1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2021 MediaTek Inc.
5 #include <linux/module.h>
6 #include <linux/firmware.h>
8 #include <linux/iopoll.h>
9 #include <linux/unaligned.h>
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
18 /* It is for mt79xx download rom patch*/
19 #define MTK_FW_ROM_PATCH_HEADER_SIZE 32
20 #define MTK_FW_ROM_PATCH_GD_SIZE 64
21 #define MTK_FW_ROM_PATCH_SEC_MAP_SIZE 64
22 #define MTK_SEC_MAP_COMMON_SIZE 12
23 #define MTK_SEC_MAP_NEED_SEND_SIZE 52
25 /* It is for mt79xx iso data transmission setting */
26 #define MTK_ISO_THRESHOLD 264
28 struct btmtk_patch_header {
36 struct btmtk_global_desc {
43 struct btmtk_section_map {
62 static void btmtk_coredump(struct hci_dev *hdev)
66 err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
68 bt_dev_err(hdev, "Coredump failed (%d)", err);
71 static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
73 struct btmtk_data *data = hci_get_priv(hdev);
76 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
78 skb_put_data(skb, buf, strlen(buf));
80 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
81 data->cd_info.fw_version);
82 skb_put_data(skb, buf, strlen(buf));
84 snprintf(buf, sizeof(buf), "Driver: %s\n",
85 data->cd_info.driver_name);
86 skb_put_data(skb, buf, strlen(buf));
88 snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
89 skb_put_data(skb, buf, strlen(buf));
92 static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
94 struct btmtk_data *data = hci_get_priv(hdev);
97 case HCI_DEVCOREDUMP_IDLE:
98 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
100 case HCI_DEVCOREDUMP_ACTIVE:
101 data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
103 case HCI_DEVCOREDUMP_TIMEOUT:
104 case HCI_DEVCOREDUMP_ABORT:
105 case HCI_DEVCOREDUMP_DONE:
106 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
107 btmtk_reset_sync(hdev);
112 void btmtk_fw_get_filename(char *buf, size_t size, u32 dev_id, u32 fw_ver,
115 if (dev_id == 0x7925)
117 "mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
118 dev_id & 0xffff, dev_id & 0xffff, (fw_ver & 0xff) + 1);
119 else if (dev_id == 0x7961 && fw_flavor)
121 "mediatek/BT_RAM_CODE_MT%04x_1a_%x_hdr.bin",
122 dev_id & 0xffff, (fw_ver & 0xff) + 1);
125 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
126 dev_id & 0xffff, (fw_ver & 0xff) + 1);
128 EXPORT_SYMBOL_GPL(btmtk_fw_get_filename);
130 int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
131 wmt_cmd_sync_func_t wmt_cmd_sync)
133 struct btmtk_hci_wmt_params wmt_params;
134 struct btmtk_patch_header *hdr;
135 struct btmtk_global_desc *globaldesc = NULL;
136 struct btmtk_section_map *sectionmap;
137 const struct firmware *fw;
139 const u8 *fw_bin_ptr;
140 int err, dlen, i, status;
141 u8 flag, first_block, retry;
142 u32 section_num, dl_size, section_offset;
145 err = request_firmware(&fw, fwname, &hdev->dev);
147 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
153 hdr = (struct btmtk_patch_header *)fw_ptr;
154 globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
155 section_num = le32_to_cpu(globaldesc->section_num);
157 bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
158 le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
160 for (i = 0; i < section_num; i++) {
163 sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
164 MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
166 section_offset = le32_to_cpu(sectionmap->secoffset);
167 dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
172 cmd[0] = 0; /* 0 means legacy dl mode. */
174 fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
175 MTK_FW_ROM_PATCH_GD_SIZE +
176 MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
177 MTK_SEC_MAP_COMMON_SIZE,
178 MTK_SEC_MAP_NEED_SEND_SIZE + 1);
180 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
181 wmt_params.status = &status;
183 wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
184 wmt_params.data = &cmd;
186 err = wmt_cmd_sync(hdev, &wmt_params);
188 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
193 if (status == BTMTK_WMT_PATCH_UNDONE) {
195 } else if (status == BTMTK_WMT_PATCH_PROGRESS) {
198 } else if (status == BTMTK_WMT_PATCH_DONE) {
201 bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
208 fw_ptr += section_offset;
209 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
210 wmt_params.status = NULL;
212 while (dl_size > 0) {
