xref: /openbmc/linux/drivers/bluetooth/hci_h5.c (revision ccb01374)
1 /*
2  *
3  *  Bluetooth HCI Three-wire UART driver
4  *
5  *  Copyright (C) 2012  Intel Corporation
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/acpi.h>
25 #include <linux/errno.h>
26 #include <linux/gpio/consumer.h>
27 #include <linux/kernel.h>
28 #include <linux/mod_devicetable.h>
29 #include <linux/serdev.h>
30 #include <linux/skbuff.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 
35 #include "btrtl.h"
36 #include "hci_uart.h"
37 
38 #define HCI_3WIRE_ACK_PKT	0
39 #define HCI_3WIRE_LINK_PKT	15
40 
41 /* Sliding window size */
42 #define H5_TX_WIN_MAX		4
43 
44 #define H5_ACK_TIMEOUT	msecs_to_jiffies(250)
45 #define H5_SYNC_TIMEOUT	msecs_to_jiffies(100)
46 
47 /*
48  * Maximum Three-wire packet:
49  *     4 byte header + max value for 12-bit length + 2 bytes for CRC
50  */
51 #define H5_MAX_LEN (4 + 0xfff + 2)
52 
53 /* Convenience macros for reading Three-wire header values */
54 #define H5_HDR_SEQ(hdr)		((hdr)[0] & 0x07)
55 #define H5_HDR_ACK(hdr)		(((hdr)[0] >> 3) & 0x07)
56 #define H5_HDR_CRC(hdr)		(((hdr)[0] >> 6) & 0x01)
57 #define H5_HDR_RELIABLE(hdr)	(((hdr)[0] >> 7) & 0x01)
58 #define H5_HDR_PKT_TYPE(hdr)	((hdr)[1] & 0x0f)
59 #define H5_HDR_LEN(hdr)		((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4))
60 
61 #define SLIP_DELIMITER	0xc0
62 #define SLIP_ESC	0xdb
63 #define SLIP_ESC_DELIM	0xdc
64 #define SLIP_ESC_ESC	0xdd
65 
66 /* H5 state flags */
67 enum {
68 	H5_RX_ESC,	/* SLIP escape mode */
69 	H5_TX_ACK_REQ,	/* Pending ack to send */
70 };
71 
72 struct h5 {
73 	/* Must be the first member, hci_serdev.c expects this. */
74 	struct hci_uart		serdev_hu;
75 
76 	struct sk_buff_head	unack;		/* Unack'ed packets queue */
77 	struct sk_buff_head	rel;		/* Reliable packets queue */
78 	struct sk_buff_head	unrel;		/* Unreliable packets queue */
79 
80 	unsigned long		flags;
81 
82 	struct sk_buff		*rx_skb;	/* Receive buffer */
83 	size_t			rx_pending;	/* Expecting more bytes */
84 	u8			rx_ack;		/* Last ack number received */
85 
86 	int			(*rx_func)(struct hci_uart *hu, u8 c);
87 
88 	struct timer_list	timer;		/* Retransmission timer */
89 	struct hci_uart		*hu;		/* Parent HCI UART */
90 
91 	u8			tx_seq;		/* Next seq number to send */
92 	u8			tx_ack;		/* Next ack number to send */
93 	u8			tx_win;		/* Sliding window size */
94 
95 	enum {
96 		H5_UNINITIALIZED,
97 		H5_INITIALIZED,
98 		H5_ACTIVE,
99 	} state;
100 
101 	enum {
102 		H5_AWAKE,
103 		H5_SLEEPING,
104 		H5_WAKING_UP,
105 	} sleep;
106 
107 	const struct h5_vnd *vnd;
108 	const char *id;
109 
110 	struct gpio_desc *enable_gpio;
111 	struct gpio_desc *device_wake_gpio;
112 };
113 
114 struct h5_vnd {
115 	int (*setup)(struct h5 *h5);
116 	void (*open)(struct h5 *h5);
117 	void (*close)(struct h5 *h5);
118 	int (*suspend)(struct h5 *h5);
119 	int (*resume)(struct h5 *h5);
120 	const struct acpi_gpio_mapping *acpi_gpio_map;
121 };
122 
123 static void h5_reset_rx(struct h5 *h5);
124 
125 static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
126 {
127 	struct h5 *h5 = hu->priv;
128 	struct sk_buff *nskb;
129 
130 	nskb = alloc_skb(3, GFP_ATOMIC);
131 	if (!nskb)
132 		return;
133 
134 	hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT;
135 
136 	skb_put_data(nskb, data, len);
