1 /*
2 *
3 * Bluetooth HCI UART driver for Intel devices
4 *
5 * Copyright (C) 2015 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/kernel.h>
25 #include <linux/errno.h>
26 #include <linux/skbuff.h>
27 #include <linux/firmware.h>
28 #include <linux/module.h>
29 #include <linux/wait.h>
30 #include <linux/tty.h>
31 #include <linux/platform_device.h>
32 #include <linux/gpio/consumer.h>
33 #include <linux/acpi.h>
34 #include <linux/interrupt.h>
35 #include <linux/pm_runtime.h>
36
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39
40 #include "hci_uart.h"
41 #include "btintel.h"
42
43 #define STATE_BOOTLOADER 0
44 #define STATE_DOWNLOADING 1
45 #define STATE_FIRMWARE_LOADED 2
46 #define STATE_FIRMWARE_FAILED 3
47 #define STATE_BOOTING 4
48 #define STATE_LPM_ENABLED 5
49 #define STATE_TX_ACTIVE 6
50 #define STATE_SUSPENDED 7
51 #define STATE_LPM_TRANSACTION 8
52
53 #define HCI_LPM_WAKE_PKT 0xf0
54 #define HCI_LPM_PKT 0xf1
55 #define HCI_LPM_MAX_SIZE 10
56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE
57
58 #define LPM_OP_TX_NOTIFY 0x00
59 #define LPM_OP_SUSPEND_ACK 0x02
60 #define LPM_OP_RESUME_ACK 0x03
61
62 #define LPM_SUSPEND_DELAY_MS 1000
63
64 struct hci_lpm_pkt {
65 __u8 opcode;
66 __u8 dlen;
67 __u8 data[0];
68 } __packed;
69
70 struct intel_device {
71 struct list_head list;
72 struct platform_device *pdev;
73 struct gpio_desc *reset;
74 struct hci_uart *hu;
75 struct mutex hu_lock;
76 int irq;
77 };
78
79 static LIST_HEAD(intel_device_list);
80 static DEFINE_MUTEX(intel_device_list_lock);
81
82 struct intel_data {
83 struct sk_buff *rx_skb;
84 struct sk_buff_head txq;
85 struct work_struct busy_work;
86 struct hci_uart *hu;
87 unsigned long flags;
88 };
89
intel_convert_speed(unsigned int speed)90 static u8 intel_convert_speed(unsigned int speed)
91 {
92 switch (speed) {
93 case 9600:
94 return 0x00;
95 case 19200:
96 return 0x01;
97 case 38400:
98 return 0x02;
99 case 57600:
100 return 0x03;
101 case 115200:
102 return 0x04;
103 case 230400:
104 return 0x05;
105 case 460800:
106 return 0x06;
107 case 921600:
108 return 0x07;
109 case 1843200:
110 return 0x08;
111 case 3250000:
112 return 0x09;
113 case 2000000:
114 return 0x0a;
115 case 3000000:
116 return 0x0b;
117 default:
118 return 0xff;
119 }
120 }
121
intel_wait_booting(struct hci_uart * hu)122 static int intel_wait_booting(struct hci_uart *hu)
123 {
124 struct intel_data *intel = hu->priv;
125 int err;
126
127 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING,
128 TASK_INTERRUPTIBLE,
129 msecs_to_jiffies(1000));
130
131 if (err == -EINTR) {
132 bt_dev_err(hu->hdev, "Device boot interrupted");
133 return -EINTR;
134 }
135
136 if (err) {
137 bt_dev_err(hu->hdev, "Device boot timeout");
138 return -ETIMEDOUT;
139 }
140
141 return err;
142 }
143
144 #ifdef CONFIG_PM
intel_wait_lpm_transaction(struct hci_uart * hu)145 static int intel_wait_lpm_transaction(struct hci_uart *hu)
146 {
147 struct intel_data *intel = hu->priv;
148 int err;
149
150 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION,
151 TASK_INTERRUPTIBLE,
152 msecs_to_jiffies(1000));
153
154 if (err == -EINTR) {
155 bt_dev_err(hu->hdev, "LPM transaction interrupted");
156 return -EINTR;
157 }
158
159 if (err) {
160 bt_dev_err(hu->hdev, "LPM transaction timeout");
161 return -ETIMEDOUT;
162 }
163
164 return err;
165 }
166
intel_lpm_suspend(struct hci_uart * hu)167 static int intel_lpm_suspend(struct hci_uart *hu)
168 {
169 static const u8 suspend[] = { 0x01, 0x01, 0x01 };
170 struct intel_data *intel = hu->priv;
171 struct sk_buff *skb;
172
173 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
174 test_bit(STATE_SUSPENDED, &intel->flags))
175 return 0;
176
177 if (test_bit(STATE_TX_ACTIVE, &intel->flags))
178 return -EAGAIN;
179
180 bt_dev_dbg(hu->hdev, "Suspending");
181
182 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL);
183 if (!skb) {
184 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
185 return -ENOMEM;
186 }
187
188 skb_put_data(skb, suspend, sizeof(suspend));
189 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
190
191 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
