1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Bluetooth support for Realtek devices 4 * 5 * Copyright (C) 2015 Endless Mobile, Inc. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/firmware.h> 10 #include <asm/unaligned.h> 11 #include <linux/usb.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 16 #include "btrtl.h" 17 18 #define VERSION "0.1" 19 20 #define RTL_CHIP_8723CS_CG 3 21 #define RTL_CHIP_8723CS_VF 4 22 #define RTL_CHIP_8723CS_XX 5 23 #define RTL_EPATCH_SIGNATURE "Realtech" 24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore" 25 #define RTL_ROM_LMP_8703B 0x8703 26 #define RTL_ROM_LMP_8723A 0x1200 27 #define RTL_ROM_LMP_8723B 0x8723 28 #define RTL_ROM_LMP_8821A 0x8821 29 #define RTL_ROM_LMP_8761A 0x8761 30 #define RTL_ROM_LMP_8822B 0x8822 31 #define RTL_ROM_LMP_8852A 0x8852 32 #define RTL_ROM_LMP_8851B 0x8851 33 #define RTL_CONFIG_MAGIC 0x8723ab55 34 35 #define RTL_VSC_OP_COREDUMP 0xfcff 36 37 #define IC_MATCH_FL_LMPSUBV (1 << 0) 38 #define IC_MATCH_FL_HCIREV (1 << 1) 39 #define IC_MATCH_FL_HCIVER (1 << 2) 40 #define IC_MATCH_FL_HCIBUS (1 << 3) 41 #define IC_MATCH_FL_CHIP_TYPE (1 << 4) 42 #define IC_INFO(lmps, hcir, hciv, bus) \ 43 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ 44 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ 45 .lmp_subver = (lmps), \ 46 .hci_rev = (hcir), \ 47 .hci_ver = (hciv), \ 48 .hci_bus = (bus) 49 50 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}}) 51 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}}) 52 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}}) 53 54 #define RTL_PATCH_SNIPPETS 0x01 55 #define RTL_PATCH_DUMMY_HEADER 0x02 56 #define RTL_PATCH_SECURITY_HEADER 0x03 57 58 enum btrtl_chip_id { 59 CHIP_ID_8723A, 60 CHIP_ID_8723B, 61 CHIP_ID_8821A, 62 CHIP_ID_8761A, 63 CHIP_ID_8822B = 8, 64 CHIP_ID_8723D, 65 CHIP_ID_8821C, 66 CHIP_ID_8822C = 13, 67 CHIP_ID_8761B, 68 CHIP_ID_8852A = 18, 69 CHIP_ID_8852B = 20, 70 CHIP_ID_8852C = 25, 71 CHIP_ID_8851B = 36, 72 }; 73 74 struct id_table { 75 __u16 match_flags; 76 __u16 lmp_subver; 77 __u16 hci_rev; 78 __u8 hci_ver; 79 __u8 hci_bus; 80 __u8 chip_type; 81 bool config_needed; 82 bool has_rom_version; 83 bool has_msft_ext; 84 char *fw_name; 85 char *cfg_name; 86 char *hw_info; 87 }; 88 89 struct btrtl_device_info { 90 const struct id_table *ic_info; 91 u8 rom_version; 92 u8 *fw_data; 93 int fw_len; 94 u8 *cfg_data; 95 int cfg_len; 96 bool drop_fw; 97 int project_id; 98 u8 key_id; 99 struct list_head patch_subsecs; 100 }; 101 102 static const struct id_table ic_id_table[] = { 103 /* 8723A */ 104 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), 105 .config_needed = false, 106 .has_rom_version = false, 107 .fw_name = "rtl_bt/rtl8723a_fw", 108 .cfg_name = NULL, 109 .hw_info = "rtl8723au" }, 110 111 /* 8723BS */ 112 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), 113 .config_needed = true, 114 .has_rom_version = true, 115 .fw_name = "rtl_bt/rtl8723bs_fw", 116 .cfg_name = "rtl_bt/rtl8723bs_config", 117 .hw_info = "rtl8723bs" }, 118 119 /* 8723B */ 120 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), 121 .config_needed = false, 122 .has_rom_version = true, 123 .fw_name = "rtl_bt/rtl8723b_fw", 124 .cfg_name = "rtl_bt/rtl8723b_config", 125 .hw_info = "rtl8723bu" }, 126 127 /* 8723CS-CG */ 128 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 129 IC_MATCH_FL_HCIBUS, 130 .lmp_subver = RTL_ROM_LMP_8703B, 131 .chip_type = RTL_CHIP_8723CS_CG, 132 .hci_bus = HCI_UART, 133 .config_needed = true, 134 .has_rom_version = true, 135 .fw_name = "rtl_bt/rtl8723cs_cg_fw", 136 .cfg_name = "rtl_bt/rtl8723cs_cg_config", 137 .hw_info = "rtl8723cs-cg" }, 138 139 /* 8723CS-VF */ 140 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 141 IC_MATCH_FL_HCIBUS, 142 .lmp_subver = RTL_ROM_LMP_8703B, 143 .chip_type = RTL_CHIP_8723CS_VF, 144 .hci_bus = HCI_UART, 145 .config_needed = true, 146 .has_rom_version = true, 147 .fw_name = "rtl_bt/rtl8723cs_vf_fw", 148 .cfg_name = "rtl_bt/rtl8723cs_vf_config", 149 .hw_info = "rtl8723cs-vf" }, 150 151 /* 8723CS-XX */ 152 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 153 IC_MATCH_FL_HCIBUS, 154 .lmp_subver = RTL_ROM_LMP_8703B, 155 .chip_type = RTL_CHIP_8723CS_XX, 156 .hci_bus = HCI_UART, 157 .config_needed = true, 158 .has_rom_version = true, 159 .fw_name = "rtl_bt/rtl8723cs_xx_fw", 160 .cfg_name = "rtl_bt/rtl8723cs_xx_config", 161 .hw_info = "rtl8723cs" }, 162 163 /* 8723D */ 164 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), 165 .config_needed = true, 166 .has_rom_version = true, 167 .fw_name = "rtl_bt/rtl8723d_fw", 168 .cfg_name = "rtl_bt/rtl8723d_config", 169 .hw_info = "rtl8723du" }, 170 171 /* 8723DS */ 172 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), 173 .config_needed = true, 174 .has_rom_version = true, 175 .fw_name = "rtl_bt/rtl8723ds_fw", 176 .cfg_name = "rtl_bt/rtl8723ds_config", 177 .hw_info = "rtl8723ds" }, 178 179 /* 8821A */ 180 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), 181 .config_needed = false, 182 .has_rom_version = true, 183 .fw_name = "rtl_bt/rtl8821a_fw", 184 .cfg_name = "rtl_bt/rtl8821a_config", 185 .hw_info = "rtl8821au" }, 186 187 /* 8821C */ 188 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), 189 .config_needed = false, 190 .has_rom_version = true, 191 .has_msft_ext = true, 192 .fw_name = "rtl_bt/rtl8821c_fw", 193 .cfg_name = "rtl_bt/rtl8821c_config", 194 .hw_info = "rtl8821cu" }, 195 196 /* 8821CS */ 197 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART), 198 .config_needed = true, 199 .has_rom_version = true, 200 .has_msft_ext = true, 201 .fw_name = "rtl_bt/rtl8821cs_fw", 202 .cfg_name = "rtl_bt/rtl8821cs_config", 203 .hw_info = "rtl8821cs" }, 204 205 /* 8761A */ 206 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), 207 .config_needed = false, 208 .has_rom_version = true, 209 .fw_name = "rtl_bt/rtl8761a_fw", 210 .cfg_name = "rtl_bt/rtl8761a_config", 211 .hw_info = "rtl8761au" }, 212 213 /* 8761B */ 214 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART), 215 .config_needed = false, 216 .has_rom_version = true, 217 .has_msft_ext = true, 218 .fw_name = "rtl_bt/rtl8761b_fw", 219 .cfg_name = "rtl_bt/rtl8761b_config", 220 .hw_info = "rtl8761btv" }, 221 222 /* 8761BU */ 223 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), 224 .config_needed = false, 225 .has_rom_version = true, 226 .fw_name = "rtl_bt/rtl8761bu_fw", 227 .cfg_name = "rtl_bt/rtl8761bu_config", 228 .hw_info = "rtl8761bu" }, 229 230 /* 8822C with UART interface */ 231 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 232 .config_needed = true, 233 .has_rom_version = true, 234 .has_msft_ext = true, 235 .fw_name = "rtl_bt/rtl8822cs_fw", 236 .cfg_name = "rtl_bt/rtl8822cs_config", 237 .hw_info = "rtl8822cs" }, 238 239 /* 8822C with UART interface */ 240 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), 241 .config_needed = true, 242 .has_rom_version = true, 243 .has_msft_ext = true, 244 .fw_name = "rtl_bt/rtl8822cs_fw", 245 .cfg_name = "rtl_bt/rtl8822cs_config", 246 .hw_info = "rtl8822cs" }, 247 248 /* 8822C with USB interface */ 249 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), 250 .config_needed = false, 251 .has_rom_version = true, 252 .has_msft_ext = true, 253 .fw_name = "rtl_bt/rtl8822cu_fw", 254 .cfg_name = "rtl_bt/rtl8822cu_config", 255 .hw_info = "rtl8822cu" }, 256 257 /* 8822B */ 258 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), 259 .config_needed = true, 260 .has_rom_version = true, 261 .has_msft_ext = true, 262 .fw_name = "rtl_bt/rtl8822b_fw", 263 .cfg_name = "rtl_bt/rtl8822b_config", 264 .hw_info = "rtl8822bu" }, 265 266 /* 8852A */ 267 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), 268 .config_needed = false, 269 .has_rom_version = true, 270 .has_msft_ext = true, 271 .fw_name = "rtl_bt/rtl8852au_fw", 272 .cfg_name = "rtl_bt/rtl8852au_config", 273 .hw_info = "rtl8852au" }, 274 275 /* 8852B with UART interface */ 276 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART), 277 .config_needed = true, 278 .has_rom_version = true, 279 .has_msft_ext = true, 280 .fw_name = "rtl_bt/rtl8852bs_fw", 281 .cfg_name = "rtl_bt/rtl8852bs_config", 282 .hw_info = "rtl8852bs" }, 283 284 /* 8852B */ 285 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB), 286 .config_needed = false, 287 .has_rom_version = true, 288 .has_msft_ext = true, 289 .fw_name = "rtl_bt/rtl8852bu_fw", 290 .cfg_name = "rtl_bt/rtl8852bu_config", 291 .hw_info = "rtl8852bu" }, 292 293 /* 8852C */ 294 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB), 295 .config_needed = false, 296 .has_rom_version = true, 297 .has_msft_ext = true, 298 .fw_name = "rtl_bt/rtl8852cu_fw", 299 .cfg_name = "rtl_bt/rtl8852cu_config", 300 .hw_info = "rtl8852cu" }, 301 302 /* 8851B */ 303 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB), 304 .config_needed = false, 305 .has_rom_version = true, 306 .has_msft_ext = false, 307 .fw_name = "rtl_bt/rtl8851bu_fw", 308 .cfg_name = "rtl_bt/rtl8851bu_config", 309 .hw_info = "rtl8851bu" }, 310 }; 311 312 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, 313 u8 hci_ver, u8 hci_bus, 314 u8 chip_type) 315 { 316 int i; 317 318 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 319 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && 320 (ic_id_table[i].lmp_subver != lmp_subver)) 321 continue; 322 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && 323 (ic_id_table[i].hci_rev != hci_rev)) 324 continue; 325 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 326 (ic_id_table[i].hci_ver != hci_ver)) 327 continue; 328 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 329 (ic_id_table[i].hci_bus != hci_bus)) 330 continue; 331 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) && 332 (ic_id_table[i].chip_type != chip_type)) 333 continue; 334 335 break; 336 } 337 if (i >= ARRAY_SIZE(ic_id_table)) 338 return NULL; 339 340 return &ic_id_table[i]; 341 } 342 343 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) 344 { 345 struct sk_buff *skb; 346 347 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 348 HCI_INIT_TIMEOUT); 349 if (IS_ERR(skb)) { 350 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", 351 PTR_ERR(skb)); 352 return skb; 353 } 354 355 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 356 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); 357 kfree_skb(skb); 358 return ERR_PTR(-EIO); 359 } 360 361 return skb; 362 } 363 364 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 365 { 366 struct rtl_rom_version_evt *rom_version; 367 struct sk_buff *skb; 368 369 /* Read RTL ROM version command */ 370 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 371 if (IS_ERR(skb)) { 372 rtl_dev_err(hdev, "Read ROM version failed (%ld)", 373 PTR_ERR(skb)); 374 return PTR_ERR(skb); 375 } 376 377 if (skb->len != sizeof(*rom_version)) { 378 rtl_dev_err(hdev, "version event length mismatch"); 379 kfree_skb(skb); 380 return -EIO; 381 } 382 383 rom_version = (struct rtl_rom_version_evt *)skb->data; 384 rtl_dev_info(hdev, "rom_version status=%x version=%x", 385 rom_version->status, rom_version->version); 386 387 *version = rom_version->version; 388 389 kfree_skb(skb); 390 return 0; 391 } 392 393 static int btrtl_vendor_read_reg16(struct hci_dev *hdev, 394 struct rtl_vendor_cmd *cmd, u8 *rp) 395 { 396 struct sk_buff *skb; 397 int err = 0; 398 399 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd, 400 HCI_INIT_TIMEOUT); 401 if (IS_ERR(skb)) { 402 err = PTR_ERR(skb); 403 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err); 404 return err; 405 } 406 407 if (skb->len != 3 || skb->data[0]) { 408 bt_dev_err(hdev, "RTL: Read reg16 length mismatch"); 409 kfree_skb(skb); 410 return -EIO; 411 } 412 413 if (rp) 414 memcpy(rp, skb->data + 1, 2); 415 416 kfree_skb(skb); 417 418 return 0; 419 } 420 421 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) 422 { 423 void *data = iov->data; 424 425 if (iov->len < len) 426 return NULL; 427 428 iov->data += len; 429 iov->len -= len; 430 431 return data; 432 } 433 434 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node, 435 struct btrtl_device_info *btrtl_dev) 436 { 437 struct list_head *pos; 438 struct list_head *next; 439 struct rtl_subsection *subsec; 440 441 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) { 442 subsec = list_entry(pos, struct rtl_subsection, list); 443 if (subsec->prio >= node->prio) 444 break; 445 } 446 __list_add(&node->list, pos->prev, pos); 447 } 448 449 static int btrtl_parse_section(struct hci_dev *hdev, 450 struct btrtl_device_info *btrtl_dev, u32 opcode, 451 u8 *data, u32 len) 452 { 453 struct rtl_section_hdr *hdr; 454 struct rtl_subsection *subsec; 455 struct rtl_common_subsec *common_subsec; 456 struct rtl_sec_hdr *sec_hdr; 457 int i; 458 u8 *ptr; 459 u16 num_subsecs; 460 u32 subsec_len; 461 int rc = 0; 462 struct rtl_iovec iov = { 463 .data = data, 464 .len = len, 465 }; 466 467 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 468 if (!hdr) 469 return -EINVAL; 470 num_subsecs = le16_to_cpu(hdr->num); 471 472 for (i = 0; i < num_subsecs; i++) { 473 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec)); 474 if (!common_subsec) 475 break; 476 subsec_len = le32_to_cpu(common_subsec->len); 477 478 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x", 479 common_subsec->eco, subsec_len); 480 481 ptr = rtl_iov_pull_data(&iov, subsec_len); 482 if (!ptr) 483 break; 484 485 if (common_subsec->eco != btrtl_dev->rom_version + 1) 486 continue; 487 488 switch (opcode) { 489 case RTL_PATCH_SECURITY_HEADER: 490 sec_hdr = (void *)common_subsec; 491 if (sec_hdr->key_id != btrtl_dev->key_id) 492 continue; 493 break; 494 } 495 496 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL); 497 if (!subsec) 498 return -ENOMEM; 499 subsec->opcode = opcode; 500 subsec->prio = common_subsec->prio; 501 subsec->len = subsec_len; 502 subsec->data = ptr; 503 btrtl_insert_ordered_subsec(subsec, btrtl_dev); 504 rc += subsec_len; 505 } 506 507 return rc; 508 } 509 510 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev, 511 struct btrtl_device_info *btrtl_dev, 512 unsigned char **_buf) 513 { 514 struct rtl_epatch_header_v2 *hdr; 515 int rc; 516 u8 reg_val[2]; 517 u8 key_id; 518 u32 num_sections; 519 struct rtl_section *section; 520 struct rtl_subsection *entry, *tmp; 521 u32 section_len; 522 u32 opcode; 523 int len = 0; 524 int i; 525 u8 *ptr; 526 struct rtl_iovec iov = { 527 .data = btrtl_dev->fw_data, 528 .len = btrtl_dev->fw_len - 7, /* Cut the tail */ 529 }; 530 531 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val); 532 if (rc < 0) 533 return -EIO; 534 key_id = reg_val[0]; 535 536 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id); 537 538 btrtl_dev->key_id = key_id; 539 540 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 541 if (!hdr) 542 return -EINVAL; 543 num_sections = le32_to_cpu(hdr->num_sections); 544 545 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version), 546 *((u32 *)(hdr->fw_version + 4))); 547 548 for (i = 0; i < num_sections; i++) { 549 section = rtl_iov_pull_data(&iov, sizeof(*section)); 550 if (!section) 551 break; 552 section_len = le32_to_cpu(section->len); 553 opcode = le32_to_cpu(section->opcode); 554 555 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode); 556 557 ptr = rtl_iov_pull_data(&iov, section_len); 558 if (!ptr) 559 break; 560 561 switch (opcode) { 562 case RTL_PATCH_SNIPPETS: 563 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 564 ptr, section_len); 565 break; 566 case RTL_PATCH_SECURITY_HEADER: 567 /* If key_id from chip is zero, ignore all security 568 * headers. 