btrtl.c 39 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Bluetooth support for Realtek devices
  4. *
  5. * Copyright (C) 2015 Endless Mobile, Inc.
  6. */
  7. #include <linux/module.h>
  8. #include <linux/firmware.h>
  9. #include <linux/unaligned.h>
  10. #include <linux/usb.h>
  11. #include <net/bluetooth/bluetooth.h>
  12. #include <net/bluetooth/hci_core.h>
  13. #include "btrtl.h"
  14. #define VERSION "0.1"
  15. #define RTL_CHIP_8723CS_CG 3
  16. #define RTL_CHIP_8723CS_VF 4
  17. #define RTL_CHIP_8723CS_XX 5
  18. #define RTL_EPATCH_SIGNATURE "Realtech"
  19. #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore"
  20. #define RTL_ROM_LMP_8703B 0x8703
  21. #define RTL_ROM_LMP_8723A 0x1200
  22. #define RTL_ROM_LMP_8723B 0x8723
  23. #define RTL_ROM_LMP_8821A 0x8821
  24. #define RTL_ROM_LMP_8761A 0x8761
  25. #define RTL_ROM_LMP_8822B 0x8822
  26. #define RTL_ROM_LMP_8852A 0x8852
  27. #define RTL_ROM_LMP_8851B 0x8851
  28. #define RTL_ROM_LMP_8922A 0x8922
  29. #define RTL_CONFIG_MAGIC 0x8723ab55
  30. #define RTL_VSC_OP_COREDUMP 0xfcff
  31. #define IC_MATCH_FL_LMPSUBV (1 << 0)
  32. #define IC_MATCH_FL_HCIREV (1 << 1)
  33. #define IC_MATCH_FL_HCIVER (1 << 2)
  34. #define IC_MATCH_FL_HCIBUS (1 << 3)
  35. #define IC_MATCH_FL_CHIP_TYPE (1 << 4)
  36. #define IC_INFO(lmps, hcir, hciv, bus) \
  37. .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \
  38. IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \
  39. .lmp_subver = (lmps), \
  40. .hci_rev = (hcir), \
  41. .hci_ver = (hciv), \
  42. .hci_bus = (bus)
  43. #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}})
  44. #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}})
  45. #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0xAD, 0x00, 0xb0}})
  46. #define RTL_PATCH_SNIPPETS 0x01
  47. #define RTL_PATCH_DUMMY_HEADER 0x02
  48. #define RTL_PATCH_SECURITY_HEADER 0x03
  49. enum btrtl_chip_id {
  50. CHIP_ID_8723A,
  51. CHIP_ID_8723B,
  52. CHIP_ID_8821A,
  53. CHIP_ID_8761A,
  54. CHIP_ID_8822B = 8,
  55. CHIP_ID_8723D,
  56. CHIP_ID_8821C,
  57. CHIP_ID_8822C = 13,
  58. CHIP_ID_8761B,
  59. CHIP_ID_8852A = 18,
  60. CHIP_ID_8852B = 20,
  61. CHIP_ID_8852C = 25,
  62. CHIP_ID_8851B = 36,
  63. CHIP_ID_8922A = 44,
  64. CHIP_ID_8852BT = 47,
  65. CHIP_ID_8761C = 51,
  66. };
  67. struct id_table {
  68. __u16 match_flags;
  69. __u16 lmp_subver;
  70. __u16 hci_rev;
  71. __u8 hci_ver;
  72. __u8 hci_bus;
  73. __u8 chip_type;
  74. bool config_needed;
  75. bool has_rom_version;
  76. bool has_msft_ext;
  77. char *fw_name;
  78. char *cfg_name;
  79. char *hw_info;
  80. };
  81. struct btrtl_device_info {
  82. const struct id_table *ic_info;
  83. u8 rom_version;
  84. u8 *fw_data;
  85. int fw_len;
  86. u8 *cfg_data;
  87. int cfg_len;
  88. bool drop_fw;
  89. int project_id;
  90. u8 key_id;
  91. struct list_head patch_subsecs;
  92. };
  93. static const struct id_table ic_id_table[] = {
  94. /* 8723A */
  95. { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
  96. .config_needed = false,
  97. .has_rom_version = false,
  98. .fw_name = "rtl_bt/rtl8723a_fw",
  99. .cfg_name = NULL,
  100. .hw_info = "rtl8723au" },
  101. /* 8723BS */
  102. { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
  103. .config_needed = true,
  104. .has_rom_version = true,
