Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7#include <linux/module.h>
8#include <linux/firmware.h>
9#include <linux/vmalloc.h>
10
11#include <net/bluetooth/bluetooth.h>
12#include <net/bluetooth/hci_core.h>
13
14#include "btqca.h"
15
16#define VERSION "0.1"
17
18int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
19 enum qca_btsoc_type soc_type)
20{
21 struct sk_buff *skb;
22 struct edl_event_hdr *edl;
23 char cmd;
24 int err = 0;
25 u8 event_type = HCI_EV_VENDOR;
26 u8 rlen = sizeof(*edl) + sizeof(*ver);
27 u8 rtype = EDL_APP_VER_RES_EVT;
28
29 bt_dev_dbg(hdev, "QCA Version Request");
30
31 /* Unlike other SoC's sending version command response as payload to
32 * VSE event. WCN3991 sends version command response as a payload to
33 * command complete event.
34 */
35 if (soc_type >= QCA_WCN3991) {
36 event_type = 0;
37 rlen += 1;
38 rtype = EDL_PATCH_VER_REQ_CMD;
39 }
40
41 cmd = EDL_PATCH_VER_REQ_CMD;
42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
43 &cmd, event_type, HCI_INIT_TIMEOUT);
44 if (IS_ERR(skb)) {
45 err = PTR_ERR(skb);
46 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
47 err);
48 return err;
49 }
50
51 if (skb->len != rlen) {
52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
53 err = -EILSEQ;
54 goto out;
55 }
56
57 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) {
59 bt_dev_err(hdev, "QCA TLV with no header");
60 err = -EILSEQ;
61 goto out;
62 }
63
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != rtype) {
66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
67 edl->rtype);
68 err = -EIO;
69 goto out;
70 }
71
72 if (soc_type >= QCA_WCN3991)
73 memcpy(ver, edl->data + 1, sizeof(*ver));
74 else
75 memcpy(ver, &edl->data, sizeof(*ver));
76
77 bt_dev_info(hdev, "QCA Product ID :0x%08x",
78 le32_to_cpu(ver->product_id));
79 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
80 le32_to_cpu(ver->soc_id));
81 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
82 le16_to_cpu(ver->rom_ver));
83 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
84 le16_to_cpu(ver->patch_ver));
85
86 if (ver->soc_id == 0 || ver->rom_ver == 0)
87 err = -EILSEQ;
88
89out:
90 kfree_skb(skb);
91 if (err)
92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
93
94 return err;
95}
96EXPORT_SYMBOL_GPL(qca_read_soc_version);
97
98static int qca_read_fw_build_info(struct hci_dev *hdev)
99{
100 struct sk_buff *skb;
101 struct edl_event_hdr *edl;
102 char cmd, build_label[QCA_FW_BUILD_VER_LEN];
103 int build_lbl_len, err = 0;
104
105 bt_dev_dbg(hdev, "QCA read fw build info");
106
107 cmd = EDL_GET_BUILD_INFO_CMD;
108 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
109 &cmd, 0, HCI_INIT_TIMEOUT);
110 if (IS_ERR(skb)) {
111 err = PTR_ERR(skb);
112 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
113 err);
114 return err;
115 }
116
117 edl = (struct edl_event_hdr *)(skb->data);
118 if (!edl) {
119 bt_dev_err(hdev, "QCA read fw build info with no header");
120 err = -EILSEQ;
121 goto out;
122 }
123
124 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
125 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
126 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
127 edl->rtype);
128 err = -EIO;
129 goto out;
130 }
131
132 build_lbl_len = edl->data[0];
133 if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) {
134 memcpy(build_label, edl->data + 1, build_lbl_len);
135 *(build_label + build_lbl_len) = '\0';
136 }
137
138 hci_set_fw_info(hdev, "%s", build_label);
139
140out:
141 kfree_skb(skb);
142 return err;
143}
144
145static int qca_send_patch_config_cmd(struct hci_dev *hdev)
146{
147 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
148 struct sk_buff *skb;
149 struct edl_event_hdr *edl;
150 int err;
151
152 bt_dev_dbg(hdev, "QCA Patch config");
153
154 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
155 cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
156 if (IS_ERR(skb)) {
157 err = PTR_ERR(skb);
158 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
159 return err;
160 }
161
162 if (skb->len != 2) {
163 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
164 err = -EILSEQ;
165 goto out;
166 }
167
168 edl = (struct edl_event_hdr *)(skb->data);
