xref: /linux/drivers/bluetooth/btnxpuart.c (revision 5c2e7736e20d9b348a44cafbfa639fe2653fbc34)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  NXP Bluetooth driver
4  *  Copyright 2023 NXP
5  */
6 
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9 
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <linux/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19 
20 #include <net/bluetooth/bluetooth.h>
21 #include <net/bluetooth/hci_core.h>
22 
23 #include "h4_recv.h"
24 
25 #define MANUFACTURER_NXP		37
26 
27 #define BTNXPUART_TX_STATE_ACTIVE	1
28 #define BTNXPUART_FW_DOWNLOADING	2
29 #define BTNXPUART_CHECK_BOOT_SIGNATURE	3
30 #define BTNXPUART_SERDEV_OPEN		4
31 #define BTNXPUART_IR_IN_PROGRESS	5
32 #define BTNXPUART_FW_DOWNLOAD_ABORT	6
33 
34 /* NXP HW err codes */
35 #define BTNXPUART_IR_HW_ERR		0xb0
36 
37 #define FIRMWARE_W8987		"uart8987_bt_v0.bin"
38 #define FIRMWARE_W8987_OLD	"uartuart8987_bt.bin"
39 #define FIRMWARE_W8997		"uart8997_bt_v4.bin"
40 #define FIRMWARE_W8997_OLD	"uartuart8997_bt_v4.bin"
41 #define FIRMWARE_W9098		"uart9098_bt_v1.bin"
42 #define FIRMWARE_W9098_OLD	"uartuart9098_bt_v1.bin"
43 #define FIRMWARE_IW416		"uartiw416_bt_v0.bin"
44 #define FIRMWARE_IW612		"uartspi_n61x_v1.bin.se"
45 #define FIRMWARE_IW615		"uartspi_iw610_v0.bin"
46 #define FIRMWARE_SECURE_IW615	"uartspi_iw610_v0.bin.se"
47 #define FIRMWARE_IW624		"uartiw624_bt.bin"
48 #define FIRMWARE_SECURE_IW624	"uartiw624_bt.bin.se"
49 #define FIRMWARE_AW693		"uartaw693_bt.bin"
50 #define FIRMWARE_SECURE_AW693	"uartaw693_bt.bin.se"
51 #define FIRMWARE_AW693_A1		"uartaw693_bt_v1.bin"
52 #define FIRMWARE_SECURE_AW693_A1	"uartaw693_bt_v1.bin.se"
53 #define FIRMWARE_HELPER		"helper_uart_3000000.bin"
54 
55 #define CHIP_ID_W9098		0x5c03
56 #define CHIP_ID_IW416		0x7201
57 #define CHIP_ID_IW612		0x7601
58 #define CHIP_ID_IW624a		0x8000
59 #define CHIP_ID_IW624c		0x8001
60 #define CHIP_ID_AW693a0		0x8200
61 #define CHIP_ID_AW693a1		0x8201
62 #define CHIP_ID_IW615a0		0x8800
63 #define CHIP_ID_IW615a1		0x8801
64 
65 #define FW_SECURE_MASK		0xc0
66 #define FW_OPEN			0x00
67 #define FW_AUTH_ILLEGAL		0x40
68 #define FW_AUTH_PLAIN		0x80
69 #define FW_AUTH_ENC		0xc0
70 
71 #define HCI_NXP_PRI_BAUDRATE	115200
72 #define HCI_NXP_SEC_BAUDRATE	3000000
73 
74 #define MAX_FW_FILE_NAME_LEN    50
75 
76 /* Default ps timeout period in milliseconds */
77 #define PS_DEFAULT_TIMEOUT_PERIOD_MS     2000
78 
79 /* wakeup methods */
80 #define WAKEUP_METHOD_DTR       0
81 #define WAKEUP_METHOD_BREAK     1
82 #define WAKEUP_METHOD_EXT_BREAK 2
83 #define WAKEUP_METHOD_RTS       3
84 #define WAKEUP_METHOD_INVALID   0xff
85 
86 /* power save mode status */
87 #define PS_MODE_DISABLE         0
88 #define PS_MODE_ENABLE          1
89 
90 /* Power Save Commands to ps_work_func  */
91 #define PS_CMD_EXIT_PS          1
92 #define PS_CMD_ENTER_PS         2
93 
94 /* power save state */
95 #define PS_STATE_AWAKE          0
96 #define PS_STATE_SLEEP          1
97 
98 /* Bluetooth vendor command : Sleep mode */
99 #define HCI_NXP_AUTO_SLEEP_MODE	0xfc23
100 /* Bluetooth vendor command : Wakeup method */
101 #define HCI_NXP_WAKEUP_METHOD	0xfc53
102 /* Bluetooth vendor command : Set operational baudrate */
103 #define HCI_NXP_SET_OPER_SPEED	0xfc09
104 /* Bluetooth vendor command: Independent Reset */
105 #define HCI_NXP_IND_RESET	0xfcfc
106 
107 /* Bluetooth Power State : Vendor cmd params */
108 #define BT_PS_ENABLE			0x02
109 #define BT_PS_DISABLE			0x03
110 
111 /* Bluetooth Host Wakeup Methods */
112 #define BT_HOST_WAKEUP_METHOD_NONE      0x00
113 #define BT_HOST_WAKEUP_METHOD_DTR       0x01
114 #define BT_HOST_WAKEUP_METHOD_BREAK     0x02
115 #define BT_HOST_WAKEUP_METHOD_GPIO      0x03
116 
117 /* Bluetooth Chip Wakeup Methods */
118 #define BT_CTRL_WAKEUP_METHOD_DSR       0x00
119 #define BT_CTRL_WAKEUP_METHOD_BREAK     0x01
120 #define BT_CTRL_WAKEUP_METHOD_GPIO      0x02
121 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
122 #define BT_CTRL_WAKEUP_METHOD_RTS       0x05
123 
124 struct ps_data {
125 	u8    target_ps_mode;	/* ps mode to be set */
126 	u8    cur_psmode;	/* current ps_mode */
127 	u8    ps_state;		/* controller's power save state */
128 	u8    ps_cmd;
129 	u8    h2c_wakeupmode;
130 	u8    cur_h2c_wakeupmode;
131 	u8    c2h_wakeupmode;
132 	u8    c2h_wakeup_gpio;
133 	u8    h2c_wakeup_gpio;
134 	bool  driver_sent_cmd;
135 	u16   h2c_ps_interval;
136 	u16   c2h_ps_interval;
137 	struct hci_dev *hdev;
138 	struct work_struct work;