  105. .fw_name = "rtl_bt/rtl8723bs_fw",
  106. .cfg_name = "rtl_bt/rtl8723bs_config",
  107. .hw_info = "rtl8723bs" },
  108. /* 8723B */
  109. { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
  110. .config_needed = false,
  111. .has_rom_version = true,
  112. .fw_name = "rtl_bt/rtl8723b_fw",
  113. .cfg_name = "rtl_bt/rtl8723b_config",
  114. .hw_info = "rtl8723bu" },
  115. /* 8723CS-CG */
  116. { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
  117. IC_MATCH_FL_HCIBUS,
  118. .lmp_subver = RTL_ROM_LMP_8703B,
  119. .chip_type = RTL_CHIP_8723CS_CG,
  120. .hci_bus = HCI_UART,
  121. .config_needed = true,
  122. .has_rom_version = true,
  123. .fw_name = "rtl_bt/rtl8723cs_cg_fw",
  124. .cfg_name = "rtl_bt/rtl8723cs_cg_config",
  125. .hw_info = "rtl8723cs-cg" },
  126. /* 8723CS-VF */
  127. { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
  128. IC_MATCH_FL_HCIBUS,
  129. .lmp_subver = RTL_ROM_LMP_8703B,
  130. .chip_type = RTL_CHIP_8723CS_VF,
  131. .hci_bus = HCI_UART,
  132. .config_needed = true,
  133. .has_rom_version = true,
  134. .fw_name = "rtl_bt/rtl8723cs_vf_fw",
  135. .cfg_name = "rtl_bt/rtl8723cs_vf_config",
  136. .hw_info = "rtl8723cs-vf" },
  137. /* 8723CS-XX */
  138. { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
  139. IC_MATCH_FL_HCIBUS,
  140. .lmp_subver = RTL_ROM_LMP_8703B,
  141. .chip_type = RTL_CHIP_8723CS_XX,
  142. .hci_bus = HCI_UART,
  143. .config_needed = true,
  144. .has_rom_version = true,
  145. .fw_name = "rtl_bt/rtl8723cs_xx_fw",
  146. .cfg_name = "rtl_bt/rtl8723cs_xx_config",
  147. .hw_info = "rtl8723cs" },
  148. /* 8723D */
  149. { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
  150. .config_needed = true,
  151. .has_rom_version = true,
  152. .fw_name = "rtl_bt/rtl8723d_fw",
  153. .cfg_name = "rtl_bt/rtl8723d_config",
  154. .hw_info = "rtl8723du" },
  155. /* 8723DS */
  156. { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
  157. .config_needed = true,
  158. .has_rom_version = true,
  159. .fw_name = "rtl_bt/rtl8723ds_fw",
  160. .cfg_name = "rtl_bt/rtl8723ds_config",
  161. .hw_info = "rtl8723ds" },
  162. /* 8821A */
  163. { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
  164. .config_needed = false,
  165. .has_rom_version = true,
  166. .fw_name = "rtl_bt/rtl8821a_fw",
  167. .cfg_name = "rtl_bt/rtl8821a_config",
  168. .hw_info = "rtl8821au" },
  169. /* 8821C */
  170. { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
  171. .config_needed = false,
  172. .has_rom_version = true,
  173. .has_msft_ext = true,
  174. .fw_name = "rtl_bt/rtl8821c_fw",
  175. .cfg_name = "rtl_bt/rtl8821c_config",
  176. .hw_info = "rtl8821cu" },
  177. /* 8821CS */
  178. { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART),
  179. .config_needed = true,
  180. .has_rom_version = true,
  181. .has_msft_ext = true,
  182. .fw_name = "rtl_bt/rtl8821cs_fw",
  183. .cfg_name = "rtl_bt/rtl8821cs_config",
  184. .hw_info = "rtl8821cs" },
  185. /* 8761A */
  186. { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
  187. .config_needed = false,
  188. .has_rom_version = true,
  189. .fw_name = "rtl_bt/rtl8761a_fw",
  190. .cfg_name = "rtl_bt/rtl8761a_config",
  191. .hw_info = "rtl8761au" },
  192. /* 8761B */
  193. { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
