1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7 #include <linux/module.h>
8 #include <linux/firmware.h>
9 #include <linux/vmalloc.h>
10
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13
14 #include "btqca.h"
15
qca_read_soc_version(struct hci_dev * hdev,struct qca_btsoc_version * ver,enum qca_btsoc_type soc_type)16 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
17 enum qca_btsoc_type soc_type)
18 {
19 struct sk_buff *skb;
20 struct edl_event_hdr *edl;
21 char cmd;
22 int err = 0;
23 u8 event_type = HCI_EV_VENDOR;
24 u8 rlen = sizeof(*edl) + sizeof(*ver);
25 u8 rtype = EDL_APP_VER_RES_EVT;
26
27 bt_dev_dbg(hdev, "QCA Version Request");
28
29 /* Unlike other SoC's sending version command response as payload to
30 * VSE event. WCN3991 sends version command response as a payload to
31 * command complete event.
32 */
33 if (soc_type >= QCA_WCN3991) {
34 event_type = 0;
35 rlen += 1;
36 rtype = EDL_PATCH_VER_REQ_CMD;
37 }
38
39 cmd = EDL_PATCH_VER_REQ_CMD;
40 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
41 &cmd, event_type, HCI_INIT_TIMEOUT);
42 if (IS_ERR(skb)) {
43 err = PTR_ERR(skb);
44 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
45 err);
46 return err;
47 }
48
49 if (skb->len != rlen) {
50 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
51 err = -EILSEQ;
52 goto out;
53 }
54
55 edl = (struct edl_event_hdr *)(skb->data);
56
57 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
58 edl->rtype != rtype) {
59 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
60 edl->rtype);
61 err = -EIO;
62 goto out;
63 }
64
65 if (soc_type >= QCA_WCN3991)
66 memcpy(ver, edl->data + 1, sizeof(*ver));
67 else
68 memcpy(ver, &edl->data, sizeof(*ver));
69
70 bt_dev_info(hdev, "QCA Product ID :0x%08x",
71 le32_to_cpu(ver->product_id));
72 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
73 le32_to_cpu(ver->soc_id));
74 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
75 le16_to_cpu(ver->rom_ver));
76 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
77 le16_to_cpu(ver->patch_ver));
78
79 if (ver->soc_id == 0 || ver->rom_ver == 0)
80 err = -EILSEQ;
81
82 out:
83 kfree_skb(skb);
84 if (err)
85 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
86
87 return err;
88 }
89 EXPORT_SYMBOL_GPL(qca_read_soc_version);
90
qca_read_fw_build_info(struct hci_dev * hdev)91 static int qca_read_fw_build_info(struct hci_dev *hdev)
92 {
93 struct sk_buff *skb;
94 struct edl_event_hdr *edl;
95 char *build_label;
96 char cmd;
97 int build_lbl_len, err = 0;
98
99 bt_dev_dbg(hdev, "QCA read fw build info");
100
101 cmd = EDL_GET_BUILD_INFO_CMD;
102 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
103 &cmd, 0, HCI_INIT_TIMEOUT);
104 if (IS_ERR(skb)) {
105 err = PTR_ERR(skb);
106 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
107 err);
108 return err;
109 }
110
111 if (skb->len < sizeof(*edl)) {
112 err = -EILSEQ;
113 goto out;
114 }
115
116 edl = (struct edl_event_hdr *)(skb->data);
117
118 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
119 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
120 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
121 edl->rtype);
122 err = -EIO;
123 goto out;
124 }
125
126 if (skb->len < sizeof(*edl) + 1) {
127 err = -EILSEQ;
128 goto out;
129 }
130
131 build_lbl_len = edl->data[0];
132
133 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) {
134 err = -EILSEQ;
135 goto out;
136 }
137
138 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL);
139 if (!build_label) {
140 err = -ENOMEM;
141 goto out;
142 }
143
144 hci_set_fw_info(hdev, "%s", build_label);
145
146 kfree(build_label);
147 out:
148 kfree_skb(skb);
149 return err;
150 }
151
qca_send_patch_config_cmd(struct hci_dev * hdev)152 static int qca_send_patch_config_cmd(struct hci_dev *hdev)
153 {
154 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
155 struct sk_buff *skb;
156 struct edl_event_hdr *edl;
157 int err;
158
159 bt_dev_dbg(hdev, "QCA Patch config");
160
161 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
