1 /* 2 * 3 * Bluetooth HCI UART driver for Intel devices 4 * 5 * Copyright (C) 2015 Intel Corporation 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/kernel.h> 25 #include <linux/errno.h> 26 #include <linux/skbuff.h> 27 #include <linux/firmware.h> 28 #include <linux/module.h> 29 #include <linux/wait.h> 30 #include <linux/tty.h> 31 #include <linux/platform_device.h> 32 #include <linux/gpio/consumer.h> 33 #include <linux/acpi.h> 34 #include <linux/interrupt.h> 35 #include <linux/pm_runtime.h> 36 37 #include <net/bluetooth/bluetooth.h> 38 #include <net/bluetooth/hci_core.h> 39 40 #include "hci_uart.h" 41 #include "btintel.h" 42 43 #define STATE_BOOTLOADER 0 44 #define STATE_DOWNLOADING 1 45 #define STATE_FIRMWARE_LOADED 2 46 #define STATE_FIRMWARE_FAILED 3 47 #define STATE_BOOTING 4 48 #define STATE_LPM_ENABLED 5 49 #define STATE_TX_ACTIVE 6 50 #define STATE_SUSPENDED 7 51 #define STATE_LPM_TRANSACTION 8 52 53 #define HCI_LPM_WAKE_PKT 0xf0 54 #define HCI_LPM_PKT 0xf1 55 #define HCI_LPM_MAX_SIZE 10 56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE 57 58 #define LPM_OP_TX_NOTIFY 0x00 59 #define LPM_OP_SUSPEND_ACK 0x02 60 #define LPM_OP_RESUME_ACK 0x03 61 62 #define LPM_SUSPEND_DELAY_MS 1000 63 64 struct hci_lpm_pkt { 65 __u8 opcode; 66 __u8 dlen; 67 __u8 data[0]; 68 } __packed; 69 70 struct intel_device { 71 struct list_head list; 72 struct platform_device *pdev; 73 struct gpio_desc *reset; 74 struct hci_uart *hu; 75 struct mutex hu_lock; 76 int irq; 77 }; 78 79 static LIST_HEAD(intel_device_list); 80 static DEFINE_MUTEX(intel_device_list_lock); 81 82 struct intel_data { 83 struct sk_buff *rx_skb; 84 struct sk_buff_head txq; 85 struct work_struct busy_work; 86 struct hci_uart *hu; 87 unsigned long flags; 88 }; 89 90 static u8 intel_convert_speed(unsigned int speed) 91 { 92 switch (speed) { 93 case 9600: 94 return 0x00; 95 case 19200: 96 return 0x01; 97 case 38400: 98 return 0x02; 99 case 57600: 100 return 0x03; 101 case 115200: 102 return 0x04; 103 case 230400: 104 return 0x05; 105 case 460800: 106 return 0x06; 107 case 921600: 108 return 0x07; 109 case 1843200: 110 return 0x08; 111 case 3250000: 112 return 0x09; 113 case 2000000: 114 return 0x0a; 115 case 3000000: 116 return 0x0b; 117 default: 118 return 0xff; 119 } 120 } 121 122 static int intel_wait_booting(struct hci_uart *hu) 123 { 124 struct intel_data *intel = hu->priv; 125 int err; 126 127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING, 128 TASK_INTERRUPTIBLE, 129 msecs_to_jiffies(1000)); 130 131 if (err == -EINTR) { 132 bt_dev_err(hu->hdev, "Device boot interrupted"); 133 return -EINTR; 134 } 135 136 if (err) { 137 bt_dev_err(hu->hdev, "Device boot timeout"); 138 return -ETIMEDOUT; 139 } 140 141 return err; 142 } 143 144 #ifdef CONFIG_PM 145 static int intel_wait_lpm_transaction(struct hci_uart *hu) 146 { 147 struct intel_data *intel = hu->priv; 148 int err; 149 150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION, 151 TASK_INTERRUPTIBLE, 152 msecs_to_jiffies(1000)); 153 154 if (err == -EINTR) { 155 bt_dev_err(hu->hdev, "LPM transaction interrupted"); 156 return -EINTR; 157 } 158 159 if (err) { 160 bt_dev_err(hu->hdev, "LPM transaction timeout"); 161 return -ETIMEDOUT; 162 } 163 164 return err; 165 } 166 167 static int intel_lpm_suspend(struct hci_uart *hu) 168 { 169 static const u8 suspend[] = { 0x01, 0x01, 0x01 }; 170 struct intel_data *intel = hu->priv; 171 struct sk_buff *skb; 172 173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 174 test_bit(STATE_SUSPENDED, &intel->flags)) 175 return 0; 176 177 if (test_bit(STATE_TX_ACTIVE, &intel->flags)) 178 return -EAGAIN; 179 180 bt_dev_dbg(hu->hdev, "Suspending"); 181 182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL); 183 if (!skb) { 184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 185 return -ENOMEM; 186 } 187 188 skb_put_data(skb, suspend, sizeof(suspend)); 189 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 190 191 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 192 193 /* LPM flow is a priority, enqueue packet at list head */ 194 skb_queue_head(&intel->txq, skb); 195 hci_uart_tx_wakeup(hu); 196 197 intel_wait_lpm_transaction(hu); 198 /* Even in case of failure, continue and test the suspended flag */ 199 200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 201 202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) { 