1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NXP Bluetooth driver 4 * Copyright 2023-2025 NXP 5 */ 6 7 #include <linux/module.h> 8 #include <linux/kernel.h> 9 10 #include <linux/serdev.h> 11 #include <linux/of.h> 12 #include <linux/skbuff.h> 13 #include <linux/unaligned.h> 14 #include <linux/firmware.h> 15 #include <linux/string.h> 16 #include <linux/crc8.h> 17 #include <linux/crc32.h> 18 #include <linux/string_helpers.h> 19 #include <linux/gpio/consumer.h> 20 #include <linux/of_irq.h> 21 #include <linux/regulator/consumer.h> 22 #include <linux/reset.h> 23 24 #include <net/bluetooth/bluetooth.h> 25 #include <net/bluetooth/hci_core.h> 26 27 #include "hci_uart.h" 28 29 #define MANUFACTURER_NXP 37 30 31 #define BTNXPUART_TX_STATE_ACTIVE 1 32 #define BTNXPUART_FW_DOWNLOADING 2 33 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3 34 #define BTNXPUART_SERDEV_OPEN 4 35 #define BTNXPUART_IR_IN_PROGRESS 5 36 #define BTNXPUART_FW_DOWNLOAD_ABORT 6 37 #define BTNXPUART_FW_DUMP_IN_PROGRESS 7 38 39 /* NXP HW err codes */ 40 #define BTNXPUART_IR_HW_ERR 0xb0 41 42 #define FIRMWARE_W8987 "uart8987_bt.bin" 43 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin" 44 #define FIRMWARE_W8997 "uart8997_bt_v4.bin" 45 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin" 46 #define FIRMWARE_W9098 "uart9098_bt_v1.bin" 47 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin" 48 #define FIRMWARE_IW416 "uartiw416_bt.bin" 49 #define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin" 50 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se" 51 #define FIRMWARE_IW610 "uartspi_iw610.bin" 52 #define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se" 53 #define FIRMWARE_IW624 "uartiw624_bt.bin" 54 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se" 55 #define FIRMWARE_AW693 "uartaw693_bt.bin" 56 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se" 57 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin" 58 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se" 59 #define FIRMWARE_HELPER "helper_uart_3000000.bin" 60 61 #define CHIP_ID_W9098 0x5c03 62 #define CHIP_ID_IW416 0x7201 63 #define CHIP_ID_IW612 0x7601 64 #define CHIP_ID_IW624a 0x8000 65 #define CHIP_ID_IW624c 0x8001 66 #define CHIP_ID_AW693a0 0x8200 67 #define CHIP_ID_AW693a1 0x8201 68 #define CHIP_ID_IW610a0 0x8800 69 #define CHIP_ID_IW610a1 0x8801 70 71 #define FW_SECURE_MASK 0xc0 72 #define FW_OPEN 0x00 73 #define FW_AUTH_ILLEGAL 0x40 74 #define FW_AUTH_PLAIN 0x80 75 #define FW_AUTH_ENC 0xc0 76 77 #define HCI_NXP_PRI_BAUDRATE 115200 78 #define HCI_NXP_SEC_BAUDRATE_3M 3000000 79 #define HCI_NXP_SEC_BAUDRATE_4M 4000000 80 81 #define MAX_FW_FILE_NAME_LEN 50 82 83 /* Default ps timeout period in milliseconds */ 84 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000 85 86 /* wakeup methods */ 87 #define WAKEUP_METHOD_DTR 0 88 #define WAKEUP_METHOD_BREAK 1 89 #define WAKEUP_METHOD_EXT_BREAK 2 90 #define WAKEUP_METHOD_RTS 3 91 #define WAKEUP_METHOD_GPIO 4 92 #define WAKEUP_METHOD_INVALID 0xff 93 94 /* power save mode status */ 95 #define PS_MODE_DISABLE 0 96 #define PS_MODE_ENABLE 1 97 98 /* Power Save Commands to ps_work_func */ 99 #define PS_CMD_EXIT_PS 1 100 #define PS_CMD_ENTER_PS 2 101 102 /* power save state */ 103 #define PS_STATE_AWAKE 0 104 #define PS_STATE_SLEEP 1 105 106 /* NXP Vendor Commands. Refer user manual UM11628 on nxp.com */ 107 /* Set custom BD Address */ 108 #define HCI_NXP_SET_BD_ADDR 0xfc22 109 /* Set Auto-Sleep mode */ 110 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23 111 /* Set Wakeup method */ 112 #define HCI_NXP_WAKEUP_METHOD 0xfc53 113 /* Set operational baudrate */ 114 #define HCI_NXP_SET_OPER_SPEED 0xfc09 115 /* Independent Reset (Soft Reset) */ 116 #define HCI_NXP_IND_RESET 0xfcfc 117 /* Bluetooth vendor command: Trigger FW dump */ 118 #define HCI_NXP_TRIGGER_DUMP 0xfe91 119 120 /* Bluetooth Power State : Vendor cmd params */ 121 #define BT_PS_ENABLE 0x02 122 #define BT_PS_DISABLE 0x03 123 124 /* Bluetooth Host Wakeup Methods */ 125 #define BT_HOST_WAKEUP_METHOD_NONE 0x00 126 #define BT_HOST_WAKEUP_METHOD_DTR 0x01 127 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02 128 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03 129 130 /* Bluetooth Chip Wakeup Methods */ 131 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00 132 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01 133 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02 134 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04 135 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05 136 137 struct ps_data { 138 u8 target_ps_mode; /* ps mode to be set */ 139 u8 cur_psmode; /* current ps_mode */ 140 u8 ps_state; /* controller's power save state */ 141 u8 ps_cmd; 142 u8 h2c_wakeupmode; 143 u8 cur_h2c_wakeupmode; 144 u8 c2h_wakeupmode; 145 u8 c2h_wakeup_gpio; 146 u8 h2c_wakeup_gpio; 147 bool driver_sent_cmd; 148 u16 h2c_ps_interval; 149 u16 c2h_ps_interval; 150 bool wakeup_source; 151 struct gpio_desc *h2c_ps_gpio; 152 s32 irq_handler; 153 struct hci_dev *hdev; 154 struct work_struct work; 155 struct timer_list ps_timer; 156 struct mutex ps_lock; 157 }; 158 159 struct wakeup_cmd_payload { 160 u8 c2h_wakeupmode; 161 u8 c2h_wakeup_gpio; 162 u8 h2c_wakeupmode; 163 u8 h2c_wakeup_gpio; 164 } __packed; 165 166 struct psmode_cmd_payload { 167 u8 ps_cmd; 168 __le16 c2h_ps_interval; 169 } __packed; 170 171 struct btnxpuart_data { 172 const char *helper_fw_name; 173 const char *fw_name; 174 const char *fw_name_old; 175 }; 176 177 enum bootloader_param_change { 178 not_changed, 179 cmd_sent, 180 changed 181 }; 182 183 struct btnxpuart_dev { 184 struct hci_dev *hdev; 185 struct serdev_device *serdev; 186 187 struct work_struct tx_work; 188 unsigned long tx_state; 189 struct sk_buff_head txq; 190 struct sk_buff *rx_skb; 191 192 const struct firmware *fw; 193 u8 fw_name[MAX_FW_FILE_NAME_LEN]; 194 u32 fw_dnld_v1_offset; 195 u32 fw_v1_sent_bytes; 196 u32 fw_dnld_v3_offset; 197 u32 fw_v3_offset_correction; 198 u32 fw_v3_prev_sent; 199 u32 fw_v1_expected_len; 200 u32 boot_reg_offset; 201 wait_queue_head_t fw_dnld_done_wait_q; 202 wait_queue_head_t check_boot_sign_wait_q; 203 204 u32 new_baudrate; 205 u32 current_baudrate; 206 u32 fw_init_baudrate; 207 u32 secondary_baudrate; 208 enum bootloader_param_change timeout_changed; 209 enum bootloader_param_change baudrate_changed; 210 bool helper_downloaded; 211 212 struct ps_data psdata; 213 struct btnxpuart_data *nxp_data; 214 struct reset_control *pdn; 215 struct hci_uart hu; 216 }; 217 218 #define NXP_V1_FW_REQ_PKT 0xa5 219 #define NXP_V1_CHIP_VER_PKT 0xaa 220 #define NXP_V3_FW_REQ_PKT 0xa7 221 #define NXP_V3_CHIP_VER_PKT 0xab 222 223 #define NXP_ACK_V1 0x5a 224 #define NXP_NAK_V1 0xbf 225 #define NXP_ACK_V3 0x7a 226 #define NXP_NAK_V3 0x7b 227 #define NXP_CRC_ERROR_V3 0x7c 228 229 /* Bootloader signature error codes: Refer AN12820 from nxp.com */ 230 #define NXP_CRC_RX_ERROR BIT(0) /* CRC error in previous packet */ 231 #define NXP_ACK_RX_TIMEOUT BIT(2) /* ACK not received from host */ 232 #define NXP_HDR_RX_TIMEOUT BIT(3) /* FW Header chunk not received */ 233 #define NXP_DATA_RX_TIMEOUT BIT(4) /* FW Data chunk not received */ 234 235 #define HDR_LEN 16 236 237 #define NXP_RECV_CHIP_VER_V1 \ 238 .type = NXP_V1_CHIP_VER_PKT, \ 239 .hlen = 4, \ 240 .loff = 0, \ 241 .lsize = 0, \ 242 .maxlen = 4 243 244 #define NXP_RECV_FW_REQ_V1 \ 245 .type = NXP_V1_FW_REQ_PKT, \ 246 .hlen = 4, \ 247 .loff = 0, \ 248 .lsize = 0, \ 249 .maxlen = 4 250 251 #define NXP_RECV_CHIP_VER_V3 \ 252 .type = NXP_V3_CHIP_VER_PKT, \ 253 .hlen = 4, \ 254 .loff = 0, \ 255 .lsize = 0, \ 256 .maxlen = 4 257 258 #define NXP_RECV_FW_REQ_V3 \ 259 .type = NXP_V3_FW_REQ_PKT, \ 260 .hlen = 9, \ 261 .loff = 