1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2021 MediaTek Inc. 3 * 4 */ 5 #include <linux/module.h> 6 #include <linux/firmware.h> 7 #include <linux/usb.h> 8 #include <linux/iopoll.h> 9 #include <linux/unaligned.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btmtk.h" 15 16 #define VERSION "0.1" 17 18 /* It is for mt79xx download rom patch*/ 19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32 20 #define MTK_FW_ROM_PATCH_GD_SIZE 64 21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64 22 #define MTK_SEC_MAP_COMMON_SIZE 12 23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52 24 25 /* It is for mt79xx iso data transmission setting */ 26 #define MTK_ISO_THRESHOLD 264 27 28 struct btmtk_patch_header { 29 u8 datetime[16]; 30 u8 platform[4]; 31 __le16 hwver; 32 __le16 swver; 33 __le32 magicnum; 34 } __packed; 35 36 struct btmtk_global_desc { 37 __le32 patch_ver; 38 __le32 sub_sys; 39 __le32 feature_opt; 40 __le32 section_num; 41 } __packed; 42 43 struct btmtk_section_map { 44 __le32 sectype; 45 __le32 secoffset; 46 __le32 secsize; 47 union { 48 __le32 u4SecSpec[13]; 49 struct { 50 __le32 dlAddr; 51 __le32 dlsize; 52 __le32 seckeyidx; 53 __le32 alignlen; 54 __le32 sectype; 55 __le32 dlmodecrctype; 56 __le32 crc; 57 __le32 reserved[6]; 58 } bin_info_spec; 59 }; 60 } __packed; 61 62 static void btmtk_coredump(struct hci_dev *hdev) 63 { 64 int err; 65 66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL); 67 if (err < 0) 68 bt_dev_err(hdev, "Coredump failed (%d)", err); 69 } 70 71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 struct btmtk_data *data = hci_get_priv(hdev); 74 char buf[80]; 75 76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 77 data->dev_id); 78 skb_put_data(skb, buf, strlen(buf)); 79 80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 81 data->cd_info.fw_version); 82 skb_put_data(skb, buf, strlen(buf)); 83 84 snprintf(buf, sizeof(buf), "Driver: %s\n", 85 data->cd_info.driver_name); 86 skb_put_data(skb, buf, strlen(buf)); 87 88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n"); 89 skb_put_data(skb, buf, strlen(buf)); 90 } 91 92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state) 93 { 94 struct btmtk_data *data = hci_get_priv(hdev); 95 96 switch (state) { 97 case HCI_DEVCOREDUMP_IDLE: 98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 99 break; 100 case HCI_DEVCOREDUMP_ACTIVE: 101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE; 102 break; 103 case HCI_DEVCOREDUMP_TIMEOUT: 104 case HCI_DEVCOREDUMP_ABORT: 105 case HCI_DEVCOREDUMP_DONE: 106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 107 btmtk_reset_sync(hdev); 108 break; 109 } 110 } 111 112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver, 113 u32 fw_flavor) 114 { 115 if (dev_id == 0x6639) 116 snprintf(buf, size, 117 "mediatek/mt7927/BT_RAM_CODE_MT%04x_2_%x_hdr.bin", 118 dev_id & 0xffff, (fw_ver & 0xff) + 1); 119 else if (dev_id == 0x7925) 120 snprintf(buf, size, 121 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 122 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1); 123 else if (dev_id == 0x7961 && fw_flavor) 124 snprintf(buf, size, 125 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin", 126 dev_id & 0xffff, (fw_ver & 0xff) + 1); 127 else 128 snprintf(buf, size, 129 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 130 dev_id & 0xffff, (fw_ver & 0xff) + 1); 131 } 132 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename); 133 134 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, 135 wmt_cmd_sync_func_t wmt_cmd_sync, 136 u32 dev_id) 137 { 138 struct btmtk_hci_wmt_params wmt_params; 139 struct btmtk_patch_header *hdr; 140 struct btmtk_global_desc *globaldesc = NULL; 141 struct btmtk_section_map *sectionmap; 142 const struct firmware *fw; 143 const u8 *fw_ptr; 144 const u8 *fw_bin_ptr; 145 int err, dlen, i, status; 146 u8 flag, first_block, retry; 147 u32 section_num, dl_size, section_offset; 148 u8 cmd[64]; 149 150 err = request_firmware(&fw, fwname, &hdev->dev); 151 if (err < 0) { 152 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 153 return err; 154 } 155 156 fw_ptr = fw->data; 157 fw_bin_ptr = fw_ptr; 158 hdr = (struct btmtk_patch_header *)fw_ptr; 159 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE); 160 section_num = le32_to_cpu(globaldesc->section_num); 161 162 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s", 163 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime); 164 165 for (i = 0; i < section_num; i++) { 166 first_block = 1; 167 fw_ptr = fw_bin_ptr; 168 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 169 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i); 170 171 section_offset = le32_to_cpu(sectionmap->secoffset); 172 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize); 173 174 /* MT6639: only download sections where dlmode byte0 == 0x01, 175 * matching the Windows driver behavior which skips WiFi/other 176 * sections that would cause the chip to hang. 177 */ 178 if (dev_id == 0x6639 && dl_size > 0 && 179 (le32_to_cpu(sectionmap->bin_info_spec.dlmodecrctype) & 0xff) != 0x01) 180 continue; 181 182 if (dl_size > 0) { 183 retry = 20; 184 while (retry > 0) { 185 cmd[0] = 0; /* 0 means legacy dl mode. */ 186 memcpy(cmd + 1, 187 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 188 MTK_FW_ROM_PATCH_GD_SIZE + 189 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + 190 MTK_SEC_MAP_COMMON_SIZE, 191 MTK_SEC_MAP_NEED_SEND_SIZE); 192 193 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 