1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2021 MediaTek Inc. 3 * 4 */ 5 #include <linux/module.h> 6 #include <linux/firmware.h> 7 #include <linux/usb.h> 8 #include <linux/iopoll.h> 9 #include <linux/unaligned.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btmtk.h" 15 16 #define VERSION "0.1" 17 18 /* It is for mt79xx download rom patch*/ 19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32 20 #define MTK_FW_ROM_PATCH_GD_SIZE 64 21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64 22 #define MTK_SEC_MAP_COMMON_SIZE 12 23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52 24 25 /* It is for mt79xx iso data transmission setting */ 26 #define MTK_ISO_THRESHOLD 264 27 28 struct btmtk_patch_header { 29 u8 datetime[16]; 30 u8 platform[4]; 31 __le16 hwver; 32 __le16 swver; 33 __le32 magicnum; 34 } __packed; 35 36 struct btmtk_global_desc { 37 __le32 patch_ver; 38 __le32 sub_sys; 39 __le32 feature_opt; 40 __le32 section_num; 41 } __packed; 42 43 struct btmtk_section_map { 44 __le32 sectype; 45 __le32 secoffset; 46 __le32 secsize; 47 union { 48 __le32 u4SecSpec[13]; 49 struct { 50 __le32 dlAddr; 51 __le32 dlsize; 52 __le32 seckeyidx; 53 __le32 alignlen; 54 __le32 sectype; 55 __le32 dlmodecrctype; 56 __le32 crc; 57 __le32 reserved[6]; 58 } bin_info_spec; 59 }; 60 } __packed; 61 62 static void btmtk_coredump(struct hci_dev *hdev) 63 { 64 int err; 65 66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL); 67 if (err < 0) 68 bt_dev_err(hdev, "Coredump failed (%d)", err); 69 } 70 71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 struct btmtk_data *data = hci_get_priv(hdev); 74 char buf[80]; 75 76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 77 data->dev_id); 78 skb_put_data(skb, buf, strlen(buf)); 79 80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 81 data->cd_info.fw_version); 82 skb_put_data(skb, buf, strlen(buf)); 83 84 snprintf(buf, sizeof(buf), "Driver: %s\n", 85 data->cd_info.driver_name); 86 skb_put_data(skb, buf, strlen(buf)); 87 88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n"); 89 skb_put_data(skb, buf, strlen(buf)); 90 } 91 92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state) 93 { 94 struct btmtk_data *data = hci_get_priv(hdev); 95 96 switch (state) { 97 case HCI_DEVCOREDUMP_IDLE: 98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 99 break; 100 case HCI_DEVCOREDUMP_ACTIVE: 101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE; 102 break; 103 case HCI_DEVCOREDUMP_TIMEOUT: 104 case HCI_DEVCOREDUMP_ABORT: 105 case HCI_DEVCOREDUMP_DONE: 106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 107 btmtk_reset_sync(hdev); 108 break; 109 } 110 } 111 112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver, 113 u32 fw_flavor) 114 { 115 if (dev_id == 0x7925) 116 snprintf(buf, size, 117 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 118 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1); 119 else if (dev_id == 0x7961 && fw_flavor) 120 snprintf(buf, size, 121 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin", 122 dev_id & 0xffff, (fw_ver & 0xff) + 1); 123 else 124 snprintf(buf, size, 125 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 126 dev_id & 0xffff, (fw_ver & 0xff) + 1); 127 } 128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename); 129 130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, 131 wmt_cmd_sync_func_t wmt_cmd_sync) 132 { 133 struct btmtk_hci_wmt_params wmt_params; 134 struct btmtk_patch_header *hdr; 135 struct btmtk_global_desc *globaldesc = NULL; 136 struct btmtk_section_map *sectionmap; 137 const struct firmware *fw; 138 const u8 *fw_ptr; 139 const u8 *fw_bin_ptr; 140 int err, dlen, i, status; 141 u8 flag, first_block, retry; 142 u32 section_num, dl_size, section_offset; 143 u8 cmd[64]; 144 145 err = request_firmware(&fw, fwname, &hdev->dev); 146 if (err < 0) { 147 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 148 return err; 149 } 150 151 fw_ptr = fw->data; 152 fw_bin_ptr = fw_ptr; 153 hdr = (struct btmtk_patch_header *)fw_ptr; 154 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE); 155 section_num = le32_to_cpu(globaldesc->section_num); 156 157 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s", 158 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime); 159 160 for (i = 0; i < section_num; i++) { 161 first_block = 1; 162 fw_ptr = fw_bin_ptr; 163 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 164 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i); 165 166 section_offset = le32_to_cpu(sectionmap->secoffset); 167 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize); 168 169 if (dl_size > 0) { 170 retry = 20; 171 while (retry > 0) { 172 cmd[0] = 0; /* 0 means legacy dl mode. */ 173 memcpy(cmd + 1, 174 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE + 175 MTK_FW_ROM_PATCH_GD_SIZE + 176 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + 177 MTK_SEC_MAP_COMMON_SIZE, 178 MTK_SEC_MAP_NEED_SEND_SIZE + 1); 179 180 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 181 wmt_params.status = &status; 182 wmt_params.flag = 0; 183 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1; 184 