1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NXP Bluetooth driver
4 * Copyright 2023-2025 NXP
5 */
6
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <linux/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19 #include <linux/gpio/consumer.h>
20 #include <linux/of_irq.h>
21
22 #include <net/bluetooth/bluetooth.h>
23 #include <net/bluetooth/hci_core.h>
24
25 #include "h4_recv.h"
26
27 #define MANUFACTURER_NXP 37
28
29 #define BTNXPUART_TX_STATE_ACTIVE 1
30 #define BTNXPUART_FW_DOWNLOADING 2
31 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3
32 #define BTNXPUART_SERDEV_OPEN 4
33 #define BTNXPUART_IR_IN_PROGRESS 5
34 #define BTNXPUART_FW_DOWNLOAD_ABORT 6
35 #define BTNXPUART_FW_DUMP_IN_PROGRESS 7
36
37 /* NXP HW err codes */
38 #define BTNXPUART_IR_HW_ERR 0xb0
39
40 #define FIRMWARE_W8987 "uart8987_bt.bin"
41 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin"
42 #define FIRMWARE_W8997 "uart8997_bt_v4.bin"
43 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin"
44 #define FIRMWARE_W9098 "uart9098_bt_v1.bin"
45 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin"
46 #define FIRMWARE_IW416 "uartiw416_bt.bin"
47 #define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin"
48 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se"
49 #define FIRMWARE_IW610 "uartspi_iw610.bin"
50 #define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se"
51 #define FIRMWARE_IW624 "uartiw624_bt.bin"
52 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se"
53 #define FIRMWARE_AW693 "uartaw693_bt.bin"
54 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se"
55 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin"
56 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se"
57 #define FIRMWARE_HELPER "helper_uart_3000000.bin"
58
59 #define CHIP_ID_W9098 0x5c03
60 #define CHIP_ID_IW416 0x7201
61 #define CHIP_ID_IW612 0x7601
62 #define CHIP_ID_IW624a 0x8000
63 #define CHIP_ID_IW624c 0x8001
64 #define CHIP_ID_AW693a0 0x8200
65 #define CHIP_ID_AW693a1 0x8201
66 #define CHIP_ID_IW610a0 0x8800
67 #define CHIP_ID_IW610a1 0x8801
68
69 #define FW_SECURE_MASK 0xc0
70 #define FW_OPEN 0x00
71 #define FW_AUTH_ILLEGAL 0x40
72 #define FW_AUTH_PLAIN 0x80
73 #define FW_AUTH_ENC 0xc0
74
75 #define HCI_NXP_PRI_BAUDRATE 115200
76 #define HCI_NXP_SEC_BAUDRATE 3000000
77
78 #define MAX_FW_FILE_NAME_LEN 50
79
80 /* Default ps timeout period in milliseconds */
81 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
82
83 /* wakeup methods */
84 #define WAKEUP_METHOD_DTR 0
85 #define WAKEUP_METHOD_BREAK 1
86 #define WAKEUP_METHOD_EXT_BREAK 2
87 #define WAKEUP_METHOD_RTS 3
88 #define WAKEUP_METHOD_GPIO 4
89 #define WAKEUP_METHOD_INVALID 0xff
90
91 /* power save mode status */
92 #define PS_MODE_DISABLE 0
93 #define PS_MODE_ENABLE 1
94
95 /* Power Save Commands to ps_work_func */
96 #define PS_CMD_EXIT_PS 1
97 #define PS_CMD_ENTER_PS 2
98
99 /* power save state */
100 #define PS_STATE_AWAKE 0
101 #define PS_STATE_SLEEP 1
102
103 /* NXP Vendor Commands. Refer user manual UM11628 on nxp.com */
104 /* Set custom BD Address */
105 #define HCI_NXP_SET_BD_ADDR 0xfc22
106 /* Set Auto-Sleep mode */
107 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
108 /* Set Wakeup method */
109 #define HCI_NXP_WAKEUP_METHOD 0xfc53
110 /* Set operational baudrate */
111 #define HCI_NXP_SET_OPER_SPEED 0xfc09
112 /* Independent Reset (Soft Reset) */
113 #define HCI_NXP_IND_RESET 0xfcfc
114 /* Bluetooth vendor command: Trigger FW dump */
115 #define HCI_NXP_TRIGGER_DUMP 0xfe91
116
117 /* Bluetooth Power State : Vendor cmd params */
118 #define BT_PS_ENABLE 0x02
119 #define BT_PS_DISABLE 0x03
120
121 /* Bluetooth Host Wakeup Methods */
122 #define BT_HOST_WAKEUP_METHOD_NONE 0x00
123 #define BT_HOST_WAKEUP_METHOD_DTR 0x01
124 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02
125 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03
126
127 /* Bluetooth Chip Wakeup Methods */
128 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00
129 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
130 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
131 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
132 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05
133
134 struct ps_data {
135 u8 target_ps_mode; /* ps mode to be set */
136 u8 cur_psmode; /* current ps_mode */
137 u8 ps_state; /* controller's power save state */
138 u8 ps_cmd;
139 u8 h2c_wakeupmode;
140 u8 cur_h2c_wakeupmode;
141 u8 c2h_wakeupmode;
142 u8 c2h_wakeup_gpio;
143 u8 h2c_wakeup_gpio;
144 bool driver_sent_cmd;
145 u16 h2c_ps_interval;
146 u16 c2h_ps_interval;
147 bool wakeup_source;
148 struct gpio_desc *h2c_ps_gpio;
149 s32 irq_handler;
150 struct hci_dev *hdev;
151 struct work_struct work;
152 struct timer_list ps_timer;
153 struct mutex ps_lock;
154 };
155
156 struct wakeup_cmd_payload {
157 u8 c2h_wakeupmode;
158 u8 c2h_wakeup_gpio;
159 u8 h2c_wakeupmode;
160 u8 h2c_wakeup_gpio;
161 } __packed;
162
163 struct psmode_cmd_payload {
164 u8 ps_cmd;
165 __le16 c2h_ps_interval;
166 } __packed;
167
168 struct btnxpuart_data {
169 const char *helper_fw_name;
170 const char *fw_name;
171 const char *fw_name_old;
172 };
173
174 enum bootloader_param_change {
175 not_changed,
176 cmd_sent,
177 changed
178 };
179
180 struct btnxpuart_dev {
181 struct hci_dev *hdev;
182 struct serdev_device *serdev;
183
184 struct work_struct tx_work;
185 unsigned long tx_state;
186 struct sk_buff_head txq;
187 struct sk_buff *rx_skb;
188
189 const struct firmware *fw;
190 u8 fw_name[MAX_FW_FILE_NAME_LEN];
191 u32 fw_dnld_v1_offset;
192 u32 fw_v1_sent_bytes;
193 u32 fw_dnld_v3_offset;
194 u32 fw_v3_offset_correction;
195 u32 fw_v3_prev_sent;
196 u32 fw_v1_expected_len;
197 u32 boot_reg_offset;
198 wait_queue_head_t fw_dnld_done_wait_q;
199 wait_queue_head_t check_boot_sign_wait_q;
200
201 u32 new_baudrate;
202 u32 current_baudrate;
203 u32 fw_init_baudrate;
204 enum bootloader_param_change timeout_changed;
205 enum bootloader_param_change baudrate_changed;
206 bool helper_downloaded;
207
208 struct ps_data psdata;
209 struct btnxpuart_data *nxp_data;
210 };
211
212 #define NXP_V1_FW_REQ_PKT 0xa5
213 #define NXP_V1_CHIP_VER_PKT 0xaa
214 #define NXP_V3_FW_REQ_PKT 0xa7
215 #define NXP_V3_CHIP_VER_PKT 0xab
216
217 #define NXP_ACK_V1 0x5a
218 #define NXP_NAK_V1 0xbf
219 #define NXP_ACK_V3 0x7a
220 #define NXP_NAK_V3 0x7b
221 #define NXP_CRC_ERROR_V3 0x7c
222
223 /* Bootloader signature error codes: Refer AN12820 from nxp.com */
224 #define NXP_CRC_RX_ERROR BIT(0) /* CRC error in previous packet */
225 #define NXP_ACK_RX_TIMEOUT BIT(2) /* ACK not received from host */
226 #define NXP_HDR_RX_TIMEOUT BIT(3) /* FW Header chunk not received */
227 #define NXP_DATA_RX_TIMEOUT BIT(4) /* FW Data chunk not received */
228
229 #define HDR_LEN 16
230
231 #define NXP_RECV_CHIP_VER_V1 \
232 .type = NXP_V1_CHIP_VER_PKT, \
233 .hlen = 4, \
234 .loff = 0, \
235 .lsize = 0, \
236 .maxlen = 4
237
238 #define NXP_RECV_FW_REQ_V1 \
239 .type = NXP_V1_FW_REQ_PKT, \
240 .hlen = 4, \
241 .loff = 0, \
242 .lsize = 0, \
243 .maxlen = 4
244
245 #define NXP_RECV_CHIP_VER_V3 \
246 .type = NXP_V3_CHIP_VER_PKT, \
247 .hlen = 4, \
248 .loff = 0, \
249 .lsize = 0, \
250 .maxlen = 4
251
252 #define NXP_RECV_FW_REQ_V3 \
253 .type = NXP_V3_FW_REQ_PKT, \
254 .hlen = 9, \
255 .loff = 0, \
256 .lsize = 0, \
257 .maxlen = 9
258
259 struct v1_data_req {
