1 /*
2 *
3 * Bluetooth HCI UART driver for Intel devices
4 *
5 * Copyright (C) 2015 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/kernel.h>
25 #include <linux/errno.h>
26 #include <linux/skbuff.h>
27 #include <linux/firmware.h>
28 #include <linux/module.h>
29 #include <linux/wait.h>
30 #include <linux/tty.h>
31 #include <linux/platform_device.h>
32 #include <linux/gpio/consumer.h>
33 #include <linux/acpi.h>
34 #include <linux/interrupt.h>
35 #include <linux/pm_runtime.h>
36
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39
40 #include "hci_uart.h"
41 #include "btintel.h"
42
43 #define STATE_BOOTLOADER 0
44 #define STATE_DOWNLOADING 1
45 #define STATE_FIRMWARE_LOADED 2
46 #define STATE_FIRMWARE_FAILED 3
47 #define STATE_BOOTING 4
48 #define STATE_LPM_ENABLED 5
49 #define STATE_TX_ACTIVE 6
50 #define STATE_SUSPENDED 7
51 #define STATE_LPM_TRANSACTION 8
52
53 #define HCI_LPM_WAKE_PKT 0xf0
54 #define HCI_LPM_PKT 0xf1
55 #define HCI_LPM_MAX_SIZE 10
56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE
57
58 #define LPM_OP_TX_NOTIFY 0x00
59 #define LPM_OP_SUSPEND_ACK 0x02
60 #define LPM_OP_RESUME_ACK 0x03
61
62 #define LPM_SUSPEND_DELAY_MS 1000
63
64 struct hci_lpm_pkt {
65 __u8 opcode;
66 __u8 dlen;
67 __u8 data[0];
68 } __packed;
69
70 struct intel_device {
71 struct list_head list;
72 struct platform_device *pdev;
73 struct gpio_desc *reset;
74 struct hci_uart *hu;
75 struct mutex hu_lock;
76 int irq;
77 };
78
79 static LIST_HEAD(intel_device_list);
80 static DEFINE_MUTEX(intel_device_list_lock);
81
82 struct intel_data {
83 struct sk_buff *rx_skb;
84 struct sk_buff_head txq;
85 struct work_struct busy_work;
86 struct hci_uart *hu;
87 unsigned long flags;
88 };
89
intel_convert_speed(unsigned int speed)90 static u8 intel_convert_speed(unsigned int speed)
91 {
92 switch (speed) {
93 case 9600:
94 return 0x00;
95 case 19200:
96 return 0x01;
97 case 38400:
98 return 0x02;
99 case 57600:
100 return 0x03;
101 case 115200:
102 return 0x04;
103 case 230400:
104 return 0x05;
105 case 460800:
106 return 0x06;
107 case 921600:
108 return 0x07;
109 case 1843200:
110 return 0x08;
111 case 3250000:
112 return 0x09;
113 case 2000000:
114 return 0x0a;
115 case 3000000:
116 return 0x0b;
117 default:
118 return 0xff;
119 }
120 }
121
intel_wait_booting(struct hci_uart * hu)122 static int intel_wait_booting(struct hci_uart *hu)
123 {
124 struct intel_data *intel = hu->priv;
125 int err;
126
127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING,
128 TASK_INTERRUPTIBLE,
129 msecs_to_jiffies(1000));
130
131 if (err == -EINTR) {
132 bt_dev_err(hu->hdev, "Device boot interrupted");
133 return -EINTR;
134 }
135
136 if (err) {
137 bt_dev_err(hu->hdev, "Device boot timeout");
138 return -ETIMEDOUT;
139 }
140
141 return err;
142 }
143
144 #ifdef CONFIG_PM
intel_wait_lpm_transaction(struct hci_uart * hu)145 static int intel_wait_lpm_transaction(struct hci_uart *hu)
146 {
147 struct intel_data *intel = hu->priv;
148 int err;
149
150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION,
151 TASK_INTERRUPTIBLE,
152 msecs_to_jiffies(1000));
153
154 if (err == -EINTR) {
155 bt_dev_err(hu->hdev, "LPM transaction interrupted");
156 return -EINTR;
157 }
158
159 if (err) {
160 bt_dev_err(hu->hdev, "LPM transaction timeout");
161 return -ETIMEDOUT;
162 }
163
164 return err;
165 }
166
intel_lpm_suspend(struct hci_uart * hu)167 static int intel_lpm_suspend(struct hci_uart *hu)
168 {
169 static const u8 suspend[] = { 0x01, 0x01, 0x01 };
170 struct intel_data *intel = hu->priv;
171 struct sk_buff *skb;
172
173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
174 test_bit(STATE_SUSPENDED, &intel->flags))
175 return 0;
176
177 if (test_bit(STATE_TX_ACTIVE, &intel->flags))
178 return -EAGAIN;
179
180 bt_dev_dbg(hu->hdev, "Suspending");
181
182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL);
183 if (!skb) {
184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
185 return -ENOMEM;
186 }
187
188 skb_put_data(skb, suspend, sizeof(suspend));
189 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
190
191 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
