1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NXP Bluetooth driver 4 * Copyright 2023 NXP 5 */ 6 7 #include <linux/module.h> 8 #include <linux/kernel.h> 9 10 #include <linux/serdev.h> 11 #include <linux/of.h> 12 #include <linux/skbuff.h> 13 #include <asm/unaligned.h> 14 #include <linux/firmware.h> 15 #include <linux/string.h> 16 #include <linux/crc8.h> 17 #include <linux/crc32.h> 18 #include <linux/string_helpers.h> 19 20 #include <net/bluetooth/bluetooth.h> 21 #include <net/bluetooth/hci_core.h> 22 23 #include "h4_recv.h" 24 25 #define MANUFACTURER_NXP 37 26 27 #define BTNXPUART_TX_STATE_ACTIVE 1 28 #define BTNXPUART_FW_DOWNLOADING 2 29 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3 30 #define BTNXPUART_SERDEV_OPEN 4 31 #define BTNXPUART_IR_IN_PROGRESS 5 32 #define BTNXPUART_FW_DOWNLOAD_ABORT 6 33 34 /* NXP HW err codes */ 35 #define BTNXPUART_IR_HW_ERR 0xb0 36 37 #define FIRMWARE_W8987 "uart8987_bt_v0.bin" 38 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin" 39 #define FIRMWARE_W8997 "uart8997_bt_v4.bin" 40 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin" 41 #define FIRMWARE_W9098 "uart9098_bt_v1.bin" 42 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin" 43 #define FIRMWARE_IW416 "uartiw416_bt_v0.bin" 44 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se" 45 #define FIRMWARE_IW615 "uartspi_iw610_v0.bin" 46 #define FIRMWARE_SECURE_IW615 "uartspi_iw610_v0.bin.se" 47 #define FIRMWARE_IW624 "uartiw624_bt.bin" 48 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se" 49 #define FIRMWARE_AW693 "uartaw693_bt.bin" 50 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se" 51 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin" 52 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se" 53 #define FIRMWARE_HELPER "helper_uart_3000000.bin" 54 55 #define CHIP_ID_W9098 0x5c03 56 #define CHIP_ID_IW416 0x7201 57 #define CHIP_ID_IW612 0x7601 58 #define CHIP_ID_IW624a 0x8000 59 #define CHIP_ID_IW624c 0x8001 60 #define CHIP_ID_AW693a0 0x8200 61 #define CHIP_ID_AW693a1 0x8201 62 #define CHIP_ID_IW615a0 0x8800 63 #define CHIP_ID_IW615a1 0x8801 64 65 #define FW_SECURE_MASK 0xc0 66 #define FW_OPEN 0x00 67 #define FW_AUTH_ILLEGAL 0x40 68 #define FW_AUTH_PLAIN 0x80 69 #define FW_AUTH_ENC 0xc0 70 71 #define HCI_NXP_PRI_BAUDRATE 115200 72 #define HCI_NXP_SEC_BAUDRATE 3000000 73 74 #define MAX_FW_FILE_NAME_LEN 50 75 76 /* Default ps timeout period in milliseconds */ 77 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000 78 79 /* wakeup methods */ 80 #define WAKEUP_METHOD_DTR 0 81 #define WAKEUP_METHOD_BREAK 1 82 #define WAKEUP_METHOD_EXT_BREAK 2 83 #define WAKEUP_METHOD_RTS 3 84 #define WAKEUP_METHOD_INVALID 0xff 85 86 /* power save mode status */ 87 #define PS_MODE_DISABLE 0 88 #define PS_MODE_ENABLE 1 89 90 /* Power Save Commands to ps_work_func */ 91 #define PS_CMD_EXIT_PS 1 92 #define PS_CMD_ENTER_PS 2 93 94 /* power save state */ 95 #define PS_STATE_AWAKE 0 96 #define PS_STATE_SLEEP 1 97 98 /* Bluetooth vendor command : Sleep mode */ 99 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23 100 /* Bluetooth vendor command : Wakeup method */ 101 #define HCI_NXP_WAKEUP_METHOD 0xfc53 102 /* Bluetooth vendor command : Set operational baudrate */ 103 #define HCI_NXP_SET_OPER_SPEED 0xfc09 104 /* Bluetooth vendor command: Independent Reset */ 105 #define HCI_NXP_IND_RESET 0xfcfc 106 107 /* Bluetooth Power State : Vendor cmd params */ 108 #define BT_PS_ENABLE 0x02 109 #define BT_PS_DISABLE 0x03 110 111 /* Bluetooth Host Wakeup Methods */ 112 #define BT_HOST_WAKEUP_METHOD_NONE 0x00 113 #define BT_HOST_WAKEUP_METHOD_DTR 0x01 114 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02 115 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03 116 117 /* Bluetooth Chip Wakeup Methods */ 118 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00 119 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01 120 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02 121 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04 122 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05 123 124 struct ps_data { 125 u8 target_ps_mode; /* ps mode to be set */ 126 u8 cur_psmode; /* current ps_mode */ 127 u8 ps_state; /* controller's power save state */ 128 u8 ps_cmd; 129 u8 h2c_wakeupmode; 130 u8 cur_h2c_wakeupmode; 131 u8 c2h_wakeupmode; 132 u8 c2h_wakeup_gpio; 133 u8 h2c_wakeup_gpio; 134 bool driver_sent_cmd; 135 u16 h2c_ps_interval; 136 u16 c2h_ps_interval; 137 struct hci_dev *hdev; 138 struct work_struct work; 139 struct timer_list ps_timer; 140 struct mutex ps_lock; 141 }; 142 143 struct wakeup_cmd_payload { 144 u8 c2h_wakeupmode; 145 u8 c2h_wakeup_gpio; 146 u8 h2c_wakeupmode; 147 u8 h2c_wakeup_gpio; 148 } __packed; 149 150 struct psmode_cmd_payload { 151 u8 ps_cmd; 152 __le16 c2h_ps_interval; 153 } __packed; 154 155 struct btnxpuart_data { 156 const char *helper_fw_name; 157 const char *fw_name; 158 const char *fw_name_old; 159 }; 160 161 struct btnxpuart_dev { 162 struct hci_dev *hdev; 163 struct serdev_device *serdev; 164 165 struct work_struct tx_work; 166 unsigned long tx_state; 167 struct sk_buff_head txq; 168 struct sk_buff *rx_skb; 169 170 const struct firmware *fw; 171 u8 fw_name[MAX_FW_FILE_NAME_LEN]; 172 u32 fw_dnld_v1_offset; 173 u32 fw_v1_sent_bytes; 174 u32 fw_dnld_v3_offset; 175 u32 fw_v3_offset_correction; 176 u32 fw_v1_expected_len; 177 u32 boot_reg_offset; 178 wait_queue_head_t fw_dnld_done_wait_q; 179 wait_queue_head_t check_boot_sign_wait_q; 180 181 u32 new_baudrate; 182 u32 current_baudrate; 183 u32 fw_init_baudrate; 184 bool timeout_changed; 185 bool baudrate_changed; 186 bool helper_downloaded; 187 188 struct ps_data psdata; 189 struct btnxpuart_data *nxp_data; 190 }; 191 192 #define NXP_V1_FW_REQ_PKT 0xa5 193 #define NXP_V1_CHIP_VER_PKT 0xaa 194 #define NXP_V3_FW_REQ_PKT 0xa7 195 #define NXP_V3_CHIP_VER_PKT 0xab 196 197 #define NXP_ACK_V1 0x5a 198 #define NXP_NAK_V1 0xbf 199 #define NXP_ACK_V3 0x7a 200 #define NXP_NAK_V3 