1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  NXP Bluetooth driver
4  *  Copyright 2023 NXP
5  */
6 
7 #include <linux/module.h>
8 #include <linux/kernel.h>
9 
10 #include <linux/serdev.h>
11 #include <linux/of.h>
12 #include <linux/skbuff.h>
13 #include <asm/unaligned.h>
14 #include <linux/firmware.h>
15 #include <linux/string.h>
16 #include <linux/crc8.h>
17 #include <linux/crc32.h>
18 #include <linux/string_helpers.h>
19 
20 #include <net/bluetooth/bluetooth.h>
21 #include <net/bluetooth/hci_core.h>
22 
23 #include "h4_recv.h"
24 
25 #define MANUFACTURER_NXP		37
26 
27 #define BTNXPUART_TX_STATE_ACTIVE	1
28 #define BTNXPUART_FW_DOWNLOADING	2
29 #define BTNXPUART_CHECK_BOOT_SIGNATURE	3
30 #define BTNXPUART_SERDEV_OPEN		4
31 #define BTNXPUART_IR_IN_PROGRESS	5
32 
33 /* NXP HW err codes */
34 #define BTNXPUART_IR_HW_ERR		0xb0
35 
36 #define FIRMWARE_W8987		"nxp/uartuart8987_bt.bin"
37 #define FIRMWARE_W8997		"nxp/uartuart8997_bt_v4.bin"
38 #define FIRMWARE_W9098		"nxp/uartuart9098_bt_v1.bin"
39 #define FIRMWARE_IW416		"nxp/uartiw416_bt_v0.bin"
40 #define FIRMWARE_IW612		"nxp/uartspi_n61x_v1.bin.se"
41 #define FIRMWARE_IW624		"nxp/uartiw624_bt.bin"
42 #define FIRMWARE_SECURE_IW624	"nxp/uartiw624_bt.bin.se"
43 #define FIRMWARE_AW693		"nxp/uartaw693_bt.bin"
44 #define FIRMWARE_SECURE_AW693	"nxp/uartaw693_bt.bin.se"
45 #define FIRMWARE_HELPER		"nxp/helper_uart_3000000.bin"
46 
47 #define CHIP_ID_W9098		0x5c03
48 #define CHIP_ID_IW416		0x7201
49 #define CHIP_ID_IW612		0x7601
50 #define CHIP_ID_IW624a		0x8000
51 #define CHIP_ID_IW624c		0x8001
52 #define CHIP_ID_AW693		0x8200
53 
54 #define FW_SECURE_MASK		0xc0
55 #define FW_OPEN			0x00
56 #define FW_AUTH_ILLEGAL		0x40
57 #define FW_AUTH_PLAIN		0x80
58 #define FW_AUTH_ENC		0xc0
59 
60 #define HCI_NXP_PRI_BAUDRATE	115200
61 #define HCI_NXP_SEC_BAUDRATE	3000000
62 
63 #define MAX_FW_FILE_NAME_LEN    50
64 
65 /* Default ps timeout period in milliseconds */
66 #define PS_DEFAULT_TIMEOUT_PERIOD_MS     2000
67 
68 /* wakeup methods */
69 #define WAKEUP_METHOD_DTR       0
70 #define WAKEUP_METHOD_BREAK     1
71 #define WAKEUP_METHOD_EXT_BREAK 2
72 #define WAKEUP_METHOD_RTS       3
73 #define WAKEUP_METHOD_INVALID   0xff
74 
75 /* power save mode status */
76 #define PS_MODE_DISABLE         0
77 #define PS_MODE_ENABLE          1
78 
79 /* Power Save Commands to ps_work_func  */
80 #define PS_CMD_EXIT_PS          1
81 #define PS_CMD_ENTER_PS         2
82 
83 /* power save state */
84 #define PS_STATE_AWAKE          0
85 #define PS_STATE_SLEEP          1
86 
87 /* Bluetooth vendor command : Sleep mode */
88 #define HCI_NXP_AUTO_SLEEP_MODE	0xfc23
89 /* Bluetooth vendor command : Wakeup method */
90 #define HCI_NXP_WAKEUP_METHOD	0xfc53
91 /* Bluetooth vendor command : Set operational baudrate */
92 #define HCI_NXP_SET_OPER_SPEED	0xfc09
93 /* Bluetooth vendor command: Independent Reset */
94 #define HCI_NXP_IND_RESET	0xfcfc
95 
96 /* Bluetooth Power State : Vendor cmd params */
97 #define BT_PS_ENABLE			0x02
98 #define BT_PS_DISABLE			0x03
99 
100 /* Bluetooth Host Wakeup Methods */
101 #define BT_HOST_WAKEUP_METHOD_NONE      0x00
102 #define BT_HOST_WAKEUP_METHOD_DTR       0x01
103 #define BT_HOST_WAKEUP_METHOD_BREAK     0x02
104 #define BT_HOST_WAKEUP_METHOD_GPIO      0x03
105 
106 /* Bluetooth Chip Wakeup Methods */
107 #define BT_CTRL_WAKEUP_METHOD_DSR       0x00
108 #define BT_CTRL_WAKEUP_METHOD_BREAK     0x01
109 #define BT_CTRL_WAKEUP_METHOD_GPIO      0x02
110 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
111 #define BT_CTRL_WAKEUP_METHOD_RTS       0x05
112 
113 struct ps_data {
114 	u8    target_ps_mode;	/* ps mode to be set */
115 	u8    cur_psmode;	/* current ps_mode */
116 	u8    ps_state;		/* controller's power save state */
117 	u8    ps_cmd;
118 	u8    h2c_wakeupmode;
119 	u8    cur_h2c_wakeupmode;
120 	u8    c2h_wakeupmode;
121 	u8    c2h_wakeup_gpio;
122 	u8    h2c_wakeup_gpio;
123 	bool  driver_sent_cmd;
124 	u16   h2c_ps_interval;
125 	u16   c2h_ps_interval;
126 	struct hci_dev *hdev;
