1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth HCI UART driver for Intel devices 5 * 6 * Copyright (C) 2015 Intel Corporation 7 */ 8 9 #include <linux/kernel.h> 10 #include <linux/errno.h> 11 #include <linux/skbuff.h> 12 #include <linux/firmware.h> 13 #include <linux/module.h> 14 #include <linux/wait.h> 15 #include <linux/tty.h> 16 #include <linux/platform_device.h> 17 #include <linux/gpio/consumer.h> 18 #include <linux/acpi.h> 19 #include <linux/interrupt.h> 20 #include <linux/pm_runtime.h> 21 22 #include <net/bluetooth/bluetooth.h> 23 #include <net/bluetooth/hci_core.h> 24 25 #include "hci_uart.h" 26 #include "btintel.h" 27 28 #define STATE_BOOTLOADER 0 29 #define STATE_DOWNLOADING 1 30 #define STATE_FIRMWARE_LOADED 2 31 #define STATE_FIRMWARE_FAILED 3 32 #define STATE_BOOTING 4 33 #define STATE_LPM_ENABLED 5 34 #define STATE_TX_ACTIVE 6 35 #define STATE_SUSPENDED 7 36 #define STATE_LPM_TRANSACTION 8 37 38 #define HCI_LPM_WAKE_PKT 0xf0 39 #define HCI_LPM_PKT 0xf1 40 #define HCI_LPM_MAX_SIZE 10 41 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE 42 43 #define LPM_OP_TX_NOTIFY 0x00 44 #define LPM_OP_SUSPEND_ACK 0x02 45 #define LPM_OP_RESUME_ACK 0x03 46 47 #define LPM_SUSPEND_DELAY_MS 1000 48 49 struct hci_lpm_pkt { 50 __u8 opcode; 51 __u8 dlen; 52 __u8 data[]; 53 } __packed; 54 55 struct intel_device { 56 struct list_head list; 57 struct platform_device *pdev; 58 struct gpio_desc *reset; 59 struct hci_uart *hu; 60 struct mutex hu_lock; 61 int irq; 62 }; 63 64 static LIST_HEAD(intel_device_list); 65 static DEFINE_MUTEX(intel_device_list_lock); 66 67 struct intel_data { 68 struct sk_buff *rx_skb; 69 struct sk_buff_head txq; 70 struct work_struct busy_work; 71 struct hci_uart *hu; 72 unsigned long flags; 73 }; 74 intel_convert_speed(unsigned int speed)75 static u8 intel_convert_speed(unsigned int speed) 76 { 77 switch (speed) { 78 case 9600: 79 return 0x00; 80 case 19200: 81 return 0x01; 82 case 38400: 83 return 0x02; 84 case 57600: 85 return 0x03; 86 case 115200: 87 return 0x04; 88 case 230400: 89 return 0x05; 90 case 460800: 91 return 0x06; 92 case 921600: 93 return 0x07; 94 case 1843200: 95 return 0x08; 96 case 3250000: 97 return 0x09; 98 case 2000000: 99 return 0x0a; 100 case 3000000: 101 return 0x0b; 102 default: 103 return 0xff; 104 } 105 } 106 intel_wait_booting(struct hci_uart * hu)107 static int intel_wait_booting(struct hci_uart *hu) 108 { 109 struct intel_data *intel = hu->priv; 110 int err; 111 112 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING, 113 TASK_INTERRUPTIBLE, 114 msecs_to_jiffies(1000)); 115 116 if (err == -EINTR) { 117 bt_dev_err(hu->hdev, "Device boot interrupted"); 118 return -EINTR; 119 } 120 121 if (err) { 122 bt_dev_err(hu->hdev, "Device boot timeout"); 123 return -ETIMEDOUT; 124 } 125 126 return err; 127 } 128 129 #ifdef CONFIG_PM intel_wait_lpm_transaction(struct hci_uart * hu)130 static int intel_wait_lpm_transaction(struct hci_uart *hu) 131 { 132 struct intel_data *intel = hu->priv; 133 int err; 134 135 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION, 136 TASK_INTERRUPTIBLE, 137 msecs_to_jiffies(1000)); 138 139 if (err == -EINTR) { 140 bt_dev_err(hu->hdev, "LPM transaction interrupted"); 141 return -EINTR; 142 } 143 144 if (err) { 145 bt_dev_err(hu->hdev, "LPM transaction timeout"); 146 return -ETIMEDOUT; 147 } 148 149 return err; 150 } 151 intel_lpm_suspend(struct hci_uart * hu)152 static int intel_lpm_suspend(struct hci_uart *hu) 153 { 154 static const u8 suspend[] = { 0x01, 0x01, 0x01 }; 155 struct intel_data *intel = hu->priv; 156 struct sk_buff *skb; 157 158 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 159 test_bit(STATE_SUSPENDED, &intel->flags)) 160 return 0; 161 162 if (test_bit(STATE_TX_ACTIVE, &intel->flags)) 163 return -EAGAIN; 164 165 bt_dev_dbg(hu->hdev, "Suspending"); 166 167 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL); 168 if (!skb) { 169 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 170 return -ENOMEM; 171 } 172 173 skb_put_data(skb, suspend, sizeof(suspend)); 174 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 175 176 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 177 178 /* LPM flow is a priority, enqueue packet at list head */ 179 skb_queue_head(&intel->txq, skb); 180 hci_uart_tx_wakeup(hu); 181 182 intel_wait_lpm_transaction(hu); 