1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7 #include <linux/module.h>
8 #include <linux/firmware.h>
9 #include <linux/vmalloc.h>
10
11 #include <net/bluetooth/bluetooth.h>
12 #include <net/bluetooth/hci_core.h>
13
14 #include "btqca.h"
15
16 #define VERSION "0.1"
17
qca_read_soc_version(struct hci_dev * hdev,struct qca_btsoc_version * ver,enum qca_btsoc_type soc_type)18 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
19 enum qca_btsoc_type soc_type)
20 {
21 struct sk_buff *skb;
22 struct edl_event_hdr *edl;
23 char cmd;
24 int err = 0;
25 u8 event_type = HCI_EV_VENDOR;
26 u8 rlen = sizeof(*edl) + sizeof(*ver);
27 u8 rtype = EDL_APP_VER_RES_EVT;
28
29 bt_dev_dbg(hdev, "QCA Version Request");
30
31 /* Unlike other SoC's sending version command response as payload to
32 * VSE event. WCN3991 sends version command response as a payload to
33 * command complete event.
34 */
35 if (soc_type >= QCA_WCN3991) {
36 event_type = 0;
37 rlen += 1;
38 rtype = EDL_PATCH_VER_REQ_CMD;
39 }
40
41 cmd = EDL_PATCH_VER_REQ_CMD;
42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
43 &cmd, event_type, HCI_INIT_TIMEOUT);
44 if (IS_ERR(skb)) {
45 err = PTR_ERR(skb);
46 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
47 err);
48 return err;
49 }
50
51 if (skb->len != rlen) {
52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
53 err = -EILSEQ;
54 goto out;
55 }
56
57 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) {
59 bt_dev_err(hdev, "QCA TLV with no header");
60 err = -EILSEQ;
61 goto out;
62 }
63
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != rtype) {
66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
67 edl->rtype);
68 err = -EIO;
69 goto out;
70 }
71
72 if (soc_type >= QCA_WCN3991)
73 memcpy(ver, edl->data + 1, sizeof(*ver));
74 else
75 memcpy(ver, &edl->data, sizeof(*ver));
76
77 bt_dev_info(hdev, "QCA Product ID :0x%08x",
78 le32_to_cpu(ver->product_id));
79 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
80 le32_to_cpu(ver->soc_id));
81 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
82 le16_to_cpu(ver->rom_ver));
83 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
84 le16_to_cpu(ver->patch_ver));
85
86 if (ver->soc_id == 0 || ver->rom_ver == 0)
87 err = -EILSEQ;
88
89 out:
90 kfree_skb(skb);
91 if (err)
92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
93
94 return err;
95 }
96 EXPORT_SYMBOL_GPL(qca_read_soc_version);
97
qca_read_fw_build_info(struct hci_dev * hdev)98 static int qca_read_fw_build_info(struct hci_dev *hdev)
99 {
100 struct sk_buff *skb;
101 struct edl_event_hdr *edl;
102 char *build_label;
103 char cmd;
104 int build_lbl_len, err = 0;
105
106 bt_dev_dbg(hdev, "QCA read fw build info");
107
108 cmd = EDL_GET_BUILD_INFO_CMD;
109 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
110 &cmd, 0, HCI_INIT_TIMEOUT);
111 if (IS_ERR(skb)) {
112 err = PTR_ERR(skb);
113 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
114 err);
115 return err;
116 }
117
118 if (skb->len < sizeof(*edl)) {
119 err = -EILSEQ;
120 goto out;
121 }
122
123 edl = (struct edl_event_hdr *)(skb->data);
124 if (!edl) {
125 bt_dev_err(hdev, "QCA read fw build info with no header");
126 err = -EILSEQ;
127 goto out;
128 }
129
130 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
131 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
132 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
133 edl->rtype);
134 err = -EIO;
135 goto out;
136 }
137
138 if (skb->len < sizeof(*edl) + 1) {
139 err = -EILSEQ;
140 goto out;
141 }
142
143 build_lbl_len = edl->data[0];
144
145 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) {
146 err = -EILSEQ;
147 goto out;
148 }
149
150 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL);
