drivers/bluetooth/btqca.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  *  Bluetooth supports for Qualcomm Atheros chips
   4  *
   5  *  Copyright (c) 2015 The Linux Foundation. All rights reserved.
   6  */
   7 #include <linux/module.h>
   8 #include <linux/firmware.h>
   9
  10 #include <net/bluetooth/bluetooth.h>
  11 #include <net/bluetooth/hci_core.h>
  12
  13 #include "btqca.h"
  14
  15 #define VERSION "0.1"
  16
  17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
  18 {
  19         struct sk_buff *skb;
  20         struct edl_event_hdr *edl;
  21         struct rome_version *ver;
  22         char cmd;
  23         int err = 0;
  24
  25         bt_dev_dbg(hdev, "QCA Version Request");
  26
  27         cmd = EDL_PATCH_VER_REQ_CMD;
  28         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
  29                                 &cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
  30         if (IS_ERR(skb)) {
  31                 err = PTR_ERR(skb);
  32                 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
  33                            err);
  34                 return err;
  35         }
  36
  37         if (skb->len != sizeof(*edl) + sizeof(*ver)) {
  38                 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
  39                 err = -EILSEQ;
  40                 goto out;
  41         }
  42
  43         edl = (struct edl_event_hdr *)(skb->data);
  44         if (!edl) {
  45                 bt_dev_err(hdev, "QCA TLV with no header");
  46                 err = -EILSEQ;
  47                 goto out;
  48         }
  49
  50         if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
  51             edl->rtype != EDL_APP_VER_RES_EVT) {
  52                 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
  53                            edl->rtype);
  54                 err = -EIO;
  55                 goto out;
  56         }
  57
  58         ver = (struct rome_version *)(edl->data);
  59
  60         BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
  61         BT_DBG("%s: Patch  :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
  62         BT_DBG("%s: ROM    :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
  63         BT_DBG("%s: SOC    :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
  64
  65         /* QCA chipset version can be decided by patch and SoC
  66          * version, combination with upper 2 bytes from SoC
  67          * and lower 2 bytes from patch will be used.
  68          */
  69         *soc_version = (le32_to_cpu(ver->soc_id) << 16) |
  70                         (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
  71         if (*soc_version == 0)
  72                 err = -EILSEQ;
  73
  74 out:
  75         kfree_skb(skb);
  76         if (err)
  77                 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
  78
  79         return err;
  80 }
  81 EXPORT_SYMBOL_GPL(qca_read_soc_version);
  82
  83 static int qca_send_reset(struct hci_dev *hdev)
  84 {
  85         struct sk_buff *skb;
  86         int err;
  87
  88         bt_dev_dbg(hdev, "QCA HCI_RESET");
  89
  90         skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
  91         if (IS_ERR(skb)) {
  92                 err = PTR_ERR(skb);
  93                 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
  94                 return err;
  95         }
  96
  97         kfree_skb(skb);
  98
  99         return 0;
 100 }
 101
 102 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
 103 {
 104         struct sk_buff *skb;
 105         int err;
 106
 107         bt_dev_dbg(hdev, "QCA pre shutdown cmd");
 108
 109         skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
 110                                 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
 111
 112         if (IS_ERR(skb)) {
 113                 err = PTR_ERR(skb);
 114                 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
 115                 return err;
 116         }
 117
 118         kfree_skb(skb);
 119
 120         return 0;
 121 }
 122 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
 123
 124 static void qca_tlv_check_data(struct rome_config *config,
 125                                 const struct firmware *fw)
 126 {
 127         const u8 *data;
 128         u32 type_len;
 129         u16 tag_id, tag_len;
 130         int idx, length;
 131         struct tlv_type_hdr *tlv;
 132         struct tlv_type_patch *tlv_patch;
 133         struct tlv_type_nvm *tlv_nvm;
 134
 135         tlv = (struct tlv_type_hdr *)fw->data;
 136
 137         type_len = le32_to_cpu(tlv->type_len);
 138         length = (type_len >> 8) & 0x00ffffff;
 139
 140         BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
 141         BT_DBG("Length\t\t : %d bytes", length);
 142
 143         config->dnld_mode = ROME_SKIP_EVT_NONE;
 144         config->dnld_type = ROME_SKIP_EVT_NONE;
 145
 146         switch (config->type) {
 147         case TLV_TYPE_PATCH:
 148                 tlv_patch = (struct tlv_type_patch *)tlv->data;
 149
 150                 /* For Rome version 1.1 to 3.1, all segment commands
 151                  * are acked by a vendor specific event (VSE).
 152                  * For Rome >= 3.2, the download mode field indicates
 153                  * if VSE is skipped by the controller.
 154                  * In case VSE is skipped, only the last segment is acked.
