drivers/bluetooth/btnxpuart.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *  NXP Bluetooth driver
   4  *  Copyright 2023 NXP
   5  */
   6
   7 #include <linux/module.h>
   8 #include <linux/kernel.h>
   9
  10 #include <linux/serdev.h>
  11 #include <linux/of.h>
  12 #include <linux/skbuff.h>
  13 #include <asm/unaligned.h>
  14 #include <linux/firmware.h>
  15 #include <linux/string.h>
  16 #include <linux/crc8.h>
  17 #include <linux/crc32.h>
  18 #include <linux/string_helpers.h>
  19
  20 #include <net/bluetooth/bluetooth.h>
  21 #include <net/bluetooth/hci_core.h>
  22
  23 #include "h4_recv.h"
  24
  25 #define MANUFACTURER_NXP                37
  26
  27 #define BTNXPUART_TX_STATE_ACTIVE       1
  28 #define BTNXPUART_FW_DOWNLOADING        2
  29 #define BTNXPUART_CHECK_BOOT_SIGNATURE  3
  30 #define BTNXPUART_SERDEV_OPEN           4
  31 #define BTNXPUART_IR_IN_PROGRESS        5
  32
  33 /* NXP HW err codes */
  34 #define BTNXPUART_IR_HW_ERR             0xb0
  35
  36 #define FIRMWARE_W8987          "nxp/uartuart8987_bt.bin"
  37 #define FIRMWARE_W8997          "nxp/uartuart8997_bt_v4.bin"
  38 #define FIRMWARE_W9098          "nxp/uartuart9098_bt_v1.bin"
  39 #define FIRMWARE_IW416          "nxp/uartiw416_bt_v0.bin"
  40 #define FIRMWARE_IW612          "nxp/uartspi_n61x_v1.bin.se"
  41 #define FIRMWARE_IW624          "nxp/uartiw624_bt.bin"
  42 #define FIRMWARE_SECURE_IW624   "nxp/uartiw624_bt.bin.se"
  43 #define FIRMWARE_AW693          "nxp/uartaw693_bt.bin"
  44 #define FIRMWARE_SECURE_AW693   "nxp/uartaw693_bt.bin.se"
  45 #define FIRMWARE_HELPER         "nxp/helper_uart_3000000.bin"
  46
  47 #define CHIP_ID_W9098           0x5c03
  48 #define CHIP_ID_IW416           0x7201
  49 #define CHIP_ID_IW612           0x7601
  50 #define CHIP_ID_IW624a          0x8000
  51 #define CHIP_ID_IW624c          0x8001
  52 #define CHIP_ID_AW693           0x8200
  53
  54 #define FW_SECURE_MASK          0xc0
  55 #define FW_OPEN                 0x00
  56 #define FW_AUTH_ILLEGAL         0x40
  57 #define FW_AUTH_PLAIN           0x80
  58 #define FW_AUTH_ENC             0xc0
  59
  60 #define HCI_NXP_PRI_BAUDRATE    115200
  61 #define HCI_NXP_SEC_BAUDRATE    3000000
  62
  63 #define MAX_FW_FILE_NAME_LEN    50
  64
  65 /* Default ps timeout period in milliseconds */
  66 #define PS_DEFAULT_TIMEOUT_PERIOD_MS     2000
  67
  68 /* wakeup methods */
  69 #define WAKEUP_METHOD_DTR       0
  70 #define WAKEUP_METHOD_BREAK     1
  71 #define WAKEUP_METHOD_EXT_BREAK 2
  72 #define WAKEUP_METHOD_RTS       3
  73 #define WAKEUP_METHOD_INVALID   0xff
  74
  75 /* power save mode status */
  76 #define PS_MODE_DISABLE         0
  77 #define PS_MODE_ENABLE          1
  78
  79 /* Power Save Commands to ps_work_func  */
  80 #define PS_CMD_EXIT_PS          1
  81 #define PS_CMD_ENTER_PS         2
  82
  83 /* power save state */
  84 #define PS_STATE_AWAKE          0
  85 #define PS_STATE_SLEEP          1
  86
  87 /* Bluetooth vendor command : Sleep mode */
  88 #define HCI_NXP_AUTO_SLEEP_MODE 0xfc23
  89 /* Bluetooth vendor command : Wakeup method */
  90 #define HCI_NXP_WAKEUP_METHOD   0xfc53
  91 /* Bluetooth vendor command : Set operational baudrate */
  92 #define HCI_NXP_SET_OPER_SPEED  0xfc09
  93 /* Bluetooth vendor command: Independent Reset */
  94 #define HCI_NXP_IND_RESET       0xfcfc
  95
  96 /* Bluetooth Power State : Vendor cmd params */
  97 #define BT_PS_ENABLE                    0x02
  98 #define BT_PS_DISABLE                   0x03
  99
 100 /* Bluetooth Host Wakeup Methods */
 101 #define BT_HOST_WAKEUP_METHOD_NONE      0x00
 102 #define BT_HOST_WAKEUP_METHOD_DTR       0x01
 103 #define BT_HOST_WAKEUP_METHOD_BREAK     0x02
 104 #define BT_HOST_WAKEUP_METHOD_GPIO      0x03
 105
 106 /* Bluetooth Chip Wakeup Methods */
 107 #define BT_CTRL_WAKEUP_METHOD_DSR       0x00
 108 #define BT_CTRL_WAKEUP_METHOD_BREAK     0x01
 109 #define BT_CTRL_WAKEUP_METHOD_GPIO      0x02
 110 #define BT_CTRL_WAKEUP_METHOD_EXT_BREAK 0x04
 111 #define BT_CTRL_WAKEUP_METHOD_RTS       0x05
 112
 113 struct ps_data {
 114         u8    target_ps_mode;   /* ps mode to be set */
 115         u8    cur_psmode;       /* current ps_mode */
 116         u8    ps_state;         /* controller's power save state */
 117         u8    ps_cmd;
 118         u8    h2c_wakeupmode;
 119         u8    cur_h2c_wakeupmode;
 120         u8    c2h_wakeupmode;
 121         u8    c2h_wakeup_gpio;
 122         u8    h2c_wakeup_gpio;
 123         bool  driver_sent_cmd;
 124         u16   h2c_ps_interval;
 125         u16   c2h_ps_interval;
 126         struct hci_dev *hdev;
 127         struct work_struct work;
 128         struct timer_list ps_timer;
 129         struct mutex ps_lock;
 130 };
 131
 132 struct wakeup_cmd_payload {
 133         u8 c2h_wakeupmode;
 134         u8 c2h_wakeup_gpio;
 135         u8 h2c_wakeupmode;
 136         u8 h2c_wakeup_gpio;
 137 } __packed;
 138
 139 struct psmode_cmd_payload {
 140         u8 ps_cmd;
 141         __le16 c2h_ps_interval;
 142 } __packed;
 143
 144 struct btnxpuart_data {
 145         const char *helper_fw_name;
 146         const char *fw_name;
 147 };
 148
 149 struct btnxpuart_dev {
 150         struct hci_dev *hdev;
 151         struct serdev_device *serdev;
 152
 153         struct work_struct tx_work;
 154         unsigned long tx_state;
 155         struct sk_buff_head txq;
 156         struct sk_buff *rx_skb;
 157
 158         const struct firmware *fw;
 159         u8 fw_name[MAX_FW_FILE_NAME_LEN];
 160         u32 fw_dnld_v1_offset;
 161         u32 fw_v1_sent_bytes;
 162         u32 fw_v3_offset_correction;
 163         u32 fw_v1_expected_len;
 164         u32 boot_reg_offset;
 165         wait_queue_head_t fw_dnld_done_wait_q;
 166         wait_queue_head_t check_boot_sign_wait_q;
 167
 168         u32 new_baudrate;
 169         u32 current_baudrate;
 170         u32 fw_init_baudrate;
 171         bool timeout_changed;
 172         bool baudrate_changed;
 173         bool helper_downloaded;
 174
 175         struct ps_data psdata;
 176         struct btnxpuart_data *nxp_data;
 177 };
 178
 179 #define NXP_V1_FW_REQ_PKT       0xa5
 180 #define NXP_V1_CHIP_VER_PKT     0xaa
 181 #define NXP_V3_FW_REQ_PKT       0xa7
 182 #define NXP_V3_CHIP_VER_PKT     0xab
 183
 184 #define NXP_ACK_V1              0x5a
 185 #define NXP_NAK_V1              0xbf
 186 #define NXP_ACK_V3              0x7a
 187 #define NXP_NAK_V3              0x7b
 188 #define NXP_CRC_ERROR_V3        0x7c
 189
 190 #define HDR_LEN                 16
 191
 192 #define NXP_RECV_CHIP_VER_V1 \
 193         .type = NXP_V1_CHIP_VER_PKT, \
 194         .hlen = 4, \
 195         .loff = 0, \
 196         .lsize = 0, \
 197         .maxlen = 4
 198
 199 #define NXP_RECV_FW_REQ_V1 \
 200         .type = NXP_V1_FW_REQ_PKT, \
 201         .hlen = 4, \
 202         .loff = 0, \
 203         .lsize = 0, \
 204         .maxlen = 4
 205
 206 #define NXP_RECV_CHIP_VER_V3 \
 207         .type = NXP_V3_CHIP_VER_PKT, \
 208         .hlen = 4, \
 209         .loff = 0, \
 210         .lsize = 0, \
 211         .maxlen = 4
 212
 213 #define NXP_RECV_FW_REQ_V3 \
 214         .type = NXP_V3_FW_REQ_PKT, \
 215         .hlen = 9, \
 216         .loff = 0, \
 217         .lsize = 0, \
 218         .maxlen = 9
 219
 220 struct v1_data_req {
 221         __le16 len;
 222         __le16 len_comp;