192
193 /* LPM flow is a priority, enqueue packet at list head */
194 skb_queue_head(&intel->txq, skb);
195 hci_uart_tx_wakeup(hu);
196
197 intel_wait_lpm_transaction(hu);
198 /* Even in case of failure, continue and test the suspended flag */
199
200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
201
202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) {
203 bt_dev_err(hu->hdev, "Device suspend error");
204 return -EINVAL;
205 }
206
207 bt_dev_dbg(hu->hdev, "Suspended");
208
209 hci_uart_set_flow_control(hu, true);
210
211 return 0;
212 }
213
intel_lpm_resume(struct hci_uart * hu)214 static int intel_lpm_resume(struct hci_uart *hu)
215 {
216 struct intel_data *intel = hu->priv;
217 struct sk_buff *skb;
218
219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
220 !test_bit(STATE_SUSPENDED, &intel->flags))
221 return 0;
222
223 bt_dev_dbg(hu->hdev, "Resuming");
224
225 hci_uart_set_flow_control(hu, false);
226
227 skb = bt_skb_alloc(0, GFP_KERNEL);
228 if (!skb) {
229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
230 return -ENOMEM;
231 }
232
233 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT;
234
235 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
236
237 /* LPM flow is a priority, enqueue packet at list head */
238 skb_queue_head(&intel->txq, skb);
239 hci_uart_tx_wakeup(hu);
240
241 intel_wait_lpm_transaction(hu);
242 /* Even in case of failure, continue and test the suspended flag */
243
244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
245
246 if (test_bit(STATE_SUSPENDED, &intel->flags)) {
247 bt_dev_err(hu->hdev, "Device resume error");
248 return -EINVAL;
249 }
250
251 bt_dev_dbg(hu->hdev, "Resumed");
252
253 return 0;
254 }
255 #endif /* CONFIG_PM */
256
intel_lpm_host_wake(struct hci_uart * hu)257 static int intel_lpm_host_wake(struct hci_uart *hu)
258 {
259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 };
260 struct intel_data *intel = hu->priv;
261 struct sk_buff *skb;
262
263 hci_uart_set_flow_control(hu, false);
264
265 clear_bit(STATE_SUSPENDED, &intel->flags);
266
267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL);
268 if (!skb) {
269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
270 return -ENOMEM;
271 }
272
273 skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack));
274 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
275
276 /* LPM flow is a priority, enqueue packet at list head */
277 skb_queue_head(&intel->txq, skb);
278 hci_uart_tx_wakeup(hu);
279
280 bt_dev_dbg(hu->hdev, "Resumed by controller");
281
282 return 0;
283 }
284
intel_irq(int irq,void * dev_id)285 static irqreturn_t intel_irq(int irq, void *dev_id)
286 {
287 struct intel_device *idev = dev_id;
288
289 dev_info(&idev->pdev->dev, "hci_intel irq\n");
290
291 mutex_lock(&idev->hu_lock);
292 if (idev->hu)
293 intel_lpm_host_wake(idev->hu);
294 mutex_unlock(&idev->hu_lock);
295
296 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */
297 pm_runtime_get(&idev->pdev->dev);
298 pm_runtime_mark_last_busy(&idev->pdev->dev);
299 pm_runtime_put_autosuspend(&idev->pdev->dev);
300
301 return IRQ_HANDLED;
302 }
303
intel_set_power(struct hci_uart * hu,bool powered)304 static int intel_set_power(struct hci_uart *hu, bool powered)
305 {
306 struct list_head *p;
307 int err = -ENODEV;
308
309 if (!hu->tty->dev)
310 return err;
311
312 mutex_lock(&intel_device_list_lock);
313
314 list_for_each(p, &intel_device_list) {
315 struct intel_device *idev = list_entry(p, struct intel_device,
316 list);
317
318 /* tty device and pdev device should share the same parent
319 * which is the UART port.
320 */
321 if (hu->tty->dev->parent != idev->pdev->dev.parent)
322 continue;
323
324 if (!idev->reset) {
325 err = -ENOTSUPP;
326 break;
327 }
328
329 BT_INFO("hu %p, Switching compatible pm device (%s) to %u",
330 hu, dev_name(&idev->pdev->dev), powered);
331
332 gpiod_set_value(idev->reset, powered);
333
334 /* Provide to idev a hu reference which is used to run LPM
335 * transactions (lpm suspend/resume) from PM callbacks.
336 * hu needs to be protected against concurrent removing during
337 * these PM ops.