183 /* Even in case of failure, continue and test the suspended flag */ 184 185 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 186 187 if (!test_bit(STATE_SUSPENDED, &intel->flags)) { 188 bt_dev_err(hu->hdev, "Device suspend error"); 189 return -EINVAL; 190 } 191 192 bt_dev_dbg(hu->hdev, "Suspended"); 193 194 hci_uart_set_flow_control(hu, true); 195 196 return 0; 197 } 198 intel_lpm_resume(struct hci_uart * hu)199 static int intel_lpm_resume(struct hci_uart *hu) 200 { 201 struct intel_data *intel = hu->priv; 202 struct sk_buff *skb; 203 204 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) || 205 !test_bit(STATE_SUSPENDED, &intel->flags)) 206 return 0; 207 208 bt_dev_dbg(hu->hdev, "Resuming"); 209 210 hci_uart_set_flow_control(hu, false); 211 212 skb = bt_skb_alloc(0, GFP_KERNEL); 213 if (!skb) { 214 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 215 return -ENOMEM; 216 } 217 218 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT; 219 220 set_bit(STATE_LPM_TRANSACTION, &intel->flags); 221 222 /* LPM flow is a priority, enqueue packet at list head */ 223 skb_queue_head(&intel->txq, skb); 224 hci_uart_tx_wakeup(hu); 225 226 intel_wait_lpm_transaction(hu); 227 /* Even in case of failure, continue and test the suspended flag */ 228 229 clear_bit(STATE_LPM_TRANSACTION, &intel->flags); 230 231 if (test_bit(STATE_SUSPENDED, &intel->flags)) { 232 bt_dev_err(hu->hdev, "Device resume error"); 233 return -EINVAL; 234 } 235 236 bt_dev_dbg(hu->hdev, "Resumed"); 237 238 return 0; 239 } 240 #endif /* CONFIG_PM */ 241 intel_lpm_host_wake(struct hci_uart * hu)242 static int intel_lpm_host_wake(struct hci_uart *hu) 243 { 244 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 }; 245 struct intel_data *intel = hu->priv; 246 struct sk_buff *skb; 247 248 hci_uart_set_flow_control(hu, false); 249 250 clear_bit(STATE_SUSPENDED, &intel->flags); 251 252 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL); 253 if (!skb) { 254 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet"); 255 return -ENOMEM; 256 } 257 258 skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack)); 259 hci_skb_pkt_type(skb) = HCI_LPM_PKT; 260 261 /* LPM flow is a priority, enqueue packet at list head */ 262 skb_queue_head(&intel->txq, skb); 263 hci_uart_tx_wakeup(hu); 264 265 bt_dev_dbg(hu->hdev, "Resumed by controller"); 266 267 return 0; 268 } 269 intel_irq(int irq,void * dev_id)270 static irqreturn_t intel_irq(int irq, void *dev_id) 271 { 272 struct intel_device *idev = dev_id; 273 274 dev_info(&idev->pdev->dev, "hci_intel irq\n"); 275 276 mutex_lock(&idev->hu_lock); 277 if (idev->hu) 278 intel_lpm_host_wake(idev->hu); 279 mutex_unlock(&idev->hu_lock); 280 281 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */ 282 pm_runtime_get(&idev->pdev->dev); 283 pm_runtime_mark_last_busy(&idev->pdev->dev); 284 pm_runtime_put_autosuspend(&idev->pdev->dev); 285 286 return IRQ_HANDLED; 287 } 288 intel_set_power(struct hci_uart * hu,bool powered)289 static int intel_set_power(struct hci_uart *hu, bool powered) 290 { 291 struct intel_device *idev; 292 int err = -ENODEV; 293 294 if (!hu->tty->dev) 295 return err; 296 297 mutex_lock(&intel_device_list_lock); 298 299 list_for_each_entry(idev, &intel_device_list, list) { 300 /* tty device and pdev device should share the same parent 301 * which is the UART port. 302 */ 303 if (hu->tty->dev->parent != idev->pdev->dev.parent) 304 continue; 305 306 if (!idev->reset) { 307 err = -ENOTSUPP; 308 break; 309 } 310 311 BT_INFO("hu %p, Switching compatible pm device (%s) to %u", 312 hu, dev_name(&idev->pdev->dev), powered); 313 314 gpiod_set_value(idev->reset, powered); 315 316 /* Provide to idev a hu reference which is used to run LPM 317 * transactions (lpm suspend/resume) from PM callbacks. 