569 */ 570 if (!key_id) 571 break; 572 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 573 ptr, section_len); 574 break; 575 case RTL_PATCH_DUMMY_HEADER: 576 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 577 ptr, section_len); 578 break; 579 default: 580 rc = 0; 581 break; 582 } 583 if (rc < 0) { 584 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d", 585 opcode, rc); 586 return rc; 587 } 588 len += rc; 589 } 590 591 if (!len) 592 return -ENODATA; 593 594 /* Allocate mem and copy all found subsecs. */ 595 ptr = kvmalloc(len, GFP_KERNEL); 596 if (!ptr) 597 return -ENOMEM; 598 599 len = 0; 600 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 601 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x", 602 entry->opcode, entry->data, entry->len); 603 memcpy(ptr + len, entry->data, entry->len); 604 len += entry->len; 605 } 606 607 if (!len) 608 return -EPERM; 609 610 *_buf = ptr; 611 return len; 612 } 613 614 static int rtlbt_parse_firmware(struct hci_dev *hdev, 615 struct btrtl_device_info *btrtl_dev, 616 unsigned char **_buf) 617 { 618 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 619 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 620 struct rtl_epatch_header *epatch_info; 621 unsigned char *buf; 622 int i, len; 623 size_t min_size; 624 u8 opcode, length, data; 625 int project_id = -1; 626 const unsigned char *fwptr, *chip_id_base; 627 const unsigned char *patch_length_base, *patch_offset_base; 628 u32 patch_offset = 0; 629 u16 patch_length, num_patches; 630 static const struct { 631 __u16 lmp_subver; 632 __u8 id; 633 } project_id_to_lmp_subver[] = { 634 { RTL_ROM_LMP_8723A, 0 }, 635 { RTL_ROM_LMP_8723B, 1 }, 636 { RTL_ROM_LMP_8821A, 2 }, 637 { RTL_ROM_LMP_8761A, 3 }, 638 { RTL_ROM_LMP_8703B, 7 }, 639 { RTL_ROM_LMP_8822B, 8 }, 640 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ 641 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 642 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ 643 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ 644 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ 645 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */ 646 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */ 647 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */ 648 }; 649 650 if (btrtl_dev->fw_len <= 8) 651 return -EINVAL; 652 653 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) 654 min_size = sizeof(struct rtl_epatch_header) + 655 sizeof(extension_sig) + 3; 656 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 657 min_size = sizeof(struct rtl_epatch_header_v2) + 658 sizeof(extension_sig) + 3; 659 else 660 return -EINVAL; 661 662 if (btrtl_dev->fw_len < min_size) 663 return -EINVAL; 664 665 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); 666 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 667 rtl_dev_err(hdev, "extension section signature mismatch"); 668 return -EINVAL; 669 } 670 671 /* Loop from the end of the firmware parsing instructions, until 672 * we find an instruction that identifies the "project ID" for the 673 * hardware supported by this firwmare file. 674 * Once we have that, we double-check that project_id is suitable 675 * for the hardware we are working with. 676 */ 677 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { 678 opcode = *--fwptr; 679 length = *--fwptr; 680 data = *--fwptr; 681 682 BT_DBG("check op=%x len=%x data=%x", opcode, length, data); 683 684 if (opcode == 0xff) /* EOF */ 685 break; 686 687 if (length == 0) { 688 rtl_dev_err(hdev, "found instruction with length 0"); 689 return -EINVAL; 690 } 691 692 if (opcode == 0 && length == 1) { 693 project_id = data; 694 break; 695 } 696 697 fwptr -= length; 698 } 699 700 if (project_id < 0) { 701 rtl_dev_err(hdev, "failed to find version instruction"); 702 return -EINVAL; 703 } 704 705 /* Find project_id in table */ 706 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { 707 if (project_id == project_id_to_lmp_subver[i].id) { 708 btrtl_dev->project_id = project_id; 709 break; 710 } 711 } 712 713 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 714 rtl_dev_err(hdev, "unknown project id %d", project_id); 715 return -EINVAL; 716 } 717 718 if (btrtl_dev->ic_info->lmp_subver != 719 project_id_to_lmp_subver[i].lmp_subver) { 720 rtl_dev_err(hdev, "firmware is for %x but this is a %x", 721 project_id_to_lmp_subver[i].lmp_subver, 722 btrtl_dev->ic_info->lmp_subver); 723 return -EINVAL; 724 } 725 726 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) { 727 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 728 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf); 729 rtl_dev_err(hdev, "bad EPATCH signature"); 730 return -EINVAL; 731 } 732 733 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; 734 num_patches = le16_to_cpu(epatch_info->num_patches); 735 736 BT_DBG("fw_version=%x, num_patches=%d", 737 le32_to_cpu(epatch_info->fw_version), num_patches); 738 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version); 739 740 /* After the rtl_epatch_header there is a funky patch metadata section. 