]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - drivers/bluetooth/hci_qca.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
slip: Fix use-after-free Read in slip_open
[mirror_ubuntu-jammy-kernel.git] / drivers / bluetooth / hci_qca.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Bluetooth Software UART Qualcomm protocol
4 *
5 * HCI_IBS (HCI In-Band Sleep) is Qualcomm's power management
6 * protocol extension to H4.
7 *
8 * Copyright (C) 2007 Texas Instruments, Inc.
9 * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.
10 *
11 * Acknowledgements:
12 * This file is based on hci_ll.c, which was...
13 * Written by Ohad Ben-Cohen <ohad@bencohen.org>
14 * which was in turn based on hci_h4.c, which was written
15 * by Maxim Krasnyansky and Marcel Holtmann.
16 */
17
18 #include <linux/kernel.h>
19 #include <linux/clk.h>
20 #include <linux/completion.h>
21 #include <linux/debugfs.h>
22 #include <linux/delay.h>
23 #include <linux/device.h>
24 #include <linux/gpio/consumer.h>
25 #include <linux/mod_devicetable.h>
26 #include <linux/module.h>
27 #include <linux/of_device.h>
28 #include <linux/platform_device.h>
29 #include <linux/regulator/consumer.h>
30 #include <linux/serdev.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35
36 #include "hci_uart.h"
37 #include "btqca.h"
38
39 /* HCI_IBS protocol messages */
40 #define HCI_IBS_SLEEP_IND 0xFE
41 #define HCI_IBS_WAKE_IND 0xFD
42 #define HCI_IBS_WAKE_ACK 0xFC
43 #define HCI_MAX_IBS_SIZE 10
44
45 #define IBS_WAKE_RETRANS_TIMEOUT_MS 100
46 #define IBS_TX_IDLE_TIMEOUT_MS 2000
47 #define CMD_TRANS_TIMEOUT_MS 100
48
49 /* susclk rate */
50 #define SUSCLK_RATE_32KHZ 32768
51
52 /* Controller debug log header */
53 #define QCA_DEBUG_HANDLE 0x2EDC
54
55 enum qca_flags {
56 QCA_IBS_ENABLED,
57 QCA_DROP_VENDOR_EVENT,
58 };
59
60 /* HCI_IBS transmit side sleep protocol states */
61 enum tx_ibs_states {
62 HCI_IBS_TX_ASLEEP,
63 HCI_IBS_TX_WAKING,
64 HCI_IBS_TX_AWAKE,
65 };
66
67 /* HCI_IBS receive side sleep protocol states */
68 enum rx_states {
69 HCI_IBS_RX_ASLEEP,
70 HCI_IBS_RX_AWAKE,
71 };
72
73 /* HCI_IBS transmit and receive side clock state vote */
74 enum hci_ibs_clock_state_vote {
75 HCI_IBS_VOTE_STATS_UPDATE,
76 HCI_IBS_TX_VOTE_CLOCK_ON,
77 HCI_IBS_TX_VOTE_CLOCK_OFF,
78 HCI_IBS_RX_VOTE_CLOCK_ON,
79 HCI_IBS_RX_VOTE_CLOCK_OFF,
80 };
81
82 struct qca_data {
83 struct hci_uart *hu;
84 struct sk_buff *rx_skb;
85 struct sk_buff_head txq;
86 struct sk_buff_head tx_wait_q; /* HCI_IBS wait queue */
87 spinlock_t hci_ibs_lock; /* HCI_IBS state lock */
88 u8 tx_ibs_state; /* HCI_IBS transmit side power state*/
89 u8 rx_ibs_state; /* HCI_IBS receive side power state */
90 bool tx_vote; /* Clock must be on for TX */
91 bool rx_vote; /* Clock must be on for RX */
92 struct timer_list tx_idle_timer;
93 u32 tx_idle_delay;
94 struct timer_list wake_retrans_timer;
95 u32 wake_retrans;
96 struct workqueue_struct *workqueue;
97 struct work_struct ws_awake_rx;
98 struct work_struct ws_awake_device;
99 struct work_struct ws_rx_vote_off;
100 struct work_struct ws_tx_vote_off;
101 unsigned long flags;
102 struct completion drop_ev_comp;
103
104 /* For debugging purpose */
105 u64 ibs_sent_wacks;
106 u64 ibs_sent_slps;
107 u64 ibs_sent_wakes;
108 u64 ibs_recv_wacks;
109 u64 ibs_recv_slps;
110 u64 ibs_recv_wakes;
111 u64 vote_last_jif;
112 u32 vote_on_ms;
113 u32 vote_off_ms;
114 u64 tx_votes_on;
115 u64 rx_votes_on;
116 u64 tx_votes_off;
117 u64 rx_votes_off;
118 u64 votes_on;
119 u64 votes_off;
120 };
121
122 enum qca_speed_type {
123 QCA_INIT_SPEED = 1,
124 QCA_OPER_SPEED
125 };
126
127 /*
128 * Voltage regulator information required for configuring the
129 * QCA Bluetooth chipset
130 */
131 struct qca_vreg {
132 const char *name;
133 unsigned int min_uV;
134 unsigned int max_uV;
135 unsigned int load_uA;
136 };
137
138 struct qca_vreg_data {
139 enum qca_btsoc_type soc_type;
140 struct qca_vreg *vregs;
141 size_t num_vregs;
142 };
143
144 /*
145 * Platform data for the QCA Bluetooth power driver.
146 */
147 struct qca_power {
148 struct device *dev;
149 const struct qca_vreg_data *vreg_data;
150 struct regulator_bulk_data *vreg_bulk;
151 bool vregs_on;
152 };
153
154 struct qca_serdev {
155 struct hci_uart serdev_hu;
156 struct gpio_desc *bt_en;
157 struct clk *susclk;
158 enum qca_btsoc_type btsoc_type;
159 struct qca_power *bt_power;
160 u32 init_speed;
161 u32 oper_speed;
162 const char *firmware_name;
163 };
164
165 static int qca_power_setup(struct hci_uart *hu, bool on);
166 static void qca_power_shutdown(struct hci_uart *hu);
167 static int qca_power_off(struct hci_dev *hdev);
168
169 static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
170 {
171 enum qca_btsoc_type soc_type;
172
173 if (hu->serdev) {
174 struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
175
176 soc_type = qsd->btsoc_type;
177 } else {
178 soc_type = QCA_ROME;
179 }
180
181 return soc_type;
182 }
183
184 static const char *qca_get_firmware_name(struct hci_uart *hu)
185 {
186 if (hu->serdev) {
187 struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
188
189 return qsd->firmware_name;
190 } else {
191 return NULL;
192 }
193 }
194
195 static void __serial_clock_on(struct tty_struct *tty)
196 {
197 /* TODO: Some chipset requires to enable UART clock on client
198 * side to save power consumption or manual work is required.
