Marcel Holtmann | 16e3887 | 2015-04-04 16:13:02 -0700 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Bluetooth HCI UART driver for Intel devices |
| 4 | * |
| 5 | * Copyright (C) 2015 Intel Corporation |
| 6 | * |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU General Public License as published by |
| 10 | * the Free Software Foundation; either version 2 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU General Public License |
| 19 | * along with this program; if not, write to the Free Software |
| 20 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 21 | * |
| 22 | */ |
| 23 | |
| 24 | #include <linux/kernel.h> |
| 25 | #include <linux/errno.h> |
| 26 | #include <linux/skbuff.h> |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 27 | #include <linux/firmware.h> |
| 28 | #include <linux/wait.h> |
Marcel Holtmann | 16e3887 | 2015-04-04 16:13:02 -0700 | [diff] [blame] | 29 | |
| 30 | #include <net/bluetooth/bluetooth.h> |
| 31 | #include <net/bluetooth/hci_core.h> |
| 32 | |
| 33 | #include "hci_uart.h" |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 34 | #include "btintel.h" |
| 35 | |
| 36 | #define STATE_BOOTLOADER 0 |
| 37 | #define STATE_DOWNLOADING 1 |
| 38 | #define STATE_FIRMWARE_LOADED 2 |
| 39 | #define STATE_FIRMWARE_FAILED 3 |
| 40 | #define STATE_BOOTING 4 |
| 41 | |
| 42 | struct intel_data { |
| 43 | struct sk_buff *rx_skb; |
| 44 | struct sk_buff_head txq; |
| 45 | unsigned long flags; |
| 46 | }; |
| 47 | |
| 48 | static int intel_open(struct hci_uart *hu) |
| 49 | { |
| 50 | struct intel_data *intel; |
| 51 | |
| 52 | BT_DBG("hu %p", hu); |
| 53 | |
| 54 | intel = kzalloc(sizeof(*intel), GFP_KERNEL); |
| 55 | if (!intel) |
| 56 | return -ENOMEM; |
| 57 | |
| 58 | skb_queue_head_init(&intel->txq); |
| 59 | |
| 60 | hu->priv = intel; |
| 61 | return 0; |
| 62 | } |
| 63 | |
| 64 | static int intel_close(struct hci_uart *hu) |
| 65 | { |
| 66 | struct intel_data *intel = hu->priv; |
| 67 | |
| 68 | BT_DBG("hu %p", hu); |
| 69 | |
| 70 | skb_queue_purge(&intel->txq); |
| 71 | kfree_skb(intel->rx_skb); |
| 72 | kfree(intel); |
| 73 | |
| 74 | hu->priv = NULL; |
| 75 | return 0; |
| 76 | } |
| 77 | |
| 78 | static int intel_flush(struct hci_uart *hu) |
| 79 | { |
| 80 | struct intel_data *intel = hu->priv; |
| 81 | |
| 82 | BT_DBG("hu %p", hu); |
| 83 | |
| 84 | skb_queue_purge(&intel->txq); |
| 85 | |
| 86 | return 0; |
| 87 | } |
| 88 | |
| 89 | static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) |
| 90 | { |
| 91 | struct sk_buff *skb; |
| 92 | struct hci_event_hdr *hdr; |
| 93 | struct hci_ev_cmd_complete *evt; |
| 94 | |
| 95 | skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); |
| 96 | if (!skb) |
| 97 | return -ENOMEM; |
| 98 | |
| 99 | hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); |
| 100 | hdr->evt = HCI_EV_CMD_COMPLETE; |
| 101 | hdr->plen = sizeof(*evt) + 1; |
| 102 | |
| 103 | evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); |
| 104 | evt->ncmd = 0x01; |
| 105 | evt->opcode = cpu_to_le16(opcode); |
| 106 | |
| 107 | *skb_put(skb, 1) = 0x00; |
| 108 | |
| 109 | bt_cb(skb)->pkt_type = HCI_EVENT_PKT; |
| 110 | |
| 111 | return hci_recv_frame(hdev, skb); |
| 112 | } |
| 113 | |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 114 | static void intel_version_info(struct hci_dev *hdev, |
| 115 | struct intel_version *ver) |
| 116 | { |
| 117 | const char *variant; |
| 118 | |
| 119 | switch (ver->fw_variant) { |
| 120 | case 0x06: |
| 121 | variant = "Bootloader"; |
| 122 | break; |
| 123 | case 0x23: |
| 124 | variant = "Firmware"; |
