Loading...
Note: File does not exist in v3.15.
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * NXP Bluetooth driver
4 * Copyright 2023 NXP
5 */
6
7#include <linux/module.h>
8#include <linux/kernel.h>
9
10#include <linux/serdev.h>
11#include <linux/of.h>
12#include <linux/skbuff.h>
13#include <linux/unaligned.h>
14#include <linux/firmware.h>
15#include <linux/string.h>
16#include <linux/crc8.h>
17#include <linux/crc32.h>
18#include <linux/string_helpers.h>
19#include <linux/gpio/consumer.h>
20
21#include <net/bluetooth/bluetooth.h>
22#include <net/bluetooth/hci_core.h>
23
24#include "h4_recv.h"
25
26#define MANUFACTURER_NXP 37
27
28#define BTNXPUART_TX_STATE_ACTIVE 1
29#define BTNXPUART_FW_DOWNLOADING 2
30#define BTNXPUART_CHECK_BOOT_SIGNATURE 3
31#define BTNXPUART_SERDEV_OPEN 4
32#define BTNXPUART_IR_IN_PROGRESS 5
33#define BTNXPUART_FW_DOWNLOAD_ABORT 6
34
35/* NXP HW err codes */
36#define BTNXPUART_IR_HW_ERR 0xb0
37
38#define FIRMWARE_W8987 "uart8987_bt.bin"
39#define FIRMWARE_W8987_OLD "uartuart8987_bt.bin"
40#define FIRMWARE_W8997 "uart8997_bt_v4.bin"
41#define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin"
42#define FIRMWARE_W9098 "uart9098_bt_v1.bin"
43#define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin"
44#define FIRMWARE_IW416 "uartiw416_bt.bin"
45#define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin"
46#define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se"
47#define FIRMWARE_IW610 "uartspi_iw610.bin"
48#define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se"
49#define FIRMWARE_IW624 "uartiw624_bt.bin"
50#define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se"
51#define FIRMWARE_AW693 "uartaw693_bt.bin"
52#define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se"
53#define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin"
54#define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se"
55#define FIRMWARE_HELPER "helper_uart_3000000.bin"
56
57#define CHIP_ID_W9098 0x5c03
58#define CHIP_ID_IW416 0x7201
59#define CHIP_ID_IW612 0x7601
60#define CHIP_ID_IW624a 0x8000
61#define CHIP_ID_IW624c 0x8001
62#define CHIP_ID_AW693a0 0x8200
63#define CHIP_ID_AW693a1 0x8201
64#define CHIP_ID_IW610a0 0x8800
65#define CHIP_ID_IW610a1 0x8801
66
67#define FW_SECURE_MASK 0xc0
68#define FW_OPEN 0x00
69#define FW_AUTH_ILLEGAL 0x40
70#define FW_AUTH_PLAIN 0x80
71#define FW_AUTH_ENC 0xc0
72
73#define HCI_NXP_PRI_BAUDRATE 115200
74#define HCI_NXP_SEC_BAUDRATE 3000000
75
76#define MAX_FW_FILE_NAME_LEN 50
77
78/* Default ps timeout period in milliseconds */
79#define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
80
81/* wakeup methods */
82#define WAKEUP_METHOD_DTR 0
83#define WAKEUP_METHOD_BREAK 1
84#define WAKEUP_METHOD_EXT_BREAK 2
85#define WAKEUP_METHOD_RTS 3
86#define WAKEUP_METHOD_GPIO 4
87#define WAKEUP_METHOD_INVALID 0xff
88
89/* power save mode status */
90#define PS_MODE_DISABLE 0
91#define PS_MODE_ENABLE 1
92
93/* Power Save Commands to ps_work_func */
94#define PS_CMD_EXIT_PS 1
95#define PS_CMD_ENTER_PS 2
96
97/* power save state */
98#define PS_STATE_AWAKE 0
99#define PS_STATE_SLEEP 1
100
101/* Bluetooth vendor command : Sleep mode */
102#define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
103/* Bluetooth vendor command : Wakeup method */
104#define HCI_NXP_WAKEUP_METHOD 0xfc53
105/* Bluetooth vendor command : Set operational baudrate */
106#define HCI_NXP_SET_OPER_SPEED 0xfc09
107/* Bluetooth vendor command: Independent Reset */
108#define HCI_NXP_IND_RESET 0xfcfc
109
110/* Bluetooth Power State : Vendor cmd params */
111#define BT_PS_ENABLE 0x02
112#define BT_PS_DISABLE 0x03
113
114/* Bluetooth Host Wakeup Methods */
115#define BT_HOST_WAKEUP_METHOD_NONE 0x00
116#define BT_HOST_WAKEUP_METHOD_DTR 0x01
117#define BT_HOST_WAKEUP_METHOD_BREAK 0x02
118#define BT_HOST_WAKEUP_METHOD_GPIO 0x03
119
120/* Bluetooth Chip Wakeup Methods */
121#define BT_CTRL_WAKEUP_METHOD_DSR 0x00
122#define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
123#define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
124#define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
125#define BT_CTRL_WAKEUP_METHOD_RTS 0x05
126
127struct ps_data {
128 u8 target_ps_mode; /* ps mode to be set */
129 u8 cur_psmode; /* current ps_mode */
130 u8 ps_state; /* controller's power save state */
131 u8 ps_cmd;
132 u8 h2c_wakeupmode;
133 u8 cur_h2c_wakeupmode;
134 u8 c2h_wakeupmode;
135 u8 c2h_wakeup_gpio;
136 u8 h2c_wakeup_gpio;
