xref: /linux/drivers/bluetooth/btmtk.c (revision bde5d79d00255db609fe9d859eef8c7b6d38b137)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2021 MediaTek Inc.
3  *
4  */
5 #include <linux/module.h>
6 #include <linux/firmware.h>
7 #include <linux/usb.h>
8 #include <linux/iopoll.h>
9 #include <asm/unaligned.h>
10 
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13 
14 #include "btmtk.h"
15 
16 #define VERSION "0.1"
17 
18 /* It is for mt79xx download rom patch*/
19 #define MTK_FW_ROM_PATCH_HEADER_SIZE	32
20 #define MTK_FW_ROM_PATCH_GD_SIZE	64
21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE	64
22 #define MTK_SEC_MAP_COMMON_SIZE	12
23 #define MTK_SEC_MAP_NEED_SEND_SIZE	52
24 
25 /* It is for mt79xx iso data transmission setting */
26 #define MTK_ISO_THRESHOLD	264
27 
28 struct btmtk_patch_header {
29 	u8 datetime[16];
30 	u8 platform[4];
31 	__le16 hwver;
32 	__le16 swver;
33 	__le32 magicnum;
34 } __packed;
35 
36 struct btmtk_global_desc {
37 	__le32 patch_ver;
38 	__le32 sub_sys;
39 	__le32 feature_opt;
40 	__le32 section_num;
41 } __packed;
42 
43 struct btmtk_section_map {
44 	__le32 sectype;
45 	__le32 secoffset;
46 	__le32 secsize;
47 	union {
48 		__le32 u4SecSpec[13];
49 		struct {
50 			__le32 dlAddr;
51 			__le32 dlsize;
52 			__le32 seckeyidx;
53 			__le32 alignlen;
54 			__le32 sectype;
55 			__le32 dlmodecrctype;
56 			__le32 crc;
57 			__le32 reserved[6];
58 		} bin_info_spec;
59 	};
60 } __packed;
61 
62 static void btmtk_coredump(struct hci_dev *hdev)
63 {
64 	int err;
65 
66 	err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
67 	if (err < 0)
68 		bt_dev_err(hdev, "Coredump failed (%d)", err);
69 }
70 
71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73 	struct btmtk_data *data = hci_get_priv(hdev);
74 	char buf[80];
75 
76 	snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
77 		 data->dev_id);
78 	skb_put_data(skb, buf, strlen(buf));
79 
80 	snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
81 		 data->cd_info.fw_version);
82 	skb_put_data(skb, buf, strlen(buf));
83 
84 	snprintf(buf, sizeof(buf), "Driver: %s\n",
85 		 data->cd_info.driver_name);
86 	skb_put_data(skb, buf, strlen(buf));
87 
88 	snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
89 	skb_put_data(skb, buf, strlen(buf));
90 }
91 
92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
93 {
94 	struct btmtk_data *data = hci_get_priv(hdev);
95 
96 	switch (state) {
97 	case HCI_DEVCOREDUMP_IDLE:
98 		data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
99 		break;
100 	case HCI_DEVCOREDUMP_ACTIVE:
101 		data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
102 		break;
103 	case HCI_DEVCOREDUMP_TIMEOUT:
104 	case HCI_DEVCOREDUMP_ABORT:
105 	case HCI_DEVCOREDUMP_DONE:
106 		data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
107 		btmtk_reset_sync(hdev);
108 		break;
109 	}
110 }
111 
112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver,
113 			   u32 fw_flavor)
114 {
115 	if (dev_id == 0x7925)
116 		snprintf(buf, size,
117 			 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
118 			 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1);
119 	else if (dev_id == 0x7961 && fw_flavor)
120 		snprintf(buf, size,
121 			 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
122 			 dev_id & 0xffff, (fw_ver & 0xff) + 1);
123 	else
124 		snprintf(buf, size,
125 			 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
126 			 dev_id & 0xffff, (fw_ver & 0xff) + 1);
127 }
128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename);
129 
130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
131 			      wmt_cmd_sync_func_t wmt_cmd_sync)
132 {
133 	struct btmtk_hci_wmt_params wmt_params;
134 	struct btmtk_patch_header *hdr;
135 	struct btmtk_global_desc *globaldesc = NULL;
136 	struct btmtk_section_map *sectionmap;
137 	const struct firmware *fw;
138 	const u8 *fw_ptr;
139 	const u8 *fw_bin_ptr;
140 	int err, dlen, i, status;
141 	u8 flag, first_block, retry;
142 	u32 section_num, dl_size, section_offset;
143 	u8 cmd[64];
144 
145 	err = request_firmware(&fw, fwname, &hdev->dev);
146 	if (err < 0) {
147 		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
148 		return err;
149 	}
150 
151 	fw_ptr = fw->data;
152 	fw_bin_ptr = fw_ptr;
153 	hdr = (struct btmtk_patch_header *)fw_ptr;
154 	globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
155 	section_num = le32_to_cpu(globaldesc->section_num);
156 
157 	bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
158 		    le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
159 
160 	for (i = 0; i < section_num; i++) {
161 		first_block = 1;
162 		fw_ptr = fw_bin_ptr;
163 		sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
164 			      MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
165 
166 		section_offset = le32_to_cpu(sectionmap->secoffset);
167 		dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
168 
169 		if (dl_size > 0) {
170 			retry = 20;
171 			while (retry > 0) {
172 				cmd[0] = 0; /* 0 means legacy dl mode. */
173 				memcpy(cmd + 1,
174 				       fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
175 				       MTK_FW_ROM_PATCH_GD_SIZE +
176 				       MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
177 				       MTK_SEC_MAP_COMMON_SIZE,
178 				       MTK_SEC_MAP_NEED_SEND_SIZE + 1);
179 
180 				wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
181 				wmt_params.status = &status;
182 				wmt_params.flag = 0;
183 				wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
184 				wmt_params.data = &cmd;
185 
186 				err = wmt_cmd_sync(hdev, &wmt_params);
187 				if (err < 0) {
188 					bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
189 						   err);
190 					goto err_release_fw;
191 				}
192 
193 				if (status == BTMTK_WMT_PATCH_UNDONE) {
194 					break;
