]> Git Repo - linux.git/blob - drivers/bluetooth/btintel.c
dma-mapping: don't return errors from dma_set_max_seg_size
[linux.git] / drivers / bluetooth / btintel.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  *  Bluetooth support for Intel devices
5  *
6  *  Copyright (C) 2015  Intel Corporation
7  */
8
9 #include <linux/module.h>
10 #include <linux/firmware.h>
11 #include <linux/regmap.h>
12 #include <linux/acpi.h>
13 #include <acpi/acpi_bus.h>
14 #include <asm/unaligned.h>
15
16 #include <net/bluetooth/bluetooth.h>
17 #include <net/bluetooth/hci_core.h>
18
19 #include "btintel.h"
20
21 #define VERSION "0.1"
22
23 #define BDADDR_INTEL            (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
24 #define RSA_HEADER_LEN          644
25 #define CSS_HEADER_OFFSET       8
26 #define ECDSA_OFFSET            644
27 #define ECDSA_HEADER_LEN        320
28
29 enum {
30         DSM_SET_WDISABLE2_DELAY = 1,
31         DSM_SET_RESET_METHOD = 3,
32 };
33
34 #define CMD_WRITE_BOOT_PARAMS   0xfc0e
35 struct cmd_write_boot_params {
36         __le32 boot_addr;
37         u8  fw_build_num;
38         u8  fw_build_ww;
39         u8  fw_build_yy;
40 } __packed;
41
42 static struct {
43         const char *driver_name;
44         u8         hw_variant;
45         u32        fw_build_num;
46 } coredump_info;
47
48 static const guid_t btintel_guid_dsm =
49         GUID_INIT(0xaa10f4e0, 0x81ac, 0x4233,
50                   0xab, 0xf6, 0x3b, 0x2a, 0xc5, 0x0e, 0x28, 0xd9);
51
52 int btintel_check_bdaddr(struct hci_dev *hdev)
53 {
54         struct hci_rp_read_bd_addr *bda;
55         struct sk_buff *skb;
56
57         skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
58                              HCI_INIT_TIMEOUT);
59         if (IS_ERR(skb)) {
60                 int err = PTR_ERR(skb);
61                 bt_dev_err(hdev, "Reading Intel device address failed (%d)",
62                            err);
63                 return err;
64         }
65
66         if (skb->len != sizeof(*bda)) {
67                 bt_dev_err(hdev, "Intel device address length mismatch");
68                 kfree_skb(skb);
69                 return -EIO;
70         }
71
72         bda = (struct hci_rp_read_bd_addr *)skb->data;
73
74         /* For some Intel based controllers, the default Bluetooth device
75          * address 00:03:19:9E:8B:00 can be found. These controllers are
76          * fully operational, but have the danger of duplicate addresses
77          * and that in turn can cause problems with Bluetooth operation.
78          */
79         if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
80                 bt_dev_err(hdev, "Found Intel default device address (%pMR)",
81                            &bda->bdaddr);
82                 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
83         }
84
85         kfree_skb(skb);
86
87         return 0;
88 }
89 EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
90
91 int btintel_enter_mfg(struct hci_dev *hdev)
92 {
93         static const u8 param[] = { 0x01, 0x00 };
94         struct sk_buff *skb;
95
96         skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
97         if (IS_ERR(skb)) {
98                 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
99                            PTR_ERR(skb));
100                 return PTR_ERR(skb);
101         }
102         kfree_skb(skb);
103
104         return 0;
105 }
106 EXPORT_SYMBOL_GPL(btintel_enter_mfg);
107
108 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
109 {
110         u8 param[] = { 0x00, 0x00 };
111         struct sk_buff *skb;
112
113         /* The 2nd command parameter specifies the manufacturing exit method:
114          * 0x00: Just disable the manufacturing mode (0x00).
115          * 0x01: Disable manufacturing mode and reset with patches deactivated.
116          * 0x02: Disable manufacturing mode and reset with patches activated.
117          */
118         if (reset)
119                 param[1] |= patched ? 0x02 : 0x01;
120
121         skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
122         if (IS_ERR(skb)) {
123                 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
124                            PTR_ERR(skb));
125                 return PTR_ERR(skb);
126         }
127         kfree_skb(skb);
128
129         return 0;
130 }
131 EXPORT_SYMBOL_GPL(btintel_exit_mfg);
132
133 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
134 {
135         struct sk_buff *skb;
136         int err;
137
138         skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
139         if (IS_ERR(skb)) {
140                 err = PTR_ERR(skb);
141                 bt_dev_err(hdev, "Changing Intel device address failed (%d)",
142                            err);
143                 return err;
144         }
145         kfree_skb(skb);
146
147         return 0;
148 }
149 EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
150
151 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
152 {
153         u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
154         struct sk_buff *skb;
155         int err;
156
157         if (debug)
158                 mask[1] |= 0x62;
159
160         skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
161         if (IS_ERR(skb)) {
162                 err = PTR_ERR(skb);
163                 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err);
164                 return err;
165         }
166         kfree_skb(skb);
167
168         return 0;
169 }
170
171 int btintel_set_diag(struct hci_dev *hdev, bool enable)
172 {
173         struct sk_buff *skb;
174         u8 param[3];
175         int err;
176
177         if (enable) {
178                 param[0] = 0x03;
179                 param[1] = 0x03;
180                 param[2] = 0x03;
181         } else {
182                 param[0] = 0x00;
183                 param[1] = 0x00;
184                 param[2] = 0x00;
185         }
186
187         skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
188         if (IS_ERR(skb)) {
189                 err = PTR_ERR(skb);
190                 if (err == -ENODATA)
191                         goto done;
192                 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)",
193                            err);
194                 return err;
195         }
196         kfree_skb(skb);
197
198 done:
199         btintel_set_event_mask(hdev, enable);
200         return 0;
201 }
202 EXPORT_SYMBOL_GPL(btintel_set_diag);
203
204 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
205 {
206         int err, ret;
207
208         err = btintel_enter_mfg(hdev);
209         if (err)
210                 return err;
211
212         ret = btintel_set_diag(hdev, enable);
213
214         err = btintel_exit_mfg(hdev, false, false);
215         if (err)
216                 return err;
217
218         return ret;
219 }
220
221 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable)
222 {
223         int ret;
224
225         /* Legacy ROM device needs to be in the manufacturer mode to apply
226          * diagnostic setting
227          *
228          * This flag is set after reading the Intel version.
229          */
230         if (btintel_test_flag(hdev, INTEL_ROM_LEGACY))
231                 ret = btintel_set_diag_mfg(hdev, enable);
232         else
233                 ret = btintel_set_diag(hdev, enable);
234
235         return ret;
236 }
237
238 void btintel_hw_error(struct hci_dev *hdev, u8 code)
239 {
240         struct sk_buff *skb;
241         u8 type = 0x00;
242
243         bt_dev_err(hdev, "Hardware error 0x%2.2x", code);
244
245         skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
246         if (IS_ERR(skb)) {
247                 bt_dev_err(hdev, "Reset after hardware error failed (%ld)",
248                            PTR_ERR(skb));
249                 return;
250         }
251         kfree_skb(skb);
252
253         skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
254         if (IS_ERR(skb)) {
255                 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)",
256                            PTR_ERR(skb));
257                 return;
258         }
259
260         if (skb->len != 13) {
261                 bt_dev_err(hdev, "Exception info size mismatch");
262                 kfree_skb(skb);
263                 return;
264         }
265
266         bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1));
267
268         kfree_skb(skb);
269 }
270 EXPORT_SYMBOL_GPL(btintel_hw_error);
271
272 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
273 {
274         const char *variant;
275
276         /* The hardware platform number has a fixed value of 0x37 and
277          * for now only accept this single value.
278          */
279         if (ver->hw_platform != 0x37) {
280                 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
281                            ver->hw_platform);
282                 return -EINVAL;
283         }
284
285         /* Check for supported iBT hardware variants of this firmware
286          * loading method.
287          *
288          * This check has been put in place to ensure correct forward
289          * compatibility options when newer hardware variants come along.
290          */
291         switch (ver->hw_variant) {
292         case 0x07:      /* WP - Legacy ROM */
293         case 0x08:      /* StP - Legacy ROM */
294         case 0x0b:      /* SfP */
295         case 0x0c:      /* WsP */
296         case 0x11:      /* JfP */
297         case 0x12:      /* ThP */
298         case 0x13:      /* HrP */
299         case 0x14:      /* CcP */
300                 break;
301         default:
302                 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
303                            ver->hw_variant);
304                 return -EINVAL;
305         }
306
307         switch (ver->fw_variant) {
308         case 0x01:
309                 variant = "Legacy ROM 2.5";
310                 break;
311         case 0x06:
312                 variant = "Bootloader";
313                 break;
314         case 0x22:
315                 variant = "Legacy ROM 2.x";
316                 break;
317         case 0x23:
318                 variant = "Firmware";
319                 break;
320         default:
321                 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant);
322                 return -EINVAL;
323         }
324
325         coredump_info.hw_variant = ver->hw_variant;
326         coredump_info.fw_build_num = ver->fw_build_num;
327
328         bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u",
329                     variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
330                     ver->fw_build_num, ver->fw_build_ww,
331                     2000 + ver->fw_build_yy);
332
333         return 0;
334 }
335 EXPORT_SYMBOL_GPL(btintel_version_info);
336
337 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
338                                const void *param)
339 {
340         while (plen > 0) {
341                 struct sk_buff *skb;
342                 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
343
344                 cmd_param[0] = fragment_type;
345                 memcpy(cmd_param + 1, param, fragment_len);
346
347                 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
348                                      cmd_param, HCI_INIT_TIMEOUT);
349                 if (IS_ERR(skb))
350                         return PTR_ERR(skb);
351
352                 kfree_skb(skb);
353
354                 plen -= fragment_len;
355                 param += fragment_len;
356         }
357
358         return 0;
359 }
360
361 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
362 {
363         const struct firmware *fw;
364         struct sk_buff *skb;
365         const u8 *fw_ptr;
366         int err;
367
368         err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
369         if (err < 0) {
370                 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
371                            ddc_name, err);
372                 return err;
373         }
374
375         bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
376
377         fw_ptr = fw->data;
378
379         /* DDC file contains one or more DDC structure which has
380          * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
381          */
382         while (fw->size > fw_ptr - fw->data) {
383                 u8 cmd_plen = fw_ptr[0] + sizeof(u8);
384
385                 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
386                                      HCI_INIT_TIMEOUT);
387                 if (IS_ERR(skb)) {
388                         bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
389                                    PTR_ERR(skb));
390                         release_firmware(fw);
391                         return PTR_ERR(skb);
392                 }
393
394                 fw_ptr += cmd_plen;
395                 kfree_skb(skb);
396         }
397
398         release_firmware(fw);
399
400         bt_dev_info(hdev, "Applying Intel DDC parameters completed");
401
402         return 0;
403 }
404 EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
405
406 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
407 {
408         int err, ret;
409
410         err = btintel_enter_mfg(hdev);
411         if (err)
412                 return err;
413
414         ret = btintel_set_event_mask(hdev, debug);
415
416         err = btintel_exit_mfg(hdev, false, false);
417         if (err)
418                 return err;
419
420         return ret;
421 }
422 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
423
424 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
425 {
426         struct sk_buff *skb;
427
428         skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
429         if (IS_ERR(skb)) {
430                 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
431                            PTR_ERR(skb));
432                 return PTR_ERR(skb);
433         }
434
435         if (!skb || skb->len != sizeof(*ver)) {
436                 bt_dev_err(hdev, "Intel version event size mismatch");
437                 kfree_skb(skb);
438                 return -EILSEQ;
439         }
440
441         memcpy(ver, skb->data, sizeof(*ver));
442
443         kfree_skb(skb);
444
445         return 0;
446 }
447 EXPORT_SYMBOL_GPL(btintel_read_version);
448
449 int btintel_version_info_tlv(struct hci_dev *hdev,
450                              struct intel_version_tlv *version)
451 {
452         const char *variant;
453
454         /* The hardware platform number has a fixed value of 0x37 and
455          * for now only accept this single value.
456          */
457         if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) {
458                 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
459                            INTEL_HW_PLATFORM(version->cnvi_bt));
460                 return -EINVAL;
461         }
462
463         /* Check for supported iBT hardware variants of this firmware
464          * loading method.
465          *
466          * This check has been put in place to ensure correct forward
467          * compatibility options when newer hardware variants come along.
468          */
469         switch (INTEL_HW_VARIANT(version->cnvi_bt)) {
470         case 0x17:      /* TyP */
471         case 0x18:      /* Slr */
472         case 0x19:      /* Slr-F */
473         case 0x1b:      /* Mgr */
474         case 0x1c:      /* Gale Peak (GaP) */
475         case 0x1d:      /* BlazarU (BzrU) */
476         case 0x1e:      /* BlazarI (Bzr) */
477                 break;
478         default:
479                 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
480                            INTEL_HW_VARIANT(version->cnvi_bt));
481                 return -EINVAL;
482         }
483
484         switch (version->img_type) {
485         case BTINTEL_IMG_BOOTLOADER:
486                 variant = "Bootloader";
487                 /* It is required that every single firmware fragment is acknowledged
488                  * with a command complete event. If the boot parameters indicate
489                  * that this bootloader does not send them, then abort the setup.
