drivers/bluetooth/btqca.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  *  Bluetooth supports for Qualcomm Atheros chips
   4  *
   5  *  Copyright (c) 2015 The Linux Foundation. All rights reserved.
   6  */
   7 #include <linux/module.h>
   8 #include <linux/firmware.h>
   9 #include <linux/vmalloc.h>
  10
  11 #include <net/bluetooth/bluetooth.h>
  12 #include <net/bluetooth/hci_core.h>
  13
  14 #include "btqca.h"
  15
  16 int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
  17                          enum qca_btsoc_type soc_type)
  18 {
  19         struct sk_buff *skb;
  20         struct edl_event_hdr *edl;
  21         char cmd;
  22         int err = 0;
  23         u8 event_type = HCI_EV_VENDOR;
  24         u8 rlen = sizeof(*edl) + sizeof(*ver);
  25         u8 rtype = EDL_APP_VER_RES_EVT;
  26
  27         bt_dev_dbg(hdev, "QCA Version Request");
  28
  29         /* Unlike other SoC's sending version command response as payload to
  30          * VSE event. WCN3991 sends version command response as a payload to
  31          * command complete event.
  32          */
  33         if (soc_type >= QCA_WCN3991) {
  34                 event_type = 0;
  35                 rlen += 1;
  36                 rtype = EDL_PATCH_VER_REQ_CMD;
  37         }
  38
  39         cmd = EDL_PATCH_VER_REQ_CMD;
  40         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
  41                                 &cmd, event_type, HCI_INIT_TIMEOUT);
  42         if (IS_ERR(skb)) {
  43                 err = PTR_ERR(skb);
  44                 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
  45                            err);
  46                 return err;
  47         }
  48
  49         if (skb->len != rlen) {
  50                 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
  51                 err = -EILSEQ;
  52                 goto out;
  53         }
  54
  55         edl = (struct edl_event_hdr *)(skb->data);
  56
  57         if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
  58             edl->rtype != rtype) {
  59                 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
  60                            edl->rtype);
  61                 err = -EIO;
  62                 goto out;
  63         }
  64
  65         if (soc_type >= QCA_WCN3991)
  66                 memcpy(ver, edl->data + 1, sizeof(*ver));
  67         else
  68                 memcpy(ver, &edl->data, sizeof(*ver));
  69
  70         bt_dev_info(hdev, "QCA Product ID   :0x%08x",
  71                     le32_to_cpu(ver->product_id));
  72         bt_dev_info(hdev, "QCA SOC Version  :0x%08x",
  73                     le32_to_cpu(ver->soc_id));
  74         bt_dev_info(hdev, "QCA ROM Version  :0x%08x",
  75                     le16_to_cpu(ver->rom_ver));
  76         bt_dev_info(hdev, "QCA Patch Version:0x%08x",
  77                     le16_to_cpu(ver->patch_ver));
  78
  79         if (ver->soc_id == 0 || ver->rom_ver == 0)
  80                 err = -EILSEQ;
  81
  82 out:
  83         kfree_skb(skb);
  84         if (err)
  85                 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
  86
  87         return err;
  88 }
  89 EXPORT_SYMBOL_GPL(qca_read_soc_version);
  90
  91 static int qca_read_fw_build_info(struct hci_dev *hdev)
  92 {
  93         struct sk_buff *skb;
  94         struct edl_event_hdr *edl;
  95         char *build_label;
  96         char cmd;
  97         int build_lbl_len, err = 0;
  98
  99         bt_dev_dbg(hdev, "QCA read fw build info");
 100
 101         cmd = EDL_GET_BUILD_INFO_CMD;
 102         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
 103                                 &cmd, 0, HCI_INIT_TIMEOUT);
 104         if (IS_ERR(skb)) {
 105                 err = PTR_ERR(skb);
 106                 bt_dev_err(hdev, "Reading QCA fw build info failed (%d)",
 107                            err);
 108                 return err;
 109         }
 110
 111         if (skb->len < sizeof(*edl)) {
 112                 err = -EILSEQ;
 113                 goto out;
 114         }
 115
 116         edl = (struct edl_event_hdr *)(skb->data);
 117
 118         if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
 119             edl->rtype != EDL_GET_BUILD_INFO_CMD) {
 120                 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
 121                            edl->rtype);
 122                 err = -EIO;