199 * Please put your code to control UART clock here if needed
200 */
201 }
202
203 static void __serial_clock_off(struct tty_struct *tty)
204 {
205 /* TODO: Some chipset requires to disable UART clock on client
206 * side to save power consumption or manual work is required.
207 * Please put your code to control UART clock off here if needed
208 */
209 }
210
211 /* serial_clock_vote needs to be called with the ibs lock held */
212 static void serial_clock_vote(unsigned long vote, struct hci_uart *hu)
213 {
214 struct qca_data *qca = hu->priv;
215 unsigned int diff;
216
217 bool old_vote = (qca->tx_vote | qca->rx_vote);
218 bool new_vote;
219
220 switch (vote) {
221 case HCI_IBS_VOTE_STATS_UPDATE:
222 diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
223
224 if (old_vote)
225 qca->vote_off_ms += diff;
226 else
227 qca->vote_on_ms += diff;
228 return;
229
230 case HCI_IBS_TX_VOTE_CLOCK_ON:
231 qca->tx_vote = true;
232 qca->tx_votes_on++;
233 new_vote = true;
234 break;
235
236 case HCI_IBS_RX_VOTE_CLOCK_ON:
237 qca->rx_vote = true;
238 qca->rx_votes_on++;
239 new_vote = true;
240 break;
241
242 case HCI_IBS_TX_VOTE_CLOCK_OFF:
243 qca->tx_vote = false;
244 qca->tx_votes_off++;
245 new_vote = qca->rx_vote | qca->tx_vote;
246 break;
247
248 case HCI_IBS_RX_VOTE_CLOCK_OFF:
249 qca->rx_vote = false;
250 qca->rx_votes_off++;
251 new_vote = qca->rx_vote | qca->tx_vote;
252 break;
253
254 default:
255 BT_ERR("Voting irregularity");
256 return;
257 }
258
259 if (new_vote != old_vote) {
260 if (new_vote)
261 __serial_clock_on(hu->tty);
262 else
263 __serial_clock_off(hu->tty);
264
265 BT_DBG("Vote serial clock %s(%s)", new_vote ? "true" : "false",
266 vote ? "true" : "false");
267
268 diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
269
270 if (new_vote) {
271 qca->votes_on++;
272 qca->vote_off_ms += diff;
273 } else {
274 qca->votes_off++;
275 qca->vote_on_ms += diff;
276 }
277 qca->vote_last_jif = jiffies;
278 }
279 }
280
281 /* Builds and sends an HCI_IBS command packet.
282 * These are very simple packets with only 1 cmd byte.
283 */
284 static int send_hci_ibs_cmd(u8 cmd, struct hci_uart *hu)
285 {
286 int err = 0;
287 struct sk_buff *skb = NULL;
288 struct qca_data *qca = hu->priv;
289
290 BT_DBG("hu %p send hci ibs cmd 0x%x", hu, cmd);
291
292 skb = bt_skb_alloc(1, GFP_ATOMIC);
293 if (!skb) {
294 BT_ERR("Failed to allocate memory for HCI_IBS packet");
295 return -ENOMEM;
296 }
297
298 /* Assign HCI_IBS type */
299 skb_put_u8(skb, cmd);
300
301 skb_queue_tail(&qca->txq, skb);
302
303 return err;
304 }
305
306 static void qca_wq_awake_device(struct work_struct *work)
307 {
308 struct qca_data *qca = container_of(work, struct qca_data,
309 ws_awake_device);
310 struct hci_uart *hu = qca->hu;
311 unsigned long retrans_delay;
312 unsigned long flags;
313
314 BT_DBG("hu %p wq awake device", hu);
315
316 /* Vote for serial clock */
317 serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_ON, hu);
318
319 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
320
321 /* Send wake indication to device */
322 if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0)
323 BT_ERR("Failed to send WAKE to device");
324
325 qca->ibs_sent_wakes++;
326
327 /* Start retransmit timer */
328 retrans_delay = msecs_to_jiffies(qca->wake_retrans);
329 mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
330
331 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
332
333 /* Actually send the packets */
334 hci_uart_tx_wakeup(hu);
335 }
336
337 static void qca_wq_awake_rx(struct work_struct *work)
338 {
339 struct qca_data *qca = container_of(work, struct qca_data,
340 ws_awake_rx);
341 struct hci_uart *hu = qca->hu;
342 unsigned long flags;
343
344 BT_DBG("hu %p wq awake rx", hu);
345
346 serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_ON, hu);
347
348 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
349 qca->rx_ibs_state = HCI_IBS_RX_AWAKE;
350
351 /* Always acknowledge device wake up,
352 * sending IBS message doesn't count as TX ON.
353 */
354 if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0)
355 BT_ERR("Failed to acknowledge device wake up");
356
357 qca->ibs_sent_wacks++;
358
359 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
360
361 /* Actually send the packets */
362 hci_uart_tx_wakeup(hu);
363 }
364
365 static void qca_wq_serial_rx_clock_vote_off(struct work_struct *work)
366 {
367 struct qca_data *qca = container_of(work, struct qca_data,
368 ws_rx_vote_off);
369 struct hci_uart *hu = qca->hu;
370
371 BT_DBG("hu %p rx clock vote off", hu);
372
373 serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_OFF, hu);
374 }
375
376 static void qca_wq_serial_tx_clock_vote_off(struct work_struct *work)
377 {
378 struct qca_data *qca = container_of(work, struct qca_data,
379 ws_tx_vote_off);
380 struct hci_uart *hu = qca->hu;
381
382 BT_DBG("hu %p tx clock vote off", hu);
383
384 /* Run HCI tx handling unlocked */
385 hci_uart_tx_wakeup(hu);
386
387 /* Now that message queued to tty driver, vote for tty clocks off.
388 * It is up to the tty driver to pend the clocks off until tx done.
