1 /*
2  *
3  *  Bluetooth HCI Three-wire UART driver
4  *
5  *  Copyright (C) 2012  Intel Corporation
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/acpi.h>
25 #include <linux/errno.h>
26 #include <linux/gpio/consumer.h>
27 #include <linux/kernel.h>
28 #include <linux/mod_devicetable.h>
29 #include <linux/serdev.h>
30 #include <linux/skbuff.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 
35 #include "btrtl.h"
36 #include "hci_uart.h"
37 
38 #define HCI_3WIRE_ACK_PKT	0
39 #define HCI_3WIRE_LINK_PKT	15
40 
41 /* Sliding window size */
42 #define H5_TX_WIN_MAX		4
43 
44 #define H5_ACK_TIMEOUT	msecs_to_jiffies(250)
45 #define H5_SYNC_TIMEOUT	msecs_to_jiffies(100)
46 
47 /*
48  * Maximum Three-wire packet:
49  *     4 byte header + max value for 12-bit length + 2 bytes for CRC
50  */
51 #define H5_MAX_LEN (4 + 0xfff + 2)
52 
53 /* Convenience macros for reading Three-wire header values */
54 #define H5_HDR_SEQ(hdr)		((hdr)[0] & 0x07)
55 #define H5_HDR_ACK(hdr)		(((hdr)[0] >> 3) & 0x07)
56 #define H5_HDR_CRC(hdr)		(((hdr)[0] >> 6) & 0x01)
57 #define H5_HDR_RELIABLE(hdr)	(((hdr)[0] >> 7) & 0x01)
58 #define H5_HDR_PKT_TYPE(hdr)	((hdr)[1] & 0x0f)
59 #define H5_HDR_LEN(hdr)		((((hdr)[1] >> 4) & 0x0f) + ((hdr)[2] << 4))
60 
61 #define SLIP_DELIMITER	0xc0
62 #define SLIP_ESC	0xdb
63 #define SLIP_ESC_DELIM	0xdc
64 #define SLIP_ESC_ESC	0xdd
65 
66 /* H5 state flags */
67 enum {
68 	H5_RX_ESC,	/* SLIP escape mode */
69 	H5_TX_ACK_REQ,	/* Pending ack to send */
70 };
71 
72 struct h5 {
73 	/* Must be the first member, hci_serdev.c expects this. */
74 	struct hci_uart		serdev_hu;
75 
76 	struct sk_buff_head	unack;		/* Unack'ed packets queue */
77 	struct sk_buff_head	rel;		/* Reliable packets queue */
78 	struct sk_buff_head	unrel;		/* Unreliable packets queue */
79 
80 	unsigned long		flags;
81 
82 	struct sk_buff		*rx_skb;	/* Receive buffer */
83 	size_t			rx_pending;	/* Expecting more bytes */
84 	u8			rx_ack;		/* Last ack number received */
85 
86 	int			(*rx_func)(struct hci_uart *hu, u8 c);
87 
88 	struct timer_list	timer;		/* Retransmission timer */
89 	struct hci_uart		*hu;		/* Parent HCI UART */
90 
91 	u8			tx_seq;		/* Next seq number to send */
92 	u8			tx_ack;		/* Next ack number to send */
93 	u8			tx_win;		/* Sliding window size */
94 
95 	enum {
96 		H5_UNINITIALIZED,
97 		H5_INITIALIZED,
98 		H5_ACTIVE,
99 	} state;
100 
101 	enum {
102 		H5_AWAKE,
103 		H5_SLEEPING,
104 		H5_WAKING_UP,
105 	} sleep;
106 
107 	const struct h5_vnd *vnd;
108 	const char *id;
109 
110 	struct gpio_desc *enable_gpio;
111 	struct gpio_desc *device_wake_gpio;
112 };
113 
114 struct h5_vnd {
115 	int (*setup)(struct h5 *h5);
116 	void (*open)(struct h5 *h5);
117 	void (*close)(struct h5 *h5);
118 	const struct acpi_gpio_mapping *acpi_gpio_map;
119 };
120 
121 static void h5_reset_rx(struct h5 *h5);
122 
h5_link_control(struct hci_uart * hu,const void * data,size_t len)123 static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
124 {
125 	struct h5 *h5 = hu->priv;
126 	struct sk_buff *nskb;
127 
128 	nskb = alloc_skb(3, GFP_ATOMIC);
129 	if (!nskb)
130 		return;
131 
132 	hci_skb_pkt_type(nskb) = HCI_3WIRE_LINK_PKT;
133 
134 	skb_put_data(nskb, data, len);
135 
