networking: add and use skb_put_u8()
[sfrench/cifs-2.6.git] / drivers / bluetooth / hci_intel.c
1 /*
2  *
3  *  Bluetooth HCI UART driver for Intel devices
4  *
5  *  Copyright (C) 2015  Intel Corporation
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23
24 #include <linux/kernel.h>
25 #include <linux/errno.h>
26 #include <linux/skbuff.h>
27 #include <linux/firmware.h>
28 #include <linux/module.h>
29 #include <linux/wait.h>
30 #include <linux/tty.h>
31 #include <linux/platform_device.h>
32 #include <linux/gpio/consumer.h>
33 #include <linux/acpi.h>
34 #include <linux/interrupt.h>
35 #include <linux/pm_runtime.h>
36
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39
40 #include "hci_uart.h"
41 #include "btintel.h"
42
43 #define STATE_BOOTLOADER        0
44 #define STATE_DOWNLOADING       1
45 #define STATE_FIRMWARE_LOADED   2
46 #define STATE_FIRMWARE_FAILED   3
47 #define STATE_BOOTING           4
48 #define STATE_LPM_ENABLED       5
49 #define STATE_TX_ACTIVE         6
50 #define STATE_SUSPENDED         7
51 #define STATE_LPM_TRANSACTION   8
52
53 #define HCI_LPM_WAKE_PKT 0xf0
54 #define HCI_LPM_PKT 0xf1
55 #define HCI_LPM_MAX_SIZE 10
56 #define HCI_LPM_HDR_SIZE HCI_EVENT_HDR_SIZE
57
58 #define LPM_OP_TX_NOTIFY 0x00
59 #define LPM_OP_SUSPEND_ACK 0x02
60 #define LPM_OP_RESUME_ACK 0x03
61
62 #define LPM_SUSPEND_DELAY_MS 1000
63
64 struct hci_lpm_pkt {
65         __u8 opcode;
66         __u8 dlen;
67         __u8 data[0];
68 } __packed;
69
70 struct intel_device {
71         struct list_head list;
72         struct platform_device *pdev;
73         struct gpio_desc *reset;
74         struct hci_uart *hu;
75         struct mutex hu_lock;
76         int irq;
77 };
78
79 static LIST_HEAD(intel_device_list);
80 static DEFINE_MUTEX(intel_device_list_lock);
81
82 struct intel_data {
83         struct sk_buff *rx_skb;
84         struct sk_buff_head txq;
85         struct work_struct busy_work;
86         struct hci_uart *hu;
87         unsigned long flags;
88 };
89
90 static u8 intel_convert_speed(unsigned int speed)
91 {
92         switch (speed) {
93         case 9600:
94                 return 0x00;
95         case 19200:
96                 return 0x01;
97         case 38400:
98                 return 0x02;
99         case 57600:
100                 return 0x03;
101         case 115200:
102                 return 0x04;
103         case 230400:
104                 return 0x05;
105         case 460800:
106                 return 0x06;
107         case 921600:
108                 return 0x07;
109         case 1843200:
110                 return 0x08;
111         case 3250000:
112                 return 0x09;
113         case 2000000:
114                 return 0x0a;
115         case 3000000:
116                 return 0x0b;
117         default:
118                 return 0xff;
119         }
120 }
121
122 static int intel_wait_booting(struct hci_uart *hu)
123 {
124         struct intel_data *intel = hu->priv;
125         int err;
126
127         err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING,
128                                   TASK_INTERRUPTIBLE,
129                                   msecs_to_jiffies(1000));
130
131         if (err == -EINTR) {
132                 bt_dev_err(hu->hdev, "Device boot interrupted");
133                 return -EINTR;
134         }
135
136         if (err) {
137                 bt_dev_err(hu->hdev, "Device boot timeout");
138                 return -ETIMEDOUT;
139         }
140
141         return err;
142 }
143
144 #ifdef CONFIG_PM
145 static int intel_wait_lpm_transaction(struct hci_uart *hu)
146 {
147         struct intel_data *intel = hu->priv;
148         int err;
149
150         err = wait_on_bit_timeout(&intel->flags, STATE_LPM_TRANSACTION,
151                                   TASK_INTERRUPTIBLE,
152                                   msecs_to_jiffies(1000));
153
154         if (err == -EINTR) {
155                 bt_dev_err(hu->hdev, "LPM transaction interrupted");
156                 return -EINTR;
157         }
158
159         if (err) {
160                 bt_dev_err(hu->hdev, "LPM transaction timeout");
161                 return -ETIMEDOUT;
162         }
163
164         return err;
165 }
166
167 static int intel_lpm_suspend(struct hci_uart *hu)
168 {
169         static const u8 suspend[] = { 0x01, 0x01, 0x01 };
170         struct intel_data *intel = hu->priv;
171         struct sk_buff *skb;
172
173         if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
174             test_bit(STATE_SUSPENDED, &intel->flags))
175                 return 0;
176
177         if (test_bit(STATE_TX_ACTIVE, &intel->flags))
178                 return -EAGAIN;
179
180         bt_dev_dbg(hu->hdev, "Suspending");
181
182         skb = bt_skb_alloc(sizeof(suspend), GFP_KERNEL);
183         if (!skb) {
184                 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
185                 return -ENOMEM;
186         }
187
188         skb_put_data(skb, suspend, sizeof(suspend));