137 
138 	skb_queue_tail(&h5->unrel, nskb);
139 }
140 
141 static u8 h5_cfg_field(struct h5 *h5)
142 {
143 	/* Sliding window size (first 3 bits) */
144 	return h5->tx_win & 0x07;
145 }
146 
147 static void h5_timed_event(struct timer_list *t)
148 {
149 	const unsigned char sync_req[] = { 0x01, 0x7e };
150 	unsigned char conf_req[3] = { 0x03, 0xfc };
151 	struct h5 *h5 = from_timer(h5, t, timer);
152 	struct hci_uart *hu = h5->hu;
153 	struct sk_buff *skb;
154 	unsigned long flags;
155 
156 	BT_DBG("%s", hu->hdev->name);
157 
158 	if (h5->state == H5_UNINITIALIZED)
159 		h5_link_control(hu, sync_req, sizeof(sync_req));
160 
161 	if (h5->state == H5_INITIALIZED) {
162 		conf_req[2] = h5_cfg_field(h5);
163 		h5_link_control(hu, conf_req, sizeof(conf_req));
164 	}
165 
166 	if (h5->state != H5_ACTIVE) {
167 		mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
168 		goto wakeup;
169 	}
170 
171 	if (h5->sleep != H5_AWAKE) {
172 		h5->sleep = H5_SLEEPING;
173 		goto wakeup;
174 	}
175 
176 	BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
177 
178 	spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
179 
180 	while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
181 		h5->tx_seq = (h5->tx_seq - 1) & 0x07;
182 		skb_queue_head(&h5->rel, skb);
183 	}
184 
185 	spin_unlock_irqrestore(&h5->unack.lock, flags);
186 
187 wakeup:
188 	hci_uart_tx_wakeup(hu);
189 }
190 
191 static void h5_peer_reset(struct hci_uart *hu)
192 {
193 	struct h5 *h5 = hu->priv;
194 
195 	BT_ERR("Peer device has reset");
196 
197 	h5->state = H5_UNINITIALIZED;
198 
199 	del_timer(&h5->timer);
200 
201 	skb_queue_purge(&h5->rel);
202 	skb_queue_purge(&h5->unrel);
203 	skb_queue_purge(&h5->unack);
204 
205 	h5->tx_seq = 0;
206 	h5->tx_ack = 0;
207 
208 	/* Send reset request to upper stack */
209 	hci_reset_dev(hu->hdev);
210 }
211 
212 static int h5_open(struct hci_uart *hu)
213 {
214 	struct h5 *h5;
215 	const unsigned char sync[] = { 0x01, 0x7e };
216 
217 	BT_DBG("hu %p", hu);
218 
219 	if (hu->serdev) {
220 		h5 = serdev_device_get_drvdata(hu->serdev);
221 	} else {
222 		h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
223 		if (!h5)
224 			return -ENOMEM;
225 	}
226 
227 	hu->priv = h5;
228 	h5->hu = hu;
229 
230 	skb_queue_head_init(&h5->unack);
231 	skb_queue_head_init(&h5->rel);
232 	skb_queue_head_init(&h5->unrel);
233 
234 	h5_reset_rx(h5);
235 
236 	timer_setup(&h5->timer, h5_timed_event, 0);
237 
238 	h5->tx_win = H5_TX_WIN_MAX;
239 
240 	if (h5->vnd && h5->vnd->open)
241 		h5->vnd->open(h5);
242 
243 	set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
244 
245 	/* Send initial sync request */
246 	h5_link_control(hu, sync, sizeof(sync));
247 	mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
248 
249 	return 0;
250 }
251 
252 static int h5_close(struct hci_uart *hu)
253 {
254 	struct h5 *h5 = hu->priv;
255 
256 	del_timer_sync(&h5->timer);
257 
258 	skb_queue_purge(&h5->unack);
259 	skb_queue_purge(&h5->rel);
260 	skb_queue_purge(&h5->unrel);
261 
262 	if (h5->vnd && h5->vnd->close)
263 		h5->vnd->close(h5);
264 
265 	if (!hu->serdev)
266 		kfree(h5);
267 
268 	return 0;
269 }
270 
271 static int h5_setup(struct hci_uart *hu)
272 {
273 	struct h5 *h5 = hu->priv;
274 
275 	if (h5->vnd && h5->vnd->setup)
276 		return h5->vnd->setup(h5);
