]> git.ipfire.org Git - thirdparty/linux.git/blob - drivers/bluetooth/btqca.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: btqca: release_firmware after qca_inject_cmd_complete_event
[thirdparty/linux.git] / drivers / bluetooth / btqca.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Bluetooth supports for Qualcomm Atheros chips
4 *
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
6 */
7 #include <linux/module.h>
8 #include <linux/firmware.h>
9
10 #include <net/bluetooth/bluetooth.h>
11 #include <net/bluetooth/hci_core.h>
12
13 #include "btqca.h"
14
15 #define VERSION "0.1"
16
17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
18 {
19 struct sk_buff *skb;
20 struct edl_event_hdr *edl;
21 struct rome_version *ver;
22 char cmd;
23 int err = 0;
24
25 bt_dev_dbg(hdev, "QCA Version Request");
26
27 cmd = EDL_PATCH_VER_REQ_CMD;
28 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
29 &cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
30 if (IS_ERR(skb)) {
31 err = PTR_ERR(skb);
32 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
33 err);
34 return err;
35 }
36
37 if (skb->len != sizeof(*edl) + sizeof(*ver)) {
38 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
39 err = -EILSEQ;
40 goto out;
41 }
42
43 edl = (struct edl_event_hdr *)(skb->data);
44 if (!edl) {
45 bt_dev_err(hdev, "QCA TLV with no header");
46 err = -EILSEQ;
47 goto out;
48 }
49
50 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
51 edl->rtype != EDL_APP_VER_RES_EVT) {
52 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
53 edl->rtype);
54 err = -EIO;
55 goto out;
56 }
57
58 ver = (struct rome_version *)(edl->data);
59
60 BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
61 BT_DBG("%s: Patch :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
62 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
63 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
64
65 /* QCA chipset version can be decided by patch and SoC
66 * version, combination with upper 2 bytes from SoC
67 * and lower 2 bytes from patch will be used.
68 */
69 *soc_version = (le32_to_cpu(ver->soc_id) << 16) |
70 (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
71 if (*soc_version == 0)
72 err = -EILSEQ;
73
74 out:
75 kfree_skb(skb);
76 if (err)
77 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
78
79 return err;
80 }
81 EXPORT_SYMBOL_GPL(qca_read_soc_version);
82
83 static int qca_send_reset(struct hci_dev *hdev)
84 {
85 struct sk_buff *skb;
86 int err;
87
88 bt_dev_dbg(hdev, "QCA HCI_RESET");
89
90 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
91 if (IS_ERR(skb)) {
92 err = PTR_ERR(skb);
93 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
94 return err;
95 }
96
97 kfree_skb(skb);
98
99 return 0;
100 }
101
102 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
103 {
104 struct sk_buff *skb;
105 int err;
106
107 bt_dev_dbg(hdev, "QCA pre shutdown cmd");
108
109 skb = __hci_cmd_sync(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
110 NULL, HCI_INIT_TIMEOUT);
111 if (IS_ERR(skb)) {
112 err = PTR_ERR(skb);
113 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
114 return err;
115 }
116
117 kfree_skb(skb);
118
119 return 0;
120 }
121 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
122
123 static void qca_tlv_check_data(struct rome_config *config,
124 const struct firmware *fw)
125 {
126 const u8 *data;
127 u32 type_len;
128 u16 tag_id, tag_len;
129 int idx, length;
130 struct tlv_type_hdr *tlv;
131 struct tlv_type_patch *tlv_patch;
132 struct tlv_type_nvm *tlv_nvm;
133
134 tlv = (struct tlv_type_hdr *)fw->data;
135
136 type_len = le32_to_cpu(tlv->type_len);
137 length = (type_len >> 8) & 0x00ffffff;
138
139 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
140 BT_DBG("Length\t\t : %d bytes", length);
141
142 config->dnld_mode = ROME_SKIP_EVT_NONE;
143
144 switch (config->type) {
145 case TLV_TYPE_PATCH:
146 tlv_patch = (struct tlv_type_patch *)tlv->data;
147
148 /* For Rome version 1.1 to 3.1, all segment commands
149 * are acked by a vendor specific event (VSE).
150 * For Rome >= 3.2, the download mode field indicates
151 * if VSE is skipped by the controller.
152 * In case VSE is skipped, only the last segment is acked.
