1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth HCI Three-wire UART driver 5 * 6 * Copyright (C) 2012 Intel Corporation 7 */ 8 9 #include <linux/acpi.h> 10 #include <linux/bitrev.h> 11 #include <linux/crc-ccitt.h> 12 #include <linux/errno.h> 13 #include <linux/gpio/consumer.h> 14 #include <linux/kernel.h> 15 #include <linux/mod_devicetable.h> 16 #include <linux/of.h> 17 #include <linux/pm_runtime.h> 18 #include <linux/serdev.h> 19 #include <linux/skbuff.h> 20 21 #include <net/bluetooth/bluetooth.h> 22 #include <net/bluetooth/hci_core.h> 23 24 #include "btrtl.h" 25 #include "hci_uart.h" 26 27 #define SUSPEND_TIMEOUT_MS 6000 28 29 #define HCI_3WIRE_ACK_PKT 0 30 #define HCI_3WIRE_LINK_PKT 15 31 32 /* Sliding window size */ 33 #define H5_TX_WIN_MAX 4 34 35 #define H5_ACK_TIMEOUT msecs_to_jiffies(250) 36 #define H5_SYNC_TIMEOUT msecs_to_jiffies(100) 37 38 /* 39 * Maximum Three-wire packet: 40 * 4 byte header + max value for 12-bit length + 2 bytes for CRC 41 */ 42 #define H5_MAX_LEN (4 + 0xfff + 2) 43 44 /* Convenience macros for reading Three-wire header values */ 45 #define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07) 46 #define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07) 47 #define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01) 48 #define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01) 49 #define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f) 50 #define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4)) 51 52 #define SLIP_DELIMITER 0xc0 53 #define SLIP_ESC 0xdb 54 #define SLIP_ESC_DELIM 0xdc 55 #define SLIP_ESC_ESC 0xdd 56 57 /* H5 state flags */ 58 enum { 59 H5_RX_ESC, /* SLIP escape mode */ 60 H5_TX_ACK_REQ, /* Pending ack to send */ 61 H5_WAKEUP_DISABLE, /* Device cannot wake host */ 62 H5_HW_FLOW_CONTROL, /* Use HW flow control */ 63 H5_CRC, /* Use CRC */ 64 }; 65 66 struct h5 { 67 /* Must be the first member, hci_serdev.c expects this. */ 68 struct hci_uart serdev_hu; 69 70 struct sk_buff_head unack; /* Unack'ed packets queue */ 71 struct sk_buff_head rel; /* Reliable packets queue */ 72 struct sk_buff_head unrel; /* Unreliable packets queue */ 73 74 unsigned long flags; 75 76 struct sk_buff *rx_skb; /* Receive buffer */ 77 size_t rx_pending; /* Expecting more bytes */ 78 u8 rx_ack; /* Last ack number received */ 79 80 int (*rx_func)(struct hci_uart *hu, u8 c); 81 82 struct timer_list timer; /* Retransmission timer */ 83 struct hci_uart *hu; /* Parent HCI UART */ 84 85 u8 tx_seq; /* Next seq number to send */ 86 u8 tx_ack; /* Next ack number to send */ 87 u8 tx_win; /* Sliding window size */ 88 89 enum { 90 H5_UNINITIALIZED, 91 H5_INITIALIZED, 92 H5_ACTIVE, 93 } state; 94 95 enum { 96 H5_AWAKE, 97 H5_SLEEPING, 98 H5_WAKING_UP, 99 } sleep; 100 101 const struct h5_vnd *vnd; 102 const char *id; 103 104 struct gpio_desc *enable_gpio; 105 struct gpio_desc *device_wake_gpio; 106 }; 107 108 enum h5_driver_info { 109 H5_INFO_WAKEUP_DISABLE = BIT(0), 110 }; 111 112 struct h5_vnd { 113 int (*setup)(struct h5 *h5); 114 void (*open)(struct h5 *h5); 115 void (*close)(struct h5 *h5); 116 int (*suspend)(struct h5 *h5); 117 int (*resume)(struct h5 *h5); 118 const struct acpi_gpio_mapping *acpi_gpio_map; 119 int sizeof_priv; 120 }; 121 122 struct h5_device_data { 123 uint32_t driver_info; 124 struct h5_vnd *vnd; 125 }; 126 127 static void h5_reset_rx(struct h5 *h5); 128 129 static void h5_link_control(struct hci_uart *hu, const void *data, size_t len) 130 { 131 struct h5 *h5 = hu->priv; 132 struct sk_buff *nskb; 133 134 nskb = alloc_skb(3, GFP_ATOMIC); 135 if (!nskb) 136 return; 137 138 hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT; 139 140 skb_put_data(nskb, data, len); 141 142 skb_queue_tail(&h5->unrel, nskb); 143 } 144 145 static u8 h5_cfg_field(struct h5 *h5) 146 { 147 /* Sliding window size (first 3 bits) and CRC request (fifth bit). */ 148 return (h5->tx_win & 0x07) | 0x10; 149 } 150 151 static void h5_timed_event(struct timer_list *t) 152 { 153 const unsigned char sync_req[] = { 0x01, 0x7e }; 154 unsigned char conf_req[3] = { 0x03, 0xfc }; 155 struct h5 *h5 = timer_container_of(h5, t, timer); 156 struct hci_uart *hu = h5->hu; 157 struct sk_buff *skb; 158 unsigned long flags; 159 160 BT_DBG("%s", hu->hdev->name); 161 162 if (h5->state == H5_UNINITIALIZED) 163 h5_link_control(hu, sync_req, sizeof(sync_req)); 164 165 if (h5->state == H5_INITIALIZED) { 166 conf_req[2] = h5_cfg_field(h5); 167 h5_link_control(hu, conf_req, sizeof(conf_req)); 168 } 169 170 if (h5->state != H5_ACTIVE) { 171 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT); 172 goto wakeup; 173 } 174 175 if (h5->sleep != H5_AWAKE) { 176 h5->sleep = H5_SLEEPING; 177 goto wakeup; 178 } 179 180 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen); 181 182 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING); 183 184 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) { 185 h5->tx_seq = (h5->tx_seq - 1) & 0x07; 186 skb_queue_head(&h5->rel, skb); 187 } 188 189 spin_unlock_irqrestore(&h5->unack.lock, flags); 190 191 wakeup: 192 hci_uart_tx_wakeup(hu); 193 } 194 195 static void h5_peer_reset(struct hci_uart *hu) 196 { 197 struct h5 *h5 = hu->priv; 198 199 bt_dev_err(hu->hdev, "Peer device has reset"); 200 201 h5->state = H5_UNINITIALIZED; 202 203 timer_delete(&h5->timer); 204 205 skb_queue_purge(&h5->rel); 206 skb_queue_purge(&h5->unrel); 207 skb_queue_purge(&h5->unack); 208 209 h5->tx_seq = 0; 210 h5->tx_ack = 0; 211 212 /* Send reset request to upper stack */ 213 hci_reset_dev(hu->hdev); 214 } 215 216 static int h5_open(struct hci_uart *hu) 217 { 218 struct h5 *h5; 219 220 BT_DBG("hu %p", hu); 221 222 if (hu->serdev) { 223 h5 = serdev_device_get_drvdata(hu->serdev); 224 } else { 225 h5 = kzalloc_obj(*h5); 226 if (!h5) 227 return -ENOMEM; 228 } 229 230 hu->priv = h5; 231 h5->hu = hu; 232 233 skb_queue_head_init(&h5->unack); 234 skb_queue_head_init(&h5->rel); 235 skb_queue_head_init(&h5->unrel); 236 237 h5_reset_rx(h5); 238 239 timer_setup(&h5->timer, h5_timed_event, 0); 240 241 h5->tx_win = H5_TX_WIN_MAX; 242 243 if (h5->vnd && h5->vnd->open) 244 h5->vnd->open(h5); 245 246 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags); 247 248 /* 249 * Wait one jiffy because the UART layer won't set HCI_UART_PROTO_READY, 250 * which allows us to send link packets, until this function returns. 251 */ 252 mod_timer(&h5->timer, jiffies + 1); 253 254 return 0; 255 } 256 257 static int h5_close(struct hci_uart *hu) 258 { 259 struct h5 *h5 = hu->priv; 260 261 timer_delete_sync(&h5->timer); 262 263 skb_queue_purge(&h5->unack); 264 skb_queue_purge(&h5->rel); 265 skb_queue_purge(&h5->unrel); 266 267 kfree_skb(h5->rx_skb); 268 h5->rx_skb = NULL; 269 270 if (h5->vnd && h5->vnd->close) 271 h5->vnd->close(h5); 272 273 if (!hu->serdev) 274 kfree(h5); 275 276 hu->priv = NULL; 277 return 0; 278 } 279 280 static int h5_setup(struct hci_uart *hu) 281 { 282 struct h5 *h5 = hu->priv; 283 284 if (h5->vnd && h5->vnd->setup) 285 return h5->vnd->setup(h5); 286 287 return 0; 288 } 289 290 static void h5_pkt_cull(struct h5 *h5) 291 { 292 struct sk_buff *skb, *tmp; 293 unsigned long flags; 294 int i, to_remove; 295 u8 seq; 296 297 spin_lock_irqsave(&h5->unack.lock, flags); 298 299 to_remove = skb_queue_len(&h5->unack); 300 if (to_remove == 0) 301 goto unlock; 302 303 seq = h5->tx_seq; 304 305 while (to_remove > 0) { 306 if (h5->rx_ack == seq) 307 break; 308 309 to_remove--; 310 seq = (seq - 1) & 0x07; 311 } 312 313 if (seq != h5->rx_ack) 314 BT_ERR("Controller acked invalid packet"); 315 316 i = 0; 317 skb_queue_walk_safe(&h5->unack, skb, tmp) { 318 if (i++ >= to_remove) 319 break; 320 321 __skb_unlink(skb, &h5->unack); 322 dev_kfree_skb_irq(skb); 323 } 324 325 if (skb_queue_empty(&h5->unack)) 326 timer_delete(&h5->timer); 327 328 unlock: 329 spin_unlock_irqrestore(&h5->unack.lock, flags); 330 } 331 332 static void h5_handle_internal_rx(struct hci_uart *hu) 333 { 334 struct h5 *h5 = hu->priv; 335 const unsigned char sync_req[] = { 0x01, 0x7e }; 336 const unsigned char sync_rsp[] = { 0x02, 0x7d }; 337 unsigned char conf_req[3] = { 0x03, 0xfc }; 338 const unsigned char conf_rsp[] = { 0x04, 0x7b }; 339 const unsigned char wakeup_req[] = { 0x05, 0xfa }; 340 const unsigned char woken_req[] = { 0x06, 0xf9 }; 341 const unsigned char sleep_req[] = { 0x07, 0x78 }; 342 const unsigned char *hdr = h5->rx_skb->data; 343 const unsigned char *data = &h5->rx_skb->data[4]; 344 345 BT_DBG("%s", hu->hdev->name); 346 347 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) 348 return; 349 350 if (H5_HDR_LEN(hdr) < 2) 351 return; 352 353 conf_req[2] = h5_cfg_field(h5); 354 355 if (memcmp(data, sync_req, 2) == 0) { 356 if (h5->state == H5_ACTIVE) 357 h5_peer_reset(hu); 358 h5_link_control(hu, sync_rsp, 2); 359 } else if (memcmp(data, sync_rsp, 2) == 0) { 360 if (h5->state == H5_ACTIVE) 361 h5_peer_reset(hu); 362 h5->state = H5_INITIALIZED; 363 h5_link_control(hu, conf_req, 3); 364 } else if (memcmp(data, conf_req, 2) == 0) { 365 h5_link_control(hu, conf_rsp, 2); 366 h5_link_control(hu, conf_req, 3); 367 } else if (memcmp(data, conf_rsp, 2) == 0) { 368 if (H5_HDR_LEN(hdr) > 2) { 369 h5->tx_win = (data[2] & 0x07); 370 assign_bit(H5_CRC, &h5->flags, data[2] & 0x10); 371 } 372 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win); 373 h5->state = H5_ACTIVE; 374 hci_uart_init_ready(hu); 375 return; 376 } else if (memcmp(data, sleep_req, 2) == 0) { 377 BT_DBG("Peer went to sleep"); 378 h5->sleep = H5_SLEEPING; 379 return; 380 } else if (memcmp(data, woken_req, 2) == 0) { 381 BT_DBG("Peer woke up"); 382 h5->sleep = H5_AWAKE; 383 } else if (memcmp(data, wakeup_req, 2) == 0) { 384 BT_DBG("Peer requested wakeup"); 385 h5_link_control(hu, woken_req, 2); 386 h5->sleep = H5_AWAKE; 387 } else { 388 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]); 389 return; 390 } 391 392 hci_uart_tx_wakeup(hu); 393 } 394 395 static void h5_complete_rx_pkt(struct hci_uart *hu) 396 { 397 struct h5 *h5 = hu->priv; 398 const unsigned char *hdr = h5->rx_skb->data; 399 400 if (H5_HDR_RELIABLE(hdr)) { 401 h5->tx_ack = (h5->tx_ack + 1) % 8; 402 set_bit(H5_TX_ACK_REQ, &h5->flags); 403 hci_uart_tx_wakeup(hu); 404 } 405 406 h5->rx_ack = H5_HDR_ACK(hdr); 407 408 h5_pkt_cull(h5); 409 410 switch (H5_HDR_PKT_TYPE(hdr)) { 411 case HCI_EVENT_PKT: 412 case HCI_ACLDATA_PKT: 413 case HCI_SCODATA_PKT: 414 case HCI_ISODATA_PKT: 415 hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr); 416 417 /* Remove Three-wire header */ 418 skb_pull(h5->rx_skb, 4); 419 420 hci_recv_frame(hu->hdev, h5->rx_skb); 421 h5->rx_skb = NULL; 422 423 break; 424 425 default: 426 h5_handle_internal_rx(hu); 427 break; 428 } 429 430 h5_reset_rx(h5); 431 } 432 433 static int h5_rx_crc(struct hci_uart *hu, unsigned char c) 434 { 435 struct h5 *h5 = hu->priv; 436 const unsigned char *hdr = h5->rx_skb->data; 437 u16 crc; 438 __be16 crc_be; 439 440 crc = crc_ccitt(0xffff, hdr, 4 + H5_HDR_LEN(hdr)); 441 crc = bitrev16(crc); 442 443 crc_be = cpu_to_be16(crc); 444 445 if (memcmp(&crc_be, hdr + 4 + H5_HDR_LEN(hdr), 2) != 0) { 446 bt_dev_err(hu->hdev, "Received packet with invalid CRC"); 447 h5_reset_rx(h5); 448 } else { 449 /* Remove CRC bytes */ 450 skb_trim(h5->rx_skb, 4 + H5_HDR_LEN(hdr)); 451 h5_complete_rx_pkt(hu); 452 } 453 454 return 0; 455 } 456 457 static int h5_rx_payload(struct hci_uart *hu, unsigned char c) 458 { 459 struct h5 *h5 = hu->priv; 460 const unsigned char *hdr = h5->rx_skb->data; 461 462 if (H5_HDR_CRC(hdr)) { 463 h5->rx_func = h5_rx_crc; 464 h5->rx_pending = 2; 465 } else { 466 h5_complete_rx_pkt(hu); 467 } 468 469 return 0; 470 } 471 472 static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c) 473 { 474 struct h5 *h5 = hu->priv; 475 const unsigned char *hdr = h5->rx_skb->data; 476 477 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u", 478 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr), 479 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr), 480 H5_HDR_LEN(hdr)); 481 482 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) { 483 bt_dev_err(hu->hdev, "Invalid header checksum"); 484 h5_reset_rx(h5); 485 return 0; 486 } 487 488 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) { 489 bt_dev_err(hu->hdev, "Out-of-order packet arrived (%u != %u)", 490 H5_HDR_SEQ(hdr), h5->tx_ack); 491 set_bit(H5_TX_ACK_REQ, &h5->flags); 492 hci_uart_tx_wakeup(hu); 493 h5_reset_rx(h5); 494 return 0; 495 } 496 497 if (h5->state != H5_ACTIVE && 498 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) { 499 bt_dev_err(hu->hdev, "Non-link packet received in non-active state"); 500 h5_reset_rx(h5); 501 return 0; 502 } 503 504 h5->rx_func = h5_rx_payload; 505 h5->rx_pending = H5_HDR_LEN(hdr); 506 507 return 0; 508 } 509 510 static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c) 511 { 512 struct h5 *h5 = hu->priv; 513 514 if (c == SLIP_DELIMITER) 515 return 1; 516 517 h5->rx_func = h5_rx_3wire_hdr; 518 h5->rx_pending = 4; 519 520 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC); 521 if (!h5->rx_skb) { 522 bt_dev_err(hu->hdev, "Can't allocate mem for new packet"); 523 h5_reset_rx(h5); 524 return -ENOMEM; 525 } 526 527 h5->rx_skb->dev = (void *)hu->hdev; 528 529 return 0; 530 } 531 532 static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c) 533 { 534 struct h5 *h5 = hu->priv; 535 536 if (c == SLIP_DELIMITER) 537 h5->rx_func = h5_rx_pkt_start; 538 539 return 1; 540 } 541 542 static void h5_unslip_one_byte(struct h5 *h5, unsigned char c) 543 { 544 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC; 545 const u8 *byte = &c; 546 547 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) { 548 set_bit(H5_RX_ESC, &h5->flags); 549 return; 550 } 551 552 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) { 553 switch (c) { 554 case SLIP_ESC_DELIM: 555 byte = &delim; 556 break; 557 case SLIP_ESC_ESC: 558 byte = &esc; 559 break; 560 default: 561 BT_ERR("Invalid esc byte 0x%02hhx", c); 562 h5_reset_rx(h5); 563 return; 564 } 565 } 566 567 skb_put_data(h5->rx_skb, byte, 1); 568 h5->rx_pending--; 569 570 BT_DBG("unslipped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending); 571 } 572 573 static void h5_reset_rx(struct h5 *h5) 574 { 575 if (h5->rx_skb) { 576 kfree_skb(h5->rx_skb); 577 h5->rx_skb = NULL; 578 } 579 580 h5->rx_func = h5_rx_delimiter; 581 h5->rx_pending = 0; 582 clear_bit(H5_RX_ESC, &h5->flags); 583 clear_bit(H5_CRC, &h5->flags); 584 } 585 586 static int h5_recv(struct hci_uart *hu, const void *data, int count) 587 { 588 struct h5 *h5 = hu->priv; 589 const unsigned char *ptr = data; 590 591 if (!h5) 592 return -ENODEV; 593 594 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending, 595 count); 596 597 while (count > 0) { 598 int processed; 599 600 if (h5->rx_pending > 0) { 601 if (*ptr == SLIP_DELIMITER) { 602 bt_dev_err(hu->hdev, "Too short H5 packet"); 603 h5_reset_rx(h5); 604 continue; 605 } 606 607 h5_unslip_one_byte(h5, *ptr); 608 609 ptr++; count--; 610 continue; 611 } 612 613 processed = h5->rx_func(hu, *ptr); 614 if (processed < 0) 615 return processed; 616 617 ptr += processed; 618 count -= processed; 619 } 620 621 if (hu->serdev) { 622 pm_runtime_get(&hu->serdev->dev); 623 pm_runtime_put_autosuspend(&hu->serdev->dev); 624 } 625 626 return 0; 627 } 628 629 static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb) 630 { 