0x7b 201 #define NXP_CRC_ERROR_V3 0x7c 202 203 /* Bootloader signature error codes */ 204 #define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */ 205 #define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */ 206 #define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */ 207 208 #define HDR_LEN 16 209 210 #define NXP_RECV_CHIP_VER_V1 \ 211 .type = NXP_V1_CHIP_VER_PKT, \ 212 .hlen = 4, \ 213 .loff = 0, \ 214 .lsize = 0, \ 215 .maxlen = 4 216 217 #define NXP_RECV_FW_REQ_V1 \ 218 .type = NXP_V1_FW_REQ_PKT, \ 219 .hlen = 4, \ 220 .loff = 0, \ 221 .lsize = 0, \ 222 .maxlen = 4 223 224 #define NXP_RECV_CHIP_VER_V3 \ 225 .type = NXP_V3_CHIP_VER_PKT, \ 226 .hlen = 4, \ 227 .loff = 0, \ 228 .lsize = 0, \ 229 .maxlen = 4 230 231 #define NXP_RECV_FW_REQ_V3 \ 232 .type = NXP_V3_FW_REQ_PKT, \ 233 .hlen = 9, \ 234 .loff = 0, \ 235 .lsize = 0, \ 236 .maxlen = 9 237 238 struct v1_data_req { 239 __le16 len; 240 __le16 len_comp; 241 } __packed; 242 243 struct v1_start_ind { 244 __le16 chip_id; 245 __le16 chip_id_comp; 246 } __packed; 247 248 struct v3_data_req { 249 __le16 len; 250 __le32 offset; 251 __le16 error; 252 u8 crc; 253 } __packed; 254 255 struct v3_start_ind { 256 __le16 chip_id; 257 u8 loader_ver; 258 u8 crc; 259 } __packed; 260 261 /* UART register addresses of BT chip */ 262 #define CLKDIVADDR 0x7f00008f 263 #define UARTDIVADDR 0x7f000090 264 #define UARTMCRADDR 0x7f000091 265 #define UARTREINITADDR 0x7f000092 266 #define UARTICRADDR 0x7f000093 267 #define UARTFCRADDR 0x7f000094 268 269 #define MCR 0x00000022 270 #define INIT 0x00000001 271 #define ICR 0x000000c7 272 #define FCR 0x000000c7 273 274 #define POLYNOMIAL8 0x07 275 276 struct uart_reg { 277 __le32 address; 278 __le32 value; 279 } __packed; 280 281 struct uart_config { 282 struct uart_reg clkdiv; 283 struct uart_reg uartdiv; 284 struct uart_reg mcr; 285 struct uart_reg re_init; 286 struct uart_reg icr; 287 struct uart_reg fcr; 288 __be32 crc; 289 } __packed; 290 291 struct nxp_bootloader_cmd { 292 __le32 header; 293 __le32 arg; 294 __le32 payload_len; 295 __be32 crc; 296 } __packed; 297 298 struct nxp_v3_rx_timeout_nak { 299 u8 nak; 300 __le32 offset; 301 u8 crc; 302 } __packed; 303 304 union nxp_v3_rx_timeout_nak_u { 305 struct nxp_v3_rx_timeout_nak pkt; 306 u8 buf[6]; 307 }; 308 309 static u8 crc8_table[CRC8_TABLE_SIZE]; 310 311 /* Default configurations */ 312 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK 313 #define DEFAULT_PS_MODE PS_MODE_ENABLE 314 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE 315 316 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode, 317 u32 plen, 318 void *param) 319 { 320 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 321 struct ps_data *psdata = &nxpdev->psdata; 322 struct sk_buff *skb; 323 324 /* set flag to prevent nxp_enqueue from parsing values from this command and 325 * calling hci_cmd_sync_queue() again. 326 */ 327 psdata->driver_sent_cmd = true; 328 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT); 329 psdata->driver_sent_cmd = false; 330 331 return skb; 332 } 333 334 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev) 335 { 336 if (schedule_work(&nxpdev->tx_work)) 337 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 338 } 339 340 /* NXP Power Save Feature */ 341 static void ps_start_timer(struct btnxpuart_dev *nxpdev) 342 { 343 struct ps_data *psdata = &nxpdev->psdata; 344 345 if (!psdata) 346 return; 347 348 if (psdata->cur_psmode == PS_MODE_ENABLE) 349 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval)); 350 351 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS) 352 cancel_work_sync(&psdata->work); 353 } 354 355 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev) 356 { 357 struct ps_data *psdata = &nxpdev->psdata; 358 359 flush_work(&psdata->work); 360 timer_shutdown_sync(&psdata->ps_timer); 361 } 362 363 static void ps_control(struct hci_dev *hdev, u8 ps_state) 364 { 365 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 366 struct ps_data *psdata = &nxpdev->psdata; 367 int status; 368 369 if (psdata->ps_state == ps_state || 370 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state)) 371 return; 372 373 mutex_lock(&psdata->ps_lock); 374 switch (psdata->cur_h2c_wakeupmode) { 375 case WAKEUP_METHOD_DTR: 376 if (ps_state == PS_STATE_AWAKE) 377 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 378 else 379 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 380 break; 381 case WAKEUP_METHOD_BREAK: 382 default: 383 if (ps_state == PS_STATE_AWAKE) 384 status = serdev_device_break_ctl(nxpdev->serdev, 0); 385 else 386 status = serdev_device_break_ctl(nxpdev->serdev, -1); 387 msleep(20); /* Allow chip to detect UART-break and enter sleep */ 388 bt_dev_dbg(hdev, "Set UART break: %s, status=%d", 389 str_on_off(ps_state == PS_STATE_SLEEP), status); 390 break; 391 } 392 if (!status) 393 psdata->ps_state = ps_state; 394 mutex_unlock(&psdata->ps_lock); 395 396 if (ps_state == PS_STATE_AWAKE) 397 btnxpuart_tx_wakeup(nxpdev); 398 } 399 400 static void ps_work_func(struct work_struct *work) 401 { 402 struct ps_data *data = container_of(work, struct ps_data, work); 403 404 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE) 405 ps_control(data->hdev, PS_STATE_SLEEP); 406 else if (data->ps_cmd == PS_CMD_EXIT_PS) 407 ps_control(data->hdev, PS_STATE_AWAKE); 408 } 409 410 static void ps_timeout_func(struct timer_list *t) 411 { 412 struct ps_data *data = from_timer(data, t, ps_timer); 413 struct hci_dev *hdev = data->hdev; 414 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 415 416 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) { 417 ps_start_timer(nxpdev); 418 } else { 419 data->ps_cmd = PS_CMD_ENTER_PS; 420 schedule_work(&data->work); 421 } 422 } 423 424 static void ps_setup(struct hci_dev *hdev) 425 { 426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 427 struct ps_data *psdata = &nxpdev->psdata; 428 429 psdata->hdev = hdev; 430 INIT_WORK(&psdata->work, ps_work_func); 431 