169 if (!edl) {
170 bt_dev_err(hdev, "QCA Patch config with no header");
171 err = -EILSEQ;
172 goto out;
173 }
174
175 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
176 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
177 edl->rtype);
178 err = -EIO;
179 goto out;
180 }
181
182 err = 0;
183
184out:
185 kfree_skb(skb);
186 return err;
187}
188
189static int qca_send_reset(struct hci_dev *hdev)
190{
191 struct sk_buff *skb;
192 int err;
193
194 bt_dev_dbg(hdev, "QCA HCI_RESET");
195
196 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
197 if (IS_ERR(skb)) {
198 err = PTR_ERR(skb);
199 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
200 return err;
201 }
202
203 kfree_skb(skb);
204
205 return 0;
206}
207
208int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
209{
210 struct sk_buff *skb;
211 int err;
212
213 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
214
215 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
216 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
217
218 if (IS_ERR(skb)) {
219 err = PTR_ERR(skb);
220 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
221 return err;
222 }
223
224 kfree_skb(skb);
225
226 return 0;
227}
228EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
229
230static void qca_tlv_check_data(struct hci_dev *hdev,
231 struct qca_fw_config *config,
232 u8 *fw_data, enum qca_btsoc_type soc_type)
233{
234 const u8 *data;
235 u32 type_len;
236 u16 tag_id, tag_len;
237 int idx, length;
238 struct tlv_type_hdr *tlv;
239 struct tlv_type_patch *tlv_patch;
240 struct tlv_type_nvm *tlv_nvm;
241 uint8_t nvm_baud_rate = config->user_baud_rate;
242
243 config->dnld_mode = QCA_SKIP_EVT_NONE;
244 config->dnld_type = QCA_SKIP_EVT_NONE;
245
246 switch (config->type) {
247 case ELF_TYPE_PATCH:
248 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
249 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
250
251 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]);
252 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]);
253 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]);
254 break;
255 case TLV_TYPE_PATCH:
256 tlv = (struct tlv_type_hdr *)fw_data;
257 type_len = le32_to_cpu(tlv->type_len);
258 tlv_patch = (struct tlv_type_patch *)tlv->data;
259
260 /* For Rome version 1.1 to 3.1, all segment commands
261 * are acked by a vendor specific event (VSE).
262 * For Rome >= 3.2, the download mode field indicates
263 * if VSE is skipped by the controller.
264 * In case VSE is skipped, only the last segment is acked.
265 */
266 config->dnld_mode = tlv_patch->download_mode;
267 config->dnld_type = config->dnld_mode;
268
269 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
270 BT_DBG("Total Length : %d bytes",
271 le32_to_cpu(tlv_patch->total_size));
272 BT_DBG("Patch Data Length : %d bytes",
273 le32_to_cpu(tlv_patch->data_length));
274 BT_DBG("Signing Format Version : 0x%x",
275 tlv_patch->format_version);
276 BT_DBG("Signature Algorithm : 0x%x",
277 tlv_patch->signature);
278 BT_DBG("Download mode : 0x%x",
279 tlv_patch->download_mode);
280 BT_DBG("Reserved : 0x%x",
281 tlv_patch->reserved1);
282 BT_DBG("Product ID : 0x%04x",
283 le16_to_cpu(tlv_patch->product_id));
284 BT_DBG("Rom Build Version : 0x%04x",
285 le16_to_cpu(tlv_patch->rom_build));
286 BT_DBG("Patch Version : 0x%04x",
287 le16_to_cpu(tlv_patch->patch_version));
288 BT_DBG("Reserved : 0x%x",
289 le16_to_cpu(tlv_patch->reserved2));
290 BT_DBG("Patch Entry Address : 0x%x",
291 le32_to_cpu(tlv_patch->entry));
292 break;
293
294 case TLV_TYPE_NVM:
295 tlv = (struct tlv_type_hdr *)fw_data;
296
297 type_len = le32_to_cpu(tlv->type_len);
298 length = (type_len >> 8) & 0x00ffffff;
299
300 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
301 BT_DBG("Length\t\t : %d bytes", length);
302
303 idx = 0;
304 data = tlv->data;
305 while (idx < length) {
306 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
307
308 tag_id = le16_to_cpu(tlv_nvm->tag_id);
309 tag_len = le16_to_cpu(tlv_nvm->tag_len);
310
311 /* Update NVM tags as needed */
312 switch (tag_id) {
313 case EDL_TAG_ID_HCI:
314 /* HCI transport layer parameters
315 * enabling software inband sleep
316 * onto controller side.