162 cmd, 0, HCI_INIT_TIMEOUT);
163 if (IS_ERR(skb)) {
164 err = PTR_ERR(skb);
165 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
166 return err;
167 }
168
169 if (skb->len != 2) {
170 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
171 err = -EILSEQ;
172 goto out;
173 }
174
175 edl = (struct edl_event_hdr *)(skb->data);
176
177 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
178 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
179 edl->rtype);
180 err = -EIO;
181 goto out;
182 }
183
184 err = 0;
185
186 out:
187 kfree_skb(skb);
188 return err;
189 }
190
qca_send_reset(struct hci_dev * hdev)191 static int qca_send_reset(struct hci_dev *hdev)
192 {
193 struct sk_buff *skb;
194 int err;
195
196 bt_dev_dbg(hdev, "QCA HCI_RESET");
197
198 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
199 if (IS_ERR(skb)) {
200 err = PTR_ERR(skb);
201 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
202 return err;
203 }
204
205 kfree_skb(skb);
206
207 return 0;
208 }
209
qca_read_fw_board_id(struct hci_dev * hdev,u16 * bid)210 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid)
211 {
212 u8 cmd;
213 struct sk_buff *skb;
214 struct edl_event_hdr *edl;
215 int err = 0;
216
217 cmd = EDL_GET_BID_REQ_CMD;
218 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
219 &cmd, 0, HCI_INIT_TIMEOUT);
220 if (IS_ERR(skb)) {
221 err = PTR_ERR(skb);
222 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err);
223 return err;
224 }
225
226 edl = skb_pull_data(skb, sizeof(*edl));
227 if (!edl) {
228 bt_dev_err(hdev, "QCA read board ID with no header");
229 err = -EILSEQ;
230 goto out;
231 }
232
233 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
234 edl->rtype != EDL_GET_BID_REQ_CMD) {
235 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype);
236 err = -EIO;
237 goto out;
238 }
239
240 if (skb->len < 3) {
241 err = -EILSEQ;
242 goto out;
243 }
244
245 *bid = (edl->data[1] << 8) + edl->data[2];
246 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid);
247
248 out:
249 kfree_skb(skb);
250 return err;
251 }
252
qca_send_pre_shutdown_cmd(struct hci_dev * hdev)253 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
254 {
255 struct sk_buff *skb;
256 int err;
257
258 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
259
260 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
261 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
262
263 if (IS_ERR(skb)) {
264 err = PTR_ERR(skb);
265 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
266 return err;
267 }
268
269 kfree_skb(skb);
270
271 return 0;
272 }
273 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
274
qca_tlv_check_data(struct hci_dev * hdev,struct qca_fw_config * config,u8 * fw_data,size_t fw_size,enum qca_btsoc_type soc_type)275 static int qca_tlv_check_data(struct hci_dev *hdev,
276 struct qca_fw_config *config,
277 u8 *fw_data, size_t fw_size,
278 enum qca_btsoc_type soc_type)
279 {
280 const u8 *data;
281 u32 type_len;
282 u16 tag_id, tag_len;
283 int idx, length;
284 struct tlv_type_hdr *tlv;
285 struct tlv_type_patch *tlv_patch;
286 struct tlv_type_nvm *tlv_nvm;
287 uint8_t nvm_baud_rate = config->user_baud_rate;
288 u8 type;
289
290 config->dnld_mode = QCA_SKIP_EVT_NONE;
291 config->dnld_type = QCA_SKIP_EVT_NONE;
292
293 switch (config->type) {
294 case ELF_TYPE_PATCH:
295 if (fw_size < 7)
296 return -EINVAL;
297
298 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
299 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
300
301 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]);
302 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]);
303 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]);
304 break;
305 case TLV_TYPE_PATCH:
306 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch))
307 return -EINVAL;
308
309 tlv = (struct tlv_type_hdr *)fw_data;
310 type_len = le32_to_cpu(tlv->type_len);
311 tlv_patch = (struct tlv_type_patch *)tlv->data;
312
313 /* For Rome version 1.1 to 3.1, all segment commands
314 * are acked by a vendor specific event (VSE).
