Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7#include <linux/module.h>
8#include <linux/firmware.h>
9#include <linux/vmalloc.h>
10
11#include <net/bluetooth/bluetooth.h>
12#include <net/bluetooth/hci_core.h>
13
14#include "btqca.h"
15
16#define VERSION "0.1"
17
18int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
19 enum qca_btsoc_type soc_type)
20{
21 struct sk_buff *skb;
22 struct edl_event_hdr *edl;
23 char cmd;
24 int err = 0;
25 u8 event_type = HCI_EV_VENDOR;
26 u8 rlen = sizeof(*edl) + sizeof(*ver);
27 u8 rtype = EDL_APP_VER_RES_EVT;
28
29 bt_dev_dbg(hdev, "QCA Version Request");
30
31 /* Unlike other SoC's sending version command response as payload to
32 * VSE event. WCN3991 sends version command response as a payload to
33 * command complete event.
34 */
35 if (soc_type >= QCA_WCN3991) {
36 event_type = 0;
37 rlen += 1;
38 rtype = EDL_PATCH_VER_REQ_CMD;
39 }
40
41 cmd = EDL_PATCH_VER_REQ_CMD;
42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
43 &cmd, event_type, HCI_INIT_TIMEOUT);
44 if (IS_ERR(skb)) {
45 err = PTR_ERR(skb);
46 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
47 err);
48 return err;
49 }
50
51 if (skb->len != rlen) {
52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
53 err = -EILSEQ;
54 goto out;
55 }
56
57 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) {
59 bt_dev_err(hdev, "QCA TLV with no header");
60 err = -EILSEQ;
61 goto out;
62 }
63
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != rtype) {
66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
67 edl->rtype);
68 err = -EIO;
69 goto out;
70 }
71
72 if (soc_type >= QCA_WCN3991)
73 memcpy(ver, edl->data + 1, sizeof(*ver));
74 else
75 memcpy(ver, &edl->data, sizeof(*ver));
76
77 bt_dev_info(hdev, "QCA Product ID :0x%08x",
78 le32_to_cpu(ver->product_id));
79 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
80 le32_to_cpu(ver->soc_id));
81 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
82 le16_to_cpu(ver->rom_ver));
83 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
84 le16_to_cpu(ver->patch_ver));
85
86 if (ver->soc_id == 0 || ver->rom_ver == 0)
87 err = -EILSEQ;
88
89out:
90 kfree_skb(skb);
91 if (err)
92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
93
94 return err;
95}
96EXPORT_SYMBOL_GPL(qca_read_soc_version);
97
98static int qca_read_fw_build_info(struct hci_dev *hdev)
99{
100 struct sk_buff *skb;
101 struct edl_event_hdr *edl;
102 char cmd, build_label[QCA_FW_BUILD_VER_LEN];
103 int build_lbl_len, err = 0;
104
105 bt_dev_dbg(hdev, "QCA read fw build info");
106
107 cmd = EDL_GET_BUILD_INFO_CMD;
108 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
109 &cmd, 0, HCI_INIT_TIMEOUT);
110 if (IS_ERR(skb)) {
111 err = PTR_ERR(skb);
112 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
113 err);
114 return err;
115 }
116
117 edl = (struct edl_event_hdr *)(skb->data);
118 if (!edl) {
119 bt_dev_err(hdev, "QCA read fw build info with no header");
120 err = -EILSEQ;
121 goto out;
122 }
123
124 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
125 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
126 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
127 edl->rtype);
128 err = -EIO;
129 goto out;
130 }
131
132 build_lbl_len = edl->data[0];
133 if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) {
134 memcpy(build_label, edl->data + 1, build_lbl_len);
135 *(build_label + build_lbl_len) = '\0';
136 }
137
138 hci_set_fw_info(hdev, "%s", build_label);
139
140out:
141 kfree_skb(skb);
142 return err;
143}
144
145static int qca_send_patch_config_cmd(struct hci_dev *hdev)
146{
147 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
148 struct sk_buff *skb;
149 struct edl_event_hdr *edl;
150 int err;
151
152 bt_dev_dbg(hdev, "QCA Patch config");
153
154 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
155 cmd, 0, HCI_INIT_TIMEOUT);
156 if (IS_ERR(skb)) {
157 err = PTR_ERR(skb);
158 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
159 return err;
160 }
161
162 if (skb->len != 2) {
163 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
164 err = -EILSEQ;
165 goto out;
166 }
167
168 edl = (struct edl_event_hdr *)(skb->data);
169 if (!edl) {
170 bt_dev_err(hdev, "QCA Patch config with no header");
171 err = -EILSEQ;
172 goto out;
173 }
174
175 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
176 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
177 edl->rtype);
178 err = -EIO;
179 goto out;
180 }
181
182 err = 0;
183
184out:
185 kfree_skb(skb);
186 return err;
187}
188
189static int qca_send_reset(struct hci_dev *hdev)
190{
191 struct sk_buff *skb;
192 int err;
193
194 bt_dev_dbg(hdev, "QCA HCI_RESET");
195
196 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
197 if (IS_ERR(skb)) {
198 err = PTR_ERR(skb);
199 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
200 return err;
201 }
202
203 kfree_skb(skb);
204
205 return 0;
206}
207
208static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid)
209{
210 u8 cmd;
211 struct sk_buff *skb;
212 struct edl_event_hdr *edl;
213 int err = 0;
214
215 cmd = EDL_GET_BID_REQ_CMD;
216 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
217 &cmd, 0, HCI_INIT_TIMEOUT);
218 if (IS_ERR(skb)) {
219 err = PTR_ERR(skb);
220 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err);
221 return err;
222 }
223
224 edl = skb_pull_data(skb, sizeof(*edl));
225 if (!edl) {
226 bt_dev_err(hdev, "QCA read board ID with no header");
227 err = -EILSEQ;
228 goto out;
229 }
230
231 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
232 edl->rtype != EDL_GET_BID_REQ_CMD) {
233 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype);
234 err = -EIO;
235 goto out;
236 }
237
238 *bid = (edl->data[1] << 8) + edl->data[2];
239 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid);
240
241out:
242 kfree_skb(skb);
243 return err;
244}
245
246int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
247{
248 struct sk_buff *skb;
249 int err;
250
251 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
252
253 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
254 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
255
256 if (IS_ERR(skb)) {
257 err = PTR_ERR(skb);
258 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
259 return err;
260 }
261
262 kfree_skb(skb);
263
264 return 0;
265}
266EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
267
268static void qca_tlv_check_data(struct hci_dev *hdev,
269 struct qca_fw_config *config,
270 u8 *fw_data, enum qca_btsoc_type soc_type)
271{
272 const u8 *data;
273 u32 type_len;
274 u16 tag_id, tag_len;
275 int idx, length;
276 struct tlv_type_hdr *tlv;
277 struct tlv_type_patch *tlv_patch;
278 struct tlv_type_nvm *tlv_nvm;
279 uint8_t nvm_baud_rate = config->user_baud_rate;
280
281 config->dnld_mode = QCA_SKIP_EVT_NONE;
282 config->dnld_type = QCA_SKIP_EVT_NONE;
283
284 switch (config->type) {
285 case ELF_TYPE_PATCH:
286 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
287 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
288
289 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]);
290 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]);
291 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]);
292 break;
293 case TLV_TYPE_PATCH:
294 tlv = (struct tlv_type_hdr *)fw_data;
295 type_len = le32_to_cpu(tlv->type_len);
296 tlv_patch = (struct tlv_type_patch *)tlv->data;
297
298 /* For Rome version 1.1 to 3.1, all segment commands
299 * are acked by a vendor specific event (VSE).