317 */
318 tlv_nvm->data[0] |= 0x80;
319
320 /* UART Baud Rate */
321 if (soc_type >= QCA_WCN3991)
322 tlv_nvm->data[1] = nvm_baud_rate;
323 else
324 tlv_nvm->data[2] = nvm_baud_rate;
325
326 break;
327
328 case EDL_TAG_ID_DEEP_SLEEP:
329 /* Sleep enable mask
330 * enabling deep sleep feature on controller.
331 */
332 tlv_nvm->data[0] |= 0x01;
333
334 break;
335 }
336
337 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
338 }
339 break;
340
341 default:
342 BT_ERR("Unknown TLV type %d", config->type);
343 break;
344 }
345}
346
347static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
348 const u8 *data, enum qca_tlv_dnld_mode mode,
349 enum qca_btsoc_type soc_type)
350{
351 struct sk_buff *skb;
352 struct edl_event_hdr *edl;
353 struct tlv_seg_resp *tlv_resp;
354 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
355 int err = 0;
356 u8 event_type = HCI_EV_VENDOR;
357 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
358 u8 rtype = EDL_TVL_DNLD_RES_EVT;
359
360 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
361 cmd[1] = seg_size;
362 memcpy(cmd + 2, data, seg_size);
363
364 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
365 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
366 cmd);
367
368 /* Unlike other SoC's sending version command response as payload to
369 * VSE event. WCN3991 sends version command response as a payload to
370 * command complete event.
371 */
372 if (soc_type >= QCA_WCN3991) {
373 event_type = 0;
374 rlen = sizeof(*edl);
375 rtype = EDL_PATCH_TLV_REQ_CMD;
376 }
377
378 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
379 event_type, HCI_INIT_TIMEOUT);
380 if (IS_ERR(skb)) {
381 err = PTR_ERR(skb);
382 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
383 return err;
384 }
385
386 if (skb->len != rlen) {
387 bt_dev_err(hdev, "QCA TLV response size mismatch");
388 err = -EILSEQ;
389 goto out;
390 }
391
392 edl = (struct edl_event_hdr *)(skb->data);
393 if (!edl) {
394 bt_dev_err(hdev, "TLV with no header");
395 err = -EILSEQ;
396 goto out;
397 }
398
399 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
400 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
401 edl->cresp, edl->rtype);
402 err = -EIO;
403 }
404
405 if (soc_type >= QCA_WCN3991)
406 goto out;
407
408 tlv_resp = (struct tlv_seg_resp *)(edl->data);
409 if (tlv_resp->result) {
410 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
411 edl->cresp, edl->rtype, tlv_resp->result);
412 }
413
414out:
415 kfree_skb(skb);
416
417 return err;
418}
419
420static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
421{
422 struct hci_event_hdr *hdr;
423 struct hci_ev_cmd_complete *evt;
424 struct sk_buff *skb;
425
426 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
427 if (!skb)
428 return -ENOMEM;
429
430 hdr = skb_put(skb, sizeof(*hdr));
431 hdr->evt = HCI_EV_CMD_COMPLETE;
432 hdr->plen = sizeof(*evt) + 1;
433
434 evt = skb_put(skb, sizeof(*evt));
435 evt->ncmd = 1;
436 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
437
438 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
439
440 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
441
442 return hci_recv_frame(hdev, skb);
443}
444
445static int qca_download_firmware(struct hci_dev *hdev,
446 struct qca_fw_config *config,
447 enum qca_btsoc_type soc_type,
448 u8 rom_ver)
449{
450 const struct firmware *fw;
451 u8 *data;
452 const u8 *segment;
453 int ret, size, remain, i = 0;
454
455 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
456
457 ret = request_firmware(&fw, config->fwname, &hdev->dev);
458 if (ret) {
459 /* For WCN6750, if mbn file is not present then check for
460 * tlv file.
