1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NXP Bluetooth driver 4 * Copyright 2023-2025 NXP 5 */ 6 7 #include <linux/module.h> 8 #include <linux/kernel.h> 9 10 #include <linux/serdev.h> 11 #include <linux/of.h> 12 #include <linux/skbuff.h> 13 #include <linux/unaligned.h> 14 #include <linux/firmware.h> 15 #include <linux/string.h> 16 #include <linux/crc8.h> 17 #include <linux/crc32.h> 18 #include <linux/string_helpers.h> 19 #include <linux/gpio/consumer.h> 20 #include <linux/of_irq.h> 21 22 #include <net/bluetooth/bluetooth.h> 23 #include <net/bluetooth/hci_core.h> 24 25 #include "h4_recv.h" 26 27 #define MANUFACTURER_NXP 37 28 29 #define BTNXPUART_TX_STATE_ACTIVE 1 30 #define BTNXPUART_FW_DOWNLOADING 2 31 #define BTNXPUART_CHECK_BOOT_SIGNATURE 3 32 #define BTNXPUART_SERDEV_OPEN 4 33 #define BTNXPUART_IR_IN_PROGRESS 5 34 #define BTNXPUART_FW_DOWNLOAD_ABORT 6 35 #define BTNXPUART_FW_DUMP_IN_PROGRESS 7 36 37 /* NXP HW err codes */ 38 #define BTNXPUART_IR_HW_ERR 0xb0 39 40 #define FIRMWARE_W8987 "uart8987_bt.bin" 41 #define FIRMWARE_W8987_OLD "uartuart8987_bt.bin" 42 #define FIRMWARE_W8997 "uart8997_bt_v4.bin" 43 #define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin" 44 #define FIRMWARE_W9098 "uart9098_bt_v1.bin" 45 #define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin" 46 #define FIRMWARE_IW416 "uartiw416_bt.bin" 47 #define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin" 48 #define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se" 49 #define FIRMWARE_IW610 "uartspi_iw610.bin" 50 #define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se" 51 #define FIRMWARE_IW624 "uartiw624_bt.bin" 52 #define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se" 53 #define FIRMWARE_AW693 "uartaw693_bt.bin" 54 #define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se" 55 #define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin" 56 #define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se" 57 #define FIRMWARE_HELPER "helper_uart_3000000.bin" 58 59 #define CHIP_ID_W9098 0x5c03 60 #define CHIP_ID_IW416 0x7201 61 #define CHIP_ID_IW612 0x7601 62 #define CHIP_ID_IW624a 0x8000 63 #define CHIP_ID_IW624c 0x8001 64 #define CHIP_ID_AW693a0 0x8200 65 #define CHIP_ID_AW693a1 0x8201 66 #define CHIP_ID_IW610a0 0x8800 67 #define CHIP_ID_IW610a1 0x8801 68 69 #define FW_SECURE_MASK 0xc0 70 #define FW_OPEN 0x00 71 #define FW_AUTH_ILLEGAL 0x40 72 #define FW_AUTH_PLAIN 0x80 73 #define FW_AUTH_ENC 0xc0 74 75 #define HCI_NXP_PRI_BAUDRATE 115200 76 #define HCI_NXP_SEC_BAUDRATE 3000000 77 78 #define MAX_FW_FILE_NAME_LEN 50 79 80 /* Default ps timeout period in milliseconds */ 81 #define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000 82 83 /* wakeup methods */ 84 #define WAKEUP_METHOD_DTR 0 85 #define WAKEUP_METHOD_BREAK 1 86 #define WAKEUP_METHOD_EXT_BREAK 2 87 #define WAKEUP_METHOD_RTS 3 88 #define WAKEUP_METHOD_GPIO 4 89 #define WAKEUP_METHOD_INVALID 0xff 90 91 /* power save mode status */ 92 #define PS_MODE_DISABLE 0 93 #define PS_MODE_ENABLE 1 94 95 /* Power Save Commands to ps_work_func */ 96 #define PS_CMD_EXIT_PS 1 97 #define PS_CMD_ENTER_PS 2 98 99 /* power save state */ 100 #define PS_STATE_AWAKE 0 101 #define PS_STATE_SLEEP 1 102 103 /* NXP Vendor Commands. Refer user manual UM11628 on nxp.com */ 104 /* Set custom BD Address */ 105 #define HCI_NXP_SET_BD_ADDR 0xfc22 106 /* Set Auto-Sleep mode */ 107 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23 108 /* Set Wakeup method */ 109 #define HCI_NXP_WAKEUP_METHOD 0xfc53 110 /* Set operational baudrate */ 111 #define HCI_NXP_SET_OPER_SPEED 0xfc09 112 /* Independent Reset (Soft Reset) */ 113 #define HCI_NXP_IND_RESET 0xfcfc 114 /* Bluetooth vendor command: Trigger FW dump */ 115 #define HCI_NXP_TRIGGER_DUMP 0xfe91 116 117 /* Bluetooth Power State : Vendor cmd params */ 118 #define BT_PS_ENABLE 0x02 119 #define BT_PS_DISABLE 0x03 120 121 /* Bluetooth Host Wakeup Methods */ 122 #define BT_HOST_WAKEUP_METHOD_NONE 0x00 123 #define BT_HOST_WAKEUP_METHOD_DTR 0x01 124 #define BT_HOST_WAKEUP_METHOD_BREAK 0x02 125 #define BT_HOST_WAKEUP_METHOD_GPIO 0x03 126 127 /* Bluetooth Chip Wakeup Methods */ 128 #define BT_CTRL_WAKEUP_METHOD_DSR 0x00 129 #define BT_CTRL_WAKEUP_METHOD_BREAK 0x01 130 #define BT_CTRL_WAKEUP_METHOD_GPIO 0x02 131 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04 132 #define BT_CTRL_WAKEUP_METHOD_RTS 0x05 133 134 struct ps_data { 135 u8 target_ps_mode; /* ps mode to be set */ 136 u8 cur_psmode; /* current ps_mode */ 137 u8 ps_state; /* controller's power save state */ 138 u8 ps_cmd; 139 u8 h2c_wakeupmode; 140 u8 cur_h2c_wakeupmode; 141 u8 c2h_wakeupmode; 142 u8 c2h_wakeup_gpio; 143 u8 h2c_wakeup_gpio; 144 bool driver_sent_cmd; 145 u16 h2c_ps_interval; 146 u16 c2h_ps_interval; 147 bool wakeup_source; 148 struct gpio_desc *h2c_ps_gpio; 149 s32 irq_handler; 150 struct hci_dev *hdev; 151 struct work_struct work; 152 struct timer_list ps_timer; 153 struct mutex ps_lock; 154 }; 155 156 struct wakeup_cmd_payload { 157 u8 c2h_wakeupmode; 158 u8 c2h_wakeup_gpio; 159 u8 h2c_wakeupmode; 160 u8 h2c_wakeup_gpio; 161 } __packed; 162 163 struct psmode_cmd_payload { 164 u8 ps_cmd; 165 __le16 c2h_ps_interval; 166 } __packed; 167 168 struct btnxpuart_data { 169 const char *helper_fw_name; 170 const char *fw_name; 171 const char *fw_name_old; 172 }; 173 174 enum bootloader_param_change { 175 not_changed, 176 cmd_sent, 177 changed 178 }; 179 180 struct btnxpuart_dev { 181 struct hci_dev *hdev; 182 struct serdev_device *serdev; 183 184 struct work_struct tx_work; 185 unsigned long tx_state; 186 struct sk_buff_head txq; 187 struct sk_buff *rx_skb; 188 189 const struct firmware *fw; 190 u8 fw_name[MAX_FW_FILE_NAME_LEN]; 191 u32 fw_dnld_v1_offset; 192 u32 fw_v1_sent_bytes; 193 u32 fw_dnld_v3_offset; 194 u32 fw_v3_offset_correction; 195 u32 fw_v3_prev_sent; 196 u32 fw_v1_expected_len; 197 u32 boot_reg_offset; 198 wait_queue_head_t fw_dnld_done_wait_q; 199 wait_queue_head_t check_boot_sign_wait_q; 200 201 u32 new_baudrate; 202 u32 current_baudrate; 203 u32 fw_init_baudrate; 204 enum bootloader_param_change timeout_changed; 205 enum bootloader_param_change baudrate_changed; 206 bool helper_downloaded; 207 208 struct ps_data psdata; 209 struct btnxpuart_data *nxp_data; 210 }; 211 212 #define NXP_V1_FW_REQ_PKT 0xa5 213 #define NXP_V1_CHIP_VER_PKT 0xaa 214 #define NXP_V3_FW_REQ_PKT 0xa7 215 #define NXP_V3_CHIP_VER_PKT 0xab 216 217 #define NXP_ACK_V1 0x5a 218 #define NXP_NAK_V1 0xbf 219 #define NXP_ACK_V3 0x7a 220 #define NXP_NAK_V3 0x7b 221 #define NXP_CRC_ERROR_V3 0x7c 222 223 /* Bootloader signature error codes: Refer AN12820 from nxp.com */ 224 #define NXP_CRC_RX_ERROR BIT(0) /* CRC error in previous packet */ 225 #define NXP_ACK_RX_TIMEOUT BIT(2) /* ACK not received from host */ 226 #define NXP_HDR_RX_TIMEOUT BIT(3) /* FW Header chunk not received */ 227 #define NXP_DATA_RX_TIMEOUT BIT(4) /* FW Data chunk not received */ 228 229 #define HDR_LEN 16 230 231 #define NXP_RECV_CHIP_VER_V1 \ 232 .type = NXP_V1_CHIP_VER_PKT, \ 233 .hlen = 4, \ 234 .loff = 0, \ 235 .lsize = 0, \ 236 .maxlen = 4 237 238 #define NXP_RECV_FW_REQ_V1 \ 239 .type = NXP_V1_FW_REQ_PKT, \ 240 .hlen = 4, \ 241 .loff = 0, \ 242 .lsize = 0, \ 243 .maxlen = 4 244 245 #define NXP_RECV_CHIP_VER_V3 \ 246 .type = NXP_V3_CHIP_VER_PKT, \ 247 .hlen = 4, \ 248 .loff = 0, \ 249 .lsize = 0, \ 250 .maxlen = 4 251 252 #define NXP_RECV_FW_REQ_V3 \ 253 .type = NXP_V3_FW_REQ_PKT, \ 254 .hlen = 9, \ 255 .loff = 0, \ 256 .lsize = 0, \ 257 .maxlen = 9 258 259 struct v1_data_req { 260 __le16 len; 261 __le16 len_comp; 262 } __packed; 263 264 struct v1_start_ind { 265 __le16 chip_id; 266 __le16 chip_id_comp; 267 } __packed; 268 269 struct v3_data_req { 270 __le16 len; 271 __le32 offset; 272 __le16 error; 273 u8 crc; 274 } __packed; 275 276 struct v3_start_ind { 277 __le16 chip_id; 278 u8 loader_ver; 279 u8 crc; 280 } __packed; 281 282 /* UART register addresses of BT chip */ 283 #define CLKDIVADDR 0x7f00008f 284 #define UARTDIVADDR 0x7f000090 285 #define UARTMCRADDR 0x7f000091 286 #define UARTREINITADDR 0x7f000092 287 #define UARTICRADDR 0x7f000093 288 #define UARTFCRADDR 0x7f000094 289 290 #define MCR 0x00000022 291 #define INIT 0x00000001 292 #define ICR 0x000000c7 293 #define FCR 0x000000c7 294 295 #define POLYNOMIAL8 0x07 296 297 struct uart_reg { 298 __le32 address; 299 __le32 value; 300 } __packed; 301 302 struct uart_config { 303 struct uart_reg clkdiv; 304 struct uart_reg uartdiv; 305 struct uart_reg mcr; 306 struct uart_reg re_init; 307 struct uart_reg icr; 308 struct uart_reg fcr; 309 __be32 crc; 310 } __packed; 311 312 struct nxp_bootloader_cmd { 313 __le32 header; 314 __le32 arg; 315 __le32 payload_len; 316 __be32 crc; 317 } __packed; 318 319 struct nxp_v3_rx_timeout_nak { 320 u8 nak; 321 __le32 offset; 322 u8 crc; 323 } __packed; 324 325 union nxp_v3_rx_timeout_nak_u { 326 struct nxp_v3_rx_timeout_nak pkt; 327 u8 buf[6]; 328 }; 329 330 struct nxp_v3_crc_nak { 331 u8 nak; 332 u8 crc; 333 } __packed; 334 335 union nxp_v3_crc_nak_u { 336 struct nxp_v3_crc_nak pkt; 337 u8 buf[2]; 338 }; 339 340 /* FW dump */ 341 #define NXP_FW_DUMP_SIZE (1024 * 1000) 342 343 struct nxp_fw_dump_hdr { 344 __le16 seq_num; 345 __le16 reserved; 346 __le16 buf_type; 347 __le16 buf_len; 348 }; 349 350 union nxp_set_bd_addr_payload { 351 struct { 352 u8 param_id; 353 u8 param_len; 354 u8 param[6]; 355 } __packed data; 356 u8 buf[8]; 357 }; 358 359 static u8 crc8_table[CRC8_TABLE_SIZE]; 360 361 /* Default configurations */ 362 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK 363 #define DEFAULT_PS_MODE PS_MODE_ENABLE 364 #define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE 365 366 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode, 367 u32 plen, 368 void *param) 369 { 370 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 371 struct ps_data *psdata = &nxpdev->psdata; 372 struct sk_buff *skb; 373 374 /* set flag to prevent nxp_enqueue from parsing values from this command and 375 * calling hci_cmd_sync_queue() again. 376 */ 377 psdata->driver_sent_cmd = true; 378 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT); 379 psdata->driver_sent_cmd = false; 380 381 return skb; 382 } 383 384 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev) 385 { 386 if (schedule_work(&nxpdev->tx_work)) 387 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 388 } 389 390 /* NXP Power Save Feature */ 391 static void ps_start_timer(struct btnxpuart_dev *nxpdev) 392 { 393 struct ps_data *psdata = &nxpdev->psdata; 394 395 if (!psdata) 396 return; 397 398 if (psdata->cur_psmode == PS_MODE_ENABLE) 399 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval)); 400 401 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS) 402 cancel_work_sync(&psdata->work); 403 } 404 405 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev) 406 { 407 struct ps_data *psdata = &nxpdev->psdata; 408 409 flush_work(&psdata->work); 410 timer_shutdown_sync(&psdata->ps_timer); 411 } 412 413 static void ps_control(struct hci_dev *hdev, u8 ps_state) 414 { 415 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 416 struct ps_data *psdata = &nxpdev->psdata; 417 int status = 0; 418 419 if (psdata->ps_state == ps_state || 420 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state)) 421 return; 422 423 mutex_lock(&psdata->ps_lock); 424 switch (psdata->cur_h2c_wakeupmode) { 425 case WAKEUP_METHOD_GPIO: 426 if (ps_state == PS_STATE_AWAKE) 427 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0); 428 else 429 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1); 430 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s", 431 str_high_low(ps_state == PS_STATE_SLEEP)); 432 break; 433 case WAKEUP_METHOD_DTR: 434 if (ps_state == PS_STATE_AWAKE) 435 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 436 else 437 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 438 break; 439 case WAKEUP_METHOD_BREAK: 440 default: 441 if (ps_state == PS_STATE_AWAKE) 442 status = serdev_device_break_ctl(nxpdev->serdev, 0); 443 else 444 status = serdev_device_break_ctl(nxpdev->serdev, -1); 445 msleep(20); /* Allow chip to detect UART-break and enter sleep */ 446 bt_dev_dbg(hdev, "Set UART break: %s, status=%d", 447 str_on_off(ps_state == PS_STATE_SLEEP), status); 448 break; 449 } 450 if (!status) 451 psdata->ps_state = ps_state; 452 mutex_unlock(&psdata->ps_lock); 453 454 if (ps_state == PS_STATE_AWAKE) 455 btnxpuart_tx_wakeup(nxpdev); 456 } 457 458 static void ps_work_func(struct work_struct *work) 459 { 460 struct ps_data *data = container_of(work, struct ps_data, work); 461 462 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE) 463 ps_control(data->hdev, PS_STATE_SLEEP); 464 else if (data->ps_cmd == PS_CMD_EXIT_PS) 465 ps_control(data->hdev, PS_STATE_AWAKE); 466 } 467 468 static void ps_timeout_func(struct timer_list *t) 469 { 470 struct ps_data *data = from_timer(data, t, ps_timer); 471 struct hci_dev *hdev = data->hdev; 472 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 473 474 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) { 475 ps_start_timer(nxpdev); 476 } else { 477 data->ps_cmd = PS_CMD_ENTER_PS; 478 schedule_work(&data->work); 479 } 480 } 481 482 static irqreturn_t ps_host_wakeup_irq_handler(int irq, void *priv) 483 { 484 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)priv; 485 486 bt_dev_dbg(nxpdev->hdev, "Host wakeup interrupt"); 487 return IRQ_HANDLED; 488 } 489 static int ps_setup(struct hci_dev *hdev) 490 { 491 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 492 struct serdev_device *serdev = nxpdev->serdev; 493 struct ps_data *psdata = &nxpdev->psdata; 494 int ret; 495 496 /* Out-Of-Band Device Wakeup */ 497 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup", 498 GPIOD_OUT_LOW); 499 if (IS_ERR(psdata->h2c_ps_gpio)) { 500 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld", 501 PTR_ERR(psdata->h2c_ps_gpio)); 502 return PTR_ERR(psdata->h2c_ps_gpio); 503 } 504 505 if (device_property_read_u8(&serdev->dev, "nxp,wakein-pin", &psdata->h2c_wakeup_gpio)) { 506 psdata->h2c_wakeup_gpio = 0xff; /* 0xff: use default pin/gpio */ 507 } else if (!psdata->h2c_ps_gpio) { 508 bt_dev_warn(hdev, "nxp,wakein-pin property without device-wakeup-gpios"); 509 psdata->h2c_wakeup_gpio = 0xff; 510 } 511 512 /* Out-Of-Band Host Wakeup */ 513 if (of_property_read_bool(serdev->dev.of_node, "wakeup-source")) { 514 psdata->irq_handler = of_irq_get_byname(serdev->dev.of_node, "wakeup"); 515 bt_dev_info(nxpdev->hdev, "irq_handler: %d", psdata->irq_handler); 516 if (psdata->irq_handler > 0) 517 psdata->wakeup_source = true; 518 } 519 520 if (device_property_read_u8(&serdev->dev, "nxp,wakeout-pin", &psdata->c2h_wakeup_gpio)) { 521 psdata->c2h_wakeup_gpio = 0xff; 522 if (psdata->wakeup_source) { 523 bt_dev_warn(hdev, "host wakeup interrupt without nxp,wakeout-pin"); 524 psdata->wakeup_source = false; 525 } 526 } else if (!psdata->wakeup_source) { 527 bt_dev_warn(hdev, "nxp,wakeout-pin property without host wakeup interrupt"); 528 psdata->c2h_wakeup_gpio = 0xff; 529 } 530 531 if (psdata->wakeup_source) { 532 ret = devm_request_irq(&serdev->dev, psdata->irq_handler, 533 ps_host_wakeup_irq_handler, 534 IRQF_ONESHOT | IRQF_TRIGGER_FALLING, 535 dev_name(&serdev->dev), nxpdev); 536 if (ret) 537 bt_dev_info(hdev, "error setting wakeup IRQ handler, ignoring\n"); 538 disable_irq(psdata->irq_handler); 539 device_init_wakeup(&serdev->dev, true); 540 } 541 542 psdata->hdev = hdev; 543 INIT_WORK(&psdata->work, ps_work_func); 544 mutex_init(&psdata->ps_lock); 545 timer_setup(&psdata->ps_timer, ps_timeout_func, 0); 546 547 return 0; 548 } 549 550 static bool ps_wakeup(struct btnxpuart_dev *nxpdev) 551 { 552 struct ps_data *psdata = &nxpdev->psdata; 553 u8 ps_state; 554 555 mutex_lock(&psdata->ps_lock); 556 ps_state = psdata->ps_state; 557 mutex_unlock(&psdata->ps_lock); 558 559 if (ps_state != PS_STATE_AWAKE) { 560 psdata->ps_cmd = PS_CMD_EXIT_PS; 561 schedule_work(&psdata->work); 562 return true; 563 } 564 return false; 565 } 566 567 static void ps_cleanup(struct btnxpuart_dev *nxpdev) 568 { 569 struct ps_data *psdata = &nxpdev->psdata; 570 u8 ps_state; 571 572 mutex_lock(&psdata->ps_lock); 573 ps_state = psdata->ps_state; 574 mutex_unlock(&psdata->ps_lock); 575 576 if (ps_state != PS_STATE_AWAKE) 577 ps_control(psdata->hdev, PS_STATE_AWAKE); 578 579 ps_cancel_timer(nxpdev); 580 cancel_work_sync(&psdata->work); 581 mutex_destroy(&psdata->ps_lock); 582 } 583 584 static int send_ps_cmd(struct hci_dev *hdev, void *data) 585 { 586 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 587 struct ps_data *psdata = &nxpdev->psdata; 588 struct psmode_cmd_payload pcmd; 589 struct sk_buff *skb; 590 u8 *status; 591 592 if (psdata->target_ps_mode == PS_MODE_ENABLE) 593 pcmd.ps_cmd = BT_PS_ENABLE; 594 else 595 pcmd.ps_cmd = BT_PS_DISABLE; 596 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval); 597 598 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd); 599 if (IS_ERR(skb)) { 600 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb)); 601 return PTR_ERR(skb); 602 } 603 604 status = skb_pull_data(skb, 1); 605 if (status) { 606 if (!*status) 607 psdata->cur_psmode = psdata->target_ps_mode; 608 else 609 psdata->target_ps_mode = psdata->cur_psmode; 610 if (psdata->cur_psmode == PS_MODE_ENABLE) 611 ps_start_timer(nxpdev); 612 else 613 ps_wakeup(nxpdev); 614 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d", 615 *status, psdata->cur_psmode); 616 } 617 kfree_skb(skb); 618 619 return 0; 620 } 621 622 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data) 623 { 624 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 625 struct ps_data *psdata = &nxpdev->psdata; 626 struct wakeup_cmd_payload pcmd; 627 struct sk_buff *skb; 628 u8 *status; 629 630 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode; 631 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio; 632 pcmd.h2c_wakeup_gpio = 0xff; 633 switch (psdata->h2c_wakeupmode) { 634 case WAKEUP_METHOD_GPIO: 635 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO; 636 pcmd.h2c_wakeup_gpio = psdata->h2c_wakeup_gpio; 637 break; 638 case WAKEUP_METHOD_DTR: 639 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR; 640 break; 641 case WAKEUP_METHOD_BREAK: 642 default: 643 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK; 644 break; 645 } 646 647 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd); 648 if (IS_ERR(skb)) { 649 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb)); 650 return PTR_ERR(skb); 651 } 652 653 status = skb_pull_data(skb, 1); 654 if (status) { 655 if (*status == 0) 656 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode; 657 else 658 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode; 659 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d", 660 *status, psdata->cur_h2c_wakeupmode); 661 } 662 kfree_skb(skb); 663 664 return 0; 665 } 666 667 static void ps_init(struct hci_dev *hdev) 668 { 669 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 670 struct ps_data *psdata = &nxpdev->psdata; 671 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE; 672 673 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS); 674 usleep_range(5000, 10000); 675 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0); 676 usleep_range(5000, 10000); 677 678 psdata->ps_state = PS_STATE_AWAKE; 679 680 if (psdata->c2h_wakeup_gpio != 0xff) 681 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_GPIO; 682 else 683 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE; 684 685 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID; 686 if (psdata->h2c_ps_gpio) 687 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO; 688 689 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS; 690 691 switch (default_h2c_wakeup_mode) { 692 case WAKEUP_METHOD_GPIO: 693 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO; 694 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0); 695 usleep_range(5000, 10000); 696 break; 697 case WAKEUP_METHOD_DTR: 698 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 699 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR); 700 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0); 701 break; 702 case WAKEUP_METHOD_BREAK: 703 default: 704 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 705 serdev_device_break_ctl(nxpdev->serdev, -1); 706 usleep_range(5000, 10000); 707 serdev_device_break_ctl(nxpdev->serdev, 0); 708 usleep_range(5000, 10000); 709 break; 710 } 711 712 psdata->cur_psmode = PS_MODE_DISABLE; 713 psdata->target_ps_mode = DEFAULT_PS_MODE; 714 } 715 716 /* NXP Firmware Download Feature */ 717 static int nxp_download_firmware(struct hci_dev *hdev) 718 { 719 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 720 int err = 0; 721 722 nxpdev->fw_dnld_v1_offset = 0; 723 nxpdev->fw_v1_sent_bytes = 0; 724 nxpdev->fw_v1_expected_len = HDR_LEN; 725 nxpdev->boot_reg_offset = 0; 726 nxpdev->fw_dnld_v3_offset = 0; 727 nxpdev->fw_v3_offset_correction = 0; 728 nxpdev->baudrate_changed = not_changed; 729 nxpdev->timeout_changed = not_changed; 730 nxpdev->helper_downloaded = false; 731 732 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 733 serdev_device_set_flow_control(nxpdev->serdev, false); 734 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE; 735 736 /* Wait till FW is downloaded */ 737 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q, 738 !test_bit(BTNXPUART_FW_DOWNLOADING, 739 &nxpdev->tx_state), 740 msecs_to_jiffies(60000)); 741 742 if (nxpdev->fw && strlen(nxpdev->fw_name)) { 743 release_firmware(nxpdev->fw); 744 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 745 } 746 747 if (err == 0) { 748 bt_dev_err(hdev, "FW Download Timeout. offset: %d", 749 nxpdev->fw_dnld_v1_offset ? 