1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2021 MediaTek Inc. 3 * 4 */ 5 #include <linux/module.h> 6 #include <linux/firmware.h> 7 #include <linux/usb.h> 8 #include <linux/iopoll.h> 9 #include <asm/unaligned.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btmtk.h" 15 16 #define VERSION "0.1" 17 18 /* It is for mt79xx download rom patch*/ 19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32 20 #define MTK_FW_ROM_PATCH_GD_SIZE 64 21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64 22 #define MTK_SEC_MAP_COMMON_SIZE 12 23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52 24 25 /* It is for mt79xx iso data transmission setting */ 26 #define MTK_ISO_THRESHOLD 264 27 28 struct btmtk_patch_header { 29 u8 datetime[16]; 30 u8 platform[4]; 31 __le16 hwver; 32 __le16 swver; 33 __le32 magicnum; 34 } __packed; 35 36 struct btmtk_global_desc { 37 __le32 patch_ver; 38 __le32 sub_sys; 39 __le32 feature_opt; 40 __le32 section_num; 41 } __packed; 42 43 struct btmtk_section_map { 44 __le32 sectype; 45 __le32 secoffset; 46 __le32 secsize; 47 union { 48 __le32 u4SecSpec[13]; 49 struct { 50 __le32 dlAddr; 51 __le32 dlsize; 52 __le32 seckeyidx; 53 __le32 alignlen; 54 __le32 sectype; 55 __le32 dlmodecrctype; 56 __le32 crc; 57 __le32 reserved[6]; 58 } bin_info_spec; 59 }; 60 } __packed; 61 62 static void btmtk_coredump(struct hci_dev *hdev) 63 { 64 int err; 65 66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL); 67 if (err < 0) 68 bt_dev_err(hdev, "Coredump failed (%d)", err); 69 } 70 71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 struct btmtk_data *data = hci_get_priv(hdev); 74 char buf[80]; 75 76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 77 data->dev_id); 78 skb_put_data(skb, buf, strlen(buf)); 79 80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 81 data->cd_info.fw_version); 82 skb_put_data(skb, buf, strlen(buf)); 83 84 snprintf(buf, sizeof(buf), "Driver: %s\n", 85 data->cd_info.driver_name); 86 skb_put_data(skb, buf, strlen(buf)); 87 88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n"); 89 skb_put_data(skb, buf, strlen(buf)); 90 } 91 92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state) 93 { 94 struct btmtk_data *data = hci_get_priv(hdev); 95 96 switch (state) { 97 case HCI_DEVCOREDUMP_IDLE: 98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 99 break; 100 case HCI_DEVCOREDUMP_ACTIVE: 101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE; 102 break; 103 case HCI_DEVCOREDUMP_TIMEOUT: 104 case HCI_DEVCOREDUMP_ABORT: 105 case HCI_DEVCOREDUMP_DONE: 106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 107 btmtk_reset_sync(hdev); 108 break; 109 } 110 } 111 112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver, 113 u32 fw_flavor) 114 { 115 if (dev_id == 0x7925) 116 snprintf(buf, size, 117 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 118 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1); 119 else if (dev_id == 0x7961 && fw_flavor) 120 snprintf(buf, size, 121 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin", 122 dev_id & 0xffff, (fw_ver & 0xff) + 1); 123 else 124 snprintf(buf, size, 125 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 126 dev_id & 0xffff, (fw_ver & 0xff) + 1); 127 } 128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename); 129 130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, 131 wmt_cmd_sync_func_t wmt_cmd_sync) 132 { 133 struct btmtk_hci_wmt_params wmt_params; 134 struct btmtk_patch_header *hdr; 135 struct btmtk_global_desc *globaldesc = NULL; 136 struct btmtk_section_map *sectionmap; 137 const struct firmware *fw; 138 const u8 *fw_ptr; 139 const u8 *fw_bin_ptr; 140 int err, dlen, i, status; 141 u8 flag, first_block, retry; 142 u32 section_num, dl_size, section_offset; 143 u8 cmd[64]; 144 145 err = request_firmware(&fw, fwname, &hdev->dev); 146 if (err < 0) { 147 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 148 return err; 149 } 150 151 fw_ptr = fw->data; 152 fw_bin_ptr = fw_ptr; 153 hdr = (struct btmtk_patch_header *)fw_ptr; 154 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE); 155 section_num = le32_to_cpu(globaldesc->section_num); 156 157 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s", 158 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime); 159 160 for (i = 0; i < section_num; i++) { 161 first_block = 1; 162 fw_ptr = fw_bin_ptr; 163 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 164 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i); 165 166 section_offset = le32_to_cpu(sectionmap->secoffset); 167 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize); 168 169 if (dl_size > 0) { 170 retry = 20; 171 while (retry > 0) { 172 cmd[0] = 0; /* 0 means legacy dl mode. */ 173 memcpy(cmd + 1, 174 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 175 MTK_FW_ROM_PATCH_GD_SIZE + 176 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + 177 MTK_SEC_MAP_COMMON_SIZE, 178 MTK_SEC_MAP_NEED_SEND_SIZE + 1); 179 180 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 181 wmt_params.status = &status; 182 wmt_params.flag = 0; 183 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1; 