tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'for-net-next-2022-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Luiz Augusto von Dentz says:
====================
bluetooth-next pull request for net-next:
- Add a new VID/PID 0489/e0f2 for MT7922
- Add Realtek RTL8852BE support ID 0x0cb8:0xc559
- Add a new PID/VID 13d3/3549 for RTL8822CU
- Add support for broadcom BCM43430A0 & BCM43430A1
- Add CONFIG_BT_HCIBTUSB_POLL_SYNC
- Add CONFIG_BT_LE_L2CAP_ECRED
- Add support for CYW4373A0
- Add support for RTL8723DS
- Add more device IDs for WCN6855
- Add Broadcom BCM4377 family PCIe Bluetooth
* tag 'for-net-next-2022-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next: (51 commits)
Bluetooth: Wait for HCI_OP_WRITE_AUTH_PAYLOAD_TO to complete
Bluetooth: ISO: Avoid circular locking dependency
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btintel: Fix missing free skb in btintel_setup_combined()
Bluetooth: hci_conn: Fix crash on hci_create_cis_sync
Bluetooth: btintel: Fix existing sparce warnings
Bluetooth: btusb: Fix existing sparce warning
Bluetooth: btusb: Fix new sparce warnings
Bluetooth: btusb: Add a new PID/VID 13d3/3549 for RTL8822CU
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
dt-bindings: net: realtek-bluetooth: Add RTL8723DS
Bluetooth: btusb: Add a new VID/PID 0489/e0f2 for MT7922
dt-bindings: bluetooth: broadcom: add BCM43430A0 & BCM43430A1
Bluetooth: hci_bcm4377: Fix missing pci_disable_device() on error in bcm4377_probe()
...
====================
Link: https://lore.kernel.org/r/20221212222322.1690780-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+3117
-121
-5
Documentation/devicetree/bindings/net/bluetooth.txt
-5
Documentation/devicetree/bindings/net/bluetooth.txt
+29
Documentation/devicetree/bindings/net/bluetooth/bluetooth-controller.yaml
+29
Documentation/devicetree/bindings/net/bluetooth/bluetooth-controller.yaml
···
1
+
# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
2
+
%YAML 1.2
3
+
---
4
+
$id: http://devicetree.org/schemas/net/bluetooth/bluetooth-controller.yaml#
5
+
$schema: http://devicetree.org/meta-schemas/core.yaml#
6
+
7
+
title: Bluetooth Controller Generic Binding
8
+
9
+
maintainers:
10
+
- Marcel Holtmann <marcel@holtmann.org>
11
+
- Johan Hedberg <johan.hedberg@gmail.com>
12
+
- Luiz Augusto von Dentz <luiz.dentz@gmail.com>
13
+
14
+
properties:
15
+
$nodename:
16
+
pattern: "^bluetooth(@.*)?$"
17
+
18
+
local-bd-address:
19
+
$ref: /schemas/types.yaml#/definitions/uint8-array
20
+
maxItems: 6
21
+
description:
22
+
Specifies the BD address that was uniquely assigned to the Bluetooth
23
+
device. Formatted with least significant byte first (little-endian), e.g.
24
+
in order to assign the address 00:11:22:33:44:55 this property must have
25
+
the value [55 44 33 22 11 00].
26
+
27
+
additionalProperties: true
28
+
29
+
...
+81
Documentation/devicetree/bindings/net/bluetooth/brcm,bcm4377-bluetooth.yaml
+81
Documentation/devicetree/bindings/net/bluetooth/brcm,bcm4377-bluetooth.yaml
···
1
+
# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
2
+
%YAML 1.2
3
+
---
4
+
$id: http://devicetree.org/schemas/net/bluetooth/brcm,bcm4377-bluetooth.yaml#
5
+
$schema: http://devicetree.org/meta-schemas/core.yaml#
6
+
7
+
title: Broadcom BCM4377 family PCIe Bluetooth Chips
8
+
9
+
maintainers:
10
+
- Sven Peter <sven@svenpeter.dev>
11
+
12
+
description:
13
+
This binding describes Broadcom BCM4377 family PCIe-attached bluetooth chips
14
+
usually found in Apple machines. The Wi-Fi part of the chip is described in
15
+
bindings/net/wireless/brcm,bcm4329-fmac.yaml.
16
+
17
+
allOf:
18
+
- $ref: bluetooth-controller.yaml#
19
+
20
+
properties:
21
+
compatible:
22
+
enum:
23
+
- pci14e4,5fa0 # BCM4377
24
+
- pci14e4,5f69 # BCM4378
25
+
- pci14e4,5f71 # BCM4387
26
+
27
+
reg:
28
+
maxItems: 1
29
+
30
+
brcm,board-type:
31
+
$ref: /schemas/types.yaml#/definitions/string
32
+
description: Board type of the Bluetooth chip. This is used to decouple
33
+
the overall system board from the Bluetooth module and used to construct
34
+
firmware and calibration data filenames.
35
+
On Apple platforms, this should be the Apple module-instance codename
36
+
prefixed by "apple,", e.g. "apple,atlantisb".
37
+
pattern: '^apple,.*'
38
+
39
+
brcm,taurus-cal-blob:
40
+
$ref: /schemas/types.yaml#/definitions/uint8-array
41
+
description: A per-device calibration blob for the Bluetooth radio. This
42
+
should be filled in by the bootloader from platform configuration
43
+
data, if necessary, and will be uploaded to the device.
44
+
This blob is used if the chip stepping of the Bluetooth module does not
45
+
support beamforming.
46
+
47
+
brcm,taurus-bf-cal-blob:
48
+
$ref: /schemas/types.yaml#/definitions/uint8-array
49
+
description: A per-device calibration blob for the Bluetooth radio. This
50
+
should be filled in by the bootloader from platform configuration
51
+
data, if necessary, and will be uploaded to the device.
52
+
This blob is used if the chip stepping of the Bluetooth module supports
53
+
beamforming.
54
+
55
+
local-bd-address: true
56
+
57
+
required:
58
+
- compatible
59
+
- reg
60
+
- local-bd-address
61
+
- brcm,board-type
62
+
63
+
additionalProperties: false
64
+
65
+
examples:
66
+
- |
67
+
pcie@a0000000 {
68
+
#address-cells = <3>;
69
+
#size-cells = <2>;
70
+
reg = <0xa0000000 0x1000000>;
71
+
device_type = "pci";
72
+
ranges = <0x43000000 0x6 0xa0000000 0xa0000000 0x0 0x20000000>;
73
+
74
+
bluetooth@0,1 {
75
+
compatible = "pci14e4,5f69";
76
+
reg = <0x100 0x0 0x0 0x0 0x0>;
77
+
brcm,board-type = "apple,honshu";
78
+
/* To be filled by the bootloader */
79
+
local-bd-address = [00 00 00 00 00 00];
80
+
};
81
+
};
+3
Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml
+3
Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml
···
19
19
- brcm,bcm4329-bt
20
20
- brcm,bcm4330-bt
21
21
- brcm,bcm4334-bt
22
+
- brcm,bcm43430a0-bt
23
+
- brcm,bcm43430a1-bt
22
24
- brcm,bcm43438-bt
23
25
- brcm,bcm4345c5
24
26
- brcm,bcm43540-bt
25
27
- brcm,bcm4335a0
26
28
- brcm,bcm4349-bt
29
+
- cypress,cyw4373a0-bt
27
30
- infineon,cyw55572-bt
28
31
29
32
shutdown-gpios:
+3
-3
Documentation/devicetree/bindings/net/qualcomm-bluetooth.yaml
Documentation/devicetree/bindings/net/bluetooth/qualcomm-bluetooth.yaml
+3
-3
Documentation/devicetree/bindings/net/qualcomm-bluetooth.yaml
Documentation/devicetree/bindings/net/bluetooth/qualcomm-bluetooth.yaml
···
1
1
# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
2
2
%YAML 1.2
3
3
---
4
-
$id: http://devicetree.org/schemas/net/qualcomm-bluetooth.yaml#
4
+
$id: http://devicetree.org/schemas/net/bluetooth/qualcomm-bluetooth.yaml#
5
5
$schema: http://devicetree.org/meta-schemas/core.yaml#
6
6
7
7
title: Qualcomm Bluetooth Chips
···
79
79
firmware-name:
80
80
description: specify the name of nvm firmware to load
81
81
82
-
local-bd-address:
83
-
description: see Documentation/devicetree/bindings/net/bluetooth.txt
82
+
local-bd-address: true
84
83
85
84
86
85
required:
···
88
89
additionalProperties: false
89
90
90
91
allOf:
92
+
- $ref: bluetooth-controller.yaml#
91
93
- if:
92
94
properties:
93
95
compatible:
+1
Documentation/devicetree/bindings/net/realtek-bluetooth.yaml
+1
Documentation/devicetree/bindings/net/realtek-bluetooth.yaml
+3
-5
Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.yaml
+3
-5
Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.yaml
···
42
42
bluetooth:
43
43
type: object
44
44
additionalProperties: false
45
+
allOf:
46
+
- $ref: /schemas/net/bluetooth/bluetooth-controller.yaml#
45
47
properties:
46
48
compatible:
47
49
const: qcom,wcnss-bt
48
50
49
-
local-bd-address:
50
-
$ref: /schemas/types.yaml#/definitions/uint8-array
51
-
maxItems: 6
52
-
description:
53
-
See Documentation/devicetree/bindings/net/bluetooth.txt
51
+
local-bd-address: true
54
52
55
53
required:
56
54
- compatible
+2
MAINTAINERS
+2
MAINTAINERS
···
1903
1903
F: Documentation/devicetree/bindings/iommu/apple,dart.yaml
1904
1904
F: Documentation/devicetree/bindings/iommu/apple,sart.yaml
1905
1905
F: Documentation/devicetree/bindings/mailbox/apple,mailbox.yaml
1906
+
F: Documentation/devicetree/bindings/net/bluetooth/brcm,bcm4377-bluetooth.yaml
1906
1907
F: Documentation/devicetree/bindings/nvme/apple,nvme-ans.yaml
1907
1908
F: Documentation/devicetree/bindings/nvmem/apple,efuses.yaml
1908
1909
F: Documentation/devicetree/bindings/pci/apple,pcie.yaml
···
1911
1910
F: Documentation/devicetree/bindings/power/apple*
1912
1911
F: Documentation/devicetree/bindings/watchdog/apple,wdt.yaml
1913
1912
F: arch/arm64/boot/dts/apple/
1913
+
F: drivers/bluetooth/hci_bcm4377.c
1914
1914
F: drivers/clk/clk-apple-nco.c
1915
1915
F: drivers/dma/apple-admac.c
1916
1916
F: drivers/i2c/busses/i2c-pasemi-core.c
+4
arch/arm64/boot/dts/apple/t8103-j274.dts
+4
arch/arm64/boot/dts/apple/t8103-j274.dts
+4
arch/arm64/boot/dts/apple/t8103-j293.dts
+4
arch/arm64/boot/dts/apple/t8103-j293.dts
+4
arch/arm64/boot/dts/apple/t8103-j313.dts
+4
arch/arm64/boot/dts/apple/t8103-j313.dts
+4
arch/arm64/boot/dts/apple/t8103-j456.dts
+4
arch/arm64/boot/dts/apple/t8103-j456.dts
+4
arch/arm64/boot/dts/apple/t8103-j457.dts
+4
arch/arm64/boot/dts/apple/t8103-j457.dts
+8
arch/arm64/boot/dts/apple/t8103-jxxx.dtsi
+8
arch/arm64/boot/dts/apple/t8103-jxxx.dtsi
···
11
11
12
12
/ {
13
13
aliases {
14
+
bluetooth0 = &bluetooth0;
14
15
serial0 = &serial0;
15
16
serial2 = &serial2;
16
17
wifi0 = &wifi0;
···
77
76
/* To be filled by the loader */
78
77
local-mac-address = [00 00 00 00 00 00];
79
78
apple,antenna-sku = "XX";
79
+
};
80
+
81
+
bluetooth0: bluetooth@0,1 {
82
+
compatible = "pci14e4,5f69";
83
+
reg = <0x10100 0x0 0x0 0x0 0x0>;
84
+
/* To be filled by the loader */
85
+
local-bd-address = [00 00 00 00 00 00];
80
86
};
81
87
};
+23
drivers/bluetooth/Kconfig
+23
drivers/bluetooth/Kconfig
···
45
45
This can be overridden by passing btusb.enable_autosuspend=[y|n]
46
46
on the kernel commandline.
47
47
48
+
config BT_HCIBTUSB_POLL_SYNC
49
+
bool "Enable USB poll_sync for Bluetooth USB devices by default"
50
+
depends on BT_HCIBTUSB
51
+
default y
52
+
help
53
+
poll_sync synchronizes the USB data and event endpoints by
54
+
prioritizing the later.
55
+
56
+
Say Y here to enable USB poll_sync for Bluetooth USB devices by
57
+
default.
58
+
48
59
config BT_HCIBTUSB_BCM
49
60
bool "Broadcom protocol support"
50
61
depends on BT_HCIBTUSB
···
284
273
285
274
Say Y here to compile support for HCI BCM203x devices into the
286
275
kernel or say M to compile it as module (bcm203x).
276
+
277
+
278
+
config BT_HCIBCM4377
279
+
tristate "HCI BCM4377/4378/4387 PCIe driver"
280
+
depends on PCI
281
+
select FW_LOADER
282
+
help
283
+
Support for Broadcom BCM4377/4378/4387 Bluetooth chipsets attached via
284
+
PCIe. These are usually found in Apple machines.
285
+
286
+
Say Y here to compile support for HCI BCM4377 family devices into the
287
+
kernel or say M to compile it as module (hci_bcm4377).
287
288
288
289
config BT_HCIBPA10X
289
290
tristate "HCI BPA10x USB driver"
+1
drivers/bluetooth/Makefile
+1
drivers/bluetooth/Makefile
···
6
6
obj-$(CONFIG_BT_HCIVHCI) += hci_vhci.o
7
7
obj-$(CONFIG_BT_HCIUART) += hci_uart.o
8
8
obj-$(CONFIG_BT_HCIBCM203X) += bcm203x.o
9
+
obj-$(CONFIG_BT_HCIBCM4377) += hci_bcm4377.o
9
10
obj-$(CONFIG_BT_HCIBPA10X) += bpa10x.o
10
11
obj-$(CONFIG_BT_HCIBFUSB) += bfusb.o
11
12
obj-$(CONFIG_BT_HCIDTL1) += dtl1_cs.o
+11
-10
drivers/bluetooth/btintel.c
+11
-10
drivers/bluetooth/btintel.c
···
26
26
27
27
#define CMD_WRITE_BOOT_PARAMS 0xfc0e
28
28
struct cmd_write_boot_params {
29
-
u32 boot_addr;
29
+
__le32 boot_addr;
30
30
u8 fw_build_num;
31
31
u8 fw_build_ww;
32
32
u8 fw_build_yy;
···
1783
1783
case 0x0b: /* SfP */
1784
1784
case 0x0c: /* WsP */
1785
1785
snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
1786
-
le16_to_cpu(ver->hw_variant),
1787
-
le16_to_cpu(params->dev_revid),
1788
-
suffix);
1786
+
ver->hw_variant,
1787
+
le16_to_cpu(params->dev_revid),
1788
+
suffix);
1789
1789
break;
1790
1790
case 0x11: /* JfP */
1791
1791
case 0x12: /* ThP */
1792
1792
case 0x13: /* HrP */
1793
1793
case 0x14: /* CcP */
1794
1794
snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
1795
-
le16_to_cpu(ver->hw_variant),
1796
-
le16_to_cpu(ver->hw_revision),
1797
-
le16_to_cpu(ver->fw_revision),
1798
-
suffix);
1795
+
ver->hw_variant,
1796
+
ver->hw_revision,
1797
+
ver->fw_revision,
1798
+
suffix);
1799
1799
break;
1800
1800
default:
1801
1801
return -EINVAL;
···
2524
2524
*/
2525
2525
err = btintel_read_version(hdev, &ver);
2526
2526
if (err)
2527
-
return err;
2527
+
break;
2528
2528
2529
2529
/* Apply the device specific HCI quirks
2530
2530
*
···
2566
2566
default:
2567
2567
bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
2568
2568
INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
2569
-
return -EINVAL;
2569
+
err = -EINVAL;
2570
+
break;
2570
2571
}
2571
2572
2572
2573
exit_error:
+7
drivers/bluetooth/btrtl.c
+7
drivers/bluetooth/btrtl.c
···
781
781
case CHIP_ID_8852C:
782
782
set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
783
783
set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
784
+
785
+
/* RTL8852C needs to transmit mSBC data continuously without
786
+
* the zero length of USB packets for the ALT 6 supported chips
787
+
*/
788
+
if (btrtl_dev->project_id == CHIP_ID_8852C)
789
+
btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
790
+
784
791
hci_set_aosp_capable(hdev);
785
792
break;
786
793
default:
+21
drivers/bluetooth/btrtl.h
+21
drivers/bluetooth/btrtl.h
···
47
47
struct rtl_vendor_config_entry entry[];
48
48
} __packed;
49
49
50
+
enum {
51
+
REALTEK_ALT6_CONTINUOUS_TX_CHIP,
52
+
53
+
__REALTEK_NUM_FLAGS,
54
+
};
55
+
56
+
struct btrealtek_data {
57
+
DECLARE_BITMAP(flags, __REALTEK_NUM_FLAGS);
58
+
};
59
+
60
+
#define btrealtek_set_flag(hdev, nr) \
61
+
do { \
62
+
struct btrealtek_data *realtek = hci_get_priv((hdev)); \
63
+
set_bit((nr), realtek->flags); \
64
+
} while (0)
65
+
66
+
#define btrealtek_get_flag(hdev) \
67
+
(((struct btrealtek_data *)hci_get_priv(hdev))->flags)
68
+
69
+
#define btrealtek_test_flag(hdev, nr) test_bit((nr), btrealtek_get_flag(hdev))
70
+
50
71
#if IS_ENABLED(CONFIG_BT_RTL)
51
72
52
73
struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
+204
-32
drivers/bluetooth/btusb.c
+204
-32
drivers/bluetooth/btusb.c
···
32
32
static bool disable_scofix;
33
33
static bool force_scofix;
34
34
static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
35
+
static bool enable_poll_sync = IS_ENABLED(CONFIG_BT_HCIBTUSB_POLL_SYNC);
35
36
static bool reset = true;
36
37
37
38
static struct usb_driver btusb_driver;
···
317
316
{ USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 |
318
317
BTUSB_WIDEBAND_SPEECH |
319
318
BTUSB_VALID_LE_STATES },
319
+
{ USB_DEVICE(0x10ab, 0x9108), .driver_info = BTUSB_QCA_WCN6855 |
320
+
BTUSB_WIDEBAND_SPEECH |
321
+
BTUSB_VALID_LE_STATES },
322
+
{ USB_DEVICE(0x10ab, 0x9109), .driver_info = BTUSB_QCA_WCN6855 |
323
+
BTUSB_WIDEBAND_SPEECH |
324
+
BTUSB_VALID_LE_STATES },
325
+
{ USB_DEVICE(0x10ab, 0x9208), .driver_info = BTUSB_QCA_WCN6855 |
326
+
BTUSB_WIDEBAND_SPEECH |
327
+
BTUSB_VALID_LE_STATES },
328
+
{ USB_DEVICE(0x10ab, 0x9209), .driver_info = BTUSB_QCA_WCN6855 |
329
+
BTUSB_WIDEBAND_SPEECH |
330
+
BTUSB_VALID_LE_STATES },
331
+
{ USB_DEVICE(0x10ab, 0x9308), .driver_info = BTUSB_QCA_WCN6855 |
332
+
BTUSB_WIDEBAND_SPEECH |
333
+
BTUSB_VALID_LE_STATES },
334
+
{ USB_DEVICE(0x10ab, 0x9408), .driver_info = BTUSB_QCA_WCN6855 |
335
+
BTUSB_WIDEBAND_SPEECH |
336
+
BTUSB_VALID_LE_STATES },
337
+
{ USB_DEVICE(0x10ab, 0x9508), .driver_info = BTUSB_QCA_WCN6855 |
338
+
BTUSB_WIDEBAND_SPEECH |
339
+
BTUSB_VALID_LE_STATES },
340
+
{ USB_DEVICE(0x10ab, 0x9509), .driver_info = BTUSB_QCA_WCN6855 |
341
+
BTUSB_WIDEBAND_SPEECH |
342
+
BTUSB_VALID_LE_STATES },
343
+
{ USB_DEVICE(0x10ab, 0x9608), .driver_info = BTUSB_QCA_WCN6855 |
344
+
BTUSB_WIDEBAND_SPEECH |
345
+
BTUSB_VALID_LE_STATES },
346
+
{ USB_DEVICE(0x10ab, 0x9609), .driver_info = BTUSB_QCA_WCN6855 |
347
+
BTUSB_WIDEBAND_SPEECH |
348
+
BTUSB_VALID_LE_STATES },
349
+
{ USB_DEVICE(0x10ab, 0x9f09), .driver_info = BTUSB_QCA_WCN6855 |
350
+
BTUSB_WIDEBAND_SPEECH |
351
+
BTUSB_VALID_LE_STATES },
352
+
{ USB_DEVICE(0x04ca, 0x3022), .driver_info = BTUSB_QCA_WCN6855 |
353
+
BTUSB_WIDEBAND_SPEECH |
354
+
BTUSB_VALID_LE_STATES },
355
+
{ USB_DEVICE(0x0489, 0xe0c7), .driver_info = BTUSB_QCA_WCN6855 |
356
+
BTUSB_WIDEBAND_SPEECH |
357
+
BTUSB_VALID_LE_STATES },
358
+
{ USB_DEVICE(0x0489, 0xe0c9), .driver_info = BTUSB_QCA_WCN6855 |
359
+
BTUSB_WIDEBAND_SPEECH |
360
+
BTUSB_VALID_LE_STATES },
361
+
{ USB_DEVICE(0x0489, 0xe0ca), .driver_info = BTUSB_QCA_WCN6855 |
362
+
BTUSB_WIDEBAND_SPEECH |
363
+
BTUSB_VALID_LE_STATES },
364
+
{ USB_DEVICE(0x0489, 0xe0cb), .driver_info = BTUSB_QCA_WCN6855 |
365
+
BTUSB_WIDEBAND_SPEECH |
366
+
BTUSB_VALID_LE_STATES },
367
+
{ USB_DEVICE(0x0489, 0xe0ce), .driver_info = BTUSB_QCA_WCN6855 |
368
+
BTUSB_WIDEBAND_SPEECH |
369
+
BTUSB_VALID_LE_STATES },
370
+
{ USB_DEVICE(0x0489, 0xe0de), .driver_info = BTUSB_QCA_WCN6855 |