203 bt_dev_err(hu->hdev, "Device suspend error"); 204 return -EINVAL; 205 } 206 207 bt_dev_dbg(hu->hdev, "Suspended"); 208 209 hci_uart_set_flow_control(hu, true); 210 211 return 0; 212 } 213 214 static int intel_lpm_resume(struct hci_uart *hu) 215 { 216 struct intel_data *intel = hu->priv; 217 struct sk_buff *skb; 218 219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 220 !test_bit(STATE_SUSPENDED, &intel->flags)) 221 return 0; 222 223 bt_dev_dbg(hu->hdev, "Resuming"); 224 225 hci_uart_set_flow_control(hu, false); 226 227 skb = bt_skb_alloc(0, GFP_KERNEL); 228 if (!skb) { 229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 230 return -ENOMEM; 231 } 232 233 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT; 234 235 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 236 237 /* LPM flow is a priority, enqueue packet at list head */ 238 skb_queue_head(&intel->txq, skb); 239 hci_uart_tx_wakeup(hu); 240 241 intel_wait_lpm_transaction(hu); 242 /* Even in case of failure, continue and test the suspended flag */ 243 244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 245 246 if (test_bit(STATE_SUSPENDED, &intel->flags)) { 247 bt_dev_err(hu->hdev, "Device resume error"); 248 return -EINVAL; 249 } 250 251 bt_dev_dbg(hu->hdev, "Resumed"); 252 253 return 0; 254 } 255 #endif /* CONFIG_PM */ 256 257 static int intel_lpm_host_wake(struct hci_uart *hu) 258 { 259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 }; 260 struct intel_data *intel = hu->priv; 261 struct sk_buff *skb; 262 263 hci_uart_set_flow_control(hu, false); 264 265 clear_bit(STATE_SUSPENDED, &intel->flags); 266 267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL); 268 if (!skb) { 269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 270 return -ENOMEM; 271 } 272 273 skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack)); 274 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 275 276 /* LPM flow is a priority, enqueue packet at list head */ 277 skb_queue_head(&intel->txq, skb); 278 hci_uart_tx_wakeup(hu); 279 280 bt_dev_dbg(hu->hdev, "Resumed by controller"); 281 282 return 0; 283 } 284 285 static irqreturn_t intel_irq(int irq, void *dev_id) 286 { 287 struct intel_device *idev = dev_id; 288 289 dev_info(&idev->pdev->dev, "hci_intel irq\n"); 290 291 mutex_lock(&idev->hu_lock); 292 if (idev->hu) 293 intel_lpm_host_wake(idev->hu); 294 mutex_unlock(&idev->hu_lock); 295 296 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */ 297 pm_runtime_get(&idev->pdev->dev); 298 pm_runtime_mark_last_busy(&idev->pdev->dev); 299 pm_runtime_put_autosuspend(&idev->pdev->dev); 300 301 return IRQ_HANDLED; 302 } 303 304 static int intel_set_power(struct hci_uart *hu, bool powered) 305 { 306 struct list_head *p; 307 int err = -ENODEV; 308 309 if (!hu->tty->dev) 310 return err; 311 312 mutex_lock(&intel_device_list_lock); 313 314 list_for_each(p, &intel_device_list) { 315 struct intel_device *idev = list_entry(p, struct intel_device, 316 list); 317 318 /* tty device and pdev device should share the same parent 319 * which is the UART port. 320 */ 321 if (hu->tty->dev->parent != idev->pdev->dev.parent) 322 continue; 323 324 if (!idev->reset) { 325 err = -ENOTSUPP; 326 break; 327 } 328 329 BT_INFO("hu %p, Switching compatible pm device (%s) to %u", 330 hu, dev_name(&idev->pdev->dev), powered); 331 332 gpiod_set_value(idev->reset, powered); 333 334 /* Provide to idev a hu reference which is used to run LPM 335 * transactions (lpm suspend/resume) from PM callbacks. 336 * hu needs to be protected against concurrent removing during 337 * these PM ops. 338 */ 339 mutex_lock(&idev->hu_lock); 340 idev->hu = powered ? hu : NULL; 341 mutex_unlock(&idev->hu_lock); 342 343 if (idev->irq < 0) 344 break; 345 346 if (powered && device_can_wakeup(&idev->pdev->dev)) { 347 err = devm_request_threaded_irq(&idev->pdev->dev, 348 idev->irq, NULL, 349 intel_irq, 350 IRQF_ONESHOT, 351 "bt-host-wake", idev); 352 if (err) { 353 BT_ERR("hu %p, unable to allocate irq-%d", 354 hu, idev->irq); 355 break; 356 } 357 358 device_wakeup_enable(&idev->pdev->dev); 359 360 pm_runtime_set_active(&idev->pdev->dev); 361 pm_runtime_use_autosuspend(&idev->pdev->dev); 362 pm_runtime_set_autosuspend_delay(&idev->pdev->dev, 363 LPM_SUSPEND_DELAY_MS); 364 pm_runtime_enable(&idev->pdev->dev); 365 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) { 366 