linux/drivers/bluetooth/hci_qca.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *  Bluetooth Software UART Qualcomm protocol
   4 *
   5 *  HCI_IBS (HCI In-Band Sleep) is Qualcomm's power management
   6 *  protocol extension to H4.
   7 *
   8 *  Copyright (C) 2007 Texas Instruments, Inc.
   9 *  Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.
  10 *
  11 *  Acknowledgements:
  12 *  This file is based on hci_ll.c, which was...
  13 *  Written by Ohad Ben-Cohen <ohad@bencohen.org>
  14 *  which was in turn based on hci_h4.c, which was written
  15 *  by Maxim Krasnyansky and Marcel Holtmann.
  16 */
  17
  18#include <linux/kernel.h>
  19#include <linux/clk.h>
  20#include <linux/completion.h>
  21#include <linux/debugfs.h>
  22#include <linux/delay.h>
  23#include <linux/devcoredump.h>
  24#include <linux/device.h>
  25#include <linux/gpio/consumer.h>
  26#include <linux/mod_devicetable.h>
  27#include <linux/module.h>
  28#include <linux/of_device.h>
  29#include <linux/acpi.h>
  30#include <linux/platform_device.h>
  31#include <linux/regulator/consumer.h>
  32#include <linux/serdev.h>
  33#include <linux/mutex.h>
  34#include <asm/unaligned.h>
  35
  36#include <net/bluetooth/bluetooth.h>
  37#include <net/bluetooth/hci_core.h>
  38
  39#include "hci_uart.h"
  40#include "btqca.h"
  41
  42/* HCI_IBS protocol messages */
  43#define HCI_IBS_SLEEP_IND       0xFE
  44#define HCI_IBS_WAKE_IND        0xFD
  45#define HCI_IBS_WAKE_ACK        0xFC
  46#define HCI_MAX_IBS_SIZE        10
  47
  48#define IBS_WAKE_RETRANS_TIMEOUT_MS     100
  49#define IBS_BTSOC_TX_IDLE_TIMEOUT_MS    200
  50#define IBS_HOST_TX_IDLE_TIMEOUT_MS     2000
  51#define CMD_TRANS_TIMEOUT_MS            100
  52#define MEMDUMP_TIMEOUT_MS              8000
  53#define IBS_DISABLE_SSR_TIMEOUT_MS \
  54        (MEMDUMP_TIMEOUT_MS + FW_DOWNLOAD_TIMEOUT_MS)
  55#define FW_DOWNLOAD_TIMEOUT_MS          3000
  56
  57/* susclk rate */
  58#define SUSCLK_RATE_32KHZ       32768
  59
  60/* Controller debug log header */
  61#define QCA_DEBUG_HANDLE        0x2EDC
  62
  63/* max retry count when init fails */
  64#define MAX_INIT_RETRIES 3
  65
  66/* Controller dump header */
  67#define QCA_SSR_DUMP_HANDLE             0x0108
  68#define QCA_DUMP_PACKET_SIZE            255
  69#define QCA_LAST_SEQUENCE_NUM           0xFFFF
  70#define QCA_CRASHBYTE_PACKET_LEN        1096
  71#define QCA_MEMDUMP_BYTE                0xFB
  72
  73enum qca_flags {
  74        QCA_IBS_DISABLED,
  75        QCA_DROP_VENDOR_EVENT,
  76        QCA_SUSPENDING,
  77        QCA_MEMDUMP_COLLECTION,
  78        QCA_HW_ERROR_EVENT,
  79        QCA_SSR_TRIGGERED,
  80        QCA_BT_OFF,
  81        QCA_ROM_FW
  82};
  83
  84enum qca_capabilities {
  85        QCA_CAP_WIDEBAND_SPEECH = BIT(0),
  86        QCA_CAP_VALID_LE_STATES = BIT(1),
  87};
  88
  89/* HCI_IBS transmit side sleep protocol states */
  90enum tx_ibs_states {
  91        HCI_IBS_TX_ASLEEP,
  92        HCI_IBS_TX_WAKING,
  93        HCI_IBS_TX_AWAKE,
  94};
  95
  96/* HCI_IBS receive side sleep protocol states */
  97enum rx_states {
  98        HCI_IBS_RX_ASLEEP,
  99        HCI_IBS_RX_AWAKE,
 100};
 101
 102/* HCI_IBS transmit and receive side clock state vote */
 103enum hci_ibs_clock_state_vote {
 104        HCI_IBS_VOTE_STATS_UPDATE,
 105        HCI_IBS_TX_VOTE_CLOCK_ON,
 106        HCI_IBS_TX_VOTE_CLOCK_OFF,
 107        HCI_IBS_RX_VOTE_CLOCK_ON,
 108        HCI_IBS_RX_VOTE_CLOCK_OFF,
 109};
 110
 111/* Controller memory dump states */
 112enum qca_memdump_states {
 113        QCA_MEMDUMP_IDLE,
 114        QCA_MEMDUMP_COLLECTING,
 115        QCA_MEMDUMP_COLLECTED,
 116        QCA_MEMDUMP_TIMEOUT,
 117};
 118
 119struct qca_memdump_data {
 120        char *memdump_buf_head;
 121        char *memdump_buf_tail;
 122        u32 current_seq_no;
 123        u32 received_dump;
 124        u32 ram_dump_size;
 125};
 126
 127struct qca_memdump_event_hdr {
 128        __u8    evt;
 129        __u8    plen;
 130        __u16   opcode;
 131        __u16   seq_no;
 132        __u8    reserved;
 133} __packed;
 134
 135
 136struct qca_dump_size {
 137        u32 dump_size;
 138} __packed;
 139
 140struct qca_data {
 141        struct hci_uart *hu;
 142        struct sk_buff *rx_skb;
 143        struct sk_buff_head txq;
 144        struct sk_buff_head tx_wait_q;  /* HCI_IBS wait queue   */
 145        struct sk_buff_head rx_memdump_q;       /* Memdump wait queue   */
 146        spinlock_t hci_ibs_lock;        /* HCI_IBS state lock   */
 147        u8 tx_ibs_state;        /* HCI_IBS transmit side power state*/
 148        u8 rx_ibs_state;        /* HCI_IBS receive side power state */
 149        bool tx_vote;           /* Clock must be on for TX */
 150        bool rx_vote;           /* Clock must be on for RX */
 151        struct timer_list tx_idle_timer;
 152        u32 tx_idle_delay;
 153        struct timer_list wake_retrans_timer;
 154        u32 wake_retrans;
 155        struct workqueue_struct *workqueue;
 156        struct work_struct ws_awake_rx;
 157        struct work_struct ws_awake_device;
 158        struct work_struct ws_rx_vote_off;
 159        struct work_struct ws_tx_vote_off;
 160        struct work_struct ctrl_memdump_evt;
 161        struct delayed_work ctrl_memdump_timeout;
 162        struct qca_memdump_data *qca_memdump;
 163        unsigned long flags;
 164        struct completion drop_ev_comp;
 165        wait_queue_head_t suspend_wait_q;
 166        enum qca_memdump_states memdump_state;
 167        struct mutex hci_memdump_lock;
 168
 169        /* For debugging purpose */
 170        u64 ibs_sent_wacks;
 171        u64 ibs_sent_slps;
 172        u64 ibs_sent_wakes;
 173        u64 ibs_recv_wacks;
 174        u64 ibs_recv_slps;
 175        u64 ibs_recv_wakes;
 176        u64 vote_last_jif;
 177        u32 vote_on_ms;
 178        u32 vote_off_ms;
 179        u64 tx_votes_on;
 180        u64 rx_votes_on;
 181        u64 tx_votes_off;
 182        u64 rx_votes_off;
 183        u64 votes_on;
 184        u64 votes_off;
 185};
 186
 187enum qca_speed_type {
 188        QCA_INIT_SPEED = 1,
 189        QCA_OPER_SPEED
 190};
 191
 192/*
 193 * Voltage regulator information required for configuring the
 194 * QCA Bluetooth chipset
 195 */
 196struct qca_vreg {
 197        const char *name;
 198        unsigned int load_uA;
 199};
 200
 201struct qca_device_data {
 202        enum qca_btsoc_type soc_type;
 203        struct qca_vreg *vregs;
 204        size_t num_vregs;
 205        uint32_t capabilities;
 206};
 207
 208/*
 209 * Platform data for the QCA Bluetooth power driver.
 210 */
 211struct qca_power {
 212        struct device *dev;
 213        struct regulator_bulk_data *vreg_bulk;
 214        int num_vregs;
 215        bool vregs_on;
 216};
 217
 218struct qca_serdev {
 219        struct hci_uart  serdev_hu;
 220        struct gpio_desc *bt_en;
 221        struct clk       *susclk;
 222        enum qca_btsoc_type btsoc_type;
 223        struct qca_power *bt_power;
 224        u32 init_speed;
 225        u32 oper_speed;
 226        const char *firmware_name;
 227};
 228
 229static int qca_regulator_enable(struct qca_serdev *qcadev);
 230static void qca_regulator_disable(struct qca_serdev *qcadev);
 231static void qca_power_shutdown(struct hci_uart *hu);
 232static int qca_power_off(struct hci_dev *hdev);
 233static void qca_controller_memdump(struct work_struct *work);
 234
 235static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
 236{
 237        enum qca_btsoc_type soc_type;
 238
 239        if (hu->serdev) {
 240                struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
 241
 242                soc_type = qsd->btsoc_type;
 243        } else {
 244                soc_type = QCA_ROME;
 245        }
 246
 247        return soc_type;
 248}
 249
 250static const char *qca_get_firmware_name(struct hci_uart *hu)
 251{
 252        if (hu->serdev) {
 253                struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
 254
 255                return qsd->firmware_name;
 256        } else {
 257                return NULL;
 258        }
 259}
 260
 261static void __serial_clock_on(struct tty_struct *tty)
 262{
 263        /* TODO: Some chipset requires to enable UART clock on client
 264         * side to save power consumption or manual work is required.
 265         * Please put your code to control UART clock here if needed
 266         */
 267}
 268
 269static void __serial_clock_off(struct tty_struct *tty)
 270{
 271        /* TODO: Some chipset requires to disable UART clock on client
 272         * side to save power consumption or manual work is required.