371
+
BTUSB_WIDEBAND_SPEECH |
372
+
BTUSB_VALID_LE_STATES },
373
+
{ USB_DEVICE(0x0489, 0xe0df), .driver_info = BTUSB_QCA_WCN6855 |
374
+
BTUSB_WIDEBAND_SPEECH |
375
+
BTUSB_VALID_LE_STATES },
376
+
{ USB_DEVICE(0x0489, 0xe0e1), .driver_info = BTUSB_QCA_WCN6855 |
377
+
BTUSB_WIDEBAND_SPEECH |
378
+
BTUSB_VALID_LE_STATES },
379
+
{ USB_DEVICE(0x0489, 0xe0ea), .driver_info = BTUSB_QCA_WCN6855 |
380
+
BTUSB_WIDEBAND_SPEECH |
381
+
BTUSB_VALID_LE_STATES },
382
+
{ USB_DEVICE(0x0489, 0xe0ec), .driver_info = BTUSB_QCA_WCN6855 |
383
+
BTUSB_WIDEBAND_SPEECH |
384
+
BTUSB_VALID_LE_STATES },
385
+
{ USB_DEVICE(0x04ca, 0x3023), .driver_info = BTUSB_QCA_WCN6855 |
386
+
BTUSB_WIDEBAND_SPEECH |
387
+
BTUSB_VALID_LE_STATES },
388
+
{ USB_DEVICE(0x04ca, 0x3024), .driver_info = BTUSB_QCA_WCN6855 |
389
+
BTUSB_WIDEBAND_SPEECH |
390
+
BTUSB_VALID_LE_STATES },
391
+
{ USB_DEVICE(0x04ca, 0x3a22), .driver_info = BTUSB_QCA_WCN6855 |
392
+
BTUSB_WIDEBAND_SPEECH |
393
+
BTUSB_VALID_LE_STATES },
394
+
{ USB_DEVICE(0x04ca, 0x3a24), .driver_info = BTUSB_QCA_WCN6855 |
395
+
BTUSB_WIDEBAND_SPEECH |
396
+
BTUSB_VALID_LE_STATES },
397
+
{ USB_DEVICE(0x04ca, 0x3a26), .driver_info = BTUSB_QCA_WCN6855 |
398
+
BTUSB_WIDEBAND_SPEECH |
399
+
BTUSB_VALID_LE_STATES },
400
+
{ USB_DEVICE(0x04ca, 0x3a27), .driver_info = BTUSB_QCA_WCN6855 |
401
+
BTUSB_WIDEBAND_SPEECH |
402
+
BTUSB_VALID_LE_STATES },
320
403
321
404
/* QCA WCN785x chipset */
322
405
{ USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 |
···
498
413
{ USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK |
499
414
BTUSB_WIDEBAND_SPEECH },
500
415
416
+
/* Realtek 8822CU Bluetooth devices */
417
+
{ USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
418
+
BTUSB_WIDEBAND_SPEECH },
419
+
501
420
/* Realtek 8852AE Bluetooth devices */
502
421
{ USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK |
503
422
BTUSB_WIDEBAND_SPEECH },
···
530
441
{ USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK |
531
442
BTUSB_WIDEBAND_SPEECH },
532
443
{ USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK |
444
+
BTUSB_WIDEBAND_SPEECH },
445
+
446
+
/* Realtek 8852BE Bluetooth devices */
447
+
{ USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK |
533
448
BTUSB_WIDEBAND_SPEECH },
534
449
535
450
/* Realtek Bluetooth devices */
···
604
511
{ USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK |
605
512
BTUSB_WIDEBAND_SPEECH |
606
513
BTUSB_VALID_LE_STATES },
514
+
{ USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK |
515
+
BTUSB_WIDEBAND_SPEECH |
516
+
BTUSB_VALID_LE_STATES },
607
517
608
518
/* Additional Realtek 8723AE Bluetooth devices */
609
519
{ USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
···
638
542
{ USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK |
639
543
BTUSB_WIDEBAND_SPEECH },
640
544
{ USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK |
545
+
BTUSB_WIDEBAND_SPEECH },
546
+
{ USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK |
641
547
BTUSB_WIDEBAND_SPEECH },
642
548
643
549
/* Additional Realtek 8821AE Bluetooth devices */
···
730
632
#define BTUSB_TX_WAIT_VND_EVT 13
731
633
#define BTUSB_WAKEUP_AUTOSUSPEND 14
732
634
#define BTUSB_USE_ALT3_FOR_WBS 15
635
+
#define BTUSB_ALT6_CONTINUOUS_TX 16
733
636
734
637
struct btusb_data {
735
638
struct hci_dev *hdev;
···
795
696
unsigned cmd_timeout_cnt;
796
697
};
797
698
699
+
static void btusb_reset(struct hci_dev *hdev)
700
+
{
701
+
struct btusb_data *data;
702
+
int err;
703
+
704
+
if (hdev->reset) {
705
+
hdev->reset(hdev);
706
+
return;
707
+
}
708
+
709
+
data = hci_get_drvdata(hdev);
710
+
/* This is not an unbalanced PM reference since the device will reset */
711
+
err = usb_autopm_get_interface(data->intf);
712
+
if (err) {
713
+
bt_dev_err(hdev, "Failed usb_autopm_get_interface: %d", err);
714
+
return;
715
+
}
716
+
717
+
bt_dev_err(hdev, "Resetting usb device.");
718
+
usb_queue_reset_device(data->intf);
719
+
}
720
+
798
721
static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
799
722
{
800
723
struct btusb_data *data = hci_get_drvdata(hdev);
···
826
705
return;
827
706
828
707
if (!reset_gpio) {
829
-
bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
708
+
btusb_reset(hdev);
830
709
return;
831
710
}
832
711
···
857
736
return;
858
737
859
738
if (!reset_gpio) {
860
-
bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
739
+
btusb_reset(hdev);
861
740
return;
862
741
}
863
742
···
882
761
{
883
762
struct btusb_data *data = hci_get_drvdata(hdev);
884
763
struct gpio_desc *reset_gpio = data->reset_gpio;
885
-
int err;
886
764
887
765
if (++data->cmd_timeout_cnt < 5)
888
766
return;
···
907
787
return;
908
788
}
909
789
910
-
bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device.");
911
-
/* This is not an unbalanced PM reference since the device will reset */
912
-
err = usb_autopm_get_interface(data->intf);
913
-
if (!err)
914
-
usb_queue_reset_device(data->intf);
915
-
else
916
-
bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err);
790
+
btusb_reset(hdev);
917
791
}
918
792
919
793
static inline void btusb_free_frags(struct btusb_data *data)
···
916
802
917
803
spin_lock_irqsave(&data->rxlock, flags);
918
804
919
-
kfree_skb(data->evt_skb);
805
+
dev_kfree_skb_irq(data->evt_skb);
920
806
data->evt_skb = NULL;
921
807
922
-
kfree_skb(data->acl_skb);
808
+
dev_kfree_skb_irq(data->acl_skb);
923
809
data->acl_skb = NULL;
924
810
925
-
kfree_skb(data->sco_skb);
811
+
dev_kfree_skb_irq(data->sco_skb);
926
812
data->sco_skb = NULL;
927
813
928
814
spin_unlock_irqrestore(&data->rxlock, flags);
···
1076
962
return err;
1077
963
}
1078
964
965
+
static bool btusb_validate_sco_handle(struct hci_dev *hdev,
966
+
struct hci_sco_hdr *hdr)
967
+
{
968
+
__u16 handle;
969
+
970
+
if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
971
+
// Can't validate, userspace controls everything.
972
+
return true;
973
+
974
+
/*
975
+
* USB isochronous transfers are not designed to be reliable and may
976
+
* lose fragments. When this happens, the next first fragment
977
+
* encountered might actually be a continuation fragment.
978
+
* Validate the handle to detect it and drop it, or else the upper
979
+
* layer will get garbage for a while.
980
+
*/
981
+
982
+
handle = hci_handle(__le16_to_cpu(hdr->handle));
983
+
984
+
switch (hci_conn_lookup_type(hdev, handle)) {
985
+
case SCO_LINK:
986
+
case ESCO_LINK:
987
+
return true;
988
+
default:
989
+
return false;
990
+
}
991
+
}
992
+
1079
993
static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
1080
994
{
1081
995
struct sk_buff *skb;
···
1136
994
1137
995
if (skb->len == HCI_SCO_HDR_SIZE) {
1138
996
/* Complete SCO header */
1139
-
hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
997
+
struct hci_sco_hdr *hdr = hci_sco_hdr(skb);
1140
998
1141
-
if (skb_tailroom(skb) < hci_skb_expect(skb)) {
999
+
hci_skb_expect(skb) = hdr->dlen;
1000
+
1001
+
if (skb_tailroom(skb) < hci_skb_expect(skb) ||
1002
+
!btusb_validate_sco_handle(data->hdev, hdr)) {
1142
1003
kfree_skb(skb);
1143
1004
skb = NULL;
1144
1005
···
1421
1276
static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1422
1277
int mtu, struct btusb_data *data)
1423
1278
{
1424
-
int i, offset = 0;
1279
+
int i = 0, offset = 0;
1425
1280
unsigned int interval;
1426
1281
1427
1282
BT_DBG("len %d mtu %d", len, mtu);
1283
+
1284
+
/* For mSBC ALT 6 settings some chips need to transmit the data
1285
+
* continuously without the zero length of USB packets.
1286
+
*/
1287
+
if (test_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags))
1288
+
goto ignore_usb_alt6_packet_flow;
1428
1289
1429
1290
/* For mSBC ALT 6 setting the host will send the packet at continuous
1430
1291
* flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
···
1451
1300
urb->iso_frame_desc[i].length = offset;
1452
1301
}
1453
1302
1303
+
ignore_usb_alt6_packet_flow:
1454
1304
if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1455
1305
urb->iso_frame_desc[i].offset = offset;
1456
1306
urb->iso_frame_desc[i].length = len;
···
2133
1981
if (btusb_switch_alt_setting(hdev, new_alts) < 0)
2134
1982
bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
2135
1983
} else {
2136
-
clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
2137
1984
usb_kill_anchored_urbs(&data->isoc_anchor);
2138
1985
2139
-
__set_isoc_interface(hdev, 0);
1986
+
if (test_and_clear_bit(BTUSB_ISOC_RUNNING, &data->flags))
1987
+
__set_isoc_interface(hdev, 0);
1988
+
2140
1989
if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
2141
1990
usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
2142
1991
}
···
2201
2048
return err;
2202
2049
}
2203
2050
2204
-
if (skb->len != sizeof(struct hci_rp_read_local_version)) {
2051
+
rp = skb_pull_data(skb, sizeof(*rp));
2052
+
if (!rp) {
2205
2053
bt_dev_err(hdev, "CSR: Local version length mismatch");
2206
2054
kfree_skb(skb);
2207
2055
return -EIO;
2208
2056
}
2209
2057
2210
-
rp = (struct hci_rp_read_local_version *)skb->data;
2058
+
bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x",
2059
+
rp->hci_ver, le16_to_cpu(rp->hci_rev));
2211
2060
2212
-
bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x; LMP ver=%u subver=%04x; manufacturer=%u",
2213
-
le16_to_cpu(rp->hci_ver), le16_to_cpu(rp->hci_rev),
2214
-
le16_to_cpu(rp->lmp_ver), le16_to_cpu(rp->lmp_subver),
2215
-
le16_to_cpu(rp->manufacturer));
2061
+
bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u",
2062
+
rp->lmp_ver, le16_to_cpu(rp->lmp_subver),
2063
+
le16_to_cpu(rp->manufacturer));
2216
2064
2217
2065
/* Detect a wide host of Chinese controllers that aren't CSR.
2218
2066
*
···
2243
2089
* third-party BT 4.0 dongle reuses it.
2244
2090
*/
2245
2091
else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
2246
-
le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
2092
+
rp->hci_ver > BLUETOOTH_VER_1_1)
2247
2093
is_fake = true;
2248
2094
2249
2095
else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
2250
-
le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
2096
+
rp->hci_ver > BLUETOOTH_VER_1_2)
2251
2097
is_fake = true;
2252
2098
2253
2099
else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
2254
-
le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
2100
+
rp->hci_ver > BLUETOOTH_VER_2_0)
2255
2101
is_fake = true;
2256
2102
2257
2103
else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
2258
-
le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
2104
+
rp->hci_ver > BLUETOOTH_VER_2_1)
2259
2105
is_fake = true;
2260
2106
2261
2107
else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
2262
-
le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
2108
+
rp->hci_ver > BLUETOOTH_VER_4_0)
2263
2109
is_fake = true;
2264
2110
2265
2111
/* Other clones which beat all the above checks */
2266
2112
else if (bcdDevice == 0x0134 &&
2267
2113
le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
2268
-
le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
2114
+
rp->hci_ver == BLUETOOTH_VER_2_0)
2269
2115
is_fake = true;
2270
2116
2271
2117
if (is_fake) {
···
2473
2319
}
2474
2320
2475
2321
return -EILSEQ;
2322
+
}
2323
+
2324
+
static int btusb_setup_realtek(struct hci_dev *hdev)
2325
+
{
2326
+
struct btusb_data *data = hci_get_drvdata(hdev);
2327
+
int ret;
2328
+
2329
+
ret = btrtl_setup_realtek(hdev);
2330
+
2331
+
if (btrealtek_test_flag(data->hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP))
2332
+
set_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags);
2333
+
2334
+
return ret;
2476
2335
}
2477
2336
2478
2337
/* UHW CR mapping */
···
3423
3256
3424
3257
if (ver_rom & ~0xffffU) {
3425
3258
rver_rom_high = le16_to_cpu(rver->rom_version_high);
3426
-
rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3259
+
rver_rom = rver_rom_high << 16 | rver_rom_low;
3427
3260
} else {
3428
3261
rver_rom = rver_rom_low;
3429
3262
}
···
3928
3761
/* Override the rx handlers */
3929
3762
data->recv_event = btusb_recv_event_intel;
3930
3763
data->recv_bulk = btusb_recv_bulk_intel;
3764
+
} else if (id->driver_info & BTUSB_REALTEK) {
3765
+
/* Allocate extra space for Realtek device */
3766
+
priv_size += sizeof(struct btrealtek_data);
3931
3767
}
3932
3768
3933
3769
data->recv_acl = hci_recv_frame;
···
4089
3919
4090
3920
if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
4091
3921
(id->driver_info & BTUSB_REALTEK)) {
4092
-
hdev->setup = btrtl_setup_realtek;
3922
+
hdev->setup = btusb_setup_realtek;
4093
3923
hdev->shutdown = btrtl_shutdown_realtek;
4094
3924
hdev->cmd_timeout = btusb_rtl_cmd_timeout;
4095
3925
···
4173
4003
4174
4004
if (enable_autosuspend)
4175
4005
usb_enable_autosuspend(data->udev);
4006
+
4007
+
data->poll_sync = enable_poll_sync;
4176
4008
4177
4009
err = hci_register_dev(hdev);
4178
4010
if (err < 0)
+12
-1
drivers/bluetooth/hci_bcm.c
+12
-1
drivers/bluetooth/hci_bcm.c
···
53
53
* struct bcm_device_data - device specific data
54
54
* @no_early_set_baudrate: Disallow set baudrate before driver setup()
55
55
* @drive_rts_on_open: drive RTS signal on ->open() when platform requires it
56
+
* @no_uart_clock_set: UART clock set command for >3Mbps mode is unavailable
56
57
* @max_autobaud_speed: max baudrate supported by device in autobaud mode
57
58
*/
58
59
struct bcm_device_data {
59
60
bool no_early_set_baudrate;
60
61
bool drive_rts_on_open;
62
+
bool no_uart_clock_set;
61
63
u32 max_autobaud_speed;
62
64
};
63
65
···
102
100
* @is_suspended: whether flow control is currently disabled
103
101
* @no_early_set_baudrate: don't set_baudrate before setup()
104
102
* @drive_rts_on_open: drive RTS signal on ->open() when platform requires it
103
+
* @no_uart_clock_set: UART clock set command for >3Mbps mode is unavailable
105
104
* @pcm_int_params: keep the initial PCM configuration
106
105
* @use_autobaud_mode: start Bluetooth device in autobaud mode
107
106
* @max_autobaud_speed: max baudrate supported by device in autobaud mode
···
143
140
#endif
144
141
bool no_early_set_baudrate;
145
142
bool drive_rts_on_open;
143
+
bool no_uart_clock_set;
146
144
bool use_autobaud_mode;
147
145
u8 pcm_int_params[5];
148
146
u32 max_autobaud_speed;
···
176
172
static int bcm_set_baudrate(struct hci_uart *hu, unsigned int speed)
177
173
{
178
174
struct hci_dev *hdev = hu->hdev;
175
+
struct bcm_data *bcm = hu->priv;
179
176
struct sk_buff *skb;
180
177
struct bcm_update_uart_baud_rate param;
181
178
182
-
if (speed > 3000000) {
179
+
if (speed > 3000000 && !bcm->dev->no_uart_clock_set) {
183
180
struct bcm_write_uart_clock_setting clock;
184
181
185
182
clock.type = BCM_UART_CLOCK_48MHZ;
···
1534
1529
bcmdev->max_autobaud_speed = data->max_autobaud_speed;
1535
1530
bcmdev->no_early_set_baudrate = data->no_early_set_baudrate;
1536
1531
bcmdev->drive_rts_on_open = data->drive_rts_on_open;
1532
+
bcmdev->no_uart_clock_set = data->no_uart_clock_set;
1537
1533
}
1538
1534
1539
1535
return hci_uart_register_device(&bcmdev->serdev_hu, &bcm_proto);
···
1556
1550
.drive_rts_on_open = true,
1557
1551
};
1558
1552
1553
+
static struct bcm_device_data cyw4373a0_device_data = {
1554
+
.no_uart_clock_set = true,
1555
+
};
1556
+
1559
1557
static struct bcm_device_data cyw55572_device_data = {
1560
1558
.max_autobaud_speed = 921600,
1561
1559
};
···
1576
1566
{ .compatible = "brcm,bcm4349-bt", .data = &bcm43438_device_data },
1577
1567
{ .compatible = "brcm,bcm43540-bt", .data = &bcm4354_device_data },
1578
1568
{ .compatible = "brcm,bcm4335a0" },
1569
+
{ .compatible = "cypress,cyw4373a0-bt", .data = &cyw4373a0_device_data },
1579
1570
{ .compatible = "infineon,cyw55572-bt", .data = &cyw55572_device_data },
1580
1571
{ },
1581
1572
};
+2514
drivers/bluetooth/hci_bcm4377.c
+2514
drivers/bluetooth/hci_bcm4377.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-only OR MIT
2
+
/*
3
+
* Bluetooth HCI driver for Broadcom 4377/4378/4387 devices attached via PCIe
4
+
*
5
+
* Copyright (C) The Asahi Linux Contributors
6
+
*/
7
+
8
+
#include <linux/async.h>
9
+
#include <linux/bitfield.h>
10
+
#include <linux/completion.h>
11
+
#include <linux/dma-mapping.h>
12
+
#include <linux/dmi.h>
13
+
#include <linux/firmware.h>
14
+
#include <linux/module.h>
15
+
#include <linux/msi.h>
16
+
#include <linux/of.h>
17
+
#include <linux/pci.h>
18
+
#include <linux/printk.h>
19
+
20
+
#include <asm/unaligned.h>
21
+
22
+
#include <net/bluetooth/bluetooth.h>
23
+
#include <net/bluetooth/hci_core.h>
24
+
25
+
enum bcm4377_chip {
26
+
BCM4377 = 0,
27
+
BCM4378,
28
+
BCM4387,
29
+
};
30
+
31
+
#define BCM4377_DEVICE_ID 0x5fa0
32
+
#define BCM4378_DEVICE_ID 0x5f69
33
+
#define BCM4387_DEVICE_ID 0x5f71
34
+
35
+
#define BCM4377_TIMEOUT 1000
36
+
37
+
/*
38
+
* These devices only support DMA transactions inside a 32bit window
39
+
* (possibly to avoid 64 bit arithmetic). The window size cannot exceed
40
+
* 0xffffffff but is always aligned down to the previous 0x200 byte boundary
41
+
* which effectively limits the window to [start, start+0xfffffe00].
42
+
* We just limit the DMA window to [0, 0xfffffe00] to make sure we don't
43
+
* run into this limitation.
