1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NXP Bluetooth driver
4 * Copyright 2023 NXP
5 */
6
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <asm/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19
20 #include <net/bluetooth/bluetooth.h>
21 #include <net/bluetooth/hci_core.h>
22
23 #include "h4_recv.h"
24
25 #define MANUFACTURER_NXP 37
26
27 #define BTNXPUART_TX_STATE_ACTIVE 1
28 #define BTNXPUART_FW_DOWNLOADING 2
29 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3
30 #define BTNXPUART_SERDEV_OPEN 4
31 #define BTNXPUART_IR_IN_PROGRESS 5
32 #define BTNXPUART_FW_DOWNLOAD_ABORT 6
33
34 /* NXP HW err codes */
35 #define BTNXPUART_IR_HW_ERR 0xb0
36
37 #define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin"
38 #define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin"
39 #define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin"
40 #define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin"
41 #define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se"
42 #define FIRMWARE_IW624 "nxp/uartiw624_bt.bin"
43 #define FIRMWARE_SECURE_IW624 "nxp/uartiw624_bt.bin.se"
44 #define FIRMWARE_AW693 "nxp/uartaw693_bt.bin"
45 #define FIRMWARE_SECURE_AW693 "nxp/uartaw693_bt.bin.se"
46 #define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin"
47
48 #define CHIP_ID_W9098 0x5c03
49 #define CHIP_ID_IW416 0x7201
50 #define CHIP_ID_IW612 0x7601
51 #define CHIP_ID_IW624a 0x8000
52 #define CHIP_ID_IW624c 0x8001
53 #define CHIP_ID_AW693 0x8200
54
55 #define FW_SECURE_MASK 0xc0
56 #define FW_OPEN 0x00
57 #define FW_AUTH_ILLEGAL 0x40
58 #define FW_AUTH_PLAIN 0x80
59 #define FW_AUTH_ENC 0xc0
60
61 #define HCI_NXP_PRI_BAUDRATE 115200
62 #define HCI_NXP_SEC_BAUDRATE 3000000
63
64 #define MAX_FW_FILE_NAME_LEN 50
65
66 /* Default ps timeout period in milliseconds */
67 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
68
69 /* wakeup methods */
70 #define WAKEUP_METHOD_DTR 0
71 #define WAKEUP_METHOD_BREAK 1
72 #define WAKEUP_METHOD_EXT_BREAK 2
73 #define WAKEUP_METHOD_RTS 3
74 #define WAKEUP_METHOD_INVALID 0xff
75
76 /* power save mode status */
77 #define PS_MODE_DISABLE 0
78 #define PS_MODE_ENABLE 1
79
80 /* Power Save Commands to ps_work_func */
81 #define PS_CMD_EXIT_PS 1
82 #define PS_CMD_ENTER_PS 2
83
84 /* power save state */
85 #define PS_STATE_AWAKE 0
86 #define PS_STATE_SLEEP 1
87
88 /* Bluetooth vendor command : Sleep mode */
89 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
90 /* Bluetooth vendor command : Wakeup method */
91 #define HCI_NXP_WAKEUP_METHOD 0xfc53
92 /* Bluetooth vendor command : Set operational baudrate */
93 #define HCI_NXP_SET_OPER_SPEED 0xfc09
94 /* Bluetooth vendor command: Independent Reset */
95 #define HCI_NXP_IND_RESET 0xfcfc
96
97 /* Bluetooth Power State : Vendor cmd params */
98 #define BT_PS_ENABLE 0x02
99 #define BT_PS_DISABLE 0x03
100
101 /* Bluetooth Host Wakeup Methods */
102 #define BT_HOST_WAKEUP_METHOD_NONE 0x00
103 #define BT_HOST_WAKEUP_METHOD_DTR 0x01
104 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02
105 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03
106
107 /* Bluetooth Chip Wakeup Methods */
108 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00
109 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
110 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
111 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
112 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05
113
114 struct ps_data {
115 u8 target_ps_mode; /* ps mode to be set */
116 u8 cur_psmode; /* current ps_mode */
117 u8 ps_state; /* controller's power save state */
118 u8 ps_cmd;
119 u8 h2c_wakeupmode;
120 u8 cur_h2c_wakeupmode;
121 u8 c2h_wakeupmode;
122 u8 c2h_wakeup_gpio;
123 u8 h2c_wakeup_gpio;
124 bool driver_sent_cmd;
125 u16 h2c_ps_interval;
126 u16 c2h_ps_interval;
127 struct hci_dev *hdev;
128 struct work_struct work;
129 struct timer_list ps_timer;
130 struct mutex ps_lock;
131 };
132
133 struct wakeup_cmd_payload {
134 u8 c2h_wakeupmode;
135 u8 c2h_wakeup_gpio;
136 u8 h2c_wakeupmode;
137 u8 h2c_wakeup_gpio;
138 } __packed;
139
140 struct psmode_cmd_payload {
141 u8 ps_cmd;