213 dlen = min_t(int, 250, dl_size);
214 if (first_block == 1) {
217 } else if (dl_size - dlen <= 0) {
223 wmt_params.flag = flag;
224 wmt_params.dlen = dlen;
225 wmt_params.data = fw_ptr;
227 err = wmt_cmd_sync(hdev, &wmt_params);
229 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
241 /* Wait a few moments for firmware activation done */
242 usleep_range(100000, 120000);
245 release_firmware(fw);
249 EXPORT_SYMBOL_GPL(btmtk_setup_firmware_79xx);
251 int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
252 wmt_cmd_sync_func_t wmt_cmd_sync)
254 struct btmtk_hci_wmt_params wmt_params;
255 const struct firmware *fw;
261 err = request_firmware(&fw, fwname, &hdev->dev);
263 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
267 /* Power on data RAM the firmware relies on. */
269 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
271 wmt_params.dlen = sizeof(param);
272 wmt_params.data = ¶m;
273 wmt_params.status = NULL;
275 err = wmt_cmd_sync(hdev, &wmt_params);
277 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
284 /* The size of patch header is 30 bytes, should be skip */
294 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
295 wmt_params.status = NULL;
297 while (fw_size > 0) {
298 dlen = min_t(int, 250, fw_size);
300 /* Tell device the position in sequence */
301 if (fw_size - dlen <= 0)
303 else if (fw_size < fw->size - 30)
306 wmt_params.flag = flag;
307 wmt_params.dlen = dlen;
308 wmt_params.data = fw_ptr;
310 err = wmt_cmd_sync(hdev, &wmt_params);
312 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
321 wmt_params.op = BTMTK_WMT_RST;
324 wmt_params.data = NULL;
325 wmt_params.status = NULL;
327 /* Activate function the firmware providing to */
328 err = wmt_cmd_sync(hdev, &wmt_params);
330 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
334 /* Wait a few moments for firmware activation done */
335 usleep_range(10000, 12000);
338 release_firmware(fw);
342 EXPORT_SYMBOL_GPL(btmtk_setup_firmware);
344 int btmtk_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
349 skb = __hci_cmd_sync(hdev, 0xfc1a, 6, bdaddr, HCI_INIT_TIMEOUT);
352 bt_dev_err(hdev, "changing Mediatek device address failed (%ld)",
360 EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
362 void btmtk_reset_sync(struct hci_dev *hdev)
364 struct btmtk_data *reset_work = hci_get_priv(hdev);
369 err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
371 bt_dev_err(hdev, "failed to reset (%d)", err);
373 hci_dev_unlock(hdev);
375 EXPORT_SYMBOL_GPL(btmtk_reset_sync);
377 int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
380 struct btmtk_data *data = hci_get_priv(hdev);
382 if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
385 data->cd_info.fw_version = fw_version;
386 data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
387 data->cd_info.driver_name = name;
389 return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
390 btmtk_coredump_notify);
392 EXPORT_SYMBOL_GPL(btmtk_register_coredump);
394 int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
396 struct btmtk_data *data = hci_get_priv(hdev);
398 bool complete = false;
400 if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
405 switch (data->cd_info.state) {
406 case HCI_DEVCOREDUMP_IDLE:
407 err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
412 data->cd_info.cnt = 0;
414 /* It is supposed coredump can be done within 5 seconds */
415 schedule_delayed_work(&hdev->dump.dump_timeout,
416 msecs_to_jiffies(5000));
418 case HCI_DEVCOREDUMP_ACTIVE:
420 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
421 if (data->cd_info.cnt >= MTK_COREDUMP_NUM &&
422 skb->len > MTK_COREDUMP_END_LEN)
423 if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
424 MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1))
427 err = hci_devcd_append(hdev, skb);
433 bt_dev_info(hdev, "Mediatek coredump end");
434 hci_devcd_complete(hdev);
442 EXPORT_SYMBOL_GPL(btmtk_process_coredump);
444 #if IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK)
445 static void btmtk_usb_wmt_recv(struct urb *urb)
447 struct hci_dev *hdev = urb->context;
448 struct btmtk_data *data = hci_get_priv(hdev);
452 if (urb->status == 0 && urb->actual_length > 0) {
453 hdev->stat.byte_rx += urb->actual_length;
455 /* WMT event shouldn't be fragmented and the size should be
456 * less than HCI_WMT_MAX_EVENT_SIZE.