184 wmt_params.data = &cmd; 185 186 err = wmt_cmd_sync(hdev, &wmt_params); 187 if (err < 0) { 188 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 189 err); 190 goto err_release_fw; 191 } 192 193 if (status == BTMTK_WMT_PATCH_UNDONE) { 194 break; 195 } else if (status == BTMTK_WMT_PATCH_PROGRESS) { 196 msleep(100); 197 retry--; 198 } else if (status == BTMTK_WMT_PATCH_DONE) { 199 goto next_section; 200 } else { 201 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)", 202 status); 203 err = -EIO; 204 goto err_release_fw; 205 } 206 } 207 208 fw_ptr += section_offset; 209 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 210 wmt_params.status = NULL; 211 212 while (dl_size > 0) { 213 dlen = min_t(int, 250, dl_size); 214 if (first_block == 1) { 215 flag = 1; 216 first_block = 0; 217 } else if (dl_size - dlen <= 0) { 218 flag = 3; 219 } else { 220 flag = 2; 221 } 222 223 wmt_params.flag = flag; 224 wmt_params.dlen = dlen; 225 wmt_params.data = fw_ptr; 226 227 err = wmt_cmd_sync(hdev, &wmt_params); 228 if (err < 0) { 229 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 230 err); 231 goto err_release_fw; 232 } 233 234 dl_size -= dlen; 235 fw_ptr += dlen; 236 } 237 } 238 next_section: 239 continue; 240 } 241 /* Wait a few moments for firmware activation done */ 242 usleep_range(100000, 120000); 243 244 err_release_fw: 245 release_firmware(fw); 246 247 return err; 248 } 249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx); 250 251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname, 252 wmt_cmd_sync_func_t wmt_cmd_sync) 253 { 254 struct btmtk_hci_wmt_params wmt_params; 255 const struct firmware *fw; 256 const u8 *fw_ptr; 257 size_t fw_size; 258 int err, dlen; 259 u8 flag, param; 260 261 err = request_firmware(&fw, fwname, &hdev->dev); 262 if (err < 0) { 263 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 264 return err; 265 } 266 267 /* Power on data RAM the firmware relies on. */ 268 param = 1; 269 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 270 wmt_params.flag = 3; 271 wmt_params.dlen = sizeof(param); 272 wmt_params.data = ¶m; 273 wmt_params.status = NULL; 274 275 err = wmt_cmd_sync(hdev, &wmt_params); 276 if (err < 0) { 277 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 278 goto err_release_fw; 279 } 280 281 fw_ptr = fw->data; 282 fw_size = fw->size; 283 284 /* The size of patch header is 30 bytes, should be skip */ 285 if (fw_size < 30) { 286 err = -EINVAL; 287 goto err_release_fw; 288 } 289 290 fw_size -= 30; 291 fw_ptr += 30; 292 flag = 1; 293 294 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 295 wmt_params.status = NULL; 296 297 while (fw_size > 0) { 298 dlen = min_t(int, 250, fw_size); 299 300 /* Tell device the position in sequence */ 301 if (fw_size - dlen <= 0) 302 flag = 3; 303 else if (fw_size < fw->size - 30) 304 flag = 2; 305 306 wmt_params.flag = flag; 307 wmt_params.dlen = dlen; 308 wmt_params.data = fw_ptr; 309 310 err = wmt_cmd_sync(hdev, &wmt_params); 311 if (err < 0) { 312 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 313 err); 314 goto err_release_fw; 315 } 316 317 fw_size -= dlen; 318 fw_ptr += dlen; 319 } 320 321 wmt_params.op = BTMTK_WMT_RST; 322 wmt_params.flag = 4; 323 wmt_params.dlen = 0; 324 wmt_params.data = NULL; 325 wmt_params.status = NULL; 326 327 /* Activate funciton the firmware providing to */ 328 err = wmt_cmd_sync(hdev, &wmt_params); 329 if (err < 0) { 330 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 331 goto err_release_fw; 332 } 333 334 /* Wait a few moments for firmware activation done */ 335 usleep_range(10000, 12000); 336 337 err_release_fw: 338 release_firmware(fw); 339 340 return err; 341 } 342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware); 343 344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 345 { 346 struct sk_buff *skb; 347 long ret; 348 349 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT); 350 if (IS_ERR(skb)) { 351 ret = PTR_ERR(skb); 352 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)", 353 ret); 354 return ret; 355 } 356 kfree_skb(skb); 357 358 return 0; 359 } 360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr); 361 362 void btmtk_reset_sync(struct hci_dev *hdev) 363 { 364 struct btmtk_data *reset_work = hci_get_priv(hdev); 365 int err; 366 367 hci_dev_lock(hdev); 368 369 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL); 370 if (err) 371 bt_dev_err(hdev, "failed to reset (%d)", err); 372 373 hci_dev_unlock(hdev); 374 } 375 EXPORT_SYMBOL_GPL(btmtk_reset_sync); 376 377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name, 378 u32 fw_version) 379 { 380 struct btmtk_data *data = hci_get_priv(hdev); 381 382 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 383 return -EOPNOTSUPP; 384 385 data->cd_info.fw_version = fw_version; 386 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 387 data->cd_info.driver_name = name; 388 389 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr, 390 btmtk_coredump_notify); 391 } 392 EXPORT_SYMBOL_GPL(btmtk_register_coredump); 393 394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 395 { 396 