461 */
462 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
463 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
464 config->fwname, ret);
465 config->type = TLV_TYPE_PATCH;
466 snprintf(config->fwname, sizeof(config->fwname),
467 "qca/msbtfw%02x.tlv", rom_ver);
468 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
469 ret = request_firmware(&fw, config->fwname, &hdev->dev);
470 if (ret) {
471 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
472 config->fwname, ret);
473 return ret;
474 }
475 } else {
476 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
477 config->fwname, ret);
478 return ret;
479 }
480 }
481
482 size = fw->size;
483 data = vmalloc(fw->size);
484 if (!data) {
485 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
486 config->fwname);
487 release_firmware(fw);
488 return -ENOMEM;
489 }
490
491 memcpy(data, fw->data, size);
492 release_firmware(fw);
493
494 qca_tlv_check_data(hdev, config, data, soc_type);
495
496 segment = data;
497 remain = size;
498 while (remain > 0) {
499 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
500
501 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
502
503 remain -= segsize;
504 /* The last segment is always acked regardless download mode */
505 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
506 config->dnld_mode = QCA_SKIP_EVT_NONE;
507
508 ret = qca_tlv_send_segment(hdev, segsize, segment,
509 config->dnld_mode, soc_type);
510 if (ret)
511 goto out;
512
513 segment += segsize;
514 }
515
516 /* Latest qualcomm chipsets are not sending a command complete event
517 * for every fw packet sent. They only respond with a vendor specific
518 * event for the last packet. This optimization in the chip will
519 * decrease the BT in initialization time. Here we will inject a command
520 * complete event to avoid a command timeout error message.
521 */
522 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
523 config->dnld_type == QCA_SKIP_EVT_VSE)
524 ret = qca_inject_cmd_complete_event(hdev);
525
526out:
527 vfree(data);
528
529 return ret;
530}
531
532static int qca_disable_soc_logging(struct hci_dev *hdev)
533{
534 struct sk_buff *skb;
535 u8 cmd[2];
536 int err;
537
538 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
539 cmd[1] = 0x00;
540 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
541 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
542 if (IS_ERR(skb)) {
543 err = PTR_ERR(skb);
544 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
545 return err;
546 }
547
548 kfree_skb(skb);
549
550 return 0;
551}
552
553int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
554{
555 struct sk_buff *skb;
556 u8 cmd[9];
557 int err;
558
559 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
560 cmd[1] = 0x02; /* TAG ID */
561 cmd[2] = sizeof(bdaddr_t); /* size */
562 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
563 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
564 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
565 if (IS_ERR(skb)) {
566 err = PTR_ERR(skb);
567 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
568 return err;
569 }
570
571 kfree_skb(skb);
572
573 return 0;
574}
575EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
576
577int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
578 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
579 const char *firmware_name)
580{
581 struct qca_fw_config config;
582 int err;
583 u8 rom_ver = 0;
584 u32 soc_ver;
585
586 bt_dev_dbg(hdev, "QCA setup on UART");
587
588 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
589
590 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
591
592 config.user_baud_rate = baudrate;
593
594 /* Firmware files to download are based on ROM version.
