Loading...
1/*
2 * Texas Instruments' Bluetooth HCILL UART protocol
3 *
4 * HCILL (HCI Low Level) is a Texas Instruments' power management
5 * protocol extension to H4.
6 *
7 * Copyright (C) 2007 Texas Instruments, Inc.
8 *
9 * Written by Ohad Ben-Cohen <ohad@bencohen.org>
10 *
11 * Acknowledgements:
12 * This file is based on hci_h4.c, which was written
13 * by Maxim Krasnyansky and Marcel Holtmann.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License version 2
17 * as published by the Free Software Foundation
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 *
28 */
29
30#include <linux/module.h>
31#include <linux/kernel.h>
32
33#include <linux/init.h>
34#include <linux/sched.h>
35#include <linux/types.h>
36#include <linux/fcntl.h>
37#include <linux/firmware.h>
38#include <linux/interrupt.h>
39#include <linux/ptrace.h>
40#include <linux/poll.h>
41
42#include <linux/slab.h>
43#include <linux/errno.h>
44#include <linux/string.h>
45#include <linux/signal.h>
46#include <linux/ioctl.h>
47#include <linux/of.h>
48#include <linux/serdev.h>
49#include <linux/skbuff.h>
50#include <linux/ti_wilink_st.h>
51#include <linux/clk.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55#include <linux/gpio/consumer.h>
56#include <linux/nvmem-consumer.h>
57
58#include "hci_uart.h"
59
60/* Vendor-specific HCI commands */
61#define HCI_VS_WRITE_BD_ADDR 0xfc06
62#define HCI_VS_UPDATE_UART_HCI_BAUDRATE 0xff36
63
64/* HCILL commands */
65#define HCILL_GO_TO_SLEEP_IND 0x30
66#define HCILL_GO_TO_SLEEP_ACK 0x31
67#define HCILL_WAKE_UP_IND 0x32
68#define HCILL_WAKE_UP_ACK 0x33
69
70/* HCILL states */
71enum hcill_states_e {
72 HCILL_ASLEEP,
73 HCILL_ASLEEP_TO_AWAKE,
74 HCILL_AWAKE,
75 HCILL_AWAKE_TO_ASLEEP
76};
77
78struct ll_device {
79 struct hci_uart hu;
80 struct serdev_device *serdev;
81 struct gpio_desc *enable_gpio;
82 struct clk *ext_clk;
83 bdaddr_t bdaddr;
84};
85
86struct ll_struct {
87 struct sk_buff *rx_skb;
88 struct sk_buff_head txq;
89 spinlock_t hcill_lock; /* HCILL state lock */
90 unsigned long hcill_state; /* HCILL power state */
91 struct sk_buff_head tx_wait_q; /* HCILL wait queue */
92};
93
94/*
95 * Builds and sends an HCILL command packet.
96 * These are very simple packets with only 1 cmd byte
97 */
98static int send_hcill_cmd(u8 cmd, struct hci_uart *hu)
99{
100 int err = 0;
101 struct sk_buff *skb = NULL;
102 struct ll_struct *ll = hu->priv;
103
104 BT_DBG("hu %p cmd 0x%x", hu, cmd);
105
106 /* allocate packet */
107 skb = bt_skb_alloc(1, GFP_ATOMIC);
108 if (!skb) {
109 BT_ERR("cannot allocate memory for HCILL packet");
110 err = -ENOMEM;
111 goto out;
112 }
113
114 /* prepare packet */
115 skb_put_u8(skb, cmd);
116
117 /* send packet */
118 skb_queue_tail(&ll->txq, skb);
119out:
120 return err;
121}
122
123/* Initialize protocol */
124static int ll_open(struct hci_uart *hu)
125{
126 struct ll_struct *ll;
127
128 BT_DBG("hu %p", hu);
129
130 ll = kzalloc(sizeof(*ll), GFP_KERNEL);
131 if (!ll)
132 return -ENOMEM;
133
134 skb_queue_head_init(&ll->txq);
135 skb_queue_head_init(&ll->tx_wait_q);
136 spin_lock_init(&ll->hcill_lock);
137
138 ll->hcill_state = HCILL_AWAKE;
139
140 hu->priv = ll;
141
142 if (hu->serdev) {
143 struct ll_device *lldev = serdev_device_get_drvdata(hu->serdev);
144 serdev_device_open(hu->serdev);
145 if (!IS_ERR(lldev->ext_clk))
146 clk_prepare_enable(lldev->ext_clk);
147 }
148
149 return 0;
150}
151
152/* Flush protocol data */
153static int ll_flush(struct hci_uart *hu)
154{
155 struct ll_struct *ll = hu->priv;
156
157 BT_DBG("hu %p", hu);
158
159 skb_queue_purge(&ll->tx_wait_q);
160 skb_queue_purge(&ll->txq);
161
162 return 0;
163}
164
165/* Close protocol */
166static int ll_close(struct hci_uart *hu)
167{
168 struct ll_struct *ll = hu->priv;
169
170 BT_DBG("hu %p", hu);
171
172 skb_queue_purge(&ll->tx_wait_q);
173 skb_queue_purge(&ll->txq);
174
175 kfree_skb(ll->rx_skb);
176
177 if (hu->serdev) {
178 struct ll_device *lldev = serdev_device_get_drvdata(hu->serdev);
179 gpiod_set_value_cansleep(lldev->enable_gpio, 0);
180
181 clk_disable_unprepare(lldev->ext_clk);
182
183 serdev_device_close(hu->serdev);
184 }
185
186 hu->priv = NULL;
187
188 kfree(ll);
189
190 return 0;
191}
192
193/*
194 * internal function, which does common work of the device wake up process:
195 * 1. places all pending packets (waiting in tx_wait_q list) in txq list.