458 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
461 kfree(urb->setup_packet);
465 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
466 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
468 /* When someone waits for the WMT event, the skb is being cloned
469 * and being processed the events from there then.
471 if (test_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags)) {
472 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
473 if (!data->evt_skb) {
475 kfree(urb->setup_packet);
480 err = hci_recv_frame(hdev, skb);
482 kfree_skb(data->evt_skb);
483 data->evt_skb = NULL;
484 kfree(urb->setup_packet);
488 if (test_and_clear_bit(BTMTK_TX_WAIT_VND_EVT,
490 /* Barrier to sync with other CPUs */
491 smp_mb__after_atomic();
492 wake_up_bit(&data->flags,
493 BTMTK_TX_WAIT_VND_EVT);
495 kfree(urb->setup_packet);
497 } else if (urb->status == -ENOENT) {
498 /* Avoid suspend failed when usb_kill_urb */
502 usb_mark_last_busy(data->udev);
504 /* The URB complete handler is still called with urb->actual_length = 0
505 * when the event is not available, so we should keep re-submitting
506 * URB until WMT event returns, Also, It's necessary to wait some time
507 * between the two consecutive control URBs to relax the target device
508 * to generate the event. Otherwise, the WMT event cannot return from
509 * the device successfully.
513 usb_anchor_urb(urb, data->ctrl_anchor);
514 err = usb_submit_urb(urb, GFP_ATOMIC);
516 kfree(urb->setup_packet);
517 /* -EPERM: urb is being killed;
518 * -ENODEV: device got disconnected
520 if (err != -EPERM && err != -ENODEV)
521 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
523 usb_unanchor_urb(urb);
527 static int btmtk_usb_submit_wmt_recv_urb(struct hci_dev *hdev)
529 struct btmtk_data *data = hci_get_priv(hdev);
530 struct usb_ctrlrequest *dr;
536 urb = usb_alloc_urb(0, GFP_KERNEL);
540 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
546 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
548 dr->wIndex = cpu_to_le16(0);
549 dr->wValue = cpu_to_le16(48);
550 dr->wLength = cpu_to_le16(size);
552 buf = kmalloc(size, GFP_KERNEL);
559 pipe = usb_rcvctrlpipe(data->udev, 0);
561 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
562 buf, size, btmtk_usb_wmt_recv, hdev);
564 urb->transfer_flags |= URB_FREE_BUFFER;
566 usb_anchor_urb(urb, data->ctrl_anchor);
567 err = usb_submit_urb(urb, GFP_KERNEL);
569 if (err != -EPERM && err != -ENODEV)
570 bt_dev_err(hdev, "urb %p submission failed (%d)",
572 usb_unanchor_urb(urb);
580 static int btmtk_usb_hci_wmt_sync(struct hci_dev *hdev,
581 struct btmtk_hci_wmt_params *wmt_params)
583 struct btmtk_data *data = hci_get_priv(hdev);
584 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
585 u32 hlen, status = BTMTK_WMT_INVALID;
586 struct btmtk_hci_wmt_evt *wmt_evt;
587 struct btmtk_hci_wmt_cmd *wc;
588 struct btmtk_wmt_hdr *hdr;
591 /* Send the WMT command and wait until the WMT event returns */
592 hlen = sizeof(*hdr) + wmt_params->dlen;
596 wc = kzalloc(hlen, GFP_KERNEL);
602 hdr->op = wmt_params->op;
603 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
604 hdr->flag = wmt_params->flag;
605 memcpy(wc->data, wmt_params->data, wmt_params->dlen);
607 set_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
609 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
610 * it needs constantly polling control pipe until the host received the
611 * WMT event, thus, we should require to specifically acquire PM counter
612 * on the USB to prevent the interface from entering auto suspended
613 * while WMT cmd/event in progress.