137 bool driver_sent_cmd;
138 u16 h2c_ps_interval;
139 u16 c2h_ps_interval;
140 struct gpio_desc *h2c_ps_gpio;
141 struct hci_dev *hdev;
142 struct work_struct work;
143 struct timer_list ps_timer;
144 struct mutex ps_lock;
145};
146
147struct wakeup_cmd_payload {
148 u8 c2h_wakeupmode;
149 u8 c2h_wakeup_gpio;
150 u8 h2c_wakeupmode;
151 u8 h2c_wakeup_gpio;
152} __packed;
153
154struct psmode_cmd_payload {
155 u8 ps_cmd;
156 __le16 c2h_ps_interval;
157} __packed;
158
159struct btnxpuart_data {
160 const char *helper_fw_name;
161 const char *fw_name;
162 const char *fw_name_old;
163};
164
165struct btnxpuart_dev {
166 struct hci_dev *hdev;
167 struct serdev_device *serdev;
168
169 struct work_struct tx_work;
170 unsigned long tx_state;
171 struct sk_buff_head txq;
172 struct sk_buff *rx_skb;
173
174 const struct firmware *fw;
175 u8 fw_name[MAX_FW_FILE_NAME_LEN];
176 u32 fw_dnld_v1_offset;
177 u32 fw_v1_sent_bytes;
178 u32 fw_dnld_v3_offset;
179 u32 fw_v3_offset_correction;
180 u32 fw_v1_expected_len;
181 u32 boot_reg_offset;
182 wait_queue_head_t fw_dnld_done_wait_q;
183 wait_queue_head_t check_boot_sign_wait_q;
184
185 u32 new_baudrate;
186 u32 current_baudrate;
187 u32 fw_init_baudrate;
188 bool timeout_changed;
189 bool baudrate_changed;
190 bool helper_downloaded;
191
192 struct ps_data psdata;
193 struct btnxpuart_data *nxp_data;
194};
195
196#define NXP_V1_FW_REQ_PKT 0xa5
197#define NXP_V1_CHIP_VER_PKT 0xaa
198#define NXP_V3_FW_REQ_PKT 0xa7
199#define NXP_V3_CHIP_VER_PKT 0xab
200
201#define NXP_ACK_V1 0x5a
202#define NXP_NAK_V1 0xbf
203#define NXP_ACK_V3 0x7a
204#define NXP_NAK_V3 0x7b
205#define NXP_CRC_ERROR_V3 0x7c
206
207/* Bootloader signature error codes */
208#define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */
209#define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */
210#define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */
211
212#define HDR_LEN 16
213
214#define NXP_RECV_CHIP_VER_V1 \
215 .type = NXP_V1_CHIP_VER_PKT, \
216 .hlen = 4, \
217 .loff = 0, \
218 .lsize = 0, \
219 .maxlen = 4
220
221#define NXP_RECV_FW_REQ_V1 \
222 .type = NXP_V1_FW_REQ_PKT, \
223 .hlen = 4, \
224 .loff = 0, \
225 .lsize = 0, \
226 .maxlen = 4
227
228#define NXP_RECV_CHIP_VER_V3 \
229 .type = NXP_V3_CHIP_VER_PKT, \
230 .hlen = 4, \
231 .loff = 0, \
232 .lsize = 0, \
233 .maxlen = 4
234
235#define NXP_RECV_FW_REQ_V3 \
236 .type = NXP_V3_FW_REQ_PKT, \
237 .hlen = 9, \
238 .loff = 0, \
239 .lsize = 0, \
240 .maxlen = 9
241
242struct v1_data_req {
243 __le16 len;
244 __le16 len_comp;
245} __packed;
246
247struct v1_start_ind {
248 __le16 chip_id;
249 __le16 chip_id_comp;
250} __packed;
251
252struct v3_data_req {
253 __le16 len;
254 __le32 offset;
255 __le16 error;
256 u8 crc;
257} __packed;
258
259struct v3_start_ind {
260 __le16 chip_id;
261 u8 loader_ver;
262 u8 crc;
263} __packed;
264
265/* UART register addresses of BT chip */
266#define CLKDIVADDR 0x7f00008f
267#define UARTDIVADDR 0x7f000090
268#define UARTMCRADDR 0x7f000091
269#define UARTREINITADDR 0x7f000092
270#define UARTICRADDR 0x7f000093
271#define UARTFCRADDR 0x7f000094
272
273#define MCR 0x00000022
274#define INIT 0x00000001
275#define ICR 0x000000c7
276#define FCR 0x000000c7
277
278#define POLYNOMIAL8 0x07
279
280struct uart_reg {
281 __le32 address;
282 __le32 value;
283} __packed;
284
285struct uart_config {
286 struct uart_reg clkdiv;
287 struct uart_reg uartdiv;
288 struct uart_reg mcr;
289 struct uart_reg re_init;
290 struct uart_reg icr;
291 struct uart_reg fcr;
292 __be32 crc;
293} __packed;
294
295struct nxp_bootloader_cmd {
296 __le32 header;
297 __le32 arg;
298 __le32 payload_len;
299 __be32 crc;
300} __packed;
301
302struct nxp_v3_rx_timeout_nak {
303 u8 nak;
304 __le32 offset;
305 u8 crc;
306} __packed;
307
308union nxp_v3_rx_timeout_nak_u {
309 struct nxp_v3_rx_timeout_nak pkt;
310 u8 buf[6];
311};
312
313static u8 crc8_table[CRC8_TABLE_SIZE];
314
315/* Default configurations */
316#define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
317#define DEFAULT_PS_MODE PS_MODE_ENABLE
318#define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
319
320static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
321 u32 plen,
322 void *param)
323{
324 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
325 struct ps_data *psdata = &nxpdev->psdata;
326 struct sk_buff *skb;
327
328 /* set flag to prevent nxp_enqueue from parsing values from this command and
329 * calling hci_cmd_sync_queue() again.
