1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 #include <linux/vmalloc.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btqca.h" 15 16 #define VERSION "0.1" 17 18 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, 19 enum qca_btsoc_type soc_type) 20 { 21 struct sk_buff *skb; 22 struct edl_event_hdr *edl; 23 char cmd; 24 int err = 0; 25 u8 event_type = HCI_EV_VENDOR; 26 u8 rlen = sizeof(*edl) + sizeof(*ver); 27 u8 rtype = EDL_APP_VER_RES_EVT; 28 29 bt_dev_dbg(hdev, "QCA Version Request"); 30 31 /* Unlike other SoC's sending version command response as payload to 32 * VSE event. WCN3991 sends version command response as a payload to 33 * command complete event. 34 */ 35 if (soc_type >= QCA_WCN3991) { 36 event_type = 0; 37 rlen += 1; 38 rtype = EDL_PATCH_VER_REQ_CMD; 39 } 40 41 cmd = EDL_PATCH_VER_REQ_CMD; 42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 43 &cmd, event_type, HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 err = PTR_ERR(skb); 46 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 47 err); 48 return err; 49 } 50 51 if (skb->len != rlen) { 52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 53 err = -EILSEQ; 54 goto out; 55 } 56 57 edl = (struct edl_event_hdr *)(skb->data); 58 if (!edl) { 59 bt_dev_err(hdev, "QCA TLV with no header"); 60 err = -EILSEQ; 61 goto out; 62 } 63 64 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 65 edl->rtype != rtype) { 66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 67 edl->rtype); 68 err = -EIO; 69 goto out; 70 } 71 72 if (soc_type >= QCA_WCN3991) 73 memcpy(ver, edl->data + 1, sizeof(*ver)); 74 else 75 memcpy(ver, &edl->data, sizeof(*ver)); 76 77 bt_dev_info(hdev, "QCA Product ID :0x%08x", 78 le32_to_cpu(ver->product_id)); 79 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 80 le32_to_cpu(ver->soc_id)); 81 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 82 le16_to_cpu(ver->rom_ver)); 83 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 84 le16_to_cpu(ver->patch_ver)); 85 86 if (ver->soc_id == 0 || ver->rom_ver == 0) 87 err = -EILSEQ; 88 89 out: 90 kfree_skb(skb); 91 if (err) 92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 93 94 return err; 95 } 96 EXPORT_SYMBOL_GPL(qca_read_soc_version); 97 98 static int qca_read_fw_build_info(struct hci_dev *hdev) 99 { 100 struct sk_buff *skb; 101 struct edl_event_hdr *edl; 102 char *build_label; 103 char cmd; 104 int build_lbl_len, err = 0; 105 106 bt_dev_dbg(hdev, "QCA read fw build info"); 107 108 cmd = EDL_GET_BUILD_INFO_CMD; 109 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 110 &cmd, 0, HCI_INIT_TIMEOUT); 111 if (IS_ERR(skb)) { 112 err = PTR_ERR(skb); 113 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)", 114 err); 115 return err; 116 } 117 118 if (skb->len < sizeof(*edl)) { 119 err = -EILSEQ; 120 goto out; 121 } 122 123 edl = (struct edl_event_hdr *)(skb->data); 124 if (!edl) { 125 bt_dev_err(hdev, "QCA read fw build info with no header"); 126 err = -EILSEQ; 127 goto out; 128 } 129 130 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 131 edl->rtype != EDL_GET_BUILD_INFO_CMD) { 132 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 133 edl->rtype); 134 err = -EIO; 135 goto out; 136 } 137 138 if (skb->len < sizeof(*edl) + 1) { 139 err = -EILSEQ; 140 goto out; 141 } 142 143 build_lbl_len = edl->data[0]; 144 145 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { 146 err = -EILSEQ; 147 goto out; 148 } 149 150 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); 151 if (!build_label) 152 goto out; 153 154 hci_set_fw_info(hdev, "%s", build_label); 155 156 kfree(build_label); 157 out: 158 kfree_skb(skb); 159 return err; 160 } 161 162 static int qca_send_patch_config_cmd(struct hci_dev *hdev) 163 { 164 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 }; 165 struct sk_buff *skb; 166 struct edl_event_hdr *edl; 167 int err; 168 169 bt_dev_dbg(hdev, "QCA Patch config"); 170 171 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd), 172 cmd, 0, HCI_INIT_TIMEOUT); 173 if (IS_ERR(skb)) { 174 err = PTR_ERR(skb); 175 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err); 