750 nxpdev->fw_dnld_v1_offset : 751 nxpdev->fw_dnld_v3_offset); 752 return -ETIMEDOUT; 753 } 754 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) { 755 bt_dev_err(hdev, "FW Download Aborted"); 756 return -EINTR; 757 } 758 759 serdev_device_set_flow_control(nxpdev->serdev, true); 760 761 /* Allow the downloaded FW to initialize */ 762 msleep(1200); 763 764 return 0; 765 } 766 767 static void nxp_send_ack(u8 ack, struct hci_dev *hdev) 768 { 769 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 770 u8 ack_nak[2]; 771 int len = 1; 772 773 ack_nak[0] = ack; 774 if (ack == NXP_ACK_V3) { 775 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff); 776 len = 2; 777 } 778 serdev_device_write_buf(nxpdev->serdev, ack_nak, len); 779 } 780 781 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len) 782 { 783 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 784 struct nxp_bootloader_cmd nxp_cmd5; 785 struct uart_config uart_config; 786 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset; 787 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset; 788 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset; 789 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset; 790 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset; 791 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset; 792 793 if (req_len == sizeof(nxp_cmd5)) { 794 nxp_cmd5.header = __cpu_to_le32(5); 795 nxp_cmd5.arg = 0; 796 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); 797 /* FW expects swapped CRC bytes */ 798 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5, 799 sizeof(nxp_cmd5) - 4)); 800 801 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5)); 802 nxpdev->fw_v3_offset_correction += req_len; 803 } else if (req_len == sizeof(uart_config)) { 804 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr); 805 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000); 806 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr); 807 uart_config.uartdiv.value = __cpu_to_le32(1); 808 uart_config.mcr.address = __cpu_to_le32(uartmcraddr); 809 uart_config.mcr.value = __cpu_to_le32(MCR); 810 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr); 811 uart_config.re_init.value = __cpu_to_le32(INIT); 812 uart_config.icr.address = __cpu_to_le32(uarticraddr); 813 uart_config.icr.value = __cpu_to_le32(ICR); 814 uart_config.fcr.address = __cpu_to_le32(uartfcraddr); 815 uart_config.fcr.value = __cpu_to_le32(FCR); 816 /* FW expects swapped CRC bytes */ 817 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config, 818 sizeof(uart_config) - 4)); 819 820 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config)); 821 serdev_device_wait_until_sent(nxpdev->serdev, 0); 822 nxpdev->fw_v3_offset_correction += req_len; 823 return true; 824 } 825 return false; 826 } 827 828 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len) 829 { 830 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 831 struct nxp_bootloader_cmd nxp_cmd7; 832 833 if (req_len != sizeof(nxp_cmd7)) 834 return false; 835 836 nxp_cmd7.header = __cpu_to_le32(7); 837 nxp_cmd7.arg = __cpu_to_le32(0x70); 838 nxp_cmd7.payload_len = 0; 839 /* FW expects swapped CRC bytes */ 840 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7, 841 sizeof(nxp_cmd7) - 4)); 842 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7)); 843 serdev_device_wait_until_sent(nxpdev->serdev, 0); 844 nxpdev->fw_v3_offset_correction += req_len; 845 return true; 846 } 847 848 static u32 nxp_get_data_len(const u8 *buf) 849 { 850 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf; 851 852 return __le32_to_cpu(hdr->payload_len); 853 } 854 855 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev) 856 { 857 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 858 } 859 860 static bool ind_reset_in_progress(struct btnxpuart_dev *nxpdev) 861 { 862 return test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 863 } 864 865 static bool fw_dump_in_progress(struct btnxpuart_dev *nxpdev) 866 { 867 return test_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state); 868 } 869 870 static bool process_boot_signature(struct btnxpuart_dev *nxpdev) 871 { 872 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) { 873 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 874 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 875 return false; 876 } 877 return is_fw_downloading(nxpdev); 878 } 879 880 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name, 881 const char *fw_name_old) 882 { 883 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 884 const char *fw_name_dt; 885 int err = 0; 886 887 if (!fw_name) 888 return -ENOENT; 889 890 if (!strlen(nxpdev->fw_name)) { 891 if (strcmp(fw_name, FIRMWARE_HELPER) && 892 !device_property_read_string(&nxpdev->serdev->dev, 893 "firmware-name", 894 &fw_name_dt)) 895 fw_name = fw_name_dt; 896 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name); 897 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 898 if (err < 0 && fw_name_old) { 899 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old); 900 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev); 901 } 902 903 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name); 904 if (err < 0) { 905 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name); 906 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 907 } 908 } 909 return err; 910 } 911 912 /* for legacy chipsets with V1 bootloader */ 913 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb) 914 { 915 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 916 struct v1_start_ind *req; 917 __u16 chip_id; 918 919 req = skb_pull_data(skb, sizeof(*req)); 920 if (!req) 921 goto free_skb; 922 923 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp); 924 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) { 925 nxpdev->fw_dnld_v1_offset = 0; 926 nxpdev->fw_v1_sent_bytes = 0; 927 nxpdev->fw_v1_expected_len = HDR_LEN; 928 release_firmware(nxpdev->fw); 929 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); 930 nxp_send_ack(NXP_ACK_V1, hdev); 931 } 932 933 free_skb: 934 kfree_skb(skb); 935 return 0; 936 } 937 938 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb) 939 { 940 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 941 struct btnxpuart_data *nxp_data = nxpdev->nxp_data; 942 struct v1_data_req *req; 943 __u16 len; 944 945 if (!process_boot_signature(nxpdev)) 946 goto free_skb; 947 948 req = skb_pull_data(skb, sizeof(*req)); 949 if (!req) 950 goto free_skb; 951 952 len = __le16_to_cpu(req->len ^ req->len_comp); 953 if (len != 0xffff) { 954 bt_dev_dbg(hdev, "ERR: Send NAK"); 955 nxp_send_ack(NXP_NAK_V1, hdev); 956 goto free_skb; 957 } 958 nxp_send_ack(NXP_ACK_V1, hdev); 959 960 len = __le16_to_cpu(req->len); 961 962 if (!nxp_data->helper_fw_name) { 963 if (nxpdev->timeout_changed != changed) { 964 nxp_fw_change_timeout(hdev, len); 965 nxpdev->timeout_changed = changed; 966 goto free_skb; 967 } 968 if (nxpdev->baudrate_changed != changed) { 969 if (nxp_fw_change_baudrate(hdev, len)) { 970 nxpdev->baudrate_changed = changed; 971 serdev_device_set_baudrate(nxpdev->serdev, 972 HCI_NXP_SEC_BAUDRATE); 973 serdev_device_set_flow_control(nxpdev->serdev, true); 974 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 975 } 976 goto free_skb; 977 } 978 } 979 980 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) { 981 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old)) 982 goto free_skb; 983 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 984 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL)) 985 goto free_skb; 986 } 987 988 if (!len) { 989 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 990 nxpdev->fw->size); 991 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) { 992 nxpdev->helper_downloaded = true; 993 serdev_device_wait_until_sent(nxpdev->serdev, 0); 994 serdev_device_set_baudrate(nxpdev->serdev, 995 HCI_NXP_SEC_BAUDRATE); 996 serdev_device_set_flow_control(nxpdev->serdev, true); 997 } else { 998 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 999 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1000 } 1001 goto free_skb; 1002 } 1003 if (len & 0x01) { 1004 /* The CRC did not match at the other end. 1005 * Simply send the same bytes again. 