260 __le16 len;
261 __le16 len_comp;
262 } __packed;
263
264 struct v1_start_ind {
265 __le16 chip_id;
266 __le16 chip_id_comp;
267 } __packed;
268
269 struct v3_data_req {
270 __le16 len;
271 __le32 offset;
272 __le16 error;
273 u8 crc;
274 } __packed;
275
276 struct v3_start_ind {
277 __le16 chip_id;
278 u8 loader_ver;
279 u8 crc;
280 } __packed;
281
282 /* UART register addresses of BT chip */
283 #define CLKDIVADDR 0x7f00008f
284 #define UARTDIVADDR 0x7f000090
285 #define UARTMCRADDR 0x7f000091
286 #define UARTREINITADDR 0x7f000092
287 #define UARTICRADDR 0x7f000093
288 #define UARTFCRADDR 0x7f000094
289
290 #define MCR 0x00000022
291 #define INIT 0x00000001
292 #define ICR 0x000000c7
293 #define FCR 0x000000c7
294
295 #define POLYNOMIAL8 0x07
296
297 struct uart_reg {
298 __le32 address;
299 __le32 value;
300 } __packed;
301
302 struct uart_config {
303 struct uart_reg clkdiv;
304 struct uart_reg uartdiv;
305 struct uart_reg mcr;
306 struct uart_reg re_init;
307 struct uart_reg icr;
308 struct uart_reg fcr;
309 __be32 crc;
310 } __packed;
311
312 struct nxp_bootloader_cmd {
313 __le32 header;
314 __le32 arg;
315 __le32 payload_len;
316 __be32 crc;
317 } __packed;
318
319 struct nxp_v3_rx_timeout_nak {
320 u8 nak;
321 __le32 offset;
322 u8 crc;
323 } __packed;
324
325 union nxp_v3_rx_timeout_nak_u {
326 struct nxp_v3_rx_timeout_nak pkt;
327 u8 buf[6];
328 };
329
330 struct nxp_v3_crc_nak {
331 u8 nak;
332 u8 crc;
333 } __packed;
334
335 union nxp_v3_crc_nak_u {
336 struct nxp_v3_crc_nak pkt;
337 u8 buf[2];
338 };
339
340 /* FW dump */
341 #define NXP_FW_DUMP_SIZE (1024 * 1000)
342
343 struct nxp_fw_dump_hdr {
344 __le16 seq_num;
345 __le16 reserved;
346 __le16 buf_type;
347 __le16 buf_len;
348 };
349
350 union nxp_set_bd_addr_payload {
351 struct {
352 u8 param_id;
353 u8 param_len;
354 u8 param[6];
355 } __packed data;
356 u8 buf[8];
357 };
358
359 static u8 crc8_table[CRC8_TABLE_SIZE];
360
361 /* Default configurations */
362 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
363 #define DEFAULT_PS_MODE PS_MODE_ENABLE
364 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
365
nxp_drv_send_cmd(struct hci_dev * hdev,u16 opcode,u32 plen,void * param)366 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
367 u32 plen,
368 void *param)
369 {
370 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
371 struct ps_data *psdata = &nxpdev->psdata;
372 struct sk_buff *skb;
373
374 /* set flag to prevent nxp_enqueue from parsing values from this command and
375 * calling hci_cmd_sync_queue() again.
376 */
377 psdata->driver_sent_cmd = true;
378 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
379 psdata->driver_sent_cmd = false;
380
381 return skb;
382 }
383
btnxpuart_tx_wakeup(struct btnxpuart_dev * nxpdev)384 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
385 {
386 if (schedule_work(&nxpdev->tx_work))
387 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
388 }
389
390 /* NXP Power Save Feature */
ps_start_timer(struct btnxpuart_dev * nxpdev)391 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
392 {
393 struct ps_data *psdata = &nxpdev->psdata;
394
395 if (!psdata)
396 return;
397
398 if (psdata->cur_psmode == PS_MODE_ENABLE)
399 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
400
401 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
402 cancel_work_sync(&psdata->work);
403 }
404
ps_cancel_timer(struct btnxpuart_dev * nxpdev)405 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
406 {
407 struct ps_data *psdata = &nxpdev->psdata;
408
409 flush_work(&psdata->work);
410 timer_shutdown_sync(&psdata->ps_timer);
411 }
412
ps_control(struct hci_dev * hdev,u8 ps_state)413 static void ps_control(struct hci_dev *hdev, u8 ps_state)
414 {
415 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
416 struct ps_data *psdata = &nxpdev->psdata;
417 int status = 0;
418
419 if (psdata->ps_state == ps_state ||
420 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
421 return;
422
423 mutex_lock(&psdata->ps_lock);
424 switch (psdata->cur_h2c_wakeupmode) {
425 case WAKEUP_METHOD_GPIO:
426 if (ps_state == PS_STATE_AWAKE)
427 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
428 else
429 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1);
430 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s",
431 str_high_low(ps_state == PS_STATE_SLEEP));
432 break;
433 case WAKEUP_METHOD_DTR:
434 if (ps_state == PS_STATE_AWAKE)
435 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
436 else
437 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
438 break;
439 case WAKEUP_METHOD_BREAK:
440 default:
441 if (ps_state == PS_STATE_AWAKE)
442 status = serdev_device_break_ctl(nxpdev->serdev, 0);
443 else
444 status = serdev_device_break_ctl(nxpdev->serdev, -1);
445 msleep(20); /* Allow chip to detect UART-break and enter sleep */
446 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
447 str_on_off(ps_state == PS_STATE_SLEEP), status);
448 break;
449 }
450 if (!status)
451 psdata->ps_state = ps_state;
452 mutex_unlock(&psdata->ps_lock);
453
454 if (ps_state == PS_STATE_AWAKE)
455 btnxpuart_tx_wakeup(nxpdev);
456 }
457
ps_work_func(struct work_struct * work)458 static void ps_work_func(struct work_struct *work)
459 {
460 struct ps_data *data = container_of(work, struct ps_data, work);
461
462 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
463 ps_control(data->hdev, PS_STATE_SLEEP);
464 else if (data->ps_cmd == PS_CMD_EXIT_PS)
465 ps_control(data->hdev, PS_STATE_AWAKE);
466 }
467
ps_timeout_func(struct timer_list * t)468 static void ps_timeout_func(struct timer_list *t)
469 {
470 struct ps_data *data = timer_container_of(data, t, ps_timer);
471 struct hci_dev *hdev = data->hdev;
472 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
473
474 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
475 ps_start_timer(nxpdev);
476 } else {
477 data->ps_cmd = PS_CMD_ENTER_PS;
478 schedule_work(&data->work);
479 }
480 }
481
ps_host_wakeup_irq_handler(int irq,void * priv)482 static irqreturn_t ps_host_wakeup_irq_handler(int irq, void *priv)
483 {
484 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)priv;
485
486 bt_dev_dbg(nxpdev->hdev, "Host wakeup interrupt");
487 return IRQ_HANDLED;
488 }
ps_setup(struct hci_dev * hdev)489 static int ps_setup(struct hci_dev *hdev)
490 {
491 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
492 struct serdev_device *serdev = nxpdev->serdev;
493 struct ps_data *psdata = &nxpdev->psdata;
494 int ret;
495
496 /* Out-Of-Band Device Wakeup */
497 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup",
498 GPIOD_OUT_LOW);
499 if (IS_ERR(psdata->h2c_ps_gpio)) {
500 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld",
501 PTR_ERR(psdata->h2c_ps_gpio));
502 return PTR_ERR(psdata->h2c_ps_gpio);
503 }
504
505 if (device_property_read_u8(&serdev->dev, "nxp,wakein-pin", &psdata->h2c_wakeup_gpio)) {
506 psdata->h2c_wakeup_gpio = 0xff; /* 0xff: use default pin/gpio */
507 } else if (!psdata->h2c_ps_gpio) {
508 bt_dev_warn(hdev, "nxp,wakein-pin property without device-wakeup-gpios");
509 psdata->h2c_wakeup_gpio = 0xff;
510 }
511
512 /* Out-Of-Band Host Wakeup */
513 if (of_property_read_bool(serdev->dev.of_node, "wakeup-source")) {
514 psdata->irq_handler = of_irq_get_byname(serdev->dev.of_node, "wakeup");
515 bt_dev_info(nxpdev->hdev, "irq_handler: %d", psdata->irq_handler);