127 	struct work_struct work;
128 	struct timer_list ps_timer;
129 };
130 
131 struct wakeup_cmd_payload {
132 	u8 c2h_wakeupmode;
133 	u8 c2h_wakeup_gpio;
134 	u8 h2c_wakeupmode;
135 	u8 h2c_wakeup_gpio;
136 } __packed;
137 
138 struct psmode_cmd_payload {
139 	u8 ps_cmd;
140 	__le16 c2h_ps_interval;
141 } __packed;
142 
143 struct btnxpuart_data {
144 	const char *helper_fw_name;
145 	const char *fw_name;
146 };
147 
148 struct btnxpuart_dev {
149 	struct hci_dev *hdev;
150 	struct serdev_device *serdev;
151 
152 	struct work_struct tx_work;
153 	unsigned long tx_state;
154 	struct sk_buff_head txq;
155 	struct sk_buff *rx_skb;
156 
157 	const struct firmware *fw;
158 	u8 fw_name[MAX_FW_FILE_NAME_LEN];
159 	u32 fw_dnld_v1_offset;
160 	u32 fw_v1_sent_bytes;
161 	u32 fw_v3_offset_correction;
162 	u32 fw_v1_expected_len;
163 	u32 boot_reg_offset;
164 	wait_queue_head_t fw_dnld_done_wait_q;
165 	wait_queue_head_t check_boot_sign_wait_q;
166 
167 	u32 new_baudrate;
168 	u32 current_baudrate;
169 	u32 fw_init_baudrate;
170 	bool timeout_changed;
171 	bool baudrate_changed;
172 	bool helper_downloaded;
173 
174 	struct ps_data psdata;
175 	struct btnxpuart_data *nxp_data;
176 };
177 
178 #define NXP_V1_FW_REQ_PKT	0xa5
179 #define NXP_V1_CHIP_VER_PKT	0xaa
180 #define NXP_V3_FW_REQ_PKT	0xa7
181 #define NXP_V3_CHIP_VER_PKT	0xab
182 
183 #define NXP_ACK_V1		0x5a
184 #define NXP_NAK_V1		0xbf
185 #define NXP_ACK_V3		0x7a
186 #define NXP_NAK_V3		0x7b
187 #define NXP_CRC_ERROR_V3	0x7c
188 
189 #define HDR_LEN			16
190 
191 #define NXP_RECV_CHIP_VER_V1 \
192 	.type = NXP_V1_CHIP_VER_PKT, \
193 	.hlen = 4, \
194 	.loff = 0, \
195 	.lsize = 0, \
196 	.maxlen = 4
197 
198 #define NXP_RECV_FW_REQ_V1 \
199 	.type = NXP_V1_FW_REQ_PKT, \
200 	.hlen = 4, \
201 	.loff = 0, \
202 	.lsize = 0, \
203 	.maxlen = 4
204 
205 #define NXP_RECV_CHIP_VER_V3 \
206 	.type = NXP_V3_CHIP_VER_PKT, \
207 	.hlen = 4, \
208 	.loff = 0, \
209 	.lsize = 0, \
210 	.maxlen = 4
211 
212 #define NXP_RECV_FW_REQ_V3 \
213 	.type = NXP_V3_FW_REQ_PKT, \
214 	.hlen = 9, \
215 	.loff = 0, \
216 	.lsize = 0, \
217 	.maxlen = 9
218 
219 struct v1_data_req {
220 	__le16 len;
221 	__le16 len_comp;
222 } __packed;
223 
224 struct v1_start_ind {
225 	__le16 chip_id;
226 	__le16 chip_id_comp;
227 } __packed;
228 
229 struct v3_data_req {
230 	__le16 len;
231 	__le32 offset;
232 	__le16 error;
233 	u8 crc;
234 } __packed;
235 
236 struct v3_start_ind {
237 	__le16 chip_id;
238 	u8 loader_ver;
239 	u8 crc;
240 } __packed;
241 
242 /* UART register addresses of BT chip */
243 #define CLKDIVADDR	0x7f00008f
244 #define UARTDIVADDR	0x7f000090
245 #define UARTMCRADDR	0x7f000091
246 #define UARTREINITADDR	0x7f000092
247 #define UARTICRADDR	0x7f000093
248 #define UARTFCRADDR	0x7f000094
249 
250 #define MCR		0x00000022
251 #define INIT		0x00000001
252 #define ICR		0x000000c7
253 #define FCR		0x000000c7
254 
255 #define POLYNOMIAL8	0x07
256 
257 struct uart_reg {
258 	__le32 address;
259 	__le32 value;
260 } __packed;
261 
262 struct uart_config {
263 	struct uart_reg clkdiv;
264 	struct uart_reg uartdiv;
265 	struct uart_reg mcr;
266 	struct uart_reg re_init;
267 	struct uart_reg icr;
268 	struct uart_reg fcr;
269 	__be32 crc;
270 } __packed;
271 
272 struct nxp_bootloader_cmd {
273 	__le32 header;
274 	__le32 arg;
275 	__le32 payload_len;
276 	__be32 crc;
277 } __packed;
278 
279 static u8 crc8_table[CRC8_TABLE_SIZE];
280 
281 /* Default configurations */
282 #define DEFAULT_H2C_WAKEUP_MODE	WAKEUP_METHOD_BREAK
283 #define DEFAULT_PS_MODE		PS_MODE_DISABLE
284 #define FW_INIT_BAUDRATE	HCI_NXP_PRI_BAUDRATE
285 
nxp_drv_send_cmd(struct hci_dev * hdev,u16 opcode,u32 plen,void * param)286 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
287 					u32 plen,
288 					void *param)
289 {
290 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
291 	struct ps_data *psdata = &nxpdev->psdata;
292 	struct sk_buff *skb;
293 
294 	/* set flag to prevent nxp_enqueue from parsing values from this command and
295 	 * calling hci_cmd_sync_queue() again.
