1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Bluetooth supports for Qualcomm Atheros chips 4 * 5 * Copyright (c) 2015 The Linux Foundation. All rights reserved. 6 */ 7 #include <linux/module.h> 8 #include <linux/firmware.h> 9 #include <linux/vmalloc.h> 10 11 #include <net/bluetooth/bluetooth.h> 12 #include <net/bluetooth/hci_core.h> 13 14 #include "btqca.h" 15 16 #define VERSION "0.1" 17 18 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, 19 enum qca_btsoc_type soc_type) 20 { 21 struct sk_buff *skb; 22 struct edl_event_hdr *edl; 23 char cmd; 24 int err = 0; 25 u8 event_type = HCI_EV_VENDOR; 26 u8 rlen = sizeof(*edl) + sizeof(*ver); 27 u8 rtype = EDL_APP_VER_RES_EVT; 28 29 bt_dev_dbg(hdev, "QCA Version Request"); 30 31 /* Unlike other SoC's sending version command response as payload to 32 * VSE event. WCN3991 sends version command response as a payload to 33 * command complete event. 34 */ 35 if (soc_type >= QCA_WCN3991) { 36 event_type = 0; 37 rlen += 1; 38 rtype = EDL_PATCH_VER_REQ_CMD; 39 } 40 41 cmd = EDL_PATCH_VER_REQ_CMD; 42 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 43 &cmd, event_type, HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 err = PTR_ERR(skb); 46 bt_dev_err(hdev, "Reading QCA version information failed (%d)", 47 err); 48 return err; 49 } 50 51 if (skb->len != rlen) { 52 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len); 53 err = -EILSEQ; 54 goto out; 55 } 56 57 edl = (struct edl_event_hdr *)(skb->data); 58 if (!edl) { 59 bt_dev_err(hdev, "QCA TLV with no header"); 60 err = -EILSEQ; 61 goto out; 62 } 63 64 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 65 edl->rtype != rtype) { 66 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 67 edl->rtype); 68 err = -EIO; 69 goto out; 70 } 71 72 if (soc_type >= QCA_WCN3991) 73 memcpy(ver, edl->data + 1, sizeof(*ver)); 74 else 75 memcpy(ver, &edl->data, sizeof(*ver)); 76 77 bt_dev_info(hdev, "QCA Product ID :0x%08x", 78 le32_to_cpu(ver->product_id)); 79 bt_dev_info(hdev, "QCA SOC Version :0x%08x", 80 le32_to_cpu(ver->soc_id)); 81 bt_dev_info(hdev, "QCA ROM Version :0x%08x", 82 le16_to_cpu(ver->rom_ver)); 83 bt_dev_info(hdev, "QCA Patch Version:0x%08x", 84 le16_to_cpu(ver->patch_ver)); 85 86 if (ver->soc_id == 0 || ver->rom_ver == 0) 87 err = -EILSEQ; 88 89 out: 90 kfree_skb(skb); 91 if (err) 92 bt_dev_err(hdev, "QCA Failed to get version (%d)", err); 93 94 return err; 95 } 96 EXPORT_SYMBOL_GPL(qca_read_soc_version); 97 98 static int qca_read_fw_build_info(struct hci_dev *hdev) 99 { 100 struct sk_buff *skb; 101 struct edl_event_hdr *edl; 102 char *build_label; 103 char cmd; 104 int build_lbl_len, err = 0; 105 106 bt_dev_dbg(hdev, "QCA read fw build info"); 107 108 cmd = EDL_GET_BUILD_INFO_CMD; 109 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 110 &cmd, 0, HCI_INIT_TIMEOUT); 111 if (IS_ERR(skb)) { 112 err = PTR_ERR(skb); 113 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)", 114 err); 115 return err; 116 } 117 118 if (skb->len < sizeof(*edl)) { 119 err = -EILSEQ; 120 goto out; 121 } 122 123 edl = (struct edl_event_hdr *)(skb->data); 124 if (!edl) { 125 bt_dev_err(hdev, "QCA read fw build info with no header"); 126 err = -EILSEQ; 127 goto out; 128 } 129 130 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 131 edl->rtype != EDL_GET_BUILD_INFO_CMD) { 132 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 133 edl->rtype); 134 err = -EIO; 135 goto out; 136 } 137 138 if (skb->len < sizeof(*edl) + 1) { 139 err = -EILSEQ; 140 goto out; 141 } 142 143 build_lbl_len = edl->data[0]; 144 