44
+
*/
45
+
#define BCM4377_DMA_MASK 0xfffffe00
46
+
47
+
#define BCM4377_PCIECFG_BAR0_WINDOW1 0x80
48
+
#define BCM4377_PCIECFG_BAR0_WINDOW2 0x70
49
+
#define BCM4377_PCIECFG_BAR0_CORE2_WINDOW1 0x74
50
+
#define BCM4377_PCIECFG_BAR0_CORE2_WINDOW2 0x78
51
+
#define BCM4377_PCIECFG_BAR2_WINDOW 0x84
52
+
53
+
#define BCM4377_PCIECFG_BAR0_CORE2_WINDOW1_DEFAULT 0x18011000
54
+
#define BCM4377_PCIECFG_BAR2_WINDOW_DEFAULT 0x19000000
55
+
56
+
#define BCM4377_PCIECFG_SUBSYSTEM_CTRL 0x88
57
+
58
+
#define BCM4377_BAR0_FW_DOORBELL 0x140
59
+
#define BCM4377_BAR0_RTI_CONTROL 0x144
60
+
61
+
#define BCM4377_BAR0_SLEEP_CONTROL 0x150
62
+
#define BCM4377_BAR0_SLEEP_CONTROL_UNQUIESCE 0
63
+
#define BCM4377_BAR0_SLEEP_CONTROL_AWAKE 2
64
+
#define BCM4377_BAR0_SLEEP_CONTROL_QUIESCE 3
65
+
66
+
#define BCM4377_BAR0_DOORBELL 0x174
67
+
#define BCM4377_BAR0_DOORBELL_VALUE GENMASK(31, 16)
68
+
#define BCM4377_BAR0_DOORBELL_IDX GENMASK(15, 8)
69
+
#define BCM4377_BAR0_DOORBELL_RING BIT(5)
70
+
71
+
#define BCM4377_BAR0_HOST_WINDOW_LO 0x590
72
+
#define BCM4377_BAR0_HOST_WINDOW_HI 0x594
73
+
#define BCM4377_BAR0_HOST_WINDOW_SIZE 0x598
74
+
75
+
#define BCM4377_BAR2_BOOTSTAGE 0x200454
76
+
77
+
#define BCM4377_BAR2_FW_LO 0x200478
78
+
#define BCM4377_BAR2_FW_HI 0x20047c
79
+
#define BCM4377_BAR2_FW_SIZE 0x200480
80
+
81
+
#define BCM4377_BAR2_CONTEXT_ADDR_LO 0x20048c
82
+
#define BCM4377_BAR2_CONTEXT_ADDR_HI 0x200450
83
+
84
+
#define BCM4377_BAR2_RTI_STATUS 0x20045c
85
+
#define BCM4377_BAR2_RTI_WINDOW_LO 0x200494
86
+
#define BCM4377_BAR2_RTI_WINDOW_HI 0x200498
87
+
#define BCM4377_BAR2_RTI_WINDOW_SIZE 0x20049c
88
+
89
+
#define BCM4377_OTP_SIZE 0xe0
90
+
#define BCM4377_OTP_SYS_VENDOR 0x15
91
+
#define BCM4377_OTP_CIS 0x80
92
+
#define BCM4377_OTP_VENDOR_HDR 0x00000008
93
+
#define BCM4377_OTP_MAX_PARAM_LEN 16
94
+
95
+
#define BCM4377_N_TRANSFER_RINGS 9
96
+
#define BCM4377_N_COMPLETION_RINGS 6
97
+
98
+
#define BCM4377_MAX_RING_SIZE 256
99
+
100
+
#define BCM4377_MSGID_GENERATION GENMASK(15, 8)
101
+
#define BCM4377_MSGID_ID GENMASK(7, 0)
102
+
103
+
#define BCM4377_RING_N_ENTRIES 128
104
+
105
+
#define BCM4377_CONTROL_MSG_SIZE 0x34
106
+
#define BCM4377_XFER_RING_MAX_INPLACE_PAYLOAD_SIZE (4 * 0xff)
107
+
108
+
#define MAX_ACL_PAYLOAD_SIZE (HCI_MAX_FRAME_SIZE + HCI_ACL_HDR_SIZE)
109
+
#define MAX_SCO_PAYLOAD_SIZE (HCI_MAX_SCO_SIZE + HCI_SCO_HDR_SIZE)
110
+
#define MAX_EVENT_PAYLOAD_SIZE (HCI_MAX_EVENT_SIZE + HCI_EVENT_HDR_SIZE)
111
+
112
+
enum bcm4377_otp_params_type {
113
+
BCM4377_OTP_BOARD_PARAMS,
114
+
BCM4377_OTP_CHIP_PARAMS
115
+
};
116
+
117
+
enum bcm4377_transfer_ring_id {
118
+
BCM4377_XFER_RING_CONTROL = 0,
119
+
BCM4377_XFER_RING_HCI_H2D = 1,
120
+
BCM4377_XFER_RING_HCI_D2H = 2,
121
+
BCM4377_XFER_RING_SCO_H2D = 3,
122
+
BCM4377_XFER_RING_SCO_D2H = 4,
123
+
BCM4377_XFER_RING_ACL_H2D = 5,
124
+
BCM4377_XFER_RING_ACL_D2H = 6,
125
+
};
126
+
127
+
enum bcm4377_completion_ring_id {
128
+
BCM4377_ACK_RING_CONTROL = 0,
129
+
BCM4377_ACK_RING_HCI_ACL = 1,
130
+
BCM4377_EVENT_RING_HCI_ACL = 2,
131
+
BCM4377_ACK_RING_SCO = 3,
132
+
BCM4377_EVENT_RING_SCO = 4,
133
+
};
134
+
135
+
enum bcm4377_doorbell {
136
+
BCM4377_DOORBELL_CONTROL = 0,
137
+
BCM4377_DOORBELL_HCI_H2D = 1,
138
+
BCM4377_DOORBELL_HCI_D2H = 2,
139
+
BCM4377_DOORBELL_ACL_H2D = 3,
140
+
BCM4377_DOORBELL_ACL_D2H = 4,
141
+
BCM4377_DOORBELL_SCO = 6,
142
+
};
143
+
144
+
/*
145
+
* Transfer ring entry
146
+
*
147
+
* flags: Flags to indicate if the payload is appended or mapped
148
+
* len: Payload length
149
+
* payload: Optional payload DMA address
150
+
* id: Message id to recognize the answer in the completion ring entry
151
+
*/
152
+
struct bcm4377_xfer_ring_entry {
153
+
#define BCM4377_XFER_RING_FLAG_PAYLOAD_MAPPED BIT(0)
154
+
#define BCM4377_XFER_RING_FLAG_PAYLOAD_IN_FOOTER BIT(1)
155
+
u8 flags;
156
+
__le16 len;
157
+
u8 _unk0;
158
+
__le64 payload;
159
+
__le16 id;
160
+
u8 _unk1[2];
161
+
} __packed;
162
+
static_assert(sizeof(struct bcm4377_xfer_ring_entry) == 0x10);
163
+
164
+
/*
165
+
* Completion ring entry
166
+
*
167
+
* flags: Flags to indicate if the payload is appended or mapped. If the payload
168
+
* is mapped it can be found in the buffer of the corresponding transfer
169
+
* ring message.
170
+
* ring_id: Transfer ring ID which required this message
171
+
* msg_id: Message ID specified in transfer ring entry
172
+
* len: Payload length
173
+
*/
174
+
struct bcm4377_completion_ring_entry {
175
+
u8 flags;
176
+
u8 _unk0;
177
+
__le16 ring_id;
178
+
__le16 msg_id;
179
+
__le32 len;
180
+
u8 _unk1[6];
181
+
} __packed;
182
+
static_assert(sizeof(struct bcm4377_completion_ring_entry) == 0x10);
183
+
184
+
enum bcm4377_control_message_type {
185
+
BCM4377_CONTROL_MSG_CREATE_XFER_RING = 1,
186
+
BCM4377_CONTROL_MSG_CREATE_COMPLETION_RING = 2,
187
+
BCM4377_CONTROL_MSG_DESTROY_XFER_RING = 3,
188
+
BCM4377_CONTROL_MSG_DESTROY_COMPLETION_RING = 4,
189
+
};
190
+
191
+
/*
192
+
* Control message used to create a completion ring
193
+
*
194
+
* msg_type: Must be BCM4377_CONTROL_MSG_CREATE_COMPLETION_RING
195
+
* header_size: Unknown, but probably reserved space in front of the entry
196
+
* footer_size: Number of 32 bit words reserved for payloads after the entry
197
+
* id/id_again: Completion ring index
198
+
* ring_iova: DMA address of the ring buffer
199
+
* n_elements: Number of elements inside the ring buffer
200
+
* msi: MSI index, doesn't work for all rings though and should be zero
201
+
* intmod_delay: Unknown delay
202
+
* intmod_bytes: Unknown
203
+
*/
204
+
struct bcm4377_create_completion_ring_msg {
205
+
u8 msg_type;
206
+
u8 header_size;
207
+
u8 footer_size;
208
+
u8 _unk0;
209
+
__le16 id;
210
+
__le16 id_again;
211
+
__le64 ring_iova;
212
+
__le16 n_elements;
213
+
__le32 unk;
214
+
u8 _unk1[6];
215
+
__le16 msi;
216
+
__le16 intmod_delay;
217
+
__le32 intmod_bytes;
218
+
__le16 _unk2;
219
+
__le32 _unk3;
220
+
u8 _unk4[10];
221
+
} __packed;
222
+
static_assert(sizeof(struct bcm4377_create_completion_ring_msg) ==
223
+
BCM4377_CONTROL_MSG_SIZE);
224
+
225
+
/*
226
+
* Control ring message used to destroy a completion ring
227
+
*
228
+
* msg_type: Must be BCM4377_CONTROL_MSG_DESTROY_COMPLETION_RING
229
+
* ring_id: Completion ring to be destroyed
230
+
*/
231
+
struct bcm4377_destroy_completion_ring_msg {
232
+
u8 msg_type;
233
+
u8 _pad0;
234
+
__le16 ring_id;
235
+
u8 _pad1[48];
236
+
} __packed;
237
+
static_assert(sizeof(struct bcm4377_destroy_completion_ring_msg) ==
238
+
BCM4377_CONTROL_MSG_SIZE);
239
+
240
+
/*
241
+
* Control message used to create a transfer ring
242
+
*
243
+
* msg_type: Must be BCM4377_CONTROL_MSG_CREATE_XFER_RING
244
+
* header_size: Number of 32 bit words reserved for unknown content before the
245
+
* entry
246
+
* footer_size: Number of 32 bit words reserved for payloads after the entry
247
+
* ring_id/ring_id_again: Transfer ring index
248
+
* ring_iova: DMA address of the ring buffer
249
+
* n_elements: Number of elements inside the ring buffer
250
+
* completion_ring_id: Completion ring index for acknowledgements and events
251
+
* doorbell: Doorbell index used to notify device of new entries
252
+
* flags: Transfer ring flags
253
+
* - virtual: set if there is no associated shared memory and only the
254
+
* corresponding completion ring is used
255
+
* - sync: only set for the SCO rings
256
+
*/
257
+
struct bcm4377_create_transfer_ring_msg {
258
+
u8 msg_type;
259
+
u8 header_size;
260
+
u8 footer_size;
261
+
u8 _unk0;
262
+
__le16 ring_id;
263
+
__le16 ring_id_again;
264
+
__le64 ring_iova;
265
+
u8 _unk1[8];
266
+
__le16 n_elements;
267
+
__le16 completion_ring_id;
268
+
__le16 doorbell;
269
+
#define BCM4377_XFER_RING_FLAG_VIRTUAL BIT(7)
270
+
#define BCM4377_XFER_RING_FLAG_SYNC BIT(8)
271
+
__le16 flags;
272
+
u8 _unk2[20];
273
+
} __packed;
274
+
static_assert(sizeof(struct bcm4377_create_transfer_ring_msg) ==
275
+
BCM4377_CONTROL_MSG_SIZE);
276
+
277
+
/*
278
+
* Control ring message used to destroy a transfer ring
279
+
*
280
+
* msg_type: Must be BCM4377_CONTROL_MSG_DESTROY_XFER_RING
281
+
* ring_id: Transfer ring to be destroyed
282
+
*/
283
+
struct bcm4377_destroy_transfer_ring_msg {
284
+
u8 msg_type;
285
+
u8 _pad0;
286
+
__le16 ring_id;
287
+
u8 _pad1[48];
288
+
} __packed;
289
+
static_assert(sizeof(struct bcm4377_destroy_transfer_ring_msg) ==
290
+
BCM4377_CONTROL_MSG_SIZE);
291
+
292
+
/*
293
+
* "Converged IPC" context struct used to make the device aware of all other
294
+
* shared memory structures. A pointer to this structure is configured inside a
295
+
* MMIO register.
296
+
*
297
+
* version: Protocol version, must be 2.
298
+
* size: Size of this structure, must be 0x68.
299
+
* enabled_caps: Enabled capabilities. Unknown bitfield but should be 2.
300
+
* peripheral_info_addr: DMA address for a 0x20 buffer to which the device will
301
+
* write unknown contents
302
+
* {completion,xfer}_ring_{tails,heads}_addr: DMA pointers to ring heads/tails
303
+
* n_completion_rings: Number of completion rings, the firmware only works if
304
+
* this is set to BCM4377_N_COMPLETION_RINGS.
305
+
* n_xfer_rings: Number of transfer rings, the firmware only works if
306
+
* this is set to BCM4377_N_TRANSFER_RINGS.
307
+
* control_completion_ring_addr: Control completion ring buffer DMA address
308
+
* control_xfer_ring_addr: Control transfer ring buffer DMA address
309
+
* control_xfer_ring_n_entries: Number of control transfer ring entries
310
+
* control_completion_ring_n_entries: Number of control completion ring entries
311
+
* control_xfer_ring_doorbell: Control transfer ring doorbell
312
+
* control_completion_ring_doorbell: Control completion ring doorbell,
313
+
* must be set to 0xffff
314
+
* control_xfer_ring_msi: Control completion ring MSI index, must be 0
315
+
* control_completion_ring_msi: Control completion ring MSI index, must be 0.
316
+
* control_xfer_ring_header_size: Number of 32 bit words reserved in front of
317
+
* every control transfer ring entry
318
+
* control_xfer_ring_footer_size: Number of 32 bit words reserved after every
319
+
* control transfer ring entry
320
+
* control_completion_ring_header_size: Number of 32 bit words reserved in front
321
+
* of every control completion ring entry
322
+
* control_completion_ring_footer_size: Number of 32 bit words reserved after
323
+
* every control completion ring entry
324
+
* scratch_pad: Optional scratch pad DMA address
325
+
* scratch_pad_size: Scratch pad size
326
+
*/
327
+
struct bcm4377_context {
328
+
__le16 version;
329
+
__le16 size;
330
+
__le32 enabled_caps;
331
+
332
+
__le64 peripheral_info_addr;
333
+
334
+
/* ring heads and tails */
335
+
__le64 completion_ring_heads_addr;
336
+
__le64 xfer_ring_tails_addr;
337
+
__le64 completion_ring_tails_addr;
338
+
__le64 xfer_ring_heads_addr;
339
+
__le16 n_completion_rings;
340
+
__le16 n_xfer_rings;
341
+
342
+
/* control ring configuration */
343
+
__le64 control_completion_ring_addr;
344
+
__le64 control_xfer_ring_addr;
345
+
__le16 control_xfer_ring_n_entries;
346
+
__le16 control_completion_ring_n_entries;
347
+
__le16 control_xfer_ring_doorbell;
348
+
__le16 control_completion_ring_doorbell;
349
+
__le16 control_xfer_ring_msi;
350
+
__le16 control_completion_ring_msi;
351
+
u8 control_xfer_ring_header_size;
352
+
u8 control_xfer_ring_footer_size;
353
+
u8 control_completion_ring_header_size;
354
+
u8 control_completion_ring_footer_size;
355
+
356
+
__le16 _unk0;
357
+
__le16 _unk1;
358
+
359
+
__le64 scratch_pad;
360
+
__le32 scratch_pad_size;
361
+
362
+
__le32 _unk3;
363
+
} __packed;
364
+
static_assert(sizeof(struct bcm4377_context) == 0x68);
365
+
366
+
#define BCM4378_CALIBRATION_CHUNK_SIZE 0xe6
367
+
struct bcm4378_hci_send_calibration_cmd {
368
+
u8 unk;
369
+
__le16 blocks_left;
370
+
u8 data[BCM4378_CALIBRATION_CHUNK_SIZE];
371
+
} __packed;
372
+
373
+
#define BCM4378_PTB_CHUNK_SIZE 0xcf
374
+
struct bcm4378_hci_send_ptb_cmd {
375
+
__le16 blocks_left;
376
+
u8 data[BCM4378_PTB_CHUNK_SIZE];
377
+
} __packed;
378
+
379
+
/*
380
+
* Shared memory structure used to store the ring head and tail pointers.
381
+
*/
382
+
struct bcm4377_ring_state {
383
+
__le16 completion_ring_head[BCM4377_N_COMPLETION_RINGS];
384
+
__le16 completion_ring_tail[BCM4377_N_COMPLETION_RINGS];
385
+
__le16 xfer_ring_head[BCM4377_N_TRANSFER_RINGS];
386
+
__le16 xfer_ring_tail[BCM4377_N_TRANSFER_RINGS];
387
+
};
388
+
389
+
/*
390
+
* A transfer ring can be used in two configurations:
391
+
* 1) Send control or HCI messages to the device which are then acknowledged
392
+
* in the corresponding completion ring
393
+
* 2) Receiving HCI frames from the devices. In this case the transfer ring
394
+
* itself contains empty messages that are acknowledged once data is
395
+
* available from the device. If the payloads fit inside the footers
396
+
* of the completion ring the transfer ring can be configured to be
397
+
* virtual such that it has no ring buffer.
398
+
*
399
+
* ring_id: ring index hardcoded in the firmware
400
+
* doorbell: doorbell index to notify device of new entries
401
+
* payload_size: optional in-place payload size
402
+
* mapped_payload_size: optional out-of-place payload size
403
+
* completion_ring: index of corresponding completion ring
404
+
* n_entries: number of entries inside this ring
405
+
* generation: ring generation; incremented on hci_open to detect stale messages
406
+
* sync: set to true for SCO rings
407
+
* virtual: set to true if this ring has no entries and is just required to
408
+
* setup a corresponding completion ring for device->host messages
409
+
* d2h_buffers_only: set to true if this ring is only used to provide large
410
+
* buffers used by device->host messages in the completion
411
+
* ring
412
+
* allow_wait: allow to wait for messages to be acknowledged
413
+
* enabled: true once the ring has been created and can be used
414
+
* ring: ring buffer for entries (struct bcm4377_xfer_ring_entry)
415
+
* ring_dma: DMA address for ring entry buffer
416
+
* payloads: payload buffer for mapped_payload_size payloads
417
+
* payloads_dma:DMA address for payload buffer
418
+
* events: pointer to array of completions if waiting is allowed
419
+
* msgids: bitmap to keep track of used message ids
420
+
* lock: Spinlock to protect access to ring structurs used in the irq handler
421
+
*/
422
+
struct bcm4377_transfer_ring {
423
+
enum bcm4377_transfer_ring_id ring_id;
424
+
enum bcm4377_doorbell doorbell;
425
+
size_t payload_size;
426
+
size_t mapped_payload_size;
427
+
u8 completion_ring;
428
+
u16 n_entries;
429
+
u8 generation;
430
+
431
+
bool sync;
432
+
bool virtual;
433
+
bool d2h_buffers_only;
434
+
bool allow_wait;
435
+
bool enabled;
436
+
437
+
void *ring;
438
+
dma_addr_t ring_dma;
439
+
440
+
void *payloads;
441
+
dma_addr_t payloads_dma;
442
+
443
+
struct completion **events;
444
+
DECLARE_BITMAP(msgids, BCM4377_MAX_RING_SIZE);
445
+
spinlock_t lock;
446
+
};
447
+
448
+
/*
449
+
* A completion ring can be either used to either acknowledge messages sent in
450
+
* the corresponding transfer ring or to receive messages associated with the
451
+
* transfer ring. When used to receive messages the transfer ring either
452
+
* has no ring buffer and is only advanced ("virtual transfer ring") or it
453
+
* only contains empty DMA buffers to be used for the payloads.
454
+
*
455
+
* ring_id: completion ring id, hardcoded in firmware
456
+
* payload_size: optional payload size after each entry
457
+
* delay: unknown delay
458
+
* n_entries: number of entries in this ring
459
+
* enabled: true once the ring has been created and can be used
460
+
* ring: ring buffer for entries (struct bcm4377_completion_ring_entry)
461
+
* ring_dma: DMA address of ring buffer
462
+
* transfer_rings: bitmap of corresponding transfer ring ids
463
+
*/
464
+
struct bcm4377_completion_ring {
465
+
enum bcm4377_completion_ring_id ring_id;
466
+
u16 payload_size;
467
+
u16 delay;
468
+
u16 n_entries;
469
+
bool enabled;
470
+
471
+
void *ring;
472
+
dma_addr_t ring_dma;
473
+
474
+
unsigned long transfer_rings;
475
+
};
476
+
477
+
struct bcm4377_data;
478
+
479
+
/*
480
+
* Chip-specific configuration struct
481
+
*
482
+
* id: Chip id (e.g. 0x4377 for BCM4377)
483
+
* otp_offset: Offset to the start of the OTP inside BAR0
484
+
* bar0_window1: Backplane address mapped to the first window in BAR0
485
+
* bar0_window2: Backplane address mapped to the second window in BAR0
486
+
* bar0_core2_window2: Optional backplane address mapped to the second core's
487
+
* second window in BAR0
488
+
* has_bar0_core2_window2: Set to true if this chip requires the second core's
489
+
* second window to be configured
490
+
* clear_pciecfg_subsystem_ctrl_bit19: Set to true if bit 19 in the
491
+
* vendor-specific subsystem control
492
+
* register has to be cleared
493
+
* disable_aspm: Set to true if ASPM must be disabled due to hardware errata
494
+
* broken_ext_scan: Set to true if the chip erroneously claims to support
495
+
* extended scanning
496
+
* broken_mws_transport_config: Set to true if the chip erroneously claims to
497
+
* support MWS Transport Configuration
498
+
* send_calibration: Optional callback to send calibration data
499
+
* send_ptb: Callback to send "PTB" regulatory/calibration data
500
+
*/
501
+
struct bcm4377_hw {
502
+
unsigned int id;
503
+
504
+
u32 otp_offset;
505
+
506
+
u32 bar0_window1;
507
+
u32 bar0_window2;
508
+
u32 bar0_core2_window2;
509
+
510
+
unsigned long has_bar0_core2_window2 : 1;
511
+
unsigned long clear_pciecfg_subsystem_ctrl_bit19 : 1;
512
+
unsigned long disable_aspm : 1;
513
+
unsigned long broken_ext_scan : 1;
514
+
unsigned long broken_mws_transport_config : 1;
515
+
516
+
int (*send_calibration)(struct bcm4377_data *bcm4377);
517
+
int (*send_ptb)(struct bcm4377_data *bcm4377,
518
+
const struct firmware *fw);
519
+
};
520
+
521
+
static const struct bcm4377_hw bcm4377_hw_variants[];
522
+
static const struct dmi_system_id bcm4377_dmi_board_table[];
523
+
524
+
/*
525
+
* Private struct associated with each device containing global state
526
+
*
527
+
* pdev: Pointer to associated struct pci_dev
528
+
* hdev: Pointer to associated strucy hci_dev
529
+
* bar0: iomem pointing to BAR0
530
+
* bar1: iomem pointing to BAR2
531
+
* bootstage: Current value of the bootstage
532
+
* rti_status: Current "RTI" status value
533
+
* hw: Pointer to chip-specific struct bcm4377_hw
534
+
* taurus_cal_blob: "Taurus" calibration blob used for some chips
535
+
* taurus_cal_size: "Taurus" calibration blob size
536
+
* taurus_beamforming_cal_blob: "Taurus" beamforming calibration blob used for
537
+
* some chips
538
+
* taurus_beamforming_cal_size: "Taurus" beamforming calibration blob size
539
+
* stepping: Chip stepping read from OTP; used for firmware selection
540
+
* vendor: Antenna vendor read from OTP; used for firmware selection
541
+
* board_type: Board type from FDT or DMI match; used for firmware selection
542
+
* event: Event for changed bootstage or rti_status; used for booting firmware
543
+
* ctx: "Converged IPC" context
544
+
* ctx_dma: "Converged IPC" context DMA address
545
+
* ring_state: Shared memory buffer containing ring head and tail indexes
546
+
* ring_state_dma: DMA address for ring_state
547
+
* {control,hci_acl,sco}_ack_ring: Completion rings used to acknowledge messages
548
+
* {hci_acl,sco}_event_ring: Completion rings used for device->host messages
549
+
* control_h2d_ring: Transfer ring used for control messages
550
+
* {hci,sco,acl}_h2d_ring: Transfer ring used to transfer HCI frames
551
+
* {hci,sco,acl}_d2h_ring: Transfer ring used to receive HCI frames in the
552
+
* corresponding completion ring
553
+
*/
554
+
struct bcm4377_data {
555
+
struct pci_dev *pdev;
556
+
struct hci_dev *hdev;
557
+
558
+
void __iomem *bar0;
559
+
void __iomem *bar2;
560
+
561
+
u32 bootstage;
562
+
u32 rti_status;
563
+
564
+
const struct bcm4377_hw *hw;
565
+
566
+
const void *taurus_cal_blob;
567
+
int taurus_cal_size;
568
+
const void *taurus_beamforming_cal_blob;
569
+
int taurus_beamforming_cal_size;
570
+
571
+
char stepping[BCM4377_OTP_MAX_PARAM_LEN];
572
+
char vendor[BCM4377_OTP_MAX_PARAM_LEN];
573
+
const char *board_type;
574
+
575
+
struct completion event;
576
+
577
+
struct bcm4377_context *ctx;
578
+
dma_addr_t ctx_dma;
579
+
580
+
struct bcm4377_ring_state *ring_state;
581
+
dma_addr_t ring_state_dma;
582
+
583
+
/*
584
+
* The HCI and ACL rings have to be merged because this structure is
585
+
* hardcoded in the firmware.
