search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
leds: wm831x-status: fix use-after-free on unbind
[linux/fpc-iii.git] / drivers / bluetooth / hci_intel.c
blobf1299da6eed8a3b1e99767e16212d68993af1f20
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Bluetooth HCI UART driver for Intel devices
5 *
6 * Copyright (C) 2015 Intel Corporation
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/errno.h>
11 #include <linux/skbuff.h>
12 #include <linux/firmware.h>
13 #include <linux/module.h>
14 #include <linux/wait.h>
15 #include <linux/tty.h>
16 #include <linux/platform_device.h>
17 #include <linux/gpio/consumer.h>
18 #include <linux/acpi.h>
19 #include <linux/interrupt.h>
20 #include <linux/pm_runtime.h>
21
22 #include <net/bluetooth/bluetooth.h>
23 #include <net/bluetooth/hci_core.h>
24
25 #include "hci_uart.h"
26 #include "btintel.h"
27
28 #define STATE_BOOTLOADER 0
29 #define STATE_DOWNLOADING 1
30 #define STATE_FIRMWARE_LOADED 2
31 #define STATE_FIRMWARE_FAILED 3
32 #define STATE_BOOTING 4
33 #define STATE_LPM_ENABLED 5
34 #define STATE_TX_ACTIVE 6
35 #define STATE_SUSPENDED 7
36 #define STATE_LPM_TRANSACTION 8
37
38 #define HCI_LPM_WAKE_PKT 0xf0
39 #define HCI_LPM_PKT 0xf1
40 #define HCI_LPM_MAX_SIZE 10
41 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE
42
43 #define LPM_OP_TX_NOTIFY 0x00
44 #define LPM_OP_SUSPEND_ACK 0x02
45 #define LPM_OP_RESUME_ACK 0x03
46
47 #define LPM_SUSPEND_DELAY_MS 1000
48
49 struct hci_lpm_pkt {
50 __u8 opcode;
51 __u8 dlen;
52 __u8 data[];
53 } __packed;
54
55 struct intel_device {
56 struct list_head list;
57 struct platform_device *pdev;
58 struct gpio_desc *reset;
59 struct hci_uart *hu;
60 struct mutex hu_lock;
61 int irq;
62 };
63
64 static LIST_HEAD(intel_device_list);
65 static DEFINE_MUTEX(intel_device_list_lock);
66
67 struct intel_data {
68 struct sk_buff *rx_skb;
69 struct sk_buff_head txq;
70 struct work_struct busy_work;
71 struct hci_uart *hu;
72 unsigned long flags;
73 };
74
75 static u8 intel_convert_speed(unsigned int speed)
76 {
77 switch (speed) {
78 case 9600:
79 return 0x00;
80 case 19200:
81 return 0x01;
82 case 38400:
83 return 0x02;
84 case 57600:
85 return 0x03;
86 case 115200:
87 return 0x04;
88 case 230400:
89 return 0x05;
90 case 460800:
91 return 0x06;
92 case 921600:
93 return 0x07;
94 case 1843200:
95 return 0x08;
96 case 3250000:
97 return 0x09;
98 case 2000000:
99 return 0x0a;
100 case 3000000:
101 return 0x0b;
102 default:
103 return 0xff;
104 }
105 }
106
107 static int intel_wait_booting(struct hci_uart *hu)
108 {
109 struct intel_data *intel = hu->priv;
110 int err;
111
112 err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING,
113 TASK_INTERRUPTIBLE,
114 msecs_to_jiffies(1000));
115
116 if (err == -EINTR) {
117 bt_dev_err(hu->hdev, "Device boot interrupted");
118 return -EINTR;
119 }
120
121 if (err) {
122 bt_dev_err(hu->hdev, "Device boot timeout");
123 return -ETIMEDOUT;
124 }
125
126 return err;
127 }
128
129 #ifdef CONFIG_PM
130 static int intel_wait_lpm_transaction(struct hci_uart *hu)
131 {
132 struct intel_data *intel = hu->priv;
133 int err;
134
135 err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION,
136 TASK_INTERRUPTIBLE,
137 msecs_to_jiffies(1000));
138
139 if (err == -EINTR) {
140 bt_dev_err(hu->hdev, "LPM transaction interrupted");
141 return -EINTR;
142 }
143
144 if (err) {
145 bt_dev_err(hu->hdev, "LPM transaction timeout");
146 return -ETIMEDOUT;
147 }
148
149 return err;
150 }
151
152 static int intel_lpm_suspend(struct hci_uart *hu)
153 {
154 static const u8 suspend[] = { 0x01, 0x01, 0x01 };
155 struct intel_data *intel = hu->priv;
156 struct sk_buff *skb;
157
158 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
159 test_bit(STATE_SUSPENDED, &intel->flags))
160 return 0;
161
162 if (test_bit(STATE_TX_ACTIVE, &intel->flags))
163 return -EAGAIN;
164
165 bt_dev_dbg(hu->hdev, "Suspending");
166
167 skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL);
168 if (!skb) {
169 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
170 return -ENOMEM;