wmt_params.data = &cmd; 185 186 err = wmt_cmd_sync(hdev, &wmt_params); 187 if (err < 0) { 188 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 189 err); 190 goto err_release_fw; 191 } 192 193 if (status == BTMTK_WMT_PATCH_UNDONE) { 194 break; 195 } else if (status == BTMTK_WMT_PATCH_PROGRESS) { 196 msleep(100); 197 retry--; 198 } else if (status == BTMTK_WMT_PATCH_DONE) { 199 goto next_section; 200 } else { 201 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)", 202 status); 203 err = -EIO; 204 goto err_release_fw; 205 } 206 } 207 208 fw_ptr += section_offset; 209 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 210 wmt_params.status = NULL; 211 212 while (dl_size > 0) { 213 dlen = min_t(int, 250, dl_size); 214 if (first_block == 1) { 215 flag = 1; 216 first_block = 0; 217 } else if (dl_size - dlen <= 0) { 218 flag = 3; 219 } else { 220 flag = 2; 221 } 222 223 wmt_params.flag = flag; 224 wmt_params.dlen = dlen; 225 wmt_params.data = fw_ptr; 226 227 err = wmt_cmd_sync(hdev, &wmt_params); 228 if (err < 0) { 229 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 230 err); 231 goto err_release_fw; 232 } 233 234 dl_size -= dlen; 235 fw_ptr += dlen; 236 } 237 } 238 next_section: 239 continue; 240 } 241 /* Wait a few moments for firmware activation done */ 242 usleep_range(100000, 120000); 243 244 err_release_fw: 245 release_firmware(fw); 246 247 return err; 248 } 249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx); 250 251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname, 252 wmt_cmd_sync_func_t wmt_cmd_sync) 253 { 254 struct btmtk_hci_wmt_params wmt_params; 255 const struct firmware *fw; 256 const u8 *fw_ptr; 257 size_t fw_size; 258 int err, dlen; 259 u8 flag, param; 260 261 err = request_firmware(&fw, fwname, &hdev->dev); 262 if (err < 0) { 263 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 264 return err; 265 } 266 267 /* Power on data RAM the firmware relies on. */ 268 param = 1; 269 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 270 wmt_params.flag = 3; 271 wmt_params.dlen = sizeof(param); 272 wmt_params.data = ¶m; 273 wmt_params.status = NULL; 274 275 err = wmt_cmd_sync(hdev, &wmt_params); 276 if (err < 0) { 277 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 278 goto err_release_fw; 279 } 280 281 fw_ptr = fw->data; 282 fw_size = fw->size; 283 284 /* The size of patch header is 30 bytes, should be skip */ 285 if (fw_size < 30) { 286 err = -EINVAL; 287 goto err_release_fw; 288 } 289 290 fw_size -= 30; 291 fw_ptr += 30; 292 flag = 1; 293 294 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 295 wmt_params.status = NULL; 296 297 while (fw_size > 0) { 298 dlen = min_t(int, 250, fw_size); 299 300 /* Tell device the position in sequence */ 301 if (fw_size - dlen <= 0) 302 flag = 3; 303 else if (fw_size < fw->size - 30) 304 flag = 2; 305 306 wmt_params.flag = flag; 307 wmt_params.dlen = dlen; 308 wmt_params.data = fw_ptr; 309 310 err = wmt_cmd_sync(hdev, &wmt_params); 311 if (err < 0) { 312 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 313 err); 314 goto err_release_fw; 315 } 316 317 fw_size -= dlen; 318 fw_ptr += dlen; 319 } 320 321 wmt_params.op = BTMTK_WMT_RST; 322 wmt_params.flag = 4; 323 wmt_params.dlen = 0; 324 wmt_params.data = NULL; 325 wmt_params.status = NULL; 326 327 /* Activate funciton the firmware providing to */ 328 err = wmt_cmd_sync(hdev, &wmt_params); 329 if (err < 0) { 330 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 331 goto err_release_fw; 332 } 333 334 /* Wait a few moments for firmware activation done */ 335 usleep_range(10000, 12000); 336 337 err_release_fw: 338 release_firmware(fw); 339 340 return err; 341 } 342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware); 343 344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 345 { 346 struct sk_buff *skb; 347 long ret; 348 349 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT); 350 if (IS_ERR(skb)) { 351 ret = PTR_ERR(skb); 352 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)", 353 ret); 354 return ret; 355 } 356 kfree_skb(skb); 357 358 return 0; 359 } 360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr); 361 362 void btmtk_reset_sync(struct hci_dev *hdev) 363 { 364 struct btmtk_data *reset_work = hci_get_priv(hdev); 365 int err; 366 367 hci_dev_lock(hdev); 368 369 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL); 370 if (err) 371 bt_dev_err(hdev, "failed to reset (%d)", err); 372 373 hci_dev_unlock(hdev); 374 } 375 EXPORT_SYMBOL_GPL(btmtk_reset_sync); 376 377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name, 378 u32 fw_version) 379 { 380 struct btmtk_data *data = hci_get_priv(hdev); 381 382 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) 383 return -EOPNOTSUPP; 384 385 data->cd_info.fw_version = fw_version; 386 data->cd_info.state = HCI_DEVCOREDUMP_IDLE; 387 data->cd_info.driver_name = name; 388 389 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr, 390 btmtk_coredump_notify); 391 } 392 EXPORT_SYMBOL_GPL(btmtk_register_coredump); 393 394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 395 { 396 struct btmtk_data *data = hci_get_priv(hdev); 397 int err; 398 