1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Bluetooth Software UART Qualcomm protocol
4 *
5 * HCI_IBS (HCI In-Band Sleep) is Qualcomm's power management
6 * protocol extension to H4.
7 *
8 * Copyright (C) 2007 Texas Instruments, Inc.
9 * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.
10 *
11 * Acknowledgements:
12 * This file is based on hci_ll.c, which was...
13 * Written by Ohad Ben-Cohen <ohad@bencohen.org>
14 * which was in turn based on hci_h4.c, which was written
15 * by Maxim Krasnyansky and Marcel Holtmann.
16 */
17
18 #include <linux/kernel.h>
19 #include <linux/clk.h>
20 #include <linux/completion.h>
21 #include <linux/debugfs.h>
22 #include <linux/delay.h>
23 #include <linux/devcoredump.h>
24 #include <linux/device.h>
25 #include <linux/gpio/consumer.h>
26 #include <linux/mod_devicetable.h>
27 #include <linux/module.h>
28 #include <linux/of.h>
29 #include <linux/acpi.h>
30 #include <linux/platform_device.h>
31 #include <linux/pwrseq/consumer.h>
32 #include <linux/regulator/consumer.h>
33 #include <linux/serdev.h>
34 #include <linux/string_choices.h>
35 #include <linux/mutex.h>
36 #include <linux/unaligned.h>
37
38 #include <net/bluetooth/bluetooth.h>
39 #include <net/bluetooth/hci_core.h>
40
41 #include "hci_uart.h"
42 #include "btqca.h"
43
44 /* HCI_IBS protocol messages */
45 #define HCI_IBS_SLEEP_IND 0xFE
46 #define HCI_IBS_WAKE_IND 0xFD
47 #define HCI_IBS_WAKE_ACK 0xFC
48 #define HCI_MAX_IBS_SIZE 10
49
50 #define IBS_WAKE_RETRANS_TIMEOUT_MS 100
51 #define IBS_BTSOC_TX_IDLE_TIMEOUT_MS 200
52 #define IBS_HOST_TX_IDLE_TIMEOUT_MS 2000
53 #define CMD_TRANS_TIMEOUT_MS 100
54 #define MEMDUMP_TIMEOUT_MS 8000
55 #define IBS_DISABLE_SSR_TIMEOUT_MS \
56 (MEMDUMP_TIMEOUT_MS + FW_DOWNLOAD_TIMEOUT_MS)
57 #define FW_DOWNLOAD_TIMEOUT_MS 3000
58
59 /* susclk rate */
60 #define SUSCLK_RATE_32KHZ 32768
61
62 /* Controller debug log header */
63 #define QCA_DEBUG_HANDLE 0x2EDC
64
65 /* max retry count when init fails */
66 #define MAX_INIT_RETRIES 3
67
68 /* Controller dump header */
69 #define QCA_SSR_DUMP_HANDLE 0x0108
70 #define QCA_DUMP_PACKET_SIZE 255
71 #define QCA_LAST_SEQUENCE_NUM 0xFFFF
72 #define QCA_CRASHBYTE_PACKET_LEN 1096
73 #define QCA_MEMDUMP_BYTE 0xFB
74
75 enum qca_flags {
76 QCA_IBS_DISABLED,
77 QCA_DROP_VENDOR_EVENT,
78 QCA_SUSPENDING,
79 QCA_MEMDUMP_COLLECTION,
80 QCA_HW_ERROR_EVENT,
81 QCA_SSR_TRIGGERED,
82 QCA_BT_OFF,
83 QCA_ROM_FW,
84 QCA_DEBUGFS_CREATED,
85 };
86
87 enum qca_capabilities {
88 QCA_CAP_WIDEBAND_SPEECH = BIT(0),
89 QCA_CAP_VALID_LE_STATES = BIT(1),
90 QCA_CAP_HFP_HW_OFFLOAD = BIT(2),
91 };
92
93 /* HCI_IBS transmit side sleep protocol states */
94 enum tx_ibs_states {
95 HCI_IBS_TX_ASLEEP,
96 HCI_IBS_TX_WAKING,
97 HCI_IBS_TX_AWAKE,
98 };
99
100 /* HCI_IBS receive side sleep protocol states */
101 enum rx_states {
102 HCI_IBS_RX_ASLEEP,
103 HCI_IBS_RX_AWAKE,
104 };
105
106 /* HCI_IBS transmit and receive side clock state vote */
107 enum hci_ibs_clock_state_vote {
108 HCI_IBS_VOTE_STATS_UPDATE,
109 HCI_IBS_TX_VOTE_CLOCK_ON,
110 HCI_IBS_TX_VOTE_CLOCK_OFF,
111 HCI_IBS_RX_VOTE_CLOCK_ON,
112 HCI_IBS_RX_VOTE_CLOCK_OFF,
113 };
114
115 /* Controller memory dump states */
116 enum qca_memdump_states {
117 QCA_MEMDUMP_IDLE,
118 QCA_MEMDUMP_COLLECTING,
119 QCA_MEMDUMP_COLLECTED,
120 QCA_MEMDUMP_TIMEOUT,
121 };
122
123 struct qca_memdump_info {
124 u32 current_seq_no;
125 u32 received_dump;
126 u32 ram_dump_size;
127 };
128
129 struct qca_memdump_event_hdr {
130 __u8 evt;
131 __u8 plen;
132 __u16 opcode;
133 __le16 seq_no;
134 __u8 reserved;
135 } __packed;
136
137
138 struct qca_dump_size {
139 __le32 dump_size;
140 } __packed;
141
142 struct qca_data {
143 struct hci_uart *hu;
144 struct sk_buff *rx_skb;
145 struct sk_buff_head txq;
146 struct sk_buff_head tx_wait_q; /* HCI_IBS wait queue */
147 struct sk_buff_head rx_memdump_q; /* Memdump wait queue */
148 spinlock_t hci_ibs_lock; /* HCI_IBS state lock */
149 u8 tx_ibs_state; /* HCI_IBS transmit side power state*/
150 u8 rx_ibs_state; /* HCI_IBS receive side power state */
151 bool tx_vote; /* Clock must be on for TX */
152 bool rx_vote; /* Clock must be on for RX */
153 struct timer_list tx_idle_timer;
154 u32 tx_idle_delay;
155 struct timer_list wake_retrans_timer;
156 u32 wake_retrans;
157 struct workqueue_struct *workqueue;
158 struct work_struct ws_awake_rx;
159 struct work_struct ws_awake_device;
160 struct work_struct ws_rx_vote_off;
161 struct work_struct ws_tx_vote_off;
162 struct work_struct ctrl_memdump_evt;
163 struct delayed_work ctrl_memdump_timeout;
164 struct qca_memdump_info *qca_memdump;
165 unsigned long flags;
166 struct completion drop_ev_comp;
167 wait_queue_head_t suspend_wait_q;
168 enum qca_memdump_states memdump_state;
169 struct mutex hci_memdump_lock;
170
171 u16 fw_version;
172 u16 controller_id;
173 /* For debugging purpose */
174 u64 ibs_sent_wacks;
175 u64 ibs_sent_slps;
176 u64 ibs_sent_wakes;
177 u64 ibs_recv_wacks;
178 u64 ibs_recv_slps;
179 u64 ibs_recv_wakes;
180 u64 vote_last_jif;
181 u32 vote_on_ms;
182 u32 vote_off_ms;
183 u64 tx_votes_on;
184 u64 rx_votes_on;
185 u64 tx_votes_off;
186 u64 rx_votes_off;
187 u64 votes_on;
188 u64 votes_off;
189 };
190
191 enum qca_speed_type {
192 QCA_INIT_SPEED = 1,
193 QCA_OPER_SPEED
194 };
195
196 /*
197 * Voltage regulator information required for configuring the
198 * QCA Bluetooth chipset
199 */
200 struct qca_vreg {
201 const char *name;
202 unsigned int load_uA;
203 };
204
205 struct qca_device_data {
206 enum qca_btsoc_type soc_type;
207 struct qca_vreg *vregs;
208 size_t num_vregs;
209 uint32_t capabilities;
210 };
211
212 /*
213 * Platform data for the QCA Bluetooth power driver.
214 */
215 struct qca_power {
216 struct device *dev;
217 struct regulator_bulk_data *vreg_bulk;
218 int num_vregs;
219 bool vregs_on;
220 struct pwrseq_desc *pwrseq;
221 };
222
223 struct qca_serdev {
224 struct hci_uart serdev_hu;
225 struct gpio_desc *bt_en;
226 struct gpio_desc *sw_ctrl;
227 struct clk *susclk;
228 enum qca_btsoc_type btsoc_type;
229 struct qca_power *bt_power;
230 u32 init_speed;
231 u32 oper_speed;
232 bool bdaddr_property_broken;
233 bool support_hfp_hw_offload;
234 const char *firmware_name[2];
235 };
236
237 static int qca_regulator_enable(struct qca_serdev *qcadev);
238 static void qca_regulator_disable(struct qca_serdev *qcadev);
239 static void qca_power_shutdown(struct hci_uart *hu);
240 static int qca_power_off(struct hci_dev *hdev);
241 static void qca_controller_memdump(struct work_struct *work);
242 static void qca_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb);
243
qca_soc_type(struct hci_uart * hu)244 static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
245 {
246 enum qca_btsoc_type soc_type;
247
248 if (hu->serdev) {
249 struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
250
251 soc_type = qsd->btsoc_type;
252 } else {
253 soc_type = QCA_ROME;
254 }
255
256 return soc_type;
257 }
258
qca_get_firmware_name(struct hci_uart * hu)259 static const char *qca_get_firmware_name(struct hci_uart *hu)
260 {
261 if (hu->serdev) {
262 struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
263
264 return qsd->firmware_name[0];
265 } else {
266 return NULL;
267 }
268 }
269
qca_get_rampatch_name(struct hci_uart * hu)270 static const char *qca_get_rampatch_name(struct hci_uart *hu)
271 {
272 if (hu->serdev) {
273 struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
274
275 return qsd->firmware_name[1];
276 } else {
277 return NULL;
278 }
279 }
280
__serial_clock_on(struct tty_struct * tty)281 static void __serial_clock_on(struct tty_struct *tty)
282 {
283 /* TODO: Some chipset requires to enable UART clock on client
284 * side to save power consumption or manual work is required.
285 * Please put your code to control UART clock here if needed
286 */
287 }
288
__serial_clock_off(struct tty_struct * tty)289 static void __serial_clock_off(struct tty_struct *tty)
290 {
291 /* TODO: Some chipset requires to disable UART clock on client
292 * side to save power consumption or manual work is required.
293 * Please put your code to control UART clock off here if needed
294 */
295 }
296
297 /* serial_clock_vote needs to be called with the ibs lock held */
serial_clock_vote(unsigned long vote,struct hci_uart * hu)298 static void serial_clock_vote(unsigned long vote, struct hci_uart *hu)
299 {
300 struct qca_data *qca = hu->priv;
301 unsigned int diff;
302
303 bool old_vote = (qca->tx_vote | qca->rx_vote);
304 bool new_vote;
305
306 switch (vote) {
307 case HCI_IBS_VOTE_STATS_UPDATE:
308 diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
309
310 if (old_vote)
311 qca->vote_off_ms += diff;
312 else
313 qca->vote_on_ms += diff;
314 return;
315
316 case HCI_IBS_TX_VOTE_CLOCK_ON:
317 qca->tx_vote = true;
318 qca->tx_votes_on++;
319 break;
320
321 case HCI_IBS_RX_VOTE_CLOCK_ON:
322 qca->rx_vote = true;
323 qca->rx_votes_on++;
324 break;
325
326 case HCI_IBS_TX_VOTE_CLOCK_OFF:
327 qca->tx_vote = false;
328 qca->tx_votes_off++;
329 break;
330
331 case HCI_IBS_RX_VOTE_CLOCK_OFF:
332 qca->rx_vote = false;
333 qca->rx_votes_off++;
334 break;
335
336 default:
337 BT_ERR("Voting irregularity");
338 return;
339 }
340
341 new_vote = qca->rx_vote | qca->tx_vote;
342
343 if (new_vote != old_vote) {
344 if (new_vote)
345 __serial_clock_on(hu->tty);
346 else
347 __serial_clock_off(hu->tty);
348
349 BT_DBG("Vote serial clock %s(%s)", str_true_false(new_vote),
350 str_true_false(vote));
351
352 diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
353
354 if (new_vote) {
355 qca->votes_on++;
356 qca->vote_off_ms += diff;
357 } else {
358 qca->votes_off++;
359 qca->vote_on_ms += diff;
360 }
361 qca->vote_last_jif = jiffies;
362 }
363 }
364
365 /* Builds and sends an HCI_IBS command packet.
366 * These are very simple packets with only 1 cmd byte.
