1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NXP Bluetooth driver
4 * Copyright 2023 NXP
5 */
6
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <asm/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19
20 #include <net/bluetooth/bluetooth.h>
21 #include <net/bluetooth/hci_core.h>
22
23 #include "h4_recv.h"
24
25 #define MANUFACTURER_NXP 37
26
27 #define BTNXPUART_TX_STATE_ACTIVE 1
28 #define BTNXPUART_FW_DOWNLOADING 2
29 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3
30 #define BTNXPUART_SERDEV_OPEN 4
31 #define BTNXPUART_IR_IN_PROGRESS 5
32
33 /* NXP HW err codes */
34 #define BTNXPUART_IR_HW_ERR 0xb0
35
36 #define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin"
37 #define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin"
38 #define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin"
39 #define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin"
40 #define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se"
41 #define FIRMWARE_IW624 "nxp/uartiw624_bt.bin"
42 #define FIRMWARE_SECURE_IW624 "nxp/uartiw624_bt.bin.se"
43 #define FIRMWARE_AW693 "nxp/uartaw693_bt.bin"
44 #define FIRMWARE_SECURE_AW693 "nxp/uartaw693_bt.bin.se"
45 #define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin"
46
47 #define CHIP_ID_W9098 0x5c03
48 #define CHIP_ID_IW416 0x7201
49 #define CHIP_ID_IW612 0x7601
50 #define CHIP_ID_IW624a 0x8000
51 #define CHIP_ID_IW624c 0x8001
52 #define CHIP_ID_AW693 0x8200
53
54 #define FW_SECURE_MASK 0xc0
55 #define FW_OPEN 0x00
56 #define FW_AUTH_ILLEGAL 0x40
57 #define FW_AUTH_PLAIN 0x80
58 #define FW_AUTH_ENC 0xc0
59
60 #define HCI_NXP_PRI_BAUDRATE 115200
61 #define HCI_NXP_SEC_BAUDRATE 3000000
62
63 #define MAX_FW_FILE_NAME_LEN 50
64
65 /* Default ps timeout period in milliseconds */
66 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
67
68 /* wakeup methods */
69 #define WAKEUP_METHOD_DTR 0
70 #define WAKEUP_METHOD_BREAK 1
71 #define WAKEUP_METHOD_EXT_BREAK 2
72 #define WAKEUP_METHOD_RTS 3
73 #define WAKEUP_METHOD_INVALID 0xff
74
75 /* power save mode status */
76 #define PS_MODE_DISABLE 0
77 #define PS_MODE_ENABLE 1
78
79 /* Power Save Commands to ps_work_func */
80 #define PS_CMD_EXIT_PS 1
81 #define PS_CMD_ENTER_PS 2
82
83 /* power save state */
84 #define PS_STATE_AWAKE 0
85 #define PS_STATE_SLEEP 1
86
87 /* Bluetooth vendor command : Sleep mode */
88 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
89 /* Bluetooth vendor command : Wakeup method */
90 #define HCI_NXP_WAKEUP_METHOD 0xfc53
91 /* Bluetooth vendor command : Set operational baudrate */
92 #define HCI_NXP_SET_OPER_SPEED 0xfc09
93 /* Bluetooth vendor command: Independent Reset */
94 #define HCI_NXP_IND_RESET 0xfcfc
95
96 /* Bluetooth Power State : Vendor cmd params */
97 #define BT_PS_ENABLE 0x02
98 #define BT_PS_DISABLE 0x03
99
100 /* Bluetooth Host Wakeup Methods */
101 #define BT_HOST_WAKEUP_METHOD_NONE 0x00
102 #define BT_HOST_WAKEUP_METHOD_DTR 0x01
103 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02
104 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03
105
106 /* Bluetooth Chip Wakeup Methods */
107 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00
108 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
109 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
110 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
111 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05
112
113 struct ps_data {
114 u8 target_ps_mode; /* ps mode to be set */
115 u8 cur_psmode; /* current ps_mode */
116 u8 ps_state; /* controller's power save state */
117 u8 ps_cmd;
118 u8 h2c_wakeupmode;
119 u8 cur_h2c_wakeupmode;
120 u8 c2h_wakeupmode;
121 u8 c2h_wakeup_gpio;
122 u8 h2c_wakeup_gpio;
123 bool driver_sent_cmd;
124 u16 h2c_ps_interval;
125 u16 c2h_ps_interval;
126 struct hci_dev *hdev;
127 struct work_struct work;
128 struct timer_list ps_timer;
129 };
130
131 struct wakeup_cmd_payload {
132 u8 c2h_wakeupmode;
133 u8 c2h_wakeup_gpio;
134 u8 h2c_wakeupmode;
135 u8 h2c_wakeup_gpio;
136 } __packed;
137
138 struct psmode_cmd_payload {
139 u8 ps_cmd;
140 __le16 c2h_ps_interval;