195 				} else if (status == BTMTK_WMT_PATCH_PROGRESS) {
196 					msleep(100);
197 					retry--;
198 				} else if (status == BTMTK_WMT_PATCH_DONE) {
199 					goto next_section;
200 				} else {
201 					bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
202 						   status);
203 					err = -EIO;
204 					goto err_release_fw;
205 				}
206 			}
207 
208 			fw_ptr += section_offset;
209 			wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
210 			wmt_params.status = NULL;
211 
212 			while (dl_size > 0) {
213 				dlen = min_t(int, 250, dl_size);
214 				if (first_block == 1) {
215 					flag = 1;
216 					first_block = 0;
217 				} else if (dl_size - dlen <= 0) {
218 					flag = 3;
219 				} else {
220 					flag = 2;
221 				}
222 
223 				wmt_params.flag = flag;
224 				wmt_params.dlen = dlen;
225 				wmt_params.data = fw_ptr;
226 
227 				err = wmt_cmd_sync(hdev, &wmt_params);
228 				if (err < 0) {
229 					bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
230 						   err);
231 					goto err_release_fw;
232 				}
233 
234 				dl_size -= dlen;
235 				fw_ptr += dlen;
236 			}
237 		}
238 next_section:
239 		continue;
240 	}
241 	/* Wait a few moments for firmware activation done */
242 	usleep_range(100000, 120000);
243 
244 err_release_fw:
245 	release_firmware(fw);
246 
247 	return err;
248 }
249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx);
250 
251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
252 			 wmt_cmd_sync_func_t wmt_cmd_sync)
253 {
254 	struct btmtk_hci_wmt_params wmt_params;
255 	const struct firmware *fw;
256 	const u8 *fw_ptr;
257 	size_t fw_size;
258 	int err, dlen;
259 	u8 flag, param;
260 
261 	err = request_firmware(&fw, fwname, &hdev->dev);
262 	if (err < 0) {
263 		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
264 		return err;
265 	}
266 
267 	/* Power on data RAM the firmware relies on. */
268 	param = 1;
269 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
270 	wmt_params.flag = 3;
271 	wmt_params.dlen = sizeof(param);
272 	wmt_params.data = &param;
273 	wmt_params.status = NULL;
274 
275 	err = wmt_cmd_sync(hdev, &wmt_params);
276 	if (err < 0) {
277 		bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
278 		goto err_release_fw;
279 	}
280 
281 	fw_ptr = fw->data;
282 	fw_size = fw->size;
283 
284 	/* The size of patch header is 30 bytes, should be skip */
285 	if (fw_size < 30) {
286 		err = -EINVAL;
287 		goto err_release_fw;
288 	}
289 
290 	fw_size -= 30;
291 	fw_ptr += 30;
292 	flag = 1;
293 
294 	wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
295 	wmt_params.status = NULL;
296 
297 	while (fw_size > 0) {
298 		dlen = min_t(int, 250, fw_size);
299 
300 		/* Tell device the position in sequence */
301 		if (fw_size - dlen <= 0)
302 			flag = 3;
303 		else if (fw_size < fw->size - 30)
304 			flag = 2;
305 
306 		wmt_params.flag = flag;
307 		wmt_params.dlen = dlen;
308 		wmt_params.data = fw_ptr;
309 
310 		err = wmt_cmd_sync(hdev, &wmt_params);
311 		if (err < 0) {
312 			bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
313 				   err);
314 			goto err_release_fw;
315 		}
316 
317 		fw_size -= dlen;
318 		fw_ptr += dlen;
319 	}
320 
321 	wmt_params.op = BTMTK_WMT_RST;
322 	wmt_params.flag = 4;
323 	wmt_params.dlen = 0;
324 	wmt_params.data = NULL;
325 	wmt_params.status = NULL;
326 
327 	/* Activate funciton the firmware providing to */
328 	err = wmt_cmd_sync(hdev, &wmt_params);
329 	if (err < 0) {
330 		bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
331 		goto err_release_fw;
332 	}
333 
334 	/* Wait a few moments for firmware activation done */
335 	usleep_range(10000, 12000);
336 
337 err_release_fw:
338 	release_firmware(fw);
339 
340 	return err;
341 }
342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware);
343 
344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
345 {
346 	struct sk_buff *skb;
347 	long ret;
348 
349 	skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT);
350 	if (IS_ERR(skb)) {
351 		ret = PTR_ERR(skb);
352 		bt_dev_err(hdev, "changing Mediatek device address failed (%ld)",
353 			   ret);
354 		return ret;
355 	}
356 	kfree_skb(skb);
357 
358 	return 0;
359 }
360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
361 
362 void btmtk_reset_sync(struct hci_dev *hdev)
363 {
364 	struct btmtk_data *reset_work = hci_get_priv(hdev);
365 	int err;
366 
367 	hci_dev_lock(hdev);
368 
369 	err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
370 	if (err)
371 		bt_dev_err(hdev, "failed to reset (%d)", err);
372 
373 	hci_dev_unlock(hdev);
374 }
375 EXPORT_SYMBOL_GPL(btmtk_reset_sync);
376 
377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
378 			    u32 fw_version)
379 {
380 	struct btmtk_data *data = hci_get_priv(hdev);
381 
382 	if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
383 		return -EOPNOTSUPP;
384 
385 	data->cd_info.fw_version = fw_version;
386 	data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
387 	data->cd_info.driver_name = name;
388 
389 	return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
390 				  btmtk_coredump_notify);
391 }
392 EXPORT_SYMBOL_GPL(btmtk_register_coredump);
393 
394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
395 {
396 	struct btmtk_data *data = hci_get_priv(hdev);
397 	int err;
398 
399 	if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
400 		kfree_skb(skb);
401 		return 0;
402 	}
403 
404 	switch (data->cd_info.state) {
405 	case HCI_DEVCOREDUMP_IDLE:
406 		err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
407 		if (err < 0) {
408 			kfree_skb(skb);
409 			break;
410 		}
411 		data->cd_info.cnt = 0;
412 
413 		/* It is supposed coredump can be done within 5 seconds */
414 		schedule_delayed_work(&hdev->dump.dump_timeout,
415 				      msecs_to_jiffies(5000));
416 		fallthrough;
417 	case HCI_DEVCOREDUMP_ACTIVE:
418 	default:
419 		err = hci_devcd_append(hdev, skb);
420 		if (err < 0)
421 			break;
422 		data->cd_info.cnt++;
423 
424 		/* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
425 		if (data->cd_info.cnt > MTK_COREDUMP_NUM &&
426 		    skb->len > MTK_COREDUMP_END_LEN)
427 			if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
428 				    MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) {
429 				bt_dev_info(hdev, "Mediatek coredump end");
430 				hci_devcd_complete(hdev);
431 			}
432 
433 		break;
434 	}
435 
436 	return err;
437 }
438 EXPORT_SYMBOL_GPL(btmtk_process_coredump);
439 
440 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK)
441 static void btmtk_usb_wmt_recv(struct urb *urb)
442 {
443 	struct hci_dev *hdev = urb->context;
444 	struct btmtk_data *data = hci_get_priv(hdev);
445 	struct sk_buff *skb;
446 	int err;
447 
448 	if (urb->status == 0 && urb->actual_length > 0) {
449 		hdev->stat.byte_rx += urb->actual_length;
450 
451 		/* WMT event shouldn't be fragmented and the size should be
452 		 * less than HCI_WMT_MAX_EVENT_SIZE.
453 		 */
454 		skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
455 		if (!skb) {
456 			hdev->stat.err_rx++;
457 			kfree(urb->setup_packet);
458 			return;
459 		}
460 
461 		hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
462 		skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
463 
464 		/* When someone waits for the WMT event, the skb is being cloned
465 		 * and being processed the events from there then.
466 		 */
467 		if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) {
468 			data->evt_skb = skb_clone(skb, GFP_ATOMIC);
469 			if (!data->evt_skb) {
470 				kfree_skb(skb);
471 				kfree(urb->setup_packet);
472 				return;
473 			}
474 		}
475 
476 		err = hci_recv_frame(hdev, skb);
477 		if (err < 0) {
478 			kfree_skb(data->evt_skb);
479 			data->evt_skb = NULL;
480 			kfree(urb->setup_packet);
481 			return;
482 		}
483 
484 		if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT,
485 				       &data->flags)) {
486 			/* Barrier to sync with other CPUs */
487 			smp_mb__after_atomic();
488 			wake_up_bit(&data->flags,
489 				    BTMTK_TX_WAIT_VND_EVT);
490 		}
491 		kfree(urb->setup_packet);
492 		return;
493 	} else if (urb->status == -ENOENT) {
494 		/* Avoid suspend failed when usb_kill_urb */
495 		return;
496 	}
497 
498 	usb_mark_last_busy(data->udev);
499 
500 	/* The URB complete handler is still called with urb->actual_length = 0
501 	 * when the event is not available, so we should keep re-submitting
502 	 * URB until WMT event returns, Also, It's necessary to wait some time
503 	 * between the two consecutive control URBs to relax the target device
504 	 * to generate the event. Otherwise, the WMT event cannot return from
505 	 * the device successfully.
506 	 */
507 	udelay(500);
508 
509 	usb_anchor_urb(urb, data->ctrl_anchor);
510 	err = usb_submit_urb(urb, GFP_ATOMIC);
511 	if (err < 0) {
512 		kfree(urb->setup_packet);
513 		/* -EPERM: urb is being killed;
514 		 * -ENODEV: device got disconnected
515 		 */
516 		if (err != -EPERM && err != -ENODEV)
517 			bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
518 				   urb, -err);
519 		usb_unanchor_urb(urb);
520 	}
521 }
522 
523 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev)
524 {
525 	struct btmtk_data *data = hci_get_priv(hdev);
526 	struct usb_ctrlrequest *dr;
527 	unsigned char *buf;
528 	int err, size = 64;
529 	unsigned int pipe;
530 	struct urb *urb;
531 
532 	urb = usb_alloc_urb(0, GFP_KERNEL);
533 	if (!urb)
534 		return -ENOMEM;
535 
536 	dr = kmalloc(sizeof(*dr), GFP_KERNEL);
537 	if (!dr) {
538 		usb_free_urb(urb);
539 		return -ENOMEM;
540 	}
541 
542 	dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
543 	dr->bRequest     = 1;
544 	dr->wIndex       = cpu_to_le16(0);
545 	dr->wValue       = cpu_to_le16(48);
546 	dr->wLength      = cpu_to_le16(size);
547 
548 	buf = kmalloc(size, GFP_KERNEL);
549 	if (!buf) {
550 		kfree(dr);
551 		usb_free_urb(urb);
552 		return -ENOMEM;
553 	}
554 
555 	pipe = usb_rcvctrlpipe(data->udev, 0);
556 
557 	usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
558 			     buf, size, btmtk_usb_wmt_recv, hdev);
559 
560 	urb->transfer_flags |= URB_FREE_BUFFER;
561 
562 	usb_anchor_urb(urb, data->ctrl_anchor);
563 	err = usb_submit_urb(urb, GFP_KERNEL);
564 	if (err < 0) {
565 		if (err != -EPERM && err != -ENODEV)
566 			bt_dev_err(hdev, "urb %p submission failed (%d)",
567 				   urb, -err);
568 		usb_unanchor_urb(urb);
569 	}
570 
571 	usb_free_urb(urb);
572 
573 	return err;
574 }
575 
576 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev,
577 				  struct btmtk_hci_wmt_params *wmt_params)
578 {
579 	struct btmtk_data *data = hci_get_priv(hdev);
580 	struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
581 	u32 hlen, status = BTMTK_WMT_INVALID;
582 	struct btmtk_hci_wmt_evt *wmt_evt;
583 	struct btmtk_hci_wmt_cmd *wc;
584 	struct btmtk_wmt_hdr *hdr;
585 	int err;
586 
587 	/* Send the WMT command and wait until the WMT event returns */
588 	hlen = sizeof(*hdr) + wmt_params->dlen;
589 	if (hlen > 255)
590 		return -EINVAL;
591 
592 	wc = kzalloc(hlen, GFP_KERNEL);
593 	if (!wc)
594 		return -ENOMEM;
595 
596 	hdr = &wc->hdr;
597 	hdr->dir = 1;
598 	hdr->op = wmt_params->op;
599 	hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
600 	hdr->flag = wmt_params->flag;
601 	memcpy(wc->data, wmt_params->data, wmt_params->dlen);
602 
603 	set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
604 
605 	/* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
606 	 * it needs constantly polling control pipe until the host received the
607 	 * WMT event, thus, we should require to specifically acquire PM counter
608 	 * on the USB to prevent the interface from entering auto suspended
609 	 * while WMT cmd/event in progress.