171 }
172
173 skb_put_data(skb, suspend, sizeof(suspend));
174 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
175
176 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
177
178 /* LPM flow is a priority, enqueue packet at list head */
179 skb_queue_head(&intel->txq, skb);
180 hci_uart_tx_wakeup(hu);
181
182 intel_wait_lpm_transaction(hu);
183 /* Even in case of failure, continue and test the suspended flag */
184
185 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
186
187 if (!test_bit(STATE_SUSPENDED, &intel->flags)) {
188 bt_dev_err(hu->hdev, "Device suspend error");
189 return -EINVAL;
190 }
191
192 bt_dev_dbg(hu->hdev, "Suspended");
193
194 hci_uart_set_flow_control(hu, true);
195
196 return 0;
197 }
198
199 static int intel_lpm_resume(struct hci_uart *hu)
200 {
201 struct intel_data *intel = hu->priv;
202 struct sk_buff *skb;
203
204 if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
205 !test_bit(STATE_SUSPENDED, &intel->flags))
206 return 0;
207
208 bt_dev_dbg(hu->hdev, "Resuming");
209
210 hci_uart_set_flow_control(hu, false);
211
212 skb = bt_skb_alloc(0, GFP_KERNEL);
213 if (!skb) {
214 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
215 return -ENOMEM;
216 }
217
218 hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT;
219
220 set_bit(STATE_LPM_TRANSACTION, &intel->flags);
221
222 /* LPM flow is a priority, enqueue packet at list head */
223 skb_queue_head(&intel->txq, skb);
224 hci_uart_tx_wakeup(hu);
225
226 intel_wait_lpm_transaction(hu);
227 /* Even in case of failure, continue and test the suspended flag */
228
229 clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
230
231 if (test_bit(STATE_SUSPENDED, &intel->flags)) {
232 bt_dev_err(hu->hdev, "Device resume error");
233 return -EINVAL;
234 }
235
236 bt_dev_dbg(hu->hdev, "Resumed");
237
238 return 0;
239 }
240 #endif /* CONFIG_PM */
241
242 static int intel_lpm_host_wake(struct hci_uart *hu)
243 {
244 static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 };
245 struct intel_data *intel = hu->priv;
246 struct sk_buff *skb;
247
248 hci_uart_set_flow_control(hu, false);
249
250 clear_bit(STATE_SUSPENDED, &intel->flags);
251
252 skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL);
253 if (!skb) {
254 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
255 return -ENOMEM;
256 }
257
258 skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack));
259 hci_skb_pkt_type(skb) = HCI_LPM_PKT;
260
261 /* LPM flow is a priority, enqueue packet at list head */
262 skb_queue_head(&intel->txq, skb);
263 hci_uart_tx_wakeup(hu);
264
265 bt_dev_dbg(hu->hdev, "Resumed by controller");
266
267 return 0;
268 }
269
270 static irqreturn_t intel_irq(int irq, void *dev_id)
271 {
272 struct intel_device *idev = dev_id;
273
274 dev_info(&idev->pdev->dev, "hci_intel irq\n");
275
276 mutex_lock(&idev->hu_lock);
277 if (idev->hu)
278 intel_lpm_host_wake(idev->hu);
279 mutex_unlock(&idev->hu_lock);
280
281 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */
282 pm_runtime_get(&idev->pdev->dev);
283 pm_runtime_mark_last_busy(&idev->pdev->dev);
284 pm_runtime_put_autosuspend(&idev->pdev->dev);
285
286 return IRQ_HANDLED;
287 }
288
289 static int intel_set_power(struct hci_uart *hu, bool powered)
290 {
291 struct list_head *p;
292 int err = -ENODEV;
293
294 if (!hu->tty->dev)
295 return err;
296
297 mutex_lock(&intel_device_list_lock);
298
299 list_for_each(p, &intel_device_list) {
300 struct intel_device *idev = list_entry(p, struct intel_device,
301 list);
302
303 /* tty device and pdev device should share the same parent
304 * which is the UART port.
305 */
306 if (hu->tty->dev->parent != idev->pdev->dev.parent)
307 continue;
308
309 if (!idev->reset) {
310 err = -ENOTSUPP;
311 break;
312 }
313
314 BT_INFO("hu %p, Switching compatible pm device (%s) to %u",
315 hu, dev_name(&idev->pdev->dev), powered);
316
317 gpiod_set_value(idev->reset, powered);
318
319 /* Provide to idev a hu reference which is used to run LPM
320 * transactions (lpm suspend/resume) from PM callbacks.