145 if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { 146 err = -EILSEQ; 147 goto out; 148 } 149 150 build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); 151 if (!build_label) { 152 err = -ENOMEM; 153 goto out; 154 } 155 156 hci_set_fw_info(hdev, "%s", build_label); 157 158 kfree(build_label); 159 out: 160 kfree_skb(skb); 161 return err; 162 } 163 164 static int qca_send_patch_config_cmd(struct hci_dev *hdev) 165 { 166 const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 }; 167 struct sk_buff *skb; 168 struct edl_event_hdr *edl; 169 int err; 170 171 bt_dev_dbg(hdev, "QCA Patch config"); 172 173 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd), 174 cmd, 0, HCI_INIT_TIMEOUT); 175 if (IS_ERR(skb)) { 176 err = PTR_ERR(skb); 177 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err); 178 return err; 179 } 180 181 if (skb->len != 2) { 182 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len); 183 err = -EILSEQ; 184 goto out; 185 } 186 187 edl = (struct edl_event_hdr *)(skb->data); 188 if (!edl) { 189 bt_dev_err(hdev, "QCA Patch config with no header"); 190 err = -EILSEQ; 191 goto out; 192 } 193 194 if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) { 195 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp, 196 edl->rtype); 197 err = -EIO; 198 goto out; 199 } 200 201 err = 0; 202 203 out: 204 kfree_skb(skb); 205 return err; 206 } 207 208 static int qca_send_reset(struct hci_dev *hdev) 209 { 210 struct sk_buff *skb; 211 int err; 212 213 bt_dev_dbg(hdev, "QCA HCI_RESET"); 214 215 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 216 if (IS_ERR(skb)) { 217 err = PTR_ERR(skb); 218 bt_dev_err(hdev, "QCA Reset failed (%d)", err); 219 return err; 220 } 221 222 kfree_skb(skb); 223 224 return 0; 225 } 226 227 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 228 { 229 u8 cmd; 230 struct sk_buff *skb; 231 struct edl_event_hdr *edl; 232 int err = 0; 233 234 cmd = EDL_GET_BID_REQ_CMD; 235 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 236 &cmd, 0, HCI_INIT_TIMEOUT); 237 if (IS_ERR(skb)) { 238 err = PTR_ERR(skb); 239 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 240 return err; 241 } 242 243 edl = skb_pull_data(skb, sizeof(*edl)); 244 if (!edl) { 245 bt_dev_err(hdev, "QCA read board ID with no header"); 246 err = -EILSEQ; 247 goto out; 248 } 249 250 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 251 edl->rtype != EDL_GET_BID_REQ_CMD) { 252 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 253 err = -EIO; 254 goto out; 255 } 256 257 if (skb->len < 3) { 258 err = -EILSEQ; 259 goto out; 260 } 261 262 *bid = (edl->data[1] << 8) + edl->data[2]; 263 bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 264 265 out: 266 kfree_skb(skb); 267 return err; 268 } 269 270 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 271 { 272 struct sk_buff *skb; 273 int err; 274 275 bt_dev_dbg(hdev, "QCA pre shutdown cmd"); 276 277 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0, 278 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 279 280 if (IS_ERR(skb)) { 281 err = PTR_ERR(skb); 282 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err); 283 return err; 284 } 285 286 kfree_skb(skb); 287 288 return 0; 289 } 290 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); 291 292 static int qca_tlv_check_data(struct hci_dev *hdev, 293 struct qca_fw_config *config, 294 u8 *fw_data, size_t fw_size, 295 enum qca_btsoc_type soc_type) 296 { 297 const u8 *data; 298 u32 type_len; 299 u16 tag_id, tag_len; 300 int idx, length; 301 struct tlv_type_hdr *tlv; 302 