192
193 /* LPM flow is a priority, enqueue packet at list head */
194 skb_queue_head(&intel->txq, skb);
195 hci_uart_tx_wakeup(hu);
196
197 intel_wait_lpm_transaction(hu);
198 /* Even in case of failure, continue and test the suspended flag */
199
200 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
201
202 if (!test_bit(STATE_SUSPENDED, &intel->flags)) {
203 bt_dev_err(hu->hdev, "Device suspend error");
204 return -EINVAL;
205 }
206
207 bt_dev_dbg(hu->hdev, "Suspended");
208
209 hci_uart_set_flow_control(hu, true);
210
211 return 0;
212 }
213
intel_lpm_resume(struct hci_uart * hu)214 static int intel_lpm_resume(struct hci_uart *hu)
215 {
216 struct intel_data *intel = hu->priv;
217 struct sk_buff *skb;
218
219 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
220 !test_bit(STATE_SUSPENDED, &intel->flags))
221 return 0;
222
223 bt_dev_dbg(hu->hdev, "Resuming");
224
225 hci_uart_set_flow_control(hu, false);
226
227 skb = bt_skb_alloc(0, GFP_KERNEL);
228 if (!skb) {
229 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
230 return -ENOMEM;
231 }
232
233 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT;
234
235 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
236
237 /* LPM flow is a priority, enqueue packet at list head */
238 skb_queue_head(&intel->txq, skb);
239 hci_uart_tx_wakeup(hu);
240
241 intel_wait_lpm_transaction(hu);
242 /* Even in case of failure, continue and test the suspended flag */
243
244 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
245
246 if (test_bit(STATE_SUSPENDED, &intel->flags)) {
247 bt_dev_err(hu->hdev, "Device resume error");
248 return -EINVAL;
249 }
250
251 bt_dev_dbg(hu->hdev, "Resumed");
252
253 return 0;
254 }
255 #endif /* CONFIG_PM */
256
intel_lpm_host_wake(struct hci_uart * hu)257 static int intel_lpm_host_wake(struct hci_uart *hu)
258 {
259 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 };
260 struct intel_data *intel = hu->priv;
261 struct sk_buff *skb;
262
263 hci_uart_set_flow_control(hu, false);
264
265 clear_bit(STATE_SUSPENDED, &intel->flags);
266
267 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL);
268 if (!skb) {
269 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
270 return -ENOMEM;
271 }
272
273 skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack));
274 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
275
276 /* LPM flow is a priority, enqueue packet at list head */
277 skb_queue_head(&intel->txq, skb);
278 hci_uart_tx_wakeup(hu);
279
280 bt_dev_dbg(hu->hdev, "Resumed by controller");
281
282 return 0;
283 }
284
intel_irq(int irq,void * dev_id)285 static irqreturn_t intel_irq(int irq, void *dev_id)
286 {
287 struct intel_device *idev = dev_id;
288
289 dev_info(&idev->pdev->dev, "hci_intel irq\n");
290
291 mutex_lock(&idev->hu_lock);
292 if (idev->hu)
293 intel_lpm_host_wake(idev->hu);
294 mutex_unlock(&idev->hu_lock);
295
296 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */
297 pm_runtime_get(&idev->pdev->dev);
298 pm_runtime_mark_last_busy(&idev->pdev->dev);
299 pm_runtime_put_autosuspend(&idev->pdev->dev);
300
301 return IRQ_HANDLED;
302 }
303
intel_set_power(struct hci_uart * hu,bool powered)304 static int intel_set_power(struct hci_uart *hu, bool powered)
305 {
306 struct list_head *p;
307 int err = -ENODEV;
308
309 if (!hu->tty->dev)
310 return err;
311
312 mutex_lock(&intel_device_list_lock);
313
314 list_for_each(p, &intel_device_list) {
315 struct intel_device *idev = list_entry(p, struct intel_device,
316 list);
317
318 /* tty device and pdev device should share the same parent
319 * which is the UART port.
320 */
321 if (hu->tty->dev->parent != idev->pdev->dev.parent)
322 continue;
323
324 if (!idev->reset) {
325 err = -ENOTSUPP;
326 break;
327 }
328
329 BT_INFO("hu %p, Switching compatible pm device (%s) to %u",
330 hu, dev_name(&idev->pdev->dev), powered);
331
332 gpiod_set_value(idev->reset, powered);
333
334 /* Provide to idev a hu reference which is used to run LPM
335 * transactions (lpm suspend/resume) from PM callbacks.
336 * hu needs to be protected against concurrent removing during
337 * these PM ops.
