xref: /openbmc/linux/drivers/bluetooth/btqca.c (revision 8bf3cbe32b180836720f735e6de5dee700052317)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  Bluetooth supports for Qualcomm Atheros chips
4  *
5  *  Copyright (c) 2015 The Linux Foundation. All rights reserved.
6  */
7 #include <linux/module.h>
8 #include <linux/firmware.h>
9 
10 #include <net/bluetooth/bluetooth.h>
11 #include <net/bluetooth/hci_core.h>
12 
13 #include "btqca.h"
14 
15 #define VERSION "0.1"
16 
17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
18 {
19 	struct sk_buff *skb;
20 	struct edl_event_hdr *edl;
21 	struct rome_version *ver;
22 	char cmd;
23 	int err = 0;
24 
25 	bt_dev_dbg(hdev, "QCA Version Request");
26 
27 	cmd = EDL_PATCH_VER_REQ_CMD;
28 	skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
29 				&cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
30 	if (IS_ERR(skb)) {
31 		err = PTR_ERR(skb);
32 		bt_dev_err(hdev, "Reading QCA version information failed (%d)",
33 			   err);
34 		return err;
35 	}
36 
37 	if (skb->len != sizeof(*edl) + sizeof(*ver)) {
38 		bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
39 		err = -EILSEQ;
40 		goto out;
41 	}
42 
43 	edl = (struct edl_event_hdr *)(skb->data);
44 	if (!edl) {
45 		bt_dev_err(hdev, "QCA TLV with no header");
46 		err = -EILSEQ;
47 		goto out;
48 	}
49 
50 	if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
51 	    edl->rtype != EDL_APP_VER_RES_EVT) {
52 		bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
53 			   edl->rtype);
54 		err = -EIO;
55 		goto out;
56 	}
57 
58 	ver = (struct rome_version *)(edl->data);
59 
60 	BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
61 	BT_DBG("%s: Patch  :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
62 	BT_DBG("%s: ROM    :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
63 	BT_DBG("%s: SOC    :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
64 
65 	/* QCA chipset version can be decided by patch and SoC
66 	 * version, combination with upper 2 bytes from SoC
67 	 * and lower 2 bytes from patch will be used.
68 	 */
69 	*soc_version = (le32_to_cpu(ver->soc_id) << 16) |
70 			(le16_to_cpu(ver->rome_ver) & 0x0000ffff);
71 	if (*soc_version == 0)
72 		err = -EILSEQ;
73 
74 out:
75 	kfree_skb(skb);
76 	if (err)
77 		bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
78 
79 	return err;
80 }
81 EXPORT_SYMBOL_GPL(qca_read_soc_version);
82 
83 static int qca_send_reset(struct hci_dev *hdev)
84 {
85 	struct sk_buff *skb;
86 	int err;
87 
88 	bt_dev_dbg(hdev, "QCA HCI_RESET");
89 
90 	skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
91 	if (IS_ERR(skb)) {
92 		err = PTR_ERR(skb);
93 		bt_dev_err(hdev, "QCA Reset failed (%d)", err);
94 		return err;
95 	}
96 
97 	kfree_skb(skb);
98 
99 	return 0;
100 }
101 
102 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
103 {
104 	struct sk_buff *skb;
105 	int err;
106 
107 	bt_dev_dbg(hdev, "QCA pre shutdown cmd");
108 
109 	skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
110 				NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
111 
112 	if (IS_ERR(skb)) {
113 		err = PTR_ERR(skb);
114 		bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
115 		return err;
116 	}
117 
118 	kfree_skb(skb);
119 
120 	return 0;
121 }
122 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
123 
124 static void qca_tlv_check_data(struct rome_config *config,
125 				const struct firmware *fw)
126 {
127 	const u8 *data;
128 	u32 type_len;
129 	u16 tag_id, tag_len;
130 	int idx, length;
131 	struct tlv_type_hdr *tlv;
132 	struct tlv_type_patch *tlv_patch;
133 	struct tlv_type_nvm *tlv_nvm;
134 
135 	tlv = (struct tlv_type_hdr *)fw->data;
136 
137 	type_len = le32_to_cpu(tlv->type_len);
138 	length = (type_len >> 8) & 0x00ffffff;
139 
140 	BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
141 	BT_DBG("Length\t\t : %d bytes", length);
142 
143 	config->dnld_mode = ROME_SKIP_EVT_NONE;
144 	config->dnld_type = ROME_SKIP_EVT_NONE;
145 
146 	switch (config->type) {
147 	case TLV_TYPE_PATCH:
148 		tlv_patch = (struct tlv_type_patch *)tlv->data;
149 
150 		/* For Rome version 1.1 to 3.1, all segment commands
151 		 * are acked by a vendor specific event (VSE).
152 		 * For Rome >= 3.2, the download mode field indicates
153 		 * if VSE is skipped by the controller.
154 		 * In case VSE is skipped, only the last segment is acked.