194 wmt_params.status = &status; 195 wmt_params.flag = 0; 196 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1; 197 wmt_params.data = &cmd; 198 199 err = wmt_cmd_sync(hdev, &wmt_params); 200 if (err < 0) { 201 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 202 err); 203 goto err_release_fw; 204 } 205 206 if (status == BTMTK_WMT_PATCH_UNDONE) { 207 break; 208 } else if (status == BTMTK_WMT_PATCH_PROGRESS) { 209 msleep(100); 210 retry--; 211 } else if (status == BTMTK_WMT_PATCH_DONE) { 212 goto next_section; 213 } else { 214 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)", 215 status); 216 err = -EIO; 217 goto err_release_fw; 218 } 219 } 220 221 /* If retry exhausted goto err_release_fw */ 222 if (retry == 0) { 223 err = -EIO; 224 goto err_release_fw; 225 } 226 227 fw_ptr += section_offset; 228 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 229 230 while (dl_size > 0) { 231 dlen = min_t(int, 250, dl_size); 232 if (first_block == 1) { 233 flag = 1; 234 first_block = 0; 235 } else if (dl_size - dlen <= 0) { 236 flag = 3; 237 } else { 238 flag = 2; 239 } 240 241 wmt_params.flag = flag; 242 wmt_params.dlen = dlen; 243 wmt_params.data = fw_ptr; 244 245 err = wmt_cmd_sync(hdev, &wmt_params); 246 /* Status BTMTK_WMT_PATCH_PROGRESS indicates firmware is 247 * in process of being downloaded, which is not expected to 248 * occur here. 249 */ 250 if (status == BTMTK_WMT_PATCH_PROGRESS) { 251 err = -EIO; 252 goto err_release_fw; 253 } else if (err < 0) { 254 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 255 err); 256 goto err_release_fw; 257 } 258 259 dl_size -= dlen; 260 fw_ptr += dlen; 261 } 262 } 263 next_section: 264 continue; 265 } 266 /* Wait a few moments for firmware activation done */ 267 usleep_range(100000, 120000); 268 269 err_release_fw: 270 release_firmware(fw); 271 272 return err; 273 } 274 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx); 275 276 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname, 277 wmt_cmd_sync_func_t wmt_cmd_sync) 278 { 279 struct btmtk_hci_wmt_params wmt_params; 280 const struct firmware *fw; 281 const u8 *fw_ptr; 282 size_t fw_size; 283 int err, dlen; 284 u8 flag, param; 285 286 err = request_firmware(&fw, fwname, &hdev->dev); 287 if (err < 0) { 288 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 289 return err; 290 } 291 292 /* Power on data RAM the firmware relies on. */ 293 param = 1; 294 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 295 wmt_params.flag = 3; 296 wmt_params.dlen = sizeof(param); 297 wmt_params.data = ¶m; 298 wmt_params.status = NULL; 299 300 err = wmt_cmd_sync(hdev, &wmt_params); 301 if (err < 0) { 302 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 303 goto err_release_fw; 304 } 305 306 fw_ptr = fw->data; 307 fw_size = fw->size; 308 309 /* The size of patch header is 30 bytes, should be skip */ 310 if (fw_size < 30) { 311 err = -EINVAL; 312 goto err_release_fw; 313 } 314 315 fw_size -= 30; 316 fw_ptr += 30; 317 flag = 1; 318 319 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 320 wmt_params.status = NULL; 321 322 while (fw_size > 0) { 323 dlen = min_t(int, 250, fw_size); 324 325 /* Tell device the position in sequence */ 326 if (fw_size - dlen <= 0) 327 flag = 3; 328 else if (fw_size < fw->size - 30) 329 flag = 2; 330 331 wmt_params.flag = flag; 332 wmt_params.dlen = dlen; 333 wmt_params.data = fw_ptr; 334 335 err = wmt_cmd_sync(hdev, &wmt_params); 336 if (err < 0) { 337 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 338 err); 339 goto err_release_fw; 340 } 341 342 fw_size -= dlen; 343 fw_ptr += dlen; 344 } 345 346 wmt_params.op = BTMTK_WMT_RST; 347 wmt_params.flag = 4; 348 wmt_params.dlen = 0; 349 wmt_params.data = NULL; 350 wmt_params.status = NULL; 351 352 /* Activate function the firmware providing to */ 353 err = wmt_cmd_sync(hdev, &wmt_params); 354 if (err < 0) { 355 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 356 goto err_release_fw; 357 } 358 359 /* Wait a few moments for firmware activation done */ 360 usleep_range(10000, 12000); 361 362 err_release_fw: 363 release_firmware(fw); 364 365 return err; 366 } 367 EXPORT_SYMBOL_GPL(btmtk_setup_firmware); 368 369 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 370 { 371 struct sk_buff *skb; 372 long ret; 373 374 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT); 375 if (IS_ERR(skb)) { 376 ret = PTR_ERR(skb); 377 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)", 378 ret); 379 return ret; 380 } 381 kfree_skb(skb); 382 383 return 0; 384 } 385 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr); 386 387 void btmtk_reset_sync(struct hci_dev *hdev) 388 { 389 struct btmtk_data *reset_work = hci_get_priv(hdev); 390 int err; 391 392 hci_dev_lock(hdev); 393 394 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL); 395 if (err) 396 bt_dev_err(hdev, "failed to reset (%d)", err); 397 398 hci_dev_unlock(hdev); 399 } 400 EXPORT_SYMBOL_GPL(btmtk_reset_sync); 401 402 int btmtk_register_coredump(struct hci_dev *hdev, const char *name, 403 u32 fw_version) 404 { 405 struct btmtk_data *data = hci_get_priv(hdev); 406 407 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 408 return -EOPNOTSUPP; 409 410 data->cd_info.fw_version = fw_version; 411 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 412 data->cd_info.driver_name = name; 413 414 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr, 415 btmtk_coredump_notify); 416 } 417 EXPORT_SYMBOL_GPL(btmtk_register_coredump); 418 419 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 