296 	 */
297 	psdata->driver_sent_cmd = true;
298 	skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
299 	psdata->driver_sent_cmd = false;
300 
301 	return skb;
302 }
303 
btnxpuart_tx_wakeup(struct btnxpuart_dev * nxpdev)304 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
305 {
306 	if (schedule_work(&nxpdev->tx_work))
307 		set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
308 }
309 
310 /* NXP Power Save Feature */
ps_start_timer(struct btnxpuart_dev * nxpdev)311 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
312 {
313 	struct ps_data *psdata = &nxpdev->psdata;
314 
315 	if (!psdata)
316 		return;
317 
318 	if (psdata->cur_psmode == PS_MODE_ENABLE)
319 		mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
320 }
321 
ps_cancel_timer(struct btnxpuart_dev * nxpdev)322 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
323 {
324 	struct ps_data *psdata = &nxpdev->psdata;
325 
326 	flush_work(&psdata->work);
327 	del_timer_sync(&psdata->ps_timer);
328 }
329 
ps_control(struct hci_dev * hdev,u8 ps_state)330 static void ps_control(struct hci_dev *hdev, u8 ps_state)
331 {
332 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
333 	struct ps_data *psdata = &nxpdev->psdata;
334 	int status;
335 
336 	if (psdata->ps_state == ps_state ||
337 	    !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
338 		return;
339 
340 	switch (psdata->cur_h2c_wakeupmode) {
341 	case WAKEUP_METHOD_DTR:
342 		if (ps_state == PS_STATE_AWAKE)
343 			status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
344 		else
345 			status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
346 		break;
347 	case WAKEUP_METHOD_BREAK:
348 	default:
349 		if (ps_state == PS_STATE_AWAKE)
350 			status = serdev_device_break_ctl(nxpdev->serdev, 0);
351 		else
352 			status = serdev_device_break_ctl(nxpdev->serdev, -1);
353 		bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
354 			   str_on_off(ps_state == PS_STATE_SLEEP), status);
355 		break;
356 	}
357 	if (!status)
358 		psdata->ps_state = ps_state;
359 	if (ps_state == PS_STATE_AWAKE)
360 		btnxpuart_tx_wakeup(nxpdev);
361 }
362 
ps_work_func(struct work_struct * work)363 static void ps_work_func(struct work_struct *work)
364 {
365 	struct ps_data *data = container_of(work, struct ps_data, work);
366 
367 	if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
368 		ps_control(data->hdev, PS_STATE_SLEEP);
369 	else if (data->ps_cmd == PS_CMD_EXIT_PS)
370 		ps_control(data->hdev, PS_STATE_AWAKE);
371 }
372 
ps_timeout_func(struct timer_list * t)373 static void ps_timeout_func(struct timer_list *t)
374 {
375 	struct ps_data *data = from_timer(data, t, ps_timer);
376 	struct hci_dev *hdev = data->hdev;
377 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
378 
379 	if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
380 		ps_start_timer(nxpdev);
381 	} else {
382 		data->ps_cmd = PS_CMD_ENTER_PS;
383 		schedule_work(&data->work);
384 	}
385 }
386 
ps_setup(struct hci_dev * hdev)387 static void ps_setup(struct hci_dev *hdev)
388 {
389 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
390 	struct ps_data *psdata = &nxpdev->psdata;
391 
392 	psdata->hdev = hdev;
393 	INIT_WORK(&psdata->work, ps_work_func);
394 	timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
395 }
396 
ps_wakeup(struct btnxpuart_dev * nxpdev)397 static void ps_wakeup(struct btnxpuart_dev *nxpdev)
398 {
399 	struct ps_data *psdata = &nxpdev->psdata;
400 
401 	if (psdata->ps_state != PS_STATE_AWAKE) {
402 		psdata->ps_cmd = PS_CMD_EXIT_PS;
403 		schedule_work(&psdata->work);
404 	}
405 }
406 
send_ps_cmd(struct hci_dev * hdev,void * data)407 static int send_ps_cmd(struct hci_dev *hdev, void *data)
408 {
409 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
410 	struct ps_data *psdata = &nxpdev->psdata;
411 	struct psmode_cmd_payload pcmd;
412 	struct sk_buff *skb;
413 	u8 *status;
414 
415 	if (psdata->target_ps_mode == PS_MODE_ENABLE)
416 		pcmd.ps_cmd = BT_PS_ENABLE;
417 	else
418 		pcmd.ps_cmd = BT_PS_DISABLE;
419 	pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
420 
421 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
422 	if (IS_ERR(skb)) {
423 		bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
424 		return PTR_ERR(skb);
425 	}
426 
427 	status = skb_pull_data(skb, 1);
428 	if (status) {
429 		if (!*status)
430 			psdata->cur_psmode = psdata->target_ps_mode;
431 		else
432 			psdata->target_ps_mode = psdata->cur_psmode;
433 		if (psdata->cur_psmode == PS_MODE_ENABLE)
434 			ps_start_timer(nxpdev);
435 		else
436 			ps_wakeup(nxpdev);
437 		bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
438 			   *status, psdata->cur_psmode);
439 	}
440 	kfree_skb(skb);
441 
442 	return 0;
443 }
444 
send_wakeup_method_cmd(struct hci_dev * hdev,void * data)445 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
446 {
447 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
448 	struct ps_data *psdata = &nxpdev->psdata;
449 	struct wakeup_cmd_payload pcmd;
450 	struct sk_buff *skb;
451 	u8 *status;
452 
453 	pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
454 	pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
455 	switch (psdata->h2c_wakeupmode) {
456 	case WAKEUP_METHOD_DTR:
457 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
458 		break;
459 	case WAKEUP_METHOD_BREAK:
460 	default:
461 		pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
462 		break;
463 	}
464 	pcmd.h2c_wakeup_gpio = 0xff;
465 
466 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
467 	if (IS_ERR(skb)) {
468 		bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
469 		return PTR_ERR(skb);
470 	}
471 
472 	status = skb_pull_data(skb, 1);
473 	if (status) {
474 		if (*status == 0)
475 			psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
476 		else
477 			psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
478 		bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
479 			   *status, psdata->cur_h2c_wakeupmode);
480 	}
481 	kfree_skb(skb);
482 
483 	return 0;
484 }
485 
ps_init(struct hci_dev * hdev)486 static void ps_init(struct hci_dev *hdev)
487 {
488 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
489 	struct ps_data *psdata = &nxpdev->psdata;
490 
491 	serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
492 	usleep_range(5000, 10000);
493 	serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
494 	usleep_range(5000, 10000);
495 
496 	psdata->ps_state = PS_STATE_AWAKE;
497 	psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
498 	psdata->c2h_wakeup_gpio = 0xff;
499 
500 	psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
501 	psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
502 	switch (DEFAULT_H2C_WAKEUP_MODE) {
503 	case WAKEUP_METHOD_DTR:
504 		psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