277 
278 	return 0;
279 }
280 
281 static void h5_pkt_cull(struct h5 *h5)
282 {
283 	struct sk_buff *skb, *tmp;
284 	unsigned long flags;
285 	int i, to_remove;
286 	u8 seq;
287 
288 	spin_lock_irqsave(&h5->unack.lock, flags);
289 
290 	to_remove = skb_queue_len(&h5->unack);
291 	if (to_remove == 0)
292 		goto unlock;
293 
294 	seq = h5->tx_seq;
295 
296 	while (to_remove > 0) {
297 		if (h5->rx_ack == seq)
298 			break;
299 
300 		to_remove--;
301 		seq = (seq - 1) & 0x07;
302 	}
303 
304 	if (seq != h5->rx_ack)
305 		BT_ERR("Controller acked invalid packet");
306 
307 	i = 0;
308 	skb_queue_walk_safe(&h5->unack, skb, tmp) {
309 		if (i++ >= to_remove)
310 			break;
311 
312 		__skb_unlink(skb, &h5->unack);
313 		kfree_skb(skb);
314 	}
315 
316 	if (skb_queue_empty(&h5->unack))
317 		del_timer(&h5->timer);
318 
319 unlock:
320 	spin_unlock_irqrestore(&h5->unack.lock, flags);
321 }
322 
323 static void h5_handle_internal_rx(struct hci_uart *hu)
324 {
325 	struct h5 *h5 = hu->priv;
326 	const unsigned char sync_req[] = { 0x01, 0x7e };
327 	const unsigned char sync_rsp[] = { 0x02, 0x7d };
328 	unsigned char conf_req[3] = { 0x03, 0xfc };
329 	const unsigned char conf_rsp[] = { 0x04, 0x7b };
330 	const unsigned char wakeup_req[] = { 0x05, 0xfa };
331 	const unsigned char woken_req[] = { 0x06, 0xf9 };
332 	const unsigned char sleep_req[] = { 0x07, 0x78 };
333 	const unsigned char *hdr = h5->rx_skb->data;
334 	const unsigned char *data = &h5->rx_skb->data[4];
335 
336 	BT_DBG("%s", hu->hdev->name);
337 
338 	if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
339 		return;
340 
341 	if (H5_HDR_LEN(hdr) < 2)
342 		return;
343 
344 	conf_req[2] = h5_cfg_field(h5);
345 
346 	if (memcmp(data, sync_req, 2) == 0) {
347 		if (h5->state == H5_ACTIVE)
348 			h5_peer_reset(hu);
349 		h5_link_control(hu, sync_rsp, 2);
350 	} else if (memcmp(data, sync_rsp, 2) == 0) {
351 		if (h5->state == H5_ACTIVE)
352 			h5_peer_reset(hu);
353 		h5->state = H5_INITIALIZED;
354 		h5_link_control(hu, conf_req, 3);
355 	} else if (memcmp(data, conf_req, 2) == 0) {
356 		h5_link_control(hu, conf_rsp, 2);
357 		h5_link_control(hu, conf_req, 3);
358 	} else if (memcmp(data, conf_rsp, 2) == 0) {
359 		if (H5_HDR_LEN(hdr) > 2)
360 			h5->tx_win = (data[2] & 0x07);
361 		BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
362 		h5->state = H5_ACTIVE;
363 		hci_uart_init_ready(hu);
364 		return;
365 	} else if (memcmp(data, sleep_req, 2) == 0) {
366 		BT_DBG("Peer went to sleep");
367 		h5->sleep = H5_SLEEPING;
368 		return;
369 	} else if (memcmp(data, woken_req, 2) == 0) {
370 		BT_DBG("Peer woke up");
371 		h5->sleep = H5_AWAKE;
372 	} else if (memcmp(data, wakeup_req, 2) == 0) {
373 		BT_DBG("Peer requested wakeup");
374 		h5_link_control(hu, woken_req, 2);
375 		h5->sleep = H5_AWAKE;
376 	} else {
377 		BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
378 		return;
379 	}
380 
381 	hci_uart_tx_wakeup(hu);
382 }
383 
384 static void h5_complete_rx_pkt(struct hci_uart *hu)
385 {
386 	struct h5 *h5 = hu->priv;
387 	const unsigned char *hdr = h5->rx_skb->data;
388 
389 	if (H5_HDR_RELIABLE(hdr)) {
390 		h5->tx_ack = (h5->tx_ack + 1) % 8;
391 		set_bit(H5_TX_ACK_REQ, &h5->flags);
392 		hci_uart_tx_wakeup(hu);
393 	}
394 
395 	h5->rx_ack = H5_HDR_ACK(hdr);
396 