338 */
339 mutex_lock(&idev->hu_lock);
340 idev->hu = powered ? hu : NULL;
341 mutex_unlock(&idev->hu_lock);
342
343 if (idev->irq < 0)
344 break;
345
346 if (powered && device_can_wakeup(&idev->pdev->dev)) {
347 err = devm_request_threaded_irq(&idev->pdev->dev,
348 idev->irq, NULL,
349 intel_irq,
350 IRQF_ONESHOT,
351 "bt-host-wake", idev);
352 if (err) {
353 BT_ERR("hu %p, unable to allocate irq-%d",
354 hu, idev->irq);
355 break;
356 }
357
358 device_wakeup_enable(&idev->pdev->dev);
359
360 pm_runtime_set_active(&idev->pdev->dev);
361 pm_runtime_use_autosuspend(&idev->pdev->dev);
362 pm_runtime_set_autosuspend_delay(&idev->pdev->dev,
363 LPM_SUSPEND_DELAY_MS);
364 pm_runtime_enable(&idev->pdev->dev);
365 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) {
366 devm_free_irq(&idev->pdev->dev, idev->irq, idev);
367 device_wakeup_disable(&idev->pdev->dev);
368
369 pm_runtime_disable(&idev->pdev->dev);
370 }
371 }
372
373 mutex_unlock(&intel_device_list_lock);
374
375 return err;
376 }
377
intel_busy_work(struct work_struct * work)378 static void intel_busy_work(struct work_struct *work)
379 {
380 struct list_head *p;
381 struct intel_data *intel = container_of(work, struct intel_data,
382 busy_work);
383
384 if (!intel->hu->tty->dev)
385 return;
386
387 /* Link is busy, delay the suspend */
388 mutex_lock(&intel_device_list_lock);
389 list_for_each(p, &intel_device_list) {
390 struct intel_device *idev = list_entry(p, struct intel_device,
391 list);
392
393 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
394 pm_runtime_get(&idev->pdev->dev);
395 pm_runtime_mark_last_busy(&idev->pdev->dev);
396 pm_runtime_put_autosuspend(&idev->pdev->dev);
397 break;
398 }
399 }
400 mutex_unlock(&intel_device_list_lock);
401 }
402
intel_open(struct hci_uart * hu)403 static int intel_open(struct hci_uart *hu)
404 {
405 struct intel_data *intel;
406
407 BT_DBG("hu %p", hu);
408
409 if (!hci_uart_has_flow_control(hu))
410 return -EOPNOTSUPP;
411
412 intel = kzalloc(sizeof(*intel), GFP_KERNEL);
413 if (!intel)
414 return -ENOMEM;
415
416 skb_queue_head_init(&intel->txq);
417 INIT_WORK(&intel->busy_work, intel_busy_work);
418
419 intel->hu = hu;
420
421 hu->priv = intel;
422
423 if (!intel_set_power(hu, true))
424 set_bit(STATE_BOOTING, &intel->flags);
425
426 return 0;
427 }
428
intel_close(struct hci_uart * hu)429 static int intel_close(struct hci_uart *hu)
430 {
431 struct intel_data *intel = hu->priv;
432
433 BT_DBG("hu %p", hu);
434
435 cancel_work_sync(&intel->busy_work);
436
437 intel_set_power(hu, false);
438
439 skb_queue_purge(&intel->txq);
440 kfree_skb(intel->rx_skb);
441 kfree(intel);
442
443 hu->priv = NULL;
444 return 0;
445 }
446
intel_flush(struct hci_uart * hu)447 static int intel_flush(struct hci_uart *hu)
448 {
449 struct intel_data *intel = hu->priv;
450
451 BT_DBG("hu %p", hu);
452
453 skb_queue_purge(&intel->txq);
454
455 return 0;
456 }
457
inject_cmd_complete(struct hci_dev * hdev,__u16 opcode)458 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
459 {
460 struct sk_buff *skb;
461 struct hci_event_hdr *hdr;
462 struct hci_ev_cmd_complete *evt;
463
464 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
465 if (!skb)
466 return -ENOMEM;
467
468 hdr = skb_put(skb, sizeof(*hdr));
469 hdr->evt = HCI_EV_CMD_COMPLETE;
470 hdr->plen = sizeof(*evt) + 1;
471
472 evt = skb_put(skb, sizeof(*evt));
473 evt->ncmd = 0x01;
474 evt->opcode = cpu_to_le16(opcode);
475
476 skb_put_u8(skb, 0x00);
477
478 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
479
480 return hci_recv_frame(hdev, skb);
481 }
482
intel_set_baudrate(struct hci_uart * hu,unsigned int speed)483 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed)
484 {
485 struct intel_data *intel = hu->priv;
486 struct hci_dev *hdev = hu->hdev;
487 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 };
488 struct sk_buff *skb;
489 int err;
490
491 /* This can be the first command sent to the chip, check
492 * that the controller is ready.
