xref: /linux/drivers/bluetooth/btnxpuart.c (revision 7c7e33b799ac169e5fab8abfc6819fce8b26d53d)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  NXP Bluetooth driver
4  *  Copyright 2023 NXP
5  */
6 
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9 
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <asm/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19 
20 #include <net/bluetooth/bluetooth.h>
21 #include <net/bluetooth/hci_core.h>
22 
23 #include "h4_recv.h"
24 
25 #define MANUFACTURER_NXP		37
26 
27 #define BTNXPUART_TX_STATE_ACTIVE	1
28 #define BTNXPUART_FW_DOWNLOADING	2
29 #define BTNXPUART_CHECK_BOOT_SIGNATURE	3
30 #define BTNXPUART_SERDEV_OPEN		4
31 
32 #define FIRMWARE_W8987	"nxp/uartuart8987_bt.bin"
33 #define FIRMWARE_W8997	"nxp/uartuart8997_bt_v4.bin"
34 #define FIRMWARE_W9098	"nxp/uartuart9098_bt_v1.bin"
35 #define FIRMWARE_IW416	"nxp/uartiw416_bt_v0.bin"
36 #define FIRMWARE_IW612	"nxp/uartspi_n61x_v1.bin.se"
37 #define FIRMWARE_HELPER	"nxp/helper_uart_3000000.bin"
38 
39 #define CHIP_ID_W9098		0x5c03
40 #define CHIP_ID_IW416		0x7201
41 #define CHIP_ID_IW612		0x7601
42 
43 #define HCI_NXP_PRI_BAUDRATE	115200
44 #define HCI_NXP_SEC_BAUDRATE	3000000
45 
46 #define MAX_FW_FILE_NAME_LEN    50
47 
48 /* Default ps timeout period in milliseconds */
49 #define PS_DEFAULT_TIMEOUT_PERIOD_MS     2000
50 
51 /* wakeup methods */
52 #define WAKEUP_METHOD_DTR       0
53 #define WAKEUP_METHOD_BREAK     1
54 #define WAKEUP_METHOD_EXT_BREAK 2
55 #define WAKEUP_METHOD_RTS       3
56 #define WAKEUP_METHOD_INVALID   0xff
57 
58 /* power save mode status */
59 #define PS_MODE_DISABLE         0
60 #define PS_MODE_ENABLE          1
61 
62 /* Power Save Commands to ps_work_func  */
63 #define PS_CMD_EXIT_PS          1
64 #define PS_CMD_ENTER_PS         2
65 
66 /* power save state */
67 #define PS_STATE_AWAKE          0
68 #define PS_STATE_SLEEP          1
69 
70 /* Bluetooth vendor command : Sleep mode */
71 #define HCI_NXP_AUTO_SLEEP_MODE	0xfc23
72 /* Bluetooth vendor command : Wakeup method */
73 #define HCI_NXP_WAKEUP_METHOD	0xfc53
74 /* Bluetooth vendor command : Set operational baudrate */
75 #define HCI_NXP_SET_OPER_SPEED	0xfc09
76 /* Bluetooth vendor command: Independent Reset */
77 #define HCI_NXP_IND_RESET	0xfcfc
78 
79 /* Bluetooth Power State : Vendor cmd params */
80 #define BT_PS_ENABLE			0x02
81 #define BT_PS_DISABLE			0x03
82 
83 /* Bluetooth Host Wakeup Methods */
84 #define BT_HOST_WAKEUP_METHOD_NONE      0x00
85 #define BT_HOST_WAKEUP_METHOD_DTR       0x01
86 #define BT_HOST_WAKEUP_METHOD_BREAK     0x02
87 #define BT_HOST_WAKEUP_METHOD_GPIO      0x03
88 
89 /* Bluetooth Chip Wakeup Methods */
90 #define BT_CTRL_WAKEUP_METHOD_DSR       0x00
91 #define BT_CTRL_WAKEUP_METHOD_BREAK     0x01
92 #define BT_CTRL_WAKEUP_METHOD_GPIO      0x02
93 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
94 #define BT_CTRL_WAKEUP_METHOD_RTS       0x05
95 
96 struct ps_data {
97 	u8    target_ps_mode;	/* ps mode to be set */
98 	u8    cur_psmode;	/* current ps_mode */
99 	u8    ps_state;		/* controller's power save state */
100 	u8    ps_cmd;
101 	u8    h2c_wakeupmode;
102 	u8    cur_h2c_wakeupmode;
103 	u8    c2h_wakeupmode;
104 	u8    c2h_wakeup_gpio;
105 	u8    h2c_wakeup_gpio;
106 	bool  driver_sent_cmd;
107 	u16   h2c_ps_interval;
108 	u16   c2h_ps_interval;
109 	struct hci_dev *hdev;
110 	struct work_struct work;
111 	struct timer_list ps_timer;
112 };
113 
114 struct wakeup_cmd_payload {
115 	u8 c2h_wakeupmode;
116 	u8 c2h_wakeup_gpio;
117 	u8 h2c_wakeupmode;
118 	u8 h2c_wakeup_gpio;
119 } __packed;
120 
121 struct psmode_cmd_payload {
122 	u8 ps_cmd;
123 	__le16 c2h_ps_interval;