338 */
339 mutex_lock(&idev->hu_lock);
340 idev->hu = powered ? hu : NULL;
341 mutex_unlock(&idev->hu_lock);
342
343 if (idev->irq < 0)
344 break;
345
346 if (powered && device_can_wakeup(&idev->pdev->dev)) {
347 err = devm_request_threaded_irq(&idev->pdev->dev,
348 idev->irq, NULL,
349 intel_irq,
350 IRQF_ONESHOT,
351 "bt-host-wake", idev);
352 if (err) {
353 BT_ERR("hu %p, unable to allocate irq-%d",
354 hu, idev->irq);
355 break;
356 }
357
358 device_wakeup_enable(&idev->pdev->dev);
359
360 pm_runtime_set_active(&idev->pdev->dev);
361 pm_runtime_use_autosuspend(&idev->pdev->dev);
362 pm_runtime_set_autosuspend_delay(&idev->pdev->dev,
363 LPM_SUSPEND_DELAY_MS);
364 pm_runtime_enable(&idev->pdev->dev);
365 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) {
366 devm_free_irq(&idev->pdev->dev, idev->irq, idev);
367 device_wakeup_disable(&idev->pdev->dev);
368
369 pm_runtime_disable(&idev->pdev->dev);
370 }
371 }
372
373 mutex_unlock(&intel_device_list_lock);
374
375 return err;
376 }
377
intel_busy_work(struct work_struct * work)378 static void intel_busy_work(struct work_struct *work)
379 {
380 struct list_head *p;
381 struct intel_data *intel = container_of(work, struct intel_data,
382 busy_work);
383
384 if (!intel->hu->tty->dev)
385 return;
386
387 /* Link is busy, delay the suspend */
388 mutex_lock(&intel_device_list_lock);
389 list_for_each(p, &intel_device_list) {
390 struct intel_device *idev = list_entry(p, struct intel_device,
391 list);
392
393 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
394 pm_runtime_get(&idev->pdev->dev);
395 pm_runtime_mark_last_busy(&idev->pdev->dev);
396 pm_runtime_put_autosuspend(&idev->pdev->dev);
397 break;
398 }
399 }
400 mutex_unlock(&intel_device_list_lock);
401 }
402
intel_open(struct hci_uart * hu)403 static int intel_open(struct hci_uart *hu)
404 {
405 struct intel_data *intel;
406
407 BT_DBG("hu %p", hu);
408
409 if (!hci_uart_has_flow_control(hu))
410 return -EOPNOTSUPP;
411
412 intel = kzalloc(sizeof(*intel), GFP_KERNEL);
413 if (!intel)
414 return -ENOMEM;
415
416 skb_queue_head_init(&intel->txq);
417 INIT_WORK(&intel->busy_work, intel_busy_work);
418
419 intel->hu = hu;
420
421 hu->priv = intel;
422
423 if (!intel_set_power(hu, true))
424 set_bit(STATE_BOOTING, &intel->flags);
425
426 return 0;
427 }
428
intel_close(struct hci_uart * hu)429 static int intel_close(struct hci_uart *hu)
430 {
431 struct intel_data *intel = hu->priv;
432
433 BT_DBG("hu %p", hu);
434
435 cancel_work_sync(&intel->busy_work);
436
437 intel_set_power(hu, false);
438
439 skb_queue_purge(&intel->txq);
440 kfree_skb(intel->rx_skb);
441 kfree(intel);
442
443 hu->priv = NULL;
444 return 0;
445 }
446
intel_flush(struct hci_uart * hu)447 static int intel_flush(struct hci_uart *hu)
448 {
449 struct intel_data *intel = hu->priv;
450
451 BT_DBG("hu %p", hu);
452
453 skb_queue_purge(&intel->txq);
454
455 return 0;
456 }
457
inject_cmd_complete(struct hci_dev * hdev,__u16 opcode)458 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
459 {
460 struct sk_buff *skb;
461 struct hci_event_hdr *hdr;
462 struct hci_ev_cmd_complete *evt;
463
464 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
465 if (!skb)
466 return -ENOMEM;
467
468 hdr = skb_put(skb, sizeof(*hdr));
469 hdr->evt = HCI_EV_CMD_COMPLETE;
470 hdr->plen = sizeof(*evt) + 1;
471
472 evt = skb_put(skb, sizeof(*evt));
473 evt->ncmd = 0x01;
474 evt->opcode = cpu_to_le16(opcode);
475
476 skb_put_u8(skb, 0x00);
477
478 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
479
480 return hci_recv_frame(hdev, skb);
481 }
482
intel_set_baudrate(struct hci_uart * hu,unsigned int speed)483 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed)
484 {
485 struct intel_data *intel = hu->priv;
486 struct hci_dev *hdev = hu->hdev;
487 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 };
488 struct sk_buff *skb;
489 int err;
490
491 /* This can be the first command sent to the chip, check
492 * that the controller is ready.
493 */
494 err = intel_wait_booting(hu);
495
496 clear_bit(STATE_BOOTING, &intel->flags);
497
498 /* In case of timeout, try to continue anyway */
499 if (err && err != -ETIMEDOUT)
500 return err;
501
502 bt_dev_info(hdev, "Change controller speed to %d", speed);
503
504 speed_cmd[3] = intel_convert_speed(speed);
505 if (speed_cmd[3] == 0xff) {
506 bt_dev_err(hdev, "Unsupported speed");
507 return -EINVAL;
508 }
509
510 /* Device will not accept speed change if Intel version has not been
511 * previously requested.