struct btmtk_data *data = hci_get_priv(hdev); 397 int err; 398 399 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) { 400 kfree_skb(skb); 401 return 0; 402 } 403 404 switch (data->cd_info.state) { 405 case HCI_DEVCOREDUMP_IDLE: 406 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); 407 if (err < 0) { 408 kfree_skb(skb); 409 break; 410 } 411 data->cd_info.cnt = 0; 412 413 /* It is supposed coredump can be done within 5 seconds */ 414 schedule_delayed_work(&hdev->dump.dump_timeout, 415 msecs_to_jiffies(5000)); 416 fallthrough; 417 case HCI_DEVCOREDUMP_ACTIVE: 418 default: 419 err = hci_devcd_append(hdev, skb); 420 if (err < 0) 421 break; 422 data->cd_info.cnt++; 423 424 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */ 425 if (data->cd_info.cnt > MTK_COREDUMP_NUM && 426 skb->len > MTK_COREDUMP_END_LEN) 427 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN], 428 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) { 429 bt_dev_info(hdev, "Mediatek coredump end"); 430 hci_devcd_complete(hdev); 431 } 432 433 break; 434 } 435 436 return err; 437 } 438 EXPORT_SYMBOL_GPL(btmtk_process_coredump); 439 440 static void btmtk_usb_wmt_recv(struct urb *urb) 441 { 442 struct hci_dev *hdev = urb->context; 443 struct btmtk_data *data = hci_get_priv(hdev); 444 struct sk_buff *skb; 445 int err; 446 447 if (urb->status == 0 && urb->actual_length > 0) { 448 hdev->stat.byte_rx += urb->actual_length; 449 450 /* WMT event shouldn't be fragmented and the size should be 451 * less than HCI_WMT_MAX_EVENT_SIZE. 452 */ 453 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 454 if (!skb) { 455 hdev->stat.err_rx++; 456 kfree(urb->setup_packet); 457 return; 458 } 459 460 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 461 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 462 463 /* When someone waits for the WMT event, the skb is being cloned 464 * and being processed the events from there then. 465 */ 466 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) { 467 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 468 if (!data->evt_skb) { 469 kfree_skb(skb); 470 kfree(urb->setup_packet); 471 return; 472 } 473 } 474 475 err = hci_recv_frame(hdev, skb); 476 if (err < 0) { 477 kfree_skb(data->evt_skb); 478 data->evt_skb = NULL; 479 kfree(urb->setup_packet); 480 return; 481 } 482 483 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT, 484 &data->flags)) { 485 /* Barrier to sync with other CPUs */ 486 smp_mb__after_atomic(); 487 wake_up_bit(&data->flags, 488 BTMTK_TX_WAIT_VND_EVT); 489 } 490 kfree(urb->setup_packet); 491 return; 492 } else if (urb->status == -ENOENT) { 493 /* Avoid suspend failed when usb_kill_urb */ 494 return; 495 } 496 497 usb_mark_last_busy(data->udev); 498 499 /* The URB complete handler is still called with urb->actual_length = 0 500 * when the event is not available, so we should keep re-submitting 501 * URB until WMT event returns, Also, It's necessary to wait some time 502 * between the two consecutive control URBs to relax the target device 503 * to generate the event. Otherwise, the WMT event cannot return from 504 * the device successfully. 505 */ 506 udelay(500); 507 508 usb_anchor_urb(urb, data->ctrl_anchor); 509 err = usb_submit_urb(urb, GFP_ATOMIC); 510 if (err < 0) { 511 kfree(urb->setup_packet); 512 /* -EPERM: urb is being killed; 513 * -ENODEV: device got disconnected 514 */ 515 if (err != -EPERM && err != -ENODEV) 516 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 517 urb, -err); 518 usb_unanchor_urb(urb); 519 } 520 } 521 522 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev) 523 { 524 struct btmtk_data *data = hci_get_priv(hdev); 525 struct usb_ctrlrequest *dr; 526 unsigned char *buf; 527 int err, size = 64; 528 unsigned int pipe; 529 struct urb *urb; 530 531 urb = usb_alloc_urb(0, GFP_KERNEL); 532 if (!urb) 533 return -ENOMEM; 534 535 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 536 if (!dr) { 537 usb_free_urb(urb); 538 return -ENOMEM; 539 } 540 541 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 542 dr->bRequest = 1; 543 dr->wIndex = cpu_to_le16(0); 544 dr->wValue = cpu_to_le16(48); 545 dr->wLength = cpu_to_le16(size); 546 547 buf = kmalloc(size, GFP_KERNEL); 548 if (!buf) { 549 kfree(dr); 550 usb_free_urb(urb); 551 return -ENOMEM; 552 } 553 554 pipe = usb_rcvctrlpipe(data->udev, 0); 555 556 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 557 buf, size, btmtk_usb_wmt_recv, hdev); 558 559 urb->transfer_flags |= URB_FREE_BUFFER; 560 561 usb_anchor_urb(urb, data->ctrl_anchor); 562 err = usb_submit_urb(urb, GFP_KERNEL); 563 if (err < 0) { 564 if (err != -EPERM && err != -ENODEV) 565 bt_dev_err(hdev, "urb %p submission failed (%d)", 566 urb, -err); 567 usb_unanchor_urb(urb); 568 } 569 570 usb_free_urb(urb); 571 572 return err; 573 } 574 575 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev, 576 struct btmtk_hci_wmt_params *wmt_params) 577 { 578 struct btmtk_data *data = hci_get_priv(hdev); 579 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 580 u32 hlen, status = BTMTK_WMT_INVALID; 581 struct btmtk_hci_wmt_evt *wmt_evt; 582 struct