610 	 */
611 	err = usb_autopm_get_interface(data->intf);
612 	if (err < 0)
613 		goto err_free_wc;
614 
615 	err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
616 
617 	if (err < 0) {
618 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
619 		usb_autopm_put_interface(data->intf);
620 		goto err_free_wc;
621 	}
622 
623 	/* Submit control IN URB on demand to process the WMT event */
624 	err = btmtk_usb_submit_wmt_recv_urb(hdev);
625 
626 	usb_autopm_put_interface(data->intf);
627 
628 	if (err < 0)
629 		goto err_free_wc;
630 
631 	/* The vendor specific WMT commands are all answered by a vendor
632 	 * specific event and will have the Command Status or Command
633 	 * Complete as with usual HCI command flow control.
634 	 *
635 	 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
636 	 * state to be cleared. The driver specific event receive routine
637 	 * will clear that state and with that indicate completion of the
638 	 * WMT command.
639 	 */
640 	err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT,
641 				  TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
642 	if (err == -EINTR) {
643 		bt_dev_err(hdev, "Execution of wmt command interrupted");
644 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
645 		goto err_free_wc;
646 	}
647 
648 	if (err) {
649 		bt_dev_err(hdev, "Execution of wmt command timed out");
650 		clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
651 		err = -ETIMEDOUT;
652 		goto err_free_wc;
653 	}
654 
655 	if (data->evt_skb == NULL)
656 		goto err_free_wc;
657 
658 	/* Parse and handle the return WMT event */
659 	wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
660 	if (wmt_evt->whdr.op != hdr->op) {
661 		bt_dev_err(hdev, "Wrong op received %d expected %d",
662 			   wmt_evt->whdr.op, hdr->op);
663 		err = -EIO;
664 		goto err_free_skb;
665 	}
666 
667 	switch (wmt_evt->whdr.op) {
668 	case BTMTK_WMT_SEMAPHORE:
669 		if (wmt_evt->whdr.flag == 2)
670 			status = BTMTK_WMT_PATCH_UNDONE;
671 		else
672 			status = BTMTK_WMT_PATCH_DONE;
673 		break;
674 	case BTMTK_WMT_FUNC_CTRL:
675 		wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
676 		if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
677 			status = BTMTK_WMT_ON_DONE;
678 		else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
679 			status = BTMTK_WMT_ON_PROGRESS;
680 		else
681 			status = BTMTK_WMT_ON_UNDONE;
682 		break;
683 	case BTMTK_WMT_PATCH_DWNLD:
684 		if (wmt_evt->whdr.flag == 2)
685 			status = BTMTK_WMT_PATCH_DONE;
686 		else if (wmt_evt->whdr.flag == 1)
687 			status = BTMTK_WMT_PATCH_PROGRESS;
688 		else
689 			status = BTMTK_WMT_PATCH_UNDONE;
690 		break;
691 	}
692 
693 	if (wmt_params->status)
694 		*wmt_params->status = status;
695 
696 err_free_skb:
697 	kfree_skb(data->evt_skb);
698 	data->evt_skb = NULL;
699 err_free_wc:
700 	kfree(wc);
701 	return err;
702 }
703 
704 static int btmtk_usb_func_query(struct hci_dev *hdev)
705 {
706 	struct btmtk_hci_wmt_params wmt_params;
707 	int status, err;
708 	u8 param = 0;
709 
710 	/* Query whether the function is enabled */
711 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
712 	wmt_params.flag = 4;
713 	wmt_params.dlen = sizeof(param);
714 	wmt_params.data = &param;
715 	wmt_params.status = &status;
716 
717 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
718 	if (err < 0) {
719 		bt_dev_err(hdev, "Failed to query function status (%d)", err);
720 		return err;
721 	}
722 
723 	return status;
724 }
725 
726 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val)
727 {
728 	struct btmtk_data *data = hci_get_priv(hdev);
729 	int pipe, err;
730 	void *buf;
731 
732 	buf = kzalloc(4, GFP_KERNEL);
733 	if (!buf)
734 		return -ENOMEM;
735 
736 	put_unaligned_le32(val, buf);
737 
738 	pipe = usb_sndctrlpipe(data->udev, 0);
739 	err = usb_control_msg(data->udev, pipe, 0x02,
740 			      0x5E,
741 			      reg >> 16, reg & 0xffff,
742 			      buf, 4, USB_CTRL_SET_TIMEOUT);
743 	if (err < 0)
744 		bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
745 
746 	kfree(buf);
747 
748 	return err;
749 }
750 
751 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
752 {
753 	struct btmtk_data *data = hci_get_priv(hdev);
754 	int pipe, err;
755 	void *buf;
756 
757 	buf = kzalloc(4, GFP_KERNEL);
758 	if (!buf)
759 		return -ENOMEM;
760 
761 	pipe = usb_rcvctrlpipe(data->udev, 0);
762 	err = usb_control_msg(data->udev, pipe, 0x01,
763 			      0xDE,
764 			      reg >> 16, reg & 0xffff,
765 			      buf, 4, USB_CTRL_GET_TIMEOUT);
766 	if (err < 0) {
767 		bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
768 		goto err_free_buf;
769 	}
770 
771 	*val = get_unaligned_le32(buf);
772 	bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
773 
774 err_free_buf:
775 	kfree(buf);
776 
777 	return err;
778 }
779 
780 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
781 {
782 	struct btmtk_data *data = hci_get_priv(hdev);
783 	int pipe, err, size = sizeof(u32);
784 	void *buf;
785 