151 if (!build_label) {
152 err = -ENOMEM;
153 goto out;
154 }
155
156 hci_set_fw_info(hdev, "%s", build_label);
157
158 kfree(build_label);
159 out:
160 kfree_skb(skb);
161 return err;
162 }
163
qca_send_patch_config_cmd(struct hci_dev * hdev)164 static int qca_send_patch_config_cmd(struct hci_dev *hdev)
165 {
166 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
167 struct sk_buff *skb;
168 struct edl_event_hdr *edl;
169 int err;
170
171 bt_dev_dbg(hdev, "QCA Patch config");
172
173 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
174 cmd, 0, HCI_INIT_TIMEOUT);
175 if (IS_ERR(skb)) {
176 err = PTR_ERR(skb);
177 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
178 return err;
179 }
180
181 if (skb->len != 2) {
182 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
183 err = -EILSEQ;
184 goto out;
185 }
186
187 edl = (struct edl_event_hdr *)(skb->data);
188 if (!edl) {
189 bt_dev_err(hdev, "QCA Patch config with no header");
190 err = -EILSEQ;
191 goto out;
192 }
193
194 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
195 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
196 edl->rtype);
197 err = -EIO;
198 goto out;
199 }
200
201 err = 0;
202
203 out:
204 kfree_skb(skb);
205 return err;
206 }
207
qca_send_reset(struct hci_dev * hdev)208 static int qca_send_reset(struct hci_dev *hdev)
209 {
210 struct sk_buff *skb;
211 int err;
212
213 bt_dev_dbg(hdev, "QCA HCI_RESET");
214
215 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
216 if (IS_ERR(skb)) {
217 err = PTR_ERR(skb);
218 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
219 return err;
220 }
221
222 kfree_skb(skb);
223
224 return 0;
225 }
226
qca_read_fw_board_id(struct hci_dev * hdev,u16 * bid)227 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid)
228 {
229 u8 cmd;
230 struct sk_buff *skb;
231 struct edl_event_hdr *edl;
232 int err = 0;
233
234 cmd = EDL_GET_BID_REQ_CMD;
235 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
236 &cmd, 0, HCI_INIT_TIMEOUT);
237 if (IS_ERR(skb)) {
238 err = PTR_ERR(skb);
239 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err);
240 return err;
241 }
242
243 edl = skb_pull_data(skb, sizeof(*edl));
244 if (!edl) {
245 bt_dev_err(hdev, "QCA read board ID with no header");
246 err = -EILSEQ;
247 goto out;
248 }
249
250 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
251 edl->rtype != EDL_GET_BID_REQ_CMD) {
252 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype);
253 err = -EIO;
254 goto out;
255 }
256
257 if (skb->len < 3) {
258 err = -EILSEQ;
259 goto out;
260 }
261
262 *bid = (edl->data[1] << 8) + edl->data[2];
263 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid);
264
265 out:
266 kfree_skb(skb);
267 return err;
268 }
269
qca_send_pre_shutdown_cmd(struct hci_dev * hdev)270 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
271 {
272 struct sk_buff *skb;
273 int err;
274
275 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
276
277 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
278 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
279
280 if (IS_ERR(skb)) {
281 err = PTR_ERR(skb);
282 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
283 return err;
284 }
285
286 kfree_skb(skb);
287
288 return 0;
289 }
290 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
291
qca_filename_has_extension(const char * filename)292 static bool qca_filename_has_extension(const char *filename)
293 {
294 const char *suffix = strrchr(filename, '.');
295
296 /* File extensions require a dot, but not as the first or last character */
297 if (!suffix || suffix == filename || *(suffix + 1) == '\0')
298 return 0;
299
300 /* Avoid matching directories with names that look like files with extensions */
