2010-02-26 00:02:25

by Matthew Wilson

[permalink] [raw]
Subject: patch for firmware download to Qualcomm Bluetooth chip

Hi Marcel,

Please let us know if this patch will be acceptable or suggestions for
changes to make it so.

Thanks,

Matt Wilson


Attachments:
0001-Firmware-download-for-Qualcomm-Bluetooth-devices.patch (10.09 kB)

2010-03-12 13:33:07

by Matthew Wilson

[permalink] [raw]
Subject: Re: patch for firmware download to Qualcomm Bluetooth chip

Any comments for this patch?
Sorry to send only CC: to the list before.
I assume that error makes a review difficult.

I have an update for this patch for setting baud rate and do not know if
I should update the original or make a new separate patch.

Please also find the original ones (download patch and firmware patch)
here:
https://www.codeaurora.org/patches/quic/chrome/0001-Firmware-download-for-Qualcomm-Bluetooth-devices.patch

https://www.codeaurora.org/patches/quic/chrome/0001-Firmware-for-Qualcomm-Bluetooth-BTS4025.patch

These are from the Code Aurora Forum partner Qualcomm Innovation Center,
Inc.

Best regards,

Matt Wilson


2010-08-23 20:41:07

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH v4] Firmware download for Qualcomm Bluetooth devices

Hi Matt,

On Mon, Aug 23, 2010, Matthew Wilson wrote:
> Configures device address from hciattach parameter.
> UART speed limited to 115200.
> Requires separate device specific firmware.
> ---
> Makefile.tools | 3 +-
> tools/hciattach.c | 10 ++
> tools/hciattach.h | 1 +
> tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 292 insertions(+), 1 deletions(-)
> create mode 100644 tools/hciattach_qualcomm.c

Thanks. The patch is now pushed upstream with a few more cosmetic
(coding style) changes. Take a look at the upstream tree if you're
interested in the details.

Johan

2010-08-23 16:17:47

by Matthew Wilson

[permalink] [raw]
Subject: [PATCH v4] Firmware download for Qualcomm Bluetooth devices

Configures device address from hciattach parameter.
UART speed limited to 115200.
Requires separate device specific firmware.
---
Makefile.tools | 3 +-
tools/hciattach.c | 10 ++
tools/hciattach.h | 1 +
tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 292 insertions(+), 1 deletions(-)
create mode 100644 tools/hciattach_qualcomm.c

diff --git a/Makefile.tools b/Makefile.tools
index 8ee1972..1c46542 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -24,7 +24,8 @@ tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
tools/hciattach_st.c \
tools/hciattach_ti.c \
tools/hciattach_tialt.c \
- tools/hciattach_ath3k.c
+ tools/hciattach_ath3k.c \
+ tools/hciattach_qualcomm.c
tools_hciattach_LDADD = lib/libbluetooth.la

tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
diff --git a/tools/hciattach.c b/tools/hciattach.c
index 5662f57..fd53710 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -312,6 +312,11 @@ static int ath3k_pm(int fd, struct uart_t *u, struct termios *ti)
return ath3k_post(fd, u->pm);
}

+static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
+{
+ return qualcomm_init(fd, u->speed, ti, u->bdaddr);
+}
+
static int read_check(int fd, void *buf, int count)
{
int res;
@@ -1116,6 +1121,11 @@ struct uart_t uart[] = {

{ "ath3k", 0x0000, 0x0000, HCI_UART_ATH3K, 115200, 115200,
FLOW_CTL, DISABLE_PM, NULL, ath3k_ps, ath3k_pm },
+
+ /* QUALCOMM BTS */
+ { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200,
+ FLOW_CTL, DISABLE_PM, NULL, qualcomm, NULL },
+
{ NULL, 0 }
};

diff --git a/tools/hciattach.h b/tools/hciattach.h
index c133321..2d26b77 100644
--- a/tools/hciattach.h
+++ b/tools/hciattach.h
@@ -52,3 +52,4 @@ int stlc2500_init(int fd, bdaddr_t *bdaddr);
int bgb2xx_init(int dd, bdaddr_t *bdaddr);
int ath3k_init(int fd, char *bdaddr, int speed);
int ath3k_post(int fd, int pm);
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr);
diff --git a/tools/hciattach_qualcomm.c b/tools/hciattach_qualcomm.c
new file mode 100644
index 0000000..b0df4b2
--- /dev/null
+++ b/tools/hciattach_qualcomm.c
@@ -0,0 +1,279 @@
+/*
+ *
+ * BlueZ - Bluetooth protocol stack for Linux
+ *
+ * Copyright (C) 2005-2010 Marcel Holtmann <[email protected]>
+ * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <syslog.h>
+#include <termios.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/poll.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+#include <bluetooth/hci_lib.h>
+
+#include "hciattach.h"
+
+#define FAILIF(x, args...) do { \
+ if (x) { \
+ fprintf(stderr, ##args); \
+ return -1; \
+ } \
+} while (0)
+
+typedef struct {
+ uint8_t uart_prefix;
+ hci_event_hdr hci_hdr;
+ evt_cmd_complete cmd_complete;
+ uint8_t status;
+ uint8_t data[16];
+} __attribute__((packed)) command_complete_t;
+
+static int read_command_complete(int fd,
+ unsigned short opcode,
+ unsigned char len)
+{
+ command_complete_t resp;
+ unsigned char vsevent[512];
+ int n;
+
+ /* Read reply. */
+ n = read_hci_event(fd, vsevent, sizeof(vsevent));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(vsevent[1] != 0xFF, "Failed to read response");
+
+ n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
+ FAILIF(n < 0, "Failed to read response");
+
+ /* event must be event-complete */
+ FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE,
+ "Error in response: not a cmd-complete event, "
+ "but 0x%02x!\n", resp.hci_hdr.evt);
+
+ FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
+ "Error in response: plen is not >= 4, but 0x%02x!\n",
+ resp.hci_hdr.plen);
+
+ /* cmd-complete event: opcode */
+ FAILIF(resp.cmd_complete.opcode != 0,
+ "Error in response: opcode is 0x%04x, not 0!",
+ resp.cmd_complete.opcode);
+
+ return resp.status == 0 ? 0 : -1;
+}
+
+static int qualcomm_load_firmware(int fd,
+ const char *firmware,
+ const char *bdaddr_s)
+{
+
+ int fw = open(firmware, O_RDONLY);
+
+ fprintf(stdout, "Opening firmware file: %s\n", firmware);
+
+ FAILIF(fw < 0,
+ "Could not open firmware file %s: %s (%d).\n",
+ firmware, strerror(errno), errno);
+
+ fprintf(stdout, "Uploading firmware...\n");
+ do {
+ /* Read each command and wait for a response. */
+ unsigned char data[1024];
+ unsigned char cmdp[1 + sizeof(hci_command_hdr)];
+ hci_command_hdr *cmd = (hci_command_hdr *)(cmdp + 1);
+ int nr;
+ nr = read(fw, cmdp, sizeof(cmdp));
+ if (!nr)
+ break;
+ FAILIF(nr != sizeof(cmdp),
+ "Could not read H4 + HCI header!\n");
+ FAILIF(*cmdp != HCI_COMMAND_PKT,
+ "Command is not an H4 command packet!\n");
+
+ FAILIF(read(fw, data, cmd->plen) != cmd->plen,
+ "Could not read %d bytes of data \
+ for command with opcode %04x!\n",
+ cmd->plen,
+ cmd->opcode);
+
+ if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
+ bdaddr_t bdaddr;
+ if (bdaddr_s != NULL) {
+ (void) str2ba(bdaddr_s, &bdaddr);
+ memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
+ }
+ }
+
+ {
+ int nw;
+ struct iovec iov_cmd[2];
+ iov_cmd[0].iov_base = cmdp;
+ iov_cmd[0].iov_len = sizeof(cmdp);
+ iov_cmd[1].iov_base = data;
+ iov_cmd[1].iov_len = cmd->plen;
+ nw = writev(fd, iov_cmd, 2);
+ FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
+ "Could not send entire command \
+ (sent only %d bytes)!\n",
+ nw);
+ }
+
+ /* Wait for response */
+ if (read_command_complete(fd, cmd->opcode, cmd->plen) < 0)
+ {
+ return -1;
+ }
+
+ } while (1);
+ fprintf(stdout, "Firmware upload successful.\n");
+
+ close(fw);
+ return 0;
+}
+
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
+{
+ struct timespec tm = {0, 50000};
+ char cmd[5];
+ unsigned char resp[100]; /* Response */
+ char fw[100];
+ int n;
+
+ memset(resp, '\0', 100);
+
+ /* Get Manufacturer and LMP version */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x01;
+ cmd[2] = 0x10;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 4) {
+ perror("Failed to write init command");
+ return -1;
+ }
+
+ /* Read reply. */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ /* Wait for command complete event for our Opcode */
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ /* Verify manufacturer */
+ if ((resp[11] & 0xFF) != 0x1d)
+ fprintf(stderr,
+ "WARNING : module's manufacturer is not Qualcomm\n");
+
+ /* Print LMP version */
+ fprintf(stderr,
+ "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
+
+ /* Print LMP subversion */
+ {
+ unsigned short lmp_subv = resp[13] | (resp[14] << 8);
+
+ fprintf(stderr,
+ "Qualcomm module LMP sub-version : 0x%04x\n", lmp_subv);
+
+ }
+
+ /* Get SoC type */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x00;
+ cmd[2] = 0xFC;
+ cmd[3] = 0x01;
+ cmd[4] = 0x06;
+
+ do {
+ n = write(fd, cmd, 5);
+ if (n < 5) {
+ perror("Failed to write vendor init command");
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read vendor init response");
+ return -1;
+ }
+
+ } while (resp[3] != 0 && resp[4] != 2);
+
+ snprintf(fw, sizeof(fw),
+ "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
+ resp[18], resp[19], resp[20], resp[21],
+ resp[22], resp[23],
+ resp[32], resp[33], resp[34], resp[35]);
+
+ /* Wait for command complete event for our Opcode */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ qualcomm_load_firmware(fd, fw, bdaddr);
+
+ /* Reset */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x03;
+ cmd[2] = 0x0C;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 4) {
+ perror("Failed to write reset command");
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read reset response");
+ return -1;
+ }
+
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ nanosleep(&tm, NULL);
+ return 0;
+}
--
1.7.1.1

