1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NXP Bluetooth driver 4 * Copyright 2023 NXP 5 */ 6 7 #include <linux/module.h> 8 #include <linux/kernel.h> 9 10 #include <linux/serdev.h> 11 #include <linux/of.h> 12 #include <linux/skbuff.h> 13 #include <asm/unaligned.h> 14 #include <linux/firmware.h> 15 #include <linux/string.h> 16 #include <linux/crc8.h> 17 #include <linux/crc32.h> 18 #include <linux/string_helpers.h> 19 20 #include <net/bluetooth/bluetooth.h> 21 #include <net/bluetooth/hci_core.h> 22 23 #include "h4_recv.h" 24 25 #define MANUFACTURER_NXP 37 26 27 #define BTNXPUART_TX_STATE_ACTIVE 1 28 #define BTNXPUART_FW_DOWNLOADING 2 29 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3 30 #define BTNXPUART_SERDEV_OPEN 4 31 #define BTNXPUART_IR_IN_PROGRESS 5 32 #define BTNXPUART_FW_DOWNLOAD_ABORT 6 33 34 /* NXP HW err codes */ 35 #define BTNXPUART_IR_HW_ERR 0xb0 36 37 #define FIRMWARE_W8987 "uart8987_bt_v0.bin" 38 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin" 39 #define FIRMWARE_W8997 "uart8997_bt_v4.bin" 40 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin" 41 #define FIRMWARE_W9098 "uart9098_bt_v1.bin" 42 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin" 43 #define FIRMWARE_IW416 "uartiw416_bt_v0.bin" 44 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se" 45 #define FIRMWARE_IW615 "uartspi_iw610_v0.bin" 46 #define FIRMWARE_SECURE_IW615 "uartspi_iw610_v0.bin.se" 47 #define FIRMWARE_IW624 "uartiw624_bt.bin" 48 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se" 49 #define FIRMWARE_AW693 "uartaw693_bt.bin" 50 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se" 51 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin" 52 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se" 53 #define FIRMWARE_HELPER "helper_uart_3000000.bin" 54 55 #define CHIP_ID_W9098 0x5c03 56 #define CHIP_ID_IW416 0x7201 57 #define CHIP_ID_IW612 0x7601 58 #define CHIP_ID_IW624a 0x8000 59 #define CHIP_ID_IW624c 0x8001 60 #define CHIP_ID_AW693a0 0x8200 61 #define CHIP_ID_AW693a1 0x8201 62 #define CHIP_ID_IW615a0 0x8800 63 #define CHIP_ID_IW615a1 0x8801 64 65 #define FW_SECURE_MASK 0xc0 66 #define FW_OPEN 0x00 67 #define FW_AUTH_ILLEGAL 0x40 68 #define FW_AUTH_PLAIN 0x80 69 #define FW_AUTH_ENC 0xc0 70 71 #define HCI_NXP_PRI_BAUDRATE 115200 72 #define HCI_NXP_SEC_BAUDRATE 3000000 73 74 #define MAX_FW_FILE_NAME_LEN 50 75 76 /* Default ps timeout period in milliseconds */ 77 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000 78 79 /* wakeup methods */ 80 #define WAKEUP_METHOD_DTR 0 81 #define WAKEUP_METHOD_BREAK 1 82 #define WAKEUP_METHOD_EXT_BREAK 2 83 #define WAKEUP_METHOD_RTS 3 84 #define WAKEUP_METHOD_INVALID 0xff 85 86 /* power save mode status */ 87 #define PS_MODE_DISABLE 0 88 #define PS_MODE_ENABLE 1 89 90 /* Power Save Commands to ps_work_func */ 91 #define PS_CMD_EXIT_PS 1 92 #define PS_CMD_ENTER_PS 2 93 94 /* power save state */ 95 #define PS_STATE_AWAKE 0 96 #define PS_STATE_SLEEP 1 97 98 /* Bluetooth vendor command : Sleep mode */ 99 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23 100 /* Bluetooth vendor command : Wakeup method */ 101 #define HCI_NXP_WAKEUP_METHOD 0xfc53 102 /* Bluetooth vendor command : Set operational baudrate */ 103 #define HCI_NXP_SET_OPER_SPEED 0xfc09 104 /* Bluetooth vendor command: Independent Reset */ 105 #define HCI_NXP_IND_RESET 0xfcfc 106 107 /* Bluetooth Power State : Vendor cmd params */ 108 #define BT_PS_ENABLE 0x02 109 #define BT_PS_DISABLE 0x03 110 111 /* Bluetooth Host Wakeup Methods */ 112 #define BT_HOST_WAKEUP_METHOD_NONE 0x00 113 #define BT_HOST_WAKEUP_METHOD_DTR 0x01 114 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02 115 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03 116 117 /* Bluetooth Chip Wakeup Methods */ 118 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00 119 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01 120 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02 121 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04 122 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05 123 124 struct ps_data { 125 u8 target_ps_mode; /* ps mode to be set */ 126 u8 cur_psmode; /* current ps_mode */ 127 u8 ps_state; /* controller's power save state */ 128 u8 ps_cmd; 129 u8 h2c_wakeupmode; 130 u8 cur_h2c_wakeupmode; 131 u8 c2h_wakeupmode; 132 u8 c2h_wakeup_gpio; 133 u8 h2c_wakeup_gpio; 134 bool driver_sent_cmd; 135 u16 h2c_ps_interval; 136 u16 c2h_ps_interval; 137 struct hci_dev *hdev; 138 struct work_struct work; 139 struct timer_list ps_timer; 140 struct mutex ps_lock; 141 }; 142 143 struct wakeup_cmd_payload { 144 u8 c2h_wakeupmode; 145 u8 c2h_wakeup_gpio; 146 u8 h2c_wakeupmode; 147 u8 h2c_wakeup_gpio; 148 } __packed; 149 150 struct psmode_cmd_payload { 151 u8 ps_cmd; 152 __le16 c2h_ps_interval; 153 } __packed; 154 155 struct btnxpuart_data { 156 const char *helper_fw_name; 157 const char *fw_name; 158 const char *fw_name_old; 159 }; 160 161 struct btnxpuart_dev { 162 struct hci_dev *hdev; 163 struct serdev_device *serdev; 164 165 struct work_struct tx_work; 166 unsigned long tx_state; 167 struct sk_buff_head txq; 168 struct sk_buff *rx_skb; 169 170 const struct firmware *fw; 171 u8 fw_name[MAX_FW_FILE_NAME_LEN]; 172 u32 fw_dnld_v1_offset; 173 u32 fw_v1_sent_bytes; 174 u32 fw_dnld_v3_offset; 175 u32 fw_v3_offset_correction; 176 u32 fw_v1_expected_len; 177 u32 boot_reg_offset; 178 wait_queue_head_t fw_dnld_done_wait_q; 179 wait_queue_head_t check_boot_sign_wait_q; 180 181 u32 new_baudrate; 182 u32 current_baudrate; 183 u32 fw_init_baudrate; 184 bool timeout_changed; 185 bool baudrate_changed; 186 bool helper_downloaded; 187 188 struct ps_data psdata; 189 struct btnxpuart_data *nxp_data; 190 }; 191 192 #define NXP_V1_FW_REQ_PKT 0xa5 193 #define NXP_V1_CHIP_VER_PKT 0xaa 194 #define NXP_V3_FW_REQ_PKT 0xa7 195 #define NXP_V3_CHIP_VER_PKT 0xab 196 197 #define NXP_ACK_V1 0x5a 198 #define NXP_NAK_V1 