0, \ 262 .lsize = 0, \ 263 .maxlen = 9 264 265 struct v1_data_req { 266 __le16 len; 267 __le16 len_comp; 268 } __packed; 269 270 struct v1_start_ind { 271 __le16 chip_id; 272 __le16 chip_id_comp; 273 } __packed; 274 275 struct v3_data_req { 276 __le16 len; 277 __le32 offset; 278 __le16 error; 279 u8 crc; 280 } __packed; 281 282 struct v3_start_ind { 283 __le16 chip_id; 284 u8 loader_ver; 285 u8 crc; 286 } __packed; 287 288 /* UART register addresses of BT chip */ 289 #define CLKDIVADDR 0x7f00008f 290 #define UARTDIVADDR 0x7f000090 291 #define UARTMCRADDR 0x7f000091 292 #define UARTREINITADDR 0x7f000092 293 #define UARTICRADDR 0x7f000093 294 #define UARTFCRADDR 0x7f000094 295 296 #define MCR 0x00000022 297 #define INIT 0x00000001 298 #define ICR 0x000000c7 299 #define FCR 0x000000c7 300 301 #define POLYNOMIAL8 0x07 302 303 struct uart_reg { 304 __le32 address; 305 __le32 value; 306 } __packed; 307 308 struct uart_config { 309 struct uart_reg clkdiv; 310 struct uart_reg uartdiv; 311 struct uart_reg mcr; 312 struct uart_reg re_init; 313 struct uart_reg icr; 314 struct uart_reg fcr; 315 __be32 crc; 316 } __packed; 317 318 struct nxp_bootloader_cmd { 319 __le32 header; 320 __le32 arg; 321 __le32 payload_len; 322 __be32 crc; 323 } __packed; 324 325 struct nxp_v3_rx_timeout_nak { 326 u8 nak; 327 __le32 offset; 328 u8 crc; 329 } __packed; 330 331 union nxp_v3_rx_timeout_nak_u { 332 struct nxp_v3_rx_timeout_nak pkt; 333 u8 buf[6]; 334 }; 335 336 struct nxp_v3_crc_nak { 337 u8 nak; 338 u8 crc; 339 } __packed; 340 341 union nxp_v3_crc_nak_u { 342 struct nxp_v3_crc_nak pkt; 343 u8 buf[2]; 344 }; 345 346 /* FW dump */ 347 #define NXP_FW_DUMP_SIZE (1024 * 1000) 348 349 struct nxp_fw_dump_hdr { 350 __le16 seq_num; 351 __le16 reserved; 352 __le16 buf_type; 353 __le16 buf_len; 354 }; 355 356 union nxp_set_bd_addr_payload { 357 struct { 358 u8 param_id; 359 u8 param_len; 360 u8 param[6]; 361 } __packed data; 362 u8 buf[8]; 363 }; 364 365 static u8 crc8_table[CRC8_TABLE_SIZE]; 366 367 /* Default configurations */ 368 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK 369 #define DEFAULT_PS_MODE PS_MODE_ENABLE 370 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE 371 372 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode, 373 u32 plen, 374 void *param, 375 bool resp) 376 { 377 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 378 struct ps_data *psdata = &nxpdev->psdata; 379 struct sk_buff *skb = NULL; 380 381 /* set flag to prevent nxp_enqueue from parsing values from this command and 382 * calling hci_cmd_sync_queue() again. 383 */ 384 psdata->driver_sent_cmd = true; 385 if (resp) { 386 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT); 387 } else { 388 __hci_cmd_send(hdev, opcode, plen, param); 389 /* Allow command to be sent before tx_work is cancelled 390 * by btnxpuart_flush() 391 */ 392 msleep(20); 393 } 394 psdata->driver_sent_cmd = false; 395 396 return skb; 397 } 398 399 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev) 400 { 401 if (schedule_work(&nxpdev->tx_work)) 402 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 403 } 404 405 /* NXP Power Save Feature */ 406 static void ps_start_timer(struct btnxpuart_dev *nxpdev) 407 { 408 struct ps_data *psdata = &nxpdev->psdata; 409 410 if (!psdata) 411 return; 412 413 if (psdata->cur_psmode == PS_MODE_ENABLE) 414 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval)); 415 416 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS) 417 cancel_work_sync(&psdata->work); 418 } 419 420 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev) 421 { 422 struct ps_data *psdata = &nxpdev->psdata; 423 424 flush_work(&psdata->work); 425 timer_shutdown_sync(&psdata->ps_timer); 426 } 427 428 static void ps_control(struct hci_dev *hdev, u8 ps_state) 429 { 430 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 431 struct ps_data *psdata = &nxpdev->psdata; 432 int status = 0; 433 434 if (psdata->ps_state == ps_state || 435 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state)) 436 return; 437 438 mutex_lock(&psdata->ps_lock); 439 switch (psdata->cur_h2c_wakeupmode) { 440 case WAKEUP_METHOD_GPIO: 441 if (ps_state == PS_STATE_AWAKE) 442 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0); 443 else 444 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1); 445 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s", 446 str_high_low(ps_state == PS_STATE_SLEEP)); 447 break; 448 case WAKEUP_METHOD_DTR: 449 if (ps_state == PS_STATE_AWAKE) 450 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 451 else 452 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 453 break; 454 case WAKEUP_METHOD_BREAK: 455 default: 456 if (ps_state == PS_STATE_AWAKE) 457 status = serdev_device_break_ctl(nxpdev->serdev, 0); 458 else 459 status = serdev_device_break_ctl(nxpdev->serdev, -1); 460 msleep(20); /* Allow chip to detect UART-break and enter sleep */ 461 bt_dev_dbg(hdev, "Set UART break: %s, status=%d", 462 str_on_off(ps_state == PS_STATE_SLEEP), status); 463 break; 464 } 465 if (!status) 466 psdata->ps_state = ps_state; 467 mutex_unlock(&psdata->ps_lock); 468 469 if (ps_state == PS_STATE_AWAKE) 470 btnxpuart_tx_wakeup(nxpdev); 471 } 472 473 static void ps_work_func(struct work_struct *work) 474 { 475 struct ps_data *data = container_of(work, struct ps_data, work); 476 477 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE) 478 ps_control(data->hdev, PS_STATE_SLEEP); 479 else if (data->ps_cmd == PS_CMD_EXIT_PS) 480 ps_control(data->hdev, PS_STATE_AWAKE); 481 } 482 483 static void ps_timeout_func(struct timer_list *t) 484 { 485 struct ps_data *data = timer_container_of(data, t, ps_timer); 486 struct hci_dev *hdev = data->hdev; 487 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 488 489 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) { 490 ps_start_timer(nxpdev); 491 } else { 492 data->ps_cmd = PS_CMD_ENTER_PS; 493 schedule_work(&data->work); 494 } 495 } 496 497 static irqreturn_t ps_host_wakeup_irq_handler(int irq, void *priv) 498 { 499 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)priv; 500 501 bt_dev_dbg(nxpdev->hdev, "Host wakeup interrupt"); 502 return IRQ_HANDLED; 503 } 504 static int ps_setup(struct hci_dev *hdev) 505 { 506 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 507 struct serdev_device *serdev = nxpdev->serdev; 508 struct ps_data *psdata = &nxpdev->psdata; 509 int ret; 510 511 /* Out-Of-Band Device Wakeup */ 512 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup", 513 GPIOD_OUT_LOW); 514 if (IS_ERR(psdata->h2c_ps_gpio)) { 515 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld", 516 PTR_ERR(psdata->h2c_ps_gpio)); 517 return PTR_ERR(psdata->h2c_ps_gpio); 518 } 519 520 if (device_property_read_u8(&serdev->dev, "nxp,wakein-pin", &psdata->h2c_wakeup_gpio)) { 521 psdata->h2c_wakeup_gpio = 0xff; /* 0xff: use default pin/gpio */ 522 } else if (!psdata->h2c_ps_gpio) { 523 bt_dev_warn(hdev, "nxp,wakein-pin property without device-wakeup-gpios"); 524 psdata->h2c_wakeup_gpio = 0xff; 525 } 526 527 /* Out-Of-Band Host Wakeup */ 528 if (of_property_read_bool(serdev->dev.of_node, "wakeup-source")) { 529 psdata->irq_handler = of_irq_get_byname(serdev->dev.of_node, "wakeup"); 530 bt_dev_info(nxpdev->hdev, "irq_handler: %d", psdata->irq_handler); 531 if (psdata->irq_handler > 0) 532 psdata->wakeup_source = true; 533 } 534 535 if (device_property_read_u8(&serdev->dev, "nxp,wakeout-pin", &psdata->c2h_wakeup_gpio)) { 536 psdata->c2h_wakeup_gpio = 0xff; 537 if (psdata->wakeup_source) { 538 bt_dev_warn(hdev, "host wakeup interrupt without nxp,wakeout-pin"); 539 psdata->wakeup_source = false; 540 } 541 } else if (!psdata->wakeup_source) { 542 bt_dev_warn(hdev, "nxp,wakeout-pin property without host wakeup