321 * hu needs to be protected against concurrent removing during
322 * these PM ops.
323 */
324 mutex_lock(&idev->hu_lock);
325 idev->hu = powered ? hu : NULL;
326 mutex_unlock(&idev->hu_lock);
327
328 if (idev->irq < 0)
329 break;
330
331 if (powered && device_can_wakeup(&idev->pdev->dev)) {
332 err = devm_request_threaded_irq(&idev->pdev->dev,
333 idev->irq, NULL,
334 intel_irq,
335 IRQF_ONESHOT,
336 "bt-host-wake", idev);
337 if (err) {
338 BT_ERR("hu %p, unable to allocate irq-%d",
339 hu, idev->irq);
340 break;
341 }
342
343 device_wakeup_enable(&idev->pdev->dev);
344
345 pm_runtime_set_active(&idev->pdev->dev);
346 pm_runtime_use_autosuspend(&idev->pdev->dev);
347 pm_runtime_set_autosuspend_delay(&idev->pdev->dev,
348 LPM_SUSPEND_DELAY_MS);
349 pm_runtime_enable(&idev->pdev->dev);
350 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) {
351 devm_free_irq(&idev->pdev->dev, idev->irq, idev);
352 device_wakeup_disable(&idev->pdev->dev);
353
354 pm_runtime_disable(&idev->pdev->dev);
355 }
356 }
357
358 mutex_unlock(&intel_device_list_lock);
359
360 return err;
361 }
362
363 static void intel_busy_work(struct work_struct *work)
364 {
365 struct list_head *p;
366 struct intel_data *intel = container_of(work, struct intel_data,
367 busy_work);
368
369 if (!intel->hu->tty->dev)
370 return;
371
372 /* Link is busy, delay the suspend */
373 mutex_lock(&intel_device_list_lock);
374 list_for_each(p, &intel_device_list) {
375 struct intel_device *idev = list_entry(p, struct intel_device,
376 list);
377
378 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
379 pm_runtime_get(&idev->pdev->dev);
380 pm_runtime_mark_last_busy(&idev->pdev->dev);
381 pm_runtime_put_autosuspend(&idev->pdev->dev);
382 break;
383 }
384 }
385 mutex_unlock(&intel_device_list_lock);
386 }
387
388 static int intel_open(struct hci_uart *hu)
389 {
390 struct intel_data *intel;
391
392 BT_DBG("hu %p", hu);
393
394 if (!hci_uart_has_flow_control(hu))
395 return -EOPNOTSUPP;
396
397 intel = kzalloc(sizeof(*intel), GFP_KERNEL);
398 if (!intel)
399 return -ENOMEM;
400
401 skb_queue_head_init(&intel->txq);
402 INIT_WORK(&intel->busy_work, intel_busy_work);
403
404 intel->hu = hu;
405
406 hu->priv = intel;
407
408 if (!intel_set_power(hu, true))
409 set_bit(STATE_BOOTING, &intel->flags);
410
411 return 0;
412 }
413
414 static int intel_close(struct hci_uart *hu)
415 {
416 struct intel_data *intel = hu->priv;
417
418 BT_DBG("hu %p", hu);
419
420 cancel_work_sync(&intel->busy_work);
421
422 intel_set_power(hu, false);
423
424 skb_queue_purge(&intel->txq);
425 kfree_skb(intel->rx_skb);
426 kfree(intel);
427
428 hu->priv = NULL;
429 return 0;
430 }
431
432 static int intel_flush(struct hci_uart *hu)
433 {
434 struct intel_data *intel = hu->priv;
435
436 BT_DBG("hu %p", hu);
437
438 skb_queue_purge(&intel->txq);
439
440 return 0;
441 }
442
443 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
444 {
445 struct sk_buff *skb;
446 struct hci_event_hdr *hdr;
447 struct hci_ev_cmd_complete *evt;
448
449 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
450 if (!skb)
451 return -ENOMEM;
452
453 hdr = skb_put(skb, sizeof(*hdr));
454 hdr->evt = HCI_EV_CMD_COMPLETE;
455 hdr->plen = sizeof(*evt) + 1;
456
457 evt = skb_put(skb, sizeof(*evt));
458 evt->ncmd = 0x01;
459 evt->opcode = cpu_to_le16(opcode);
460
461 skb_put_u8(skb, 0x00);
462
463 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
464
465 return hci_recv_frame(hdev, skb);
466 }
467
468 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed)
469 {
470 struct intel_data *intel = hu->priv;
471 struct hci_dev *hdev = hu->hdev;
472 u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 };
473 struct sk_buff *skb;
474 int err;
475
476 /* This can be the first command sent to the chip, check
477 * that the controller is ready.