mutex_init(&psdata->ps_lock); 432 timer_setup(&psdata->ps_timer, ps_timeout_func, 0); 433 } 434 435 static bool ps_wakeup(struct btnxpuart_dev *nxpdev) 436 { 437 struct ps_data *psdata = &nxpdev->psdata; 438 u8 ps_state; 439 440 mutex_lock(&psdata->ps_lock); 441 ps_state = psdata->ps_state; 442 mutex_unlock(&psdata->ps_lock); 443 444 if (ps_state != PS_STATE_AWAKE) { 445 psdata->ps_cmd = PS_CMD_EXIT_PS; 446 schedule_work(&psdata->work); 447 return true; 448 } 449 return false; 450 } 451 452 static void ps_cleanup(struct btnxpuart_dev *nxpdev) 453 { 454 struct ps_data *psdata = &nxpdev->psdata; 455 u8 ps_state; 456 457 mutex_lock(&psdata->ps_lock); 458 ps_state = psdata->ps_state; 459 mutex_unlock(&psdata->ps_lock); 460 461 if (ps_state != PS_STATE_AWAKE) 462 ps_control(psdata->hdev, PS_STATE_AWAKE); 463 464 ps_cancel_timer(nxpdev); 465 cancel_work_sync(&psdata->work); 466 mutex_destroy(&psdata->ps_lock); 467 } 468 469 static int send_ps_cmd(struct hci_dev *hdev, void *data) 470 { 471 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 472 struct ps_data *psdata = &nxpdev->psdata; 473 struct psmode_cmd_payload pcmd; 474 struct sk_buff *skb; 475 u8 *status; 476 477 if (psdata->target_ps_mode == PS_MODE_ENABLE) 478 pcmd.ps_cmd = BT_PS_ENABLE; 479 else 480 pcmd.ps_cmd = BT_PS_DISABLE; 481 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval); 482 483 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd); 484 if (IS_ERR(skb)) { 485 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb)); 486 return PTR_ERR(skb); 487 } 488 489 status = skb_pull_data(skb, 1); 490 if (status) { 491 if (!*status) 492 psdata->cur_psmode = psdata->target_ps_mode; 493 else 494 psdata->target_ps_mode = psdata->cur_psmode; 495 if (psdata->cur_psmode == PS_MODE_ENABLE) 496 ps_start_timer(nxpdev); 497 else 498 ps_wakeup(nxpdev); 499 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d", 500 *status, psdata->cur_psmode); 501 } 502 kfree_skb(skb); 503 504 return 0; 505 } 506 507 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data) 508 { 509 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 510 struct ps_data *psdata = &nxpdev->psdata; 511 struct wakeup_cmd_payload pcmd; 512 struct sk_buff *skb; 513 u8 *status; 514 515 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode; 516 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio; 517 switch (psdata->h2c_wakeupmode) { 518 case WAKEUP_METHOD_DTR: 519 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR; 520 break; 521 case WAKEUP_METHOD_BREAK: 522 default: 523 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK; 524 break; 525 } 526 pcmd.h2c_wakeup_gpio = 0xff; 527 528 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd); 529 if (IS_ERR(skb)) { 530 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb)); 531 return PTR_ERR(skb); 532 } 533 534 status = skb_pull_data(skb, 1); 535 if (status) { 536 if (*status == 0) 537 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode; 538 else 539 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode; 540 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d", 541 *status, psdata->cur_h2c_wakeupmode); 542 } 543 kfree_skb(skb); 544 545 return 0; 546 } 547 548 static void ps_init(struct hci_dev *hdev) 549 { 550 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 551 struct ps_data *psdata = &nxpdev->psdata; 552 553 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS); 554 usleep_range(5000, 10000); 555 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0); 556 usleep_range(5000, 10000); 557 558 psdata->ps_state = PS_STATE_AWAKE; 559 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE; 560 psdata->c2h_wakeup_gpio = 0xff; 561 562 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID; 563 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS; 564 switch (DEFAULT_H2C_WAKEUP_MODE) { 565 case WAKEUP_METHOD_DTR: 566 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 567 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 568 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 569 break; 570 case WAKEUP_METHOD_BREAK: 571 default: 572 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 573 serdev_device_break_ctl(nxpdev->serdev, -1); 574 usleep_range(5000, 10000); 575 serdev_device_break_ctl(nxpdev->serdev, 0); 576 usleep_range(5000, 10000); 577 break; 578 } 579 580 psdata->cur_psmode = PS_MODE_DISABLE; 581 psdata->target_ps_mode = DEFAULT_PS_MODE; 582 583 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode) 584 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 585 if (psdata->cur_psmode != psdata->target_ps_mode) 586 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 587 } 588 589 /* NXP Firmware Download Feature */ 590 static int nxp_download_firmware(struct hci_dev *hdev) 591 { 592 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 593 int err = 0; 594 595 nxpdev->fw_dnld_v1_offset = 0; 596 nxpdev->fw_v1_sent_bytes = 0; 597 nxpdev->fw_v1_expected_len = HDR_LEN; 598 nxpdev->boot_reg_offset = 0; 599 nxpdev->fw_dnld_v3_offset = 0; 600 nxpdev->fw_v3_offset_correction = 0; 601 nxpdev->baudrate_changed = false; 602 nxpdev->timeout_changed = false; 603 nxpdev->helper_downloaded = false; 604 605 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 606 serdev_device_set_flow_control(nxpdev->serdev, false); 607 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE; 608 609 /* Wait till FW is downloaded */ 610 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q, 611 !test_bit(BTNXPUART_FW_DOWNLOADING, 612 &nxpdev->tx_state), 613 msecs_to_jiffies(60000)); 614 615 release_firmware(nxpdev->fw); 616 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 617 618 if (err == 0) { 619 bt_dev_err(hdev, "FW Download Timeout. offset: %d", 620 nxpdev->fw_dnld_v1_offset ? 