 123                 goto out;
 124         }
 125
 126         if (skb->len < sizeof(*edl) + 1) {
 127                 err = -EILSEQ;
 128                 goto out;
 129         }
 130
 131         build_lbl_len = edl->data[0];
 132
 133         if (skb->len < sizeof(*edl) + 1 + build_lbl_len) {
 134                 err = -EILSEQ;
 135                 goto out;
 136         }
 137
 138         build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL);
 139         if (!build_label) {
 140                 err = -ENOMEM;
 141                 goto out;
 142         }
 143
 144         hci_set_fw_info(hdev, "%s", build_label);
 145
 146         kfree(build_label);
 147 out:
 148         kfree_skb(skb);
 149         return err;
 150 }
 151
 152 static int qca_send_patch_config_cmd(struct hci_dev *hdev)
 153 {
 154         const u8 cmd[] = { EDL_PATCH_CONFIG_CMD, 0x01, 0, 0, 0 };
 155         struct sk_buff *skb;
 156         struct edl_event_hdr *edl;
 157         int err;
 158
 159         bt_dev_dbg(hdev, "QCA Patch config");
 160
 161         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),
 162                                 cmd, 0, HCI_INIT_TIMEOUT);
 163         if (IS_ERR(skb)) {
 164                 err = PTR_ERR(skb);
 165                 bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);
 166                 return err;
 167         }
 168
 169         if (skb->len != 2) {
 170                 bt_dev_err(hdev, "QCA Patch config cmd size mismatch len %d", skb->len);
 171                 err = -EILSEQ;
 172                 goto out;
 173         }
 174
 175         edl = (struct edl_event_hdr *)(skb->data);
 176
 177         if (edl->cresp != EDL_PATCH_CONFIG_RES_EVT || edl->rtype != EDL_PATCH_CONFIG_CMD) {
 178                 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
 179                            edl->rtype);
 180                 err = -EIO;
 181                 goto out;
 182         }
 183
 184         err = 0;
 185
 186 out:
 187         kfree_skb(skb);
 188         return err;
 189 }
 190
 191 static int qca_send_reset(struct hci_dev *hdev)
 192 {
 193         struct sk_buff *skb;
 194         int err;
 195
 196         bt_dev_dbg(hdev, "QCA HCI_RESET");
 197
 198         skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
 199         if (IS_ERR(skb)) {
 200                 err = PTR_ERR(skb);
 201                 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
 202                 return err;
 203         }
 204
 205         kfree_skb(skb);
 206
 207         return 0;
 208 }
 209
 210 static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid)
 211 {
 212         u8 cmd;
 213         struct sk_buff *skb;
 214         struct edl_event_hdr *edl;
 215         int err = 0;
 216
 217         cmd = EDL_GET_BID_REQ_CMD;
 218         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
 219                                 &cmd, 0, HCI_INIT_TIMEOUT);
 220         if (IS_ERR(skb)) {
 221                 err = PTR_ERR(skb);
 222                 bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err);
 223                 return err;
 224         }
 225
 226         edl = skb_pull_data(skb, sizeof(*edl));
 227         if (!edl) {
 228                 bt_dev_err(hdev, "QCA read board ID with no header");
 229                 err = -EILSEQ;
 230                 goto out;
 231         }
 232
 233         if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
 234             edl->rtype != EDL_GET_BID_REQ_CMD) {
 235                 bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype);
 236                 err = -EIO;
 237                 goto out;
 238         }
 239
 240         if (skb->len < 3) {
 241                 err = -EILSEQ;
 242                 goto out;
 243         }
 244
 245         *bid = (edl->data[1] << 8) + edl->data[2];
 246         bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid);
 247
 248 out:
 249         kfree_skb(skb);
 250         return err;
 251 }
 252
 253 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
 254 {
 255         struct sk_buff *skb;
 256         int err;
 257
 258         bt_dev_dbg(hdev, "QCA pre shutdown cmd");
 259
 260         skb = __hci_cmd_sync_ev(hdev, QCA_PRE_SHUTDOWN_CMD, 0,
 261                                 NULL, HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
 262
 263         if (IS_ERR(skb)) {
 264                 err = PTR_ERR(skb);
