1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2021 MediaTek Inc.
5 #include <linux/module.h>
6 #include <linux/firmware.h>
8 #include <linux/iopoll.h>
9 #include <asm/unaligned.h>
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
18 /* It is for mt79xx download rom patch*/
19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32
20 #define MTK_FW_ROM_PATCH_GD_SIZE 64
21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64
22 #define MTK_SEC_MAP_COMMON_SIZE 12
23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52
25 /* It is for mt79xx iso data transmission setting */
26 #define MTK_ISO_THRESHOLD 264
28 struct btmtk_patch_header {
36 struct btmtk_global_desc {
43 struct btmtk_section_map {
62 static void btmtk_coredump(struct hci_dev *hdev)
66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
68 bt_dev_err(hdev, "Coredump failed (%d)", err);
71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
73 struct btmtk_data *data = hci_get_priv(hdev);
76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
78 skb_put_data(skb, buf, strlen(buf));
80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
81 data->cd_info.fw_version);
82 skb_put_data(skb, buf, strlen(buf));
84 snprintf(buf, sizeof(buf), "Driver: %s\n",
85 data->cd_info.driver_name);
86 skb_put_data(skb, buf, strlen(buf));
88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
89 skb_put_data(skb, buf, strlen(buf));
92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
94 struct btmtk_data *data = hci_get_priv(hdev);
97 case HCI_DEVCOREDUMP_IDLE:
98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
100 case HCI_DEVCOREDUMP_ACTIVE:
101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
103 case HCI_DEVCOREDUMP_TIMEOUT:
104 case HCI_DEVCOREDUMP_ABORT:
105 case HCI_DEVCOREDUMP_DONE:
106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
107 btmtk_reset_sync(hdev);
112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver,
115 if (dev_id == 0x7925)
117 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
118 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1);
119 else if (dev_id == 0x7961 && fw_flavor)
121 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
122 dev_id & 0xffff, (fw_ver & 0xff) + 1);
125 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
126 dev_id & 0xffff, (fw_ver & 0xff) + 1);
128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename);
130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
131 wmt_cmd_sync_func_t wmt_cmd_sync)
133 struct btmtk_hci_wmt_params wmt_params;
134 struct btmtk_patch_header *hdr;
135 struct btmtk_global_desc *globaldesc = NULL;
136 struct btmtk_section_map *sectionmap;
137 const struct firmware *fw;
139 const u8 *fw_bin_ptr;
140 int err, dlen, i, status;
141 u8 flag, first_block, retry;
142 u32 section_num, dl_size, section_offset;
145 err = request_firmware(&fw, fwname, &hdev->dev);
147 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
153 hdr = (struct btmtk_patch_header *)fw_ptr;
154 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
155 section_num = le32_to_cpu(globaldesc->section_num);
157 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
158 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
160 for (i = 0; i < section_num; i++) {
163 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
164 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
166 section_offset = le32_to_cpu(sectionmap->secoffset);
167 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
172 cmd[0] = 0; /* 0 means legacy dl mode. */
174 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
175 MTK_FW_ROM_PATCH_GD_SIZE +
176 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
177 MTK_SEC_MAP_COMMON_SIZE,
178 MTK_SEC_MAP_NEED_SEND_SIZE + 1);
180 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
181 wmt_params.status = &status;
183 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
184 wmt_params.data = &cmd;
186 err = wmt_cmd_sync(hdev, &wmt_params);
188 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
193 if (status == BTMTK_WMT_PATCH_UNDONE) {
195 } else if (status == BTMTK_WMT_PATCH_PROGRESS) {
198 } else if (status == BTMTK_WMT_PATCH_DONE) {
201 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
208 fw_ptr += section_offset;
209 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
210 wmt_params.status = NULL;
212 while (dl_size > 0) {
213 dlen = min_t(int, 250, dl_size);
214 if (first_block == 1) {
217 } else if (dl_size - dlen <= 0) {