0xbf 199 #define NXP_ACK_V3 0x7a 200 #define NXP_NAK_V3 0x7b 201 #define NXP_CRC_ERROR_V3 0x7c 202 203 /* Bootloader signature error codes */ 204 #define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */ 205 #define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */ 206 #define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */ 207 208 #define HDR_LEN 16 209 210 #define NXP_RECV_CHIP_VER_V1 \ 211 .type = NXP_V1_CHIP_VER_PKT, \ 212 .hlen = 4, \ 213 .loff = 0, \ 214 .lsize = 0, \ 215 .maxlen = 4 216 217 #define NXP_RECV_FW_REQ_V1 \ 218 .type = NXP_V1_FW_REQ_PKT, \ 219 .hlen = 4, \ 220 .loff = 0, \ 221 .lsize = 0, \ 222 .maxlen = 4 223 224 #define NXP_RECV_CHIP_VER_V3 \ 225 .type = NXP_V3_CHIP_VER_PKT, \ 226 .hlen = 4, \ 227 .loff = 0, \ 228 .lsize = 0, \ 229 .maxlen = 4 230 231 #define NXP_RECV_FW_REQ_V3 \ 232 .type = NXP_V3_FW_REQ_PKT, \ 233 .hlen = 9, \ 234 .loff = 0, \ 235 .lsize = 0, \ 236 .maxlen = 9 237 238 struct v1_data_req { 239 __le16 len; 240 __le16 len_comp; 241 } __packed; 242 243 struct v1_start_ind { 244 __le16 chip_id; 245 __le16 chip_id_comp; 246 } __packed; 247 248 struct v3_data_req { 249 __le16 len; 250 __le32 offset; 251 __le16 error; 252 u8 crc; 253 } __packed; 254 255 struct v3_start_ind { 256 __le16 chip_id; 257 u8 loader_ver; 258 u8 crc; 259 } __packed; 260 261 /* UART register addresses of BT chip */ 262 #define CLKDIVADDR 0x7f00008f 263 #define UARTDIVADDR 0x7f000090 264 #define UARTMCRADDR 0x7f000091 265 #define UARTREINITADDR 0x7f000092 266 #define UARTICRADDR 0x7f000093 267 #define UARTFCRADDR 0x7f000094 268 269 #define MCR 0x00000022 270 #define INIT 0x00000001 271 #define ICR 0x000000c7 272 #define FCR 0x000000c7 273 274 #define POLYNOMIAL8 0x07 275 276 struct uart_reg { 277 __le32 address; 278 __le32 value; 279 } __packed; 280 281 struct uart_config { 282 struct uart_reg clkdiv; 283 struct uart_reg uartdiv; 284 struct uart_reg mcr; 285 struct uart_reg re_init; 286 struct uart_reg icr; 287 struct uart_reg fcr; 288 __be32 crc; 289 } __packed; 290 291 struct nxp_bootloader_cmd { 292 __le32 header; 293 __le32 arg; 294 __le32 payload_len; 295 __be32 crc; 296 } __packed; 297 298 struct nxp_v3_rx_timeout_nak { 299 u8 nak; 300 __le32 offset; 301 u8 crc; 302 } __packed; 303 304 union nxp_v3_rx_timeout_nak_u { 305 struct nxp_v3_rx_timeout_nak pkt; 306 u8 buf[6]; 307 }; 308 309 static u8 crc8_table[CRC8_TABLE_SIZE]; 310 311 /* Default configurations */ 312 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK 313 #define DEFAULT_PS_MODE PS_MODE_ENABLE 314 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE 315 316 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode, 317 u32 plen, 318 void *param) 319 { 320 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 321 struct ps_data *psdata = &nxpdev->psdata; 322 struct sk_buff *skb; 323 324 /* set flag to prevent nxp_enqueue from parsing values from this command and 325 * calling hci_cmd_sync_queue() again. 326 */ 327 psdata->driver_sent_cmd = true; 328 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT); 329 psdata->driver_sent_cmd = false; 330 331 return skb; 332 } 333 334 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev) 335 { 336 if (schedule_work(&nxpdev->tx_work)) 337 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 338 } 339 340 /* NXP Power Save Feature */ 341 static void ps_start_timer(struct btnxpuart_dev *nxpdev) 342 { 343 struct ps_data *psdata = &nxpdev->psdata; 344 345 if (!psdata) 346 return; 347 348 if (psdata->cur_psmode == PS_MODE_ENABLE) 349 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval)); 350 351 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS) 352 cancel_work_sync(&psdata->work); 353 } 354 355 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev) 356 { 357 struct ps_data *psdata = &nxpdev->psdata; 358 359 flush_work(&psdata->work); 360 timer_shutdown_sync(&psdata->ps_timer); 361 } 362 363 static void ps_control(struct hci_dev *hdev, u8 ps_state) 364 { 365 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 366 struct ps_data *psdata = &nxpdev->psdata; 367 int status; 368 369 if (psdata->ps_state == ps_state || 370 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state)) 371 return; 372 373 mutex_lock(&psdata->ps_lock); 374 switch (psdata->cur_h2c_wakeupmode) { 375 case WAKEUP_METHOD_DTR: 376 if (ps_state == PS_STATE_AWAKE) 377 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 378 else 379 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 380 break; 381 case WAKEUP_METHOD_BREAK: 382 default: 383 if (ps_state == PS_STATE_AWAKE) 384 status = serdev_device_break_ctl(nxpdev->serdev, 0); 385 else 386 status = serdev_device_break_ctl(nxpdev->serdev, -1); 387 msleep(20); /* Allow chip to detect UART-break and enter sleep */ 388 bt_dev_dbg(hdev, "Set UART break: %s, status=%d", 389 str_on_off(ps_state == PS_STATE_SLEEP), status); 390 break; 391 } 392 if (!status) 393 psdata->ps_state = ps_state; 394 mutex_unlock(&psdata->ps_lock); 395 396 if (ps_state == PS_STATE_AWAKE) 397 btnxpuart_tx_wakeup(nxpdev); 398 } 399 400 static void ps_work_func(struct work_struct *work) 401 { 402 struct ps_data *data = container_of(work, struct ps_data, work); 403 404 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE) 405 ps_control(data->hdev, PS_STATE_SLEEP); 406 else if (data->ps_cmd == PS_CMD_EXIT_PS) 407 ps_control(data->hdev, PS_STATE_AWAKE); 408 } 409 410 static void ps_timeout_func(struct timer_list *t) 411 { 412 struct ps_data *data = from_timer(data, t, ps_timer); 413 struct hci_dev *hdev = data->hdev; 414 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 415 416 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) { 417 ps_start_timer(nxpdev); 418 } else { 419 data->ps_cmd = PS_CMD_ENTER_PS; 420 schedule_work(&data->work); 421 } 422 } 423 424 static void ps_setup(struct hci_dev *hdev) 425 { 426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 427 struct