMBOL_GPL(btmtk_usb_setup);
1472 
btmtk_usb_shutdown(struct hci_dev * hdev)1473 int btmtk_usb_shutdown(struct hci_dev *hdev)
1474 {
1475 	struct btmtk_hci_wmt_params wmt_params;
1476 	u8 param = 0;
1477 	int err;
1478 
1479 	/* Disable the device */
1480 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1481 	wmt_params.flag = 0;
1482 	wmt_params.dlen = sizeof(param);
1483 	wmt_params.data = &param;
1484 	wmt_params.status = NULL;
1485 
1486 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1487 	if (err < 0) {
1488 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1489 		return err;
1490 	}
1491 
1492 	return 0;
1493 }
1494 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown);
1495 #endif
1496 
1497 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>");
1498 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>");
1499 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
1500 MODULE_VERSION(VERSION);
1501 MODULE_LICENSE("GPL");
1502 MODULE_FIRMWARE(FIRMWARE_MT7622);
1503 MODULE_FIRMWARE(FIRMWARE_MT7663);
1504 MODULE_FIRMWARE(FIRMWARE_MT7668);
1505 MODULE_FIRMWARE(FIRMWARE_MT7922);
1506 MODULE_FIRMWARE(FIRMWARE_MT7961);
1507 MODULE_FIRMWARE(FIRMWARE_MT7925);
1508