124 } __packed;
125 
126 struct btnxpuart_data {
127 	const char *helper_fw_name;
128 	const char *fw_name;
129 };
130 
131 struct btnxpuart_dev {
132 	struct hci_dev *hdev;
133 	struct serdev_device *serdev;
134 
135 	struct work_struct tx_work;
136 	unsigned long tx_state;
137 	struct sk_buff_head txq;
138 	struct sk_buff *rx_skb;
139 
140 	const struct firmware *fw;
141 	u8 fw_name[MAX_FW_FILE_NAME_LEN];
142 	u32 fw_dnld_v1_offset;
143 	u32 fw_v1_sent_bytes;
144 	u32 fw_v3_offset_correction;
145 	u32 fw_v1_expected_len;
146 	wait_queue_head_t fw_dnld_done_wait_q;
147 	wait_queue_head_t check_boot_sign_wait_q;
148 
149 	u32 new_baudrate;
150 	u32 current_baudrate;
151 	u32 fw_init_baudrate;
152 	bool timeout_changed;
153 	bool baudrate_changed;
154 	bool helper_downloaded;
155 
156 	struct ps_data psdata;
157 	struct btnxpuart_data *nxp_data;
158 };
159 
160 #define NXP_V1_FW_REQ_PKT	0xa5
161 #define NXP_V1_CHIP_VER_PKT	0xaa
162 #define NXP_V3_FW_REQ_PKT	0xa7
163 #define NXP_V3_CHIP_VER_PKT	0xab
164 
165 #define NXP_ACK_V1		0x5a
166 #define NXP_NAK_V1		0xbf
167 #define NXP_ACK_V3		0x7a
168 #define NXP_NAK_V3		0x7b
169 #define NXP_CRC_ERROR_V3	0x7c
170 
171 #define HDR_LEN			16
172 
173 #define NXP_RECV_CHIP_VER_V1 \
174 	.type = NXP_V1_CHIP_VER_PKT, \
175 	.hlen = 4, \
176 	.loff = 0, \
177 	.lsize = 0, \
178 	.maxlen = 4
179 
180 #define NXP_RECV_FW_REQ_V1 \
181 	.type = NXP_V1_FW_REQ_PKT, \
182 	.hlen = 4, \
183 	.loff = 0, \
184 	.lsize = 0, \
185 	.maxlen = 4
186 
187 #define NXP_RECV_CHIP_VER_V3 \
188 	.type = NXP_V3_CHIP_VER_PKT, \
189 	.hlen = 4, \
190 	.loff = 0, \
191 	.lsize = 0, \
192 	.maxlen = 4
193 
194 #define NXP_RECV_FW_REQ_V3 \
195 	.type = NXP_V3_FW_REQ_PKT, \
196 	.hlen = 9, \
197 	.loff = 0, \
198 	.lsize = 0, \
199 	.maxlen = 9
200 
201 struct v1_data_req {
202 	__le16 len;
203 	__le16 len_comp;
204 } __packed;
205 
206 struct v1_start_ind {
207 	__le16 chip_id;
208 	__le16 chip_id_comp;
209 } __packed;
210 
211 struct v3_data_req {
212 	__le16 len;
213 	__le32 offset;
214 	__le16 error;
215 	u8 crc;
216 } __packed;
217 
218 struct v3_start_ind {
219 	__le16 chip_id;
220 	u8 loader_ver;
221 	u8 crc;
222 } __packed;
223 
224 /* UART register addresses of BT chip */
225 #define CLKDIVADDR	0x7f00008f
226 #define UARTDIVADDR	0x7f000090
227 #define UARTMCRADDR	0x7f000091
228 #define UARTREINITADDR	0x7f000092
229 #define UARTICRADDR	0x7f000093
230 #define UARTFCRADDR	0x7f000094
231 
232 #define MCR		0x00000022
233 #define INIT		0x00000001
234 #define ICR		0x000000c7
235 #define FCR		0x000000c7
236 
237 #define POLYNOMIAL8	0x07
238 
239 struct uart_reg {
240 	__le32 address;
241 	__le32 value;
242 } __packed;
243 
244 struct uart_config {
245 	struct uart_reg clkdiv;
246 	struct uart_reg uartdiv;
247 	struct uart_reg mcr;
248 	struct uart_reg re_init;
249 	struct uart_reg icr;
250 	struct uart_reg fcr;
251 	__be32 crc;
252 } __packed;
253 
254 struct nxp_bootloader_cmd {
255 	__le32 header;
256 	__le32 arg;
257 	__le32 payload_len;
258 	__be32 crc;
259 } __packed;
260 
261 static u8 crc8_table[CRC8_TABLE_SIZE];
262 
263 /* Default configurations */
264 #define DEFAULT_H2C_WAKEUP_MODE	WAKEUP_METHOD_BREAK
265 #define DEFAULT_PS_MODE		PS_MODE_DISABLE
266 #define FW_INIT_BAUDRATE	HCI_NXP_PRI_BAUDRATE
267 
268 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
269 					u32 plen,
270 					void *param)
271 {
272 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
273 	struct ps_data *psdata = &nxpdev->psdata;
274 	struct sk_buff *skb;
275 
276 	/* set flag to prevent nxp_enqueue from parsing values from this command and
277 	 * calling hci_cmd_sync_queue() again.