 273         * Please put your code to control UART clock off here if needed
 274         */
 275}
 276
 277/* serial_clock_vote needs to be called with the ibs lock held */
 278static void serial_clock_vote(unsigned long vote, struct hci_uart *hu)
 279{
 280        struct qca_data *qca = hu->priv;
 281        unsigned int diff;
 282
 283        bool old_vote = (qca->tx_vote | qca->rx_vote);
 284        bool new_vote;
 285
 286        switch (vote) {
 287        case HCI_IBS_VOTE_STATS_UPDATE:
 288                diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
 289
 290                if (old_vote)
 291                        qca->vote_off_ms += diff;
 292                else
 293                        qca->vote_on_ms += diff;
 294                return;
 295
 296        case HCI_IBS_TX_VOTE_CLOCK_ON:
 297                qca->tx_vote = true;
 298                qca->tx_votes_on++;
 299                break;
 300
 301        case HCI_IBS_RX_VOTE_CLOCK_ON:
 302                qca->rx_vote = true;
 303                qca->rx_votes_on++;
 304                break;
 305
 306        case HCI_IBS_TX_VOTE_CLOCK_OFF:
 307                qca->tx_vote = false;
 308                qca->tx_votes_off++;
 309                break;
 310
 311        case HCI_IBS_RX_VOTE_CLOCK_OFF:
 312                qca->rx_vote = false;
 313                qca->rx_votes_off++;
 314                break;
 315
 316        default:
 317                BT_ERR("Voting irregularity");
 318                return;
 319        }
 320
 321        new_vote = qca->rx_vote | qca->tx_vote;
 322
 323        if (new_vote != old_vote) {
 324                if (new_vote)
 325                        __serial_clock_on(hu->tty);
 326                else
 327                        __serial_clock_off(hu->tty);
 328
 329                BT_DBG("Vote serial clock %s(%s)", new_vote ? "true" : "false",
 330                       vote ? "true" : "false");
 331
 332                diff = jiffies_to_msecs(jiffies - qca->vote_last_jif);
 333
 334                if (new_vote) {
 335                        qca->votes_on++;
 336                        qca->vote_off_ms += diff;
 337                } else {
 338                        qca->votes_off++;
 339                        qca->vote_on_ms += diff;
 340                }
 341                qca->vote_last_jif = jiffies;
 342        }
 343}
 344
 345/* Builds and sends an HCI_IBS command packet.
 346 * These are very simple packets with only 1 cmd byte.
 347 */
 348static int send_hci_ibs_cmd(u8 cmd, struct hci_uart *hu)
 349{
 350        int err = 0;
 351        struct sk_buff *skb = NULL;
 352        struct qca_data *qca = hu->priv;
 353
 354        BT_DBG("hu %p send hci ibs cmd 0x%x", hu, cmd);
 355
 356        skb = bt_skb_alloc(1, GFP_ATOMIC);
 357        if (!skb) {
 358                BT_ERR("Failed to allocate memory for HCI_IBS packet");
 359                return -ENOMEM;
 360        }
 361
 362        /* Assign HCI_IBS type */
 363        skb_put_u8(skb, cmd);
 364
 365        skb_queue_tail(&qca->txq, skb);
 366
 367        return err;
 368}
 369
 370static void qca_wq_awake_device(struct work_struct *work)
 371{
 372        struct qca_data *qca = container_of(work, struct qca_data,
 373                                            ws_awake_device);
 374        struct hci_uart *hu = qca->hu;
 375        unsigned long retrans_delay;
 376        unsigned long flags;
 377
 378        BT_DBG("hu %p wq awake device", hu);
 379
 380        /* Vote for serial clock */
 381        serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_ON, hu);
 382
 383        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 384
 385        /* Send wake indication to device */
 386        if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0)
 387                BT_ERR("Failed to send WAKE to device");
 388
 389        qca->ibs_sent_wakes++;
 390
 391        /* Start retransmit timer */
 392        retrans_delay = msecs_to_jiffies(qca->wake_retrans);
 393        mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
 394
 395        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 396
 397        /* Actually send the packets */
 398        hci_uart_tx_wakeup(hu);
 399}
 400
 401static void qca_wq_awake_rx(struct work_struct *work)
 402{
 403        struct qca_data *qca = container_of(work, struct qca_data,
 404                                            ws_awake_rx);
 405        struct hci_uart *hu = qca->hu;
 406        unsigned long flags;
 407
 408        BT_DBG("hu %p wq awake rx", hu);
 409
 410        serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_ON, hu);
 411
 412        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 413        qca->rx_ibs_state = HCI_IBS_RX_AWAKE;
 414
 415        /* Always acknowledge device wake up,
 416         * sending IBS message doesn't count as TX ON.
 417         */
 418        if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0)
 419                BT_ERR("Failed to acknowledge device wake up");
 420
 421        qca->ibs_sent_wacks++;
 422
 423        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 424
 425        /* Actually send the packets */
 426        hci_uart_tx_wakeup(hu);
 427}
 428
 429static void qca_wq_serial_rx_clock_vote_off(struct work_struct *work)
 430{
 431        struct qca_data *qca = container_of(work, struct qca_data,
 432                                            ws_rx_vote_off);
 433        struct hci_uart *hu = qca->hu;
 434
 435        BT_DBG("hu %p rx clock vote off", hu);
 436
 437        serial_clock_vote(HCI_IBS_RX_VOTE_CLOCK_OFF, hu);
 438}
 439
 440static void qca_wq_serial_tx_clock_vote_off(struct work_struct *work)
 441{
 442        struct qca_data *qca = container_of(work, struct qca_data,
 443                                            ws_tx_vote_off);
 444        struct hci_uart *hu = qca->hu;
 445
 446        BT_DBG("hu %p tx clock vote off", hu);
 447
 448        /* Run HCI tx handling unlocked */
 449        hci_uart_tx_wakeup(hu);
 450
 451        /* Now that message queued to tty driver, vote for tty clocks off.
 452         * It is up to the tty driver to pend the clocks off until tx done.
 453         */
 454        serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu);
 455}
 456
 457static void hci_ibs_tx_idle_timeout(struct timer_list *t)
 458{
 459        struct qca_data *qca = from_timer(qca, t, tx_idle_timer);
 460        struct hci_uart *hu = qca->hu;
 461        unsigned long flags;
 462
 463        BT_DBG("hu %p idle timeout in %d state", hu, qca->tx_ibs_state);
 464
 465        spin_lock_irqsave_nested(&qca->hci_ibs_lock,
 466                                 flags, SINGLE_DEPTH_NESTING);
 467
 468        switch (qca->tx_ibs_state) {
 469        case HCI_IBS_TX_AWAKE:
 470                /* TX_IDLE, go to SLEEP */
 471                if (send_hci_ibs_cmd(HCI_IBS_SLEEP_IND, hu) < 0) {
 472                        BT_ERR("Failed to send SLEEP to device");
 473                        break;
 474                }
 475                qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
 476                qca->ibs_sent_slps++;
 477                queue_work(qca->workqueue, &qca->ws_tx_vote_off);
 478                break;
 479
 480        case HCI_IBS_TX_ASLEEP:
 481        case HCI_IBS_TX_WAKING:
 482        default:
 483                BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
 484                break;
 485        }
 486
 487        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 488}
 489
 490static void hci_ibs_wake_retrans_timeout(struct timer_list *t)
 491{
 492        struct qca_data *qca = from_timer(qca, t, wake_retrans_timer);
 493        struct hci_uart *hu = qca->hu;
 494        unsigned long flags, retrans_delay;
 495        bool retransmit = false;
 496
 497        BT_DBG("hu %p wake retransmit timeout in %d state",
 498                hu, qca->tx_ibs_state);
 499
 500        spin_lock_irqsave_nested(&qca->hci_ibs_lock,
 501                                 flags, SINGLE_DEPTH_NESTING);
 502
 503        /* Don't retransmit the HCI_IBS_WAKE_IND when suspending. */
 504        if (test_bit(QCA_SUSPENDING, &qca->flags)) {
 505                spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 506                return;
 507        }
 508
 509        switch (qca->tx_ibs_state) {
 510        case HCI_IBS_TX_WAKING:
 511                /* No WAKE_ACK, retransmit WAKE */
 512                retransmit = true;
 513                if (send_hci_ibs_cmd(HCI_IBS_WAKE_IND, hu) < 0) {
 514                        BT_ERR("Failed to acknowledge device wake up");
 515                        break;
 516                }
 517                qca->ibs_sent_wakes++;
 518                retrans_delay = msecs_to_jiffies(qca->wake_retrans);
 519                mod_timer(&qca->wake_retrans_timer, jiffies + retrans_delay);
 520                break;
 521
 522        case HCI_IBS_TX_ASLEEP:
 523        case HCI_IBS_TX_AWAKE:
 524        default:
 525                BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state);
 526                break;
 527        }
 528
 529        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 530
 531        if (retransmit)
 532                hci_uart_tx_wakeup(hu);
 533}
 534
 535
 536static void qca_controller_memdump_timeout(struct work_struct *work)
 537{
 538        struct qca_data *qca = container_of(work, struct qca_data,
 539                                        ctrl_memdump_timeout.work);
 540        struct hci_uart *hu = qca->hu;
 541
 542        mutex_lock(&qca->hci_memdump_lock);
 543        if (test_bit(QCA_MEMDUMP_COLLECTION, &qca->flags)) {
 544                qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
 545                if (!test_bit(QCA_HW_ERROR_EVENT, &qca->flags)) {
 546                        /* Inject hw error event to reset the device
 547                         * and driver.