btmtk_hci_wmt_cmd *wc; 583 struct btmtk_wmt_hdr *hdr; 584 int err; 585 586 /* Send the WMT command and wait until the WMT event returns */ 587 hlen = sizeof(*hdr) + wmt_params->dlen; 588 if (hlen > 255) 589 return -EINVAL; 590 591 wc = kzalloc(hlen, GFP_KERNEL); 592 if (!wc) 593 return -ENOMEM; 594 595 hdr = &wc->hdr; 596 hdr->dir = 1; 597 hdr->op = wmt_params->op; 598 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 599 hdr->flag = wmt_params->flag; 600 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 601 602 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 603 604 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 605 * it needs constantly polling control pipe until the host received the 606 * WMT event, thus, we should require to specifically acquire PM counter 607 * on the USB to prevent the interface from entering auto suspended 608 * while WMT cmd/event in progress. 609 */ 610 err = usb_autopm_get_interface(data->intf); 611 if (err < 0) 612 goto err_free_wc; 613 614 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 615 616 if (err < 0) { 617 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 618 usb_autopm_put_interface(data->intf); 619 goto err_free_wc; 620 } 621 622 /* Submit control IN URB on demand to process the WMT event */ 623 err = btmtk_usb_submit_wmt_recv_urb(hdev); 624 625 usb_autopm_put_interface(data->intf); 626 627 if (err < 0) 628 goto err_free_wc; 629 630 /* The vendor specific WMT commands are all answered by a vendor 631 * specific event and will have the Command Status or Command 632 * Complete as with usual HCI command flow control. 633 * 634 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 635 * state to be cleared. The driver specific event receive routine 636 * will clear that state and with that indicate completion of the 637 * WMT command. 638 */ 639 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT, 640 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 641 if (err == -EINTR) { 642 bt_dev_err(hdev, "Execution of wmt command interrupted"); 643 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 644 goto err_free_wc; 645 } 646 647 if (err) { 648 bt_dev_err(hdev, "Execution of wmt command timed out"); 649 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 650 err = -ETIMEDOUT; 651 goto err_free_wc; 652 } 653 654 if (data->evt_skb == NULL) 655 goto err_free_wc; 656 657 /* Parse and handle the return WMT event */ 658 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 659 if (wmt_evt->whdr.op != hdr->op) { 660 bt_dev_err(hdev, "Wrong op received %d expected %d", 661 wmt_evt->whdr.op, hdr->op); 662 err = -EIO; 663 goto err_free_skb; 664 } 665 666 switch (wmt_evt->whdr.op) { 667 case BTMTK_WMT_SEMAPHORE: 668 if (wmt_evt->whdr.flag == 2) 669 status = BTMTK_WMT_PATCH_UNDONE; 670 else 671 status = BTMTK_WMT_PATCH_DONE; 672 break; 673 case BTMTK_WMT_FUNC_CTRL: 674 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 675 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 676 status = BTMTK_WMT_ON_DONE; 677 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 678 status = BTMTK_WMT_ON_PROGRESS; 679 else 680 status = BTMTK_WMT_ON_UNDONE; 681 break; 682 case BTMTK_WMT_PATCH_DWNLD: 683 if (wmt_evt->whdr.flag == 2) 684 status = BTMTK_WMT_PATCH_DONE; 685 else if (wmt_evt->whdr.flag == 1) 686 status = BTMTK_WMT_PATCH_PROGRESS; 687 else 688 status = BTMTK_WMT_PATCH_UNDONE; 689 break; 690 } 691 692 if (wmt_params->status) 693 *wmt_params->status = status; 694 695 err_free_skb: 696 kfree_skb(data->evt_skb); 697 data->evt_skb = NULL; 698 err_free_wc: 699 kfree(wc); 700 return err; 701 } 702 703 static int btmtk_usb_func_query(struct hci_dev *hdev) 704 { 705 struct btmtk_hci_wmt_params wmt_params; 706 int status, err; 707 u8 param = 0; 708 709 /* Query whether the function is enabled */ 710 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 711 wmt_params.flag = 4; 712 wmt_params.dlen = sizeof(param); 713 wmt_params.data = ¶m; 714 wmt_params.status = &status; 715 716 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 717 if (err < 0) { 718 bt_dev_err(hdev, "Failed to query function status (%d)", err); 719 return err; 720 } 721 722 return status; 723 } 724 725 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val) 726 { 727 struct btmtk_data *data = hci_get_priv(hdev); 728 int pipe, err; 729 void *buf; 730 731 buf = kzalloc(4, GFP_KERNEL); 732 if (!buf) 733 return -ENOMEM; 734 735 put_unaligned_le32(val, buf); 736 737 pipe = usb_sndctrlpipe(data->udev, 0); 738 err = usb_control_msg(data->udev, pipe, 0x02, 739 0x5E, 740 reg >> 16, reg & 0xffff, 741 buf, 4, USB_CTRL_SET_TIMEOUT); 742 if (err < 0) 743 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 744 745 kfree(buf); 746 747 return err; 748 } 749 750 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 751 { 752 struct btmtk_data *data = hci_get_priv(hdev); 753 int pipe, err; 754 void *buf; 755 756 buf = kzalloc(4, GFP_KERNEL); 757 if (!buf) 758 return -ENOMEM; 759 760 pipe = usb_rcvctrlpipe(data->udev, 0); 761 err = usb_control_msg(data->udev, pipe, 0x01, 762 0xDE, 763 reg >> 16, reg & 0xffff, 764 buf, 