1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 #include <linux/vmalloc.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btqca.h" 15 16 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, 17 enum qca_btsoc_type soc_type) 18 { 19 struct sk_buff *skb; 20 struct edl_event_hdr *edl; 21 char cmd; 22 int err = 0; 23 u8 event_type = HCI_EV_VENDOR; 24 u8 rlen = sizeof(*edl) + sizeof(*ver); 25 u8 rtype = EDL_APP_VER_RES_EVT; 26 27 bt_dev_dbg(hdev, "QCA Version Request"); 28 29 /* Unlike other SoC's sending version command response as payload to 30 * VSE event. WCN3991 sends version command response as a payload to 31 * command complete event. 32 */ 33 if (soc_type >= QCA_WCN3991) { 34 event_type = 0; 35 rlen += 1; 36 rtype = EDL_PATCH_VER_REQ_CMD; 37 } 38 39 cmd = EDL_PATCH_VER_REQ_CMD; 40 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 41 &cmd, event_type, HCI_INIT_TIMEOUT); 42 if (IS_ERR(skb)) { 43 err = PTR_ERR(skb); 44 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 45 err); 46 return err; 47 } 48 49 if (skb->len != rlen) { 50 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 51 err = -EILSEQ; 52 goto out; 53 } 54 55 edl = (struct edl_event_hdr *)(skb->data); 56 57 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 58 edl->rtype != rtype) { 59 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 60 edl->rtype); 61 err = -EIO; 62 goto out; 63 } 64 65 if (soc_type >= QCA_WCN3991) 66 memcpy(ver, edl->data + 1, sizeof(*ver)); 67 else 68 memcpy(ver, &edl->data, sizeof(*ver)); 69 70 bt_dev_info(hdev, "QCA Product ID :0x%08x", 71 le32_to_cpu(ver->product_id)); 72 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 73 le32_to_cpu(ver->soc_id)); 74 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 75 le16_to_cpu(ver->rom_ver)); 76 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 77 le16_to_cpu(ver->patch_ver)); 78 79 if (ver->soc_id == 0 || ver->rom_ver == 0) 80 err = -EILSEQ; 81 82 out: 83 kfree_skb(skb); 84 if (err) 85 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 86 87 return err; 88 } 89 EXPORT_SYMBOL_GPL(qca_read_soc_version); 90 91 static int qca_read_fw_build_info(struct hci_dev *hdev) 92 { 93 struct sk_buff *skb; 94 struct edl_event_hdr *edl; 95 char *build_label; 96 char cmd; 97 int build_lbl_len, err = 0; 98 99 bt_dev_dbg(hdev, "QCA read fw build info"); 100 101 cmd = EDL_GET_BUILD_INFO_CMD; 102 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 103 &cmd, 0, HCI_INIT_TIMEOUT); 104 if (IS_ERR(skb)) { 105 err = PTR_ERR(skb); 106 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)", 107 err); 108 return err; 109 } 110 111 if (skb->len < sizeof(*edl)) { 112 err = -EILSEQ; 113 goto out; 114 } 115 116 edl = (struct edl_event_hdr *)(skb->data); 117 118 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 119 edl->rtype != EDL_GET_BUILD_INFO_CMD) { 120 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 121 edl->rtype); 122 err = -EIO; 123 goto out; 124 } 125 126 if (skb->len < sizeof(*edl) + 1) { 127 err = -EILSEQ; 128 goto out; 129 } 130 131 build_lbl_len = edl->data[0]; 132 133 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { 134 err = -EILSEQ; 135 goto out; 136 } 137 138 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); 139 if (!build_label) { 140 err = -ENOMEM; 141 goto out; 142 } 143 144 hci_set_fw_info(hdev, "%s", build_label); 145 146 bt_dev_info(hdev, "QCA FW build version: %s", build_label); 147 148 kfree(build_label); 149 out: 150 kfree_skb(skb); 151 return err; 152 } 153 154 static int qca_send_patch_config_cmd(struct hci_dev *hdev) 155 { 156 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 }; 157 struct sk_buff *skb; 158 struct edl_event_hdr *edl; 159 int err; 160 161 bt_dev_dbg(hdev, "QCA Patch config"); 162 163 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd), 164 cmd, 0, HCI_INIT_TIMEOUT); 165 if (IS_ERR(skb)) { 166 err = PTR_ERR(skb); 167 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err); 168 return err; 169 } 170 171 if (skb->len != 2) { 172 