 548                         */
 549                        hci_reset_dev(hu->hdev);
 550                }
 551        }
 552
 553        mutex_unlock(&qca->hci_memdump_lock);
 554}
 555
 556
 557/* Initialize protocol */
 558static int qca_open(struct hci_uart *hu)
 559{
 560        struct qca_serdev *qcadev;
 561        struct qca_data *qca;
 562
 563        BT_DBG("hu %p qca_open", hu);
 564
 565        if (!hci_uart_has_flow_control(hu))
 566                return -EOPNOTSUPP;
 567
 568        qca = kzalloc(sizeof(struct qca_data), GFP_KERNEL);
 569        if (!qca)
 570                return -ENOMEM;
 571
 572        skb_queue_head_init(&qca->txq);
 573        skb_queue_head_init(&qca->tx_wait_q);
 574        skb_queue_head_init(&qca->rx_memdump_q);
 575        spin_lock_init(&qca->hci_ibs_lock);
 576        mutex_init(&qca->hci_memdump_lock);
 577        qca->workqueue = alloc_ordered_workqueue("qca_wq", 0);
 578        if (!qca->workqueue) {
 579                BT_ERR("QCA Workqueue not initialized properly");
 580                kfree(qca);
 581                return -ENOMEM;
 582        }
 583
 584        INIT_WORK(&qca->ws_awake_rx, qca_wq_awake_rx);
 585        INIT_WORK(&qca->ws_awake_device, qca_wq_awake_device);
 586        INIT_WORK(&qca->ws_rx_vote_off, qca_wq_serial_rx_clock_vote_off);
 587        INIT_WORK(&qca->ws_tx_vote_off, qca_wq_serial_tx_clock_vote_off);
 588        INIT_WORK(&qca->ctrl_memdump_evt, qca_controller_memdump);
 589        INIT_DELAYED_WORK(&qca->ctrl_memdump_timeout,
 590                          qca_controller_memdump_timeout);
 591        init_waitqueue_head(&qca->suspend_wait_q);
 592
 593        qca->hu = hu;
 594        init_completion(&qca->drop_ev_comp);
 595
 596        /* Assume we start with both sides asleep -- extra wakes OK */
 597        qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
 598        qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
 599
 600        qca->vote_last_jif = jiffies;
 601
 602        hu->priv = qca;
 603
 604        if (hu->serdev) {
 605                qcadev = serdev_device_get_drvdata(hu->serdev);
 606
 607                if (qca_is_wcn399x(qcadev->btsoc_type))
 608                        hu->init_speed = qcadev->init_speed;
 609
 610                if (qcadev->oper_speed)
 611                        hu->oper_speed = qcadev->oper_speed;
 612        }
 613
 614        timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0);
 615        qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS;
 616
 617        timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0);
 618        qca->tx_idle_delay = IBS_HOST_TX_IDLE_TIMEOUT_MS;
 619
 620        BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u",
 621               qca->tx_idle_delay, qca->wake_retrans);
 622
 623        return 0;
 624}
 625
 626static void qca_debugfs_init(struct hci_dev *hdev)
 627{
 628        struct hci_uart *hu = hci_get_drvdata(hdev);
 629        struct qca_data *qca = hu->priv;
 630        struct dentry *ibs_dir;
 631        umode_t mode;
 632
 633        if (!hdev->debugfs)
 634                return;
 635
 636        ibs_dir = debugfs_create_dir("ibs", hdev->debugfs);
 637
 638        /* read only */
 639        mode = 0444;
 640        debugfs_create_u8("tx_ibs_state", mode, ibs_dir, &qca->tx_ibs_state);
 641        debugfs_create_u8("rx_ibs_state", mode, ibs_dir, &qca->rx_ibs_state);
 642        debugfs_create_u64("ibs_sent_sleeps", mode, ibs_dir,
 643                           &qca->ibs_sent_slps);
 644        debugfs_create_u64("ibs_sent_wakes", mode, ibs_dir,
 645                           &qca->ibs_sent_wakes);
 646        debugfs_create_u64("ibs_sent_wake_acks", mode, ibs_dir,
 647                           &qca->ibs_sent_wacks);
 648        debugfs_create_u64("ibs_recv_sleeps", mode, ibs_dir,
 649                           &qca->ibs_recv_slps);
 650        debugfs_create_u64("ibs_recv_wakes", mode, ibs_dir,
 651                           &qca->ibs_recv_wakes);
 652        debugfs_create_u64("ibs_recv_wake_acks", mode, ibs_dir,
 653                           &qca->ibs_recv_wacks);
 654        debugfs_create_bool("tx_vote", mode, ibs_dir, &qca->tx_vote);
 655        debugfs_create_u64("tx_votes_on", mode, ibs_dir, &qca->tx_votes_on);
 656        debugfs_create_u64("tx_votes_off", mode, ibs_dir, &qca->tx_votes_off);
 657        debugfs_create_bool("rx_vote", mode, ibs_dir, &qca->rx_vote);
 658        debugfs_create_u64("rx_votes_on", mode, ibs_dir, &qca->rx_votes_on);
 659        debugfs_create_u64("rx_votes_off", mode, ibs_dir, &qca->rx_votes_off);
 660        debugfs_create_u64("votes_on", mode, ibs_dir, &qca->votes_on);
 661        debugfs_create_u64("votes_off", mode, ibs_dir, &qca->votes_off);
 662        debugfs_create_u32("vote_on_ms", mode, ibs_dir, &qca->vote_on_ms);
 663        debugfs_create_u32("vote_off_ms", mode, ibs_dir, &qca->vote_off_ms);
 664
 665        /* read/write */
 666        mode = 0644;
 667        debugfs_create_u32("wake_retrans", mode, ibs_dir, &qca->wake_retrans);
 668        debugfs_create_u32("tx_idle_delay", mode, ibs_dir,
 669                           &qca->tx_idle_delay);
 670}
 671
 672/* Flush protocol data */
 673static int qca_flush(struct hci_uart *hu)
 674{
 675        struct qca_data *qca = hu->priv;
 676
 677        BT_DBG("hu %p qca flush", hu);
 678
 679        skb_queue_purge(&qca->tx_wait_q);
 680        skb_queue_purge(&qca->txq);
 681
 682        return 0;
 683}
 684
 685/* Close protocol */
 686static int qca_close(struct hci_uart *hu)
 687{
 688        struct qca_data *qca = hu->priv;
 689
 690        BT_DBG("hu %p qca close", hu);
 691
 692        serial_clock_vote(HCI_IBS_VOTE_STATS_UPDATE, hu);
 693
 694        skb_queue_purge(&qca->tx_wait_q);
 695        skb_queue_purge(&qca->txq);
 696        skb_queue_purge(&qca->rx_memdump_q);
 697        del_timer(&qca->tx_idle_timer);
 698        del_timer(&qca->wake_retrans_timer);
 699        destroy_workqueue(qca->workqueue);
 700        qca->hu = NULL;
 701
 702        kfree_skb(qca->rx_skb);
 703
 704        hu->priv = NULL;
 705
 706        kfree(qca);
 707
 708        return 0;
 709}
 710
 711/* Called upon a wake-up-indication from the device.
 712 */
 713static void device_want_to_wakeup(struct hci_uart *hu)
 714{
 715        unsigned long flags;
 716        struct qca_data *qca = hu->priv;
 717
 718        BT_DBG("hu %p want to wake up", hu);
 719
 720        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 721
 722        qca->ibs_recv_wakes++;
 723
 724        /* Don't wake the rx up when suspending. */
 725        if (test_bit(QCA_SUSPENDING, &qca->flags)) {
 726                spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 727                return;
 728        }
 729
 730        switch (qca->rx_ibs_state) {
 731        case HCI_IBS_RX_ASLEEP:
 732                /* Make sure clock is on - we may have turned clock off since
 733                 * receiving the wake up indicator awake rx clock.
 734                 */
 735                queue_work(qca->workqueue, &qca->ws_awake_rx);
 736                spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 737                return;
 738
 739        case HCI_IBS_RX_AWAKE:
 740                /* Always acknowledge device wake up,
 741                 * sending IBS message doesn't count as TX ON.
 742                 */
 743                if (send_hci_ibs_cmd(HCI_IBS_WAKE_ACK, hu) < 0) {
 744                        BT_ERR("Failed to acknowledge device wake up");
 745                        break;
 746                }
 747                qca->ibs_sent_wacks++;
 748                break;
 749
 750        default:
 751                /* Any other state is illegal */
 752                BT_ERR("Received HCI_IBS_WAKE_IND in rx state %d",
 753                       qca->rx_ibs_state);
 754                break;
 755        }
 756
 757        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 758
 759        /* Actually send the packets */
 760        hci_uart_tx_wakeup(hu);
 761}
 762
 763/* Called upon a sleep-indication from the device.
 764 */
 765static void device_want_to_sleep(struct hci_uart *hu)
 766{
 767        unsigned long flags;
 768        struct qca_data *qca = hu->priv;
 769
 770        BT_DBG("hu %p want to sleep in %d state", hu, qca->rx_ibs_state);
 771
 772        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 773
 774        qca->ibs_recv_slps++;
 775
 776        switch (qca->rx_ibs_state) {
 777        case HCI_IBS_RX_AWAKE:
 778                /* Update state */
 779                qca->rx_ibs_state = HCI_IBS_RX_ASLEEP;
 780                /* Vote off rx clock under workqueue */
 781                queue_work(qca->workqueue, &qca->ws_rx_vote_off);
 782                break;
 783
 784        case HCI_IBS_RX_ASLEEP:
 785                break;
 786
 787        default:
 788                /* Any other state is illegal */
 789                BT_ERR("Received HCI_IBS_SLEEP_IND in rx state %d",
 790                       qca->rx_ibs_state);
 791                break;
 792        }
 793
 794        wake_up_interruptible(&qca->suspend_wait_q);
 795
 796        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 797}
 798
 799/* Called upon wake-up-acknowledgement from the device
 800 */
 801static void device_woke_up(struct hci_uart *hu)
 802{
 803        unsigned long flags, idle_delay;
 804        struct qca_data *qca = hu->priv;
 805        struct sk_buff *skb = NULL;
 806
 807        BT_DBG("hu %p woke up", hu);
 808
 809        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 810
 811        qca->ibs_recv_wacks++;
 812
 813        /* Don't react to the wake-up-acknowledgment when suspending. */
 814        if (test_bit(QCA_SUSPENDING, &qca->flags)) {
 815                spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 816                return;
 817        }
 818
 819        switch (qca->tx_ibs_state) {
 820        case HCI_IBS_TX_AWAKE:
 821                /* Expect one if we send 2 WAKEs */
 822                BT_DBG("Received HCI_IBS_WAKE_ACK in tx state %d",
 823                       qca->tx_ibs_state);
 824                break;
 825
 826        case HCI_IBS_TX_WAKING:
 827                /* Send pending packets */
 828                while ((skb = skb_dequeue(&qca->tx_wait_q)))
 829                        skb_queue_tail(&qca->txq, skb);
 830
 831                /* Switch timers and change state to HCI_IBS_TX_AWAKE */
 832                del_timer(&qca->wake_retrans_timer);
 833                idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
 834                mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
 835                qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
 836                break;
 837
 838        case HCI_IBS_TX_ASLEEP:
 839        default:
 840                BT_ERR("Received HCI_IBS_WAKE_ACK in tx state %d",
 841                       qca->tx_ibs_state);
 842                break;
 843        }
 844
 845        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 846
 847        /* Actually send the packets */
 848        hci_uart_tx_wakeup(hu);
 849}
 850
 851/* Enqueue frame for transmittion (padding, crc, etc) may be called from
 852 * two simultaneous tasklets.
 853 */
 854static int qca_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 855{
 856        unsigned long flags = 0, idle_delay;
 857        struct qca_data *qca = hu->priv;
 858
 859        BT_DBG("hu %p qca enq skb %p tx_ibs_state %d", hu, skb,
 860               qca->tx_ibs_state);
 861
 862        if (test_bit(QCA_SSR_TRIGGERED, &qca->flags)) {
 863                /* As SSR is in progress, ignore the packets */
 864                bt_dev_dbg(hu->hdev, "SSR is in progress");
 865                kfree_skb(skb);
 866                return 0;
 867        }
 868
 869        /* Prepend skb with frame type */
 870        memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
 871
 872        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
 873
 874        /* Don't go to sleep in middle of patch download or
 875         * Out-Of-Band(GPIOs control) sleep is selected.