1006 */ 1007 len = nxpdev->fw_v1_sent_bytes; 1008 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len); 1009 } else { 1010 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes; 1011 1012 /* The FW bin file is made up of many blocks of 1013 * 16 byte header and payload data chunks. If the 1014 * FW has requested a header, read the payload length 1015 * info from the header, before sending the header. 1016 * In the next iteration, the FW should request the 1017 * payload data chunk, which should be equal to the 1018 * payload length read from header. If there is a 1019 * mismatch, clearly the driver and FW are out of sync, 1020 * and we need to re-send the previous header again. 1021 */ 1022 if (len == nxpdev->fw_v1_expected_len) { 1023 if (len == HDR_LEN) 1024 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data + 1025 nxpdev->fw_dnld_v1_offset); 1026 else 1027 nxpdev->fw_v1_expected_len = HDR_LEN; 1028 } else if (len == HDR_LEN) { 1029 /* FW download out of sync. Send previous chunk again */ 1030 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes; 1031 nxpdev->fw_v1_expected_len = HDR_LEN; 1032 } 1033 } 1034 1035 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size) 1036 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1037 nxpdev->fw_dnld_v1_offset, len); 1038 nxpdev->fw_v1_sent_bytes = len; 1039 1040 free_skb: 1041 kfree_skb(skb); 1042 return 0; 1043 } 1044 1045 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 1046 u8 loader_ver) 1047 { 1048 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1049 char *fw_name = NULL; 1050 1051 switch (chipid) { 1052 case CHIP_ID_W9098: 1053 fw_name = FIRMWARE_W9098; 1054 break; 1055 case CHIP_ID_IW416: 1056 fw_name = FIRMWARE_IW416; 1057 break; 1058 case CHIP_ID_IW612: 1059 fw_name = FIRMWARE_IW612; 1060 break; 1061 case CHIP_ID_IW624a: 1062 case CHIP_ID_IW624c: 1063 nxpdev->boot_reg_offset = 1; 1064 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1065 fw_name = FIRMWARE_IW624; 1066 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1067 fw_name = FIRMWARE_SECURE_IW624; 1068 else 1069 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1070 break; 1071 case CHIP_ID_AW693a0: 1072 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1073 fw_name = FIRMWARE_AW693; 1074 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1075 fw_name = FIRMWARE_SECURE_AW693; 1076 else 1077 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1078 break; 1079 case CHIP_ID_AW693a1: 1080 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1081 fw_name = FIRMWARE_AW693_A1; 1082 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1083 fw_name = FIRMWARE_SECURE_AW693_A1; 1084 else 1085 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1086 break; 1087 case CHIP_ID_IW610a0: 1088 case CHIP_ID_IW610a1: 1089 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN) 1090 fw_name = FIRMWARE_IW610; 1091 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL) 1092 fw_name = FIRMWARE_SECURE_IW610; 1093 else 1094 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver); 1095 break; 1096 default: 1097 bt_dev_err(hdev, "Unknown chip signature %04x", chipid); 1098 break; 1099 } 1100 return fw_name; 1101 } 1102 1103 static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid, 1104 u8 loader_ver) 1105 { 1106 char *fw_name_old = NULL; 1107 1108 switch (chipid) { 1109 case CHIP_ID_W9098: 1110 fw_name_old = FIRMWARE_W9098_OLD; 1111 break; 1112 case CHIP_ID_IW416: 1113 fw_name_old = FIRMWARE_IW416_OLD; 1114 break; 1115 } 1116 return fw_name_old; 1117 } 1118 1119 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb) 1120 { 1121 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req)); 1122 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1123 const char *fw_name; 1124 const char *fw_name_old; 1125 u16 chip_id; 1126 u8 loader_ver; 1127 1128 if (!process_boot_signature(nxpdev)) 1129 goto free_skb; 1130 1131 chip_id = le16_to_cpu(req->chip_id); 1132 loader_ver = req->loader_ver; 1133 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver); 1134 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver); 1135 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver); 1136 if (!nxp_request_firmware(hdev, fw_name, fw_name_old)) 1137 nxp_send_ack(NXP_ACK_V3, hdev); 1138 1139 free_skb: 1140 kfree_skb(skb); 1141 return 0; 1142 } 1143 1144 static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req) 1145 { 1146 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1147 __u32 offset = __le32_to_cpu(req->offset); 1148 __u16 err = __le16_to_cpu(req->error); 1149 union nxp_v3_rx_timeout_nak_u timeout_nak_buf; 1150 union nxp_v3_crc_nak_u crc_nak_buf; 1151 1152 if (err & NXP_CRC_RX_ERROR) { 1153 crc_nak_buf.pkt.nak = NXP_CRC_ERROR_V3; 1154 crc_nak_buf.pkt.crc = crc8(crc8_table, crc_nak_buf.buf, 1155 sizeof(crc_nak_buf) - 1, 0xff); 1156 serdev_device_write_buf(nxpdev->serdev, crc_nak_buf.buf, 1157 sizeof(crc_nak_buf)); 1158 } else if (err & NXP_ACK_RX_TIMEOUT || 1159 err & NXP_HDR_RX_TIMEOUT || 1160 err & NXP_DATA_RX_TIMEOUT) { 1161 timeout_nak_buf.pkt.nak = NXP_NAK_V3; 1162 timeout_nak_buf.pkt.offset = __cpu_to_le32(offset); 1163 timeout_nak_buf.pkt.crc = crc8(crc8_table, timeout_nak_buf.buf, 1164 sizeof(timeout_nak_buf) - 1, 0xff); 1165 serdev_device_write_buf(nxpdev->serdev, timeout_nak_buf.buf, 1166 sizeof(timeout_nak_buf)); 1167 } else { 1168 bt_dev_err(hdev, "Unknown bootloader error code: %d", err); 1169 } 1170 } 1171 1172 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb) 1173 { 1174 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1175 struct v3_data_req *req; 1176 __u16 len = 0; 1177 __u16 err = 0; 1178 __u32 offset; 1179 1180 if (!process_boot_signature(nxpdev)) 1181 goto free_skb; 1182 1183 req = skb_pull_data(skb, sizeof(*req)); 1184 if (!req || !nxpdev->fw) 1185 goto free_skb; 1186 1187 err = __le16_to_cpu(req->error); 1188 1189 if (!err) { 1190 nxp_send_ack(NXP_ACK_V3, hdev); 1191 if (nxpdev->timeout_changed == cmd_sent) 1192 nxpdev->timeout_changed = changed; 1193 if (nxpdev->baudrate_changed == cmd_sent) 1194 nxpdev->baudrate_changed = changed; 1195 } else { 1196 nxp_handle_fw_download_error(hdev, req); 1197 if (nxpdev->timeout_changed == cmd_sent && 1198 err == NXP_CRC_RX_ERROR) { 1199 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent; 1200 nxpdev->timeout_changed = not_changed; 1201 } 1202 if (nxpdev->baudrate_changed == cmd_sent && 1203 err == NXP_CRC_RX_ERROR) { 1204 nxpdev->fw_v3_offset_correction -= nxpdev->fw_v3_prev_sent; 1205 nxpdev->baudrate_changed = not_changed; 1206 } 1207 goto free_skb; 1208 } 1209 1210 len = __le16_to_cpu(req->len); 1211 1212 if (nxpdev->timeout_changed != changed) { 1213 nxp_fw_change_timeout(hdev, len); 1214 nxpdev->timeout_changed = cmd_sent; 1215 goto free_skb; 1216 } 1217 1218 if (nxpdev->baudrate_changed != changed) { 1219 if (nxp_fw_change_baudrate(hdev, len)) { 1220 nxpdev->baudrate_changed = cmd_sent; 1221 serdev_device_set_baudrate(nxpdev->serdev, 1222 HCI_NXP_SEC_BAUDRATE); 1223 serdev_device_set_flow_control(nxpdev->serdev, true); 1224 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE; 1225 } 1226 goto free_skb; 1227 } 1228 1229 if (req->len == 0) { 1230 bt_dev_info(hdev, "FW Download Complete: %zu bytes", 1231 nxpdev->fw->size); 1232 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1233 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1234 goto free_skb; 1235 } 1236 1237 offset = __le32_to_cpu(req->offset); 1238 if (offset < nxpdev->fw_v3_offset_correction) { 1239 /* This scenario should ideally never occur. But if it ever does, 1240 * FW is out of sync and needs a power cycle. 