136 	skb_queue_tail(&h5->unrel, nskb);
137 }
138 
h5_cfg_field(struct h5 * h5)139 static u8 h5_cfg_field(struct h5 *h5)
140 {
141 	/* Sliding window size (first 3 bits) */
142 	return h5->tx_win & 0x07;
143 }
144 
h5_timed_event(struct timer_list * t)145 static void h5_timed_event(struct timer_list *t)
146 {
147 	const unsigned char sync_req[] = { 0x01, 0x7e };
148 	unsigned char conf_req[3] = { 0x03, 0xfc };
149 	struct h5 *h5 = from_timer(h5, t, timer);
150 	struct hci_uart *hu = h5->hu;
151 	struct sk_buff *skb;
152 	unsigned long flags;
153 
154 	BT_DBG("%s", hu->hdev->name);
155 
156 	if (h5->state == H5_UNINITIALIZED)
157 		h5_link_control(hu, sync_req, sizeof(sync_req));
158 
159 	if (h5->state == H5_INITIALIZED) {
160 		conf_req[2] = h5_cfg_field(h5);
161 		h5_link_control(hu, conf_req, sizeof(conf_req));
162 	}
163 
164 	if (h5->state != H5_ACTIVE) {
165 		mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
166 		goto wakeup;
167 	}
168 
169 	if (h5->sleep != H5_AWAKE) {
170 		h5->sleep = H5_SLEEPING;
171 		goto wakeup;
172 	}
173 
174 	BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
175 
176 	spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
177 
178 	while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
179 		h5->tx_seq = (h5->tx_seq - 1) & 0x07;
180 		skb_queue_head(&h5->rel, skb);
181 	}
182 
183 	spin_unlock_irqrestore(&h5->unack.lock, flags);
184 
185 wakeup:
186 	hci_uart_tx_wakeup(hu);
187 }
188 
h5_peer_reset(struct hci_uart * hu)189 static void h5_peer_reset(struct hci_uart *hu)
190 {
191 	struct h5 *h5 = hu->priv;
192 
193 	BT_ERR("Peer device has reset");
194 
195 	h5->state = H5_UNINITIALIZED;
196 
197 	del_timer(&h5->timer);
198 
199 	skb_queue_purge(&h5->rel);
200 	skb_queue_purge(&h5->unrel);
201 	skb_queue_purge(&h5->unack);
202 
203 	h5->tx_seq = 0;
204 	h5->tx_ack = 0;
205 
206 	/* Send reset request to upper stack */
207 	hci_reset_dev(hu->hdev);
208 }
209 
h5_open(struct hci_uart * hu)210 static int h5_open(struct hci_uart *hu)
211 {
212 	struct h5 *h5;
213 	const unsigned char sync[] = { 0x01, 0x7e };
214 
215 	BT_DBG("hu %p", hu);
216 
217 	if (hu->serdev) {
218 		h5 = serdev_device_get_drvdata(hu->serdev);
219 	} else {
220 		h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
221 		if (!h5)
222 			return -ENOMEM;
223 	}
224 
225 	hu->priv = h5;
226 	h5->hu = hu;
227 
228 	skb_queue_head_init(&h5->unack);
229 	skb_queue_head_init(&h5->rel);
230 	skb_queue_head_init(&h5->unrel);
231 
232 	h5_reset_rx(h5);
233 
234 	timer_setup(&h5->timer, h5_timed_event, 0);
235 
236 	h5->tx_win = H5_TX_WIN_MAX;
237 
238 	if (h5->vnd && h5->vnd->open)
239 		h5->vnd->open(h5);
240 
241 	set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
242 
243 	/* Send initial sync request */
244 	h5_link_control(hu, sync, sizeof(sync));
245 	mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
246 
247 	return 0;
248 }
249 
h5_close(struct hci_uart * hu)250 static int h5_close(struct hci_uart *hu)
251 {
252 	struct h5 *h5 = hu->priv;
253 
254 	del_timer_sync(&h5->timer);
255 
256 	skb_queue_purge(&h5->unack);
257 	skb_queue_purge(&h5->rel);
258 	skb_queue_purge(&h5->unrel);
259 
260 	if (h5->vnd && h5->vnd->close)