142 __le16 c2h_ps_interval;
143 } __packed;
144
145 struct btnxpuart_data {
146 const char *helper_fw_name;
147 const char *fw_name;
148 };
149
150 struct btnxpuart_dev {
151 struct hci_dev *hdev;
152 struct serdev_device *serdev;
153
154 struct work_struct tx_work;
155 unsigned long tx_state;
156 struct sk_buff_head txq;
157 struct sk_buff *rx_skb;
158
159 const struct firmware *fw;
160 u8 fw_name[MAX_FW_FILE_NAME_LEN];
161 u32 fw_dnld_v1_offset;
162 u32 fw_v1_sent_bytes;
163 u32 fw_dnld_v3_offset;
164 u32 fw_v3_offset_correction;
165 u32 fw_v1_expected_len;
166 u32 boot_reg_offset;
167 wait_queue_head_t fw_dnld_done_wait_q;
168 wait_queue_head_t check_boot_sign_wait_q;
169
170 u32 new_baudrate;
171 u32 current_baudrate;
172 u32 fw_init_baudrate;
173 bool timeout_changed;
174 bool baudrate_changed;
175 bool helper_downloaded;
176
177 struct ps_data psdata;
178 struct btnxpuart_data *nxp_data;
179 };
180
181 #define NXP_V1_FW_REQ_PKT 0xa5
182 #define NXP_V1_CHIP_VER_PKT 0xaa
183 #define NXP_V3_FW_REQ_PKT 0xa7
184 #define NXP_V3_CHIP_VER_PKT 0xab
185
186 #define NXP_ACK_V1 0x5a
187 #define NXP_NAK_V1 0xbf
188 #define NXP_ACK_V3 0x7a
189 #define NXP_NAK_V3 0x7b
190 #define NXP_CRC_ERROR_V3 0x7c
191
192 /* Bootloader signature error codes */
193 #define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */
194 #define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */
195 #define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */
196
197 #define HDR_LEN 16
198
199 #define NXP_RECV_CHIP_VER_V1 \
200 .type = NXP_V1_CHIP_VER_PKT, \
201 .hlen = 4, \
202 .loff = 0, \
203 .lsize = 0, \
204 .maxlen = 4
205
206 #define NXP_RECV_FW_REQ_V1 \
207 .type = NXP_V1_FW_REQ_PKT, \
208 .hlen = 4, \
209 .loff = 0, \
210 .lsize = 0, \
211 .maxlen = 4
212
213 #define NXP_RECV_CHIP_VER_V3 \
214 .type = NXP_V3_CHIP_VER_PKT, \
215 .hlen = 4, \
216 .loff = 0, \
217 .lsize = 0, \
218 .maxlen = 4
219
220 #define NXP_RECV_FW_REQ_V3 \
221 .type = NXP_V3_FW_REQ_PKT, \
222 .hlen = 9, \
223 .loff = 0, \
224 .lsize = 0, \
225 .maxlen = 9
226
227 struct v1_data_req {
228 __le16 len;
229 __le16 len_comp;
230 } __packed;
231
232 struct v1_start_ind {
233 __le16 chip_id;
234 __le16 chip_id_comp;
235 } __packed;
236
237 struct v3_data_req {
238 __le16 len;
239 __le32 offset;
240 __le16 error;
241 u8 crc;
242 } __packed;
243
244 struct v3_start_ind {
245 __le16 chip_id;
246 u8 loader_ver;
247 u8 crc;
248 } __packed;
249
250 /* UART register addresses of BT chip */
251 #define CLKDIVADDR 0x7f00008f
252 #define UARTDIVADDR 0x7f000090
253 #define UARTMCRADDR 0x7f000091
254 #define UARTREINITADDR 0x7f000092
255 #define UARTICRADDR 0x7f000093
256 #define UARTFCRADDR 0x7f000094
257
258 #define MCR 0x00000022
259 #define INIT 0x00000001
260 #define ICR 0x000000c7
261 #define FCR 0x000000c7
262
263 #define POLYNOMIAL8 0x07
264
265 struct uart_reg {
266 __le32 address;
267 __le32 value;
268 } __packed;
269
270 struct uart_config {
271 struct uart_reg clkdiv;
272 struct uart_reg uartdiv;
273 struct uart_reg mcr;
274 struct uart_reg re_init;
275 struct uart_reg icr;
276 struct uart_reg fcr;
277 __be32 crc;
278 } __packed;
279
280 struct nxp_bootloader_cmd {
281 __le32 header;
282 __le32 arg;
283 __le32 payload_len;
284 __be32 crc;
285 } __packed;
286
287 struct nxp_v3_rx_timeout_nak {
288 u8 nak;
289 __le32 offset;
290 u8 crc;
291 } __packed;
292
293 union nxp_v3_rx_timeout_nak_u {
294 struct nxp_v3_rx_timeout_nak pkt;
295 u8 buf[6];
296 };
297
298 static u8 crc8_table[CRC8_TABLE_SIZE];
299
300 /* Default configurations */
301 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
302 #define DEFAULT_PS_MODE PS_MODE_ENABLE
303 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
304
nxp_drv_send_cmd(struct hci_dev * hdev,u16 opcode,u32 plen,void * param)305 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
306 u32 plen,
307 void *param)
308 {
309 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
310 struct ps_data *psdata = &nxpdev->psdata;
311 struct sk_buff *skb;
312
313 /* set flag to prevent nxp_enqueue from parsing values from this command and
314 * calling hci_cmd_sync_queue() again.