301 return !strchr(suffix, '/');
302 }
303
qca_get_alt_nvm_file(char * filename,size_t max_size)304 static bool qca_get_alt_nvm_file(char *filename, size_t max_size)
305 {
306 char fwname[64];
307 const char *suffix;
308
309 /* nvm file name has an extension, replace with .bin */
310 if (qca_filename_has_extension(filename)) {
311 suffix = strrchr(filename, '.');
312 strscpy(fwname, filename, suffix - filename + 1);
313 snprintf(fwname + (suffix - filename),
314 sizeof(fwname) - (suffix - filename), ".bin");
315 /* If nvm file is already the default one, return false to skip the retry. */
316 if (strcmp(fwname, filename) == 0)
317 return false;
318
319 snprintf(filename, max_size, "%s", fwname);
320 return true;
321 }
322 return false;
323 }
324
qca_tlv_check_data(struct hci_dev * hdev,struct qca_fw_config * config,u8 * fw_data,size_t fw_size,enum qca_btsoc_type soc_type)325 static int qca_tlv_check_data(struct hci_dev *hdev,
326 struct qca_fw_config *config,
327 u8 *fw_data, size_t fw_size,
328 enum qca_btsoc_type soc_type)
329 {
330 const u8 *data;
331 u32 type_len;
332 u16 tag_id, tag_len;
333 int idx, length;
334 struct tlv_type_hdr *tlv;
335 struct tlv_type_patch *tlv_patch;
336 struct tlv_type_nvm *tlv_nvm;
337 uint8_t nvm_baud_rate = config->user_baud_rate;
338 u8 type;
339
340 config->dnld_mode = QCA_SKIP_EVT_NONE;
341 config->dnld_type = QCA_SKIP_EVT_NONE;
342
343 switch (config->type) {
344 case ELF_TYPE_PATCH:
345 if (fw_size < 7)
346 return -EINVAL;
347
348 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
349 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
350
351 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]);
352 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]);
353 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]);
354 break;
355 case TLV_TYPE_PATCH:
356 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch))
357 return -EINVAL;
358
359 tlv = (struct tlv_type_hdr *)fw_data;
360 type_len = le32_to_cpu(tlv->type_len);
361 tlv_patch = (struct tlv_type_patch *)tlv->data;
362
363 /* For Rome version 1.1 to 3.1, all segment commands
364 * are acked by a vendor specific event (VSE).
365 * For Rome >= 3.2, the download mode field indicates
366 * if VSE is skipped by the controller.
367 * In case VSE is skipped, only the last segment is acked.
368 */
369 config->dnld_mode = tlv_patch->download_mode;
370 config->dnld_type = config->dnld_mode;
371
372 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
373 BT_DBG("Total Length : %d bytes",
374 le32_to_cpu(tlv_patch->total_size));
375 BT_DBG("Patch Data Length : %d bytes",
376 le32_to_cpu(tlv_patch->data_length));
377 BT_DBG("Signing Format Version : 0x%x",
378 tlv_patch->format_version);
379 BT_DBG("Signature Algorithm : 0x%x",
380 tlv_patch->signature);
381 BT_DBG("Download mode : 0x%x",
382 tlv_patch->download_mode);
383 BT_DBG("Reserved : 0x%x",
384 tlv_patch->reserved1);
385 BT_DBG("Product ID : 0x%04x",
386 le16_to_cpu(tlv_patch->product_id));
387 BT_DBG("Rom Build Version : 0x%04x",
388 le16_to_cpu(tlv_patch->rom_build));
389 BT_DBG("Patch Version : 0x%04x",
390 le16_to_cpu(tlv_patch->patch_version));
391 BT_DBG("Reserved : 0x%x",
392 le16_to_cpu(tlv_patch->reserved2));
393 BT_DBG("Patch Entry Address : 0x%x",
394 le32_to_cpu(tlv_patch->entry));
395 break;
396
397 case TLV_TYPE_NVM:
398 if (fw_size < sizeof(struct tlv_type_hdr))
399 return -EINVAL;
400
401 tlv = (struct tlv_type_hdr *)fw_data;
402
403 type_len = le32_to_cpu(tlv->type_len);
404 length = type_len >> 8;
405 type = type_len & 0xff;
406
407 /* Some NVM files have more than one set of tags, only parse
408 * the first set when it has type 2 for now. When there is
409 * more than one set there is an enclosing header of type 4.