586
+
*/
587
+
struct bcm4377_completion_ring control_ack_ring;
588
+
struct bcm4377_completion_ring hci_acl_ack_ring;
589
+
struct bcm4377_completion_ring hci_acl_event_ring;
590
+
struct bcm4377_completion_ring sco_ack_ring;
591
+
struct bcm4377_completion_ring sco_event_ring;
592
+
593
+
struct bcm4377_transfer_ring control_h2d_ring;
594
+
struct bcm4377_transfer_ring hci_h2d_ring;
595
+
struct bcm4377_transfer_ring hci_d2h_ring;
596
+
struct bcm4377_transfer_ring sco_h2d_ring;
597
+
struct bcm4377_transfer_ring sco_d2h_ring;
598
+
struct bcm4377_transfer_ring acl_h2d_ring;
599
+
struct bcm4377_transfer_ring acl_d2h_ring;
600
+
};
601
+
602
+
static void bcm4377_ring_doorbell(struct bcm4377_data *bcm4377, u8 doorbell,
603
+
u16 val)
604
+
{
605
+
u32 db = 0;
606
+
607
+
db |= FIELD_PREP(BCM4377_BAR0_DOORBELL_VALUE, val);
608
+
db |= FIELD_PREP(BCM4377_BAR0_DOORBELL_IDX, doorbell);
609
+
db |= BCM4377_BAR0_DOORBELL_RING;
610
+
611
+
dev_dbg(&bcm4377->pdev->dev, "write %d to doorbell #%d (0x%x)\n", val,
612
+
doorbell, db);
613
+
iowrite32(db, bcm4377->bar0 + BCM4377_BAR0_DOORBELL);
614
+
}
615
+
616
+
static int bcm4377_extract_msgid(struct bcm4377_data *bcm4377,
617
+
struct bcm4377_transfer_ring *ring,
618
+
u16 raw_msgid, u8 *msgid)
619
+
{
620
+
u8 generation = FIELD_GET(BCM4377_MSGID_GENERATION, raw_msgid);
621
+
*msgid = FIELD_GET(BCM4377_MSGID_ID, raw_msgid);
622
+
623
+
if (generation != ring->generation) {
624
+
dev_warn(
625
+
&bcm4377->pdev->dev,
626
+
"invalid message generation %d should be %d in entry for ring %d\n",
627
+
generation, ring->generation, ring->ring_id);
628
+
return -EINVAL;
629
+
}
630
+
631
+
if (*msgid >= ring->n_entries) {
632
+
dev_warn(&bcm4377->pdev->dev,
633
+
"invalid message id in entry for ring %d: %d > %d\n",
634
+
ring->ring_id, *msgid, ring->n_entries);
635
+
return -EINVAL;
636
+
}
637
+
638
+
return 0;
639
+
}
640
+
641
+
static void bcm4377_handle_event(struct bcm4377_data *bcm4377,
642
+
struct bcm4377_transfer_ring *ring,
643
+
u16 raw_msgid, u8 entry_flags, u8 type,
644
+
void *payload, size_t len)
645
+
{
646
+
struct sk_buff *skb;
647
+
u16 head;
648
+
u8 msgid;
649
+
unsigned long flags;
650
+
651
+
spin_lock_irqsave(&ring->lock, flags);
652
+
if (!ring->enabled) {
653
+
dev_warn(&bcm4377->pdev->dev,
654
+
"event for disabled transfer ring %d\n",
655
+
ring->ring_id);
656
+
goto out;
657
+
}
658
+
659
+
if (ring->d2h_buffers_only &&
660
+
entry_flags & BCM4377_XFER_RING_FLAG_PAYLOAD_MAPPED) {
661
+
if (bcm4377_extract_msgid(bcm4377, ring, raw_msgid, &msgid))
662
+
goto out;
663
+
664
+
if (len > ring->mapped_payload_size) {
665
+
dev_warn(
666
+
&bcm4377->pdev->dev,
667
+
"invalid payload len in event for ring %d: %zu > %zu\n",
668
+
ring->ring_id, len, ring->mapped_payload_size);
669
+
goto out;
670
+
}
671
+
672
+
payload = ring->payloads + msgid * ring->mapped_payload_size;
673
+
}
674
+
675
+
skb = bt_skb_alloc(len, GFP_ATOMIC);
676
+
if (!skb)
677
+
goto out;
678
+
679
+
memcpy(skb_put(skb, len), payload, len);
680
+
hci_skb_pkt_type(skb) = type;
681
+
hci_recv_frame(bcm4377->hdev, skb);
682
+
683
+
out:
684
+
head = le16_to_cpu(bcm4377->ring_state->xfer_ring_head[ring->ring_id]);
685
+
head = (head + 1) % ring->n_entries;
686
+
bcm4377->ring_state->xfer_ring_head[ring->ring_id] = cpu_to_le16(head);
687
+
688
+
bcm4377_ring_doorbell(bcm4377, ring->doorbell, head);
689
+
690
+
spin_unlock_irqrestore(&ring->lock, flags);
691
+
}
692
+
693
+
static void bcm4377_handle_ack(struct bcm4377_data *bcm4377,
694
+
struct bcm4377_transfer_ring *ring,
695
+
u16 raw_msgid)
696
+
{
697
+
unsigned long flags;
698
+
u8 msgid;
699
+
700
+
spin_lock_irqsave(&ring->lock, flags);
701
+
702
+
if (bcm4377_extract_msgid(bcm4377, ring, raw_msgid, &msgid))
703
+
goto unlock;
704
+
705
+
if (!test_bit(msgid, ring->msgids)) {
706
+
dev_warn(
707
+
&bcm4377->pdev->dev,
708
+
"invalid message id in ack for ring %d: %d is not used\n",
709
+
ring->ring_id, msgid);
710
+
goto unlock;
711
+
}
712
+
713
+
if (ring->allow_wait && ring->events[msgid]) {
714
+
complete(ring->events[msgid]);
715
+
ring->events[msgid] = NULL;
716
+
}
717
+
718
+
bitmap_release_region(ring->msgids, msgid, ring->n_entries);
719
+
720
+
unlock:
721
+
spin_unlock_irqrestore(&ring->lock, flags);
722
+
}
723
+
724
+
static void bcm4377_handle_completion(struct bcm4377_data *bcm4377,
725
+
struct bcm4377_completion_ring *ring,
726
+
u16 pos)
727
+
{
728
+
struct bcm4377_completion_ring_entry *entry;
729
+
u16 msg_id, transfer_ring;
730
+
size_t entry_size, data_len;
731
+
void *data;
732
+
733
+
if (pos >= ring->n_entries) {
734
+
dev_warn(&bcm4377->pdev->dev,
735
+
"invalid offset %d for completion ring %d\n", pos,
736
+
ring->ring_id);
737
+
return;
738
+
}
739
+
740
+
entry_size = sizeof(*entry) + ring->payload_size;
741
+
entry = ring->ring + pos * entry_size;
742
+
data = ring->ring + pos * entry_size + sizeof(*entry);
743
+
data_len = le32_to_cpu(entry->len);
744
+
msg_id = le16_to_cpu(entry->msg_id);
745
+
transfer_ring = le16_to_cpu(entry->ring_id);
746
+
747
+
if ((ring->transfer_rings & BIT(transfer_ring)) == 0) {
748
+
dev_warn(
749
+
&bcm4377->pdev->dev,
750
+
"invalid entry at offset %d for transfer ring %d in completion ring %d\n",
751
+
pos, transfer_ring, ring->ring_id);
752
+
return;
753
+
}
754
+
755
+
dev_dbg(&bcm4377->pdev->dev,
756
+
"entry in completion ring %d for transfer ring %d with msg_id %d\n",
757
+
ring->ring_id, transfer_ring, msg_id);
758
+
759
+
switch (transfer_ring) {
760
+
case BCM4377_XFER_RING_CONTROL:
761
+
bcm4377_handle_ack(bcm4377, &bcm4377->control_h2d_ring, msg_id);
762
+
break;
763
+
case BCM4377_XFER_RING_HCI_H2D:
764
+
bcm4377_handle_ack(bcm4377, &bcm4377->hci_h2d_ring, msg_id);
765
+
break;
766
+
case BCM4377_XFER_RING_SCO_H2D:
767
+
bcm4377_handle_ack(bcm4377, &bcm4377->sco_h2d_ring, msg_id);
768
+
break;
769
+
case BCM4377_XFER_RING_ACL_H2D:
770
+
bcm4377_handle_ack(bcm4377, &bcm4377->acl_h2d_ring, msg_id);
771
+
break;
772
+
773
+
case BCM4377_XFER_RING_HCI_D2H:
774
+
bcm4377_handle_event(bcm4377, &bcm4377->hci_d2h_ring, msg_id,
775
+
entry->flags, HCI_EVENT_PKT, data,
776
+
data_len);
777
+
break;
778
+
case BCM4377_XFER_RING_SCO_D2H:
779
+
bcm4377_handle_event(bcm4377, &bcm4377->sco_d2h_ring, msg_id,
780
+
entry->flags, HCI_SCODATA_PKT, data,
781
+
data_len);
782
+
break;
783
+
case BCM4377_XFER_RING_ACL_D2H:
784
+
bcm4377_handle_event(bcm4377, &bcm4377->acl_d2h_ring, msg_id,
785
+
entry->flags, HCI_ACLDATA_PKT, data,
786
+
data_len);
787
+
break;
788
+
789
+
default:
790
+
dev_warn(
791
+
&bcm4377->pdev->dev,
792
+
"entry in completion ring %d for unknown transfer ring %d with msg_id %d\n",
793
+
ring->ring_id, transfer_ring, msg_id);
794
+
}
795
+
}
796
+
797
+
static void bcm4377_poll_completion_ring(struct bcm4377_data *bcm4377,
798
+
struct bcm4377_completion_ring *ring)
799
+
{
800
+
u16 tail;
801
+
__le16 *heads = bcm4377->ring_state->completion_ring_head;
802
+
__le16 *tails = bcm4377->ring_state->completion_ring_tail;
803
+
804
+
if (!ring->enabled)
805
+
return;
806
+
807
+
tail = le16_to_cpu(tails[ring->ring_id]);
808
+
dev_dbg(&bcm4377->pdev->dev,
809
+
"completion ring #%d: head: %d, tail: %d\n", ring->ring_id,
810
+
le16_to_cpu(heads[ring->ring_id]), tail);
811
+
812
+
while (tail != le16_to_cpu(READ_ONCE(heads[ring->ring_id]))) {
813
+
/*
814
+
* ensure the CPU doesn't speculate through the comparison.
815
+
* otherwise it might already read the (empty) queue entry
816
+
* before the updated head has been loaded and checked.
817
+
*/
818
+
dma_rmb();
819
+
820
+
bcm4377_handle_completion(bcm4377, ring, tail);
821
+
822
+
tail = (tail + 1) % ring->n_entries;
823
+
tails[ring->ring_id] = cpu_to_le16(tail);
824
+
}
825
+
}
826
+
827
+
static irqreturn_t bcm4377_irq(int irq, void *data)
828
+
{
829
+
struct bcm4377_data *bcm4377 = data;
830
+
u32 bootstage, rti_status;
831
+
832
+
bootstage = ioread32(bcm4377->bar2 + BCM4377_BAR2_BOOTSTAGE);
833
+
rti_status = ioread32(bcm4377->bar2 + BCM4377_BAR2_RTI_STATUS);
834
+
835
+
if (bootstage != bcm4377->bootstage ||
836
+
rti_status != bcm4377->rti_status) {
837
+
dev_dbg(&bcm4377->pdev->dev,
838
+
"bootstage = %d -> %d, rti state = %d -> %d\n",
839
+
bcm4377->bootstage, bootstage, bcm4377->rti_status,
840
+
rti_status);
841
+
complete(&bcm4377->event);
842
+
bcm4377->bootstage = bootstage;
843
+
bcm4377->rti_status = rti_status;
844
+
}
845
+
846
+
if (rti_status > 2)
847
+
dev_err(&bcm4377->pdev->dev, "RTI status is %d\n", rti_status);
848
+
849
+
bcm4377_poll_completion_ring(bcm4377, &bcm4377->control_ack_ring);
850
+
bcm4377_poll_completion_ring(bcm4377, &bcm4377->hci_acl_event_ring);
851
+
bcm4377_poll_completion_ring(bcm4377, &bcm4377->hci_acl_ack_ring);
852
+
bcm4377_poll_completion_ring(bcm4377, &bcm4377->sco_ack_ring);
853
+
bcm4377_poll_completion_ring(bcm4377, &bcm4377->sco_event_ring);
854
+
855
+
return IRQ_HANDLED;
856
+
}
857
+
858
+
static int bcm4377_enqueue(struct bcm4377_data *bcm4377,
859
+
struct bcm4377_transfer_ring *ring, void *data,
860
+
size_t len, bool wait)
861
+
{
862
+
unsigned long flags;
863
+
struct bcm4377_xfer_ring_entry *entry;
864
+
void *payload;
865
+
size_t offset;
866
+
u16 head, tail, new_head;
867
+
u16 raw_msgid;
868
+
int ret, msgid;
869
+
DECLARE_COMPLETION_ONSTACK(event);
870
+
871
+
if (len > ring->payload_size && len > ring->mapped_payload_size) {
872
+
dev_warn(
873
+
&bcm4377->pdev->dev,
874
+
"payload len %zu is too large for ring %d (max is %zu or %zu)\n",
875
+
len, ring->ring_id, ring->payload_size,
876
+
ring->mapped_payload_size);
877
+
return -EINVAL;
878
+
}
879
+
if (wait && !ring->allow_wait)
880
+
return -EINVAL;
881
+
if (ring->virtual)
882
+
return -EINVAL;
883
+
884
+
spin_lock_irqsave(&ring->lock, flags);
885
+
886
+
head = le16_to_cpu(bcm4377->ring_state->xfer_ring_head[ring->ring_id]);
887
+
tail = le16_to_cpu(bcm4377->ring_state->xfer_ring_tail[ring->ring_id]);
888
+
889
+
new_head = (head + 1) % ring->n_entries;
890
+
891
+
if (new_head == tail) {
892
+
dev_warn(&bcm4377->pdev->dev,
893
+
"can't send message because ring %d is full\n",
894
+
ring->ring_id);
895
+
ret = -EINVAL;
896
+
goto out;
897
+
}
898
+
899
+
msgid = bitmap_find_free_region(ring->msgids, ring->n_entries, 0);
900
+
if (msgid < 0) {
901
+
dev_warn(&bcm4377->pdev->dev,
902
+
"can't find message id for ring %d\n", ring->ring_id);
903
+
ret = -EINVAL;
904
+
goto out;
905
+
}
906
+
907
+
raw_msgid = FIELD_PREP(BCM4377_MSGID_GENERATION, ring->generation);
908
+
raw_msgid |= FIELD_PREP(BCM4377_MSGID_ID, msgid);
909
+
910
+
offset = head * (sizeof(*entry) + ring->payload_size);
911
+
entry = ring->ring + offset;
912
+
913
+
memset(entry, 0, sizeof(*entry));
914
+
entry->id = cpu_to_le16(raw_msgid);
915
+
entry->len = cpu_to_le16(len);
916
+
917
+
if (len <= ring->payload_size) {
918
+
entry->flags = BCM4377_XFER_RING_FLAG_PAYLOAD_IN_FOOTER;
919
+
payload = ring->ring + offset + sizeof(*entry);
920
+
} else {
921
+
entry->flags = BCM4377_XFER_RING_FLAG_PAYLOAD_MAPPED;
922
+
entry->payload = cpu_to_le64(ring->payloads_dma +
923
+
msgid * ring->mapped_payload_size);
924
+
payload = ring->payloads + msgid * ring->mapped_payload_size;
925
+
}
926
+
927
+
memcpy(payload, data, len);
928
+
929
+
if (wait)
930
+
ring->events[msgid] = &event;
931
+
932
+
/*
933
+
* The 4377 chips stop responding to any commands as soon as they
934
+
* have been idle for a while. Poking the sleep control register here
935
+
* makes them come alive again.