4, USB_CTRL_GET_TIMEOUT); 765 if (err < 0) { 766 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 767 goto err_free_buf; 768 } 769 770 *val = get_unaligned_le32(buf); 771 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 772 773 err_free_buf: 774 kfree(buf); 775 776 return err; 777 } 778 779 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 780 { 781 struct btmtk_data *data = hci_get_priv(hdev); 782 int pipe, err, size = sizeof(u32); 783 void *buf; 784 785 buf = kzalloc(size, GFP_KERNEL); 786 if (!buf) 787 return -ENOMEM; 788 789 pipe = usb_rcvctrlpipe(data->udev, 0); 790 err = usb_control_msg(data->udev, pipe, 0x63, 791 USB_TYPE_VENDOR | USB_DIR_IN, 792 reg >> 16, reg & 0xffff, 793 buf, size, USB_CTRL_GET_TIMEOUT); 794 if (err < 0) 795 goto err_free_buf; 796 797 *val = get_unaligned_le32(buf); 798 799 err_free_buf: 800 kfree(buf); 801 802 return err; 803 } 804 805 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id) 806 { 807 return btmtk_usb_reg_read(hdev, reg, id); 808 } 809 810 static u32 btmtk_usb_reset_done(struct hci_dev *hdev) 811 { 812 u32 val = 0; 813 814 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val); 815 816 return val & MTK_BT_RST_DONE; 817 } 818 819 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id) 820 { 821 u32 val; 822 int err; 823 824 if (dev_id == 0x7922) { 825 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 826 if (err < 0) 827 return err; 828 val |= 0x00002020; 829 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 830 if (err < 0) 831 return err; 832 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 833 if (err < 0) 834 return err; 835 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 836 if (err < 0) 837 return err; 838 val |= BIT(0); 839 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 840 if (err < 0) 841 return err; 842 msleep(100); 843 } else if (dev_id == 0x7925) { 844 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 845 if (err < 0) 846 return err; 847 val |= (1 << 5); 848 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 849 if (err < 0) 850 return err; 851 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 852 if (err < 0) 853 return err; 854 val &= 0xFFFF00FF; 855 val |= (1 << 13); 856 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 857 if (err < 0) 858 return err; 859 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 860 if (err < 0) 861 return err; 862 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 863 if (err < 0) 864 return err; 865 val |= (1 << 0); 866 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 867 if (err < 0) 868 return err; 869 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 870 if (err < 0) 871 return err; 872 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 873 if (err < 0) 874 return err; 875 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 876 if (err < 0) 877 return err; 878 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 879 if (err < 0) 880 return err; 881 msleep(100); 882 } else { 883 /* It's Device EndPoint Reset Option Register */ 884 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 885 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 886 if (err < 0) 887 return err; 888 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val); 889 if (err < 0) 890 return err; 891 /* Reset the bluetooth chip via USB interface. */ 892 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1); 893 if (err < 0) 894 return err; 895 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 896 if (err < 0) 897 return err; 898 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 899 if (err < 0) 900 return err; 901 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 902 if (err < 0) 903 return err; 904 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 905 if (err < 0) 906 return err; 907 /* MT7921 need to delay 20ms between toggle reset bit */ 908 msleep(20); 909 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0); 910 if (err < 0) 911 return err; 912 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 913 if (err < 0) 914 return err; 915 } 916 917 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val, 918 val & MTK_BT_RST_DONE, 20000, 1000000); 919 if (err < 0) 920 bt_dev_err(hdev, "Reset timeout"); 921 922 if (dev_id == 0x7922) { 923 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 924 if (err < 0) 925 return err; 926 } 927 928 err = btmtk_usb_id_get(hdev, 0x70010200, &val); 929 if (err < 0 || !val) 930 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 931 932 return err; 933 } 934 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset); 935 936 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 937 { 938 struct btmtk_data *data = hci_get_priv(hdev); 939 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 940 941 switch (handle) { 942 case 0xfc6f: /* Firmware dump from device */ 943 /* When the firmware hangs, the device can no longer 944 * suspend and thus disable auto-suspend. 945 */ 946 usb_disable_autosuspend(data->udev); 947 948 /* We need to forward the diagnostic packet to userspace daemon 949 * for backward compatibility, so we have to clone the packet 950 * extraly for the in-kernel coredump support. 