devm_free_irq(&idev->pdev->dev, idev->irq, idev); 367 device_wakeup_disable(&idev->pdev->dev); 368 369 pm_runtime_disable(&idev->pdev->dev); 370 } 371 } 372 373 mutex_unlock(&intel_device_list_lock); 374 375 return err; 376 } 377 378 static void intel_busy_work(struct work_struct *work) 379 { 380 struct list_head *p; 381 struct intel_data *intel = container_of(work, struct intel_data, 382 busy_work); 383 384 if (!intel->hu->tty->dev) 385 return; 386 387 /* Link is busy, delay the suspend */ 388 mutex_lock(&intel_device_list_lock); 389 list_for_each(p, &intel_device_list) { 390 struct intel_device *idev = list_entry(p, struct intel_device, 391 list); 392 393 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) { 394 pm_runtime_get(&idev->pdev->dev); 395 pm_runtime_mark_last_busy(&idev->pdev->dev); 396 pm_runtime_put_autosuspend(&idev->pdev->dev); 397 break; 398 } 399 } 400 mutex_unlock(&intel_device_list_lock); 401 } 402 403 static int intel_open(struct hci_uart *hu) 404 { 405 struct intel_data *intel; 406 407 BT_DBG("hu %p", hu); 408 409 intel = kzalloc(sizeof(*intel), GFP_KERNEL); 410 if (!intel) 411 return -ENOMEM; 412 413 skb_queue_head_init(&intel->txq); 414 INIT_WORK(&intel->busy_work, intel_busy_work); 415 416 intel->hu = hu; 417 418 hu->priv = intel; 419 420 if (!intel_set_power(hu, true)) 421 set_bit(STATE_BOOTING, &intel->flags); 422 423 return 0; 424 } 425 426 static int intel_close(struct hci_uart *hu) 427 { 428 struct intel_data *intel = hu->priv; 429 430 BT_DBG("hu %p", hu); 431 432 cancel_work_sync(&intel->busy_work); 433 434 intel_set_power(hu, false); 435 436 skb_queue_purge(&intel->txq); 437 kfree_skb(intel->rx_skb); 438 kfree(intel); 439 440 hu->priv = NULL; 441 return 0; 442 } 443 444 static int intel_flush(struct hci_uart *hu) 445 { 446 struct intel_data *intel = hu->priv; 447 448 BT_DBG("hu %p", hu); 449 450 skb_queue_purge(&intel->txq); 451 452 return 0; 453 } 454 455 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 456 { 457 struct sk_buff *skb; 458 struct hci_event_hdr *hdr; 459 struct hci_ev_cmd_complete *evt; 460 461 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 462 if (!skb) 463 return -ENOMEM; 464 465 hdr = skb_put(skb, sizeof(*hdr)); 466 hdr->evt = HCI_EV_CMD_COMPLETE; 467 hdr->plen = sizeof(*evt) + 1; 468 469 evt = skb_put(skb, sizeof(*evt)); 470 evt->ncmd = 0x01; 471 evt->opcode = cpu_to_le16(opcode); 472 473 skb_put_u8(skb, 0x00); 474 475 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 476 477 return hci_recv_frame(hdev, skb); 478 } 479 480 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed) 481 { 482 struct intel_data *intel = hu->priv; 483 struct hci_dev *hdev = hu->hdev; 484 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 }; 485 struct sk_buff *skb; 486 int err; 487 488 /* This can be the first command sent to the chip, check 489 * that the controller is ready. 490 */ 491 err = intel_wait_booting(hu); 492 493 clear_bit(STATE_BOOTING, &intel->flags); 494 495 /* In case of timeout, try to continue anyway */ 496 if (err && err != -ETIMEDOUT) 497 return err; 498 499 bt_dev_info(hdev, "Change controller speed to %d", speed); 500 501 speed_cmd[3] = intel_convert_speed(speed); 502 if (speed_cmd[3] == 0xff) { 503 bt_dev_err(hdev, "Unsupported speed"); 504 return -EINVAL; 505 } 506 507 /* Device will not accept speed change if Intel version has not been 508 * previously requested. 509 */ 510 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 511 if (IS_ERR(skb)) { 512 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 513 PTR_ERR(skb)); 514 return PTR_ERR(skb); 515 } 516 kfree_skb(skb); 517 518 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL); 519 if (!skb) { 520 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet"); 521 return -ENOMEM; 522 } 523 524 skb_put_data(skb, speed_cmd, sizeof(speed_cmd)); 525 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 526 527 hci_uart_set_flow_control(hu, true); 528 529 skb_queue_tail(&intel->txq, skb); 530 hci_uart_tx_wakeup(hu); 531 532 /* wait 100ms to change baudrate on controller side */ 533 msleep(100); 534 535 hci_uart_set_baudrate(hu, speed); 536 hci_uart_set_flow_control(hu, false); 537 538 return 0; 539 } 540 541 static int intel_setup(struct hci_uart *hu) 542 { 543 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, 544 0x00, 0x08, 0x04, 0x00 }; 545 struct intel_data *intel = hu->priv; 546 struct hci_dev *hdev = hu->hdev; 547 struct sk_buff *skb; 548 struct intel_version ver; 549 struct intel_boot_params *params; 550 struct list_head *p; 551 const struct firmware *fw; 552 const u8 *fw_ptr; 553 char fwname[64]; 554 u32 frag_len; 555 ktime_t calltime, delta, rettime; 556 unsigned long long duration; 557 unsigned int init_speed, oper_speed; 558 int speed_change = 0; 559 int err; 560 561 bt_dev_dbg(hdev, "start intel_setup"); 562 563 hu->hdev->set_diag = btintel_set_diag; 564 hu->hdev->set_bdaddr = btintel_set_bdaddr; 565 566 calltime = ktime_get(); 567 568 if (hu->init_speed) 569 init_speed = hu->init_speed; 570 else 571 init_speed = hu->proto->init_speed; 572 573 if (hu->oper_speed) 574 oper_speed = hu->oper_speed; 575 else 576 oper_speed = hu->proto->oper_speed; 577 578 if (oper_speed && init_speed && oper_speed != init_speed) 579 speed_change = 1; 580 581 /* Check that the controller is ready */ 582 err = intel_wait_booting(hu); 583 584 clear_bit(STATE_BOOTING, &intel->flags); 585 586 /* In case of timeout, try to continue anyway */ 587 if (err && err != -ETIMEDOUT) 588 return err; 589 590 set_bit(STATE_BOOTLOADER, &intel->flags); 591 592 /* Read the Intel version information to determine if the device 593 * is in bootloader mode or if it already has operational firmware 594 * loaded. 595 */ 596 err = btintel_read_version(hdev, &ver); 597 if (err) 598 return err; 599 600 /* The hardware platform number has a fixed value of 0x37 and 601 * for now only accept this single value. 602 */ 603 if (ver.hw_platform != 0x37) { 604 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 605 ver.hw_platform); 606 return -EINVAL; 607 } 608 609 /* Check for supported iBT hardware variants of this firmware 610 * loading method. 611 * 612 * This check has been put in place to ensure correct forward 613 * compatibility options when newer hardware variants come along. 614 */ 615 switch (ver.hw_variant) { 616 case 0x0b: /* LnP */ 617 case 0x0c: /* WsP */ 618 case 0x12: /* ThP */ 619 break; 620 default: 621 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 622 ver.hw_variant); 623 return -EINVAL; 624 } 625 626 btintel_version_info(hdev, &ver); 627 628 /* The firmware variant determines if the device is in bootloader 629 * mode or is running operational firmware. The value 0x06 identifies 630 * the bootloader and the value 0x23 identifies the operational 631 * firmware. 632 * 633 * When the operational firmware is already present, then only 634 * the check for valid Bluetooth device address is needed. This 635 * determines if the device will be added as configured or 636 * unconfigured controller. 637 * 638 * It is not possible to use the Secure Boot Parameters in this 639 * case since that command is only available in bootloader mode. 640 */ 641 if (ver.fw_variant == 0x23) { 642 clear_bit(STATE_BOOTLOADER, &intel->flags); 643 btintel_check_bdaddr(hdev); 644 return 0; 645 } 646 647 /* If the device is not in bootloader mode, then the only possible 648 * choice is to return an error and abort the device initialization. 649 */ 650 if (ver.fw_variant != 0x06) { 651 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 652 ver.fw_variant); 653 return -ENODEV; 654 } 655 656 /* Read the secure boot parameters to identify the operating 657 * details of the bootloader. 658 */ 659 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_CMD_TIMEOUT); 660 if (IS_ERR(skb)) { 661 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 662 PTR_ERR(skb)); 663 return PTR_ERR(skb); 664 } 665 666 if (skb->len != sizeof(*params)) { 667 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 668 kfree_skb(skb); 669 return -EILSEQ; 670 } 671 672 params = (struct intel_boot_params *)skb->data; 673 if (params->status) { 674 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)", 675 params->status); 676 err = -bt_to_errno(params->status); 677 kfree_skb(skb); 678 return err; 679 } 680 681 bt_dev_info(hdev, "Device revision is %u", 682 le16_to_cpu(params->dev_revid)); 683 684 bt_dev_info(hdev, "Secure boot is %s", 685 params->secure_boot ? "enabled" : "disabled"); 686 687 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 688 params->min_fw_build_nn, params->min_fw_build_cw, 689 2000 + params->min_fw_build_yy); 690 691 /* It is required that every single firmware fragment is acknowledged 692 * with a command complete event. If the boot parameters indicate 693 * that this bootloader does not send them, then abort the setup. 