1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NXP Bluetooth driver 4 * Copyright 2023 NXP 5 */ 6 7 #include <linux/module.h> 8 #include <linux/kernel.h> 9 10 #include <linux/serdev.h> 11 #include <linux/of.h> 12 #include <linux/skbuff.h> 13 #include <asm/unaligned.h> 14 #include <linux/firmware.h> 15 #include <linux/string.h> 16 #include <linux/crc8.h> 17 #include <linux/crc32.h> 18 #include <linux/string_helpers.h> 19 20 #include <net/bluetooth/bluetooth.h> 21 #include <net/bluetooth/hci_core.h> 22 23 #include "h4_recv.h" 24 25 #define MANUFACTURER_NXP 37 26 27 #define BTNXPUART_TX_STATE_ACTIVE 1 28 #define BTNXPUART_FW_DOWNLOADING 2 29 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3 30 #define BTNXPUART_SERDEV_OPEN 4 31 #define BTNXPUART_IR_IN_PROGRESS 5 32 #define BTNXPUART_FW_DOWNLOAD_ABORT 6 33 34 /* NXP HW err codes */ 35 #define BTNXPUART_IR_HW_ERR 0xb0 36 37 #define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin" 38 #define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin" 39 #define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin" 40 #define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin" 41 #define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se" 42 #define FIRMWARE_IW624 "nxp/uartiw624_bt.bin" 43 #define FIRMWARE_SECURE_IW624 "nxp/uartiw624_bt.bin.se" 44 #define FIRMWARE_AW693 "nxp/uartaw693_bt.bin" 45 #define FIRMWARE_SECURE_AW693 "nxp/uartaw693_bt.bin.se" 46 #define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin" 47 48 #define CHIP_ID_W9098 0x5c03 49 #define CHIP_ID_IW416 0x7201 50 #define CHIP_ID_IW612 0x7601 51 #define CHIP_ID_IW624a 0x8000 52 #define CHIP_ID_IW624c 0x8001 53 #define CHIP_ID_AW693 0x8200 54 55 #define FW_SECURE_MASK 0xc0 56 #define FW_OPEN 0x00 57 #define FW_AUTH_ILLEGAL 0x40 58 #define FW_AUTH_PLAIN 0x80 59 #define FW_AUTH_ENC 0xc0 60 61 #define HCI_NXP_PRI_BAUDRATE 115200 62 #define HCI_NXP_SEC_BAUDRATE 3000000 63 64 #define MAX_FW_FILE_NAME_LEN 50 65 66 /* Default ps timeout period in milliseconds */ 67 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000 68 69 /* wakeup methods */ 70 #define WAKEUP_METHOD_DTR 0 71 #define WAKEUP_METHOD_BREAK 1 72 #define WAKEUP_METHOD_EXT_BREAK 2 73 #define WAKEUP_METHOD_RTS 3 74 #define WAKEUP_METHOD_INVALID 0xff 75 76 /* power save mode status */ 77 #define PS_MODE_DISABLE 0 78 #define PS_MODE_ENABLE 1 79 80 /* Power Save Commands to ps_work_func */ 81 #define PS_CMD_EXIT_PS 1 82 #define PS_CMD_ENTER_PS 2 83 84 /* power save state */ 85 #define PS_STATE_AWAKE 0 86 #define PS_STATE_SLEEP 1 87 88 /* Bluetooth vendor command : Sleep mode */ 89 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23 90 /* Bluetooth vendor command : Wakeup method */ 91 #define HCI_NXP_WAKEUP_METHOD 0xfc53 92 /* Bluetooth vendor command : Set operational baudrate */ 93 #define HCI_NXP_SET_OPER_SPEED 0xfc09 94 /* Bluetooth vendor command: Independent Reset */ 95 #define HCI_NXP_IND_RESET 0xfcfc 96 97 /* Bluetooth Power State : Vendor cmd params */ 98 #define BT_PS_ENABLE 0x02 99 #define BT_PS_DISABLE 0x03 100 101 /* Bluetooth Host Wakeup Methods */ 102 #define BT_HOST_WAKEUP_METHOD_NONE 0x00 103 #define BT_HOST_WAKEUP_METHOD_DTR 0x01 104 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02 105 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03 106 107 /* Bluetooth Chip Wakeup Methods */ 108 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00 109 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01 110 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02 111 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04 112 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05 113 114 struct ps_data { 115 u8 target_ps_mode; /* ps mode to be set */ 116 u8 cur_psmode; /* current ps_mode */ 117 u8 ps_state; /* controller's power save state */ 118 u8 ps_cmd; 119 u8 h2c_wakeupmode; 120 u8 cur_h2c_wakeupmode; 121 u8 c2h_wakeupmode; 122 u8 c2h_wakeup_gpio; 123 u8 h2c_wakeup_gpio; 124 bool driver_sent_cmd; 125 u16 h2c_ps_interval; 126 u16 c2h_ps_interval; 127 struct hci_dev *hdev; 128 struct work_struct work; 129 struct timer_list ps_timer; 130 struct mutex ps_lock; 131 }; 132 133 struct wakeup_cmd_payload { 134 u8 c2h_wakeupmode; 135 u8 c2h_wakeup_gpio; 136 u8 h2c_wakeupmode; 137 u8 h2c_wakeup_gpio; 138 } __packed; 139 140 struct psmode_cmd_payload { 141 u8 ps_cmd; 142 __le16 c2h_ps_interval; 143 } __packed; 144 145 struct btnxpuart_data { 146 const char *helper_fw_name; 147 const char *fw_name; 148 }; 149 150 struct btnxpuart_dev { 151 struct hci_dev *hdev; 152 struct serdev_device *serdev; 153 154 struct work_struct tx_work; 155 unsigned long tx_state; 156 struct sk_buff_head txq; 157 struct sk_buff *rx_skb; 158 159 const struct firmware *fw; 160 u8 fw_name[MAX_FW_FILE_NAME_LEN]; 161 u32 fw_dnld_v1_offset; 162 u32 fw_v1_sent_bytes; 163 u32 fw_dnld_v3_offset; 164 u32 fw_v3_offset_correction; 165 u32 fw_v1_expected_len; 166 u32 boot_reg_offset; 167 wait_queue_head_t fw_dnld_done_wait_q; 168 wait_queue_head_t check_boot_sign_wait_q; 169 170 u32 new_baudrate; 171 u32 current_baudrate; 172 u32 fw_init_baudrate; 173 bool timeout_changed; 174 bool baudrate_changed; 175 bool helper_downloaded; 176 177 struct ps_data psdata; 178 struct btnxpuart_data *nxp_data; 179 }; 180 181 #define NXP_V1_FW_REQ_PKT 0xa5 182 #define NXP_V1_CHIP_VER_PKT 0xaa 183 #define NXP_V3_FW_REQ_PKT 0xa7 184 #define NXP_V3_CHIP_VER_PKT 0xab 185 186 #define NXP_ACK_V1 0x5a 187 #define NXP_NAK_V1 0xbf 188 #define NXP_ACK_V3 0x7a 189 #define NXP_NAK_V3 0x7b 190 #define NXP_CRC_ERROR_V3 0x7c 191 192 /* Bootloader signature error codes */ 193 #define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */ 194 #define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */ 195 #define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */ 196 197 #define HDR_LEN 16 198 199 #define NXP_RECV_CHIP_VER_V1 \ 200 .type = NXP_V1_CHIP_VER_PKT, \ 201 .hlen = 4, \ 202 .loff = 0, \ 203 .lsize = 0, \ 204 .maxlen = 4 205 206 #define NXP_RECV_FW_REQ_V1 \ 207 .type = NXP_V1_FW_REQ_PKT, \ 208 .hlen = 4, \ 209 .loff = 0, \ 210 .lsize = 0, \ 211 .maxlen = 4 212 213 #define NXP_RECV_CHIP_VER_V3 \ 214 .type = NXP_V3_CHIP_VER_PKT, \ 215 .hlen = 4, \ 216 .loff = 0, \ 217 .lsize = 0, \ 218 .maxlen = 4 219 220 #define NXP_RECV_FW_REQ_V3 \ 221 .type = NXP_V3_FW_REQ_PKT, \ 222 .hlen = 9, \ 223 .loff = 0, \ 224 .lsize = 0, \ 225 .maxlen = 9 226 227 struct v1_data_req { 228 __le16 len; 229 __le16 len_comp; 230 } __packed; 231 232 struct v1_start_ind { 233 __le16 chip_id; 234 __le16 chip_id_comp; 235 } __packed; 236 237 struct v3_data_req { 238 __le16 len; 239 __le32 offset; 240 __le16 error; 241 u8 crc; 242 } __packed; 243 244 struct v3_start_ind { 245 __le16 chip_id; 246 u8 loader_ver; 247 u8 crc; 248 } __packed; 249 250 /* UART register addresses of BT chip */ 251 #define CLKDIVADDR 0x7f00008f 252 #define UARTDIVADDR 0x7f000090 253 #define UARTMCRADDR 0x7f000091 254 #define UARTREINITADDR 0x7f000092 255 #define UARTICRADDR 0x7f000093 256 #define UARTFCRADDR 0x7f000094 257 258 #define MCR 0x00000022 259 #define INIT 0x00000001 260 #define ICR 0x000000c7 261 #define FCR 0x000000c7 262 263 #define POLYNOMIAL8 0x07 264 265 struct uart_reg { 266 __le32 address; 267 __le32 value; 268 } __packed; 269 270 struct uart_config { 271 struct uart_reg clkdiv; 272 struct uart_reg uartdiv; 273 struct uart_reg mcr; 274 struct uart_reg re_init; 275 struct uart_reg icr; 276 struct uart_reg fcr; 277 __be32 crc; 278 } __packed; 279 280 struct nxp_bootloader_cmd { 281 __le32 header; 282 __le32 arg; 283 __le32 payload_len; 284 __be32 crc; 285 } __packed; 286 287 struct nxp_v3_rx_timeout_nak { 288 u8 nak; 289 __le32 offset; 290 u8 crc; 291 } __packed; 292 293 union nxp_v3_rx_timeout_nak_u { 294 struct nxp_v3_rx_timeout_nak pkt; 295 u8 buf[6]; 296 }; 297 298 static u8 crc8_table[CRC8_TABLE_SIZE]; 299 300 /* Default configurations */ 301 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK 302 #define DEFAULT_PS_MODE PS_MODE_ENABLE 303 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE 304 305 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode, 306 u32 plen, 307 void *param) 308 { 309 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 310 struct ps_data *psdata = &nxpdev->psdata; 311 struct sk_buff *skb; 312 313 /* set flag to prevent nxp_enqueue from parsing values from this command and 314 * calling hci_cmd_sync_queue() again. 315 */ 316 psdata->driver_sent_cmd = true; 317 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT); 318 psdata->driver_sent_cmd = false; 319 320 return skb; 321 } 322 323 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev) 324 { 325 if (schedule_work(&nxpdev->tx_work)) 326 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 327 } 328 329 /* NXP Power Save Feature */ 330 static void ps_start_timer(struct btnxpuart_dev *nxpdev) 331 { 332 struct ps_data *psdata = &nxpdev->psdata; 333 334 if (!psdata) 335 return; 336 337 if (psdata->cur_psmode == PS_MODE_ENABLE) 338 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval)); 339 340 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS) 341 cancel_work_sync(&psdata->work); 342 } 343 344 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev) 345 { 346 struct ps_data *psdata = &nxpdev->psdata; 347 348 flush_work(&psdata->work); 349 timer_shutdown_sync(&psdata->ps_timer); 350 } 351 352 static void ps_control(struct hci_dev *hdev, u8 ps_state) 353 { 354 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 355 struct ps_data *psdata = &nxpdev->psdata; 356 int status; 357 358 if (psdata->ps_state == ps_state || 359 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state)) 360 return; 361 362 mutex_lock(&psdata->ps_lock); 363 switch (psdata->cur_h2c_wakeupmode) { 364 case WAKEUP_METHOD_DTR: 365 if (ps_state == PS_STATE_AWAKE) 366 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 367 else 368 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 369 break; 370 case WAKEUP_METHOD_BREAK: 371 default: 372 if (ps_state == PS_STATE_AWAKE) 373 status = serdev_device_break_ctl(nxpdev->serdev, 0); 374 else 375 status = serdev_device_break_ctl(nxpdev->serdev, -1); 376 msleep(20); /* Allow chip to detect UART-break and enter sleep */ 377 bt_dev_dbg(hdev, "Set UART break: %s, status=%d", 378 str_on_off(ps_state == PS_STATE_SLEEP), status); 379 break; 380 } 381 if (!status) 382 psdata->ps_state = ps_state; 383 mutex_unlock(&psdata->ps_lock); 384 385 if (ps_state == PS_STATE_AWAKE) 386 btnxpuart_tx_wakeup(nxpdev); 387 } 388 389 static void ps_work_func(struct work_struct *work) 390 { 391 struct ps_data *data = container_of(work, struct ps_data, work); 392 393 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE) 394 ps_control(data->hdev, PS_STATE_SLEEP); 395 else if (data->ps_cmd == PS_CMD_EXIT_PS) 396 ps_control(data->hdev, PS_STATE_AWAKE); 397 } 398 399 static void ps_timeout_func(struct timer_list *t) 400 { 401 struct ps_data *data = from_timer(data, t, ps_timer); 402 struct hci_dev *hdev = data->hdev; 403 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 404 405 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) { 406 ps_start_timer(nxpdev); 407 } else { 408 data->ps_cmd = PS_CMD_ENTER_PS; 409 schedule_work(&data->work); 410 } 411 } 412 