389 */
390 serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu);
391 }
392
393 static void hci_ibs_tx_idle_timeout(struct timer_list *t)
394 {
395 struct qca_data *qca = from_timer(qca, t, tx_idle_timer);
396 struct hci_uart *hu = qca->hu;
397 unsigned long flags;
398
399 BT_DBG("hu %p idle timeout in %d state", hu, qca->tx_ibs_state);
400
401 spin_lock_irqsave_nested(&qca->hci_ibs_lock,
402 flags, SINGLE_DEPTH_NESTING);
403
404 switch (qca->tx_ibs_state) {
405 case HCI_IBS_TX_AWAKE:
406 /* TX_IDLE, go to SLEEP */
407 if (send_hci_ibs_cmd(HCI_IBS_SLEEP_IND, hu) < 0) {
408 BT_ERR("Failed to send SLEEP to device");
409 break;
410 }
411 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
412 qca->ibs_sent_slps++;
413 queue_work(qca->workqueue, &qca->ws_tx_vote_off);
414 break;
415
416 case HCI_IBS_TX_ASLEEP:
417 case HCI_IBS_TX_WAKING:
418 /* Fall through */
419
420 default:
421 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
422 break;
423 }
424
425 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
426 }
427
428 static void hci_ibs_wake_retrans_timeout(struct timer_list *t)
429 {
430 struct qca_data *qca = from_timer(qca, t, wake_retrans_timer);
431 struct hci_uart *hu = qca->hu;
432 unsigned long flags, retrans_delay;
433 bool retransmit = false;
434
435 BT_DBG("hu %p wake retransmit timeout in %d state",
436 hu, qca->tx_ibs_state);
437
438 spin_lock_irqsave_nested(&qca->hci_ibs_lock,
439 flags, SINGLE_DEPTH_NESTING);
440
441 switch (qca->tx_ibs_state) {
442 case HCI_IBS_TX_WAKING:
443 /* No WAKE_ACK, retransmit WAKE */
444 retransmit = true;
445 if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0) {
446 BT_ERR("Failed to acknowledge device wake up");
447 break;
448 }
449 qca->ibs_sent_wakes++;
450 retrans_delay = msecs_to_jiffies(qca->wake_retrans);
451 mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
452 break;
453
454 case HCI_IBS_TX_ASLEEP:
455 case HCI_IBS_TX_AWAKE:
456 /* Fall through */
457
458 default:
459 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
460 break;
461 }
462
463 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
464
465 if (retransmit)
466 hci_uart_tx_wakeup(hu);
467 }
468
469 /* Initialize protocol */
470 static int qca_open(struct hci_uart *hu)
471 {
472 struct qca_serdev *qcadev;
473 struct qca_data *qca;
474 int ret;
475
476 BT_DBG("hu %p qca_open", hu);
477
478 if (!hci_uart_has_flow_control(hu))
479 return -EOPNOTSUPP;
480
481 qca = kzalloc(sizeof(struct qca_data), GFP_KERNEL);
482 if (!qca)
483 return -ENOMEM;
484
485 skb_queue_head_init(&qca->txq);
486 skb_queue_head_init(&qca->tx_wait_q);
487 spin_lock_init(&qca->hci_ibs_lock);
488 qca->workqueue = alloc_ordered_workqueue("qca_wq", 0);
489 if (!qca->workqueue) {
490 BT_ERR("QCA Workqueue not initialized properly");
491 kfree(qca);
492 return -ENOMEM;
493 }
494
495 INIT_WORK(&qca->ws_awake_rx, qca_wq_awake_rx);
496 INIT_WORK(&qca->ws_awake_device, qca_wq_awake_device);
497 INIT_WORK(&qca->ws_rx_vote_off, qca_wq_serial_rx_clock_vote_off);
498 INIT_WORK(&qca->ws_tx_vote_off, qca_wq_serial_tx_clock_vote_off);
499
500 qca->hu = hu;
501 init_completion(&qca->drop_ev_comp);
502
503 /* Assume we start with both sides asleep -- extra wakes OK */
504 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
505 qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
506
507 qca->vote_last_jif = jiffies;
508
509 hu->priv = qca;
510
511 if (hu->serdev) {
512
513 qcadev = serdev_device_get_drvdata(hu->serdev);
514 if (!qca_is_wcn399x(qcadev->btsoc_type)) {
515 gpiod_set_value_cansleep(qcadev->bt_en, 1);
516 /* Controller needs time to bootup. */
517 msleep(150);
518 } else {
519 hu->init_speed = qcadev->init_speed;
520 hu->oper_speed = qcadev->oper_speed;
521 ret = qca_power_setup(hu, true);
522 if (ret) {
523 destroy_workqueue(qca->workqueue);
524 kfree_skb(qca->rx_skb);
525 hu->priv = NULL;
526 kfree(qca);
527 return ret;
528 }
529 }
530 }
531
532 timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0);
533 qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS;
534
535 timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0);
536 qca->tx_idle_delay = IBS_TX_IDLE_TIMEOUT_MS;
537
538 BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u",
539 qca->tx_idle_delay, qca->wake_retrans);
540
541 return 0;
542 }
543
544 static void qca_debugfs_init(struct hci_dev *hdev)
545 {
546 struct hci_uart *hu = hci_get_drvdata(hdev);
547 struct qca_data *qca = hu->priv;
548 struct dentry *ibs_dir;
549 umode_t mode;
550
551 if (!hdev->debugfs)
552 return;
553
554 ibs_dir = debugfs_create_dir("ibs", hdev->debugfs);
555
556 /* read only */
557 mode = S_IRUGO;
558 debugfs_create_u8("tx_ibs_state", mode, ibs_dir, &qca->tx_ibs_state);
559 debugfs_create_u8("rx_ibs_state", mode, ibs_dir, &qca->rx_ibs_state);
560 debugfs_create_u64("ibs_sent_sleeps", mode, ibs_dir,
561 &qca->ibs_sent_slps);
562 debugfs_create_u64("ibs_sent_wakes", mode, ibs_dir,
563 &qca->ibs_sent_wakes);
564 debugfs_create_u64("ibs_sent_wake_acks", mode, ibs_dir,
565 &qca->ibs_sent_wacks);
566 debugfs_create_u64("ibs_recv_sleeps", mode, ibs_dir,
567 &qca->ibs_recv_slps);
568 debugfs_create_u64("ibs_recv_wakes", mode, ibs_dir,
569 &qca->ibs_recv_wakes);
570 debugfs_create_u64("ibs_recv_wake_acks", mode, ibs_dir,
571 &qca->ibs_recv_wacks);
572 debugfs_create_bool("tx_vote", mode, ibs_dir, &qca->tx_vote);
573 debugfs_create_u64("tx_votes_on", mode, ibs_dir, &qca->tx_votes_on);
574 debugfs_create_u64("tx_votes_off", mode, ibs_dir, &qca->tx_votes_off);
575 debugfs_create_bool("rx_vote", mode, ibs_dir, &qca->rx_vote);
576 debugfs_create_u64("rx_votes_on", mode, ibs_dir, &qca->rx_votes_on);
577 debugfs_create_u64("rx_votes_off", mode, ibs_dir, &qca->rx_votes_off);
578 debugfs_create_u64("votes_on", mode, ibs_dir, &qca->votes_on);
579 debugfs_create_u64("votes_off", mode, ibs_dir, &qca->votes_off);
580 debugfs_create_u32("vote_on_ms", mode, ibs_dir, &qca->vote_on_ms);
581 debugfs_create_u32("vote_off_ms", mode, ibs_dir, &qca->vote_off_ms);
582
583 /* read/write */
584 mode = S_IRUGO | S_IWUSR;
585 debugfs_create_u32("wake_retrans", mode, ibs_dir, &qca->wake_retrans);
586 debugfs_create_u32("tx_idle_delay", mode, ibs_dir,
587 &qca->tx_idle_delay);
588 }
589
590 /* Flush protocol data */
591 static int qca_flush(struct hci_uart *hu)
592 {
593 struct qca_data *qca = hu->priv;
594
595 BT_DBG("hu %p qca flush", hu);
596
597 skb_queue_purge(&qca->tx_wait_q);
598 skb_queue_purge(&qca->txq);
599
600 return 0;
601 }
602
603 /* Close protocol */
604 static int qca_close(struct hci_uart *hu)
605 {
606 struct qca_serdev *qcadev;
607 struct qca_data *qca = hu->priv;
608
609 BT_DBG("hu %p qca close", hu);
610
611 serial_clock_vote(HCI_IBS_VOTE_STATS_UPDATE, hu);
612
613 skb_queue_purge(&qca->tx_wait_q);
614 skb_queue_purge(&qca->txq);
615 del_timer(&qca->tx_idle_timer);
616 del_timer(&qca->wake_retrans_timer);
617 destroy_workqueue(qca->workqueue);
618 qca->hu = NULL;
619
620 if (hu->serdev) {
621 qcadev = serdev_device_get_drvdata(hu->serdev);
622 if (qca_is_wcn399x(qcadev->btsoc_type))
623 qca_power_shutdown(hu);
624 else
625 gpiod_set_value_cansleep(qcadev->bt_en, 0);
626
627 }
628
629 kfree_skb(qca->rx_skb);
630
631 hu->priv = NULL;
632
633 kfree(qca);
634
635 return 0;
636 }
637
638 /* Called upon a wake-up-indication from the device.