330 */
331 psdata->driver_sent_cmd = true;
332 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
333 psdata->driver_sent_cmd = false;
334
335 return skb;
336}
337
338static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
339{
340 if (schedule_work(&nxpdev->tx_work))
341 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
342}
343
344/* NXP Power Save Feature */
345static void ps_start_timer(struct btnxpuart_dev *nxpdev)
346{
347 struct ps_data *psdata = &nxpdev->psdata;
348
349 if (!psdata)
350 return;
351
352 if (psdata->cur_psmode == PS_MODE_ENABLE)
353 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
354
355 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
356 cancel_work_sync(&psdata->work);
357}
358
359static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
360{
361 struct ps_data *psdata = &nxpdev->psdata;
362
363 flush_work(&psdata->work);
364 timer_shutdown_sync(&psdata->ps_timer);
365}
366
367static void ps_control(struct hci_dev *hdev, u8 ps_state)
368{
369 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
370 struct ps_data *psdata = &nxpdev->psdata;
371 int status = 0;
372
373 if (psdata->ps_state == ps_state ||
374 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
375 return;
376
377 mutex_lock(&psdata->ps_lock);
378 switch (psdata->cur_h2c_wakeupmode) {
379 case WAKEUP_METHOD_GPIO:
380 if (ps_state == PS_STATE_AWAKE)
381 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
382 else
383 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1);
384 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s",
385 str_high_low(ps_state == PS_STATE_SLEEP));
386 break;
387 case WAKEUP_METHOD_DTR:
388 if (ps_state == PS_STATE_AWAKE)
389 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
390 else
391 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
392 break;
393 case WAKEUP_METHOD_BREAK:
394 default:
395 if (ps_state == PS_STATE_AWAKE)
396 status = serdev_device_break_ctl(nxpdev->serdev, 0);
397 else
398 status = serdev_device_break_ctl(nxpdev->serdev, -1);
399 msleep(20); /* Allow chip to detect UART-break and enter sleep */
400 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
401 str_on_off(ps_state == PS_STATE_SLEEP), status);
402 break;
403 }
404 if (!status)
405 psdata->ps_state = ps_state;
406 mutex_unlock(&psdata->ps_lock);
407
408 if (ps_state == PS_STATE_AWAKE)
409 btnxpuart_tx_wakeup(nxpdev);
410}
411
412static void ps_work_func(struct work_struct *work)
413{
414 struct ps_data *data = container_of(work, struct ps_data, work);
415
416 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
417 ps_control(data->hdev, PS_STATE_SLEEP);
418 else if (data->ps_cmd == PS_CMD_EXIT_PS)
419 ps_control(data->hdev, PS_STATE_AWAKE);
420}
421
422static void ps_timeout_func(struct timer_list *t)
423{
424 struct ps_data *data = from_timer(data, t, ps_timer);
425 struct hci_dev *hdev = data->hdev;
426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
427
428 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
429 ps_start_timer(nxpdev);
430 } else {
431 data->ps_cmd = PS_CMD_ENTER_PS;
432 schedule_work(&data->work);
433 }
434}
435
436static int ps_setup(struct hci_dev *hdev)
437{
438 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
439 struct serdev_device *serdev = nxpdev->serdev;
440 struct ps_data *psdata = &nxpdev->psdata;
441
442 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup",
443 GPIOD_OUT_LOW);
444 if (IS_ERR(psdata->h2c_ps_gpio)) {
445 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld",
446 PTR_ERR(psdata->h2c_ps_gpio));
447 return PTR_ERR(psdata->h2c_ps_gpio);
448 }
449
450 if (!psdata->h2c_ps_gpio)
451 psdata->h2c_wakeup_gpio = 0xff;
452
453 psdata->hdev = hdev;
454 INIT_WORK(&psdata->work, ps_work_func);
455 mutex_init(&psdata->ps_lock);
456 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
457
458 return 0;
459}
460
461static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
462{
463 struct ps_data *psdata = &nxpdev->psdata;
464 u8 ps_state;
465
466 mutex_lock(&psdata->ps_lock);
467 ps_state = psdata->ps_state;
468 mutex_unlock(&psdata->ps_lock);
469
470 if (ps_state != PS_STATE_AWAKE) {
471 psdata->ps_cmd = PS_CMD_EXIT_PS;
472 schedule_work(&psdata->work);
473 return true;
474 }
475 return false;
476}
477
478static void ps_cleanup(struct btnxpuart_dev *nxpdev)
479{
480 struct ps_data *psdata = &nxpdev->psdata;
481 u8 ps_state;
482
483 mutex_lock(&psdata->ps_lock);
484 ps_state = psdata->ps_state;
485 mutex_unlock(&psdata->ps_lock);
486
487 if (ps_state != PS_STATE_AWAKE)
488 ps_control(psdata->hdev, PS_STATE_AWAKE);
489
490 ps_cancel_timer(nxpdev);
491 cancel_work_sync(&psdata->work);
492 mutex_destroy(&psdata->ps_lock);
493}
494
495static int send_ps_cmd(struct hci_dev *hdev, void *data)
496{
497 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
498 struct ps_data *psdata = &nxpdev->psdata;
499 struct psmode_cmd_payload pcmd;
500 struct sk_buff *skb;
501 u8 *status;
502
503 if (psdata->target_ps_mode == PS_MODE_ENABLE)
504 pcmd.ps_cmd = BT_PS_ENABLE;
505 else
506 pcmd.ps_cmd = BT_PS_DISABLE;
507 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
508
509 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
510 if (IS_ERR(skb)) {
511 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
512 return PTR_ERR(skb);
513 }
514
515 status = skb_pull_data(skb, 1);
516 if (status) {
517 if (!*status)
518 psdata->cur_psmode = psdata->target_ps_mode;
519 else
520 psdata->target_ps_mode = psdata->cur_psmode;
521 if (psdata->cur_psmode == PS_MODE_ENABLE)
522 ps_start_timer(nxpdev);
523 else
524 ps_wakeup(nxpdev);
525 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
526 *status, psdata->cur_psmode);
527 }
528 kfree_skb(skb);
529
530 return 0;
531}
532
533static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
534{
535 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
536 struct ps_data *psdata = &nxpdev->psdata;
537 struct wakeup_cmd_payload pcmd;
538 struct sk_buff *skb;
539 u8 *status;
540
541 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
542 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
543 switch (psdata->h2c_wakeupmode) {
544 case WAKEUP_METHOD_GPIO:
545 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO;
546 break;
547 case WAKEUP_METHOD_DTR:
548 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
549 break;
550 case WAKEUP_METHOD_BREAK:
551 default:
552 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
553 break;
554 }
555 pcmd.h2c_wakeup_gpio = 0xff;
556
557 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
558 if (IS_ERR(skb)) {
559 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
560 return PTR_ERR(skb);
561 }
562
563 status = skb_pull_data(skb, 1);
564 if (status) {
565 if (*status == 0)
566 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
567 else
568 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
569 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
570 *status, psdata->cur_h2c_wakeupmode);
571 }
572 kfree_skb(skb);
573
574 return 0;
575}
576
577static void ps_init(struct hci_dev *hdev)
578{
579 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
580 struct ps_data *psdata = &nxpdev->psdata;
581 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE;
582
583 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
