hci_ag6xx.c 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338
  1. /*
  2. *
  3. * Bluetooth HCI UART driver for Intel/AG6xx devices
  4. *
  5. * Copyright (C) 2016 Intel Corporation
  6. *
  7. *
  8. * This program is free software; you can redistribute it and/or modify
  9. * it under the terms of the GNU General Public License as published by
  10. * the Free Software Foundation; either version 2 of the License, or
  11. * (at your option) any later version.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU General Public License
  19. * along with this program; if not, write to the Free Software
  20. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  21. *
  22. */
  23. #include <linux/kernel.h>
  24. #include <linux/errno.h>
  25. #include <linux/skbuff.h>
  26. #include <linux/firmware.h>
  27. #include <linux/module.h>
  28. #include <linux/tty.h>
  29. #include <net/bluetooth/bluetooth.h>
  30. #include <net/bluetooth/hci_core.h>
  31. #include "hci_uart.h"
  32. #include "btintel.h"
  33. struct ag6xx_data {
  34. struct sk_buff *rx_skb;
  35. struct sk_buff_head txq;
  36. };
  37. struct pbn_entry {
  38. __le32 addr;
  39. __le32 plen;
  40. __u8 data[0];
  41. } __packed;
  42. static int ag6xx_open(struct hci_uart *hu)
  43. {
  44. struct ag6xx_data *ag6xx;
  45. BT_DBG("hu %p", hu);
  46. ag6xx = kzalloc(sizeof(*ag6xx), GFP_KERNEL);
  47. if (!ag6xx)
  48. return -ENOMEM;
  49. skb_queue_head_init(&ag6xx->txq);
  50. hu->priv = ag6xx;
  51. return 0;
  52. }
  53. static int ag6xx_close(struct hci_uart *hu)
  54. {
  55. struct ag6xx_data *ag6xx = hu->priv;
  56. BT_DBG("hu %p", hu);
  57. skb_queue_purge(&ag6xx->txq);
  58. kfree_skb(ag6xx->rx_skb);
  59. kfree(ag6xx);
  60. hu->priv = NULL;
  61. return 0;
  62. }
  63. static int ag6xx_flush(struct hci_uart *hu)
  64. {
  65. struct ag6xx_data *ag6xx = hu->priv;
  66. BT_DBG("hu %p", hu);
  67. skb_queue_purge(&ag6xx->txq);
  68. return 0;
  69. }
  70. static struct sk_buff *ag6xx_dequeue(struct hci_uart *hu)
  71. {
  72. struct ag6xx_data *ag6xx = hu->priv;
  73. struct sk_buff *skb;
  74. skb = skb_dequeue(&ag6xx->txq);
  75. if (!skb)
  76. return skb;
  77. /* Prepend skb with frame type */
  78. memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
  79. return skb;
  80. }
  81. static int ag6xx_enqueue(struct hci_uart *hu, struct sk_buff *skb)
  82. {
  83. struct ag6xx_data *ag6xx = hu->priv;
  84. skb_queue_tail(&ag6xx->txq, skb);
  85. return 0;
  86. }
  87. static const struct h4_recv_pkt ag6xx_recv_pkts[] = {
  88. { H4_RECV_ACL, .recv = hci_recv_frame },
  89. { H4_RECV_SCO, .recv = hci_recv_frame },
  90. { H4_RECV_EVENT, .recv = hci_recv_frame },
  91. };
  92. static int ag6xx_recv(struct hci_uart *hu, const void *data, int count)
  93. {
  94. struct ag6xx_data *ag6xx = hu->priv;
  95. if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
  96. return -EUNATCH;
  97. ag6xx->rx_skb = h4_recv_buf(hu->hdev, ag6xx->rx_skb, data, count,
  98. ag6xx_recv_pkts,
  99. ARRAY_SIZE(ag6xx_recv_pkts));
  100. if (IS_ERR(ag6xx->rx_skb)) {
  101. int err = PTR_ERR(ag6xx->rx_skb);
  102. bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
  103. ag6xx->rx_skb = NULL;
  104. return err;
  105. }
  106. return count;
  107. }
  108. static int intel_mem_write(struct hci_dev *hdev, u32 addr, u32 plen,
  109. const void *data)
  110. {
  111. /* Can write a maximum of 247 bytes per HCI command.
  112. * HCI cmd Header (3), Intel mem write header (6), data (247).
  113. */
  114. while (plen > 0) {
  115. struct sk_buff *skb;
  116. u8 cmd_param[253], fragment_len = (plen > 247) ? 247 : plen;
  117. __le32 leaddr = cpu_to_le32(addr);
  118. memcpy(cmd_param, &leaddr, 4);
  119. cmd_param[4] = 0;
  120. cmd_param[5] = fragment_len;
  121. memcpy(cmd_param + 6, data, fragment_len);
  122. skb = __hci_cmd_sync(hdev, 0xfc8e, fragment_len + 6, cmd_param,
  123. HCI_INIT_TIMEOUT);
  124. if (IS_ERR(skb))
  125. return PTR_ERR(skb);
  126. kfree_skb(skb);
  127. plen -= fragment_len;
  128. data += fragment_len;
  129. addr += fragment_len;
  130. }
  131. return 0;
  132. }
  133. static int ag6xx_setup(struct hci_uart *hu)
  134. {
  135. struct hci_dev *hdev = hu->hdev;
  136. struct sk_buff *skb;
  137. struct intel_version ver;
  138. const struct firmware *fw;
  139. const u8 *fw_ptr;
  140. char fwname[64];
  141. bool patched = false;
  142. int err;
  143. hu->hdev->set_diag = btintel_set_diag;
  144. hu->hdev->set_bdaddr = btintel_set_bdaddr;
  145. err = btintel_enter_mfg(hdev);
  146. if (err)
  147. return err;
  148. err = btintel_read_version(hdev, &ver);
  149. if (err)
  150. return err;
  151. btintel_version_info(hdev, &ver);
  152. /* The hardware platform number has a fixed value of 0x37 and
  153. * for now only accept this single value.