399 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) { 400 kfree_skb(skb); 401 return 0; 402 } 403 404 switch (data->cd_info.state) { 405 case HCI_DEVCOREDUMP_IDLE: 406 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); 407 if (err < 0) { 408 kfree_skb(skb); 409 break; 410 } 411 data->cd_info.cnt = 0; 412 413 /* It is supposed coredump can be done within 5 seconds */ 414 schedule_delayed_work(&hdev->dump.dump_timeout, 415 msecs_to_jiffies(5000)); 416 fallthrough; 417 case HCI_DEVCOREDUMP_ACTIVE: 418 default: 419 err = hci_devcd_append(hdev, skb); 420 if (err < 0) 421 break; 422 data->cd_info.cnt++; 423 424 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */ 425 if (data->cd_info.cnt > MTK_COREDUMP_NUM && 426 skb->len > MTK_COREDUMP_END_LEN) 427 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN], 428 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) { 429 bt_dev_info(hdev, "Mediatek coredump end"); 430 hci_devcd_complete(hdev); 431 } 432 433 break; 434 } 435 436 return err; 437 } 438 EXPORT_SYMBOL_GPL(btmtk_process_coredump); 439 440 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) 441 static void btmtk_usb_wmt_recv(struct urb *urb) 442 { 443 struct hci_dev *hdev = urb->context; 444 struct btmtk_data *data = hci_get_priv(hdev); 445 struct sk_buff *skb; 446 int err; 447 448 if (urb->status == 0 && urb->actual_length > 0) { 449 hdev->stat.byte_rx += urb->actual_length; 450 451 /* WMT event shouldn't be fragmented and the size should be 452 * less than HCI_WMT_MAX_EVENT_SIZE. 453 */ 454 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 455 if (!skb) { 456 hdev->stat.err_rx++; 457 kfree(urb->setup_packet); 458 return; 459 } 460 461 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 462 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 463 464 /* When someone waits for the WMT event, the skb is being cloned 465 * and being processed the events from there then. 466 */ 467 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) { 468 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 469 if (!data->evt_skb) { 470 kfree_skb(skb); 471 kfree(urb->setup_packet); 472 return; 473 } 474 } 475 476 err = hci_recv_frame(hdev, skb); 477 if (err < 0) { 478 kfree_skb(data->evt_skb); 479 data->evt_skb = NULL; 480 kfree(urb->setup_packet); 481 return; 482 } 483 484 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT, 485 &data->flags)) { 486 /* Barrier to sync with other CPUs */ 487 smp_mb__after_atomic(); 488 wake_up_bit(&data->flags, 489 BTMTK_TX_WAIT_VND_EVT); 490 } 491 kfree(urb->setup_packet); 492 return; 493 } else if (urb->status == -ENOENT) { 494 /* Avoid suspend failed when usb_kill_urb */ 495 return; 496 } 497 498 usb_mark_last_busy(data->udev); 499 500 /* The URB complete handler is still called with urb->actual_length = 0 501 * when the event is not available, so we should keep re-submitting 502 * URB until WMT event returns, Also, It's necessary to wait some time 503 * between the two consecutive control URBs to relax the target device 504 * to generate the event. Otherwise, the WMT event cannot return from 505 * the device successfully. 506 */ 507 udelay(500); 508 509 usb_anchor_urb(urb, data->ctrl_anchor); 510 err = usb_submit_urb(urb, GFP_ATOMIC); 511 if (err < 0) { 512 kfree(urb->setup_packet); 513 /* -EPERM: urb is being killed; 514 * -ENODEV: device got disconnected 515 */ 516 if (err != -EPERM && err != -ENODEV) 517 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 518 urb, -err); 519 usb_unanchor_urb(urb); 520 } 521 } 522 523 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev) 524 { 525 struct btmtk_data *data = hci_get_priv(hdev); 526 struct usb_ctrlrequest *dr; 527 unsigned char *buf; 528 int err, size = 64; 529 unsigned int pipe; 530 struct urb *urb; 531 532 urb = usb_alloc_urb(0, GFP_KERNEL); 533 if (!urb) 534 return -ENOMEM; 535 536 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 537 if (!dr) { 538 usb_free_urb(urb); 539 return -ENOMEM; 540 } 541 542 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 543 dr->bRequest = 1; 544 dr->wIndex = cpu_to_le16(0); 545 dr->wValue = cpu_to_le16(48); 546 dr->wLength = cpu_to_le16(size); 547 548 buf = kmalloc(size, GFP_KERNEL); 549 if (!buf) { 550 kfree(dr); 551 usb_free_urb(urb); 552 return -ENOMEM; 553 } 554 555 pipe = usb_rcvctrlpipe(data->udev, 0); 556 557 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 558 buf, size, btmtk_usb_wmt_recv, hdev); 559 560 urb->transfer_flags |= URB_FREE_BUFFER; 561 562 usb_anchor_urb(urb, data->ctrl_anchor); 563 err = usb_submit_urb(urb, GFP_KERNEL); 564 if (err < 0) { 565 if (err != -EPERM && err != -ENODEV) 566 bt_dev_err(hdev, "urb %p submission failed (%d)", 567 urb, -err); 568 usb_unanchor_urb(urb); 569 } 570 571 usb_free_urb(urb); 572 573 return err; 574 } 575 576 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev, 577 struct btmtk_hci_wmt_params *wmt_params) 578 { 579 struct btmtk_data *data = hci_get_priv(hdev); 580 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 581 u32 hlen, status = BTMTK_WMT_INVALID; 582 struct btmtk_hci_wmt_evt *wmt_evt; 583 struct btmtk_hci_wmt_cmd *wc; 584 struct