493 */
494 err = intel_wait_booting(hu);
495
496 clear_bit(STATE_BOOTING, &intel->flags);
497
498 /* In case of timeout, try to continue anyway */
499 if (err && err != -ETIMEDOUT)
500 return err;
501
502 bt_dev_info(hdev, "Change controller speed to %d", speed);
503
504 speed_cmd[3] = intel_convert_speed(speed);
505 if (speed_cmd[3] == 0xff) {
506 bt_dev_err(hdev, "Unsupported speed");
507 return -EINVAL;
508 }
509
510 /* Device will not accept speed change if Intel version has not been
511 * previously requested.
512 */
513 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
514 if (IS_ERR(skb)) {
515 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
516 PTR_ERR(skb));
517 return PTR_ERR(skb);
518 }
519 kfree_skb(skb);
520
521 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL);
522 if (!skb) {
523 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet");
524 return -ENOMEM;
525 }
526
527 skb_put_data(skb, speed_cmd, sizeof(speed_cmd));
528 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
529
530 hci_uart_set_flow_control(hu, true);
531
532 skb_queue_tail(&intel->txq, skb);
533 hci_uart_tx_wakeup(hu);
534
535 /* wait 100ms to change baudrate on controller side */
536 msleep(100);
537
538 hci_uart_set_baudrate(hu, speed);
539 hci_uart_set_flow_control(hu, false);
540
541 return 0;
542 }
543
intel_setup(struct hci_uart * hu)544 static int intel_setup(struct hci_uart *hu)
545 {
546 struct intel_data *intel = hu->priv;
547 struct hci_dev *hdev = hu->hdev;
548 struct sk_buff *skb;
549 struct intel_version ver;
550 struct intel_boot_params params;
551 struct list_head *p;
552 const struct firmware *fw;
553 char fwname[64];
554 u32 boot_param;
555 ktime_t calltime, delta, rettime;
556 unsigned long long duration;
557 unsigned int init_speed, oper_speed;
558 int speed_change = 0;
559 int err;
560
561 bt_dev_dbg(hdev, "start intel_setup");
562
563 hu->hdev->set_diag = btintel_set_diag;
564 hu->hdev->set_bdaddr = btintel_set_bdaddr;
565
566 /* Set the default boot parameter to 0x0 and it is updated to
567 * SKU specific boot parameter after reading Intel_Write_Boot_Params
568 * command while downloading the firmware.
569 */
570 boot_param = 0x00000000;
571
572 calltime = ktime_get();
573
574 if (hu->init_speed)
575 init_speed = hu->init_speed;
576 else
577 init_speed = hu->proto->init_speed;
578
579 if (hu->oper_speed)
580 oper_speed = hu->oper_speed;
581 else
582 oper_speed = hu->proto->oper_speed;
583
584 if (oper_speed && init_speed && oper_speed != init_speed)
585 speed_change = 1;
586
587 /* Check that the controller is ready */
588 err = intel_wait_booting(hu);
589
590 clear_bit(STATE_BOOTING, &intel->flags);
591
592 /* In case of timeout, try to continue anyway */
593 if (err && err != -ETIMEDOUT)
594 return err;
595
596 set_bit(STATE_BOOTLOADER, &intel->flags);
597
598 /* Read the Intel version information to determine if the device
599 * is in bootloader mode or if it already has operational firmware
600 * loaded.
601 */
602 err = btintel_read_version(hdev, &ver);
603 if (err)
604 return err;
605
606 /* The hardware platform number has a fixed value of 0x37 and
607 * for now only accept this single value.
608 */
609 if (ver.hw_platform != 0x37) {
610 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
611 ver.hw_platform);
612 return -EINVAL;
613 }
614
615 /* Check for supported iBT hardware variants of this firmware
616 * loading method.
617 *
618 * This check has been put in place to ensure correct forward
619 * compatibility options when newer hardware variants come along.
620 */
621 switch (ver.hw_variant) {
622 case 0x0b: /* LnP */
623 case 0x0c: /* WsP */
624 case 0x12: /* ThP */
625 break;
626 default:
627 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
628 ver.hw_variant);
629 return -EINVAL;
630 }
631
632 btintel_version_info(hdev, &ver);
633
634 /* The firmware variant determines if the device is in bootloader
635 * mode or is running operational firmware. The value 0x06 identifies
636 * the bootloader and the value 0x23 identifies the operational
637 * firmware.
638 *
639 * When the operational firmware is already present, then only
640 * the check for valid Bluetooth device address is needed. This
641 * determines if the device will be added as configured or
642 * unconfigured controller.
643 *
644 * It is not possible to use the Secure Boot Parameters in this
645 * case since that command is only available in bootloader mode.
646 */
647 if (ver.fw_variant == 0x23) {
648 clear_bit(STATE_BOOTLOADER, &intel->flags);
649 btintel_check_bdaddr(hdev);
650 return 0;
651 }
652
653 /* If the device is not in bootloader mode, then the only possible
654 * choice is to return an error and abort the device initialization.