413 static void ps_setup(struct hci_dev *hdev) 414 { 415 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 416 struct ps_data *psdata = &nxpdev->psdata; 417 418 psdata->hdev = hdev; 419 INIT_WORK(&psdata->work, ps_work_func); 420 mutex_init(&psdata->ps_lock); 421 timer_setup(&psdata->ps_timer, ps_timeout_func, 0); 422 } 423 424 static bool ps_wakeup(struct btnxpuart_dev *nxpdev) 425 { 426 struct ps_data *psdata = &nxpdev->psdata; 427 u8 ps_state; 428 429 mutex_lock(&psdata->ps_lock); 430 ps_state = psdata->ps_state; 431 mutex_unlock(&psdata->ps_lock); 432 433 if (ps_state != PS_STATE_AWAKE) { 434 psdata->ps_cmd = PS_CMD_EXIT_PS; 435 schedule_work(&psdata->work); 436 return true; 437 } 438 return false; 439 } 440 441 static void ps_cleanup(struct btnxpuart_dev *nxpdev) 442 { 443 struct ps_data *psdata = &nxpdev->psdata; 444 u8 ps_state; 445 446 mutex_lock(&psdata->ps_lock); 447 ps_state = psdata->ps_state; 448 mutex_unlock(&psdata->ps_lock); 449 450 if (ps_state != PS_STATE_AWAKE) 451 ps_control(psdata->hdev, PS_STATE_AWAKE); 452 453 ps_cancel_timer(nxpdev); 454 cancel_work_sync(&psdata->work); 455 mutex_destroy(&psdata->ps_lock); 456 } 457 458 static int send_ps_cmd(struct hci_dev *hdev, void *data) 459 { 460 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 461 struct ps_data *psdata = &nxpdev->psdata; 462 struct psmode_cmd_payload pcmd; 463 struct sk_buff *skb; 464 u8 *status; 465 466 if (psdata->target_ps_mode == PS_MODE_ENABLE) 467 pcmd.ps_cmd = BT_PS_ENABLE; 468 else 469 pcmd.ps_cmd = BT_PS_DISABLE; 470 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval); 471 472 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd); 473 if (IS_ERR(skb)) { 474 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb)); 475 return PTR_ERR(skb); 476 } 477 478 status = skb_pull_data(skb, 1); 479 if (status) { 480 if (!*status) 481 psdata->cur_psmode = psdata->target_ps_mode; 482 else 483 psdata->target_ps_mode = psdata->cur_psmode; 484 if (psdata->cur_psmode == PS_MODE_ENABLE) 485 ps_start_timer(nxpdev); 486 else 487 ps_wakeup(nxpdev); 488 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d", 489 *status, psdata->cur_psmode); 490 } 491 kfree_skb(skb); 492 493 return 0; 494 } 495 496 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data) 497 { 498 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 499 struct ps_data *psdata = &nxpdev->psdata; 500 struct wakeup_cmd_payload pcmd; 501 struct sk_buff *skb; 502 u8 *status; 503 504 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode; 505 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio; 506 switch (psdata->h2c_wakeupmode) { 507 case WAKEUP_METHOD_DTR: 508 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR; 509 break; 510 case WAKEUP_METHOD_BREAK: 511 default: 512 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK; 513 break; 514 } 515 pcmd.h2c_wakeup_gpio = 0xff; 516 517 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd); 518 if (IS_ERR(skb)) { 519 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb)); 520 return PTR_ERR(skb); 521 } 522 523 status = skb_pull_data(skb, 1); 524 if (status) { 525 if (*status == 0) 526 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode; 527 else 528 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode; 529 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d", 530 *status, psdata->cur_h2c_wakeupmode); 531 } 532 kfree_skb(skb); 533 534 return 0; 535 } 536 537 static void ps_init(struct hci_dev *hdev) 538 { 539 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 540 struct ps_data *psdata = &nxpdev->psdata; 541 542 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS); 543 usleep_range(5000, 10000); 544 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0); 545 usleep_range(5000, 10000); 546 547 psdata->ps_state = PS_STATE_AWAKE; 548 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE; 549 psdata->c2h_wakeup_gpio = 0xff; 550 551 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID; 552 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS; 553 switch (DEFAULT_H2C_WAKEUP_MODE) { 554 case WAKEUP_METHOD_DTR: 555 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 556 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 557 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 558 break; 559 case WAKEUP_METHOD_BREAK: 560 default: 561 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 562 serdev_device_break_ctl(nxpdev->serdev, -1); 563 usleep_range(5000, 10000); 564 serdev_device_break_ctl(nxpdev->serdev, 0); 565 usleep_range(5000, 10000); 566 break; 567 } 568 569 psdata->cur_psmode = PS_MODE_DISABLE; 570 psdata->target_ps_mode = DEFAULT_PS_MODE; 571 572 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode) 573 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 574 if (psdata->cur_psmode != psdata->target_ps_mode) 575 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 576 } 577 578 /* NXP Firmware Download Feature */ 579 static int nxp_download_firmware(struct hci_dev *hdev) 580 { 581 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 582 int err = 0; 583 584 nxpdev->fw_dnld_v1_offset = 0; 585 nxpdev->fw_v1_sent_bytes = 0; 586 nxpdev->fw_v1_expected_len = HDR_LEN; 587 nxpdev->boot_reg_offset = 0; 588 nxpdev->fw_dnld_v3_offset = 0; 589 nxpdev->fw_v3_offset_correction = 0; 590 nxpdev->baudrate_changed = false; 591 nxpdev->timeout_changed = false; 592 nxpdev->helper_downloaded = false; 593 594 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 595 serdev_device_set_flow_control(nxpdev->serdev, false); 596 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE; 597 598 /* Wait till FW is downloaded */ 599 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q, 600 !test_bit(BTNXPUART_FW_DOWNLOADING, 601 &nxpdev->tx_state), 602 msecs_to_jiffies(60000)); 603 604 release_firmware(nxpdev->fw); 605 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 606 607 if (err == 0) { 608 bt_dev_err(hdev, "FW Download Timeout. offset: %d", 609 nxpdev->fw_dnld_v1_offset ? 