420 { 421 struct btmtk_data *data = hci_get_priv(hdev); 422 int err; 423 bool complete = false; 424 425 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) { 426 kfree_skb(skb); 427 return 0; 428 } 429 430 switch (data->cd_info.state) { 431 case HCI_DEVCOREDUMP_IDLE: 432 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); 433 if (err < 0) { 434 kfree_skb(skb); 435 break; 436 } 437 data->cd_info.cnt = 0; 438 439 /* It is supposed coredump can be done within 5 seconds */ 440 schedule_delayed_work(&hdev->dump.dump_timeout, 441 msecs_to_jiffies(5000)); 442 fallthrough; 443 case HCI_DEVCOREDUMP_ACTIVE: 444 default: 445 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */ 446 if (data->cd_info.cnt >= MTK_COREDUMP_NUM && 447 skb->len > MTK_COREDUMP_END_LEN) 448 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN], 449 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) 450 complete = true; 451 452 err = hci_devcd_append(hdev, skb); 453 if (err < 0) 454 break; 455 data->cd_info.cnt++; 456 457 if (complete) { 458 bt_dev_info(hdev, "Mediatek coredump end"); 459 hci_devcd_complete(hdev); 460 } 461 462 break; 463 } 464 465 return err; 466 } 467 EXPORT_SYMBOL_GPL(btmtk_process_coredump); 468 469 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) 470 /* Known MT6639 (MT7927) Bluetooth USB devices. 471 * Used to scope the zero-CHIPID workaround to real MT6639 hardware, 472 * since some boards return 0x0000 from the MMIO chip ID register. 473 */ 474 static const struct { 475 u16 vendor; 476 u16 product; 477 } btmtk_mt6639_devs[] = { 478 { 0x0489, 0xe13a }, /* ASUS ROG Crosshair X870E Hero */ 479 { 0x0489, 0xe0fa }, /* Lenovo Legion Pro 7 16ARX9 */ 480 { 0x0489, 0xe10f }, /* Gigabyte Z790 AORUS MASTER X */ 481 { 0x0489, 0xe110 }, /* MSI X870E Ace Max */ 482 { 0x0489, 0xe116 }, /* TP-Link Archer TBE550E */ 483 { 0x13d3, 0x3588 }, /* ASUS ROG STRIX X870E-E */ 484 }; 485 486 static void btmtk_usb_wmt_recv(struct urb *urb) 487 { 488 struct hci_dev *hdev = urb->context; 489 struct btmtk_data *data = hci_get_priv(hdev); 490 struct sk_buff *skb; 491 int err; 492 493 if (urb->status == 0 && urb->actual_length > 0) { 494 hdev->stat.byte_rx += urb->actual_length; 495 496 /* WMT event shouldn't be fragmented and the size should be 497 * less than HCI_WMT_MAX_EVENT_SIZE. 498 */ 499 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 500 if (!skb) { 501 hdev->stat.err_rx++; 502 kfree(urb->setup_packet); 503 return; 504 } 505 506 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 507 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 508 509 /* When someone waits for the WMT event, the skb is being cloned 510 * and being processed the events from there then. 511 */ 512 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) { 513 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 514 if (!data->evt_skb) { 515 kfree_skb(skb); 516 kfree(urb->setup_packet); 517 return; 518 } 519 } 520 521 err = hci_recv_frame(hdev, skb); 522 if (err < 0) { 523 kfree_skb(data->evt_skb); 524 data->evt_skb = NULL; 525 kfree(urb->setup_packet); 526 return; 527 } 528 529 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT, 530 &data->flags)) { 531 /* Barrier to sync with other CPUs */ 532 smp_mb__after_atomic(); 533 wake_up_bit(&data->flags, 534 BTMTK_TX_WAIT_VND_EVT); 535 } 536 kfree(urb->setup_packet); 537 return; 538 } else if (urb->status == -ENOENT) { 539 /* Avoid suspend failed when usb_kill_urb */ 540 kfree(urb->setup_packet); 541 return; 542 } 543 544 usb_mark_last_busy(data->udev); 545 546 /* The URB complete handler is still called with urb->actual_length = 0 547 * when the event is not available, so we should keep re-submitting 548 * URB until WMT event returns, Also, It's necessary to wait some time 549 * between the two consecutive control URBs to relax the target device 550 * to generate the event. Otherwise, the WMT event cannot return from 551 * the device successfully. 552 */ 553 udelay(500); 554 555 usb_anchor_urb(urb, data->ctrl_anchor); 556 err = usb_submit_urb(urb, GFP_ATOMIC); 557 if (err < 0) { 558 kfree(urb->setup_packet); 559 /* -EPERM: urb is being killed; 560 * -ENODEV: device got disconnected 561 */ 562 if (err != -EPERM && err != -ENODEV) 563 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 564 urb, -err); 565 usb_unanchor_urb(urb); 566 } 567 } 568 569 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev) 570 { 571 struct btmtk_data *data = hci_get_priv(hdev); 572 struct usb_ctrlrequest *dr; 573 unsigned char *buf; 574 int err, size = 64; 575 unsigned int pipe; 576 struct urb *urb; 577 578 urb = usb_alloc_urb(0, GFP_KERNEL); 579 if (!urb) 580 return -ENOMEM; 581 582 dr = kmalloc_obj(*dr); 583 if (!dr) { 584 usb_free_urb(urb); 585 return -ENOMEM; 586 } 587 588 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 589 dr->bRequest = 1; 590 dr->wIndex = cpu_to_le16(0); 591 dr->wValue = cpu_to_le16(48); 592 dr->wLength = cpu_to_le16(size); 593 594 buf = kmalloc(size, GFP_KERNEL); 595 if (!buf) { 596 kfree(dr); 597 usb_free_urb(urb); 598 return -ENOMEM; 599 } 600 601 pipe = usb_rcvctrlpipe(data->udev, 0); 602 603 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 604 buf, size, btmtk_usb_wmt_recv, hdev); 605 606 urb->transfer_flags |= URB_FREE_BUFFER; 607 608 usb_anchor_urb(urb, data->ctrl_anchor); 609 err = usb_submit_urb(urb, GFP_KERNEL); 610 if (err < 0) { 611 if (err != -EPERM && err != -ENODEV) 612 bt_dev_err(hdev, "urb %p submission failed (%d)", 613 urb, -err); 614 