1 /* 2 * 3 * Bluetooth support for Intel devices 4 * 5 * Copyright (C) 2015 Intel Corporation 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/firmware.h> 26 #include <linux/regmap.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 31 #include "btintel.h" 32 33 #define VERSION "0.1" 34 35 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 36 37 int btintel_check_bdaddr(struct hci_dev *hdev) 38 { 39 struct hci_rp_read_bd_addr *bda; 40 struct sk_buff *skb; 41 42 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 43 HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 int err = PTR_ERR(skb); 46 BT_ERR("%s: Reading Intel device address failed (%d)", 47 hdev->name, err); 48 return err; 49 } 50 51 if (skb->len != sizeof(*bda)) { 52 BT_ERR("%s: Intel device address length mismatch", hdev->name); 53 kfree_skb(skb); 54 return -EIO; 55 } 56 57 bda = (struct hci_rp_read_bd_addr *)skb->data; 58 59 /* For some Intel based controllers, the default Bluetooth device 60 * address 00:03:19:9E:8B:00 can be found. These controllers are 61 * fully operational, but have the danger of duplicate addresses 62 * and that in turn can cause problems with Bluetooth operation. 63 */ 64 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { 65 BT_ERR("%s: Found Intel default device address (%pMR)", 66 hdev->name, &bda->bdaddr); 67 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 68 } 69 70 kfree_skb(skb); 71 72 return 0; 73 } 74 EXPORT_SYMBOL_GPL(btintel_check_bdaddr); 75 76 int btintel_enter_mfg(struct hci_dev *hdev) 77 { 78 const u8 param[] = { 0x01, 0x00 }; 79 struct sk_buff *skb; 80 81 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 82 if (IS_ERR(skb)) { 83 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)", 84 PTR_ERR(skb)); 85 return PTR_ERR(skb); 86 } 87 kfree_skb(skb); 88 89 return 0; 90 } 91 EXPORT_SYMBOL_GPL(btintel_enter_mfg); 92 93 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched) 94 { 95 u8 param[] = { 0x00, 0x00 }; 96 struct sk_buff *skb; 97 98 /* The 2nd command parameter specifies the manufacturing exit method: 99 * 0x00: Just disable the manufacturing mode (0x00). 100 * 0x01: Disable manufacturing mode and reset with patches deactivated. 101 * 0x02: Disable manufacturing mode and reset with patches activated. 102 */ 103 if (reset) 104 param[1] |= patched ? 0x02 : 0x01; 105 106 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 107 if (IS_ERR(skb)) { 108 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)", 109 PTR_ERR(skb)); 110 return PTR_ERR(skb); 111 } 112 kfree_skb(skb); 113 114 return 0; 115 } 116 EXPORT_SYMBOL_GPL(btintel_exit_mfg); 117 118 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 119 { 120 struct sk_buff *skb; 121 int err; 122 123 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 124 if (IS_ERR(skb)) { 125 err = PTR_ERR(skb); 126 BT_ERR("%s: Changing Intel device address failed (%d)", 127 hdev->name, err); 128 return err; 129 } 130 kfree_skb(skb); 131 132 return 0; 133 } 134 EXPORT_SYMBOL_GPL(btintel_set_bdaddr); 135 136 int btintel_set_diag(struct hci_dev *hdev, bool enable) 137 { 138 struct sk_buff *skb; 139 u8 param[3]; 140 int err; 141 142 if (enable) { 143 param[0] = 0x03; 144 param[1] = 0x03; 145 param[2] = 0x03; 146 } else { 147 param[0] = 0x00; 148 param[1] = 0x00; 149 param[2] = 0x00; 150 } 151 152 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); 153 if (IS_ERR(skb)) { 154 err = PTR_ERR(skb); 155 if (err == -ENODATA) 156 goto done; 157 BT_ERR("%s: Changing Intel diagnostic mode failed (%d)", 158 hdev->name, err); 159 return err; 160 } 161 kfree_skb(skb); 162 163 done: 164 btintel_set_event_mask(hdev, enable); 165 return 0; 166 } 167 EXPORT_SYMBOL_GPL(btintel_set_diag); 168 169 int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) 170 { 171 int err, ret; 172 173 err = btintel_enter_mfg(hdev); 174 if (err) 175 return err; 176 177 ret = btintel_set_diag(hdev, enable); 178 179 err = btintel_exit_mfg(hdev, false, false); 180 if (err) 181 return err; 182 183 return ret; 184 } 185 EXPORT_SYMBOL_GPL(btintel_set_diag_mfg); 186 187 void btintel_hw_error(struct hci_dev *hdev, u8 code) 188 { 189 struct sk_buff *skb; 190 u8 type = 0x00; 191 192 BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code); 193 194 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 195 if (IS_ERR(skb)) { 196 BT_ERR("%s: Reset after hardware error failed (%ld)", 197 hdev->name, PTR_ERR(skb)); 198 return; 199 } 200 kfree_skb(skb); 201 202 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); 