397 	h5_pkt_cull(h5);
398 
399 	switch (H5_HDR_PKT_TYPE(hdr)) {
400 	case HCI_EVENT_PKT:
401 	case HCI_ACLDATA_PKT:
402 	case HCI_SCODATA_PKT:
403 		hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr);
404 
405 		/* Remove Three-wire header */
406 		skb_pull(h5->rx_skb, 4);
407 
408 		hci_recv_frame(hu->hdev, h5->rx_skb);
409 		h5->rx_skb = NULL;
410 
411 		break;
412 
413 	default:
414 		h5_handle_internal_rx(hu);
415 		break;
416 	}
417 
418 	h5_reset_rx(h5);
419 }
420 
421 static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
422 {
423 	h5_complete_rx_pkt(hu);
424 
425 	return 0;
426 }
427 
428 static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
429 {
430 	struct h5 *h5 = hu->priv;
431 	const unsigned char *hdr = h5->rx_skb->data;
432 
433 	if (H5_HDR_CRC(hdr)) {
434 		h5->rx_func = h5_rx_crc;
435 		h5->rx_pending = 2;
436 	} else {
437 		h5_complete_rx_pkt(hu);
438 	}
439 
440 	return 0;
441 }
442 
443 static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
444 {
445 	struct h5 *h5 = hu->priv;
446 	const unsigned char *hdr = h5->rx_skb->data;
447 
448 	BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
449 	       hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
450 	       H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
451 	       H5_HDR_LEN(hdr));
452 
453 	if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
454 		BT_ERR("Invalid header checksum");
455 		h5_reset_rx(h5);
456 		return 0;
457 	}
458 
459 	if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
460 		BT_ERR("Out-of-order packet arrived (%u != %u)",
461 		       H5_HDR_SEQ(hdr), h5->tx_ack);
462 		h5_reset_rx(h5);
463 		return 0;
464 	}
465 
466 	if (h5->state != H5_ACTIVE &&
467 	    H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
468 		BT_ERR("Non-link packet received in non-active state");
469 		h5_reset_rx(h5);
470 		return 0;
471 	}
472 
473 	h5->rx_func = h5_rx_payload;
474 	h5->rx_pending = H5_HDR_LEN(hdr);
475 
476 	return 0;
477 }
478 
479 static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
480 {
481 	struct h5 *h5 = hu->priv;
482 
483 	if (c == SLIP_DELIMITER)
484 		return 1;
485 
486 	h5->rx_func = h5_rx_3wire_hdr;
487 	h5->rx_pending = 4;
488 
489 	h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
490 	if (!h5->rx_skb) {
491 		BT_ERR("Can't allocate mem for new packet");
492 		h5_reset_rx(h5);
493 		return -ENOMEM;
494 	}
495 
496 	h5->rx_skb->dev = (void *)hu->hdev;
497 
498 	return 0;
499 }
500 
501 static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
502 {
503 	struct h5 *h5 = hu->priv;
504 
505 	if (c == SLIP_DELIMITER)
506 		h5->rx_func = h5_rx_pkt_start;
507 
508 	return 1;
509 }
510 
511 static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
512 {
513 	const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
514 	const u8 *byte = &c;
515 
516 	if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
517 		set_bit(H5_RX_ESC, &h5->flags);
518 		return;
519 	}
520 
521 	if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
522 		switch (c) {
523 		case SLIP_ESC_DELIM:
524 			byte = &delim;
525 			break;
526 		case SLIP_ESC_ESC:
527 			byte = &esc;
528 			break;
529 		default:
530 			BT_ERR("Invalid esc byte 0x%02hhx", c);
531 			h5_reset_rx(h5);
532 			return;
533 		}
534 	}
535 