223 wmt_params.flag = flag;
224 wmt_params.dlen = dlen;
225 wmt_params.data = fw_ptr;
227 err = wmt_cmd_sync(hdev, &wmt_params);
229 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
241 /* Wait a few moments for firmware activation done */
242 usleep_range(100000, 120000);
245 release_firmware(fw);
249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx);
251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
252 wmt_cmd_sync_func_t wmt_cmd_sync)
254 struct btmtk_hci_wmt_params wmt_params;
255 const struct firmware *fw;
261 err = request_firmware(&fw, fwname, &hdev->dev);
263 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
267 /* Power on data RAM the firmware relies on. */
269 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
271 wmt_params.dlen = sizeof(param);
272 wmt_params.data = ¶m;
273 wmt_params.status = NULL;
275 err = wmt_cmd_sync(hdev, &wmt_params);
277 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
284 /* The size of patch header is 30 bytes, should be skip */
294 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
295 wmt_params.status = NULL;
297 while (fw_size > 0) {
298 dlen = min_t(int, 250, fw_size);
300 /* Tell device the position in sequence */
301 if (fw_size - dlen <= 0)
303 else if (fw_size < fw->size - 30)
306 wmt_params.flag = flag;
307 wmt_params.dlen = dlen;
308 wmt_params.data = fw_ptr;
310 err = wmt_cmd_sync(hdev, &wmt_params);
312 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
321 wmt_params.op = BTMTK_WMT_RST;
324 wmt_params.data = NULL;
325 wmt_params.status = NULL;
327 /* Activate funciton the firmware providing to */
328 err = wmt_cmd_sync(hdev, &wmt_params);
330 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
334 /* Wait a few moments for firmware activation done */
335 usleep_range(10000, 12000);
338 release_firmware(fw);
342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware);
344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
349 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT);
352 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)",
360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
362 void btmtk_reset_sync(struct hci_dev *hdev)
364 struct btmtk_data *reset_work = hci_get_priv(hdev);
369 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
371 bt_dev_err(hdev, "failed to reset (%d)", err);
373 hci_dev_unlock(hdev);
375 EXPORT_SYMBOL_GPL(btmtk_reset_sync);
377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
380 struct btmtk_data *data = hci_get_priv(hdev);
382 if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
385 data->cd_info.fw_version = fw_version;
386 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
387 data->cd_info.driver_name = name;
389 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
390 btmtk_coredump_notify);
392 EXPORT_SYMBOL_GPL(btmtk_register_coredump);
394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
396 struct btmtk_data *data = hci_get_priv(hdev);
399 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
404 switch (data->cd_info.state) {
405 case HCI_DEVCOREDUMP_IDLE:
406 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
411 data->cd_info.cnt = 0;
413 /* It is supposed coredump can be done within 5 seconds */
414 schedule_delayed_work(&hdev->dump.dump_timeout,
415 msecs_to_jiffies(5000));
417 case HCI_DEVCOREDUMP_ACTIVE:
419 err = hci_devcd_append(hdev, skb);
424 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
425 if (data->cd_info.cnt > MTK_COREDUMP_NUM &&
426 skb->len > MTK_COREDUMP_END_LEN)
427 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
428 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) {
429 bt_dev_info(hdev, "Mediatek coredump end");
430 hci_devcd_complete(hdev);
438 EXPORT_SYMBOL_GPL(btmtk_process_coredump);
440 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK)
441 static void btmtk_usb_wmt_recv(struct urb *urb)
443 struct hci_dev *hdev = urb->context;
444 struct btmtk_data *data = hci_get_priv(hdev);
448 if (urb->status == 0 && urb->actual_length > 0) {
449 hdev->stat.byte_rx += urb->actual_length;
451 /* WMT event shouldn't be fragmented and the size should be
452 * less than HCI_WMT_MAX_EVENT_SIZE.
454 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
457 kfree(urb->setup_packet);
461 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
462 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
464 /* When someone waits for the WMT event, the skb is being cloned
465 * and being processed the events from there then.
