1 /* 2 * 3 * Bluetooth HCI UART driver for Intel devices 4 * 5 * Copyright (C) 2015 Intel Corporation 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/kernel.h> 25 #include <linux/errno.h> 26 #include <linux/skbuff.h> 27 #include <linux/firmware.h> 28 #include <linux/module.h> 29 #include <linux/wait.h> 30 #include <linux/tty.h> 31 #include <linux/platform_device.h> 32 #include <linux/gpio/consumer.h> 33 #include <linux/acpi.h> 34 #include <linux/interrupt.h> 35 #include <linux/pm_runtime.h> 36 37 #include <net/bluetooth/bluetooth.h> 38 #include <net/bluetooth/hci_core.h> 39 40 #include "hci_uart.h" 41 #include "btintel.h" 42 43 #define STATE_BOOTLOADER 0 44 #define STATE_DOWNLOADING 1 45 #define STATE_FIRMWARE_LOADED 2 46 #define STATE_FIRMWARE_FAILED 3 47 #define STATE_BOOTING 4 48 #define STATE_LPM_ENABLED 5 49 #define STATE_TX_ACTIVE 6 50 #define STATE_SUSPENDED 7 51 #define STATE_LPM_TRANSACTION 8 52 53 #define HCI_LPM_WAKE_PKT 0xf0 54 #define HCI_LPM_PKT 0xf1 55 #define HCI_LPM_MAX_SIZE 10 56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE 57 58 #define LPM_OP_TX_NOTIFY 0x00 59 #define LPM_OP_SUSPEND_ACK 0x02 60 #define LPM_OP_RESUME_ACK 0x03 61 62 #define LPM_SUSPEND_DELAY_MS 1000 63 64 struct hci_lpm_pkt { 65 __u8 opcode; 66 __u8 dlen; 67 __u8 data[0]; 68 } __packed; 69 70 struct intel_device { 71 struct list_head list; 72 struct platform_device *pdev; 73 struct gpio_desc *reset; 74 struct hci_uart *hu; 75 struct mutex hu_lock; 76 int irq; 77 }; 78 79 static LIST_HEAD(intel_device_list); 80 static DEFINE_MUTEX(intel_device_list_lock); 81 82 struct intel_data { 83 struct sk_buff *rx_skb; 84 struct sk_buff_head txq; 85 struct work_struct busy_work; 86 struct hci_uart *hu; 87 unsigned long flags; 88 }; 89 90 static u8 intel_convert_speed(unsigned int speed) 91 { 92 switch (speed) { 93 case 9600: 94 return 0x00; 95 case 19200: 96 return 0x01; 97 case 38400: 98 return 0x02; 99 case 57600: 100 return 0x03; 101 case 115200: 102 return 0x04; 103 case 230400: 104 return 0x05; 105 case 460800: 106 return 0x06; 107 case 921600: 108 return 0x07; 109 case 1843200: 110 return 0x08; 111 case 3250000: 112 return 0x09; 113 case 2000000: 114 return 0x0a; 115 case 3000000: 116 return 0x0b; 117 default: 118 return 0xff; 119 } 120 } 121 122 static int intel_wait_booting(struct hci_uart *hu) 123 { 124 struct intel_data *intel = hu->priv; 125 int err; 126 127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING, 128 TASK_INTERRUPTIBLE, 129 msecs_to_jiffies(1000)); 130 131 if (err == -EINTR) { 132 bt_dev_err(hu->hdev, "Device boot interrupted"); 133 return -EINTR; 134 } 135 136 if (err) { 137 bt_dev_err(hu->hdev, "Device boot timeout"); 138 return -ETIMEDOUT; 139 } 140 141 return err; 142 } 143 144 #ifdef CONFIG_PM 145 static int intel_wait_lpm_transaction(struct hci_uart *hu) 146 { 147 struct intel_data *intel = hu->priv; 148 int err; 149 150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION, 151 TASK_INTERRUPTIBLE, 152 msecs_to_jiffies(1000)); 153 154 if (err == -EINTR) { 155 bt_dev_err(hu->hdev, "LPM transaction interrupted"); 156 return -EINTR; 157 } 158 159 if (err) { 160 bt_dev_err(hu->hdev, "LPM transaction timeout"); 161 return -ETIMEDOUT; 162 } 163 164 return err; 165 } 166 167 static int intel_lpm_suspend(struct hci_uart *hu) 168 { 169 static const u8 suspend[] = { 0x01, 0x01, 0x01 }; 170 struct intel_data *intel = hu->priv; 171 struct sk_buff *skb; 172 173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 174 test_bit(STATE_SUSPENDED, &intel->flags)) 175 return 0; 176 177 if (test_bit(STATE_TX_ACTIVE, &intel->flags)) 178 return -EAGAIN; 179 180 bt_dev_dbg(hu->hdev, "Suspending"); 181 182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL); 183 if (!skb) { 184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 185 return -ENOMEM; 186 } 187 188 memcpy(skb_put(skb, sizeof(suspend)), suspend, sizeof(suspend)); 189 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 190 191 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 192 193 /* LPM flow is a priority, enqueue packet at list head */ 194 skb_queue_head(&intel->txq, skb); 195 hci_uart_tx_wakeup(hu); 196 197 intel_wait_lpm_transaction(hu); 198 /* Even in case of failure, continue and test the suspended flag */ 199 200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 