318 * hu needs to be protected against concurrent removing during 319 * these PM ops. 320 */ 321 mutex_lock(&idev->hu_lock); 322 idev->hu = powered ? hu : NULL; 323 mutex_unlock(&idev->hu_lock); 324 325 if (idev->irq < 0) 326 break; 327 328 if (powered && device_can_wakeup(&idev->pdev->dev)) { 329 err = devm_request_threaded_irq(&idev->pdev->dev, 330 idev->irq, NULL, 331 intel_irq, 332 IRQF_ONESHOT, 333 "bt-host-wake", idev); 334 if (err) { 335 BT_ERR("hu %p, unable to allocate irq-%d", 336 hu, idev->irq); 337 break; 338 } 339 340 device_wakeup_enable(&idev->pdev->dev); 341 342 pm_runtime_set_active(&idev->pdev->dev); 343 pm_runtime_use_autosuspend(&idev->pdev->dev); 344 pm_runtime_set_autosuspend_delay(&idev->pdev->dev, 345 LPM_SUSPEND_DELAY_MS); 346 pm_runtime_enable(&idev->pdev->dev); 347 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) { 348 devm_free_irq(&idev->pdev->dev, idev->irq, idev); 349 device_wakeup_disable(&idev->pdev->dev); 350 351 pm_runtime_disable(&idev->pdev->dev); 352 } 353 } 354 355 mutex_unlock(&intel_device_list_lock); 356 357 return err; 358 } 359 intel_busy_work(struct work_struct * work)360 static void intel_busy_work(struct work_struct *work) 361 { 362 struct intel_data *intel = container_of(work, struct intel_data, 363 busy_work); 364 struct intel_device *idev; 365 366 if (!intel->hu->tty->dev) 367 return; 368 369 /* Link is busy, delay the suspend */ 370 mutex_lock(&intel_device_list_lock); 371 list_for_each_entry(idev, &intel_device_list, list) { 372 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) { 373 pm_runtime_get(&idev->pdev->dev); 374 pm_runtime_mark_last_busy(&idev->pdev->dev); 375 pm_runtime_put_autosuspend(&idev->pdev->dev); 376 break; 377 } 378 } 379 mutex_unlock(&intel_device_list_lock); 380 } 381 intel_open(struct hci_uart * hu)382 static int intel_open(struct hci_uart *hu) 383 { 384 struct intel_data *intel; 385 386 BT_DBG("hu %p", hu); 387 388 if (!hci_uart_has_flow_control(hu)) 389 return -EOPNOTSUPP; 390 391 intel = kzalloc(sizeof(*intel), GFP_KERNEL); 392 if (!intel) 393 return -ENOMEM; 394 395 skb_queue_head_init(&intel->txq); 396 INIT_WORK(&intel->busy_work, intel_busy_work); 397 398 intel->hu = hu; 399 400 hu->priv = intel; 401 402 if (!intel_set_power(hu, true)) 403 set_bit(STATE_BOOTING, &intel->flags); 404 405 return 0; 406 } 407 intel_close(struct hci_uart * hu)408 static int intel_close(struct hci_uart *hu) 409 { 410 struct intel_data *intel = hu->priv; 411 412 BT_DBG("hu %p", hu); 413 414 cancel_work_sync(&intel->busy_work); 415 416 intel_set_power(hu, false); 417 418 skb_queue_purge(&intel->txq); 419 kfree_skb(intel->rx_skb); 420 kfree(intel); 421 422 hu->priv = NULL; 423 return 0; 424 } 425 intel_flush(struct hci_uart * hu)426 static int intel_flush(struct hci_uart *hu) 427 { 428 struct intel_data *intel = hu->priv; 429 430 BT_DBG("hu %p", hu); 431 432 skb_queue_purge(&intel->txq); 433 434 return 0; 435 } 436 inject_cmd_complete(struct hci_dev * hdev,__u16 opcode)437 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 438 { 439 struct sk_buff *skb; 440 struct hci_event_hdr *hdr; 441 struct hci_ev_cmd_complete *evt; 442 443 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 444 if (!skb) 445 return -ENOMEM; 446 447 hdr = skb_put(skb, sizeof(*hdr)); 448 hdr->evt = HCI_EV_CMD_COMPLETE; 449 hdr->plen = sizeof(*evt) + 1; 450 451 evt = skb_put(skb, sizeof(*evt)); 452 evt->ncmd = 0x01; 453 evt->opcode = cpu_to_le16(opcode); 454 455 skb_put_u8(skb, 0x00); 456 457 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 458 459 return hci_recv_frame(hdev, skb); 460 } 461 intel_set_baudrate(struct hci_uart * hu,unsigned int speed)462 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed) 463 { 464 struct intel_data *intel = hu->priv; 465 struct hci_dev *hdev = hu->hdev; 466 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 }; 467 struct sk_buff *skb; 468 int err; 469 470 /* This can be the first command sent to the chip, check 471 * that the controller is ready. 472 */ 473 err = intel_wait_booting(hu); 474 475 clear_bit(STATE_BOOTING, &intel->flags); 476 477 /* In case of timeout, try to continue anyway */ 478 if (err && err != -ETIMEDOUT) 479 return err; 480 481 bt_dev_info(hdev, "Change controller speed to %d", speed); 482 483 speed_cmd[3] = intel_convert_speed(speed); 484 if (speed_cmd[3] == 0xff) { 485 bt_dev_err(hdev, "Unsupported speed"); 486 return -EINVAL; 487 } 488 489 /* Device will not accept speed change if Intel version has not been 490 * previously requested. 