315 */
316 psdata->driver_sent_cmd = true;
317 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
318 psdata->driver_sent_cmd = false;
319
320 return skb;
321 }
322
btnxpuart_tx_wakeup(struct btnxpuart_dev * nxpdev)323 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
324 {
325 if (schedule_work(&nxpdev->tx_work))
326 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
327 }
328
329 /* NXP Power Save Feature */
ps_start_timer(struct btnxpuart_dev * nxpdev)330 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
331 {
332 struct ps_data *psdata = &nxpdev->psdata;
333
334 if (!psdata)
335 return;
336
337 if (psdata->cur_psmode == PS_MODE_ENABLE)
338 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
339
340 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
341 cancel_work_sync(&psdata->work);
342 }
343
ps_cancel_timer(struct btnxpuart_dev * nxpdev)344 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
345 {
346 struct ps_data *psdata = &nxpdev->psdata;
347
348 flush_work(&psdata->work);
349 timer_shutdown_sync(&psdata->ps_timer);
350 }
351
ps_control(struct hci_dev * hdev,u8 ps_state)352 static void ps_control(struct hci_dev *hdev, u8 ps_state)
353 {
354 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
355 struct ps_data *psdata = &nxpdev->psdata;
356 int status;
357
358 if (psdata->ps_state == ps_state ||
359 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
360 return;
361
362 mutex_lock(&psdata->ps_lock);
363 switch (psdata->cur_h2c_wakeupmode) {
364 case WAKEUP_METHOD_DTR:
365 if (ps_state == PS_STATE_AWAKE)
366 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
367 else
368 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
369 break;
370 case WAKEUP_METHOD_BREAK:
371 default:
372 if (ps_state == PS_STATE_AWAKE)
373 status = serdev_device_break_ctl(nxpdev->serdev, 0);
374 else
375 status = serdev_device_break_ctl(nxpdev->serdev, -1);
376 msleep(20); /* Allow chip to detect UART-break and enter sleep */
377 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
378 str_on_off(ps_state == PS_STATE_SLEEP), status);
379 break;
380 }
381 if (!status)
382 psdata->ps_state = ps_state;
383 mutex_unlock(&psdata->ps_lock);
384
385 if (ps_state == PS_STATE_AWAKE)
386 btnxpuart_tx_wakeup(nxpdev);
387 }
388
ps_work_func(struct work_struct * work)389 static void ps_work_func(struct work_struct *work)
390 {
391 struct ps_data *data = container_of(work, struct ps_data, work);
392
393 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
394 ps_control(data->hdev, PS_STATE_SLEEP);
395 else if (data->ps_cmd == PS_CMD_EXIT_PS)
396 ps_control(data->hdev, PS_STATE_AWAKE);
397 }
398
ps_timeout_func(struct timer_list * t)399 static void ps_timeout_func(struct timer_list *t)
400 {
401 struct ps_data *data = from_timer(data, t, ps_timer);
402 struct hci_dev *hdev = data->hdev;
403 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
404
405 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
406 ps_start_timer(nxpdev);
407 } else {
408 data->ps_cmd = PS_CMD_ENTER_PS;
409 schedule_work(&data->work);
410 }
411 }
412
ps_setup(struct hci_dev * hdev)413 static void ps_setup(struct hci_dev *hdev)
414 {
415 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
416 struct ps_data *psdata = &nxpdev->psdata;
417
418 psdata->hdev = hdev;
419 INIT_WORK(&psdata->work, ps_work_func);
420 mutex_init(&psdata->ps_lock);
421 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
422 }
423
ps_wakeup(struct btnxpuart_dev * nxpdev)424 static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
425 {
426 struct ps_data *psdata = &nxpdev->psdata;
427 u8 ps_state;
428
429 mutex_lock(&psdata->ps_lock);
430 ps_state = psdata->ps_state;
431 mutex_unlock(&psdata->ps_lock);
432
433 if (ps_state != PS_STATE_AWAKE) {
434 psdata->ps_cmd = PS_CMD_EXIT_PS;
435 schedule_work(&psdata->work);
436 return true;
437 }
438 return false;
439 }
440
ps_cleanup(struct btnxpuart_dev * nxpdev)441 static void ps_cleanup(struct btnxpuart_dev *nxpdev)
442 {
443 struct ps_data *psdata = &nxpdev->psdata;
444 u8 ps_state;
445
446 mutex_lock(&psdata->ps_lock);
447 ps_state = psdata->ps_state;
448 mutex_unlock(&psdata->ps_lock);
449
450 if (ps_state != PS_STATE_AWAKE)
451 ps_control(psdata->hdev, PS_STATE_AWAKE);
452
453 ps_cancel_timer(nxpdev);
454 cancel_work_sync(&psdata->work);
455 mutex_destroy(&psdata->ps_lock);
456 }
457
send_ps_cmd(struct hci_dev * hdev,void * data)458 static int send_ps_cmd(struct hci_dev *hdev, void *data)
459 {
460 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
461 struct ps_data *psdata = &nxpdev->psdata;
462 struct psmode_cmd_payload pcmd;
463 struct sk_buff *skb;
464 u8 *status;
465
466 if (psdata->target_ps_mode == PS_MODE_ENABLE)
467 pcmd.ps_cmd = BT_PS_ENABLE;
468 else
469 pcmd.ps_cmd = BT_PS_DISABLE;
470 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
471
472 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
473 if (IS_ERR(skb)) {
474 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
475 return PTR_ERR(skb);
476 }
477
478 status = skb_pull_data(skb, 1);
479 if (status) {
480 if (!*status)
481 psdata->cur_psmode = psdata->target_ps_mode;
482 else
483 psdata->target_ps_mode = psdata->cur_psmode;
484 if (psdata->cur_psmode == PS_MODE_ENABLE)
485 ps_start_timer(nxpdev);
486 else
487 ps_wakeup(nxpdev);
488 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
489 *status, psdata->cur_psmode);
490 }
491 kfree_skb(skb);
492
493 return 0;
494 }
495
send_wakeup_method_cmd(struct hci_dev * hdev,void * data)496 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
497 {
498 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
499 struct ps_data *psdata = &nxpdev->psdata;
500 struct wakeup_cmd_payload pcmd;
501 struct sk_buff *skb;
502 u8 *status;
503
504 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
505 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
506 switch (psdata->h2c_wakeupmode) {
507 case WAKEUP_METHOD_DTR:
508 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
509 break;
510 case WAKEUP_METHOD_BREAK:
511 default:
512 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
513 break;
514 }
515 pcmd.h2c_wakeup_gpio = 0xff;
516
517 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
518 if (IS_ERR(skb)) {
519 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
520 return PTR_ERR(skb);
521 }
522
523 status = skb_pull_data(skb, 1);
524 if (status) {
525 if (*status == 0)
526 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
527 else
528 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
529 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
530 *status, psdata->cur_h2c_wakeupmode);
531 }
532 kfree_skb(skb);
533
534 return 0;
535 }
536
ps_init(struct hci_dev * hdev)537 static void ps_init(struct hci_dev *hdev)
538 {
539 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
540 struct ps_data *psdata = &nxpdev->psdata;
541
542 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
543 usleep_range(5000, 10000);