936
+
*/
937
+
iowrite32(BCM4377_BAR0_SLEEP_CONTROL_AWAKE,
938
+
bcm4377->bar0 + BCM4377_BAR0_SLEEP_CONTROL);
939
+
940
+
dev_dbg(&bcm4377->pdev->dev,
941
+
"updating head for transfer queue #%d to %d\n", ring->ring_id,
942
+
new_head);
943
+
bcm4377->ring_state->xfer_ring_head[ring->ring_id] =
944
+
cpu_to_le16(new_head);
945
+
946
+
if (!ring->sync)
947
+
bcm4377_ring_doorbell(bcm4377, ring->doorbell, new_head);
948
+
ret = 0;
949
+
950
+
out:
951
+
spin_unlock_irqrestore(&ring->lock, flags);
952
+
953
+
if (ret == 0 && wait) {
954
+
ret = wait_for_completion_interruptible_timeout(
955
+
&event, BCM4377_TIMEOUT);
956
+
if (ret == 0)
957
+
ret = -ETIMEDOUT;
958
+
else if (ret > 0)
959
+
ret = 0;
960
+
961
+
spin_lock_irqsave(&ring->lock, flags);
962
+
ring->events[msgid] = NULL;
963
+
spin_unlock_irqrestore(&ring->lock, flags);
964
+
}
965
+
966
+
return ret;
967
+
}
968
+
969
+
static int bcm4377_create_completion_ring(struct bcm4377_data *bcm4377,
970
+
struct bcm4377_completion_ring *ring)
971
+
{
972
+
struct bcm4377_create_completion_ring_msg msg;
973
+
int ret;
974
+
975
+
if (ring->enabled) {
976
+
dev_warn(&bcm4377->pdev->dev,
977
+
"completion ring %d already enabled\n", ring->ring_id);
978
+
return 0;
979
+
}
980
+
981
+
memset(ring->ring, 0,
982
+
ring->n_entries * (sizeof(struct bcm4377_completion_ring_entry) +
983
+
ring->payload_size));
984
+
memset(&msg, 0, sizeof(msg));
985
+
msg.msg_type = BCM4377_CONTROL_MSG_CREATE_COMPLETION_RING;
986
+
msg.id = cpu_to_le16(ring->ring_id);
987
+
msg.id_again = cpu_to_le16(ring->ring_id);
988
+
msg.ring_iova = cpu_to_le64(ring->ring_dma);
989
+
msg.n_elements = cpu_to_le16(ring->n_entries);
990
+
msg.intmod_bytes = cpu_to_le32(0xffffffff);
991
+
msg.unk = cpu_to_le32(0xffffffff);
992
+
msg.intmod_delay = cpu_to_le16(ring->delay);
993
+
msg.footer_size = ring->payload_size / 4;
994
+
995
+
ret = bcm4377_enqueue(bcm4377, &bcm4377->control_h2d_ring, &msg,
996
+
sizeof(msg), true);
997
+
if (!ret)
998
+
ring->enabled = true;
999
+
1000
+
return ret;
1001
+
}
1002
+
1003
+
static int bcm4377_destroy_completion_ring(struct bcm4377_data *bcm4377,
1004
+
struct bcm4377_completion_ring *ring)
1005
+
{
1006
+
struct bcm4377_destroy_completion_ring_msg msg;
1007
+
int ret;
1008
+
1009
+
memset(&msg, 0, sizeof(msg));
1010
+
msg.msg_type = BCM4377_CONTROL_MSG_DESTROY_COMPLETION_RING;
1011
+
msg.ring_id = cpu_to_le16(ring->ring_id);
1012
+
1013
+
ret = bcm4377_enqueue(bcm4377, &bcm4377->control_h2d_ring, &msg,
1014
+
sizeof(msg), true);
1015
+
if (ret)
1016
+
dev_warn(&bcm4377->pdev->dev,
1017
+
"failed to destroy completion ring %d\n",
1018
+
ring->ring_id);
1019
+
1020
+
ring->enabled = false;
1021
+
return ret;
1022
+
}
1023
+
1024
+
static int bcm4377_create_transfer_ring(struct bcm4377_data *bcm4377,
1025
+
struct bcm4377_transfer_ring *ring)
1026
+
{
1027
+
struct bcm4377_create_transfer_ring_msg msg;
1028
+
u16 flags = 0;
1029
+
int ret, i;
1030
+
unsigned long spinlock_flags;
1031
+
1032
+
if (ring->virtual)
1033
+
flags |= BCM4377_XFER_RING_FLAG_VIRTUAL;
1034
+
if (ring->sync)
1035
+
flags |= BCM4377_XFER_RING_FLAG_SYNC;
1036
+
1037
+
spin_lock_irqsave(&ring->lock, spinlock_flags);
1038
+
memset(&msg, 0, sizeof(msg));
1039
+
msg.msg_type = BCM4377_CONTROL_MSG_CREATE_XFER_RING;
1040
+
msg.ring_id = cpu_to_le16(ring->ring_id);
1041
+
msg.ring_id_again = cpu_to_le16(ring->ring_id);
1042
+
msg.ring_iova = cpu_to_le64(ring->ring_dma);
1043
+
msg.n_elements = cpu_to_le16(ring->n_entries);
1044
+
msg.completion_ring_id = cpu_to_le16(ring->completion_ring);
1045
+
msg.doorbell = cpu_to_le16(ring->doorbell);
1046
+
msg.flags = cpu_to_le16(flags);
1047
+
msg.footer_size = ring->payload_size / 4;
1048
+
1049
+
bcm4377->ring_state->xfer_ring_head[ring->ring_id] = 0;
1050
+
bcm4377->ring_state->xfer_ring_tail[ring->ring_id] = 0;
1051
+
ring->generation++;
1052
+
spin_unlock_irqrestore(&ring->lock, spinlock_flags);
1053
+
1054
+
ret = bcm4377_enqueue(bcm4377, &bcm4377->control_h2d_ring, &msg,
1055
+
sizeof(msg), true);
1056
+
1057
+
spin_lock_irqsave(&ring->lock, spinlock_flags);
1058
+
1059
+
if (ring->d2h_buffers_only) {
1060
+
for (i = 0; i < ring->n_entries; ++i) {
1061
+
struct bcm4377_xfer_ring_entry *entry =
1062
+
ring->ring + i * sizeof(*entry);
1063
+
u16 raw_msgid = FIELD_PREP(BCM4377_MSGID_GENERATION,
1064
+
ring->generation);
1065
+
raw_msgid |= FIELD_PREP(BCM4377_MSGID_ID, i);
1066
+
1067
+
memset(entry, 0, sizeof(*entry));
1068
+
entry->id = cpu_to_le16(raw_msgid);
1069
+
entry->len = cpu_to_le16(ring->mapped_payload_size);
1070
+
entry->flags = BCM4377_XFER_RING_FLAG_PAYLOAD_MAPPED;
1071
+
entry->payload =
1072
+
cpu_to_le64(ring->payloads_dma +
1073
+
i * ring->mapped_payload_size);
1074
+
}
1075
+
}
1076
+
1077
+
/*
1078
+
* send some messages if this is a device->host ring to allow the device
1079
+
* to reply by acknowledging them in the completion ring
1080
+
*/
1081
+
if (ring->virtual || ring->d2h_buffers_only) {
1082
+
bcm4377->ring_state->xfer_ring_head[ring->ring_id] =
1083
+
cpu_to_le16(0xf);
1084
+
bcm4377_ring_doorbell(bcm4377, ring->doorbell, 0xf);
1085
+
}
1086
+
1087
+
ring->enabled = true;
1088
+
spin_unlock_irqrestore(&ring->lock, spinlock_flags);
1089
+
1090
+
return ret;
1091
+
}
1092
+
1093
+
static int bcm4377_destroy_transfer_ring(struct bcm4377_data *bcm4377,
1094
+
struct bcm4377_transfer_ring *ring)
1095
+
{
1096
+
struct bcm4377_destroy_transfer_ring_msg msg;
1097
+
int ret;
1098
+
1099
+
memset(&msg, 0, sizeof(msg));
1100
+
msg.msg_type = BCM4377_CONTROL_MSG_DESTROY_XFER_RING;
1101
+
msg.ring_id = cpu_to_le16(ring->ring_id);
1102
+
1103
+
ret = bcm4377_enqueue(bcm4377, &bcm4377->control_h2d_ring, &msg,
1104
+
sizeof(msg), true);
1105
+
if (ret)
1106
+
dev_warn(&bcm4377->pdev->dev,
1107
+
"failed to destroy transfer ring %d\n", ring->ring_id);
1108
+
1109
+
ring->enabled = false;
1110
+
return ret;
1111
+
}
1112
+
1113
+
static int __bcm4378_send_calibration_chunk(struct bcm4377_data *bcm4377,
1114
+
const void *data, size_t data_len,
1115
+
u16 blocks_left)
1116
+
{
1117
+
struct bcm4378_hci_send_calibration_cmd cmd;
1118
+
struct sk_buff *skb;
1119
+
1120
+
if (data_len > sizeof(cmd.data))
1121
+
return -EINVAL;
1122
+
1123
+
memset(&cmd, 0, sizeof(cmd));
1124
+
cmd.unk = 0x03;
1125
+
cmd.blocks_left = cpu_to_le16(blocks_left);
1126
+
memcpy(cmd.data, data, data_len);
1127
+
1128
+
skb = __hci_cmd_sync(bcm4377->hdev, 0xfd97, sizeof(cmd), &cmd,
1129
+
HCI_INIT_TIMEOUT);
1130
+
if (IS_ERR(skb))
1131
+
return PTR_ERR(skb);
1132
+
1133
+
kfree_skb(skb);
1134
+
return 0;
1135
+
}
1136
+
1137
+
static int __bcm4378_send_calibration(struct bcm4377_data *bcm4377,
1138
+
const void *data, size_t data_size)
1139
+
{
1140
+
int ret;
1141
+
size_t i, left, transfer_len;
1142
+
size_t blocks =
1143
+
DIV_ROUND_UP(data_size, (size_t)BCM4378_CALIBRATION_CHUNK_SIZE);
1144
+
1145
+
if (!data) {
1146
+
dev_err(&bcm4377->pdev->dev,
1147
+
"no calibration data available.\n");
1148
+
return -ENOENT;
1149
+
}
1150
+
1151
+
for (i = 0, left = data_size; i < blocks; ++i, left -= transfer_len) {
1152
+
transfer_len =
1153
+
min_t(size_t, left, BCM4378_CALIBRATION_CHUNK_SIZE);
1154
+
1155
+
ret = __bcm4378_send_calibration_chunk(
1156
+
bcm4377, data + i * BCM4378_CALIBRATION_CHUNK_SIZE,
1157
+
transfer_len, blocks - i - 1);
1158
+
if (ret) {
1159
+
dev_err(&bcm4377->pdev->dev,
1160
+
"send calibration chunk failed with %d\n", ret);
1161
+
return ret;
1162
+
}
1163
+
}
1164
+
1165
+
return 0;
1166
+
}
1167
+
1168
+
static int bcm4378_send_calibration(struct bcm4377_data *bcm4377)
1169
+
{
1170
+
if ((strcmp(bcm4377->stepping, "b1") == 0) ||
1171
+
strcmp(bcm4377->stepping, "b3") == 0)
1172
+
return __bcm4378_send_calibration(
1173
+
bcm4377, bcm4377->taurus_beamforming_cal_blob,
1174
+
bcm4377->taurus_beamforming_cal_size);
1175
+
else
1176
+
return __bcm4378_send_calibration(bcm4377,
1177
+
bcm4377->taurus_cal_blob,
1178
+
bcm4377->taurus_cal_size);
1179
+
}
1180
+
1181
+
static int bcm4387_send_calibration(struct bcm4377_data *bcm4377)
1182
+
{
1183
+
if (strcmp(bcm4377->stepping, "c2") == 0)
1184
+
return __bcm4378_send_calibration(
1185
+
bcm4377, bcm4377->taurus_beamforming_cal_blob,
1186
+
bcm4377->taurus_beamforming_cal_size);
1187
+
else
1188
+
return __bcm4378_send_calibration(bcm4377,
1189
+
bcm4377->taurus_cal_blob,
1190
+
bcm4377->taurus_cal_size);
1191
+
}
1192
+
1193
+
static const struct firmware *bcm4377_request_blob(struct bcm4377_data *bcm4377,
1194
+
const char *suffix)
1195
+
{
1196
+
const struct firmware *fw;
1197
+
char name0[64], name1[64];
1198
+
int ret;
1199
+
1200
+
snprintf(name0, sizeof(name0), "brcm/brcmbt%04x%s-%s-%s.%s",
1201
+
bcm4377->hw->id, bcm4377->stepping, bcm4377->board_type,
1202
+
bcm4377->vendor, suffix);
1203
+
snprintf(name1, sizeof(name1), "brcm/brcmbt%04x%s-%s.%s",
1204
+
bcm4377->hw->id, bcm4377->stepping, bcm4377->board_type,
1205
+
suffix);
1206
+
dev_dbg(&bcm4377->pdev->dev, "Trying to load firmware: '%s' or '%s'\n",
1207
+
name0, name1);
1208
+
1209
+
ret = firmware_request_nowarn(&fw, name0, &bcm4377->pdev->dev);
1210
+
if (!ret)
1211
+
return fw;
1212
+
ret = firmware_request_nowarn(&fw, name1, &bcm4377->pdev->dev);
1213
+
if (!ret)
1214
+
return fw;
1215
+
1216
+
dev_err(&bcm4377->pdev->dev,
1217
+
"Unable to load firmware; tried '%s' and '%s'\n", name0, name1);
1218
+
return NULL;
1219
+
}
1220
+
1221
+
static int bcm4377_send_ptb(struct bcm4377_data *bcm4377,
1222
+
const struct firmware *fw)
1223
+
{
1224
+
struct sk_buff *skb;
1225
+
1226
+
skb = __hci_cmd_sync(bcm4377->hdev, 0xfd98, fw->size, fw->data,
1227
+
HCI_INIT_TIMEOUT);
1228
+
/*
1229
+
* This command seems to always fail on more recent firmware versions
1230
+
* (even in traces taken from the macOS driver). It's unclear why this
1231
+
* happens but because the PTB file contains calibration and/or
1232
+
* regulatory data and may be required on older firmware we still try to
1233
+
* send it here just in case and just ignore if it fails.
1234
+
*/
1235
+
if (!IS_ERR(skb))
1236
+
kfree_skb(skb);
1237
+
return 0;
1238
+
}
1239
+
1240
+
static int bcm4378_send_ptb_chunk(struct bcm4377_data *bcm4377,
1241
+
const void *data, size_t data_len,
1242
+
u16 blocks_left)
1243
+
{
1244
+
struct bcm4378_hci_send_ptb_cmd cmd;
1245
+
struct sk_buff *skb;
1246
+
1247
+
if (data_len > BCM4378_PTB_CHUNK_SIZE)
1248
+
return -EINVAL;
1249
+
1250
+
memset(&cmd, 0, sizeof(cmd));
1251
+
cmd.blocks_left = cpu_to_le16(blocks_left);
1252
+
memcpy(cmd.data, data, data_len);
1253
+
1254
+
skb = __hci_cmd_sync(bcm4377->hdev, 0xfe0d, sizeof(cmd), &cmd,
1255
+
HCI_INIT_TIMEOUT);
1256
+
if (IS_ERR(skb))
1257
+
return PTR_ERR(skb);
1258
+
1259
+
kfree_skb(skb);
1260
+
return 0;
1261
+
}
1262
+
1263
+
static int bcm4378_send_ptb(struct bcm4377_data *bcm4377,
1264
+
const struct firmware *fw)
1265
+
{
1266
+
size_t chunks = DIV_ROUND_UP(fw->size, (size_t)BCM4378_PTB_CHUNK_SIZE);
1267
+
size_t i, left, transfer_len;
1268
+
int ret;
1269
+
1270
+
for (i = 0, left = fw->size; i < chunks; ++i, left -= transfer_len) {
1271
+
transfer_len = min_t(size_t, left, BCM4378_PTB_CHUNK_SIZE);
1272
+
1273
+
dev_dbg(&bcm4377->pdev->dev, "sending ptb chunk %zu/%zu\n",
1274
+
i + 1, chunks);
1275
+
ret = bcm4378_send_ptb_chunk(
1276
+
bcm4377, fw->data + i * BCM4378_PTB_CHUNK_SIZE,
1277
+
transfer_len, chunks - i - 1);
1278
+
if (ret) {
1279
+
dev_err(&bcm4377->pdev->dev,
1280
+
"sending ptb chunk %zu failed (%d)", i, ret);
1281
+
return ret;
1282
+
}
1283
+
}
1284
+
1285
+
return 0;
1286
+
}
1287
+
1288
+
static int bcm4377_hci_open(struct hci_dev *hdev)
1289
+
{
1290
+
struct bcm4377_data *bcm4377 = hci_get_drvdata(hdev);
1291
+
int ret;
1292
+
1293
+
dev_dbg(&bcm4377->pdev->dev, "creating rings\n");
1294
+
1295
+
ret = bcm4377_create_completion_ring(bcm4377,
1296
+
&bcm4377->hci_acl_ack_ring);
1297
+
if (ret)
1298
+
return ret;
1299
+
ret = bcm4377_create_completion_ring(bcm4377,
1300
+
&bcm4377->hci_acl_event_ring);
1301
+
if (ret)
1302
+
goto destroy_hci_acl_ack;
1303
+
ret = bcm4377_create_completion_ring(bcm4377, &bcm4377->sco_ack_ring);
1304
+
if (ret)
1305
+
goto destroy_hci_acl_event;
1306
+
ret = bcm4377_create_completion_ring(bcm4377, &bcm4377->sco_event_ring);
1307
+
if (ret)
1308
+
goto destroy_sco_ack;
1309
+
dev_dbg(&bcm4377->pdev->dev,
1310
+
"all completion rings successfully created!\n");
1311
+
1312
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->hci_h2d_ring);
1313
+
if (ret)
1314
+
goto destroy_sco_event;
1315
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->hci_d2h_ring);
1316
+
if (ret)
1317
+
goto destroy_hci_h2d;
1318
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->sco_h2d_ring);
1319
+
if (ret)
1320
+
goto destroy_hci_d2h;
1321
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->sco_d2h_ring);
1322
+
if (ret)
1323
+
goto destroy_sco_h2d;
1324
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->acl_h2d_ring);
1325
+
if (ret)
1326
+
goto destroy_sco_d2h;
1327
+
ret = bcm4377_create_transfer_ring(bcm4377, &bcm4377->acl_d2h_ring);
1328
+
if (ret)
1329
+
goto destroy_acl_h2d;
1330
+
dev_dbg(&bcm4377->pdev->dev,
1331
+
"all transfer rings successfully created!\n");
1332
+
1333
+
return 0;
1334
+
1335
+
destroy_acl_h2d:
1336
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->acl_h2d_ring);
1337
+
destroy_sco_d2h:
1338
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->sco_d2h_ring);
1339
+
destroy_sco_h2d:
1340
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->sco_h2d_ring);
1341
+
destroy_hci_d2h:
1342
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->hci_h2d_ring);
1343
+
destroy_hci_h2d:
1344
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->hci_d2h_ring);
1345
+
destroy_sco_event:
1346
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->sco_event_ring);
1347
+
destroy_sco_ack:
1348
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->sco_ack_ring);
1349
+
destroy_hci_acl_event:
1350
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->hci_acl_event_ring);
1351
+
destroy_hci_acl_ack:
1352
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->hci_acl_ack_ring);
1353
+
1354
+
dev_err(&bcm4377->pdev->dev, "Creating rings failed with %d\n", ret);
1355
+
return ret;
1356
+
}
1357
+
1358
+
static int bcm4377_hci_close(struct hci_dev *hdev)
1359
+
{
1360
+
struct bcm4377_data *bcm4377 = hci_get_drvdata(hdev);
1361
+
1362
+
dev_dbg(&bcm4377->pdev->dev, "destroying rings in hci_close\n");
1363
+
1364
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->acl_d2h_ring);
1365
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->acl_h2d_ring);
1366
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->sco_d2h_ring);
1367
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->sco_h2d_ring);
1368
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->hci_d2h_ring);
1369
+
bcm4377_destroy_transfer_ring(bcm4377, &bcm4377->hci_h2d_ring);
1370
+
1371
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->sco_event_ring);
1372
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->sco_ack_ring);
1373
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->hci_acl_event_ring);
1374
+
bcm4377_destroy_completion_ring(bcm4377, &bcm4377->hci_acl_ack_ring);
1375
+
1376
+
return 0;
1377
+
}
1378
+
1379
+
static bool bcm4377_is_valid_bdaddr(struct bcm4377_data *bcm4377,
1380
+
bdaddr_t *addr)
1381
+
{
1382
+
if (addr->b[0] != 0x93)
1383
+
return true;
1384
+
if (addr->b[1] != 0x76)
1385
+
return true;
1386
+
if (addr->b[2] != 0x00)
1387
+
return true;
1388
+
if (addr->b[4] != (bcm4377->hw->id & 0xff))
1389
+
return true;
1390
+
if (addr->b[5] != (bcm4377->hw->id >> 8))
1391
+
return true;
1392
+
return false;
1393
+
}
1394
+
1395
+
static int bcm4377_check_bdaddr(struct bcm4377_data *bcm4377)
1396
+
{
1397
+
struct hci_rp_read_bd_addr *bda;
1398
+
struct sk_buff *skb;
1399
+
1400
+
skb = __hci_cmd_sync(bcm4377->hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1401
+
HCI_INIT_TIMEOUT);
1402
+
if (IS_ERR(skb)) {
1403
+
int err = PTR_ERR(skb);
1404
+
1405
+
dev_err(&bcm4377->pdev->dev, "HCI_OP_READ_BD_ADDR failed (%d)",
1406
+
err);
1407
+
return err;
1408
+
}
1409
+
1410
+
if (skb->len != sizeof(*bda)) {
1411
+
dev_err(&bcm4377->pdev->dev,
1412
+
"HCI_OP_READ_BD_ADDR reply length invalid");
1413
+
kfree_skb(skb);
1414
+
return -EIO;
1415
+
}
1416
+
1417
+
bda = (struct hci_rp_read_bd_addr *)skb->data;
1418
+
if (!bcm4377_is_valid_bdaddr(bcm4377, &bda->bdaddr))
1419
+
set_bit(HCI_QUIRK_INVALID_BDADDR, &bcm4377->hdev->quirks);
1420
+
1421
+
kfree_skb(skb);
1422
+
return 0;
1423
+
}
1424
+
1425
+
static int bcm4377_hci_setup(struct hci_dev *hdev)
1426
+
{
1427
+
struct bcm4377_data *bcm4377 = hci_get_drvdata(hdev);
1428
+
const struct firmware *fw;
1429
+
int ret;
1430
+
1431
+
if (bcm4377->hw->send_calibration) {
1432
+
ret = bcm4377->hw->send_calibration(bcm4377);
1433
+
if (ret)
1434
+
return ret;
1435
+
}
1436
+
1437
+
fw = bcm4377_request_blob(bcm4377, "ptb");
1438
+
if (!fw) {
1439
+
dev_err(&bcm4377->pdev->dev, "failed to load PTB data");
1440
+
return -ENOENT;
1441
+
}
1442
+
1443
+
ret = bcm4377->hw->send_ptb(bcm4377, fw);
1444
+
release_firmware(fw);
1445
+
if (ret)
1446
+
return ret;
1447
+
1448
+
return bcm4377_check_bdaddr(bcm4377);
1449
+
}
1450
+
1451
+
static int bcm4377_hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1452
+
{
1453
+
struct bcm4377_data *bcm4377 = hci_get_drvdata(hdev);
1454
+
struct bcm4377_transfer_ring *ring;
1455
+
int ret;
1456
+
1457
+
switch (hci_skb_pkt_type(skb)) {
1458
+
case HCI_COMMAND_PKT:
1459
+
hdev->stat.cmd_tx++;
1460
+
ring = &bcm4377->hci_h2d_ring;
1461
+
break;
1462
+
1463
+
case HCI_ACLDATA_PKT:
1464
+
hdev->stat.acl_tx++;
1465
+
ring = &bcm4377->acl_h2d_ring;
1466
+
break;
1467
+
1468
+
case HCI_SCODATA_PKT:
1469
+
hdev->stat.sco_tx++;
1470
+
ring = &bcm4377->sco_h2d_ring;
1471
+
break;
1472
+
1473
+
default:
1474
+
return -EILSEQ;
1475
+
}
1476
+
1477
+
ret = bcm4377_enqueue(bcm4377, ring, skb->data, skb->len, false);
1478
+
if (ret < 0) {
1479
+
hdev->stat.err_tx++;
1480
+
return ret;
1481
+
}
1482
+
1483
+
hdev->stat.byte_tx += skb->len;
1484
+
kfree_skb(skb);
1485
+
return ret;
1486
+
}
1487
+
1488
+
static int bcm4377_hci_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1489
+
{
1490
+
struct bcm4377_data *bcm4377 = hci_get_drvdata(hdev);
1491
+
struct sk_buff *skb;
1492
+
int err;
1493
+
1494
+
skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
1495
+
if (IS_ERR(skb)) {
1496
+
err = PTR_ERR(skb);
1497
+
dev_err(&bcm4377->pdev->dev,
1498
+
"Change address command failed (%d)", err);
1499
+
return err;
1500
+
}
1501
+
kfree_skb(skb);
1502
+
1503
+
return 0;
1504
+
}
1505
+
1506
+
static int bcm4377_alloc_transfer_ring(struct bcm4377_data *bcm4377,
1507
+
struct bcm4377_transfer_ring *ring)
1508
+
{
1509
+
size_t entry_size;
1510
+
1511
+
spin_lock_init(&ring->lock);
1512
+
ring->payload_size = ALIGN(ring->payload_size, 4);
1513
+
ring->mapped_payload_size = ALIGN(ring->mapped_payload_size, 4);
1514
+
1515
+
if (ring->payload_size > BCM4377_XFER_RING_MAX_INPLACE_PAYLOAD_SIZE)
1516
+
return -EINVAL;
1517
+
if (ring->n_entries > BCM4377_MAX_RING_SIZE)
1518
+
return -EINVAL;
1519
+
if (ring->virtual && ring->allow_wait)
1520
+
return -EINVAL;
1521
+
1522
+
if (ring->d2h_buffers_only) {
1523
+
if (ring->virtual)
1524
+
return -EINVAL;
1525
+
if (ring->payload_size)
1526
+
return -EINVAL;
1527
+
if (!ring->mapped_payload_size)
1528
+
return -EINVAL;
1529
+
}
1530
+
if (ring->virtual)
1531
+
return 0;
1532
+
1533
+
entry_size =
1534
+
ring->payload_size + sizeof(struct bcm4377_xfer_ring_entry);
1535
+
ring->ring = dmam_alloc_coherent(&bcm4377->pdev->dev,
1536
+
ring->n_entries * entry_size,
1537
+
&ring->ring_dma, GFP_KERNEL);
1538
+
if (!ring->ring)
1539
+
return -ENOMEM;
1540
+
1541
+
if (ring->allow_wait) {
1542
+
ring->events = devm_kcalloc(&bcm4377->pdev->dev,
1543
+
ring->n_entries,
1544
+
sizeof(*ring->events), GFP_KERNEL);
1545
+
if (!ring->events)
1546
+
return -ENOMEM;
1547
+
}
1548
+
1549
+
if (ring->mapped_payload_size) {
1550
+
ring->payloads = dmam_alloc_coherent(
1551
+
&bcm4377->pdev->dev,
1552
+
ring->n_entries * ring->mapped_payload_size,
1553
+
&ring->payloads_dma, GFP_KERNEL);
1554
+
if (!ring->payloads)
1555
+
return -ENOMEM;
1556
+
}
1557
+
1558
+
return 0;
1559
+
}
1560
+
1561
+
static int bcm4377_alloc_completion_ring(struct bcm4377_data *bcm4377,
1562
+
struct bcm4377_completion_ring *ring)
1563
+
{
1564
+
size_t entry_size;
1565
+
1566
+
ring->payload_size = ALIGN(ring->payload_size, 4);
1567
+
if (ring->payload_size > BCM4377_XFER_RING_MAX_INPLACE_PAYLOAD_SIZE)
1568
+
return -EINVAL;
1569
+
if (ring->n_entries > BCM4377_MAX_RING_SIZE)
1570
+
return -EINVAL;
1571
+
1572
+
entry_size = ring->payload_size +
1573
+
sizeof(struct bcm4377_completion_ring_entry);
1574
+
1575
+
ring->ring = dmam_alloc_coherent(&bcm4377->pdev->dev,
1576
+
ring->n_entries * entry_size,
1577
+
&ring->ring_dma, GFP_KERNEL);
1578
+
if (!ring->ring)
1579
+
return -ENOMEM;
1580
+
return 0;
1581
+
}
1582
+
1583
+
static int bcm4377_init_context(struct bcm4377_data *bcm4377)
1584
+
{
1585
+
struct device *dev = &bcm4377->pdev->dev;
1586
+
dma_addr_t peripheral_info_dma;
1587
+
1588
+
bcm4377->ctx = dmam_alloc_coherent(dev, sizeof(*bcm4377->ctx),
1589
+
&bcm4377->ctx_dma, GFP_KERNEL);
1590
+
if (!bcm4377->ctx)
1591
+
return -ENOMEM;
1592
+
memset(bcm4377->ctx, 0, sizeof(*bcm4377->ctx));
1593
+
1594
+
bcm4377->ring_state =
1595
+
dmam_alloc_coherent(dev, sizeof(*bcm4377->ring_state),
1596
+
&bcm4377->ring_state_dma, GFP_KERNEL);
1597
+
if (!bcm4377->ring_state)
1598
+
return -ENOMEM;
1599
+
memset(bcm4377->ring_state, 0, sizeof(*bcm4377->ring_state));
1600
+
1601
+
bcm4377->ctx->version = cpu_to_le16(1);
1602
+
bcm4377->ctx->size = cpu_to_le16(sizeof(*bcm4377->ctx));
1603
+
bcm4377->ctx->enabled_caps = cpu_to_le32(2);
1604
+
1605
+
/*
1606
+
* The BT device will write 0x20 bytes of data to this buffer but
1607
+
* the exact contents are unknown. It only needs to exist for BT
1608
+
* to work such that we can just allocate and then ignore it.