--
Matthew Wilson
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum

2010-08-23 14:38:44

by Matthew Wilson

[permalink] [raw]
Subject: Re: [PATCH v3] Firmware download for Qualcomm Bluetooth devices

On Sat, 2010-08-21 at 01:37 +0300, Johan Hedberg wrote:

>
> And here. Why do you split it into three lines when it all fits within
> 80 columns?
>
> Johan

Correction: prior style is actually from commit
13c0e26a0213f67f5bb9bd6915fddee9a7ca3b4 not
a8de99bdd963f0980877e066c7802c4247c1000c.

-Matt

--
Matthew Wilson
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
--

2010-08-23 14:36:05

by Matthew Wilson

[permalink] [raw]
Subject: Re: [PATCH v3] Firmware download for Qualcomm Bluetooth devices

On Sat, 2010-08-21 at 01:37 +0300, Johan Hedberg wrote:
> Hi Matt,
>
> On Fri, Aug 20, 2010, Matthew Wilson wrote:
> > Configures device address from hciattach parameter.
> > UART speed limited to 115200.
> > Requires separate device specific firmware.
> > ---
> > Makefile.tools | 3 +-
> > tools/hciattach.c | 10 ++
> > tools/hciattach.h | 1 +
> > tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
> > 4 files changed, 292 insertions(+), 1 deletions(-)
> > create mode 100644 tools/hciattach_qualcomm.c
>
> Thanks, the patch applies cleanly now. However, I spotted a couple of
> whitespace/coding style issues that would be good to get fixed before
> pushing this upstream:
>
> > +#define FAILIF(x, args...) do { \
> > + if (x) { \
> > + fprintf(stderr, ##args); \
> > + return -1; \
> > + } \
> > +} while(0)
>
> Before each \ at the end of the line you use a mix of tabs and spaces.
> Please just use tabs.
>

See below for origin of style.

> > +typedef struct {
> > + uint8_t uart_prefix;
> > + hci_event_hdr hci_hdr;
> > + evt_cmd_complete cmd_complete;
> > + uint8_t status;
> > + uint8_t data[16];
> > +} __attribute__((packed)) command_complete_t;
> > +
> > +
>
> Why the two consecutive empty lines? Please remove one.

No reason. Will remove.

>
> > +static int read_command_complete(int fd, unsigned short opcode, unsigned char len) {
>
> This one looks like it goes beyond 80 columns. Please split it. Also,
> the coding style is to put the opening brace of a function on its own
> line.

See below for origin of style.

> > + FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-complete */
> > + "Error in response: not a cmd-complete event, "
> > + "but 0x%02x!\n", resp.hci_hdr.evt);
>
> Mixed tabs and spaces for indentation. Please just use tabs.
>

See below for origin of style.

> > + FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
> > + "Error in response: plen is not >= 4, but 0x%02x!\n",
> > + resp.hci_hdr.plen);
>
> Same here.
>

See below for origin of style.

> > +
> > + /* cmd-complete event: opcode */
> > + FAILIF(resp.cmd_complete.opcode != 0,
> > + "Error in response: opcode is 0x%04x, not 0!",
> > + resp.cmd_complete.opcode);
>
> And here.
>

See below for origin of style.

> > +static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) {
>
> This one goes beyond 80 columns too and the opening brace should be on
> its own line.
>
> > + FAILIF(fw < 0,
> > + "Could not open firmware file %s: %s (%d).\n",
> > + firmware, strerror(errno), errno);
>

See below for origin of style.

> Mixed tabs and spaces for indentation.
>
> > + FAILIF(read(fw, data, cmd->plen) != cmd->plen,
> > + "Could not read %d bytes of data for command with opcode %04x!\n",
> > + cmd->plen,
> > + cmd->opcode);
>
> Same here.
>

See below for origin of style.

> > + FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
> > + "Could not send entire command (sent only %d bytes)!\n",
> > + nw);
>
> And here.
>

See below for origin of style.

> > + if (read_command_complete(fd,
> > + cmd->opcode,
> > + cmd->plen) < 0) {
>
> And here. Why do you split it into three lines when it all fits within
> 80 columns?
>

The style is from prior commit a8de99bdd963f0980877e066c7802c4247c1000c
but I will fix anyway (just in this file; not in hciattach_tialt.c)

> Johan
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html

Many thanks for the comprehensive review. v4 coming shortly.

-Matt


2010-08-20 22:37:57

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH v3] Firmware download for Qualcomm Bluetooth devices

Hi Matt,

On Fri, Aug 20, 2010, Matthew Wilson wrote:
> Configures device address from hciattach parameter.
> UART speed limited to 115200.
> Requires separate device specific firmware.
> ---
> Makefile.tools | 3 +-
> tools/hciattach.c | 10 ++
> tools/hciattach.h | 1 +
> tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 292 insertions(+), 1 deletions(-)
> create mode 100644 tools/hciattach_qualcomm.c

Thanks, the patch applies cleanly now. However, I spotted a couple of
whitespace/coding style issues that would be good to get fixed before
pushing this upstream:

> +#define FAILIF(x, args...) do { \
> + if (x) { \
> + fprintf(stderr, ##args); \
> + return -1; \
> + } \
> +} while(0)

Before each \ at the end of the line you use a mix of tabs and spaces.
Please just use tabs.

> +typedef struct {
> + uint8_t uart_prefix;
> + hci_event_hdr hci_hdr;
> + evt_cmd_complete cmd_complete;
> + uint8_t status;
> + uint8_t data[16];
> +} __attribute__((packed)) command_complete_t;
> +
> +

Why the two consecutive empty lines? Please remove one.

> +static int read_command_complete(int fd, unsigned short opcode, unsigned char len) {

This one looks like it goes beyond 80 columns. Please split it. Also,
the coding style is to put the opening brace of a function on its own
line.

> + FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-complete */
> + "Error in response: not a cmd-complete event, "
> + "but 0x%02x!\n", resp.hci_hdr.evt);

Mixed tabs and spaces for indentation. Please just use tabs.

> + FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
> + "Error in response: plen is not >= 4, but 0x%02x!\n",
> + resp.hci_hdr.plen);

Same here.

> +
> + /* cmd-complete event: opcode */
> + FAILIF(resp.cmd_complete.opcode != 0,
> + "Error in response: opcode is 0x%04x, not 0!",
> + resp.cmd_complete.opcode);

And here.

> +static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) {

This one goes beyond 80 columns too and the opening brace should be on
its own line.

> + FAILIF(fw < 0,
> + "Could not open firmware file %s: %s (%d).\n",
> + firmware, strerror(errno), errno);

Mixed tabs and spaces for indentation.

> + FAILIF(read(fw, data, cmd->plen) != cmd->plen,
> + "Could not read %d bytes of data for command with opcode %04x!\n",
> + cmd->plen,
> + cmd->opcode);

Same here.

> + FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
> + "Could not send entire command (sent only %d bytes)!\n",
> + nw);

And here.

> + if (read_command_complete(fd,
> + cmd->opcode,
> + cmd->plen) < 0) {

And here. Why do you split it into three lines when it all fits within
80 columns?

Johan

2010-08-20 21:37:31

by Matthew Wilson

[permalink] [raw]
Subject: [PATCH v3] Firmware download for Qualcomm Bluetooth devices

Configures device address from hciattach parameter.
UART speed limited to 115200.
Requires separate device specific firmware.
---
Makefile.tools | 3 +-
tools/hciattach.c | 10 ++
tools/hciattach.h | 1 +
tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 292 insertions(+), 1 deletions(-)
create mode 100644 tools/hciattach_qualcomm.c

diff --git a/Makefile.tools b/Makefile.tools
index 8ee1972..1c46542 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -24,7 +24,8 @@ tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
tools/hciattach_st.c \
tools/hciattach_ti.c \
tools/hciattach_tialt.c \
- tools/hciattach_ath3k.c
+ tools/hciattach_ath3k.c \
+ tools/hciattach_qualcomm.c
tools_hciattach_LDADD = lib/libbluetooth.la

tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
diff --git a/tools/hciattach.c b/tools/hciattach.c
index 5662f57..ad2afa4 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -312,6 +312,11 @@ static int ath3k_pm(int fd, struct uart_t *u, struct termios *ti)
return ath3k_post(fd, u->pm);
}

+static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
+{
+ return qualcomm_init(fd, u->speed, ti, u->bdaddr);
+}
+
static int read_check(int fd, void *buf, int count)
{
int res;
@@ -1116,6 +1121,11 @@ struct uart_t uart[] = {

{ "ath3k", 0x0000, 0x0000, HCI_UART_ATH3K, 115200, 115200,
FLOW_CTL, DISABLE_PM, NULL, ath3k_ps, ath3k_pm },
+
+ /* QUALCOMM BTS */
+ { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200,
+ FLOW_CTL, NULL, qualcomm },
+
{ NULL, 0 }
};

diff --git a/tools/hciattach.h b/tools/hciattach.h
index c133321..2d26b77 100644
--- a/tools/hciattach.h
+++ b/tools/hciattach.h
@@ -52,3 +52,4 @@ int stlc2500_init(int fd, bdaddr_t *bdaddr);
int bgb2xx_init(int dd, bdaddr_t *bdaddr);
int ath3k_init(int fd, char *bdaddr, int speed);
int ath3k_post(int fd, int pm);
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr);
diff --git a/tools/hciattach_qualcomm.c b/tools/hciattach_qualcomm.c
new file mode 100644
index 0000000..31ca3c8
--- /dev/null
+++ b/tools/hciattach_qualcomm.c
@@ -0,0 +1,279 @@
+/*
+ *
+ * BlueZ - Bluetooth protocol stack for Linux
+ *
+ * Copyright (C) 2005-2010 Marcel Holtmann <[email protected]>
+ * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <syslog.h>
+#include <termios.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/poll.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+#include <bluetooth/hci_lib.h>
+
+#include "hciattach.h"
+
+#define FAILIF(x, args...) do { \
+ if (x) { \
+ fprintf(stderr, ##args); \
+ return -1; \
+ } \
+} while(0)
+
+typedef struct {
+ uint8_t uart_prefix;
+ hci_event_hdr hci_hdr;
+ evt_cmd_complete cmd_complete;
+ uint8_t status;
+ uint8_t data[16];
+} __attribute__((packed)) command_complete_t;
+
+
+static int read_command_complete(int fd, unsigned short opcode, unsigned char len) {
+ command_complete_t resp;
+ unsigned char vsevent[512];
+ int n;
+
+ /* Read reply. */
+ n = read_hci_event(fd, vsevent, sizeof(vsevent));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(vsevent[1] != 0xFF, "Failed to read response");
+
+ n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-complete */
+ "Error in response: not a cmd-complete event, "
+ "but 0x%02x!\n", resp.hci_hdr.evt);
+
+ FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
+ "Error in response: plen is not >= 4, but 0x%02x!\n",
+ resp.hci_hdr.plen);
+
+ /* cmd-complete event: opcode */
+ FAILIF(resp.cmd_complete.opcode != 0,
+ "Error in response: opcode is 0x%04x, not 0!",
+ resp.cmd_complete.opcode);
+
+ return resp.status == 0 ? 0 : -1;
+}
+
+static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) {
+
+ int fw = open(firmware, O_RDONLY);
+
+ fprintf(stdout, "Opening firmware file: %s\n", firmware);
+
+ FAILIF(fw < 0,
+ "Could not open firmware file %s: %s (%d).\n",
+ firmware, strerror(errno), errno);
+
+ fprintf(stdout, "Uploading firmware...\n");
+ do {
+ /* Read each command and wait for a response. */
+ unsigned char data[1024];
+ unsigned char cmdp[1 + sizeof(hci_command_hdr)];
+ hci_command_hdr *cmd = (hci_command_hdr *)(cmdp + 1);
+ int nr;
+ nr = read(fw, cmdp, sizeof(cmdp));
+ if (!nr)
+ break;
+ FAILIF(nr != sizeof(cmdp), "Could not read H4 + HCI header!\n");
+ FAILIF(*cmdp != HCI_COMMAND_PKT, "Command is not an H4 command packet!\n");
+
+ FAILIF(read(fw, data, cmd->plen) != cmd->plen,
+ "Could not read %d bytes of data for command with opcode %04x!\n",
+ cmd->plen,
+ cmd->opcode);
+
+ if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
+ bdaddr_t bdaddr;
+ if (bdaddr_s != NULL) {
+ (void) str2ba(bdaddr_s, &bdaddr);
+ memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
+ }
+ }
+
+ {
+ int nw;
+ struct iovec iov_cmd[2];
+ iov_cmd[0].iov_base = cmdp;
+ iov_cmd[0].iov_len = sizeof(cmdp);
+ iov_cmd[1].iov_base = data;
+ iov_cmd[1].iov_len = cmd->plen;
+ nw = writev(fd, iov_cmd, 2);
+ FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
+ "Could not send entire command (sent only %d bytes)!\n",
+ nw);
+ }
+
+ /* Wait for response */
+ if (read_command_complete(fd,
+ cmd->opcode,
+ cmd->plen) < 0) {
+ return -1;
+ }
+
+ } while(1);
+ fprintf(stdout, "Firmware upload successful.\n");
+
+ close(fw);
+ return 0;
+}
+
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
+{
+ struct timespec tm = {0, 50000};
+ char cmd[5];
+ unsigned char resp[100]; /* Response */
+ char fw[100];
+ int n;
+
+ memset(resp,'\0', 100);
+
+ /* Get Manufacturer and LMP version */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x01;
+ cmd[2] = 0x10;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write init command (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+
+ /* Wait for command complete event for our Opcode */
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ /* Verify manufacturer */
+ if ((resp[11] & 0xFF) != 0x1d)
+ fprintf(stderr,"WARNING : module's manufacturer is not Qualcomm\n");
+
+ /* Print LMP version */
+ fprintf(stderr, "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
+
+ /* Print LMP subversion */
+ {
+ unsigned short lmp_subv = resp[13] | (resp[14] << 8);
+
+ fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n", lmp_subv);
+
+ }
+
+ /* Get SoC type */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x00;
+ cmd[2] = 0xFC;
+ cmd[3] = 0x01;
+ cmd[4] = 0x06;
+
+ do {
+ n = write(fd, cmd, 5);
+ if (n < 0) {
+ perror("Failed to write init command");
+ return -1;
+ }
+ if (n < 5) {
+ fprintf(stderr, "Wanted to write 5 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ } while (resp[3] != 0 && resp[4] != 2);
+
+ snprintf(fw, sizeof(fw),
+ "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
+ resp[18], resp[19], resp[20], resp[21],
+ resp[22], resp[23],
+ resp[32], resp[33], resp[34], resp[35]);
+
+ /* Wait for command complete event for our Opcode */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ qualcomm_load_firmware(fd, fw, bdaddr);
+
+ /* Reset */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x03;
+ cmd[2] = 0x0C;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write reset command");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read reset response");
+ return -1;
+ }
+
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ nanosleep(&tm, NULL);
+ return 0;
+}
--
1.7.1.1