 265                 bt_dev_err(hdev, "QCA preshutdown_cmd failed (%d)", err);
 266                 return err;
 267         }
 268
 269         kfree_skb(skb);
 270
 271         return 0;
 272 }
 273 EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
 274
 275 static int qca_tlv_check_data(struct hci_dev *hdev,
 276                                struct qca_fw_config *config,
 277                                u8 *fw_data, size_t fw_size,
 278                                enum qca_btsoc_type soc_type)
 279 {
 280         const u8 *data;
 281         u32 type_len;
 282         u16 tag_id, tag_len;
 283         int idx, length;
 284         struct tlv_type_hdr *tlv;
 285         struct tlv_type_patch *tlv_patch;
 286         struct tlv_type_nvm *tlv_nvm;
 287         uint8_t nvm_baud_rate = config->user_baud_rate;
 288         u8 type;
 289
 290         config->dnld_mode = QCA_SKIP_EVT_NONE;
 291         config->dnld_type = QCA_SKIP_EVT_NONE;
 292
 293         switch (config->type) {
 294         case ELF_TYPE_PATCH:
 295                 if (fw_size < 7)
 296                         return -EINVAL;
 297
 298                 config->dnld_mode = QCA_SKIP_EVT_VSE_CC;
 299                 config->dnld_type = QCA_SKIP_EVT_VSE_CC;
 300
 301                 bt_dev_dbg(hdev, "File Class        : 0x%x", fw_data[4]);
 302                 bt_dev_dbg(hdev, "Data Encoding     : 0x%x", fw_data[5]);
 303                 bt_dev_dbg(hdev, "File version      : 0x%x", fw_data[6]);
 304                 break;
 305         case TLV_TYPE_PATCH:
 306                 if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch))
 307                         return -EINVAL;
 308
 309                 tlv = (struct tlv_type_hdr *)fw_data;
 310                 type_len = le32_to_cpu(tlv->type_len);
 311                 tlv_patch = (struct tlv_type_patch *)tlv->data;
 312
 313                 /* For Rome version 1.1 to 3.1, all segment commands
 314                  * are acked by a vendor specific event (VSE).
 315                  * For Rome >= 3.2, the download mode field indicates
 316                  * if VSE is skipped by the controller.
 317                  * In case VSE is skipped, only the last segment is acked.
 318                  */
 319                 config->dnld_mode = tlv_patch->download_mode;
 320                 config->dnld_type = config->dnld_mode;
 321
 322                 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
 323                 BT_DBG("Total Length           : %d bytes",
 324                        le32_to_cpu(tlv_patch->total_size));
 325                 BT_DBG("Patch Data Length      : %d bytes",
 326                        le32_to_cpu(tlv_patch->data_length));
 327                 BT_DBG("Signing Format Version : 0x%x",
 328                        tlv_patch->format_version);
 329                 BT_DBG("Signature Algorithm    : 0x%x",
 330                        tlv_patch->signature);
 331                 BT_DBG("Download mode          : 0x%x",
 332                        tlv_patch->download_mode);
 333                 BT_DBG("Reserved               : 0x%x",
 334                        tlv_patch->reserved1);
 335                 BT_DBG("Product ID             : 0x%04x",
 336                        le16_to_cpu(tlv_patch->product_id));
 337                 BT_DBG("Rom Build Version      : 0x%04x",
 338                        le16_to_cpu(tlv_patch->rom_build));
 339                 BT_DBG("Patch Version          : 0x%04x",
 340                        le16_to_cpu(tlv_patch->patch_version));
 341                 BT_DBG("Reserved               : 0x%x",
 342                        le16_to_cpu(tlv_patch->reserved2));
 343                 BT_DBG("Patch Entry Address    : 0x%x",
 344                        le32_to_cpu(tlv_patch->entry));
 345                 break;
 346
 347         case TLV_TYPE_NVM:
 348                 if (fw_size < sizeof(struct tlv_type_hdr))
 349                         return -EINVAL;
 350
 351                 tlv = (struct tlv_type_hdr *)fw_data;
 352
 353                 type_len = le32_to_cpu(tlv->type_len);
 354                 length = type_len >> 8;
 355                 type = type_len & 0xff;
 356
 357                 /* Some NVM files have more than one set of tags, only parse
 358                  * the first set when it has type 2 for now. When there is
 359                  * more than one set there is an enclosing header of type 4.