512 */
513 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
514 if (IS_ERR(skb)) {
515 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
516 PTR_ERR(skb));
517 return PTR_ERR(skb);
518 }
519 kfree_skb(skb);
520
521 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL);
522 if (!skb) {
523 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet");
524 return -ENOMEM;
525 }
526
527 skb_put_data(skb, speed_cmd, sizeof(speed_cmd));
528 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
529
530 hci_uart_set_flow_control(hu, true);
531
532 skb_queue_tail(&intel->txq, skb);
533 hci_uart_tx_wakeup(hu);
534
535 /* wait 100ms to change baudrate on controller side */
536 msleep(100);
537
538 hci_uart_set_baudrate(hu, speed);
539 hci_uart_set_flow_control(hu, false);
540
541 return 0;
542 }
543
intel_setup(struct hci_uart * hu)544 static int intel_setup(struct hci_uart *hu)
545 {
546 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01,
547 0x00, 0x08, 0x04, 0x00 };
548 struct intel_data *intel = hu->priv;
549 struct hci_dev *hdev = hu->hdev;
550 struct sk_buff *skb;
551 struct intel_version ver;
552 struct intel_boot_params *params;
553 struct list_head *p;
554 const struct firmware *fw;
555 const u8 *fw_ptr;
556 char fwname[64];
557 u32 frag_len;
558 ktime_t calltime, delta, rettime;
559 unsigned long long duration;
560 unsigned int init_speed, oper_speed;
561 int speed_change = 0;
562 int err;
563
564 bt_dev_dbg(hdev, "start intel_setup");
565
566 hu->hdev->set_diag = btintel_set_diag;
567 hu->hdev->set_bdaddr = btintel_set_bdaddr;
568
569 calltime = ktime_get();
570
571 if (hu->init_speed)
572 init_speed = hu->init_speed;
573 else
574 init_speed = hu->proto->init_speed;
575
576 if (hu->oper_speed)
577 oper_speed = hu->oper_speed;
578 else
579 oper_speed = hu->proto->oper_speed;
580
581 if (oper_speed && init_speed && oper_speed != init_speed)
582 speed_change = 1;
583
584 /* Check that the controller is ready */
585 err = intel_wait_booting(hu);
586
587 clear_bit(STATE_BOOTING, &intel->flags);
588
589 /* In case of timeout, try to continue anyway */
590 if (err && err != -ETIMEDOUT)
591 return err;
592
593 set_bit(STATE_BOOTLOADER, &intel->flags);
594
595 /* Read the Intel version information to determine if the device
596 * is in bootloader mode or if it already has operational firmware
597 * loaded.
598 */
599 err = btintel_read_version(hdev, &ver);
600 if (err)
601 return err;
602
603 /* The hardware platform number has a fixed value of 0x37 and
604 * for now only accept this single value.
605 */
606 if (ver.hw_platform != 0x37) {
607 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
608 ver.hw_platform);
609 return -EINVAL;
610 }
611
612 /* Check for supported iBT hardware variants of this firmware
613 * loading method.
614 *
615 * This check has been put in place to ensure correct forward
616 * compatibility options when newer hardware variants come along.
617 */
618 switch (ver.hw_variant) {
619 case 0x0b: /* LnP */
620 case 0x0c: /* WsP */
621 case 0x12: /* ThP */
622 break;
623 default:
624 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
625 ver.hw_variant);
626 return -EINVAL;
627 }
628
629 btintel_version_info(hdev, &ver);
630
631 /* The firmware variant determines if the device is in bootloader
632 * mode or is running operational firmware. The value 0x06 identifies
633 * the bootloader and the value 0x23 identifies the operational
634 * firmware.
635 *
636 * When the operational firmware is already present, then only
637 * the check for valid Bluetooth device address is needed. This
638 * determines if the device will be added as configured or
639 * unconfigured controller.
640 *
641 * It is not possible to use the Secure Boot Parameters in this
642 * case since that command is only available in bootloader mode.
643 */
644 if (ver.fw_variant == 0x23) {
645 clear_bit(STATE_BOOTLOADER, &intel->flags);
646 btintel_check_bdaddr(hdev);
647 return 0;
648 }
649
650 /* If the device is not in bootloader mode, then the only possible
651 * choice is to return an error and abort the device initialization.
652 */
653 if (ver.fw_variant != 0x06) {
654 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
655 ver.fw_variant);
656 return -ENODEV;
657 }
658
659 /* Read the secure boot parameters to identify the operating
660 * details of the bootloader.