491 */ 492 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 493 if (IS_ERR(skb)) { 494 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 495 PTR_ERR(skb)); 496 return PTR_ERR(skb); 497 } 498 kfree_skb(skb); 499 500 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL); 501 if (!skb) { 502 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet"); 503 return -ENOMEM; 504 } 505 506 skb_put_data(skb, speed_cmd, sizeof(speed_cmd)); 507 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 508 509 hci_uart_set_flow_control(hu, true); 510 511 skb_queue_tail(&intel->txq, skb); 512 hci_uart_tx_wakeup(hu); 513 514 /* wait 100ms to change baudrate on controller side */ 515 msleep(100); 516 517 hci_uart_set_baudrate(hu, speed); 518 hci_uart_set_flow_control(hu, false); 519 520 return 0; 521 } 522 intel_setup(struct hci_uart * hu)523 static int intel_setup(struct hci_uart *hu) 524 { 525 struct intel_data *intel = hu->priv; 526 struct hci_dev *hdev = hu->hdev; 527 struct sk_buff *skb; 528 struct intel_version ver; 529 struct intel_boot_params params; 530 struct intel_device *idev; 531 const struct firmware *fw; 532 char fwname[64]; 533 u32 boot_param; 534 ktime_t calltime, delta, rettime; 535 unsigned long long duration; 536 unsigned int init_speed, oper_speed; 537 int speed_change = 0; 538 int err; 539 540 bt_dev_dbg(hdev, ""); 541 542 hu->hdev->set_diag = btintel_set_diag; 543 hu->hdev->set_bdaddr = btintel_set_bdaddr; 544 545 /* Set the default boot parameter to 0x0 and it is updated to 546 * SKU specific boot parameter after reading Intel_Write_Boot_Params 547 * command while downloading the firmware. 548 */ 549 boot_param = 0x00000000; 550 551 calltime = ktime_get(); 552 553 if (hu->init_speed) 554 init_speed = hu->init_speed; 555 else 556 init_speed = hu->proto->init_speed; 557 558 if (hu->oper_speed) 559 oper_speed = hu->oper_speed; 560 else 561 oper_speed = hu->proto->oper_speed; 562 563 if (oper_speed && init_speed && oper_speed != init_speed) 564 speed_change = 1; 565 566 /* Check that the controller is ready */ 567 err = intel_wait_booting(hu); 568 569 clear_bit(STATE_BOOTING, &intel->flags); 570 571 /* In case of timeout, try to continue anyway */ 572 if (err && err != -ETIMEDOUT) 573 return err; 574 575 set_bit(STATE_BOOTLOADER, &intel->flags); 576 577 /* Read the Intel version information to determine if the device 578 * is in bootloader mode or if it already has operational firmware 579 * loaded. 580 */ 581 err = btintel_read_version(hdev, &ver); 582 if (err) 583 return err; 584 585 /* The hardware platform number has a fixed value of 0x37 and 586 * for now only accept this single value. 587 */ 588 if (ver.hw_platform != 0x37) { 589 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 590 ver.hw_platform); 591 return -EINVAL; 592 } 593 594 /* Check for supported iBT hardware variants of this firmware 595 * loading method. 596 * 597 * This check has been put in place to ensure correct forward 598 * compatibility options when newer hardware variants come along. 599 */ 600 switch (ver.hw_variant) { 601 case 0x0b: /* LnP */ 602 case 0x0c: /* WsP */ 603 case 0x12: /* ThP */ 604 break; 605 default: 606 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 607 ver.hw_variant); 608 return -EINVAL; 609 } 610 611 btintel_version_info(hdev, &ver); 612 613 /* The firmware variant determines if the device is in bootloader 614 * mode or is running operational firmware. The value 0x06 identifies 615 * the bootloader and the value 0x23 identifies the operational 616 * firmware. 617 * 618 * When the operational firmware is already present, then only 619 * the check for valid Bluetooth device address is needed. This 620 * determines if the device will be added as configured or 621 * unconfigured controller. 622 * 623 * It is not possible to use the Secure Boot Parameters in this 624 * case since that command is only available in bootloader mode. 625 */ 626 if (ver.fw_variant == 0x23) { 627 clear_bit(STATE_BOOTLOADER, &intel->flags); 628 btintel_check_bdaddr(hdev); 629 return 0; 630 } 631 632 /* If the device is not in bootloader mode, then the only possible 633 * choice is to return an error and abort the device initialization. 634 */ 635 if (ver.fw_variant != 0x06) { 636 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 637 ver.fw_variant); 638 return -ENODEV; 639 } 640 641 /* Read the secure boot parameters to identify the operating 642 * details of the bootloader. 643 */ 644 err = btintel_read_boot_params(hdev, ¶ms); 645 if (err) 646 return err; 647 648 /* It is required that every single firmware fragment is acknowledged 649 * with a command complete event. If the boot parameters indicate 650 * that this bootloader does not send them, then abort the setup. 