From 9232259913022c1ab96f7bf2b87598b89b942f1f Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Tue, 21 Mar 2017 12:20:28 +0000 Subject: [PATCH 01/59] Bluetooth: btmrvl: fix spelling mistake: "unregester" -> "unregister" trivial fix to spelling mistake in debug message Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index 08e01f002bad..7d052ce2052b 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -1574,7 +1574,7 @@ static void btmrvl_sdio_remove(struct sdio_func *func) MODULE_SHUTDOWN_REQ); btmrvl_sdio_disable_host_int(card); } - BT_DBG("unregester dev"); + BT_DBG("unregister dev"); card->priv->surprise_removed = true; btmrvl_sdio_unregister_dev(card); btmrvl_remove_card(card->priv); From dab6b5daeeb3e70bfb2ed2d6d6f02dd387e3b338 Mon Sep 17 00:00:00 2001 From: Elena Reshetova Date: Fri, 17 Mar 2017 13:12:46 +0200 Subject: [PATCH 02/59] Bluetooth: convert rfcomm_dlc.refcnt from atomic_t to refcount_t refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: Hans Liljestrand Signed-off-by: Kees Cook Signed-off-by: David Windsor Signed-off-by: Marcel Holtmann --- include/net/bluetooth/rfcomm.h | 8 +++++--- net/bluetooth/rfcomm/core.c | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h index 4190af53a46a..da4acefe39c8 100644 --- a/include/net/bluetooth/rfcomm.h +++ b/include/net/bluetooth/rfcomm.h @@ -21,6 +21,8 @@ SOFTWARE IS DISCLAIMED. */ +#include + #ifndef __RFCOMM_H #define __RFCOMM_H @@ -174,7 +176,7 @@ struct rfcomm_dlc { struct mutex lock; unsigned long state; unsigned long flags; - atomic_t refcnt; + refcount_t refcnt; u8 dlci; u8 addr; u8 priority; @@ -247,12 +249,12 @@ struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel); static inline void rfcomm_dlc_hold(struct rfcomm_dlc *d) { - atomic_inc(&d->refcnt); + refcount_inc(&d->refcnt); } static inline void rfcomm_dlc_put(struct rfcomm_dlc *d) { - if (atomic_dec_and_test(&d->refcnt)) + if (refcount_dec_and_test(&d->refcnt)) rfcomm_dlc_free(d); } diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index f7eb02f09b54..8ebca9033d60 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -311,7 +311,7 @@ struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) skb_queue_head_init(&d->tx_queue); mutex_init(&d->lock); - atomic_set(&d->refcnt, 1); + refcount_set(&d->refcnt, 1); rfcomm_dlc_clear_state(d); @@ -342,7 +342,7 @@ static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) { struct rfcomm_session *s = d->session; - BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); + BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s); list_del(&d->list); d->session = NULL; From 730ce397cd38e1cce257a44493b6c90edf102824 Mon Sep 17 00:00:00 2001 From: John Keeping Date: Wed, 15 Mar 2017 12:20:05 +0000 Subject: [PATCH 03/59] Bluetooth: hci_bcm: Fix clock (un)prepare The hci_bcm driver currently does not prepare/unprepare the clock and goes directly to enable, but as the documentation for clk_enable says, clk_prepare must be called before clk_enable. Signed-off-by: John Keeping Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 5262a2077d7a..c7d3c6842bcf 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -146,13 +146,13 @@ static bool bcm_device_exists(struct bcm_device *device) static int bcm_gpio_set_power(struct bcm_device *dev, bool powered) { if (powered && !IS_ERR(dev->clk) && !dev->clk_enabled) - clk_enable(dev->clk); + clk_prepare_enable(dev->clk); gpiod_set_value(dev->shutdown, powered); gpiod_set_value(dev->device_wakeup, powered); if (!powered && !IS_ERR(dev->clk) && dev->clk_enabled) - clk_disable(dev->clk); + clk_disable_unprepare(dev->clk); dev->clk_enabled = powered; From c259d1413b195c57e708f324eed41668a37ba6ec Mon Sep 17 00:00:00 2001 From: Patrik Flykt Date: Sun, 12 Mar 2017 10:19:33 +0200 Subject: [PATCH 04/59] bluetooth: Set 6 byte device addresses Set BTLE MAC addresses that are 6 bytes long and not 8 bytes that are used in other places with 6lowpan. Signed-off-by: Patrik Flykt Signed-off-by: Luiz Augusto von Dentz Reviewed-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index d491529332f4..bad0e9d1ea20 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -80,6 +80,8 @@ struct lowpan_btle_dev { struct delayed_work notify_peers; }; +static void set_addr(u8 *eui, u8 *addr, u8 addr_type); + static inline struct lowpan_btle_dev * lowpan_btle_dev(const struct net_device *netdev) { @@ -272,9 +274,10 @@ static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev) static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, struct l2cap_chan *chan) { - const u8 *saddr, *daddr; + const u8 *saddr; struct lowpan_btle_dev *dev; struct lowpan_peer *peer; + unsigned char eui64_daddr[EUI64_ADDR_LEN]; dev = lowpan_btle_dev(netdev); @@ -285,9 +288,9 @@ static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, return -EINVAL; saddr = peer->eui64_addr; - daddr = dev->netdev->dev_addr; + set_addr(&eui64_daddr[0], chan->src.b, chan->src_type); - return lowpan_header_decompress(skb, netdev, daddr, saddr); + return lowpan_header_decompress(skb, netdev, &eui64_daddr, saddr); } static int recv_pkt(struct sk_buff *skb, struct net_device *dev, @@ -681,13 +684,6 @@ static void set_addr(u8 *eui, u8 *addr, u8 addr_type) BT_DBG("type %d addr %*phC", addr_type, 8, eui); } -static void set_dev_addr(struct net_device *netdev, bdaddr_t *addr, - u8 addr_type) -{ - netdev->addr_assign_type = NET_ADDR_PERM; - set_addr(netdev->dev_addr, addr->b, addr_type); -} - static void ifup(struct net_device *netdev) { int err; @@ -803,7 +799,8 @@ static int setup_netdev(struct l2cap_chan *chan, struct lowpan_btle_dev **dev) if (!netdev) return -ENOMEM; - set_dev_addr(netdev, &chan->src, chan->src_type); + netdev->addr_assign_type = NET_ADDR_PERM; + baswap((void *)netdev->dev_addr, &chan->src); netdev->netdev_ops = &netdev_ops; SET_NETDEV_DEV(netdev, &chan->conn->hcon->hdev->dev); From be054fc830ff70aced3533fffc6b851fa604d241 Mon Sep 17 00:00:00 2001 From: Patrik Flykt Date: Sun, 12 Mar 2017 10:19:34 +0200 Subject: [PATCH 05/59] 6lowpan: Set MAC address length according to LOWPAN_LLTYPE Set MAC address length according to the 6LoWPAN link layer in use. Bluetooth Low Energy uses 48 bit addressing while IEEE802.15.4 uses 64 bits. Signed-off-by: Patrik Flykt Reviewed-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- net/6lowpan/core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/6lowpan/core.c b/net/6lowpan/core.c index 5945f7e19c67..5f9909a2b58c 100644 --- a/net/6lowpan/core.c +++ b/net/6lowpan/core.c @@ -23,7 +23,16 @@ int lowpan_register_netdevice(struct net_device *dev, { int i, ret; - dev->addr_len = EUI64_ADDR_LEN; + switch (lltype) { + case LOWPAN_LLTYPE_IEEE802154: + dev->addr_len = EUI64_ADDR_LEN; + break; + + case LOWPAN_LLTYPE_BTLE: + dev->addr_len = ETH_ALEN; + break; + } + dev->type = ARPHRD_6LOWPAN; dev->mtu = IPV6_MIN_MTU; dev->priv_flags |= IFF_NO_QUEUE; From 94e4a68039cc0c9d6e5cf708819cb8c7e770ebbf Mon Sep 17 00:00:00 2001 From: Alexander Aring Date: Sun, 12 Mar 2017 10:19:35 +0200 Subject: [PATCH 06/59] 6lowpan: iphc: override l2 packet information The skb->pkt_type need to be set by L2, but on 6LoWPAN there exists L2 e.g. BTLE which doesn't has multicast addressing. If it's a multicast or not is detected by IPHC headers multicast bit. The IPv6 layer will evaluate this pkt_type, so we force set this type while uncompressing. Should be okay for 802.15.4 as well. Signed-off-by: Alexander Aring Reviewed-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- net/6lowpan/iphc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c index 79f1fa22509a..fb5f6fa8f1df 100644 --- a/net/6lowpan/iphc.c +++ b/net/6lowpan/iphc.c @@ -666,6 +666,8 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev, switch (iphc1 & (LOWPAN_IPHC_M | LOWPAN_IPHC_DAC)) { case LOWPAN_IPHC_M | LOWPAN_IPHC_DAC: + skb->pkt_type = PACKET_BROADCAST; + spin_lock_bh(&lowpan_dev(dev)->ctx.lock); ci = lowpan_iphc_ctx_get_by_id(dev, LOWPAN_IPHC_CID_DCI(cid)); if (!ci) { @@ -681,11 +683,15 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev, spin_unlock_bh(&lowpan_dev(dev)->ctx.lock); break; case LOWPAN_IPHC_M: + skb->pkt_type = PACKET_BROADCAST; + /* multicast */ err = lowpan_uncompress_multicast_daddr(skb, &hdr.daddr, iphc1 & LOWPAN_IPHC_DAM_MASK); break; case LOWPAN_IPHC_DAC: + skb->pkt_type = PACKET_HOST; + spin_lock_bh(&lowpan_dev(dev)->ctx.lock); ci = lowpan_iphc_ctx_get_by_id(dev, LOWPAN_IPHC_CID_DCI(cid)); if (!ci) { @@ -701,6 +707,8 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev, spin_unlock_bh(&lowpan_dev(dev)->ctx.lock); break; default: + skb->pkt_type = PACKET_HOST; + err = lowpan_iphc_uncompress_addr(skb, dev, &hdr.daddr, iphc1 & LOWPAN_IPHC_DAM_MASK, daddr); From 8a7a4b476719df1e06f8eae837b13bdf79908843 Mon Sep 17 00:00:00 2001 From: Alexander Aring Date: Sun, 12 Mar 2017 10:19:36 +0200 Subject: [PATCH 07/59] ipv6: addrconf: fix 48 bit 6lowpan autoconfiguration This patch adds support for 48 bit 6LoWPAN address length autoconfiguration which is the case for BTLE 6LoWPAN. Signed-off-by: Alexander Aring Signed-off-by: Luiz Augusto von Dentz Reviewed-by: Stefan Schmidt Acked-by: David S. Miller Signed-off-by: Marcel Holtmann --- net/ipv6/addrconf.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 67ec87ea5fb6..b22796e707d3 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2073,12 +2073,19 @@ static void addrconf_leave_anycast(struct inet6_ifaddr *ifp) __ipv6_dev_ac_dec(ifp->idev, &addr); } -static int addrconf_ifid_eui64(u8 *eui, struct net_device *dev) +static int addrconf_ifid_6lowpan(u8 *eui, struct net_device *dev) { - if (dev->addr_len != EUI64_ADDR_LEN) + switch (dev->addr_len) { + case ETH_ALEN: + return addrconf_ifid_eui48(eui, dev); + case EUI64_ADDR_LEN: + memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN); + eui[0] ^= 2; + break; + default: return -1; - memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN); - eui[0] ^= 2; + } + return 0; } @@ -2170,7 +2177,7 @@ static int ipv6_generate_eui64(u8 *eui, struct net_device *dev) case ARPHRD_TUNNEL: return addrconf_ifid_gre(eui, dev); case ARPHRD_6LOWPAN: - return addrconf_ifid_eui64(eui, dev); + return addrconf_ifid_6lowpan(eui, dev); case ARPHRD_IEEE1394: return addrconf_ifid_ieee1394(eui, dev); case ARPHRD_TUNNEL6: From fa09ae661fb5ab6f9826545d5128f2b7393bcf4a Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Sun, 12 Mar 2017 10:19:37 +0200 Subject: [PATCH 08/59] 6lowpan: Use netdev addr_len to determine lladdr len This allow technologies such as Bluetooth to use its native lladdr which is eui48 instead of eui64 which was expected by functions like lowpan_header_decompress and lowpan_header_compress. Signed-off-by: Luiz Augusto von Dentz Reviewed-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- include/net/6lowpan.h | 19 ++++++++++++++++ net/6lowpan/iphc.c | 49 ++++++++++++++++++++++++++++++++--------- net/bluetooth/6lowpan.c | 42 +++++------------------------------ 3 files changed, 63 insertions(+), 47 deletions(-) diff --git a/include/net/6lowpan.h b/include/net/6lowpan.h index 5ab4c9901ccc..c5792cb6c3eb 100644 --- a/include/net/6lowpan.h +++ b/include/net/6lowpan.h @@ -198,6 +198,25 @@ static inline void lowpan_iphc_uncompress_eui64_lladdr(struct in6_addr *ipaddr, ipaddr->s6_addr[8] ^= 0x02; } +static inline void lowpan_iphc_uncompress_eui48_lladdr(struct in6_addr *ipaddr, + const void *lladdr) +{ + /* fe:80::XXXX:XXff:feXX:XXXX + * \_________________/ + * hwaddr + */ + ipaddr->s6_addr[0] = 0xFE; + ipaddr->s6_addr[1] = 0x80; + memcpy(&ipaddr->s6_addr[8], lladdr, 3); + ipaddr->s6_addr[11] = 0xFF; + ipaddr->s6_addr[12] = 0xFE; + memcpy(&ipaddr->s6_addr[13], lladdr + 3, 3); + /* second bit-flip (Universe/Local) + * is done according RFC2464 + */ + ipaddr->s6_addr[8] ^= 0x02; +} + #ifdef DEBUG /* print data in line */ static inline void raw_dump_inline(const char *caller, char *msg, diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c index fb5f6fa8f1df..6b1042e21656 100644 --- a/net/6lowpan/iphc.c +++ b/net/6lowpan/iphc.c @@ -278,6 +278,23 @@ lowpan_iphc_ctx_get_by_mcast_addr(const struct net_device *dev, return ret; } +static void lowpan_iphc_uncompress_lladdr(const struct net_device *dev, + struct in6_addr *ipaddr, + const void *lladdr) +{ + switch (dev->addr_len) { + case ETH_ALEN: + lowpan_iphc_uncompress_eui48_lladdr(ipaddr, lladdr); + break; + case EUI64_ADDR_LEN: + lowpan_iphc_uncompress_eui64_lladdr(ipaddr, lladdr); + break; + default: + WARN_ON_ONCE(1); + break; + } +} + /* Uncompress address function for source and * destination address(non-multicast). * @@ -320,7 +337,7 @@ static int lowpan_iphc_uncompress_addr(struct sk_buff *skb, lowpan_iphc_uncompress_802154_lladdr(ipaddr, lladdr); break; default: - lowpan_iphc_uncompress_eui64_lladdr(ipaddr, lladdr); + lowpan_iphc_uncompress_lladdr(dev, ipaddr, lladdr); break; } break; @@ -381,7 +398,7 @@ static int lowpan_iphc_uncompress_ctx_addr(struct sk_buff *skb, lowpan_iphc_uncompress_802154_lladdr(ipaddr, lladdr); break; default: - lowpan_iphc_uncompress_eui64_lladdr(ipaddr, lladdr); + lowpan_iphc_uncompress_lladdr(dev, ipaddr, lladdr); break; } ipv6_addr_prefix_copy(ipaddr, &ctx->pfx, ctx->plen); @@ -810,6 +827,21 @@ lowpan_iphc_compress_ctx_802154_lladdr(const struct in6_addr *ipaddr, return lladdr_compress; } +static bool lowpan_iphc_addr_equal(const struct net_device *dev, + const struct lowpan_iphc_ctx *ctx, + const struct in6_addr *ipaddr, + const void *lladdr) +{ + struct in6_addr tmp = {}; + + lowpan_iphc_uncompress_lladdr(dev, &tmp, lladdr); + + if (ctx) + ipv6_addr_prefix_copy(&tmp, &ctx->pfx, ctx->plen); + + return ipv6_addr_equal(&tmp, ipaddr); +} + static u8 lowpan_compress_ctx_addr(u8 **hc_ptr, const struct net_device *dev, const struct in6_addr *ipaddr, const struct lowpan_iphc_ctx *ctx, @@ -827,13 +859,7 @@ static u8 lowpan_compress_ctx_addr(u8 **hc_ptr, const struct net_device *dev, } break; default: - /* check for SAM/DAM = 11 */ - memcpy(&tmp.s6_addr[8], lladdr, EUI64_ADDR_LEN); - /* second bit-flip (Universe/Local) is done according RFC2464 */ - tmp.s6_addr[8] ^= 0x02; - /* context information are always used */ - ipv6_addr_prefix_copy(&tmp, &ctx->pfx, ctx->plen); - if (ipv6_addr_equal(&tmp, ipaddr)) { + if (lowpan_iphc_addr_equal(dev, ctx, ipaddr, lladdr)) { dam = LOWPAN_IPHC_DAM_11; goto out; } @@ -929,11 +955,12 @@ static u8 lowpan_compress_addr_64(u8 **hc_ptr, const struct net_device *dev, } break; default: - if (is_addr_mac_addr_based(ipaddr, lladdr)) { - dam = LOWPAN_IPHC_DAM_11; /* 0-bits */ + if (lowpan_iphc_addr_equal(dev, NULL, ipaddr, lladdr)) { + dam = LOWPAN_IPHC_DAM_11; pr_debug("address compression 0 bits\n"); goto out; } + break; } diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index bad0e9d1ea20..54bf4d765a7d 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -64,7 +64,7 @@ struct lowpan_peer { struct l2cap_chan *chan; /* peer addresses in various formats */ - unsigned char eui64_addr[EUI64_ADDR_LEN]; + unsigned char lladdr[ETH_ALEN]; struct in6_addr peer_addr; }; @@ -80,8 +80,6 @@ struct lowpan_btle_dev { struct delayed_work notify_peers; }; -static void set_addr(u8 *eui, u8 *addr, u8 addr_type); - static inline struct lowpan_btle_dev * lowpan_btle_dev(const struct net_device *netdev) { @@ -277,7 +275,6 @@ static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, const u8 *saddr; struct lowpan_btle_dev *dev; struct lowpan_peer *peer; - unsigned char eui64_daddr[EUI64_ADDR_LEN]; dev = lowpan_btle_dev(netdev); @@ -287,10 +284,9 @@ static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, if (!peer) return -EINVAL; - saddr = peer->eui64_addr; - set_addr(&eui64_daddr[0], chan->src.b, chan->src_type); + saddr = peer->lladdr; - return lowpan_header_decompress(skb, netdev, &eui64_daddr, saddr); + return lowpan_header_decompress(skb, netdev, netdev->dev_addr, saddr); } static int recv_pkt(struct sk_buff *skb, struct net_device *dev, @@ -477,7 +473,7 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev, } } - daddr = peer->eui64_addr; + daddr = peer->lladdr; *peer_addr = addr; *peer_addr_type = addr_type; lowpan_cb(skb)->chan = peer->chan; @@ -663,27 +659,6 @@ static struct device_type bt_type = { .name = "bluetooth", }; -static void set_addr(u8 *eui, u8 *addr, u8 addr_type) -{ - /* addr is the BT address in little-endian format */ - eui[0] = addr[5]; - eui[1] = addr[4]; - eui[2] = addr[3]; - eui[3] = 0xFF; - eui[4] = 0xFE; - eui[5] = addr[2]; - eui[6] = addr[1]; - eui[7] = addr[0]; - - /* Universal/local bit set, BT 6lowpan draft ch. 3.2.1 */ - if (addr_type == BDADDR_LE_PUBLIC) - eui[0] &= ~0x02; - else - eui[0] |= 0x02; - - BT_DBG("type %d addr %*phC", addr_type, 8, eui); -} - static void ifup(struct net_device *netdev) { int err; @@ -762,14 +737,9 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, peer->chan = chan; memset(&peer->peer_addr, 0, sizeof(struct in6_addr)); - /* RFC 2464 ch. 5 */ - peer->peer_addr.s6_addr[0] = 0xFE; - peer->peer_addr.s6_addr[1] = 0x80; - set_addr((u8 *)&peer->peer_addr.s6_addr + 8, chan->dst.b, - chan->dst_type); + baswap((void *)peer->lladdr, &chan->dst); - memcpy(&peer->eui64_addr, (u8 *)&peer->peer_addr.s6_addr + 8, - EUI64_ADDR_LEN); + lowpan_iphc_uncompress_eui48_lladdr(&peer->peer_addr, peer->lladdr); /* IPv6 address needs to have the U/L bit set properly so toggle * it back here. From 9dae2e030319811e9cdaa260faaa151cf0866186 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Sun, 12 Mar 2017 10:19:38 +0200 Subject: [PATCH 09/59] 6lowpan: Fix IID format for Bluetooth According to RFC 7668 U/L bit shall not be used: https://wiki.tools.ietf.org/html/rfc7668#section-3.2.2 [Page 10]: In the figure, letter 'b' represents a bit from the Bluetooth device address, copied as is without any changes on any bit. This means that no bit in the IID indicates whether the underlying Bluetooth device address is public or random. |0 1|1 3|3 4|4 6| |0 5|6 1|2 7|8 3| +----------------+----------------+----------------+----------------+ |bbbbbbbbbbbbbbbb|bbbbbbbb11111111|11111110bbbbbbbb|bbbbbbbbbbbbbbbb| +----------------+----------------+----------------+----------------+ Because of this the code cannot figure out the address type from the IP address anymore thus it makes no sense to use peer_lookup_ba as it needs the peer address type. Signed-off-by: Luiz Augusto von Dentz Reviewed-by: Stefan Schmidt Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- include/net/6lowpan.h | 4 --- net/bluetooth/6lowpan.c | 79 +++++++---------------------------------- net/ipv6/addrconf.c | 6 +++- 3 files changed, 17 insertions(+), 72 deletions(-) diff --git a/include/net/6lowpan.h b/include/net/6lowpan.h index c5792cb6c3eb..a71378007e61 100644 --- a/include/net/6lowpan.h +++ b/include/net/6lowpan.h @@ -211,10 +211,6 @@ static inline void lowpan_iphc_uncompress_eui48_lladdr(struct in6_addr *ipaddr, ipaddr->s6_addr[11] = 0xFF; ipaddr->s6_addr[12] = 0xFE; memcpy(&ipaddr->s6_addr[13], lladdr + 3, 3); - /* second bit-flip (Universe/Local) - * is done according RFC2464 - */ - ipaddr->s6_addr[8] ^= 0x02; } #ifdef DEBUG diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 54bf4d765a7d..24348c8579dd 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -398,37 +398,6 @@ static int chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) return err; } -static u8 get_addr_type_from_eui64(u8 byte) -{ - /* Is universal(0) or local(1) bit */ - return ((byte & 0x02) ? BDADDR_LE_RANDOM : BDADDR_LE_PUBLIC); -} - -static void copy_to_bdaddr(struct in6_addr *ip6_daddr, bdaddr_t *addr) -{ - u8 *eui64 = ip6_daddr->s6_addr + 8; - - addr->b[0] = eui64[7]; - addr->b[1] = eui64[6]; - addr->b[2] = eui64[5]; - addr->b[3] = eui64[2]; - addr->b[4] = eui64[1]; - addr->b[5] = eui64[0]; -} - -static void convert_dest_bdaddr(struct in6_addr *ip6_daddr, - bdaddr_t *addr, u8 *addr_type) -{ - copy_to_bdaddr(ip6_daddr, addr); - - /* We need to toggle the U/L bit that we got from IPv6 address - * so that we get the proper address and type of the BD address. - */ - addr->b[5] ^= 0x02; - - *addr_type = get_addr_type_from_eui64(addr->b[5]); -} - static int setup_header(struct sk_buff *skb, struct net_device *netdev, bdaddr_t *peer_addr, u8 *peer_addr_type) { @@ -436,8 +405,7 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev, struct ipv6hdr *hdr; struct lowpan_btle_dev *dev; struct lowpan_peer *peer; - bdaddr_t addr, *any = BDADDR_ANY; - u8 *daddr = any->b; + u8 *daddr; int err, status = 0; hdr = ipv6_hdr(skb); @@ -448,34 +416,24 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev, if (ipv6_addr_is_multicast(&ipv6_daddr)) { lowpan_cb(skb)->chan = NULL; + daddr = NULL; } else { - u8 addr_type; + BT_DBG("dest IP %pI6c", &ipv6_daddr); - /* Get destination BT device from skb. - * If there is no such peer then discard the packet. + /* The packet might be sent to 6lowpan interface + * because of routing (either via default route + * or user set route) so get peer according to + * the destination address. */ - convert_dest_bdaddr(&ipv6_daddr, &addr, &addr_type); - - BT_DBG("dest addr %pMR type %d IP %pI6c", &addr, - addr_type, &ipv6_daddr); - - peer = peer_lookup_ba(dev, &addr, addr_type); + peer = peer_lookup_dst(dev, &ipv6_daddr, skb); if (!peer) { - /* The packet might be sent to 6lowpan interface - * because of routing (either via default route - * or user set route) so get peer according to - * the destination address. - */ - peer = peer_lookup_dst(dev, &ipv6_daddr, skb); - if (!peer) { - BT_DBG("no such peer %pMR found", &addr); - return -ENOENT; - } + BT_DBG("no such peer"); + return -ENOENT; } daddr = peer->lladdr; - *peer_addr = addr; - *peer_addr_type = addr_type; + peer_addr = &peer->chan->dst; + *peer_addr_type = peer->chan->dst_type; lowpan_cb(skb)->chan = peer->chan; status = 1; @@ -717,14 +675,6 @@ static struct l2cap_chan *chan_create(void) return chan; } -static void set_ip_addr_bits(u8 addr_type, u8 *addr) -{ - if (addr_type == BDADDR_LE_PUBLIC) - *addr |= 0x02; - else - *addr &= ~0x02; -} - static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, struct lowpan_btle_dev *dev) { @@ -741,11 +691,6 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, lowpan_iphc_uncompress_eui48_lladdr(&peer->peer_addr, peer->lladdr); - /* IPv6 address needs to have the U/L bit set properly so toggle - * it back here. - */ - set_ip_addr_bits(chan->dst_type, (u8 *)&peer->peer_addr.s6_addr + 8); - spin_lock(&devices_lock); INIT_LIST_HEAD(&peer->list); peer_add(dev, peer); diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index b22796e707d3..3650f6e829e8 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2077,7 +2077,11 @@ static int addrconf_ifid_6lowpan(u8 *eui, struct net_device *dev) { switch (dev->addr_len) { case ETH_ALEN: - return addrconf_ifid_eui48(eui, dev); + memcpy(eui, dev->dev_addr, 3); + eui[3] = 0xFF; + eui[4] = 0xFE; + memcpy(eui + 5, dev->dev_addr + 3, 3); + break; case EUI64_ADDR_LEN: memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN); eui[0] ^= 2; From 459848564f5186bf033a5c1cc33c2cb3b284066e Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Sat, 11 Mar 2017 08:46:58 +0800 Subject: [PATCH 10/59] Bluetooth: bluecard: use setup_timer Use setup_timer() instead of init_timer() to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: Marcel Holtmann --- drivers/bluetooth/bluecard_cs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c index c0b3b5576992..007c0a45f31b 100644 --- a/drivers/bluetooth/bluecard_cs.c +++ b/drivers/bluetooth/bluecard_cs.c @@ -695,9 +695,8 @@ static int bluecard_open(struct bluecard_info *info) spin_lock_init(&(info->lock)); - init_timer(&(info->timer)); - info->timer.function = &bluecard_activity_led_timeout; - info->timer.data = (u_long)info; + setup_timer(&(info->timer), &bluecard_activity_led_timeout, + (u_long)info); skb_queue_head_init(&(info->txq)); From e163376220169170f3945703a600083f1792aaf8 Mon Sep 17 00:00:00 2001 From: Dean Jenkins Date: Fri, 10 Mar 2017 11:34:45 +0000 Subject: [PATCH 11/59] Bluetooth: Handle bt_accept_enqueue() socket atomically There is a small risk that bt_accept_unlink() runs concurrently with bt_accept_enqueue() on the same socket. This scenario could potentially lead to a NULL pointer dereference of the socket's parent member because the socket can be on the list but the socket's parent member is not yet updated by bt_accept_enqueue(). Therefore, add socket locking inside bt_accept_enqueue() so that the socket is added to the list AND the parent's socket address is set in the socket's parent member. The socket locking ensures that the socket is on the list with a valid non-NULL parent member. Signed-off-by: Dean Jenkins Signed-off-by: Marcel Holtmann --- net/bluetooth/af_bluetooth.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 69e1f7d362a8..a374fd27b5e1 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -159,8 +159,10 @@ void bt_accept_enqueue(struct sock *parent, struct sock *sk) BT_DBG("parent %p, sk %p", parent, sk); sock_hold(sk); + lock_sock(sk); list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q); bt_sk(sk)->parent = parent; + release_sock(sk); parent->sk_ack_backlog++; } EXPORT_SYMBOL(bt_accept_enqueue); From 27bfbc21a0c0f711fa5382de026c7c0700c9ea28 Mon Sep 17 00:00:00 2001 From: Dean Jenkins Date: Fri, 10 Mar 2017 11:34:46 +0000 Subject: [PATCH 12/59] Bluetooth: Avoid bt_accept_unlink() double unlinking There is a race condition between a thread calling bt_accept_dequeue() and a different thread calling bt_accept_unlink(). Protection against concurrency is implemented using sk locking. However, sk locking causes serialisation of the bt_accept_dequeue() and bt_accept_unlink() threads. This serialisation can cause bt_accept_dequeue() to obtain the sk from the parent list but becomes blocked waiting for the sk lock held by the bt_accept_unlink() thread. bt_accept_unlink() unlinks sk and this thread releases the sk lock unblocking bt_accept_dequeue() which potentially runs bt_accept_unlink() again on the same sk causing a crash. The attempt to double unlink the same sk from the parent list can cause a NULL pointer dereference crash due to bt_sk(sk)->parent becoming NULL on the first unlink, followed by the second unlink trying to execute bt_sk(sk)->parent->sk_ack_backlog-- in bt_accept_unlink() which crashes. When sk is in the parent list, bt_sk(sk)->parent will be not be NULL. When sk is removed from the parent list, bt_sk(sk)->parent is set to NULL. Therefore, add a defensive check for bt_sk(sk)->parent not being NULL to ensure that sk is still in the parent list after the sk lock has been taken in bt_accept_dequeue(). If bt_sk(sk)->parent is detected as being NULL then restart the loop so that the loop variables are refreshed to use the latest values. This is necessary as list_for_each_entry_safe() is not thread safe so causing a risk of an infinite loop occurring as sk could point to itself. In addition, in bt_accept_dequeue() increase the sk reference count to protect against early freeing of sk. Early freeing can be possible if the bt_accept_unlink() thread calls l2cap_sock_kill() or rfcomm_sock_kill() functions before bt_accept_dequeue() gets the sk lock. For test purposes, the probability of failure can be increased by putting a msleep of 1 second in bt_accept_dequeue() between getting the sk and waiting for the sk lock. This exposes the fact that the loop list_for_each_entry_safe(p, n, &bt_sk(parent)->accept_q) is not safe from threads that unlink sk from the list in parallel with the loop which can cause sk to become stale within the loop. Signed-off-by: Dean Jenkins Signed-off-by: Marcel Holtmann --- net/bluetooth/af_bluetooth.