631 struct h5 *h5 = hu->priv; 632 633 if (skb->len > 0xfff) { 634 bt_dev_err(hu->hdev, "Packet too long (%u bytes)", skb->len); 635 kfree_skb(skb); 636 return 0; 637 } 638 639 if (h5->state != H5_ACTIVE) { 640 bt_dev_err(hu->hdev, "Ignoring HCI data in non-active state"); 641 kfree_skb(skb); 642 return 0; 643 } 644 645 switch (hci_skb_pkt_type(skb)) { 646 case HCI_ACLDATA_PKT: 647 case HCI_COMMAND_PKT: 648 skb_queue_tail(&h5->rel, skb); 649 break; 650 651 case HCI_SCODATA_PKT: 652 case HCI_ISODATA_PKT: 653 skb_queue_tail(&h5->unrel, skb); 654 break; 655 656 default: 657 bt_dev_err(hu->hdev, "Unknown packet type %u", hci_skb_pkt_type(skb)); 658 kfree_skb(skb); 659 break; 660 } 661 662 if (hu->serdev) { 663 pm_runtime_get_sync(&hu->serdev->dev); 664 pm_runtime_put_autosuspend(&hu->serdev->dev); 665 } 666 667 return 0; 668 } 669 670 static void h5_slip_delim(struct sk_buff *skb) 671 { 672 const char delim = SLIP_DELIMITER; 673 674 skb_put_data(skb, &delim, 1); 675 } 676 677 static void h5_slip_one_byte(struct sk_buff *skb, u8 c) 678 { 679 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM }; 680 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC }; 681 682 switch (c) { 683 case SLIP_DELIMITER: 684 skb_put_data(skb, &esc_delim, 2); 685 break; 686 case SLIP_ESC: 687 skb_put_data(skb, &esc_esc, 2); 688 break; 689 default: 690 skb_put_data(skb, &c, 1); 691 } 692 } 693 694 static bool valid_packet_type(u8 type) 695 { 696 switch (type) { 697 case HCI_ACLDATA_PKT: 698 case HCI_COMMAND_PKT: 699 case HCI_SCODATA_PKT: 700 case HCI_ISODATA_PKT: 701 case HCI_3WIRE_LINK_PKT: 702 case HCI_3WIRE_ACK_PKT: 703 return true; 704 default: 705 return false; 706 } 707 } 708 709 static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type, 710 const u8 *data, size_t len) 711 { 712 struct h5 *h5 = hu->priv; 713 struct sk_buff *nskb; 714 u8 hdr[4]; 715 u16 crc; 716 int i; 717 718 if (!valid_packet_type(pkt_type)) { 719 bt_dev_err(hu->hdev, "Unknown packet type %u", pkt_type); 720 return NULL; 721 } 722 723 /* 724 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2 725 * (because bytes 0xc0 and 0xdb are escaped, worst case is when 726 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0 727 * delimiters at start and end). 728 */ 729 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC); 730 if (!nskb) 731 return NULL; 732 733 hci_skb_pkt_type(nskb) = pkt_type; 734 735 h5_slip_delim(nskb); 736 737 hdr[0] = h5->tx_ack << 3; 738 clear_bit(H5_TX_ACK_REQ, &h5->flags); 739 740 /* Reliable packet? */ 741 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) { 742 hdr[0] |= 1 << 7; 743 hdr[0] |= (test_bit(H5_CRC, &h5->flags) && 1) << 6; 744 hdr[0] |= h5->tx_seq; 745 h5->tx_seq = (h5->tx_seq + 1) % 8; 746 } 747 748 hdr[1] = pkt_type | ((len & 0x0f) << 4); 749 hdr[2] = len >> 4; 750 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff); 751 752 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u", 753 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr), 754 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr), 755 H5_HDR_LEN(hdr)); 756 757 for (i = 0; i < 4; i++) 758 h5_slip_one_byte(nskb, hdr[i]); 759 760 for (i = 0; i < len; i++) 761 h5_slip_one_byte(nskb, data[i]); 762 763 if (H5_HDR_CRC(hdr)) { 764 crc = crc_ccitt(0xffff, hdr, 4); 765 crc = crc_ccitt(crc, data, len); 766 crc = bitrev16(crc); 767 768 h5_slip_one_byte(nskb, (crc >> 8) & 0xff); 769 h5_slip_one_byte(nskb, crc & 0xff); 770 } 771 772 h5_slip_delim(nskb); 773 774 return nskb; 775 } 776 777 static struct sk_buff *h5_dequeue(struct hci_uart *hu) 778 { 779 struct h5 *h5 = hu->priv; 780 unsigned long flags; 781 struct sk_buff *skb, *nskb; 782 783 if (h5->sleep != H5_AWAKE) { 784 const unsigned char wakeup_req[] = { 0x05, 0xfa }; 785 786 if (h5->sleep == H5_WAKING_UP) 787 return NULL; 788 789 h5->sleep = H5_WAKING_UP; 790 BT_DBG("Sending wakeup request"); 791 792 mod_timer(&h5->timer, jiffies + HZ / 100); 793 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2); 794 } 795 796 skb = skb_dequeue(&h5->unrel); 797 if (skb) { 798 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb), 799 skb->data, skb->len); 800 if (nskb) { 801 kfree_skb(skb); 802 return nskb; 803 } 804 805 skb_queue_head(&h5->unrel, skb); 806 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed"); 807 } 808 809 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING); 810 811 if (h5->unack.qlen >= h5->tx_win) 812 goto unlock; 813 814 skb = skb_dequeue(&h5->rel); 815 if (skb) { 816 nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb), 817 skb->data, skb->len); 818 if (nskb) { 819 __skb_queue_tail(&h5->unack, skb); 820 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT); 821 spin_unlock_irqrestore(&h5->unack.lock, flags); 822 return nskb; 823 } 824 825 skb_queue_head(&h5->rel, skb); 826 bt_dev_err(hu->hdev, "Could not dequeue pkt because alloc_skb failed"); 827 } 828 829 unlock: 830 spin_unlock_irqrestore(&h5->unack.lock, flags); 831 832 if (test_bit(H5_TX_ACK_REQ, &h5->flags)) 833 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0); 834 835 return NULL; 836 } 837 838 static int h5_flush(struct hci_uart *hu) 839 { 840 BT_DBG("hu %p", hu); 841 return 0; 842 } 843 844 static const struct hci_uart_proto h5p = { 845 .id = HCI_UART_3WIRE, 846 .name = "Three-wire (H5)", 847 .open = h5_open, 848 .close = h5_close, 849 .setup = h5_setup, 850 .recv = h5_recv, 851 .enqueue = h5_enqueue, 852 .dequeue = h5_dequeue, 853 .flush = h5_flush, 854 }; 855 856 static int h5_serdev_probe(struct serdev_device *serdev) 857 { 858 struct device *dev = &serdev->dev; 859 struct h5 *h5; 860 const struct h5_device_data *data; 861 862 h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL); 863 if (!h5) 864 return -ENOMEM; 865 866 h5->hu = &h5->serdev_hu; 867 h5->serdev_hu.serdev = serdev; 868 serdev_device_set_drvdata(serdev, h5); 869 870 if (has_acpi_companion(dev)) { 871 const struct acpi_device_id *match; 872 873 match = acpi_match_device(dev->driver->acpi_match_table, dev); 874 if (!match) 875 return -ENODEV; 876 877 data = (const struct h5_device_data *)match->driver_data; 878 h5->vnd = data->vnd; 879 h5->id = (char *)match->id; 880 881 if (h5->vnd->acpi_gpio_map) 882 devm_acpi_dev_add_driver_gpios(dev, 883 h5->vnd->acpi_gpio_map); 884 } else { 885 data = of_device_get_match_data(dev); 886 if (!data) 887 return -ENODEV; 888 889 h5->vnd = data->vnd; 890 } 891 892 if (data->driver_info & H5_INFO_WAKEUP_DISABLE) 893 set_bit(H5_WAKEUP_DISABLE, &h5->flags); 894 895 h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW); 896 if (IS_ERR(h5->enable_gpio)) 897 return PTR_ERR(h5->enable_gpio); 898 899 h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake", 900 GPIOD_OUT_LOW); 901 if (IS_ERR(h5->device_wake_gpio)) 902 return PTR_ERR(h5->device_wake_gpio); 903 904 return hci_uart_register_device_priv(&h5->serdev_hu, &h5p, 905 h5->vnd->sizeof_priv); 906 } 907 908 static void h5_serdev_remove(struct serdev_device *serdev) 909 { 910 struct h5 *h5 = serdev_device_get_drvdata(serdev); 911 912 hci_uart_unregister_device(&h5->serdev_hu); 913 } 914 915 static int __maybe_unused h5_serdev_suspend(struct device *dev) 916 { 917 struct h5 *h5 = dev_get_drvdata(dev); 918 int ret = 0; 919 920 if (h5->vnd && h5->vnd->suspend) 921 ret = h5->vnd->suspend(h5); 922 923 return ret; 924 } 925 926 static int __maybe_unused h5_serdev_resume(struct device *dev) 927 { 928 struct h5 *h5 = dev_get_drvdata(dev); 929 int ret = 0; 930 931 if (h5->vnd && h5->vnd->resume) 932 ret = h5->vnd->resume(h5); 933 934 return ret; 935 } 936 937 #ifdef CONFIG_BT_HCIUART_RTL 938 static int h5_btrtl_setup(struct h5 *h5) 939 { 940 struct