300 * For Rome >= 3.2, the download mode field indicates
301 * if VSE is skipped by the controller.
302 * In case VSE is skipped, only the last segment is acked.
303 */
304 config->dnld_mode = tlv_patch->download_mode;
305 config->dnld_type = config->dnld_mode;
306
307 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
308 BT_DBG("Total Length : %d bytes",
309 le32_to_cpu(tlv_patch->total_size));
310 BT_DBG("Patch Data Length : %d bytes",
311 le32_to_cpu(tlv_patch->data_length));
312 BT_DBG("Signing Format Version : 0x%x",
313 tlv_patch->format_version);
314 BT_DBG("Signature Algorithm : 0x%x",
315 tlv_patch->signature);
316 BT_DBG("Download mode : 0x%x",
317 tlv_patch->download_mode);
318 BT_DBG("Reserved : 0x%x",
319 tlv_patch->reserved1);
320 BT_DBG("Product ID : 0x%04x",
321 le16_to_cpu(tlv_patch->product_id));
322 BT_DBG("Rom Build Version : 0x%04x",
323 le16_to_cpu(tlv_patch->rom_build));
324 BT_DBG("Patch Version : 0x%04x",
325 le16_to_cpu(tlv_patch->patch_version));
326 BT_DBG("Reserved : 0x%x",
327 le16_to_cpu(tlv_patch->reserved2));
328 BT_DBG("Patch Entry Address : 0x%x",
329 le32_to_cpu(tlv_patch->entry));
330 break;
331
332 case TLV_TYPE_NVM:
333 tlv = (struct tlv_type_hdr *)fw_data;
334
335 type_len = le32_to_cpu(tlv->type_len);
336 length = (type_len >> 8) & 0x00ffffff;
337
338 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
339 BT_DBG("Length\t\t : %d bytes", length);
340
341 idx = 0;
342 data = tlv->data;
343 while (idx < length) {
344 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
345
346 tag_id = le16_to_cpu(tlv_nvm->tag_id);
347 tag_len = le16_to_cpu(tlv_nvm->tag_len);
348
349 /* Update NVM tags as needed */
350 switch (tag_id) {
351 case EDL_TAG_ID_HCI:
352 /* HCI transport layer parameters
353 * enabling software inband sleep
354 * onto controller side.
355 */
356 tlv_nvm->data[0] |= 0x80;
357
358 /* UART Baud Rate */
359 if (soc_type >= QCA_WCN3991)
360 tlv_nvm->data[1] = nvm_baud_rate;
361 else
362 tlv_nvm->data[2] = nvm_baud_rate;
363
364 break;
365
366 case EDL_TAG_ID_DEEP_SLEEP:
367 /* Sleep enable mask
368 * enabling deep sleep feature on controller.
369 */
370 tlv_nvm->data[0] |= 0x01;
371
372 break;
373 }
374
375 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
376 }
377 break;
378
379 default:
380 BT_ERR("Unknown TLV type %d", config->type);
381 break;
382 }
383}
384
385static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
386 const u8 *data, enum qca_tlv_dnld_mode mode,
387 enum qca_btsoc_type soc_type)
388{
389 struct sk_buff *skb;
390 struct edl_event_hdr *edl;
391 struct tlv_seg_resp *tlv_resp;
392 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
393 int err = 0;
394 u8 event_type = HCI_EV_VENDOR;
395 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
396 u8 rtype = EDL_TVL_DNLD_RES_EVT;
397
398 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
399 cmd[1] = seg_size;
400 memcpy(cmd + 2, data, seg_size);
401
402 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
403 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
404 cmd);
405
406 /* Unlike other SoC's sending version command response as payload to
407 * VSE event. WCN3991 sends version command response as a payload to
408 * command complete event.
409 */
410 if (soc_type >= QCA_WCN3991) {
411 event_type = 0;
412 rlen = sizeof(*edl);
413 rtype = EDL_PATCH_TLV_REQ_CMD;
414 }
415
416 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
417 event_type, HCI_INIT_TIMEOUT);
418 if (IS_ERR(skb)) {
419 err = PTR_ERR(skb);
420 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
421 return err;
422 }
423
424 if (skb->len != rlen) {
425 bt_dev_err(hdev, "QCA TLV response size mismatch");
426 err = -EILSEQ;
427 goto out;
428 }
429
430 edl = (struct edl_event_hdr *)(skb->data);
431 if (!edl) {
432 bt_dev_err(hdev, "TLV with no header");
433 err = -EILSEQ;
434 goto out;
435 }
436
437 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
438 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
439 edl->cresp, edl->rtype);
440 err = -EIO;
441 }
442
443 if (soc_type >= QCA_WCN3991)
444 goto out;
445
446 tlv_resp = (struct tlv_seg_resp *)(edl->data);
447 if (tlv_resp->result) {
448 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
449 edl->cresp, edl->rtype, tlv_resp->result);
450 }
451
452out:
453 kfree_skb(skb);
454
455 return err;
456}
457
458static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
459{
460 struct hci_event_hdr *hdr;
461 struct hci_ev_cmd_complete *evt;
462 struct sk_buff *skb;
463
464 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
465 if (!skb)
466 return -ENOMEM;
467
468 hdr = skb_put(skb, sizeof(*hdr));
469 hdr->evt = HCI_EV_CMD_COMPLETE;
470 hdr->plen = sizeof(*evt) + 1;
471
472 evt = skb_put(skb, sizeof(*evt));
473 evt->ncmd = 1;
474 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
475
476 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
477
478 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
479
480 return hci_recv_frame(hdev, skb);
481}
482
483static int qca_download_firmware(struct hci_dev *hdev,
484 struct qca_fw_config *config,
485 enum qca_btsoc_type soc_type,
486 u8 rom_ver)
487{
488 const struct firmware *fw;
489 u8 *data;
490 const u8 *segment;
491 int ret, size, remain, i = 0;
492
493 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
494
495 ret = request_firmware(&fw, config->fwname, &hdev->dev);
496 if (ret) {
497 /* For WCN6750, if mbn file is not present then check for
498 * tlv file.