490                  */
491                 if (version->limited_cce != 0x00) {
492                         bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)",
493                                    version->limited_cce);
494                         return -EINVAL;
495                 }
496
497                 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */
498                 if (version->sbe_type > 0x01) {
499                         bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)",
500                                    version->sbe_type);
501                         return -EINVAL;
502                 }
503
504                 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id);
505                 bt_dev_info(hdev, "Secure boot is %s",
506                             version->secure_boot ? "enabled" : "disabled");
507                 bt_dev_info(hdev, "OTP lock is %s",
508                             version->otp_lock ? "enabled" : "disabled");
509                 bt_dev_info(hdev, "API lock is %s",
510                             version->api_lock ? "enabled" : "disabled");
511                 bt_dev_info(hdev, "Debug lock is %s",
512                             version->debug_lock ? "enabled" : "disabled");
513                 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
514                             version->min_fw_build_nn, version->min_fw_build_cw,
515                             2000 + version->min_fw_build_yy);
516                 break;
517         case BTINTEL_IMG_IML:
518                 variant = "Intermediate loader";
519                 break;
520         case BTINTEL_IMG_OP:
521                 variant = "Firmware";
522                 break;
523         default:
524                 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type);
525                 return -EINVAL;
526         }
527
528         coredump_info.hw_variant = INTEL_HW_VARIANT(version->cnvi_bt);
529         coredump_info.fw_build_num = version->build_num;
530
531         bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant,
532                     2000 + (version->timestamp >> 8), version->timestamp & 0xff,
533                     version->build_type, version->build_num);
534         if (version->img_type == BTINTEL_IMG_OP)
535                 bt_dev_info(hdev, "Firmware SHA1: 0x%8.8x", version->git_sha1);
536
537         return 0;
538 }
539 EXPORT_SYMBOL_GPL(btintel_version_info_tlv);
540
541 int btintel_parse_version_tlv(struct hci_dev *hdev,
542                               struct intel_version_tlv *version,
543                               struct sk_buff *skb)
544 {
545         /* Consume Command Complete Status field */
546         skb_pull(skb, 1);
547
548         /* Event parameters contatin multiple TLVs. Read each of them
549          * and only keep the required data. Also, it use existing legacy
550          * version field like hw_platform, hw_variant, and fw_variant
551          * to keep the existing setup flow
552          */
553         while (skb->len) {
554                 struct intel_tlv *tlv;
555
556                 /* Make sure skb has a minimum length of the header */
557                 if (skb->len < sizeof(*tlv))
558                         return -EINVAL;
559
560                 tlv = (struct intel_tlv *)skb->data;
561
562                 /* Make sure skb has a enough data */
563                 if (skb->len < tlv->len + sizeof(*tlv))
564                         return -EINVAL;
565
566                 switch (tlv->type) {
567                 case INTEL_TLV_CNVI_TOP:
568                         version->cnvi_top = get_unaligned_le32(tlv->val);
569                         break;
570                 case INTEL_TLV_CNVR_TOP:
571                         version->cnvr_top = get_unaligned_le32(tlv->val);
572                         break;
573                 case INTEL_TLV_CNVI_BT:
574                         version->cnvi_bt = get_unaligned_le32(tlv->val);
575                         break;
576                 case INTEL_TLV_CNVR_BT:
577                         version->cnvr_bt = get_unaligned_le32(tlv->val);
578                         break;
579                 case INTEL_TLV_DEV_REV_ID:
580                         version->dev_rev_id = get_unaligned_le16(tlv->val);
581                         break;
582                 case INTEL_TLV_IMAGE_TYPE:
583                         version->img_type = tlv->val[0];
584                         break;
585                 case INTEL_TLV_TIME_STAMP:
586                         /* If image type is Operational firmware (0x03), then
587                          * running FW Calendar Week and Year information can
588                          * be extracted from Timestamp information
589                          */
590                         version->min_fw_build_cw = tlv->val[0];
591                         version->min_fw_build_yy = tlv->val[1];
592                         version->timestamp = get_unaligned_le16(tlv->val);
593                         break;
594                 case INTEL_TLV_BUILD_TYPE:
595                         version->build_type = tlv->val[0];
596                         break;
597                 case INTEL_TLV_BUILD_NUM:
598                         /* If image type is Operational firmware (0x03), then
599                          * running FW build number can be extracted from the
600                          * Build information
601                          */
602                         version->min_fw_build_nn = tlv->val[0];
603                         version->build_num = get_unaligned_le32(tlv->val);
604                         break;
605                 case INTEL_TLV_SECURE_BOOT:
606                         version->secure_boot = tlv->val[0];
607                         break;
608                 case INTEL_TLV_OTP_LOCK:
609                         version->otp_lock = tlv->val[0];
610                         break;
611                 case INTEL_TLV_API_LOCK:
612                         version->api_lock = tlv->val[0];
613                         break;
614                 case INTEL_TLV_DEBUG_LOCK:
615                         version->debug_lock = tlv->val[0];
616                         break;
617                 case INTEL_TLV_MIN_FW:
618                         version->min_fw_build_nn = tlv->val[0];
619                         version->min_fw_build_cw = tlv->val[1];
620                         version->min_fw_build_yy = tlv->val[2];
621                         break;
622                 case INTEL_TLV_LIMITED_CCE:
623                         version->limited_cce = tlv->val[0];
624                         break;
625                 case INTEL_TLV_SBE_TYPE:
626                         version->sbe_type = tlv->val[0];
627                         break;
628                 case INTEL_TLV_OTP_BDADDR:
629                         memcpy(&version->otp_bd_addr, tlv->val,
630                                                         sizeof(bdaddr_t));
631                         break;
632                 case INTEL_TLV_GIT_SHA1:
633                         version->git_sha1 = get_unaligned_le32(tlv->val);
634                         break;
635                 case INTEL_TLV_FW_ID:
636                         snprintf(version->fw_id, sizeof(version->fw_id),
637                                  "%s", tlv->val);
638                         break;
639                 default:
640                         /* Ignore rest of information */
641                         break;
642                 }
643                 /* consume the current tlv and move to next*/
644                 skb_pull(skb, tlv->len + sizeof(*tlv));
645         }
646
647         return 0;
648 }
649 EXPORT_SYMBOL_GPL(btintel_parse_version_tlv);
650
651 static int btintel_read_version_tlv(struct hci_dev *hdev,
652                                     struct intel_version_tlv *version)
653 {
654         struct sk_buff *skb;
655         const u8 param[1] = { 0xFF };
656
657         if (!version)
658                 return -EINVAL;
659
660         skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
661         if (IS_ERR(skb)) {
662                 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
663                            PTR_ERR(skb));
664                 return PTR_ERR(skb);
665         }
666
667         if (skb->data[0]) {
668                 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
669                            skb->data[0]);
670                 kfree_skb(skb);
671                 return -EIO;
672         }
673
674         btintel_parse_version_tlv(hdev, version, skb);
675
676         kfree_skb(skb);
677         return 0;
678 }
679
680 /* ------- REGMAP IBT SUPPORT ------- */
681
682 #define IBT_REG_MODE_8BIT  0x00
683 #define IBT_REG_MODE_16BIT 0x01
684 #define IBT_REG_MODE_32BIT 0x02
685
686 struct regmap_ibt_context {
687         struct hci_dev *hdev;
688         __u16 op_write;
689         __u16 op_read;
690 };
691
692 struct ibt_cp_reg_access {
693         __le32  addr;
694         __u8    mode;
695         __u8    len;
696         __u8    data[];
697 } __packed;
698
699 struct ibt_rp_reg_access {
700         __u8    status;
701         __le32  addr;
702         __u8    data[];
703 } __packed;
704
705 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
706                            void *val, size_t val_size)
707 {
708         struct regmap_ibt_context *ctx = context;
709         struct ibt_cp_reg_access cp;
710         struct ibt_rp_reg_access *rp;
711         struct sk_buff *skb;
712         int err = 0;
713
714         if (reg_size != sizeof(__le32))
715                 return -EINVAL;
716
717         switch (val_size) {
718         case 1:
719                 cp.mode = IBT_REG_MODE_8BIT;
720                 break;
721         case 2:
722                 cp.mode = IBT_REG_MODE_16BIT;
723                 break;
724         case 4:
725                 cp.mode = IBT_REG_MODE_32BIT;
726                 break;
727         default:
728                 return -EINVAL;
729         }
730
731         /* regmap provides a little-endian formatted addr */
732         cp.addr = *(__le32 *)addr;
733         cp.len = val_size;
734
735         bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
736
737         skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
738                            HCI_CMD_TIMEOUT);
739         if (IS_ERR(skb)) {
740                 err = PTR_ERR(skb);
741                 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
742                            le32_to_cpu(cp.addr), err);
743                 return err;
744         }
745
746         if (skb->len != sizeof(*rp) + val_size) {
747                 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
748                            le32_to_cpu(cp.addr));
749                 err = -EINVAL;
750                 goto done;
751         }
752
753         rp = (struct ibt_rp_reg_access *)skb->data;
754
755         if (rp->addr != cp.addr) {
756                 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
757                            le32_to_cpu(rp->addr));
758                 err = -EINVAL;
759                 goto done;
760         }
761
762         memcpy(val, rp->data, val_size);
763
764 done:
765         kfree_skb(skb);
766         return err;
767 }
768
769 static int regmap_ibt_gather_write(void *context,
770                                    const void *addr, size_t reg_size,
771                                    const void *val, size_t val_size)
772 {
773         struct regmap_ibt_context *ctx = context;
774         struct ibt_cp_reg_access *cp;
775         struct sk_buff *skb;
776         int plen = sizeof(*cp) + val_size;
777         u8 mode;
778         int err = 0;
779
780         if (reg_size != sizeof(__le32))
781                 return -EINVAL;
782
783         switch (val_size) {
784         case 1:
785                 mode = IBT_REG_MODE_8BIT;
786                 break;
787         case 2:
788                 mode = IBT_REG_MODE_16BIT;
789                 break;
790         case 4:
791                 mode = IBT_REG_MODE_32BIT;
792                 break;
793         default:
794                 return -EINVAL;
795         }
796
797         cp = kmalloc(plen, GFP_KERNEL);
798         if (!cp)
799                 return -ENOMEM;
800
801         /* regmap provides a little-endian formatted addr/value */
802         cp->addr = *(__le32 *)addr;
803         cp->mode = mode;
804         cp->len = val_size;
805         memcpy(&cp->data, val, val_size);
806
807         bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
808
809         skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
810         if (IS_ERR(skb)) {
811                 err = PTR_ERR(skb);
812                 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
813                            le32_to_cpu(cp->addr), err);
814                 goto done;
815         }
816         kfree_skb(skb);
817
818 done:
819         kfree(cp);
820         return err;
821 }
822
823 static int regmap_ibt_write(void *context, const void *data, size_t count)
824 {
825         /* data contains register+value, since we only support 32bit addr,
826          * minimum data size is 4 bytes.