struct tlv_type_patch *tlv_patch; 303 struct tlv_type_nvm *tlv_nvm; 304 uint8_t nvm_baud_rate = config->user_baud_rate; 305 u8 type; 306 307 config->dnld_mode = QCA_SKIP_EVT_NONE; 308 config->dnld_type = QCA_SKIP_EVT_NONE; 309 310 switch (config->type) { 311 case ELF_TYPE_PATCH: 312 if (fw_size < 7) 313 return -EINVAL; 314 315 config->dnld_mode = QCA_SKIP_EVT_VSE_CC; 316 config->dnld_type = QCA_SKIP_EVT_VSE_CC; 317 318 bt_dev_dbg(hdev, "File Class : 0x%x", fw_data[4]); 319 bt_dev_dbg(hdev, "Data Encoding : 0x%x", fw_data[5]); 320 bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); 321 break; 322 case TLV_TYPE_PATCH: 323 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) 324 return -EINVAL; 325 326 tlv = (struct tlv_type_hdr *)fw_data; 327 type_len = le32_to_cpu(tlv->type_len); 328 tlv_patch = (struct tlv_type_patch *)tlv->data; 329 330 /* For Rome version 1.1 to 3.1, all segment commands 331 * are acked by a vendor specific event (VSE). 332 * For Rome >= 3.2, the download mode field indicates 333 * if VSE is skipped by the controller. 334 * In case VSE is skipped, only the last segment is acked. 335 */ 336 config->dnld_mode = tlv_patch->download_mode; 337 config->dnld_type = config->dnld_mode; 338 339 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); 340 BT_DBG("Total Length : %d bytes", 341 le32_to_cpu(tlv_patch->total_size)); 342 BT_DBG("Patch Data Length : %d bytes", 343 le32_to_cpu(tlv_patch->data_length)); 344 BT_DBG("Signing Format Version : 0x%x", 345 tlv_patch->format_version); 346 BT_DBG("Signature Algorithm : 0x%x", 347 tlv_patch->signature); 348 BT_DBG("Download mode : 0x%x", 349 tlv_patch->download_mode); 350 BT_DBG("Reserved : 0x%x", 351 tlv_patch->reserved1); 352 BT_DBG("Product ID : 0x%04x", 353 le16_to_cpu(tlv_patch->product_id)); 354 BT_DBG("Rom Build Version : 0x%04x", 355 le16_to_cpu(tlv_patch->rom_build)); 356 BT_DBG("Patch Version : 0x%04x", 357 le16_to_cpu(tlv_patch->patch_version)); 358 BT_DBG("Reserved : 0x%x", 359 le16_to_cpu(tlv_patch->reserved2)); 360 BT_DBG("Patch Entry Address : 0x%x", 361 le32_to_cpu(tlv_patch->entry)); 362 break; 363 364 case TLV_TYPE_NVM: 365 if (fw_size < sizeof(struct tlv_type_hdr)) 366 return -EINVAL; 367 368 tlv = (struct tlv_type_hdr *)fw_data; 369 370 type_len = le32_to_cpu(tlv->type_len); 371 length = type_len >> 8; 372 type = type_len & 0xff; 373 374 /* Some NVM files have more than one set of tags, only parse 375 * the first set when it has type 2 for now. When there is 376 * more than one set there is an enclosing header of type 4. 377 */ 378 if (type == 4) { 379 if (fw_size < 2 * sizeof(struct tlv_type_hdr)) 380 return -EINVAL; 381 382 tlv++; 383 384 type_len = le32_to_cpu(tlv->type_len); 385 length = type_len >> 8; 386 type = type_len & 0xff; 387 } 388 389 BT_DBG("TLV Type\t\t : 0x%x", type); 390 BT_DBG("Length\t\t : %d bytes", length); 391 392 if (type != 2) 393 break; 394 395 if (fw_size < length + (tlv->data - fw_data)) 396 return -EINVAL; 397 398 idx = 0; 399 data = tlv->data; 400 while (idx < length - sizeof(struct tlv_type_nvm)) { 401 tlv_nvm = (struct tlv_type_nvm *)(data + idx); 402 403 tag_id = le16_to_cpu(tlv_nvm->tag_id); 404 tag_len = le16_to_cpu(tlv_nvm->tag_len); 405 406 if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) 407 return -EINVAL; 408 409 /* Update NVM tags as needed */ 410 switch (tag_id) { 411 case EDL_TAG_ID_BD_ADDR: 412 if (tag_len != sizeof(bdaddr_t)) 413 return -EINVAL; 414 415 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); 416 417 break; 418 419 case EDL_TAG_ID_HCI: 420 if (tag_len < 3) 421 return -EINVAL; 422 423 /* HCI transport layer parameters 424 * enabling software inband sleep 425 * onto controller side. 426 */ 427 tlv_nvm->data[0] |= 0x80; 428 429 /* UART Baud Rate */ 430 if (soc_type >= QCA_WCN3991) 431 tlv_nvm->data[1] = nvm_baud_rate; 432 else 433 tlv_nvm->data[2] = nvm_baud_rate; 434 435 break; 436 437 case EDL_TAG_ID_DEEP_SLEEP: 438 if (tag_len < 1) 439 return -EINVAL; 440 441 /* Sleep enable mask 442 * enabling deep sleep feature on controller. 