| 125 | break; |
| 126 | default: |
| 127 | return; |
| 128 | } |
| 129 | |
| 130 | BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name, |
| 131 | variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, |
| 132 | ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy); |
| 133 | } |
| 134 | |
| 135 | static int intel_setup(struct hci_uart *hu) |
| 136 | { |
| 137 | static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, |
| 138 | 0x00, 0x08, 0x04, 0x00 }; |
| 139 | struct intel_data *intel = hu->priv; |
| 140 | struct hci_dev *hdev = hu->hdev; |
| 141 | struct sk_buff *skb; |
| 142 | struct intel_version *ver; |
| 143 | struct intel_boot_params *params; |
| 144 | const struct firmware *fw; |
| 145 | const u8 *fw_ptr; |
| 146 | char fwname[64]; |
| 147 | u32 frag_len; |
| 148 | ktime_t calltime, delta, rettime; |
| 149 | unsigned long long duration; |
| 150 | int err; |
| 151 | |
| 152 | BT_DBG("%s", hdev->name); |
| 153 | |
Marcel Holtmann | 35ab815 | 2015-07-05 14:37:40 +0200 | [diff] [blame] | 154 | hu->hdev->set_bdaddr = btintel_set_bdaddr; |
| 155 | |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 156 | calltime = ktime_get(); |
| 157 | |
| 158 | set_bit(STATE_BOOTLOADER, &intel->flags); |
| 159 | |
| 160 | /* Read the Intel version information to determine if the device |
| 161 | * is in bootloader mode or if it already has operational firmware |
| 162 | * loaded. |
| 163 | */ |
| 164 | skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); |
| 165 | if (IS_ERR(skb)) { |
| 166 | BT_ERR("%s: Reading Intel version information failed (%ld)", |
| 167 | hdev->name, PTR_ERR(skb)); |
| 168 | return PTR_ERR(skb); |
| 169 | } |
| 170 | |
| 171 | if (skb->len != sizeof(*ver)) { |
| 172 | BT_ERR("%s: Intel version event size mismatch", hdev->name); |
| 173 | kfree_skb(skb); |
| 174 | return -EILSEQ; |
| 175 | } |
| 176 | |
| 177 | ver = (struct intel_version *)skb->data; |
| 178 | if (ver->status) { |
| 179 | BT_ERR("%s: Intel version command failure (%02x)", |
| 180 | hdev->name, ver->status); |
| 181 | err = -bt_to_errno(ver->status); |
| 182 | kfree_skb(skb); |
| 183 | return err; |
| 184 | } |
| 185 | |
| 186 | /* The hardware platform number has a fixed value of 0x37 and |
| 187 | * for now only accept this single value. |
| 188 | */ |
| 189 | if (ver->hw_platform != 0x37) { |
| 190 | BT_ERR("%s: Unsupported Intel hardware platform (%u)", |
| 191 | hdev->name, ver->hw_platform); |
| 192 | kfree_skb(skb); |
| 193 | return -EINVAL; |
| 194 | } |
| 195 | |
| 196 | /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is |
| 197 | * supported by this firmware loading method. This check has been |
| 198 | * put in place to ensure correct forward compatibility options |
| 199 | * when newer hardware variants come along. |
| 200 | */ |
| 201 | if (ver->hw_variant != 0x0b) { |
| 202 | BT_ERR("%s: Unsupported Intel hardware variant (%u)", |
| 203 | hdev->name, ver->hw_variant); |
| 204 | kfree_skb(skb); |
| 205 | return -EINVAL; |
| 206 | } |
| 207 | |
| 208 | intel_version_info(hdev, ver); |
| 209 | |
| 210 | /* The firmware variant determines if the device is in bootloader |
| 211 | * mode or is running operational firmware. The value 0x06 identifies |
| 212 | * the bootloader and the value 0x23 identifies the operational |
| 213 | * firmware. |
| 214 | * |
| 215 | * When the operational firmware is already present, then only |
| 216 | * the check for valid Bluetooth device address is needed. This |
| 217 | * determines if the device will be added as configured or |
| 218 | * unconfigured controller. |