315 * For Rome >= 3.2, the download mode field indicates
316 * if VSE is skipped by the controller.
317 * In case VSE is skipped, only the last segment is acked.
318 */
319 config->dnld_mode = tlv_patch->download_mode;
320 config->dnld_type = config->dnld_mode;
321
322 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
323 BT_DBG("Total Length : %d bytes",
324 le32_to_cpu(tlv_patch->total_size));
325 BT_DBG("Patch Data Length : %d bytes",
326 le32_to_cpu(tlv_patch->data_length));
327 BT_DBG("Signing Format Version : 0x%x",
328 tlv_patch->format_version);
329 BT_DBG("Signature Algorithm : 0x%x",
330 tlv_patch->signature);
331 BT_DBG("Download mode : 0x%x",
332 tlv_patch->download_mode);
333 BT_DBG("Reserved : 0x%x",
334 tlv_patch->reserved1);
335 BT_DBG("Product ID : 0x%04x",
336 le16_to_cpu(tlv_patch->product_id));
337 BT_DBG("Rom Build Version : 0x%04x",
338 le16_to_cpu(tlv_patch->rom_build));
339 BT_DBG("Patch Version : 0x%04x",
340 le16_to_cpu(tlv_patch->patch_version));
341 BT_DBG("Reserved : 0x%x",
342 le16_to_cpu(tlv_patch->reserved2));
343 BT_DBG("Patch Entry Address : 0x%x",
344 le32_to_cpu(tlv_patch->entry));
345 break;
346
347 case TLV_TYPE_NVM:
348 if (fw_size < sizeof(struct tlv_type_hdr))
349 return -EINVAL;
350
351 tlv = (struct tlv_type_hdr *)fw_data;
352
353 type_len = le32_to_cpu(tlv->type_len);
354 length = type_len >> 8;
355 type = type_len & 0xff;
356
357 /* Some NVM files have more than one set of tags, only parse
358 * the first set when it has type 2 for now. When there is
359 * more than one set there is an enclosing header of type 4.
360 */
361 if (type == 4) {
362 if (fw_size < 2 * sizeof(struct tlv_type_hdr))
363 return -EINVAL;
364
365 tlv++;
366
367 type_len = le32_to_cpu(tlv->type_len);
368 length = type_len >> 8;
369 type = type_len & 0xff;
370 }
371
372 BT_DBG("TLV Type\t\t : 0x%x", type);
373 BT_DBG("Length\t\t : %d bytes", length);
374
375 if (type != 2)
376 break;
377
378 if (fw_size < length + (tlv->data - fw_data))
379 return -EINVAL;
380
381 idx = 0;
382 data = tlv->data;
383 while (idx < length - sizeof(struct tlv_type_nvm)) {
384 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
385
386 tag_id = le16_to_cpu(tlv_nvm->tag_id);
387 tag_len = le16_to_cpu(tlv_nvm->tag_len);
388
389 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len)
390 return -EINVAL;
391
392 /* Update NVM tags as needed */
393 switch (tag_id) {
394 case EDL_TAG_ID_BD_ADDR:
395 if (tag_len != sizeof(bdaddr_t))
396 return -EINVAL;
397
398 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t));
399
400 break;
401
402 case EDL_TAG_ID_HCI:
403 if (tag_len < 3)
404 return -EINVAL;
405
406 /* HCI transport layer parameters
407 * enabling software inband sleep
408 * onto controller side.