410 */
411 if (type == 4) {
412 if (fw_size < 2 * sizeof(struct tlv_type_hdr))
413 return -EINVAL;
414
415 tlv++;
416
417 type_len = le32_to_cpu(tlv->type_len);
418 length = type_len >> 8;
419 type = type_len & 0xff;
420 }
421
422 BT_DBG("TLV Type\t\t : 0x%x", type);
423 BT_DBG("Length\t\t : %d bytes", length);
424
425 if (type != 2)
426 break;
427
428 if (fw_size < length + (tlv->data - fw_data))
429 return -EINVAL;
430
431 idx = 0;
432 data = tlv->data;
433 while (idx < length - sizeof(struct tlv_type_nvm)) {
434 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
435
436 tag_id = le16_to_cpu(tlv_nvm->tag_id);
437 tag_len = le16_to_cpu(tlv_nvm->tag_len);
438
439 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len)
440 return -EINVAL;
441
442 /* Update NVM tags as needed */
443 switch (tag_id) {
444 case EDL_TAG_ID_BD_ADDR:
445 if (tag_len != sizeof(bdaddr_t))
446 return -EINVAL;
447
448 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t));
449
450 break;
451
452 case EDL_TAG_ID_HCI:
453 if (tag_len < 3)
454 return -EINVAL;
455
456 /* HCI transport layer parameters
457 * enabling software inband sleep
458 * onto controller side.
459 */
460 tlv_nvm->data[0] |= 0x80;
461
462 /* UART Baud Rate */
463 if (soc_type >= QCA_WCN3991)
464 tlv_nvm->data[1] = nvm_baud_rate;
465 else
466 tlv_nvm->data[2] = nvm_baud_rate;
467
468 break;
469
470 case EDL_TAG_ID_DEEP_SLEEP:
471 if (tag_len < 1)
472 return -EINVAL;
473
474 /* Sleep enable mask
475 * enabling deep sleep feature on controller.
476 */
477 tlv_nvm->data[0] |= 0x01;
478
479 break;
480 }
481
482 idx += sizeof(struct tlv_type_nvm) + tag_len;
483 }
484 break;
485
486 default:
487 BT_ERR("Unknown TLV type %d", config->type);
488 return -EINVAL;
489 }
490
491 return 0;
492 }
493
qca_tlv_send_segment(struct hci_dev * hdev,int seg_size,const u8 * data,enum qca_tlv_dnld_mode mode,enum qca_btsoc_type soc_type)494 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
495 const u8 *data, enum qca_tlv_dnld_mode mode,
496 enum qca_btsoc_type soc_type)
497 {
498 struct sk_buff *skb;
499 struct edl_event_hdr *edl;
500 struct tlv_seg_resp *tlv_resp;
501 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
502 int err = 0;
503 u8 event_type = HCI_EV_VENDOR;
504 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
505 u8 rtype = EDL_TVL_DNLD_RES_EVT;
506
507 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
508 cmd[1] = seg_size;
509 memcpy(cmd + 2, data, seg_size);
510
511 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
512 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
513 cmd);
514
515 /* Unlike other SoC's sending version command response as payload to
516 * VSE event. WCN3991 sends version command response as a payload to
517 * command complete event.