139 	struct timer_list ps_timer;
140 	struct mutex ps_lock;
141 };
142 
143 struct wakeup_cmd_payload {
144 	u8 c2h_wakeupmode;
145 	u8 c2h_wakeup_gpio;
146 	u8 h2c_wakeupmode;
147 	u8 h2c_wakeup_gpio;
148 } __packed;
149 
150 struct psmode_cmd_payload {
151 	u8 ps_cmd;
152 	__le16 c2h_ps_interval;
153 } __packed;
154 
155 struct btnxpuart_data {
156 	const char *helper_fw_name;
157 	const char *fw_name;
158 	const char *fw_name_old;
159 };
160 
161 struct btnxpuart_dev {
162 	struct hci_dev *hdev;
163 	struct serdev_device *serdev;
164 
165 	struct work_struct tx_work;
166 	unsigned long tx_state;
167 	struct sk_buff_head txq;
168 	struct sk_buff *rx_skb;
169 
170 	const struct firmware *fw;
171 	u8 fw_name[MAX_FW_FILE_NAME_LEN];
172 	u32 fw_dnld_v1_offset;
173 	u32 fw_v1_sent_bytes;
174 	u32 fw_dnld_v3_offset;
175 	u32 fw_v3_offset_correction;
176 	u32 fw_v1_expected_len;
177 	u32 boot_reg_offset;
178 	wait_queue_head_t fw_dnld_done_wait_q;
179 	wait_queue_head_t check_boot_sign_wait_q;
180 
181 	u32 new_baudrate;
182 	u32 current_baudrate;
183 	u32 fw_init_baudrate;
184 	bool timeout_changed;
185 	bool baudrate_changed;
186 	bool helper_downloaded;
187 
188 	struct ps_data psdata;
189 	struct btnxpuart_data *nxp_data;
190 };
191 
192 #define NXP_V1_FW_REQ_PKT	0xa5
193 #define NXP_V1_CHIP_VER_PKT	0xaa
194 #define NXP_V3_FW_REQ_PKT	0xa7
195 #define NXP_V3_CHIP_VER_PKT	0xab
196 
197 #define NXP_ACK_V1		0x5a
198 #define NXP_NAK_V1		0xbf
199 #define NXP_ACK_V3		0x7a
200 #define NXP_NAK_V3		0x7b
201 #define NXP_CRC_ERROR_V3	0x7c
202 
203 /* Bootloader signature error codes */
204 #define NXP_ACK_RX_TIMEOUT	0x0002	/* ACK not received from host */
205 #define NXP_HDR_RX_TIMEOUT	0x0003	/* FW Header chunk not received */
206 #define NXP_DATA_RX_TIMEOUT	0x0004	/* FW Data chunk not received */
207 
208 #define HDR_LEN			16
209 
210 #define NXP_RECV_CHIP_VER_V1 \
211 	.type = NXP_V1_CHIP_VER_PKT, \
212 	.hlen = 4, \
213 	.loff = 0, \
214 	.lsize = 0, \
215 	.maxlen = 4
216 
217 #define NXP_RECV_FW_REQ_V1 \
218 	.type = NXP_V1_FW_REQ_PKT, \
219 	.hlen = 4, \
220 	.loff = 0, \
221 	.lsize = 0, \
222 	.maxlen = 4
223 
224 #define NXP_RECV_CHIP_VER_V3 \
225 	.type = NXP_V3_CHIP_VER_PKT, \
226 	.hlen = 4, \
227 	.loff = 0, \
228 	.lsize = 0, \
229 	.maxlen = 4
230 
231 #define NXP_RECV_FW_REQ_V3 \
232 	.type = NXP_V3_FW_REQ_PKT, \
233 	.hlen = 9, \
234 	.loff = 0, \
235 	.lsize = 0, \
236 	.maxlen = 9
237 
238 struct v1_data_req {
239 	__le16 len;
240 	__le16 len_comp;
241 } __packed;
242 
243 struct v1_start_ind {
244 	__le16 chip_id;
245 	__le16 chip_id_comp;
246 } __packed;
247 
248 struct v3_data_req {
249 	__le16 len;
250 	__le32 offset;
251 	__le16 error;
252 	u8 crc;
253 } __packed;
254 
255 struct v3_start_ind {
256 	__le16 chip_id;
257 	u8 loader_ver;
258 	u8 crc;
259 } __packed;
260 
261 /* UART register addresses of BT chip */
262 #define CLKDIVADDR	0x7f00008f
263 #define UARTDIVADDR	0x7f000090
264 #define UARTMCRADDR	0x7f000091
265 #define UARTREINITADDR	0x7f000092
266 #define UARTICRADDR	0x7f000093
267 #define UARTFCRADDR	0x7f000094
268 
269 #define MCR		0x00000022
270 #define INIT		0x00000001
271 #define ICR		0x000000c7
272 #define FCR		0x000000c7
273 
274 #define POLYNOMIAL8	0x07
275 
276 struct uart_reg {
277 	__le32 address;
278 	__le32 value;
279 } __packed;
280 
281 struct uart_config {
282 	struct uart_reg clkdiv;
283 	struct uart_reg uartdiv;
284 	struct uart_reg mcr;
285 	struct uart_reg re_init;
286 	struct uart_reg icr;
287 	struct uart_reg fcr;
288 	__be32 crc;
289 } __packed;
290 
291 struct nxp_bootloader_cmd {
292 	__le32 header;
293 	__le32 arg;
294 	__le32 payload_len;
295 	__be32 crc;
296 } __packed;
297 
298 struct nxp_v3_rx_timeout_nak {
299 	u8 nak;
300 	__le32 offset;
301 	u8 crc;
302 } __packed;
303 
304 union nxp_v3_rx_timeout_nak_u {
305 	struct nxp_v3_rx_timeout_nak pkt;
306 	u8 buf[6];
307 };
308 
309 static u8 crc8_table[CRC8_TABLE_SIZE];
310 
311 /* Default configurations */
312 #define DEFAULT_H2C_WAKEUP_MODE	WAKEUP_METHOD_BREAK
313 #define DEFAULT_PS_MODE		PS_MODE_ENABLE
314 #define FW_INIT_BAUDRATE	HCI_NXP_PRI_BAUDRATE
315 
316 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
317 					u32 plen,
318 					void *param)
319 {
320 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
321 	struct ps_data *psdata = &nxpdev->psdata;
322 	struct sk_buff *skb;
323 
324 	/* set flag to prevent nxp_enqueue from parsing values from this command and
325 	 * calling hci_cmd_sync_queue() again.