409 */
410 tlv_nvm->data[0] |= 0x80;
411
412 /* UART Baud Rate */
413 if (soc_type >= QCA_WCN3991)
414 tlv_nvm->data[1] = nvm_baud_rate;
415 else
416 tlv_nvm->data[2] = nvm_baud_rate;
417
418 break;
419
420 case EDL_TAG_ID_DEEP_SLEEP:
421 if (tag_len < 1)
422 return -EINVAL;
423
424 /* Sleep enable mask
425 * enabling deep sleep feature on controller.
426 */
427 tlv_nvm->data[0] |= 0x01;
428
429 break;
430 }
431
432 idx += sizeof(struct tlv_type_nvm) + tag_len;
433 }
434 break;
435
436 default:
437 BT_ERR("Unknown TLV type %d", config->type);
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
qca_tlv_send_segment(struct hci_dev * hdev,int seg_size,const u8 * data,enum qca_tlv_dnld_mode mode,enum qca_btsoc_type soc_type)444 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
445 const u8 *data, enum qca_tlv_dnld_mode mode,
446 enum qca_btsoc_type soc_type)
447 {
448 struct sk_buff *skb;
449 struct edl_event_hdr *edl;
450 struct tlv_seg_resp *tlv_resp;
451 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
452 int err = 0;
453 u8 event_type = HCI_EV_VENDOR;
454 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
455 u8 rtype = EDL_TVL_DNLD_RES_EVT;
456
457 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
458 cmd[1] = seg_size;
459 memcpy(cmd + 2, data, seg_size);
460
461 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
462 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
463 cmd);
464
465 /* Unlike other SoC's sending version command response as payload to
466 * VSE event. WCN3991 sends version command response as a payload to
467 * command complete event.
468 */
469 if (soc_type >= QCA_WCN3991) {
470 event_type = 0;
471 rlen = sizeof(*edl);
472 rtype = EDL_PATCH_TLV_REQ_CMD;
473 }
474
475 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
476 event_type, HCI_INIT_TIMEOUT);
477 if (IS_ERR(skb)) {
478 err = PTR_ERR(skb);
479 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
480 return err;
481 }
482
483 if (skb->len != rlen) {
484 bt_dev_err(hdev, "QCA TLV response size mismatch");
485 err = -EILSEQ;
486 goto out;
487 }
488
489 edl = (struct edl_event_hdr *)(skb->data);
490
491 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
492 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
493 edl->cresp, edl->rtype);
494 err = -EIO;
495 }
496
497 if (soc_type >= QCA_WCN3991)
498 goto out;
499
500 tlv_resp = (struct tlv_seg_resp *)(edl->data);
501 if (tlv_resp->result) {
502 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
503 edl->cresp, edl->rtype, tlv_resp->result);
504 }
505
506 out:
507 kfree_skb(skb);
508
509 return err;
510 }
511
qca_inject_cmd_complete_event(struct hci_dev * hdev)512 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
513 {
514 struct hci_event_hdr *hdr;
515 struct hci_ev_cmd_complete *evt;
516 struct sk_buff *skb;
517
518 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
519 if (!skb)
520 return -ENOMEM;
521
522 hdr = skb_put(skb, sizeof(*hdr));
523 hdr->evt = HCI_EV_CMD_COMPLETE;
524 hdr->plen = sizeof(*evt) + 1;
525
526 evt = skb_put(skb, sizeof(*evt));
527 evt->ncmd = 1;
528 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
529
530 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
531
532 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
533
534 return hci_recv_frame(hdev, skb);
535 }
536
qca_download_firmware(struct hci_dev * hdev,struct qca_fw_config * config,enum qca_btsoc_type soc_type,u8 rom_ver)537 static int qca_download_firmware(struct hci_dev *hdev,
538 struct qca_fw_config *config,
539 enum qca_btsoc_type soc_type,
540 u8 rom_ver)
541 {
542 const struct firmware *fw;
543 u8 *data;
544 const u8 *segment;
545 int ret, size, remain, i = 0;
546
547 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
548
549 ret = request_firmware(&fw, config->fwname, &hdev->dev);
550 if (ret) {
551 /* For WCN6750, if mbn file is not present then check for
552 * tlv file.