261 		h5->vnd->close(h5);
262 
263 	if (!hu->serdev)
264 		kfree(h5);
265 
266 	return 0;
267 }
268 
h5_setup(struct hci_uart * hu)269 static int h5_setup(struct hci_uart *hu)
270 {
271 	struct h5 *h5 = hu->priv;
272 
273 	if (h5->vnd && h5->vnd->setup)
274 		return h5->vnd->setup(h5);
275 
276 	return 0;
277 }
278 
h5_pkt_cull(struct h5 * h5)279 static void h5_pkt_cull(struct h5 *h5)
280 {
281 	struct sk_buff *skb, *tmp;
282 	unsigned long flags;
283 	int i, to_remove;
284 	u8 seq;
285 
286 	spin_lock_irqsave(&h5->unack.lock, flags);
287 
288 	to_remove = skb_queue_len(&h5->unack);
289 	if (to_remove == 0)
290 		goto unlock;
291 
292 	seq = h5->tx_seq;
293 
294 	while (to_remove > 0) {
295 		if (h5->rx_ack == seq)
296 			break;
297 
298 		to_remove--;
299 		seq = (seq - 1) & 0x07;
300 	}
301 
302 	if (seq != h5->rx_ack)
303 		BT_ERR("Controller acked invalid packet");
304 
305 	i = 0;
306 	skb_queue_walk_safe(&h5->unack, skb, tmp) {
307 		if (i++ >= to_remove)
308 			break;
309 
310 		__skb_unlink(skb, &h5->unack);
311 		kfree_skb(skb);
312 	}
313 
314 	if (skb_queue_empty(&h5->unack))
315 		del_timer(&h5->timer);
316 
317 unlock:
318 	spin_unlock_irqrestore(&h5->unack.lock, flags);
319 }
320 
h5_handle_internal_rx(struct hci_uart * hu)321 static void h5_handle_internal_rx(struct hci_uart *hu)
322 {
323 	struct h5 *h5 = hu->priv;
324 	const unsigned char sync_req[] = { 0x01, 0x7e };
325 	const unsigned char sync_rsp[] = { 0x02, 0x7d };
326 	unsigned char conf_req[3] = { 0x03, 0xfc };
327 	const unsigned char conf_rsp[] = { 0x04, 0x7b };
328 	const unsigned char wakeup_req[] = { 0x05, 0xfa };
329 	const unsigned char woken_req[] = { 0x06, 0xf9 };
330 	const unsigned char sleep_req[] = { 0x07, 0x78 };
331 	const unsigned char *hdr = h5->rx_skb->data;
332 	const unsigned char *data = &h5->rx_skb->data[4];
333 
334 	BT_DBG("%s", hu->hdev->name);
335 
336 	if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
337 		return;
338 
339 	if (H5_HDR_LEN(hdr) < 2)
340 		return;
341 
342 	conf_req[2] = h5_cfg_field(h5);
343 
344 	if (memcmp(data, sync_req, 2) == 0) {
345 		if (h5->state == H5_ACTIVE)
346 			h5_peer_reset(hu);
347 		h5_link_control(hu, sync_rsp, 2);
348 	} else if (memcmp(data, sync_rsp, 2) == 0) {
349 		if (h5->state == H5_ACTIVE)
350 			h5_peer_reset(hu);
351 		h5->state = H5_INITIALIZED;
352 		h5_link_control(hu, conf_req, 3);
353 	} else if (memcmp(data, conf_req, 2) == 0) {
354 		h5_link_control(hu, conf_rsp, 2);
355 		h5_link_control(hu, conf_req, 3);
356 	} else if (memcmp(data, conf_rsp, 2) == 0) {
357 		if (H5_HDR_LEN(hdr) > 2)
358 			h5->tx_win = (data[2] & 0x07);
359 		BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
360 		h5->state = H5_ACTIVE;
361 		hci_uart_init_ready(hu);
362 		return;
363 	} else if (memcmp(data, sleep_req, 2) == 0) {
364 		BT_DBG("Peer went to sleep");
365 		h5->sleep = H5_SLEEPING;
366 		return;
367 	} else if (memcmp(data, woken_req, 2) == 0) {
368 		BT_DBG("Peer woke up");
369 		h5->sleep = H5_AWAKE;
370 	} else if (memcmp(data, wakeup_req, 2) == 0) {
371 		BT_DBG("Peer requested wakeup");
372 		h5_link_control(hu, woken_req, 2);
373 		h5->sleep = H5_AWAKE;
374 	} else {
375 		BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