661 */
662 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_CMD_TIMEOUT);
663 if (IS_ERR(skb)) {
664 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
665 PTR_ERR(skb));
666 return PTR_ERR(skb);
667 }
668
669 if (skb->len != sizeof(*params)) {
670 bt_dev_err(hdev, "Intel boot parameters size mismatch");
671 kfree_skb(skb);
672 return -EILSEQ;
673 }
674
675 params = (struct intel_boot_params *)skb->data;
676 if (params->status) {
677 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)",
678 params->status);
679 err = -bt_to_errno(params->status);
680 kfree_skb(skb);
681 return err;
682 }
683
684 bt_dev_info(hdev, "Device revision is %u",
685 le16_to_cpu(params->dev_revid));
686
687 bt_dev_info(hdev, "Secure boot is %s",
688 params->secure_boot ? "enabled" : "disabled");
689
690 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
691 params->min_fw_build_nn, params->min_fw_build_cw,
692 2000 + params->min_fw_build_yy);
693
694 /* It is required that every single firmware fragment is acknowledged
695 * with a command complete event. If the boot parameters indicate
696 * that this bootloader does not send them, then abort the setup.
697 */
698 if (params->limited_cce != 0x00) {
699 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
700 params->limited_cce);
701 kfree_skb(skb);
702 return -EINVAL;
703 }
704
705 /* If the OTP has no valid Bluetooth device address, then there will
706 * also be no valid address for the operational firmware.
707 */
708 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
709 bt_dev_info(hdev, "No device address configured");
710 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
711 }
712
713 /* With this Intel bootloader only the hardware variant and device
714 * revision information are used to select the right firmware.
715 *
716 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
717 *
718 * Currently the supported hardware variants are:
719 * 11 (0x0b) for iBT 3.0 (LnP/SfP)
720 */
721 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
722 le16_to_cpu(ver.hw_variant),
723 le16_to_cpu(params->dev_revid));
724
725 err = request_firmware(&fw, fwname, &hdev->dev);
726 if (err < 0) {
727 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
728 err);
729 kfree_skb(skb);
730 return err;
731 }
732
733 bt_dev_info(hdev, "Found device firmware: %s", fwname);
734
735 /* Save the DDC file name for later */
736 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
737 le16_to_cpu(ver.hw_variant),
738 le16_to_cpu(params->dev_revid));
739
740 kfree_skb(skb);
741
742 if (fw->size < 644) {
743 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
744 fw->size);
745 err = -EBADF;
746 goto done;
747 }
748
749 set_bit(STATE_DOWNLOADING, &intel->flags);
750
751 /* Start the firmware download transaction with the Init fragment
752 * represented by the 128 bytes of CSS header.
753 */
754 err = btintel_secure_send(hdev, 0x00, 128, fw->data);
755 if (err < 0) {
756 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
757 goto done;
758 }
759
760 /* Send the 256 bytes of public key information from the firmware
761 * as the PKey fragment.
762 */
763 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
764 if (err < 0) {
765 bt_dev_err(hdev, "Failed to send firmware public key (%d)",
766 err);
767 goto done;
768 }
769
770 /* Send the 256 bytes of signature information from the firmware
771 * as the Sign fragment.
772 */
773 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
774 if (err < 0) {
775 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
776 err);
777 goto done;
778 }
779
780 fw_ptr = fw->data + 644;
781 frag_len = 0;
782
783 while (fw_ptr - fw->data < fw->size) {
784 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
785
786 frag_len += sizeof(*cmd) + cmd->plen;
787
788 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data),
789 fw->size);
790
791 /* The parameter length of the secure send command requires
792 * a 4 byte alignment. It happens so that the firmware file
793 * contains proper Intel_NOP commands to align the fragments
794 * as needed.
795 *
796 * Send set of commands with 4 byte alignment from the
797 * firmware data buffer as a single Data fragement.
798 */
799 if (frag_len % 4)
800 continue;
801
802 /* Send each command from the firmware data buffer as
803 * a single Data fragment.
804 */
805 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
806 if (err < 0) {
807 bt_dev_err(hdev, "Failed to send firmware data (%d)",
808 err);
809 goto done;
810 }
811
812 fw_ptr += frag_len;
813 frag_len = 0;
814 }
815
816 set_bit(STATE_FIRMWARE_LOADED, &intel->flags);
817
818 bt_dev_info(hdev, "Waiting for firmware download to complete");
819
820 /* Before switching the device into operational mode and with that
821 * booting the loaded firmware, wait for the bootloader notification
822 * that all fragments have been successfully received.
823 *
824 * When the event processing receives the notification, then the
825 * STATE_DOWNLOADING flag will be cleared.
826 *
827 * The firmware loading should not take longer than 5 seconds
828 * and thus just timeout if that happens and fail the setup
829 * of this device.