610 nxpdev->fw_dnld_v1_offset : 611 nxpdev->fw_dnld_v3_offset); 612 return -ETIMEDOUT; 613 } 614 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) { 615 bt_dev_err(hdev, "FW Download Aborted"); 616 return -EINTR; 617 } 618 619 serdev_device_set_flow_control(nxpdev->serdev, true); 620 621 /* Allow the downloaded FW to initialize */ 622 msleep(1200); 623 624 return 0; 625 } 626 627 static void nxp_send_ack(u8 ack, struct hci_dev *hdev) 628 { 629 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 630 u8 ack_nak[2]; 631 int len = 1; 632 633 ack_nak[0] = ack; 634 if (ack == NXP_ACK_V3) { 635 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff); 636 len = 2; 637 } 638 serdev_device_write_buf(nxpdev->serdev, ack_nak, len); 639 } 640 641 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len) 642 { 643 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 644 struct nxp_bootloader_cmd nxp_cmd5; 645 struct uart_config uart_config; 646 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset; 647 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset; 648 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset; 649 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset; 650 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset; 651 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset; 652 653 if (req_len == sizeof(nxp_cmd5)) { 654 nxp_cmd5.header = __cpu_to_le32(5); 655 nxp_cmd5.arg = 0; 656 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); 657 /* FW expects swapped CRC bytes */ 658 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5, 659 sizeof(nxp_cmd5) - 4)); 660 661 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5)); 662 nxpdev->fw_v3_offset_correction += req_len; 663 } else if (req_len == sizeof(uart_config)) { 664 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr); 665 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000); 666 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr); 667 uart_config.uartdiv.value = __cpu_to_le32(1); 668 uart_config.mcr.address = __cpu_to_le32(uartmcraddr); 669 uart_config.mcr.value = __cpu_to_le32(MCR); 670 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr); 671 uart_config.re_init.value = __cpu_to_le32(INIT); 672 uart_config.icr.address = __cpu_to_le32(uarticraddr); 673 uart_config.icr.value = __cpu_to_le32(ICR); 674 uart_config.fcr.address = __cpu_to_le32(uartfcraddr); 675 uart_config.fcr.value = __cpu_to_le32(FCR); 676 /* FW expects swapped CRC bytes */ 677 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config, 678 sizeof(uart_config) - 4)); 679 680 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config)); 681 serdev_device_wait_until_sent(nxpdev->serdev, 0); 682 nxpdev->fw_v3_offset_correction += req_len; 683 return true; 684 } 685 return false; 686 } 687 688 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len) 689 { 690 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 691 struct nxp_bootloader_cmd nxp_cmd7; 692 693 if (req_len != sizeof(nxp_cmd7)) 694 return false; 695 696 nxp_cmd7.header = __cpu_to_le32(7); 697 nxp_cmd7.arg = __cpu_to_le32(0x70); 698 nxp_cmd7.payload_len = 0; 699 /* FW expects swapped CRC bytes */ 700 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7, 701 sizeof(nxp_cmd7) - 4)); 702 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7)); 703 serdev_device_wait_until_sent(nxpdev->serdev, 0); 704 nxpdev->fw_v3_offset_correction += req_len; 705 return true; 706 } 707 708 static u32 nxp_get_data_len(const u8 *buf) 709 { 710 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf; 711 712 return __le32_to_cpu(hdr->payload_len); 713 } 714 715 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev) 716 { 717 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 718 } 719 720 static bool process_boot_signature(struct btnxpuart_dev *nxpdev) 721 { 722 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) { 723 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 724 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 725 return false; 726 } 727 return is_fw_downloading(nxpdev); 728 } 729 730 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name) 731 { 732 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 733 int err = 0; 734 735 if (!fw_name) 736 return -ENOENT; 737 738 if (!strlen(nxpdev->fw_name)) { 739 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name); 740 741 bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name); 742 err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 743 if (err < 0) { 744 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name); 745 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 746 } 747 } 748 return err; 749 } 750 751 /* for legacy chipsets with V1 bootloader */ 752 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb) 753 { 754 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 755 struct v1_start_ind *req; 756 __u16 chip_id; 757 758 req = skb_pull_data(skb, sizeof(*req)); 759 if (!req) 760 goto free_skb; 761 762 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp); 763 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) { 764 nxpdev->fw_dnld_v1_offset = 0; 765 nxpdev->fw_v1_sent_bytes = 0; 766 nxpdev->fw_v1_expected_len = HDR_LEN; 767 release_firmware(nxpdev->fw); 