741 * Assuming 2 patches, the layout is: 742 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 743 * 744 * Find the right patch for this chip. 745 */ 746 min_size += 8 * num_patches; 747 if (btrtl_dev->fw_len < min_size) 748 return -EINVAL; 749 750 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); 751 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 752 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 753 for (i = 0; i < num_patches; i++) { 754 u16 chip_id = get_unaligned_le16(chip_id_base + 755 (i * sizeof(u16))); 756 if (chip_id == btrtl_dev->rom_version + 1) { 757 patch_length = get_unaligned_le16(patch_length_base + 758 (i * sizeof(u16))); 759 patch_offset = get_unaligned_le32(patch_offset_base + 760 (i * sizeof(u32))); 761 break; 762 } 763 } 764 765 if (!patch_offset) { 766 rtl_dev_err(hdev, "didn't find patch for chip id %d", 767 btrtl_dev->rom_version); 768 return -EINVAL; 769 } 770 771 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 772 min_size = patch_offset + patch_length; 773 if (btrtl_dev->fw_len < min_size) 774 return -EINVAL; 775 776 /* Copy the firmware into a new buffer and write the version at 777 * the end. 778 */ 779 len = patch_length; 780 buf = kvmalloc(patch_length, GFP_KERNEL); 781 if (!buf) 782 return -ENOMEM; 783 784 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); 785 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); 786 787 *_buf = buf; 788 return len; 789 } 790 791 static int rtl_download_firmware(struct hci_dev *hdev, 792 const unsigned char *data, int fw_len) 793 { 794 struct rtl_download_cmd *dl_cmd; 795 int frag_num = fw_len / RTL_FRAG_LEN + 1; 796 int frag_len = RTL_FRAG_LEN; 797 int ret = 0; 798 int i; 799 int j = 0; 800 struct sk_buff *skb; 801 struct hci_rp_read_local_version *rp; 802 803 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL); 804 if (!dl_cmd) 805 return -ENOMEM; 806 807 for (i = 0; i < frag_num; i++) { 808 struct sk_buff *skb; 809 810 dl_cmd->index = j++; 811 if (dl_cmd->index == 0x7f) 812 j = 1; 813 814 if (i == (frag_num - 1)) { 815 dl_cmd->index |= 0x80; /* data end */ 816 frag_len = fw_len % RTL_FRAG_LEN; 817 } 818 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i, 819 frag_num, dl_cmd->index); 820 memcpy(dl_cmd->data, data, frag_len); 821 822 /* Send download command */ 823 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 824 HCI_INIT_TIMEOUT); 825 if (IS_ERR(skb)) { 826 rtl_dev_err(hdev, "download fw command failed (%ld)", 827 PTR_ERR(skb)); 828 ret = PTR_ERR(skb); 829 goto out; 830 } 831 832 if (skb->len != sizeof(struct rtl_download_response)) { 833 rtl_dev_err(hdev, "download fw event length mismatch"); 834 kfree_skb(skb); 835 ret = -EIO; 836 goto out; 837 } 838 839 kfree_skb(skb); 840 data += RTL_FRAG_LEN; 841 } 842 843 skb = btrtl_read_local_version(hdev); 844 if (IS_ERR(skb)) { 845 ret = PTR_ERR(skb); 846 rtl_dev_err(hdev, "read local version failed"); 847 goto out; 848 } 849 850 rp = (struct hci_rp_read_local_version *)skb->data; 851 rtl_dev_info(hdev, "fw version 0x%04x%04x", 852 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); 853 kfree_skb(skb); 854 855 out: 856 kfree(dl_cmd); 857 return ret; 858 } 859 860 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) 861 { 862 const struct firmware *fw; 863 int ret; 864 865 rtl_dev_info(hdev, "loading %s", name); 866 ret = request_firmware(&fw, name, &hdev->dev); 867 if (ret < 0) 868 return ret; 869 ret = fw->size; 870 *buff = kvmalloc(fw->size, GFP_KERNEL); 871 if (*buff) 872 memcpy(*buff, fw->data, ret); 873 else 874 ret = -ENOMEM; 875 876 release_firmware(fw); 877 878 return ret; 879 } 880 881 static int btrtl_setup_rtl8723a(struct hci_dev *hdev, 882 struct btrtl_device_info *btrtl_dev) 883 { 884 if (btrtl_dev->fw_len < 8) 885 return -EINVAL; 886 887 /* Check that the firmware doesn't have the epatch signature 888 * (which is only for RTL8723B and newer). 889 */ 890 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { 891 rtl_dev_err(hdev, "unexpected EPATCH signature!"); 892 return -EINVAL; 893 } 894 895 return rtl_download_firmware(hdev, btrtl_dev->fw_data, 896 btrtl_dev->fw_len); 897 } 898 899 static int btrtl_setup_rtl8723b(struct hci_dev *hdev, 900 struct btrtl_device_info *btrtl_dev) 901 { 902 unsigned char *fw_data = NULL; 903 int ret; 904 u8 *tbuff; 905 906 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); 907 if (ret < 0) 908 goto out; 909 910 if (btrtl_dev->cfg_len > 0) { 911 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); 912 if (!tbuff) { 913 ret = -ENOMEM; 914 goto out; 915 } 916 917 memcpy(tbuff, fw_data, ret); 918 kvfree(fw_data); 919 920 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); 921 ret += btrtl_dev->cfg_len; 922 923 fw_data = tbuff; 924 } 925 926 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); 927 928 ret = rtl_download_firmware(hdev, fw_data, ret); 929 930 out: 931 kvfree(fw_data); 932 return ret; 933 } 934 935 static void btrtl_coredump(struct hci_dev *hdev) 936 { 937 static const u8 param[] = { 0x00, 0x00 }; 938 939 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param); 940 } 941 942 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb) 943 { 944 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 945 char buf[80]; 946 947 if (coredump_info->rtl_dump.controller) 948 snprintf(buf, sizeof(buf), "Controller Name: %s\n", 949 coredump_info->rtl_dump.controller); 950 else 951 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n"); 952 skb_put_data(skb, buf, strlen(buf)); 953 954 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 955 coredump_info->rtl_dump.fw_version); 956 skb_put_data(skb, buf, strlen(buf)); 957 958 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name); 959 skb_put_data(skb, buf, strlen(buf)); 960 961 snprintf(buf, sizeof(buf), "Vendor: Realtek\n"); 962 skb_put_data(skb, buf, strlen(buf)); 963 } 964 965 static int btrtl_register_devcoredump_support(struct hci_dev *hdev) 966 { 967 int err; 968 969 err = hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL); 970 971 return err; 972 } 973 974 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name) 975 { 976 