443 */ 444 tlv_nvm->data[0] |= 0x01; 445 446 break; 447 } 448 449 idx += sizeof(struct tlv_type_nvm) + tag_len; 450 } 451 break; 452 453 default: 454 BT_ERR("Unknown TLV type %d", config->type); 455 return -EINVAL; 456 } 457 458 return 0; 459 } 460 461 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, 462 const u8 *data, enum qca_tlv_dnld_mode mode, 463 enum qca_btsoc_type soc_type) 464 { 465 struct sk_buff *skb; 466 struct edl_event_hdr *edl; 467 struct tlv_seg_resp *tlv_resp; 468 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2]; 469 int err = 0; 470 u8 event_type = HCI_EV_VENDOR; 471 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp)); 472 u8 rtype = EDL_TVL_DNLD_RES_EVT; 473 474 cmd[0] = EDL_PATCH_TLV_REQ_CMD; 475 cmd[1] = seg_size; 476 memcpy(cmd + 2, data, seg_size); 477 478 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE) 479 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, 480 cmd); 481 482 /* Unlike other SoC's sending version command response as payload to 483 * VSE event. WCN3991 sends version command response as a payload to 484 * command complete event. 485 */ 486 if (soc_type >= QCA_WCN3991) { 487 event_type = 0; 488 rlen = sizeof(*edl); 489 rtype = EDL_PATCH_TLV_REQ_CMD; 490 } 491 492 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd, 493 event_type, HCI_INIT_TIMEOUT); 494 if (IS_ERR(skb)) { 495 err = PTR_ERR(skb); 496 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err); 497 return err; 498 } 499 500 if (skb->len != rlen) { 501 bt_dev_err(hdev, "QCA TLV response size mismatch"); 502 err = -EILSEQ; 503 goto out; 504 } 505 506 edl = (struct edl_event_hdr *)(skb->data); 507 if (!edl) { 508 bt_dev_err(hdev, "TLV with no header"); 509 err = -EILSEQ; 510 goto out; 511 } 512 513 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) { 514 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x", 515 edl->cresp, edl->rtype); 516 err = -EIO; 517 } 518 519 if (soc_type >= QCA_WCN3991) 520 goto out; 521 522 tlv_resp = (struct tlv_seg_resp *)(edl->data); 523 if (tlv_resp->result) { 524 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)", 525 edl->cresp, edl->rtype, tlv_resp->result); 526 } 527 528 out: 529 kfree_skb(skb); 530 531 return err; 532 } 533 534 static int qca_inject_cmd_complete_event(struct hci_dev *hdev) 535 { 536 struct hci_event_hdr *hdr; 537 struct hci_ev_cmd_complete *evt; 538 struct sk_buff *skb; 539 540 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 541 if (!skb) 542 return -ENOMEM; 543 544 hdr = skb_put(skb, sizeof(*hdr)); 545 hdr->evt = HCI_EV_CMD_COMPLETE; 546 hdr->plen = sizeof(*evt) + 1; 547 548 evt = skb_put(skb, sizeof(*evt)); 549 evt->ncmd = 1; 550 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE); 551 552 skb_put_u8(skb, QCA_HCI_CC_SUCCESS); 553 554 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 555 556 return hci_recv_frame(hdev, skb); 557 } 558 559 static int qca_download_firmware(struct hci_dev *hdev, 560 struct qca_fw_config *config, 561 enum qca_btsoc_type soc_type, 562 u8 rom_ver) 563 { 564 const struct firmware *fw; 565 