btmtk_wmt_hdr *hdr; 585 int err; 586 587 /* Send the WMT command and wait until the WMT event returns */ 588 hlen = sizeof(*hdr) + wmt_params->dlen; 589 if (hlen > 255) 590 return -EINVAL; 591 592 wc = kzalloc(hlen, GFP_KERNEL); 593 if (!wc) 594 return -ENOMEM; 595 596 hdr = &wc->hdr; 597 hdr->dir = 1; 598 hdr->op = wmt_params->op; 599 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 600 hdr->flag = wmt_params->flag; 601 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 602 603 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 604 605 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 606 * it needs constantly polling control pipe until the host received the 607 * WMT event, thus, we should require to specifically acquire PM counter 608 * on the USB to prevent the interface from entering auto suspended 609 * while WMT cmd/event in progress. 610 */ 611 err = usb_autopm_get_interface(data->intf); 612 if (err < 0) 613 goto err_free_wc; 614 615 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 616 617 if (err < 0) { 618 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 619 usb_autopm_put_interface(data->intf); 620 goto err_free_wc; 621 } 622 623 /* Submit control IN URB on demand to process the WMT event */ 624 err = btmtk_usb_submit_wmt_recv_urb(hdev); 625 626 usb_autopm_put_interface(data->intf); 627 628 if (err < 0) 629 goto err_free_wc; 630 631 /* The vendor specific WMT commands are all answered by a vendor 632 * specific event and will have the Command Status or Command 633 * Complete as with usual HCI command flow control. 634 * 635 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 636 * state to be cleared. The driver specific event receive routine 637 * will clear that state and with that indicate completion of the 638 * WMT command. 639 */ 640 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT, 641 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 642 if (err == -EINTR) { 643 bt_dev_err(hdev, "Execution of wmt command interrupted"); 644 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 645 goto err_free_wc; 646 } 647 648 if (err) { 649 bt_dev_err(hdev, "Execution of wmt command timed out"); 650 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags); 651 err = -ETIMEDOUT; 652 goto err_free_wc; 653 } 654 655 if (data->evt_skb == NULL) 656 goto err_free_wc; 657 658 /* Parse and handle the return WMT event */ 659 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 660 if (wmt_evt->whdr.op != hdr->op) { 661 bt_dev_err(hdev, "Wrong op received %d expected %d", 662 wmt_evt->whdr.op, hdr->op); 663 err = -EIO; 664 goto err_free_skb; 665 } 666 667 switch (wmt_evt->whdr.op) { 668 case BTMTK_WMT_SEMAPHORE: 669 if (wmt_evt->whdr.flag == 2) 670 status = BTMTK_WMT_PATCH_UNDONE; 671 else 672 status = BTMTK_WMT_PATCH_DONE; 673 break; 674 case BTMTK_WMT_FUNC_CTRL: 675 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 676 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 677 status = BTMTK_WMT_ON_DONE; 678 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 679 status = BTMTK_WMT_ON_PROGRESS; 680 else 681 status = BTMTK_WMT_ON_UNDONE; 682 break; 683 case BTMTK_WMT_PATCH_DWNLD: 684 if (wmt_evt->whdr.flag == 2) 685 status = BTMTK_WMT_PATCH_DONE; 686 else if (wmt_evt->whdr.flag == 1) 687 status = BTMTK_WMT_PATCH_PROGRESS; 688 else 689 status = BTMTK_WMT_PATCH_UNDONE; 690 break; 691 } 692 693 if (wmt_params->status) 694 *wmt_params->status = status; 695 696 err_free_skb: 697 kfree_skb(data->evt_skb); 698 data->evt_skb = NULL; 699 err_free_wc: 700 kfree(wc); 701 return err; 702 } 703 704 static int btmtk_usb_func_query(struct hci_dev *hdev) 705 { 706 struct btmtk_hci_wmt_params wmt_params; 707 int status, err; 708 u8 param = 0; 709 710 /* Query whether the function is enabled */ 711 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 712 wmt_params.flag = 4; 713 wmt_params.dlen = sizeof(param); 714 wmt_params.data = ¶m; 715 wmt_params.status = &status; 716 717 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 718 if (err < 0) { 719 bt_dev_err(hdev, "Failed to query function status (%d)", err); 720 return err; 721 } 722 723 return status; 724 } 725 726 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val) 727 { 728 struct btmtk_data *data = hci_get_priv(hdev); 729 int pipe, err; 730 void *buf; 731 732 buf = kzalloc(4, GFP_KERNEL); 733 if (!buf) 734 return -ENOMEM; 735 736 put_unaligned_le32(val, buf); 737 738 pipe = usb_sndctrlpipe(data->udev, 0); 739 err = usb_control_msg(data->udev, pipe, 0x02, 740 0x5E, 741 reg >> 16, reg & 0xffff, 742 buf, 4, USB_CTRL_SET_TIMEOUT); 743 if (err < 0) 744 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 745 746 kfree(buf); 747 748 return err; 749 } 750 751 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 752 { 753 struct btmtk_data *data = hci_get_priv(hdev); 754 int pipe, err; 755 void *buf; 756 757 buf = kzalloc(4, GFP_KERNEL); 758 if (!buf) 759 return -ENOMEM; 760 761 pipe = usb_rcvctrlpipe(data->udev, 0); 762 err = usb_control_msg(data->udev, pipe, 0x01, 763 0xDE, 764 reg >> 16, reg & 0xffff, 765 buf, 4, USB_CTRL_GET_TIMEOUT); 766 if (err < 0) { 767 