1 /* 2 * 3 * Bluetooth HCI UART driver for Intel devices 4 * 5 * Copyright (C) 2015 Intel Corporation 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/kernel.h> 25 #include <linux/errno.h> 26 #include <linux/skbuff.h> 27 #include <linux/firmware.h> 28 #include <linux/module.h> 29 #include <linux/wait.h> 30 #include <linux/tty.h> 31 #include <linux/platform_device.h> 32 #include <linux/gpio/consumer.h> 33 #include <linux/acpi.h> 34 #include <linux/interrupt.h> 35 #include <linux/pm_runtime.h> 36 37 #include <net/bluetooth/bluetooth.h> 38 #include <net/bluetooth/hci_core.h> 39 40 #include "hci_uart.h" 41 #include "btintel.h" 42 43 #define STATE_BOOTLOADER 0 44 #define STATE_DOWNLOADING 1 45 #define STATE_FIRMWARE_LOADED 2 46 #define STATE_FIRMWARE_FAILED 3 47 #define STATE_BOOTING 4 48 #define STATE_LPM_ENABLED 5 49 #define STATE_TX_ACTIVE 6 50 #define STATE_SUSPENDED 7 51 #define STATE_LPM_TRANSACTION 8 52 53 #define HCI_LPM_WAKE_PKT 0xf0 54 #define HCI_LPM_PKT 0xf1 55 #define HCI_LPM_MAX_SIZE 10 56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE 57 58 #define LPM_OP_TX_NOTIFY 0x00 59 #define LPM_OP_SUSPEND_ACK 0x02 60 #define LPM_OP_RESUME_ACK 0x03 61 62 #define LPM_SUSPEND_DELAY_MS 1000 63 64 struct hci_lpm_pkt { 65 __u8 opcode; 66 __u8 dlen; 67 __u8 data[0]; 68 } __packed; 69 70 struct intel_device { 71 struct list_head list; 72 struct platform_device *pdev; 73 struct gpio_desc *reset; 74 struct hci_uart *hu; 75 struct mutex hu_lock; 76 int irq; 77 }; 78 79 static LIST_HEAD(intel_device_list); 80 static DEFINE_MUTEX(intel_device_list_lock); 81 82 struct intel_data { 83 struct sk_buff *rx_skb; 84 struct sk_buff_head txq; 85 struct work_struct busy_work; 86 struct hci_uart *hu; 87 unsigned long flags; 88 }; 89 90 static u8 intel_convert_speed(unsigned int speed) 91 { 92 switch (speed) { 93 case 9600: 94 return 0x00; 95 case 19200: 96 return 0x01; 97 case 38400: 98 return 0x02; 99 case 57600: 100 return 0x03; 101 case 115200: 102 return 0x04; 103 case 230400: 104 return 0x05; 105 case 460800: 106 return 0x06; 107 case 921600: 108 return 0x07; 109 case 1843200: 110 return 0x08; 111 case 3250000: 112 return 0x09; 113 case 2000000: 114 return 0x0a; 115 case 3000000: 116 return 0x0b; 117 default: 118 return 0xff; 119 } 120 } 121 122 static int intel_wait_booting(struct hci_uart *hu) 123 { 124 struct intel_data *intel = hu->priv; 125 int err; 126 127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING, 128 TASK_INTERRUPTIBLE, 129 msecs_to_jiffies(1000)); 130 131 if (err == 1) { 132 bt_dev_err(hu->hdev, "Device boot interrupted"); 133 return -EINTR; 134 } 135 136 if (err) { 137 bt_dev_err(hu->hdev, "Device boot timeout"); 138 return -ETIMEDOUT; 139 } 140 141 return err; 142 } 143 144 #ifdef CONFIG_PM 145 static int intel_wait_lpm_transaction(struct hci_uart *hu) 146 { 147 struct intel_data *intel = hu->priv; 148 int err; 149 150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION, 151 TASK_INTERRUPTIBLE, 152 msecs_to_jiffies(1000)); 153 154 if (err == 1) { 155 bt_dev_err(hu->hdev, "LPM transaction interrupted"); 156 return -EINTR; 157 } 158 159 if (err) { 160 bt_dev_err(hu->hdev, "LPM transaction timeout"); 161 return -ETIMEDOUT; 162 } 163 164 return err; 165 } 166 167 static int intel_lpm_suspend(struct hci_uart *hu) 168 { 169 static const u8 suspend[] = { 0x01, 0x01, 0x01 }; 170 struct intel_data *intel = hu->priv; 171 struct sk_buff *skb; 172 173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 174 test_bit(STATE_SUSPENDED, &intel->flags)) 175 return 0; 176 177 if (test_bit(STATE_TX_ACTIVE, &intel->flags)) 178 return -EAGAIN; 179 180 bt_dev_dbg(hu->hdev, "Suspending"); 181 182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL); 183 if (!skb) { 184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 185 return -ENOMEM; 186 } 187 188 memcpy(skb_put(skb, sizeof(suspend)), suspend, sizeof(suspend)); 189 bt_cb(skb)->pkt_type = HCI_LPM_PKT; 190 191 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 192 193 /* LPM flow is a priority, enqueue packet at list head */ 194 skb_queue_head(&intel->txq, skb); 195 hci_uart_tx_wakeup(hu); 196 197 intel_wait_lpm_transaction(hu); 198 /* Even in case of failure, continue and test the suspended flag */ 199 200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 201 202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) { 203 bt_dev_err(hu->hdev, "Device suspend error"); 204 return -EINVAL; 205 } 206 207 