1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2021 MediaTek Inc.
3 *
4 */
5 #include <linux/module.h>
6 #include <linux/firmware.h>
7 #include <linux/usb.h>
8 #include <linux/iopoll.h>
9 #include <linux/unaligned.h>
10
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13
14 #include "btmtk.h"
15
16 #define VERSION "0.1"
17
18 /* It is for mt79xx download rom patch*/
19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32
20 #define MTK_FW_ROM_PATCH_GD_SIZE 64
21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64
22 #define MTK_SEC_MAP_COMMON_SIZE 12
23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52
24
25 /* It is for mt79xx iso data transmission setting */
26 #define MTK_ISO_THRESHOLD 264
27
28 struct btmtk_patch_header {
29 u8 datetime[16];
30 u8 platform[4];
31 __le16 hwver;
32 __le16 swver;
33 __le32 magicnum;
34 } __packed;
35
36 struct btmtk_global_desc {
37 __le32 patch_ver;
38 __le32 sub_sys;
39 __le32 feature_opt;
40 __le32 section_num;
41 } __packed;
42
43 struct btmtk_section_map {
44 __le32 sectype;
45 __le32 secoffset;
46 __le32 secsize;
47 union {
48 __le32 u4SecSpec[13];
49 struct {
50 __le32 dlAddr;
51 __le32 dlsize;
52 __le32 seckeyidx;
53 __le32 alignlen;
54 __le32 sectype;
55 __le32 dlmodecrctype;
56 __le32 crc;
57 __le32 reserved[6];
58 } bin_info_spec;
59 };
60 } __packed;
61
btmtk_coredump(struct hci_dev * hdev)62 static void btmtk_coredump(struct hci_dev *hdev)
63 {
64 int err;
65
66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
67 if (err < 0)
68 bt_dev_err(hdev, "Coredump failed (%d)", err);
69 }
70
btmtk_coredump_hdr(struct hci_dev * hdev,struct sk_buff * skb)71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73 struct btmtk_data *data = hci_get_priv(hdev);
74 char buf[80];
75
76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
77 data->dev_id);
78 skb_put_data(skb, buf, strlen(buf));
79
80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
81 data->cd_info.fw_version);
82 skb_put_data(skb, buf, strlen(buf));
83
84 snprintf(buf, sizeof(buf), "Driver: %s\n",
85 data->cd_info.driver_name);
86 skb_put_data(skb, buf, strlen(buf));
87
88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
89 skb_put_data(skb, buf, strlen(buf));
90 }
91
btmtk_coredump_notify(struct hci_dev * hdev,int state)92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
93 {
94 struct btmtk_data *data = hci_get_priv(hdev);
95
96 switch (state) {
97 case HCI_DEVCOREDUMP_IDLE:
98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
99 break;
100 case HCI_DEVCOREDUMP_ACTIVE:
101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
102 break;
103 case HCI_DEVCOREDUMP_TIMEOUT:
104 case HCI_DEVCOREDUMP_ABORT:
105 case HCI_DEVCOREDUMP_DONE:
106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
107 btmtk_reset_sync(hdev);
108 break;
109 }
110 }
111
btmtk_fw_get_filename(char * buf,size_t size,u32 dev_id,u32 fw_ver,u32 fw_flavor)112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver,
113 u32 fw_flavor)
114 {
115 if (dev_id == 0x6639)
116 snprintf(buf, size,
117 "mediatek/mt7927/BT_RAM_CODE_MT%04x_2_%x_hdr.bin",
118 dev_id & 0xffff, (fw_ver & 0xff) + 1);
119 else if (dev_id == 0x7925)
120 snprintf(buf, size,
121 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
122 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1);
123 else if (dev_id == 0x7961 && fw_flavor)
124 snprintf(buf, size,
125 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
126 dev_id & 0xffff, (fw_ver & 0xff) + 1);
127 else
128 snprintf(buf, size,
129 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
130 dev_id & 0xffff, (fw_ver & 0xff) + 1);
131 }
132 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename);
133
btmtk_setup_firmware_79xx(struct hci_dev * hdev,const char * fwname,wmt_cmd_sync_func_t wmt_cmd_sync,u32 dev_id)134 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
135 wmt_cmd_sync_func_t wmt_cmd_sync,
136 u32 dev_id)
137 {
138 struct btmtk_hci_wmt_params wmt_params;
139 struct btmtk_patch_header *hdr;
140 struct btmtk_global_desc *globaldesc = NULL;
141 struct btmtk_section_map *sectionmap;
142 const struct firmware *fw;
143 const u8 *fw_ptr;
144 const u8 *fw_bin_ptr;
145 int err, dlen, i, status;
146 u8 flag, first_block, retry;
147 u32 section_num, dl_size, section_offset;
148 u8 cmd[64];
149
150 err = request_firmware(&fw, fwname, &hdev->dev);
151 if (err < 0) {
152 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
153 return err;
154 }
155
156 fw_ptr = fw->data;
157 fw_bin_ptr = fw_ptr;
158 hdr = (struct btmtk_patch_header *)fw_ptr;
159 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
160 section_num = le32_to_cpu(globaldesc->section_num);
161
162 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
163 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
164
165 for (i = 0; i < section_num; i++) {
166 first_block = 1;
167 fw_ptr = fw_bin_ptr;
168 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
169 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
170
171 section_offset = le32_to_cpu(sectionmap->secoffset);
172 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
173
174 /* MT6639: only download sections where dlmode byte0 == 0x01,
175 * matching the Windows driver behavior which skips WiFi/other
176 * sections that would cause the chip to hang.