768 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 769 nxp_send_ack(NXP_ACK_V1, hdev); 770 } 771 772 free_skb: 773 kfree_skb(skb); 774 return 0; 775 } 776 777 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb) 778 { 779 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 780 struct btnxpuart_data *nxp_data = nxpdev->nxp_data; 781 struct v1_data_req *req; 782 __u16 len; 783 784 if (!process_boot_signature(nxpdev)) 785 goto free_skb; 786 787 req = skb_pull_data(skb, sizeof(*req)); 788 if (!req) 789 goto free_skb; 790 791 len = __le16_to_cpu(req->len ^ req->len_comp); 792 if (len != 0xffff) { 793 bt_dev_dbg(hdev, "ERR: Send NAK"); 794 nxp_send_ack(NXP_NAK_V1, hdev); 795 goto free_skb; 796 } 797 nxp_send_ack(NXP_ACK_V1, hdev); 798 799 len = __le16_to_cpu(req->len); 800 801 if (!nxp_data->helper_fw_name) { 802 if (!nxpdev->timeout_changed) { 803 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, 804 len); 805 goto free_skb; 806 } 807 if (!nxpdev->baudrate_changed) { 808 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, 809 len); 810 if (nxpdev->baudrate_changed) { 811 serdev_device_set_baudrate(nxpdev->serdev, 812 HCI_NXP_SEC_BAUDRATE); 813 serdev_device_set_flow_control(nxpdev->serdev, true); 814 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 815 } 816 goto free_skb; 817 } 818 } 819 820 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) { 821 if (nxp_request_firmware(hdev, nxp_data->fw_name)) 822 goto free_skb; 823 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 824 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name)) 825 goto free_skb; 826 } 827 828 if (!len) { 829 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes", 830 nxpdev->fw->size); 831 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 832 nxpdev->helper_downloaded = true; 833 serdev_device_wait_until_sent(nxpdev->serdev, 0); 834 serdev_device_set_baudrate(nxpdev->serdev, 835 HCI_NXP_SEC_BAUDRATE); 836 serdev_device_set_flow_control(nxpdev->serdev, true); 837 } else { 838 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 839 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 840 } 841 goto free_skb; 842 } 843 if (len & 0x01) { 844 /* The CRC did not match at the other end. 845 * Simply send the same bytes again. 846 */ 847 len = nxpdev->fw_v1_sent_bytes; 848 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len); 849 } else { 850 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes; 851 852 /* The FW bin file is made up of many blocks of 853 * 16 byte header and payload data chunks. If the 854 * FW has requested a header, read the payload length 855 * info from the header, before sending the header. 856 * In the next iteration, the FW should request the 857 * payload data chunk, which should be equal to the 858 * payload length read from header. If there is a 859 * mismatch, clearly the driver and FW are out of sync, 860 * and we need to re-send the previous header again. 861 */ 862 if (len == nxpdev->fw_v1_expected_len) { 863 if (len == HDR_LEN) 864 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data + 865 nxpdev->fw_dnld_v1_offset); 866 else 867 nxpdev->fw_v1_expected_len = HDR_LEN; 868 } else if (len == HDR_LEN) { 869 /* FW download out of sync. Send previous chunk again */ 870 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes; 871 nxpdev->fw_v1_expected_len = HDR_LEN; 872 } 873 } 874 875 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size) 876 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 877 nxpdev->fw_dnld_v1_offset, len); 878 nxpdev->fw_v1_sent_bytes = len; 879 880 free_skb: 881 kfree_skb(skb); 882 return 0; 883 } 884 885 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 886 u8 loader_ver) 887 { 888 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 889 char *fw_name = NULL; 890 891 switch (chipid) { 892 case CHIP_ID_W9098: 893 fw_name = FIRMWARE_W9098; 894 break; 895 case CHIP_ID_IW416: 896 fw_name = FIRMWARE_IW416; 897 break; 898 case CHIP_ID_IW612: 899 fw_name = FIRMWARE_IW612; 900 break; 901 case CHIP_ID_IW624a: 902 case CHIP_ID_IW624c: 903 nxpdev->boot_reg_offset = 1; 904 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 905 fw_name = FIRMWARE_IW624; 906 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 907 fw_name = FIRMWARE_SECURE_IW624; 908 else 909 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 910 break; 911 case CHIP_ID_AW693: 912 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 913 fw_name = FIRMWARE_AW693; 914 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 915 fw_name = FIRMWARE_SECURE_AW693; 916 else 917 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 918 break; 919 default: 920 bt_dev_err(hdev, "Unknown chip signature %04x", chipid); 921 break; 922 } 923 return fw_name; 924 } 925 926 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb) 927 { 928 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req)); 929 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 930 u16 chip_id; 931 u8 loader_ver; 932 933 if (!process_boot_signature(nxpdev)) 934 goto free_skb; 935 936 chip_id = le16_to_cpu(req->chip_id); 937 loader_ver = req->loader_ver; 938 if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev, 939 chip_id, loader_ver))) 940 nxp_send_ack(NXP_ACK_V3, hdev); 941 942 free_skb: 943 kfree_skb(skb); 944 return 0; 945 } 946 947 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req) 948 { 949 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 950 __u32 offset = __le32_to_cpu(req->offset); 951 __u16 err = __le16_to_cpu(req->error); 952 union nxp_v3_rx_timeout_nak_u nak_tx_buf; 953 954 switch (err) { 955 case