553 */
554 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
555 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
556 config->fwname, ret);
557 config->type = TLV_TYPE_PATCH;
558 snprintf(config->fwname, sizeof(config->fwname),
559 "qca/msbtfw%02x.tlv", rom_ver);
560 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
561 ret = request_firmware(&fw, config->fwname, &hdev->dev);
562 if (ret) {
563 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
564 config->fwname, ret);
565 return ret;
566 }
567 } else {
568 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
569 config->fwname, ret);
570 return ret;
571 }
572 }
573
574 size = fw->size;
575 data = vmalloc(fw->size);
576 if (!data) {
577 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
578 config->fwname);
579 release_firmware(fw);
580 return -ENOMEM;
581 }
582
583 memcpy(data, fw->data, size);
584 release_firmware(fw);
585
586 ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
587 if (ret)
588 goto out;
589
590 segment = data;
591 remain = size;
592 while (remain > 0) {
593 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
594
595 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
596
597 remain -= segsize;
598 /* The last segment is always acked regardless download mode */
599 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
600 config->dnld_mode = QCA_SKIP_EVT_NONE;
601
602 ret = qca_tlv_send_segment(hdev, segsize, segment,
603 config->dnld_mode, soc_type);
604 if (ret)
605 goto out;
606
607 segment += segsize;
608 }
609
610 /* Latest qualcomm chipsets are not sending a command complete event
611 * for every fw packet sent. They only respond with a vendor specific
612 * event for the last packet. This optimization in the chip will
613 * decrease the BT in initialization time. Here we will inject a command
614 * complete event to avoid a command timeout error message.
615 */
616 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
617 config->dnld_type == QCA_SKIP_EVT_VSE)
618 ret = qca_inject_cmd_complete_event(hdev);
619
620 out:
621 vfree(data);
622
623 return ret;
624 }
625
qca_disable_soc_logging(struct hci_dev * hdev)626 static int qca_disable_soc_logging(struct hci_dev *hdev)
627 {
628 struct sk_buff *skb;
629 u8 cmd[2];
630 int err;
631
632 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
633 cmd[1] = 0x00;
634 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
635 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
636 if (IS_ERR(skb)) {
637 err = PTR_ERR(skb);
638 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
639 return err;
640 }
641
642 kfree_skb(skb);
643
644 return 0;
645 }
646
qca_set_bdaddr_rome(struct hci_dev * hdev,const bdaddr_t * bdaddr)647 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
648 {
649 struct sk_buff *skb;
650 u8 cmd[9];
651 int err;
652
653 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
654 cmd[1] = 0x02; /* TAG ID */
655 cmd[2] = sizeof(bdaddr_t); /* size */
656 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
657 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
658 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
659 if (IS_ERR(skb)) {
660 err = PTR_ERR(skb);
661 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
662 return err;
663 }
664
665 kfree_skb(skb);
666
667 return 0;
668 }
669 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
670
qca_check_bdaddr(struct hci_dev * hdev,const struct qca_fw_config * config)671 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config)
672 {
673 struct hci_rp_read_bd_addr *bda;
674 struct sk_buff *skb;
675 int err;
676
677 if (bacmp(&hdev->public_addr, BDADDR_ANY))
678 return 0;
679
680 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
681 HCI_INIT_TIMEOUT);
682 if (IS_ERR(skb)) {
683 err = PTR_ERR(skb);