518 */
519 if (soc_type >= QCA_WCN3991) {
520 event_type = 0;
521 rlen = sizeof(*edl);
522 rtype = EDL_PATCH_TLV_REQ_CMD;
523 }
524
525 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
526 event_type, HCI_INIT_TIMEOUT);
527 if (IS_ERR(skb)) {
528 err = PTR_ERR(skb);
529 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
530 return err;
531 }
532
533 if (skb->len != rlen) {
534 bt_dev_err(hdev, "QCA TLV response size mismatch");
535 err = -EILSEQ;
536 goto out;
537 }
538
539 edl = (struct edl_event_hdr *)(skb->data);
540 if (!edl) {
541 bt_dev_err(hdev, "TLV with no header");
542 err = -EILSEQ;
543 goto out;
544 }
545
546 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
547 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
548 edl->cresp, edl->rtype);
549 err = -EIO;
550 }
551
552 if (soc_type >= QCA_WCN3991)
553 goto out;
554
555 tlv_resp = (struct tlv_seg_resp *)(edl->data);
556 if (tlv_resp->result) {
557 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
558 edl->cresp, edl->rtype, tlv_resp->result);
559 }
560
561 out:
562 kfree_skb(skb);
563
564 return err;
565 }
566
qca_inject_cmd_complete_event(struct hci_dev * hdev)567 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
568 {
569 struct hci_event_hdr *hdr;
570 struct hci_ev_cmd_complete *evt;
571 struct sk_buff *skb;
572
573 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
574 if (!skb)
575 return -ENOMEM;
576
577 hdr = skb_put(skb, sizeof(*hdr));
578 hdr->evt = HCI_EV_CMD_COMPLETE;
579 hdr->plen = sizeof(*evt) + 1;
580
581 evt = skb_put(skb, sizeof(*evt));
582 evt->ncmd = 1;
583 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
584
585 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
586
587 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
588
589 return hci_recv_frame(hdev, skb);
590 }
591
qca_download_firmware(struct hci_dev * hdev,struct qca_fw_config * config,enum qca_btsoc_type soc_type,u8 rom_ver)592 static int qca_download_firmware(struct hci_dev *hdev,
593 struct qca_fw_config *config,
594 enum qca_btsoc_type soc_type,
595 u8 rom_ver)
596 {
597 const struct firmware *fw;
598 u8 *data;
599 const u8 *segment;
600 int ret, size, remain, i = 0;
601
602 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
603
604 ret = request_firmware(&fw, config->fwname, &hdev->dev);
605 if (ret) {
606 /* For WCN6750, if mbn file is not present then check for
607 * tlv file.
608 */
609 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
610 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
611 config->fwname, ret);
612 config->type = TLV_TYPE_PATCH;
613 snprintf(config->fwname, sizeof(config->fwname),
614 "qca/msbtfw%02x.tlv", rom_ver);
615 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
616 ret = request_firmware(&fw, config->fwname, &hdev->dev);
617 if (ret) {
618 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
619 config->fwname, ret);
620 return ret;
621 }
622 }
623 /* If the board-specific file is missing, try loading the default
624 * one, unless that was attempted already.
625 */
626 else if (config->type == TLV_TYPE_NVM &&
627 qca_get_alt_nvm_file(config->fwname, sizeof(config->fwname))) {
628 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
629 ret = request_firmware(&fw, config->fwname, &hdev->dev);
630 if (ret) {
631 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
632 config->fwname, ret);
633 return ret;
634 }
635 } else {
636 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
637 config->fwname, ret);
638 return ret;
639 }
640 }
641
642 size = fw->size;
643 data = vmalloc(fw->size);
644 if (!data) {
645 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
646 config->fwname);
647 release_firmware(fw);
648 return -ENOMEM;
649 }
650
651 memcpy(data, fw->data, size);
652 release_firmware(fw);
653
654 ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
655 if (ret)
656 goto out;
657
658 segment = data;
659 remain = size;
660 while (remain > 0) {
661 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
662
663 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
664
665 remain -= segsize;
666 /* The last segment is always acked regardless download mode */
667 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
668 config->dnld_mode = QCA_SKIP_EVT_NONE;
669
670 ret = qca_tlv_send_segment(hdev, segsize, segment,
671 config->dnld_mode, soc_type);
672 if (ret)
673 goto out;
674
675 segment += segsize;
676 }
677
678 /* Latest qualcomm chipsets are not sending a command complete event
679 * for every fw packet sent. They only respond with a vendor specific
680 * event for the last packet. This optimization in the chip will
681 * decrease the BT in initialization time. Here we will inject a command
682 * complete event to avoid a command timeout error message.