615 err = usb_autopm_get_interface(data->intf);
619 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
622 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
623 usb_autopm_put_interface(data->intf);
627 /* Submit control IN URB on demand to process the WMT event */
628 err = btmtk_usb_submit_wmt_recv_urb(hdev);
630 usb_autopm_put_interface(data->intf);
635 /* The vendor specific WMT commands are all answered by a vendor
636 * specific event and will have the Command Status or Command
637 * Complete as with usual HCI command flow control.
639 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
640 * state to be cleared. The driver specific event receive routine
641 * will clear that state and with that indicate completion of the
644 err = wait_on_bit_timeout(&data->flags, BTMTK_TX_WAIT_VND_EVT,
645 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
647 bt_dev_err(hdev, "Execution of wmt command interrupted");
648 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
653 bt_dev_err(hdev, "Execution of wmt command timed out");
654 clear_bit(BTMTK_TX_WAIT_VND_EVT, &data->flags);
659 if (data->evt_skb == NULL)
662 /* Parse and handle the return WMT event */
663 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
664 if (wmt_evt->whdr.op != hdr->op) {
665 bt_dev_err(hdev, "Wrong op received %d expected %d",
666 wmt_evt->whdr.op, hdr->op);
671 switch (wmt_evt->whdr.op) {
672 case BTMTK_WMT_SEMAPHORE:
673 if (wmt_evt->whdr.flag == 2)
674 status = BTMTK_WMT_PATCH_UNDONE;
676 status = BTMTK_WMT_PATCH_DONE;
678 case BTMTK_WMT_FUNC_CTRL:
679 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
680 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
681 status = BTMTK_WMT_ON_DONE;
682 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
683 status = BTMTK_WMT_ON_PROGRESS;
685 status = BTMTK_WMT_ON_UNDONE;
687 case BTMTK_WMT_PATCH_DWNLD:
688 if (wmt_evt->whdr.flag == 2)
689 status = BTMTK_WMT_PATCH_DONE;
690 else if (wmt_evt->whdr.flag == 1)
691 status = BTMTK_WMT_PATCH_PROGRESS;
693 status = BTMTK_WMT_PATCH_UNDONE;
697 if (wmt_params->status)
698 *wmt_params->status = status;
701 kfree_skb(data->evt_skb);
702 data->evt_skb = NULL;
708 static int btmtk_usb_func_query(struct hci_dev *hdev)
710 struct btmtk_hci_wmt_params wmt_params;
714 /* Query whether the function is enabled */
715 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
717 wmt_params.dlen = sizeof(param);
718 wmt_params.data = ¶m;
719 wmt_params.status = &status;
721 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
723 bt_dev_err(hdev, "Failed to query function status (%d)", err);
730 static int btmtk_usb_uhw_reg_write(struct hci_dev *hdev, u32 reg, u32 val)
732 struct btmtk_data *data = hci_get_priv(hdev);
736 buf = kzalloc(4, GFP_KERNEL);
740 put_unaligned_le32(val, buf);
742 pipe = usb_sndctrlpipe(data->udev, 0);
743 err = usb_control_msg(data->udev, pipe, 0x02,
745 reg >> 16, reg & 0xffff,
746 buf, 4, USB_CTRL_SET_TIMEOUT);
748 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
755 static int btmtk_usb_uhw_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
757 struct btmtk_data *data = hci_get_priv(hdev);
761 buf = kzalloc(4, GFP_KERNEL);
765 pipe = usb_rcvctrlpipe(data->udev, 0);
766 err = usb_control_msg(data->udev, pipe, 0x01,
768 reg >> 16, reg & 0xffff,
769 buf, 4, USB_CTRL_GET_TIMEOUT);
771 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
775 *val = get_unaligned_le32(buf);
776 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
784 static int btmtk_usb_reg_read(struct hci_dev *hdev, u32 reg, u32 *val)
786 struct btmtk_data *data = hci_get_priv(hdev);
787 int pipe, err, size = sizeof(u32);
790 buf = kzalloc(size, GFP_KERNEL);
794 pipe = usb_rcvctrlpipe(data->udev, 0);
795 err = usb_control_msg(data->udev, pipe, 0x63,