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len); 173 err = -EILSEQ; 174 goto out; 175 } 176 177 edl = (struct edl_event_hdr *)(skb->data); 178 179 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) { 180 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 181 edl->rtype); 182 err = -EIO; 183 goto out; 184 } 185 186 err = 0; 187 188 out: 189 kfree_skb(skb); 190 return err; 191 } 192 193 static int qca_send_reset(struct hci_dev *hdev) 194 { 195 struct sk_buff *skb; 196 int err; 197 198 bt_dev_dbg(hdev, "QCA HCI_RESET"); 199 200 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 201 if (IS_ERR(skb)) { 202 err = PTR_ERR(skb); 203 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 204 return err; 205 } 206 207 kfree_skb(skb); 208 209 return 0; 210 } 211 212 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 213 { 214 u8 cmd; 215 struct sk_buff *skb; 216 struct edl_event_hdr *edl; 217 int err = 0; 218 219 cmd = EDL_GET_BID_REQ_CMD; 220 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 221 &cmd, 0, HCI_INIT_TIMEOUT); 222 if (IS_ERR(skb)) { 223 err = PTR_ERR(skb); 224 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 225 return err; 226 } 227 228 edl = skb_pull_data(skb, sizeof(*edl)); 229 if (!edl) { 230 bt_dev_err(hdev, "QCA read board ID with no header"); 231 err = -EILSEQ; 232 goto out; 233 } 234 235 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 236 edl->rtype != EDL_GET_BID_REQ_CMD) { 237 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 238 err = -EIO; 239 goto out; 240 } 241 242 if (skb->len < 3) { 243 err = -EILSEQ; 244 goto out; 245 } 246 247 *bid = (edl->data[1] << 8) + edl->data[2]; 248 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 249 250 out: 251 kfree_skb(skb); 252 return err; 253 } 254 255 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 256 { 257 struct sk_buff *skb; 258 int err; 259 260 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 261 262 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 263 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 264 265 if (IS_ERR(skb)) { 266 err = PTR_ERR(skb); 267 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 268 return err; 269 } 270 271 kfree_skb(skb); 272 273 return 0; 274 } 275 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 276 277 static bool qca_filename_has_extension(const char *filename) 278 { 279 const char *suffix = strrchr(filename, '.'); 280 281 /* File extensions require a dot, but not as the first or last character */ 282 if (!suffix || suffix == filename || *(suffix + 1) == '\0') 283 return 0; 284 285 /* Avoid matching directories with names that look like files with extensions */ 286 return !strchr(suffix, '/'); 287 } 288 289 static bool qca_get_alt_nvm_file(char *filename, size_t max_size) 290 { 291 char fwname[64]; 292 const char *suffix; 293 294 /* nvm file name has an extension, replace with .bin */ 295 if (qca_filename_has_extension(filename)) { 296 suffix = strrchr(filename, '.'); 297 strscpy(fwname, filename, suffix - filename + 1); 298 snprintf(fwname + (suffix - filename), 299 sizeof(fwname) - (suffix - filename), ".bin"); 300 /* If nvm file is already the default one, return false to skip the retry. */ 301 if (strcmp(fwname, filename) == 0) 302 return false; 303 304 snprintf(filename, max_size, "%s", fwname); 305 return true; 306 } 307 return false; 308 } 309 310 static int qca_tlv_check_data(struct hci_dev *hdev, 311 struct qca_fw_config *config, 312 u8 *fw_data, size_t fw_size, 313 enum qca_btsoc_type soc_type) 314 { 315 const u8 *data; 316 u32 type_len; 317 u16 tag_id, tag_len; 318 int idx, length; 319 struct tlv_type_hdr *tlv; 320 struct tlv_type_patch *tlv_patch; 321 struct tlv_type_nvm *tlv_nvm; 322 uint8_t nvm_baud_rate = config->user_baud_rate; 323 u8 type; 324 325 config->dnld_mode = QCA_SKIP_EVT_NONE; 326 config->dnld_type = QCA_SKIP_EVT_NONE; 327 328 switch (config->type) { 329 case ELF_TYPE_PATCH: 330 if (fw_size < 7) 331 return -EINVAL; 332 333 config->dnld_mode = QCA_SKIP_EVT_VSE_CC; 