189         hci_skb_pkt_type(skb) = HCI_LPM_PKT;
190
191         set_bit(STATE_LPM_TRANSACTION, &intel->flags);
192
193         /* LPM flow is a priority, enqueue packet at list head */
194         skb_queue_head(&intel->txq, skb);
195         hci_uart_tx_wakeup(hu);
196
197         intel_wait_lpm_transaction(hu);
198         /* Even in case of failure, continue and test the suspended flag */
199
200         clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
201
202         if (!test_bit(STATE_SUSPENDED, &intel->flags)) {
203                 bt_dev_err(hu->hdev, "Device suspend error");
204                 return -EINVAL;
205         }
206
207         bt_dev_dbg(hu->hdev, "Suspended");
208
209         hci_uart_set_flow_control(hu, true);
210
211         return 0;
212 }
213
214 static int intel_lpm_resume(struct hci_uart *hu)
215 {
216         struct intel_data *intel = hu->priv;
217         struct sk_buff *skb;
218
219         if (!test_bit(STATE_LPM_ENABLED, &intel->flags) ||
220             !test_bit(STATE_SUSPENDED, &intel->flags))
221                 return 0;
222
223         bt_dev_dbg(hu->hdev, "Resuming");
224
225         hci_uart_set_flow_control(hu, false);
226
227         skb = bt_skb_alloc(0, GFP_KERNEL);
228         if (!skb) {
229                 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
230                 return -ENOMEM;
231         }
232
233         hci_skb_pkt_type(skb) = HCI_LPM_WAKE_PKT;
234
235         set_bit(STATE_LPM_TRANSACTION, &intel->flags);
236
237         /* LPM flow is a priority, enqueue packet at list head */
238         skb_queue_head(&intel->txq, skb);
239         hci_uart_tx_wakeup(hu);
240
241         intel_wait_lpm_transaction(hu);
242         /* Even in case of failure, continue and test the suspended flag */
243
244         clear_bit(STATE_LPM_TRANSACTION, &intel->flags);
245
246         if (test_bit(STATE_SUSPENDED, &intel->flags)) {
247                 bt_dev_err(hu->hdev, "Device resume error");
248                 return -EINVAL;
249         }
250
251         bt_dev_dbg(hu->hdev, "Resumed");
252
253         return 0;
254 }
255 #endif /* CONFIG_PM */
256
257 static int intel_lpm_host_wake(struct hci_uart *hu)
258 {
259         static const u8 lpm_resume_ack[] = { LPM_OP_RESUME_ACK, 0x00 };
260         struct intel_data *intel = hu->priv;
261         struct sk_buff *skb;
262
263         hci_uart_set_flow_control(hu, false);
264
265         clear_bit(STATE_SUSPENDED, &intel->flags);
266
267         skb = bt_skb_alloc(sizeof(lpm_resume_ack), GFP_KERNEL);
268         if (!skb) {
269                 bt_dev_err(hu->hdev, "Failed to alloc memory for LPM packet");
270                 return -ENOMEM;
271         }
272
273         skb_put_data(skb, lpm_resume_ack, sizeof(lpm_resume_ack));
274         hci_skb_pkt_type(skb) = HCI_LPM_PKT;
275
276         /* LPM flow is a priority, enqueue packet at list head */
277         skb_queue_head(&intel->txq, skb);
278         hci_uart_tx_wakeup(hu);
279
280         bt_dev_dbg(hu->hdev, "Resumed by controller");
281
282         return 0;
283 }
284
285 static irqreturn_t intel_irq(int irq, void *dev_id)
286 {
287         struct intel_device *idev = dev_id;
288
289         dev_info(&idev->pdev->dev, "hci_intel irq\n");
290
291         mutex_lock(&idev->hu_lock);
292         if (idev->hu)
293                 intel_lpm_host_wake(idev->hu);
294         mutex_unlock(&idev->hu_lock);
295
296         /* Host/Controller are now LPM resumed, trigger a new delayed suspend */
297         pm_runtime_get(&idev->pdev->dev);
298         pm_runtime_mark_last_busy(&idev->pdev->dev);
299         pm_runtime_put_autosuspend(&idev->pdev->dev);
300
301         return IRQ_HANDLED;
302 }
303
304 static int intel_set_power(struct hci_uart *hu, bool powered)
305 {
306         struct list_head *p;
307         int err = -ENODEV;
308
309         if (!hu->tty->dev)
310                 return err;
311
312         mutex_lock(&intel_device_list_lock);
313
314         list_for_each(p, &intel_device_list) {
315                 struct intel_device *idev = list_entry(p, struct intel_device,
316                                                        list);
317
318                 /* tty device and pdev device should share the same parent
319                  * which is the UART port.
320                  */
321                 if (hu->tty->dev->parent != idev->pdev->dev.parent)
322                         continue;
323
324                 if (!idev->reset) {
325                         err = -ENOTSUPP;
326                         break;
327                 }
328
329                 BT_INFO("hu %p, Switching compatible pm device (%s) to %u",
330                         hu, dev_name(&idev->pdev->dev), powered);
331
332                 gpiod_set_value(idev->reset, powered);
333
334                 /* Provide to idev a hu reference which is used to run LPM
335                  * transactions (lpm suspend/resume) from PM callbacks.