367 */
send_hci_ibs_cmd(u8 cmd,struct hci_uart * hu)368 static int send_hci_ibs_cmd(u8 cmd, struct hci_uart *hu)
369 {
370 int err = 0;
371 struct sk_buff *skb = NULL;
372 struct qca_data *qca = hu->priv;
373
374 BT_DBG("hu %p send hci ibs cmd 0x%x", hu, cmd);
375
376 skb = bt_skb_alloc(1, GFP_ATOMIC);
377 if (!skb) {
378 BT_ERR("Failed to allocate memory for HCI_IBS packet");
379 return -ENOMEM;
380 }
381
382 /* Assign HCI_IBS type */
383 skb_put_u8(skb, cmd);
384
385 skb_queue_tail(&qca->txq, skb);
386
387 return err;
388 }
389
qca_wq_awake_device(struct work_struct * work)390 static void qca_wq_awake_device(struct work_struct *work)
391 {
392 struct qca_data *qca = container_of(work, struct qca_data,
393 ws_awake_device);
394 struct hci_uart *hu = qca->hu;
395 unsigned long retrans_delay;
396 unsigned long flags;
397
398 BT_DBG("hu %p wq awake device", hu);
399
400 /* Vote for serial clock */
401 serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_ON, hu);
402
403 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
404
405 /* Send wake indication to device */
406 if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0)
407 BT_ERR("Failed to send WAKE to device");
408
409 qca->ibs_sent_wakes++;
410
411 /* Start retransmit timer */
412 retrans_delay = msecs_to_jiffies(qca->wake_retrans);
413 mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
414
415 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
416
417 /* Actually send the packets */
418 hci_uart_tx_wakeup(hu);
419 }
420
qca_wq_awake_rx(struct work_struct * work)421 static void qca_wq_awake_rx(struct work_struct *work)
422 {
423 struct qca_data *qca = container_of(work, struct qca_data,
424 ws_awake_rx);
425 struct hci_uart *hu = qca->hu;
426 unsigned long flags;
427
428 BT_DBG("hu %p wq awake rx", hu);
429
430 serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_ON, hu);
431
432 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
433 qca->rx_ibs_state = HCI_IBS_RX_AWAKE;
434
435 /* Always acknowledge device wake up,
436 * sending IBS message doesn't count as TX ON.
437 */
438 if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0)
439 BT_ERR("Failed to acknowledge device wake up");
440
441 qca->ibs_sent_wacks++;
442
443 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
444
445 /* Actually send the packets */
446 hci_uart_tx_wakeup(hu);
447 }
448
qca_wq_serial_rx_clock_vote_off(struct work_struct * work)449 static void qca_wq_serial_rx_clock_vote_off(struct work_struct *work)
450 {
451 struct qca_data *qca = container_of(work, struct qca_data,
452 ws_rx_vote_off);
453 struct hci_uart *hu = qca->hu;
454
455 BT_DBG("hu %p rx clock vote off", hu);
456
457 serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_OFF, hu);
458 }
459
qca_wq_serial_tx_clock_vote_off(struct work_struct * work)460 static void qca_wq_serial_tx_clock_vote_off(struct work_struct *work)
461 {
462 struct qca_data *qca = container_of(work, struct qca_data,
463 ws_tx_vote_off);
464 struct hci_uart *hu = qca->hu;
465
466 BT_DBG("hu %p tx clock vote off", hu);
467
468 /* Run HCI tx handling unlocked */
469 hci_uart_tx_wakeup(hu);
470
471 /* Now that message queued to tty driver, vote for tty clocks off.
472 * It is up to the tty driver to pend the clocks off until tx done.
473 */
474 serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu);
475 }
476
hci_ibs_tx_idle_timeout(struct timer_list * t)477 static void hci_ibs_tx_idle_timeout(struct timer_list *t)
478 {
479 struct qca_data *qca = timer_container_of(qca, t, tx_idle_timer);
480 struct hci_uart *hu = qca->hu;
481 unsigned long flags;
482
483 BT_DBG("hu %p idle timeout in %d state", hu, qca->tx_ibs_state);
484
485 spin_lock_irqsave_nested(&qca->hci_ibs_lock,
486 flags, SINGLE_DEPTH_NESTING);
487
488 switch (qca->tx_ibs_state) {
489 case HCI_IBS_TX_AWAKE:
490 /* TX_IDLE, go to SLEEP */
491 if (send_hci_ibs_cmd(HCI_IBS_SLEEP_IND, hu) < 0) {
492 BT_ERR("Failed to send SLEEP to device");
493 break;
494 }
495 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
496 qca->ibs_sent_slps++;
497 queue_work(qca->workqueue, &qca->ws_tx_vote_off);
498 break;
499
500 case HCI_IBS_TX_ASLEEP:
501 case HCI_IBS_TX_WAKING:
502 default:
503 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
504 break;
505 }
506
507 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
508 }
509
hci_ibs_wake_retrans_timeout(struct timer_list * t)510 static void hci_ibs_wake_retrans_timeout(struct timer_list *t)
511 {
512 struct qca_data *qca = timer_container_of(qca, t, wake_retrans_timer);
513 struct hci_uart *hu = qca->hu;
514 unsigned long flags, retrans_delay;
515 bool retransmit = false;
516
517 BT_DBG("hu %p wake retransmit timeout in %d state",
518 hu, qca->tx_ibs_state);
519
520 spin_lock_irqsave_nested(&qca->hci_ibs_lock,
521 flags, SINGLE_DEPTH_NESTING);
522
523 /* Don't retransmit the HCI_IBS_WAKE_IND when suspending. */
524 if (test_bit(QCA_SUSPENDING, &qca->flags)) {
525 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
526 return;
527 }
528
529 switch (qca->tx_ibs_state) {
530 case HCI_IBS_TX_WAKING:
531 /* No WAKE_ACK, retransmit WAKE */
532 retransmit = true;
533 if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0) {
534 BT_ERR("Failed to acknowledge device wake up");
535 break;
536 }
537 qca->ibs_sent_wakes++;
538 retrans_delay = msecs_to_jiffies(qca->wake_retrans);
539 mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
540 break;
541
542 case HCI_IBS_TX_ASLEEP:
543 case HCI_IBS_TX_AWAKE:
544 default:
545 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
546 break;
547 }
548
549 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
550
551 if (retransmit)
552 hci_uart_tx_wakeup(hu);
553 }
554
555
qca_controller_memdump_timeout(struct work_struct * work)556 static void qca_controller_memdump_timeout(struct work_struct *work)
557 {
558 struct qca_data *qca = container_of(work, struct qca_data,
559 ctrl_memdump_timeout.work);
560 struct hci_uart *hu = qca->hu;
561
562 mutex_lock(&qca->hci_memdump_lock);
563 if (test_bit(QCA_MEMDUMP_COLLECTION, &qca->flags)) {
564 qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
565 if (!test_bit(QCA_HW_ERROR_EVENT, &qca->flags)) {
566 /* Inject hw error event to reset the device
567 * and driver.
568 */
569 hci_reset_dev(hu->hdev);
570 }
571 }
572
573 mutex_unlock(&qca->hci_memdump_lock);
574 }
575
576
577 /* Initialize protocol */
qca_open(struct hci_uart * hu)578 static int qca_open(struct hci_uart *hu)
579 {
580 struct qca_serdev *qcadev;
581 struct qca_data *qca;
582
583 BT_DBG("hu %p qca_open", hu);
584
585 if (!hci_uart_has_flow_control(hu))
586 return -EOPNOTSUPP;
587
588 qca = kzalloc_obj(*qca);
589 if (!qca)
590 return -ENOMEM;
591
592 skb_queue_head_init(&qca->txq);
593 skb_queue_head_init(&qca->tx_wait_q);
594 skb_queue_head_init(&qca->rx_memdump_q);
595 spin_lock_init(&qca->hci_ibs_lock);
596 mutex_init(&qca->hci_memdump_lock);
597 qca->workqueue = alloc_ordered_workqueue("qca_wq", 0);
598 if (!qca->workqueue) {
599 BT_ERR("QCA Workqueue not initialized properly");
600 kfree(qca);
601 return -ENOMEM;
602 }
603
604 INIT_WORK(&qca->ws_awake_rx, qca_wq_awake_rx);
605 INIT_WORK(&qca->ws_awake_device, qca_wq_awake_device);
606 INIT_WORK(&qca->ws_rx_vote_off, qca_wq_serial_rx_clock_vote_off);
607 INIT_WORK(&qca->ws_tx_vote_off, qca_wq_serial_tx_clock_vote_off);
608 INIT_WORK(&qca->ctrl_memdump_evt, qca_controller_memdump);
609 INIT_DELAYED_WORK(&qca->ctrl_memdump_timeout,
610 qca_controller_memdump_timeout);
611 init_waitqueue_head(&qca->suspend_wait_q);
612
613 qca->hu = hu;
614 init_completion(&qca->drop_ev_comp);
615
616 /* Assume we start with both sides asleep -- extra wakes OK */
617 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
618 qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
619
620 qca->vote_last_jif = jiffies;
621
622 hu->priv = qca;
623
624 if (hu->serdev) {
625 qcadev = serdev_device_get_drvdata(hu->serdev);
626
627 switch (qcadev->btsoc_type) {
628 case QCA_WCN3950:
629 case QCA_WCN3988:
630 case QCA_WCN3990:
631 case QCA_WCN3991:
632 case QCA_WCN3998:
633 case QCA_WCN6750:
634 hu->init_speed = qcadev->init_speed;
635 break;
636
637 default:
638 break;
639 }
640
641 if (qcadev->oper_speed)
642 hu->oper_speed = qcadev->oper_speed;
643 }
644
645 timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0);
646 qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS;
647
648 timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0);
649 qca->tx_idle_delay = IBS_HOST_TX_IDLE_TIMEOUT_MS;
650
651 BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u",
652 qca->tx_idle_delay, qca->wake_retrans);
653
654 return 0;
655 }
656
qca_debugfs_init(struct hci_dev * hdev)657 static void qca_debugfs_init(struct hci_dev *hdev)
658 {
659 struct hci_uart *hu = hci_get_drvdata(hdev);
660 struct qca_data *qca = hu->priv;
661 struct dentry *ibs_dir;
662 umode_t mode;
663
664 if (!hdev->debugfs)
665 return;
666
667 if (test_and_set_bit(QCA_DEBUGFS_CREATED, &qca->flags))
668 return;
669
670 ibs_dir = debugfs_create_dir("ibs", hdev->debugfs);
671
672 /* read only */
673 mode = 0444;
674 debugfs_create_u8("tx_ibs_state", mode, ibs_dir, &qca->tx_ibs_state);
675 debugfs_create_u8("rx_ibs_state", mode, ibs_dir, &qca->rx_ibs_state);
676 debugfs_create_u64("ibs_sent_sleeps", mode, ibs_dir,
677 &qca->ibs_sent_slps);
678 debugfs_create_u64("ibs_sent_wakes", mode, ibs_dir,
679 &qca->ibs_sent_wakes);
680 debugfs_create_u64("ibs_sent_wake_acks", mode, ibs_dir,
681 &qca->ibs_sent_wacks);
682 debugfs_create_u64("ibs_recv_sleeps", mode, ibs_dir,
683 &qca->ibs_recv_slps);
684 debugfs_create_u64("ibs_recv_wakes", mode, ibs_dir,
685 &qca->ibs_recv_wakes);
686 debugfs_create_u64("ibs_recv_wake_acks", mode, ibs_dir,
687 &qca->ibs_recv_wacks);
688 debugfs_create_bool("tx_vote", mode, ibs_dir, &qca->tx_vote);
689 debugfs_create_u64("tx_votes_on", mode, ibs_dir, &qca->tx_votes_on);
690 debugfs_create_u64("tx_votes_off", mode, ibs_dir, &qca->tx_votes_off);
691 debugfs_create_bool("rx_vote", mode, ibs_dir, &qca->rx_vote);
692 debugfs_create_u64("rx_votes_on", mode, ibs_dir, &qca->rx_votes_on);
693 debugfs_create_u64("rx_votes_off", mode, ibs_dir, &qca->rx_votes_off);
694 debugfs_create_u64("votes_on", mode, ibs_dir, &qca->votes_on);
695 debugfs_create_u64("votes_off", mode, ibs_dir, &qca->votes_off);
696 debugfs_create_u32("vote_on_ms", mode, ibs_dir, &qca->vote_on_ms);
697 debugfs_create_u32("vote_off_ms", mode, ibs_dir, &qca->vote_off_ms);
698
699 /* read/write */
700 mode = 0644;
701 debugfs_create_u32("wake_retrans", mode, ibs_dir, &qca->wake_retrans);
702 debugfs_create_u32("tx_idle_delay", mode, ibs_dir,
703 &qca->tx_idle_delay);
704 }
705
706 /* Flush protocol data */
qca_flush(struct hci_uart * hu)707 static int qca_flush(struct hci_uart *hu)
708 {
709 struct qca_data *qca = hu->priv;
710
711 BT_DBG("hu %p qca flush", hu);
712
713 skb_queue_purge(&qca->tx_wait_q);
714 skb_queue_purge(&qca->txq);
715
716 return 0;
717 }
718
719 /* Close protocol */
qca_close(struct hci_uart * hu)720 static int qca_close(struct hci_uart *hu)
721 {
722 struct qca_data *qca = hu->priv;
723
724 BT_DBG("hu %p qca close", hu);
725
726 serial_clock_vote(HCI_IBS_VOTE_STATS_UPDATE, hu);
727
728 skb_queue_purge(&qca->tx_wait_q);
729 skb_queue_purge(&qca->txq);
730 skb_queue_purge(&qca->rx_memdump_q);
731 /*
732 * Shut the timers down so they can't be rearmed when
733 * destroy_workqueue() drains pending work which in turn might try
734 * to arm a timer. After shutdown rearm attempts are silently
735 * ignored by the timer core code.