 360                  */
 361                 if (type == 4) {
 362                         if (fw_size < 2 * sizeof(struct tlv_type_hdr))
 363                                 return -EINVAL;
 364
 365                         tlv++;
 366
 367                         type_len = le32_to_cpu(tlv->type_len);
 368                         length = type_len >> 8;
 369                         type = type_len & 0xff;
 370                 }
 371
 372                 BT_DBG("TLV Type\t\t : 0x%x", type);
 373                 BT_DBG("Length\t\t : %d bytes", length);
 374
 375                 if (type != 2)
 376                         break;
 377
 378                 if (fw_size < length + (tlv->data - fw_data))
 379                         return -EINVAL;
 380
 381                 idx = 0;
 382                 data = tlv->data;
 383                 while (idx < length - sizeof(struct tlv_type_nvm)) {
 384                         tlv_nvm = (struct tlv_type_nvm *)(data + idx);
 385
 386                         tag_id = le16_to_cpu(tlv_nvm->tag_id);
 387                         tag_len = le16_to_cpu(tlv_nvm->tag_len);
 388
 389                         if (length < idx + sizeof(struct tlv_type_nvm) + tag_len)
 390                                 return -EINVAL;
 391
 392                         /* Update NVM tags as needed */
 393                         switch (tag_id) {
 394                         case EDL_TAG_ID_BD_ADDR:
 395                                 if (tag_len != sizeof(bdaddr_t))
 396                                         return -EINVAL;
 397
 398                                 memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t));
 399
 400                                 break;
 401
 402                         case EDL_TAG_ID_HCI:
 403                                 if (tag_len < 3)
 404                                         return -EINVAL;
 405
 406                                 /* HCI transport layer parameters
 407                                  * enabling software inband sleep
 408                                  * onto controller side.
 409                                  */
 410                                 tlv_nvm->data[0] |= 0x80;
 411
 412                                 /* UART Baud Rate */
 413                                 if (soc_type >= QCA_WCN3991)
 414                                         tlv_nvm->data[1] = nvm_baud_rate;
 415                                 else
 416                                         tlv_nvm->data[2] = nvm_baud_rate;
 417
 418                                 break;
 419
 420                         case EDL_TAG_ID_DEEP_SLEEP:
 421                                 if (tag_len < 1)
 422                                         return -EINVAL;
 423
 424                                 /* Sleep enable mask
 425                                  * enabling deep sleep feature on controller.
 426                                  */
 427                                 tlv_nvm->data[0] |= 0x01;
 428
 429                                 break;
 430                         }
 431
 432                         idx += sizeof(struct tlv_type_nvm) + tag_len;
 433                 }
 434                 break;
 435
 436         default:
 437                 BT_ERR("Unknown TLV type %d", config->type);
 438                 return -EINVAL;
 439         }
 440
 441         return 0;
 442 }
 443
 444 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
 445                                 const u8 *data, enum qca_tlv_dnld_mode mode,
 446                                 enum qca_btsoc_type soc_type)
 447 {
 448         struct sk_buff *skb;
 449         struct edl_event_hdr *edl;
 450         struct tlv_seg_resp *tlv_resp;
 451         u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
 452         int err = 0;
 453         u8 event_type = HCI_EV_VENDOR;
 454         u8 rlen = (sizeof(*edl) + sizeof(*tlv_resp));
 455         u8 rtype = EDL_TVL_DNLD_RES_EVT;
 456
 457         cmd[0] = EDL_PATCH_TLV_REQ_CMD;
 458         cmd[1] = seg_size;
 459         memcpy(cmd + 2, data, seg_size);
 460
 461         if (mode == QCA_SKIP_EVT_VSE_CC || mode == QCA_SKIP_EVT_VSE)
 462                 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
 463                                       cmd);
 464
 465         /* Unlike other SoC's sending version command response as payload to
 466          * VSE event. WCN3991 sends version command response as a payload to
 467          * command complete event.