bt_dev_dbg(hu->hdev, "Suspended"); 208 209 hci_uart_set_flow_control(hu, true); 210 211 return 0; 212 } 213 214 static int intel_lpm_resume(struct hci_uart *hu) 215 { 216 struct intel_data *intel = hu->priv; 217 struct sk_buff *skb; 218 219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 220 !test_bit(STATE_SUSPENDED, &intel->flags)) 221 return 0; 222 223 bt_dev_dbg(hu->hdev, "Resuming"); 224 225 hci_uart_set_flow_control(hu, false); 226 227 skb = bt_skb_alloc(0, GFP_KERNEL); 228 if (!skb) { 229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 230 return -ENOMEM; 231 } 232 233 bt_cb(skb)->pkt_type = HCI_LPM_WAKE_PKT; 234 235 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 236 237 /* LPM flow is a priority, enqueue packet at list head */ 238 skb_queue_head(&intel->txq, skb); 239 hci_uart_tx_wakeup(hu); 240 241 intel_wait_lpm_transaction(hu); 242 /* Even in case of failure, continue and test the suspended flag */ 243 244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 245 246 if (test_bit(STATE_SUSPENDED, &intel->flags)) { 247 bt_dev_err(hu->hdev, "Device resume error"); 248 return -EINVAL; 249 } 250 251 bt_dev_dbg(hu->hdev, "Resumed"); 252 253 return 0; 254 } 255 #endif /* CONFIG_PM */ 256 257 static int intel_lpm_host_wake(struct hci_uart *hu) 258 { 259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 }; 260 struct intel_data *intel = hu->priv; 261 struct sk_buff *skb; 262 263 hci_uart_set_flow_control(hu, false); 264 265 clear_bit(STATE_SUSPENDED, &intel->flags); 266 267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL); 268 if (!skb) { 269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 270 return -ENOMEM; 271 } 272 273 memcpy(skb_put(skb, sizeof(lpm_resume_ack)), lpm_resume_ack, 274 sizeof(lpm_resume_ack)); 275 bt_cb(skb)->pkt_type = HCI_LPM_PKT; 276 277 /* LPM flow is a priority, enqueue packet at list head */ 278 skb_queue_head(&intel->txq, skb); 279 hci_uart_tx_wakeup(hu); 280 281 bt_dev_dbg(hu->hdev, "Resumed by controller"); 282 283 return 0; 284 } 285 286 static irqreturn_t intel_irq(int irq, void *dev_id) 287 { 288 struct intel_device *idev = dev_id; 289 290 dev_info(&idev->pdev->dev, "hci_intel irq\n"); 291 292 mutex_lock(&idev->hu_lock); 293 if (idev->hu) 294 intel_lpm_host_wake(idev->hu); 295 mutex_unlock(&idev->hu_lock); 296 297 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */ 298 pm_runtime_get(&idev->pdev->dev); 299 pm_runtime_mark_last_busy(&idev->pdev->dev); 300 pm_runtime_put_autosuspend(&idev->pdev->dev); 301 302 return IRQ_HANDLED; 303 } 304 305 static int intel_set_power(struct hci_uart *hu, bool powered) 306 { 307 struct list_head *p; 308 int err = -ENODEV; 309 310 mutex_lock(&intel_device_list_lock); 311 312 list_for_each(p, &intel_device_list) { 313 struct intel_device *idev = list_entry(p, struct intel_device, 314 list); 315 316 /* tty device and pdev device should share the same parent 317 * which is the UART port. 318 */ 319 if (hu->tty->dev->parent != idev->pdev->dev.parent) 320 continue; 321 322 if (!idev->reset) { 323 err = -ENOTSUPP; 324 break; 325 } 326 327 BT_INFO("hu %p, Switching compatible pm device (%s) to %u", 328 hu, dev_name(&idev->pdev->dev), powered); 329 330 gpiod_set_value(idev->reset, powered); 331 332 /* Provide to idev a hu reference which is used to run LPM 333 * transactions (lpm suspend/resume) from PM callbacks. 334 * hu needs to be protected against concurrent removing during 335 * these PM ops. 336 */ 337 mutex_lock(&idev->hu_lock); 338 idev->hu = powered ? hu : NULL; 339 mutex_unlock(&idev->hu_lock); 340 341 if (idev->irq < 0) 342 break; 343 344 if (powered && device_can_wakeup(&idev->pdev->dev)) { 345 err = devm_request_threaded_irq(&idev->pdev->dev, 346 idev->irq, NULL, 347 intel_irq, 348 IRQF_ONESHOT, 349 "bt-host-wake", idev); 350 if (err) { 351 BT_ERR("hu %p, unable to allocate irq-%d", 352 hu, idev->irq); 353 break; 354 } 355 356 device_wakeup_enable(&idev->pdev->dev); 357 358 pm_runtime_set_active(&idev->pdev->dev); 359 pm_runtime_use_autosuspend(&idev->pdev->dev); 360 pm_runtime_set_autosuspend_delay(&idev->pdev->dev, 361 LPM_SUSPEND_DELAY_MS); 362 pm_runtime_enable(&idev->pdev->dev); 363 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) { 364 devm_free_irq(&idev->pdev->dev, idev->irq, idev); 365 device_wakeup_disable(&idev->pdev->dev); 366 367 pm_runtime_disable(&idev->pdev->dev); 368 } 369 } 370 371 mutex_unlock(&intel_device_list_lock); 372 373 return err; 