278 	 */
279 	psdata->driver_sent_cmd = true;
280 	skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
281 	psdata->driver_sent_cmd = false;
282 
283 	return skb;
284 }
285 
286 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
287 {
288 	if (schedule_work(&nxpdev->tx_work))
289 		set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
290 }
291 
292 /* NXP Power Save Feature */
293 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
294 {
295 	struct ps_data *psdata = &nxpdev->psdata;
296 
297 	if (!psdata)
298 		return;
299 
300 	if (psdata->cur_psmode == PS_MODE_ENABLE)
301 		mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
302 }
303 
304 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
305 {
306 	struct ps_data *psdata = &nxpdev->psdata;
307 
308 	flush_work(&psdata->work);
309 	del_timer_sync(&psdata->ps_timer);
310 }
311 
312 static void ps_control(struct hci_dev *hdev, u8 ps_state)
313 {
314 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
315 	struct ps_data *psdata = &nxpdev->psdata;
316 	int status;
317 
318 	if (psdata->ps_state == ps_state ||
319 	    !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
320 		return;
321 
322 	switch (psdata->cur_h2c_wakeupmode) {
323 	case WAKEUP_METHOD_DTR:
324 		if (ps_state == PS_STATE_AWAKE)
325 			status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
326 		else
327 			status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
328 		break;
329 	case WAKEUP_METHOD_BREAK:
330 	default:
331 		if (ps_state == PS_STATE_AWAKE)
332 			status = serdev_device_break_ctl(nxpdev->serdev, 0);
333 		else
334 			status = serdev_device_break_ctl(nxpdev->serdev, -1);
335 		bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
336 			   str_on_off(ps_state == PS_STATE_SLEEP), status);
337 		break;
338 	}
339 	if (!status)
340 		psdata->ps_state = ps_state;
341 	if (ps_state == PS_STATE_AWAKE)
342 		btnxpuart_tx_wakeup(nxpdev);
343 }
344 
345 static void ps_work_func(struct work_struct *work)
346 {
347 	struct ps_data *data = container_of(work, struct ps_data, work);
348 
349 	if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
350 		ps_control(data->hdev, PS_STATE_SLEEP);
351 	else if (data->ps_cmd == PS_CMD_EXIT_PS)
352 		ps_control(data->hdev, PS_STATE_AWAKE);
353 }
354 
355 static void ps_timeout_func(struct timer_list *t)
356 {
357 	struct ps_data *data = from_timer(data, t, ps_timer);
358 	struct hci_dev *hdev = data->hdev;
359 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
360 
361 	if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
362 		ps_start_timer(nxpdev);
363 	} else {
364 		data->ps_cmd = PS_CMD_ENTER_PS;
365 		schedule_work(&data->work);
366 	}
367 }
368 
369 static int ps_init_work(struct hci_dev *hdev)
370 {
371 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
372 	struct ps_data *psdata = &nxpdev->psdata;
373 
374 	psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
375 	psdata->ps_state = PS_STATE_AWAKE;
376 	psdata->target_ps_mode = DEFAULT_PS_MODE;
377 	psdata->hdev = hdev;
378 	psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
379 	psdata->c2h_wakeup_gpio = 0xff;
380 
381 	switch (DEFAULT_H2C_WAKEUP_MODE) {
382 	case WAKEUP_METHOD_DTR:
383 		psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
384 		break;
385 	case WAKEUP_METHOD_BREAK:
386 	default:
387 		psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
388 		break;
389 	}
390 	psdata->cur_psmode = PS_MODE_DISABLE;
391 	psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
392 	INIT_WORK(&psdata->work, ps_work_func);
393 
394 	return 0;
395 }
396 
397 static void ps_init_timer(struct hci_dev *hdev)
398 {
399 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
400 	struct ps_data *psdata = &nxpdev->psdata;
401 
402 	timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
403 }
404 
405 static void ps_wakeup(struct btnxpuart_dev *nxpdev)
406 {
407 	struct ps_data *psdata = &nxpdev->psdata;
408 
409 	if (psdata->ps_state != PS_STATE_AWAKE) {
410 		psdata->ps_cmd = PS_CMD_EXIT_PS;
411 		schedule_work(&psdata->work);
412 	}
413 }
414 
415 static int send_ps_cmd(struct hci_dev *hdev, void *data)
416 {
417 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
418 	struct ps_data *psdata = &nxpdev->psdata;
419 	struct psmode_cmd_payload pcmd;
420 	struct sk_buff *skb;
421 	u8 *status;
422 
423 	if (psdata->target_ps_mode == PS_MODE_ENABLE)
424 		pcmd.ps_cmd = BT_PS_ENABLE;
425 	else
426 		pcmd.ps_cmd = BT_PS_DISABLE;
427 	pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
428 
429 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
430 	if (IS_ERR(skb)) {
431 		bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
432 		return PTR_ERR(skb);
433 	}
434 
435 	status = skb_pull_data(skb, 1);
436 	if (status) {
437 		if (!*status)
438 			psdata->cur_psmode = psdata->target_ps_mode;
439 		else
440 			psdata->target_ps_mode = psdata->cur_psmode;
441 		if (psdata->cur_psmode == PS_MODE_ENABLE)
442 			ps_start_timer(nxpdev);
443 		else
444 			ps_wakeup(nxpdev);
445 		bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
446 			   *status, psdata->cur_psmode);
447 	}
448 	kfree_skb(skb);
449 
450 	return 0;
451 }
452 
453 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
454 {
455 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
456 	struct ps_data *psdata = &nxpdev->psdata;
457 	struct wakeup_cmd_payload pcmd;
458 	struct sk_buff *skb;
459 	u8 *status;
460 
461 	pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
462 	pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
