1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2021 MediaTek Inc. 3 * 4 */ 5 #include <linux/module.h> 6 #include <linux/firmware.h> 7 #include <linux/usb.h> 8 #include <linux/iopoll.h> 9 #include <linux/unaligned.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btmtk.h" 15 16 #define VERSION "0.1" 17 18 /* It is for mt79xx download rom patch*/ 19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32 20 #define MTK_FW_ROM_PATCH_GD_SIZE 64 21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64 22 #define MTK_SEC_MAP_COMMON_SIZE 12 23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52 24 25 /* It is for mt79xx iso data transmission setting */ 26 #define MTK_ISO_THRESHOLD 264 27 28 struct btmtk_patch_header { 29 u8 datetime[16]; 30 u8 platform[4]; 31 __le16 hwver; 32 __le16 swver; 33 __le32 magicnum; 34 } __packed; 35 36 struct btmtk_global_desc { 37 __le32 patch_ver; 38 __le32 sub_sys; 39 __le32 feature_opt; 40 __le32 section_num; 41 } __packed; 42 43 struct btmtk_section_map { 44 __le32 sectype; 45 __le32 secoffset; 46 __le32 secsize; 47 union { 48 __le32 u4SecSpec[13]; 49 struct { 50 __le32 dlAddr; 51 __le32 dlsize; 52 __le32 seckeyidx; 53 __le32 alignlen; 54 __le32 sectype; 55 __le32 dlmodecrctype; 56 __le32 crc; 57 __le32 reserved[6]; 58 } bin_info_spec; 59 }; 60 } __packed; 61 62 static void btmtk_coredump(struct hci_dev *hdev) 63 { 64 int err; 65 66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL); 67 if (err < 0) 68 bt_dev_err(hdev, "Coredump failed (%d)", err); 69 } 70 71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 struct btmtk_data *data = hci_get_priv(hdev); 74 char buf[80]; 75 76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 77 data->dev_id); 78 skb_put_data(skb, buf, strlen(buf)); 79 80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 81 data->cd_info.fw_version); 82 skb_put_data(skb, buf, strlen(buf)); 83 84 snprintf(buf, sizeof(buf), "Driver: %s\n", 85 data->cd_info.driver_name); 86 skb_put_data(skb, buf, strlen(buf)); 87 88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n"); 89 skb_put_data(skb, buf, strlen(buf)); 90 } 91 92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state) 93 { 94 struct btmtk_data *data = hci_get_priv(hdev); 95 96 switch (state) { 97 case HCI_DEVCOREDUMP_IDLE: 98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 99 break; 100 case HCI_DEVCOREDUMP_ACTIVE: 101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE; 102 break; 103 case HCI_DEVCOREDUMP_TIMEOUT: 104 case HCI_DEVCOREDUMP_ABORT: 105 case HCI_DEVCOREDUMP_DONE: 106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 107 btmtk_reset_sync(hdev); 108 break; 109 } 110 } 111 112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver, 113 u32 fw_flavor) 114 { 115 if (dev_id == 0x6639) 116 snprintf(buf, size, 117 "mediatek/mt7927/BT_RAM_CODE_MT%04x_2_%x_hdr.bin", 118 dev_id & 0xffff, (fw_ver & 0xff) + 1); 119 else if (dev_id == 0x7925) 120 snprintf(buf, size, 121 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 122 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1); 123 else if (dev_id == 0x7961 && fw_flavor) 124 snprintf(buf, size, 125 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin", 126 dev_id & 0xffff, (fw_ver & 0xff) + 1); 127 else 128 snprintf(buf, size, 129 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 130 dev_id & 0xffff, (fw_ver & 0xff) + 1); 131 } 132 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename); 133 134 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, 135 wmt_cmd_sync_func_t wmt_cmd_sync, 136 u32 dev_id) 137 { 138 struct btmtk_hci_wmt_params wmt_params; 139 struct btmtk_patch_header *hdr; 140 struct btmtk_global_desc *globaldesc = NULL; 141 struct btmtk_section_map *sectionmap; 142 const struct firmware *fw; 143 const u8 *fw_ptr; 144 const u8 *fw_bin_ptr; 145 int err, dlen, i, status; 146 u8 flag, first_block, retry; 147 u32 section_num, dl_size, section_offset; 148 u8 cmd[64]; 149 150 err = request_firmware(&fw, fwname, &hdev->dev); 151 if (err < 0) { 152 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 153 return err; 154 } 155 156 fw_ptr = fw->data; 157 fw_bin_ptr = fw_ptr; 158 hdr = (struct btmtk_patch_header *)fw_ptr; 159 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE); 160 section_num = le32_to_cpu(globaldesc->section_num); 161 162 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s", 163 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime); 164 165 for (i = 0; i < section_num; i++) { 166 first_block = 1; 167 fw_ptr = fw_bin_ptr; 168 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 169 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i); 170 171 section_offset = le32_to_cpu(sectionmap->secoffset); 172 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize); 173 174 /* MT6639: only download sections where dlmode byte0 == 0x01, 175 * matching the Windows driver behavior which skips WiFi/other 176 * sections that would cause the chip to hang. 177 */ 178 if (dev_id == 0x6639 && dl_size > 0 && 179 (le32_to_cpu(sectionmap->bin_info_spec.dlmodecrctype) & 0xff) != 0x01) 180 continue; 181 182 if (dl_size > 0) { 183 retry = 20; 184 while (retry > 0) { 185 cmd[0] = 0; /* 0 means legacy dl mode. */ 186 memcpy(cmd + 1, 187 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 188 MTK_FW_ROM_PATCH_GD_SIZE + 189 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + 190 MTK_SEC_MAP_COMMON_SIZE, 191 MTK_SEC_MAP_NEED_SEND_SIZE + 1); 192 193 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 194 wmt_params.status = &status; 195 wmt_params.flag = 0; 196 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1; 197 wmt_params.data = &cmd; 198 199 err = wmt_cmd_sync(hdev, &wmt_params); 200 if (err < 0) { 201 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 202 err); 203 goto err_release_fw; 204 } 205 206 if (status == BTMTK_WMT_PATCH_UNDONE) { 207 break; 208 } else if (status == BTMTK_WMT_PATCH_PROGRESS) { 209 msleep(100); 210 retry--; 211 } else if (status == BTMTK_WMT_PATCH_DONE) { 212 goto next_section; 213 } else { 214 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)", 215 status); 216 err = -EIO; 217 goto err_release_fw; 218 } 219 } 220 221 /* If retry exhausted goto err_release_fw */ 222 if (retry == 0) { 223 err = -EIO; 224 goto err_release_fw; 225 } 226 227 fw_ptr += section_offset; 228 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 229 230 while (dl_size > 0) { 231 dlen = min_t(int, 250, dl_size); 232 if (first_block == 1) { 233 flag = 1; 234 first_block = 0; 235 } else if (dl_size - dlen <= 0) { 236 flag = 3; 237 } else { 238 flag = 2; 239 } 240 241 wmt_params.flag = flag; 242 wmt_params.dlen = dlen; 243 wmt_params.data = fw_ptr; 244 245 err = wmt_cmd_sync(hdev, &wmt_params); 246 /* Status BTMTK_WMT_PATCH_PROGRESS indicates firmware is 247 * in process of being downloaded, which is not expected to 248 * occur here. 249 */ 250 if (status == BTMTK_WMT_PATCH_PROGRESS) { 251 err = -EIO; 252 goto err_release_fw; 253 } else if (err < 0) { 254 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 255 err); 256 goto err_release_fw; 257 } 258 259 dl_size -= dlen; 260 fw_ptr += dlen; 261 } 262 } 263 next_section: 264 continue; 265 } 266 /* Wait a few moments for firmware activation done */ 267 usleep_range(100000, 120000); 268 269 err_release_fw: 270 release_firmware(fw); 271 272 return err; 273 } 274 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx); 275 276 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname, 277 wmt_cmd_sync_func_t wmt_cmd_sync) 278 { 279 struct btmtk_hci_wmt_params wmt_params; 280 const struct firmware *fw; 281 const u8 *fw_ptr; 282 size_t fw_size; 283 int err, dlen; 284 u8 flag, param; 285 286 err = request_firmware(&fw, fwname, &hdev->dev); 287 if (err < 0) { 288 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 289 return err; 290 } 291 292 /* Power on data RAM the firmware relies on. */ 293 param = 1; 294 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 295 wmt_params.flag = 3; 296 wmt_params.dlen = sizeof(param); 297 wmt_params.data = ¶m; 298 wmt_params.status = NULL; 299 300 err = wmt_cmd_sync(hdev, &wmt_params); 301 if (err < 0) { 302 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 303 goto err_release_fw; 304 } 305 306 fw_ptr = fw->data; 307 fw_size = fw->size; 308 309 /* The size of patch header is 30 bytes, should be skip */ 310 if (fw_size < 30) { 311 err = -EINVAL; 312 goto err_release_fw; 313 } 314 315 fw_size -= 30; 316 fw_ptr += 30; 317 flag = 1; 318 319 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 320 wmt_params.status = NULL; 321 322 while (fw_size > 0) { 323 dlen = min_t(int, 250, fw_size); 324 325 /* Tell device the position in sequence */ 326 if (fw_size - dlen <= 0) 327 flag = 3; 328 else if (fw_size < fw->size - 30) 329 flag = 2; 330 331 wmt_params.flag = flag; 332 wmt_params.dlen = dlen; 333 wmt_params.data = fw_ptr; 334 335 err = wmt_cmd_sync(hdev, &wmt_params); 336 if (err < 0) { 337 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 338 err); 339 goto err_release_fw; 340 } 341 342 fw_size -= dlen; 343 fw_ptr += dlen; 344 } 345 346 wmt_params.op = BTMTK_WMT_RST; 347 wmt_params.flag = 4; 348 wmt_params.dlen = 0; 349 wmt_params.data = NULL; 350 wmt_params.status = NULL; 351 352 /* Activate function the firmware providing to */ 353 err = wmt_cmd_sync(hdev, &wmt_params); 354 if (err < 0) { 355 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 356 goto err_release_fw; 357 } 358 359 /* Wait a few moments for firmware activation done */ 360 usleep_range(10000, 12000); 361 362 err_release_fw: 363 release_firmware(fw); 364 365 return err; 366 } 367 EXPORT_SYMBOL_GPL(btmtk_setup_firmware); 368 369 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 370 { 371 struct sk_buff *skb; 372 long ret; 373 374 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT); 375 if (IS_ERR(skb)) { 376 ret = PTR_ERR(skb); 377 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)", 378 ret); 379 return ret; 380 } 381 kfree_skb(skb); 382 383 return 0; 384 } 385 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr); 386 387 void btmtk_reset_sync(struct hci_dev *hdev) 388 { 389 struct btmtk_data *reset_work = hci_get_priv(hdev); 390 int err; 391 392 hci_dev_lock(hdev); 393 394 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL); 395 if (err) 396 bt_dev_err(hdev, "failed to reset (%d)", err); 397 398 hci_dev_unlock(hdev); 399 } 400 EXPORT_SYMBOL_GPL(btmtk_reset_sync); 401 402 int btmtk_register_coredump(struct hci_dev *hdev, const char *name, 403 u32 fw_version) 404 { 405 struct btmtk_data *data = hci_get_priv(hdev); 406 407 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 408 return -EOPNOTSUPP; 409 410 data->cd_info.fw_version = fw_version; 411 