536 	skb_put_data(h5->rx_skb, byte, 1);
537 	h5->rx_pending--;
538 
539 	BT_DBG("unsliped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
540 }
541 
542 static void h5_reset_rx(struct h5 *h5)
543 {
544 	if (h5->rx_skb) {
545 		kfree_skb(h5->rx_skb);
546 		h5->rx_skb = NULL;
547 	}
548 
549 	h5->rx_func = h5_rx_delimiter;
550 	h5->rx_pending = 0;
551 	clear_bit(H5_RX_ESC, &h5->flags);
552 }
553 
554 static int h5_recv(struct hci_uart *hu, const void *data, int count)
555 {
556 	struct h5 *h5 = hu->priv;
557 	const unsigned char *ptr = data;
558 
559 	BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
560 	       count);
561 
562 	while (count > 0) {
563 		int processed;
564 
565 		if (h5->rx_pending > 0) {
566 			if (*ptr == SLIP_DELIMITER) {
567 				BT_ERR("Too short H5 packet");
568 				h5_reset_rx(h5);
569 				continue;
570 			}
571 
572 			h5_unslip_one_byte(h5, *ptr);
573 
574 			ptr++; count--;
575 			continue;
576 		}
577 
578 		processed = h5->rx_func(hu, *ptr);
579 		if (processed < 0)
580 			return processed;
581 
582 		ptr += processed;
583 		count -= processed;
584 	}
585 
586 	return 0;
587 }
588 
589 static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
590 {
591 	struct h5 *h5 = hu->priv;
592 
593 	if (skb->len > 0xfff) {
594 		BT_ERR("Packet too long (%u bytes)", skb->len);
595 		kfree_skb(skb);
596 		return 0;
597 	}
598 
599 	if (h5->state != H5_ACTIVE) {
600 		BT_ERR("Ignoring HCI data in non-active state");
601 		kfree_skb(skb);
602 		return 0;
603 	}
604 
605 	switch (hci_skb_pkt_type(skb)) {
606 	case HCI_ACLDATA_PKT:
607 	case HCI_COMMAND_PKT:
608 		skb_queue_tail(&h5->rel, skb);
609 		break;
610 
611 	case HCI_SCODATA_PKT:
612 		skb_queue_tail(&h5->unrel, skb);
613 		break;
614 
615 	default:
616 		BT_ERR("Unknown packet type %u", hci_skb_pkt_type(skb));
617 		kfree_skb(skb);
618 		break;
619 	}
620 
621 	return 0;
622 }
623 
624 static void h5_slip_delim(struct sk_buff *skb)
625 {
626 	const char delim = SLIP_DELIMITER;
627 
628 	skb_put_data(skb, &delim, 1);
629 }
630 
631 static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
632 {
633 	const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
634 	const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
635 
636 	switch (c) {
637 	case SLIP_DELIMITER:
638 		skb_put_data(skb, &esc_delim, 2);
639 		break;
640 	case SLIP_ESC:
641 		skb_put_data(skb, &esc_esc, 2);
642 		break;
643 	default:
644 		skb_put_data(skb, &c, 1);
645 	}
646 }
647 
648 static bool valid_packet_type(u8 type)
649 {
650 	switch (type) {
651 	case HCI_ACLDATA_PKT:
652 	case HCI_COMMAND_PKT:
653 	case HCI_SCODATA_PKT:
654 	case HCI_3WIRE_LINK_PKT:
655 	case HCI_3WIRE_ACK_PKT:
656 		return true;
657 	default:
658 		return false;
659 	}
660 }
661 
662 static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
663 				      const u8 *data, size_t len)
664 {
665 	struct h5 *h5 = hu->priv;
666 	struct sk_buff *nskb;
667 	u8 hdr[4];
668 	int i;
669 
670 	if (!valid_packet_type(pkt_type)) {
671 		BT_ERR("Unknown packet type %u", pkt_type);
672 		return NULL;
673 	}
674 
675 	/*
676 	 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
677 	 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
678 	 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
679 	 * delimiters at start and end).
