1 // SPDX-License-Identifier: GPL-2.0-only
3 * Bluetooth supports for Qualcomm Atheros chips
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
7 #include <linux/module.h>
8 #include <linux/firmware.h>
10 #include <net/bluetooth/bluetooth.h>
11 #include <net/bluetooth/hci_core.h>
17 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
18 enum qca_btsoc_type soc_type)
21 struct edl_event_hdr *edl;
24 u8 event_type = HCI_EV_VENDOR;
25 u8 rlen = sizeof(*edl) + sizeof(*ver);
26 u8 rtype = EDL_APP_VER_RES_EVT;
28 bt_dev_dbg(hdev, "QCA Version Request");
30 /* Unlike other SoC's sending version command response as payload to
31 * VSE event. WCN3991 sends version command response as a payload to
32 * command complete event.
34 if (soc_type >= QCA_WCN3991) {
37 rtype = EDL_PATCH_VER_REQ_CMD;
40 cmd = EDL_PATCH_VER_REQ_CMD;
41 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
42 &cmd, event_type, HCI_INIT_TIMEOUT);
45 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
50 if (skb->len != rlen) {
51 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
56 edl = (struct edl_event_hdr *)(skb->data);
58 bt_dev_err(hdev, "QCA TLV with no header");
63 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
64 edl->rtype != rtype) {
65 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
71 if (soc_type >= QCA_WCN3991)
72 memcpy(ver, edl->data + 1, sizeof(*ver));
74 memcpy(ver, &edl->data, sizeof(*ver));
76 bt_dev_info(hdev, "QCA Product ID :0x%08x",
77 le32_to_cpu(ver->product_id));
78 bt_dev_info(hdev, "QCA SOC Version :0x%08x",
79 le32_to_cpu(ver->soc_id));
80 bt_dev_info(hdev, "QCA ROM Version :0x%08x",
81 le16_to_cpu(ver->rom_ver));
82 bt_dev_info(hdev, "QCA Patch Version:0x%08x",
83 le16_to_cpu(ver->patch_ver));
85 if (ver->soc_id == 0 || ver->rom_ver == 0)
91 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
95 EXPORT_SYMBOL_GPL(qca_read_soc_version);
97 static int qca_read_fw_build_info(struct hci_dev *hdev)
100 struct edl_event_hdr *edl;
101 char cmd, build_label[QCA_FW_BUILD_VER_LEN];
102 int build_lbl_len, err = 0;
104 bt_dev_dbg(hdev, "QCA read fw build info");
106 cmd = EDL_GET_BUILD_INFO_CMD;
107 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
108 &cmd, 0, HCI_INIT_TIMEOUT);
111 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
116 edl = (struct edl_event_hdr *)(skb->data);
118 bt_dev_err(hdev, "QCA read fw build info with no header");
123 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
124 edl->rtype != EDL_GET_BUILD_INFO_CMD) {
125 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
131 build_lbl_len = edl->data[0];
132 if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) {
133 memcpy(build_label, edl->data + 1, build_lbl_len);
134 *(build_label + build_lbl_len) = '\0';
137 hci_set_fw_info(hdev, "%s", build_label);
144 static int qca_send_reset(struct hci_dev *hdev)
149 bt_dev_dbg(hdev, "QCA HCI_RESET");
151 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
154 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
163 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
168 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
170 skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
171 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
175 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
183 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
185 static void qca_tlv_check_data(struct qca_fw_config *config,
186 u8 *fw_data, enum qca_btsoc_type soc_type)
192 struct tlv_type_hdr *tlv;
193 struct tlv_type_patch *tlv_patch;
194 struct tlv_type_nvm *tlv_nvm;
195 uint8_t nvm_baud_rate = config->user_baud_rate;
197 tlv = (struct tlv_type_hdr *)fw_data;
199 type_len = le32_to_cpu(tlv->type_len);
200 length = (type_len >> 8) & 0x00ffffff;
202 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
203 BT_DBG("Length\t\t : %d bytes", length);
205 config->dnld_mode = QCA_SKIP_EVT_NONE;
206 config->dnld_type = QCA_SKIP_EVT_NONE;
208 switch (config->type) {
210 tlv_patch = (struct tlv_type_patch *)tlv->data;
212 /* For Rome version 1.1 to 3.1, all segment commands
213 * are acked by a vendor specific event (VSE).