interrupt"); 543 psdata->c2h_wakeup_gpio = 0xff; 544 } 545 546 if (psdata->wakeup_source) { 547 ret = devm_request_threaded_irq(&serdev->dev, psdata->irq_handler, 548 NULL, ps_host_wakeup_irq_handler, 549 IRQF_ONESHOT, 550 dev_name(&serdev->dev), nxpdev); 551 if (ret) 552 bt_dev_info(hdev, "error setting wakeup IRQ handler, ignoring\n"); 553 disable_irq(psdata->irq_handler); 554 device_init_wakeup(&serdev->dev, true); 555 } 556 557 psdata->hdev = hdev; 558 INIT_WORK(&psdata->work, ps_work_func); 559 mutex_init(&psdata->ps_lock); 560 timer_setup(&psdata->ps_timer, ps_timeout_func, 0); 561 562 return 0; 563 } 564 565 static bool ps_wakeup(struct btnxpuart_dev *nxpdev) 566 { 567 struct ps_data *psdata = &nxpdev->psdata; 568 u8 ps_state; 569 570 mutex_lock(&psdata->ps_lock); 571 ps_state = psdata->ps_state; 572 mutex_unlock(&psdata->ps_lock); 573 574 if (ps_state != PS_STATE_AWAKE) { 575 psdata->ps_cmd = PS_CMD_EXIT_PS; 576 schedule_work(&psdata->work); 577 return true; 578 } 579 return false; 580 } 581 582 static void ps_cleanup(struct btnxpuart_dev *nxpdev) 583 { 584 struct ps_data *psdata = &nxpdev->psdata; 585 u8 ps_state; 586 587 mutex_lock(&psdata->ps_lock); 588 ps_state = psdata->ps_state; 589 mutex_unlock(&psdata->ps_lock); 590 591 if (ps_state != PS_STATE_AWAKE) 592 ps_control(psdata->hdev, PS_STATE_AWAKE); 593 594 ps_cancel_timer(nxpdev); 595 cancel_work_sync(&psdata->work); 596 mutex_destroy(&psdata->ps_lock); 597 } 598 599 static int send_ps_cmd(struct hci_dev *hdev, void *data) 600 { 601 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 602 struct ps_data *psdata = &nxpdev->psdata; 603 struct psmode_cmd_payload pcmd; 604 struct sk_buff *skb; 605 u8 *status; 606 607 if (psdata->target_ps_mode == PS_MODE_ENABLE) 608 pcmd.ps_cmd = BT_PS_ENABLE; 609 else 610 pcmd.ps_cmd = BT_PS_DISABLE; 611 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval); 612 613 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), 614 &pcmd, true); 615 if (IS_ERR(skb)) { 616 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb)); 617 return PTR_ERR(skb); 618 } 619 620 status = skb_pull_data(skb, 1); 621 if (status) { 622 if (!*status) 623 psdata->cur_psmode = psdata->target_ps_mode; 624 else 625 psdata->target_ps_mode = psdata->cur_psmode; 626 if (psdata->cur_psmode == PS_MODE_ENABLE) 627 ps_start_timer(nxpdev); 628 else 629 ps_wakeup(nxpdev); 630 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d", 631 *status, psdata->cur_psmode); 632 } 633 kfree_skb(skb); 634 635 return 0; 636 } 637 638 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data) 639 { 640 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 641 struct ps_data *psdata = &nxpdev->psdata; 642 struct wakeup_cmd_payload pcmd; 643 struct sk_buff *skb; 644 u8 *status; 645 646 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode; 647 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio; 648 pcmd.h2c_wakeup_gpio = 0xff; 649 switch (psdata->h2c_wakeupmode) { 650 case WAKEUP_METHOD_GPIO: 651 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO; 652 pcmd.h2c_wakeup_gpio = psdata->h2c_wakeup_gpio; 653 break; 654 case WAKEUP_METHOD_DTR: 655 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR; 656 break; 657 case WAKEUP_METHOD_BREAK: 658 default: 659 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK; 660 break; 661 } 662 663 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), 664 &pcmd, true); 665 if (IS_ERR(skb)) { 666 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb)); 667 return PTR_ERR(skb); 668 } 669 670 status = skb_pull_data(skb, 1); 671 if (status) { 672 if (*status == 0) 673 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode; 674 else 675 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode; 676 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d", 677 *status, psdata->cur_h2c_wakeupmode); 678 } 679 kfree_skb(skb); 680 681 return 0; 682 } 683 684 static void ps_init(struct hci_dev *hdev) 685 { 686 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 687 struct ps_data *psdata = &nxpdev->psdata; 688 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE; 689 690 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS); 691 usleep_range(5000, 10000); 692 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0); 693 usleep_range(5000, 10000); 694 695 psdata->ps_state = PS_STATE_AWAKE; 696 697 if (psdata->c2h_wakeup_gpio != 0xff) 698 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_GPIO; 699 else 700 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE; 701 702 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID; 703 if (psdata->h2c_ps_gpio) 704 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO; 705 706 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS; 707 708 switch (default_h2c_wakeup_mode) { 709 case WAKEUP_METHOD_GPIO: 710 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO; 711 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0); 712 usleep_range(5000, 10000); 713 break; 714 case WAKEUP_METHOD_DTR: 715 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 716 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 717 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 718 break; 719 case WAKEUP_METHOD_BREAK: 720 default: 721 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 722 serdev_device_break_ctl(nxpdev->serdev, -1); 723 usleep_range(5000, 10000); 724 serdev_device_break_ctl(nxpdev->serdev, 0); 725 usleep_range(5000, 10000); 726 break; 727 } 728 729 psdata->cur_psmode = PS_MODE_DISABLE; 730 psdata->target_ps_mode = DEFAULT_PS_MODE; 731 } 732 733 /* NXP Firmware Download Feature */ 734 static int nxp_download_firmware(struct hci_dev *hdev) 735 { 736 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 737 int err = 0; 738 739 nxpdev->fw_dnld_v1_offset = 0; 740 nxpdev->fw_v1_sent_bytes = 0; 741 nxpdev->fw_v1_expected_len = HDR_LEN; 742 nxpdev->boot_reg_offset = 0; 743 nxpdev->fw_dnld_v3_offset = 0; 744 nxpdev->fw_v3_offset_correction = 0; 745 nxpdev->baudrate_changed = not_changed; 746 nxpdev->timeout_changed = not_changed; 747 nxpdev->helper_downloaded = false; 748 749 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 750 serdev_device_set_flow_control(nxpdev->serdev, false); 751 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE; 752 753 /* Wait till FW is downloaded */ 754 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q, 755 !test_bit(BTNXPUART_FW_DOWNLOADING, 756 &nxpdev->tx_state), 757 msecs_to_jiffies(60000)); 758 759 if (nxpdev->fw && strlen(nxpdev->fw_name)) { 760 release_firmware(nxpdev->fw); 761 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 762 } 763 764 if (err == 0) { 765 bt_dev_err(hdev, "FW Download Timeout. offset: %d", 766 nxpdev->fw_dnld_v1_offset ? 