196 * 2. changes internal state to HCILL_AWAKE.
197 * Note: assumes that hcill_lock spinlock is taken,
198 * shouldn't be called otherwise!
199 */
200static void __ll_do_awake(struct ll_struct *ll)
201{
202 struct sk_buff *skb = NULL;
203
204 while ((skb = skb_dequeue(&ll->tx_wait_q)))
205 skb_queue_tail(&ll->txq, skb);
206
207 ll->hcill_state = HCILL_AWAKE;
208}
209
210/*
211 * Called upon a wake-up-indication from the device
212 */
213static void ll_device_want_to_wakeup(struct hci_uart *hu)
214{
215 unsigned long flags;
216 struct ll_struct *ll = hu->priv;
217
218 BT_DBG("hu %p", hu);
219
220 /* lock hcill state */
221 spin_lock_irqsave(&ll->hcill_lock, flags);
222
223 switch (ll->hcill_state) {
224 case HCILL_ASLEEP_TO_AWAKE:
225 /*
226 * This state means that both the host and the BRF chip
227 * have simultaneously sent a wake-up-indication packet.
228 * Traditionally, in this case, receiving a wake-up-indication
229 * was enough and an additional wake-up-ack wasn't needed.
230 * This has changed with the BRF6350, which does require an
231 * explicit wake-up-ack. Other BRF versions, which do not
232 * require an explicit ack here, do accept it, thus it is
233 * perfectly safe to always send one.
234 */
235 BT_DBG("dual wake-up-indication");
236 /* fall through */
237 case HCILL_ASLEEP:
238 /* acknowledge device wake up */
239 if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) {
240 BT_ERR("cannot acknowledge device wake up");
241 goto out;
242 }
243 break;
244 default:
245 /* any other state is illegal */
246 BT_ERR("received HCILL_WAKE_UP_IND in state %ld", ll->hcill_state);
247 break;
248 }
249
250 /* send pending packets and change state to HCILL_AWAKE */
251 __ll_do_awake(ll);
252
253out:
254 spin_unlock_irqrestore(&ll->hcill_lock, flags);
255
256 /* actually send the packets */
257 hci_uart_tx_wakeup(hu);
258}
259
260/*
261 * Called upon a sleep-indication from the device
262 */
263static void ll_device_want_to_sleep(struct hci_uart *hu)
264{
265 unsigned long flags;
266 struct ll_struct *ll = hu->priv;
267
268 BT_DBG("hu %p", hu);
269
270 /* lock hcill state */
271 spin_lock_irqsave(&ll->hcill_lock, flags);
272
273 /* sanity check */
274 if (ll->hcill_state != HCILL_AWAKE)
275 BT_ERR("ERR: HCILL_GO_TO_SLEEP_IND in state %ld", ll->hcill_state);
276
277 /* acknowledge device sleep */
278 if (send_hcill_cmd(HCILL_GO_TO_SLEEP_ACK, hu) < 0) {
279 BT_ERR("cannot acknowledge device sleep");
280 goto out;
281 }
282
283 /* update state */
284 ll->hcill_state = HCILL_ASLEEP;
285
286out:
287 spin_unlock_irqrestore(&ll->hcill_lock, flags);
288
289 /* actually send the sleep ack packet */
290 hci_uart_tx_wakeup(hu);
291}
292
293/*
294 * Called upon wake-up-acknowledgement from the device
295 */
296static void ll_device_woke_up(struct hci_uart *hu)
297{
298 unsigned long flags;
299 struct ll_struct *ll = hu->priv;
300
301 BT_DBG("hu %p", hu);
302
303 /* lock hcill state */
304 spin_lock_irqsave(&ll->hcill_lock, flags);
305
306 /* sanity check */
307 if (ll->hcill_state != HCILL_ASLEEP_TO_AWAKE)
308 BT_ERR("received HCILL_WAKE_UP_ACK in state %ld", ll->hcill_state);
309
310 /* send pending packets and change state to HCILL_AWAKE */
311 __ll_do_awake(ll);
312
313 spin_unlock_irqrestore(&ll->hcill_lock, flags);
314
315 /* actually send the packets */
316 hci_uart_tx_wakeup(hu);
317}
318
319/* Enqueue frame for transmittion (padding, crc, etc) */
320/* may be called from two simultaneous tasklets */
321static int ll_enqueue(struct hci_uart *hu, struct sk_buff *skb)
322{
323 unsigned long flags = 0;
324 struct ll_struct *ll = hu->priv;
325
326 BT_DBG("hu %p skb %p", hu, skb);
327
328 /* Prepend skb with frame type */
329 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
330
331 /* lock hcill state */
332 spin_lock_irqsave(&ll->hcill_lock, flags);
333
334 /* act according to current state */
335 switch (ll->hcill_state) {
336 case HCILL_AWAKE:
337 BT_DBG("device awake, sending normally");
338 skb_queue_tail(&ll->txq, skb);
339 break;
340 case HCILL_ASLEEP:
341 BT_DBG("device asleep, waking up and queueing packet");
342 /* save packet for later */
343 skb_queue_tail(&ll->tx_wait_q, skb);