376 		return;
377 	}
378 
379 	hci_uart_tx_wakeup(hu);
380 }
381 
h5_complete_rx_pkt(struct hci_uart * hu)382 static void h5_complete_rx_pkt(struct hci_uart *hu)
383 {
384 	struct h5 *h5 = hu->priv;
385 	const unsigned char *hdr = h5->rx_skb->data;
386 
387 	if (H5_HDR_RELIABLE(hdr)) {
388 		h5->tx_ack = (h5->tx_ack + 1) % 8;
389 		set_bit(H5_TX_ACK_REQ, &h5->flags);
390 		hci_uart_tx_wakeup(hu);
391 	}
392 
393 	h5->rx_ack = H5_HDR_ACK(hdr);
394 
395 	h5_pkt_cull(h5);
396 
397 	switch (H5_HDR_PKT_TYPE(hdr)) {
398 	case HCI_EVENT_PKT:
399 	case HCI_ACLDATA_PKT:
400 	case HCI_SCODATA_PKT:
401 		hci_skb_pkt_type(h5->rx_skb) = H5_HDR_PKT_TYPE(hdr);
402 
403 		/* Remove Three-wire header */
404 		skb_pull(h5->rx_skb, 4);
405 
406 		hci_recv_frame(hu->hdev, h5->rx_skb);
407 		h5->rx_skb = NULL;
408 
409 		break;
410 
411 	default:
412 		h5_handle_internal_rx(hu);
413 		break;
414 	}
415 
416 	h5_reset_rx(h5);
417 }
418 
h5_rx_crc(struct hci_uart * hu,unsigned char c)419 static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
420 {
421 	h5_complete_rx_pkt(hu);
422 
423 	return 0;
424 }
425 
h5_rx_payload(struct hci_uart * hu,unsigned char c)426 static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
427 {
428 	struct h5 *h5 = hu->priv;
429 	const unsigned char *hdr = h5->rx_skb->data;
430 
431 	if (H5_HDR_CRC(hdr)) {
432 		h5->rx_func = h5_rx_crc;
433 		h5->rx_pending = 2;
434 	} else {
435 		h5_complete_rx_pkt(hu);
436 	}
437 
438 	return 0;
439 }
440 
h5_rx_3wire_hdr(struct hci_uart * hu,unsigned char c)441 static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
442 {
443 	struct h5 *h5 = hu->priv;
444 	const unsigned char *hdr = h5->rx_skb->data;
445 
446 	BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
447 	       hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
448 	       H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
449 	       H5_HDR_LEN(hdr));
450 
451 	if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
452 		BT_ERR("Invalid header checksum");
453 		h5_reset_rx(h5);
454 		return 0;
455 	}
456 
457 	if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
458 		BT_ERR("Out-of-order packet arrived (%u != %u)",
459 		       H5_HDR_SEQ(hdr), h5->tx_ack);
460 		h5_reset_rx(h5);
461 		return 0;
462 	}
463 
464 	if (h5->state != H5_ACTIVE &&
465 	    H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
466 		BT_ERR("Non-link packet received in non-active state");
467 		h5_reset_rx(h5);
468 		return 0;
469 	}
470 
471 	h5->rx_func = h5_rx_payload;
472 	h5->rx_pending = H5_HDR_LEN(hdr);
473 
474 	return 0;
475 }
476 
h5_rx_pkt_start(struct hci_uart * hu,unsigned char c)477 static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
478 {
479 	struct h5 *h5 = hu->priv;
480 
481 	if (c == SLIP_DELIMITER)
482 		return 1;
483 
484 	h5->rx_func = h5_rx_3wire_hdr;
485 	h5->rx_pending = 4;
486 
487 	h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
488 	if (!h5->rx_skb) {
489 		BT_ERR("Can't allocate mem for new packet");
490 		h5_reset_rx(h5);
491 		return -ENOMEM;
492 	}
493 
494 	h5->rx_skb->dev = (void *)hu->hdev;
495 
496 	return 0;
497 }
498 