| 219 | * |
| 220 | * It is not possible to use the Secure Boot Parameters in this |
| 221 | * case since that command is only available in bootloader mode. |
| 222 | */ |
| 223 | if (ver->fw_variant == 0x23) { |
| 224 | kfree_skb(skb); |
| 225 | clear_bit(STATE_BOOTLOADER, &intel->flags); |
| 226 | btintel_check_bdaddr(hdev); |
| 227 | return 0; |
| 228 | } |
| 229 | |
| 230 | /* If the device is not in bootloader mode, then the only possible |
| 231 | * choice is to return an error and abort the device initialization. |
| 232 | */ |
| 233 | if (ver->fw_variant != 0x06) { |
| 234 | BT_ERR("%s: Unsupported Intel firmware variant (%u)", |
| 235 | hdev->name, ver->fw_variant); |
| 236 | kfree_skb(skb); |
| 237 | return -ENODEV; |
| 238 | } |
| 239 | |
| 240 | kfree_skb(skb); |
| 241 | |
| 242 | /* Read the secure boot parameters to identify the operating |
| 243 | * details of the bootloader. |
| 244 | */ |
| 245 | skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); |
| 246 | if (IS_ERR(skb)) { |
| 247 | BT_ERR("%s: Reading Intel boot parameters failed (%ld)", |
| 248 | hdev->name, PTR_ERR(skb)); |
| 249 | return PTR_ERR(skb); |
| 250 | } |
| 251 | |
| 252 | if (skb->len != sizeof(*params)) { |
| 253 | BT_ERR("%s: Intel boot parameters size mismatch", hdev->name); |
| 254 | kfree_skb(skb); |
| 255 | return -EILSEQ; |
| 256 | } |
| 257 | |
| 258 | params = (struct intel_boot_params *)skb->data; |
| 259 | if (params->status) { |
| 260 | BT_ERR("%s: Intel boot parameters command failure (%02x)", |
| 261 | hdev->name, params->status); |
| 262 | err = -bt_to_errno(params->status); |
| 263 | kfree_skb(skb); |
| 264 | return err; |
| 265 | } |
| 266 | |
| 267 | BT_INFO("%s: Device revision is %u", hdev->name, |
| 268 | le16_to_cpu(params->dev_revid)); |
| 269 | |
| 270 | BT_INFO("%s: Secure boot is %s", hdev->name, |
| 271 | params->secure_boot ? "enabled" : "disabled"); |
| 272 | |
| 273 | BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name, |
| 274 | params->min_fw_build_nn, params->min_fw_build_cw, |
| 275 | 2000 + params->min_fw_build_yy); |
| 276 | |
| 277 | /* It is required that every single firmware fragment is acknowledged |
| 278 | * with a command complete event. If the boot parameters indicate |
| 279 | * that this bootloader does not send them, then abort the setup. |
| 280 | */ |
| 281 | if (params->limited_cce != 0x00) { |
| 282 | BT_ERR("%s: Unsupported Intel firmware loading method (%u)", |
| 283 | hdev->name, params->limited_cce); |
| 284 | kfree_skb(skb); |
| 285 | return -EINVAL; |
| 286 | } |
| 287 | |
| 288 | /* If the OTP has no valid Bluetooth device address, then there will |
| 289 | * also be no valid address for the operational firmware. |
| 290 | */ |
| 291 | if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { |
| 292 | BT_INFO("%s: No device address configured", hdev->name); |
| 293 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); |
| 294 | } |
| 295 | |
| 296 | /* With this Intel bootloader only the hardware variant and device |
| 297 | * revision information are used to select the right firmware. |
| 298 | * |
| 299 | * Currently this bootloader support is limited to hardware variant |
| 300 | * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). |
| 301 | */ |
| 302 | snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", |
| 303 | le16_to_cpu(params->dev_revid)); |
| 304 | |
| 305 | err = request_firmware(&fw, fwname, &hdev->dev); |
| 306 | if (err < 0) { |
| 307 | BT_ERR("%s: Failed to load Intel firmware file (%d)", |
| 308 | hdev->name, err); |