 876         * Don't wake the device up when suspending.
 877         */
 878        if (test_bit(QCA_IBS_DISABLED, &qca->flags) ||
 879            test_bit(QCA_SUSPENDING, &qca->flags)) {
 880                skb_queue_tail(&qca->txq, skb);
 881                spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 882                return 0;
 883        }
 884
 885        /* Act according to current state */
 886        switch (qca->tx_ibs_state) {
 887        case HCI_IBS_TX_AWAKE:
 888                BT_DBG("Device awake, sending normally");
 889                skb_queue_tail(&qca->txq, skb);
 890                idle_delay = msecs_to_jiffies(qca->tx_idle_delay);
 891                mod_timer(&qca->tx_idle_timer, jiffies + idle_delay);
 892                break;
 893
 894        case HCI_IBS_TX_ASLEEP:
 895                BT_DBG("Device asleep, waking up and queueing packet");
 896                /* Save packet for later */
 897                skb_queue_tail(&qca->tx_wait_q, skb);
 898
 899                qca->tx_ibs_state = HCI_IBS_TX_WAKING;
 900                /* Schedule a work queue to wake up device */
 901                queue_work(qca->workqueue, &qca->ws_awake_device);
 902                break;
 903
 904        case HCI_IBS_TX_WAKING:
 905                BT_DBG("Device waking up, queueing packet");
 906                /* Transient state; just keep packet for later */
 907                skb_queue_tail(&qca->tx_wait_q, skb);
 908                break;
 909
 910        default:
 911                BT_ERR("Illegal tx state: %d (losing packet)",
 912                       qca->tx_ibs_state);
 913                kfree_skb(skb);
 914                break;
 915        }
 916
 917        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
 918
 919        return 0;
 920}
 921
 922static int qca_ibs_sleep_ind(struct hci_dev *hdev, struct sk_buff *skb)
 923{
 924        struct hci_uart *hu = hci_get_drvdata(hdev);
 925
 926        BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_SLEEP_IND);
 927
 928        device_want_to_sleep(hu);
 929
 930        kfree_skb(skb);
 931        return 0;
 932}
 933
 934static int qca_ibs_wake_ind(struct hci_dev *hdev, struct sk_buff *skb)
 935{
 936        struct hci_uart *hu = hci_get_drvdata(hdev);
 937
 938        BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_IND);
 939
 940        device_want_to_wakeup(hu);
 941
 942        kfree_skb(skb);
 943        return 0;
 944}
 945
 946static int qca_ibs_wake_ack(struct hci_dev *hdev, struct sk_buff *skb)
 947{
 948        struct hci_uart *hu = hci_get_drvdata(hdev);
 949
 950        BT_DBG("hu %p recv hci ibs cmd 0x%x", hu, HCI_IBS_WAKE_ACK);
 951
 952        device_woke_up(hu);
 953
 954        kfree_skb(skb);
 955        return 0;
 956}
 957
 958static int qca_recv_acl_data(struct hci_dev *hdev, struct sk_buff *skb)
 959{
 960        /* We receive debug logs from chip as an ACL packets.
 961         * Instead of sending the data to ACL to decode the
 962         * received data, we are pushing them to the above layers
 963         * as a diagnostic packet.
 964         */
 965        if (get_unaligned_le16(skb->data) == QCA_DEBUG_HANDLE)
 966                return hci_recv_diag(hdev, skb);
 967
 968        return hci_recv_frame(hdev, skb);
 969}
 970
 971static void qca_controller_memdump(struct work_struct *work)
 972{
 973        struct qca_data *qca = container_of(work, struct qca_data,
 974                                            ctrl_memdump_evt);
 975        struct hci_uart *hu = qca->hu;
 976        struct sk_buff *skb;
 977        struct qca_memdump_event_hdr *cmd_hdr;
 978        struct qca_memdump_data *qca_memdump = qca->qca_memdump;
 979        struct qca_dump_size *dump;
 980        char *memdump_buf;
 981        char nullBuff[QCA_DUMP_PACKET_SIZE] = { 0 };
 982        u16 seq_no;
 983        u32 dump_size;
 984        u32 rx_size;
 985        enum qca_btsoc_type soc_type = qca_soc_type(hu);
 986
 987        while ((skb = skb_dequeue(&qca->rx_memdump_q))) {
 988
 989                mutex_lock(&qca->hci_memdump_lock);
 990                /* Skip processing the received packets if timeout detected
 991                 * or memdump collection completed.
 992                 */
 993                if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT ||
 994                    qca->memdump_state == QCA_MEMDUMP_COLLECTED) {
 995                        mutex_unlock(&qca->hci_memdump_lock);
 996                        return;
 997                }
 998
 999                if (!qca_memdump) {
1000                        qca_memdump = kzalloc(sizeof(struct qca_memdump_data),
1001                                              GFP_ATOMIC);
1002                        if (!qca_memdump) {
1003                                mutex_unlock(&qca->hci_memdump_lock);
1004                                return;
1005                        }
1006
1007                        qca->qca_memdump = qca_memdump;
1008                }
1009
1010                qca->memdump_state = QCA_MEMDUMP_COLLECTING;
1011                cmd_hdr = (void *) skb->data;
1012                seq_no = __le16_to_cpu(cmd_hdr->seq_no);
1013                skb_pull(skb, sizeof(struct qca_memdump_event_hdr));
1014
1015                if (!seq_no) {
1016
1017                        /* This is the first frame of memdump packet from
1018                         * the controller, Disable IBS to recevie dump
1019                         * with out any interruption, ideally time required for
1020                         * the controller to send the dump is 8 seconds. let us
1021                         * start timer to handle this asynchronous activity.
1022                         */
1023                        set_bit(QCA_IBS_DISABLED, &qca->flags);
1024                        set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1025                        dump = (void *) skb->data;
1026                        dump_size = __le32_to_cpu(dump->dump_size);
1027                        if (!(dump_size)) {
1028                                bt_dev_err(hu->hdev, "Rx invalid memdump size");
1029                                kfree(qca_memdump);
1030                                kfree_skb(skb);
1031                                qca->qca_memdump = NULL;
1032                                mutex_unlock(&qca->hci_memdump_lock);
1033                                return;
1034                        }
1035
1036                        bt_dev_info(hu->hdev, "QCA collecting dump of size:%u",
1037                                    dump_size);
1038                        queue_delayed_work(qca->workqueue,
1039                                           &qca->ctrl_memdump_timeout,
1040                                           msecs_to_jiffies(MEMDUMP_TIMEOUT_MS)
1041                                          );
1042
1043                        skb_pull(skb, sizeof(dump_size));
1044                        memdump_buf = vmalloc(dump_size);
1045                        qca_memdump->ram_dump_size = dump_size;
1046                        qca_memdump->memdump_buf_head = memdump_buf;
1047                        qca_memdump->memdump_buf_tail = memdump_buf;
1048                }
1049
1050                memdump_buf = qca_memdump->memdump_buf_tail;
1051
1052                /* If sequence no 0 is missed then there is no point in
1053                 * accepting the other sequences.
1054                 */
1055                if (!memdump_buf) {
1056                        bt_dev_err(hu->hdev, "QCA: Discarding other packets");
1057                        kfree(qca_memdump);
1058                        kfree_skb(skb);
1059                        qca->qca_memdump = NULL;
1060                        mutex_unlock(&qca->hci_memdump_lock);
1061                        return;
1062                }
1063
1064                /* There could be chance of missing some packets from
1065                 * the controller. In such cases let us store the dummy
1066                 * packets in the buffer.
1067                 */
1068                /* For QCA6390, controller does not lost packets but
1069                 * sequence number field of packet sometimes has error
1070                 * bits, so skip this checking for missing packet.
1071                 */
1072                while ((seq_no > qca_memdump->current_seq_no + 1) &&
1073                       (soc_type != QCA_QCA6390) &&
1074                       seq_no != QCA_LAST_SEQUENCE_NUM) {
1075                        bt_dev_err(hu->hdev, "QCA controller missed packet:%d",
1076                                   qca_memdump->current_seq_no);
1077                        rx_size = qca_memdump->received_dump;
1078                        rx_size += QCA_DUMP_PACKET_SIZE;
1079                        if (rx_size > qca_memdump->ram_dump_size) {
1080                                bt_dev_err(hu->hdev,
1081                                           "QCA memdump received %d, no space for missed packet",
1082                                           qca_memdump->received_dump);
1083                                break;
1084                        }
1085                        memcpy(memdump_buf, nullBuff, QCA_DUMP_PACKET_SIZE);
1086                        memdump_buf = memdump_buf + QCA_DUMP_PACKET_SIZE;
1087                        qca_memdump->received_dump += QCA_DUMP_PACKET_SIZE;
1088                        qca_memdump->current_seq_no++;
1089                }
1090
1091                rx_size = qca_memdump->received_dump + skb->len;
1092                if (rx_size <= qca_memdump->ram_dump_size) {
1093                        if ((seq_no != QCA_LAST_SEQUENCE_NUM) &&
1094                            (seq_no != qca_memdump->current_seq_no))
1095                                bt_dev_err(hu->hdev,
1096                                           "QCA memdump unexpected packet %d",
1097                                           seq_no);
1098                        bt_dev_dbg(hu->hdev,
1099                                   "QCA memdump packet %d with length %d",
1100                                   seq_no, skb->len);
1101                        memcpy(memdump_buf, (unsigned char *)skb->data,
1102                               skb->len);
1103                        memdump_buf = memdump_buf + skb->len;
1104                        qca_memdump->memdump_buf_tail = memdump_buf;
1105                        qca_memdump->current_seq_no = seq_no + 1;
1106                        qca_memdump->received_dump += skb->len;
1107                } else {
1108                        bt_dev_err(hu->hdev,
1109                                   "QCA memdump received %d, no space for packet %d",
1110                                   qca_memdump->received_dump, seq_no);
1111                }
1112                qca->qca_memdump = qca_memdump;
1113                kfree_skb(skb);
1114                if (seq_no == QCA_LAST_SEQUENCE_NUM) {
1115                        bt_dev_info(hu->hdev,
1116                                    "QCA memdump Done, received %d, total %d",
1117                                    qca_memdump->received_dump,
1118                                    qca_memdump->ram_dump_size);
1119                        memdump_buf = qca_memdump->memdump_buf_head;
1120                        dev_coredumpv(&hu->serdev->dev, memdump_buf,
1121                                      qca_memdump->received_dump, GFP_KERNEL);
1122                        cancel_delayed_work(&qca->ctrl_memdump_timeout);
1123                        kfree(qca->qca_memdump);
1124                        qca->qca_memdump = NULL;
1125                        qca->memdump_state = QCA_MEMDUMP_COLLECTED;
1126                        clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1127                }
1128
1129                mutex_unlock(&qca->hci_memdump_lock);
1130        }
1131
1132}
1133
1134static int qca_controller_memdump_event(struct hci_dev *hdev,
1135                                        struct sk_buff *skb)
1136{
1137        struct hci_uart *hu = hci_get_drvdata(hdev);
1138        struct qca_data *qca = hu->priv;
1139
1140        set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1141        skb_queue_tail(&qca->rx_memdump_q, skb);
1142        queue_work(qca->workqueue, &qca->ctrl_memdump_evt);
1143
1144        return 0;
1145}
1146
1147static int qca_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
1148{
1149        struct hci_uart *hu = hci_get_drvdata(hdev);
1150        struct qca_data *qca = hu->priv;
1151
1152        if (test_bit(QCA_DROP_VENDOR_EVENT, &qca->flags)) {
1153                struct hci_event_hdr *hdr = (void *)skb->data;
1154
1155                /* For the WCN3990 the vendor command for a baudrate change
1156                 * isn't sent as synchronous HCI command, because the
1157                 * controller sends the corresponding vendor event with the
1158                 * new baudrate. The event is received and properly decoded
1159                 * after changing the baudrate of the host port. It needs to
1160                 * be dropped, otherwise it can be misinterpreted as
1161                 * response to a later firmware download command (also a
1162                 * vendor command).