155 		 */
156 		config->dnld_mode = tlv_patch->download_mode;
157 		config->dnld_type = config->dnld_mode;
158 
159 		BT_DBG("Total Length           : %d bytes",
160 		       le32_to_cpu(tlv_patch->total_size));
161 		BT_DBG("Patch Data Length      : %d bytes",
162 		       le32_to_cpu(tlv_patch->data_length));
163 		BT_DBG("Signing Format Version : 0x%x",
164 		       tlv_patch->format_version);
165 		BT_DBG("Signature Algorithm    : 0x%x",
166 		       tlv_patch->signature);
167 		BT_DBG("Download mode          : 0x%x",
168 		       tlv_patch->download_mode);
169 		BT_DBG("Reserved               : 0x%x",
170 		       tlv_patch->reserved1);
171 		BT_DBG("Product ID             : 0x%04x",
172 		       le16_to_cpu(tlv_patch->product_id));
173 		BT_DBG("Rom Build Version      : 0x%04x",
174 		       le16_to_cpu(tlv_patch->rom_build));
175 		BT_DBG("Patch Version          : 0x%04x",
176 		       le16_to_cpu(tlv_patch->patch_version));
177 		BT_DBG("Reserved               : 0x%x",
178 		       le16_to_cpu(tlv_patch->reserved2));
179 		BT_DBG("Patch Entry Address    : 0x%x",
180 		       le32_to_cpu(tlv_patch->entry));
181 		break;
182 
183 	case TLV_TYPE_NVM:
184 		idx = 0;
185 		data = tlv->data;
186 		while (idx < length) {
187 			tlv_nvm = (struct tlv_type_nvm *)(data + idx);
188 
189 			tag_id = le16_to_cpu(tlv_nvm->tag_id);
190 			tag_len = le16_to_cpu(tlv_nvm->tag_len);
191 
192 			/* Update NVM tags as needed */
193 			switch (tag_id) {
194 			case EDL_TAG_ID_HCI:
195 				/* HCI transport layer parameters
196 				 * enabling software inband sleep
197 				 * onto controller side.
198 				 */
199 				tlv_nvm->data[0] |= 0x80;
200 
201 				/* UART Baud Rate */
202 				tlv_nvm->data[2] = config->user_baud_rate;
203 
204 				break;
205 
206 			case EDL_TAG_ID_DEEP_SLEEP:
207 				/* Sleep enable mask
208 				 * enabling deep sleep feature on controller.
209 				 */
210 				tlv_nvm->data[0] |= 0x01;
211 
212 				break;
213 			}
214 
215 			idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
216 		}
217 		break;
218 
219 	default:
220 		BT_ERR("Unknown TLV type %d", config->type);
221 		break;
222 	}
223 }
224 
225 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
226 				 const u8 *data, enum rome_tlv_dnld_mode mode)
227 {
228 	struct sk_buff *skb;
229 	struct edl_event_hdr *edl;
230 	struct tlv_seg_resp *tlv_resp;
231 	u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
232 	int err = 0;
233 
234 	cmd[0] = EDL_PATCH_TLV_REQ_CMD;
235 	cmd[1] = seg_size;
236 	memcpy(cmd + 2, data, seg_size);
237 
238 	if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE)
239 		return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
240 				      cmd);
241 
242 	skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
243 				HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
244 	if (IS_ERR(skb)) {
245 		err = PTR_ERR(skb);
246 		bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
247 		return err;
248 	}
249 
250 	if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
251 		bt_dev_err(hdev, "QCA TLV response size mismatch");
252 		err = -EILSEQ;
253 		goto out;
254 	}
255 
256 	edl = (struct edl_event_hdr *)(skb->data);
257 	if (!edl) {
258 		bt_dev_err(hdev, "TLV with no header");
259 		err = -EILSEQ;
260 		goto out;
261 	}
262 
263 	tlv_resp = (struct tlv_seg_resp *)(edl->data);
264 
265 	if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
266 	    edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
267 		bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
268 			   edl->cresp, edl->rtype, tlv_resp->result);
269 		err = -EIO;
270 	}
271 
272 out:
273 	kfree_skb(skb);
274 
275 	return err;
276 }
277 
278 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
279 {
280 	struct hci_event_hdr *hdr;
281 	struct hci_ev_cmd_complete *evt;
282 	struct sk_buff *skb;
283 
284 	skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
285 	if (!skb)
286 		return -ENOMEM;
287 
288 	hdr = skb_put(skb, sizeof(*hdr));
289 	hdr->evt = HCI_EV_CMD_COMPLETE;
290 	hdr->plen = sizeof(*evt) + 1;
291 
292 	evt = skb_put(skb, sizeof(*evt));
293 	evt->ncmd = 1;
294 	evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
295 
296 	skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
297 
298 	hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
299 
300 	return hci_recv_frame(hdev, skb);
301 }
302 
303 static int qca_download_firmware(struct hci_dev *hdev,
304 				  struct rome_config *config)
305 {
306 	const struct firmware *fw;
307 	const u8 *segment;
308 	int ret, remain, i = 0;
309 
310 	bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
311 
312 	ret = request_firmware(&fw, config->fwname, &hdev->dev);
313 	if (ret) {
314 		bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
315 			   config->fwname, ret);
316 		return ret;
317 	}
318 
319 	qca_tlv_check_data(config, fw);
320 
321 	segment = fw->data;
322 	remain = fw->size;
323 	while (remain > 0) {
324 		int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
325 
326 		bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
327 
328 		remain -= segsize;
329 		/* The last segment is always acked regardless download mode */
330 		if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
331 			config->dnld_mode = ROME_SKIP_EVT_NONE;
332 
333 		ret = qca_tlv_send_segment(hdev, segsize, segment,
334 					    config->dnld_mode);
335 		if (ret)
336 			goto out;
337 
338 		segment += segsize;
339 	}
340 
341 	/* Latest qualcomm chipsets are not sending a command complete event
342 	 * for every fw packet sent. They only respond with a vendor specific
343 	 * event for the last packet. This optimization in the chip will
344 	 * decrease the BT in initialization time. Here we will inject a command
345 	 * complete event to avoid a command timeout error message.