374 } 375 376 static void intel_busy_work(struct work_struct *work) 377 { 378 struct list_head *p; 379 struct intel_data *intel = container_of(work, struct intel_data, 380 busy_work); 381 382 /* Link is busy, delay the suspend */ 383 mutex_lock(&intel_device_list_lock); 384 list_for_each(p, &intel_device_list) { 385 struct intel_device *idev = list_entry(p, struct intel_device, 386 list); 387 388 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) { 389 pm_runtime_get(&idev->pdev->dev); 390 pm_runtime_mark_last_busy(&idev->pdev->dev); 391 pm_runtime_put_autosuspend(&idev->pdev->dev); 392 break; 393 } 394 } 395 mutex_unlock(&intel_device_list_lock); 396 } 397 398 static int intel_open(struct hci_uart *hu) 399 { 400 struct intel_data *intel; 401 402 BT_DBG("hu %p", hu); 403 404 intel = kzalloc(sizeof(*intel), GFP_KERNEL); 405 if (!intel) 406 return -ENOMEM; 407 408 skb_queue_head_init(&intel->txq); 409 INIT_WORK(&intel->busy_work, intel_busy_work); 410 411 intel->hu = hu; 412 413 hu->priv = intel; 414 415 if (!intel_set_power(hu, true)) 416 set_bit(STATE_BOOTING, &intel->flags); 417 418 return 0; 419 } 420 421 static int intel_close(struct hci_uart *hu) 422 { 423 struct intel_data *intel = hu->priv; 424 425 BT_DBG("hu %p", hu); 426 427 cancel_work_sync(&intel->busy_work); 428 429 intel_set_power(hu, false); 430 431 skb_queue_purge(&intel->txq); 432 kfree_skb(intel->rx_skb); 433 kfree(intel); 434 435 hu->priv = NULL; 436 return 0; 437 } 438 439 static int intel_flush(struct hci_uart *hu) 440 { 441 struct intel_data *intel = hu->priv; 442 443 BT_DBG("hu %p", hu); 444 445 skb_queue_purge(&intel->txq); 446 447 return 0; 448 } 449 450 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 451 { 452 struct sk_buff *skb; 453 struct hci_event_hdr *hdr; 454 struct hci_ev_cmd_complete *evt; 455 456 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 457 if (!skb) 458 return -ENOMEM; 459 460 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); 461 hdr->evt = HCI_EV_CMD_COMPLETE; 462 hdr->plen = sizeof(*evt) + 1; 463 464 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); 465 evt->ncmd = 0x01; 466 evt->opcode = cpu_to_le16(opcode); 467 468 *skb_put(skb, 1) = 0x00; 469 470 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 471 472 return hci_recv_frame(hdev, skb); 473 } 474 475 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed) 476 { 477 struct intel_data *intel = hu->priv; 478 struct hci_dev *hdev = hu->hdev; 479 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 }; 480 struct sk_buff *skb; 481 int err; 482 483 /* This can be the first command sent to the chip, check 484 * that the controller is ready. 485 */ 486 err = intel_wait_booting(hu); 487 488 clear_bit(STATE_BOOTING, &intel->flags); 489 490 /* In case of timeout, try to continue anyway */ 491 if (err && err != ETIMEDOUT) 492 return err; 493 494 bt_dev_info(hdev, "Change controller speed to %d", speed); 495 496 speed_cmd[3] = intel_convert_speed(speed); 497 if (speed_cmd[3] == 0xff) { 498 bt_dev_err(hdev, "Unsupported speed"); 499 return -EINVAL; 500 } 501 502 /* Device will not accept speed change if Intel version has not been 503 * previously requested. 504 */ 505 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 506 if (IS_ERR(skb)) { 507 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 508 PTR_ERR(skb)); 509 return PTR_ERR(skb); 510 } 511 kfree_skb(skb); 512 513 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL); 514 if (!skb) { 515 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet"); 516 return -ENOMEM; 517 } 518 519 memcpy(skb_put(skb, sizeof(speed_cmd)), speed_cmd, sizeof(speed_cmd)); 520 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 521 522 hci_uart_set_flow_control(hu, true); 523 524 skb_queue_tail(&intel->txq, skb); 525 hci_uart_tx_wakeup(hu); 526 527 /* wait 100ms to change baudrate on controller side */ 528 msleep(100); 529 530 hci_uart_set_baudrate(hu, speed); 531 hci_uart_set_flow_control(hu, false); 532 533 return 0; 534 } 535 536 static int intel_setup(struct hci_uart *hu) 537 { 538 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, 539 0x00, 0x08, 0x04, 0x00 }; 540 static const u8 lpm_param[] = { 0x03, 0x07, 0x01, 0x0b }; 541 struct intel_data *intel = hu->priv; 542 struct intel_device *idev = NULL; 543 struct hci_dev *hdev = hu->hdev; 544 struct sk_buff *skb; 545 struct intel_version *ver; 546 struct intel_boot_params *params; 547 struct list_head *p; 