1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 10 #include <net/bluetooth/bluetooth.h> 11 #include <net/bluetooth/hci_core.h> 12 13 #include "btqca.h" 14 15 #define VERSION "0.1" 16 17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version, 18 enum qca_btsoc_type soc_type) 19 { 20 struct sk_buff *skb; 21 struct edl_event_hdr *edl; 22 struct qca_btsoc_version *ver; 23 char cmd; 24 int err = 0; 25 u8 event_type = HCI_EV_VENDOR; 26 u8 rlen = sizeof(*edl) + sizeof(*ver); 27 u8 rtype = EDL_APP_VER_RES_EVT; 28 29 bt_dev_dbg(hdev, "QCA Version Request"); 30 31 /* Unlike other SoC's sending version command response as payload to 32 * VSE event. WCN3991 sends version command response as a payload to 33 * command complete event. 34 */ 35 if (soc_type >= QCA_WCN3991) { 36 event_type = 0; 37 rlen += 1; 38 rtype = EDL_PATCH_VER_REQ_CMD; 39 } 40 41 cmd = EDL_PATCH_VER_REQ_CMD; 42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 43 &cmd, event_type, HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 err = PTR_ERR(skb); 46 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 47 err); 48 return err; 49 } 50 51 if (skb->len != rlen) { 52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 53 err = -EILSEQ; 54 goto out; 55 } 56 57 edl = (struct edl_event_hdr *)(skb->data); 58 if (!edl) { 59 bt_dev_err(hdev, "QCA TLV with no header"); 60 err = -EILSEQ; 61 goto out; 62 } 63 64 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 65 edl->rtype != rtype) { 66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 67 edl->rtype); 68 err = -EIO; 69 goto out; 70 } 71 72 if (soc_type >= QCA_WCN3991) 73 memmove(&edl->data, &edl->data[1], sizeof(*ver)); 74 75 ver = (struct qca_btsoc_version *)(edl->data); 76 77 bt_dev_info(hdev, "QCA Product ID :0x%08x", 78 le32_to_cpu(ver->product_id)); 79 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 80 le32_to_cpu(ver->soc_id)); 81 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 82 le16_to_cpu(ver->rom_ver)); 83 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 84 le16_to_cpu(ver->patch_ver)); 85 86 /* QCA chipset version can be decided by patch and SoC 87 * version, combination with upper 2 bytes from SoC 88 * and lower 2 bytes from patch will be used. 89 */ 90 *soc_version = (le32_to_cpu(ver->soc_id) << 16) | 91 (le16_to_cpu(ver->rom_ver) & 0x0000ffff); 92 if (*soc_version == 0) 93 err = -EILSEQ; 94 95 out: 96 kfree_skb(skb); 97 if (err) 98 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 99 100 return err; 101 } 102 EXPORT_SYMBOL_GPL(qca_read_soc_version); 103 104 static int qca_send_reset(struct hci_dev *hdev) 105 { 106 struct sk_buff *skb; 107 int err; 108 109 bt_dev_dbg(hdev, "QCA HCI_RESET"); 110 111 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 112 if (IS_ERR(skb)) { 113 err = PTR_ERR(skb); 114 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 115 return err; 116 } 117 118 kfree_skb(skb); 119 120 return 0; 121 } 122 123 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 124 { 125 struct sk_buff *skb; 126 int err; 127 128 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 129 130 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 131 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 132 133 if (IS_ERR(skb)) { 134 err = PTR_ERR(skb); 135 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 136 return err; 137 } 138 139 kfree_skb(skb); 140 141 return 0; 142 } 143 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 144 145 static void qca_tlv_check_data(struct qca_fw_config *config, 146 const struct firmware *fw, enum qca_btsoc_type soc_type) 147 { 148 const u8 *data; 149 u32 type_len; 150 u16 tag_id, tag_len; 151 int idx, length; 152 struct tlv_type_hdr *tlv; 153 struct tlv_type_patch *tlv_patch; 154 struct tlv_type_nvm *tlv_nvm; 155 uint8_t nvm_baud_rate = config->user_baud_rate; 156 157 tlv = (struct tlv_type_hdr *)fw->data; 158 159 type_len = le32_to_cpu(tlv->type_len); 160 length = (type_len >> 8) & 0x00ffffff; 161 162 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 163 BT_DBG("Length\t\t : %d bytes", length); 164 165 config->dnld_mode = QCA_SKIP_EVT_NONE; 166 config->dnld_type = QCA_SKIP_EVT_NONE; 167 168 switch (config->type) { 169 case TLV_TYPE_PATCH: 170 tlv_patch = (struct tlv_type_patch *)tlv->data; 171 172 /* For Rome version 1.1 to 3.1, all segment commands 173 * are acked by a vendor specific event (VSE). 174 * For Rome >= 3.2, the download mode field indicates 175 * if VSE is skipped by the controller. 176 * In case VSE is skipped, only the last segment is acked. 