467 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) {
468 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
469 if (!data->evt_skb) {
471 kfree(urb->setup_packet);
476 err = hci_recv_frame(hdev, skb);
478 kfree_skb(data->evt_skb);
479 data->evt_skb = NULL;
480 kfree(urb->setup_packet);
484 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT,
486 /* Barrier to sync with other CPUs */
487 smp_mb__after_atomic();
488 wake_up_bit(&data->flags,
489 BTMTK_TX_WAIT_VND_EVT);
491 kfree(urb->setup_packet);
493 } else if (urb->status == -ENOENT) {
494 /* Avoid suspend failed when usb_kill_urb */
498 usb_mark_last_busy(data->udev);
500 /* The URB complete handler is still called with urb->actual_length = 0
501 * when the event is not available, so we should keep re-submitting
502 * URB until WMT event returns, Also, It's necessary to wait some time
503 * between the two consecutive control URBs to relax the target device
504 * to generate the event. Otherwise, the WMT event cannot return from
505 * the device successfully.
509 usb_anchor_urb(urb, data->ctrl_anchor);
510 err = usb_submit_urb(urb, GFP_ATOMIC);
512 kfree(urb->setup_packet);
513 /* -EPERM: urb is being killed;
514 * -ENODEV: device got disconnected
516 if (err != -EPERM && err != -ENODEV)
517 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
519 usb_unanchor_urb(urb);
523 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev)
525 struct btmtk_data *data = hci_get_priv(hdev);
526 struct usb_ctrlrequest *dr;
532 urb = usb_alloc_urb(0, GFP_KERNEL);
536 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
542 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
544 dr->wIndex = cpu_to_le16(0);
545 dr->wValue = cpu_to_le16(48);
546 dr->wLength = cpu_to_le16(size);
548 buf = kmalloc(size, GFP_KERNEL);
555 pipe = usb_rcvctrlpipe(data->udev, 0);
557 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
558 buf, size, btmtk_usb_wmt_recv, hdev);
560 urb->transfer_flags |= URB_FREE_BUFFER;
562 usb_anchor_urb(urb, data->ctrl_anchor);
563 err = usb_submit_urb(urb, GFP_KERNEL);
565 if (err != -EPERM && err != -ENODEV)
566 bt_dev_err(hdev, "urb %p submission failed (%d)",
568 usb_unanchor_urb(urb);
576 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev,
577 struct btmtk_hci_wmt_params *wmt_params)
579 struct btmtk_data *data = hci_get_priv(hdev);
580 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
581 u32 hlen, status = BTMTK_WMT_INVALID;
582 struct btmtk_hci_wmt_evt *wmt_evt;
583 struct btmtk_hci_wmt_cmd *wc;
584 struct btmtk_wmt_hdr *hdr;
587 /* Send the WMT command and wait until the WMT event returns */
588 hlen = sizeof(*hdr) + wmt_params->dlen;
592 wc = kzalloc(hlen, GFP_KERNEL);
598 hdr->op = wmt_params->op;
599 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
600 hdr->flag = wmt_params->flag;
601 memcpy(wc->data, wmt_params->data, wmt_params->dlen);
603 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
605 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
606 * it needs constantly polling control pipe until the host received the
607 * WMT event, thus, we should require to specifically acquire PM counter
608 * on the USB to prevent the interface from entering auto suspended
609 * while WMT cmd/event in progress.
611 err = usb_autopm_get_interface(data->intf);
615 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
618 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
619 usb_autopm_put_interface(data->intf);
623 /* Submit control IN URB on demand to process the WMT event */
624 err = btmtk_usb_submit_wmt_recv_urb(hdev);
626 usb_autopm_put_interface(data->intf);
631 /* The vendor specific WMT commands are all answered by a vendor
632 * specific event and will have the Command Status or Command
633 * Complete as with usual HCI command flow control.
