Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * NXP Bluetooth driver
4 * Copyright 2023 NXP
5 */
6
7#include <linux/module.h>
8#include <linux/kernel.h>
9
10#include <linux/serdev.h>
11#include <linux/of.h>
12#include <linux/skbuff.h>
13#include <linux/unaligned.h>
14#include <linux/firmware.h>
15#include <linux/string.h>
16#include <linux/crc8.h>
17#include <linux/crc32.h>
18#include <linux/string_helpers.h>
19#include <linux/gpio/consumer.h>
20
21#include <net/bluetooth/bluetooth.h>
22#include <net/bluetooth/hci_core.h>
23
24#include "h4_recv.h"
25
26#define MANUFACTURER_NXP 37
27
28#define BTNXPUART_TX_STATE_ACTIVE 1
29#define BTNXPUART_FW_DOWNLOADING 2
30#define BTNXPUART_CHECK_BOOT_SIGNATURE 3
31#define BTNXPUART_SERDEV_OPEN 4
32#define BTNXPUART_IR_IN_PROGRESS 5
33#define BTNXPUART_FW_DOWNLOAD_ABORT 6
34
35/* NXP HW err codes */
36#define BTNXPUART_IR_HW_ERR 0xb0
37
38#define FIRMWARE_W8987 "uart8987_bt.bin"
39#define FIRMWARE_W8987_OLD "uartuart8987_bt.bin"
40#define FIRMWARE_W8997 "uart8997_bt_v4.bin"
41#define FIRMWARE_W8997_OLD "uartuart8997_bt_v4.bin"
42#define FIRMWARE_W9098 "uart9098_bt_v1.bin"
43#define FIRMWARE_W9098_OLD "uartuart9098_bt_v1.bin"
44#define FIRMWARE_IW416 "uartiw416_bt.bin"
45#define FIRMWARE_IW416_OLD "uartiw416_bt_v0.bin"
46#define FIRMWARE_IW612 "uartspi_n61x_v1.bin.se"
47#define FIRMWARE_IW610 "uartspi_iw610.bin"
48#define FIRMWARE_SECURE_IW610 "uartspi_iw610.bin.se"
49#define FIRMWARE_IW624 "uartiw624_bt.bin"
50#define FIRMWARE_SECURE_IW624 "uartiw624_bt.bin.se"
51#define FIRMWARE_AW693 "uartaw693_bt.bin"
52#define FIRMWARE_SECURE_AW693 "uartaw693_bt.bin.se"
53#define FIRMWARE_AW693_A1 "uartaw693_bt_v1.bin"
54#define FIRMWARE_SECURE_AW693_A1 "uartaw693_bt_v1.bin.se"
55#define FIRMWARE_HELPER "helper_uart_3000000.bin"
56
57#define CHIP_ID_W9098 0x5c03
58#define CHIP_ID_IW416 0x7201
59#define CHIP_ID_IW612 0x7601
60#define CHIP_ID_IW624a 0x8000
61#define CHIP_ID_IW624c 0x8001
62#define CHIP_ID_AW693a0 0x8200
63#define CHIP_ID_AW693a1 0x8201
64#define CHIP_ID_IW610a0 0x8800
65#define CHIP_ID_IW610a1 0x8801
66
67#define FW_SECURE_MASK 0xc0
68#define FW_OPEN 0x00
69#define FW_AUTH_ILLEGAL 0x40
70#define FW_AUTH_PLAIN 0x80
71#define FW_AUTH_ENC 0xc0
72
73#define HCI_NXP_PRI_BAUDRATE 115200
74#define HCI_NXP_SEC_BAUDRATE 3000000
75
76#define MAX_FW_FILE_NAME_LEN 50
77
78/* Default ps timeout period in milliseconds */
79#define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
80
81/* wakeup methods */
82#define WAKEUP_METHOD_DTR 0
83#define WAKEUP_METHOD_BREAK 1
84#define WAKEUP_METHOD_EXT_BREAK 2
85#define WAKEUP_METHOD_RTS 3
86#define WAKEUP_METHOD_GPIO 4
87#define WAKEUP_METHOD_INVALID 0xff
88
89/* power save mode status */
90#define PS_MODE_DISABLE 0
91#define PS_MODE_ENABLE 1
92
93/* Power Save Commands to ps_work_func */
94#define PS_CMD_EXIT_PS 1
95#define PS_CMD_ENTER_PS 2
96
97/* power save state */
98#define PS_STATE_AWAKE 0
99#define PS_STATE_SLEEP 1
100
101/* Bluetooth vendor command : Sleep mode */
102#define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
103/* Bluetooth vendor command : Wakeup method */
104#define HCI_NXP_WAKEUP_METHOD 0xfc53
105/* Bluetooth vendor command : Set operational baudrate */
106#define HCI_NXP_SET_OPER_SPEED 0xfc09
107/* Bluetooth vendor command: Independent Reset */
108#define HCI_NXP_IND_RESET 0xfcfc
109
110/* Bluetooth Power State : Vendor cmd params */
111#define BT_PS_ENABLE 0x02
112#define BT_PS_DISABLE 0x03
113
114/* Bluetooth Host Wakeup Methods */
115#define BT_HOST_WAKEUP_METHOD_NONE 0x00
116#define BT_HOST_WAKEUP_METHOD_DTR 0x01
117#define BT_HOST_WAKEUP_METHOD_BREAK 0x02
118#define BT_HOST_WAKEUP_METHOD_GPIO 0x03
119
120/* Bluetooth Chip Wakeup Methods */
121#define BT_CTRL_WAKEUP_METHOD_DSR 0x00
122#define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
123#define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
124#define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
125#define BT_CTRL_WAKEUP_METHOD_RTS 0x05
126
127struct ps_data {
128 u8 target_ps_mode; /* ps mode to be set */
129 u8 cur_psmode; /* current ps_mode */
130 u8 ps_state; /* controller's power save state */
131 u8 ps_cmd;
132 u8 h2c_wakeupmode;
133 u8 cur_h2c_wakeupmode;
134 u8 c2h_wakeupmode;
135 u8 c2h_wakeup_gpio;
136 u8 h2c_wakeup_gpio;
137 bool driver_sent_cmd;
138 u16 h2c_ps_interval;
139 u16 c2h_ps_interval;
140 struct gpio_desc *h2c_ps_gpio;
141 struct hci_dev *hdev;
142 struct work_struct work;
143 struct timer_list ps_timer;
144 struct mutex ps_lock;
145};
146
147struct wakeup_cmd_payload {
148 u8 c2h_wakeupmode;
149 u8 c2h_wakeup_gpio;
150 u8 h2c_wakeupmode;
151 u8 h2c_wakeup_gpio;
152} __packed;
153
154struct psmode_cmd_payload {
155 u8 ps_cmd;
156 __le16 c2h_ps_interval;
157} __packed;
158
159struct btnxpuart_data {
160 const char *helper_fw_name;
161 const char *fw_name;
162 const char *fw_name_old;
163};
164
165struct btnxpuart_dev {
166 struct hci_dev *hdev;
167 struct serdev_device *serdev;
168
169 struct work_struct tx_work;
170 unsigned long tx_state;
171 struct sk_buff_head txq;
172 struct sk_buff *rx_skb;
173
174 const struct firmware *fw;
175 u8 fw_name[MAX_FW_FILE_NAME_LEN];
176 u32 fw_dnld_v1_offset;
177 u32 fw_v1_sent_bytes;
178 u32 fw_dnld_v3_offset;
179 u32 fw_v3_offset_correction;
180 u32 fw_v1_expected_len;
181 u32 boot_reg_offset;
182 wait_queue_head_t fw_dnld_done_wait_q;
183 wait_queue_head_t check_boot_sign_wait_q;
184
185 u32 new_baudrate;
186 u32 current_baudrate;
187 u32 fw_init_baudrate;
188 bool timeout_changed;
189 bool baudrate_changed;
190 bool helper_downloaded;
191
192 struct ps_data psdata;
193 struct btnxpuart_data *nxp_data;
194};
195
196#define NXP_V1_FW_REQ_PKT 0xa5
197#define NXP_V1_CHIP_VER_PKT 0xaa
198#define NXP_V3_FW_REQ_PKT 0xa7
199#define NXP_V3_CHIP_VER_PKT 0xab
200
201#define NXP_ACK_V1 0x5a
202#define NXP_NAK_V1 0xbf
203#define NXP_ACK_V3 0x7a
204#define NXP_NAK_V3 0x7b
205#define NXP_CRC_ERROR_V3 0x7c
206
207/* Bootloader signature error codes */
208#define NXP_ACK_RX_TIMEOUT 0x0002 /* ACK not received from host */
209#define NXP_HDR_RX_TIMEOUT 0x0003 /* FW Header chunk not received */
210#define NXP_DATA_RX_TIMEOUT 0x0004 /* FW Data chunk not received */
211
212#define HDR_LEN 16
213
214#define NXP_RECV_CHIP_VER_V1 \
215 .type = NXP_V1_CHIP_VER_PKT, \
216 .hlen = 4, \
217 .loff = 0, \
218 .lsize = 0, \
219 .maxlen = 4
220
221#define NXP_RECV_FW_REQ_V1 \
222 .type = NXP_V1_FW_REQ_PKT, \
223 .hlen = 4, \
224 .loff = 0, \
225 .lsize = 0, \
226 .maxlen = 4
227
228#define NXP_RECV_CHIP_VER_V3 \
229 .type = NXP_V3_CHIP_VER_PKT, \
230 .hlen = 4, \
231 .loff = 0, \
232 .lsize = 0, \
233 .maxlen = 4
234
235#define NXP_RECV_FW_REQ_V3 \
236 .type = NXP_V3_FW_REQ_PKT, \
237 .hlen = 9, \
238 .loff = 0, \
239 .lsize = 0, \
240 .maxlen = 9
241
242struct v1_data_req {
243 __le16 len;
244 __le16 len_comp;
245} __packed;
246
247struct v1_start_ind {
248 __le16 chip_id;
249 __le16 chip_id_comp;
250} __packed;
251
252struct v3_data_req {
253 __le16 len;
254 __le32 offset;
255 __le16 error;
256 u8 crc;
257} __packed;
258
259struct v3_start_ind {
260 __le16 chip_id;
261 u8 loader_ver;
262 u8 crc;
263} __packed;
264
265/* UART register addresses of BT chip */
266#define CLKDIVADDR 0x7f00008f
267#define UARTDIVADDR 0x7f000090
268#define UARTMCRADDR 0x7f000091
269#define UARTREINITADDR 0x7f000092
270#define UARTICRADDR 0x7f000093
271#define UARTFCRADDR 0x7f000094
272
273#define MCR 0x00000022
274#define INIT 0x00000001
275#define ICR 0x000000c7
276#define FCR 0x000000c7
277
278#define POLYNOMIAL8 0x07
279
280struct uart_reg {
281 __le32 address;
282 __le32 value;
283} __packed;
284
285struct uart_config {
286 struct uart_reg clkdiv;
287 struct uart_reg uartdiv;
288 struct uart_reg mcr;
289 struct uart_reg re_init;
290 struct uart_reg icr;
291 struct uart_reg fcr;
292 __be32 crc;
293} __packed;
294
295struct nxp_bootloader_cmd {
296 __le32 header;
297 __le32 arg;
298 __le32 payload_len;
299 __be32 crc;
300} __packed;
301
302struct nxp_v3_rx_timeout_nak {
303 u8 nak;
304 __le32 offset;
305 u8 crc;
306} __packed;
307
308union nxp_v3_rx_timeout_nak_u {
309 struct nxp_v3_rx_timeout_nak pkt;
310 u8 buf[6];
311};
312
313static u8 crc8_table[CRC8_TABLE_SIZE];
314
315/* Default configurations */
316#define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
317#define DEFAULT_PS_MODE PS_MODE_ENABLE
318#define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
319
320static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
321 u32 plen,
322 void *param)
323{
324 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
325 struct ps_data *psdata = &nxpdev->psdata;
326 struct sk_buff *skb;
327
328 /* set flag to prevent nxp_enqueue from parsing values from this command and
329 * calling hci_cmd_sync_queue() again.