326 	 */
327 	psdata->driver_sent_cmd = true;
328 	skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
329 	psdata->driver_sent_cmd = false;
330 
331 	return skb;
332 }
333 
334 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
335 {
336 	if (schedule_work(&nxpdev->tx_work))
337 		set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
338 }
339 
340 /* NXP Power Save Feature */
341 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
342 {
343 	struct ps_data *psdata = &nxpdev->psdata;
344 
345 	if (!psdata)
346 		return;
347 
348 	if (psdata->cur_psmode == PS_MODE_ENABLE)
349 		mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
350 
351 	if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
352 		cancel_work_sync(&psdata->work);
353 }
354 
355 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
356 {
357 	struct ps_data *psdata = &nxpdev->psdata;
358 
359 	flush_work(&psdata->work);
360 	timer_shutdown_sync(&psdata->ps_timer);
361 }
362 
363 static void ps_control(struct hci_dev *hdev, u8 ps_state)
364 {
365 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
366 	struct ps_data *psdata = &nxpdev->psdata;
367 	int status;
368 
369 	if (psdata->ps_state == ps_state ||
370 	    !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
371 		return;
372 
373 	mutex_lock(&psdata->ps_lock);
374 	switch (psdata->cur_h2c_wakeupmode) {
375 	case WAKEUP_METHOD_DTR:
376 		if (ps_state == PS_STATE_AWAKE)
377 			status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
378 		else
379 			status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
380 		break;
381 	case WAKEUP_METHOD_BREAK:
382 	default:
383 		if (ps_state == PS_STATE_AWAKE)
384 			status = serdev_device_break_ctl(nxpdev->serdev, 0);
385 		else
386 			status = serdev_device_break_ctl(nxpdev->serdev, -1);
387 		msleep(20); /* Allow chip to detect UART-break and enter sleep */
388 		bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
389 			   str_on_off(ps_state == PS_STATE_SLEEP), status);
390 		break;
391 	}
392 	if (!status)
393 		psdata->ps_state = ps_state;
394 	mutex_unlock(&psdata->ps_lock);
395 
396 	if (ps_state == PS_STATE_AWAKE)
397 		btnxpuart_tx_wakeup(nxpdev);
398 }
399 
400 static void ps_work_func(struct work_struct *work)
401 {
402 	struct ps_data *data = container_of(work, struct ps_data, work);
403 
404 	if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
405 		ps_control(data->hdev, PS_STATE_SLEEP);
406 	else if (data->ps_cmd == PS_CMD_EXIT_PS)
407 		ps_control(data->hdev, PS_STATE_AWAKE);
408 }
409 
410 static void ps_timeout_func(struct timer_list *t)
411 {
412 	struct ps_data *data = from_timer(data, t, ps_timer);
413 	struct hci_dev *hdev = data->hdev;
414 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
415 
416 	if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
417 		ps_start_timer(nxpdev);
418 	} else {
419 		data->ps_cmd = PS_CMD_ENTER_PS;
420 		schedule_work(&data->work);
421 	}
422 }
423 
424 static void ps_setup(struct hci_dev *hdev)
425 {
426 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
427 	struct ps_data *psdata = &nxpdev->psdata;
428 
429 	psdata->hdev = hdev;
430 	INIT_WORK(&psdata->work, ps_work_func);
431 	mutex_init(&psdata->ps_lock);
432 	timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
433 }
434 
435 static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
436 {
437 	struct ps_data *psdata = &nxpdev->psdata;
438 	u8 ps_state;
439 
440 	mutex_lock(&psdata->ps_lock);
441 	ps_state = psdata->ps_state;
442 	mutex_unlock(&psdata->ps_lock);
443 
444 	if (ps_state != PS_STATE_AWAKE) {
445 		psdata->ps_cmd = PS_CMD_EXIT_PS;
446 		schedule_work(&psdata->work);
447 		return true;
448 	}
449 	return false;
450 }
451 
452 static void ps_cleanup(struct btnxpuart_dev *nxpdev)
453 {
454 	struct ps_data *psdata = &nxpdev->psdata;
455 	u8 ps_state;
456 
457 	mutex_lock(&psdata->ps_lock);
458 	ps_state = psdata->ps_state;
459 	mutex_unlock(&psdata->ps_lock);
460 
461 	if (ps_state != PS_STATE_AWAKE)
462 		ps_control(psdata->hdev, PS_STATE_AWAKE);
463 
464 	ps_cancel_timer(nxpdev);
465 	cancel_work_sync(&psdata->work);
466 	mutex_destroy(&psdata->ps_lock);
467 }
468 
469 static int send_ps_cmd(struct hci_dev *hdev, void *data)
470 {
471 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
472 	struct ps_data *psdata = &nxpdev->psdata;
473 	struct psmode_cmd_payload pcmd;
474 	struct sk_buff *skb;
475 	u8 *status;
476 
477 	if (psdata->target_ps_mode == PS_MODE_ENABLE)
478 		pcmd.ps_cmd = BT_PS_ENABLE;
479 	else
480 		pcmd.ps_cmd = BT_PS_DISABLE;
481 	pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
482 
483 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
484 	if (IS_ERR(skb)) {
485 		bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
486 		return PTR_ERR(skb);
487 	}
488 
489 	status = skb_pull_data(skb, 1);
490 	if (status) {
491 		if (!*status)
492 			psdata->cur_psmode = psdata->target_ps_mode;
493 		else
494 			psdata->target_ps_mode = psdata->cur_psmode;
495 		if (psdata->cur_psmode == PS_MODE_ENABLE)
496 			ps_start_timer(nxpdev);
497 		else
498 			ps_wakeup(nxpdev);
499 		bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
500 			   *status, psdata->cur_psmode);
501 	}
502 	kfree_skb(skb);
503 
504 	return 0;
505 }
506 
507 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
508 {
509 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
510 	struct ps_data *psdata = &nxpdev->psdata;
511 	struct wakeup_cmd_payload pcmd;
512 	struct sk_buff *skb;
513 	u8 *status;
514 
515 	pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
516 	pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
517 	switch (psdata->h2c_wakeupmode) {
518 	case WAKEUP_METHOD_DTR:
519 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
520 		break;
521 	case WAKEUP_METHOD_BREAK:
522 	default:
523 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
524 		break;
525 	}
526 	pcmd.h2c_wakeup_gpio = 0xff;
527 
528 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
529 	if (IS_ERR(skb)) {
530 		bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
531 		return PTR_ERR(skb);
532 	}
533 
534 	status = skb_pull_data(skb, 1);
535 	if (status) {
536 		if (*status == 0)
537 			psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
538 		else
539 			psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
540 		bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
541 			   *status, psdata->cur_h2c_wakeupmode);
542 	}
543 	kfree_skb(skb);
544 
545 	return 0;
546 }
547 
548 static void ps_init(struct hci_dev *hdev)
549 {
550 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
551 	struct ps_data *psdata = &nxpdev->psdata;
552 
553 	serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
554 	usleep_range(5000, 10000);
555 	serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
556 	usleep_range(5000, 10000);
557 
558 	psdata->ps_state = PS_STATE_AWAKE;
559 	psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
560 	psdata->c2h_wakeup_gpio = 0xff;
561 
562 	psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
563 	psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
564 	switch (DEFAULT_H2C_WAKEUP_MODE) {
565 	case WAKEUP_METHOD_DTR:
566 		psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
567 		serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