463 	switch (psdata->h2c_wakeupmode) {
464 	case WAKEUP_METHOD_DTR:
465 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
466 		break;
467 	case WAKEUP_METHOD_BREAK:
468 	default:
469 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
470 		break;
471 	}
472 	pcmd.h2c_wakeup_gpio = 0xff;
473 
474 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
475 	if (IS_ERR(skb)) {
476 		bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
477 		return PTR_ERR(skb);
478 	}
479 
480 	status = skb_pull_data(skb, 1);
481 	if (status) {
482 		if (*status == 0)
483 			psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
484 		else
485 			psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
486 		bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
487 			   *status, psdata->cur_h2c_wakeupmode);
488 	}
489 	kfree_skb(skb);
490 
491 	return 0;
492 }
493 
494 static void ps_init(struct hci_dev *hdev)
495 {
496 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
497 	struct ps_data *psdata = &nxpdev->psdata;
498 
499 	serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
500 	usleep_range(5000, 10000);
501 	serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
502 	usleep_range(5000, 10000);
503 
504 	switch (psdata->h2c_wakeupmode) {
505 	case WAKEUP_METHOD_DTR:
506 		serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
507 		serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
508 		break;
509 	case WAKEUP_METHOD_BREAK:
510 	default:
511 		serdev_device_break_ctl(nxpdev->serdev, -1);
512 		usleep_range(5000, 10000);
513 		serdev_device_break_ctl(nxpdev->serdev, 0);
514 		usleep_range(5000, 10000);
515 		break;
516 	}
517 	if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
518 		hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
519 	if (psdata->cur_psmode != psdata->target_ps_mode)
520 		hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
521 }
522 
523 /* NXP Firmware Download Feature */
524 static int nxp_download_firmware(struct hci_dev *hdev)
525 {
526 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
527 	int err = 0;
528 
529 	nxpdev->fw_dnld_v1_offset = 0;
530 	nxpdev->fw_v1_sent_bytes = 0;
531 	nxpdev->fw_v1_expected_len = HDR_LEN;
532 	nxpdev->fw_v3_offset_correction = 0;
533 	nxpdev->baudrate_changed = false;
534 	nxpdev->timeout_changed = false;
535 	nxpdev->helper_downloaded = false;
536 
537 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
538 	serdev_device_set_flow_control(nxpdev->serdev, false);
539 	nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
540 
541 	/* Wait till FW is downloaded and CTS becomes low */
542 	err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
543 					       !test_bit(BTNXPUART_FW_DOWNLOADING,
544 							 &nxpdev->tx_state),
545 					       msecs_to_jiffies(60000));
546 	if (err == 0) {
547 		bt_dev_err(hdev, "FW Download Timeout.");
548 		return -ETIMEDOUT;
549 	}
550 
551 	serdev_device_set_flow_control(nxpdev->serdev, true);
552 	err = serdev_device_wait_for_cts(nxpdev->serdev, 1, 60000);
553 	if (err < 0) {
554 		bt_dev_err(hdev, "CTS is still high. FW Download failed.");
555 		return err;
556 	}
557 	release_firmware(nxpdev->fw);
558 	memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
559 
560 	/* Allow the downloaded FW to initialize */
561 	usleep_range(800 * USEC_PER_MSEC, 1 * USEC_PER_SEC);
562 
563 	return 0;
564 }
565 
566 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
567 {
568 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
569 	u8 ack_nak[2];
570 	int len = 1;
571 
572 	ack_nak[0] = ack;
573 	if (ack == NXP_ACK_V3) {
574 		ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
575 		len = 2;
576 	}
577 	serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
578 }
579 
580 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
581 {
582 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
583 	struct nxp_bootloader_cmd nxp_cmd5;
584 	struct uart_config uart_config;
585 
586 	if (req_len == sizeof(nxp_cmd5)) {
587 		nxp_cmd5.header = __cpu_to_le32(5);
588 		nxp_cmd5.arg = 0;
589 		nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
590 		/* FW expects swapped CRC bytes */
591 		nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
592 						      sizeof(nxp_cmd5) - 4));
593 
594 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
595 		nxpdev->fw_v3_offset_correction += req_len;
596 	} else if (req_len == sizeof(uart_config)) {
597 		uart_config.clkdiv.address = __cpu_to_le32(CLKDIVADDR);
598 		uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
599 		uart_config.uartdiv.address = __cpu_to_le32(UARTDIVADDR);
600 		uart_config.uartdiv.value = __cpu_to_le32(1);
601 		uart_config.mcr.address = __cpu_to_le32(UARTMCRADDR);
602 		uart_config.mcr.value = __cpu_to_le32(MCR);
603 		uart_config.re_init.address = __cpu_to_le32(UARTREINITADDR);
604 		uart_config.re_init.value = __cpu_to_le32(INIT);
605 		uart_config.icr.address = __cpu_to_le32(UARTICRADDR);
606 		uart_config.icr.value = __cpu_to_le32(ICR);
607 		uart_config.fcr.address = __cpu_to_le32(UARTFCRADDR);
608 		uart_config.fcr.value = __cpu_to_le32(FCR);
609 		/* FW expects swapped CRC bytes */
610 		uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
611 							 sizeof(uart_config) - 4));
612 
613 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
614 		serdev_device_wait_until_sent(nxpdev->serdev, 0);
615 		nxpdev->fw_v3_offset_correction += req_len;
616 		return true;
617 	}
618 	return false;
619 }
620 
621 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