683 */
684 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
685 config->dnld_type == QCA_SKIP_EVT_VSE)
686 ret = qca_inject_cmd_complete_event(hdev);
687
688 out:
689 vfree(data);
690
691 return ret;
692 }
693
qca_disable_soc_logging(struct hci_dev * hdev)694 static int qca_disable_soc_logging(struct hci_dev *hdev)
695 {
696 struct sk_buff *skb;
697 u8 cmd[2];
698 int err;
699
700 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
701 cmd[1] = 0x00;
702 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
703 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
704 if (IS_ERR(skb)) {
705 err = PTR_ERR(skb);
706 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
707 return err;
708 }
709
710 kfree_skb(skb);
711
712 return 0;
713 }
714
qca_set_bdaddr_rome(struct hci_dev * hdev,const bdaddr_t * bdaddr)715 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
716 {
717 struct sk_buff *skb;
718 u8 cmd[9];
719 int err;
720
721 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
722 cmd[1] = 0x02; /* TAG ID */
723 cmd[2] = sizeof(bdaddr_t); /* size */
724 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
725 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
726 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
727 if (IS_ERR(skb)) {
728 err = PTR_ERR(skb);
729 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
730 return err;
731 }
732
733 kfree_skb(skb);
734
735 return 0;
736 }
737 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
738
qca_check_bdaddr(struct hci_dev * hdev,const struct qca_fw_config * config)739 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config)
740 {
741 struct hci_rp_read_bd_addr *bda;
742 struct sk_buff *skb;
743 int err;
744
745 if (bacmp(&hdev->public_addr, BDADDR_ANY))
746 return 0;
747
748 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
749 HCI_INIT_TIMEOUT);
750 if (IS_ERR(skb)) {
751 err = PTR_ERR(skb);
752 bt_dev_err(hdev, "Failed to read device address (%d)", err);
753 return err;
754 }
755
756 if (skb->len != sizeof(*bda)) {
757 bt_dev_err(hdev, "Device address length mismatch");
758 kfree_skb(skb);
759 return -EIO;
760 }
761
762 bda = (struct hci_rp_read_bd_addr *)skb->data;
763 if (!bacmp(&bda->bdaddr, &config->bdaddr))
764 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
765
766 kfree_skb(skb);
767
768 return 0;
769 }
770
qca_get_nvm_name_by_board(char * fwname,size_t max_size,const char * stem,enum qca_btsoc_type soc_type,struct qca_btsoc_version ver,u8 rom_ver,u16 bid)771 static void qca_get_nvm_name_by_board(char *fwname, size_t max_size,
772 const char *stem, enum qca_btsoc_type soc_type,
773 struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
774 {
775 const char *variant;
776 const char *prefix;
777
778 /* Set the default value to variant and prefix */
779 variant = "";
780 prefix = "b";
781
782 if (soc_type == QCA_QCA2066)
783 prefix = "";
784
785 if (soc_type == QCA_WCN6855 || soc_type == QCA_QCA2066) {
786 /* If the chip is manufactured by GlobalFoundries */
787 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID)
788 variant = "g";
789 }
790
791 if (rom_ver != 0) {
792 if (bid == 0x0 || bid == 0xffff)
793 snprintf(fwname, max_size, "qca/%s%02x%s.bin", stem, rom_ver, variant);
794 else
795 snprintf(fwname, max_size, "qca/%s%02x%s.%s%02x", stem, rom_ver,
796 variant, prefix, bid);
797 } else {
798 if (bid == 0x0 || bid == 0xffff)
799 snprintf(fwname, max_size, "qca/%s%s.bin", stem, variant);
800 else
801 snprintf(fwname, max_size, "qca/%s%s.%s%02x", stem, variant, prefix, bid);
802 }
803 }
804
qca_uart_setup(struct hci_dev * hdev,uint8_t baudrate,enum qca_btsoc_type soc_type,struct qca_btsoc_version ver,const char * firmware_name)805 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
806 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
807 const char *firmware_name)
808 {
809 struct qca_fw_config config = {};
810 int err;
811 u8 rom_ver = 0;
812 u32 soc_ver;
813 u16 boardid = 0;
814
815 bt_dev_dbg(hdev, "QCA setup on UART");
816
817 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
818
819 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
820
821 config.user_baud_rate = baudrate;
822
823 /* Firmware files to download are based on ROM version.