177 */
178 if (dev_id == 0x6639 && dl_size > 0 &&
179 (le32_to_cpu(sectionmap->bin_info_spec.dlmodecrctype) & 0xff) != 0x01)
180 continue;
181
182 if (dl_size > 0) {
183 retry = 20;
184 while (retry > 0) {
185 cmd[0] = 0; /* 0 means legacy dl mode. */
186 memcpy(cmd + 1,
187 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
188 MTK_FW_ROM_PATCH_GD_SIZE +
189 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
190 MTK_SEC_MAP_COMMON_SIZE,
191 MTK_SEC_MAP_NEED_SEND_SIZE + 1);
192
193 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
194 wmt_params.status = &status;
195 wmt_params.flag = 0;
196 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
197 wmt_params.data = &cmd;
198
199 err = wmt_cmd_sync(hdev, &wmt_params);
200 if (err < 0) {
201 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
202 err);
203 goto err_release_fw;
204 }
205
206 if (status == BTMTK_WMT_PATCH_UNDONE) {
207 break;
208 } else if (status == BTMTK_WMT_PATCH_PROGRESS) {
209 msleep(100);
210 retry--;
211 } else if (status == BTMTK_WMT_PATCH_DONE) {
212 goto next_section;
213 } else {
214 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
215 status);
216 err = -EIO;
217 goto err_release_fw;
218 }
219 }
220
221 /* If retry exhausted goto err_release_fw */
222 if (retry == 0) {
223 err = -EIO;
224 goto err_release_fw;
225 }
226
227 fw_ptr += section_offset;
228 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
229
230 while (dl_size > 0) {
231 dlen = min_t(int, 250, dl_size);
232 if (first_block == 1) {
233 flag = 1;
234 first_block = 0;
235 } else if (dl_size - dlen <= 0) {
236 flag = 3;
237 } else {
238 flag = 2;
239 }
240
241 wmt_params.flag = flag;
242 wmt_params.dlen = dlen;
243 wmt_params.data = fw_ptr;
244
245 err = wmt_cmd_sync(hdev, &wmt_params);
246 /* Status BTMTK_WMT_PATCH_PROGRESS indicates firmware is
247 * in process of being downloaded, which is not expected to
248 * occur here.
249 */
250 if (status == BTMTK_WMT_PATCH_PROGRESS) {
251 err = -EIO;
252 goto err_release_fw;
253 } else if (err < 0) {
254 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
255 err);
256 goto err_release_fw;
257 }
258
259 dl_size -= dlen;
260 fw_ptr += dlen;
261 }
262 }
263 next_section:
264 continue;
265 }
266 /* Wait a few moments for firmware activation done */
267 usleep_range(100000, 120000);
268
269 err_release_fw:
270 release_firmware(fw);
271
272 return err;
273 }
274 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx);
275
btmtk_setup_firmware(struct hci_dev * hdev,const char * fwname,wmt_cmd_sync_func_t wmt_cmd_sync)276 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
277 wmt_cmd_sync_func_t wmt_cmd_sync)
278 {
279 struct btmtk_hci_wmt_params wmt_params;
280 const struct firmware *fw;
281 const u8 *fw_ptr;
282 size_t fw_size;
283 int err, dlen;
284 u8 flag, param;
285
286 err = request_firmware(&fw, fwname, &hdev->dev);
287 if (err < 0) {
288 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
289 return err;
290 }
291
292 /* Power on data RAM the firmware relies on. */
293 param = 1;
294 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
295 wmt_params.flag = 3;
296 wmt_params.dlen = sizeof(param);
297 wmt_params.data = ¶m;
298 wmt_params.status = NULL;
299
300 err = wmt_cmd_sync(hdev, &wmt_params);
301 if (err < 0) {
302 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
303 goto err_release_fw;
304 }
305
306 fw_ptr = fw->data;
307 fw_size = fw->size;
308
309 /* The size of patch header is 30 bytes, should be skip */
310 if (fw_size < 30) {
311 err = -EINVAL;
312 goto err_release_fw;
313 }
314
315 fw_size -= 30;
316 fw_ptr += 30;
317 flag = 1;
318
319 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
320 wmt_params.status = NULL;
321
322 while (fw_size > 0) {
323 dlen = min_t(int, 250, fw_size);
324
325 /* Tell device the position in sequence */
326 if (fw_size - dlen <= 0)
327 flag = 3;
328 else if (fw_size < fw->size - 30)
329 flag = 2;
330
331 wmt_params.flag = flag;
332 wmt_params.dlen = dlen;
333 wmt_params.data = fw_ptr;
334
335 err = wmt_cmd_sync(hdev, &wmt_params);
336 if (err < 0) {
337 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
338 err);
339 goto err_release_fw;
340 }
341
342 fw_size -= dlen;
343 fw_ptr += dlen;
344 }
345
346 wmt_params.op = BTMTK_WMT_RST;
347 wmt_params.flag = 4;
348 wmt_params.dlen = 0;
349 wmt_params.data = NULL;
350 wmt_params.status = NULL;
351
352 /* Activate function the firmware providing to */
353 err = wmt_cmd_sync(hdev, &wmt_params);
354 if (err < 0) {
355 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
356 goto err_release_fw;
357 }
358
359 /* Wait a few moments for firmware activation done */
360 usleep_range(10000, 12000);
361
362 err_release_fw:
363 release_firmware(fw);
364
365 return err;
366 }
367 EXPORT_SYMBOL_GPL(btmtk_setup_firmware);
368
btmtk_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)369 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
370 {
371 struct sk_buff *skb;
372 long ret;
373
374 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT);
375 if (IS_ERR(skb)) {
376 ret = PTR_ERR(skb);
377 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)",
378 ret);
379 return ret;
380 }