595 * ROM version is derived from last two bytes of soc_ver.
596 */
597 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
598
599 if (soc_type == QCA_WCN6750)
600 qca_send_patch_config_cmd(hdev);
601
602 /* Download rampatch file */
603 config.type = TLV_TYPE_PATCH;
604 if (qca_is_wcn399x(soc_type)) {
605 snprintf(config.fwname, sizeof(config.fwname),
606 "qca/crbtfw%02x.tlv", rom_ver);
607 } else if (soc_type == QCA_QCA6390) {
608 snprintf(config.fwname, sizeof(config.fwname),
609 "qca/htbtfw%02x.tlv", rom_ver);
610 } else if (soc_type == QCA_WCN6750) {
611 /* Choose mbn file by default.If mbn file is not found
612 * then choose tlv file
613 */
614 config.type = ELF_TYPE_PATCH;
615 snprintf(config.fwname, sizeof(config.fwname),
616 "qca/msbtfw%02x.mbn", rom_ver);
617 } else {
618 snprintf(config.fwname, sizeof(config.fwname),
619 "qca/rampatch_%08x.bin", soc_ver);
620 }
621
622 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
623 if (err < 0) {
624 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
625 return err;
626 }
627
628 /* Give the controller some time to get ready to receive the NVM */
629 msleep(10);
630
631 /* Download NVM configuration */
632 config.type = TLV_TYPE_NVM;
633 if (firmware_name)
634 snprintf(config.fwname, sizeof(config.fwname),
635 "qca/%s", firmware_name);
636 else if (qca_is_wcn399x(soc_type)) {
637 if (ver.soc_id == QCA_WCN3991_SOC_ID) {
638 snprintf(config.fwname, sizeof(config.fwname),
639 "qca/crnv%02xu.bin", rom_ver);
640 } else {
641 snprintf(config.fwname, sizeof(config.fwname),
642 "qca/crnv%02x.bin", rom_ver);
643 }
644 }
645 else if (soc_type == QCA_QCA6390)
646 snprintf(config.fwname, sizeof(config.fwname),
647 "qca/htnv%02x.bin", rom_ver);
648 else if (soc_type == QCA_WCN6750)
649 snprintf(config.fwname, sizeof(config.fwname),
650 "qca/msnv%02x.bin", rom_ver);
651 else
652 snprintf(config.fwname, sizeof(config.fwname),
653 "qca/nvm_%08x.bin", soc_ver);
654
655 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
656 if (err < 0) {
657 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
658 return err;
659 }
660
661 if (soc_type >= QCA_WCN3991) {
662 err = qca_disable_soc_logging(hdev);
663 if (err < 0)
664 return err;
665 }
666
667 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
668 * VsMsftOpCode.
669 */
670 switch (soc_type) {
671 case QCA_WCN3990:
672 case QCA_WCN3991:
673 case QCA_WCN3998:
674 case QCA_WCN6750:
675 hci_set_msft_opcode(hdev, 0xFD70);
676 break;
677 default:
678 break;
679 }
680
681 /* Perform HCI reset */
682 err = qca_send_reset(hdev);
683 if (err < 0) {
684 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
685 return err;
686 }
687
688 if (soc_type == QCA_WCN3991 || soc_type == QCA_WCN6750) {
689 /* get fw build info */
690 err = qca_read_fw_build_info(hdev);
691 if (err < 0)
692 return err;
693 }
694
695 bt_dev_info(hdev, "QCA setup on UART is completed");
696
697 return 0;
698}
699EXPORT_SYMBOL_GPL(qca_uart_setup);
700
701int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
702{
703 struct sk_buff *skb;
704 int err;
705
706 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
707 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
708 if (IS_ERR(skb)) {
709 err = PTR_ERR(skb);
710 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
711 return err;
712 }
713
714 kfree_skb(skb);
715
716 return 0;
717}
718EXPORT_SYMBOL_GPL(qca_set_bdaddr);
719
720
721MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
722MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
723MODULE_VERSION(VERSION);
724MODULE_LICENSE("GPL");
1/*
2 * Bluetooth supports for Qualcomm Atheros chips
3 *
4 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2
8 * as published by the Free Software Foundation
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 */
20#include <linux/module.h>
21#include <linux/firmware.h>
22
23#include <net/bluetooth/bluetooth.h>
24#include <net/bluetooth/hci_core.h>
25
26#include "btqca.h"
27
28#define VERSION "0.1"
29
30static int rome_patch_ver_req(struct hci_dev *hdev, u32 *rome_version)
31{
32 struct sk_buff *skb;
33 struct edl_event_hdr *edl;
34 struct rome_version *ver;
35 char cmd;
36 int err = 0;
37
38 BT_DBG("%s: ROME Patch Version Request", hdev->name);
39
40 cmd = EDL_PATCH_VER_REQ_CMD;
41 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
42 &cmd, HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
43 if (IS_ERR(skb)) {
44 err = PTR_ERR(skb);
45 BT_ERR("%s: Failed to read version of ROME (%d)", hdev->name,
46 err);
47 return err;
48 }
49
50 if (skb->len != sizeof(*edl) + sizeof(*ver)) {
51 BT_ERR("%s: Version size mismatch len %d", hdev->name,
52 skb->len);
53 err = -EILSEQ;
54 goto out;
55 }
56
57 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) {
59 BT_ERR("%s: TLV with no header", hdev->name);
60 err = -EILSEQ;
61 goto out;
62 }
63
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != EDL_APP_VER_RES_EVT) {
66 BT_ERR("%s: Wrong packet received %d %d", hdev->name,
67 edl->cresp, edl->rtype);
68 err = -EIO;
69 goto out;
70 }
71
72 ver = (struct rome_version *)(edl->data);
73
74 BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
75 BT_DBG("%s: Patch :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
76 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
77 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
78
79 /* ROME chipset version can be decided by patch and SoC
80 * version, combination with upper 2 bytes from SoC
81 * and lower 2 bytes from patch will be used.
82 */
83 *rome_version = (le32_to_cpu(ver->soc_id) << 16) |
84 (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
85
86out:
87 kfree_skb(skb);
88
89 return err;
90}
91
92static int rome_reset(struct hci_dev *hdev)
93{
94 struct sk_buff *skb;
95 int err;
96
97 BT_DBG("%s: ROME HCI_RESET", hdev->name);
98
99 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
100 if (IS_ERR(skb)) {
101 err = PTR_ERR(skb);
102 BT_ERR("%s: Reset failed (%d)", hdev->name, err);
103 return err;
104 }
105
106 kfree_skb(skb);
107
108 return 0;
109}
110
111static void rome_tlv_check_data(struct rome_config *config,
112 const struct firmware *fw)
113{
114 const u8 *data;
115 u32 type_len;
116 u16 tag_id, tag_len;
117 int idx, length;
118 struct tlv_type_hdr *tlv;
119 struct tlv_type_patch *tlv_patch;
120 struct tlv_type_nvm *tlv_nvm;
121
122 tlv = (struct tlv_type_hdr *)fw->data;
123
124 type_len = le32_to_cpu(tlv->type_len);
125 length = (type_len >> 8) & 0x00ffffff;
126
127 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
128 BT_DBG("Length\t\t : %d bytes", length);
129
130 switch (config->type) {
131 case TLV_TYPE_PATCH:
132 tlv_patch = (struct tlv_type_patch *)tlv->data;
133 BT_DBG("Total Length\t\t : %d bytes",
134 le32_to_cpu(tlv_patch->total_size));
135 BT_DBG("Patch Data Length\t : %d bytes",
136 le32_to_cpu(tlv_patch->data_length));