h5_rx_delimiter(struct hci_uart * hu,unsigned char c)499 static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
500 {
501 	struct h5 *h5 = hu->priv;
502 
503 	if (c == SLIP_DELIMITER)
504 		h5->rx_func = h5_rx_pkt_start;
505 
506 	return 1;
507 }
508 
h5_unslip_one_byte(struct h5 * h5,unsigned char c)509 static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
510 {
511 	const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
512 	const u8 *byte = &c;
513 
514 	if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
515 		set_bit(H5_RX_ESC, &h5->flags);
516 		return;
517 	}
518 
519 	if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
520 		switch (c) {
521 		case SLIP_ESC_DELIM:
522 			byte = &delim;
523 			break;
524 		case SLIP_ESC_ESC:
525 			byte = &esc;
526 			break;
527 		default:
528 			BT_ERR("Invalid esc byte 0x%02hhx", c);
529 			h5_reset_rx(h5);
530 			return;
531 		}
532 	}
533 
534 	skb_put_data(h5->rx_skb, byte, 1);
535 	h5->rx_pending--;
536 
537 	BT_DBG("unsliped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
538 }
539 
h5_reset_rx(struct h5 * h5)540 static void h5_reset_rx(struct h5 *h5)
541 {
542 	if (h5->rx_skb) {
543 		kfree_skb(h5->rx_skb);
544 		h5->rx_skb = NULL;
545 	}
546 
547 	h5->rx_func = h5_rx_delimiter;
548 	h5->rx_pending = 0;
549 	clear_bit(H5_RX_ESC, &h5->flags);
550 }
551 
h5_recv(struct hci_uart * hu,const void * data,int count)552 static int h5_recv(struct hci_uart *hu, const void *data, int count)
553 {
554 	struct h5 *h5 = hu->priv;
555 	const unsigned char *ptr = data;
556 
557 	BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
558 	       count);
559 
560 	while (count > 0) {
561 		int processed;
562 
563 		if (h5->rx_pending > 0) {
564 			if (*ptr == SLIP_DELIMITER) {
565 				BT_ERR("Too short H5 packet");
566 				h5_reset_rx(h5);
567 				continue;
568 			}
569 
570 			h5_unslip_one_byte(h5, *ptr);
571 
572 			ptr++; count--;
573 			continue;
574 		}
575 
576 		processed = h5->rx_func(hu, *ptr);
577 		if (processed < 0)
578 			return processed;
579 
580 		ptr += processed;
581 		count -= processed;
582 	}
583 
584 	return 0;
585 }
586 
h5_enqueue(struct hci_uart * hu,struct sk_buff * skb)587 static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
588 {
589 	struct h5 *h5 = hu->priv;
590 
591 	if (skb->len > 0xfff) {
592 		BT_ERR("Packet too long (%u bytes)", skb->len);
593 		kfree_skb(skb);
594 		return 0;
595 	}
596 
597 	if (h5->state != H5_ACTIVE) {
598 		BT_ERR("Ignoring HCI data in non-active state");
599 		kfree_skb(skb);
600 		return 0;
601 	}
602 
603 	switch (hci_skb_pkt_type(skb)) {
604 	case HCI_ACLDATA_PKT:
605 	case HCI_COMMAND_PKT:
606 		skb_queue_tail(&h5->rel, skb);
607 		break;
608 
609 	case HCI_SCODATA_PKT:
610 		skb_queue_tail(&h5->unrel, skb);
611 		break;
612 
613 	default:
614 		BT_ERR("Unknown packet type %u", hci_skb_pkt_type(skb));
615 		kfree_skb(skb);
616 		break;
617 	}
618 
619 	return 0;
620 }
621 
h5_slip_delim(struct sk_buff * skb)622 static void h5_slip_delim(struct sk_buff *skb)
623 {
624 	const char delim = SLIP_DELIMITER;
625 
626 	skb_put_data(skb, &delim, 1);
627 }
628 
h5_slip_one_byte(struct sk_buff * skb,u8 c)629 static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
630 {