830 */
831 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING,
832 TASK_INTERRUPTIBLE,
833 msecs_to_jiffies(5000));
834 if (err == -EINTR) {
835 bt_dev_err(hdev, "Firmware loading interrupted");
836 err = -EINTR;
837 goto done;
838 }
839
840 if (err) {
841 bt_dev_err(hdev, "Firmware loading timeout");
842 err = -ETIMEDOUT;
843 goto done;
844 }
845
846 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) {
847 bt_dev_err(hdev, "Firmware loading failed");
848 err = -ENOEXEC;
849 goto done;
850 }
851
852 rettime = ktime_get();
853 delta = ktime_sub(rettime, calltime);
854 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
855
856 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
857
858 done:
859 release_firmware(fw);
860
861 if (err < 0)
862 return err;
863
864 /* We need to restore the default speed before Intel reset */
865 if (speed_change) {
866 err = intel_set_baudrate(hu, init_speed);
867 if (err)
868 return err;
869 }
870
871 calltime = ktime_get();
872
873 set_bit(STATE_BOOTING, &intel->flags);
874
875 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param,
876 HCI_CMD_TIMEOUT);
877 if (IS_ERR(skb))
878 return PTR_ERR(skb);
879
880 kfree_skb(skb);
881
882 /* The bootloader will not indicate when the device is ready. This
883 * is done by the operational firmware sending bootup notification.
884 *
885 * Booting into operational firmware should not take longer than
886 * 1 second. However if that happens, then just fail the setup
887 * since something went wrong.
888 */
889 bt_dev_info(hdev, "Waiting for device to boot");
890
891 err = intel_wait_booting(hu);
892 if (err)
893 return err;
894
895 clear_bit(STATE_BOOTING, &intel->flags);
896
897 rettime = ktime_get();
898 delta = ktime_sub(rettime, calltime);
899 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
900
901 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
902
903 /* Enable LPM if matching pdev with wakeup enabled, set TX active
904 * until further LPM TX notification.
905 */
906 mutex_lock(&intel_device_list_lock);
907 list_for_each(p, &intel_device_list) {
908 struct intel_device *dev = list_entry(p, struct intel_device,
909 list);
910 if (!hu->tty->dev)
911 break;
912 if (hu->tty->dev->parent == dev->pdev->dev.parent) {
913 if (device_may_wakeup(&dev->pdev->dev)) {
914 set_bit(STATE_LPM_ENABLED, &intel->flags);
915 set_bit(STATE_TX_ACTIVE, &intel->flags);
916 }
917 break;
918 }
919 }
920 mutex_unlock(&intel_device_list_lock);
921
922 /* Ignore errors, device can work without DDC parameters */
923 btintel_load_ddc_config(hdev, fwname);
924
925 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
926 if (IS_ERR(skb))
927 return PTR_ERR(skb);
928 kfree_skb(skb);
929
930 if (speed_change) {
931 err = intel_set_baudrate(hu, oper_speed);
932 if (err)
933 return err;
934 }
935
936 bt_dev_info(hdev, "Setup complete");
937
938 clear_bit(STATE_BOOTLOADER, &intel->flags);
939
940 return 0;
941 }
942
intel_recv_event(struct hci_dev * hdev,struct sk_buff * skb)943 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
944 {
945 struct hci_uart *hu = hci_get_drvdata(hdev);
946 struct intel_data *intel = hu->priv;
947 struct hci_event_hdr *hdr;
948
949 if (!test_bit(STATE_BOOTLOADER, &intel->flags) &&
950 !test_bit(STATE_BOOTING, &intel->flags))
951 goto recv;
952
953 hdr = (void *)skb->data;
954
955 /* When the firmware loading completes the device sends
956 * out a vendor specific event indicating the result of
957 * the firmware loading.
958 */
959 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
960 skb->data[2] == 0x06) {
961 if (skb->data[3] != 0x00)
962 set_bit(STATE_FIRMWARE_FAILED, &intel->flags);
963
964 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) &&
965 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) {
966 smp_mb__after_atomic();
967 wake_up_bit(&intel->flags, STATE_DOWNLOADING);
968 }
969
970 /* When switching to the operational firmware the device
971 * sends a vendor specific event indicating that the bootup
972 * completed.