655 */
656 if (ver.fw_variant != 0x06) {
657 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
658 ver.fw_variant);
659 return -ENODEV;
660 }
661
662 /* Read the secure boot parameters to identify the operating
663 * details of the bootloader.
664 */
665 err = btintel_read_boot_params(hdev, ¶ms);
666 if (err)
667 return err;
668
669 /* It is required that every single firmware fragment is acknowledged
670 * with a command complete event. If the boot parameters indicate
671 * that this bootloader does not send them, then abort the setup.
672 */
673 if (params.limited_cce != 0x00) {
674 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
675 params.limited_cce);
676 return -EINVAL;
677 }
678
679 /* If the OTP has no valid Bluetooth device address, then there will
680 * also be no valid address for the operational firmware.
681 */
682 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) {
683 bt_dev_info(hdev, "No device address configured");
684 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
685 }
686
687 /* With this Intel bootloader only the hardware variant and device
688 * revision information are used to select the right firmware for SfP
689 * and WsP.
690 *
691 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
692 *
693 * Currently the supported hardware variants are:
694 * 11 (0x0b) for iBT 3.0 (LnP/SfP)
695 * 12 (0x0c) for iBT 3.5 (WsP)
696 *
697 * For ThP/JfP and for future SKU's, the FW name varies based on HW
698 * variant, HW revision and FW revision, as these are dependent on CNVi
699 * and RF Combination.
700 *
701 * 18 (0x12) for iBT3.5 (ThP/JfP)
702 *
703 * The firmware file name for these will be
704 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
705 *
706 */
707 switch (ver.hw_variant) {
708 case 0x0b: /* SfP */
709 case 0x0c: /* WsP */
710 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
711 le16_to_cpu(ver.hw_variant),
712 le16_to_cpu(params.dev_revid));
713 break;
714 case 0x12: /* ThP */
715 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
716 le16_to_cpu(ver.hw_variant),
717 le16_to_cpu(ver.hw_revision),
718 le16_to_cpu(ver.fw_revision));
719 break;
720 default:
721 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
722 ver.hw_variant);
723 return -EINVAL;
724 }
725
726 err = request_firmware(&fw, fwname, &hdev->dev);
727 if (err < 0) {
728 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
729 err);
730 return err;
731 }
732
733 bt_dev_info(hdev, "Found device firmware: %s", fwname);
734
735 /* Save the DDC file name for later */
736 switch (ver.hw_variant) {
737 case 0x0b: /* SfP */
738 case 0x0c: /* WsP */
739 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
740 le16_to_cpu(ver.hw_variant),
741 le16_to_cpu(params.dev_revid));
742 break;
743 case 0x12: /* ThP */
744 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
745 le16_to_cpu(ver.hw_variant),
746 le16_to_cpu(ver.hw_revision),
747 le16_to_cpu(ver.fw_revision));
748 break;
749 default:
750 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
751 ver.hw_variant);
752 return -EINVAL;
753 }
754
755 if (fw->size < 644) {
756 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
757 fw->size);
758 err = -EBADF;
759 goto done;
760 }
761
762 set_bit(STATE_DOWNLOADING, &intel->flags);
763
764 /* Start firmware downloading and get boot parameter */
765 err = btintel_download_firmware(hdev, fw, &boot_param);
766 if (err < 0)
767 goto done;
768
769 set_bit(STATE_FIRMWARE_LOADED, &intel->flags);
770
771 bt_dev_info(hdev, "Waiting for firmware download to complete");
772
773 /* Before switching the device into operational mode and with that
774 * booting the loaded firmware, wait for the bootloader notification
775 * that all fragments have been successfully received.
776 *
777 * When the event processing receives the notification, then the
778 * STATE_DOWNLOADING flag will be cleared.
779 *
780 * The firmware loading should not take longer than 5 seconds
781 * and thus just timeout if that happens and fail the setup
782 * of this device.
783 */
784 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING,
785 TASK_INTERRUPTIBLE,
786 msecs_to_jiffies(5000));
787 if (err == -EINTR) {
788 bt_dev_err(hdev, "Firmware loading interrupted");
789 err = -EINTR;
790 goto done;
791 }
792
793 if (err) {
794 bt_dev_err(hdev, "Firmware loading timeout");
795 err = -ETIMEDOUT;
796 goto done;
797 }
798
799 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) {
800 bt_dev_err(hdev, "Firmware loading failed");
801 err = -ENOEXEC;
802 goto done;
803 }
804
805 rettime = ktime_get();
806 delta = ktime_sub(rettime, calltime);
807 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
808
809 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
810
811 done:
812 release_firmware(fw);
813
814 if (err < 0)
815 return err;
816
817 /* We need to restore the default speed before Intel reset */
818 if (speed_change) {
819 err = intel_set_baudrate(hu, init_speed);
820 if (err)
821 return err;
822 }
823
824 calltime = ktime_get();
825
826 set_bit(STATE_BOOTING, &intel->flags);
827
828 err = btintel_send_intel_reset(hdev, boot_param);
829 if (err)
830 return err;
831
832 /* The bootloader will not indicate when the device is ready. This
833 * is done by the operational firmware sending bootup notification.