651 */ 652 if (params.limited_cce != 0x00) { 653 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 654 params.limited_cce); 655 return -EINVAL; 656 } 657 658 /* If the OTP has no valid Bluetooth device address, then there will 659 * also be no valid address for the operational firmware. 660 */ 661 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) { 662 bt_dev_info(hdev, "No device address configured"); 663 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 664 } 665 666 /* With this Intel bootloader only the hardware variant and device 667 * revision information are used to select the right firmware for SfP 668 * and WsP. 669 * 670 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 671 * 672 * Currently the supported hardware variants are: 673 * 11 (0x0b) for iBT 3.0 (LnP/SfP) 674 * 12 (0x0c) for iBT 3.5 (WsP) 675 * 676 * For ThP/JfP and for future SKU's, the FW name varies based on HW 677 * variant, HW revision and FW revision, as these are dependent on CNVi 678 * and RF Combination. 679 * 680 * 18 (0x12) for iBT3.5 (ThP/JfP) 681 * 682 * The firmware file name for these will be 683 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 684 * 685 */ 686 switch (ver.hw_variant) { 687 case 0x0b: /* SfP */ 688 case 0x0c: /* WsP */ 689 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", 690 ver.hw_variant, le16_to_cpu(params.dev_revid)); 691 break; 692 case 0x12: /* ThP */ 693 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi", 694 ver.hw_variant, ver.hw_revision, ver.fw_revision); 695 break; 696 default: 697 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 698 ver.hw_variant); 699 return -EINVAL; 700 } 701 702 err = request_firmware(&fw, fwname, &hdev->dev); 703 if (err < 0) { 704 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", 705 err); 706 return err; 707 } 708 709 bt_dev_info(hdev, "Found device firmware: %s", fwname); 710 711 /* Save the DDC file name for later */ 712 switch (ver.hw_variant) { 713 case 0x0b: /* SfP */ 714 case 0x0c: /* WsP */ 715 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", 716 ver.hw_variant, le16_to_cpu(params.dev_revid)); 717 break; 718 case 0x12: /* ThP */ 719 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc", 720 ver.hw_variant, ver.hw_revision, ver.fw_revision); 721 break; 722 default: 723 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 724 ver.hw_variant); 725 return -EINVAL; 726 } 727 728 if (fw->size < 644) { 729 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 730 fw->size); 731 err = -EBADF; 732 goto done; 733 } 734 735 set_bit(STATE_DOWNLOADING, &intel->flags); 736 737 /* Start firmware downloading and get boot parameter */ 738 err = btintel_download_firmware(hdev, &ver, fw, &boot_param); 739 if (err < 0) 740 goto done; 741 742 set_bit(STATE_FIRMWARE_LOADED, &intel->flags); 743 744 bt_dev_info(hdev, "Waiting for firmware download to complete"); 745 746 /* Before switching the device into operational mode and with that 747 * booting the loaded firmware, wait for the bootloader notification 748 * that all fragments have been successfully received. 749 * 750 * When the event processing receives the notification, then the 751 * STATE_DOWNLOADING flag will be cleared. 752 * 753 * The firmware loading should not take longer than 5 seconds 754 * and thus just timeout if that happens and fail the setup 755 * of this device. 756 */ 757 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING, 758 TASK_INTERRUPTIBLE, 759 msecs_to_jiffies(5000)); 760 if (err == -EINTR) { 761 bt_dev_err(hdev, "Firmware loading interrupted"); 762 err = -EINTR; 763 goto done; 764 } 765 766 if (err) { 767 bt_dev_err(hdev, "Firmware loading timeout"); 768 err = -ETIMEDOUT; 769 goto done; 770 } 771 772 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) { 773 bt_dev_err(hdev, "Firmware loading failed"); 774 err = -ENOEXEC; 775 goto done; 776 } 777 778 rettime = ktime_get(); 779 delta = ktime_sub(rettime, calltime); 780 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 781 782 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 783 784 done: 785 release_firmware(fw); 786 787 /* Check if there was an error and if is not -EALREADY which means the 788 * firmware has already been loaded. 