330 */
331 psdata->driver_sent_cmd = true;
332 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
333 psdata->driver_sent_cmd = false;
334
335 return skb;
336}
337
338static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
339{
340 if (schedule_work(&nxpdev->tx_work))
341 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
342}
343
344/* NXP Power Save Feature */
345static void ps_start_timer(struct btnxpuart_dev *nxpdev)
346{
347 struct ps_data *psdata = &nxpdev->psdata;
348
349 if (!psdata)
350 return;
351
352 if (psdata->cur_psmode == PS_MODE_ENABLE)
353 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
354
355 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
356 cancel_work_sync(&psdata->work);
357}
358
359static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
360{
361 struct ps_data *psdata = &nxpdev->psdata;
362
363 flush_work(&psdata->work);
364 timer_shutdown_sync(&psdata->ps_timer);
365}
366
367static void ps_control(struct hci_dev *hdev, u8 ps_state)
368{
369 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
370 struct ps_data *psdata = &nxpdev->psdata;
371 int status = 0;
372
373 if (psdata->ps_state == ps_state ||
374 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
375 return;
376
377 mutex_lock(&psdata->ps_lock);
378 switch (psdata->cur_h2c_wakeupmode) {
379 case WAKEUP_METHOD_GPIO:
380 if (ps_state == PS_STATE_AWAKE)
381 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
382 else
383 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 1);
384 bt_dev_dbg(hdev, "Set h2c_ps_gpio: %s",
385 str_high_low(ps_state == PS_STATE_SLEEP));
386 break;
387 case WAKEUP_METHOD_DTR:
388 if (ps_state == PS_STATE_AWAKE)
389 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
390 else
391 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
392 break;
393 case WAKEUP_METHOD_BREAK:
394 default:
395 if (ps_state == PS_STATE_AWAKE)
396 status = serdev_device_break_ctl(nxpdev->serdev, 0);
397 else
398 status = serdev_device_break_ctl(nxpdev->serdev, -1);
399 msleep(20); /* Allow chip to detect UART-break and enter sleep */
400 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
401 str_on_off(ps_state == PS_STATE_SLEEP), status);
402 break;
403 }
404 if (!status)
405 psdata->ps_state = ps_state;
406 mutex_unlock(&psdata->ps_lock);
407
408 if (ps_state == PS_STATE_AWAKE)
409 btnxpuart_tx_wakeup(nxpdev);
410}
411
412static void ps_work_func(struct work_struct *work)
413{
414 struct ps_data *data = container_of(work, struct ps_data, work);
415
416 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
417 ps_control(data->hdev, PS_STATE_SLEEP);
418 else if (data->ps_cmd == PS_CMD_EXIT_PS)
419 ps_control(data->hdev, PS_STATE_AWAKE);
420}
421
422static void ps_timeout_func(struct timer_list *t)
423{
424 struct ps_data *data = from_timer(data, t, ps_timer);
425 struct hci_dev *hdev = data->hdev;
426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
427
428 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
429 ps_start_timer(nxpdev);
430 } else {
431 data->ps_cmd = PS_CMD_ENTER_PS;
432 schedule_work(&data->work);
433 }
434}
435
436static int ps_setup(struct hci_dev *hdev)
437{
438 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
439 struct serdev_device *serdev = nxpdev->serdev;
440 struct ps_data *psdata = &nxpdev->psdata;
441
442 psdata->h2c_ps_gpio = devm_gpiod_get_optional(&serdev->dev, "device-wakeup",
443 GPIOD_OUT_LOW);
444 if (IS_ERR(psdata->h2c_ps_gpio)) {
445 bt_dev_err(hdev, "Error fetching device-wakeup-gpios: %ld",
446 PTR_ERR(psdata->h2c_ps_gpio));
447 return PTR_ERR(psdata->h2c_ps_gpio);
448 }
449
450 if (!psdata->h2c_ps_gpio)
451 psdata->h2c_wakeup_gpio = 0xff;
452
453 psdata->hdev = hdev;
454 INIT_WORK(&psdata->work, ps_work_func);
455 mutex_init(&psdata->ps_lock);
456 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
457
458 return 0;
459}
460
461static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
462{
463 struct ps_data *psdata = &nxpdev->psdata;
464 u8 ps_state;
465
466 mutex_lock(&psdata->ps_lock);
467 ps_state = psdata->ps_state;
468 mutex_unlock(&psdata->ps_lock);
469
470 if (ps_state != PS_STATE_AWAKE) {
471 psdata->ps_cmd = PS_CMD_EXIT_PS;
472 schedule_work(&psdata->work);
473 return true;
474 }
475 return false;
476}
477
478static void ps_cleanup(struct btnxpuart_dev *nxpdev)
479{
480 struct ps_data *psdata = &nxpdev->psdata;
481 u8 ps_state;
482
483 mutex_lock(&psdata->ps_lock);
484 ps_state = psdata->ps_state;
485 mutex_unlock(&psdata->ps_lock);
486
487 if (ps_state != PS_STATE_AWAKE)
488 ps_control(psdata->hdev, PS_STATE_AWAKE);
489
490 ps_cancel_timer(nxpdev);
491 cancel_work_sync(&psdata->work);
492 mutex_destroy(&psdata->ps_lock);
493}
494
495static int send_ps_cmd(struct hci_dev *hdev, void *data)
496{
497 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
498 struct ps_data *psdata = &nxpdev->psdata;
499 struct psmode_cmd_payload pcmd;
500 struct sk_buff *skb;
501 u8 *status;
502
503 if (psdata->target_ps_mode == PS_MODE_ENABLE)
504 pcmd.ps_cmd = BT_PS_ENABLE;
505 else
506 pcmd.ps_cmd = BT_PS_DISABLE;
507 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
508
509 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
510 if (IS_ERR(skb)) {
511 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
512 return PTR_ERR(skb);
513 }
514
515 status = skb_pull_data(skb, 1);
516 if (status) {
517 if (!*status)
518 psdata->cur_psmode = psdata->target_ps_mode;
519 else
520 psdata->target_ps_mode = psdata->cur_psmode;
521 if (psdata->cur_psmode == PS_MODE_ENABLE)
522 ps_start_timer(nxpdev);
523 else
524 ps_wakeup(nxpdev);
525 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
526 *status, psdata->cur_psmode);
527 }
528 kfree_skb(skb);
529
530 return 0;
531}
532
533static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
534{
535 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
536 struct ps_data *psdata = &nxpdev->psdata;
537 struct wakeup_cmd_payload pcmd;
538 struct sk_buff *skb;
539 u8 *status;
540
541 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
542 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
543 switch (psdata->h2c_wakeupmode) {
544 case WAKEUP_METHOD_GPIO:
545 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_GPIO;
546 break;
547 case WAKEUP_METHOD_DTR:
548 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
549 break;
550 case WAKEUP_METHOD_BREAK:
551 default:
552 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
553 break;
554 }
555 pcmd.h2c_wakeup_gpio = 0xff;
556
557 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
558 if (IS_ERR(skb)) {
559 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
560 return PTR_ERR(skb);
561 }
562
563 status = skb_pull_data(skb, 1);
564 if (status) {
565 if (*status == 0)
566 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
567 else
568 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
569 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
570 *status, psdata->cur_h2c_wakeupmode);
571 }
572 kfree_skb(skb);
573
574 return 0;
575}
576
577static void ps_init(struct hci_dev *hdev)
578{
579 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
580 struct ps_data *psdata = &nxpdev->psdata;
581 u8 default_h2c_wakeup_mode = DEFAULT_H2C_WAKEUP_MODE;
582
583 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
584 usleep_range(5000, 10000);
585 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
586 usleep_range(5000, 10000);
587
588 psdata->ps_state = PS_STATE_AWAKE;
589 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
590 psdata->c2h_wakeup_gpio = 0xff;
591
592 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
593 if (psdata->h2c_ps_gpio)
594 default_h2c_wakeup_mode = WAKEUP_METHOD_GPIO;
595
596 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
597
598 switch (default_h2c_wakeup_mode) {
599 case WAKEUP_METHOD_GPIO:
600 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
601 gpiod_set_value_cansleep(psdata->h2c_ps_gpio, 0);
602 usleep_range(5000, 10000);
603 break;
604 case WAKEUP_METHOD_DTR:
605 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
606 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
607 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
608 break;
609 case WAKEUP_METHOD_BREAK:
610 default:
611 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
612 serdev_device_break_ctl(nxpdev->serdev, -1);
613 usleep_range(5000, 10000);
614 serdev_device_break_ctl(nxpdev->serdev, 0);
615 usleep_range(5000, 10000);
616 break;
617 }
618
619 psdata->cur_psmode = PS_MODE_DISABLE;
620 psdata->target_ps_mode = DEFAULT_PS_MODE;
621
622 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
623 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
624 if (psdata->cur_psmode != psdata->target_ps_mode)
625 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
626}
627
628/* NXP Firmware Download Feature */
629static int nxp_download_firmware(struct hci_dev *hdev)
630{
631 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
632 int err = 0;
633
634 nxpdev->fw_dnld_v1_offset = 0;
635 nxpdev->fw_v1_sent_bytes = 0;
636 nxpdev->fw_v1_expected_len = HDR_LEN;
637 nxpdev->boot_reg_offset = 0;
638 nxpdev->fw_dnld_v3_offset = 0;
639 nxpdev->fw_v3_offset_correction = 0;
640 nxpdev->baudrate_changed = false;
641 nxpdev->timeout_changed = false;
642 nxpdev->helper_downloaded = false;
643
644 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
645 serdev_device_set_flow_control(nxpdev->serdev, false);
646 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
647
648 /* Wait till FW is downloaded */
649 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
650 !test_bit(BTNXPUART_FW_DOWNLOADING,
651 &nxpdev->tx_state),
652 msecs_to_jiffies(60000));
653
654 release_firmware(nxpdev->fw);
655 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
656
657 if (err == 0) {
658 bt_dev_err(hdev, "FW Download Timeout. offset: %d",
659 nxpdev->fw_dnld_v1_offset ?
