The new hci_skb_pkt_* wrappers are mainly intented for drivers to
require less knowledge about bt_cb(sbk) handling. So after converting
the core packet handling, convert all drivers.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

for_each_compatible_node performs an of_node_get on each iteration, so
a break out of the loop requires an of_node_put.

A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):

// <smpl>
@@
expression e;
local idexpression n;
@@

 for_each_compatible_node(n, ...) {
   ... when != of_node_put(n)
       when != e = n
(
   return n;
|
+  of_node_put(n);
?  return ...;
)
   ...
 }
// </smpl>
Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Setting and clearing of HCI_RUNNING flag in each and every driver is
just duplicating the same code all over the place. So instead of having
the driver do it in their hdev->open and hdev->close callbacks, set it
globally in the core transport handling.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

In all callbacks for hdev->send the status of HCI_RUNNING is checked. So
instead of repeating that code in every driver, move the check into the
hci_send_frame function before calling hdev->send.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

NOT NULL comparison modified to be readable, reported
by checkpatch.
Signed-off-by: NPrasanna Karthik <mkarthi3@visteon.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

if btmrvl_tx_pkt() is called, and the branch
  if (skb_headroom(skb) < BTM_HEADER_LEN)
evaluates positive, a new skb is allocated via skb_realloc_headroom.

The original skb is stored in a tmp variable, before being free'd.
However on success, the new skb, is not free'd, nor is it
returned to the caller which will then double-free the original skb.

This issue exists from the original driver submission in
 commit: #132ff4e5

If this code path had been alive, it would have been noted from the
double-free causing a panic.

All skb's here should be allocated through bt_skb_alloc which
adds 8 bytes as headroom, which is plenty against the 4 bytes
pushed on by this driver.

This code path is dead, and buggy at the same time, so the cleanest
approach is to remove the affected branch.

Reported by coverity (CID 113422)
Signed-off-by: NKieran Bingham <kieranbingham@gmail.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

A vendor specific command is sent to firmware during
initialization to enable this feature.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NCathy Luo <cluo@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Sometimes suspend thread queues a command and wait for it's
response, meanwhile WLAN driver power cycles the card which
leads to crash. This patch makes sure that suspend thread is
woken up in remove path.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

This change improves readability and fixes allignment problem.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

This flag will be set in unload path to make sure that we skip
sending further commands, ignore interrupts and stop main thread
when unload starts.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

If module init command fails, FW might not be in good state.
We will return from setup handler and skip downloading further
commands.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

btmrvl_remove_card() calls kthread_stop() to stop the main thread,
but kthread_should_stop() is checked when all the activities are done
in the main thread before sleeping.
We will have kthread_should_stop() check as soon as main thread is
woken up. This fixes a crash issue caused due to an invalid memory
access while unnecessarily processing interrupts after card removal.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

This patch adds firmware dump support for marvell
bluetooth chipset. Currently only SD8897 is supported.
This is implemented based on dev_coredump, a new mechnism
introduced in kernel 3.18rc3

Firmware dump can be trigger by
echo 1 > /sys/kernel/debug/bluetooth/hci*/config/fw_dump
and when the dump operation is completed, data can be read by
cat /sys/class/devcoredump/devcd*/data

We have prepared following script to divide fw memory
dump data into multiple files based on memory type.

 [root]# cat btmrvl_split_dump_data.sh
 #!/bin/bash
 # usage: ./btmrvl_split_dump_data.sh dump_data

 fw_dump_data=$1

 mem_type="ITCM DTCM SQRAM APU CIU ICU MAC EXT7 EXT8 EXT9 EXT10 EXT11 EXT12 EXT13 EXTLAST"

 for name in ${mem_type[@]}
 do
         sed -n "/Start dump $name/,/End dump/p" $fw_dump_data  > tmp.$name.log
         if [ ! -s tmp.$name.log ]
                 then
                         rm -rf tmp.$name.log
                 else
                         # Remove the describle info "Start dump" and "End dump"
                         sed '1d' tmp.$name.log | sed '$d' > /data/$name.log
                         if [ -s /data/$name.log ]
                         then
                                 echo "generate /data/$name.log"
                         else
                                 sed '1d' tmp.$name.log | sed '$d' > /var/$name.log
                                 echo "generate /var/$name.log"
                         fi
                         rm -rf tmp.$name.log
         fi
 done
Signed-off-by: NXinming Hu <huxm@marvell.com>
Signed-off-by: NCathy Luo <cluo@marvell.com>
Signed-off-by: NAvinash Patil <patila@marvell.com>
Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
Reviewed-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

BT_INFO/BT_DBG etc. already takes care of adding a newline
An extra newline character inside message is removed in this
patch.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Host sleep status flag should be reset when there is an
interrupt from device.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NCathy Luo <cluo@marvell.com>
Signed-off-by: NAvinash Patil <patila@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

This can be used to have GPIO host wakeup method suitable for the
platform and configurable GAP for host sleep handshake.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NCathy Luo <cluo@marvell.com>
Signed-off-by: NAvinash Patil <patila@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Calibration data can be downloaded through device tree method. This
patch adds the documentation. Also, instead of searching device tree
node by name using of_find_node_by_name() API, let's use
for_each_compatible_node().
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NCathy Luo <cluo@marvell.com>
Signed-off-by: NAvinash Patil <patila@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

btmrvl_add_card() function calls kthread_run that might return error
(e.g. if current thread is killed). If one tries to use the error
value as a pointer then invalid memory access oops happens.

Check kthread_run() return value, if it is an error then release resources
correctly.