177 */ 178 config->dnld_mode = tlv_patch->download_mode; 179 config->dnld_type = config->dnld_mode; 180 181 BT_DBG("Total Length : %d bytes", 182 le32_to_cpu(tlv_patch->total_size)); 183 BT_DBG("Patch Data Length : %d bytes", 184 le32_to_cpu(tlv_patch->data_length)); 185 BT_DBG("Signing Format Version : 0x%x", 186 tlv_patch->format_version); 187 BT_DBG("Signature Algorithm : 0x%x", 188 tlv_patch->signature); 189 BT_DBG("Download mode : 0x%x", 190 tlv_patch->download_mode); 191 BT_DBG("Reserved : 0x%x", 192 tlv_patch->reserved1); 193 BT_DBG("Product ID : 0x%04x", 194 le16_to_cpu(tlv_patch->product_id)); 195 BT_DBG("Rom Build Version : 0x%04x", 196 le16_to_cpu(tlv_patch->rom_build)); 197 BT_DBG("Patch Version : 0x%04x", 198 le16_to_cpu(tlv_patch->patch_version)); 199 BT_DBG("Reserved : 0x%x", 200 le16_to_cpu(tlv_patch->reserved2)); 201 BT_DBG("Patch Entry Address : 0x%x", 202 le32_to_cpu(tlv_patch->entry)); 203 break; 204 205 case TLV_TYPE_NVM: 206 idx = 0; 207 data = tlv->data; 208 while (idx < length) { 209 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 210 211 tag_id = le16_to_cpu(tlv_nvm->tag_id); 212 tag_len = le16_to_cpu(tlv_nvm->tag_len); 213 214 /* Update NVM tags as needed */ 215 switch (tag_id) { 216 case EDL_TAG_ID_HCI: 217 /* HCI transport layer parameters 218 * enabling software inband sleep 219 * onto controller side. 220 */ 221 tlv_nvm->data[0] |= 0x80; 222 223 /* UART Baud Rate */ 224 if (soc_type >= QCA_WCN3991) 225 tlv_nvm->data[1] = nvm_baud_rate; 226 else 227 tlv_nvm->data[2] = nvm_baud_rate; 228 229 break; 230 231 case EDL_TAG_ID_DEEP_SLEEP: 232 /* Sleep enable mask 233 * enabling deep sleep feature on controller. 234 */ 235 tlv_nvm->data[0] |= 0x01; 236 237 break; 238 } 239 240 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); 241 } 242 break; 243 244 default: 245 BT_ERR("Unknown TLV type %d", config->type); 246 break; 247 } 248 } 249 250 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 251 const u8 *data, enum qca_tlv_dnld_mode mode, 252 enum qca_btsoc_type soc_type) 253 { 254 struct sk_buff *skb; 255 struct edl_event_hdr *edl; 256 struct tlv_seg_resp *tlv_resp; 257 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 258 int err = 0; 259 u8 event_type = HCI_EV_VENDOR; 260 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 261 u8 rtype = EDL_TVL_DNLD_RES_EVT; 262 263 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 264 cmd[1] = seg_size; 265 memcpy(cmd + 2, data, seg_size); 266 267 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 268 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 269 cmd); 270 271 /* Unlike other SoC's sending version command response as payload to 272 * VSE event. WCN3991 sends version command response as a payload to 273 * command complete event. 274 */ 275 if (soc_type >= QCA_WCN3991) { 276 event_type = 0; 277 rlen = sizeof(*edl); 278 rtype = EDL_PATCH_TLV_REQ_CMD; 279 } 280 281 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 282 event_type, HCI_INIT_TIMEOUT); 283 if (IS_ERR(skb)) { 284 err = PTR_ERR(skb); 285 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 286 return err; 287 } 288 289 if (skb->len != rlen) { 290 bt_dev_err(hdev, "QCA TLV response size mismatch"); 291 err = -EILSEQ; 292 goto out; 293 } 294 295 edl = (struct edl_event_hdr *)(skb->data); 296 if (!edl) { 297 bt_dev_err(hdev, "TLV with no header"); 298 err = -EILSEQ; 299 goto out; 300 } 301 302 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 303 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 304 edl->cresp, edl->rtype); 305 err = -EIO; 306 } 307 308 if (soc_type >= QCA_WCN3991) 309 goto out; 310 311 tlv_resp = (struct tlv_seg_resp *)(edl->data); 312 if (tlv_resp->result) { 313 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 314 edl->cresp, edl->rtype, tlv_resp->result); 315 } 316 317 out: 318 kfree_skb(skb); 319 320 return err; 321 } 322 323 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 324 { 325 struct hci_event_hdr *hdr; 326 struct hci_ev_cmd_complete *evt; 327 struct sk_buff *skb; 328 329 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 330 if (!skb) 331 return -ENOMEM; 332 333 hdr = skb_put(skb, sizeof(*hdr)); 334 hdr->evt = HCI_EV_CMD_COMPLETE; 335 hdr->plen = sizeof(*evt) + 1; 336 337 evt = skb_put(skb, sizeof(*evt)); 338 evt->ncmd = 1; 339 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 340 341 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 342 343 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 344 345 return hci_recv_frame(hdev, skb); 346 } 347 348 static int qca_download_firmware(struct hci_dev *hdev, 349 struct qca_fw_config *config, 350 enum qca_btsoc_type soc_type) 351 { 352 const struct firmware *fw; 353 const u8 *segment; 354 int ret, remain, i = 0; 355 356 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 357 358 ret = request_firmware(&fw, config->fwname, &hdev->dev); 359 if (ret) { 360 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 361 config->fwname, ret); 