834 *
835 * Booting into operational firmware should not take longer than
836 * 1 second. However if that happens, then just fail the setup
837 * since something went wrong.
838 */
839 bt_dev_info(hdev, "Waiting for device to boot");
840
841 err = intel_wait_booting(hu);
842 if (err)
843 return err;
844
845 clear_bit(STATE_BOOTING, &intel->flags);
846
847 rettime = ktime_get();
848 delta = ktime_sub(rettime, calltime);
849 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
850
851 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
852
853 /* Enable LPM if matching pdev with wakeup enabled, set TX active
854 * until further LPM TX notification.
855 */
856 mutex_lock(&intel_device_list_lock);
857 list_for_each(p, &intel_device_list) {
858 struct intel_device *dev = list_entry(p, struct intel_device,
859 list);
860 if (!hu->tty->dev)
861 break;
862 if (hu->tty->dev->parent == dev->pdev->dev.parent) {
863 if (device_may_wakeup(&dev->pdev->dev)) {
864 set_bit(STATE_LPM_ENABLED, &intel->flags);
865 set_bit(STATE_TX_ACTIVE, &intel->flags);
866 }
867 break;
868 }
869 }
870 mutex_unlock(&intel_device_list_lock);
871
872 /* Ignore errors, device can work without DDC parameters */
873 btintel_load_ddc_config(hdev, fwname);
874
875 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
876 if (IS_ERR(skb))
877 return PTR_ERR(skb);
878 kfree_skb(skb);
879
880 if (speed_change) {
881 err = intel_set_baudrate(hu, oper_speed);
882 if (err)
883 return err;
884 }
885
886 bt_dev_info(hdev, "Setup complete");
887
888 clear_bit(STATE_BOOTLOADER, &intel->flags);
889
890 return 0;
891 }
892
intel_recv_event(struct hci_dev * hdev,struct sk_buff * skb)893 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
894 {
895 struct hci_uart *hu = hci_get_drvdata(hdev);
896 struct intel_data *intel = hu->priv;
897 struct hci_event_hdr *hdr;
898
899 if (!test_bit(STATE_BOOTLOADER, &intel->flags) &&
900 !test_bit(STATE_BOOTING, &intel->flags))
901 goto recv;
902
903 hdr = (void *)skb->data;
904
905 /* When the firmware loading completes the device sends
906 * out a vendor specific event indicating the result of
907 * the firmware loading.
908 */
909 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
910 skb->data[2] == 0x06) {
911 if (skb->data[3] != 0x00)
912 set_bit(STATE_FIRMWARE_FAILED, &intel->flags);
913
914 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) &&
915 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) {
916 smp_mb__after_atomic();
917 wake_up_bit(&intel->flags, STATE_DOWNLOADING);
918 }
919
920 /* When switching to the operational firmware the device
921 * sends a vendor specific event indicating that the bootup
922 * completed.
923 */
924 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
925 skb->data[2] == 0x02) {
926 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) {
927 smp_mb__after_atomic();
928 wake_up_bit(&intel->flags, STATE_BOOTING);
929 }
930 }
931 recv:
932 return hci_recv_frame(hdev, skb);
933 }
934
intel_recv_lpm_notify(struct hci_dev * hdev,int value)935 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value)
936 {
937 struct hci_uart *hu = hci_get_drvdata(hdev);
938 struct intel_data *intel = hu->priv;
939
940 bt_dev_dbg(hdev, "TX idle notification (%d)", value);
941
942 if (value) {
943 set_bit(STATE_TX_ACTIVE, &intel->flags);
944 schedule_work(&intel->busy_work);
945 } else {
946 clear_bit(STATE_TX_ACTIVE, &intel->flags);
947 }
948 }
949
intel_recv_lpm(struct hci_dev * hdev,struct sk_buff * skb)950 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb)
951 {
952 struct hci_lpm_pkt *lpm = (void *)skb->data;