btrtl_device_info *btrtl_dev; 941 struct sk_buff *skb; 942 __le32 baudrate_data; 943 u32 device_baudrate; 944 unsigned int controller_baudrate; 945 bool flow_control; 946 int err; 947 948 btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id); 949 if (IS_ERR(btrtl_dev)) 950 return PTR_ERR(btrtl_dev); 951 952 err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev, 953 &controller_baudrate, &device_baudrate, 954 &flow_control); 955 if (err) 956 goto out_free; 957 958 baudrate_data = cpu_to_le32(device_baudrate); 959 skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data), 960 &baudrate_data, HCI_INIT_TIMEOUT); 961 if (IS_ERR(skb)) { 962 rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n"); 963 err = PTR_ERR(skb); 964 goto out_free; 965 } else { 966 kfree_skb(skb); 967 } 968 /* Give the device some time to set up the new baudrate. */ 969 usleep_range(10000, 20000); 970 971 serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate); 972 serdev_device_set_flow_control(h5->hu->serdev, flow_control); 973 974 if (flow_control) 975 set_bit(H5_HW_FLOW_CONTROL, &h5->flags); 976 977 err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev); 978 /* Give the device some time before the hci-core sends it a reset */ 979 usleep_range(10000, 20000); 980 if (err) 981 goto out_free; 982 983 btrtl_set_quirks(h5->hu->hdev, btrtl_dev); 984 985 out_free: 986 btrtl_free(btrtl_dev); 987 988 return err; 989 } 990 991 static void h5_btrtl_open(struct h5 *h5) 992 { 993 /* 994 * Since h5_btrtl_resume() does a device_reprobe() the suspend handling 995 * done by the hci_suspend_notifier is not necessary; it actually causes 996 * delays and a bunch of errors to get logged, so disable it. 997 */ 998 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags)) 999 set_bit(HCI_UART_NO_SUSPEND_NOTIFIER, &h5->hu->flags); 1000 1001 /* Devices always start with these fixed parameters */ 1002 serdev_device_set_flow_control(h5->hu->serdev, false); 1003 serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN); 1004 serdev_device_set_baudrate(h5->hu->serdev, 115200); 1005 1006 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags)) { 1007 pm_runtime_set_active(&h5->hu->serdev->dev); 1008 pm_runtime_use_autosuspend(&h5->hu->serdev->dev); 1009 pm_runtime_set_autosuspend_delay(&h5->hu->serdev->dev, 1010 SUSPEND_TIMEOUT_MS); 1011 pm_runtime_enable(&h5->hu->serdev->dev); 1012 } 1013 1014 /* The controller needs reset to startup */ 1015 gpiod_set_value_cansleep(h5->enable_gpio, 0); 1016 gpiod_set_value_cansleep(h5->device_wake_gpio, 0); 1017 msleep(100); 1018 1019 /* The controller needs up to 500ms to wakeup */ 1020 gpiod_set_value_cansleep(h5->enable_gpio, 1); 1021 gpiod_set_value_cansleep(h5->device_wake_gpio, 1); 1022 msleep(500); 1023 } 1024 1025 static void h5_btrtl_close(struct h5 *h5) 1026 { 1027 if (!test_bit(H5_WAKEUP_DISABLE, &h5->flags)) 1028 pm_runtime_disable(&h5->hu->serdev->dev); 1029 1030 gpiod_set_value_cansleep(h5->device_wake_gpio, 0); 1031 gpiod_set_value_cansleep(h5->enable_gpio, 0); 1032 } 1033 1034 /* Suspend/resume support. On many devices the RTL BT device loses power during 1035 * suspend/resume, causing it to lose its firmware and all state. So we simply 1036 * turn it off on suspend and reprobe on resume. This mirrors how RTL devices 1037 * are handled in the USB driver, where the BTUSB_WAKEUP_DISABLE is used which 1038 * also causes a reprobe on resume. 