201 202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) { 203 bt_dev_err(hu->hdev, "Device suspend error"); 204 return -EINVAL; 205 } 206 207 bt_dev_dbg(hu->hdev, "Suspended"); 208 209 hci_uart_set_flow_control(hu, true); 210 211 return 0; 212 } 213 214 static int intel_lpm_resume(struct hci_uart *hu) 215 { 216 struct intel_data *intel = hu->priv; 217 struct sk_buff *skb; 218 219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 220 !test_bit(STATE_SUSPENDED, &intel->flags)) 221 return 0; 222 223 bt_dev_dbg(hu->hdev, "Resuming"); 224 225 hci_uart_set_flow_control(hu, false); 226 227 skb = bt_skb_alloc(0, GFP_KERNEL); 228 if (!skb) { 229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 230 return -ENOMEM; 231 } 232 233 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT; 234 235 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 236 237 /* LPM flow is a priority, enqueue packet at list head */ 238 skb_queue_head(&intel->txq, skb); 239 hci_uart_tx_wakeup(hu); 240 241 intel_wait_lpm_transaction(hu); 242 /* Even in case of failure, continue and test the suspended flag */ 243 244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 245 246 if (test_bit(STATE_SUSPENDED, &intel->flags)) { 247 bt_dev_err(hu->hdev, "Device resume error"); 248 return -EINVAL; 249 } 250 251 bt_dev_dbg(hu->hdev, "Resumed"); 252 253 return 0; 254 } 255 #endif /* CONFIG_PM */ 256 257 static int intel_lpm_host_wake(struct hci_uart *hu) 258 { 259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 }; 260 struct intel_data *intel = hu->priv; 261 struct sk_buff *skb; 262 263 hci_uart_set_flow_control(hu, false); 264 265 clear_bit(STATE_SUSPENDED, &intel->flags); 266 267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL); 268 if (!skb) { 269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 270 return -ENOMEM; 271 } 272 273 memcpy(skb_put(skb, sizeof(lpm_resume_ack)), lpm_resume_ack, 274 sizeof(lpm_resume_ack)); 275 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 276 277 /* LPM flow is a priority, enqueue packet at list head */ 278 skb_queue_head(&intel->txq, skb); 279 hci_uart_tx_wakeup(hu); 280 281 bt_dev_dbg(hu->hdev, "Resumed by controller"); 282 283 return 0; 284 } 285 286 static irqreturn_t intel_irq(int irq, void *dev_id) 287 { 288 struct intel_device *idev = dev_id; 289 290 dev_info(&idev->pdev->dev, "hci_intel irq\n"); 291 292 mutex_lock(&idev->hu_lock); 293 if (idev->hu) 294 intel_lpm_host_wake(idev->hu); 295 mutex_unlock(&idev->hu_lock); 296 297 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */ 298 pm_runtime_get(&idev->pdev->dev); 299 pm_runtime_mark_last_busy(&idev->pdev->dev); 300 pm_runtime_put_autosuspend(&idev->pdev->dev); 301 302 return IRQ_HANDLED; 303 } 304 305 static int intel_set_power(struct hci_uart *hu, bool powered) 306 { 307 struct list_head *p; 308 int err = -ENODEV; 309 310 if (!hu->tty->dev) 311 return err; 312 313 mutex_lock(&intel_device_list_lock); 314 315 list_for_each(p, &intel_device_list) { 316 struct intel_device *idev = list_entry(p, struct intel_device, 317 list); 318 319 /* tty device and pdev device should share the same parent 320 * which is the UART port. 321 */ 322 if (hu->tty->dev->parent != idev->pdev->dev.parent) 323 continue; 324 325 if (!idev->reset) { 326 err = -ENOTSUPP; 327 break; 328 } 329 330 BT_INFO("hu %p, Switching compatible pm device (%s) to %u", 331 hu, dev_name(&idev->pdev->dev), powered); 332 333 gpiod_set_value(idev->reset, powered); 334 335 /* Provide to idev a hu reference which is used to run LPM 336 * transactions (lpm suspend/resume) from PM callbacks. 337 * hu needs to be protected against concurrent removing during 338 * these PM ops. 339 */ 340 mutex_lock(&idev->hu_lock); 341 idev->hu = powered ? hu : NULL; 342 mutex_unlock(&idev->hu_lock); 343 344 if (idev->irq < 0) 345 break; 346 347 if (powered && device_can_wakeup(&idev->pdev->dev)) { 348 err = devm_request_threaded_irq(&idev->pdev->dev, 349 idev->irq, NULL, 350 intel_irq, 351 IRQF_ONESHOT, 352 "bt-host-wake", idev); 353 if (err) { 354 BT_ERR("hu %p, unable to allocate irq-%d", 355 hu, idev->irq); 356 break; 357 } 358 359 device_wakeup_enable(&idev->pdev->dev); 360 361 pm_runtime_set_active(&idev->pdev->dev); 362 pm_runtime_use_autosuspend(&idev->pdev->dev); 363 pm_runtime_set_autosuspend_delay(&idev->pdev->dev, 364 