548 const struct firmware *fw; 549 const u8 *fw_ptr; 550 char fwname[64]; 551 u32 frag_len; 552 ktime_t calltime, delta, rettime; 553 unsigned long long duration; 554 unsigned int init_speed, oper_speed; 555 int speed_change = 0; 556 int err; 557 558 bt_dev_dbg(hdev, "start intel_setup"); 559 560 hu->hdev->set_bdaddr = btintel_set_bdaddr; 561 562 calltime = ktime_get(); 563 564 if (hu->init_speed) 565 init_speed = hu->init_speed; 566 else 567 init_speed = hu->proto->init_speed; 568 569 if (hu->oper_speed) 570 oper_speed = hu->oper_speed; 571 else 572 oper_speed = hu->proto->oper_speed; 573 574 if (oper_speed && init_speed && oper_speed != init_speed) 575 speed_change = 1; 576 577 /* Check that the controller is ready */ 578 err = intel_wait_booting(hu); 579 580 clear_bit(STATE_BOOTING, &intel->flags); 581 582 /* In case of timeout, try to continue anyway */ 583 if (err && err != ETIMEDOUT) 584 return err; 585 586 set_bit(STATE_BOOTLOADER, &intel->flags); 587 588 /* Read the Intel version information to determine if the device 589 * is in bootloader mode or if it already has operational firmware 590 * loaded. 591 */ 592 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 593 if (IS_ERR(skb)) { 594 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 595 PTR_ERR(skb)); 596 return PTR_ERR(skb); 597 } 598 599 if (skb->len != sizeof(*ver)) { 600 bt_dev_err(hdev, "Intel version event size mismatch"); 601 kfree_skb(skb); 602 return -EILSEQ; 603 } 604 605 ver = (struct intel_version *)skb->data; 606 if (ver->status) { 607 bt_dev_err(hdev, "Intel version command failure (%02x)", 608 ver->status); 609 err = -bt_to_errno(ver->status); 610 kfree_skb(skb); 611 return err; 612 } 613 614 /* The hardware platform number has a fixed value of 0x37 and 615 * for now only accept this single value. 616 */ 617 if (ver->hw_platform != 0x37) { 618 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 619 ver->hw_platform); 620 kfree_skb(skb); 621 return -EINVAL; 622 } 623 624 /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is 625 * supported by this firmware loading method. This check has been 626 * put in place to ensure correct forward compatibility options 627 * when newer hardware variants come along. 628 */ 629 if (ver->hw_variant != 0x0b) { 630 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 631 ver->hw_variant); 632 kfree_skb(skb); 633 return -EINVAL; 634 } 635 636 btintel_version_info(hdev, ver); 637 638 /* The firmware variant determines if the device is in bootloader 639 * mode or is running operational firmware. The value 0x06 identifies 640 * the bootloader and the value 0x23 identifies the operational 641 * firmware. 642 * 643 * When the operational firmware is already present, then only 644 * the check for valid Bluetooth device address is needed. This 645 * determines if the device will be added as configured or 646 * unconfigured controller. 647 * 648 * It is not possible to use the Secure Boot Parameters in this 649 * case since that command is only available in bootloader mode. 650 */ 651 if (ver->fw_variant == 0x23) { 652 kfree_skb(skb); 653 clear_bit(STATE_BOOTLOADER, &intel->flags); 654 btintel_check_bdaddr(hdev); 655 return 0; 656 } 657 658 /* If the device is not in bootloader mode, then the only possible 659 * choice is to return an error and abort the device initialization. 660 */ 661 if (ver->fw_variant != 0x06) { 662 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 663 ver->fw_variant); 664 kfree_skb(skb); 665 return -ENODEV; 666 } 667 668 kfree_skb(skb); 669 670 /* Read the secure boot parameters to identify the operating 671 * details of the bootloader. 672 */ 673 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); 674 if (IS_ERR(skb)) { 675 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 676 PTR_ERR(skb)); 677 return PTR_ERR(skb); 678 } 679 680 if (skb->len != sizeof(*params)) { 681 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 682 kfree_skb(skb); 683 return -EILSEQ; 684 } 685 686 params = (struct intel_boot_params *)skb->data; 687 if (params->status) { 688 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)", 689 params->status); 690 err = -bt_to_errno(params->status); 691 kfree_skb(skb); 692 return err; 693 } 694 695 bt_dev_info(hdev, "Device revision is %u", 696 le16_to_cpu(params->dev_revid)); 697 698 bt_dev_info(hdev, "Secure boot is %s", 699 params->secure_boot ? "enabled" : "disabled"); 700 701 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 702 params->min_fw_build_nn, params->min_fw_build_cw, 703 2000 + params->min_fw_build_yy); 704 705 /* It is required that every single firmware fragment is acknowledged 706 * with a command complete event. If the boot parameters indicate 707 * that this bootloader does not send them, then abort the setup. 