1039 */ 1040 static int h5_btrtl_suspend(struct h5 *h5) 1041 { 1042 serdev_device_set_flow_control(h5->hu->serdev, false); 1043 gpiod_set_value_cansleep(h5->device_wake_gpio, 0); 1044 1045 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags)) 1046 gpiod_set_value_cansleep(h5->enable_gpio, 0); 1047 1048 return 0; 1049 } 1050 1051 struct h5_btrtl_reprobe { 1052 struct device *dev; 1053 struct work_struct work; 1054 }; 1055 1056 static void h5_btrtl_reprobe_worker(struct work_struct *work) 1057 { 1058 struct h5_btrtl_reprobe *reprobe = 1059 container_of(work, struct h5_btrtl_reprobe, work); 1060 int ret; 1061 1062 ret = device_reprobe(reprobe->dev); 1063 if (ret && ret != -EPROBE_DEFER) 1064 dev_err(reprobe->dev, "Reprobe error %d\n", ret); 1065 1066 put_device(reprobe->dev); 1067 kfree(reprobe); 1068 module_put(THIS_MODULE); 1069 } 1070 1071 static int h5_btrtl_resume(struct h5 *h5) 1072 { 1073 if (test_bit(H5_WAKEUP_DISABLE, &h5->flags)) { 1074 struct h5_btrtl_reprobe *reprobe; 1075 1076 reprobe = kzalloc_obj(*reprobe); 1077 if (!reprobe) 1078 return -ENOMEM; 1079 1080 __module_get(THIS_MODULE); 1081 1082 INIT_WORK(&reprobe->work, h5_btrtl_reprobe_worker); 1083 reprobe->dev = get_device(&h5->hu->serdev->dev); 1084 queue_work(system_long_wq, &reprobe->work); 1085 } else { 1086 gpiod_set_value_cansleep(h5->device_wake_gpio, 1); 1087 1088 if (test_bit(H5_HW_FLOW_CONTROL, &h5->flags)) 1089 serdev_device_set_flow_control(h5->hu->serdev, true); 1090 } 1091 1092 return 0; 1093 } 1094 1095 static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false }; 1096 static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false }; 1097 static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false }; 1098 static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = { 1099 { "device-wake-gpios", &btrtl_device_wake_gpios, 1 }, 1100 { "enable-gpios", &btrtl_enable_gpios, 1 }, 1101 { "host-wake-gpios", &btrtl_host_wake_gpios, 1 }, 1102 {}, 1103 }; 1104 1105 static struct h5_vnd rtl_vnd = { 1106 .setup = h5_btrtl_setup, 1107 .open = h5_btrtl_open, 1108 .close = h5_btrtl_close, 1109 .suspend = h5_btrtl_suspend, 1110 .resume = h5_btrtl_resume, 1111 .acpi_gpio_map = acpi_btrtl_gpios, 1112 .sizeof_priv = sizeof(struct btrealtek_data), 1113 }; 1114 1115 static const struct h5_device_data h5_data_rtl8822cs = { 1116 .vnd = &rtl_vnd, 1117 }; 1118 1119 static const struct h5_device_data h5_data_rtl8723bs = { 1120 .driver_info = H5_INFO_WAKEUP_DISABLE, 1121 .vnd = &rtl_vnd, 1122 }; 1123 #endif 1124 1125 #ifdef CONFIG_ACPI 1126 static const struct acpi_device_id h5_acpi_match[] = { 1127 #ifdef CONFIG_BT_HCIUART_RTL 1128 { "OBDA0623", (kernel_ulong_t)&h5_data_rtl8723bs }, 1129 { "OBDA8723", (kernel_ulong_t)&h5_data_rtl8723bs }, 1130 #endif 1131 { }, 1132 }; 1133 MODULE_DEVICE_TABLE(acpi, h5_acpi_match); 1134 #endif 1135 1136 static const struct dev_pm_ops h5_serdev_pm_ops = { 1137 SET_SYSTEM_SLEEP_PM_OPS(h5_serdev_suspend, h5_serdev_resume) 1138 SET_RUNTIME_PM_OPS(h5_serdev_suspend, h5_serdev_resume, NULL) 1139 }; 1140 1141 static const struct of_device_id rtl_bluetooth_of_match[] = { 1142 #ifdef CONFIG_BT_HCIUART_RTL 1143 { .compatible = "realtek,rtl8822cs-bt", 1144 .data = (const void *)&h5_data_rtl8822cs }, 1145 { .compatible = "realtek,rtl8723bs-bt", 1146 .data = (const void *)&h5_data_rtl8723bs }, 1147 { .compatible = "realtek,rtl8723cs-bt", 1148 .data = (const void *)&h5_data_rtl8723bs }, 1149 { .compatible = "realtek,rtl8723ds-bt", 1150 .data = (const void *)&h5_data_rtl8723bs }, 1151 #endif 1152 { }, 1153 }; 1154 MODULE_DEVICE_TABLE(of, rtl_bluetooth_of_match); 1155 1156 static struct serdev_device_driver h5_serdev_driver = { 1157 .probe = h5_serdev_probe, 1158 .remove = h5_serdev_remove, 1159 .driver = { 1160 .name = "hci_uart_h5", 1161 .acpi_match_table = ACPI_PTR(h5_acpi_match), 1162 .pm = &h5_serdev_pm_ops, 1163 .of_match_table = rtl_bluetooth_of_match, 1164 }, 1165 }; 1166 1167 int __init h5_init(void) 1168 { 1169 serdev_device_driver_register(&h5_serdev_driver); 1170 return hci_uart_register_proto(&h5p); 1171 } 1172 1173 int __exit h5_deinit(void) 1174 { 1175 serdev_device_driver_unregister(&h5_serdev_driver); 1176 return hci_uart_unregister_proto(&h5p); 1177 } 1178