kfree(dr); 615 usb_unanchor_urb(urb); 616 } 617 618 usb_free_urb(urb); 619 620 return err; 621 } 622 623 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev, 624 struct btmtk_hci_wmt_params *wmt_params) 625 { 626 struct btmtk_data *data = hci_get_priv(hdev); 627 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 628 u32 hlen, status = BTMTK_WMT_INVALID; 629 struct btmtk_hci_wmt_evt *wmt_evt; 630 struct btmtk_hci_wmt_cmd *wc; 631 struct btmtk_wmt_hdr *hdr; 632 int err; 633 634 /* Send the WMT command and wait until the WMT event returns */ 635 hlen = sizeof(*hdr) + wmt_params->dlen; 636 if (hlen > 255) 637 return -EINVAL; 638 639 wc = kzalloc(hlen, GFP_KERNEL); 640 if (!wc) 641 return -ENOMEM; 642 643 hdr = &wc->hdr; 644 hdr->dir = 1; 645 hdr->op = wmt_params->op; 646 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 647 hdr->flag = wmt_params->flag; 648 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 649 650 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 651 652 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 653 * it needs constantly polling control pipe until the host received the 654 * WMT event, thus, we should require to specifically acquire PM counter 655 * on the USB to prevent the interface from entering auto suspended 656 * while WMT cmd/event in progress. 657 */ 658 err = usb_autopm_get_interface(data->intf); 659 if (err < 0) 660 goto err_free_wc; 661 662 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 663 664 if (err < 0) { 665 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 666 usb_autopm_put_interface(data->intf); 667 goto err_free_wc; 668 } 669 670 /* Submit control IN URB on demand to process the WMT event */ 671 err = btmtk_usb_submit_wmt_recv_urb(hdev); 672 673 usb_autopm_put_interface(data->intf); 674 675 if (err < 0) 676 goto err_free_wc; 677 678 /* The vendor specific WMT commands are all answered by a vendor 679 * specific event and will have the Command Status or Command 680 * Complete as with usual HCI command flow control. 681 * 682 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 683 * state to be cleared. The driver specific event receive routine 684 * will clear that state and with that indicate completion of the 685 * WMT command. 686 */ 687 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT, 688 TASK_UNINTERRUPTIBLE, HCI_INIT_TIMEOUT); 689 690 if (err) { 691 bt_dev_err(hdev, "Execution of wmt command timed out"); 692 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 693 err = -ETIMEDOUT; 694 goto err_free_wc; 695 } 696 697 if (data->evt_skb == NULL) 698 goto err_free_wc; 699 700 wmt_evt = skb_pull_data(data->evt_skb, sizeof(*wmt_evt)); 701 if (!wmt_evt) { 702 bt_dev_err(hdev, "WMT event too short (%u bytes)", 703 data->evt_skb->len); 704 err = -EINVAL; 705 goto err_free_skb; 706 } 707 if (wmt_evt->whdr.op != hdr->op) { 708 bt_dev_err(hdev, "Wrong op received %d expected %d", 709 wmt_evt->whdr.op, hdr->op); 710 err = -EIO; 711 goto err_free_skb; 712 } 713 714 switch (wmt_evt->whdr.op) { 715 case BTMTK_WMT_SEMAPHORE: 716 if (wmt_evt->whdr.flag == 2) 717 status = BTMTK_WMT_PATCH_UNDONE; 718 else 719 status = BTMTK_WMT_PATCH_DONE; 720 break; 721 case BTMTK_WMT_FUNC_CTRL: 722 if (!skb_pull_data(data->evt_skb, 723 sizeof(wmt_evt_funcc->status))) { 724 status = BTMTK_WMT_ON_UNDONE; 725 break; 726 } 727 728 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 729 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 730 status = BTMTK_WMT_ON_DONE; 731 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 732 status = BTMTK_WMT_ON_PROGRESS; 733 else 734 status = BTMTK_WMT_ON_UNDONE; 735 break; 736 case BTMTK_WMT_PATCH_DWNLD: 737 if (wmt_evt->whdr.flag == 2) 738 status = BTMTK_WMT_PATCH_DONE; 739 else if (wmt_evt->whdr.flag == 1) 740 status = BTMTK_WMT_PATCH_PROGRESS; 741 else 742 status = BTMTK_WMT_PATCH_UNDONE; 743 break; 744 } 745 746 if (wmt_params->status) 747 *wmt_params->status = status; 748 749 err_free_skb: 750 kfree_skb(data->evt_skb); 751 data->evt_skb = NULL; 752 err_free_wc: 753 kfree(wc); 754 return err; 755 } 756 757 static int btmtk_usb_func_query(struct hci_dev *hdev) 758 { 759 struct btmtk_hci_wmt_params wmt_params; 760 int status, err; 761 u8 param = 0; 762 763 /* Query whether the function is enabled */ 764 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 765 wmt_params.flag = 4; 766 wmt_params.dlen = sizeof(param); 767 wmt_params.data = ¶m; 768 wmt_params.status = &status; 769 770 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 771 if (err < 0) { 772 bt_dev_err(hdev, "Failed to query function status (%d)", err); 773 return err; 774 } 775 776 return status; 777 } 778 779 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val) 780 { 781 struct btmtk_data *data = hci_get_priv(hdev); 782 int pipe, err; 783 void *buf; 784 785 buf = kzalloc(4, GFP_KERNEL); 786 if (!buf) 787 return -ENOMEM; 788 789 put_unaligned_le32(val, buf); 790 791 pipe = usb_sndctrlpipe(data->udev, 0); 792 err = usb_control_msg(data->udev, pipe, 0x02, 793 0x5E, 794 reg >> 16, reg & 0xffff, 795 buf, 4, USB_CTRL_SET_TIMEOUT); 796 if (err < 0) 797 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 798 799 kfree(buf); 800 801 return err; 802 } 803 804 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 805 { 806 struct btmtk_data *data = hci_get_priv(hdev); 807 int pipe, err; 808 void *buf; 809 810 buf = kzalloc(4, GFP_KERNEL); 811 if (!buf) 812 return -ENOMEM; 813 814 pipe = usb_rcvctrlpipe(data->udev, 0); 815 err = usb_control_msg(data->udev, pipe, 