499 */
500 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
501 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
502 config->fwname, ret);
503 config->type = TLV_TYPE_PATCH;
504 snprintf(config->fwname, sizeof(config->fwname),
505 "qca/msbtfw%02x.tlv", rom_ver);
506 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
507 ret = request_firmware(&fw, config->fwname, &hdev->dev);
508 if (ret) {
509 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
510 config->fwname, ret);
511 return ret;
512 }
513 } else {
514 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
515 config->fwname, ret);
516 return ret;
517 }
518 }
519
520 size = fw->size;
521 data = vmalloc(fw->size);
522 if (!data) {
523 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
524 config->fwname);
525 release_firmware(fw);
526 return -ENOMEM;
527 }
528
529 memcpy(data, fw->data, size);
530 release_firmware(fw);
531
532 qca_tlv_check_data(hdev, config, data, soc_type);
533
534 segment = data;
535 remain = size;
536 while (remain > 0) {
537 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
538
539 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
540
541 remain -= segsize;
542 /* The last segment is always acked regardless download mode */
543 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
544 config->dnld_mode = QCA_SKIP_EVT_NONE;
545
546 ret = qca_tlv_send_segment(hdev, segsize, segment,
547 config->dnld_mode, soc_type);
548 if (ret)
549 goto out;
550
551 segment += segsize;
552 }
553
554 /* Latest qualcomm chipsets are not sending a command complete event
555 * for every fw packet sent. They only respond with a vendor specific
556 * event for the last packet. This optimization in the chip will
557 * decrease the BT in initialization time. Here we will inject a command
558 * complete event to avoid a command timeout error message.
559 */
560 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
561 config->dnld_type == QCA_SKIP_EVT_VSE)
562 ret = qca_inject_cmd_complete_event(hdev);
563
564out:
565 vfree(data);
566
567 return ret;
568}
569
570static int qca_disable_soc_logging(struct hci_dev *hdev)
571{
572 struct sk_buff *skb;
573 u8 cmd[2];
574 int err;
575
576 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
577 cmd[1] = 0x00;
578 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
579 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
580 if (IS_ERR(skb)) {
581 err = PTR_ERR(skb);
582 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
583 return err;
584 }
585
586 kfree_skb(skb);
587
588 return 0;
589}
590
591int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
592{
593 struct sk_buff *skb;
594 u8 cmd[9];
595 int err;
596
597 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
598 cmd[1] = 0x02; /* TAG ID */
599 cmd[2] = sizeof(bdaddr_t); /* size */
600 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
601 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
602 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
603 if (IS_ERR(skb)) {
604 err = PTR_ERR(skb);
605 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
606 return err;
607 }
608
609 kfree_skb(skb);
610
611 return 0;
612}
613EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
614
615static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size,
616 struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
617{
618 const char *variant;
619
620 /* hsp gf chip */
621 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID)
622 variant = "g";
623 else
624 variant = "";
625
626 if (bid == 0x0)
627 snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant);
628 else
629 snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid);
630}
631
632int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
633 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
634 const char *firmware_name)
635{
636 struct qca_fw_config config;
637 int err;
638 u8 rom_ver = 0;
639 u32 soc_ver;
640 u16 boardid = 0;
641
642 bt_dev_dbg(hdev, "QCA setup on UART");
643
644 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
645
646 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
647
648 config.user_baud_rate = baudrate;
649
650 /* Firmware files to download are based on ROM version.
651 * ROM version is derived from last two bytes of soc_ver.
652 */
653 if (soc_type == QCA_WCN3988)
654 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
655 else
656 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
657
658 if (soc_type == QCA_WCN6750)
659 qca_send_patch_config_cmd(hdev);
660
661 /* Download rampatch file */
662 config.type = TLV_TYPE_PATCH;
663 switch (soc_type) {
664 case QCA_WCN3990:
665 case QCA_WCN3991:
666 case QCA_WCN3998:
667 snprintf(config.fwname, sizeof(config.fwname),
668 "qca/crbtfw%02x.tlv", rom_ver);
669 break;
670 case QCA_WCN3988:
671 snprintf(config.fwname, sizeof(config.fwname),
672 "qca/apbtfw%02x.tlv", rom_ver);
673 break;
674 case QCA_QCA2066:
675 snprintf(config.fwname, sizeof(config.fwname),
676 "qca/hpbtfw%02x.tlv", rom_ver);
677 break;
678 case QCA_QCA6390:
679 snprintf(config.fwname, sizeof(config.fwname),
680 "qca/htbtfw%02x.tlv", rom_ver);
681 break;
682 case QCA_WCN6750:
683 /* Choose mbn file by default.If mbn file is not found
684 * then choose tlv file
685 */
686 config.type = ELF_TYPE_PATCH;
687 snprintf(config.fwname, sizeof(config.fwname),
688 "qca/msbtfw%02x.mbn", rom_ver);
689 break;
690 case QCA_WCN6855:
691 snprintf(config.fwname, sizeof(config.fwname),
692 "qca/hpbtfw%02x.tlv", rom_ver);
693 break;
694 case QCA_WCN7850:
695 snprintf(config.fwname, sizeof(config.fwname),
696 "qca/hmtbtfw%02x.tlv", rom_ver);
697 break;
698 default:
699 snprintf(config.fwname, sizeof(config.fwname),
700 "qca/rampatch_%08x.bin", soc_ver);
701 }
702
703 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
704 if (err < 0) {
705 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
706 return err;
707 }
708
709 /* Give the controller some time to get ready to receive the NVM */
710 msleep(10);
711
712 if (soc_type == QCA_QCA2066)
713 qca_read_fw_board_id(hdev, &boardid);
714
715 /* Download NVM configuration */
716 config.type = TLV_TYPE_NVM;
717 if (firmware_name) {
718 snprintf(config.fwname, sizeof(config.fwname),
719 "qca/%s", firmware_name);
720 } else {
721 switch (soc_type) {
722 case QCA_WCN3990:
723 case QCA_WCN3991:
724 case QCA_WCN3998:
725 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
726 snprintf(config.fwname, sizeof(config.fwname),
727 "qca/crnv%02xu.bin", rom_ver);
728 } else {
729 snprintf(config.fwname, sizeof(config.fwname),
730 "qca/crnv%02x.bin", rom_ver);
731 }
732 break;
733 case QCA_WCN3988:
734 snprintf(config.fwname, sizeof(config.fwname),
735 "qca/apnv%02x.bin", rom_ver);
736 break;
737 case QCA_QCA2066:
738 qca_generate_hsp_nvm_name(config.fwname,
739 sizeof(config.fwname), ver, rom_ver, boardid);
740 break;
741 case QCA_QCA6390:
742 snprintf(config.fwname, sizeof(config.fwname),
743 "qca/htnv%02x.bin", rom_ver);
744 break;
745 case QCA_WCN6750:
746 snprintf(config.fwname, sizeof(config.fwname),
747 "qca/msnv%02x.bin", rom_ver);
748 break;
749 case QCA_WCN6855:
750 snprintf(config.fwname, sizeof(config.fwname),
751 "qca/hpnv%02x.bin", rom_ver);
752 break;
753 case QCA_WCN7850:
754 snprintf(config.fwname, sizeof(config.fwname),
755 "qca/hmtnv%02x.bin", rom_ver);
756 break;
757
758 default:
759 snprintf(config.fwname, sizeof(config.fwname),
760 "qca/nvm_%08x.bin", soc_ver);
761 }
762 }
763
764 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
765 if (err < 0) {
766 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
767 return err;
768 }
769
770 switch (soc_type) {
771 case QCA_WCN3991:
772 case QCA_QCA2066:
773 case QCA_QCA6390:
774 case QCA_WCN6750:
775 case QCA_WCN6855:
776 case QCA_WCN7850:
777 err = qca_disable_soc_logging(hdev);
778 if (err < 0)
779 return err;
780 break;
781 default:
782 break;
783 }
784
785 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
786 * VsMsftOpCode.
787 */
788 switch (soc_type) {
789 case QCA_WCN3988:
790 case QCA_WCN3990:
791 case QCA_WCN3991:
792 case QCA_WCN3998:
793 case QCA_WCN6750:
794 hci_set_msft_opcode(hdev, 0xFD70);
795 break;
796 default:
797 break;
798 }
799
800 /* Perform HCI reset */
801 err = qca_send_reset(hdev);
802 if (err < 0) {
803 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
804 return err;
805 }
806
807 switch (soc_type) {
808 case QCA_WCN3991:
809 case QCA_WCN6750:
810 case QCA_WCN6855:
811 case QCA_WCN7850:
812 /* get fw build info */
813 err = qca_read_fw_build_info(hdev);
814 if (err < 0)
815 return err;
816 break;
817 default:
818 break;
819 }
820
821 bt_dev_info(hdev, "QCA setup on UART is completed");
822
823 return 0;
824}
825EXPORT_SYMBOL_GPL(qca_uart_setup);
826
827int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
828{
829 struct sk_buff *skb;
830 int err;
831
832 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
833 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
834 if (IS_ERR(skb)) {
835 err = PTR_ERR(skb);
836 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
837 return err;
838 }
839
840 kfree_skb(skb);
841
842 return 0;
843}
844EXPORT_SYMBOL_GPL(qca_set_bdaddr);
845
846
847MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
848MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
849MODULE_VERSION(VERSION);
850MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7#include <linux/module.h>
8#include <linux/firmware.h>
9#include <linux/vmalloc.h>
10
11#include <net/bluetooth/bluetooth.h>
12#include <net/bluetooth/hci_core.h>
13
14#include "btqca.h"
15
16int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
17 enum qca_btsoc_type soc_type)
18{
19 struct sk_buff *skb;
20 struct edl_event_hdr *edl;
21 char cmd;
22 int err = 0;
23 u8 event_type = HCI_EV_VENDOR;
24 u8 rlen = sizeof(*edl) + sizeof(*ver);
25 u8 rtype = EDL_APP_VER_RES_EVT;
26
27 bt_dev_dbg(hdev, "QCA Version Request");
28
29 /* Unlike other SoC's sending version command response as payload to
30 * VSE event. WCN3991 sends version command response as a payload to
31 * command complete event.
