1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 10 #include <net/bluetooth/bluetooth.h> 11 #include <net/bluetooth/hci_core.h> 12 13 #include "btqca.h" 14 15 #define VERSION "0.1" 16 17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version) 18 { 19 struct sk_buff *skb; 20 struct edl_event_hdr *edl; 21 struct rome_version *ver; 22 char cmd; 23 int err = 0; 24 25 bt_dev_dbg(hdev, "QCA Version Request"); 26 27 cmd = EDL_PATCH_VER_REQ_CMD; 28 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 29 &cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 30 if (IS_ERR(skb)) { 31 err = PTR_ERR(skb); 32 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 33 err); 34 return err; 35 } 36 37 if (skb->len != sizeof(*edl) + sizeof(*ver)) { 38 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 39 err = -EILSEQ; 40 goto out; 41 } 42 43 edl = (struct edl_event_hdr *)(skb->data); 44 if (!edl) { 45 bt_dev_err(hdev, "QCA TLV with no header"); 46 err = -EILSEQ; 47 goto out; 48 } 49 50 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 51 edl->rtype != EDL_APP_VER_RES_EVT) { 52 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 53 edl->rtype); 54 err = -EIO; 55 goto out; 56 } 57 58 ver = (struct rome_version *)(edl->data); 59 60 BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id)); 61 BT_DBG("%s: Patch :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver)); 62 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver)); 63 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id)); 64 65 /* QCA chipset version can be decided by patch and SoC 66 * version, combination with upper 2 bytes from SoC 67 * and lower 2 bytes from patch will be used. 68 */ 69 *soc_version = (le32_to_cpu(ver->soc_id) << 16) | 70 (le16_to_cpu(ver->rome_ver) & 0x0000ffff); 71 if (*soc_version == 0) 72 err = -EILSEQ; 73 74 out: 75 kfree_skb(skb); 76 if (err) 77 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 78 79 return err; 80 } 81 EXPORT_SYMBOL_GPL(qca_read_soc_version); 82 83 static int qca_send_reset(struct hci_dev *hdev) 84 { 85 struct sk_buff *skb; 86 int err; 87 88 bt_dev_dbg(hdev, "QCA HCI_RESET"); 89 90 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 91 if (IS_ERR(skb)) { 92 err = PTR_ERR(skb); 93 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 94 return err; 95 } 96 97 kfree_skb(skb); 98 99 return 0; 100 } 101 102 static void qca_tlv_check_data(struct rome_config *config, 103 const struct firmware *fw) 104 { 105 const u8 *data; 106 u32 type_len; 107 u16 tag_id, tag_len; 108 int idx, length; 109 struct tlv_type_hdr *tlv; 110 struct tlv_type_patch *tlv_patch; 111 struct tlv_type_nvm *tlv_nvm; 112 113 tlv = (struct tlv_type_hdr *)fw->data; 114 115 type_len = le32_to_cpu(tlv->type_len); 116 length = (type_len >> 8) & 0x00ffffff; 117 118 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 119 BT_DBG("Length\t\t : %d bytes", length); 120 121 config->dnld_mode = ROME_SKIP_EVT_NONE; 122 123 switch (config->type) { 124 case TLV_TYPE_PATCH: 125 tlv_patch = (struct tlv_type_patch *)tlv->data; 126 127 /* For Rome version 1.1 to 3.1, all segment commands 128 * are acked by a vendor specific event (VSE). 129 * For Rome >= 3.2, the download mode field indicates 130 * if VSE is skipped by the controller. 131 * In case VSE is skipped, only the last segment is acked. 132 */ 133 config->dnld_mode = tlv_patch->download_mode; 134 135 BT_DBG("Total Length : %d bytes", 136 le32_to_cpu(tlv_patch->total_size)); 137 BT_DBG("Patch Data Length : %d bytes", 138 le32_to_cpu(tlv_patch->data_length)); 139 BT_DBG("Signing Format Version : 0x%x", 140 tlv_patch->format_version); 141 BT_DBG("Signature Algorithm : 0x%x", 142 tlv_patch->signature); 143 BT_DBG("Download mode : 0x%x", 144 tlv_patch->download_mode); 145 BT_DBG("Reserved : 0x%x", 146 tlv_patch->reserved1); 147 BT_DBG("Product ID : 0x%04x", 148 le16_to_cpu(tlv_patch->product_id)); 149 BT_DBG("Rom Build Version : 0x%04x", 150 le16_to_cpu(tlv_patch->rom_build)); 151 BT_DBG("Patch Version : 0x%04x", 152 le16_to_cpu(tlv_patch->patch_version)); 153 BT_DBG("Reserved : 0x%x", 154 le16_to_cpu(tlv_patch->reserved2)); 155 BT_DBG("Patch Entry Address : 0x%x", 156 le32_to_cpu(tlv_patch->entry)); 157 break; 158 159 case TLV_TYPE_NVM: 160 idx = 0; 161 data = tlv->data; 162 while (idx < length) { 163 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 164 165 tag_id = le16_to_cpu(tlv_nvm->tag_id); 166 tag_len = le16_to_cpu(tlv_nvm->tag_len); 167 168 /* Update NVM tags as needed */ 169 switch (tag_id) { 170 case EDL_TAG_ID_HCI: 171 /* HCI transport layer parameters 172 * enabling software inband sleep 173 * onto controller side. 174 */ 175 tlv_nvm->data[0] |= 0x80; 176 177 /* UART Baud Rate */ 178 tlv_nvm->data[2] = config->user_baud_rate; 179 180 break; 181 182 case EDL_TAG_ID_DEEP_SLEEP: 183 /* Sleep enable mask 184 * enabling deep sleep feature on controller. 