Loading...
Note: File does not exist in v3.1.
1/*
2 *
3 * Bluetooth HCI UART driver for Intel devices
4 *
5 * Copyright (C) 2015 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/kernel.h>
25#include <linux/errno.h>
26#include <linux/skbuff.h>
27#include <linux/firmware.h>
28#include <linux/module.h>
29#include <linux/wait.h>
30#include <linux/tty.h>
31#include <linux/platform_device.h>
32#include <linux/gpio/consumer.h>
33#include <linux/acpi.h>
34#include <linux/interrupt.h>
35#include <linux/pm_runtime.h>
36
37#include <net/bluetooth/bluetooth.h>
38#include <net/bluetooth/hci_core.h>
39
40#include "hci_uart.h"
41#include "btintel.h"
42
43#define STATE_BOOTLOADER 0
44#define STATE_DOWNLOADING 1
45#define STATE_FIRMWARE_LOADED 2
46#define STATE_FIRMWARE_FAILED 3
47#define STATE_BOOTING 4
48#define STATE_LPM_ENABLED 5
49#define STATE_TX_ACTIVE 6
50#define STATE_SUSPENDED 7
51#define STATE_LPM_TRANSACTION 8
52
53#define HCI_LPM_WAKE_PKT 0xf0
54#define HCI_LPM_PKT 0xf1
55#define HCI_LPM_MAX_SIZE 10
56#define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE
57
58#define LPM_OP_TX_NOTIFY 0x00
59#define LPM_OP_SUSPEND_ACK 0x02
60#define LPM_OP_RESUME_ACK 0x03
61
62#define LPM_SUSPEND_DELAY_MS 1000
63
64struct hci_lpm_pkt {
65 __u8 opcode;
66 __u8 dlen;
67 __u8 data[0];
68} __packed;
69
70struct intel_device {
71 struct list_head list;
72 struct platform_device *pdev;
73 struct gpio_desc *reset;
74 struct hci_uart *hu;
75 struct mutex hu_lock;
76 int irq;
77};
78
79static LIST_HEAD(intel_device_list);
80static DEFINE_MUTEX(intel_device_list_lock);
81
82struct intel_data {
83 struct sk_buff *rx_skb;
84 struct sk_buff_head txq;
85 struct work_struct busy_work;
86 struct hci_uart *hu;
87 unsigned long flags;
88};
89
90static u8 intel_convert_speed(unsigned int speed)
91{
92 switch (speed) {
93 case 9600:
94 return 0x00;
95 case 19200:
96 return 0x01;
97 case 38400:
98 return 0x02;
99 case 57600:
100 return 0x03;
101 case 115200:
102 return 0x04;
103 case 230400:
104 return 0x05;
105 case 460800:
106 return 0x06;
107 case 921600:
108 return 0x07;
109 case 1843200:
110 return 0x08;
111 case 3250000:
112 return 0x09;
113 case 2000000:
114 return 0x0a;
115 case 3000000:
116 return 0x0b;
117 default:
118 return 0xff;
119 }
120}
121
122static int intel_wait_booting(struct hci_uart *hu)
123{
124 struct intel_data *intel = hu->priv;
125 int err;
126
127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING,
128 TASK_INTERRUPTIBLE,
129 msecs_to_jiffies(1000));
130
131 if (err == 1) {
132 bt_dev_err(hu->hdev, "Device boot interrupted");
133 return -EINTR;
134 }
135
136 if (err) {
137 bt_dev_err(hu->hdev, "Device boot timeout");
138 return -ETIMEDOUT;
139 }
140
141 return err;
142}
143
144#ifdef CONFIG_PM
145static int intel_wait_lpm_transaction(struct hci_uart *hu)
146{
147 struct intel_data *intel = hu->priv;
148 int err;
149
150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION,
151 TASK_INTERRUPTIBLE,
152 msecs_to_jiffies(1000));
153
154 if (err == 1) {
155 bt_dev_err(hu->hdev, "LPM transaction interrupted");
156 return -EINTR;
157 }
158
159 if (err) {
160 bt_dev_err(hu->hdev, "LPM transaction timeout");
161 return -ETIMEDOUT;
162 }
163
164 return err;
165}
166
167static int intel_lpm_suspend(struct hci_uart *hu)
168{
169 static const u8 suspend[] = { 0x01, 0x01, 0x01 };
170 struct intel_data *intel = hu->priv;
171 struct sk_buff *skb;
172
173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
174 test_bit(STATE_SUSPENDED, &intel->flags))
175 return 0;
176
177 if (test_bit(STATE_TX_ACTIVE, &intel->flags))
178 return -EAGAIN;
179
180 bt_dev_dbg(hu->hdev, "Suspending");
181
182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL);
183 if (!skb) {
184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
185 return -ENOMEM;
186 }
187
188 memcpy(skb_put(skb, sizeof(suspend)), suspend, sizeof(suspend));
189 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
190