176 return err; 177 } 178 179 if (skb->len != 2) { 180 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len); 181 err = -EILSEQ; 182 goto out; 183 } 184 185 edl = (struct edl_event_hdr *)(skb->data); 186 if (!edl) { 187 bt_dev_err(hdev, "QCA Patch config with no header"); 188 err = -EILSEQ; 189 goto out; 190 } 191 192 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) { 193 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 194 edl->rtype); 195 err = -EIO; 196 goto out; 197 } 198 199 err = 0; 200 201 out: 202 kfree_skb(skb); 203 return err; 204 } 205 206 static int qca_send_reset(struct hci_dev *hdev) 207 { 208 struct sk_buff *skb; 209 int err; 210 211 bt_dev_dbg(hdev, "QCA HCI_RESET"); 212 213 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 214 if (IS_ERR(skb)) { 215 err = PTR_ERR(skb); 216 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 217 return err; 218 } 219 220 kfree_skb(skb); 221 222 return 0; 223 } 224 225 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 226 { 227 u8 cmd; 228 struct sk_buff *skb; 229 struct edl_event_hdr *edl; 230 int err = 0; 231 232 cmd = EDL_GET_BID_REQ_CMD; 233 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 234 &cmd, 0, HCI_INIT_TIMEOUT); 235 if (IS_ERR(skb)) { 236 err = PTR_ERR(skb); 237 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 238 return err; 239 } 240 241 edl = skb_pull_data(skb, sizeof(*edl)); 242 if (!edl) { 243 bt_dev_err(hdev, "QCA read board ID with no header"); 244 err = -EILSEQ; 245 goto out; 246 } 247 248 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 249 edl->rtype != EDL_GET_BID_REQ_CMD) { 250 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 251 err = -EIO; 252 goto out; 253 } 254 255 if (skb->len < 3) { 256 err = -EILSEQ; 257 goto out; 258 } 259 260 *bid = (edl->data[1] << 8) + edl->data[2]; 261 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 262 263 out: 264 kfree_skb(skb); 265 return err; 266 } 267 268 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 269 { 270 struct sk_buff *skb; 271 int err; 272 273 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 274 275 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 276 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 277 278 if (IS_ERR(skb)) { 279 err = PTR_ERR(skb); 280 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 281 return err; 282 } 283 284 kfree_skb(skb); 285 286 return 0; 287 } 288 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 289 290 static int qca_tlv_check_data(struct hci_dev *hdev, 291 struct qca_fw_config *config, 292 u8 *fw_data, size_t fw_size, 293 enum qca_btsoc_type soc_type) 294 { 295 const u8 *data; 296 u32 type_len; 297 u16 tag_id, tag_len; 298 int idx, length; 299 struct tlv_type_hdr *tlv; 300 struct tlv_type_patch *tlv_patch; 301 struct tlv_type_nvm *tlv_nvm; 302 uint8_t nvm_baud_rate = config->user_baud_rate; 303 u8 type; 304 305 config->dnld_mode = QCA_SKIP_EVT_NONE; 306 config->dnld_type = QCA_SKIP_EVT_NONE; 307 308 switch (config->type) { 309 case ELF_TYPE_PATCH: 310 if (fw_size < 7) 311 return -EINVAL; 312 313 config->dnld_mode = QCA_SKIP_EVT_VSE_CC; 314 config->dnld_type = QCA_SKIP_EVT_VSE_CC; 315 316 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]); 317 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]); 318 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); 319 break; 320 case TLV_TYPE_PATCH: 321 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) 322 return -EINVAL; 323 324 tlv = (struct tlv_type_hdr *)fw_data; 325 type_len = le32_to_cpu(tlv->type_len); 326 tlv_patch = (struct tlv_type_patch *)tlv->data; 327 328 /* For Rome version 1.1 to 3.1, all segment commands 329 * are acked by a vendor specific event (VSE). 330 * For Rome >= 3.2, the download mode field indicates 331 * if VSE is skipped by the controller. 332 * In case VSE is skipped, only the last segment is acked. 