344 /* awake device */
345 if (send_hcill_cmd(HCILL_WAKE_UP_IND, hu) < 0) {
346 BT_ERR("cannot wake up device");
347 break;
348 }
349 ll->hcill_state = HCILL_ASLEEP_TO_AWAKE;
350 break;
351 case HCILL_ASLEEP_TO_AWAKE:
352 BT_DBG("device waking up, queueing packet");
353 /* transient state; just keep packet for later */
354 skb_queue_tail(&ll->tx_wait_q, skb);
355 break;
356 default:
357 BT_ERR("illegal hcill state: %ld (losing packet)", ll->hcill_state);
358 kfree_skb(skb);
359 break;
360 }
361
362 spin_unlock_irqrestore(&ll->hcill_lock, flags);
363
364 return 0;
365}
366
367static int ll_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 struct hci_uart *hu = hci_get_drvdata(hdev);
370 struct ll_struct *ll = hu->priv;
371
372 switch (hci_skb_pkt_type(skb)) {
373 case HCILL_GO_TO_SLEEP_IND:
374 BT_DBG("HCILL_GO_TO_SLEEP_IND packet");
375 ll_device_want_to_sleep(hu);
376 break;
377 case HCILL_GO_TO_SLEEP_ACK:
378 /* shouldn't happen */
379 bt_dev_err(hdev, "received HCILL_GO_TO_SLEEP_ACK in state %ld",
380 ll->hcill_state);
381 break;
382 case HCILL_WAKE_UP_IND:
383 BT_DBG("HCILL_WAKE_UP_IND packet");
384 ll_device_want_to_wakeup(hu);
385 break;
386 case HCILL_WAKE_UP_ACK:
387 BT_DBG("HCILL_WAKE_UP_ACK packet");
388 ll_device_woke_up(hu);
389 break;
390 }
391
392 kfree_skb(skb);
393 return 0;
394}
395
396#define LL_RECV_SLEEP_IND \
397 .type = HCILL_GO_TO_SLEEP_IND, \
398 .hlen = 0, \
399 .loff = 0, \
400 .lsize = 0, \
401 .maxlen = 0
402
403#define LL_RECV_SLEEP_ACK \
404 .type = HCILL_GO_TO_SLEEP_ACK, \
405 .hlen = 0, \
406 .loff = 0, \
407 .lsize = 0, \
408 .maxlen = 0
409
410#define LL_RECV_WAKE_IND \
411 .type = HCILL_WAKE_UP_IND, \
412 .hlen = 0, \
413 .loff = 0, \
414 .lsize = 0, \
415 .maxlen = 0
416
417#define LL_RECV_WAKE_ACK \
418 .type = HCILL_WAKE_UP_ACK, \
419 .hlen = 0, \
420 .loff = 0, \
421 .lsize = 0, \
422 .maxlen = 0
423
424static const struct h4_recv_pkt ll_recv_pkts[] = {
425 { H4_RECV_ACL, .recv = hci_recv_frame },
426 { H4_RECV_SCO, .recv = hci_recv_frame },
427 { H4_RECV_EVENT, .recv = hci_recv_frame },
428 { LL_RECV_SLEEP_IND, .recv = ll_recv_frame },
429 { LL_RECV_SLEEP_ACK, .recv = ll_recv_frame },
430 { LL_RECV_WAKE_IND, .recv = ll_recv_frame },
431 { LL_RECV_WAKE_ACK, .recv = ll_recv_frame },
432};
433
434/* Recv data */
435static int ll_recv(struct hci_uart *hu, const void *data, int count)
436{
437 struct ll_struct *ll = hu->priv;
438
439 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
440 return -EUNATCH;
441
442 ll->rx_skb = h4_recv_buf(hu->hdev, ll->rx_skb, data, count,
443 ll_recv_pkts, ARRAY_SIZE(ll_recv_pkts));
444 if (IS_ERR(ll->rx_skb)) {
445 int err = PTR_ERR(ll->rx_skb);
446 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
447 ll->rx_skb = NULL;
448 return err;
449 }
450
451 return count;
452}
453
454static struct sk_buff *ll_dequeue(struct hci_uart *hu)
455{
456 struct ll_struct *ll = hu->priv;
457 return skb_dequeue(&ll->txq);
458}
459
460#if IS_ENABLED(CONFIG_SERIAL_DEV_BUS)
461static int read_local_version(struct hci_dev *hdev)
462{
463 int err = 0;
464 unsigned short version = 0;
465 struct sk_buff *skb;
466 struct hci_rp_read_local_version *ver;
467
468 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, HCI_INIT_TIMEOUT);
469 if (IS_ERR(skb)) {
470 bt_dev_err(hdev, "Reading TI version information failed (%ld)",
471 PTR_ERR(skb));
472 return PTR_ERR(skb);
473 }
474 if (skb->len != sizeof(*ver)) {
475 err = -EILSEQ;
476 goto out;
477 }
478
479 ver = (struct hci_rp_read_local_version *)skb->data;
480 if (le16_to_cpu(ver->manufacturer) != 13) {
481 err = -ENODEV;
482 goto out;
483 }
484
485 version = le16_to_cpu(ver->lmp_subver);
486
487out:
488 if (err) bt_dev_err(hdev, "Failed to read TI version info: %d", err);
489 kfree_skb(skb);
490 return err ? err : version;
491}
492
493/**
494 * download_firmware -
495 * internal function which parses through the .bts firmware
496 * script file intreprets SEND, DELAY actions only as of now
497 */
498static int download_firmware(struct ll_device *lldev)
499{
500 unsigned short chip, min_ver, maj_ver;
501 int version, err, len;
502 unsigned char *ptr, *action_ptr;