767 nxpdev->fw_dnld_v1_offset : 768 nxpdev->fw_dnld_v3_offset); 769 return -ETIMEDOUT; 770 } 771 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) { 772 bt_dev_err(hdev, "FW Download Aborted"); 773 return -EINTR; 774 } 775 776 serdev_device_set_flow_control(nxpdev->serdev, true); 777 778 /* Allow the downloaded FW to initialize */ 779 msleep(1200); 780 781 return 0; 782 } 783 784 static void nxp_send_ack(u8 ack, struct hci_dev *hdev) 785 { 786 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 787 u8 ack_nak[2]; 788 int len = 1; 789 790 ack_nak[0] = ack; 791 if (ack == NXP_ACK_V3) { 792 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff); 793 len = 2; 794 } 795 serdev_device_write_buf(nxpdev->serdev, ack_nak, len); 796 } 797 798 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len) 799 { 800 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 801 struct nxp_bootloader_cmd nxp_cmd5; 802 struct uart_config uart_config; 803 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset; 804 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset; 805 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset; 806 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset; 807 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset; 808 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset; 809 810 if (req_len == sizeof(nxp_cmd5)) { 811 nxp_cmd5.header = __cpu_to_le32(5); 812 nxp_cmd5.arg = 0; 813 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); 814 /* FW expects swapped CRC bytes */ 815 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5, 816 sizeof(nxp_cmd5) - 4)); 817 818 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5)); 819 nxpdev->fw_v3_offset_correction += req_len; 820 } else if (req_len == sizeof(uart_config)) { 821 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr); 822 if (nxpdev->new_baudrate == HCI_NXP_SEC_BAUDRATE_4M) 823 uart_config.clkdiv.value = __cpu_to_le32(0x01000000); 824 else 825 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000); 826 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr); 827 uart_config.uartdiv.value = __cpu_to_le32(1); 828 uart_config.mcr.address = __cpu_to_le32(uartmcraddr); 829 uart_config.mcr.value = __cpu_to_le32(MCR); 830 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr); 831 uart_config.re_init.value = __cpu_to_le32(INIT); 832 uart_config.icr.address = __cpu_to_le32(uarticraddr); 833 uart_config.icr.value = __cpu_to_le32(ICR); 834 uart_config.fcr.address = __cpu_to_le32(uartfcraddr); 835 uart_config.fcr.value = __cpu_to_le32(FCR); 836 /* FW expects swapped CRC bytes */ 837 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config, 838 sizeof(uart_config) - 4)); 839 840 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config)); 841 serdev_device_wait_until_sent(nxpdev->serdev, 0); 842 nxpdev->fw_v3_offset_correction += req_len; 843 return true; 844 } 845 return false; 846 } 847 848 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len) 849 { 850 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 851 struct nxp_bootloader_cmd nxp_cmd7; 852 853 if (req_len != sizeof(nxp_cmd7)) 854 return false; 855 856 nxp_cmd7.header = __cpu_to_le32(7); 857 nxp_cmd7.arg = __cpu_to_le32(0x70); 858 nxp_cmd7.payload_len = 0; 859 /* FW expects swapped CRC bytes */ 860 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7, 861 sizeof(nxp_cmd7) - 4)); 862 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7)); 863 serdev_device_wait_until_sent(nxpdev->serdev, 0); 864 nxpdev->fw_v3_offset_correction += req_len; 865 return true; 866 } 867 868 static u32 nxp_get_data_len(const u8 *buf) 869 { 870 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf; 871 872 return __le32_to_cpu(hdr->payload_len); 873 } 874 875 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev) 876 { 877 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 878 } 879 880 static bool ind_reset_in_progress(struct btnxpuart_dev *nxpdev) 881 { 882 return test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 883 } 884 885 static bool fw_dump_in_progress(struct btnxpuart_dev *nxpdev) 886 { 887 return test_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state); 888 } 889 890 static bool process_boot_signature(struct btnxpuart_dev *nxpdev) 891 { 892 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) { 893 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 894 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 895 return false; 896 } 897 return is_fw_downloading(nxpdev); 898 } 899 900 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name, 901 const char *fw_name_old) 902 { 903 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 904 const char *fw_name_dt; 905 int err = 0; 906 907 if (!fw_name) 908 return -ENOENT; 909 910 if (!strlen(nxpdev->fw_name)) { 911 if (strcmp(fw_name, FIRMWARE_HELPER) && 912 !device_property_read_string(&nxpdev->serdev->dev, 913 "firmware-name", 914 &fw_name_dt)) 915 fw_name = fw_name_dt; 916 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name); 917 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 918 if (err < 0 && fw_name_old) { 919 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old); 920 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 921 } 922 923 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name); 924 if (err < 0) { 925 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name); 926 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 927 } 928 } 929 return err; 930 } 931 932 /* for legacy chipsets with V1 bootloader */ 933 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb) 934 { 935 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 936 struct v1_start_ind *req; 937 __u16 chip_id; 938 939 req = skb_pull_data(skb, sizeof(*req)); 940 if (!req) 941 goto free_skb; 942 943 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp); 944 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) { 945 nxpdev->fw_dnld_v1_offset = 0; 946 nxpdev->fw_v1_sent_bytes = 0; 947 nxpdev->fw_v1_expected_len = HDR_LEN; 948 release_firmware(nxpdev->fw); 949 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 950 nxp_send_ack(NXP_ACK_V1, hdev); 951 } 952 953 free_skb: 954 kfree_skb(skb); 955 return 0; 956 } 957 958 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb) 959 { 960 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 961 struct btnxpuart_data *nxp_data = nxpdev->nxp_data; 962 struct v1_data_req *req; 963 __u16 len; 964 965 if (!process_boot_signature(nxpdev)) 966 goto free_skb; 967 968 req = skb_pull_data(skb, sizeof(*req)); 969 if (!req) 970 goto free_skb; 971 972 len = __le16_to_cpu(req->len ^ req->len_comp); 973 if (len != 0xffff) { 974 bt_dev_dbg(hdev, "ERR: Send NAK"); 975 nxp_send_ack(NXP_NAK_V1, hdev); 976 goto free_skb; 977 } 978 nxp_send_ack(NXP_ACK_V1, hdev); 979 980 len = __le16_to_cpu(req->len); 981 982 if (!nxp_data->helper_fw_name) { 983 if (nxpdev->timeout_changed != changed) { 984 nxp_fw_change_timeout(hdev, len); 985 nxpdev->timeout_changed = changed; 986 goto free_skb; 987 } 988 if (nxpdev->baudrate_changed != changed) { 989 nxpdev->new_baudrate = nxpdev->secondary_baudrate; 990 if (nxp_fw_change_baudrate(hdev, len)) { 991 nxpdev->baudrate_changed = changed; 992 serdev_device_set_baudrate(nxpdev->serdev, 993 nxpdev->secondary_baudrate); 994 serdev_device_set_flow_control(nxpdev->serdev, true); 995 nxpdev->current_baudrate = nxpdev->secondary_baudrate; 996 } 997 goto free_skb; 998 } 999 } 1000 1001 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) { 1002 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old)) 1003 goto free_skb; 1004 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 1005 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL)) 1006 goto free_skb; 1007 } 1008 1009 if (!len) { 1010 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 1011 nxpdev->fw->size); 1012 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 1013 nxpdev->helper_downloaded = true; 1014 serdev_device_wait_until_sent(nxpdev->serdev, 0); 1015 serdev_device_set_baudrate(nxpdev->serdev, 1016 HCI_NXP_SEC_BAUDRATE_3M); 1017 serdev_device_set_flow_control(nxpdev->serdev, true); 1018 } else { 1019 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1020 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1021 } 1022 goto free_skb; 1023 } 1024 if (len & 0x01) { 1025 /* The CRC did not match at the other end. 1026 * Simply send the same bytes again. 1027 */ 1028 len = nxpdev->fw_v1_sent_bytes; 1029 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len); 1030 } else { 1031 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes; 1032 1033 /* The FW bin file is made up of many blocks of 1034 * 16 byte header and payload data chunks. If the 1035 * FW has requested a header, read the payload length 1036 * info from the header, before sending the header. 