973 */
974 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
975 skb->data[2] == 0x02) {
976 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) {
977 smp_mb__after_atomic();
978 wake_up_bit(&intel->flags, STATE_BOOTING);
979 }
980 }
981 recv:
982 return hci_recv_frame(hdev, skb);
983 }
984
intel_recv_lpm_notify(struct hci_dev * hdev,int value)985 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value)
986 {
987 struct hci_uart *hu = hci_get_drvdata(hdev);
988 struct intel_data *intel = hu->priv;
989
990 bt_dev_dbg(hdev, "TX idle notification (%d)", value);
991
992 if (value) {
993 set_bit(STATE_TX_ACTIVE, &intel->flags);
994 schedule_work(&intel->busy_work);
995 } else {
996 clear_bit(STATE_TX_ACTIVE, &intel->flags);
997 }
998 }
999
intel_recv_lpm(struct hci_dev * hdev,struct sk_buff * skb)1000 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb)
1001 {
1002 struct hci_lpm_pkt *lpm = (void *)skb->data;
1003 struct hci_uart *hu = hci_get_drvdata(hdev);
1004 struct intel_data *intel = hu->priv;
1005
1006 switch (lpm->opcode) {
1007 case LPM_OP_TX_NOTIFY:
1008 if (lpm->dlen < 1) {
1009 bt_dev_err(hu->hdev, "Invalid LPM notification packet");
1010 break;
1011 }
1012 intel_recv_lpm_notify(hdev, lpm->data[0]);
1013 break;
1014 case LPM_OP_SUSPEND_ACK:
1015 set_bit(STATE_SUSPENDED, &intel->flags);
1016 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1017 smp_mb__after_atomic();
1018 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1019 }
1020 break;
1021 case LPM_OP_RESUME_ACK:
1022 clear_bit(STATE_SUSPENDED, &intel->flags);
1023 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1024 smp_mb__after_atomic();
1025 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1026 }
1027 break;
1028 default:
1029 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode);
1030 break;
1031 }
1032
1033 kfree_skb(skb);
1034
1035 return 0;
1036 }
1037
1038 #define INTEL_RECV_LPM \
1039 .type = HCI_LPM_PKT, \
1040 .hlen = HCI_LPM_HDR_SIZE, \
1041 .loff = 1, \
1042 .lsize = 1, \
1043 .maxlen = HCI_LPM_MAX_SIZE
1044
1045 static const struct h4_recv_pkt intel_recv_pkts[] = {
1046 { H4_RECV_ACL, .recv = hci_recv_frame },
1047 { H4_RECV_SCO, .recv = hci_recv_frame },
1048 { H4_RECV_EVENT, .recv = intel_recv_event },
1049 { INTEL_RECV_LPM, .recv = intel_recv_lpm },
1050 };
1051
intel_recv(struct hci_uart * hu,const void * data,int count)1052 static int intel_recv(struct hci_uart *hu, const void *data, int count)
1053 {
1054 struct intel_data *intel = hu->priv;
1055
1056 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1057 return -EUNATCH;
1058
1059 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count,
1060 intel_recv_pkts,
1061 ARRAY_SIZE(intel_recv_pkts));
1062 if (IS_ERR(intel->rx_skb)) {
1063 int err = PTR_ERR(intel->rx_skb);
1064 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1065 intel->rx_skb = NULL;
1066 return err;
1067 }
1068
1069 return count;
1070 }
1071
intel_enqueue(struct hci_uart * hu,struct sk_buff * skb)1072 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
1073 {
1074 struct intel_data *intel = hu->priv;
1075 struct list_head *p;
1076
1077 BT_DBG("hu %p skb %p", hu, skb);
1078
1079 if (!hu->tty->dev)
1080 goto out_enqueue;
1081
1082 /* Be sure our controller is resumed and potential LPM transaction
1083 * completed before enqueuing any packet.
1084 */
1085 mutex_lock(&intel_device_list_lock);
1086 list_for_each(p, &intel_device_list) {
1087 struct intel_device *idev = list_entry(p, struct intel_device,
1088 list);
1089
1090 if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1091 pm_runtime_get_sync(&idev->pdev->dev);
1092 pm_runtime_mark_last_busy(&idev->pdev->dev);
1093 pm_runtime_put_autosuspend(&idev->pdev->dev);
1094 break;
1095 }
1096 }
1097 mutex_unlock(&intel_device_list_lock);
1098 out_enqueue:
1099 skb_queue_tail(&intel->txq, skb);
1100
1101 return 0;
1102 }
1103
intel_dequeue(struct hci_uart * hu)1104 static struct sk_buff *intel_dequeue(struct hci_uart *hu)
1105 {
1106 struct intel_data *intel = hu->priv;
1107 struct sk_buff *skb;
1108
1109 skb = skb_dequeue(&intel->txq);
1110 if (!skb)
1111 return skb;
1112
1113 if (test_bit(STATE_BOOTLOADER, &intel->flags) &&
1114 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) {
1115 struct hci_command_hdr *cmd = (void *)skb->data;
1116 __u16 opcode = le16_to_cpu(cmd->opcode);
1117
1118 /* When the 0xfc01 command is issued to boot into
1119 * the operational firmware, it will actually not
1120 * send a command complete event. To keep the flow
1121 * control working inject that event here.