1609
+
*/
1610
+
if (!dmam_alloc_coherent(&bcm4377->pdev->dev, 0x20,
1611
+
&peripheral_info_dma, GFP_KERNEL))
1612
+
return -ENOMEM;
1613
+
bcm4377->ctx->peripheral_info_addr = cpu_to_le64(peripheral_info_dma);
1614
+
1615
+
bcm4377->ctx->xfer_ring_heads_addr = cpu_to_le64(
1616
+
bcm4377->ring_state_dma +
1617
+
offsetof(struct bcm4377_ring_state, xfer_ring_head));
1618
+
bcm4377->ctx->xfer_ring_tails_addr = cpu_to_le64(
1619
+
bcm4377->ring_state_dma +
1620
+
offsetof(struct bcm4377_ring_state, xfer_ring_tail));
1621
+
bcm4377->ctx->completion_ring_heads_addr = cpu_to_le64(
1622
+
bcm4377->ring_state_dma +
1623
+
offsetof(struct bcm4377_ring_state, completion_ring_head));
1624
+
bcm4377->ctx->completion_ring_tails_addr = cpu_to_le64(
1625
+
bcm4377->ring_state_dma +
1626
+
offsetof(struct bcm4377_ring_state, completion_ring_tail));
1627
+
1628
+
bcm4377->ctx->n_completion_rings =
1629
+
cpu_to_le16(BCM4377_N_COMPLETION_RINGS);
1630
+
bcm4377->ctx->n_xfer_rings = cpu_to_le16(BCM4377_N_TRANSFER_RINGS);
1631
+
1632
+
bcm4377->ctx->control_completion_ring_addr =
1633
+
cpu_to_le64(bcm4377->control_ack_ring.ring_dma);
1634
+
bcm4377->ctx->control_completion_ring_n_entries =
1635
+
cpu_to_le16(bcm4377->control_ack_ring.n_entries);
1636
+
bcm4377->ctx->control_completion_ring_doorbell = cpu_to_le16(0xffff);
1637
+
bcm4377->ctx->control_completion_ring_msi = 0;
1638
+
bcm4377->ctx->control_completion_ring_header_size = 0;
1639
+
bcm4377->ctx->control_completion_ring_footer_size = 0;
1640
+
1641
+
bcm4377->ctx->control_xfer_ring_addr =
1642
+
cpu_to_le64(bcm4377->control_h2d_ring.ring_dma);
1643
+
bcm4377->ctx->control_xfer_ring_n_entries =
1644
+
cpu_to_le16(bcm4377->control_h2d_ring.n_entries);
1645
+
bcm4377->ctx->control_xfer_ring_doorbell =
1646
+
cpu_to_le16(bcm4377->control_h2d_ring.doorbell);
1647
+
bcm4377->ctx->control_xfer_ring_msi = 0;
1648
+
bcm4377->ctx->control_xfer_ring_header_size = 0;
1649
+
bcm4377->ctx->control_xfer_ring_footer_size =
1650
+
bcm4377->control_h2d_ring.payload_size / 4;
1651
+
1652
+
dev_dbg(&bcm4377->pdev->dev, "context initialized at IOVA %pad",
1653
+
&bcm4377->ctx_dma);
1654
+
1655
+
return 0;
1656
+
}
1657
+
1658
+
static int bcm4377_prepare_rings(struct bcm4377_data *bcm4377)
1659
+
{
1660
+
int ret;
1661
+
1662
+
/*
1663
+
* Even though many of these settings appear to be configurable
1664
+
* when sending the "create ring" messages most of these are
1665
+
* actually hardcoded in some (and quite possibly all) firmware versions
1666
+
* and changing them on the host has no effect.
1667
+
* Specifically, this applies to at least the doorbells, the transfer
1668
+
* and completion ring ids and their mapping (e.g. both HCI and ACL
1669
+
* entries will always be queued in completion rings 1 and 2 no matter
1670
+
* what we configure here).
1671
+
*/
1672
+
bcm4377->control_ack_ring.ring_id = BCM4377_ACK_RING_CONTROL;
1673
+
bcm4377->control_ack_ring.n_entries = 32;
1674
+
bcm4377->control_ack_ring.transfer_rings =
1675
+
BIT(BCM4377_XFER_RING_CONTROL);
1676
+
1677
+
bcm4377->hci_acl_ack_ring.ring_id = BCM4377_ACK_RING_HCI_ACL;
1678
+
bcm4377->hci_acl_ack_ring.n_entries = 2 * BCM4377_RING_N_ENTRIES;
1679
+
bcm4377->hci_acl_ack_ring.transfer_rings =
1680
+
BIT(BCM4377_XFER_RING_HCI_H2D) | BIT(BCM4377_XFER_RING_ACL_H2D);
1681
+
bcm4377->hci_acl_ack_ring.delay = 1000;
1682
+
1683
+
/*
1684
+
* A payload size of MAX_EVENT_PAYLOAD_SIZE is enough here since large
1685
+
* ACL packets will be transmitted inside buffers mapped via
1686
+
* acl_d2h_ring anyway.
1687
+
*/
1688
+
bcm4377->hci_acl_event_ring.ring_id = BCM4377_EVENT_RING_HCI_ACL;
1689
+
bcm4377->hci_acl_event_ring.payload_size = MAX_EVENT_PAYLOAD_SIZE;
1690
+
bcm4377->hci_acl_event_ring.n_entries = 2 * BCM4377_RING_N_ENTRIES;
1691
+
bcm4377->hci_acl_event_ring.transfer_rings =
1692
+
BIT(BCM4377_XFER_RING_HCI_D2H) | BIT(BCM4377_XFER_RING_ACL_D2H);
1693
+
bcm4377->hci_acl_event_ring.delay = 1000;
1694
+
1695
+
bcm4377->sco_ack_ring.ring_id = BCM4377_ACK_RING_SCO;
1696
+
bcm4377->sco_ack_ring.n_entries = BCM4377_RING_N_ENTRIES;
1697
+
bcm4377->sco_ack_ring.transfer_rings = BIT(BCM4377_XFER_RING_SCO_H2D);
1698
+
1699
+
bcm4377->sco_event_ring.ring_id = BCM4377_EVENT_RING_SCO;
1700
+
bcm4377->sco_event_ring.payload_size = MAX_SCO_PAYLOAD_SIZE;
1701
+
bcm4377->sco_event_ring.n_entries = BCM4377_RING_N_ENTRIES;
1702
+
bcm4377->sco_event_ring.transfer_rings = BIT(BCM4377_XFER_RING_SCO_D2H);
1703
+
1704
+
bcm4377->control_h2d_ring.ring_id = BCM4377_XFER_RING_CONTROL;
1705
+
bcm4377->control_h2d_ring.doorbell = BCM4377_DOORBELL_CONTROL;
1706
+
bcm4377->control_h2d_ring.payload_size = BCM4377_CONTROL_MSG_SIZE;
1707
+
bcm4377->control_h2d_ring.completion_ring = BCM4377_ACK_RING_CONTROL;
1708
+
bcm4377->control_h2d_ring.allow_wait = true;
1709
+
bcm4377->control_h2d_ring.n_entries = BCM4377_RING_N_ENTRIES;
1710
+
1711
+
bcm4377->hci_h2d_ring.ring_id = BCM4377_XFER_RING_HCI_H2D;
1712
+
bcm4377->hci_h2d_ring.doorbell = BCM4377_DOORBELL_HCI_H2D;
1713
+
bcm4377->hci_h2d_ring.payload_size = MAX_EVENT_PAYLOAD_SIZE;
1714
+
bcm4377->hci_h2d_ring.completion_ring = BCM4377_ACK_RING_HCI_ACL;
1715
+
bcm4377->hci_h2d_ring.n_entries = BCM4377_RING_N_ENTRIES;
1716
+
1717
+
bcm4377->hci_d2h_ring.ring_id = BCM4377_XFER_RING_HCI_D2H;
1718
+
bcm4377->hci_d2h_ring.doorbell = BCM4377_DOORBELL_HCI_D2H;
1719
+
bcm4377->hci_d2h_ring.completion_ring = BCM4377_EVENT_RING_HCI_ACL;
1720
+
bcm4377->hci_d2h_ring.virtual = true;
1721
+
bcm4377->hci_d2h_ring.n_entries = BCM4377_RING_N_ENTRIES;
1722
+
1723
+
bcm4377->sco_h2d_ring.ring_id = BCM4377_XFER_RING_SCO_H2D;
1724
+
bcm4377->sco_h2d_ring.doorbell = BCM4377_DOORBELL_SCO;
1725
+
bcm4377->sco_h2d_ring.payload_size = MAX_SCO_PAYLOAD_SIZE;
1726
+
bcm4377->sco_h2d_ring.completion_ring = BCM4377_ACK_RING_SCO;
1727
+
bcm4377->sco_h2d_ring.sync = true;
1728
+
bcm4377->sco_h2d_ring.n_entries = BCM4377_RING_N_ENTRIES;
1729
+
1730
+
bcm4377->sco_d2h_ring.ring_id = BCM4377_XFER_RING_SCO_D2H;
1731
+
bcm4377->sco_d2h_ring.doorbell = BCM4377_DOORBELL_SCO;
1732
+
bcm4377->sco_d2h_ring.completion_ring = BCM4377_EVENT_RING_SCO;
1733
+
bcm4377->sco_d2h_ring.virtual = true;
1734
+
bcm4377->sco_d2h_ring.sync = true;
1735
+
bcm4377->sco_d2h_ring.n_entries = BCM4377_RING_N_ENTRIES;
1736
+
1737
+
/*
1738
+
* This ring has to use mapped_payload_size because the largest ACL
1739
+
* packet doesn't fit inside the largest possible footer
1740
+
*/
1741
+
bcm4377->acl_h2d_ring.ring_id = BCM4377_XFER_RING_ACL_H2D;
1742
+
bcm4377->acl_h2d_ring.doorbell = BCM4377_DOORBELL_ACL_H2D;
1743
+
bcm4377->acl_h2d_ring.mapped_payload_size = MAX_ACL_PAYLOAD_SIZE;
1744
+
bcm4377->acl_h2d_ring.completion_ring = BCM4377_ACK_RING_HCI_ACL;
1745
+
bcm4377->acl_h2d_ring.n_entries = BCM4377_RING_N_ENTRIES;
1746
+
1747
+
/*
1748
+
* This ring only contains empty buffers to be used by incoming
1749
+
* ACL packets that do not fit inside the footer of hci_acl_event_ring
1750
+
*/
1751
+
bcm4377->acl_d2h_ring.ring_id = BCM4377_XFER_RING_ACL_D2H;
1752
+
bcm4377->acl_d2h_ring.doorbell = BCM4377_DOORBELL_ACL_D2H;
1753
+
bcm4377->acl_d2h_ring.completion_ring = BCM4377_EVENT_RING_HCI_ACL;
1754
+
bcm4377->acl_d2h_ring.d2h_buffers_only = true;
1755
+
bcm4377->acl_d2h_ring.mapped_payload_size = MAX_ACL_PAYLOAD_SIZE;
1756
+
bcm4377->acl_d2h_ring.n_entries = BCM4377_RING_N_ENTRIES;
1757
+
1758
+
/*
1759
+
* no need for any cleanup since this is only called from _probe
1760
+
* and only devres-managed allocations are used
1761
+
*/
1762
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->control_h2d_ring);
1763
+
if (ret)
1764
+
return ret;
1765
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->hci_h2d_ring);
1766
+
if (ret)
1767
+
return ret;
1768
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->hci_d2h_ring);
1769
+
if (ret)
1770
+
return ret;
1771
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->sco_h2d_ring);
1772
+
if (ret)
1773
+
return ret;
1774
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->sco_d2h_ring);
1775
+
if (ret)
1776
+
return ret;
1777
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->acl_h2d_ring);
1778
+
if (ret)
1779
+
return ret;
1780
+
ret = bcm4377_alloc_transfer_ring(bcm4377, &bcm4377->acl_d2h_ring);
1781
+
if (ret)
1782
+
return ret;
1783
+
1784
+
ret = bcm4377_alloc_completion_ring(bcm4377,
1785
+
&bcm4377->control_ack_ring);
1786
+
if (ret)
1787
+
return ret;
1788
+
ret = bcm4377_alloc_completion_ring(bcm4377,
1789
+
&bcm4377->hci_acl_ack_ring);
1790
+
if (ret)
1791
+
return ret;
1792
+
ret = bcm4377_alloc_completion_ring(bcm4377,
1793
+
&bcm4377->hci_acl_event_ring);
1794
+
if (ret)
1795
+
return ret;
1796
+
ret = bcm4377_alloc_completion_ring(bcm4377, &bcm4377->sco_ack_ring);
1797
+
if (ret)
1798
+
return ret;
1799
+
ret = bcm4377_alloc_completion_ring(bcm4377, &bcm4377->sco_event_ring);
1800
+
if (ret)
1801
+
return ret;
1802
+
1803
+
dev_dbg(&bcm4377->pdev->dev, "all rings allocated and prepared\n");
1804
+
1805
+
return 0;
1806
+
}
1807
+
1808
+
static int bcm4377_boot(struct bcm4377_data *bcm4377)
1809
+
{
1810
+
const struct firmware *fw;
1811
+
void *bfr;
1812
+
dma_addr_t fw_dma;
1813
+
int ret = 0;
1814
+
u32 bootstage, rti_status;
1815
+
1816
+
bootstage = ioread32(bcm4377->bar2 + BCM4377_BAR2_BOOTSTAGE);
1817
+
rti_status = ioread32(bcm4377->bar2 + BCM4377_BAR2_RTI_STATUS);
1818
+
1819
+
if (bootstage != 0) {
1820
+
dev_err(&bcm4377->pdev->dev, "bootstage is %d and not 0\n",
1821
+
bootstage);
1822
+
return -EINVAL;
1823
+
}
1824
+
1825
+
if (rti_status != 0) {
1826
+
dev_err(&bcm4377->pdev->dev, "RTI status is %d and not 0\n",
1827
+
rti_status);
1828
+
return -EINVAL;
1829
+
}
1830
+
1831
+
fw = bcm4377_request_blob(bcm4377, "bin");
1832
+
if (!fw) {
1833
+
dev_err(&bcm4377->pdev->dev, "Failed to load firmware\n");
1834
+
return -ENOENT;
1835
+
}
1836
+
1837
+
bfr = dma_alloc_coherent(&bcm4377->pdev->dev, fw->size, &fw_dma,
1838
+
GFP_KERNEL);
1839
+
if (!bfr) {
1840
+
ret = -ENOMEM;
1841
+
goto out_release_fw;
1842
+
}
1843
+
1844
+
memcpy(bfr, fw->data, fw->size);
1845
+
1846
+
iowrite32(0, bcm4377->bar0 + BCM4377_BAR0_HOST_WINDOW_LO);
1847
+
iowrite32(0, bcm4377->bar0 + BCM4377_BAR0_HOST_WINDOW_HI);
1848
+
iowrite32(BCM4377_DMA_MASK,
1849
+
bcm4377->bar0 + BCM4377_BAR0_HOST_WINDOW_SIZE);
1850
+
1851
+
iowrite32(lower_32_bits(fw_dma), bcm4377->bar2 + BCM4377_BAR2_FW_LO);
1852
+
iowrite32(upper_32_bits(fw_dma), bcm4377->bar2 + BCM4377_BAR2_FW_HI);
1853
+
iowrite32(fw->size, bcm4377->bar2 + BCM4377_BAR2_FW_SIZE);
1854
+
iowrite32(0, bcm4377->bar0 + BCM4377_BAR0_FW_DOORBELL);
1855
+
1856
+
dev_dbg(&bcm4377->pdev->dev, "waiting for firmware to boot\n");
1857
+
1858
+
ret = wait_for_completion_interruptible_timeout(&bcm4377->event,
1859
+
BCM4377_TIMEOUT);
1860
+
if (ret == 0) {
1861
+
ret = -ETIMEDOUT;
1862
+
goto out_dma_free;
1863
+
} else if (ret < 0) {
1864
+
goto out_dma_free;
1865
+
}
1866
+
1867
+
if (bcm4377->bootstage != 2) {
1868
+
dev_err(&bcm4377->pdev->dev, "boostage %d != 2\n",
1869
+
bcm4377->bootstage);
1870
+
ret = -ENXIO;
1871
+
goto out_dma_free;
1872
+
}
1873
+
1874
+
dev_dbg(&bcm4377->pdev->dev, "firmware has booted (stage = %x)\n",
1875
+
bcm4377->bootstage);
1876
+
ret = 0;
1877
+
1878
+
out_dma_free:
1879
+
dma_free_coherent(&bcm4377->pdev->dev, fw->size, bfr, fw_dma);
1880
+
out_release_fw:
1881
+
release_firmware(fw);
1882
+
return ret;
1883
+
}
1884
+
1885
+
static int bcm4377_setup_rti(struct bcm4377_data *bcm4377)
1886
+
{
1887
+
int ret;
1888
+
1889
+
dev_dbg(&bcm4377->pdev->dev, "starting RTI\n");
1890
+
iowrite32(1, bcm4377->bar0 + BCM4377_BAR0_RTI_CONTROL);
1891
+
1892
+
ret = wait_for_completion_interruptible_timeout(&bcm4377->event,
1893
+
BCM4377_TIMEOUT);
1894
+
if (ret == 0) {
1895
+
dev_err(&bcm4377->pdev->dev,
1896
+
"timed out while waiting for RTI to transition to state 1");
1897
+
return -ETIMEDOUT;
1898
+
} else if (ret < 0) {
1899
+
return ret;
1900
+
}
1901
+
1902
+
if (bcm4377->rti_status != 1) {
1903
+
dev_err(&bcm4377->pdev->dev, "RTI did not ack state 1 (%d)\n",
1904
+
bcm4377->rti_status);
1905
+
return -ENODEV;
1906
+
}
1907
+
dev_dbg(&bcm4377->pdev->dev, "RTI is in state 1\n");
1908
+
1909
+
/* allow access to the entire IOVA space again */
1910
+
iowrite32(0, bcm4377->bar2 + BCM4377_BAR2_RTI_WINDOW_LO);
1911
+
iowrite32(0, bcm4377->bar2 + BCM4377_BAR2_RTI_WINDOW_HI);
1912
+
iowrite32(BCM4377_DMA_MASK,
1913
+
bcm4377->bar2 + BCM4377_BAR2_RTI_WINDOW_SIZE);
1914
+
1915
+
/* setup "Converged IPC" context */
1916
+
iowrite32(lower_32_bits(bcm4377->ctx_dma),
1917
+
bcm4377->bar2 + BCM4377_BAR2_CONTEXT_ADDR_LO);
1918
+
iowrite32(upper_32_bits(bcm4377->ctx_dma),
1919
+
bcm4377->bar2 + BCM4377_BAR2_CONTEXT_ADDR_HI);
1920
+
iowrite32(2, bcm4377->bar0 + BCM4377_BAR0_RTI_CONTROL);
1921
+
1922
+
ret = wait_for_completion_interruptible_timeout(&bcm4377->event,
1923
+
BCM4377_TIMEOUT);
1924
+
if (ret == 0) {
1925
+
dev_err(&bcm4377->pdev->dev,
1926
+
"timed out while waiting for RTI to transition to state 2");
1927
+
return -ETIMEDOUT;
1928
+
} else if (ret < 0) {
1929
+
return ret;
1930
+
}
1931
+
1932
+
if (bcm4377->rti_status != 2) {
1933
+
dev_err(&bcm4377->pdev->dev, "RTI did not ack state 2 (%d)\n",
1934
+
bcm4377->rti_status);
1935
+
return -ENODEV;
1936
+
}
1937
+
1938
+
dev_dbg(&bcm4377->pdev->dev,
1939
+
"RTI is in state 2; control ring is ready\n");
1940
+
bcm4377->control_ack_ring.enabled = true;
1941
+
1942
+
return 0;
1943
+
}
1944
+
1945
+
static int bcm4377_parse_otp_board_params(struct bcm4377_data *bcm4377,
1946
+
char tag, const char *val, size_t len)
1947
+
{
1948
+
if (tag != 'V')
1949
+
return 0;
1950
+
if (len >= sizeof(bcm4377->vendor))
1951
+
return -EINVAL;
1952
+
1953
+
strscpy(bcm4377->vendor, val, len + 1);
1954
+
return 0;
1955
+
}
1956
+
1957
+
static int bcm4377_parse_otp_chip_params(struct bcm4377_data *bcm4377, char tag,
1958
+
const char *val, size_t len)
1959
+
{
1960
+
size_t idx = 0;
1961
+
1962
+
if (tag != 's')
1963
+
return 0;
1964
+
if (len >= sizeof(bcm4377->stepping))
1965
+
return -EINVAL;
1966
+
1967
+
while (len != 0) {
1968
+
bcm4377->stepping[idx] = tolower(val[idx]);
1969
+
if (val[idx] == '\0')
1970
+
return 0;
1971
+
1972
+
idx++;
1973
+
len--;
1974
+
}
1975
+
1976
+
bcm4377->stepping[idx] = '\0';
1977
+
return 0;
1978
+
}
1979
+
1980
+
static int bcm4377_parse_otp_str(struct bcm4377_data *bcm4377, const u8 *str,
1981
+
enum bcm4377_otp_params_type type)
1982
+
{
1983
+
const char *p;
1984
+
int ret;
1985
+
1986
+
p = skip_spaces(str);
1987
+
while (*p) {
1988
+
char tag = *p++;
1989
+
const char *end;
1990
+
size_t len;
1991
+
1992
+
if (*p++ != '=') /* implicit NUL check */
1993
+
return -EINVAL;
1994
+
1995
+
/* *p might be NUL here, if so end == p and len == 0 */
1996
+
end = strchrnul(p, ' ');
1997
+
len = end - p;
1998
+
1999
+
/* leave 1 byte for NUL in destination string */
2000
+
if (len > (BCM4377_OTP_MAX_PARAM_LEN - 1))
2001
+
return -EINVAL;
2002
+
2003
+
switch (type) {
2004
+
case BCM4377_OTP_BOARD_PARAMS:
2005
+
ret = bcm4377_parse_otp_board_params(bcm4377, tag, p,
2006
+
len);
2007
+
break;
2008
+
case BCM4377_OTP_CHIP_PARAMS:
2009
+
ret = bcm4377_parse_otp_chip_params(bcm4377, tag, p,
2010
+
len);
2011
+
break;
2012
+
default:
2013
+
ret = -EINVAL;
2014
+
break;
2015
+
}
2016
+
2017
+
if (ret)
2018
+
return ret;
2019
+
2020
+
/* Skip to next arg, if any */
2021
+
p = skip_spaces(end);
2022
+
}
2023
+
2024
+
return 0;
2025
+
}
2026
+
2027
+
static int bcm4377_parse_otp_sys_vendor(struct bcm4377_data *bcm4377, u8 *otp,
2028
+
size_t size)
2029
+
{
2030
+
int idx = 4;
2031
+
const char *chip_params;
2032
+
const char *board_params;
2033
+
int ret;
2034
+
2035
+
/* 4-byte header and two empty strings */
2036
+
if (size < 6)
2037
+
return -EINVAL;
2038
+
2039
+
if (get_unaligned_le32(otp) != BCM4377_OTP_VENDOR_HDR)
2040
+
return -EINVAL;
2041
+
2042
+
chip_params = &otp[idx];
2043
+
2044
+
/* Skip first string, including terminator */
2045
+
idx += strnlen(chip_params, size - idx) + 1;
2046
+
if (idx >= size)
2047
+
return -EINVAL;
2048
+
2049
+
board_params = &otp[idx];
2050
+
2051
+
/* Skip to terminator of second string */
2052
+
idx += strnlen(board_params, size - idx);
2053
+
if (idx >= size)
2054
+
return -EINVAL;
2055
+
2056
+
/* At this point both strings are guaranteed NUL-terminated */
2057
+
dev_dbg(&bcm4377->pdev->dev,
2058
+
"OTP: chip_params='%s' board_params='%s'\n", chip_params,
2059
+
board_params);
2060
+
2061
+
ret = bcm4377_parse_otp_str(bcm4377, chip_params,
2062
+
BCM4377_OTP_CHIP_PARAMS);
2063
+
if (ret)
2064