153 */
154 config->dnld_mode = tlv_patch->download_mode;
155 config->dnld_type = config->dnld_mode;
156
157 BT_DBG("Total Length : %d bytes",
158 le32_to_cpu(tlv_patch->total_size));
159 BT_DBG("Patch Data Length : %d bytes",
160 le32_to_cpu(tlv_patch->data_length));
161 BT_DBG("Signing Format Version : 0x%x",
162 tlv_patch->format_version);
163 BT_DBG("Signature Algorithm : 0x%x",
164 tlv_patch->signature);
165 BT_DBG("Download mode : 0x%x",
166 tlv_patch->download_mode);
167 BT_DBG("Reserved : 0x%x",
168 tlv_patch->reserved1);
169 BT_DBG("Product ID : 0x%04x",
170 le16_to_cpu(tlv_patch->product_id));
171 BT_DBG("Rom Build Version : 0x%04x",
172 le16_to_cpu(tlv_patch->rom_build));
173 BT_DBG("Patch Version : 0x%04x",
174 le16_to_cpu(tlv_patch->patch_version));
175 BT_DBG("Reserved : 0x%x",
176 le16_to_cpu(tlv_patch->reserved2));
177 BT_DBG("Patch Entry Address : 0x%x",
178 le32_to_cpu(tlv_patch->entry));
179 break;
180
181 case TLV_TYPE_NVM:
182 idx = 0;
183 data = tlv->data;
184 while (idx < length) {
185 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
186
187 tag_id = le16_to_cpu(tlv_nvm->tag_id);
188 tag_len = le16_to_cpu(tlv_nvm->tag_len);
189
190 /* Update NVM tags as needed */
191 switch (tag_id) {
192 case EDL_TAG_ID_HCI:
193 /* HCI transport layer parameters
194 * enabling software inband sleep
195 * onto controller side.
196 */
197 tlv_nvm->data[0] |= 0x80;
198
199 /* UART Baud Rate */
200 tlv_nvm->data[2] = config->user_baud_rate;
201
202 break;
203
204 case EDL_TAG_ID_DEEP_SLEEP:
205 /* Sleep enable mask
206 * enabling deep sleep feature on controller.
207 */
208 tlv_nvm->data[0] |= 0x01;
209
210 break;
211 }
212
213 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
214 }
215 break;
216
217 default:
218 BT_ERR("Unknown TLV type %d", config->type);
219 break;
220 }
221 }
222
223 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
224 const u8 *data, enum rome_tlv_dnld_mode mode)
225 {
226 struct sk_buff *skb;
227 struct edl_event_hdr *edl;
228 struct tlv_seg_resp *tlv_resp;
229 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
230 int err = 0;
231
232 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
233 cmd[1] = seg_size;
234 memcpy(cmd + 2, data, seg_size);
235
236 if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE)
237 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
238 cmd);
239
240 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
241 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
242 if (IS_ERR(skb)) {
243 err = PTR_ERR(skb);
244 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
245 return err;
246 }
247
248 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
249 bt_dev_err(hdev, "QCA TLV response size mismatch");
250 err = -EILSEQ;
251 goto out;
252 }
253
254 edl = (struct edl_event_hdr *)(skb->data);
255 if (!edl) {
256 bt_dev_err(hdev, "TLV with no header");
257 err = -EILSEQ;
258 goto out;
259 }
260
261 tlv_resp = (struct tlv_seg_resp *)(edl->data);
262
263 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
264 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
265 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
266 edl->cresp, edl->rtype, tlv_resp->result);
267 err = -EIO;
268 }
269
270 out:
271 kfree_skb(skb);
272
273 return err;
274 }
275
276 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
277 {
278 struct hci_event_hdr *hdr;
279 struct hci_ev_cmd_complete *evt;
280 struct sk_buff *skb;
281
282 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
283 if (!skb)
284 return -ENOMEM;
285
286 hdr = skb_put(skb, sizeof(*hdr));
287 hdr->evt = HCI_EV_CMD_COMPLETE;
288 hdr->plen = sizeof(*evt) + 1;
289
290 evt = skb_put(skb, sizeof(*evt));
291 evt->ncmd = 1;
292 evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
293
294 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
295
296 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
297
298 return hci_recv_frame(hdev, skb);
299 }
300
301 static int qca_download_firmware(struct hci_dev *hdev,
302 struct rome_config *config)
303 {
304 const struct firmware *fw;
305 const u8 *segment;
306 int ret, remain, i = 0;
307
308 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
309
310 ret = request_firmware(&fw, config->fwname, &hdev->dev);
311 if (ret) {
312 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
313 config->fwname, ret);
314 return ret;
315 }
316
317 qca_tlv_check_data(config, fw);
318
319 segment = fw->data;
320 remain = fw->size;
321 while (remain > 0) {
322 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
323
324 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
325
326 remain -= segsize;
327 /* The last segment is always acked regardless download mode */
328 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
329 config->dnld_mode = ROME_SKIP_EVT_NONE;
330
331 ret = qca_tlv_send_segment(hdev, segsize, segment,
332 config->dnld_mode);
333 if (ret)
334 goto out;
335
336 segment += segsize;
337 }
338
339 /* Latest qualcomm chipsets are not sending a command complete event
340 * for every fw packet sent. They only respond with a vendor specific
341 * event for the last packet. This optimization in the chip will
342 * decrease the BT in initialization time. Here we will inject a command
343 * complete event to avoid a command timeout error message.
