1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 #include <linux/vmalloc.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btqca.h" 15 16 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, 17 enum qca_btsoc_type soc_type) 18 { 19 struct sk_buff *skb; 20 struct edl_event_hdr *edl; 21 char cmd; 22 int err = 0; 23 u8 event_type = HCI_EV_VENDOR; 24 u8 rlen = sizeof(*edl) + sizeof(*ver); 25 u8 rtype = EDL_APP_VER_RES_EVT; 26 27 bt_dev_dbg(hdev, "QCA Version Request"); 28 29 /* Unlike other SoC's sending version command response as payload to 30 * VSE event. WCN3991 sends version command response as a payload to 31 * command complete event. 32 */ 33 if (soc_type >= QCA_WCN3991) { 34 event_type = 0; 35 rlen += 1; 36 rtype = EDL_PATCH_VER_REQ_CMD; 37 } 38 39 cmd = EDL_PATCH_VER_REQ_CMD; 40 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 41 &cmd, event_type, HCI_INIT_TIMEOUT); 42 if (IS_ERR(skb)) { 43 err = PTR_ERR(skb); 44 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 45 err); 46 return err; 47 } 48 49 if (skb->len != rlen) { 50 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 51 err = -EILSEQ; 52 goto out; 53 } 54 55 edl = (struct edl_event_hdr *)(skb->data); 56 57 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 58 edl->rtype != rtype) { 59 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 60 edl->rtype); 61 err = -EIO; 62 goto out; 63 } 64 65 if (soc_type >= QCA_WCN3991) 66 memcpy(ver, edl->data + 1, sizeof(*ver)); 67 else 68 memcpy(ver, &edl->data, sizeof(*ver)); 69 70 bt_dev_info(hdev, "QCA Product ID :0x%08x", 71 le32_to_cpu(ver->product_id)); 72 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 73 le32_to_cpu(ver->soc_id)); 74 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 75 le16_to_cpu(ver->rom_ver)); 76 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 77 le16_to_cpu(ver->patch_ver)); 78 79 if (ver->soc_id == 0 || ver->rom_ver == 0) 80 err = -EILSEQ; 81 82 out: 83 kfree_skb(skb); 84 if (err) 85 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 86 87 return err; 88 } 89 EXPORT_SYMBOL_GPL(qca_read_soc_version); 90 91 static int qca_read_fw_build_info(struct hci_dev *hdev) 92 { 93 struct sk_buff *skb; 94 struct edl_event_hdr *edl; 95 char *build_label; 96 char cmd; 97 int build_lbl_len, err = 0; 98 99 bt_dev_dbg(hdev, "QCA read fw build info"); 100 101 cmd = EDL_GET_BUILD_INFO_CMD; 102 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 103 &cmd, 0, HCI_INIT_TIMEOUT); 104 if (IS_ERR(skb)) { 105 err = PTR_ERR(skb); 106 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)", 107 err); 108 return err; 109 } 110 111 if (skb->len < sizeof(*edl)) { 112 err = -EILSEQ; 113 goto out; 114 } 115 116 edl = (struct edl_event_hdr *)(skb->data); 117 118 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 119 edl->rtype != EDL_GET_BUILD_INFO_CMD) { 120 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 121 edl->rtype); 122 err = -EIO; 123 goto out; 124 } 125 126 if (skb->len < sizeof(*edl) + 1) { 127 err = -EILSEQ; 128 goto out; 129 } 130 131 build_lbl_len = edl->data[0]; 132 133 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { 134 err = -EILSEQ; 135 goto out; 136 } 137 138 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); 139 if (!build_label) { 140 err = -ENOMEM; 141 goto out; 142 } 143 144 hci_set_fw_info(hdev, "%s", build_label); 145 146 kfree(build_label); 147 out: 148 kfree_skb(skb); 149 return err; 150 } 151 152 static int qca_send_patch_config_cmd(struct hci_dev *hdev) 153 { 154 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 }; 155 struct sk_buff *skb; 156 struct edl_event_hdr *edl; 157 int err; 158 159 bt_dev_dbg(hdev, "QCA Patch config"); 160 161 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd), 162 cmd, 0, HCI_INIT_TIMEOUT); 163 if (IS_ERR(skb)) { 164 err = PTR_ERR(skb); 165 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err); 166 return err; 167 } 168 169 if (skb->len != 2) { 170 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len); 