  194. .config_needed = false,
  195. .has_rom_version = true,
  196. .has_msft_ext = true,
  197. .fw_name = "rtl_bt/rtl8761b_fw",
  198. .cfg_name = "rtl_bt/rtl8761b_config",
  199. .hw_info = "rtl8761btv" },
  200. /* 8761BU */
  201. { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
  202. .config_needed = false,
  203. .has_rom_version = true,
  204. .fw_name = "rtl_bt/rtl8761bu_fw",
  205. .cfg_name = "rtl_bt/rtl8761bu_config",
  206. .hw_info = "rtl8761bu" },
  207. /* 8761CU */
  208. { IC_INFO(RTL_ROM_LMP_8761A, 0x0e, 0, HCI_USB),
  209. .config_needed = false,
  210. .has_rom_version = true,
  211. .fw_name = "rtl_bt/rtl8761cu_fw",
  212. .cfg_name = "rtl_bt/rtl8761cu_config",
  213. .hw_info = "rtl8761cu" },
  214. /* 8822C with UART interface */
  215. { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
  216. .config_needed = true,
  217. .has_rom_version = true,
  218. .has_msft_ext = true,
  219. .fw_name = "rtl_bt/rtl8822cs_fw",
  220. .cfg_name = "rtl_bt/rtl8822cs_config",
  221. .hw_info = "rtl8822cs" },
  222. /* 8822C with UART interface */
  223. { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
  224. .config_needed = true,
  225. .has_rom_version = true,
  226. .has_msft_ext = true,
  227. .fw_name = "rtl_bt/rtl8822cs_fw",
  228. .cfg_name = "rtl_bt/rtl8822cs_config",
  229. .hw_info = "rtl8822cs" },
  230. /* 8822C with USB interface */
  231. { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
  232. .config_needed = false,
  233. .has_rom_version = true,
  234. .has_msft_ext = true,
  235. .fw_name = "rtl_bt/rtl8822cu_fw",
  236. .cfg_name = "rtl_bt/rtl8822cu_config",
  237. .hw_info = "rtl8822cu" },
  238. /* 8822B */
  239. { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
  240. .config_needed = true,
  241. .has_rom_version = true,
  242. .has_msft_ext = true,
  243. .fw_name = "rtl_bt/rtl8822b_fw",
  244. .cfg_name = "rtl_bt/rtl8822b_config",
  245. .hw_info = "rtl8822bu" },
  246. /* 8852A */
  247. { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
  248. .config_needed = false,
  249. .has_rom_version = true,
  250. .has_msft_ext = true,
  251. .fw_name = "rtl_bt/rtl8852au_fw",
  252. .cfg_name = "rtl_bt/rtl8852au_config",
  253. .hw_info = "rtl8852au" },
  254. /* 8852B with UART interface */
  255. { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART),
  256. .config_needed = true,
  257. .has_rom_version = true,
  258. .has_msft_ext = true,
  259. .fw_name = "rtl_bt/rtl8852bs_fw",
  260. .cfg_name = "rtl_bt/rtl8852bs_config",
  261. .hw_info = "rtl8852bs" },
  262. /* 8852B */
  263. { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
  264. .config_needed = false,
  265. .has_rom_version = true,
  266. .has_msft_ext = true,
  267. .fw_name = "rtl_bt/rtl8852bu_fw",
  268. .cfg_name = "rtl_bt/rtl8852bu_config",
  269. .hw_info = "rtl8852bu" },
  270. /* 8852C */
  271. { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
  272. .config_needed = false,
  273. .has_rom_version = true,
  274. .has_msft_ext = true,
  275. .fw_name = "rtl_bt/rtl8852cu_fw",
  276. .cfg_name = "rtl_bt/rtl8852cu_config",
  277. .hw_info = "rtl8852cu" },
  278. /* 8851B */
  279. { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB),
  280. .config_needed = false,
  281. .has_rom_version = true,
  282. .has_msft_ext = false,
  283. .fw_name = "rtl_bt/rtl8851bu_fw",