141 } __packed;
142
143 struct btnxpuart_data {
144 const char *helper_fw_name;
145 const char *fw_name;
146 };
147
148 struct btnxpuart_dev {
149 struct hci_dev *hdev;
150 struct serdev_device *serdev;
151
152 struct work_struct tx_work;
153 unsigned long tx_state;
154 struct sk_buff_head txq;
155 struct sk_buff *rx_skb;
156
157 const struct firmware *fw;
158 u8 fw_name[MAX_FW_FILE_NAME_LEN];
159 u32 fw_dnld_v1_offset;
160 u32 fw_v1_sent_bytes;
161 u32 fw_v3_offset_correction;
162 u32 fw_v1_expected_len;
163 u32 boot_reg_offset;
164 wait_queue_head_t fw_dnld_done_wait_q;
165 wait_queue_head_t check_boot_sign_wait_q;
166
167 u32 new_baudrate;
168 u32 current_baudrate;
169 u32 fw_init_baudrate;
170 bool timeout_changed;
171 bool baudrate_changed;
172 bool helper_downloaded;
173
174 struct ps_data psdata;
175 struct btnxpuart_data *nxp_data;
176 };
177
178 #define NXP_V1_FW_REQ_PKT 0xa5
179 #define NXP_V1_CHIP_VER_PKT 0xaa
180 #define NXP_V3_FW_REQ_PKT 0xa7
181 #define NXP_V3_CHIP_VER_PKT 0xab
182
183 #define NXP_ACK_V1 0x5a
184 #define NXP_NAK_V1 0xbf
185 #define NXP_ACK_V3 0x7a
186 #define NXP_NAK_V3 0x7b
187 #define NXP_CRC_ERROR_V3 0x7c
188
189 /* Bootloader signature error codes */
190 #define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */
191 #define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */
192 #define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */
193
194 #define HDR_LEN 16
195
196 #define NXP_RECV_CHIP_VER_V1 \
197 .type = NXP_V1_CHIP_VER_PKT, \
198 .hlen = 4, \
199 .loff = 0, \
200 .lsize = 0, \
201 .maxlen = 4
202
203 #define NXP_RECV_FW_REQ_V1 \
204 .type = NXP_V1_FW_REQ_PKT, \
205 .hlen = 4, \
206 .loff = 0, \
207 .lsize = 0, \
208 .maxlen = 4
209
210 #define NXP_RECV_CHIP_VER_V3 \
211 .type = NXP_V3_CHIP_VER_PKT, \
212 .hlen = 4, \
213 .loff = 0, \
214 .lsize = 0, \
215 .maxlen = 4
216
217 #define NXP_RECV_FW_REQ_V3 \
218 .type = NXP_V3_FW_REQ_PKT, \
219 .hlen = 9, \
220 .loff = 0, \
221 .lsize = 0, \
222 .maxlen = 9
223
224 struct v1_data_req {
225 __le16 len;
226 __le16 len_comp;
227 } __packed;
228
229 struct v1_start_ind {
230 __le16 chip_id;
231 __le16 chip_id_comp;
232 } __packed;
233
234 struct v3_data_req {
235 __le16 len;
236 __le32 offset;
237 __le16 error;
238 u8 crc;
239 } __packed;
240
241 struct v3_start_ind {
242 __le16 chip_id;
243 u8 loader_ver;
244 u8 crc;
245 } __packed;
246
247 /* UART register addresses of BT chip */
248 #define CLKDIVADDR 0x7f00008f
249 #define UARTDIVADDR 0x7f000090
250 #define UARTMCRADDR 0x7f000091
251 #define UARTREINITADDR 0x7f000092
252 #define UARTICRADDR 0x7f000093
253 #define UARTFCRADDR 0x7f000094
254
255 #define MCR 0x00000022
256 #define INIT 0x00000001
257 #define ICR 0x000000c7
258 #define FCR 0x000000c7
259
260 #define POLYNOMIAL8 0x07
261
262 struct uart_reg {
263 __le32 address;
264 __le32 value;
265 } __packed;
266
267 struct uart_config {
268 struct uart_reg clkdiv;
269 struct uart_reg uartdiv;
270 struct uart_reg mcr;
271 struct uart_reg re_init;
272 struct uart_reg icr;
273 struct uart_reg fcr;
274 __be32 crc;
275 } __packed;
276
277 struct nxp_bootloader_cmd {
278 __le32 header;
279 __le32 arg;
280 __le32 payload_len;
281 __be32 crc;
282 } __packed;
283
284 struct nxp_v3_rx_timeout_nak {
285 u8 nak;
286 __le32 offset;
287 u8 crc;
288 } __packed;
289
290 union nxp_v3_rx_timeout_nak_u {
291 struct nxp_v3_rx_timeout_nak pkt;
292 u8 buf[6];
293 };
294
295 static u8 crc8_table[CRC8_TABLE_SIZE];
296
297 /* Default configurations */
298 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
299 #define DEFAULT_PS_MODE PS_MODE_ENABLE
300 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
301
nxp_drv_send_cmd(struct hci_dev * hdev,u16 opcode,u32 plen,void * param)302 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
303 u32 plen,
304 void *param)
305 {
306 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
307 struct ps_data *psdata = &nxpdev->psdata;
308 struct sk_buff *skb;
309
310 /* set flag to prevent nxp_enqueue from parsing values from this command and
311 * calling hci_cmd_sync_queue() again.