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 412 data->cd_info.driver_name = name; 413 414 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr, 415 btmtk_coredump_notify); 416 } 417 EXPORT_SYMBOL_GPL(btmtk_register_coredump); 418 419 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 420 { 421 struct btmtk_data *data = hci_get_priv(hdev); 422 int err; 423 bool complete = false; 424 425 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) { 426 kfree_skb(skb); 427 return 0; 428 } 429 430 switch (data->cd_info.state) { 431 case HCI_DEVCOREDUMP_IDLE: 432 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); 433 if (err < 0) { 434 kfree_skb(skb); 435 break; 436 } 437 data->cd_info.cnt = 0; 438 439 /* It is supposed coredump can be done within 5 seconds */ 440 schedule_delayed_work(&hdev->dump.dump_timeout, 441 msecs_to_jiffies(5000)); 442 fallthrough; 443 case HCI_DEVCOREDUMP_ACTIVE: 444 default: 445 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */ 446 if (data->cd_info.cnt >= MTK_COREDUMP_NUM && 447 skb->len > MTK_COREDUMP_END_LEN) 448 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN], 449 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) 450 complete = true; 451 452 err = hci_devcd_append(hdev, skb); 453 if (err < 0) 454 break; 455 data->cd_info.cnt++; 456 457 if (complete) { 458 bt_dev_info(hdev, "Mediatek coredump end"); 459 hci_devcd_complete(hdev); 460 } 461 462 break; 463 } 464 465 return err; 466 } 467 EXPORT_SYMBOL_GPL(btmtk_process_coredump); 468 469 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) 470 /* Known MT6639 (MT7927) Bluetooth USB devices. 471 * Used to scope the zero-CHIPID workaround to real MT6639 hardware, 472 * since some boards return 0x0000 from the MMIO chip ID register. 473 */ 474 static const struct { 475 u16 vendor; 476 u16 product; 477 } btmtk_mt6639_devs[] = { 478 { 0x0489, 0xe13a }, /* ASUS ROG Crosshair X870E Hero */ 479 { 0x0489, 0xe0fa }, /* Lenovo Legion Pro 7 16ARX9 */ 480 { 0x0489, 0xe10f }, /* Gigabyte Z790 AORUS MASTER X */ 481 { 0x0489, 0xe110 }, /* MSI X870E Ace Max */ 482 { 0x0489, 0xe116 }, /* TP-Link Archer TBE550E */ 483 { 0x13d3, 0x3588 }, /* ASUS ROG STRIX X870E-E */ 484 }; 485 486 static void btmtk_usb_wmt_recv(struct urb *urb) 487 { 488 struct hci_dev *hdev = urb->context; 489 struct btmtk_data *data = hci_get_priv(hdev); 490 struct sk_buff *skb; 491 int err; 492 493 if (urb->status == 0 && urb->actual_length > 0) { 494 hdev->stat.byte_rx += urb->actual_length; 495 496 /* WMT event shouldn't be fragmented and the size should be 497 * less than HCI_WMT_MAX_EVENT_SIZE. 498 */ 499 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 500 if (!skb) { 501 hdev->stat.err_rx++; 502 kfree(urb->setup_packet); 503 return; 504 } 505 506 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 507 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 508 509 /* When someone waits for the WMT event, the skb is being cloned 510 * and being processed the events from there then. 511 */ 512 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) { 513 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 514 if (!data->evt_skb) { 515 kfree_skb(skb); 516 kfree(urb->setup_packet); 517 return; 518 } 519 } 520 521 err = hci_recv_frame(hdev, skb); 522 if (err < 0) { 523 kfree_skb(data->evt_skb); 524 data->evt_skb = NULL; 525 kfree(urb->setup_packet); 526 return; 527 } 528 529 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT, 530 &data->flags)) { 531 /* Barrier to sync with other CPUs */ 532 smp_mb__after_atomic(); 533 wake_up_bit(&data->flags, 534 BTMTK_TX_WAIT_VND_EVT); 535 } 536 kfree(urb->setup_packet); 537 return; 538 } else if (urb->status == -ENOENT) { 539 /* Avoid suspend failed when usb_kill_urb */ 540 kfree(urb->setup_packet); 541 return; 542 } 543 544 usb_mark_last_busy(data->udev); 545 546 /* The URB complete handler is still called with urb->actual_length = 0 547 * when the event is not available, so we should keep re-submitting 548 * URB until WMT event returns, Also, It's necessary to wait some time 549 * between the two consecutive control URBs to relax the target device 550 * to generate the event. Otherwise, the WMT event cannot return from 551 * the device successfully. 552 */ 553 udelay(500); 554 555 usb_anchor_urb(urb, data->ctrl_anchor); 556 err = usb_submit_urb(urb, GFP_ATOMIC); 557 if (err < 0) { 558 kfree(urb->setup_packet); 559 /* -EPERM: urb is being killed; 560 * -ENODEV: device got disconnected 561 */ 562 if (err != -EPERM && err != -ENODEV) 563 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 564 urb, -err); 565 usb_unanchor_urb(urb); 566 } 567 } 568 569 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev) 570 { 571 struct btmtk_data *data = hci_get_priv(hdev); 572 struct usb_ctrlrequest *dr; 573 unsigned char *buf; 574 int err, size = 64; 575 unsigned int pipe; 576 struct urb *urb; 577 578 urb = usb_alloc_urb(0, GFP_KERNEL); 579 if (!urb) 580 return -ENOMEM; 581 582 dr = kmalloc_obj(*dr); 583 if (!dr) { 584 usb_free_urb(urb); 585 return -ENOMEM; 586 } 587 588 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 589 dr->bRequest = 1; 590 dr->wIndex = cpu_to_le16(0); 591 dr->wValue = cpu_to_le16(48); 592 dr->wLength = cpu_to_le16(size); 593 594 buf = kmalloc(size, GFP_KERNEL); 595 if (!buf) { 596 kfree(dr); 597 usb_free_urb(urb); 598 return -ENOMEM; 599 } 600 601 pipe = usb_rcvctrlpipe(data->udev, 0); 602 603 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 604 buf, size, btmtk_usb_wmt_recv, hdev); 605 606 urb->transfer_flags |= URB_FREE_BUFFER; 607 608 usb_anchor_urb(urb, data->ctrl_anchor); 609 err = usb_submit_urb(urb, GFP_KERNEL); 610 if (err < 0) { 611 if (err != -EPERM && err != -ENODEV) 612 bt_dev_err(hdev, "urb %p submission failed (%d)", 613 urb, -err); 614 kfree(dr); 615 usb_unanchor_urb(urb); 616 } 617 618 usb_free_urb(urb); 619 620 return err; 621 } 622 623 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev, 624 struct btmtk_hci_wmt_params *wmt_params) 625 { 626 struct btmtk_data *data = hci_get_priv(hdev); 627 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 628 u32 hlen, status = BTMTK_WMT_INVALID; 629 struct btmtk_hci_wmt_evt *wmt_evt; 630 struct btmtk_hci_wmt_cmd *wc; 631 struct btmtk_wmt_hdr *hdr; 632 int err; 633 634 /* Send the WMT command and wait until the WMT event returns */ 635 hlen = sizeof(*hdr) + wmt_params->dlen; 636 if (hlen > 255) 637 return -EINVAL; 638 639 wc = kzalloc(hlen, GFP_KERNEL); 640 if (!wc) 641 return -ENOMEM; 642 643 hdr = &wc->hdr; 644 hdr->dir = 1; 645 hdr->op = wmt_params->op; 646 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 647 hdr->flag = wmt_params->flag; 648 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 649 650 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 651 652 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 653 * it needs constantly polling control pipe until the host received the 654 * WMT event, thus, we should require to specifically acquire PM counter 655 * on the USB to prevent the interface from entering auto suspended 656 * while WMT cmd/event in progress. 657 */ 658 err = usb_autopm_get_interface(data->intf); 659 if (err < 0) 660 goto err_free_wc; 661 662 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 663 664 if (err < 0) { 665 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 666 usb_autopm_put_interface(data->intf); 667 goto err_free_wc; 668 } 669 670 /* Submit control IN URB on demand to process the WMT event */ 671 err = btmtk_usb_submit_wmt_recv_urb(hdev); 672 673 usb_autopm_put_interface(data->intf); 674 675 if (err < 0) 676 goto err_free_wc; 677 678 /* The vendor specific WMT commands are all answered by a vendor 679 * specific event and will have the Command Status or Command 680 * Complete as with usual HCI command flow control. 681 * 682 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 683 * state to be cleared. The driver specific event receive routine 684 * will clear that state and with that indicate completion of the 685 * WMT command. 686 */ 687 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT, 688 TASK_UNINTERRUPTIBLE, HCI_INIT_TIMEOUT); 689 690 if (err) { 691 bt_dev_err(hdev, "Execution of wmt command timed out"); 692 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 693 err = -ETIMEDOUT; 694 goto err_free_wc; 695 } 696 697 if (data->evt_skb == NULL) 698 goto err_free_wc; 699 700 wmt_evt = skb_pull_data(data->evt_skb, sizeof(*wmt_evt)); 701 if (!wmt_evt) { 702 bt_dev_err(hdev, "WMT event too short (%u bytes)", 703 data->evt_skb->len); 704 err = -EINVAL; 705 goto err_free_skb; 706 } 707 if (wmt_evt->whdr.op != hdr->op) { 708 bt_dev_err(hdev, "Wrong op received %d expected %d", 709 wmt_evt->whdr.op, hdr->op); 710 err = -EIO; 711 goto err_free_skb; 712 } 713 714 switch (wmt_evt->whdr.op) { 715 case BTMTK_WMT_SEMAPHORE: 716 if (wmt_evt->whdr.flag == 2) 717 status = BTMTK_WMT_PATCH_UNDONE; 718 else 719 status = BTMTK_WMT_PATCH_DONE; 720 break; 721 case BTMTK_WMT_FUNC_CTRL: 722 if (!skb_pull_data(data->evt_skb, 723 sizeof(wmt_evt_funcc->status))) { 724 status = BTMTK_WMT_ON_UNDONE; 725 break; 726 } 727 728 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 729 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 730 status = BTMTK_WMT_ON_DONE; 731 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 732 status = BTMTK_WMT_ON_PROGRESS; 733 else 734 status = BTMTK_WMT_ON_UNDONE; 735 break; 736 case BTMTK_WMT_PATCH_DWNLD: 737 if (wmt_evt->whdr.flag == 2) 738 status = BTMTK_WMT_PATCH_DONE; 739 else if (wmt_evt->whdr.flag == 1) 740 status = BTMTK_WMT_PATCH_PROGRESS; 741 else 742 status = BTMTK_WMT_PATCH_UNDONE; 743 break; 744 } 745 746 if (wmt_params->status) 747 *wmt_params->status = status; 748 749 err_free_skb: 750 kfree_skb(data->evt_skb); 751 data->evt_skb = NULL; 752 err_free_wc: 753 kfree(wc); 754 return err; 755 } 756 757 static int btmtk_usb_func_query(struct hci_dev *hdev) 758 { 759 struct btmtk_hci_wmt_params wmt_params; 760 int status, err; 761 u8 param = 0; 762 763 /* Query whether the function is enabled */ 764 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 765 wmt_params.flag = 4; 766 wmt_params.dlen = sizeof(param); 767 wmt_params.data = ¶m; 768 wmt_params.status = &status; 769 770 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 771 if (err < 0) { 772 bt_dev_err(hdev, "Failed to query function status (%d)", err); 773 return err; 774 } 775 776 return status; 777 } 778 779 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val) 780 { 781 struct btmtk_data *data = hci_get_priv(hdev); 782 int pipe, err; 783 void *buf; 784 785 buf = kzalloc(4, GFP_KERNEL); 786 if (!buf) 787 return -ENOMEM; 788 789 put_unaligned_le32(val, buf); 790 791 pipe = usb_sndctrlpipe(data->udev, 0); 792 err = usb_control_msg(data->udev, pipe, 0x02, 793 0x5E, 794 reg >> 16, reg & 0xffff, 795 buf, 4, USB_CTRL_SET_TIMEOUT); 796 if (err < 0) 797 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 798 799 kfree(buf); 800 801 return err; 802 } 803 804 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 805 { 806 struct btmtk_data *data = hci_get_priv(hdev); 807 int pipe, err; 808 void *buf; 809 810 buf = kzalloc(4, GFP_KERNEL); 811 if (!buf) 812 return -ENOMEM; 813 814 pipe = usb_rcvctrlpipe(data->udev, 0); 815 err = usb_control_msg(data->udev, pipe, 0x01, 816 0xDE, 817 reg >> 16, reg & 0xffff, 818 buf, 4, USB_CTRL_GET_TIMEOUT); 819 if (err < 0) { 820 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 821 goto err_free_buf; 822 } 823 824 *val = get_unaligned_le32(buf); 825 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 826 827 err_free_buf: 828 kfree(buf); 829 830 return err; 831 } 832 833 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 834 { 835 struct btmtk_data *data = hci_get_priv(hdev); 836 int pipe, err, size = sizeof(u32); 837 void *buf; 838 839 buf = kzalloc(size, GFP_KERNEL); 840 if (!buf) 841 return -ENOMEM; 842 843 pipe = usb_rcvctrlpipe(data->udev, 0); 844 err = usb_control_msg(data->udev, pipe, 0x63, 845 USB_TYPE_VENDOR | USB_DIR_IN, 846 reg >> 16, reg & 0xffff, 847 buf, size, USB_CTRL_GET_TIMEOUT); 848 if (err < 0) 849 goto err_free_buf; 850 851 *val = get_unaligned_le32(buf); 852 853 err_free_buf: 854 kfree(buf); 855 856 return err; 857 } 858 859 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id) 860 { 861 return btmtk_usb_reg_read(hdev, reg, id); 862 } 863 864 static u32 btmtk_usb_reset_done(struct hci_dev *hdev) 865 { 866 u32 val = 0; 867 868 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val); 869 870 return val & MTK_BT_RST_DONE; 871 } 872 873 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id) 874 { 875 u32 val; 876 int err; 877 878 if (dev_id == 0x7922) { 879 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 880 if (err < 0) 881 return err; 882 val |= 0x00002020; 883 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 884 if (err < 0) 885 return err; 886 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 887 if (err < 0) 888 return err; 889 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 890 if (err < 0) 891 return err; 892 val |= BIT(0); 893 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 894 if (err < 0) 895 return err; 896 msleep(100); 897 } else if (dev_id == 0x7925 || dev_id == 0x6639) { 898 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 899 if (err < 0) 900 return err; 901 val |= (1 << 5); 902 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 903 if (err < 0) 904 return err; 905 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 906 if (err < 0) 907 return err; 908 val &= 0xFFFF00FF; 909 val |= (1 << 13); 910 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 911 if (err < 0) 912 return err; 913 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 914 if (err < 0) 915 return err; 916 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 917 if (err < 0) 918 return err; 919 val |= (1 << 0); 920 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 921 if (err < 0) 922 return err; 923 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 924 if (err < 0) 925 return err; 926 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 927 if (err < 0) 928 return err; 929 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 930 if (err < 0) 931 return err; 932 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 933 if (err < 0) 934 return err; 935 msleep(100); 936 } else { 937 /* It's Device EndPoint Reset Option Register */ 938 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 939 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 940 if (err < 0) 941 return err; 942 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val); 943 if (err < 0) 944 return err; 945 /* Reset the bluetooth chip via USB interface. */ 946 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1); 947 if (err < 0) 948 return err; 949 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 950 if (err < 0) 951 return err; 952 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 953 if (err < 0) 954 return err; 955 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 956 if (err < 0) 957 return err; 958 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 959 if (err < 0) 960 return err; 961 /* MT7921 need to delay 20ms between toggle reset bit */ 962 msleep(20); 963 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0); 964 if (err < 0) 965 return err; 966 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 967 if (err < 0) 968 return err; 969 } 970 971 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val, 972 val & MTK_BT_RST_DONE, 20000, 1000000); 973 if (err < 0) 974 bt_dev_err(hdev, "Reset timeout"); 975 976 if (dev_id == 0x7922) { 977 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 978 if (err < 0) 979 return err; 980 } 981 982 err = btmtk_usb_id_get(hdev, 0x70010200, &val); 983 if (err < 0 || (!val && dev_id != 0x6639)) 984 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 985 986 return err; 987 } 988 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset); 989 990 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 991 { 992 struct btmtk_data *data = hci_get_priv(hdev); 993 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 994 995 switch (handle) { 996 case 0xfc6f: /* Firmware dump from device */ 997 /* When the firmware hangs, the device can no longer 998 * suspend and thus disable auto-suspend. 