1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 #include <linux/vmalloc.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btqca.h" 15 16 #define VERSION "0.1" 17 18 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, 19 enum qca_btsoc_type soc_type) 20 { 21 struct sk_buff *skb; 22 struct edl_event_hdr *edl; 23 char cmd; 24 int err = 0; 25 u8 event_type = HCI_EV_VENDOR; 26 u8 rlen = sizeof(*edl) + sizeof(*ver); 27 u8 rtype = EDL_APP_VER_RES_EVT; 28 29 bt_dev_dbg(hdev, "QCA Version Request"); 30 31 /* Unlike other SoC's sending version command response as payload to 32 * VSE event. WCN3991 sends version command response as a payload to 33 * command complete event. 34 */ 35 if (soc_type >= QCA_WCN3991) { 36 event_type = 0; 37 rlen += 1; 38 rtype = EDL_PATCH_VER_REQ_CMD; 39 } 40 41 cmd = EDL_PATCH_VER_REQ_CMD; 42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 43 &cmd, event_type, HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 err = PTR_ERR(skb); 46 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 47 err); 48 return err; 49 } 50 51 if (skb->len != rlen) { 52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 53 err = -EILSEQ; 54 goto out; 55 } 56 57 edl = (struct edl_event_hdr *)(skb->data); 58 if (!edl) { 59 bt_dev_err(hdev, "QCA TLV with no header"); 60 err = -EILSEQ; 61 goto out; 62 } 63 64 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 65 edl->rtype != rtype) { 66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 67 edl->rtype); 68 err = -EIO; 69 goto out; 70 } 71 72 if (soc_type >= QCA_WCN3991) 73 memcpy(ver, edl->data + 1, sizeof(*ver)); 74 else 75 memcpy(ver, &edl->data, sizeof(*ver)); 76 77 bt_dev_info(hdev, "QCA Product ID :0x%08x", 78 le32_to_cpu(ver->product_id)); 79 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 80 le32_to_cpu(ver->soc_id)); 81 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 82 le16_to_cpu(ver->rom_ver)); 83 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 84 le16_to_cpu(ver->patch_ver)); 85 86 if (ver->soc_id == 0 || ver->rom_ver == 0) 87 err = -EILSEQ; 88 89 out: 90 kfree_skb(skb); 91 if (err) 92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 93 94 return err; 95 } 96 EXPORT_SYMBOL_GPL(qca_read_soc_version); 97 98 static int qca_read_fw_build_info(struct hci_dev *hdev) 99 { 100 struct sk_buff *skb; 101 struct edl_event_hdr *edl; 102 char *build_label; 103 char cmd; 104 int build_lbl_len, err = 0; 105 106 bt_dev_dbg(hdev, "QCA read fw build info"); 107 108 cmd = EDL_GET_BUILD_INFO_CMD; 109 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 110 &cmd, 0, HCI_INIT_TIMEOUT); 111 if (IS_ERR(skb)) { 112 err = PTR_ERR(skb); 113 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)", 114 err); 115 return err; 116 } 117 118 if (skb->len < sizeof(*edl)) { 119 err = -EILSEQ; 120 goto out; 121 } 122 123 edl = (struct edl_event_hdr *)(skb->data); 124 if (!edl) { 125 bt_dev_err(hdev, "QCA read fw build info with no header"); 126 err = -EILSEQ; 127 goto out; 128 } 129 130 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 131 edl->rtype != EDL_GET_BUILD_INFO_CMD) { 132 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 133 edl->rtype); 134 err = -EIO; 135 goto out; 136 } 137 138 if (skb->len < sizeof(*edl) + 1) { 139 err = -EILSEQ; 140 goto out; 141 } 142 143 build_lbl_len = edl->data[0]; 144 145 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { 146 err = -EILSEQ; 147 goto out; 148 } 149 150 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); 151 if (!build_label) { 152 err = -ENOMEM; 153 goto out; 154 } 155 156 hci_set_fw_info(hdev, "%s", build_label); 157 158 kfree(build_label); 159 out: 160 kfree_skb(skb); 161 return err; 162 } 163 164 static int qca_send_patch_config_cmd(struct hci_dev *hdev) 165 { 166 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 }; 167 struct sk_buff *skb; 168 struct edl_event_hdr *edl; 169 int err; 170 