333 */ 334 config->dnld_mode = tlv_patch->download_mode; 335 config->dnld_type = config->dnld_mode; 336 337 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 338 BT_DBG("Total Length : %d bytes", 339 le32_to_cpu(tlv_patch->total_size)); 340 BT_DBG("Patch Data Length : %d bytes", 341 le32_to_cpu(tlv_patch->data_length)); 342 BT_DBG("Signing Format Version : 0x%x", 343 tlv_patch->format_version); 344 BT_DBG("Signature Algorithm : 0x%x", 345 tlv_patch->signature); 346 BT_DBG("Download mode : 0x%x", 347 tlv_patch->download_mode); 348 BT_DBG("Reserved : 0x%x", 349 tlv_patch->reserved1); 350 BT_DBG("Product ID : 0x%04x", 351 le16_to_cpu(tlv_patch->product_id)); 352 BT_DBG("Rom Build Version : 0x%04x", 353 le16_to_cpu(tlv_patch->rom_build)); 354 BT_DBG("Patch Version : 0x%04x", 355 le16_to_cpu(tlv_patch->patch_version)); 356 BT_DBG("Reserved : 0x%x", 357 le16_to_cpu(tlv_patch->reserved2)); 358 BT_DBG("Patch Entry Address : 0x%x", 359 le32_to_cpu(tlv_patch->entry)); 360 break; 361 362 case TLV_TYPE_NVM: 363 if (fw_size < sizeof(struct tlv_type_hdr)) 364 return -EINVAL; 365 366 tlv = (struct tlv_type_hdr *)fw_data; 367 368 type_len = le32_to_cpu(tlv->type_len); 369 length = type_len >> 8; 370 type = type_len & 0xff; 371 372 /* Some NVM files have more than one set of tags, only parse 373 * the first set when it has type 2 for now. When there is 374 * more than one set there is an enclosing header of type 4. 375 */ 376 if (type == 4) { 377 if (fw_size < 2 * sizeof(struct tlv_type_hdr)) 378 return -EINVAL; 379 380 tlv++; 381 382 type_len = le32_to_cpu(tlv->type_len); 383 length = type_len >> 8; 384 type = type_len & 0xff; 385 } 386 387 BT_DBG("TLV Type\t\t : 0x%x", type); 388 BT_DBG("Length\t\t : %d bytes", length); 389 390 if (type != 2) 391 break; 392 393 if (fw_size < length + (tlv->data - fw_data)) 394 return -EINVAL; 395 396 idx = 0; 397 data = tlv->data; 398 while (idx < length - sizeof(struct tlv_type_nvm)) { 399 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 400 401 tag_id = le16_to_cpu(tlv_nvm->tag_id); 402 tag_len = le16_to_cpu(tlv_nvm->tag_len); 403 404 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) 405 return -EINVAL; 406 407 /* Update NVM tags as needed */ 408 switch (tag_id) { 409 case EDL_TAG_ID_BD_ADDR: 410 if (tag_len != sizeof(bdaddr_t)) 411 return -EINVAL; 412 413 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); 414 415 break; 416 417 case EDL_TAG_ID_HCI: 418 if (tag_len < 3) 419 return -EINVAL; 420 421 /* HCI transport layer parameters 422 * enabling software inband sleep 423 * onto controller side. 424 */ 425 tlv_nvm->data[0] |= 0x80; 426 427 /* UART Baud Rate */ 428 if (soc_type >= QCA_WCN3991) 429 tlv_nvm->data[1] = nvm_baud_rate; 430 else 431 tlv_nvm->data[2] = nvm_baud_rate; 432 433 break; 434 435 case EDL_TAG_ID_DEEP_SLEEP: 436 if (tag_len < 1) 437 return -EINVAL; 438 439 /* Sleep enable mask 440 * enabling deep sleep feature on controller. 441 */ 442 tlv_nvm->data[0] |= 0x01; 443 444 break; 445 } 446 447 idx += sizeof(struct tlv_type_nvm) + tag_len; 448 } 449 break; 450 451 default: 452 BT_ERR("Unknown TLV type %d", config->type); 453 return -EINVAL; 454 } 455 456 return 0; 457 } 458 459 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 460 const u8 *data, enum qca_tlv_dnld_mode mode, 461 enum qca_btsoc_type soc_type) 462 { 463 struct sk_buff *skb; 464 struct edl_event_hdr *edl; 465 struct tlv_seg_resp *tlv_resp; 466 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 467 int err = 0; 468 u8 event_type = HCI_EV_VENDOR; 469 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 470 u8 rtype = EDL_TVL_DNLD_RES_EVT; 471 472 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 473 cmd[1] = seg_size; 474 memcpy(cmd + 2, data, seg_size); 475 476 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 477 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 478 cmd); 479 480 /* Unlike other SoC's sending version command response as payload to 481 * VSE event. WCN3991 sends version command response as a payload to 482 * command complete event. 