505 		serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
506 		serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
507 		break;
508 	case WAKEUP_METHOD_BREAK:
509 	default:
510 		psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
511 		serdev_device_break_ctl(nxpdev->serdev, -1);
512 		usleep_range(5000, 10000);
513 		serdev_device_break_ctl(nxpdev->serdev, 0);
514 		usleep_range(5000, 10000);
515 		break;
516 	}
517 
518 	psdata->cur_psmode = PS_MODE_DISABLE;
519 	psdata->target_ps_mode = DEFAULT_PS_MODE;
520 
521 	if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
522 		hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
523 	if (psdata->cur_psmode != psdata->target_ps_mode)
524 		hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
525 }
526 
527 /* NXP Firmware Download Feature */
nxp_download_firmware(struct hci_dev * hdev)528 static int nxp_download_firmware(struct hci_dev *hdev)
529 {
530 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
531 	int err = 0;
532 
533 	nxpdev->fw_dnld_v1_offset = 0;
534 	nxpdev->fw_v1_sent_bytes = 0;
535 	nxpdev->fw_v1_expected_len = HDR_LEN;
536 	nxpdev->boot_reg_offset = 0;
537 	nxpdev->fw_v3_offset_correction = 0;
538 	nxpdev->baudrate_changed = false;
539 	nxpdev->timeout_changed = false;
540 	nxpdev->helper_downloaded = false;
541 
542 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
543 	serdev_device_set_flow_control(nxpdev->serdev, false);
544 	nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
545 
546 	/* Wait till FW is downloaded */
547 	err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
548 					       !test_bit(BTNXPUART_FW_DOWNLOADING,
549 							 &nxpdev->tx_state),
550 					       msecs_to_jiffies(60000));
551 	if (err == 0) {
552 		bt_dev_err(hdev, "FW Download Timeout.");
553 		return -ETIMEDOUT;
554 	}
555 
556 	serdev_device_set_flow_control(nxpdev->serdev, true);
557 	release_firmware(nxpdev->fw);
558 	memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
559 
560 	/* Allow the downloaded FW to initialize */
561 	msleep(1200);
562 
563 	return 0;
564 }
565 
nxp_send_ack(u8 ack,struct hci_dev * hdev)566 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
567 {
568 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
569 	u8 ack_nak[2];
570 	int len = 1;
571 
572 	ack_nak[0] = ack;
573 	if (ack == NXP_ACK_V3) {
574 		ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
575 		len = 2;
576 	}
577 	serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
578 }
579 
nxp_fw_change_baudrate(struct hci_dev * hdev,u16 req_len)580 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
581 {
582 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
583 	struct nxp_bootloader_cmd nxp_cmd5;
584 	struct uart_config uart_config;
585 	u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
586 	u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
587 	u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
588 	u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
589 	u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
590 	u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
591 
592 	if (req_len == sizeof(nxp_cmd5)) {
593 		nxp_cmd5.header = __cpu_to_le32(5);
594 		nxp_cmd5.arg = 0;
595 		nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
596 		/* FW expects swapped CRC bytes */
597 		nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
598 						      sizeof(nxp_cmd5) - 4));
599 
600 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
601 		nxpdev->fw_v3_offset_correction += req_len;
602 	} else if (req_len == sizeof(uart_config)) {
603 		uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
604 		uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
605 		uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
606 		uart_config.uartdiv.value = __cpu_to_le32(1);
607 		uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
608 		uart_config.mcr.value = __cpu_to_le32(MCR);
609 		uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
610 		uart_config.re_init.value = __cpu_to_le32(INIT);
611 		uart_config.icr.address = __cpu_to_le32(uarticraddr);
612 		uart_config.icr.value = __cpu_to_le32(ICR);
613 		uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
614 		uart_config.fcr.value = __cpu_to_le32(FCR);
615 		/* FW expects swapped CRC bytes */
616 		uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
617 							 sizeof(uart_config) - 4));
618 
619 		serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
620 		serdev_device_wait_until_sent(nxpdev->serdev, 0);
621 		nxpdev->fw_v3_offset_correction += req_len;
622 		return true;
623 	}
624 	return false;
625 }
626 
nxp_fw_change_timeout(struct hci_dev * hdev,u16 req_len)627 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
628 {
629 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
630 	struct nxp_bootloader_cmd nxp_cmd7;
631 
632 	if (req_len != sizeof(nxp_cmd7))
633 		return false;
634 
635 	nxp_cmd7.header = __cpu_to_le32(7);
636 	nxp_cmd7.arg = __cpu_to_le32(0x70);
637 	nxp_cmd7.payload_len = 0;
638 	/* FW expects swapped CRC bytes */
639 	nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
640 					      sizeof(nxp_cmd7) - 4));
641 	serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
642 	serdev_device_wait_until_sent(nxpdev->serdev, 0);
643 	nxpdev->fw_v3_offset_correction += req_len;
644 	return true;
645 }
646 
nxp_get_data_len(const u8 * buf)647 static u32 nxp_get_data_len(const u8 *buf)
648 {
649 	struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
650 
651 	return __le32_to_cpu(hdr->payload_len);
652 }
653 
is_fw_downloading(struct btnxpuart_dev * nxpdev)654 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
655 {
656 	return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
657 }
658 
process_boot_signature(struct btnxpuart_dev * nxpdev)659 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
660 {
661 	if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
662 		clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
663 		wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
664 		return false;
665 	}
666 	return is_fw_downloading(nxpdev);
667 }
668 
nxp_request_firmware(struct hci_dev * hdev,const char * fw_name)669 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
670 {
671 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
672 	int err = 0;
673 
674 	if (!fw_name)
675 		return -ENOENT;
676 
677 	if (!strlen(nxpdev->fw_name)) {
678 		snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
679 
680 		bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
681 		err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
682 		if (err < 0) {
683 			bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
684 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
685 		}
686 	}
687 	return err;