478 */
479 err = intel_wait_booting(hu);
480
481 clear_bit(STATE_BOOTING, &intel->flags);
482
483 /* In case of timeout, try to continue anyway */
484 if (err && err != -ETIMEDOUT)
485 return err;
486
487 bt_dev_info(hdev, "Change controller speed to %d", speed);
488
489 speed_cmd[3] = intel_convert_speed(speed);
490 if (speed_cmd[3] == 0xff) {
491 bt_dev_err(hdev, "Unsupported speed");
492 return -EINVAL;
493 }
494
495 /* Device will not accept speed change if Intel version has not been
496 * previously requested.
497 */
498 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
499 if (IS_ERR(skb)) {
500 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
501 PTR_ERR(skb));
502 return PTR_ERR(skb);
503 }
504 kfree_skb(skb);
505
506 skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL);
507 if (!skb) {
508 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet");
509 return -ENOMEM;
510 }
511
512 skb_put_data(skb, speed_cmd, sizeof(speed_cmd));
513 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
514
515 hci_uart_set_flow_control(hu, true);
516
517 skb_queue_tail(&intel->txq, skb);
518 hci_uart_tx_wakeup(hu);
519
520 /* wait 100ms to change baudrate on controller side */
521 msleep(100);
522
523 hci_uart_set_baudrate(hu, speed);
524 hci_uart_set_flow_control(hu, false);
525
526 return 0;
527 }
528
529 static int intel_setup(struct hci_uart *hu)
530 {
531 struct intel_data *intel = hu->priv;
532 struct hci_dev *hdev = hu->hdev;
533 struct sk_buff *skb;
534 struct intel_version ver;
535 struct intel_boot_params params;
536 struct list_head *p;
537 const struct firmware *fw;
538 char fwname[64];
539 u32 boot_param;
540 ktime_t calltime, delta, rettime;
541 unsigned long long duration;
542 unsigned int init_speed, oper_speed;
543 int speed_change = 0;
544 int err;
545
546 bt_dev_dbg(hdev, "start intel_setup");
547
548 hu->hdev->set_diag = btintel_set_diag;
549 hu->hdev->set_bdaddr = btintel_set_bdaddr;
550
551 /* Set the default boot parameter to 0x0 and it is updated to
552 * SKU specific boot parameter after reading Intel_Write_Boot_Params
553 * command while downloading the firmware.
554 */
555 boot_param = 0x00000000;
556
557 calltime = ktime_get();
558
559 if (hu->init_speed)
560 init_speed = hu->init_speed;
561 else
562 init_speed = hu->proto->init_speed;
563
564 if (hu->oper_speed)
565 oper_speed = hu->oper_speed;
566 else
567 oper_speed = hu->proto->oper_speed;
568
569 if (oper_speed && init_speed && oper_speed != init_speed)
570 speed_change = 1;
571
572 /* Check that the controller is ready */
573 err = intel_wait_booting(hu);
574
575 clear_bit(STATE_BOOTING, &intel->flags);
576
577 /* In case of timeout, try to continue anyway */
578 if (err && err != -ETIMEDOUT)
579 return err;
580
581 set_bit(STATE_BOOTLOADER, &intel->flags);
582
583 /* Read the Intel version information to determine if the device
584 * is in bootloader mode or if it already has operational firmware
585 * loaded.
586 */
587 err = btintel_read_version(hdev, &ver);
588 if (err)
589 return err;
590
591 /* The hardware platform number has a fixed value of 0x37 and
592 * for now only accept this single value.
593 */
594 if (ver.hw_platform != 0x37) {
595 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
596 ver.hw_platform);
597 return -EINVAL;
598 }
599
600 /* Check for supported iBT hardware variants of this firmware
601 * loading method.
602 *
603 * This check has been put in place to ensure correct forward
604 * compatibility options when newer hardware variants come along.
605 */
606 switch (ver.hw_variant) {
607 case 0x0b: /* LnP */
608 case 0x0c: /* WsP */
609 case 0x12: /* ThP */
610 break;
611 default:
612 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
613 ver.hw_variant);
614 return -EINVAL;
615 }
616
617 btintel_version_info(hdev, &ver);
618
619 /* The firmware variant determines if the device is in bootloader
620 * mode or is running operational firmware. The value 0x06 identifies
621 * the bootloader and the value 0x23 identifies the operational
622 * firmware.
623 *
624 * When the operational firmware is already present, then only
625 * the check for valid Bluetooth device address is needed. This
626 * determines if the device will be added as configured or
627 * unconfigured controller.
628 *
629 * It is not possible to use the Secure Boot Parameters in this
630 * case since that command is only available in bootloader mode.