951 */ 952 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) { 953 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC); 954 955 if (skb_cd) 956 btmtk_process_coredump(hdev, skb_cd); 957 } 958 959 fallthrough; 960 case 0x05ff: /* Firmware debug logging 1 */ 961 case 0x05fe: /* Firmware debug logging 2 */ 962 return hci_recv_diag(hdev, skb); 963 } 964 965 return hci_recv_frame(hdev, skb); 966 } 967 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl); 968 969 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb) 970 { 971 if (skb->len > MTK_ISO_THRESHOLD) 972 return -EINVAL; 973 974 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len)) 975 return -ENOMEM; 976 977 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len); 978 979 return 0; 980 } 981 982 static int __set_mtk_intr_interface(struct hci_dev *hdev) 983 { 984 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 985 struct usb_interface *intf = btmtk_data->isopkt_intf; 986 int i, err; 987 988 if (!btmtk_data->isopkt_intf) 989 return -ENODEV; 990 991 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1); 992 if (err < 0) { 993 bt_dev_err(hdev, "setting interface failed (%d)", -err); 994 return err; 995 } 996 997 btmtk_data->isopkt_tx_ep = NULL; 998 btmtk_data->isopkt_rx_ep = NULL; 999 1000 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1001 struct usb_endpoint_descriptor *ep_desc; 1002 1003 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1004 1005 if (!btmtk_data->isopkt_tx_ep && 1006 usb_endpoint_is_int_out(ep_desc)) { 1007 btmtk_data->isopkt_tx_ep = ep_desc; 1008 continue; 1009 } 1010 1011 if (!btmtk_data->isopkt_rx_ep && 1012 usb_endpoint_is_int_in(ep_desc)) { 1013 btmtk_data->isopkt_rx_ep = ep_desc; 1014 continue; 1015 } 1016 } 1017 1018 if (!btmtk_data->isopkt_tx_ep || 1019 !btmtk_data->isopkt_rx_ep) { 1020 bt_dev_err(hdev, "invalid interrupt descriptors"); 1021 return -ENODEV; 1022 } 1023 1024 return 0; 1025 } 1026 1027 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb, 1028 usb_complete_t tx_complete) 1029 { 1030 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1031 struct urb *urb; 1032 unsigned int pipe; 1033 1034 if (!btmtk_data->isopkt_tx_ep) 1035 return ERR_PTR(-ENODEV); 1036 1037 urb = usb_alloc_urb(0, GFP_KERNEL); 1038 if (!urb) 1039 return ERR_PTR(-ENOMEM); 1040 1041 if (btmtk_isopkt_pad(hdev, skb)) 1042 return ERR_PTR(-EINVAL); 1043 1044 pipe = usb_sndintpipe(btmtk_data->udev, 1045 btmtk_data->isopkt_tx_ep->bEndpointAddress); 1046 1047 usb_fill_int_urb(urb, btmtk_data->udev, pipe, 1048 skb->data, skb->len, tx_complete, 1049 skb, btmtk_data->isopkt_tx_ep->bInterval); 1050 1051 skb->dev = (void *)hdev; 1052 1053 return urb; 1054 } 1055 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb); 1056 1057 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count) 1058 { 1059 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1060 struct sk_buff *skb; 1061 unsigned long flags; 1062 int err = 0; 1063 1064 spin_lock_irqsave(&btmtk_data->isorxlock, flags); 1065 skb = btmtk_data->isopkt_skb; 1066 1067 while (count) { 1068 int len; 1069 1070 if (!skb) { 1071 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC); 1072 if (!skb) { 1073 err = -ENOMEM; 1074 break; 1075 } 1076 1077 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1078 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE; 1079 } 1080 1081 len = min_t(uint, hci_skb_expect(skb), count); 1082 skb_put_data(skb, buffer, len); 1083 1084 count -= len; 1085 buffer += len; 1086 hci_skb_expect(skb) -= len; 1087 1088 if (skb->len == HCI_ISO_HDR_SIZE) { 1089 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen; 1090 1091 /* Complete ISO header */ 1092 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1093 1094 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1095 kfree_skb(skb); 1096 skb = NULL; 1097 1098 err = -EILSEQ; 1099 break; 1100 } 1101 } 1102 1103 if (!hci_skb_expect(skb)) { 1104 /* Complete frame */ 1105 hci_recv_frame(hdev, skb); 1106 skb = NULL; 1107 } 1108 } 1109 1110 btmtk_data->isopkt_skb = skb; 1111 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags); 1112 1113 return err; 1114 } 1115 1116 static void btmtk_intr_complete(struct urb *urb) 1117 { 1118 struct hci_dev *hdev = urb->context; 1119 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1120 int err; 1121 1122 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1123 urb->actual_length); 1124 1125 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1126 return; 1127 1128 if (hdev->suspended) 1129 return; 1130 1131 if (urb->status == 0) { 1132 hdev->stat.byte_rx += urb->actual_length; 1133 1134 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer, 1135 urb->actual_length) < 0) { 1136 bt_dev_err(hdev, "corrupted iso packet"); 1137 hdev->stat.err_rx++; 1138 } 1139 } else if (urb->status == -ENOENT) { 1140 /* Avoid suspend failed when usb_kill_urb */ 1141 return; 1142 } 1143 1144 usb_mark_last_busy(btmtk_data->udev); 1145 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1146 1147 err = usb_submit_urb(urb, GFP_ATOMIC); 