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 768 goto err_free_buf; 769 } 770 771 *val = get_unaligned_le32(buf); 772 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 773 774 err_free_buf: 775 kfree(buf); 776 777 return err; 778 } 779 780 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val) 781 { 782 struct btmtk_data *data = hci_get_priv(hdev); 783 int pipe, err, size = sizeof(u32); 784 void *buf; 785 786 buf = kzalloc(size, GFP_KERNEL); 787 if (!buf) 788 return -ENOMEM; 789 790 pipe = usb_rcvctrlpipe(data->udev, 0); 791 err = usb_control_msg(data->udev, pipe, 0x63, 792 USB_TYPE_VENDOR | USB_DIR_IN, 793 reg >> 16, reg & 0xffff, 794 buf, size, USB_CTRL_GET_TIMEOUT); 795 if (err < 0) 796 goto err_free_buf; 797 798 *val = get_unaligned_le32(buf); 799 800 err_free_buf: 801 kfree(buf); 802 803 return err; 804 } 805 806 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id) 807 { 808 return btmtk_usb_reg_read(hdev, reg, id); 809 } 810 811 static u32 btmtk_usb_reset_done(struct hci_dev *hdev) 812 { 813 u32 val = 0; 814 815 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val); 816 817 return val & MTK_BT_RST_DONE; 818 } 819 820 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id) 821 { 822 u32 val; 823 int err; 824 825 if (dev_id == 0x7922) { 826 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 827 if (err < 0) 828 return err; 829 val |= 0x00002020; 830 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 831 if (err < 0) 832 return err; 833 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 834 if (err < 0) 835 return err; 836 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 837 if (err < 0) 838 return err; 839 val |= BIT(0); 840 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val); 841 if (err < 0) 842 return err; 843 msleep(100); 844 } else if (dev_id == 0x7925) { 845 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 846 if (err < 0) 847 return err; 848 val |= (1 << 5); 849 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 850 if (err < 0) 851 return err; 852 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 853 if (err < 0) 854 return err; 855 val &= 0xFFFF00FF; 856 val |= (1 << 13); 857 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 858 if (err < 0) 859 return err; 860 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001); 861 if (err < 0) 862 return err; 863 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val); 864 if (err < 0) 865 return err; 866 val |= (1 << 0); 867 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val); 868 if (err < 0) 869 return err; 870 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 871 if (err < 0) 872 return err; 873 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 874 if (err < 0) 875 return err; 876 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 877 if (err < 0) 878 return err; 879 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 880 if (err < 0) 881 return err; 882 msleep(100); 883 } else { 884 /* It's Device EndPoint Reset Option Register */ 885 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 886 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 887 if (err < 0) 888 return err; 889 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val); 890 if (err < 0) 891 return err; 892 /* Reset the bluetooth chip via USB interface. */ 893 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1); 894 if (err < 0) 895 return err; 896 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 897 if (err < 0) 898 return err; 899 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val); 900 if (err < 0) 901 return err; 902 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF); 903 if (err < 0) 904 return err; 905 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val); 906 if (err < 0) 907 return err; 908 /* MT7921 need to delay 20ms between toggle reset bit */ 909 msleep(20); 910 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0); 911 if (err < 0) 912 return err; 913 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val); 914 if (err < 0) 915 return err; 916 } 917 918 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val, 919 val & MTK_BT_RST_DONE, 20000, 1000000); 920 if (err < 0) 921 bt_dev_err(hdev, "Reset timeout"); 922 923 if (dev_id == 0x7922) { 924 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF); 925 if (err < 0) 926 return err; 927 } 928 929 err = btmtk_usb_id_get(hdev, 0x70010200, &val); 930 if (err < 0 || !val) 931 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 932 933 return err; 934 } 935 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset); 936 937 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb) 938 { 939 struct btmtk_data *data = hci_get_priv(hdev); 940 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 941 942 switch (handle) { 943 case 0xfc6f: /* Firmware dump from device */ 944 /* When the firmware hangs, the device can no longer 945 * suspend and thus disable auto-suspend. 946 */ 947 usb_disable_autosuspend(data->udev); 948 949 /* We need to forward the diagnostic packet to userspace daemon 950 * for backward compatibility, so we have to clone the packet 951 * extraly for the in-kernel coredump support. 