827          */
828         if (WARN_ONCE(count < 4, "Invalid register access"))
829                 return -EINVAL;
830
831         return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
832 }
833
834 static void regmap_ibt_free_context(void *context)
835 {
836         kfree(context);
837 }
838
839 static const struct regmap_bus regmap_ibt = {
840         .read = regmap_ibt_read,
841         .write = regmap_ibt_write,
842         .gather_write = regmap_ibt_gather_write,
843         .free_context = regmap_ibt_free_context,
844         .reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
845         .val_format_endian_default = REGMAP_ENDIAN_LITTLE,
846 };
847
848 /* Config is the same for all register regions */
849 static const struct regmap_config regmap_ibt_cfg = {
850         .name      = "btintel_regmap",
851         .reg_bits  = 32,
852         .val_bits  = 32,
853 };
854
855 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
856                                    u16 opcode_write)
857 {
858         struct regmap_ibt_context *ctx;
859
860         bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
861                     opcode_write);
862
863         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
864         if (!ctx)
865                 return ERR_PTR(-ENOMEM);
866
867         ctx->op_read = opcode_read;
868         ctx->op_write = opcode_write;
869         ctx->hdev = hdev;
870
871         return regmap_init(&hdev->dev, &regmap_ibt, ctx, &regmap_ibt_cfg);
872 }
873 EXPORT_SYMBOL_GPL(btintel_regmap_init);
874
875 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param)
876 {
877         struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 };
878         struct sk_buff *skb;
879
880         params.boot_param = cpu_to_le32(boot_param);
881
882         skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), &params,
883                              HCI_INIT_TIMEOUT);
884         if (IS_ERR(skb)) {
885                 bt_dev_err(hdev, "Failed to send Intel Reset command");
886                 return PTR_ERR(skb);
887         }
888
889         kfree_skb(skb);
890
891         return 0;
892 }
893 EXPORT_SYMBOL_GPL(btintel_send_intel_reset);
894
895 int btintel_read_boot_params(struct hci_dev *hdev,
896                              struct intel_boot_params *params)
897 {
898         struct sk_buff *skb;
899
900         skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
901         if (IS_ERR(skb)) {
902                 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
903                            PTR_ERR(skb));
904                 return PTR_ERR(skb);
905         }
906
907         if (skb->len != sizeof(*params)) {
908                 bt_dev_err(hdev, "Intel boot parameters size mismatch");
909                 kfree_skb(skb);
910                 return -EILSEQ;
911         }
912
913         memcpy(params, skb->data, sizeof(*params));
914
915         kfree_skb(skb);
916
917         if (params->status) {
918                 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)",
919                            params->status);
920                 return -bt_to_errno(params->status);
921         }
922
923         bt_dev_info(hdev, "Device revision is %u",
924                     le16_to_cpu(params->dev_revid));
925
926         bt_dev_info(hdev, "Secure boot is %s",
927                     params->secure_boot ? "enabled" : "disabled");
928
929         bt_dev_info(hdev, "OTP lock is %s",
930                     params->otp_lock ? "enabled" : "disabled");
931
932         bt_dev_info(hdev, "API lock is %s",
933                     params->api_lock ? "enabled" : "disabled");
934
935         bt_dev_info(hdev, "Debug lock is %s",
936                     params->debug_lock ? "enabled" : "disabled");
937
938         bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
939                     params->min_fw_build_nn, params->min_fw_build_cw,
940                     2000 + params->min_fw_build_yy);
941
942         return 0;
943 }
944 EXPORT_SYMBOL_GPL(btintel_read_boot_params);
945
946 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev,
947                                               const struct firmware *fw)
948 {
949         int err;
950
951         /* Start the firmware download transaction with the Init fragment
952          * represented by the 128 bytes of CSS header.
953          */
954         err = btintel_secure_send(hdev, 0x00, 128, fw->data);
955         if (err < 0) {
956                 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
957                 goto done;
958         }
959
960         /* Send the 256 bytes of public key information from the firmware
961          * as the PKey fragment.
962          */
963         err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
964         if (err < 0) {
965                 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
966                 goto done;
967         }
968
969         /* Send the 256 bytes of signature information from the firmware
970          * as the Sign fragment.
971          */
972         err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
973         if (err < 0) {
974                 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err);
975                 goto done;
976         }
977
978 done:
979         return err;
980 }
981
982 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev,
983                                                 const struct firmware *fw)
984 {
985         int err;
986
987         /* Start the firmware download transaction with the Init fragment
988          * represented by the 128 bytes of CSS header.
989          */
990         err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644);
991         if (err < 0) {
992                 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
993                 return err;
994         }
995
996         /* Send the 96 bytes of public key information from the firmware
997          * as the PKey fragment.
998          */
999         err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128);
1000         if (err < 0) {
1001                 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
1002                 return err;
1003         }
1004
1005         /* Send the 96 bytes of signature information from the firmware
1006          * as the Sign fragment
1007          */
1008         err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224);
1009         if (err < 0) {
1010                 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
1011                            err);
1012                 return err;
1013         }
1014         return 0;
1015 }
1016
1017 static int btintel_download_firmware_payload(struct hci_dev *hdev,
1018                                              const struct firmware *fw,
1019                                              size_t offset)
1020 {
1021         int err;
1022         const u8 *fw_ptr;
1023         u32 frag_len;
1024
1025         fw_ptr = fw->data + offset;
1026         frag_len = 0;
1027         err = -EINVAL;
1028
1029         while (fw_ptr - fw->data < fw->size) {
1030                 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
1031
1032                 frag_len += sizeof(*cmd) + cmd->plen;
1033
1034                 /* The parameter length of the secure send command requires
1035                  * a 4 byte alignment. It happens so that the firmware file
1036                  * contains proper Intel_NOP commands to align the fragments
1037                  * as needed.
1038                  *
1039                  * Send set of commands with 4 byte alignment from the
1040                  * firmware data buffer as a single Data fragement.
1041                  */
1042                 if (!(frag_len % 4)) {
1043                         err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
1044                         if (err < 0) {
1045                                 bt_dev_err(hdev,
1046                                            "Failed to send firmware data (%d)",
1047                                            err);
1048                                 goto done;
1049                         }
1050
1051                         fw_ptr += frag_len;
1052                         frag_len = 0;
1053                 }
1054         }
1055
1056 done:
1057         return err;
1058 }
1059
1060 static bool btintel_firmware_version(struct hci_dev *hdev,
1061                                      u8 num, u8 ww, u8 yy,
1062                                      const struct firmware *fw,
1063                                      u32 *boot_addr)
1064 {
1065         const u8 *fw_ptr;
1066
1067         fw_ptr = fw->data;
1068
1069         while (fw_ptr - fw->data < fw->size) {
1070                 struct hci_command_hdr *cmd = (void *)(fw_ptr);
1071
1072                 /* Each SKU has a different reset parameter to use in the
1073                  * HCI_Intel_Reset command and it is embedded in the firmware
1074                  * data. So, instead of using static value per SKU, check
1075                  * the firmware data and save it for later use.
1076                  */
1077                 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) {
1078                         struct cmd_write_boot_params *params;
1079
1080                         params = (void *)(fw_ptr + sizeof(*cmd));
1081
1082                         *boot_addr = le32_to_cpu(params->boot_addr);
1083
1084                         bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr);
1085
1086                         bt_dev_info(hdev, "Firmware Version: %u-%u.%u",
1087                                     params->fw_build_num, params->fw_build_ww,
1088                                     params->fw_build_yy);
1089
1090                         return (num == params->fw_build_num &&
1091                                 ww == params->fw_build_ww &&
1092                                 yy == params->fw_build_yy);
1093                 }
1094
1095                 fw_ptr += sizeof(*cmd) + cmd->plen;
1096         }
1097
1098         return false;
1099 }
1100
1101 int btintel_download_firmware(struct hci_dev *hdev,
1102                               struct intel_version *ver,
1103                               const struct firmware *fw,
1104                               u32 *boot_param)
1105 {
1106         int err;
1107
1108         /* SfP and WsP don't seem to update the firmware version on file
1109          * so version checking is currently not possible.
1110          */
1111         switch (ver->hw_variant) {
1112         case 0x0b:      /* SfP */
1113         case 0x0c:      /* WsP */
1114                 /* Skip version checking */
1115                 break;
1116         default:
1117
1118                 /* Skip download if firmware has the same version */
1119                 if (btintel_firmware_version(hdev, ver->fw_build_num,
1120                                              ver->fw_build_ww, ver->fw_build_yy,
1121                                              fw, boot_param)) {
1122                         bt_dev_info(hdev, "Firmware already loaded");
1123                         /* Return -EALREADY to indicate that the firmware has
1124                          * already been loaded.
1125                          */
1126                         return -EALREADY;
1127                 }
1128         }
1129
1130         /* The firmware variant determines if the device is in bootloader
1131          * mode or is running operational firmware. The value 0x06 identifies
1132          * the bootloader and the value 0x23 identifies the operational
1133          * firmware.
1134          *
1135          * If the firmware version has changed that means it needs to be reset
1136          * to bootloader when operational so the new firmware can be loaded.
1137          */
1138         if (ver->fw_variant == 0x23)
1139                 return -EINVAL;
1140
1141         err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1142         if (err)
1143                 return err;
1144
1145         return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1146 }
1147 EXPORT_SYMBOL_GPL(btintel_download_firmware);
1148
1149 static int btintel_download_fw_tlv(struct hci_dev *hdev,
1150                                    struct intel_version_tlv *ver,
1151                                    const struct firmware *fw, u32 *boot_param,
1152                                    u8 hw_variant, u8 sbe_type)
1153 {
1154         int err;
1155         u32 css_header_ver;
1156
1157         /* Skip download if firmware has the same version */
1158         if (btintel_firmware_version(hdev, ver->min_fw_build_nn,
1159                                      ver->min_fw_build_cw,
1160                                      ver->min_fw_build_yy,
1161                                      fw, boot_param)) {
1162                 bt_dev_info(hdev, "Firmware already loaded");
1163                 /* Return -EALREADY to indicate that firmware has
1164                  * already been loaded.
1165                  */
1166                 return -EALREADY;
1167         }
1168
1169         /* The firmware variant determines if the device is in bootloader
1170          * mode or is running operational firmware. The value 0x01 identifies
1171          * the bootloader and the value 0x03 identifies the operational
1172          * firmware.
1173          *
1174          * If the firmware version has changed that means it needs to be reset
1175          * to bootloader when operational so the new firmware can be loaded.
1176          */
1177         if (ver->img_type == BTINTEL_IMG_OP)
1178                 return -EINVAL;
1179
1180         /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support
1181          * only RSA secure boot engine. Hence, the corresponding sfi file will
1182          * have RSA header of 644 bytes followed by Command Buffer.
1183          *
1184          * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA
1185          * secure boot engine. As a result, the corresponding sfi file will
1186          * have RSA header of 644, ECDSA header of 320 bytes followed by
1187          * Command Buffer.
1188          *
1189          * CSS Header byte positions 0x08 to 0x0B represent the CSS Header
1190          * version: RSA(0x00010000) , ECDSA (0x00020000)
1191          */
1192         css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET);
1193         if (css_header_ver != 0x00010000) {
1194                 bt_dev_err(hdev, "Invalid CSS Header version");
1195                 return -EINVAL;
1196         }
1197
1198         if (hw_variant <= 0x14) {
1199                 if (sbe_type != 0x00) {
1200                         bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)",
1201                                    hw_variant);
1202                         return -EINVAL;
1203                 }
1204
1205                 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1206                 if (err)
1207                         return err;
1208
1209                 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1210                 if (err)
1211                         return err;
1212         } else if (hw_variant >= 0x17) {
1213                 /* Check if CSS header for ECDSA follows the RSA header */
1214                 if (fw->data[ECDSA_OFFSET] != 0x06)
1215                         return -EINVAL;
1216
1217                 /* Check if the CSS Header version is ECDSA(0x00020000) */
1218                 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET);
1219                 if (css_header_ver != 0x00020000) {
1220                         bt_dev_err(hdev, "Invalid CSS Header version");
1221                         return -EINVAL;
1222                 }
1223
1224                 if (sbe_type == 0x00) {
1225                         err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1226                         if (err)
1227                                 return err;
1228
1229                         err = btintel_download_firmware_payload(hdev, fw,
1230                                                                 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1231                         if (err)
1232                                 return err;
1233                 } else if (sbe_type == 0x01) {
1234                         err = btintel_sfi_ecdsa_header_secure_send(hdev, fw);
1235                         if (err)
1236                                 return err;
1237
1238                         err = btintel_download_firmware_payload(hdev, fw,
1239                                                                 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1240                         if (err)
1241                                 return err;
1242                 }
1243         }
1244         return 0;
1245 }
1246
1247 static void btintel_reset_to_bootloader(struct hci_dev *hdev)
1248 {
1249         struct intel_reset params;
1250         struct sk_buff *skb;
1251
1252         /* Send Intel Reset command. This will result in
1253          * re-enumeration of BT controller.
1254          *
1255          * Intel Reset parameter description:
1256          * reset_type :   0x00 (Soft reset),
1257          *                0x01 (Hard reset)
1258          * patch_enable : 0x00 (Do not enable),
1259          *                0x01 (Enable)
1260          * ddc_reload :   0x00 (Do not reload),
1261          *                0x01 (Reload)
1262          * boot_option:   0x00 (Current image),
1263          *                0x01 (Specified boot address)
1264          * boot_param:    Boot address
1265          *
1266          */
1267         params.reset_type = 0x01;
1268         params.patch_enable = 0x01;
1269         params.ddc_reload = 0x01;
1270         params.boot_option = 0x00;
1271         params.boot_param = cpu_to_le32(0x00000000);
1272
1273         skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params),
1274                              &params, HCI_INIT_TIMEOUT);
1275         if (IS_ERR(skb)) {
1276                 bt_dev_err(hdev, "FW download error recovery failed (%ld)",
1277                            PTR_ERR(skb));
1278                 return;
1279         }
1280         bt_dev_info(hdev, "Intel reset sent to retry FW download");
1281         kfree_skb(skb);
1282
1283         /* Current Intel BT controllers(ThP/JfP) hold the USB reset
1284          * lines for 2ms when it receives Intel Reset in bootloader mode.
1285          * Whereas, the upcoming Intel BT controllers will hold USB reset
1286          * for 150ms. To keep the delay generic, 150ms is chosen here.