568 		serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
569 		break;
570 	case WAKEUP_METHOD_BREAK:
571 	default:
572 		psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
573 		serdev_device_break_ctl(nxpdev->serdev, -1);
574 		usleep_range(5000, 10000);
575 		serdev_device_break_ctl(nxpdev->serdev, 0);
576 		usleep_range(5000, 10000);
577 		break;
578 	}
579 
580 	psdata->cur_psmode = PS_MODE_DISABLE;
581 	psdata->target_ps_mode = DEFAULT_PS_MODE;
582 
583 	if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
584 		hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
585 	if (psdata->cur_psmode != psdata->target_ps_mode)
586 		hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
587 }
588 
589 /* NXP Firmware Download Feature */
590 static int nxp_download_firmware(struct hci_dev *hdev)
591 {
592 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
593 	int err = 0;
594 
595 	nxpdev->fw_dnld_v1_offset = 0;
596 	nxpdev->fw_v1_sent_bytes = 0;
597 	nxpdev->fw_v1_expected_len = HDR_LEN;
598 	nxpdev->boot_reg_offset = 0;
599 	nxpdev->fw_dnld_v3_offset = 0;
600 	nxpdev->fw_v3_offset_correction = 0;
601 	nxpdev->baudrate_changed = false;
602 	nxpdev->timeout_changed = false;
603 	nxpdev->helper_downloaded = false;
604 
605 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
606 	serdev_device_set_flow_control(nxpdev->serdev, false);
607 	nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
608 
609 	/* Wait till FW is downloaded */
610 	err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
611 					       !test_bit(BTNXPUART_FW_DOWNLOADING,
612 							 &nxpdev->tx_state),
613 					       msecs_to_jiffies(60000));
614 
615 	release_firmware(nxpdev->fw);
616 	memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
617 
618 	if (err == 0) {
619 		bt_dev_err(hdev, "FW Download Timeout. offset: %d",
620 				nxpdev->fw_dnld_v1_offset ?
621 				nxpdev->fw_dnld_v1_offset :
622 				nxpdev->fw_dnld_v3_offset);
623 		return -ETIMEDOUT;
624 	}
625 	if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
626 		bt_dev_err(hdev, "FW Download Aborted");
627 		return -EINTR;
628 	}
629 
630 	serdev_device_set_flow_control(nxpdev->serdev, true);
631 
632 	/* Allow the downloaded FW to initialize */
633 	msleep(1200);
634 
635 	return 0;
636 }
637 
638 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
639 {
640 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
641 	u8 ack_nak[2];
642 	int len = 1;
643 
644 	ack_nak[0] = ack;
645 	if (ack == NXP_ACK_V3) {
646 		ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
647 		len = 2;
648 	}
649 	serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
650 }
651 
652 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
653 {
654 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
655 	struct nxp_bootloader_cmd nxp_cmd5;
656 	struct uart_config uart_config;
657 	u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
658 	u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
659 	u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
660 	u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
661 	u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
662 	u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
663 
664 	if (req_len == sizeof(nxp_cmd5)) {
665 		nxp_cmd5.header = __cpu_to_le32(5);
666 		nxp_cmd5.arg = 0;
667 		nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
668 		/* FW expects swapped CRC bytes */
669 		nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
670 						      sizeof(nxp_cmd5) - 4));
671 
672 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
673 		nxpdev->fw_v3_offset_correction += req_len;
674 	} else if (req_len == sizeof(uart_config)) {
675 		uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
676 		uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
677 		uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
678 		uart_config.uartdiv.value = __cpu_to_le32(1);
679 		uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
680 		uart_config.mcr.value = __cpu_to_le32(MCR);
681 		uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
682 		uart_config.re_init.value = __cpu_to_le32(INIT);
683 		uart_config.icr.address = __cpu_to_le32(uarticraddr);
684 		uart_config.icr.value = __cpu_to_le32(ICR);
685 		uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
686 		uart_config.fcr.value = __cpu_to_le32(FCR);
687 		/* FW expects swapped CRC bytes */
688 		uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
689 							 sizeof(uart_config) - 4));
690 
691 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
692 		serdev_device_wait_until_sent(nxpdev->serdev, 0);
693 		nxpdev->fw_v3_offset_correction += req_len;
694 		return true;
695 	}
696 	return false;
697 }
698 
699 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
700 {
701 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
702 	struct nxp_bootloader_cmd nxp_cmd7;
703 
704 	if (req_len != sizeof(nxp_cmd7))
705 		return false;
706 
707 	nxp_cmd7.header = __cpu_to_le32(7);
708 	nxp_cmd7.arg = __cpu_to_le32(0x70);
709 	nxp_cmd7.payload_len = 0;
710 	/* FW expects swapped CRC bytes */
711 	nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
712 					      sizeof(nxp_cmd7) - 4));
713 	serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
714 	serdev_device_wait_until_sent(nxpdev->serdev, 0);
715 	nxpdev->fw_v3_offset_correction += req_len;
716 	return true;
717 }
718 
719 static u32 nxp_get_data_len(const u8 *buf)
720 {
721 	struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
722 
723 	return __le32_to_cpu(hdr->payload_len);
724 }
725 
726 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
727 {
728 	return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
729 }
730 
731 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
732 {
733 	if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
734 		clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
735 		wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
736 		return false;
737 	}
738 	return is_fw_downloading(nxpdev);
739 }
740 
741 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name,
742 				const char *fw_name_old)
743 {
744 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
745 	const char *fw_name_dt;
746 	int err = 0;
747 
748 	if (!fw_name)
749 		return -ENOENT;
750 
751 	if (!strlen(nxpdev->fw_name)) {
752 		if (strcmp(fw_name, FIRMWARE_HELPER) &&
753 		    !device_property_read_string(&nxpdev->serdev->dev,
754 						 "firmware-name",
755 						 &fw_name_dt))
756 			fw_name = fw_name_dt;
757 		snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name);
758 		err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
759 		if (err < 0 && fw_name_old) {
760 			snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old);
761 			err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
762 		}
763 
764 		bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name);
765 		if (err < 0) {
766 			bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
767 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
768 		}
769 	}
770 	return err;
771 }
772 
773 /* for legacy chipsets with V1 bootloader */
774 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
775 {
776 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
777 	struct v1_start_ind *req;
778 	__u16 chip_id;
779 
780 	req = skb_pull_data(skb, sizeof(*req));