+
return ret;
2065
+
2066
+
ret = bcm4377_parse_otp_str(bcm4377, board_params,
2067
+
BCM4377_OTP_BOARD_PARAMS);
2068
+
if (ret)
2069
+
return ret;
2070
+
2071
+
if (!bcm4377->stepping[0] || !bcm4377->vendor[0])
2072
+
return -EINVAL;
2073
+
2074
+
dev_dbg(&bcm4377->pdev->dev, "OTP: stepping=%s, vendor=%s\n",
2075
+
bcm4377->stepping, bcm4377->vendor);
2076
+
return 0;
2077
+
}
2078
+
2079
+
static int bcm4377_parse_otp(struct bcm4377_data *bcm4377)
2080
+
{
2081
+
u8 *otp;
2082
+
int i;
2083
+
int ret = -ENOENT;
2084
+
2085
+
otp = kzalloc(BCM4377_OTP_SIZE, GFP_KERNEL);
2086
+
if (!otp)
2087
+
return -ENOMEM;
2088
+
2089
+
for (i = 0; i < BCM4377_OTP_SIZE; ++i)
2090
+
otp[i] = ioread8(bcm4377->bar0 + bcm4377->hw->otp_offset + i);
2091
+
2092
+
i = 0;
2093
+
while (i < (BCM4377_OTP_SIZE - 1)) {
2094
+
u8 type = otp[i];
2095
+
u8 length = otp[i + 1];
2096
+
2097
+
if (type == 0)
2098
+
break;
2099
+
2100
+
if ((i + 2 + length) > BCM4377_OTP_SIZE)
2101
+
break;
2102
+
2103
+
switch (type) {
2104
+
case BCM4377_OTP_SYS_VENDOR:
2105
+
dev_dbg(&bcm4377->pdev->dev,
2106
+
"OTP @ 0x%x (%d): SYS_VENDOR", i, length);
2107
+
ret = bcm4377_parse_otp_sys_vendor(bcm4377, &otp[i + 2],
2108
+
length);
2109
+
break;
2110
+
case BCM4377_OTP_CIS:
2111
+
dev_dbg(&bcm4377->pdev->dev, "OTP @ 0x%x (%d): CIS", i,
2112
+
length);
2113
+
break;
2114
+
default:
2115
+
dev_dbg(&bcm4377->pdev->dev, "OTP @ 0x%x (%d): unknown",
2116
+
i, length);
2117
+
break;
2118
+
}
2119
+
2120
+
i += 2 + length;
2121
+
}
2122
+
2123
+
kfree(otp);
2124
+
return ret;
2125
+
}
2126
+
2127
+
static int bcm4377_init_cfg(struct bcm4377_data *bcm4377)
2128
+
{
2129
+
int ret;
2130
+
u32 ctrl;
2131
+
2132
+
ret = pci_write_config_dword(bcm4377->pdev,
2133
+
BCM4377_PCIECFG_BAR0_WINDOW1,
2134
+
bcm4377->hw->bar0_window1);
2135
+
if (ret)
2136
+
return ret;
2137
+
2138
+
ret = pci_write_config_dword(bcm4377->pdev,
2139
+
BCM4377_PCIECFG_BAR0_WINDOW2,
2140
+
bcm4377->hw->bar0_window2);
2141
+
if (ret)
2142
+
return ret;
2143
+
2144
+
ret = pci_write_config_dword(
2145
+
bcm4377->pdev, BCM4377_PCIECFG_BAR0_CORE2_WINDOW1,
2146
+
BCM4377_PCIECFG_BAR0_CORE2_WINDOW1_DEFAULT);
2147
+
if (ret)
2148
+
return ret;
2149
+
2150
+
if (bcm4377->hw->has_bar0_core2_window2) {
2151
+
ret = pci_write_config_dword(bcm4377->pdev,
2152
+
BCM4377_PCIECFG_BAR0_CORE2_WINDOW2,
2153
+
bcm4377->hw->bar0_core2_window2);
2154
+
if (ret)
2155
+
return ret;
2156
+
}
2157
+
2158
+
ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR2_WINDOW,
2159
+
BCM4377_PCIECFG_BAR2_WINDOW_DEFAULT);
2160
+
if (ret)
2161
+
return ret;
2162
+
2163
+
ret = pci_read_config_dword(bcm4377->pdev,
2164
+
BCM4377_PCIECFG_SUBSYSTEM_CTRL, &ctrl);
2165
+
if (ret)
2166
+
return ret;
2167
+
2168
+
if (bcm4377->hw->clear_pciecfg_subsystem_ctrl_bit19)
2169
+
ctrl &= ~BIT(19);
2170
+
ctrl |= BIT(16);
2171
+
2172
+
return pci_write_config_dword(bcm4377->pdev,
2173
+
BCM4377_PCIECFG_SUBSYSTEM_CTRL, ctrl);
2174
+
}
2175
+
2176
+
static int bcm4377_probe_dmi(struct bcm4377_data *bcm4377)
2177
+
{
2178
+
const struct dmi_system_id *board_type_dmi_id;
2179
+
2180
+
board_type_dmi_id = dmi_first_match(bcm4377_dmi_board_table);
2181
+
if (board_type_dmi_id && board_type_dmi_id->driver_data) {
2182
+
bcm4377->board_type = board_type_dmi_id->driver_data;
2183
+
dev_dbg(&bcm4377->pdev->dev,
2184
+
"found board type via DMI match: %s\n",
2185
+
bcm4377->board_type);
2186
+
}
2187
+
2188
+
return 0;
2189
+
}
2190
+
2191
+
static int bcm4377_probe_of(struct bcm4377_data *bcm4377)
2192
+
{
2193
+
struct device_node *np = bcm4377->pdev->dev.of_node;
2194
+
int ret;
2195
+
2196
+
if (!np)
2197
+
return 0;
2198
+
2199
+
ret = of_property_read_string(np, "brcm,board-type",
2200
+
&bcm4377->board_type);
2201
+
if (ret) {
2202
+
dev_err(&bcm4377->pdev->dev, "no brcm,board-type property\n");
2203
+
return ret;
2204
+
}
2205
+
2206
+
bcm4377->taurus_beamforming_cal_blob =
2207
+
of_get_property(np, "brcm,taurus-bf-cal-blob",
2208
+
&bcm4377->taurus_beamforming_cal_size);
2209
+
if (!bcm4377->taurus_beamforming_cal_blob) {
2210
+
dev_err(&bcm4377->pdev->dev,
2211
+
"no brcm,taurus-bf-cal-blob property\n");
2212
+
return -ENOENT;
2213
+
}
2214
+
bcm4377->taurus_cal_blob = of_get_property(np, "brcm,taurus-cal-blob",
2215
+
&bcm4377->taurus_cal_size);
2216
+
if (!bcm4377->taurus_cal_blob) {
2217
+
dev_err(&bcm4377->pdev->dev,
2218
+
"no brcm,taurus-cal-blob property\n");
2219
+
return -ENOENT;
2220
+
}
2221
+
2222
+
return 0;
2223
+
}
2224
+
2225
+
static void bcm4377_disable_aspm(struct bcm4377_data *bcm4377)
2226
+
{
2227
+
pci_disable_link_state(bcm4377->pdev,
2228
+
PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1);
2229
+
2230
+
/*
2231
+
* pci_disable_link_state can fail if either CONFIG_PCIEASPM is disabled
2232
+
* or if the BIOS hasn't handed over control to us. We must *always*
2233
+
* disable ASPM for this device due to hardware errata though.
2234
+
*/
2235
+
pcie_capability_clear_word(bcm4377->pdev, PCI_EXP_LNKCTL,
2236
+
PCI_EXP_LNKCTL_ASPMC);
2237
+
}
2238
+
2239
+
static void bcm4377_pci_free_irq_vectors(void *data)
2240
+
{
2241
+
pci_free_irq_vectors(data);
2242
+
}
2243
+
2244
+
static void bcm4377_hci_free_dev(void *data)
2245
+
{
2246
+
hci_free_dev(data);
2247
+
}
2248
+
2249
+
static void bcm4377_hci_unregister_dev(void *data)
2250
+
{
2251
+
hci_unregister_dev(data);
2252
+
}
2253
+
2254
+
static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2255
+
{
2256
+
struct bcm4377_data *bcm4377;
2257
+
struct hci_dev *hdev;
2258
+
int ret, irq;
2259
+
2260
+
ret = dma_set_mask_and_coherent(&pdev->dev, BCM4377_DMA_MASK);
2261
+
if (ret)
2262
+
return ret;
2263
+
2264
+
bcm4377 = devm_kzalloc(&pdev->dev, sizeof(*bcm4377), GFP_KERNEL);
2265
+
if (!bcm4377)
2266
+
return -ENOMEM;
2267
+
2268
+
bcm4377->pdev = pdev;
2269
+
bcm4377->hw = &bcm4377_hw_variants[id->driver_data];
2270
+
init_completion(&bcm4377->event);
2271
+
2272
+
ret = bcm4377_prepare_rings(bcm4377);
2273
+
if (ret)
2274
+
return ret;
2275
+
2276
+
ret = bcm4377_init_context(bcm4377);
2277
+
if (ret)
2278
+
return ret;
2279
+
2280
+
ret = bcm4377_probe_dmi(bcm4377);
2281
+
if (ret)
2282
+
return ret;
2283
+
ret = bcm4377_probe_of(bcm4377);
2284
+
if (ret)
2285
+
return ret;
2286
+
if (!bcm4377->board_type) {
2287
+
dev_err(&pdev->dev, "unable to determine board type\n");
2288
+
return -ENODEV;
2289
+
}
2290
+
2291
+
if (bcm4377->hw->disable_aspm)
2292
+
bcm4377_disable_aspm(bcm4377);
2293
+
2294
+
ret = pci_reset_function_locked(pdev);
2295
+
if (ret)
2296
+
dev_warn(
2297
+
&pdev->dev,
2298
+
"function level reset failed with %d; trying to continue anyway\n",
2299
+
ret);
2300
+
2301
+
/*
2302
+
* If this number is too low and we try to access any BAR too
2303
+
* early the device will crash. Experiments have shown that
2304
+
* approximately 50 msec is the minimum amount we have to wait.
2305
+
* Let's double that to be safe.
2306
+
*/
2307
+
msleep(100);
2308
+
2309
+
ret = pcim_enable_device(pdev);
2310
+
if (ret)
2311
+
return ret;
2312
+
pci_set_master(pdev);
2313
+
2314
+
ret = bcm4377_init_cfg(bcm4377);
2315
+
if (ret)
2316
+
return ret;
2317
+
2318
+
bcm4377->bar0 = pcim_iomap(pdev, 0, 0);
2319
+
if (!bcm4377->bar0)
2320
+
return -EBUSY;
2321
+
bcm4377->bar2 = pcim_iomap(pdev, 2, 0);
2322
+
if (!bcm4377->bar2)
2323
+
return -EBUSY;
2324
+
2325
+
ret = bcm4377_parse_otp(bcm4377);
2326
+
if (ret) {
2327
+
dev_err(&pdev->dev, "Reading OTP failed with %d\n", ret);
2328
+
return ret;
2329
+
}
2330
+
2331
+
/*
2332
+
* Legacy interrupts result in an IRQ storm because we don't know where
2333
+
* the interrupt mask and status registers for these chips are.
2334
+
* MSIs are acked automatically instead.
2335
+
*/
2336
+
ret = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_MSI);
2337
+
if (ret < 0)
2338
+
return -ENODEV;
2339
+
ret = devm_add_action_or_reset(&pdev->dev, bcm4377_pci_free_irq_vectors,
2340
+
pdev);
2341
+
if (ret)
2342
+
return ret;
2343
+
2344
+
irq = pci_irq_vector(pdev, 0);
2345
+
if (irq <= 0)
2346
+
return -ENODEV;
2347
+
2348
+
ret = devm_request_irq(&pdev->dev, irq, bcm4377_irq, 0, "bcm4377",
2349
+
bcm4377);
2350
+
if (ret)
2351
+
return ret;
2352
+
2353
+
hdev = hci_alloc_dev();
2354
+
if (!hdev)
2355
+
return -ENOMEM;
2356
+
ret = devm_add_action_or_reset(&pdev->dev, bcm4377_hci_free_dev, hdev);
2357
+
if (ret)
2358
+
return ret;
2359
+
2360
+
bcm4377->hdev = hdev;
2361
+
2362
+
hdev->bus = HCI_PCI;
2363
+
hdev->dev_type = HCI_PRIMARY;
2364
+
hdev->open = bcm4377_hci_open;
2365
+
hdev->close = bcm4377_hci_close;
2366
+
hdev->send = bcm4377_hci_send_frame;
2367
+
hdev->set_bdaddr = bcm4377_hci_set_bdaddr;
2368
+
hdev->setup = bcm4377_hci_setup;
2369
+
2370
+
set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
2371
+
if (bcm4377->hw->broken_mws_transport_config)
2372
+
set_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &hdev->quirks);
2373
+
if (bcm4377->hw->broken_ext_scan)
2374
+
set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks);
2375
+
2376
+
pci_set_drvdata(pdev, bcm4377);
2377
+
hci_set_drvdata(hdev, bcm4377);
2378
+
SET_HCIDEV_DEV(hdev, &pdev->dev);
2379
+
2380
+
ret = bcm4377_boot(bcm4377);
2381
+
if (ret)
2382
+
return ret;
2383
+
2384
+
ret = bcm4377_setup_rti(bcm4377);
2385
+
if (ret)
2386
+
return ret;
2387
+
2388
+
ret = hci_register_dev(hdev);
2389
+
if (ret)
2390
+
return ret;
2391
+
return devm_add_action_or_reset(&pdev->dev, bcm4377_hci_unregister_dev,
2392
+
hdev);
2393
+
}
2394
+
2395
+
static int bcm4377_suspend(struct pci_dev *pdev, pm_message_t state)
2396
+
{
2397
+
struct bcm4377_data *bcm4377 = pci_get_drvdata(pdev);
2398
+
int ret;
2399
+
2400
+
ret = hci_suspend_dev(bcm4377->hdev);
2401
+
if (ret)
2402
+
return ret;
2403
+
2404
+
iowrite32(BCM4377_BAR0_SLEEP_CONTROL_QUIESCE,
2405
+
bcm4377->bar0 + BCM4377_BAR0_SLEEP_CONTROL);
2406
+
2407
+
return 0;
2408
+
}
2409
+
2410
+
static int bcm4377_resume(struct pci_dev *pdev)
2411
+
{
2412
+
struct bcm4377_data *bcm4377 = pci_get_drvdata(pdev);
2413
+
2414
+
iowrite32(BCM4377_BAR0_SLEEP_CONTROL_UNQUIESCE,
2415
+
bcm4377->bar0 + BCM4377_BAR0_SLEEP_CONTROL);
2416
+
2417
+
return hci_resume_dev(bcm4377->hdev);
2418
+
}
2419
+
2420
+
static const struct dmi_system_id bcm4377_dmi_board_table[] = {
2421
+
{
2422
+
.matches = {
2423
+
DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
2424
+
DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir9,1"),
2425
+
},
2426
+
.driver_data = "apple,formosa",
2427
+
},
2428
+
{
2429
+
.matches = {
2430
+
DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
2431
+
DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro15,4"),
2432
+
},
2433
+
.driver_data = "apple,formosa",
2434
+
},
2435
+
{
2436
+
.matches = {
2437
+
DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
2438
+
DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,3"),
2439
+
},
2440
+
.driver_data = "apple,formosa",
2441
+
},
2442
+
{}
2443
+
};
2444
+
2445
+
static const struct bcm4377_hw bcm4377_hw_variants[] = {
2446
+
[BCM4377] = {
2447
+
.id = 0x4377,
2448
+
.otp_offset = 0x4120,
2449
+
.bar0_window1 = 0x1800b000,
2450
+
.bar0_window2 = 0x1810c000,
2451
+
.disable_aspm = true,
2452
+
.broken_ext_scan = true,
2453
+
.send_ptb = bcm4377_send_ptb,
2454
+
},
2455
+
2456
+
[BCM4378] = {
2457
+
.id = 0x4378,
2458
+
.otp_offset = 0x4120,
2459
+
.bar0_window1 = 0x18002000,
2460
+
.bar0_window2 = 0x1810a000,
2461
+
.bar0_core2_window2 = 0x18107000,
2462
+
.has_bar0_core2_window2 = true,
2463
+
.broken_mws_transport_config = true,
2464
+
.send_calibration = bcm4378_send_calibration,
2465
+
.send_ptb = bcm4378_send_ptb,
2466
+
},
2467
+
2468
+
[BCM4387] = {
2469
+
.id = 0x4387,
2470
+
.otp_offset = 0x413c,
2471
+
.bar0_window1 = 0x18002000,
2472
+
.bar0_window2 = 0x18109000,
2473
+
.bar0_core2_window2 = 0x18106000,
2474
+
.has_bar0_core2_window2 = true,
2475
+
.clear_pciecfg_subsystem_ctrl_bit19 = true,
2476
+
.broken_mws_transport_config = true,
2477
+
.send_calibration = bcm4387_send_calibration,
2478
+
.send_ptb = bcm4378_send_ptb,
2479
+
},
2480
+
};
2481
+
2482
+
#define BCM4377_DEVID_ENTRY(id) \
2483
+
{ \
2484
+
PCI_VENDOR_ID_BROADCOM, BCM##id##_DEVICE_ID, PCI_ANY_ID, \
2485
+
PCI_ANY_ID, PCI_CLASS_NETWORK_OTHER << 8, 0xffff00, \
2486
+
BCM##id \
2487
+
}
2488
+
2489
+
static const struct pci_device_id bcm4377_devid_table[] = {
2490
+
BCM4377_DEVID_ENTRY(4377),
2491
+
BCM4377_DEVID_ENTRY(4378),
2492
+
BCM4377_DEVID_ENTRY(4387),
2493
+
{},
2494
+
};
2495
+
MODULE_DEVICE_TABLE(pci, bcm4377_devid_table);
2496
+
2497
+
static struct pci_driver bcm4377_pci_driver = {
2498
+
.name = "hci_bcm4377",
2499
+
.id_table = bcm4377_devid_table,
2500
+
.probe = bcm4377_probe,
2501
+
.suspend = bcm4377_suspend,
2502
+
.resume = bcm4377_resume,
2503
+
};
2504
+
module_pci_driver(bcm4377_pci_driver);
2505
+
2506
+
MODULE_AUTHOR("Sven Peter <sven@svenpeter.dev>");
2507
+
MODULE_DESCRIPTION("Bluetooth support for Broadcom 4377/4378/4387 devices");
2508
+
MODULE_LICENSE("Dual MIT/GPL");
2509
+
MODULE_FIRMWARE("brcm/brcmbt4377*.bin");
2510
+
MODULE_FIRMWARE("brcm/brcmbt4377*.ptb");
2511
+
MODULE_FIRMWARE("brcm/brcmbt4378*.bin");
2512
+
MODULE_FIRMWARE("brcm/brcmbt4378*.ptb");
2513
+
MODULE_FIRMWARE("brcm/brcmbt4387*.bin");
2514
+
MODULE_FIRMWARE("brcm/brcmbt4387*.ptb");
+1
-1
drivers/bluetooth/hci_bcsp.c
+1
-1
drivers/bluetooth/hci_bcsp.c
+1
-1
drivers/bluetooth/hci_h5.c
+1
-1
drivers/bluetooth/hci_h5.c
+1
-1
drivers/bluetooth/hci_ll.c
+1
-1
drivers/bluetooth/hci_ll.c
+3
-2
drivers/bluetooth/hci_qca.c
+3
-2
drivers/bluetooth/hci_qca.c
···
912
912
default:
913
913
BT_ERR("Illegal tx state: %d (losing packet)",
914
914
qca->tx_ibs_state);
915
-
kfree_skb(skb);
915
+
dev_kfree_skb_irq(skb);
916
916
break;
917
917
}
918
918
···
1765
1765
qca_debugfs_init(hdev);
1766
1766
hu->hdev->hw_error = qca_hw_error;
1767
1767
hu->hdev->cmd_timeout = qca_cmd_timeout;
1768
-
hu->hdev->wakeup = qca_wakeup;
1768
+
if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
1769
+
hu->hdev->wakeup = qca_wakeup;
1769
1770
} else if (ret == -ENOENT) {
1770
1771
/* No patch/nvm-config found, run with original fw/config */
1771
1772
set_bit(QCA_ROM_FW, &qca->flags);
+30
-5
drivers/bluetooth/virtio_bt.c
+30
-5
drivers/bluetooth/virtio_bt.c
···
50
50
51
51
static int virtbt_open(struct hci_dev *hdev)
52
52
{
53
-
struct virtio_bluetooth *vbt = hci_get_drvdata(hdev);
53
+
return 0;
54
+
}
54
55
56
+
static int virtbt_open_vdev(struct virtio_bluetooth *vbt)
57
+
{
55
58
if (virtbt_add_inbuf(vbt) < 0)
56
59
return -EIO;
57
60
···
64
61
65
62
static int virtbt_close(struct hci_dev *hdev)
66
63
{
67
-
struct virtio_bluetooth *vbt = hci_get_drvdata(hdev);
64
+
return 0;
65
+
}
66
+
67
+
static int virtbt_close_vdev(struct virtio_bluetooth *vbt)
68
+
{
68
69
int i;
69
70
70
71
cancel_work_sync(&vbt->rx);
···
313
306
if (virtio_has_feature(vdev, VIRTIO_BT_F_VND_HCI)) {
314
307
__u16 vendor;
315
308
316
-
virtio_cread(vdev, struct virtio_bt_config, vendor, &vendor);
309
+
if (virtio_has_feature(vdev, VIRTIO_BT_F_CONFIG_V2))
310
+
virtio_cread(vdev, struct virtio_bt_config_v2,
311
+
vendor, &vendor);
312
+
else
313
+
virtio_cread(vdev, struct virtio_bt_config,
314
+
vendor, &vendor);
317
315
318
316
switch (vendor) {
319
317
case VIRTIO_BT_CONFIG_VENDOR_ZEPHYR:
···
351
339
if (virtio_has_feature(vdev, VIRTIO_BT_F_MSFT_EXT)) {
352
340
__u16 msft_opcode;
353
341
354
-
virtio_cread(vdev, struct virtio_bt_config,
355
-
msft_opcode, &msft_opcode);
342
+
if (virtio_has_feature(vdev, VIRTIO_BT_F_CONFIG_V2))
343
+
virtio_cread(vdev, struct virtio_bt_config_v2,
344
+
msft_opcode, &msft_opcode);
345
+
else
346
+
virtio_cread(vdev, struct virtio_bt_config,
347
+
msft_opcode, &msft_opcode);
356
348
357
349
hci_set_msft_opcode(hdev, msft_opcode);
358
350
}
···
370
354
goto failed;
371
355
}
372
356
357
+
virtio_device_ready(vdev);
358
+
err = virtbt_open_vdev(vbt);
359
+
if (err)
360
+
goto open_failed;
361
+
373
362
return 0;
374
363
364
+
open_failed:
365
+
hci_free_dev(hdev);
375
366
failed:
376
367
vdev->config->del_vqs(vdev);
377
368
return err;
···
391
368
392
369
hci_unregister_dev(hdev);
393
370
virtio_reset_device(vdev);
371
+
virtbt_close_vdev(vbt);
394
372
395
373
hci_free_dev(hdev);
396
374
vbt->hdev = NULL;
···
411
387
VIRTIO_BT_F_VND_HCI,
412
388
VIRTIO_BT_F_MSFT_EXT,
413
389
VIRTIO_BT_F_AOSP_EXT,
390
+
VIRTIO_BT_F_CONFIG_V2,
414
391
};
415
392
416
393
static struct virtio_driver virtbt_driver = {
+21
include/net/bluetooth/hci.h
+21
include/net/bluetooth/hci.h
···
274
274
* during the hdev->setup vendor callback.