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index a374fd27b5e1..42d0997e2fbb 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -167,6 +167,9 @@ void bt_accept_enqueue(struct sock *parent, struct sock *sk) } EXPORT_SYMBOL(bt_accept_enqueue); +/* Calling function must hold the sk lock. + * bt_sk(sk)->parent must be non-NULL meaning sk is in the parent list. + */ void bt_accept_unlink(struct sock *sk) { BT_DBG("sk %p state %d", sk, sk->sk_state); @@ -185,11 +188,32 @@ struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock) BT_DBG("parent %p", parent); +restart: list_for_each_entry_safe(s, n, &bt_sk(parent)->accept_q, accept_q) { sk = (struct sock *)s; + /* Prevent early freeing of sk due to unlink and sock_kill */ + sock_hold(sk); lock_sock(sk); + /* Check sk has not already been unlinked via + * bt_accept_unlink() due to serialisation caused by sk locking + */ + if (!bt_sk(sk)->parent) { + BT_DBG("sk %p, already unlinked", sk); + release_sock(sk); + sock_put(sk); + + /* Restart the loop as sk is no longer in the list + * and also avoid a potential infinite loop because + * list_for_each_entry_safe() is not thread safe. + */ + goto restart; + } + + /* sk is safely in the parent list so reduce reference count */ + sock_put(sk); + /* FIXME: Is this check still needed */ if (sk->sk_state == BT_CLOSED) { bt_accept_unlink(sk); From d8edd9ed156a1a840f1b1c2dbbf458684d6eea6e Mon Sep 17 00:00:00 2001 From: Marcin Kraglak Date: Wed, 8 Mar 2017 14:09:41 +0100 Subject: [PATCH 13/59] Bluetooth: L2CAP: Fix L2CAP_CR_SCID_IN_USE value Fix issue found during L2CAP qualification test TP/LE/CFC/BV-20-C. Signed-off-by: Marcin Kraglak Signed-off-by: Marcel Holtmann --- include/net/bluetooth/l2cap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index 5ee3c689c863..0697fd413087 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -282,7 +282,7 @@ struct l2cap_conn_rsp { #define L2CAP_CR_BAD_KEY_SIZE 0x0007 #define L2CAP_CR_ENCRYPTION 0x0008 #define L2CAP_CR_INVALID_SCID 0x0009 -#define L2CAP_CR_SCID_IN_USE 0x0010 +#define L2CAP_CR_SCID_IN_USE 0x000A /* connect/create channel status */ #define L2CAP_CS_NO_INFO 0x0000 From 9268834b60c0b08101c7a8522b6901cf4cd57a14 Mon Sep 17 00:00:00 2001 From: Tedd Ho-Jeong An Date: Mon, 6 Mar 2017 15:38:26 -0800 Subject: [PATCH 14/59] Bluetooth: Use switch statement for Intel hardware variants Multiple new hardware variants are planned and the simple if statement would get really complicated and unreadable. So instead replace it with a simple switch statement. The change is applied to both USB and UART. Based-on-patch-by: Marcel Holtmann Signed-off-by: Tedd Ho-Jeong An Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btusb.c | 10 +++++++--- drivers/bluetooth/hci_intel.c | 17 +++++++++++------ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 1c8094ef3f22..b599be805eb3 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -2024,13 +2024,17 @@ static int btusb_setup_intel_new(struct hci_dev *hdev) return -EINVAL; } - /* At the moment the iBT 3.0 hardware variants 0x0b (LnP/SfP) - * and 0x0c (WsP) are supported by this firmware loading method. + /* Check for supported iBT hardware variants of this firmware + * loading method. * * This check has been put in place to ensure correct forward * compatibility options when newer hardware variants come along. */ - if (ver.hw_variant != 0x0b && ver.hw_variant != 0x0c) { + switch (ver.hw_variant) { + case 0x0b: /* SfP */ + case 0x0c: /* WsP */ + break; + default: BT_ERR("%s: Unsupported Intel hardware variant (%u)", hdev->name, ver.hw_variant); return -EINVAL; diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c index 9e271286c5e5..bfd718c58d99 100644 --- a/drivers/bluetooth/hci_intel.c +++ b/drivers/bluetooth/hci_intel.c @@ -601,12 +601,17 @@ static int intel_setup(struct hci_uart *hu) return -EINVAL; } - /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is - * supported by this firmware loading method. This check has been - * put in place to ensure correct forward compatibility options - * when newer hardware variants come along. - */ - if (ver.hw_variant != 0x0b) { + /* Check for supported iBT hardware variants of this firmware + * loading method. + * + * This check has been put in place to ensure correct forward + * compatibility options when newer hardware variants come along. + */ + switch (ver.hw_variant) { + case 0x0b: /* LnP */ + case 0x0c: /* WsP */ + break; + default: bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", ver.hw_variant); return -EINVAL; From de766142e3a5fcb67096e24ca4233a7f60999468 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Mon, 6 Mar 2017 15:38:28 -0800 Subject: [PATCH 15/59] Bluetooth: btusb: Add support for Intel Bluetooth devices 9160/9260 [8087:0025] The new Bluetooth devices 9160/9260 (also known as ThunderPeak) devices from Intel use the same firmware loading mechanism as previous generation. So include the new USB product identifier and whitelist the hardware variant. T: Bus=02 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 8 Spd=12 MxCh= 0 D: Ver= 2.01 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=8087 ProdID=0025 Rev= 0.02 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms Bluetooth: hci0: Bootloader revision 0.1 build 42 week 52 2015 Bluetooth: hci0: Device revision is 2 Bluetooth: hci0: Secure boot is enabled Bluetooth: hci0: OTP lock is disabled Bluetooth: hci0: API lock is disabled Bluetooth: hci0: Debug lock is disabled Bluetooth: hci0: Minimum firmware build 1 week 10 2014 < HCI Command: Read Local Version Information (0x04|0x0001) plen 0 > HCI Event: Command Complete (0x0e) plen 12 Read Local Version Information (0x04|0x0001) ncmd 1 Status: Success (0x00) HCI version: Bluetooth 5.0 (0x09) - Revision 256 (0x0100) LMP version: Bluetooth 5.0 (0x09) - Subversion 256 (0x0100) Manufacturer: Intel Corp. (2) Based on original patch from Jaya Praveen G Signed-off-by: Marcel Holtmann Tested-by: Tedd Ho-Jeong An Signed-off-by: Tedd Ho-Jeong An Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index b599be805eb3..90219dc1b90b 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -328,6 +328,7 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, /* Intel Bluetooth devices */ + { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW }, { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, @@ -2033,6 +2034,7 @@ static int btusb_setup_intel_new(struct hci_dev *hdev) switch (ver.hw_variant) { case 0x0b: /* SfP */ case 0x0c: /* WsP */ + case 0x12: /* ThP */ break; default: BT_ERR("%s: Unsupported Intel hardware variant (%u)", From b7da6a69defd195da66bfd6b35efeb376a252557 Mon Sep 17 00:00:00 2001 From: Tedd Ho-Jeong An Date: Mon, 6 Mar 2017 15:38:32 -0800 Subject: [PATCH 16/59] Bluetooth: hci_intel: Fix firmware file name to use hw_variant The format of Intel Bluetooth firmware for bootloader product is ibt--.sfi and .ddc. This patch uses a hw_variant value read from the device during runtime to form the firmware filenames instead of using a constant value, so it can support multiple prouducts. Signed-off-by: Tedd Ho-Jeong An Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_intel.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c index bfd718c58d99..71d0850fab10 100644 --- a/drivers/bluetooth/hci_intel.c +++ b/drivers/bluetooth/hci_intel.c @@ -704,11 +704,14 @@ static int intel_setup(struct hci_uart *hu) /* With this Intel bootloader only the hardware variant and device * revision information are used to select the right firmware. * - * Currently this bootloader support is limited to hardware variant - * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). + * The firmware filename is ibt--.sfi. + * + * Currently the supported hardware variants are: + * 11 (0x0b) for iBT 3.0 (LnP/SfP) */ - snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", - le16_to_cpu(params->dev_revid)); + snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", + le16_to_cpu(ver.hw_variant), + le16_to_cpu(params->dev_revid)); err = request_firmware(&fw, fwname, &hdev->dev); if (err < 0) { @@ -721,8 +724,9 @@ static int intel_setup(struct hci_uart *hu) bt_dev_info(hdev, "Found device firmware: %s", fwname); /* Save the DDC file name for later */ - snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.ddc", - le16_to_cpu(params->dev_revid)); + snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", + le16_to_cpu(ver.hw_variant), + le16_to_cpu(params->dev_revid)); kfree_skb(skb); From 6c7bb7ebb58c0e17b11aebf928ffc5c295959a01 Mon Sep 17 00:00:00 2001 From: Tedd Ho-Jeong An Date: Mon, 6 Mar 2017 15:38:35 -0800 Subject: [PATCH 17/59] Bluetooth: hci_intel: Add support Intel Bluetooth device 9160/9260 for UART This patch adds support for Intel Bluetooth device 9160/9260 also known as ThunderPeak(ThP) for UART. Signed-off-by: Tedd Ho-Jeong An Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_intel.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c index 71d0850fab10..d915e7eee233 100644 --- a/drivers/bluetooth/hci_intel.c +++ b/drivers/bluetooth/hci_intel.c @@ -610,6 +610,7 @@ static int intel_setup(struct hci_uart *hu) switch (ver.hw_variant) { case 0x0b: /* LnP */ case 0x0c: /* WsP */ + case 0x12: /* ThP */ break; default: bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", From cd50361c21b788a29f4661a6c49260eac2b13435 Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Wed, 1 Mar 2017 15:10:53 +0000 Subject: [PATCH 18/59] Bluetooth: fix assignments on error variable err Variable err is being initialized to zero and then later being set to the error return from the call to hci_req_run_skb; hence we can remove the redundant initialization to zero. Also on two occassions err is not being set from the error return from the call to hci_req_run_skb, so add these missing assignments. Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann --- net/bluetooth/amp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c index 02a4ccc04e1e..ebcab5bbadd7 100644 --- a/net/bluetooth/amp.c +++ b/net/bluetooth/amp.c @@ -263,7 +263,7 @@ void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle) struct hci_cp_read_local_amp_assoc cp; struct amp_assoc *loc_assoc = &hdev->loc_assoc; struct hci_request req; - int err = 0; + int err; BT_DBG("%s handle %d", hdev->name, phy_handle); @@ -282,7 +282,7 @@ void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr) { struct hci_cp_read_local_amp_assoc cp; struct hci_request req; - int err = 0; + int err; memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc)); memset(&cp, 0, sizeof(cp)); @@ -292,7 +292,7 @@ void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr) set_bit(READ_LOC_AMP_ASSOC, &mgr->state); hci_req_init(&req, hdev); hci_req_add(&req, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); - hci_req_run_skb(&req, read_local_amp_assoc_complete); + err = hci_req_run_skb(&req, read_local_amp_assoc_complete); if (err < 0) a2mp_send_getampassoc_rsp(hdev, A2MP_STATUS_INVALID_CTRL_ID); } @@ -303,7 +303,7 @@ void amp_read_loc_assoc_final_data(struct hci_dev *hdev, struct hci_cp_read_local_amp_assoc cp; struct amp_mgr *mgr = hcon->amp_mgr; struct hci_request req; - int err = 0; + int err; cp.phy_handle = hcon->handle; cp.len_so_far = cpu_to_le16(0); @@ -314,7 +314,7 @@ void amp_read_loc_assoc_final_data(struct hci_dev *hdev, /* Read Local AMP Assoc final link information data */ hci_req_init(&req, hdev); hci_req_add(&req, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); - hci_req_run_skb(&req, read_local_amp_assoc_complete); + err = hci_req_run_skb(&req, read_local_amp_assoc_complete); if (err < 0) a2mp_send_getampassoc_rsp(hdev, A2MP_STATUS_INVALID_CTRL_ID); } From b48c3b59a32932d80e3032e2e97eb2751208390a Mon Sep 17 00:00:00 2001 From: Jonas Holmberg Date: Thu, 23 Feb 2017 15:17:02 +0100 Subject: [PATCH 19/59] Bluetooth: Change initial min and max interval Use the initial connection interval recommended in Bluetooth Specification v4.2 (30ms - 50ms). Signed-off-by: Jonas Holmberg Signed-off-by: Marcel Holtmann --- net/bluetooth/hci_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 3ac89e9ace71..05686776a5fb 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2950,8 +2950,8 @@ struct hci_dev *hci_alloc_dev(void) hdev->le_adv_max_interval = 0x0800; hdev->le_scan_interval = 0x0060; hdev->le_scan_window = 0x0030; - hdev->le_conn_min_interval = 0x0028; - hdev->le_conn_max_interval = 0x0038; + hdev->le_conn_min_interval = 0x0018; + hdev->le_conn_max_interval = 0x0028; hdev->le_conn_latency = 0x0000; hdev->le_supv_timeout = 0x002a; hdev->le_def_tx_len = 0x001b; From 1eef1c35006e69755330e721bf0789bbe0b1f7d3 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 20 Feb 2017 12:32:22 -0500 Subject: [PATCH 20/59] Bluetooth: Added support for Rivet Networks Killer 1535 Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btusb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 90219dc1b90b..eb78d235a34a 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -262,6 +262,7 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, + { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME }, From abed84a0d53bac543771849af07a9a6254ce93b7 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Sun, 19 Feb 2017 20:04:57 -0600 Subject: [PATCH 21/59] Bluetooth: btrtl: Change message for missing config file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The message concerning missing config files for 8723b, 8821a, and 8761a should have been issued with BT_INFO() rather than BT_ERR() as this condition is not fatal. After looking at that code, I have reworked the logic to log such messages only if the device needs such a config file. At the moment, only the 8822b fits that description. Signed-off-by: Larry Finger Acked-by: 陆朱伟 Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btrtl.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c index fc9b25703c67..8279094dd713 100644 --- a/drivers/bluetooth/btrtl.c +++ b/drivers/bluetooth/btrtl.c @@ -275,11 +275,8 @@ static int rtl_load_config(struct hci_dev *hdev, const char *name, u8 **buff) BT_INFO("%s: rtl: loading %s", hdev->name, name); ret = request_firmware(&fw, name, &hdev->dev); - if (ret < 0) { - BT_ERR("%s: Failed to load %s", hdev->name, name); + if (ret < 0) return ret; - } - ret = fw->size; *buff = kmemdup(fw->data, ret, GFP_KERNEL); @@ -331,6 +328,7 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, u16 lmp_subver, u8 *cfg_buff = NULL; u8 *tbuff; char *cfg_name = NULL; + bool config_needed = false; switch (lmp_subver) { case RTL_ROM_LMP_8723B: @@ -344,6 +342,7 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, u16 lmp_subver, break; case RTL_ROM_LMP_8822B: cfg_name = "rtl_bt/rtl8822b_config.bin"; + config_needed = true; break; default: BT_ERR("%s: rtl: no config according to lmp_subver %04x", @@ -353,8 +352,12 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, u16 lmp_subver, if (cfg_name) { cfg_sz = rtl_load_config(hdev, cfg_name, &cfg_buff); - if (cfg_sz < 0) + if (cfg_sz < 0) { cfg_sz = 0; + if (config_needed) + BT_ERR("Necessary config file %s not found\n", + cfg_name); + } } else cfg_sz = 0; From 017789f37b9b5ade5850c9d81c33a5b2b91ef087 Mon Sep 17 00:00:00 2001 From: Jeffy Chen Date: Fri, 24 Feb 2017 14:24:29 +0800 Subject: [PATCH 22/59] Bluetooth: btusb: wake system up when receives a wake irq Currrently we are disabling this wake irq after receiving it. If this happens before we finish suspend and the pm event check is disabled, the system will continue suspending, and this irq would not work again. We may need to abort system suspend to avoid that. Signed-off-by: Jeffy Chen Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index eb78d235a34a..7fa373b428f8 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -2799,6 +2800,7 @@ static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) struct btusb_data *data = priv; pm_wakeup_event(&data->udev->dev, 0); + pm_system_wakeup(); /* Disable only if not already disabled (keep it balanced) */ if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { From 17e41ea6db92226df1acbe18e48b36bf59780d32 Mon Sep 17 00:00:00 2001 From: Jeffy Chen Date: Fri, 24 Feb 2017 14:24:30 +0800 Subject: [PATCH 23/59] Bluetooth: btmrvl: wake system up when receives a wake irq Currrently we are disabling this wake irq after receiving it. If this happens before we finish suspend and the pm event check is disabled, the system will continue suspending, and this irq would not work again. We may need to abort system suspend to avoid that. Signed-off-by: Jeffy Chen Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index 7d052ce2052b..e65ca19970ea 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -20,6 +20,7 @@ #include #include +#include #include #include @@ -60,7 +61,8 @@ static const struct of_device_id btmrvl_sdio_of_match_table[] = { static irqreturn_t btmrvl_wake_irq_bt(int irq, void *priv) { - struct btmrvl_plt_wake_cfg *cfg = priv; + struct btmrvl_sdio_card *card = priv; + struct btmrvl_plt_wake_cfg *cfg = card->plt_wake_cfg; if (cfg->irq_bt >= 0) { pr_info("%s: wake by bt", __func__); @@ -68,6 +70,9 @@ static irqreturn_t btmrvl_wake_irq_bt(int irq, void *priv) disable_irq_nosync(irq); } + pm_wakeup_event(&card->func->dev, 0); + pm_system_wakeup(); + return IRQ_HANDLED; } @@ -101,7 +106,7 @@ static int btmrvl_sdio_probe_of(struct device *dev, } else { ret = devm_request_irq(dev, cfg->irq_bt, btmrvl_wake_irq_bt, - 0, "bt_wake", cfg); + 0, "bt_wake", card); if (ret) { dev_err(dev, "Failed to request irq_bt %d (%d)\n", From 212d71833315c65644efc46223db61dee7b3c68e Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Fri, 10 Mar 2017 14:28:20 +0200 Subject: [PATCH 24/59] Bluetooth: hci_bcm: Support platform enumeration Until now the driver supports only ACPI enumeration. Nevertheless Intel Edison SoM has Broadcom Wi-Fi + BT chip and neither ACPI nor DT enumeration mechanism. Enable pure platform driver in order to support Intel Edison SoM. Cc: Jarkko Nikula Signed-off-by: Andy Shevchenko Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 50 ++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index c7d3c6842bcf..04fe5535a153 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -697,28 +697,14 @@ static int bcm_resource(struct acpi_resource *ares, void *data) /* Always tell the ACPI core to skip this resource */ return 1; } +#endif /* CONFIG_ACPI */ -static int bcm_acpi_probe(struct bcm_device *dev) +static int bcm_platform_probe(struct bcm_device *dev) { struct platform_device *pdev = dev->pdev; - LIST_HEAD(resources); - const struct dmi_system_id *dmi_id; - const struct acpi_gpio_mapping *gpio_mapping = acpi_bcm_int_last_gpios; - const struct acpi_device_id *id; - int ret; dev->name = dev_name(&pdev->dev); - /* Retrieve GPIO data */ - id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev); - if (id) - gpio_mapping = (const struct acpi_gpio_mapping *) id->driver_data; - - ret = acpi_dev_add_driver_gpios(ACPI_COMPANION(&pdev->dev), - gpio_mapping); - if (ret) - return ret; - dev->clk = devm_clk_get(&pdev->dev, NULL); dev->device_wakeup = devm_gpiod_get_optional(&pdev->dev, @@ -755,6 +741,33 @@ static int bcm_acpi_probe(struct bcm_device *dev) return -EINVAL; } + return 0; +} + +#ifdef CONFIG_ACPI +static int bcm_acpi_probe(struct bcm_device *dev) +{ + struct platform_device *pdev = dev->pdev; + LIST_HEAD(resources); + const struct dmi_system_id *dmi_id; + const struct acpi_gpio_mapping *gpio_mapping = acpi_bcm_int_last_gpios; + const struct acpi_device_id *id; + int ret; + + /* Retrieve GPIO data */ + id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev); + if (id) + gpio_mapping = (const struct acpi_gpio_mapping *) id->driver_data; + + ret = acpi_dev_add_driver_gpios(ACPI_COMPANION(&pdev->dev), + gpio_mapping); + if (ret) + return ret; + + ret = bcm_platform_probe(dev); + if (ret) + return ret; + /* Retrieve UART ACPI info */ ret = acpi_dev_get_resources(ACPI_COMPANION(&dev->pdev->dev), &resources, bcm_resource, dev); @@ -789,7 +802,10 @@ static int bcm_probe(struct platform_device *pdev) dev->pdev = pdev; - ret = bcm_acpi_probe(dev); + if (has_acpi_companion(&pdev->dev)) + ret = bcm_acpi_probe(dev); + else + ret = bcm_platform_probe(dev); if (ret) return ret; From ded845a781a578dfb0b5b2c138e5a067aa3b1242 Mon Sep 17 00:00:00 2001 From: Harry Morris Date: Tue, 28 Mar 2017 13:08:58 +0100 Subject: [PATCH 25/59] ieee802154: Add CA8210 IEEE 802.15.4 device driver Add driver source and config for softMAC implementation of Cascoda's CA8210 IEEE 802.15.4 transceiver device. The driver mimics a common PHY-only implementation despite the CA8210 being a hardMAC device which exposes a SAP interface to the fully integrated MAC. The chip is a modem-only device with an integrated processor which runs the 802.15.4 MAC. The chip communicates via full-duplex SPI with additional pins for NIRQ and NRESET. The chip can also output its 16MHz clock to a GPIO with a configurable divider. The driver can be configured to implement a debugfs node that provides access to the SAP-based API to drive mechanisms not currently supported by the standard kernel interface. Signed-off-by: Harry Morris Signed-off-by: Marcel Holtmann --- drivers/net/ieee802154/Kconfig | 22 + drivers/net/ieee802154/Makefile | 1 + drivers/net/ieee802154/ca8210.c | 3240 +++++++++++++++++++++++++++++++ 3 files changed, 3263 insertions(+) create mode 100644 drivers/net/ieee802154/ca8210.c diff --git a/drivers/net/ieee802154/Kconfig b/drivers/net/ieee802154/Kconfig index 3057a8df4ce9..ce4864dc3c6e 100644 --- a/drivers/net/ieee802154/Kconfig +++ b/drivers/net/ieee802154/Kconfig @@ -82,3 +82,25 @@ config IEEE802154_ADF7242 This driver can also be built as a module. To do so, say M here. the module will be called 'adf7242'. + +config IEEE802154_CA8210 + tristate "Cascoda CA8210 transceiver driver" + depends on IEEE802154_DRIVERS && MAC802154 + depends on SPI + select COMMON_CLK + ---help--- + Say Y here to enable the CA8210 SPI 802.15.4 wireless + controller. + + This driver can also be built as a module. To do so, say M here. + the module will be called 'ca8210'. + +config IEEE802154_CA8210_DEBUGFS + bool "CA8210 debugfs interface" + depends on IEEE802154_CA8210 + depends on DEBUG_FS + ---help--- + This option compiles debugfs code for the ca8210 driver. This + exposes a debugfs node for each CA8210 instance which allows + direct use of the Cascoda API, exposing the 802.15.4 MAC + management entities. diff --git a/drivers/net/ieee802154/Makefile b/drivers/net/ieee802154/Makefile index 3a923d339497..8374bb44a145 100644 --- a/drivers/net/ieee802154/Makefile +++ b/drivers/net/ieee802154/Makefile @@ -4,3 +4,4 @@ obj-$(CONFIG_IEEE802154_MRF24J40) += mrf24j40.o obj-$(CONFIG_IEEE802154_CC2520) += cc2520.o obj-$(CONFIG_IEEE802154_ATUSB) += atusb.o obj-$(CONFIG_IEEE802154_ADF7242) += adf7242.o +obj-$(CONFIG_IEEE802154_CA8210) += ca8210.o diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c new file mode 100644 index 000000000000..53fa87bfede0 --- /dev/null +++ b/drivers/net/ieee802154/ca8210.c @@ -0,0 +1,3240 @@ +/* + * http://www.cascoda.com/products/ca-821x/ + * Copyright (c) 2016, Cascoda, Ltd. + * All rights reserved. + * + * This code is dual-licensed under both GPLv2 and 3-clause BSD. What follows is + * the license notice for both respectively. + * + ******************************************************************************* + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + ******************************************************************************* + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * 3. Neither the name of the copyright holder nor the names of its contributors + * may be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#define DRIVER_NAME "ca8210" + +/* external clock frequencies */ +#define ONE_MHZ 1000000 +#define TWO_MHZ (2 * ONE_MHZ) +#define FOUR_MHZ (4 * ONE_MHZ) +#define EIGHT_MHZ (8 * ONE_MHZ) +#define SIXTEEN_MHZ (16 * ONE_MHZ) + +/* spi constants */ +#define CA8210_SPI_BUF_SIZE 256 +#define CA8210_SYNC_TIMEOUT 1000 /* Timeout for synchronous commands [ms] */ + +/* test interface constants */ +#define CA8210_TEST_INT_FILE_NAME "ca8210_test" +#define CA8210_TEST_INT_FIFO_SIZE 256 + +/* MAC status enumerations */ +#define MAC_SUCCESS (0x00) +#define MAC_ERROR (0x01) +#define MAC_CANCELLED (0x02) +#define MAC_READY_FOR_POLL (0x03) +#define MAC_COUNTER_ERROR (0xDB) +#define MAC_IMPROPER_KEY_TYPE (0xDC) +#define MAC_IMPROPER_SECURITY_LEVEL (0xDD) +#define MAC_UNSUPPORTED_LEGACY (0xDE) +#define MAC_UNSUPPORTED_SECURITY (0xDF) +#define MAC_BEACON_LOST (0xE0) +#define MAC_CHANNEL_ACCESS_FAILURE (0xE1) +#define MAC_DENIED (0xE2) +#define MAC_DISABLE_TRX_FAILURE (0xE3) +#define MAC_SECURITY_ERROR (0xE4) +#define MAC_FRAME_TOO_LONG (0xE5) +#define MAC_INVALID_GTS (0xE6) +#define MAC_INVALID_HANDLE (0xE7) +#define MAC_INVALID_PARAMETER (0xE8) +#define MAC_NO_ACK (0xE9) +#define MAC_NO_BEACON (0xEA) +#define MAC_NO_DATA (0xEB) +#define MAC_NO_SHORT_ADDRESS (0xEC) +#define MAC_OUT_OF_CAP (0xED) +#define MAC_PAN_ID_CONFLICT (0xEE) +#define MAC_REALIGNMENT (0xEF) +#define MAC_TRANSACTION_EXPIRED (0xF0) +#define MAC_TRANSACTION_OVERFLOW (0xF1) +#define MAC_TX_ACTIVE (0xF2) +#define MAC_UNAVAILABLE_KEY (0xF3) +#define MAC_UNSUPPORTED_ATTRIBUTE (0xF4) +#define MAC_INVALID_ADDRESS (0xF5) +#define MAC_ON_TIME_TOO_LONG (0xF6) +#define MAC_PAST_TIME (0xF7) +#define MAC_TRACKING_OFF (0xF8) +#define MAC_INVALID_INDEX (0xF9) +#define MAC_LIMIT_REACHED (0xFA) +#define MAC_READ_ONLY (0xFB) +#define MAC_SCAN_IN_PROGRESS (0xFC) +#define MAC_SUPERFRAME_OVERLAP (0xFD) +#define MAC_SYSTEM_ERROR (0xFF) + +/* HWME attribute IDs */ +#define HWME_EDTHRESHOLD (0x04) +#define HWME_EDVALUE (0x06) +#define HWME_SYSCLKOUT (0x0F) +#define HWME_LQILIMIT (0x11) + +/* TDME attribute IDs */ +#define TDME_CHANNEL (0x00) +#define TDME_ATM_CONFIG (0x06) + +#define MAX_HWME_ATTRIBUTE_SIZE 16 +#define MAX_TDME_ATTRIBUTE_SIZE 2 + +/* PHY/MAC PIB Attribute Enumerations */ +#define PHY_CURRENT_CHANNEL (0x00) +#define PHY_TRANSMIT_POWER (0x02) +#define PHY_CCA_MODE (0x03) +#define MAC_ASSOCIATION_PERMIT (0x41) +#define MAC_AUTO_REQUEST (0x42) +#define MAC_BATT_LIFE_EXT (0x43) +#define MAC_BATT_LIFE_EXT_PERIODS (0x44) +#define MAC_BEACON_PAYLOAD (0x45) +#define MAC_BEACON_PAYLOAD_LENGTH (0x46) +#define MAC_BEACON_ORDER (0x47) +#define MAC_GTS_PERMIT (0x4d) +#define MAC_MAX_CSMA_BACKOFFS (0x4e) +#define MAC_MIN_BE (0x4f) +#define MAC_PAN_ID (0x50) +#define MAC_PROMISCUOUS_MODE (0x51) +#define MAC_RX_ON_WHEN_IDLE (0x52) +#define MAC_SHORT_ADDRESS (0x53) +#define MAC_SUPERFRAME_ORDER (0x54) +#define MAC_ASSOCIATED_PAN_COORD (0x56) +#define MAC_MAX_BE (0x57) +#define MAC_MAX_FRAME_RETRIES (0x59) +#define MAC_RESPONSE_WAIT_TIME (0x5A) +#define MAC_SECURITY_ENABLED (0x5D) + +#define MAC_AUTO_REQUEST_SECURITY_LEVEL (0x78) +#define MAC_AUTO_REQUEST_KEY_ID_MODE (0x79) + +#define NS_IEEE_ADDRESS (0xFF) /* Non-standard IEEE address */ + +/* MAC Address Mode Definitions */ +#define MAC_MODE_NO_ADDR (0x00) +#define MAC_MODE_SHORT_ADDR (0x02) +#define MAC_MODE_LONG_ADDR (0x03) + +/* MAC constants */ +#define MAX_BEACON_OVERHEAD (75) +#define MAX_BEACON_PAYLOAD_LENGTH (IEEE802154_MTU - MAX_BEACON_OVERHEAD) + +#define MAX_ATTRIBUTE_SIZE (122) +#define MAX_DATA_SIZE (114) + +#define CA8210_VALID_CHANNELS (0x07FFF800) + +/* MAC workarounds for V1.1 and MPW silicon (V0.x) */ +#define CA8210_MAC_WORKAROUNDS (0) +#define CA8210_MAC_MPW (0) + +/* memory manipulation macros */ +#define LS_BYTE(x) ((u8)((x) & 0xFF)) +#define MS_BYTE(x) ((u8)(((x) >> 8) & 0xFF)) + +/* message ID codes in SPI commands */ +/* downstream */ +#define MCPS_DATA_REQUEST (0x00) +#define MLME_ASSOCIATE_REQUEST (0x02) +#define MLME_ASSOCIATE_RESPONSE (0x03) +#define MLME_DISASSOCIATE_REQUEST (0x04) +#define MLME_GET_REQUEST (0x05) +#define MLME_ORPHAN_RESPONSE (0x06) +#define MLME_RESET_REQUEST (0x07) +#define MLME_RX_ENABLE_REQUEST (0x08) +#define MLME_SCAN_REQUEST (0x09) +#define MLME_SET_REQUEST (0x0A) +#define MLME_START_REQUEST (0x0B) +#define MLME_POLL_REQUEST (0x0D) +#define HWME_SET_REQUEST (0x0E) +#define HWME_GET_REQUEST (0x0F) +#define TDME_SETSFR_REQUEST (0x11) +#define TDME_GETSFR_REQUEST (0x12) +#define TDME_SET_REQUEST (0x14) +/* upstream */ +#define MCPS_DATA_INDICATION (0x00) +#define MCPS_DATA_CONFIRM (0x01) +#define MLME_RESET_CONFIRM (0x0A) +#define MLME_SET_CONFIRM (0x0E) +#define MLME_START_CONFIRM (0x0F) +#define HWME_SET_CONFIRM (0x12) +#define HWME_GET_CONFIRM (0x13) +#define HWME_WAKEUP_INDICATION (0x15) +#define TDME_SETSFR_CONFIRM (0x17) + +/* SPI command IDs */ +/* bit indicating a confirm or indication from slave to master */ +#define SPI_S2M (0x20) +/* bit indicating a synchronous message */ +#define SPI_SYN (0x40) + +/* SPI command definitions */ +#define SPI_IDLE (0xFF) +#define SPI_NACK (0xF0) + +#define SPI_MCPS_DATA_REQUEST (MCPS_DATA_REQUEST) +#define SPI_MCPS_DATA_INDICATION (MCPS_DATA_INDICATION + SPI_S2M) +#define SPI_MCPS_DATA_CONFIRM (MCPS_DATA_CONFIRM + SPI_S2M) + +#define SPI_MLME_ASSOCIATE_REQUEST (MLME_ASSOCIATE_REQUEST) +#define SPI_MLME_RESET_REQUEST (MLME_RESET_REQUEST + SPI_SYN) +#define SPI_MLME_SET_REQUEST (MLME_SET_REQUEST + SPI_SYN) +#define SPI_MLME_START_REQUEST (MLME_START_REQUEST + SPI_SYN) +#define SPI_MLME_RESET_CONFIRM (MLME_RESET_CONFIRM + SPI_S2M + SPI_SYN) +#define SPI_MLME_SET_CONFIRM (MLME_SET_CONFIRM + SPI_S2M + SPI_SYN) +#define SPI_MLME_START_CONFIRM (MLME_START_CONFIRM + SPI_S2M + SPI_SYN) + +#define SPI_HWME_SET_REQUEST (HWME_SET_REQUEST + SPI_SYN) +#define SPI_HWME_GET_REQUEST (HWME_GET_REQUEST + SPI_SYN) +#define SPI_HWME_SET_CONFIRM (HWME_SET_CONFIRM + SPI_S2M + SPI_SYN) +#define SPI_HWME_GET_CONFIRM (HWME_GET_CONFIRM + SPI_S2M + SPI_SYN) +#define SPI_HWME_WAKEUP_INDICATION (HWME_WAKEUP_INDICATION + SPI_S2M) + +#define SPI_TDME_SETSFR_REQUEST (TDME_SETSFR_REQUEST + SPI_SYN) +#define SPI_TDME_SET_REQUEST (TDME_SET_REQUEST + SPI_SYN) +#define SPI_TDME_SETSFR_CONFIRM (TDME_SETSFR_CONFIRM + SPI_S2M + SPI_SYN) + +/* TDME SFR addresses */ +/* Page 0 */ +#define CA8210_SFR_PACFG (0xB1) +#define CA8210_SFR_MACCON (0xD8) +#define CA8210_SFR_PACFGIB (0xFE) +/* Page 1 */ +#define CA8210_SFR_LOTXCAL (0xBF) +#define CA8210_SFR_PTHRH (0xD1) +#define CA8210_SFR_PRECFG (0xD3) +#define CA8210_SFR_LNAGX40 (0xE1) +#define CA8210_SFR_LNAGX41 (0xE2) +#define CA8210_SFR_LNAGX42 (0xE3) +#define CA8210_SFR_LNAGX43 (0xE4) +#define CA8210_SFR_LNAGX44 (0xE5) +#define CA8210_SFR_LNAGX45 (0xE6) +#define CA8210_SFR_LNAGX46 (0xE7) +#define CA8210_SFR_LNAGX47 (0xE9) + +#define PACFGIB_DEFAULT_CURRENT (0x3F) +#define PTHRH_DEFAULT_THRESHOLD (0x5A) +#define LNAGX40_DEFAULT_GAIN (0x29) /* 10dB */ +#define LNAGX41_DEFAULT_GAIN (0x54) /* 21dB */ +#define LNAGX42_DEFAULT_GAIN (0x6C) /* 27dB */ +#define LNAGX43_DEFAULT_GAIN (0x7A) /* 30dB */ +#define LNAGX44_DEFAULT_GAIN (0x84) /* 33dB */ +#define LNAGX45_DEFAULT_GAIN (0x8B) /* 34dB */ +#define LNAGX46_DEFAULT_GAIN (0x92) /* 36dB */ +#define LNAGX47_DEFAULT_GAIN (0x96) /* 37dB */ + +#define CA8210_IOCTL_HARD_RESET (0x00) + +/* Structs/Enums */ + +/** + * struct cas_control - spi transfer structure + * @msg: spi_message for each exchange + * @transfer: spi_transfer for each exchange + * @tx_buf: source array for transmission + * @tx_in_buf: array storing bytes received during transmission + * @priv: pointer to private data + * + * This structure stores all the necessary data passed around during a single + * spi exchange. + */ +struct cas_control { + struct spi_message msg; + struct spi_transfer transfer; + + u8 tx_buf[CA8210_SPI_BUF_SIZE]; + u8 tx_in_buf[CA8210_SPI_BUF_SIZE]; + + struct ca8210_priv *priv; +}; + +/** + * struct ca8210_test - ca8210 test interface structure + * @ca8210_dfs_spi_int: pointer to the entry in the debug fs for this device + * @up_fifo: fifo for upstream messages + * + * This structure stores all the data pertaining to the debug interface + */ +struct ca8210_test { + struct dentry *ca8210_dfs_spi_int; + struct kfifo up_fifo; + wait_queue_head_t readq; +}; + +/** + * struct ca8210_priv - ca8210 private data structure + * @spi: pointer to the ca8210 spi device object + * @hw: pointer to the ca8210 ieee802154_hw object + * @hw_registered: true if hw has been registered with ieee802154 + * @lock: spinlock protecting the private data area + * @mlme_workqueue: workqueue for triggering MLME Reset + * @irq_workqueue: workqueue for irq processing + * @tx_skb: current socket buffer to transmit + * @nextmsduhandle: msdu handle to pass to the 15.4 MAC layer for the + * next transmission + * @clk: external clock provided by the ca8210 + * @last_dsn: sequence number of last data packet received, for + * resend detection + * @test: test interface data section for this instance + * @async_tx_pending: true if an asynchronous transmission was started and + * is not complete + * @sync_command_response: pointer to buffer to fill with sync response + * @ca8210_is_awake: nonzero if ca8210 is initialised, ready for comms + * @sync_down: counts number of downstream synchronous commands + * @sync_up: counts number of upstream synchronous commands + * @spi_transfer_complete completion object for a single spi_transfer + * @sync_exchange_complete completion object for a complete synchronous API + * exchange + * @promiscuous whether the ca8210 is in promiscuous mode or not + * @retries: records how many times the current pending spi + * transfer has been retried + */ +struct ca8210_priv { + struct spi_device *spi; + struct ieee802154_hw *hw; + bool hw_registered; + spinlock_t lock; + struct workqueue_struct *mlme_workqueue; + struct workqueue_struct *irq_workqueue; + struct sk_buff *tx_skb; + u8 nextmsduhandle; + struct clk *clk; + int last_dsn; + struct ca8210_test test; + bool async_tx_pending; + u8 *sync_command_response; + struct completion ca8210_is_awake; + int sync_down, sync_up; + struct completion spi_transfer_complete, sync_exchange_complete; + bool promiscuous; + int retries; +}; + +/** + * struct work_priv_container - link between a work object and the relevant + * device's private data + * @work: work object being executed + * @priv: device's private data section + * + */ +struct work_priv_container { + struct work_struct work; + struct ca8210_priv *priv; +}; + +/** + * struct ca8210_platform_data - ca8210 platform data structure + * @extclockenable: true if the external clock is to be enabled + * @extclockfreq: frequency of the external clock + * @extclockgpio: ca8210 output gpio of the external clock + * @gpio_reset: gpio number of ca8210 reset line + * @gpio_irq: gpio number of ca8210 interrupt line + * @irq_id: identifier for the ca8210 irq + * + */ +struct ca8210_platform_data { + bool extclockenable; + unsigned int extclockfreq; + unsigned int extclockgpio; + int gpio_reset; + int gpio_irq; + int irq_id; +}; + +/** + * struct fulladdr - full MAC addressing information structure + * @mode: address mode (none, short, extended) + * @pan_id: 16-bit LE pan id + * @address: LE address, variable length as specified by mode + * + */ +struct fulladdr { + u8 mode; + u8 pan_id[2]; + u8 address[8]; +}; + +/** + * union macaddr: generic MAC address container + * @short_addr: 16-bit short address + * @ieee_address: 64-bit extended address as LE byte array + * + */ +union macaddr { + u16 short_address; + u8 ieee_address[8]; +}; + +/** + * struct secspec: security specification for SAP commands + * @security_level: 0-7, controls level of authentication & encryption + * @key_id_mode: 0-3, specifies how to obtain key + * @key_source: extended key retrieval data + * @key_index: single-byte key identifier + * + */ +struct secspec { + u8 security_level; + u8 key_id_mode; + u8 key_source[8]; + u8 key_index; +}; + +/* downlink functions parameter set definitions */ +struct mcps_data_request_pset { + u8 src_addr_mode; + struct fulladdr dst; + u8 msdu_length; + u8 msdu_handle; + u8 tx_options; + u8 msdu[MAX_DATA_SIZE]; +}; + +struct mlme_set_request_pset { + u8 pib_attribute; + u8 pib_attribute_index; + u8 pib_attribute_length; + u8 pib_attribute_value[MAX_ATTRIBUTE_SIZE]; +}; + +struct hwme_set_request_pset { + u8 hw_attribute; + u8 hw_attribute_length; + u8 hw_attribute_value[MAX_HWME_ATTRIBUTE_SIZE]; +}; + +struct hwme_get_request_pset { + u8 hw_attribute; +}; + +struct tdme_setsfr_request_pset { + u8 sfr_page; + u8 sfr_address; + u8 sfr_value; +}; + +/* uplink functions parameter set definitions */ +struct hwme_set_confirm_pset { + u8 status; + u8 hw_attribute; +}; + +struct hwme_get_confirm_pset { + u8 status; + u8 hw_attribute; + u8 hw_attribute_length; + u8 hw_attribute_value[MAX_HWME_ATTRIBUTE_SIZE]; +}; + +struct tdme_setsfr_confirm_pset { + u8 status; + u8 sfr_page; + u8 sfr_address; +}; + +struct mac_message { + u8 command_id; + u8 length; + union { + struct mcps_data_request_pset data_req; + struct mlme_set_request_pset set_req; + struct hwme_set_request_pset hwme_set_req; + struct hwme_get_request_pset hwme_get_req; + struct tdme_setsfr_request_pset tdme_set_sfr_req; + struct hwme_set_confirm_pset hwme_set_cnf; + struct hwme_get_confirm_pset hwme_get_cnf; + struct tdme_setsfr_confirm_pset tdme_set_sfr_cnf; + u8 u8param; + u8 status; + u8 payload[148]; + } pdata; +}; + +union pa_cfg_sfr { + struct { + u8 bias_current_trim : 3; + u8 /* reserved */ : 1; + u8 buffer_capacitor_trim : 3; + u8 boost : 1; + }; + u8 paib; +}; + +struct preamble_cfg_sfr { + u8 timeout_symbols : 3; + u8 acquisition_symbols : 3; + u8 search_symbols : 2; +}; + +static int (*cascoda_api_upstream)( + const u8 *buf, + size_t len, + void *device_ref +); + +/** + * link_to_linux_err() - Translates an 802.15.4 return code into the closest + * linux error + * @link_status: 802.15.4 status code + * + * Return: 0 or Linux error code + */ +static int link_to_linux_err(int link_status) +{ + if (link_status < 0) { + /* status is already a Linux code */ + return link_status; + } + switch (link_status) { + case MAC_SUCCESS: + case MAC_REALIGNMENT: + return 0; + case MAC_IMPROPER_KEY_TYPE: + return -EKEYREJECTED; + case MAC_IMPROPER_SECURITY_LEVEL: + case MAC_UNSUPPORTED_LEGACY: + case MAC_DENIED: + return -EACCES; + case MAC_BEACON_LOST: + case MAC_NO_ACK: + case MAC_NO_BEACON: + return -ENETUNREACH; + case MAC_CHANNEL_ACCESS_FAILURE: + case MAC_TX_ACTIVE: + case MAC_SCAN_IN_PROGRESS: + return -EBUSY; + case MAC_DISABLE_TRX_FAILURE: + case MAC_OUT_OF_CAP: + return -EAGAIN; + case MAC_FRAME_TOO_LONG: + return -EMSGSIZE; + case MAC_INVALID_GTS: + case MAC_PAST_TIME: + return -EBADSLT; + case MAC_INVALID_HANDLE: + return -EBADMSG; + case MAC_INVALID_PARAMETER: + case MAC_UNSUPPORTED_ATTRIBUTE: + case MAC_ON_TIME_TOO_LONG: + case MAC_INVALID_INDEX: + return -EINVAL; + case MAC_NO_DATA: + return -ENODATA; + case MAC_NO_SHORT_ADDRESS: + return -EFAULT; + case MAC_PAN_ID_CONFLICT: + return -EADDRINUSE; + case MAC_TRANSACTION_EXPIRED: + return -ETIME; + case MAC_TRANSACTION_OVERFLOW: + return -ENOBUFS; + case MAC_UNAVAILABLE_KEY: + return -ENOKEY; + case MAC_INVALID_ADDRESS: + return -ENXIO; + case MAC_TRACKING_OFF: + case MAC_SUPERFRAME_OVERLAP: + return -EREMOTEIO; + case MAC_LIMIT_REACHED: + return -EDQUOT; + case MAC_READ_ONLY: + return -EROFS; + default: + return -EPROTO; + } +} + +/** + * ca8210_test_int_driver_write() - Writes a message to the test interface to be + * read by the userspace + * @buf: Buffer containing upstream message + * @len: length of message to write + * @spi: SPI device of message originator + * + * Return: 0 or linux error code + */ +static int ca8210_test_int_driver_write( + const u8 *buf, + size_t len, + void *spi +) +{ + struct ca8210_priv *priv = spi_get_drvdata(spi); + struct ca8210_test *test = &priv->test; + char *fifo_buffer; + int i; + + dev_dbg( + &priv->spi->dev, + "test_interface: Buffering upstream message:\n" + ); + for (i = 0; i < len; i++) + dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]); + + fifo_buffer = kmalloc(len, GFP_KERNEL); + memcpy(fifo_buffer, buf, len); + kfifo_in(&test->up_fifo, &fifo_buffer, 4); + wake_up_interruptible(&priv->test.readq); + + return 0; +} + +/* SPI Operation */ + +static int ca8210_net_rx( + struct ieee802154_hw *hw, + u8 *command, + size_t len +); +static u8 mlme_reset_request_sync( + u8 set_default_pib, + void *device_ref +); +static int ca8210_spi_transfer( + struct spi_device *spi, + const u8 *buf, + size_t len +); + +/** + * ca8210_reset_send() - Hard resets the ca8210 for a given time + * @spi: Pointer to target ca8210 spi device + * @ms: Milliseconds to hold the reset line low for + */ +static void ca8210_reset_send(struct spi_device *spi, unsigned int ms) +{ + struct ca8210_platform_data *pdata = spi->dev.platform_data; + struct ca8210_priv *priv = spi_get_drvdata(spi); + long status; + + gpio_set_value(pdata->gpio_reset, 0); + reinit_completion(&priv->ca8210_is_awake); + msleep(ms); + gpio_set_value(pdata->gpio_reset, 1); + priv->promiscuous = false; + + /* Wait until wakeup indication seen */ + status = wait_for_completion_interruptible_timeout( + &priv->ca8210_is_awake, + msecs_to_jiffies(CA8210_SYNC_TIMEOUT) + ); + if (status == 0) { + dev_crit( + &spi->dev, + "Fatal: No wakeup from ca8210 after reset!\n" + ); + } + + dev_dbg(&spi->dev, "Reset the device\n"); +} + +/** + * ca8210_mlme_reset_worker() - Resets the MLME, Called when the MAC OVERFLOW + * condition happens. + * @work: Pointer to work being executed + */ +static void ca8210_mlme_reset_worker(struct work_struct *work) +{ + struct work_priv_container *wpc = container_of( + work, + struct work_priv_container, + work + ); + struct ca8210_priv *priv = wpc->priv; + + mlme_reset_request_sync(0, priv->spi); + kfree(wpc); +} + +/** + * ca8210_rx_done() - Calls various message dispatches responding to a received + * command + * @arg: Pointer to the cas_control object for the relevant spi transfer + * + * Presents a received SAP command from the ca8210 to the Cascoda EVBME, test + * interface and network driver. + */ +static void ca8210_rx_done(struct cas_control *cas_ctl) +{ + u8 *buf; + u8 len; + struct work_priv_container *mlme_reset_wpc; + struct ca8210_priv *priv = cas_ctl->priv; + + buf = cas_ctl->tx_in_buf; + len = buf[1] + 2; + if (len > CA8210_SPI_BUF_SIZE) { + dev_crit( + &priv->spi->dev, + "Received packet len (%d) erroneously long\n", + len + ); + goto finish; + } + + if (buf[0] & SPI_SYN) { + if (priv->sync_command_response) { + memcpy(priv->sync_command_response, buf, len); + complete(&priv->sync_exchange_complete); + } else { + if (cascoda_api_upstream) + cascoda_api_upstream(buf, len, priv->spi); + priv->sync_up++; + } + } else { + if (cascoda_api_upstream) + cascoda_api_upstream(buf, len, priv->spi); + } + + ca8210_net_rx(priv->hw, buf, len); + if (buf[0] == SPI_MCPS_DATA_CONFIRM) { + if (buf[3] == MAC_TRANSACTION_OVERFLOW) { + dev_info( + &priv->spi->dev, + "Waiting for transaction overflow to stabilise...\n"); + msleep(2000); + dev_info( + &priv->spi->dev, + "Resetting MAC...\n"); + + mlme_reset_wpc = kmalloc( + sizeof(struct work_priv_container), + GFP_KERNEL + ); + INIT_WORK( + &mlme_reset_wpc->work, + ca8210_mlme_reset_worker + ); + mlme_reset_wpc->priv = priv; + queue_work(priv->mlme_workqueue, &mlme_reset_wpc->work); + } + } else if (buf[0] == SPI_HWME_WAKEUP_INDICATION) { + dev_notice( + &priv->spi->dev, + "Wakeup indication received, reason:\n" + ); + switch (buf[2]) { + case 0: + dev_notice( + &priv->spi->dev, + "Transceiver woken up from Power Up / System Reset\n" + ); + break; + case 1: + dev_notice( + &priv->spi->dev, + "Watchdog Timer Time-Out\n" + ); + break; + case 2: + dev_notice( + &priv->spi->dev, + "Transceiver woken up from Power-Off by Sleep Timer Time-Out\n"); + break; + case 3: + dev_notice( + &priv->spi->dev, + "Transceiver woken up from Power-Off by GPIO Activity\n" + ); + break; + case 4: + dev_notice( + &priv->spi->dev, + "Transceiver woken up from Standby by Sleep Timer Time-Out\n" + ); + break; + case 5: + dev_notice( + &priv->spi->dev, + "Transceiver woken up from Standby by GPIO Activity\n" + ); + break; + case 6: + dev_notice( + &priv->spi->dev, + "Sleep-Timer Time-Out in Active Mode\n" + ); + break; + default: + dev_warn(&priv->spi->dev, "Wakeup reason unknown\n"); + break; + } + complete(&priv->ca8210_is_awake); + } + +finish:; +} + +static int ca8210_remove(struct spi_device *spi_device); + +/** + * ca8210_spi_transfer_complete() - Called when a single spi transfer has + * completed + * @context: Pointer to the cas_control object for the finished transfer + */ +static void ca8210_spi_transfer_complete(void *context) +{ + struct cas_control *cas_ctl = context; + struct ca8210_priv *priv = cas_ctl->priv; + bool duplex_rx = false; + int i; + u8 retry_buffer[CA8210_SPI_BUF_SIZE]; + + if ( + cas_ctl->tx_in_buf[0] == SPI_NACK || + (cas_ctl->tx_in_buf[0] == SPI_IDLE && + cas_ctl->tx_in_buf[1] == SPI_NACK) + ) { + /* ca8210 is busy */ + dev_info(&priv->spi->dev, "ca8210 was busy during attempted write\n"); + if (cas_ctl->tx_buf[0] == SPI_IDLE) { + dev_warn( + &priv->spi->dev, + "IRQ servicing NACKd, dropping transfer\n" + ); + kfree(cas_ctl); + return; + } + if (priv->retries > 3) { + dev_err(&priv->spi->dev, "too many retries!\n"); + kfree(cas_ctl); + ca8210_remove(priv->spi); + return; + } + memcpy(retry_buffer, cas_ctl->tx_buf, CA8210_SPI_BUF_SIZE); + kfree(cas_ctl); + ca8210_spi_transfer( + priv->spi, + retry_buffer, + CA8210_SPI_BUF_SIZE + ); + priv->retries++; + dev_info(&priv->spi->dev, "retried spi write\n"); + return; + } else if ( + cas_ctl->tx_in_buf[0] != SPI_IDLE && + cas_ctl->tx_in_buf[0] != SPI_NACK + ) { + duplex_rx = true; + } + + if (duplex_rx) { + dev_dbg(&priv->spi->dev, "READ CMD DURING TX\n"); + for (i = 0; i < cas_ctl->tx_in_buf[1] + 2; i++) + dev_dbg( + &priv->spi->dev, + "%#03x\n", + cas_ctl->tx_in_buf[i] + ); + ca8210_rx_done(cas_ctl); + } + complete(&priv->spi_transfer_complete); + kfree(cas_ctl); + priv->retries = 0; +} + +/** + * ca8210_spi_transfer() - Initiate duplex spi transfer with ca8210 + * @spi: Pointer to spi device for transfer + * @buf: Octet array to send + * @len: length of the buffer being sent + * + * Return: 0 or linux error code + */ +static int ca8210_spi_transfer( + struct spi_device *spi, + const u8 *buf, + size_t len +) +{ + int i, status = 0; + struct ca8210_priv *priv = spi_get_drvdata(spi); + struct cas_control *cas_ctl; + + if (!spi) { + dev_crit( + &spi->dev, + "NULL spi device passed to ca8210_spi_transfer\n" + ); + return -ENODEV; + } + + reinit_completion(&priv->spi_transfer_complete); + + dev_dbg(&spi->dev, "ca8210_spi_transfer called\n"); + + cas_ctl = kmalloc( + sizeof(struct cas_control), + GFP_ATOMIC + ); + cas_ctl->priv = priv; + memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE); + memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE); + memcpy(cas_ctl->tx_buf, buf, len); + + for (i = 0; i < len; i++) + dev_dbg(&spi->dev, "%#03x\n", cas_ctl->tx_buf[i]); + + spi_message_init(&cas_ctl->msg); + + cas_ctl->transfer.tx_nbits = 1; /* 1 MOSI line */ + cas_ctl->transfer.rx_nbits = 1; /* 1 MISO line */ + cas_ctl->transfer.speed_hz = 0; /* Use device setting */ + cas_ctl->transfer.bits_per_word = 0; /* Use device setting */ + cas_ctl->transfer.tx_buf = cas_ctl->tx_buf; + cas_ctl->transfer.rx_buf = cas_ctl->tx_in_buf; + cas_ctl->transfer.delay_usecs = 0; + cas_ctl->transfer.cs_change = 0; + cas_ctl->transfer.len = sizeof(struct mac_message); + cas_ctl->msg.complete = ca8210_spi_transfer_complete; + cas_ctl->msg.context = cas_ctl; + + spi_message_add_tail( + &cas_ctl->transfer, + &cas_ctl->msg + ); + + status = spi_async(spi, &cas_ctl->msg); + if (status < 0) { + dev_crit( + &spi->dev, + "status %d from spi_sync in write\n", + status + ); + } + + return status; +} + +/** + * ca8210_spi_exchange() - Exchange API/SAP commands with the radio + * @buf: Octet array of command being sent downstream + * @len: length of buf + * @response: buffer for storing synchronous response + * @device_ref: spi_device pointer for ca8210 + * + * Effectively calls ca8210_spi_transfer to write buf[] to the spi, then for + * synchronous commands waits for the corresponding response to be read from + * the spi before returning. The response is written to the response parameter. + * + * Return: 0 or linux error code + */ +static int ca8210_spi_exchange( + const u8 *buf, + size_t len, + u8 *response, + void *device_ref +) +{ + int status = 0; + struct spi_device *spi = device_ref; + struct ca8210_priv *priv = spi->dev.driver_data; + long wait_remaining; + + if ((buf[0] & SPI_SYN) && response) { /* if sync wait for confirm */ + reinit_completion(&priv->sync_exchange_complete); + priv->sync_command_response = response; + } + + do { + reinit_completion(&priv->spi_transfer_complete); + status = ca8210_spi_transfer(priv->spi, buf, len); + if (status) { + dev_warn( + &spi->dev, + "spi write failed, returned %d\n", + status + ); + if (status == -EBUSY) + continue; + if (((buf[0] & SPI_SYN) && response)) + complete(&priv->sync_exchange_complete); + goto cleanup; + } + + wait_remaining = wait_for_completion_interruptible_timeout( + &priv->spi_transfer_complete, + msecs_to_jiffies(1000) + ); + if (wait_remaining == -ERESTARTSYS) { + status = -ERESTARTSYS; + } else if (wait_remaining == 0) { + dev_err( + &spi->dev, + "SPI downstream transfer timed out!\n" + ); + status = -ETIME; + goto cleanup; + } + } while (status < 0); + + if (!((buf[0] & SPI_SYN) && response)) + goto cleanup; + + wait_remaining = wait_for_completion_interruptible_timeout( + &priv->sync_exchange_complete, + msecs_to_jiffies(CA8210_SYNC_TIMEOUT) + ); + if (wait_remaining == -ERESTARTSYS) { + status = -ERESTARTSYS; + } else if (wait_remaining == 0) { + dev_err( + &spi->dev, + "Synchronous confirm timeout\n" + ); + status = -ETIME; + } + +cleanup: + priv->sync_command_response = NULL; + return status; +} + +/** + * ca8210_interrupt_handler() - Called when an irq is received from the ca8210 + * @irq: Id of the irq being handled + * @dev_id: Pointer passed by the system, pointing to the ca8210's private data + * + * This function is called when the irq line from the ca8210 is asserted, + * signifying that the ca8210 has a message to send upstream to us. Starts the + * asynchronous spi read. + * + * Return: irq return code + */ +static irqreturn_t ca8210_interrupt_handler(int irq, void *dev_id) +{ + struct ca8210_priv *priv = dev_id; + int status; + + dev_dbg(&priv->spi->dev, "irq: Interrupt occurred\n"); + do { + status = ca8210_spi_transfer(priv->spi, NULL, 0); + if (status && (status != -EBUSY)) { + dev_warn( + &priv->spi->dev, + "spi read failed, returned %d\n", + status + ); + } + } while (status == -EBUSY); + return IRQ_HANDLED; +} + +static int (*cascoda_api_downstream)( + const u8 *buf, + size_t len, + u8 *response, + void *device_ref +) = ca8210_spi_exchange; + +/* Cascoda API / 15.4 SAP Primitives */ + +/** + * tdme_setsfr_request_sync() - TDME_SETSFR_request/confirm according to API + * @sfr_page: SFR Page + * @sfr_address: SFR Address + * @sfr_value: SFR Value + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of TDME-SETSFR.confirm + */ +static u8 tdme_setsfr_request_sync( + u8 sfr_page, + u8 sfr_address, + u8 sfr_value, + void *device_ref +) +{ + int ret; + struct mac_message command, response; + struct spi_device *spi = device_ref; + + command.command_id = SPI_TDME_SETSFR_REQUEST; + command.length = 3; + command.pdata.tdme_set_sfr_req.sfr_page = sfr_page; + command.pdata.tdme_set_sfr_req.sfr_address = sfr_address; + command.pdata.tdme_set_sfr_req.sfr_value = sfr_value; + response.command_id = SPI_IDLE; + ret = cascoda_api_downstream( + &command.command_id, + command.length + 2, + &response.command_id, + device_ref + ); + if (ret) { + dev_crit(&spi->dev, "cascoda_api_downstream returned %d", ret); + return MAC_SYSTEM_ERROR; + } + + if (response.command_id != SPI_TDME_SETSFR_CONFIRM) { + dev_crit( + &spi->dev, + "sync response to SPI_TDME_SETSFR_REQUEST was not SPI_TDME_SETSFR_CONFIRM, it was %d\n", + response.command_id + ); + return MAC_SYSTEM_ERROR; + } + + return response.pdata.tdme_set_sfr_cnf.status; +} + +/** + * tdme_chipinit() - TDME Chip Register Default Initialisation Macro + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of API calls + */ +static u8 tdme_chipinit(void *device_ref) +{ + u8 status = MAC_SUCCESS; + u8 sfr_address; + struct spi_device *spi = device_ref; + struct preamble_cfg_sfr pre_cfg_value = { + .timeout_symbols = 3, + .acquisition_symbols = 3, + .search_symbols = 1, + }; + /* LNA Gain Settings */ + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX40), + LNAGX40_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX41), + LNAGX41_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX42), + LNAGX42_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX43), + LNAGX43_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX44), + LNAGX44_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX45), + LNAGX45_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX46), + LNAGX46_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_LNAGX47), + LNAGX47_DEFAULT_GAIN, device_ref); + if (status) + goto finish; + /* Preamble Timing Config */ + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_PRECFG), + *((u8 *)&pre_cfg_value), device_ref); + if (status) + goto finish; + /* Preamble Threshold High */ + status = tdme_setsfr_request_sync( + 1, (sfr_address = CA8210_SFR_PTHRH), + PTHRH_DEFAULT_THRESHOLD, device_ref); + if (status) + goto finish; + /* Tx Output Power 8 dBm */ + status = tdme_setsfr_request_sync( + 0, (sfr_address = CA8210_SFR_PACFGIB), + PACFGIB_DEFAULT_CURRENT, device_ref); + if (status) + goto finish; + +finish: + if (status != MAC_SUCCESS) { + dev_err( + &spi->dev, + "failed to set sfr at %#03x, status = %#03x\n", + sfr_address, + status + ); + } + return status; +} + +/** + * tdme_channelinit() - TDME Channel Register Default Initialisation Macro (Tx) + * @channel: 802.15.4 channel to initialise chip for + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of API calls + */ +static u8 tdme_channelinit(u8 channel, void *device_ref) +{ + /* Transceiver front-end local oscillator tx two-point calibration + * value. Tuned for the hardware. + */ + u8 txcalval; + + if (channel >= 25) + txcalval = 0xA7; + else if (channel >= 23) + txcalval = 0xA8; + else if (channel >= 22) + txcalval = 0xA9; + else if (channel >= 20) + txcalval = 0xAA; + else if (channel >= 17) + txcalval = 0xAB; + else if (channel >= 16) + txcalval = 0xAC; + else if (channel >= 14) + txcalval = 0xAD; + else if (channel >= 12) + txcalval = 0xAE; + else + txcalval = 0xAF; + + return tdme_setsfr_request_sync( + 1, + CA8210_SFR_LOTXCAL, + txcalval, + device_ref + ); /* LO Tx Cal */ +} + +/** + * tdme_checkpibattribute() - Checks Attribute Values that are not checked in + * MAC + * @pib_attribute: Attribute Number + * @pib_attribute_length: Attribute length + * @pib_attribute_value: Pointer to Attribute Value + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of checks + */ +static u8 tdme_checkpibattribute( + u8 pib_attribute, + u8 pib_attribute_length, + const void *pib_attribute_value +) +{ + u8 status = MAC_SUCCESS; + u8 value; + + value = *((u8 *)pib_attribute_value); + + switch (pib_attribute) { + /* PHY */ + case PHY_TRANSMIT_POWER: + if (value > 0x3F) + status = MAC_INVALID_PARAMETER; + break; + case PHY_CCA_MODE: + if (value > 0x03) + status = MAC_INVALID_PARAMETER; + break; + /* MAC */ + case MAC_BATT_LIFE_EXT_PERIODS: + if ((value < 6) || (value > 41)) + status = MAC_INVALID_PARAMETER; + break; + case MAC_BEACON_PAYLOAD: + if (pib_attribute_length > MAX_BEACON_PAYLOAD_LENGTH) + status = MAC_INVALID_PARAMETER; + break; + case MAC_BEACON_PAYLOAD_LENGTH: + if (value > MAX_BEACON_PAYLOAD_LENGTH) + status = MAC_INVALID_PARAMETER; + break; + case MAC_BEACON_ORDER: + if (value > 15) + status = MAC_INVALID_PARAMETER; + break; + case MAC_MAX_BE: + if ((value < 3) || (value > 8)) + status = MAC_INVALID_PARAMETER; + break; + case MAC_MAX_CSMA_BACKOFFS: + if (value > 5) + status = MAC_INVALID_PARAMETER; + break; + case MAC_MAX_FRAME_RETRIES: + if (value > 7) + status = MAC_INVALID_PARAMETER; + break; + case MAC_MIN_BE: + if (value > 8) + status = MAC_INVALID_PARAMETER; + break; + case MAC_RESPONSE_WAIT_TIME: + if ((value < 2) || (value > 64)) + status = MAC_INVALID_PARAMETER; + break; + case MAC_SUPERFRAME_ORDER: + if (value > 15) + status = MAC_INVALID_PARAMETER; + break; + /* boolean */ + case MAC_ASSOCIATED_PAN_COORD: + case MAC_ASSOCIATION_PERMIT: + case MAC_AUTO_REQUEST: + case MAC_BATT_LIFE_EXT: + case MAC_GTS_PERMIT: + case MAC_PROMISCUOUS_MODE: + case MAC_RX_ON_WHEN_IDLE: + case MAC_SECURITY_ENABLED: + if (value > 1) + status = MAC_INVALID_PARAMETER; + break; + /* MAC SEC */ + case MAC_AUTO_REQUEST_SECURITY_LEVEL: + if (value > 7) + status = MAC_INVALID_PARAMETER; + break; + case MAC_AUTO_REQUEST_KEY_ID_MODE: + if (value > 3) + status = MAC_INVALID_PARAMETER; + break; + default: + break; + } + + return status; +} + +/** + * tdme_settxpower() - Sets the tx power for MLME_SET phyTransmitPower + * @txp: Transmit Power + * @device_ref: Nondescript pointer to target device + * + * Normalised to 802.15.4 Definition (6-bit, signed): + * Bit 7-6: not used + * Bit 5-0: tx power (-32 - +31 dB) + * + * Return: 802.15.4 status code of api calls + */ +static u8 tdme_settxpower(u8 txp, void *device_ref) +{ + u8 status; + s8 txp_val; + u8 txp_ext; + union pa_cfg_sfr pa_cfg_val; + + /* extend from 6 to 8 bit */ + txp_ext = 0x3F & txp; + if (txp_ext & 0x20) + txp_ext += 0xC0; + txp_val = (s8)txp_ext; + + if (CA8210_MAC_MPW) { + if (txp_val > 0) { + /* 8 dBm: ptrim = 5, itrim = +3 => +4 dBm */ + pa_cfg_val.bias_current_trim = 3; + pa_cfg_val.buffer_capacitor_trim = 5; + pa_cfg_val.boost = 1; + } else { + /* 0 dBm: ptrim = 7, itrim = +3 => -6 dBm */ + pa_cfg_val.bias_current_trim = 3; + pa_cfg_val.buffer_capacitor_trim = 7; + pa_cfg_val.boost = 0; + } + /* write PACFG */ + status = tdme_setsfr_request_sync( + 0, + CA8210_SFR_PACFG, + pa_cfg_val.paib, + device_ref + ); + } else { + /* Look-Up Table for Setting Current and Frequency Trim values + * for desired Output Power + */ + if (txp_val > 8) { + pa_cfg_val.paib = 0x3F; + } else if (txp_val == 8) { + pa_cfg_val.paib = 0x32; + } else if (txp_val == 7) { + pa_cfg_val.paib = 0x22; + } else if (txp_val == 6) { + pa_cfg_val.paib = 0x18; + } else if (txp_val == 5) { + pa_cfg_val.paib = 0x10; + } else if (txp_val == 4) { + pa_cfg_val.paib = 0x0C; + } else if (txp_val == 3) { + pa_cfg_val.paib = 0x08; + } else if (txp_val == 2) { + pa_cfg_val.paib = 0x05; + } else if (txp_val == 1) { + pa_cfg_val.paib = 0x03; + } else if (txp_val == 0) { + pa_cfg_val.paib = 0x01; + } else { /* < 0 */ + pa_cfg_val.paib = 0x00; + } + /* write PACFGIB */ + status = tdme_setsfr_request_sync( + 0, + CA8210_SFR_PACFGIB, + pa_cfg_val.paib, + device_ref + ); + } + + return status; +} + +/** + * mcps_data_request() - mcps_data_request (Send Data) according to API Spec + * @src_addr_mode: Source Addressing Mode + * @dst_address_mode: Destination Addressing Mode + * @dst_pan_id: Destination PAN ID + * @dst_addr: Pointer to Destination Address + * @msdu_length: length of Data + * @msdu: Pointer to Data + * @msdu_handle: Handle of Data + * @tx_options: Tx Options Bit Field + * @security: Pointer to Security Structure or NULL + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of action + */ +static u8 mcps_data_request( + u8 src_addr_mode, + u8 dst_address_mode, + u16 dst_pan_id, + union macaddr *dst_addr, + u8 msdu_length, + u8 *msdu, + u8 msdu_handle, + u8 tx_options, + struct secspec *security, + void *device_ref +) +{ + struct secspec *psec; + struct mac_message command; + + command.command_id = SPI_MCPS_DATA_REQUEST; + command.pdata.data_req.src_addr_mode = src_addr_mode; + command.pdata.data_req.dst.mode = dst_address_mode; + if (dst_address_mode != MAC_MODE_NO_ADDR) { + command.pdata.data_req.dst.pan_id[0] = LS_BYTE(dst_pan_id); + command.pdata.data_req.dst.pan_id[1] = MS_BYTE(dst_pan_id); + if (dst_address_mode == MAC_MODE_SHORT_ADDR) { + command.pdata.data_req.dst.address[0] = LS_BYTE( + dst_addr->short_address + ); + command.pdata.data_req.dst.address[1] = MS_BYTE( + dst_addr->short_address + ); + } else { /* MAC_MODE_LONG_ADDR*/ + memcpy( + command.pdata.data_req.dst.address, + dst_addr->ieee_address, + 8 + ); + } + } + command.pdata.data_req.msdu_length = msdu_length; + command.pdata.data_req.msdu_handle = msdu_handle; + command.pdata.data_req.tx_options = tx_options; + memcpy(command.pdata.data_req.msdu, msdu, msdu_length); + psec = (struct secspec *)(command.pdata.data_req.msdu + msdu_length); + command.length = sizeof(struct mcps_data_request_pset) - + MAX_DATA_SIZE + msdu_length; + if (!security || (security->security_level == 0)) { + psec->security_level = 0; + command.length += 1; + } else { + *psec = *security; + command.length += sizeof(struct secspec); + } + + if (ca8210_spi_transfer(device_ref, &command.command_id, + command.length + 2)) + return MAC_SYSTEM_ERROR; + + return MAC_SUCCESS; +} + +/** + * mlme_reset_request_sync() - MLME_RESET_request/confirm according to API Spec + * @set_default_pib: Set defaults in PIB + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of MLME-RESET.confirm + */ +static u8 mlme_reset_request_sync( + u8 set_default_pib, + void *device_ref +) +{ + u8 status; + struct mac_message command, response; + struct spi_device *spi = device_ref; + + command.command_id = SPI_MLME_RESET_REQUEST; + command.length = 1; + command.pdata.u8param = set_default_pib; + + if (cascoda_api_downstream( + &command.command_id, + command.length + 2, + &response.command_id, + device_ref)) { + dev_err(&spi->dev, "cascoda_api_downstream failed\n"); + return MAC_SYSTEM_ERROR; + } + + if (response.command_id != SPI_MLME_RESET_CONFIRM) + return MAC_SYSTEM_ERROR; + + status = response.pdata.status; + + /* reset COORD Bit for Channel Filtering as Coordinator */ + if (CA8210_MAC_WORKAROUNDS && set_default_pib && (!status)) { + status = tdme_setsfr_request_sync( + 0, + CA8210_SFR_MACCON, + 0, + device_ref + ); + } + + return status; +} + +/** + * mlme_set_request_sync() - MLME_SET_request/confirm according to API Spec + * @pib_attribute: Attribute Number + * @pib_attribute_index: Index within Attribute if an Array + * @pib_attribute_length: Attribute length + * @pib_attribute_value: Pointer to Attribute Value + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of MLME-SET.confirm + */ +static u8 mlme_set_request_sync( + u8 pib_attribute, + u8 pib_attribute_index, + u8 pib_attribute_length, + const void *pib_attribute_value, + void *device_ref +) +{ + u8 status; + struct mac_message command, response; + + /* pre-check the validity of pib_attribute values that are not checked + * in MAC + */ + if (tdme_checkpibattribute( + pib_attribute, pib_attribute_length, pib_attribute_value)) { + return MAC_INVALID_PARAMETER; + } + + if (pib_attribute == PHY_CURRENT_CHANNEL) { + status = tdme_channelinit( + *((u8 *)pib_attribute_value), + device_ref + ); + if (status) + return status; + } + + if (pib_attribute == PHY_TRANSMIT_POWER) { + return tdme_settxpower( + *((u8 *)pib_attribute_value), + device_ref + ); + } + + command.command_id = SPI_MLME_SET_REQUEST; + command.length = sizeof(struct mlme_set_request_pset) - + MAX_ATTRIBUTE_SIZE + pib_attribute_length; + command.pdata.set_req.pib_attribute = pib_attribute; + command.pdata.set_req.pib_attribute_index = pib_attribute_index; + command.pdata.set_req.pib_attribute_length = pib_attribute_length; + memcpy( + command.pdata.set_req.pib_attribute_value, + pib_attribute_value, + pib_attribute_length + ); + + if (cascoda_api_downstream( + &command.command_id, + command.length + 2, + &response.command_id, + device_ref)) { + return MAC_SYSTEM_ERROR; + } + + if (response.command_id != SPI_MLME_SET_CONFIRM) + return MAC_SYSTEM_ERROR; + + return response.pdata.status; +} + +/** + * hwme_set_request_sync() - HWME_SET_request/confirm according to API Spec + * @hw_attribute: Attribute Number + * @hw_attribute_length: Attribute length + * @hw_attribute_value: Pointer to Attribute Value + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of HWME-SET.confirm + */ +static u8 hwme_set_request_sync( + u8 hw_attribute, + u8 hw_attribute_length, + u8 *hw_attribute_value, + void *device_ref +) +{ + struct mac_message command, response; + + command.command_id = SPI_HWME_SET_REQUEST; + command.length = 2 + hw_attribute_length; + command.pdata.hwme_set_req.hw_attribute = hw_attribute; + command.pdata.hwme_set_req.hw_attribute_length = hw_attribute_length; + memcpy( + command.pdata.hwme_set_req.hw_attribute_value, + hw_attribute_value, + hw_attribute_length + ); + + if (cascoda_api_downstream( + &command.command_id, + command.length + 2, + &response.command_id, + device_ref)) { + return MAC_SYSTEM_ERROR; + } + + if (response.command_id != SPI_HWME_SET_CONFIRM) + return MAC_SYSTEM_ERROR; + + return response.pdata.hwme_set_cnf.status; +} + +/** + * hwme_get_request_sync() - HWME_GET_request/confirm according to API Spec + * @hw_attribute: Attribute Number + * @hw_attribute_length: Attribute length + * @hw_attribute_value: Pointer to Attribute Value + * @device_ref: Nondescript pointer to target device + * + * Return: 802.15.4 status code of HWME-GET.confirm + */ +static u8 hwme_get_request_sync( + u8 hw_attribute, + u8 *hw_attribute_length, + u8 *hw_attribute_value, + void *device_ref +) +{ + struct mac_message command, response; + + command.command_id = SPI_HWME_GET_REQUEST; + command.length = 1; + command.pdata.hwme_get_req.hw_attribute = hw_attribute; + + if (cascoda_api_downstream( + &command.command_id, + command.length + 2, + &response.command_id, + device_ref)) { + return MAC_SYSTEM_ERROR; + } + + if (response.command_id != SPI_HWME_GET_CONFIRM) + return MAC_SYSTEM_ERROR; + + if (response.pdata.hwme_get_cnf.status == MAC_SUCCESS) { + *hw_attribute_length = + response.pdata.hwme_get_cnf.hw_attribute_length; + memcpy( + hw_attribute_value, + response.pdata.hwme_get_cnf.hw_attribute_value, + *hw_attribute_length + ); + } + + return response.pdata.hwme_get_cnf.status; +} + +/* Network driver operation */ + +/** + * ca8210_async_xmit_complete() - Called to announce that an asynchronous + * transmission has finished + * @hw: ieee802154_hw of ca8210 that has finished exchange + * @msduhandle: Identifier of transmission that has completed + * @status: Returned 802.15.4 status code of the transmission + * + * Return: 0 or linux error code + */ +static int ca8210_async_xmit_complete( + struct ieee802154_hw *hw, + u8 msduhandle, + u8 status) +{ + struct ca8210_priv *priv = hw->priv; + + if (priv->nextmsduhandle != msduhandle) { + dev_err( + &priv->spi->dev, + "Unexpected msdu_handle on data confirm, Expected %d, got %d\n", + priv->nextmsduhandle, + msduhandle + ); + return -EIO; + } + + priv->async_tx_pending = false; + priv->nextmsduhandle++; + + if (status) { + dev_err( + &priv->spi->dev, + "Link transmission unsuccessful, status = %d\n", + status + ); + if (status != MAC_TRANSACTION_OVERFLOW) { + ieee802154_wake_queue(priv->hw); + return 0; + } + } + ieee802154_xmit_complete(priv->hw, priv->tx_skb, true); + + return 0; +} + +/** + * ca8210_skb_rx() - Contructs a properly framed socket buffer from a received + * MCPS_DATA_indication + * @hw: ieee802154_hw that MCPS_DATA_indication was received by + * @len: length of MCPS_DATA_indication + * @data_ind: Octet array of MCPS_DATA_indication + * + * Called by the spi driver whenever a SAP command is received, this function + * will ascertain whether the command is of interest to the network driver and + * take necessary action. + * + * Return: 0 or linux error code + */ +static int ca8210_skb_rx( + struct ieee802154_hw *hw, + size_t len, + u8 *data_ind +) +{ + struct ieee802154_hdr hdr; + int msdulen; + int hlen; + u8 mpdulinkquality = data_ind[23]; + struct sk_buff *skb; + struct ca8210_priv *priv = hw->priv; + + /* Allocate mtu size buffer for every rx packet */ + skb = dev_alloc_skb(IEEE802154_MTU + sizeof(hdr)); + if (!skb) { + dev_crit(&priv->spi->dev, "dev_alloc_skb failed\n"); + return -ENOMEM; + } + skb_reserve(skb, sizeof(hdr)); + + msdulen = data_ind[22]; /* msdu_length */ + if (msdulen > IEEE802154_MTU) { + dev_err( + &priv->spi->dev, + "received erroneously large msdu length!\n" + ); + kfree_skb(skb); + return -EMSGSIZE; + } + dev_dbg(&priv->spi->dev, "skb buffer length = %d\n", msdulen); + + if (priv->promiscuous) + goto copy_payload; + + /* Populate hdr */ + hdr.sec.level = data_ind[29 + msdulen]; + dev_dbg(&priv->spi->dev, "security level: %#03x\n", hdr.sec.level); + if (hdr.sec.level > 0) { + hdr.sec.key_id_mode = data_ind[30 + msdulen]; + memcpy(&hdr.sec.extended_src, &data_ind[31 + msdulen], 8); + hdr.sec.key_id = data_ind[39 + msdulen]; + } + hdr.source.mode = data_ind[0]; + dev_dbg(&priv->spi->dev, "srcAddrMode: %#03x\n", hdr.source.mode); + hdr.source.pan_id = *(u16 *)&data_ind[1]; + dev_dbg(&priv->spi->dev, "srcPanId: %#06x\n", hdr.source.pan_id); + memcpy(&hdr.source.extended_addr, &data_ind[3], 8); + hdr.dest.mode = data_ind[11]; + dev_dbg(&priv->spi->dev, "dstAddrMode: %#03x\n", hdr.dest.mode); + hdr.dest.pan_id = *(u16 *)&data_ind[12]; + dev_dbg(&priv->spi->dev, "dstPanId: %#06x\n", hdr.dest.pan_id); + memcpy(&hdr.dest.extended_addr, &data_ind[14], 8); + + /* Fill in FC implicitly */ + hdr.fc.type = 1; /* Data frame */ + if (hdr.sec.level) + hdr.fc.security_enabled = 1; + else + hdr.fc.security_enabled = 0; + if (data_ind[1] != data_ind[12] || data_ind[2] != data_ind[13]) + hdr.fc.intra_pan = 1; + else + hdr.fc.intra_pan = 0; + hdr.fc.dest_addr_mode = hdr.dest.mode; + hdr.fc.source_addr_mode = hdr.source.mode; + + /* Add hdr to front of buffer */ + hlen = ieee802154_hdr_push(skb, &hdr); + + if (hlen < 0) { + dev_crit(&priv->spi->dev, "failed to push mac hdr onto skb!\n"); + kfree_skb(skb); + return hlen; + } + + skb_reset_mac_header(skb); + skb->mac_len = hlen; + +copy_payload: + /* Add bytes of space to the back of the buffer */ + /* Copy msdu to skb */ + memcpy(skb_put(skb, msdulen), &data_ind[29], msdulen); + + ieee802154_rx_irqsafe(hw, skb, mpdulinkquality); + return 0; +} + +/** + * ca8210_net_rx() - Acts upon received SAP commands relevant to the network + * driver + * @hw: ieee802154_hw that command was received by + * @command: Octet array of received command + * @len: length of the received command + * + * Called by the spi driver whenever a SAP command is received, this function + * will ascertain whether the command is of interest to the network driver and + * take necessary action. + * + * Return: 0 or linux error code + */ +static int ca8210_net_rx(struct ieee802154_hw *hw, u8 *command, size_t len) +{ + struct ca8210_priv *priv = hw->priv; + unsigned long flags; + u8 status; + + dev_dbg(&priv->spi->dev, "ca8210_net_rx(), CmdID = %d\n", command[0]); + + if (command[0] == SPI_MCPS_DATA_INDICATION) { + /* Received data */ + spin_lock_irqsave(&priv->lock, flags); + if (command[26] == priv->last_dsn) { + dev_dbg( + &priv->spi->dev, + "DSN %d resend received, ignoring...\n", + command[26] + ); + spin_unlock_irqrestore(&priv->lock, flags); + return 0; + } + priv->last_dsn = command[26]; + spin_unlock_irqrestore(&priv->lock, flags); + return ca8210_skb_rx(hw, len - 2, command + 2); + } else if (command[0] == SPI_MCPS_DATA_CONFIRM) { + status = command[3]; + if (priv->async_tx_pending) { + return ca8210_async_xmit_complete( + hw, + command[2], + status + ); + } + } + + return 0; +} + +/** + * ca8210_skb_tx() - Transmits a given socket buffer using the ca8210 + * @skb: Socket buffer to transmit + * @msduhandle: Data identifier to pass to the 802.15.4 MAC + * @priv: Pointer to private data section of target ca8210 + * + * Return: 0 or linux error code + */ +static int ca8210_skb_tx( + struct sk_buff *skb, + u8 msduhandle, + struct ca8210_priv *priv +) +{ + int status; + struct ieee802154_hdr header = { 0 }; + struct secspec secspec; + unsigned int mac_len; + + dev_dbg(&priv->spi->dev, "ca8210_skb_tx() called\n"); + + /* Get addressing info from skb - ieee802154 layer creates a full + * packet + */ + mac_len = ieee802154_hdr_peek_addrs(skb, &header); + + secspec.security_level = header.sec.level; + secspec.key_id_mode = header.sec.key_id_mode; + if (secspec.key_id_mode == 2) + memcpy(secspec.key_source, &header.sec.short_src, 4); + else if (secspec.key_id_mode == 3) + memcpy(secspec.key_source, &header.sec.extended_src, 8); + secspec.key_index = header.sec.key_id; + + /* Pass to Cascoda API */ + status = mcps_data_request( + header.source.mode, + header.dest.mode, + header.dest.pan_id, + (union macaddr *)&header.dest.extended_addr, + skb->len - mac_len, + &skb->data[mac_len], + msduhandle, + header.fc.ack_request, + &secspec, + priv->spi + ); + return link_to_linux_err(status); +} + +/** + * ca8210_start() - Starts the network driver + * @hw: ieee802154_hw of ca8210 being started + * + * Return: 0 or linux error code + */ +static int ca8210_start(struct ieee802154_hw *hw) +{ + int status; + u8 rx_on_when_idle; + u8 lqi_threshold = 0; + struct ca8210_priv *priv = hw->priv; + + priv->last_dsn = -1; + /* Turn receiver on when idle for now just to test rx */ + rx_on_when_idle = 1; + status = mlme_set_request_sync( + MAC_RX_ON_WHEN_IDLE, + 0, + 1, + &rx_on_when_idle, + priv->spi + ); + if (status) { + dev_crit( + &priv->spi->dev, + "Setting rx_on_when_idle failed, status = %d\n", + status + ); + return link_to_linux_err(status); + } + status = hwme_set_request_sync( + HWME_LQILIMIT, + 1, + &lqi_threshold, + priv->spi + ); + if (status) { + dev_crit( + &priv->spi->dev, + "Setting lqilimit failed, status = %d\n", + status + ); + return link_to_linux_err(status); + } + + return 0; +} + +/** + * ca8210_stop() - Stops the network driver + * @hw: ieee802154_hw of ca8210 being stopped + * + * Return: 0 or linux error code + */ +static void ca8210_stop(struct ieee802154_hw *hw) +{ +} + +/** + * ca8210_xmit_async() - Asynchronously transmits a given socket buffer using + * the ca8210 + * @hw: ieee802154_hw of ca8210 to transmit from + * @skb: Socket buffer to transmit + * + * Return: 0 or linux error code + */ +static int ca8210_xmit_async(struct ieee802154_hw *hw, struct sk_buff *skb) +{ + struct ca8210_priv *priv = hw->priv; + int status; + + dev_dbg(&priv->spi->dev, "calling ca8210_xmit_async()\n"); + + priv->tx_skb = skb; + priv->async_tx_pending = true; + status = ca8210_skb_tx(skb, priv->nextmsduhandle, priv); + return status; +} + +/** + * ca8210_get_ed() - Returns the measured energy on the current channel at this + * instant in time + * @hw: ieee802154_hw of target ca8210 + * @level: Measured Energy Detect level + * + * Return: 0 or linux error code + */ +static int ca8210_get_ed(struct ieee802154_hw *hw, u8 *level) +{ + u8 lenvar; + struct ca8210_priv *priv = hw->priv; + + return link_to_linux_err( + hwme_get_request_sync(HWME_EDVALUE, &lenvar, level, priv->spi) + ); +} + +/** + * ca8210_set_channel() - Sets the current operating 802.15.4 channel of the + * ca8210 + * @hw: ieee802154_hw of target ca8210 + * @page: Channel page to set + * @channel: Channel number to set + * + * Return: 0 or linux error code + */ +static int ca8210_set_channel( + struct ieee802154_hw *hw, + u8 page, + u8 channel +) +{ + u8 status; + struct ca8210_priv *priv = hw->priv; + + status = mlme_set_request_sync( + PHY_CURRENT_CHANNEL, + 0, + 1, + &channel, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting channel, MLME-SET.confirm status = %d\n", + status + ); + } + return link_to_linux_err(status); +} + +/** + * ca8210_set_hw_addr_filt() - Sets the address filtering parameters of the + * ca8210 + * @hw: ieee802154_hw of target ca8210 + * @filt: Filtering parameters + * @changed: Bitmap representing which parameters to change + * + * Effectively just sets the actual addressing information identifying this node + * as all filtering is performed by the ca8210 as detailed in the IEEE 802.15.4 + * 2006 specification. + * + * Return: 0 or linux error code + */ +static int ca8210_set_hw_addr_filt( + struct ieee802154_hw *hw, + struct ieee802154_hw_addr_filt *filt, + unsigned long changed +) +{ + u8 status = 0; + struct ca8210_priv *priv = hw->priv; + + if (changed & IEEE802154_AFILT_PANID_CHANGED) { + status = mlme_set_request_sync( + MAC_PAN_ID, + 0, + 2, + &filt->pan_id, priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting pan id, MLME-SET.confirm status = %d", + status + ); + return link_to_linux_err(status); + } + } + if (changed & IEEE802154_AFILT_SADDR_CHANGED) { + status = mlme_set_request_sync( + MAC_SHORT_ADDRESS, + 0, + 2, + &filt->short_addr, priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting short address, MLME-SET.confirm status = %d", + status + ); + return link_to_linux_err(status); + } + } + if (changed & IEEE802154_AFILT_IEEEADDR_CHANGED) { + status = mlme_set_request_sync( + NS_IEEE_ADDRESS, + 0, + 8, + &filt->ieee_addr, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting ieee address, MLME-SET.confirm status = %d", + status + ); + return link_to_linux_err(status); + } + } + /* TODO: Should use MLME_START to set coord bit? */ + return 0; +} + +/** + * ca8210_set_tx_power() - Sets the transmit power of the ca8210 + * @hw: ieee802154_hw of target ca8210 + * @mbm: Transmit power in mBm (dBm*100) + * + * Return: 0 or linux error code + */ +static int ca8210_set_tx_power(struct ieee802154_hw *hw, s32 mbm) +{ + struct ca8210_priv *priv = hw->priv; + + mbm /= 100; + return link_to_linux_err( + mlme_set_request_sync(PHY_TRANSMIT_POWER, 0, 1, &mbm, priv->spi) + ); +} + +/** + * ca8210_set_cca_mode() - Sets the clear channel assessment mode of the ca8210 + * @hw: ieee802154_hw of target ca8210 + * @cca: CCA mode to set + * + * Return: 0 or linux error code + */ +static int ca8210_set_cca_mode( + struct ieee802154_hw *hw, + const struct wpan_phy_cca *cca +) +{ + u8 status; + u8 cca_mode; + struct ca8210_priv *priv = hw->priv; + + cca_mode = cca->mode & 3; + if (cca_mode == 3 && cca->opt == NL802154_CCA_OPT_ENERGY_CARRIER_OR) { + /* cca_mode 0 == CS OR ED, 3 == CS AND ED */ + cca_mode = 0; + } + status = mlme_set_request_sync( + PHY_CCA_MODE, + 0, + 1, + &cca_mode, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting cca mode, MLME-SET.confirm status = %d", + status + ); + } + return link_to_linux_err(status); +} + +/** + * ca8210_set_cca_ed_level() - Sets the CCA ED level of the ca8210 + * @hw: ieee802154_hw of target ca8210 + * @level: ED level to set (in mbm) + * + * Sets the minimum threshold of measured energy above which the ca8210 will + * back off and retry a transmission. + * + * Return: 0 or linux error code + */ +static int ca8210_set_cca_ed_level(struct ieee802154_hw *hw, s32 level) +{ + u8 status; + u8 ed_threshold = (level / 100) * 2 + 256; + struct ca8210_priv *priv = hw->priv; + + status = hwme_set_request_sync( + HWME_EDTHRESHOLD, + 1, + &ed_threshold, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting ed threshold, HWME-SET.confirm status = %d", + status + ); + } + return link_to_linux_err(status); +} + +/** + * ca8210_set_csma_params() - Sets the CSMA parameters of the ca8210 + * @hw: ieee802154_hw of target ca8210 + * @min_be: Minimum backoff exponent when backing off a transmission + * @max_be: Maximum backoff exponent when backing off a transmission + * @retries: Number of times to retry after backing off + * + * Return: 0 or linux error code + */ +static int ca8210_set_csma_params( + struct ieee802154_hw *hw, + u8 min_be, + u8 max_be, + u8 retries +) +{ + u8 status; + struct ca8210_priv *priv = hw->priv; + + status = mlme_set_request_sync(MAC_MIN_BE, 0, 1, &min_be, priv->spi); + if (status) { + dev_err( + &priv->spi->dev, + "error setting min be, MLME-SET.confirm status = %d", + status + ); + return link_to_linux_err(status); + } + status = mlme_set_request_sync(MAC_MAX_BE, 0, 1, &max_be, priv->spi); + if (status) { + dev_err( + &priv->spi->dev, + "error setting max be, MLME-SET.confirm status = %d", + status + ); + return link_to_linux_err(status); + } + status = mlme_set_request_sync( + MAC_MAX_CSMA_BACKOFFS, + 0, + 1, + &retries, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting max csma backoffs, MLME-SET.confirm status = %d", + status + ); + } + return link_to_linux_err(status); +} + +/** + * ca8210_set_frame_retries() - Sets the maximum frame retries of the ca8210 + * @hw: ieee802154_hw of target ca8210 + * @retries: Number of retries + * + * Sets the number of times to retry a transmission if no acknowledgment was + * was received from the other end when one was requested. + * + * Return: 0 or linux error code + */ +static int ca8210_set_frame_retries(struct ieee802154_hw *hw, s8 retries) +{ + u8 status; + struct ca8210_priv *priv = hw->priv; + + status = mlme_set_request_sync( + MAC_MAX_FRAME_RETRIES, + 0, + 1, + &retries, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting frame retries, MLME-SET.confirm status = %d", + status + ); + } + return link_to_linux_err(status); +} + +static int ca8210_set_promiscuous_mode(struct ieee802154_hw *hw, const bool on) +{ + u8 status; + struct ca8210_priv *priv = hw->priv; + + status = mlme_set_request_sync( + MAC_PROMISCUOUS_MODE, + 0, + 1, + (const void*)&on, + priv->spi + ); + if (status) { + dev_err( + &priv->spi->dev, + "error setting promiscuous mode, MLME-SET.confirm status = %d", + status + ); + } else { + priv->promiscuous = on; + } + return link_to_linux_err(status); +} + +static const