1037 * In the next iteration, the FW should request the 1038 * payload data chunk, which should be equal to the 1039 * payload length read from header. If there is a 1040 * mismatch, clearly the driver and FW are out of sync, 1041 * and we need to re-send the previous header again. 1042 */ 1043 if (len == nxpdev->fw_v1_expected_len) { 1044 if (len == HDR_LEN) 1045 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data + 1046 nxpdev->fw_dnld_v1_offset); 1047 else 1048 nxpdev->fw_v1_expected_len = HDR_LEN; 1049 } else if (len == HDR_LEN) { 1050 /* FW download out of sync. Send previous chunk again */ 1051 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes; 1052 nxpdev->fw_v1_expected_len = HDR_LEN; 1053 } 1054 } 1055 1056 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size) 1057 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1058 nxpdev->fw_dnld_v1_offset, len); 1059 nxpdev->fw_v1_sent_bytes = len; 1060 1061 free_skb: 1062 kfree_skb(skb); 1063 return 0; 1064 } 1065 1066 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 1067 u8 loader_ver) 1068 { 1069 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1070 char *fw_name = NULL; 1071 1072 switch (chipid) { 1073 case CHIP_ID_W9098: 1074 fw_name = FIRMWARE_W9098; 1075 break; 1076 case CHIP_ID_IW416: 1077 fw_name = FIRMWARE_IW416; 1078 break; 1079 case CHIP_ID_IW612: 1080 fw_name = FIRMWARE_IW612; 1081 break; 1082 case CHIP_ID_IW624a: 1083 case CHIP_ID_IW624c: 1084 nxpdev->boot_reg_offset = 1; 1085 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1086 fw_name = FIRMWARE_IW624; 1087 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1088 fw_name = FIRMWARE_SECURE_IW624; 1089 else 1090 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1091 break; 1092 case CHIP_ID_AW693a0: 1093 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1094 fw_name = FIRMWARE_AW693; 1095 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1096 fw_name = FIRMWARE_SECURE_AW693; 1097 else 1098 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1099 break; 1100 case CHIP_ID_AW693a1: 1101 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1102 fw_name = FIRMWARE_AW693_A1; 1103 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1104 fw_name = FIRMWARE_SECURE_AW693_A1; 1105 else 1106 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1107 break; 1108 case CHIP_ID_IW610a0: 1109 case CHIP_ID_IW610a1: 1110 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1111 fw_name = FIRMWARE_IW610; 1112 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1113 fw_name = FIRMWARE_SECURE_IW610; 1114 else 1115 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1116 break; 1117 default: 1118 bt_dev_err(hdev, "Unknown chip signature %04x", chipid); 1119 break; 1120 } 1121 return fw_name; 1122 } 1123 1124 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 1125 u8 loader_ver) 1126 { 1127 char *fw_name_old = NULL; 1128 1129 switch (chipid) { 1130 case CHIP_ID_W9098: 1131 fw_name_old = FIRMWARE_W9098_OLD; 1132 break; 1133 case CHIP_ID_IW416: 1134 fw_name_old = FIRMWARE_IW416_OLD; 1135 break; 1136 } 1137 return fw_name_old; 1138 } 1139 1140 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb) 1141 { 1142 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req)); 1143 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1144 const char *fw_name; 1145 const char *fw_name_old; 1146 u16 chip_id; 1147 u8 loader_ver; 1148 1149 if (!process_boot_signature(nxpdev)) 1150 goto free_skb; 1151 1152 chip_id = le16_to_cpu(req->chip_id); 1153 loader_ver = req->loader_ver; 1154 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver); 1155 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver); 1156 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver); 1157 if (!nxp_request_firmware(hdev, fw_name, fw_name_old)) 1158 nxp_send_ack(NXP_ACK_V3, hdev); 1159 1160 free_skb: 1161 kfree_skb(skb); 1162 return 0; 1163 } 1164 1165 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req) 1166 { 1167 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1168 __u32 offset = __le32_to_cpu(req->offset); 1169 __u16 err = __le16_to_cpu(req->error); 1170 union nxp_v3_rx_timeout_nak_u timeout_nak_buf; 1171 union nxp_v3_crc_nak_u crc_nak_buf; 1172 1173 if (err & NXP_CRC_RX_ERROR) { 1174 crc_nak_buf.pkt.nak = NXP_CRC_ERROR_V3; 1175 crc_nak_buf.pkt.crc = crc8(crc8_table, crc_nak_buf.buf, 1176 sizeof(crc_nak_buf) - 1, 0xff); 1177 serdev_device_write_buf(nxpdev->serdev, crc_nak_buf.buf, 1178 sizeof(crc_nak_buf)); 1179 } else if (err & NXP_ACK_RX_TIMEOUT || 1180 err & NXP_HDR_RX_TIMEOUT || 1181 err & NXP_DATA_RX_TIMEOUT) { 1182 timeout_nak_buf.pkt.nak = NXP_NAK_V3; 1183 timeout_nak_buf.pkt.offset = __cpu_to_le32(offset); 1184 timeout_nak_buf.pkt.crc = crc8(crc8_table, timeout_nak_buf.buf, 1185 sizeof(timeout_nak_buf) - 1, 0xff); 1186 serdev_device_write_buf(nxpdev->serdev, timeout_nak_buf.buf, 1187 sizeof(timeout_nak_buf)); 1188 } else { 1189 bt_dev_err(hdev, "Unknown bootloader error code: %d", err); 1190 } 1191 } 1192 1193 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb) 1194 { 1195 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1196 struct v3_data_req *req; 1197 __u16 len = 0; 1198 __u16 err = 0; 1199 __u32 offset; 1200 1201 if (!process_boot_signature(nxpdev)) 1202 goto free_skb; 1203 1204 req = skb_pull_data(skb, sizeof(*req)); 1205 if (!req || !nxpdev->fw) 1206 goto free_skb; 1207 1208 err = __le16_to_cpu(req->error); 1209 1210 if (!err) { 1211 nxp_send_ack(NXP_ACK_V3, hdev); 1212 if (nxpdev->timeout_changed == cmd_sent) 1213 nxpdev->timeout_changed = changed; 1214 if (nxpdev->baudrate_changed == cmd_sent) 1215 nxpdev->baudrate_changed = changed; 1216 } else { 1217 nxp_handle_fw_download_error(hdev, req); 1218 if (nxpdev->timeout_changed == cmd_sent && 1219 err == NXP_CRC_RX_ERROR) { 1220 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent; 1221 nxpdev->timeout_changed = not_changed; 1222 } 1223 if (nxpdev->baudrate_changed == cmd_sent && 1224 err == NXP_CRC_RX_ERROR) { 1225 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent; 1226 nxpdev->baudrate_changed = not_changed; 1227 } 1228 goto free_skb; 1229 } 1230 1231 len = __le16_to_cpu(req->len); 1232 1233 if (nxpdev->timeout_changed != changed) { 1234 nxp_fw_change_timeout(hdev, len); 1235 nxpdev->timeout_changed = cmd_sent; 1236 goto free_skb; 1237 } 1238 1239 if (nxpdev->baudrate_changed != changed) { 1240 nxpdev->new_baudrate = nxpdev->secondary_baudrate; 1241 if (nxp_fw_change_baudrate(hdev, len)) { 1242 nxpdev->baudrate_changed = cmd_sent; 1243 serdev_device_set_baudrate(nxpdev->serdev, 1244 nxpdev->secondary_baudrate); 1245 serdev_device_set_flow_control(nxpdev->serdev, true); 1246 nxpdev->current_baudrate = nxpdev->secondary_baudrate; 1247 } 1248 goto free_skb; 1249 } 1250 1251 if (req->len == 0) { 1252 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 1253 nxpdev->fw->size); 1254 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1255 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1256 goto free_skb; 1257 } 1258 1259 offset = __le32_to_cpu(req->offset); 1260 if (offset < nxpdev->fw_v3_offset_correction) { 1261 /* This scenario should ideally never occur. But if it ever does, 1262 * FW is out of sync and needs a power cycle. 