824 * ROM version is derived from last two bytes of soc_ver.
825 */
826 if (soc_type == QCA_WCN3988)
827 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
828 else
829 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
830
831 if (soc_type == QCA_WCN6750)
832 qca_send_patch_config_cmd(hdev);
833
834 /* Download rampatch file */
835 config.type = TLV_TYPE_PATCH;
836 switch (soc_type) {
837 case QCA_WCN3990:
838 case QCA_WCN3991:
839 case QCA_WCN3998:
840 snprintf(config.fwname, sizeof(config.fwname),
841 "qca/crbtfw%02x.tlv", rom_ver);
842 break;
843 case QCA_WCN3988:
844 snprintf(config.fwname, sizeof(config.fwname),
845 "qca/apbtfw%02x.tlv", rom_ver);
846 break;
847 case QCA_QCA2066:
848 snprintf(config.fwname, sizeof(config.fwname),
849 "qca/hpbtfw%02x.tlv", rom_ver);
850 break;
851 case QCA_QCA6390:
852 snprintf(config.fwname, sizeof(config.fwname),
853 "qca/htbtfw%02x.tlv", rom_ver);
854 break;
855 case QCA_WCN6750:
856 /* Choose mbn file by default.If mbn file is not found
857 * then choose tlv file
858 */
859 config.type = ELF_TYPE_PATCH;
860 snprintf(config.fwname, sizeof(config.fwname),
861 "qca/msbtfw%02x.mbn", rom_ver);
862 break;
863 case QCA_WCN6855:
864 snprintf(config.fwname, sizeof(config.fwname),
865 "qca/hpbtfw%02x.tlv", rom_ver);
866 break;
867 case QCA_WCN7850:
868 snprintf(config.fwname, sizeof(config.fwname),
869 "qca/hmtbtfw%02x.tlv", rom_ver);
870 break;
871 default:
872 snprintf(config.fwname, sizeof(config.fwname),
873 "qca/rampatch_%08x.bin", soc_ver);
874 }
875
876 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
877 if (err < 0) {
878 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
879 return err;
880 }
881
882 /* Give the controller some time to get ready to receive the NVM */
883 msleep(10);
884
885 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850)
886 qca_read_fw_board_id(hdev, &boardid);
887
888 /* Download NVM configuration */
889 config.type = TLV_TYPE_NVM;
890 if (firmware_name) {
891 /* The firmware name has an extension, use it directly */
892 if (qca_filename_has_extension(firmware_name)) {
893 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", firmware_name);
894 } else {
895 qca_read_fw_board_id(hdev, &boardid);
896 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
897 firmware_name, soc_type, ver, 0, boardid);
898 }
899 } else {
900 switch (soc_type) {
901 case QCA_WCN3990:
902 case QCA_WCN3991:
903 case QCA_WCN3998:
904 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
905 snprintf(config.fwname, sizeof(config.fwname),
906 "qca/crnv%02xu.bin", rom_ver);
907 } else {
908 snprintf(config.fwname, sizeof(config.fwname),
909 "qca/crnv%02x.bin", rom_ver);
910 }
911 break;
912 case QCA_WCN3988:
913 snprintf(config.fwname, sizeof(config.fwname),
914 "qca/apnv%02x.bin", rom_ver);
915 break;
916 case QCA_QCA2066:
917 qca_get_nvm_name_by_board(config.fwname,