struct ieee802154_ops ca8210_phy_ops = { + .start = ca8210_start, + .stop = ca8210_stop, + .xmit_async = ca8210_xmit_async, + .ed = ca8210_get_ed, + .set_channel = ca8210_set_channel, + .set_hw_addr_filt = ca8210_set_hw_addr_filt, + .set_txpower = ca8210_set_tx_power, + .set_cca_mode = ca8210_set_cca_mode, + .set_cca_ed_level = ca8210_set_cca_ed_level, + .set_csma_params = ca8210_set_csma_params, + .set_frame_retries = ca8210_set_frame_retries, + .set_promiscuous_mode = ca8210_set_promiscuous_mode +}; + +/* Test/EVBME Interface */ + +/** + * ca8210_test_int_open() - Opens the test interface to the userspace + * @inodp: inode representation of file interface + * @filp: file interface + * + * Return: 0 or linux error code + */ +static int ca8210_test_int_open(struct inode *inodp, struct file *filp) +{ + struct ca8210_priv *priv = inodp->i_private; + + filp->private_data = priv; + return 0; +} + +/** + * ca8210_test_check_upstream() - Checks a command received from the upstream + * testing interface for required action + * @buf: Buffer containing command to check + * @device_ref: Nondescript pointer to target device + * + * Return: 0 or linux error code + */ +static int ca8210_test_check_upstream(u8 *buf, void *device_ref) +{ + int ret; + u8 response[CA8210_SPI_BUF_SIZE]; + + if (buf[0] == SPI_MLME_SET_REQUEST) { + ret = tdme_checkpibattribute(buf[2], buf[4], buf + 5); + if (ret) { + response[0] = SPI_MLME_SET_CONFIRM; + response[1] = 3; + response[2] = MAC_INVALID_PARAMETER; + response[3] = buf[2]; + response[4] = buf[3]; + if (cascoda_api_upstream) + cascoda_api_upstream(response, 5, device_ref); + return ret; + } + } + if (buf[0] == SPI_MLME_ASSOCIATE_REQUEST) { + return tdme_channelinit(buf[2], device_ref); + } else if (buf[0] == SPI_MLME_START_REQUEST) { + return tdme_channelinit(buf[4], device_ref); + } else if ( + (buf[0] == SPI_MLME_SET_REQUEST) && + (buf[2] == PHY_CURRENT_CHANNEL) + ) { + return tdme_channelinit(buf[5], device_ref); + } else if ( + (buf[0] == SPI_TDME_SET_REQUEST) && + (buf[2] == TDME_CHANNEL) + ) { + return tdme_channelinit(buf[4], device_ref); + } else if ( + (CA8210_MAC_WORKAROUNDS) && + (buf[0] == SPI_MLME_RESET_REQUEST) && + (buf[2] == 1) + ) { + /* reset COORD Bit for Channel Filtering as Coordinator */ + return tdme_setsfr_request_sync( + 0, + CA8210_SFR_MACCON, + 0, + device_ref + ); + } + return 0; +} /* End of EVBMECheckSerialCommand() */ + +/** + * ca8210_test_int_user_write() - Called by a process in userspace to send a + * message to the ca8210 drivers + * @filp: file interface + * @in_buf: Buffer containing message to write + * @len: length of message + * @off: file offset + * + * Return: 0 or linux error code + */ +static ssize_t ca8210_test_int_user_write( + struct file *filp, + const char __user *in_buf, + size_t len, + loff_t *off +) +{ + int ret; + struct ca8210_priv *priv = filp->private_data; + u8 command[CA8210_SPI_BUF_SIZE]; + + if (len > CA8210_SPI_BUF_SIZE) { + dev_warn( + &priv->spi->dev, + "userspace requested erroneously long write (%zu)\n", + len + ); + return -EMSGSIZE; + } + + ret = copy_from_user(command, in_buf, len); + if (ret) { + dev_err( + &priv->spi->dev, + "%d bytes could not be copied from userspace\n", + ret + ); + return -EIO; + } + + ret = ca8210_test_check_upstream(command, priv->spi); + if (ret == 0) { + ret = ca8210_spi_exchange( + command, + command[1] + 2, + NULL, + priv->spi + ); + if (ret < 0) { + /* effectively 0 bytes were written successfully */ + dev_err( + &priv->spi->dev, + "spi exchange failed\n" + ); + return ret; + } + if (command[0] & SPI_SYN) + priv->sync_down++; + } + + return len; +} + +/** + * ca8210_test_int_user_read() - Called by a process in userspace to read a + * message from the ca8210 drivers + * @filp: file interface + * @buf: Buffer to write message to + * @len: length of message to read (ignored) + * @offp: file offset + * + * If the O_NONBLOCK flag was set when opening the file then this function will + * not block, i.e. it will return if the fifo is empty. Otherwise the function + * will block, i.e. wait until new data arrives. + * + * Return: number of bytes read + */ +static ssize_t ca8210_test_int_user_read( + struct file *filp, + char __user *buf, + size_t len, + loff_t *offp +) +{ + int i, cmdlen; + struct ca8210_priv *priv = filp->private_data; + unsigned char *fifo_buffer; + unsigned long bytes_not_copied; + + if (filp->f_flags & O_NONBLOCK) { + /* Non-blocking mode */ + if (kfifo_is_empty(&priv->test.up_fifo)) + return 0; + } else { + /* Blocking mode */ + wait_event_interruptible( + priv->test.readq, + !kfifo_is_empty(&priv->test.up_fifo) + ); + } + + if (kfifo_out(&priv->test.up_fifo, &fifo_buffer, 4) != 4) { + dev_err( + &priv->spi->dev, + "test_interface: Wrong number of elements popped from upstream fifo\n" + ); + return 0; + } + cmdlen = fifo_buffer[1]; + bytes_not_copied = cmdlen + 2; + + bytes_not_copied = copy_to_user(buf, fifo_buffer, bytes_not_copied); + if (bytes_not_copied > 0) { + dev_err( + &priv->spi->dev, + "%lu bytes could not be copied to user space!\n", + bytes_not_copied + ); + } + + dev_dbg(&priv->spi->dev, "test_interface: Cmd len = %d\n", cmdlen); + + dev_dbg(&priv->spi->dev, "test_interface: Read\n"); + for (i = 0; i < cmdlen + 2; i++) + dev_dbg(&priv->spi->dev, "%#03x\n", fifo_buffer[i]); + + kfree(fifo_buffer); + + return cmdlen + 2; +} + +/** + * ca8210_test_int_ioctl() - Called by a process in userspace to enact an + * arbitrary action + * @filp: file interface + * @ioctl_num: which action to enact + * @ioctl_param: arbitrary parameter for the action + * + * Return: status + */ +static long ca8210_test_int_ioctl( + struct file *filp, + unsigned int ioctl_num, + unsigned long ioctl_param +) +{ + struct ca8210_priv *priv = filp->private_data; + + switch (ioctl_num) { + case CA8210_IOCTL_HARD_RESET: + ca8210_reset_send(priv->spi, ioctl_param); + break; + default: + break; + } + return 0; +} + +/** + * ca8210_test_int_poll() - Called by a process in userspace to determine which + * actions are currently possible for the file + * @filp: file interface + * @ptable: poll table + * + * Return: set of poll return flags + */ +static unsigned int ca8210_test_int_poll( + struct file *filp, + struct poll_table_struct *ptable +) +{ + unsigned int return_flags = 0; + struct ca8210_priv *priv = filp->private_data; + + poll_wait(filp, &priv->test.readq, ptable); + if (!kfifo_is_empty(&priv->test.up_fifo)) + return_flags |= (POLLIN | POLLRDNORM); + if (wait_event_interruptible( + priv->test.readq, + !kfifo_is_empty(&priv->test.up_fifo))) { + return POLLERR; + } + return return_flags; +} + +static const struct file_operations test_int_fops = { + .read = ca8210_test_int_user_read, + .write = ca8210_test_int_user_write, + .open = ca8210_test_int_open, + .release = NULL, + .unlocked_ioctl = ca8210_test_int_ioctl, + .poll = ca8210_test_int_poll +}; + +/* Init/Deinit */ + +/** + * ca8210_get_platform_data() - Populate a ca8210_platform_data object + * @spi_device: Pointer to ca8210 spi device object to get data for + * @pdata: Pointer to ca8210_platform_data object to populate + * + * Return: 0 or linux error code + */ +static int ca8210_get_platform_data( + struct spi_device *spi_device, + struct ca8210_platform_data *pdata +) +{ + int ret = 0; + + if (!spi_device->dev.of_node) + return -EINVAL; + + pdata->extclockenable = of_property_read_bool( + spi_device->dev.of_node, + "extclock-enable" + ); + if (pdata->extclockenable) { + ret = of_property_read_u32( + spi_device->dev.of_node, + "extclock-freq", + &pdata->extclockfreq + ); + if (ret < 0) + return ret; + + ret = of_property_read_u32( + spi_device->dev.of_node, + "extclock-gpio", + &pdata->extclockgpio + ); + } + + return ret; +} + +/** + * ca8210_config_extern_clk() - Configure the external clock provided by the + * ca8210 + * @pdata: Pointer to ca8210_platform_data containing clock parameters + * @spi: Pointer to target ca8210 spi device + * @on: True to turn the clock on, false to turn off + * + * The external clock is configured with a frequency and output pin taken from + * the platform data. + * + * Return: 0 or linux error code + */ +static int ca8210_config_extern_clk( + struct ca8210_platform_data *pdata, + struct spi_device *spi, + bool on +) +{ + u8 clkparam[2]; + + if (on) { + dev_info(&spi->dev, "Switching external clock on\n"); + switch (pdata->extclockfreq) { + case SIXTEEN_MHZ: + clkparam[0] = 1; + break; + case EIGHT_MHZ: + clkparam[0] = 2; + break; + case FOUR_MHZ: + clkparam[0] = 3; + break; + case TWO_MHZ: + clkparam[0] = 4; + break; + case ONE_MHZ: + clkparam[0] = 5; + break; + default: + dev_crit(&spi->dev, "Invalid extclock-freq\n"); + return -EINVAL; + } + clkparam[1] = pdata->extclockgpio; + } else { + dev_info(&spi->dev, "Switching external clock off\n"); + clkparam[0] = 0; /* off */ + clkparam[1] = 0; + } + return link_to_linux_err( + hwme_set_request_sync(HWME_SYSCLKOUT, 2, clkparam, spi) + ); +} + +/** + * ca8210_register_ext_clock() - Register ca8210's external clock with kernel + * @spi: Pointer to target ca8210 spi device + * + * Return: 0 or linux error code + */ +static int ca8210_register_ext_clock(struct spi_device *spi) +{ + struct device_node *np = spi->dev.of_node; + struct ca8210_priv *priv = spi_get_drvdata(spi); + struct ca8210_platform_data *pdata = spi->dev.platform_data; + int ret = 0; + + if (!np) + return -EFAULT; + + priv->clk = clk_register_fixed_rate( + &spi->dev, + np->name, + NULL, + 0, + pdata->extclockfreq + ); + + if (IS_ERR(priv->clk)) { + dev_crit(&spi->dev, "Failed to register external clk\n"); + return PTR_ERR(priv->clk); + } + ret = of_clk_add_provider(np, of_clk_src_simple_get, priv->clk); + if (ret) { + clk_unregister(priv->clk); + dev_crit( + &spi->dev, + "Failed to register external clock as clock provider\n" + ); + } else { + dev_info(&spi->dev, "External clock set as clock provider\n"); + } + + return ret; +} + +/** + * ca8210_unregister_ext_clock() - Unregister ca8210's external clock with + * kernel + * @spi: Pointer to target ca8210 spi device + */ +static void ca8210_unregister_ext_clock(struct spi_device *spi) +{ + struct ca8210_priv *priv = spi_get_drvdata(spi); + + if (!priv->clk) + return + + of_clk_del_provider(spi->dev.of_node); + clk_unregister(priv->clk); + dev_info(&spi->dev, "External clock unregistered\n"); +} + +/** + * ca8210_reset_init() - Initialise the reset input to the ca8210 + * @spi: Pointer to target ca8210 spi device + * + * Return: 0 or linux error code + */ +static int ca8210_reset_init(struct spi_device *spi) +{ + int ret; + struct ca8210_platform_data *pdata = spi->dev.platform_data; + + pdata->gpio_reset = of_get_named_gpio( + spi->dev.of_node, + "reset-gpio", + 0 + ); + + ret = gpio_direction_output(pdata->gpio_reset, 1); + if (ret < 0) { + dev_crit( + &spi->dev, + "Reset GPIO %d did not set to output mode\n", + pdata->gpio_reset + ); + } + + return ret; +} + +/** + * ca8210_interrupt_init() - Initialise the irq output from the ca8210 + * @spi: Pointer to target ca8210 spi device + * + * Return: 0 or linux error code + */ +static int ca8210_interrupt_init(struct spi_device *spi) +{ + int ret; + struct ca8210_platform_data *pdata = spi->dev.platform_data; + + pdata->gpio_irq = of_get_named_gpio( + spi->dev.of_node, + "irq-gpio", + 0 + ); + + pdata->irq_id = gpio_to_irq(pdata->gpio_irq); + if (pdata->irq_id < 0) { + dev_crit( + &spi->dev, + "Could not get irq for gpio pin %d\n", + pdata->gpio_irq + ); + gpio_free(pdata->gpio_irq); + return pdata->irq_id; + } + + ret = request_irq( + pdata->irq_id, + ca8210_interrupt_handler, + IRQF_TRIGGER_FALLING, + "ca8210-irq", + spi_get_drvdata(spi) + ); + if (ret) { + dev_crit(&spi->dev, "request_irq %d failed\n", pdata->irq_id); + gpio_unexport(pdata->gpio_irq); + gpio_free(pdata->gpio_irq); + } + + return ret; +} + +/** + * ca8210_dev_com_init() - Initialise the spi communication component + * @priv: Pointer to private data structure + * + * Return: 0 or linux error code + */ +static int ca8210_dev_com_init(struct ca8210_priv *priv) +{ + priv->mlme_workqueue = alloc_ordered_workqueue( + "MLME work queue", + WQ_UNBOUND + ); + if (!priv->mlme_workqueue) { + dev_crit(&priv->spi->dev, "alloc of mlme_workqueue failed!\n"); + return -ENOMEM; + } + + priv->irq_workqueue = alloc_ordered_workqueue( + "ca8210 irq worker", + WQ_UNBOUND + ); + if (!priv->irq_workqueue) { + dev_crit(&priv->spi->dev, "alloc of irq_workqueue failed!\n"); + return -ENOMEM; + } + + return 0; +} + +/** + * ca8210_dev_com_clear() - Deinitialise the spi communication component + * @priv: Pointer to private data structure + */ +static void ca8210_dev_com_clear(struct ca8210_priv *priv) +{ + flush_workqueue(priv->mlme_workqueue); + destroy_workqueue(priv->mlme_workqueue); + flush_workqueue(priv->irq_workqueue); + destroy_workqueue(priv->irq_workqueue); +} + +#define CA8210_MAX_TX_POWERS (9) +static const s32 ca8210_tx_powers[CA8210_MAX_TX_POWERS] = { + 800, 700, 600, 500, 400, 300, 200, 100, 0 +}; + +#define CA8210_MAX_ED_LEVELS (21) +static const s32 ca8210_ed_levels[CA8210_MAX_ED_LEVELS] = { + -10300, -10250, -10200, -10150, -10100, -10050, -10000, -9950, -9900, + -9850, -9800, -9750, -9700, -9650, -9600, -9550, -9500, -9450, -9400, + -9350, -9300 +}; + +/** + * ca8210_hw_setup() - Populate the ieee802154_hw phy attributes with the + * ca8210's defaults + * @ca8210_hw: Pointer to ieee802154_hw to populate + */ +static void ca8210_hw_setup(struct ieee802154_hw *ca8210_hw) +{ + /* Support channels 11-26 */ + ca8210_hw->phy->supported.channels[0] = CA8210_VALID_CHANNELS; + ca8210_hw->phy->supported.tx_powers_size = CA8210_MAX_TX_POWERS; + ca8210_hw->phy->supported.tx_powers = ca8210_tx_powers; + ca8210_hw->phy->supported.cca_ed_levels_size = CA8210_MAX_ED_LEVELS; + ca8210_hw->phy->supported.cca_ed_levels = ca8210_ed_levels; + ca8210_hw->phy->current_channel = 18; + ca8210_hw->phy->current_page = 0; + ca8210_hw->phy->transmit_power = 800; + ca8210_hw->phy->cca.mode = NL802154_CCA_ENERGY_CARRIER; + ca8210_hw->phy->cca.opt = NL802154_CCA_OPT_ENERGY_CARRIER_AND; + ca8210_hw->phy->cca_ed_level = -9800; + ca8210_hw->phy->symbol_duration = 16; + ca8210_hw->phy->lifs_period = 40; + ca8210_hw->phy->sifs_period = 12; + ca8210_hw->flags = + IEEE802154_HW_AFILT | + IEEE802154_HW_OMIT_CKSUM | + IEEE802154_HW_FRAME_RETRIES | + IEEE802154_HW_PROMISCUOUS | + IEEE802154_HW_CSMA_PARAMS; + ca8210_hw->phy->flags = + WPAN_PHY_FLAG_TXPOWER | + WPAN_PHY_FLAG_CCA_ED_LEVEL | + WPAN_PHY_FLAG_CCA_MODE; +} + +/** + * ca8210_test_interface_init() - Initialise the test file interface + * @priv: Pointer to private data structure + * + * Provided as an alternative to the standard linux network interface, the test + * interface exposes a file in the filesystem (ca8210_test) that allows + * 802.15.4 SAP Commands and Cascoda EVBME commands to be sent directly to + * the stack. + * + * Return: 0 or linux error code + */ +static int ca8210_test_interface_init(struct ca8210_priv *priv) +{ + struct ca8210_test *test = &priv->test; + char node_name[32]; + + snprintf( + node_name, + sizeof(node_name), + "ca8210@%d_%d", + priv->spi->master->bus_num, + priv->spi->chip_select + ); + + test->ca8210_dfs_spi_int = debugfs_create_file( + node_name, + 0600, /* S_IRUSR | S_IWUSR */ + NULL, + priv, + &test_int_fops + ); + if (IS_ERR(test->ca8210_dfs_spi_int)) { + dev_err( + &priv->spi->dev, + "Error %ld when creating debugfs node\n", + PTR_ERR(test->ca8210_dfs_spi_int) + ); + return PTR_ERR(test->ca8210_dfs_spi_int); + } + debugfs_create_symlink("ca8210", NULL, node_name); + init_waitqueue_head(&test->readq); + return kfifo_alloc( + &test->up_fifo, + CA8210_TEST_INT_FIFO_SIZE, + GFP_KERNEL + ); +} + +/** + * ca8210_test_interface_clear() - Deinitialise the test file interface + * @priv: Pointer to private data structure + */ +static void ca8210_test_interface_clear(struct ca8210_priv *priv) +{ + struct ca8210_test *test = &priv->test; + + if (!IS_ERR(test->ca8210_dfs_spi_int)) + debugfs_remove(test->ca8210_dfs_spi_int); + kfifo_free(&test->up_fifo); + dev_info(&priv->spi->dev, "Test interface removed\n"); +} + +/** + * ca8210_remove() - Shut down a ca8210 upon being disconnected + * @priv: Pointer to private data structure + * + * Return: 0 or linux error code + */ +static int ca8210_remove(struct spi_device *spi_device) +{ + struct ca8210_priv *priv; + struct ca8210_platform_data *pdata; + + dev_info(&spi_device->dev, "Removing ca8210\n"); + + pdata = spi_device->dev.platform_data; + if (pdata) { + if (pdata->extclockenable) { + ca8210_unregister_ext_clock(spi_device); + ca8210_config_extern_clk(pdata, spi_device, 0); + } + free_irq(pdata->irq_id, spi_device->dev.driver_data); + kfree(pdata); + spi_device->dev.platform_data = NULL; + } + /* get spi_device private data */ + priv = spi_get_drvdata(spi_device); + if (priv) { + dev_info( + &spi_device->dev, + "sync_down = %d, sync_up = %d\n", + priv->sync_down, + priv->sync_up + ); + ca8210_dev_com_clear(spi_device->dev.driver_data); + if (priv->hw) { + if (priv->hw_registered) + ieee802154_unregister_hw(priv->hw); + ieee802154_free_hw(priv->hw); + priv->hw = NULL; + dev_info( + &spi_device->dev, + "Unregistered & freed ieee802154_hw.\n" + ); + } + if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) + ca8210_test_interface_clear(priv); + } + + return 0; +} + +/** + * ca8210_probe() - Set up a connected ca8210 upon being detected by the system + * @priv: Pointer to private data structure + * + * Return: 0 or linux error code + */ +static int ca8210_probe(struct spi_device *spi_device) +{ + struct ca8210_priv *priv; + struct ieee802154_hw *hw; + struct ca8210_platform_data *pdata; + int ret; + + dev_info(&spi_device->dev, "Inserting ca8210\n"); + + /* allocate ieee802154_hw and private data */ + hw = ieee802154_alloc_hw(sizeof(struct ca8210_priv), &ca8210_phy_ops); + if (!hw) { + dev_crit(&spi_device->dev, "ieee802154_alloc_hw failed\n"); + ret = -ENOMEM; + goto error; + } + + priv = hw->priv; + priv->hw = hw; + priv->spi = spi_device; + hw->parent = &spi_device->dev; + spin_lock_init(&priv->lock); + priv->async_tx_pending = false; + priv->hw_registered = false; + priv->sync_up = 0; + priv->sync_down = 0; + priv->promiscuous = false; + priv->retries = 0; + init_completion(&priv->ca8210_is_awake); + init_completion(&priv->spi_transfer_complete); + init_completion(&priv->sync_exchange_complete); + spi_set_drvdata(priv->spi, priv); + if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { + cascoda_api_upstream = ca8210_test_int_driver_write; + ca8210_test_interface_init(priv); + } else { + cascoda_api_upstream = NULL; + } + ca8210_hw_setup(hw); + ieee802154_random_extended_addr(&hw->phy->perm_extended_addr); + + pdata = kmalloc(sizeof(*pdata), GFP_KERNEL); + if (!pdata) { + dev_crit( + &spi_device->dev, + "Could not allocate platform data\n" + ); + ret = -ENOMEM; + goto error; + } + + ret = ca8210_get_platform_data(priv->spi, pdata); + if (ret) { + dev_crit(&spi_device->dev, "ca8210_get_platform_data failed\n"); + goto error; + } + priv->spi->dev.platform_data = pdata; + + ret = ca8210_dev_com_init(priv); + if (ret) { + dev_crit(&spi_device->dev, "ca8210_dev_com_init failed\n"); + goto error; + } + ret = ca8210_reset_init(priv->spi); + if (ret) { + dev_crit(&spi_device->dev, "ca8210_reset_init failed\n"); + goto error; + } + + ret = ca8210_interrupt_init(priv->spi); + if (ret) { + dev_crit(&spi_device->dev, "ca8210_interrupt_init failed\n"); + goto error; + } + + msleep(100); + + ca8210_reset_send(priv->spi, 1); + + ret = tdme_chipinit(priv->spi); + if (ret) { + dev_crit(&spi_device->dev, "tdme_chipinit failed\n"); + goto error; + } + + if (pdata->extclockenable) { + ret = ca8210_config_extern_clk(pdata, priv->spi, 1); + if (ret) { + dev_crit( + &spi_device->dev, + "ca8210_config_extern_clk failed\n" + ); + goto error; + } + ret = ca8210_register_ext_clock(priv->spi); + if (ret) { + dev_crit( + &spi_device->dev, + "ca8210_register_ext_clock failed\n" + ); + goto error; + } + } + + ret = ieee802154_register_hw(hw); + if (ret) { + dev_crit(&spi_device->dev, "ieee802154_register_hw failed\n"); + goto error; + } + priv->hw_registered = true; + + return 0; +error: + msleep(100); /* wait for pending spi transfers to complete */ + ca8210_remove(spi_device); + return link_to_linux_err(ret); +} + +static const struct of_device_id ca8210_of_ids[] = { + {.compatible = "cascoda,ca8210", }, + {}, +}; +MODULE_DEVICE_TABLE(of, ca8210_of_ids); + +static struct spi_driver ca8210_spi_driver = { + .driver = { + .name = DRIVER_NAME, + .owner = THIS_MODULE, + .of_match_table = of_match_ptr(ca8210_of_ids), + }, + .probe = ca8210_probe, + .remove = ca8210_remove +}; + +module_spi_driver(ca8210_spi_driver); + +MODULE_AUTHOR("Harry Morris "); +MODULE_DESCRIPTION("CA-8210 SoftMAC driver"); +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_VERSION("1.0"); From ab3916f7fe9dd52026566fb534f5834683f0d578 Mon Sep 17 00:00:00 2001 From: Harry Morris Date: Tue, 28 Mar 2017 13:08:59 +0100 Subject: [PATCH 26/59] ieee802154: Add device tree documentation for CA8210 Signed-off-by: Harry Morris Acked-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- .../bindings/net/ieee802154/ca8210.txt | 28 +++++++++++++++++++ .../devicetree/bindings/vendor-prefixes.txt | 1 + 2 files changed, 29 insertions(+) create mode 100644 Documentation/devicetree/bindings/net/ieee802154/ca8210.txt diff --git a/Documentation/devicetree/bindings/net/ieee802154/ca8210.txt b/Documentation/devicetree/bindings/net/ieee802154/ca8210.txt new file mode 100644 index 000000000000..a1046e636fa1 --- /dev/null +++ b/Documentation/devicetree/bindings/net/ieee802154/ca8210.txt @@ -0,0 +1,28 @@ +* CA8210 IEEE 802.15.4 * + +Required properties: + - compatible: Should be "cascoda,ca8210" + - reg: Controlling chip select + - spi-max-frequency: Maximum clock speed, should be *less than* + 4000000 + - spi-cpol: Requires inverted clock polarity + - reset-gpio: GPIO attached to reset + - irq-gpio: GPIO attached to IRQ +Optional properties: + - extclock-enable: Include for the ca8210 to route its 16MHz clock + to an output + - extclock-freq: Frequency in Hz of the external clock + - extclock-gpio: GPIO of the ca8210 to output the clock on + +Example: + ca8210@0 { + compatible = "cascoda,ca8210"; + reg = <0>; + spi-max-frequency = <3000000>; + spi-cpol; + reset-gpio = <&gpio1 1 GPIO_ACTIVE_HIGH>; + irq-gpio = <&gpio1 2 GPIO_ACTIVE_HIGH>; + extclock-enable; + extclock-freq = 16000000; + extclock-gpio = 2; + }; diff --git a/Documentation/devicetree/bindings/vendor-prefixes.txt b/Documentation/devicetree/bindings/vendor-prefixes.txt index ec0bfb9bbebd..36b4d8a3fe6c 100644 --- a/Documentation/devicetree/bindings/vendor-prefixes.txt +++ b/Documentation/devicetree/bindings/vendor-prefixes.txt @@ -51,6 +51,7 @@ brcm Broadcom Corporation buffalo Buffalo, Inc. calxeda Calxeda capella Capella Microsystems, Inc +cascoda Cascoda, Ltd. cavium Cavium, Inc. cdns Cadence Design Systems Inc. ceva Ceva, Inc. From 8b1cfcbd282498f7db452175222b68b96421e409 Mon Sep 17 00:00:00 2001 From: Harry Morris Date: Tue, 28 Mar 2017 13:09:00 +0100 Subject: [PATCH 27/59] ieee802154: Add entry in MAINTAINTERS for CA8210 driver Signed-off-by: Harry Morris Acked-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- MAINTAINERS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 5397f54af5fc..055c7de08db8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2944,6 +2944,15 @@ W: http://www.linux-c6x.org/wiki/index.php/Main_Page S: Maintained F: arch/c6x/ +CA8210 IEEE-802.15.4 RADIO DRIVER +M: Harry Morris +M: linuxdev@cascoda.com +L: linux-wpan@vger.kernel.org +W: https://github.com/Cascoda/ca8210-linux.git +S: Maintained +F: drivers/net/ieee802154/ca8210.c +F: Documentation/devicetree/bindings/net/ieee802154/ca8210.txt + CACHEFILES: FS-CACHE BACKEND FOR CACHING ON MOUNTED FILESYSTEMS M: David Howells L: linux-cachefs@redhat.com (moderated for non-subscribers) From fa0eaf840adc3df8df914ee211502bc3e5d57508 Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Tue, 28 Mar 2017 13:11:29 +0100 Subject: [PATCH 28/59] 6lowpan: fix assignment of peer_addr The data from peer->chan->dst is not being copied to peer_addr, the current code just updates the pointer and not the contents of what it points to. Fix this with the intended assignment. Detected by CoverityScan, CID#1422111 ("Parse warning (PW.PARAM_SET_BUT_NOT_USED)") Fixes: fb6f2f606ce8 ("6lowpan: Fix IID format for Bluetooth") Signed-off-by: Colin Ian King Reviewed-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 24348c8579dd..ba28c7b1557f 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -432,7 +432,7 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev, } daddr = peer->lladdr; - peer_addr = &peer->chan->dst; + *peer_addr = peer->chan->dst; *peer_addr_type = peer->chan->dst_type; lowpan_cb(skb)->chan = peer->chan; From f1554b7b2c27cedee6c772dab954629987690110 Mon Sep 17 00:00:00 2001 From: prasanna karthik Date: Tue, 28 Mar 2017 19:44:00 +0000 Subject: [PATCH 29/59] Bluetooth: btmrvl: cleanup code in return from btmrvl_sdio_suspend() Else is not generally useful after a break or return Signed-off-by: Prasanna Karthik Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index e65ca19970ea..2424ea2685a7 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -1642,10 +1642,10 @@ static int btmrvl_sdio_suspend(struct device *dev) if (priv->adapter->hs_state == HS_ACTIVATED) { BT_DBG("suspend with MMC_PM_KEEP_POWER"); return sdio_set_host_pm_flags(func, MMC_PM_KEEP_POWER); - } else { - BT_DBG("suspend without MMC_PM_KEEP_POWER"); - return 0; } + + BT_DBG("suspend without MMC_PM_KEEP_POWER"); + return 0; } static int btmrvl_sdio_resume(struct device *dev) From 941825e11424f00f9a76c944c16f677aadfe3515 Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Wed, 29 Mar 2017 18:05:40 +0100 Subject: [PATCH 30/59] ieee802154: ca8210: Add checks for kmalloc allocation failures Ensure we don't end up with a null pointer dereferences by checking for for allocation failures. Allocate by sizeof(*ptr) rather than the type to fix checkpack warnings. Also merge multiple lines into one line for the kmalloc call. Detected by CoverityScan, CID#1422435 ("Dereference null return value") Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann --- drivers/net/ieee802154/ca8210.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c index 53fa87bfede0..25fd3b04b3c0 100644 --- a/drivers/net/ieee802154/ca8210.c +++ b/drivers/net/ieee802154/ca8210.c @@ -634,6 +634,8 @@ static int ca8210_test_int_driver_write( dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]); fifo_buffer = kmalloc(len, GFP_KERNEL); + if (!fifo_buffer) + return -ENOMEM; memcpy(fifo_buffer, buf, len); kfifo_in(&test->up_fifo, &fifo_buffer, 4); wake_up_interruptible(&priv->test.readq); @@ -759,10 +761,10 @@ static void ca8210_rx_done(struct cas_control *cas_ctl) &priv->spi->dev, "Resetting MAC...