660 nxpdev->fw_dnld_v1_offset :
661 nxpdev->fw_dnld_v3_offset);
662 return -ETIMEDOUT;
663 }
664 if (test_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state)) {
665 bt_dev_err(hdev, "FW Download Aborted");
666 return -EINTR;
667 }
668
669 serdev_device_set_flow_control(nxpdev->serdev, true);
670
671 /* Allow the downloaded FW to initialize */
672 msleep(1200);
673
674 return 0;
675}
676
677static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
678{
679 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
680 u8 ack_nak[2];
681 int len = 1;
682
683 ack_nak[0] = ack;
684 if (ack == NXP_ACK_V3) {
685 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
686 len = 2;
687 }
688 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
689}
690
691static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
692{
693 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
694 struct nxp_bootloader_cmd nxp_cmd5;
695 struct uart_config uart_config;
696 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
697 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
698 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
699 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
700 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
701 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
702
703 if (req_len == sizeof(nxp_cmd5)) {
704 nxp_cmd5.header = __cpu_to_le32(5);
705 nxp_cmd5.arg = 0;
706 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
707 /* FW expects swapped CRC bytes */
708 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
709 sizeof(nxp_cmd5) - 4));
710
711 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
712 nxpdev->fw_v3_offset_correction += req_len;
713 } else if (req_len == sizeof(uart_config)) {
714 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
715 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
716 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
717 uart_config.uartdiv.value = __cpu_to_le32(1);
718 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
719 uart_config.mcr.value = __cpu_to_le32(MCR);
720 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
721 uart_config.re_init.value = __cpu_to_le32(INIT);
722 uart_config.icr.address = __cpu_to_le32(uarticraddr);
723 uart_config.icr.value = __cpu_to_le32(ICR);
724 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
725 uart_config.fcr.value = __cpu_to_le32(FCR);
726 /* FW expects swapped CRC bytes */
727 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
728 sizeof(uart_config) - 4));
729
730 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
731 serdev_device_wait_until_sent(nxpdev->serdev, 0);
732 nxpdev->fw_v3_offset_correction += req_len;
733 return true;
734 }
735 return false;
736}
737
738static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
739{
740 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
741 struct nxp_bootloader_cmd nxp_cmd7;
742
743 if (req_len != sizeof(nxp_cmd7))
744 return false;
745
746 nxp_cmd7.header = __cpu_to_le32(7);
747 nxp_cmd7.arg = __cpu_to_le32(0x70);
748 nxp_cmd7.payload_len = 0;
749 /* FW expects swapped CRC bytes */
750 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
751 sizeof(nxp_cmd7) - 4));
752 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
753 serdev_device_wait_until_sent(nxpdev->serdev, 0);
754 nxpdev->fw_v3_offset_correction += req_len;
755 return true;
756}
757
758static u32 nxp_get_data_len(const u8 *buf)
759{
760 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
761
762 return __le32_to_cpu(hdr->payload_len);
763}
764
765static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
766{
767 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
768}
769
770static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
771{
772 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
773 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
774 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
775 return false;
776 }
777 return is_fw_downloading(nxpdev);
778}
779
780static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name,
781 const char *fw_name_old)
782{
783 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
784 const char *fw_name_dt;
785 int err = 0;
786
787 if (!fw_name)
788 return -ENOENT;
789
790 if (!strlen(nxpdev->fw_name)) {
791 if (strcmp(fw_name, FIRMWARE_HELPER) &&
792 !device_property_read_string(&nxpdev->serdev->dev,
793 "firmware-name",
794 &fw_name_dt))
795 fw_name = fw_name_dt;
796 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name);
797 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
798 if (err < 0 && fw_name_old) {
799 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "nxp/%s", fw_name_old);
800 err = request_firmware_direct(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
801 }
802
803 bt_dev_info(hdev, "Request Firmware: %s", nxpdev->fw_name);
804 if (err < 0) {
805 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
806 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
807 }
808 }
809 return err;
810}
811
812/* for legacy chipsets with V1 bootloader */
813static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
814{
815 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
816 struct v1_start_ind *req;
817 __u16 chip_id;
818
819 req = skb_pull_data(skb, sizeof(*req));
820 if (!req)
821 goto free_skb;
822
823 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
824 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
825 nxpdev->fw_dnld_v1_offset = 0;
826 nxpdev->fw_v1_sent_bytes = 0;
827 nxpdev->fw_v1_expected_len = HDR_LEN;
828 release_firmware(nxpdev->fw);
829 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
830 nxp_send_ack(NXP_ACK_V1, hdev);
831 }
832
833free_skb:
834 kfree_skb(skb);
835 return 0;
836}
837
838static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
841 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
842 struct v1_data_req *req;
843 __u16 len;
844
845 if (!process_boot_signature(nxpdev))
846 goto free_skb;
847
848 req = skb_pull_data(skb, sizeof(*req));
849 if (!req)
850 goto free_skb;
851
852 len = __le16_to_cpu(req->len ^ req->len_comp);
853 if (len != 0xffff) {
854 bt_dev_dbg(hdev, "ERR: Send NAK");
855 nxp_send_ack(NXP_NAK_V1, hdev);
856 goto free_skb;
857 }
858 nxp_send_ack(NXP_ACK_V1, hdev);
859
860 len = __le16_to_cpu(req->len);
861
862 if (!nxp_data->helper_fw_name) {
863 if (!nxpdev->timeout_changed) {
864 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
865 len);
866 goto free_skb;
867 }
868 if (!nxpdev->baudrate_changed) {
869 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
870 len);
871 if (nxpdev->baudrate_changed) {
872 serdev_device_set_baudrate(nxpdev->serdev,
873 HCI_NXP_SEC_BAUDRATE);
874 serdev_device_set_flow_control(nxpdev->serdev, true);
875 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
876 }
877 goto free_skb;
878 }
879 }
880
881 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
882 if (nxp_request_firmware(hdev, nxp_data->fw_name, nxp_data->fw_name_old))
883 goto free_skb;
884 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
885 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name, NULL))
886 goto free_skb;
887 }
888
889 if (!len) {
890 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
891 nxpdev->fw->size);
892 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
893 nxpdev->helper_downloaded = true;
894 serdev_device_wait_until_sent(nxpdev->serdev, 0);
895 serdev_device_set_baudrate(nxpdev->serdev,
896 HCI_NXP_SEC_BAUDRATE);
897 serdev_device_set_flow_control(nxpdev->serdev, true);
898 } else {
899 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
900 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
901 }
902 goto free_skb;
903 }
904 if (len & 0x01) {
905 /* The CRC did not match at the other end.
906 * Simply send the same bytes again.
907 */
908 len = nxpdev->fw_v1_sent_bytes;
909 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
910 } else {
911 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
912
913 /* The FW bin file is made up of many blocks of
914 * 16 byte header and payload data chunks. If the
915 * FW has requested a header, read the payload length
916 * info from the header, before sending the header.
917 * In the next iteration, the FW should request the
918 * payload data chunk, which should be equal to the
919 * payload length read from header. If there is a
920 * mismatch, clearly the driver and FW are out of sync,
921 * and we need to re-send the previous header again.
922 */
923 if (len == nxpdev->fw_v1_expected_len) {
924 if (len == HDR_LEN)
925 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
926 nxpdev->fw_dnld_v1_offset);
927 else
928 nxpdev->fw_v1_expected_len = HDR_LEN;
929 } else if (len == HDR_LEN) {
930 /* FW download out of sync. Send previous chunk again */
931 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
932 nxpdev->fw_v1_expected_len = HDR_LEN;
933 }
934 }
935
936 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
937 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
938 nxpdev->fw_dnld_v1_offset, len);
939 nxpdev->fw_v1_sent_bytes = len;
940
941free_skb:
942 kfree_skb(skb);
943 return 0;
944}
945
946static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
947 u8 loader_ver)
948{
949 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
950 char *fw_name = NULL;
951
952 switch (chipid) {
953 case CHIP_ID_W9098:
954 fw_name = FIRMWARE_W9098;
955 break;
956 case CHIP_ID_IW416:
957 fw_name = FIRMWARE_IW416;
958 break;
959 case CHIP_ID_IW612:
960 fw_name = FIRMWARE_IW612;
961 break;
962 case CHIP_ID_IW624a:
963 case CHIP_ID_IW624c:
964 nxpdev->boot_reg_offset = 1;
965 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
966 fw_name = FIRMWARE_IW624;
967 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
968 fw_name = FIRMWARE_SECURE_IW624;
969 else
970 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
971 break;
972 case CHIP_ID_AW693a0:
973 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
974 fw_name = FIRMWARE_AW693;
975 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
976 fw_name = FIRMWARE_SECURE_AW693;
977 else
978 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
979 break;
980 case CHIP_ID_AW693a1:
981 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
982 fw_name = FIRMWARE_AW693_A1;
983 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
984 fw_name = FIRMWARE_SECURE_AW693_A1;
985 else
986 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
987 break;
988 case CHIP_ID_IW610a0:
989 case CHIP_ID_IW610a1:
990 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
991 fw_name = FIRMWARE_IW610;
992 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
993 fw_name = FIRMWARE_SECURE_IW610;
994 else
995 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
996 break;
997 default:
998 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
999 break;
1000 }
1001 return fw_name;
1002}
1003
1004static char *nxp_get_old_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
1005 u8 loader_ver)
1006{
1007 char *fw_name_old = NULL;
1008
1009 switch (chipid) {
1010 case CHIP_ID_W9098:
1011 fw_name_old = FIRMWARE_W9098_OLD;
1012 break;
1013 case CHIP_ID_IW416:
1014 fw_name_old = FIRMWARE_IW416_OLD;
1015 break;
1016 }
1017 return fw_name_old;
1018}
1019
1020static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
1021{
1022 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
1023 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1024 const char *fw_name;
1025 const char *fw_name_old;
1026 u16 chip_id;
1027 u8 loader_ver;
1028
1029 if (!process_boot_signature(nxpdev))
1030 goto free_skb;
1031
1032 chip_id = le16_to_cpu(req->chip_id);
1033 loader_ver = req->loader_ver;
1034 bt_dev_info(hdev, "ChipID: %04x, Version: %d", chip_id, loader_ver);
1035 fw_name = nxp_get_fw_name_from_chipid(hdev, chip_id, loader_ver);
1036 fw_name_old = nxp_get_old_fw_name_from_chipid(hdev, chip_id, loader_ver);
1037 if (!nxp_request_firmware(hdev, fw_name, fw_name_old))
1038 nxp_send_ack(NXP_ACK_V3, hdev);
1039
1040free_skb:
1041 kfree_skb(skb);
1042 return 0;
1043}
1044
1045static void nxp_handle_fw_download_error(struct hci_dev *hdev, struct v3_data_req *req)
1046{
1047 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1048 __u32 offset = __le32_to_cpu(req->offset);
1049 __u16 err = __le16_to_cpu(req->error);
1050 union nxp_v3_rx_timeout_nak_u nak_tx_buf;
1051
1052 switch (err) {
1053 case NXP_ACK_RX_TIMEOUT:
1054 case NXP_HDR_RX_TIMEOUT:
1055 case NXP_DATA_RX_TIMEOUT:
1056 nak_tx_buf.pkt.nak = NXP_NAK_V3;
1057 nak_tx_buf.pkt.offset = __cpu_to_le32(offset);
1058 nak_tx_buf.pkt.crc = crc8(crc8_table, nak_tx_buf.buf,
1059 sizeof(nak_tx_buf) - 1, 0xff);
1060 serdev_device_write_buf(nxpdev->serdev, nak_tx_buf.buf,
1061 sizeof(nak_tx_buf));
1062 break;
1063 default:
1064 bt_dev_dbg(hdev, "Unknown bootloader error code: %d", err);
1065 break;
1066
1067 }
1068
1069}
1070
1071static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
1072{
1073 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1074 struct v3_data_req *req;
1075 __u16 len;
1076 __u32 offset;
1077
1078 if (!process_boot_signature(nxpdev))
1079 goto free_skb;
1080
1081 req = skb_pull_data(skb, sizeof(*req));
1082 if (!req || !nxpdev->fw)
1083 goto free_skb;
1084
1085 if (!req->error) {
1086 nxp_send_ack(NXP_ACK_V3, hdev);
1087 } else {
1088 nxp_handle_fw_download_error(hdev, req);
1089 goto free_skb;
1090 }
1091
1092 len = __le16_to_cpu(req->len);
1093
1094 if (!nxpdev->timeout_changed) {
1095 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
1096 goto free_skb;
1097 }
1098
1099 if (!nxpdev->baudrate_changed) {
1100 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
1101 if (nxpdev->baudrate_changed) {
1102 serdev_device_set_baudrate(nxpdev->serdev,
1103 HCI_NXP_SEC_BAUDRATE);
1104 serdev_device_set_flow_control(nxpdev->serdev, true);
1105 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
1106 }
1107 goto free_skb;
1108 }
1109
1110 if (req->len == 0) {
1111 bt_dev_info(hdev, "FW Download Complete: %zu bytes",
1112 nxpdev->fw->size);
1113 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1114 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1115 goto free_skb;
1116 }
1117
1118 offset = __le32_to_cpu(req->offset);
1119 if (offset < nxpdev->fw_v3_offset_correction) {
1120 /* This scenario should ideally never occur. But if it ever does,
1121 * FW is out of sync and needs a power cycle.