781 	if (!req)
782 		goto free_skb;
783 
784 	chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
785 	if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
786 		nxpdev->fw_dnld_v1_offset = 0;
787 		nxpdev->fw_v1_sent_bytes = 0;
788 		nxpdev->fw_v1_expected_len = HDR_LEN;
789 		release_firmware(nxpdev->fw);
790 		memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
791 		nxp_send_ack(NXP_ACK_V1, hdev);
792 	}
793 
794 free_skb:
795 	kfree_skb(skb);
796 	return 0;
797 }
798 
799 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
800 {
801 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
802 	struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
803 	struct v1_data_req *req;
804 	__u16 len;
805 
806 	if (!process_boot_signature(nxpdev))
807 		goto free_skb;
808 
809 	req = skb_pull_data(skb, sizeof(*req));
810 	if (!req)
811 		goto free_skb;
812 
813 	len = __le16_to_cpu(req->len ^ req->len_comp);
814 	if (len != 0xffff) {
815 		bt_dev_dbg(hdev, "ERR: Send NAK");
816 		nxp_send_ack(NXP_NAK_V1, hdev);
817 		goto free_skb;
818 	}
819 	nxp_send_ack(NXP_ACK_V1, hdev);
820 
821 	len = __le16_to_cpu(req->len);
822 
823 	if (!nxp_data->helper_fw_name) {
824 		if (!nxpdev->timeout_changed) {
825 			nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
826 									len);
827 			goto free_skb;
828 		}
829 		if (!nxpdev->baudrate_changed) {
830 			nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
831 									  len);
832 			if (nxpdev->baudrate_changed) {
833 				serdev_device_set_baudrate(nxpdev->serdev,
834 							   HCI_NXP_SEC_BAUDRATE);
835 				serdev_device_set_flow_control(nxpdev->serdev, true);
836 				nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
837 			}
838 			goto free_skb;
839 		}
840 	}
841 
842 	if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
843 		if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old))
844 			goto free_skb;
845 	} else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
846 		if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL))
847 			goto free_skb;
848 	}
849 
850 	if (!len) {
851 		bt_dev_info(hdev, "FW Download Complete: %zu bytes",
852 			   nxpdev->fw->size);
853 		if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
854 			nxpdev->helper_downloaded = true;
855 			serdev_device_wait_until_sent(nxpdev->serdev, 0);
856 			serdev_device_set_baudrate(nxpdev->serdev,
857 						   HCI_NXP_SEC_BAUDRATE);
858 			serdev_device_set_flow_control(nxpdev->serdev, true);
859 		} else {
860 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
861 			wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
862 		}
863 		goto free_skb;
864 	}
865 	if (len & 0x01) {
866 		/* The CRC did not match at the other end.
867 		 * Simply send the same bytes again.
868 		 */
869 		len = nxpdev->fw_v1_sent_bytes;
870 		bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
871 	} else {
872 		nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
873 
874 		/* The FW bin file is made up of many blocks of
875 		 * 16 byte header and payload data chunks. If the
876 		 * FW has requested a header, read the payload length
877 		 * info from the header, before sending the header.
878 		 * In the next iteration, the FW should request the
879 		 * payload data chunk, which should be equal to the
880 		 * payload length read from header. If there is a
881 		 * mismatch, clearly the driver and FW are out of sync,
882 		 * and we need to re-send the previous header again.
883 		 */
884 		if (len == nxpdev->fw_v1_expected_len) {
885 			if (len == HDR_LEN)
886 				nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
887 									nxpdev->fw_dnld_v1_offset);
888 			else
889 				nxpdev->fw_v1_expected_len = HDR_LEN;
890 		} else if (len == HDR_LEN) {
891 			/* FW download out of sync. Send previous chunk again */
892 			nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
893 			nxpdev->fw_v1_expected_len = HDR_LEN;
894 		}
895 	}
896 
897 	if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
898 		serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
899 					nxpdev->fw_dnld_v1_offset, len);
900 	nxpdev->fw_v1_sent_bytes = len;
901 
902 free_skb:
903 	kfree_skb(skb);
904 	return 0;
905 }
906 
907 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
908 					 u8 loader_ver)
909 {
910 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
911 	char *fw_name = NULL;
912 
913 	switch (chipid) {
914 	case CHIP_ID_W9098:
915 		fw_name = FIRMWARE_W9098;
916 		break;
917 	case CHIP_ID_IW416:
918 		fw_name = FIRMWARE_IW416;
919 		break;
920 	case CHIP_ID_IW612:
921 		fw_name = FIRMWARE_IW612;
922 		break;
923 	case CHIP_ID_IW624a:
924 	case CHIP_ID_IW624c:
925 		nxpdev->boot_reg_offset = 1;
926 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
927 			fw_name = FIRMWARE_IW624;
928 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
929 			fw_name = FIRMWARE_SECURE_IW624;
930 		else
931 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
932 		break;
933 	case CHIP_ID_AW693a0:
934 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
935 			fw_name = FIRMWARE_AW693;
936 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
937 			fw_name = FIRMWARE_SECURE_AW693;
938 		else
939 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
940 		break;
941 	case CHIP_ID_AW693a1:
942 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
943 			fw_name = FIRMWARE_AW693_A1;
944 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
945 			fw_name = FIRMWARE_SECURE_AW693_A1;
946 		else
947 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
948 		break;
949 	case CHIP_ID_IW615a0:
950 	case CHIP_ID_IW615a1:
951 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
952 			fw_name = FIRMWARE_IW615;
953 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
954 			fw_name = FIRMWARE_SECURE_IW615;
955 		else
956 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
957 		break;
958 	default:
959 		bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
960 		break;
961 	}
962 	return fw_name;
963 }
964 
965 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
966 					 u8 loader_ver)
967 {
968 	char *fw_name_old = NULL;
969 
970 	switch (chipid) {
971 	case CHIP_ID_W9098:
972 		fw_name_old = FIRMWARE_W9098_OLD;
973 		break;
974 	}
975 	return fw_name_old;
976 }
977 
978 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
979 {
980 	struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
981 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
982 	const char *fw_name;
983 	const char *fw_name_old;
984 	u16 chip_id;
985 	u8 loader_ver;
986 
987 	if (!process_boot_signature(nxpdev))
988 		goto free_skb;
989 
990 	chip_id = le16_to_cpu(req->chip_id);
991 	loader_ver = req->loader_ver;
992 	bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver);
993 	fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver);
994 	fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver);
995 	if (!nxp_request_firmware(hdev, fw_name, fw_name_old))
996 		nxp_send_ack(NXP_ACK_V3, hdev);
997 
998 free_skb:
999 	kfree_skb(skb);
1000 	return 0;
1001 }
1002 
1003 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
1004 {
1005 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1006 	__u32 offset = __le32_to_cpu(req->offset);
1007 	__u16 err = __le16_to_cpu(req->error);
1008 	union nxp_v3_rx_timeout_nak_u nak_tx_buf;