312 */
313 psdata->driver_sent_cmd = true;
314 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
315 psdata->driver_sent_cmd = false;
316
317 return skb;
318 }
319
btnxpuart_tx_wakeup(struct btnxpuart_dev * nxpdev)320 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
321 {
322 if (schedule_work(&nxpdev->tx_work))
323 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
324 }
325
326 /* NXP Power Save Feature */
ps_start_timer(struct btnxpuart_dev * nxpdev)327 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
328 {
329 struct ps_data *psdata = &nxpdev->psdata;
330
331 if (!psdata)
332 return;
333
334 if (psdata->cur_psmode == PS_MODE_ENABLE)
335 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
336 }
337
ps_cancel_timer(struct btnxpuart_dev * nxpdev)338 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
339 {
340 struct ps_data *psdata = &nxpdev->psdata;
341
342 flush_work(&psdata->work);
343 timer_shutdown_sync(&psdata->ps_timer);
344 }
345
ps_control(struct hci_dev * hdev,u8 ps_state)346 static void ps_control(struct hci_dev *hdev, u8 ps_state)
347 {
348 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
349 struct ps_data *psdata = &nxpdev->psdata;
350 int status;
351
352 if (psdata->ps_state == ps_state ||
353 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
354 return;
355
356 switch (psdata->cur_h2c_wakeupmode) {
357 case WAKEUP_METHOD_DTR:
358 if (ps_state == PS_STATE_AWAKE)
359 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
360 else
361 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
362 break;
363 case WAKEUP_METHOD_BREAK:
364 default:
365 if (ps_state == PS_STATE_AWAKE)
366 status = serdev_device_break_ctl(nxpdev->serdev, 0);
367 else
368 status = serdev_device_break_ctl(nxpdev->serdev, -1);
369 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
370 str_on_off(ps_state == PS_STATE_SLEEP), status);
371 break;
372 }
373 if (!status)
374 psdata->ps_state = ps_state;
375 if (ps_state == PS_STATE_AWAKE)
376 btnxpuart_tx_wakeup(nxpdev);
377 }
378
ps_work_func(struct work_struct * work)379 static void ps_work_func(struct work_struct *work)
380 {
381 struct ps_data *data = container_of(work, struct ps_data, work);
382
383 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
384 ps_control(data->hdev, PS_STATE_SLEEP);
385 else if (data->ps_cmd == PS_CMD_EXIT_PS)
386 ps_control(data->hdev, PS_STATE_AWAKE);
387 }
388
ps_timeout_func(struct timer_list * t)389 static void ps_timeout_func(struct timer_list *t)
390 {
391 struct ps_data *data = from_timer(data, t, ps_timer);
392 struct hci_dev *hdev = data->hdev;
393 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
394
395 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
396 ps_start_timer(nxpdev);
397 } else {
398 data->ps_cmd = PS_CMD_ENTER_PS;
399 schedule_work(&data->work);
400 }
401 }
402
ps_setup(struct hci_dev * hdev)403 static void ps_setup(struct hci_dev *hdev)
404 {
405 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
406 struct ps_data *psdata = &nxpdev->psdata;
407
408 psdata->hdev = hdev;
409 INIT_WORK(&psdata->work, ps_work_func);
410 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
411 }
412
ps_wakeup(struct btnxpuart_dev * nxpdev)413 static void ps_wakeup(struct btnxpuart_dev *nxpdev)
414 {
415 struct ps_data *psdata = &nxpdev->psdata;
416
417 if (psdata->ps_state != PS_STATE_AWAKE) {
418 psdata->ps_cmd = PS_CMD_EXIT_PS;
419 schedule_work(&psdata->work);
420 }
421 }
422
send_ps_cmd(struct hci_dev * hdev,void * data)423 static int send_ps_cmd(struct hci_dev *hdev, void *data)
424 {
425 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
426 struct ps_data *psdata = &nxpdev->psdata;
427 struct psmode_cmd_payload pcmd;
428 struct sk_buff *skb;
429 u8 *status;
430
431 if (psdata->target_ps_mode == PS_MODE_ENABLE)
432 pcmd.ps_cmd = BT_PS_ENABLE;
433 else
434 pcmd.ps_cmd = BT_PS_DISABLE;
435 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
436
437 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
438 if (IS_ERR(skb)) {
439 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
440 return PTR_ERR(skb);
441 }
442
443 status = skb_pull_data(skb, 1);
444 if (status) {
445 if (!*status)
446 psdata->cur_psmode = psdata->target_ps_mode;
447 else
448 psdata->target_ps_mode = psdata->cur_psmode;
449 if (psdata->cur_psmode == PS_MODE_ENABLE)
450 ps_start_timer(nxpdev);
451 else
452 ps_wakeup(nxpdev);
453 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
454 *status, psdata->cur_psmode);
455 }
456 kfree_skb(skb);
457
458 return 0;
459 }
460
send_wakeup_method_cmd(struct hci_dev * hdev,void * data)461 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
462 {
463 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
464 struct ps_data *psdata = &nxpdev->psdata;
465 struct wakeup_cmd_payload pcmd;
466 struct sk_buff *skb;
467 u8 *status;
468
469 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
470 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
471 switch (psdata->h2c_wakeupmode) {
472 case WAKEUP_METHOD_DTR:
473 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
474 break;
475 case WAKEUP_METHOD_BREAK:
476 default:
477 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
478 break;
479 }
480 pcmd.h2c_wakeup_gpio = 0xff;
481
482 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
483 if (IS_ERR(skb)) {
484 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
485 return PTR_ERR(skb);
486 }
487
488 status = skb_pull_data(skb, 1);
489 if (status) {
490 if (*status == 0)
491 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
492 else
493 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
494 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
495 *status, psdata->cur_h2c_wakeupmode);
496 }
497 kfree_skb(skb);
498
499 return 0;
500 }
501
ps_init(struct hci_dev * hdev)502 static void ps_init(struct hci_dev *hdev)
503 {
504 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
505 struct ps_data *psdata = &nxpdev->psdata;
506
507 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
508 usleep_range(5000, 10000);
509 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
510 usleep_range(5000, 10000);
511
512 psdata->ps_state = PS_STATE_AWAKE;
513 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
514 psdata->c2h_wakeup_gpio = 0xff;
515
516 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
517 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
518 switch (DEFAULT_H2C_WAKEUP_MODE) {
519 case WAKEUP_METHOD_DTR:
520 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
521 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
522 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
523 break;
524 case WAKEUP_METHOD_BREAK:
525 default:
526 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
527 serdev_device_break_ctl(nxpdev->serdev, -1);
528 usleep_range(5000, 10000);
529 serdev_device_break_ctl(nxpdev->serdev, 0);
530 usleep_range(5000, 10000);
531 break;
532 }
533
534 psdata->cur_psmode = PS_MODE_DISABLE;
535 psdata->target_ps_mode = DEFAULT_PS_MODE;
536
537 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
538 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
539 if (psdata->cur_psmode != psdata->target_ps_mode)
540 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
541 }
542
543 /* NXP Firmware Download Feature */
nxp_download_firmware(struct hci_dev * hdev)544 static int nxp_download_firmware(struct hci_dev *hdev)
545 {
546 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
547 int err = 0;
548
549 nxpdev->fw_dnld_v1_offset = 0;
550 nxpdev->fw_v1_sent_bytes = 0;
551 nxpdev->fw_v1_expected_len = HDR_LEN;
552 nxpdev->boot_reg_offset = 0;
553 nxpdev->fw_v3_offset_correction = 0;
554 nxpdev->baudrate_changed = false;
555 nxpdev->timeout_changed = false;
556 nxpdev->helper_downloaded = false;
557
558 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
559 serdev_device_set_flow_control(nxpdev->serdev, false);
560 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
561
562 /* Wait till FW is downloaded */
563 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
564 !test_bit(BTNXPUART_FW_DOWNLOADING,
565 &nxpdev->tx_state),
566 msecs_to_jiffies(60000));
567 if (err == 0) {
568 bt_dev_err(hdev, "FW Download Timeout.");
569 return -ETIMEDOUT;
570 }
571
572 serdev_device_set_flow_control(nxpdev->serdev, true);
573 release_firmware(nxpdev->fw);
574 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
575
576 /* Allow the downloaded FW to initialize */
577 msleep(1200);
578
579 return 0;
580 }
581
nxp_send_ack(u8 ack,struct hci_dev * hdev)582 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
583 {
584 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
585 u8 ack_nak[2];
586 int len = 1;
587
588 ack_nak[0] = ack;
589 if (ack == NXP_ACK_V3) {
590 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
591 len = 2;
592 }
593 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
594 }
595
nxp_fw_change_baudrate(struct hci_dev * hdev,u16 req_len)596 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
597 {
598 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
599 struct nxp_bootloader_cmd nxp_cmd5;
600 struct uart_config uart_config;
601 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
602 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
603 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
604 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
605 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
606 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
607
608 if (req_len == sizeof(nxp_cmd5)) {
609 nxp_cmd5.header = __cpu_to_le32(5);
610 nxp_cmd5.arg = 0;
611 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
612 /* FW expects swapped CRC bytes */
613 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
614 sizeof(nxp_cmd5) - 4));
615
616 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
617 nxpdev->fw_v3_offset_correction += req_len;
618 } else if (req_len == sizeof(uart_config)) {
619 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
620 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
621 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
622 uart_config.uartdiv.value = __cpu_to_le32(1);
623 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
624 uart_config.mcr.value = __cpu_to_le32(MCR);
625 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
626 uart_config.re_init.value = __cpu_to_le32(INIT);
627 uart_config.icr.address = __cpu_to_le32(uarticraddr);
628 uart_config.icr.value = __cpu_to_le32(ICR);
629 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
630 uart_config.fcr.value = __cpu_to_le32(FCR);
631 /* FW expects swapped CRC bytes */
632 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
633 sizeof(uart_config) - 4));
634
635 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
636 serdev_device_wait_until_sent(nxpdev->serdev, 0);
637 nxpdev->fw_v3_offset_correction += req_len;
638 return true;
639 }
640 return false;
641 }
642
nxp_fw_change_timeout(struct hci_dev * hdev,u16 req_len)643 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
644 {
645 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
646 struct nxp_bootloader_cmd nxp_cmd7;
647
648 if (req_len != sizeof(nxp_cmd7))
649 return false;
650
651 nxp_cmd7.header = __cpu_to_le32(7);
652 nxp_cmd7.arg = __cpu_to_le32(0x70);
653 nxp_cmd7.payload_len = 0;
654 /* FW expects swapped CRC bytes */
655 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
656 sizeof(nxp_cmd7) - 4));
657 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
658 serdev_device_wait_until_sent(nxpdev->serdev, 0);
659 nxpdev->fw_v3_offset_correction += req_len;
660 return true;
661 }
662
nxp_get_data_len(const u8 * buf)663 static u32 nxp_get_data_len(const u8 *buf)
664 {
665 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
666
667 return __le32_to_cpu(hdr->payload_len);
668 }
669
is_fw_downloading(struct btnxpuart_dev * nxpdev)670 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
671 {
672 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
673 }
674
process_boot_signature(struct btnxpuart_dev * nxpdev)675 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
676 {
677 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
678 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
679 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
680 return false;
681 }
682 return is_fw_downloading(nxpdev);
683 }
684
nxp_request_firmware(struct hci_dev * hdev,const char * fw_name)685 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
686 {
687 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
688 int err = 0;
689
690 if (!fw_name)
691 return -ENOENT;
692
693 if (!strlen(nxpdev->fw_name)) {
694 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
695
696 bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
697 err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
698 if (err < 0) {
699 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
700 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
701 }
702 }
703 return err;
704 }
705
706 /* for legacy chipsets with V1 bootloader */
nxp_recv_chip_ver_v1(struct hci_dev * hdev,struct sk_buff * skb)707 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
708 {
709 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
710 struct v1_start_ind *req;
711 __u16 chip_id;
712
713 req = skb_pull_data(skb, sizeof(*req));