789 */ 790 if (err < 0 && err != -EALREADY) 791 return err; 792 793 /* We need to restore the default speed before Intel reset */ 794 if (speed_change) { 795 err = intel_set_baudrate(hu, init_speed); 796 if (err) 797 return err; 798 } 799 800 calltime = ktime_get(); 801 802 set_bit(STATE_BOOTING, &intel->flags); 803 804 err = btintel_send_intel_reset(hdev, boot_param); 805 if (err) 806 return err; 807 808 /* The bootloader will not indicate when the device is ready. This 809 * is done by the operational firmware sending bootup notification. 810 * 811 * Booting into operational firmware should not take longer than 812 * 1 second. However if that happens, then just fail the setup 813 * since something went wrong. 814 */ 815 bt_dev_info(hdev, "Waiting for device to boot"); 816 817 err = intel_wait_booting(hu); 818 if (err) 819 return err; 820 821 clear_bit(STATE_BOOTING, &intel->flags); 822 823 rettime = ktime_get(); 824 delta = ktime_sub(rettime, calltime); 825 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 826 827 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 828 829 /* Enable LPM if matching pdev with wakeup enabled, set TX active 830 * until further LPM TX notification. 831 */ 832 mutex_lock(&intel_device_list_lock); 833 list_for_each_entry(idev, &intel_device_list, list) { 834 if (!hu->tty->dev) 835 break; 836 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 837 if (device_may_wakeup(&idev->pdev->dev)) { 838 set_bit(STATE_LPM_ENABLED, &intel->flags); 839 set_bit(STATE_TX_ACTIVE, &intel->flags); 840 } 841 break; 842 } 843 } 844 mutex_unlock(&intel_device_list_lock); 845 846 /* Ignore errors, device can work without DDC parameters */ 847 btintel_load_ddc_config(hdev, fwname); 848 849 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT); 850 if (IS_ERR(skb)) 851 return PTR_ERR(skb); 852 kfree_skb(skb); 853 854 if (speed_change) { 855 err = intel_set_baudrate(hu, oper_speed); 856 if (err) 857 return err; 858 } 859 860 bt_dev_info(hdev, "Setup complete"); 861 862 clear_bit(STATE_BOOTLOADER, &intel->flags); 863 864 return 0; 865 } 866 intel_recv_event(struct hci_dev * hdev,struct sk_buff * skb)867 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb) 868 { 869 struct hci_uart *hu = hci_get_drvdata(hdev); 870 struct intel_data *intel = hu->priv; 871 struct hci_event_hdr *hdr; 872 873 if (!test_bit(STATE_BOOTLOADER, &intel->flags) && 874 !test_bit(STATE_BOOTING, &intel->flags)) 875 goto recv; 876 877 hdr = (void *)skb->data; 878 879 /* When the firmware loading completes the device sends 880 * out a vendor specific event indicating the result of 881 * the firmware loading. 882 */ 883 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && 884 skb->data[2] == 0x06) { 885 if (skb->data[3] != 0x00) 886 set_bit(STATE_FIRMWARE_FAILED, &intel->flags); 887 888 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) && 889 test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) 890 wake_up_bit(&intel->flags, STATE_DOWNLOADING); 891 892 /* When switching to the operational firmware the device 893 * sends a vendor specific event indicating that the bootup 894 * completed. 895 */ 896 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && 897 skb->data[2] == 0x02) { 898 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) 899 wake_up_bit(&intel->flags, STATE_BOOTING); 900 } 901 recv: 902 return hci_recv_frame(hdev, skb); 903 } 904 intel_recv_lpm_notify(struct hci_dev * hdev,int value)905 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value) 906 { 907 struct hci_uart *hu = hci_get_drvdata(hdev); 908 struct intel_data *intel = hu->priv; 909 910 bt_dev_dbg(hdev, "TX idle notification (%d)", value); 911 912 if (value) { 913 set_bit(STATE_TX_ACTIVE, &intel->flags); 914 schedule_work(&intel->busy_work); 915 } else { 916 clear_bit(STATE_TX_ACTIVE, &intel->flags); 917 } 918 } 919 intel_recv_lpm(struct hci_dev * hdev,struct sk_buff * skb)920 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb) 921 { 922 struct hci_lpm_pkt *lpm = (void *)skb->data; 923 struct hci_uart *hu = hci_get_drvdata(hdev); 924 struct intel_data *intel = hu->priv; 925 926 switch (lpm->opcode) { 927 case LPM_OP_TX_NOTIFY: 928 if (lpm->dlen < 1) { 929 bt_dev_err(hu->hdev, "Invalid LPM notification packet"); 930 break; 931 } 932 intel_recv_lpm_notify(hdev, lpm->data[0]); 