 468          */
 469         if (soc_type >= QCA_WCN3991) {
 470                 event_type = 0;
 471                 rlen = sizeof(*edl);
 472                 rtype = EDL_PATCH_TLV_REQ_CMD;
 473         }
 474
 475         skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
 476                                 event_type, HCI_INIT_TIMEOUT);
 477         if (IS_ERR(skb)) {
 478                 err = PTR_ERR(skb);
 479                 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
 480                 return err;
 481         }
 482
 483         if (skb->len != rlen) {
 484                 bt_dev_err(hdev, "QCA TLV response size mismatch");
 485                 err = -EILSEQ;
 486                 goto out;
 487         }
 488
 489         edl = (struct edl_event_hdr *)(skb->data);
 490
 491         if (edl->cresp != EDL_CMD_REQ_RES_EVT || edl->rtype != rtype) {
 492                 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x",
 493                            edl->cresp, edl->rtype);
 494                 err = -EIO;
 495         }
 496
 497         if (soc_type >= QCA_WCN3991)
 498                 goto out;
 499
 500         tlv_resp = (struct tlv_seg_resp *)(edl->data);
 501         if (tlv_resp->result) {
 502                 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
 503                            edl->cresp, edl->rtype, tlv_resp->result);
 504         }
 505
 506 out:
 507         kfree_skb(skb);
 508
 509         return err;
 510 }
 511
 512 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
 513 {
 514         struct hci_event_hdr *hdr;
 515         struct hci_ev_cmd_complete *evt;
 516         struct sk_buff *skb;
 517
 518         skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
 519         if (!skb)
 520                 return -ENOMEM;
 521
 522         hdr = skb_put(skb, sizeof(*hdr));
 523         hdr->evt = HCI_EV_CMD_COMPLETE;
 524         hdr->plen = sizeof(*evt) + 1;
 525
 526         evt = skb_put(skb, sizeof(*evt));
 527         evt->ncmd = 1;
 528         evt->opcode = cpu_to_le16(QCA_HCI_CC_OPCODE);
 529
 530         skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
 531
 532         hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
 533
 534         return hci_recv_frame(hdev, skb);
 535 }
 536
 537 static int qca_download_firmware(struct hci_dev *hdev,
 538                                  struct qca_fw_config *config,
 539                                  enum qca_btsoc_type soc_type,
 540                                  u8 rom_ver)
 541 {
 542         const struct firmware *fw;
 543         u8 *data;
 544         const u8 *segment;
 545         int ret, size, remain, i = 0;
 546
 547         bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
 548
 549         ret = request_firmware(&fw, config->fwname, &hdev->dev);
 550         if (ret) {
 551                 /* For WCN6750, if mbn file is not present then check for
 552                  * tlv file.
 553                  */
 554                 if (soc_type == QCA_WCN6750 && config->type == ELF_TYPE_PATCH) {
 555                         bt_dev_dbg(hdev, "QCA Failed to request file: %s (%d)",
 556                                    config->fwname, ret);
 557                         config->type = TLV_TYPE_PATCH;
 558                         snprintf(config->fwname, sizeof(config->fwname),
 559                                  "qca/msbtfw%02x.tlv", rom_ver);
 560                         bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
 561                         ret = request_firmware(&fw, config->fwname, &hdev->dev);
 562                         if (ret) {
 563                                 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
 564                                            config->fwname, ret);
 565                                 return ret;
 566                         }
 567                 } else {
 568                         bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
 569                                    config->fwname, ret);
 570                         return ret;
 571                 }
 572         }
 573
 574         size = fw->size;
 575         data = vmalloc(fw->size);
 576         if (!data) {
 577                 bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
 578                            config->fwname);
 579                 release_firmware(fw);
 580                 return -ENOMEM;
 581         }
 582
 583         memcpy(data, fw->data, size);
 584         release_firmware(fw);
 585
 586         ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
 587         if (ret)
 588                 goto out;
 589
 590         segment = data;
 591         remain = size;
 592         while (remain > 0) {
 593                 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
 594
 595                 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
 596
 597                 remain -= segsize;
 598                 /* The last segment is always acked regardless download mode */
 599                 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
 600                         config->dnld_mode = QCA_SKIP_EVT_NONE;
 601
 602                 ret = qca_tlv_send_segment(hdev, segsize, segment,
 603                                            config->dnld_mode, soc_type);
 604                 if (ret)
 605                         goto out;
 606
 607                 segment += segsize;
 608         }
 609
 610         /* Latest qualcomm chipsets are not sending a command complete event
 611          * for every fw packet sent. They only respond with a vendor specific
 612          * event for the last packet. This optimization in the chip will
 613          * decrease the BT in initialization time. Here we will inject a command
 614          * complete event to avoid a command timeout error message.