631 */
632 if (ver.fw_variant == 0x23) {
633 clear_bit(STATE_BOOTLOADER, &intel->flags);
634 btintel_check_bdaddr(hdev);
635 return 0;
636 }
637
638 /* If the device is not in bootloader mode, then the only possible
639 * choice is to return an error and abort the device initialization.
640 */
641 if (ver.fw_variant != 0x06) {
642 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
643 ver.fw_variant);
644 return -ENODEV;
645 }
646
647 /* Read the secure boot parameters to identify the operating
648 * details of the bootloader.
649 */
650 err = btintel_read_boot_params(hdev, &params);
651 if (err)
652 return err;
653
654 /* It is required that every single firmware fragment is acknowledged
655 * with a command complete event. If the boot parameters indicate
656 * that this bootloader does not send them, then abort the setup.
657 */
658 if (params.limited_cce != 0x00) {
659 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
660 params.limited_cce);
661 return -EINVAL;
662 }
663
664 /* If the OTP has no valid Bluetooth device address, then there will
665 * also be no valid address for the operational firmware.
666 */
667 if (!bacmp(&params.otp_bdaddr, BDADDR_ANY)) {
668 bt_dev_info(hdev, "No device address configured");
669 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
670 }
671
672 /* With this Intel bootloader only the hardware variant and device
673 * revision information are used to select the right firmware for SfP
674 * and WsP.
675 *
676 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
677 *
678 * Currently the supported hardware variants are:
679 * 11 (0x0b) for iBT 3.0 (LnP/SfP)
680 * 12 (0x0c) for iBT 3.5 (WsP)
681 *
682 * For ThP/JfP and for future SKU's, the FW name varies based on HW
683 * variant, HW revision and FW revision, as these are dependent on CNVi
684 * and RF Combination.
685 *
686 * 18 (0x12) for iBT3.5 (ThP/JfP)
687 *
688 * The firmware file name for these will be
689 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
690 *
691 */
692 switch (ver.hw_variant) {
693 case 0x0b: /* SfP */
694 case 0x0c: /* WsP */
695 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
696 le16_to_cpu(ver.hw_variant),
697 le16_to_cpu(params.dev_revid));
698 break;
699 case 0x12: /* ThP */
700 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
701 le16_to_cpu(ver.hw_variant),
702 le16_to_cpu(ver.hw_revision),
703 le16_to_cpu(ver.fw_revision));
704 break;
705 default:
706 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
707 ver.hw_variant);
708 return -EINVAL;
709 }
710
711 err = request_firmware(&fw, fwname, &hdev->dev);
712 if (err < 0) {
713 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
714 err);
715 return err;
716 }
717
718 bt_dev_info(hdev, "Found device firmware: %s", fwname);
719
720 /* Save the DDC file name for later */
721 switch (ver.hw_variant) {
722 case 0x0b: /* SfP */
723 case 0x0c: /* WsP */
724 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
725 le16_to_cpu(ver.hw_variant),
726 le16_to_cpu(params.dev_revid));
727 break;
728 case 0x12: /* ThP */
729 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
730 le16_to_cpu(ver.hw_variant),
731 le16_to_cpu(ver.hw_revision),
732 le16_to_cpu(ver.fw_revision));
733 break;
734 default:
735 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
736 ver.hw_variant);
737 return -EINVAL;
738 }
739
740 if (fw->size < 644) {
741 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
742 fw->size);
743 err = -EBADF;
744 goto done;
745 }
746
747 set_bit(STATE_DOWNLOADING, &intel->flags);
748
749 /* Start firmware downloading and get boot parameter */
750 err = btintel_download_firmware(hdev, fw, &boot_param);
751 if (err < 0)
752 goto done;
753
754 set_bit(STATE_FIRMWARE_LOADED, &intel->flags);
755
756 bt_dev_info(hdev, "Waiting for firmware download to complete");
757
758 /* Before switching the device into operational mode and with that
759 * booting the loaded firmware, wait for the bootloader notification
760 * that all fragments have been successfully received.
761 *
762 * When the event processing receives the notification, then the
763 * STATE_DOWNLOADING flag will be cleared.
764 *
765 * The firmware loading should not take longer than 5 seconds
766 * and thus just timeout if that happens and fail the setup
767 * of this device.