--
Matthew Wilson
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum

2010-08-18 22:35:24

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH v2] Firmware download for Qualcomm Bluetooth devices

Hi Ron,

On Wed, Aug 18, 2010, Ron Shaffer wrote:
> On 8/13/2010 10:33 AM, Matthew Wilson wrote:
> > Configures device address from hciattach parameter.
> > UART speed limited to 115200.
> > Requires separate device specific firmware.
> > ---
> > Makefile.tools | 3 +-
> > tools/hciattach.c | 8 ++
> > tools/hciattach.h | 1 +
> > tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
> > 4 files changed, 290 insertions(+), 1 deletions(-)
> > create mode 100644 tools/hciattach_qualcomm.c
<snip>
> Ping

Sorry about forgetting about this one. Unfortunately it doesn't apply
anymore to bluez.git due to the ath3k patches that got merged earlier
today. So you'll need to fix the conflicts and resubmit. Other than that
the patch seems fine to me.

Johan

2010-08-18 15:40:53

by Ron Shaffer

[permalink] [raw]
Subject: Re: [PATCH v2] Firmware download for Qualcomm Bluetooth devices

On 8/13/2010 10:33 AM, Matthew Wilson wrote:
> Configures device address from hciattach parameter.
> UART speed limited to 115200.
> Requires separate device specific firmware.
> ---
> Makefile.tools | 3 +-
> tools/hciattach.c | 8 ++
> tools/hciattach.h | 1 +
> tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 290 insertions(+), 1 deletions(-)
> create mode 100644 tools/hciattach_qualcomm.c
>
> diff --git a/Makefile.tools b/Makefile.tools
> index 2dbf925..0ce7b75 100644
> --- a/Makefile.tools
> +++ b/Makefile.tools
> @@ -23,7 +23,8 @@ tools_l2ping_LDADD = lib/libbluetooth.la
> tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
> tools/hciattach_st.c \
> tools/hciattach_ti.c \
> - tools/hciattach_tialt.c
> + tools/hciattach_tialt.c \
> + tools/hciattach_qualcomm.c
> tools_hciattach_LDADD = lib/libbluetooth.la
>
> tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
> diff --git a/tools/hciattach.c b/tools/hciattach.c
> index 81aea7b..4d4b0a1 100644
> --- a/tools/hciattach.c
> +++ b/tools/hciattach.c
> @@ -299,6 +299,11 @@ static int texasalt(int fd, struct uart_t *u, struct termios *ti)
> return texasalt_init(fd, u->speed, ti);
> }
>
> +static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
> +{
> + return qualcomm_init(fd, u->speed, ti, u->bdaddr);
> +}
> +
> static int read_check(int fd, void *buf, int count)
> {
> int res;
> @@ -1073,6 +1078,9 @@ struct uart_t uart[] = {
> /* Broadcom BCM2035 */
> { "bcm2035", 0x0A5C, 0x2035, HCI_UART_H4, 115200, 460800, FLOW_CTL, NULL, bcm2035 },
>
> + /* QUALCOMM BTS */
> + { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200, FLOW_CTL, NULL, qualcomm },
> +
> { NULL, 0 }
> };
>
> diff --git a/tools/hciattach.h b/tools/hciattach.h
> index c0b80a1..3d5605b 100644
> --- a/tools/hciattach.h
> +++ b/tools/hciattach.h
> @@ -49,3 +49,4 @@ int texas_post(int fd, struct termios *ti);
> int texasalt_init(int fd, int speed, struct termios *ti);
> int stlc2500_init(int fd, bdaddr_t *bdaddr);
> int bgb2xx_init(int dd, bdaddr_t *bdaddr);
> +int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr);
> diff --git a/tools/hciattach_qualcomm.c b/tools/hciattach_qualcomm.c
> new file mode 100644
> index 0000000..31ca3c8
> --- /dev/null
> +++ b/tools/hciattach_qualcomm.c
> @@ -0,0 +1,279 @@
> +/*
> + *
> + * BlueZ - Bluetooth protocol stack for Linux
> + *
> + * Copyright (C) 2005-2010 Marcel Holtmann <[email protected]>
> + * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
> + *
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
> + *
> + */
> +
> +#ifdef HAVE_CONFIG_H
> +#include <config.h>
> +#endif
> +
> +#include <stdio.h>
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <signal.h>
> +#include <syslog.h>
> +#include <termios.h>
> +#include <time.h>
> +#include <sys/time.h>
> +#include <sys/poll.h>
> +#include <sys/param.h>
> +#include <sys/ioctl.h>
> +#include <sys/socket.h>
> +#include <sys/uio.h>
> +
> +#include <bluetooth/bluetooth.h>
> +#include <bluetooth/hci.h>
> +#include <bluetooth/hci_lib.h>
> +
> +#include "hciattach.h"
> +
> +#define FAILIF(x, args...) do { \
> + if (x) { \
> + fprintf(stderr, ##args); \
> + return -1; \
> + } \
> +} while(0)
> +
> +typedef struct {
> + uint8_t uart_prefix;
> + hci_event_hdr hci_hdr;
> + evt_cmd_complete cmd_complete;
> + uint8_t status;
> + uint8_t data[16];
> +} __attribute__((packed)) command_complete_t;
> +
> +
> +static int read_command_complete(int fd, unsigned short opcode, unsigned char len) {
> + command_complete_t resp;
> + unsigned char vsevent[512];
> + int n;
> +
> + /* Read reply. */
> + n = read_hci_event(fd, vsevent, sizeof(vsevent));
> + FAILIF(n < 0, "Failed to read response");
> +
> + FAILIF(vsevent[1] != 0xFF, "Failed to read response");
> +
> + n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
> + FAILIF(n < 0, "Failed to read response");
> +
> + FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-complete */
> + "Error in response: not a cmd-complete event, "
> + "but 0x%02x!\n", resp.hci_hdr.evt);
> +
> + FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
> + "Error in response: plen is not >= 4, but 0x%02x!\n",
> + resp.hci_hdr.plen);
> +
> + /* cmd-complete event: opcode */
> + FAILIF(resp.cmd_complete.opcode != 0,
> + "Error in response: opcode is 0x%04x, not 0!",
> + resp.cmd_complete.opcode);
> +
> + return resp.status == 0 ? 0 : -1;
> +}
> +
> +static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) {
> +
> + int fw = open(firmware, O_RDONLY);
> +
> + fprintf(stdout, "Opening firmware file: %s\n", firmware);
> +
> + FAILIF(fw < 0,
> + "Could not open firmware file %s: %s (%d).\n",
> + firmware, strerror(errno), errno);
> +
> + fprintf(stdout, "Uploading firmware...\n");
> + do {
> + /* Read each command and wait for a response. */
> + unsigned char data[1024];
> + unsigned char cmdp[1 + sizeof(hci_command_hdr)];
> + hci_command_hdr *cmd = (hci_command_hdr *)(cmdp + 1);
> + int nr;
> + nr = read(fw, cmdp, sizeof(cmdp));
> + if (!nr)
> + break;
> + FAILIF(nr != sizeof(cmdp), "Could not read H4 + HCI header!\n");
> + FAILIF(*cmdp != HCI_COMMAND_PKT, "Command is not an H4 command packet!\n");
> +
> + FAILIF(read(fw, data, cmd->plen) != cmd->plen,
> + "Could not read %d bytes of data for command with opcode %04x!\n",
> + cmd->plen,
> + cmd->opcode);
> +
> + if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
> + bdaddr_t bdaddr;
> + if (bdaddr_s != NULL) {
> + (void) str2ba(bdaddr_s, &bdaddr);
> + memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
> + }
> + }
> +
> + {
> + int nw;
> + struct iovec iov_cmd[2];
> + iov_cmd[0].iov_base = cmdp;
> + iov_cmd[0].iov_len = sizeof(cmdp);
> + iov_cmd[1].iov_base = data;
> + iov_cmd[1].iov_len = cmd->plen;
> + nw = writev(fd, iov_cmd, 2);
> + FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
> + "Could not send entire command (sent only %d bytes)!\n",
> + nw);
> + }
> +
> + /* Wait for response */
> + if (read_command_complete(fd,
> + cmd->opcode,
> + cmd->plen) < 0) {
> + return -1;
> + }
> +
> + } while(1);
> + fprintf(stdout, "Firmware upload successful.\n");
> +
> + close(fw);
> + return 0;
> +}
> +
> +int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
> +{
> + struct timespec tm = {0, 50000};
> + char cmd[5];
> + unsigned char resp[100]; /* Response */
> + char fw[100];
> + int n;
> +
> + memset(resp,'\0', 100);
> +
> + /* Get Manufacturer and LMP version */
> + cmd[0] = HCI_COMMAND_PKT;
> + cmd[1] = 0x01;
> + cmd[2] = 0x10;
> + cmd[3] = 0x00;
> +
> + do {
> + n = write(fd, cmd, 4);
> + if (n < 0) {
> + perror("Failed to write init command (READ_LOCAL_VERSION_INFORMATION)");
> + return -1;
> + }
> + if (n < 4) {
> + fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
> + return -1;
> + }
> +
> + /* Read reply. */
> + if (read_hci_event(fd, resp, 100) < 0) {
> + perror("Failed to read init response (READ_LOCAL_VERSION_INFORMATION)");
> + return -1;
> + }
> +
> + /* Wait for command complete event for our Opcode */
> + } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
> +
> + /* Verify manufacturer */
> + if ((resp[11] & 0xFF) != 0x1d)
> + fprintf(stderr,"WARNING : module's manufacturer is not Qualcomm\n");
> +
> + /* Print LMP version */
> + fprintf(stderr, "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
> +
> + /* Print LMP subversion */
> + {
> + unsigned short lmp_subv = resp[13] | (resp[14] << 8);
> +
> + fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n", lmp_subv);
> +
> + }
> +
> + /* Get SoC type */
> + cmd[0] = HCI_COMMAND_PKT;
> + cmd[1] = 0x00;
> + cmd[2] = 0xFC;
> + cmd[3] = 0x01;
> + cmd[4] = 0x06;
> +
> + do {
> + n = write(fd, cmd, 5);
> + if (n < 0) {
> + perror("Failed to write init command");
> + return -1;
> + }
> + if (n < 5) {
> + fprintf(stderr, "Wanted to write 5 bytes, could only write %d. Stop\n", n);
> + return -1;
> + }
> +
> + /* Read reply. */
> + if ((n = read_hci_event(fd, resp, 100)) < 0) {
> + perror("Failed to read init response");
> + return -1;
> + }
> +
> + } while (resp[3] != 0 && resp[4] != 2);
> +
> + snprintf(fw, sizeof(fw),
> + "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
> + resp[18], resp[19], resp[20], resp[21],
> + resp[22], resp[23],
> + resp[32], resp[33], resp[34], resp[35]);
> +
> + /* Wait for command complete event for our Opcode */
> + if (read_hci_event(fd, resp, 100) < 0) {
> + perror("Failed to read init response");
> + return -1;
> + }
> +
> + qualcomm_load_firmware(fd, fw, bdaddr);
> +
> + /* Reset */
> + cmd[0] = HCI_COMMAND_PKT;
> + cmd[1] = 0x03;
> + cmd[2] = 0x0C;
> + cmd[3] = 0x00;
> +
> + do {
> + n = write(fd, cmd, 4);
> + if (n < 0) {
> + perror("Failed to write reset command");
> + return -1;
> + }
> + if (n < 4) {
> + fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
> + return -1;
> + }
> +
> + /* Read reply. */
> + if ((n = read_hci_event(fd, resp, 100)) < 0) {
> + perror("Failed to read reset response");
> + return -1;
> + }
> +
> + } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
> +
> + nanosleep(&tm, NULL);
> + return 0;
> +}