1263 */ 1264 bt_dev_err(hdev, "Something went wrong during FW download"); 1265 bt_dev_err(hdev, "Please power cycle and try again"); 1266 goto free_skb; 1267 } 1268 1269 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction; 1270 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1271 nxpdev->fw_dnld_v3_offset, len); 1272 1273 free_skb: 1274 nxpdev->fw_v3_prev_sent = len; 1275 kfree_skb(skb); 1276 return 0; 1277 } 1278 1279 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data) 1280 { 1281 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1282 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate); 1283 struct ps_data *psdata = &nxpdev->psdata; 1284 struct sk_buff *skb; 1285 u8 *status; 1286 1287 if (!psdata) 1288 return 0; 1289 1290 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, 1291 (u8 *)&new_baudrate, true); 1292 if (IS_ERR(skb)) { 1293 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb)); 1294 return PTR_ERR(skb); 1295 } 1296 1297 status = (u8 *)skb_pull_data(skb, 1); 1298 if (status) { 1299 if (*status == 0) { 1300 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate); 1301 nxpdev->current_baudrate = nxpdev->new_baudrate; 1302 } 1303 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d", 1304 *status, nxpdev->new_baudrate); 1305 } 1306 kfree_skb(skb); 1307 1308 return 0; 1309 } 1310 1311 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev) 1312 { 1313 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 1314 if (ind_reset_in_progress(nxpdev)) 1315 serdev_device_set_flow_control(nxpdev->serdev, false); 1316 else 1317 serdev_device_set_flow_control(nxpdev->serdev, true); 1318 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 1319 1320 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q, 1321 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, 1322 &nxpdev->tx_state), 1323 msecs_to_jiffies(1000)); 1324 } 1325 1326 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data) 1327 { 1328 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR, 1329 0x01, BTNXPUART_IR_HW_ERR }; 1330 struct sk_buff *skb; 1331 1332 skb = bt_skb_alloc(3, GFP_ATOMIC); 1333 if (!skb) 1334 return -ENOMEM; 1335 1336 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1337 skb_put_data(skb, ir_hw_err, 3); 1338 1339 /* Inject Hardware Error to upper stack */ 1340 return hci_recv_frame(hdev, skb); 1341 } 1342 1343 /* Firmware dump */ 1344 static void nxp_coredump(struct hci_dev *hdev) 1345 { 1346 struct sk_buff *skb; 1347 u8 pcmd = 2; 1348 1349 skb = nxp_drv_send_cmd(hdev, HCI_NXP_TRIGGER_DUMP, 1, &pcmd, true); 1350 if (IS_ERR(skb)) 1351 bt_dev_err(hdev, "Failed to trigger FW Dump. (%ld)", PTR_ERR(skb)); 1352 else 1353 kfree_skb(skb); 1354 } 1355 1356 static void nxp_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 1357 { 1358 /* Nothing to be added in FW dump header */ 1359 } 1360 1361 static int nxp_process_fw_dump(struct hci_dev *hdev, struct sk_buff *skb) 1362 { 1363 struct hci_acl_hdr *acl_hdr = (struct hci_acl_hdr *)skb_pull_data(skb, 1364 sizeof(*acl_hdr)); 1365 struct nxp_fw_dump_hdr *fw_dump_hdr = (struct nxp_fw_dump_hdr *)skb->data; 1366 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1367 __u16 seq_num = __le16_to_cpu(fw_dump_hdr->seq_num); 1368 __u16 buf_len = __le16_to_cpu(fw_dump_hdr->buf_len); 1369 int err; 1370 1371 if (seq_num == 0x0001) { 1372 if (test_and_set_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state)) { 1373 bt_dev_err(hdev, "FW dump already in progress"); 1374 goto free_skb; 1375 } 1376 bt_dev_warn(hdev, "==== Start FW dump ==="); 1377 err = hci_devcd_init(hdev, NXP_FW_DUMP_SIZE); 1378 if (err < 0) 1379 goto free_skb; 1380 1381 schedule_delayed_work(&hdev->dump.dump_timeout, 1382 msecs_to_jiffies(20000)); 1383 } 1384 1385 err = hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC)); 1386 if (err < 0) 1387 goto free_skb; 1388 1389 if (buf_len == 0) { 1390 bt_dev_warn(hdev, "==== FW dump complete ==="); 1391 hci_devcd_complete(hdev); 1392 nxp_set_ind_reset(hdev, NULL); 1393 } 1394 1395 free_skb: 1396 kfree_skb(skb); 1397 return 0; 1398 } 1399 1400 static int nxp_recv_acl_pkt(struct hci_dev *hdev, struct sk_buff *skb) 1401 { 1402 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle); 1403 1404 /* FW dump chunks are ACL packets with conn handle 0xfff */ 1405 if ((handle & 0x0FFF) == 0xFFF) 1406 return nxp_process_fw_dump(hdev, skb); 1407 else 1408 return hci_recv_frame(hdev, skb); 1409 } 1410 1411 static int nxp_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1412 { 1413 union nxp_set_bd_addr_payload pcmd; 1414 int err; 1415 1416 pcmd.data.param_id = 0xfe; 1417 pcmd.data.param_len = 6; 1418 memcpy(pcmd.data.param, bdaddr, 6); 1419 1420 /* BD address can be assigned only after first reset command. */ 1421 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL, 1422 HCI_INIT_TIMEOUT); 1423 if (err) { 1424 bt_dev_err(hdev, 1425 "Reset before setting local-bd-addr failed (%d)", 1426 err); 1427 return err; 1428 } 1429 1430 err = __hci_cmd_sync_status(hdev, HCI_NXP_SET_BD_ADDR, sizeof(pcmd), 1431 pcmd.buf, HCI_CMD_TIMEOUT); 1432 if (err) { 1433 bt_dev_err(hdev, "Changing device address failed (%d)", err); 1434 return err; 1435 } 1436 1437 return 0; 1438 } 1439 1440 /* NXP protocol */ 1441 static int nxp_setup(struct hci_dev *hdev) 1442 { 1443 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1444 struct serdev_device *serdev = nxpdev->serdev; 1445 char device_string[30]; 1446 char event_string[50]; 1447 char *envp[] = {device_string, event_string, NULL}; 1448 int err = 0; 1449 1450 if (nxp_check_boot_sign(nxpdev)) { 1451 bt_dev_dbg(hdev, "Need FW Download."); 1452 err = nxp_download_firmware(hdev); 1453 if (err < 0) 1454 return err; 1455 } else { 1456 bt_dev_info(hdev, "FW already running."); 1457 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1458 } 1459 1460 snprintf(device_string, 30, "BTNXPUART_DEV=%s", dev_name(&serdev->dev)); 1461 snprintf(event_string, 50, "BTNXPUART_STATE=FW_READY"); 1462 bt_dev_dbg(hdev, "==== Send uevent: %s:%s ===", device_string, 1463 event_string); 1464 kobject_uevent_env(&serdev->dev.kobj, KOBJ_CHANGE, envp); 1465 1466 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate); 1467 nxpdev->current_baudrate = nxpdev->fw_init_baudrate; 1468 1469 ps_init(hdev); 1470 1471 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1472 hci_dev_clear_flag(hdev, HCI_SETUP); 1473 1474 return 0; 1475 } 1476 1477 static int nxp_post_init(struct hci_dev *hdev) 1478 { 1479 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1480 struct ps_data *psdata = &nxpdev->psdata; 1481 1482 if (nxpdev->current_baudrate != nxpdev->secondary_baudrate) { 1483 nxpdev->new_baudrate = nxpdev->secondary_baudrate; 1484 nxp_set_baudrate_cmd(hdev, NULL); 1485 } 1486 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode) 1487 send_wakeup_method_cmd(hdev, NULL); 1488 if (psdata->cur_psmode != psdata->target_ps_mode) 1489 send_ps_cmd(hdev, NULL); 1490 return 0; 1491 } 1492 1493 static void nxp_hw_err(struct hci_dev *hdev, u8 code) 1494 { 1495 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1496 1497 switch (code) { 1498 case BTNXPUART_IR_HW_ERR: 1499 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 1500 hci_dev_set_flag(hdev, HCI_SETUP); 1501 break; 1502 default: 1503 break; 1504 } 1505 } 1506 1507 static int nxp_shutdown(struct hci_dev *hdev) 1508 { 1509 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1510 struct sk_buff *skb; 1511 u8 pcmd = 0; 1512 1513 if (ind_reset_in_progress(nxpdev)) { 1514 if (test_and_clear_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, 1515 &nxpdev->tx_state)) 1516 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, 1517 &pcmd, false); 1518 else 1519 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, 1520 &pcmd, true); 1521 serdev_device_set_flow_control(nxpdev->serdev, false); 1522 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1523 /* HCI_NXP_IND_RESET command may not returns any response */ 1524 if (!IS_ERR(skb)) 1525 kfree_skb(skb); 1526 } 1527 1528 return 0; 1529 } 1530 1531 static bool nxp_wakeup(struct