| 309 | kfree_skb(skb); |
| 310 | return err; |
| 311 | } |
| 312 | |
| 313 | BT_INFO("%s: Found device firmware: %s", hdev->name, fwname); |
| 314 | |
| 315 | kfree_skb(skb); |
| 316 | |
| 317 | if (fw->size < 644) { |
| 318 | BT_ERR("%s: Invalid size of firmware file (%zu)", |
| 319 | hdev->name, fw->size); |
| 320 | err = -EBADF; |
| 321 | goto done; |
| 322 | } |
| 323 | |
| 324 | set_bit(STATE_DOWNLOADING, &intel->flags); |
| 325 | |
| 326 | /* Start the firmware download transaction with the Init fragment |
| 327 | * represented by the 128 bytes of CSS header. |
| 328 | */ |
Marcel Holtmann | 09df123 | 2015-07-05 14:55:36 +0200 | [diff] [blame^] | 329 | err = btintel_secure_send(hdev, 0x00, 128, fw->data); |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 330 | if (err < 0) { |
| 331 | BT_ERR("%s: Failed to send firmware header (%d)", |
| 332 | hdev->name, err); |
| 333 | goto done; |
| 334 | } |
| 335 | |
| 336 | /* Send the 256 bytes of public key information from the firmware |
| 337 | * as the PKey fragment. |
| 338 | */ |
Marcel Holtmann | 09df123 | 2015-07-05 14:55:36 +0200 | [diff] [blame^] | 339 | err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 340 | if (err < 0) { |
| 341 | BT_ERR("%s: Failed to send firmware public key (%d)", |
| 342 | hdev->name, err); |
| 343 | goto done; |
| 344 | } |
| 345 | |
| 346 | /* Send the 256 bytes of signature information from the firmware |
| 347 | * as the Sign fragment. |
| 348 | */ |
Marcel Holtmann | 09df123 | 2015-07-05 14:55:36 +0200 | [diff] [blame^] | 349 | err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 350 | if (err < 0) { |
| 351 | BT_ERR("%s: Failed to send firmware signature (%d)", |
| 352 | hdev->name, err); |
| 353 | goto done; |
| 354 | } |
| 355 | |
| 356 | fw_ptr = fw->data + 644; |
| 357 | frag_len = 0; |
| 358 | |
| 359 | while (fw_ptr - fw->data < fw->size) { |
| 360 | struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); |
| 361 | |
| 362 | frag_len += sizeof(*cmd) + cmd->plen; |
| 363 | |
| 364 | BT_DBG("%s: patching %td/%zu", hdev->name, |
| 365 | (fw_ptr - fw->data), fw->size); |
| 366 | |
| 367 | /* The parameter length of the secure send command requires |
| 368 | * a 4 byte alignment. It happens so that the firmware file |
| 369 | * contains proper Intel_NOP commands to align the fragments |
| 370 | * as needed. |
| 371 | * |
| 372 | * Send set of commands with 4 byte alignment from the |
| 373 | * firmware data buffer as a single Data fragement. |
| 374 | */ |
| 375 | if (frag_len % 4) |
| 376 | continue; |
| 377 | |
| 378 | /* Send each command from the firmware data buffer as |
| 379 | * a single Data fragment. |
| 380 | */ |
Marcel Holtmann | 09df123 | 2015-07-05 14:55:36 +0200 | [diff] [blame^] | 381 | err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); |
Loic Poulain | ca93cee | 2015-07-01 12:20:26 +0200 | [diff] [blame] | 382 | if (err < 0) { |
| 383 | BT_ERR("%s: Failed to send firmware data (%d)", |
| 384 | hdev->name, err); |
| 385 | goto done; |
| 386 | } |
| 387 | |
| 388 | fw_ptr += frag_len; |
| 389 | frag_len = 0; |
| 390 | } |
| 391 | |
| 392 | set_bit(STATE_FIRMWARE_LOADED, &intel->flags); |
| 393 | |
| 394 | BT_INFO("%s: Waiting for firmware download to complete", hdev->name); |
| 395 | |
| 396 | /* Before switching the device into operational mode and with that |
| 397 | * booting the loaded firmware, wait for the bootloader notification |
| 398 | * that all fragments have been successfully received. |
| 399 | * |
| 400 | * When the event processing receives the notification, then the |