191 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
192
193 /* LPM flow is a priority, enqueue packet at list head */
194 skb_queue_head(&intel->txq, skb);
195 hci_uart_tx_wakeup(hu);
196
197 intel_wait_lpm_transaction(hu);
198 /* Even in case of failure, continue and test the suspended flag */
199
200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
201
202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) {
203 bt_dev_err(hu->hdev, "Device suspend error");
204 return -EINVAL;
205 }
206
207 bt_dev_dbg(hu->hdev, "Suspended");
208
209 hci_uart_set_flow_control(hu, true);
210
211 return 0;
212}
213
214static int intel_lpm_resume(struct hci_uart *hu)
215{
216 struct intel_data *intel = hu->priv;
217 struct sk_buff *skb;
218
219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
220 !test_bit(STATE_SUSPENDED, &intel->flags))
221 return 0;
222
223 bt_dev_dbg(hu->hdev, "Resuming");
224
225 hci_uart_set_flow_control(hu, false);
226
227 skb = bt_skb_alloc(0, GFP_KERNEL);
228 if (!skb) {
229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
230 return -ENOMEM;
231 }
232
233 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT;
234
235 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
236
237 /* LPM flow is a priority, enqueue packet at list head */
238 skb_queue_head(&intel->txq, skb);
239 hci_uart_tx_wakeup(hu);
240
241 intel_wait_lpm_transaction(hu);
242 /* Even in case of failure, continue and test the suspended flag */
243
244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
245
246 if (test_bit(STATE_SUSPENDED, &intel->flags)) {
247 bt_dev_err(hu->hdev, "Device resume error");
248 return -EINVAL;
249 }
250
251 bt_dev_dbg(hu->hdev, "Resumed");
252
253 return 0;
254}
255#endif /* CONFIG_PM */
256
257static int intel_lpm_host_wake(struct hci_uart *hu)
258{
259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 };
260 struct intel_data *intel = hu->priv;
261 struct sk_buff *skb;
262
263 hci_uart_set_flow_control(hu, false);
264
265 clear_bit(STATE_SUSPENDED, &intel->flags);
266
267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL);
268 if (!skb) {
269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
270 return -ENOMEM;
271 }
272
273 memcpy(skb_put(skb, sizeof(lpm_resume_ack)), lpm_resume_ack,
274 sizeof(lpm_resume_ack));
275 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
276
277 /* LPM flow is a priority, enqueue packet at list head */
278 skb_queue_head(&intel->txq, skb);
279 hci_uart_tx_wakeup(hu);
280
281 bt_dev_dbg(hu->hdev, "Resumed by controller");
282
283 return 0;
284}
285
286static irqreturn_t intel_irq(int irq, void *dev_id)
287{
288 struct intel_device *idev = dev_id;
289
290 dev_info(&idev->pdev->dev, "hci_intel irq\n");
291
292 mutex_lock(&idev->hu_lock);
293 if (idev->hu)
294 intel_lpm_host_wake(idev->hu);
295 mutex_unlock(&idev->hu_lock);
296
297 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */
298 pm_runtime_get(&idev->pdev->dev);
299 pm_runtime_mark_last_busy(&idev->pdev->dev);
300 pm_runtime_put_autosuspend(&idev->pdev->dev);
301
302 return IRQ_HANDLED;
303}
304
305static int intel_set_power(struct hci_uart *hu, bool powered)
306{
307 struct list_head *p;
308 int err = -ENODEV;
309
310 mutex_lock(&intel_device_list_lock);
311
312 list_for_each(p, &intel_device_list) {
313 struct intel_device *idev = list_entry(p, struct intel_device,
314 list);
315
316 /* tty device and pdev device should share the same parent
317 * which is the UART port.
318 */
319 if (hu->tty->dev->parent != idev->pdev->dev.parent)
320 continue;
321
322 if (!idev->reset) {
323 err = -ENOTSUPP;
324 break;
325 }
326
327 BT_INFO("hu %p, Switching compatible pm device (%s) to %u",
328 hu, dev_name(&idev->pdev->dev), powered);
329
330 gpiod_set_value(idev->reset, powered);
331
332 /* Provide to idev a hu reference which is used to run LPM
333 * transactions (lpm suspend/resume) from PM callbacks.
334 * hu needs to be protected against concurrent removing during
335 * these PM ops.