483 */ 484 if (soc_type >= QCA_WCN3991) { 485 event_type = 0; 486 rlen = sizeof(*edl); 487 rtype = EDL_PATCH_TLV_REQ_CMD; 488 } 489 490 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 491 event_type, HCI_INIT_TIMEOUT); 492 if (IS_ERR(skb)) { 493 err = PTR_ERR(skb); 494 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 495 return err; 496 } 497 498 if (skb->len != rlen) { 499 bt_dev_err(hdev, "QCA TLV response size mismatch"); 500 err = -EILSEQ; 501 goto out; 502 } 503 504 edl = (struct edl_event_hdr *)(skb->data); 505 if (!edl) { 506 bt_dev_err(hdev, "TLV with no header"); 507 err = -EILSEQ; 508 goto out; 509 } 510 511 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 512 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 513 edl->cresp, edl->rtype); 514 err = -EIO; 515 } 516 517 if (soc_type >= QCA_WCN3991) 518 goto out; 519 520 tlv_resp = (struct tlv_seg_resp *)(edl->data); 521 if (tlv_resp->result) { 522 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 523 edl->cresp, edl->rtype, tlv_resp->result); 524 } 525 526 out: 527 kfree_skb(skb); 528 529 return err; 530 } 531 532 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 533 { 534 struct hci_event_hdr *hdr; 535 struct hci_ev_cmd_complete *evt; 536 struct sk_buff *skb; 537 538 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 539 if (!skb) 540 return -ENOMEM; 541 542 hdr = skb_put(skb, sizeof(*hdr)); 543 hdr->evt = HCI_EV_CMD_COMPLETE; 544 hdr->plen = sizeof(*evt) + 1; 545 546 evt = skb_put(skb, sizeof(*evt)); 547 evt->ncmd = 1; 548 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 549 550 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 551 552 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 553 554 return hci_recv_frame(hdev, skb); 555 } 556 557 static int qca_download_firmware(struct hci_dev *hdev, 558 struct qca_fw_config *config, 559 enum qca_btsoc_type soc_type, 560 u8 rom_ver) 561 { 562 const struct firmware *fw; 563 u8 *data; 564 const u8 *segment; 565 int ret, size, remain, i = 0; 566 567 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 568 569 ret = request_firmware(&fw, config->fwname, &hdev->dev); 570 if (ret) { 571 /* For WCN6750, if mbn file is not present then check for 572 * tlv file. 573 */ 574 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) { 575 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)", 576 config->fwname, ret); 577 config->type = TLV_TYPE_PATCH; 578 snprintf(config->fwname, sizeof(config->fwname), 579 "qca/msbtfw%02x.tlv", rom_ver); 580 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 581 ret = request_firmware(&fw, config->fwname, &hdev->dev); 582 if (ret) { 583 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 584 config->fwname, ret); 585 return ret; 586 } 587 } else { 588 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 589 config->fwname, ret); 590 return ret; 591 } 592 } 593 594 size = fw->size; 595 data = vmalloc(fw->size); 596 if (!data) { 597 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s", 598 config->fwname); 599 release_firmware(fw); 600 return -ENOMEM; 601 } 602 603 memcpy(data, fw->data, size); 604 release_firmware(fw); 605 606 ret = qca_tlv_check_data(hdev, config, data, size, soc_type); 607 if (ret) 608 goto out; 609 610 segment = data; 611 remain = size; 612 while (remain > 0) { 613 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 614 615 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 616 617 remain -= segsize; 618 /* The last segment is always acked regardless download mode */ 619 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 620 config->dnld_mode = QCA_SKIP_EVT_NONE; 621 622 ret = qca_tlv_send_segment(hdev, segsize, segment, 623 config->dnld_mode, soc_type); 624 if (ret) 625 goto out; 626 627 segment += segsize; 628 } 629 630 /* Latest qualcomm chipsets are not sending a command complete event 631 * for every fw packet sent. They only respond with a vendor specific 632 * event for the last packet. This optimization in the chip will 633 * decrease the BT in initialization time. Here we will inject a command 634 * complete event to avoid a command timeout error message. 