1241 */ 1242 bt_dev_err(hdev, "Something went wrong during FW download"); 1243 bt_dev_err(hdev, "Please power cycle and try again"); 1244 goto free_skb; 1245 } 1246 1247 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction; 1248 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + 1249 nxpdev->fw_dnld_v3_offset, len); 1250 1251 free_skb: 1252 nxpdev->fw_v3_prev_sent = len; 1253 kfree_skb(skb); 1254 return 0; 1255 } 1256 1257 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data) 1258 { 1259 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1260 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate); 1261 struct ps_data *psdata = &nxpdev->psdata; 1262 struct sk_buff *skb; 1263 u8 *status; 1264 1265 if (!psdata) 1266 return 0; 1267 1268 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate); 1269 if (IS_ERR(skb)) { 1270 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb)); 1271 return PTR_ERR(skb); 1272 } 1273 1274 status = (u8 *)skb_pull_data(skb, 1); 1275 if (status) { 1276 if (*status == 0) { 1277 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate); 1278 nxpdev->current_baudrate = nxpdev->new_baudrate; 1279 } 1280 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d", 1281 *status, nxpdev->new_baudrate); 1282 } 1283 kfree_skb(skb); 1284 1285 return 0; 1286 } 1287 1288 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev) 1289 { 1290 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE); 1291 if (ind_reset_in_progress(nxpdev)) 1292 serdev_device_set_flow_control(nxpdev->serdev, false); 1293 else 1294 serdev_device_set_flow_control(nxpdev->serdev, true); 1295 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state); 1296 1297 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q, 1298 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, 1299 &nxpdev->tx_state), 1300 msecs_to_jiffies(1000)); 1301 } 1302 1303 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data) 1304 { 1305 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR, 1306 0x01, BTNXPUART_IR_HW_ERR }; 1307 struct sk_buff *skb; 1308 1309 skb = bt_skb_alloc(3, GFP_ATOMIC); 1310 if (!skb) 1311 return -ENOMEM; 1312 1313 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1314 skb_put_data(skb, ir_hw_err, 3); 1315 1316 /* Inject Hardware Error to upper stack */ 1317 return hci_recv_frame(hdev, skb); 1318 } 1319 1320 /* Firmware dump */ 1321 static void nxp_coredump(struct hci_dev *hdev) 1322 { 1323 struct sk_buff *skb; 1324 u8 pcmd = 2; 1325 1326 skb = nxp_drv_send_cmd(hdev, HCI_NXP_TRIGGER_DUMP, 1, &pcmd); 1327 if (IS_ERR(skb)) 1328 bt_dev_err(hdev, "Failed to trigger FW Dump. (%ld)", PTR_ERR(skb)); 1329 else 1330 kfree_skb(skb); 1331 } 1332 1333 static void nxp_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) 1334 { 1335 /* Nothing to be added in FW dump header */ 1336 } 1337 1338 static int nxp_process_fw_dump(struct hci_dev *hdev, struct sk_buff *skb) 1339 { 1340 struct hci_acl_hdr *acl_hdr = (struct hci_acl_hdr *)skb_pull_data(skb, 1341 sizeof(*acl_hdr)); 1342 struct nxp_fw_dump_hdr *fw_dump_hdr = (struct nxp_fw_dump_hdr *)skb->data; 1343 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1344 __u16 seq_num = __le16_to_cpu(fw_dump_hdr->seq_num); 1345 __u16 buf_len = __le16_to_cpu(fw_dump_hdr->buf_len); 1346 int err; 1347 1348 if (seq_num == 0x0001) { 1349 if (test_and_set_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state)) { 1350 bt_dev_err(hdev, "FW dump already in progress"); 1351 goto free_skb; 1352 } 1353 bt_dev_warn(hdev, "==== Start FW dump ==="); 1354 err = hci_devcd_init(hdev, NXP_FW_DUMP_SIZE); 1355 if (err < 0) 1356 goto free_skb; 1357 1358 schedule_delayed_work(&hdev->dump.dump_timeout, 1359 msecs_to_jiffies(20000)); 1360 } 1361 1362 err = hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC)); 1363 if (err < 0) 1364 goto free_skb; 1365 1366 if (buf_len == 0) { 1367 bt_dev_warn(hdev, "==== FW dump complete ==="); 1368 clear_bit(BTNXPUART_FW_DUMP_IN_PROGRESS, &nxpdev->tx_state); 1369 hci_devcd_complete(hdev); 1370 nxp_set_ind_reset(hdev, NULL); 1371 } 1372 1373 free_skb: 1374 kfree_skb(skb); 1375 return 0; 1376 } 1377 1378 static int nxp_recv_acl_pkt(struct hci_dev *hdev, struct sk_buff *skb) 1379 { 1380 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle); 1381 1382 /* FW dump chunks are ACL packets with conn handle 0xfff */ 1383 if ((handle & 0x0FFF) == 0xFFF) 1384 return nxp_process_fw_dump(hdev, skb); 1385 else 1386 return hci_recv_frame(hdev, skb); 1387 } 1388 1389 static int nxp_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1390 { 1391 union nxp_set_bd_addr_payload pcmd; 1392 int err; 1393 1394 pcmd.data.param_id = 0xfe; 1395 pcmd.data.param_len = 6; 1396 memcpy(pcmd.data.param, bdaddr, 6); 1397 1398 /* BD address can be assigned only after first reset command. */ 1399 err = __hci_cmd_sync_status(hdev, HCI_OP_RESET, 0, NULL, 1400 HCI_INIT_TIMEOUT); 1401 if (err) { 1402 bt_dev_err(hdev, 1403 "Reset before setting local-bd-addr failed (%d)", 1404 err); 1405 return err; 1406 } 1407 1408 err = __hci_cmd_sync_status(hdev, HCI_NXP_SET_BD_ADDR, sizeof(pcmd), 1409 pcmd.buf, HCI_CMD_TIMEOUT); 1410 if (err) { 1411 bt_dev_err(hdev, "Changing device address failed (%d)", err); 1412 return err; 1413 } 1414 1415 return 0; 1416 } 1417 1418 /* NXP protocol */ 1419 static int nxp_setup(struct hci_dev *hdev) 1420 { 1421 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1422 int err = 0; 1423 1424 if (nxp_check_boot_sign(nxpdev)) { 1425 bt_dev_dbg(hdev, "Need FW Download."); 1426 err = nxp_download_firmware(hdev); 1427 if (err < 0) 1428 return err; 1429 } else { 1430 bt_dev_info(hdev, "FW already running."); 1431 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1432 } 1433 1434 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate); 1435 nxpdev->current_baudrate = nxpdev->fw_init_baudrate; 1436 1437 ps_init(hdev); 1438 1439 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) 1440 hci_dev_clear_flag(hdev, HCI_SETUP); 1441 1442 return 0; 1443 } 1444 1445 static int nxp_post_init(struct hci_dev *hdev) 1446 { 1447 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1448 struct ps_data *psdata = &nxpdev->psdata; 1449 1450 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) { 1451 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE; 1452 nxp_set_baudrate_cmd(hdev, NULL); 1453 } 1454 