381 kfree_skb(skb);
382
383 return 0;
384 }
385 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
386
btmtk_reset_sync(struct hci_dev * hdev)387 void btmtk_reset_sync(struct hci_dev *hdev)
388 {
389 struct btmtk_data *reset_work = hci_get_priv(hdev);
390 int err;
391
392 hci_dev_lock(hdev);
393
394 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
395 if (err)
396 bt_dev_err(hdev, "failed to reset (%d)", err);
397
398 hci_dev_unlock(hdev);
399 }
400 EXPORT_SYMBOL_GPL(btmtk_reset_sync);
401
btmtk_register_coredump(struct hci_dev * hdev,const char * name,u32 fw_version)402 int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
403 u32 fw_version)
404 {
405 struct btmtk_data *data = hci_get_priv(hdev);
406
407 if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
408 return -EOPNOTSUPP;
409
410 data->cd_info.fw_version = fw_version;
411 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
412 data->cd_info.driver_name = name;
413
414 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
415 btmtk_coredump_notify);
416 }
417 EXPORT_SYMBOL_GPL(btmtk_register_coredump);
418
btmtk_process_coredump(struct hci_dev * hdev,struct sk_buff * skb)419 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
420 {
421 struct btmtk_data *data = hci_get_priv(hdev);
422 int err;
423 bool complete = false;
424
425 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
426 kfree_skb(skb);
427 return 0;
428 }
429
430 switch (data->cd_info.state) {
431 case HCI_DEVCOREDUMP_IDLE:
432 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
433 if (err < 0) {
434 kfree_skb(skb);
435 break;
436 }
437 data->cd_info.cnt = 0;
438
439 /* It is supposed coredump can be done within 5 seconds */
440 schedule_delayed_work(&hdev->dump.dump_timeout,
441 msecs_to_jiffies(5000));
442 fallthrough;
443 case HCI_DEVCOREDUMP_ACTIVE:
444 default:
445 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
446 if (data->cd_info.cnt >= MTK_COREDUMP_NUM &&
447 skb->len > MTK_COREDUMP_END_LEN)
448 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
449 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1))
450 complete = true;
451
452 err = hci_devcd_append(hdev, skb);
453 if (err < 0)
454 break;
455 data->cd_info.cnt++;
456
457 if (complete) {
458 bt_dev_info(hdev, "Mediatek coredump end");
459 hci_devcd_complete(hdev);
460 }
461
462 break;
463 }
464
465 return err;
466 }
467 EXPORT_SYMBOL_GPL(btmtk_process_coredump);
468
469 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK)
470 /* Known MT6639 (MT7927) Bluetooth USB devices.
471 * Used to scope the zero-CHIPID workaround to real MT6639 hardware,
472 * since some boards return 0x0000 from the MMIO chip ID register.
473 */
474 static const struct {
475 u16 vendor;
476 u16 product;
477 } btmtk_mt6639_devs[] = {
478 { 0x0489, 0xe13a }, /* ASUS ROG Crosshair X870E Hero */
479 { 0x0489, 0xe0fa }, /* Lenovo Legion Pro 7 16ARX9 */
480 { 0x0489, 0xe10f }, /* Gigabyte Z790 AORUS MASTER X */
481 { 0x0489, 0xe110 }, /* MSI X870E Ace Max */
482 { 0x0489, 0xe116 }, /* TP-Link Archer TBE550E */
483 { 0x13d3, 0x3588 }, /* ASUS ROG STRIX X870E-E */
484 };
485
btmtk_usb_wmt_recv(struct urb * urb)486 static void btmtk_usb_wmt_recv(struct urb *urb)
487 {
488 struct hci_dev *hdev = urb->context;
489 struct btmtk_data *data = hci_get_priv(hdev);
490 struct sk_buff *skb;
491 int err;
492
493 if (urb->status == 0 && urb->actual_length > 0) {
494 hdev->stat.byte_rx += urb->actual_length;
495
496 /* WMT event shouldn't be fragmented and the size should be
497 * less than HCI_WMT_MAX_EVENT_SIZE.
498 */
499 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
500 if (!skb) {
501 hdev->stat.err_rx++;
502 kfree(urb->setup_packet);
503 return;
504 }
505
506 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
507 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
508
509 /* When someone waits for the WMT event, the skb is being cloned
510 * and being processed the events from there then.
511 */
512 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) {
513 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
514 if (!data->evt_skb) {
515 kfree_skb(skb);
516 kfree(urb->setup_packet);
517 return;
518 }
519 }
520
521 err = hci_recv_frame(hdev, skb);
522 if (err < 0) {
523 kfree_skb(data->evt_skb);
524 data->evt_skb = NULL;
525 kfree(urb->setup_packet);
526 return;
527 }
528
529 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT,
530 &data->flags)) {
531 /* Barrier to sync with other CPUs */
532 smp_mb__after_atomic();
533 wake_up_bit(&data->flags,
534 BTMTK_TX_WAIT_VND_EVT);
535 }
536 kfree(urb->setup_packet);
537 return;
538 } else if (urb->status == -ENOENT) {
539 /* Avoid suspend failed when usb_kill_urb */
540 kfree(urb->setup_packet);
541 return;
542 }
543
544 usb_mark_last_busy(data->udev);
545
546 /* The URB complete handler is still called with urb->actual_length = 0
547 * when the event is not available, so we should keep re-submitting
548 * URB until WMT event returns, Also, It's necessary to wait some time
549 * between the two consecutive control URBs to relax the target device
550 * to generate the event. Otherwise, the WMT event cannot return from
551 * the device successfully.