503 unsigned char bts_scr_name[40]; /* 40 char long bts scr name? */
504 const struct firmware *fw;
505 struct sk_buff *skb;
506 struct hci_command *cmd;
507
508 version = read_local_version(lldev->hu.hdev);
509 if (version < 0)
510 return version;
511
512 chip = (version & 0x7C00) >> 10;
513 min_ver = (version & 0x007F);
514 maj_ver = (version & 0x0380) >> 7;
515 if (version & 0x8000)
516 maj_ver |= 0x0008;
517
518 snprintf(bts_scr_name, sizeof(bts_scr_name),
519 "ti-connectivity/TIInit_%d.%d.%d.bts",
520 chip, maj_ver, min_ver);
521
522 err = request_firmware(&fw, bts_scr_name, &lldev->serdev->dev);
523 if (err || !fw->data || !fw->size) {
524 bt_dev_err(lldev->hu.hdev, "request_firmware failed(errno %d) for %s",
525 err, bts_scr_name);
526 return -EINVAL;
527 }
528 ptr = (void *)fw->data;
529 len = fw->size;
530 /* bts_header to remove out magic number and
531 * version
532 */
533 ptr += sizeof(struct bts_header);
534 len -= sizeof(struct bts_header);
535
536 while (len > 0 && ptr) {
537 bt_dev_dbg(lldev->hu.hdev, " action size %d, type %d ",
538 ((struct bts_action *)ptr)->size,
539 ((struct bts_action *)ptr)->type);
540
541 action_ptr = &(((struct bts_action *)ptr)->data[0]);
542
543 switch (((struct bts_action *)ptr)->type) {
544 case ACTION_SEND_COMMAND: /* action send */
545 bt_dev_dbg(lldev->hu.hdev, "S");
546 cmd = (struct hci_command *)action_ptr;
547 if (cmd->opcode == HCI_VS_UPDATE_UART_HCI_BAUDRATE) {
548 /* ignore remote change
549 * baud rate HCI VS command
550 */
551 bt_dev_warn(lldev->hu.hdev, "change remote baud rate command in firmware");
552 break;
553 }
554 if (cmd->prefix != 1)
555 bt_dev_dbg(lldev->hu.hdev, "command type %d", cmd->prefix);
556
557 skb = __hci_cmd_sync(lldev->hu.hdev, cmd->opcode, cmd->plen, &cmd->speed, HCI_INIT_TIMEOUT);
558 if (IS_ERR(skb)) {
559 bt_dev_err(lldev->hu.hdev, "send command failed");
560 err = PTR_ERR(skb);
561 goto out_rel_fw;
562 }
563 kfree_skb(skb);
564 break;
565 case ACTION_WAIT_EVENT: /* wait */
566 /* no need to wait as command was synchronous */
567 bt_dev_dbg(lldev->hu.hdev, "W");
568 break;
569 case ACTION_DELAY: /* sleep */
570 bt_dev_info(lldev->hu.hdev, "sleep command in scr");
571 msleep(((struct bts_action_delay *)action_ptr)->msec);
572 break;
573 }
574 len -= (sizeof(struct bts_action) +
575 ((struct bts_action *)ptr)->size);
576 ptr += sizeof(struct bts_action) +
577 ((struct bts_action *)ptr)->size;
578 }
579
580out_rel_fw:
581 /* fw download complete */
582 release_firmware(fw);
583 return err;
584}
585
586static int ll_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
587{
588 bdaddr_t bdaddr_swapped;
589 struct sk_buff *skb;
590
591 /* HCI_VS_WRITE_BD_ADDR (at least on a CC2560A chip) expects the BD
592 * address to be MSB first, but bdaddr_t has the convention of being
593 * LSB first.
594 */
595 baswap(&bdaddr_swapped, bdaddr);
596 skb = __hci_cmd_sync(hdev, HCI_VS_WRITE_BD_ADDR, sizeof(bdaddr_t),
597 &bdaddr_swapped, HCI_INIT_TIMEOUT);
598 if (!IS_ERR(skb))
599 kfree_skb(skb);
600
601 return PTR_ERR_OR_ZERO(skb);
602}
603
604static int ll_setup(struct hci_uart *hu)
605{
606 int err, retry = 3;
607 struct ll_device *lldev;
608 struct serdev_device *serdev = hu->serdev;
609 u32 speed;
610
611 if (!serdev)
612 return 0;
613
614 lldev = serdev_device_get_drvdata(serdev);
615
616 hu->hdev->set_bdaddr = ll_set_bdaddr;
617
618 serdev_device_set_flow_control(serdev, true);
619
620 do {
621 /* Reset the Bluetooth device */
622 gpiod_set_value_cansleep(lldev->enable_gpio, 0);
623 msleep(5);
624 gpiod_set_value_cansleep(lldev->enable_gpio, 1);
625 err = serdev_device_wait_for_cts(serdev, true, 200);
626 if (err) {
627 bt_dev_err(hu->hdev, "Failed to get CTS");
628 return err;
629 }
630
631 err = download_firmware(lldev);
632 if (!err)
633 break;
634
635 /* Toggle BT_EN and retry */
636 bt_dev_err(hu->hdev, "download firmware failed, retrying...");
637 } while (retry--);
638
639 if (err)
640 return err;
641
642 /* Set BD address if one was specified at probe */
643 if (!bacmp(&lldev->bdaddr, BDADDR_NONE)) {
644 /* This means that there was an error getting the BD address
645 * during probe, so mark the device as having a bad address.