544 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
545 usleep_range(5000, 10000);
546
547 psdata->ps_state = PS_STATE_AWAKE;
548 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
549 psdata->c2h_wakeup_gpio = 0xff;
550
551 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
552 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
553 switch (DEFAULT_H2C_WAKEUP_MODE) {
554 case WAKEUP_METHOD_DTR:
555 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
556 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
557 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
558 break;
559 case WAKEUP_METHOD_BREAK:
560 default:
561 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
562 serdev_device_break_ctl(nxpdev->serdev, -1);
563 usleep_range(5000, 10000);
564 serdev_device_break_ctl(nxpdev->serdev, 0);
565 usleep_range(5000, 10000);
566 break;
567 }
568
569 psdata->cur_psmode = PS_MODE_DISABLE;
570 psdata->target_ps_mode = DEFAULT_PS_MODE;
571
572 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
573 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
574 if (psdata->cur_psmode != psdata->target_ps_mode)
575 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
576 }
577
578 /* NXP Firmware Download Feature */
nxp_download_firmware(struct hci_dev * hdev)579 static int nxp_download_firmware(struct hci_dev *hdev)
580 {
581 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
582 int err = 0;
583
584 nxpdev->fw_dnld_v1_offset = 0;
585 nxpdev->fw_v1_sent_bytes = 0;
586 nxpdev->fw_v1_expected_len = HDR_LEN;
587 nxpdev->boot_reg_offset = 0;
588 nxpdev->fw_dnld_v3_offset = 0;
589 nxpdev->fw_v3_offset_correction = 0;
590 nxpdev->baudrate_changed = false;
591 nxpdev->timeout_changed = false;
592 nxpdev->helper_downloaded = false;
593
594 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
595 serdev_device_set_flow_control(nxpdev->serdev, false);
596 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
597
598 /* Wait till FW is downloaded */
599 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
600 !test_bit(BTNXPUART_FW_DOWNLOADING,
601 &nxpdev->tx_state),
602 msecs_to_jiffies(60000));
603
604 release_firmware(nxpdev->fw);
605 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
606
607 if (err == 0) {
608 bt_dev_err(hdev, "FW Download Timeout. offset: %d",
609 nxpdev->fw_dnld_v1_offset ?
610 nxpdev->fw_dnld_v1_offset :
611 nxpdev->fw_dnld_v3_offset);
612 return -ETIMEDOUT;
613 }
614 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
615 bt_dev_err(hdev, "FW Download Aborted");
616 return -EINTR;
617 }
618
619 serdev_device_set_flow_control(nxpdev->serdev, true);
620
621 /* Allow the downloaded FW to initialize */
622 msleep(1200);
623
624 return 0;
625 }
626
nxp_send_ack(u8 ack,struct hci_dev * hdev)627 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
628 {
629 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
630 u8 ack_nak[2];
631 int len = 1;
632
633 ack_nak[0] = ack;
634 if (ack == NXP_ACK_V3) {
635 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
636 len = 2;
637 }
638 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
639 }
640
nxp_fw_change_baudrate(struct hci_dev * hdev,u16 req_len)641 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
642 {
643 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
644 struct nxp_bootloader_cmd nxp_cmd5;
645 struct uart_config uart_config;
646 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
647 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
648 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
649 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
650 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
651 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
652
653 if (req_len == sizeof(nxp_cmd5)) {
654 nxp_cmd5.header = __cpu_to_le32(5);
655 nxp_cmd5.arg = 0;
656 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
657 /* FW expects swapped CRC bytes */
658 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
659 sizeof(nxp_cmd5) - 4));
660
661 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
662 nxpdev->fw_v3_offset_correction += req_len;
663 } else if (req_len == sizeof(uart_config)) {
664 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
665 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
666 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
667 uart_config.uartdiv.value = __cpu_to_le32(1);
668 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
669 uart_config.mcr.value = __cpu_to_le32(MCR);
670 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
671 uart_config.re_init.value = __cpu_to_le32(INIT);
672 uart_config.icr.address = __cpu_to_le32(uarticraddr);
673 uart_config.icr.value = __cpu_to_le32(ICR);
674 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
675 uart_config.fcr.value = __cpu_to_le32(FCR);
676 /* FW expects swapped CRC bytes */
677 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
678 sizeof(uart_config) - 4));
679
680 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
681 serdev_device_wait_until_sent(nxpdev->serdev, 0);
682 nxpdev->fw_v3_offset_correction += req_len;
683 return true;
684 }
685 return false;
686 }
687
nxp_fw_change_timeout(struct hci_dev * hdev,u16 req_len)688 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
689 {
690 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
691 struct nxp_bootloader_cmd nxp_cmd7;
692
693 if (req_len != sizeof(nxp_cmd7))
694 return false;
695
696 nxp_cmd7.header = __cpu_to_le32(7);
697 nxp_cmd7.arg = __cpu_to_le32(0x70);
698 nxp_cmd7.payload_len = 0;
699 /* FW expects swapped CRC bytes */
700 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
701 sizeof(nxp_cmd7) - 4));
702 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
703 serdev_device_wait_until_sent(nxpdev->serdev, 0);
704 nxpdev->fw_v3_offset_correction += req_len;
705 return true;
706 }
707
nxp_get_data_len(const u8 * buf)708 static u32 nxp_get_data_len(const u8 *buf)
709 {
710 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
711
712 return __le32_to_cpu(hdr->payload_len);
713 }
714
is_fw_downloading(struct btnxpuart_dev * nxpdev)715 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
716 {
717 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
718 }
719
process_boot_signature(struct btnxpuart_dev * nxpdev)720 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
721 {
722 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
723 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
724 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
725 return false;
726 }
727 return is_fw_downloading(nxpdev);
728 }
729
nxp_request_firmware(struct hci_dev * hdev,const char * fw_name)730 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
731 {
732 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
733 int err = 0;
734
735 if (!fw_name)
736 return -ENOENT;
737
738 if (!strlen(nxpdev->fw_name)) {
739 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
740
741 bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