336 */
337 mutex_lock(&idev->hu_lock);
338 idev->hu = powered ? hu : NULL;
339 mutex_unlock(&idev->hu_lock);
340
341 if (idev->irq < 0)
342 break;
343
344 if (powered && device_can_wakeup(&idev->pdev->dev)) {
345 err = devm_request_threaded_irq(&idev->pdev->dev,
346 idev->irq, NULL,
347 intel_irq,
348 IRQF_ONESHOT,
349 "bt-host-wake", idev);
350 if (err) {
351 BT_ERR("hu %p, unable to allocate irq-%d",
352 hu, idev->irq);
353 break;
354 }
355
356 device_wakeup_enable(&idev->pdev->dev);
357
358 pm_runtime_set_active(&idev->pdev->dev);
359 pm_runtime_use_autosuspend(&idev->pdev->dev);
360 pm_runtime_set_autosuspend_delay(&idev->pdev->dev,
361 LPM_SUSPEND_DELAY_MS);
362 pm_runtime_enable(&idev->pdev->dev);
363 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) {
364 devm_free_irq(&idev->pdev->dev, idev->irq, idev);
365 device_wakeup_disable(&idev->pdev->dev);
366
367 pm_runtime_disable(&idev->pdev->dev);
368 }
369 }
370
371 mutex_unlock(&intel_device_list_lock);
372
373 return err;
374}
375
376static void intel_busy_work(struct work_struct *work)
377{
378 struct list_head *p;
379 struct intel_data *intel = container_of(work, struct intel_data,
380 busy_work);
381
382 /* Link is busy, delay the suspend */
383 mutex_lock(&intel_device_list_lock);
384 list_for_each(p, &intel_device_list) {
385 struct intel_device *idev = list_entry(p, struct intel_device,
386 list);
387
388 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
389 pm_runtime_get(&idev->pdev->dev);
390 pm_runtime_mark_last_busy(&idev->pdev->dev);
391 pm_runtime_put_autosuspend(&idev->pdev->dev);
392 break;
393 }
394 }
395 mutex_unlock(&intel_device_list_lock);
396}
397
398static int intel_open(struct hci_uart *hu)
399{
400 struct intel_data *intel;
401
402 BT_DBG("hu %p", hu);
403
404 intel = kzalloc(sizeof(*intel), GFP_KERNEL);
405 if (!intel)
406 return -ENOMEM;
407
408 skb_queue_head_init(&intel->txq);
409 INIT_WORK(&intel->busy_work, intel_busy_work);
410
411 intel->hu = hu;
412
413 hu->priv = intel;
414
415 if (!intel_set_power(hu, true))
416 set_bit(STATE_BOOTING, &intel->flags);
417
418 return 0;
419}
420
421static int intel_close(struct hci_uart *hu)
422{
423 struct intel_data *intel = hu->priv;
424
425 BT_DBG("hu %p", hu);
426
427 cancel_work_sync(&intel->busy_work);
428
429 intel_set_power(hu, false);
430
431 skb_queue_purge(&intel->txq);
432 kfree_skb(intel->rx_skb);
433 kfree(intel);
434
435 hu->priv = NULL;
436 return 0;
437}
438
439static int intel_flush(struct hci_uart *hu)
440{
441 struct intel_data *intel = hu->priv;
442
443 BT_DBG("hu %p", hu);
444
445 skb_queue_purge(&intel->txq);
446
447 return 0;
448}
449
450static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
451{
452 struct sk_buff *skb;
453 struct hci_event_hdr *hdr;
454 struct hci_ev_cmd_complete *evt;
455
456 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
457 if (!skb)
458 return -ENOMEM;
459
460 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
461 hdr->evt = HCI_EV_CMD_COMPLETE;
462 hdr->plen = sizeof(*evt) + 1;
463
464 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
465 evt->ncmd = 0x01;
466 evt->opcode = cpu_to_le16(opcode);
467
468 *skb_put(skb, 1) = 0x00;
469
470 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
471
472 return hci_recv_frame(hdev, skb);
473}
474
475static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed)
476{
477 struct intel_data *intel = hu->priv;
478 struct hci_dev *hdev = hu->hdev;
479 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 };
480 struct sk_buff *skb;
481 int err;
482
483 /* This can be the first command sent to the chip, check
484 * that the controller is ready.
485 */
486 err = intel_wait_booting(hu);
487
488 clear_bit(STATE_BOOTING, &intel->flags);
489
490 /* In case of timeout, try to continue anyway */
491 if (err && err != -ETIMEDOUT)
492 return err;
493
494 bt_dev_info(hdev, "Change controller speed to %d", speed);
495
496 speed_cmd[3] = intel_convert_speed(speed);
497 if (speed_cmd[3] == 0xff) {
498 bt_dev_err(hdev, "Unsupported speed");
499 return -EINVAL;
500 }
501
502 /* Device will not accept speed change if Intel version has not been
503 * previously requested.