203 if (IS_ERR(skb)) { 204 BT_ERR("%s: Retrieving Intel exception info failed (%ld)", 205 hdev->name, PTR_ERR(skb)); 206 return; 207 } 208 209 if (skb->len != 13) { 210 BT_ERR("%s: Exception info size mismatch", hdev->name); 211 kfree_skb(skb); 212 return; 213 } 214 215 BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1)); 216 217 kfree_skb(skb); 218 } 219 EXPORT_SYMBOL_GPL(btintel_hw_error); 220 221 void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) 222 { 223 const char *variant; 224 225 switch (ver->fw_variant) { 226 case 0x06: 227 variant = "Bootloader"; 228 break; 229 case 0x23: 230 variant = "Firmware"; 231 break; 232 default: 233 return; 234 } 235 236 BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name, 237 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, 238 ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy); 239 } 240 EXPORT_SYMBOL_GPL(btintel_version_info); 241 242 int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, 243 const void *param) 244 { 245 while (plen > 0) { 246 struct sk_buff *skb; 247 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; 248 249 cmd_param[0] = fragment_type; 250 memcpy(cmd_param + 1, param, fragment_len); 251 252 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, 253 cmd_param, HCI_INIT_TIMEOUT); 254 if (IS_ERR(skb)) 255 return PTR_ERR(skb); 256 257 kfree_skb(skb); 258 259 plen -= fragment_len; 260 param += fragment_len; 261 } 262 263 return 0; 264 } 265 EXPORT_SYMBOL_GPL(btintel_secure_send); 266 267 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) 268 { 269 const struct firmware *fw; 270 struct sk_buff *skb; 271 const u8 *fw_ptr; 272 int err; 273 274 err = request_firmware_direct(&fw, ddc_name, &hdev->dev); 275 if (err < 0) { 276 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", 277 ddc_name, err); 278 return err; 279 } 280 281 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); 282 283 fw_ptr = fw->data; 284 285 /* DDC file contains one or more DDC structure which has 286 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). 287 */ 288 while (fw->size > fw_ptr - fw->data) { 289 u8 cmd_plen = fw_ptr[0] + sizeof(u8); 290 291 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, 292 HCI_INIT_TIMEOUT); 293 if (IS_ERR(skb)) { 294 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", 295 PTR_ERR(skb)); 296 release_firmware(fw); 297 return PTR_ERR(skb); 298 } 299 300 fw_ptr += cmd_plen; 301 kfree_skb(skb); 302 } 303 304 release_firmware(fw); 305 306 bt_dev_info(hdev, "Applying Intel DDC parameters completed"); 307 308 return 0; 309 } 310 EXPORT_SYMBOL_GPL(btintel_load_ddc_config); 311 312 int btintel_set_event_mask(struct hci_dev *hdev, bool debug) 313 { 314 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 315 struct sk_buff *skb; 316 int err; 317 318 if (debug) 319 mask[1] |= 0x62; 320 321 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); 322 if (IS_ERR(skb)) { 323 err = PTR_ERR(skb); 324 BT_ERR("%s: Setting Intel event mask failed (%d)", 325 hdev->name, err); 326 return err; 327 } 328 kfree_skb(skb); 329 330 return 0; 331 } 332 EXPORT_SYMBOL_GPL(btintel_set_event_mask); 333 334 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) 335 { 336 int err, ret; 337 338 err = btintel_enter_mfg(hdev); 339 if (err) 340 return err; 341 342 ret = btintel_set_event_mask(hdev, debug); 343 344 err = btintel_exit_mfg(hdev, false, false); 345 if (err) 346 return err; 347 348 return ret; 349 } 350 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); 351 352 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver) 353 { 354 struct sk_buff *skb; 355 356 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 357 if (IS_ERR(skb)) { 358 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 359 PTR_ERR(skb)); 360 return PTR_ERR(skb); 361 } 362 363 if (skb->len != sizeof(*ver)) { 364 bt_dev_err(hdev, "Intel version event size mismatch"); 365 kfree_skb(skb); 366 return -EILSEQ; 367 } 368 369 memcpy(ver, skb->data, sizeof(*ver)); 370 371 kfree_skb(skb); 372 373 return 0; 374 } 375 EXPORT_SYMBOL_GPL(btintel_read_version); 376 377 /* ------- REGMAP IBT SUPPORT ------- */ 378 379 #define IBT_REG_MODE_8BIT 0x00 380 #define IBT_REG_MODE_16BIT 0x01 381 #define IBT_REG_MODE_32BIT 0x02 382 383 struct regmap_ibt_context { 384 struct hci_dev *hdev; 385 __u16 op_write; 386 __u16 op_read; 387 }; 388 389 struct ibt_cp_reg_access { 390 __le32 addr; 391 __u8 mode; 392 __u8 len; 393 __u8 data[0]; 394 } __packed; 395 396 struct