742 err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
743 if (err < 0) {
744 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
745 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
746 }
747 }
748 return err;
749 }
750
751 /* for legacy chipsets with V1 bootloader */
nxp_recv_chip_ver_v1(struct hci_dev * hdev,struct sk_buff * skb)752 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
753 {
754 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
755 struct v1_start_ind *req;
756 __u16 chip_id;
757
758 req = skb_pull_data(skb, sizeof(*req));
759 if (!req)
760 goto free_skb;
761
762 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
763 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
764 nxpdev->fw_dnld_v1_offset = 0;
765 nxpdev->fw_v1_sent_bytes = 0;
766 nxpdev->fw_v1_expected_len = HDR_LEN;
767 release_firmware(nxpdev->fw);
768 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
769 nxp_send_ack(NXP_ACK_V1, hdev);
770 }
771
772 free_skb:
773 kfree_skb(skb);
774 return 0;
775 }
776
nxp_recv_fw_req_v1(struct hci_dev * hdev,struct sk_buff * skb)777 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
778 {
779 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
780 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
781 struct v1_data_req *req;
782 __u16 len;
783
784 if (!process_boot_signature(nxpdev))
785 goto free_skb;
786
787 req = skb_pull_data(skb, sizeof(*req));
788 if (!req)
789 goto free_skb;
790
791 len = __le16_to_cpu(req->len ^ req->len_comp);
792 if (len != 0xffff) {
793 bt_dev_dbg(hdev, "ERR: Send NAK");
794 nxp_send_ack(NXP_NAK_V1, hdev);
795 goto free_skb;
796 }
797 nxp_send_ack(NXP_ACK_V1, hdev);
798
799 len = __le16_to_cpu(req->len);
800
801 if (!nxp_data->helper_fw_name) {
802 if (!nxpdev->timeout_changed) {
803 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
804 len);
805 goto free_skb;
806 }
807 if (!nxpdev->baudrate_changed) {
808 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
809 len);
810 if (nxpdev->baudrate_changed) {
811 serdev_device_set_baudrate(nxpdev->serdev,
812 HCI_NXP_SEC_BAUDRATE);
813 serdev_device_set_flow_control(nxpdev->serdev, true);
814 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
815 }
816 goto free_skb;
817 }
818 }
819
820 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
821 if (nxp_request_firmware(hdev, nxp_data->fw_name))
822 goto free_skb;
823 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
824 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
825 goto free_skb;
826 }
827
828 if (!len) {
829 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
830 nxpdev->fw->size);
831 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
832 nxpdev->helper_downloaded = true;
833 serdev_device_wait_until_sent(nxpdev->serdev, 0);
834 serdev_device_set_baudrate(nxpdev->serdev,
835 HCI_NXP_SEC_BAUDRATE);
836 serdev_device_set_flow_control(nxpdev->serdev, true);
837 } else {
838 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
839 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
840 }
841 goto free_skb;
842 }
843 if (len & 0x01) {
844 /* The CRC did not match at the other end.
845 * Simply send the same bytes again.
846 */
847 len = nxpdev->fw_v1_sent_bytes;
848 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
849 } else {
850 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
851
852 /* The FW bin file is made up of many blocks of
853 * 16 byte header and payload data chunks. If the
854 * FW has requested a header, read the payload length
855 * info from the header, before sending the header.
856 * In the next iteration, the FW should request the
857 * payload data chunk, which should be equal to the
858 * payload length read from header. If there is a
859 * mismatch, clearly the driver and FW are out of sync,
860 * and we need to re-send the previous header again.
861 */
862 if (len == nxpdev->fw_v1_expected_len) {
863 if (len == HDR_LEN)
864 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
865 nxpdev->fw_dnld_v1_offset);
866 else
867 nxpdev->fw_v1_expected_len = HDR_LEN;
868 } else if (len == HDR_LEN) {
869 /* FW download out of sync. Send previous chunk again */
870 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
871 nxpdev->fw_v1_expected_len = HDR_LEN;
872 }
873 }
874
875 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
876 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
877 nxpdev->fw_dnld_v1_offset, len);
878 nxpdev->fw_v1_sent_bytes = len;
879
880 free_skb:
881 kfree_skb(skb);
882 return 0;
883 }
884
nxp_get_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)885 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
886 u8 loader_ver)
887 {
888 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
889 char *fw_name = NULL;
890
891 switch (chipid) {
892 case CHIP_ID_W9098:
893 fw_name = FIRMWARE_W9098;
894 break;
895 case CHIP_ID_IW416:
896 fw_name = FIRMWARE_IW416;
897 break;
898 case CHIP_ID_IW612:
899 fw_name = FIRMWARE_IW612;
900 break;
901 case CHIP_ID_IW624a:
902 case CHIP_ID_IW624c:
903 nxpdev->boot_reg_offset = 1;
904 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
905 fw_name = FIRMWARE_IW624;
906 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
907 fw_name = FIRMWARE_SECURE_IW624;
908 else
909 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
910 break;
911 case CHIP_ID_AW693:
912 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
913 fw_name = FIRMWARE_AW693;
914 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
915 fw_name = FIRMWARE_SECURE_AW693;
916 else
917 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
918 break;
919 default:
920 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
921 break;
922 }
923 return fw_name;
924 }
925
nxp_recv_chip_ver_v3(struct hci_dev * hdev,struct sk_buff * skb)926 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
927 {
928 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
929 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
930 u16 chip_id;
931 u8 loader_ver;
932
933 if (!process_boot_signature(nxpdev))
934 goto free_skb;
935
936 chip_id = le16_to_cpu(req->chip_id);
937 loader_ver = req->loader_ver;
938 if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
939 chip_id, loader_ver)))
940 nxp_send_ack(NXP_ACK_V3, hdev);
941
942 free_skb:
943 kfree_skb(skb);
944 return 0;
945 }
946
nxp_handle_fw_download_error(struct hci_dev * hdev,struct v3_data_req * req)947 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
948 {
949 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
950 __u32 offset = __le32_to_cpu(req->offset);
951 __u16 err = __le16_to_cpu(req->error);
952 union nxp_v3_rx_timeout_nak_u nak_tx_buf;
953
954 switch (err) {
955 case NXP_ACK_RX_TIMEOUT:
956 case NXP_HDR_RX_TIMEOUT:
957 case NXP_DATA_RX_TIMEOUT:
958 nak_tx_buf.pkt.nak = NXP_NAK_V3;
959 nak_tx_buf.pkt.offset = __cpu_to_le32(offset);
960 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf,
961 sizeof(nak_tx_buf) - 1, 0xff);
962 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf,