516 if (psdata->irq_handler > 0)
517 psdata->wakeup_source = true;
518 }
519
520 if (device_property_read_u8(&serdev->dev, "nxp,wakeout-pin", &psdata->c2h_wakeup_gpio)) {
521 psdata->c2h_wakeup_gpio = 0xff;
522 if (psdata->wakeup_source) {
523 bt_dev_warn(hdev, "host wakeup interrupt without nxp,wakeout-pin");
524 psdata->wakeup_source = false;
525 }
526 } else if (!psdata->wakeup_source) {
527 bt_dev_warn(hdev, "nxp,wakeout-pin property without host wakeup interrupt");
528 psdata->c2h_wakeup_gpio = 0xff;
529 }
530
531 if (psdata->wakeup_source) {
532 ret = devm_request_irq(&serdev->dev, psdata->irq_handler,
533 ps_host_wakeup_irq_handler,
534 IRQF_ONESHOT | IRQF_TRIGGER_FALLING,
535 dev_name(&serdev->dev), nxpdev);
536 if (ret)
537 bt_dev_info(hdev, "error setting wakeup IRQ handler, ignoring\n");
538 disable_irq(psdata->irq_handler);
539 device_init_wakeup(&serdev->dev, true);
540 }
541
542 psdata->hdev = hdev;
543 INIT_WORK(&psdata->work, ps_work_func);
544 mutex_init(&psdata->ps_lock);
545 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
546
547 return 0;
548 }
549
ps_wakeup(struct btnxpuart_dev * nxpdev)550 static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
551 {
552 struct ps_data *psdata = &nxpdev->psdata;
553 u8 ps_state;
554
555 mutex_lock(&psdata->ps_lock);
556 ps_state = psdata->ps_state;
557 mutex_unlock(&psdata->ps_lock);
558
559 if (ps_state != PS_STATE_AWAKE) {
560 psdata->ps_cmd = PS_CMD_EXIT_PS;
561 schedule_work(&psdata->work);
562 return true;
563 }
564 return false;
565 }
566
ps_cleanup(struct btnxpuart_dev * nxpdev)567 static void ps_cleanup(struct btnxpuart_dev *nxpdev)
568 {
569 struct ps_data *psdata = &nxpdev->psdata;
570 u8 ps_state;
571
572 mutex_lock(&psdata->ps_lock);
573 ps_state = psdata->ps_state;
574 mutex_unlock(&psdata->ps_lock);
575
576 if (ps_state != PS_STATE_AWAKE)
577 ps_control(psdata->hdev, PS_STATE_AWAKE);
578
579 ps_cancel_timer(nxpdev);
580 cancel_work_sync(&psdata->work);
581 mutex_destroy(&psdata->ps_lock);
582 }
583
send_ps_cmd(struct hci_dev * hdev,void * data)584 static int send_ps_cmd(struct hci_dev *hdev, void *data)
585 {
586 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
587 struct ps_data *psdata = &nxpdev->psdata;
588 struct psmode_cmd_payload pcmd;
589 struct sk_buff *skb;
590 u8 *status;
591
592 if (psdata->target_ps_mode == PS_MODE_ENABLE)
593 pcmd.ps_cmd = BT_PS_ENABLE;
594 else
595 pcmd.ps_cmd = BT_PS_DISABLE;
596 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
597
598 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
599 if (IS_ERR(skb)) {
600 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
601 return PTR_ERR(skb);
602 }
603
604 status = skb_pull_data(skb, 1);
605 if (status) {
606 if (!*status)
607 psdata->cur_psmode = psdata->target_ps_mode;
608 else
609 psdata->target_ps_mode = psdata->cur_psmode;
610 if (psdata->cur_psmode == PS_MODE_ENABLE)
611 ps_start_timer(nxpdev);
612 else
613 ps_wakeup(nxpdev);
614 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
615 *status, psdata->cur_psmode);
616 }
617 kfree_skb(skb);
618
619 return 0;
620 }
621
send_wakeup_method_cmd(struct hci_dev * hdev,void * data)622 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
623 {
624 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
625 struct ps_data *psdata = &nxpdev->psdata;
626 struct wakeup_cmd_payload pcmd;
627 struct sk_buff *skb;
628 u8 *status;
629
630 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
631 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
632 pcmd.h2c_wakeup_gpio = 0xff;
633 switch (psdata->h2c_wakeupmode) {
634 case WAKEUP_METHOD_GPIO:
635 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO;
636 pcmd.h2c_wakeup_gpio = psdata->h2c_wakeup_gpio;
637 break;
638 case WAKEUP_METHOD_DTR:
639 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
640 break;
641 case WAKEUP_METHOD_BREAK:
642 default:
643 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
644 break;
645 }
646
647 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
648 if (IS_ERR(skb)) {
649 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
650 return PTR_ERR(skb);
651 }
652
653 status = skb_pull_data(skb, 1);
654 if (status) {
655 if (*status == 0)
656 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
657 else
658 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
659 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
660 *status, psdata->cur_h2c_wakeupmode);
661 }
662 kfree_skb(skb);
663
664 return 0;
665 }
666
ps_init(struct hci_dev * hdev)667 static void ps_init(struct hci_dev *hdev)
668 {
669 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
670 struct ps_data *psdata = &nxpdev->psdata;
671 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE;
672
673 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
674 usleep_range(5000, 10000);
675 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
676 usleep_range(5000, 10000);
677
678 psdata->ps_state = PS_STATE_AWAKE;
679
680 if (psdata->c2h_wakeup_gpio != 0xff)
681 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_GPIO;
682 else
683 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
684
685 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
686 if (psdata->h2c_ps_gpio)
687 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO;
688
689 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
690
691 switch (default_h2c_wakeup_mode) {
692 case WAKEUP_METHOD_GPIO:
693 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
694 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
695 usleep_range(5000, 10000);
696 break;
697 case WAKEUP_METHOD_DTR:
698 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
699 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
700 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
701 break;
702 case WAKEUP_METHOD_BREAK:
703 default:
704 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
705 serdev_device_break_ctl(nxpdev->serdev, -1);
706 usleep_range(5000, 10000);
707 serdev_device_break_ctl(nxpdev->serdev, 0);
708 usleep_range(5000, 10000);
709 break;
710 }
711
712 psdata->cur_psmode = PS_MODE_DISABLE;
713 psdata->target_ps_mode = DEFAULT_PS_MODE;
714 }
715
716 /* NXP Firmware Download Feature */
nxp_download_firmware(struct hci_dev * hdev)717 static int nxp_download_firmware(struct hci_dev *hdev)
718 {
719 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
720 int err = 0;
721
722 nxpdev->fw_dnld_v1_offset = 0;
723 nxpdev->fw_v1_sent_bytes = 0;
724 nxpdev->fw_v1_expected_len = HDR_LEN;
725 nxpdev->boot_reg_offset = 0;
726 nxpdev->fw_dnld_v3_offset = 0;
727 nxpdev->fw_v3_offset_correction = 0;
728 nxpdev->baudrate_changed = not_changed;
729 nxpdev->timeout_changed = not_changed;
730 nxpdev->helper_downloaded = false;
731
732 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
733 serdev_device_set_flow_control(nxpdev->serdev, false);
734 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
735
736 /* Wait till FW is downloaded */
737 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
738 !test_bit(BTNXPUART_FW_DOWNLOADING,
739 &nxpdev->tx_state),
740 msecs_to_jiffies(60000));
741
742 if (nxpdev->fw && strlen(nxpdev->fw_name)) {
743 release_firmware(nxpdev->fw);
744 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
745 }
746
747 if (err == 0) {
748 bt_dev_err(hdev, "FW Download Timeout. offset: %d",
749 nxpdev->fw_dnld_v1_offset ?