171 bt_dev_dbg(hdev, "QCA Patch config"); 172 173 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd), 174 cmd, 0, HCI_INIT_TIMEOUT); 175 if (IS_ERR(skb)) { 176 err = PTR_ERR(skb); 177 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err); 178 return err; 179 } 180 181 if (skb->len != 2) { 182 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len); 183 err = -EILSEQ; 184 goto out; 185 } 186 187 edl = (struct edl_event_hdr *)(skb->data); 188 if (!edl) { 189 bt_dev_err(hdev, "QCA Patch config with no header"); 190 err = -EILSEQ; 191 goto out; 192 } 193 194 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) { 195 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 196 edl->rtype); 197 err = -EIO; 198 goto out; 199 } 200 201 err = 0; 202 203 out: 204 kfree_skb(skb); 205 return err; 206 } 207 208 static int qca_send_reset(struct hci_dev *hdev) 209 { 210 struct sk_buff *skb; 211 int err; 212 213 bt_dev_dbg(hdev, "QCA HCI_RESET"); 214 215 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 216 if (IS_ERR(skb)) { 217 err = PTR_ERR(skb); 218 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 219 return err; 220 } 221 222 kfree_skb(skb); 223 224 return 0; 225 } 226 227 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 228 { 229 u8 cmd; 230 struct sk_buff *skb; 231 struct edl_event_hdr *edl; 232 int err = 0; 233 234 cmd = EDL_GET_BID_REQ_CMD; 235 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 236 &cmd, 0, HCI_INIT_TIMEOUT); 237 if (IS_ERR(skb)) { 238 err = PTR_ERR(skb); 239 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 240 return err; 241 } 242 243 edl = skb_pull_data(skb, sizeof(*edl)); 244 if (!edl) { 245 bt_dev_err(hdev, "QCA read board ID with no header"); 246 err = -EILSEQ; 247 goto out; 248 } 249 250 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 251 edl->rtype != EDL_GET_BID_REQ_CMD) { 252 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 253 err = -EIO; 254 goto out; 255 } 256 257 if (skb->len < 3) { 258 err = -EILSEQ; 259 goto out; 260 } 261 262 *bid = (edl->data[1] << 8) + edl->data[2]; 263 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 264 265 out: 266 kfree_skb(skb); 267 return err; 268 } 269 270 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 271 { 272 struct sk_buff *skb; 273 int err; 274 275 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 276 277 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 278 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 279 280 if (IS_ERR(skb)) { 281 err = PTR_ERR(skb); 282 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 283 return err; 284 } 285 286 kfree_skb(skb); 287 288 return 0; 289 } 290 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 291 292 static bool qca_filename_has_extension(const char *filename) 293 { 294 const char *suffix = strrchr(filename, '.'); 295 296 /* File extensions require a dot, but not as the first or last character */ 297 if (!suffix || suffix == filename || *(suffix + 1) == '\0') 298 return 0; 299 300 /* Avoid matching directories with names that look like files with extensions */ 301 return !strchr(suffix, '/'); 302 } 303 304 static bool qca_get_alt_nvm_file(char *filename, size_t max_size) 305 { 306 char fwname[64]; 307 const char *suffix; 308 309 /* nvm file name has an extension, replace with .bin */ 310 if (qca_filename_has_extension(filename)) { 311 suffix = strrchr(filename, '.'); 312 strscpy(fwname, filename, suffix - filename + 1); 313 snprintf(fwname + (suffix - filename), 314 sizeof(fwname) - (suffix - filename), ".bin"); 315 /* If nvm file is already the default one, return false to skip the retry. */ 316 if (strcmp(fwname, filename) == 0) 317 return false; 318 319 snprintf(filename, max_size, "%s", fwname); 320 return true; 321 } 322 return false; 323 } 324 325 static int qca_tlv_check_data(struct hci_dev *hdev, 326 struct qca_fw_config *config, 327 u8 *fw_data, size_t