504 */
505 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
506 if (IS_ERR(skb)) {
507 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
508 PTR_ERR(skb));
509 return PTR_ERR(skb);
510 }
511 kfree_skb(skb);
512
513 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL);
514 if (!skb) {
515 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet");
516 return -ENOMEM;
517 }
518
519 memcpy(skb_put(skb, sizeof(speed_cmd)), speed_cmd, sizeof(speed_cmd));
520 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
521
522 hci_uart_set_flow_control(hu, true);
523
524 skb_queue_tail(&intel->txq, skb);
525 hci_uart_tx_wakeup(hu);
526
527 /* wait 100ms to change baudrate on controller side */
528 msleep(100);
529
530 hci_uart_set_baudrate(hu, speed);
531 hci_uart_set_flow_control(hu, false);
532
533 return 0;
534}
535
536static int intel_setup(struct hci_uart *hu)
537{
538 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01,
539 0x00, 0x08, 0x04, 0x00 };
540 static const u8 lpm_param[] = { 0x03, 0x07, 0x01, 0x0b };
541 struct intel_data *intel = hu->priv;
542 struct intel_device *idev = NULL;
543 struct hci_dev *hdev = hu->hdev;
544 struct sk_buff *skb;
545 struct intel_version ver;
546 struct intel_boot_params *params;
547 struct list_head *p;
548 const struct firmware *fw;
549 const u8 *fw_ptr;
550 char fwname[64];
551 u32 frag_len;
552 ktime_t calltime, delta, rettime;
553 unsigned long long duration;
554 unsigned int init_speed, oper_speed;
555 int speed_change = 0;
556 int err;
557
558 bt_dev_dbg(hdev, "start intel_setup");
559
560 hu->hdev->set_diag = btintel_set_diag;
561 hu->hdev->set_bdaddr = btintel_set_bdaddr;
562
563 calltime = ktime_get();
564
565 if (hu->init_speed)
566 init_speed = hu->init_speed;
567 else
568 init_speed = hu->proto->init_speed;
569
570 if (hu->oper_speed)
571 oper_speed = hu->oper_speed;
572 else
573 oper_speed = hu->proto->oper_speed;
574
575 if (oper_speed && init_speed && oper_speed != init_speed)
576 speed_change = 1;
577
578 /* Check that the controller is ready */
579 err = intel_wait_booting(hu);
580
581 clear_bit(STATE_BOOTING, &intel->flags);
582
583 /* In case of timeout, try to continue anyway */
584 if (err && err != -ETIMEDOUT)
585 return err;
586
587 set_bit(STATE_BOOTLOADER, &intel->flags);
588
589 /* Read the Intel version information to determine if the device
590 * is in bootloader mode or if it already has operational firmware
591 * loaded.
592 */
593 err = btintel_read_version(hdev, &ver);
594 if (err)
595 return err;
596
597 /* The hardware platform number has a fixed value of 0x37 and
598 * for now only accept this single value.
599 */
600 if (ver.hw_platform != 0x37) {
601 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
602 ver.hw_platform);
603 return -EINVAL;
604 }
605
606 /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is
607 * supported by this firmware loading method. This check has been
608 * put in place to ensure correct forward compatibility options
609 * when newer hardware variants come along.
610 */
611 if (ver.hw_variant != 0x0b) {
612 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
613 ver.hw_variant);
614 return -EINVAL;
615 }
616
617 btintel_version_info(hdev, &ver);
618
619 /* The firmware variant determines if the device is in bootloader
620 * mode or is running operational firmware. The value 0x06 identifies
621 * the bootloader and the value 0x23 identifies the operational
622 * firmware.
623 *
624 * When the operational firmware is already present, then only
625 * the check for valid Bluetooth device address is needed. This
626 * determines if the device will be added as configured or
627 * unconfigured controller.
628 *
629 * It is not possible to use the Secure Boot Parameters in this
630 * case since that command is only available in bootloader mode.
631 */
632 if (ver.fw_variant == 0x23) {
633 clear_bit(STATE_BOOTLOADER, &intel->flags);
634 btintel_check_bdaddr(hdev);
635 return 0;
636 }
637
638 /* If the device is not in bootloader mode, then the only possible
639 * choice is to return an error and abort the device initialization.
640 */
641 if (ver.fw_variant != 0x06) {
642 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
643 ver.fw_variant);
644 return -ENODEV;
645 }
646
647 /* Read the secure boot parameters to identify the operating
648 * details of the bootloader.