u8 *data; 566 const u8 *segment; 567 int ret, size, remain, i = 0; 568 569 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 570 571 ret = request_firmware(&fw, config->fwname, &hdev->dev); 572 if (ret) { 573 /* For WCN6750, if mbn file is not present then check for 574 * tlv file. 575 */ 576 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) { 577 bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)", 578 config->fwname, ret); 579 config->type = TLV_TYPE_PATCH; 580 snprintf(config->fwname, sizeof(config->fwname), 581 "qca/msbtfw%02x.tlv", rom_ver); 582 bt_dev_info(hdev, "QCA Downloading %s", config->fwname); 583 ret = request_firmware(&fw, config->fwname, &hdev->dev); 584 if (ret) { 585 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 586 config->fwname, ret); 587 return ret; 588 } 589 } else { 590 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)", 591 config->fwname, ret); 592 return ret; 593 } 594 } 595 596 size = fw->size; 597 data = vmalloc(fw->size); 598 if (!data) { 599 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s", 600 config->fwname); 601 release_firmware(fw); 602 return -ENOMEM; 603 } 604 605 memcpy(data, fw->data, size); 606 release_firmware(fw); 607 608 ret = qca_tlv_check_data(hdev, config, data, size, soc_type); 609 if (ret) 610 goto out; 611 612 segment = data; 613 remain = size; 614 while (remain > 0) { 615 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain); 616 617 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize); 618 619 remain -= segsize; 620 /* The last segment is always acked regardless download mode */ 621 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 622 config->dnld_mode = QCA_SKIP_EVT_NONE; 623 624 ret = qca_tlv_send_segment(hdev, segsize, segment, 625 config->dnld_mode, soc_type); 626 if (ret) 627 goto out; 628 629 segment += segsize; 630 } 631 632 /* Latest qualcomm chipsets are not sending a command complete event 633 * for every fw packet sent. They only respond with a vendor specific 634 * event for the last packet. This optimization in the chip will 635 * decrease the BT in initialization time. Here we will inject a command 636 * complete event to avoid a command timeout error message. 637 */ 638 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC || 639 config->dnld_type == QCA_SKIP_EVT_VSE) 640 ret = qca_inject_cmd_complete_event(hdev); 641 642 out: 643 vfree(data); 644 645 return ret; 646 } 647 648 static int qca_disable_soc_logging(struct hci_dev *hdev) 649 { 650 struct sk_buff *skb; 651 u8 cmd[2]; 652 int err; 653 654 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 655 cmd[1] = 0x00; 656 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 657 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 658 if (IS_ERR(skb)) { 659 err = PTR_ERR(skb); 660 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 661 return err; 662 } 663 664 kfree_skb(skb); 665 666 return 0; 667 } 668 669 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 670 { 671 struct sk_buff *skb; 672 u8 cmd[9]; 673 int err; 674 675 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD; 676 cmd[1] = 0x02; /* TAG ID */ 677 cmd[2] = sizeof(bdaddr_t); /* size */ 678 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t)); 679 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd, 680 HCI_EV_VENDOR, HCI_INIT_TIMEOUT); 681 if (IS_ERR(skb)) { 682 err = PTR_ERR(skb); 683 bt_dev_err(hdev, "QCA Change address command failed (%d)", err); 684 return err; 685 } 686 687 kfree_skb(skb); 688 689 return 0; 690 } 691 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 