ps_data *psdata = &nxpdev->psdata; 428 429 psdata->hdev = hdev; 430 INIT_WORK(&psdata->work, ps_work_func); 431 mutex_init(&psdata->ps_lock); 432 timer_setup(&psdata->ps_timer, ps_timeout_func, 0); 433 } 434 435 static bool ps_wakeup(struct btnxpuart_dev *nxpdev) 436 { 437 struct ps_data *psdata = &nxpdev->psdata; 438 u8 ps_state; 439 440 mutex_lock(&psdata->ps_lock); 441 ps_state = psdata->ps_state; 442 mutex_unlock(&psdata->ps_lock); 443 444 if (ps_state != PS_STATE_AWAKE) { 445 psdata->ps_cmd = PS_CMD_EXIT_PS; 446 schedule_work(&psdata->work); 447 return true; 448 } 449 return false; 450 } 451 452 static int send_ps_cmd(struct hci_dev *hdev, void *data) 453 { 454 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 455 struct ps_data *psdata = &nxpdev->psdata; 456 struct psmode_cmd_payload pcmd; 457 struct sk_buff *skb; 458 u8 *status; 459 460 if (psdata->target_ps_mode == PS_MODE_ENABLE) 461 pcmd.ps_cmd = BT_PS_ENABLE; 462 else 463 pcmd.ps_cmd = BT_PS_DISABLE; 464 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval); 465 466 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd); 467 if (IS_ERR(skb)) { 468 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb)); 469 return PTR_ERR(skb); 470 } 471 472 status = skb_pull_data(skb, 1); 473 if (status) { 474 if (!*status) 475 psdata->cur_psmode = psdata->target_ps_mode; 476 else 477 psdata->target_ps_mode = psdata->cur_psmode; 478 if (psdata->cur_psmode == PS_MODE_ENABLE) 479 ps_start_timer(nxpdev); 480 else 481 ps_wakeup(nxpdev); 482 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d", 483 *status, psdata->cur_psmode); 484 } 485 kfree_skb(skb); 486 487 return 0; 488 } 489 490 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data) 491 { 492 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 493 struct ps_data *psdata = &nxpdev->psdata; 494 struct wakeup_cmd_payload pcmd; 495 struct sk_buff *skb; 496 u8 *status; 497 498 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode; 499 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio; 500 switch (psdata->h2c_wakeupmode) { 501 case WAKEUP_METHOD_DTR: 502 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR; 503 break; 504 case WAKEUP_METHOD_BREAK: 505 default: 506 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK; 507 break; 508 } 509 pcmd.h2c_wakeup_gpio = 0xff; 510 511 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd); 512 if (IS_ERR(skb)) { 513 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb)); 514 return PTR_ERR(skb); 515 } 516 517 status = skb_pull_data(skb, 1); 518 if (status) { 519 if (*status == 0) 520 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode; 521 else 522 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode; 523 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d", 524 *status, psdata->cur_h2c_wakeupmode); 525 } 526 kfree_skb(skb); 527 528 return 0; 529 } 530 531 static void ps_init(struct hci_dev *hdev) 532 { 533 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 534 struct ps_data *psdata = &nxpdev->psdata; 535 536 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS); 537 usleep_range(5000, 10000); 538 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0); 539 usleep_range(5000, 10000); 540 541 psdata->ps_state = PS_STATE_AWAKE; 542 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE; 543 psdata->c2h_wakeup_gpio = 0xff; 544 545 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID; 546 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS; 547 switch (DEFAULT_H2C_WAKEUP_MODE) { 548 case WAKEUP_METHOD_DTR: 549 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 550 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 551 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 552 break; 553 case WAKEUP_METHOD_BREAK: 554 default: 555 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 556 serdev_device_break_ctl(nxpdev->serdev, -1); 557 usleep_range(5000, 10000); 558 serdev_device_break_ctl(nxpdev->serdev, 0); 559 usleep_range(5000, 10000); 560 break; 561 } 562 563 psdata->cur_psmode = PS_MODE_DISABLE; 564 psdata->target_ps_mode = DEFAULT_PS_MODE; 565 566 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode) 567 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 568 if (psdata->cur_psmode != psdata->target_ps_mode) 569 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 570 } 571 572 /* NXP Firmware Download Feature */ 573 static int nxp_download_firmware(struct hci_dev *hdev) 574 { 575 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 576 int err = 0; 577 578 nxpdev->fw_dnld_v1_offset = 0; 579 nxpdev->fw_v1_sent_bytes = 0; 580 nxpdev->fw_v1_expected_len = HDR_LEN; 581 nxpdev->boot_reg_offset = 0; 582 nxpdev->fw_dnld_v3_offset = 0; 583 nxpdev->fw_v3_offset_correction = 0; 584 nxpdev->baudrate_changed = false; 585 nxpdev->timeout_changed = false; 586 nxpdev->helper_downloaded = false; 587 588 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 589 serdev_device_set_flow_control(nxpdev->serdev, false); 590 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE; 591 592 /* Wait till FW is downloaded */ 593 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q, 594 !test_bit(BTNXPUART_FW_DOWNLOADING, 595 &nxpdev->tx_state), 596 msecs_to_jiffies(60000)); 597 598 release_firmware(nxpdev->fw); 599 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 600 601 if (err == 0) { 602 bt_dev_err(hdev, "FW Download Timeout. offset: %d", 603 nxpdev->fw_dnld_v1_offset ? 