1287          */
1288         msleep(150);
1289 }
1290
1291 static int btintel_read_debug_features(struct hci_dev *hdev,
1292                                        struct intel_debug_features *features)
1293 {
1294         struct sk_buff *skb;
1295         u8 page_no = 1;
1296
1297         /* Intel controller supports two pages, each page is of 128-bit
1298          * feature bit mask. And each bit defines specific feature support
1299          */
1300         skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no,
1301                              HCI_INIT_TIMEOUT);
1302         if (IS_ERR(skb)) {
1303                 bt_dev_err(hdev, "Reading supported features failed (%ld)",
1304                            PTR_ERR(skb));
1305                 return PTR_ERR(skb);
1306         }
1307
1308         if (skb->len != (sizeof(features->page1) + 3)) {
1309                 bt_dev_err(hdev, "Supported features event size mismatch");
1310                 kfree_skb(skb);
1311                 return -EILSEQ;
1312         }
1313
1314         memcpy(features->page1, skb->data + 3, sizeof(features->page1));
1315
1316         /* Read the supported features page2 if required in future.
1317          */
1318         kfree_skb(skb);
1319         return 0;
1320 }
1321
1322 static int btintel_set_debug_features(struct hci_dev *hdev,
1323                                const struct intel_debug_features *features)
1324 {
1325         u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00,
1326                         0x00, 0x00, 0x00 };
1327         u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 };
1328         u8 trace_enable = 0x02;
1329         struct sk_buff *skb;
1330
1331         if (!features) {
1332                 bt_dev_warn(hdev, "Debug features not read");
1333                 return -EINVAL;
1334         }
1335
1336         if (!(features->page1[0] & 0x3f)) {
1337                 bt_dev_info(hdev, "Telemetry exception format not supported");
1338                 return 0;
1339         }
1340
1341         skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1342         if (IS_ERR(skb)) {
1343                 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1344                            PTR_ERR(skb));
1345                 return PTR_ERR(skb);
1346         }
1347         kfree_skb(skb);
1348
1349         skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT);
1350         if (IS_ERR(skb)) {
1351                 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)",
1352                            PTR_ERR(skb));
1353                 return PTR_ERR(skb);
1354         }
1355         kfree_skb(skb);
1356
1357         skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1358         if (IS_ERR(skb)) {
1359                 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)",
1360                            PTR_ERR(skb));
1361                 return PTR_ERR(skb);
1362         }
1363         kfree_skb(skb);
1364
1365         bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x",
1366                     trace_enable, mask[3]);
1367
1368         return 0;
1369 }
1370
1371 static int btintel_reset_debug_features(struct hci_dev *hdev,
1372                                  const struct intel_debug_features *features)
1373 {
1374         u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
1375                         0x00, 0x00, 0x00 };
1376         u8 trace_enable = 0x00;
1377         struct sk_buff *skb;
1378
1379         if (!features) {
1380                 bt_dev_warn(hdev, "Debug features not read");
1381                 return -EINVAL;
1382         }
1383
1384         if (!(features->page1[0] & 0x3f)) {
1385                 bt_dev_info(hdev, "Telemetry exception format not supported");
1386                 return 0;
1387         }
1388
1389         /* Should stop the trace before writing ddc event mask. */
1390         skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1391         if (IS_ERR(skb)) {
1392                 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)",
1393                            PTR_ERR(skb));
1394                 return PTR_ERR(skb);
1395         }
1396         kfree_skb(skb);
1397
1398         skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1399         if (IS_ERR(skb)) {
1400                 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1401                            PTR_ERR(skb));
1402                 return PTR_ERR(skb);
1403         }
1404         kfree_skb(skb);
1405
1406         bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x",
1407                     trace_enable, mask[3]);
1408
1409         return 0;
1410 }
1411
1412 int btintel_set_quality_report(struct hci_dev *hdev, bool enable)
1413 {
1414         struct intel_debug_features features;
1415         int err;
1416
1417         bt_dev_dbg(hdev, "enable %d", enable);
1418
1419         /* Read the Intel supported features and if new exception formats
1420          * supported, need to load the additional DDC config to enable.
1421          */
1422         err = btintel_read_debug_features(hdev, &features);
1423         if (err)
1424                 return err;
1425
1426         /* Set or reset the debug features. */
1427         if (enable)
1428                 err = btintel_set_debug_features(hdev, &features);
1429         else
1430                 err = btintel_reset_debug_features(hdev, &features);
1431
1432         return err;
1433 }
1434 EXPORT_SYMBOL_GPL(btintel_set_quality_report);
1435
1436 static void btintel_coredump(struct hci_dev *hdev)
1437 {
1438         struct sk_buff *skb;
1439
1440         skb = __hci_cmd_sync(hdev, 0xfc4e, 0, NULL, HCI_CMD_TIMEOUT);
1441         if (IS_ERR(skb)) {
1442                 bt_dev_err(hdev, "Coredump failed (%ld)", PTR_ERR(skb));
1443                 return;
1444         }
1445
1446         kfree_skb(skb);
1447 }
1448
1449 static void btintel_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
1450 {
1451         char buf[80];
1452
1453         snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
1454                  coredump_info.hw_variant);
1455         skb_put_data(skb, buf, strlen(buf));
1456
1457         snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
1458                  coredump_info.fw_build_num);
1459         skb_put_data(skb, buf, strlen(buf));
1460
1461         snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info.driver_name);
1462         skb_put_data(skb, buf, strlen(buf));
1463
1464         snprintf(buf, sizeof(buf), "Vendor: Intel\n");
1465         skb_put_data(skb, buf, strlen(buf));
1466 }
1467
1468 static int btintel_register_devcoredump_support(struct hci_dev *hdev)
1469 {
1470         struct intel_debug_features features;
1471         int err;
1472
1473         err = btintel_read_debug_features(hdev, &features);
1474         if (err) {
1475                 bt_dev_info(hdev, "Error reading debug features");
1476                 return err;
1477         }
1478
1479         if (!(features.page1[0] & 0x3f)) {
1480                 bt_dev_dbg(hdev, "Telemetry exception format not supported");
1481                 return -EOPNOTSUPP;
1482         }
1483
1484         hci_devcd_register(hdev, btintel_coredump, btintel_dmp_hdr, NULL);
1485
1486         return err;
1487 }
1488
1489 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev,
1490                                                struct intel_version *ver)
1491 {
1492         const struct firmware *fw;
1493         char fwname[64];
1494         int ret;
1495
1496         snprintf(fwname, sizeof(fwname),
1497                  "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1498                  ver->hw_platform, ver->hw_variant, ver->hw_revision,
1499                  ver->fw_variant,  ver->fw_revision, ver->fw_build_num,
1500                  ver->fw_build_ww, ver->fw_build_yy);
1501
1502         ret = request_firmware(&fw, fwname, &hdev->dev);
1503         if (ret < 0) {
1504                 if (ret == -EINVAL) {
1505                         bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1506                                    ret);
1507                         return NULL;
1508                 }
1509
1510                 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1511                            fwname, ret);
1512
1513                 /* If the correct firmware patch file is not found, use the
1514                  * default firmware patch file instead
1515                  */
1516                 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1517                          ver->hw_platform, ver->hw_variant);
1518                 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1519                         bt_dev_err(hdev, "failed to open default fw file: %s",
1520                                    fwname);
1521                         return NULL;
1522                 }
1523         }
1524
1525         bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1526
1527         return fw;
1528 }
1529
1530 static int btintel_legacy_rom_patching(struct hci_dev *hdev,
1531                                       const struct firmware *fw,
1532                                       const u8 **fw_ptr, int *disable_patch)
1533 {
1534         struct sk_buff *skb;
1535         struct hci_command_hdr *cmd;
1536         const u8 *cmd_param;
1537         struct hci_event_hdr *evt = NULL;
1538         const u8 *evt_param = NULL;
1539         int remain = fw->size - (*fw_ptr - fw->data);
1540
1541         /* The first byte indicates the types of the patch command or event.
1542          * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1543          * in the current firmware buffer doesn't start with 0x01 or
1544          * the size of remain buffer is smaller than HCI command header,
1545          * the firmware file is corrupted and it should stop the patching
1546          * process.
1547          */
1548         if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1549                 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1550                 return -EINVAL;
1551         }
1552         (*fw_ptr)++;
1553         remain--;
1554
1555         cmd = (struct hci_command_hdr *)(*fw_ptr);
1556         *fw_ptr += sizeof(*cmd);
1557         remain -= sizeof(*cmd);
1558
1559         /* Ensure that the remain firmware data is long enough than the length
1560          * of command parameter. If not, the firmware file is corrupted.
1561          */
1562         if (remain < cmd->plen) {
1563                 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
1564                 return -EFAULT;
1565         }
1566
1567         /* If there is a command that loads a patch in the firmware
1568          * file, then enable the patch upon success, otherwise just
1569          * disable the manufacturer mode, for example patch activation
1570          * is not required when the default firmware patch file is used
1571          * because there are no patch data to load.
1572          */
1573         if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1574                 *disable_patch = 0;
1575
1576         cmd_param = *fw_ptr;
1577         *fw_ptr += cmd->plen;
1578         remain -= cmd->plen;
1579
1580         /* This reads the expected events when the above command is sent to the
1581          * device. Some vendor commands expects more than one events, for
1582          * example command status event followed by vendor specific event.
1583          * For this case, it only keeps the last expected event. so the command
1584          * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1585          * last expected event.
1586          */
1587         while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1588                 (*fw_ptr)++;
1589                 remain--;
1590
1591                 evt = (struct hci_event_hdr *)(*fw_ptr);
1592                 *fw_ptr += sizeof(*evt);
1593                 remain -= sizeof(*evt);
1594
1595                 if (remain < evt->plen) {
1596                         bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
1597                         return -EFAULT;
1598                 }
1599
1600                 evt_param = *fw_ptr;
1601                 *fw_ptr += evt->plen;
1602                 remain -= evt->plen;
1603         }
1604
1605         /* Every HCI commands in the firmware file has its correspond event.
1606          * If event is not found or remain is smaller than zero, the firmware
1607          * file is corrupted.
1608          */
1609         if (!evt || !evt_param || remain < 0) {
1610                 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
1611                 return -EFAULT;
1612         }
1613
1614         skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1615                                 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1616         if (IS_ERR(skb)) {
1617                 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
1618                            cmd->opcode, PTR_ERR(skb));
1619                 return PTR_ERR(skb);
1620         }
1621
1622         /* It ensures that the returned event matches the event data read from
1623          * the firmware file. At fist, it checks the length and then
1624          * the contents of the event.
1625          */
1626         if (skb->len != evt->plen) {
1627                 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
1628                            le16_to_cpu(cmd->opcode));
1629                 kfree_skb(skb);
1630                 return -EFAULT;
1631         }
1632
1633         if (memcmp(skb->data, evt_param, evt->plen)) {
1634                 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
1635                            le16_to_cpu(cmd->opcode));
1636                 kfree_skb(skb);
1637                 return -EFAULT;
1638         }
1639         kfree_skb(skb);
1640
1641         return 0;
1642 }
1643
1644 static int btintel_legacy_rom_setup(struct hci_dev *hdev,
1645                                     struct intel_version *ver)
1646 {
1647         const struct firmware *fw;
1648         const u8 *fw_ptr;
1649         int disable_patch, err;
1650         struct intel_version new_ver;
1651
1652         BT_DBG("%s", hdev->name);
1653
1654         /* fw_patch_num indicates the version of patch the device currently
1655          * have. If there is no patch data in the device, it is always 0x00.
1656          * So, if it is other than 0x00, no need to patch the device again.
1657          */
1658         if (ver->fw_patch_num) {
1659                 bt_dev_info(hdev,
1660                             "Intel device is already patched. patch num: %02x",
1661                             ver->fw_patch_num);
1662                 goto complete;
1663         }
1664
1665         /* Opens the firmware patch file based on the firmware version read
1666          * from the controller. If it fails to open the matching firmware
1667          * patch file, it tries to open the default firmware patch file.
1668          * If no patch file is found, allow the device to operate without
1669          * a patch.
1670          */
1671         fw = btintel_legacy_rom_get_fw(hdev, ver);
1672         if (!fw)
1673                 goto complete;
1674         fw_ptr = fw->data;
1675
1676         /* Enable the manufacturer mode of the controller.
1677          * Only while this mode is enabled, the driver can download the
1678          * firmware patch data and configuration parameters.
1679          */
1680         err = btintel_enter_mfg(hdev);
1681         if (err) {
1682                 release_firmware(fw);
1683                 return err;
1684         }
1685
1686         disable_patch = 1;
1687
1688         /* The firmware data file consists of list of Intel specific HCI
1689          * commands and its expected events. The first byte indicates the
1690          * type of the message, either HCI command or HCI event.
1691          *
1692          * It reads the command and its expected event from the firmware file,
1693          * and send to the controller. Once __hci_cmd_sync_ev() returns,
1694          * the returned event is compared with the event read from the firmware
1695          * file and it will continue until all the messages are downloaded to
1696          * the controller.
1697          *
1698          * Once the firmware patching is completed successfully,
1699          * the manufacturer mode is disabled with reset and activating the
1700          * downloaded patch.
1701          *
1702          * If the firmware patching fails, the manufacturer mode is
1703          * disabled with reset and deactivating the patch.
1704          *
1705          * If the default patch file is used, no reset is done when disabling
1706          * the manufacturer.