933 break; 934 case LPM_OP_SUSPEND_ACK: 935 set_bit(STATE_SUSPENDED, &intel->flags); 936 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) 937 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 938 break; 939 case LPM_OP_RESUME_ACK: 940 clear_bit(STATE_SUSPENDED, &intel->flags); 941 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) 942 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION); 943 break; 944 default: 945 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode); 946 break; 947 } 948 949 kfree_skb(skb); 950 951 return 0; 952 } 953 954 #define INTEL_RECV_LPM \ 955 .type = HCI_LPM_PKT, \ 956 .hlen = HCI_LPM_HDR_SIZE, \ 957 .loff = 1, \ 958 .lsize = 1, \ 959 .maxlen = HCI_LPM_MAX_SIZE 960 961 static const struct h4_recv_pkt intel_recv_pkts[] = { 962 { H4_RECV_ACL, .recv = hci_recv_frame }, 963 { H4_RECV_SCO, .recv = hci_recv_frame }, 964 { H4_RECV_EVENT, .recv = intel_recv_event }, 965 { INTEL_RECV_LPM, .recv = intel_recv_lpm }, 966 }; 967 intel_recv(struct hci_uart * hu,const void * data,int count)968 static int intel_recv(struct hci_uart *hu, const void *data, int count) 969 { 970 struct intel_data *intel = hu->priv; 971 972 if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) 973 return -EUNATCH; 974 975 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count, 976 intel_recv_pkts, 977 ARRAY_SIZE(intel_recv_pkts)); 978 if (IS_ERR(intel->rx_skb)) { 979 int err = PTR_ERR(intel->rx_skb); 980 981 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err); 982 intel->rx_skb = NULL; 983 return err; 984 } 985 986 return count; 987 } 988 intel_enqueue(struct hci_uart * hu,struct sk_buff * skb)989 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) 990 { 991 struct intel_data *intel = hu->priv; 992 struct intel_device *idev; 993 994 BT_DBG("hu %p skb %p", hu, skb); 995 996 if (!hu->tty->dev) 997 goto out_enqueue; 998 999 /* Be sure our controller is resumed and potential LPM transaction 1000 * completed before enqueuing any packet. 1001 */ 1002 mutex_lock(&intel_device_list_lock); 1003 list_for_each_entry(idev, &intel_device_list, list) { 1004 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 1005 pm_runtime_get_sync(&idev->pdev->dev); 1006 pm_runtime_mark_last_busy(&idev->pdev->dev); 1007 pm_runtime_put_autosuspend(&idev->pdev->dev); 1008 break; 1009 } 1010 } 1011 mutex_unlock(&intel_device_list_lock); 1012 out_enqueue: 1013 skb_queue_tail(&intel->txq, skb); 1014 1015 return 0; 1016 } 1017 intel_dequeue(struct hci_uart * hu)1018 static struct sk_buff *intel_dequeue(struct hci_uart *hu) 1019 { 1020 struct intel_data *intel = hu->priv; 1021 struct sk_buff *skb; 1022 1023 skb = skb_dequeue(&intel->txq); 1024 if (!skb) 1025 return skb; 1026 1027 if (test_bit(STATE_BOOTLOADER, &intel->flags) && 1028 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) { 1029 struct hci_command_hdr *cmd = (void *)skb->data; 1030 __u16 opcode = le16_to_cpu(cmd->opcode); 1031 1032 /* When the 0xfc01 command is issued to boot into 1033 * the operational firmware, it will actually not 1034 * send a command complete event. To keep the flow 1035 * control working inject that event here. 1036 */ 1037 if (opcode == 0xfc01) 1038 inject_cmd_complete(hu->hdev, opcode); 1039 } 1040 1041 /* Prepend skb with frame type */ 1042 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 1043 1044 return skb; 1045 } 1046 1047 static const struct hci_uart_proto intel_proto = { 1048 .id = HCI_UART_INTEL, 1049 .name = "Intel", 1050 .manufacturer = 2, 1051 .init_speed = 115200, 1052 .oper_speed = 3000000, 1053 .open = intel_open, 1054 .close = intel_close, 1055 .flush = intel_flush, 1056 .setup = intel_setup, 1057 .set_baudrate = intel_set_baudrate, 1058 .recv = intel_recv, 1059 .enqueue = intel_enqueue, 1060 .dequeue = intel_dequeue, 1061 }; 1062 1063 #ifdef CONFIG_ACPI 1064 static const struct acpi_device_id intel_acpi_match[] = { 1065 { "INT33E1", 0 }, 1066 { "INT33E3", 0 }, 1067 { } 1068 }; 1069 MODULE_DEVICE_TABLE(acpi, intel_acpi_match); 1070 #endif 1071 1072 #ifdef CONFIG_PM intel_suspend_device(struct device * dev)1073 static int intel_suspend_device(struct device *dev) 1074 { 1075 struct intel_device *idev = dev_get_drvdata(dev); 1076 1077 mutex_lock(&idev->hu_lock); 1078 if (idev->hu) 1079 intel_lpm_suspend(idev->hu); 1080 