736 */
737 timer_shutdown_sync(&qca->tx_idle_timer);
738 timer_shutdown_sync(&qca->wake_retrans_timer);
739 destroy_workqueue(qca->workqueue);
740 qca->hu = NULL;
741
742 kfree_skb(qca->rx_skb);
743
744 hu->priv = NULL;
745
746 kfree(qca);
747
748 return 0;
749 }
750
751 /* Called upon a wake-up-indication from the device.
752 */
device_want_to_wakeup(struct hci_uart * hu)753 static void device_want_to_wakeup(struct hci_uart *hu)
754 {
755 unsigned long flags;
756 struct qca_data *qca = hu->priv;
757
758 BT_DBG("hu %p want to wake up", hu);
759
760 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
761
762 qca->ibs_recv_wakes++;
763
764 /* Don't wake the rx up when suspending. */
765 if (test_bit(QCA_SUSPENDING, &qca->flags)) {
766 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
767 return;
768 }
769
770 switch (qca->rx_ibs_state) {
771 case HCI_IBS_RX_ASLEEP:
772 /* Make sure clock is on - we may have turned clock off since
773 * receiving the wake up indicator awake rx clock.
774 */
775 queue_work(qca->workqueue, &qca->ws_awake_rx);
776 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
777 return;
778
779 case HCI_IBS_RX_AWAKE:
780 /* Always acknowledge device wake up,
781 * sending IBS message doesn't count as TX ON.
782 */
783 if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0) {
784 BT_ERR("Failed to acknowledge device wake up");
785 break;
786 }
787 qca->ibs_sent_wacks++;
788 break;
789
790 default:
791 /* Any other state is illegal */
792 BT_ERR("Received HCI_IBS_WAKE_IND in rx state %d",
793 qca->rx_ibs_state);
794 break;
795 }
796
797 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
798
799 /* Actually send the packets */
800 hci_uart_tx_wakeup(hu);
801 }
802
803 /* Called upon a sleep-indication from the device.
804 */
device_want_to_sleep(struct hci_uart * hu)805 static void device_want_to_sleep(struct hci_uart *hu)
806 {
807 unsigned long flags;
808 struct qca_data *qca = hu->priv;
809
810 BT_DBG("hu %p want to sleep in %d state", hu, qca->rx_ibs_state);
811
812 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
813
814 qca->ibs_recv_slps++;
815
816 switch (qca->rx_ibs_state) {
817 case HCI_IBS_RX_AWAKE:
818 /* Update state */
819 qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
820 /* Vote off rx clock under workqueue */
821 queue_work(qca->workqueue, &qca->ws_rx_vote_off);
822 break;
823
824 case HCI_IBS_RX_ASLEEP:
825 break;
826
827 default:
828 /* Any other state is illegal */
829 BT_ERR("Received HCI_IBS_SLEEP_IND in rx state %d",
830 qca->rx_ibs_state);
831 break;
832 }
833
834 wake_up_interruptible(&qca->suspend_wait_q);
835
836 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
837 }
838
839 /* Called upon wake-up-acknowledgement from the device
840 */
device_woke_up(struct hci_uart * hu)841 static void device_woke_up(struct hci_uart *hu)
842 {
843 unsigned long flags, idle_delay;
844 struct qca_data *qca = hu->priv;
845 struct sk_buff *skb = NULL;
846
847 BT_DBG("hu %p woke up", hu);
848
849 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
850
851 qca->ibs_recv_wacks++;
852
853 /* Don't react to the wake-up-acknowledgment when suspending. */
854 if (test_bit(QCA_SUSPENDING, &qca->flags)) {
855 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
856 return;
857 }
858
859 switch (qca->tx_ibs_state) {
860 case HCI_IBS_TX_AWAKE:
861 /* Expect one if we send 2 WAKEs */
862 BT_DBG("Received HCI_IBS_WAKE_ACK in tx state %d",
863 qca->tx_ibs_state);
864 break;
865
866 case HCI_IBS_TX_WAKING:
867 /* Send pending packets */
868 while ((skb = skb_dequeue(&qca->tx_wait_q)))
869 skb_queue_tail(&qca->txq, skb);
870
871 /* Switch timers and change state to HCI_IBS_TX_AWAKE */
872 timer_delete(&qca->wake_retrans_timer);
873 idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
874 mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
875 qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
876 break;
877
878 case HCI_IBS_TX_ASLEEP:
879 default:
880 BT_ERR("Received HCI_IBS_WAKE_ACK in tx state %d",
881 qca->tx_ibs_state);
882 break;
883 }
884
885 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
886
887 /* Actually send the packets */
888 hci_uart_tx_wakeup(hu);
889 }
890
891 /* Enqueue frame for transmission (padding, crc, etc) may be called from
892 * two simultaneous tasklets.
893 */
qca_enqueue(struct hci_uart * hu,struct sk_buff * skb)894 static int qca_enqueue(struct hci_uart *hu, struct sk_buff *skb)
895 {
896 unsigned long flags = 0, idle_delay;
897 struct qca_data *qca = hu->priv;
898
899 BT_DBG("hu %p qca enq skb %p tx_ibs_state %d", hu, skb,
900 qca->tx_ibs_state);
901
902 if (test_bit(QCA_SSR_TRIGGERED, &qca->flags)) {
903 /* As SSR is in progress, ignore the packets */
904 bt_dev_dbg(hu->hdev, "SSR is in progress");
905 kfree_skb(skb);
906 return 0;
907 }
908
909 /* Prepend skb with frame type */
910 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
911
912 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
913
914 /* Don't go to sleep in middle of patch download or
915 * Out-Of-Band(GPIOs control) sleep is selected.
916 * Don't wake the device up when suspending.
917 */
918 if (test_bit(QCA_IBS_DISABLED, &qca->flags) ||
919 test_bit(QCA_SUSPENDING, &qca->flags)) {
920 skb_queue_tail(&qca->txq, skb);
921 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
922 return 0;
923 }
924
925 /* Act according to current state */
926 switch (qca->tx_ibs_state) {
927 case HCI_IBS_TX_AWAKE:
928 BT_DBG("Device awake, sending normally");
929 skb_queue_tail(&qca->txq, skb);
930 idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
931 mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
932 break;
933
934 case HCI_IBS_TX_ASLEEP:
935 BT_DBG("Device asleep, waking up and queueing packet");
936 /* Save packet for later */
937 skb_queue_tail(&qca->tx_wait_q, skb);
938
939 qca->tx_ibs_state = HCI_IBS_TX_WAKING;
940 /* Schedule a work queue to wake up device */
941 queue_work(qca->workqueue, &qca->ws_awake_device);
942 break;
943
944 case HCI_IBS_TX_WAKING:
945 BT_DBG("Device waking up, queueing packet");
946 /* Transient state; just keep packet for later */
947 skb_queue_tail(&qca->tx_wait_q, skb);
948 break;
949
950 default:
951 BT_ERR("Illegal tx state: %d (losing packet)",
952 qca->tx_ibs_state);
953 dev_kfree_skb_irq(skb);
954 break;
955 }
956
957 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
958
959 return 0;
960 }
961
qca_ibs_sleep_ind(struct hci_dev * hdev,struct sk_buff * skb)962 static int qca_ibs_sleep_ind(struct hci_dev *hdev, struct sk_buff *skb)
963 {
964 struct hci_uart *hu = hci_get_drvdata(hdev);
965
966 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_SLEEP_IND);
967
968 device_want_to_sleep(hu);
969
970 kfree_skb(skb);
971 return 0;
972 }
973
qca_ibs_wake_ind(struct hci_dev * hdev,struct sk_buff * skb)974 static int qca_ibs_wake_ind(struct hci_dev *hdev, struct sk_buff *skb)
975 {
976 struct hci_uart *hu = hci_get_drvdata(hdev);
977
978 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_IND);
979
980 device_want_to_wakeup(hu);
981
982 kfree_skb(skb);
983 return 0;
984 }
985
qca_ibs_wake_ack(struct hci_dev * hdev,struct sk_buff * skb)986 static int qca_ibs_wake_ack(struct hci_dev *hdev, struct sk_buff *skb)
987 {
988 struct hci_uart *hu = hci_get_drvdata(hdev);
989
990 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_ACK);
991
992 device_woke_up(hu);
993
994 kfree_skb(skb);
995 return 0;
996 }
997
qca_recv_acl_data(struct hci_dev * hdev,struct sk_buff * skb)998 static int qca_recv_acl_data(struct hci_dev *hdev, struct sk_buff *skb)
999 {
1000 /* We receive debug logs from chip as an ACL packets.
1001 * Instead of sending the data to ACL to decode the
1002 * received data, we are pushing them to the above layers
1003 * as a diagnostic packet.
1004 */
1005 if (get_unaligned_le16(skb->data) == QCA_DEBUG_HANDLE)
1006 return hci_recv_diag(hdev, skb);
1007
1008 return hci_recv_frame(hdev, skb);
1009 }
1010
qca_dmp_hdr(struct hci_dev * hdev,struct sk_buff * skb)1011 static void qca_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
1012 {
1013 struct hci_uart *hu = hci_get_drvdata(hdev);
1014 struct qca_data *qca = hu->priv;
1015 char buf[80];
1016
1017 snprintf(buf, sizeof(buf), "Controller Name: 0x%x\n",
1018 qca->controller_id);
1019 skb_put_data(skb, buf, strlen(buf));
1020
1021 snprintf(buf, sizeof(buf), "Firmware Version: 0x%x\n",
1022 qca->fw_version);
1023 skb_put_data(skb, buf, strlen(buf));
1024
1025 snprintf(buf, sizeof(buf), "Vendor:Qualcomm\n");
1026 skb_put_data(skb, buf, strlen(buf));
1027
1028 snprintf(buf, sizeof(buf), "Driver: %s\n",
1029 hu->serdev->dev.driver->name);
1030 skb_put_data(skb, buf, strlen(buf));
1031 }
1032
qca_controller_memdump(struct work_struct * work)1033 static void qca_controller_memdump(struct work_struct *work)
1034 {
1035 struct qca_data *qca = container_of(work, struct qca_data,
1036 ctrl_memdump_evt);
1037 struct hci_uart *hu = qca->hu;
1038 struct sk_buff *skb;
1039 struct qca_memdump_event_hdr *cmd_hdr;
1040 struct qca_memdump_info *qca_memdump = qca->qca_memdump;
1041 struct qca_dump_size *dump;
1042 u16 seq_no;
1043 u32 rx_size;
1044 int ret = 0;
1045 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1046
1047 while ((skb = skb_dequeue(&qca->rx_memdump_q))) {
1048
1049 mutex_lock(&qca->hci_memdump_lock);
1050 /* Skip processing the received packets if timeout detected
1051 * or memdump collection completed.
1052 */
1053 if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT ||
1054 qca->memdump_state == QCA_MEMDUMP_COLLECTED) {
1055 mutex_unlock(&qca->hci_memdump_lock);
1056 return;
1057 }
1058
1059 if (!qca_memdump) {
1060 qca_memdump = kzalloc_obj(*qca_memdump, GFP_ATOMIC);
1061 if (!qca_memdump) {
1062 mutex_unlock(&qca->hci_memdump_lock);
1063 return;
1064 }
1065
1066 qca->qca_memdump = qca_memdump;
1067 }
1068
1069 qca->memdump_state = QCA_MEMDUMP_COLLECTING;
1070 cmd_hdr = (void *) skb->data;
1071 seq_no = __le16_to_cpu(cmd_hdr->seq_no);
1072 skb_pull(skb, sizeof(struct qca_memdump_event_hdr));
1073
1074 if (!seq_no) {
1075
1076 /* This is the first frame of memdump packet from
1077 * the controller, Disable IBS to receive dump
1078 * with out any interruption, ideally time required for
1079 * the controller to send the dump is 8 seconds. let us
1080 * start timer to handle this asynchronous activity.
1081 */
1082 set_bit(QCA_IBS_DISABLED, &qca->flags);
1083 set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1084 dump = (void *) skb->data;
1085 qca_memdump->ram_dump_size = __le32_to_cpu(dump->dump_size);
1086 if (!(qca_memdump->ram_dump_size)) {
1087 bt_dev_err(hu->hdev, "Rx invalid memdump size");
1088 kfree(qca_memdump);
1089 kfree_skb(skb);
1090 mutex_unlock(&qca->hci_memdump_lock);
1091 return;
1092 }
1093
1094 queue_delayed_work(qca->workqueue,
1095 &qca->ctrl_memdump_timeout,
1096 msecs_to_jiffies(MEMDUMP_TIMEOUT_MS));
1097 skb_pull(skb, sizeof(qca_memdump->ram_dump_size));
1098 qca_memdump->current_seq_no = 0;
1099 qca_memdump->received_dump = 0;
1100 ret = hci_devcd_init(hu->hdev, qca_memdump->ram_dump_size);
1101 bt_dev_info(hu->hdev, "hci_devcd_init Return:%d",
1102 ret);
1103 if (ret < 0) {
1104 kfree(qca->qca_memdump);
1105 qca->qca_memdump = NULL;
1106 qca->memdump_state = QCA_MEMDUMP_COLLECTED;
1107 cancel_delayed_work(&qca->ctrl_memdump_timeout);
1108 clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1109 clear_bit(QCA_IBS_DISABLED, &qca->flags);
1110 mutex_unlock(&qca->hci_memdump_lock);
1111 return;
1112 }
1113
1114 bt_dev_info(hu->hdev, "QCA collecting dump of size:%u",
1115 qca_memdump->ram_dump_size);
1116
1117 }
1118
1119 /* If sequence no 0 is missed then there is no point in
1120 * accepting the other sequences.