684 bt_dev_err(hdev, "Failed to read device address (%d)", err);
685 return err;
686 }
687
688 if (skb->len != sizeof(*bda)) {
689 bt_dev_err(hdev, "Device address length mismatch");
690 kfree_skb(skb);
691 return -EIO;
692 }
693
694 bda = (struct hci_rp_read_bd_addr *)skb->data;
695 if (!bacmp(&bda->bdaddr, &config->bdaddr))
696 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
697
698 kfree_skb(skb);
699
700 return 0;
701 }
702
qca_generate_hsp_nvm_name(char * fwname,size_t max_size,struct qca_btsoc_version ver,u8 rom_ver,u16 bid)703 static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size,
704 struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
705 {
706 const char *variant;
707
708 /* hsp gf chip */
709 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID)
710 variant = "g";
711 else
712 variant = "";
713
714 if (bid == 0x0)
715 snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant);
716 else
717 snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid);
718 }
719
qca_get_nvm_name_generic(struct qca_fw_config * cfg,const char * stem,u8 rom_ver,u16 bid)720 static inline void qca_get_nvm_name_generic(struct qca_fw_config *cfg,
721 const char *stem, u8 rom_ver, u16 bid)
722 {
723 if (bid == 0x0)
724 snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/%snv%02x.bin", stem, rom_ver);
725 else if (bid & 0xff00)
726 snprintf(cfg->fwname, sizeof(cfg->fwname),
727 "qca/%snv%02x.b%x", stem, rom_ver, bid);
728 else
729 snprintf(cfg->fwname, sizeof(cfg->fwname),
730 "qca/%snv%02x.b%02x", stem, rom_ver, bid);
731 }
732
qca_uart_setup(struct hci_dev * hdev,uint8_t baudrate,enum qca_btsoc_type soc_type,struct qca_btsoc_version ver,const char * firmware_name)733 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
734 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
735 const char *firmware_name)
736 {
737 struct qca_fw_config config = {};
738 int err;
739 u8 rom_ver = 0;
740 u32 soc_ver;
741 u16 boardid = 0;
742
743 bt_dev_dbg(hdev, "QCA setup on UART");
744
745 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
746
747 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
748
749 config.user_baud_rate = baudrate;
750
751 /* Firmware files to download are based on ROM version.
752 * ROM version is derived from last two bytes of soc_ver.
753 */
754 if (soc_type == QCA_WCN3988)
755 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
756 else
757 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
758
759 if (soc_type == QCA_WCN6750)
760 qca_send_patch_config_cmd(hdev);
761
762 /* Download rampatch file */
763 config.type = TLV_TYPE_PATCH;
764 switch (soc_type) {
765 case QCA_WCN3990:
766 case QCA_WCN3991:
767 case QCA_WCN3998:
768 snprintf(config.fwname, sizeof(config.fwname),
769 "qca/crbtfw%02x.tlv", rom_ver);
770 break;
771 case QCA_WCN3988:
772 snprintf(config.fwname, sizeof(config.fwname),
773 "qca/apbtfw%02x.tlv", rom_ver);
774 break;
775 case QCA_QCA2066:
776 snprintf(config.fwname, sizeof(config.fwname),
777 "qca/hpbtfw%02x.tlv", rom_ver);
778 break;
779 case QCA_QCA6390:
780 snprintf(config.fwname, sizeof(config.fwname),
781 "qca/htbtfw%02x.tlv", rom_ver);
782 break;
783 case QCA_WCN6750:
784 /* Choose mbn file by default.If mbn file is not found
785 * then choose tlv file
786 */
787 config.type = ELF_TYPE_PATCH;
788 snprintf(config.fwname, sizeof(config.fwname),
789 "qca/msbtfw%02x.mbn", rom_ver);
790 break;
791 case QCA_WCN6855:
792 snprintf(config.fwname, sizeof(config.fwname),
793 "qca/hpbtfw%02x.tlv", rom_ver);
794 break;
795 case QCA_WCN7850:
796 snprintf(config.fwname, sizeof(config.fwname),
797 "qca/hmtbtfw%02x.tlv", rom_ver);
798 break;
799 default:
800 snprintf(config.fwname, sizeof(config.fwname),
801 "qca/rampatch_%08x.bin", soc_ver);
802 }
803
804 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