1148 if (err < 0) { 1149 /* -EPERM: urb is being killed; 1150 * -ENODEV: device got disconnected 1151 */ 1152 if (err != -EPERM && err != -ENODEV) 1153 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1154 urb, -err); 1155 if (err != -EPERM) 1156 hci_cmd_sync_cancel(hdev, -err); 1157 usb_unanchor_urb(urb); 1158 } 1159 } 1160 1161 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1162 { 1163 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1164 unsigned char *buf; 1165 unsigned int pipe; 1166 struct urb *urb; 1167 int err, size; 1168 1169 BT_DBG("%s", hdev->name); 1170 1171 if (!btmtk_data->isopkt_rx_ep) 1172 return -ENODEV; 1173 1174 urb = usb_alloc_urb(0, mem_flags); 1175 if (!urb) 1176 return -ENOMEM; 1177 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize); 1178 1179 buf = kmalloc(size, mem_flags); 1180 if (!buf) { 1181 usb_free_urb(urb); 1182 return -ENOMEM; 1183 } 1184 1185 pipe = usb_rcvintpipe(btmtk_data->udev, 1186 btmtk_data->isopkt_rx_ep->bEndpointAddress); 1187 1188 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size, 1189 btmtk_intr_complete, hdev, 1190 btmtk_data->isopkt_rx_ep->bInterval); 1191 1192 urb->transfer_flags |= URB_FREE_BUFFER; 1193 1194 usb_mark_last_busy(btmtk_data->udev); 1195 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1196 1197 err = usb_submit_urb(urb, mem_flags); 1198 if (err < 0) { 1199 if (err != -EPERM && err != -ENODEV) 1200 bt_dev_err(hdev, "urb %p submission failed (%d)", 1201 urb, -err); 1202 usb_unanchor_urb(urb); 1203 } 1204 1205 usb_free_urb(urb); 1206 1207 return err; 1208 } 1209 1210 static int btmtk_usb_isointf_init(struct hci_dev *hdev) 1211 { 1212 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1213 u8 iso_param[2] = { 0x08, 0x01 }; 1214 struct sk_buff *skb; 1215 int err; 1216 1217 init_usb_anchor(&btmtk_data->isopkt_anchor); 1218 spin_lock_init(&btmtk_data->isorxlock); 1219 1220 __set_mtk_intr_interface(hdev); 1221 1222 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL); 1223 if (err < 0) { 1224 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1225 bt_dev_err(hdev, "ISO intf not support (%d)", err); 1226 return err; 1227 } 1228 1229 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param, 1230 HCI_INIT_TIMEOUT); 1231 if (IS_ERR(skb)) { 1232 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb)); 1233 return PTR_ERR(skb); 1234 } 1235 kfree_skb(skb); 1236 1237 return 0; 1238 } 1239 1240 int btmtk_usb_resume(struct hci_dev *hdev) 1241 { 1242 /* This function describes the specific additional steps taken by MediaTek 1243 * when Bluetooth usb driver's resume function is called. 1244 */ 1245 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1246 1247 /* Resubmit urb for iso data transmission */ 1248 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) { 1249 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0) 1250 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1251 } 1252 1253 return 0; 1254 } 1255 EXPORT_SYMBOL_GPL(btmtk_usb_resume); 1256 1257 int btmtk_usb_suspend(struct hci_dev *hdev) 1258 { 1259 /* This function describes the specific additional steps taken by MediaTek 1260 * when Bluetooth usb driver's suspend function is called. 1261 */ 1262 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1263 1264 /* Stop urb anchor for iso data transmission */ 1265 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1266 1267 return 0; 1268 } 1269 EXPORT_SYMBOL_GPL(btmtk_usb_suspend); 1270 1271 int btmtk_usb_setup(struct hci_dev *hdev) 1272 { 1273 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1274 struct btmtk_hci_wmt_params wmt_params; 1275 ktime_t calltime, delta, rettime; 1276 struct btmtk_tci_sleep tci_sleep; 1277 unsigned long long duration; 1278 struct sk_buff *skb; 1279 const char *fwname; 1280 int err, status; 1281 u32 dev_id = 0; 1282 char fw_bin_name[64]; 1283 u32 fw_version = 0, fw_flavor = 0; 1284 u8 param; 1285 1286 calltime = ktime_get(); 1287 1288 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id); 1289 if (err < 0) { 1290 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1291 return err; 1292 } 1293 1294 if (!dev_id || dev_id != 0x7663) { 1295 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id); 1296 if (err < 0) { 1297 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1298 return err; 1299 } 1300 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version); 1301 if (err < 0) { 1302 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 1303 return err; 1304 } 1305 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor); 1306 if (err < 0) { 1307 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err); 1308 return err; 1309 } 1310 fw_flavor = (fw_flavor & 0x00000080) >> 7; 1311 } 1312 1313 btmtk_data->dev_id = dev_id; 1314 1315 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version); 1316 if (err < 0) 1317 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 1318 1319 switch (dev_id) { 1320 case 0x7663: 1321 fwname = FIRMWARE_MT7663; 1322 break; 1323 case 0x7668: 1324 fwname = FIRMWARE_MT7668; 1325 break; 1326 case 0x7922: 1327 case 0x7961: 1328 case 0x7925: 1329 /* Reset the device to ensure it's in the initial state before 1330 * downloading the firmware to ensure. 