584 usleep_range(5000, 10000);
585 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
586 usleep_range(5000, 10000);
587
588 psdata->ps_state = PS_STATE_AWAKE;
589 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
590 psdata->c2h_wakeup_gpio = 0xff;
591
592 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
593 if (psdata->h2c_ps_gpio)
594 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO;
595
596 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
597
598 switch (default_h2c_wakeup_mode) {
599 case WAKEUP_METHOD_GPIO:
600 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
601 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
602 usleep_range(5000, 10000);
603 break;
604 case WAKEUP_METHOD_DTR:
605 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
606 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
607 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
608 break;
609 case WAKEUP_METHOD_BREAK:
610 default:
611 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
612 serdev_device_break_ctl(nxpdev->serdev, -1);
613 usleep_range(5000, 10000);
614 serdev_device_break_ctl(nxpdev->serdev, 0);
615 usleep_range(5000, 10000);
616 break;
617 }
618
619 psdata->cur_psmode = PS_MODE_DISABLE;
620 psdata->target_ps_mode = DEFAULT_PS_MODE;
621
622 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
623 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
624 if (psdata->cur_psmode != psdata->target_ps_mode)
625 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
626}
627
628/* NXP Firmware Download Feature */
629static int nxp_download_firmware(struct hci_dev *hdev)
630{
631 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
632 int err = 0;
633
634 nxpdev->fw_dnld_v1_offset = 0;
635 nxpdev->fw_v1_sent_bytes = 0;
636 nxpdev->fw_v1_expected_len = HDR_LEN;
637 nxpdev->boot_reg_offset = 0;
638 nxpdev->fw_dnld_v3_offset = 0;
639 nxpdev->fw_v3_offset_correction = 0;
640 nxpdev->baudrate_changed = false;
641 nxpdev->timeout_changed = false;
642 nxpdev->helper_downloaded = false;
643
644 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
645 serdev_device_set_flow_control(nxpdev->serdev, false);
646 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
647
648 /* Wait till FW is downloaded */
649 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
650 !test_bit(BTNXPUART_FW_DOWNLOADING,
651 &nxpdev->tx_state),
652 msecs_to_jiffies(60000));
653
654 release_firmware(nxpdev->fw);
655 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
656
657 if (err == 0) {
658 bt_dev_err(hdev, "FW Download Timeout. offset: %d",
659 nxpdev->fw_dnld_v1_offset ?
660 nxpdev->fw_dnld_v1_offset :
661 nxpdev->fw_dnld_v3_offset);
662 return -ETIMEDOUT;
663 }
664 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
665 bt_dev_err(hdev, "FW Download Aborted");
666 return -EINTR;
667 }
668
669 serdev_device_set_flow_control(nxpdev->serdev, true);
670
671 /* Allow the downloaded FW to initialize */
672 msleep(1200);
673
674 return 0;
675}
676
677static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
678{
679 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
680 u8 ack_nak[2];
681 int len = 1;
682
683 ack_nak[0] = ack;
684 if (ack == NXP_ACK_V3) {
685 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
686 len = 2;
687 }
688 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
689}
690
691static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
692{
693 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
694 struct nxp_bootloader_cmd nxp_cmd5;
695 struct uart_config uart_config;
696 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
697 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
698 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
699 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
700 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
701 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
702
703 if (req_len == sizeof(nxp_cmd5)) {
704 nxp_cmd5.header = __cpu_to_le32(5);
705 nxp_cmd5.arg = 0;
706 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
707 /* FW expects swapped CRC bytes */
708 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
709 sizeof(nxp_cmd5) - 4));
710
711 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
712 nxpdev->fw_v3_offset_correction += req_len;
713 } else if (req_len == sizeof(uart_config)) {
714 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
715 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
716 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
717 uart_config.uartdiv.value = __cpu_to_le32(1);
718 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
719 uart_config.mcr.value = __cpu_to_le32(MCR);
720 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
721 uart_config.re_init.value = __cpu_to_le32(INIT);
722 uart_config.icr.address = __cpu_to_le32(uarticraddr);
723 uart_config.icr.value = __cpu_to_le32(ICR);
724 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
725 uart_config.fcr.value = __cpu_to_le32(FCR);
726 /* FW expects swapped CRC bytes */
727 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
728 sizeof(uart_config) - 4));
729
730 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
731 serdev_device_wait_until_sent(nxpdev->serdev, 0);
732 nxpdev->fw_v3_offset_correction += req_len;
733 return true;
734 }
735 return false;
736}
737
738static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
739{
740 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
741 struct nxp_bootloader_cmd nxp_cmd7;
742
743 if (req_len != sizeof(nxp_cmd7))
744 return false;
745
746 nxp_cmd7.header = __cpu_to_le32(7);
747 nxp_cmd7.arg = __cpu_to_le32(0x70);
748 nxp_cmd7.payload_len = 0;
749 /* FW expects swapped CRC bytes */
750 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
751 sizeof(nxp_cmd7) - 4));
752 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
753 serdev_device_wait_until_sent(nxpdev->serdev, 0);
754 nxpdev->fw_v3_offset_correction += req_len;
755 return true;
756}
757
758static u32 nxp_get_data_len(const u8 *buf)
759{
760 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
761
762 return __le32_to_cpu(hdr->payload_len);
763}
764
765static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
766{
767 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
768}
769
770static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
771{
772 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
773 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
774 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
775 return false;
776 }
777 return is_fw_downloading(nxpdev);
778}
779
780static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name,
781 const char *fw_name_old)
782{
783 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
784 const char *fw_name_dt;
785 int err = 0;
786
787 if (!fw_name)
788 return -ENOENT;
789
790 if (!strlen(nxpdev->fw_name)) {
791 if (strcmp(fw_name, FIRMWARE_HELPER) &&
792 !device_property_read_string(&nxpdev->serdev->dev,
793 "firmware-name",
794 &fw_name_dt))
795 fw_name = fw_name_dt;
796 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name);
797 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
798 if (err < 0 && fw_name_old) {
799 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old);