| 401 | * STATE_DOWNLOADING flag will be cleared. |
| 402 | * |
| 403 | * The firmware loading should not take longer than 5 seconds |
| 404 | * and thus just timeout if that happens and fail the setup |
| 405 | * of this device. |
| 406 | */ |
| 407 | err = wait_on_bit_timeout(&intel->flags, STATE_DOWNLOADING, |
| 408 | TASK_INTERRUPTIBLE, |
| 409 | msecs_to_jiffies(5000)); |
| 410 | if (err == 1) { |
| 411 | BT_ERR("%s: Firmware loading interrupted", hdev->name); |
| 412 | err = -EINTR; |
| 413 | goto done; |
| 414 | } |
| 415 | |
| 416 | if (err) { |
| 417 | BT_ERR("%s: Firmware loading timeout", hdev->name); |
| 418 | err = -ETIMEDOUT; |
| 419 | goto done; |
| 420 | } |
| 421 | |
| 422 | if (test_bit(STATE_FIRMWARE_FAILED, &intel->flags)) { |
| 423 | BT_ERR("%s: Firmware loading failed", hdev->name); |
| 424 | err = -ENOEXEC; |
| 425 | goto done; |
| 426 | } |
| 427 | |
| 428 | rettime = ktime_get(); |
| 429 | delta = ktime_sub(rettime, calltime); |
| 430 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; |
| 431 | |
| 432 | BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration); |
| 433 | |
| 434 | done: |
| 435 | release_firmware(fw); |
| 436 | |
| 437 | if (err < 0) |
| 438 | return err; |
| 439 | |
| 440 | calltime = ktime_get(); |
| 441 | |
| 442 | set_bit(STATE_BOOTING, &intel->flags); |
| 443 | |
| 444 | skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, |
| 445 | HCI_INIT_TIMEOUT); |
| 446 | if (IS_ERR(skb)) |
| 447 | return PTR_ERR(skb); |
| 448 | |
| 449 | kfree_skb(skb); |
| 450 | |
| 451 | /* The bootloader will not indicate when the device is ready. This |
| 452 | * is done by the operational firmware sending bootup notification. |
| 453 | * |
| 454 | * Booting into operational firmware should not take longer than |
| 455 | * 1 second. However if that happens, then just fail the setup |
| 456 | * since something went wrong. |
| 457 | */ |
| 458 | BT_INFO("%s: Waiting for device to boot", hdev->name); |
| 459 | |
| 460 | err = wait_on_bit_timeout(&intel->flags, STATE_BOOTING, |
| 461 | TASK_INTERRUPTIBLE, |
| 462 | msecs_to_jiffies(1000)); |
| 463 | |
| 464 | if (err == 1) { |
| 465 | BT_ERR("%s: Device boot interrupted", hdev->name); |
| 466 | return -EINTR; |
| 467 | } |
| 468 | |
| 469 | if (err) { |
| 470 | BT_ERR("%s: Device boot timeout", hdev->name); |
| 471 | return -ETIMEDOUT; |
| 472 | } |
| 473 | |
| 474 | rettime = ktime_get(); |
| 475 | delta = ktime_sub(rettime, calltime); |
| 476 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; |
| 477 | |
| 478 | BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration); |
| 479 | |
| 480 | clear_bit(STATE_BOOTLOADER, &intel->flags); |
| 481 | |
| 482 | return 0; |
| 483 | } |
| 484 | |
| 485 | static int intel_recv_event(struct hci_dev *hdev, struct sk_buff *skb) |
| 486 | { |
| 487 | struct hci_uart *hu = hci_get_drvdata(hdev); |
| 488 | struct intel_data *intel = hu->priv; |
| 489 | struct hci_event_hdr *hdr; |
| 490 | |
| 491 | if (!test_bit(STATE_BOOTLOADER, &intel->flags)) |
| 492 | goto recv; |
| 493 | |
| 494 | hdr = (void *)skb->data; |
| 495 | |
| 496 | /* When the firmware loading completes the device sends |
| 497 | * out a vendor specific event indicating the result of |
| 498 | * the firmware loading. |
| 499 | */ |
| 500 | if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && |
| 501 | skb->data[2] == 0x06) { |
| 502 | if (skb->data[3] != 0x00) |
| 503 | set_bit(STATE_FIRMWARE_FAILED, &intel->flags); |
| 504 | |
| 505 | if (test_and_clear_bit(STATE_DOWNLOADING, &intel->flags) && |