 223 } __packed;
 224
 225 struct v1_start_ind {
 226         __le16 chip_id;
 227         __le16 chip_id_comp;
 228 } __packed;
 229
 230 struct v3_data_req {
 231         __le16 len;
 232         __le32 offset;
 233         __le16 error;
 234         u8 crc;
 235 } __packed;
 236
 237 struct v3_start_ind {
 238         __le16 chip_id;
 239         u8 loader_ver;
 240         u8 crc;
 241 } __packed;
 242
 243 /* UART register addresses of BT chip */
 244 #define CLKDIVADDR      0x7f00008f
 245 #define UARTDIVADDR     0x7f000090
 246 #define UARTMCRADDR     0x7f000091
 247 #define UARTREINITADDR  0x7f000092
 248 #define UARTICRADDR     0x7f000093
 249 #define UARTFCRADDR     0x7f000094
 250
 251 #define MCR             0x00000022
 252 #define INIT            0x00000001
 253 #define ICR             0x000000c7
 254 #define FCR             0x000000c7
 255
 256 #define POLYNOMIAL8     0x07
 257
 258 struct uart_reg {
 259         __le32 address;
 260         __le32 value;
 261 } __packed;
 262
 263 struct uart_config {
 264         struct uart_reg clkdiv;
 265         struct uart_reg uartdiv;
 266         struct uart_reg mcr;
 267         struct uart_reg re_init;
 268         struct uart_reg icr;
 269         struct uart_reg fcr;
 270         __be32 crc;
 271 } __packed;
 272
 273 struct nxp_bootloader_cmd {
 274         __le32 header;
 275         __le32 arg;
 276         __le32 payload_len;
 277         __be32 crc;
 278 } __packed;
 279
 280 static u8 crc8_table[CRC8_TABLE_SIZE];
 281
 282 /* Default configurations */
 283 #define DEFAULT_H2C_WAKEUP_MODE WAKEUP_METHOD_BREAK
 284 #define DEFAULT_PS_MODE         PS_MODE_DISABLE
 285 #define FW_INIT_BAUDRATE        HCI_NXP_PRI_BAUDRATE
 286
 287 static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,
 288                                         u32 plen,
 289                                         void *param)
 290 {
 291         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 292         struct ps_data *psdata = &nxpdev->psdata;
 293         struct sk_buff *skb;
 294
 295         /* set flag to prevent nxp_enqueue from parsing values from this command and
 296          * calling hci_cmd_sync_queue() again.
 297          */
 298         psdata->driver_sent_cmd = true;
 299         skb = __hci_cmd_sync(hdev, opcode, plen, param, HCI_CMD_TIMEOUT);
 300         psdata->driver_sent_cmd = false;
 301
 302         return skb;
 303 }
 304
 305 static void btnxpuart_tx_wakeup(struct btnxpuart_dev *nxpdev)
 306 {
 307         if (schedule_work(&nxpdev->tx_work))
 308                 set_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
 309 }
 310
 311 /* NXP Power Save Feature */
 312 static void ps_start_timer(struct btnxpuart_dev *nxpdev)
 313 {
 314         struct ps_data *psdata = &nxpdev->psdata;
 315
 316         if (!psdata)
 317                 return;
 318
 319         if (psdata->cur_psmode == PS_MODE_ENABLE)
 320                 mod_timer(&psdata->ps_timer, jiffies + msecs_to_jiffies(psdata->h2c_ps_interval));
 321
 322         if (psdata->ps_state == PS_STATE_AWAKE && psdata->ps_cmd == PS_CMD_ENTER_PS)
 323                 cancel_work_sync(&psdata->work);
 324 }
 325
 326 static void ps_cancel_timer(struct btnxpuart_dev *nxpdev)
 327 {
 328         struct ps_data *psdata = &nxpdev->psdata;
 329
 330         flush_work(&psdata->work);
 331         del_timer_sync(&psdata->ps_timer);
 332 }
 333
 334 static void ps_control(struct hci_dev *hdev, u8 ps_state)
 335 {
 336         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 337         struct ps_data *psdata = &nxpdev->psdata;
 338         int status;
 339
 340         if (psdata->ps_state == ps_state ||
 341             !test_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state))
 342                 return;
 343
 344         mutex_lock(&psdata->ps_lock);
 345         switch (psdata->cur_h2c_wakeupmode) {
 346         case WAKEUP_METHOD_DTR:
 347                 if (ps_state == PS_STATE_AWAKE)
 348                         status = serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
 349                 else
 350                         status = serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
 351                 break;
 352         case WAKEUP_METHOD_BREAK:
 353         default:
 354                 if (ps_state == PS_STATE_AWAKE)
 355                         status = serdev_device_break_ctl(nxpdev->serdev, 0);
 356                 else
 357                         status = serdev_device_break_ctl(nxpdev->serdev, -1);
 358                 msleep(20); /* Allow chip to detect UART-break and enter sleep */
 359                 bt_dev_dbg(hdev, "Set UART break: %s, status=%d",
 360                            str_on_off(ps_state == PS_STATE_SLEEP), status);
 361                 break;
 362         }
 363         if (!status)
 364                 psdata->ps_state = ps_state;
 365         mutex_unlock(&psdata->ps_lock);
 366
 367         if (ps_state == PS_STATE_AWAKE)
 368                 btnxpuart_tx_wakeup(nxpdev);
 369 }
 370
 371 static void ps_work_func(struct work_struct *work)
 372 {
 373         struct ps_data *data = container_of(work, struct ps_data, work);
 374
 375         if (data->ps_cmd == PS_CMD_ENTER_PS && data->cur_psmode == PS_MODE_ENABLE)
 376                 ps_control(data->hdev, PS_STATE_SLEEP);
 377         else if (data->ps_cmd == PS_CMD_EXIT_PS)
 378                 ps_control(data->hdev, PS_STATE_AWAKE);
 379 }
 380
 381 static void ps_timeout_func(struct timer_list *t)
 382 {
 383         struct ps_data *data = from_timer(data, t, ps_timer);
 384         struct hci_dev *hdev = data->hdev;
 385         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 386
 387         if (test_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state)) {
 388                 ps_start_timer(nxpdev);
 389         } else {
 390                 data->ps_cmd = PS_CMD_ENTER_PS;
 391                 schedule_work(&data->work);
 392         }
 393 }
 394
 395 static void ps_setup(struct hci_dev *hdev)
 396 {
 397         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 398         struct ps_data *psdata = &nxpdev->psdata;
 399
 400         psdata->hdev = hdev;
 401         INIT_WORK(&psdata->work, ps_work_func);
 402         mutex_init(&psdata->ps_lock);
 403         timer_setup(&psdata->ps_timer, ps_timeout_func, 0);
 404 }
 405
 406 static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
 407 {
 408         struct ps_data *psdata = &nxpdev->psdata;
 409         u8 ps_state;
 410
 411         mutex_lock(&psdata->ps_lock);
 412         ps_state = psdata->ps_state;
 413         mutex_unlock(&psdata->ps_lock);
 414
 415         if (ps_state != PS_STATE_AWAKE) {
 416                 psdata->ps_cmd = PS_CMD_EXIT_PS;
 417                 schedule_work(&psdata->work);
 418                 return true;
 419         }
 420         return false;
 421 }
 422
 423 static int send_ps_cmd(struct hci_dev *hdev, void *data)
 424 {
 425         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 426         struct ps_data *psdata = &nxpdev->psdata;
 427         struct psmode_cmd_payload pcmd;
 428         struct sk_buff *skb;
 429         u8 *status;
 430
 431         if (psdata->target_ps_mode == PS_MODE_ENABLE)
 432                 pcmd.ps_cmd = BT_PS_ENABLE;
 433         else
 434                 pcmd.ps_cmd = BT_PS_DISABLE;