796 USB_TYPE_VENDOR | USB_DIR_IN,
797 reg >> 16, reg & 0xffff,
798 buf, size, USB_CTRL_GET_TIMEOUT);
802 *val = get_unaligned_le32(buf);
810 static int btmtk_usb_id_get(struct hci_dev *hdev, u32 reg, u32 *id)
812 return btmtk_usb_reg_read(hdev, reg, id);
815 static u32 btmtk_usb_reset_done(struct hci_dev *hdev)
819 btmtk_usb_uhw_reg_read(hdev, MTK_BT_MISC, &val);
821 return val & MTK_BT_RST_DONE;
824 int btmtk_usb_subsys_reset(struct hci_dev *hdev, u32 dev_id)
829 if (dev_id == 0x7922) {
830 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
834 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
837 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
840 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
844 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, val);
848 } else if (dev_id == 0x7925) {
849 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
853 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
856 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
861 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
864 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, 0x00010001);
867 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_RESET_REG_CONNV3, &val);
871 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_RESET_REG_CONNV3, val);
874 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
877 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
880 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
883 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
888 /* It's Device EndPoint Reset Option Register */
889 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
890 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
893 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_WDT_STATUS, &val);
896 /* Reset the bluetooth chip via USB interface. */
897 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 1);
900 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
903 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT, &val);
906 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT1, 0x000000FF);
909 err = btmtk_usb_uhw_reg_read(hdev, MTK_UDMA_INT_STA_BT1, &val);
912 /* MT7921 need to delay 20ms between toggle reset bit */
914 err = btmtk_usb_uhw_reg_write(hdev, MTK_BT_SUBSYS_RST, 0);
917 err = btmtk_usb_uhw_reg_read(hdev, MTK_BT_SUBSYS_RST, &val);
922 err = readx_poll_timeout(btmtk_usb_reset_done, hdev, val,
923 val & MTK_BT_RST_DONE, 20000, 1000000);
925 bt_dev_err(hdev, "Reset timeout");
927 if (dev_id == 0x7922) {
928 err = btmtk_usb_uhw_reg_write(hdev, MTK_UDMA_INT_STA_BT, 0x000000FF);
933 err = btmtk_usb_id_get(hdev, 0x70010200, &val);
935 bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
939 EXPORT_SYMBOL_GPL(btmtk_usb_subsys_reset);
941 int btmtk_usb_recv_acl(struct hci_dev *hdev, struct sk_buff *skb)
943 struct btmtk_data *data = hci_get_priv(hdev);
944 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
947 case 0xfc6f: /* Firmware dump from device */
948 /* When the firmware hangs, the device can no longer
949 * suspend and thus disable auto-suspend.
951 usb_disable_autosuspend(data->udev);
953 /* We need to forward the diagnostic packet to userspace daemon
954 * for backward compatibility, so we have to clone the packet
955 * extraly for the in-kernel coredump support.
957 if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
958 struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
961 btmtk_process_coredump(hdev, skb_cd);
965 case 0x05ff: /* Firmware debug logging 1 */
966 case 0x05fe: /* Firmware debug logging 2 */
967 return hci_recv_diag(hdev, skb);
970 return hci_recv_frame(hdev, skb);
972 EXPORT_SYMBOL_GPL(btmtk_usb_recv_acl);
974 static int btmtk_isopkt_pad(struct hci_dev *hdev, struct sk_buff *skb)