fw_size, 328 enum qca_btsoc_type soc_type) 329 { 330 const u8 *data; 331 u32 type_len; 332 u16 tag_id, tag_len; 333 int idx, length; 334 struct tlv_type_hdr *tlv; 335 struct tlv_type_patch *tlv_patch; 336 struct tlv_type_nvm *tlv_nvm; 337 uint8_t nvm_baud_rate = config->user_baud_rate; 338 u8 type; 339 340 config->dnld_mode = QCA_SKIP_EVT_NONE; 341 config->dnld_type = QCA_SKIP_EVT_NONE; 342 343 switch (config->type) { 344 case ELF_TYPE_PATCH: 345 if (fw_size < 7) 346 return -EINVAL; 347 348 config->dnld_mode = QCA_SKIP_EVT_VSE_CC; 349 config->dnld_type = QCA_SKIP_EVT_VSE_CC; 350 351 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]); 352 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]); 353 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); 354 break; 355 case TLV_TYPE_PATCH: 356 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) 357 return -EINVAL; 358 359 tlv = (struct tlv_type_hdr *)fw_data; 360 type_len = le32_to_cpu(tlv->type_len); 361 tlv_patch = (struct tlv_type_patch *)tlv->data; 362 363 /* For Rome version 1.1 to 3.1, all segment commands 364 * are acked by a vendor specific event (VSE). 365 * For Rome >= 3.2, the download mode field indicates 366 * if VSE is skipped by the controller. 367 * In case VSE is skipped, only the last segment is acked. 368 */ 369 config->dnld_mode = tlv_patch->download_mode; 370 config->dnld_type = config->dnld_mode; 371 372 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 373 BT_DBG("Total Length : %d bytes", 374 le32_to_cpu(tlv_patch->total_size)); 375 BT_DBG("Patch Data Length : %d bytes", 376 le32_to_cpu(tlv_patch->data_length)); 377 BT_DBG("Signing Format Version : 0x%x", 378 tlv_patch->format_version); 379 BT_DBG("Signature Algorithm : 0x%x", 380 tlv_patch->signature); 381 BT_DBG("Download mode : 0x%x", 382 tlv_patch->download_mode); 383 BT_DBG("Reserved : 0x%x", 384 tlv_patch->reserved1); 385 BT_DBG("Product ID : 0x%04x", 386 le16_to_cpu(tlv_patch->product_id)); 387 BT_DBG("Rom Build Version : 0x%04x", 388 le16_to_cpu(tlv_patch->rom_build)); 389 BT_DBG("Patch Version : 0x%04x", 390 le16_to_cpu(tlv_patch->patch_version)); 391 BT_DBG("Reserved : 0x%x", 392 le16_to_cpu(tlv_patch->reserved2)); 393 BT_DBG("Patch Entry Address : 0x%x", 394 le32_to_cpu(tlv_patch->entry)); 395 break; 396 397 case TLV_TYPE_NVM: 398 if (fw_size < sizeof(struct tlv_type_hdr)) 399 return -EINVAL; 400 401 tlv = (struct tlv_type_hdr *)fw_data; 402 403 type_len = le32_to_cpu(tlv->type_len); 404 length = type_len >> 8; 405 type = type_len & 0xff; 406 407 /* Some NVM files have more than one set of tags, only parse 408 * the first set when it has type 2 for now. When there is 409 * more than one set there is an enclosing header of type 4. 410 */ 411 if (type == 4) { 412 if (fw_size < 2 * sizeof(struct tlv_type_hdr)) 413 return -EINVAL; 414 415 tlv++; 416 417 type_len = le32_to_cpu(tlv->type_len); 418 length = type_len >> 8; 419 type = type_len & 0xff; 420 } 421 422 BT_DBG("TLV Type\t\t : 0x%x", type); 423 BT_DBG("Length\t\t : %d bytes", length); 424 425 if (type != 2) 426 break; 427 428 if (fw_size < length + (tlv->data - fw_data)) 429 return -EINVAL; 430 431 idx = 0; 432 data = tlv->data; 433 while (idx < length - sizeof(struct tlv_type_nvm)) { 434 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 435 436 tag_id = le16_to_cpu(tlv_nvm->tag_id); 437 tag_len = le16_to_cpu(tlv_nvm->tag_len); 438 439 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) 440 return -EINVAL; 441 442 /* Update NVM tags as needed */ 443 switch (tag_id) { 444 case EDL_TAG_ID_BD_ADDR: 445 if (tag_len != sizeof(bdaddr_t)) 446 return -EINVAL; 447 448 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); 449 450 break; 451 452 case EDL_TAG_ID_HCI: 453 if (tag_len < 3) 454 return -EINVAL; 455 456 /* HCI transport layer parameters 457 * enabling software inband sleep 458 * onto controller side. 459 */ 460 tlv_nvm->data[0] |= 0x80; 461 462 /* UART Baud Rate */ 463 if (soc_type >= QCA_WCN3991) 464 tlv_nvm->data[1] = nvm_baud_rate; 465 else 466 tlv_nvm->data[2] = nvm_baud_rate; 467 468 break; 469 470 case EDL_TAG_ID_DEEP_SLEEP: 471 if (tag_len < 1) 472 return -EINVAL; 473 474 /* Sleep enable mask 475 * enabling deep sleep feature on controller. 