171 err = -EILSEQ; 172 goto out; 173 } 174 175 edl = (struct edl_event_hdr *)(skb->data); 176 177 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) { 178 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 179 edl->rtype); 180 err = -EIO; 181 goto out; 182 } 183 184 err = 0; 185 186 out: 187 kfree_skb(skb); 188 return err; 189 } 190 191 static int qca_send_reset(struct hci_dev *hdev) 192 { 193 struct sk_buff *skb; 194 int err; 195 196 bt_dev_dbg(hdev, "QCA HCI_RESET"); 197 198 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 199 if (IS_ERR(skb)) { 200 err = PTR_ERR(skb); 201 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 202 return err; 203 } 204 205 kfree_skb(skb); 206 207 return 0; 208 } 209 210 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 211 { 212 u8 cmd; 213 struct sk_buff *skb; 214 struct edl_event_hdr *edl; 215 int err = 0; 216 217 cmd = EDL_GET_BID_REQ_CMD; 218 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 219 &cmd, 0, HCI_INIT_TIMEOUT); 220 if (IS_ERR(skb)) { 221 err = PTR_ERR(skb); 222 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 223 return err; 224 } 225 226 edl = skb_pull_data(skb, sizeof(*edl)); 227 if (!edl) { 228 bt_dev_err(hdev, "QCA read board ID with no header"); 229 err = -EILSEQ; 230 goto out; 231 } 232 233 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 234 edl->rtype != EDL_GET_BID_REQ_CMD) { 235 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 236 err = -EIO; 237 goto out; 238 } 239 240 if (skb->len < 3) { 241 err = -EILSEQ; 242 goto out; 243 } 244 245 *bid = (edl->data[1] << 8) + edl->data[2]; 246 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 247 248 out: 249 kfree_skb(skb); 250 return err; 251 } 252 253 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 254 { 255 struct sk_buff *skb; 256 int err; 257 258 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 259 260 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 261 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 262 263 if (IS_ERR(skb)) { 264 err = PTR_ERR(skb); 265 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 266 return err; 267 } 268 269 kfree_skb(skb); 270 271 return 0; 272 } 273 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 274 275 static bool qca_filename_has_extension(const char *filename) 276 { 277 const char *suffix = strrchr(filename, '.'); 278 279 /* File extensions require a dot, but not as the first or last character */ 280 if (!suffix || suffix == filename || *(suffix + 1) == '\0') 281 return 0; 282 283 /* Avoid matching directories with names that look like files with extensions */ 284 return !strchr(suffix, '/'); 285 } 286 287 static bool qca_get_alt_nvm_file(char *filename, size_t max_size) 288 { 289 char fwname[64]; 290 const char *suffix; 291 292 /* nvm file name has an extension, replace with .bin */ 293 if (qca_filename_has_extension(filename)) { 294 suffix = strrchr(filename, '.'); 295 strscpy(fwname, filename, suffix - filename + 1); 296 snprintf(fwname + (suffix - filename), 297 sizeof(fwname) - (suffix - filename), ".bin"); 298 /* If nvm file is already the default one, return false to skip the retry. */ 299 if (strcmp(fwname, filename) == 0) 300 return false; 301 302 snprintf(filename, max_size, "%s", fwname); 303 return true; 304 } 305 return false; 306 } 307 308 static int qca_tlv_check_data(struct hci_dev *hdev, 309 struct qca_fw_config *config, 310 u8 *fw_data, size_t fw_size, 311 enum qca_btsoc_type soc_type) 312 { 313 const u8 *data; 314 u32 type_len; 315 u16 tag_id, tag_len; 316 int idx, length; 317 struct tlv_type_hdr *tlv; 318 struct tlv_type_patch *tlv_patch; 319 struct tlv_type_nvm *tlv_nvm; 320 uint8_t nvm_baud_rate = config->user_baud_rate; 321 u8 type; 322 323 config->dnld_mode = QCA_SKIP_EVT_NONE; 324 config->dnld_type = QCA_SKIP_EVT_NONE; 325 326 switch (config->type) { 327 case ELF_TYPE_PATCH: 328 if (fw_size < 7) 329 return -EINVAL; 330 331 config->dnld_mode = QCA_SKIP_EVT_VSE_CC; 332 config->dnld_type = QCA_SKIP_EVT_VSE_CC; 333 334 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]); 335 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]); 336 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); 337 break; 338 case TLV_TYPE_PATCH: 339 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) 340 return -EINVAL; 341 342 tlv = (struct tlv_type_hdr *)fw_data; 343 type_len = le32_to_cpu(tlv->type_len); 344 tlv_patch = (struct tlv_type_patch *)tlv->data; 345 346 /* For Rome version 1.1 to 3.1, all segment commands 347 * are acked by a vendor specific event (VSE). 