750 nxpdev->fw_dnld_v1_offset :
751 nxpdev->fw_dnld_v3_offset);
752 return -ETIMEDOUT;
753 }
754 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
755 bt_dev_err(hdev, "FW Download Aborted");
756 return -EINTR;
757 }
758
759 serdev_device_set_flow_control(nxpdev->serdev, true);
760
761 /* Allow the downloaded FW to initialize */
762 msleep(1200);
763
764 return 0;
765 }
766
nxp_send_ack(u8 ack,struct hci_dev * hdev)767 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
768 {
769 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
770 u8 ack_nak[2];
771 int len = 1;
772
773 ack_nak[0] = ack;
774 if (ack == NXP_ACK_V3) {
775 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
776 len = 2;
777 }
778 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
779 }
780
nxp_fw_change_baudrate(struct hci_dev * hdev,u16 req_len)781 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
782 {
783 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
784 struct nxp_bootloader_cmd nxp_cmd5;
785 struct uart_config uart_config;
786 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
787 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
788 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
789 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
790 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
791 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
792
793 if (req_len == sizeof(nxp_cmd5)) {
794 nxp_cmd5.header = __cpu_to_le32(5);
795 nxp_cmd5.arg = 0;
796 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
797 /* FW expects swapped CRC bytes */
798 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
799 sizeof(nxp_cmd5) - 4));
800
801 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
802 nxpdev->fw_v3_offset_correction += req_len;
803 } else if (req_len == sizeof(uart_config)) {
804 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
805 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
806 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
807 uart_config.uartdiv.value = __cpu_to_le32(1);
808 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
809 uart_config.mcr.value = __cpu_to_le32(MCR);
810 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
811 uart_config.re_init.value = __cpu_to_le32(INIT);
812 uart_config.icr.address = __cpu_to_le32(uarticraddr);
813 uart_config.icr.value = __cpu_to_le32(ICR);
814 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
815 uart_config.fcr.value = __cpu_to_le32(FCR);
816 /* FW expects swapped CRC bytes */
817 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
818 sizeof(uart_config) - 4));
819
820 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
821 serdev_device_wait_until_sent(nxpdev->serdev, 0);
822 nxpdev->fw_v3_offset_correction += req_len;
823 return true;
824 }
825 return false;
826 }
827
nxp_fw_change_timeout(struct hci_dev * hdev,u16 req_len)828 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
829 {
830 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
831 struct nxp_bootloader_cmd nxp_cmd7;
832
833 if (req_len != sizeof(nxp_cmd7))
834 return false;
835
836 nxp_cmd7.header = __cpu_to_le32(7);
837 nxp_cmd7.arg = __cpu_to_le32(0x70);
838 nxp_cmd7.payload_len = 0;
839 /* FW expects swapped CRC bytes */
840 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
841 sizeof(nxp_cmd7) - 4));
842 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
843 serdev_device_wait_until_sent(nxpdev->serdev, 0);
844 nxpdev->fw_v3_offset_correction += req_len;
845 return true;
846 }
847
nxp_get_data_len(const u8 * buf)848 static u32 nxp_get_data_len(const u8 *buf)
849 {
850 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
851
852 return __le32_to_cpu(hdr->payload_len);
853 }
854
is_fw_downloading(struct btnxpuart_dev * nxpdev)855 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
856 {
857 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
858 }
859
ind_reset_in_progress(struct btnxpuart_dev * nxpdev)860 static bool ind_reset_in_progress(struct btnxpuart_dev *nxpdev)
861 {
862 return test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
863 }
864
fw_dump_in_progress(struct btnxpuart_dev * nxpdev)865 static bool fw_dump_in_progress(struct btnxpuart_dev *nxpdev)
866 {
867 return test_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state);
868 }
869
process_boot_signature(struct btnxpuart_dev * nxpdev)870 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
871 {
872 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
873 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
874 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
875 return false;
876 }
877 return is_fw_downloading(nxpdev);
878 }
879
nxp_request_firmware(struct hci_dev * hdev,const char * fw_name,const char * fw_name_old)880 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name,
881 const char *fw_name_old)
882 {
883 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
884 const char *fw_name_dt;
885 int err = 0;
886
887 if (!fw_name)
888 return -ENOENT;
889
890 if (!strlen(nxpdev->fw_name)) {
891 if (strcmp(fw_name, FIRMWARE_HELPER) &&
892 !device_property_read_string(&nxpdev->serdev->dev,
893 "firmware-name",
894 &fw_name_dt))
895 fw_name = fw_name_dt;
896 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name);
897 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
898 if (err < 0 && fw_name_old) {
899 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old);
900 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
901 }
902
903 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name);
904 if (err < 0) {
905 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
906 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
907 }
908 }
909 return err;
910 }
911
912 /* for legacy chipsets with V1 bootloader */
nxp_recv_chip_ver_v1(struct hci_dev * hdev,struct sk_buff * skb)913 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
914 {
915 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
916 struct v1_start_ind *req;
917 __u16 chip_id;
918
919 req = skb_pull_data(skb, sizeof(*req));
920 if (!req)
921 goto free_skb;
922
923 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
924 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
925 nxpdev->fw_dnld_v1_offset = 0;
926 nxpdev->fw_v1_sent_bytes = 0;
927 nxpdev->fw_v1_expected_len = HDR_LEN;
928 release_firmware(nxpdev->fw);
929 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
930 nxp_send_ack(NXP_ACK_V1, hdev);
931 }
932
933 free_skb:
934 kfree_skb(skb);
935 return 0;
936 }
937
nxp_recv_fw_req_v1(struct hci_dev * hdev,struct sk_buff * skb)938 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
939 {
940 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
941 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
942 struct v1_data_req *req;
943 __u16 len;
944
945 if (!process_boot_signature(nxpdev))
946 goto free_skb;
947
948 req = skb_pull_data(skb, sizeof(*req));
949 if (!req)
950 goto free_skb;
951
952 len = __le16_to_cpu(req->len ^ req->len_comp);
953 if (len != 0xffff) {
954 bt_dev_dbg(hdev, "ERR: Send NAK");
955 nxp_send_ack(NXP_NAK_V1, hdev);
956 goto free_skb;
957 }
958 nxp_send_ack(NXP_ACK_V1, hdev);
959
960 len = __le16_to_cpu(req->len);
961
962 if (!nxp_data->helper_fw_name) {
963 if (nxpdev->timeout_changed != changed) {
964 nxp_fw_change_timeout(hdev, len);
965 nxpdev->timeout_changed = changed;
966 goto free_skb;
967 }
968 if (nxpdev->baudrate_changed != changed) {
969 if (nxp_fw_change_baudrate(hdev, len)) {
970 nxpdev->baudrate_changed = changed;
971 serdev_device_set_baudrate(nxpdev->serdev,
972 HCI_NXP_SEC_BAUDRATE);
973 serdev_device_set_flow_control(nxpdev->serdev, true);
974 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
975 }
976 goto free_skb;
977 }
978 }
979
980 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
981 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old))
982 goto free_skb;
983 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
984 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL))
985 goto free_skb;
986 }
987
988 if (!len) {
989 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
990 nxpdev->fw->size);
991 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
992 nxpdev->helper_downloaded = true;
993 serdev_device_wait_until_sent(nxpdev->serdev, 0);
994 serdev_device_set_baudrate(nxpdev->serdev,
995 HCI_NXP_SEC_BAUDRATE);
996 serdev_device_set_flow_control(nxpdev->serdev, true);
997 } else {
998 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
999 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1000 }
1001 goto free_skb;
1002 }
1003 if (len & 0x01) {
1004 /* The CRC did not match at the other end.