680 	 */
681 	nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
682 	if (!nskb)
683 		return NULL;
684 
685 	hci_skb_pkt_type(nskb) = pkt_type;
686 
687 	h5_slip_delim(nskb);
688 
689 	hdr[0] = h5->tx_ack << 3;
690 	clear_bit(H5_TX_ACK_REQ, &h5->flags);
691 
692 	/* Reliable packet? */
693 	if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
694 		hdr[0] |= 1 << 7;
695 		hdr[0] |= h5->tx_seq;
696 		h5->tx_seq = (h5->tx_seq + 1) % 8;
697 	}
698 
699 	hdr[1] = pkt_type | ((len & 0x0f) << 4);
700 	hdr[2] = len >> 4;
701 	hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
702 
703 	BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
704 	       hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
705 	       H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
706 	       H5_HDR_LEN(hdr));
707 
708 	for (i = 0; i < 4; i++)
709 		h5_slip_one_byte(nskb, hdr[i]);
710 
711 	for (i = 0; i < len; i++)
712 		h5_slip_one_byte(nskb, data[i]);
713 
714 	h5_slip_delim(nskb);
715 
716 	return nskb;
717 }
718 
719 static struct sk_buff *h5_dequeue(struct hci_uart *hu)
720 {
721 	struct h5 *h5 = hu->priv;
722 	unsigned long flags;
723 	struct sk_buff *skb, *nskb;
724 
725 	if (h5->sleep != H5_AWAKE) {
726 		const unsigned char wakeup_req[] = { 0x05, 0xfa };
727 
728 		if (h5->sleep == H5_WAKING_UP)
729 			return NULL;
730 
731 		h5->sleep = H5_WAKING_UP;
732 		BT_DBG("Sending wakeup request");
733 
734 		mod_timer(&h5->timer, jiffies + HZ / 100);
735 		return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
736 	}
737 
738 	skb = skb_dequeue(&h5->unrel);
739 	if (skb) {
740 		nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
741 				      skb->data, skb->len);
742 		if (nskb) {
743 			kfree_skb(skb);
744 			return nskb;
745 		}
746 
747 		skb_queue_head(&h5->unrel, skb);
748 		BT_ERR("Could not dequeue pkt because alloc_skb failed");
749 	}
750 
751 	spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
752 
753 	if (h5->unack.qlen >= h5->tx_win)
754 		goto unlock;
755 
756 	skb = skb_dequeue(&h5->rel);
757 	if (skb) {
758 		nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
759 				      skb->data, skb->len);
760 		if (nskb) {
761 			__skb_queue_tail(&h5->unack, skb);
762 			mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
763 			spin_unlock_irqrestore(&h5->unack.lock, flags);
764 			return nskb;
765 		}
766 
767 		skb_queue_head(&h5->rel, skb);
768 		BT_ERR("Could not dequeue pkt because alloc_skb failed");
769 	}
770 
771 unlock:
772 	spin_unlock_irqrestore(&h5->unack.lock, flags);
773 
774 	if (test_bit(H5_TX_ACK_REQ, &h5->flags))
775 		return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
776 
777 	return NULL;
778 }
779 
780 static int h5_flush(struct hci_uart *hu)
781 {
782 	BT_DBG("hu %p", hu);
783 	return 0;
784 }
785 
786 static const struct hci_uart_proto h5p = {
787 	.id		= HCI_UART_3WIRE,
788 	.name		= "Three-wire (H5)",
789 	.open		= h5_open,
790 	.close		= h5_close,
791 	.setup		= h5_setup,
792 	.recv		= h5_recv,
793 	.enqueue	= h5_enqueue,
794 	.dequeue	= h5_dequeue,
795 	.flush		= h5_flush,
796 };
797 
798 static int h5_serdev_probe(struct serdev_device *serdev)
799 {
800 	const struct acpi_device_id *match;
801 	struct device *dev = &serdev->dev;
802 	struct h5 *h5;
803 
804 	h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
805 	if (!h5)
806 		return -ENOMEM;
807 
808 	set_bit(HCI_UART_RESET_ON_INIT, &h5->serdev_hu.flags);
809 
810 	h5->hu = &h5->serdev_hu;
811 	h5->serdev_hu.serdev = serdev;
812 	serdev_device_set_drvdata(serdev, h5);
813 
814 	if (has_acpi_companion(dev)) {
815 		match = acpi_match_device(dev->driver->acpi_match_table, dev);
816 		if (!match)
817 			return -ENODEV;
818 
819 		h5->vnd = (const struct h5_vnd *)match->driver_data;