622 {
623 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
624 	struct nxp_bootloader_cmd nxp_cmd7;
625 
626 	if (req_len != sizeof(nxp_cmd7))
627 		return false;
628 
629 	nxp_cmd7.header = __cpu_to_le32(7);
630 	nxp_cmd7.arg = __cpu_to_le32(0x70);
631 	nxp_cmd7.payload_len = 0;
632 	/* FW expects swapped CRC bytes */
633 	nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
634 					      sizeof(nxp_cmd7) - 4));
635 	serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
636 	serdev_device_wait_until_sent(nxpdev->serdev, 0);
637 	nxpdev->fw_v3_offset_correction += req_len;
638 	return true;
639 }
640 
641 static u32 nxp_get_data_len(const u8 *buf)
642 {
643 	struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
644 
645 	return __le32_to_cpu(hdr->payload_len);
646 }
647 
648 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
649 {
650 	return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
651 }
652 
653 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
654 {
655 	if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
656 		clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
657 		wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
658 		return false;
659 	}
660 	return is_fw_downloading(nxpdev);
661 }
662 
663 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
664 {
665 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
666 	int err = 0;
667 
668 	if (!strlen(nxpdev->fw_name)) {
669 		snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
670 
671 		bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
672 		err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
673 		if (err < 0) {
674 			bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
675 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
676 		}
677 	}
678 	return err;
679 }
680 
681 /* for legacy chipsets with V1 bootloader */
682 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
683 {
684 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
685 	struct v1_start_ind *req;
686 	__u16 chip_id;
687 
688 	req = skb_pull_data(skb, sizeof(*req));
689 	if (!req)
690 		goto free_skb;
691 
692 	chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
693 	if (chip_id == 0xffff) {
694 		nxpdev->fw_dnld_v1_offset = 0;
695 		nxpdev->fw_v1_sent_bytes = 0;
696 		nxpdev->fw_v1_expected_len = HDR_LEN;
697 		release_firmware(nxpdev->fw);
698 		memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
699 		nxp_send_ack(NXP_ACK_V1, hdev);
700 	}
701 
702 free_skb:
703 	kfree_skb(skb);
704 	return 0;
705 }
706 
707 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
708 {
709 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
710 	struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
711 	struct v1_data_req *req;
712 	__u16 len;
713 
714 	if (!process_boot_signature(nxpdev))
715 		goto free_skb;
716 
717 	req = skb_pull_data(skb, sizeof(*req));
718 	if (!req)
719 		goto free_skb;
720 
721 	len = __le16_to_cpu(req->len ^ req->len_comp);
722 	if (len != 0xffff) {
723 		bt_dev_dbg(hdev, "ERR: Send NAK");
724 		nxp_send_ack(NXP_NAK_V1, hdev);
725 		goto free_skb;
726 	}
727 	nxp_send_ack(NXP_ACK_V1, hdev);
728 
729 	len = __le16_to_cpu(req->len);
730 
731 	if (!nxp_data->helper_fw_name) {
732 		if (!nxpdev->timeout_changed) {
733 			nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
734 									len);
735 			goto free_skb;
736 		}
737 		if (!nxpdev->baudrate_changed) {
738 			nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
739 									  len);
740 			if (nxpdev->baudrate_changed) {
741 				serdev_device_set_baudrate(nxpdev->serdev,
742 							   HCI_NXP_SEC_BAUDRATE);
743 				serdev_device_set_flow_control(nxpdev->serdev, true);
744 				nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
745 			}
746 			goto free_skb;
747 		}
748 	}
749 
750 	if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
751 		if (nxp_request_firmware(hdev, nxp_data->fw_name))
752 			goto free_skb;
753 	} else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
754 		if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
755 			goto free_skb;
756 	}
757 
758 	if (!len) {
759 		bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
760 			   nxpdev->fw->size);
761 		if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
762 			nxpdev->helper_downloaded = true;
763 			serdev_device_wait_until_sent(nxpdev->serdev, 0);
764 			serdev_device_set_baudrate(nxpdev->serdev,
765 						   HCI_NXP_SEC_BAUDRATE);
766 			serdev_device_set_flow_control(nxpdev->serdev, true);
767 		} else {
768 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
769 			wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
770 		}
771 		goto free_skb;
772 	}
773 	if (len & 0x01) {
774 		/* The CRC did not match at the other end.
775 		 * Simply send the same bytes again.
776 		 */
777 		len = nxpdev->fw_v1_sent_bytes;
778 		bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
779 	} else {
780 		nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
781 
782 		/* The FW bin file is made up of many blocks of
783 		 * 16 byte header and payload data chunks. If the
784 		 * FW has requested a header, read the payload length
785 		 * info from the header, before sending the header.
786 		 * In the next iteration, the FW should request the
787 		 * payload data chunk, which should be equal to the
788 		 * payload length read from header. If there is a
789 		 * mismatch, clearly the driver and FW are out of sync,
790 		 * and we need to re-send the previous header again.