708 */ 709 if (params->limited_cce != 0x00) { 710 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 711 params->limited_cce); 712 kfree_skb(skb); 713 return -EINVAL; 714 } 715 716 /* If the OTP has no valid Bluetooth device address, then there will 717 * also be no valid address for the operational firmware. 718 */ 719 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 720 bt_dev_info(hdev, "No device address configured"); 721 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 722 } 723 724 /* With this Intel bootloader only the hardware variant and device 725 * revision information are used to select the right firmware. 726 * 727 * Currently this bootloader support is limited to hardware variant 728 * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). 729 */ 730 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", 731 le16_to_cpu(params->dev_revid)); 732 733 err = request_firmware(&fw, fwname, &hdev->dev); 734 if (err < 0) { 735 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", 736 err); 737 kfree_skb(skb); 738 return err; 739 } 740 741 bt_dev_info(hdev, "Found device firmware: %s", fwname); 742 743 /* Save the DDC file name for later */ 744 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.ddc", 745 le16_to_cpu(params->dev_revid)); 746 747 kfree_skb(skb); 748 749 if (fw->size < 644) { 750 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 751 fw->size); 752 err = -EBADF; 753 goto done; 754 } 755 756 set_bit(STATE_DOWNLOADING, &intel->flags); 757 758 /* Start the firmware download transaction with the Init fragment 759 * represented by the 128 bytes of CSS header. 760 */ 761 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 762 if (err < 0) { 763 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 764 goto done; 765 } 766 767 /* Send the 256 bytes of public key information from the firmware 768 * as the PKey fragment. 769 */ 770 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 771 if (err < 0) { 772 bt_dev_err(hdev, "Failed to send firmware public key (%d)", 773 err); 774 goto done; 775 } 776 777 /* Send the 256 bytes of signature information from the firmware 778 * as the Sign fragment. 779 */ 780 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 781 if (err < 0) { 782 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 783 err); 784 goto done; 785 } 786 787 fw_ptr = fw->data + 644; 788 frag_len = 0; 789 790 while (fw_ptr - fw->data < fw->size) { 791 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 792 793 frag_len += sizeof(*cmd) + cmd->plen; 794 795 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data), 796 fw->size); 797 798 /* The parameter length of the secure send command requires 799 * a 4 byte alignment. It happens so that the firmware file 800 * contains proper Intel_NOP commands to align the fragments 801 * as needed. 802 * 803 * Send set of commands with 4 byte alignment from the 804 * firmware data buffer as a single Data fragement. 805 */ 806 if (frag_len % 4) 807 continue; 808 809 /* Send each command from the firmware data buffer as 810 * a single Data fragment. 811 */ 812 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 813 if (err < 0) { 814 bt_dev_err(hdev, "Failed to send firmware data (%d)", 815 err); 816 goto done; 817 } 818 819 fw_ptr += frag_len; 820 frag_len = 0; 821 } 822 823 set_bit(STATE_FIRMWARE_LOADED, &intel->flags); 824 825 bt_dev_info(hdev, "Waiting for firmware download to complete"); 826 827 /* Before switching the device into operational mode and with that 828 * booting the loaded firmware, wait for the bootloader notification 829 * that all fragments have been successfully received. 830 * 831 * When the event processing receives the notification, then the 832 * STATE_DOWNLOADING flag will be cleared. 833 * 834 * The firmware loading should not take longer than 5 seconds 835 * and thus just timeout if that happens and fail the setup 836 * of this device. 