0x01, 816 0xDE, 817 reg >> 16, reg & 0xffff, 818 buf, 4, USB_CTRL_GET_TIMEOUT); 819 if (err < 0) { 820 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 821 goto err_free_buf; 822 } 823 824 *val = get_unaligned_le32(buf); 825 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 826 827 err_free_buf: 828 kfree(buf); 829 830 return err; 831 } 832 833 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 834 { 835 struct btmtk_data *data = hci_get_priv(hdev); 836 int pipe, err, size = sizeof(u32); 837 void *buf; 838 839 buf = kzalloc(size, GFP_KERNEL); 840 if (!buf) 841 return -ENOMEM; 842 843 pipe = usb_rcvctrlpipe(data->udev, 0); 844 err = usb_control_msg(data->udev, pipe, 0x63, 845 USB_TYPE_VENDOR | USB_DIR_IN, 846 reg >> 16, reg & 0xffff, 847 buf, size, USB_CTRL_GET_TIMEOUT); 848 if (err < 0) 849 goto err_free_buf; 850 851 *val = get_unaligned_le32(buf); 852 853 err_free_buf: 854 kfree(buf); 855 856 return err; 857 } 858 859 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id) 860 { 861 return btmtk_usb_reg_read(hdev, reg, id); 862 } 863 864 static u32 btmtk_usb_reset_done(struct hci_dev *hdev) 865 { 866 u32 val = 0; 867 868 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val); 869 870 return val & MTK_BT_RST_DONE; 871 } 872 873 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id) 874 { 875 u32 val; 876 int err; 877 878 if (dev_id == 0x7922) { 879 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 880 if (err < 0) 881 return err; 882 val |= 0x00002020; 883 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 884 if (err < 0) 885 return err; 886 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 887 if (err < 0) 888 return err; 889 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 890 if (err < 0) 891 return err; 892 val |= BIT(0); 893 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 894 if (err < 0) 895 return err; 896 msleep(100); 897 } else if (dev_id == 0x7925 || dev_id == 0x6639) { 898 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 899 if (err < 0) 900 return err; 901 val |= (1 << 5); 902 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 903 if (err < 0) 904 return err; 905 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 906 if (err < 0) 907 return err; 908 val &= 0xFFFF00FF; 909 val |= (1 << 13); 910 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 911 if (err < 0) 912 return err; 913 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 914 if (err < 0) 915 return err; 916 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 917 if (err < 0) 918 return err; 919 val |= (1 << 0); 920 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 921 if (err < 0) 922 return err; 923 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 924 if (err < 0) 925 return err; 926 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 927 if (err < 0) 928 return err; 929 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 930 if (err < 0) 931 return err; 932 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 933 if (err < 0) 934 return err; 935 msleep(100); 936 } else { 937 /* It's Device EndPoint Reset Option Register */ 938 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 939 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 940 if (err < 0) 941 return err; 942 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val); 943 if (err < 0) 944 return err; 945 /* Reset the bluetooth chip via USB interface. */ 946 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1); 947 if (err < 0) 948 return err; 949 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 950 if (err < 0) 951 return err; 952 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 953 if (err < 0) 954 return err; 955 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 956 if (err < 0) 957 return err; 958 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 959 if (err < 0) 960 return err; 961 /* MT7921 need to delay 20ms between toggle reset bit */ 962 msleep(20); 963 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0); 964 if (err < 0) 965 return err; 966 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 967 if (err < 0) 968 return err; 969 } 970 971 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val, 972 val & MTK_BT_RST_DONE, 20000, 1000000); 973 if (err < 0) 974 bt_dev_err(hdev, "Reset timeout"); 975 976 if (dev_id == 0x7922) { 977 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 978 if (err < 0) 979 return err; 980 } 981 982 err = btmtk_usb_id_get(hdev, 0x70010200, &val); 983 if (err < 0 || (!val && dev_id != 0x6639)) 984 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 985 986 return err; 987 } 988 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset); 989 990 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 991 { 992 struct btmtk_data *data = hci_get_priv(hdev); 993 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 994 995 switch (handle) { 996 case 0xfc6f: /* Firmware dump from device */ 997 /* When the firmware hangs, the device can no longer 998 * suspend and thus disable auto-suspend. 999 */ 1000 usb_disable_autosuspend(data->udev); 1001 1002 /* We need to forward the diagnostic packet to userspace daemon 1003 * for backward compatibility, so we have to clone the packet 1004 * extraly for the in-kernel coredump support. 