694 */ 695 if (params->limited_cce != 0x00) { 696 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 697 params->limited_cce); 698 kfree_skb(skb); 699 return -EINVAL; 700 } 701 702 /* If the OTP has no valid Bluetooth device address, then there will 703 * also be no valid address for the operational firmware. 704 */ 705 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 706 bt_dev_info(hdev, "No device address configured"); 707 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 708 } 709 710 /* With this Intel bootloader only the hardware variant and device 711 * revision information are used to select the right firmware. 712 * 713 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 714 * 715 * Currently the supported hardware variants are: 716 * 11 (0x0b) for iBT 3.0 (LnP/SfP) 717 */ 718 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", 719 le16_to_cpu(ver.hw_variant), 720 le16_to_cpu(params->dev_revid)); 721 722 err = request_firmware(&fw, fwname, &hdev->dev); 723 if (err < 0) { 724 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", 725 err); 726 kfree_skb(skb); 727 return err; 728 } 729 730 bt_dev_info(hdev, "Found device firmware: %s", fwname); 731 732 /* Save the DDC file name for later */ 733 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", 734 le16_to_cpu(ver.hw_variant), 735 le16_to_cpu(params->dev_revid)); 736 737 kfree_skb(skb); 738 739 if (fw->size < 644) { 740 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 741 fw->size); 742 err = -EBADF; 743 goto done; 744 } 745 746 set_bit(STATE_DOWNLOADING, &intel->flags); 747 748 /* Start the firmware download transaction with the Init fragment 749 * represented by the 128 bytes of CSS header. 750 */ 751 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 752 if (err < 0) { 753 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 754 goto done; 755 } 756 757 /* Send the 256 bytes of public key information from the firmware 758 * as the PKey fragment. 759 */ 760 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 761 if (err < 0) { 762 bt_dev_err(hdev, "Failed to send firmware public key (%d)", 763 err); 764 goto done; 765 } 766 767 /* Send the 256 bytes of signature information from the firmware 768 * as the Sign fragment. 769 */ 770 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 771 if (err < 0) { 772 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 773 err); 774 goto done; 775 } 776 777 fw_ptr = fw->data + 644; 778 frag_len = 0; 779 780 while (fw_ptr - fw->data < fw->size) { 781 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 782 783 frag_len += sizeof(*cmd) + cmd->plen; 784 785 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data), 786 fw->size); 787 788 /* The parameter length of the secure send command requires 789 * a 4 byte alignment. It happens so that the firmware file 790 * contains proper Intel_NOP commands to align the fragments 791 * as needed. 792 * 793 * Send set of commands with 4 byte alignment from the 794 * firmware data buffer as a single Data fragement. 795 */ 796 if (frag_len % 4) 797 continue; 798 799 /* Send each command from the firmware data buffer as 800 * a single Data fragment. 801 */ 802 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 803 if (err < 0) { 804 bt_dev_err(hdev, "Failed to send firmware data (%d)", 805 err); 806 goto done; 807 } 808 809 fw_ptr += frag_len; 810 frag_len = 0; 811 } 812 813 set_bit(STATE_FIRMWARE_LOADED, &intel->flags); 814 815 bt_dev_info(hdev, "Waiting for firmware download to complete"); 816 817 /* Before switching the device into operational mode and with that 818 * booting the loaded firmware, wait for the bootloader notification 819 * that all fragments have been successfully received. 820 * 821 * When the event processing receives the notification, then the 822 * STATE_DOWNLOADING flag will be cleared. 823 * 824 * The firmware loading should not take longer than 5 seconds 825 * and thus just timeout if that happens and fail the setup 826 * of this device. 