639 */
640 static void device_want_to_wakeup(struct hci_uart *hu)
641 {
642 unsigned long flags;
643 struct qca_data *qca = hu->priv;
644
645 BT_DBG("hu %p want to wake up", hu);
646
647 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
648
649 qca->ibs_recv_wakes++;
650
651 switch (qca->rx_ibs_state) {
652 case HCI_IBS_RX_ASLEEP:
653 /* Make sure clock is on - we may have turned clock off since
654 * receiving the wake up indicator awake rx clock.
655 */
656 queue_work(qca->workqueue, &qca->ws_awake_rx);
657 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
658 return;
659
660 case HCI_IBS_RX_AWAKE:
661 /* Always acknowledge device wake up,
662 * sending IBS message doesn't count as TX ON.
663 */
664 if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0) {
665 BT_ERR("Failed to acknowledge device wake up");
666 break;
667 }
668 qca->ibs_sent_wacks++;
669 break;
670
671 default:
672 /* Any other state is illegal */
673 BT_ERR("Received HCI_IBS_WAKE_IND in rx state %d",
674 qca->rx_ibs_state);
675 break;
676 }
677
678 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
679
680 /* Actually send the packets */
681 hci_uart_tx_wakeup(hu);
682 }
683
684 /* Called upon a sleep-indication from the device.
685 */
686 static void device_want_to_sleep(struct hci_uart *hu)
687 {
688 unsigned long flags;
689 struct qca_data *qca = hu->priv;
690
691 BT_DBG("hu %p want to sleep in %d state", hu, qca->rx_ibs_state);
692
693 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
694
695 qca->ibs_recv_slps++;
696
697 switch (qca->rx_ibs_state) {
698 case HCI_IBS_RX_AWAKE:
699 /* Update state */
700 qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
701 /* Vote off rx clock under workqueue */
702 queue_work(qca->workqueue, &qca->ws_rx_vote_off);
703 break;
704
705 case HCI_IBS_RX_ASLEEP:
706 break;
707
708 default:
709 /* Any other state is illegal */
710 BT_ERR("Received HCI_IBS_SLEEP_IND in rx state %d",
711 qca->rx_ibs_state);
712 break;
713 }
714
715 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
716 }
717
718 /* Called upon wake-up-acknowledgement from the device
719 */
720 static void device_woke_up(struct hci_uart *hu)
721 {
722 unsigned long flags, idle_delay;
723 struct qca_data *qca = hu->priv;
724 struct sk_buff *skb = NULL;
725
726 BT_DBG("hu %p woke up", hu);
727
728 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
729
730 qca->ibs_recv_wacks++;
731
732 switch (qca->tx_ibs_state) {
733 case HCI_IBS_TX_AWAKE:
734 /* Expect one if we send 2 WAKEs */
735 BT_DBG("Received HCI_IBS_WAKE_ACK in tx state %d",
736 qca->tx_ibs_state);
737 break;
738
739 case HCI_IBS_TX_WAKING:
740 /* Send pending packets */
741 while ((skb = skb_dequeue(&qca->tx_wait_q)))
742 skb_queue_tail(&qca->txq, skb);
743
744 /* Switch timers and change state to HCI_IBS_TX_AWAKE */
745 del_timer(&qca->wake_retrans_timer);
746 idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
747 mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
748 qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
749 break;
750
751 case HCI_IBS_TX_ASLEEP:
752 /* Fall through */
753
754 default:
755 BT_ERR("Received HCI_IBS_WAKE_ACK in tx state %d",
756 qca->tx_ibs_state);
757 break;
758 }
759
760 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
761
762 /* Actually send the packets */
763 hci_uart_tx_wakeup(hu);
764 }
765
766 /* Enqueue frame for transmittion (padding, crc, etc) may be called from
767 * two simultaneous tasklets.
768 */
769 static int qca_enqueue(struct hci_uart *hu, struct sk_buff *skb)
770 {
771 unsigned long flags = 0, idle_delay;
772 struct qca_data *qca = hu->priv;
773
774 BT_DBG("hu %p qca enq skb %p tx_ibs_state %d", hu, skb,
775 qca->tx_ibs_state);
776
777 /* Prepend skb with frame type */
778 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
779
780 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
781
782 /* Don't go to sleep in middle of patch download or
783 * Out-Of-Band(GPIOs control) sleep is selected.