646 */
647 set_bit(HCI_QUIRK_INVALID_BDADDR, &hu->hdev->quirks);
648 } else if (bacmp(&lldev->bdaddr, BDADDR_ANY)) {
649 err = ll_set_bdaddr(hu->hdev, &lldev->bdaddr);
650 if (err)
651 set_bit(HCI_QUIRK_INVALID_BDADDR, &hu->hdev->quirks);
652 }
653
654 /* Operational speed if any */
655 if (hu->oper_speed)
656 speed = hu->oper_speed;
657 else if (hu->proto->oper_speed)
658 speed = hu->proto->oper_speed;
659 else
660 speed = 0;
661
662 if (speed) {
663 __le32 speed_le = cpu_to_le32(speed);
664 struct sk_buff *skb;
665
666 skb = __hci_cmd_sync(hu->hdev, HCI_VS_UPDATE_UART_HCI_BAUDRATE,
667 sizeof(speed_le), &speed_le,
668 HCI_INIT_TIMEOUT);
669 if (!IS_ERR(skb)) {
670 kfree_skb(skb);
671 serdev_device_set_baudrate(serdev, speed);
672 }
673 }
674
675 return 0;
676}
677
678static const struct hci_uart_proto llp;
679
680static int hci_ti_probe(struct serdev_device *serdev)
681{
682 struct hci_uart *hu;
683 struct ll_device *lldev;
684 struct nvmem_cell *bdaddr_cell;
685 u32 max_speed = 3000000;
686
687 lldev = devm_kzalloc(&serdev->dev, sizeof(struct ll_device), GFP_KERNEL);
688 if (!lldev)
689 return -ENOMEM;
690 hu = &lldev->hu;
691
692 serdev_device_set_drvdata(serdev, lldev);
693 lldev->serdev = hu->serdev = serdev;
694
695 lldev->enable_gpio = devm_gpiod_get_optional(&serdev->dev, "enable", GPIOD_OUT_LOW);
696 if (IS_ERR(lldev->enable_gpio))
697 return PTR_ERR(lldev->enable_gpio);
698
699 lldev->ext_clk = devm_clk_get(&serdev->dev, "ext_clock");
700 if (IS_ERR(lldev->ext_clk) && PTR_ERR(lldev->ext_clk) != -ENOENT)
701 return PTR_ERR(lldev->ext_clk);
702
703 of_property_read_u32(serdev->dev.of_node, "max-speed", &max_speed);
704 hci_uart_set_speeds(hu, 115200, max_speed);
705
706 /* optional BD address from nvram */
707 bdaddr_cell = nvmem_cell_get(&serdev->dev, "bd-address");
708 if (IS_ERR(bdaddr_cell)) {
709 int err = PTR_ERR(bdaddr_cell);
710
711 if (err == -EPROBE_DEFER)
712 return err;
713
714 /* ENOENT means there is no matching nvmem cell and ENOSYS
715 * means that nvmem is not enabled in the kernel configuration.
716 */
717 if (err != -ENOENT && err != -ENOSYS) {
718 /* If there was some other error, give userspace a
719 * chance to fix the problem instead of failing to load
720 * the driver. Using BDADDR_NONE as a flag that is
721 * tested later in the setup function.
722 */
723 dev_warn(&serdev->dev,
724 "Failed to get \"bd-address\" nvmem cell (%d)\n",
725 err);
726 bacpy(&lldev->bdaddr, BDADDR_NONE);
727 }
728 } else {
729 bdaddr_t *bdaddr;
730 size_t len;
731
732 bdaddr = nvmem_cell_read(bdaddr_cell, &len);
733 nvmem_cell_put(bdaddr_cell);
734 if (IS_ERR(bdaddr)) {
735 dev_err(&serdev->dev, "Failed to read nvmem bd-address\n");
736 return PTR_ERR(bdaddr);
737 }
738 if (len != sizeof(bdaddr_t)) {
739 dev_err(&serdev->dev, "Invalid nvmem bd-address length\n");
740 kfree(bdaddr);
741 return -EINVAL;
742 }
743
744 /* As per the device tree bindings, the value from nvmem is
745 * expected to be MSB first, but in the kernel it is expected
746 * that bdaddr_t is LSB first.
747 */
748 baswap(&lldev->bdaddr, bdaddr);
749 kfree(bdaddr);
750 }
751
752 return hci_uart_register_device(hu, &llp);
753}
754
755static void hci_ti_remove(struct serdev_device *serdev)
756{
757 struct ll_device *lldev = serdev_device_get_drvdata(serdev);
758
759 hci_uart_unregister_device(&lldev->hu);
760}
761
762static const struct of_device_id hci_ti_of_match[] = {
763 { .compatible = "ti,cc2560" },
764 { .compatible = "ti,wl1271-st" },
765 { .compatible = "ti,wl1273-st" },
766 { .compatible = "ti,wl1281-st" },
767 { .compatible = "ti,wl1283-st" },
768 { .compatible = "ti,wl1285-st" },
769 { .compatible = "ti,wl1801-st" },
770 { .compatible = "ti,wl1805-st" },
771 { .compatible = "ti,wl1807-st" },
772 { .compatible = "ti,wl1831-st" },
773 { .compatible = "ti,wl1835-st" },
774 { .compatible = "ti,wl1837-st" },
775 {},
776};
777MODULE_DEVICE_TABLE(of, hci_ti_of_match);
778
779static struct serdev_device_driver hci_ti_drv = {
780 .driver = {
781 .name = "hci-ti",
782 .of_match_table = of_match_ptr(hci_ti_of_match),
783 },
784 .probe = hci_ti_probe,
785 .remove = hci_ti_remove,
786};
787#else
788#define ll_setup NULL
789#endif
790
791static const struct hci_uart_proto llp = {
792 .id = HCI_UART_LL,
793 .name = "LL",
794 .setup = ll_setup,
795 .open = ll_open,
796 .close = ll_close,
797 .recv = ll_recv,
798 .enqueue = ll_enqueue,
799 .dequeue = ll_dequeue,
800 .flush = ll_flush,
801};
802
803int __init ll_init(void)
804{
805 serdev_device_driver_register(&hci_ti_drv);
806
807 return hci_uart_register_proto(&llp);
808}
809
810int __exit ll_deinit(void)
811{
812 serdev_device_driver_unregister(&hci_ti_drv);
813
814 return hci_uart_unregister_proto(&llp);
815}
1/*
2 * Texas Instruments' Bluetooth HCILL UART protocol
3 *
4 * HCILL (HCI Low Level) is a Texas Instruments' power management
5 * protocol extension to H4.