604 nxpdev->fw_dnld_v1_offset : 605 nxpdev->fw_dnld_v3_offset); 606 return -ETIMEDOUT; 607 } 608 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) { 609 bt_dev_err(hdev, "FW Download Aborted"); 610 return -EINTR; 611 } 612 613 serdev_device_set_flow_control(nxpdev->serdev, true); 614 615 /* Allow the downloaded FW to initialize */ 616 msleep(1200); 617 618 return 0; 619 } 620 621 static void nxp_send_ack(u8 ack, struct hci_dev *hdev) 622 { 623 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 624 u8 ack_nak[2]; 625 int len = 1; 626 627 ack_nak[0] = ack; 628 if (ack == NXP_ACK_V3) { 629 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff); 630 len = 2; 631 } 632 serdev_device_write_buf(nxpdev->serdev, ack_nak, len); 633 } 634 635 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len) 636 { 637 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 638 struct nxp_bootloader_cmd nxp_cmd5; 639 struct uart_config uart_config; 640 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset; 641 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset; 642 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset; 643 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset; 644 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset; 645 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset; 646 647 if (req_len == sizeof(nxp_cmd5)) { 648 nxp_cmd5.header = __cpu_to_le32(5); 649 nxp_cmd5.arg = 0; 650 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); 651 /* FW expects swapped CRC bytes */ 652 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5, 653 sizeof(nxp_cmd5) - 4)); 654 655 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5)); 656 nxpdev->fw_v3_offset_correction += req_len; 657 } else if (req_len == sizeof(uart_config)) { 658 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr); 659 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000); 660 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr); 661 uart_config.uartdiv.value = __cpu_to_le32(1); 662 uart_config.mcr.address = __cpu_to_le32(uartmcraddr); 663 uart_config.mcr.value = __cpu_to_le32(MCR); 664 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr); 665 uart_config.re_init.value = __cpu_to_le32(INIT); 666 uart_config.icr.address = __cpu_to_le32(uarticraddr); 667 uart_config.icr.value = __cpu_to_le32(ICR); 668 uart_config.fcr.address = __cpu_to_le32(uartfcraddr); 669 uart_config.fcr.value = __cpu_to_le32(FCR); 670 /* FW expects swapped CRC bytes */ 671 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config, 672 sizeof(uart_config) - 4)); 673 674 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config)); 675 serdev_device_wait_until_sent(nxpdev->serdev, 0); 676 nxpdev->fw_v3_offset_correction += req_len; 677 return true; 678 } 679 return false; 680 } 681 682 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len) 683 { 684 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 685 struct nxp_bootloader_cmd nxp_cmd7; 686 687 if (req_len != sizeof(nxp_cmd7)) 688 return false; 689 690 nxp_cmd7.header = __cpu_to_le32(7); 691 nxp_cmd7.arg = __cpu_to_le32(0x70); 692 nxp_cmd7.payload_len = 0; 693 /* FW expects swapped CRC bytes */ 694 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7, 695 sizeof(nxp_cmd7) - 4)); 696 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7)); 697 serdev_device_wait_until_sent(nxpdev->serdev, 0); 698 nxpdev->fw_v3_offset_correction += req_len; 699 return true; 700 } 701 702 static u32 nxp_get_data_len(const u8 *buf) 703 { 704 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf; 705 706 return __le32_to_cpu(hdr->payload_len); 707 } 708 709 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev) 710 { 711 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 712 } 713 714 static bool process_boot_signature(struct btnxpuart_dev *nxpdev) 715 { 716 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) { 717 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 718 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 719 return false; 720 } 721 return is_fw_downloading(nxpdev); 722 } 723 724 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name, 725 const char *fw_name_old) 726 { 727 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 728 const char *fw_name_dt; 729 int err = 0; 730 731 if (!fw_name) 732 return -ENOENT; 733 734 if (!strlen(nxpdev->fw_name)) { 735 if (strcmp(fw_name, FIRMWARE_HELPER) && 736 !device_property_read_string(&nxpdev->serdev->dev, 737 "firmware-name", 738 &fw_name_dt)) 739 fw_name = fw_name_dt; 740 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name); 741 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 742 if (err < 0 && fw_name_old) { 743 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old); 744 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 745 } 746 747 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name); 748 if (err < 0) { 749 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name); 750 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 751 } 752 } 753 return err; 754 } 755 756 /* for legacy chipsets with V1 bootloader */ 757 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb) 758 { 759 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 760 struct v1_start_ind *req; 761 __u16 chip_id; 762 763 req = skb_pull_data(skb, sizeof(*req)); 764 if (!req) 765 goto free_skb; 766 767 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp); 768 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) { 769 nxpdev->fw_dnld_v1_offset = 0; 770 nxpdev->fw_v1_sent_bytes = 0; 771 nxpdev->fw_v1_expected_len = HDR_LEN; 772 release_firmware(nxpdev->fw); 773 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 774 nxp_send_ack(NXP_ACK_V1, hdev); 775 } 776 777 free_skb: 778 kfree_skb(skb); 779 return 0; 780 } 781 782 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb) 783 { 784 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 785 struct btnxpuart_data *nxp_data = nxpdev->nxp_data; 786 struct v1_data_req *req; 787 __u16 len; 788 789 if (!process_boot_signature(nxpdev)) 790 goto free_skb; 791 792 req = skb_pull_data(skb, sizeof(*req)); 793 if (!req) 794 goto free_skb; 795 796 len = __le16_to_cpu(req->len ^ req->len_comp); 797 if (len != 0xffff) { 798 bt_dev_dbg(hdev, "ERR: Send NAK"); 799 nxp_send_ack(NXP_NAK_V1, hdev); 800 goto free_skb; 801 } 802 nxp_send_ack(NXP_ACK_V1, hdev); 