692 693 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) 694 { 695 struct hci_rp_read_bd_addr *bda; 696 struct sk_buff *skb; 697 int err; 698 699 if (bacmp(&hdev->public_addr, BDADDR_ANY)) 700 return 0; 701 702 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 703 HCI_INIT_TIMEOUT); 704 if (IS_ERR(skb)) { 705 err = PTR_ERR(skb); 706 bt_dev_err(hdev, "Failed to read device address (%d)", err); 707 return err; 708 } 709 710 if (skb->len != sizeof(*bda)) { 711 bt_dev_err(hdev, "Device address length mismatch"); 712 kfree_skb(skb); 713 return -EIO; 714 } 715 716 bda = (struct hci_rp_read_bd_addr *)skb->data; 717 if (!bacmp(&bda->bdaddr, &config->bdaddr)) 718 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); 719 720 kfree_skb(skb); 721 722 return 0; 723 } 724 725 static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, 726 struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 727 { 728 const char *variant; 729 730 /* hsp gf chip */ 731 if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 732 variant = "g"; 733 else 734 variant = ""; 735 736 if (bid == 0x0) 737 snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant); 738 else 739 snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid); 740 } 741 742 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 743 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 744 const char *firmware_name) 745 { 746 struct qca_fw_config config = {}; 747 int err; 748 u8 rom_ver = 0; 749 u32 soc_ver; 750 u16 boardid = 0; 751 752 bt_dev_dbg(hdev, "QCA setup on UART"); 753 754 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver); 755 756 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver); 757 758 config.user_baud_rate = baudrate; 759 760 /* Firmware files to download are based on ROM version. 761 * ROM version is derived from last two bytes of soc_ver. 762 */ 763 if (soc_type == QCA_WCN3988) 764 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f); 765 else 766 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f); 767 768 if (soc_type == QCA_WCN6750) 769 qca_send_patch_config_cmd(hdev); 770 771 /* Download rampatch file */ 772 config.type = TLV_TYPE_PATCH; 773 switch (soc_type) { 774 case QCA_WCN3990: 775 case QCA_WCN3991: 776 case QCA_WCN3998: 777 snprintf(config.fwname, sizeof(config.fwname), 778 "qca/crbtfw%02x.tlv", rom_ver); 779 break; 780 case QCA_WCN3988: 781 snprintf(config.fwname, sizeof(config.fwname), 782 "qca/apbtfw%02x.tlv", rom_ver); 783 break; 784 case QCA_QCA2066: 785 snprintf(config.fwname, sizeof(config.fwname), 786 "qca/hpbtfw%02x.tlv", rom_ver); 787 break; 788 case QCA_QCA6390: 789 snprintf(config.fwname, sizeof(config.fwname), 790 "qca/htbtfw%02x.tlv", rom_ver); 791 break; 792 case QCA_WCN6750: 793 /* Choose mbn file by default.If mbn file is not found 794 * then choose tlv file 795 */ 796 config.type = ELF_TYPE_PATCH; 797 snprintf(config.fwname, sizeof(config.fwname), 798 "qca/msbtfw%02x.mbn", rom_ver); 799 break; 800 case QCA_WCN6855: 801 snprintf(config.fwname, sizeof(config.fwname), 802 "qca/hpbtfw%02x.tlv", rom_ver); 803 break; 804 case QCA_WCN7850: 805 snprintf(config.fwname, sizeof(config.fwname), 806 "qca/hmtbtfw%02x.tlv", rom_ver); 807 break; 808 default: 809 snprintf(config.fwname, sizeof(config.fwname), 810 "qca/rampatch_%08x.bin", soc_ver); 811 } 812 813 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 814 if (err < 0) { 815 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err); 816 return err; 817 } 818 819 /* Give the controller some time to get ready to receive