976 if (skb->len > MTK_ISO_THRESHOLD)
979 if (skb_pad(skb, MTK_ISO_THRESHOLD - skb->len))
982 __skb_put(skb, MTK_ISO_THRESHOLD - skb->len);
987 static int __set_mtk_intr_interface(struct hci_dev *hdev)
989 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
990 struct usb_interface *intf = btmtk_data->isopkt_intf;
993 if (!btmtk_data->isopkt_intf)
996 err = usb_set_interface(btmtk_data->udev, MTK_ISO_IFNUM, 1);
998 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1002 btmtk_data->isopkt_tx_ep = NULL;
1003 btmtk_data->isopkt_rx_ep = NULL;
1005 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1006 struct usb_endpoint_descriptor *ep_desc;
1008 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1010 if (!btmtk_data->isopkt_tx_ep &&
1011 usb_endpoint_is_int_out(ep_desc)) {
1012 btmtk_data->isopkt_tx_ep = ep_desc;
1016 if (!btmtk_data->isopkt_rx_ep &&
1017 usb_endpoint_is_int_in(ep_desc)) {
1018 btmtk_data->isopkt_rx_ep = ep_desc;
1023 if (!btmtk_data->isopkt_tx_ep ||
1024 !btmtk_data->isopkt_rx_ep) {
1025 bt_dev_err(hdev, "invalid interrupt descriptors");
1032 struct urb *alloc_mtk_intr_urb(struct hci_dev *hdev, struct sk_buff *skb,
1033 usb_complete_t tx_complete)
1035 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1039 if (!btmtk_data->isopkt_tx_ep)
1040 return ERR_PTR(-ENODEV);
1042 urb = usb_alloc_urb(0, GFP_KERNEL);
1044 return ERR_PTR(-ENOMEM);
1046 if (btmtk_isopkt_pad(hdev, skb))
1047 return ERR_PTR(-EINVAL);
1049 pipe = usb_sndintpipe(btmtk_data->udev,
1050 btmtk_data->isopkt_tx_ep->bEndpointAddress);
1052 usb_fill_int_urb(urb, btmtk_data->udev, pipe,
1053 skb->data, skb->len, tx_complete,
1054 skb, btmtk_data->isopkt_tx_ep->bInterval);
1056 skb->dev = (void *)hdev;
1060 EXPORT_SYMBOL_GPL(alloc_mtk_intr_urb);
1062 static int btmtk_recv_isopkt(struct hci_dev *hdev, void *buffer, int count)
1064 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1065 struct sk_buff *skb;
1066 unsigned long flags;
1069 spin_lock_irqsave(&btmtk_data->isorxlock, flags);
1070 skb = btmtk_data->isopkt_skb;
1076 skb = bt_skb_alloc(HCI_MAX_ISO_SIZE, GFP_ATOMIC);
1082 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT;
1083 hci_skb_expect(skb) = HCI_ISO_HDR_SIZE;
1086 len = min_t(uint, hci_skb_expect(skb), count);
1087 skb_put_data(skb, buffer, len);
1091 hci_skb_expect(skb) -= len;
1093 if (skb->len == HCI_ISO_HDR_SIZE) {
1094 __le16 dlen = ((struct hci_iso_hdr *)skb->data)->dlen;
1096 /* Complete ISO header */
1097 hci_skb_expect(skb) = __le16_to_cpu(dlen);
1099 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
1108 if (!hci_skb_expect(skb)) {
1109 /* Complete frame */
1110 hci_recv_frame(hdev, skb);
1115 btmtk_data->isopkt_skb = skb;
1116 spin_unlock_irqrestore(&btmtk_data->isorxlock, flags);
1121 static void btmtk_intr_complete(struct urb *urb)
1123 struct hci_dev *hdev = urb->context;
1124 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1127 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1128 urb->actual_length);
1130 if (!test_bit(HCI_RUNNING, &hdev->flags))
1133 if (hdev->suspended)
1136 if (urb->status == 0) {
1137 hdev->stat.byte_rx += urb->actual_length;
1139 if (btmtk_recv_isopkt(hdev, urb->transfer_buffer,
1140 urb->actual_length) < 0) {
1141 bt_dev_err(hdev, "corrupted iso packet");
1142 hdev->stat.err_rx++;
1144 } else if (urb->status == -ENOENT) {
1145 /* Avoid suspend failed when usb_kill_urb */
1149 usb_mark_last_busy(btmtk_data->udev);
1150 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1152 err = usb_submit_urb(urb, GFP_ATOMIC);
1154 /* -EPERM: urb is being killed;
1155 * -ENODEV: device got disconnected
1157 if (err != -EPERM && err != -ENODEV)
1158 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1161 hci_cmd_sync_cancel(hdev, -err);
1162 usb_unanchor_urb(urb);