 435         pcmd.c2h_ps_interval = __cpu_to_le16(psdata->c2h_ps_interval);
 436
 437         skb = nxp_drv_send_cmd(hdev, HCI_NXP_AUTO_SLEEP_MODE, sizeof(pcmd), &pcmd);
 438         if (IS_ERR(skb)) {
 439                 bt_dev_err(hdev, "Setting Power Save mode failed (%ld)", PTR_ERR(skb));
 440                 return PTR_ERR(skb);
 441         }
 442
 443         status = skb_pull_data(skb, 1);
 444         if (status) {
 445                 if (!*status)
 446                         psdata->cur_psmode = psdata->target_ps_mode;
 447                 else
 448                         psdata->target_ps_mode = psdata->cur_psmode;
 449                 if (psdata->cur_psmode == PS_MODE_ENABLE)
 450                         ps_start_timer(nxpdev);
 451                 else
 452                         ps_wakeup(nxpdev);
 453                 bt_dev_dbg(hdev, "Power Save mode response: status=%d, ps_mode=%d",
 454                            *status, psdata->cur_psmode);
 455         }
 456         kfree_skb(skb);
 457
 458         return 0;
 459 }
 460
 461 static int send_wakeup_method_cmd(struct hci_dev *hdev, void *data)
 462 {
 463         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 464         struct ps_data *psdata = &nxpdev->psdata;
 465         struct wakeup_cmd_payload pcmd;
 466         struct sk_buff *skb;
 467         u8 *status;
 468
 469         pcmd.c2h_wakeupmode = psdata->c2h_wakeupmode;
 470         pcmd.c2h_wakeup_gpio = psdata->c2h_wakeup_gpio;
 471         switch (psdata->h2c_wakeupmode) {
 472         case WAKEUP_METHOD_DTR:
 473                 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_DSR;
 474                 break;
 475         case WAKEUP_METHOD_BREAK:
 476         default:
 477                 pcmd.h2c_wakeupmode = BT_CTRL_WAKEUP_METHOD_BREAK;
 478                 break;
 479         }
 480         pcmd.h2c_wakeup_gpio = 0xff;
 481
 482         skb = nxp_drv_send_cmd(hdev, HCI_NXP_WAKEUP_METHOD, sizeof(pcmd), &pcmd);
 483         if (IS_ERR(skb)) {
 484                 bt_dev_err(hdev, "Setting wake-up method failed (%ld)", PTR_ERR(skb));
 485                 return PTR_ERR(skb);
 486         }
 487
 488         status = skb_pull_data(skb, 1);
 489         if (status) {
 490                 if (*status == 0)
 491                         psdata->cur_h2c_wakeupmode = psdata->h2c_wakeupmode;
 492                 else
 493                         psdata->h2c_wakeupmode = psdata->cur_h2c_wakeupmode;
 494                 bt_dev_dbg(hdev, "Set Wakeup Method response: status=%d, h2c_wakeupmode=%d",
 495                            *status, psdata->cur_h2c_wakeupmode);
 496         }
 497         kfree_skb(skb);
 498
 499         return 0;
 500 }
 501
 502 static void ps_init(struct hci_dev *hdev)
 503 {
 504         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 505         struct ps_data *psdata = &nxpdev->psdata;
 506
 507         serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_RTS);
 508         usleep_range(5000, 10000);
 509         serdev_device_set_tiocm(nxpdev->serdev, TIOCM_RTS, 0);
 510         usleep_range(5000, 10000);
 511
 512         psdata->ps_state = PS_STATE_AWAKE;
 513         psdata->c2h_wakeupmode = BT_HOST_WAKEUP_METHOD_NONE;
 514         psdata->c2h_wakeup_gpio = 0xff;
 515
 516         psdata->cur_h2c_wakeupmode = WAKEUP_METHOD_INVALID;
 517         psdata->h2c_ps_interval = PS_DEFAULT_TIMEOUT_PERIOD_MS;
 518         switch (DEFAULT_H2C_WAKEUP_MODE) {
 519         case WAKEUP_METHOD_DTR:
 520                 psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
 521                 serdev_device_set_tiocm(nxpdev->serdev, 0, TIOCM_DTR);
 522                 serdev_device_set_tiocm(nxpdev->serdev, TIOCM_DTR, 0);
 523                 break;
 524         case WAKEUP_METHOD_BREAK:
 525         default:
 526                 psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
 527                 serdev_device_break_ctl(nxpdev->serdev, -1);
 528                 usleep_range(5000, 10000);
 529                 serdev_device_break_ctl(nxpdev->serdev, 0);
 530                 usleep_range(5000, 10000);
 531                 break;
 532         }
 533
 534         psdata->cur_psmode = PS_MODE_DISABLE;
 535         psdata->target_ps_mode = DEFAULT_PS_MODE;
 536
 537         if (psdata->cur_h2c_wakeupmode != psdata->h2c_wakeupmode)
 538                 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
 539         if (psdata->cur_psmode != psdata->target_ps_mode)
 540                 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
 541 }
 542
 543 /* NXP Firmware Download Feature */
 544 static int nxp_download_firmware(struct hci_dev *hdev)
 545 {
 546         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 547         int err = 0;
 548
 549         nxpdev->fw_dnld_v1_offset = 0;
 550         nxpdev->fw_v1_sent_bytes = 0;
 551         nxpdev->fw_v1_expected_len = HDR_LEN;
 552         nxpdev->boot_reg_offset = 0;
 553         nxpdev->fw_v3_offset_correction = 0;
 554         nxpdev->baudrate_changed = false;
 555         nxpdev->timeout_changed = false;
 556         nxpdev->helper_downloaded = false;
 557
 558         serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
 559         serdev_device_set_flow_control(nxpdev->serdev, false);
 560         nxpdev->current_baudrate = HCI_NXP_PRI_BAUDRATE;
 561
 562         /* Wait till FW is downloaded */
 563         err = wait_event_interruptible_timeout(nxpdev->fw_dnld_done_wait_q,
 564                                                !test_bit(BTNXPUART_FW_DOWNLOADING,
 565                                                          &nxpdev->tx_state),
 566                                                msecs_to_jiffies(60000));
 567         if (err == 0) {
 568                 bt_dev_err(hdev, "FW Download Timeout.");
 569                 return -ETIMEDOUT;
 570         }
 571
 572         serdev_device_set_flow_control(nxpdev->serdev, true);
 573         release_firmware(nxpdev->fw);
 574         memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
 575
 576         /* Allow the downloaded FW to initialize */
 577         msleep(1200);
 578
 579         return 0;
 580 }
 581
 582 static void nxp_send_ack(u8 ack, struct hci_dev *hdev)
 583 {
 584         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 585         u8 ack_nak[2];
 586         int len = 1;
 587
 588         ack_nak[0] = ack;
 589         if (ack == NXP_ACK_V3) {
 590                 ack_nak[1] = crc8(crc8_table, ack_nak, 1, 0xff);
 591                 len = 2;
 592         }
 593         serdev_device_write_buf(nxpdev->serdev, ack_nak, len);
 594 }
 595
 596 static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 req_len)
 597 {
 598         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 599         struct nxp_bootloader_cmd nxp_cmd5;
 600         struct uart_config uart_config;
 601         u32 clkdivaddr = CLKDIVADDR - nxpdev->boot_reg_offset;
 602         u32 uartdivaddr = UARTDIVADDR - nxpdev->boot_reg_offset;
 603         u32 uartmcraddr = UARTMCRADDR - nxpdev->boot_reg_offset;
 604         u32 uartreinitaddr = UARTREINITADDR - nxpdev->boot_reg_offset;
 605         u32 uarticraddr = UARTICRADDR - nxpdev->boot_reg_offset;
 606         u32 uartfcraddr = UARTFCRADDR - nxpdev->boot_reg_offset;
 607
 608         if (req_len == sizeof(nxp_cmd5)) {