NXP_ACK_RX_TIMEOUT: 956 case NXP_HDR_RX_TIMEOUT: 957 case NXP_DATA_RX_TIMEOUT: 958 nak_tx_buf.pkt.nak = NXP_NAK_V3; 959 nak_tx_buf.pkt.offset = __cpu_to_le32(offset); 960 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf, 961 sizeof(nak_tx_buf) - 1, 0xff); 962 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf, 963 sizeof(nak_tx_buf)); 964 break; 965 default: 966 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err); 967 break; 968 969 } 970 971 } 972 973 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb) 974 { 975 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 976 struct v3_data_req *req; 977 __u16 len; 978 __u32 offset; 979 980 if (!process_boot_signature(nxpdev)) 981 goto free_skb; 982 983 req = skb_pull_data(skb, sizeof(*req)); 984 if (!req || !nxpdev->fw) 985 goto free_skb; 986 987 if (!req->error) { 988 nxp_send_ack(NXP_ACK_V3, hdev); 989 } else { 990 nxp_handle_fw_download_error(hdev, req); 991 goto free_skb; 992 } 993 994 len = __le16_to_cpu(req->len); 995 996 if (!nxpdev->timeout_changed) { 997 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len); 998 goto free_skb; 999 } 1000 1001 if (!nxpdev->baudrate_changed) { 1002 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len); 1003 if (nxpdev->baudrate_changed) { 1004 serdev_device_set_baudrate(nxpdev->serdev, 1005 HCI_NXP_SEC_BAUDRATE); 1006 serdev_device_set_flow_control(nxpdev->serdev, true); 1007 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 1008 } 1009 goto free_skb; 1010 } 1011 1012 if (req->len == 0) { 1013 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes", 1014 nxpdev->fw->size); 1015 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1016 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1017 goto free_skb; 1018 } 1019 1020 offset = __le32_to_cpu(req->offset); 1021 if (offset < nxpdev->fw_v3_offset_correction) { 1022 /* This scenario should ideally never occur. But if it ever does, 1023 * FW is out of sync and needs a power cycle. 1024 */ 1025 bt_dev_err(hdev, "Something went wrong during FW download"); 1026 bt_dev_err(hdev, "Please power cycle and try again"); 1027 goto free_skb; 1028 } 1029 1030 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction; 1031 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1032 nxpdev->fw_dnld_v3_offset, len); 1033 1034 free_skb: 1035 kfree_skb(skb); 1036 return 0; 1037 } 1038 1039 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data) 1040 { 1041 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1042 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate); 1043 struct ps_data *psdata = &nxpdev->psdata; 1044 struct sk_buff *skb; 1045 u8 *status; 1046 1047 if (!psdata) 1048 return 0; 1049 1050 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate); 1051 if (IS_ERR(skb)) { 1052 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb)); 1053 return PTR_ERR(skb); 1054 } 1055 1056 status = (u8 *)skb_pull_data(skb, 1); 1057 if (status) { 1058 if (*status == 0) { 1059 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate); 1060 nxpdev->current_baudrate = nxpdev->new_baudrate; 1061 } 1062 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d", 1063 *status, nxpdev->new_baudrate); 1064 } 1065 kfree_skb(skb); 1066 1067 return 0; 1068 } 1069 1070 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev) 1071 { 1072 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 1073 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1074 serdev_device_set_flow_control(nxpdev->serdev, false); 1075 else 1076 serdev_device_set_flow_control(nxpdev->serdev, true); 1077 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 1078 1079 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q, 1080 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, 1081 &nxpdev->tx_state), 1082 msecs_to_jiffies(1000)); 1083 } 1084 1085 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data) 1086 { 1087 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR, 1088 0x01, BTNXPUART_IR_HW_ERR }; 1089 struct sk_buff *skb; 1090 1091 skb = bt_skb_alloc(3, GFP_ATOMIC); 1092 if (!skb) 1093 return -ENOMEM; 1094 1095 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1096 skb_put_data(skb, ir_hw_err, 3); 1097 1098 /* Inject Hardware Error to upper stack */ 1099 return hci_recv_frame(hdev, skb); 1100 } 1101 1102 /* NXP protocol */ 1103 static int nxp_setup(struct hci_dev *hdev) 1104 { 1105 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1106 int err = 0; 1107 1108 if (nxp_check_boot_sign(nxpdev)) { 1109 bt_dev_dbg(hdev, "Need FW Download."); 1110 err = nxp_download_firmware(hdev); 1111 if (err < 0) 1112 return err; 1113 } else { 1114 bt_dev_dbg(hdev, "FW already running."); 1115 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1116 } 1117 1118 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate); 1119 nxpdev->current_baudrate = nxpdev->fw_init_baudrate; 1120 1121 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) { 1122 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE; 1123 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1124 } 1125 1126 ps_init(hdev); 1127 1128 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1129 hci_dev_clear_flag(hdev, HCI_SETUP); 1130 1131 return 0; 1132 } 1133 1134 static void nxp_hw_err(struct hci_dev *hdev, u8 code) 1135 { 1136 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1137 1138 switch (code) { 1139 case BTNXPUART_IR_HW_ERR: 1140 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 1141 hci_dev_set_flag(hdev, HCI_SETUP); 1142 break; 1143 default: 1144 break; 1145 } 1146 } 1147 1148 static int nxp_shutdown(struct hci_dev *hdev) 1149 { 1150 