791 		 */
792 		if (len == nxpdev->fw_v1_expected_len) {
793 			if (len == HDR_LEN)
794 				nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
795 									nxpdev->fw_dnld_v1_offset);
796 			else
797 				nxpdev->fw_v1_expected_len = HDR_LEN;
798 		} else if (len == HDR_LEN) {
799 			/* FW download out of sync. Send previous chunk again */
800 			nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
801 			nxpdev->fw_v1_expected_len = HDR_LEN;
802 		}
803 	}
804 
805 	if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
806 		serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
807 					nxpdev->fw_dnld_v1_offset, len);
808 	nxpdev->fw_v1_sent_bytes = len;
809 
810 free_skb:
811 	kfree_skb(skb);
812 	return 0;
813 }
814 
815 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid)
816 {
817 	char *fw_name = NULL;
818 
819 	switch (chipid) {
820 	case CHIP_ID_W9098:
821 		fw_name = FIRMWARE_W9098;
822 		break;
823 	case CHIP_ID_IW416:
824 		fw_name = FIRMWARE_IW416;
825 		break;
826 	case CHIP_ID_IW612:
827 		fw_name = FIRMWARE_IW612;
828 		break;
829 	default:
830 		bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
831 		break;
832 	}
833 	return fw_name;
834 }
835 
836 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
837 {
838 	struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
839 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
840 	u16 chip_id;
841 
842 	if (!process_boot_signature(nxpdev))
843 		goto free_skb;
844 
845 	chip_id = le16_to_cpu(req->chip_id);
846 	if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
847 								    chip_id)))
848 		nxp_send_ack(NXP_ACK_V3, hdev);
849 
850 free_skb:
851 	kfree_skb(skb);
852 	return 0;
853 }
854 
855 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
856 {
857 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
858 	struct v3_data_req *req;
859 	__u16 len;
860 	__u32 offset;
861 
862 	if (!process_boot_signature(nxpdev))
863 		goto free_skb;
864 
865 	req = skb_pull_data(skb, sizeof(*req));
866 	if (!req || !nxpdev->fw)
867 		goto free_skb;
868 
869 	nxp_send_ack(NXP_ACK_V3, hdev);
870 
871 	len = __le16_to_cpu(req->len);
872 
873 	if (!nxpdev->timeout_changed) {
874 		nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
875 		goto free_skb;
876 	}
877 
878 	if (!nxpdev->baudrate_changed) {
879 		nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
880 		if (nxpdev->baudrate_changed) {
881 			serdev_device_set_baudrate(nxpdev->serdev,
882 						   HCI_NXP_SEC_BAUDRATE);
883 			serdev_device_set_flow_control(nxpdev->serdev, true);
884 			nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
885 		}
886 		goto free_skb;
887 	}
888 
889 	if (req->len == 0) {
890 		bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
891 			   nxpdev->fw->size);
892 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
893 		wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
894 		goto free_skb;
895 	}
896 	if (req->error)
897 		bt_dev_dbg(hdev, "FW Download received err 0x%02x from chip",
898 			   req->error);
899 
900 	offset = __le32_to_cpu(req->offset);
901 	if (offset < nxpdev->fw_v3_offset_correction) {
902 		/* This scenario should ideally never occur. But if it ever does,
903 		 * FW is out of sync and needs a power cycle.
904 		 */
905 		bt_dev_err(hdev, "Something went wrong during FW download");
906 		bt_dev_err(hdev, "Please power cycle and try again");
907 		goto free_skb;
908 	}
909 
910 	serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + offset -
911 				nxpdev->fw_v3_offset_correction, len);
912 
913 free_skb:
914 	kfree_skb(skb);
915 	return 0;
916 }
917 
918 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
919 {
920 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
921 	__le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
922 	struct ps_data *psdata = &nxpdev->psdata;
923 	struct sk_buff *skb;
924 	u8 *status;
925 
926 	if (!psdata)
927 		return 0;
928 
929 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
930 	if (IS_ERR(skb)) {
931 		bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
932 		return PTR_ERR(skb);
933 	}
934 
935 	status = (u8 *)skb_pull_data(skb, 1);
936 	if (status) {
937 		if (*status == 0) {
938 			serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
939 			nxpdev->current_baudrate = nxpdev->new_baudrate;
940 		}
941 		bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
942 			   *status, nxpdev->new_baudrate);
943 	}
944 	kfree_skb(skb);
945 
946 	return 0;
947 }
948 
949 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
950 {
951 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
952 	struct sk_buff *skb;
953 	u8 *status;
954 	u8 pcmd = 0;
955 	int err = 0;
956 
957 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
958 	if (IS_ERR(skb))
959 		return PTR_ERR(skb);
960 
961 	status = skb_pull_data(skb, 1);
962 	if (!status || *status)
963 		goto free_skb;
964 
965 	set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
966 	err = nxp_download_firmware(hdev);
967 	if (err < 0)
968 		goto free_skb;
969 	serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
970 	nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
971 	if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
972 		nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
973 		nxp_set_baudrate_cmd(hdev, NULL);
974 	}
975 	hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
976 	hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
977 
978 free_skb:
979 	kfree_skb(skb);
980 	return err;
981 }
982 
983 /* NXP protocol */
984 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
985 {
986 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
987 	serdev_device_set_flow_control(nxpdev->serdev, true);
988 	set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
989 
990 	return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
991 					       !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
992 							 &nxpdev->tx_state),
993 					       msecs_to_jiffies(1000));
994 }
995 
996 static int nxp_setup(struct hci_dev *hdev)
997 {
998 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
999 	int err = 0;
1000 
1001 	set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1002 	init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1003 	init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1004 
1005 	if (nxp_check_boot_sign(nxpdev)) {
1006 		bt_dev_dbg(hdev, "Need FW Download.");
1007 		err = nxp_download_firmware(hdev);
1008 		if (err < 0)
1009 			return err;
1010 	} else {
1011 		bt_dev_dbg(hdev, "FW already running.");
1012 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1013 	}
1014 
1015 	device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1016 				 &nxpdev->fw_init_baudrate);
1017 	if (!nxpdev->fw_init_baudrate)
1018 		nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1019 	serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1020 	nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1021 
1022 	if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1023 		nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1024 		hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1025 	}
1026 
1027 	ps_init(hdev);
1028 
1029 	return 0;
1030 }
1031 
1032 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1033 {
1034 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1035 
1036 	/* Prepend skb with frame type */
1037 	memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1038 	skb_queue_tail(&nxpdev->txq, skb);
1039 	btnxpuart_tx_wakeup(nxpdev);
1040 	return 0;
1041 }
1042 
1043 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1044 {
1045 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1046 	struct ps_data *psdata = &nxpdev->psdata;
1047 	struct hci_command_hdr *hdr;
1048 	struct psmode_cmd_payload ps_parm;
1049 	struct wakeup_cmd_payload wakeup_parm;
1050 	__le32 baudrate_parm;
1051 
1052 	/* if vendor commands are received from user space (e.g. hcitool), update
1053 	 * driver flags accordingly and ask driver to re-send the command to FW.