803 804 len = __le16_to_cpu(req->len); 805 806 if (!nxp_data->helper_fw_name) { 807 if (!nxpdev->timeout_changed) { 808 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, 809 len); 810 goto free_skb; 811 } 812 if (!nxpdev->baudrate_changed) { 813 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, 814 len); 815 if (nxpdev->baudrate_changed) { 816 serdev_device_set_baudrate(nxpdev->serdev, 817 HCI_NXP_SEC_BAUDRATE); 818 serdev_device_set_flow_control(nxpdev->serdev, true); 819 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 820 } 821 goto free_skb; 822 } 823 } 824 825 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) { 826 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old)) 827 goto free_skb; 828 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 829 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL)) 830 goto free_skb; 831 } 832 833 if (!len) { 834 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 835 nxpdev->fw->size); 836 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 837 nxpdev->helper_downloaded = true; 838 serdev_device_wait_until_sent(nxpdev->serdev, 0); 839 serdev_device_set_baudrate(nxpdev->serdev, 840 HCI_NXP_SEC_BAUDRATE); 841 serdev_device_set_flow_control(nxpdev->serdev, true); 842 } else { 843 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 844 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 845 } 846 goto free_skb; 847 } 848 if (len & 0x01) { 849 /* The CRC did not match at the other end. 850 * Simply send the same bytes again. 851 */ 852 len = nxpdev->fw_v1_sent_bytes; 853 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len); 854 } else { 855 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes; 856 857 /* The FW bin file is made up of many blocks of 858 * 16 byte header and payload data chunks. If the 859 * FW has requested a header, read the payload length 860 * info from the header, before sending the header. 861 * In the next iteration, the FW should request the 862 * payload data chunk, which should be equal to the 863 * payload length read from header. If there is a 864 * mismatch, clearly the driver and FW are out of sync, 865 * and we need to re-send the previous header again. 866 */ 867 if (len == nxpdev->fw_v1_expected_len) { 868 if (len == HDR_LEN) 869 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data + 870 nxpdev->fw_dnld_v1_offset); 871 else 872 nxpdev->fw_v1_expected_len = HDR_LEN; 873 } else if (len == HDR_LEN) { 874 /* FW download out of sync. Send previous chunk again */ 875 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes; 876 nxpdev->fw_v1_expected_len = HDR_LEN; 877 } 878 } 879 880 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size) 881 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 882 nxpdev->fw_dnld_v1_offset, len); 883 nxpdev->fw_v1_sent_bytes = len; 884 885 free_skb: 886 kfree_skb(skb); 887 return 0; 888 } 889 890 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 891 u8 loader_ver) 892 { 893 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 894 char *fw_name = NULL; 895 896 switch (chipid) { 897 case CHIP_ID_W9098: 898 fw_name = FIRMWARE_W9098; 899 break; 900 case CHIP_ID_IW416: 901 fw_name = FIRMWARE_IW416; 902 break; 903 case CHIP_ID_IW612: 904 fw_name = FIRMWARE_IW612; 905 break; 906 case CHIP_ID_IW624a: 907 case CHIP_ID_IW624c: 908 nxpdev->boot_reg_offset = 1; 909 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 910 fw_name = FIRMWARE_IW624; 911 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 912 fw_name = FIRMWARE_SECURE_IW624; 913 else 914 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 915 break; 916 case CHIP_ID_AW693a0: 917 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 918 fw_name = FIRMWARE_AW693; 919 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 920 fw_name = FIRMWARE_SECURE_AW693; 921 else 922 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 923 break; 924 case CHIP_ID_AW693a1: 925 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 926 fw_name = FIRMWARE_AW693_A1; 927 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 928 fw_name = FIRMWARE_SECURE_AW693_A1; 929 else 930 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 931 break; 932 case CHIP_ID_IW615a0: 933 case CHIP_ID_IW615a1: 934 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 935 fw_name = FIRMWARE_IW615; 936 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 937 fw_name = FIRMWARE_SECURE_IW615; 938 else 939 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 940 break; 941 default: 942 bt_dev_err(hdev, "Unknown chip signature %04x", chipid); 943 break; 944 } 945 return fw_name; 946 } 947 948 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 949 u8 loader_ver) 950 { 951 char *fw_name_old = NULL; 952 953 switch (chipid) { 954 case CHIP_ID_W9098: 955 fw_name_old = FIRMWARE_W9098_OLD; 956 break; 957 } 958 return fw_name_old; 959 } 960 961 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb) 962 { 963 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req)); 964 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 965 const char *fw_name; 966 const char *fw_name_old; 967 u16 chip_id; 968 u8 loader_ver; 969 970 if (!process_boot_signature(nxpdev)) 971 goto free_skb; 972 973 chip_id = le16_to_cpu(req->chip_id); 974 loader_ver = req->loader_ver; 975 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver); 976 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver); 977 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver); 978 if (!nxp_request_firmware(hdev, fw_name, fw_name_old)) 979 nxp_send_ack(NXP_ACK_V3, hdev); 980 981 free_skb: 982 kfree_skb(skb); 983 return 0; 984 } 985 986 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req) 987 { 988 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 989 __u32 offset = __le32_to_cpu(req->offset); 990 __u16 err = __le16_to_cpu(req->error); 991 union nxp_v3_rx_timeout_nak_u