714 if (!req)
715 goto free_skb;
716
717 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
718 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
719 nxpdev->fw_dnld_v1_offset = 0;
720 nxpdev->fw_v1_sent_bytes = 0;
721 nxpdev->fw_v1_expected_len = HDR_LEN;
722 release_firmware(nxpdev->fw);
723 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
724 nxp_send_ack(NXP_ACK_V1, hdev);
725 }
726
727 free_skb:
728 kfree_skb(skb);
729 return 0;
730 }
731
nxp_recv_fw_req_v1(struct hci_dev * hdev,struct sk_buff * skb)732 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
733 {
734 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
735 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
736 struct v1_data_req *req;
737 __u16 len;
738
739 if (!process_boot_signature(nxpdev))
740 goto free_skb;
741
742 req = skb_pull_data(skb, sizeof(*req));
743 if (!req)
744 goto free_skb;
745
746 len = __le16_to_cpu(req->len ^ req->len_comp);
747 if (len != 0xffff) {
748 bt_dev_dbg(hdev, "ERR: Send NAK");
749 nxp_send_ack(NXP_NAK_V1, hdev);
750 goto free_skb;
751 }
752 nxp_send_ack(NXP_ACK_V1, hdev);
753
754 len = __le16_to_cpu(req->len);
755
756 if (!nxp_data->helper_fw_name) {
757 if (!nxpdev->timeout_changed) {
758 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
759 len);
760 goto free_skb;
761 }
762 if (!nxpdev->baudrate_changed) {
763 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
764 len);
765 if (nxpdev->baudrate_changed) {
766 serdev_device_set_baudrate(nxpdev->serdev,
767 HCI_NXP_SEC_BAUDRATE);
768 serdev_device_set_flow_control(nxpdev->serdev, true);
769 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
770 }
771 goto free_skb;
772 }
773 }
774
775 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
776 if (nxp_request_firmware(hdev, nxp_data->fw_name))
777 goto free_skb;
778 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
779 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
780 goto free_skb;
781 }
782
783 if (!len) {
784 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
785 nxpdev->fw->size);
786 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
787 nxpdev->helper_downloaded = true;
788 serdev_device_wait_until_sent(nxpdev->serdev, 0);
789 serdev_device_set_baudrate(nxpdev->serdev,
790 HCI_NXP_SEC_BAUDRATE);
791 serdev_device_set_flow_control(nxpdev->serdev, true);
792 } else {
793 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
794 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
795 }
796 goto free_skb;
797 }
798 if (len & 0x01) {
799 /* The CRC did not match at the other end.
800 * Simply send the same bytes again.
801 */
802 len = nxpdev->fw_v1_sent_bytes;
803 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
804 } else {
805 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
806
807 /* The FW bin file is made up of many blocks of
808 * 16 byte header and payload data chunks. If the
809 * FW has requested a header, read the payload length
810 * info from the header, before sending the header.
811 * In the next iteration, the FW should request the
812 * payload data chunk, which should be equal to the
813 * payload length read from header. If there is a
814 * mismatch, clearly the driver and FW are out of sync,
815 * and we need to re-send the previous header again.
816 */
817 if (len == nxpdev->fw_v1_expected_len) {
818 if (len == HDR_LEN)
819 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
820 nxpdev->fw_dnld_v1_offset);
821 else
822 nxpdev->fw_v1_expected_len = HDR_LEN;
823 } else if (len == HDR_LEN) {
824 /* FW download out of sync. Send previous chunk again */
825 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
826 nxpdev->fw_v1_expected_len = HDR_LEN;
827 }
828 }
829
830 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
831 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
832 nxpdev->fw_dnld_v1_offset, len);
833 nxpdev->fw_v1_sent_bytes = len;
834
835 free_skb:
836 kfree_skb(skb);
837 return 0;
838 }
839
nxp_get_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)840 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
841 u8 loader_ver)
842 {
843 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
844 char *fw_name = NULL;
845
846 switch (chipid) {
847 case CHIP_ID_W9098:
848 fw_name = FIRMWARE_W9098;
849 break;
850 case CHIP_ID_IW416:
851 fw_name = FIRMWARE_IW416;
852 break;
853 case CHIP_ID_IW612:
854 fw_name = FIRMWARE_IW612;
855 break;
856 case CHIP_ID_IW624a:
857 case CHIP_ID_IW624c:
858 nxpdev->boot_reg_offset = 1;
859 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
860 fw_name = FIRMWARE_IW624;
861 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
862 fw_name = FIRMWARE_SECURE_IW624;
863 else
864 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
865 break;
866 case CHIP_ID_AW693:
867 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
868 fw_name = FIRMWARE_AW693;
869 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
870 fw_name = FIRMWARE_SECURE_AW693;
871 else
872 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
873 break;
874 default:
875 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
876 break;
877 }
878 return fw_name;
879 }
880
nxp_recv_chip_ver_v3(struct hci_dev * hdev,struct sk_buff * skb)881 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
882 {
883 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
884 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
885 u16 chip_id;
886 u8 loader_ver;
887
888 if (!process_boot_signature(nxpdev))
889 goto free_skb;
890
891 chip_id = le16_to_cpu(req->chip_id);
892 loader_ver = req->loader_ver;
893 if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
894 chip_id, loader_ver)))
895 nxp_send_ack(NXP_ACK_V3, hdev);
896
897 free_skb:
898 kfree_skb(skb);
899 return 0;
900 }
901
nxp_handle_fw_download_error(struct hci_dev * hdev,struct v3_data_req * req)902 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
903 {
904 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
905 __u32 offset = __le32_to_cpu(req->offset);
906 __u16 err = __le16_to_cpu(req->error);
907 union nxp_v3_rx_timeout_nak_u nak_tx_buf;
908
909 switch (err) {
910 case NXP_ACK_RX_TIMEOUT:
911 case NXP_HDR_RX_TIMEOUT:
912 case NXP_DATA_RX_TIMEOUT:
913 nak_tx_buf.pkt.nak = NXP_NAK_V3;
914 nak_tx_buf.pkt.offset = __cpu_to_le32(offset);
915 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf,
916 sizeof(nak_tx_buf) - 1, 0xff);
917 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf,
918 sizeof(nak_tx_buf));
919 break;
920 default:
921 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err);
922 break;
923
924 }
925
926 }
927
nxp_recv_fw_req_v3(struct hci_dev * hdev,struct sk_buff * skb)928 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