800 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
801 }
802
803 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name);
804 if (err < 0) {
805 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
806 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
807 }
808 }
809 return err;
810}
811
812/* for legacy chipsets with V1 bootloader */
813static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
814{
815 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
816 struct v1_start_ind *req;
817 __u16 chip_id;
818
819 req = skb_pull_data(skb, sizeof(*req));
820 if (!req)
821 goto free_skb;
822
823 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
824 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
825 nxpdev->fw_dnld_v1_offset = 0;
826 nxpdev->fw_v1_sent_bytes = 0;
827 nxpdev->fw_v1_expected_len = HDR_LEN;
828 release_firmware(nxpdev->fw);
829 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
830 nxp_send_ack(NXP_ACK_V1, hdev);
831 }
832
833free_skb:
834 kfree_skb(skb);
835 return 0;
836}
837
838static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
841 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
842 struct v1_data_req *req;
843 __u16 len;
844
845 if (!process_boot_signature(nxpdev))
846 goto free_skb;
847
848 req = skb_pull_data(skb, sizeof(*req));
849 if (!req)
850 goto free_skb;
851
852 len = __le16_to_cpu(req->len ^ req->len_comp);
853 if (len != 0xffff) {
854 bt_dev_dbg(hdev, "ERR: Send NAK");
855 nxp_send_ack(NXP_NAK_V1, hdev);
856 goto free_skb;
857 }
858 nxp_send_ack(NXP_ACK_V1, hdev);
859
860 len = __le16_to_cpu(req->len);
861
862 if (!nxp_data->helper_fw_name) {
863 if (!nxpdev->timeout_changed) {
864 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
865 len);
866 goto free_skb;
867 }
868 if (!nxpdev->baudrate_changed) {
869 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
870 len);
871 if (nxpdev->baudrate_changed) {
872 serdev_device_set_baudrate(nxpdev->serdev,
873 HCI_NXP_SEC_BAUDRATE);
874 serdev_device_set_flow_control(nxpdev->serdev, true);
875 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
876 }
877 goto free_skb;
878 }
879 }
880
881 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
882 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old))
883 goto free_skb;
884 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
885 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL))
886 goto free_skb;
887 }
888
889 if (!len) {
890 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
891 nxpdev->fw->size);
892 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
893 nxpdev->helper_downloaded = true;
894 serdev_device_wait_until_sent(nxpdev->serdev, 0);
895 serdev_device_set_baudrate(nxpdev->serdev,
896 HCI_NXP_SEC_BAUDRATE);
897 serdev_device_set_flow_control(nxpdev->serdev, true);
898 } else {
899 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
900 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
901 }
902 goto free_skb;
903 }
904 if (len & 0x01) {
905 /* The CRC did not match at the other end.
906 * Simply send the same bytes again.
907 */
908 len = nxpdev->fw_v1_sent_bytes;
909 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
910 } else {
911 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
912
913 /* The FW bin file is made up of many blocks of
914 * 16 byte header and payload data chunks. If the
915 * FW has requested a header, read the payload length
916 * info from the header, before sending the header.
917 * In the next iteration, the FW should request the
918 * payload data chunk, which should be equal to the
919 * payload length read from header. If there is a
920 * mismatch, clearly the driver and FW are out of sync,
921 * and we need to re-send the previous header again.
922 */
923 if (len == nxpdev->fw_v1_expected_len) {
924 if (len == HDR_LEN)
925 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
926 nxpdev->fw_dnld_v1_offset);
927 else
928 nxpdev->fw_v1_expected_len = HDR_LEN;
929 } else if (len == HDR_LEN) {
930 /* FW download out of sync. Send previous chunk again */
931 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
932 nxpdev->fw_v1_expected_len = HDR_LEN;
933 }
934 }
935
936 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
937 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
938 nxpdev->fw_dnld_v1_offset, len);
939 nxpdev->fw_v1_sent_bytes = len;
940
941free_skb:
942 kfree_skb(skb);
943 return 0;
944}
945
946static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
947 u8 loader_ver)
948{
949 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
950 char *fw_name = NULL;
951
952 switch (chipid) {
953 case CHIP_ID_W9098:
954 fw_name = FIRMWARE_W9098;
955 break;
956 case CHIP_ID_IW416:
957 fw_name = FIRMWARE_IW416;
958 break;
959 case CHIP_ID_IW612:
960 fw_name = FIRMWARE_IW612;
961 break;
962 case CHIP_ID_IW624a:
963 case CHIP_ID_IW624c:
964 nxpdev->boot_reg_offset = 1;
965 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
966 fw_name = FIRMWARE_IW624;
967 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
968 fw_name = FIRMWARE_SECURE_IW624;
969 else
970 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
971 break;
972 case CHIP_ID_AW693a0:
973 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
974 fw_name = FIRMWARE_AW693;
975 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
976 fw_name = FIRMWARE_SECURE_AW693;
977 else
978 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
979 break;
980 case CHIP_ID_AW693a1:
981 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
982 fw_name = FIRMWARE_AW693_A1;
983 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
984 fw_name = FIRMWARE_SECURE_AW693_A1;
985 else
986 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
987 break;
988 case CHIP_ID_IW610a0:
989 case CHIP_ID_IW610a1:
990 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
991 fw_name = FIRMWARE_IW610;
992 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
993 fw_name = FIRMWARE_SECURE_IW610;
994 else
995 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
996 break;
997 default:
998 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
999 break;
1000 }
1001 return fw_name;
1002}
1003
1004static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1005 u8 loader_ver)
1006{
1007 char *fw_name_old = NULL;
1008
1009 switch (chipid) {
1010 case CHIP_ID_W9098:
1011 fw_name_old = FIRMWARE_W9098_OLD;
1012 break;
1013 case CHIP_ID_IW416:
1014 fw_name_old = FIRMWARE_IW416_OLD;
1015 break;
1016 }
1017 return fw_name_old;
1018}
1019
1020static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
1021{
1022 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
1023 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1024 const char *fw_name;
1025 const char *fw_name_old;
1026 u16 chip_id;
1027 u8 loader_ver;
1028
1029 if (!process_boot_signature(nxpdev))
1030 goto free_skb;
1031
1032 chip_id = le16_to_cpu(req->chip_id);
1033 loader_ver = req->loader_ver;
1034 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver);
1035 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver);
1036 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver);
1037 if (!nxp_request_firmware(hdev, fw_name, fw_name_old))
1038 nxp_send_ack(NXP_ACK_V3, hdev);
1039
1040free_skb:
1041 kfree_skb(skb);
1042 return 0;
1043}
1044
1045static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
1046{
1047 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1048 __u32 offset = __le32_to_cpu(req->offset);
1049 __u16 err = __le16_to_cpu(req->error);
1050 union nxp_v3_rx_timeout_nak_u nak_tx_buf;
1051
1052 switch (err) {
1053 case NXP_ACK_RX_TIMEOUT:
1054 case NXP_HDR_RX_TIMEOUT:
1055 case NXP_DATA_RX_TIMEOUT:
1056 nak_tx_buf.pkt.nak = NXP_NAK_V3;
1057 nak_tx_buf.pkt.offset = __cpu_to_le32(offset);
1058 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf,
1059 sizeof(nak_tx_buf) - 1, 0xff);
1060 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf,
1061 sizeof(nak_tx_buf));
1062 break;
1063 default:
1064 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err);
1065 break;
1066
1067 }
1068
1069}
1070
1071static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
1072{
1073 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1074 struct v3_data_req *req;
1075 __u16 len;
1076 __u32 offset;
1077
1078 if (!process_boot_signature(nxpdev))
1079 goto free_skb;
1080
1081 req = skb_pull_data(skb, sizeof(*req));
1082 if (!req || !nxpdev->fw)
1083 goto free_skb;
1084
1085 if (!req->error) {
1086 nxp_send_ack(NXP_ACK_V3, hdev);
1087 } else {
1088 nxp_handle_fw_download_error(hdev, req);
1089 goto free_skb;
1090 }
1091
1092 len = __le16_to_cpu(req->len);
1093
1094 if (!nxpdev->timeout_changed) {
1095 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
1096 goto free_skb;
1097 }
1098
1099 if (!nxpdev->baudrate_changed) {
1100 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
1101 if (nxpdev->baudrate_changed) {
1102 serdev_device_set_baudrate(nxpdev->serdev,
1103 HCI_NXP_SEC_BAUDRATE);
1104 serdev_device_set_flow_control(nxpdev->serdev, true);
1105 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
1106 }
1107 goto free_skb;
1108 }
1109
1110 if (req->len == 0) {
1111 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1112 nxpdev->fw->size);
1113 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1114 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1115 goto free_skb;
1116 }
1117
1118 offset = __le32_to_cpu(req->offset);
1119 if (offset < nxpdev->fw_v3_offset_correction) {
1120 /* This scenario should ideally never occur. But if it ever does,
1121 * FW is out of sync and needs a power cycle.
1122 */
1123 bt_dev_err(hdev, "Something went wrong during FW download");
1124 bt_dev_err(hdev, "Please power cycle and try again");
1125 goto free_skb;
1126 }
1127
1128 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1129 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1130 nxpdev->fw_dnld_v3_offset, len);
1131
1132free_skb:
1133 kfree_skb(skb);
1134 return 0;
1135}
1136
1137static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1138{
1139 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1140 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1141 struct ps_data *psdata = &nxpdev->psdata;
1142 struct sk_buff *skb;
1143 u8 *status;
1144
1145 if (!psdata)
1146 return 0;
1147
1148 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1149 if (IS_ERR(skb)) {
1150 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1151 return PTR_ERR(skb);
1152 }
1153
1154 status = (u8 *)skb_pull_data(skb, 1);
1155 if (status) {
1156 if (*status == 0) {
1157 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1158 nxpdev->current_baudrate = nxpdev->new_baudrate;
1159 }
1160 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1161 *status, nxpdev->new_baudrate);
1162 }
1163 kfree_skb(skb);
1164
1165 return 0;
1166}
1167
1168static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1169{
1170 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1171 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1172 serdev_device_set_flow_control(nxpdev->serdev, false);
1173 else
1174 serdev_device_set_flow_control(nxpdev->serdev, true);
1175 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1176
1177 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1178 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1179 &nxpdev->tx_state),
1180 msecs_to_jiffies(1000));
1181}
1182
1183static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1184{
1185 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1186 0x01, BTNXPUART_IR_HW_ERR };
1187 struct sk_buff *skb;
1188
1189 skb = bt_skb_alloc(3, GFP_ATOMIC);
1190 if (!skb)
1191 return -ENOMEM;
1192
1193 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1194 skb_put_data(skb, ir_hw_err, 3);
1195
1196 /* Inject Hardware Error to upper stack */
1197 return hci_recv_frame(hdev, skb);
1198}
1199
1200/* NXP protocol */
1201static int nxp_setup(struct hci_dev *hdev)
1202{
1203 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1204 int err = 0;
1205
1206 if (nxp_check_boot_sign(nxpdev)) {
1207 bt_dev_dbg(hdev, "Need FW Download.");
1208 err = nxp_download_firmware(hdev);
1209 if (err < 0)
1210 return err;
1211 } else {
1212 bt_dev_info(hdev, "FW already running.");
1213 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1214 }
1215
1216 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1217 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1218
1219 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1220 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1221 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1222 }
1223
1224 ps_init(hdev);
1225
1226 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1227 hci_dev_clear_flag(hdev, HCI_SETUP);
1228
1229 return 0;
1230}
1231
1232static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1233{
1234 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1235
1236 switch (code) {
1237 case BTNXPUART_IR_HW_ERR:
1238 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1239 hci_dev_set_flag(hdev, HCI_SETUP);
1240 break;
1241 default:
1242 break;
1243 }
1244}
1245
1246static int nxp_shutdown(struct hci_dev *hdev)
1247{
1248 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1249 struct sk_buff *skb;
1250 u8 *status;
1251 u8 pcmd = 0;
1252
1253 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1254 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1255 if (IS_ERR(skb))
1256 return PTR_ERR(skb);
1257
1258 status = skb_pull_data(skb, 1);
1259 if (status) {
1260 serdev_device_set_flow_control(nxpdev->serdev, false);
1261 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1262 }
1263 kfree_skb(skb);
1264 }
1265
1266 return 0;
1267}
1268
1269static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1270{
1271 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1272
1273 /* Prepend skb with frame type */
1274 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1275 skb_queue_tail(&nxpdev->txq, skb);
1276 btnxpuart_tx_wakeup(nxpdev);
1277 return 0;
1278}
1279
1280static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1281{
1282 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1283 struct ps_data *psdata = &nxpdev->psdata;
1284 struct hci_command_hdr *hdr;
1285 struct psmode_cmd_payload ps_parm;
1286 struct wakeup_cmd_payload wakeup_parm;
1287 __le32 baudrate_parm;
1288
1289 /* if vendor commands are received from user space (e.g. hcitool), update
1290 * driver flags accordingly and ask driver to re-send the command to FW.