1005 * Simply send the same bytes again.
1006 */
1007 len = nxpdev->fw_v1_sent_bytes;
1008 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
1009 } else {
1010 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
1011
1012 /* The FW bin file is made up of many blocks of
1013 * 16 byte header and payload data chunks. If the
1014 * FW has requested a header, read the payload length
1015 * info from the header, before sending the header.
1016 * In the next iteration, the FW should request the
1017 * payload data chunk, which should be equal to the
1018 * payload length read from header. If there is a
1019 * mismatch, clearly the driver and FW are out of sync,
1020 * and we need to re-send the previous header again.
1021 */
1022 if (len == nxpdev->fw_v1_expected_len) {
1023 if (len == HDR_LEN)
1024 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
1025 nxpdev->fw_dnld_v1_offset);
1026 else
1027 nxpdev->fw_v1_expected_len = HDR_LEN;
1028 } else if (len == HDR_LEN) {
1029 /* FW download out of sync. Send previous chunk again */
1030 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
1031 nxpdev->fw_v1_expected_len = HDR_LEN;
1032 }
1033 }
1034
1035 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
1036 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1037 nxpdev->fw_dnld_v1_offset, len);
1038 nxpdev->fw_v1_sent_bytes = len;
1039
1040 free_skb:
1041 kfree_skb(skb);
1042 return 0;
1043 }
1044
nxp_get_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)1045 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1046 u8 loader_ver)
1047 {
1048 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1049 char *fw_name = NULL;
1050
1051 switch (chipid) {
1052 case CHIP_ID_W9098:
1053 fw_name = FIRMWARE_W9098;
1054 break;
1055 case CHIP_ID_IW416:
1056 fw_name = FIRMWARE_IW416;
1057 break;
1058 case CHIP_ID_IW612:
1059 fw_name = FIRMWARE_IW612;
1060 break;
1061 case CHIP_ID_IW624a:
1062 case CHIP_ID_IW624c:
1063 nxpdev->boot_reg_offset = 1;
1064 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1065 fw_name = FIRMWARE_IW624;
1066 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1067 fw_name = FIRMWARE_SECURE_IW624;
1068 else
1069 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1070 break;
1071 case CHIP_ID_AW693a0:
1072 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1073 fw_name = FIRMWARE_AW693;
1074 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1075 fw_name = FIRMWARE_SECURE_AW693;
1076 else
1077 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1078 break;
1079 case CHIP_ID_AW693a1:
1080 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1081 fw_name = FIRMWARE_AW693_A1;
1082 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1083 fw_name = FIRMWARE_SECURE_AW693_A1;
1084 else
1085 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1086 break;
1087 case CHIP_ID_IW610a0:
1088 case CHIP_ID_IW610a1:
1089 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
1090 fw_name = FIRMWARE_IW610;
1091 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
1092 fw_name = FIRMWARE_SECURE_IW610;
1093 else
1094 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
1095 break;
1096 default:
1097 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
1098 break;
1099 }
1100 return fw_name;
1101 }
1102
nxp_get_old_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)1103 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1104 u8 loader_ver)
1105 {
1106 char *fw_name_old = NULL;
1107
1108 switch (chipid) {
1109 case CHIP_ID_W9098:
1110 fw_name_old = FIRMWARE_W9098_OLD;
1111 break;
1112 case CHIP_ID_IW416:
1113 fw_name_old = FIRMWARE_IW416_OLD;
1114 break;
1115 }
1116 return fw_name_old;
1117 }
1118
nxp_recv_chip_ver_v3(struct hci_dev * hdev,struct sk_buff * skb)1119 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
1120 {
1121 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
1122 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1123 const char *fw_name;
1124 const char *fw_name_old;
1125 u16 chip_id;
1126 u8 loader_ver;
1127
1128 if (!process_boot_signature(nxpdev))
1129 goto free_skb;
1130
1131 chip_id = le16_to_cpu(req->chip_id);
1132 loader_ver = req->loader_ver;
1133 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver);
1134 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver);
1135 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver);
1136 if (!nxp_request_firmware(hdev, fw_name, fw_name_old))
1137 nxp_send_ack(NXP_ACK_V3, hdev);
1138
1139 free_skb:
1140 kfree_skb(skb);
1141 return 0;
1142 }
1143
nxp_handle_fw_download_error(struct hci_dev * hdev,struct v3_data_req * req)1144 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
1145 {
1146 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1147 __u32 offset = __le32_to_cpu(req->offset);
1148 __u16 err = __le16_to_cpu(req->error);
1149 union nxp_v3_rx_timeout_nak_u timeout_nak_buf;
1150 union nxp_v3_crc_nak_u crc_nak_buf;
1151
1152 if (err & NXP_CRC_RX_ERROR) {
1153 crc_nak_buf.pkt.nak = NXP_CRC_ERROR_V3;
1154 crc_nak_buf.pkt.crc = crc8(crc8_table, crc_nak_buf.buf,
1155 sizeof(crc_nak_buf) - 1, 0xff);
1156 serdev_device_write_buf(nxpdev->serdev, crc_nak_buf.buf,
1157 sizeof(crc_nak_buf));
1158 } else if (err & NXP_ACK_RX_TIMEOUT ||
1159 err & NXP_HDR_RX_TIMEOUT ||
1160 err & NXP_DATA_RX_TIMEOUT) {
1161 timeout_nak_buf.pkt.nak = NXP_NAK_V3;
1162 timeout_nak_buf.pkt.offset = __cpu_to_le32(offset);
1163 timeout_nak_buf.pkt.crc = crc8(crc8_table, timeout_nak_buf.buf,
1164 sizeof(timeout_nak_buf) - 1, 0xff);
1165 serdev_device_write_buf(nxpdev->serdev, timeout_nak_buf.buf,
1166 sizeof(timeout_nak_buf));
1167 } else {
1168 bt_dev_err(hdev, "Unknown bootloader error code: %d", err);
1169 }
1170 }
1171
nxp_recv_fw_req_v3(struct hci_dev * hdev,struct sk_buff * skb)1172 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
1173 {
1174 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1175 struct v3_data_req *req;
1176 __u16 len = 0;
1177 __u16 err = 0;
1178 __u32 offset;
1179
1180 if (!process_boot_signature(nxpdev))
1181 goto free_skb;
1182
1183 req = skb_pull_data(skb, sizeof(*req));
1184 if (!req || !nxpdev->fw)
1185 goto free_skb;
1186
1187 err = __le16_to_cpu(req->error);
1188
1189 if (!err) {
1190 nxp_send_ack(NXP_ACK_V3, hdev);
1191 if (nxpdev->timeout_changed == cmd_sent)
1192 nxpdev->timeout_changed = changed;
1193 if (nxpdev->baudrate_changed == cmd_sent)
1194 nxpdev->baudrate_changed = changed;
1195 } else {
1196 nxp_handle_fw_download_error(hdev, req);
1197 if (nxpdev->timeout_changed == cmd_sent &&
1198 err == NXP_CRC_RX_ERROR) {
1199 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent;
1200 nxpdev->timeout_changed = not_changed;
1201 }
1202 if (nxpdev->baudrate_changed == cmd_sent &&
1203 err == NXP_CRC_RX_ERROR) {
1204 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent;
1205 nxpdev->baudrate_changed = not_changed;
1206 }
1207 goto free_skb;
1208 }
1209
1210 len = __le16_to_cpu(req->len);
1211
1212 if (nxpdev->timeout_changed != changed) {
1213 nxp_fw_change_timeout(hdev, len);
1214 nxpdev->timeout_changed = cmd_sent;
1215 goto free_skb;
1216 }
1217
1218 if (nxpdev->baudrate_changed != changed) {
1219 if (nxp_fw_change_baudrate(hdev, len)) {
1220 nxpdev->baudrate_changed = cmd_sent;
1221 serdev_device_set_baudrate(nxpdev->serdev,
1222 HCI_NXP_SEC_BAUDRATE);
1223 serdev_device_set_flow_control(nxpdev->serdev, true);
1224 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
1225 }
1226 goto free_skb;
1227 }
1228
1229 if (req->len == 0) {
1230 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1231 nxpdev->fw->size);
1232 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1233 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1234 goto free_skb;
1235 }
1236
1237 offset = __le32_to_cpu(req->offset);
1238 if (offset < nxpdev->fw_v3_offset_correction) {
1239 /* This scenario should ideally never occur. But if it ever does,
1240 * FW is out of sync and needs a power cycle.