952 */ 953 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) { 954 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC); 955 956 if (skb_cd) 957 btmtk_process_coredump(hdev, skb_cd); 958 } 959 960 fallthrough; 961 case 0x05ff: /* Firmware debug logging 1 */ 962 case 0x05fe: /* Firmware debug logging 2 */ 963 return hci_recv_diag(hdev, skb); 964 } 965 966 return hci_recv_frame(hdev, skb); 967 } 968 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl); 969 970 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb) 971 { 972 if (skb->len > MTK_ISO_THRESHOLD) 973 return -EINVAL; 974 975 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len)) 976 return -ENOMEM; 977 978 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len); 979 980 return 0; 981 } 982 983 static int __set_mtk_intr_interface(struct hci_dev *hdev) 984 { 985 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 986 struct usb_interface *intf = btmtk_data->isopkt_intf; 987 int i, err; 988 989 if (!btmtk_data->isopkt_intf) 990 return -ENODEV; 991 992 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1); 993 if (err < 0) { 994 bt_dev_err(hdev, "setting interface failed (%d)", -err); 995 return err; 996 } 997 998 btmtk_data->isopkt_tx_ep = NULL; 999 btmtk_data->isopkt_rx_ep = NULL; 1000 1001 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1002 struct usb_endpoint_descriptor *ep_desc; 1003 1004 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1005 1006 if (!btmtk_data->isopkt_tx_ep && 1007 usb_endpoint_is_int_out(ep_desc)) { 1008 btmtk_data->isopkt_tx_ep = ep_desc; 1009 continue; 1010 } 1011 1012 if (!btmtk_data->isopkt_rx_ep && 1013 usb_endpoint_is_int_in(ep_desc)) { 1014 btmtk_data->isopkt_rx_ep = ep_desc; 1015 continue; 1016 } 1017 } 1018 1019 if (!btmtk_data->isopkt_tx_ep || 1020 !btmtk_data->isopkt_rx_ep) { 1021 bt_dev_err(hdev, "invalid interrupt descriptors"); 1022 return -ENODEV; 1023 } 1024 1025 return 0; 1026 } 1027 1028 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb, 1029 usb_complete_t tx_complete) 1030 { 1031 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1032 struct urb *urb; 1033 unsigned int pipe; 1034 1035 if (!btmtk_data->isopkt_tx_ep) 1036 return ERR_PTR(-ENODEV); 1037 1038 urb = usb_alloc_urb(0, GFP_KERNEL); 1039 if (!urb) 1040 return ERR_PTR(-ENOMEM); 1041 1042 if (btmtk_isopkt_pad(hdev, skb)) 1043 return ERR_PTR(-EINVAL); 1044 1045 pipe = usb_sndintpipe(btmtk_data->udev, 1046 btmtk_data->isopkt_tx_ep->bEndpointAddress); 1047 1048 usb_fill_int_urb(urb, btmtk_data->udev, pipe, 1049 skb->data, skb->len, tx_complete, 1050 skb, btmtk_data->isopkt_tx_ep->bInterval); 1051 1052 skb->dev = (void *)hdev; 1053 1054 return urb; 1055 } 1056 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb); 1057 1058 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count) 1059 { 1060 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1061 struct sk_buff *skb; 1062 unsigned long flags; 1063 int err = 0; 1064 1065 spin_lock_irqsave(&btmtk_data->isorxlock, flags); 1066 skb = btmtk_data->isopkt_skb; 1067 1068 while (count) { 1069 int len; 1070 1071 if (!skb) { 1072 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC); 1073 if (!skb) { 1074 err = -ENOMEM; 1075 break; 1076 } 1077 1078 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1079 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE; 1080 } 1081 1082 len = min_t(uint, hci_skb_expect(skb), count); 1083 skb_put_data(skb, buffer, len); 1084 1085 count -= len; 1086 buffer += len; 1087 hci_skb_expect(skb) -= len; 1088 1089 if (skb->len == HCI_ISO_HDR_SIZE) { 1090 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen; 1091 1092 /* Complete ISO header */ 1093 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1094 1095 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1096 kfree_skb(skb); 1097 skb = NULL; 1098 1099 err = -EILSEQ; 1100 break; 1101 } 1102 } 1103 1104 if (!hci_skb_expect(skb)) { 1105 /* Complete frame */ 1106 hci_recv_frame(hdev, skb); 1107 skb = NULL; 1108 } 1109 } 1110 1111 btmtk_data->isopkt_skb = skb; 1112 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags); 1113 1114 return err; 1115 } 1116 1117 static void btmtk_intr_complete(struct urb *urb) 1118 { 1119 struct hci_dev *hdev = urb->context; 1120 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1121 int err; 1122 1123 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1124 urb->actual_length); 1125 1126 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1127 return; 1128 1129 if (hdev->suspended) 1130 return; 1131 1132 if (urb->status == 0) { 1133 hdev->stat.byte_rx += urb->actual_length; 1134 1135 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer, 1136 urb->actual_length) < 0) { 1137 bt_dev_err(hdev, "corrupted iso packet"); 1138 hdev->stat.err_rx++; 1139 } 1140 } else if (urb->status == -ENOENT) { 1141 /* Avoid suspend failed when usb_kill_urb */ 1142 return; 1143 } 1144 1145 usb_mark_last_busy(btmtk_data->udev); 1146 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1147 1148 err = usb_submit_urb(urb, GFP_ATOMIC); 1149 if (err < 0) { 1150 /* -EPERM: urb is being killed; 