185 */ 186 tlv_nvm->data[0] |= 0x01; 187 188 break; 189 } 190 191 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); 192 } 193 break; 194 195 default: 196 BT_ERR("Unknown TLV type %d", config->type); 197 break; 198 } 199 } 200 201 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 202 const u8 *data, enum rome_tlv_dnld_mode mode) 203 { 204 struct sk_buff *skb; 205 struct edl_event_hdr *edl; 206 struct tlv_seg_resp *tlv_resp; 207 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 208 int err = 0; 209 210 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 211 cmd[1] = seg_size; 212 memcpy(cmd + 2, data, seg_size); 213 214 if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE) 215 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 216 cmd); 217 218 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 219 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 220 if (IS_ERR(skb)) { 221 err = PTR_ERR(skb); 222 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 223 return err; 224 } 225 226 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) { 227 bt_dev_err(hdev, "QCA TLV response size mismatch"); 228 err = -EILSEQ; 229 goto out; 230 } 231 232 edl = (struct edl_event_hdr *)(skb->data); 233 if (!edl) { 234 bt_dev_err(hdev, "TLV with no header"); 235 err = -EILSEQ; 236 goto out; 237 } 238 239 tlv_resp = (struct tlv_seg_resp *)(edl->data); 240 241 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 242 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) { 243 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 244 edl->cresp, edl->rtype, tlv_resp->result); 245 err = -EIO; 246 } 247 248 out: 249 kfree_skb(skb); 250 251 return err; 252 } 253 254 static int qca_download_firmware(struct hci_dev *hdev, 255 struct rome_config *config) 256 { 257 const struct firmware *fw; 258 const u8 *segment; 259 int ret, remain, i = 0; 260 261 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 262 263 ret = request_firmware(&fw, config->fwname, &hdev->dev); 264 if (ret) { 265 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 266 config->fwname, ret); 267 return ret; 268 } 269 270 qca_tlv_check_data(config, fw); 271 272 segment = fw->data; 273 remain = fw->size; 274 while (remain > 0) { 275 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 276 277 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 278 279 remain -= segsize; 280 /* The last segment is always acked regardless download mode */ 281 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 282 config->dnld_mode = ROME_SKIP_EVT_NONE; 283 284 ret = qca_tlv_send_segment(hdev, segsize, segment, 285 config->dnld_mode); 286 if (ret) 287 break; 288 289 segment += segsize; 290 } 291 292 release_firmware(fw); 293 294 return ret; 295 } 296 297 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 298 { 299 struct sk_buff *skb; 300 u8 cmd[9]; 301 int err; 302 303 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 304 cmd[1] = 0x02; /* TAG ID */ 305 cmd[2] = sizeof(bdaddr_t); /* size */ 306 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 307 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 308 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 309 if (IS_ERR(skb)) { 310 err = PTR_ERR(skb); 311 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 312 return err; 313 } 314 315 kfree_skb(skb); 316 317 return 0; 318 } 319 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 320 321 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 322 enum qca_btsoc_type soc_type, u32 soc_ver) 323 { 324 struct rome_config config; 325 int err; 326 u8 rom_ver = 0; 327 328 bt_dev_dbg(hdev, "QCA setup on UART"); 329 330 config.user_baud_rate = baudrate; 331 332 /* Download rampatch file */ 333 config.type = TLV_TYPE_PATCH; 334 if (qca_is_wcn399x(soc_type)) { 335 /* Firmware files to download are based on ROM version. 336 * ROM version is derived from last two bytes of soc_ver. 337 */ 338 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | 339 (soc_ver & 0x0000000f); 340 snprintf(config.fwname, sizeof(config.fwname), 341 "qca/crbtfw%02x.tlv", rom_ver); 342 } else { 343 snprintf(config.fwname, sizeof(config.fwname), 344 "qca/rampatch_%08x.bin", soc_ver); 345 } 346 347 err = qca_download_firmware(hdev, &config); 348 if (err < 0) { 349 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err); 350 return err; 351 } 352 353 /* Download NVM configuration */ 354 config.type = TLV_TYPE_NVM; 355 if (qca_is_wcn399x(soc_type)) 356 snprintf(config.fwname, sizeof(config.fwname), 357 "qca/crnv%02x.bin", rom_ver); 358 else 359 snprintf(config.fwname, sizeof(config.fwname), 360 "qca/nvm_%08x.bin", soc_ver); 361 362 err = qca_download_firmware(hdev, &config); 363 if (err < 0) { 364 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 365 return err; 366 } 367 368 /* Perform HCI reset */ 369 err = qca_send_reset(hdev); 370 if (err < 0) { 371 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 372 return err; 373 } 374 375 bt_dev_info(hdev, "QCA setup on UART is completed"); 376 377 return 0; 378 } 379 EXPORT_SYMBOL_GPL(qca_uart_setup); 380 381 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 382 { 383 struct sk_buff *skb; 384 int err; 385 386 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, 387 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 388 if (IS_ERR(skb)) { 389 err = PTR_ERR(skb); 390 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 391 return err; 392 } 393 394 kfree_skb(skb); 395 396 return 0; 397 } 398 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 399 400 401 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 402 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 403 MODULE_VERSION(VERSION); 404 MODULE_LICENSE("GPL"); 405