552 */
553 udelay(500);
554
555 usb_anchor_urb(urb, data->ctrl_anchor);
556 err = usb_submit_urb(urb, GFP_ATOMIC);
557 if (err < 0) {
558 kfree(urb->setup_packet);
559 /* -EPERM: urb is being killed;
560 * -ENODEV: device got disconnected
561 */
562 if (err != -EPERM && err != -ENODEV)
563 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
564 urb, -err);
565 usb_unanchor_urb(urb);
566 }
567 }
568
btmtk_usb_submit_wmt_recv_urb(struct hci_dev * hdev)569 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev)
570 {
571 struct btmtk_data *data = hci_get_priv(hdev);
572 struct usb_ctrlrequest *dr;
573 unsigned char *buf;
574 int err, size = 64;
575 unsigned int pipe;
576 struct urb *urb;
577
578 urb = usb_alloc_urb(0, GFP_KERNEL);
579 if (!urb)
580 return -ENOMEM;
581
582 dr = kmalloc_obj(*dr);
583 if (!dr) {
584 usb_free_urb(urb);
585 return -ENOMEM;
586 }
587
588 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
589 dr->bRequest = 1;
590 dr->wIndex = cpu_to_le16(0);
591 dr->wValue = cpu_to_le16(48);
592 dr->wLength = cpu_to_le16(size);
593
594 buf = kmalloc(size, GFP_KERNEL);
595 if (!buf) {
596 kfree(dr);
597 usb_free_urb(urb);
598 return -ENOMEM;
599 }
600
601 pipe = usb_rcvctrlpipe(data->udev, 0);
602
603 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
604 buf, size, btmtk_usb_wmt_recv, hdev);
605
606 urb->transfer_flags |= URB_FREE_BUFFER;
607
608 usb_anchor_urb(urb, data->ctrl_anchor);
609 err = usb_submit_urb(urb, GFP_KERNEL);
610 if (err < 0) {
611 if (err != -EPERM && err != -ENODEV)
612 bt_dev_err(hdev, "urb %p submission failed (%d)",
613 urb, -err);
614 kfree(dr);
615 usb_unanchor_urb(urb);
616 }
617
618 usb_free_urb(urb);
619
620 return err;
621 }
622
btmtk_usb_hci_wmt_sync(struct hci_dev * hdev,struct btmtk_hci_wmt_params * wmt_params)623 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev,
624 struct btmtk_hci_wmt_params *wmt_params)
625 {
626 struct btmtk_data *data = hci_get_priv(hdev);
627 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
628 u32 hlen, status = BTMTK_WMT_INVALID;
629 struct btmtk_hci_wmt_evt *wmt_evt;
630 struct btmtk_hci_wmt_cmd *wc;
631 struct btmtk_wmt_hdr *hdr;
632 int err;
633
634 /* Send the WMT command and wait until the WMT event returns */
635 hlen = sizeof(*hdr) + wmt_params->dlen;
636 if (hlen > 255)
637 return -EINVAL;
638
639 wc = kzalloc(hlen, GFP_KERNEL);
640 if (!wc)
641 return -ENOMEM;
642
643 hdr = &wc->hdr;
644 hdr->dir = 1;
645 hdr->op = wmt_params->op;
646 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
647 hdr->flag = wmt_params->flag;
648 memcpy(wc->data, wmt_params->data, wmt_params->dlen);
649
650 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
651
652 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
653 * it needs constantly polling control pipe until the host received the
654 * WMT event, thus, we should require to specifically acquire PM counter
655 * on the USB to prevent the interface from entering auto suspended
656 * while WMT cmd/event in progress.
657 */
658 err = usb_autopm_get_interface(data->intf);
659 if (err < 0)
660 goto err_free_wc;
661
662 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
663
664 if (err < 0) {
665 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
666 usb_autopm_put_interface(data->intf);
667 goto err_free_wc;
668 }
669
670 /* Submit control IN URB on demand to process the WMT event */
671 err = btmtk_usb_submit_wmt_recv_urb(hdev);
672
673 usb_autopm_put_interface(data->intf);
674
675 if (err < 0)
676 goto err_free_wc;
677
678 /* The vendor specific WMT commands are all answered by a vendor
679 * specific event and will have the Command Status or Command
680 * Complete as with usual HCI command flow control.
681 *
682 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
683 * state to be cleared. The driver specific event receive routine
684 * will clear that state and with that indicate completion of the
685 * WMT command.
686 */
687 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT,
688 TASK_UNINTERRUPTIBLE, HCI_INIT_TIMEOUT);
689
690 if (err) {
691 bt_dev_err(hdev, "Execution of wmt command timed out");
692 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
693 err = -ETIMEDOUT;
694 goto err_free_wc;
695 }
696
697 if (data->evt_skb == NULL)
698 goto err_free_wc;
699
700 wmt_evt = skb_pull_data(data->evt_skb, sizeof(*wmt_evt));
701 if (!wmt_evt) {
702 bt_dev_err(hdev, "WMT event too short (%u bytes)",
703 data->evt_skb->len);
704 err = -EINVAL;
705 goto err_free_skb;
706 }
707 if (wmt_evt->whdr.op != hdr->op) {
708 bt_dev_err(hdev, "Wrong op received %d expected %d",
709 wmt_evt->whdr.op, hdr->op);
710 err = -EIO;
711 goto err_free_skb;
712 }
713
714 switch (wmt_evt->whdr.op) {
715 case BTMTK_WMT_SEMAPHORE:
716 if (wmt_evt->whdr.flag == 2)
717 status = BTMTK_WMT_PATCH_UNDONE;
718 else
719 status = BTMTK_WMT_PATCH_DONE;
720 break;
721 case BTMTK_WMT_FUNC_CTRL:
722 if (!skb_pull_data(data->evt_skb,
723 sizeof(wmt_evt_funcc->status))) {
724 status = BTMTK_WMT_ON_UNDONE;
725 break;
726 }
727
728 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
729 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
730 status = BTMTK_WMT_ON_DONE;
731 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
732 status = BTMTK_WMT_ON_PROGRESS;
733 else
734 status = BTMTK_WMT_ON_UNDONE;
735 break;
736 case BTMTK_WMT_PATCH_DWNLD:
737 if (wmt_evt->whdr.flag == 2)
738 status = BTMTK_WMT_PATCH_DONE;
739 else if (wmt_evt->whdr.flag == 1)
740 status = BTMTK_WMT_PATCH_PROGRESS;
741 else
742 status = BTMTK_WMT_PATCH_UNDONE;
743 break;
744 }
745
746 if (wmt_params->status)
747 *wmt_params->status = status;
748
749 err_free_skb:
750 kfree_skb(data->evt_skb);
751 data->evt_skb = NULL;
752 err_free_wc:
753 kfree(wc);
754 return err;
755 }
756
btmtk_usb_func_query(struct hci_dev * hdev)757 static int btmtk_usb_func_query(struct hci_dev *hdev)
758 {
759 struct btmtk_hci_wmt_params wmt_params;
760 int status, err;
761 u8 param = 0;
762
763 /* Query whether the function is enabled */
764 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
765 wmt_params.flag = 4;
766 wmt_params.dlen = sizeof(param);
767 wmt_params.data = ¶m;
768 wmt_params.status = &status;
769
770 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
771 if (err < 0) {
772 bt_dev_err(hdev, "Failed to query function status (%d)", err);
773 return err;
774 }