1163                 */
1164
1165                if (hdr->evt == HCI_EV_VENDOR)
1166                        complete(&qca->drop_ev_comp);
1167
1168                kfree_skb(skb);
1169
1170                return 0;
1171        }
1172        /* We receive chip memory dump as an event packet, With a dedicated
1173         * handler followed by a hardware error event. When this event is
1174         * received we store dump into a file before closing hci. This
1175         * dump will help in triaging the issues.
1176         */
1177        if ((skb->data[0] == HCI_VENDOR_PKT) &&
1178            (get_unaligned_be16(skb->data + 2) == QCA_SSR_DUMP_HANDLE))
1179                return qca_controller_memdump_event(hdev, skb);
1180
1181        return hci_recv_frame(hdev, skb);
1182}
1183
1184#define QCA_IBS_SLEEP_IND_EVENT \
1185        .type = HCI_IBS_SLEEP_IND, \
1186        .hlen = 0, \
1187        .loff = 0, \
1188        .lsize = 0, \
1189        .maxlen = HCI_MAX_IBS_SIZE
1190
1191#define QCA_IBS_WAKE_IND_EVENT \
1192        .type = HCI_IBS_WAKE_IND, \
1193        .hlen = 0, \
1194        .loff = 0, \
1195        .lsize = 0, \
1196        .maxlen = HCI_MAX_IBS_SIZE
1197
1198#define QCA_IBS_WAKE_ACK_EVENT \
1199        .type = HCI_IBS_WAKE_ACK, \
1200        .hlen = 0, \
1201        .loff = 0, \
1202        .lsize = 0, \
1203        .maxlen = HCI_MAX_IBS_SIZE
1204
1205static const struct h4_recv_pkt qca_recv_pkts[] = {
1206        { H4_RECV_ACL,             .recv = qca_recv_acl_data },
1207        { H4_RECV_SCO,             .recv = hci_recv_frame    },
1208        { H4_RECV_EVENT,           .recv = qca_recv_event    },
1209        { QCA_IBS_WAKE_IND_EVENT,  .recv = qca_ibs_wake_ind  },
1210        { QCA_IBS_WAKE_ACK_EVENT,  .recv = qca_ibs_wake_ack  },
1211        { QCA_IBS_SLEEP_IND_EVENT, .recv = qca_ibs_sleep_ind },
1212};
1213
1214static int qca_recv(struct hci_uart *hu, const void *data, int count)
1215{
1216        struct qca_data *qca = hu->priv;
1217
1218        if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
1219                return -EUNATCH;
1220
1221        qca->rx_skb = h4_recv_buf(hu->hdev, qca->rx_skb, data, count,
1222                                  qca_recv_pkts, ARRAY_SIZE(qca_recv_pkts));
1223        if (IS_ERR(qca->rx_skb)) {
1224                int err = PTR_ERR(qca->rx_skb);
1225                bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
1226                qca->rx_skb = NULL;
1227                return err;
1228        }
1229
1230        return count;
1231}
1232
1233static struct sk_buff *qca_dequeue(struct hci_uart *hu)
1234{
1235        struct qca_data *qca = hu->priv;
1236
1237        return skb_dequeue(&qca->txq);
1238}
1239
1240static uint8_t qca_get_baudrate_value(int speed)
1241{
1242        switch (speed) {
1243        case 9600:
1244                return QCA_BAUDRATE_9600;
1245        case 19200:
1246                return QCA_BAUDRATE_19200;
1247        case 38400:
1248                return QCA_BAUDRATE_38400;
1249        case 57600:
1250                return QCA_BAUDRATE_57600;
1251        case 115200:
1252                return QCA_BAUDRATE_115200;
1253        case 230400:
1254                return QCA_BAUDRATE_230400;
1255        case 460800:
1256                return QCA_BAUDRATE_460800;
1257        case 500000:
1258                return QCA_BAUDRATE_500000;
1259        case 921600:
1260                return QCA_BAUDRATE_921600;
1261        case 1000000:
1262                return QCA_BAUDRATE_1000000;
1263        case 2000000:
1264                return QCA_BAUDRATE_2000000;
1265        case 3000000:
1266                return QCA_BAUDRATE_3000000;
1267        case 3200000:
1268                return QCA_BAUDRATE_3200000;
1269        case 3500000:
1270                return QCA_BAUDRATE_3500000;
1271        default:
1272                return QCA_BAUDRATE_115200;
1273        }
1274}
1275
1276static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
1277{
1278        struct hci_uart *hu = hci_get_drvdata(hdev);
1279        struct qca_data *qca = hu->priv;
1280        struct sk_buff *skb;
1281        u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 };
1282
1283        if (baudrate > QCA_BAUDRATE_3200000)
1284                return -EINVAL;
1285
1286        cmd[4] = baudrate;
1287
1288        skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1289        if (!skb) {
1290                bt_dev_err(hdev, "Failed to allocate baudrate packet");
1291                return -ENOMEM;
1292        }
1293
1294        /* Assign commands to change baudrate and packet type. */
1295        skb_put_data(skb, cmd, sizeof(cmd));
1296        hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1297
1298        skb_queue_tail(&qca->txq, skb);
1299        hci_uart_tx_wakeup(hu);
1300
1301        /* Wait for the baudrate change request to be sent */
1302
1303        while (!skb_queue_empty(&qca->txq))
1304                usleep_range(100, 200);
1305
1306        if (hu->serdev)
1307                serdev_device_wait_until_sent(hu->serdev,
1308                      msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
1309
1310        /* Give the controller time to process the request */
1311        if (qca_is_wcn399x(qca_soc_type(hu)))
1312                usleep_range(1000, 10000);
1313        else
1314                msleep(300);
1315
1316        return 0;
1317}
1318
1319static inline void host_set_baudrate(struct hci_uart *hu, unsigned int speed)
1320{
1321        if (hu->serdev)
1322                serdev_device_set_baudrate(hu->serdev, speed);
1323        else
1324                hci_uart_set_baudrate(hu, speed);
1325}
1326
1327static int qca_send_power_pulse(struct hci_uart *hu, bool on)
1328{
1329        int ret;
1330        int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS);
1331        u8 cmd = on ? QCA_WCN3990_POWERON_PULSE : QCA_WCN3990_POWEROFF_PULSE;
1332
1333        /* These power pulses are single byte command which are sent
1334         * at required baudrate to wcn3990. On wcn3990, we have an external
1335         * circuit at Tx pin which decodes the pulse sent at specific baudrate.
1336         * For example, wcn3990 supports RF COEX antenna for both Wi-Fi/BT
1337         * and also we use the same power inputs to turn on and off for
1338         * Wi-Fi/BT. Powering up the power sources will not enable BT, until
1339         * we send a power on pulse at 115200 bps. This algorithm will help to
1340         * save power. Disabling hardware flow control is mandatory while
1341         * sending power pulses to SoC.
1342         */
1343        bt_dev_dbg(hu->hdev, "sending power pulse %02x to controller", cmd);
1344
1345        serdev_device_write_flush(hu->serdev);
1346        hci_uart_set_flow_control(hu, true);
1347        ret = serdev_device_write_buf(hu->serdev, &cmd, sizeof(cmd));
1348        if (ret < 0) {
1349                bt_dev_err(hu->hdev, "failed to send power pulse %02x", cmd);
1350                return ret;
1351        }
1352
1353        serdev_device_wait_until_sent(hu->serdev, timeout);
1354        hci_uart_set_flow_control(hu, false);
1355
1356        /* Give to controller time to boot/shutdown */
1357        if (on)
1358                msleep(100);
1359        else
1360                usleep_range(1000, 10000);
1361
1362        return 0;
1363}
1364
1365static unsigned int qca_get_speed(struct hci_uart *hu,
1366                                  enum qca_speed_type speed_type)
1367{
1368        unsigned int speed = 0;
1369
1370        if (speed_type == QCA_INIT_SPEED) {
1371                if (hu->init_speed)
1372                        speed = hu->init_speed;
1373                else if (hu->proto->init_speed)
1374                        speed = hu->proto->init_speed;
1375        } else {
1376                if (hu->oper_speed)
1377                        speed = hu->oper_speed;
1378                else if (hu->proto->oper_speed)
1379                        speed = hu->proto->oper_speed;
1380        }
1381
1382        return speed;
1383}
1384
1385static int qca_check_speeds(struct hci_uart *hu)
1386{
1387        if (qca_is_wcn399x(qca_soc_type(hu))) {
1388                if (!qca_get_speed(hu, QCA_INIT_SPEED) &&
1389                    !qca_get_speed(hu, QCA_OPER_SPEED))
1390                        return -EINVAL;
1391        } else {
1392                if (!qca_get_speed(hu, QCA_INIT_SPEED) ||
1393                    !qca_get_speed(hu, QCA_OPER_SPEED))
1394                        return -EINVAL;
1395        }
1396
1397        return 0;
1398}
1399
1400static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
1401{
1402        unsigned int speed, qca_baudrate;
1403        struct qca_data *qca = hu->priv;
1404        int ret = 0;
1405
1406        if (speed_type == QCA_INIT_SPEED) {
1407                speed = qca_get_speed(hu, QCA_INIT_SPEED);
1408                if (speed)
1409                        host_set_baudrate(hu, speed);
1410        } else {
1411                enum qca_btsoc_type soc_type = qca_soc_type(hu);
1412
1413                speed = qca_get_speed(hu, QCA_OPER_SPEED);
1414                if (!speed)
1415                        return 0;
1416
1417                /* Disable flow control for wcn3990 to deassert RTS while
1418                 * changing the baudrate of chip and host.
