1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2021 MediaTek Inc. 3 * 4 */ 5 #include <linux/module.h> 6 #include <linux/firmware.h> 7 #include <linux/usb.h> 8 #include <linux/iopoll.h> 9 #include <linux/unaligned.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btmtk.h" 15 16 #define VERSION "0.1" 17 18 /* It is for mt79xx download rom patch*/ 19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32 20 #define MTK_FW_ROM_PATCH_GD_SIZE 64 21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64 22 #define MTK_SEC_MAP_COMMON_SIZE 12 23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52 24 25 /* It is for mt79xx iso data transmission setting */ 26 #define MTK_ISO_THRESHOLD 264 27 28 struct btmtk_patch_header { 29 u8 datetime[16]; 30 u8 platform[4]; 31 __le16 hwver; 32 __le16 swver; 33 __le32 magicnum; 34 } __packed; 35 36 struct btmtk_global_desc { 37 __le32 patch_ver; 38 __le32 sub_sys; 39 __le32 feature_opt; 40 __le32 section_num; 41 } __packed; 42 43 struct btmtk_section_map { 44 __le32 sectype; 45 __le32 secoffset; 46 __le32 secsize; 47 union { 48 __le32 u4SecSpec[13]; 49 struct { 50 __le32 dlAddr; 51 __le32 dlsize; 52 __le32 seckeyidx; 53 __le32 alignlen; 54 __le32 sectype; 55 __le32 dlmodecrctype; 56 __le32 crc; 57 __le32 reserved[6]; 58 } bin_info_spec; 59 }; 60 } __packed; 61 62 static void btmtk_coredump(struct hci_dev *hdev) 63 { 64 int err; 65 66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL); 67 if (err < 0) 68 bt_dev_err(hdev, "Coredump failed (%d)", err); 69 } 70 71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 struct btmtk_data *data = hci_get_priv(hdev); 74 char buf[80]; 75 76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 77 data->dev_id); 78 skb_put_data(skb, buf, strlen(buf)); 79 80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 81 data->cd_info.fw_version); 82 skb_put_data(skb, buf, strlen(buf)); 83 84 snprintf(buf, sizeof(buf), "Driver: %s\n", 85 data->cd_info.driver_name); 86 skb_put_data(skb, buf, strlen(buf)); 87 88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n"); 89 skb_put_data(skb, buf, strlen(buf)); 90 } 91 92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state) 93 { 94 struct btmtk_data *data = hci_get_priv(hdev); 95 96 switch (state) { 97 case HCI_DEVCOREDUMP_IDLE: 98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 99 break; 100 case HCI_DEVCOREDUMP_ACTIVE: 101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE; 102 break; 103 case HCI_DEVCOREDUMP_TIMEOUT: 104 case HCI_DEVCOREDUMP_ABORT: 105 case HCI_DEVCOREDUMP_DONE: 106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 107 btmtk_reset_sync(hdev); 108 break; 109 } 110 } 111 112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver, 113 u32 fw_flavor) 114 { 115 if (dev_id == 0x7925) 116 snprintf(buf, size, 117 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 118 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1); 119 else if (dev_id == 0x7961 && fw_flavor) 120 snprintf(buf, size, 121 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin", 122 dev_id & 0xffff, (fw_ver & 0xff) + 1); 123 else 124 snprintf(buf, size, 125 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 126 dev_id & 0xffff, (fw_ver & 0xff) + 1); 127 } 128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename); 129 130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, 131 wmt_cmd_sync_func_t wmt_cmd_sync) 132 { 133 struct btmtk_hci_wmt_params wmt_params; 134 struct btmtk_patch_header *hdr; 135 struct btmtk_global_desc *globaldesc = NULL; 136 struct btmtk_section_map *sectionmap; 137 const struct firmware *fw; 138 const u8 *fw_ptr; 139 const u8 *fw_bin_ptr; 140 int err, dlen, i, status; 141 u8 flag, first_block, retry; 142 u32 section_num, dl_size, section_offset; 143 u8 cmd[64]; 144 145 err = request_firmware(&fw, fwname, &hdev->dev); 146 if (err < 0) { 147 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 148 return err; 149 } 150 151 fw_ptr = fw->data; 152 fw_bin_ptr = fw_ptr; 153 hdr = (struct btmtk_patch_header *)fw_ptr; 154 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE); 155 section_num = le32_to_cpu(globaldesc->section_num); 156 157 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s", 158 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime); 159 160 for (i = 0; i < section_num; i++) { 161 first_block = 1; 162 fw_ptr = fw_bin_ptr; 163 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 164 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i); 165 166 section_offset = le32_to_cpu(sectionmap->secoffset); 167 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize); 168 169 if (dl_size > 0) { 170 retry = 20; 171 while (retry > 0) { 172 cmd[0] = 0; /* 0 means legacy dl mode. */ 173 memcpy(cmd + 1, 174 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 175 MTK_FW_ROM_PATCH_GD_SIZE + 176 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + 177 MTK_SEC_MAP_COMMON_SIZE, 178 MTK_SEC_MAP_NEED_SEND_SIZE + 1); 179 180 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 181 wmt_params.status = &status; 182 wmt_params.flag = 0; 183 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1; 