1291 * In case the payload for any command does not match expected payload
1292 * length, let the firmware and user space program handle it, or throw
1293 * an error.
1294 */
1295 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1296 hdr = (struct hci_command_hdr *)skb->data;
1297 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1298 return btnxpuart_queue_skb(hdev, skb);
1299
1300 switch (__le16_to_cpu(hdr->opcode)) {
1301 case HCI_NXP_AUTO_SLEEP_MODE:
1302 if (hdr->plen == sizeof(ps_parm)) {
1303 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1304 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1305 psdata->target_ps_mode = PS_MODE_ENABLE;
1306 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1307 psdata->target_ps_mode = PS_MODE_DISABLE;
1308 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1309 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1310 goto free_skb;
1311 }
1312 break;
1313 case HCI_NXP_WAKEUP_METHOD:
1314 if (hdr->plen == sizeof(wakeup_parm)) {
1315 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1316 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1317 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1318 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1319 switch (wakeup_parm.h2c_wakeupmode) {
1320 case BT_CTRL_WAKEUP_METHOD_GPIO:
1321 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
1322 break;
1323 case BT_CTRL_WAKEUP_METHOD_DSR:
1324 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1325 break;
1326 case BT_CTRL_WAKEUP_METHOD_BREAK:
1327 default:
1328 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1329 break;
1330 }
1331 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1332 goto free_skb;
1333 }
1334 break;
1335 case HCI_NXP_SET_OPER_SPEED:
1336 if (hdr->plen == sizeof(baudrate_parm)) {
1337 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1338 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1339 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1340 goto free_skb;
1341 }
1342 break;
1343 case HCI_NXP_IND_RESET:
1344 if (hdr->plen == 1) {
1345 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1346 goto free_skb;
1347 }
1348 break;
1349 default:
1350 break;
1351 }
1352 }
1353
1354 return btnxpuart_queue_skb(hdev, skb);
1355
1356free_skb:
1357 kfree_skb(skb);
1358 return 0;
1359}
1360
1361static struct sk_buff *nxp_dequeue(void *data)
1362{
1363 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1364
1365 ps_start_timer(nxpdev);
1366 return skb_dequeue(&nxpdev->txq);
1367}
1368
1369/* btnxpuart based on serdev */
1370static void btnxpuart_tx_work(struct work_struct *work)
1371{
1372 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1373 tx_work);
1374 struct serdev_device *serdev = nxpdev->serdev;
1375 struct hci_dev *hdev = nxpdev->hdev;
1376 struct sk_buff *skb;
1377 int len;
1378
1379 if (ps_wakeup(nxpdev))
1380 return;
1381
1382 while ((skb = nxp_dequeue(nxpdev))) {
1383 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1384 hdev->stat.byte_tx += len;
1385
1386 skb_pull(skb, len);
1387 if (skb->len > 0) {
1388 skb_queue_head(&nxpdev->txq, skb);
1389 continue;
1390 }
1391
1392 switch (hci_skb_pkt_type(skb)) {
1393 case HCI_COMMAND_PKT:
1394 hdev->stat.cmd_tx++;
1395 break;
1396 case HCI_ACLDATA_PKT:
1397 hdev->stat.acl_tx++;
1398 break;
1399 case HCI_SCODATA_PKT:
1400 hdev->stat.sco_tx++;
1401 break;
1402 }
1403
1404 kfree_skb(skb);
1405 }
1406 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1407}
1408
1409static int btnxpuart_open(struct hci_dev *hdev)
1410{
1411 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1412 int err = 0;
1413
1414 err = serdev_device_open(nxpdev->serdev);
1415 if (err) {
1416 bt_dev_err(hdev, "Unable to open UART device %s",
1417 dev_name(&nxpdev->serdev->dev));
1418 } else {
1419 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1420 }
1421 return err;
1422}
1423
1424static int btnxpuart_close(struct hci_dev *hdev)
1425{
1426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1427
1428 serdev_device_close(nxpdev->serdev);
1429 skb_queue_purge(&nxpdev->txq);
1430 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1431 kfree_skb(nxpdev->rx_skb);
1432 nxpdev->rx_skb = NULL;
1433 }
1434 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1435 return 0;
1436}
1437
1438static int btnxpuart_flush(struct hci_dev *hdev)
1439{
1440 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1441
1442 /* Flush any pending characters */
1443 serdev_device_write_flush(nxpdev->serdev);
1444 skb_queue_purge(&nxpdev->txq);
1445
1446 cancel_work_sync(&nxpdev->tx_work);
1447
1448 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1449 kfree_skb(nxpdev->rx_skb);
1450 nxpdev->rx_skb = NULL;
1451 }
1452
1453 return 0;
1454}
1455
1456static const struct h4_recv_pkt nxp_recv_pkts[] = {
1457 { H4_RECV_ACL, .recv = hci_recv_frame },
1458 { H4_RECV_SCO, .recv = hci_recv_frame },
1459 { H4_RECV_EVENT, .recv = hci_recv_frame },
1460 { H4_RECV_ISO, .recv = hci_recv_frame },
1461 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1462 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1463 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1464 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1465};
1466
1467static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1468 const u8 *data, size_t count)
1469{