1121 */
1122 if (!test_bit(QCA_MEMDUMP_COLLECTION, &qca->flags)) {
1123 bt_dev_err(hu->hdev, "QCA: Discarding other packets");
1124 kfree(qca_memdump);
1125 kfree_skb(skb);
1126 mutex_unlock(&qca->hci_memdump_lock);
1127 return;
1128 }
1129 /* There could be chance of missing some packets from
1130 * the controller. In such cases let us store the dummy
1131 * packets in the buffer.
1132 */
1133 /* For QCA6390, controller does not lost packets but
1134 * sequence number field of packet sometimes has error
1135 * bits, so skip this checking for missing packet.
1136 */
1137 while ((seq_no > qca_memdump->current_seq_no + 1) &&
1138 (soc_type != QCA_QCA6390) &&
1139 seq_no != QCA_LAST_SEQUENCE_NUM) {
1140 bt_dev_err(hu->hdev, "QCA controller missed packet:%d",
1141 qca_memdump->current_seq_no);
1142 rx_size = qca_memdump->received_dump;
1143 rx_size += QCA_DUMP_PACKET_SIZE;
1144 if (rx_size > qca_memdump->ram_dump_size) {
1145 bt_dev_err(hu->hdev,
1146 "QCA memdump received %d, no space for missed packet",
1147 qca_memdump->received_dump);
1148 break;
1149 }
1150 hci_devcd_append_pattern(hu->hdev, 0x00,
1151 QCA_DUMP_PACKET_SIZE);
1152 qca_memdump->received_dump += QCA_DUMP_PACKET_SIZE;
1153 qca_memdump->current_seq_no++;
1154 }
1155
1156 rx_size = qca_memdump->received_dump + skb->len;
1157 if (rx_size <= qca_memdump->ram_dump_size) {
1158 if ((seq_no != QCA_LAST_SEQUENCE_NUM) &&
1159 (seq_no != qca_memdump->current_seq_no)) {
1160 bt_dev_err(hu->hdev,
1161 "QCA memdump unexpected packet %d",
1162 seq_no);
1163 }
1164 bt_dev_dbg(hu->hdev,
1165 "QCA memdump packet %d with length %d",
1166 seq_no, skb->len);
1167 hci_devcd_append(hu->hdev, skb);
1168 qca_memdump->current_seq_no += 1;
1169 qca_memdump->received_dump = rx_size;
1170 } else {
1171 bt_dev_err(hu->hdev,
1172 "QCA memdump received no space for packet %d",
1173 qca_memdump->current_seq_no);
1174 }
1175
1176 if (seq_no == QCA_LAST_SEQUENCE_NUM) {
1177 bt_dev_info(hu->hdev,
1178 "QCA memdump Done, received %d, total %d",
1179 qca_memdump->received_dump,
1180 qca_memdump->ram_dump_size);
1181 hci_devcd_complete(hu->hdev);
1182 cancel_delayed_work(&qca->ctrl_memdump_timeout);
1183 kfree(qca->qca_memdump);
1184 qca->qca_memdump = NULL;
1185 qca->memdump_state = QCA_MEMDUMP_COLLECTED;
1186 clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1187 }
1188
1189 mutex_unlock(&qca->hci_memdump_lock);
1190 }
1191
1192 }
1193
qca_controller_memdump_event(struct hci_dev * hdev,struct sk_buff * skb)1194 static int qca_controller_memdump_event(struct hci_dev *hdev,
1195 struct sk_buff *skb)
1196 {
1197 struct hci_uart *hu = hci_get_drvdata(hdev);
1198 struct qca_data *qca = hu->priv;
1199
1200 set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1201 skb_queue_tail(&qca->rx_memdump_q, skb);
1202 queue_work(qca->workqueue, &qca->ctrl_memdump_evt);
1203
1204 return 0;
1205 }
1206
qca_recv_event(struct hci_dev * hdev,struct sk_buff * skb)1207 static int qca_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
1208 {
1209 struct hci_uart *hu = hci_get_drvdata(hdev);
1210 struct qca_data *qca = hu->priv;
1211
1212 if (test_bit(QCA_DROP_VENDOR_EVENT, &qca->flags)) {
1213 struct hci_event_hdr *hdr = (void *)skb->data;
1214
1215 /* For the WCN3990 the vendor command for a baudrate change
1216 * isn't sent as synchronous HCI command, because the
1217 * controller sends the corresponding vendor event with the
1218 * new baudrate. The event is received and properly decoded
1219 * after changing the baudrate of the host port. It needs to
1220 * be dropped, otherwise it can be misinterpreted as
1221 * response to a later firmware download command (also a
1222 * vendor command).
1223 */
1224
1225 if (hdr->evt == HCI_EV_VENDOR)
1226 complete(&qca->drop_ev_comp);
1227
1228 kfree_skb(skb);
1229
1230 return 0;
1231 }
1232 /* We receive chip memory dump as an event packet, With a dedicated
1233 * handler followed by a hardware error event. When this event is
1234 * received we store dump into a file before closing hci. This
1235 * dump will help in triaging the issues.
1236 */
1237 if ((skb->data[0] == HCI_VENDOR_PKT) &&
1238 (get_unaligned_be16(skb->data + 2) == QCA_SSR_DUMP_HANDLE))
1239 return qca_controller_memdump_event(hdev, skb);
1240
1241 return hci_recv_frame(hdev, skb);
1242 }
1243
1244 #define QCA_IBS_SLEEP_IND_EVENT \
1245 .type = HCI_IBS_SLEEP_IND, \
1246 .hlen = 0, \
1247 .loff = 0, \
1248 .lsize = 0, \
1249 .maxlen = HCI_MAX_IBS_SIZE
1250
1251 #define QCA_IBS_WAKE_IND_EVENT \
1252 .type = HCI_IBS_WAKE_IND, \
1253 .hlen = 0, \
1254 .loff = 0, \
1255 .lsize = 0, \
1256 .maxlen = HCI_MAX_IBS_SIZE
1257
1258 #define QCA_IBS_WAKE_ACK_EVENT \
1259 .type = HCI_IBS_WAKE_ACK, \
1260 .hlen = 0, \
1261 .loff = 0, \
1262 .lsize = 0, \
1263 .maxlen = HCI_MAX_IBS_SIZE
1264
1265 static const struct h4_recv_pkt qca_recv_pkts[] = {
1266 { H4_RECV_ACL, .recv = qca_recv_acl_data },
1267 { H4_RECV_SCO, .recv = hci_recv_frame },
1268 { H4_RECV_EVENT, .recv = qca_recv_event },
1269 { H4_RECV_ISO, .recv = hci_recv_frame },
1270 { QCA_IBS_WAKE_IND_EVENT, .recv = qca_ibs_wake_ind },
1271 { QCA_IBS_WAKE_ACK_EVENT, .recv = qca_ibs_wake_ack },
1272 { QCA_IBS_SLEEP_IND_EVENT, .recv = qca_ibs_sleep_ind },
1273 };
1274
qca_recv(struct hci_uart * hu,const void * data,int count)1275 static int qca_recv(struct hci_uart *hu, const void *data, int count)
1276 {
1277 struct qca_data *qca = hu->priv;
1278
1279 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1280 return -EUNATCH;
1281
1282 qca->rx_skb = h4_recv_buf(hu, qca->rx_skb, data, count,
1283 qca_recv_pkts, ARRAY_SIZE(qca_recv_pkts));
1284 if (IS_ERR(qca->rx_skb)) {
1285 int err = PTR_ERR(qca->rx_skb);
1286 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1287 qca->rx_skb = NULL;
1288 return err;
1289 }
1290
1291 return count;
1292 }
1293
qca_dequeue(struct hci_uart * hu)1294 static struct sk_buff *qca_dequeue(struct hci_uart *hu)
1295 {
1296 struct qca_data *qca = hu->priv;
1297
1298 return skb_dequeue(&qca->txq);
1299 }
1300
qca_get_baudrate_value(int speed)1301 static uint8_t qca_get_baudrate_value(int speed)
1302 {
1303 switch (speed) {
1304 case 9600:
1305 return QCA_BAUDRATE_9600;
1306 case 19200:
1307 return QCA_BAUDRATE_19200;
1308 case 38400:
1309 return QCA_BAUDRATE_38400;
1310 case 57600:
1311 return QCA_BAUDRATE_57600;
1312 case 115200:
1313 return QCA_BAUDRATE_115200;
1314 case 230400:
1315 return QCA_BAUDRATE_230400;
1316 case 460800:
1317 return QCA_BAUDRATE_460800;
1318 case 500000:
1319 return QCA_BAUDRATE_500000;
1320 case 921600:
1321 return QCA_BAUDRATE_921600;
1322 case 1000000:
1323 return QCA_BAUDRATE_1000000;
1324 case 2000000:
1325 return QCA_BAUDRATE_2000000;
1326 case 3000000:
1327 return QCA_BAUDRATE_3000000;
1328 case 3200000:
1329 return QCA_BAUDRATE_3200000;
1330 case 3500000:
1331 return QCA_BAUDRATE_3500000;
1332 default:
1333 return QCA_BAUDRATE_115200;
1334 }
1335 }
1336
qca_set_baudrate(struct hci_dev * hdev,uint8_t baudrate)1337 static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
1338 {
1339 struct hci_uart *hu = hci_get_drvdata(hdev);
1340 struct qca_data *qca = hu->priv;
1341 struct sk_buff *skb;
1342 u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 };
1343
1344 if (baudrate > QCA_BAUDRATE_3200000)
1345 return -EINVAL;
1346
1347 cmd[4] = baudrate;
1348
1349 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1350 if (!skb) {
1351 bt_dev_err(hdev, "Failed to allocate baudrate packet");
1352 return -ENOMEM;
1353 }
1354
1355 /* Assign commands to change baudrate and packet type. */
1356 skb_put_data(skb, cmd, sizeof(cmd));
1357 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1358
1359 skb_queue_tail(&qca->txq, skb);
1360 hci_uart_tx_wakeup(hu);
1361
1362 /* Wait for the baudrate change request to be sent */
1363
1364 while (!skb_queue_empty(&qca->txq))
1365 usleep_range(100, 200);
1366
1367 if (hu->serdev)
1368 serdev_device_wait_until_sent(hu->serdev,
1369 msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
1370
1371 /* Give the controller time to process the request */
1372 switch (qca_soc_type(hu)) {
1373 case QCA_WCN3950:
1374 case QCA_WCN3988:
1375 case QCA_WCN3990:
1376 case QCA_WCN3991:
1377 case QCA_WCN3998:
1378 case QCA_WCN6750:
1379 case QCA_WCN6855:
1380 case QCA_WCN7850:
1381 usleep_range(1000, 10000);
1382 break;
1383
1384 default:
1385 msleep(300);
1386 }
1387
1388 return 0;
1389 }
1390
host_set_baudrate(struct hci_uart * hu,unsigned int speed)1391 static inline void host_set_baudrate(struct hci_uart *hu, unsigned int speed)
1392 {
1393 if (hu->serdev)
1394 serdev_device_set_baudrate(hu->serdev, speed);
1395 else
1396 hci_uart_set_baudrate(hu, speed);
1397 }
1398
qca_send_power_pulse(struct hci_uart * hu,bool on)1399 static int qca_send_power_pulse(struct hci_uart *hu, bool on)
1400 {
1401 int ret;
1402 int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS);
1403 u8 cmd = on ? QCA_WCN3990_POWERON_PULSE : QCA_WCN3990_POWEROFF_PULSE;
1404
1405 /* These power pulses are single byte command which are sent
1406 * at required baudrate to wcn3990. On wcn3990, we have an external
1407 * circuit at Tx pin which decodes the pulse sent at specific baudrate.
1408 * For example, wcn3990 supports RF COEX antenna for both Wi-Fi/BT
1409 * and also we use the same power inputs to turn on and off for
1410 * Wi-Fi/BT. Powering up the power sources will not enable BT, until
1411 * we send a power on pulse at 115200 bps. This algorithm will help to
1412 * save power. Disabling hardware flow control is mandatory while
1413 * sending power pulses to SoC.