963 sizeof(nak_tx_buf));
964 break;
965 default:
966 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err);
967 break;
968
969 }
970
971 }
972
nxp_recv_fw_req_v3(struct hci_dev * hdev,struct sk_buff * skb)973 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
974 {
975 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
976 struct v3_data_req *req;
977 __u16 len;
978 __u32 offset;
979
980 if (!process_boot_signature(nxpdev))
981 goto free_skb;
982
983 req = skb_pull_data(skb, sizeof(*req));
984 if (!req || !nxpdev->fw)
985 goto free_skb;
986
987 if (!req->error) {
988 nxp_send_ack(NXP_ACK_V3, hdev);
989 } else {
990 nxp_handle_fw_download_error(hdev, req);
991 goto free_skb;
992 }
993
994 len = __le16_to_cpu(req->len);
995
996 if (!nxpdev->timeout_changed) {
997 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
998 goto free_skb;
999 }
1000
1001 if (!nxpdev->baudrate_changed) {
1002 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
1003 if (nxpdev->baudrate_changed) {
1004 serdev_device_set_baudrate(nxpdev->serdev,
1005 HCI_NXP_SEC_BAUDRATE);
1006 serdev_device_set_flow_control(nxpdev->serdev, true);
1007 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
1008 }
1009 goto free_skb;
1010 }
1011
1012 if (req->len == 0) {
1013 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
1014 nxpdev->fw->size);
1015 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1016 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1017 goto free_skb;
1018 }
1019
1020 offset = __le32_to_cpu(req->offset);
1021 if (offset < nxpdev->fw_v3_offset_correction) {
1022 /* This scenario should ideally never occur. But if it ever does,
1023 * FW is out of sync and needs a power cycle.
1024 */
1025 bt_dev_err(hdev, "Something went wrong during FW download");
1026 bt_dev_err(hdev, "Please power cycle and try again");
1027 goto free_skb;
1028 }
1029
1030 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1031 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1032 nxpdev->fw_dnld_v3_offset, len);
1033
1034 free_skb:
1035 kfree_skb(skb);
1036 return 0;
1037 }
1038
nxp_set_baudrate_cmd(struct hci_dev * hdev,void * data)1039 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1040 {
1041 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1042 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1043 struct ps_data *psdata = &nxpdev->psdata;
1044 struct sk_buff *skb;
1045 u8 *status;
1046
1047 if (!psdata)
1048 return 0;
1049
1050 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1051 if (IS_ERR(skb)) {
1052 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1053 return PTR_ERR(skb);
1054 }
1055
1056 status = (u8 *)skb_pull_data(skb, 1);
1057 if (status) {
1058 if (*status == 0) {
1059 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1060 nxpdev->current_baudrate = nxpdev->new_baudrate;
1061 }
1062 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1063 *status, nxpdev->new_baudrate);
1064 }
1065 kfree_skb(skb);
1066
1067 return 0;
1068 }
1069
nxp_check_boot_sign(struct btnxpuart_dev * nxpdev)1070 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1071 {
1072 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1073 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1074 serdev_device_set_flow_control(nxpdev->serdev, false);
1075 else
1076 serdev_device_set_flow_control(nxpdev->serdev, true);
1077 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1078
1079 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1080 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1081 &nxpdev->tx_state),
1082 msecs_to_jiffies(1000));
1083 }
1084
nxp_set_ind_reset(struct hci_dev * hdev,void * data)1085 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1086 {
1087 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1088 0x01, BTNXPUART_IR_HW_ERR };
1089 struct sk_buff *skb;
1090
1091 skb = bt_skb_alloc(3, GFP_ATOMIC);
1092 if (!skb)
1093 return -ENOMEM;
1094
1095 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1096 skb_put_data(skb, ir_hw_err, 3);
1097
1098 /* Inject Hardware Error to upper stack */
1099 return hci_recv_frame(hdev, skb);
1100 }
1101
1102 /* NXP protocol */
nxp_setup(struct hci_dev * hdev)1103 static int nxp_setup(struct hci_dev *hdev)
1104 {
1105 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1106 int err = 0;
1107
1108 if (nxp_check_boot_sign(nxpdev)) {
1109 bt_dev_dbg(hdev, "Need FW Download.");
1110 err = nxp_download_firmware(hdev);
1111 if (err < 0)
1112 return err;
1113 } else {
1114 bt_dev_dbg(hdev, "FW already running.");
1115 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1116 }
1117
1118 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1119 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1120
1121 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1122 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1123 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1124 }
1125
1126 ps_init(hdev);
1127
1128 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1129 hci_dev_clear_flag(hdev, HCI_SETUP);
1130
1131 return 0;
1132 }
1133
nxp_hw_err(struct hci_dev * hdev,u8 code)1134 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1135 {
1136 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1137
1138 switch (code) {
1139 case BTNXPUART_IR_HW_ERR:
1140 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1141 hci_dev_set_flag(hdev, HCI_SETUP);
1142 break;
1143 default:
1144 break;
1145 }
1146 }
1147
nxp_shutdown(struct hci_dev * hdev)1148 static int nxp_shutdown(struct hci_dev *hdev)
1149 {
1150 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1151 struct sk_buff *skb;
1152 u8 *status;
1153 u8 pcmd = 0;
1154
1155 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1156 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1157 if (IS_ERR(skb))
1158 return PTR_ERR(skb);
1159
1160 status = skb_pull_data(skb, 1);
1161 if (status) {
1162 serdev_device_set_flow_control(nxpdev->serdev, false);
1163 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1164 }
1165 kfree_skb(skb);
1166 }
1167
1168 return 0;
1169 }
1170
btnxpuart_queue_skb(struct hci_dev * hdev,struct sk_buff * skb)1171 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1172 {
1173 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1174
1175 /* Prepend skb with frame type */
1176 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1177 skb_queue_tail(&nxpdev->txq, skb);
1178 btnxpuart_tx_wakeup(nxpdev);
1179 return 0;
1180 }
1181
nxp_enqueue(struct hci_dev * hdev,struct sk_buff * skb)1182 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1183 {
1184 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1185 struct ps_data *psdata = &nxpdev->psdata;
1186 struct hci_command_hdr *hdr;
1187 struct psmode_cmd_payload ps_parm;
1188 struct wakeup_cmd_payload wakeup_parm;
1189 __le32 baudrate_parm;
1190
1191 /* if vendor commands are received from user space (e.g. hcitool), update
1192 * driver flags accordingly and ask driver to re-send the command to FW.