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1151 struct sk_buff *skb; 1152 u8 *status; 1153 u8 pcmd = 0; 1154 1155 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) { 1156 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd); 1157 if (IS_ERR(skb)) 1158 return PTR_ERR(skb); 1159 1160 status = skb_pull_data(skb, 1); 1161 if (status) { 1162 serdev_device_set_flow_control(nxpdev->serdev, false); 1163 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1164 } 1165 kfree_skb(skb); 1166 } 1167 1168 return 0; 1169 } 1170 1171 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb) 1172 { 1173 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1174 1175 /* Prepend skb with frame type */ 1176 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1177 skb_queue_tail(&nxpdev->txq, skb); 1178 btnxpuart_tx_wakeup(nxpdev); 1179 return 0; 1180 } 1181 1182 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb) 1183 { 1184 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1185 struct ps_data *psdata = &nxpdev->psdata; 1186 struct hci_command_hdr *hdr; 1187 struct psmode_cmd_payload ps_parm; 1188 struct wakeup_cmd_payload wakeup_parm; 1189 __le32 baudrate_parm; 1190 1191 /* if vendor commands are received from user space (e.g. hcitool), update 1192 * driver flags accordingly and ask driver to re-send the command to FW. 1193 * In case the payload for any command does not match expected payload 1194 * length, let the firmware and user space program handle it, or throw 1195 * an error. 1196 */ 1197 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) { 1198 hdr = (struct hci_command_hdr *)skb->data; 1199 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE)) 1200 return btnxpuart_queue_skb(hdev, skb); 1201 1202 switch (__le16_to_cpu(hdr->opcode)) { 1203 case HCI_NXP_AUTO_SLEEP_MODE: 1204 if (hdr->plen == sizeof(ps_parm)) { 1205 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1206 if (ps_parm.ps_cmd == BT_PS_ENABLE) 1207 psdata->target_ps_mode = PS_MODE_ENABLE; 1208 else if (ps_parm.ps_cmd == BT_PS_DISABLE) 1209 psdata->target_ps_mode = PS_MODE_DISABLE; 1210 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval); 1211 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 1212 goto free_skb; 1213 } 1214 break; 1215 case HCI_NXP_WAKEUP_METHOD: 1216 if (hdr->plen == sizeof(wakeup_parm)) { 1217 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1218 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode; 1219 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio; 1220 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio; 1221 switch (wakeup_parm.h2c_wakeupmode) { 1222 case BT_CTRL_WAKEUP_METHOD_DSR: 1223 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 1224 break; 1225 case BT_CTRL_WAKEUP_METHOD_BREAK: 1226 default: 1227 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 1228 break; 1229 } 1230 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 1231 goto free_skb; 1232 } 1233 break; 1234 case HCI_NXP_SET_OPER_SPEED: 1235 if (hdr->plen == sizeof(baudrate_parm)) { 1236 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1237 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm); 1238 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1239 goto free_skb; 1240 } 1241 break; 1242 case HCI_NXP_IND_RESET: 1243 if (hdr->plen == 1) { 1244 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL); 1245 goto free_skb; 1246 } 1247 break; 1248 default: 1249 break; 1250 } 1251 } 1252 1253 return btnxpuart_queue_skb(hdev, skb); 1254 1255 free_skb: 1256 kfree_skb(skb); 1257 return 0; 1258 } 1259 1260 static struct sk_buff *nxp_dequeue(void *data) 1261 { 1262 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data; 1263 1264 ps_start_timer(nxpdev); 1265 return skb_dequeue(&nxpdev->txq); 1266 } 1267 1268 /* btnxpuart based on serdev */ 1269 static void btnxpuart_tx_work(struct work_struct *work) 1270 { 1271 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev, 1272 tx_work); 1273 struct serdev_device *serdev = nxpdev->serdev; 1274 struct hci_dev *hdev = nxpdev->hdev; 1275 struct sk_buff *skb; 1276 int len; 1277 1278 if (ps_wakeup(nxpdev)) 1279 return; 1280 1281 while ((skb = nxp_dequeue(nxpdev))) { 1282 len = serdev_device_write_buf(serdev, skb->data, skb->len); 1283 hdev->stat.byte_tx += len; 1284 1285 skb_pull(skb, len); 1286 if (skb->len > 0) { 1287 skb_queue_head(&nxpdev->txq, skb); 1288 break; 1289 } 1290 1291 switch (hci_skb_pkt_type(skb)) { 1292 case HCI_COMMAND_PKT: 1293 hdev->stat.cmd_tx++; 1294 break; 1295 case HCI_ACLDATA_PKT: 1296 hdev->stat.acl_tx++; 1297 break; 1298 case HCI_SCODATA_PKT: 1299 hdev->stat.sco_tx++; 1300 break; 1301 } 1302 1303 kfree_skb(skb); 1304 } 1305 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 1306 } 1307 1308 static int btnxpuart_open(struct hci_dev *hdev) 1309 { 1310 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1311 int err = 0; 1312 1313 err = serdev_device_open(nxpdev->serdev); 1314 if (err) { 1315 bt_dev_err(hdev, "Unable to open UART device %s", 1316 dev_name(&nxpdev->serdev->dev)); 1317 } else { 1318 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1319 } 1320 return err; 1321 } 1322 1323 static int btnxpuart_close(struct hci_dev *hdev) 1324 { 1325 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1326 1327 serdev_device_close(nxpdev->serdev); 1328 skb_queue_purge(&nxpdev->txq); 1329 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1330 kfree_skb(nxpdev->rx_skb); 1331 nxpdev->rx_skb = NULL; 1332 } 1333 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1334 return 0; 1335 } 1336 1337 static int btnxpuart_flush(struct hci_dev *hdev) 1338 { 1339 