784 */
785 if (!test_bit(QCA_IBS_ENABLED, &qca->flags)) {
786 skb_queue_tail(&qca->txq, skb);
787 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
788 return 0;
789 }
790
791 /* Act according to current state */
792 switch (qca->tx_ibs_state) {
793 case HCI_IBS_TX_AWAKE:
794 BT_DBG("Device awake, sending normally");
795 skb_queue_tail(&qca->txq, skb);
796 idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
797 mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
798 break;
799
800 case HCI_IBS_TX_ASLEEP:
801 BT_DBG("Device asleep, waking up and queueing packet");
802 /* Save packet for later */
803 skb_queue_tail(&qca->tx_wait_q, skb);
804
805 qca->tx_ibs_state = HCI_IBS_TX_WAKING;
806 /* Schedule a work queue to wake up device */
807 queue_work(qca->workqueue, &qca->ws_awake_device);
808 break;
809
810 case HCI_IBS_TX_WAKING:
811 BT_DBG("Device waking up, queueing packet");
812 /* Transient state; just keep packet for later */
813 skb_queue_tail(&qca->tx_wait_q, skb);
814 break;
815
816 default:
817 BT_ERR("Illegal tx state: %d (losing packet)",
818 qca->tx_ibs_state);
819 kfree_skb(skb);
820 break;
821 }
822
823 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
824
825 return 0;
826 }
827
828 static int qca_ibs_sleep_ind(struct hci_dev *hdev, struct sk_buff *skb)
829 {
830 struct hci_uart *hu = hci_get_drvdata(hdev);
831
832 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_SLEEP_IND);
833
834 device_want_to_sleep(hu);
835
836 kfree_skb(skb);
837 return 0;
838 }
839
840 static int qca_ibs_wake_ind(struct hci_dev *hdev, struct sk_buff *skb)
841 {
842 struct hci_uart *hu = hci_get_drvdata(hdev);
843
844 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_IND);
845
846 device_want_to_wakeup(hu);
847
848 kfree_skb(skb);
849 return 0;
850 }
851
852 static int qca_ibs_wake_ack(struct hci_dev *hdev, struct sk_buff *skb)
853 {
854 struct hci_uart *hu = hci_get_drvdata(hdev);
855
856 BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_ACK);
857
858 device_woke_up(hu);
859
860 kfree_skb(skb);
861 return 0;
862 }
863
864 static int qca_recv_acl_data(struct hci_dev *hdev, struct sk_buff *skb)
865 {
866 /* We receive debug logs from chip as an ACL packets.
867 * Instead of sending the data to ACL to decode the
868 * received data, we are pushing them to the above layers
869 * as a diagnostic packet.
870 */
871 if (get_unaligned_le16(skb->data) == QCA_DEBUG_HANDLE)
872 return hci_recv_diag(hdev, skb);
873
874 return hci_recv_frame(hdev, skb);
875 }
876
877 static int qca_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
878 {
879 struct hci_uart *hu = hci_get_drvdata(hdev);
880 struct qca_data *qca = hu->priv;
881
882 if (test_bit(QCA_DROP_VENDOR_EVENT, &qca->flags)) {
883 struct hci_event_hdr *hdr = (void *)skb->data;
884
885 /* For the WCN3990 the vendor command for a baudrate change
886 * isn't sent as synchronous HCI command, because the
887 * controller sends the corresponding vendor event with the
888 * new baudrate. The event is received and properly decoded
889 * after changing the baudrate of the host port. It needs to
890 * be dropped, otherwise it can be misinterpreted as
891 * response to a later firmware download command (also a
892 * vendor command).
893 */
894
895 if (hdr->evt == HCI_EV_VENDOR)
896 complete(&qca->drop_ev_comp);
897
898 kfree_skb(skb);
899
900 return 0;
901 }
902
903 return hci_recv_frame(hdev, skb);
904 }
905
906 #define QCA_IBS_SLEEP_IND_EVENT \
907 .type = HCI_IBS_SLEEP_IND, \
908 .hlen = 0, \
909 .loff = 0, \
910 .lsize = 0, \
911 .maxlen = HCI_MAX_IBS_SIZE
912
913 #define QCA_IBS_WAKE_IND_EVENT \
914 .type = HCI_IBS_WAKE_IND, \
915 .hlen = 0, \
916 .loff = 0, \
917 .lsize = 0, \
918 .maxlen = HCI_MAX_IBS_SIZE
919
920 #define QCA_IBS_WAKE_ACK_EVENT \
921 .type = HCI_IBS_WAKE_ACK, \
922 .hlen = 0, \
923 .loff = 0, \
924 .lsize = 0, \
925 .maxlen = HCI_MAX_IBS_SIZE
926
927 static const struct h4_recv_pkt qca_recv_pkts[] = {
928 { H4_RECV_ACL, .recv = qca_recv_acl_data },
929 { H4_RECV_SCO, .recv = hci_recv_frame },
930 { H4_RECV_EVENT, .recv = qca_recv_event },
931 { QCA_IBS_WAKE_IND_EVENT, .recv = qca_ibs_wake_ind },
932 { QCA_IBS_WAKE_ACK_EVENT, .recv = qca_ibs_wake_ack },
933 { QCA_IBS_SLEEP_IND_EVENT, .recv = qca_ibs_sleep_ind },
934 };
935
936 static int qca_recv(struct hci_uart *hu, const void *data, int count)
937 {
938 struct qca_data *qca = hu->priv;
939
940 if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
941 return -EUNATCH;
942
943 qca->rx_skb = h4_recv_buf(hu->hdev, qca->rx_skb, data, count,
944 qca_recv_pkts, ARRAY_SIZE(qca_recv_pkts));
945 if (IS_ERR(qca->rx_skb)) {
946 int err = PTR_ERR(qca->rx_skb);
947 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
948 qca->rx_skb = NULL;
949 return err;
950 }
951
952 return count;
953 }
954
955 static struct sk_buff *qca_dequeue(struct hci_uart *hu)
956 {
957 struct qca_data *qca = hu->priv;
958
959 return skb_dequeue(&qca->txq);
960 }
961
962 static uint8_t qca_get_baudrate_value(int speed)
963 {
964 switch (speed) {
965 case 9600:
966 return QCA_BAUDRATE_9600;
967 case 19200:
968 return QCA_BAUDRATE_19200;
969 case 38400:
970 return QCA_BAUDRATE_38400;
971 case 57600:
972 return QCA_BAUDRATE_57600;
973 case 115200:
974 return QCA_BAUDRATE_115200;
975 case 230400:
976 return QCA_BAUDRATE_230400;
977 case 460800:
978 return QCA_BAUDRATE_460800;
979 case 500000:
980 return QCA_BAUDRATE_500000;
981 case 921600:
982 return QCA_BAUDRATE_921600;
983 case 1000000:
984 return QCA_BAUDRATE_1000000;
985 case 2000000:
986 return QCA_BAUDRATE_2000000;
987 case 3000000:
988 return QCA_BAUDRATE_3000000;
989 case 3200000:
990 return QCA_BAUDRATE_3200000;
991 case 3500000:
992 return QCA_BAUDRATE_3500000;
993 default:
994 return QCA_BAUDRATE_115200;
995 }
996 }
997
998 static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
999 {
1000 struct hci_uart *hu = hci_get_drvdata(hdev);
1001 struct qca_data *qca = hu->priv;
1002 struct sk_buff *skb;
1003 u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 };
1004
1005 if (baudrate > QCA_BAUDRATE_3200000)
1006 return -EINVAL;
1007
1008 cmd[4] = baudrate;
1009
1010 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1011 if (!skb) {
1012 bt_dev_err(hdev, "Failed to allocate baudrate packet");
1013 return -ENOMEM;
1014 }
1015
1016 /* Assign commands to change baudrate and packet type. */
1017 skb_put_data(skb, cmd, sizeof(cmd));
1018 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1019
1020 skb_queue_tail(&qca->txq, skb);
1021 hci_uart_tx_wakeup(hu);
1022
1023 /* Wait for the baudrate change request to be sent */
1024
1025 while (!skb_queue_empty(&qca->txq))
1026 usleep_range(100, 200);
1027
1028 if (hu->serdev)
1029 serdev_device_wait_until_sent(hu->serdev,
1030 msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
1031
1032 /* Give the controller time to process the request */
1033 if (qca_is_wcn399x(qca_soc_type(hu)))
1034 msleep(10);
1035 else
1036 msleep(300);
1037
1038 return 0;
1039 }
1040
1041 static inline void host_set_baudrate(struct hci_uart *hu, unsigned int speed)
1042 {
1043 if (hu->serdev)
1044 serdev_device_set_baudrate(hu->serdev, speed);
1045 else
1046 hci_uart_set_baudrate(hu, speed);
1047 }
1048
1049 static int qca_send_power_pulse(struct hci_uart *hu, bool on)
1050 {
1051 int ret;
1052 int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS);
1053 u8 cmd = on ? QCA_WCN3990_POWERON_PULSE : QCA_WCN3990_POWEROFF_PULSE;
1054
1055 /* These power pulses are single byte command which are sent
1056 * at required baudrate to wcn3990. On wcn3990, we have an external
1057 * circuit at Tx pin which decodes the pulse sent at specific baudrate.