688 }
689 
690 /* for legacy chipsets with V1 bootloader */
nxp_recv_chip_ver_v1(struct hci_dev * hdev,struct sk_buff * skb)691 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
692 {
693 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
694 	struct v1_start_ind *req;
695 	__u16 chip_id;
696 
697 	req = skb_pull_data(skb, sizeof(*req));
698 	if (!req)
699 		goto free_skb;
700 
701 	chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
702 	if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
703 		nxpdev->fw_dnld_v1_offset = 0;
704 		nxpdev->fw_v1_sent_bytes = 0;
705 		nxpdev->fw_v1_expected_len = HDR_LEN;
706 		release_firmware(nxpdev->fw);
707 		memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
708 		nxp_send_ack(NXP_ACK_V1, hdev);
709 	}
710 
711 free_skb:
712 	kfree_skb(skb);
713 	return 0;
714 }
715 
nxp_recv_fw_req_v1(struct hci_dev * hdev,struct sk_buff * skb)716 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
717 {
718 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
719 	struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
720 	struct v1_data_req *req;
721 	__u16 len;
722 
723 	if (!process_boot_signature(nxpdev))
724 		goto free_skb;
725 
726 	req = skb_pull_data(skb, sizeof(*req));
727 	if (!req)
728 		goto free_skb;
729 
730 	len = __le16_to_cpu(req->len ^ req->len_comp);
731 	if (len != 0xffff) {
732 		bt_dev_dbg(hdev, "ERR: Send NAK");
733 		nxp_send_ack(NXP_NAK_V1, hdev);
734 		goto free_skb;
735 	}
736 	nxp_send_ack(NXP_ACK_V1, hdev);
737 
738 	len = __le16_to_cpu(req->len);
739 
740 	if (!nxp_data->helper_fw_name) {
741 		if (!nxpdev->timeout_changed) {
742 			nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
743 									len);
744 			goto free_skb;
745 		}
746 		if (!nxpdev->baudrate_changed) {
747 			nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
748 									  len);
749 			if (nxpdev->baudrate_changed) {
750 				serdev_device_set_baudrate(nxpdev->serdev,
751 							   HCI_NXP_SEC_BAUDRATE);
752 				serdev_device_set_flow_control(nxpdev->serdev, true);
753 				nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
754 			}
755 			goto free_skb;
756 		}
757 	}
758 
759 	if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
760 		if (nxp_request_firmware(hdev, nxp_data->fw_name))
761 			goto free_skb;
762 	} else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
763 		if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
764 			goto free_skb;
765 	}
766 
767 	if (!len) {
768 		bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
769 			   nxpdev->fw->size);
770 		if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
771 			nxpdev->helper_downloaded = true;
772 			serdev_device_wait_until_sent(nxpdev->serdev, 0);
773 			serdev_device_set_baudrate(nxpdev->serdev,
774 						   HCI_NXP_SEC_BAUDRATE);
775 			serdev_device_set_flow_control(nxpdev->serdev, true);
776 		} else {
777 			clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
778 			wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
779 		}
780 		goto free_skb;
781 	}
782 	if (len & 0x01) {
783 		/* The CRC did not match at the other end.
784 		 * Simply send the same bytes again.
785 		 */
786 		len = nxpdev->fw_v1_sent_bytes;
787 		bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
788 	} else {
789 		nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
790 
791 		/* The FW bin file is made up of many blocks of
792 		 * 16 byte header and payload data chunks. If the
793 		 * FW has requested a header, read the payload length
794 		 * info from the header, before sending the header.
795 		 * In the next iteration, the FW should request the
796 		 * payload data chunk, which should be equal to the
797 		 * payload length read from header. If there is a
798 		 * mismatch, clearly the driver and FW are out of sync,
799 		 * and we need to re-send the previous header again.
800 		 */
801 		if (len == nxpdev->fw_v1_expected_len) {
802 			if (len == HDR_LEN)
803 				nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
804 									nxpdev->fw_dnld_v1_offset);
805 			else
806 				nxpdev->fw_v1_expected_len = HDR_LEN;
807 		} else if (len == HDR_LEN) {
808 			/* FW download out of sync. Send previous chunk again */
809 			nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
810 			nxpdev->fw_v1_expected_len = HDR_LEN;
811 		}
812 	}
813 
814 	if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
815 		serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
816 					nxpdev->fw_dnld_v1_offset, len);
817 	nxpdev->fw_v1_sent_bytes = len;
818 
819 free_skb:
820 	kfree_skb(skb);
821 	return 0;
822 }
823 
nxp_get_fw_name_from_chipid(struct hci_dev * hdev,u16 chipid,u8 loader_ver)824 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
825 					 u8 loader_ver)
826 {
827 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
828 	char *fw_name = NULL;
829 
830 	switch (chipid) {
831 	case CHIP_ID_W9098:
832 		fw_name = FIRMWARE_W9098;
833 		break;
834 	case CHIP_ID_IW416:
835 		fw_name = FIRMWARE_IW416;
836 		break;
837 	case CHIP_ID_IW612:
838 		fw_name = FIRMWARE_IW612;
839 		break;
840 	case CHIP_ID_IW624a:
841 	case CHIP_ID_IW624c:
842 		nxpdev->boot_reg_offset = 1;
843 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
844 			fw_name = FIRMWARE_IW624;
845 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
846 			fw_name = FIRMWARE_SECURE_IW624;
847 		else
848 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
849 		break;
850 	case CHIP_ID_AW693:
851 		if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
852 			fw_name = FIRMWARE_AW693;
853 		else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
854 			fw_name = FIRMWARE_SECURE_AW693;
855 		else
856 			bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
857 		break;
858 	default:
859 		bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
860 		break;
861 	}
862 	return fw_name;
863 }
864 
nxp_recv_chip_ver_v3(struct hci_dev * hdev,struct sk_buff * skb)865 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
866 {
867 	struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
868 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
869 	u16 chip_id;
870 	u8 loader_ver;
871 
872 	if (!process_boot_signature(nxpdev))
873 		goto free_skb;
874 
875 	chip_id = le16_to_cpu(req->chip_id);
876 	loader_ver = req->loader_ver;
877 	if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
878 								    chip_id, loader_ver)))
879 		nxp_send_ack(NXP_ACK_V3, hdev);
880 
881 free_skb:
882 	kfree_skb(skb);
883 	return 0;
884 }
885 
nxp_recv_fw_req_v3(struct hci_dev * hdev,struct sk_buff * skb)886 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
887 {
888 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
889 	struct v3_data_req *req;
890 	__u16 len;
891 	__u32 offset;
892 
893 	if (!process_boot_signature(nxpdev))