827 */ 828 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING, 829 TASK_INTERRUPTIBLE, 830 msecs_to_jiffies(5000)); 831 if (err == -EINTR) { 832 bt_dev_err(hdev, "Firmware loading interrupted"); 833 err = -EINTR; 834 goto done; 835 } 836 837 if (err) { 838 bt_dev_err(hdev, "Firmware loading timeout"); 839 err = -ETIMEDOUT; 840 goto done; 841 } 842 843 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) { 844 bt_dev_err(hdev, "Firmware loading failed"); 845 err = -ENOEXEC; 846 goto done; 847 } 848 849 rettime = ktime_get(); 850 delta = ktime_sub(rettime, calltime); 851 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 852 853 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 854 855 done: 856 release_firmware(fw); 857 858 if (err < 0) 859 return err; 860 861 /* We need to restore the default speed before Intel reset */ 862 if (speed_change) { 863 err = intel_set_baudrate(hu, init_speed); 864 if (err) 865 return err; 866 } 867 868 calltime = ktime_get(); 869 870 set_bit(STATE_BOOTING, &intel->flags); 871 872 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, 873 HCI_CMD_TIMEOUT); 874 if (IS_ERR(skb)) 875 return PTR_ERR(skb); 876 877 kfree_skb(skb); 878 879 /* The bootloader will not indicate when the device is ready. This 880 * is done by the operational firmware sending bootup notification. 881 * 882 * Booting into operational firmware should not take longer than 883 * 1 second. However if that happens, then just fail the setup 884 * since something went wrong. 885 */ 886 bt_dev_info(hdev, "Waiting for device to boot"); 887 888 err = intel_wait_booting(hu); 889 if (err) 890 return err; 891 892 clear_bit(STATE_BOOTING, &intel->flags); 893 894 rettime = ktime_get(); 895 delta = ktime_sub(rettime, calltime); 896 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 897 898 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 899 900 /* Enable LPM if matching pdev with wakeup enabled, set TX active 901 * until further LPM TX notification. 902 */ 903 mutex_lock(&intel_device_list_lock); 904 list_for_each(p, &intel_device_list) { 905 struct intel_device *dev = list_entry(p, struct intel_device, 906 list); 907 if (!hu->tty->dev) 908 break; 909 if (hu->tty->dev->parent == dev->pdev->dev.parent) { 910 if (device_may_wakeup(&dev->pdev->dev)) { 911 set_bit(STATE_LPM_ENABLED, &intel->flags); 912 set_bit(STATE_TX_ACTIVE, &intel->flags); 913 } 914 break; 915 } 916 } 917 mutex_unlock(&intel_device_list_lock); 918 919 /* Ignore errors, device can work without DDC parameters */ 920 btintel_load_ddc_config(hdev, fwname); 921 922 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT); 923 if (IS_ERR(skb)) 924 return PTR_ERR(skb); 925 kfree_skb(skb); 926 927 if (speed_change) { 928 err = intel_set_baudrate(hu, oper_speed); 929 if (err) 930 return err; 931 } 932 933 bt_dev_info(hdev, "Setup complete"); 934 935 clear_bit(STATE_BOOTLOADER, &intel->flags); 936 937 return 0; 938 } 939 940 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 941 { 942 struct hci_uart *hu = hci_get_drvdata(hdev); 943 struct intel_data *intel = hu->priv; 944 struct hci_event_hdr *hdr; 945 946 if (!test_bit(STATE_BOOTLOADER, &intel->flags) && 947 !test_bit(STATE_BOOTING, &intel->flags)) 948 goto recv; 949 950 hdr = (void *)skb->data; 951 952 /* When the firmware loading completes the device sends 953 * out a vendor specific event indicating the result of 954 * the firmware loading. 955 */ 956 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && 957 skb->data[2] == 0x06) { 958 if (skb->data[3] != 0x00) 959 set_bit(STATE_FIRMWARE_FAILED, &intel->flags); 960 961 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) && 962 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) { 963 smp_mb__after_atomic(); 964 wake_up_bit(&intel->flags, STATE_DOWNLOADING); 965 } 966 967 /* When switching to the operational firmware the device 968 * sends a vendor specific event indicating that the bootup 969 * completed. 970 */ 971 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && 972 skb->data[2] == 0x02) { 973 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) { 974 smp_mb__after_atomic(); 975 wake_up_bit(&intel->flags, STATE_BOOTING); 976 } 977 } 978 recv: 979 return hci_recv_frame(hdev, skb); 980 } 981 982 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value) 983 { 984 struct hci_uart *hu = hci_get_drvdata(hdev); 985 struct intel_data *intel = hu->priv; 986 987 bt_dev_dbg(hdev, "TX idle notification (%d)", value); 988 989 if (value) { 990 set_bit(STATE_TX_ACTIVE, &intel->flags); 991 schedule_work(&intel->busy_work); 992 } else { 993 