1414 */
1415 bt_dev_dbg(hu->hdev, "sending power pulse %02x to controller", cmd);
1416
1417 serdev_device_write_flush(hu->serdev);
1418 hci_uart_set_flow_control(hu, true);
1419 ret = serdev_device_write_buf(hu->serdev, &cmd, sizeof(cmd));
1420 if (ret < 0) {
1421 bt_dev_err(hu->hdev, "failed to send power pulse %02x", cmd);
1422 return ret;
1423 }
1424
1425 serdev_device_wait_until_sent(hu->serdev, timeout);
1426 hci_uart_set_flow_control(hu, false);
1427
1428 /* Give to controller time to boot/shutdown */
1429 if (on)
1430 msleep(100);
1431 else
1432 usleep_range(1000, 10000);
1433
1434 return 0;
1435 }
1436
qca_get_speed(struct hci_uart * hu,enum qca_speed_type speed_type)1437 static unsigned int qca_get_speed(struct hci_uart *hu,
1438 enum qca_speed_type speed_type)
1439 {
1440 unsigned int speed = 0;
1441
1442 if (speed_type == QCA_INIT_SPEED) {
1443 if (hu->init_speed)
1444 speed = hu->init_speed;
1445 else if (hu->proto->init_speed)
1446 speed = hu->proto->init_speed;
1447 } else {
1448 if (hu->oper_speed)
1449 speed = hu->oper_speed;
1450 else if (hu->proto->oper_speed)
1451 speed = hu->proto->oper_speed;
1452 }
1453
1454 return speed;
1455 }
1456
qca_check_speeds(struct hci_uart * hu)1457 static int qca_check_speeds(struct hci_uart *hu)
1458 {
1459 switch (qca_soc_type(hu)) {
1460 case QCA_WCN3950:
1461 case QCA_WCN3988:
1462 case QCA_WCN3990:
1463 case QCA_WCN3991:
1464 case QCA_WCN3998:
1465 case QCA_WCN6750:
1466 case QCA_WCN6855:
1467 case QCA_WCN7850:
1468 if (!qca_get_speed(hu, QCA_INIT_SPEED) &&
1469 !qca_get_speed(hu, QCA_OPER_SPEED))
1470 return -EINVAL;
1471 break;
1472
1473 default:
1474 if (!qca_get_speed(hu, QCA_INIT_SPEED) ||
1475 !qca_get_speed(hu, QCA_OPER_SPEED))
1476 return -EINVAL;
1477 }
1478
1479 return 0;
1480 }
1481
qca_set_speed(struct hci_uart * hu,enum qca_speed_type speed_type)1482 static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
1483 {
1484 unsigned int speed, qca_baudrate;
1485 struct qca_data *qca = hu->priv;
1486 int ret = 0;
1487
1488 if (speed_type == QCA_INIT_SPEED) {
1489 speed = qca_get_speed(hu, QCA_INIT_SPEED);
1490 if (speed)
1491 host_set_baudrate(hu, speed);
1492 } else {
1493 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1494
1495 speed = qca_get_speed(hu, QCA_OPER_SPEED);
1496 if (!speed)
1497 return 0;
1498
1499 /* Disable flow control for wcn3990 to deassert RTS while
1500 * changing the baudrate of chip and host.
1501 */
1502 switch (soc_type) {
1503 case QCA_WCN3950:
1504 case QCA_WCN3988:
1505 case QCA_WCN3990:
1506 case QCA_WCN3991:
1507 case QCA_WCN3998:
1508 case QCA_WCN6750:
1509 case QCA_WCN6855:
1510 case QCA_WCN7850:
1511 hci_uart_set_flow_control(hu, true);
1512 break;
1513
1514 default:
1515 break;
1516 }
1517
1518 switch (soc_type) {
1519 case QCA_WCN3990:
1520 reinit_completion(&qca->drop_ev_comp);
1521 set_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1522 break;
1523
1524 default:
1525 break;
1526 }
1527
1528 qca_baudrate = qca_get_baudrate_value(speed);
1529 bt_dev_dbg(hu->hdev, "Set UART speed to %d", speed);
1530 ret = qca_set_baudrate(hu->hdev, qca_baudrate);
1531 if (ret)
1532 goto error;
1533
1534 host_set_baudrate(hu, speed);
1535
1536 error:
1537 switch (soc_type) {
1538 case QCA_WCN3950:
1539 case QCA_WCN3988:
1540 case QCA_WCN3990:
1541 case QCA_WCN3991:
1542 case QCA_WCN3998:
1543 case QCA_WCN6750:
1544 case QCA_WCN6855:
1545 case QCA_WCN7850:
1546 hci_uart_set_flow_control(hu, false);
1547 break;
1548
1549 default:
1550 break;
1551 }
1552
1553 switch (soc_type) {
1554 case QCA_WCN3990:
1555 /* Wait for the controller to send the vendor event
1556 * for the baudrate change command.
1557 */
1558 if (!wait_for_completion_timeout(&qca->drop_ev_comp,
1559 msecs_to_jiffies(100))) {
1560 bt_dev_err(hu->hdev,
1561 "Failed to change controller baudrate\n");
1562 ret = -ETIMEDOUT;
1563 }
1564
1565 clear_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1566 break;
1567
1568 default:
1569 break;
1570 }
1571 }
1572
1573 return ret;
1574 }
1575
qca_send_crashbuffer(struct hci_uart * hu)1576 static int qca_send_crashbuffer(struct hci_uart *hu)
1577 {
1578 struct qca_data *qca = hu->priv;
1579 struct sk_buff *skb;
1580
1581 skb = bt_skb_alloc(QCA_CRASHBYTE_PACKET_LEN, GFP_KERNEL);
1582 if (!skb) {
1583 bt_dev_err(hu->hdev, "Failed to allocate memory for skb packet");
1584 return -ENOMEM;
1585 }
1586
1587 /* We forcefully crash the controller, by sending 0xfb byte for
1588 * 1024 times. We also might have chance of losing data, To be
1589 * on safer side we send 1096 bytes to the SoC.
1590 */
1591 memset(skb_put(skb, QCA_CRASHBYTE_PACKET_LEN), QCA_MEMDUMP_BYTE,
1592 QCA_CRASHBYTE_PACKET_LEN);
1593 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1594 bt_dev_info(hu->hdev, "crash the soc to collect controller dump");
1595 skb_queue_tail(&qca->txq, skb);
1596 hci_uart_tx_wakeup(hu);
1597
1598 return 0;
1599 }
1600
qca_wait_for_dump_collection(struct hci_dev * hdev)1601 static void qca_wait_for_dump_collection(struct hci_dev *hdev)
1602 {
1603 struct hci_uart *hu = hci_get_drvdata(hdev);
1604 struct qca_data *qca = hu->priv;
1605
1606 wait_on_bit_timeout(&qca->flags, QCA_MEMDUMP_COLLECTION,
1607 TASK_UNINTERRUPTIBLE, MEMDUMP_TIMEOUT_MS);
1608
1609 clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1610 }
1611
qca_hw_error(struct hci_dev * hdev,u8 code)1612 static void qca_hw_error(struct hci_dev *hdev, u8 code)
1613 {
1614 struct hci_uart *hu = hci_get_drvdata(hdev);
1615 struct qca_data *qca = hu->priv;
1616
1617 set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1618 set_bit(QCA_HW_ERROR_EVENT, &qca->flags);
1619 bt_dev_info(hdev, "mem_dump_status: %d", qca->memdump_state);
1620
1621 if (qca->memdump_state == QCA_MEMDUMP_IDLE) {
1622 /* If hardware error event received for other than QCA
1623 * soc memory dump event, then we need to crash the SOC
1624 * and wait here for 8 seconds to get the dump packets.
1625 * This will block main thread to be on hold until we
1626 * collect dump.
1627 */
1628 set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1629 qca_send_crashbuffer(hu);
1630 qca_wait_for_dump_collection(hdev);
1631 } else if (qca->memdump_state == QCA_MEMDUMP_COLLECTING) {
1632 /* Let us wait here until memory dump collected or
1633 * memory dump timer expired.
1634 */
1635 bt_dev_info(hdev, "waiting for dump to complete");
1636 qca_wait_for_dump_collection(hdev);
1637 }
1638
1639 mutex_lock(&qca->hci_memdump_lock);
1640 if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) {
1641 bt_dev_err(hu->hdev, "clearing allocated memory due to memdump timeout");
1642 hci_devcd_abort(hu->hdev);
1643 if (qca->qca_memdump) {
1644 kfree(qca->qca_memdump);
1645 qca->qca_memdump = NULL;
1646 }
1647 qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
1648 cancel_delayed_work(&qca->ctrl_memdump_timeout);
1649 }
1650 mutex_unlock(&qca->hci_memdump_lock);
1651
1652 if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT ||
1653 qca->memdump_state == QCA_MEMDUMP_COLLECTED) {
1654 cancel_work_sync(&qca->ctrl_memdump_evt);
1655 skb_queue_purge(&qca->rx_memdump_q);
1656 }
1657
1658 /*
1659 * If the BT chip's bt_en pin is connected to a 3.3V power supply via
1660 * hardware and always stays high, driver cannot control the bt_en pin.
1661 * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and
1662 * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset
1663 * command timeout.
1664 * Add an msleep delay to ensure controller completes the SSR process.
1665 *
1666 * Host will not download the firmware after SSR, controller to remain
1667 * in the IBS_WAKE state, and the host needs to synchronize with it
1668 *
1669 * Since the bluetooth chip has been reset, clear the memdump state.
1670 */
1671 if (!hci_test_quirk(hu->hdev, HCI_QUIRK_NON_PERSISTENT_SETUP)) {
1672 /*
1673 * When the SSR (SubSystem Restart) duration exceeds 2 seconds,
1674 * it triggers host tx_idle_delay, which sets host TX state
1675 * to sleep. Reset tx_idle_timer after SSR to prevent
1676 * host enter TX IBS_Sleep mode.
1677 */
1678 mod_timer(&qca->tx_idle_timer, jiffies +
1679 msecs_to_jiffies(qca->tx_idle_delay));
1680
1681 /* Controller reset completion time is 50ms */
1682 msleep(50);
1683
1684 clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
1685 clear_bit(QCA_IBS_DISABLED, &qca->flags);
1686
1687 qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
1688 qca->memdump_state = QCA_MEMDUMP_IDLE;
1689 }
1690
1691 clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
1692 }
1693
qca_reset(struct hci_dev * hdev)1694 static void qca_reset(struct hci_dev *hdev)
1695 {
1696 struct hci_uart *hu = hci_get_drvdata(hdev);
1697 struct qca_data *qca = hu->priv;
1698
1699 set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1700 if (qca->memdump_state == QCA_MEMDUMP_IDLE) {
1701 set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1702 qca_send_crashbuffer(hu);
1703 qca_wait_for_dump_collection(hdev);
1704 } else if (qca->memdump_state == QCA_MEMDUMP_COLLECTING) {
1705 /* Let us wait here until memory dump collected or
1706 * memory dump timer expired.
1707 */
1708 bt_dev_info(hdev, "waiting for dump to complete");
1709 qca_wait_for_dump_collection(hdev);
1710 }
1711
1712 mutex_lock(&qca->hci_memdump_lock);
1713 if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) {
1714 qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
1715 if (!test_bit(QCA_HW_ERROR_EVENT, &qca->flags)) {
1716 /* Inject hw error event to reset the device
1717 * and driver.
1718 */
1719 hci_reset_dev(hu->hdev);
1720 }
1721 }
1722 mutex_unlock(&qca->hci_memdump_lock);
1723 }
1724
qca_wakeup(struct hci_dev * hdev)1725 static bool qca_wakeup(struct hci_dev *hdev)
1726 {
1727 struct hci_uart *hu = hci_get_drvdata(hdev);
1728 bool wakeup;
1729
1730 if (!hu->serdev)
1731 return true;
1732
1733 /* BT SoC attached through the serial bus is handled by the serdev driver.
1734 * So we need to use the device handle of the serdev driver to get the
1735 * status of device may wakeup.
1736 */
1737 wakeup = device_may_wakeup(&hu->serdev->ctrl->dev);
1738 bt_dev_dbg(hu->hdev, "wakeup status : %d", wakeup);
1739
1740 return wakeup;
1741 }
1742
qca_port_reopen(struct hci_uart * hu)1743 static int qca_port_reopen(struct hci_uart *hu)
1744 {
1745 int ret;
1746
1747 /* Now the device is in ready state to communicate with host.
1748 * To sync host with device we need to reopen port.
1749 * Without this, we will have RTS and CTS synchronization
1750 * issues.
1751 */
1752 serdev_device_close(hu->serdev);
1753 ret = serdev_device_open(hu->serdev);
1754 if (ret) {
1755 bt_dev_err(hu->hdev, "failed to open port");
1756 return ret;
1757 }
1758
1759 hci_uart_set_flow_control(hu, false);
1760
1761 return 0;
1762 }
1763
qca_regulator_init(struct hci_uart * hu)1764 static int qca_regulator_init(struct hci_uart *hu)
1765 {
1766 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1767 struct qca_serdev *qcadev;
1768 int ret;
1769 bool sw_ctrl_state;
1770
1771 /* Check for vregs status, may be hci down has turned
1772 * off the voltage regulator.