820 		h5->id  = (char *)match->id;
821 
822 		if (h5->vnd->acpi_gpio_map)
823 			devm_acpi_dev_add_driver_gpios(dev,
824 						       h5->vnd->acpi_gpio_map);
825 	}
826 
827 	h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW);
828 	if (IS_ERR(h5->enable_gpio))
829 		return PTR_ERR(h5->enable_gpio);
830 
831 	h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake",
832 						       GPIOD_OUT_LOW);
833 	if (IS_ERR(h5->device_wake_gpio))
834 		return PTR_ERR(h5->device_wake_gpio);
835 
836 	return hci_uart_register_device(&h5->serdev_hu, &h5p);
837 }
838 
839 static void h5_serdev_remove(struct serdev_device *serdev)
840 {
841 	struct h5 *h5 = serdev_device_get_drvdata(serdev);
842 
843 	hci_uart_unregister_device(&h5->serdev_hu);
844 }
845 
846 static int __maybe_unused h5_serdev_suspend(struct device *dev)
847 {
848 	struct h5 *h5 = dev_get_drvdata(dev);
849 	int ret = 0;
850 
851 	if (h5->vnd && h5->vnd->suspend)
852 		ret = h5->vnd->suspend(h5);
853 
854 	return ret;
855 }
856 
857 static int __maybe_unused h5_serdev_resume(struct device *dev)
858 {
859 	struct h5 *h5 = dev_get_drvdata(dev);
860 	int ret = 0;
861 
862 	if (h5->vnd && h5->vnd->resume)
863 		ret = h5->vnd->resume(h5);
864 
865 	return ret;
866 }
867 
868 #ifdef CONFIG_BT_HCIUART_RTL
869 static int h5_btrtl_setup(struct h5 *h5)
870 {
871 	struct btrtl_device_info *btrtl_dev;
872 	struct sk_buff *skb;
873 	__le32 baudrate_data;
874 	u32 device_baudrate;
875 	unsigned int controller_baudrate;
876 	bool flow_control;
877 	int err;
878 
879 	btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id);
880 	if (IS_ERR(btrtl_dev))
881 		return PTR_ERR(btrtl_dev);
882 
883 	err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev,
884 				      &controller_baudrate, &device_baudrate,
885 				      &flow_control);
886 	if (err)
887 		goto out_free;
888 
889 	baudrate_data = cpu_to_le32(device_baudrate);
890 	skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data),
891 			     &baudrate_data, HCI_INIT_TIMEOUT);
892 	if (IS_ERR(skb)) {
893 		rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n");
894 		err = PTR_ERR(skb);
895 		goto out_free;
896 	} else {
897 		kfree_skb(skb);
898 	}
899 	/* Give the device some time to set up the new baudrate. */
900 	usleep_range(10000, 20000);
901 
902 	serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate);
903 	serdev_device_set_flow_control(h5->hu->serdev, flow_control);
904 
905 	err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev);
906 	/* Give the device some time before the hci-core sends it a reset */
907 	usleep_range(10000, 20000);
908 
909 out_free:
910 	btrtl_free(btrtl_dev);
911 
912 	return err;
913 }
914 
915 static void h5_btrtl_open(struct h5 *h5)
916 {
917 	/* Devices always start with these fixed parameters */
918 	serdev_device_set_flow_control(h5->hu->serdev, false);
919 	serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN);
920 	serdev_device_set_baudrate(h5->hu->serdev, 115200);
921 
922 	/* The controller needs up to 500ms to wakeup */
923 	gpiod_set_value_cansleep(h5->enable_gpio, 1);
924 	gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
925 	msleep(500);
926 }
927 
928 static void h5_btrtl_close(struct h5 *h5)
929 {
930 	gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
931 	gpiod_set_value_cansleep(h5->enable_gpio, 0);
932 }
933 
934 /* Suspend/resume support. On many devices the RTL BT device loses power during
935  * suspend/resume, causing it to lose its firmware and all state. So we simply
936  * turn it off on suspend and reprobe on resume.  This mirrors how RTL devices
937  * are handled in the USB driver, where the USB_QUIRK_RESET_RESUME is used which
938  * also causes a reprobe on resume.