\n"); - mlme_reset_wpc = kmalloc( - sizeof(struct work_priv_container), - GFP_KERNEL - ); + mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc), + GFP_KERNEL); + if (!mlme_reset_wpc) + goto finish; INIT_WORK( &mlme_reset_wpc->work, ca8210_mlme_reset_worker @@ -925,10 +927,10 @@ static int ca8210_spi_transfer( dev_dbg(&spi->dev, "ca8210_spi_transfer called\n"); - cas_ctl = kmalloc( - sizeof(struct cas_control), - GFP_ATOMIC - ); + cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC); + if (!cas_ctl) + return -ENOMEM; + cas_ctl->priv = priv; memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE); memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE); From 95065a61e9bf25fb85295127fba893200c2bbbd8 Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Wed, 29 Mar 2017 18:15:27 +0200 Subject: [PATCH 31/59] Bluetooth: hci_bcm: add missing tty-device sanity check Make sure to check the tty-device pointer before looking up the sibling platform device to avoid dereferencing a NULL-pointer when the tty is one end of a Unix98 pty. Fixes: 0395ffc1ee05 ("Bluetooth: hci_bcm: Add PM for BCM devices") Cc: stable # 4.3 Cc: Frederic Danis Signed-off-by: Johan Hovold Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 04fe5535a153..f87bfdfee4ff 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -287,6 +287,9 @@ static int bcm_open(struct hci_uart *hu) hu->priv = bcm; + if (!hu->tty->dev) + goto out; + mutex_lock(&bcm_device_lock); list_for_each(p, &bcm_device_list) { struct bcm_device *dev = list_entry(p, struct bcm_device, list); @@ -307,7 +310,7 @@ static int bcm_open(struct hci_uart *hu) } mutex_unlock(&bcm_device_lock); - +out: return 0; } From dcb9cfaa5ea9aa0ec08aeb92582ccfe3e4c719a9 Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Wed, 29 Mar 2017 18:15:28 +0200 Subject: [PATCH 32/59] Bluetooth: hci_intel: add missing tty-device sanity check Make sure to check the tty-device pointer before looking up the sibling platform device to avoid dereferencing a NULL-pointer when the tty is one end of a Unix98 pty. Fixes: 74cdad37cd24 ("Bluetooth: hci_intel: Add runtime PM support") Fixes: 1ab1f239bf17 ("Bluetooth: hci_intel: Add support for platform driver") Cc: stable # 4.3 Cc: Loic Poulain Signed-off-by: Johan Hovold Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_intel.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c index d915e7eee233..fa5099986f1b 100644 --- a/drivers/bluetooth/hci_intel.c +++ b/drivers/bluetooth/hci_intel.c @@ -307,6 +307,9 @@ static int intel_set_power(struct hci_uart *hu, bool powered) struct list_head *p; int err = -ENODEV; + if (!hu->tty->dev) + return err; + mutex_lock(&intel_device_list_lock); list_for_each(p, &intel_device_list) { @@ -379,6 +382,9 @@ static void intel_busy_work(struct work_struct *work) struct intel_data *intel = container_of(work, struct intel_data, busy_work); + if (!intel->hu->tty->dev) + return; + /* Link is busy, delay the suspend */ mutex_lock(&intel_device_list_lock); list_for_each(p, &intel_device_list) { @@ -899,6 +905,8 @@ static int intel_setup(struct hci_uart *hu) list_for_each(p, &intel_device_list) { struct intel_device *dev = list_entry(p, struct intel_device, list); + if (!hu->tty->dev) + break; if (hu->tty->dev->parent == dev->pdev->dev.parent) { if (device_may_wakeup(&dev->pdev->dev)) { set_bit(STATE_LPM_ENABLED, &intel->flags); @@ -1066,6 +1074,9 @@ static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) BT_DBG("hu %p skb %p", hu, skb); + if (!hu->tty->dev) + goto out_enqueue; + /* Be sure our controller is resumed and potential LPM transaction * completed before enqueuing any packet. */ @@ -1082,7 +1093,7 @@ static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb) } } mutex_unlock(&intel_device_list_lock); - +out_enqueue: skb_queue_tail(&intel->txq, skb); return 0; From d2891c4d071d807f01cc911dc42a68f4568d65cf Mon Sep 17 00:00:00 2001 From: Michael Scott Date: Tue, 28 Mar 2017 23:10:54 -0700 Subject: [PATCH 33/59] Bluetooth: 6lowpan: fix delay work init in add_peer_chan() When adding 6lowpan devices very rapidly we sometimes see a crash: [23122.306615] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.9.0-43-arm64 #1 Debian 4.9.9.linaro.43-1 [23122.315400] Hardware name: HiKey Development Board (DT) [23122.320623] task: ffff800075443080 task.stack: ffff800075484000 [23122.326551] PC is at expire_timers+0x70/0x150 [23122.330907] LR is at run_timer_softirq+0xa0/0x1a0 [23122.335616] pc : [] lr : [] pstate: 600001c5 This was due to add_peer_chan() unconditionally initializing the lowpan_btle_dev->notify_peers delayed work structure, even if the lowpan_btle_dev passed into add_peer_chan() had previously been initialized. Normally, this would go unnoticed as the delayed work timer is set for 100 msec, however when calling add_peer_chan() faster than 100 msec it clears out a previously queued delay work causing the crash above. To fix this, let add_peer_chan() know when a new lowpan_btle_dev is passed in so that it only performs the delay work initialization when needed. Signed-off-by: Michael Scott Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index ba28c7b1557f..6ae51e840af1 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -676,7 +676,8 @@ static struct l2cap_chan *chan_create(void) } static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, - struct lowpan_btle_dev *dev) + struct lowpan_btle_dev *dev, + bool new_netdev) { struct lowpan_peer *peer; @@ -697,7 +698,8 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, spin_unlock(&devices_lock); /* Notifying peers about us needs to be done without locks held */ - INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers); + if (new_netdev) + INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers); schedule_delayed_work(&dev->notify_peers, msecs_to_jiffies(100)); return peer->chan; @@ -755,6 +757,7 @@ static int setup_netdev(struct l2cap_chan *chan, struct lowpan_btle_dev **dev) static inline void chan_ready_cb(struct l2cap_chan *chan) { struct lowpan_btle_dev *dev; + bool new_netdev = false; dev = lookup_dev(chan->conn); @@ -765,12 +768,13 @@ static inline void chan_ready_cb(struct l2cap_chan *chan) l2cap_chan_del(chan, -ENOENT); return; } + new_netdev = true; } if (!try_module_get(THIS_MODULE)) return; - add_peer_chan(chan, dev); + add_peer_chan(chan, dev, new_netdev); ifup(dev->netdev); } From 6dea44f5acc3d63fbaa992146e92252329d9a2be Mon Sep 17 00:00:00 2001 From: Michael Scott Date: Tue, 28 Mar 2017 23:10:18 -0700 Subject: [PATCH 34/59] Bluetooth: 6lowpan: fix use after free in chan_suspend/resume A status field in the skb_cb struct was storing a channel status based on channel suspend/resume events. This stored status was then used to return EAGAIN if there were packet sending issues in snd_pkt(). The issue is that the skb has been freed by the time the callback to 6lowpan's suspend/resume was called. So, this generates a "use after free" issue that was noticed while running kernel tests with KASAN debug enabled. Let's eliminate the status field entirely as we can use the channel tx_credits to indicate whether we should return EAGAIN when handling packets. Signed-off-by: Michael Scott Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 6ae51e840af1..b39da8d36aa9 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -38,7 +38,6 @@ struct skb_cb { struct in6_addr addr; struct in6_addr gw; struct l2cap_chan *chan; - int status; }; #define lowpan_cb(skb) ((struct skb_cb *)((skb)->cb)) @@ -485,7 +484,7 @@ static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb, } if (!err) - err = lowpan_cb(skb)->status; + err = (!chan->tx_credits ? -EAGAIN : 0); if (err < 0) { if (err == -EAGAIN) @@ -880,26 +879,12 @@ static struct sk_buff *chan_alloc_skb_cb(struct l2cap_chan *chan, static void chan_suspend_cb(struct l2cap_chan *chan) { - struct sk_buff *skb = chan->data; - - BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb); - - if (!skb) - return; - - lowpan_cb(skb)->status = -EAGAIN; + BT_DBG("chan %p suspend", chan); } static void chan_resume_cb(struct l2cap_chan *chan) { - struct sk_buff *skb = chan->data; - - BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb); - - if (!skb) - return; - - lowpan_cb(skb)->status = 0; + BT_DBG("chan %p resume", chan); } static long chan_get_sndtimeo_cb(struct l2cap_chan *chan) From 6eb7bd66830c1e1919aa4006d7eb288873b0f806 Mon Sep 17 00:00:00 2001 From: Xinming Hu Date: Fri, 31 Mar 2017 14:32:31 +0800 Subject: [PATCH 35/59] Bluetooth: btmrvl: disable platform wakeup interrupt in suspend failure path Host sleep handshake with device might been fail, disable platform wakeup interrupt in this case. Reported-by: Guenter Roeck Signed-off-by: Xinming Hu Signed-off-by: Amitkumar Karwar Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index 2424ea2685a7..95e40ec27c0e 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -1630,6 +1630,13 @@ static int btmrvl_sdio_suspend(struct device *dev) if (priv->adapter->hs_state != HS_ACTIVATED) { if (btmrvl_enable_hs(priv)) { BT_ERR("HS not activated, suspend failed!"); + /* Disable platform specific wakeup interrupt */ + if (card->plt_wake_cfg && + card->plt_wake_cfg->irq_bt >= 0) { + disable_irq_wake(card->plt_wake_cfg->irq_bt); + disable_irq(card->plt_wake_cfg->irq_bt); + } + priv->adapter->is_suspending = false; return -EBUSY; } From c8ba804437d6311f61e4ca77a1cf43ce6a17bd21 Mon Sep 17 00:00:00 2001 From: Xinming Hu Date: Fri, 31 Mar 2017 14:32:32 +0800 Subject: [PATCH 36/59] Bluetooth: btmrvl: remove unnecessary wakeup interrupt number sanity check Sanity check of interrupt number in interrupt handler is unnecessary and confusion, remove it. Reported-by: Guenter Roeck Signed-off-by: Xinming Hu Signed-off-by: Amitkumar Karwar Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index 95e40ec27c0e..eb794f08b238 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -64,11 +64,9 @@ static irqreturn_t btmrvl_wake_irq_bt(int irq, void *priv) struct btmrvl_sdio_card *card = priv; struct btmrvl_plt_wake_cfg *cfg = card->plt_wake_cfg; - if (cfg->irq_bt >= 0) { - pr_info("%s: wake by bt", __func__); - cfg->wake_by_bt = true; - disable_irq_nosync(irq); - } + pr_info("%s: wake by bt", __func__); + cfg->wake_by_bt = true; + disable_irq_nosync(irq); pm_wakeup_event(&card->func->dev, 0); pm_system_wakeup(); From 27ce68a37b0bd86123571e1e76b9bdb362d109e0 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Mon, 3 Apr 2017 17:48:55 +0300 Subject: [PATCH 37/59] Bluetooth: 6lowpan: Remove unnecessary peer lookup During chan_recv_cb there is already a peer lookup which can be passed to recv_pkt directly instead of the channel. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index b39da8d36aa9..2063e96bc006 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -269,27 +269,20 @@ static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev) } static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, - struct l2cap_chan *chan) + struct lowpan_peer *peer) { const u8 *saddr; struct lowpan_btle_dev *dev; - struct lowpan_peer *peer; dev = lowpan_btle_dev(netdev); - rcu_read_lock(); - peer = __peer_lookup_chan(dev, chan); - rcu_read_unlock(); - if (!peer) - return -EINVAL; - saddr = peer->lladdr; return lowpan_header_decompress(skb, netdev, netdev->dev_addr, saddr); } static int recv_pkt(struct sk_buff *skb, struct net_device *dev, - struct l2cap_chan *chan) + struct lowpan_peer *peer) { struct sk_buff *local_skb; int ret; @@ -342,7 +335,7 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, local_skb->dev = dev; - ret = iphc_decompress(local_skb, dev, chan); + ret = iphc_decompress(local_skb, dev, peer); if (ret < 0) { kfree_skb(local_skb); goto drop; @@ -388,7 +381,7 @@ static int chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) if (!dev || !dev->netdev) return -ENOENT; - err = recv_pkt(skb, dev->netdev, chan); + err = recv_pkt(skb, dev->netdev, peer); if (err) { BT_DBG("recv pkt %d", err); err = -EAGAIN; From da75fdc6bdccaf99220757cd1ac33cec72cfebb1 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Mon, 3 Apr 2017 17:48:56 +0300 Subject: [PATCH 38/59] Bluetooth: 6lowpan: Print errors during recv_pkt This makes should make it more clear why a packet is being dropped. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 2063e96bc006..5b91e85cf1c6 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -337,6 +337,7 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, ret = iphc_decompress(local_skb, dev, peer); if (ret < 0) { + BT_DBG("iphc_decompress failed: %d", ret); kfree_skb(local_skb); goto drop; } @@ -356,6 +357,7 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, consume_skb(local_skb); consume_skb(skb); } else { + BT_DBG("unknown packet type"); goto drop; } From 03732141bf23378b31e266a1da5a8f51f9e35cbe Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Mon, 3 Apr 2017 17:48:57 +0300 Subject: [PATCH 39/59] Bluetooth: L2CAP: Don't return -EAGAIN if out of credits Just keep queueing them into TX queue since the caller might just have to do the same and there is no impact in adding another packet to the TX queue even if there aren't any credits to transmit them. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/l2cap_core.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc7f321a3823..3a202b09d4ac 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -2458,9 +2458,6 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len) if (len > chan->omtu) return -EMSGSIZE; - if (!chan->tx_credits) - return -EAGAIN; - __skb_queue_head_init(&seg_queue); err = l2cap_segment_le_sdu(chan, &seg_queue, msg, len); From 24dcbf66220564cdb23129aa3854b49532b1a9d8 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 11 Apr 2017 22:20:58 +0300 Subject: [PATCH 40/59] 6lowpan: Don't set IFF_NO_QUEUE There is no point in setting IFF_NO_QUEUE should already have taken care of setting it if tx_queue_len is not set, in fact this may actually disable queue for interfaces that require it and do set tx_queue_len. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/6lowpan/core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/6lowpan/core.c b/net/6lowpan/core.c index 5f9909a2b58c..40d3d72beb53 100644 --- a/net/6lowpan/core.c +++ b/net/6lowpan/core.c @@ -35,7 +35,6 @@ int lowpan_register_netdevice(struct net_device *dev, dev->type = ARPHRD_6LOWPAN; dev->mtu = IPV6_MIN_MTU; - dev->priv_flags |= IFF_NO_QUEUE; lowpan_dev(dev)->lltype = lltype; From e1008f95e1e7762fade7ccbc973247a3b32edddb Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 11 Apr 2017 22:20:59 +0300 Subject: [PATCH 41/59] Bluetooth: 6lowpan: Don't drop packets when run out of credits Since l2cap_chan_send will now queue the packets there is no point in checking the credits anymore. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 5b91e85cf1c6..22bd936ed2ce 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -478,15 +478,8 @@ static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb, return 0; } - if (!err) - err = (!chan->tx_credits ? -EAGAIN : 0); - - if (err < 0) { - if (err == -EAGAIN) - netdev->stats.tx_dropped++; - else - netdev->stats.tx_errors++; - } + if (err < 0) + netdev->stats.tx_errors++; return err; } From f183e52b8ef3d62c795b0fe2228400ac48f6cae6 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 11 Apr 2017 22:21:00 +0300 Subject: [PATCH 42/59] Bluetooth: 6lowpan: Use netif APIs to flow control Rely on netif_wake_queue and netif_stop_queue to flow control when transmit resources are unavailable. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 22bd936ed2ce..dc7fda307b15 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -867,12 +867,28 @@ static struct sk_buff *chan_alloc_skb_cb(struct l2cap_chan *chan, static void chan_suspend_cb(struct l2cap_chan *chan) { + struct lowpan_btle_dev *dev; + BT_DBG("chan %p suspend", chan); + + dev = lookup_dev(chan->conn); + if (!dev || !dev->netdev) + return; + + netif_stop_queue(dev->netdev); } static void chan_resume_cb(struct l2cap_chan *chan) { + struct lowpan_btle_dev *dev; + BT_DBG("chan %p resume", chan); + + dev = lookup_dev(chan->conn); + if (!dev || !dev->netdev) + return; + + netif_wake_queue(dev->netdev); } static long chan_get_sndtimeo_cb(struct l2cap_chan *chan) From 8a505b7f39f7fb2d3a2b25bfaa2f18d2ce010eef Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 11 Apr 2017 22:21:01 +0300 Subject: [PATCH 43/59] Bluetooth: L2CAP: Add l2cap_le_flowctl_send Consolidate code sending data to LE CoC channels and adds proper accounting of packets sent, the remaining credits and how many packets are queued. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/l2cap_core.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 3a202b09d4ac..f88ac99528ce 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -2425,6 +2425,22 @@ static int l2cap_segment_le_sdu(struct l2cap_chan *chan, return 0; } +static void l2cap_le_flowctl_send(struct l2cap_chan *chan) +{ + int sent = 0; + + BT_DBG("chan %p", chan); + + while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { + l2cap_do_send(chan, skb_dequeue(&chan->tx_q)); + chan->tx_credits--; + sent++; + } + + BT_DBG("Sent %d credits %u queued %u", sent, chan->tx_credits, + skb_queue_len(&chan->tx_q)); +} + int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len) { struct sk_buff *skb; @@ -2472,10 +2488,7 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len) skb_queue_splice_tail_init(&seg_queue, &chan->tx_q); - while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { - l2cap_do_send(chan, skb_dequeue(&chan->tx_q)); - chan->tx_credits--; - } + l2cap_le_flowctl_send(chan); if (!chan->tx_credits) chan->ops->suspend(chan); @@ -5567,10 +5580,8 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, chan->tx_credits += credits; - while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { - l2cap_do_send(chan, skb_dequeue(&chan->tx_q)); - chan->tx_credits--; - } + /* Resume sending */ + l2cap_le_flowctl_send(chan); if (chan->tx_credits) chan->ops->resume(chan); From 814f1b243d2c63928f6aa72d66bec0e5fae2f4a9 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 11 Apr 2017 22:21:02 +0300 Subject: [PATCH 44/59] Bluetooth: 6lowpan: Set tx_queue_len to DEFAULT_TX_QUEUE_LEN Make netdev queue packets if we run out of credits. Signed-off-by: Luiz Augusto von Dentz Acked-by: Jukka Rissanen Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index dc7fda307b15..a4deba6548fe 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -594,6 +595,7 @@ static void netdev_setup(struct net_device *dev) dev->flags = IFF_RUNNING | IFF_POINTOPOINT | IFF_MULTICAST; dev->watchdog_timeo = 0; + dev->tx_queue_len = DEFAULT_TX_QUEUE_LEN; dev->netdev_ops = &netdev_ops; dev->header_ops = &header_ops; From 258695222bdb89071aebe60554f5246927817a89 Mon Sep 17 00:00:00 2001 From: Patrik Flykt Date: Tue, 11 Apr 2017 22:21:03 +0300 Subject: [PATCH 45/59] bluetooth: Do not set IFF_POINTOPOINT The IPv6 stack needs to send and receive Neighbor Discovery messages. Remove the IFF_POINTOPOINT flag. Signed-off-by: Patrik Flykt Acked-by: Jukka Rissanen Reviewed-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann --- net/bluetooth/6lowpan.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index a4deba6548fe..608959989f8e 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -592,8 +592,7 @@ static void netdev_setup(struct net_device *dev) { dev->hard_header_len = 0; dev->needed_tailroom = 0; - dev->flags = IFF_RUNNING | IFF_POINTOPOINT | - IFF_MULTICAST; + dev->flags = IFF_RUNNING | IFF_MULTICAST; dev->watchdog_timeo = 0; dev->tx_queue_len = DEFAULT_TX_QUEUE_LEN; From 2f09276769a1f9c515e7767284fb188198ddfed7 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:30 +0200 Subject: [PATCH 46/59] tty: serial: omap: add UPF_BOOT_AUTOCONF flag for DT init The UPF_BOOT_AUTOCONF flag is needed for proper flow control support. Acked-by: Pavel Machek Signed-off-by: Sebastian Reichel Acked-by: Greg Kroah-Hartman Signed-off-by: Marcel Holtmann --- drivers/tty/serial/omap-serial.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c index 6c6f82ad8d5c..a4734649a0f0 100644 --- a/drivers/tty/serial/omap-serial.c +++ b/drivers/tty/serial/omap-serial.c @@ -1597,6 +1597,9 @@ static struct omap_uart_port_info *of_get_uart_port_info(struct device *dev) of_property_read_u32(dev->of_node, "clock-frequency", &omap_up_info->uartclk); + + omap_up_info->flags = UPF_BOOT_AUTOCONF; + return omap_up_info; } From b3f80c8f75efb2e6a817a0e48bf36cd30685a138 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:31 +0200 Subject: [PATCH 47/59] serdev: add serdev_device_wait_until_sent Add method, which waits until the transmission buffer has been sent. Note, that the change in ttyport_write_wakeup is related, since tty_wait_until_sent will hang without that change. Acked-by: Rob Herring Acked-by: Pavel Machek Signed-off-by: Sebastian Reichel Acked-by: Greg Kroah-Hartman Signed-off-by: Marcel Holtmann --- drivers/tty/serdev/core.c | 11 +++++++++++ drivers/tty/serdev/serdev-ttyport.c | 18 ++++++++++++++---- include/linux/serdev.h | 3 +++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index f4c6c90add78..a63b74031e22 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -173,6 +173,17 @@ void serdev_device_set_flow_control(struct serdev_device *serdev, bool enable) } EXPORT_SYMBOL_GPL(serdev_device_set_flow_control); +void serdev_device_wait_until_sent(struct serdev_device *serdev, long timeout) +{ + struct serdev_controller *ctrl = serdev->ctrl; + + if (!ctrl || !ctrl->ops->wait_until_sent) + return; + + ctrl->ops->wait_until_sent(ctrl, timeout); +} +EXPORT_SYMBOL_GPL(serdev_device_wait_until_sent); + static int serdev_drv_probe(struct device *dev) { const struct serdev_device_driver *sdrv = to_serdev_device_driver(dev->driver); diff --git a/drivers/tty/serdev/serdev-ttyport.c b/drivers/tty/serdev/serdev-ttyport.c index d05393594f15..50dc75c4d204 100644 --- a/drivers/tty/serdev/serdev-ttyport.c +++ b/drivers/tty/serdev/serdev-ttyport.c @@ -14,6 +14,7 @@ #include #include #include +#include #define SERPORT_ACTIVE 1 @@ -46,11 +47,11 @@ static void ttyport_write_wakeup(struct tty_port *port) struct serdev_controller *ctrl = port->client_data; struct serport *serport = serdev_controller_get_drvdata(ctrl); - if (!test_and_clear_bit(TTY_DO_WRITE_WAKEUP, &port->tty->flags)) - return; - - if (test_bit(SERPORT_ACTIVE, &serport->flags)) + if (test_and_clear_bit(TTY_DO_WRITE_WAKEUP, &port->tty->flags) && + test_bit(SERPORT_ACTIVE, &serport->flags)) serdev_controller_write_wakeup(ctrl); + + wake_up_interruptible_poll(&port->tty->write_wait, POLLOUT); } static const struct tty_port_client_operations client_ops = { @@ -167,6 +168,14 @@ static void ttyport_set_flow_control(struct serdev_controller *ctrl, bool enable tty_set_termios(tty, &ktermios); } +static void ttyport_wait_until_sent(struct serdev_controller *ctrl, long timeout) +{ + struct serport *serport = serdev_controller_get_drvdata(ctrl); + struct tty_struct *tty = serport->tty; + + tty_wait_until_sent(tty, timeout); +} + static const struct serdev_controller_ops ctrl_ops = { .write_buf = ttyport_write_buf, .write_flush = ttyport_write_flush, @@ -175,6 +184,7 @@ static const struct serdev_controller_ops ctrl_ops = { .close = ttyport_close, .set_flow_control = ttyport_set_flow_control, .set_baudrate = ttyport_set_baudrate, + .wait_until_sent = ttyport_wait_until_sent, }; struct device *serdev_tty_port_register(struct tty_port *port, diff --git a/include/linux/serdev.h b/include/linux/serdev.h index 9519da6253a8..a308b206d204 100644 --- a/include/linux/serdev.h +++ b/include/linux/serdev.h @@ -81,6 +81,7 @@ struct serdev_controller_ops { void (*close)(struct serdev_controller *); void (*set_flow_control)(struct serdev_controller *, bool); unsigned int (*set_baudrate)(struct serdev_controller *, unsigned int); + void (*wait_until_sent)(struct serdev_controller *, long); }; /** @@ -186,6 +187,7 @@ int serdev_device_open(struct serdev_device *); void serdev_device_close(struct serdev_device *); unsigned int serdev_device_set_baudrate(struct serdev_device *, unsigned int); void serdev_device_set_flow_control(struct serdev_device *, bool); +void serdev_device_wait_until_sent(struct serdev_device *, long); int serdev_device_write_buf(struct serdev_device *, const unsigned char *, size_t); void serdev_device_write_flush(struct serdev_device *); int serdev_device_write_room(struct serdev_device *); @@ -223,6 +225,7 @@ static inline unsigned int serdev_device_set_baudrate(struct serdev_device *sdev return 0; } static inline void serdev_device_set_flow_control(struct serdev_device *sdev, bool enable) {} +static inline void serdev_device_wait_until_sent(struct serdev_device *sdev, long timeout) {} static inline int serdev_device_write_buf(struct serdev_device *sdev, const unsigned char *buf, size_t count) { return -ENODEV; From 5659dab26f09a60db8bd1600e1ce89802fab1c7f Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:32 +0200 Subject: [PATCH 48/59] serdev: implement get/set tiocm Add method for getting and setting tiocm. Acked-by: Pavel Machek Acked-by: Rob Herring Signed-off-by: Sebastian Reichel Acked-by: Greg Kroah-Hartman Signed-off-by: Marcel Holtmann --- drivers/tty/serdev/core.c | 22 ++++++++++++++++++++++ drivers/tty/serdev/serdev-ttyport.c | 24 ++++++++++++++++++++++++ include/linux/serdev.h | 13 +++++++++++++ 3 files changed, 59 insertions(+) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index a63b74031e22..1e1cbae3a0ea 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -184,6 +184,28 @@ void serdev_device_wait_until_sent(struct serdev_device *serdev, long timeout) } EXPORT_SYMBOL_GPL(serdev_device_wait_until_sent); +int serdev_device_get_tiocm(struct serdev_device *serdev) +{ + struct serdev_controller *ctrl = serdev->ctrl; + + if (!ctrl || !ctrl->ops->get_tiocm) + return -ENOTSUPP; + + return ctrl->ops->get_tiocm(ctrl); +} +EXPORT_SYMBOL_GPL(serdev_device_get_tiocm); + +int serdev_device_set_tiocm(struct serdev_device *serdev, int set, int clear) +{ + struct serdev_controller *ctrl = serdev->ctrl; + + if (!ctrl || !ctrl->ops->set_tiocm) + return -ENOTSUPP; + + return ctrl->ops->set_tiocm(ctrl, set, clear); +} +EXPORT_SYMBOL_GPL(serdev_device_set_tiocm); + static int serdev_drv_probe(struct device *dev) { const struct serdev_device_driver *sdrv = to_serdev_device_driver(dev->driver); diff --git a/drivers/tty/serdev/serdev-ttyport.c b/drivers/tty/serdev/serdev-ttyport.c index 50dc75c4d204..487c88f6aa0e 100644 --- a/drivers/tty/serdev/serdev-ttyport.c +++ b/drivers/tty/serdev/serdev-ttyport.c @@ -176,6 +176,28 @@ static void ttyport_wait_until_sent(struct serdev_controller *ctrl, long timeout tty_wait_until_sent(tty, timeout); } +static int ttyport_get_tiocm(struct serdev_controller *ctrl) +{ + struct serport *serport = serdev_controller_get_drvdata(ctrl); + struct tty_struct *tty = serport->tty; + + if (!tty->ops->tiocmget) + return -ENOTSUPP; + + return tty->driver->ops->tiocmget(tty); +} + +static int ttyport_set_tiocm(struct serdev_controller *ctrl, unsigned int set, unsigned int clear) +{ + struct serport *serport = serdev_controller_get_drvdata(ctrl); + struct tty_struct *tty = serport->tty; + + if (!tty->ops->tiocmset) + return -ENOTSUPP; + + return tty->driver->ops->tiocmset(tty, set, clear); +} + static const struct serdev_controller_ops ctrl_ops = { .write_buf = ttyport_write_buf, .write_flush = ttyport_write_flush, @@ -185,6 +207,8 @@ static const struct serdev_controller_ops ctrl_ops = { .set_flow_control = ttyport_set_flow_control, .set_baudrate = ttyport_set_baudrate, .wait_until_sent = ttyport_wait_until_sent, + .get_tiocm = ttyport_get_tiocm, + .set_tiocm = ttyport_set_tiocm, }; struct device *serdev_tty_port_register(struct tty_port *port, diff --git a/include/linux/serdev.h b/include/linux/serdev.h index a308b206d204..e29a270f603c 100644 --- a/include/linux/serdev.h +++ b/include/linux/serdev.h @@ -15,6 +15,7 @@ #include #include +#include struct serdev_controller; struct serdev_device; @@ -82,6 +83,8 @@ struct serdev_controller_ops { void (*set_flow_control)(struct serdev_controller *, bool); unsigned int (*set_baudrate)(struct serdev_controller *, unsigned int); void (*wait_until_sent)(struct serdev_controller *, long); + int (*get_tiocm)(struct serdev_controller *); + int (*set_tiocm)(struct serdev_controller *, unsigned int, unsigned int); }; /** @@ -188,6 +191,8 @@ void serdev_device_close(struct serdev_device *); unsigned int serdev_device_set_baudrate(struct serdev_device *, unsigned int); void serdev_device_set_flow_control(struct serdev_device *, bool); void serdev_device_wait_until_sent(struct serdev_device *, long); +int serdev_device_get_tiocm(struct serdev_device *); +int serdev_device_set_tiocm(struct serdev_device *, int, int); int serdev_device_write_buf(struct serdev_device *, const unsigned char *, size_t); void serdev_device_write_flush(struct serdev_device *); int serdev_device_write_room(struct serdev_device *); @@ -226,6 +231,14 @@ static inline unsigned int serdev_device_set_baudrate(struct serdev_device *sdev } static inline void serdev_device_set_flow_control(struct serdev_device *sdev, bool enable) {} static inline void serdev_device_wait_until_sent(struct serdev_device *sdev, long timeout) {} +static inline int serdev_device_get_tiocm(struct serdev_device *serdev) +{ + return -ENOTSUPP; +} +static inline int serdev_device_set_tiocm(struct serdev_device *serdev, int set, int clear) +{ + return -ENOTSUPP; +} static inline int serdev_device_write_buf(struct serdev_device *sdev, const unsigned char *buf, size_t count) { return -ENODEV; From 756db778748949f6403b727fc6251674dbfcb1a2 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:33 +0200 Subject: [PATCH 49/59] serdev: add helpers for cts and rts handling Add serdev helper functions for handling of cts and rts lines using the serdev's tiocm functions. Acked-by: Rob Herring Signed-off-by: Sebastian Reichel Acked-by: Greg Kroah-Hartman Signed-off-by: Marcel Holtmann --- include/linux/serdev.h | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/include/linux/serdev.h b/include/linux/serdev.h index e29a270f603c..37395b8eb8f1 100644 --- a/include/linux/serdev.h +++ b/include/linux/serdev.h @@ -16,6 +16,7 @@ #include #include #include +#include struct serdev_controller; struct serdev_device; @@ -254,6 +255,36 @@ static inline int serdev_device_write_room(struct serdev_device *sdev) #endif /* CONFIG_SERIAL_DEV_BUS */ +static inline bool serdev_device_get_cts(struct serdev_device *serdev) +{ + int status = serdev_device_get_tiocm(serdev); + return !!