1707          */
1708         while (fw->size > fw_ptr - fw->data) {
1709                 int ret;
1710
1711                 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr,
1712                                                  &disable_patch);
1713                 if (ret < 0)
1714                         goto exit_mfg_deactivate;
1715         }
1716
1717         release_firmware(fw);
1718
1719         if (disable_patch)
1720                 goto exit_mfg_disable;
1721
1722         /* Patching completed successfully and disable the manufacturer mode
1723          * with reset and activate the downloaded firmware patches.
1724          */
1725         err = btintel_exit_mfg(hdev, true, true);
1726         if (err)
1727                 return err;
1728
1729         /* Need build number for downloaded fw patches in
1730          * every power-on boot
1731          */
1732         err = btintel_read_version(hdev, &new_ver);
1733         if (err)
1734                 return err;
1735
1736         bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
1737                     new_ver.fw_patch_num);
1738
1739         goto complete;
1740
1741 exit_mfg_disable:
1742         /* Disable the manufacturer mode without reset */
1743         err = btintel_exit_mfg(hdev, false, false);
1744         if (err)
1745                 return err;
1746
1747         bt_dev_info(hdev, "Intel firmware patch completed");
1748
1749         goto complete;
1750
1751 exit_mfg_deactivate:
1752         release_firmware(fw);
1753
1754         /* Patching failed. Disable the manufacturer mode with reset and
1755          * deactivate the downloaded firmware patches.
1756          */
1757         err = btintel_exit_mfg(hdev, true, false);
1758         if (err)
1759                 return err;
1760
1761         bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1762
1763 complete:
1764         /* Set the event mask for Intel specific vendor events. This enables
1765          * a few extra events that are useful during general operation.
1766          */
1767         btintel_set_event_mask_mfg(hdev, false);
1768
1769         btintel_check_bdaddr(hdev);
1770
1771         return 0;
1772 }
1773
1774 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1775 {
1776         ktime_t delta, rettime;
1777         unsigned long long duration;
1778         int err;
1779
1780         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1781
1782         bt_dev_info(hdev, "Waiting for firmware download to complete");
1783
1784         err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING,
1785                                            TASK_INTERRUPTIBLE,
1786                                            msecs_to_jiffies(msec));
1787         if (err == -EINTR) {
1788                 bt_dev_err(hdev, "Firmware loading interrupted");
1789                 return err;
1790         }
1791
1792         if (err) {
1793                 bt_dev_err(hdev, "Firmware loading timeout");
1794                 return -ETIMEDOUT;
1795         }
1796
1797         if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) {
1798                 bt_dev_err(hdev, "Firmware loading failed");
1799                 return -ENOEXEC;
1800         }
1801
1802         rettime = ktime_get();
1803         delta = ktime_sub(rettime, calltime);
1804         duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1805
1806         bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
1807
1808         return 0;
1809 }
1810
1811 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1812 {
1813         ktime_t delta, rettime;
1814         unsigned long long duration;
1815         int err;
1816
1817         bt_dev_info(hdev, "Waiting for device to boot");
1818
1819         err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING,
1820                                            TASK_INTERRUPTIBLE,
1821                                            msecs_to_jiffies(msec));
1822         if (err == -EINTR) {
1823                 bt_dev_err(hdev, "Device boot interrupted");
1824                 return -EINTR;
1825         }
1826
1827         if (err) {
1828                 bt_dev_err(hdev, "Device boot timeout");
1829                 return -ETIMEDOUT;
1830         }
1831
1832         rettime = ktime_get();
1833         delta = ktime_sub(rettime, calltime);
1834         duration = (unsigned long long) ktime_to_ns(delta) >> 10;
1835
1836         bt_dev_info(hdev, "Device booted in %llu usecs", duration);
1837
1838         return 0;
1839 }
1840
1841 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
1842 {
1843         ktime_t calltime;
1844         int err;
1845
1846         calltime = ktime_get();
1847
1848         btintel_set_flag(hdev, INTEL_BOOTING);
1849
1850         err = btintel_send_intel_reset(hdev, boot_addr);
1851         if (err) {
1852                 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
1853                 btintel_reset_to_bootloader(hdev);
1854                 return err;
1855         }
1856
1857         /* The bootloader will not indicate when the device is ready. This
1858          * is done by the operational firmware sending bootup notification.
1859          *
1860          * Booting into operational firmware should not take longer than
1861          * 1 second. However if that happens, then just fail the setup
1862          * since something went wrong.
1863          */
1864         err = btintel_boot_wait(hdev, calltime, 1000);
1865         if (err == -ETIMEDOUT)
1866                 btintel_reset_to_bootloader(hdev);
1867
1868         return err;
1869 }
1870
1871 static int btintel_get_fw_name(struct intel_version *ver,
1872                                              struct intel_boot_params *params,
1873                                              char *fw_name, size_t len,
1874                                              const char *suffix)
1875 {
1876         switch (ver->hw_variant) {
1877         case 0x0b:      /* SfP */
1878         case 0x0c:      /* WsP */
1879                 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
1880                          ver->hw_variant,
1881                          le16_to_cpu(params->dev_revid),
1882                          suffix);
1883                 break;
1884         case 0x11:      /* JfP */
1885         case 0x12:      /* ThP */
1886         case 0x13:      /* HrP */
1887         case 0x14:      /* CcP */
1888                 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
1889                          ver->hw_variant,
1890                          ver->hw_revision,
1891                          ver->fw_revision,
1892                          suffix);
1893                 break;
1894         default:
1895                 return -EINVAL;
1896         }
1897
1898         return 0;
1899 }
1900
1901 static int btintel_download_fw(struct hci_dev *hdev,
1902                                          struct intel_version *ver,
1903                                          struct intel_boot_params *params,
1904                                          u32 *boot_param)
1905 {
1906         const struct firmware *fw;
1907         char fwname[64];
1908         int err;
1909         ktime_t calltime;
1910
1911         if (!ver || !params)
1912                 return -EINVAL;
1913
1914         /* The firmware variant determines if the device is in bootloader
1915          * mode or is running operational firmware. The value 0x06 identifies
1916          * the bootloader and the value 0x23 identifies the operational
1917          * firmware.
1918          *
1919          * When the operational firmware is already present, then only
1920          * the check for valid Bluetooth device address is needed. This
1921          * determines if the device will be added as configured or
1922          * unconfigured controller.
1923          *
1924          * It is not possible to use the Secure Boot Parameters in this
1925          * case since that command is only available in bootloader mode.
1926          */
1927         if (ver->fw_variant == 0x23) {
1928                 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
1929                 btintel_check_bdaddr(hdev);
1930
1931                 /* SfP and WsP don't seem to update the firmware version on file
1932                  * so version checking is currently possible.
1933                  */
1934                 switch (ver->hw_variant) {
1935                 case 0x0b:      /* SfP */
1936                 case 0x0c:      /* WsP */
1937                         return 0;
1938                 }
1939
1940                 /* Proceed to download to check if the version matches */
1941                 goto download;
1942         }
1943
1944         /* Read the secure boot parameters to identify the operating
1945          * details of the bootloader.
1946          */
1947         err = btintel_read_boot_params(hdev, params);
1948         if (err)
1949                 return err;
1950
1951         /* It is required that every single firmware fragment is acknowledged
1952          * with a command complete event. If the boot parameters indicate
1953          * that this bootloader does not send them, then abort the setup.
1954          */
1955         if (params->limited_cce != 0x00) {
1956                 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
1957                            params->limited_cce);
1958                 return -EINVAL;
1959         }
1960
1961         /* If the OTP has no valid Bluetooth device address, then there will
1962          * also be no valid address for the operational firmware.
1963          */
1964         if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) {
1965                 bt_dev_info(hdev, "No device address configured");
1966                 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1967         }
1968
1969 download:
1970         /* With this Intel bootloader only the hardware variant and device
1971          * revision information are used to select the right firmware for SfP
1972          * and WsP.
1973          *
1974          * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
1975          *
1976          * Currently the supported hardware variants are:
1977          *   11 (0x0b) for iBT3.0 (LnP/SfP)
1978          *   12 (0x0c) for iBT3.5 (WsP)
1979          *
1980          * For ThP/JfP and for future SKU's, the FW name varies based on HW
1981          * variant, HW revision and FW revision, as these are dependent on CNVi
1982          * and RF Combination.
1983          *
1984          *   17 (0x11) for iBT3.5 (JfP)
1985          *   18 (0x12) for iBT3.5 (ThP)
1986          *
1987          * The firmware file name for these will be
1988          * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
1989          *
1990          */
1991         err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi");
1992         if (err < 0) {
1993                 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1994                         /* Firmware has already been loaded */
1995                         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1996                         return 0;
1997                 }
1998
1999                 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2000                 return -EINVAL;
2001         }
2002
2003         err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
2004         if (err < 0) {
2005                 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2006                         /* Firmware has already been loaded */
2007                         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2008                         return 0;
2009                 }
2010
2011                 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
2012                            fwname, err);
2013                 return err;
2014         }
2015
2016         bt_dev_info(hdev, "Found device firmware: %s", fwname);
2017
2018         if (fw->size < 644) {
2019                 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2020                            fw->size);
2021                 err = -EBADF;
2022                 goto done;
2023         }
2024
2025         calltime = ktime_get();
2026
2027         btintel_set_flag(hdev, INTEL_DOWNLOADING);
2028
2029         /* Start firmware downloading and get boot parameter */
2030         err = btintel_download_firmware(hdev, ver, fw, boot_param);
2031         if (err < 0) {
2032                 if (err == -EALREADY) {
2033                         /* Firmware has already been loaded */
2034                         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2035                         err = 0;
2036                         goto done;
2037                 }
2038
2039                 /* When FW download fails, send Intel Reset to retry
2040                  * FW download.
2041                  */
2042                 btintel_reset_to_bootloader(hdev);
2043                 goto done;
2044         }
2045
2046         /* Before switching the device into operational mode and with that
2047          * booting the loaded firmware, wait for the bootloader notification
2048          * that all fragments have been successfully received.
2049          *
2050          * When the event processing receives the notification, then the
2051          * INTEL_DOWNLOADING flag will be cleared.
2052          *
2053          * The firmware loading should not take longer than 5 seconds
2054          * and thus just timeout if that happens and fail the setup
2055          * of this device.
2056          */
2057         err = btintel_download_wait(hdev, calltime, 5000);
2058         if (err == -ETIMEDOUT)
2059                 btintel_reset_to_bootloader(hdev);
2060
2061 done:
2062         release_firmware(fw);
2063         return err;
2064 }
2065
2066 static int btintel_bootloader_setup(struct hci_dev *hdev,
2067                                     struct intel_version *ver)
2068 {
2069         struct intel_version new_ver;
2070         struct intel_boot_params params;
2071         u32 boot_param;
2072         char ddcname[64];
2073         int err;
2074
2075         BT_DBG("%s", hdev->name);
2076
2077         /* Set the default boot parameter to 0x0 and it is updated to
2078          * SKU specific boot parameter after reading Intel_Write_Boot_Params
2079          * command while downloading the firmware.
2080          */
2081         boot_param = 0x00000000;
2082
2083         btintel_set_flag(hdev, INTEL_BOOTLOADER);
2084
2085         err = btintel_download_fw(hdev, ver, &params, &boot_param);
2086         if (err)
2087                 return err;
2088
2089         /* controller is already having an operational firmware */
2090         if (ver->fw_variant == 0x23)
2091                 goto finish;
2092
2093         err = btintel_boot(hdev, boot_param);
2094         if (err)
2095                 return err;
2096
2097         btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2098
2099         err = btintel_get_fw_name(ver, &params, ddcname,
2100                                                 sizeof(ddcname), "ddc");
2101
2102         if (err < 0) {
2103                 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2104         } else {
2105                 /* Once the device is running in operational mode, it needs to
2106                  * apply the device configuration (DDC) parameters.
2107                  *
2108                  * The device can work without DDC parameters, so even if it
2109                  * fails to load the file, no need to fail the setup.
2110                  */
2111                 btintel_load_ddc_config(hdev, ddcname);
2112         }
2113
2114         hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2115
2116         /* Read the Intel version information after loading the FW  */
2117         err = btintel_read_version(hdev, &new_ver);
2118         if (err)
2119                 return err;
2120
2121         btintel_version_info(hdev, &new_ver);
2122
2123 finish:
2124         /* Set the event mask for Intel specific vendor events. This enables
2125          * a few extra events that are useful during general operation. It
2126          * does not enable any debugging related events.
2127          *
2128          * The device will function correctly without these events enabled
2129          * and thus no need to fail the setup.