 609                 nxp_cmd5.header = __cpu_to_le32(5);
 610                 nxp_cmd5.arg = 0;
 611                 nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
 612                 /* FW expects swapped CRC bytes */
 613                 nxp_cmd5.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd5,
 614                                                       sizeof(nxp_cmd5) - 4));
 615
 616                 serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd5, sizeof(nxp_cmd5));
 617                 nxpdev->fw_v3_offset_correction += req_len;
 618         } else if (req_len == sizeof(uart_config)) {
 619                 uart_config.clkdiv.address = __cpu_to_le32(clkdivaddr);
 620                 uart_config.clkdiv.value = __cpu_to_le32(0x00c00000);
 621                 uart_config.uartdiv.address = __cpu_to_le32(uartdivaddr);
 622                 uart_config.uartdiv.value = __cpu_to_le32(1);
 623                 uart_config.mcr.address = __cpu_to_le32(uartmcraddr);
 624                 uart_config.mcr.value = __cpu_to_le32(MCR);
 625                 uart_config.re_init.address = __cpu_to_le32(uartreinitaddr);
 626                 uart_config.re_init.value = __cpu_to_le32(INIT);
 627                 uart_config.icr.address = __cpu_to_le32(uarticraddr);
 628                 uart_config.icr.value = __cpu_to_le32(ICR);
 629                 uart_config.fcr.address = __cpu_to_le32(uartfcraddr);
 630                 uart_config.fcr.value = __cpu_to_le32(FCR);
 631                 /* FW expects swapped CRC bytes */
 632                 uart_config.crc = __cpu_to_be32(crc32_be(0UL, (char *)&uart_config,
 633                                                          sizeof(uart_config) - 4));
 634
 635                 serdev_device_write_buf(nxpdev->serdev, (u8 *)&uart_config, sizeof(uart_config));
 636                 serdev_device_wait_until_sent(nxpdev->serdev, 0);
 637                 nxpdev->fw_v3_offset_correction += req_len;
 638                 return true;
 639         }
 640         return false;
 641 }
 642
 643 static bool nxp_fw_change_timeout(struct hci_dev *hdev, u16 req_len)
 644 {
 645         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 646         struct nxp_bootloader_cmd nxp_cmd7;
 647
 648         if (req_len != sizeof(nxp_cmd7))
 649                 return false;
 650
 651         nxp_cmd7.header = __cpu_to_le32(7);
 652         nxp_cmd7.arg = __cpu_to_le32(0x70);
 653         nxp_cmd7.payload_len = 0;
 654         /* FW expects swapped CRC bytes */
 655         nxp_cmd7.crc = __cpu_to_be32(crc32_be(0UL, (char *)&nxp_cmd7,
 656                                               sizeof(nxp_cmd7) - 4));
 657         serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, sizeof(nxp_cmd7));
 658         serdev_device_wait_until_sent(nxpdev->serdev, 0);
 659         nxpdev->fw_v3_offset_correction += req_len;
 660         return true;
 661 }
 662
 663 static u32 nxp_get_data_len(const u8 *buf)
 664 {
 665         struct nxp_bootloader_cmd *hdr = (struct nxp_bootloader_cmd *)buf;
 666
 667         return __le32_to_cpu(hdr->payload_len);
 668 }
 669
 670 static bool is_fw_downloading(struct btnxpuart_dev *nxpdev)
 671 {
 672         return test_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
 673 }
 674
 675 static bool process_boot_signature(struct btnxpuart_dev *nxpdev)
 676 {
 677         if (test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state)) {
 678                 clear_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
 679                 wake_up_interruptible(&nxpdev->check_boot_sign_wait_q);
 680                 return false;
 681         }
 682         return is_fw_downloading(nxpdev);
 683 }
 684
 685 static int nxp_request_firmware(struct hci_dev *hdev, const char *fw_name)
 686 {
 687         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 688         int err = 0;
 689
 690         if (!fw_name)
 691                 return -ENOENT;
 692
 693         if (!strlen(nxpdev->fw_name)) {
 694                 snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
 695
 696                 bt_dev_dbg(hdev, "Request Firmware: %s", nxpdev->fw_name);
 697                 err = request_firmware(&nxpdev->fw, nxpdev->fw_name, &hdev->dev);
 698                 if (err < 0) {
 699                         bt_dev_err(hdev, "Firmware file %s not found", nxpdev->fw_name);
 700                         clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
 701                 }
 702         }
 703         return err;
 704 }
 705
 706 /* for legacy chipsets with V1 bootloader */
 707 static int nxp_recv_chip_ver_v1(struct hci_dev *hdev, struct sk_buff *skb)
 708 {
 709         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 710         struct v1_start_ind *req;
 711         __u16 chip_id;
 712
 713         req = skb_pull_data(skb, sizeof(*req));
 714         if (!req)
 715                 goto free_skb;
 716
 717         chip_id = le16_to_cpu(req->chip_id ^ req->chip_id_comp);
 718         if (chip_id == 0xffff && nxpdev->fw_dnld_v1_offset) {
 719                 nxpdev->fw_dnld_v1_offset = 0;
 720                 nxpdev->fw_v1_sent_bytes = 0;
 721                 nxpdev->fw_v1_expected_len = HDR_LEN;
 722                 release_firmware(nxpdev->fw);
 723                 memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name));
 724                 nxp_send_ack(NXP_ACK_V1, hdev);
 725         }
 726
 727 free_skb:
 728         kfree_skb(skb);
 729         return 0;
 730 }
 731
 732 static int nxp_recv_fw_req_v1(struct hci_dev *hdev, struct sk_buff *skb)
 733 {
 734         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 735         struct btnxpuart_data *nxp_data = nxpdev->nxp_data;
 736         struct v1_data_req *req;
 737         __u16 len;
 738
 739         if (!process_boot_signature(nxpdev))
 740                 goto free_skb;
 741
 742         req = skb_pull_data(skb, sizeof(*req));
 743         if (!req)
 744                 goto free_skb;
 745
 746         len = __le16_to_cpu(req->len ^ req->len_comp);
 747         if (len != 0xffff) {
 748                 bt_dev_dbg(hdev, "ERR: Send NAK");
 749                 nxp_send_ack(NXP_NAK_V1, hdev);
 750                 goto free_skb;
 751         }
 752         nxp_send_ack(NXP_ACK_V1, hdev);
 753
 754         len = __le16_to_cpu(req->len);
 755
 756         if (!nxp_data->helper_fw_name) {
 757                 if (!nxpdev->timeout_changed) {
 758                         nxpdev->timeout_changed = nxp_fw_change_timeout(hdev,
 759                                                                         len);
 760                         goto free_skb;
 761                 }
 762                 if (!nxpdev->baudrate_changed) {
 763                         nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev,
 764                                                                           len);
 765                         if (nxpdev->baudrate_changed) {
 766                                 serdev_device_set_baudrate(nxpdev->serdev,
 767                                                            HCI_NXP_SEC_BAUDRATE);
 768                                 serdev_device_set_flow_control(nxpdev->serdev, true);
 769                                 nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
 770                         }