635 */ 636 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 637 config->dnld_type == QCA_SKIP_EVT_VSE) 638 ret = qca_inject_cmd_complete_event(hdev); 639 640 out: 641 vfree(data); 642 643 return ret; 644 } 645 646 static int qca_disable_soc_logging(struct hci_dev *hdev) 647 { 648 struct sk_buff *skb; 649 u8 cmd[2]; 650 int err; 651 652 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 653 cmd[1] = 0x00; 654 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 655 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 656 if (IS_ERR(skb)) { 657 err = PTR_ERR(skb); 658 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 659 return err; 660 } 661 662 kfree_skb(skb); 663 664 return 0; 665 } 666 667 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 668 { 669 struct sk_buff *skb; 670 u8 cmd[9]; 671 int err; 672 673 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 674 cmd[1] = 0x02; /* TAG ID */ 675 cmd[2] = sizeof(bdaddr_t); /* size */ 676 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 677 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 678 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 679 if (IS_ERR(skb)) { 680 err = PTR_ERR(skb); 681 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 682 return err; 683 } 684 685 kfree_skb(skb); 686 687 return 0; 688 } 689 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 690 691 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) 692 { 693 struct hci_rp_read_bd_addr *bda; 694 struct sk_buff *skb; 695 int err; 696 697 if (bacmp(&hdev->public_addr, BDADDR_ANY)) 698 return 0; 699 700 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 701 HCI_INIT_TIMEOUT); 702 if (IS_ERR(skb)) { 703 err = PTR_ERR(skb); 704 bt_dev_err(hdev, "Failed to read device address (%d)", err); 705 return err; 706 } 707 708 if (skb->len != sizeof(*bda)) { 709 bt_dev_err(hdev, "Device address length mismatch"); 710 kfree_skb(skb); 711 return -EIO; 712 } 713 714 bda = (struct hci_rp_read_bd_addr *)skb->data; 715 if (!bacmp(&bda->bdaddr, &config->bdaddr)) 716 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); 717 718 kfree_skb(skb); 719 720 return 0; 721 } 722 723 static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, 724 struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 725 { 726 const char *variant; 727 728 /* hsp gf chip */ 729 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 730 variant = "g"; 731 else 732 variant = ""; 733 734 if (bid == 0x0) 735 snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant); 736 else 737 snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid); 738 } 739 740 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 741 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 742 const char *firmware_name) 743 { 744 struct qca_fw_config config = {}; 745 int err; 746 u8 rom_ver = 0; 747 u32 soc_ver; 748 u16 boardid = 0; 749 750 bt_dev_dbg(hdev, "QCA setup on UART"); 751 752 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver); 753 754 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver); 755 756 config.user_baud_rate = baudrate; 757 758 /* Firmware files to download are based on ROM version. 759 * ROM version is derived from last two bytes of soc_ver. 760 */ 761 if (soc_type == QCA_WCN3988) 762 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f); 763 else 764 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f); 765 766 if (soc_type == QCA_WCN6750) 767 qca_send_patch_config_cmd(hdev); 768 769 /* Download rampatch file */ 770 config.type = TLV_TYPE_PATCH; 771 switch (soc_type) { 772 case QCA_WCN3990: 773 case QCA_WCN3991: 774 case QCA_WCN3998: 775 snprintf(config.fwname, sizeof(config.fwname), 776 "qca/crbtfw%02x.tlv", rom_ver); 777 break; 778 case QCA_WCN3988: 779 snprintf(config.fwname, sizeof(config.fwname), 780 "qca/apbtfw%02x.tlv", rom_ver); 781 break; 782 case QCA_QCA2066: 783 snprintf(config.fwname, sizeof(config.fwname), 784 "qca/hpbtfw%02x.tlv", rom_ver); 785 break; 786 case QCA_QCA6390: 787 snprintf(config.fwname, sizeof(config.fwname), 788 "qca/htbtfw%02x.tlv", rom_ver); 789 break; 790 case QCA_WCN6750: 791 /* Choose mbn file by default.If mbn file is not found 792 * then choose tlv file 793 */ 794 config.type = ELF_TYPE_PATCH; 795 snprintf(config.fwname, sizeof(config.fwname), 796 "qca/msbtfw%02x.mbn", rom_ver); 797 break; 798 case QCA_WCN6855: 799 