1054 	 * In case the payload for any command does not match expected payload
1055 	 * length, let the firmware and user space program handle it, or throw
1056 	 * an error.
1057 	 */
1058 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1059 		hdr = (struct hci_command_hdr *)skb->data;
1060 		if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1061 			return btnxpuart_queue_skb(hdev, skb);
1062 
1063 		switch (__le16_to_cpu(hdr->opcode)) {
1064 		case HCI_NXP_AUTO_SLEEP_MODE:
1065 			if (hdr->plen == sizeof(ps_parm)) {
1066 				memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1067 				if (ps_parm.ps_cmd == BT_PS_ENABLE)
1068 					psdata->target_ps_mode = PS_MODE_ENABLE;
1069 				else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1070 					psdata->target_ps_mode = PS_MODE_DISABLE;
1071 				psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1072 				hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1073 				goto free_skb;
1074 			}
1075 			break;
1076 		case HCI_NXP_WAKEUP_METHOD:
1077 			if (hdr->plen == sizeof(wakeup_parm)) {
1078 				memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1079 				psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1080 				psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1081 				psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1082 				switch (wakeup_parm.h2c_wakeupmode) {
1083 				case BT_CTRL_WAKEUP_METHOD_DSR:
1084 					psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1085 					break;
1086 				case BT_CTRL_WAKEUP_METHOD_BREAK:
1087 				default:
1088 					psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1089 					break;
1090 				}
1091 				hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1092 				goto free_skb;
1093 			}
1094 			break;
1095 		case HCI_NXP_SET_OPER_SPEED:
1096 			if (hdr->plen == sizeof(baudrate_parm)) {
1097 				memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1098 				nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1099 				hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1100 				goto free_skb;
1101 			}
1102 			break;
1103 		case HCI_NXP_IND_RESET:
1104 			if (hdr->plen == 1) {
1105 				hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1106 				goto free_skb;
1107 			}
1108 			break;
1109 		default:
1110 			break;
1111 		}
1112 	}
1113 
1114 	return btnxpuart_queue_skb(hdev, skb);
1115 
1116 free_skb:
1117 	kfree_skb(skb);
1118 	return 0;
1119 }
1120 
1121 static struct sk_buff *nxp_dequeue(void *data)
1122 {
1123 	struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1124 
1125 	ps_wakeup(nxpdev);
1126 	ps_start_timer(nxpdev);
1127 	return skb_dequeue(&nxpdev->txq);
1128 }
1129 
1130 /* btnxpuart based on serdev */
1131 static void btnxpuart_tx_work(struct work_struct *work)
1132 {
1133 	struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1134 						   tx_work);
1135 	struct serdev_device *serdev = nxpdev->serdev;
1136 	struct hci_dev *hdev = nxpdev->hdev;
1137 	struct sk_buff *skb;
1138 	int len;
1139 
1140 	while ((skb = nxp_dequeue(nxpdev))) {
1141 		len = serdev_device_write_buf(serdev, skb->data, skb->len);
1142 		hdev->stat.byte_tx += len;
1143 
1144 		skb_pull(skb, len);
1145 		if (skb->len > 0) {
1146 			skb_queue_head(&nxpdev->txq, skb);
1147 			break;
1148 		}
1149 
1150 		switch (hci_skb_pkt_type(skb)) {
1151 		case HCI_COMMAND_PKT:
1152 			hdev->stat.cmd_tx++;
1153 			break;
1154 		case HCI_ACLDATA_PKT:
1155 			hdev->stat.acl_tx++;
1156 			break;
1157 		case HCI_SCODATA_PKT:
1158 			hdev->stat.sco_tx++;
1159 			break;
1160 		}
1161 
1162 		kfree_skb(skb);
1163 	}
1164 	clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1165 }
1166 
1167 static int btnxpuart_open(struct hci_dev *hdev)
1168 {
1169 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1170 	int err = 0;
1171 
1172 	err = serdev_device_open(nxpdev->serdev);
1173 	if (err) {
1174 		bt_dev_err(hdev, "Unable to open UART device %s",
1175 			   dev_name(&nxpdev->serdev->dev));
1176 	} else {
1177 		set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1178 	}
1179 	return err;
1180 }
1181 
1182 static int btnxpuart_close(struct hci_dev *hdev)
1183 {
1184 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1185 
1186 	ps_wakeup(nxpdev);
1187 	serdev_device_close(nxpdev->serdev);
1188 	clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1189 	return 0;
1190 }
1191 
1192 static int btnxpuart_flush(struct hci_dev *hdev)
1193 {
1194 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1195 
1196 	/* Flush any pending characters */
1197 	serdev_device_write_flush(nxpdev->serdev);
1198 	skb_queue_purge(&nxpdev->txq);
1199 
1200 	cancel_work_sync(&nxpdev->tx_work);
1201 
1202 	kfree_skb(nxpdev->rx_skb);