894 		goto free_skb;
895 
896 	req = skb_pull_data(skb, sizeof(*req));
897 	if (!req || !nxpdev->fw)
898 		goto free_skb;
899 
900 	nxp_send_ack(NXP_ACK_V3, hdev);
901 
902 	len = __le16_to_cpu(req->len);
903 
904 	if (!nxpdev->timeout_changed) {
905 		nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
906 		goto free_skb;
907 	}
908 
909 	if (!nxpdev->baudrate_changed) {
910 		nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
911 		if (nxpdev->baudrate_changed) {
912 			serdev_device_set_baudrate(nxpdev->serdev,
913 						   HCI_NXP_SEC_BAUDRATE);
914 			serdev_device_set_flow_control(nxpdev->serdev, true);
915 			nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
916 		}
917 		goto free_skb;
918 	}
919 
920 	if (req->len == 0) {
921 		bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
922 			   nxpdev->fw->size);
923 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
924 		wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
925 		goto free_skb;
926 	}
927 	if (req->error)
928 		bt_dev_dbg(hdev, "FW Download received err 0x%02x from chip",
929 			   req->error);
930 
931 	offset = __le32_to_cpu(req->offset);
932 	if (offset < nxpdev->fw_v3_offset_correction) {
933 		/* This scenario should ideally never occur. But if it ever does,
934 		 * FW is out of sync and needs a power cycle.
935 		 */
936 		bt_dev_err(hdev, "Something went wrong during FW download");
937 		bt_dev_err(hdev, "Please power cycle and try again");
938 		goto free_skb;
939 	}
940 
941 	serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + offset -
942 				nxpdev->fw_v3_offset_correction, len);
943 
944 free_skb:
945 	kfree_skb(skb);
946 	return 0;
947 }
948 
nxp_set_baudrate_cmd(struct hci_dev * hdev,void * data)949 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
950 {
951 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
952 	__le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
953 	struct ps_data *psdata = &nxpdev->psdata;
954 	struct sk_buff *skb;
955 	u8 *status;
956 
957 	if (!psdata)
958 		return 0;
959 
960 	skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
961 	if (IS_ERR(skb)) {
962 		bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
963 		return PTR_ERR(skb);
964 	}
965 
966 	status = (u8 *)skb_pull_data(skb, 1);
967 	if (status) {
968 		if (*status == 0) {
969 			serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
970 			nxpdev->current_baudrate = nxpdev->new_baudrate;
971 		}
972 		bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
973 			   *status, nxpdev->new_baudrate);
974 	}
975 	kfree_skb(skb);
976 
977 	return 0;
978 }
979 
nxp_check_boot_sign(struct btnxpuart_dev * nxpdev)980 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
981 {
982 	serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
983 	if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
984 		serdev_device_set_flow_control(nxpdev->serdev, false);
985 	else
986 		serdev_device_set_flow_control(nxpdev->serdev, true);
987 	set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
988 
989 	return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
990 					       !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
991 							 &nxpdev->tx_state),
992 					       msecs_to_jiffies(1000));
993 }
994 
nxp_set_ind_reset(struct hci_dev * hdev,void * data)995 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
996 {
997 	static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
998 					0x01, BTNXPUART_IR_HW_ERR };
999 	struct sk_buff *skb;
1000 
1001 	skb = bt_skb_alloc(3, GFP_ATOMIC);
1002 	if (!skb)
1003 		return -ENOMEM;
1004 
1005 	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1006 	skb_put_data(skb, ir_hw_err, 3);
1007 
1008 	/* Inject Hardware Error to upper stack */
1009 	return hci_recv_frame(hdev, skb);
1010 }
1011 
1012 /* NXP protocol */
nxp_setup(struct hci_dev * hdev)1013 static int nxp_setup(struct hci_dev *hdev)
1014 {
1015 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1016 	int err = 0;
1017 
1018 	if (nxp_check_boot_sign(nxpdev)) {
1019 		bt_dev_dbg(hdev, "Need FW Download.");
1020 		err = nxp_download_firmware(hdev);
1021 		if (err < 0)
1022 			return err;
1023 	} else {
1024 		bt_dev_dbg(hdev, "FW already running.");
1025 		clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1026 	}
1027 
1028 	serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1029 	nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1030 
1031 	if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1032 		nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1033 		hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1034 	}
1035 
1036 	ps_init(hdev);
1037 
1038 	if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1039 		hci_dev_clear_flag(hdev, HCI_SETUP);
1040 
1041 	return 0;
1042 }
1043 
nxp_hw_err(struct hci_dev * hdev,u8 code)1044 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1045 {
1046 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1047 
1048 	switch (code) {
1049 	case BTNXPUART_IR_HW_ERR:
1050 		set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1051 		hci_dev_set_flag(hdev, HCI_SETUP);
1052 		break;
1053 	default:
1054 		break;
1055 	}
1056 }
1057 
nxp_shutdown(struct hci_dev * hdev)1058 static int nxp_shutdown(struct hci_dev *hdev)
1059 {
1060 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1061 	struct sk_buff *skb;
1062 	u8 *status;
1063 	u8 pcmd = 0;
1064 
1065 	if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1066 		skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1067 		if (IS_ERR(skb))
1068 			return PTR_ERR(skb);
1069 
1070 		status = skb_pull_data(skb, 1);
1071 		if (status) {
1072 			serdev_device_set_flow_control(nxpdev->serdev, false);
1073 			set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1074 		}
1075 		kfree_skb(skb);
1076 	}
1077 
1078 	return 0;
1079 }
1080 
btnxpuart_queue_skb(struct hci_dev * hdev,struct sk_buff * skb)1081 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1082 {
1083 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1084 
1085 	/* Prepend skb with frame type */
1086 	memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1087 	skb_queue_tail(&nxpdev->txq, skb);
1088 	btnxpuart_tx_wakeup(nxpdev);
1089 	return 0;
1090 }
1091 
nxp_enqueue(struct hci_dev * hdev,struct sk_buff * skb)1092 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1093 {
1094 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1095 	struct ps_data *psdata = &nxpdev->psdata;
1096 	struct hci_command_hdr *hdr;
1097 	struct psmode_cmd_payload ps_parm;
1098 	struct wakeup_cmd_payload wakeup_parm;
1099 	__le32 baudrate_parm;
1100 
1101 	/* if vendor commands are received from user space (e.g. hcitool), update
1102 	 * driver flags accordingly and ask driver to re-send the command to FW.