32 */
33 if (soc_type >= QCA_WCN3991) {
34 event_type = 0;
35 rlen += 1;
36 rtype = EDL_PATCH_VER_REQ_CMD;
37 }
38
39 cmd = EDL_PATCH_VER_REQ_CMD;
40 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
41 &cmd, event_type, HCI_INIT_TIMEOUT);
42 if (IS_ERR(skb)) {
43 err = PTR_ERR(skb);
44 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
45 err);
46 return err;
47 }
48
49 if (skb->len != rlen) {
50 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
51 err = -EILSEQ;
52 goto out;
53 }
54
55 edl = (struct edl_event_hdr *)(skb->data);
56
57 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
58 edl->rtype != rtype) {
59 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
60 edl->rtype);
61 err = -EIO;
62 goto out;
63 }
64
65 if (soc_type >= QCA_WCN3991)
66 memcpy(ver, edl->data + 1, sizeof(*ver));
67 else
68 memcpy(ver, &edl->data, sizeof(*ver));
69
70 bt_dev_info(hdev, "QCA Product ID :0x%08x",
71 le32_to_cpu(ver->product_id));
72 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
73 le32_to_cpu(ver->soc_id));
74 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
75 le16_to_cpu(ver->rom_ver));
76 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
77 le16_to_cpu(ver->patch_ver));
78
79 if (ver->soc_id == 0 || ver->rom_ver == 0)
80 err = -EILSEQ;
81
82out:
83 kfree_skb(skb);
84 if (err)
85 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
86
87 return err;
88}
89EXPORT_SYMBOL_GPL(qca_read_soc_version);
90
91static int qca_read_fw_build_info(struct hci_dev *hdev)
92{
93 struct sk_buff *skb;
94 struct edl_event_hdr *edl;
95 char *build_label;
96 char cmd;
97 int build_lbl_len, err = 0;
98
99 bt_dev_dbg(hdev, "QCA read fw build info");
100
101 cmd = EDL_GET_BUILD_INFO_CMD;
102 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
103 &cmd, 0, HCI_INIT_TIMEOUT);
104 if (IS_ERR(skb)) {
105 err = PTR_ERR(skb);
106 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
107 err);
108 return err;
109 }
110
111 if (skb->len < sizeof(*edl)) {
112 err = -EILSEQ;
113 goto out;
114 }
115
116 edl = (struct edl_event_hdr *)(skb->data);
117
118 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
119 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
120 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
121 edl->rtype);
122 err = -EIO;
123 goto out;
124 }
125
126 if (skb->len < sizeof(*edl) + 1) {
127 err = -EILSEQ;
128 goto out;
129 }
130
131 build_lbl_len = edl->data[0];
132
133 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) {
134 err = -EILSEQ;
135 goto out;
136 }
137
138 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL);
139 if (!build_label) {
140 err = -ENOMEM;
141 goto out;
142 }
143
144 hci_set_fw_info(hdev, "%s", build_label);
145
146 kfree(build_label);
147out:
148 kfree_skb(skb);
149 return err;
150}
151
152static int qca_send_patch_config_cmd(struct hci_dev *hdev)
153{
154 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
155 struct sk_buff *skb;
156 struct edl_event_hdr *edl;
157 int err;
158
159 bt_dev_dbg(hdev, "QCA Patch config");
160
161 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
162 cmd, 0, HCI_INIT_TIMEOUT);
163 if (IS_ERR(skb)) {
164 err = PTR_ERR(skb);
165 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
166 return err;
167 }
168
169 if (skb->len != 2) {
170 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
171 err = -EILSEQ;
172 goto out;
173 }
174
175 edl = (struct edl_event_hdr *)(skb->data);
176
177 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
178 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
179 edl->rtype);
180 err = -EIO;
181 goto out;
182 }
183
184 err = 0;
185
186out:
187 kfree_skb(skb);
188 return err;
189}
190
191static int qca_send_reset(struct hci_dev *hdev)
192{
193 struct sk_buff *skb;
194 int err;
195
196 bt_dev_dbg(hdev, "QCA HCI_RESET");
197
198 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
199 if (IS_ERR(skb)) {
200 err = PTR_ERR(skb);
201 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
202 return err;
203 }
204
205 kfree_skb(skb);
206
207 return 0;
208}
209
210static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid)
211{
212 u8 cmd;
213 struct sk_buff *skb;
214 struct edl_event_hdr *edl;
215 int err = 0;
216
217 cmd = EDL_GET_BID_REQ_CMD;
218 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
219 &cmd, 0, HCI_INIT_TIMEOUT);
220 if (IS_ERR(skb)) {
221 err = PTR_ERR(skb);
222 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err);
223 return err;
224 }
225
226 edl = skb_pull_data(skb, sizeof(*edl));
227 if (!edl) {
228 bt_dev_err(hdev, "QCA read board ID with no header");
229 err = -EILSEQ;
230 goto out;
231 }
232
233 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
234 edl->rtype != EDL_GET_BID_REQ_CMD) {
235 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype);
236 err = -EIO;
237 goto out;
238 }
239
240 if (skb->len < 3) {
241 err = -EILSEQ;
242 goto out;
243 }
244
245 *bid = (edl->data[1] << 8) + edl->data[2];
246 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid);
247
248out:
249 kfree_skb(skb);
250 return err;
251}
252
253int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
254{
255 struct sk_buff *skb;
256 int err;
257
258 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
259
260 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
261 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
262
263 if (IS_ERR(skb)) {
264 err = PTR_ERR(skb);
265 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
266 return err;
267 }
268
269 kfree_skb(skb);
270
271 return 0;
272}
273EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
274
275static bool qca_filename_has_extension(const char *filename)
276{
277 const char *suffix = strrchr(filename, '.');
278
279 /* File extensions require a dot, but not as the first or last character */
280 if (!suffix || suffix == filename || *(suffix + 1) == '\0')
281 return 0;
282
283 /* Avoid matching directories with names that look like files with extensions */
284 return !strchr(suffix, '/');
285}
286
287static bool qca_get_alt_nvm_file(char *filename, size_t max_size)
288{
289 char fwname[64];
290 const char *suffix;
291
292 /* nvm file name has an extension, replace with .bin */
293 if (qca_filename_has_extension(filename)) {
294 suffix = strrchr(filename, '.');
295 strscpy(fwname, filename, suffix - filename + 1);
296 snprintf(fwname + (suffix - filename),
297 sizeof(fwname) - (suffix - filename), ".bin");
298 /* If nvm file is already the default one, return false to skip the retry. */
299 if (strcmp(fwname, filename) == 0)
300 return false;
301
302 snprintf(filename, max_size, "%s", fwname);
303 return true;
304 }
305 return false;
306}
307
308static int qca_tlv_check_data(struct hci_dev *hdev,
309 struct qca_fw_config *config,
310 u8 *fw_data, size_t fw_size,
311 enum qca_btsoc_type soc_type)
312{
313 const u8 *data;
314 u32 type_len;
315 u16 tag_id, tag_len;
316 int idx, length;
317 struct tlv_type_hdr *tlv;
318 struct tlv_type_patch *tlv_patch;
319 struct tlv_type_nvm *tlv_nvm;
320 uint8_t nvm_baud_rate = config->user_baud_rate;
321 u8 type;
322
323 config->dnld_mode = QCA_SKIP_EVT_NONE;
324 config->dnld_type = QCA_SKIP_EVT_NONE;
325
326 switch (config->type) {
327 case ELF_TYPE_PATCH:
328 if (fw_size < 7)
329 return -EINVAL;
330
331 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
332 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
333
334 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]);
335 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]);
336 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]);
337 break;
338 case TLV_TYPE_PATCH:
339 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch))
340 return -EINVAL;
341
342 tlv = (struct tlv_type_hdr *)fw_data;
343 type_len = le32_to_cpu(tlv->type_len);
344 tlv_patch = (struct tlv_type_patch *)tlv->data;
345
346 /* For Rome version 1.1 to 3.1, all segment commands
347 * are acked by a vendor specific event (VSE).
348 * For Rome >= 3.2, the download mode field indicates
349 * if VSE is skipped by the controller.