1009 
1010 	switch (err) {
1011 	case NXP_ACK_RX_TIMEOUT:
1012 	case NXP_HDR_RX_TIMEOUT:
1013 	case NXP_DATA_RX_TIMEOUT:
1014 		nak_tx_buf.pkt.nak = NXP_NAK_V3;
1015 		nak_tx_buf.pkt.offset = __cpu_to_le32(offset);
1016 		nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf,
1017 				      sizeof(nak_tx_buf) - 1, 0xff);
1018 		serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf,
1019 					sizeof(nak_tx_buf));
1020 		break;
1021 	default:
1022 		bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err);
1023 		break;
1024 
1025 	}
1026 
1027 }
1028 
1029 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
1030 {
1031 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1032 	struct v3_data_req *req;
1033 	__u16 len;
1034 	__u32 offset;
1035 
1036 	if (!process_boot_signature(nxpdev))
1037 		goto free_skb;
1038 
1039 	req = skb_pull_data(skb, sizeof(*req));
1040 	if (!req || !nxpdev->fw)
1041 		goto free_skb;
1042 
1043 	if (!req->error) {
1044 		nxp_send_ack(NXP_ACK_V3, hdev);
1045 	} else {
1046 		nxp_handle_fw_download_error(hdev, req);
1047 		goto free_skb;
1048 	}
1049 
1050 	len = __le16_to_cpu(req->len);
1051 
1052 	if (!nxpdev->timeout_changed) {
1053 		nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
1054 		goto free_skb;
1055 	}
1056 
1057 	if (!nxpdev->baudrate_changed) {
1058 		nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
1059 		if (nxpdev->baudrate_changed) {
1060 			serdev_device_set_baudrate(nxpdev->serdev,
1061 						   HCI_NXP_SEC_BAUDRATE);
1062 			serdev_device_set_flow_control(nxpdev->serdev, true);
1063 			nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
1064 		}
1065 		goto free_skb;
1066 	}
1067 
1068 	if (req->len == 0) {
1069 		bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1070 			   nxpdev->fw->size);
1071 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1072 		wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1073 		goto free_skb;
1074 	}
1075 
1076 	offset = __le32_to_cpu(req->offset);
1077 	if (offset < nxpdev->fw_v3_offset_correction) {
1078 		/* This scenario should ideally never occur. But if it ever does,
1079 		 * FW is out of sync and needs a power cycle.
1080 		 */
1081 		bt_dev_err(hdev, "Something went wrong during FW download");
1082 		bt_dev_err(hdev, "Please power cycle and try again");
1083 		goto free_skb;
1084 	}
1085 
1086 	nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1087 	serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1088 				nxpdev->fw_dnld_v3_offset, len);
1089 
1090 free_skb:
1091 	kfree_skb(skb);
1092 	return 0;
1093 }
1094 
1095 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1096 {
1097 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1098 	__le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1099 	struct ps_data *psdata = &nxpdev->psdata;
1100 	struct sk_buff *skb;
1101 	u8 *status;
1102 
1103 	if (!psdata)
1104 		return 0;
1105 
1106 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1107 	if (IS_ERR(skb)) {
1108 		bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1109 		return PTR_ERR(skb);
1110 	}
1111 
1112 	status = (u8 *)skb_pull_data(skb, 1);
1113 	if (status) {
1114 		if (*status == 0) {
1115 			serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1116 			nxpdev->current_baudrate = nxpdev->new_baudrate;
1117 		}
1118 		bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1119 			   *status, nxpdev->new_baudrate);
1120 	}
1121 	kfree_skb(skb);
1122 
1123 	return 0;
1124 }
1125 
1126 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1127 {
1128 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1129 	if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1130 		serdev_device_set_flow_control(nxpdev->serdev, false);
1131 	else
1132 		serdev_device_set_flow_control(nxpdev->serdev, true);
1133 	set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1134 
1135 	return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1136 					       !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1137 							 &nxpdev->tx_state),
1138 					       msecs_to_jiffies(1000));
1139 }
1140 
1141 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1142 {
1143 	static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1144 					0x01, BTNXPUART_IR_HW_ERR };
1145 	struct sk_buff *skb;
1146 
1147 	skb = bt_skb_alloc(3, GFP_ATOMIC);
1148 	if (!skb)
1149 		return -ENOMEM;
1150 
1151 	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1152 	skb_put_data(skb, ir_hw_err, 3);
1153 
1154 	/* Inject Hardware Error to upper stack */
1155 	return hci_recv_frame(hdev, skb);
1156 }
1157 
1158 /* NXP protocol */
1159 static int nxp_setup(struct hci_dev *hdev)
1160 {
1161 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1162 	int err = 0;
1163 
1164 	if (nxp_check_boot_sign(nxpdev)) {
1165 		bt_dev_dbg(hdev, "Need FW Download.");
1166 		err = nxp_download_firmware(hdev);
1167 		if (err < 0)
1168 			return err;
1169 	} else {
1170 		bt_dev_info(hdev, "FW already running.");
1171 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1172 	}
1173 
1174 	serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1175 	nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1176 
1177 	if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1178 		nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1179 		hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1180 	}
1181 
1182 	ps_init(hdev);
1183 
1184 	if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1185 		hci_dev_clear_flag(hdev, HCI_SETUP);
1186 
1187 	return 0;
1188 }
1189 
1190 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1191 {
1192 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1193 
1194 	switch (code) {
1195 	case BTNXPUART_IR_HW_ERR:
1196 		set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1197 		hci_dev_set_flag(hdev, HCI_SETUP);
1198 		break;
1199 	default:
1200 		break;
1201 	}
1202 }
1203 
1204 static int nxp_shutdown(struct hci_dev *hdev)
1205 {
1206 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1207 	struct sk_buff *skb;
1208 	u8 *status;
1209 	u8 pcmd = 0;
1210 
1211 	if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1212 		skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1213 		if (IS_ERR(skb))
1214 			return PTR_ERR(skb);
1215 
1216 		status = skb_pull_data(skb, 1);
1217 		if (status) {
1218 			serdev_device_set_flow_control(nxpdev->serdev, false);
1219 			set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1220 		}
1221 		kfree_skb(skb);
1222 	}
1223 
1224 	return 0;
1225 }
1226 
1227 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1228 {
1229 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1230 
1231 	/* Prepend skb with frame type */
1232 	memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1233 	skb_queue_tail(&nxpdev->txq, skb);
1234 	btnxpuart_tx_wakeup(nxpdev);
1235 	return 0;
1236 }
1237 
1238 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1239 {
1240 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1241 	struct ps_data *psdata = &nxpdev->psdata;
1242 	struct hci_command_hdr *hdr;
1243 	struct psmode_cmd_payload ps_parm;
1244 	struct wakeup_cmd_payload wakeup_parm;
1245 	__le32 baudrate_parm;
1246 
1247 	/* if vendor commands are received from user space (e.g. hcitool), update
1248 	 * driver flags accordingly and ask driver to re-send the command to FW.