336                  * hu needs to be protected against concurrent removing during
337                  * these PM ops.
338                  */
339                 mutex_lock(&idev->hu_lock);
340                 idev->hu = powered ? hu : NULL;
341                 mutex_unlock(&idev->hu_lock);
342
343                 if (idev->irq < 0)
344                         break;
345
346                 if (powered && device_can_wakeup(&idev->pdev->dev)) {
347                         err = devm_request_threaded_irq(&idev->pdev->dev,
348                                                         idev->irq, NULL,
349                                                         intel_irq,
350                                                         IRQF_ONESHOT,
351                                                         "bt-host-wake", idev);
352                         if (err) {
353                                 BT_ERR("hu %p, unable to allocate irq-%d",
354                                        hu, idev->irq);
355                                 break;
356                         }
357
358                         device_wakeup_enable(&idev->pdev->dev);
359
360                         pm_runtime_set_active(&idev->pdev->dev);
361                         pm_runtime_use_autosuspend(&idev->pdev->dev);
362                         pm_runtime_set_autosuspend_delay(&idev->pdev->dev,
363                                                          LPM_SUSPEND_DELAY_MS);
364                         pm_runtime_enable(&idev->pdev->dev);
365                 } else if (!powered && device_may_wakeup(&idev->pdev->dev)) {
366                         devm_free_irq(&idev->pdev->dev, idev->irq, idev);
367                         device_wakeup_disable(&idev->pdev->dev);
368
369                         pm_runtime_disable(&idev->pdev->dev);
370                 }
371         }
372
373         mutex_unlock(&intel_device_list_lock);
374
375         return err;
376 }
377
378 static void intel_busy_work(struct work_struct *work)
379 {
380         struct list_head *p;
381         struct intel_data *intel = container_of(work, struct intel_data,
382                                                 busy_work);
383
384         if (!intel->hu->tty->dev)
385                 return;
386
387         /* Link is busy, delay the suspend */
388         mutex_lock(&intel_device_list_lock);
389         list_for_each(p, &intel_device_list) {
390                 struct intel_device *idev = list_entry(p, struct intel_device,
391                                                        list);
392
393                 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
394                         pm_runtime_get(&idev->pdev->dev);
395                         pm_runtime_mark_last_busy(&idev->pdev->dev);
396                         pm_runtime_put_autosuspend(&idev->pdev->dev);
397                         break;
398                 }
399         }
400         mutex_unlock(&intel_device_list_lock);
401 }
402
403 static int intel_open(struct hci_uart *hu)
404 {
405         struct intel_data *intel;
406
407         BT_DBG("hu %p", hu);
408
409         intel = kzalloc(sizeof(*intel), GFP_KERNEL);
410         if (!intel)
411                 return -ENOMEM;
412
413         skb_queue_head_init(&intel->txq);
414         INIT_WORK(&intel->busy_work, intel_busy_work);
415
416         intel->hu = hu;
417
418         hu->priv = intel;
419
420         if (!intel_set_power(hu, true))
421                 set_bit(STATE_BOOTING, &intel->flags);
422
423         return 0;
424 }
425
426 static int intel_close(struct hci_uart *hu)
427 {
428         struct intel_data *intel = hu->priv;
429
430         BT_DBG("hu %p", hu);
431
432         cancel_work_sync(&intel->busy_work);
433
434         intel_set_power(hu, false);
435
436         skb_queue_purge(&intel->txq);
437         kfree_skb(intel->rx_skb);
438         kfree(intel);
439
440         hu->priv = NULL;
441         return 0;
442 }
443
444 static int intel_flush(struct hci_uart *hu)
445 {
446         struct intel_data *intel = hu->priv;
447
448         BT_DBG("hu %p", hu);
449
450         skb_queue_purge(&intel->txq);
451
452         return 0;
453 }
454
455 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
456 {
457         struct sk_buff *skb;
458         struct hci_event_hdr *hdr;
459         struct hci_ev_cmd_complete *evt;
460
461         skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
462         if (!skb)
463                 return -ENOMEM;
464
465         hdr = skb_put(skb, sizeof(*hdr));
466         hdr->evt = HCI_EV_CMD_COMPLETE;
467         hdr->plen = sizeof(*evt) + 1;
468
469         evt = skb_put(skb, sizeof(*evt));
470         evt->ncmd = 0x01;
471         evt->opcode = cpu_to_le16(opcode);
472
473         skb_put_u8(skb, 0x00);
474
475         hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
476
477         return hci_recv_frame(hdev, skb);
478 }
479
480 static int intel_set_baudrate(struct hci_uart *hu, unsigned int speed)
481 {
482         struct intel_data *intel = hu->priv;
483         struct hci_dev *hdev = hu->hdev;
484         u8 speed_cmd[] = { 0x06, 0xfc, 0x01, 0x00 };
485         struct sk_buff *skb;
486         int err;
487
488         /* This can be the first command sent to the chip, check
489          * that the controller is ready.
490          */
491         err = intel_wait_booting(hu);
492
493         clear_bit(STATE_BOOTING, &intel->flags);
494
495         /* In case of timeout, try to continue anyway */
496         if (err && err != -ETIMEDOUT)
497                 return err;
498
499         bt_dev_info(hdev, "Change controller speed to %d", speed);
500
501         speed_cmd[3] = intel_convert_speed(speed);
502         if (speed_cmd[3] == 0xff) {
503                 bt_dev_err(hdev, "Unsupported speed");
504                 return -EINVAL;
505         }
506
507         /* Device will not accept speed change if Intel version has not been
508          * previously requested.