953 struct hci_uart *hu = hci_get_drvdata(hdev);
954 struct intel_data *intel = hu->priv;
955
956 switch (lpm->opcode) {
957 case LPM_OP_TX_NOTIFY:
958 if (lpm->dlen < 1) {
959 bt_dev_err(hu->hdev, "Invalid LPM notification packet");
960 break;
961 }
962 intel_recv_lpm_notify(hdev, lpm->data[0]);
963 break;
964 case LPM_OP_SUSPEND_ACK:
965 set_bit(STATE_SUSPENDED, &intel->flags);
966 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
967 smp_mb__after_atomic();
968 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
969 }
970 break;
971 case LPM_OP_RESUME_ACK:
972 clear_bit(STATE_SUSPENDED, &intel->flags);
973 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
974 smp_mb__after_atomic();
975 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
976 }
977 break;
978 default:
979 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode);
980 break;
981 }
982
983 kfree_skb(skb);
984
985 return 0;
986 }
987
988 #define INTEL_RECV_LPM \
989 .type = HCI_LPM_PKT, \
990 .hlen = HCI_LPM_HDR_SIZE, \
991 .loff = 1, \
992 .lsize = 1, \
993 .maxlen = HCI_LPM_MAX_SIZE
994
995 static const struct h4_recv_pkt intel_recv_pkts[] = {
996 { H4_RECV_ACL, .recv = hci_recv_frame },
997 { H4_RECV_SCO, .recv = hci_recv_frame },
998 { H4_RECV_EVENT, .recv = intel_recv_event },
999 { INTEL_RECV_LPM, .recv = intel_recv_lpm },
1000 };
1001
intel_recv(struct hci_uart * hu,const void * data,int count)1002 static int intel_recv(struct hci_uart *hu, const void *data, int count)
1003 {
1004 struct intel_data *intel = hu->priv;
1005
1006 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1007 return -EUNATCH;
1008
1009 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count,
1010 intel_recv_pkts,
1011 ARRAY_SIZE(intel_recv_pkts));
1012 if (IS_ERR(intel->rx_skb)) {
1013 int err = PTR_ERR(intel->rx_skb);
1014 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1015 intel->rx_skb = NULL;
1016 return err;
1017 }
1018
1019 return count;
1020 }
1021
intel_enqueue(struct hci_uart * hu,struct sk_buff * skb)1022 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
1023 {
1024 struct intel_data *intel = hu->priv;
1025 struct list_head *p;
1026
1027 BT_DBG("hu %p skb %p", hu, skb);
1028
1029 if (!hu->tty->dev)
1030 goto out_enqueue;
1031
1032 /* Be sure our controller is resumed and potential LPM transaction
1033 * completed before enqueuing any packet.
1034 */
1035 mutex_lock(&intel_device_list_lock);
1036 list_for_each(p, &intel_device_list) {
1037 struct intel_device *idev = list_entry(p, struct intel_device,
1038 list);
1039
1040 if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1041 pm_runtime_get_sync(&idev->pdev->dev);
1042 pm_runtime_mark_last_busy(&idev->pdev->dev);
1043 pm_runtime_put_autosuspend(&idev->pdev->dev);
1044 break;
1045 }
1046 }
1047 mutex_unlock(&intel_device_list_lock);
1048 out_enqueue:
1049 skb_queue_tail(&intel->txq, skb);
1050
1051 return 0;
1052 }
1053
intel_dequeue(struct hci_uart * hu)1054 static struct sk_buff *intel_dequeue(struct hci_uart *hu)
1055 {
1056 struct intel_data *intel = hu->priv;
1057 struct sk_buff *skb;
1058
1059 skb = skb_dequeue(&intel->txq);
1060 if (!skb)
1061 return skb;
1062
1063 if (test_bit(STATE_BOOTLOADER, &intel->flags) &&
1064 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) {
1065 struct hci_command_hdr *cmd = (void *)skb->data;
1066 __u16 opcode = le16_to_cpu(cmd->opcode);
1067
1068 /* When the 0xfc01 command is issued to boot into
1069 * the operational firmware, it will actually not
1070 * send a command complete event. To keep the flow
1071 * control working inject that event here.