775
776 return status;
777 }
778
btmtk_usb_uhw_reg_write(struct hci_dev * hdev,u32 reg,u32 val)779 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val)
780 {
781 struct btmtk_data *data = hci_get_priv(hdev);
782 int pipe, err;
783 void *buf;
784
785 buf = kzalloc(4, GFP_KERNEL);
786 if (!buf)
787 return -ENOMEM;
788
789 put_unaligned_le32(val, buf);
790
791 pipe = usb_sndctrlpipe(data->udev, 0);
792 err = usb_control_msg(data->udev, pipe, 0x02,
793 0x5E,
794 reg >> 16, reg & 0xffff,
795 buf, 4, USB_CTRL_SET_TIMEOUT);
796 if (err < 0)
797 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
798
799 kfree(buf);
800
801 return err;
802 }
803
btmtk_usb_uhw_reg_read(struct hci_dev * hdev,u32 reg,u32 * val)804 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
805 {
806 struct btmtk_data *data = hci_get_priv(hdev);
807 int pipe, err;
808 void *buf;
809
810 buf = kzalloc(4, GFP_KERNEL);
811 if (!buf)
812 return -ENOMEM;
813
814 pipe = usb_rcvctrlpipe(data->udev, 0);
815 err = usb_control_msg(data->udev, pipe, 0x01,
816 0xDE,
817 reg >> 16, reg & 0xffff,
818 buf, 4, USB_CTRL_GET_TIMEOUT);
819 if (err < 0) {
820 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
821 goto err_free_buf;
822 }
823
824 *val = get_unaligned_le32(buf);
825 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
826
827 err_free_buf:
828 kfree(buf);
829
830 return err;
831 }
832
btmtk_usb_reg_read(struct hci_dev * hdev,u32 reg,u32 * val)833 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
834 {
835 struct btmtk_data *data = hci_get_priv(hdev);
836 int pipe, err, size = sizeof(u32);
837 void *buf;
838
839 buf = kzalloc(size, GFP_KERNEL);
840 if (!buf)
841 return -ENOMEM;
842
843 pipe = usb_rcvctrlpipe(data->udev, 0);
844 err = usb_control_msg(data->udev, pipe, 0x63,
845 USB_TYPE_VENDOR | USB_DIR_IN,
846 reg >> 16, reg & 0xffff,
847 buf, size, USB_CTRL_GET_TIMEOUT);
848 if (err < 0)
849 goto err_free_buf;
850
851 *val = get_unaligned_le32(buf);
852
853 err_free_buf:
854 kfree(buf);
855
856 return err;
857 }
858
btmtk_usb_id_get(struct hci_dev * hdev,u32 reg,u32 * id)859 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id)
860 {
861 return btmtk_usb_reg_read(hdev, reg, id);
862 }
863
btmtk_usb_reset_done(struct hci_dev * hdev)864 static u32 btmtk_usb_reset_done(struct hci_dev *hdev)
865 {
866 u32 val = 0;
867
868 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val);
869
870 return val & MTK_BT_RST_DONE;
871 }
872
btmtk_usb_subsys_reset(struct hci_dev * hdev,u32 dev_id)873 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id)
874 {
875 u32 val;
876 int err;
877
878 if (dev_id == 0x7922) {
879 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
880 if (err < 0)
881 return err;
882 val |= 0x00002020;
883 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
884 if (err < 0)
885 return err;
886 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
887 if (err < 0)
888 return err;
889 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
890 if (err < 0)
891 return err;
892 val |= BIT(0);
893 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
894 if (err < 0)
895 return err;
896 msleep(100);
897 } else if (dev_id == 0x7925 || dev_id == 0x6639) {
898 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
899 if (err < 0)
900 return err;
901 val |= (1 << 5);
902 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
903 if (err < 0)
904 return err;
905 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
906 if (err < 0)
907 return err;
908 val &= 0xFFFF00FF;
909 val |= (1 << 13);
910 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
911 if (err < 0)
912 return err;
913 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
914 if (err < 0)
915 return err;
916 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
917 if (err < 0)
918 return err;
919 val |= (1 << 0);
920 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
921 if (err < 0)
922 return err;
923 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
924 if (err < 0)
925 return err;
926 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
927 if (err < 0)
928 return err;
929 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
930 if (err < 0)
931 return err;
932 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
933 if (err < 0)
934 return err;
935 msleep(100);
936 } else {
937 /* It's Device EndPoint Reset Option Register */
938 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
939 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
940 if (err < 0)
941 return err;
942 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val);
943 if (err < 0)
944 return err;
945 /* Reset the bluetooth chip via USB interface. */
946 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1);
947 if (err < 0)
948 return err;
949 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
950 if (err < 0)
951 return err;
952 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
953 if (err < 0)
954 return err;
955 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
956 if (err < 0)
957 return err;
958 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
959 if (err < 0)
960 return err;
961 /* MT7921 need to delay 20ms between toggle reset bit */
962 msleep(20);
963 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0);
964 if (err < 0)
965 return err;
966 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
967 if (err < 0)
968 return err;
969 }
970
971 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val,
972 val & MTK_BT_RST_DONE, 20000, 1000000);
973 if (err < 0)
974 bt_dev_err(hdev, "Reset timeout");
975
976 if (dev_id == 0x7922) {
977 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
978 if (err < 0)
979 return err;
980 }
981
982 err = btmtk_usb_id_get(hdev, 0x70010200, &val);
983 if (err < 0 || (!val && dev_id != 0x6639))
984 bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
985
986 return err;
987 }
988 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset);
989
btmtk_usb_recv_acl(struct hci_dev * hdev,struct sk_buff * skb)990 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb)
991 {
992 struct btmtk_data *data = hci_get_priv(hdev);
993 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
994
995 switch (handle) {
996 case 0xfc6f: /* Firmware dump from device */
997 /* When the firmware hangs, the device can no longer
998 * suspend and thus disable auto-suspend.