184 wmt_params.data = &cmd; 185 186 err = wmt_cmd_sync(hdev, &wmt_params); 187 if (err < 0) { 188 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 189 err); 190 goto err_release_fw; 191 } 192 193 if (status == BTMTK_WMT_PATCH_UNDONE) { 194 break; 195 } else if (status == BTMTK_WMT_PATCH_PROGRESS) { 196 msleep(100); 197 retry--; 198 } else if (status == BTMTK_WMT_PATCH_DONE) { 199 goto next_section; 200 } else { 201 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)", 202 status); 203 err = -EIO; 204 goto err_release_fw; 205 } 206 } 207 208 fw_ptr += section_offset; 209 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 210 wmt_params.status = NULL; 211 212 while (dl_size > 0) { 213 dlen = min_t(int, 250, dl_size); 214 if (first_block == 1) { 215 flag = 1; 216 first_block = 0; 217 } else if (dl_size - dlen <= 0) { 218 flag = 3; 219 } else { 220 flag = 2; 221 } 222 223 wmt_params.flag = flag; 224 wmt_params.dlen = dlen; 225 wmt_params.data = fw_ptr; 226 227 err = wmt_cmd_sync(hdev, &wmt_params); 228 if (err < 0) { 229 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 230 err); 231 goto err_release_fw; 232 } 233 234 dl_size -= dlen; 235 fw_ptr += dlen; 236 } 237 } 238 next_section: 239 continue; 240 } 241 /* Wait a few moments for firmware activation done */ 242 usleep_range(100000, 120000); 243 244 err_release_fw: 245 release_firmware(fw); 246 247 return err; 248 } 249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx); 250 251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname, 252 wmt_cmd_sync_func_t wmt_cmd_sync) 253 { 254 struct btmtk_hci_wmt_params wmt_params; 255 const struct firmware *fw; 256 const u8 *fw_ptr; 257 size_t fw_size; 258 int err, dlen; 259 u8 flag, param; 260 261 err = request_firmware(&fw, fwname, &hdev->dev); 262 if (err < 0) { 263 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 264 return err; 265 } 266 267 /* Power on data RAM the firmware relies on. */ 268 param = 1; 269 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 270 wmt_params.flag = 3; 271 wmt_params.dlen = sizeof(param); 272 wmt_params.data = ¶m; 273 wmt_params.status = NULL; 274 275 err = wmt_cmd_sync(hdev, &wmt_params); 276 if (err < 0) { 277 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 278 goto err_release_fw; 279 } 280 281 fw_ptr = fw->data; 282 fw_size = fw->size; 283 284 /* The size of patch header is 30 bytes, should be skip */ 285 if (fw_size < 30) { 286 err = -EINVAL; 287 goto err_release_fw; 288 } 289 290 fw_size -= 30; 291 fw_ptr += 30; 292 flag = 1; 293 294 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 295 wmt_params.status = NULL; 296 297 while (fw_size > 0) { 298 dlen = min_t(int, 250, fw_size); 299 300 /* Tell device the position in sequence */ 301 if (fw_size - dlen <= 0) 302 flag = 3; 303 else if (fw_size < fw->size - 30) 304 flag = 2; 305 306 wmt_params.flag = flag; 307 wmt_params.dlen = dlen; 308 wmt_params.data = fw_ptr; 309 310 err = wmt_cmd_sync(hdev, &wmt_params); 311 if (err < 0) { 312 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 313 err); 314 goto err_release_fw; 315 } 316 317 fw_size -= dlen; 318 fw_ptr += dlen; 319 } 320 321 wmt_params.op = BTMTK_WMT_RST; 322 wmt_params.flag = 4; 323 wmt_params.dlen = 0; 324 wmt_params.data = NULL; 325 wmt_params.status = NULL; 326 327 /* Activate function the firmware providing to */ 328 err = wmt_cmd_sync(hdev, &wmt_params); 329 if (err < 0) { 330 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 331 goto err_release_fw; 332 } 333 334 /* Wait a few moments for firmware activation done */ 335 usleep_range(10000, 12000); 336 337 err_release_fw: 338 release_firmware(fw); 339 340 return err; 341 } 342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware); 343 344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 345 { 346 struct sk_buff *skb; 347 long ret; 348 349 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT); 350 if (IS_ERR(skb)) { 351 ret = PTR_ERR(skb); 352 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)", 353 ret); 354 return ret; 355 } 356 kfree_skb(skb); 357 358 return 0; 359 } 360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr); 361 362 void btmtk_reset_sync(struct hci_dev *hdev) 363 { 364 struct btmtk_data *reset_work = hci_get_priv(hdev); 365 int err; 366 367 hci_dev_lock(hdev); 368 369 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL); 370 if (err) 371 bt_dev_err(hdev, "failed to reset (%d)", err); 372 373 hci_dev_unlock(hdev); 374 } 375 EXPORT_SYMBOL_GPL(btmtk_reset_sync); 376 377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name, 378 u32 fw_version) 379 { 380 struct btmtk_data *data = hci_get_priv(hdev); 381 382 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 383 return -EOPNOTSUPP; 384 385 data->cd_info.fw_version = fw_version; 386 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 387 data->cd_info.driver_name = name; 388 389 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr, 390 btmtk_coredump_notify); 391 } 392 EXPORT_SYMBOL_GPL(btmtk_register_coredump); 393 394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 395 { 396 struct btmtk_data *data = hci_get_priv(hdev); 