1241 */
1242 bt_dev_err(hdev, "Something went wrong during FW download");
1243 bt_dev_err(hdev, "Please power cycle and try again");
1244 goto free_skb;
1245 }
1246
1247 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1248 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1249 nxpdev->fw_dnld_v3_offset, len);
1250
1251 free_skb:
1252 nxpdev->fw_v3_prev_sent = len;
1253 kfree_skb(skb);
1254 return 0;
1255 }
1256
nxp_set_baudrate_cmd(struct hci_dev * hdev,void * data)1257 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1258 {
1259 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1260 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1261 struct ps_data *psdata = &nxpdev->psdata;
1262 struct sk_buff *skb;
1263 u8 *status;
1264
1265 if (!psdata)
1266 return 0;
1267
1268 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1269 if (IS_ERR(skb)) {
1270 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1271 return PTR_ERR(skb);
1272 }
1273
1274 status = (u8 *)skb_pull_data(skb, 1);
1275 if (status) {
1276 if (*status == 0) {
1277 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1278 nxpdev->current_baudrate = nxpdev->new_baudrate;
1279 }
1280 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1281 *status, nxpdev->new_baudrate);
1282 }
1283 kfree_skb(skb);
1284
1285 return 0;
1286 }
1287
nxp_check_boot_sign(struct btnxpuart_dev * nxpdev)1288 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1289 {
1290 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1291 if (ind_reset_in_progress(nxpdev))
1292 serdev_device_set_flow_control(nxpdev->serdev, false);
1293 else
1294 serdev_device_set_flow_control(nxpdev->serdev, true);
1295 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1296
1297 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1298 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1299 &nxpdev->tx_state),
1300 msecs_to_jiffies(1000));
1301 }
1302
nxp_set_ind_reset(struct hci_dev * hdev,void * data)1303 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1304 {
1305 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1306 0x01, BTNXPUART_IR_HW_ERR };
1307 struct sk_buff *skb;
1308
1309 skb = bt_skb_alloc(3, GFP_ATOMIC);
1310 if (!skb)
1311 return -ENOMEM;
1312
1313 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1314 skb_put_data(skb, ir_hw_err, 3);
1315
1316 /* Inject Hardware Error to upper stack */
1317 return hci_recv_frame(hdev, skb);
1318 }
1319
1320 /* Firmware dump */
nxp_coredump(struct hci_dev * hdev)1321 static void nxp_coredump(struct hci_dev *hdev)
1322 {
1323 struct sk_buff *skb;
1324 u8 pcmd = 2;
1325
1326 skb = nxp_drv_send_cmd(hdev, HCI_NXP_TRIGGER_DUMP, 1, &pcmd);
1327 if (IS_ERR(skb))
1328 bt_dev_err(hdev, "Failed to trigger FW Dump. (%ld)", PTR_ERR(skb));
1329 else
1330 kfree_skb(skb);
1331 }
1332
nxp_coredump_hdr(struct hci_dev * hdev,struct sk_buff * skb)1333 static void nxp_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
1334 {
1335 /* Nothing to be added in FW dump header */
1336 }
1337
nxp_process_fw_dump(struct hci_dev * hdev,struct sk_buff * skb)1338 static int nxp_process_fw_dump(struct hci_dev *hdev, struct sk_buff *skb)
1339 {
1340 struct hci_acl_hdr *acl_hdr = (struct hci_acl_hdr *)skb_pull_data(skb,
1341 sizeof(*acl_hdr));
1342 struct nxp_fw_dump_hdr *fw_dump_hdr = (struct nxp_fw_dump_hdr *)skb->data;
1343 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1344 __u16 seq_num = __le16_to_cpu(fw_dump_hdr->seq_num);
1345 __u16 buf_len = __le16_to_cpu(fw_dump_hdr->buf_len);
1346 int err;
1347
1348 if (seq_num == 0x0001) {
1349 if (test_and_set_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state)) {
1350 bt_dev_err(hdev, "FW dump already in progress");
1351 goto free_skb;
1352 }
1353 bt_dev_warn(hdev, "==== Start FW dump ===");
1354 err = hci_devcd_init(hdev, NXP_FW_DUMP_SIZE);
1355 if (err < 0)
1356 goto free_skb;
1357
1358 schedule_delayed_work(&hdev->dump.dump_timeout,
1359 msecs_to_jiffies(20000));
1360 }
1361
1362 err = hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC));
1363 if (err < 0)
1364 goto free_skb;
1365
1366 if (buf_len == 0) {
1367 bt_dev_warn(hdev, "==== FW dump complete ===");
1368 clear_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state);
1369 hci_devcd_complete(hdev);
1370 nxp_set_ind_reset(hdev, NULL);
1371 }
1372
1373 free_skb:
1374 kfree_skb(skb);
1375 return 0;
1376 }
1377
nxp_recv_acl_pkt(struct hci_dev * hdev,struct sk_buff * skb)1378 static int nxp_recv_acl_pkt(struct hci_dev *hdev, struct sk_buff *skb)
1379 {
1380 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle);
1381
1382 /* FW dump chunks are ACL packets with conn handle 0xfff */
1383 if ((handle & 0x0FFF) == 0xFFF)
1384 return nxp_process_fw_dump(hdev, skb);
1385 else
1386 return hci_recv_frame(hdev, skb);
1387 }
1388
nxp_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)1389 static int nxp_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1390 {
1391 union nxp_set_bd_addr_payload pcmd;
1392 int err;
1393
1394 pcmd.data.param_id = 0xfe;
1395 pcmd.data.param_len = 6;
1396 memcpy(pcmd.data.param, bdaddr, 6);
1397
1398 /* BD address can be assigned only after first reset command. */
1399 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL,
1400 HCI_INIT_TIMEOUT);
1401 if (err) {
1402 bt_dev_err(hdev,
1403 "Reset before setting local-bd-addr failed (%d)",
1404 err);
1405 return err;
1406 }
1407
1408 err = __hci_cmd_sync_status(hdev, HCI_NXP_SET_BD_ADDR, sizeof(pcmd),
1409 pcmd.buf, HCI_CMD_TIMEOUT);
1410 if (err) {
1411 bt_dev_err(hdev, "Changing device address failed (%d)", err);
1412 return err;
1413 }
1414
1415 return 0;
1416 }
1417
1418 /* NXP protocol */
nxp_setup(struct hci_dev * hdev)1419 static int nxp_setup(struct hci_dev *hdev)
1420 {
1421 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1422 int err = 0;
1423
1424 if (nxp_check_boot_sign(nxpdev)) {
1425 bt_dev_dbg(hdev, "Need FW Download.");
1426 err = nxp_download_firmware(hdev);
1427 if (err < 0)
1428 return err;
1429 } else {
1430 bt_dev_info(hdev, "FW already running.");
1431 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1432 }
1433
1434 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1435 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1436
1437 ps_init(hdev);
1438
1439 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1440 hci_dev_clear_flag(hdev, HCI_SETUP);
1441
1442 return 0;
1443 }
1444
nxp_post_init(struct hci_dev * hdev)1445 static int nxp_post_init(struct hci_dev *hdev)
1446 {
1447 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1448 struct ps_data *psdata = &nxpdev->psdata;
1449
1450 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1451 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1452 nxp_set_baudrate_cmd(hdev, NULL);
1453 }
1454 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
1455 send_wakeup_method_cmd(hdev, NULL);
1456 if (psdata->cur_psmode != psdata->target_ps_mode)
1457 send_ps_cmd(hdev, NULL);
1458 return 0;
1459 }
1460
nxp_hw_err(struct hci_dev * hdev,u8 code)1461 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1462 {
1463 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1464
1465 switch (code) {
1466 case BTNXPUART_IR_HW_ERR:
1467 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1468 hci_dev_set_flag(hdev, HCI_SETUP);
1469 break;
1470 default:
1471 break;