999 */
1000 usb_disable_autosuspend(data->udev);
1001
1002 /* We need to forward the diagnostic packet to userspace daemon
1003 * for backward compatibility, so we have to clone the packet
1004 * extraly for the in-kernel coredump support.
1005 */
1006 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
1007 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
1008
1009 if (skb_cd)
1010 btmtk_process_coredump(hdev, skb_cd);
1011 }
1012
1013 fallthrough;
1014 case 0x05ff: /* Firmware debug logging 1 */
1015 case 0x05fe: /* Firmware debug logging 2 */
1016 return hci_recv_diag(hdev, skb);
1017 }
1018
1019 return hci_recv_frame(hdev, skb);
1020 }
1021 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl);
1022
btmtk_isopkt_pad(struct hci_dev * hdev,struct sk_buff * skb)1023 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb)
1024 {
1025 if (skb->len > MTK_ISO_THRESHOLD)
1026 return -EINVAL;
1027
1028 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len))
1029 return -ENOMEM;
1030
1031 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len);
1032
1033 return 0;
1034 }
1035
__set_mtk_intr_interface(struct hci_dev * hdev)1036 static int __set_mtk_intr_interface(struct hci_dev *hdev)
1037 {
1038 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1039 struct usb_interface *intf = btmtk_data->isopkt_intf;
1040 int err;
1041
1042 if (!btmtk_data->isopkt_intf)
1043 return -ENODEV;
1044
1045 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM,
1046 (intf->num_altsetting > 1) ? 1 : 0);
1047 if (err < 0) {
1048 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1049 return err;
1050 }
1051
1052 err = usb_find_common_endpoints(intf->cur_altsetting, NULL, NULL,
1053 &btmtk_data->isopkt_rx_ep,
1054 &btmtk_data->isopkt_tx_ep);
1055 if (err) {
1056 bt_dev_err(hdev, "invalid interrupt descriptors");
1057 return -ENODEV;
1058 }
1059
1060 return 0;
1061 }
1062
alloc_mtk_intr_urb(struct hci_dev * hdev,struct sk_buff * skb,usb_complete_t tx_complete)1063 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb,
1064 usb_complete_t tx_complete)
1065 {
1066 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1067 struct urb *urb;
1068 unsigned int pipe;
1069
1070 if (!btmtk_data->isopkt_tx_ep)
1071 return ERR_PTR(-ENODEV);
1072
1073 urb = usb_alloc_urb(0, GFP_KERNEL);
1074 if (!urb)
1075 return ERR_PTR(-ENOMEM);
1076
1077 if (btmtk_isopkt_pad(hdev, skb))
1078 return ERR_PTR(-EINVAL);
1079
1080 pipe = usb_sndintpipe(btmtk_data->udev,
1081 btmtk_data->isopkt_tx_ep->bEndpointAddress);
1082
1083 usb_fill_int_urb(urb, btmtk_data->udev, pipe,
1084 skb->data, skb->len, tx_complete,
1085 skb, btmtk_data->isopkt_tx_ep->bInterval);
1086
1087 skb->dev = (void *)hdev;
1088
1089 return urb;
1090 }
1091 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb);
1092
btmtk_recv_isopkt(struct hci_dev * hdev,void * buffer,int count)1093 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count)
1094 {
1095 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1096 struct sk_buff *skb;
1097 unsigned long flags;
1098 int err = 0;
1099
1100 spin_lock_irqsave(&btmtk_data->isorxlock, flags);
1101 skb = btmtk_data->isopkt_skb;
1102
1103 while (count) {
1104 int len;
1105
1106 if (!skb) {
1107 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC);
1108 if (!skb) {
1109 err = -ENOMEM;
1110 break;
1111 }
1112
1113 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT;
1114 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE;
1115 }
1116
1117 len = min_t(uint, hci_skb_expect(skb), count);
1118 skb_put_data(skb, buffer, len);
1119
1120 count -= len;
1121 buffer += len;
1122 hci_skb_expect(skb) -= len;
1123
1124 if (skb->len == HCI_ISO_HDR_SIZE) {
1125 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen;
1126
1127 /* Complete ISO header */
1128 hci_skb_expect(skb) = __le16_to_cpu(dlen);
1129
1130 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1131 kfree_skb(skb);
1132 skb = NULL;
1133
1134 err = -EILSEQ;
1135 break;
1136 }
1137 }
1138
1139 if (!hci_skb_expect(skb)) {
1140 /* Complete frame */
1141 hci_recv_frame(hdev, skb);
1142 skb = NULL;
1143 }
1144 }
1145
1146 btmtk_data->isopkt_skb = skb;
1147 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags);
1148
1149 return err;
1150 }
1151
btmtk_intr_complete(struct urb * urb)1152 static void btmtk_intr_complete(struct urb *urb)
1153 {
1154 struct hci_dev *hdev = urb->context;
1155 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1156 int err;
1157
1158 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1159 urb->actual_length);
1160
1161 if (!test_bit(HCI_RUNNING, &hdev->flags))
1162 return;
1163
1164 if (hdev->suspended)
1165 return;
1166
1167 if (urb->status == 0) {
1168 hdev->stat.byte_rx += urb->actual_length;
1169
1170 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer,
1171 urb->actual_length) < 0) {
1172 bt_dev_err(hdev, "corrupted iso packet");
1173 hdev->stat.err_rx++;
1174 }
1175 } else if (urb->status == -ENOENT) {
1176 /* Avoid suspend failed when usb_kill_urb */
1177 return;
1178 }
1179
1180 usb_mark_last_busy(btmtk_data->udev);
1181 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1182
1183 err = usb_submit_urb(urb, GFP_ATOMIC);
1184 if (err < 0) {
1185 /* -EPERM: urb is being killed;
1186 * -ENODEV: device got disconnected
1187 */
1188 if (err != -EPERM && err != -ENODEV)
1189 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1190 urb, -err);
1191 if (err != -EPERM)
1192 hci_cmd_sync_cancel(hdev, -err);
1193 usb_unanchor_urb(urb);