635 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
636 * state to be cleared. The driver specific event receive routine
637 * will clear that state and with that indicate completion of the
640 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT,
641 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
643 bt_dev_err(hdev, "Execution of wmt command interrupted");
644 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
649 bt_dev_err(hdev, "Execution of wmt command timed out");
650 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
655 if (data->evt_skb == NULL)
658 /* Parse and handle the return WMT event */
659 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
660 if (wmt_evt->whdr.op != hdr->op) {
661 bt_dev_err(hdev, "Wrong op received %d expected %d",
662 wmt_evt->whdr.op, hdr->op);
667 switch (wmt_evt->whdr.op) {
668 case BTMTK_WMT_SEMAPHORE:
669 if (wmt_evt->whdr.flag == 2)
670 status = BTMTK_WMT_PATCH_UNDONE;
672 status = BTMTK_WMT_PATCH_DONE;
674 case BTMTK_WMT_FUNC_CTRL:
675 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
676 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
677 status = BTMTK_WMT_ON_DONE;
678 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
679 status = BTMTK_WMT_ON_PROGRESS;
681 status = BTMTK_WMT_ON_UNDONE;
683 case BTMTK_WMT_PATCH_DWNLD:
684 if (wmt_evt->whdr.flag == 2)
685 status = BTMTK_WMT_PATCH_DONE;
686 else if (wmt_evt->whdr.flag == 1)
687 status = BTMTK_WMT_PATCH_PROGRESS;
689 status = BTMTK_WMT_PATCH_UNDONE;
693 if (wmt_params->status)
694 *wmt_params->status = status;
697 kfree_skb(data->evt_skb);
698 data->evt_skb = NULL;
704 static int btmtk_usb_func_query(struct hci_dev *hdev)
706 struct btmtk_hci_wmt_params wmt_params;
710 /* Query whether the function is enabled */
711 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
713 wmt_params.dlen = sizeof(param);
714 wmt_params.data = ¶m;
715 wmt_params.status = &status;
717 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
719 bt_dev_err(hdev, "Failed to query function status (%d)", err);
726 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val)
728 struct btmtk_data *data = hci_get_priv(hdev);
732 buf = kzalloc(4, GFP_KERNEL);
736 put_unaligned_le32(val, buf);
738 pipe = usb_sndctrlpipe(data->udev, 0);
739 err = usb_control_msg(data->udev, pipe, 0x02,
741 reg >> 16, reg & 0xffff,
742 buf, 4, USB_CTRL_SET_TIMEOUT);
744 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
751 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
753 struct btmtk_data *data = hci_get_priv(hdev);
757 buf = kzalloc(4, GFP_KERNEL);
761 pipe = usb_rcvctrlpipe(data->udev, 0);
762 err = usb_control_msg(data->udev, pipe, 0x01,
764 reg >> 16, reg & 0xffff,
765 buf, 4, USB_CTRL_GET_TIMEOUT);
767 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
771 *val = get_unaligned_le32(buf);
772 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
780 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
782 struct btmtk_data *data = hci_get_priv(hdev);
783 int pipe, err, size = sizeof(u32);
786 buf = kzalloc(size, GFP_KERNEL);
790 pipe = usb_rcvctrlpipe(data->udev, 0);
791 err = usb_control_msg(data->udev, pipe, 0x63,
792 USB_TYPE_VENDOR | USB_DIR_IN,
793 reg >> 16, reg & 0xffff,
794 buf, size, USB_CTRL_GET_TIMEOUT);
798 *val = get_unaligned_le32(buf);
806 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id)
808 return btmtk_usb_reg_read(hdev, reg, id);
811 static u32 btmtk_usb_reset_done(struct hci_dev *hdev)
815 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val);
817 return val & MTK_BT_RST_DONE;
820 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id)
825 if (dev_id == 0x7922) {
826 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
830 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
833 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
836 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
840 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
844 } else if (dev_id == 0x7925) {
845 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
849 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
852 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
857 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
860 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
863 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
867 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
870 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
873 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
876 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
879 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
884 /* It's Device EndPoint Reset Option Register */
885 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
886 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
889 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val);
892 /* Reset the bluetooth chip via USB interface. */
893 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1);
896 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
899 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
902 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
905 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
908 /* MT7921 need to delay 20ms between toggle reset bit */
910 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0);
913 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
918 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val,
919 val & MTK_BT_RST_DONE, 20000, 1000000);
921 bt_dev_err(hdev, "Reset timeout");
923 if (dev_id == 0x7922) {
924 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
929 err = btmtk_usb_id_get(hdev, 0x70010200, &val);
931 bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
935 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset);
937 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb)
939 struct btmtk_data *data = hci_get_priv(hdev);
940 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
943 case 0xfc6f: /* Firmware dump from device */
944 /* When the firmware hangs, the device can no longer
945 * suspend and thus disable auto-suspend.