1122 */
1123 bt_dev_err(hdev, "Something went wrong during FW download");
1124 bt_dev_err(hdev, "Please power cycle and try again");
1125 goto free_skb;
1126 }
1127
1128 nxpdev->fw_dnld_v3_offset = offset - nxpdev->fw_v3_offset_correction;
1129 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
1130 nxpdev->fw_dnld_v3_offset, len);
1131
1132free_skb:
1133 kfree_skb(skb);
1134 return 0;
1135}
1136
1137static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
1138{
1139 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1140 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
1141 struct ps_data *psdata = &nxpdev->psdata;
1142 struct sk_buff *skb;
1143 u8 *status;
1144
1145 if (!psdata)
1146 return 0;
1147
1148 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
1149 if (IS_ERR(skb)) {
1150 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
1151 return PTR_ERR(skb);
1152 }
1153
1154 status = (u8 *)skb_pull_data(skb, 1);
1155 if (status) {
1156 if (*status == 0) {
1157 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
1158 nxpdev->current_baudrate = nxpdev->new_baudrate;
1159 }
1160 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
1161 *status, nxpdev->new_baudrate);
1162 }
1163 kfree_skb(skb);
1164
1165 return 0;
1166}
1167
1168static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
1169{
1170 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
1171 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1172 serdev_device_set_flow_control(nxpdev->serdev, false);
1173 else
1174 serdev_device_set_flow_control(nxpdev->serdev, true);
1175 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1176
1177 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1178 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1179 &nxpdev->tx_state),
1180 msecs_to_jiffies(1000));
1181}
1182
1183static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1184{
1185 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1186 0x01, BTNXPUART_IR_HW_ERR };
1187 struct sk_buff *skb;
1188
1189 skb = bt_skb_alloc(3, GFP_ATOMIC);
1190 if (!skb)
1191 return -ENOMEM;
1192
1193 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1194 skb_put_data(skb, ir_hw_err, 3);
1195
1196 /* Inject Hardware Error to upper stack */
1197 return hci_recv_frame(hdev, skb);
1198}
1199
1200/* NXP protocol */
1201static int nxp_setup(struct hci_dev *hdev)
1202{
1203 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1204 int err = 0;
1205
1206 if (nxp_check_boot_sign(nxpdev)) {
1207 bt_dev_dbg(hdev, "Need FW Download.");
1208 err = nxp_download_firmware(hdev);
1209 if (err < 0)
1210 return err;
1211 } else {
1212 bt_dev_info(hdev, "FW already running.");
1213 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1214 }
1215
1216 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1217 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1218
1219 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1220 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1221 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1222 }
1223
1224 ps_init(hdev);
1225
1226 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1227 hci_dev_clear_flag(hdev, HCI_SETUP);
1228
1229 return 0;
1230}
1231
1232static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1233{
1234 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1235
1236 switch (code) {
1237 case BTNXPUART_IR_HW_ERR:
1238 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1239 hci_dev_set_flag(hdev, HCI_SETUP);
1240 break;
1241 default:
1242 break;
1243 }
1244}
1245
1246static int nxp_shutdown(struct hci_dev *hdev)
1247{
1248 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1249 struct sk_buff *skb;
1250 u8 *status;
1251 u8 pcmd = 0;
1252
1253 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1254 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1255 if (IS_ERR(skb))
1256 return PTR_ERR(skb);
1257
1258 status = skb_pull_data(skb, 1);
1259 if (status) {
1260 serdev_device_set_flow_control(nxpdev->serdev, false);
1261 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1262 }
1263 kfree_skb(skb);
1264 }
1265
1266 return 0;
1267}
1268
1269static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1270{
1271 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1272
1273 /* Prepend skb with frame type */
1274 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1275 skb_queue_tail(&nxpdev->txq, skb);
1276 btnxpuart_tx_wakeup(nxpdev);
1277 return 0;
1278}
1279
1280static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1281{
1282 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1283 struct ps_data *psdata = &nxpdev->psdata;
1284 struct hci_command_hdr *hdr;
1285 struct psmode_cmd_payload ps_parm;
1286 struct wakeup_cmd_payload wakeup_parm;
1287 __le32 baudrate_parm;
1288
1289 /* if vendor commands are received from user space (e.g. hcitool), update
1290 * driver flags accordingly and ask driver to re-send the command to FW.
1291 * In case the payload for any command does not match expected payload
1292 * length, let the firmware and user space program handle it, or throw
1293 * an error.
1294 */
1295 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1296 hdr = (struct hci_command_hdr *)skb->data;
1297 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1298 return btnxpuart_queue_skb(hdev, skb);
1299
1300 switch (__le16_to_cpu(hdr->opcode)) {
1301 case HCI_NXP_AUTO_SLEEP_MODE:
1302 if (hdr->plen == sizeof(ps_parm)) {
1303 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1304 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1305 psdata->target_ps_mode = PS_MODE_ENABLE;
1306 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1307 psdata->target_ps_mode = PS_MODE_DISABLE;
1308 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1309 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1310 goto free_skb;
1311 }
1312 break;
1313 case HCI_NXP_WAKEUP_METHOD:
1314 if (hdr->plen == sizeof(wakeup_parm)) {
1315 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1316 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1317 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1318 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1319 switch (wakeup_parm.h2c_wakeupmode) {
1320 case BT_CTRL_WAKEUP_METHOD_GPIO:
1321 psdata->h2c_wakeupmode = WAKEUP_METHOD_GPIO;
1322 break;
1323 case BT_CTRL_WAKEUP_METHOD_DSR:
1324 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1325 break;
1326 case BT_CTRL_WAKEUP_METHOD_BREAK:
1327 default:
1328 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1329 break;
1330 }
1331 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1332 goto free_skb;
1333 }
1334 break;
1335 case HCI_NXP_SET_OPER_SPEED:
1336 if (hdr->plen == sizeof(baudrate_parm)) {
1337 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1338 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1339 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1340 goto free_skb;
1341 }
1342 break;
1343 case HCI_NXP_IND_RESET:
1344 if (hdr->plen == 1) {
1345 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1346 goto free_skb;
1347 }
1348 break;
1349 default:
1350 break;
1351 }
1352 }
1353
1354 return btnxpuart_queue_skb(hdev, skb);
1355
1356free_skb:
1357 kfree_skb(skb);
1358 return 0;
1359}
1360
1361static struct sk_buff *nxp_dequeue(void *data)
1362{
1363 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1364
1365 ps_start_timer(nxpdev);
1366 return skb_dequeue(&nxpdev->txq);
1367}
1368
1369/* btnxpuart based on serdev */
1370static void btnxpuart_tx_work(struct work_struct *work)
1371{
1372 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1373 tx_work);
1374 struct serdev_device *serdev = nxpdev->serdev;
1375 struct hci_dev *hdev = nxpdev->hdev;
1376 struct sk_buff *skb;
1377 int len;
1378
1379 if (ps_wakeup(nxpdev))
1380 return;
1381
1382 while ((skb = nxp_dequeue(nxpdev))) {
1383 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1384 hdev->stat.byte_tx += len;
1385
1386 skb_pull(skb, len);
1387 if (skb->len > 0) {
1388 skb_queue_head(&nxpdev->txq, skb);
1389 continue;
1390 }
1391
1392 switch (hci_skb_pkt_type(skb)) {
1393 case HCI_COMMAND_PKT:
1394 hdev->stat.cmd_tx++;
1395 break;
1396 case HCI_ACLDATA_PKT:
1397 hdev->stat.acl_tx++;
1398 break;
1399 case HCI_SCODATA_PKT:
1400 hdev->stat.sco_tx++;
1401 break;
1402 }
1403
1404 kfree_skb(skb);
1405 }
1406 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1407}
1408
1409static int btnxpuart_open(struct hci_dev *hdev)
1410{
1411 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1412 int err = 0;
1413
1414 err = serdev_device_open(nxpdev->serdev);
1415 if (err) {
1416 bt_dev_err(hdev, "Unable to open UART device %s",
1417 dev_name(&nxpdev->serdev->dev));
1418 } else {
1419 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1420 }
1421 return err;
1422}
1423
1424static int btnxpuart_close(struct hci_dev *hdev)
1425{
1426 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1427
1428 serdev_device_close(nxpdev->serdev);
1429 skb_queue_purge(&nxpdev->txq);
1430 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1431 kfree_skb(nxpdev->rx_skb);
1432 nxpdev->rx_skb = NULL;
1433 }
1434 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1435 return 0;
1436}
1437
1438static int btnxpuart_flush(struct hci_dev *hdev)
1439{
1440 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1441
1442 /* Flush any pending characters */
1443 serdev_device_write_flush(nxpdev->serdev);
1444 skb_queue_purge(&nxpdev->txq);
1445
1446 cancel_work_sync(&nxpdev->tx_work);
1447
1448 if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) {
1449 kfree_skb(nxpdev->rx_skb);
1450 nxpdev->rx_skb = NULL;
1451 }
1452
1453 return 0;
1454}
1455
1456static const struct h4_recv_pkt nxp_recv_pkts[] = {
1457 { H4_RECV_ACL, .recv = hci_recv_frame },
1458 { H4_RECV_SCO, .recv = hci_recv_frame },
1459 { H4_RECV_EVENT, .recv = hci_recv_frame },
1460 { H4_RECV_ISO, .recv = hci_recv_frame },
1461 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1462 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1463 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1464 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1465};
1466
1467static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1468 const u8 *data, size_t count)
1469{
1470 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1471
1472 ps_start_timer(nxpdev);
1473
1474 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1475 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1476 if (IS_ERR(nxpdev->rx_skb)) {
1477 int err = PTR_ERR(nxpdev->rx_skb);
1478 /* Safe to ignore out-of-sync bootloader signatures */
1479 if (!is_fw_downloading(nxpdev))
1480 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1481 return count;
1482 }
1483 if (!is_fw_downloading(nxpdev))
1484 nxpdev->hdev->stat.byte_rx += count;
1485 return count;
1486}
1487
1488static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1489{
1490 serdev_device_write_wakeup(serdev);
1491}
1492
1493static const struct serdev_device_ops btnxpuart_client_ops = {
1494 .receive_buf = btnxpuart_receive_buf,
1495 .write_wakeup = btnxpuart_write_wakeup,
1496};
1497
1498static int nxp_serdev_probe(struct serdev_device *serdev)
1499{
1500 struct hci_dev *hdev;
1501 struct btnxpuart_dev *nxpdev;
1502
1503 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1504 if (!nxpdev)
1505 return -ENOMEM;
1506
1507 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1508
1509 nxpdev->serdev = serdev;
1510 serdev_device_set_drvdata(serdev, nxpdev);
1511
1512 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1513
1514 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1515 skb_queue_head_init(&nxpdev->txq);
1516
1517 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1518 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1519
1520 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1521 &nxpdev->fw_init_baudrate);
1522 if (!nxpdev->fw_init_baudrate)
1523 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1524
1525 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1526
1527 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1528
1529 /* Initialize and register HCI device */
1530 hdev = hci_alloc_dev();
1531 if (!hdev) {
1532 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1533 return -ENOMEM;
1534 }
1535
1536 nxpdev->hdev = hdev;
1537
1538 hdev->bus = HCI_UART;
1539 hci_set_drvdata(hdev, nxpdev);
1540
1541 hdev->manufacturer = MANUFACTURER_NXP;
1542 hdev->open = btnxpuart_open;
1543 hdev->close = btnxpuart_close;
1544 hdev->flush = btnxpuart_flush;
1545 hdev->setup = nxp_setup;
1546 hdev->send = nxp_enqueue;
1547 hdev->hw_error = nxp_hw_err;
1548 hdev->shutdown = nxp_shutdown;
1549 SET_HCIDEV_DEV(hdev, &serdev->dev);
1550
1551 if (hci_register_dev(hdev) < 0) {
1552 dev_err(&serdev->dev, "Can't register HCI device\n");
1553 goto probe_fail;
1554 }
1555
1556 if (ps_setup(hdev))
1557 goto probe_fail;
1558
1559 return 0;
1560
1561probe_fail:
1562 hci_free_dev(hdev);
1563 return -ENODEV;
1564}
1565
1566static void nxp_serdev_remove(struct serdev_device *serdev)
1567{
1568 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1569 struct hci_dev *hdev = nxpdev->hdev;
1570
1571 if (is_fw_downloading(nxpdev)) {
1572 set_bit(BTNXPUART_FW_DOWNLOAD_ABORT, &nxpdev->tx_state);
1573 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1574 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
1575 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
1576 } else {
1577 /* Restore FW baudrate to fw_init_baudrate if changed.