 615          */
 616         if (config->dnld_type == QCA_SKIP_EVT_VSE_CC ||
 617             config->dnld_type == QCA_SKIP_EVT_VSE)
 618                 ret = qca_inject_cmd_complete_event(hdev);
 619
 620 out:
 621         vfree(data);
 622
 623         return ret;
 624 }
 625
 626 static int qca_disable_soc_logging(struct hci_dev *hdev)
 627 {
 628         struct sk_buff *skb;
 629         u8 cmd[2];
 630         int err;
 631
 632         cmd[0] = QCA_DISABLE_LOGGING_SUB_OP;
 633         cmd[1] = 0x00;
 634         skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd,
 635                                 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
 636         if (IS_ERR(skb)) {
 637                 err = PTR_ERR(skb);
 638                 bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err);
 639                 return err;
 640         }
 641
 642         kfree_skb(skb);
 643
 644         return 0;
 645 }
 646
 647 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
 648 {
 649         struct sk_buff *skb;
 650         u8 cmd[9];
 651         int err;
 652
 653         cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
 654         cmd[1] = 0x02;                  /* TAG ID */
 655         cmd[2] = sizeof(bdaddr_t);      /* size */
 656         memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
 657         skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
 658                                 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
 659         if (IS_ERR(skb)) {
 660                 err = PTR_ERR(skb);
 661                 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
 662                 return err;
 663         }
 664
 665         kfree_skb(skb);
 666
 667         return 0;
 668 }
 669 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
 670
 671 static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config)
 672 {
 673         struct hci_rp_read_bd_addr *bda;
 674         struct sk_buff *skb;
 675         int err;
 676
 677         if (bacmp(&hdev->public_addr, BDADDR_ANY))
 678                 return 0;
 679
 680         skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
 681                              HCI_INIT_TIMEOUT);
 682         if (IS_ERR(skb)) {
 683                 err = PTR_ERR(skb);
 684                 bt_dev_err(hdev, "Failed to read device address (%d)", err);
 685                 return err;
 686         }
 687
 688         if (skb->len != sizeof(*bda)) {
 689                 bt_dev_err(hdev, "Device address length mismatch");
 690                 kfree_skb(skb);
 691                 return -EIO;
 692         }
 693
 694         bda = (struct hci_rp_read_bd_addr *)skb->data;
 695         if (!bacmp(&bda->bdaddr, &config->bdaddr))
 696                 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
 697
 698         kfree_skb(skb);
 699
 700         return 0;
 701 }
 702
 703 static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size,
 704                 struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
 705 {
 706         const char *variant;
 707
 708         /* hsp gf chip */
 709         if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID)
 710                 variant = "g";
 711         else
 712                 variant = "";
 713
 714         if (bid == 0x0)
 715                 snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant);
 716         else
 717                 snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid);
 718 }
 719
 720 static inline void qca_get_nvm_name_generic(struct qca_fw_config *cfg,
 721                                             const char *stem, u8 rom_ver, u16 bid)
 722 {
 723         if (bid == 0x0)
 724                 snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/%snv%02x.bin", stem, rom_ver);
 725         else if (bid & 0xff00)
 726                 snprintf(cfg->fwname, sizeof(cfg->fwname),
 727                          "qca/%snv%02x.b%x", stem, rom_ver, bid);
 728         else
 729                 snprintf(cfg->fwname, sizeof(cfg->fwname),
 730                          "qca/%snv%02x.b%02x", stem, rom_ver, bid);
 731 }
 732
 733 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
 734                    enum qca_btsoc_type soc_type, struct qca_btsoc_version ver,
 735                    const char *firmware_name)
 736 {
 737         struct qca_fw_config config = {};
 738         int err;
 739         u8 rom_ver = 0;
 740         u32 soc_ver;
 741         u16 boardid = 0;
 742
 743         bt_dev_dbg(hdev, "QCA setup on UART");
 744
 745         soc_ver = get_soc_ver(ver.soc_id, ver.rom_ver);
 746
 747         bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
 748
 749         config.user_baud_rate = baudrate;
 750
 751         /* Firmware files to download are based on ROM version.