947 usb_disable_autosuspend(data->udev);
949 /* We need to forward the diagnostic packet to userspace daemon
950 * for backward compatibility, so we have to clone the packet
951 * extraly for the in-kernel coredump support.
953 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
954 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
957 btmtk_process_coredump(hdev, skb_cd);
961 case 0x05ff: /* Firmware debug logging 1 */
962 case 0x05fe: /* Firmware debug logging 2 */
963 return hci_recv_diag(hdev, skb);
966 return hci_recv_frame(hdev, skb);
968 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl);
970 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb)
972 if (skb->len > MTK_ISO_THRESHOLD)
975 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len))
978 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len);
983 static int __set_mtk_intr_interface(struct hci_dev *hdev)
985 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
986 struct usb_interface *intf = btmtk_data->isopkt_intf;
989 if (!btmtk_data->isopkt_intf)
992 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1);
994 bt_dev_err(hdev, "setting interface failed (%d)", -err);
998 btmtk_data->isopkt_tx_ep = NULL;
999 btmtk_data->isopkt_rx_ep = NULL;
1001 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1002 struct usb_endpoint_descriptor *ep_desc;
1004 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1006 if (!btmtk_data->isopkt_tx_ep &&
1007 usb_endpoint_is_int_out(ep_desc)) {
1008 btmtk_data->isopkt_tx_ep = ep_desc;
1012 if (!btmtk_data->isopkt_rx_ep &&
1013 usb_endpoint_is_int_in(ep_desc)) {
1014 btmtk_data->isopkt_rx_ep = ep_desc;
1019 if (!btmtk_data->isopkt_tx_ep ||
1020 !btmtk_data->isopkt_rx_ep) {
1021 bt_dev_err(hdev, "invalid interrupt descriptors");
1028 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb,
1029 usb_complete_t tx_complete)
1031 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1035 if (!btmtk_data->isopkt_tx_ep)
1036 return ERR_PTR(-ENODEV);
1038 urb = usb_alloc_urb(0, GFP_KERNEL);
1040 return ERR_PTR(-ENOMEM);
1042 if (btmtk_isopkt_pad(hdev, skb))
1043 return ERR_PTR(-EINVAL);
1045 pipe = usb_sndintpipe(btmtk_data->udev,
1046 btmtk_data->isopkt_tx_ep->bEndpointAddress);
1048 usb_fill_int_urb(urb, btmtk_data->udev, pipe,
1049 skb->data, skb->len, tx_complete,
1050 skb, btmtk_data->isopkt_tx_ep->bInterval);
1052 skb->dev = (void *)hdev;
1056 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb);
1058 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count)
1060 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1061 struct sk_buff *skb;
1062 unsigned long flags;
1065 spin_lock_irqsave(&btmtk_data->isorxlock, flags);
1066 skb = btmtk_data->isopkt_skb;
1072 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC);
1078 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT;
1079 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE;
1082 len = min_t(uint, hci_skb_expect(skb), count);
1083 skb_put_data(skb, buffer, len);
1087 hci_skb_expect(skb) -= len;
1089 if (skb->len == HCI_ISO_HDR_SIZE) {
1090 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen;
1092 /* Complete ISO header */
1093 hci_skb_expect(skb) = __le16_to_cpu(dlen);
1095 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1104 if (!hci_skb_expect(skb)) {
1105 /* Complete frame */
1106 hci_recv_frame(hdev, skb);
1111 btmtk_data->isopkt_skb = skb;
1112 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags);
1117 static void btmtk_intr_complete(struct urb *urb)
1119 struct hci_dev *hdev = urb->context;
1120 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1123 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1124 urb->actual_length);
1126 if (!test_bit(HCI_RUNNING, &hdev->flags))
1129 if (hdev->suspended)
1132 if (urb->status == 0) {
1133 hdev->stat.byte_rx += urb->actual_length;
1135 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer,
1136 urb->actual_length) < 0) {
1137 bt_dev_err(hdev, "corrupted iso packet");
1138 hdev->stat.err_rx++;
1140 } else if (urb->status == -ENOENT) {
1141 /* Avoid suspend failed when usb_kill_urb */
1145 usb_mark_last_busy(btmtk_data->udev);