1193 * In case the payload for any command does not match expected payload
1194 * length, let the firmware and user space program handle it, or throw
1195 * an error.
1196 */
1197 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1198 hdr = (struct hci_command_hdr *)skb->data;
1199 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1200 return btnxpuart_queue_skb(hdev, skb);
1201
1202 switch (__le16_to_cpu(hdr->opcode)) {
1203 case HCI_NXP_AUTO_SLEEP_MODE:
1204 if (hdr->plen == sizeof(ps_parm)) {
1205 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1206 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1207 psdata->target_ps_mode = PS_MODE_ENABLE;
1208 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1209 psdata->target_ps_mode = PS_MODE_DISABLE;
1210 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1211 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1212 goto free_skb;
1213 }
1214 break;
1215 case HCI_NXP_WAKEUP_METHOD:
1216 if (hdr->plen == sizeof(wakeup_parm)) {
1217 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1218 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1219 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1220 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1221 switch (wakeup_parm.h2c_wakeupmode) {
1222 case BT_CTRL_WAKEUP_METHOD_DSR:
1223 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1224 break;
1225 case BT_CTRL_WAKEUP_METHOD_BREAK:
1226 default:
1227 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1228 break;
1229 }
1230 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1231 goto free_skb;
1232 }
1233 break;
1234 case HCI_NXP_SET_OPER_SPEED:
1235 if (hdr->plen == sizeof(baudrate_parm)) {
1236 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1237 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1238 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1239 goto free_skb;
1240 }
1241 break;
1242 case HCI_NXP_IND_RESET:
1243 if (hdr->plen == 1) {
1244 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1245 goto free_skb;
1246 }
1247 break;
1248 default:
1249 break;
1250 }
1251 }
1252
1253 return btnxpuart_queue_skb(hdev, skb);
1254
1255 free_skb:
1256 kfree_skb(skb);
1257 return 0;
1258 }
1259
nxp_dequeue(void * data)1260 static struct sk_buff *nxp_dequeue(void *data)
1261 {
1262 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1263
1264 ps_start_timer(nxpdev);
1265 return skb_dequeue(&nxpdev->txq);
1266 }
1267
1268 /* btnxpuart based on serdev */
btnxpuart_tx_work(struct work_struct * work)1269 static void btnxpuart_tx_work(struct work_struct *work)
1270 {
1271 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1272 tx_work);
1273 struct serdev_device *serdev = nxpdev->serdev;
1274 struct hci_dev *hdev = nxpdev->hdev;
1275 struct sk_buff *skb;
1276 int len;
1277
1278 if (ps_wakeup(nxpdev))
1279 return;
1280
1281 while ((skb = nxp_dequeue(nxpdev))) {
1282 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1283 serdev_device_wait_until_sent(serdev, 0);
1284 hdev->stat.byte_tx += len;
1285
1286 skb_pull(skb, len);
1287 if (skb->len > 0) {
1288 skb_queue_head(&nxpdev->txq, skb);
1289 break;
1290 }
1291
1292 switch (hci_skb_pkt_type(skb)) {
1293 case HCI_COMMAND_PKT:
1294 hdev->stat.cmd_tx++;
1295 break;
1296 case HCI_ACLDATA_PKT:
1297 hdev->stat.acl_tx++;
1298 break;
1299 case HCI_SCODATA_PKT:
1300 hdev->stat.sco_tx++;
1301 break;
1302 }
1303
1304 kfree_skb(skb);
1305 }
1306 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1307 }
1308
btnxpuart_open(struct hci_dev * hdev)1309 static int btnxpuart_open(struct hci_dev *hdev)
1310 {
1311 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1312 int err = 0;
1313
1314 err = serdev_device_open(nxpdev->serdev);
1315 if (err) {
1316 bt_dev_err(hdev, "Unable to open UART device %s",
1317 dev_name(&nxpdev->serdev->dev));
1318 } else {
1319 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1320 }
1321 return err;
1322 }
1323
btnxpuart_close(struct hci_dev * hdev)1324 static int btnxpuart_close(struct hci_dev *hdev)
1325 {
1326 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1327
1328 serdev_device_close(nxpdev->serdev);
1329 skb_queue_purge(&nxpdev->txq);
1330 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1331 kfree_skb(nxpdev->rx_skb);
1332 nxpdev->rx_skb = NULL;
1333 }
1334 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1335 return 0;
1336 }
1337
btnxpuart_flush(struct hci_dev * hdev)1338 static int btnxpuart_flush(struct hci_dev *hdev)
1339 {
1340 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1341
1342 /* Flush any pending characters */
1343 serdev_device_write_flush(nxpdev->serdev);
1344 skb_queue_purge(&nxpdev->txq);
1345
1346 cancel_work_sync(&nxpdev->tx_work);
1347
1348 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1349 kfree_skb(nxpdev->rx_skb);
1350 nxpdev->rx_skb = NULL;
1351 }
1352
1353 return 0;
1354 }
1355
1356 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1357 { H4_RECV_ACL, .recv = hci_recv_frame },
1358 { H4_RECV_SCO, .recv = hci_recv_frame },
1359 { H4_RECV_EVENT, .recv = hci_recv_frame },