1578 * This will ensure FW baudrate is in sync with
1579 * driver baudrate in case this driver is re-inserted.
1580 */
1581 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1582 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1583 nxp_set_baudrate_cmd(hdev, NULL);
1584 }
1585 }
1586 ps_cleanup(nxpdev);
1587 hci_unregister_dev(hdev);
1588 hci_free_dev(hdev);
1589}
1590
1591#ifdef CONFIG_PM_SLEEP
1592static int nxp_serdev_suspend(struct device *dev)
1593{
1594 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1595 struct ps_data *psdata = &nxpdev->psdata;
1596
1597 ps_control(psdata->hdev, PS_STATE_SLEEP);
1598 return 0;
1599}
1600
1601static int nxp_serdev_resume(struct device *dev)
1602{
1603 struct btnxpuart_dev *nxpdev = dev_get_drvdata(dev);
1604 struct ps_data *psdata = &nxpdev->psdata;
1605
1606 ps_control(psdata->hdev, PS_STATE_AWAKE);
1607 return 0;
1608}
1609#endif
1610
1611static struct btnxpuart_data w8987_data __maybe_unused = {
1612 .helper_fw_name = NULL,
1613 .fw_name = FIRMWARE_W8987,
1614 .fw_name_old = FIRMWARE_W8987_OLD,
1615};
1616
1617static struct btnxpuart_data w8997_data __maybe_unused = {
1618 .helper_fw_name = FIRMWARE_HELPER,
1619 .fw_name = FIRMWARE_W8997,
1620 .fw_name_old = FIRMWARE_W8997_OLD,
1621};
1622
1623static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1624 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1625 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1626 { }
1627};
1628MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1629
1630static const struct dev_pm_ops nxp_pm_ops = {
1631 SET_SYSTEM_SLEEP_PM_OPS(nxp_serdev_suspend, nxp_serdev_resume)
1632};
1633
1634static struct serdev_device_driver nxp_serdev_driver = {
1635 .probe = nxp_serdev_probe,
1636 .remove = nxp_serdev_remove,
1637 .driver = {
1638 .name = "btnxpuart",
1639 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1640 .pm = &nxp_pm_ops,
1641 },
1642};
1643
1644module_serdev_device_driver(nxp_serdev_driver);
1645
1646MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1647MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1648MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * NXP Bluetooth driver
4 * Copyright 2023 NXP
5 */
6
7#include <linux/module.h>
8#include <linux/kernel.h>
9
10#include <linux/serdev.h>
11#include <linux/of.h>
12#include <linux/skbuff.h>
13#include <asm/unaligned.h>
14#include <linux/firmware.h>
15#include <linux/string.h>
16#include <linux/crc8.h>
17#include <linux/crc32.h>
18#include <linux/string_helpers.h>
19
20#include <net/bluetooth/bluetooth.h>
21#include <net/bluetooth/hci_core.h>
22
23#include "h4_recv.h"
24
25#define MANUFACTURER_NXP 37
26
27#define BTNXPUART_TX_STATE_ACTIVE 1
28#define BTNXPUART_FW_DOWNLOADING 2
29#define BTNXPUART_CHECK_BOOT_SIGNATURE 3
30#define BTNXPUART_SERDEV_OPEN 4
31#define BTNXPUART_IR_IN_PROGRESS 5
32
33/* NXP HW err codes */
34#define BTNXPUART_IR_HW_ERR 0xb0
35
36#define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin"
37#define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin"
38#define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin"
39#define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin"
40#define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se"
41#define FIRMWARE_IW624 "nxp/uartiw624_bt.bin"
42#define FIRMWARE_SECURE_IW624 "nxp/uartiw624_bt.bin.se"
43#define FIRMWARE_AW693 "nxp/uartaw693_bt.bin"
44#define FIRMWARE_SECURE_AW693 "nxp/uartaw693_bt.bin.se"
45#define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin"
46
47#define CHIP_ID_W9098 0x5c03
48#define CHIP_ID_IW416 0x7201
49#define CHIP_ID_IW612 0x7601
50#define CHIP_ID_IW624a 0x8000
51#define CHIP_ID_IW624c 0x8001
52#define CHIP_ID_AW693 0x8200
53
54#define FW_SECURE_MASK 0xc0
55#define FW_OPEN 0x00
56#define FW_AUTH_ILLEGAL 0x40
57#define FW_AUTH_PLAIN 0x80
58#define FW_AUTH_ENC 0xc0
59
60#define HCI_NXP_PRI_BAUDRATE 115200
61#define HCI_NXP_SEC_BAUDRATE 3000000
62
63#define MAX_FW_FILE_NAME_LEN 50
64
65/* Default ps timeout period in milliseconds */
66#define PS_DEFAULT_TIMEOUT_PERIOD_MS 2000
67
68/* wakeup methods */
69#define WAKEUP_METHOD_DTR 0
70#define WAKEUP_METHOD_BREAK 1
71#define WAKEUP_METHOD_EXT_BREAK 2
72#define WAKEUP_METHOD_RTS 3
73#define WAKEUP_METHOD_INVALID 0xff
74
75/* power save mode status */
76#define PS_MODE_DISABLE 0
77#define PS_MODE_ENABLE 1
78
79/* Power Save Commands to ps_work_func */
80#define PS_CMD_EXIT_PS 1
81#define PS_CMD_ENTER_PS 2
82
83/* power save state */
84#define PS_STATE_AWAKE 0
85#define PS_STATE_SLEEP 1
86
87/* Bluetooth vendor command : Sleep mode */
88#define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
89/* Bluetooth vendor command : Wakeup method */
90#define HCI_NXP_WAKEUP_METHOD 0xfc53
91/* Bluetooth vendor command : Set operational baudrate */
92#define HCI_NXP_SET_OPER_SPEED 0xfc09
93/* Bluetooth vendor command: Independent Reset */
94#define HCI_NXP_IND_RESET 0xfcfc
95
96/* Bluetooth Power State : Vendor cmd params */
97#define BT_PS_ENABLE 0x02
98#define BT_PS_DISABLE 0x03
99
100/* Bluetooth Host Wakeup Methods */
101#define BT_HOST_WAKEUP_METHOD_NONE 0x00
102#define BT_HOST_WAKEUP_METHOD_DTR 0x01
103#define BT_HOST_WAKEUP_METHOD_BREAK 0x02
104#define BT_HOST_WAKEUP_METHOD_GPIO 0x03
105
106/* Bluetooth Chip Wakeup Methods */
107#define BT_CTRL_WAKEUP_METHOD_DSR 0x00
108#define BT_CTRL_WAKEUP_METHOD_BREAK 0x01
109#define BT_CTRL_WAKEUP_METHOD_GPIO 0x02
110#define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
111#define BT_CTRL_WAKEUP_METHOD_RTS 0x05
112
113struct ps_data {
114 u8 target_ps_mode; /* ps mode to be set */
115 u8 cur_psmode; /* current ps_mode */
116 u8 ps_state; /* controller's power save state */
117 u8 ps_cmd;
118 u8 h2c_wakeupmode;
119 u8 cur_h2c_wakeupmode;
120 u8 c2h_wakeupmode;
121 u8 c2h_wakeup_gpio;
122 u8 h2c_wakeup_gpio;
123 bool driver_sent_cmd;
124 u16 h2c_ps_interval;
125 u16 c2h_ps_interval;
126 struct hci_dev *hdev;
127 struct work_struct work;
128 struct timer_list ps_timer;
129 struct mutex ps_lock;
130};
131
132struct wakeup_cmd_payload {
133 u8 c2h_wakeupmode;
134 u8 c2h_wakeup_gpio;
135 u8 h2c_wakeupmode;
136 u8 h2c_wakeup_gpio;
137} __packed;
138
139struct psmode_cmd_payload {
140 u8 ps_cmd;
141 __le16 c2h_ps_interval;
142} __packed;
143
144struct btnxpuart_data {
145 const char *helper_fw_name;
146 const char *fw_name;
147};
148
149struct btnxpuart_dev {
150 struct hci_dev *hdev;
151 struct serdev_device *serdev;
152
153 struct work_struct tx_work;
154 unsigned long tx_state;
155 struct sk_buff_head txq;
156 struct sk_buff *rx_skb;
157
158 const struct firmware *fw;
159 u8 fw_name[MAX_FW_FILE_NAME_LEN];
160 u32 fw_dnld_v1_offset;
161 u32 fw_v1_sent_bytes;
162 u32 fw_v3_offset_correction;
163 u32 fw_v1_expected_len;
164 u32 boot_reg_offset;
165 wait_queue_head_t fw_dnld_done_wait_q;
166 wait_queue_head_t check_boot_sign_wait_q;
167
168 u32 new_baudrate;
169 u32 current_baudrate;
170 u32 fw_init_baudrate;
171 bool timeout_changed;
172 bool baudrate_changed;
173 bool helper_downloaded;
174
175 struct ps_data psdata;
176 struct btnxpuart_data *nxp_data;
177};
178
179#define NXP_V1_FW_REQ_PKT 0xa5
180#define NXP_V1_CHIP_VER_PKT 0xaa
181#define NXP_V3_FW_REQ_PKT 0xa7
182#define NXP_V3_CHIP_VER_PKT 0xab
183
184#define NXP_ACK_V1 0x5a
185#define NXP_NAK_V1 0xbf
186#define NXP_ACK_V3 0x7a
187#define NXP_NAK_V3 0x7b
188#define NXP_CRC_ERROR_V3 0x7c
189
190#define HDR_LEN 16
191
192#define NXP_RECV_CHIP_VER_V1 \
193 .type = NXP_V1_CHIP_VER_PKT, \
194 .hlen = 4, \
195 .loff = 0, \
196 .lsize = 0, \
197 .maxlen = 4
198
199#define NXP_RECV_FW_REQ_V1 \
200 .type = NXP_V1_FW_REQ_PKT, \
201 .hlen = 4, \
202 .loff = 0, \
203 .lsize = 0, \
204 .maxlen = 4
205
206#define NXP_RECV_CHIP_VER_V3 \
207 .type = NXP_V3_CHIP_VER_PKT, \
208 .hlen = 4, \
209 .loff = 0, \
210 .lsize = 0, \
211 .maxlen = 4
212
213#define NXP_RECV_FW_REQ_V3 \
214 .type = NXP_V3_FW_REQ_PKT, \
215 .hlen = 9, \
216 .loff = 0, \
217 .lsize = 0, \
218 .maxlen = 9
219
220struct v1_data_req {
221 __le16 len;
222 __le16 len_comp;
223} __packed;
224
225struct v1_start_ind {
226 __le16 chip_id;
227 __le16 chip_id_comp;
228} __packed;
229
230struct v3_data_req {
231 __le16 len;
232 __le32 offset;
233 __le16 error;
234 u8 crc;
235} __packed;
236
237struct v3_start_ind {
238 __le16 chip_id;
239 u8 loader_ver;
240 u8 crc;
241} __packed;
242
243/* UART register addresses of BT chip */
244#define CLKDIVADDR 0x7f00008f
245#define UARTDIVADDR 0x7f000090
246#define UARTMCRADDR 0x7f000091
247#define UARTREINITADDR 0x7f000092
248#define UARTICRADDR 0x7f000093
249#define UARTFCRADDR 0x7f000094
250
251#define MCR 0x00000022
252#define INIT 0x00000001
253#define ICR 0x000000c7
254#define FCR 0x000000c7
255
256#define POLYNOMIAL8 0x07
257
258struct uart_reg {
259 __le32 address;
260 __le32 value;
261} __packed;
262
263struct uart_config {
264 struct uart_reg clkdiv;
265 struct uart_reg uartdiv;
266 struct uart_reg mcr;
267 struct uart_reg re_init;
268 struct uart_reg icr;
269 struct uart_reg fcr;
270 __be32 crc;
271} __packed;
272
273struct nxp_bootloader_cmd {
274 __le32 header;
275 __le32 arg;
276 __le32 payload_len;
277 __be32 crc;
278} __packed;
279
280static u8 crc8_table[CRC8_TABLE_SIZE];
281
282/* Default configurations */
283#define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
284#define DEFAULT_PS_MODE PS_MODE_DISABLE
285#define FW_INIT_BAUDRATE HCI_NXP_PRI_BAUDRATE
286
287static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
288 u32 plen,
289 void *param)
290{
291 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
292 struct ps_data *psdata = &nxpdev->psdata;
293 struct sk_buff *skb;
294
295 /* set flag to prevent nxp_enqueue from parsing values from this command and
296 * calling hci_cmd_sync_queue() again.