350 * In case VSE is skipped, only the last segment is acked.
351 */
352 config->dnld_mode = tlv_patch->download_mode;
353 config->dnld_type = config->dnld_mode;
354
355 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
356 BT_DBG("Total Length : %d bytes",
357 le32_to_cpu(tlv_patch->total_size));
358 BT_DBG("Patch Data Length : %d bytes",
359 le32_to_cpu(tlv_patch->data_length));
360 BT_DBG("Signing Format Version : 0x%x",
361 tlv_patch->format_version);
362 BT_DBG("Signature Algorithm : 0x%x",
363 tlv_patch->signature);
364 BT_DBG("Download mode : 0x%x",
365 tlv_patch->download_mode);
366 BT_DBG("Reserved : 0x%x",
367 tlv_patch->reserved1);
368 BT_DBG("Product ID : 0x%04x",
369 le16_to_cpu(tlv_patch->product_id));
370 BT_DBG("Rom Build Version : 0x%04x",
371 le16_to_cpu(tlv_patch->rom_build));
372 BT_DBG("Patch Version : 0x%04x",
373 le16_to_cpu(tlv_patch->patch_version));
374 BT_DBG("Reserved : 0x%x",
375 le16_to_cpu(tlv_patch->reserved2));
376 BT_DBG("Patch Entry Address : 0x%x",
377 le32_to_cpu(tlv_patch->entry));
378 break;
379
380 case TLV_TYPE_NVM:
381 if (fw_size < sizeof(struct tlv_type_hdr))
382 return -EINVAL;
383
384 tlv = (struct tlv_type_hdr *)fw_data;
385
386 type_len = le32_to_cpu(tlv->type_len);
387 length = type_len >> 8;
388 type = type_len & 0xff;
389
390 /* Some NVM files have more than one set of tags, only parse
391 * the first set when it has type 2 for now. When there is
392 * more than one set there is an enclosing header of type 4.
393 */
394 if (type == 4) {
395 if (fw_size < 2 * sizeof(struct tlv_type_hdr))
396 return -EINVAL;
397
398 tlv++;
399
400 type_len = le32_to_cpu(tlv->type_len);
401 length = type_len >> 8;
402 type = type_len & 0xff;
403 }
404
405 BT_DBG("TLV Type\t\t : 0x%x", type);
406 BT_DBG("Length\t\t : %d bytes", length);
407
408 if (type != 2)
409 break;
410
411 if (fw_size < length + (tlv->data - fw_data))
412 return -EINVAL;
413
414 idx = 0;
415 data = tlv->data;
416 while (idx < length - sizeof(struct tlv_type_nvm)) {
417 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
418
419 tag_id = le16_to_cpu(tlv_nvm->tag_id);
420 tag_len = le16_to_cpu(tlv_nvm->tag_len);
421
422 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len)
423 return -EINVAL;
424
425 /* Update NVM tags as needed */
426 switch (tag_id) {
427 case EDL_TAG_ID_BD_ADDR:
428 if (tag_len != sizeof(bdaddr_t))
429 return -EINVAL;
430
431 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t));
432
433 break;
434
435 case EDL_TAG_ID_HCI:
436 if (tag_len < 3)
437 return -EINVAL;
438
439 /* HCI transport layer parameters
440 * enabling software inband sleep
441 * onto controller side.
442 */
443 tlv_nvm->data[0] |= 0x80;
444
445 /* UART Baud Rate */
446 if (soc_type >= QCA_WCN3991)
447 tlv_nvm->data[1] = nvm_baud_rate;
448 else
449 tlv_nvm->data[2] = nvm_baud_rate;
450
451 break;
452
453 case EDL_TAG_ID_DEEP_SLEEP:
454 if (tag_len < 1)
455 return -EINVAL;
456
457 /* Sleep enable mask
458 * enabling deep sleep feature on controller.
459 */
460 tlv_nvm->data[0] |= 0x01;
461
462 break;
463 }
464
465 idx += sizeof(struct tlv_type_nvm) + tag_len;
466 }
467 break;
468
469 default:
470 BT_ERR("Unknown TLV type %d", config->type);
471 return -EINVAL;
472 }
473
474 return 0;
475}
476
477static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
478 const u8 *data, enum qca_tlv_dnld_mode mode,
479 enum qca_btsoc_type soc_type)
480{
481 struct sk_buff *skb;
482 struct edl_event_hdr *edl;
483 struct tlv_seg_resp *tlv_resp;
484 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
485 int err = 0;
486 u8 event_type = HCI_EV_VENDOR;
487 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
488 u8 rtype = EDL_TVL_DNLD_RES_EVT;
489
490 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
491 cmd[1] = seg_size;
492 memcpy(cmd + 2, data, seg_size);
493
494 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
495 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
496 cmd);
497
498 /* Unlike other SoC's sending version command response as payload to
499 * VSE event. WCN3991 sends version command response as a payload to
500 * command complete event.
501 */
502 if (soc_type >= QCA_WCN3991) {
503 event_type = 0;
504 rlen = sizeof(*edl);
505 rtype = EDL_PATCH_TLV_REQ_CMD;
506 }
507
508 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
509 event_type, HCI_INIT_TIMEOUT);
510 if (IS_ERR(skb)) {
511 err = PTR_ERR(skb);
512 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
513 return err;
514 }
515
516 if (skb->len != rlen) {
517 bt_dev_err(hdev, "QCA TLV response size mismatch");
518 err = -EILSEQ;
519 goto out;
520 }
521
522 edl = (struct edl_event_hdr *)(skb->data);
523
524 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
525 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
526 edl->cresp, edl->rtype);
527 err = -EIO;
528 }
529
530 if (soc_type >= QCA_WCN3991)
531 goto out;
532
533 tlv_resp = (struct tlv_seg_resp *)(edl->data);
534 if (tlv_resp->result) {
535 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
536 edl->cresp, edl->rtype, tlv_resp->result);
537 }
538
539out:
540 kfree_skb(skb);
541
542 return err;
543}
544
545static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
546{
547 struct hci_event_hdr *hdr;
548 struct hci_ev_cmd_complete *evt;
549 struct sk_buff *skb;
550
551 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
552 if (!skb)
553 return -ENOMEM;
554
555 hdr = skb_put(skb, sizeof(*hdr));
556 hdr->evt = HCI_EV_CMD_COMPLETE;
557 hdr->plen = sizeof(*evt) + 1;
558
559 evt = skb_put(skb, sizeof(*evt));
560 evt->ncmd = 1;
561 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
562
563 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
564
565 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
566
567 return hci_recv_frame(hdev, skb);
568}
569
570static int qca_download_firmware(struct hci_dev *hdev,
571 struct qca_fw_config *config,
572 enum qca_btsoc_type soc_type,
573 u8 rom_ver)
574{
575 const struct firmware *fw;
576 u8 *data;
577 const u8 *segment;
578 int ret, size, remain, i = 0;
579
580 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
581
582 ret = request_firmware(&fw, config->fwname, &hdev->dev);
583 if (ret) {
584 /* For WCN6750, if mbn file is not present then check for
585 * tlv file.