1249 	 * In case the payload for any command does not match expected payload
1250 	 * length, let the firmware and user space program handle it, or throw
1251 	 * an error.
1252 	 */
1253 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1254 		hdr = (struct hci_command_hdr *)skb->data;
1255 		if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1256 			return btnxpuart_queue_skb(hdev, skb);
1257 
1258 		switch (__le16_to_cpu(hdr->opcode)) {
1259 		case HCI_NXP_AUTO_SLEEP_MODE:
1260 			if (hdr->plen == sizeof(ps_parm)) {
1261 				memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1262 				if (ps_parm.ps_cmd == BT_PS_ENABLE)
1263 					psdata->target_ps_mode = PS_MODE_ENABLE;
1264 				else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1265 					psdata->target_ps_mode = PS_MODE_DISABLE;
1266 				psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1267 				hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1268 				goto free_skb;
1269 			}
1270 			break;
1271 		case HCI_NXP_WAKEUP_METHOD:
1272 			if (hdr->plen == sizeof(wakeup_parm)) {
1273 				memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1274 				psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1275 				psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1276 				psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1277 				switch (wakeup_parm.h2c_wakeupmode) {
1278 				case BT_CTRL_WAKEUP_METHOD_DSR:
1279 					psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1280 					break;
1281 				case BT_CTRL_WAKEUP_METHOD_BREAK:
1282 				default:
1283 					psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1284 					break;
1285 				}
1286 				hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1287 				goto free_skb;
1288 			}
1289 			break;
1290 		case HCI_NXP_SET_OPER_SPEED:
1291 			if (hdr->plen == sizeof(baudrate_parm)) {
1292 				memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1293 				nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1294 				hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1295 				goto free_skb;
1296 			}
1297 			break;
1298 		case HCI_NXP_IND_RESET:
1299 			if (hdr->plen == 1) {
1300 				hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1301 				goto free_skb;
1302 			}
1303 			break;
1304 		default:
1305 			break;
1306 		}
1307 	}
1308 
1309 	return btnxpuart_queue_skb(hdev, skb);
1310 
1311 free_skb:
1312 	kfree_skb(skb);
1313 	return 0;
1314 }
1315 
1316 static struct sk_buff *nxp_dequeue(void *data)
1317 {
1318 	struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1319 
1320 	ps_start_timer(nxpdev);
1321 	return skb_dequeue(&nxpdev->txq);
1322 }
1323 
1324 /* btnxpuart based on serdev */
1325 static void btnxpuart_tx_work(struct work_struct *work)
1326 {
1327 	struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1328 						   tx_work);
1329 	struct serdev_device *serdev = nxpdev->serdev;
1330 	struct hci_dev *hdev = nxpdev->hdev;
1331 	struct sk_buff *skb;
1332 	int len;
1333 
1334 	if (ps_wakeup(nxpdev))
1335 		return;
1336 
1337 	while ((skb = nxp_dequeue(nxpdev))) {
1338 		len = serdev_device_write_buf(serdev, skb->data, skb->len);
1339 		hdev->stat.byte_tx += len;
1340 
1341 		skb_pull(skb, len);
1342 		if (skb->len > 0) {
1343 			skb_queue_head(&nxpdev->txq, skb);
1344 			break;
1345 		}
1346 
1347 		switch (hci_skb_pkt_type(skb)) {
1348 		case HCI_COMMAND_PKT:
1349 			hdev->stat.cmd_tx++;
1350 			break;
1351 		case HCI_ACLDATA_PKT:
1352 			hdev->stat.acl_tx++;
1353 			break;
1354 		case HCI_SCODATA_PKT:
1355 			hdev->stat.sco_tx++;
1356 			break;
1357 		}
1358 
1359 		kfree_skb(skb);
1360 	}
1361 	clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1362 }
1363 
1364 static int btnxpuart_open(struct hci_dev *hdev)
1365 {
1366 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1367 	int err = 0;
1368 
1369 	err = serdev_device_open(nxpdev->serdev);
1370 	if (err) {
1371 		bt_dev_err(hdev, "Unable to open UART device %s",
1372 			   dev_name(&nxpdev->serdev->dev));
1373 	} else {
1374 		set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1375 	}
1376 	return err;
1377 }
1378 
1379 static int btnxpuart_close(struct hci_dev *hdev)
1380 {
1381 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1382 
1383 	serdev_device_close(nxpdev->serdev);
1384 	skb_queue_purge(&nxpdev->txq);
1385 	if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1386 		kfree_skb(nxpdev->rx_skb);
1387 		nxpdev->rx_skb = NULL;
1388 	}
1389 	clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1390 	return 0;
1391 }
1392 
1393 static int btnxpuart_flush(struct hci_dev *hdev)
1394 {
1395 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1396 
1397 	/* Flush any pending characters */
1398 	serdev_device_write_flush(nxpdev->serdev);
1399 	skb_queue_purge(&nxpdev->txq);
1400 
1401 	cancel_work_sync(&nxpdev->tx_work);
1402 
1403 	if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1404 		kfree_skb(nxpdev->rx_skb);
1405 		nxpdev->rx_skb = NULL;
1406 	}
1407 
1408 	return 0;
1409 }
1410 
1411 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1412 	{ H4_RECV_ACL,          .recv = hci_recv_frame },
1413 	{ H4_RECV_SCO,          .recv = hci_recv_frame },
1414 	{ H4_RECV_EVENT,        .recv = hci_recv_frame },
1415 	{ H4_RECV_ISO,		.recv = hci_recv_frame },
1416 	{ NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1417 	{ NXP_RECV_FW_REQ_V1,   .recv = nxp_recv_fw_req_v1 },
1418 	{ NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1419 	{ NXP_RECV_FW_REQ_V3,   .recv = nxp_recv_fw_req_v3 },
1420 };
1421 
1422 static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1423 				    const u8 *data, size_t count)