649 */
650 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_CMD_TIMEOUT);
651 if (IS_ERR(skb)) {
652 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
653 PTR_ERR(skb));
654 return PTR_ERR(skb);
655 }
656
657 if (skb->len != sizeof(*params)) {
658 bt_dev_err(hdev, "Intel boot parameters size mismatch");
659 kfree_skb(skb);
660 return -EILSEQ;
661 }
662
663 params = (struct intel_boot_params *)skb->data;
664 if (params->status) {
665 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)",
666 params->status);
667 err = -bt_to_errno(params->status);
668 kfree_skb(skb);
669 return err;
670 }
671
672 bt_dev_info(hdev, "Device revision is %u",
673 le16_to_cpu(params->dev_revid));
674
675 bt_dev_info(hdev, "Secure boot is %s",
676 params->secure_boot ? "enabled" : "disabled");
677
678 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
679 params->min_fw_build_nn, params->min_fw_build_cw,
680 2000 + params->min_fw_build_yy);
681
682 /* It is required that every single firmware fragment is acknowledged
683 * with a command complete event. If the boot parameters indicate
684 * that this bootloader does not send them, then abort the setup.
685 */
686 if (params->limited_cce != 0x00) {
687 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
688 params->limited_cce);
689 kfree_skb(skb);
690 return -EINVAL;
691 }
692
693 /* If the OTP has no valid Bluetooth device address, then there will
694 * also be no valid address for the operational firmware.
695 */
696 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
697 bt_dev_info(hdev, "No device address configured");
698 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
699 }
700
701 /* With this Intel bootloader only the hardware variant and device
702 * revision information are used to select the right firmware.
703 *
704 * Currently this bootloader support is limited to hardware variant
705 * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b).
706 */
707 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi",
708 le16_to_cpu(params->dev_revid));
709
710 err = request_firmware(&fw, fwname, &hdev->dev);
711 if (err < 0) {
712 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
713 err);
714 kfree_skb(skb);
715 return err;
716 }
717
718 bt_dev_info(hdev, "Found device firmware: %s", fwname);
719
720 /* Save the DDC file name for later */
721 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.ddc",
722 le16_to_cpu(params->dev_revid));
723
724 kfree_skb(skb);
725
726 if (fw->size < 644) {
727 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
728 fw->size);
729 err = -EBADF;
730 goto done;
731 }
732
733 set_bit(STATE_DOWNLOADING, &intel->flags);
734
735 /* Start the firmware download transaction with the Init fragment
736 * represented by the 128 bytes of CSS header.
737 */
738 err = btintel_secure_send(hdev, 0x00, 128, fw->data);
739 if (err < 0) {
740 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
741 goto done;
742 }
743
744 /* Send the 256 bytes of public key information from the firmware
745 * as the PKey fragment.
746 */
747 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
748 if (err < 0) {
749 bt_dev_err(hdev, "Failed to send firmware public key (%d)",
750 err);
751 goto done;
752 }
753
754 /* Send the 256 bytes of signature information from the firmware
755 * as the Sign fragment.
756 */
757 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
758 if (err < 0) {
759 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
760 err);
761 goto done;
762 }
763
764 fw_ptr = fw->data + 644;
765 frag_len = 0;
766
767 while (fw_ptr - fw->data < fw->size) {
768 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
769
770 frag_len += sizeof(*cmd) + cmd->plen;
771
772 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data),
773 fw->size);
774
775 /* The parameter length of the secure send command requires
776 * a 4 byte alignment. It happens so that the firmware file
777 * contains proper Intel_NOP commands to align the fragments
778 * as needed.
779 *
780 * Send set of commands with 4 byte alignment from the
781 * firmware data buffer as a single Data fragement.
782 */
783 if (frag_len % 4)
784 continue;
785
786 /* Send each command from the firmware data buffer as
787 * a single Data fragment.
788 */
789 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
790 if (err < 0) {
791 bt_dev_err(hdev, "Failed to send firmware data (%d)",
792 err);
793 goto done;
794 }
795
796 fw_ptr += frag_len;
797 frag_len = 0;
798 }
799
800 set_bit(STATE_FIRMWARE_LOADED, &intel->flags);
801
802 bt_dev_info(hdev, "Waiting for firmware download to complete");
803
804 /* Before switching the device into operational mode and with that
805 * booting the loaded firmware, wait for the bootloader notification
806 * that all fragments have been successfully received.
807 *
808 * When the event processing receives the notification, then the
809 * STATE_DOWNLOADING flag will be cleared.
810 *
811 * The firmware loading should not take longer than 5 seconds
812 * and thus just timeout if that happens and fail the setup
813 * of this device.