786 	buf = kzalloc(size, GFP_KERNEL);
787 	if (!buf)
788 		return -ENOMEM;
789 
790 	pipe = usb_rcvctrlpipe(data->udev, 0);
791 	err = usb_control_msg(data->udev, pipe, 0x63,
792 			      USB_TYPE_VENDOR | USB_DIR_IN,
793 			      reg >> 16, reg & 0xffff,
794 			      buf, size, USB_CTRL_GET_TIMEOUT);
795 	if (err < 0)
796 		goto err_free_buf;
797 
798 	*val = get_unaligned_le32(buf);
799 
800 err_free_buf:
801 	kfree(buf);
802 
803 	return err;
804 }
805 
806 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id)
807 {
808 	return btmtk_usb_reg_read(hdev, reg, id);
809 }
810 
811 static u32 btmtk_usb_reset_done(struct hci_dev *hdev)
812 {
813 	u32 val = 0;
814 
815 	btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val);
816 
817 	return val & MTK_BT_RST_DONE;
818 }
819 
820 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id)
821 {
822 	u32 val;
823 	int err;
824 
825 	if (dev_id == 0x7922) {
826 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
827 		if (err < 0)
828 			return err;
829 		val |= 0x00002020;
830 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
831 		if (err < 0)
832 			return err;
833 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
834 		if (err < 0)
835 			return err;
836 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
837 		if (err < 0)
838 			return err;
839 		val |= BIT(0);
840 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
841 		if (err < 0)
842 			return err;
843 		msleep(100);
844 	} else if (dev_id == 0x7925) {
845 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
846 		if (err < 0)
847 			return err;
848 		val |= (1 << 5);
849 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
850 		if (err < 0)
851 			return err;
852 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
853 		if (err < 0)
854 			return err;
855 		val &= 0xFFFF00FF;
856 		val |= (1 << 13);
857 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
858 		if (err < 0)
859 			return err;
860 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
861 		if (err < 0)
862 			return err;
863 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
864 		if (err < 0)
865 			return err;
866 		val |= (1 << 0);
867 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
868 		if (err < 0)
869 			return err;
870 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
871 		if (err < 0)
872 			return err;
873 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
874 		if (err < 0)
875 			return err;
876 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
877 		if (err < 0)
878 			return err;
879 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
880 		if (err < 0)
881 			return err;
882 		msleep(100);
883 	} else {
884 		/* It's Device EndPoint Reset Option Register */
885 		bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
886 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
887 		if (err < 0)
888 			return err;
889 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val);
890 		if (err < 0)
891 			return err;
892 		/* Reset the bluetooth chip via USB interface. */
893 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1);
894 		if (err < 0)
895 			return err;
896 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
897 		if (err < 0)
898 			return err;
899 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
900 		if (err < 0)
901 			return err;
902 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
903 		if (err < 0)
904 			return err;
905 		err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
906 		if (err < 0)
907 			return err;
908 		/* MT7921 need to delay 20ms between toggle reset bit */
909 		msleep(20);
910 		err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0);
911 		if (err < 0)
912 			return err;
913 		err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
914 		if (err < 0)
915 			return err;
916 	}
917 
918 	err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val,
919 				 val & MTK_BT_RST_DONE, 20000, 1000000);
920 	if (err < 0)
921 		bt_dev_err(hdev, "Reset timeout");
922 
923 	if (dev_id == 0x7922) {
924 		err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
925 		if (err < 0)
926 			return err;
927 	}
928 
929 	err = btmtk_usb_id_get(hdev, 0x70010200, &val);
930 	if (err < 0 || !val)
931 		bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
932 
933 	return err;
934 }
935 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset);
936 
937 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb)
938 {
939 	struct btmtk_data *data = hci_get_priv(hdev);
940 	u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
941 
942 	switch (handle) {
943 	case 0xfc6f:		/* Firmware dump from device */
944 		/* When the firmware hangs, the device can no longer
945 		 * suspend and thus disable auto-suspend.
946 		 */
947 		usb_disable_autosuspend(data->udev);
948 
949 		/* We need to forward the diagnostic packet to userspace daemon
950 		 * for backward compatibility, so we have to clone the packet
951 		 * extraly for the in-kernel coredump support.