1151 * -ENODEV: device got disconnected 1152 */ 1153 if (err != -EPERM && err != -ENODEV) 1154 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1155 urb, -err); 1156 if (err != -EPERM) 1157 hci_cmd_sync_cancel(hdev, -err); 1158 usb_unanchor_urb(urb); 1159 } 1160 } 1161 1162 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1163 { 1164 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1165 unsigned char *buf; 1166 unsigned int pipe; 1167 struct urb *urb; 1168 int err, size; 1169 1170 BT_DBG("%s", hdev->name); 1171 1172 if (!btmtk_data->isopkt_rx_ep) 1173 return -ENODEV; 1174 1175 urb = usb_alloc_urb(0, mem_flags); 1176 if (!urb) 1177 return -ENOMEM; 1178 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize); 1179 1180 buf = kmalloc(size, mem_flags); 1181 if (!buf) { 1182 usb_free_urb(urb); 1183 return -ENOMEM; 1184 } 1185 1186 pipe = usb_rcvintpipe(btmtk_data->udev, 1187 btmtk_data->isopkt_rx_ep->bEndpointAddress); 1188 1189 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size, 1190 btmtk_intr_complete, hdev, 1191 btmtk_data->isopkt_rx_ep->bInterval); 1192 1193 urb->transfer_flags |= URB_FREE_BUFFER; 1194 1195 usb_mark_last_busy(btmtk_data->udev); 1196 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor); 1197 1198 err = usb_submit_urb(urb, mem_flags); 1199 if (err < 0) { 1200 if (err != -EPERM && err != -ENODEV) 1201 bt_dev_err(hdev, "urb %p submission failed (%d)", 1202 urb, -err); 1203 usb_unanchor_urb(urb); 1204 } 1205 1206 usb_free_urb(urb); 1207 1208 return err; 1209 } 1210 1211 static int btmtk_usb_isointf_init(struct hci_dev *hdev) 1212 { 1213 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1214 u8 iso_param[2] = { 0x08, 0x01 }; 1215 struct sk_buff *skb; 1216 int err; 1217 1218 init_usb_anchor(&btmtk_data->isopkt_anchor); 1219 spin_lock_init(&btmtk_data->isorxlock); 1220 1221 __set_mtk_intr_interface(hdev); 1222 1223 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL); 1224 if (err < 0) { 1225 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1226 bt_dev_err(hdev, "ISO intf not support (%d)", err); 1227 return err; 1228 } 1229 1230 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param, 1231 HCI_INIT_TIMEOUT); 1232 if (IS_ERR(skb)) { 1233 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb)); 1234 return PTR_ERR(skb); 1235 } 1236 kfree_skb(skb); 1237 1238 return 0; 1239 } 1240 1241 int btmtk_usb_resume(struct hci_dev *hdev) 1242 { 1243 /* This function describes the specific additional steps taken by MediaTek 1244 * when Bluetooth usb driver's resume function is called. 1245 */ 1246 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1247 1248 /* Resubmit urb for iso data transmission */ 1249 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) { 1250 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0) 1251 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1252 } 1253 1254 return 0; 1255 } 1256 EXPORT_SYMBOL_GPL(btmtk_usb_resume); 1257 1258 int btmtk_usb_suspend(struct hci_dev *hdev) 1259 { 1260 /* This function describes the specific additional steps taken by MediaTek 1261 * when Bluetooth usb driver's suspend function is called. 1262 */ 1263 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1264 1265 /* Stop urb anchor for iso data transmission */ 1266 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) 1267 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 1268 1269 return 0; 1270 } 1271 EXPORT_SYMBOL_GPL(btmtk_usb_suspend); 1272 1273 int btmtk_usb_setup(struct hci_dev *hdev) 1274 { 1275 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 1276 struct btmtk_hci_wmt_params wmt_params; 1277 ktime_t calltime, delta, rettime; 1278 struct btmtk_tci_sleep tci_sleep; 1279 unsigned long long duration; 1280 struct sk_buff *skb; 1281 const char *fwname; 1282 int err, status; 1283 u32 dev_id = 0; 1284 char fw_bin_name[64]; 1285 u32 fw_version = 0, fw_flavor = 0; 1286 u8 param; 1287 1288 calltime = ktime_get(); 1289 1290 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id); 1291 if (err < 0) { 1292 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1293 return err; 1294 } 1295 1296 if (!dev_id || dev_id != 0x7663) { 1297 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id); 1298 if (err < 0) { 1299 bt_dev_err(hdev, "Failed to get device id (%d)", err); 1300 return err; 1301 } 1302 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version); 1303 if (err < 0) { 1304 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 1305 return err; 1306 } 1307 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor); 1308 if (err < 0) { 1309 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err); 1310 return err; 1311 } 1312 fw_flavor = (fw_flavor & 0x00000080) >> 7; 1313 } 1314 1315 btmtk_data->dev_id = dev_id; 1316 1317 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version); 1318 if (err < 0) 1319 bt_dev_err(hdev, "Failed to register coredump (%d)", err); 1320 1321 switch (dev_id) { 1322 case 0x7663: 1323 fwname = FIRMWARE_MT7663; 1324 break; 1325 case 0x7668: 1326 fwname = FIRMWARE_MT7668; 1327 break; 1328 case 0x7922: 1329 case 0x7961: 1330 case 0x7925: 1331 /* Reset the device to ensure it's in the initial state before 1332 * downloading the firmware to ensure. 