334 config->dnld_type = QCA_SKIP_EVT_VSE_CC; 335 336 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]); 337 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]); 338 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); 339 break; 340 case TLV_TYPE_PATCH: 341 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) 342 return -EINVAL; 343 344 tlv = (struct tlv_type_hdr *)fw_data; 345 type_len = le32_to_cpu(tlv->type_len); 346 tlv_patch = (struct tlv_type_patch *)tlv->data; 347 348 /* For Rome version 1.1 to 3.1, all segment commands 349 * are acked by a vendor specific event (VSE). 350 * For Rome >= 3.2, the download mode field indicates 351 * if VSE is skipped by the controller. 352 * In case VSE is skipped, only the last segment is acked. 353 */ 354 config->dnld_mode = tlv_patch->download_mode; 355 config->dnld_type = config->dnld_mode; 356 357 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 358 BT_DBG("Total Length : %d bytes", 359 le32_to_cpu(tlv_patch->total_size)); 360 BT_DBG("Patch Data Length : %d bytes", 361 le32_to_cpu(tlv_patch->data_length)); 362 BT_DBG("Signing Format Version : 0x%x", 363 tlv_patch->format_version); 364 BT_DBG("Signature Algorithm : 0x%x", 365 tlv_patch->signature); 366 BT_DBG("Download mode : 0x%x", 367 tlv_patch->download_mode); 368 BT_DBG("Reserved : 0x%x", 369 tlv_patch->reserved1); 370 BT_DBG("Product ID : 0x%04x", 371 le16_to_cpu(tlv_patch->product_id)); 372 BT_DBG("Rom Build Version : 0x%04x", 373 le16_to_cpu(tlv_patch->rom_build)); 374 BT_DBG("Patch Version : 0x%04x", 375 le16_to_cpu(tlv_patch->patch_version)); 376 BT_DBG("Reserved : 0x%x", 377 le16_to_cpu(tlv_patch->reserved2)); 378 BT_DBG("Patch Entry Address : 0x%x", 379 le32_to_cpu(tlv_patch->entry)); 380 break; 381 382 case TLV_TYPE_NVM: 383 if (fw_size < sizeof(struct tlv_type_hdr)) 384 return -EINVAL; 385 386 tlv = (struct tlv_type_hdr *)fw_data; 387 388 type_len = le32_to_cpu(tlv->type_len); 389 length = type_len >> 8; 390 type = type_len & 0xff; 391 392 /* Some NVM files have more than one set of tags, only parse 393 * the first set when it has type 2 for now. When there is 394 * more than one set there is an enclosing header of type 4. 395 */ 396 if (type == 4) { 397 if (fw_size < 2 * sizeof(struct tlv_type_hdr)) 398 return -EINVAL; 399 400 tlv++; 401 402 type_len = le32_to_cpu(tlv->type_len); 403 length = type_len >> 8; 404 type = type_len & 0xff; 405 } 406 407 BT_DBG("TLV Type\t\t : 0x%x", type); 408 BT_DBG("Length\t\t : %d bytes", length); 409 410 if (type != 2) 411 break; 412 413 if (fw_size < length + (tlv->data - fw_data)) 414 return -EINVAL; 415 416 idx = 0; 417 data = tlv->data; 418 while (idx < length - sizeof(struct tlv_type_nvm)) { 419 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 420 421 tag_id = le16_to_cpu(tlv_nvm->tag_id); 422 tag_len = le16_to_cpu(tlv_nvm->tag_len); 423 424 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) 425 return -EINVAL; 426 427 /* Update NVM tags as needed */ 428 switch (tag_id) { 429 case EDL_TAG_ID_BD_ADDR: 430 if (tag_len != sizeof(bdaddr_t)) 431 return -EINVAL; 432 433 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); 434 435 break; 436 437 case EDL_TAG_ID_HCI: 438 if (tag_len < 3) 439 return -EINVAL; 440 441 /* HCI transport layer parameters 442 * enabling software inband sleep 443 * onto controller side. 444 */ 445 tlv_nvm->data[0] |= 0x80; 446 447 /* UART Baud Rate */ 448 if (soc_type >= QCA_WCN3991) 449 tlv_nvm->data[1] = nvm_baud_rate; 450 else 451 tlv_nvm->data[2] = nvm_baud_rate; 452 453 break; 454 455 case EDL_TAG_ID_DEEP_SLEEP: 456 if (tag_len < 1) 457 return -EINVAL; 458 459 /* Sleep enable mask 460 * enabling deep sleep feature on controller. 