631 	const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
632 	const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
633 
634 	switch (c) {
635 	case SLIP_DELIMITER:
636 		skb_put_data(skb, &esc_delim, 2);
637 		break;
638 	case SLIP_ESC:
639 		skb_put_data(skb, &esc_esc, 2);
640 		break;
641 	default:
642 		skb_put_data(skb, &c, 1);
643 	}
644 }
645 
valid_packet_type(u8 type)646 static bool valid_packet_type(u8 type)
647 {
648 	switch (type) {
649 	case HCI_ACLDATA_PKT:
650 	case HCI_COMMAND_PKT:
651 	case HCI_SCODATA_PKT:
652 	case HCI_3WIRE_LINK_PKT:
653 	case HCI_3WIRE_ACK_PKT:
654 		return true;
655 	default:
656 		return false;
657 	}
658 }
659 
h5_prepare_pkt(struct hci_uart * hu,u8 pkt_type,const u8 * data,size_t len)660 static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
661 				      const u8 *data, size_t len)
662 {
663 	struct h5 *h5 = hu->priv;
664 	struct sk_buff *nskb;
665 	u8 hdr[4];
666 	int i;
667 
668 	if (!valid_packet_type(pkt_type)) {
669 		BT_ERR("Unknown packet type %u", pkt_type);
670 		return NULL;
671 	}
672 
673 	/*
674 	 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
675 	 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
676 	 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
677 	 * delimiters at start and end).
678 	 */
679 	nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
680 	if (!nskb)
681 		return NULL;
682 
683 	hci_skb_pkt_type(nskb) = pkt_type;
684 
685 	h5_slip_delim(nskb);
686 
687 	hdr[0] = h5->tx_ack << 3;
688 	clear_bit(H5_TX_ACK_REQ, &h5->flags);
689 
690 	/* Reliable packet? */
691 	if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
692 		hdr[0] |= 1 << 7;
693 		hdr[0] |= h5->tx_seq;
694 		h5->tx_seq = (h5->tx_seq + 1) % 8;
695 	}
696 
697 	hdr[1] = pkt_type | ((len & 0x0f) << 4);
698 	hdr[2] = len >> 4;
699 	hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
700 
701 	BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
702 	       hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
703 	       H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
704 	       H5_HDR_LEN(hdr));
705 
706 	for (i = 0; i < 4; i++)
707 		h5_slip_one_byte(nskb, hdr[i]);
708 
709 	for (i = 0; i < len; i++)
710 		h5_slip_one_byte(nskb, data[i]);
711 
712 	h5_slip_delim(nskb);
713 
714 	return nskb;
715 }
716 
h5_dequeue(struct hci_uart * hu)717 static struct sk_buff *h5_dequeue(struct hci_uart *hu)
718 {
719 	struct h5 *h5 = hu->priv;
720 	unsigned long flags;
721 	struct sk_buff *skb, *nskb;
722 
723 	if (h5->sleep != H5_AWAKE) {
724 		const unsigned char wakeup_req[] = { 0x05, 0xfa };
725 
726 		if (h5->sleep == H5_WAKING_UP)
727 			return NULL;
728 
729 		h5->sleep = H5_WAKING_UP;
730 		BT_DBG("Sending wakeup request");
731 
732 		mod_timer(&h5->timer, jiffies + HZ / 100);
733 		return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
734 	}
735 
736 	skb = skb_dequeue(&h5->unrel);
737 	if (skb) {
738 		nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
739 				      skb->data, skb->len);
740 		if (nskb) {
741 			kfree_skb(skb);
742 			return nskb;
743 		}
744 
745 		skb_queue_head(&h5->unrel, skb);
746 		BT_ERR("Could not dequeue pkt because alloc_skb failed");
747 	}
748 