509          */
510         skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
511         if (IS_ERR(skb)) {
512                 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
513                            PTR_ERR(skb));
514                 return PTR_ERR(skb);
515         }
516         kfree_skb(skb);
517
518         skb = bt_skb_alloc(sizeof(speed_cmd), GFP_KERNEL);
519         if (!skb) {
520                 bt_dev_err(hdev, "Failed to alloc memory for baudrate packet");
521                 return -ENOMEM;
522         }
523
524         skb_put_data(skb, speed_cmd, sizeof(speed_cmd));
525         hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
526
527         hci_uart_set_flow_control(hu, true);
528
529         skb_queue_tail(&intel->txq, skb);
530         hci_uart_tx_wakeup(hu);
531
532         /* wait 100ms to change baudrate on controller side */
533         msleep(100);
534
535         hci_uart_set_baudrate(hu, speed);
536         hci_uart_set_flow_control(hu, false);
537
538         return 0;
539 }
540
541 static int intel_setup(struct hci_uart *hu)
542 {
543         static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01,
544                                           0x00, 0x08, 0x04, 0x00 };
545         struct intel_data *intel = hu->priv;
546         struct hci_dev *hdev = hu->hdev;
547         struct sk_buff *skb;
548         struct intel_version ver;
549         struct intel_boot_params *params;
550         struct list_head *p;
551         const struct firmware *fw;
552         const u8 *fw_ptr;
553         char fwname[64];
554         u32 frag_len;
555         ktime_t calltime, delta, rettime;
556         unsigned long long duration;
557         unsigned int init_speed, oper_speed;
558         int speed_change = 0;
559         int err;
560
561         bt_dev_dbg(hdev, "start intel_setup");
562
563         hu->hdev->set_diag = btintel_set_diag;
564         hu->hdev->set_bdaddr = btintel_set_bdaddr;
565
566         calltime = ktime_get();
567
568         if (hu->init_speed)
569                 init_speed = hu->init_speed;
570         else
571                 init_speed = hu->proto->init_speed;
572
573         if (hu->oper_speed)
574                 oper_speed = hu->oper_speed;
575         else
576                 oper_speed = hu->proto->oper_speed;
577
578         if (oper_speed && init_speed && oper_speed != init_speed)
579                 speed_change = 1;
580
581         /* Check that the controller is ready */
582         err = intel_wait_booting(hu);
583
584         clear_bit(STATE_BOOTING, &intel->flags);
585
586         /* In case of timeout, try to continue anyway */
587         if (err && err != -ETIMEDOUT)
588                 return err;
589
590         set_bit(STATE_BOOTLOADER, &intel->flags);
591
592         /* Read the Intel version information to determine if the device
593          * is in bootloader mode or if it already has operational firmware
594          * loaded.
595          */
596          err = btintel_read_version(hdev, &ver);
597          if (err)
598                 return err;
599
600         /* The hardware platform number has a fixed value of 0x37 and
601          * for now only accept this single value.
602          */
603         if (ver.hw_platform != 0x37) {
604                 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
605                            ver.hw_platform);
606                 return -EINVAL;
607         }
608
609         /* Check for supported iBT hardware variants of this firmware
610          * loading method.
611          *
612          * This check has been put in place to ensure correct forward
613          * compatibility options when newer hardware variants come along.
614          */
615         switch (ver.hw_variant) {
616         case 0x0b:      /* LnP */
617         case 0x0c:      /* WsP */
618         case 0x12:      /* ThP */
619                 break;
620         default:
621                 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
622                            ver.hw_variant);
623                 return -EINVAL;
624         }
625
626         btintel_version_info(hdev, &ver);
627
628         /* The firmware variant determines if the device is in bootloader
629          * mode or is running operational firmware. The value 0x06 identifies
630          * the bootloader and the value 0x23 identifies the operational
631          * firmware.
632          *
633          * When the operational firmware is already present, then only
634          * the check for valid Bluetooth device address is needed. This
635          * determines if the device will be added as configured or
636          * unconfigured controller.
637          *
638          * It is not possible to use the Secure Boot Parameters in this
639          * case since that command is only available in bootloader mode.
640          */
641         if (ver.fw_variant == 0x23) {
642                 clear_bit(STATE_BOOTLOADER, &intel->flags);
643                 btintel_check_bdaddr(hdev);
644                 return 0;
645         }
646
647         /* If the device is not in bootloader mode, then the only possible
648          * choice is to return an error and abort the device initialization.
649          */
650         if (ver.fw_variant != 0x06) {
651                 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
652                            ver.fw_variant);
653                 return -ENODEV;
654         }
655
656         /* Read the secure boot parameters to identify the operating
657          * details of the bootloader.