1058 * For example, wcn3990 supports RF COEX antenna for both Wi-Fi/BT
1059 * and also we use the same power inputs to turn on and off for
1060 * Wi-Fi/BT. Powering up the power sources will not enable BT, until
1061 * we send a power on pulse at 115200 bps. This algorithm will help to
1062 * save power. Disabling hardware flow control is mandatory while
1063 * sending power pulses to SoC.
1064 */
1065 bt_dev_dbg(hu->hdev, "sending power pulse %02x to controller", cmd);
1066
1067 serdev_device_write_flush(hu->serdev);
1068 hci_uart_set_flow_control(hu, true);
1069 ret = serdev_device_write_buf(hu->serdev, &cmd, sizeof(cmd));
1070 if (ret < 0) {
1071 bt_dev_err(hu->hdev, "failed to send power pulse %02x", cmd);
1072 return ret;
1073 }
1074
1075 serdev_device_wait_until_sent(hu->serdev, timeout);
1076 hci_uart_set_flow_control(hu, false);
1077
1078 /* Give to controller time to boot/shutdown */
1079 if (on)
1080 msleep(100);
1081 else
1082 msleep(10);
1083
1084 return 0;
1085 }
1086
1087 static unsigned int qca_get_speed(struct hci_uart *hu,
1088 enum qca_speed_type speed_type)
1089 {
1090 unsigned int speed = 0;
1091
1092 if (speed_type == QCA_INIT_SPEED) {
1093 if (hu->init_speed)
1094 speed = hu->init_speed;
1095 else if (hu->proto->init_speed)
1096 speed = hu->proto->init_speed;
1097 } else {
1098 if (hu->oper_speed)
1099 speed = hu->oper_speed;
1100 else if (hu->proto->oper_speed)
1101 speed = hu->proto->oper_speed;
1102 }
1103
1104 return speed;
1105 }
1106
1107 static int qca_check_speeds(struct hci_uart *hu)
1108 {
1109 if (qca_is_wcn399x(qca_soc_type(hu))) {
1110 if (!qca_get_speed(hu, QCA_INIT_SPEED) &&
1111 !qca_get_speed(hu, QCA_OPER_SPEED))
1112 return -EINVAL;
1113 } else {
1114 if (!qca_get_speed(hu, QCA_INIT_SPEED) ||
1115 !qca_get_speed(hu, QCA_OPER_SPEED))
1116 return -EINVAL;
1117 }
1118
1119 return 0;
1120 }
1121
1122 static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
1123 {
1124 unsigned int speed, qca_baudrate;
1125 struct qca_data *qca = hu->priv;
1126 int ret = 0;
1127
1128 if (speed_type == QCA_INIT_SPEED) {
1129 speed = qca_get_speed(hu, QCA_INIT_SPEED);
1130 if (speed)
1131 host_set_baudrate(hu, speed);
1132 } else {
1133 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1134
1135 speed = qca_get_speed(hu, QCA_OPER_SPEED);
1136 if (!speed)
1137 return 0;
1138
1139 /* Disable flow control for wcn3990 to deassert RTS while
1140 * changing the baudrate of chip and host.
1141 */
1142 if (qca_is_wcn399x(soc_type))
1143 hci_uart_set_flow_control(hu, true);
1144
1145 if (soc_type == QCA_WCN3990) {
1146 reinit_completion(&qca->drop_ev_comp);
1147 set_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1148 }
1149
1150 qca_baudrate = qca_get_baudrate_value(speed);
1151 bt_dev_dbg(hu->hdev, "Set UART speed to %d", speed);
1152 ret = qca_set_baudrate(hu->hdev, qca_baudrate);
1153 if (ret)
1154 goto error;
1155
1156 host_set_baudrate(hu, speed);
1157
1158 error:
1159 if (qca_is_wcn399x(soc_type))
1160 hci_uart_set_flow_control(hu, false);
1161
1162 if (soc_type == QCA_WCN3990) {
1163 /* Wait for the controller to send the vendor event
1164 * for the baudrate change command.
1165 */
1166 if (!wait_for_completion_timeout(&qca->drop_ev_comp,
1167 msecs_to_jiffies(100))) {
1168 bt_dev_err(hu->hdev,
1169 "Failed to change controller baudrate\n");
1170 ret = -ETIMEDOUT;
1171 }
1172
1173 clear_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1174 }
1175 }
1176
1177 return ret;
1178 }
1179
1180 static int qca_wcn3990_init(struct hci_uart *hu)
1181 {
1182 struct qca_serdev *qcadev;
1183 int ret;
1184
1185 /* Check for vregs status, may be hci down has turned
1186 * off the voltage regulator.
1187 */
1188 qcadev = serdev_device_get_drvdata(hu->serdev);
1189 if (!qcadev->bt_power->vregs_on) {
1190 serdev_device_close(hu->serdev);
1191 ret = qca_power_setup(hu, true);
1192 if (ret)
1193 return ret;
1194
1195 ret = serdev_device_open(hu->serdev);
1196 if (ret) {
1197 bt_dev_err(hu->hdev, "failed to open port");
1198 return ret;
1199 }
1200 }
1201
1202 /* Forcefully enable wcn3990 to enter in to boot mode. */
1203 host_set_baudrate(hu, 2400);
1204 ret = qca_send_power_pulse(hu, false);
1205 if (ret)
1206 return ret;
1207
1208 qca_set_speed(hu, QCA_INIT_SPEED);
1209 ret = qca_send_power_pulse(hu, true);
1210 if (ret)
1211 return ret;
1212
1213 /* Now the device is in ready state to communicate with host.
1214 * To sync host with device we need to reopen port.
1215 * Without this, we will have RTS and CTS synchronization
1216 * issues.