LPM_SUSPEND_DELAY_MS); 365 pm_runtime_enable(&idev->pdev->dev); 366 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) { 367 devm_free_irq(&idev->pdev->dev, idev->irq, idev); 368 device_wakeup_disable(&idev->pdev->dev); 369 370 pm_runtime_disable(&idev->pdev->dev); 371 } 372 } 373 374 mutex_unlock(&intel_device_list_lock); 375 376 return err; 377 } 378 379 static void intel_busy_work(struct work_struct *work) 380 { 381 struct list_head *p; 382 struct intel_data *intel = container_of(work, struct intel_data, 383 busy_work); 384 385 if (!intel->hu->tty->dev) 386 return; 387 388 /* Link is busy, delay the suspend */ 389 mutex_lock(&intel_device_list_lock); 390 list_for_each(p, &intel_device_list) { 391 struct intel_device *idev = list_entry(p, struct intel_device, 392 list); 393 394 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) { 395 pm_runtime_get(&idev->pdev->dev); 396 pm_runtime_mark_last_busy(&idev->pdev->dev); 397 pm_runtime_put_autosuspend(&idev->pdev->dev); 398 break; 399 } 400 } 401 mutex_unlock(&intel_device_list_lock); 402 } 403 404 static int intel_open(struct hci_uart *hu) 405 { 406 struct intel_data *intel; 407 408 BT_DBG("hu %p", hu); 409 410 intel = kzalloc(sizeof(*intel), GFP_KERNEL); 411 if (!intel) 412 return -ENOMEM; 413 414 skb_queue_head_init(&intel->txq); 415 INIT_WORK(&intel->busy_work, intel_busy_work); 416 417 intel->hu = hu; 418 419 hu->priv = intel; 420 421 if (!intel_set_power(hu, true)) 422 set_bit(STATE_BOOTING, &intel->flags); 423 424 return 0; 425 } 426 427 static int intel_close(struct hci_uart *hu) 428 { 429 struct intel_data *intel = hu->priv; 430 431 BT_DBG("hu %p", hu); 432 433 cancel_work_sync(&intel->busy_work); 434 435 intel_set_power(hu, false); 436 437 skb_queue_purge(&intel->txq); 438 kfree_skb(intel->rx_skb); 439 kfree(intel); 440 441 hu->priv = NULL; 442 return 0; 443 } 444 445 static int intel_flush(struct hci_uart *hu) 446 { 447 struct intel_data *intel = hu->priv; 448 449 BT_DBG("hu %p", hu); 450 451 skb_queue_purge(&intel->txq); 452 453 return 0; 454 } 455 456 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 457 { 458 struct sk_buff *skb; 459 struct hci_event_hdr *hdr; 460 struct hci_ev_cmd_complete *evt; 461 462 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 463 if (!skb) 464 return -ENOMEM; 465 466 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); 467 hdr->evt = HCI_EV_CMD_COMPLETE; 468 hdr->plen = sizeof(*evt) + 1; 469 470 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); 471 evt->ncmd = 0x01; 472 evt->opcode = cpu_to_le16(opcode); 473 474 *skb_put(skb, 1) = 0x00; 475 476 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 477 478 return hci_recv_frame(hdev, skb); 479 } 480 481 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed) 482 { 483 struct intel_data *intel = hu->priv; 484 struct hci_dev *hdev = hu->hdev; 485 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 }; 486 struct sk_buff *skb; 487 int err; 488 489 /* This can be the first command sent to the chip, check 490 * that the controller is ready. 491 */ 492 err = intel_wait_booting(hu); 493 494 clear_bit(STATE_BOOTING, &intel->flags); 495 496 /* In case of timeout, try to continue anyway */ 497 if (err && err != -ETIMEDOUT) 498 return err; 499 500 bt_dev_info(hdev, "Change controller speed to %d", speed); 501 502 speed_cmd[3] = intel_convert_speed(speed); 503 if (speed_cmd[3] == 0xff) { 504 bt_dev_err(hdev, "Unsupported speed"); 505 return -EINVAL; 506 } 507 508 /* Device will not accept speed change if Intel version has not been 509 * previously requested. 510 */ 511 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 512 if (IS_ERR(skb)) { 513 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 514 PTR_ERR(skb)); 515 return PTR_ERR(skb); 516 } 517 kfree_skb(skb); 518 519 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL); 520 if (!skb) { 521 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet"); 522 return -ENOMEM; 523 } 524 525 memcpy(skb_put(skb, sizeof(speed_cmd)), speed_cmd, sizeof(speed_cmd)); 526 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 527 528 hci_uart_set_flow_control(hu, true); 529 530 skb_queue_tail(&intel->txq, skb); 531 hci_uart_tx_wakeup(hu); 532 533 /* wait 100ms to change baudrate on controller side */ 534 msleep(100); 535 536 hci_uart_set_baudrate(hu, speed); 