658          */
659         skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_CMD_TIMEOUT);
660         if (IS_ERR(skb)) {
661                 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
662                            PTR_ERR(skb));
663                 return PTR_ERR(skb);
664         }
665
666         if (skb->len != sizeof(*params)) {
667                 bt_dev_err(hdev, "Intel boot parameters size mismatch");
668                 kfree_skb(skb);
669                 return -EILSEQ;
670         }
671
672         params = (struct intel_boot_params *)skb->data;
673         if (params->status) {
674                 bt_dev_err(hdev, "Intel boot parameters command failure (%02x)",
675                            params->status);
676                 err = -bt_to_errno(params->status);
677                 kfree_skb(skb);
678                 return err;
679         }
680
681         bt_dev_info(hdev, "Device revision is %u",
682                     le16_to_cpu(params->dev_revid));
683
684         bt_dev_info(hdev, "Secure boot is %s",
685                     params->secure_boot ? "enabled" : "disabled");
686
687         bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
688                 params->min_fw_build_nn, params->min_fw_build_cw,
689                 2000 + params->min_fw_build_yy);
690
691         /* It is required that every single firmware fragment is acknowledged
692          * with a command complete event. If the boot parameters indicate
693          * that this bootloader does not send them, then abort the setup.
694          */
695         if (params->limited_cce != 0x00) {
696                 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
697                            params->limited_cce);
698                 kfree_skb(skb);
699                 return -EINVAL;
700         }
701
702         /* If the OTP has no valid Bluetooth device address, then there will
703          * also be no valid address for the operational firmware.
704          */
705         if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) {
706                 bt_dev_info(hdev, "No device address configured");
707                 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
708         }
709
710         /* With this Intel bootloader only the hardware variant and device
711          * revision information are used to select the right firmware.
712          *
713          * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
714          *
715          * Currently the supported hardware variants are:
716          *   11 (0x0b) for iBT 3.0 (LnP/SfP)
717          */
718         snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
719                 le16_to_cpu(ver.hw_variant),
720                 le16_to_cpu(params->dev_revid));
721
722         err = request_firmware(&fw, fwname, &hdev->dev);
723         if (err < 0) {
724                 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
725                            err);
726                 kfree_skb(skb);
727                 return err;
728         }
729
730         bt_dev_info(hdev, "Found device firmware: %s", fwname);
731
732         /* Save the DDC file name for later */
733         snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
734                 le16_to_cpu(ver.hw_variant),
735                 le16_to_cpu(params->dev_revid));
736
737         kfree_skb(skb);
738
739         if (fw->size < 644) {
740                 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
741                            fw->size);
742                 err = -EBADF;
743                 goto done;
744         }
745
746         set_bit(STATE_DOWNLOADING, &intel->flags);
747
748         /* Start the firmware download transaction with the Init fragment
749          * represented by the 128 bytes of CSS header.
750          */
751         err = btintel_secure_send(hdev, 0x00, 128, fw->data);
752         if (err < 0) {
753                 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
754                 goto done;
755         }
756
757         /* Send the 256 bytes of public key information from the firmware
758          * as the PKey fragment.
759          */
760         err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
761         if (err < 0) {
762                 bt_dev_err(hdev, "Failed to send firmware public key (%d)",
763                            err);
764                 goto done;
765         }
766
767         /* Send the 256 bytes of signature information from the firmware
768          * as the Sign fragment.
769          */
770         err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
771         if (err < 0) {
772                 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
773                            err);
774                 goto done;
775         }
776
777         fw_ptr = fw->data + 644;
778         frag_len = 0;
779
780         while (fw_ptr - fw->data < fw->size) {
781                 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
782
783                 frag_len += sizeof(*cmd) + cmd->plen;
784
785                 bt_dev_dbg(hdev, "Patching %td/%zu", (fw_ptr - fw->data),
786                            fw->size);
787
788                 /* The parameter length of the secure send command requires
789                  * a 4 byte alignment. It happens so that the firmware file
790                  * contains proper Intel_NOP commands to align the fragments
791                  * as needed.
792                  *
793                  * Send set of commands with 4 byte alignment from the
794                  * firmware data buffer as a single Data fragement.
795                  */
796                 if (frag_len % 4)
797                         continue;
798
799                 /* Send each command from the firmware data buffer as
800                  * a single Data fragment.
801                  */
802                 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
803                 if (err < 0) {
804                         bt_dev_err(hdev, "Failed to send firmware data (%d)",
805                                    err);
806                         goto done;
807                 }
808
809                 fw_ptr += frag_len;
810                 frag_len = 0;
811         }
812
813         set_bit(STATE_FIRMWARE_LOADED, &intel->flags);
814
815         bt_dev_info(hdev, "Waiting for firmware download to complete");
816
817         /* Before switching the device into operational mode and with that
818          * booting the loaded firmware, wait for the bootloader notification
819          * that all fragments have been successfully received.
820          *
821          * When the event processing receives the notification, then the
822          * STATE_DOWNLOADING flag will be cleared.
823          *
824          * The firmware loading should not take longer than 5 seconds
825          * and thus just timeout if that happens and fail the setup
826          * of this device.