 771                         goto free_skb;
 772                 }
 773         }
 774
 775         if (!nxp_data->helper_fw_name || nxpdev->helper_downloaded) {
 776                 if (nxp_request_firmware(hdev, nxp_data->fw_name))
 777                         goto free_skb;
 778         } else if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
 779                 if (nxp_request_firmware(hdev, nxp_data->helper_fw_name))
 780                         goto free_skb;
 781         }
 782
 783         if (!len) {
 784                 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
 785                            nxpdev->fw->size);
 786                 if (nxp_data->helper_fw_name && !nxpdev->helper_downloaded) {
 787                         nxpdev->helper_downloaded = true;
 788                         serdev_device_wait_until_sent(nxpdev->serdev, 0);
 789                         serdev_device_set_baudrate(nxpdev->serdev,
 790                                                    HCI_NXP_SEC_BAUDRATE);
 791                         serdev_device_set_flow_control(nxpdev->serdev, true);
 792                 } else {
 793                         clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
 794                         wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
 795                 }
 796                 goto free_skb;
 797         }
 798         if (len & 0x01) {
 799                 /* The CRC did not match at the other end.
 800                  * Simply send the same bytes again.
 801                  */
 802                 len = nxpdev->fw_v1_sent_bytes;
 803                 bt_dev_dbg(hdev, "CRC error. Resend %d bytes of FW.", len);
 804         } else {
 805                 nxpdev->fw_dnld_v1_offset += nxpdev->fw_v1_sent_bytes;
 806
 807                 /* The FW bin file is made up of many blocks of
 808                  * 16 byte header and payload data chunks. If the
 809                  * FW has requested a header, read the payload length
 810                  * info from the header, before sending the header.
 811                  * In the next iteration, the FW should request the
 812                  * payload data chunk, which should be equal to the
 813                  * payload length read from header. If there is a
 814                  * mismatch, clearly the driver and FW are out of sync,
 815                  * and we need to re-send the previous header again.
 816                  */
 817                 if (len == nxpdev->fw_v1_expected_len) {
 818                         if (len == HDR_LEN)
 819                                 nxpdev->fw_v1_expected_len = nxp_get_data_len(nxpdev->fw->data +
 820                                                                         nxpdev->fw_dnld_v1_offset);
 821                         else
 822                                 nxpdev->fw_v1_expected_len = HDR_LEN;
 823                 } else if (len == HDR_LEN) {
 824                         /* FW download out of sync. Send previous chunk again */
 825                         nxpdev->fw_dnld_v1_offset -= nxpdev->fw_v1_sent_bytes;
 826                         nxpdev->fw_v1_expected_len = HDR_LEN;
 827                 }
 828         }
 829
 830         if (nxpdev->fw_dnld_v1_offset + len <= nxpdev->fw->size)
 831                 serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data +
 832                                         nxpdev->fw_dnld_v1_offset, len);
 833         nxpdev->fw_v1_sent_bytes = len;
 834
 835 free_skb:
 836         kfree_skb(skb);
 837         return 0;
 838 }
 839
 840 static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
 841                                          u8 loader_ver)
 842 {
 843         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 844         char *fw_name = NULL;
 845
 846         switch (chipid) {
 847         case CHIP_ID_W9098:
 848                 fw_name = FIRMWARE_W9098;
 849                 break;
 850         case CHIP_ID_IW416:
 851                 fw_name = FIRMWARE_IW416;
 852                 break;
 853         case CHIP_ID_IW612:
 854                 fw_name = FIRMWARE_IW612;
 855                 break;
 856         case CHIP_ID_IW624a:
 857         case CHIP_ID_IW624c:
 858                 nxpdev->boot_reg_offset = 1;
 859                 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
 860                         fw_name = FIRMWARE_IW624;
 861                 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
 862                         fw_name = FIRMWARE_SECURE_IW624;
 863                 else
 864                         bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
 865                 break;
 866         case CHIP_ID_AW693:
 867                 if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
 868                         fw_name = FIRMWARE_AW693;
 869                 else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
 870                         fw_name = FIRMWARE_SECURE_AW693;
 871                 else
 872                         bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
 873                 break;
 874         default:
 875                 bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
 876                 break;
 877         }
 878         return fw_name;
 879 }
 880
 881 static int nxp_recv_chip_ver_v3(struct hci_dev *hdev, struct sk_buff *skb)
 882 {
 883         struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
 884         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 885         u16 chip_id;
 886         u8 loader_ver;
 887
 888         if (!process_boot_signature(nxpdev))
 889                 goto free_skb;
 890
 891         chip_id = le16_to_cpu(req->chip_id);
 892         loader_ver = req->loader_ver;
 893         if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
 894                                                                     chip_id, loader_ver)))
 895                 nxp_send_ack(NXP_ACK_V3, hdev);
 896
 897 free_skb:
 898         kfree_skb(skb);
 899         return 0;
 900 }
 901
 902 static int nxp_recv_fw_req_v3(struct hci_dev *hdev, struct sk_buff *skb)
 903 {
 904         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 905         struct v3_data_req *req;
 906         __u16 len;
 907         __u32 offset;
 908
 909         if (!process_boot_signature(nxpdev))
 910                 goto free_skb;
 911
 912         req = skb_pull_data(skb, sizeof(*req));
 913         if (!req || !nxpdev->fw)
 914                 goto free_skb;
 915
 916         nxp_send_ack(NXP_ACK_V3, hdev);
 917
 918         len = __le16_to_cpu(req->len);
 919
 920         if (!nxpdev->timeout_changed) {
 921                 nxpdev->timeout_changed = nxp_fw_change_timeout(hdev, len);
 922                 goto free_skb;
 923         }
 924
 925         if (!nxpdev->baudrate_changed) {
 926                 nxpdev->baudrate_changed = nxp_fw_change_baudrate(hdev, len);
 927                 if (nxpdev->baudrate_changed) {
 928                         serdev_device_set_baudrate(nxpdev->serdev,
 929                                                    HCI_NXP_SEC_BAUDRATE);
 930                         serdev_device_set_flow_control(nxpdev->serdev, true);
 931                         nxpdev->current_baudrate = HCI_NXP_SEC_BAUDRATE;
 932                 }