586 */
587 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
588 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
589 config->fwname, ret);
590 config->type = TLV_TYPE_PATCH;
591 snprintf(config->fwname, sizeof(config->fwname),
592 "qca/msbtfw%02x.tlv", rom_ver);
593 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
594 ret = request_firmware(&fw, config->fwname, &hdev->dev);
595 if (ret) {
596 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
597 config->fwname, ret);
598 return ret;
599 }
600 }
601 /* If the board-specific file is missing, try loading the default
602 * one, unless that was attempted already.
603 */
604 else if (config->type == TLV_TYPE_NVM &&
605 qca_get_alt_nvm_file(config->fwname, sizeof(config->fwname))) {
606 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
607 ret = request_firmware(&fw, config->fwname, &hdev->dev);
608 if (ret) {
609 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
610 config->fwname, ret);
611 return ret;
612 }
613 } else {
614 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
615 config->fwname, ret);
616 return ret;
617 }
618 }
619
620 size = fw->size;
621 data = vmalloc(fw->size);
622 if (!data) {
623 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
624 config->fwname);
625 release_firmware(fw);
626 return -ENOMEM;
627 }
628
629 memcpy(data, fw->data, size);
630 release_firmware(fw);
631
632 ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
633 if (ret)
634 goto out;
635
636 segment = data;
637 remain = size;
638 while (remain > 0) {
639 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
640
641 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
642
643 remain -= segsize;
644 /* The last segment is always acked regardless download mode */
645 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
646 config->dnld_mode = QCA_SKIP_EVT_NONE;
647
648 ret = qca_tlv_send_segment(hdev, segsize, segment,
649 config->dnld_mode, soc_type);
650 if (ret)
651 goto out;
652
653 segment += segsize;
654 }
655
656 /* Latest qualcomm chipsets are not sending a command complete event
657 * for every fw packet sent. They only respond with a vendor specific
658 * event for the last packet. This optimization in the chip will
659 * decrease the BT in initialization time. Here we will inject a command
660 * complete event to avoid a command timeout error message.
661 */
662 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
663 config->dnld_type == QCA_SKIP_EVT_VSE)
664 ret = qca_inject_cmd_complete_event(hdev);
665
666out:
667 vfree(data);
668
669 return ret;
670}
671
672static int qca_disable_soc_logging(struct hci_dev *hdev)
673{
674 struct sk_buff *skb;
675 u8 cmd[2];
676 int err;
677
678 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
679 cmd[1] = 0x00;
680 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
681 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
682 if (IS_ERR(skb)) {
683 err = PTR_ERR(skb);
684 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
685 return err;
686 }
687
688 kfree_skb(skb);
689
690 return 0;
691}
692
693int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
694{
695 struct sk_buff *skb;
696 u8 cmd[9];
697 int err;
698
699 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
700 cmd[1] = 0x02; /* TAG ID */
701 cmd[2] = sizeof(bdaddr_t); /* size */
702 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
703 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
704 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
705 if (IS_ERR(skb)) {
706 err = PTR_ERR(skb);
707 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
708 return err;
709 }
710
711 kfree_skb(skb);
712
713 return 0;
714}
715EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
716
717static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config)
718{
719 struct hci_rp_read_bd_addr *bda;
720 struct sk_buff *skb;
721 int err;
722
723 if (bacmp(&hdev->public_addr, BDADDR_ANY))
724 return 0;
725
726 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
727 HCI_INIT_TIMEOUT);
728 if (IS_ERR(skb)) {
729 err = PTR_ERR(skb);
730 bt_dev_err(hdev, "Failed to read device address (%d)", err);
731 return err;
732 }
733
734 if (skb->len != sizeof(*bda)) {
735 bt_dev_err(hdev, "Device address length mismatch");
736 kfree_skb(skb);
737 return -EIO;
738 }
739
740 bda = (struct hci_rp_read_bd_addr *)skb->data;
741 if (!bacmp(&bda->bdaddr, &config->bdaddr))
742 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
743
744 kfree_skb(skb);
745
746 return 0;
747}
748
749static void qca_get_nvm_name_by_board(char *fwname, size_t max_size,
750 const char *stem, enum qca_btsoc_type soc_type,
751 struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
752{
753 const char *variant;
754 const char *prefix;
755
756 /* Set the default value to variant and prefix */
757 variant = "";
758 prefix = "b";
759
760 if (soc_type == QCA_QCA2066)
761 prefix = "";
762
763 if (soc_type == QCA_WCN6855 || soc_type == QCA_QCA2066) {
764 /* If the chip is manufactured by GlobalFoundries */
765 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID)
766 variant = "g";
767 }
768
769 if (rom_ver != 0) {
770 if (bid == 0x0 || bid == 0xffff)
771 snprintf(fwname, max_size, "qca/%s%02x%s.bin", stem, rom_ver, variant);
772 else
773 snprintf(fwname, max_size, "qca/%s%02x%s.%s%02x", stem, rom_ver,
774 variant, prefix, bid);
775 } else {
776 if (bid == 0x0 || bid == 0xffff)
777 snprintf(fwname, max_size, "qca/%s%s.bin", stem, variant);
778 else
779 snprintf(fwname, max_size, "qca/%s%s.%s%02x", stem, variant, prefix, bid);
780 }
781}
782
783int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
784 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
785 const char *firmware_name)
786{
787 struct qca_fw_config config = {};
788 int err;
789 u8 rom_ver = 0;
790 u32 soc_ver;
791 u16 boardid = 0;
792
793 bt_dev_dbg(hdev, "QCA setup on UART");
794
795 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
796
797 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
798
799 config.user_baud_rate = baudrate;
800
801 /* Firmware files to download are based on ROM version.
802 * ROM version is derived from last two bytes of soc_ver.