476 */ 477 tlv_nvm->data[0] |= 0x01; 478 479 break; 480 } 481 482 idx += sizeof(struct tlv_type_nvm) + tag_len; 483 } 484 break; 485 486 default: 487 BT_ERR("Unknown TLV type %d", config->type); 488 return -EINVAL; 489 } 490 491 return 0; 492 } 493 494 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 495 const u8 *data, enum qca_tlv_dnld_mode mode, 496 enum qca_btsoc_type soc_type) 497 { 498 struct sk_buff *skb; 499 struct edl_event_hdr *edl; 500 struct tlv_seg_resp *tlv_resp; 501 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 502 int err = 0; 503 u8 event_type = HCI_EV_VENDOR; 504 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 505 u8 rtype = EDL_TVL_DNLD_RES_EVT; 506 507 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 508 cmd[1] = seg_size; 509 memcpy(cmd + 2, data, seg_size); 510 511 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 512 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 513 cmd); 514 515 /* Unlike other SoC's sending version command response as payload to 516 * VSE event. WCN3991 sends version command response as a payload to 517 * command complete event. 518 */ 519 if (soc_type >= QCA_WCN3991) { 520 event_type = 0; 521 rlen = sizeof(*edl); 522 rtype = EDL_PATCH_TLV_REQ_CMD; 523 } 524 525 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 526 event_type, HCI_INIT_TIMEOUT); 527 if (IS_ERR(skb)) { 528 err = PTR_ERR(skb); 529 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 530 return err; 531 } 532 533 if (skb->len != rlen) { 534 bt_dev_err(hdev, "QCA TLV response size mismatch"); 535 err = -EILSEQ; 536 goto out; 537 } 538 539 edl = (struct edl_event_hdr *)(skb->data); 540 if (!edl) { 541 bt_dev_err(hdev, "TLV with no header"); 542 err = -EILSEQ; 543 goto out; 544 } 545 546 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 547 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 548 edl->cresp, edl->rtype); 549 err = -EIO; 550 } 551 552 if (soc_type >= QCA_WCN3991) 553 goto out; 554 555 tlv_resp = (struct tlv_seg_resp *)(edl->data); 556 if (tlv_resp->result) { 557 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 558 edl->cresp, edl->rtype, tlv_resp->result); 559 } 560 561 out: 562 kfree_skb(skb); 563 564 return err; 565 } 566 567 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 568 { 569 struct hci_event_hdr *hdr; 570 struct hci_ev_cmd_complete *evt; 571 struct sk_buff *skb; 572 573 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 574 if (!skb) 575 return -ENOMEM; 576 577 hdr = skb_put(skb, sizeof(*hdr)); 578 hdr->evt = HCI_EV_CMD_COMPLETE; 579 hdr->plen = sizeof(*evt) + 1; 580 581 evt = skb_put(skb, sizeof(*evt)); 582 evt->ncmd = 1; 583 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 584 585 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 586 587 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 588 589 return hci_recv_frame(hdev, skb); 590 } 591 592 static int qca_download_firmware(struct hci_dev *hdev, 593 struct qca_fw_config *config, 594 enum qca_btsoc_type soc_type, 595 u8 rom_ver) 596 { 597 const struct firmware *fw; 598 u8 *data; 599 const u8 *segment; 600 int ret, size, remain, i = 0; 601 602 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 603 604 ret = request_firmware(&fw, config->fwname, &hdev->dev); 605 if (ret) { 606 /* For WCN6750, if mbn file is not present then check for 607 * tlv file. 608 */ 609 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) { 610 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)", 611 config->fwname, ret); 612 config->type = TLV_TYPE_PATCH; 613 snprintf(config->fwname, sizeof(config->fwname), 614 "qca/msbtfw%02x.tlv", rom_ver); 615 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 616 ret = request_firmware(&fw, config->fwname, &hdev->dev); 617 if (ret) { 618 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 619 config->fwname, ret); 620 return ret; 621 } 622 } 623 /* If the board-specific file is missing, try loading the default 624 * one, unless that was attempted already. 