clear_bit(STATE_TX_ACTIVE, &intel->flags); 994 } 995 } 996 997 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb) 998 { 999 struct hci_lpm_pkt *lpm = (void *)skb->data; 1000 struct hci_uart *hu = hci_get_drvdata(hdev); 1001 struct intel_data *intel = hu->priv; 1002 1003 switch (lpm->opcode) { 1004 case LPM_OP_TX_NOTIFY: 1005 if (lpm->dlen < 1) { 1006 bt_dev_err(hu->hdev, "Invalid LPM notification packet"); 1007 break; 1008 } 1009 intel_recv_lpm_notify(hdev, lpm->data[0]); 1010 break; 1011 case LPM_OP_SUSPEND_ACK: 1012 set_bit(STATE_SUSPENDED, &intel->flags); 1013 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1014 smp_mb__after_atomic(); 1015 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1016 } 1017 break; 1018 case LPM_OP_RESUME_ACK: 1019 clear_bit(STATE_SUSPENDED, &intel->flags); 1020 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) { 1021 smp_mb__after_atomic(); 1022 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 1023 } 1024 break; 1025 default: 1026 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode); 1027 break; 1028 } 1029 1030 kfree_skb(skb); 1031 1032 return 0; 1033 } 1034 1035 #define INTEL_RECV_LPM \ 1036 .type = HCI_LPM_PKT, \ 1037 .hlen = HCI_LPM_HDR_SIZE, \ 1038 .loff = 1, \ 1039 .lsize = 1, \ 1040 .maxlen = HCI_LPM_MAX_SIZE 1041 1042 static const struct h4_recv_pkt intel_recv_pkts[] = { 1043 { H4_RECV_ACL, .recv = hci_recv_frame }, 1044 { H4_RECV_SCO, .recv = hci_recv_frame }, 1045 { H4_RECV_EVENT, .recv = intel_recv_event }, 1046 { INTEL_RECV_LPM, .recv = intel_recv_lpm }, 1047 }; 1048 1049 static int intel_recv(struct hci_uart *hu, const void *data, int count) 1050 { 1051 struct intel_data *intel = hu->priv; 1052 1053 if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) 1054 return -EUNATCH; 1055 1056 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count, 1057 intel_recv_pkts, 1058 ARRAY_SIZE(intel_recv_pkts)); 1059 if (IS_ERR(intel->rx_skb)) { 1060 int err = PTR_ERR(intel->rx_skb); 1061 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err); 1062 intel->rx_skb = NULL; 1063 return err; 1064 } 1065 1066 return count; 1067 } 1068 1069 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) 1070 { 1071 struct intel_data *intel = hu->priv; 1072 struct list_head *p; 1073 1074 BT_DBG("hu %p skb %p", hu, skb); 1075 1076 if (!hu->tty->dev) 1077 goto out_enqueue; 1078 1079 /* Be sure our controller is resumed and potential LPM transaction 1080 * completed before enqueuing any packet. 1081 */ 1082 mutex_lock(&intel_device_list_lock); 1083 list_for_each(p, &intel_device_list) { 1084 struct intel_device *idev = list_entry(p, struct intel_device, 1085 list); 1086 1087 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 1088 pm_runtime_get_sync(&idev->pdev->dev); 1089 pm_runtime_mark_last_busy(&idev->pdev->dev); 1090 pm_runtime_put_autosuspend(&idev->pdev->dev); 1091 break; 1092 } 1093 } 1094 mutex_unlock(&intel_device_list_lock); 1095 out_enqueue: 1096 skb_queue_tail(&intel->txq, skb); 1097 1098 return 0; 1099 } 1100 1101 static struct sk_buff *intel_dequeue(struct hci_uart *hu) 1102 { 1103 struct intel_data *intel = hu->priv; 1104 struct sk_buff *skb; 1105 1106 skb = skb_dequeue(&intel->txq); 1107 if (!skb) 1108 return skb; 1109 1110 if (test_bit(STATE_BOOTLOADER, &intel->flags) && 1111 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) { 1112 struct hci_command_hdr *cmd = (void *)skb->data; 1113 __u16 opcode = le16_to_cpu(cmd->opcode); 1114 1115 /* When the 0xfc01 command is issued to boot into 1116 * the operational firmware, it will actually not 1117 * send a command complete event. To keep the flow 1118 * control working inject that event here. 1119 */ 1120 if (opcode == 0xfc01) 1121 inject_cmd_complete(hu->hdev, opcode); 1122 } 1123 1124 /* Prepend skb with frame type */ 1125 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1126 1127 return skb; 1128 } 1129 1130 static const struct hci_uart_proto intel_proto = { 1131 .id = HCI_UART_INTEL, 1132 .name = "Intel", 1133 .manufacturer = 2, 1134 .init_speed = 115200, 1135 .oper_speed = 3000000, 1136 .open = intel_open, 1137 .close = intel_close, 1138 .flush = intel_flush, 1139 .setup = intel_setup, 1140 .set_baudrate = intel_set_baudrate, 1141 .recv = intel_recv, 1142 .enqueue = intel_enqueue, 1143 .dequeue = intel_dequeue, 1144 }; 1145 1146 #ifdef CONFIG_ACPI 1147 static const struct acpi_device_id