 933                 goto free_skb;
 934         }
 935
 936         if (req->len == 0) {
 937                 bt_dev_dbg(hdev, "FW Downloaded Successfully: %zu bytes",
 938                            nxpdev->fw->size);
 939                 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
 940                 wake_up_interruptible(&nxpdev->fw_dnld_done_wait_q);
 941                 goto free_skb;
 942         }
 943         if (req->error)
 944                 bt_dev_dbg(hdev, "FW Download received err 0x%02x from chip",
 945                            req->error);
 946
 947         offset = __le32_to_cpu(req->offset);
 948         if (offset < nxpdev->fw_v3_offset_correction) {
 949                 /* This scenario should ideally never occur. But if it ever does,
 950                  * FW is out of sync and needs a power cycle.
 951                  */
 952                 bt_dev_err(hdev, "Something went wrong during FW download");
 953                 bt_dev_err(hdev, "Please power cycle and try again");
 954                 goto free_skb;
 955         }
 956
 957         serdev_device_write_buf(nxpdev->serdev, nxpdev->fw->data + offset -
 958                                 nxpdev->fw_v3_offset_correction, len);
 959
 960 free_skb:
 961         kfree_skb(skb);
 962         return 0;
 963 }
 964
 965 static int nxp_set_baudrate_cmd(struct hci_dev *hdev, void *data)
 966 {
 967         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
 968         __le32 new_baudrate = __cpu_to_le32(nxpdev->new_baudrate);
 969         struct ps_data *psdata = &nxpdev->psdata;
 970         struct sk_buff *skb;
 971         u8 *status;
 972
 973         if (!psdata)
 974                 return 0;
 975
 976         skb = nxp_drv_send_cmd(hdev, HCI_NXP_SET_OPER_SPEED, 4, (u8 *)&new_baudrate);
 977         if (IS_ERR(skb)) {
 978                 bt_dev_err(hdev, "Setting baudrate failed (%ld)", PTR_ERR(skb));
 979                 return PTR_ERR(skb);
 980         }
 981
 982         status = (u8 *)skb_pull_data(skb, 1);
 983         if (status) {
 984                 if (*status == 0) {
 985                         serdev_device_set_baudrate(nxpdev->serdev, nxpdev->new_baudrate);
 986                         nxpdev->current_baudrate = nxpdev->new_baudrate;
 987                 }
 988                 bt_dev_dbg(hdev, "Set baudrate response: status=%d, baudrate=%d",
 989                            *status, nxpdev->new_baudrate);
 990         }
 991         kfree_skb(skb);
 992
 993         return 0;
 994 }
 995
 996 static int nxp_check_boot_sign(struct btnxpuart_dev *nxpdev)
 997 {
 998         serdev_device_set_baudrate(nxpdev->serdev, HCI_NXP_PRI_BAUDRATE);
 999         if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1000                 serdev_device_set_flow_control(nxpdev->serdev, false);
1001         else
1002                 serdev_device_set_flow_control(nxpdev->serdev, true);
1003         set_bit(BTNXPUART_CHECK_BOOT_SIGNATURE, &nxpdev->tx_state);
1004
1005         return wait_event_interruptible_timeout(nxpdev->check_boot_sign_wait_q,
1006                                                !test_bit(BTNXPUART_CHECK_BOOT_SIGNATURE,
1007                                                          &nxpdev->tx_state),
1008                                                msecs_to_jiffies(1000));
1009 }
1010
1011 static int nxp_set_ind_reset(struct hci_dev *hdev, void *data)
1012 {
1013         static const u8 ir_hw_err[] = { HCI_EV_HARDWARE_ERROR,
1014                                         0x01, BTNXPUART_IR_HW_ERR };
1015         struct sk_buff *skb;
1016
1017         skb = bt_skb_alloc(3, GFP_ATOMIC);
1018         if (!skb)
1019                 return -ENOMEM;
1020
1021         hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1022         skb_put_data(skb, ir_hw_err, 3);
1023
1024         /* Inject Hardware Error to upper stack */
1025         return hci_recv_frame(hdev, skb);
1026 }
1027
1028 /* NXP protocol */
1029 static int nxp_setup(struct hci_dev *hdev)
1030 {
1031         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1032         int err = 0;
1033
1034         if (nxp_check_boot_sign(nxpdev)) {
1035                 bt_dev_dbg(hdev, "Need FW Download.");
1036                 err = nxp_download_firmware(hdev);
1037                 if (err < 0)
1038                         return err;
1039         } else {
1040                 bt_dev_dbg(hdev, "FW already running.");
1041                 clear_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1042         }
1043
1044         serdev_device_set_baudrate(nxpdev->serdev, nxpdev->fw_init_baudrate);
1045         nxpdev->current_baudrate = nxpdev->fw_init_baudrate;
1046
1047         if (nxpdev->current_baudrate != HCI_NXP_SEC_BAUDRATE) {
1048                 nxpdev->new_baudrate = HCI_NXP_SEC_BAUDRATE;
1049                 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1050         }
1051
1052         ps_init(hdev);
1053
1054         if (test_and_clear_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state))
1055                 hci_dev_clear_flag(hdev, HCI_SETUP);
1056
1057         return 0;
1058 }
1059
1060 static void nxp_hw_err(struct hci_dev *hdev, u8 code)
1061 {
1062         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1063
1064         switch (code) {
1065         case BTNXPUART_IR_HW_ERR:
1066                 set_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state);
1067                 hci_dev_set_flag(hdev, HCI_SETUP);
1068                 break;
1069         default:
1070                 break;
1071         }
1072 }
1073
1074 static int nxp_shutdown(struct hci_dev *hdev)
1075 {
1076         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1077         struct sk_buff *skb;
1078         u8 *status;
1079         u8 pcmd = 0;
1080
1081         if (test_bit(BTNXPUART_IR_IN_PROGRESS, &nxpdev->tx_state)) {
1082                 skb = nxp_drv_send_cmd(hdev, HCI_NXP_IND_RESET, 1, &pcmd);
1083                 if (IS_ERR(skb))
1084                         return PTR_ERR(skb);
1085
1086                 status = skb_pull_data(skb, 1);
1087                 if (status) {
1088                         serdev_device_set_flow_control(nxpdev->serdev, false);
1089                         set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1090                 }
1091                 kfree_skb(skb);
1092         }
1093
1094         return 0;
1095 }
1096
1097 static int btnxpuart_queue_skb(struct hci_dev *hdev, struct sk_buff *skb)
1098 {
1099         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1100
1101         /* Prepend skb with frame type */
1102         memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1103         skb_queue_tail(&nxpdev->txq, skb);
1104         btnxpuart_tx_wakeup(nxpdev);
1105         return 0;
1106 }
1107
1108 static int nxp_enqueue(struct hci_dev *hdev, struct sk_buff *skb)
1109 {
1110         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1111         struct ps_data *psdata = &nxpdev->psdata;
1112         struct hci_command_hdr *hdr;
1113         struct psmode_cmd_payload ps_parm;
1114         struct wakeup_cmd_payload wakeup_parm;
1115         __le32 baudrate_parm;
1116
1117         /* if vendor commands are received from user space (e.g. hcitool), update
1118          * driver flags accordingly and ask driver to re-send the command to FW.