625 */ 626 else if (config->type == TLV_TYPE_NVM && 627 qca_get_alt_nvm_file(config->fwname, sizeof(config->fwname))) { 628 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 629 ret = request_firmware(&fw, config->fwname, &hdev->dev); 630 if (ret) { 631 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 632 config->fwname, ret); 633 return ret; 634 } 635 } else { 636 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 637 config->fwname, ret); 638 return ret; 639 } 640 } 641 642 size = fw->size; 643 data = vmalloc(fw->size); 644 if (!data) { 645 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s", 646 config->fwname); 647 release_firmware(fw); 648 return -ENOMEM; 649 } 650 651 memcpy(data, fw->data, size); 652 release_firmware(fw); 653 654 ret = qca_tlv_check_data(hdev, config, data, size, soc_type); 655 if (ret) 656 goto out; 657 658 segment = data; 659 remain = size; 660 while (remain > 0) { 661 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 662 663 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 664 665 remain -= segsize; 666 /* The last segment is always acked regardless download mode */ 667 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 668 config->dnld_mode = QCA_SKIP_EVT_NONE; 669 670 ret = qca_tlv_send_segment(hdev, segsize, segment, 671 config->dnld_mode, soc_type); 672 if (ret) 673 goto out; 674 675 segment += segsize; 676 } 677 678 /* Latest qualcomm chipsets are not sending a command complete event 679 * for every fw packet sent. They only respond with a vendor specific 680 * event for the last packet. This optimization in the chip will 681 * decrease the BT in initialization time. Here we will inject a command 682 * complete event to avoid a command timeout error message. 683 */ 684 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 685 config->dnld_type == QCA_SKIP_EVT_VSE) 686 ret = qca_inject_cmd_complete_event(hdev); 687 688 out: 689 vfree(data); 690 691 return ret; 692 } 693 694 static int qca_disable_soc_logging(struct hci_dev *hdev) 695 { 696 struct sk_buff *skb; 697 u8 cmd[2]; 698 int err; 699 700 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 701 cmd[1] = 0x00; 702 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 703 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 704 if (IS_ERR(skb)) { 705 err = PTR_ERR(skb); 706 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 707 return err; 708 } 709 710 kfree_skb(skb); 711 712 return 0; 713 } 714 715 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 716 { 717 struct sk_buff *skb; 718 u8 cmd[9]; 719 int err; 720 721 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 722 cmd[1] = 0x02; /* TAG ID */ 723 cmd[2] = sizeof(bdaddr_t); /* size */ 724 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 725 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 726 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 727 if (IS_ERR(skb)) { 728 err = PTR_ERR(skb); 729 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 730 return err; 731 } 732 733 kfree_skb(skb); 734 735 return 0; 736 } 737 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 738 739 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) 740 { 741 struct hci_rp_read_bd_addr *bda; 742 struct sk_buff *skb; 743 int err; 744 745 if (bacmp(&hdev->public_addr, BDADDR_ANY)) 746 return 0; 747 748 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 749 HCI_INIT_TIMEOUT); 750 if (IS_ERR(skb)) { 751 err = PTR_ERR(skb); 752 