814 */
815 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING,
816 TASK_INTERRUPTIBLE,
817 msecs_to_jiffies(5000));
818 if (err == 1) {
819 bt_dev_err(hdev, "Firmware loading interrupted");
820 err = -EINTR;
821 goto done;
822 }
823
824 if (err) {
825 bt_dev_err(hdev, "Firmware loading timeout");
826 err = -ETIMEDOUT;
827 goto done;
828 }
829
830 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) {
831 bt_dev_err(hdev, "Firmware loading failed");
832 err = -ENOEXEC;
833 goto done;
834 }
835
836 rettime = ktime_get();
837 delta = ktime_sub(rettime, calltime);
838 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
839
840 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
841
842done:
843 release_firmware(fw);
844
845 if (err < 0)
846 return err;
847
848 /* We need to restore the default speed before Intel reset */
849 if (speed_change) {
850 err = intel_set_baudrate(hu, init_speed);
851 if (err)
852 return err;
853 }
854
855 calltime = ktime_get();
856
857 set_bit(STATE_BOOTING, &intel->flags);
858
859 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param,
860 HCI_CMD_TIMEOUT);
861 if (IS_ERR(skb))
862 return PTR_ERR(skb);
863
864 kfree_skb(skb);
865
866 /* The bootloader will not indicate when the device is ready. This
867 * is done by the operational firmware sending bootup notification.
868 *
869 * Booting into operational firmware should not take longer than
870 * 1 second. However if that happens, then just fail the setup
871 * since something went wrong.
872 */
873 bt_dev_info(hdev, "Waiting for device to boot");
874
875 err = intel_wait_booting(hu);
876 if (err)
877 return err;
878
879 clear_bit(STATE_BOOTING, &intel->flags);
880
881 rettime = ktime_get();
882 delta = ktime_sub(rettime, calltime);
883 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
884
885 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
886
887 /* Enable LPM if matching pdev with wakeup enabled */
888 mutex_lock(&intel_device_list_lock);
889 list_for_each(p, &intel_device_list) {
890 struct intel_device *dev = list_entry(p, struct intel_device,
891 list);
892 if (hu->tty->dev->parent == dev->pdev->dev.parent) {
893 if (device_may_wakeup(&dev->pdev->dev))
894 idev = dev;
895 break;
896 }
897 }
898 mutex_unlock(&intel_device_list_lock);
899
900 if (!idev)
901 goto no_lpm;
902
903 bt_dev_info(hdev, "Enabling LPM");
904
905 skb = __hci_cmd_sync(hdev, 0xfc8b, sizeof(lpm_param), lpm_param,
906 HCI_CMD_TIMEOUT);
907 if (IS_ERR(skb)) {
908 bt_dev_err(hdev, "Failed to enable LPM");
909 goto no_lpm;
910 }
911 kfree_skb(skb);
912
913 set_bit(STATE_LPM_ENABLED, &intel->flags);
914
915no_lpm:
916 /* Ignore errors, device can work without DDC parameters */
917 btintel_load_ddc_config(hdev, fwname);
918
919 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
920 if (IS_ERR(skb))
921 return PTR_ERR(skb);
922 kfree_skb(skb);
923
924 if (speed_change) {
925 err = intel_set_baudrate(hu, oper_speed);
926 if (err)
927 return err;
928 }
929
930 bt_dev_info(hdev, "Setup complete");
931
932 clear_bit(STATE_BOOTLOADER, &intel->flags);
933
934 return 0;
935}
936
937static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
938{
939 struct hci_uart *hu = hci_get_drvdata(hdev);
940 struct intel_data *intel = hu->priv;
941 struct hci_event_hdr *hdr;
942
943 if (!test_bit(STATE_BOOTLOADER, &intel->flags) &&
944 !test_bit(STATE_BOOTING, &intel->flags))
945 goto recv;
946
947 hdr = (void *)skb->data;
948
949 /* When the firmware loading completes the device sends
950 * out a vendor specific event indicating the result of
951 * the firmware loading.
952 */
953 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
954 skb->data[2] == 0x06) {
955 if (skb->data[3] != 0x00)
956 set_bit(STATE_FIRMWARE_FAILED, &intel->flags);
957
958 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) &&
959 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) {
960 smp_mb__after_atomic();
961 wake_up_bit(&intel->flags, STATE_DOWNLOADING);
962 }
963
964 /* When switching to the operational firmware the device
965 * sends a vendor specific event indicating that the bootup
966 * completed.