918 sizeof(config.fwname), "hpnv", soc_type, ver,
919 rom_ver, boardid);
920 break;
921 case QCA_QCA6390:
922 snprintf(config.fwname, sizeof(config.fwname),
923 "qca/htnv%02x.bin", rom_ver);
924 break;
925 case QCA_WCN6750:
926 snprintf(config.fwname, sizeof(config.fwname),
927 "qca/msnv%02x.bin", rom_ver);
928 break;
929 case QCA_WCN6855:
930 qca_read_fw_board_id(hdev, &boardid);
931 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
932 "hpnv", soc_type, ver, rom_ver, boardid);
933 break;
934 case QCA_WCN7850:
935 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname),
936 "hmtnv", soc_type, ver, rom_ver, boardid);
937 break;
938 default:
939 snprintf(config.fwname, sizeof(config.fwname),
940 "qca/nvm_%08x.bin", soc_ver);
941 }
942 }
943
944 err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
945 if (err < 0) {
946 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
947 return err;
948 }
949
950 switch (soc_type) {
951 case QCA_WCN3991:
952 case QCA_QCA2066:
953 case QCA_QCA6390:
954 case QCA_WCN6750:
955 case QCA_WCN6855:
956 case QCA_WCN7850:
957 err = qca_disable_soc_logging(hdev);
958 if (err < 0)
959 return err;
960 break;
961 default:
962 break;
963 }
964
965 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
966 * VsMsftOpCode.
967 */
968 switch (soc_type) {
969 case QCA_WCN3988:
970 case QCA_WCN3990:
971 case QCA_WCN3991:
972 case QCA_WCN3998:
973 case QCA_WCN6750:
974 hci_set_msft_opcode(hdev, 0xFD70);
975 break;
976 default:
977 break;
978 }
979
980 /* Perform HCI reset */
981 err = qca_send_reset(hdev);
982 if (err < 0) {
983 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
984 return err;
985 }
986
987 switch (soc_type) {
988 case QCA_WCN3991:
989 case QCA_WCN6750:
990 case QCA_WCN6855:
991 case QCA_WCN7850:
992 /* get fw build info */
993 err = qca_read_fw_build_info(hdev);
994 if (err < 0)
995 return err;
996 break;
997 default:
998 break;
999 }
1000
1001 err = qca_check_bdaddr(hdev, &config);
1002 if (err)
1003 return err;
1004
1005 bt_dev_info(hdev, "QCA setup on UART is completed");
1006
1007 return 0;
1008 }
1009 EXPORT_SYMBOL_GPL(qca_uart_setup);
1010
qca_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)1011 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1012 {
1013 bdaddr_t bdaddr_swapped;
1014 struct sk_buff *skb;
1015 int err;
1016
1017 baswap(&bdaddr_swapped, bdaddr);
1018
1019 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6,
1020 &bdaddr_swapped, HCI_EV_VENDOR,
1021 HCI_INIT_TIMEOUT);
1022 if (IS_ERR(skb)) {
1023 err = PTR_ERR(skb);
1024 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
1025 return err;
1026 }
1027
1028 kfree_skb(skb);
1029
1030 return 0;
1031 }
1032 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
1033
1034
1035 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
1036 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
1037 MODULE_VERSION(VERSION);
1038 MODULE_LICENSE("GPL");
1039