137 BT_DBG("Signing Format Version : 0x%x",
138 tlv_patch->format_version);
139 BT_DBG("Signature Algorithm\t : 0x%x",
140 tlv_patch->signature);
141 BT_DBG("Reserved\t\t : 0x%x",
142 le16_to_cpu(tlv_patch->reserved1));
143 BT_DBG("Product ID\t\t : 0x%04x",
144 le16_to_cpu(tlv_patch->product_id));
145 BT_DBG("Rom Build Version\t : 0x%04x",
146 le16_to_cpu(tlv_patch->rom_build));
147 BT_DBG("Patch Version\t\t : 0x%04x",
148 le16_to_cpu(tlv_patch->patch_version));
149 BT_DBG("Reserved\t\t : 0x%x",
150 le16_to_cpu(tlv_patch->reserved2));
151 BT_DBG("Patch Entry Address\t : 0x%x",
152 le32_to_cpu(tlv_patch->entry));
153 break;
154
155 case TLV_TYPE_NVM:
156 idx = 0;
157 data = tlv->data;
158 while (idx < length) {
159 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
160
161 tag_id = le16_to_cpu(tlv_nvm->tag_id);
162 tag_len = le16_to_cpu(tlv_nvm->tag_len);
163
164 /* Update NVM tags as needed */
165 switch (tag_id) {
166 case EDL_TAG_ID_HCI:
167 /* HCI transport layer parameters
168 * enabling software inband sleep
169 * onto controller side.
170 */
171 tlv_nvm->data[0] |= 0x80;
172
173 /* UART Baud Rate */
174 tlv_nvm->data[2] = config->user_baud_rate;
175
176 break;
177
178 case EDL_TAG_ID_DEEP_SLEEP:
179 /* Sleep enable mask
180 * enabling deep sleep feature on controller.
181 */
182 tlv_nvm->data[0] |= 0x01;
183
184 break;
185 }
186
187 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
188 }
189 break;
190
191 default:
192 BT_ERR("Unknown TLV type %d", config->type);
193 break;
194 }
195}
196
197static int rome_tlv_send_segment(struct hci_dev *hdev, int idx, int seg_size,
198 const u8 *data)
199{
200 struct sk_buff *skb;
201 struct edl_event_hdr *edl;
202 struct tlv_seg_resp *tlv_resp;
203 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
204 int err = 0;
205
206 BT_DBG("%s: Download segment #%d size %d", hdev->name, idx, seg_size);
207
208 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
209 cmd[1] = seg_size;
210 memcpy(cmd + 2, data, seg_size);
211
212 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
213 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
214 if (IS_ERR(skb)) {
215 err = PTR_ERR(skb);
216 BT_ERR("%s: Failed to send TLV segment (%d)", hdev->name, err);
217 return err;
218 }
219
220 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
221 BT_ERR("%s: TLV response size mismatch", hdev->name);
222 err = -EILSEQ;
223 goto out;
224 }
225
226 edl = (struct edl_event_hdr *)(skb->data);
227 if (!edl) {
228 BT_ERR("%s: TLV with no header", hdev->name);
229 err = -EILSEQ;
230 goto out;
231 }
232
233 tlv_resp = (struct tlv_seg_resp *)(edl->data);
234
235 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
236 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
237 BT_ERR("%s: TLV with error stat 0x%x rtype 0x%x (0x%x)",
238 hdev->name, edl->cresp, edl->rtype, tlv_resp->result);
239 err = -EIO;
240 }
241
242out:
243 kfree_skb(skb);
244
245 return err;
246}
247
248static int rome_tlv_download_request(struct hci_dev *hdev,
249 const struct firmware *fw)
250{
251 const u8 *buffer, *data;
252 int total_segment, remain_size;
253 int ret, i;
254
255 if (!fw || !fw->data)
256 return -EINVAL;
257
258 total_segment = fw->size / MAX_SIZE_PER_TLV_SEGMENT;
259 remain_size = fw->size % MAX_SIZE_PER_TLV_SEGMENT;
260
261 BT_DBG("%s: Total segment num %d remain size %d total size %zu",
262 hdev->name, total_segment, remain_size, fw->size);
263