1005 */ 1006 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) { 1007 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC); 1008 1009 if (skb_cd) 1010 btmtk_process_coredump(hdev, skb_cd); 1011 } 1012 1013 fallthrough; 1014 case 0x05ff: /* Firmware debug logging 1 */ 1015 case 0x05fe: /* Firmware debug logging 2 */ 1016 return hci_recv_diag(hdev, skb); 1017 } 1018 1019 return hci_recv_frame(hdev, skb); 1020 } 1021 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl); 1022 1023 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb) 1024 { 1025 if (skb->len > MTK_ISO_THRESHOLD) 1026 return -EINVAL; 1027 1028 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len)) 1029 return -ENOMEM; 1030 1031 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len); 1032 1033 return 0; 1034 } 1035 1036 static int __set_mtk_intr_interface(struct hci_dev *hdev) 1037 { 1038 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1039 struct usb_interface *intf = btmtk_data->isopkt_intf; 1040 int err; 1041 1042 if (!btmtk_data->isopkt_intf) 1043 return -ENODEV; 1044 1045 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1046 (intf->num_altsetting > 1) ? 1 : 0); 1047 if (err < 0) { 1048 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1049 return err; 1050 } 1051 1052 err = usb_find_common_endpoints(intf->cur_altsetting, NULL, NULL, 1053 &btmtk_data->isopkt_rx_ep, 1054 &btmtk_data->isopkt_tx_ep); 1055 if (err) { 1056 bt_dev_err(hdev, "invalid interrupt descriptors"); 1057 return -ENODEV; 1058 } 1059 1060 return 0; 1061 } 1062 1063 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb, 1064 usb_complete_t tx_complete) 1065 { 1066 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1067 struct urb *urb; 1068 unsigned int pipe; 1069 1070 if (!btmtk_data->isopkt_tx_ep) 1071 return ERR_PTR(-ENODEV); 1072 1073 urb = usb_alloc_urb(0, GFP_KERNEL); 1074 if (!urb) 1075 return ERR_PTR(-ENOMEM); 1076 1077 if (btmtk_isopkt_pad(hdev, skb)) { 1078 usb_free_urb(urb); 1079 return ERR_PTR(-EINVAL); 1080 } 1081 1082 pipe = usb_sndintpipe(btmtk_data->udev, 1083 btmtk_data->isopkt_tx_ep->bEndpointAddress); 1084 1085 usb_fill_int_urb(urb, btmtk_data->udev, pipe, 1086 skb->data, skb->len, tx_complete, 1087 skb, btmtk_data->isopkt_tx_ep->bInterval); 1088 1089 skb->dev = (void *)hdev; 1090 1091 return urb; 1092 } 1093 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb); 1094 1095 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count) 1096 { 1097 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1098 struct sk_buff *skb; 1099 unsigned long flags; 1100 int err = 0; 1101 1102 spin_lock_irqsave(&btmtk_data->isorxlock, flags); 1103 skb = btmtk_data->isopkt_skb; 1104 1105 while (count) { 1106 int len; 1107 1108 if (!skb) { 1109 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC); 1110 if (!skb) { 1111 err = -ENOMEM; 1112 break; 1113 } 1114 1115 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1116 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE; 1117 } 1118 1119 len = min_t(uint, hci_skb_expect(skb), count); 1120 skb_put_data(skb, buffer, len); 1121 1122 count -= len; 1123 buffer += len; 1124 hci_skb_expect(skb) -= len; 1125 1126 if (skb->len == HCI_ISO_HDR_SIZE) { 1127 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen; 1128 1129 /* Complete ISO header */ 1130 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1131 1132 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1133 kfree_skb(skb); 1134 skb = NULL; 1135 1136 err = -EILSEQ; 1137 break; 1138 } 1139 } 1140 1141 if (!hci_skb_expect(skb)) { 1142 /* Complete frame */ 1143 hci_recv_frame(hdev, skb); 1144 skb = NULL; 1145 } 1146 } 1147 1148 btmtk_data->isopkt_skb = skb; 1149 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags); 1150 1151 return err; 1152 } 1153 1154 static void btmtk_intr_complete(struct urb *urb) 1155 { 1156 struct hci_dev *hdev = urb->context; 1157 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1158 int err; 1159 1160 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1161 urb->actual_length); 1162 1163 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1164 return; 1165 1166 if (hdev->suspended) 1167 return; 1168 1169 if (urb->status == 0) { 1170 hdev->stat.byte_rx += urb->actual_length; 1171 1172 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer, 1173 urb->actual_length) < 0) { 1174 bt_dev_err(hdev, "corrupted iso packet"); 1175 hdev->stat.err_rx++; 1176 } 1177 } else if (urb->status == -ENOENT) { 1178 /* Avoid suspend failed when usb_kill_urb */ 1179 return; 1180 } 1181 1182 usb_mark_last_busy(btmtk_data->udev); 1183 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1184 1185 err = usb_submit_urb(urb, GFP_ATOMIC); 1186 if (err < 0) { 1187 /* -EPERM: urb is being killed; 1188 * -ENODEV: device got disconnected 1189 */ 1190 if (err != -EPERM && err != -ENODEV) 1191 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1192 urb, -err); 1193 if (err != -EPERM) 1194 hci_cmd_sync_cancel(hdev, -err); 1195 usb_unanchor_urb(urb); 1196 } 1197 } 1198 1199 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1200 { 1201 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1202 unsigned char *buf; 1203 unsigned int pipe; 1204 struct urb *urb; 1205 int err, size; 1206 1207 BT_DBG("%s", hdev->name); 1208 1209 if (!btmtk_data->isopkt_rx_ep) 1210 return -ENODEV; 1211 1212 urb = usb_alloc_urb(0, mem_flags); 1213 if (!urb) 1214 return -ENOMEM; 1215 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize); 1216 1217 buf = kmalloc(size, mem_flags); 1218 if (!buf) { 1219 usb_free_urb(urb); 1220 return -ENOMEM; 1221 } 1222 1223 pipe = usb_rcvintpipe(btmtk_data->udev, 1224 btmtk_data->isopkt_rx_ep->bEndpointAddress); 1225 1226 