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 977 978 coredump_info->rtl_dump.driver_name = driver_name; 979 } 980 EXPORT_SYMBOL_GPL(btrtl_set_driver_name); 981 982 static bool rtl_has_chip_type(u16 lmp_subver) 983 { 984 switch (lmp_subver) { 985 case RTL_ROM_LMP_8703B: 986 return true; 987 default: 988 break; 989 } 990 991 return false; 992 } 993 994 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type) 995 { 996 struct rtl_chip_type_evt *chip_type; 997 struct sk_buff *skb; 998 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0}; 999 1000 /* Read RTL chip type command */ 1001 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT); 1002 if (IS_ERR(skb)) { 1003 rtl_dev_err(hdev, "Read chip type failed (%ld)", 1004 PTR_ERR(skb)); 1005 return PTR_ERR(skb); 1006 } 1007 1008 chip_type = skb_pull_data(skb, sizeof(*chip_type)); 1009 if (!chip_type) { 1010 rtl_dev_err(hdev, "RTL chip type event length mismatch"); 1011 kfree_skb(skb); 1012 return -EIO; 1013 } 1014 1015 rtl_dev_info(hdev, "chip_type status=%x type=%x", 1016 chip_type->status, chip_type->type); 1017 1018 *type = chip_type->type & 0x0f; 1019 1020 kfree_skb(skb); 1021 return 0; 1022 } 1023 1024 void btrtl_free(struct btrtl_device_info *btrtl_dev) 1025 { 1026 struct rtl_subsection *entry, *tmp; 1027 1028 kvfree(btrtl_dev->fw_data); 1029 kvfree(btrtl_dev->cfg_data); 1030 1031 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 1032 list_del(&entry->list); 1033 kfree(entry); 1034 } 1035 1036 kfree(btrtl_dev); 1037 } 1038 EXPORT_SYMBOL_GPL(btrtl_free); 1039 1040 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, 1041 const char *postfix) 1042 { 1043 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 1044 struct btrtl_device_info *btrtl_dev; 1045 struct sk_buff *skb; 1046 struct hci_rp_read_local_version *resp; 1047 struct hci_command_hdr *cmd; 1048 char fw_name[40]; 1049 char cfg_name[40]; 1050 u16 hci_rev, lmp_subver; 1051 u8 hci_ver, lmp_ver, chip_type = 0; 1052 int ret; 1053 u8 reg_val[2]; 1054 1055 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); 1056 if (!btrtl_dev) { 1057 ret = -ENOMEM; 1058 goto err_alloc; 1059 } 1060 1061 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); 1062 1063 check_version: 1064 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val); 1065 if (ret < 0) 1066 goto err_free; 1067 lmp_subver = get_unaligned_le16(reg_val); 1068 1069 if (lmp_subver == RTL_ROM_LMP_8822B) { 1070 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val); 1071 if (ret < 0) 1072 goto err_free; 1073 hci_rev = get_unaligned_le16(reg_val); 1074 1075 /* 8822E */ 1076 if (hci_rev == 0x000e) { 1077 hci_ver = 0x0c; 1078 lmp_ver = 0x0c; 1079 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, 1080 hci_ver, hdev->bus, 1081 chip_type); 1082 goto next; 1083 } 1084 } 1085 1086 skb = btrtl_read_local_version(hdev); 1087 if (IS_ERR(skb)) { 1088 ret = PTR_ERR(skb); 1089 goto err_free; 1090 } 1091 1092 resp = (struct hci_rp_read_local_version *)skb->data; 1093 1094 hci_ver = resp->hci_ver; 1095 hci_rev = le16_to_cpu(resp->hci_rev); 1096 lmp_ver = resp->lmp_ver; 1097 lmp_subver = le16_to_cpu(resp->lmp_subver); 1098 1099 kfree_skb(skb); 1100 1101 if (rtl_has_chip_type(lmp_subver)) { 1102 ret = rtl_read_chip_type(hdev, &chip_type); 1103 if (ret) 1104 goto err_free; 1105 } 1106 1107 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 1108 hdev->bus, chip_type); 1109 1110 next: 1111 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 1112 hci_ver, hci_rev, 1113 lmp_ver, lmp_subver); 1114 1115 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw) 1116 btrtl_dev->drop_fw = true; 1117 else 1118 btrtl_dev->drop_fw = false; 1119 1120 if (btrtl_dev->drop_fw) { 1121 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL); 1122 if (!skb) 1123 goto err_free; 1124 1125 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE); 1126 cmd->opcode = cpu_to_le16(0xfc66); 1127 cmd->plen = 0; 1128 1129 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 1130 1131 ret = hdev->send(hdev, skb); 1132 if (ret < 0) { 1133 bt_dev_err(hdev, "sending frame failed (%d)", ret); 1134 kfree_skb(skb); 1135 goto err_free; 1136 } 1137 1138 /* Ensure the above vendor command is sent to controller and 1139 * process has done. 1140 */ 1141 msleep(200); 1142 1143 goto check_version; 1144 } 1145 1146 if (!btrtl_dev->ic_info) { 1147 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", 1148 lmp_subver, hci_rev, hci_ver); 1149 return btrtl_dev; 1150 } 1151 1152 if (btrtl_dev->ic_info->has_rom_version) { 1153 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); 1154 if (ret) 1155 goto err_free; 1156 } 1157 1158 if (!btrtl_dev->ic_info->fw_name) { 1159 ret = -ENOMEM; 1160 goto err_free; 1161 } 1162 1163 btrtl_dev->fw_len = -EIO; 1164 if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) { 1165 snprintf(fw_name, sizeof(fw_name), "%s_v2.bin", 1166 btrtl_dev->ic_info->fw_name); 1167 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1168 &btrtl_dev->fw_data); 1169 } 1170 1171 if (btrtl_dev->fw_len < 0) { 1172 snprintf(fw_name, sizeof(fw_name), "%s.bin", 1173 btrtl_dev->ic_info->fw_name); 1174 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1175 &btrtl_dev->fw_data); 1176 } 1177 1178 if (btrtl_dev->fw_len < 0) { 1179 rtl_dev_err(hdev, "firmware file %s not found", 1180 btrtl_dev->ic_info->fw_name); 1181 ret = btrtl_dev->fw_len; 1182 goto err_free; 1183 } 1184 1185 if (btrtl_dev->ic_info->cfg_name) { 1186 if (postfix) { 1187 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", 1188 btrtl_dev->ic_info->cfg_name, postfix); 1189 } else { 1190 snprintf(cfg_name, sizeof(cfg_name), "%s.bin", 1191 btrtl_dev->ic_info->cfg_name); 1192 } 1193 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, 1194 &btrtl_dev->cfg_data); 1195 if (btrtl_dev->ic_info->config_needed && 1196 btrtl_dev->cfg_len <= 0) { 1197 rtl_dev_err(hdev, "mandatory config file %s not found", 1198 btrtl_dev->ic_info->cfg_name); 1199 ret = btrtl_dev->cfg_len; 1200 goto err_free; 1201 } 1202 } 1203 1204 /* The following chips supports the Microsoft vendor extension, 1205 * therefore set the corresponding VsMsftOpCode. 