397 int err; 398 bool complete = false; 399 400 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) { 401 kfree_skb(skb); 402 return 0; 403 } 404 405 switch (data->cd_info.state) { 406 case HCI_DEVCOREDUMP_IDLE: 407 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); 408 if (err < 0) { 409 kfree_skb(skb); 410 break; 411 } 412 data->cd_info.cnt = 0; 413 414 /* It is supposed coredump can be done within 5 seconds */ 415 schedule_delayed_work(&hdev->dump.dump_timeout, 416 msecs_to_jiffies(5000)); 417 fallthrough; 418 case HCI_DEVCOREDUMP_ACTIVE: 419 default: 420 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */ 421 if (data->cd_info.cnt >= MTK_COREDUMP_NUM && 422 skb->len > MTK_COREDUMP_END_LEN) 423 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN], 424 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) 425 complete = true; 426 427 err = hci_devcd_append(hdev, skb); 428 if (err < 0) 429 break; 430 data->cd_info.cnt++; 431 432 if (complete) { 433 bt_dev_info(hdev, "Mediatek coredump end"); 434 hci_devcd_complete(hdev); 435 } 436 437 break; 438 } 439 440 return err; 441 } 442 EXPORT_SYMBOL_GPL(btmtk_process_coredump); 443 444 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) 445 static void btmtk_usb_wmt_recv(struct urb *urb) 446 { 447 struct hci_dev *hdev = urb->context; 448 struct btmtk_data *data = hci_get_priv(hdev); 449 struct sk_buff *skb; 450 int err; 451 452 if (urb->status == 0 && urb->actual_length > 0) { 453 hdev->stat.byte_rx += urb->actual_length; 454 455 /* WMT event shouldn't be fragmented and the size should be 456 * less than HCI_WMT_MAX_EVENT_SIZE. 457 */ 458 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 459 if (!skb) { 460 hdev->stat.err_rx++; 461 kfree(urb->setup_packet); 462 return; 463 } 464 465 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 466 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 467 468 /* When someone waits for the WMT event, the skb is being cloned 469 * and being processed the events from there then. 470 */ 471 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) { 472 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 473 if (!data->evt_skb) { 474 kfree_skb(skb); 475 kfree(urb->setup_packet); 476 return; 477 } 478 } 479 480 err = hci_recv_frame(hdev, skb); 481 if (err < 0) { 482 kfree_skb(data->evt_skb); 483 data->evt_skb = NULL; 484 kfree(urb->setup_packet); 485 return; 486 } 487 488 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT, 489 &data->flags)) { 490 /* Barrier to sync with other CPUs */ 491 smp_mb__after_atomic(); 492 wake_up_bit(&data->flags, 493 BTMTK_TX_WAIT_VND_EVT); 494 } 495 kfree(urb->setup_packet); 496 return; 497 } else if (urb->status == -ENOENT) { 498 /* Avoid suspend failed when usb_kill_urb */ 499 return; 500 } 501 502 usb_mark_last_busy(data->udev); 503 504 /* The URB complete handler is still called with urb->actual_length = 0 505 * when the event is not available, so we should keep re-submitting 506 * URB until WMT event returns, Also, It's necessary to wait some time 507 * between the two consecutive control URBs to relax the target device 508 * to generate the event. Otherwise, the WMT event cannot return from 509 * the device successfully. 510 */ 511 udelay(500); 512 513 usb_anchor_urb(urb, data->ctrl_anchor); 514 err = usb_submit_urb(urb, GFP_ATOMIC); 515 if (err < 0) { 516 kfree(urb->setup_packet); 517 /* -EPERM: urb is being killed; 518 * -ENODEV: device got disconnected 519 */ 520 if (err != -EPERM && err != -ENODEV) 521 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 522 urb, -err); 523 usb_unanchor_urb(urb); 524 } 525 } 526 527 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev) 528 { 529 struct btmtk_data *data = hci_get_priv(hdev); 530 struct usb_ctrlrequest *dr; 531 unsigned char *buf; 532 int err, size = 64; 533 unsigned int pipe; 534 struct urb *urb; 535 536 urb = usb_alloc_urb(0, GFP_KERNEL); 537 if (!urb) 538 return -ENOMEM; 539 540 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 541 if (!dr) { 542 usb_free_urb(urb); 543 return -ENOMEM; 544 } 545 546 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 547 dr->bRequest = 1; 548 dr->wIndex = cpu_to_le16(0); 549 dr->wValue = cpu_to_le16(48); 550 dr->wLength = cpu_to_le16(size); 551 552 buf = kmalloc(size, GFP_KERNEL); 553 if (!buf) { 554 kfree(dr); 555 usb_free_urb(urb); 556 return -ENOMEM; 557 } 558 559 pipe = usb_rcvctrlpipe(data->udev, 0); 560 561 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 562 buf, size, btmtk_usb_wmt_recv, hdev); 563 564 urb->transfer_flags |= URB_FREE_BUFFER; 565 566 usb_anchor_urb(urb, data->ctrl_anchor); 567 err = usb_submit_urb(urb, GFP_KERNEL); 568 if (err < 0) { 569 if (err != -EPERM && err != -ENODEV) 570 bt_dev_err(hdev, "urb %p submission failed (%d)", 571 urb, -err); 572 usb_unanchor_urb(urb); 573 } 574 575 usb_free_urb(urb); 576 577 return err; 578 } 579 580 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev, 581 struct btmtk_hci_wmt_params *wmt_params) 582 { 583 struct btmtk_data *data = hci_get_priv(hdev); 584 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 585 u32 hlen, status = BTMTK_WMT_INVALID; 586 struct btmtk_hci_wmt_evt *wmt_evt; 587 struct btmtk_hci_wmt_cmd *wc; 588 struct btmtk_wmt_hdr *hdr; 589 int err; 590 591 /* Send the WMT command and wait until the WMT event returns */ 592 hlen = sizeof(*hdr) + wmt_params->dlen; 593 if (hlen > 255) 594 return -EINVAL; 595 596 wc = kzalloc(hlen, GFP_KERNEL); 597 if (!wc) 598 return -ENOMEM; 599 600 hdr = &wc->hdr; 601 hdr->dir = 1; 602 hdr->op = wmt_params->op; 603 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 604 hdr->flag = wmt_params->flag; 605 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 606 607 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 608 609 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 610 * it needs constantly polling control pipe until the host received the 611 * WMT event, thus, we should require to specifically acquire PM counter 612 * on the USB to prevent the interface from entering auto suspended 613 * while WMT cmd/event in progress. 614 */ 615 err = usb_autopm_get_interface(data->intf); 616 if (err < 0) 617 goto err_free_wc; 618 619 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 620 621 if (err < 0) { 622 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 623 usb_autopm_put_interface(data->intf); 624 goto err_free_wc; 625 } 626 627 /* Submit control IN URB on demand to process the WMT event */ 628 err = btmtk_usb_submit_wmt_recv_urb(hdev); 629 630 usb_autopm_put_interface(data->intf); 631 632 if (err < 0) 633 goto err_free_wc; 634 635 /* The vendor specific WMT commands are all answered by a vendor 636 * specific event and will have the Command Status or Command 637 * Complete as with usual HCI command flow control. 638 * 639 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 640 * state to be cleared. The driver specific event receive routine 641 * will clear that state and with that indicate completion of the 642 * WMT command. 643 */ 644 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT, 645 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 646 if (err == -EINTR) { 647 bt_dev_err(hdev, "Execution of wmt command interrupted"); 648 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 649 goto err_free_wc; 650 } 651 652 if (err) { 653 bt_dev_err(hdev, "Execution of wmt command timed out"); 654 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 655 err = -ETIMEDOUT; 656 goto err_free_wc; 657 } 658 659 if (data->evt_skb == NULL) 660 goto err_free_wc; 661 662 /* Parse and handle the return WMT event */ 663 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 664 if (wmt_evt->whdr.op != hdr->op) { 665 bt_dev_err(hdev, "Wrong op received %d expected %d", 666 wmt_evt->whdr.op, hdr->op); 667 err = -EIO; 668 goto err_free_skb; 669 } 670 671 switch (wmt_evt->whdr.op) { 672 case BTMTK_WMT_SEMAPHORE: 673 if (wmt_evt->whdr.flag == 2) 674 status = BTMTK_WMT_PATCH_UNDONE; 675 else 676 status = BTMTK_WMT_PATCH_DONE; 677 break; 678 case BTMTK_WMT_FUNC_CTRL: 679 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 680 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 681 status = BTMTK_WMT_ON_DONE; 682 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 683 status = BTMTK_WMT_ON_PROGRESS; 684 else 685 status = BTMTK_WMT_ON_UNDONE; 686 break; 687 case BTMTK_WMT_PATCH_DWNLD: 688 if (wmt_evt->whdr.flag == 2) 689 status = BTMTK_WMT_PATCH_DONE; 690 else if (wmt_evt->whdr.flag == 1) 691 status = BTMTK_WMT_PATCH_PROGRESS; 692 else 693 status = BTMTK_WMT_PATCH_UNDONE; 694 break; 695 } 696 697 if (wmt_params->status) 698 *wmt_params->status = status; 699 700 err_free_skb: 701 kfree_skb(data->evt_skb); 702 data->evt_skb = NULL; 703 err_free_wc: 704 kfree(wc); 705 return err; 706 } 707 708 static int btmtk_usb_func_query(struct hci_dev *hdev) 709 { 710 struct btmtk_hci_wmt_params wmt_params; 711 int status, err; 712 u8 param = 0; 713 714 /* Query whether the function is enabled */ 715 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 716 wmt_params.flag = 4; 717 wmt_params.dlen = sizeof(param); 718 wmt_params.data = ¶m; 719 wmt_params.status = &status; 720 721 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 722 if (err < 0) { 723 bt_dev_err(hdev, "Failed to query function status (%d)", err); 724 return err; 725 } 726 727 return status; 728 } 729 730 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val) 731 { 732 struct btmtk_data *data = hci_get_priv(hdev); 733 int pipe, err; 734 void *buf; 735 736 buf = kzalloc(4, GFP_KERNEL); 737 if (!buf) 738 return -ENOMEM; 739 740 put_unaligned_le32(val, buf); 741 742 pipe = usb_sndctrlpipe(data->udev, 0); 743 err = usb_control_msg(data->udev, pipe, 0x02, 744 0x5E, 745 reg >> 16, reg & 0xffff, 746 buf, 4, USB_CTRL_SET_TIMEOUT); 747 if (err < 0) 748 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 749 750 kfree(buf); 751 752 return err; 753 } 754 755 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 756 { 757 struct btmtk_data *data = hci_get_priv(hdev); 758 int pipe, err; 759 void *buf; 760 761 buf = kzalloc(4, GFP_KERNEL); 762 if (!buf) 763 return -ENOMEM; 764 765 pipe = usb_rcvctrlpipe(data->udev, 0); 766 err = usb_control_msg(data->udev, pipe, 0x01, 767 