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size, 1227 btmtk_intr_complete, hdev, 1228 btmtk_data->isopkt_rx_ep->bInterval); 1229 1230 urb->transfer_flags |= URB_FREE_BUFFER; 1231 1232 usb_mark_last_busy(btmtk_data->udev); 1233 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1234 1235 err = usb_submit_urb(urb, mem_flags); 1236 if (err < 0) { 1237 if (err != -EPERM && err != -ENODEV) 1238 bt_dev_err(hdev, "urb %p submission failed (%d)", 1239 urb, -err); 1240 usb_unanchor_urb(urb); 1241 } 1242 1243 usb_free_urb(urb); 1244 1245 return err; 1246 } 1247 1248 static int btmtk_usb_isointf_init(struct hci_dev *hdev) 1249 { 1250 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1251 u8 iso_param[2] = { 0x08, 0x01 }; 1252 struct sk_buff *skb; 1253 int err; 1254 1255 spin_lock_init(&btmtk_data->isorxlock); 1256 1257 __set_mtk_intr_interface(hdev); 1258 1259 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL); 1260 if (err < 0) { 1261 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1262 bt_dev_err(hdev, "ISO intf not support (%d)", err); 1263 return err; 1264 } 1265 1266 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param, 1267 HCI_INIT_TIMEOUT); 1268 if (IS_ERR(skb)) { 1269 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb)); 1270 return PTR_ERR(skb); 1271 } 1272 kfree_skb(skb); 1273 1274 return 0; 1275 } 1276 1277 int btmtk_usb_resume(struct hci_dev *hdev) 1278 { 1279 /* This function describes the specific additional steps taken by MediaTek 1280 * when Bluetooth usb driver's resume function is called. 1281 */ 1282 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1283 1284 /* Resubmit urb for iso data transmission */ 1285 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) { 1286 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0) 1287 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1288 } 1289 1290 return 0; 1291 } 1292 EXPORT_SYMBOL_GPL(btmtk_usb_resume); 1293 1294 int btmtk_usb_suspend(struct hci_dev *hdev) 1295 { 1296 /* This function describes the specific additional steps taken by MediaTek 1297 * when Bluetooth usb driver's suspend function is called. 1298 */ 1299 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1300 1301 /* Stop urb anchor for iso data transmission */ 1302 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) 1303 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1304 1305 return 0; 1306 } 1307 EXPORT_SYMBOL_GPL(btmtk_usb_suspend); 1308 1309 int btmtk_usb_setup(struct hci_dev *hdev) 1310 { 1311 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1312 struct btmtk_hci_wmt_params wmt_params; 1313 ktime_t calltime, delta, rettime; 1314 struct btmtk_tci_sleep tci_sleep; 1315 unsigned long long duration; 1316 struct sk_buff *skb; 1317 const char *fwname; 1318 int err, status; 1319 u32 dev_id = 0; 1320 char fw_bin_name[64]; 1321 u32 fw_version = 0, fw_flavor = 0; 1322 u8 param; 1323 1324 calltime = ktime_get(); 1325 1326 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id); 1327 if (err < 0) { 1328 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1329 return err; 1330 } 1331 1332 if (!dev_id || dev_id != 0x7663) { 1333 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id); 1334 if (err < 0) { 1335 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1336 return err; 1337 } 1338 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version); 1339 if (err < 0) { 1340 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 1341 return err; 1342 } 1343 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor); 1344 if (err < 0) { 1345 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err); 1346 return err; 1347 } 1348 fw_flavor = (fw_flavor & 0x00000080) >> 7; 1349 } 1350 1351 if (!dev_id) { 1352 u16 vid = le16_to_cpu(btmtk_data->udev->descriptor.idVendor); 1353 u16 pid = le16_to_cpu(btmtk_data->udev->descriptor.idProduct); 1354 int i; 1355 1356 for (i = 0; i < ARRAY_SIZE(btmtk_mt6639_devs); i++) { 1357 if (vid == btmtk_mt6639_devs[i].vendor && 1358 pid == btmtk_mt6639_devs[i].product) { 1359 dev_id = 0x6639; 1360 break; 1361 } 1362 } 1363 1364 if (dev_id) 1365 bt_dev_info(hdev, "MT6639: CHIPID=0x0000 with VID=%04x PID=%04x, using 0x6639", 1366 vid, pid); 1367 } 1368 1369 btmtk_data->dev_id = dev_id; 1370 1371 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version); 1372 if (err < 0) 1373 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 1374 1375 switch (dev_id) { 1376 case 0x7663: 1377 fwname = FIRMWARE_MT7663; 1378 break; 1379 case 0x7668: 1380 fwname = FIRMWARE_MT7668; 1381 break; 1382 case 0x7922: 1383 case 0x7925: 1384 /* 1385 * A remote wakeup could cause the device completely unresponsive, and 1386 * recovering from such a state needs a power cycle. 1387 * 1388 * Since the remote wakeup capability is super broken, just disable it 1389 * to get rid of the troubles. The device can still be autosuspended 1390 * when the bluetooth interface is closed. 