805 if (err < 0) {
806 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
807 return err;
808 }
809
810 /* Give the controller some time to get ready to receive the NVM */
811 msleep(10);
812
813 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850)
814 qca_read_fw_board_id(hdev, &boardid);
815
816 /* Download NVM configuration */
817 config.type = TLV_TYPE_NVM;
818 if (firmware_name) {
819 snprintf(config.fwname, sizeof(config.fwname),
820 "qca/%s", firmware_name);
821 } else {
822 switch (soc_type) {
823 case QCA_WCN3990:
824 case QCA_WCN3991:
825 case QCA_WCN3998:
826 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
827 snprintf(config.fwname, sizeof(config.fwname),
828 "qca/crnv%02xu.bin", rom_ver);
829 } else {
830 snprintf(config.fwname, sizeof(config.fwname),
831 "qca/crnv%02x.bin", rom_ver);
832 }
833 break;
834 case QCA_WCN3988:
835 snprintf(config.fwname, sizeof(config.fwname),
836 "qca/apnv%02x.bin", rom_ver);
837 break;
838 case QCA_QCA2066:
839 qca_generate_hsp_nvm_name(config.fwname,
840 sizeof(config.fwname), ver, rom_ver, boardid);
841 break;
842 case QCA_QCA6390:
843 snprintf(config.fwname, sizeof(config.fwname),
844 "qca/htnv%02x.bin", rom_ver);
845 break;
846 case QCA_WCN6750:
847 snprintf(config.fwname, sizeof(config.fwname),
848 "qca/msnv%02x.bin", rom_ver);
849 break;
850 case QCA_WCN6855:
851 snprintf(config.fwname, sizeof(config.fwname),
852 "qca/hpnv%02x.bin", rom_ver);
853 break;
854 case QCA_WCN7850:
855 qca_get_nvm_name_generic(&config, "hmt", rom_ver, boardid);
856 break;
857
858 default:
859 snprintf(config.fwname, sizeof(config.fwname),
860 "qca/nvm_%08x.bin", soc_ver);
861 }
862 }
863
864 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
865 if (err < 0) {
866 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
867 return err;
868 }
869
870 switch (soc_type) {
871 case QCA_WCN3991:
872 case QCA_QCA2066:
873 case QCA_QCA6390:
874 case QCA_WCN6750:
875 case QCA_WCN6855:
876 case QCA_WCN7850:
877 err = qca_disable_soc_logging(hdev);
878 if (err < 0)
879 return err;
880 break;
881 default:
882 break;
883 }
884
885 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
886 * VsMsftOpCode.
887 */
888 switch (soc_type) {
889 case QCA_WCN3988:
890 case QCA_WCN3990:
891 case QCA_WCN3991:
892 case QCA_WCN3998:
893 case QCA_WCN6750:
894 hci_set_msft_opcode(hdev, 0xFD70);
895 break;
896 default:
897 break;
898 }
899
900 /* Perform HCI reset */
901 err = qca_send_reset(hdev);
902 if (err < 0) {
903 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
904 return err;
905 }
906
907 switch (soc_type) {
908 case QCA_WCN3991:
909 case QCA_WCN6750:
910 case QCA_WCN6855:
911 case QCA_WCN7850:
912 /* get fw build info */
913 err = qca_read_fw_build_info(hdev);
914 if (err < 0)
915 return err;
916 break;
917 default:
918 break;
919 }
920
921 err = qca_check_bdaddr(hdev, &config);
922 if (err)
923 return err;
924
925 bt_dev_info(hdev, "QCA setup on UART is completed");
926
927 return 0;
928 }
929 EXPORT_SYMBOL_GPL(qca_uart_setup);
930
qca_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)931 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
932 {
933 bdaddr_t bdaddr_swapped;
934 struct sk_buff *skb;
935 int err;
936
937 baswap(&bdaddr_swapped, bdaddr);
938
939 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6,
940 &bdaddr_swapped, HCI_EV_VENDOR,
941 HCI_INIT_TIMEOUT);
942 if (IS_ERR(skb)) {
943 err = PTR_ERR(skb);
944 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
945 return err;
946 }
947
948 kfree_skb(skb);
949
950 return 0;
951 }
952 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
953
954
955 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
956 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family");
957 MODULE_LICENSE("GPL");
958