1103 	 * In case the payload for any command does not match expected payload
1104 	 * length, let the firmware and user space program handle it, or throw
1105 	 * an error.
1106 	 */
1107 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1108 		hdr = (struct hci_command_hdr *)skb->data;
1109 		if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1110 			return btnxpuart_queue_skb(hdev, skb);
1111 
1112 		switch (__le16_to_cpu(hdr->opcode)) {
1113 		case HCI_NXP_AUTO_SLEEP_MODE:
1114 			if (hdr->plen == sizeof(ps_parm)) {
1115 				memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1116 				if (ps_parm.ps_cmd == BT_PS_ENABLE)
1117 					psdata->target_ps_mode = PS_MODE_ENABLE;
1118 				else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1119 					psdata->target_ps_mode = PS_MODE_DISABLE;
1120 				psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1121 				hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1122 				goto free_skb;
1123 			}
1124 			break;
1125 		case HCI_NXP_WAKEUP_METHOD:
1126 			if (hdr->plen == sizeof(wakeup_parm)) {
1127 				memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1128 				psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1129 				psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1130 				psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1131 				switch (wakeup_parm.h2c_wakeupmode) {
1132 				case BT_CTRL_WAKEUP_METHOD_DSR:
1133 					psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1134 					break;
1135 				case BT_CTRL_WAKEUP_METHOD_BREAK:
1136 				default:
1137 					psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1138 					break;
1139 				}
1140 				hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1141 				goto free_skb;
1142 			}
1143 			break;
1144 		case HCI_NXP_SET_OPER_SPEED:
1145 			if (hdr->plen == sizeof(baudrate_parm)) {
1146 				memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1147 				nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1148 				hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1149 				goto free_skb;
1150 			}
1151 			break;
1152 		case HCI_NXP_IND_RESET:
1153 			if (hdr->plen == 1) {
1154 				hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1155 				goto free_skb;
1156 			}
1157 			break;
1158 		default:
1159 			break;
1160 		}
1161 	}
1162 
1163 	return btnxpuart_queue_skb(hdev, skb);
1164 
1165 free_skb:
1166 	kfree_skb(skb);
1167 	return 0;
1168 }
1169 
nxp_dequeue(void * data)1170 static struct sk_buff *nxp_dequeue(void *data)
1171 {
1172 	struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1173 
1174 	ps_wakeup(nxpdev);
1175 	ps_start_timer(nxpdev);
1176 	return skb_dequeue(&nxpdev->txq);
1177 }
1178 
1179 /* btnxpuart based on serdev */
btnxpuart_tx_work(struct work_struct * work)1180 static void btnxpuart_tx_work(struct work_struct *work)
1181 {
1182 	struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1183 						   tx_work);
1184 	struct serdev_device *serdev = nxpdev->serdev;
1185 	struct hci_dev *hdev = nxpdev->hdev;
1186 	struct sk_buff *skb;
1187 	int len;
1188 
1189 	while ((skb = nxp_dequeue(nxpdev))) {
1190 		len = serdev_device_write_buf(serdev, skb->data, skb->len);
1191 		hdev->stat.byte_tx += len;
1192 
1193 		skb_pull(skb, len);
1194 		if (skb->len > 0) {
1195 			skb_queue_head(&nxpdev->txq, skb);
1196 			break;
1197 		}
1198 
1199 		switch (hci_skb_pkt_type(skb)) {
1200 		case HCI_COMMAND_PKT:
1201 			hdev->stat.cmd_tx++;
1202 			break;
1203 		case HCI_ACLDATA_PKT:
1204 			hdev->stat.acl_tx++;
1205 			break;
1206 		case HCI_SCODATA_PKT:
1207 			hdev->stat.sco_tx++;
1208 			break;
1209 		}
1210 
1211 		kfree_skb(skb);
1212 	}
1213 	clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1214 }
1215 
btnxpuart_open(struct hci_dev * hdev)1216 static int btnxpuart_open(struct hci_dev *hdev)
1217 {
1218 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1219 	int err = 0;
1220 
1221 	err = serdev_device_open(nxpdev->serdev);
1222 	if (err) {
1223 		bt_dev_err(hdev, "Unable to open UART device %s",
1224 			   dev_name(&nxpdev->serdev->dev));
1225 	} else {
1226 		set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1227 	}
1228 	return err;
1229 }
1230 
btnxpuart_close(struct hci_dev * hdev)1231 static int btnxpuart_close(struct hci_dev *hdev)
1232 {
1233 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1234 
1235 	ps_wakeup(nxpdev);
1236 	serdev_device_close(nxpdev->serdev);
1237 	clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1238 	return 0;
1239 }
1240 
btnxpuart_flush(struct hci_dev * hdev)1241 static int btnxpuart_flush(struct hci_dev *hdev)
1242 {
1243 	struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1244 
1245 	/* Flush any pending characters */
1246 	serdev_device_write_flush(nxpdev->serdev);
1247 	skb_queue_purge(&nxpdev->txq);
1248 
1249 	cancel_work_sync(&nxpdev->tx_work);
1250 
1251 	kfree_skb(nxpdev->rx_skb);
1252 	nxpdev->rx_skb = NULL;
1253 
1254 	return 0;
1255 }
1256 
1257 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1258 	{ H4_RECV_ACL,          .recv = hci_recv_frame },
1259 	{ H4_RECV_SCO,          .recv = hci_recv_frame },