1217 */
1218 serdev_device_close(hu->serdev);
1219 ret = serdev_device_open(hu->serdev);
1220 if (ret) {
1221 bt_dev_err(hu->hdev, "failed to open port");
1222 return ret;
1223 }
1224
1225 hci_uart_set_flow_control(hu, false);
1226
1227 return 0;
1228 }
1229
1230 static int qca_setup(struct hci_uart *hu)
1231 {
1232 struct hci_dev *hdev = hu->hdev;
1233 struct qca_data *qca = hu->priv;
1234 unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200;
1235 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1236 const char *firmware_name = qca_get_firmware_name(hu);
1237 int ret;
1238 int soc_ver = 0;
1239
1240 ret = qca_check_speeds(hu);
1241 if (ret)
1242 return ret;
1243
1244 /* Patch downloading has to be done without IBS mode */
1245 clear_bit(QCA_IBS_ENABLED, &qca->flags);
1246
1247 /* Enable controller to do both LE scan and BR/EDR inquiry
1248 * simultaneously.
1249 */
1250 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1251
1252 if (qca_is_wcn399x(soc_type)) {
1253 bt_dev_info(hdev, "setting up wcn3990");
1254
1255 /* Enable NON_PERSISTENT_SETUP QUIRK to ensure to execute
1256 * setup for every hci up.
1257 */
1258 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
1259 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
1260 hu->hdev->shutdown = qca_power_off;
1261 ret = qca_wcn3990_init(hu);
1262 if (ret)
1263 return ret;
1264
1265 ret = qca_read_soc_version(hdev, &soc_ver);
1266 if (ret)
1267 return ret;
1268 } else {
1269 bt_dev_info(hdev, "ROME setup");
1270 qca_set_speed(hu, QCA_INIT_SPEED);
1271 }
1272
1273 /* Setup user speed if needed */
1274 speed = qca_get_speed(hu, QCA_OPER_SPEED);
1275 if (speed) {
1276 ret = qca_set_speed(hu, QCA_OPER_SPEED);
1277 if (ret)
1278 return ret;
1279
1280 qca_baudrate = qca_get_baudrate_value(speed);
1281 }
1282
1283 if (!qca_is_wcn399x(soc_type)) {
1284 /* Get QCA version information */
1285 ret = qca_read_soc_version(hdev, &soc_ver);
1286 if (ret)
1287 return ret;
1288 }
1289
1290 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
1291 /* Setup patch / NVM configurations */
1292 ret = qca_uart_setup(hdev, qca_baudrate, soc_type, soc_ver,
1293 firmware_name);
1294 if (!ret) {
1295 set_bit(QCA_IBS_ENABLED, &qca->flags);
1296 qca_debugfs_init(hdev);
1297 } else if (ret == -ENOENT) {
1298 /* No patch/nvm-config found, run with original fw/config */
1299 ret = 0;
1300 } else if (ret == -EAGAIN) {
1301 /*
1302 * Userspace firmware loader will return -EAGAIN in case no
1303 * patch/nvm-config is found, so run with original fw/config.
1304 */
1305 ret = 0;
1306 }
1307
1308 /* Setup bdaddr */
1309 if (qca_is_wcn399x(soc_type))
1310 hu->hdev->set_bdaddr = qca_set_bdaddr;
1311 else
1312 hu->hdev->set_bdaddr = qca_set_bdaddr_rome;
1313
1314 return ret;
1315 }
1316
1317 static const struct hci_uart_proto qca_proto = {
1318 .id = HCI_UART_QCA,
1319 .name = "QCA",
1320 .manufacturer = 29,
1321 .init_speed = 115200,
1322 .oper_speed = 3000000,
1323 .open = qca_open,
1324 .close = qca_close,
1325 .flush = qca_flush,
1326 .setup = qca_setup,
1327 .recv = qca_recv,
1328 .enqueue = qca_enqueue,
1329 .dequeue = qca_dequeue,
1330 };
1331
1332 static const struct qca_vreg_data qca_soc_data_wcn3990 = {
1333 .soc_type = QCA_WCN3990,
1334 .vregs = (struct qca_vreg []) {
1335 { "vddio", 1800000, 1900000, 15000 },
1336 { "vddxo", 1800000, 1900000, 80000 },
1337 { "vddrf", 1300000, 1350000, 300000 },
1338 { "vddch0", 3300000, 3400000, 450000 },
1339 },
1340 .num_vregs = 4,
1341 };
1342
1343 static const struct qca_vreg_data qca_soc_data_wcn3998 = {
1344 .soc_type = QCA_WCN3998,
1345 .vregs = (struct qca_vreg []) {
1346 { "vddio", 1800000, 1900000, 10000 },
1347 { "vddxo", 1800000, 1900000, 80000 },
1348 { "vddrf", 1300000, 1352000, 300000 },
1349 { "vddch0", 3300000, 3300000, 450000 },
1350 },
1351 .num_vregs = 4,
1352 };
1353
1354 static void qca_power_shutdown(struct hci_uart *hu)
1355 {
1356 struct qca_data *qca = hu->priv;
1357 unsigned long flags;
1358
1359 /* From this point we go into power off state. But serial port is
1360 * still open, stop queueing the IBS data and flush all the buffered
1361 * data in skb's.