939  */
940 static int h5_btrtl_suspend(struct h5 *h5)
941 {
942 	serdev_device_set_flow_control(h5->hu->serdev, false);
943 	gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
944 	gpiod_set_value_cansleep(h5->enable_gpio, 0);
945 	return 0;
946 }
947 
948 struct h5_btrtl_reprobe {
949 	struct device *dev;
950 	struct work_struct work;
951 };
952 
953 static void h5_btrtl_reprobe_worker(struct work_struct *work)
954 {
955 	struct h5_btrtl_reprobe *reprobe =
956 		container_of(work, struct h5_btrtl_reprobe, work);
957 	int ret;
958 
959 	ret = device_reprobe(reprobe->dev);
960 	if (ret && ret != -EPROBE_DEFER)
961 		dev_err(reprobe->dev, "Reprobe error %d\n", ret);
962 
963 	put_device(reprobe->dev);
964 	kfree(reprobe);
965 	module_put(THIS_MODULE);
966 }
967 
968 static int h5_btrtl_resume(struct h5 *h5)
969 {
970 	struct h5_btrtl_reprobe *reprobe;
971 
972 	reprobe = kzalloc(sizeof(*reprobe), GFP_KERNEL);
973 	if (!reprobe)
974 		return -ENOMEM;
975 
976 	__module_get(THIS_MODULE);
977 
978 	INIT_WORK(&reprobe->work, h5_btrtl_reprobe_worker);
979 	reprobe->dev = get_device(&h5->hu->serdev->dev);
980 	queue_work(system_long_wq, &reprobe->work);
981 	return 0;
982 }
983 
984 static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false };
985 static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false };
986 static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false };
987 static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = {
988 	{ "device-wake-gpios", &btrtl_device_wake_gpios, 1 },
989 	{ "enable-gpios", &btrtl_enable_gpios, 1 },
990 	{ "host-wake-gpios", &btrtl_host_wake_gpios, 1 },
991 	{},
992 };
993 
994 static struct h5_vnd rtl_vnd = {
995 	.setup		= h5_btrtl_setup,
996 	.open		= h5_btrtl_open,
997 	.close		= h5_btrtl_close,
998 	.suspend	= h5_btrtl_suspend,
999 	.resume		= h5_btrtl_resume,
1000 	.acpi_gpio_map	= acpi_btrtl_gpios,
1001 };
1002 #endif
1003 
1004 #ifdef CONFIG_ACPI
1005 static const struct acpi_device_id h5_acpi_match[] = {
1006 #ifdef CONFIG_BT_HCIUART_RTL
1007 	{ "OBDA8723", (kernel_ulong_t)&rtl_vnd },
1008 #endif
1009 	{ },
1010 };
1011 MODULE_DEVICE_TABLE(acpi, h5_acpi_match);
1012 #endif
1013 
1014 static const struct dev_pm_ops h5_serdev_pm_ops = {
1015 	SET_SYSTEM_SLEEP_PM_OPS(h5_serdev_suspend, h5_serdev_resume)
1016 };
1017 
1018 static struct serdev_device_driver h5_serdev_driver = {
1019 	.probe = h5_serdev_probe,
1020 	.remove = h5_serdev_remove,
1021 	.driver = {
1022 		.name = "hci_uart_h5",
1023 		.acpi_match_table = ACPI_PTR(h5_acpi_match),
1024 		.pm = &h5_serdev_pm_ops,
1025 	},
1026 };
1027 
1028 int __init h5_init(void)
1029 {
1030 	serdev_device_driver_register(&h5_serdev_driver);
1031 	return hci_uart_register_proto(&h5p);
1032 }
1033 
1034 int __exit h5_deinit(void)
1035 {
1036 	serdev_device_driver_unregister(&h5_serdev_driver);
1037 	return hci_uart_unregister_proto(&h5p);
1038 }
1039