461 */ 462 tlv_nvm->data[0] |= 0x01; 463 464 break; 465 } 466 467 idx += sizeof(struct tlv_type_nvm) + tag_len; 468 } 469 break; 470 471 default: 472 BT_ERR("Unknown TLV type %d", config->type); 473 return -EINVAL; 474 } 475 476 return 0; 477 } 478 479 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 480 const u8 *data, enum qca_tlv_dnld_mode mode, 481 enum qca_btsoc_type soc_type) 482 { 483 struct sk_buff *skb; 484 struct edl_event_hdr *edl; 485 struct tlv_seg_resp *tlv_resp; 486 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 487 int err = 0; 488 u8 event_type = HCI_EV_VENDOR; 489 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 490 u8 rtype = EDL_TVL_DNLD_RES_EVT; 491 492 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 493 cmd[1] = seg_size; 494 memcpy(cmd + 2, data, seg_size); 495 496 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 497 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 498 cmd); 499 500 /* Unlike other SoC's sending version command response as payload to 501 * VSE event. WCN3991 sends version command response as a payload to 502 * command complete event. 503 */ 504 if (soc_type >= QCA_WCN3991) { 505 event_type = 0; 506 rlen = sizeof(*edl); 507 rtype = EDL_PATCH_TLV_REQ_CMD; 508 } 509 510 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 511 event_type, HCI_INIT_TIMEOUT); 512 if (IS_ERR(skb)) { 513 err = PTR_ERR(skb); 514 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 515 return err; 516 } 517 518 if (skb->len != rlen) { 519 bt_dev_err(hdev, "QCA TLV response size mismatch"); 520 err = -EILSEQ; 521 goto out; 522 } 523 524 edl = (struct edl_event_hdr *)(skb->data); 525 526 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 527 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 528 edl->cresp, edl->rtype); 529 err = -EIO; 530 } 531 532 if (soc_type >= QCA_WCN3991) 533 goto out; 534 535 tlv_resp = (struct tlv_seg_resp *)(edl->data); 536 if (tlv_resp->result) { 537 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 538 edl->cresp, edl->rtype, tlv_resp->result); 539 } 540 541 out: 542 kfree_skb(skb); 543 544 return err; 545 } 546 547 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 548 { 549 struct hci_event_hdr *hdr; 550 struct hci_ev_cmd_complete *evt; 551 struct sk_buff *skb; 552 553 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 554 if (!skb) 555 return -ENOMEM; 556 557 hdr = skb_put(skb, sizeof(*hdr)); 558 hdr->evt = HCI_EV_CMD_COMPLETE; 559 hdr->plen = sizeof(*evt) + 1; 560 561 evt = skb_put(skb, sizeof(*evt)); 562 evt->ncmd = 1; 563 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 564 565 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 566 567 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 568 569 return hci_recv_frame(hdev, skb); 570 } 571 572 static int qca_download_firmware(struct hci_dev *hdev, 573 struct qca_fw_config *config, 574 enum qca_btsoc_type soc_type, 575 u8 rom_ver) 576 { 577 const struct firmware *fw; 578 u8 *data; 579 const u8 *segment; 580 int ret, size, remain, i = 0; 581 582 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 583 584 ret = request_firmware(&fw, config->fwname, &hdev->dev); 585 if (ret) { 586 /* If the board-specific file is missing, try loading the default 587 * one, unless that was attempted already. 588 */ 589 if (config->type == TLV_TYPE_NVM && 590 qca_get_alt_nvm_file(config->fwname, sizeof(config->fwname))) { 591 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 592 ret = request_firmware(&fw, config->fwname, &hdev->dev); 593 if (ret) { 594 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 595 config->fwname, ret); 596 return ret; 597 } 598 } else { 599 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 600 config->fwname, ret); 601 return ret; 602 } 603 } 604 605 size = fw->size; 606 data = vmalloc(fw->size); 607 if (!data) { 608 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s", 609 config->fwname); 610 release_firmware(fw); 611 return -ENOMEM; 612 } 613 614 memcpy(data, fw->data, size); 615 release_firmware(fw); 616 617 ret = qca_tlv_check_data(hdev, config, data, size, soc_type); 618 if (ret) 619 goto out; 620 621 segment = data; 622 remain = size; 623 while (remain > 0) { 624 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 625 626 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 