837 */ 838 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING, 839 TASK_INTERRUPTIBLE, 840 msecs_to_jiffies(5000)); 841 if (err == 1) { 842 bt_dev_err(hdev, "Firmware loading interrupted"); 843 err = -EINTR; 844 goto done; 845 } 846 847 if (err) { 848 bt_dev_err(hdev, "Firmware loading timeout"); 849 err = -ETIMEDOUT; 850 goto done; 851 } 852 853 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) { 854 bt_dev_err(hdev, "Firmware loading failed"); 855 err = -ENOEXEC; 856 goto done; 857 } 858 859 rettime = ktime_get(); 860 delta = ktime_sub(rettime, calltime); 861 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 862 863 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 864 865 done: 866 release_firmware(fw); 867 868 if (err < 0) 869 return err; 870 871 /* We need to restore the default speed before Intel reset */ 872 if (speed_change) { 873 err = intel_set_baudrate(hu, init_speed); 874 if (err) 875 return err; 876 } 877 878 calltime = ktime_get(); 879 880 set_bit(STATE_BOOTING, &intel->flags); 881 882 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, 883 HCI_INIT_TIMEOUT); 884 if (IS_ERR(skb)) 885 return PTR_ERR(skb); 886 887 kfree_skb(skb); 888 889 /* The bootloader will not indicate when the device is ready. This 890 * is done by the operational firmware sending bootup notification. 891 * 892 * Booting into operational firmware should not take longer than 893 * 1 second. However if that happens, then just fail the setup 894 * since something went wrong. 895 */ 896 bt_dev_info(hdev, "Waiting for device to boot"); 897 898 err = intel_wait_booting(hu); 899 if (err) 900 return err; 901 902 clear_bit(STATE_BOOTING, &intel->flags); 903 904 rettime = ktime_get(); 905 delta = ktime_sub(rettime, calltime); 906 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 907 908 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 909 910 /* Enable LPM if matching pdev with wakeup enabled */ 911 mutex_lock(&intel_device_list_lock); 912 list_for_each(p, &intel_device_list) { 913 struct intel_device *dev = list_entry(p, struct intel_device, 914 list); 915 if (hu->tty->dev->parent == dev->pdev->dev.parent) { 916 if (device_may_wakeup(&dev->pdev->dev)) 917 idev = dev; 918 break; 919 } 920 } 921 mutex_unlock(&intel_device_list_lock); 922 923 if (!idev) 924 goto no_lpm; 925 926 bt_dev_info(hdev, "Enabling LPM"); 927 928 skb = __hci_cmd_sync(hdev, 0xfc8b, sizeof(lpm_param), lpm_param, 929 HCI_CMD_TIMEOUT); 930 if (IS_ERR(skb)) { 931 bt_dev_err(hdev, "Failed to enable LPM"); 932 goto no_lpm; 933 } 934 kfree_skb(skb); 935 936 set_bit(STATE_LPM_ENABLED, &intel->flags); 937 938 no_lpm: 939 /* Ignore errors, device can work without DDC parameters */ 940 btintel_load_ddc_config(hdev, fwname); 941 942 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT); 943 if (IS_ERR(skb)) 944 return PTR_ERR(skb); 945 kfree_skb(skb); 946 947 if (speed_change) { 948 err = intel_set_baudrate(hu, oper_speed); 949 if (err) 950 return err; 951 } 952 953 bt_dev_info(hdev, "Setup complete"); 954 955 clear_bit(STATE_BOOTLOADER, &intel->flags); 956 957 return 0; 958 } 959 960 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 961 { 962 struct hci_uart *hu = hci_get_drvdata(hdev); 963 struct intel_data *intel = hu->priv; 964 struct hci_event_hdr *hdr; 965 966 if (!test_bit(STATE_BOOTLOADER, &intel->flags) && 967 !test_bit(STATE_BOOTING, &intel->flags)) 968 goto recv; 969 970 hdr = (void *)skb->data; 971 972 /* When the firmware loading completes the device sends 973 * out a vendor specific event indicating the result of 974 * the firmware loading. 975 */ 976 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && 977 skb->data[2] == 0x06) { 978 if (skb->data[3] != 0x00) 979 set_bit(STATE_FIRMWARE_FAILED, &intel->flags); 980 981 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) && 982 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) { 983 smp_mb__after_atomic(); 984 wake_up_bit(&intel->flags, STATE_DOWNLOADING); 985 } 986 987 /* When switching to the operational firmware the device 988 * sends a vendor specific event indicating that the bootup 989 * completed. 