6 *
7 * Copyright (C) 2007 Texas Instruments, Inc.
8 *
9 * Written by Ohad Ben-Cohen <ohad@bencohen.org>
10 *
11 * Acknowledgements:
12 * This file is based on hci_h4.c, which was written
13 * by Maxim Krasnyansky and Marcel Holtmann.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License version 2
17 * as published by the Free Software Foundation
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 *
28 */
29
30#include <linux/module.h>
31#include <linux/kernel.h>
32
33#include <linux/init.h>
34#include <linux/sched.h>
35#include <linux/types.h>
36#include <linux/fcntl.h>
37#include <linux/interrupt.h>
38#include <linux/ptrace.h>
39#include <linux/poll.h>
40
41#include <linux/slab.h>
42#include <linux/tty.h>
43#include <linux/errno.h>
44#include <linux/string.h>
45#include <linux/signal.h>
46#include <linux/ioctl.h>
47#include <linux/skbuff.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51
52#include "hci_uart.h"
53
54/* HCILL commands */
55#define HCILL_GO_TO_SLEEP_IND 0x30
56#define HCILL_GO_TO_SLEEP_ACK 0x31
57#define HCILL_WAKE_UP_IND 0x32
58#define HCILL_WAKE_UP_ACK 0x33
59
60/* HCILL receiver States */
61#define HCILL_W4_PACKET_TYPE 0
62#define HCILL_W4_EVENT_HDR 1
63#define HCILL_W4_ACL_HDR 2
64#define HCILL_W4_SCO_HDR 3
65#define HCILL_W4_DATA 4
66
67/* HCILL states */
68enum hcill_states_e {
69 HCILL_ASLEEP,
70 HCILL_ASLEEP_TO_AWAKE,
71 HCILL_AWAKE,
72 HCILL_AWAKE_TO_ASLEEP
73};
74
75struct hcill_cmd {
76 u8 cmd;
77} __packed;
78
79struct ll_struct {
80 unsigned long rx_state;
81 unsigned long rx_count;
82 struct sk_buff *rx_skb;
83 struct sk_buff_head txq;
84 spinlock_t hcill_lock; /* HCILL state lock */
85 unsigned long hcill_state; /* HCILL power state */
86 struct sk_buff_head tx_wait_q; /* HCILL wait queue */
87};
88
89/*
90 * Builds and sends an HCILL command packet.
91 * These are very simple packets with only 1 cmd byte
92 */
93static int send_hcill_cmd(u8 cmd, struct hci_uart *hu)
94{
95 int err = 0;
96 struct sk_buff *skb = NULL;
97 struct ll_struct *ll = hu->priv;
98 struct hcill_cmd *hcill_packet;
99
100 BT_DBG("hu %p cmd 0x%x", hu, cmd);
101
102 /* allocate packet */
103 skb = bt_skb_alloc(1, GFP_ATOMIC);
104 if (!skb) {
105 BT_ERR("cannot allocate memory for HCILL packet");
106 err = -ENOMEM;
107 goto out;
108 }
109
110 /* prepare packet */
111 hcill_packet = (struct hcill_cmd *) skb_put(skb, 1);
112 hcill_packet->cmd = cmd;
113
114 /* send packet */
115 skb_queue_tail(&ll->txq, skb);
116out:
117 return err;
118}
119
120/* Initialize protocol */
121static int ll_open(struct hci_uart *hu)
122{
123 struct ll_struct *ll;
124
125 BT_DBG("hu %p", hu);
126
127 ll = kzalloc(sizeof(*ll), GFP_KERNEL);
128 if (!ll)
129 return -ENOMEM;
130
131 skb_queue_head_init(&ll->txq);
132 skb_queue_head_init(&ll->tx_wait_q);
133 spin_lock_init(&ll->hcill_lock);
134
135 ll->hcill_state = HCILL_AWAKE;
136
137 hu->priv = ll;
138
139 return 0;
140}
141
142/* Flush protocol data */
143static int ll_flush(struct hci_uart *hu)
144{
145 struct ll_struct *ll = hu->priv;
146
147 BT_DBG("hu %p", hu);
148
149 skb_queue_purge(&ll->tx_wait_q);
150 skb_queue_purge(&ll->txq);
151
152 return 0;
153}
154
155/* Close protocol */
156static int ll_close(struct hci_uart *hu)
157{
158 struct ll_struct *ll = hu->priv;
159
160 BT_DBG("hu %p", hu);
161
162 skb_queue_purge(&ll->tx_wait_q);
163 skb_queue_purge(&ll->txq);
164
165 kfree_skb(ll->rx_skb);
166
167 hu->priv = NULL;
168
169 kfree(ll);
170
171 return 0;
172}
173
174/*
175 * internal function, which does common work of the device wake up process:
176 * 1. places all pending packets (waiting in tx_wait_q list) in txq list.
177 * 2. changes internal state to HCILL_AWAKE.
178 * Note: assumes that hcill_lock spinlock is taken,
179 * shouldn't be called otherwise!