1119          * In case the payload for any command does not match expected payload
1120          * length, let the firmware and user space program handle it, or throw
1121          * an error.
1122          */
1123         if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT && !psdata->driver_sent_cmd) {
1124                 hdr = (struct hci_command_hdr *)skb->data;
1125                 if (hdr->plen != (skb->len - HCI_COMMAND_HDR_SIZE))
1126                         return btnxpuart_queue_skb(hdev, skb);
1127
1128                 switch (__le16_to_cpu(hdr->opcode)) {
1129                 case HCI_NXP_AUTO_SLEEP_MODE:
1130                         if (hdr->plen == sizeof(ps_parm)) {
1131                                 memcpy(&ps_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1132                                 if (ps_parm.ps_cmd == BT_PS_ENABLE)
1133                                         psdata->target_ps_mode = PS_MODE_ENABLE;
1134                                 else if (ps_parm.ps_cmd == BT_PS_DISABLE)
1135                                         psdata->target_ps_mode = PS_MODE_DISABLE;
1136                                 psdata->c2h_ps_interval = __le16_to_cpu(ps_parm.c2h_ps_interval);
1137                                 hci_cmd_sync_queue(hdev, send_ps_cmd, NULL, NULL);
1138                                 goto free_skb;
1139                         }
1140                         break;
1141                 case HCI_NXP_WAKEUP_METHOD:
1142                         if (hdr->plen == sizeof(wakeup_parm)) {
1143                                 memcpy(&wakeup_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1144                                 psdata->c2h_wakeupmode = wakeup_parm.c2h_wakeupmode;
1145                                 psdata->c2h_wakeup_gpio = wakeup_parm.c2h_wakeup_gpio;
1146                                 psdata->h2c_wakeup_gpio = wakeup_parm.h2c_wakeup_gpio;
1147                                 switch (wakeup_parm.h2c_wakeupmode) {
1148                                 case BT_CTRL_WAKEUP_METHOD_DSR:
1149                                         psdata->h2c_wakeupmode = WAKEUP_METHOD_DTR;
1150                                         break;
1151                                 case BT_CTRL_WAKEUP_METHOD_BREAK:
1152                                 default:
1153                                         psdata->h2c_wakeupmode = WAKEUP_METHOD_BREAK;
1154                                         break;
1155                                 }
1156                                 hci_cmd_sync_queue(hdev, send_wakeup_method_cmd, NULL, NULL);
1157                                 goto free_skb;
1158                         }
1159                         break;
1160                 case HCI_NXP_SET_OPER_SPEED:
1161                         if (hdr->plen == sizeof(baudrate_parm)) {
1162                                 memcpy(&baudrate_parm, skb->data + HCI_COMMAND_HDR_SIZE, hdr->plen);
1163                                 nxpdev->new_baudrate = __le32_to_cpu(baudrate_parm);
1164                                 hci_cmd_sync_queue(hdev, nxp_set_baudrate_cmd, NULL, NULL);
1165                                 goto free_skb;
1166                         }
1167                         break;
1168                 case HCI_NXP_IND_RESET:
1169                         if (hdr->plen == 1) {
1170                                 hci_cmd_sync_queue(hdev, nxp_set_ind_reset, NULL, NULL);
1171                                 goto free_skb;
1172                         }
1173                         break;
1174                 default:
1175                         break;
1176                 }
1177         }
1178
1179         return btnxpuart_queue_skb(hdev, skb);
1180
1181 free_skb:
1182         kfree_skb(skb);
1183         return 0;
1184 }
1185
1186 static struct sk_buff *nxp_dequeue(void *data)
1187 {
1188         struct btnxpuart_dev *nxpdev = (struct btnxpuart_dev *)data;
1189
1190         ps_start_timer(nxpdev);
1191         return skb_dequeue(&nxpdev->txq);
1192 }
1193
1194 /* btnxpuart based on serdev */
1195 static void btnxpuart_tx_work(struct work_struct *work)
1196 {
1197         struct btnxpuart_dev *nxpdev = container_of(work, struct btnxpuart_dev,
1198                                                    tx_work);
1199         struct serdev_device *serdev = nxpdev->serdev;
1200         struct hci_dev *hdev = nxpdev->hdev;
1201         struct sk_buff *skb;
1202         int len;
1203
1204         if (ps_wakeup(nxpdev))
1205                 return;
1206
1207         while ((skb = nxp_dequeue(nxpdev))) {
1208                 len = serdev_device_write_buf(serdev, skb->data, skb->len);
1209                 hdev->stat.byte_tx += len;
1210
1211                 skb_pull(skb, len);
1212                 if (skb->len > 0) {
1213                         skb_queue_head(&nxpdev->txq, skb);
1214                         break;
1215                 }
1216
1217                 switch (hci_skb_pkt_type(skb)) {
1218                 case HCI_COMMAND_PKT:
1219                         hdev->stat.cmd_tx++;
1220                         break;
1221                 case HCI_ACLDATA_PKT:
1222                         hdev->stat.acl_tx++;
1223                         break;
1224                 case HCI_SCODATA_PKT:
1225                         hdev->stat.sco_tx++;
1226                         break;
1227                 }
1228
1229                 kfree_skb(skb);
1230         }
1231         clear_bit(BTNXPUART_TX_STATE_ACTIVE, &nxpdev->tx_state);
1232 }
1233
1234 static int btnxpuart_open(struct hci_dev *hdev)
1235 {
1236         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1237         int err = 0;
1238
1239         err = serdev_device_open(nxpdev->serdev);
1240         if (err) {
1241                 bt_dev_err(hdev, "Unable to open UART device %s",
1242                            dev_name(&nxpdev->serdev->dev));
1243         } else {
1244                 set_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1245         }
1246         return err;
1247 }
1248
1249 static int btnxpuart_close(struct hci_dev *hdev)
1250 {
1251         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1252
1253         ps_wakeup(nxpdev);
1254         serdev_device_close(nxpdev->serdev);
1255         skb_queue_purge(&nxpdev->txq);
1256         kfree_skb(nxpdev->rx_skb);
1257         nxpdev->rx_skb = NULL;
1258         clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
1259         return 0;