999 */ 1000 usb_disable_autosuspend(data->udev); 1001 1002 /* We need to forward the diagnostic packet to userspace daemon 1003 * for backward compatibility, so we have to clone the packet 1004 * extraly for the in-kernel coredump support. 1005 */ 1006 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) { 1007 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC); 1008 1009 if (skb_cd) 1010 btmtk_process_coredump(hdev, skb_cd); 1011 } 1012 1013 fallthrough; 1014 case 0x05ff: /* Firmware debug logging 1 */ 1015 case 0x05fe: /* Firmware debug logging 2 */ 1016 return hci_recv_diag(hdev, skb); 1017 } 1018 1019 return hci_recv_frame(hdev, skb); 1020 } 1021 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl); 1022 1023 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb) 1024 { 1025 if (skb->len > MTK_ISO_THRESHOLD) 1026 return -EINVAL; 1027 1028 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len)) 1029 return -ENOMEM; 1030 1031 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len); 1032 1033 return 0; 1034 } 1035 1036 static int __set_mtk_intr_interface(struct hci_dev *hdev) 1037 { 1038 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1039 struct usb_interface *intf = btmtk_data->isopkt_intf; 1040 int err; 1041 1042 if (!btmtk_data->isopkt_intf) 1043 return -ENODEV; 1044 1045 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1046 (intf->num_altsetting > 1) ? 1 : 0); 1047 if (err < 0) { 1048 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1049 return err; 1050 } 1051 1052 err = usb_find_common_endpoints(intf->cur_altsetting, NULL, NULL, 1053 &btmtk_data->isopkt_rx_ep, 1054 &btmtk_data->isopkt_tx_ep); 1055 if (err) { 1056 bt_dev_err(hdev, "invalid interrupt descriptors"); 1057 return -ENODEV; 1058 } 1059 1060 return 0; 1061 } 1062 1063 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb, 1064 usb_complete_t tx_complete) 1065 { 1066 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1067 struct urb *urb; 1068 unsigned int pipe; 1069 1070 if (!btmtk_data->isopkt_tx_ep) 1071 return ERR_PTR(-ENODEV); 1072 1073 urb = usb_alloc_urb(0, GFP_KERNEL); 1074 if (!urb) 1075 return ERR_PTR(-ENOMEM); 1076 1077 if (btmtk_isopkt_pad(hdev, skb)) 1078 return ERR_PTR(-EINVAL); 1079 1080 pipe = usb_sndintpipe(btmtk_data->udev, 1081 btmtk_data->isopkt_tx_ep->bEndpointAddress); 1082 1083 usb_fill_int_urb(urb, btmtk_data->udev, pipe, 1084 skb->data, skb->len, tx_complete, 1085 skb, btmtk_data->isopkt_tx_ep->bInterval); 1086 1087 skb->dev = (void *)hdev; 1088 1089 return urb; 1090 } 1091 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb); 1092 1093 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count) 1094 { 1095 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1096 struct sk_buff *skb; 1097 unsigned long flags; 1098 int err = 0; 1099 1100 spin_lock_irqsave(&btmtk_data->isorxlock, flags); 1101 skb = btmtk_data->isopkt_skb; 1102 1103 while (count) { 1104 int len; 1105 1106 if (!skb) { 1107 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC); 1108 if (!skb) { 1109 err = -ENOMEM; 1110 break; 1111 } 1112 1113 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1114 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE; 1115 } 1116 1117 len = min_t(uint, hci_skb_expect(skb), count); 1118 skb_put_data(skb, buffer, len); 1119 1120 count -= len; 1121 buffer += len; 1122 hci_skb_expect(skb) -= len; 1123 1124 if (skb->len == HCI_ISO_HDR_SIZE) { 1125 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen; 1126 1127 /* Complete ISO header */ 1128 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1129 1130 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1131 kfree_skb(skb); 1132 skb = NULL; 1133 1134 err = -EILSEQ; 1135 break; 1136 } 1137 } 1138 1139 if (!hci_skb_expect(skb)) { 1140 /* Complete frame */ 1141 hci_recv_frame(hdev, skb); 1142 skb = NULL; 1143 } 1144 } 1145 1146 btmtk_data->isopkt_skb = skb; 1147 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags); 1148 1149 return err; 1150 } 1151 1152 static void btmtk_intr_complete(struct urb *urb) 1153 { 1154 struct hci_dev *hdev = urb->context; 1155 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1156 int err; 1157 1158 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1159 urb->actual_length); 1160 1161 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1162 return; 1163 1164 if (hdev->suspended) 1165 return; 1166 1167 if (urb->status == 0) { 1168 hdev->stat.byte_rx += urb->actual_length; 1169 1170 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer, 1171 urb->actual_length) < 0) { 1172 bt_dev_err(hdev, "corrupted iso packet"); 1173 hdev->stat.err_rx++; 1174 } 1175 } else if (urb->status == -ENOENT) { 1176 /* Avoid suspend failed when usb_kill_urb */ 1177 return; 1178 } 1179 1180 usb_mark_last_busy(btmtk_data->udev); 1181 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1182 1183 err = usb_submit_urb(urb, GFP_ATOMIC); 1184 if (err < 0) { 1185 /* -EPERM: urb is being killed; 1186 * -ENODEV: device got disconnected 1187 */ 1188 if (err != -EPERM && err != -ENODEV) 1189 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1190 urb, -err); 1191 if (err != -EPERM) 1192 