1391 */ 1392 device_set_wakeup_capable(&btmtk_data->udev->dev, false); 1393 fallthrough; 1394 case 0x7961: 1395 case 0x7902: 1396 case 0x6639: 1397 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, 1398 fw_version, fw_flavor); 1399 1400 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 1401 btmtk_usb_hci_wmt_sync, 1402 dev_id); 1403 if (err < 0) { 1404 /* retry once if setup firmware error */ 1405 if (!test_and_set_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags)) 1406 btmtk_reset_sync(hdev); 1407 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 1408 return err; 1409 } 1410 1411 /* It's Device EndPoint Reset Option Register */ 1412 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 1413 MTK_EP_RST_IN_OUT_OPT); 1414 if (err < 0) 1415 return err; 1416 1417 /* Enable Bluetooth protocol */ 1418 param = 1; 1419 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1420 wmt_params.flag = 0; 1421 wmt_params.dlen = sizeof(param); 1422 wmt_params.data = ¶m; 1423 wmt_params.status = NULL; 1424 1425 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1426 if (err < 0) { 1427 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1428 return err; 1429 } 1430 1431 hci_set_msft_opcode(hdev, 0xFD30); 1432 hci_set_aosp_capable(hdev); 1433 1434 /* Clear BTMTK_FIRMWARE_DL_RETRY if setup successfully */ 1435 test_and_clear_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags); 1436 1437 /* Set up ISO interface after protocol enabled */ 1438 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 1439 if (!btmtk_usb_isointf_init(hdev)) 1440 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1441 } 1442 1443 goto done; 1444 default: 1445 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 1446 dev_id); 1447 return -ENODEV; 1448 } 1449 1450 /* Query whether the firmware is already download */ 1451 wmt_params.op = BTMTK_WMT_SEMAPHORE; 1452 wmt_params.flag = 1; 1453 wmt_params.dlen = 0; 1454 wmt_params.data = NULL; 1455 wmt_params.status = &status; 1456 1457 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1458 if (err < 0) { 1459 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 1460 return err; 1461 } 1462 1463 if (status == BTMTK_WMT_PATCH_DONE) { 1464 bt_dev_info(hdev, "firmware already downloaded"); 1465 goto ignore_setup_fw; 1466 } 1467 1468 /* Setup a firmware which the device definitely requires */ 1469 err = btmtk_setup_firmware(hdev, fwname, 1470 btmtk_usb_hci_wmt_sync); 1471 if (err < 0) 1472 return err; 1473 1474 ignore_setup_fw: 1475 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status, 1476 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 1477 2000, 5000000); 1478 /* -ETIMEDOUT happens */ 1479 if (err < 0) 1480 return err; 1481 1482 /* The other errors happen in btmtk_usb_func_query */ 1483 if (status < 0) 1484 return status; 1485 1486 if (status == BTMTK_WMT_ON_DONE) { 1487 bt_dev_info(hdev, "function already on"); 1488 goto ignore_func_on; 1489 } 1490 1491 /* Enable Bluetooth protocol */ 1492 param = 1; 1493 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1494 wmt_params.flag = 0; 1495 wmt_params.dlen = sizeof(param); 1496 wmt_params.data = ¶m; 1497 wmt_params.status = NULL; 1498 1499 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1500 if (err < 0) { 1501 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1502 return err; 1503 } 1504 1505 ignore_func_on: 1506 /* Apply the low power environment setup */ 1507 tci_sleep.mode = 0x5; 1508 tci_sleep.duration = cpu_to_le16(0x640); 1509 tci_sleep.host_duration = cpu_to_le16(0x640); 1510 tci_sleep.host_wakeup_pin = 0; 1511 tci_sleep.time_compensation = 0; 1512 1513 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 1514 HCI_INIT_TIMEOUT); 1515 if (IS_ERR(skb)) { 1516 err = PTR_ERR(skb); 1517 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 1518 return err; 1519 } 1520 kfree_skb(skb); 1521 1522 done: 1523 rettime = ktime_get(); 1524 delta = ktime_sub(rettime, calltime); 1525 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1526 1527 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1528 1529 return 0; 1530 } 1531 EXPORT_SYMBOL_GPL(btmtk_usb_setup); 1532 1533 int btmtk_usb_shutdown(struct hci_dev *hdev) 1534 { 1535 struct btmtk_data *data = hci_get_priv(hdev); 1536 struct btmtk_hci_wmt_params wmt_params; 1537 u8 param = 0; 1538 int err; 1539 1540 err = usb_autopm_get_interface(data->intf); 1541 if (err < 0) 1542 return err; 1543 1544 /* Disable the device */ 1545 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1546 wmt_params.flag = 0; 1547 wmt_params.dlen = sizeof(param); 1548 wmt_params.data = ¶m; 1549 wmt_params.status = NULL; 1550 1551 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1552 if (err < 0) { 1553 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1554 usb_autopm_put_interface(data->intf); 1555 return err; 1556 } 1557 1558 usb_autopm_put_interface(data->intf); 1559 return 0; 1560 } 1561 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); 1562 1563 int btmtk_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 1564 { 1565 struct hci_event_hdr *hdr = (void *)skb->data; 1566 struct hci_ev_cmd_complete *ec; 1567 1568 if (hdr->evt == HCI_EV_CMD_COMPLETE && 1569 skb->len >= HCI_EVENT_HDR_SIZE + sizeof(*ec)) { 1570 u16 opcode; 1571 1572 ec = (void *)(skb->data + HCI_EVENT_HDR_SIZE); 1573 opcode = __le16_to_cpu(ec->opcode); 1574 1575 /* Filter vendor opcode */ 1576 if (opcode == 0xfc5d) { 1577 kfree_skb(skb); 1578 return 0; 1579 } 1580 } 1581 1582 return hci_recv_frame(hdev, skb); 1583 } 1584 EXPORT_SYMBOL_GPL(btmtk_recv_event); 1585 #endif 1586 1587 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1588 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>"); 1589 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION); 1590 MODULE_VERSION(VERSION); 1591 MODULE_LICENSE("GPL"); 1592 MODULE_FIRMWARE(FIRMWARE_MT7622); 1593 MODULE_FIRMWARE(FIRMWARE_MT7663); 1594 MODULE_FIRMWARE(FIRMWARE_MT7668); 1595 MODULE_FIRMWARE(FIRMWARE_MT7922); 1596 MODULE_FIRMWARE(FIRMWARE_MT7961); 1597 MODULE_FIRMWARE(FIRMWARE_MT7925); 1598 MODULE_FIRMWARE(FIRMWARE_MT7927); 1599