1773 */
1774 qcadev = serdev_device_get_drvdata(hu->serdev);
1775
1776 if (!qcadev->bt_power->vregs_on) {
1777 serdev_device_close(hu->serdev);
1778 ret = qca_regulator_enable(qcadev);
1779 if (ret)
1780 return ret;
1781
1782 ret = serdev_device_open(hu->serdev);
1783 if (ret) {
1784 bt_dev_err(hu->hdev, "failed to open port");
1785 return ret;
1786 }
1787 }
1788
1789 switch (soc_type) {
1790 case QCA_WCN3950:
1791 case QCA_WCN3988:
1792 case QCA_WCN3990:
1793 case QCA_WCN3991:
1794 case QCA_WCN3998:
1795 /* Forcefully enable wcn399x to enter in to boot mode. */
1796 host_set_baudrate(hu, 2400);
1797 ret = qca_send_power_pulse(hu, false);
1798 if (ret)
1799 return ret;
1800 break;
1801
1802 default:
1803 break;
1804 }
1805
1806 /* For wcn6750 need to enable gpio bt_en */
1807 if (qcadev->bt_en) {
1808 gpiod_set_value_cansleep(qcadev->bt_en, 0);
1809 msleep(50);
1810 gpiod_set_value_cansleep(qcadev->bt_en, 1);
1811 msleep(50);
1812 if (qcadev->sw_ctrl) {
1813 sw_ctrl_state = gpiod_get_value_cansleep(qcadev->sw_ctrl);
1814 bt_dev_dbg(hu->hdev, "SW_CTRL is %d", sw_ctrl_state);
1815 }
1816 }
1817
1818 qca_set_speed(hu, QCA_INIT_SPEED);
1819
1820 switch (soc_type) {
1821 case QCA_WCN3950:
1822 case QCA_WCN3988:
1823 case QCA_WCN3990:
1824 case QCA_WCN3991:
1825 case QCA_WCN3998:
1826 ret = qca_send_power_pulse(hu, true);
1827 if (ret)
1828 return ret;
1829 break;
1830
1831 default:
1832 break;
1833 }
1834
1835 return qca_port_reopen(hu);
1836 }
1837
qca_power_on(struct hci_dev * hdev)1838 static int qca_power_on(struct hci_dev *hdev)
1839 {
1840 struct hci_uart *hu = hci_get_drvdata(hdev);
1841 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1842 struct qca_serdev *qcadev;
1843 struct qca_data *qca = hu->priv;
1844 int ret = 0;
1845
1846 /* Non-serdev device usually is powered by external power
1847 * and don't need additional action in driver for power on
1848 */
1849 if (!hu->serdev)
1850 return 0;
1851
1852 switch (soc_type) {
1853 case QCA_WCN3950:
1854 case QCA_WCN3988:
1855 case QCA_WCN3990:
1856 case QCA_WCN3991:
1857 case QCA_WCN3998:
1858 case QCA_WCN6750:
1859 case QCA_WCN6855:
1860 case QCA_WCN7850:
1861 case QCA_QCA6390:
1862 ret = qca_regulator_init(hu);
1863 break;
1864
1865 default:
1866 qcadev = serdev_device_get_drvdata(hu->serdev);
1867 if (qcadev->bt_en) {
1868 gpiod_set_value_cansleep(qcadev->bt_en, 1);
1869 /* Controller needs time to bootup. */
1870 msleep(150);
1871 }
1872 }
1873
1874 clear_bit(QCA_BT_OFF, &qca->flags);
1875 return ret;
1876 }
1877
hci_coredump_qca(struct hci_dev * hdev)1878 static void hci_coredump_qca(struct hci_dev *hdev)
1879 {
1880 int err;
1881 static const u8 param[] = { 0x26 };
1882
1883 err = __hci_cmd_send(hdev, 0xfc0c, 1, param);
1884 if (err < 0)
1885 bt_dev_err(hdev, "%s: trigger crash failed (%d)", __func__, err);
1886 }
1887
qca_get_data_path_id(struct hci_dev * hdev,__u8 * data_path_id)1888 static int qca_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
1889 {
1890 /* QCA uses 1 as non-HCI data path id for HFP */
1891 *data_path_id = 1;
1892 return 0;
1893 }
1894
qca_configure_hfp_offload(struct hci_dev * hdev)1895 static int qca_configure_hfp_offload(struct hci_dev *hdev)
1896 {
1897 bt_dev_info(hdev, "HFP non-HCI data transport is supported");
1898 hdev->get_data_path_id = qca_get_data_path_id;
1899 /* Do not need to send HCI_Configure_Data_Path to configure non-HCI
1900 * data transport path for QCA controllers, so set below field as NULL.
1901 */
1902 hdev->get_codec_config_data = NULL;
1903 return 0;
1904 }
1905
qca_setup(struct hci_uart * hu)1906 static int qca_setup(struct hci_uart *hu)
1907 {
1908 struct hci_dev *hdev = hu->hdev;
1909 struct qca_data *qca = hu->priv;
1910 unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200;
1911 unsigned int retries = 0;
1912 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1913 const char *firmware_name = qca_get_firmware_name(hu);
1914 const char *rampatch_name = qca_get_rampatch_name(hu);
1915 int ret;
1916 struct qca_btsoc_version ver;
1917 struct qca_serdev *qcadev = serdev_device_get_drvdata(hu->serdev);
1918 const char *soc_name;
1919
1920 ret = qca_check_speeds(hu);
1921 if (ret)
1922 return ret;
1923
1924 clear_bit(QCA_ROM_FW, &qca->flags);
1925 /* Patch downloading has to be done without IBS mode */
1926 set_bit(QCA_IBS_DISABLED, &qca->flags);
1927
1928 /* Enable controller to do both LE scan and BR/EDR inquiry
1929 * simultaneously.
1930 */
1931 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY);
1932
1933 switch (soc_type) {
1934 case QCA_QCA2066:
1935 soc_name = "qca2066";
1936 break;
1937
1938 case QCA_WCN3950:
1939 case QCA_WCN3988:
1940 case QCA_WCN3990:
1941 case QCA_WCN3991:
1942 case QCA_WCN3998:
1943 soc_name = "wcn399x";
1944 break;
1945
1946 case QCA_WCN6750:
1947 soc_name = "wcn6750";
1948 break;
1949
1950 case QCA_WCN6855:
1951 soc_name = "wcn6855";
1952 break;
1953
1954 case QCA_WCN7850:
1955 soc_name = "wcn7850";
1956 break;
1957
1958 default:
1959 soc_name = "ROME/QCA6390";
1960 }
1961 bt_dev_info(hdev, "setting up %s", soc_name);
1962
1963 qca->memdump_state = QCA_MEMDUMP_IDLE;
1964
1965 retry:
1966 ret = qca_power_on(hdev);
1967 if (ret)
1968 goto out;
1969
1970 clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
1971
1972 switch (soc_type) {
1973 case QCA_WCN3950:
1974 case QCA_WCN3988:
1975 case QCA_WCN3990:
1976 case QCA_WCN3991:
1977 case QCA_WCN3998:
1978 case QCA_WCN6750:
1979 case QCA_WCN6855:
1980 case QCA_WCN7850:
1981 if (qcadev->bdaddr_property_broken)
1982 hci_set_quirk(hdev, HCI_QUIRK_BDADDR_PROPERTY_BROKEN);
1983
1984 hci_set_aosp_capable(hdev);
1985
1986 ret = qca_read_soc_version(hdev, &ver, soc_type);
1987 if (ret)
1988 goto out;
1989 break;
1990
1991 default:
1992 qca_set_speed(hu, QCA_INIT_SPEED);
1993 }
1994
1995 /* Setup user speed if needed */
1996 speed = qca_get_speed(hu, QCA_OPER_SPEED);
1997 if (speed) {
1998 ret = qca_set_speed(hu, QCA_OPER_SPEED);
1999 if (ret)
2000 goto out;
2001
2002 qca_baudrate = qca_get_baudrate_value(speed);
2003 }
2004
2005 switch (soc_type) {
2006 case QCA_WCN3950:
2007 case QCA_WCN3988:
2008 case QCA_WCN3990:
2009 case QCA_WCN3991:
2010 case QCA_WCN3998:
2011 case QCA_WCN6750:
2012 case QCA_WCN6855:
2013 case QCA_WCN7850:
2014 break;
2015
2016 default:
2017 /* Get QCA version information */
2018 ret = qca_read_soc_version(hdev, &ver, soc_type);
2019 if (ret)
2020 goto out;
2021 }
2022
2023 /* Setup patch / NVM configurations */
2024 ret = qca_uart_setup(hdev, qca_baudrate, soc_type, ver,
2025 firmware_name, rampatch_name);
2026 if (!ret) {
2027 clear_bit(QCA_IBS_DISABLED, &qca->flags);
2028 qca_debugfs_init(hdev);
2029 hu->hdev->hw_error = qca_hw_error;
2030 hu->hdev->reset = qca_reset;
2031 if (hu->serdev) {
2032 if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
2033 hu->hdev->wakeup = qca_wakeup;
2034 }
2035 } else if (ret == -ENOENT) {
2036 /* No patch/nvm-config found, run with original fw/config */
2037 set_bit(QCA_ROM_FW, &qca->flags);
2038 ret = 0;
2039 } else if (ret == -EAGAIN) {
2040 /*
2041 * Userspace firmware loader will return -EAGAIN in case no
2042 * patch/nvm-config is found, so run with original fw/config.
2043 */
2044 set_bit(QCA_ROM_FW, &qca->flags);
2045 ret = 0;
2046 }
2047
2048 out:
2049 if (ret && retries < MAX_INIT_RETRIES) {
2050 bt_dev_warn(hdev, "Retry BT power ON:%d", retries);
2051 qca_power_shutdown(hu);
2052 if (hu->serdev) {
2053 serdev_device_close(hu->serdev);
2054 ret = serdev_device_open(hu->serdev);
2055 if (ret) {
2056 bt_dev_err(hdev, "failed to open port");
2057 return ret;
2058 }
2059 }
2060 retries++;
2061 goto retry;
2062 }
2063
2064 /* Setup bdaddr */
2065 if (soc_type == QCA_ROME)
2066 hu->hdev->set_bdaddr = qca_set_bdaddr_rome;
2067 else
2068 hu->hdev->set_bdaddr = qca_set_bdaddr;
2069
2070 if (qcadev->support_hfp_hw_offload)
2071 qca_configure_hfp_offload(hdev);
2072
2073 qca->fw_version = le16_to_cpu(ver.patch_ver);
2074 qca->controller_id = le16_to_cpu(ver.rom_ver);
2075 hci_devcd_register(hdev, hci_coredump_qca, qca_dmp_hdr, NULL);
2076
2077 return ret;
2078 }
2079
2080 static const struct hci_uart_proto qca_proto = {
2081 .id = HCI_UART_QCA,
2082 .name = "QCA",
2083 .manufacturer = 29,
2084 .init_speed = 115200,
2085 .oper_speed = 3000000,
2086 .open = qca_open,
2087 .close = qca_close,
2088 .flush = qca_flush,
2089 .setup = qca_setup,
2090 .recv = qca_recv,
2091 .enqueue = qca_enqueue,
2092 .dequeue = qca_dequeue,
2093 };
2094
2095 static const struct qca_device_data qca_soc_data_wcn3950 __maybe_unused = {
2096 .soc_type = QCA_WCN3950,
2097 .vregs = (struct qca_vreg []) {
2098 { "vddio", 15000 },
2099 { "vddxo", 60000 },
2100 { "vddrf", 155000 },
2101 { "vddch0", 585000 },
2102 },
2103 .num_vregs = 4,
2104 };
2105
2106 static const struct qca_device_data qca_soc_data_wcn3988 __maybe_unused = {
2107 .soc_type = QCA_WCN3988,
2108 .vregs = (struct qca_vreg []) {
2109 { "vddio", 15000 },
2110 { "vddxo", 80000 },
2111 { "vddrf", 300000 },
2112 { "vddch0", 450000 },
2113 },
2114 .num_vregs = 4,
2115 };
2116
2117 static const struct qca_device_data qca_soc_data_wcn3990 __maybe_unused = {
2118 .soc_type = QCA_WCN3990,
2119 .vregs = (struct qca_vreg []) {
2120 { "vddio", 15000 },
2121 { "vddxo", 80000 },
2122 { "vddrf", 300000 },
2123 { "vddch0", 450000 },
2124 },
2125 .num_vregs = 4,
2126 };
2127
2128 static const struct qca_device_data qca_soc_data_wcn3991 __maybe_unused = {
2129 .soc_type = QCA_WCN3991,
2130 .vregs = (struct qca_vreg []) {
2131 { "vddio", 15000 },
2132 { "vddxo", 80000 },
2133 { "vddrf", 300000 },
2134 { "vddch0", 450000 },
2135 },
2136 .num_vregs = 4,
2137 .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES,
2138 };
2139
2140 static const struct qca_device_data qca_soc_data_wcn3998 __maybe_unused = {
2141 .soc_type = QCA_WCN3998,
2142 .vregs = (struct qca_vreg []) {
2143 { "vddio", 10000 },
2144 { "vddxo", 80000 },
2145 { "vddrf", 300000 },
2146 { "vddch0", 450000 },
2147 },
2148 .num_vregs = 4,
2149 };
2150
2151 static const struct qca_device_data qca_soc_data_qca2066 __maybe_unused = {
2152 .soc_type = QCA_QCA2066,
2153 .num_vregs = 0,
2154 .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES |
2155 QCA_CAP_HFP_HW_OFFLOAD,
2156 };
2157
2158 static const struct qca_device_data qca_soc_data_qca6390 __maybe_unused = {
2159 .soc_type = QCA_QCA6390,
2160 .num_vregs = 0,
2161 };
2162
2163 static const struct qca_device_data qca_soc_data_wcn6750 __maybe_unused = {
2164 .soc_type = QCA_WCN6750,
2165 .vregs = (struct qca_vreg []) {
2166 { "vddio", 5000 },
2167 { "vddaon", 26000 },
2168 { "vddbtcxmx", 126000 },
2169 { "vddrfacmn", 12500 },
2170 { "vddrfa0p8", 102000 },
2171 { "vddrfa1p7", 302000 },
2172 { "vddrfa1p2", 257000 },
2173 { "vddrfa2p2", 1700000 },
2174 { "vddasd", 200 },
2175 },
2176 .num_vregs = 9,
2177 .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES,
2178 };
2179
2180 static const struct qca_device_data qca_soc_data_wcn6855 __maybe_unused = {
2181 .soc_type = QCA_WCN6855,
2182 .vregs = (struct qca_vreg []) {
2183 { "vddio", 5000 },
2184 { "vddbtcxmx", 126000 },
2185 { "vddrfacmn", 12500 },
2186 { "vddrfa0p8", 102000 },
2187 { "vddrfa1p7", 302000 },
2188 { "vddrfa1p2", 257000 },
2189 },
2190 .num_vregs = 6,
2191 .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES |
2192 QCA_CAP_HFP_HW_OFFLOAD,
2193 };
2194
2195 static const struct qca_device_data qca_soc_data_wcn7850 __maybe_unused = {
2196 .soc_type = QCA_WCN7850,
2197 .vregs = (struct qca_vreg []) {
2198 { "vddio", 5000 },
2199 { "vddaon", 26000 },
2200 { "vdddig", 126000 },
2201 { "vddrfa0p8", 102000 },
2202 { "vddrfa1p2", 257000 },
2203 { "vddrfa1p9", 302000 },
2204 },
2205 .num_vregs = 6,
2206 .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES |
2207 QCA_CAP_HFP_HW_OFFLOAD,
2208 };
2209
qca_power_shutdown(struct hci_uart * hu)2210 static void qca_power_shutdown(struct hci_uart *hu)
2211 {
2212 struct qca_serdev *qcadev;
2213 struct qca_data *qca = hu->priv;
2214 unsigned long flags;
2215 enum qca_btsoc_type soc_type = qca_soc_type(hu);
2216 bool sw_ctrl_state;
2217 struct qca_power *power;
2218
2219 /* From this point we go into power off state. But serial port is
2220 * still open, stop queueing the IBS data and flush all the buffered
2221 * data in skb's.