768 */
769 err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING,
770 TASK_INTERRUPTIBLE,
771 msecs_to_jiffies(5000));
772 if (err == -EINTR) {
773 bt_dev_err(hdev, "Firmware loading interrupted");
774 err = -EINTR;
775 goto done;
776 }
777
778 if (err) {
779 bt_dev_err(hdev, "Firmware loading timeout");
780 err = -ETIMEDOUT;
781 goto done;
782 }
783
784 if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) {
785 bt_dev_err(hdev, "Firmware loading failed");
786 err = -ENOEXEC;
787 goto done;
788 }
789
790 rettime = ktime_get();
791 delta = ktime_sub(rettime, calltime);
792 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
793
794 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
795
796 done:
797 release_firmware(fw);
798
799 if (err < 0)
800 return err;
801
802 /* We need to restore the default speed before Intel reset */
803 if (speed_change) {
804 err = intel_set_baudrate(hu, init_speed);
805 if (err)
806 return err;
807 }
808
809 calltime = ktime_get();
810
811 set_bit(STATE_BOOTING, &intel->flags);
812
813 err = btintel_send_intel_reset(hdev, boot_param);
814 if (err)
815 return err;
816
817 /* The bootloader will not indicate when the device is ready. This
818 * is done by the operational firmware sending bootup notification.
819 *
820 * Booting into operational firmware should not take longer than
821 * 1 second. However if that happens, then just fail the setup
822 * since something went wrong.
823 */
824 bt_dev_info(hdev, "Waiting for device to boot");
825
826 err = intel_wait_booting(hu);
827 if (err)
828 return err;
829
830 clear_bit(STATE_BOOTING, &intel->flags);
831
832 rettime = ktime_get();
833 delta = ktime_sub(rettime, calltime);
834 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
835
836 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
837
838 /* Enable LPM if matching pdev with wakeup enabled, set TX active
839 * until further LPM TX notification.
840 */
841 mutex_lock(&intel_device_list_lock);
842 list_for_each(p, &intel_device_list) {
843 struct intel_device *dev = list_entry(p, struct intel_device,
844 list);
845 if (!hu->tty->dev)
846 break;
847 if (hu->tty->dev->parent == dev->pdev->dev.parent) {
848 if (device_may_wakeup(&dev->pdev->dev)) {
849 set_bit(STATE_LPM_ENABLED, &intel->flags);
850 set_bit(STATE_TX_ACTIVE, &intel->flags);
851 }
852 break;
853 }
854 }
855 mutex_unlock(&intel_device_list_lock);
856
857 /* Ignore errors, device can work without DDC parameters */
858 btintel_load_ddc_config(hdev, fwname);
859
860 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
861 if (IS_ERR(skb))
862 return PTR_ERR(skb);
863 kfree_skb(skb);
864
865 if (speed_change) {
866 err = intel_set_baudrate(hu, oper_speed);
867 if (err)
868 return err;
869 }
870
871 bt_dev_info(hdev, "Setup complete");
872
873 clear_bit(STATE_BOOTLOADER, &intel->flags);
874
875 return 0;
876 }
877
878 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
879 {
880 struct hci_uart *hu = hci_get_drvdata(hdev);
881 struct intel_data *intel = hu->priv;
882 struct hci_event_hdr *hdr;
883
884 if (!test_bit(STATE_BOOTLOADER, &intel->flags) &&
885 !test_bit(STATE_BOOTING, &intel->flags))
886 goto recv;
887
888 hdr = (void *)skb->data;
889
890 /* When the firmware loading completes the device sends
891 * out a vendor specific event indicating the result of
892 * the firmware loading.
893 */
894 if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
895 skb->data[2] == 0x06) {
896 if (skb->data[3] != 0x00)
897 set_bit(STATE_FIRMWARE_FAILED, &intel->flags);
898
899 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) &&
900 test_bit(STATE_FIRMWARE_LOADED, &intel->flags))
901 wake_up_bit(&intel->flags, STATE_DOWNLOADING);
902
903 /* When switching to the operational firmware the device
904 * sends a vendor specific event indicating that the bootup
905 * completed.