Ping

--
Ron Shaffer
Employee of the Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.

2010-08-13 15:33:56

by Matthew Wilson

[permalink] [raw]
Subject: [PATCH v2] Firmware download for Qualcomm Bluetooth devices

Configures device address from hciattach parameter.
UART speed limited to 115200.
Requires separate device specific firmware.
---
Makefile.tools | 3 +-
tools/hciattach.c | 8 ++
tools/hciattach.h | 1 +
tools/hciattach_qualcomm.c | 279 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 290 insertions(+), 1 deletions(-)
create mode 100644 tools/hciattach_qualcomm.c

diff --git a/Makefile.tools b/Makefile.tools
index 2dbf925..0ce7b75 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -23,7 +23,8 @@ tools_l2ping_LDADD = lib/libbluetooth.la
tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
tools/hciattach_st.c \
tools/hciattach_ti.c \
- tools/hciattach_tialt.c
+ tools/hciattach_tialt.c \
+ tools/hciattach_qualcomm.c
tools_hciattach_LDADD = lib/libbluetooth.la

tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
diff --git a/tools/hciattach.c b/tools/hciattach.c
index 81aea7b..4d4b0a1 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -299,6 +299,11 @@ static int texasalt(int fd, struct uart_t *u, struct termios *ti)
return texasalt_init(fd, u->speed, ti);
}

+static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
+{
+ return qualcomm_init(fd, u->speed, ti, u->bdaddr);
+}
+
static int read_check(int fd, void *buf, int count)
{
int res;
@@ -1073,6 +1078,9 @@ struct uart_t uart[] = {
/* Broadcom BCM2035 */
{ "bcm2035", 0x0A5C, 0x2035, HCI_UART_H4, 115200, 460800, FLOW_CTL, NULL, bcm2035 },

+ /* QUALCOMM BTS */
+ { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200, FLOW_CTL, NULL, qualcomm },
+
{ NULL, 0 }
};