1419                 */
1420                if (qca_is_wcn399x(soc_type))
1421                        hci_uart_set_flow_control(hu, true);
1422
1423                if (soc_type == QCA_WCN3990) {
1424                        reinit_completion(&qca->drop_ev_comp);
1425                        set_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1426                }
1427
1428                qca_baudrate = qca_get_baudrate_value(speed);
1429                bt_dev_dbg(hu->hdev, "Set UART speed to %d", speed);
1430                ret = qca_set_baudrate(hu->hdev, qca_baudrate);
1431                if (ret)
1432                        goto error;
1433
1434                host_set_baudrate(hu, speed);
1435
1436error:
1437                if (qca_is_wcn399x(soc_type))
1438                        hci_uart_set_flow_control(hu, false);
1439
1440                if (soc_type == QCA_WCN3990) {
1441                        /* Wait for the controller to send the vendor event
1442                         * for the baudrate change command.
1443                         */
1444                        if (!wait_for_completion_timeout(&qca->drop_ev_comp,
1445                                                 msecs_to_jiffies(100))) {
1446                                bt_dev_err(hu->hdev,
1447                                           "Failed to change controller baudrate\n");
1448                                ret = -ETIMEDOUT;
1449                        }
1450
1451                        clear_bit(QCA_DROP_VENDOR_EVENT, &qca->flags);
1452                }
1453        }
1454
1455        return ret;
1456}
1457
1458static int qca_send_crashbuffer(struct hci_uart *hu)
1459{
1460        struct qca_data *qca = hu->priv;
1461        struct sk_buff *skb;
1462
1463        skb = bt_skb_alloc(QCA_CRASHBYTE_PACKET_LEN, GFP_KERNEL);
1464        if (!skb) {
1465                bt_dev_err(hu->hdev, "Failed to allocate memory for skb packet");
1466                return -ENOMEM;
1467        }
1468
1469        /* We forcefully crash the controller, by sending 0xfb byte for
1470         * 1024 times. We also might have chance of losing data, To be
1471         * on safer side we send 1096 bytes to the SoC.
1472         */
1473        memset(skb_put(skb, QCA_CRASHBYTE_PACKET_LEN), QCA_MEMDUMP_BYTE,
1474               QCA_CRASHBYTE_PACKET_LEN);
1475        hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1476        bt_dev_info(hu->hdev, "crash the soc to collect controller dump");
1477        skb_queue_tail(&qca->txq, skb);
1478        hci_uart_tx_wakeup(hu);
1479
1480        return 0;
1481}
1482
1483static void qca_wait_for_dump_collection(struct hci_dev *hdev)
1484{
1485        struct hci_uart *hu = hci_get_drvdata(hdev);
1486        struct qca_data *qca = hu->priv;
1487
1488        wait_on_bit_timeout(&qca->flags, QCA_MEMDUMP_COLLECTION,
1489                            TASK_UNINTERRUPTIBLE, MEMDUMP_TIMEOUT_MS);
1490
1491        clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1492}
1493
1494static void qca_hw_error(struct hci_dev *hdev, u8 code)
1495{
1496        struct hci_uart *hu = hci_get_drvdata(hdev);
1497        struct qca_data *qca = hu->priv;
1498
1499        set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1500        set_bit(QCA_HW_ERROR_EVENT, &qca->flags);
1501        bt_dev_info(hdev, "mem_dump_status: %d", qca->memdump_state);
1502
1503        if (qca->memdump_state == QCA_MEMDUMP_IDLE) {
1504                /* If hardware error event received for other than QCA
1505                 * soc memory dump event, then we need to crash the SOC
1506                 * and wait here for 8 seconds to get the dump packets.
1507                 * This will block main thread to be on hold until we
1508                 * collect dump.
1509                 */
1510                set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1511                qca_send_crashbuffer(hu);
1512                qca_wait_for_dump_collection(hdev);
1513        } else if (qca->memdump_state == QCA_MEMDUMP_COLLECTING) {
1514                /* Let us wait here until memory dump collected or
1515                 * memory dump timer expired.
1516                 */
1517                bt_dev_info(hdev, "waiting for dump to complete");
1518                qca_wait_for_dump_collection(hdev);
1519        }
1520
1521        mutex_lock(&qca->hci_memdump_lock);
1522        if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) {
1523                bt_dev_err(hu->hdev, "clearing allocated memory due to memdump timeout");
1524                if (qca->qca_memdump) {
1525                        vfree(qca->qca_memdump->memdump_buf_head);
1526                        kfree(qca->qca_memdump);
1527                        qca->qca_memdump = NULL;
1528                }
1529                qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
1530                cancel_delayed_work(&qca->ctrl_memdump_timeout);
1531        }
1532        mutex_unlock(&qca->hci_memdump_lock);
1533
1534        if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT ||
1535            qca->memdump_state == QCA_MEMDUMP_COLLECTED) {
1536                cancel_work_sync(&qca->ctrl_memdump_evt);
1537                skb_queue_purge(&qca->rx_memdump_q);
1538        }
1539
1540        clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
1541}
1542
1543static void qca_cmd_timeout(struct hci_dev *hdev)
1544{
1545        struct hci_uart *hu = hci_get_drvdata(hdev);
1546        struct qca_data *qca = hu->priv;
1547
1548        set_bit(QCA_SSR_TRIGGERED, &qca->flags);
1549        if (qca->memdump_state == QCA_MEMDUMP_IDLE) {
1550                set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1551                qca_send_crashbuffer(hu);
1552                qca_wait_for_dump_collection(hdev);
1553        } else if (qca->memdump_state == QCA_MEMDUMP_COLLECTING) {
1554                /* Let us wait here until memory dump collected or
1555                 * memory dump timer expired.
1556                 */
1557                bt_dev_info(hdev, "waiting for dump to complete");
1558                qca_wait_for_dump_collection(hdev);
1559        }
1560
1561        mutex_lock(&qca->hci_memdump_lock);
1562        if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) {
1563                qca->memdump_state = QCA_MEMDUMP_TIMEOUT;
1564                if (!test_bit(QCA_HW_ERROR_EVENT, &qca->flags)) {
1565                        /* Inject hw error event to reset the device
1566                         * and driver.
1567                         */
1568                        hci_reset_dev(hu->hdev);
1569                }
1570        }
1571        mutex_unlock(&qca->hci_memdump_lock);
1572}
1573
1574static bool qca_prevent_wake(struct hci_dev *hdev)
1575{
1576        struct hci_uart *hu = hci_get_drvdata(hdev);
1577        bool wakeup;
1578
1579        /* UART driver handles the interrupt from BT SoC.So we need to use
1580         * device handle of UART driver to get the status of device may wakeup.
1581         */
1582        wakeup = device_may_wakeup(hu->serdev->ctrl->dev.parent);
1583        bt_dev_dbg(hu->hdev, "wakeup status : %d", wakeup);
1584
1585        return !wakeup;
1586}
1587
1588static int qca_wcn3990_init(struct hci_uart *hu)
1589{
1590        struct qca_serdev *qcadev;
1591        int ret;
1592
1593        /* Check for vregs status, may be hci down has turned
1594         * off the voltage regulator.
1595         */
1596        qcadev = serdev_device_get_drvdata(hu->serdev);
1597        if (!qcadev->bt_power->vregs_on) {
1598                serdev_device_close(hu->serdev);
1599                ret = qca_regulator_enable(qcadev);
1600                if (ret)
1601                        return ret;
1602
1603                ret = serdev_device_open(hu->serdev);
1604                if (ret) {
1605                        bt_dev_err(hu->hdev, "failed to open port");
1606                        return ret;
1607                }
1608        }
1609
1610        /* Forcefully enable wcn3990 to enter in to boot mode. */
1611        host_set_baudrate(hu, 2400);
1612        ret = qca_send_power_pulse(hu, false);
1613        if (ret)
1614                return ret;
1615
1616        qca_set_speed(hu, QCA_INIT_SPEED);
1617        ret = qca_send_power_pulse(hu, true);
1618        if (ret)
1619                return ret;
1620
1621        /* Now the device is in ready state to communicate with host.
1622         * To sync host with device we need to reopen port.
1623         * Without this, we will have RTS and CTS synchronization
1624         * issues.
1625         */
1626        serdev_device_close(hu->serdev);
1627        ret = serdev_device_open(hu->serdev);
1628        if (ret) {
1629                bt_dev_err(hu->hdev, "failed to open port");
1630                return ret;
1631        }
1632
1633        hci_uart_set_flow_control(hu, false);
1634
1635        return 0;
1636}
1637
1638static int qca_power_on(struct hci_dev *hdev)
1639{
1640        struct hci_uart *hu = hci_get_drvdata(hdev);
1641        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1642        struct qca_serdev *qcadev;
1643        struct qca_data *qca = hu->priv;
1644        int ret = 0;
1645
1646        /* Non-serdev device usually is powered by external power
1647         * and don't need additional action in driver for power on
1648         */
1649        if (!hu->serdev)
1650                return 0;
1651
1652        if (qca_is_wcn399x(soc_type)) {
1653                ret = qca_wcn3990_init(hu);
1654        } else {
1655                qcadev = serdev_device_get_drvdata(hu->serdev);
1656                if (qcadev->bt_en) {
1657                        gpiod_set_value_cansleep(qcadev->bt_en, 1);
1658                        /* Controller needs time to bootup. */
1659                        msleep(150);
1660                }
1661        }
1662
1663        clear_bit(QCA_BT_OFF, &qca->flags);
1664        return ret;
1665}
1666
1667static int qca_setup(struct hci_uart *hu)
1668{
1669        struct hci_dev *hdev = hu->hdev;
1670        struct qca_data *qca = hu->priv;
1671        unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200;
1672        unsigned int retries = 0;
1673        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1674        const char *firmware_name = qca_get_firmware_name(hu);
1675        int ret;
1676        struct qca_btsoc_version ver;
1677
1678        ret = qca_check_speeds(hu);
1679        if (ret)
1680                return ret;
1681
1682        clear_bit(QCA_ROM_FW, &qca->flags);
1683        /* Patch downloading has to be done without IBS mode */
1684        set_bit(QCA_IBS_DISABLED, &qca->flags);
1685
1686        /* Enable controller to do both LE scan and BR/EDR inquiry
1687         * simultaneously.