intel_acpi_match[] = { 1148 { "INT33E1", 0 }, 1149 { }, 1150 }; 1151 MODULE_DEVICE_TABLE(acpi, intel_acpi_match); 1152 #endif 1153 1154 #ifdef CONFIG_PM 1155 static int intel_suspend_device(struct device *dev) 1156 { 1157 struct intel_device *idev = dev_get_drvdata(dev); 1158 1159 mutex_lock(&idev->hu_lock); 1160 if (idev->hu) 1161 intel_lpm_suspend(idev->hu); 1162 mutex_unlock(&idev->hu_lock); 1163 1164 return 0; 1165 } 1166 1167 static int intel_resume_device(struct device *dev) 1168 { 1169 struct intel_device *idev = dev_get_drvdata(dev); 1170 1171 mutex_lock(&idev->hu_lock); 1172 if (idev->hu) 1173 intel_lpm_resume(idev->hu); 1174 mutex_unlock(&idev->hu_lock); 1175 1176 return 0; 1177 } 1178 #endif 1179 1180 #ifdef CONFIG_PM_SLEEP 1181 static int intel_suspend(struct device *dev) 1182 { 1183 struct intel_device *idev = dev_get_drvdata(dev); 1184 1185 if (device_may_wakeup(dev)) 1186 enable_irq_wake(idev->irq); 1187 1188 return intel_suspend_device(dev); 1189 } 1190 1191 static int intel_resume(struct device *dev) 1192 { 1193 struct intel_device *idev = dev_get_drvdata(dev); 1194 1195 if (device_may_wakeup(dev)) 1196 disable_irq_wake(idev->irq); 1197 1198 return intel_resume_device(dev); 1199 } 1200 #endif 1201 1202 static const struct dev_pm_ops intel_pm_ops = { 1203 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume) 1204 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL) 1205 }; 1206 1207 static const struct acpi_gpio_params reset_gpios = { 0, 0, false }; 1208 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false }; 1209 1210 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = { 1211 { "reset-gpios", &reset_gpios, 1 }, 1212 { "host-wake-gpios", &host_wake_gpios, 1 }, 1213 { }, 1214 }; 1215 1216 static int intel_probe(struct platform_device *pdev) 1217 { 1218 struct intel_device *idev; 1219 int ret; 1220 1221 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL); 1222 if (!idev) 1223 return -ENOMEM; 1224 1225 mutex_init(&idev->hu_lock); 1226 1227 idev->pdev = pdev; 1228 1229 ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios); 1230 if (ret) 1231 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n"); 1232 1233 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW); 1234 if (IS_ERR(idev->reset)) { 1235 dev_err(&pdev->dev, "Unable to retrieve gpio\n"); 1236 return PTR_ERR(idev->reset); 1237 } 1238 1239 idev->irq = platform_get_irq(pdev, 0); 1240 if (idev->irq < 0) { 1241 struct gpio_desc *host_wake; 1242 1243 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n"); 1244 1245 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN); 1246 if (IS_ERR(host_wake)) { 1247 dev_err(&pdev->dev, "Unable to retrieve IRQ\n"); 1248 goto no_irq; 1249 } 1250 1251 idev->irq = gpiod_to_irq(host_wake); 1252 if (idev->irq < 0) { 1253 dev_err(&pdev->dev, "No corresponding irq for gpio\n"); 1254 goto no_irq; 1255 } 1256 } 1257 1258 /* Only enable wake-up/irq when controller is powered */ 1259 device_set_wakeup_capable(&pdev->dev, true); 1260 device_wakeup_disable(&pdev->dev); 1261 1262 no_irq: 1263 platform_set_drvdata(pdev, idev); 1264 1265 /* Place this instance on the device list */ 1266 mutex_lock(&intel_device_list_lock); 1267 list_add_tail(&idev->list, &intel_device_list); 1268 mutex_unlock(&intel_device_list_lock); 1269 1270 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n", 1271 desc_to_gpio(idev->reset), idev->irq); 1272 1273 return 0; 1274 } 1275 1276 static int intel_remove(struct platform_device *pdev) 1277 { 1278 struct intel_device *idev = platform_get_drvdata(pdev); 1279 1280 device_wakeup_disable(&pdev->dev); 1281 1282 mutex_lock(&intel_device_list_lock); 1283 list_del(&idev->list); 1284 mutex_unlock(&intel_device_list_lock); 1285 1286 dev_info(&pdev->dev, "unregistered.\n"); 1287 1288 return 0; 1289 } 1290 1291 static struct platform_driver intel_driver = { 1292 .probe = intel_probe, 1293 .remove = intel_remove, 1294 .driver = { 1295 .name = "hci_intel", 1296 .acpi_match_table = ACPI_PTR(intel_acpi_match), 1297 .pm = &intel_pm_ops, 1298 }, 1299 }; 1300 1301 int __init intel_init(void) 1302 { 1303 platform_driver_register(&intel_driver); 1304 1305 return hci_uart_register_proto(&intel_proto); 1306 } 1307 1308 int __exit intel_deinit(void) 1309 { 1310 platform_driver_unregister(&intel_driver); 1311 1312 return hci_uart_unregister_proto(&intel_proto); 1313 } 1314