906 */
907 } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
908 skb->data[2] == 0x02) {
909 if (test_and_clear_bit(STATE_BOOTING, &intel->flags))
910 wake_up_bit(&intel->flags, STATE_BOOTING);
911 }
912 recv:
913 return hci_recv_frame(hdev, skb);
914 }
915
916 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value)
917 {
918 struct hci_uart *hu = hci_get_drvdata(hdev);
919 struct intel_data *intel = hu->priv;
920
921 bt_dev_dbg(hdev, "TX idle notification (%d)", value);
922
923 if (value) {
924 set_bit(STATE_TX_ACTIVE, &intel->flags);
925 schedule_work(&intel->busy_work);
926 } else {
927 clear_bit(STATE_TX_ACTIVE, &intel->flags);
928 }
929 }
930
931 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb)
932 {
933 struct hci_lpm_pkt *lpm = (void *)skb->data;
934 struct hci_uart *hu = hci_get_drvdata(hdev);
935 struct intel_data *intel = hu->priv;
936
937 switch (lpm->opcode) {
938 case LPM_OP_TX_NOTIFY:
939 if (lpm->dlen < 1) {
940 bt_dev_err(hu->hdev, "Invalid LPM notification packet");
941 break;
942 }
943 intel_recv_lpm_notify(hdev, lpm->data[0]);
944 break;
945 case LPM_OP_SUSPEND_ACK:
946 set_bit(STATE_SUSPENDED, &intel->flags);
947 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags))
948 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
949 break;
950 case LPM_OP_RESUME_ACK:
951 clear_bit(STATE_SUSPENDED, &intel->flags);
952 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags))
953 wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
954 break;
955 default:
956 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode);
957 break;
958 }
959
960 kfree_skb(skb);
961
962 return 0;
963 }
964
965 #define INTEL_RECV_LPM \
966 .type = HCI_LPM_PKT, \
967 .hlen = HCI_LPM_HDR_SIZE, \
968 .loff = 1, \
969 .lsize = 1, \
970 .maxlen = HCI_LPM_MAX_SIZE
971
972 static const struct h4_recv_pkt intel_recv_pkts[] = {
973 { H4_RECV_ACL, .recv = hci_recv_frame },
974 { H4_RECV_SCO, .recv = hci_recv_frame },
975 { H4_RECV_EVENT, .recv = intel_recv_event },
976 { INTEL_RECV_LPM, .recv = intel_recv_lpm },
977 };
978
979 static int intel_recv(struct hci_uart *hu, const void *data, int count)
980 {
981 struct intel_data *intel = hu->priv;
982
983 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
984 return -EUNATCH;
985
986 intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count,
987 intel_recv_pkts,
988 ARRAY_SIZE(intel_recv_pkts));
989 if (IS_ERR(intel->rx_skb)) {
990 int err = PTR_ERR(intel->rx_skb);
991 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
992 intel->rx_skb = NULL;
993 return err;
994 }
995
996 return count;
997 }
998
999 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
1000 {
1001 struct intel_data *intel = hu->priv;
1002 struct list_head *p;
1003
1004 BT_DBG("hu %p skb %p", hu, skb);
1005
1006 if (!hu->tty->dev)
1007 goto out_enqueue;
1008
1009 /* Be sure our controller is resumed and potential LPM transaction
1010 * completed before enqueuing any packet.
1011 */
1012 mutex_lock(&intel_device_list_lock);
1013 list_for_each(p, &intel_device_list) {
1014 struct intel_device *idev = list_entry(p, struct intel_device,
1015 list);
1016
1017 if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1018 pm_runtime_get_sync(&idev->pdev->dev);
1019 pm_runtime_mark_last_busy(&idev->pdev->dev);
1020 pm_runtime_put_autosuspend(&idev->pdev->dev);
1021 break;
1022 }
1023 }
1024 mutex_unlock(&intel_device_list_lock);
1025 out_enqueue:
1026 skb_queue_tail(&intel->txq, skb);
1027
1028 return 0;
1029 }
1030
1031 static struct sk_buff *intel_dequeue(struct hci_uart *hu)
1032 {
1033 struct intel_data *intel = hu->priv;
1034 struct sk_buff *skb;
1035
1036 skb = skb_dequeue(&intel->txq);
1037 if (!skb)
1038 return skb;
1039
1040 if (test_bit(STATE_BOOTLOADER, &intel->flags) &&
1041 (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) {
1042 struct hci_command_hdr *cmd = (void *)skb->data;
1043 __u16 opcode = le16_to_cpu(cmd->opcode);
1044
1045 /* When the 0xfc01 command is issued to boot into
1046 * the operational firmware, it will actually not
1047 * send a command complete event. To keep the flow
1048 * control working inject that event here.