990 */ 991 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && 992 skb->data[2] == 0x02) { 993 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) { 994 smp_mb__after_atomic(); 995 wake_up_bit(&intel->flags, STATE_BOOTING); 996 } 997 } 998 recv: 999 return hci_recv_frame(hdev, skb); 1000 } 1001 1002 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value) 1003 { 1004 struct hci_uart *hu = hci_get_drvdata(hdev); 1005 struct intel_data *intel = hu->priv; 1006 1007 bt_dev_dbg(hdev, "TX idle notification (%d)", value); 1008 1009 if (value) { 1010 set_bit(STATE_TX_ACTIVE, &intel->flags); 1011 schedule_work(&intel->busy_work); 1012 } else { 1013 clear_bit(STATE_TX_ACTIVE, &intel->flags); 1014 } 1015 } 1016 1017 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb) 1018 { 1019 struct hci_lpm_pkt *lpm = (void *)skb->data; 1020 struct hci_uart *hu = hci_get_drvdata(hdev); 1021 struct intel_data *intel = hu->priv; 1022 1023 switch (lpm->opcode) { 1024 case LPM_OP_TX_NOTIFY: 1025 if (lpm->dlen < 1) { 1026 bt_dev_err(hu->hdev, "Invalid LPM notification packet"); 1027 break; 1028 } 1029 intel_recv_lpm_notify(hdev, lpm->data[0]); 1030 break; 1031 case LPM_OP_SUSPEND_ACK: 1032 set_bit(STATE_SUSPENDED, &intel->flags); 1033 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1034 smp_mb__after_atomic(); 1035 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1036 } 1037 break; 1038 case LPM_OP_RESUME_ACK: 1039 clear_bit(STATE_SUSPENDED, &intel->flags); 1040 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1041 smp_mb__after_atomic(); 1042 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1043 } 1044 break; 1045 default: 1046 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode); 1047 break; 1048 } 1049 1050 kfree_skb(skb); 1051 1052 return 0; 1053 } 1054 1055 #define INTEL_RECV_LPM \ 1056 .type = HCI_LPM_PKT, \ 1057 .hlen = HCI_LPM_HDR_SIZE, \ 1058 .loff = 1, \ 1059 .lsize = 1, \ 1060 .maxlen = HCI_LPM_MAX_SIZE 1061 1062 static const struct h4_recv_pkt intel_recv_pkts[] = { 1063 { H4_RECV_ACL, .recv = hci_recv_frame }, 1064 { H4_RECV_SCO, .recv = hci_recv_frame }, 1065 { H4_RECV_EVENT, .recv = intel_recv_event }, 1066 { INTEL_RECV_LPM, .recv = intel_recv_lpm }, 1067 }; 1068 1069 static int intel_recv(struct hci_uart *hu, const void *data, int count) 1070 { 1071 struct intel_data *intel = hu->priv; 1072 1073 if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) 1074 return -EUNATCH; 1075 1076 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count, 1077 intel_recv_pkts, 1078 ARRAY_SIZE(intel_recv_pkts)); 1079 if (IS_ERR(intel->rx_skb)) { 1080 int err = PTR_ERR(intel->rx_skb); 1081 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err); 1082 intel->rx_skb = NULL; 1083 return err; 1084 } 1085 1086 return count; 1087 } 1088 1089 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) 1090 { 1091 struct intel_data *intel = hu->priv; 1092 struct list_head *p; 1093 1094 BT_DBG("hu %p skb %p", hu, skb); 1095 1096 /* Be sure our controller is resumed and potential LPM transaction 1097 * completed before enqueuing any packet. 1098 */ 1099 mutex_lock(&intel_device_list_lock); 1100 list_for_each(p, &intel_device_list) { 1101 struct intel_device *idev = list_entry(p, struct intel_device, 1102 list); 1103 1104 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 1105 pm_runtime_get_sync(&idev->pdev->dev); 1106 pm_runtime_mark_last_busy(&idev->pdev->dev); 1107 pm_runtime_put_autosuspend(&idev->pdev->dev); 1108 break; 1109 } 1110 } 1111 mutex_unlock(&intel_device_list_lock); 1112 1113 skb_queue_tail(&intel->txq, skb); 1114 1115 return 0; 1116 } 1117 1118 static struct sk_buff *intel_dequeue(struct hci_uart *hu) 1119 { 1120 struct intel_data *intel = hu->priv; 1121 struct sk_buff *skb; 1122 1123 skb = skb_dequeue(&intel->txq); 1124 if (!skb) 1125 return skb; 1126 1127 if (test_bit(STATE_BOOTLOADER, &intel->flags) && 1128 (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT)) { 1129 struct hci_command_hdr *cmd = (void *)skb->data; 1130 __u16 opcode = le16_to_cpu(cmd->opcode); 1131 1132 /* When the 0xfc01 command is issued to boot into 1133 * the operational firmware, it will actually not 1134 * send a command complete event. To keep the flow 1135 * control working inject that event here. 1136 */ 1137 if (opcode == 0xfc01) 1138 inject_cmd_complete(hu->hdev, opcode); 1139 } 1140 1141 /* Prepend skb with frame type */ 1142 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1); 1143 1144 return skb; 1145 } 1146 1147 static const struct hci_uart_proto intel_proto = { 1148 .id = HCI_UART_INTEL, 1149 .name = "Intel", 1150 .init_speed = 115200, 1151 .oper_speed = 3000000, 1152 .open = intel_open, 1153 .close = intel_close, 1154 .flush = intel_flush, 1155 .setup = intel_setup, 1156 .set_baudrate = intel_set_baudrate, 1157 .recv = intel_recv, 1158 .enqueue = intel_enqueue, 1159 .dequeue = intel_dequeue, 1160 }; 1161 1162 #ifdef CONFIG_ACPI 1163 static const struct