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode) 1455 send_wakeup_method_cmd(hdev, NULL); 1456 if (psdata->cur_psmode != psdata->target_ps_mode) 1457 send_ps_cmd(hdev, NULL); 1458 return 0; 1459 } 1460 1461 static void nxp_hw_err(struct hci_dev *hdev, u8 code) 1462 { 1463 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1464 1465 switch (code) { 1466 case BTNXPUART_IR_HW_ERR: 1467 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state); 1468 hci_dev_set_flag(hdev, HCI_SETUP); 1469 break; 1470 default: 1471 break; 1472 } 1473 } 1474 1475 static int nxp_shutdown(struct hci_dev *hdev) 1476 { 1477 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1478 struct sk_buff *skb; 1479 u8 pcmd = 0; 1480 1481 if (ind_reset_in_progress(nxpdev)) { 1482 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd); 1483 serdev_device_set_flow_control(nxpdev->serdev, false); 1484 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1485 /* HCI_NXP_IND_RESET command may not returns any response */ 1486 if (!IS_ERR(skb)) 1487 kfree_skb(skb); 1488 } 1489 1490 return 0; 1491 } 1492 1493 static bool nxp_wakeup(struct hci_dev *hdev) 1494 { 1495 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1496 struct ps_data *psdata = &nxpdev->psdata; 1497 1498 if (psdata->c2h_wakeupmode != BT_HOST_WAKEUP_METHOD_NONE) 1499 return true; 1500 1501 return false; 1502 } 1503 1504 static void nxp_reset(struct hci_dev *hdev) 1505 { 1506 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1507 1508 if (!ind_reset_in_progress(nxpdev) && !fw_dump_in_progress(nxpdev)) { 1509 bt_dev_dbg(hdev, "CMD Timeout detected. Resetting."); 1510 nxp_set_ind_reset(hdev, NULL); 1511 } 1512 } 1513 1514 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb) 1515 { 1516 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1517 1518 /* Prepend skb with frame type */ 1519 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1520 skb_queue_tail(&nxpdev->txq, skb); 1521 btnxpuart_tx_wakeup(nxpdev); 1522 return 0; 1523 } 1524 1525 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb) 1526 { 1527 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1528 struct ps_data *psdata = &nxpdev->psdata; 1529 struct hci_command_hdr *hdr; 1530 struct psmode_cmd_payload ps_parm; 1531 struct wakeup_cmd_payload wakeup_parm; 1532 __le32 baudrate_parm; 1533 1534 if (fw_dump_in_progress(nxpdev)) 1535 return -EBUSY; 1536 1537 /* if vendor commands are received from user space (e.g. hcitool), update 1538 * driver flags accordingly and ask driver to re-send the command to FW. 1539 * In case the payload for any command does not match expected payload 1540 * length, let the firmware and user space program handle it, or throw 1541 * an error. 1542 */ 1543 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) { 1544 hdr = (struct hci_command_hdr *)skb->data; 1545 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE)) 1546 return btnxpuart_queue_skb(hdev, skb); 1547 1548 switch (__le16_to_cpu(hdr->opcode)) { 1549 case HCI_NXP_AUTO_SLEEP_MODE: 1550 if (hdr->plen == sizeof(ps_parm)) { 1551 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1552 if (ps_parm.ps_cmd == BT_PS_ENABLE) 1553 psdata->target_ps_mode = PS_MODE_ENABLE; 1554 else if (ps_parm.ps_cmd == BT_PS_DISABLE) 1555 psdata->target_ps_mode = PS_MODE_DISABLE; 1556 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval); 1557 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL); 1558 goto free_skb; 1559 } 1560 break; 1561 case HCI_NXP_WAKEUP_METHOD: 1562 if (hdr->plen == sizeof(wakeup_parm)) { 1563 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1564 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode; 1565 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio; 1566 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio; 1567 switch (wakeup_parm.h2c_wakeupmode) { 1568 case BT_CTRL_WAKEUP_METHOD_GPIO: 1569 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO; 1570 break; 1571 case BT_CTRL_WAKEUP_METHOD_DSR: 1572 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR; 1573 break; 1574 case BT_CTRL_WAKEUP_METHOD_BREAK: 1575 default: 1576 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK; 1577 break; 1578 } 1579 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL); 1580 goto free_skb; 1581 } 1582 break; 1583 case HCI_NXP_SET_OPER_SPEED: 1584 if (hdr->plen == sizeof(baudrate_parm)) { 1585 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen); 1586 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm); 1587 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL); 1588 goto free_skb; 1589 } 1590 break; 1591 case HCI_NXP_IND_RESET: 1592 if (hdr->plen == 1) { 1593 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL); 1594 goto free_skb; 1595 } 1596 break; 1597 default: 1598 break; 1599 } 1600 } 1601 1602 return btnxpuart_queue_skb(hdev, skb); 1603 1604 free_skb: 1605 kfree_skb(skb); 1606 return 0; 1607 } 1608 1609 static struct sk_buff *nxp_dequeue(void *data) 1610 { 1611 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data; 1612 1613 ps_start_timer(nxpdev); 1614 return skb_dequeue(&nxpdev->txq); 1615 } 1616 1617 /* btnxpuart based on serdev */ 1618 static void btnxpuart_tx_work(struct work_struct *work) 1619 { 1620 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev, 1621 tx_work); 1622 struct serdev_device *serdev = nxpdev->serdev; 1623 struct hci_dev *hdev = nxpdev->hdev; 1624 struct sk_buff *skb; 1625 int len; 1626 1627 if (ps_wakeup(nxpdev)) 1628 return; 1629 1630 while ((skb = nxp_dequeue(nxpdev))) { 1631 len = serdev_device_write_buf(serdev, skb->data, skb->len); 1632 hdev->stat.byte_tx += len; 1633 1634 skb_pull(skb, len); 1635 if (skb->len > 0) { 1636 skb_queue_head(&nxpdev->txq, skb); 1637 continue; 1638 } 1639 1640 switch (hci_skb_pkt_type(skb)) { 1641 case HCI_COMMAND_PKT: 1642 hdev->stat.cmd_tx++; 1643 break; 1644 case HCI_ACLDATA_PKT: 1645 hdev->stat.acl_tx++; 1646 break; 1647 case HCI_SCODATA_PKT: 1648 hdev->stat.sco_tx++; 1649 break; 1650 } 1651 1652 kfree_skb(skb); 1653 } 1654 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state); 1655 } 1656 1657 static int btnxpuart_open(struct hci_dev *hdev) 1658 { 1659 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1660 int err = 0; 1661 1662 err = serdev_device_open(nxpdev->serdev); 1663 if (err) { 1664 bt_dev_err(hdev, "Unable to open UART device %s", 1665 dev_name(&nxpdev->serdev->dev)); 1666 } else { 1667 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1668 } 1669 return err; 1670 } 1671 1672 static int btnxpuart_close(struct hci_dev *hdev) 1673 { 1674 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1675 1676 serdev_device_close(nxpdev->serdev); 1677 skb_queue_purge(&nxpdev->txq); 1678 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1679 kfree_skb(nxpdev->rx_skb); 1680 nxpdev->rx_skb = NULL; 1681 } 1682 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); 1683 return 0; 1684 } 1685 1686 static int btnxpuart_flush(struct hci_dev *hdev) 1687 { 1688 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); 1689 1690 /* Flush any pending characters */ 1691 serdev_device_write_flush(nxpdev->serdev); 1692 skb_queue_purge(&nxpdev->txq); 1693 1694 cancel_work_sync(&nxpdev->tx_work); 1695 1696 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { 1697 kfree_skb(nxpdev->rx_skb); 1698 nxpdev->rx_skb = NULL; 1699 } 1700 1701 return 0; 1702 } 1703 1704 static const struct h4_recv_pkt nxp_recv_pkts[] = { 1705 { H4_RECV_ACL, .recv = nxp_recv_acl_pkt }, 1706 { H4_RECV_SCO, .recv = hci_recv_frame }, 1707 { H4_RECV_EVENT, .recv = hci_recv_frame }, 1708 { H4_RECV_ISO, .recv = hci_recv_frame }, 1709 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 }, 1710 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 }, 1711 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 }, 1712 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 }, 1713 }; 1714 1715 static size_t btnxpuart_receive_buf(struct serdev_device *serdev, 1716 const u8 *data, size_t count) 1717 { 1718 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1719 1720 ps_start_timer(nxpdev); 1721 1722 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count, 1723 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts)); 1724 if (IS_ERR(nxpdev->rx_skb)) { 1725 int err = PTR_ERR(nxpdev->rx_skb); 1726 /* Safe to ignore out-of-sync bootloader signatures */ 1727 if (!is_fw_downloading(nxpdev) && 1728 !ind_reset_in_progress(nxpdev)) 1729 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1730 return count; 1731 } 1732 if (!is_fw_downloading(nxpdev) && 1733 !ind_reset_in_progress(nxpdev)) 1734 nxpdev->hdev->stat.byte_rx += count; 1735 return count; 1736 } 1737 1738 static void btnxpuart_write_wakeup(struct serdev_device *serdev) 1739 { 1740 serdev_device_write_wakeup(serdev); 1741 } 1742 1743 static const struct serdev_device_ops btnxpuart_client_ops = { 1744 .receive_buf = btnxpuart_receive_buf, 1745 .write_wakeup = btnxpuart_write_wakeup, 1746 }; 1747 1748 static int nxp_serdev_probe(struct serdev_device *serdev) 1749 { 1750 struct hci_dev *hdev; 1751 struct btnxpuart_dev *nxpdev; 1752 bdaddr_t ba = {0}; 1753 1754 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL); 1755 if (!nxpdev) 1756 return -ENOMEM; 1757 1758 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev); 1759 1760 nxpdev->serdev = serdev; 1761 serdev_device_set_drvdata(serdev, nxpdev); 1762 1763 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops); 1764 1765 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work); 1766 skb_queue_head_init(&nxpdev->txq); 1767 1768 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q); 1769 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q); 1770 1771 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate", 1772 &nxpdev->fw_init_baudrate); 1773 if (!nxpdev->fw_init_baudrate) 1774 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE; 1775 1776 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1777 1778 crc8_populate_msb(crc8_table, POLYNOMIAL8); 1779 1780 /* Initialize and register HCI device */ 1781 hdev = hci_alloc_dev(); 1782 if (!hdev) { 1783 dev_err(&serdev->dev, "Can't allocate HCI device\n"); 1784 return -ENOMEM; 1785 } 1786 1787 nxpdev->hdev = hdev; 1788 1789 hdev->bus = HCI_UART; 1790 hci_set_drvdata(hdev, nxpdev); 1791 1792 hdev->manufacturer = MANUFACTURER_NXP; 1793 hdev->open = btnxpuart_open; 1794 hdev->close = btnxpuart_close; 1795 hdev->flush = btnxpuart_flush; 1796 hdev->setup = nxp_setup; 1797 hdev->post_init = nxp_post_init; 1798 hdev->send = nxp_enqueue; 1799 hdev->hw_error = nxp_hw_err; 1800 hdev->shutdown = nxp_shutdown; 1801 hdev->wakeup = nxp_wakeup; 1802 hdev->reset = nxp_reset; 1803 hdev->set_bdaddr = nxp_set_bdaddr; 1804 SET_HCIDEV_DEV(hdev, &serdev->dev); 1805 1806 device_property_read_u8_array(&nxpdev->serdev->dev, 1807 "local-bd-address", 1808 (u8 *)&ba, sizeof(ba)); 1809 if (bacmp(&ba, BDADDR_ANY)) 1810 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); 1811 1812 if (hci_register_dev(hdev) < 0) { 1813 dev_err(&serdev->dev, "Can't register HCI device\n"); 1814 goto probe_fail; 1815 } 1816 1817 if (ps_setup(hdev)) 1818 goto probe_fail; 1819 1820 hci_devcd_register(hdev, nxp_coredump, nxp_coredump_hdr, NULL); 1821 1822 return 0; 1823 1824 probe_fail: 1825 hci_free_dev(hdev); 1826 return -ENODEV; 1827 } 1828 1829 static void nxp_serdev_remove(struct serdev_device *serdev) 1830 { 1831 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev); 1832 struct hci_dev *hdev = nxpdev->hdev; 1833 1834 if (is_fw_downloading(nxpdev)) { 1835 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state); 1836 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state); 1837 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q); 1838 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q); 1839 } else { 1840 /* Restore FW baudrate to fw_init_baudrate if changed. 1841 * This will ensure FW baudrate is in sync with 1842 * driver baudrate in case this driver is re-inserted. 1843 */ 1844 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) { 1845 nxpdev->new_baudrate = nxpdev->fw_init_baudrate; 1846 nxp_set_baudrate_cmd(hdev, NULL); 1847 } 1848 } 1849 1850 ps_cleanup(nxpdev); 1851 hci_unregister_dev(hdev); 1852 hci_free_dev(hdev); 1853 } 1854 1855 #ifdef CONFIG_PM_SLEEP 1856 static int nxp_serdev_suspend(struct device *dev) 1857 { 1858 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1859 struct ps_data *psdata = &nxpdev->psdata; 1860 1861 ps_control(psdata->hdev, PS_STATE_SLEEP); 1862 1863 if (psdata->wakeup_source) { 1864 enable_irq_wake(psdata->irq_handler); 1865 enable_irq(psdata->irq_handler); 1866 } 1867 return 0; 1868 } 1869 1870 static int nxp_serdev_resume(struct device *dev) 1871 { 1872 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1873 struct ps_data *psdata = &nxpdev->psdata; 1874 1875 if (psdata->wakeup_source) { 1876 disable_irq(psdata->irq_handler); 1877 disable_irq_wake(psdata->irq_handler); 1878 } 1879 1880 ps_control(psdata->hdev, PS_STATE_AWAKE); 1881 return 0; 1882 } 1883 #endif 1884 1885 #ifdef CONFIG_DEV_COREDUMP 1886 static void nxp_serdev_coredump(struct device *dev) 1887 { 1888 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev); 1889 struct hci_dev *hdev = nxpdev->hdev; 1890 1891 if (hdev->dump.coredump) 1892 hdev->dump.coredump(hdev); 1893 } 1894 #endif 1895 1896 static struct btnxpuart_data w8987_data __maybe_unused = { 1897 .helper_fw_name = NULL, 1898 .fw_name = FIRMWARE_W8987, 1899 .fw_name_old = FIRMWARE_W8987_OLD, 1900 }; 1901 1902 static struct btnxpuart_data w8997_data __maybe_unused = { 1903 .helper_fw_name = FIRMWARE_HELPER, 1904 .fw_name = FIRMWARE_W8997, 1905 .fw_name_old = FIRMWARE_W8997_OLD, 1906 }; 1907 1908 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = { 1909 { .compatible = "nxp,88w8987-bt", .data = &w8987_data }, 1910 { .compatible = "nxp,88w8997-bt", .data = &w8997_data }, 1911 { } 1912 }; 1913 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table); 1914 1915 static const struct dev_pm_ops nxp_pm_ops = { 1916 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume) 1917 }; 1918 1919 static struct serdev_device_driver nxp_serdev_driver = { 1920 .probe = nxp_serdev_probe, 1921 .remove = nxp_serdev_remove, 1922 .driver = { 1923 .name = "btnxpuart", 1924 .of_match_table = of_match_ptr(nxpuart_of_match_table), 1925 .pm = &nxp_pm_ops, 1926 #ifdef CONFIG_DEV_COREDUMP 1927 .coredump = nxp_serdev_coredump, 1928 #endif 1929 }, 1930 }; 1931 1932 module_serdev_device_driver(nxp_serdev_driver); 1933 1934 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>"); 1935 MODULE_DESCRIPTION("NXP Bluetooth Serial driver"); 1936 MODULE_LICENSE("GPL"); 1937