621 nxpdev->fw_dnld_v1_offset : 622 nxpdev->fw_dnld_v3_offset); 623 return -ETIMEDOUT; 624 } 625 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) { 626 bt_dev_err(hdev, "FW Download Aborted"); 627 return -EINTR; 628 } 629 630 serdev_device_set_flow_control(nxpdev->serdev, true); 631 632 /* Allow the downloaded FW to initialize */ 633 msleep(1200); 634 635 return 0; 636 } 637 638 static void nxp_send_ack(u8 ack, struct hci_dev *hdev) 639 { 640 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 641 u8 ack_nak[2]; 642 int len = 1; 643 644 ack_nak[0] = ack; 645 if (ack == NXP_ACK_V3) { 646 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff); 647 len = 2; 648 } 649 serdev_device_write_buf(nxpdev->serdev, ack_nak, len); 650 } 651 652 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len) 653 { 654 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 655 struct nxp_bootloader_cmd nxp_cmd5; 656 struct uart_config uart_config; 657 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset; 658 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset; 659 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset; 660 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset; 661 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset; 662 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset; 663 664 if (req_len == sizeof(nxp_cmd5)) { 665 nxp_cmd5.header = __cpu_to_le32(5); 666 nxp_cmd5.arg = 0; 667 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); 668 /* FW expects swapped CRC bytes */ 669 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5, 670 sizeof(nxp_cmd5) - 4)); 671 672 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5)); 673 nxpdev->fw_v3_offset_correction += req_len; 674 } else if (req_len == sizeof(uart_config)) { 675 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr); 676 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000); 677 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr); 678 uart_config.uartdiv.value = __cpu_to_le32(1); 679 uart_config.mcr.address = __cpu_to_le32(uartmcraddr); 680 uart_config.mcr.value = __cpu_to_le32(MCR); 681 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr); 682 uart_config.re_init.value = __cpu_to_le32(INIT); 683 uart_config.icr.address = __cpu_to_le32(uarticraddr); 684 uart_config.icr.value = __cpu_to_le32(ICR); 685 uart_config.fcr.address = __cpu_to_le32(uartfcraddr); 686 uart_config.fcr.value = __cpu_to_le32(FCR); 687 /* FW expects swapped CRC bytes */ 688 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config, 689 sizeof(uart_config) - 4)); 690 691 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config)); 692 serdev_device_wait_until_sent(nxpdev->serdev, 0); 693 nxpdev->fw_v3_offset_correction += req_len; 694 return true; 695 } 696 return false; 697 } 698 699 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len) 700 { 701 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 702 struct nxp_bootloader_cmd nxp_cmd7; 703 704 if (req_len != sizeof(nxp_cmd7)) 705 return false; 706 707 nxp_cmd7.header = __cpu_to_le32(7); 708 nxp_cmd7.arg = __cpu_to_le32(0x70); 709 nxp_cmd7.payload_len = 0; 710 /* FW expects swapped CRC bytes */ 711 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7, 712 sizeof(nxp_cmd7) - 4)); 713 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7)); 714 serdev_device_wait_until_sent(nxpdev->serdev, 0); 715 nxpdev->fw_v3_offset_correction += req_len; 716 return true; 717 } 718 719 static u32 nxp_get_data_len(const u8 *buf) 720 { 721 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf; 722 723 return __le32_to_cpu(hdr->payload_len); 724 } 725 726 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev) 727 { 728 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 729 } 730 731 static bool process_boot_signature(struct btnxpuart_dev *nxpdev) 732 { 733 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) { 734 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 735 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 736 return false; 737 } 738 return is_fw_downloading(nxpdev); 739 } 740 741 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name, 742 const char *fw_name_old) 743 { 744 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 745 const char *fw_name_dt; 746 int err = 0; 747 748 if (!fw_name) 749 return -ENOENT; 750 751 if (!strlen(nxpdev->fw_name)) { 752 if (strcmp(fw_name, FIRMWARE_HELPER) && 753 !device_property_read_string(&nxpdev->serdev->dev, 754 "firmware-name", 755 &fw_name_dt)) 756 fw_name = fw_name_dt; 757 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name); 758 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 759 if (err < 0 && fw_name_old) { 760 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old); 761 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 762 } 763 764 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name); 765 if (err < 0) { 766 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name); 767 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 768 } 769 } 770 return err; 771 } 772 773 /* for legacy chipsets with V1 bootloader */ 774 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb) 775 { 776 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 777 struct v1_start_ind *req; 778 __u16 chip_id; 779 780 req = skb_pull_data(skb, sizeof(*req)); 781 if (!req) 782 goto free_skb; 783 784 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp); 785 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) { 786 nxpdev->fw_dnld_v1_offset = 0; 787 nxpdev->fw_v1_sent_bytes = 0; 788 nxpdev->fw_v1_expected_len = HDR_LEN; 789 release_firmware(nxpdev->fw); 790 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 791 nxp_send_ack(NXP_ACK_V1, hdev); 792 } 793 794 free_skb: 795 kfree_skb(skb); 796 return 0; 797 } 798 799 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb) 800 { 801 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 802 struct btnxpuart_data *nxp_data = nxpdev->nxp_data; 803 struct v1_data_req *req; 804 __u16 len; 805 806 if (!process_boot_signature(nxpdev)) 807 goto free_skb; 808 809 req = skb_pull_data(skb, sizeof(*req)); 810 if (!req) 811 goto free_skb; 812 813 