1472 }
1473 }
1474
nxp_shutdown(struct hci_dev * hdev)1475 static int nxp_shutdown(struct hci_dev *hdev)
1476 {
1477 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1478 struct sk_buff *skb;
1479 u8 pcmd = 0;
1480
1481 if (ind_reset_in_progress(nxpdev)) {
1482 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1483 serdev_device_set_flow_control(nxpdev->serdev, false);
1484 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1485 /* HCI_NXP_IND_RESET command may not returns any response */
1486 if (!IS_ERR(skb))
1487 kfree_skb(skb);
1488 }
1489
1490 return 0;
1491 }
1492
nxp_wakeup(struct hci_dev * hdev)1493 static bool nxp_wakeup(struct hci_dev *hdev)
1494 {
1495 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1496 struct ps_data *psdata = &nxpdev->psdata;
1497
1498 if (psdata->c2h_wakeupmode != BT_HOST_WAKEUP_METHOD_NONE)
1499 return true;
1500
1501 return false;
1502 }
1503
nxp_reset(struct hci_dev * hdev)1504 static void nxp_reset(struct hci_dev *hdev)
1505 {
1506 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1507
1508 if (!ind_reset_in_progress(nxpdev) && !fw_dump_in_progress(nxpdev)) {
1509 bt_dev_dbg(hdev, "CMD Timeout detected. Resetting.");
1510 nxp_set_ind_reset(hdev, NULL);
1511 }
1512 }
1513
btnxpuart_queue_skb(struct hci_dev * hdev,struct sk_buff * skb)1514 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1515 {
1516 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1517
1518 /* Prepend skb with frame type */
1519 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1520 skb_queue_tail(&nxpdev->txq, skb);
1521 btnxpuart_tx_wakeup(nxpdev);
1522 return 0;
1523 }
1524
nxp_enqueue(struct hci_dev * hdev,struct sk_buff * skb)1525 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1526 {
1527 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1528 struct ps_data *psdata = &nxpdev->psdata;
1529 struct hci_command_hdr *hdr;
1530 struct psmode_cmd_payload ps_parm;
1531 struct wakeup_cmd_payload wakeup_parm;
1532 __le32 baudrate_parm;
1533
1534 if (fw_dump_in_progress(nxpdev))
1535 return -EBUSY;
1536
1537 /* if vendor commands are received from user space (e.g. hcitool), update
1538 * driver flags accordingly and ask driver to re-send the command to FW.
1539 * In case the payload for any command does not match expected payload
1540 * length, let the firmware and user space program handle it, or throw
1541 * an error.
1542 */
1543 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1544 hdr = (struct hci_command_hdr *)skb->data;
1545 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1546 return btnxpuart_queue_skb(hdev, skb);
1547
1548 switch (__le16_to_cpu(hdr->opcode)) {
1549 case HCI_NXP_AUTO_SLEEP_MODE:
1550 if (hdr->plen == sizeof(ps_parm)) {
1551 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1552 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1553 psdata->target_ps_mode = PS_MODE_ENABLE;
1554 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1555 psdata->target_ps_mode = PS_MODE_DISABLE;
1556 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1557 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1558 goto free_skb;
1559 }
1560 break;
1561 case HCI_NXP_WAKEUP_METHOD:
1562 if (hdr->plen == sizeof(wakeup_parm)) {
1563 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1564 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1565 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1566 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1567 switch (wakeup_parm.h2c_wakeupmode) {
1568 case BT_CTRL_WAKEUP_METHOD_GPIO:
1569 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
1570 break;
1571 case BT_CTRL_WAKEUP_METHOD_DSR:
1572 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1573 break;
1574 case BT_CTRL_WAKEUP_METHOD_BREAK:
1575 default:
1576 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1577 break;
1578 }
1579 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1580 goto free_skb;
1581 }
1582 break;
1583 case HCI_NXP_SET_OPER_SPEED:
1584 if (hdr->plen == sizeof(baudrate_parm)) {
1585 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1586 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1587 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1588 goto free_skb;
1589 }
1590 break;
1591 case HCI_NXP_IND_RESET:
1592 if (hdr->plen == 1) {
1593 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1594 goto free_skb;
1595 }
1596 break;
1597 default:
1598 break;
1599 }
1600 }
1601
1602 return btnxpuart_queue_skb(hdev, skb);
1603
1604 free_skb:
1605 kfree_skb(skb);
1606 return 0;
1607 }
1608
nxp_dequeue(void * data)1609 static struct sk_buff *nxp_dequeue(void *data)
1610 {
1611 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1612
1613 ps_start_timer(nxpdev);
1614 return skb_dequeue(&nxpdev->txq);
1615 }
1616
1617 /* btnxpuart based on serdev */
btnxpuart_tx_work(struct work_struct * work)1618 static void btnxpuart_tx_work(struct work_struct *work)
1619 {
1620 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1621 tx_work);
1622 struct serdev_device *serdev = nxpdev->serdev;
1623 struct hci_dev *hdev = nxpdev->hdev;
1624 struct sk_buff *skb;
1625 int len;
1626
1627 if (ps_wakeup(nxpdev))
1628 return;
1629
1630 while ((skb = nxp_dequeue(nxpdev))) {
1631 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1632 hdev->stat.byte_tx += len;
1633
1634 skb_pull(skb, len);
1635 if (skb->len > 0) {
1636 skb_queue_head(&nxpdev->txq, skb);
1637 continue;
1638 }
1639
1640 switch (hci_skb_pkt_type(skb)) {
1641 case HCI_COMMAND_PKT:
1642 hdev->stat.cmd_tx++;
1643 break;
1644 case HCI_ACLDATA_PKT:
1645 hdev->stat.acl_tx++;
1646 break;
1647 case HCI_SCODATA_PKT:
1648 hdev->stat.sco_tx++;
1649 break;
1650 }
1651
1652 kfree_skb(skb);
1653 }
1654 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1655 }
1656
btnxpuart_open(struct hci_dev * hdev)1657 static int btnxpuart_open(struct hci_dev *hdev)
1658 {
1659 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1660 int err = 0;
1661
1662 err = serdev_device_open(nxpdev->serdev);
1663 if (err) {
1664 bt_dev_err(hdev, "Unable to open UART device %s",
1665 dev_name(&nxpdev->serdev->dev));
1666 } else {
1667 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1668 }
1669 return err;
1670 }
1671
btnxpuart_close(struct hci_dev * hdev)1672 static int btnxpuart_close(struct hci_dev *hdev)
1673 {
1674 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1675
1676 serdev_device_close(nxpdev->serdev);
1677 skb_queue_purge(&nxpdev->txq);
1678 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1679 kfree_skb(nxpdev->rx_skb);
1680 nxpdev->rx_skb = NULL;
1681 }
1682 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1683 return 0;
1684 }
1685
btnxpuart_flush(struct hci_dev * hdev)1686 static int btnxpuart_flush(struct hci_dev *hdev)
1687 {
1688 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1689
1690 /* Flush any pending characters */
1691 serdev_device_write_flush(nxpdev->serdev);
1692 skb_queue_purge(&nxpdev->txq);
1693
1694 cancel_work_sync(&nxpdev->tx_work);
1695
1696 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1697 kfree_skb(nxpdev->rx_skb);
1698 nxpdev->rx_skb = NULL;
1699 }
1700
1701 return 0;
1702 }
1703
1704 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1705 { H4_RECV_ACL, .recv = nxp_recv_acl_pkt },
1706 { H4_RECV_SCO, .recv = hci_recv_frame },