1362 */
1363 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
1364 clear_bit(QCA_IBS_ENABLED, &qca->flags);
1365 qca_flush(hu);
1366 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
1367
1368 host_set_baudrate(hu, 2400);
1369 qca_send_power_pulse(hu, false);
1370 qca_power_setup(hu, false);
1371 }
1372
1373 static int qca_power_off(struct hci_dev *hdev)
1374 {
1375 struct hci_uart *hu = hci_get_drvdata(hdev);
1376
1377 /* Perform pre shutdown command */
1378 qca_send_pre_shutdown_cmd(hdev);
1379
1380 usleep_range(8000, 10000);
1381
1382 qca_power_shutdown(hu);
1383 return 0;
1384 }
1385
1386 static int qca_enable_regulator(struct qca_vreg vregs,
1387 struct regulator *regulator)
1388 {
1389 int ret;
1390
1391 ret = regulator_set_voltage(regulator, vregs.min_uV,
1392 vregs.max_uV);
1393 if (ret)
1394 return ret;
1395
1396 if (vregs.load_uA)
1397 ret = regulator_set_load(regulator,
1398 vregs.load_uA);
1399
1400 if (ret)
1401 return ret;
1402
1403 return regulator_enable(regulator);
1404
1405 }
1406
1407 static void qca_disable_regulator(struct qca_vreg vregs,
1408 struct regulator *regulator)
1409 {
1410 regulator_disable(regulator);
1411 regulator_set_voltage(regulator, 0, vregs.max_uV);
1412 if (vregs.load_uA)
1413 regulator_set_load(regulator, 0);
1414
1415 }
1416
1417 static int qca_power_setup(struct hci_uart *hu, bool on)
1418 {
1419 struct qca_vreg *vregs;
1420 struct regulator_bulk_data *vreg_bulk;
1421 struct qca_serdev *qcadev;
1422 int i, num_vregs, ret = 0;
1423
1424 qcadev = serdev_device_get_drvdata(hu->serdev);
1425 if (!qcadev || !qcadev->bt_power || !qcadev->bt_power->vreg_data ||
1426 !qcadev->bt_power->vreg_bulk)
1427 return -EINVAL;
1428
1429 vregs = qcadev->bt_power->vreg_data->vregs;
1430 vreg_bulk = qcadev->bt_power->vreg_bulk;
1431 num_vregs = qcadev->bt_power->vreg_data->num_vregs;
1432 BT_DBG("on: %d", on);
1433 if (on && !qcadev->bt_power->vregs_on) {
1434 for (i = 0; i < num_vregs; i++) {
1435 ret = qca_enable_regulator(vregs[i],
1436 vreg_bulk[i].consumer);
1437 if (ret)
1438 break;
1439 }
1440
1441 if (ret) {
1442 BT_ERR("failed to enable regulator:%s", vregs[i].name);
1443 /* turn off regulators which are enabled */
1444 for (i = i - 1; i >= 0; i--)
1445 qca_disable_regulator(vregs[i],
1446 vreg_bulk[i].consumer);
1447 } else {
1448 qcadev->bt_power->vregs_on = true;
1449 }
1450 } else if (!on && qcadev->bt_power->vregs_on) {
1451 /* turn off regulator in reverse order */
1452 i = qcadev->bt_power->vreg_data->num_vregs - 1;
1453 for ( ; i >= 0; i--)
1454 qca_disable_regulator(vregs[i], vreg_bulk[i].consumer);
1455
1456 qcadev->bt_power->vregs_on = false;
1457 }
1458
1459 return ret;
1460 }
1461
1462 static int qca_init_regulators(struct qca_power *qca,
1463 const struct qca_vreg *vregs, size_t num_vregs)
1464 {
1465 int i;
1466
1467 qca->vreg_bulk = devm_kcalloc(qca->dev, num_vregs,
1468 sizeof(struct regulator_bulk_data),
1469 GFP_KERNEL);
1470 if (!qca->vreg_bulk)
1471 return -ENOMEM;
1472
1473 for (i = 0; i < num_vregs; i++)
1474 qca->vreg_bulk[i].supply = vregs[i].name;
1475
1476 return devm_regulator_bulk_get(qca->dev, num_vregs, qca->vreg_bulk);
1477 }
1478
1479 static int qca_serdev_probe(struct serdev_device *serdev)
1480 {
1481 struct qca_serdev *qcadev;
1482 const struct qca_vreg_data *data;
1483 int err;
1484
1485 qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL);
1486 if (!qcadev)
1487 return -ENOMEM;
1488
1489 qcadev->serdev_hu.serdev = serdev;
1490 data = of_device_get_match_data(&serdev->dev);
1491 serdev_device_set_drvdata(serdev, qcadev);
1492 device_property_read_string(&serdev->dev, "firmware-name",
1493 &qcadev->firmware_name);
1494 if (data && qca_is_wcn399x(data->soc_type)) {
1495 qcadev->btsoc_type = data->soc_type;
1496 qcadev->bt_power = devm_kzalloc(&serdev->dev,
1497 sizeof(struct qca_power),
1498 GFP_KERNEL);
1499 if (!qcadev->bt_power)
1500 return -ENOMEM;
1501
1502 qcadev->bt_power->dev = &serdev->dev;
1503 qcadev->bt_power->vreg_data = data;
1504 err = qca_init_regulators(qcadev->bt_power, data->vregs,
1505 data->num_vregs);
1506 if (err) {
1507 BT_ERR("Failed to init regulators:%d", err);
1508 goto out;
1509 }
1510
1511 qcadev->bt_power->vregs_on = false;
1512
1513 device_property_read_u32(&serdev->dev, "max-speed",
1514 &qcadev->oper_speed);
1515 if (!qcadev->oper_speed)
1516 BT_DBG("UART will pick default operating speed");
1517
1518 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
1519 if (err) {
1520 BT_ERR("wcn3990 serdev registration failed");
1521 goto out;
1522 }
1523 } else {
1524 qcadev->btsoc_type = QCA_ROME;
1525 qcadev->bt_en = devm_gpiod_get(&serdev->dev, "enable",
1526 GPIOD_OUT_LOW);
1527 if (IS_ERR(qcadev->bt_en)) {
1528 dev_err(&serdev->dev, "failed to acquire enable gpio\n");
1529 return PTR_ERR(qcadev->bt_en);
1530 }
1531
1532 qcadev->susclk = devm_clk_get(&serdev->dev, NULL);
1533 if (IS_ERR(qcadev->susclk)) {
1534 dev_err(&serdev->dev, "failed to acquire clk\n");
1535 return PTR_ERR(qcadev->susclk);
1536 }
1537
1538 err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);
1539 if (err)
1540 return err;
1541
1542 err = clk_prepare_enable(qcadev->susclk);
1543 if (err)
1544 return err;
1545
1546 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
1547 if (err)
1548 clk_disable_unprepare(qcadev->susclk);
1549 }
1550
1551 out: return err;
1552
1553 }
1554
1555 static void qca_serdev_remove(struct serdev_device *serdev)
1556 {
1557 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
1558
1559 if (qca_is_wcn399x(qcadev->btsoc_type))
1560 qca_power_shutdown(&qcadev->serdev_hu);
1561 else
1562 clk_disable_unprepare(qcadev->susclk);
1563
1564 hci_uart_unregister_device(&qcadev->serdev_hu);
1565 }
1566
1567 static const struct of_device_id qca_bluetooth_of_match[] = {
1568 { .compatible = "qcom,qca6174-bt" },
1569 { .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data_wcn3990},
1570 { .compatible = "qcom,wcn3998-bt", .data = &qca_soc_data_wcn3998},
1571 { /* sentinel */ }
1572 };
1573 MODULE_DEVICE_TABLE(of, qca_bluetooth_of_match);
1574
1575 static struct serdev_device_driver qca_serdev_driver = {
1576 .probe = qca_serdev_probe,
1577 .remove = qca_serdev_remove,
1578 .driver = {
1579 .name = "hci_uart_qca",
1580 .of_match_table = qca_bluetooth_of_match,
1581 },
1582 };
1583
1584 int __init qca_init(void)
1585 {
1586 serdev_device_driver_register(&qca_serdev_driver);
1587
1588 return hci_uart_register_proto(&qca_proto);
1589 }
1590
1591 int __exit qca_deinit(void)
1592 {
1593 serdev_device_driver_unregister(&qca_serdev_driver);
1594
1595 return hci_uart_unregister_proto(&qca_proto);
1596 }
Ubuntu Jammy Linux kernel mirror