len = __le16_to_cpu(req->len ^ req->len_comp); 814 if (len != 0xffff) { 815 bt_dev_dbg(hdev, "ERR: Send NAK"); 816 nxp_send_ack(NXP_NAK_V1, hdev); 817 goto free_skb; 818 } 819 nxp_send_ack(NXP_ACK_V1, hdev); 820 821 len = __le16_to_cpu(req->len); 822 823 if (!nxp_data->helper_fw_name) { 824 if (!nxpdev->timeout_changed) { 825 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, 826 len); 827 goto free_skb; 828 } 829 if (!nxpdev->baudrate_changed) { 830 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, 831 len); 832 if (nxpdev->baudrate_changed) { 833 serdev_device_set_baudrate(nxpdev->serdev, 834 HCI_NXP_SEC_BAUDRATE); 835 serdev_device_set_flow_control(nxpdev->serdev, true); 836 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 837 } 838 goto free_skb; 839 } 840 } 841 842 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) { 843 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old)) 844 goto free_skb; 845 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 846 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL)) 847 goto free_skb; 848 } 849 850 if (!len) { 851 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 852 nxpdev->fw->size); 853 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 854 nxpdev->helper_downloaded = true; 855 serdev_device_wait_until_sent(nxpdev->serdev, 0); 856 serdev_device_set_baudrate(nxpdev->serdev, 857 HCI_NXP_SEC_BAUDRATE); 858 serdev_device_set_flow_control(nxpdev->serdev, true); 859 } else { 860 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 861 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 862 } 863 goto free_skb; 864 } 865 if (len & 0x01) { 866 /* The CRC did not match at the other end. 867 * Simply send the same bytes again. 868 */ 869 len = nxpdev->fw_v1_sent_bytes; 870 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len); 871 } else { 872 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes; 873 874 /* The FW bin file is made up of many blocks of 875 * 16 byte header and payload data chunks. If the 876 * FW has requested a header, read the payload length 877 * info from the header, before sending the header. 878 * In the next iteration, the FW should request the 879 * payload data chunk, which should be equal to the 880 * payload length read from header. If there is a 881 * mismatch, clearly the driver and FW are out of sync, 882 * and we need to re-send the previous header again. 883 */ 884 if (len == nxpdev->fw_v1_expected_len) { 885 if (len == HDR_LEN) 886 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data + 887 nxpdev->fw_dnld_v1_offset); 888 else 889 nxpdev->fw_v1_expected_len = HDR_LEN; 890 } else if (len == HDR_LEN) { 891 /* FW download out of sync. Send previous chunk again */ 892 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes; 893 nxpdev->fw_v1_expected_len = HDR_LEN; 894 } 895 } 896 897 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size) 898 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 899 nxpdev->fw_dnld_v1_offset, len); 900 nxpdev->fw_v1_sent_bytes = len; 901 902 free_skb: 903 kfree_skb(skb); 904 return 0; 905 } 906 907 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 908 u8 loader_ver) 909 { 910 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 911 char *fw_name = NULL; 912 913 switch (chipid) { 914 case CHIP_ID_W9098: 915 fw_name = FIRMWARE_W9098; 916 break; 917 case CHIP_ID_IW416: 918 fw_name = FIRMWARE_IW416; 919 break; 920 case CHIP_ID_IW612: 921 fw_name = FIRMWARE_IW612; 922 break; 923 case CHIP_ID_IW624a: 924 case CHIP_ID_IW624c: 925 nxpdev->boot_reg_offset = 1; 926 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 927 fw_name = FIRMWARE_IW624; 928 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 929 fw_name = FIRMWARE_SECURE_IW624; 930 else 931 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 932 break; 933 case CHIP_ID_AW693a0: 934 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 935 fw_name = FIRMWARE_AW693; 936 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 937 fw_name = FIRMWARE_SECURE_AW693; 938 else 939 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 940 break; 941 case CHIP_ID_AW693a1: 942 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 943 fw_name = FIRMWARE_AW693_A1; 944 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 945 fw_name = FIRMWARE_SECURE_AW693_A1; 946 else 947 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 948 break; 949 case CHIP_ID_IW615a0: 950 case CHIP_ID_IW615a1: 951 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 952 fw_name = FIRMWARE_IW615; 953 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 954 fw_name = FIRMWARE_SECURE_IW615; 955 else 956 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 957 break; 958 default: 959 bt_dev_err(hdev, "Unknown chip signature %04x", chipid); 960 break; 961 } 962 return fw_name; 963 } 964 965 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 966 u8 loader_ver) 967 { 968 char *fw_name_old = NULL; 969 970 switch (chipid) { 971 case CHIP_ID_W9098: 972 fw_name_old = FIRMWARE_W9098_OLD; 973 break; 974 } 975 return fw_name_old; 976 } 977 978 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb) 979 { 980 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req)); 981 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 982 const char *fw_name; 983 const char *fw_name_old; 984 u16 chip_id; 985 u8 loader_ver; 986 987 if (!process_boot_signature(nxpdev)) 988 goto free_skb; 989 990 chip_id = le16_to_cpu(req->chip_id); 991 loader_ver = req->loader_ver; 992 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver); 993 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver); 994 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver); 995 if (!nxp_request_firmware(hdev, fw_name, fw_name_old)) 996 nxp_send_ack(NXP_ACK_V3, hdev); 997 998 free_skb: 999 kfree_skb(skb); 1000 return 0; 1001 } 1002 1003 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req) 1004 { 1005 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1006 __u32 offset = __le32_to_cpu(req->offset); 1007 __u16 err = __le16_to_cpu(req->error); 1008 union nxp_v3_rx_timeout_nak_u nak_tx_buf; 1009 1010 switch (err) { 1011 case NXP_ACK_RX_TIMEOUT: 1012 case NXP_HDR_RX_TIMEOUT: 1013 case NXP_DATA_RX_TIMEOUT: 1014 nak_tx_buf.pkt.nak = NXP_NAK_V3; 1015 nak_tx_buf.pkt.offset = __cpu_to_le32(offset); 1016 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf, 1017 sizeof(nak_tx_buf) - 1, 0xff); 1018 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf, 1019 sizeof(nak_tx_buf)); 1020 break; 1021 default: 1022 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err); 1023 break; 1024 1025 } 1026 1027 } 1028 1029 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb) 1030 { 1031 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1032 struct v3_data_req *req; 1033 __u16 len; 1034 __u32 offset; 1035 1036 if (!process_boot_signature(nxpdev)) 1037 goto free_skb; 1038 1039 req = skb_pull_data(skb, sizeof(*req)); 1040 if (!req || !nxpdev->fw) 1041 goto free_skb; 1042 1043 if (!req->error) { 1044 nxp_send_ack(NXP_ACK_V3, hdev); 1045 } else { 1046 nxp_handle_fw_download_error(hdev, req); 1047 goto free_skb; 1048 } 1049 1050 len = __le16_to_cpu(req->len); 1051 1052 if (!nxpdev->timeout_changed) { 1053 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len); 1054 goto free_skb; 1055 } 1056 1057 if (!nxpdev->baudrate_changed) { 1058 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len); 1059 if (nxpdev->baudrate_changed) { 1060 serdev_device_set_baudrate(nxpdev->serdev, 1061 HCI_NXP_SEC_BAUDRATE); 1062 serdev_device_set_flow_control(nxpdev->serdev, true); 1063 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 1064 } 1065 goto free_skb; 1066 } 1067 1068 if (req->len == 0) { 1069 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 1070 nxpdev->fw->size); 1071 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1072 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1073 goto free_skb; 1074 } 1075 1076 offset = __le32_to_cpu(req->offset); 1077 if (offset < nxpdev->fw_v3_offset_correction) { 1078 /* This scenario should ideally never occur. But if it ever does, 1079 * FW is out of sync and needs a power cycle. 1080 */ 1081 bt_dev_err(hdev, "Something went wrong during FW download"); 1082 bt_dev_err(hdev, "Please power cycle and try again"); 1083 goto free_skb; 1084 } 1085 1086 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction; 1087 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1088 nxpdev->fw_dnld_v3_offset, len); 1089 1090 free_skb: 1091 kfree_skb(skb); 1092 return 0; 1093 } 1094 1095 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data) 1096 { 1097 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1098 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate); 1099 struct ps_data *psdata = &nxpdev->psdata; 1100 struct sk_buff *skb; 1101 u8 *status; 1102 1103 if (!psdata) 1104 return 0; 1105 1106 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate); 1107 if (IS_ERR(skb)) { 1108 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb)); 1109 return PTR_ERR(skb); 1110 } 1111 1112 status = (u8 *)skb_pull_data(skb, 1); 1113 if (status) { 1114 if (*status == 0) { 1115 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate); 1116 nxpdev->current_baudrate = nxpdev->new_baudrate; 1117 } 1118 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d", 1119 *status, nxpdev->new_baudrate); 1120 } 1121 kfree_skb(skb); 1122 1123 return 0; 1124 } 1125 1126 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev) 1127 { 1128 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 1129 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1130 serdev_device_set_flow_control(nxpdev->serdev, false); 1131 else 1132 serdev_device_set_flow_control(nxpdev->serdev, true); 1133 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 1134 1135 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q, 1136 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, 1137 &nxpdev->tx_state), 1138 msecs_to_jiffies(1000)); 1139 } 1140 1141 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data) 1142 { 1143 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR, 1144 0x01, BTNXPUART_IR_HW_ERR }; 1145 struct sk_buff *skb; 1146 1147 skb = bt_skb_alloc(3, GFP_ATOMIC); 1148 if (!skb) 1149 return -ENOMEM; 1150 1151 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1152 skb_put_data(skb, ir_hw_err, 3); 1153 1154 /* Inject Hardware Error to upper stack */ 1155 return hci_recv_frame(hdev, skb); 1156 } 1157 1158 /* NXP protocol */ 1159 static int nxp_setup(struct hci_dev *hdev) 1160 { 1161 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1162 int err = 0; 1163 1164 if (nxp_check_boot_sign(nxpdev)) { 1165 bt_dev_dbg(hdev, "Need FW Download."); 1166 err = nxp_download_firmware(hdev); 1167 if (err < 0) 1168 return err; 1169 } else { 1170 bt_dev_info(hdev, "FW already running."); 1171 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1172 } 1173 1174 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate); 1175 nxpdev->current_baudrate = nxpdev->fw_init_baudrate; 1176 1177 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) { 1178 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE; 1179 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1180 } 1181 1182 ps_init(hdev); 1183 1184 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1185 hci_dev_clear_flag(hdev, HCI_SETUP); 1186 1187 return 0; 1188 } 1189 1190 static void nxp_hw_err(struct hci_dev *hdev, u8 code) 1191 { 1192 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1193 1194 switch (code) { 1195 case BTNXPUART_IR_HW_ERR: 1196 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 1197 hci_dev_set_flag(hdev, HCI_SETUP); 1198 break; 1199 default: 1200 break; 1201 } 1202 } 1203 1204 static int nxp_shutdown(struct hci_dev *hdev) 1205 { 1206 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1207 struct sk_buff *skb; 1208 u8 *status; 1209 u8 pcmd = 