hci_dev *hdev) 1532 { 1533 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1534 struct ps_data *psdata = &nxpdev->psdata; 1535 1536 if (psdata->c2h_wakeupmode != BT_HOST_WAKEUP_METHOD_NONE) 1537 return true; 1538 1539 return false; 1540 } 1541 1542 static void nxp_reset(struct hci_dev *hdev) 1543 { 1544 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1545 1546 if (!ind_reset_in_progress(nxpdev) && !fw_dump_in_progress(nxpdev)) { 1547 bt_dev_dbg(hdev, "CMD Timeout detected. Resetting."); 1548 nxp_set_ind_reset(hdev, NULL); 1549 } 1550 } 1551 1552 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb) 1553 { 1554 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1555 1556 /* Prepend skb with frame type */ 1557 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1558 skb_queue_tail(&nxpdev->txq, skb); 1559 btnxpuart_tx_wakeup(nxpdev); 1560 return 0; 1561 } 1562 1563 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb) 1564 { 1565 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1566 struct ps_data *psdata = &nxpdev->psdata; 1567 struct hci_command_hdr *hdr; 1568 struct psmode_cmd_payload ps_parm; 1569 struct wakeup_cmd_payload wakeup_parm; 1570 __le32 baudrate_parm; 1571 1572 if (fw_dump_in_progress(nxpdev)) 1573 return -EBUSY; 1574 1575 /* if vendor commands are received from user space (e.g. hcitool), update 1576 * driver flags accordingly and ask driver to re-send the command to FW. 1577 * In case the payload for any command does not match expected payload 1578 * length, let the firmware and user space program handle it, or throw 1579 * an error. 1580 */ 1581 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) { 1582 hdr = (struct hci_command_hdr *)skb->data; 1583 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE)) 1584 return btnxpuart_queue_skb(hdev, skb); 1585 1586 switch (__le16_to_cpu(hdr->opcode)) { 1587 case HCI_NXP_AUTO_SLEEP_MODE: 1588 if (hdr->plen == sizeof(ps_parm)) { 1589 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1590 if (ps_parm.ps_cmd == BT_PS_ENABLE) 1591 psdata->target_ps_mode = PS_MODE_ENABLE; 1592 else if (ps_parm.ps_cmd == BT_PS_DISABLE) 1593 psdata->target_ps_mode = PS_MODE_DISABLE; 1594 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval); 1595 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 1596 goto free_skb; 1597 } 1598 break; 1599 case HCI_NXP_WAKEUP_METHOD: 1600 if (hdr->plen == sizeof(wakeup_parm)) { 1601 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1602 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode; 1603 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio; 1604 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio; 1605 switch (wakeup_parm.h2c_wakeupmode) { 1606 case BT_CTRL_WAKEUP_METHOD_GPIO: 1607 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO; 1608 break; 1609 case BT_CTRL_WAKEUP_METHOD_DSR: 1610 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 1611 break; 1612 case BT_CTRL_WAKEUP_METHOD_BREAK: 1613 default: 1614 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 1615 break; 1616 } 1617 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 1618 goto free_skb; 1619 } 1620 break; 1621 case HCI_NXP_SET_OPER_SPEED: 1622 if (hdr->plen == sizeof(baudrate_parm)) { 1623 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1624 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm); 1625 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1626 goto free_skb; 1627 } 1628 break; 1629 case HCI_NXP_IND_RESET: 1630 if (hdr->plen == 1) { 1631 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL); 1632 goto free_skb; 1633 } 1634 break; 1635 default: 1636 break; 1637 } 1638 } 1639 1640 return btnxpuart_queue_skb(hdev, skb); 1641 1642 free_skb: 1643 kfree_skb(skb); 1644 return 0; 1645 } 1646 1647 static struct sk_buff *nxp_dequeue(void *data) 1648 { 1649 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data; 1650 1651 ps_start_timer(nxpdev); 1652 return skb_dequeue(&nxpdev->txq); 1653 } 1654 1655 /* btnxpuart based on serdev */ 1656 static void btnxpuart_tx_work(struct work_struct *work) 1657 { 1658 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev, 1659 tx_work); 1660 struct serdev_device *serdev = nxpdev->serdev; 1661 struct hci_dev *hdev = nxpdev->hdev; 1662 struct sk_buff *skb; 1663 int len; 1664 1665 if (ps_wakeup(nxpdev)) 1666 return; 1667 1668 while ((skb = nxp_dequeue(nxpdev))) { 1669 len = serdev_device_write_buf(serdev, skb->data, skb->len); 1670 hdev->stat.byte_tx += len; 1671 1672 skb_pull(skb, len); 1673 if (skb->len > 0) { 1674 skb_queue_head(&nxpdev->txq, skb); 1675 continue; 1676 } 1677 1678 switch (hci_skb_pkt_type(skb)) { 1679 case HCI_COMMAND_PKT: 1680 hdev->stat.cmd_tx++; 1681 break; 1682 case HCI_ACLDATA_PKT: 1683 hdev->stat.acl_tx++; 1684 break; 1685 case HCI_SCODATA_PKT: 1686 hdev->stat.sco_tx++; 1687 break; 1688 } 1689 1690 kfree_skb(skb); 1691 } 1692 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 1693 } 1694 1695 static int btnxpuart_open(struct hci_dev *hdev) 1696 { 1697 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1698 int err = 0; 1699 1700 err = serdev_device_open(nxpdev->serdev); 1701 if (err) { 1702 bt_dev_err(hdev, "Unable to open UART device %s", 1703 dev_name(&nxpdev->serdev->dev)); 1704 } else { 1705 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1706 } 1707 return err; 1708 } 1709 1710 static int btnxpuart_close(struct hci_dev *hdev) 1711 { 1712 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1713 1714 serdev_device_close(nxpdev->serdev); 1715 skb_queue_purge(&nxpdev->txq); 1716 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1717 kfree_skb(nxpdev->rx_skb); 1718 nxpdev->rx_skb = NULL; 1719 } 1720 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1721 return 0; 1722 } 1723 1724 static int btnxpuart_flush(struct hci_dev *hdev) 1725 { 1726 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1727 1728 /* Flush any pending characters */ 1729 serdev_device_write_flush(nxpdev->serdev); 1730 skb_queue_purge(&nxpdev->txq); 1731 1732 cancel_work_sync(&nxpdev->tx_work); 1733 1734 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1735 kfree_skb(nxpdev->rx_skb); 1736 nxpdev->rx_skb = NULL; 1737 } 1738 1739 return 0; 1740 } 1741 1742 static const struct h4_recv_pkt nxp_recv_pkts[] = { 1743 { H4_RECV_ACL, .recv = nxp_recv_acl_pkt }, 1744 { H4_RECV_SCO, .recv = hci_recv_frame }, 1745 { H4_RECV_EVENT, .recv = hci_recv_frame }, 1746 { H4_RECV_ISO, .recv = hci_recv_frame }, 1747 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 }, 1748 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 }, 1749 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 }, 1750 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 }, 1751 }; 1752 1753 static size_t btnxpuart_receive_buf(struct serdev_device *serdev, 1754 const u8 *data, size_t count) 1755 { 1756 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1757 1758 ps_start_timer(nxpdev); 1759 1760 nxpdev->rx_skb = h4_recv_buf(&nxpdev->hu, nxpdev->rx_skb, data, count, 1761 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts)); 1762 if (IS_ERR(nxpdev->rx_skb)) { 1763 int err = PTR_ERR(nxpdev->rx_skb); 1764 /* Safe to ignore out-of-sync bootloader signatures */ 1765 if (!is_fw_downloading(nxpdev) && 1766 !ind_reset_in_progress(nxpdev)) 1767 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1768 return count; 1769 } 1770 if (!is_fw_downloading(nxpdev) && 1771 !ind_reset_in_progress(nxpdev)) 1772 nxpdev->hdev->stat.byte_rx += count; 1773 return count; 1774 } 1775 1776 static void btnxpuart_write_wakeup(struct serdev_device *serdev) 1777 { 1778 serdev_device_write_wakeup(serdev); 1779 } 1780 1781 static const struct serdev_device_ops btnxpuart_client_ops = { 1782 .receive_buf = btnxpuart_receive_buf, 1783 .write_wakeup = btnxpuart_write_wakeup, 1784 }; 1785 1786 static void nxp_coredump_notify(struct hci_dev *hdev, int state) 1787 { 1788 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1789 struct serdev_device *serdev = nxpdev->serdev; 1790 char device_string[30]; 1791 char event_string[50]; 1792 char *envp[] = {device_string, event_string, NULL}; 1793 1794 snprintf(device_string, 30, "BTNXPUART_DEV=%s", dev_name(&serdev->dev)); 1795 switch (state) { 1796 case HCI_DEVCOREDUMP_ACTIVE: 1797 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_ACTIVE"); 1798 break; 1799 case HCI_DEVCOREDUMP_DONE: 1800 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_DONE"); 1801 break; 1802 case HCI_DEVCOREDUMP_TIMEOUT: 1803 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_TIMEOUT"); 1804 break; 1805 default: 1806 snprintf(event_string, 50, "BTNXPUART_STATE=FW_DUMP_STATE_%d", 1807 state); 1808 break; 1809 } 1810 bt_dev_dbg(hdev, "==== Send uevent: %s:%s ===", device_string, 1811 event_string); 1812 kobject_uevent_env(&serdev->dev.kobj, KOBJ_CHANGE, envp); 1813 } 1814 1815 static int nxp_serdev_probe(struct serdev_device *serdev) 1816 { 1817 struct hci_dev *hdev; 1818 struct btnxpuart_dev *nxpdev; 1819 bdaddr_t ba = {0}; 1820 int err; 1821 1822 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL); 1823 if (!nxpdev) 1824 return -ENOMEM; 1825 1826 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev); 1827 1828 nxpdev->serdev = serdev; 1829 serdev_device_set_drvdata(serdev, nxpdev); 1830 1831 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops); 1832 1833 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work); 1834 skb_queue_head_init(&nxpdev->txq); 1835 1836 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q); 1837 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q); 1838 1839 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate", 1840 &nxpdev->fw_init_baudrate); 1841 if (!nxpdev->fw_init_baudrate) 1842 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE; 1843 1844 device_property_read_u32(&nxpdev->serdev->dev, "max-speed", 1845 &nxpdev->secondary_baudrate); 1846 if (!nxpdev->secondary_baudrate || 1847 (nxpdev->secondary_baudrate != HCI_NXP_SEC_BAUDRATE_3M && 1848 nxpdev->secondary_baudrate != HCI_NXP_SEC_BAUDRATE_4M)) { 1849 if (nxpdev->secondary_baudrate) 1850 dev_err(&serdev->dev, 1851 "Invalid max-speed. Using default 3000000."); 1852 nxpdev->secondary_baudrate = HCI_NXP_SEC_BAUDRATE_3M; 1853 } 1854 1855 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1856 1857 crc8_populate_msb(crc8_table, POLYNOMIAL8); 1858 1859 nxpdev->pdn = devm_reset_control_get_optional_shared(&serdev->dev, NULL); 1860 if (IS_ERR(nxpdev->pdn)) 1861 return PTR_ERR(nxpdev->pdn); 1862 1863 err = devm_regulator_get_enable(&serdev->dev, "vcc"); 1864 if (err) { 1865 dev_err(&serdev->dev, "Failed to enable vcc regulator\n"); 1866 return err; 1867 } 1868 1869 /* Initialize and register HCI device */ 1870 hdev = hci_alloc_dev(); 1871 if (!hdev) { 1872 dev_err(&serdev->dev, "Can't allocate HCI device\n"); 1873 return -ENOMEM; 1874 } 1875 1876 reset_control_deassert(nxpdev->pdn); 1877 1878 nxpdev->hdev = hdev; 1879 nxpdev->hu.hdev = hdev; 1880 1881 hdev->bus = HCI_UART; 1882 hci_set_drvdata(hdev, nxpdev); 1883 1884 hdev->manufacturer = MANUFACTURER_NXP; 1885 hdev->open = btnxpuart_open; 1886 hdev->close = btnxpuart_close; 1887 hdev->flush = btnxpuart_flush; 1888 hdev->setup = nxp_setup; 1889 hdev->post_init = nxp_post_init; 1890 hdev->send = nxp_enqueue; 1891 hdev->hw_error = nxp_hw_err; 1892 hdev->shutdown = nxp_shutdown; 1893 hdev->wakeup = nxp_wakeup; 1894 hdev->reset = nxp_reset; 1895 hdev->set_bdaddr = nxp_set_bdaddr; 1896 SET_HCIDEV_DEV(hdev, &serdev->dev); 1897 1898 device_property_read_u8_array(&nxpdev->serdev->dev, 1899 "local-bd-address", 1900 (u8 *)&ba, sizeof(ba)); 1901 if (bacmp(&ba, BDADDR_ANY)) 1902 hci_set_quirk(hdev, HCI_QUIRK_USE_BDADDR_PROPERTY); 1903 1904 if (hci_register_dev(hdev) < 0) { 1905 dev_err(&serdev->dev, "Can't register HCI device\n"); 1906 goto probe_fail; 1907 } 1908 1909 if (ps_setup(hdev)) 1910 goto probe_fail; 1911 1912 hci_devcd_register(hdev, nxp_coredump, nxp_coredump_hdr, 1913 nxp_coredump_notify); 1914 1915 return 0; 1916 1917 probe_fail: 1918 reset_control_assert(nxpdev->pdn); 1919 hci_free_dev(hdev); 1920 return -ENODEV; 1921 } 1922 1923 static void nxp_serdev_remove(struct serdev_device *serdev) 1924 { 1925 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1926 struct hci_dev *hdev = nxpdev->hdev; 1927 1928 if (is_fw_downloading(nxpdev)) { 1929 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state); 1930 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1931 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 1932 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1933 } else { 1934 /* Restore FW baudrate to fw_init_baudrate if changed. 1935 * This will ensure FW baudrate is in sync with 1936 * driver baudrate in case this driver is re-inserted. 1937 */ 1938 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) { 1939 nxpdev->new_baudrate = nxpdev->fw_init_baudrate; 1940 nxp_set_baudrate_cmd(hdev, NULL); 1941 } 1942 } 1943 1944 ps_cleanup(nxpdev); 1945 hci_unregister_dev(hdev); 1946 reset_control_assert(nxpdev->pdn); 1947 hci_free_dev(hdev); 1948 } 1949 1950 #ifdef CONFIG_PM_SLEEP 1951 static int nxp_serdev_suspend(struct device *dev) 1952 { 1953 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1954 struct ps_data *psdata = &nxpdev->psdata; 1955 1956 ps_control(psdata->hdev, PS_STATE_SLEEP); 1957 1958 if (psdata->wakeup_source) { 1959 enable_irq_wake(psdata->irq_handler); 1960 enable_irq(psdata->irq_handler); 1961 } 1962 return 0; 1963 } 1964 1965 static int nxp_serdev_resume(struct device *dev) 1966 { 1967 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1968 struct ps_data *psdata = &nxpdev->psdata; 1969 1970 if (psdata->wakeup_source) { 1971 disable_irq(psdata->irq_handler); 1972 disable_irq_wake(psdata->irq_handler); 1973 } 1974 1975 ps_control(psdata->hdev, PS_STATE_AWAKE); 1976 return 0; 1977 } 1978 #endif 1979 1980 #ifdef CONFIG_DEV_COREDUMP 1981 static void nxp_serdev_coredump(struct device *dev) 1982 { 1983 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1984 struct hci_dev *hdev = nxpdev->hdev; 1985 1986 if (hdev->dump.coredump) 1987 hdev->dump.coredump(hdev); 1988 } 1989 #endif 1990 1991 static struct btnxpuart_data w8987_data __maybe_unused = { 1992 .helper_fw_name = NULL, 1993 .fw_name = FIRMWARE_W8987, 1994 .fw_name_old = FIRMWARE_W8987_OLD, 1995 }; 1996 1997 static struct btnxpuart_data w8997_data __maybe_unused = { 1998 .helper_fw_name = FIRMWARE_HELPER, 1999 .fw_name = FIRMWARE_W8997, 2000 .fw_name_old = FIRMWARE_W8997_OLD, 2001 }; 2002 2003 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = { 2004 { .compatible = "nxp,88w8987-bt", .data = &w8987_data }, 2005 { .compatible = "nxp,88w8997-bt", .data = &w8997_data }, 2006 { } 2007 }; 2008 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table); 2009 2010 static const struct dev_pm_ops nxp_pm_ops = { 2011 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume) 2012 }; 2013 2014 static struct serdev_device_driver nxp_serdev_driver = { 2015 .probe = nxp_serdev_probe, 2016 .remove = nxp_serdev_remove, 2017 .driver = { 2018 .name = "btnxpuart", 2019 .of_match_table = of_match_ptr(nxpuart_of_match_table), 2020 .pm = &nxp_pm_ops, 2021 #ifdef CONFIG_DEV_COREDUMP 2022 .coredump = nxp_serdev_coredump, 2023 #endif 2024 }, 2025 }; 2026 2027 module_serdev_device_driver(nxp_serdev_driver); 2028 2029 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>"); 2030 MODULE_DESCRIPTION("NXP Bluetooth Serial driver"); 2031 MODULE_LICENSE("GPL"); 2032