214 * For Rome >= 3.2, the download mode field indicates
215 * if VSE is skipped by the controller.
216 * In case VSE is skipped, only the last segment is acked.
218 config->dnld_mode = tlv_patch->download_mode;
219 config->dnld_type = config->dnld_mode;
221 BT_DBG("Total Length : %d bytes",
222 le32_to_cpu(tlv_patch->total_size));
223 BT_DBG("Patch Data Length : %d bytes",
224 le32_to_cpu(tlv_patch->data_length));
225 BT_DBG("Signing Format Version : 0x%x",
226 tlv_patch->format_version);
227 BT_DBG("Signature Algorithm : 0x%x",
228 tlv_patch->signature);
229 BT_DBG("Download mode : 0x%x",
230 tlv_patch->download_mode);
231 BT_DBG("Reserved : 0x%x",
232 tlv_patch->reserved1);
233 BT_DBG("Product ID : 0x%04x",
234 le16_to_cpu(tlv_patch->product_id));
235 BT_DBG("Rom Build Version : 0x%04x",
236 le16_to_cpu(tlv_patch->rom_build));
237 BT_DBG("Patch Version : 0x%04x",
238 le16_to_cpu(tlv_patch->patch_version));
239 BT_DBG("Reserved : 0x%x",
240 le16_to_cpu(tlv_patch->reserved2));
241 BT_DBG("Patch Entry Address : 0x%x",
242 le32_to_cpu(tlv_patch->entry));
248 while (idx < length) {
249 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
251 tag_id = le16_to_cpu(tlv_nvm->tag_id);
252 tag_len = le16_to_cpu(tlv_nvm->tag_len);
254 /* Update NVM tags as needed */
257 /* HCI transport layer parameters
258 * enabling software inband sleep
259 * onto controller side.
261 tlv_nvm->data[0] |= 0x80;
264 if (soc_type >= QCA_WCN3991)
265 tlv_nvm->data[1] = nvm_baud_rate;
267 tlv_nvm->data[2] = nvm_baud_rate;
271 case EDL_TAG_ID_DEEP_SLEEP:
273 * enabling deep sleep feature on controller.
275 tlv_nvm->data[0] |= 0x01;
280 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
285 BT_ERR("Unknown TLV type %d", config->type);
290 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
291 const u8 *data, enum qca_tlv_dnld_mode mode,
292 enum qca_btsoc_type soc_type)
295 struct edl_event_hdr *edl;
296 struct tlv_seg_resp *tlv_resp;
297 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
299 u8 event_type = HCI_EV_VENDOR;
300 u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
301 u8 rtype = EDL_TVL_DNLD_RES_EVT;
303 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
305 memcpy(cmd + 2, data, seg_size);
307 if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
308 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
311 /* Unlike other SoC's sending version command response as payload to
312 * VSE event. WCN3991 sends version command response as a payload to
313 * command complete event.
315 if (soc_type >= QCA_WCN3991) {
318 rtype = EDL_PATCH_TLV_REQ_CMD;
321 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
322 event_type, HCI_INIT_TIMEOUT);
325 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
329 if (skb->len != rlen) {
330 bt_dev_err(hdev, "QCA TLV response size mismatch");
335 edl = (struct edl_event_hdr *)(skb->data);
337 bt_dev_err(hdev, "TLV with no header");
342 if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
343 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
344 edl->cresp, edl->rtype);
348 if (soc_type >= QCA_WCN3991)
351 tlv_resp = (struct tlv_seg_resp *)(edl->data);
352 if (tlv_resp->result) {
353 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
354 edl->cresp, edl->rtype, tlv_resp->result);
363 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
365 struct hci_event_hdr *hdr;
366 struct hci_ev_cmd_complete *evt;
369 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
373 hdr = skb_put(skb, sizeof(*hdr));
374 hdr->evt = HCI_EV_CMD_COMPLETE;
375 hdr->plen = sizeof(*evt) + 1;
377 evt = skb_put(skb, sizeof(*evt));
379 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
381 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
383 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
385 return hci_recv_frame(hdev, skb);
388 static int qca_download_firmware(struct hci_dev *hdev,
389 struct qca_fw_config *config,
390 enum qca_btsoc_type soc_type)
392 const struct firmware *fw;
395 int ret, size, remain, i = 0;
397 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
399 ret = reject_firmware(&fw, config->fwname, &hdev->dev);
401 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
402 config->fwname, ret);
407 data = vmalloc(fw->size);
409 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
411 release_firmware(fw);
415 memcpy(data, fw->data, size);
416 release_firmware(fw);
418 qca_tlv_check_data(config, data, soc_type);
423 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
425 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
428 /* The last segment is always acked regardless download mode */
429 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
430 config->dnld_mode = QCA_SKIP_EVT_NONE;
432 ret = qca_tlv_send_segment(hdev, segsize, segment,
433 config->dnld_mode, soc_type);
440 /* Latest qualcomm chipsets are not sending a command complete event
441 * for every fw packet sent. They only respond with a vendor specific
442 * event for the last packet. This optimization in the chip will
443 * decrease the BT in initialization time. Here we will inject a command
444 * complete event to avoid a command timeout error message.