1146 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1148 err = usb_submit_urb(urb, GFP_ATOMIC);
1150 /* -EPERM: urb is being killed;
1151 * -ENODEV: device got disconnected
1153 if (err != -EPERM && err != -ENODEV)
1154 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1157 hci_cmd_sync_cancel(hdev, -err);
1158 usb_unanchor_urb(urb);
1162 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1164 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1170 BT_DBG("%s", hdev->name);
1172 if (!btmtk_data->isopkt_rx_ep)
1175 urb = usb_alloc_urb(0, mem_flags);
1178 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize);
1180 buf = kmalloc(size, mem_flags);
1186 pipe = usb_rcvintpipe(btmtk_data->udev,
1187 btmtk_data->isopkt_rx_ep->bEndpointAddress);
1189 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size,
1190 btmtk_intr_complete, hdev,
1191 btmtk_data->isopkt_rx_ep->bInterval);
1193 urb->transfer_flags |= URB_FREE_BUFFER;
1195 usb_mark_last_busy(btmtk_data->udev);
1196 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1198 err = usb_submit_urb(urb, mem_flags);
1200 if (err != -EPERM && err != -ENODEV)
1201 bt_dev_err(hdev, "urb %p submission failed (%d)",
1203 usb_unanchor_urb(urb);
1211 static int btmtk_usb_isointf_init(struct hci_dev *hdev)
1213 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1214 u8 iso_param[2] = { 0x08, 0x01 };
1215 struct sk_buff *skb;
1218 init_usb_anchor(&btmtk_data->isopkt_anchor);
1219 spin_lock_init(&btmtk_data->isorxlock);
1221 __set_mtk_intr_interface(hdev);
1223 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL);
1225 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1226 bt_dev_err(hdev, "ISO intf not support (%d)", err);
1230 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param,
1233 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb));
1234 return PTR_ERR(skb);
1241 int btmtk_usb_resume(struct hci_dev *hdev)
1243 /* This function describes the specific additional steps taken by MediaTek
1244 * when Bluetooth usb driver's resume function is called.
1246 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1248 /* Resubmit urb for iso data transmission */
1249 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) {
1250 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0)
1251 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1256 EXPORT_SYMBOL_GPL(btmtk_usb_resume);
1258 int btmtk_usb_suspend(struct hci_dev *hdev)
1260 /* This function describes the specific additional steps taken by MediaTek
1261 * when Bluetooth usb driver's suspend function is called.
1263 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1265 /* Stop urb anchor for iso data transmission */
1266 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags))
1267 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1271 EXPORT_SYMBOL_GPL(btmtk_usb_suspend);
1273 int btmtk_usb_setup(struct hci_dev *hdev)
1275 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1276 struct btmtk_hci_wmt_params wmt_params;
1277 ktime_t calltime, delta, rettime;
1278 struct btmtk_tci_sleep tci_sleep;
1279 unsigned long long duration;
1280 struct sk_buff *skb;
1284 char fw_bin_name[64];
1285 u32 fw_version = 0, fw_flavor = 0;
1288 calltime = ktime_get();
1290 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id);
1292 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1296 if (!dev_id || dev_id != 0x7663) {
1297 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id);
1299 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1302 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version);
1304 bt_dev_err(hdev, "Failed to get fw version (%d)", err);
1307 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor);
1309 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
1312 fw_flavor = (fw_flavor & 0x00000080) >> 7;
1315 btmtk_data->dev_id = dev_id;
1317 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version);
1319 bt_dev_err(hdev, "Failed to register coredump (%d)", err);
1323 fwname = FIRMWARE_MT7663;
1326 fwname = FIRMWARE_MT7668;
1331 /* Reset the device to ensure it's in the initial state before
1332 * downloading the firmware to ensure.