2130          */
2131         btintel_set_event_mask(hdev, false);
2132
2133         return 0;
2134 }
2135
2136 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver,
2137                                     char *fw_name, size_t len,
2138                                     const char *suffix)
2139 {
2140         const char *format;
2141         u32 cnvi, cnvr;
2142
2143         cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
2144                                         INTEL_CNVX_TOP_STEP(ver->cnvi_top));
2145
2146         cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
2147                                         INTEL_CNVX_TOP_STEP(ver->cnvr_top));
2148
2149         /* Only Blazar  product supports downloading of intermediate loader
2150          * image
2151          */
2152         if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e) {
2153                 u8 zero[BTINTEL_FWID_MAXLEN];
2154
2155                 if (ver->img_type == BTINTEL_IMG_BOOTLOADER) {
2156                         format = "intel/ibt-%04x-%04x-iml.%s";
2157                         snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2158                         return;
2159                 }
2160
2161                 memset(zero, 0, sizeof(zero));
2162
2163                 /* ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step-fw_id> */
2164                 if (memcmp(ver->fw_id, zero, sizeof(zero))) {
2165                         format = "intel/ibt-%04x-%04x-%s.%s";
2166                         snprintf(fw_name, len, format, cnvi, cnvr,
2167                                  ver->fw_id, suffix);
2168                         return;
2169                 }
2170                 /* If firmware id is not present, fallback to legacy naming
2171                  * convention
2172                  */
2173         }
2174         /* Fallback to legacy naming convention for other controllers
2175          * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step>
2176          */
2177         format = "intel/ibt-%04x-%04x.%s";
2178         snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2179 }
2180
2181 static void btintel_get_iml_tlv(const struct intel_version_tlv *ver,
2182                                 char *fw_name, size_t len,
2183                                 const char *suffix)
2184 {
2185         const char *format;
2186         u32 cnvi, cnvr;
2187
2188         cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
2189                                         INTEL_CNVX_TOP_STEP(ver->cnvi_top));
2190
2191         cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
2192                                         INTEL_CNVX_TOP_STEP(ver->cnvr_top));
2193
2194         format = "intel/ibt-%04x-%04x-iml.%s";
2195         snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2196 }
2197
2198 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
2199                                            struct intel_version_tlv *ver,
2200                                            u32 *boot_param)
2201 {
2202         const struct firmware *fw;
2203         char fwname[128];
2204         int err;
2205         ktime_t calltime;
2206
2207         if (!ver || !boot_param)
2208                 return -EINVAL;
2209
2210         /* The firmware variant determines if the device is in bootloader
2211          * mode or is running operational firmware. The value 0x03 identifies
2212          * the bootloader and the value 0x23 identifies the operational
2213          * firmware.
2214          *
2215          * When the operational firmware is already present, then only
2216          * the check for valid Bluetooth device address is needed. This
2217          * determines if the device will be added as configured or
2218          * unconfigured controller.
2219          *
2220          * It is not possible to use the Secure Boot Parameters in this
2221          * case since that command is only available in bootloader mode.
2222          */
2223         if (ver->img_type == BTINTEL_IMG_OP) {
2224                 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2225                 btintel_check_bdaddr(hdev);
2226         } else {
2227                 /*
2228                  * Check for valid bd address in boot loader mode. Device
2229                  * will be marked as unconfigured if empty bd address is
2230                  * found.
2231                  */
2232                 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) {
2233                         bt_dev_info(hdev, "No device address configured");
2234                         set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2235                 }
2236         }
2237
2238         if (ver->img_type == BTINTEL_IMG_OP) {
2239                 /* Controller running OP image. In case of FW downgrade,
2240                  * FWID TLV may not be present and driver may attempt to load
2241                  * firmware image which doesn't exist. Lets compare the version
2242                  * of IML image
2243                  */
2244                 if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e)
2245                         btintel_get_iml_tlv(ver, fwname, sizeof(fwname), "sfi");
2246                 else
2247                         btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
2248         } else {
2249                 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
2250         }
2251
2252         err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
2253         if (err < 0) {
2254                 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2255                         /* Firmware has already been loaded */
2256                         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2257                         return 0;
2258                 }
2259
2260                 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
2261                            fwname, err);
2262
2263                 return err;
2264         }
2265
2266         bt_dev_info(hdev, "Found device firmware: %s", fwname);
2267
2268         if (fw->size < 644) {
2269                 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2270                            fw->size);
2271                 err = -EBADF;
2272                 goto done;
2273         }
2274
2275         calltime = ktime_get();
2276
2277         btintel_set_flag(hdev, INTEL_DOWNLOADING);
2278
2279         /* Start firmware downloading and get boot parameter */
2280         err = btintel_download_fw_tlv(hdev, ver, fw, boot_param,
2281                                                INTEL_HW_VARIANT(ver->cnvi_bt),
2282                                                ver->sbe_type);
2283         if (err < 0) {
2284                 if (err == -EALREADY) {
2285                         /* Firmware has already been loaded */
2286                         btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2287                         err = 0;
2288                         goto done;
2289                 }
2290
2291                 /* When FW download fails, send Intel Reset to retry
2292                  * FW download.
2293                  */
2294                 btintel_reset_to_bootloader(hdev);
2295                 goto done;
2296         }
2297
2298         /* Before switching the device into operational mode and with that
2299          * booting the loaded firmware, wait for the bootloader notification
2300          * that all fragments have been successfully received.
2301          *
2302          * When the event processing receives the notification, then the
2303          * BTUSB_DOWNLOADING flag will be cleared.
2304          *
2305          * The firmware loading should not take longer than 5 seconds
2306          * and thus just timeout if that happens and fail the setup
2307          * of this device.
2308          */
2309         err = btintel_download_wait(hdev, calltime, 5000);
2310         if (err == -ETIMEDOUT)
2311                 btintel_reset_to_bootloader(hdev);
2312
2313 done:
2314         release_firmware(fw);
2315         return err;
2316 }
2317
2318 static int btintel_get_codec_config_data(struct hci_dev *hdev,
2319                                          __u8 link, struct bt_codec *codec,
2320                                          __u8 *ven_len, __u8 **ven_data)
2321 {
2322         int err = 0;
2323
2324         if (!ven_data || !ven_len)
2325                 return -EINVAL;
2326
2327         *ven_len = 0;
2328         *ven_data = NULL;
2329
2330         if (link != ESCO_LINK) {
2331                 bt_dev_err(hdev, "Invalid link type(%u)", link);
2332                 return -EINVAL;
2333         }
2334
2335         *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL);
2336         if (!*ven_data) {
2337                 err = -ENOMEM;
2338                 goto error;
2339         }
2340
2341         /* supports only CVSD and mSBC offload codecs */
2342         switch (codec->id) {
2343         case 0x02:
2344                 **ven_data = 0x00;
2345                 break;
2346         case 0x05:
2347                 **ven_data = 0x01;
2348                 break;
2349         default:
2350                 err = -EINVAL;
2351                 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id);
2352                 goto error;
2353         }
2354         /* codec and its capabilities are pre-defined to ids
2355          * preset id = 0x00 represents CVSD codec with sampling rate 8K
2356          * preset id = 0x01 represents mSBC codec with sampling rate 16K
2357          */
2358         *ven_len = sizeof(__u8);
2359         return err;
2360
2361 error:
2362         kfree(*ven_data);
2363         *ven_data = NULL;
2364         return err;
2365 }
2366
2367 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
2368 {
2369         /* Intel uses 1 as data path id for all the usecases */
2370         *data_path_id = 1;
2371         return 0;
2372 }
2373
2374 static int btintel_configure_offload(struct hci_dev *hdev)
2375 {
2376         struct sk_buff *skb;
2377         int err = 0;
2378         struct intel_offload_use_cases *use_cases;
2379
2380         skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT);
2381         if (IS_ERR(skb)) {
2382                 bt_dev_err(hdev, "Reading offload use cases failed (%ld)",
2383                            PTR_ERR(skb));
2384                 return PTR_ERR(skb);
2385         }
2386
2387         if (skb->len < sizeof(*use_cases)) {
2388                 err = -EIO;
2389                 goto error;
2390         }
2391
2392         use_cases = (void *)skb->data;
2393
2394         if (use_cases->status) {
2395                 err = -bt_to_errno(skb->data[0]);
2396                 goto error;
2397         }
2398
2399         if (use_cases->preset[0] & 0x03) {
2400                 hdev->get_data_path_id = btintel_get_data_path_id;
2401                 hdev->get_codec_config_data = btintel_get_codec_config_data;
2402         }
2403 error:
2404         kfree_skb(skb);
2405         return err;
2406 }
2407
2408 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver)
2409 {
2410         struct sk_buff *skb;
2411         struct hci_ppag_enable_cmd ppag_cmd;
2412         acpi_handle handle;
2413         struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL};
2414         union acpi_object *p, *elements;
2415         u32 domain, mode;
2416         acpi_status status;
2417
2418         /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */
2419         switch (ver->cnvr_top & 0xFFF) {
2420         case 0x504:     /* Hrp2 */
2421         case 0x202:     /* Jfp2 */
2422         case 0x201:     /* Jfp1 */
2423                 bt_dev_dbg(hdev, "PPAG not supported for Intel CNVr (0x%3x)",
2424                            ver->cnvr_top & 0xFFF);
2425                 return;
2426         }
2427
2428         handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2429         if (!handle) {
2430                 bt_dev_info(hdev, "No support for BT device in ACPI firmware");
2431                 return;
2432         }
2433
2434         status = acpi_evaluate_object(handle, "PPAG", NULL, &buffer);
2435         if (ACPI_FAILURE(status)) {
2436                 if (status == AE_NOT_FOUND) {
2437                         bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found");
2438                         return;
2439                 }
2440                 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status));
2441                 return;
2442         }
2443
2444         p = buffer.pointer;
2445         if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) {
2446                 bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d",
2447                             p->type, p->package.count);
2448                 kfree(buffer.pointer);
2449                 return;
2450         }
2451
2452         elements = p->package.elements;
2453
2454         /* PPAG table is located at element[1] */
2455         p = &elements[1];
2456
2457         domain = (u32)p->package.elements[0].integer.value;
2458         mode = (u32)p->package.elements[1].integer.value;
2459         kfree(buffer.pointer);
2460
2461         if (domain != 0x12) {
2462                 bt_dev_dbg(hdev, "PPAG-BT: Bluetooth domain is disabled in ACPI firmware");
2463                 return;
2464         }
2465
2466         /* PPAG mode
2467          * BIT 0 : 0 Disabled in EU
2468          *         1 Enabled in EU
2469          * BIT 1 : 0 Disabled in China
2470          *         1 Enabled in China
2471          */
2472         mode &= 0x03;
2473
2474         if (!mode) {
2475                 bt_dev_dbg(hdev, "PPAG-BT: EU, China mode are disabled in BIOS");
2476                 return;
2477         }
2478
2479         ppag_cmd.ppag_enable_flags = cpu_to_le32(mode);
2480
2481         skb = __hci_cmd_sync(hdev, INTEL_OP_PPAG_CMD, sizeof(ppag_cmd),
2482                              &ppag_cmd, HCI_CMD_TIMEOUT);
2483         if (IS_ERR(skb)) {
2484                 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb));
2485                 return;
2486         }
2487         bt_dev_info(hdev, "PPAG-BT: Enabled (Mode %d)", mode);
2488         kfree_skb(skb);
2489 }
2490
2491 static int btintel_acpi_reset_method(struct hci_dev *hdev)
2492 {
2493         int ret = 0;
2494         acpi_status status;
2495         union acpi_object *p, *ref;
2496         struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
2497
2498         status = acpi_evaluate_object(ACPI_HANDLE(GET_HCIDEV_DEV(hdev)), "_PRR", NULL, &buffer);
2499         if (ACPI_FAILURE(status)) {
2500                 bt_dev_err(hdev, "Failed to run _PRR method");
2501                 ret = -ENODEV;
2502                 return ret;
2503         }
2504         p = buffer.pointer;
2505
2506         if (p->package.count != 1 || p->type != ACPI_TYPE_PACKAGE) {
2507                 bt_dev_err(hdev, "Invalid arguments");
2508                 ret = -EINVAL;
2509                 goto exit_on_error;
2510         }
2511
2512         ref = &p->package.elements[0];
2513         if (ref->type != ACPI_TYPE_LOCAL_REFERENCE) {
2514                 bt_dev_err(hdev, "Invalid object type: 0x%x", ref->type);
2515                 ret = -EINVAL;
2516                 goto exit_on_error;
2517         }
2518
2519         status = acpi_evaluate_object(ref->reference.handle, "_RST", NULL, NULL);
2520         if (ACPI_FAILURE(status)) {
2521                 bt_dev_err(hdev, "Failed to run_RST method");
2522                 ret = -ENODEV;
2523                 goto exit_on_error;
2524         }
2525
2526 exit_on_error:
2527         kfree(buffer.pointer);
2528         return ret;
2529 }
2530
2531 static void btintel_set_dsm_reset_method(struct hci_dev *hdev,
2532                                          struct intel_version_tlv *ver_tlv)
2533 {
2534         struct btintel_data *data = hci_get_priv(hdev);
2535         acpi_handle handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2536         u8 reset_payload[4] = {0x01, 0x00, 0x01, 0x00};
2537         union acpi_object *obj, argv4;
2538         enum {
2539                 RESET_TYPE_WDISABLE2,
2540                 RESET_TYPE_VSEC
2541         };
2542
2543         handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2544
2545         if (!handle) {
2546                 bt_dev_dbg(hdev, "No support for bluetooth device in ACPI firmware");
2547                 return;
2548         }
2549
2550         if (!acpi_has_method(handle, "_PRR")) {
2551                 bt_dev_err(hdev, "No support for _PRR ACPI method");
2552                 return;
2553         }
2554
2555         switch (ver_tlv->cnvi_top & 0xfff) {
2556         case 0x910: /* GalePeak2 */
2557                 reset_payload[2] = RESET_TYPE_VSEC;
2558                 break;
2559         default:
2560                 /* WDISABLE2 is the default reset method */
2561                 reset_payload[2] = RESET_TYPE_WDISABLE2;
2562
2563                 if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2564                                     BIT(DSM_SET_WDISABLE2_DELAY))) {
2565                         bt_dev_err(hdev, "No dsm support to set reset delay");
2566                         return;
2567                 }
2568                 argv4.integer.type = ACPI_TYPE_INTEGER;
2569                 /* delay required to toggle BT power */
2570                 argv4.integer.value = 160;
2571                 obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2572                                         DSM_SET_WDISABLE2_DELAY, &argv4);
2573                 if (!obj) {
2574                         bt_dev_err(hdev, "Failed to call dsm to set reset delay");
2575                         return;
2576                 }
2577                 ACPI_FREE(obj);
2578         }
2579
2580         bt_dev_info(hdev, "DSM reset method type: 0x%02x", reset_payload[2]);
2581
2582         if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2583                             DSM_SET_RESET_METHOD)) {
2584                 bt_dev_warn(hdev, "No support for dsm to set reset method");
2585                 return;
2586         }
2587         argv4.buffer.type = ACPI_TYPE_BUFFER;
2588         argv4.buffer.length = sizeof(reset_payload);
2589         argv4.buffer.pointer = reset_payload;
2590
2591         obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2592                                 DSM_SET_RESET_METHOD, &argv4);
2593         if (!obj) {
2594                 bt_dev_err(hdev, "Failed to call dsm to set reset method");
2595                 return;
2596         }
2597         ACPI_FREE(obj);
2598         data->acpi_reset_method = btintel_acpi_reset_method;
2599 }
2600
2601 #define BTINTEL_ISODATA_HANDLE_BASE 0x900
2602
2603 static u8 btintel_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb)
2604 {
2605         /*
2606          * Distinguish ISO data packets form ACL data packets
2607          * based on their connection handle value range.