344 */
345 if (config->dnld_type == ROME_SKIP_EVT_VSE_CC ||
346 config->dnld_type == ROME_SKIP_EVT_VSE)
347 ret = qca_inject_cmd_complete_event(hdev);
348
349 out:
350 release_firmware(fw);
351
352 return ret;
353 }
354
355 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
356 {
357 struct sk_buff *skb;
358 u8 cmd[9];
359 int err;
360
361 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
362 cmd[1] = 0x02; /* TAG ID */
363 cmd[2] = sizeof(bdaddr_t); /* size */
364 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
365 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
366 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
367 if (IS_ERR(skb)) {
368 err = PTR_ERR(skb);
369 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
370 return err;
371 }
372
373 kfree_skb(skb);
374
375 return 0;
376 }
377 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
378
379 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
380 enum qca_btsoc_type soc_type, u32 soc_ver,
381 const char *firmware_name)
382 {
383 struct rome_config config;
384 int err;
385 u8 rom_ver = 0;
386
387 bt_dev_dbg(hdev, "QCA setup on UART");
388
389 config.user_baud_rate = baudrate;
390
391 /* Download rampatch file */
392 config.type = TLV_TYPE_PATCH;
393 if (qca_is_wcn399x(soc_type)) {
394 /* Firmware files to download are based on ROM version.
395 * ROM version is derived from last two bytes of soc_ver.
396 */
397 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
398 (soc_ver & 0x0000000f);
399 snprintf(config.fwname, sizeof(config.fwname),
400 "qca/crbtfw%02x.tlv", rom_ver);
401 } else {
402 snprintf(config.fwname, sizeof(config.fwname),
403 "qca/rampatch_%08x.bin", soc_ver);
404 }
405
406 err = qca_download_firmware(hdev, &config);
407 if (err < 0) {
408 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
409 return err;
410 }
411
412 /* Give the controller some time to get ready to receive the NVM */
413 msleep(10);
414
415 /* Download NVM configuration */
416 config.type = TLV_TYPE_NVM;
417 if (firmware_name)
418 snprintf(config.fwname, sizeof(config.fwname),
419 "qca/%s", firmware_name);
420 else if (qca_is_wcn399x(soc_type))
421 snprintf(config.fwname, sizeof(config.fwname),
422 "qca/crnv%02x.bin", rom_ver);
423 else
424 snprintf(config.fwname, sizeof(config.fwname),
425 "qca/nvm_%08x.bin", soc_ver);
426
427 err = qca_download_firmware(hdev, &config);
428 if (err < 0) {
429 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
430 return err;
431 }
432
433 /* Perform HCI reset */
434 err = qca_send_reset(hdev);
435 if (err < 0) {
436 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
437 return err;
438 }
439
440 bt_dev_info(hdev, "QCA setup on UART is completed");
441
442 return 0;
443 }
444 EXPORT_SYMBOL_GPL(qca_uart_setup);
445
446 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
447 {
448 struct sk_buff *skb;
449 int err;
450
451 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
452 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
453 if (IS_ERR(skb)) {
454 err = PTR_ERR(skb);
455 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
456 return err;
457 }
458
459 kfree_skb(skb);
460
461 return 0;
462 }
463 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
464
465
466 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
467 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
468 MODULE_VERSION(VERSION);
469 MODULE_LICENSE("GPL");
A mirror of Linus' kernel repository