749 	spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
750 
751 	if (h5->unack.qlen >= h5->tx_win)
752 		goto unlock;
753 
754 	skb = skb_dequeue(&h5->rel);
755 	if (skb) {
756 		nskb = h5_prepare_pkt(hu, hci_skb_pkt_type(skb),
757 				      skb->data, skb->len);
758 		if (nskb) {
759 			__skb_queue_tail(&h5->unack, skb);
760 			mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
761 			spin_unlock_irqrestore(&h5->unack.lock, flags);
762 			return nskb;
763 		}
764 
765 		skb_queue_head(&h5->rel, skb);
766 		BT_ERR("Could not dequeue pkt because alloc_skb failed");
767 	}
768 
769 unlock:
770 	spin_unlock_irqrestore(&h5->unack.lock, flags);
771 
772 	if (test_bit(H5_TX_ACK_REQ, &h5->flags))
773 		return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
774 
775 	return NULL;
776 }
777 
h5_flush(struct hci_uart * hu)778 static int h5_flush(struct hci_uart *hu)
779 {
780 	BT_DBG("hu %p", hu);
781 	return 0;
782 }
783 
784 static const struct hci_uart_proto h5p = {
785 	.id		= HCI_UART_3WIRE,
786 	.name		= "Three-wire (H5)",
787 	.open		= h5_open,
788 	.close		= h5_close,
789 	.setup		= h5_setup,
790 	.recv		= h5_recv,
791 	.enqueue	= h5_enqueue,
792 	.dequeue	= h5_dequeue,
793 	.flush		= h5_flush,
794 };
795 
h5_serdev_probe(struct serdev_device * serdev)796 static int h5_serdev_probe(struct serdev_device *serdev)
797 {
798 	const struct acpi_device_id *match;
799 	struct device *dev = &serdev->dev;
800 	struct h5 *h5;
801 
802 	h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
803 	if (!h5)
804 		return -ENOMEM;
805 
806 	set_bit(HCI_UART_RESET_ON_INIT, &h5->serdev_hu.flags);
807 
808 	h5->hu = &h5->serdev_hu;
809 	h5->serdev_hu.serdev = serdev;
810 	serdev_device_set_drvdata(serdev, h5);
811 
812 	if (has_acpi_companion(dev)) {
813 		match = acpi_match_device(dev->driver->acpi_match_table, dev);
814 		if (!match)
815 			return -ENODEV;
816 
817 		h5->vnd = (const struct h5_vnd *)match->driver_data;
818 		h5->id  = (char *)match->id;
819 
820 		if (h5->vnd->acpi_gpio_map)
821 			devm_acpi_dev_add_driver_gpios(dev,
822 						       h5->vnd->acpi_gpio_map);
823 	}
824 
825 	h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW);
826 	if (IS_ERR(h5->enable_gpio))
827 		return PTR_ERR(h5->enable_gpio);
828 
829 	h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake",
830 						       GPIOD_OUT_LOW);
831 	if (IS_ERR(h5->device_wake_gpio))
832 		return PTR_ERR(h5->device_wake_gpio);
833 
834 	return hci_uart_register_device(&h5->serdev_hu, &h5p);
835 }
836 
h5_serdev_remove(struct serdev_device * serdev)837 static void h5_serdev_remove(struct serdev_device *serdev)
838 {
839 	struct h5 *h5 = serdev_device_get_drvdata(serdev);
840 
841 	hci_uart_unregister_device(&h5->serdev_hu);
842 }
843 
844 #ifdef CONFIG_BT_HCIUART_RTL
h5_btrtl_setup(struct h5 * h5)845 static int h5_btrtl_setup(struct h5 *h5)
846 {
847 	struct btrtl_device_info *btrtl_dev;
848 	struct sk_buff *skb;
849 	__le32 baudrate_data;
850 	u32 device_baudrate;
851 	unsigned int controller_baudrate;
852 	bool flow_control;
853 	int err;
854 
855 	btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id);
856 	if (IS_ERR(btrtl_dev))
857 		return PTR_ERR(btrtl_dev);
858 