1335 if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags))
1336 btmtk_usb_subsys_reset(hdev, dev_id);
1338 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id,
1339 fw_version, fw_flavor);
1341 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
1342 btmtk_usb_hci_wmt_sync);
1344 bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
1345 clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1349 set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1351 /* It's Device EndPoint Reset Option Register */
1352 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT,
1353 MTK_EP_RST_IN_OUT_OPT);
1357 /* Enable Bluetooth protocol */
1359 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1360 wmt_params.flag = 0;
1361 wmt_params.dlen = sizeof(param);
1362 wmt_params.data = ¶m;
1363 wmt_params.status = NULL;
1365 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1367 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1371 hci_set_msft_opcode(hdev, 0xFD30);
1372 hci_set_aosp_capable(hdev);
1374 /* Set up ISO interface after protocol enabled */
1375 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
1376 if (!btmtk_usb_isointf_init(hdev))
1377 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1382 bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
1387 /* Query whether the firmware is already download */
1388 wmt_params.op = BTMTK_WMT_SEMAPHORE;
1389 wmt_params.flag = 1;
1390 wmt_params.dlen = 0;
1391 wmt_params.data = NULL;
1392 wmt_params.status = &status;
1394 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1396 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
1400 if (status == BTMTK_WMT_PATCH_DONE) {
1401 bt_dev_info(hdev, "firmware already downloaded");
1402 goto ignore_setup_fw;
1405 /* Setup a firmware which the device definitely requires */
1406 err = btmtk_setup_firmware(hdev, fwname,
1407 btmtk_usb_hci_wmt_sync);
1412 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status,
1413 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
1415 /* -ETIMEDOUT happens */
1419 /* The other errors happen in btmtk_usb_func_query */
1423 if (status == BTMTK_WMT_ON_DONE) {
1424 bt_dev_info(hdev, "function already on");
1425 goto ignore_func_on;
1428 /* Enable Bluetooth protocol */
1430 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1431 wmt_params.flag = 0;
1432 wmt_params.dlen = sizeof(param);
1433 wmt_params.data = ¶m;
1434 wmt_params.status = NULL;
1436 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1438 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1443 /* Apply the low power environment setup */
1444 tci_sleep.mode = 0x5;
1445 tci_sleep.duration = cpu_to_le16(0x640);
1446 tci_sleep.host_duration = cpu_to_le16(0x640);
1447 tci_sleep.host_wakeup_pin = 0;
1448 tci_sleep.time_compensation = 0;
1450 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
1454 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
1460 rettime = ktime_get();
1461 delta = ktime_sub(rettime, calltime);
1462 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1464 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
1468 EXPORT_SYMBOL_GPL(btmtk_usb_setup);
1470 int btmtk_usb_shutdown(struct hci_dev *hdev)
1472 struct btmtk_hci_wmt_params wmt_params;
1476 /* Disable the device */
1477 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1478 wmt_params.flag = 0;
1479 wmt_params.dlen = sizeof(param);
1480 wmt_params.data = ¶m;
1481 wmt_params.status = NULL;
1483 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1485 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1491 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown);
1496 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
1497 MODULE_VERSION(VERSION);
1498 MODULE_LICENSE("GPL");
1499 MODULE_FIRMWARE(FIRMWARE_MT7622);
1500 MODULE_FIRMWARE(FIRMWARE_MT7663);
1501 MODULE_FIRMWARE(FIRMWARE_MT7668);
1502 MODULE_FIRMWARE(FIRMWARE_MT7922);
1503 MODULE_FIRMWARE(FIRMWARE_MT7961);
1504 MODULE_FIRMWARE(FIRMWARE_MT7925);
projects / linux.git / blob