346 	 */
347 	if (config->dnld_type == ROME_SKIP_EVT_VSE_CC ||
348 	    config->dnld_type == ROME_SKIP_EVT_VSE)
349 		ret = qca_inject_cmd_complete_event(hdev);
350 
351 out:
352 	release_firmware(fw);
353 
354 	return ret;
355 }
356 
357 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
358 {
359 	struct sk_buff *skb;
360 	u8 cmd[9];
361 	int err;
362 
363 	cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
364 	cmd[1] = 0x02; 			/* TAG ID */
365 	cmd[2] = sizeof(bdaddr_t);	/* size */
366 	memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
367 	skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
368 				HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
369 	if (IS_ERR(skb)) {
370 		err = PTR_ERR(skb);
371 		bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
372 		return err;
373 	}
374 
375 	kfree_skb(skb);
376 
377 	return 0;
378 }
379 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
380 
381 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
382 		   enum qca_btsoc_type soc_type, u32 soc_ver,
383 		   const char *firmware_name)
384 {
385 	struct rome_config config;
386 	int err;
387 	u8 rom_ver = 0;
388 
389 	bt_dev_dbg(hdev, "QCA setup on UART");
390 
391 	config.user_baud_rate = baudrate;
392 
393 	/* Download rampatch file */
394 	config.type = TLV_TYPE_PATCH;
395 	if (qca_is_wcn399x(soc_type)) {
396 		/* Firmware files to download are based on ROM version.
397 		 * ROM version is derived from last two bytes of soc_ver.
398 		 */
399 		rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
400 			    (soc_ver & 0x0000000f);
401 		snprintf(config.fwname, sizeof(config.fwname),
402 			 "qca/crbtfw%02x.tlv", rom_ver);
403 	} else {
404 		snprintf(config.fwname, sizeof(config.fwname),
405 			 "qca/rampatch_%08x.bin", soc_ver);
406 	}
407 
408 	err = qca_download_firmware(hdev, &config);
409 	if (err < 0) {
410 		bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
411 		return err;
412 	}
413 
414 	/* Give the controller some time to get ready to receive the NVM */
415 	msleep(10);
416 
417 	/* Download NVM configuration */
418 	config.type = TLV_TYPE_NVM;
419 	if (firmware_name)
420 		snprintf(config.fwname, sizeof(config.fwname),
421 			 "qca/%s", firmware_name);
422 	else if (qca_is_wcn399x(soc_type))
423 		snprintf(config.fwname, sizeof(config.fwname),
424 			 "qca/crnv%02x.bin", rom_ver);
425 	else
426 		snprintf(config.fwname, sizeof(config.fwname),
427 			 "qca/nvm_%08x.bin", soc_ver);
428 
429 	err = qca_download_firmware(hdev, &config);
430 	if (err < 0) {
431 		bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
432 		return err;
433 	}
434 
435 	/* Perform HCI reset */
436 	err = qca_send_reset(hdev);
437 	if (err < 0) {
438 		bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
439 		return err;
440 	}
441 
442 	bt_dev_info(hdev, "QCA setup on UART is completed");
443 
444 	return 0;
445 }
446 EXPORT_SYMBOL_GPL(qca_uart_setup);
447 
448 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
449 {
450 	struct sk_buff *skb;
451 	int err;
452 
453 	skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
454 				HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
455 	if (IS_ERR(skb)) {
456 		err = PTR_ERR(skb);
457 		bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
458 		return err;
459 	}
460 
461 	kfree_skb(skb);
462 
463 	return 0;
464 }
465 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
466 
467 
468 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
469 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
470 MODULE_VERSION(VERSION);
471 MODULE_LICENSE("GPL");
472