hci_cmd_sync_cancel(hdev, -err); 1193 usb_unanchor_urb(urb); 1194 } 1195 } 1196 1197 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1198 { 1199 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1200 unsigned char *buf; 1201 unsigned int pipe; 1202 struct urb *urb; 1203 int err, size; 1204 1205 BT_DBG("%s", hdev->name); 1206 1207 if (!btmtk_data->isopkt_rx_ep) 1208 return -ENODEV; 1209 1210 urb = usb_alloc_urb(0, mem_flags); 1211 if (!urb) 1212 return -ENOMEM; 1213 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize); 1214 1215 buf = kmalloc(size, mem_flags); 1216 if (!buf) { 1217 usb_free_urb(urb); 1218 return -ENOMEM; 1219 } 1220 1221 pipe = usb_rcvintpipe(btmtk_data->udev, 1222 btmtk_data->isopkt_rx_ep->bEndpointAddress); 1223 1224 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size, 1225 btmtk_intr_complete, hdev, 1226 btmtk_data->isopkt_rx_ep->bInterval); 1227 1228 urb->transfer_flags |= URB_FREE_BUFFER; 1229 1230 usb_mark_last_busy(btmtk_data->udev); 1231 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1232 1233 err = usb_submit_urb(urb, mem_flags); 1234 if (err < 0) { 1235 if (err != -EPERM && err != -ENODEV) 1236 bt_dev_err(hdev, "urb %p submission failed (%d)", 1237 urb, -err); 1238 usb_unanchor_urb(urb); 1239 } 1240 1241 usb_free_urb(urb); 1242 1243 return err; 1244 } 1245 1246 static int btmtk_usb_isointf_init(struct hci_dev *hdev) 1247 { 1248 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1249 u8 iso_param[2] = { 0x08, 0x01 }; 1250 struct sk_buff *skb; 1251 int err; 1252 1253 spin_lock_init(&btmtk_data->isorxlock); 1254 1255 __set_mtk_intr_interface(hdev); 1256 1257 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL); 1258 if (err < 0) { 1259 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1260 bt_dev_err(hdev, "ISO intf not support (%d)", err); 1261 return err; 1262 } 1263 1264 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param, 1265 HCI_INIT_TIMEOUT); 1266 if (IS_ERR(skb)) { 1267 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb)); 1268 return PTR_ERR(skb); 1269 } 1270 kfree_skb(skb); 1271 1272 return 0; 1273 } 1274 1275 int btmtk_usb_resume(struct hci_dev *hdev) 1276 { 1277 /* This function describes the specific additional steps taken by MediaTek 1278 * when Bluetooth usb driver's resume function is called. 1279 */ 1280 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1281 1282 /* Resubmit urb for iso data transmission */ 1283 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) { 1284 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0) 1285 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1286 } 1287 1288 return 0; 1289 } 1290 EXPORT_SYMBOL_GPL(btmtk_usb_resume); 1291 1292 int btmtk_usb_suspend(struct hci_dev *hdev) 1293 { 1294 /* This function describes the specific additional steps taken by MediaTek 1295 * when Bluetooth usb driver's suspend function is called. 1296 */ 1297 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1298 1299 /* Stop urb anchor for iso data transmission */ 1300 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) 1301 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1302 1303 return 0; 1304 } 1305 EXPORT_SYMBOL_GPL(btmtk_usb_suspend); 1306 1307 int btmtk_usb_setup(struct hci_dev *hdev) 1308 { 1309 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1310 struct btmtk_hci_wmt_params wmt_params; 1311 ktime_t calltime, delta, rettime; 1312 struct btmtk_tci_sleep tci_sleep; 1313 unsigned long long duration; 1314 struct sk_buff *skb; 1315 const char *fwname; 1316 int err, status; 1317 u32 dev_id = 0; 1318 char fw_bin_name[64]; 1319 u32 fw_version = 0, fw_flavor = 0; 1320 u8 param; 1321 1322 calltime = ktime_get(); 1323 1324 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id); 1325 if (err < 0) { 1326 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1327 return err; 1328 } 1329 1330 if (!dev_id || dev_id != 0x7663) { 1331 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id); 1332 if (err < 0) { 1333 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1334 return err; 1335 } 1336 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version); 1337 if (err < 0) { 1338 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 1339 return err; 1340 } 1341 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor); 1342 if (err < 0) { 1343 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err); 1344 return err; 1345 } 1346 fw_flavor = (fw_flavor & 0x00000080) >> 7; 1347 } 1348 1349 if (!dev_id) { 1350 u16 vid = le16_to_cpu(btmtk_data->udev->descriptor.idVendor); 1351 u16 pid = le16_to_cpu(btmtk_data->udev->descriptor.idProduct); 1352 int i; 1353 1354 for (i = 0; i < ARRAY_SIZE(btmtk_mt6639_devs); i++) { 1355 if (vid == btmtk_mt6639_devs[i].vendor && 1356 pid == btmtk_mt6639_devs[i].product) { 1357 dev_id = 0x6639; 1358 break; 1359 } 1360 } 1361 1362 if (dev_id) 1363 bt_dev_info(hdev, "MT6639: CHIPID=0x0000 with VID=%04x PID=%04x, using 0x6639", 1364 vid, pid); 1365 } 1366 1367 btmtk_data->dev_id = dev_id; 1368 1369 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version); 1370 if (err < 0) 1371 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 1372 1373 switch (dev_id) { 1374 case 0x7663: 1375 fwname = FIRMWARE_MT7663; 1376 break; 1377 case 0x7668: 1378 fwname = FIRMWARE_MT7668; 1379 break; 1380 case 0x7922: 1381 case 0x7925: 1382 case 0x7961: 1383 case 