1470 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1471
1472 ps_start_timer(nxpdev);
1473
1474 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1475 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1476 if (IS_ERR(nxpdev->rx_skb)) {
1477 int err = PTR_ERR(nxpdev->rx_skb);
1478 /* Safe to ignore out-of-sync bootloader signatures */
1479 if (!is_fw_downloading(nxpdev))
1480 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1481 return count;
1482 }
1483 if (!is_fw_downloading(nxpdev))
1484 nxpdev->hdev->stat.byte_rx += count;
1485 return count;
1486}
1487
1488static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1489{
1490 serdev_device_write_wakeup(serdev);
1491}
1492
1493static const struct serdev_device_ops btnxpuart_client_ops = {
1494 .receive_buf = btnxpuart_receive_buf,
1495 .write_wakeup = btnxpuart_write_wakeup,
1496};
1497
1498static int nxp_serdev_probe(struct serdev_device *serdev)
1499{
1500 struct hci_dev *hdev;
1501 struct btnxpuart_dev *nxpdev;
1502
1503 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1504 if (!nxpdev)
1505 return -ENOMEM;
1506
1507 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1508
1509 nxpdev->serdev = serdev;
1510 serdev_device_set_drvdata(serdev, nxpdev);
1511
1512 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1513
1514 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1515 skb_queue_head_init(&nxpdev->txq);
1516
1517 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1518 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1519
1520 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1521 &nxpdev->fw_init_baudrate);
1522 if (!nxpdev->fw_init_baudrate)
1523 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1524
1525 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1526
1527 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1528
1529 /* Initialize and register HCI device */
1530 hdev = hci_alloc_dev();
1531 if (!hdev) {
1532 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1533 return -ENOMEM;
1534 }
1535
1536 nxpdev->hdev = hdev;
1537
1538 hdev->bus = HCI_UART;
1539 hci_set_drvdata(hdev, nxpdev);
1540
1541 hdev->manufacturer = MANUFACTURER_NXP;
1542 hdev->open = btnxpuart_open;
1543 hdev->close = btnxpuart_close;
1544 hdev->flush = btnxpuart_flush;
1545 hdev->setup = nxp_setup;
1546 hdev->send = nxp_enqueue;
1547 hdev->hw_error = nxp_hw_err;
1548 hdev->shutdown = nxp_shutdown;
1549 SET_HCIDEV_DEV(hdev, &serdev->dev);
1550
1551 if (hci_register_dev(hdev) < 0) {
1552 dev_err(&serdev->dev, "Can't register HCI device\n");
1553 goto probe_fail;
1554 }
1555
1556 if (ps_setup(hdev))
1557 goto probe_fail;
1558
1559 return 0;
1560
1561probe_fail:
1562 hci_free_dev(hdev);
1563 return -ENODEV;
1564}
1565
1566static void nxp_serdev_remove(struct serdev_device *serdev)
1567{
1568 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1569 struct hci_dev *hdev = nxpdev->hdev;
1570
1571 if (is_fw_downloading(nxpdev)) {
1572 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1573 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1574 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1575 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1576 } else {
1577 /* Restore FW baudrate to fw_init_baudrate if changed.
1578 * This will ensure FW baudrate is in sync with
1579 * driver baudrate in case this driver is re-inserted.
1580 */
1581 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1582 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1583 nxp_set_baudrate_cmd(hdev, NULL);
1584 }
1585 }
1586 ps_cleanup(nxpdev);
1587 hci_unregister_dev(hdev);
1588 hci_free_dev(hdev);
1589}
1590
1591#ifdef CONFIG_PM_SLEEP
1592static int nxp_serdev_suspend(struct device *dev)
1593{
1594 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1595 struct ps_data *psdata = &nxpdev->psdata;
1596
1597 ps_control(psdata->hdev, PS_STATE_SLEEP);
1598 return 0;
1599}
1600
1601static int nxp_serdev_resume(struct device *dev)
1602{
1603 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1604 struct ps_data *psdata = &nxpdev->psdata;
1605
1606 ps_control(psdata->hdev, PS_STATE_AWAKE);
1607 return 0;
1608}
1609#endif
1610
1611static struct btnxpuart_data w8987_data __maybe_unused = {
1612 .helper_fw_name = NULL,
1613 .fw_name = FIRMWARE_W8987,
1614 .fw_name_old = FIRMWARE_W8987_OLD,
1615};
1616
1617static struct btnxpuart_data w8997_data __maybe_unused = {
1618 .helper_fw_name = FIRMWARE_HELPER,
1619 .fw_name = FIRMWARE_W8997,
1620 .fw_name_old = FIRMWARE_W8997_OLD,
1621};
1622
1623static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1624 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1625 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1626 { }
1627};
1628MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1629
1630static const struct dev_pm_ops nxp_pm_ops = {
1631 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume)
1632};
1633
1634static struct serdev_device_driver nxp_serdev_driver = {
1635 .probe = nxp_serdev_probe,
1636 .remove = nxp_serdev_remove,
1637 .driver = {
1638 .name = "btnxpuart",
1639 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1640 .pm = &nxp_pm_ops,
1641 },
1642};
1643
1644module_serdev_device_driver(nxp_serdev_driver);
1645
1646MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1647MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1648MODULE_LICENSE("GPL");