264 data = fw->data;
265 for (i = 0; i < total_segment; i++) {
266 buffer = data + i * MAX_SIZE_PER_TLV_SEGMENT;
267 ret = rome_tlv_send_segment(hdev, i, MAX_SIZE_PER_TLV_SEGMENT,
268 buffer);
269 if (ret < 0)
270 return -EIO;
271 }
272
273 if (remain_size) {
274 buffer = data + total_segment * MAX_SIZE_PER_TLV_SEGMENT;
275 ret = rome_tlv_send_segment(hdev, total_segment, remain_size,
276 buffer);
277 if (ret < 0)
278 return -EIO;
279 }
280
281 return 0;
282}
283
284static int rome_download_firmware(struct hci_dev *hdev,
285 struct rome_config *config)
286{
287 const struct firmware *fw;
288 int ret;
289
290 BT_INFO("%s: ROME Downloading %s", hdev->name, config->fwname);
291
292 ret = request_firmware(&fw, config->fwname, &hdev->dev);
293 if (ret) {
294 BT_ERR("%s: Failed to request file: %s (%d)", hdev->name,
295 config->fwname, ret);
296 return ret;
297 }
298
299 rome_tlv_check_data(config, fw);
300
301 ret = rome_tlv_download_request(hdev, fw);
302 if (ret) {
303 BT_ERR("%s: Failed to download file: %s (%d)", hdev->name,
304 config->fwname, ret);
305 }
306
307 release_firmware(fw);
308
309 return ret;
310}
311
312int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
313{
314 struct sk_buff *skb;
315 u8 cmd[9];
316 int err;
317
318 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
319 cmd[1] = 0x02; /* TAG ID */
320 cmd[2] = sizeof(bdaddr_t); /* size */
321 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
322 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
323 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
324 if (IS_ERR(skb)) {
325 err = PTR_ERR(skb);
326 BT_ERR("%s: Change address command failed (%d)",
327 hdev->name, err);
328 return err;
329 }
330
331 kfree_skb(skb);
332
333 return 0;
334}
335EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
336
337int qca_uart_setup_rome(struct hci_dev *hdev, uint8_t baudrate)
338{
339 u32 rome_ver = 0;
340 struct rome_config config;
341 int err;
342
343 BT_DBG("%s: ROME setup on UART", hdev->name);
344
345 config.user_baud_rate = baudrate;
346
347 /* Get ROME version information */
348 err = rome_patch_ver_req(hdev, &rome_ver);
349 if (err < 0 || rome_ver == 0) {
350 BT_ERR("%s: Failed to get version 0x%x", hdev->name, err);
351 return err;
352 }
353
354 BT_INFO("%s: ROME controller version 0x%08x", hdev->name, rome_ver);
355
356 /* Download rampatch file */
357 config.type = TLV_TYPE_PATCH;
358 snprintf(config.fwname, sizeof(config.fwname), "qca/rampatch_%08x.bin",
359 rome_ver);
360 err = rome_download_firmware(hdev, &config);
361 if (err < 0) {
362 BT_ERR("%s: Failed to download patch (%d)", hdev->name, err);
363 return err;
364 }
365
366 /* Download NVM configuration */
367 config.type = TLV_TYPE_NVM;
368 snprintf(config.fwname, sizeof(config.fwname), "qca/nvm_%08x.bin",
369 rome_ver);
370 err = rome_download_firmware(hdev, &config);
371 if (err < 0) {
372 BT_ERR("%s: Failed to download NVM (%d)", hdev->name, err);
373 return err;
374 }
375
376 /* Perform HCI reset */
377 err = rome_reset(hdev);
378 if (err < 0) {
379 BT_ERR("%s: Failed to run HCI_RESET (%d)", hdev->name, err);
380 return err;
381 }
382
383 BT_INFO("%s: ROME setup on UART is completed", hdev->name);
384
385 return 0;
386}
387EXPORT_SYMBOL_GPL(qca_uart_setup_rome);
388
389MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
390MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
391MODULE_VERSION(VERSION);
392MODULE_LICENSE("GPL");