0xDE, 768 reg >> 16, reg & 0xffff, 769 buf, 4, USB_CTRL_GET_TIMEOUT); 770 if (err < 0) { 771 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 772 goto err_free_buf; 773 } 774 775 *val = get_unaligned_le32(buf); 776 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 777 778 err_free_buf: 779 kfree(buf); 780 781 return err; 782 } 783 784 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 785 { 786 struct btmtk_data *data = hci_get_priv(hdev); 787 int pipe, err, size = sizeof(u32); 788 void *buf; 789 790 buf = kzalloc(size, GFP_KERNEL); 791 if (!buf) 792 return -ENOMEM; 793 794 pipe = usb_rcvctrlpipe(data->udev, 0); 795 err = usb_control_msg(data->udev, pipe, 0x63, 796 USB_TYPE_VENDOR | USB_DIR_IN, 797 reg >> 16, reg & 0xffff, 798 buf, size, USB_CTRL_GET_TIMEOUT); 799 if (err < 0) 800 goto err_free_buf; 801 802 *val = get_unaligned_le32(buf); 803 804 err_free_buf: 805 kfree(buf); 806 807 return err; 808 } 809 810 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id) 811 { 812 return btmtk_usb_reg_read(hdev, reg, id); 813 } 814 815 static u32 btmtk_usb_reset_done(struct hci_dev *hdev) 816 { 817 u32 val = 0; 818 819 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val); 820 821 return val & MTK_BT_RST_DONE; 822 } 823 824 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id) 825 { 826 u32 val; 827 int err; 828 829 if (dev_id == 0x7922) { 830 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 831 if (err < 0) 832 return err; 833 val |= 0x00002020; 834 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 835 if (err < 0) 836 return err; 837 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 838 if (err < 0) 839 return err; 840 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 841 if (err < 0) 842 return err; 843 val |= BIT(0); 844 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 845 if (err < 0) 846 return err; 847 msleep(100); 848 } else if (dev_id == 0x7925) { 849 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 850 if (err < 0) 851 return err; 852 val |= (1 << 5); 853 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 854 if (err < 0) 855 return err; 856 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 857 if (err < 0) 858 return err; 859 val &= 0xFFFF00FF; 860 val |= (1 << 13); 861 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 862 if (err < 0) 863 return err; 864 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 865 if (err < 0) 866 return err; 867 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 868 if (err < 0) 869 return err; 870 val |= (1 << 0); 871 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 872 if (err < 0) 873 return err; 874 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 875 if (err < 0) 876 return err; 877 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 878 if (err < 0) 879 return err; 880 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 881 if (err < 0) 882 return err; 883 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 884 if (err < 0) 885 return err; 886 msleep(100); 887 } else { 888 /* It's Device EndPoint Reset Option Register */ 889 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 890 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 891 if (err < 0) 892 return err; 893 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val); 894 if (err < 0) 895 return err; 896 /* Reset the bluetooth chip via USB interface. */ 897 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1); 898 if (err < 0) 899 return err; 900 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 901 if (err < 0) 902 return err; 903 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 904 if (err < 0) 905 return err; 906 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 907 if (err < 0) 908 return err; 909 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 910 if (err < 0) 911 return err; 912 /* MT7921 need to delay 20ms between toggle reset bit */ 913 msleep(20); 914 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0); 915 if (err < 0) 916 return err; 917 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 918 if (err < 0) 919 return err; 920 } 921 922 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val, 923 val & MTK_BT_RST_DONE, 20000, 1000000); 924 if (err < 0) 925 bt_dev_err(hdev, "Reset timeout"); 926 927 if (dev_id == 0x7922) { 928 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 929 if (err < 0) 930 return err; 931 } 932 933 err = btmtk_usb_id_get(hdev, 0x70010200, &val); 934 if (err < 0 || !val) 935 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 936 937 return err; 938 } 939 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset); 940 941 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 942 { 943 struct btmtk_data *data = hci_get_priv(hdev); 944 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 945 946 switch (handle) { 947 case 0xfc6f: /* Firmware dump from device */ 948 /* When the firmware hangs, the device can no longer 949 * suspend and thus disable auto-suspend. 950 */ 951 usb_disable_autosuspend(data->udev); 952 953 /* We need to forward the diagnostic packet to userspace daemon 954 * for backward compatibility, so we have to clone the packet 955 * extraly for the in-kernel coredump support. 