952 		 */
953 		if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
954 			struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
955 
956 			if (skb_cd)
957 				btmtk_process_coredump(hdev, skb_cd);
958 		}
959 
960 		fallthrough;
961 	case 0x05ff:		/* Firmware debug logging 1 */
962 	case 0x05fe:		/* Firmware debug logging 2 */
963 		return hci_recv_diag(hdev, skb);
964 	}
965 
966 	return hci_recv_frame(hdev, skb);
967 }
968 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl);
969 
970 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb)
971 {
972 	if (skb->len > MTK_ISO_THRESHOLD)
973 		return -EINVAL;
974 
975 	if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len))
976 		return -ENOMEM;
977 
978 	__skb_put(skb, MTK_ISO_THRESHOLD - skb->len);
979 
980 	return 0;
981 }
982 
983 static int __set_mtk_intr_interface(struct hci_dev *hdev)
984 {
985 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
986 	struct usb_interface *intf = btmtk_data->isopkt_intf;
987 	int i, err;
988 
989 	if (!btmtk_data->isopkt_intf)
990 		return -ENODEV;
991 
992 	err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1);
993 	if (err < 0) {
994 		bt_dev_err(hdev, "setting interface failed (%d)", -err);
995 		return err;
996 	}
997 
998 	btmtk_data->isopkt_tx_ep = NULL;
999 	btmtk_data->isopkt_rx_ep = NULL;
1000 
1001 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1002 		struct usb_endpoint_descriptor *ep_desc;
1003 
1004 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1005 
1006 		if (!btmtk_data->isopkt_tx_ep &&
1007 		    usb_endpoint_is_int_out(ep_desc)) {
1008 			btmtk_data->isopkt_tx_ep = ep_desc;
1009 			continue;
1010 		}
1011 
1012 		if (!btmtk_data->isopkt_rx_ep &&
1013 		    usb_endpoint_is_int_in(ep_desc)) {
1014 			btmtk_data->isopkt_rx_ep = ep_desc;
1015 			continue;
1016 		}
1017 	}
1018 
1019 	if (!btmtk_data->isopkt_tx_ep ||
1020 	    !btmtk_data->isopkt_rx_ep) {
1021 		bt_dev_err(hdev, "invalid interrupt descriptors");
1022 		return -ENODEV;
1023 	}
1024 
1025 	return 0;
1026 }
1027 
1028 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb,
1029 			       usb_complete_t tx_complete)
1030 {
1031 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1032 	struct urb *urb;
1033 	unsigned int pipe;
1034 
1035 	if (!btmtk_data->isopkt_tx_ep)
1036 		return ERR_PTR(-ENODEV);
1037 
1038 	urb = usb_alloc_urb(0, GFP_KERNEL);
1039 	if (!urb)
1040 		return ERR_PTR(-ENOMEM);
1041 
1042 	if (btmtk_isopkt_pad(hdev, skb))
1043 		return ERR_PTR(-EINVAL);
1044 
1045 	pipe = usb_sndintpipe(btmtk_data->udev,
1046 			      btmtk_data->isopkt_tx_ep->bEndpointAddress);
1047 
1048 	usb_fill_int_urb(urb, btmtk_data->udev, pipe,
1049 			 skb->data, skb->len, tx_complete,
1050 			 skb, btmtk_data->isopkt_tx_ep->bInterval);
1051 
1052 	skb->dev = (void *)hdev;
1053 
1054 	return urb;
1055 }
1056 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb);
1057 
1058 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count)
1059 {
1060 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1061 	struct sk_buff *skb;
1062 	unsigned long flags;
1063 	int err = 0;
1064 
1065 	spin_lock_irqsave(&btmtk_data->isorxlock, flags);
1066 	skb = btmtk_data->isopkt_skb;
1067 
1068 	while (count) {
1069 		int len;
1070 
1071 		if (!skb) {
1072 			skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC);
1073 			if (!skb) {
1074 				err = -ENOMEM;
1075 				break;
1076 			}
1077 
1078 			hci_skb_pkt_type(skb) = HCI_ISODATA_PKT;
1079 			hci_skb_expect(skb) = HCI_ISO_HDR_SIZE;
1080 		}
1081 
1082 		len = min_t(uint, hci_skb_expect(skb), count);
1083 		skb_put_data(skb, buffer, len);
1084 
1085 		count -= len;
1086 		buffer += len;
1087 		hci_skb_expect(skb) -= len;
1088 
1089 		if (skb->len == HCI_ISO_HDR_SIZE) {
1090 			__le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen;
1091 
1092 			/* Complete ISO header */
1093 			hci_skb_expect(skb) = __le16_to_cpu(dlen);
1094 
1095 			if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1096 				kfree_skb(skb);
1097 				skb = NULL;
1098 
1099 				err = -EILSEQ;
1100 				break;
1101 			}
1102 		}
1103 
1104 		if (!hci_skb_expect(skb)) {
1105 			/* Complete frame */
1106 			hci_recv_frame(hdev, skb);
1107 			skb = NULL;
1108 		}
1109 	}
1110 
1111 	btmtk_data->isopkt_skb = skb;
1112 	spin_unlock_irqrestore(&btmtk_data->isorxlock, flags);
1113 
1114 	return err;
1115 }
1116 
1117 static void btmtk_intr_complete(struct urb *urb)
1118 {
1119 	struct hci_dev *hdev = urb->context;
1120 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1121 	int err;
1122 
1123 	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1124 	       urb->actual_length);
1125 
1126 	if (!test_bit(HCI_RUNNING, &hdev->flags))
1127 		return;
1128 
1129 	if (hdev->suspended)
1130 		return;
1131 
1132 	if (urb->status == 0) {
1133 		hdev->stat.byte_rx += urb->actual_length;
1134 
1135 		if (btmtk_recv_isopkt(hdev, urb->transfer_buffer,
1136 				      urb->actual_length) < 0) {
1137 			bt_dev_err(hdev, "corrupted iso packet");
1138 			hdev->stat.err_rx++;
1139 		}
1140 	} else if (urb->status == -ENOENT) {
1141 		/* Avoid suspend failed when usb_kill_urb */
1142 		return;
1143 	}
1144 
1145 	usb_mark_last_busy(btmtk_data->udev);
1146 	usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1147 
1148 	err = usb_submit_urb(urb, GFP_ATOMIC);
1149 	if (err < 0) {
1150 		/* -EPERM: urb is being killed;
1151 		 * -ENODEV: device got disconnected
1152 		 */