537 hci_uart_set_flow_control(hu, false); 538 539 return 0; 540 } 541 542 static int intel_setup(struct hci_uart *hu) 543 { 544 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, 545 0x00, 0x08, 0x04, 0x00 }; 546 struct intel_data *intel = hu->priv; 547 struct hci_dev *hdev = hu->hdev; 548 struct sk_buff *skb; 549 struct intel_version ver; 550 struct intel_boot_params *params; 551 struct list_head *p; 552 const struct firmware *fw; 553 const u8 *fw_ptr; 554 char fwname[64]; 555 u32 frag_len; 556 ktime_t calltime, delta, rettime; 557 unsigned long long duration; 558 unsigned int init_speed, oper_speed; 559 int speed_change = 0; 560 int err; 561 562 bt_dev_dbg(hdev, "start intel_setup"); 563 564 hu->hdev->set_diag = btintel_set_diag; 565 hu->hdev->set_bdaddr = btintel_set_bdaddr; 566 567 calltime = ktime_get(); 568 569 if (hu->init_speed) 570 init_speed = hu->init_speed; 571 else 572 init_speed = hu->proto->init_speed; 573 574 if (hu->oper_speed) 575 oper_speed = hu->oper_speed; 576 else 577 oper_speed = hu->proto->oper_speed; 578 579 if (oper_speed && init_speed && oper_speed != init_speed) 580 speed_change = 1; 581 582 /* Check that the controller is ready */ 583 err = intel_wait_booting(hu); 584 585 clear_bit(STATE_BOOTING, &intel->flags); 586 587 /* In case of timeout, try to continue anyway */ 588 if (err && err != -ETIMEDOUT) 589 return err; 590 591 set_bit(STATE_BOOTLOADER, &intel->flags); 592 593 /* Read the Intel version information to determine if the device 594 * is in bootloader mode or if it already has operational firmware 595 * loaded. 596 */ 597 err = btintel_read_version(hdev, &ver); 598 if (err) 599 return err; 600 601 /* The hardware platform number has a fixed value of 0x37 and 602 * for now only accept this single value. 603 */ 604 if (ver.hw_platform != 0x37) { 605 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 606 ver.hw_platform); 607 return -EINVAL; 608 } 609 610 /* Check for supported iBT hardware variants of this firmware 611 * loading method. 612 * 613 * This check has been put in place to ensure correct forward 614 * compatibility options when newer hardware variants come along. 615 */ 616 switch (ver.hw_variant) { 617 case 0x0b: /* LnP */ 618 case 0x0c: /* WsP */ 619 case 0x12: /* ThP */ 620 break; 621 default: 622 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 623 ver.hw_variant); 624 return -EINVAL; 625 } 626 627 btintel_version_info(hdev, &ver); 628 629 /* The firmware variant determines if the device is in bootloader 630 * mode or is running operational firmware. The value 0x06 identifies 631 * the bootloader and the value 0x23 identifies the operational 632 * firmware. 633 * 634 * When the operational firmware is already present, then only 635 * the check for valid Bluetooth device address is needed. This 636 * determines if the device will be added as configured or 637 * unconfigured controller. 638 * 639 * It is not possible to use the Secure Boot Parameters in this 640 * case since that command is only available in bootloader mode. 641 */ 642 if (ver.fw_variant == 0x23) { 643 clear_bit(STATE_BOOTLOADER, &intel->flags); 644 btintel_check_bdaddr(hdev); 645 return 0; 646 } 647 648 /* If the device is not in bootloader mode, then the only possible 649 * choice is to return an error and abort the device initialization. 650 */ 651 if (ver.fw_variant != 0x06) { 652 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 653 ver.fw_variant); 654 return -ENODEV; 655 } 656 657 /* Read the secure boot parameters to identify the operating 658 * details of the bootloader. 659 */ 660 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_CMD_TIMEOUT); 661 if (IS_ERR(skb)) { 662 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 663 PTR_ERR(skb)); 664 return PTR_ERR(skb); 665 } 666 667 if (skb->len != sizeof(*params)) { 668 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 669 kfree_skb(skb); 670 return -EILSEQ; 671 } 672 673 params = (struct intel_boot_params *)skb->data; 674 if (params->status) { 675 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)", 676 params->status); 677 err = -bt_to_errno(params->status); 678 kfree_skb(skb); 679 return err; 680 } 681 682 bt_dev_info(hdev, "Device revision is %u", 683 le16_to_cpu(params->dev_revid)); 684 685 bt_dev_info(hdev, "Secure boot is %s", 686 params->secure_boot ? "enabled" : "disabled"); 687 688 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 689 params->min_fw_build_nn, params->min_fw_build_cw, 690 2000 + params->min_fw_build_yy); 691 692 /* It is required that every single firmware fragment is acknowledged 693 * with a command complete event. If the boot parameters indicate 694 * that this bootloader does not send them, then abort the setup. 