the NVM */ 820 msleep(10); 821 822 if (soc_type == QCA_QCA2066) 823 qca_read_fw_board_id(hdev, &boardid); 824 825 /* Download NVM configuration */ 826 config.type = TLV_TYPE_NVM; 827 if (firmware_name) { 828 snprintf(config.fwname, sizeof(config.fwname), 829 "qca/%s", firmware_name); 830 } else { 831 switch (soc_type) { 832 case QCA_WCN3990: 833 case QCA_WCN3991: 834 case QCA_WCN3998: 835 if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) { 836 snprintf(config.fwname, sizeof(config.fwname), 837 "qca/crnv%02xu.bin", rom_ver); 838 } else { 839 snprintf(config.fwname, sizeof(config.fwname), 840 "qca/crnv%02x.bin", rom_ver); 841 } 842 break; 843 case QCA_WCN3988: 844 snprintf(config.fwname, sizeof(config.fwname), 845 "qca/apnv%02x.bin", rom_ver); 846 break; 847 case QCA_QCA2066: 848 qca_generate_hsp_nvm_name(config.fwname, 849 sizeof(config.fwname), ver, rom_ver, boardid); 850 break; 851 case QCA_QCA6390: 852 snprintf(config.fwname, sizeof(config.fwname), 853 "qca/htnv%02x.bin", rom_ver); 854 break; 855 case QCA_WCN6750: 856 snprintf(config.fwname, sizeof(config.fwname), 857 "qca/msnv%02x.bin", rom_ver); 858 break; 859 case QCA_WCN6855: 860 snprintf(config.fwname, sizeof(config.fwname), 861 "qca/hpnv%02x.bin", rom_ver); 862 break; 863 case QCA_WCN7850: 864 snprintf(config.fwname, sizeof(config.fwname), 865 "qca/hmtnv%02x.bin", rom_ver); 866 break; 867 868 default: 869 snprintf(config.fwname, sizeof(config.fwname), 870 "qca/nvm_%08x.bin", soc_ver); 871 } 872 } 873 874 err = qca_download_firmware(hdev, &config, soc_type, rom_ver); 875 if (err < 0) { 876 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 877 return err; 878 } 879 880 switch (soc_type) { 881 case QCA_WCN3991: 882 case QCA_QCA2066: 883 case QCA_QCA6390: 884 case QCA_WCN6750: 885 case QCA_WCN6855: 886 case QCA_WCN7850: 887 err = qca_disable_soc_logging(hdev); 888 if (err < 0) 889 return err; 890 break; 891 default: 892 break; 893 } 894 895 /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the 896 * VsMsftOpCode. 897 */ 898 switch (soc_type) { 899 case QCA_WCN3988: 900 case QCA_WCN3990: 901 case QCA_WCN3991: 902 case QCA_WCN3998: 903 case QCA_WCN6750: 904 hci_set_msft_opcode(hdev, 0xFD70); 905 break; 906 default: 907 break; 908 } 909 910 /* Perform HCI reset */ 911 err = qca_send_reset(hdev); 912 if (err < 0) { 913 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err); 914 return err; 915 } 916 917 switch (soc_type) { 918 case QCA_WCN3991: 919 case QCA_WCN6750: 920 case QCA_WCN6855: 921 case QCA_WCN7850: 922 /* get fw build info */ 923 err = qca_read_fw_build_info(hdev); 924 if (err < 0) 925 return err; 926 break; 927 default: 928 break; 929 } 930 931 err = qca_check_bdaddr(hdev, &config); 932 if (err) 933 return err; 934 935 bt_dev_info(hdev, "QCA setup on UART is completed"); 936 937 return 0; 938 } 939 EXPORT_SYMBOL_GPL(qca_uart_setup); 940 941 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 942 { 943 bdaddr_t bdaddr_swapped; 944 struct sk_buff *skb; 945 int err; 946 947 baswap(&bdaddr_swapped, bdaddr); 948 949 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, 950 &bdaddr_swapped, HCI_EV_VENDOR, 951 HCI_INIT_TIMEOUT); 952 if (IS_ERR(skb)) { 953 err = PTR_ERR(skb); 954 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); 955 return err; 956 } 957 958 kfree_skb(skb); 959 960 return 0; 961 } 962 EXPORT_SYMBOL_GPL(qca_set_bdaddr); 963 964 965 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 966 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 967 MODULE_VERSION(VERSION); 968 MODULE_LICENSE("GPL"); 969