1203 	nxpdev->rx_skb = NULL;
1204 
1205 	return 0;
1206 }
1207 
1208 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1209 	{ H4_RECV_ACL,          .recv = hci_recv_frame },
1210 	{ H4_RECV_SCO,          .recv = hci_recv_frame },
1211 	{ H4_RECV_EVENT,        .recv = hci_recv_frame },
1212 	{ NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1213 	{ NXP_RECV_FW_REQ_V1,   .recv = nxp_recv_fw_req_v1 },
1214 	{ NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1215 	{ NXP_RECV_FW_REQ_V3,   .recv = nxp_recv_fw_req_v3 },
1216 };
1217 
1218 static int btnxpuart_receive_buf(struct serdev_device *serdev, const u8 *data,
1219 				 size_t count)
1220 {
1221 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1222 
1223 	ps_start_timer(nxpdev);
1224 
1225 	nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1226 				     nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1227 	if (IS_ERR(nxpdev->rx_skb)) {
1228 		int err = PTR_ERR(nxpdev->rx_skb);
1229 		/* Safe to ignore out-of-sync bootloader signatures */
1230 		if (is_fw_downloading(nxpdev))
1231 			return count;
1232 		bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1233 		nxpdev->rx_skb = NULL;
1234 		return err;
1235 	}
1236 	nxpdev->hdev->stat.byte_rx += count;
1237 	return count;
1238 }
1239 
1240 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1241 {
1242 	serdev_device_write_wakeup(serdev);
1243 }
1244 
1245 static const struct serdev_device_ops btnxpuart_client_ops = {
1246 	.receive_buf = btnxpuart_receive_buf,
1247 	.write_wakeup = btnxpuart_write_wakeup,
1248 };
1249 
1250 static int nxp_serdev_probe(struct serdev_device *serdev)
1251 {
1252 	struct hci_dev *hdev;
1253 	struct btnxpuart_dev *nxpdev;
1254 
1255 	nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1256 	if (!nxpdev)
1257 		return -ENOMEM;
1258 
1259 	nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1260 
1261 	nxpdev->serdev = serdev;
1262 	serdev_device_set_drvdata(serdev, nxpdev);
1263 
1264 	serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1265 
1266 	INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1267 	skb_queue_head_init(&nxpdev->txq);
1268 
1269 	crc8_populate_msb(crc8_table, POLYNOMIAL8);
1270 
1271 	/* Initialize and register HCI device */
1272 	hdev = hci_alloc_dev();
1273 	if (!hdev) {
1274 		dev_err(&serdev->dev, "Can't allocate HCI device\n");
1275 		return -ENOMEM;
1276 	}
1277 
1278 	nxpdev->hdev = hdev;
1279 
1280 	hdev->bus = HCI_UART;
1281 	hci_set_drvdata(hdev, nxpdev);
1282 
1283 	hdev->manufacturer = MANUFACTURER_NXP;
1284 	hdev->open  = btnxpuart_open;
1285 	hdev->close = btnxpuart_close;
1286 	hdev->flush = btnxpuart_flush;
1287 	hdev->setup = nxp_setup;
1288 	hdev->send  = nxp_enqueue;
1289 	SET_HCIDEV_DEV(hdev, &serdev->dev);
1290 
1291 	if (hci_register_dev(hdev) < 0) {
1292 		dev_err(&serdev->dev, "Can't register HCI device\n");
1293 		hci_free_dev(hdev);
1294 		return -ENODEV;
1295 	}
1296 
1297 	ps_init_work(hdev);
1298 	ps_init_timer(hdev);
1299 
1300 	return 0;
1301 }
1302 
1303 static void nxp_serdev_remove(struct serdev_device *serdev)
1304 {
1305 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1306 	struct hci_dev *hdev = nxpdev->hdev;
1307 
1308 	/* Restore FW baudrate to fw_init_baudrate if changed.
1309 	 * This will ensure FW baudrate is in sync with
1310 	 * driver baudrate in case this driver is re-inserted.
1311 	 */
1312 	if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1313 		nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1314 		nxp_set_baudrate_cmd(hdev, NULL);
1315 	}
1316 
1317 	ps_cancel_timer(nxpdev);
1318 	hci_unregister_dev(hdev);
1319 	hci_free_dev(hdev);
1320 }
1321 
1322 static struct btnxpuart_data w8987_data __maybe_unused = {
1323 	.helper_fw_name = NULL,
1324 	.fw_name = FIRMWARE_W8987,
1325 };
1326 
1327 static struct btnxpuart_data w8997_data __maybe_unused = {
1328 	.helper_fw_name = FIRMWARE_HELPER,
1329 	.fw_name = FIRMWARE_W8997,
1330 };
1331 
1332 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1333 	{ .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1334 	{ .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1335 	{ }
1336 };
1337 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1338 
1339 static struct serdev_device_driver nxp_serdev_driver = {
1340 	.probe = nxp_serdev_probe,
1341 	.remove = nxp_serdev_remove,
1342 	.driver = {
1343 		.name = "btnxpuart",
1344 		.of_match_table = of_match_ptr(nxpuart_of_match_table),
1345 	},
1346 };
1347 
1348 module_serdev_device_driver(nxp_serdev_driver);
1349 
1350 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1351 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1352 MODULE_LICENSE("GPL");
1353