1688         */
1689        set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1690
1691        bt_dev_info(hdev, "setting up %s",
1692                qca_is_wcn399x(soc_type) ? "wcn399x" : "ROME/QCA6390");
1693
1694        qca->memdump_state = QCA_MEMDUMP_IDLE;
1695
1696retry:
1697        ret = qca_power_on(hdev);
1698        if (ret)
1699                goto out;
1700
1701        clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
1702
1703        if (qca_is_wcn399x(soc_type)) {
1704                set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
1705
1706                ret = qca_read_soc_version(hdev, &ver, soc_type);
1707                if (ret)
1708                        goto out;
1709        } else {
1710                qca_set_speed(hu, QCA_INIT_SPEED);
1711        }
1712
1713        /* Setup user speed if needed */
1714        speed = qca_get_speed(hu, QCA_OPER_SPEED);
1715        if (speed) {
1716                ret = qca_set_speed(hu, QCA_OPER_SPEED);
1717                if (ret)
1718                        goto out;
1719
1720                qca_baudrate = qca_get_baudrate_value(speed);
1721        }
1722
1723        if (!qca_is_wcn399x(soc_type)) {
1724                /* Get QCA version information */
1725                ret = qca_read_soc_version(hdev, &ver, soc_type);
1726                if (ret)
1727                        goto out;
1728        }
1729
1730        /* Setup patch / NVM configurations */
1731        ret = qca_uart_setup(hdev, qca_baudrate, soc_type, ver,
1732                        firmware_name);
1733        if (!ret) {
1734                clear_bit(QCA_IBS_DISABLED, &qca->flags);
1735                qca_debugfs_init(hdev);
1736                hu->hdev->hw_error = qca_hw_error;
1737                hu->hdev->cmd_timeout = qca_cmd_timeout;
1738                hu->hdev->prevent_wake = qca_prevent_wake;
1739        } else if (ret == -ENOENT) {
1740                /* No patch/nvm-config found, run with original fw/config */
1741                set_bit(QCA_ROM_FW, &qca->flags);
1742                ret = 0;
1743        } else if (ret == -EAGAIN) {
1744                /*
1745                 * Userspace firmware loader will return -EAGAIN in case no
1746                 * patch/nvm-config is found, so run with original fw/config.
1747                 */
1748                set_bit(QCA_ROM_FW, &qca->flags);
1749                ret = 0;
1750        }
1751
1752out:
1753        if (ret && retries < MAX_INIT_RETRIES) {
1754                bt_dev_warn(hdev, "Retry BT power ON:%d", retries);
1755                qca_power_shutdown(hu);
1756                if (hu->serdev) {
1757                        serdev_device_close(hu->serdev);
1758                        ret = serdev_device_open(hu->serdev);
1759                        if (ret) {
1760                                bt_dev_err(hdev, "failed to open port");
1761                                return ret;
1762                        }
1763                }
1764                retries++;
1765                goto retry;
1766        }
1767
1768        /* Setup bdaddr */
1769        if (soc_type == QCA_ROME)
1770                hu->hdev->set_bdaddr = qca_set_bdaddr_rome;
1771        else
1772                hu->hdev->set_bdaddr = qca_set_bdaddr;
1773
1774        return ret;
1775}
1776
1777static const struct hci_uart_proto qca_proto = {
1778        .id             = HCI_UART_QCA,
1779        .name           = "QCA",
1780        .manufacturer   = 29,
1781        .init_speed     = 115200,
1782        .oper_speed     = 3000000,
1783        .open           = qca_open,
1784        .close          = qca_close,
1785        .flush          = qca_flush,
1786        .setup          = qca_setup,
1787        .recv           = qca_recv,
1788        .enqueue        = qca_enqueue,
1789        .dequeue        = qca_dequeue,
1790};
1791
1792static const struct qca_device_data qca_soc_data_wcn3990 = {
1793        .soc_type = QCA_WCN3990,
1794        .vregs = (struct qca_vreg []) {
1795                { "vddio", 15000  },
1796                { "vddxo", 80000  },
1797                { "vddrf", 300000 },
1798                { "vddch0", 450000 },
1799        },
1800        .num_vregs = 4,
1801};
1802
1803static const struct qca_device_data qca_soc_data_wcn3991 = {
1804        .soc_type = QCA_WCN3991,
1805        .vregs = (struct qca_vreg []) {
1806                { "vddio", 15000  },
1807                { "vddxo", 80000  },
1808                { "vddrf", 300000 },
1809                { "vddch0", 450000 },
1810        },
1811        .num_vregs = 4,
1812        .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES,
1813};
1814
1815static const struct qca_device_data qca_soc_data_wcn3998 = {
1816        .soc_type = QCA_WCN3998,
1817        .vregs = (struct qca_vreg []) {
1818                { "vddio", 10000  },
1819                { "vddxo", 80000  },
1820                { "vddrf", 300000 },
1821                { "vddch0", 450000 },
1822        },
1823        .num_vregs = 4,
1824};
1825
1826static const struct qca_device_data qca_soc_data_qca6390 = {
1827        .soc_type = QCA_QCA6390,
1828        .num_vregs = 0,
1829};
1830
1831static void qca_power_shutdown(struct hci_uart *hu)
1832{
1833        struct qca_serdev *qcadev;
1834        struct qca_data *qca = hu->priv;
1835        unsigned long flags;
1836        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1837
1838        /* From this point we go into power off state. But serial port is
1839         * still open, stop queueing the IBS data and flush all the buffered
1840         * data in skb's.
1841         */
1842        spin_lock_irqsave(&qca->hci_ibs_lock, flags);
1843        set_bit(QCA_IBS_DISABLED, &qca->flags);
1844        qca_flush(hu);
1845        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
1846
1847        /* Non-serdev device usually is powered by external power
1848         * and don't need additional action in driver for power down
1849         */
1850        if (!hu->serdev)
1851                return;
1852
1853        qcadev = serdev_device_get_drvdata(hu->serdev);
1854
1855        if (qca_is_wcn399x(soc_type)) {
1856                host_set_baudrate(hu, 2400);
1857                qca_send_power_pulse(hu, false);
1858                qca_regulator_disable(qcadev);
1859        } else if (qcadev->bt_en) {
1860                gpiod_set_value_cansleep(qcadev->bt_en, 0);
1861        }
1862
1863        set_bit(QCA_BT_OFF, &qca->flags);
1864}
1865
1866static int qca_power_off(struct hci_dev *hdev)
1867{
1868        struct hci_uart *hu = hci_get_drvdata(hdev);
1869        struct qca_data *qca = hu->priv;
1870        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1871
1872        hu->hdev->hw_error = NULL;
1873        hu->hdev->cmd_timeout = NULL;
1874
1875        /* Stop sending shutdown command if soc crashes. */
1876        if (soc_type != QCA_ROME
1877                && qca->memdump_state == QCA_MEMDUMP_IDLE) {
1878                qca_send_pre_shutdown_cmd(hdev);
1879                usleep_range(8000, 10000);
1880        }
1881
1882        qca_power_shutdown(hu);
1883        return 0;
1884}
1885
1886static int qca_regulator_enable(struct qca_serdev *qcadev)
1887{
1888        struct qca_power *power = qcadev->bt_power;
1889        int ret;
1890
1891        /* Already enabled */
1892        if (power->vregs_on)
1893                return 0;
1894
1895        BT_DBG("enabling %d regulators)", power->num_vregs);
1896
1897        ret = regulator_bulk_enable(power->num_vregs, power->vreg_bulk);
1898        if (ret)
1899                return ret;
1900
1901        power->vregs_on = true;
1902
1903        ret = clk_prepare_enable(qcadev->susclk);
1904        if (ret)
1905                qca_regulator_disable(qcadev);
1906
1907        return ret;
1908}
1909
1910static void qca_regulator_disable(struct qca_serdev *qcadev)
1911{
1912        struct qca_power *power;
1913
1914        if (!qcadev)
1915                return;
1916
1917        power = qcadev->bt_power;
1918
1919        /* Already disabled? */
1920        if (!power->vregs_on)
1921                return;
1922
1923        regulator_bulk_disable(power->num_vregs, power->vreg_bulk);
1924        power->vregs_on = false;
1925
1926        clk_disable_unprepare(qcadev->susclk);
1927}
1928
1929static int qca_init_regulators(struct qca_power *qca,
1930                                const struct qca_vreg *vregs, size_t num_vregs)
1931{
1932        struct regulator_bulk_data *bulk;
1933        int ret;
1934        int i;
1935
1936        bulk = devm_kcalloc(qca->dev, num_vregs, sizeof(*bulk), GFP_KERNEL);
1937        if (!bulk)
1938                return -ENOMEM;
1939
1940        for (i = 0; i < num_vregs; i++)
1941                bulk[i].supply = vregs[i].name;
1942
1943        ret = devm_regulator_bulk_get(qca->dev, num_vregs, bulk);
1944        if (ret < 0)
1945                return ret;
1946
1947        for (i = 0; i < num_vregs; i++) {
1948                ret = regulator_set_load(bulk[i].consumer, vregs[i].load_uA);
1949                if (ret)
1950                        return ret;
1951        }
1952
1953        qca->vreg_bulk = bulk;
1954        qca->num_vregs = num_vregs;
1955
1956        return 0;
1957}
1958
1959static int qca_serdev_probe(struct serdev_device *serdev)
1960{
1961        struct qca_serdev *qcadev;
1962        struct hci_dev *hdev;
1963        const struct qca_device_data *data;
1964        int err;
1965        bool power_ctrl_enabled = true;
1966
1967        qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL);
1968        if (!qcadev)
1969                return -ENOMEM;
1970
1971        qcadev->serdev_hu.serdev = serdev;
1972        data = device_get_match_data(&serdev->dev);
1973        serdev_device_set_drvdata(serdev, qcadev);
1974        device_property_read_string(&serdev->dev, "firmware-name",
1975                                         &qcadev->firmware_name);
1976        device_property_read_u32(&serdev->dev, "max-speed",
1977                                 &qcadev->oper_speed);
1978        if (!qcadev->oper_speed)
1979                BT_DBG("UART will pick default operating speed");
1980
1981        if (data && qca_is_wcn399x(data->soc_type)) {
1982                qcadev->btsoc_type = data->soc_type;
1983                qcadev->bt_power = devm_kzalloc(&serdev->dev,
1984                                                sizeof(struct qca_power),
1985                                                GFP_KERNEL);
1986                if (!qcadev->bt_power)
1987                        return -ENOMEM;
1988
1989                qcadev->bt_power->dev = &serdev->dev;
1990                err = qca_init_regulators(qcadev->bt_power, data->vregs,
1991                                          data->num_vregs);
1992                if (err) {
1993                        BT_ERR("Failed to init regulators:%d", err);
1994                        return err;
1995                }
1996
1997                qcadev->bt_power->vregs_on = false;
1998
1999                qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
2000                if (IS_ERR(qcadev->susclk)) {
2001                        dev_err(&serdev->dev, "failed to acquire clk\n");
2002                        return PTR_ERR(qcadev->susclk);
2003                }
2004
2005                err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
2006                if (err) {
2007                        BT_ERR("wcn3990 serdev registration failed");
2008                        return err;
2009                }
2010        } else {
2011                if (data)
2012                        qcadev->btsoc_type = data->soc_type;
2013                else
2014                        qcadev->btsoc_type = QCA_ROME;
2015
2016                qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, "enable",
2017                                               GPIOD_OUT_LOW);
2018                if (!qcadev->bt_en) {
2019                        dev_warn(&serdev->dev, "failed to acquire enable gpio\n");
2020                        power_ctrl_enabled = false;
2021                }
2022
2023                qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
2024                if (IS_ERR(qcadev->susclk)) {
2025                        dev_warn(&serdev->dev, "failed to acquire clk\n");
2026                        return PTR_ERR(qcadev->susclk);
2027                }
2028                err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);
2029                if (err)
2030                        return err;
2031
2032                err = clk_prepare_enable(qcadev->susclk);
2033                if (err)
2034                        return err;
2035
2036                err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
2037                if (err) {
2038                        BT_ERR("Rome serdev registration failed");
2039                        clk_disable_unprepare(qcadev->susclk);
2040                        return err;
2041                }
2042        }
2043
2044        hdev = qcadev->serdev_hu.hdev;
2045
2046        if (power_ctrl_enabled) {
2047                set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
2048                hdev->shutdown = qca_power_off;
2049        }
2050
2051        if (data) {
2052                /* Wideband speech support must be set per driver since it can't
2053                 * be queried via hci. Same with the valid le states quirk.