956 */ 957 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) { 958 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC); 959 960 if (skb_cd) 961 btmtk_process_coredump(hdev, skb_cd); 962 } 963 964 fallthrough; 965 case 0x05ff: /* Firmware debug logging 1 */ 966 case 0x05fe: /* Firmware debug logging 2 */ 967 return hci_recv_diag(hdev, skb); 968 } 969 970 return hci_recv_frame(hdev, skb); 971 } 972 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl); 973 974 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb) 975 { 976 if (skb->len > MTK_ISO_THRESHOLD) 977 return -EINVAL; 978 979 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len)) 980 return -ENOMEM; 981 982 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len); 983 984 return 0; 985 } 986 987 static int __set_mtk_intr_interface(struct hci_dev *hdev) 988 { 989 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 990 struct usb_interface *intf = btmtk_data->isopkt_intf; 991 int i, err; 992 993 if (!btmtk_data->isopkt_intf) 994 return -ENODEV; 995 996 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1); 997 if (err < 0) { 998 bt_dev_err(hdev, "setting interface failed (%d)", -err); 999 return err; 1000 } 1001 1002 btmtk_data->isopkt_tx_ep = NULL; 1003 btmtk_data->isopkt_rx_ep = NULL; 1004 1005 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1006 struct usb_endpoint_descriptor *ep_desc; 1007 1008 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1009 1010 if (!btmtk_data->isopkt_tx_ep && 1011 usb_endpoint_is_int_out(ep_desc)) { 1012 btmtk_data->isopkt_tx_ep = ep_desc; 1013 continue; 1014 } 1015 1016 if (!btmtk_data->isopkt_rx_ep && 1017 usb_endpoint_is_int_in(ep_desc)) { 1018 btmtk_data->isopkt_rx_ep = ep_desc; 1019 continue; 1020 } 1021 } 1022 1023 if (!btmtk_data->isopkt_tx_ep || 1024 !btmtk_data->isopkt_rx_ep) { 1025 bt_dev_err(hdev, "invalid interrupt descriptors"); 1026 return -ENODEV; 1027 } 1028 1029 return 0; 1030 } 1031 1032 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb, 1033 usb_complete_t tx_complete) 1034 { 1035 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1036 struct urb *urb; 1037 unsigned int pipe; 1038 1039 if (!btmtk_data->isopkt_tx_ep) 1040 return ERR_PTR(-ENODEV); 1041 1042 urb = usb_alloc_urb(0, GFP_KERNEL); 1043 if (!urb) 1044 return ERR_PTR(-ENOMEM); 1045 1046 if (btmtk_isopkt_pad(hdev, skb)) 1047 return ERR_PTR(-EINVAL); 1048 1049 pipe = usb_sndintpipe(btmtk_data->udev, 1050 btmtk_data->isopkt_tx_ep->bEndpointAddress); 1051 1052 usb_fill_int_urb(urb, btmtk_data->udev, pipe, 1053 skb->data, skb->len, tx_complete, 1054 skb, btmtk_data->isopkt_tx_ep->bInterval); 1055 1056 skb->dev = (void *)hdev; 1057 1058 return urb; 1059 } 1060 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb); 1061 1062 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count) 1063 { 1064 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1065 struct sk_buff *skb; 1066 unsigned long flags; 1067 int err = 0; 1068 1069 spin_lock_irqsave(&btmtk_data->isorxlock, flags); 1070 skb = btmtk_data->isopkt_skb; 1071 1072 while (count) { 1073 int len; 1074 1075 if (!skb) { 1076 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC); 1077 if (!skb) { 1078 err = -ENOMEM; 1079 break; 1080 } 1081 1082 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1083 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE; 1084 } 1085 1086 len = min_t(uint, hci_skb_expect(skb), count); 1087 skb_put_data(skb, buffer, len); 1088 1089 count -= len; 1090 buffer += len; 1091 hci_skb_expect(skb) -= len; 1092 1093 if (skb->len == HCI_ISO_HDR_SIZE) { 1094 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen; 1095 1096 /* Complete ISO header */ 1097 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1098 1099 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1100 kfree_skb(skb); 1101 skb = NULL; 1102 1103 err = -EILSEQ; 1104 break; 1105 } 1106 } 1107 1108 if (!hci_skb_expect(skb)) { 1109 /* Complete frame */ 1110 hci_recv_frame(hdev, skb); 1111 skb = NULL; 1112 } 1113 } 1114 1115 btmtk_data->isopkt_skb = skb; 1116 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags); 1117 1118 return err; 1119 } 1120 1121 static void btmtk_intr_complete(struct urb *urb) 1122 { 1123 struct hci_dev *hdev = urb->context; 1124 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1125 int err; 1126 1127 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1128 urb->actual_length); 1129 1130 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1131 return; 1132 1133 if (hdev->suspended) 1134 return; 1135 1136 if (urb->status == 0) { 1137 hdev->stat.byte_rx += urb->actual_length; 1138 1139 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer, 1140 urb->actual_length) < 0) { 1141 bt_dev_err(hdev, "corrupted iso packet"); 1142 hdev->stat.err_rx++; 1143 } 1144 } else if (urb->status == -ENOENT) { 1145 /* Avoid suspend failed when usb_kill_urb */ 1146 return; 1147 } 1148 1149 usb_mark_last_busy(btmtk_data->udev); 1150 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1151 1152 err = usb_submit_urb(urb, GFP_ATOMIC); 1153 if (err < 0) { 1154 /* -EPERM: urb is being killed; 1155 * -ENODEV: device got disconnected 1156 */ 1157 if (err != -EPERM && err != -ENODEV) 1158 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1159 urb, -err); 1160 if (err != -EPERM) 1161 hci_cmd_sync_cancel(hdev, -err); 1162 usb_unanchor_urb(urb); 1163 } 1164 } 1165 1166 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1167 { 1168 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1169 unsigned char *buf; 1170 unsigned int pipe; 1171 struct urb *urb; 1172 int err, size; 1173 1174 BT_DBG("%s", hdev->name); 1175 1176 if (!btmtk_data->isopkt_rx_ep) 1177 return -ENODEV; 1178 1179 urb = usb_alloc_urb(0, mem_flags); 1180 if (!urb) 1181 return -ENOMEM; 1182 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize); 1183 1184 buf = kmalloc(size, mem_flags); 1185 if (!buf) { 1186 usb_free_urb(urb); 1187 return -ENOMEM; 1188 } 1189 1190 pipe = usb_rcvintpipe(btmtk_data->udev, 1191 btmtk_data->isopkt_rx_ep->bEndpointAddress); 1192 1193 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size, 1194 btmtk_intr_complete, hdev, 1195 btmtk_data->isopkt_rx_ep->bInterval); 1196 1197 urb->transfer_flags |= URB_FREE_BUFFER; 1198 1199 usb_mark_last_busy(btmtk_data->udev); 1200 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1201 1202 err = usb_submit_urb(urb, mem_flags); 1203 if (err < 0) { 1204 if (err != -EPERM && err != -ENODEV) 1205 bt_dev_err(hdev, "urb %p submission failed (%d)", 1206 urb, -err); 1207 usb_unanchor_urb(urb); 1208 } 1209 1210 usb_free_urb(urb); 1211 1212 return err; 1213 } 1214 1215 static int btmtk_usb_isointf_init(struct hci_dev *hdev) 1216 { 1217 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1218 u8 iso_param[2] = { 0x08, 0x01 }; 1219 struct sk_buff *skb; 1220 int err; 1221 1222 spin_lock_init(&btmtk_data->isorxlock); 1223 1224 __set_mtk_intr_interface(hdev); 1225 1226 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL); 1227 if (err < 0) { 1228 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1229 bt_dev_err(hdev, "ISO intf not support (%d)", err); 1230 return err; 1231 } 1232 1233 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param, 1234 HCI_INIT_TIMEOUT); 1235 if (IS_ERR(skb)) { 1236 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb)); 1237 return PTR_ERR(skb); 1238 } 1239 kfree_skb(skb); 1240 1241 return 0; 1242 } 1243 1244 int btmtk_usb_resume(struct hci_dev *hdev) 1245 { 1246 /* This function describes the specific additional steps taken by MediaTek 1247 * when Bluetooth usb driver's resume function is called. 1248 */ 1249 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1250 1251 /* Resubmit urb for iso data transmission */ 1252 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) { 1253 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0) 1254 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1255 } 1256 1257 return 0; 1258 } 1259 EXPORT_SYMBOL_GPL(btmtk_usb_resume); 1260 1261 int btmtk_usb_suspend(struct hci_dev *hdev) 1262 { 1263 /* This function describes the specific additional steps taken by MediaTek 1264 * when Bluetooth usb driver's suspend function is called. 1265 */ 1266 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1267 1268 /* Stop urb anchor for iso data transmission */ 1269 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) 1270 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1271 1272 return 0; 1273 } 1274 EXPORT_SYMBOL_GPL(btmtk_usb_suspend); 1275 1276 int btmtk_usb_setup(struct hci_dev *hdev) 1277 { 1278 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1279 struct btmtk_hci_wmt_params wmt_params; 1280 ktime_t calltime, delta, rettime; 1281 struct btmtk_tci_sleep tci_sleep; 1282 unsigned long long duration; 1283 struct sk_buff *skb; 1284 const char *fwname; 1285 int err, status; 1286 u32 dev_id = 0; 1287 char fw_bin_name[64]; 1288 u32 fw_version = 0, fw_flavor = 0; 1289 u8 param; 1290 1291 calltime = ktime_get(); 1292 1293 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id); 1294 if (err < 0) { 1295 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1296 return err; 1297 } 1298 1299 if (!dev_id || dev_id != 0x7663) { 1300 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id); 1301 if (err < 0) { 1302 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1303 return err; 1304 } 1305 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version); 1306 if (err < 0) { 1307 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 1308 return err; 1309 } 1310 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor); 1311 if (err < 0) { 1312 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err); 1313 return err; 1314 } 1315 fw_flavor = (fw_flavor & 0x00000080) >> 7; 1316 } 1317 1318 btmtk_data->dev_id = dev_id; 1319 1320 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version); 1321 if (err < 0) 1322 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 1323 1324 switch (dev_id) { 1325 case 0x7663: 1326 fwname = FIRMWARE_MT7663; 1327 break; 1328 case 0x7668: 1329 fwname = FIRMWARE_MT7668; 1330 break; 1331 case 0x7922: 1332 case 0x7961: 1333 case 0x7925: 1334 /* Reset the device to ensure it's in the initial state before 1335 * downloading the firmware to ensure. 