2608          */
2609         if (hci_skb_pkt_type(skb) == HCI_ACLDATA_PKT) {
2610                 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle);
2611
2612                 if (hci_handle(handle) >= BTINTEL_ISODATA_HANDLE_BASE)
2613                         return HCI_ISODATA_PKT;
2614         }
2615
2616         return hci_skb_pkt_type(skb);
2617 }
2618
2619 int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
2620                                  struct intel_version_tlv *ver)
2621 {
2622         u32 boot_param;
2623         char ddcname[64];
2624         int err;
2625         struct intel_version_tlv new_ver;
2626
2627         bt_dev_dbg(hdev, "");
2628
2629         /* Set the default boot parameter to 0x0 and it is updated to
2630          * SKU specific boot parameter after reading Intel_Write_Boot_Params
2631          * command while downloading the firmware.
2632          */
2633         boot_param = 0x00000000;
2634
2635         btintel_set_flag(hdev, INTEL_BOOTLOADER);
2636
2637         err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
2638         if (err)
2639                 return err;
2640
2641         /* check if controller is already having an operational firmware */
2642         if (ver->img_type == BTINTEL_IMG_OP)
2643                 goto finish;
2644
2645         err = btintel_boot(hdev, boot_param);
2646         if (err)
2647                 return err;
2648
2649         err = btintel_read_version_tlv(hdev, ver);
2650         if (err)
2651                 return err;
2652
2653         /* If image type returned is BTINTEL_IMG_IML, then controller supports
2654          * intermediate loader image
2655          */
2656         if (ver->img_type == BTINTEL_IMG_IML) {
2657                 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
2658                 if (err)
2659                         return err;
2660
2661                 err = btintel_boot(hdev, boot_param);
2662                 if (err)
2663                         return err;
2664         }
2665
2666         btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2667
2668         btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc");
2669         /* Once the device is running in operational mode, it needs to
2670          * apply the device configuration (DDC) parameters.
2671          *
2672          * The device can work without DDC parameters, so even if it
2673          * fails to load the file, no need to fail the setup.
2674          */
2675         btintel_load_ddc_config(hdev, ddcname);
2676
2677         /* Read supported use cases and set callbacks to fetch datapath id */
2678         btintel_configure_offload(hdev);
2679
2680         hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2681
2682         /* Set PPAG feature */
2683         btintel_set_ppag(hdev, ver);
2684
2685         /* Read the Intel version information after loading the FW  */
2686         err = btintel_read_version_tlv(hdev, &new_ver);
2687         if (err)
2688                 return err;
2689
2690         btintel_version_info_tlv(hdev, &new_ver);
2691
2692 finish:
2693         /* Set the event mask for Intel specific vendor events. This enables
2694          * a few extra events that are useful during general operation. It
2695          * does not enable any debugging related events.
2696          *
2697          * The device will function correctly without these events enabled
2698          * and thus no need to fail the setup.
2699          */
2700         btintel_set_event_mask(hdev, false);
2701
2702         return 0;
2703 }
2704 EXPORT_SYMBOL_GPL(btintel_bootloader_setup_tlv);
2705
2706 void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant)
2707 {
2708         switch (hw_variant) {
2709         /* Legacy bootloader devices that supports MSFT Extension */
2710         case 0x11:      /* JfP */
2711         case 0x12:      /* ThP */
2712         case 0x13:      /* HrP */
2713         case 0x14:      /* CcP */
2714         /* All Intel new genration controllers support the Microsoft vendor
2715          * extension are using 0xFC1E for VsMsftOpCode.
2716          */
2717         case 0x17:
2718         case 0x18:
2719         case 0x19:
2720         case 0x1b:
2721         case 0x1c:
2722         case 0x1d:
2723         case 0x1e:
2724                 hci_set_msft_opcode(hdev, 0xFC1E);
2725                 break;
2726         default:
2727                 /* Not supported */
2728                 break;
2729         }
2730 }
2731 EXPORT_SYMBOL_GPL(btintel_set_msft_opcode);
2732
2733 void btintel_print_fseq_info(struct hci_dev *hdev)
2734 {
2735         struct sk_buff *skb;
2736         u8 *p;
2737         u32 val;
2738         const char *str;
2739
2740         skb = __hci_cmd_sync(hdev, 0xfcb3, 0, NULL, HCI_CMD_TIMEOUT);
2741         if (IS_ERR(skb)) {
2742                 bt_dev_dbg(hdev, "Reading fseq status command failed (%ld)",
2743                            PTR_ERR(skb));
2744                 return;
2745         }
2746
2747         if (skb->len < (sizeof(u32) * 16 + 2)) {
2748                 bt_dev_dbg(hdev, "Malformed packet of length %u received",
2749                            skb->len);
2750                 kfree_skb(skb);
2751                 return;
2752         }
2753
2754         p = skb_pull_data(skb, 1);
2755         if (*p) {
2756                 bt_dev_dbg(hdev, "Failed to get fseq status (0x%2.2x)", *p);
2757                 kfree_skb(skb);
2758                 return;
2759         }
2760
2761         p = skb_pull_data(skb, 1);
2762         switch (*p) {
2763         case 0:
2764                 str = "Success";
2765                 break;
2766         case 1:
2767                 str = "Fatal error";
2768                 break;
2769         case 2:
2770                 str = "Semaphore acquire error";
2771                 break;
2772         default:
2773                 str = "Unknown error";
2774                 break;
2775         }
2776
2777         if (*p) {
2778                 bt_dev_err(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
2779                 kfree_skb(skb);
2780                 return;
2781         }
2782
2783         bt_dev_info(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
2784
2785         val = get_unaligned_le32(skb_pull_data(skb, 4));
2786         bt_dev_dbg(hdev, "Reason: 0x%8.8x", val);
2787
2788         val = get_unaligned_le32(skb_pull_data(skb, 4));
2789         bt_dev_dbg(hdev, "Global version: 0x%8.8x", val);
2790
2791         val = get_unaligned_le32(skb_pull_data(skb, 4));
2792         bt_dev_dbg(hdev, "Installed version: 0x%8.8x", val);
2793
2794         p = skb->data;
2795         skb_pull_data(skb, 4);
2796         bt_dev_info(hdev, "Fseq executed: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
2797                     p[2], p[3]);
2798
2799         p = skb->data;
2800         skb_pull_data(skb, 4);
2801         bt_dev_info(hdev, "Fseq BT Top: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
2802                     p[2], p[3]);
2803
2804         val = get_unaligned_le32(skb_pull_data(skb, 4));
2805         bt_dev_dbg(hdev, "Fseq Top init version: 0x%8.8x", val);
2806
2807         val = get_unaligned_le32(skb_pull_data(skb, 4));
2808         bt_dev_dbg(hdev, "Fseq Cnvio init version: 0x%8.8x", val);
2809
2810         val = get_unaligned_le32(skb_pull_data(skb, 4));
2811         bt_dev_dbg(hdev, "Fseq MBX Wifi file version: 0x%8.8x", val);
2812
2813         val = get_unaligned_le32(skb_pull_data(skb, 4));
2814         bt_dev_dbg(hdev, "Fseq BT version: 0x%8.8x", val);
2815
2816         val = get_unaligned_le32(skb_pull_data(skb, 4));
2817         bt_dev_dbg(hdev, "Fseq Top reset address: 0x%8.8x", val);
2818
2819         val = get_unaligned_le32(skb_pull_data(skb, 4));
2820         bt_dev_dbg(hdev, "Fseq MBX timeout: 0x%8.8x", val);
2821
2822         val = get_unaligned_le32(skb_pull_data(skb, 4));
2823         bt_dev_dbg(hdev, "Fseq MBX ack: 0x%8.8x", val);
2824
2825         val = get_unaligned_le32(skb_pull_data(skb, 4));
2826         bt_dev_dbg(hdev, "Fseq CNVi id: 0x%8.8x", val);
2827
2828         val = get_unaligned_le32(skb_pull_data(skb, 4));
2829         bt_dev_dbg(hdev, "Fseq CNVr id: 0x%8.8x", val);
2830
2831         val = get_unaligned_le32(skb_pull_data(skb, 4));
2832         bt_dev_dbg(hdev, "Fseq Error handle: 0x%8.8x", val);
2833
2834         val = get_unaligned_le32(skb_pull_data(skb, 4));
2835         bt_dev_dbg(hdev, "Fseq Magic noalive indication: 0x%8.8x", val);
2836
2837         val = get_unaligned_le32(skb_pull_data(skb, 4));
2838         bt_dev_dbg(hdev, "Fseq OTP version: 0x%8.8x", val);
2839
2840         val = get_unaligned_le32(skb_pull_data(skb, 4));
2841         bt_dev_dbg(hdev, "Fseq MBX otp version: 0x%8.8x", val);
2842
2843         kfree_skb(skb);
2844 }
2845 EXPORT_SYMBOL_GPL(btintel_print_fseq_info);
2846
2847 static int btintel_setup_combined(struct hci_dev *hdev)
2848 {
2849         const u8 param[1] = { 0xFF };
2850         struct intel_version ver;
2851         struct intel_version_tlv ver_tlv;
2852         struct sk_buff *skb;
2853         int err;
2854
2855         BT_DBG("%s", hdev->name);
2856
2857         /* The some controllers have a bug with the first HCI command sent to it
2858          * returning number of completed commands as zero. This would stall the
2859          * command processing in the Bluetooth core.
2860          *
2861          * As a workaround, send HCI Reset command first which will reset the
2862          * number of completed commands and allow normal command processing
2863          * from now on.
2864          *
2865          * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe
2866          * in the SW_RFKILL ON state as a workaround of fixing LED issue during
2867          * the shutdown() procedure, and once the device is in SW_RFKILL ON
2868          * state, the only way to exit out of it is sending the HCI_Reset
2869          * command.
2870          */
2871         if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) ||
2872             btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
2873                 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
2874                                      HCI_INIT_TIMEOUT);
2875                 if (IS_ERR(skb)) {
2876                         bt_dev_err(hdev,
2877                                    "sending initial HCI reset failed (%ld)",
2878                                    PTR_ERR(skb));
2879                         return PTR_ERR(skb);
2880                 }
2881                 kfree_skb(skb);
2882         }
2883
2884         /* Starting from TyP device, the command parameter and response are
2885          * changed even though the OCF for HCI_Intel_Read_Version command
2886          * remains same. The legacy devices can handle even if the
2887          * command has a parameter and returns a correct version information.
2888          * So, it uses new format to support both legacy and new format.