ibt_rp_reg_access { 397 __u8 status; 398 __le32 addr; 399 __u8 data[0]; 400 } __packed; 401 402 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, 403 void *val, size_t val_size) 404 { 405 struct regmap_ibt_context *ctx = context; 406 struct ibt_cp_reg_access cp; 407 struct ibt_rp_reg_access *rp; 408 struct sk_buff *skb; 409 int err = 0; 410 411 if (reg_size != sizeof(__le32)) 412 return -EINVAL; 413 414 switch (val_size) { 415 case 1: 416 cp.mode = IBT_REG_MODE_8BIT; 417 break; 418 case 2: 419 cp.mode = IBT_REG_MODE_16BIT; 420 break; 421 case 4: 422 cp.mode = IBT_REG_MODE_32BIT; 423 break; 424 default: 425 return -EINVAL; 426 } 427 428 /* regmap provides a little-endian formatted addr */ 429 cp.addr = *(__le32 *)addr; 430 cp.len = val_size; 431 432 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); 433 434 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, 435 HCI_CMD_TIMEOUT); 436 if (IS_ERR(skb)) { 437 err = PTR_ERR(skb); 438 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", 439 le32_to_cpu(cp.addr), err); 440 return err; 441 } 442 443 if (skb->len != sizeof(*rp) + val_size) { 444 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", 445 le32_to_cpu(cp.addr)); 446 err = -EINVAL; 447 goto done; 448 } 449 450 rp = (struct ibt_rp_reg_access *)skb->data; 451 452 if (rp->addr != cp.addr) { 453 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", 454 le32_to_cpu(rp->addr)); 455 err = -EINVAL; 456 goto done; 457 } 458 459 memcpy(val, rp->data, val_size); 460 461 done: 462 kfree_skb(skb); 463 return err; 464 } 465 466 static int regmap_ibt_gather_write(void *context, 467 const void *addr, size_t reg_size, 468 const void *val, size_t val_size) 469 { 470 struct regmap_ibt_context *ctx = context; 471 struct ibt_cp_reg_access *cp; 472 struct sk_buff *skb; 473 int plen = sizeof(*cp) + val_size; 474 u8 mode; 475 int err = 0; 476 477 if (reg_size != sizeof(__le32)) 478 return -EINVAL; 479 480 switch (val_size) { 481 case 1: 482 mode = IBT_REG_MODE_8BIT; 483 break; 484 case 2: 485 mode = IBT_REG_MODE_16BIT; 486 break; 487 case 4: 488 mode = IBT_REG_MODE_32BIT; 489 break; 490 default: 491 return -EINVAL; 492 } 493 494 cp = kmalloc(plen, GFP_KERNEL); 495 if (!cp) 496 return -ENOMEM; 497 498 /* regmap provides a little-endian formatted addr/value */ 499 cp->addr = *(__le32 *)addr; 500 cp->mode = mode; 501 cp->len = val_size; 502 memcpy(&cp->data, val, val_size); 503 504 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); 505 506 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); 507 if (IS_ERR(skb)) { 508 err = PTR_ERR(skb); 509 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", 510 le32_to_cpu(cp->addr), err); 511 goto done; 512 } 513 kfree_skb(skb); 514 515 done: 516 kfree(cp); 517 return err; 518 } 519 520 static int regmap_ibt_write(void *context, const void *data, size_t count) 521 { 522 /* data contains register+value, since we only support 32bit addr, 523 * minimum data size is 4 bytes. 524 */ 525 if (WARN_ONCE(count < 4, "Invalid register access")) 526 return -EINVAL; 527 528 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); 529 } 530 531 static void regmap_ibt_free_context(void *context) 532 { 533 kfree(context); 534 } 535 536 static struct regmap_bus regmap_ibt = { 537 .read = regmap_ibt_read, 538 .write = regmap_ibt_write, 539 .gather_write = regmap_ibt_gather_write, 540 .free_context = regmap_ibt_free_context, 541 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, 542 .val_format_endian_default = REGMAP_ENDIAN_LITTLE, 543 }; 544 545 /* Config is the same for all register regions */ 546 static const struct regmap_config regmap_ibt_cfg = { 547 .name = "btintel_regmap", 548 .reg_bits = 32, 549 .val_bits = 32, 550 }; 551 552 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, 553 u16 opcode_write) 554 { 555 struct regmap_ibt_context *ctx; 556 557 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, 558 opcode_write); 559 560 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 561 if (!ctx) 562 return ERR_PTR(-ENOMEM); 563 564 ctx->op_read = opcode_read; 565 ctx->op_write = opcode_write; 566 ctx->hdev = hdev; 567 568 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); 569 } 570 EXPORT_SYMBOL_GPL(btintel_regmap_init); 571 572 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 573 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 574 MODULE_VERSION(VERSION); 575 MODULE_LICENSE("GPL"); 576 MODULE_FIRMWARE("intel/ibt-11-5.sfi"); 577 MODULE_FIRMWARE("intel/ibt-11-5.ddc"); 578