695 */ 696 if (params->limited_cce != 0x00) { 697 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 698 params->limited_cce); 699 kfree_skb(skb); 700 return -EINVAL; 701 } 702 703 /* If the OTP has no valid Bluetooth device address, then there will 704 * also be no valid address for the operational firmware. 705 */ 706 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 707 bt_dev_info(hdev, "No device address configured"); 708 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 709 } 710 711 /* With this Intel bootloader only the hardware variant and device 712 * revision information are used to select the right firmware. 713 * 714 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 715 * 716 * Currently the supported hardware variants are: 717 * 11 (0x0b) for iBT 3.0 (LnP/SfP) 718 */ 719 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", 720 le16_to_cpu(ver.hw_variant), 721 le16_to_cpu(params->dev_revid)); 722 723 err = request_firmware(&fw, fwname, &hdev->dev); 724 if (err < 0) { 725 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", 726 err); 727 kfree_skb(skb); 728 return err; 729 } 730 731 bt_dev_info(hdev, "Found device firmware: %s", fwname); 732 733 /* Save the DDC file name for later */ 734 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", 735 le16_to_cpu(ver.hw_variant), 736 le16_to_cpu(params->dev_revid)); 737 738 kfree_skb(skb); 739 740 if (fw->size < 644) { 741 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 742 fw->size); 743 err = -EBADF; 744 goto done; 745 } 746 747 set_bit(STATE_DOWNLOADING, &intel->flags); 748 749 /* Start the firmware download transaction with the Init fragment 750 * represented by the 128 bytes of CSS header. 751 */ 752 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 753 if (err < 0) { 754 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 755 goto done; 756 } 757 758 /* Send the 256 bytes of public key information from the firmware 759 * as the PKey fragment. 760 */ 761 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 762 if (err < 0) { 763 bt_dev_err(hdev, "Failed to send firmware public key (%d)", 764 err); 765 goto done; 766 } 767 768 /* Send the 256 bytes of signature information from the firmware 769 * as the Sign fragment. 770 */ 771 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 772 if (err < 0) { 773 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 774 err); 775 goto done; 776 } 777 778 fw_ptr = fw->data + 644; 779 frag_len = 0; 780 781 while (fw_ptr - fw->data < fw->size) { 782 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 783 784 frag_len += sizeof(*cmd) + cmd->plen; 785 786 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data), 787 fw->size); 788 789 /* The parameter length of the secure send command requires 790 * a 4 byte alignment. It happens so that the firmware file 791 * contains proper Intel_NOP commands to align the fragments 792 * as needed. 793 * 794 * Send set of commands with 4 byte alignment from the 795 * firmware data buffer as a single Data fragement. 796 */ 797 if (frag_len % 4) 798 continue; 799 800 /* Send each command from the firmware data buffer as 801 * a single Data fragment. 802 */ 803 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 804 if (err < 0) { 805 bt_dev_err(hdev, "Failed to send firmware data (%d)", 806 err); 807 goto done; 808 } 809 810 fw_ptr += frag_len; 811 frag_len = 0; 812 } 813 814 set_bit(STATE_FIRMWARE_LOADED, &intel->flags); 815 816 bt_dev_info(hdev, "Waiting for firmware download to complete"); 817 818 /* Before switching the device into operational mode and with that 819 * booting the loaded firmware, wait for the bootloader notification 820 * that all fragments have been successfully received. 821 * 822 * When the event processing receives the notification, then the 823 * STATE_DOWNLOADING flag will be cleared. 