1336 */ 1337 1338 if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags)) 1339 btmtk_usb_subsys_reset(hdev, dev_id); 1340 1341 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, 1342 fw_version, fw_flavor); 1343 1344 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 1345 btmtk_usb_hci_wmt_sync); 1346 if (err < 0) { 1347 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 1348 clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1349 return err; 1350 } 1351 1352 set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1353 1354 /* It's Device EndPoint Reset Option Register */ 1355 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 1356 MTK_EP_RST_IN_OUT_OPT); 1357 if (err < 0) 1358 return err; 1359 1360 /* Enable Bluetooth protocol */ 1361 param = 1; 1362 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1363 wmt_params.flag = 0; 1364 wmt_params.dlen = sizeof(param); 1365 wmt_params.data = ¶m; 1366 wmt_params.status = NULL; 1367 1368 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1369 if (err < 0) { 1370 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1371 return err; 1372 } 1373 1374 hci_set_msft_opcode(hdev, 0xFD30); 1375 hci_set_aosp_capable(hdev); 1376 1377 /* Set up ISO interface after protocol enabled */ 1378 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 1379 if (!btmtk_usb_isointf_init(hdev)) 1380 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1381 } 1382 1383 goto done; 1384 default: 1385 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 1386 dev_id); 1387 return -ENODEV; 1388 } 1389 1390 /* Query whether the firmware is already download */ 1391 wmt_params.op = BTMTK_WMT_SEMAPHORE; 1392 wmt_params.flag = 1; 1393 wmt_params.dlen = 0; 1394 wmt_params.data = NULL; 1395 wmt_params.status = &status; 1396 1397 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1398 if (err < 0) { 1399 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 1400 return err; 1401 } 1402 1403 if (status == BTMTK_WMT_PATCH_DONE) { 1404 bt_dev_info(hdev, "firmware already downloaded"); 1405 goto ignore_setup_fw; 1406 } 1407 1408 /* Setup a firmware which the device definitely requires */ 1409 err = btmtk_setup_firmware(hdev, fwname, 1410 btmtk_usb_hci_wmt_sync); 1411 if (err < 0) 1412 return err; 1413 1414 ignore_setup_fw: 1415 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status, 1416 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 1417 2000, 5000000); 1418 /* -ETIMEDOUT happens */ 1419 if (err < 0) 1420 return err; 1421 1422 /* The other errors happen in btmtk_usb_func_query */ 1423 if (status < 0) 1424 return status; 1425 1426 if (status == BTMTK_WMT_ON_DONE) { 1427 bt_dev_info(hdev, "function already on"); 1428 goto ignore_func_on; 1429 } 1430 1431 /* Enable Bluetooth protocol */ 1432 param = 1; 1433 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1434 wmt_params.flag = 0; 1435 wmt_params.dlen = sizeof(param); 1436 wmt_params.data = ¶m; 1437 wmt_params.status = NULL; 1438 1439 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1440 if (err < 0) { 1441 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1442 return err; 1443 } 1444 1445 ignore_func_on: 1446 /* Apply the low power environment setup */ 1447 tci_sleep.mode = 0x5; 1448 tci_sleep.duration = cpu_to_le16(0x640); 1449 tci_sleep.host_duration = cpu_to_le16(0x640); 1450 tci_sleep.host_wakeup_pin = 0; 1451 tci_sleep.time_compensation = 0; 1452 1453 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 1454 HCI_INIT_TIMEOUT); 1455 if (IS_ERR(skb)) { 1456 err = PTR_ERR(skb); 1457 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 1458 return err; 1459 } 1460 kfree_skb(skb); 1461 1462 done: 1463 rettime = ktime_get(); 1464 delta = ktime_sub(rettime, calltime); 1465 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1466 1467 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1468 1469 return 0; 1470 } 1471 EXPORT_SYMBOL_GPL(btmtk_usb_setup); 1472 1473 int btmtk_usb_shutdown(struct hci_dev *hdev) 1474 { 1475 struct btmtk_hci_wmt_params wmt_params; 1476 u8 param = 0; 1477 int err; 1478 1479 /* Disable the device */ 1480 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1481 wmt_params.flag = 0; 1482 wmt_params.dlen = sizeof(param); 1483 wmt_params.data = ¶m; 1484 wmt_params.status = NULL; 1485 1486 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1487 if (err < 0) { 1488 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1489 return err; 1490 } 1491 1492 return 0; 1493 } 1494 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); 1495 #endif 1496 1497 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1498 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>"); 1499 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION); 1500 MODULE_VERSION(VERSION); 1501 MODULE_LICENSE("GPL"); 1502 MODULE_FIRMWARE(FIRMWARE_MT7622); 1503 MODULE_FIRMWARE(FIRMWARE_MT7663); 1504 MODULE_FIRMWARE(FIRMWARE_MT7668); 1505 MODULE_FIRMWARE(FIRMWARE_MT7922); 1506 MODULE_FIRMWARE(FIRMWARE_MT7961); 1507 MODULE_FIRMWARE(FIRMWARE_MT7925); 1508