1194 }
1195 }
1196
btmtk_submit_intr_urb(struct hci_dev * hdev,gfp_t mem_flags)1197 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1198 {
1199 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1200 unsigned char *buf;
1201 unsigned int pipe;
1202 struct urb *urb;
1203 int err, size;
1204
1205 BT_DBG("%s", hdev->name);
1206
1207 if (!btmtk_data->isopkt_rx_ep)
1208 return -ENODEV;
1209
1210 urb = usb_alloc_urb(0, mem_flags);
1211 if (!urb)
1212 return -ENOMEM;
1213 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize);
1214
1215 buf = kmalloc(size, mem_flags);
1216 if (!buf) {
1217 usb_free_urb(urb);
1218 return -ENOMEM;
1219 }
1220
1221 pipe = usb_rcvintpipe(btmtk_data->udev,
1222 btmtk_data->isopkt_rx_ep->bEndpointAddress);
1223
1224 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size,
1225 btmtk_intr_complete, hdev,
1226 btmtk_data->isopkt_rx_ep->bInterval);
1227
1228 urb->transfer_flags |= URB_FREE_BUFFER;
1229
1230 usb_mark_last_busy(btmtk_data->udev);
1231 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1232
1233 err = usb_submit_urb(urb, mem_flags);
1234 if (err < 0) {
1235 if (err != -EPERM && err != -ENODEV)
1236 bt_dev_err(hdev, "urb %p submission failed (%d)",
1237 urb, -err);
1238 usb_unanchor_urb(urb);
1239 }
1240
1241 usb_free_urb(urb);
1242
1243 return err;
1244 }
1245
btmtk_usb_isointf_init(struct hci_dev * hdev)1246 static int btmtk_usb_isointf_init(struct hci_dev *hdev)
1247 {
1248 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1249 u8 iso_param[2] = { 0x08, 0x01 };
1250 struct sk_buff *skb;
1251 int err;
1252
1253 spin_lock_init(&btmtk_data->isorxlock);
1254
1255 __set_mtk_intr_interface(hdev);
1256
1257 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL);
1258 if (err < 0) {
1259 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1260 bt_dev_err(hdev, "ISO intf not support (%d)", err);
1261 return err;
1262 }
1263
1264 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param,
1265 HCI_INIT_TIMEOUT);
1266 if (IS_ERR(skb)) {
1267 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb));
1268 return PTR_ERR(skb);
1269 }
1270 kfree_skb(skb);
1271
1272 return 0;
1273 }
1274
btmtk_usb_resume(struct hci_dev * hdev)1275 int btmtk_usb_resume(struct hci_dev *hdev)
1276 {
1277 /* This function describes the specific additional steps taken by MediaTek
1278 * when Bluetooth usb driver's resume function is called.
1279 */
1280 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1281
1282 /* Resubmit urb for iso data transmission */
1283 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) {
1284 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0)
1285 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1286 }
1287
1288 return 0;
1289 }
1290 EXPORT_SYMBOL_GPL(btmtk_usb_resume);
1291
btmtk_usb_suspend(struct hci_dev * hdev)1292 int btmtk_usb_suspend(struct hci_dev *hdev)
1293 {
1294 /* This function describes the specific additional steps taken by MediaTek
1295 * when Bluetooth usb driver's suspend function is called.
1296 */
1297 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1298
1299 /* Stop urb anchor for iso data transmission */
1300 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags))
1301 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1302
1303 return 0;
1304 }
1305 EXPORT_SYMBOL_GPL(btmtk_usb_suspend);
1306
btmtk_usb_setup(struct hci_dev * hdev)1307 int btmtk_usb_setup(struct hci_dev *hdev)
1308 {
1309 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1310 struct btmtk_hci_wmt_params wmt_params;
1311 ktime_t calltime, delta, rettime;
1312 struct btmtk_tci_sleep tci_sleep;
1313 unsigned long long duration;
1314 struct sk_buff *skb;
1315 const char *fwname;
1316 int err, status;
1317 u32 dev_id = 0;
1318 char fw_bin_name[64];
1319 u32 fw_version = 0, fw_flavor = 0;
1320 u8 param;
1321
1322 calltime = ktime_get();
1323
1324 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id);
1325 if (err < 0) {
1326 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1327 return err;
1328 }
1329
1330 if (!dev_id || dev_id != 0x7663) {
1331 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id);
1332 if (err < 0) {
1333 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1334 return err;
1335 }
1336 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version);
1337 if (err < 0) {
1338 bt_dev_err(hdev, "Failed to get fw version (%d)", err);
1339 return err;
1340 }
1341 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor);
1342 if (err < 0) {
1343 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
1344 return err;
1345 }
1346 fw_flavor = (fw_flavor & 0x00000080) >> 7;
1347 }
1348
1349 if (!dev_id) {
1350 u16 vid = le16_to_cpu(btmtk_data->udev->descriptor.idVendor);
1351 u16 pid = le16_to_cpu(btmtk_data->udev->descriptor.idProduct);
1352 int i;
1353
1354 for (i = 0; i < ARRAY_SIZE(btmtk_mt6639_devs); i++) {
1355 if (vid == btmtk_mt6639_devs[i].vendor &&
1356 pid == btmtk_mt6639_devs[i].product) {
1357 dev_id = 0x6639;
1358 break;
1359 }
1360 }
1361
1362 if (dev_id)
1363 bt_dev_info(hdev, "MT6639: CHIPID=0x0000 with VID=%04x PID=%04x, using 0x6639",
1364 vid, pid);
1365 }
1366
1367 btmtk_data->dev_id = dev_id;
1368
1369 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version);
1370 if (err < 0)
1371 bt_dev_err(hdev, "Failed to register coredump (%d)", err);
1372
1373 switch (dev_id) {
1374 case 0x7663:
1375 fwname = FIRMWARE_MT7663;
1376 break;
1377 case 0x7668:
1378 fwname = FIRMWARE_MT7668;
1379 break;