mutex_unlock(&idev->hu_lock); 1081 1082 return 0; 1083 } 1084 intel_resume_device(struct device * dev)1085 static int intel_resume_device(struct device *dev) 1086 { 1087 struct intel_device *idev = dev_get_drvdata(dev); 1088 1089 mutex_lock(&idev->hu_lock); 1090 if (idev->hu) 1091 intel_lpm_resume(idev->hu); 1092 mutex_unlock(&idev->hu_lock); 1093 1094 return 0; 1095 } 1096 #endif 1097 1098 #ifdef CONFIG_PM_SLEEP intel_suspend(struct device * dev)1099 static int intel_suspend(struct device *dev) 1100 { 1101 struct intel_device *idev = dev_get_drvdata(dev); 1102 1103 if (device_may_wakeup(dev)) 1104 enable_irq_wake(idev->irq); 1105 1106 return intel_suspend_device(dev); 1107 } 1108 intel_resume(struct device * dev)1109 static int intel_resume(struct device *dev) 1110 { 1111 struct intel_device *idev = dev_get_drvdata(dev); 1112 1113 if (device_may_wakeup(dev)) 1114 disable_irq_wake(idev->irq); 1115 1116 return intel_resume_device(dev); 1117 } 1118 #endif 1119 1120 static const struct dev_pm_ops intel_pm_ops = { 1121 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume) 1122 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL) 1123 }; 1124 1125 static const struct acpi_gpio_params reset_gpios = { 0, 0, false }; 1126 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false }; 1127 1128 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = { 1129 { "reset-gpios", &reset_gpios, 1, ACPI_GPIO_QUIRK_ONLY_GPIOIO }, 1130 { "host-wake-gpios", &host_wake_gpios, 1, ACPI_GPIO_QUIRK_ONLY_GPIOIO }, 1131 { } 1132 }; 1133 intel_probe(struct platform_device * pdev)1134 static int intel_probe(struct platform_device *pdev) 1135 { 1136 struct intel_device *idev; 1137 int ret; 1138 1139 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL); 1140 if (!idev) 1141 return -ENOMEM; 1142 1143 mutex_init(&idev->hu_lock); 1144 1145 idev->pdev = pdev; 1146 1147 ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios); 1148 if (ret) 1149 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n"); 1150 1151 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW); 1152 if (IS_ERR(idev->reset)) { 1153 dev_err(&pdev->dev, "Unable to retrieve gpio\n"); 1154 return PTR_ERR(idev->reset); 1155 } 1156 1157 idev->irq = platform_get_irq(pdev, 0); 1158 if (idev->irq < 0) { 1159 struct gpio_desc *host_wake; 1160 1161 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n"); 1162 1163 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN); 1164 if (IS_ERR(host_wake)) { 1165 dev_err(&pdev->dev, "Unable to retrieve IRQ\n"); 1166 goto no_irq; 1167 } 1168 1169 idev->irq = gpiod_to_irq(host_wake); 1170 if (idev->irq < 0) { 1171 dev_err(&pdev->dev, "No corresponding irq for gpio\n"); 1172 goto no_irq; 1173 } 1174 } 1175 1176 /* Only enable wake-up/irq when controller is powered */ 1177 device_set_wakeup_capable(&pdev->dev, true); 1178 device_wakeup_disable(&pdev->dev); 1179 1180 no_irq: 1181 platform_set_drvdata(pdev, idev); 1182 1183 /* Place this instance on the device list */ 1184 mutex_lock(&intel_device_list_lock); 1185 list_add_tail(&idev->list, &intel_device_list); 1186 mutex_unlock(&intel_device_list_lock); 1187 1188 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n", 1189 desc_to_gpio(idev->reset), idev->irq); 1190 1191 return 0; 1192 } 1193 intel_remove(struct platform_device * pdev)1194 static void intel_remove(struct platform_device *pdev) 1195 { 1196 struct intel_device *idev = platform_get_drvdata(pdev); 1197 1198 device_wakeup_disable(&pdev->dev); 1199 1200 mutex_lock(&intel_device_list_lock); 1201 list_del(&idev->list); 1202 mutex_unlock(&intel_device_list_lock); 1203 1204 dev_info(&pdev->dev, "unregistered.\n"); 1205 } 1206 1207 static struct platform_driver intel_driver = { 1208 .probe = intel_probe, 1209 .remove_new = intel_remove, 1210 .driver = { 1211 .name = "hci_intel", 1212 .acpi_match_table = ACPI_PTR(intel_acpi_match), 1213 .pm = &intel_pm_ops, 1214 }, 1215 }; 1216 intel_init(void)1217 int __init intel_init(void) 1218 { 1219 int err; 1220 1221 err = platform_driver_register(&intel_driver); 1222 if (err) 1223 return err; 1224 1225 return hci_uart_register_proto(&intel_proto); 1226 } 1227 intel_deinit(void)1228 int __exit intel_deinit(void) 1229 { 1230 platform_driver_unregister(&intel_driver); 1231 1232 return hci_uart_unregister_proto(&intel_proto); 1233 } 1234