1707 { H4_RECV_EVENT, .recv = hci_recv_frame },
1708 { H4_RECV_ISO, .recv = hci_recv_frame },
1709 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1710 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1711 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1712 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1713 };
1714
btnxpuart_receive_buf(struct serdev_device * serdev,const u8 * data,size_t count)1715 static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1716 const u8 *data, size_t count)
1717 {
1718 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1719
1720 ps_start_timer(nxpdev);
1721
1722 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1723 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1724 if (IS_ERR(nxpdev->rx_skb)) {
1725 int err = PTR_ERR(nxpdev->rx_skb);
1726 /* Safe to ignore out-of-sync bootloader signatures */
1727 if (!is_fw_downloading(nxpdev) &&
1728 !ind_reset_in_progress(nxpdev))
1729 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1730 return count;
1731 }
1732 if (!is_fw_downloading(nxpdev) &&
1733 !ind_reset_in_progress(nxpdev))
1734 nxpdev->hdev->stat.byte_rx += count;
1735 return count;
1736 }
1737
btnxpuart_write_wakeup(struct serdev_device * serdev)1738 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1739 {
1740 serdev_device_write_wakeup(serdev);
1741 }
1742
1743 static const struct serdev_device_ops btnxpuart_client_ops = {
1744 .receive_buf = btnxpuart_receive_buf,
1745 .write_wakeup = btnxpuart_write_wakeup,
1746 };
1747
nxp_serdev_probe(struct serdev_device * serdev)1748 static int nxp_serdev_probe(struct serdev_device *serdev)
1749 {
1750 struct hci_dev *hdev;
1751 struct btnxpuart_dev *nxpdev;
1752 bdaddr_t ba = {0};
1753
1754 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1755 if (!nxpdev)
1756 return -ENOMEM;
1757
1758 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1759
1760 nxpdev->serdev = serdev;
1761 serdev_device_set_drvdata(serdev, nxpdev);
1762
1763 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1764
1765 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1766 skb_queue_head_init(&nxpdev->txq);
1767
1768 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1769 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1770
1771 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1772 &nxpdev->fw_init_baudrate);
1773 if (!nxpdev->fw_init_baudrate)
1774 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1775
1776 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1777
1778 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1779
1780 /* Initialize and register HCI device */
1781 hdev = hci_alloc_dev();
1782 if (!hdev) {
1783 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1784 return -ENOMEM;
1785 }
1786
1787 nxpdev->hdev = hdev;
1788
1789 hdev->bus = HCI_UART;
1790 hci_set_drvdata(hdev, nxpdev);
1791
1792 hdev->manufacturer = MANUFACTURER_NXP;
1793 hdev->open = btnxpuart_open;
1794 hdev->close = btnxpuart_close;
1795 hdev->flush = btnxpuart_flush;
1796 hdev->setup = nxp_setup;
1797 hdev->post_init = nxp_post_init;
1798 hdev->send = nxp_enqueue;
1799 hdev->hw_error = nxp_hw_err;
1800 hdev->shutdown = nxp_shutdown;
1801 hdev->wakeup = nxp_wakeup;
1802 hdev->reset = nxp_reset;
1803 hdev->set_bdaddr = nxp_set_bdaddr;
1804 SET_HCIDEV_DEV(hdev, &serdev->dev);
1805
1806 device_property_read_u8_array(&nxpdev->serdev->dev,
1807 "local-bd-address",
1808 (u8 *)&ba, sizeof(ba));
1809 if (bacmp(&ba, BDADDR_ANY))
1810 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
1811
1812 if (hci_register_dev(hdev) < 0) {
1813 dev_err(&serdev->dev, "Can't register HCI device\n");
1814 goto probe_fail;
1815 }
1816
1817 if (ps_setup(hdev))
1818 goto probe_fail;
1819
1820 hci_devcd_register(hdev, nxp_coredump, nxp_coredump_hdr, NULL);
1821
1822 return 0;
1823
1824 probe_fail:
1825 hci_free_dev(hdev);
1826 return -ENODEV;
1827 }
1828
nxp_serdev_remove(struct serdev_device * serdev)1829 static void nxp_serdev_remove(struct serdev_device *serdev)
1830 {
1831 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1832 struct hci_dev *hdev = nxpdev->hdev;
1833
1834 if (is_fw_downloading(nxpdev)) {
1835 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1836 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1837 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1838 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1839 } else {
1840 /* Restore FW baudrate to fw_init_baudrate if changed.
1841 * This will ensure FW baudrate is in sync with
1842 * driver baudrate in case this driver is re-inserted.
1843 */
1844 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1845 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1846 nxp_set_baudrate_cmd(hdev, NULL);
1847 }
1848 }
1849
1850 ps_cleanup(nxpdev);
1851 hci_unregister_dev(hdev);
1852 hci_free_dev(hdev);
1853 }
1854
1855 #ifdef CONFIG_PM_SLEEP
nxp_serdev_suspend(struct device * dev)1856 static int nxp_serdev_suspend(struct device *dev)
1857 {
1858 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1859 struct ps_data *psdata = &nxpdev->psdata;
1860
1861 ps_control(psdata->hdev, PS_STATE_SLEEP);
1862
1863 if (psdata->wakeup_source) {
1864 enable_irq_wake(psdata->irq_handler);
1865 enable_irq(psdata->irq_handler);
1866 }
1867 return 0;
1868 }
1869
nxp_serdev_resume(struct device * dev)1870 static int nxp_serdev_resume(struct device *dev)
1871 {
1872 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1873 struct ps_data *psdata = &nxpdev->psdata;
1874
1875 if (psdata->wakeup_source) {
1876 disable_irq(psdata->irq_handler);
1877 disable_irq_wake(psdata->irq_handler);
1878 }
1879
1880 ps_control(psdata->hdev, PS_STATE_AWAKE);
1881 return 0;
1882 }
1883 #endif
1884
1885 #ifdef CONFIG_DEV_COREDUMP
nxp_serdev_coredump(struct device * dev)1886 static void nxp_serdev_coredump(struct device *dev)
1887 {
1888 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1889 struct hci_dev *hdev = nxpdev->hdev;
1890
1891 if (hdev->dump.coredump)
1892 hdev->dump.coredump(hdev);
1893 }
1894 #endif
1895
1896 static struct btnxpuart_data w8987_data __maybe_unused = {
1897 .helper_fw_name = NULL,
1898 .fw_name = FIRMWARE_W8987,
1899 .fw_name_old = FIRMWARE_W8987_OLD,
1900 };
1901
1902 static struct btnxpuart_data w8997_data __maybe_unused = {
1903 .helper_fw_name = FIRMWARE_HELPER,
1904 .fw_name = FIRMWARE_W8997,
1905 .fw_name_old = FIRMWARE_W8997_OLD,
1906 };
1907
1908 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1909 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1910 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1911 { }
1912 };
1913 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1914
1915 static const struct dev_pm_ops nxp_pm_ops = {
1916 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume)
1917 };
1918
1919 static struct serdev_device_driver nxp_serdev_driver = {
1920 .probe = nxp_serdev_probe,
1921 .remove = nxp_serdev_remove,
1922 .driver = {
1923 .name = "btnxpuart",
1924 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1925 .pm = &nxp_pm_ops,
1926 #ifdef CONFIG_DEV_COREDUMP
1927 .coredump = nxp_serdev_coredump,
1928 #endif
1929 },
1930 };
1931
1932 module_serdev_device_driver(nxp_serdev_driver);
1933
1934 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1935 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1936 MODULE_LICENSE("GPL");
1937