2889          */
2890         skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
2891         if (IS_ERR(skb)) {
2892                 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
2893                            PTR_ERR(skb));
2894                 return PTR_ERR(skb);
2895         }
2896
2897         /* Check the status */
2898         if (skb->data[0]) {
2899                 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
2900                            skb->data[0]);
2901                 err = -EIO;
2902                 goto exit_error;
2903         }
2904
2905         /* Apply the common HCI quirks for Intel device */
2906         set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
2907         set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2908         set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
2909
2910         /* Set up the quality report callback for Intel devices */
2911         hdev->set_quality_report = btintel_set_quality_report;
2912
2913         /* For Legacy device, check the HW platform value and size */
2914         if (skb->len == sizeof(ver) && skb->data[1] == 0x37) {
2915                 bt_dev_dbg(hdev, "Read the legacy Intel version information");
2916
2917                 memcpy(&ver, skb->data, sizeof(ver));
2918
2919                 /* Display version information */
2920                 btintel_version_info(hdev, &ver);
2921
2922                 /* Check for supported iBT hardware variants of this firmware
2923                  * loading method.
2924                  *
2925                  * This check has been put in place to ensure correct forward
2926                  * compatibility options when newer hardware variants come
2927                  * along.
2928                  */
2929                 switch (ver.hw_variant) {
2930                 case 0x07:      /* WP */
2931                 case 0x08:      /* StP */
2932                         /* Legacy ROM product */
2933                         btintel_set_flag(hdev, INTEL_ROM_LEGACY);
2934
2935                         /* Apply the device specific HCI quirks
2936                          *
2937                          * WBS for SdP - For the Legacy ROM products, only SdP
2938                          * supports the WBS. But the version information is not
2939                          * enough to use here because the StP2 and SdP have same
2940                          * hw_variant and fw_variant. So, this flag is set by
2941                          * the transport driver (btusb) based on the HW info
2942                          * (idProduct)
2943                          */
2944                         if (!btintel_test_flag(hdev,
2945                                                INTEL_ROM_LEGACY_NO_WBS_SUPPORT))
2946                                 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
2947                                         &hdev->quirks);
2948                         if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22)
2949                                 set_bit(HCI_QUIRK_VALID_LE_STATES,
2950                                         &hdev->quirks);
2951
2952                         err = btintel_legacy_rom_setup(hdev, &ver);
2953                         break;
2954                 case 0x0b:      /* SfP */
2955                 case 0x11:      /* JfP */
2956                 case 0x12:      /* ThP */
2957                 case 0x13:      /* HrP */
2958                 case 0x14:      /* CcP */
2959                         set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
2960                         fallthrough;
2961                 case 0x0c:      /* WsP */
2962                         /* Apply the device specific HCI quirks
2963                          *
2964                          * All Legacy bootloader devices support WBS
2965                          */
2966                         set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
2967                                 &hdev->quirks);
2968
2969                         /* These variants don't seem to support LE Coded PHY */
2970                         set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);
2971
2972                         /* Setup MSFT Extension support */
2973                         btintel_set_msft_opcode(hdev, ver.hw_variant);
2974
2975                         err = btintel_bootloader_setup(hdev, &ver);
2976                         btintel_register_devcoredump_support(hdev);
2977                         break;
2978                 default:
2979                         bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
2980                                    ver.hw_variant);
2981                         err = -EINVAL;
2982                 }
2983
2984                 hci_set_hw_info(hdev,
2985                                 "INTEL platform=%u variant=%u revision=%u",
2986                                 ver.hw_platform, ver.hw_variant,
2987                                 ver.hw_revision);
2988
2989                 goto exit_error;
2990         }
2991
2992         /* memset ver_tlv to start with clean state as few fields are exclusive
2993          * to bootloader mode and are not populated in operational mode
2994          */
2995         memset(&ver_tlv, 0, sizeof(ver_tlv));
2996         /* For TLV type device, parse the tlv data */
2997         err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
2998         if (err) {
2999                 bt_dev_err(hdev, "Failed to parse TLV version information");
3000                 goto exit_error;
3001         }
3002
3003         if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) {
3004                 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
3005                            INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
3006                 err = -EINVAL;
3007                 goto exit_error;
3008         }
3009
3010         /* Check for supported iBT hardware variants of this firmware
3011          * loading method.
3012          *
3013          * This check has been put in place to ensure correct forward
3014          * compatibility options when newer hardware variants come
3015          * along.
3016          */
3017         switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
3018         case 0x11:      /* JfP */
3019         case 0x12:      /* ThP */
3020         case 0x13:      /* HrP */
3021         case 0x14:      /* CcP */
3022                 /* Some legacy bootloader devices starting from JfP,
3023                  * the operational firmware supports both old and TLV based
3024                  * HCI_Intel_Read_Version command based on the command
3025                  * parameter.
3026                  *
3027                  * For upgrading firmware case, the TLV based version cannot
3028                  * be used because the firmware filename for legacy bootloader
3029                  * is based on the old format.
3030                  *
3031                  * Also, it is not easy to convert TLV based version from the
3032                  * legacy version format.
3033                  *
3034                  * So, as a workaround for those devices, use the legacy
3035                  * HCI_Intel_Read_Version to get the version information and
3036                  * run the legacy bootloader setup.
3037                  */
3038                 err = btintel_read_version(hdev, &ver);
3039                 if (err)
3040                         break;
3041
3042                 /* Apply the device specific HCI quirks
3043                  *
3044                  * All Legacy bootloader devices support WBS
3045                  */
3046                 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3047
3048                 /* These variants don't seem to support LE Coded PHY */
3049                 set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);
3050
3051                 /* Set Valid LE States quirk */
3052                 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
3053
3054                 /* Setup MSFT Extension support */
3055                 btintel_set_msft_opcode(hdev, ver.hw_variant);
3056
3057                 err = btintel_bootloader_setup(hdev, &ver);
3058                 btintel_register_devcoredump_support(hdev);
3059                 break;
3060         case 0x18: /* GfP2 */
3061         case 0x1c: /* GaP */
3062                 /* Re-classify packet type for controllers with LE audio */
3063                 hdev->classify_pkt_type = btintel_classify_pkt_type;
3064                 fallthrough;
3065         case 0x17:
3066         case 0x19:
3067         case 0x1b:
3068         case 0x1d:
3069         case 0x1e:
3070                 /* Display version information of TLV type */
3071                 btintel_version_info_tlv(hdev, &ver_tlv);
3072
3073                 /* Apply the device specific HCI quirks for TLV based devices
3074                  *
3075                  * All TLV based devices support WBS
3076                  */
3077                 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3078
3079                 /* Apply LE States quirk from solar onwards */
3080                 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
3081
3082                 /* Setup MSFT Extension support */
3083                 btintel_set_msft_opcode(hdev,
3084                                         INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3085                 btintel_set_dsm_reset_method(hdev, &ver_tlv);
3086
3087                 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
3088                 if (err)
3089                         goto exit_error;
3090
3091                 btintel_register_devcoredump_support(hdev);
3092                 btintel_print_fseq_info(hdev);
3093                 break;
3094         default:
3095                 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
3096                            INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3097                 err = -EINVAL;
3098                 break;
3099         }
3100
3101         hci_set_hw_info(hdev, "INTEL platform=%u variant=%u",
3102                         INTEL_HW_PLATFORM(ver_tlv.cnvi_bt),
3103                         INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3104
3105 exit_error:
3106         kfree_skb(skb);
3107
3108         return err;
3109 }
3110
3111 int btintel_shutdown_combined(struct hci_dev *hdev)
3112 {
3113         struct sk_buff *skb;
3114         int ret;
3115
3116         /* Send HCI Reset to the controller to stop any BT activity which
3117          * were triggered. This will help to save power and maintain the
3118          * sync b/w Host and controller
3119          */
3120         skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3121         if (IS_ERR(skb)) {
3122                 bt_dev_err(hdev, "HCI reset during shutdown failed");
3123                 return PTR_ERR(skb);
3124         }
3125         kfree_skb(skb);
3126
3127
3128         /* Some platforms have an issue with BT LED when the interface is
3129          * down or BT radio is turned off, which takes 5 seconds to BT LED
3130          * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the
3131          * device in the RFKILL ON state which turns off the BT LED immediately.
3132          */
3133         if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
3134                 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
3135                 if (IS_ERR(skb)) {
3136                         ret = PTR_ERR(skb);
3137                         bt_dev_err(hdev, "turning off Intel device LED failed");
3138                         return ret;
3139                 }
3140                 kfree_skb(skb);
3141         }
3142
3143         return 0;
3144 }
3145 EXPORT_SYMBOL_GPL(btintel_shutdown_combined);
3146
3147 int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name)
3148 {
3149         hdev->manufacturer = 2;
3150         hdev->setup = btintel_setup_combined;
3151         hdev->shutdown = btintel_shutdown_combined;
3152         hdev->hw_error = btintel_hw_error;
3153         hdev->set_diag = btintel_set_diag_combined;
3154         hdev->set_bdaddr = btintel_set_bdaddr;
3155
3156         coredump_info.driver_name = driver_name;
3157
3158         return 0;
3159 }
3160 EXPORT_SYMBOL_GPL(btintel_configure_setup);
3161
3162 static int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
3163 {
3164         struct intel_tlv *tlv = (void *)&skb->data[5];
3165
3166         /* The first event is always an event type TLV */
3167         if (tlv->type != INTEL_TLV_TYPE_ID)
3168                 goto recv_frame;
3169
3170         switch (tlv->val[0]) {
3171         case INTEL_TLV_SYSTEM_EXCEPTION:
3172         case INTEL_TLV_FATAL_EXCEPTION:
3173         case INTEL_TLV_DEBUG_EXCEPTION:
3174         case INTEL_TLV_TEST_EXCEPTION:
3175                 /* Generate devcoredump from exception */
3176                 if (!hci_devcd_init(hdev, skb->len)) {
3177                         hci_devcd_append(hdev, skb);
3178                         hci_devcd_complete(hdev);
3179                 } else {
3180                         bt_dev_err(hdev, "Failed to generate devcoredump");
3181                         kfree_skb(skb);
3182                 }
3183                 return 0;
3184         default:
3185                 bt_dev_err(hdev, "Invalid exception type %02X", tlv->val[0]);
3186         }
3187
3188 recv_frame:
3189         return hci_recv_frame(hdev, skb);
3190 }
3191
3192 int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
3193 {
3194         struct hci_event_hdr *hdr = (void *)skb->data;
3195         const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
3196
3197         if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
3198             hdr->plen > 0) {
3199                 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
3200                 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
3201
3202                 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
3203                         switch (skb->data[2]) {
3204                         case 0x02:
3205                                 /* When switching to the operational firmware
3206                                  * the device sends a vendor specific event
3207                                  * indicating that the bootup completed.
3208                                  */
3209                                 btintel_bootup(hdev, ptr, len);
3210                                 break;
3211                         case 0x06:
3212                                 /* When the firmware loading completes the
3213                                  * device sends out a vendor specific event
3214                                  * indicating the result of the firmware
3215                                  * loading.
3216                                  */
3217                                 btintel_secure_send_result(hdev, ptr, len);
3218                                 break;
3219                         }
3220                 }
3221
3222                 /* Handle all diagnostics events separately. May still call
3223                  * hci_recv_frame.
3224                  */
3225                 if (len >= sizeof(diagnostics_hdr) &&
3226                     memcmp(&skb->data[2], diagnostics_hdr,
3227                            sizeof(diagnostics_hdr)) == 0) {
3228                         return btintel_diagnostics(hdev, skb);
3229                 }
3230         }
3231
3232         return hci_recv_frame(hdev, skb);
3233 }
3234 EXPORT_SYMBOL_GPL(btintel_recv_event);
3235
3236 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len)
3237 {
3238         const struct intel_bootup *evt = ptr;
3239
3240         if (len != sizeof(*evt))
3241                 return;
3242
3243         if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING))
3244                 btintel_wake_up_flag(hdev, INTEL_BOOTING);
3245 }
3246 EXPORT_SYMBOL_GPL(btintel_bootup);
3247
3248 void btintel_secure_send_result(struct hci_dev *hdev,
3249                                 const void *ptr, unsigned int len)
3250 {
3251         const struct intel_secure_send_result *evt = ptr;
3252
3253         if (len != sizeof(*evt))
3254                 return;
3255
3256         if (evt->result)
3257                 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED);
3258
3259         if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) &&
3260             btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED))
3261                 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING);
3262 }
3263 EXPORT_SYMBOL_GPL(btintel_secure_send_result);
3264
3265 MODULE_AUTHOR("Marcel Holtmann <[email protected]>");
3266 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
3267 MODULE_VERSION(VERSION);
3268 MODULE_LICENSE("GPL");
3269 MODULE_FIRMWARE("intel/ibt-11-5.sfi");
3270 MODULE_FIRMWARE("intel/ibt-11-5.ddc");
3271 MODULE_FIRMWARE("intel/ibt-12-16.sfi");
3272 MODULE_FIRMWARE("intel/ibt-12-16.ddc");
This page took 0.217751 seconds and 4 git commands to generate.