1380 case 0x7922:
1381 case 0x7925:
1382 case 0x7961:
1383 case 0x7902:
1384 case 0x6639:
1385 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id,
1386 fw_version, fw_flavor);
1387
1388 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
1389 btmtk_usb_hci_wmt_sync,
1390 dev_id);
1391 if (err < 0) {
1392 /* retry once if setup firmware error */
1393 if (!test_and_set_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags))
1394 btmtk_reset_sync(hdev);
1395 bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
1396 return err;
1397 }
1398
1399 /* It's Device EndPoint Reset Option Register */
1400 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT,
1401 MTK_EP_RST_IN_OUT_OPT);
1402 if (err < 0)
1403 return err;
1404
1405 /* Enable Bluetooth protocol */
1406 param = 1;
1407 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1408 wmt_params.flag = 0;
1409 wmt_params.dlen = sizeof(param);
1410 wmt_params.data = ¶m;
1411 wmt_params.status = NULL;
1412
1413 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1414 if (err < 0) {
1415 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1416 return err;
1417 }
1418
1419 hci_set_msft_opcode(hdev, 0xFD30);
1420 hci_set_aosp_capable(hdev);
1421
1422 /* Clear BTMTK_FIRMWARE_DL_RETRY if setup successfully */
1423 test_and_clear_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags);
1424
1425 /* Set up ISO interface after protocol enabled */
1426 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
1427 if (!btmtk_usb_isointf_init(hdev))
1428 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1429 }
1430
1431 goto done;
1432 default:
1433 bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
1434 dev_id);
1435 return -ENODEV;
1436 }
1437
1438 /* Query whether the firmware is already download */
1439 wmt_params.op = BTMTK_WMT_SEMAPHORE;
1440 wmt_params.flag = 1;
1441 wmt_params.dlen = 0;
1442 wmt_params.data = NULL;
1443 wmt_params.status = &status;
1444
1445 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1446 if (err < 0) {
1447 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
1448 return err;
1449 }
1450
1451 if (status == BTMTK_WMT_PATCH_DONE) {
1452 bt_dev_info(hdev, "firmware already downloaded");
1453 goto ignore_setup_fw;
1454 }
1455
1456 /* Setup a firmware which the device definitely requires */
1457 err = btmtk_setup_firmware(hdev, fwname,
1458 btmtk_usb_hci_wmt_sync);
1459 if (err < 0)
1460 return err;
1461
1462 ignore_setup_fw:
1463 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status,
1464 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
1465 2000, 5000000);
1466 /* -ETIMEDOUT happens */
1467 if (err < 0)
1468 return err;
1469
1470 /* The other errors happen in btmtk_usb_func_query */
1471 if (status < 0)
1472 return status;
1473
1474 if (status == BTMTK_WMT_ON_DONE) {
1475 bt_dev_info(hdev, "function already on");
1476 goto ignore_func_on;
1477 }
1478
1479 /* Enable Bluetooth protocol */
1480 param = 1;
1481 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1482 wmt_params.flag = 0;
1483 wmt_params.dlen = sizeof(param);
1484 wmt_params.data = ¶m;
1485 wmt_params.status = NULL;
1486
1487 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1488 if (err < 0) {
1489 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1490 return err;
1491 }
1492
1493 ignore_func_on:
1494 /* Apply the low power environment setup */
1495 tci_sleep.mode = 0x5;
1496 tci_sleep.duration = cpu_to_le16(0x640);
1497 tci_sleep.host_duration = cpu_to_le16(0x640);
1498 tci_sleep.host_wakeup_pin = 0;
1499 tci_sleep.time_compensation = 0;
1500
1501 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
1502 HCI_INIT_TIMEOUT);
1503 if (IS_ERR(skb)) {
1504 err = PTR_ERR(skb);
1505 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
1506 return err;
1507 }
1508 kfree_skb(skb);
1509
1510 done:
1511 rettime = ktime_get();
1512 delta = ktime_sub(rettime, calltime);
1513 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1514
1515 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
1516
1517 return 0;
1518 }
1519 EXPORT_SYMBOL_GPL(btmtk_usb_setup);
1520
btmtk_usb_shutdown(struct hci_dev * hdev)1521 int btmtk_usb_shutdown(struct hci_dev *hdev)
1522 {
1523 struct btmtk_data *data = hci_get_priv(hdev);
1524 struct btmtk_hci_wmt_params wmt_params;
1525 u8 param = 0;
1526 int err;
1527
1528 err = usb_autopm_get_interface(data->intf);
1529 if (err < 0)
1530 return err;
1531
1532 /* Disable the device */
1533 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1534 wmt_params.flag = 0;
1535 wmt_params.dlen = sizeof(param);
1536 wmt_params.data = ¶m;
1537 wmt_params.status = NULL;
1538
1539 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1540 if (err < 0) {
1541 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1542 usb_autopm_put_interface(data->intf);
1543 return err;
1544 }
1545
1546 usb_autopm_put_interface(data->intf);
1547 return 0;
1548 }
1549 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown);
1550 #endif
1551
1552 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>");
1553 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>");
1554 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
1555 MODULE_VERSION(VERSION);
1556 MODULE_LICENSE("GPL");
1557 MODULE_FIRMWARE(FIRMWARE_MT7622);
1558 MODULE_FIRMWARE(FIRMWARE_MT7663);
1559 MODULE_FIRMWARE(FIRMWARE_MT7668);
1560 MODULE_FIRMWARE(FIRMWARE_MT7922);
1561 MODULE_FIRMWARE(FIRMWARE_MT7961);
1562 MODULE_FIRMWARE(FIRMWARE_MT7925);
1563 MODULE_FIRMWARE(FIRMWARE_MT7927);
1564