diff --git a/tools/hciattach.h b/tools/hciattach.h
index c0b80a1..3d5605b 100644
--- a/tools/hciattach.h
+++ b/tools/hciattach.h
@@ -49,3 +49,4 @@ int texas_post(int fd, struct termios *ti);
int texasalt_init(int fd, int speed, struct termios *ti);
int stlc2500_init(int fd, bdaddr_t *bdaddr);
int bgb2xx_init(int dd, bdaddr_t *bdaddr);
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr);
diff --git a/tools/hciattach_qualcomm.c b/tools/hciattach_qualcomm.c
new file mode 100644
index 0000000..31ca3c8
--- /dev/null
+++ b/tools/hciattach_qualcomm.c
@@ -0,0 +1,279 @@
+/*
+ *
+ * BlueZ - Bluetooth protocol stack for Linux
+ *
+ * Copyright (C) 2005-2010 Marcel Holtmann <[email protected]>
+ * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <syslog.h>
+#include <termios.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/poll.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+#include <bluetooth/hci_lib.h>
+
+#include "hciattach.h"
+
+#define FAILIF(x, args...) do { \
+ if (x) { \
+ fprintf(stderr, ##args); \
+ return -1; \
+ } \
+} while(0)
+
+typedef struct {
+ uint8_t uart_prefix;
+ hci_event_hdr hci_hdr;
+ evt_cmd_complete cmd_complete;
+ uint8_t status;
+ uint8_t data[16];
+} __attribute__((packed)) command_complete_t;
+
+
+static int read_command_complete(int fd, unsigned short opcode, unsigned char len) {
+ command_complete_t resp;
+ unsigned char vsevent[512];
+ int n;
+
+ /* Read reply. */
+ n = read_hci_event(fd, vsevent, sizeof(vsevent));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(vsevent[1] != 0xFF, "Failed to read response");
+
+ n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-complete */
+ "Error in response: not a cmd-complete event, "
+ "but 0x%02x!\n", resp.hci_hdr.evt);
+
+ FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
+ "Error in response: plen is not >= 4, but 0x%02x!\n",
+ resp.hci_hdr.plen);
+
+ /* cmd-complete event: opcode */
+ FAILIF(resp.cmd_complete.opcode != 0,
+ "Error in response: opcode is 0x%04x, not 0!",
+ resp.cmd_complete.opcode);
+
+ return resp.status == 0 ? 0 : -1;
+}
+
+static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) {
+
+ int fw = open(firmware, O_RDONLY);
+
+ fprintf(stdout, "Opening firmware file: %s\n", firmware);
+
+ FAILIF(fw < 0,
+ "Could not open firmware file %s: %s (%d).\n",
+ firmware, strerror(errno), errno);
+
+ fprintf(stdout, "Uploading firmware...\n");
+ do {
+ /* Read each command and wait for a response. */
+ unsigned char data[1024];
+ unsigned char cmdp[1 + sizeof(hci_command_hdr)];
+ hci_command_hdr *cmd = (hci_command_hdr *)(cmdp + 1);
+ int nr;
+ nr = read(fw, cmdp, sizeof(cmdp));
+ if (!nr)
+ break;
+ FAILIF(nr != sizeof(cmdp), "Could not read H4 + HCI header!\n");
+ FAILIF(*cmdp != HCI_COMMAND_PKT, "Command is not an H4 command packet!\n");
+
+ FAILIF(read(fw, data, cmd->plen) != cmd->plen,
+ "Could not read %d bytes of data for command with opcode %04x!\n",
+ cmd->plen,
+ cmd->opcode);
+
+ if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
+ bdaddr_t bdaddr;
+ if (bdaddr_s != NULL) {
+ (void) str2ba(bdaddr_s, &bdaddr);
+ memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
+ }
+ }
+
+ {
+ int nw;
+ struct iovec iov_cmd[2];
+ iov_cmd[0].iov_base = cmdp;
+ iov_cmd[0].iov_len = sizeof(cmdp);
+ iov_cmd[1].iov_base = data;
+ iov_cmd[1].iov_len = cmd->plen;
+ nw = writev(fd, iov_cmd, 2);
+ FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
+ "Could not send entire command (sent only %d bytes)!\n",
+ nw);
+ }
+
+ /* Wait for response */
+ if (read_command_complete(fd,
+ cmd->opcode,
+ cmd->plen) < 0) {
+ return -1;
+ }
+
+ } while(1);
+ fprintf(stdout, "Firmware upload successful.\n");
+
+ close(fw);
+ return 0;
+}
+
+int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
+{
+ struct timespec tm = {0, 50000};
+ char cmd[5];
+ unsigned char resp[100]; /* Response */
+ char fw[100];
+ int n;
+
+ memset(resp,'\0', 100);
+
+ /* Get Manufacturer and LMP version */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x01;
+ cmd[2] = 0x10;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write init command (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+
+ /* Wait for command complete event for our Opcode */
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ /* Verify manufacturer */
+ if ((resp[11] & 0xFF) != 0x1d)
+ fprintf(stderr,"WARNING : module's manufacturer is not Qualcomm\n");
+
+ /* Print LMP version */
+ fprintf(stderr, "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
+
+ /* Print LMP subversion */
+ {
+ unsigned short lmp_subv = resp[13] | (resp[14] << 8);
+
+ fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n", lmp_subv);
+
+ }
+
+ /* Get SoC type */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x00;
+ cmd[2] = 0xFC;
+ cmd[3] = 0x01;
+ cmd[4] = 0x06;
+
+ do {
+ n = write(fd, cmd, 5);
+ if (n < 0) {
+ perror("Failed to write init command");
+ return -1;
+ }
+ if (n < 5) {
+ fprintf(stderr, "Wanted to write 5 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ } while (resp[3] != 0 && resp[4] != 2);
+
+ snprintf(fw, sizeof(fw),
+ "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
+ resp[18], resp[19], resp[20], resp[21],
+ resp[22], resp[23],
+ resp[32], resp[33], resp[34], resp[35]);
+
+ /* Wait for command complete event for our Opcode */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ qualcomm_load_firmware(fd, fw, bdaddr);
+
+ /* Reset */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x03;
+ cmd[2] = 0x0C;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write reset command");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d. Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read reset response");
+ return -1;
+ }
+
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ nanosleep(&tm, NULL);
+ return 0;
+}
--
1.7.1.1

--
Matthew Wilson
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum


2010-08-11 02:27:22

by Ron Shaffer

[permalink] [raw]
Subject: Re: patch for firmware download to Qualcomm Bluetooth chip

On 8/10/2010 5:14 PM, Marcel Holtmann wrote:
> Hi Ron,
>
>> Here's the a ping regarding the patch submitted by Matt back in March? I
>> believe. For you convenience I've included the patch again. Please take
>> a look, and provide your general comments. I'm sure there are changes
>> that need to be made.
>>
>> Fyi. sorry about the column wrap in the patch. Don't feel like fixing it
>> for just a quick review.
>>
>> From 76d0bdd82a0a4e5b3b9544bb864c31888f20cea1 Mon Sep 17 00:00:00 2001
>> From: Wilson, Matt <[email protected]>
>> Date: Thu, 11 Feb 2010 11:53:29 -0600
>> Subject: [PATCH] Firmware download for Qualcomm Bluetooth devices
>>
>> ---
>> Makefile.tools | 3 +-
>> tools/hciattach.c | 9 ++
>> tools/hciattach.h | 4 +
>> tools/hciattach_qualcomm.c | 279
>> ++++++++++++++++++++++++++++++++++++++++++++
>> 4 files changed, 294 insertions(+), 1 deletions(-)
>> create mode 100644 tools/hciattach_qualcomm.c
>>
>> diff --git a/Makefile.tools b/Makefile.tools
>> index 2735d68..7b92c8f 100644
>> --- a/Makefile.tools
>> +++ b/Makefile.tools
>> @@ -23,7 +23,8 @@ tools_l2ping_LDADD = lib/libbluetooth.la
>> tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
>> tools/hciattach_st.c \
>> tools/hciattach_ti.c \
>> - tools/hciattach_tialt.c
>> + tools/hciattach_tialt.c \
>> + tools/hciattach_qualcomm.c
>> tools_hciattach_LDADD = lib/libbluetooth.la
>>
>> tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
>> diff --git a/tools/hciattach.c b/tools/hciattach.c
>> index 364c5ff..d6aafbe 100644
>> --- a/tools/hciattach.c
>> +++ b/tools/hciattach.c
>> @@ -5,6 +5,7 @@
>> * Copyright (C) 2000-2001 Qualcomm Incorporated
>> * Copyright (C) 2002-2003 Maxim Krasnyansky <[email protected]>
>> * Copyright (C) 2002-2010 Marcel Holtmann <[email protected]>
>> + * Copyright (C) 2010, Code Aurora Forum. All rights reserved.
>> *
>> *
>> * This program is free software; you can redistribute it and/or modify
>> @@ -299,6 +300,11 @@ static int texasalt(int fd, struct uart_t *u, struct
>> termios *ti)
>> return texasalt_init(fd, u->speed, ti);
>> }
>>
>> +static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
>> +{
>> + return qualcomm_init(fd, u->speed, ti, u->bdaddr);
>> +}
>> +
>> static int read_check(int fd, void *buf, int count)
>> {
>> int res;
>> @@ -1071,6 +1077,9 @@ struct uart_t uart[] = {
>> /* Broadcom BCM2035 */
>> { "bcm2035", 0x0A5C, 0x2035, HCI_UART_H4, 115200, 460800, FLOW_CTL,
>> NULL, bcm2035 },
>>
>> + /* QUALCOMM BTS */
>> + { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200, FLOW_CTL,
>> NULL, qualcomm },
>> +
>> { NULL, 0 }
>> };
>>
>> diff --git a/tools/hciattach.h b/tools/hciattach.h
>> index 867563b..5c89013 100644
>> --- a/tools/hciattach.h
>> +++ b/tools/hciattach.h
>> @@ -3,6 +3,7 @@
>> * BlueZ - Bluetooth protocol stack for Linux
>> *
>> * Copyright (C) 2003-2010 Marcel Holtmann <[email protected]>
>> + * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
>> *
>> *
>> * This program is free software; you can redistribute it and/or modify
>> @@ -45,3 +46,6 @@ int texas_post(int fd, struct termios *ti);
>> int texasalt_init(int fd, int speed, struct termios *ti);
>> int stlc2500_init(int fd, bdaddr_t *bdaddr);
>> int bgb2xx_init(int dd, bdaddr_t *bdaddr);
>> +int qualcomm_init(int fd, int speed, struct termios *ti, const char
>> *bdaddr);
>> +
>> +
>
> I am actually fine with this. Except strip it from claiming copyright on
> hciattach.c and hciattach.h since these changes are not really anything
> new. They are just wrapping code.
>
> So fix this and submit a new clean patch.
>
> Regards
>
> Marcel
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