| 506 | test_bit(STATE_FIRMWARE_LOADED, &intel->flags)) { |
| 507 | smp_mb__after_atomic(); |
| 508 | wake_up_bit(&intel->flags, STATE_DOWNLOADING); |
| 509 | } |
| 510 | |
| 511 | /* When switching to the operational firmware the device |
| 512 | * sends a vendor specific event indicating that the bootup |
| 513 | * completed. |
| 514 | */ |
| 515 | } else if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && |
| 516 | skb->data[2] == 0x02) { |
| 517 | if (test_and_clear_bit(STATE_BOOTING, &intel->flags)) { |
| 518 | smp_mb__after_atomic(); |
| 519 | wake_up_bit(&intel->flags, STATE_BOOTING); |
| 520 | } |
| 521 | } |
| 522 | recv: |
| 523 | return hci_recv_frame(hdev, skb); |
| 524 | } |
| 525 | |
| 526 | static const struct h4_recv_pkt intel_recv_pkts[] = { |
| 527 | { H4_RECV_ACL, .recv = hci_recv_frame }, |
| 528 | { H4_RECV_SCO, .recv = hci_recv_frame }, |
| 529 | { H4_RECV_EVENT, .recv = intel_recv_event }, |
| 530 | }; |
| 531 | |
| 532 | static int intel_recv(struct hci_uart *hu, const void *data, int count) |
| 533 | { |
| 534 | struct intel_data *intel = hu->priv; |
| 535 | |
| 536 | if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) |
| 537 | return -EUNATCH; |
| 538 | |
| 539 | intel->rx_skb = h4_recv_buf(hu->hdev, intel->rx_skb, data, count, |
| 540 | intel_recv_pkts, |
| 541 | ARRAY_SIZE(intel_recv_pkts)); |
| 542 | if (IS_ERR(intel->rx_skb)) { |
| 543 | int err = PTR_ERR(intel->rx_skb); |
| 544 | BT_ERR("%s: Frame reassembly failed (%d)", hu->hdev->name, err); |
| 545 | intel->rx_skb = NULL; |
| 546 | return err; |
| 547 | } |
| 548 | |
| 549 | return count; |
| 550 | } |
| 551 | |
| 552 | static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) |
| 553 | { |
| 554 | struct intel_data *intel = hu->priv; |
| 555 | |
| 556 | BT_DBG("hu %p skb %p", hu, skb); |
| 557 | |
| 558 | skb_queue_tail(&intel->txq, skb); |
| 559 | |
| 560 | return 0; |
| 561 | } |
| 562 | |
| 563 | static struct sk_buff *intel_dequeue(struct hci_uart *hu) |
| 564 | { |
| 565 | struct intel_data *intel = hu->priv; |
| 566 | struct sk_buff *skb; |
| 567 | |
| 568 | skb = skb_dequeue(&intel->txq); |
| 569 | if (!skb) |
| 570 | return skb; |
| 571 | |
| 572 | if (test_bit(STATE_BOOTLOADER, &intel->flags) && |
| 573 | (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT)) { |
| 574 | struct hci_command_hdr *cmd = (void *)skb->data; |
| 575 | __u16 opcode = le16_to_cpu(cmd->opcode); |
| 576 | |
| 577 | /* When the 0xfc01 command is issued to boot into |
| 578 | * the operational firmware, it will actually not |
| 579 | * send a command complete event. To keep the flow |
| 580 | * control working inject that event here. |
| 581 | */ |
| 582 | if (opcode == 0xfc01) |
| 583 | inject_cmd_complete(hu->hdev, opcode); |
| 584 | } |
| 585 | |
| 586 | /* Prepend skb with frame type */ |
| 587 | memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1); |
| 588 | |
| 589 | return skb; |
| 590 | } |
| 591 | |
| 592 | static const struct hci_uart_proto intel_proto = { |
| 593 | .id = HCI_UART_INTEL, |
| 594 | .name = "Intel", |
| 595 | .init_speed = 115200, |
| 596 | .open = intel_open, |
| 597 | .close = intel_close, |
| 598 | .flush = intel_flush, |
| 599 | .setup = intel_setup, |
| 600 | .recv = intel_recv, |
| 601 | .enqueue = intel_enqueue, |
| 602 | .dequeue = intel_dequeue, |
| 603 | }; |
| 604 | |
| 605 | int __init intel_init(void) |
| 606 | { |
| 607 | return hci_uart_register_proto(&intel_proto); |
| 608 | } |
| 609 | |
| 610 | int __exit intel_deinit(void) |
| 611 | { |
| 612 | return hci_uart_unregister_proto(&intel_proto); |
| 613 | } |