348 * For Rome >= 3.2, the download mode field indicates 349 * if VSE is skipped by the controller. 350 * In case VSE is skipped, only the last segment is acked. 351 */ 352 config->dnld_mode = tlv_patch->download_mode; 353 config->dnld_type = config->dnld_mode; 354 355 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 356 BT_DBG("Total Length : %d bytes", 357 le32_to_cpu(tlv_patch->total_size)); 358 BT_DBG("Patch Data Length : %d bytes", 359 le32_to_cpu(tlv_patch->data_length)); 360 BT_DBG("Signing Format Version : 0x%x", 361 tlv_patch->format_version); 362 BT_DBG("Signature Algorithm : 0x%x", 363 tlv_patch->signature); 364 BT_DBG("Download mode : 0x%x", 365 tlv_patch->download_mode); 366 BT_DBG("Reserved : 0x%x", 367 tlv_patch->reserved1); 368 BT_DBG("Product ID : 0x%04x", 369 le16_to_cpu(tlv_patch->product_id)); 370 BT_DBG("Rom Build Version : 0x%04x", 371 le16_to_cpu(tlv_patch->rom_build)); 372 BT_DBG("Patch Version : 0x%04x", 373 le16_to_cpu(tlv_patch->patch_version)); 374 BT_DBG("Reserved : 0x%x", 375 le16_to_cpu(tlv_patch->reserved2)); 376 BT_DBG("Patch Entry Address : 0x%x", 377 le32_to_cpu(tlv_patch->entry)); 378 break; 379 380 case TLV_TYPE_NVM: 381 if (fw_size < sizeof(struct tlv_type_hdr)) 382 return -EINVAL; 383 384 tlv = (struct tlv_type_hdr *)fw_data; 385 386 type_len = le32_to_cpu(tlv->type_len); 387 length = type_len >> 8; 388 type = type_len & 0xff; 389 390 /* Some NVM files have more than one set of tags, only parse 391 * the first set when it has type 2 for now. When there is 392 * more than one set there is an enclosing header of type 4. 393 */ 394 if (type == 4) { 395 if (fw_size < 2 * sizeof(struct tlv_type_hdr)) 396 return -EINVAL; 397 398 tlv++; 399 400 type_len = le32_to_cpu(tlv->type_len); 401 length = type_len >> 8; 402 type = type_len & 0xff; 403 } 404 405 BT_DBG("TLV Type\t\t : 0x%x", type); 406 BT_DBG("Length\t\t : %d bytes", length); 407 408 if (type != 2) 409 break; 410 411 if (fw_size < length + (tlv->data - fw_data)) 412 return -EINVAL; 413 414 idx = 0; 415 data = tlv->data; 416 while (idx < length - sizeof(struct tlv_type_nvm)) { 417 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 418 419 tag_id = le16_to_cpu(tlv_nvm->tag_id); 420 tag_len = le16_to_cpu(tlv_nvm->tag_len); 421 422 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) 423 return -EINVAL; 424 425 /* Update NVM tags as needed */ 426 switch (tag_id) { 427 case EDL_TAG_ID_BD_ADDR: 428 if (tag_len != sizeof(bdaddr_t)) 429 return -EINVAL; 430 431 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); 432 433 break; 434 435 case EDL_TAG_ID_HCI: 436 if (tag_len < 3) 437 return -EINVAL; 438 439 /* HCI transport layer parameters 440 * enabling software inband sleep 441 * onto controller side. 442 */ 443 tlv_nvm->data[0] |= 0x80; 444 445 /* UART Baud Rate */ 446 if (soc_type >= QCA_WCN3991) 447 tlv_nvm->data[1] = nvm_baud_rate; 448 else 449 tlv_nvm->data[2] = nvm_baud_rate; 450 451 break; 452 453 case EDL_TAG_ID_DEEP_SLEEP: 454 if (tag_len < 1) 455 return -EINVAL; 456 457 /* Sleep enable mask 458 * enabling deep sleep feature on controller. 