824 * 825 * The firmware loading should not take longer than 5 seconds 826 * and thus just timeout if that happens and fail the setup 827 * of this device. 828 */ 829 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING, 830 TASK_INTERRUPTIBLE, 831 msecs_to_jiffies(5000)); 832 if (err == -EINTR) { 833 bt_dev_err(hdev, "Firmware loading interrupted"); 834 err = -EINTR; 835 goto done; 836 } 837 838 if (err) { 839 bt_dev_err(hdev, "Firmware loading timeout"); 840 err = -ETIMEDOUT; 841 goto done; 842 } 843 844 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) { 845 bt_dev_err(hdev, "Firmware loading failed"); 846 err = -ENOEXEC; 847 goto done; 848 } 849 850 rettime = ktime_get(); 851 delta = ktime_sub(rettime, calltime); 852 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 853 854 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 855 856 done: 857 release_firmware(fw); 858 859 if (err < 0) 860 return err; 861 862 /* We need to restore the default speed before Intel reset */ 863 if (speed_change) { 864 err = intel_set_baudrate(hu, init_speed); 865 if (err) 866 return err; 867 } 868 869 calltime = ktime_get(); 870 871 set_bit(STATE_BOOTING, &intel->flags); 872 873 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, 874 HCI_CMD_TIMEOUT); 875 if (IS_ERR(skb)) 876 return PTR_ERR(skb); 877 878 kfree_skb(skb); 879 880 /* The bootloader will not indicate when the device is ready. This 881 * is done by the operational firmware sending bootup notification. 882 * 883 * Booting into operational firmware should not take longer than 884 * 1 second. However if that happens, then just fail the setup 885 * since something went wrong. 886 */ 887 bt_dev_info(hdev, "Waiting for device to boot"); 888 889 err = intel_wait_booting(hu); 890 if (err) 891 return err; 892 893 clear_bit(STATE_BOOTING, &intel->flags); 894 895 rettime = ktime_get(); 896 delta = ktime_sub(rettime, calltime); 897 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 898 899 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 900 901 /* Enable LPM if matching pdev with wakeup enabled, set TX active 902 * until further LPM TX notification. 903 */ 904 mutex_lock(&intel_device_list_lock); 905 list_for_each(p, &intel_device_list) { 906 struct intel_device *dev = list_entry(p, struct intel_device, 907 list); 908 if (!hu->tty->dev) 909 break; 910 if (hu->tty->dev->parent == dev->pdev->dev.parent) { 911 if (device_may_wakeup(&dev->pdev->dev)) { 912 set_bit(STATE_LPM_ENABLED, &intel->flags); 913 set_bit(STATE_TX_ACTIVE, &intel->flags); 914 } 915 break; 916 } 917 } 918 mutex_unlock(&intel_device_list_lock); 919 920 /* Ignore errors, device can work without DDC parameters */ 921 btintel_load_ddc_config(hdev, fwname); 922 923 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT); 924 if (IS_ERR(skb)) 925 return PTR_ERR(skb); 926 kfree_skb(skb); 927 928 if (speed_change) { 929 err = intel_set_baudrate(hu, oper_speed); 930 if (err) 931 return err; 932 } 933 934 bt_dev_info(hdev, "Setup complete"); 935 936 clear_bit(STATE_BOOTLOADER, &intel->flags); 937 938 return 0; 939 } 940 941 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 942 { 943 struct hci_uart *hu = hci_get_drvdata(hdev); 944 struct intel_data *intel = hu->priv; 945 struct hci_event_hdr *hdr; 946 947 if (!test_bit(STATE_BOOTLOADER, &intel->flags) && 948 !test_bit(STATE_BOOTING, &intel->flags)) 949 goto recv; 950 951 hdr = (void *)skb->data; 952 953 /* When the firmware loading completes the device sends 954 * out a vendor specific event indicating the result of 955 * the firmware loading. 956 */ 957 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && 958 skb->data[2] == 0x06) { 959 if (skb->data[3] != 0x00) 960 set_bit(STATE_FIRMWARE_FAILED, &intel->flags); 961 962 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) && 963 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) { 964 smp_mb__after_atomic(); 965 wake_up_bit(&intel->flags, STATE_DOWNLOADING); 966 } 967 968 /* When switching to the operational firmware the device 969 * sends a vendor specific event indicating that the bootup 970 * completed. 