446 if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
447 config->dnld_type == QCA_SKIP_EVT_VSE)
448 ret = qca_inject_cmd_complete_event(hdev);
456 static int qca_disable_soc_logging(struct hci_dev *hdev)
462 cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
464 skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
465 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
468 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
477 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
483 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
484 cmd[1] = 0x02; /* TAG ID */
485 cmd[2] = sizeof(bdaddr_t); /* size */
486 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
487 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
488 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
491 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
499 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
501 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
502 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
503 const char *firmware_name)
505 struct qca_fw_config config;
510 bt_dev_dbg(hdev, "QCA setup on UART");
512 soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
514 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
516 config.user_baud_rate = baudrate;
518 /* Download rampatch file */
519 config.type = TLV_TYPE_PATCH;
520 if (qca_is_wcn399x(soc_type)) {
521 /* Firmware files to download are based on ROM version.
522 * ROM version is derived from last two bytes of soc_ver.
524 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
525 (soc_ver & 0x0000000f);
526 snprintf(config.fwname, sizeof(config.fwname),
527 "/*(DEBLOBBED)*/", rom_ver);
528 } else if (soc_type == QCA_QCA6390) {
529 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
530 (soc_ver & 0x0000000f);
531 snprintf(config.fwname, sizeof(config.fwname),
532 "/*(DEBLOBBED)*/", rom_ver);
534 snprintf(config.fwname, sizeof(config.fwname),
535 "/*(DEBLOBBED)*/", soc_ver);
538 err = qca_download_firmware(hdev, &config, soc_type);
540 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
544 /* Give the controller some time to get ready to receive the NVM */
547 /* Download NVM configuration */
548 config.type = TLV_TYPE_NVM;
550 snprintf(config.fwname, sizeof(config.fwname),
551 "/*(DEBLOBBED)*/", firmware_name);
552 else if (qca_is_wcn399x(soc_type)) {
553 if (ver.soc_id == QCA_WCN3991_SOC_ID) {
554 snprintf(config.fwname, sizeof(config.fwname),
555 "/*(DEBLOBBED)*/", rom_ver);
557 snprintf(config.fwname, sizeof(config.fwname),
558 "/*(DEBLOBBED)*/", rom_ver);
561 else if (soc_type == QCA_QCA6390)
562 snprintf(config.fwname, sizeof(config.fwname),
563 "/*(DEBLOBBED)*/", rom_ver);
565 snprintf(config.fwname, sizeof(config.fwname),
566 "/*(DEBLOBBED)*/", soc_ver);
568 err = qca_download_firmware(hdev, &config, soc_type);
570 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
574 if (soc_type >= QCA_WCN3991) {
575 err = qca_disable_soc_logging(hdev);
580 /* WCN399x supports the Microsoft vendor extension with 0xFD70 as the
587 hci_set_msft_opcode(hdev, 0xFD70);
593 /* Perform HCI reset */
594 err = qca_send_reset(hdev);
596 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
600 if (soc_type == QCA_WCN3991) {
601 /* get fw build info */
602 err = qca_read_fw_build_info(hdev);
607 bt_dev_info(hdev, "QCA setup on UART is completed");
611 EXPORT_SYMBOL_GPL(qca_uart_setup);
613 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
618 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
619 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
622 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
630 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
633 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
634 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
635 MODULE_VERSION(VERSION);
636 MODULE_LICENSE("GPL");
projects / releases.git / blob