1424 {
1425 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1426 
1427 	ps_start_timer(nxpdev);
1428 
1429 	nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1430 				     nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1431 	if (IS_ERR(nxpdev->rx_skb)) {
1432 		int err = PTR_ERR(nxpdev->rx_skb);
1433 		/* Safe to ignore out-of-sync bootloader signatures */
1434 		if (!is_fw_downloading(nxpdev))
1435 			bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1436 		return count;
1437 	}
1438 	if (!is_fw_downloading(nxpdev))
1439 		nxpdev->hdev->stat.byte_rx += count;
1440 	return count;
1441 }
1442 
1443 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1444 {
1445 	serdev_device_write_wakeup(serdev);
1446 }
1447 
1448 static const struct serdev_device_ops btnxpuart_client_ops = {
1449 	.receive_buf = btnxpuart_receive_buf,
1450 	.write_wakeup = btnxpuart_write_wakeup,
1451 };
1452 
1453 static int nxp_serdev_probe(struct serdev_device *serdev)
1454 {
1455 	struct hci_dev *hdev;
1456 	struct btnxpuart_dev *nxpdev;
1457 
1458 	nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1459 	if (!nxpdev)
1460 		return -ENOMEM;
1461 
1462 	nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1463 
1464 	nxpdev->serdev = serdev;
1465 	serdev_device_set_drvdata(serdev, nxpdev);
1466 
1467 	serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1468 
1469 	INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1470 	skb_queue_head_init(&nxpdev->txq);
1471 
1472 	init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1473 	init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1474 
1475 	device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1476 				 &nxpdev->fw_init_baudrate);
1477 	if (!nxpdev->fw_init_baudrate)
1478 		nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1479 
1480 	set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1481 
1482 	crc8_populate_msb(crc8_table, POLYNOMIAL8);
1483 
1484 	/* Initialize and register HCI device */
1485 	hdev = hci_alloc_dev();
1486 	if (!hdev) {
1487 		dev_err(&serdev->dev, "Can't allocate HCI device\n");
1488 		return -ENOMEM;
1489 	}
1490 
1491 	nxpdev->hdev = hdev;
1492 
1493 	hdev->bus = HCI_UART;
1494 	hci_set_drvdata(hdev, nxpdev);
1495 
1496 	hdev->manufacturer = MANUFACTURER_NXP;
1497 	hdev->open  = btnxpuart_open;
1498 	hdev->close = btnxpuart_close;
1499 	hdev->flush = btnxpuart_flush;
1500 	hdev->setup = nxp_setup;
1501 	hdev->send  = nxp_enqueue;
1502 	hdev->hw_error = nxp_hw_err;
1503 	hdev->shutdown = nxp_shutdown;
1504 	SET_HCIDEV_DEV(hdev, &serdev->dev);
1505 
1506 	if (hci_register_dev(hdev) < 0) {
1507 		dev_err(&serdev->dev, "Can't register HCI device\n");
1508 		hci_free_dev(hdev);
1509 		return -ENODEV;
1510 	}
1511 
1512 	ps_setup(hdev);
1513 
1514 	return 0;
1515 }
1516 
1517 static void nxp_serdev_remove(struct serdev_device *serdev)
1518 {
1519 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1520 	struct hci_dev *hdev = nxpdev->hdev;
1521 
1522 	if (is_fw_downloading(nxpdev)) {
1523 		set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1524 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1525 		wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1526 		wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1527 	} else {
1528 		/* Restore FW baudrate to fw_init_baudrate if changed.
1529 		 * This will ensure FW baudrate is in sync with
1530 		 * driver baudrate in case this driver is re-inserted.
1531 		 */
1532 		if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1533 			nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1534 			nxp_set_baudrate_cmd(hdev, NULL);
1535 		}
1536 	}
1537 	ps_cleanup(nxpdev);
1538 	hci_unregister_dev(hdev);
1539 	hci_free_dev(hdev);
1540 }
1541 
1542 #ifdef CONFIG_PM_SLEEP
1543 static int nxp_serdev_suspend(struct device *dev)
1544 {
1545 	struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1546 	struct ps_data *psdata = &nxpdev->psdata;
1547 
1548 	ps_control(psdata->hdev, PS_STATE_SLEEP);
1549 	return 0;
1550 }
1551 
1552 static int nxp_serdev_resume(struct device *dev)
1553 {
1554 	struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1555 	struct ps_data *psdata = &nxpdev->psdata;
1556 
1557 	ps_control(psdata->hdev, PS_STATE_AWAKE);
1558 	return 0;
1559 }
1560 #endif
1561 
1562 static struct btnxpuart_data w8987_data __maybe_unused = {
1563 	.helper_fw_name = NULL,
1564 	.fw_name = FIRMWARE_W8987,
1565 	.fw_name_old = FIRMWARE_W8987_OLD,
1566 };
1567 
1568 static struct btnxpuart_data w8997_data __maybe_unused = {
1569 	.helper_fw_name = FIRMWARE_HELPER,
1570 	.fw_name = FIRMWARE_W8997,
1571 	.fw_name_old = FIRMWARE_W8997_OLD,
1572 };
1573 
1574 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1575 	{ .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1576 	{ .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1577 	{ }
1578 };
1579 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1580 
1581 static const struct dev_pm_ops nxp_pm_ops = {
1582 	SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume)
1583 };
1584 
1585 static struct serdev_device_driver nxp_serdev_driver = {
1586 	.probe = nxp_serdev_probe,
1587 	.remove = nxp_serdev_remove,
1588 	.driver = {
1589 		.name = "btnxpuart",
1590 		.of_match_table = of_match_ptr(nxpuart_of_match_table),
1591 		.pm = &nxp_pm_ops,
1592 	},
1593 };
1594 
1595 module_serdev_device_driver(nxp_serdev_driver);
1596 
1597 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1598 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1599 MODULE_LICENSE("GPL");
1600