nak_tx_buf; 992 993 switch (err) { 994 case NXP_ACK_RX_TIMEOUT: 995 case NXP_HDR_RX_TIMEOUT: 996 case NXP_DATA_RX_TIMEOUT: 997 nak_tx_buf.pkt.nak = NXP_NAK_V3; 998 nak_tx_buf.pkt.offset = __cpu_to_le32(offset); 999 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf, 1000 sizeof(nak_tx_buf) - 1, 0xff); 1001 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf, 1002 sizeof(nak_tx_buf)); 1003 break; 1004 default: 1005 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err); 1006 break; 1007 1008 } 1009 1010 } 1011 1012 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb) 1013 { 1014 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1015 struct v3_data_req *req; 1016 __u16 len; 1017 __u32 offset; 1018 1019 if (!process_boot_signature(nxpdev)) 1020 goto free_skb; 1021 1022 req = skb_pull_data(skb, sizeof(*req)); 1023 if (!req || !nxpdev->fw) 1024 goto free_skb; 1025 1026 if (!req->error) { 1027 nxp_send_ack(NXP_ACK_V3, hdev); 1028 } else { 1029 nxp_handle_fw_download_error(hdev, req); 1030 goto free_skb; 1031 } 1032 1033 len = __le16_to_cpu(req->len); 1034 1035 if (!nxpdev->timeout_changed) { 1036 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len); 1037 goto free_skb; 1038 } 1039 1040 if (!nxpdev->baudrate_changed) { 1041 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len); 1042 if (nxpdev->baudrate_changed) { 1043 serdev_device_set_baudrate(nxpdev->serdev, 1044 HCI_NXP_SEC_BAUDRATE); 1045 serdev_device_set_flow_control(nxpdev->serdev, true); 1046 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 1047 } 1048 goto free_skb; 1049 } 1050 1051 if (req->len == 0) { 1052 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 1053 nxpdev->fw->size); 1054 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1055 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1056 goto free_skb; 1057 } 1058 1059 offset = __le32_to_cpu(req->offset); 1060 if (offset < nxpdev->fw_v3_offset_correction) { 1061 /* This scenario should ideally never occur. But if it ever does, 1062 * FW is out of sync and needs a power cycle. 1063 */ 1064 bt_dev_err(hdev, "Something went wrong during FW download"); 1065 bt_dev_err(hdev, "Please power cycle and try again"); 1066 goto free_skb; 1067 } 1068 1069 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction; 1070 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1071 nxpdev->fw_dnld_v3_offset, len); 1072 1073 free_skb: 1074 kfree_skb(skb); 1075 return 0; 1076 } 1077 1078 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data) 1079 { 1080 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1081 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate); 1082 struct ps_data *psdata = &nxpdev->psdata; 1083 struct sk_buff *skb; 1084 u8 *status; 1085 1086 if (!psdata) 1087 return 0; 1088 1089 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate); 1090 if (IS_ERR(skb)) { 1091 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb)); 1092 return PTR_ERR(skb); 1093 } 1094 1095 status = (u8 *)skb_pull_data(skb, 1); 1096 if (status) { 1097 if (*status == 0) { 1098 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate); 1099 nxpdev->current_baudrate = nxpdev->new_baudrate; 1100 } 1101 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d", 1102 *status, nxpdev->new_baudrate); 1103 } 1104 kfree_skb(skb); 1105 1106 return 0; 1107 } 1108 1109 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev) 1110 { 1111 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 1112 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1113 serdev_device_set_flow_control(nxpdev->serdev, false); 1114 else 1115 serdev_device_set_flow_control(nxpdev->serdev, true); 1116 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 1117 1118 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q, 1119 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, 1120 &nxpdev->tx_state), 1121 msecs_to_jiffies(1000)); 1122 } 1123 1124 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data) 1125 { 1126 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR, 1127 0x01, BTNXPUART_IR_HW_ERR }; 1128 struct sk_buff *skb; 1129 1130 skb = bt_skb_alloc(3, GFP_ATOMIC); 1131 if (!skb) 1132 return -ENOMEM; 1133 1134 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1135 skb_put_data(skb, ir_hw_err, 3); 1136 1137 /* Inject Hardware Error to upper stack */ 1138 return hci_recv_frame(hdev, skb); 1139 } 1140 1141 /* NXP protocol */ 1142 static int nxp_setup(struct hci_dev *hdev) 1143 { 1144 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1145 int err = 0; 1146 1147 if (nxp_check_boot_sign(nxpdev)) { 1148 bt_dev_dbg(hdev, "Need FW Download."); 1149 err = nxp_download_firmware(hdev); 1150 if (err < 0) 1151 return err; 1152 } else { 1153 bt_dev_info(hdev, "FW already running."); 1154 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1155 } 1156 1157 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate); 1158 nxpdev->current_baudrate = nxpdev->fw_init_baudrate; 1159 1160 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) { 1161 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE; 1162 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1163 } 1164 1165 ps_init(hdev); 1166 1167 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1168 hci_dev_clear_flag(hdev, HCI_SETUP); 1169 1170 return 0; 1171 } 1172 1173 static void nxp_hw_err(struct hci_dev *hdev, u8 code) 1174 { 1175 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1176 1177 switch (code) { 1178 case BTNXPUART_IR_HW_ERR: 1179 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 1180 hci_dev_set_flag(hdev, HCI_SETUP); 1181 break; 1182 default: 1183 break; 1184 } 1185 } 1186 1187 static int nxp_shutdown(struct hci_dev *hdev) 1188 { 1189 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1190 struct sk_buff *skb; 1191 u8 *status; 1192 u8 pcmd = 0; 1193 1194 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) { 1195 