1331 */ 1332 1333 if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags)) 1334 btmtk_usb_subsys_reset(hdev, dev_id); 1335 1336 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, 1337 fw_version, fw_flavor); 1338 1339 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 1340 btmtk_usb_hci_wmt_sync); 1341 if (err < 0) { 1342 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 1343 clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1344 return err; 1345 } 1346 1347 set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1348 1349 /* It's Device EndPoint Reset Option Register */ 1350 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 1351 MTK_EP_RST_IN_OUT_OPT); 1352 if (err < 0) 1353 return err; 1354 1355 /* Enable Bluetooth protocol */ 1356 param = 1; 1357 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1358 wmt_params.flag = 0; 1359 wmt_params.dlen = sizeof(param); 1360 wmt_params.data = ¶m; 1361 wmt_params.status = NULL; 1362 1363 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1364 if (err < 0) { 1365 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1366 return err; 1367 } 1368 1369 hci_set_msft_opcode(hdev, 0xFD30); 1370 hci_set_aosp_capable(hdev); 1371 1372 /* Set up ISO interface after protocol enabled */ 1373 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 1374 if (!btmtk_usb_isointf_init(hdev)) 1375 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1376 } 1377 1378 goto done; 1379 default: 1380 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 1381 dev_id); 1382 return -ENODEV; 1383 } 1384 1385 /* Query whether the firmware is already download */ 1386 wmt_params.op = BTMTK_WMT_SEMAPHORE; 1387 wmt_params.flag = 1; 1388 wmt_params.dlen = 0; 1389 wmt_params.data = NULL; 1390 wmt_params.status = &status; 1391 1392 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1393 if (err < 0) { 1394 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 1395 return err; 1396 } 1397 1398 if (status == BTMTK_WMT_PATCH_DONE) { 1399 bt_dev_info(hdev, "firmware already downloaded"); 1400 goto ignore_setup_fw; 1401 } 1402 1403 /* Setup a firmware which the device definitely requires */ 1404 err = btmtk_setup_firmware(hdev, fwname, 1405 btmtk_usb_hci_wmt_sync); 1406 if (err < 0) 1407 return err; 1408 1409 ignore_setup_fw: 1410 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status, 1411 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 1412 2000, 5000000); 1413 /* -ETIMEDOUT happens */ 1414 if (err < 0) 1415 return err; 1416 1417 /* The other errors happen in btmtk_usb_func_query */ 1418 if (status < 0) 1419 return status; 1420 1421 if (status == BTMTK_WMT_ON_DONE) { 1422 bt_dev_info(hdev, "function already on"); 1423 goto ignore_func_on; 1424 } 1425 1426 /* Enable Bluetooth protocol */ 1427 param = 1; 1428 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1429 wmt_params.flag = 0; 1430 wmt_params.dlen = sizeof(param); 1431 wmt_params.data = ¶m; 1432 wmt_params.status = NULL; 1433 1434 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1435 if (err < 0) { 1436 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1437 return err; 1438 } 1439 1440 ignore_func_on: 1441 /* Apply the low power environment setup */ 1442 tci_sleep.mode = 0x5; 1443 tci_sleep.duration = cpu_to_le16(0x640); 1444 tci_sleep.host_duration = cpu_to_le16(0x640); 1445 tci_sleep.host_wakeup_pin = 0; 1446 tci_sleep.time_compensation = 0; 1447 1448 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 1449 HCI_INIT_TIMEOUT); 1450 if (IS_ERR(skb)) { 1451 err = PTR_ERR(skb); 1452 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 1453 return err; 1454 } 1455 kfree_skb(skb); 1456 1457 done: 1458 rettime = ktime_get(); 1459 delta = ktime_sub(rettime, calltime); 1460 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1461 1462 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1463 1464 return 0; 1465 } 1466 EXPORT_SYMBOL_GPL(btmtk_usb_setup); 1467 1468 int btmtk_usb_shutdown(struct hci_dev *hdev) 1469 { 1470 struct btmtk_hci_wmt_params wmt_params; 1471 u8 param = 0; 1472 int err; 1473 1474 /* Disable the device */ 1475 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1476 wmt_params.flag = 0; 1477 wmt_params.dlen = sizeof(param); 1478 wmt_params.data = ¶m; 1479 wmt_params.status = NULL; 1480 1481 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1482 if (err < 0) { 1483 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1484 return err; 1485 } 1486 1487 return 0; 1488 } 1489 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); 1490 1491 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1492 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>"); 1493 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION); 1494 MODULE_VERSION(VERSION); 1495 MODULE_LICENSE("GPL"); 1496 MODULE_FIRMWARE(FIRMWARE_MT7622); 1497 MODULE_FIRMWARE(FIRMWARE_MT7663); 1498 MODULE_FIRMWARE(FIRMWARE_MT7668); 1499 MODULE_FIRMWARE(FIRMWARE_MT7922); 1500 MODULE_FIRMWARE(FIRMWARE_MT7961); 1501 MODULE_FIRMWARE(FIRMWARE_MT7925); 1502