2222 */
2223 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
2224 set_bit(QCA_IBS_DISABLED, &qca->flags);
2225 qca_flush(hu);
2226 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
2227
2228 /* Non-serdev device usually is powered by external power
2229 * and don't need additional action in driver for power down
2230 */
2231 if (!hu->serdev)
2232 return;
2233
2234 qcadev = serdev_device_get_drvdata(hu->serdev);
2235 power = qcadev->bt_power;
2236
2237 if (power && power->pwrseq) {
2238 pwrseq_power_off(power->pwrseq);
2239 set_bit(QCA_BT_OFF, &qca->flags);
2240 return;
2241 }
2242
2243 switch (soc_type) {
2244 case QCA_WCN3988:
2245 case QCA_WCN3990:
2246 case QCA_WCN3991:
2247 case QCA_WCN3998:
2248 host_set_baudrate(hu, 2400);
2249 qca_send_power_pulse(hu, false);
2250 qca_regulator_disable(qcadev);
2251 break;
2252
2253 case QCA_WCN6750:
2254 case QCA_WCN6855:
2255 gpiod_set_value_cansleep(qcadev->bt_en, 0);
2256 msleep(100);
2257 qca_regulator_disable(qcadev);
2258 if (qcadev->sw_ctrl) {
2259 sw_ctrl_state = gpiod_get_value_cansleep(qcadev->sw_ctrl);
2260 bt_dev_dbg(hu->hdev, "SW_CTRL is %d", sw_ctrl_state);
2261 }
2262 break;
2263
2264 default:
2265 gpiod_set_value_cansleep(qcadev->bt_en, 0);
2266 }
2267
2268 set_bit(QCA_BT_OFF, &qca->flags);
2269 }
2270
qca_power_off(struct hci_dev * hdev)2271 static int qca_power_off(struct hci_dev *hdev)
2272 {
2273 struct hci_uart *hu = hci_get_drvdata(hdev);
2274 struct qca_data *qca = hu->priv;
2275 enum qca_btsoc_type soc_type = qca_soc_type(hu);
2276
2277 hu->hdev->hw_error = NULL;
2278 hu->hdev->reset = NULL;
2279
2280 timer_delete_sync(&qca->wake_retrans_timer);
2281 timer_delete_sync(&qca->tx_idle_timer);
2282
2283 /* Stop sending shutdown command if soc crashes. */
2284 if (soc_type != QCA_ROME
2285 && qca->memdump_state == QCA_MEMDUMP_IDLE) {
2286 qca_send_pre_shutdown_cmd(hdev);
2287 usleep_range(8000, 10000);
2288 }
2289
2290 qca_power_shutdown(hu);
2291 return 0;
2292 }
2293
qca_regulator_enable(struct qca_serdev * qcadev)2294 static int qca_regulator_enable(struct qca_serdev *qcadev)
2295 {
2296 struct qca_power *power = qcadev->bt_power;
2297 int ret;
2298
2299 if (power->pwrseq)
2300 return pwrseq_power_on(power->pwrseq);
2301
2302 /* Already enabled */
2303 if (power->vregs_on)
2304 return 0;
2305
2306 BT_DBG("enabling %d regulators)", power->num_vregs);
2307
2308 ret = regulator_bulk_enable(power->num_vregs, power->vreg_bulk);
2309 if (ret)
2310 return ret;
2311
2312 power->vregs_on = true;
2313
2314 ret = clk_prepare_enable(qcadev->susclk);
2315 if (ret)
2316 qca_regulator_disable(qcadev);
2317
2318 return ret;
2319 }
2320
qca_regulator_disable(struct qca_serdev * qcadev)2321 static void qca_regulator_disable(struct qca_serdev *qcadev)
2322 {
2323 struct qca_power *power;
2324
2325 if (!qcadev)
2326 return;
2327
2328 power = qcadev->bt_power;
2329
2330 /* Already disabled? */
2331 if (!power->vregs_on)
2332 return;
2333
2334 regulator_bulk_disable(power->num_vregs, power->vreg_bulk);
2335 power->vregs_on = false;
2336
2337 clk_disable_unprepare(qcadev->susclk);
2338 }
2339
qca_init_regulators(struct qca_power * qca,const struct qca_vreg * vregs,size_t num_vregs)2340 static int qca_init_regulators(struct qca_power *qca,
2341 const struct qca_vreg *vregs, size_t num_vregs)
2342 {
2343 struct regulator_bulk_data *bulk;
2344 int ret;
2345 int i;
2346
2347 bulk = devm_kcalloc(qca->dev, num_vregs, sizeof(*bulk), GFP_KERNEL);
2348 if (!bulk)
2349 return -ENOMEM;
2350
2351 for (i = 0; i < num_vregs; i++)
2352 bulk[i].supply = vregs[i].name;
2353
2354 ret = devm_regulator_bulk_get(qca->dev, num_vregs, bulk);
2355 if (ret < 0)
2356 return ret;
2357
2358 for (i = 0; i < num_vregs; i++) {
2359 ret = regulator_set_load(bulk[i].consumer, vregs[i].load_uA);
2360 if (ret)
2361 return ret;
2362 }
2363
2364 qca->vreg_bulk = bulk;
2365 qca->num_vregs = num_vregs;
2366
2367 return 0;
2368 }
2369
qca_serdev_probe(struct serdev_device * serdev)2370 static int qca_serdev_probe(struct serdev_device *serdev)
2371 {
2372 struct qca_serdev *qcadev;
2373 struct hci_dev *hdev;
2374 const struct qca_device_data *data;
2375 int err;
2376 bool power_ctrl_enabled = true;
2377
2378 qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL);
2379 if (!qcadev)
2380 return -ENOMEM;
2381
2382 qcadev->serdev_hu.serdev = serdev;
2383 data = device_get_match_data(&serdev->dev);
2384 serdev_device_set_drvdata(serdev, qcadev);
2385 device_property_read_string_array(&serdev->dev, "firmware-name",
2386 qcadev->firmware_name, ARRAY_SIZE(qcadev->firmware_name));
2387 device_property_read_u32(&serdev->dev, "max-speed",
2388 &qcadev->oper_speed);
2389 if (!qcadev->oper_speed)
2390 BT_DBG("UART will pick default operating speed");
2391
2392 qcadev->bdaddr_property_broken = device_property_read_bool(&serdev->dev,
2393 "qcom,local-bd-address-broken");
2394
2395 if (data)
2396 qcadev->btsoc_type = data->soc_type;
2397 else
2398 qcadev->btsoc_type = QCA_ROME;
2399
2400 switch (qcadev->btsoc_type) {
2401 case QCA_WCN3950:
2402 case QCA_WCN3988:
2403 case QCA_WCN3990:
2404 case QCA_WCN3991:
2405 case QCA_WCN3998:
2406 case QCA_WCN6750:
2407 case QCA_WCN6855:
2408 case QCA_WCN7850:
2409 case QCA_QCA6390:
2410 qcadev->bt_power = devm_kzalloc(&serdev->dev,
2411 sizeof(struct qca_power),
2412 GFP_KERNEL);
2413 if (!qcadev->bt_power)
2414 return -ENOMEM;
2415 break;
2416 default:
2417 break;
2418 }
2419
2420 switch (qcadev->btsoc_type) {
2421 case QCA_WCN6855:
2422 case QCA_WCN7850:
2423 case QCA_WCN6750:
2424 if (!device_property_present(&serdev->dev, "enable-gpios")) {
2425 /*
2426 * Backward compatibility with old DT sources. If the
2427 * node doesn't have the 'enable-gpios' property then
2428 * let's use the power sequencer. Otherwise, let's
2429 * drive everything ourselves.
2430 */
2431 qcadev->bt_power->pwrseq = devm_pwrseq_get(&serdev->dev,
2432 "bluetooth");
2433
2434 /*
2435 * Some modules have BT_EN enabled via a hardware pull-up,
2436 * meaning it is not defined in the DTS and is not controlled
2437 * through the power sequence. In such cases, fall through
2438 * to follow the legacy flow.
2439 */
2440 if (IS_ERR(qcadev->bt_power->pwrseq))
2441 qcadev->bt_power->pwrseq = NULL;
2442 else
2443 break;
2444 }
2445 fallthrough;
2446 case QCA_WCN3950:
2447 case QCA_WCN3988:
2448 case QCA_WCN3990:
2449 case QCA_WCN3991:
2450 case QCA_WCN3998:
2451 qcadev->bt_power->dev = &serdev->dev;
2452 err = qca_init_regulators(qcadev->bt_power, data->vregs,
2453 data->num_vregs);
2454 if (err) {
2455 BT_ERR("Failed to init regulators:%d", err);
2456 return err;
2457 }
2458
2459 qcadev->bt_power->vregs_on = false;
2460
2461 qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, "enable",
2462 GPIOD_OUT_LOW);
2463 if (IS_ERR(qcadev->bt_en))
2464 return dev_err_probe(&serdev->dev,
2465 PTR_ERR(qcadev->bt_en),
2466 "failed to acquire BT_EN gpio\n");
2467
2468 if (!qcadev->bt_en &&
2469 (data->soc_type == QCA_WCN6750 ||
2470 data->soc_type == QCA_WCN6855))
2471 power_ctrl_enabled = false;
2472
2473 qcadev->sw_ctrl = devm_gpiod_get_optional(&serdev->dev, "swctrl",
2474 GPIOD_IN);
2475 if (IS_ERR(qcadev->sw_ctrl) &&
2476 (data->soc_type == QCA_WCN6750 ||
2477 data->soc_type == QCA_WCN6855 ||
2478 data->soc_type == QCA_WCN7850)) {
2479 dev_err(&serdev->dev, "failed to acquire SW_CTRL gpio\n");
2480 return PTR_ERR(qcadev->sw_ctrl);
2481 }
2482
2483 qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
2484 if (IS_ERR(qcadev->susclk)) {
2485 dev_err(&serdev->dev, "failed to acquire clk\n");
2486 return PTR_ERR(qcadev->susclk);
2487 }
2488 break;
2489
2490 case QCA_QCA6390:
2491 if (dev_of_node(&serdev->dev)) {
2492 qcadev->bt_power->pwrseq = devm_pwrseq_get(&serdev->dev,
2493 "bluetooth");
2494 if (IS_ERR(qcadev->bt_power->pwrseq))
2495 return PTR_ERR(qcadev->bt_power->pwrseq);
2496 break;
2497 }
2498 fallthrough;
2499
2500 default:
2501 qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, "enable",
2502 GPIOD_OUT_LOW);
2503 if (IS_ERR(qcadev->bt_en)) {
2504 dev_err(&serdev->dev, "failed to acquire enable gpio\n");
2505 return PTR_ERR(qcadev->bt_en);
2506 }
2507
2508 if (!qcadev->bt_en)
2509 power_ctrl_enabled = false;
2510
2511 qcadev->susclk = devm_clk_get_optional_enabled_with_rate(
2512 &serdev->dev, NULL, SUSCLK_RATE_32KHZ);
2513 if (IS_ERR(qcadev->susclk)) {
2514 dev_warn(&serdev->dev, "failed to acquire clk\n");
2515 return PTR_ERR(qcadev->susclk);
2516 }
2517 }
2518
2519 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
2520 if (err) {
2521 BT_ERR("serdev registration failed");
2522 return err;
2523 }
2524
2525 hdev = qcadev->serdev_hu.hdev;
2526
2527 if (power_ctrl_enabled) {
2528 hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP);
2529 hdev->shutdown = qca_power_off;
2530 }
2531
2532 if (data) {
2533 /* Wideband speech support must be set per driver since it can't
2534 * be queried via hci. Same with the valid le states quirk.