(status & TIOCM_CTS); +} + +static inline int serdev_device_wait_for_cts(struct serdev_device *serdev, bool state, int timeout_ms) +{ + unsigned long timeout; + bool signal; + + timeout = jiffies + msecs_to_jiffies(timeout_ms); + while (time_is_after_jiffies(timeout)) { + signal = serdev_device_get_cts(serdev); + if (signal == state) + return 0; + usleep_range(1000, 2000); + } + + return -ETIMEDOUT; +} + +static inline int serdev_device_set_rts(struct serdev_device *serdev, bool enable) +{ + if (enable) + return serdev_device_set_tiocm(serdev, TIOCM_RTS, 0); + else + return serdev_device_set_tiocm(serdev, 0, TIOCM_RTS); +} + /* * serdev hooks into TTY core */ From aeac30140694824f26d14655271e1dcf3e32fd49 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:34 +0200 Subject: [PATCH 50/59] Bluetooth: hci_uart: add support for word alignment This will be used by Nokia's H4+ protocol, which uses 2-byte aligned packets. Acked-by: Pavel Machek Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_h4.c | 17 +++++++++++++++++ drivers/bluetooth/hci_ldisc.c | 4 ++++ drivers/bluetooth/hci_uart.h | 3 +++ 3 files changed, 24 insertions(+) diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c index 635597b6e168..82e5a32b87a4 100644 --- a/drivers/bluetooth/hci_h4.c +++ b/drivers/bluetooth/hci_h4.c @@ -171,9 +171,20 @@ struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb, const unsigned char *buffer, int count, const struct h4_recv_pkt *pkts, int pkts_count) { + struct hci_uart *hu = hci_get_drvdata(hdev); + u8 alignment = hu->alignment; + while (count) { int i, len; + /* remove padding bytes from buffer */ + for (; hu->padding && count > 0; hu->padding--) { + count--; + buffer++; + } + if (!count) + break; + if (!skb) { for (i = 0; i < pkts_count; i++) { if (buffer[0] != (&pkts[i])->type) @@ -253,11 +264,17 @@ struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb, } if (!dlen) { + hu->padding = (skb->len - 1) % alignment; + hu->padding = (alignment - hu->padding) % alignment; + /* No more data, complete frame */ (&pkts[i])->recv(hdev, skb); skb = NULL; } } else { + hu->padding = (skb->len - 1) % alignment; + hu->padding = (alignment - hu->padding) % alignment; + /* Complete frame */ (&pkts[i])->recv(hdev, skb); skb = NULL; diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index 9497c469efd2..0ec8a94bd712 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -459,6 +459,10 @@ static int hci_uart_tty_open(struct tty_struct *tty) hu->tty = tty; tty->receive_room = 65536; + /* disable alignment support by default */ + hu->alignment = 1; + hu->padding = 0; + INIT_WORK(&hu->init_ready, hci_uart_init_work); INIT_WORK(&hu->write_work, hci_uart_write_work); diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 070139513e65..4aff50960cac 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -92,6 +92,9 @@ struct hci_uart { unsigned int init_speed; unsigned int oper_speed; + + u8 alignment; + u8 padding; }; /* HCI_UART proto flag bits */ From 82f5169bf3d3b5d8f7f7c437d2d83435173cb638 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Tue, 28 Mar 2017 17:59:35 +0200 Subject: [PATCH 51/59] Bluetooth: hci_uart: add serdev driver support library This adds library functions for serdev based BT drivers. This is largely copied from hci_ldisc.c and modified to use serdev calls. There's a little bit of duplication, but I avoided intermixing this as the ldisc code should eventually go away. Signed-off-by: Rob Herring Cc: Marcel Holtmann Cc: Gustavo Padovan Cc: Johan Hedberg Cc: linux-bluetooth@vger.kernel.org Acked-by: Pavel Machek [Fix style issues reported by Pavel] Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- drivers/bluetooth/Makefile | 1 + drivers/bluetooth/hci_serdev.c | 361 +++++++++++++++++++++++++++++++++ drivers/bluetooth/hci_uart.h | 4 + 3 files changed, 366 insertions(+) create mode 100644 drivers/bluetooth/hci_serdev.c diff --git a/drivers/bluetooth/Makefile b/drivers/bluetooth/Makefile index 80627187c8b6..fd571689eed6 100644 --- a/drivers/bluetooth/Makefile +++ b/drivers/bluetooth/Makefile @@ -29,6 +29,7 @@ btmrvl-y := btmrvl_main.o btmrvl-$(CONFIG_DEBUG_FS) += btmrvl_debugfs.o hci_uart-y := hci_ldisc.o +hci_uart-$(CONFIG_SERIAL_DEV_BUS) += hci_serdev.o hci_uart-$(CONFIG_BT_HCIUART_H4) += hci_h4.o hci_uart-$(CONFIG_BT_HCIUART_BCSP) += hci_bcsp.o hci_uart-$(CONFIG_BT_HCIUART_LL) += hci_ll.o diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c new file mode 100644 index 000000000000..f5ccb2c7ef92 --- /dev/null +++ b/drivers/bluetooth/hci_serdev.c @@ -0,0 +1,361 @@ +/* + * Bluetooth HCI serdev driver lib + * + * Copyright (C) 2017 Linaro, Ltd., Rob Herring + * + * Based on hci_ldisc.c: + * + * Copyright (C) 2000-2001 Qualcomm Incorporated + * Copyright (C) 2002-2003 Maxim Krasnyansky + * Copyright (C) 2004-2005 Marcel Holtmann + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#include +#include +#include +#include + +#include +#include + +#include "hci_uart.h" + +struct serdev_device_ops hci_serdev_client_ops; + +static inline void hci_uart_tx_complete(struct hci_uart *hu, int pkt_type) +{ + struct hci_dev *hdev = hu->hdev; + + /* Update HCI stat counters */ + switch (pkt_type) { + case HCI_COMMAND_PKT: + hdev->stat.cmd_tx++; + break; + + case HCI_ACLDATA_PKT: + hdev->stat.acl_tx++; + break; + + case HCI_SCODATA_PKT: + hdev->stat.sco_tx++; + break; + } +} + +static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu) +{ + struct sk_buff *skb = hu->tx_skb; + + if (!skb) + skb = hu->proto->dequeue(hu); + else + hu->tx_skb = NULL; + + return skb; +} + +static void hci_uart_write_work(struct work_struct *work) +{ + struct hci_uart *hu = container_of(work, struct hci_uart, write_work); + struct serdev_device *serdev = hu->serdev; + struct hci_dev *hdev = hu->hdev; + struct sk_buff *skb; + + /* REVISIT: + * should we cope with bad skbs or ->write() returning an error value? + */ + do { + clear_bit(HCI_UART_TX_WAKEUP, &hu->tx_state); + + while ((skb = hci_uart_dequeue(hu))) { + int len; + + len = serdev_device_write_buf(serdev, + skb->data, skb->len); + hdev->stat.byte_tx += len; + + skb_pull(skb, len); + if (skb->len) { + hu->tx_skb = skb; + break; + } + + hci_uart_tx_complete(hu, hci_skb_pkt_type(skb)); + kfree_skb(skb); + } + } while(test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state)); + + clear_bit(HCI_UART_SENDING, &hu->tx_state); +} + +/* ------- Interface to HCI layer ------ */ + +/* Initialize device */ +static int hci_uart_open(struct hci_dev *hdev) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + + BT_DBG("%s %p", hdev->name, hdev); + + serdev_device_set_client_ops(hu->serdev, &hci_serdev_client_ops); + + return serdev_device_open(hu->serdev); +} + +/* Reset device */ +static int hci_uart_flush(struct hci_dev *hdev) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + + BT_DBG("hdev %p serdev %p", hdev, hu->serdev); + + if (hu->tx_skb) { + kfree_skb(hu->tx_skb); hu->tx_skb = NULL; + } + + /* Flush any pending characters in the driver and discipline. */ + serdev_device_write_flush(hu->serdev); + + if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) + hu->proto->flush(hu); + + return 0; +} + +/* Close device */ +static int hci_uart_close(struct hci_dev *hdev) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + + BT_DBG("hdev %p", hdev); + + hci_uart_flush(hdev); + hdev->flush = NULL; + + serdev_device_close(hu->serdev); + + return 0; +} + +/* Send frames from HCI layer */ +static int hci_uart_send_frame(struct hci_dev *hdev, struct sk_buff *skb) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + + BT_DBG("%s: type %d len %d", hdev->name, hci_skb_pkt_type(skb), + skb->len); + + hu->proto->enqueue(hu, skb); + + hci_uart_tx_wakeup(hu); + + return 0; +} + +static int hci_uart_setup(struct hci_dev *hdev) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + struct hci_rp_read_local_version *ver; + struct sk_buff *skb; + unsigned int speed; + int err; + + /* Init speed if any */ + if (hu->init_speed) + speed = hu->init_speed; + else if (hu->proto->init_speed) + speed = hu->proto->init_speed; + else + speed = 0; + + if (speed) + serdev_device_set_baudrate(hu->serdev, speed); + + /* Operational speed if any */ + if (hu->oper_speed) + speed = hu->oper_speed; + else if (hu->proto->oper_speed) + speed = hu->proto->oper_speed; + else + speed = 0; + + if (hu->proto->set_baudrate && speed) { + err = hu->proto->set_baudrate(hu, speed); + if (err) + BT_ERR("%s: failed to set baudrate", hdev->name); + else + serdev_device_set_baudrate(hu->serdev, speed); + } + + if (hu->proto->setup) + return hu->proto->setup(hu); + + if (!test_bit(HCI_UART_VND_DETECT, &hu->hdev_flags)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + BT_ERR("%s: Reading local version information failed (%ld)", + hdev->name, PTR_ERR(skb)); + return 0; + } + + if (skb->len != sizeof(*ver)) { + BT_ERR("%s: Event length mismatch for version information", + hdev->name); + } + + kfree_skb(skb); + return 0; +} + +/** hci_uart_write_wakeup - transmit buffer wakeup + * @serdev: serial device + * + * This function is called by the serdev framework when it accepts + * more data being sent. + */ +static void hci_uart_write_wakeup(struct serdev_device *serdev) +{ + struct hci_uart *hu = serdev_device_get_drvdata(serdev); + + BT_DBG(""); + + if (!hu || serdev != hu->serdev) { + WARN_ON(1); + return; + } + + if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) + hci_uart_tx_wakeup(hu); +} + +/** hci_uart_receive_buf - receive buffer wakeup + * @serdev: serial device + * @data: pointer to received data + * @count: count of received data in bytes + * + * This function is called by the serdev framework when it received data + * in the RX buffer. + * + * Return: number of processed bytes + */ +static int hci_uart_receive_buf(struct serdev_device *serdev, const u8 *data, + size_t count) +{ + struct hci_uart *hu = serdev_device_get_drvdata(serdev); + + if (!hu || serdev != hu->serdev) { + WARN_ON(1); + return 0; + } + + if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) + return 0; + + /* It does not need a lock here as it is already protected by a mutex in + * tty caller + */ + hu->proto->recv(hu, data, count); + + if (hu->hdev) + hu->hdev->stat.byte_rx += count; + + return count; +} + +struct serdev_device_ops hci_serdev_client_ops = { + .receive_buf = hci_uart_receive_buf, + .write_wakeup = hci_uart_write_wakeup, +}; + +int hci_uart_register_device(struct hci_uart *hu, + const struct hci_uart_proto *p) +{ + int err; + struct hci_dev *hdev; + + BT_DBG(""); + + err = p->open(hu); + if (err) + return err; + + hu->proto = p; + set_bit(HCI_UART_PROTO_READY, &hu->flags); + + /* Initialize and register HCI device */ + hdev = hci_alloc_dev(); + if (!hdev) { + BT_ERR("Can't allocate HCI device"); + err = -ENOMEM; + goto err_alloc; + } + + hu->hdev = hdev; + + hdev->bus = HCI_UART; + hci_set_drvdata(hdev, hu); + + INIT_WORK(&hu->write_work, hci_uart_write_work); + + /* Only when vendor specific setup callback is provided, consider + * the manufacturer information valid. This avoids filling in the + * value for Ericsson when nothing is specified. + */ + if (hu->proto->setup) + hdev->manufacturer = hu->proto->manufacturer; + + hdev->open = hci_uart_open; + hdev->close = hci_uart_close; + hdev->flush = hci_uart_flush; + hdev->send = hci_uart_send_frame; + hdev->setup = hci_uart_setup; + SET_HCIDEV_DEV(hdev, &hu->serdev->dev); + + if (test_bit(HCI_UART_RAW_DEVICE, &hu->hdev_flags)) + set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); + + if (test_bit(HCI_UART_EXT_CONFIG, &hu->hdev_flags)) + set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks); + + if (!test_bit(HCI_UART_RESET_ON_INIT, &hu->hdev_flags)) + set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); + + if (test_bit(HCI_UART_CREATE_AMP, &hu->hdev_flags)) + hdev->dev_type = HCI_AMP; + else + hdev->dev_type = HCI_PRIMARY; + + if (test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags)) + return 0; + + if (hci_register_dev(hdev) < 0) { + BT_ERR("Can't register HCI device"); + err = -ENODEV; + goto err_register; + } + + set_bit(HCI_UART_REGISTERED, &hu->flags); + + return 0; + +err_register: + hci_free_dev(hdev); +err_alloc: + clear_bit(HCI_UART_PROTO_READY, &hu->flags); + p->close(hu); + return err; +} diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 4aff50960cac..1b41c661bbb8 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -58,6 +58,7 @@ #define HCI_UART_VND_DETECT 5 struct hci_uart; +struct serdev_device; struct hci_uart_proto { unsigned int id; @@ -77,6 +78,7 @@ struct hci_uart_proto { struct hci_uart { struct tty_struct *tty; + struct serdev_device *serdev; struct hci_dev *hdev; unsigned long flags; unsigned long hdev_flags; @@ -108,6 +110,8 @@ struct hci_uart { int hci_uart_register_proto(const struct hci_uart_proto *p); int hci_uart_unregister_proto(const struct hci_uart_proto *p); +int hci_uart_register_device(struct hci_uart *hu, const struct hci_uart_proto *p); + int hci_uart_tx_wakeup(struct hci_uart *hu); int hci_uart_init_ready(struct hci_uart *hu); void hci_uart_init_tty(struct hci_uart *hu); From 52b318e6196169e5ff8a52371833cd5a9dba05d1 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:36 +0200 Subject: [PATCH 52/59] Bluetooth: hci_serdev: do not open device in hci open The device driver may need to communicate with the UART device while the Bluetooth device is closed (e.g. due to interrupts). Acked-by: Pavel Machek Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_serdev.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c index f5ccb2c7ef92..3b8ac0ece3fb 100644 --- a/drivers/bluetooth/hci_serdev.c +++ b/drivers/bluetooth/hci_serdev.c @@ -104,13 +104,9 @@ static void hci_uart_write_work(struct work_struct *work) /* Initialize device */ static int hci_uart_open(struct hci_dev *hdev) { - struct hci_uart *hu = hci_get_drvdata(hdev); - BT_DBG("%s %p", hdev->name, hdev); - serdev_device_set_client_ops(hu->serdev, &hci_serdev_client_ops); - - return serdev_device_open(hu->serdev); + return 0; } /* Reset device */ @@ -136,15 +132,11 @@ static int hci_uart_flush(struct hci_dev *hdev) /* Close device */ static int hci_uart_close(struct hci_dev *hdev) { - struct hci_uart *hu = hci_get_drvdata(hdev); - BT_DBG("hdev %p", hdev); hci_uart_flush(hdev); hdev->flush = NULL; - serdev_device_close(hu->serdev); - return 0; } @@ -289,6 +281,8 @@ int hci_uart_register_device(struct hci_uart *hu, BT_DBG(""); + serdev_device_set_client_ops(hu->serdev, &hci_serdev_client_ops); + err = p->open(hu); if (err) return err; From 081f36a8c2e0ae56f33ba6b12389b290a49b6508 Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Tue, 28 Mar 2017 17:59:37 +0200 Subject: [PATCH 53/59] Bluetooth: hci_serdev: allow modular drivers For bluetooth protocol driver only supporting serdev it makes sense to follow common practice and built them into their own module. Such modules need access to hci_uart_register_device and hci_uart_tx_wakeup for using the common protocol helpers. Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_ldisc.c | 1 + drivers/bluetooth/hci_serdev.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index 0ec8a94bd712..17bcbc13623f 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -134,6 +134,7 @@ int hci_uart_tx_wakeup(struct hci_uart *hu) return 0; } +EXPORT_SYMBOL_GPL(hci_uart_tx_wakeup); static void hci_uart_write_work(struct work_struct *work) { diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c index 3b8ac0ece3fb..7de0edc0ff8c 100644 --- a/drivers/bluetooth/hci_serdev.c +++ b/drivers/bluetooth/hci_serdev.c @@ -353,3 +353,4 @@ int hci_uart_register_device(struct hci_uart *hu, p->close(hu); return err; } +EXPORT_SYMBOL_GPL(hci_uart_register_device); From 1286be270e9a9edaf534856b1143a06f0dd1f30d Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Thu, 13 Apr 2017 02:26:58 +0200 Subject: [PATCH 54/59] dt-bindings: net: bluetooth: Add nokia-bluetooth Add binding document for serial bluetooth chips using Nokia H4+ protocol. Acked-by: Rob Herring Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- .../bindings/net/nokia-bluetooth.txt | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 Documentation/devicetree/bindings/net/nokia-bluetooth.txt diff --git a/Documentation/devicetree/bindings/net/nokia-bluetooth.txt b/Documentation/devicetree/bindings/net/nokia-bluetooth.txt new file mode 100644 index 000000000000..42be7dc9a70b --- /dev/null +++ b/Documentation/devicetree/bindings/net/nokia-bluetooth.txt @@ -0,0 +1,51 @@ +Nokia Bluetooth Chips +--------------------- + +Nokia phones often come with UART connected bluetooth chips from different +vendors and modified device API. Those devices speak a protocol named H4+ +(also known as h4p) by Nokia, which is similar to the H4 protocol from the +Bluetooth standard. In addition to the H4 protocol it specifies two more +UART status lines for wakeup of UART transceivers to improve power management +and a few new packet types used to negotiate uart speed. + +Required properties: + + - compatible: should contain "nokia,h4p-bluetooth" as well as one of the following: + * "brcm,bcm2048-nokia" + * "ti,wl1271-bluetooth-nokia" + - reset-gpios: GPIO specifier, used to reset the BT module (active low) + - bluetooth-wakeup-gpios: GPIO specifier, used to wakeup the BT module (active high) + - host-wakeup-gpios: GPIO specifier, used to wakeup the host processor (active high) + - clock-names: should be "sysclk" + - clocks: should contain a clock specifier for every name in clock-names + +Optional properties: + + - None + +Example: + +/ { + /* controlled (enabled/disabled) directly by BT module */ + bluetooth_clk: vctcxo { + compatible = "fixed-clock"; + #clock-cells = <0>; + clock-frequency = <38400000>; + }; +}; + +&uart2 { + pinctrl-names = "default"; + pinctrl-0 = <&uart2_pins>; + + bluetooth { + compatible = "ti,wl1271-bluetooth-nokia", "nokia,h4p-bluetooth"; + + reset-gpios = <&gpio1 26 GPIO_ACTIVE_LOW>; /* gpio26 */ + host-wakeup-gpios = <&gpio4 5 GPIO_ACTIVE_HIGH>; /* gpio101 */ + bluetooth-wakeup-gpios = <&gpio2 5 GPIO_ACTIVE_HIGH>; /* gpio37 */ + + clocks = <&bluetooth_clk>; + clock-names = "sysclk"; + }; +}; From 7bb318680e868cd049922f6761170b42ff89687d Mon Sep 17 00:00:00 2001 From: Sebastian Reichel Date: Thu, 13 Apr 2017 02:26:59 +0200 Subject: [PATCH 55/59] Bluetooth: add nokia driver This adds a driver for the Nokia H4+ protocol, which is used at least on the Nokia N9, N900 & N950. Signed-off-by: Sebastian Reichel Signed-off-by: Marcel Holtmann --- drivers/bluetooth/Kconfig | 12 + drivers/bluetooth/Makefile | 2 + drivers/bluetooth/hci_nokia.c | 820 ++++++++++++++++++++++++++++++++++ 3 files changed, 834 insertions(+) create mode 100644 drivers/bluetooth/hci_nokia.c diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig index a6a9dd4d0eef..8aafbed9e160 100644 --- a/drivers/bluetooth/Kconfig +++ b/drivers/bluetooth/Kconfig @@ -86,6 +86,18 @@ config BT_HCIUART_H4 Say Y here to compile support for HCI UART (H4) protocol. +config BT_HCIUART_NOKIA + tristate "UART Nokia H4+ protocol support" + depends on BT_HCIUART + depends on SERIAL_DEV_BUS + depends on PM + help + Nokia H4+ is serial protocol for communication between Bluetooth + device and host. This protocol is required for Bluetooth devices + with UART interface in Nokia devices. + + Say Y here to compile support for Nokia's H4+ protocol. + config BT_HCIUART_BCSP bool "BCSP protocol support" depends on BT_HCIUART diff --git a/drivers/bluetooth/Makefile b/drivers/bluetooth/Makefile index fd571689eed6..a7f237320f4b 100644 --- a/drivers/bluetooth/Makefile +++ b/drivers/bluetooth/Makefile @@ -25,6 +25,8 @@ obj-$(CONFIG_BT_BCM) += btbcm.o obj-$(CONFIG_BT_RTL) += btrtl.o obj-$(CONFIG_BT_QCA) += btqca.o +obj-$(CONFIG_BT_HCIUART_NOKIA) += hci_nokia.o + btmrvl-y := btmrvl_main.o btmrvl-$(CONFIG_DEBUG_FS) += btmrvl_debugfs.o diff --git a/drivers/bluetooth/hci_nokia.c b/drivers/bluetooth/hci_nokia.c new file mode 100644 index 000000000000..4038daf78d24 --- /dev/null +++ b/drivers/bluetooth/hci_nokia.c @@ -0,0 +1,820 @@ +/* + * Bluetooth HCI UART H4 driver with Nokia Extensions AKA Nokia H4+ + * + * Copyright (C) 2015 Marcel Holtmann + * Copyright (C) 2015-2017 Sebastian Reichel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "hci_uart.h" +#include "btbcm.h" + +#define NOKIA_ID_BCM2048 0x04 +#define NOKIA_ID_TI1271 0x31 + +#define FIRMWARE_BCM2048 "nokia/bcmfw.bin" +#define FIRMWARE_TI1271 "nokia/ti1273.bin" + +#define HCI_NOKIA_NEG_PKT 0x06 +#define HCI_NOKIA_ALIVE_PKT 0x07 +#define HCI_NOKIA_RADIO_PKT 0x08 + +#define HCI_NOKIA_NEG_HDR_SIZE 1 +#define HCI_NOKIA_MAX_NEG_SIZE 255 +#define HCI_NOKIA_ALIVE_HDR_SIZE 1 +#define HCI_NOKIA_MAX_ALIVE_SIZE 255 +#define HCI_NOKIA_RADIO_HDR_SIZE 2 +#define HCI_NOKIA_MAX_RADIO_SIZE 255 + +#define NOKIA_PROTO_PKT 0x44 +#define NOKIA_PROTO_BYTE 0x4c + +#define NOKIA_NEG_REQ 0x00 +#define NOKIA_NEG_ACK 0x20 +#define NOKIA_NEG_NAK 0x40 + +#define H4_TYPE_SIZE 1 + +#define NOKIA_RECV_ALIVE \ + .type = HCI_NOKIA_ALIVE_PKT, \ + .hlen = HCI_NOKIA_ALIVE_HDR_SIZE, \ + .loff = 0, \ + .lsize = 1, \ + .maxlen = HCI_NOKIA_MAX_ALIVE_SIZE \ + +#define NOKIA_RECV_NEG \ + .type = HCI_NOKIA_NEG_PKT, \ + .hlen = HCI_NOKIA_NEG_HDR_SIZE, \ + .loff = 0, \ + .lsize = 1, \ + .maxlen = HCI_NOKIA_MAX_NEG_SIZE \ + +#define NOKIA_RECV_RADIO \ + .type = HCI_NOKIA_RADIO_PKT, \ + .hlen = HCI_NOKIA_RADIO_HDR_SIZE, \ + .loff = 1, \ + .lsize = 1, \ + .maxlen = HCI_NOKIA_MAX_RADIO_SIZE \ + +struct hci_nokia_neg_hdr { + u8 dlen; +} __packed; + +struct hci_nokia_neg_cmd { + u8 ack; + u16 baud; + u16 unused1; + u8 proto; + u16 sys_clk; + u16 unused2; +} __packed; + +#define NOKIA_ALIVE_REQ 0x55 +#define NOKIA_ALIVE_RESP 0xcc + +struct hci_nokia_alive_hdr { + u8 dlen; +} __packed; + +struct hci_nokia_alive_pkt { + u8 mid; + u8 unused; +} __packed; + +struct hci_nokia_neg_evt { + u8 ack; + u16 baud; + u16 unused1; + u8 proto; + u16 sys_clk; + u16 unused2; + u8 man_id; + u8 ver_id; +} __packed; + +#define MAX_BAUD_RATE 3692300 +#define SETUP_BAUD_RATE 921600 +#define INIT_BAUD_RATE 120000 + +struct hci_nokia_radio_hdr { + u8 evt; + u8 dlen; +} __packed; + +struct nokia_bt_dev { + struct hci_uart hu; + struct serdev_device *serdev; + + struct gpio_desc *reset; + struct gpio_desc *wakeup_host; + struct gpio_desc *wakeup_bt; + unsigned long sysclk_speed; + + int wake_irq; + struct sk_buff *rx_skb; + struct sk_buff_head txq; + bdaddr_t bdaddr; + + int init_error; + struct completion init_completion; + + u8 man_id; + u8 ver_id; + + bool initialized; + bool tx_enabled; + bool rx_enabled; +}; + +static int nokia_enqueue(struct hci_uart *hu, struct sk_buff *skb); + +static void nokia_flow_control(struct serdev_device *serdev, bool enable) +{ + if (enable) { + serdev_device_set_rts(serdev, true); + serdev_device_set_flow_control(serdev, true); + } else { + serdev_device_set_flow_control(serdev, false); + serdev_device_set_rts(serdev, false); + } +} + +static irqreturn_t wakeup_handler(int irq, void *data) +{ + struct nokia_bt_dev *btdev = data; + struct device *dev = &btdev->serdev->dev; + int wake_state = gpiod_get_value(btdev->wakeup_host); + + if (btdev->rx_enabled == wake_state) + return IRQ_HANDLED; + + if (wake_state) + pm_runtime_get(dev); + else + pm_runtime_put(dev); + + btdev->rx_enabled = wake_state; + + return IRQ_HANDLED; +} + +static int nokia_reset(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + int err; + + /* reset routine */ + gpiod_set_value_cansleep(btdev->reset, 1); + gpiod_set_value_cansleep(btdev->wakeup_bt, 1); + + msleep(100); + + /* safety check */ + err = gpiod_get_value_cansleep(btdev->wakeup_host); + if (err == 1) { + dev_err(dev, "reset: host wakeup not low!"); + return -EPROTO; + } + + /* flush queue */ + serdev_device_write_flush(btdev->serdev); + + /* init uart */ + nokia_flow_control(btdev->serdev, false); + serdev_device_set_baudrate(btdev->serdev, INIT_BAUD_RATE); + + gpiod_set_value_cansleep(btdev->reset, 0); + + /* wait for cts */ + err = serdev_device_wait_for_cts(btdev->serdev, true, 200); + if (err < 0) { + dev_err(dev, "CTS not received: %d", err); + return err; + } + + nokia_flow_control(btdev->serdev, true); + + return 0; +} + +static int nokia_send_alive_packet(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + struct hci_nokia_alive_hdr *hdr; + struct