627 628 remain -= segsize; 629 /* The last segment is always acked regardless download mode */ 630 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 631 config->dnld_mode = QCA_SKIP_EVT_NONE; 632 633 ret = qca_tlv_send_segment(hdev, segsize, segment, 634 config->dnld_mode, soc_type); 635 if (ret) 636 goto out; 637 638 segment += segsize; 639 } 640 641 /* Latest qualcomm chipsets are not sending a command complete event 642 * for every fw packet sent. They only respond with a vendor specific 643 * event for the last packet. This optimization in the chip will 644 * decrease the BT in initialization time. Here we will inject a command 645 * complete event to avoid a command timeout error message. 646 */ 647 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 648 config->dnld_type == QCA_SKIP_EVT_VSE) 649 ret = qca_inject_cmd_complete_event(hdev); 650 651 out: 652 vfree(data); 653 654 return ret; 655 } 656 657 static int qca_disable_soc_logging(struct hci_dev *hdev) 658 { 659 struct sk_buff *skb; 660 u8 cmd[2]; 661 int err; 662 663 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 664 cmd[1] = 0x00; 665 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 666 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 667 if (IS_ERR(skb)) { 668 err = PTR_ERR(skb); 669 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 670 return err; 671 } 672 673 kfree_skb(skb); 674 675 return 0; 676 } 677 678 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 679 { 680 struct sk_buff *skb; 681 u8 cmd[9]; 682 int err; 683 684 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 685 cmd[1] = 0x02; /* TAG ID */ 686 cmd[2] = sizeof(bdaddr_t); /* size */ 687 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 688 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 689 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 690 if (IS_ERR(skb)) { 691 err = PTR_ERR(skb); 692 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 693 return err; 694 } 695 696 kfree_skb(skb); 697 698 return 0; 699 } 700 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 701 702 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) 703 { 704 struct hci_rp_read_bd_addr *bda; 705 struct sk_buff *skb; 706 int err; 707 708 if (bacmp(&hdev->public_addr, BDADDR_ANY)) 709 return 0; 710 711 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 712 HCI_INIT_TIMEOUT); 713 if (IS_ERR(skb)) { 714 err = PTR_ERR(skb); 715 bt_dev_err(hdev, "Failed to read device address (%d)", err); 716 return err; 717 } 718 719 if (skb->len != sizeof(*bda)) { 720 bt_dev_err(hdev, "Device address length mismatch"); 721 kfree_skb(skb); 722 return -EIO; 723 } 724 725 bda = (struct hci_rp_read_bd_addr *)skb->data; 726 if (!bacmp(&bda->bdaddr, &config->bdaddr)) 727 hci_set_quirk(hdev, HCI_QUIRK_USE_BDADDR_PROPERTY); 728 729 kfree_skb(skb); 730 731 return 0; 732 } 733 734 static void qca_get_nvm_name_by_board(char *fwname, size_t max_size, 735 const char *stem, enum qca_btsoc_type soc_type, 736 struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 737 { 738 const char *variant; 739 const char *prefix; 740 741 /* Set the default value to variant and prefix */ 742 variant = ""; 743 prefix = "b"; 744 745 if (soc_type == QCA_QCA2066) 746 prefix = ""; 747 748 if (soc_type == QCA_WCN6855 || soc_type == QCA_QCA2066) { 749 /* If the chip is manufactured by GlobalFoundries */ 750 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 751 variant = "g"; 752 } 753 754 if (rom_ver != 0) { 755 if (bid == 0x0 || bid == 0xffff) 756 snprintf(fwname, max_size, "qca/%s%02x%s.bin", stem, rom_ver, variant); 757 else 758 snprintf(fwname, max_size, "qca/%s%02x%s.%s%02x", stem, rom_ver, 759 variant, prefix, bid); 760 } else { 761 if (bid == 0x0 || bid == 0xffff) 762 snprintf(fwname, max_size, "qca/%s%s.bin", stem, variant); 763 else 764 snprintf(fwname, max_size, "qca/%s%s.