929 {
930 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
931 struct v3_data_req *req;
932 __u16 len;
933 __u32 offset;
934
935 if (!process_boot_signature(nxpdev))
936 goto free_skb;
937
938 req = skb_pull_data(skb, sizeof(*req));
939 if (!req || !nxpdev->fw)
940 goto free_skb;
941
942 if (!req->error) {
943 nxp_send_ack(NXP_ACK_V3, hdev);
944 } else {
945 nxp_handle_fw_download_error(hdev, req);
946 goto free_skb;
947 }
948
949 len = __le16_to_cpu(req->len);
950
951 if (!nxpdev->timeout_changed) {
952 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
953 goto free_skb;
954 }
955
956 if (!nxpdev->baudrate_changed) {
957 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
958 if (nxpdev->baudrate_changed) {
959 serdev_device_set_baudrate(nxpdev->serdev,
960 HCI_NXP_SEC_BAUDRATE);
961 serdev_device_set_flow_control(nxpdev->serdev, true);
962 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
963 }
964 goto free_skb;
965 }
966
967 if (req->len == 0) {
968 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
969 nxpdev->fw->size);
970 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
971 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
972 goto free_skb;
973 }
974
975 offset = __le32_to_cpu(req->offset);
976 if (offset < nxpdev->fw_v3_offset_correction) {
977 /* This scenario should ideally never occur. But if it ever does,
978 * FW is out of sync and needs a power cycle.
979 */
980 bt_dev_err(hdev, "Something went wrong during FW download");
981 bt_dev_err(hdev, "Please power cycle and try again");
982 goto free_skb;
983 }
984
985 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + offset -
986 nxpdev->fw_v3_offset_correction, len);
987
988 free_skb:
989 kfree_skb(skb);
990 return 0;
991 }
992
nxp_set_baudrate_cmd(struct hci_dev * hdev,void * data)993 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
994 {
995 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
996 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
997 struct ps_data *psdata = &nxpdev->psdata;
998 struct sk_buff *skb;
999 u8 *status;
1000
1001 if (!psdata)
1002 return 0;
1003
1004 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1005 if (IS_ERR(skb)) {
1006 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1007 return PTR_ERR(skb);
1008 }
1009
1010 status = (u8 *)skb_pull_data(skb, 1);
1011 if (status) {
1012 if (*status == 0) {
1013 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1014 nxpdev->current_baudrate = nxpdev->new_baudrate;
1015 }
1016 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1017 *status, nxpdev->new_baudrate);
1018 }
1019 kfree_skb(skb);
1020
1021 return 0;
1022 }
1023
nxp_check_boot_sign(struct btnxpuart_dev * nxpdev)1024 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1025 {
1026 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1027 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1028 serdev_device_set_flow_control(nxpdev->serdev, false);
1029 else
1030 serdev_device_set_flow_control(nxpdev->serdev, true);
1031 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1032
1033 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1034 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1035 &nxpdev->tx_state),
1036 msecs_to_jiffies(1000));
1037 }
1038
nxp_set_ind_reset(struct hci_dev * hdev,void * data)1039 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1040 {
1041 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1042 0x01, BTNXPUART_IR_HW_ERR };
1043 struct sk_buff *skb;
1044
1045 skb = bt_skb_alloc(3, GFP_ATOMIC);
1046 if (!skb)
1047 return -ENOMEM;
1048
1049 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1050 skb_put_data(skb, ir_hw_err, 3);
1051
1052 /* Inject Hardware Error to upper stack */
1053 return hci_recv_frame(hdev, skb);
1054 }
1055
1056 /* NXP protocol */
nxp_setup(struct hci_dev * hdev)1057 static int nxp_setup(struct hci_dev *hdev)
1058 {
1059 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1060 int err = 0;
1061
1062 if (nxp_check_boot_sign(nxpdev)) {
1063 bt_dev_dbg(hdev, "Need FW Download.");
1064 err = nxp_download_firmware(hdev);
1065 if (err < 0)
1066 return err;
1067 } else {
1068 bt_dev_dbg(hdev, "FW already running.");
1069 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1070 }
1071
1072 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1073 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1074
1075 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1076 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1077 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1078 }
1079
1080 ps_init(hdev);
1081
1082 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1083 hci_dev_clear_flag(hdev, HCI_SETUP);
1084
1085 return 0;
1086 }
1087
nxp_hw_err(struct hci_dev * hdev,u8 code)1088 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1089 {
1090 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1091
1092 switch (code) {
1093 case BTNXPUART_IR_HW_ERR:
1094 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1095 hci_dev_set_flag(hdev, HCI_SETUP);
1096 break;
1097 default:
1098 break;
1099 }
1100 }
1101
nxp_shutdown(struct hci_dev * hdev)1102 static int nxp_shutdown(struct hci_dev *hdev)
1103 {
1104 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1105 struct sk_buff *skb;
1106 u8 *status;
1107 u8 pcmd = 0;
1108
1109 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1110 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1111 if (IS_ERR(skb))
1112 return PTR_ERR(skb);
1113
1114 status = skb_pull_data(skb, 1);
1115 if (status) {
1116 serdev_device_set_flow_control(nxpdev->serdev, false);
1117 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1118 }
1119 kfree_skb(skb);
1120 }
1121
1122 return 0;
1123 }
1124
btnxpuart_queue_skb(struct hci_dev * hdev,struct sk_buff * skb)1125 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1126 {
1127 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1128
1129 /* Prepend skb with frame type */
1130 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1131 skb_queue_tail(&nxpdev->txq, skb);
1132 btnxpuart_tx_wakeup(nxpdev);
1133 return 0;
1134 }
1135
nxp_enqueue(struct hci_dev * hdev,struct sk_buff * skb)1136 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1137 {
1138 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1139 struct ps_data *psdata = &nxpdev->psdata;
1140 struct hci_command_hdr *hdr;
1141 struct psmode_cmd_payload ps_parm;
1142 struct wakeup_cmd_payload wakeup_parm;
1143 __le32 baudrate_parm;
1144
1145 /* if vendor commands are received from user space (e.g. hcitool), update
1146 * driver flags accordingly and ask driver to re-send the command to FW.