1166 static int btmtk_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
1168 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1174 BT_DBG("%s", hdev->name);
1176 if (!btmtk_data->isopkt_rx_ep)
1179 urb = usb_alloc_urb(0, mem_flags);
1182 size = le16_to_cpu(btmtk_data->isopkt_rx_ep->wMaxPacketSize);
1184 buf = kmalloc(size, mem_flags);
1190 pipe = usb_rcvintpipe(btmtk_data->udev,
1191 btmtk_data->isopkt_rx_ep->bEndpointAddress);
1193 usb_fill_int_urb(urb, btmtk_data->udev, pipe, buf, size,
1194 btmtk_intr_complete, hdev,
1195 btmtk_data->isopkt_rx_ep->bInterval);
1197 urb->transfer_flags |= URB_FREE_BUFFER;
1199 usb_mark_last_busy(btmtk_data->udev);
1200 usb_anchor_urb(urb, &btmtk_data->isopkt_anchor);
1202 err = usb_submit_urb(urb, mem_flags);
1204 if (err != -EPERM && err != -ENODEV)
1205 bt_dev_err(hdev, "urb %p submission failed (%d)",
1207 usb_unanchor_urb(urb);
1215 static int btmtk_usb_isointf_init(struct hci_dev *hdev)
1217 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1218 u8 iso_param[2] = { 0x08, 0x01 };
1219 struct sk_buff *skb;
1222 spin_lock_init(&btmtk_data->isorxlock);
1224 __set_mtk_intr_interface(hdev);
1226 err = btmtk_submit_intr_urb(hdev, GFP_KERNEL);
1228 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1229 bt_dev_err(hdev, "ISO intf not support (%d)", err);
1233 skb = __hci_cmd_sync(hdev, 0xfd98, sizeof(iso_param), iso_param,
1236 bt_dev_err(hdev, "Failed to apply iso setting (%ld)", PTR_ERR(skb));
1237 return PTR_ERR(skb);
1244 int btmtk_usb_resume(struct hci_dev *hdev)
1246 /* This function describes the specific additional steps taken by MediaTek
1247 * when Bluetooth usb driver's resume function is called.
1249 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1251 /* Resubmit urb for iso data transmission */
1252 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags)) {
1253 if (btmtk_submit_intr_urb(hdev, GFP_NOIO) < 0)
1254 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1259 EXPORT_SYMBOL_GPL(btmtk_usb_resume);
1261 int btmtk_usb_suspend(struct hci_dev *hdev)
1263 /* This function describes the specific additional steps taken by MediaTek
1264 * when Bluetooth usb driver's suspend function is called.
1266 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1268 /* Stop urb anchor for iso data transmission */
1269 if (test_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags))
1270 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
1274 EXPORT_SYMBOL_GPL(btmtk_usb_suspend);
1276 int btmtk_usb_setup(struct hci_dev *hdev)
1278 struct btmtk_data *btmtk_data = hci_get_priv(hdev);
1279 struct btmtk_hci_wmt_params wmt_params;
1280 ktime_t calltime, delta, rettime;
1281 struct btmtk_tci_sleep tci_sleep;
1282 unsigned long long duration;
1283 struct sk_buff *skb;
1287 char fw_bin_name[64];
1288 u32 fw_version = 0, fw_flavor = 0;
1291 calltime = ktime_get();
1293 err = btmtk_usb_id_get(hdev, 0x80000008, &dev_id);
1295 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1299 if (!dev_id || dev_id != 0x7663) {
1300 err = btmtk_usb_id_get(hdev, 0x70010200, &dev_id);
1302 bt_dev_err(hdev, "Failed to get device id (%d)", err);
1305 err = btmtk_usb_id_get(hdev, 0x80021004, &fw_version);
1307 bt_dev_err(hdev, "Failed to get fw version (%d)", err);
1310 err = btmtk_usb_id_get(hdev, 0x70010020, &fw_flavor);
1312 bt_dev_err(hdev, "Failed to get fw flavor (%d)", err);
1315 fw_flavor = (fw_flavor & 0x00000080) >> 7;
1318 btmtk_data->dev_id = dev_id;
1320 err = btmtk_register_coredump(hdev, btmtk_data->drv_name, fw_version);
1322 bt_dev_err(hdev, "Failed to register coredump (%d)", err);
1326 fwname = FIRMWARE_MT7663;
1329 fwname = FIRMWARE_MT7668;
1333 /* Reset the device to ensure it's in the initial state before
1334 * downloading the firmware to ensure.