297 */
298 psdata->driver_sent_cmd = true;
299 skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
300 psdata->driver_sent_cmd = false;
301
302 return skb;
303}
304
305static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
306{
307 if (schedule_work(&nxpdev->tx_work))
308 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
309}
310
311/* NXP Power Save Feature */
312static void ps_start_timer(struct btnxpuart_dev *nxpdev)
313{
314 struct ps_data *psdata = &nxpdev->psdata;
315
316 if (!psdata)
317 return;
318
319 if (psdata->cur_psmode == PS_MODE_ENABLE)
320 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
321
322 if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
323 cancel_work_sync(&psdata->work);
324}
325
326static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
327{
328 struct ps_data *psdata = &nxpdev->psdata;
329
330 flush_work(&psdata->work);
331 del_timer_sync(&psdata->ps_timer);
332}
333
334static void ps_control(struct hci_dev *hdev, u8 ps_state)
335{
336 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
337 struct ps_data *psdata = &nxpdev->psdata;
338 int status;
339
340 if (psdata->ps_state == ps_state ||
341 !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
342 return;
343
344 mutex_lock(&psdata->ps_lock);
345 switch (psdata->cur_h2c_wakeupmode) {
346 case WAKEUP_METHOD_DTR:
347 if (ps_state == PS_STATE_AWAKE)
348 status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
349 else
350 status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
351 break;
352 case WAKEUP_METHOD_BREAK:
353 default:
354 if (ps_state == PS_STATE_AWAKE)
355 status = serdev_device_break_ctl(nxpdev->serdev, 0);
356 else
357 status = serdev_device_break_ctl(nxpdev->serdev, -1);
358 msleep(20); /* Allow chip to detect UART-break and enter sleep */
359 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
360 str_on_off(ps_state == PS_STATE_SLEEP), status);
361 break;
362 }
363 if (!status)
364 psdata->ps_state = ps_state;
365 mutex_unlock(&psdata->ps_lock);
366
367 if (ps_state == PS_STATE_AWAKE)
368 btnxpuart_tx_wakeup(nxpdev);
369}
370
371static void ps_work_func(struct work_struct *work)
372{
373 struct ps_data *data = container_of(work, struct ps_data, work);
374
375 if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
376 ps_control(data->hdev, PS_STATE_SLEEP);
377 else if (data->ps_cmd == PS_CMD_EXIT_PS)
378 ps_control(data->hdev, PS_STATE_AWAKE);
379}
380
381static void ps_timeout_func(struct timer_list *t)
382{
383 struct ps_data *data = from_timer(data, t, ps_timer);
384 struct hci_dev *hdev = data->hdev;
385 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
386
387 if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
388 ps_start_timer(nxpdev);
389 } else {
390 data->ps_cmd = PS_CMD_ENTER_PS;
391 schedule_work(&data->work);
392 }
393}
394
395static void ps_setup(struct hci_dev *hdev)
396{
397 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
398 struct ps_data *psdata = &nxpdev->psdata;
399
400 psdata->hdev = hdev;
401 INIT_WORK(&psdata->work, ps_work_func);
402 mutex_init(&psdata->ps_lock);
403 timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
404}
405
406static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
407{
408 struct ps_data *psdata = &nxpdev->psdata;
409 u8 ps_state;
410
411 mutex_lock(&psdata->ps_lock);
412 ps_state = psdata->ps_state;
413 mutex_unlock(&psdata->ps_lock);
414
415 if (ps_state != PS_STATE_AWAKE) {
416 psdata->ps_cmd = PS_CMD_EXIT_PS;
417 schedule_work(&psdata->work);
418 return true;
419 }
420 return false;
421}
422
423static int send_ps_cmd(struct hci_dev *hdev, void *data)
424{
425 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
426 struct ps_data *psdata = &nxpdev->psdata;
427 struct psmode_cmd_payload pcmd;
428 struct sk_buff *skb;
429 u8 *status;
430
431 if (psdata->target_ps_mode == PS_MODE_ENABLE)
432 pcmd.ps_cmd = BT_PS_ENABLE;
433 else
434 pcmd.ps_cmd = BT_PS_DISABLE;
435 pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
436
437 skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
438 if (IS_ERR(skb)) {
439 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
440 return PTR_ERR(skb);
441 }
442
443 status = skb_pull_data(skb, 1);
444 if (status) {
445 if (!*status)
446 psdata->cur_psmode = psdata->target_ps_mode;
447 else
448 psdata->target_ps_mode = psdata->cur_psmode;
449 if (psdata->cur_psmode == PS_MODE_ENABLE)
450 ps_start_timer(nxpdev);
451 else
452 ps_wakeup(nxpdev);
453 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
454 *status, psdata->cur_psmode);
455 }
456 kfree_skb(skb);
457
458 return 0;
459}
460
461static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
462{
463 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
464 struct ps_data *psdata = &nxpdev->psdata;
465 struct wakeup_cmd_payload pcmd;
466 struct sk_buff *skb;
467 u8 *status;
468
469 pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
470 pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
471 switch (psdata->h2c_wakeupmode) {
472 case WAKEUP_METHOD_DTR:
473 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
474 break;
475 case WAKEUP_METHOD_BREAK:
476 default:
477 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
478 break;
479 }
480 pcmd.h2c_wakeup_gpio = 0xff;
481
482 skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
483 if (IS_ERR(skb)) {
484 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
485 return PTR_ERR(skb);
486 }
487
488 status = skb_pull_data(skb, 1);
489 if (status) {
490 if (*status == 0)
491 psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
492 else
493 psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
494 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
495 *status, psdata->cur_h2c_wakeupmode);
496 }
497 kfree_skb(skb);
498
499 return 0;
500}
501
502static void ps_init(struct hci_dev *hdev)
503{
504 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
505 struct ps_data *psdata = &nxpdev->psdata;
506
507 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
508 usleep_range(5000, 10000);
509 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
510 usleep_range(5000, 10000);
511
512 psdata->ps_state = PS_STATE_AWAKE;
513 psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
514 psdata->c2h_wakeup_gpio = 0xff;
515
516 psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
517 psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
518 switch (DEFAULT_H2C_WAKEUP_MODE) {
519 case WAKEUP_METHOD_DTR:
520 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
521 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
522 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
523 break;
524 case WAKEUP_METHOD_BREAK:
525 default:
526 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
527 serdev_device_break_ctl(nxpdev->serdev, -1);
528 usleep_range(5000, 10000);
529 serdev_device_break_ctl(nxpdev->serdev, 0);
530 usleep_range(5000, 10000);
531 break;
532 }
533
534 psdata->cur_psmode = PS_MODE_DISABLE;
535 psdata->target_ps_mode = DEFAULT_PS_MODE;
536
537 if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
538 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
539 if (psdata->cur_psmode != psdata->target_ps_mode)
540 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
541}
542
543/* NXP Firmware Download Feature */
544static int nxp_download_firmware(struct hci_dev *hdev)
545{
546 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
547 int err = 0;
548
549 nxpdev->fw_dnld_v1_offset = 0;
550 nxpdev->fw_v1_sent_bytes = 0;
551 nxpdev->fw_v1_expected_len = HDR_LEN;
552 nxpdev->boot_reg_offset = 0;
553 nxpdev->fw_v3_offset_correction = 0;
554 nxpdev->baudrate_changed = false;
555 nxpdev->timeout_changed = false;
556 nxpdev->helper_downloaded = false;
557
558 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
559 serdev_device_set_flow_control(nxpdev->serdev, false);
560 nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
561
562 /* Wait till FW is downloaded */
563 err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
564 !test_bit(BTNXPUART_FW_DOWNLOADING,
565 &nxpdev->tx_state),
566 msecs_to_jiffies(60000));
567 if (err == 0) {
568 bt_dev_err(hdev, "FW Download Timeout.");
569 return -ETIMEDOUT;
570 }
571
572 serdev_device_set_flow_control(nxpdev->serdev, true);
573 release_firmware(nxpdev->fw);
574 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
575
576 /* Allow the downloaded FW to initialize */
577 msleep(1200);
578
579 return 0;
580}
581
582static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
583{
584 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
585 u8 ack_nak[2];
586 int len = 1;
587
588 ack_nak[0] = ack;
589 if (ack == NXP_ACK_V3) {
590 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
591 len = 2;
592 }
593 serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
594}
595
596static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
597{
598 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
599 struct nxp_bootloader_cmd nxp_cmd5;
600 struct uart_config uart_config;
601 u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
602 u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
603 u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
604 u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
605 u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
606 u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
607
608 if (req_len == sizeof(nxp_cmd5)) {
609 nxp_cmd5.header = __cpu_to_le32(5);
610 nxp_cmd5.arg = 0;
611 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
612 /* FW expects swapped CRC bytes */
613 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
614 sizeof(nxp_cmd5) - 4));
615
616 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
617 nxpdev->fw_v3_offset_correction += req_len;
618 } else if (req_len == sizeof(uart_config)) {
619 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
620 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
621 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