TEST=boot computer with BT modules enabled. I see the error message that
BT device initialization failed. Now kernel does not crash. Hint: to enable
BT run 'rmmod btmrvl_sdio; modprobe btmrvl_sdio'
Signed-off-by: NAnatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

.set_bdaddr handler is implemented for public address configuration.
A reboot restores the bdaddr to its original address.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

After BT_CMD_HOST_SLEEP_ENABLE command finishes, driver should
wait until getting BT_EVENT_HOST_SLEEP_ENABLE event to complete
suspend procedure.
Without this patch the suspend handler would return success
earlier. By the time when the BT_EVENT_HOST_SLEEP_ENABLE event
comes in the controller driver could have already turned off the
bus clock. This causes kernel crash or system reboot eventually.

Cc: <stable@vger.kernel.org> # 3.13+
Signed-off-by: NChin-Ran Lo <crlo@marvell.com>
Signed-off-by: NJeff CF Chen <jeffc@marvell.com>
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

A vendor specific command is sent to firmware during
initialization to enable this feature. This command is for
SD8897 only.
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Change subcmd parameter from int to u8 to match its use:
btmrvl_send_sync_cmd(priv, BT_CMD_MODULE_CFG_REQ, &subcmd, 1);
Signed-off-by: NPetri Gynther <pgynther@google.com>
Reviewed-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

For SD8897, CMD52 write_to_clear may have missing interrupts
under certain corner case condition. Use CMD53 read-to-clear
to fix the problem.
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

If vendor specific HCI commands are received from application,
we should send corresponding events to stack.
These events should be consumed in driver, only if they are for
the internal HCI commands generated by driver.

This patch fixes the vendor command 0x3f stuck problem with
above mentioned change. For example,

hcitool cmd 3f 22 fe 06 22 21 20 43 50 00
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

The device tree property can define the cal-data in proper order.
There is no need to swap the bytes in driver.
Also remove the redundant cal-data memory copy after removing the
byte swapping.

Cc: Mike Frysinger <vapier@chromium.org>
Cc: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NHyuckjoo Lee <hyuckjoo.lee@samsung.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Some ARM versions of Chromebook need to download a new calibration
data from host driver to firmware. They do have EEPROM but still
need a piece of new calibration data in test mode.

The cal-data is platform dependent. It's simpler and more feasible
to use device tree based cal-data instead of configuration file
based cal-data.

This patch remove configuration file based cal-data downloading
and replace it using cal-data from device tree.

When CONFIG_OF is not selected, or the specific property is not
present in the device tree, the calibration downloading will not
happen.

Cc: Mike Frysinger <vapier@chromium.org>
Cc: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NHyuckjoo Lee <hyuckjoo.lee@samsung.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Replace ogf/ocf and its packing with 16-bit opcodes.
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

The hdev parameter of btmrvl_send_frame() is always valid. If it were
not valid, then it would have crashed earlier in the call chain.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

Instead of masking hdev inside the skb->dev parameter, hand it
directly to the driver as a parameter to hdev->send. This makes
the driver interface more clear and simpler.

This patch fixes all drivers to accept and handle the new parameter
of hdev->send callback. Special care has been taken for bpa10x
and btusb drivers that require having skb->dev set to hdev for
the URB transmit complete handlers.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

The btmrvl_ioctl() function is not used and thus remove it.
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>

A text file containing calibration data in hex format can
be provided at following path:

/lib/firmware/mrvl/sd8797_caldata.conf

The data will be downloaded to firmware during initialization.
Reviewed-by: NMike Frysinger <vapier@chromium.org>
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NHyuckjoo Lee <hyuckjoo.lee@samsung.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Move initialization code to hdev's setup handler.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Replace this proprietary structure with the standard one
(struct hci_command_hdr).
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

Command preparation code is used multiple times. This patch
separate out this common code and create btmrvl_send_sync_cmd()
function.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>

There is currently a race condition in the btmrvl_remove_card() which
is causing hangs on suspend for OLPC. When the race occurs,
kthread_stop() never returns.

The problem is that btmrvl_service_main_thread() calls kthread_should_stop()
and then does a fair number of things before restarting the loop and
sleeping.

If the thread gets stopped after kthread_should_stop() is checked, but
before the sleep happens, the thread will go to sleep and won't necessarily
be woken up.

Move the kthread_should_stop() check into a race-free place.
Signed-off-by: NDaniel Drake <dsd@laptop.org>
Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Patch shortens locals scope and adds missing braces. This is a diff
between v1 which was applied and v2 of patch "Bluetooth: btmrvl: Do
not send vendor events to bluetooth stack".
Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>

Vendor-specific events shall be processed in driver and not sent
to bluetooth stack where they screw up HCI command countings.
Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>

Host sleep is activated using already configured host sleep
parameters in suspend handler and it is cancelled in resume
handler.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Acked-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NGustavo Padovan <gustavo@padovan.org>

Currently debugfs commands "hscfgcmd" and "gpiogap" are provided
for host sleep configuration. But if user doesn't configure host
sleep parameters using these commands, host sleep activation is
failed during suspend (support for suspend and resume handlers is
added in next patch).

Default host sleep configuration is done during driver initialisation
in this patch.
Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: NBing Zhao <bzhao@marvell.com>
Signed-off-by: NGustavo Padovan <gustavo@padovan.org>

The linux device model provides dev_set/get_drvdata so we can use this
to save private driver data.
This also removes several unnecessary casts.
Signed-off-by: NDavid Herrmann <dh.herrmann@googlemail.com>
Acked-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>