971 */ 972 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && 973 skb->data[2] == 0x02) { 974 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) { 975 smp_mb__after_atomic(); 976 wake_up_bit(&intel->flags, STATE_BOOTING); 977 } 978 } 979 recv: 980 return hci_recv_frame(hdev, skb); 981 } 982 983 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value) 984 { 985 struct hci_uart *hu = hci_get_drvdata(hdev); 986 struct intel_data *intel = hu->priv; 987 988 bt_dev_dbg(hdev, "TX idle notification (%d)", value); 989 990 if (value) { 991 set_bit(STATE_TX_ACTIVE, &intel->flags); 992 schedule_work(&intel->busy_work); 993 } else { 994 clear_bit(STATE_TX_ACTIVE, &intel->flags); 995 } 996 } 997 998 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb) 999 { 1000 struct hci_lpm_pkt *lpm = (void *)skb->data; 1001 struct hci_uart *hu = hci_get_drvdata(hdev); 1002 struct intel_data *intel = hu->priv; 1003 1004 switch (lpm->opcode) { 1005 case LPM_OP_TX_NOTIFY: 1006 if (lpm->dlen < 1) { 1007 bt_dev_err(hu->hdev, "Invalid LPM notification packet"); 1008 break; 1009 } 1010 intel_recv_lpm_notify(hdev, lpm->data[0]); 1011 break; 1012 case LPM_OP_SUSPEND_ACK: 1013 set_bit(STATE_SUSPENDED, &intel->flags); 1014 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1015 smp_mb__after_atomic(); 1016 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1017 } 1018 break; 1019 case LPM_OP_RESUME_ACK: 1020 clear_bit(STATE_SUSPENDED, &intel->flags); 1021 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1022 smp_mb__after_atomic(); 1023 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1024 } 1025 break; 1026 default: 1027 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode); 1028 break; 1029 } 1030 1031 kfree_skb(skb); 1032 1033 return 0; 1034 } 1035 1036 #define INTEL_RECV_LPM \ 1037 .type = HCI_LPM_PKT, \ 1038 .hlen = HCI_LPM_HDR_SIZE, \ 1039 .loff = 1, \ 1040 .lsize = 1, \ 1041 .maxlen = HCI_LPM_MAX_SIZE 1042 1043 static const struct h4_recv_pkt intel_recv_pkts[] = { 1044 { H4_RECV_ACL, .recv = hci_recv_frame }, 1045 { H4_RECV_SCO, .recv = hci_recv_frame }, 1046 { H4_RECV_EVENT, .recv = intel_recv_event }, 1047 { INTEL_RECV_LPM, .recv = intel_recv_lpm }, 1048 }; 1049 1050 static int intel_recv(struct hci_uart *hu, const void *data, int count) 1051 { 1052 struct intel_data *intel = hu->priv; 1053 1054 if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) 1055 return -EUNATCH; 1056 1057 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count, 1058 intel_recv_pkts, 1059 ARRAY_SIZE(intel_recv_pkts)); 1060 if (IS_ERR(intel->rx_skb)) { 1061 int err = PTR_ERR(intel->rx_skb); 1062 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err); 1063 intel->rx_skb = NULL; 1064 return err; 1065 } 1066 1067 return count; 1068 } 1069 1070 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) 1071 { 1072 struct intel_data *intel = hu->priv; 1073 struct list_head *p; 1074 1075 BT_DBG("hu %p skb %p", hu, skb); 1076 1077 if (!hu->tty->dev) 1078 goto out_enqueue; 1079 1080 /* Be sure our controller is resumed and potential LPM transaction 1081 * completed before enqueuing any packet. 1082 */ 1083 mutex_lock(&intel_device_list_lock); 1084 list_for_each(p, &intel_device_list) { 1085 struct intel_device *idev = list_entry(p, struct intel_device, 1086 list); 1087 1088 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 1089 pm_runtime_get_sync(&idev->pdev->dev); 1090 pm_runtime_mark_last_busy(&idev->pdev->dev); 1091 pm_runtime_put_autosuspend(&idev->pdev->dev); 1092 break; 1093 } 1094 } 1095 mutex_unlock(&intel_device_list_lock); 1096 out_enqueue: 1097 skb_queue_tail(&intel->txq, skb); 1098 1099 return 0; 1100 } 1101 1102 static struct sk_buff *intel_dequeue(struct hci_uart *hu) 1103 { 1104 struct intel_data *intel = hu->priv; 1105 struct sk_buff *skb; 1106 1107 skb = skb_dequeue(&intel->txq); 1108 if (!skb) 1109 return skb; 1110 1111 if (test_bit(STATE_BOOTLOADER, &intel->flags) && 1112 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) { 1113 struct hci_command_hdr *cmd = (void *)skb->data; 1114 __u16 opcode = le16_to_cpu(cmd->opcode); 1115 1116 /* When the 0xfc01 command is issued to boot into 1117 * the operational firmware, it will actually not 1118 * send a command complete event. To keep the flow 1119 * control working inject that event here. 1120 */ 1121 if (opcode == 0xfc01) 1122 inject_cmd_complete(hu->hdev, opcode); 1123 } 1124 1125 /* Prepend skb with frame type */ 1126 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1127 1128 return skb; 1129 } 1130 1131 static const struct hci_uart_proto intel_proto = { 1132 .id = HCI_UART_INTEL, 1133 .name = "Intel", 1134 .manufacturer = 2, 1135 .init_speed = 115200, 1136 .oper_speed = 3000000, 1137 .open = intel_open, 1138 .close = intel_close, 1139 .flush = intel_flush, 1140 .setup = intel_setup, 1141 .set_baudrate = intel_set_baudrate, 1142 .recv = intel_recv, 1143 .enqueue = intel_enqueue, 1144 .dequeue = intel_dequeue, 1145 }; 1146 1147 #ifdef CONFIG_ACPI 1148 static const struct acpi_device_id intel_acpi_match[] = { 1149 { "INT33E1", 0 }, 1150 { }, 1151 }; 1152 MODULE_DEVICE_TABLE(acpi, intel_acpi_match); 1153 #endif 1154 1155 #ifdef CONFIG_PM 1156 static int intel_suspend_device(struct device *dev) 1157 { 1158 struct intel_device *idev = dev_get_drvdata(dev); 1159 1160 mutex_lock(&idev->hu_lock); 1161 if (idev->hu) 1162 intel_lpm_suspend(idev->hu); 1163 mutex_unlock(&idev->hu_lock); 1164 1165 return 0; 1166 } 1167 1168 static int intel_resume_device(struct device *dev) 1169 { 1170 struct intel_device *idev = dev_get_drvdata(dev); 1171 1172 mutex_lock(&idev->hu_lock); 1173 if (idev->hu) 1174 intel_lpm_resume(idev->hu); 1175 mutex_unlock(&idev->hu_lock); 1176 1177 return 0; 1178 } 1179 #endif 1180 1181 #ifdef CONFIG_PM_SLEEP 1182 static int intel_suspend(struct device *dev) 1183 { 1184 struct intel_device *idev = dev_get_drvdata(dev); 1185 1186 if (device_may_wakeup(dev)) 1187 enable_irq_wake(idev->irq); 1188 1189 return intel_suspend_device(dev); 1190 } 1191 1192 static int intel_resume(struct device *dev) 1193 { 1194 struct intel_device *idev = dev_get_drvdata(dev); 1195 1196 if (device_may_wakeup(dev)) 1197 disable_irq_wake(idev->irq); 1198 1199 return intel_resume_device(dev); 1200 } 1201 #endif 1202 1203 static const struct dev_pm_ops intel_pm_ops = { 1204 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume) 1205 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL) 1206 }; 1207 1208 static int intel_probe(struct platform_device *pdev) 1209 { 1210 struct intel_device *idev; 1211 1212 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL); 1213 if (!idev) 1214 return -ENOMEM; 1215 1216 mutex_init(&idev->hu_lock); 1217 1218 idev->pdev = pdev; 1219 1220 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW); 1221 if (IS_ERR(idev->reset)) { 1222 dev_err(&pdev->dev, "Unable to retrieve gpio\n"); 1223 return PTR_ERR(idev->reset); 1224 } 1225 1226 idev->irq = platform_get_irq(pdev, 0); 1227 if (idev->irq < 0) { 1228 struct gpio_desc *host_wake; 1229 1230 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n"); 1231 1232 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN); 1233 if (IS_ERR(host_wake)) { 1234 dev_err(&pdev->dev, "Unable to retrieve IRQ\n"); 1235 goto no_irq; 1236 } 1237 1238 idev->irq = gpiod_to_irq(host_wake); 1239 if (idev->irq < 0) { 1240 dev_err(&pdev->dev, "No corresponding irq for gpio\n"); 1241 goto no_irq; 1242 } 1243 } 1244 1245 /* Only enable wake-up/irq when controller is powered */ 1246 device_set_wakeup_capable(&pdev->dev, true); 1247 device_wakeup_disable(&pdev->dev); 1248 1249 no_irq: 1250 platform_set_drvdata(pdev, idev); 1251 1252 /* Place this instance on the device list */ 1253 mutex_lock(&intel_device_list_lock); 1254 list_add_tail(&idev->list, &intel_device_list); 1255 mutex_unlock(&intel_device_list_lock); 1256 1257 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n", 1258 desc_to_gpio(idev->reset), idev->irq); 1259 1260 return 0; 1261 } 1262 1263 static int intel_remove(struct platform_device *pdev) 1264 { 1265 struct intel_device *idev = platform_get_drvdata(pdev); 1266 1267 device_wakeup_disable(&pdev->dev); 1268 1269 mutex_lock(&intel_device_list_lock); 1270 list_del(&idev->list); 1271 mutex_unlock(&intel_device_list_lock); 1272 1273 dev_info(&pdev->dev, "unregistered.\n"); 1274 1275 return 0; 1276 } 1277 1278 static struct platform_driver intel_driver = { 1279 .probe = intel_probe, 1280 .remove = intel_remove, 1281 .driver = { 1282 .name = "hci_intel", 1283 .acpi_match_table = ACPI_PTR(intel_acpi_match), 1284 .pm = &intel_pm_ops, 1285 }, 1286 }; 1287 1288 int __init intel_init(void) 1289 { 1290 platform_driver_register(&intel_driver); 1291 1292 return hci_uart_register_proto(&intel_proto); 1293 } 1294 1295 int __exit intel_deinit(void) 1296 { 1297 platform_driver_unregister(&intel_driver); 1298 1299 return hci_uart_unregister_proto(&intel_proto); 1300 } 1301