967 */
968 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
969 skb->data[2] == 0x02) {
970 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) {
971 smp_mb__after_atomic();
972 wake_up_bit(&intel->flags, STATE_BOOTING);
973 }
974 }
975recv:
976 return hci_recv_frame(hdev, skb);
977}
978
979static void intel_recv_lpm_notify(struct hci_dev *hdev, int value)
980{
981 struct hci_uart *hu = hci_get_drvdata(hdev);
982 struct intel_data *intel = hu->priv;
983
984 bt_dev_dbg(hdev, "TX idle notification (%d)", value);
985
986 if (value) {
987 set_bit(STATE_TX_ACTIVE, &intel->flags);
988 schedule_work(&intel->busy_work);
989 } else {
990 clear_bit(STATE_TX_ACTIVE, &intel->flags);
991 }
992}
993
994static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb)
995{
996 struct hci_lpm_pkt *lpm = (void *)skb->data;
997 struct hci_uart *hu = hci_get_drvdata(hdev);
998 struct intel_data *intel = hu->priv;
999
1000 switch (lpm->opcode) {
1001 case LPM_OP_TX_NOTIFY:
1002 if (lpm->dlen < 1) {
1003 bt_dev_err(hu->hdev, "Invalid LPM notification packet");
1004 break;
1005 }
1006 intel_recv_lpm_notify(hdev, lpm->data[0]);
1007 break;
1008 case LPM_OP_SUSPEND_ACK:
1009 set_bit(STATE_SUSPENDED, &intel->flags);
1010 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1011 smp_mb__after_atomic();
1012 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1013 }
1014 break;
1015 case LPM_OP_RESUME_ACK:
1016 clear_bit(STATE_SUSPENDED, &intel->flags);
1017 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1018 smp_mb__after_atomic();
1019 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1020 }
1021 break;
1022 default:
1023 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode);
1024 break;
1025 }
1026
1027 kfree_skb(skb);
1028
1029 return 0;
1030}
1031
1032#define INTEL_RECV_LPM \
1033 .type = HCI_LPM_PKT, \
1034 .hlen = HCI_LPM_HDR_SIZE, \
1035 .loff = 1, \
1036 .lsize = 1, \
1037 .maxlen = HCI_LPM_MAX_SIZE
1038
1039static const struct h4_recv_pkt intel_recv_pkts[] = {
1040 { H4_RECV_ACL, .recv = hci_recv_frame },
1041 { H4_RECV_SCO, .recv = hci_recv_frame },
1042 { H4_RECV_EVENT, .recv = intel_recv_event },
1043 { INTEL_RECV_LPM, .recv = intel_recv_lpm },
1044};
1045
1046static int intel_recv(struct hci_uart *hu, const void *data, int count)
1047{
1048 struct intel_data *intel = hu->priv;
1049
1050 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1051 return -EUNATCH;
1052
1053 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count,
1054 intel_recv_pkts,
1055 ARRAY_SIZE(intel_recv_pkts));
1056 if (IS_ERR(intel->rx_skb)) {
1057 int err = PTR_ERR(intel->rx_skb);
1058 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1059 intel->rx_skb = NULL;
1060 return err;
1061 }
1062
1063 return count;
1064}
1065
1066static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
1067{
1068 struct intel_data *intel = hu->priv;
1069 struct list_head *p;
1070
1071 BT_DBG("hu %p skb %p", hu, skb);
1072
1073 /* Be sure our controller is resumed and potential LPM transaction
1074 * completed before enqueuing any packet.
1075 */
1076 mutex_lock(&intel_device_list_lock);
1077 list_for_each(p, &intel_device_list) {
1078 struct intel_device *idev = list_entry(p, struct intel_device,
1079 list);
1080
1081 if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1082 pm_runtime_get_sync(&idev->pdev->dev);
1083 pm_runtime_mark_last_busy(&idev->pdev->dev);
1084 pm_runtime_put_autosuspend(&idev->pdev->dev);
1085 break;
1086 }
1087 }
1088 mutex_unlock(&intel_device_list_lock);
1089
1090 skb_queue_tail(&intel->txq, skb);
1091
1092 return 0;
1093}
1094
1095static struct sk_buff *intel_dequeue(struct hci_uart *hu)
1096{
1097 struct intel_data *intel = hu->priv;
1098 struct sk_buff *skb;
1099
1100 skb = skb_dequeue(&intel->txq);
1101 if (!skb)
1102 return skb;
1103
1104 if (test_bit(STATE_BOOTLOADER, &intel->flags) &&
1105 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) {
1106 struct hci_command_hdr *cmd = (void *)skb->data;
1107 __u16 opcode = le16_to_cpu(cmd->opcode);
1108
1109 /* When the 0xfc01 command is issued to boot into
1110 * the operational firmware, it will actually not
1111 * send a command complete event. To keep the flow
1112 * control working inject that event here.