0x7902: 1384 case 0x6639: 1385 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, 1386 fw_version, fw_flavor); 1387 1388 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 1389 btmtk_usb_hci_wmt_sync, 1390 dev_id); 1391 if (err < 0) { 1392 /* retry once if setup firmware error */ 1393 if (!test_and_set_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags)) 1394 btmtk_reset_sync(hdev); 1395 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 1396 return err; 1397 } 1398 1399 /* It's Device EndPoint Reset Option Register */ 1400 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 1401 MTK_EP_RST_IN_OUT_OPT); 1402 if (err < 0) 1403 return err; 1404 1405 /* Enable Bluetooth protocol */ 1406 param = 1; 1407 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1408 wmt_params.flag = 0; 1409 wmt_params.dlen = sizeof(param); 1410 wmt_params.data = ¶m; 1411 wmt_params.status = NULL; 1412 1413 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1414 if (err < 0) { 1415 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1416 return err; 1417 } 1418 1419 hci_set_msft_opcode(hdev, 0xFD30); 1420 hci_set_aosp_capable(hdev); 1421 1422 /* Clear BTMTK_FIRMWARE_DL_RETRY if setup successfully */ 1423 test_and_clear_bit(BTMTK_FIRMWARE_DL_RETRY, &btmtk_data->flags); 1424 1425 /* Set up ISO interface after protocol enabled */ 1426 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 1427 if (!btmtk_usb_isointf_init(hdev)) 1428 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1429 } 1430 1431 goto done; 1432 default: 1433 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 1434 dev_id); 1435 return -ENODEV; 1436 } 1437 1438 /* Query whether the firmware is already download */ 1439 wmt_params.op = BTMTK_WMT_SEMAPHORE; 1440 wmt_params.flag = 1; 1441 wmt_params.dlen = 0; 1442 wmt_params.data = NULL; 1443 wmt_params.status = &status; 1444 1445 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1446 if (err < 0) { 1447 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 1448 return err; 1449 } 1450 1451 if (status == BTMTK_WMT_PATCH_DONE) { 1452 bt_dev_info(hdev, "firmware already downloaded"); 1453 goto ignore_setup_fw; 1454 } 1455 1456 /* Setup a firmware which the device definitely requires */ 1457 err = btmtk_setup_firmware(hdev, fwname, 1458 btmtk_usb_hci_wmt_sync); 1459 if (err < 0) 1460 return err; 1461 1462 ignore_setup_fw: 1463 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status, 1464 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 1465 2000, 5000000); 1466 /* -ETIMEDOUT happens */ 1467 if (err < 0) 1468 return err; 1469 1470 /* The other errors happen in btmtk_usb_func_query */ 1471 if (status < 0) 1472 return status; 1473 1474 if (status == BTMTK_WMT_ON_DONE) { 1475 bt_dev_info(hdev, "function already on"); 1476 goto ignore_func_on; 1477 } 1478 1479 /* Enable Bluetooth protocol */ 1480 param = 1; 1481 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1482 wmt_params.flag = 0; 1483 wmt_params.dlen = sizeof(param); 1484 wmt_params.data = ¶m; 1485 wmt_params.status = NULL; 1486 1487 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1488 if (err < 0) { 1489 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1490 return err; 1491 } 1492 1493 ignore_func_on: 1494 /* Apply the low power environment setup */ 1495 tci_sleep.mode = 0x5; 1496 tci_sleep.duration = cpu_to_le16(0x640); 1497 tci_sleep.host_duration = cpu_to_le16(0x640); 1498 tci_sleep.host_wakeup_pin = 0; 1499 tci_sleep.time_compensation = 0; 1500 1501 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 1502 HCI_INIT_TIMEOUT); 1503 if (IS_ERR(skb)) { 1504 err = PTR_ERR(skb); 1505 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 1506 return err; 1507 } 1508 kfree_skb(skb); 1509 1510 done: 1511 rettime = ktime_get(); 1512 delta = ktime_sub(rettime, calltime); 1513 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1514 1515 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1516 1517 return 0; 1518 } 1519 EXPORT_SYMBOL_GPL(btmtk_usb_setup); 1520 1521 int btmtk_usb_shutdown(struct hci_dev *hdev) 1522 { 1523 struct btmtk_data *data = hci_get_priv(hdev); 1524 struct btmtk_hci_wmt_params wmt_params; 1525 u8 param = 0; 1526 int err; 1527 1528 err = usb_autopm_get_interface(data->intf); 1529 if (err < 0) 1530 return err; 1531 1532 /* Disable the device */ 1533 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1534 wmt_params.flag = 0; 1535 wmt_params.dlen = sizeof(param); 1536 wmt_params.data = ¶m; 1537 wmt_params.status = NULL; 1538 1539 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1540 if (err < 0) { 1541 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1542 usb_autopm_put_interface(data->intf); 1543 return err; 1544 } 1545 1546 usb_autopm_put_interface(data->intf); 1547 return 0; 1548 } 1549 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); 1550 #endif 1551 1552 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1553 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>"); 1554 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION); 1555 MODULE_VERSION(VERSION); 1556 MODULE_LICENSE("GPL"); 1557 MODULE_FIRMWARE(FIRMWARE_MT7622); 1558 MODULE_FIRMWARE(FIRMWARE_MT7663); 1559 MODULE_FIRMWARE(FIRMWARE_MT7668); 1560 MODULE_FIRMWARE(FIRMWARE_MT7922); 1561 MODULE_FIRMWARE(FIRMWARE_MT7961); 1562 MODULE_FIRMWARE(FIRMWARE_MT7925); 1563 MODULE_FIRMWARE(FIRMWARE_MT7927); 1564