803 */
804 if (soc_type == QCA_WCN3988)
805 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
806 else
807 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
808
809 if (soc_type == QCA_WCN6750)
810 qca_send_patch_config_cmd(hdev);
811
812 /* Download rampatch file */
813 config.type = TLV_TYPE_PATCH;
814 switch (soc_type) {
815 case QCA_WCN3990:
816 case QCA_WCN3991:
817 case QCA_WCN3998:
818 snprintf(config.fwname, sizeof(config.fwname),
819 "qca/crbtfw%02x.tlv", rom_ver);
820 break;
821 case QCA_WCN3988:
822 snprintf(config.fwname, sizeof(config.fwname),
823 "qca/apbtfw%02x.tlv", rom_ver);
824 break;
825 case QCA_QCA2066:
826 snprintf(config.fwname, sizeof(config.fwname),
827 "qca/hpbtfw%02x.tlv", rom_ver);
828 break;
829 case QCA_QCA6390:
830 snprintf(config.fwname, sizeof(config.fwname),
831 "qca/htbtfw%02x.tlv", rom_ver);
832 break;
833 case QCA_WCN6750:
834 /* Choose mbn file by default.If mbn file is not found
835 * then choose tlv file
836 */
837 config.type = ELF_TYPE_PATCH;
838 snprintf(config.fwname, sizeof(config.fwname),
839 "qca/msbtfw%02x.mbn", rom_ver);
840 break;
841 case QCA_WCN6855:
842 snprintf(config.fwname, sizeof(config.fwname),
843 "qca/hpbtfw%02x.tlv", rom_ver);
844 break;
845 case QCA_WCN7850:
846 snprintf(config.fwname, sizeof(config.fwname),
847 "qca/hmtbtfw%02x.tlv", rom_ver);
848 break;
849 default:
850 snprintf(config.fwname, sizeof(config.fwname),
851 "qca/rampatch_%08x.bin", soc_ver);
852 }
853
854 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
855 if (err < 0) {
856 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
857 return err;
858 }
859
860 /* Give the controller some time to get ready to receive the NVM */
861 msleep(10);
862
863 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850)
864 qca_read_fw_board_id(hdev, &boardid);
865
866 /* Download NVM configuration */
867 config.type = TLV_TYPE_NVM;
868 if (firmware_name) {
869 /* The firmware name has an extension, use it directly */
870 if (qca_filename_has_extension(firmware_name)) {
871 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", firmware_name);
872 } else {
873 qca_read_fw_board_id(hdev, &boardid);
874 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
875 firmware_name, soc_type, ver, 0, boardid);
876 }
877 } else {
878 switch (soc_type) {
879 case QCA_WCN3990:
880 case QCA_WCN3991:
881 case QCA_WCN3998:
882 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
883 snprintf(config.fwname, sizeof(config.fwname),
884 "qca/crnv%02xu.bin", rom_ver);
885 } else {
886 snprintf(config.fwname, sizeof(config.fwname),
887 "qca/crnv%02x.bin", rom_ver);
888 }
889 break;
890 case QCA_WCN3988:
891 snprintf(config.fwname, sizeof(config.fwname),
892 "qca/apnv%02x.bin", rom_ver);
893 break;
894 case QCA_QCA2066:
895 qca_get_nvm_name_by_board(config.fwname,
896 sizeof(config.fwname), "hpnv", soc_type, ver,
897 rom_ver, boardid);
898 break;
899 case QCA_QCA6390:
900 snprintf(config.fwname, sizeof(config.fwname),
901 "qca/htnv%02x.bin", rom_ver);
902 break;
903 case QCA_WCN6750:
904 snprintf(config.fwname, sizeof(config.fwname),
905 "qca/msnv%02x.bin", rom_ver);
906 break;
907 case QCA_WCN6855:
908 qca_read_fw_board_id(hdev, &boardid);
909 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
910 "hpnv", soc_type, ver, rom_ver, boardid);
911 break;
912 case QCA_WCN7850:
913 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
914 "hmtnv", soc_type, ver, rom_ver, boardid);
915 break;
916 default:
917 snprintf(config.fwname, sizeof(config.fwname),
918 "qca/nvm_%08x.bin", soc_ver);
919 }
920 }
921
922 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
923 if (err < 0) {
924 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
925 return err;
926 }
927
928 switch (soc_type) {
929 case QCA_WCN3991:
930 case QCA_QCA2066:
931 case QCA_QCA6390:
932 case QCA_WCN6750:
933 case QCA_WCN6855:
934 case QCA_WCN7850:
935 err = qca_disable_soc_logging(hdev);
936 if (err < 0)
937 return err;
938 break;
939 default:
940 break;
941 }
942
943 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
944 * VsMsftOpCode.
945 */
946 switch (soc_type) {
947 case QCA_WCN3988:
948 case QCA_WCN3990:
949 case QCA_WCN3991:
950 case QCA_WCN3998:
951 case QCA_WCN6750:
952 hci_set_msft_opcode(hdev, 0xFD70);
953 break;
954 default:
955 break;
956 }
957
958 /* Perform HCI reset */
959 err = qca_send_reset(hdev);
960 if (err < 0) {
961 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
962 return err;
963 }
964
965 switch (soc_type) {
966 case QCA_WCN3991:
967 case QCA_WCN6750:
968 case QCA_WCN6855:
969 case QCA_WCN7850:
970 /* get fw build info */
971 err = qca_read_fw_build_info(hdev);
972 if (err < 0)
973 return err;
974 break;
975 default:
976 break;
977 }
978
979 err = qca_check_bdaddr(hdev, &config);
980 if (err)
981 return err;
982
983 bt_dev_info(hdev, "QCA setup on UART is completed");
984
985 return 0;
986}
987EXPORT_SYMBOL_GPL(qca_uart_setup);
988
989int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
990{
991 bdaddr_t bdaddr_swapped;
992 struct sk_buff *skb;
993 int err;
994
995 baswap(&bdaddr_swapped, bdaddr);
996
997 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6,
998 &bdaddr_swapped, HCI_EV_VENDOR,
999 HCI_INIT_TIMEOUT);
1000 if (IS_ERR(skb)) {
1001 err = PTR_ERR(skb);
1002 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
1003 return err;
1004 }
1005
1006 kfree_skb(skb);
1007
1008 return 0;
1009}
1010EXPORT_SYMBOL_GPL(qca_set_bdaddr);
1011
1012
1013MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
1014MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family");
1015MODULE_LICENSE("GPL");