622 uart_config.uartdiv.value = __cpu_to_le32(1);
623 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
624 uart_config.mcr.value = __cpu_to_le32(MCR);
625 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
626 uart_config.re_init.value = __cpu_to_le32(INIT);
627 uart_config.icr.address = __cpu_to_le32(uarticraddr);
628 uart_config.icr.value = __cpu_to_le32(ICR);
629 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
630 uart_config.fcr.value = __cpu_to_le32(FCR);
631 /* FW expects swapped CRC bytes */
632 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
633 sizeof(uart_config) - 4));
634
635 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
636 serdev_device_wait_until_sent(nxpdev->serdev, 0);
637 nxpdev->fw_v3_offset_correction += req_len;
638 return true;
639 }
640 return false;
641}
642
643static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
644{
645 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
646 struct nxp_bootloader_cmd nxp_cmd7;
647
648 if (req_len != sizeof(nxp_cmd7))
649 return false;
650
651 nxp_cmd7.header = __cpu_to_le32(7);
652 nxp_cmd7.arg = __cpu_to_le32(0x70);
653 nxp_cmd7.payload_len = 0;
654 /* FW expects swapped CRC bytes */
655 nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
656 sizeof(nxp_cmd7) - 4));
657 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
658 serdev_device_wait_until_sent(nxpdev->serdev, 0);
659 nxpdev->fw_v3_offset_correction += req_len;
660 return true;
661}
662
663static u32 nxp_get_data_len(const u8 *buf)
664{
665 struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
666
667 return __le32_to_cpu(hdr->payload_len);
668}
669
670static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
671{
672 return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
673}
674
675static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
676{
677 if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
678 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
679 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
680 return false;
681 }
682 return is_fw_downloading(nxpdev);
683}
684
685static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
686{
687 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
688 int err = 0;
689
690 if (!fw_name)
691 return -ENOENT;
692
693 if (!strlen(nxpdev->fw_name)) {
694 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
695
696 bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
697 err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
698 if (err < 0) {
699 bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
700 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
701 }
702 }
703 return err;
704}
705
706/* for legacy chipsets with V1 bootloader */
707static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
708{
709 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
710 struct v1_start_ind *req;
711 __u16 chip_id;
712
713 req = skb_pull_data(skb, sizeof(*req));
714 if (!req)
715 goto free_skb;
716
717 chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
718 if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
719 nxpdev->fw_dnld_v1_offset = 0;
720 nxpdev->fw_v1_sent_bytes = 0;
721 nxpdev->fw_v1_expected_len = HDR_LEN;
722 release_firmware(nxpdev->fw);
723 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
724 nxp_send_ack(NXP_ACK_V1, hdev);
725 }
726
727free_skb:
728 kfree_skb(skb);
729 return 0;
730}
731
732static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
733{
734 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
735 struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
736 struct v1_data_req *req;
737 __u16 len;
738
739 if (!process_boot_signature(nxpdev))
740 goto free_skb;
741
742 req = skb_pull_data(skb, sizeof(*req));
743 if (!req)
744 goto free_skb;
745
746 len = __le16_to_cpu(req->len ^ req->len_comp);
747 if (len != 0xffff) {
748 bt_dev_dbg(hdev, "ERR: Send NAK");
749 nxp_send_ack(NXP_NAK_V1, hdev);
750 goto free_skb;
751 }
752 nxp_send_ack(NXP_ACK_V1, hdev);
753
754 len = __le16_to_cpu(req->len);
755
756 if (!nxp_data->helper_fw_name) {
757 if (!nxpdev->timeout_changed) {
758 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
759 len);
760 goto free_skb;
761 }
762 if (!nxpdev->baudrate_changed) {
763 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
764 len);
765 if (nxpdev->baudrate_changed) {
766 serdev_device_set_baudrate(nxpdev->serdev,
767 HCI_NXP_SEC_BAUDRATE);
768 serdev_device_set_flow_control(nxpdev->serdev, true);
769 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
770 }
771 goto free_skb;
772 }
773 }
774
775 if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
776 if (nxp_request_firmware(hdev, nxp_data->fw_name))
777 goto free_skb;
778 } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
779 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
780 goto free_skb;
781 }
782
783 if (!len) {
784 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
785 nxpdev->fw->size);
786 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
787 nxpdev->helper_downloaded = true;
788 serdev_device_wait_until_sent(nxpdev->serdev, 0);
789 serdev_device_set_baudrate(nxpdev->serdev,
790 HCI_NXP_SEC_BAUDRATE);
791 serdev_device_set_flow_control(nxpdev->serdev, true);
792 } else {
793 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
794 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
795 }
796 goto free_skb;
797 }
798 if (len & 0x01) {
799 /* The CRC did not match at the other end.
800 * Simply send the same bytes again.
801 */
802 len = nxpdev->fw_v1_sent_bytes;
803 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
804 } else {
805 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
806
807 /* The FW bin file is made up of many blocks of
808 * 16 byte header and payload data chunks. If the
809 * FW has requested a header, read the payload length
810 * info from the header, before sending the header.
811 * In the next iteration, the FW should request the
812 * payload data chunk, which should be equal to the
813 * payload length read from header. If there is a
814 * mismatch, clearly the driver and FW are out of sync,
815 * and we need to re-send the previous header again.
816 */
817 if (len == nxpdev->fw_v1_expected_len) {
818 if (len == HDR_LEN)
819 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
820 nxpdev->fw_dnld_v1_offset);
821 else
822 nxpdev->fw_v1_expected_len = HDR_LEN;
823 } else if (len == HDR_LEN) {
824 /* FW download out of sync. Send previous chunk again */
825 nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
826 nxpdev->fw_v1_expected_len = HDR_LEN;
827 }
828 }
829
830 if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
831 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
832 nxpdev->fw_dnld_v1_offset, len);
833 nxpdev->fw_v1_sent_bytes = len;
834
835free_skb:
836 kfree_skb(skb);
837 return 0;
838}
839
840static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
841 u8 loader_ver)
842{
843 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
844 char *fw_name = NULL;
845
846 switch (chipid) {
847 case CHIP_ID_W9098:
848 fw_name = FIRMWARE_W9098;
849 break;
850 case CHIP_ID_IW416:
851 fw_name = FIRMWARE_IW416;
852 break;
853 case CHIP_ID_IW612:
854 fw_name = FIRMWARE_IW612;
855 break;
856 case CHIP_ID_IW624a:
857 case CHIP_ID_IW624c:
858 nxpdev->boot_reg_offset = 1;
859 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
860 fw_name = FIRMWARE_IW624;
861 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
862 fw_name = FIRMWARE_SECURE_IW624;
863 else
864 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
865 break;
866 case CHIP_ID_AW693:
867 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
868 fw_name = FIRMWARE_AW693;
869 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
870 fw_name = FIRMWARE_SECURE_AW693;
871 else
872 bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
873 break;
874 default:
875 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
876 break;
877 }
878 return fw_name;
879}
880
881static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
882{
883 struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
884 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
885 u16 chip_id;
886 u8 loader_ver;
887
888 if (!process_boot_signature(nxpdev))
889 goto free_skb;
890
891 chip_id = le16_to_cpu(req->chip_id);
892 loader_ver = req->loader_ver;
893 if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
894 chip_id, loader_ver)))
895 nxp_send_ack(NXP_ACK_V3, hdev);
896
897free_skb:
898 kfree_skb(skb);
899 return 0;
900}
901
902static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
903{
904 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
905 struct v3_data_req *req;
906 __u16 len;
907 __u32 offset;
908
909 if (!process_boot_signature(nxpdev))
910 goto free_skb;
911
912 req = skb_pull_data(skb, sizeof(*req));
913 if (!req || !nxpdev->fw)
914 goto free_skb;
915
916 nxp_send_ack(NXP_ACK_V3, hdev);
917
918 len = __le16_to_cpu(req->len);
919
920 if (!nxpdev->timeout_changed) {
921 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
922 goto free_skb;
923 }
924
925 if (!nxpdev->baudrate_changed) {
926 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
927 if (nxpdev->baudrate_changed) {
928 serdev_device_set_baudrate(nxpdev->serdev,
929 HCI_NXP_SEC_BAUDRATE);
930 serdev_device_set_flow_control(nxpdev->serdev, true);
931 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
932 }
933 goto free_skb;
934 }
935
936 if (req->len == 0) {
937 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
938 nxpdev->fw->size);
939 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
940 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
941 goto free_skb;
942 }
943 if (req->error)
944 bt_dev_dbg(hdev, "FW Download received err 0x%02x from chip",
945 req->error);
946
947 offset = __le32_to_cpu(req->offset);
948 if (offset < nxpdev->fw_v3_offset_correction) {
949 /* This scenario should ideally never occur. But if it ever does,
950 * FW is out of sync and needs a power cycle.