1147 * In case the payload for any command does not match expected payload
1148 * length, let the firmware and user space program handle it, or throw
1149 * an error.
1150 */
1151 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1152 hdr = (struct hci_command_hdr *)skb->data;
1153 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1154 return btnxpuart_queue_skb(hdev, skb);
1155
1156 switch (__le16_to_cpu(hdr->opcode)) {
1157 case HCI_NXP_AUTO_SLEEP_MODE:
1158 if (hdr->plen == sizeof(ps_parm)) {
1159 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1160 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1161 psdata->target_ps_mode = PS_MODE_ENABLE;
1162 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1163 psdata->target_ps_mode = PS_MODE_DISABLE;
1164 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1165 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1166 goto free_skb;
1167 }
1168 break;
1169 case HCI_NXP_WAKEUP_METHOD:
1170 if (hdr->plen == sizeof(wakeup_parm)) {
1171 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1172 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1173 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1174 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1175 switch (wakeup_parm.h2c_wakeupmode) {
1176 case BT_CTRL_WAKEUP_METHOD_DSR:
1177 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1178 break;
1179 case BT_CTRL_WAKEUP_METHOD_BREAK:
1180 default:
1181 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1182 break;
1183 }
1184 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1185 goto free_skb;
1186 }
1187 break;
1188 case HCI_NXP_SET_OPER_SPEED:
1189 if (hdr->plen == sizeof(baudrate_parm)) {
1190 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1191 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1192 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1193 goto free_skb;
1194 }
1195 break;
1196 case HCI_NXP_IND_RESET:
1197 if (hdr->plen == 1) {
1198 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1199 goto free_skb;
1200 }
1201 break;
1202 default:
1203 break;
1204 }
1205 }
1206
1207 return btnxpuart_queue_skb(hdev, skb);
1208
1209 free_skb:
1210 kfree_skb(skb);
1211 return 0;
1212 }
1213
nxp_dequeue(void * data)1214 static struct sk_buff *nxp_dequeue(void *data)
1215 {
1216 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1217
1218 ps_wakeup(nxpdev);
1219 ps_start_timer(nxpdev);
1220 return skb_dequeue(&nxpdev->txq);
1221 }
1222
1223 /* btnxpuart based on serdev */
btnxpuart_tx_work(struct work_struct * work)1224 static void btnxpuart_tx_work(struct work_struct *work)
1225 {
1226 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1227 tx_work);
1228 struct serdev_device *serdev = nxpdev->serdev;
1229 struct hci_dev *hdev = nxpdev->hdev;
1230 struct sk_buff *skb;
1231 int len;
1232
1233 while ((skb = nxp_dequeue(nxpdev))) {
1234 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1235 hdev->stat.byte_tx += len;
1236
1237 skb_pull(skb, len);
1238 if (skb->len > 0) {
1239 skb_queue_head(&nxpdev->txq, skb);
1240 break;
1241 }
1242
1243 switch (hci_skb_pkt_type(skb)) {
1244 case HCI_COMMAND_PKT:
1245 hdev->stat.cmd_tx++;
1246 break;
1247 case HCI_ACLDATA_PKT:
1248 hdev->stat.acl_tx++;
1249 break;
1250 case HCI_SCODATA_PKT:
1251 hdev->stat.sco_tx++;
1252 break;
1253 }
1254
1255 kfree_skb(skb);
1256 }
1257 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1258 }
1259
btnxpuart_open(struct hci_dev * hdev)1260 static int btnxpuart_open(struct hci_dev *hdev)
1261 {
1262 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1263 int err = 0;
1264
1265 err = serdev_device_open(nxpdev->serdev);
1266 if (err) {
1267 bt_dev_err(hdev, "Unable to open UART device %s",
1268 dev_name(&nxpdev->serdev->dev));
1269 } else {
1270 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1271 }
1272 return err;
1273 }
1274
btnxpuart_close(struct hci_dev * hdev)1275 static int btnxpuart_close(struct hci_dev *hdev)
1276 {
1277 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1278
1279 ps_wakeup(nxpdev);
1280 serdev_device_close(nxpdev->serdev);
1281 skb_queue_purge(&nxpdev->txq);
1282 kfree_skb(nxpdev->rx_skb);
1283 nxpdev->rx_skb = NULL;
1284 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1285 return 0;
1286 }
1287
btnxpuart_flush(struct hci_dev * hdev)1288 static int btnxpuart_flush(struct hci_dev *hdev)
1289 {
1290 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1291
1292 /* Flush any pending characters */
1293 serdev_device_write_flush(nxpdev->serdev);
1294 skb_queue_purge(&nxpdev->txq);
1295
1296 cancel_work_sync(&nxpdev->tx_work);
1297
1298 kfree_skb(nxpdev->rx_skb);
1299 nxpdev->rx_skb = NULL;
1300
1301 return 0;
1302 }
1303
1304 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1305 { H4_RECV_ACL, .recv = hci_recv_frame },
1306 { H4_RECV_SCO, .recv = hci_recv_frame },
1307 { H4_RECV_EVENT, .recv = hci_recv_frame },