1260 }
1261
1262 static int btnxpuart_flush(struct hci_dev *hdev)
1263 {
1264         struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
1265
1266         /* Flush any pending characters */
1267         serdev_device_write_flush(nxpdev->serdev);
1268         skb_queue_purge(&nxpdev->txq);
1269
1270         cancel_work_sync(&nxpdev->tx_work);
1271
1272         kfree_skb(nxpdev->rx_skb);
1273         nxpdev->rx_skb = NULL;
1274
1275         return 0;
1276 }
1277
1278 static const struct h4_recv_pkt nxp_recv_pkts[] = {
1279         { H4_RECV_ACL,          .recv = hci_recv_frame },
1280         { H4_RECV_SCO,          .recv = hci_recv_frame },
1281         { H4_RECV_EVENT,        .recv = hci_recv_frame },
1282         { NXP_RECV_CHIP_VER_V1, .recv = nxp_recv_chip_ver_v1 },
1283         { NXP_RECV_FW_REQ_V1,   .recv = nxp_recv_fw_req_v1 },
1284         { NXP_RECV_CHIP_VER_V3, .recv = nxp_recv_chip_ver_v3 },
1285         { NXP_RECV_FW_REQ_V3,   .recv = nxp_recv_fw_req_v3 },
1286 };
1287
1288 static size_t btnxpuart_receive_buf(struct serdev_device *serdev,
1289                                     const u8 *data, size_t count)
1290 {
1291         struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1292
1293         ps_start_timer(nxpdev);
1294
1295         nxpdev->rx_skb = h4_recv_buf(nxpdev->hdev, nxpdev->rx_skb, data, count,
1296                                      nxp_recv_pkts, ARRAY_SIZE(nxp_recv_pkts));
1297         if (IS_ERR(nxpdev->rx_skb)) {
1298                 int err = PTR_ERR(nxpdev->rx_skb);
1299                 /* Safe to ignore out-of-sync bootloader signatures */
1300                 if (!is_fw_downloading(nxpdev))
1301                         bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err);
1302                 return count;
1303         }
1304         if (!is_fw_downloading(nxpdev))
1305                 nxpdev->hdev->stat.byte_rx += count;
1306         return count;
1307 }
1308
1309 static void btnxpuart_write_wakeup(struct serdev_device *serdev)
1310 {
1311         serdev_device_write_wakeup(serdev);
1312 }
1313
1314 static const struct serdev_device_ops btnxpuart_client_ops = {
1315         .receive_buf = btnxpuart_receive_buf,
1316         .write_wakeup = btnxpuart_write_wakeup,
1317 };
1318
1319 static int nxp_serdev_probe(struct serdev_device *serdev)
1320 {
1321         struct hci_dev *hdev;
1322         struct btnxpuart_dev *nxpdev;
1323
1324         nxpdev = devm_kzalloc(&serdev->dev, sizeof(*nxpdev), GFP_KERNEL);
1325         if (!nxpdev)
1326                 return -ENOMEM;
1327
1328         nxpdev->nxp_data = (struct btnxpuart_data *)device_get_match_data(&serdev->dev);
1329
1330         nxpdev->serdev = serdev;
1331         serdev_device_set_drvdata(serdev, nxpdev);
1332
1333         serdev_device_set_client_ops(serdev, &btnxpuart_client_ops);
1334
1335         INIT_WORK(&nxpdev->tx_work, btnxpuart_tx_work);
1336         skb_queue_head_init(&nxpdev->txq);
1337
1338         init_waitqueue_head(&nxpdev->fw_dnld_done_wait_q);
1339         init_waitqueue_head(&nxpdev->check_boot_sign_wait_q);
1340
1341         device_property_read_u32(&nxpdev->serdev->dev, "fw-init-baudrate",
1342                                  &nxpdev->fw_init_baudrate);
1343         if (!nxpdev->fw_init_baudrate)
1344                 nxpdev->fw_init_baudrate = FW_INIT_BAUDRATE;
1345
1346         set_bit(BTNXPUART_FW_DOWNLOADING, &nxpdev->tx_state);
1347
1348         crc8_populate_msb(crc8_table, POLYNOMIAL8);
1349
1350         /* Initialize and register HCI device */
1351         hdev = hci_alloc_dev();
1352         if (!hdev) {
1353                 dev_err(&serdev->dev, "Can't allocate HCI device\n");
1354                 return -ENOMEM;
1355         }
1356
1357         nxpdev->hdev = hdev;
1358
1359         hdev->bus = HCI_UART;
1360         hci_set_drvdata(hdev, nxpdev);
1361
1362         hdev->manufacturer = MANUFACTURER_NXP;
1363         hdev->open  = btnxpuart_open;
1364         hdev->close = btnxpuart_close;
1365         hdev->flush = btnxpuart_flush;
1366         hdev->setup = nxp_setup;
1367         hdev->send  = nxp_enqueue;
1368         hdev->hw_error = nxp_hw_err;
1369         hdev->shutdown = nxp_shutdown;
1370         SET_HCIDEV_DEV(hdev, &serdev->dev);
1371
1372         if (hci_register_dev(hdev) < 0) {
1373                 dev_err(&serdev->dev, "Can't register HCI device\n");
1374                 hci_free_dev(hdev);
1375                 return -ENODEV;
1376         }
1377
1378         ps_setup(hdev);
1379
1380         return 0;
1381 }
1382
1383 static void nxp_serdev_remove(struct serdev_device *serdev)
1384 {
1385         struct btnxpuart_dev *nxpdev = serdev_device_get_drvdata(serdev);
1386         struct hci_dev *hdev = nxpdev->hdev;
1387
1388         /* Restore FW baudrate to fw_init_baudrate if changed.
1389          * This will ensure FW baudrate is in sync with
1390          * driver baudrate in case this driver is re-inserted.
1391          */
1392         if (nxpdev->current_baudrate != nxpdev->fw_init_baudrate) {
1393                 nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
1394                 nxp_set_baudrate_cmd(hdev, NULL);
1395         }
1396
1397         ps_cancel_timer(nxpdev);
1398         hci_unregister_dev(hdev);
1399         hci_free_dev(hdev);
1400 }
1401
1402 static struct btnxpuart_data w8987_data __maybe_unused = {
1403         .helper_fw_name = NULL,
1404         .fw_name = FIRMWARE_W8987,
1405 };
1406
1407 static struct btnxpuart_data w8997_data __maybe_unused = {
1408         .helper_fw_name = FIRMWARE_HELPER,
1409         .fw_name = FIRMWARE_W8997,
1410 };
1411
1412 static const struct of_device_id nxpuart_of_match_table[] __maybe_unused = {
1413         { .compatible = "nxp,88w8987-bt", .data = &w8987_data },
1414         { .compatible = "nxp,88w8997-bt", .data = &w8997_data },
1415         { }
1416 };
1417 MODULE_DEVICE_TABLE(of, nxpuart_of_match_table);
1418
1419 static struct serdev_device_driver nxp_serdev_driver = {
1420         .probe = nxp_serdev_probe,
1421         .remove = nxp_serdev_remove,
1422         .driver = {
1423                 .name = "btnxpuart",
1424                 .of_match_table = of_match_ptr(nxpuart_of_match_table),
1425         },
1426 };
1427
1428 module_serdev_device_driver(nxp_serdev_driver);
1429
1430 MODULE_AUTHOR("Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>");
1431 MODULE_DESCRIPTION("NXP Bluetooth Serial driver");
1432 MODULE_LICENSE("GPL");