827          */
828         err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING,
829                                   TASK_INTERRUPTIBLE,
830                                   msecs_to_jiffies(5000));
831         if (err == -EINTR) {
832                 bt_dev_err(hdev, "Firmware loading interrupted");
833                 err = -EINTR;
834                 goto done;
835         }
836
837         if (err) {
838                 bt_dev_err(hdev, "Firmware loading timeout");
839                 err = -ETIMEDOUT;
840                 goto done;
841         }
842
843         if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) {
844                 bt_dev_err(hdev, "Firmware loading failed");
845                 err = -ENOEXEC;
846                 goto done;
847         }
848
849         rettime = ktime_get();
850         delta = ktime_sub(rettime, calltime);
851         duration = (unsigned long long) ktime_to_ns(delta) >> 10;
852
853         bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
854
855 done:
856         release_firmware(fw);
857
858         if (err < 0)
859                 return err;
860
861         /* We need to restore the default speed before Intel reset */
862         if (speed_change) {
863                 err = intel_set_baudrate(hu, init_speed);
864                 if (err)
865                         return err;
866         }
867
868         calltime = ktime_get();
869
870         set_bit(STATE_BOOTING, &intel->flags);
871
872         skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param,
873                              HCI_CMD_TIMEOUT);
874         if (IS_ERR(skb))
875                 return PTR_ERR(skb);
876
877         kfree_skb(skb);
878
879         /* The bootloader will not indicate when the device is ready. This
880          * is done by the operational firmware sending bootup notification.
881          *
882          * Booting into operational firmware should not take longer than
883          * 1 second. However if that happens, then just fail the setup
884          * since something went wrong.
885          */
886         bt_dev_info(hdev, "Waiting for device to boot");
887
888         err = intel_wait_booting(hu);
889         if (err)
890                 return err;
891
892         clear_bit(STATE_BOOTING, &intel->flags);
893
894         rettime = ktime_get();
895         delta = ktime_sub(rettime, calltime);
896         duration = (unsigned long long) ktime_to_ns(delta) >> 10;
897
898         bt_dev_info(hdev, "Device booted in %llu usecs", duration);
899
900         /* Enable LPM if matching pdev with wakeup enabled, set TX active
901          * until further LPM TX notification.
902          */
903         mutex_lock(&intel_device_list_lock);
904         list_for_each(p, &intel_device_list) {
905                 struct intel_device *dev = list_entry(p, struct intel_device,
906                                                       list);
907                 if (!hu->tty->dev)
908                         break;
909                 if (hu->tty->dev->parent == dev->pdev->dev.parent) {
910                         if (device_may_wakeup(&dev->pdev->dev)) {
911                                 set_bit(STATE_LPM_ENABLED, &intel->flags);
912                                 set_bit(STATE_TX_ACTIVE, &intel->flags);
913                         }
914                         break;
915                 }
916         }
917         mutex_unlock(&intel_device_list_lock);
918
919         /* Ignore errors, device can work without DDC parameters */
920         btintel_load_ddc_config(hdev, fwname);
921
922         skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
923         if (IS_ERR(skb))
924                 return PTR_ERR(skb);
925         kfree_skb(skb);
926
927         if (speed_change) {
928                 err = intel_set_baudrate(hu, oper_speed);
929                 if (err)
930                         return err;
931         }
932
933         bt_dev_info(hdev, "Setup complete");
934
935         clear_bit(STATE_BOOTLOADER, &intel->flags);
936
937         return 0;
938 }
939
940 static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
941 {
942         struct hci_uart *hu = hci_get_drvdata(hdev);
943         struct intel_data *intel = hu->priv;
944         struct hci_event_hdr *hdr;
945
946         if (!test_bit(STATE_BOOTLOADER, &intel->flags) &&
947             !test_bit(STATE_BOOTING, &intel->flags))
948                 goto recv;
949
950         hdr = (void *)skb->data;
951
952         /* When the firmware loading completes the device sends
953          * out a vendor specific event indicating the result of
954          * the firmware loading.
955          */
956         if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
957             skb->data[2] == 0x06) {
958                 if (skb->data[3] != 0x00)
959                         set_bit(STATE_FIRMWARE_FAILED, &intel->flags);
960
961                 if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) &&
962                     test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) {
963                         smp_mb__after_atomic();
964                         wake_up_bit(&intel->flags, STATE_DOWNLOADING);
965                 }
966
967         /* When switching to the operational firmware the device
968          * sends a vendor specific event indicating that the bootup
969          * completed.