 752          * ROM version is derived from last two bytes of soc_ver.
 753          */
 754         if (soc_type == QCA_WCN3988)
 755                 rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
 756         else
 757                 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
 758
 759         if (soc_type == QCA_WCN6750)
 760                 qca_send_patch_config_cmd(hdev);
 761
 762         /* Download rampatch file */
 763         config.type = TLV_TYPE_PATCH;
 764         switch (soc_type) {
 765         case QCA_WCN3990:
 766         case QCA_WCN3991:
 767         case QCA_WCN3998:
 768                 snprintf(config.fwname, sizeof(config.fwname),
 769                          "qca/crbtfw%02x.tlv", rom_ver);
 770                 break;
 771         case QCA_WCN3988:
 772                 snprintf(config.fwname, sizeof(config.fwname),
 773                          "qca/apbtfw%02x.tlv", rom_ver);
 774                 break;
 775         case QCA_QCA2066:
 776                 snprintf(config.fwname, sizeof(config.fwname),
 777                          "qca/hpbtfw%02x.tlv", rom_ver);
 778                 break;
 779         case QCA_QCA6390:
 780                 snprintf(config.fwname, sizeof(config.fwname),
 781                          "qca/htbtfw%02x.tlv", rom_ver);
 782                 break;
 783         case QCA_WCN6750:
 784                 /* Choose mbn file by default.If mbn file is not found
 785                  * then choose tlv file
 786                  */
 787                 config.type = ELF_TYPE_PATCH;
 788                 snprintf(config.fwname, sizeof(config.fwname),
 789                          "qca/msbtfw%02x.mbn", rom_ver);
 790                 break;
 791         case QCA_WCN6855:
 792                 snprintf(config.fwname, sizeof(config.fwname),
 793                          "qca/hpbtfw%02x.tlv", rom_ver);
 794                 break;
 795         case QCA_WCN7850:
 796                 snprintf(config.fwname, sizeof(config.fwname),
 797                          "qca/hmtbtfw%02x.tlv", rom_ver);
 798                 break;
 799         default:
 800                 snprintf(config.fwname, sizeof(config.fwname),
 801                          "qca/rampatch_%08x.bin", soc_ver);
 802         }
 803
 804         err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
 805         if (err < 0) {
 806                 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
 807                 return err;
 808         }
 809
 810         /* Give the controller some time to get ready to receive the NVM */
 811         msleep(10);
 812
 813         if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850)
 814                 qca_read_fw_board_id(hdev, &boardid);
 815
 816         /* Download NVM configuration */
 817         config.type = TLV_TYPE_NVM;
 818         if (firmware_name) {
 819                 snprintf(config.fwname, sizeof(config.fwname),
 820                          "qca/%s", firmware_name);
 821         } else {
 822                 switch (soc_type) {
 823                 case QCA_WCN3990:
 824                 case QCA_WCN3991:
 825                 case QCA_WCN3998:
 826                         if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
 827                                 snprintf(config.fwname, sizeof(config.fwname),
 828                                          "qca/crnv%02xu.bin", rom_ver);
 829                         } else {
 830                                 snprintf(config.fwname, sizeof(config.fwname),
 831                                          "qca/crnv%02x.bin", rom_ver);
 832                         }
 833                         break;
 834                 case QCA_WCN3988:
 835                         snprintf(config.fwname, sizeof(config.fwname),
 836                                  "qca/apnv%02x.bin", rom_ver);
 837                         break;
 838                 case QCA_QCA2066:
 839                         qca_generate_hsp_nvm_name(config.fwname,
 840                                 sizeof(config.fwname), ver, rom_ver, boardid);