1072 */
1073 if (opcode == 0xfc01)
1074 inject_cmd_complete(hu->hdev, opcode);
1075 }
1076
1077 /* Prepend skb with frame type */
1078 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1079
1080 return skb;
1081 }
1082
1083 static const struct hci_uart_proto intel_proto = {
1084 .id = HCI_UART_INTEL,
1085 .name = "Intel",
1086 .manufacturer = 2,
1087 .init_speed = 115200,
1088 .oper_speed = 3000000,
1089 .open = intel_open,
1090 .close = intel_close,
1091 .flush = intel_flush,
1092 .setup = intel_setup,
1093 .set_baudrate = intel_set_baudrate,
1094 .recv = intel_recv,
1095 .enqueue = intel_enqueue,
1096 .dequeue = intel_dequeue,
1097 };
1098
1099 #ifdef CONFIG_ACPI
1100 static const struct acpi_device_id intel_acpi_match[] = {
1101 { "INT33E1", 0 },
1102 { },
1103 };
1104 MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1105 #endif
1106
1107 #ifdef CONFIG_PM
intel_suspend_device(struct device * dev)1108 static int intel_suspend_device(struct device *dev)
1109 {
1110 struct intel_device *idev = dev_get_drvdata(dev);
1111
1112 mutex_lock(&idev->hu_lock);
1113 if (idev->hu)
1114 intel_lpm_suspend(idev->hu);
1115 mutex_unlock(&idev->hu_lock);
1116
1117 return 0;
1118 }
1119
intel_resume_device(struct device * dev)1120 static int intel_resume_device(struct device *dev)
1121 {
1122 struct intel_device *idev = dev_get_drvdata(dev);
1123
1124 mutex_lock(&idev->hu_lock);
1125 if (idev->hu)
1126 intel_lpm_resume(idev->hu);
1127 mutex_unlock(&idev->hu_lock);
1128
1129 return 0;
1130 }
1131 #endif
1132
1133 #ifdef CONFIG_PM_SLEEP
intel_suspend(struct device * dev)1134 static int intel_suspend(struct device *dev)
1135 {
1136 struct intel_device *idev = dev_get_drvdata(dev);
1137
1138 if (device_may_wakeup(dev))
1139 enable_irq_wake(idev->irq);
1140
1141 return intel_suspend_device(dev);
1142 }
1143
intel_resume(struct device * dev)1144 static int intel_resume(struct device *dev)
1145 {
1146 struct intel_device *idev = dev_get_drvdata(dev);
1147
1148 if (device_may_wakeup(dev))
1149 disable_irq_wake(idev->irq);
1150
1151 return intel_resume_device(dev);
1152 }
1153 #endif
1154
1155 static const struct dev_pm_ops intel_pm_ops = {
1156 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume)
1157 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL)
1158 };
1159
1160 static const struct acpi_gpio_params reset_gpios = { 0, 0, false };
1161 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false };
1162
1163 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = {
1164 { "reset-gpios", &reset_gpios, 1 },
1165 { "host-wake-gpios", &host_wake_gpios, 1 },
1166 { },
1167 };
1168
intel_probe(struct platform_device * pdev)1169 static int intel_probe(struct platform_device *pdev)
1170 {
1171 struct intel_device *idev;
1172 int ret;
1173
1174 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL);
1175 if (!idev)
1176 return -ENOMEM;
1177
1178 mutex_init(&idev->hu_lock);
1179
1180 idev->pdev = pdev;
1181
1182 ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios);
1183 if (ret)
1184 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n");
1185
1186 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
1187 if (IS_ERR(idev->reset)) {
1188 dev_err(&pdev->dev, "Unable to retrieve gpio\n");
1189 return PTR_ERR(idev->reset);
1190 }
1191
1192 idev->irq = platform_get_irq(pdev, 0);
1193 if (idev->irq < 0) {
1194 struct gpio_desc *host_wake;
1195
1196 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
1197
1198 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
1199 if (IS_ERR(host_wake)) {
1200 dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
1201 goto no_irq;
1202 }
1203
1204 idev->irq = gpiod_to_irq(host_wake);
1205 if (idev->irq < 0) {
1206 dev_err(&pdev->dev, "No corresponding irq for gpio\n");
1207 goto no_irq;
1208 }
1209 }
1210
1211 /* Only enable wake-up/irq when controller is powered */
1212 device_set_wakeup_capable(&pdev->dev, true);
1213 device_wakeup_disable(&pdev->dev);
1214
1215 no_irq:
1216 platform_set_drvdata(pdev, idev);
1217
1218 /* Place this instance on the device list */
1219 mutex_lock(&intel_device_list_lock);
1220 list_add_tail(&idev->list, &intel_device_list);
1221 mutex_unlock(&intel_device_list_lock);
1222
1223 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n",
1224 desc_to_gpio(idev->reset), idev->irq);
1225
1226 return 0;
1227 }
1228
intel_remove(struct platform_device * pdev)1229 static int intel_remove(struct platform_device *pdev)
1230 {
1231 struct intel_device *idev = platform_get_drvdata(pdev);
1232
1233 device_wakeup_disable(&pdev->dev);
1234
1235 mutex_lock(&intel_device_list_lock);
1236 list_del(&idev->list);
1237 mutex_unlock(&intel_device_list_lock);
1238
1239 dev_info(&pdev->dev, "unregistered.\n");
1240
1241 return 0;
1242 }
1243
1244 static struct platform_driver intel_driver = {
1245 .probe = intel_probe,
1246 .remove = intel_remove,
1247 .driver = {
1248 .name = "hci_intel",
1249 .acpi_match_table = ACPI_PTR(intel_acpi_match),
1250 .pm = &intel_pm_ops,
1251 },
1252 };
1253
intel_init(void)1254 int __init intel_init(void)
1255 {
1256 int err;
1257
1258 err = platform_driver_register(&intel_driver);
1259 if (err)
1260 return err;
1261
1262 return hci_uart_register_proto(&intel_proto);
1263 }
1264
intel_deinit(void)1265 int __exit intel_deinit(void)
1266 {
1267 platform_driver_unregister(&intel_driver);
1268
1269 return hci_uart_unregister_proto(&intel_proto);
1270 }
1271