1122 */
1123 if (opcode == 0xfc01)
1124 inject_cmd_complete(hu->hdev, opcode);
1125 }
1126
1127 /* Prepend skb with frame type */
1128 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1129
1130 return skb;
1131 }
1132
1133 static const struct hci_uart_proto intel_proto = {
1134 .id = HCI_UART_INTEL,
1135 .name = "Intel",
1136 .manufacturer = 2,
1137 .init_speed = 115200,
1138 .oper_speed = 3000000,
1139 .open = intel_open,
1140 .close = intel_close,
1141 .flush = intel_flush,
1142 .setup = intel_setup,
1143 .set_baudrate = intel_set_baudrate,
1144 .recv = intel_recv,
1145 .enqueue = intel_enqueue,
1146 .dequeue = intel_dequeue,
1147 };
1148
1149 #ifdef CONFIG_ACPI
1150 static const struct acpi_device_id intel_acpi_match[] = {
1151 { "INT33E1", 0 },
1152 { },
1153 };
1154 MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1155 #endif
1156
1157 #ifdef CONFIG_PM
intel_suspend_device(struct device * dev)1158 static int intel_suspend_device(struct device *dev)
1159 {
1160 struct intel_device *idev = dev_get_drvdata(dev);
1161
1162 mutex_lock(&idev->hu_lock);
1163 if (idev->hu)
1164 intel_lpm_suspend(idev->hu);
1165 mutex_unlock(&idev->hu_lock);
1166
1167 return 0;
1168 }
1169
intel_resume_device(struct device * dev)1170 static int intel_resume_device(struct device *dev)
1171 {
1172 struct intel_device *idev = dev_get_drvdata(dev);
1173
1174 mutex_lock(&idev->hu_lock);
1175 if (idev->hu)
1176 intel_lpm_resume(idev->hu);
1177 mutex_unlock(&idev->hu_lock);
1178
1179 return 0;
1180 }
1181 #endif
1182
1183 #ifdef CONFIG_PM_SLEEP
intel_suspend(struct device * dev)1184 static int intel_suspend(struct device *dev)
1185 {
1186 struct intel_device *idev = dev_get_drvdata(dev);
1187
1188 if (device_may_wakeup(dev))
1189 enable_irq_wake(idev->irq);
1190
1191 return intel_suspend_device(dev);
1192 }
1193
intel_resume(struct device * dev)1194 static int intel_resume(struct device *dev)
1195 {
1196 struct intel_device *idev = dev_get_drvdata(dev);
1197
1198 if (device_may_wakeup(dev))
1199 disable_irq_wake(idev->irq);
1200
1201 return intel_resume_device(dev);
1202 }
1203 #endif
1204
1205 static const struct dev_pm_ops intel_pm_ops = {
1206 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume)
1207 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL)
1208 };
1209
1210 static const struct acpi_gpio_params reset_gpios = { 0, 0, false };
1211 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false };
1212
1213 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = {
1214 { "reset-gpios", &reset_gpios, 1 },
1215 { "host-wake-gpios", &host_wake_gpios, 1 },
1216 { },
1217 };
1218
intel_probe(struct platform_device * pdev)1219 static int intel_probe(struct platform_device *pdev)
1220 {
1221 struct intel_device *idev;
1222 int ret;
1223
1224 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL);
1225 if (!idev)
1226 return -ENOMEM;
1227
1228 mutex_init(&idev->hu_lock);
1229
1230 idev->pdev = pdev;
1231
1232 ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios);
1233 if (ret)
1234 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n");
1235
1236 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
1237 if (IS_ERR(idev->reset)) {
1238 dev_err(&pdev->dev, "Unable to retrieve gpio\n");
1239 return PTR_ERR(idev->reset);
1240 }
1241
1242 idev->irq = platform_get_irq(pdev, 0);
1243 if (idev->irq < 0) {
1244 struct gpio_desc *host_wake;
1245
1246 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
1247
1248 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
1249 if (IS_ERR(host_wake)) {
1250 dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
1251 goto no_irq;
1252 }
1253
1254 idev->irq = gpiod_to_irq(host_wake);
1255 if (idev->irq < 0) {
1256 dev_err(&pdev->dev, "No corresponding irq for gpio\n");
1257 goto no_irq;
1258 }
1259 }
1260
1261 /* Only enable wake-up/irq when controller is powered */
1262 device_set_wakeup_capable(&pdev->dev, true);
1263 device_wakeup_disable(&pdev->dev);
1264
1265 no_irq:
1266 platform_set_drvdata(pdev, idev);
1267
1268 /* Place this instance on the device list */
1269 mutex_lock(&intel_device_list_lock);
1270 list_add_tail(&idev->list, &intel_device_list);
1271 mutex_unlock(&intel_device_list_lock);
1272
1273 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n",
1274 desc_to_gpio(idev->reset), idev->irq);
1275
1276 return 0;
1277 }
1278
intel_remove(struct platform_device * pdev)1279 static int intel_remove(struct platform_device *pdev)
1280 {
1281 struct intel_device *idev = platform_get_drvdata(pdev);
1282
1283 device_wakeup_disable(&pdev->dev);
1284
1285 mutex_lock(&intel_device_list_lock);
1286 list_del(&idev->list);
1287 mutex_unlock(&intel_device_list_lock);
1288
1289 dev_info(&pdev->dev, "unregistered.\n");
1290
1291 return 0;
1292 }
1293
1294 static struct platform_driver intel_driver = {
1295 .probe = intel_probe,
1296 .remove = intel_remove,
1297 .driver = {
1298 .name = "hci_intel",
1299 .acpi_match_table = ACPI_PTR(intel_acpi_match),
1300 .pm = &intel_pm_ops,
1301 },
1302 };
1303
intel_init(void)1304 int __init intel_init(void)
1305 {
1306 platform_driver_register(&intel_driver);
1307
1308 return hci_uart_register_proto(&intel_proto);
1309 }
1310
intel_deinit(void)1311 int __exit intel_deinit(void)
1312 {
1313 platform_driver_unregister(&intel_driver);
1314
1315 return hci_uart_unregister_proto(&intel_proto);
1316 }
1317