 155                  */
 156                 config->dnld_mode = tlv_patch->download_mode;
 157                 config->dnld_type = config->dnld_mode;
 158
 159                 BT_DBG("Total Length           : %d bytes",
 160                        le32_to_cpu(tlv_patch->total_size));
 161                 BT_DBG("Patch Data Length      : %d bytes",
 162                        le32_to_cpu(tlv_patch->data_length));
 163                 BT_DBG("Signing Format Version : 0x%x",
 164                        tlv_patch->format_version);
 165                 BT_DBG("Signature Algorithm    : 0x%x",
 166                        tlv_patch->signature);
 167                 BT_DBG("Download mode          : 0x%x",
 168                        tlv_patch->download_mode);
 169                 BT_DBG("Reserved               : 0x%x",
 170                        tlv_patch->reserved1);
 171                 BT_DBG("Product ID             : 0x%04x",
 172                        le16_to_cpu(tlv_patch->product_id));
 173                 BT_DBG("Rom Build Version      : 0x%04x",
 174                        le16_to_cpu(tlv_patch->rom_build));
 175                 BT_DBG("Patch Version          : 0x%04x",
 176                        le16_to_cpu(tlv_patch->patch_version));
 177                 BT_DBG("Reserved               : 0x%x",
 178                        le16_to_cpu(tlv_patch->reserved2));
 179                 BT_DBG("Patch Entry Address    : 0x%x",
 180                        le32_to_cpu(tlv_patch->entry));
 181                 break;
 182
 183         case TLV_TYPE_NVM:
 184                 idx = 0;
 185                 data = tlv->data;
 186                 while (idx < length) {
 187                         tlv_nvm = (struct tlv_type_nvm *)(data + idx);
 188
 189                         tag_id = le16_to_cpu(tlv_nvm->tag_id);
 190                         tag_len = le16_to_cpu(tlv_nvm->tag_len);
 191
 192                         /* Update NVM tags as needed */
 193                         switch (tag_id) {
 194                         case EDL_TAG_ID_HCI:
 195                                 /* HCI transport layer parameters
 196                                  * enabling software inband sleep
 197                                  * onto controller side.
 198                                  */
 199                                 tlv_nvm->data[0] |= 0x80;
 200
 201                                 /* UART Baud Rate */
 202                                 tlv_nvm->data[2] = config->user_baud_rate;
 203
 204                                 break;
 205
 206                         case EDL_TAG_ID_DEEP_SLEEP:
 207                                 /* Sleep enable mask
 208                                  * enabling deep sleep feature on controller.
 209                                  */
 210                                 tlv_nvm->data[0] |= 0x01;
 211
 212                                 break;
 213                         }
 214
 215                         idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
 216                 }
 217                 break;
 218
 219         default:
 220                 BT_ERR("Unknown TLV type %d", config->type);
 221                 break;
 222         }
 223 }
 224
 225 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
 226                                  const u8 *data, enum rome_tlv_dnld_mode mode)
 227 {
 228         struct sk_buff *skb;
 229         struct edl_event_hdr *edl;
 230         struct tlv_seg_resp *tlv_resp;
 231         u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
 232         int err = 0;
 233
 234         cmd[0] = EDL_PATCH_TLV_REQ_CMD;
 235         cmd[1] = seg_size;
 236         memcpy(cmd + 2, data, seg_size);
 237
 238         if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE)
 239                 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
 240                                       cmd);
 241
 242         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
 243                                 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
 244         if (IS_ERR(skb)) {
 245                 err = PTR_ERR(skb);
 246                 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
 247                 return err;
 248         }
 249
 250         if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
 251                 bt_dev_err(hdev, "QCA TLV response size mismatch");
 252                 err = -EILSEQ;
 253                 goto out;
 254         }
 255
 256         edl = (struct edl_event_hdr *)(skb->data);
 257         if (!edl) {
 258                 bt_dev_err(hdev, "TLV with no header");
 259                 err = -EILSEQ;
 260                 goto out;
 261         }
 262
 263         tlv_resp = (struct tlv_seg_resp *)(edl->data);
 264
 265         if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
 266             edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
 267                 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
 268                            edl->cresp, edl->rtype, tlv_resp->result);
 269                 err = -EIO;
 270         }
 271
 272 out:
 273         kfree_skb(skb);
 274
 275         return err;
 276 }
 277
 278 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
 279 {
 280         struct hci_event_hdr *hdr;
 281         struct hci_ev_cmd_complete *evt;
 282         struct sk_buff *skb;
 283
 284         skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
 285         if (!skb)
 286                 return -ENOMEM;
 287
 288         hdr = skb_put(skb, sizeof(*hdr));
 289         hdr->evt = HCI_EV_CMD_COMPLETE;
 290         hdr->plen = sizeof(*evt) + 1;
 291
 292         evt = skb_put(skb, sizeof(*evt));
 293         evt->ncmd = 1;
 294         evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
 295
 296         skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
 297
 298         hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
 299
 300         return hci_recv_frame(hdev, skb);
 301 }
 302
 303 static int qca_download_firmware(struct hci_dev *hdev,
 304                                   struct rome_config *config)
 305 {
 306         const struct firmware *fw;
 307         const u8 *segment;
 308         int ret, remain, i = 0;
 309
 310         bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
 311
 312         ret = request_firmware(&fw, config->fwname, &hdev->dev);
 313         if (ret) {
 314                 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
 315                            config->fwname, ret);
 316                 return ret;
 317         }
 318
 319         qca_tlv_check_data(config, fw);
 320
 321         segment = fw->data;
 322         remain = fw->size;
 323         while (remain > 0) {
 324                 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
 325
 326                 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
 327
 328                 remain -= segsize;
 329                 /* The last segment is always acked regardless download mode */
 330                 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
 331                         config->dnld_mode = ROME_SKIP_EVT_NONE;
 332
 333                 ret = qca_tlv_send_segment(hdev, segsize, segment,
 334                                             config->dnld_mode);
 335                 if (ret)
 336                         goto out;
 337
 338                 segment += segsize;
 339         }
 340
 341         /* Latest qualcomm chipsets are not sending a command complete event
 342          * for every fw packet sent. They only respond with a vendor specific
 343          * event for the last packet. This optimization in the chip will
 344          * decrease the BT in initialization time. Here we will inject a command
 345          * complete event to avoid a command timeout error message.