1153 		if (err != -EPERM && err != -ENODEV)
1154 			bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1155 				   urb, -err);
1156 		if (err != -EPERM)
1157 			hci_cmd_sync_cancel(hdev, -err);
1158 		usb_unanchor_urb(urb);
1159 	}
1160 }
1161 
1162 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1163 {
1164 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1165 	unsigned char *buf;
1166 	unsigned int pipe;
1167 	struct urb *urb;
1168 	int err, size;
1169 
1170 	BT_DBG("%s", hdev->name);
1171 
1172 	if (!btmtk_data->isopkt_rx_ep)
1173 		return -ENODEV;
1174 
1175 	urb = usb_alloc_urb(0, mem_flags);
1176 	if (!urb)
1177 		return -ENOMEM;
1178 	size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize);
1179 
1180 	buf = kmalloc(size, mem_flags);
1181 	if (!buf) {
1182 		usb_free_urb(urb);
1183 		return -ENOMEM;
1184 	}
1185 
1186 	pipe = usb_rcvintpipe(btmtk_data->udev,
1187 			      btmtk_data->isopkt_rx_ep->bEndpointAddress);
1188 
1189 	usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size,
1190 			 btmtk_intr_complete, hdev,
1191 			 btmtk_data->isopkt_rx_ep->bInterval);
1192 
1193 	urb->transfer_flags |= URB_FREE_BUFFER;
1194 
1195 	usb_mark_last_busy(btmtk_data->udev);
1196 	usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1197 
1198 	err = usb_submit_urb(urb, mem_flags);
1199 	if (err < 0) {
1200 		if (err != -EPERM && err != -ENODEV)
1201 			bt_dev_err(hdev, "urb %p submission failed (%d)",
1202 				   urb, -err);
1203 		usb_unanchor_urb(urb);
1204 	}
1205 
1206 	usb_free_urb(urb);
1207 
1208 	return err;
1209 }
1210 
1211 static int btmtk_usb_isointf_init(struct hci_dev *hdev)
1212 {
1213 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1214 	u8 iso_param[2] = { 0x08, 0x01 };
1215 	struct sk_buff *skb;
1216 	int err;
1217 
1218 	init_usb_anchor(&btmtk_data->isopkt_anchor);
1219 	spin_lock_init(&btmtk_data->isorxlock);
1220 
1221 	__set_mtk_intr_interface(hdev);
1222 
1223 	err = btmtk_submit_intr_urb(hdev, GFP_KERNEL);
1224 	if (err < 0) {
1225 		usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1226 		bt_dev_err(hdev, "ISO intf not support (%d)", err);
1227 		return err;
1228 	}
1229 
1230 	skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param,
1231 			     HCI_INIT_TIMEOUT);
1232 	if (IS_ERR(skb)) {
1233 		bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb));
1234 		return PTR_ERR(skb);
1235 	}
1236 	kfree_skb(skb);
1237 
1238 	return 0;
1239 }
1240 
1241 int btmtk_usb_resume(struct hci_dev *hdev)
1242 {
1243 	/* This function describes the specific additional steps taken by MediaTek
1244 	 * when Bluetooth usb driver's resume function is called.
1245 	 */
1246 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1247 
1248 	/* Resubmit urb for iso data transmission */
1249 	if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) {
1250 		if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0)
1251 			clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1252 	}
1253 
1254 	return 0;
1255 }
1256 EXPORT_SYMBOL_GPL(btmtk_usb_resume);
1257 
1258 int btmtk_usb_suspend(struct hci_dev *hdev)
1259 {
1260 	/* This function describes the specific additional steps taken by MediaTek
1261 	 * when Bluetooth usb driver's suspend function is called.
1262 	 */
1263 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1264 
1265 	/* Stop urb anchor for iso data transmission */
1266 	if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags))
1267 		usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1268 
1269 	return 0;
1270 }
1271 EXPORT_SYMBOL_GPL(btmtk_usb_suspend);
1272 
1273 int btmtk_usb_setup(struct hci_dev *hdev)
1274 {
1275 	struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1276 	struct btmtk_hci_wmt_params wmt_params;
1277 	ktime_t calltime, delta, rettime;
1278 	struct btmtk_tci_sleep tci_sleep;
1279 	unsigned long long duration;
1280 	struct sk_buff *skb;
1281 	const char *fwname;
1282 	int err, status;
1283 	u32 dev_id = 0;
1284 	char fw_bin_name[64];
1285 	u32 fw_version = 0, fw_flavor = 0;
1286 	u8 param;
1287 
1288 	calltime = ktime_get();
1289 
1290 	err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id);
1291 	if (err < 0) {
1292 		bt_dev_err(hdev, "Failed to get device id (%d)", err);
1293 		return err;
1294 	}
1295 
1296 	if (!dev_id || dev_id != 0x7663) {
1297 		err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id);
1298 		if (err < 0) {
1299 			bt_dev_err(hdev, "Failed to get device id (%d)", err);
1300 			return err;
1301 		}
1302 		err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version);
1303 		if (err < 0) {
1304 			bt_dev_err(hdev, "Failed to get fw version (%d)", err);
1305 			return err;
1306 		}
1307 		err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor);
1308 		if (err < 0) {
1309 			bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
1310 			return err;
1311 		}
1312 		fw_flavor = (fw_flavor & 0x00000080) >> 7;
1313 	}
1314 
1315 	btmtk_data->dev_id = dev_id;
1316 
1317 	err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version);
1318 	if (err < 0)
1319 		bt_dev_err(hdev, "Failed to register coredump (%d)", err);
1320 
1321 	switch (dev_id) {
1322 	case 0x7663:
1323 		fwname = FIRMWARE_MT7663;
1324 		break;
1325 	case 0x7668:
1326 		fwname = FIRMWARE_MT7668;
1327 		break;
1328 	case 0x7922:
1329 	case 0x7961:
1330 	case 0x7925:
1331 		/* Reset the device to ensure it's in the initial state before
1332 		 * downloading the firmware to ensure.