Yes, will do.

--
Ron Shaffer
Employee of the Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.

2010-08-10 21:14:08

by Marcel Holtmann

[permalink] [raw]
Subject: Re: patch for firmware download to Qualcomm Bluetooth chip

Hi Ron,

> Here's the a ping regarding the patch submitted by Matt back in March? I
> believe. For you convenience I've included the patch again. Please take
> a look, and provide your general comments. I'm sure there are changes
> that need to be made.
>
> Fyi. sorry about the column wrap in the patch. Don't feel like fixing it
> for just a quick review.
>
> From 76d0bdd82a0a4e5b3b9544bb864c31888f20cea1 Mon Sep 17 00:00:00 2001
> From: Wilson, Matt <[email protected]>
> Date: Thu, 11 Feb 2010 11:53:29 -0600
> Subject: [PATCH] Firmware download for Qualcomm Bluetooth devices
>
> ---
> Makefile.tools | 3 +-
> tools/hciattach.c | 9 ++
> tools/hciattach.h | 4 +
> tools/hciattach_qualcomm.c | 279
> ++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 294 insertions(+), 1 deletions(-)
> create mode 100644 tools/hciattach_qualcomm.c
>
> diff --git a/Makefile.tools b/Makefile.tools
> index 2735d68..7b92c8f 100644
> --- a/Makefile.tools
> +++ b/Makefile.tools
> @@ -23,7 +23,8 @@ tools_l2ping_LDADD = lib/libbluetooth.la
> tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
> tools/hciattach_st.c \
> tools/hciattach_ti.c \
> - tools/hciattach_tialt.c
> + tools/hciattach_tialt.c \
> + tools/hciattach_qualcomm.c
> tools_hciattach_LDADD = lib/libbluetooth.la
>
> tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
> diff --git a/tools/hciattach.c b/tools/hciattach.c
> index 364c5ff..d6aafbe 100644
> --- a/tools/hciattach.c
> +++ b/tools/hciattach.c
> @@ -5,6 +5,7 @@
> * Copyright (C) 2000-2001 Qualcomm Incorporated
> * Copyright (C) 2002-2003 Maxim Krasnyansky <[email protected]>
> * Copyright (C) 2002-2010 Marcel Holtmann <[email protected]>
> + * Copyright (C) 2010, Code Aurora Forum. All rights reserved.
> *
> *
> * This program is free software; you can redistribute it and/or modify
> @@ -299,6 +300,11 @@ static int texasalt(int fd, struct uart_t *u, struct
> termios *ti)
> return texasalt_init(fd, u->speed, ti);
> }
>
> +static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
> +{
> + return qualcomm_init(fd, u->speed, ti, u->bdaddr);
> +}
> +
> static int read_check(int fd, void *buf, int count)
> {
> int res;
> @@ -1071,6 +1077,9 @@ struct uart_t uart[] = {
> /* Broadcom BCM2035 */
> { "bcm2035", 0x0A5C, 0x2035, HCI_UART_H4, 115200, 460800, FLOW_CTL,
> NULL, bcm2035 },
>
> + /* QUALCOMM BTS */
> + { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200, FLOW_CTL,
> NULL, qualcomm },
> +
> { NULL, 0 }
> };
>
> diff --git a/tools/hciattach.h b/tools/hciattach.h
> index 867563b..5c89013 100644
> --- a/tools/hciattach.h
> +++ b/tools/hciattach.h
> @@ -3,6 +3,7 @@
> * BlueZ - Bluetooth protocol stack for Linux
> *
> * Copyright (C) 2003-2010 Marcel Holtmann <[email protected]>
> + * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
> *
> *
> * This program is free software; you can redistribute it and/or modify
> @@ -45,3 +46,6 @@ int texas_post(int fd, struct termios *ti);
> int texasalt_init(int fd, int speed, struct termios *ti);
> int stlc2500_init(int fd, bdaddr_t *bdaddr);
> int bgb2xx_init(int dd, bdaddr_t *bdaddr);
> +int qualcomm_init(int fd, int speed, struct termios *ti, const char
> *bdaddr);
> +
> +

I am actually fine with this. Except strip it from claiming copyright on
hciattach.c and hciattach.h since these changes are not really anything
new. They are just wrapping code.

So fix this and submit a new clean patch.

Regards

Marcel



2010-08-10 18:51:18

by Ron Shaffer

[permalink] [raw]
Subject: Re: patch for firmware download to Qualcomm Bluetooth chip

Marcel:

Here's the a ping regarding the patch submitted by Matt back in March? I
believe. For you convenience I've included the patch again. Please take
a look, and provide your general comments. I'm sure there are changes
that need to be made.

Fyi. sorry about the column wrap in the patch. Don't feel like fixing it
for just a quick review.

>From 76d0bdd82a0a4e5b3b9544bb864c31888f20cea1 Mon Sep 17 00:00:00 2001
From: Wilson, Matt <[email protected]>
Date: Thu, 11 Feb 2010 11:53:29 -0600
Subject: [PATCH] Firmware download for Qualcomm Bluetooth devices

---
Makefile.tools | 3 +-
tools/hciattach.c | 9 ++
tools/hciattach.h | 4 +
tools/hciattach_qualcomm.c | 279
++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 294 insertions(+), 1 deletions(-)
create mode 100644 tools/hciattach_qualcomm.c

diff --git a/Makefile.tools b/Makefile.tools
index 2735d68..7b92c8f 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -23,7 +23,8 @@ tools_l2ping_LDADD = lib/libbluetooth.la
tools_hciattach_SOURCES = tools/hciattach.c tools/hciattach.h \
tools/hciattach_st.c \
tools/hciattach_ti.c \
- tools/hciattach_tialt.c
+ tools/hciattach_tialt.c \
+ tools/hciattach_qualcomm.c
tools_hciattach_LDADD = lib/libbluetooth.la

tools_hciconfig_SOURCES = tools/hciconfig.c tools/csr.h tools/csr.c \
diff --git a/tools/hciattach.c b/tools/hciattach.c
index 364c5ff..d6aafbe 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -5,6 +5,7 @@
* Copyright (C) 2000-2001 Qualcomm Incorporated
* Copyright (C) 2002-2003 Maxim Krasnyansky <[email protected]>
* Copyright (C) 2002-2010 Marcel Holtmann <[email protected]>
+ * Copyright (C) 2010, Code Aurora Forum. All rights reserved.
*
*
* This program is free software; you can redistribute it and/or modify
@@ -299,6 +300,11 @@ static int texasalt(int fd, struct uart_t *u, struct
termios *ti)
return texasalt_init(fd, u->speed, ti);
}

+static int qualcomm(int fd, struct uart_t *u, struct termios *ti)
+{
+ return qualcomm_init(fd, u->speed, ti, u->bdaddr);
+}
+
static int read_check(int fd, void *buf, int count)
{
int res;
@@ -1071,6 +1077,9 @@ struct uart_t uart[] = {
/* Broadcom BCM2035 */
{ "bcm2035", 0x0A5C, 0x2035, HCI_UART_H4, 115200, 460800, FLOW_CTL,
NULL, bcm2035 },