 346          */
 347         if (config->dnld_type == ROME_SKIP_EVT_VSE_CC ||
 348             config->dnld_type == ROME_SKIP_EVT_VSE)
 349                 ret = qca_inject_cmd_complete_event(hdev);
 350
 351 out:
 352         release_firmware(fw);
 353
 354         return ret;
 355 }
 356
 357 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
 358 {
 359         struct sk_buff *skb;
 360         u8 cmd[9];
 361         int err;
 362
 363         cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
 364         cmd[1] = 0x02;                  /* TAG ID */
 365         cmd[2] = sizeof(bdaddr_t);      /* size */
 366         memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
 367         skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
 368                                 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
 369         if (IS_ERR(skb)) {
 370                 err = PTR_ERR(skb);
 371                 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
 372                 return err;
 373         }
 374
 375         kfree_skb(skb);
 376
 377         return 0;
 378 }
 379 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
 380
 381 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
 382                    enum qca_btsoc_type soc_type, u32 soc_ver,
 383                    const char *firmware_name)
 384 {
 385         struct rome_config config;
 386         int err;
 387         u8 rom_ver = 0;
 388
 389         bt_dev_dbg(hdev, "QCA setup on UART");
 390
 391         config.user_baud_rate = baudrate;
 392
 393         /* Download rampatch file */
 394         config.type = TLV_TYPE_PATCH;
 395         if (qca_is_wcn399x(soc_type)) {
 396                 /* Firmware files to download are based on ROM version.
 397                  * ROM version is derived from last two bytes of soc_ver.
 398                  */
 399                 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
 400                             (soc_ver & 0x0000000f);
 401                 snprintf(config.fwname, sizeof(config.fwname),
 402                          "qca/crbtfw%02x.tlv", rom_ver);
 403         } else {
 404                 snprintf(config.fwname, sizeof(config.fwname),
 405                          "qca/rampatch_%08x.bin", soc_ver);
 406         }
 407
 408         err = qca_download_firmware(hdev, &config);
 409         if (err < 0) {
 410                 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
 411                 return err;
 412         }
 413
 414         /* Give the controller some time to get ready to receive the NVM */
 415         msleep(10);
 416
 417         /* Download NVM configuration */
 418         config.type = TLV_TYPE_NVM;
 419         if (firmware_name)
 420                 snprintf(config.fwname, sizeof(config.fwname),
 421                          "qca/%s", firmware_name);
 422         else if (qca_is_wcn399x(soc_type))
 423                 snprintf(config.fwname, sizeof(config.fwname),
 424                          "qca/crnv%02x.bin", rom_ver);
 425         else
 426                 snprintf(config.fwname, sizeof(config.fwname),
 427                          "qca/nvm_%08x.bin", soc_ver);
 428
 429         err = qca_download_firmware(hdev, &config);
 430         if (err < 0) {
 431                 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
 432                 return err;
 433         }
 434
 435         /* Perform HCI reset */
 436         err = qca_send_reset(hdev);
 437         if (err < 0) {
 438                 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
 439                 return err;
 440         }
 441
 442         bt_dev_info(hdev, "QCA setup on UART is completed");
 443
 444         return 0;
 445 }
 446 EXPORT_SYMBOL_GPL(qca_uart_setup);
 447
 448 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
 449 {
 450         struct sk_buff *skb;
 451         int err;
 452
 453         skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
 454                                 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
 455         if (IS_ERR(skb)) {
 456                 err = PTR_ERR(skb);
 457                 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
 458                 return err;
 459         }
 460
 461         kfree_skb(skb);
 462
 463         return 0;
 464 }
 465 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
 466
 467
 468 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
 469 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
 470 MODULE_VERSION(VERSION);
 471 MODULE_LICENSE("GPL");