459 */ 460 tlv_nvm->data[0] |= 0x01; 461 462 break; 463 } 464 465 idx += sizeof(struct tlv_type_nvm) + tag_len; 466 } 467 break; 468 469 default: 470 BT_ERR("Unknown TLV type %d", config->type); 471 return -EINVAL; 472 } 473 474 return 0; 475 } 476 477 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 478 const u8 *data, enum qca_tlv_dnld_mode mode, 479 enum qca_btsoc_type soc_type) 480 { 481 struct sk_buff *skb; 482 struct edl_event_hdr *edl; 483 struct tlv_seg_resp *tlv_resp; 484 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 485 int err = 0; 486 u8 event_type = HCI_EV_VENDOR; 487 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 488 u8 rtype = EDL_TVL_DNLD_RES_EVT; 489 490 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 491 cmd[1] = seg_size; 492 memcpy(cmd + 2, data, seg_size); 493 494 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 495 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 496 cmd); 497 498 /* Unlike other SoC's sending version command response as payload to 499 * VSE event. WCN3991 sends version command response as a payload to 500 * command complete event. 501 */ 502 if (soc_type >= QCA_WCN3991) { 503 event_type = 0; 504 rlen = sizeof(*edl); 505 rtype = EDL_PATCH_TLV_REQ_CMD; 506 } 507 508 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 509 event_type, HCI_INIT_TIMEOUT); 510 if (IS_ERR(skb)) { 511 err = PTR_ERR(skb); 512 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 513 return err; 514 } 515 516 if (skb->len != rlen) { 517 bt_dev_err(hdev, "QCA TLV response size mismatch"); 518 err = -EILSEQ; 519 goto out; 520 } 521 522 edl = (struct edl_event_hdr *)(skb->data); 523 524 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 525 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 526 edl->cresp, edl->rtype); 527 err = -EIO; 528 } 529 530 if (soc_type >= QCA_WCN3991) 531 goto out; 532 533 tlv_resp = (struct tlv_seg_resp *)(edl->data); 534 if (tlv_resp->result) { 535 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 536 edl->cresp, edl->rtype, tlv_resp->result); 537 } 538 539 out: 540 kfree_skb(skb); 541 542 return err; 543 } 544 545 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 546 { 547 struct hci_event_hdr *hdr; 548 struct hci_ev_cmd_complete *evt; 549 struct sk_buff *skb; 550 551 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 552 if (!skb) 553 return -ENOMEM; 554 555 hdr = skb_put(skb, sizeof(*hdr)); 556 hdr->evt = HCI_EV_CMD_COMPLETE; 557 hdr->plen = sizeof(*evt) + 1; 558 559 evt = skb_put(skb, sizeof(*evt)); 560 evt->ncmd = 1; 561 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 562 563 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 564 565 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 566 567 return hci_recv_frame(hdev, skb); 568 } 569 570 static int qca_download_firmware(struct hci_dev *hdev, 571 struct qca_fw_config *config, 572 enum qca_btsoc_type soc_type, 573 u8 rom_ver) 574 { 575 const struct firmware *fw; 576 u8 *data; 577 const u8 *segment; 578 int ret, size, remain, i = 0; 579 580 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 581 582 ret = request_firmware(&fw, config->fwname, &hdev->dev); 583 if (ret) { 584 /* If the board-specific file is missing, try loading the default 585 * one, unless that was attempted already. 586 */ 587 if (config->type == TLV_TYPE_NVM && 588 qca_get_alt_nvm_file(config->fwname, sizeof(config->fwname))) { 589 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 590 ret = request_firmware(&fw, config->fwname, &hdev->dev); 591 if (ret) { 592 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 593 config->fwname, ret); 594 return ret; 595 } 596 } else { 597 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 598 config->fwname, ret); 599 return ret; 600 } 601 } 602 603 size = fw->size; 604 data = vmalloc(fw->size); 605 if (!data) { 606 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s", 607 config->fwname); 608 release_firmware(fw); 609 return -ENOMEM; 610 } 611 612 memcpy(data, fw->data, size); 613 release_firmware(fw); 614 615 ret = qca_tlv_check_data(hdev, config, data, size, soc_type); 616 if (ret) 617 goto out; 618 619 segment = data; 620 remain = size; 621 while (remain > 0) { 622 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 623 624 