1337 if (!test_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags))
1338 btmtk_usb_subsys_reset(hdev, dev_id);
1341 btmtk_fw_get_filename(fw_bin_name, sizeof(fw_bin_name), dev_id,
1342 fw_version, fw_flavor);
1344 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
1345 btmtk_usb_hci_wmt_sync);
1347 bt_dev_err(hdev, "Failed to set up firmware (%d)", err);
1348 clear_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1352 set_bit(BTMTK_FIRMWARE_LOADED, &btmtk_data->flags);
1354 /* It's Device EndPoint Reset Option Register */
1355 err = btmtk_usb_uhw_reg_write(hdev, MTK_EP_RST_OPT,
1356 MTK_EP_RST_IN_OUT_OPT);
1360 /* Enable Bluetooth protocol */
1362 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1363 wmt_params.flag = 0;
1364 wmt_params.dlen = sizeof(param);
1365 wmt_params.data = ¶m;
1366 wmt_params.status = NULL;
1368 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1370 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1374 hci_set_msft_opcode(hdev, 0xFD30);
1375 hci_set_aosp_capable(hdev);
1377 /* Set up ISO interface after protocol enabled */
1378 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
1379 if (!btmtk_usb_isointf_init(hdev))
1380 set_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
1385 bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
1390 /* Query whether the firmware is already download */
1391 wmt_params.op = BTMTK_WMT_SEMAPHORE;
1392 wmt_params.flag = 1;
1393 wmt_params.dlen = 0;
1394 wmt_params.data = NULL;
1395 wmt_params.status = &status;
1397 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1399 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
1403 if (status == BTMTK_WMT_PATCH_DONE) {
1404 bt_dev_info(hdev, "firmware already downloaded");
1405 goto ignore_setup_fw;
1408 /* Setup a firmware which the device definitely requires */
1409 err = btmtk_setup_firmware(hdev, fwname,
1410 btmtk_usb_hci_wmt_sync);
1415 err = readx_poll_timeout(btmtk_usb_func_query, hdev, status,
1416 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
1418 /* -ETIMEDOUT happens */
1422 /* The other errors happen in btmtk_usb_func_query */
1426 if (status == BTMTK_WMT_ON_DONE) {
1427 bt_dev_info(hdev, "function already on");
1428 goto ignore_func_on;
1431 /* Enable Bluetooth protocol */
1433 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1434 wmt_params.flag = 0;
1435 wmt_params.dlen = sizeof(param);
1436 wmt_params.data = ¶m;
1437 wmt_params.status = NULL;
1439 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1441 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1446 /* Apply the low power environment setup */
1447 tci_sleep.mode = 0x5;
1448 tci_sleep.duration = cpu_to_le16(0x640);
1449 tci_sleep.host_duration = cpu_to_le16(0x640);
1450 tci_sleep.host_wakeup_pin = 0;
1451 tci_sleep.time_compensation = 0;
1453 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
1457 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
1463 rettime = ktime_get();
1464 delta = ktime_sub(rettime, calltime);
1465 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1467 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
1471 EXPORT_SYMBOL_GPL(btmtk_usb_setup);
1473 int btmtk_usb_shutdown(struct hci_dev *hdev)
1475 struct btmtk_data *data = hci_get_priv(hdev);
1476 struct btmtk_hci_wmt_params wmt_params;
1480 err = usb_autopm_get_interface(data->intf);
1484 /* Disable the device */
1485 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
1486 wmt_params.flag = 0;
1487 wmt_params.dlen = sizeof(param);
1488 wmt_params.data = ¶m;
1489 wmt_params.status = NULL;
1491 err = btmtk_usb_hci_wmt_sync(hdev, &wmt_params);
1493 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
1494 usb_autopm_put_interface(data->intf);
1498 usb_autopm_put_interface(data->intf);
1501 EXPORT_SYMBOL_GPL(btmtk_usb_shutdown);
1506 MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
1507 MODULE_VERSION(VERSION);
1508 MODULE_LICENSE("GPL");
1509 MODULE_FIRMWARE(FIRMWARE_MT7622);
1510 MODULE_FIRMWARE(FIRMWARE_MT7663);
1511 MODULE_FIRMWARE(FIRMWARE_MT7668);
1512 MODULE_FIRMWARE(FIRMWARE_MT7922);
1513 MODULE_FIRMWARE(FIRMWARE_MT7961);
1514 MODULE_FIRMWARE(FIRMWARE_MT7925);
projects / linux.git / blob