362 return ret; 363 } 364 365 qca_tlv_check_data(config, fw, soc_type); 366 367 segment = fw->data; 368 remain = fw->size; 369 while (remain > 0) { 370 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 371 372 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 373 374 remain -= segsize; 375 /* The last segment is always acked regardless download mode */ 376 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 377 config->dnld_mode = QCA_SKIP_EVT_NONE; 378 379 ret = qca_tlv_send_segment(hdev, segsize, segment, 380 config->dnld_mode, soc_type); 381 if (ret) 382 goto out; 383 384 segment += segsize; 385 } 386 387 /* Latest qualcomm chipsets are not sending a command complete event 388 * for every fw packet sent. They only respond with a vendor specific 389 * event for the last packet. This optimization in the chip will 390 * decrease the BT in initialization time. Here we will inject a command 391 * complete event to avoid a command timeout error message. 392 */ 393 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 394 config->dnld_type == QCA_SKIP_EVT_VSE) 395 ret = qca_inject_cmd_complete_event(hdev); 396 397 out: 398 release_firmware(fw); 399 400 return ret; 401 } 402 403 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 404 { 405 struct sk_buff *skb; 406 u8 cmd[9]; 407 int err; 408 409 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 410 cmd[1] = 0x02; /* TAG ID */ 411 cmd[2] = sizeof(bdaddr_t); /* size */ 412 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 413 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 414 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 415 if (IS_ERR(skb)) { 416 err = PTR_ERR(skb); 417 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 418 return err; 419 } 420 421 kfree_skb(skb); 422 423 return 0; 424 } 425 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 426 427 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 428 enum qca_btsoc_type soc_type, u32 soc_ver, 429 const char *firmware_name) 430 { 431 struct qca_fw_config config; 432 int err; 433 u8 rom_ver = 0; 434 435 bt_dev_dbg(hdev, "QCA setup on UART"); 436 437 config.user_baud_rate = baudrate; 438 439 /* Download rampatch file */ 440 config.type = TLV_TYPE_PATCH; 441 if (qca_is_wcn399x(soc_type)) { 442 /* Firmware files to download are based on ROM version. 443 * ROM version is derived from last two bytes of soc_ver. 444 */ 445 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | 446 (soc_ver & 0x0000000f); 447 snprintf(config.fwname, sizeof(config.fwname), 448 "qca/crbtfw%02x.tlv", rom_ver); 449 } else if (soc_type == QCA_QCA6390) { 450 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | 451 (soc_ver & 0x0000000f); 452 snprintf(config.fwname, sizeof(config.fwname), 453 "qca/htbtfw%02x.tlv", rom_ver); 454 } else { 455 snprintf(config.fwname, sizeof(config.fwname), 456 "qca/rampatch_%08x.bin", soc_ver); 457 } 458 459 err = qca_download_firmware(hdev, &config, soc_type); 460 if (err < 0) { 461 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err); 462 return err; 463 } 464 465 /* Give the controller some time to get ready to receive the NVM */ 466 msleep(10); 467 468 /* Download NVM configuration */ 469 config.type = TLV_TYPE_NVM; 470 if (firmware_name) 471 snprintf(config.fwname, sizeof(config.fwname), 472 "qca/%s", firmware_name); 473 else if (qca_is_wcn399x(soc_type)) 474 snprintf(config.fwname, sizeof(config.fwname), 475 "qca/crnv%02x.bin", rom_ver); 476 else if (soc_type == QCA_QCA6390) 477 snprintf(config.fwname, sizeof(config.fwname), 478 "qca/htnv%02x.bin", rom_ver); 479 else 480 snprintf(config.fwname, sizeof(config.fwname), 481 "qca/nvm_%08x.bin", soc_ver); 482 483 err = qca_download_firmware(hdev, &config, soc_type); 484 if (err < 0) { 485 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 486 return err; 487 } 488 489 /* Perform HCI reset */ 490 err = qca_send_reset(hdev); 491 if (err < 0) { 492 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 493 return err; 494 } 495 496 bt_dev_info(hdev, "QCA setup on UART is completed"); 497 498 return 0; 499 } 500 EXPORT_SYMBOL_GPL(qca_uart_setup); 501 502 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 503 { 504 struct sk_buff *skb; 505 int err; 506 507 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, 508 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 509 if (IS_ERR(skb)) { 510 err = PTR_ERR(skb); 511 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 512 return err; 513 } 514 515 kfree_skb(skb); 516 517 return 0; 518 } 519 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 520 521 522 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 523 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 524 MODULE_VERSION(VERSION); 525 MODULE_LICENSE("GPL"); 526