859 	err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev,
860 				      &controller_baudrate, &device_baudrate,
861 				      &flow_control);
862 	if (err)
863 		goto out_free;
864 
865 	baudrate_data = cpu_to_le32(device_baudrate);
866 	skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data),
867 			     &baudrate_data, HCI_INIT_TIMEOUT);
868 	if (IS_ERR(skb)) {
869 		rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n");
870 		err = PTR_ERR(skb);
871 		goto out_free;
872 	} else {
873 		kfree_skb(skb);
874 	}
875 	/* Give the device some time to set up the new baudrate. */
876 	usleep_range(10000, 20000);
877 
878 	serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate);
879 	serdev_device_set_flow_control(h5->hu->serdev, flow_control);
880 
881 	err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev);
882 	/* Give the device some time before the hci-core sends it a reset */
883 	usleep_range(10000, 20000);
884 
885 out_free:
886 	btrtl_free(btrtl_dev);
887 
888 	return err;
889 }
890 
h5_btrtl_open(struct h5 * h5)891 static void h5_btrtl_open(struct h5 *h5)
892 {
893 	/* Devices always start with these fixed parameters */
894 	serdev_device_set_flow_control(h5->hu->serdev, false);
895 	serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN);
896 	serdev_device_set_baudrate(h5->hu->serdev, 115200);
897 
898 	/* The controller needs up to 500ms to wakeup */
899 	gpiod_set_value_cansleep(h5->enable_gpio, 1);
900 	gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
901 	msleep(500);
902 }
903 
h5_btrtl_close(struct h5 * h5)904 static void h5_btrtl_close(struct h5 *h5)
905 {
906 	gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
907 	gpiod_set_value_cansleep(h5->enable_gpio, 0);
908 }
909 
910 static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false };
911 static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false };
912 static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false };
913 static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = {
914 	{ "device-wake-gpios", &btrtl_device_wake_gpios, 1 },
915 	{ "enable-gpios", &btrtl_enable_gpios, 1 },
916 	{ "host-wake-gpios", &btrtl_host_wake_gpios, 1 },
917 	{},
918 };
919 
920 static struct h5_vnd rtl_vnd = {
921 	.setup		= h5_btrtl_setup,
922 	.open		= h5_btrtl_open,
923 	.close		= h5_btrtl_close,
924 	.acpi_gpio_map	= acpi_btrtl_gpios,
925 };
926 #endif
927 
928 #ifdef CONFIG_ACPI
929 static const struct acpi_device_id h5_acpi_match[] = {
930 #ifdef CONFIG_BT_HCIUART_RTL
931 	{ "OBDA8723", (kernel_ulong_t)&rtl_vnd },
932 #endif
933 	{ },
934 };
935 MODULE_DEVICE_TABLE(acpi, h5_acpi_match);
936 #endif
937 
938 static struct serdev_device_driver h5_serdev_driver = {
939 	.probe = h5_serdev_probe,
940 	.remove = h5_serdev_remove,
941 	.driver = {
942 		.name = "hci_uart_h5",
943 		.acpi_match_table = ACPI_PTR(h5_acpi_match),
944 	},
945 };
946 
h5_init(void)947 int __init h5_init(void)
948 {
949 	serdev_device_driver_register(&h5_serdev_driver);
950 	return hci_uart_register_proto(&h5p);
951 }
952 
h5_deinit(void)953 int __exit h5_deinit(void)
954 {
955 	serdev_device_driver_unregister(&h5_serdev_driver);
956 	return hci_uart_unregister_proto(&h5p);
957 }
958