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd); 1196 if (IS_ERR(skb)) 1197 return PTR_ERR(skb); 1198 1199 status = skb_pull_data(skb, 1); 1200 if (status) { 1201 serdev_device_set_flow_control(nxpdev->serdev, false); 1202 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1203 } 1204 kfree_skb(skb); 1205 } 1206 1207 return 0; 1208 } 1209 1210 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb) 1211 { 1212 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1213 1214 /* Prepend skb with frame type */ 1215 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1216 skb_queue_tail(&nxpdev->txq, skb); 1217 btnxpuart_tx_wakeup(nxpdev); 1218 return 0; 1219 } 1220 1221 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb) 1222 { 1223 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1224 struct ps_data *psdata = &nxpdev->psdata; 1225 struct hci_command_hdr *hdr; 1226 struct psmode_cmd_payload ps_parm; 1227 struct wakeup_cmd_payload wakeup_parm; 1228 __le32 baudrate_parm; 1229 1230 /* if vendor commands are received from user space (e.g. hcitool), update 1231 * driver flags accordingly and ask driver to re-send the command to FW. 1232 * In case the payload for any command does not match expected payload 1233 * length, let the firmware and user space program handle it, or throw 1234 * an error. 1235 */ 1236 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) { 1237 hdr = (struct hci_command_hdr *)skb->data; 1238 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE)) 1239 return btnxpuart_queue_skb(hdev, skb); 1240 1241 switch (__le16_to_cpu(hdr->opcode)) { 1242 case HCI_NXP_AUTO_SLEEP_MODE: 1243 if (hdr->plen == sizeof(ps_parm)) { 1244 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1245 if (ps_parm.ps_cmd == BT_PS_ENABLE) 1246 psdata->target_ps_mode = PS_MODE_ENABLE; 1247 else if (ps_parm.ps_cmd == BT_PS_DISABLE) 1248 psdata->target_ps_mode = PS_MODE_DISABLE; 1249 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval); 1250 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 1251 goto free_skb; 1252 } 1253 break; 1254 case HCI_NXP_WAKEUP_METHOD: 1255 if (hdr->plen == sizeof(wakeup_parm)) { 1256 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1257 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode; 1258 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio; 1259 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio; 1260 switch (wakeup_parm.h2c_wakeupmode) { 1261 case BT_CTRL_WAKEUP_METHOD_DSR: 1262 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 1263 break; 1264 case BT_CTRL_WAKEUP_METHOD_BREAK: 1265 default: 1266 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 1267 break; 1268 } 1269 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 1270 goto free_skb; 1271 } 1272 break; 1273 case HCI_NXP_SET_OPER_SPEED: 1274 if (hdr->plen == sizeof(baudrate_parm)) { 1275 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1276 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm); 1277 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1278 goto free_skb; 1279 } 1280 break; 1281 case HCI_NXP_IND_RESET: 1282 if (hdr->plen == 1) { 1283 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL); 1284 goto free_skb; 1285 } 1286 break; 1287 default: 1288 break; 1289 } 1290 } 1291 1292 return btnxpuart_queue_skb(hdev, skb); 1293 1294 free_skb: 1295 kfree_skb(skb); 1296 return 0; 1297 } 1298 1299 static struct sk_buff *nxp_dequeue(void *data) 1300 { 1301 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data; 1302 1303 ps_start_timer(nxpdev); 1304 return skb_dequeue(&nxpdev->txq); 1305 } 1306 1307 /* btnxpuart based on serdev */ 1308 static void btnxpuart_tx_work(struct work_struct *work) 1309 { 1310 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev, 1311 tx_work); 1312 struct serdev_device *serdev = nxpdev->serdev; 1313 struct hci_dev *hdev = nxpdev->hdev; 1314 struct sk_buff *skb; 1315 int len; 1316 1317 if (ps_wakeup(nxpdev)) 1318 return; 1319 1320 while ((skb = nxp_dequeue(nxpdev))) { 1321 len = serdev_device_write_buf(serdev, skb->data, skb->len); 1322 hdev->stat.byte_tx += len; 1323 1324 skb_pull(skb, len); 1325 if (skb->len > 0) { 1326 skb_queue_head(&nxpdev->txq, skb); 1327 break; 1328 } 1329 1330 switch (hci_skb_pkt_type(skb)) { 1331 case HCI_COMMAND_PKT: 1332 hdev->stat.cmd_tx++; 1333 break; 1334 case HCI_ACLDATA_PKT: 1335 hdev->stat.acl_tx++; 1336 break; 1337 case HCI_SCODATA_PKT: 1338 hdev->stat.sco_tx++; 1339 break; 1340 } 1341 1342 kfree_skb(skb); 1343 } 1344 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 1345 } 1346 1347 static int btnxpuart_open(struct hci_dev *hdev) 1348 { 1349 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1350 int err = 0; 1351 1352 err = serdev_device_open(nxpdev->serdev); 1353 if (err) { 1354 bt_dev_err(hdev, "Unable to open UART device %s", 1355 dev_name(&nxpdev->serdev->dev)); 1356 } else { 1357 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1358 } 1359 return err; 1360 } 1361 1362 static int btnxpuart_close(struct hci_dev *hdev) 1363 { 1364 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1365 1366 ps_wakeup(nxpdev); 1367 serdev_device_close(nxpdev->serdev); 1368 skb_queue_purge(&nxpdev->txq); 1369 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1370 kfree_skb(nxpdev->rx_skb); 1371 nxpdev->rx_skb = NULL; 1372 } 1373 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1374 return 0; 1375 } 1376 1377 static int btnxpuart_flush(struct hci_dev *hdev) 1378 { 1379 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1380 1381 /* Flush any pending characters */ 1382 serdev_device_write_flush(nxpdev->serdev); 1383 skb_queue_purge(&nxpdev->txq); 1384 1385 cancel_work_sync(&nxpdev->tx_work); 1386 1387 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1388 kfree_skb(nxpdev->rx_skb); 1389 nxpdev->rx_skb = NULL; 1390 } 1391 1392 return 0; 1393 } 1394 1395 static const struct h4_recv_pkt nxp_recv_pkts[] = { 1396 { H4_RECV_ACL, .recv = hci_recv_frame }, 1397 { H4_RECV_SCO, .recv = hci_recv_frame }, 1398 { H4_RECV_EVENT, .recv = hci_recv_frame }, 1399 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 }, 1400 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 }, 1401 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 }, 1402 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 }, 1403 }; 1404 1405 static size_t btnxpuart_receive_buf(struct serdev_device *serdev, 1406 const u8 *data, size_t count) 1407 { 1408 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1409 1410 ps_start_timer(nxpdev); 1411 1412 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count, 1413 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts)); 1414 if (IS_ERR(nxpdev->rx_skb)) { 1415 int err = PTR_ERR(nxpdev->rx_skb); 1416 /* Safe to ignore out-of-sync bootloader signatures */ 1417 if (!is_fw_downloading(nxpdev)) 1418 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1419 return count; 1420 } 1421 if (!is_fw_downloading(nxpdev)) 1422 nxpdev->hdev->stat.byte_rx += count; 1423 return count; 1424 } 1425 1426 static void btnxpuart_write_wakeup(struct serdev_device *serdev) 1427 { 1428 serdev_device_write_wakeup(serdev); 1429 } 1430 1431 static const struct serdev_device_ops btnxpuart_client_ops = { 1432 .receive_buf = btnxpuart_receive_buf, 1433 .write_wakeup = btnxpuart_write_wakeup, 1434 }; 1435 1436 static int nxp_serdev_probe(struct serdev_device *serdev) 1437 { 1438 struct hci_dev *hdev; 1439 struct btnxpuart_dev *nxpdev; 1440 1441 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL); 1442 if (!nxpdev) 1443 return -ENOMEM; 1444 1445 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev); 1446 1447 nxpdev->serdev = serdev; 1448 serdev_device_set_drvdata(serdev, nxpdev); 1449 1450 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops); 1451 1452 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work); 1453 skb_queue_head_init(&nxpdev->txq); 1454 1455 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q); 1456 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q); 1457 1458 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate", 1459 &nxpdev->fw_init_baudrate); 1460 if (!nxpdev->fw_init_baudrate) 1461 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE; 1462 1463 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1464 1465 crc8_populate_msb(crc8_table, POLYNOMIAL8); 1466 1467 /* Initialize and register HCI device */ 1468 hdev = hci_alloc_dev(); 1469 if (!hdev) { 1470 dev_err(&serdev->dev, "Can't allocate HCI device\n"); 1471 return -ENOMEM; 1472 } 1473 1474 nxpdev->hdev = hdev; 1475 1476 hdev->bus = HCI_UART; 1477 hci_set_drvdata(hdev, nxpdev); 1478 1479 hdev->manufacturer = MANUFACTURER_NXP; 1480 hdev->open = btnxpuart_open; 1481 hdev->close = btnxpuart_close; 1482 hdev->flush = btnxpuart_flush; 1483 hdev->setup = nxp_setup; 1484 hdev->send = nxp_enqueue; 1485 hdev->hw_error = nxp_hw_err; 1486 hdev->shutdown = nxp_shutdown; 1487 SET_HCIDEV_DEV(hdev, &serdev->dev); 1488 1489 if (hci_register_dev(hdev) < 0) { 1490 dev_err(&serdev->dev, "Can't register HCI device\n"); 1491 hci_free_dev(hdev); 1492 return -ENODEV; 1493 } 1494 1495 ps_setup(hdev); 1496 1497 return 0; 1498 } 1499 1500 static void nxp_serdev_remove(struct serdev_device *serdev) 1501 { 1502 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1503 struct hci_dev *hdev = nxpdev->hdev; 1504 1505 if (is_fw_downloading(nxpdev)) { 1506 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state); 1507 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1508 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 1509 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1510 } else { 1511 /* Restore FW baudrate to fw_init_baudrate if changed. 1512 * This will ensure FW baudrate is in sync with 1513 * driver baudrate in case this driver is re-inserted. 1514 */ 1515 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) { 1516 nxpdev->new_baudrate = nxpdev->fw_init_baudrate; 1517 nxp_set_baudrate_cmd(hdev, NULL); 1518 } 1519 ps_cancel_timer(nxpdev); 1520 } 1521 hci_unregister_dev(hdev); 1522 hci_free_dev(hdev); 1523 } 1524 1525 #ifdef CONFIG_PM_SLEEP 1526 static int nxp_serdev_suspend(struct device *dev) 1527 { 1528 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1529 struct ps_data *psdata = &nxpdev->psdata; 1530 1531 ps_control(psdata->hdev, PS_STATE_SLEEP); 1532 return 0; 1533 } 1534 1535 static int nxp_serdev_resume(struct device *dev) 1536 { 1537 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1538 struct ps_data *psdata = &nxpdev->psdata; 1539 1540 ps_control(psdata->hdev, PS_STATE_AWAKE); 1541 return 0; 1542 } 1543 #endif 1544 1545 static struct btnxpuart_data w8987_data __maybe_unused = { 1546 .helper_fw_name = NULL, 1547 .fw_name = FIRMWARE_W8987, 1548 .fw_name_old = FIRMWARE_W8987_OLD, 1549 }; 1550 1551 static struct btnxpuart_data w8997_data __maybe_unused = { 1552 .helper_fw_name = FIRMWARE_HELPER, 1553 .fw_name = FIRMWARE_W8997, 1554 .fw_name_old = FIRMWARE_W8997_OLD, 1555 }; 1556 1557 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = { 1558 { .compatible = "nxp,88w8987-bt", .data = &w8987_data }, 1559 { .compatible = "nxp,88w8997-bt", .data = &w8997_data }, 1560 { } 1561 }; 1562 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table); 1563 1564 static const struct dev_pm_ops nxp_pm_ops = { 1565 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume) 1566 }; 1567 1568 static struct serdev_device_driver nxp_serdev_driver = { 1569 .probe = nxp_serdev_probe, 1570 .remove = nxp_serdev_remove, 1571 .driver = { 1572 .name = "btnxpuart", 1573 .of_match_table = of_match_ptr(nxpuart_of_match_table), 1574 .pm = &nxp_pm_ops, 1575 }, 1576 }; 1577 1578 module_serdev_device_driver(nxp_serdev_driver); 1579 1580 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>"); 1581 MODULE_DESCRIPTION("NXP Bluetooth Serial driver"); 1582 MODULE_LICENSE("GPL"); 1583