1333 */ 1334 1335 if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags)) 1336 btmtk_usb_subsys_reset(hdev, dev_id); 1337 1338 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id, 1339 fw_version, fw_flavor); 1340 1341 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 1342 btmtk_usb_hci_wmt_sync); 1343 if (err < 0) { 1344 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 1345 clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1346 return err; 1347 } 1348 1349 set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags); 1350 1351 /* It's Device EndPoint Reset Option Register */ 1352 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 1353 MTK_EP_RST_IN_OUT_OPT); 1354 if (err < 0) 1355 return err; 1356 1357 /* Enable Bluetooth protocol */ 1358 param = 1; 1359 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1360 wmt_params.flag = 0; 1361 wmt_params.dlen = sizeof(param); 1362 wmt_params.data = ¶m; 1363 wmt_params.status = NULL; 1364 1365 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1366 if (err < 0) { 1367 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1368 return err; 1369 } 1370 1371 hci_set_msft_opcode(hdev, 0xFD30); 1372 hci_set_aosp_capable(hdev); 1373 1374 /* Set up ISO interface after protocol enabled */ 1375 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 1376 if (!btmtk_usb_isointf_init(hdev)) 1377 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 1378 } 1379 1380 goto done; 1381 default: 1382 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 1383 dev_id); 1384 return -ENODEV; 1385 } 1386 1387 /* Query whether the firmware is already download */ 1388 wmt_params.op = BTMTK_WMT_SEMAPHORE; 1389 wmt_params.flag = 1; 1390 wmt_params.dlen = 0; 1391 wmt_params.data = NULL; 1392 wmt_params.status = &status; 1393 1394 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1395 if (err < 0) { 1396 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 1397 return err; 1398 } 1399 1400 if (status == BTMTK_WMT_PATCH_DONE) { 1401 bt_dev_info(hdev, "firmware already downloaded"); 1402 goto ignore_setup_fw; 1403 } 1404 1405 /* Setup a firmware which the device definitely requires */ 1406 err = btmtk_setup_firmware(hdev, fwname, 1407 btmtk_usb_hci_wmt_sync); 1408 if (err < 0) 1409 return err; 1410 1411 ignore_setup_fw: 1412 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status, 1413 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 1414 2000, 5000000); 1415 /* -ETIMEDOUT happens */ 1416 if (err < 0) 1417 return err; 1418 1419 /* The other errors happen in btmtk_usb_func_query */ 1420 if (status < 0) 1421 return status; 1422 1423 if (status == BTMTK_WMT_ON_DONE) { 1424 bt_dev_info(hdev, "function already on"); 1425 goto ignore_func_on; 1426 } 1427 1428 /* Enable Bluetooth protocol */ 1429 param = 1; 1430 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1431 wmt_params.flag = 0; 1432 wmt_params.dlen = sizeof(param); 1433 wmt_params.data = ¶m; 1434 wmt_params.status = NULL; 1435 1436 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1437 if (err < 0) { 1438 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1439 return err; 1440 } 1441 1442 ignore_func_on: 1443 /* Apply the low power environment setup */ 1444 tci_sleep.mode = 0x5; 1445 tci_sleep.duration = cpu_to_le16(0x640); 1446 tci_sleep.host_duration = cpu_to_le16(0x640); 1447 tci_sleep.host_wakeup_pin = 0; 1448 tci_sleep.time_compensation = 0; 1449 1450 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 1451 HCI_INIT_TIMEOUT); 1452 if (IS_ERR(skb)) { 1453 err = PTR_ERR(skb); 1454 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 1455 return err; 1456 } 1457 kfree_skb(skb); 1458 1459 done: 1460 rettime = ktime_get(); 1461 delta = ktime_sub(rettime, calltime); 1462 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1463 1464 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 1465 1466 return 0; 1467 } 1468 EXPORT_SYMBOL_GPL(btmtk_usb_setup); 1469 1470 int btmtk_usb_shutdown(struct hci_dev *hdev) 1471 { 1472 struct btmtk_hci_wmt_params wmt_params; 1473 u8 param = 0; 1474 int err; 1475 1476 /* Disable the device */ 1477 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 1478 wmt_params.flag = 0; 1479 wmt_params.dlen = sizeof(param); 1480 wmt_params.data = ¶m; 1481 wmt_params.status = NULL; 1482 1483 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params); 1484 if (err < 0) { 1485 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 1486 return err; 1487 } 1488 1489 return 0; 1490 } 1491 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); 1492 #endif 1493 1494 MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>"); 1495 MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>"); 1496 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION); 1497 MODULE_VERSION(VERSION); 1498 MODULE_LICENSE("GPL"); 1499 MODULE_FIRMWARE(FIRMWARE_MT7622); 1500 MODULE_FIRMWARE(FIRMWARE_MT7663); 1501 MODULE_FIRMWARE(FIRMWARE_MT7668); 1502 MODULE_FIRMWARE(FIRMWARE_MT7922); 1503 MODULE_FIRMWARE(FIRMWARE_MT7961); 1504 MODULE_FIRMWARE(FIRMWARE_MT7925); 1505