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 625 626 remain -= segsize; 627 /* The last segment is always acked regardless download mode */ 628 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 629 config->dnld_mode = QCA_SKIP_EVT_NONE; 630 631 ret = qca_tlv_send_segment(hdev, segsize, segment, 632 config->dnld_mode, soc_type); 633 if (ret) 634 goto out; 635 636 segment += segsize; 637 } 638 639 /* Latest qualcomm chipsets are not sending a command complete event 640 * for every fw packet sent. They only respond with a vendor specific 641 * event for the last packet. This optimization in the chip will 642 * decrease the BT in initialization time. Here we will inject a command 643 * complete event to avoid a command timeout error message. 644 */ 645 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 646 config->dnld_type == QCA_SKIP_EVT_VSE) 647 ret = qca_inject_cmd_complete_event(hdev); 648 649 out: 650 vfree(data); 651 652 return ret; 653 } 654 655 static int qca_disable_soc_logging(struct hci_dev *hdev) 656 { 657 struct sk_buff *skb; 658 u8 cmd[2]; 659 int err; 660 661 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 662 cmd[1] = 0x00; 663 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 664 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 665 if (IS_ERR(skb)) { 666 err = PTR_ERR(skb); 667 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 668 return err; 669 } 670 671 kfree_skb(skb); 672 673 return 0; 674 } 675 676 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 677 { 678 struct sk_buff *skb; 679 u8 cmd[9]; 680 int err; 681 682 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 683 cmd[1] = 0x02; /* TAG ID */ 684 cmd[2] = sizeof(bdaddr_t); /* size */ 685 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 686 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 687 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 688 if (IS_ERR(skb)) { 689 err = PTR_ERR(skb); 690 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 691 return err; 692 } 693 694 kfree_skb(skb); 695 696 return 0; 697 } 698 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 699 700 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) 701 { 702 struct hci_rp_read_bd_addr *bda; 703 struct sk_buff *skb; 704 int err; 705 706 if (bacmp(&hdev->public_addr, BDADDR_ANY)) 707 return 0; 708 709 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 710 HCI_INIT_TIMEOUT); 711 if (IS_ERR(skb)) { 712 err = PTR_ERR(skb); 713 bt_dev_err(hdev, "Failed to read device address (%d)", err); 714 return err; 715 } 716 717 if (skb->len != sizeof(*bda)) { 718 bt_dev_err(hdev, "Device address length mismatch"); 719 kfree_skb(skb); 720 return -EIO; 721 } 722 723 bda = (struct hci_rp_read_bd_addr *)skb->data; 724 if (!bacmp(&bda->bdaddr, &config->bdaddr)) 725 hci_set_quirk(hdev, HCI_QUIRK_USE_BDADDR_PROPERTY); 726 727 kfree_skb(skb); 728 729 return 0; 730 } 731 732 static void qca_get_nvm_name_by_board(char *fwname, size_t max_size, 733 const char *stem, enum qca_btsoc_type soc_type, 734 struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 735 { 736 const char *variant; 737 const char *prefix; 738 739 /* Set the default value to variant and prefix */ 740 variant = ""; 741 prefix = "b"; 742 743 if (soc_type == QCA_QCA2066) 744 prefix = ""; 745 746 if (soc_type == QCA_WCN6855 || soc_type == QCA_QCA2066) { 747 /* If the chip is manufactured by GlobalFoundries */ 748 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 749 variant = "g"; 750 } 751 752 if (rom_ver != 0) { 753 if (bid == 0x0 || bid == 0xffff) 754 snprintf(fwname, max_size, "qca/%s%02x%s.bin", stem, rom_ver, variant); 755 else 756 snprintf(fwname, max_size, "qca/%s%02x%s.%s%02x", stem, rom_ver, 757 variant, prefix, bid); 758 } else { 759 if (bid == 0x0 || bid == 0xffff) 760 snprintf(fwname, max_size, "qca/%s%s.bin", stem, variant); 761 else 762 snprintf(fwname, max_size, "qca/%s%s.