1113 */
1114 if (opcode == 0xfc01)
1115 inject_cmd_complete(hu->hdev, opcode);
1116 }
1117
1118 /* Prepend skb with frame type */
1119 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1120
1121 return skb;
1122}
1123
1124static const struct hci_uart_proto intel_proto = {
1125 .id = HCI_UART_INTEL,
1126 .name = "Intel",
1127 .manufacturer = 2,
1128 .init_speed = 115200,
1129 .oper_speed = 3000000,
1130 .open = intel_open,
1131 .close = intel_close,
1132 .flush = intel_flush,
1133 .setup = intel_setup,
1134 .set_baudrate = intel_set_baudrate,
1135 .recv = intel_recv,
1136 .enqueue = intel_enqueue,
1137 .dequeue = intel_dequeue,
1138};
1139
1140#ifdef CONFIG_ACPI
1141static const struct acpi_device_id intel_acpi_match[] = {
1142 { "INT33E1", 0 },
1143 { },
1144};
1145MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1146#endif
1147
1148#ifdef CONFIG_PM
1149static int intel_suspend_device(struct device *dev)
1150{
1151 struct intel_device *idev = dev_get_drvdata(dev);
1152
1153 mutex_lock(&idev->hu_lock);
1154 if (idev->hu)
1155 intel_lpm_suspend(idev->hu);
1156 mutex_unlock(&idev->hu_lock);
1157
1158 return 0;
1159}
1160
1161static int intel_resume_device(struct device *dev)
1162{
1163 struct intel_device *idev = dev_get_drvdata(dev);
1164
1165 mutex_lock(&idev->hu_lock);
1166 if (idev->hu)
1167 intel_lpm_resume(idev->hu);
1168 mutex_unlock(&idev->hu_lock);
1169
1170 return 0;
1171}
1172#endif
1173
1174#ifdef CONFIG_PM_SLEEP
1175static int intel_suspend(struct device *dev)
1176{
1177 struct intel_device *idev = dev_get_drvdata(dev);
1178
1179 if (device_may_wakeup(dev))
1180 enable_irq_wake(idev->irq);
1181
1182 return intel_suspend_device(dev);
1183}
1184
1185static int intel_resume(struct device *dev)
1186{
1187 struct intel_device *idev = dev_get_drvdata(dev);
1188
1189 if (device_may_wakeup(dev))
1190 disable_irq_wake(idev->irq);
1191
1192 return intel_resume_device(dev);
1193}
1194#endif
1195
1196static const struct dev_pm_ops intel_pm_ops = {
1197 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume)
1198 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL)
1199};
1200
1201static int intel_probe(struct platform_device *pdev)
1202{
1203 struct intel_device *idev;
1204
1205 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL);
1206 if (!idev)
1207 return -ENOMEM;
1208
1209 mutex_init(&idev->hu_lock);
1210
1211 idev->pdev = pdev;
1212
1213 idev->reset = devm_gpiod_get_optional(&pdev->dev, "reset",
1214 GPIOD_OUT_LOW);
1215 if (IS_ERR(idev->reset)) {
1216 dev_err(&pdev->dev, "Unable to retrieve gpio\n");
1217 return PTR_ERR(idev->reset);
1218 }
1219
1220 idev->irq = platform_get_irq(pdev, 0);
1221 if (idev->irq < 0) {
1222 struct gpio_desc *host_wake;
1223
1224 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
1225
1226 host_wake = devm_gpiod_get_optional(&pdev->dev, "host-wake",
1227 GPIOD_IN);
1228 if (IS_ERR(host_wake)) {
1229 dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
1230 goto no_irq;
1231 }
1232
1233 idev->irq = gpiod_to_irq(host_wake);
1234 if (idev->irq < 0) {
1235 dev_err(&pdev->dev, "No corresponding irq for gpio\n");
1236 goto no_irq;
1237 }
1238 }
1239
1240 /* Only enable wake-up/irq when controller is powered */
1241 device_set_wakeup_capable(&pdev->dev, true);
1242 device_wakeup_disable(&pdev->dev);
1243
1244no_irq:
1245 platform_set_drvdata(pdev, idev);
1246
1247 /* Place this instance on the device list */
1248 mutex_lock(&intel_device_list_lock);
1249 list_add_tail(&idev->list, &intel_device_list);
1250 mutex_unlock(&intel_device_list_lock);
1251
1252 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n",
1253 desc_to_gpio(idev->reset), idev->irq);
1254
1255 return 0;
1256}
1257
1258static int intel_remove(struct platform_device *pdev)
1259{
1260 struct intel_device *idev = platform_get_drvdata(pdev);
1261
1262 device_wakeup_disable(&pdev->dev);
1263
1264 mutex_lock(&intel_device_list_lock);
1265 list_del(&idev->list);
1266 mutex_unlock(&intel_device_list_lock);
1267
1268 dev_info(&pdev->dev, "unregistered.\n");
1269
1270 return 0;
1271}
1272
1273static struct platform_driver intel_driver = {
1274 .probe = intel_probe,
1275 .remove = intel_remove,
1276 .driver = {
1277 .name = "hci_intel",
1278 .acpi_match_table = ACPI_PTR(intel_acpi_match),
1279 .pm = &intel_pm_ops,
1280 },
1281};
1282
1283int __init intel_init(void)
1284{
1285 platform_driver_register(&intel_driver);
1286
1287 return hci_uart_register_proto(&intel_proto);
1288}
1289
1290int __exit intel_deinit(void)
1291{
1292 platform_driver_unregister(&intel_driver);
1293
1294 return hci_uart_unregister_proto(&intel_proto);
1295}