1206 */ 1207 if (btrtl_dev->ic_info->has_msft_ext) 1208 hci_set_msft_opcode(hdev, 0xFCF0); 1209 1210 if (btrtl_dev->ic_info) 1211 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info; 1212 1213 return btrtl_dev; 1214 1215 err_free: 1216 btrtl_free(btrtl_dev); 1217 err_alloc: 1218 return ERR_PTR(ret); 1219 } 1220 EXPORT_SYMBOL_GPL(btrtl_initialize); 1221 1222 int btrtl_download_firmware(struct hci_dev *hdev, 1223 struct btrtl_device_info *btrtl_dev) 1224 { 1225 int err = 0; 1226 1227 /* Match a set of subver values that correspond to stock firmware, 1228 * which is not compatible with standard btusb. 1229 * If matched, upload an alternative firmware that does conform to 1230 * standard btusb. Once that firmware is uploaded, the subver changes 1231 * to a different value. 1232 */ 1233 if (!btrtl_dev->ic_info) { 1234 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1235 err = 0; 1236 goto done; 1237 } 1238 1239 switch (btrtl_dev->ic_info->lmp_subver) { 1240 case RTL_ROM_LMP_8723A: 1241 err = btrtl_setup_rtl8723a(hdev, btrtl_dev); 1242 break; 1243 case RTL_ROM_LMP_8723B: 1244 case RTL_ROM_LMP_8821A: 1245 case RTL_ROM_LMP_8761A: 1246 case RTL_ROM_LMP_8822B: 1247 case RTL_ROM_LMP_8852A: 1248 case RTL_ROM_LMP_8703B: 1249 case RTL_ROM_LMP_8851B: 1250 err = btrtl_setup_rtl8723b(hdev, btrtl_dev); 1251 break; 1252 default: 1253 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1254 break; 1255 } 1256 1257 done: 1258 if (!err) 1259 err = btrtl_register_devcoredump_support(hdev); 1260 1261 return err; 1262 } 1263 EXPORT_SYMBOL_GPL(btrtl_download_firmware); 1264 1265 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) 1266 { 1267 /* Enable controller to do both LE scan and BR/EDR inquiry 1268 * simultaneously. 1269 */ 1270 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1271 1272 /* Enable central-peripheral role (able to create new connections with 1273 * an existing connection in slave role). 1274 */ 1275 /* Enable WBS supported for the specific Realtek devices. */ 1276 switch (btrtl_dev->project_id) { 1277 case CHIP_ID_8822C: 1278 case CHIP_ID_8852A: 1279 case CHIP_ID_8852B: 1280 case CHIP_ID_8852C: 1281 case CHIP_ID_8851B: 1282 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 1283 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 1284 1285 /* RTL8852C needs to transmit mSBC data continuously without 1286 * the zero length of USB packets for the ALT 6 supported chips 1287 */ 1288 if (btrtl_dev->project_id == CHIP_ID_8852C) 1289 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP); 1290 1291 if (btrtl_dev->project_id == CHIP_ID_8852A || 1292 btrtl_dev->project_id == CHIP_ID_8852C) 1293 set_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks); 1294 1295 hci_set_aosp_capable(hdev); 1296 break; 1297 default: 1298 rtl_dev_dbg(hdev, "Central-peripheral role not enabled."); 1299 rtl_dev_dbg(hdev, "WBS supported not enabled."); 1300 break; 1301 } 1302 1303 if (!btrtl_dev->ic_info) 1304 return; 1305 1306 switch (btrtl_dev->ic_info->lmp_subver) { 1307 case RTL_ROM_LMP_8703B: 1308 /* 8723CS reports two pages for local ext features, 1309 * but it doesn't support any features from page 2 - 1310 * it either responds with garbage or with error status 1311 */ 1312 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2, 1313 &hdev->quirks); 1314 break; 1315 default: 1316 break; 1317 } 1318 } 1319 EXPORT_SYMBOL_GPL(btrtl_set_quirks); 1320 1321 int btrtl_setup_realtek(struct hci_dev *hdev) 1322 { 1323 struct btrtl_device_info *btrtl_dev; 1324 int ret; 1325 1326 btrtl_dev = btrtl_initialize(hdev, NULL); 1327 if (IS_ERR(btrtl_dev)) 1328 return PTR_ERR(btrtl_dev); 1329 1330 ret = btrtl_download_firmware(hdev, btrtl_dev); 1331 1332 btrtl_set_quirks(hdev, btrtl_dev); 1333 1334 btrtl_free(btrtl_dev); 1335 return ret; 1336 } 1337 EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 1338 1339 int btrtl_shutdown_realtek(struct hci_dev *hdev) 1340 { 1341 struct sk_buff *skb; 1342 int ret; 1343 1344 /* According to the vendor driver, BT must be reset on close to avoid 1345 * firmware crash. 