%s%02x", stem, variant, prefix, bid); 763 } 764 } 765 766 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 767 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 768 const char *firmware_name, const char *rampatch_name) 769 { 770 struct qca_fw_config config = {}; 771 const char *variant = ""; 772 int err; 773 u8 rom_ver = 0; 774 u32 soc_ver; 775 u16 boardid = 0; 776 777 bt_dev_dbg(hdev, "QCA setup on UART"); 778 779 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver); 780 781 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver); 782 783 config.user_baud_rate = baudrate; 784 785 /* Firmware files to download are based on ROM version. 786 * ROM version is derived from last two bytes of soc_ver. 787 */ 788 if (soc_type == QCA_WCN3988) 789 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f); 790 else 791 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f); 792 793 if (soc_type == QCA_WCN6750) 794 qca_send_patch_config_cmd(hdev); 795 796 /* Download rampatch file */ 797 config.type = TLV_TYPE_PATCH; 798 if (rampatch_name) { 799 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", rampatch_name); 800 } else { 801 switch (soc_type) { 802 case QCA_WCN3950: 803 snprintf(config.fwname, sizeof(config.fwname), 804 "qca/cmbtfw%02x.tlv", rom_ver); 805 break; 806 case QCA_WCN3990: 807 case QCA_WCN3991: 808 case QCA_WCN3998: 809 snprintf(config.fwname, sizeof(config.fwname), 810 "qca/crbtfw%02x.tlv", rom_ver); 811 break; 812 case QCA_WCN3988: 813 snprintf(config.fwname, sizeof(config.fwname), 814 "qca/apbtfw%02x.tlv", rom_ver); 815 break; 816 case QCA_QCA2066: 817 snprintf(config.fwname, sizeof(config.fwname), 818 "qca/hpbtfw%02x.tlv", rom_ver); 819 break; 820 case QCA_QCA6390: 821 snprintf(config.fwname, sizeof(config.fwname), 822 "qca/htbtfw%02x.tlv", rom_ver); 823 break; 824 case QCA_WCN6750: 825 /* Choose mbn file by default.If mbn file is not found 826 * then choose tlv file 827 */ 828 config.type = ELF_TYPE_PATCH; 829 snprintf(config.fwname, sizeof(config.fwname), 830 "qca/msbtfw%02x.mbn", rom_ver); 831 break; 832 case QCA_WCN6855: 833 /* Due to historical reasons, WCN685x chip has been using firmware 834 * without the "wcn" prefix. The mapping between the chip and its 835 * corresponding firmware has now been corrected. 836 */ 837 snprintf(config.fwname, sizeof(config.fwname), 838 "qca/wcnhpbtfw%02x.tlv", rom_ver); 839 break; 840 case QCA_WCN7850: 841 snprintf(config.fwname, sizeof(config.fwname), 842 "qca/hmtbtfw%02x.tlv", rom_ver); 843 break; 844 default: 845 snprintf(config.fwname, sizeof(config.fwname), 846 "qca/rampatch_%08x.bin", soc_ver); 847 } 848 } 849 850 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 851 /* For WCN6750, if mbn file is not present then check for 852 * tlv file. 853 */ 854 if (err < 0 && soc_type == QCA_WCN6750) { 855 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)", 856 config.fwname, err); 857 config.type = TLV_TYPE_PATCH; 858 snprintf(config.fwname, sizeof(config.fwname), 859 "qca/msbtfw%02x.tlv", rom_ver); 860 bt_dev_info(hdev, "QCA Downloading %s", config.fwname); 861 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 862 } else if (err < 0 && !rampatch_name && soc_type == QCA_WCN6855) { 863 snprintf(config.fwname, sizeof(config.fwname), 864 "qca/hpbtfw%02x.tlv", rom_ver); 865 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 866 } 867 868 if (err < 0) { 869 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 870 config.fwname, err); 871 return err; 872 } 873 874 /* Give the controller some time to get ready to receive the NVM */ 875 msleep(10); 876 877 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850) 878 qca_read_fw_board_id(hdev, &boardid); 879 880 /* Download NVM configuration */ 881 config.type = TLV_TYPE_NVM; 882 if (firmware_name) { 883 /* The firmware name has an extension, use it directly */ 884 if (qca_filename_has_extension(firmware_name)) { 885 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", firmware_name); 886 } else { 887 qca_read_fw_board_id(hdev, &boardid); 888 