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1340 1341 /* Flush any pending characters */ 1342 serdev_device_write_flush(nxpdev->serdev); 1343 skb_queue_purge(&nxpdev->txq); 1344 1345 cancel_work_sync(&nxpdev->tx_work); 1346 1347 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1348 kfree_skb(nxpdev->rx_skb); 1349 nxpdev->rx_skb = NULL; 1350 } 1351 1352 return 0; 1353 } 1354 1355 static const struct h4_recv_pkt nxp_recv_pkts[] = { 1356 { H4_RECV_ACL, .recv = hci_recv_frame }, 1357 { H4_RECV_SCO, .recv = hci_recv_frame }, 1358 { H4_RECV_EVENT, .recv = hci_recv_frame }, 1359 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 }, 1360 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 }, 1361 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 }, 1362 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 }, 1363 }; 1364 1365 static int btnxpuart_receive_buf(struct serdev_device *serdev, const u8 *data, 1366 size_t count) 1367 { 1368 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1369 1370 ps_start_timer(nxpdev); 1371 1372 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count, 1373 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts)); 1374 if (IS_ERR(nxpdev->rx_skb)) { 1375 int err = PTR_ERR(nxpdev->rx_skb); 1376 /* Safe to ignore out-of-sync bootloader signatures */ 1377 if (!is_fw_downloading(nxpdev)) 1378 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1379 nxpdev->rx_skb = NULL; 1380 return count; 1381 } 1382 if (!is_fw_downloading(nxpdev)) 1383 nxpdev->hdev->stat.byte_rx += count; 1384 return count; 1385 } 1386 1387 static void btnxpuart_write_wakeup(struct serdev_device *serdev) 1388 { 1389 serdev_device_write_wakeup(serdev); 1390 } 1391 1392 static const struct serdev_device_ops btnxpuart_client_ops = { 1393 .receive_buf = btnxpuart_receive_buf, 1394 .write_wakeup = btnxpuart_write_wakeup, 1395 }; 1396 1397 static int nxp_serdev_probe(struct serdev_device *serdev) 1398 { 1399 struct hci_dev *hdev; 1400 struct btnxpuart_dev *nxpdev; 1401 1402 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL); 1403 if (!nxpdev) 1404 return -ENOMEM; 1405 1406 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev); 1407 1408 nxpdev->serdev = serdev; 1409 serdev_device_set_drvdata(serdev, nxpdev); 1410 1411 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops); 1412 1413 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work); 1414 skb_queue_head_init(&nxpdev->txq); 1415 1416 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q); 1417 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q); 1418 1419 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate", 1420 &nxpdev->fw_init_baudrate); 1421 if (!nxpdev->fw_init_baudrate) 1422 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE; 1423 1424 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1425 1426 crc8_populate_msb(crc8_table, POLYNOMIAL8); 1427 1428 /* Initialize and register HCI device */ 1429 hdev = hci_alloc_dev(); 1430 if (!hdev) { 1431 dev_err(&serdev->dev, "Can't allocate HCI device\n"); 1432 return -ENOMEM; 1433 } 1434 1435 nxpdev->hdev = hdev; 1436 1437 hdev->bus = HCI_UART; 1438 hci_set_drvdata(hdev, nxpdev); 1439 1440 hdev->manufacturer = MANUFACTURER_NXP; 1441 hdev->open = btnxpuart_open; 1442 hdev->close = btnxpuart_close; 1443 hdev->flush = btnxpuart_flush; 1444 hdev->setup = nxp_setup; 1445 hdev->send = nxp_enqueue; 1446 hdev->hw_error = nxp_hw_err; 1447 hdev->shutdown = nxp_shutdown; 1448 SET_HCIDEV_DEV(hdev, &serdev->dev); 1449 1450 if (hci_register_dev(hdev) < 0) { 1451 dev_err(&serdev->dev, "Can't register HCI device\n"); 1452 hci_free_dev(hdev); 1453 return -ENODEV; 1454 } 1455 1456 ps_setup(hdev); 1457 1458 return 0; 1459 } 1460 1461 static void nxp_serdev_remove(struct serdev_device *serdev) 1462 { 1463 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1464 struct hci_dev *hdev = nxpdev->hdev; 1465 1466 if (is_fw_downloading(nxpdev)) { 1467 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state); 1468 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1469 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 1470 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1471 } else { 1472 /* Restore FW baudrate to fw_init_baudrate if changed. 1473 * This will ensure FW baudrate is in sync with 1474 * driver baudrate in case this driver is re-inserted. 1475 */ 1476 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) { 1477 nxpdev->new_baudrate = nxpdev->fw_init_baudrate; 1478 nxp_set_baudrate_cmd(hdev, NULL); 1479 } 1480 } 1481 ps_cleanup(nxpdev); 1482 hci_unregister_dev(hdev); 1483 hci_free_dev(hdev); 1484 } 1485 1486 static struct btnxpuart_data w8987_data __maybe_unused = { 1487 .helper_fw_name = NULL, 1488 .fw_name = FIRMWARE_W8987, 1489 }; 1490 1491 static struct btnxpuart_data w8997_data __maybe_unused = { 1492 .helper_fw_name = FIRMWARE_HELPER, 1493 .fw_name = FIRMWARE_W8997, 1494 }; 1495 1496 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = { 1497 { .compatible = "nxp,88w8987-bt", .data = &w8987_data }, 1498 { .compatible = "nxp,88w8997-bt", .data = &w8997_data }, 1499 { } 1500 }; 1501 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table); 1502 1503 static struct serdev_device_driver nxp_serdev_driver = { 1504 .probe = nxp_serdev_probe, 1505 .remove = nxp_serdev_remove, 1506 .driver = { 1507 .name = "btnxpuart", 1508 .of_match_table = of_match_ptr(nxpuart_of_match_table), 1509 }, 1510 }; 1511 1512 module_serdev_device_driver(nxp_serdev_driver); 1513 1514 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>"); 1515 MODULE_DESCRIPTION("NXP Bluetooth Serial driver"); 1516 MODULE_LICENSE("GPL"); 1517