1333 		 */
1334 
1335 		if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags))
1336 			btmtk_usb_subsys_reset(hdev, dev_id);
1337 
1338 		btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id,
1339 				      fw_version, fw_flavor);
1340 
1341 		err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
1342 						btmtk_usb_hci_wmt_sync);
1343 		if (err < 0) {
1344 			bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
1345 			clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1346 			return err;
1347 		}
1348 
1349 		set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1350 
1351 		/* It's Device EndPoint Reset Option Register */
1352 		err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT,
1353 					      MTK_EP_RST_IN_OUT_OPT);
1354 		if (err < 0)
1355 			return err;
1356 
1357 		/* Enable Bluetooth protocol */
1358 		param = 1;
1359 		wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1360 		wmt_params.flag = 0;
1361 		wmt_params.dlen = sizeof(param);
1362 		wmt_params.data = &param;
1363 		wmt_params.status = NULL;
1364 
1365 		err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1366 		if (err < 0) {
1367 			bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1368 			return err;
1369 		}
1370 
1371 		hci_set_msft_opcode(hdev, 0xFD30);
1372 		hci_set_aosp_capable(hdev);
1373 
1374 		/* Set up ISO interface after protocol enabled */
1375 		if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
1376 			if (!btmtk_usb_isointf_init(hdev))
1377 				set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1378 		}
1379 
1380 		goto done;
1381 	default:
1382 		bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
1383 			   dev_id);
1384 		return -ENODEV;
1385 	}
1386 
1387 	/* Query whether the firmware is already download */
1388 	wmt_params.op = BTMTK_WMT_SEMAPHORE;
1389 	wmt_params.flag = 1;
1390 	wmt_params.dlen = 0;
1391 	wmt_params.data = NULL;
1392 	wmt_params.status = &status;
1393 
1394 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1395 	if (err < 0) {
1396 		bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
1397 		return err;
1398 	}
1399 
1400 	if (status == BTMTK_WMT_PATCH_DONE) {
1401 		bt_dev_info(hdev, "firmware already downloaded");
1402 		goto ignore_setup_fw;
1403 	}
1404 
1405 	/* Setup a firmware which the device definitely requires */
1406 	err = btmtk_setup_firmware(hdev, fwname,
1407 				   btmtk_usb_hci_wmt_sync);
1408 	if (err < 0)
1409 		return err;
1410 
1411 ignore_setup_fw:
1412 	err = readx_poll_timeout(btmtk_usb_func_query, hdev, status,
1413 				 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
1414 				 2000, 5000000);
1415 	/* -ETIMEDOUT happens */
1416 	if (err < 0)
1417 		return err;
1418 
1419 	/* The other errors happen in btmtk_usb_func_query */
1420 	if (status < 0)
1421 		return status;
1422 
1423 	if (status == BTMTK_WMT_ON_DONE) {
1424 		bt_dev_info(hdev, "function already on");
1425 		goto ignore_func_on;
1426 	}
1427 
1428 	/* Enable Bluetooth protocol */
1429 	param = 1;
1430 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1431 	wmt_params.flag = 0;
1432 	wmt_params.dlen = sizeof(param);
1433 	wmt_params.data = &param;
1434 	wmt_params.status = NULL;
1435 
1436 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1437 	if (err < 0) {
1438 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1439 		return err;
1440 	}
1441 
1442 ignore_func_on:
1443 	/* Apply the low power environment setup */
1444 	tci_sleep.mode = 0x5;
1445 	tci_sleep.duration = cpu_to_le16(0x640);
1446 	tci_sleep.host_duration = cpu_to_le16(0x640);
1447 	tci_sleep.host_wakeup_pin = 0;
1448 	tci_sleep.time_compensation = 0;
1449 
1450 	skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
1451 			     HCI_INIT_TIMEOUT);
1452 	if (IS_ERR(skb)) {
1453 		err = PTR_ERR(skb);
1454 		bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
1455 		return err;
1456 	}
1457 	kfree_skb(skb);
1458 
1459 done:
1460 	rettime = ktime_get();
1461 	delta = ktime_sub(rettime, calltime);
1462 	duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1463 
1464 	bt_dev_info(hdev, "Device setup in %llu usecs", duration);
1465 
1466 	return 0;
1467 }
1468 EXPORT_SYMBOL_GPL(btmtk_usb_setup);
1469 
1470 int btmtk_usb_shutdown(struct hci_dev *hdev)
1471 {
1472 	struct btmtk_hci_wmt_params wmt_params;
1473 	u8 param = 0;
1474 	int err;
1475 
1476 	/* Disable the device */
1477 	wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1478 	wmt_params.flag = 0;
1479 	wmt_params.dlen = sizeof(param);
1480 	wmt_params.data = &param;
1481 	wmt_params.status = NULL;
1482 
1483 	err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1484 	if (err < 0) {
1485 		bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1486 		return err;
1487 	}
1488 
1489 	return 0;
1490 }
1491 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown);
1492 #endif
1493 
1494 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>");
1495 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>");
1496 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
1497 MODULE_VERSION(VERSION);
1498 MODULE_LICENSE("GPL");
1499 MODULE_FIRMWARE(FIRMWARE_MT7622);
1500 MODULE_FIRMWARE(FIRMWARE_MT7663);
1501 MODULE_FIRMWARE(FIRMWARE_MT7668);
1502 MODULE_FIRMWARE(FIRMWARE_MT7922);
1503 MODULE_FIRMWARE(FIRMWARE_MT7961);
1504 MODULE_FIRMWARE(FIRMWARE_MT7925);
1505