bt_dev_err(hdev, "Failed to read device address (%d)", err); 753 return err; 754 } 755 756 if (skb->len != sizeof(*bda)) { 757 bt_dev_err(hdev, "Device address length mismatch"); 758 kfree_skb(skb); 759 return -EIO; 760 } 761 762 bda = (struct hci_rp_read_bd_addr *)skb->data; 763 if (!bacmp(&bda->bdaddr, &config->bdaddr)) 764 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); 765 766 kfree_skb(skb); 767 768 return 0; 769 } 770 771 static void qca_get_nvm_name_by_board(char *fwname, size_t max_size, 772 const char *stem, enum qca_btsoc_type soc_type, 773 struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 774 { 775 const char *variant; 776 const char *prefix; 777 778 /* Set the default value to variant and prefix */ 779 variant = ""; 780 prefix = "b"; 781 782 if (soc_type == QCA_QCA2066) 783 prefix = ""; 784 785 if (soc_type == QCA_WCN6855 || soc_type == QCA_QCA2066) { 786 /* If the chip is manufactured by GlobalFoundries */ 787 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 788 variant = "g"; 789 } 790 791 if (rom_ver != 0) { 792 if (bid == 0x0 || bid == 0xffff) 793 snprintf(fwname, max_size, "qca/%s%02x%s.bin", stem, rom_ver, variant); 794 else 795 snprintf(fwname, max_size, "qca/%s%02x%s.%s%02x", stem, rom_ver, 796 variant, prefix, bid); 797 } else { 798 if (bid == 0x0 || bid == 0xffff) 799 snprintf(fwname, max_size, "qca/%s%s.bin", stem, variant); 800 else 801 snprintf(fwname, max_size, "qca/%s%s.%s%02x", stem, variant, prefix, bid); 802 } 803 } 804 805 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 806 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 807 const char *firmware_name) 808 { 809 struct qca_fw_config config = {}; 810 int err; 811 u8 rom_ver = 0; 812 u32 soc_ver; 813 u16 boardid = 0; 814 815 bt_dev_dbg(hdev, "QCA setup on UART"); 816 817 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver); 818 819 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver); 820 821 config.user_baud_rate = baudrate; 822 823 /* Firmware files to download are based on ROM version. 824 * ROM version is derived from last two bytes of soc_ver. 825 */ 826 if (soc_type == QCA_WCN3988) 827 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f); 828 else 829 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f); 830 831 if (soc_type == QCA_WCN6750) 832 qca_send_patch_config_cmd(hdev); 833 834 /* Download rampatch file */ 835 config.type = TLV_TYPE_PATCH; 836 switch (soc_type) { 837 case QCA_WCN3990: 838 case QCA_WCN3991: 839 case QCA_WCN3998: 840 snprintf(config.fwname, sizeof(config.fwname), 841 "qca/crbtfw%02x.tlv", rom_ver); 842 break; 843 case QCA_WCN3988: 844 snprintf(config.fwname, sizeof(config.fwname), 845 "qca/apbtfw%02x.tlv", rom_ver); 846 break; 847 case QCA_QCA2066: 848 snprintf(config.fwname, sizeof(config.fwname), 849 "qca/hpbtfw%02x.tlv", rom_ver); 850 break; 851 case QCA_QCA6390: 852 snprintf(config.fwname, sizeof(config.fwname), 853 "qca/htbtfw%02x.tlv", rom_ver); 854 break; 855 case QCA_WCN6750: 856 /* Choose mbn file by default.If mbn file is not found 857 * then choose tlv file 858 */ 859 config.type = ELF_TYPE_PATCH; 860 snprintf(config.fwname, sizeof(config.fwname), 861 "qca/msbtfw%02x.mbn", rom_ver); 862 break; 863 case QCA_WCN6855: 864 snprintf(config.fwname, sizeof(config.fwname), 865 "qca/hpbtfw%02x.tlv", rom_ver); 866 break; 867 case QCA_WCN7850: 868 snprintf(config.fwname, sizeof(config.fwname), 869 "qca/hmtbtfw%02x.tlv", rom_ver); 870 break; 871 default: 872 snprintf(config.fwname, sizeof(config.fwname), 873 "qca/rampatch_%08x.bin", soc_ver); 874 } 875 876 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 877 if (err < 0) { 878 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err); 879 return err; 880 } 881 882 /* Give the controller some time to get ready to receive the NVM */ 883 msleep(10); 884 885 if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850) 886 