1049 */
1050 if (opcode == 0xfc01)
1051 inject_cmd_complete(hu->hdev, opcode);
1052 }
1053
1054 /* Prepend skb with frame type */
1055 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1056
1057 return skb;
1058 }
1059
1060 static const struct hci_uart_proto intel_proto = {
1061 .id = HCI_UART_INTEL,
1062 .name = "Intel",
1063 .manufacturer = 2,
1064 .init_speed = 115200,
1065 .oper_speed = 3000000,
1066 .open = intel_open,
1067 .close = intel_close,
1068 .flush = intel_flush,
1069 .setup = intel_setup,
1070 .set_baudrate = intel_set_baudrate,
1071 .recv = intel_recv,
1072 .enqueue = intel_enqueue,
1073 .dequeue = intel_dequeue,
1074 };
1075
1076 #ifdef CONFIG_ACPI
1077 static const struct acpi_device_id intel_acpi_match[] = {
1078 { "INT33E1", 0 },
1079 { },
1080 };
1081 MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1082 #endif
1083
1084 #ifdef CONFIG_PM
1085 static int intel_suspend_device(struct device *dev)
1086 {
1087 struct intel_device *idev = dev_get_drvdata(dev);
1088
1089 mutex_lock(&idev->hu_lock);
1090 if (idev->hu)
1091 intel_lpm_suspend(idev->hu);
1092 mutex_unlock(&idev->hu_lock);
1093
1094 return 0;
1095 }
1096
1097 static int intel_resume_device(struct device *dev)
1098 {
1099 struct intel_device *idev = dev_get_drvdata(dev);
1100
1101 mutex_lock(&idev->hu_lock);
1102 if (idev->hu)
1103 intel_lpm_resume(idev->hu);
1104 mutex_unlock(&idev->hu_lock);
1105
1106 return 0;
1107 }
1108 #endif
1109
1110 #ifdef CONFIG_PM_SLEEP
1111 static int intel_suspend(struct device *dev)
1112 {
1113 struct intel_device *idev = dev_get_drvdata(dev);
1114
1115 if (device_may_wakeup(dev))
1116 enable_irq_wake(idev->irq);
1117
1118 return intel_suspend_device(dev);
1119 }
1120
1121 static int intel_resume(struct device *dev)
1122 {
1123 struct intel_device *idev = dev_get_drvdata(dev);
1124
1125 if (device_may_wakeup(dev))
1126 disable_irq_wake(idev->irq);
1127
1128 return intel_resume_device(dev);
1129 }
1130 #endif
1131
1132 static const struct dev_pm_ops intel_pm_ops = {
1133 SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume)
1134 SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL)
1135 };
1136
1137 static const struct acpi_gpio_params reset_gpios = { 0, 0, false };
1138 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false };
1139
1140 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = {
1141 { "reset-gpios", &reset_gpios, 1 },
1142 { "host-wake-gpios", &host_wake_gpios, 1 },
1143 { },
1144 };
1145
1146 static int intel_probe(struct platform_device *pdev)
1147 {
1148 struct intel_device *idev;
1149 int ret;
1150
1151 idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL);
1152 if (!idev)
1153 return -ENOMEM;
1154
1155 mutex_init(&idev->hu_lock);
1156
1157 idev->pdev = pdev;
1158
1159 ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios);
1160 if (ret)
1161 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n");
1162
1163 idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
1164 if (IS_ERR(idev->reset)) {
1165 dev_err(&pdev->dev, "Unable to retrieve gpio\n");
1166 return PTR_ERR(idev->reset);
1167 }
1168
1169 idev->irq = platform_get_irq(pdev, 0);
1170 if (idev->irq < 0) {
1171 struct gpio_desc *host_wake;
1172
1173 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
1174
1175 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
1176 if (IS_ERR(host_wake)) {
1177 dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
1178 goto no_irq;
1179 }
1180
1181 idev->irq = gpiod_to_irq(host_wake);
1182 if (idev->irq < 0) {
1183 dev_err(&pdev->dev, "No corresponding irq for gpio\n");
1184 goto no_irq;
1185 }
1186 }
1187
1188 /* Only enable wake-up/irq when controller is powered */
1189 device_set_wakeup_capable(&pdev->dev, true);
1190 device_wakeup_disable(&pdev->dev);
1191
1192 no_irq:
1193 platform_set_drvdata(pdev, idev);
1194
1195 /* Place this instance on the device list */
1196 mutex_lock(&intel_device_list_lock);
1197 list_add_tail(&idev->list, &intel_device_list);
1198 mutex_unlock(&intel_device_list_lock);
1199
1200 dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n",
1201 desc_to_gpio(idev->reset), idev->irq);
1202
1203 return 0;
1204 }
1205
1206 static int intel_remove(struct platform_device *pdev)
1207 {
1208 struct intel_device *idev = platform_get_drvdata(pdev);
1209
1210 device_wakeup_disable(&pdev->dev);
1211
1212 mutex_lock(&intel_device_list_lock);
1213 list_del(&idev->list);
1214 mutex_unlock(&intel_device_list_lock);
1215
1216 dev_info(&pdev->dev, "unregistered.\n");
1217
1218 return 0;
1219 }
1220
1221 static struct platform_driver intel_driver = {
1222 .probe = intel_probe,
1223 .remove = intel_remove,
1224 .driver = {
1225 .name = "hci_intel",
1226 .acpi_match_table = ACPI_PTR(intel_acpi_match),
1227 .pm = &intel_pm_ops,
1228 },
1229 };
1230
1231 int __init intel_init(void)
1232 {
1233 platform_driver_register(&intel_driver);
1234
1235 return hci_uart_register_proto(&intel_proto);
1236 }
1237
1238 int __exit intel_deinit(void)
1239 {
1240 platform_driver_unregister(&intel_driver);
1241
1242 return hci_uart_unregister_proto(&intel_proto);
1243 }
Linux with added FPC-III support