275
275
*/
276
276
HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN,
277
+
278
+
/*
279
+
* When this quirk is set, the HCI_OP_LE_SET_EXT_SCAN_ENABLE command is
280
+
* disabled. This is required for some Broadcom controllers which
281
+
* erroneously claim to support extended scanning.
282
+
*
283
+
* This quirk can be set before hci_register_dev is called or
284
+
* during the hdev->setup vendor callback.
285
+
*/
286
+
HCI_QUIRK_BROKEN_EXT_SCAN,
287
+
288
+
/*
289
+
* When this quirk is set, the HCI_OP_GET_MWS_TRANSPORT_CONFIG command is
290
+
* disabled. This is required for some Broadcom controllers which
291
+
* erroneously claim to support MWS Transport Layer Configuration.
292
+
*
293
+
* This quirk can be set before hci_register_dev is called or
294
+
* during the hdev->setup vendor callback.
295
+
*/
296
+
HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG,
277
297
};
278
298
279
299
/* HCI device flags */
···
2610
2590
#define LE_EXT_ADV_DIRECT_IND 0x0004
2611
2591
#define LE_EXT_ADV_SCAN_RSP 0x0008
2612
2592
#define LE_EXT_ADV_LEGACY_PDU 0x0010
2593
+
#define LE_EXT_ADV_EVT_TYPE_MASK 0x007f
2613
2594
2614
2595
#define ADDR_LE_DEV_PUBLIC 0x00
2615
2596
#define ADDR_LE_DEV_RANDOM 0x01
+7
-1
include/net/bluetooth/hci_core.h
+7
-1
include/net/bluetooth/hci_core.h
···
659
659
int (*set_diag)(struct hci_dev *hdev, bool enable);
660
660
int (*set_bdaddr)(struct hci_dev *hdev, const bdaddr_t *bdaddr);
661
661
void (*cmd_timeout)(struct hci_dev *hdev);
662
+
void (*reset)(struct hci_dev *hdev);
662
663
bool (*wakeup)(struct hci_dev *hdev);
663
664
int (*set_quality_report)(struct hci_dev *hdev, bool enable);
664
665
int (*get_data_path_id)(struct hci_dev *hdev, __u8 *data_path);
···
1690
1689
1691
1690
/* Use ext scanning if set ext scan param and ext scan enable is supported */
1692
1691
#define use_ext_scan(dev) (((dev)->commands[37] & 0x20) && \
1693
-
((dev)->commands[37] & 0x40))
1692
+
((dev)->commands[37] & 0x40) && \
1693
+
!test_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &(dev)->quirks))
1694
+
1694
1695
/* Use ext create connection if command is supported */
1695
1696
#define use_ext_conn(dev) ((dev)->commands[37] & 0x80)
1696
1697
···
1719
1716
#define cis_peripheral_capable(dev) \
1720
1717
((dev)->le_features[3] & HCI_LE_CIS_PERIPHERAL)
1721
1718
#define bis_capable(dev) ((dev)->le_features[3] & HCI_LE_ISO_BROADCASTER)
1719
+
1720
+
#define mws_transport_config_capable(dev) (((dev)->commands[30] & 0x08) && \
1721
+
(!test_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &(dev)->quirks)))
1722
1722
1723
1723
/* ----- HCI protocols ----- */
1724
1724
#define HCI_PROTO_DEFER 0x01
+8
include/uapi/linux/virtio_bt.h
+8
include/uapi/linux/virtio_bt.h
···
9
9
#define VIRTIO_BT_F_VND_HCI 0 /* Indicates vendor command support */
10
10
#define VIRTIO_BT_F_MSFT_EXT 1 /* Indicates MSFT vendor support */
11
11
#define VIRTIO_BT_F_AOSP_EXT 2 /* Indicates AOSP vendor support */
12
+
#define VIRTIO_BT_F_CONFIG_V2 3 /* Use second version configuration */
12
13
13
14
enum virtio_bt_config_type {
14
15
VIRTIO_BT_CONFIG_TYPE_PRIMARY = 0,
···
28
27
__u16 vendor;
29
28
__u16 msft_opcode;
30
29
} __attribute__((packed));
30
+
31
+
struct virtio_bt_config_v2 {
32
+
__u8 type;
33
+
__u8 alignment;
34
+
__u16 vendor;
35
+
__u16 msft_opcode;
36
+
};
31
37
32
38
#endif /* _UAPI_LINUX_VIRTIO_BT_H */
+11
net/bluetooth/Kconfig
+11
net/bluetooth/Kconfig
···
78
78
Bluetooth Low Energy includes support low-energy physical
79
79
layer available with Bluetooth version 4.0 or later.
80
80
81
+
config BT_LE_L2CAP_ECRED
82
+
bool "Bluetooth L2CAP Enhanced Credit Flow Control"
83
+
depends on BT_LE
84
+
default y
85
+
help
86
+
Bluetooth Low Energy L2CAP Enhanced Credit Flow Control available with
87
+
Bluetooth version 5.2 or later.
88
+
89
+
This can be overridden by passing bluetooth.enable_ecred=[1|0]
90
+
on the kernel commandline.
91
+
81
92
config BT_6LOWPAN
82
93
tristate "Bluetooth 6LoWPAN support"
83
94
depends on BT_LE && 6LOWPAN
+4
-13
net/bluetooth/hci_conn.c
+4
-13
net/bluetooth/hci_conn.c
···
824
824
825
825
bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
826
826
827
-
d = kmalloc(sizeof(*d), GFP_KERNEL);
827
+
d = kzalloc(sizeof(*d), GFP_KERNEL);
828
828
if (!d)
829
829
return -ENOMEM;
830
830
831
-
memset(d, 0, sizeof(*d));
832
831
d->big = big;
833
832
d->bis = bis;
834
833
···
860
861
861
862
bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
862
863
863
-
d = kmalloc(sizeof(*d), GFP_KERNEL);
864
+
d = kzalloc(sizeof(*d), GFP_KERNEL);
864
865
if (!d)
865
866
return -ENOMEM;
866
867
867
-
memset(d, 0, sizeof(*d));
868
868
d->big = big;
869
869
d->sync_handle = sync_handle;
870
870
···
1879
1881
continue;
1880
1882
1881
1883
/* Check if all CIS(s) belonging to a CIG are ready */
1882
-
if (conn->link->state != BT_CONNECTED ||
1884
+
if (!conn->link || conn->link->state != BT_CONNECTED ||
1883
1885
conn->state != BT_CONNECT) {
1884
1886
cmd.cp.num_cis = 0;
1885
1887
break;
···
2044
2046
if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2045
2047
return -EBUSY;
2046
2048
2047
-
cp = kmalloc(sizeof(*cp), GFP_KERNEL);
2049
+
cp = kzalloc(sizeof(*cp), GFP_KERNEL);
2048
2050
if (!cp) {
2049
2051
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2050
2052
return -ENOMEM;
2051
2053
}
2052
2054
2053
-
/* Convert from ISO socket address type to HCI address type */
2054
-
if (dst_type == BDADDR_LE_PUBLIC)
2055
-
dst_type = ADDR_LE_DEV_PUBLIC;
2056
-
else
2057
-
dst_type = ADDR_LE_DEV_RANDOM;
2058
-
2059
-
memset(cp, 0, sizeof(*cp));
2060
2055
cp->sid = sid;
2061
2056
cp->addr_type = dst_type;
2062
2057
bacpy(&cp->addr, dst);
+2
-2
net/bluetooth/hci_core.c
+2
-2
net/bluetooth/hci_core.c
···
2660
2660
2661
2661
error = hci_register_suspend_notifier(hdev);
2662
2662
if (error)
2663
-
goto err_wqueue;
2663
+
BT_WARN("register suspend notifier failed error:%d\n", error);
2664
2664
2665
2665
queue_work(hdev->req_workqueue, &hdev->power_on);
2666
2666
···
3985
3985
*req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
3986
3986
else
3987
3987
*req_complete = bt_cb(skb)->hci.req_complete;
3988
-
kfree_skb(skb);
3988
+
dev_kfree_skb_irq(skb);
3989
3989
}
3990
3990
spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
3991
3991
}
+1
-1
net/bluetooth/hci_debugfs.c
+1
-1
net/bluetooth/hci_debugfs.c
+17
-7
net/bluetooth/hci_event.c
+17
-7
net/bluetooth/hci_event.c
···
801
801
802
802
bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
803
803
804
-
if (rp->status)
805
-
return rp->status;
806
-
807
804
sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
808
805
if (!sent)
809
806
return rp->status;
···
808
811
hci_dev_lock(hdev);
809
812
810
813
conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
811
-
if (conn)
814
+
if (!conn) {
815
+
rp->status = 0xff;
816
+
goto unlock;
817
+
}
818
+
819
+
if (!rp->status)
812
820
conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
813
821
822
+
hci_encrypt_cfm(conn, 0);
823
+
824
+
unlock:
814
825
hci_dev_unlock(hdev);
815
826
816
827
return rp->status;
···
3685
3680
3686
3681
cp.handle = cpu_to_le16(conn->handle);
3687
3682
cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3688
-
hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3689
-
sizeof(cp), &cp);
3683
+
if (hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3684
+
sizeof(cp), &cp)) {
3685
+
bt_dev_err(hdev, "write auth payload timeout failed");
3686
+
goto notify;
3687
+
}
3688
+
3689
+
goto unlock;
3690
3690
}
3691
3691
3692
3692
notify:
···
6504
6494
info->length))
6505
6495
break;
6506
6496
6507
-
evt_type = __le16_to_cpu(info->type);
6497
+
evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK;
6508
6498
legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
6509
6499
if (legacy_evt_type != LE_ADV_INVALID) {
6510
6500
process_adv_report(hdev, legacy_evt_type, &info->bdaddr,
+20
-1
net/bluetooth/hci_sync.c
+20
-1
net/bluetooth/hci_sync.c
···
3055
3055
* Enable Authentication
3056
3056
* lmp_bredr_capable(Set Fast Connectable -> Set Scan Type -> Set Class ->
3057
3057
* Set Name -> Set EIR)
3058
+
* HCI_FORCE_STATIC_ADDR | BDADDR_ANY && !HCI_BREDR_ENABLED (Set Static Address)
3058
3059
*/
3059
3060
int hci_powered_update_sync(struct hci_dev *hdev)
3060
3061
{
···
3093
3092
hci_update_class_sync(hdev);
3094
3093
hci_update_name_sync(hdev);
3095
3094
hci_update_eir_sync(hdev);
3095
+
}
3096
+
3097
+
/* If forcing static address is in use or there is no public
3098
+
* address use the static address as random address (but skip
3099
+
* the HCI command if the current random address is already the
3100
+
* static one.
3101
+
*
3102
+
* In case BR/EDR has been disabled on a dual-mode controller
3103
+
* and a static address has been configured, then use that
3104
+
* address instead of the public BR/EDR address.
3105
+
*/
3106
+
if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3107
+
(!bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3108
+
!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))) {
3109
+
if (bacmp(&hdev->static_addr, BDADDR_ANY))
3110
+
return hci_set_random_addr_sync(hdev,
3111
+
&hdev->static_addr);
3096
3112
}
3097
3113
3098
3114
return 0;
···
4279
4261
/* Get MWS transport configuration if the HCI command is supported */
4280
4262
static int hci_get_mws_transport_config_sync(struct hci_dev *hdev)
4281
4263
{
4282
-
if (!(hdev->commands[30] & 0x08))
4264
+
if (!mws_transport_config_capable(hdev))
4283
4265
return 0;
4284
4266
4285
4267
return __hci_cmd_sync_status(hdev, HCI_OP_GET_MWS_TRANSPORT_CONFIG,
···
4721
4703
hdev->flush(hdev);
4722
4704
4723
4705
if (hdev->sent_cmd) {
4706
+
cancel_delayed_work_sync(&hdev->cmd_timer);
4724
4707
kfree_skb(hdev->sent_cmd);
4725
4708
hdev->sent_cmd = NULL;
4726
4709
}
+42
-25
net/bluetooth/iso.c
+42
-25
net/bluetooth/iso.c
···
261
261
262
262
if (!bis_capable(hdev)) {
263
263
err = -EOPNOTSUPP;
264
-
goto done;
264
+
goto unlock;
265
265
}
266
266
267
267
/* Fail if out PHYs are marked as disabled */
268
268
if (!iso_pi(sk)->qos.out.phy) {
269
269
err = -EINVAL;
270
-
goto done;
270
+
goto unlock;
271
271
}
272
272
273
-
hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type,
273
+
hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
274
+
le_addr_type(iso_pi(sk)->dst_type),
274
275
&iso_pi(sk)->qos, iso_pi(sk)->base_len,
275
276
iso_pi(sk)->base);
276
277
if (IS_ERR(hcon)) {
277
278
err = PTR_ERR(hcon);
278
-
goto done;
279
+
goto unlock;
279
280
}
280
281
281
282
conn = iso_conn_add(hcon);
282
283
if (!conn) {
283
284
hci_conn_drop(hcon);
284
285
err = -ENOMEM;
285
-
goto done;
286
+
goto unlock;
286
287
}
288
+
289
+
hci_dev_unlock(hdev);
290
+
hci_dev_put(hdev);
291
+
292
+
lock_sock(sk);
287
293
288
294
/* Update source addr of the socket */
289
295
bacpy(&iso_pi(sk)->src, &hcon->src);
290
296
291
297
err = iso_chan_add(conn, sk, NULL);
292
298
if (err)
293
-
goto done;
299
+
goto release;
294
300
295
301
if (hcon->state == BT_CONNECTED) {
296
302
iso_sock_clear_timer(sk);
···
306
300
iso_sock_set_timer(sk, sk->sk_sndtimeo);
307
301
}
308
302
309
-
done:
303
+
release:
304
+
release_sock(sk);
305
+
return err;
306
+
307
+
unlock:
310
308
hci_dev_unlock(hdev);
311
309
hci_dev_put(hdev);
312
310
return err;
···
334
324
335
325
if (!cis_central_capable(hdev)) {
336
326
err = -EOPNOTSUPP;
337
-
goto done;
327
+
goto unlock;
338
328
}
339
329
340
330
/* Fail if either PHYs are marked as disabled */
341
331
if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) {
342
332
err = -EINVAL;
343
-
goto done;
333
+
goto unlock;
344
334
}
345
335
346
336
/* Just bind if DEFER_SETUP has been set */
···
350
340
&iso_pi(sk)->qos);
351
341
if (IS_ERR(hcon)) {
352
342
err = PTR_ERR(hcon);
353
-
goto done;
343
+
goto unlock;
354
344
}
355
345
} else {
356
346
hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
···
358
348
&iso_pi(sk)->qos);
359
349
if (IS_ERR(hcon)) {
360
350
err = PTR_ERR(hcon);
361
-
goto done;
351
+
goto unlock;
362
352
}
363
353
}
364
354
···
366
356
if (!conn) {
367
357
hci_conn_drop(hcon);
368
358
err = -ENOMEM;
369
-
goto done;
359
+
goto unlock;
370
360
}
361
+
362
+
hci_dev_unlock(hdev);
363
+
hci_dev_put(hdev);
364
+
365
+
lock_sock(sk);
371
366
372
367
/* Update source addr of the socket */
373
368
bacpy(&iso_pi(sk)->src, &hcon->src);
374
369
375
370
err = iso_chan_add(conn, sk, NULL);
376
371
if (err)
377
-
goto done;
372
+
goto release;
378
373
379
374
if (hcon->state == BT_CONNECTED) {
380
375
iso_sock_clear_timer(sk);
···
392
377
iso_sock_set_timer(sk, sk->sk_sndtimeo);
393
378
}
394
379
395
-
done:
380
+
release:
381
+
release_sock(sk);
382
+
return err;
383
+
384
+
unlock:
396
385
hci_dev_unlock(hdev);
397
386
hci_dev_put(hdev);
398
387
return err;
···
850
831
bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
851
832
iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
852
833
834
+
release_sock(sk);
835
+
853
836
if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
854
837
err = iso_connect_cis(sk);
855
838
else
856
839
err = iso_connect_bis(sk);
857
840
858
841
if (err)
859
-
goto done;
842
+
return err;
843
+
844
+
lock_sock(sk);
860
845
861
846
if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
862
847
err = bt_sock_wait_state(sk, BT_CONNECTED,
863
848
sock_sndtimeo(sk, flags & O_NONBLOCK));
864
849
}
865
850
866
-
done:
867
851
release_sock(sk);
868
852
return err;
869
853
}
···
897
875
898
876
hci_dev_lock(hdev);
899
877
900
-
err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type,
878
+
err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
879
+
le_addr_type(iso_pi(sk)->dst_type),
901
880
iso_pi(sk)->bc_sid);
902
881
903
882
hci_dev_unlock(hdev);
···
1122
1099
{
1123
1100
struct sock *sk = sock->sk;
1124
1101
struct iso_pinfo *pi = iso_pi(sk);
1125
-
int err;
1126
1102
1127
1103
BT_DBG("sk %p", sk);
1128
-
1129
-
lock_sock(sk);
1130
1104
1131
1105
if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1132
1106
switch (sk->sk_state) {
1133
1107
case BT_CONNECT2:
1108
+
lock_sock(sk);
1134
1109
iso_conn_defer_accept(pi->conn->hcon);
1135
1110
sk->sk_state = BT_CONFIG;
1136
1111
release_sock(sk);
1137
1112
return 0;
1138
1113
case BT_CONNECT:
1139
-
err = iso_connect_cis(sk);
1140
-
release_sock(sk);
1141
-
return err;
1114
+
return iso_connect_cis(sk);
1142
1115
}
1143
1116
}
1144
-
1145
-
release_sock(sk);
1146
1117
1147
1118
return bt_sock_recvmsg(sock, msg, len, flags);
1148
1119
}
+1
-1
net/bluetooth/l2cap_core.c
+1
-1
net/bluetooth/l2cap_core.c
+2
-2
net/bluetooth/lib.c
+2
-2
net/bluetooth/lib.c
···
170
170
case -EMLINK:
171
171
return 0x09;
172
172
173
-
case EALREADY:
173
+
case -EALREADY:
174
174
return 0x0b;
175
175
176
176
case -EBUSY:
···
191
191
case -ECONNABORTED:
192
192
return 0x16;
193
193
194
-
case ELOOP:
194
+
case -ELOOP:
195
195
return 0x17;
196
196
197
197
case -EPROTONOSUPPORT:
+1
-1
net/bluetooth/mgmt.c
+1
-1
net/bluetooth/mgmt.c
···
8859
8859
* extra parameters we don't know about will be ignored in this request.
8860
8860
*/
8861
8861
if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
8862
-
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8862
+
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8863
8863
MGMT_STATUS_INVALID_PARAMS);
8864
8864
8865
8865
flags = __le32_to_cpu(cp->flags);