1346 */ 1347 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1348 if (IS_ERR(skb)) { 1349 ret = PTR_ERR(skb); 1350 bt_dev_err(hdev, "HCI reset during shutdown failed"); 1351 return ret; 1352 } 1353 kfree_skb(skb); 1354 1355 return 0; 1356 } 1357 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); 1358 1359 static unsigned int btrtl_convert_baudrate(u32 device_baudrate) 1360 { 1361 switch (device_baudrate) { 1362 case 0x0252a00a: 1363 return 230400; 1364 1365 case 0x05f75004: 1366 return 921600; 1367 1368 case 0x00005004: 1369 return 1000000; 1370 1371 case 0x04928002: 1372 case 0x01128002: 1373 return 1500000; 1374 1375 case 0x00005002: 1376 return 2000000; 1377 1378 case 0x0000b001: 1379 return 2500000; 1380 1381 case 0x04928001: 1382 return 3000000; 1383 1384 case 0x052a6001: 1385 return 3500000; 1386 1387 case 0x00005001: 1388 return 4000000; 1389 1390 case 0x0252c014: 1391 default: 1392 return 115200; 1393 } 1394 } 1395 1396 int btrtl_get_uart_settings(struct hci_dev *hdev, 1397 struct btrtl_device_info *btrtl_dev, 1398 unsigned int *controller_baudrate, 1399 u32 *device_baudrate, bool *flow_control) 1400 { 1401 struct rtl_vendor_config *config; 1402 struct rtl_vendor_config_entry *entry; 1403 int i, total_data_len; 1404 bool found = false; 1405 1406 total_data_len = btrtl_dev->cfg_len - sizeof(*config); 1407 if (total_data_len <= 0) { 1408 rtl_dev_warn(hdev, "no config loaded"); 1409 return -EINVAL; 1410 } 1411 1412 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; 1413 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { 1414 rtl_dev_err(hdev, "invalid config magic"); 1415 return -EINVAL; 1416 } 1417 1418 if (total_data_len < le16_to_cpu(config->total_len)) { 1419 rtl_dev_err(hdev, "config is too short"); 1420 return -EINVAL; 1421 } 1422 1423 for (i = 0; i < total_data_len; ) { 1424 entry = ((void *)config->entry) + i; 1425 1426 switch (le16_to_cpu(entry->offset)) { 1427 case 0xc: 1428 if (entry->len < sizeof(*device_baudrate)) { 1429 rtl_dev_err(hdev, "invalid UART config entry"); 1430 return -EINVAL; 1431 } 1432 1433 *device_baudrate = get_unaligned_le32(entry->data); 1434 *controller_baudrate = btrtl_convert_baudrate( 1435 *device_baudrate); 1436 1437 if (entry->len >= 13) 1438 *flow_control = !!(entry->data[12] & BIT(2)); 1439 else 1440 *flow_control = false; 1441 1442 found = true; 1443 break; 1444 1445 default: 1446 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", 1447 le16_to_cpu(entry->offset), entry->len); 1448 break; 1449 } 1450 1451 i += sizeof(*entry) + entry->len; 1452 } 1453 1454 if (!found) { 1455 rtl_dev_err(hdev, "no UART config entry found"); 1456 return -ENOENT; 1457 } 1458 1459 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); 1460 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); 1461 rtl_dev_dbg(hdev, "flow control %d", *flow_control); 1462 1463 return 0; 1464 } 1465 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); 1466 1467 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 1468 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 1469 MODULE_VERSION(VERSION); 1470 MODULE_LICENSE("GPL"); 1471 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); 1472 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); 1473 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); 1474 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); 1475 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); 1476 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin"); 1477 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin"); 1478 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin"); 1479 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin"); 1480 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin"); 1481 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin"); 1482 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin"); 1483 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin"); 1484 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); 1485 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); 1486 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); 1487 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); 1488 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin"); 1489 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin"); 1490 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin"); 1491 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin"); 1492 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 1493 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 1494 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin"); 1495 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin"); 1496 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin"); 1497 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin"); 1498 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); 1499 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); 1500 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin"); 1501 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin"); 1502 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin"); 1503 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin"); 1504 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin"); 1505 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin"); 1506 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); 1507 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); 1508 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin"); 1509 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin"); 1510 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); 1511 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); 1512 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); 1513 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin"); 1514 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin"); 1515