 841                         break;
 842                 case QCA_QCA6390:
 843                         snprintf(config.fwname, sizeof(config.fwname),
 844                                  "qca/htnv%02x.bin", rom_ver);
 845                         break;
 846                 case QCA_WCN6750:
 847                         snprintf(config.fwname, sizeof(config.fwname),
 848                                  "qca/msnv%02x.bin", rom_ver);
 849                         break;
 850                 case QCA_WCN6855:
 851                         snprintf(config.fwname, sizeof(config.fwname),
 852                                  "qca/hpnv%02x.bin", rom_ver);
 853                         break;
 854                 case QCA_WCN7850:
 855                         qca_get_nvm_name_generic(&config, "hmt", rom_ver, boardid);
 856                         break;
 857
 858                 default:
 859                         snprintf(config.fwname, sizeof(config.fwname),
 860                                  "qca/nvm_%08x.bin", soc_ver);
 861                 }
 862         }
 863
 864         err = qca_download_firmware(hdev, &config, soc_type, rom_ver);
 865         if (err < 0) {
 866                 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
 867                 return err;
 868         }
 869
 870         switch (soc_type) {
 871         case QCA_WCN3991:
 872         case QCA_QCA2066:
 873         case QCA_QCA6390:
 874         case QCA_WCN6750:
 875         case QCA_WCN6855:
 876         case QCA_WCN7850:
 877                 err = qca_disable_soc_logging(hdev);
 878                 if (err < 0)
 879                         return err;
 880                 break;
 881         default:
 882                 break;
 883         }
 884
 885         /* WCN399x and WCN6750 supports the Microsoft vendor extension with 0xFD70 as the
 886          * VsMsftOpCode.
 887          */
 888         switch (soc_type) {
 889         case QCA_WCN3988:
 890         case QCA_WCN3990:
 891         case QCA_WCN3991:
 892         case QCA_WCN3998:
 893         case QCA_WCN6750:
 894                 hci_set_msft_opcode(hdev, 0xFD70);
 895                 break;
 896         default:
 897                 break;
 898         }
 899
 900         /* Perform HCI reset */
 901         err = qca_send_reset(hdev);
 902         if (err < 0) {
 903                 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
 904                 return err;
 905         }
 906
 907         switch (soc_type) {
 908         case QCA_WCN3991:
 909         case QCA_WCN6750:
 910         case QCA_WCN6855:
 911         case QCA_WCN7850:
 912                 /* get fw build info */
 913                 err = qca_read_fw_build_info(hdev);
 914                 if (err < 0)
 915                         return err;
 916                 break;
 917         default:
 918                 break;
 919         }
 920
 921         err = qca_check_bdaddr(hdev, &config);
 922         if (err)
 923                 return err;
 924
 925         bt_dev_info(hdev, "QCA setup on UART is completed");
 926
 927         return 0;
 928 }
 929 EXPORT_SYMBOL_GPL(qca_uart_setup);
 930
 931 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
 932 {
 933         bdaddr_t bdaddr_swapped;
 934         struct sk_buff *skb;
 935         int err;
 936
 937         baswap(&bdaddr_swapped, bdaddr);
 938
 939         skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6,
 940                                 &bdaddr_swapped, HCI_EV_VENDOR,
 941                                 HCI_INIT_TIMEOUT);
 942         if (IS_ERR(skb)) {
 943                 err = PTR_ERR(skb);
 944                 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
 945                 return err;
 946         }
 947
 948         kfree_skb(skb);
 949
 950         return 0;
 951 }
 952 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
 953
 954
 955 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
 956 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family");
 957 MODULE_LICENSE("GPL");