0; 1210 1211 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) { 1212 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd); 1213 if (IS_ERR(skb)) 1214 return PTR_ERR(skb); 1215 1216 status = skb_pull_data(skb, 1); 1217 if (status) { 1218 serdev_device_set_flow_control(nxpdev->serdev, false); 1219 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1220 } 1221 kfree_skb(skb); 1222 } 1223 1224 return 0; 1225 } 1226 1227 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb) 1228 { 1229 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1230 1231 /* Prepend skb with frame type */ 1232 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1233 skb_queue_tail(&nxpdev->txq, skb); 1234 btnxpuart_tx_wakeup(nxpdev); 1235 return 0; 1236 } 1237 1238 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb) 1239 { 1240 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1241 struct ps_data *psdata = &nxpdev->psdata; 1242 struct hci_command_hdr *hdr; 1243 struct psmode_cmd_payload ps_parm; 1244 struct wakeup_cmd_payload wakeup_parm; 1245 __le32 baudrate_parm; 1246 1247 /* if vendor commands are received from user space (e.g. hcitool), update 1248 * driver flags accordingly and ask driver to re-send the command to FW. 1249 * In case the payload for any command does not match expected payload 1250 * length, let the firmware and user space program handle it, or throw 1251 * an error. 1252 */ 1253 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) { 1254 hdr = (struct hci_command_hdr *)skb->data; 1255 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE)) 1256 return btnxpuart_queue_skb(hdev, skb); 1257 1258 switch (__le16_to_cpu(hdr->opcode)) { 1259 case HCI_NXP_AUTO_SLEEP_MODE: 1260 if (hdr->plen == sizeof(ps_parm)) { 1261 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1262 if (ps_parm.ps_cmd == BT_PS_ENABLE) 1263 psdata->target_ps_mode = PS_MODE_ENABLE; 1264 else if (ps_parm.ps_cmd == BT_PS_DISABLE) 1265 psdata->target_ps_mode = PS_MODE_DISABLE; 1266 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval); 1267 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 1268 goto free_skb; 1269 } 1270 break; 1271 case HCI_NXP_WAKEUP_METHOD: 1272 if (hdr->plen == sizeof(wakeup_parm)) { 1273 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1274 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode; 1275 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio; 1276 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio; 1277 switch (wakeup_parm.h2c_wakeupmode) { 1278 case BT_CTRL_WAKEUP_METHOD_DSR: 1279 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 1280 break; 1281 case BT_CTRL_WAKEUP_METHOD_BREAK: 1282 default: 1283 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 1284 break; 1285 } 1286 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 1287 goto free_skb; 1288 } 1289 break; 1290 case HCI_NXP_SET_OPER_SPEED: 1291 if (hdr->plen == sizeof(baudrate_parm)) { 1292 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1293 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm); 1294 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1295 goto free_skb; 1296 } 1297 break; 1298 case HCI_NXP_IND_RESET: 1299 if (hdr->plen == 1) { 1300 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL); 1301 goto free_skb; 1302 } 1303 break; 1304 default: 1305 break; 1306 } 1307 } 1308 1309 return btnxpuart_queue_skb(hdev, skb); 1310 1311 free_skb: 1312 kfree_skb(skb); 1313 return 0; 1314 } 1315 1316 static struct sk_buff *nxp_dequeue(void *data) 1317 { 1318 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data; 1319 1320 ps_start_timer(nxpdev); 1321 return skb_dequeue(&nxpdev->txq); 1322 } 1323 1324 /* btnxpuart based on serdev */ 1325 static void btnxpuart_tx_work(struct work_struct *work) 1326 { 1327 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev, 1328 tx_work); 1329 struct serdev_device *serdev = nxpdev->serdev; 1330 struct hci_dev *hdev = nxpdev->hdev; 1331 struct sk_buff *skb; 1332 int len; 1333 1334 if (ps_wakeup(nxpdev)) 1335 return; 1336 1337 while ((skb = nxp_dequeue(nxpdev))) { 1338 len = serdev_device_write_buf(serdev, skb->data, skb->len); 1339 hdev->stat.byte_tx += len; 1340 1341 skb_pull(skb, len); 1342 if (skb->len > 0) { 1343 skb_queue_head(&nxpdev->txq, skb); 1344 break; 1345 } 1346 1347 switch (hci_skb_pkt_type(skb)) { 1348 case HCI_COMMAND_PKT: 1349 hdev->stat.cmd_tx++; 1350 break; 1351 case HCI_ACLDATA_PKT: 1352 hdev->stat.acl_tx++; 1353 break; 1354 case HCI_SCODATA_PKT: 1355 hdev->stat.sco_tx++; 1356 break; 1357 } 1358 1359 kfree_skb(skb); 1360 } 1361 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 1362 } 1363 1364 static int btnxpuart_open(struct hci_dev *hdev) 1365 { 1366 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1367 int err = 0; 1368 1369 err = serdev_device_open(nxpdev->serdev); 1370 if (err) { 1371 bt_dev_err(hdev, "Unable to open UART device %s", 1372 dev_name(&nxpdev->serdev->dev)); 1373 } else { 1374 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1375 } 1376 return err; 1377 } 1378 1379 static int btnxpuart_close(struct hci_dev *hdev) 1380 { 1381 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1382 1383 serdev_device_close(nxpdev->serdev); 1384 skb_queue_purge(&nxpdev->txq); 1385 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1386 kfree_skb(nxpdev->rx_skb); 1387 nxpdev->rx_skb = NULL; 1388 } 1389 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1390 return 0; 1391 } 1392 1393 static int btnxpuart_flush(struct hci_dev *hdev) 1394 { 1395 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1396 1397 /* Flush any pending characters */ 1398 serdev_device_write_flush(nxpdev->serdev); 1399 skb_queue_purge(&nxpdev->txq); 1400 1401 cancel_work_sync(&nxpdev->tx_work); 1402 1403 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1404 kfree_skb(nxpdev->rx_skb); 1405 nxpdev->rx_skb = NULL; 1406 } 1407 1408 return 0; 1409 } 1410 1411 static const struct h4_recv_pkt nxp_recv_pkts[] = { 1412 { H4_RECV_ACL, .recv = hci_recv_frame }, 1413 { H4_RECV_SCO, .recv = hci_recv_frame }, 1414 { H4_RECV_EVENT, .recv = hci_recv_frame }, 1415 { H4_RECV_ISO, .recv = hci_recv_frame }, 1416 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 }, 1417 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 }, 1418 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 }, 1419 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 }, 1420 }; 1421 1422 static size_t btnxpuart_receive_buf(struct serdev_device *serdev, 1423 const u8 *data, size_t count) 1424 { 1425 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1426 1427 ps_start_timer(nxpdev); 1428 1429 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count, 1430 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts)); 1431 if (IS_ERR(nxpdev->rx_skb)) { 1432 int err = PTR_ERR(nxpdev->rx_skb); 1433 /* Safe to ignore out-of-sync bootloader signatures */ 1434 if (!is_fw_downloading(nxpdev)) 1435 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1436 return count; 1437 } 1438 if (!is_fw_downloading(nxpdev)) 1439 nxpdev->hdev->stat.byte_rx += count; 1440 return count; 1441 } 1442 1443 static void btnxpuart_write_wakeup(struct serdev_device *serdev) 1444 { 1445 serdev_device_write_wakeup(serdev); 1446 } 1447 1448 static const struct serdev_device_ops btnxpuart_client_ops = { 1449 .receive_buf = btnxpuart_receive_buf, 1450 .write_wakeup = btnxpuart_write_wakeup, 1451 }; 1452 1453 static int nxp_serdev_probe(struct serdev_device *serdev) 1454 { 1455 struct hci_dev *hdev; 1456 struct btnxpuart_dev *nxpdev; 1457 1458 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL); 1459 if (!nxpdev) 1460 return -ENOMEM; 1461 1462 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev); 1463 1464 nxpdev->serdev = serdev; 1465 serdev_device_set_drvdata(serdev, nxpdev); 1466 1467 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops); 1468 1469 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work); 1470 skb_queue_head_init(&nxpdev->txq); 1471 1472 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q); 1473 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q); 1474 1475 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate", 1476 &nxpdev->fw_init_baudrate); 1477 if (!nxpdev->fw_init_baudrate) 1478 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE; 1479 1480 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1481 1482 crc8_populate_msb(crc8_table, POLYNOMIAL8); 1483 1484 /* Initialize and register HCI device */ 1485 hdev = hci_alloc_dev(); 1486 if (!hdev) { 1487 dev_err(&serdev->dev, "Can't allocate HCI device\n"); 1488 return -ENOMEM; 1489 } 1490 1491 nxpdev->hdev = hdev; 1492 1493 hdev->bus = HCI_UART; 1494 hci_set_drvdata(hdev, nxpdev); 1495 1496 hdev->manufacturer = MANUFACTURER_NXP; 1497 hdev->open = btnxpuart_open; 1498 hdev->close = btnxpuart_close; 1499 hdev->flush = btnxpuart_flush; 1500 hdev->setup = nxp_setup; 1501 hdev->send = nxp_enqueue; 1502 hdev->hw_error = nxp_hw_err; 1503 hdev->shutdown = nxp_shutdown; 1504 SET_HCIDEV_DEV(hdev, &serdev->dev); 1505 1506 if (hci_register_dev(hdev) < 0) { 1507 dev_err(&serdev->dev, "Can't register HCI device\n"); 1508 hci_free_dev(hdev); 1509 return -ENODEV; 1510 } 1511 1512 ps_setup(hdev); 1513 1514 return 0; 1515 } 1516 1517 static void nxp_serdev_remove(struct serdev_device *serdev) 1518 { 1519 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1520 struct hci_dev *hdev = nxpdev->hdev; 1521 1522 if (is_fw_downloading(nxpdev)) { 1523 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state); 1524 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1525 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 1526 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1527 } else { 1528 /* Restore FW baudrate to fw_init_baudrate if changed. 1529 * This will ensure FW baudrate is in sync with 1530 * driver baudrate in case this driver is re-inserted. 1531 */ 1532 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) { 1533 nxpdev->new_baudrate = nxpdev->fw_init_baudrate; 1534 nxp_set_baudrate_cmd(hdev, NULL); 1535 } 1536 } 1537 ps_cleanup(nxpdev); 1538 hci_unregister_dev(hdev); 1539 hci_free_dev(hdev); 1540 } 1541 1542 #ifdef CONFIG_PM_SLEEP 1543 static int nxp_serdev_suspend(struct device *dev) 1544 { 1545 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1546 struct ps_data *psdata = &nxpdev->psdata; 1547 1548 ps_control(psdata->hdev, PS_STATE_SLEEP); 1549 return 0; 1550 } 1551 1552 static int nxp_serdev_resume(struct device *dev) 1553 { 1554 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1555 struct ps_data *psdata = &nxpdev->psdata; 1556 1557 ps_control(psdata->hdev, PS_STATE_AWAKE); 1558 return 0; 1559 } 1560 #endif 1561 1562 static struct btnxpuart_data w8987_data __maybe_unused = { 1563 .helper_fw_name = NULL, 1564 .fw_name = FIRMWARE_W8987, 1565 .fw_name_old = FIRMWARE_W8987_OLD, 1566 }; 1567 1568 static struct btnxpuart_data w8997_data __maybe_unused = { 1569 .helper_fw_name = FIRMWARE_HELPER, 1570 .fw_name = FIRMWARE_W8997, 1571 .fw_name_old = FIRMWARE_W8997_OLD, 1572 }; 1573 1574 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = { 1575 { .compatible = "nxp,88w8987-bt", .data = &w8987_data }, 1576 { .compatible = "nxp,88w8997-bt", .data = &w8997_data }, 1577 { } 1578 }; 1579 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table); 1580 1581 static const struct dev_pm_ops nxp_pm_ops = { 1582 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume) 1583 }; 1584 1585 static struct serdev_device_driver nxp_serdev_driver = { 1586 .probe = nxp_serdev_probe, 1587 .remove = nxp_serdev_remove, 1588 .driver = { 1589 .name = "btnxpuart", 1590 .of_match_table = of_match_ptr(nxpuart_of_match_table), 1591 .pm = &nxp_pm_ops, 1592 }, 1593 }; 1594 1595 module_serdev_device_driver(nxp_serdev_driver); 1596 1597 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>"); 1598 MODULE_DESCRIPTION("NXP Bluetooth Serial driver"); 1599 MODULE_LICENSE("GPL"); 1600