1260 	{ H4_RECV_EVENT,        .recv = hci_recv_frame },
1261 	{ NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1262 	{ NXP_RECV_FW_REQ_V1,   .recv = nxp_recv_fw_req_v1 },
1263 	{ NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1264 	{ NXP_RECV_FW_REQ_V3,   .recv = nxp_recv_fw_req_v3 },
1265 };
1266 
btnxpuart_receive_buf(struct serdev_device * serdev,const u8 * data,size_t count)1267 static int btnxpuart_receive_buf(struct serdev_device *serdev, const u8 *data,
1268 				 size_t count)
1269 {
1270 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1271 
1272 	ps_start_timer(nxpdev);
1273 
1274 	nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1275 				     nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1276 	if (IS_ERR(nxpdev->rx_skb)) {
1277 		int err = PTR_ERR(nxpdev->rx_skb);
1278 		/* Safe to ignore out-of-sync bootloader signatures */
1279 		if (is_fw_downloading(nxpdev))
1280 			return count;
1281 		bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1282 		nxpdev->rx_skb = NULL;
1283 		return err;
1284 	}
1285 	if (!is_fw_downloading(nxpdev))
1286 		nxpdev->hdev->stat.byte_rx += count;
1287 	return count;
1288 }
1289 
btnxpuart_write_wakeup(struct serdev_device * serdev)1290 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1291 {
1292 	serdev_device_write_wakeup(serdev);
1293 }
1294 
1295 static const struct serdev_device_ops btnxpuart_client_ops = {
1296 	.receive_buf = btnxpuart_receive_buf,
1297 	.write_wakeup = btnxpuart_write_wakeup,
1298 };
1299 
nxp_serdev_probe(struct serdev_device * serdev)1300 static int nxp_serdev_probe(struct serdev_device *serdev)
1301 {
1302 	struct hci_dev *hdev;
1303 	struct btnxpuart_dev *nxpdev;
1304 
1305 	nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1306 	if (!nxpdev)
1307 		return -ENOMEM;
1308 
1309 	nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1310 
1311 	nxpdev->serdev = serdev;
1312 	serdev_device_set_drvdata(serdev, nxpdev);
1313 
1314 	serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1315 
1316 	INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1317 	skb_queue_head_init(&nxpdev->txq);
1318 
1319 	init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1320 	init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1321 
1322 	device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1323 				 &nxpdev->fw_init_baudrate);
1324 	if (!nxpdev->fw_init_baudrate)
1325 		nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1326 
1327 	set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1328 
1329 	crc8_populate_msb(crc8_table, POLYNOMIAL8);
1330 
1331 	/* Initialize and register HCI device */
1332 	hdev = hci_alloc_dev();
1333 	if (!hdev) {
1334 		dev_err(&serdev->dev, "Can't allocate HCI device\n");
1335 		return -ENOMEM;
1336 	}
1337 
1338 	nxpdev->hdev = hdev;
1339 
1340 	hdev->bus = HCI_UART;
1341 	hci_set_drvdata(hdev, nxpdev);
1342 
1343 	hdev->manufacturer = MANUFACTURER_NXP;
1344 	hdev->open  = btnxpuart_open;
1345 	hdev->close = btnxpuart_close;
1346 	hdev->flush = btnxpuart_flush;
1347 	hdev->setup = nxp_setup;
1348 	hdev->send  = nxp_enqueue;
1349 	hdev->hw_error = nxp_hw_err;
1350 	hdev->shutdown = nxp_shutdown;
1351 	SET_HCIDEV_DEV(hdev, &serdev->dev);
1352 
1353 	if (hci_register_dev(hdev) < 0) {
1354 		dev_err(&serdev->dev, "Can't register HCI device\n");
1355 		hci_free_dev(hdev);
1356 		return -ENODEV;
1357 	}
1358 
1359 	ps_setup(hdev);
1360 
1361 	return 0;
1362 }
1363 
nxp_serdev_remove(struct serdev_device * serdev)1364 static void nxp_serdev_remove(struct serdev_device *serdev)
1365 {
1366 	struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1367 	struct hci_dev *hdev = nxpdev->hdev;
1368 
1369 	/* Restore FW baudrate to fw_init_baudrate if changed.
1370 	 * This will ensure FW baudrate is in sync with
1371 	 * driver baudrate in case this driver is re-inserted.
1372 	 */
1373 	if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1374 		nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1375 		nxp_set_baudrate_cmd(hdev, NULL);
1376 	}
1377 
1378 	ps_cancel_timer(nxpdev);
1379 	hci_unregister_dev(hdev);
1380 	hci_free_dev(hdev);
1381 }
1382 
1383 static struct btnxpuart_data w8987_data __maybe_unused = {
1384 	.helper_fw_name = NULL,
1385 	.fw_name = FIRMWARE_W8987,
1386 };
1387 
1388 static struct btnxpuart_data w8997_data __maybe_unused = {
1389 	.helper_fw_name = FIRMWARE_HELPER,
1390 	.fw_name = FIRMWARE_W8997,
1391 };
1392 
1393 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1394 	{ .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1395 	{ .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1396 	{ }
1397 };
1398 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1399 
1400 static struct serdev_device_driver nxp_serdev_driver = {
1401 	.probe = nxp_serdev_probe,
1402 	.remove = nxp_serdev_remove,
1403 	.driver = {
1404 		.name = "btnxpuart",
1405 		.of_match_table = of_match_ptr(nxpuart_of_match_table),
1406 	},
1407 };
1408 
1409 module_serdev_device_driver(nxp_serdev_driver);
1410 
1411 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1412 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1413 MODULE_LICENSE("GPL");
1414