180 */
181static void __ll_do_awake(struct ll_struct *ll)
182{
183 struct sk_buff *skb = NULL;
184
185 while ((skb = skb_dequeue(&ll->tx_wait_q)))
186 skb_queue_tail(&ll->txq, skb);
187
188 ll->hcill_state = HCILL_AWAKE;
189}
190
191/*
192 * Called upon a wake-up-indication from the device
193 */
194static void ll_device_want_to_wakeup(struct hci_uart *hu)
195{
196 unsigned long flags;
197 struct ll_struct *ll = hu->priv;
198
199 BT_DBG("hu %p", hu);
200
201 /* lock hcill state */
202 spin_lock_irqsave(&ll->hcill_lock, flags);
203
204 switch (ll->hcill_state) {
205 case HCILL_ASLEEP_TO_AWAKE:
206 /*
207 * This state means that both the host and the BRF chip
208 * have simultaneously sent a wake-up-indication packet.
209 * Traditionally, in this case, receiving a wake-up-indication
210 * was enough and an additional wake-up-ack wasn't needed.
211 * This has changed with the BRF6350, which does require an
212 * explicit wake-up-ack. Other BRF versions, which do not
213 * require an explicit ack here, do accept it, thus it is
214 * perfectly safe to always send one.
215 */
216 BT_DBG("dual wake-up-indication");
217 /* deliberate fall-through - do not add break */
218 case HCILL_ASLEEP:
219 /* acknowledge device wake up */
220 if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) {
221 BT_ERR("cannot acknowledge device wake up");
222 goto out;
223 }
224 break;
225 default:
226 /* any other state is illegal */
227 BT_ERR("received HCILL_WAKE_UP_IND in state %ld", ll->hcill_state);
228 break;
229 }
230
231 /* send pending packets and change state to HCILL_AWAKE */
232 __ll_do_awake(ll);
233
234out:
235 spin_unlock_irqrestore(&ll->hcill_lock, flags);
236
237 /* actually send the packets */
238 hci_uart_tx_wakeup(hu);
239}
240
241/*
242 * Called upon a sleep-indication from the device
243 */
244static void ll_device_want_to_sleep(struct hci_uart *hu)
245{
246 unsigned long flags;
247 struct ll_struct *ll = hu->priv;
248
249 BT_DBG("hu %p", hu);
250
251 /* lock hcill state */
252 spin_lock_irqsave(&ll->hcill_lock, flags);
253
254 /* sanity check */
255 if (ll->hcill_state != HCILL_AWAKE)
256 BT_ERR("ERR: HCILL_GO_TO_SLEEP_IND in state %ld", ll->hcill_state);
257
258 /* acknowledge device sleep */
259 if (send_hcill_cmd(HCILL_GO_TO_SLEEP_ACK, hu) < 0) {
260 BT_ERR("cannot acknowledge device sleep");
261 goto out;
262 }
263
264 /* update state */
265 ll->hcill_state = HCILL_ASLEEP;
266
267out:
268 spin_unlock_irqrestore(&ll->hcill_lock, flags);
269
270 /* actually send the sleep ack packet */
271 hci_uart_tx_wakeup(hu);
272}
273
274/*
275 * Called upon wake-up-acknowledgement from the device
276 */
277static void ll_device_woke_up(struct hci_uart *hu)
278{
279 unsigned long flags;
280 struct ll_struct *ll = hu->priv;
281
282 BT_DBG("hu %p", hu);
283
284 /* lock hcill state */
285 spin_lock_irqsave(&ll->hcill_lock, flags);
286
287 /* sanity check */
288 if (ll->hcill_state != HCILL_ASLEEP_TO_AWAKE)
289 BT_ERR("received HCILL_WAKE_UP_ACK in state %ld", ll->hcill_state);
290
291 /* send pending packets and change state to HCILL_AWAKE */
292 __ll_do_awake(ll);
293
294 spin_unlock_irqrestore(&ll->hcill_lock, flags);
295
296 /* actually send the packets */
297 hci_uart_tx_wakeup(hu);
298}
299
300/* Enqueue frame for transmittion (padding, crc, etc) */
301/* may be called from two simultaneous tasklets */
302static int ll_enqueue(struct hci_uart *hu, struct sk_buff *skb)
303{
304 unsigned long flags = 0;
305 struct ll_struct *ll = hu->priv;
306
307 BT_DBG("hu %p skb %p", hu, skb);
308
309 /* Prepend skb with frame type */
310 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
311
312 /* lock hcill state */
313 spin_lock_irqsave(&ll->hcill_lock, flags);
314
315 /* act according to current state */
316 switch (ll->hcill_state) {
317 case HCILL_AWAKE:
318 BT_DBG("device awake, sending normally");
319 skb_queue_tail(&ll->txq, skb);
320 break;
321 case HCILL_ASLEEP:
322 BT_DBG("device asleep, waking up and queueing packet");
323 /* save packet for later */
324 skb_queue_tail(&ll->tx_wait_q, skb);
325 /* awake device */
326 if (send_hcill_cmd(HCILL_WAKE_UP_IND, hu) < 0) {
327 BT_ERR("cannot wake up device");
328 break;
329 }
330 ll->hcill_state = HCILL_ASLEEP_TO_AWAKE;
331 break;
332 case HCILL_ASLEEP_TO_AWAKE:
333 BT_DBG("device waking up, queueing packet");
334 /* transient state; just keep packet for later */
335 skb_queue_tail(&ll->tx_wait_q, skb);