951 */
952 bt_dev_err(hdev, "Something went wrong during FW download");
953 bt_dev_err(hdev, "Please power cycle and try again");
954 goto free_skb;
955 }
956
957 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + offset -
958 nxpdev->fw_v3_offset_correction, len);
959
960free_skb:
961 kfree_skb(skb);
962 return 0;
963}
964
965static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
966{
967 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
968 __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
969 struct ps_data *psdata = &nxpdev->psdata;
970 struct sk_buff *skb;
971 u8 *status;
972
973 if (!psdata)
974 return 0;
975
976 skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
977 if (IS_ERR(skb)) {
978 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
979 return PTR_ERR(skb);
980 }
981
982 status = (u8 *)skb_pull_data(skb, 1);
983 if (status) {
984 if (*status == 0) {
985 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
986 nxpdev->current_baudrate = nxpdev->new_baudrate;
987 }
988 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
989 *status, nxpdev->new_baudrate);
990 }
991 kfree_skb(skb);
992
993 return 0;
994}
995
996static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
997{
998 serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
999 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1000 serdev_device_set_flow_control(nxpdev->serdev, false);
1001 else
1002 serdev_device_set_flow_control(nxpdev->serdev, true);
1003 set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1004
1005 return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1006 !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1007 &nxpdev->tx_state),
1008 msecs_to_jiffies(1000));
1009}
1010
1011static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1012{
1013 static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1014 0x01, BTNXPUART_IR_HW_ERR };
1015 struct sk_buff *skb;
1016
1017 skb = bt_skb_alloc(3, GFP_ATOMIC);
1018 if (!skb)
1019 return -ENOMEM;
1020
1021 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1022 skb_put_data(skb, ir_hw_err, 3);
1023
1024 /* Inject Hardware Error to upper stack */
1025 return hci_recv_frame(hdev, skb);
1026}
1027
1028/* NXP protocol */
1029static int nxp_setup(struct hci_dev *hdev)
1030{
1031 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1032 int err = 0;
1033
1034 if (nxp_check_boot_sign(nxpdev)) {
1035 bt_dev_dbg(hdev, "Need FW Download.");
1036 err = nxp_download_firmware(hdev);
1037 if (err < 0)
1038 return err;
1039 } else {
1040 bt_dev_dbg(hdev, "FW already running.");
1041 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1042 }
1043
1044 serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1045 nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1046
1047 if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1048 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1049 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1050 }
1051
1052 ps_init(hdev);
1053
1054 if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1055 hci_dev_clear_flag(hdev, HCI_SETUP);
1056
1057 return 0;
1058}
1059
1060static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1061{
1062 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1063
1064 switch (code) {
1065 case BTNXPUART_IR_HW_ERR:
1066 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1067 hci_dev_set_flag(hdev, HCI_SETUP);
1068 break;
1069 default:
1070 break;
1071 }
1072}
1073
1074static int nxp_shutdown(struct hci_dev *hdev)
1075{
1076 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1077 struct sk_buff *skb;
1078 u8 *status;
1079 u8 pcmd = 0;
1080
1081 if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1082 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1083 if (IS_ERR(skb))
1084 return PTR_ERR(skb);
1085
1086 status = skb_pull_data(skb, 1);
1087 if (status) {
1088 serdev_device_set_flow_control(nxpdev->serdev, false);
1089 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1090 }
1091 kfree_skb(skb);
1092 }
1093
1094 return 0;
1095}
1096
1097static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1098{
1099 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1100
1101 /* Prepend skb with frame type */
1102 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1103 skb_queue_tail(&nxpdev->txq, skb);
1104 btnxpuart_tx_wakeup(nxpdev);
1105 return 0;
1106}
1107
1108static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1109{
1110 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1111 struct ps_data *psdata = &nxpdev->psdata;
1112 struct hci_command_hdr *hdr;
1113 struct psmode_cmd_payload ps_parm;
1114 struct wakeup_cmd_payload wakeup_parm;
1115 __le32 baudrate_parm;
1116
1117 /* if vendor commands are received from user space (e.g. hcitool), update
1118 * driver flags accordingly and ask driver to re-send the command to FW.
1119 * In case the payload for any command does not match expected payload
1120 * length, let the firmware and user space program handle it, or throw
1121 * an error.
1122 */
1123 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1124 hdr = (struct hci_command_hdr *)skb->data;
1125 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1126 return btnxpuart_queue_skb(hdev, skb);
1127
1128 switch (__le16_to_cpu(hdr->opcode)) {
1129 case HCI_NXP_AUTO_SLEEP_MODE:
1130 if (hdr->plen == sizeof(ps_parm)) {
1131 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1132 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1133 psdata->target_ps_mode = PS_MODE_ENABLE;
1134 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1135 psdata->target_ps_mode = PS_MODE_DISABLE;
1136 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1137 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1138 goto free_skb;
1139 }
1140 break;
1141 case HCI_NXP_WAKEUP_METHOD:
1142 if (hdr->plen == sizeof(wakeup_parm)) {
1143 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1144 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1145 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1146 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1147 switch (wakeup_parm.h2c_wakeupmode) {
1148 case BT_CTRL_WAKEUP_METHOD_DSR:
1149 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1150 break;
1151 case BT_CTRL_WAKEUP_METHOD_BREAK:
1152 default:
1153 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1154 break;
1155 }
1156 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1157 goto free_skb;
1158 }
1159 break;
1160 case HCI_NXP_SET_OPER_SPEED:
1161 if (hdr->plen == sizeof(baudrate_parm)) {
1162 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1163 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1164 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1165 goto free_skb;
1166 }
1167 break;
1168 case HCI_NXP_IND_RESET:
1169 if (hdr->plen == 1) {
1170 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1171 goto free_skb;
1172 }
1173 break;
1174 default:
1175 break;
1176 }
1177 }
1178
1179 return btnxpuart_queue_skb(hdev, skb);
1180
1181free_skb:
1182 kfree_skb(skb);
1183 return 0;
1184}
1185
1186static struct sk_buff *nxp_dequeue(void *data)
1187{
1188 struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1189
1190 ps_start_timer(nxpdev);
1191 return skb_dequeue(&nxpdev->txq);
1192}
1193
1194/* btnxpuart based on serdev */
1195static void btnxpuart_tx_work(struct work_struct *work)
1196{
1197 struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1198 tx_work);
1199 struct serdev_device *serdev = nxpdev->serdev;
1200 struct hci_dev *hdev = nxpdev->hdev;
1201 struct sk_buff *skb;
1202 int len;
1203
1204 if (ps_wakeup(nxpdev))
1205 return;
1206
1207 while ((skb = nxp_dequeue(nxpdev))) {
1208 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1209 hdev->stat.byte_tx += len;
1210
1211 skb_pull(skb, len);
1212 if (skb->len > 0) {
1213 skb_queue_head(&nxpdev->txq, skb);
1214 break;
1215 }
1216
1217 switch (hci_skb_pkt_type(skb)) {
1218 case HCI_COMMAND_PKT:
1219 hdev->stat.cmd_tx++;
1220 break;
1221 case HCI_ACLDATA_PKT:
1222 hdev->stat.acl_tx++;
1223 break;
1224 case HCI_SCODATA_PKT:
1225 hdev->stat.sco_tx++;
1226 break;
1227 }
1228
1229 kfree_skb(skb);
1230 }
1231 clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1232}
1233
1234static int btnxpuart_open(struct hci_dev *hdev)
1235{
1236 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1237 int err = 0;
1238
1239 err = serdev_device_open(nxpdev->serdev);
1240 if (err) {
1241 bt_dev_err(hdev, "Unable to open UART device %s",
1242 dev_name(&nxpdev->serdev->dev));
1243 } else {
1244 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1245 }
1246 return err;
1247}
1248
1249static int btnxpuart_close(struct hci_dev *hdev)
1250{
1251 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1252
1253 ps_wakeup(nxpdev);
1254 serdev_device_close(nxpdev->serdev);
1255 skb_queue_purge(&nxpdev->txq);
1256 kfree_skb(nxpdev->rx_skb);
1257 nxpdev->rx_skb = NULL;
1258 clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1259 return 0;
1260}
1261
1262static int btnxpuart_flush(struct hci_dev *hdev)
1263{
1264 struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1265
1266 /* Flush any pending characters */
1267 serdev_device_write_flush(nxpdev->serdev);
1268 skb_queue_purge(&nxpdev->txq);
1269
1270 cancel_work_sync(&nxpdev->tx_work);
1271
1272 kfree_skb(nxpdev->rx_skb);
1273 nxpdev->rx_skb = NULL;
1274
1275 return 0;
1276}
1277
1278static const struct h4_recv_pkt nxp_recv_pkts[] = {
1279 { H4_RECV_ACL, .recv = hci_recv_frame },
1280 { H4_RECV_SCO, .recv = hci_recv_frame },
1281 { H4_RECV_EVENT, .recv = hci_recv_frame },
1282 { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1283 { NXP_RECV_FW_REQ_V1, .recv = nxp_recv_fw_req_v1 },
1284 { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1285 { NXP_RECV_FW_REQ_V3, .recv = nxp_recv_fw_req_v3 },
1286};
1287
1288static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1289 const u8 *data, size_t count)
1290{
1291 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1292
1293 ps_start_timer(nxpdev);
1294
1295 nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1296 nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1297 if (IS_ERR(nxpdev->rx_skb)) {
1298 int err = PTR_ERR(nxpdev->rx_skb);
1299 /* Safe to ignore out-of-sync bootloader signatures */
1300 if (!is_fw_downloading(nxpdev))
1301 bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1302 return count;
1303 }
1304 if (!is_fw_downloading(nxpdev))
1305 nxpdev->hdev->stat.byte_rx += count;
1306 return count;
1307}
1308
1309static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1310{
1311 serdev_device_write_wakeup(serdev);
1312}
1313
1314static const struct serdev_device_ops btnxpuart_client_ops = {
1315 .receive_buf = btnxpuart_receive_buf,
1316 .write_wakeup = btnxpuart_write_wakeup,
1317};
1318
1319static int nxp_serdev_probe(struct serdev_device *serdev)
1320{
1321 struct hci_dev *hdev;
1322 struct btnxpuart_dev *nxpdev;
1323
1324 nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1325 if (!nxpdev)
1326 return -ENOMEM;
1327
1328 nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1329
1330 nxpdev->serdev = serdev;
1331 serdev_device_set_drvdata(serdev, nxpdev);
1332
1333 serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1334
1335 INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1336 skb_queue_head_init(&nxpdev->txq);
1337
1338 init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1339 init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1340
1341 device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1342 &nxpdev->fw_init_baudrate);
1343 if (!nxpdev->fw_init_baudrate)
1344 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1345
1346 set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1347
1348 crc8_populate_msb(crc8_table, POLYNOMIAL8);
1349
1350 /* Initialize and register HCI device */
1351 hdev = hci_alloc_dev();
1352 if (!hdev) {
1353 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1354 return -ENOMEM;
1355 }
1356
1357 nxpdev->hdev = hdev;
1358
1359 hdev->bus = HCI_UART;
1360 hci_set_drvdata(hdev, nxpdev);
1361
1362 hdev->manufacturer = MANUFACTURER_NXP;
1363 hdev->open = btnxpuart_open;
1364 hdev->close = btnxpuart_close;
1365 hdev->flush = btnxpuart_flush;
1366 hdev->setup = nxp_setup;
1367 hdev->send = nxp_enqueue;
1368 hdev->hw_error = nxp_hw_err;
1369 hdev->shutdown = nxp_shutdown;
1370 SET_HCIDEV_DEV(hdev, &serdev->dev);
1371
1372 if (hci_register_dev(hdev) < 0) {
1373 dev_err(&serdev->dev, "Can't register HCI device\n");
1374 hci_free_dev(hdev);
1375 return -ENODEV;
1376 }
1377
1378 ps_setup(hdev);
1379
1380 return 0;
1381}
1382
1383static void nxp_serdev_remove(struct serdev_device *serdev)
1384{
1385 struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1386 struct hci_dev *hdev = nxpdev->hdev;
1387
1388 /* Restore FW baudrate to fw_init_baudrate if changed.
1389 * This will ensure FW baudrate is in sync with
1390 * driver baudrate in case this driver is re-inserted.
1391 */
1392 if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1393 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1394 nxp_set_baudrate_cmd(hdev, NULL);
1395 }
1396
1397 ps_cancel_timer(nxpdev);
1398 hci_unregister_dev(hdev);
1399 hci_free_dev(hdev);
1400}
1401
1402static struct btnxpuart_data w8987_data __maybe_unused = {
1403 .helper_fw_name = NULL,
1404 .fw_name = FIRMWARE_W8987,
1405};
1406
1407static struct btnxpuart_data w8997_data __maybe_unused = {
1408 .helper_fw_name = FIRMWARE_HELPER,
1409 .fw_name = FIRMWARE_W8997,
1410};
1411
1412static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1413 { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1414 { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1415 { }
1416};
1417MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1418
1419static struct serdev_device_driver nxp_serdev_driver = {
1420 .probe = nxp_serdev_probe,
1421 .remove = nxp_serdev_remove,
1422 .driver = {
1423 .name = "btnxpuart",
1424 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1425 },
1426};
1427
1428module_serdev_device_driver(nxp_serdev_driver);
1429
1430MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1431MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1432MODULE_LICENSE("GPL");