1360 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1361 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1362 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1363 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1364 };
1365
btnxpuart_receive_buf(struct serdev_device * serdev,const u8 * data,size_t count)1366 static int btnxpuart_receive_buf(struct serdev_device *serdev, const u8 *data,
1367 size_t count)
1368 {
1369 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1370
1371 ps_start_timer(nxpdev);
1372
1373 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1374 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1375 if (IS_ERR(nxpdev->rx_skb)) {
1376 int err = PTR_ERR(nxpdev->rx_skb);
1377 /* Safe to ignore out-of-sync bootloader signatures */
1378 if (!is_fw_downloading(nxpdev))
1379 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1380 nxpdev->rx_skb = NULL;
1381 return count;
1382 }
1383 if (!is_fw_downloading(nxpdev))
1384 nxpdev->hdev->stat.byte_rx += count;
1385 return count;
1386 }
1387
btnxpuart_write_wakeup(struct serdev_device * serdev)1388 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1389 {
1390 serdev_device_write_wakeup(serdev);
1391 }
1392
1393 static const struct serdev_device_ops btnxpuart_client_ops = {
1394 .receive_buf = btnxpuart_receive_buf,
1395 .write_wakeup = btnxpuart_write_wakeup,
1396 };
1397
nxp_serdev_probe(struct serdev_device * serdev)1398 static int nxp_serdev_probe(struct serdev_device *serdev)
1399 {
1400 struct hci_dev *hdev;
1401 struct btnxpuart_dev *nxpdev;
1402
1403 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1404 if (!nxpdev)
1405 return -ENOMEM;
1406
1407 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1408
1409 nxpdev->serdev = serdev;
1410 serdev_device_set_drvdata(serdev, nxpdev);
1411
1412 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1413
1414 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1415 skb_queue_head_init(&nxpdev->txq);
1416
1417 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1418 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1419
1420 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1421 &nxpdev->fw_init_baudrate);
1422 if (!nxpdev->fw_init_baudrate)
1423 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1424
1425 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1426
1427 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1428
1429 /* Initialize and register HCI device */
1430 hdev = hci_alloc_dev();
1431 if (!hdev) {
1432 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1433 return -ENOMEM;
1434 }
1435
1436 nxpdev->hdev = hdev;
1437
1438 hdev->bus = HCI_UART;
1439 hci_set_drvdata(hdev, nxpdev);
1440
1441 hdev->manufacturer = MANUFACTURER_NXP;
1442 hdev->open = btnxpuart_open;
1443 hdev->close = btnxpuart_close;
1444 hdev->flush = btnxpuart_flush;
1445 hdev->setup = nxp_setup;
1446 hdev->send = nxp_enqueue;
1447 hdev->hw_error = nxp_hw_err;
1448 hdev->shutdown = nxp_shutdown;
1449 SET_HCIDEV_DEV(hdev, &serdev->dev);
1450
1451 if (hci_register_dev(hdev) < 0) {
1452 dev_err(&serdev->dev, "Can't register HCI device\n");
1453 hci_free_dev(hdev);
1454 return -ENODEV;
1455 }
1456
1457 ps_setup(hdev);
1458
1459 return 0;
1460 }
1461
nxp_serdev_remove(struct serdev_device * serdev)1462 static void nxp_serdev_remove(struct serdev_device *serdev)
1463 {
1464 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1465 struct hci_dev *hdev = nxpdev->hdev;
1466
1467 if (is_fw_downloading(nxpdev)) {
1468 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1469 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1470 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1471 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1472 } else {
1473 /* Restore FW baudrate to fw_init_baudrate if changed.
1474 * This will ensure FW baudrate is in sync with
1475 * driver baudrate in case this driver is re-inserted.
1476 */
1477 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1478 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1479 nxp_set_baudrate_cmd(hdev, NULL);
1480 }
1481 }
1482 ps_cleanup(nxpdev);
1483 hci_unregister_dev(hdev);
1484 hci_free_dev(hdev);
1485 }
1486
1487 static struct btnxpuart_data w8987_data __maybe_unused = {
1488 .helper_fw_name = NULL,
1489 .fw_name = FIRMWARE_W8987,
1490 };
1491
1492 static struct btnxpuart_data w8997_data __maybe_unused = {
1493 .helper_fw_name = FIRMWARE_HELPER,
1494 .fw_name = FIRMWARE_W8997,
1495 };
1496
1497 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1498 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1499 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1500 { }
1501 };
1502 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1503
1504 static struct serdev_device_driver nxp_serdev_driver = {
1505 .probe = nxp_serdev_probe,
1506 .remove = nxp_serdev_remove,
1507 .driver = {
1508 .name = "btnxpuart",
1509 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1510 },
1511 };
1512
1513 module_serdev_device_driver(nxp_serdev_driver);
1514
1515 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1516 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1517 MODULE_LICENSE("GPL");
1518