+ /* QUALCOMM BTS */
+ { "qualcomm", 0x0000, 0x0000, HCI_UART_H4, 115200, 115200, FLOW_CTL,
NULL, qualcomm },
+
{ NULL, 0 }
};

diff --git a/tools/hciattach.h b/tools/hciattach.h
index 867563b..5c89013 100644
--- a/tools/hciattach.h
+++ b/tools/hciattach.h
@@ -3,6 +3,7 @@
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2003-2010 Marcel Holtmann <[email protected]>
+ * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
*
*
* This program is free software; you can redistribute it and/or modify
@@ -45,3 +46,6 @@ int texas_post(int fd, struct termios *ti);
int texasalt_init(int fd, int speed, struct termios *ti);
int stlc2500_init(int fd, bdaddr_t *bdaddr);
int bgb2xx_init(int dd, bdaddr_t *bdaddr);
+int qualcomm_init(int fd, int speed, struct termios *ti, const char
*bdaddr);
+
+
diff --git a/tools/hciattach_qualcomm.c b/tools/hciattach_qualcomm.c
new file mode 100644
index 0000000..31ca3c8
--- /dev/null
+++ b/tools/hciattach_qualcomm.c
@@ -0,0 +1,279 @@
+/*
+ *
+ * BlueZ - Bluetooth protocol stack for Linux
+ *
+ * Copyright (C) 2005-2010 Marcel Holtmann <[email protected]>
+ * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <syslog.h>
+#include <termios.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/poll.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+#include <bluetooth/hci_lib.h>
+
+#include "hciattach.h"
+
+#define FAILIF(x, args...) do { \
+ if (x) { \
+ fprintf(stderr, ##args); \
+ return -1; \
+ } \
+} while(0)
+
+typedef struct {
+ uint8_t uart_prefix;
+ hci_event_hdr hci_hdr;
+ evt_cmd_complete cmd_complete;
+ uint8_t status;
+ uint8_t data[16];
+} __attribute__((packed)) command_complete_t;
+
+
+static int read_command_complete(int fd, unsigned short opcode, unsigned
char len) {
+ command_complete_t resp;
+ unsigned char vsevent[512];
+ int n;
+
+ /* Read reply. */
+ n = read_hci_event(fd, vsevent, sizeof(vsevent));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(vsevent[1] != 0xFF, "Failed to read response");
+
+ n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
+ FAILIF(n < 0, "Failed to read response");
+
+ FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, /* event must be event-
complete */
+ "Error in response: not a cmd-complete event, "
+ "but 0x%02x!\n", resp.hci_hdr.evt);
+
+ FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
+ "Error in response: plen is not >= 4, but 0x%02x!\n",
+ resp.hci_hdr.plen);
+
+ /* cmd-complete event: opcode */
+ FAILIF(resp.cmd_complete.opcode != 0,
+ "Error in response: opcode is 0x%04x, not 0!",
+ resp.cmd_complete.opcode);
+
+ return resp.status == 0 ? 0 : -1;
+}
+
+static int qualcomm_load_firmware(int fd, const char *firmware, const
char *
bdaddr_s) {
+
+ int fw = open(firmware, O_RDONLY);
+
+ fprintf(stdout, "Opening firmware file: %s\n", firmware);
+
+ FAILIF(fw < 0,
+ "Could not open firmware file %s: %s (%d).\n",
+ firmware, strerror(errno), errno);
+
+ fprintf(stdout, "Uploading firmware...\n");
+ do {
+ /* Read each command and wait for a response. */
+ unsigned char data[1024];
+ unsigned char cmdp[1 + sizeof(hci_command_hdr)];
+ hci_command_hdr *cmd = (hci_command_hdr *)(cmdp + 1);
+ int nr;
+ nr = read(fw, cmdp, sizeof(cmdp));
+ if (!nr)
+ break;
+ FAILIF(nr != sizeof(cmdp), "Could not read H4 + HCI header!\n");
+ FAILIF(*cmdp != HCI_COMMAND_PKT, "Command is not an H4 command
packet!\n");
+
+ FAILIF(read(fw, data, cmd->plen) != cmd->plen,
+ "Could not read %d bytes of data for command with opcode %04x!\n",
+ cmd->plen,
+ cmd->opcode);
+
+ if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
+ bdaddr_t bdaddr;
+ if (bdaddr_s != NULL) {
+ (void) str2ba(bdaddr_s, &bdaddr);
+ memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
+ }
+ }
+
+ {
+ int nw;
+ struct iovec iov_cmd[2];
+ iov_cmd[0].iov_base = cmdp;
+ iov_cmd[0].iov_len = sizeof(cmdp);
+ iov_cmd[1].iov_base = data;
+ iov_cmd[1].iov_len = cmd->plen;
+ nw = writev(fd, iov_cmd, 2);
+ FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
+ "Could not send entire command (sent only %d bytes)!\n",
+ nw);
+ }
+
+ /* Wait for response */
+ if (read_command_complete(fd,
+ cmd->opcode,
+ cmd->plen) < 0) {
+ return -1;
+ }
+
+ } while(1);
+ fprintf(stdout, "Firmware upload successful.\n");
+
+ close(fw);
+ return 0;
+}
+
+int qualcomm_init(int fd, int speed, struct termios *ti, const char
*bdaddr)
+{
+ struct timespec tm = {0, 50000};
+ char cmd[5];
+ unsigned char resp[100]; /* Response */
+ char fw[100];
+ int n;
+
+ memset(resp,'\0', 100);
+
+ /* Get Manufacturer and LMP version */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x01;
+ cmd[2] = 0x10;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write init command (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d.
Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response (READ_LOCAL_VERSION_INFORMATION)");
+ return -1;
+ }
+
+ /* Wait for command complete event for our Opcode */
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ /* Verify manufacturer */
+ if ((resp[11] & 0xFF) != 0x1d)
+ fprintf(stderr,"WARNING : module's manufacturer is not Qualcomm\n");
+
+ /* Print LMP version */
+ fprintf(stderr, "Qualcomm module LMP version : 0x%02x\n", resp[10] &
0xFF);
+
+ /* Print LMP subversion */
+ {
+ unsigned short lmp_subv = resp[13] | (resp[14] << 8);
+
+ fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n", lmp_subv);
+
+ }
+
+ /* Get SoC type */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x00;
+ cmd[2] = 0xFC;
+ cmd[3] = 0x01;
+ cmd[4] = 0x06;
+
+ do {
+ n = write(fd, cmd, 5);
+ if (n < 0) {
+ perror("Failed to write init command");
+ return -1;
+ }
+ if (n < 5) {
+ fprintf(stderr, "Wanted to write 5 bytes, could only write %d.
Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ } while (resp[3] != 0 && resp[4] != 2);
+
+ snprintf(fw, sizeof(fw),
+ "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
+ resp[18], resp[19], resp[20], resp[21],
+ resp[22], resp[23],
+ resp[32], resp[33], resp[34], resp[35]);
+
+ /* Wait for command complete event for our Opcode */
+ if (read_hci_event(fd, resp, 100) < 0) {
+ perror("Failed to read init response");
+ return -1;
+ }
+
+ qualcomm_load_firmware(fd, fw, bdaddr);
+
+ /* Reset */
+ cmd[0] = HCI_COMMAND_PKT;
+ cmd[1] = 0x03;
+ cmd[2] = 0x0C;
+ cmd[3] = 0x00;
+
+ do {
+ n = write(fd, cmd, 4);
+ if (n < 0) {
+ perror("Failed to write reset command");
+ return -1;
+ }
+ if (n < 4) {
+ fprintf(stderr, "Wanted to write 4 bytes, could only write %d.
Stop\n", n);
+ return -1;
+ }
+
+ /* Read reply. */
+ if ((n = read_hci_event(fd, resp, 100)) < 0) {
+ perror("Failed to read reset response");
+ return -1;
+ }
+
+ } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
+
+ nanosleep(&tm, NULL);
+ return 0;
+}
--
1.6.3.3
--
Ron Shaffer
Employee of the Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.