snprintf(config.fwname, sizeof(config.fwname), 800 "qca/hpbtfw%02x.tlv", rom_ver); 801 break; 802 case QCA_WCN7850: 803 snprintf(config.fwname, sizeof(config.fwname), 804 "qca/hmtbtfw%02x.tlv", rom_ver); 805 break; 806 default: 807 snprintf(config.fwname, sizeof(config.fwname), 808 "qca/rampatch_%08x.bin", soc_ver); 809 } 810 811 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 812 if (err < 0) { 813 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err); 814 return err; 815 } 816 817 /* Give the controller some time to get ready to receive the NVM */ 818 msleep(10); 819 820 if (soc_type == QCA_QCA2066) 821 qca_read_fw_board_id(hdev, &boardid); 822 823 /* Download NVM configuration */ 824 config.type = TLV_TYPE_NVM; 825 if (firmware_name) { 826 snprintf(config.fwname, sizeof(config.fwname), 827 "qca/%s", firmware_name); 828 } else { 829 switch (soc_type) { 830 case QCA_WCN3990: 831 case QCA_WCN3991: 832 case QCA_WCN3998: 833 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) { 834 snprintf(config.fwname, sizeof(config.fwname), 835 "qca/crnv%02xu.bin", rom_ver); 836 } else { 837 snprintf(config.fwname, sizeof(config.fwname), 838 "qca/crnv%02x.bin", rom_ver); 839 } 840 break; 841 case QCA_WCN3988: 842 snprintf(config.fwname, sizeof(config.fwname), 843 "qca/apnv%02x.bin", rom_ver); 844 break; 845 case QCA_QCA2066: 846 qca_generate_hsp_nvm_name(config.fwname, 847 sizeof(config.fwname), ver, rom_ver, boardid); 848 break; 849 case QCA_QCA6390: 850 snprintf(config.fwname, sizeof(config.fwname), 851 "qca/htnv%02x.bin", rom_ver); 852 break; 853 case QCA_WCN6750: 854 snprintf(config.fwname, sizeof(config.fwname), 855 "qca/msnv%02x.bin", rom_ver); 856 break; 857 case QCA_WCN6855: 858 snprintf(config.fwname, sizeof(config.fwname), 859 "qca/hpnv%02x.bin", rom_ver); 860 break; 861 case QCA_WCN7850: 862 snprintf(config.fwname, sizeof(config.fwname), 863 "qca/hmtnv%02x.bin", rom_ver); 864 break; 865 866 default: 867 snprintf(config.fwname, sizeof(config.fwname), 868 "qca/nvm_%08x.bin", soc_ver); 869 } 870 } 871 872 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 873 if (err < 0) { 874 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 875 return err; 876 } 877 878 switch (soc_type) { 879 case QCA_WCN3991: 880 case QCA_QCA2066: 881 case QCA_QCA6390: 882 case QCA_WCN6750: 883 case QCA_WCN6855: 884 case QCA_WCN7850: 885 err = qca_disable_soc_logging(hdev); 886 if (err < 0) 887 return err; 888 break; 889 default: 890 break; 891 } 892 893 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the 894 * VsMsftOpCode. 895 */ 896 switch (soc_type) { 897 case QCA_WCN3988: 898 case QCA_WCN3990: 899 case QCA_WCN3991: 900 case QCA_WCN3998: 901 case QCA_WCN6750: 902 hci_set_msft_opcode(hdev, 0xFD70); 903 break; 904 default: 905 break; 906 } 907 908 /* Perform HCI reset */ 909 err = qca_send_reset(hdev); 910 if (err < 0) { 911 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 912 return err; 913 } 914 915 switch (soc_type) { 916 case QCA_WCN3991: 917 case QCA_WCN6750: 918 case QCA_WCN6855: 919 case QCA_WCN7850: 920 /* get fw build info */ 921 err = qca_read_fw_build_info(hdev); 922 if (err < 0) 923 return err; 924 break; 925 default: 926 break; 927 } 928 929 err = qca_check_bdaddr(hdev, &config); 930 if (err) 931 return err; 932 933 bt_dev_info(hdev, "QCA setup on UART is completed"); 934 935 return 0; 936 } 937 EXPORT_SYMBOL_GPL(qca_uart_setup); 938 939 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 940 { 941 bdaddr_t bdaddr_swapped; 942 struct sk_buff *skb; 943 int err; 944 945 baswap(&bdaddr_swapped, bdaddr); 946 947 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, 948 &bdaddr_swapped, HCI_EV_VENDOR, 949 HCI_INIT_TIMEOUT); 950 if (IS_ERR(skb)) { 951 err = PTR_ERR(skb); 952 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 953 return err; 954 } 955 956 kfree_skb(skb); 957 958 return 0; 959 } 960 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 961 962 963 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 964 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 965 MODULE_VERSION(VERSION); 966 MODULE_LICENSE("GPL"); 967