hci_nokia_alive_pkt *pkt; + struct sk_buff *skb; + int len; + + init_completion(&btdev->init_completion); + + len = H4_TYPE_SIZE + sizeof(*hdr) + sizeof(*pkt); + skb = bt_skb_alloc(len, GFP_KERNEL); + if (!skb) + return -ENOMEM; + + hci_skb_pkt_type(skb) = HCI_NOKIA_ALIVE_PKT; + memset(skb->data, 0x00, len); + + hdr = (struct hci_nokia_alive_hdr *)skb_put(skb, sizeof(*hdr)); + hdr->dlen = sizeof(*pkt); + pkt = (struct hci_nokia_alive_pkt *)skb_put(skb, sizeof(*pkt)); + pkt->mid = NOKIA_ALIVE_REQ; + + nokia_enqueue(hu, skb); + hci_uart_tx_wakeup(hu); + + dev_dbg(dev, "Alive sent"); + + if (!wait_for_completion_interruptible_timeout(&btdev->init_completion, + msecs_to_jiffies(1000))) { + return -ETIMEDOUT; + } + + if (btdev->init_error < 0) + return btdev->init_error; + + return 0; +} + +static int nokia_send_negotiation(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + struct hci_nokia_neg_cmd *neg_cmd; + struct hci_nokia_neg_hdr *neg_hdr; + struct sk_buff *skb; + int len, err; + u16 baud = DIV_ROUND_CLOSEST(btdev->sysclk_speed * 10, SETUP_BAUD_RATE); + int sysclk = btdev->sysclk_speed / 1000; + + len = H4_TYPE_SIZE + sizeof(*neg_hdr) + sizeof(*neg_cmd); + skb = bt_skb_alloc(len, GFP_KERNEL); + if (!skb) + return -ENOMEM; + + hci_skb_pkt_type(skb) = HCI_NOKIA_NEG_PKT; + + neg_hdr = (struct hci_nokia_neg_hdr *)skb_put(skb, sizeof(*neg_hdr)); + neg_hdr->dlen = sizeof(*neg_cmd); + + neg_cmd = (struct hci_nokia_neg_cmd *)skb_put(skb, sizeof(*neg_cmd)); + neg_cmd->ack = NOKIA_NEG_REQ; + neg_cmd->baud = cpu_to_le16(baud); + neg_cmd->unused1 = 0x0000; + neg_cmd->proto = NOKIA_PROTO_BYTE; + neg_cmd->sys_clk = cpu_to_le16(sysclk); + neg_cmd->unused2 = 0x0000; + + btdev->init_error = 0; + init_completion(&btdev->init_completion); + + nokia_enqueue(hu, skb); + hci_uart_tx_wakeup(hu); + + dev_dbg(dev, "Negotiation sent"); + + if (!wait_for_completion_interruptible_timeout(&btdev->init_completion, + msecs_to_jiffies(10000))) { + return -ETIMEDOUT; + } + + if (btdev->init_error < 0) + return btdev->init_error; + + /* Change to previously negotiated speed. Flow Control + * is disabled until bluetooth adapter is ready to avoid + * broken bytes being received. + */ + nokia_flow_control(btdev->serdev, false); + serdev_device_set_baudrate(btdev->serdev, SETUP_BAUD_RATE); + err = serdev_device_wait_for_cts(btdev->serdev, true, 200); + if (err < 0) { + dev_err(dev, "CTS not received: %d", err); + return err; + } + nokia_flow_control(btdev->serdev, true); + + dev_dbg(dev, "Negotiation successful"); + + return 0; +} + +static int nokia_setup_fw(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + const char *fwname; + const struct firmware *fw; + const u8 *fw_ptr; + size_t fw_size; + int err; + + dev_dbg(dev, "setup firmware"); + + if (btdev->man_id == NOKIA_ID_BCM2048) { + fwname = FIRMWARE_BCM2048; + } else if (btdev->man_id == NOKIA_ID_TI1271) { + fwname = FIRMWARE_TI1271; + } else { + dev_err(dev, "Unsupported bluetooth device!"); + return -ENODEV; + } + + err = request_firmware(&fw, fwname, dev); + if (err < 0) { + dev_err(dev, "%s: Failed to load Nokia firmware file (%d)", + hu->hdev->name, err); + return err; + } + + fw_ptr = fw->data; + fw_size = fw->size; + + while (fw_size >= 4) { + u16 pkt_size = get_unaligned_le16(fw_ptr); + u8 pkt_type = fw_ptr[2]; + const struct hci_command_hdr *cmd; + u16 opcode; + struct sk_buff *skb; + + switch (pkt_type) { + case HCI_COMMAND_PKT: + cmd = (struct hci_command_hdr *)(fw_ptr + 3); + opcode = le16_to_cpu(cmd->opcode); + + skb = __hci_cmd_sync(hu->hdev, opcode, cmd->plen, + fw_ptr + 3 + HCI_COMMAND_HDR_SIZE, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + dev_err(dev, "%s: FW command %04x failed (%d)", + hu->hdev->name, opcode, err); + goto done; + } + kfree_skb(skb); + break; + case HCI_NOKIA_RADIO_PKT: + case HCI_NOKIA_NEG_PKT: + case HCI_NOKIA_ALIVE_PKT: + break; + } + + fw_ptr += pkt_size + 2; + fw_size -= pkt_size + 2; + } + +done: + release_firmware(fw); + return err; +} + +static int nokia_setup(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + int err; + + btdev->initialized = false; + + nokia_flow_control(btdev->serdev, false); + + pm_runtime_get_sync(dev); + + if (btdev->tx_enabled) { + gpiod_set_value_cansleep(btdev->wakeup_bt, 0); + pm_runtime_put(&btdev->serdev->dev); + btdev->tx_enabled = false; + } + + dev_dbg(dev, "protocol setup"); + + /* 0. reset connection */ + err = nokia_reset(hu); + if (err < 0) { + dev_err(dev, "Reset failed: %d", err); + goto out; + } + + /* 1. negotiate speed etc */ + err = nokia_send_negotiation(hu); + if (err < 0) { + dev_err(dev, "Negotiation failed: %d", err); + goto out; + } + + /* 2. verify correct setup using alive packet */ + err = nokia_send_alive_packet(hu); + if (err < 0) { + dev_err(dev, "Alive check failed: %d", err); + goto out; + } + + /* 3. send firmware */ + err = nokia_setup_fw(hu); + if (err < 0) { + dev_err(dev, "Could not setup FW: %d", err); + goto out; + } + + nokia_flow_control(btdev->serdev, false); + serdev_device_set_baudrate(btdev->serdev, MAX_BAUD_RATE); + nokia_flow_control(btdev->serdev, true); + + if (btdev->man_id == NOKIA_ID_BCM2048) { + hu->hdev->set_bdaddr = btbcm_set_bdaddr; + set_bit(HCI_QUIRK_INVALID_BDADDR, &hu->hdev->quirks); + dev_dbg(dev, "bcm2048 has invalid bluetooth address!"); + } + + dev_dbg(dev, "protocol setup done!"); + + gpiod_set_value_cansleep(btdev->wakeup_bt, 0); + pm_runtime_put(dev); + btdev->tx_enabled = false; + btdev->initialized = true; + + return 0; +out: + pm_runtime_put(dev); + + return err; +} + +static int nokia_open(struct hci_uart *hu) +{ + struct device *dev = &hu->serdev->dev; + + dev_dbg(dev, "protocol open"); + + serdev_device_open(hu->serdev); + + pm_runtime_enable(dev); + + return 0; +} + +static int nokia_flush(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + + dev_dbg(&btdev->serdev->dev, "flush device"); + + skb_queue_purge(&btdev->txq); + + return 0; +} + +static int nokia_close(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + + dev_dbg(dev, "close device"); + + btdev->initialized = false; + + skb_queue_purge(&btdev->txq); + + kfree_skb(btdev->rx_skb); + + /* disable module */ + gpiod_set_value(btdev->reset, 1); + gpiod_set_value(btdev->wakeup_bt, 0); + + pm_runtime_disable(&btdev->serdev->dev); + serdev_device_close(btdev->serdev); + + return 0; +} + +/* Enqueue frame for transmittion (padding, crc, etc) */ +static int nokia_enqueue(struct hci_uart *hu, struct sk_buff *skb) +{ + struct nokia_bt_dev *btdev = hu->priv; + int err; + + /* Prepend skb with frame type */ + memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1); + + /* Packets must be word aligned */ + if (skb->len % 2) { + err = skb_pad(skb, 1); + if (err) + return err; + *skb_put(skb, 1) = 0x00; + } + + skb_queue_tail(&btdev->txq, skb); + + return 0; +} + +static int nokia_recv_negotiation_packet(struct hci_dev *hdev, + struct sk_buff *skb) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + struct hci_nokia_neg_hdr *hdr; + struct hci_nokia_neg_evt *evt; + int ret = 0; + + hdr = (struct hci_nokia_neg_hdr *)skb->data; + if (hdr->dlen != sizeof(*evt)) { + btdev->init_error = -EIO; + ret = -EIO; + goto finish_neg; + } + + evt = (struct hci_nokia_neg_evt *)skb_pull(skb, sizeof(*hdr)); + + if (evt->ack != NOKIA_NEG_ACK) { + dev_err(dev, "Negotiation received: wrong reply"); + btdev->init_error = -EINVAL; + ret = -EINVAL; + goto finish_neg; + } + + btdev->man_id = evt->man_id; + btdev->ver_id = evt->ver_id; + + dev_dbg(dev, "Negotiation received: baud=%u:clk=%u:manu=%u:vers=%u", + evt->baud, evt->sys_clk, evt->man_id, evt->ver_id); + +finish_neg: + complete(&btdev->init_completion); + kfree_skb(skb); + return ret; +} + +static int nokia_recv_alive_packet(struct hci_dev *hdev, struct sk_buff *skb) +{ + struct hci_uart *hu = hci_get_drvdata(hdev); + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + struct hci_nokia_alive_hdr *hdr; + struct hci_nokia_alive_pkt *pkt; + int ret = 0; + + hdr = (struct hci_nokia_alive_hdr *)skb->data; + if (hdr->dlen != sizeof(*pkt)) { + dev_err(dev, "Corrupted alive message"); + btdev->init_error = -EIO; + ret = -EIO; + goto finish_alive; + } + + pkt = (struct hci_nokia_alive_pkt *)skb_pull(skb, sizeof(*hdr)); + + if (pkt->mid != NOKIA_ALIVE_RESP) { + dev_err(dev, "Alive received: invalid response: 0x%02x!", + pkt->mid); + btdev->init_error = -EINVAL; + ret = -EINVAL; + goto finish_alive; + } + + dev_dbg(dev, "Alive received"); + +finish_alive: + complete(&btdev->init_completion); + kfree_skb(skb); + return ret; +} + +static int nokia_recv_radio(struct hci_dev *hdev, struct sk_buff *skb) +{ + /* Packets received on the dedicated radio channel are + * HCI events and so feed them back into the core. + */ + hci_skb_pkt_type(skb) = HCI_EVENT_PKT; + return hci_recv_frame(hdev, skb); +} + +/* Recv data */ +static const struct h4_recv_pkt nokia_recv_pkts[] = { + { H4_RECV_ACL, .recv = hci_recv_frame }, + { H4_RECV_SCO, .recv = hci_recv_frame }, + { H4_RECV_EVENT, .recv = hci_recv_frame }, + { NOKIA_RECV_ALIVE, .recv = nokia_recv_alive_packet }, + { NOKIA_RECV_NEG, .recv = nokia_recv_negotiation_packet }, + { NOKIA_RECV_RADIO, .recv = nokia_recv_radio }, +}; + +static int nokia_recv(struct hci_uart *hu, const void *data, int count) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + int err; + + if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) + return -EUNATCH; + + btdev->rx_skb = h4_recv_buf(hu->hdev, btdev->rx_skb, data, count, + nokia_recv_pkts, ARRAY_SIZE(nokia_recv_pkts)); + if (IS_ERR(btdev->rx_skb)) { + err = PTR_ERR(btdev->rx_skb); + dev_err(dev, "Frame reassembly failed (%d)", err); + btdev->rx_skb = NULL; + return err; + } + + return count; +} + +static struct sk_buff *nokia_dequeue(struct hci_uart *hu) +{ + struct nokia_bt_dev *btdev = hu->priv; + struct device *dev = &btdev->serdev->dev; + struct sk_buff *result = skb_dequeue(&btdev->txq); + + if (!btdev->initialized) + return result; + + if (btdev->tx_enabled == !!result) + return result; + + if (result) { + pm_runtime_get_sync(dev); + gpiod_set_value_cansleep(btdev->wakeup_bt, 1); + } else { + serdev_device_wait_until_sent(btdev->serdev, 0); + gpiod_set_value_cansleep(btdev->wakeup_bt, 0); + pm_runtime_put(dev); + } + + btdev->tx_enabled = !!result; + + return result; +} + +static const struct hci_uart_proto nokia_proto = { + .id = HCI_UART_NOKIA, + .name = "Nokia", + .open = nokia_open, + .close = nokia_close, + .recv = nokia_recv, + .enqueue = nokia_enqueue, + .dequeue = nokia_dequeue, + .flush = nokia_flush, + .setup = nokia_setup, + .manufacturer = 1, +}; + +static int nokia_bluetooth_serdev_probe(struct serdev_device *serdev) +{ + struct device *dev = &serdev->dev; + struct nokia_bt_dev *btdev; + struct clk *sysclk; + int err = 0; + + btdev = devm_kzalloc(dev, sizeof(*btdev), GFP_KERNEL); + if (!btdev) + return -ENOMEM; + + btdev->hu.serdev = btdev->serdev = serdev; + serdev_device_set_drvdata(serdev, btdev); + + btdev->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); + if (IS_ERR(btdev->reset)) { + err = PTR_ERR(btdev->reset); + dev_err(dev, "could not get reset gpio: %d", err); + return err; + } + + btdev->wakeup_host = devm_gpiod_get(dev, "host-wakeup", GPIOD_IN); + if (IS_ERR(btdev->wakeup_host)) { + err = PTR_ERR(btdev->wakeup_host); + dev_err(dev, "could not get host wakeup gpio: %d", err); + return err; + } + + btdev->wake_irq = gpiod_to_irq(btdev->wakeup_host); + + err = devm_request_threaded_irq(dev, btdev->wake_irq, NULL, + wakeup_handler, + IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING | IRQF_ONESHOT, + "wakeup", btdev); + if (err) { + dev_err(dev, "could request wakeup irq: %d", err); + return err; + } + + btdev->wakeup_bt = devm_gpiod_get(dev, "bluetooth-wakeup", + GPIOD_OUT_LOW); + if (IS_ERR(btdev->wakeup_bt)) { + err = PTR_ERR(btdev->wakeup_bt); + dev_err(dev, "could not get BT wakeup gpio: %d", err); + return err; + } + + sysclk = devm_clk_get(dev, "sysclk"); + if (IS_ERR(sysclk)) { + err = PTR_ERR(sysclk); + dev_err(dev, "could not get sysclk: %d", err); + return err; + } + + clk_prepare_enable(sysclk); + btdev->sysclk_speed = clk_get_rate(sysclk); + clk_disable_unprepare(sysclk); + + skb_queue_head_init(&btdev->txq); + + btdev->hu.priv = btdev; + btdev->hu.alignment = 2; /* Nokia H4+ is word aligned */ + + err = hci_uart_register_device(&btdev->hu, &nokia_proto); + if (err) { + dev_err(dev, "could not register bluetooth uart: %d", err); + return err; + } + + return 0; +} + +static void nokia_bluetooth_serdev_remove(struct serdev_device *serdev) +{ + struct nokia_bt_dev *btdev = serdev_device_get_drvdata(serdev); + struct hci_uart *hu = &btdev->hu; + struct hci_dev *hdev = hu->hdev; + + cancel_work_sync(&hu->write_work); + + hci_unregister_dev(hdev); + hci_free_dev(hdev); + hu->proto->close(hu); + + pm_runtime_disable(&btdev->serdev->dev); +} + +static int nokia_bluetooth_runtime_suspend(struct device *dev) +{ + struct serdev_device *serdev = to_serdev_device(dev); + + nokia_flow_control(serdev, false); + return 0; +} + +static int nokia_bluetooth_runtime_resume(struct device *dev) +{ + struct serdev_device *serdev = to_serdev_device(dev); + + nokia_flow_control(serdev, true); + return 0; +} + +static const struct dev_pm_ops nokia_bluetooth_pm_ops = { + SET_RUNTIME_PM_OPS(nokia_bluetooth_runtime_suspend, + nokia_bluetooth_runtime_resume, + NULL) +}; + +#ifdef CONFIG_OF +static const struct of_device_id nokia_bluetooth_of_match[] = { + { .compatible = "nokia,h4p-bluetooth", }, + {}, +}; +MODULE_DEVICE_TABLE(of, nokia_bluetooth_of_match); +#endif + +static struct serdev_device_driver nokia_bluetooth_serdev_driver = { + .probe = nokia_bluetooth_serdev_probe, + .remove = nokia_bluetooth_serdev_remove, + .driver = { + .name = "nokia-bluetooth", + .pm = &nokia_bluetooth_pm_ops, + .of_match_table = of_match_ptr(nokia_bluetooth_of_match), + }, +}; + +module_serdev_device_driver(nokia_bluetooth_serdev_driver); From f0c660e04f6167e8f229055d3e872d5ca0edeb9f Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Thu, 13 Apr 2017 10:03:50 -0500 Subject: [PATCH 56/59] dt-bindings: net: Add TI WiLink shared transport binding Add serial slave device binding for the TI WiLink series of Bluetooth/FM/GPS devices. Signed-off-by: Rob Herring Cc: Mark Rutland Cc: netdev@vger.kernel.org Cc: devicetree@vger.kernel.org Signed-off-by: Marcel Holtmann --- .../devicetree/bindings/net/ti,wilink-st.txt | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 Documentation/devicetree/bindings/net/ti,wilink-st.txt diff --git a/Documentation/devicetree/bindings/net/ti,wilink-st.txt b/Documentation/devicetree/bindings/net/ti,wilink-st.txt new file mode 100644 index 000000000000..cbad73a84ac4 --- /dev/null +++ b/Documentation/devicetree/bindings/net/ti,wilink-st.txt @@ -0,0 +1,35 @@ +TI WiLink 7/8 (wl12xx/wl18xx) Shared Transport BT/FM/GPS devices + +TI WiLink devices have a UART interface for providing Bluetooth, FM radio, +and GPS over what's called "shared transport". The shared transport is +standard BT HCI protocol with additional channels for the other functions. + +These devices also have a separate WiFi interface as described in +wireless/ti,wlcore.txt. + +This bindings follows the UART slave device binding in +../serial/slave-device.txt. + +Required properties: + - compatible: should be one of the following: + "ti,wl1271-st" + "ti,wl1273-st" + "ti,wl1831-st" + "ti,wl1835-st" + "ti,wl1837-st" + +Optional properties: + - enable-gpios : GPIO signal controlling enabling of BT. Active high. + - vio-supply : Vio input supply (1.8V) + - vbat-supply : Vbat input supply (2.9-4.8V) + +Example: + +&serial0 { + compatible = "ns16550a"; + ... + bluetooth { + compatible = "ti,wl1835-st"; + enable-gpios = <&gpio1 7 GPIO_ACTIVE_HIGH>; + }; +}; From 31927e5a52847761c1f2797a7ea53b6a75bdc518 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Thu, 13 Apr 2017 10:03:51 -0500 Subject: [PATCH 57/59] bluetooth: hci_uart: remove unused hci_uart_init_tty There are no users of hci_uart_init_tty, so remove it. Signed-off-by: Rob Herring Cc: Marcel Holtmann Cc: Gustavo Padovan Cc: Johan Hedberg Cc: linux-bluetooth@vger.kernel.org Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_ldisc.c | 19 ------------------- drivers/bluetooth/hci_uart.h | 1 - 2 files changed, 20 deletions(-) diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index 17bcbc13623f..cec4438ede01 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -319,25 +319,6 @@ void hci_uart_set_speeds(struct hci_uart *hu, unsigned int init_speed, hu->oper_speed = oper_speed; } -void hci_uart_init_tty(struct hci_uart *hu) -{ - struct tty_struct *tty = hu->tty; - struct ktermios ktermios; - - /* Bring the UART into a known 8 bits no parity hw fc state */ - ktermios = tty->termios; - ktermios.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP | - INLCR | IGNCR | ICRNL | IXON); - ktermios.c_oflag &= ~OPOST; - ktermios.c_lflag &= ~(ECHO | ECHONL | ICANON | ISIG | IEXTEN); - ktermios.c_cflag &= ~(CSIZE | PARENB); - ktermios.c_cflag |= CS8; - ktermios.c_cflag |= CRTSCTS; - - /* tty_set_termios() return not checked as it is always 0 */ - tty_set_termios(tty, &ktermios); -} - void hci_uart_set_baudrate(struct hci_uart *hu, unsigned int speed) { struct tty_struct *tty = hu->tty; diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 1b41c661bbb8..2b05e557fad0 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -114,7 +114,6 @@ int hci_uart_register_device(struct hci_uart *hu, const struct hci_uart_proto *p int hci_uart_tx_wakeup(struct hci_uart *hu); int hci_uart_init_ready(struct hci_uart *hu); -void hci_uart_init_tty(struct hci_uart *hu); void hci_uart_set_baudrate(struct hci_uart *hu, unsigned int speed); void hci_uart_set_flow_control(struct hci_uart *hu, bool enable); void hci_uart_set_speeds(struct hci_uart *hu, unsigned int init_speed, From 371805522f870986144fcd88727a47858e364a2c Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Thu, 13 Apr 2017 10:03:52 -0500 Subject: [PATCH 58/59] bluetooth: hci_uart: add LL protocol serdev driver support Turns out that the LL protocol and the TI-ST are the same thing AFAICT. The TI-ST adds firmware loading, GPIO control, and shared access for NFC, FM radio, etc. For now, we're only implementing what is needed for BT. This mirrors other drivers like BCM and Intel, but uses the new serdev bus. The firmware loading is greatly simplified by using existing infrastructure to send commands. It may be a bit slower than the original code using synchronous functions, but the real bottleneck is likely doing firmware load at 115.2kbps. Signed-off-by: Rob Herring Cc: Marcel Holtmann Cc: Gustavo Padovan Cc: Johan Hedberg Cc: linux-bluetooth@vger.kernel.org Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_ll.c | 262 ++++++++++++++++++++++++++++++++++++- 1 file changed, 261 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_ll.c b/drivers/bluetooth/hci_ll.c index 02692fe30279..485e8eb04542 100644 --- a/drivers/bluetooth/hci_ll.c +++ b/drivers/bluetooth/hci_ll.c @@ -34,20 +34,24 @@ #include #include #include +#include #include #include #include #include -#include #include #include #include #include +#include +#include #include +#include #include #include +#include #include "hci_uart.h" @@ -76,6 +80,12 @@ struct hcill_cmd { u8 cmd; } __packed; +struct ll_device { + struct hci_uart hu; + struct serdev_device *serdev; + struct gpio_desc *enable_gpio; +}; + struct ll_struct { unsigned long rx_state; unsigned long rx_count; @@ -136,6 +146,9 @@ static int ll_open(struct hci_uart *hu) hu->priv = ll; + if (hu->serdev) + serdev_device_open(hu->serdev); + return 0; } @@ -164,6 +177,13 @@ static int ll_close(struct hci_uart *hu) kfree_skb(ll->rx_skb); + if (hu->serdev) { + struct ll_device *lldev = serdev_device_get_drvdata(hu->serdev); + gpiod_set_value_cansleep(lldev->enable_gpio, 0); + + serdev_device_close(hu->serdev); + } + hu->priv = NULL; kfree(ll); @@ -505,9 +525,245 @@ static struct sk_buff *ll_dequeue(struct hci_uart *hu) return skb_dequeue(&ll->txq); } +#if IS_ENABLED(CONFIG_SERIAL_DEV_BUS) +static int read_local_version(struct hci_dev *hdev) +{ + int err = 0; + unsigned short version = 0; + struct sk_buff *skb; + struct hci_rp_read_local_version *ver; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + bt_dev_err(hdev, "Reading TI version information failed (%ld)", + PTR_ERR(skb)); + err = PTR_ERR(skb); + goto out; + } + if (skb->len != sizeof(*ver)) { + err = -EILSEQ; + goto out; + } + + ver = (struct hci_rp_read_local_version *)skb->data; + if (le16_to_cpu(ver->manufacturer) != 13) { + err = -ENODEV; + goto out; + } + + version = le16_to_cpu(ver->lmp_subver); + +out: + if (err) bt_dev_err(hdev, "Failed to read TI version info: %d", err); + kfree_skb(skb); + return err ? err : version; +} + +/** + * download_firmware - + * internal function which parses through the .bts firmware + * script file intreprets SEND, DELAY actions only as of now + */ +static int download_firmware(struct ll_device *lldev) +{ + unsigned short chip, min_ver, maj_ver; + int version, err, len; + unsigned char *ptr, *action_ptr; + unsigned char bts_scr_name[40]; /* 40 char long bts scr name? */ + const struct firmware *fw; + struct sk_buff *skb; + struct hci_command *cmd; + + version = read_local_version(lldev->hu.hdev); + if (version < 0) + return version; + + chip = (version & 0x7C00) >> 10; + min_ver = (version & 0x007F); + maj_ver = (version & 0x0380) >> 7; + if (version & 0x8000) + maj_ver |= 0x0008; + + snprintf(bts_scr_name, sizeof(bts_scr_name), + "ti-connectivity/TIInit_%d.%d.%d.bts", + chip, maj_ver, min_ver); + + err = request_firmware(&fw, bts_scr_name, &lldev->serdev->dev); + if (err || !fw->data || !fw->size) { + bt_dev_err(lldev->hu.hdev, "request_firmware failed(errno %d) for %s", + err, bts_scr_name); + return -EINVAL; + } + ptr = (void *)fw->data; + len = fw->size; + /* bts_header to remove out magic number and + * version + */ + ptr += sizeof(struct bts_header); + len -= sizeof(struct bts_header); + + while (len > 0 && ptr) { + bt_dev_dbg(lldev->hu.hdev, " action size %d, type %d ", + ((struct bts_action *)ptr)->size, + ((struct bts_action *)ptr)->type); + + action_ptr = &(((struct bts_action *)ptr)->data[0]); + + switch (((struct bts_action *)ptr)->type) { + case ACTION_SEND_COMMAND: /* action send */ + bt_dev_dbg(lldev->hu.hdev, "S"); + cmd = (struct hci_command *)action_ptr; + if (cmd->opcode == 0xff36) { + /* ignore remote change + * baud rate HCI VS command */ + bt_dev_warn(lldev->hu.hdev, "change remote baud rate command in firmware"); + break; + } + if (cmd->prefix != 1) + bt_dev_dbg(lldev->hu.hdev, "command type %d\n", cmd->prefix); + + skb = __hci_cmd_sync(lldev->hu.hdev, cmd->opcode, cmd->plen, &cmd->speed, HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + bt_dev_err(lldev->hu.hdev, "send command failed\n"); + goto out_rel_fw; + } + kfree_skb(skb); + break; + case ACTION_WAIT_EVENT: /* wait */ + /* no need to wait as command was synchronous */ + bt_dev_dbg(lldev->hu.hdev, "W"); + break; + case ACTION_DELAY: /* sleep */ + bt_dev_info(lldev->hu.hdev, "sleep command in scr"); + mdelay(((struct bts_action_delay *)action_ptr)->msec); + break; + } + len -= (sizeof(struct bts_action) + + ((struct bts_action *)ptr)->size); + ptr += sizeof(struct bts_action) + + ((struct bts_action *)ptr)->size; + } + +out_rel_fw: + /* fw download complete */ + release_firmware(fw); + return err; +} + +static int ll_setup(struct hci_uart *hu) +{ + int err, retry = 3; + struct ll_device *lldev; + struct serdev_device *serdev = hu->serdev; + u32 speed; + + if (!serdev) + return 0; + + lldev = serdev_device_get_drvdata(serdev); + + serdev_device_set_flow_control(serdev, true); + + do { + /* Configure BT_EN to HIGH state */ + gpiod_set_value_cansleep(lldev->enable_gpio, 0); + msleep(5); + gpiod_set_value_cansleep(lldev->enable_gpio, 1); + msleep(100); + + err = download_firmware(lldev); + if (!err) + break; + + /* Toggle BT_EN and retry */ + bt_dev_err(hu->hdev, "download firmware failed, retrying..."); + } while (retry--); + + if (err) + return err; + + /* Operational speed if any */ + if (hu->oper_speed) + speed = hu->oper_speed; + else if (hu->proto->oper_speed) + speed = hu->proto->oper_speed; + else + speed = 0; + + if (speed) { + struct sk_buff *skb = __hci_cmd_sync(hu->hdev, 0xff36, sizeof(speed), &speed, HCI_INIT_TIMEOUT); + if (!IS_ERR(skb)) { + kfree_skb(skb); + serdev_device_set_baudrate(serdev, speed); + } + } + + return 0; +} + +static const struct hci_uart_proto llp; + +static int hci_ti_probe(struct serdev_device *serdev) +{ + struct hci_uart *hu; + struct ll_device *lldev; + u32 max_speed = 3000000; + + lldev = devm_kzalloc(&serdev->dev, sizeof(struct ll_device), GFP_KERNEL); + if (!lldev) + return -ENOMEM; + hu = &lldev->hu; + + serdev_device_set_drvdata(serdev, lldev); + lldev->serdev = hu->serdev = serdev; + + lldev->enable_gpio = devm_gpiod_get_optional(&serdev->dev, "enable", GPIOD_OUT_LOW); + if (IS_ERR(lldev->enable_gpio)) + return PTR_ERR(lldev->enable_gpio); + + of_property_read_u32(serdev->dev.of_node, "max-speed", &max_speed); + hci_uart_set_speeds(hu, 115200, max_speed); + + return hci_uart_register_device(hu, &llp); +} + +static void hci_ti_remove(struct serdev_device *serdev) +{ + struct ll_device *lldev = serdev_device_get_drvdata(serdev); + struct hci_uart *hu = &lldev->hu; + struct hci_dev *hdev = hu->hdev; + + cancel_work_sync(&hu->write_work); + + hci_unregister_dev(hdev); + hci_free_dev(hdev); + hu->proto->close(hu); +} + +static const struct of_device_id hci_ti_of_match[] = { + { .compatible = "ti,wl1831-st" }, + { .compatible = "ti,wl1835-st" }, + { .compatible = "ti,wl1837-st" }, + {}, +}; +MODULE_DEVICE_TABLE(of, hci_ti_of_match); + +static struct serdev_device_driver hci_ti_drv = { + .driver = { + .name = "hci-ti", + .of_match_table = of_match_ptr(hci_ti_of_match), + }, + .probe = hci_ti_probe, + .remove = hci_ti_remove, +}; +#else +#define ll_setup NULL +#endif + static const struct hci_uart_proto llp = { .id = HCI_UART_LL, .name = "LL", + .setup = ll_setup, .open = ll_open, .close = ll_close, .recv = ll_recv, @@ -518,10 +774,14 @@ static const struct hci_uart_proto llp = { int __init ll_init(void) { + serdev_device_driver_register(&hci_ti_drv); + return hci_uart_register_proto(&llp); } int __exit ll_deinit(void) { + serdev_device_driver_unregister(&hci_ti_drv); + return hci_uart_unregister_proto(&llp); } From 019aa56b7df8a796b2c01a56269a370ad3442ec7 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Thu, 13 Apr 2017 10:03:53 -0500 Subject: [PATCH 59/59] arm64: dts: hikey: add WL1835 Bluetooth device node This adds the serial slave device for the WL1835 Bluetooth interface. Signed-off-by: Rob Herring Cc: Wei Xu Cc: Mark Rutland Signed-off-by: Marcel Holtmann --- arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts index dba3c131c62c..9b4ba7169210 100644 --- a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts +++ b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts @@ -98,6 +98,11 @@ uart1: uart@f7111000 { assigned-clocks = <&sys_ctrl HI6220_UART1_SRC>; assigned-clock-rates = <150000000>; status = "ok"; + + bluetooth { + compatible = "ti,wl1835-st"; + enable-gpios = <&gpio1 7 GPIO_ACTIVE_HIGH>; + }; }; uart2: uart@f7112000 {