  154. */
  155. if (ver.hw_platform != 0x37) {
  156. bt_dev_err(hdev, "Unsupported Intel hardware platform: 0x%X",
  157. ver.hw_platform);
  158. return -EINVAL;
  159. }
  160. /* Only the hardware variant iBT 2.1 (AG6XX) is supported by this
  161. * firmware setup method.
  162. */
  163. if (ver.hw_variant != 0x0a) {
  164. bt_dev_err(hdev, "Unsupported Intel hardware variant: 0x%x",
  165. ver.hw_variant);
  166. return -EINVAL;
  167. }
  168. snprintf(fwname, sizeof(fwname), "/*(DEBLOBBED)*/",
  169. ver.hw_platform, ver.hw_variant);
  170. err = reject_firmware(&fw, fwname, &hdev->dev);
  171. if (err < 0) {
  172. bt_dev_err(hdev, "Failed to open Intel bddata file: %s (%d)",
  173. fwname, err);
  174. goto patch;
  175. }
  176. fw_ptr = fw->data;
  177. bt_dev_info(hdev, "Applying bddata (%s)", fwname);
  178. skb = __hci_cmd_sync_ev(hdev, 0xfc2f, fw->size, fw->data,
  179. HCI_EV_CMD_STATUS, HCI_CMD_TIMEOUT);
  180. if (IS_ERR(skb)) {
  181. bt_dev_err(hdev, "Applying bddata failed (%ld)", PTR_ERR(skb));
  182. release_firmware(fw);
  183. return PTR_ERR(skb);
  184. }
  185. kfree_skb(skb);
  186. release_firmware(fw);
  187. patch:
  188. /* If there is no applied patch, fw_patch_num is always 0x00. In other
  189. * cases, current firmware is already patched. No need to patch it.
  190. */
  191. if (ver.fw_patch_num) {
  192. bt_dev_info(hdev, "Device is already patched. patch num: %02x",
  193. ver.fw_patch_num);
  194. patched = true;
  195. goto complete;
  196. }
  197. snprintf(fwname, sizeof(fwname),
  198. "/*(DEBLOBBED)*/",
  199. ver.hw_platform, ver.hw_variant, ver.hw_revision,
  200. ver.fw_variant, ver.fw_revision, ver.fw_build_num,
  201. ver.fw_build_ww, ver.fw_build_yy);
  202. err = reject_firmware(&fw, fwname, &hdev->dev);
  203. if (err < 0) {
  204. bt_dev_err(hdev, "Failed to open Intel patch file: %s(%d)",
  205. fwname, err);
  206. goto complete;
  207. }
  208. fw_ptr = fw->data;
  209. bt_dev_info(hdev, "Patching firmware file (%s)", fwname);
  210. /* PBN patch file contains a list of binary patches to be applied on top
  211. * of the embedded firmware. Each patch entry header contains the target
  212. * address and patch size.
  213. *
  214. * Patch entry:
  215. * | addr(le) | patch_len(le) | patch_data |
  216. * | 4 Bytes | 4 Bytes | n Bytes |
  217. *
  218. * PBN file is terminated by a patch entry whose address is 0xffffffff.
  219. */
  220. while (fw->size > fw_ptr - fw->data) {
  221. struct pbn_entry *pbn = (void *)fw_ptr;
  222. u32 addr, plen;
  223. if (pbn->addr == 0xffffffff) {
  224. bt_dev_info(hdev, "Patching complete");
  225. patched = true;
  226. break;
  227. }
  228. addr = le32_to_cpu(pbn->addr);
  229. plen = le32_to_cpu(pbn->plen);
  230. if (fw->data + fw->size <= pbn->data + plen) {
  231. bt_dev_info(hdev, "Invalid patch len (%d)", plen);
  232. break;
  233. }
  234. bt_dev_info(hdev, "Patching %td/%zu", (fw_ptr - fw->data),
  235. fw->size);
  236. err = intel_mem_write(hdev, addr, plen, pbn->data);
  237. if (err) {
  238. bt_dev_err(hdev, "Patching failed");
  239. break;
  240. }
  241. fw_ptr = pbn->data + plen;
  242. }
  243. release_firmware(fw);
  244. complete:
  245. /* Exit manufacturing mode and reset */
  246. err = btintel_exit_mfg(hdev, true, patched);
  247. if (err)
  248. return err;
  249. /* Set the event mask for Intel specific vendor events. This enables
  250. * a few extra events that are useful during general operation.
  251. */
  252. btintel_set_event_mask_mfg(hdev, false);
  253. btintel_check_bdaddr(hdev);
  254. return 0;
  255. }
  256. static const struct hci_uart_proto ag6xx_proto = {
  257. .id = HCI_UART_AG6XX,
  258. .name = "AG6XX",
  259. .manufacturer = 2,
  260. .open = ag6xx_open,
  261. .close = ag6xx_close,
  262. .flush = ag6xx_flush,
  263. .setup = ag6xx_setup,
  264. .recv = ag6xx_recv,
  265. .enqueue = ag6xx_enqueue,
  266. .dequeue = ag6xx_dequeue,
  267. };
  268. int __init ag6xx_init(void)
  269. {
  270. return hci_uart_register_proto(&ag6xx_proto);
  271. }
  272. int __exit ag6xx_deinit(void)
  273. {
  274. return hci_uart_unregister_proto(&ag6xx_proto);
  275. }