%s%02x", stem, variant, prefix, bid); 765 } 766 } 767 768 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 769 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 770 const char *firmware_name, const char *rampatch_name) 771 { 772 struct qca_fw_config config = {}; 773 const char *variant = ""; 774 int err; 775 u8 rom_ver = 0; 776 u32 soc_ver; 777 u16 boardid = 0; 778 779 bt_dev_dbg(hdev, "QCA setup on UART"); 780 781 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver); 782 783 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver); 784 785 config.user_baud_rate = baudrate; 786 787 /* Firmware files to download are based on ROM version. 788 * ROM version is derived from last two bytes of soc_ver. 789 */ 790 if (soc_type == QCA_WCN3988) 791 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f); 792 else if (soc_type == QCA_WCN3998) 793 rom_ver = ((soc_ver & 0x0000f000) >> 0x07) | (soc_ver & 0x0000000f); 794 else 795 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f); 796 797 if (soc_type == QCA_WCN6750) 798 qca_send_patch_config_cmd(hdev); 799 800 /* Download rampatch file */ 801 config.type = TLV_TYPE_PATCH; 802 if (rampatch_name) { 803 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", rampatch_name); 804 } else { 805 switch (soc_type) { 806 case QCA_QCA2066: 807 snprintf(config.fwname, sizeof(config.fwname), 808 "qca/hpbtfw%02x.tlv", rom_ver); 809 break; 810 case QCA_QCA6390: 811 snprintf(config.fwname, sizeof(config.fwname), 812 "qca/htbtfw%02x.tlv", rom_ver); 813 break; 814 case QCA_WCN3950: 815 snprintf(config.fwname, sizeof(config.fwname), 816 "qca/cmbtfw%02x.tlv", rom_ver); 817 break; 818 case QCA_WCN3990: 819 case QCA_WCN3991: 820 case QCA_WCN3998: 821 snprintf(config.fwname, sizeof(config.fwname), 822 "qca/crbtfw%02x.tlv", rom_ver); 823 break; 824 case QCA_WCN3988: 825 snprintf(config.fwname, sizeof(config.fwname), 826 "qca/apbtfw%02x.tlv", rom_ver); 827 break; 828 case QCA_WCN6750: 829 /* Choose mbn file by default.If mbn file is not found 830 * then choose tlv file 831 */ 832 config.type = ELF_TYPE_PATCH; 833 snprintf(config.fwname, sizeof(config.fwname), 834 "qca/msbtfw%02x.mbn", rom_ver); 835 break; 836 case QCA_WCN6855: 837 /* Due to historical reasons, WCN685x chip has been using firmware 838 * without the "wcn" prefix. The mapping between the chip and its 839 * corresponding firmware has now been corrected. 840 */ 841 snprintf(config.fwname, sizeof(config.fwname), 842 "qca/wcnhpbtfw%02x.tlv", rom_ver); 843 break; 844 case QCA_WCN7850: 845 snprintf(config.fwname, sizeof(config.fwname), 846 "qca/hmtbtfw%02x.tlv", rom_ver); 847 break; 848 default: 849 snprintf(config.fwname, sizeof(config.fwname), 850 "qca/rampatch_%08x.bin", soc_ver); 851 } 852 } 853 854 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 855 /* For WCN6750, if mbn file is not present then check for 856 * tlv file. 857 */ 858 if (err < 0 && soc_type == QCA_WCN6750) { 859 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)", 860 config.fwname, err); 861 config.type = TLV_TYPE_PATCH; 862 snprintf(config.fwname, sizeof(config.fwname), 863 "qca/msbtfw%02x.tlv", rom_ver); 864 bt_dev_info(hdev, "QCA Downloading %s", config.fwname); 865 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 866 } else if (err < 0 && !rampatch_name && soc_type == QCA_WCN6855) { 867 snprintf(config.fwname, sizeof(config.fwname), 868 "qca/hpbtfw%02x.tlv", rom_ver); 869 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 870 } 871 872 if (err < 0) { 873 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 874 config.fwname, err); 875 return err; 876 } 877 878 /* Give the controller some time to get ready to receive the NVM */ 879 msleep(10); 880 881 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850) 882 qca_read_fw_board_id(hdev, &boardid); 883 884 /* Download NVM configuration */ 885 config.type = TLV_TYPE_NVM; 886 if (firmware_name) { 887 /* The firmware name has an extension, use it directly */ 888 if (qca_filename_has_extension(firmware_name)) { 889 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", firmware_name); 890 } else { 891 qca_read_fw_board_id(hdev, &boardid); 892 