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 889 firmware_name, soc_type, ver, 0, boardid); 890 } 891 } else { 892 switch (soc_type) { 893 case QCA_WCN3950: 894 if (le32_to_cpu(ver.soc_id) == QCA_WCN3950_SOC_ID_T) 895 variant = "t"; 896 else if (le32_to_cpu(ver.soc_id) == QCA_WCN3950_SOC_ID_S) 897 variant = "s"; 898 899 snprintf(config.fwname, sizeof(config.fwname), 900 "qca/cmnv%02x%s.bin", rom_ver, variant); 901 break; 902 case QCA_WCN3990: 903 case QCA_WCN3991: 904 case QCA_WCN3998: 905 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) 906 variant = "u"; 907 908 snprintf(config.fwname, sizeof(config.fwname), 909 "qca/crnv%02x%s.bin", rom_ver, variant); 910 break; 911 case QCA_WCN3988: 912 snprintf(config.fwname, sizeof(config.fwname), 913 "qca/apnv%02x.bin", rom_ver); 914 break; 915 case QCA_QCA2066: 916 qca_get_nvm_name_by_board(config.fwname, 917 sizeof(config.fwname), "hpnv", soc_type, ver, 918 rom_ver, boardid); 919 break; 920 case QCA_QCA6390: 921 snprintf(config.fwname, sizeof(config.fwname), 922 "qca/htnv%02x.bin", rom_ver); 923 break; 924 case QCA_WCN6750: 925 snprintf(config.fwname, sizeof(config.fwname), 926 "qca/msnv%02x.bin", rom_ver); 927 break; 928 case QCA_WCN6855: 929 qca_read_fw_board_id(hdev, &boardid); 930 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 931 "wcnhpnv", soc_type, ver, rom_ver, boardid); 932 break; 933 case QCA_WCN7850: 934 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 935 "hmtnv", soc_type, ver, rom_ver, boardid); 936 break; 937 default: 938 snprintf(config.fwname, sizeof(config.fwname), 939 "qca/nvm_%08x.bin", soc_ver); 940 } 941 } 942 943 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 944 if (err < 0 && !firmware_name && soc_type == QCA_WCN6855) { 945 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 946 "hpnv", soc_type, ver, rom_ver, boardid); 947 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 948 } 949 950 if (err < 0) { 951 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 952 config.fwname, err); 953 return err; 954 } 955 956 switch (soc_type) { 957 case QCA_WCN3991: 958 case QCA_QCA2066: 959 case QCA_QCA6390: 960 case QCA_WCN6750: 961 case QCA_WCN6855: 962 case QCA_WCN7850: 963 err = qca_disable_soc_logging(hdev); 964 if (err < 0) 965 return err; 966 break; 967 default: 968 break; 969 } 970 971 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the 972 * VsMsftOpCode. 973 */ 974 switch (soc_type) { 975 case QCA_WCN3950: 976 case QCA_WCN3988: 977 case QCA_WCN3990: 978 case QCA_WCN3991: 979 case QCA_WCN3998: 980 case QCA_WCN6750: 981 hci_set_msft_opcode(hdev, 0xFD70); 982 break; 983 default: 984 break; 985 } 986 987 /* Perform HCI reset */ 988 err = qca_send_reset(hdev); 989 if (err < 0) { 990 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 991 return err; 992 } 993 994 switch (soc_type) { 995 case QCA_WCN3991: 996 case QCA_WCN6750: 997 case QCA_WCN6855: 998 case QCA_WCN7850: 999 /* get fw build info */ 1000 err = qca_read_fw_build_info(hdev); 1001 if (err < 0) 1002 return err; 1003 break; 1004 default: 1005 break; 1006 } 1007 1008 err = qca_check_bdaddr(hdev, &config); 1009 if (err) 1010 return err; 1011 1012 bt_dev_info(hdev, "QCA setup on UART is completed"); 1013 1014 return 0; 1015 } 1016 EXPORT_SYMBOL_GPL(qca_uart_setup); 1017 1018 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1019 { 1020 bdaddr_t bdaddr_swapped; 1021 struct sk_buff *skb; 1022 int err; 1023 1024 baswap(&bdaddr_swapped, bdaddr); 1025 1026 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, 1027 &bdaddr_swapped, HCI_EV_VENDOR, 1028 HCI_INIT_TIMEOUT); 1029 if (IS_ERR(skb)) { 1030 err = PTR_ERR(skb); 1031 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 1032 return err; 1033 } 1034 1035 kfree_skb(skb); 1036 1037 return 0; 1038 } 1039 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 1040 1041 1042 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 1043 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family"); 1044 MODULE_LICENSE("GPL"); 1045