336 break;
337 default:
338 BT_ERR("illegal hcill state: %ld (losing packet)", ll->hcill_state);
339 kfree_skb(skb);
340 break;
341 }
342
343 spin_unlock_irqrestore(&ll->hcill_lock, flags);
344
345 return 0;
346}
347
348static inline int ll_check_data_len(struct hci_dev *hdev, struct ll_struct *ll, int len)
349{
350 int room = skb_tailroom(ll->rx_skb);
351
352 BT_DBG("len %d room %d", len, room);
353
354 if (!len) {
355 hci_recv_frame(hdev, ll->rx_skb);
356 } else if (len > room) {
357 BT_ERR("Data length is too large");
358 kfree_skb(ll->rx_skb);
359 } else {
360 ll->rx_state = HCILL_W4_DATA;
361 ll->rx_count = len;
362 return len;
363 }
364
365 ll->rx_state = HCILL_W4_PACKET_TYPE;
366 ll->rx_skb = NULL;
367 ll->rx_count = 0;
368
369 return 0;
370}
371
372/* Recv data */
373static int ll_recv(struct hci_uart *hu, const void *data, int count)
374{
375 struct ll_struct *ll = hu->priv;
376 const char *ptr;
377 struct hci_event_hdr *eh;
378 struct hci_acl_hdr *ah;
379 struct hci_sco_hdr *sh;
380 int len, type, dlen;
381
382 BT_DBG("hu %p count %d rx_state %ld rx_count %ld", hu, count, ll->rx_state, ll->rx_count);
383
384 ptr = data;
385 while (count) {
386 if (ll->rx_count) {
387 len = min_t(unsigned int, ll->rx_count, count);
388 memcpy(skb_put(ll->rx_skb, len), ptr, len);
389 ll->rx_count -= len; count -= len; ptr += len;
390
391 if (ll->rx_count)
392 continue;
393
394 switch (ll->rx_state) {
395 case HCILL_W4_DATA:
396 BT_DBG("Complete data");
397 hci_recv_frame(hu->hdev, ll->rx_skb);
398
399 ll->rx_state = HCILL_W4_PACKET_TYPE;
400 ll->rx_skb = NULL;
401 continue;
402
403 case HCILL_W4_EVENT_HDR:
404 eh = hci_event_hdr(ll->rx_skb);
405
406 BT_DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen);
407
408 ll_check_data_len(hu->hdev, ll, eh->plen);
409 continue;
410
411 case HCILL_W4_ACL_HDR:
412 ah = hci_acl_hdr(ll->rx_skb);
413 dlen = __le16_to_cpu(ah->dlen);
414
415 BT_DBG("ACL header: dlen %d", dlen);
416
417 ll_check_data_len(hu->hdev, ll, dlen);
418 continue;
419
420 case HCILL_W4_SCO_HDR:
421 sh = hci_sco_hdr(ll->rx_skb);
422
423 BT_DBG("SCO header: dlen %d", sh->dlen);
424
425 ll_check_data_len(hu->hdev, ll, sh->dlen);
426 continue;
427 }
428 }
429
430 /* HCILL_W4_PACKET_TYPE */
431 switch (*ptr) {
432 case HCI_EVENT_PKT:
433 BT_DBG("Event packet");
434 ll->rx_state = HCILL_W4_EVENT_HDR;
435 ll->rx_count = HCI_EVENT_HDR_SIZE;
436 type = HCI_EVENT_PKT;
437 break;
438
439 case HCI_ACLDATA_PKT:
440 BT_DBG("ACL packet");
441 ll->rx_state = HCILL_W4_ACL_HDR;
442 ll->rx_count = HCI_ACL_HDR_SIZE;
443 type = HCI_ACLDATA_PKT;
444 break;
445
446 case HCI_SCODATA_PKT:
447 BT_DBG("SCO packet");
448 ll->rx_state = HCILL_W4_SCO_HDR;
449 ll->rx_count = HCI_SCO_HDR_SIZE;
450 type = HCI_SCODATA_PKT;
451 break;
452
453 /* HCILL signals */
454 case HCILL_GO_TO_SLEEP_IND:
455 BT_DBG("HCILL_GO_TO_SLEEP_IND packet");
456 ll_device_want_to_sleep(hu);
457 ptr++; count--;
458 continue;
459
460 case HCILL_GO_TO_SLEEP_ACK:
461 /* shouldn't happen */
462 BT_ERR("received HCILL_GO_TO_SLEEP_ACK (in state %ld)", ll->hcill_state);
463 ptr++; count--;
464 continue;
465
466 case HCILL_WAKE_UP_IND:
467 BT_DBG("HCILL_WAKE_UP_IND packet");
468 ll_device_want_to_wakeup(hu);
469 ptr++; count--;
470 continue;
471
472 case HCILL_WAKE_UP_ACK:
473 BT_DBG("HCILL_WAKE_UP_ACK packet");
474 ll_device_woke_up(hu);
475 ptr++; count--;
476 continue;
477
478 default:
479 BT_ERR("Unknown HCI packet type %2.2x", (__u8)*ptr);
480 hu->hdev->stat.err_rx++;
481 ptr++; count--;
482 continue;
483 }
484
485 ptr++; count--;
486
487 /* Allocate packet */
488 ll->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
489 if (!ll->rx_skb) {
490 BT_ERR("Can't allocate mem for new packet");
491 ll->rx_state = HCILL_W4_PACKET_TYPE;
492 ll->rx_count = 0;
493 return -ENOMEM;
494 }
495
496 hci_skb_pkt_type(ll->rx_skb) = type;
497 }
498
499 return count;
500}
501
502static struct sk_buff *ll_dequeue(struct hci_uart *hu)
503{
504 struct ll_struct *ll = hu->priv;
505 return skb_dequeue(&ll->txq);
506}
507
508static const struct hci_uart_proto llp = {
509 .id = HCI_UART_LL,
510 .name = "LL",
511 .open = ll_open,
512 .close = ll_close,
513 .recv = ll_recv,
514 .enqueue = ll_enqueue,
515 .dequeue = ll_dequeue,
516 .flush = ll_flush,
517};
518
519int __init ll_init(void)
520{
521 return hci_uart_register_proto(&llp);
522}
523
524int __exit ll_deinit(void)
525{
526 return hci_uart_unregister_proto(&llp);
527}