2054                 */
2055                if (data->capabilities & QCA_CAP_WIDEBAND_SPEECH)
2056                        set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
2057                                &hdev->quirks);
2058
2059                if (data->capabilities & QCA_CAP_VALID_LE_STATES)
2060                        set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
2061        }
2062
2063        return 0;
2064}
2065
2066static void qca_serdev_remove(struct serdev_device *serdev)
2067{
2068        struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2069        struct qca_power *power = qcadev->bt_power;
2070
2071        if (qca_is_wcn399x(qcadev->btsoc_type) && power->vregs_on)
2072                qca_power_shutdown(&qcadev->serdev_hu);
2073        else if (qcadev->susclk)
2074                clk_disable_unprepare(qcadev->susclk);
2075
2076        hci_uart_unregister_device(&qcadev->serdev_hu);
2077}
2078
2079static void qca_serdev_shutdown(struct device *dev)
2080{
2081        int ret;
2082        int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS);
2083        struct serdev_device *serdev = to_serdev_device(dev);
2084        struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2085        const u8 ibs_wake_cmd[] = { 0xFD };
2086        const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 };
2087
2088        if (qcadev->btsoc_type == QCA_QCA6390) {
2089                serdev_device_write_flush(serdev);
2090                ret = serdev_device_write_buf(serdev, ibs_wake_cmd,
2091                                              sizeof(ibs_wake_cmd));
2092                if (ret < 0) {
2093                        BT_ERR("QCA send IBS_WAKE_IND error: %d", ret);
2094                        return;
2095                }
2096                serdev_device_wait_until_sent(serdev, timeout);
2097                usleep_range(8000, 10000);
2098
2099                serdev_device_write_flush(serdev);
2100                ret = serdev_device_write_buf(serdev, edl_reset_soc_cmd,
2101                                              sizeof(edl_reset_soc_cmd));
2102                if (ret < 0) {
2103                        BT_ERR("QCA send EDL_RESET_REQ error: %d", ret);
2104                        return;
2105                }
2106                serdev_device_wait_until_sent(serdev, timeout);
2107                usleep_range(8000, 10000);
2108        }
2109}
2110
2111static int __maybe_unused qca_suspend(struct device *dev)
2112{
2113        struct serdev_device *serdev = to_serdev_device(dev);
2114        struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2115        struct hci_uart *hu = &qcadev->serdev_hu;
2116        struct qca_data *qca = hu->priv;
2117        unsigned long flags;
2118        bool tx_pending = false;
2119        int ret = 0;
2120        u8 cmd;
2121        u32 wait_timeout = 0;
2122
2123        set_bit(QCA_SUSPENDING, &qca->flags);
2124
2125        /* if BT SoC is running with default firmware then it does not
2126         * support in-band sleep
2127         */
2128        if (test_bit(QCA_ROM_FW, &qca->flags))
2129                return 0;
2130
2131        /* During SSR after memory dump collection, controller will be
2132         * powered off and then powered on.If controller is powered off
2133         * during SSR then we should wait until SSR is completed.
2134         */
2135        if (test_bit(QCA_BT_OFF, &qca->flags) &&
2136            !test_bit(QCA_SSR_TRIGGERED, &qca->flags))
2137                return 0;
2138
2139        if (test_bit(QCA_IBS_DISABLED, &qca->flags) ||
2140            test_bit(QCA_SSR_TRIGGERED, &qca->flags)) {
2141                wait_timeout = test_bit(QCA_SSR_TRIGGERED, &qca->flags) ?
2142                                        IBS_DISABLE_SSR_TIMEOUT_MS :
2143                                        FW_DOWNLOAD_TIMEOUT_MS;
2144
2145                /* QCA_IBS_DISABLED flag is set to true, During FW download
2146                 * and during memory dump collection. It is reset to false,
2147                 * After FW download complete.
2148                 */
2149                wait_on_bit_timeout(&qca->flags, QCA_IBS_DISABLED,
2150                            TASK_UNINTERRUPTIBLE, msecs_to_jiffies(wait_timeout));
2151
2152                if (test_bit(QCA_IBS_DISABLED, &qca->flags)) {
2153                        bt_dev_err(hu->hdev, "SSR or FW download time out");
2154                        ret = -ETIMEDOUT;
2155                        goto error;
2156                }
2157        }
2158
2159        cancel_work_sync(&qca->ws_awake_device);
2160        cancel_work_sync(&qca->ws_awake_rx);
2161
2162        spin_lock_irqsave_nested(&qca->hci_ibs_lock,
2163                                 flags, SINGLE_DEPTH_NESTING);
2164
2165        switch (qca->tx_ibs_state) {
2166        case HCI_IBS_TX_WAKING:
2167                del_timer(&qca->wake_retrans_timer);
2168                fallthrough;
2169        case HCI_IBS_TX_AWAKE:
2170                del_timer(&qca->tx_idle_timer);
2171
2172                serdev_device_write_flush(hu->serdev);
2173                cmd = HCI_IBS_SLEEP_IND;
2174                ret = serdev_device_write_buf(hu->serdev, &cmd, sizeof(cmd));
2175
2176                if (ret < 0) {
2177                        BT_ERR("Failed to send SLEEP to device");
2178                        break;
2179                }
2180
2181                qca->tx_ibs_state = HCI_IBS_TX_ASLEEP;
2182                qca->ibs_sent_slps++;
2183                tx_pending = true;
2184                break;
2185
2186        case HCI_IBS_TX_ASLEEP:
2187                break;
2188
2189        default:
2190                BT_ERR("Spurious tx state %d", qca->tx_ibs_state);
2191                ret = -EINVAL;
2192                break;
2193        }
2194
2195        spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
2196
2197        if (ret < 0)
2198                goto error;
2199
2200        if (tx_pending) {
2201                serdev_device_wait_until_sent(hu->serdev,
2202                                              msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
2203                serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu);
2204        }
2205
2206        /* Wait for HCI_IBS_SLEEP_IND sent by device to indicate its Tx is going
2207         * to sleep, so that the packet does not wake the system later.
2208         */
2209        ret = wait_event_interruptible_timeout(qca->suspend_wait_q,
2210                        qca->rx_ibs_state == HCI_IBS_RX_ASLEEP,
2211                        msecs_to_jiffies(IBS_BTSOC_TX_IDLE_TIMEOUT_MS));
2212        if (ret == 0) {
2213                ret = -ETIMEDOUT;
2214                goto error;
2215        }
2216
2217        return 0;
2218
2219error:
2220        clear_bit(QCA_SUSPENDING, &qca->flags);
2221
2222        return ret;
2223}
2224
2225static int __maybe_unused qca_resume(struct device *dev)
2226{
2227        struct serdev_device *serdev = to_serdev_device(dev);
2228        struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2229        struct hci_uart *hu = &qcadev->serdev_hu;
2230        struct qca_data *qca = hu->priv;
2231
2232        clear_bit(QCA_SUSPENDING, &qca->flags);
2233
2234        return 0;
2235}
2236
2237static SIMPLE_DEV_PM_OPS(qca_pm_ops, qca_suspend, qca_resume);
2238
2239#ifdef CONFIG_OF
2240static const struct of_device_id qca_bluetooth_of_match[] = {
2241        { .compatible = "qcom,qca6174-bt" },
2242        { .compatible = "qcom,qca6390-bt", .data = &qca_soc_data_qca6390},
2243        { .compatible = "qcom,qca9377-bt" },
2244        { .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data_wcn3990},
2245        { .compatible = "qcom,wcn3991-bt", .data = &qca_soc_data_wcn3991},
2246        { .compatible = "qcom,wcn3998-bt", .data = &qca_soc_data_wcn3998},
2247        { /* sentinel */ }
2248};
2249MODULE_DEVICE_TABLE(of, qca_bluetooth_of_match);
2250#endif
2251
2252#ifdef CONFIG_ACPI
2253static const struct acpi_device_id qca_bluetooth_acpi_match[] = {
2254        { "QCOM6390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2255        { "DLA16390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2256        { "DLB16390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2257        { "DLB26390", (kernel_ulong_t)&qca_soc_data_qca6390 },
2258        { },
2259};
2260MODULE_DEVICE_TABLE(acpi, qca_bluetooth_acpi_match);
2261#endif
2262
2263
2264static struct serdev_device_driver qca_serdev_driver = {
2265        .probe = qca_serdev_probe,
2266        .remove = qca_serdev_remove,
2267        .driver = {
2268                .name = "hci_uart_qca",
2269                .of_match_table = of_match_ptr(qca_bluetooth_of_match),
2270                .acpi_match_table = ACPI_PTR(qca_bluetooth_acpi_match),
2271                .shutdown = qca_serdev_shutdown,
2272                .pm = &qca_pm_ops,
2273        },
2274};
2275
2276int __init qca_init(void)
2277{
2278        serdev_device_driver_register(&qca_serdev_driver);
2279
2280        return hci_uart_register_proto(&qca_proto);
2281}
2282
2283int __exit qca_deinit(void)
2284{
2285        serdev_device_driver_unregister(&qca_serdev_driver);
2286
2287        return hci_uart_unregister_proto(&qca_proto);
2288}
2289