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 893 firmware_name, soc_type, ver, 0, boardid); 894 } 895 } else { 896 switch (soc_type) { 897 case QCA_QCA2066: 898 qca_get_nvm_name_by_board(config.fwname, 899 sizeof(config.fwname), 900 "hpnv", soc_type, ver, 901 rom_ver, boardid); 902 break; 903 case QCA_QCA6390: 904 snprintf(config.fwname, sizeof(config.fwname), 905 "qca/htnv%02x.bin", rom_ver); 906 break; 907 case QCA_WCN3950: 908 if (le32_to_cpu(ver.soc_id) == QCA_WCN3950_SOC_ID_T) 909 variant = "t"; 910 else if (le32_to_cpu(ver.soc_id) == QCA_WCN3950_SOC_ID_S) 911 variant = "s"; 912 913 snprintf(config.fwname, sizeof(config.fwname), 914 "qca/cmnv%02x%s.bin", rom_ver, variant); 915 break; 916 case QCA_WCN3990: 917 case QCA_WCN3991: 918 case QCA_WCN3998: 919 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) 920 variant = "u"; 921 922 snprintf(config.fwname, sizeof(config.fwname), 923 "qca/crnv%02x%s.bin", rom_ver, variant); 924 break; 925 case QCA_WCN3988: 926 snprintf(config.fwname, sizeof(config.fwname), 927 "qca/apnv%02x.bin", rom_ver); 928 break; 929 case QCA_WCN6750: 930 snprintf(config.fwname, sizeof(config.fwname), 931 "qca/msnv%02x.bin", rom_ver); 932 break; 933 case QCA_WCN6855: 934 qca_read_fw_board_id(hdev, &boardid); 935 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 936 "wcnhpnv", soc_type, ver, rom_ver, boardid); 937 break; 938 case QCA_WCN7850: 939 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 940 "hmtnv", soc_type, ver, rom_ver, boardid); 941 break; 942 default: 943 snprintf(config.fwname, sizeof(config.fwname), 944 "qca/nvm_%08x.bin", soc_ver); 945 } 946 } 947 948 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 949 if (err < 0 && !firmware_name && soc_type == QCA_WCN6855) { 950 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 951 "hpnv", soc_type, ver, rom_ver, boardid); 952 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 953 } 954 955 if (err < 0) { 956 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 957 config.fwname, err); 958 return err; 959 } 960 961 switch (soc_type) { 962 case QCA_QCA2066: 963 case QCA_QCA6390: 964 case QCA_WCN3991: 965 case QCA_WCN6750: 966 case QCA_WCN6855: 967 case QCA_WCN7850: 968 err = qca_disable_soc_logging(hdev); 969 if (err < 0) 970 return err; 971 break; 972 default: 973 break; 974 } 975 976 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the 977 * VsMsftOpCode. 978 */ 979 switch (soc_type) { 980 case QCA_WCN3950: 981 case QCA_WCN3988: 982 case QCA_WCN3990: 983 case QCA_WCN3991: 984 case QCA_WCN3998: 985 case QCA_WCN6750: 986 hci_set_msft_opcode(hdev, 0xFD70); 987 break; 988 default: 989 break; 990 } 991 992 /* Perform HCI reset */ 993 err = qca_send_reset(hdev); 994 if (err < 0) { 995 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 996 return err; 997 } 998 999 switch (soc_type) { 1000 case QCA_WCN3991: 1001 case QCA_WCN6750: 1002 case QCA_WCN6855: 1003 case QCA_WCN7850: 1004 /* get fw build info */ 1005 err = qca_read_fw_build_info(hdev); 1006 if (err < 0) 1007 return err; 1008 break; 1009 default: 1010 break; 1011 } 1012 1013 err = qca_check_bdaddr(hdev, &config); 1014 if (err) 1015 return err; 1016 1017 bt_dev_info(hdev, "QCA setup on UART is completed"); 1018 1019 return 0; 1020 } 1021 EXPORT_SYMBOL_GPL(qca_uart_setup); 1022 1023 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1024 { 1025 bdaddr_t bdaddr_swapped; 1026 struct sk_buff *skb; 1027 int err; 1028 1029 baswap(&bdaddr_swapped, bdaddr); 1030 1031 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, 1032 &bdaddr_swapped, HCI_EV_VENDOR, 1033 HCI_INIT_TIMEOUT); 1034 if (IS_ERR(skb)) { 1035 err = PTR_ERR(skb); 1036 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 1037 return err; 1038 } 1039 1040 kfree_skb(skb); 1041 1042 return 0; 1043 } 1044 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 1045 1046 1047 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 1048 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family"); 1049 MODULE_LICENSE("GPL"); 1050