970          */
971         } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
972                    skb->data[2] == 0x02) {
973                 if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) {
974                         smp_mb__after_atomic();
975                         wake_up_bit(&intel->flags, STATE_BOOTING);
976                 }
977         }
978 recv:
979         return hci_recv_frame(hdev, skb);
980 }
981
982 static void intel_recv_lpm_notify(struct hci_dev *hdev, int value)
983 {
984         struct hci_uart *hu = hci_get_drvdata(hdev);
985         struct intel_data *intel = hu->priv;
986
987         bt_dev_dbg(hdev, "TX idle notification (%d)", value);
988
989         if (value) {
990                 set_bit(STATE_TX_ACTIVE, &intel->flags);
991                 schedule_work(&intel->busy_work);
992         } else {
993                 clear_bit(STATE_TX_ACTIVE, &intel->flags);
994         }
995 }
996
997 static int intel_recv_lpm(struct hci_dev *hdev, struct sk_buff *skb)
998 {
999         struct hci_lpm_pkt *lpm = (void *)skb->data;
1000         struct hci_uart *hu = hci_get_drvdata(hdev);
1001         struct intel_data *intel = hu->priv;
1002
1003         switch (lpm->opcode) {
1004         case LPM_OP_TX_NOTIFY:
1005                 if (lpm->dlen < 1) {
1006                         bt_dev_err(hu->hdev, "Invalid LPM notification packet");
1007                         break;
1008                 }
1009                 intel_recv_lpm_notify(hdev, lpm->data[0]);
1010                 break;
1011         case LPM_OP_SUSPEND_ACK:
1012                 set_bit(STATE_SUSPENDED, &intel->flags);
1013                 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1014                         smp_mb__after_atomic();
1015                         wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1016                 }
1017                 break;
1018         case LPM_OP_RESUME_ACK:
1019                 clear_bit(STATE_SUSPENDED, &intel->flags);
1020                 if (test_and_clear_bit(STATE_LPM_TRANSACTION, &intel->flags)) {
1021                         smp_mb__after_atomic();
1022                         wake_up_bit(&intel->flags, STATE_LPM_TRANSACTION);
1023                 }
1024                 break;
1025         default:
1026                 bt_dev_err(hdev, "Unknown LPM opcode (%02x)", lpm->opcode);
1027                 break;
1028         }
1029
1030         kfree_skb(skb);
1031
1032         return 0;
1033 }
1034
1035 #define INTEL_RECV_LPM \
1036         .type = HCI_LPM_PKT, \
1037         .hlen = HCI_LPM_HDR_SIZE, \
1038         .loff = 1, \
1039         .lsize = 1, \
1040         .maxlen = HCI_LPM_MAX_SIZE
1041
1042 static const struct h4_recv_pkt intel_recv_pkts[] = {
1043         { H4_RECV_ACL,    .recv = hci_recv_frame   },
1044         { H4_RECV_SCO,    .recv = hci_recv_frame   },
1045         { H4_RECV_EVENT,  .recv = intel_recv_event },
1046         { INTEL_RECV_LPM, .recv = intel_recv_lpm   },
1047 };
1048
1049 static int intel_recv(struct hci_uart *hu, const void *data, int count)
1050 {
1051         struct intel_data *intel = hu->priv;
1052
1053         if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1054                 return -EUNATCH;
1055
1056         intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count,
1057                                     intel_recv_pkts,
1058                                     ARRAY_SIZE(intel_recv_pkts));
1059         if (IS_ERR(intel->rx_skb)) {
1060                 int err = PTR_ERR(intel->rx_skb);
1061                 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1062                 intel->rx_skb = NULL;
1063                 return err;
1064         }
1065
1066         return count;
1067 }
1068
1069 static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
1070 {
1071         struct intel_data *intel = hu->priv;
1072         struct list_head *p;
1073
1074         BT_DBG("hu %p skb %p", hu, skb);
1075
1076         if (!hu->tty->dev)
1077                 goto out_enqueue;
1078
1079         /* Be sure our controller is resumed and potential LPM transaction
1080          * completed before enqueuing any packet.
1081          */
1082         mutex_lock(&intel_device_list_lock);
1083         list_for_each(p, &intel_device_list) {
1084                 struct intel_device *idev = list_entry(p, struct intel_device,
1085                                                        list);
1086
1087                 if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1088                         pm_runtime_get_sync(&idev->pdev->dev);
1089                         pm_runtime_mark_last_busy(&idev->pdev->dev);
1090                         pm_runtime_put_autosuspend(&idev->pdev->dev);
1091                         break;
1092                 }
1093         }
1094         mutex_unlock(&intel_device_list_lock);
1095 out_enqueue:
1096         skb_queue_tail(&intel->txq, skb);
1097
1098         return 0;
1099 }
1100
1101 static struct sk_buff *intel_dequeue(struct hci_uart *hu)
1102 {
1103         struct intel_data *intel = hu->priv;
1104         struct sk_buff *skb;
1105
1106         skb = skb_dequeue(&intel->txq);
1107         if (!skb)
1108                 return skb;
1109
1110         if (test_bit(STATE_BOOTLOADER, &intel->flags) &&
1111             (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT)) {
1112                 struct hci_command_hdr *cmd = (void *)skb->data;
1113                 __u16 opcode = le16_to_cpu(cmd->opcode);
1114
1115                 /* When the 0xfc01 command is issued to boot into
1116                  * the operational firmware, it will actually not
1117                  * send a command complete event. To keep the flow
1118                  * control working inject that event here.