acpi_device_id intel_acpi_match[] = { 1164 { "INT33E1", 0 }, 1165 { }, 1166 }; 1167 MODULE_DEVICE_TABLE(acpi, intel_acpi_match); 1168 1169 static int intel_acpi_probe(struct intel_device *idev) 1170 { 1171 const struct acpi_device_id *id; 1172 1173 id = acpi_match_device(intel_acpi_match, &idev->pdev->dev); 1174 if (!id) 1175 return -ENODEV; 1176 1177 return 0; 1178 } 1179 #else 1180 static int intel_acpi_probe(struct intel_device *idev) 1181 { 1182 return -ENODEV; 1183 } 1184 #endif 1185 1186 #ifdef CONFIG_PM 1187 static int intel_suspend_device(struct device *dev) 1188 { 1189 struct intel_device *idev = dev_get_drvdata(dev); 1190 1191 mutex_lock(&idev->hu_lock); 1192 if (idev->hu) 1193 intel_lpm_suspend(idev->hu); 1194 mutex_unlock(&idev->hu_lock); 1195 1196 return 0; 1197 } 1198 1199 static int intel_resume_device(struct device *dev) 1200 { 1201 struct intel_device *idev = dev_get_drvdata(dev); 1202 1203 mutex_lock(&idev->hu_lock); 1204 if (idev->hu) 1205 intel_lpm_resume(idev->hu); 1206 mutex_unlock(&idev->hu_lock); 1207 1208 return 0; 1209 } 1210 #endif 1211 1212 #ifdef CONFIG_PM_SLEEP 1213 static int intel_suspend(struct device *dev) 1214 { 1215 struct intel_device *idev = dev_get_drvdata(dev); 1216 1217 if (device_may_wakeup(dev)) 1218 enable_irq_wake(idev->irq); 1219 1220 return intel_suspend_device(dev); 1221 } 1222 1223 static int intel_resume(struct device *dev) 1224 { 1225 struct intel_device *idev = dev_get_drvdata(dev); 1226 1227 if (device_may_wakeup(dev)) 1228 disable_irq_wake(idev->irq); 1229 1230 return intel_resume_device(dev); 1231 } 1232 #endif 1233 1234 static const struct dev_pm_ops intel_pm_ops = { 1235 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume) 1236 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL) 1237 }; 1238 1239 static int intel_probe(struct platform_device *pdev) 1240 { 1241 struct intel_device *idev; 1242 1243 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL); 1244 if (!idev) 1245 return -ENOMEM; 1246 1247 mutex_init(&idev->hu_lock); 1248 1249 idev->pdev = pdev; 1250 1251 if (ACPI_HANDLE(&pdev->dev)) { 1252 int err = intel_acpi_probe(idev); 1253 if (err) 1254 return err; 1255 } else { 1256 return -ENODEV; 1257 } 1258 1259 idev->reset = devm_gpiod_get_optional(&pdev->dev, "reset", 1260 GPIOD_OUT_LOW); 1261 if (IS_ERR(idev->reset)) { 1262 dev_err(&pdev->dev, "Unable to retrieve gpio\n"); 1263 return PTR_ERR(idev->reset); 1264 } 1265 1266 idev->irq = platform_get_irq(pdev, 0); 1267 if (idev->irq < 0) { 1268 struct gpio_desc *host_wake; 1269 1270 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n"); 1271 1272 host_wake = devm_gpiod_get_optional(&pdev->dev, "host-wake", 1273 GPIOD_IN); 1274 if (IS_ERR(host_wake)) { 1275 dev_err(&pdev->dev, "Unable to retrieve IRQ\n"); 1276 goto no_irq; 1277 } 1278 1279 idev->irq = gpiod_to_irq(host_wake); 1280 if (idev->irq < 0) { 1281 dev_err(&pdev->dev, "No corresponding irq for gpio\n"); 1282 goto no_irq; 1283 } 1284 } 1285 1286 /* Only enable wake-up/irq when controller is powered */ 1287 device_set_wakeup_capable(&pdev->dev, true); 1288 device_wakeup_disable(&pdev->dev); 1289 1290 no_irq: 1291 platform_set_drvdata(pdev, idev); 1292 1293 /* Place this instance on the device list */ 1294 mutex_lock(&intel_device_list_lock); 1295 list_add_tail(&idev->list, &intel_device_list); 1296 mutex_unlock(&intel_device_list_lock); 1297 1298 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n", 1299 desc_to_gpio(idev->reset), idev->irq); 1300 1301 return 0; 1302 } 1303 1304 static int intel_remove(struct platform_device *pdev) 1305 { 1306 struct intel_device *idev = platform_get_drvdata(pdev); 1307 1308 device_wakeup_disable(&pdev->dev); 1309 1310 mutex_lock(&intel_device_list_lock); 1311 list_del(&idev->list); 1312 mutex_unlock(&intel_device_list_lock); 1313 1314 dev_info(&pdev->dev, "unregistered.\n"); 1315 1316 return 0; 1317 } 1318 1319 static struct platform_driver intel_driver = { 1320 .probe = intel_probe, 1321 .remove = intel_remove, 1322 .driver = { 1323 .name = "hci_intel", 1324 .acpi_match_table = ACPI_PTR(intel_acpi_match), 1325 .pm = &intel_pm_ops, 1326 }, 1327 }; 1328 1329 int __init intel_init(void) 1330 { 1331 platform_driver_register(&intel_driver); 1332 1333 return hci_uart_register_proto(&intel_proto); 1334 } 1335 1336 int __exit intel_deinit(void) 1337 { 1338 platform_driver_unregister(&intel_driver); 1339 1340 return hci_uart_unregister_proto(&intel_proto); 1341 } 1342