qca_read_fw_board_id(hdev, &boardid); 887 888 /* Download NVM configuration */ 889 config.type = TLV_TYPE_NVM; 890 if (firmware_name) { 891 /* The firmware name has an extension, use it directly */ 892 if (qca_filename_has_extension(firmware_name)) { 893 snprintf(config.fwname, sizeof(config.fwname), "qca/%s", firmware_name); 894 } else { 895 qca_read_fw_board_id(hdev, &boardid); 896 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 897 firmware_name, soc_type, ver, 0, boardid); 898 } 899 } else { 900 switch (soc_type) { 901 case QCA_WCN3990: 902 case QCA_WCN3991: 903 case QCA_WCN3998: 904 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) { 905 snprintf(config.fwname, sizeof(config.fwname), 906 "qca/crnv%02xu.bin", rom_ver); 907 } else { 908 snprintf(config.fwname, sizeof(config.fwname), 909 "qca/crnv%02x.bin", rom_ver); 910 } 911 break; 912 case QCA_WCN3988: 913 snprintf(config.fwname, sizeof(config.fwname), 914 "qca/apnv%02x.bin", rom_ver); 915 break; 916 case QCA_QCA2066: 917 qca_get_nvm_name_by_board(config.fwname, 918 sizeof(config.fwname), "hpnv", soc_type, ver, 919 rom_ver, boardid); 920 break; 921 case QCA_QCA6390: 922 snprintf(config.fwname, sizeof(config.fwname), 923 "qca/htnv%02x.bin", rom_ver); 924 break; 925 case QCA_WCN6750: 926 snprintf(config.fwname, sizeof(config.fwname), 927 "qca/msnv%02x.bin", rom_ver); 928 break; 929 case QCA_WCN6855: 930 qca_read_fw_board_id(hdev, &boardid); 931 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 932 "hpnv", soc_type, ver, rom_ver, boardid); 933 break; 934 case QCA_WCN7850: 935 qca_get_nvm_name_by_board(config.fwname, sizeof(config.fwname), 936 "hmtnv", soc_type, ver, rom_ver, boardid); 937 break; 938 default: 939 snprintf(config.fwname, sizeof(config.fwname), 940 "qca/nvm_%08x.bin", soc_ver); 941 } 942 } 943 944 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 945 if (err < 0) { 946 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 947 return err; 948 } 949 950 switch (soc_type) { 951 case QCA_WCN3991: 952 case QCA_QCA2066: 953 case QCA_QCA6390: 954 case QCA_WCN6750: 955 case QCA_WCN6855: 956 case QCA_WCN7850: 957 err = qca_disable_soc_logging(hdev); 958 if (err < 0) 959 return err; 960 break; 961 default: 962 break; 963 } 964 965 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the 966 * VsMsftOpCode. 967 */ 968 switch (soc_type) { 969 case QCA_WCN3988: 970 case QCA_WCN3990: 971 case QCA_WCN3991: 972 case QCA_WCN3998: 973 case QCA_WCN6750: 974 hci_set_msft_opcode(hdev, 0xFD70); 975 break; 976 default: 977 break; 978 } 979 980 /* Perform HCI reset */ 981 err = qca_send_reset(hdev); 982 if (err < 0) { 983 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 984 return err; 985 } 986 987 switch (soc_type) { 988 case QCA_WCN3991: 989 case QCA_WCN6750: 990 case QCA_WCN6855: 991 case QCA_WCN7850: 992 /* get fw build info */ 993 err = qca_read_fw_build_info(hdev); 994 if (err < 0) 995 return err; 996 break; 997 default: 998 break; 999 } 1000 1001 err = qca_check_bdaddr(hdev, &config); 1002 if (err) 1003 return err; 1004 1005 bt_dev_info(hdev, "QCA setup on UART is completed"); 1006 1007 return 0; 1008 } 1009 EXPORT_SYMBOL_GPL(qca_uart_setup); 1010 1011 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1012 { 1013 bdaddr_t bdaddr_swapped; 1014 struct sk_buff *skb; 1015 int err; 1016 1017 baswap(&bdaddr_swapped, bdaddr); 1018 1019 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, 1020 &bdaddr_swapped, HCI_EV_VENDOR, 1021 HCI_INIT_TIMEOUT); 1022 if (IS_ERR(skb)) { 1023 err = PTR_ERR(skb); 1024 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 1025 return err; 1026 } 1027 1028 kfree_skb(skb); 1029 1030 return 0; 1031 } 1032 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 1033 1034 1035 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 1036 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 1037 MODULE_VERSION(VERSION); 1038 MODULE_LICENSE("GPL"); 1039