1308 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1309 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1310 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1311 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1312 };
1313
btnxpuart_receive_buf(struct serdev_device * serdev,const u8 * data,size_t count)1314 static int btnxpuart_receive_buf(struct serdev_device *serdev, const u8 *data,
1315 size_t count)
1316 {
1317 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1318
1319 ps_start_timer(nxpdev);
1320
1321 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1322 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1323 if (IS_ERR(nxpdev->rx_skb)) {
1324 int err = PTR_ERR(nxpdev->rx_skb);
1325 /* Safe to ignore out-of-sync bootloader signatures */
1326 if (!is_fw_downloading(nxpdev))
1327 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1328 nxpdev->rx_skb = NULL;
1329 return count;
1330 }
1331 if (!is_fw_downloading(nxpdev))
1332 nxpdev->hdev->stat.byte_rx += count;
1333 return count;
1334 }
1335
btnxpuart_write_wakeup(struct serdev_device * serdev)1336 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1337 {
1338 serdev_device_write_wakeup(serdev);
1339 }
1340
1341 static const struct serdev_device_ops btnxpuart_client_ops = {
1342 .receive_buf = btnxpuart_receive_buf,
1343 .write_wakeup = btnxpuart_write_wakeup,
1344 };
1345
nxp_serdev_probe(struct serdev_device * serdev)1346 static int nxp_serdev_probe(struct serdev_device *serdev)
1347 {
1348 struct hci_dev *hdev;
1349 struct btnxpuart_dev *nxpdev;
1350
1351 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1352 if (!nxpdev)
1353 return -ENOMEM;
1354
1355 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1356
1357 nxpdev->serdev = serdev;
1358 serdev_device_set_drvdata(serdev, nxpdev);
1359
1360 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1361
1362 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1363 skb_queue_head_init(&nxpdev->txq);
1364
1365 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1366 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1367
1368 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1369 &nxpdev->fw_init_baudrate);
1370 if (!nxpdev->fw_init_baudrate)
1371 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1372
1373 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1374
1375 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1376
1377 /* Initialize and register HCI device */
1378 hdev = hci_alloc_dev();
1379 if (!hdev) {
1380 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1381 return -ENOMEM;
1382 }
1383
1384 nxpdev->hdev = hdev;
1385
1386 hdev->bus = HCI_UART;
1387 hci_set_drvdata(hdev, nxpdev);
1388
1389 hdev->manufacturer = MANUFACTURER_NXP;
1390 hdev->open = btnxpuart_open;
1391 hdev->close = btnxpuart_close;
1392 hdev->flush = btnxpuart_flush;
1393 hdev->setup = nxp_setup;
1394 hdev->send = nxp_enqueue;
1395 hdev->hw_error = nxp_hw_err;
1396 hdev->shutdown = nxp_shutdown;
1397 SET_HCIDEV_DEV(hdev, &serdev->dev);
1398
1399 if (hci_register_dev(hdev) < 0) {
1400 dev_err(&serdev->dev, "Can't register HCI device\n");
1401 hci_free_dev(hdev);
1402 return -ENODEV;
1403 }
1404
1405 ps_setup(hdev);
1406
1407 return 0;
1408 }
1409
nxp_serdev_remove(struct serdev_device * serdev)1410 static void nxp_serdev_remove(struct serdev_device *serdev)
1411 {
1412 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1413 struct hci_dev *hdev = nxpdev->hdev;
1414
1415 /* Restore FW baudrate to fw_init_baudrate if changed.
1416 * This will ensure FW baudrate is in sync with
1417 * driver baudrate in case this driver is re-inserted.
1418 */
1419 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1420 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1421 nxp_set_baudrate_cmd(hdev, NULL);
1422 }
1423
1424 ps_cancel_timer(nxpdev);
1425 hci_unregister_dev(hdev);
1426 hci_free_dev(hdev);
1427 }
1428
1429 static struct btnxpuart_data w8987_data __maybe_unused = {
1430 .helper_fw_name = NULL,
1431 .fw_name = FIRMWARE_W8987,
1432 };
1433
1434 static struct btnxpuart_data w8997_data __maybe_unused = {
1435 .helper_fw_name = FIRMWARE_HELPER,
1436 .fw_name = FIRMWARE_W8997,
1437 };
1438
1439 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1440 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1441 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1442 { }
1443 };
1444 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1445
1446 static struct serdev_device_driver nxp_serdev_driver = {
1447 .probe = nxp_serdev_probe,
1448 .remove = nxp_serdev_remove,
1449 .driver = {
1450 .name = "btnxpuart",
1451 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1452 },
1453 };
1454
1455 module_serdev_device_driver(nxp_serdev_driver);
1456
1457 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1458 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1459 MODULE_LICENSE("GPL");
1460