2535 */
2536 if (data->capabilities & QCA_CAP_WIDEBAND_SPEECH)
2537 hci_set_quirk(hdev,
2538 HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
2539
2540 if (!(data->capabilities & QCA_CAP_VALID_LE_STATES))
2541 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LE_STATES);
2542
2543 if (data->capabilities & QCA_CAP_HFP_HW_OFFLOAD)
2544 qcadev->support_hfp_hw_offload = true;
2545 }
2546
2547 return 0;
2548 }
2549
qca_serdev_remove(struct serdev_device * serdev)2550 static void qca_serdev_remove(struct serdev_device *serdev)
2551 {
2552 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2553 struct qca_power *power = qcadev->bt_power;
2554
2555 switch (qcadev->btsoc_type) {
2556 case QCA_WCN3988:
2557 case QCA_WCN3990:
2558 case QCA_WCN3991:
2559 case QCA_WCN3998:
2560 case QCA_WCN6750:
2561 case QCA_WCN6855:
2562 case QCA_WCN7850:
2563 if (power->vregs_on)
2564 qca_power_shutdown(&qcadev->serdev_hu);
2565 break;
2566 default:
2567 break;
2568 }
2569
2570 hci_uart_unregister_device(&qcadev->serdev_hu);
2571 }
2572
qca_serdev_shutdown(struct serdev_device * serdev)2573 static void qca_serdev_shutdown(struct serdev_device *serdev)
2574 {
2575 int ret;
2576 int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS);
2577 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2578 struct hci_uart *hu = &qcadev->serdev_hu;
2579 struct hci_dev *hdev = hu->hdev;
2580 const u8 ibs_wake_cmd[] = { 0xFD };
2581 const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 };
2582
2583 if (qcadev->btsoc_type == QCA_QCA6390) {
2584 /* The purpose of sending the VSC is to reset SOC into a initial
2585 * state and the state will ensure next hdev->setup() success.
2586 * if HCI_QUIRK_NON_PERSISTENT_SETUP is set, it means that
2587 * hdev->setup() can do its job regardless of SoC state, so
2588 * don't need to send the VSC.
2589 * if HCI_SETUP is set, it means that hdev->setup() was never
2590 * invoked and the SOC is already in the initial state, so
2591 * don't also need to send the VSC.
2592 */
2593 if (hci_test_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP) ||
2594 hci_dev_test_flag(hdev, HCI_SETUP))
2595 return;
2596
2597 /* The serdev must be in open state when control logic arrives
2598 * here, so also fix the use-after-free issue caused by that
2599 * the serdev is flushed or wrote after it is closed.
2600 */
2601 serdev_device_write_flush(serdev);
2602 ret = serdev_device_write_buf(serdev, ibs_wake_cmd,
2603 sizeof(ibs_wake_cmd));
2604 if (ret < 0) {
2605 BT_ERR("QCA send IBS_WAKE_IND error: %d", ret);
2606 return;
2607 }
2608 serdev_device_wait_until_sent(serdev, timeout);
2609 usleep_range(8000, 10000);
2610
2611 serdev_device_write_flush(serdev);
2612 ret = serdev_device_write_buf(serdev, edl_reset_soc_cmd,
2613 sizeof(edl_reset_soc_cmd));
2614 if (ret < 0) {
2615 BT_ERR("QCA send EDL_RESET_REQ error: %d", ret);
2616 return;
2617 }
2618 serdev_device_wait_until_sent(serdev, timeout);
2619 usleep_range(8000, 10000);
2620 }
2621 }
2622
qca_suspend(struct device * dev)2623 static int __maybe_unused qca_suspend(struct device *dev)
2624 {
2625 struct serdev_device *serdev = to_serdev_device(dev);
2626 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2627 struct hci_uart *hu = &qcadev->serdev_hu;
2628 struct qca_data *qca = hu->priv;
2629 unsigned long flags;
2630 bool tx_pending = false;
2631 int ret = 0;
2632 u8 cmd;
2633 u32 wait_timeout = 0;
2634
2635 set_bit(QCA_SUSPENDING, &qca->flags);
2636
2637 /* if BT SoC is running with default firmware then it does not
2638 * support in-band sleep
2639 */
2640 if (test_bit(QCA_ROM_FW, &qca->flags))
2641 return 0;
2642
2643 /* During SSR after memory dump collection, controller will be
2644 * powered off and then powered on.If controller is powered off
2645 * during SSR then we should wait until SSR is completed.
2646 */
2647 if (test_bit(QCA_BT_OFF, &qca->flags) &&
2648 !test_bit(QCA_SSR_TRIGGERED, &qca->flags))
2649 return 0;
2650
2651 if (test_bit(QCA_IBS_DISABLED, &qca->flags) ||
2652 test_bit(QCA_SSR_TRIGGERED, &qca->flags)) {
2653 wait_timeout = test_bit(QCA_SSR_TRIGGERED, &qca->flags) ?
2654 IBS_DISABLE_SSR_TIMEOUT_MS :
2655 FW_DOWNLOAD_TIMEOUT_MS;
2656
2657 /* QCA_IBS_DISABLED flag is set to true, During FW download
2658 * and during memory dump collection. It is reset to false,
2659 * After FW download complete.
2660 */
2661 wait_on_bit_timeout(&qca->flags, QCA_IBS_DISABLED,
2662 TASK_UNINTERRUPTIBLE, msecs_to_jiffies(wait_timeout));
2663
2664 if (test_bit(QCA_IBS_DISABLED, &qca->flags)) {
2665 bt_dev_err(hu->hdev, "SSR or FW download time out");
2666 ret = -ETIMEDOUT;
2667 goto error;
2668 }
2669 }
2670
2671 cancel_work_sync(&qca->ws_awake_device);
2672 cancel_work_sync(&qca->ws_awake_rx);
2673
2674 spin_lock_irqsave_nested(&qca->hci_ibs_lock,
2675 flags, SINGLE_DEPTH_NESTING);
2676
2677 switch (qca->tx_ibs_state) {
2678 case HCI_IBS_TX_WAKING:
2679 timer_delete(&qca->wake_retrans_timer);
2680 fallthrough;
2681 case HCI_IBS_TX_AWAKE:
2682 timer_delete(&qca->tx_idle_timer);
2683
2684 serdev_device_write_flush(hu->serdev);
2685 cmd = HCI_IBS_SLEEP_IND;
2686 ret = serdev_device_write_buf(hu->serdev, &cmd, sizeof(cmd));
2687
2688 if (ret < 0) {
2689 BT_ERR("Failed to send SLEEP to device");
2690 break;
2691 }
2692
2693 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
2694 qca->ibs_sent_slps++;
2695 tx_pending = true;
2696 break;
2697
2698 case HCI_IBS_TX_ASLEEP:
2699 break;
2700
2701 default:
2702 BT_ERR("Spurious tx state %d", qca->tx_ibs_state);
2703 ret = -EINVAL;
2704 break;
2705 }
2706
2707 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
2708
2709 if (ret < 0)
2710 goto error;
2711
2712 if (tx_pending) {
2713 serdev_device_wait_until_sent(hu->serdev,
2714 msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
2715 serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu);
2716 }
2717
2718 /* Wait for HCI_IBS_SLEEP_IND sent by device to indicate its Tx is going
2719 * to sleep, so that the packet does not wake the system later.
2720 */
2721 ret = wait_event_interruptible_timeout(qca->suspend_wait_q,
2722 qca->rx_ibs_state == HCI_IBS_RX_ASLEEP,
2723 msecs_to_jiffies(IBS_BTSOC_TX_IDLE_TIMEOUT_MS));
2724 if (ret == 0) {
2725 ret = -ETIMEDOUT;
2726 goto error;
2727 }
2728
2729 return 0;
2730
2731 error:
2732 clear_bit(QCA_SUSPENDING, &qca->flags);
2733
2734 return ret;
2735 }
2736
qca_resume(struct device * dev)2737 static int __maybe_unused qca_resume(struct device *dev)
2738 {
2739 struct serdev_device *serdev = to_serdev_device(dev);
2740 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2741 struct hci_uart *hu = &qcadev->serdev_hu;
2742 struct qca_data *qca = hu->priv;
2743
2744 clear_bit(QCA_SUSPENDING, &qca->flags);
2745
2746 return 0;
2747 }
2748
2749 static SIMPLE_DEV_PM_OPS(qca_pm_ops, qca_suspend, qca_resume);
2750
2751 #ifdef CONFIG_OF
2752 static const struct of_device_id qca_bluetooth_of_match[] = {
2753 { .compatible = "qcom,qca2066-bt", .data = &qca_soc_data_qca2066},
2754 { .compatible = "qcom,qca6174-bt" },
2755 { .compatible = "qcom,qca6390-bt", .data = &qca_soc_data_qca6390},
2756 { .compatible = "qcom,qca9377-bt" },
2757 { .compatible = "qcom,wcn3950-bt", .data = &qca_soc_data_wcn3950},
2758 { .compatible = "qcom,wcn3988-bt", .data = &qca_soc_data_wcn3988},
2759 { .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data_wcn3990},
2760 { .compatible = "qcom,wcn3991-bt", .data = &qca_soc_data_wcn3991},
2761 { .compatible = "qcom,wcn3998-bt", .data = &qca_soc_data_wcn3998},
2762 { .compatible = "qcom,wcn6750-bt", .data = &qca_soc_data_wcn6750},
2763 { .compatible = "qcom,wcn6855-bt", .data = &qca_soc_data_wcn6855},
2764 { .compatible = "qcom,wcn7850-bt", .data = &qca_soc_data_wcn7850},
2765 { /* sentinel */ }
2766 };
2767 MODULE_DEVICE_TABLE(of, qca_bluetooth_of_match);
2768 #endif
2769
2770 #ifdef CONFIG_ACPI
2771 static const struct acpi_device_id qca_bluetooth_acpi_match[] = {
2772 { "QCOM2066", (kernel_ulong_t)&qca_soc_data_qca2066 },
2773 { "QCOM6390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2774 { "DLA16390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2775 { "DLB16390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2776 { "DLB26390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2777 { },
2778 };
2779 MODULE_DEVICE_TABLE(acpi, qca_bluetooth_acpi_match);
2780 #endif
2781
2782 #ifdef CONFIG_DEV_COREDUMP
hciqca_coredump(struct device * dev)2783 static void hciqca_coredump(struct device *dev)
2784 {
2785 struct serdev_device *serdev = to_serdev_device(dev);
2786 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2787 struct hci_uart *hu = &qcadev->serdev_hu;
2788 struct hci_dev *hdev = hu->hdev;
2789
2790 if (hdev->dump.coredump)
2791 hdev->dump.coredump(hdev);
2792 }
2793 #endif
2794
2795 static struct serdev_device_driver qca_serdev_driver = {
2796 .probe = qca_serdev_probe,
2797 .remove = qca_serdev_remove,
2798 .shutdown = qca_serdev_shutdown,
2799 .driver = {
2800 .name = "hci_uart_qca",
2801 .of_match_table = of_match_ptr(qca_bluetooth_of_match),
2802 .acpi_match_table = ACPI_PTR(qca_bluetooth_acpi_match),
2803 .pm = &qca_pm_ops,
2804 #ifdef CONFIG_DEV_COREDUMP
2805 .coredump = hciqca_coredump,
2806 #endif
2807 },
2808 };
2809
qca_init(void)2810 int __init qca_init(void)
2811 {
2812 serdev_device_driver_register(&qca_serdev_driver);
2813
2814 return hci_uart_register_proto(&qca_proto);
2815 }
2816
qca_deinit(void)2817 int __exit qca_deinit(void)
2818 {
2819 serdev_device_driver_unregister(&qca_serdev_driver);
2820
2821 return hci_uart_unregister_proto(&qca_proto);
2822 }
2823