1119                  */
1120                 if (opcode == 0xfc01)
1121                         inject_cmd_complete(hu->hdev, opcode);
1122         }
1123
1124         /* Prepend skb with frame type */
1125         memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
1126
1127         return skb;
1128 }
1129
1130 static const struct hci_uart_proto intel_proto = {
1131         .id             = HCI_UART_INTEL,
1132         .name           = "Intel",
1133         .manufacturer   = 2,
1134         .init_speed     = 115200,
1135         .oper_speed     = 3000000,
1136         .open           = intel_open,
1137         .close          = intel_close,
1138         .flush          = intel_flush,
1139         .setup          = intel_setup,
1140         .set_baudrate   = intel_set_baudrate,
1141         .recv           = intel_recv,
1142         .enqueue        = intel_enqueue,
1143         .dequeue        = intel_dequeue,
1144 };
1145
1146 #ifdef CONFIG_ACPI
1147 static const struct acpi_device_id intel_acpi_match[] = {
1148         { "INT33E1", 0 },
1149         { },
1150 };
1151 MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1152 #endif
1153
1154 #ifdef CONFIG_PM
1155 static int intel_suspend_device(struct device *dev)
1156 {
1157         struct intel_device *idev = dev_get_drvdata(dev);
1158
1159         mutex_lock(&idev->hu_lock);
1160         if (idev->hu)
1161                 intel_lpm_suspend(idev->hu);
1162         mutex_unlock(&idev->hu_lock);
1163
1164         return 0;
1165 }
1166
1167 static int intel_resume_device(struct device *dev)
1168 {
1169         struct intel_device *idev = dev_get_drvdata(dev);
1170
1171         mutex_lock(&idev->hu_lock);
1172         if (idev->hu)
1173                 intel_lpm_resume(idev->hu);
1174         mutex_unlock(&idev->hu_lock);
1175
1176         return 0;
1177 }
1178 #endif
1179
1180 #ifdef CONFIG_PM_SLEEP
1181 static int intel_suspend(struct device *dev)
1182 {
1183         struct intel_device *idev = dev_get_drvdata(dev);
1184
1185         if (device_may_wakeup(dev))
1186                 enable_irq_wake(idev->irq);
1187
1188         return intel_suspend_device(dev);
1189 }
1190
1191 static int intel_resume(struct device *dev)
1192 {
1193         struct intel_device *idev = dev_get_drvdata(dev);
1194
1195         if (device_may_wakeup(dev))
1196                 disable_irq_wake(idev->irq);
1197
1198         return intel_resume_device(dev);
1199 }
1200 #endif
1201
1202 static const struct dev_pm_ops intel_pm_ops = {
1203         SET_SYSTEM_SLEEP_PM_OPS(intel_suspend, intel_resume)
1204         SET_RUNTIME_PM_OPS(intel_suspend_device, intel_resume_device, NULL)
1205 };
1206
1207 static const struct acpi_gpio_params reset_gpios = { 0, 0, false };
1208 static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false };
1209
1210 static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = {
1211         { "reset-gpios", &reset_gpios, 1 },
1212         { "host-wake-gpios", &host_wake_gpios, 1 },
1213         { },
1214 };
1215
1216 static int intel_probe(struct platform_device *pdev)
1217 {
1218         struct intel_device *idev;
1219         int ret;
1220
1221         idev = devm_kzalloc(&pdev->dev, sizeof(*idev), GFP_KERNEL);
1222         if (!idev)
1223                 return -ENOMEM;
1224
1225         mutex_init(&idev->hu_lock);
1226
1227         idev->pdev = pdev;
1228
1229         ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, acpi_hci_intel_gpios);
1230         if (ret)
1231                 dev_dbg(&pdev->dev, "Unable to add GPIO mapping table\n");
1232
1233         idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
1234         if (IS_ERR(idev->reset)) {
1235                 dev_err(&pdev->dev, "Unable to retrieve gpio\n");
1236                 return PTR_ERR(idev->reset);
1237         }
1238
1239         idev->irq = platform_get_irq(pdev, 0);
1240         if (idev->irq < 0) {
1241                 struct gpio_desc *host_wake;
1242
1243                 dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
1244
1245                 host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
1246                 if (IS_ERR(host_wake)) {
1247                         dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
1248                         goto no_irq;
1249                 }
1250
1251                 idev->irq = gpiod_to_irq(host_wake);
1252                 if (idev->irq < 0) {
1253                         dev_err(&pdev->dev, "No corresponding irq for gpio\n");
1254                         goto no_irq;
1255                 }
1256         }
1257
1258         /* Only enable wake-up/irq when controller is powered */
1259         device_set_wakeup_capable(&pdev->dev, true);
1260         device_wakeup_disable(&pdev->dev);
1261
1262 no_irq:
1263         platform_set_drvdata(pdev, idev);
1264
1265         /* Place this instance on the device list */
1266         mutex_lock(&intel_device_list_lock);
1267         list_add_tail(&idev->list, &intel_device_list);
1268         mutex_unlock(&intel_device_list_lock);
1269
1270         dev_info(&pdev->dev, "registered, gpio(%d)/irq(%d).\n",
1271                  desc_to_gpio(idev->reset), idev->irq);
1272
1273         return 0;
1274 }
1275
1276 static int intel_remove(struct platform_device *pdev)
1277 {
1278         struct intel_device *idev = platform_get_drvdata(pdev);
1279
1280         device_wakeup_disable(&pdev->dev);
1281
1282         mutex_lock(&intel_device_list_lock);
1283         list_del(&idev->list);
1284         mutex_unlock(&intel_device_list_lock);
1285
1286         dev_info(&pdev->dev, "unregistered.\n");
1287
1288         return 0;
1289 }
1290
1291 static struct platform_driver intel_driver = {
1292         .probe = intel_probe,
1293         .remove = intel_remove,
1294         .driver = {
1295                 .name = "hci_intel",
1296                 .acpi_match_table = ACPI_PTR(intel_acpi_match),
1297                 .pm = &intel_pm_ops,
1298         },
1299 };
1300
1301 int __init intel_init(void)
1302 {
1303         platform_driver_register(&intel_driver);
1304
1305         return hci_uart_register_proto(&intel_proto);
1306 }
1307
1308 int __exit intel_deinit(void)
1309 {
1310         platform_driver_unregister(&intel_driver);
1311
1312         return hci_uart_unregister_proto(&intel_proto);
1313 }