  284. .cfg_name = "rtl_bt/rtl8851bu_config",
  285. .hw_info = "rtl8851bu" },
  286. /* 8922A */
  287. { IC_INFO(RTL_ROM_LMP_8922A, 0xa, 0xc, HCI_USB),
  288. .config_needed = false,
  289. .has_rom_version = true,
  290. .has_msft_ext = true,
  291. .fw_name = "rtl_bt/rtl8922au_fw",
  292. .cfg_name = "rtl_bt/rtl8922au_config",
  293. .hw_info = "rtl8922au" },
  294. /* 8852BT/8852BE-VT */
  295. { IC_INFO(RTL_ROM_LMP_8852A, 0x87, 0xc, HCI_USB),
  296. .config_needed = false,
  297. .has_rom_version = true,
  298. .has_msft_ext = true,
  299. .fw_name = "rtl_bt/rtl8852btu_fw",
  300. .cfg_name = "rtl_bt/rtl8852btu_config",
  301. .hw_info = "rtl8852btu" },
  302. };
  303. static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
  304. u8 hci_ver, u8 hci_bus,
  305. u8 chip_type)
  306. {
  307. int i;
  308. for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
  309. if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
  310. (ic_id_table[i].lmp_subver != lmp_subver))
  311. continue;
  312. if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
  313. (ic_id_table[i].hci_rev != hci_rev))
  314. continue;
  315. if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
  316. (ic_id_table[i].hci_ver != hci_ver) &&
  317. (ic_id_table[i].hci_ver != 0))
  318. continue;
  319. if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
  320. (ic_id_table[i].hci_bus != hci_bus))
  321. continue;
  322. if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) &&
  323. (ic_id_table[i].chip_type != chip_type))
  324. continue;
  325. break;
  326. }
  327. if (i >= ARRAY_SIZE(ic_id_table))
  328. return NULL;
  329. return &ic_id_table[i];
  330. }
  331. static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
  332. {
  333. struct sk_buff *skb;
  334. skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
  335. HCI_INIT_TIMEOUT);
  336. if (IS_ERR(skb)) {
  337. rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
  338. PTR_ERR(skb));
  339. return skb;
  340. }
  341. if (skb->len != sizeof(struct hci_rp_read_local_version)) {
  342. rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
  343. kfree_skb(skb);
  344. return ERR_PTR(-EIO);
  345. }
  346. return skb;
  347. }
  348. static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
  349. {
  350. struct rtl_rom_version_evt *rom_version;
  351. struct sk_buff *skb;
  352. /* Read RTL ROM version command */
  353. skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
  354. if (IS_ERR(skb)) {
  355. rtl_dev_err(hdev, "Read ROM version failed (%ld)",
  356. PTR_ERR(skb));
  357. return PTR_ERR(skb);
  358. }
  359. if (skb->len != sizeof(*rom_version)) {
  360. rtl_dev_err(hdev, "version event length mismatch");
  361. kfree_skb(skb);
  362. return -EIO;
  363. }
  364. rom_version = (struct rtl_rom_version_evt *)skb->data;
  365. rtl_dev_info(hdev, "rom_version status=%x version=%x",
  366. rom_version->status, rom_version->version);
  367. *version = rom_version->version;
  368. kfree_skb(skb);
  369. return 0;
  370. }
  371. static int btrtl_vendor_read_reg16(struct hci_dev *hdev,
  372. struct rtl_vendor_cmd *cmd, u8 *rp)
  373. {
  374. struct sk_buff *skb;
  375. int err = 0;
  376. skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd,
  377. HCI_INIT_TIMEOUT);
  378. if (IS_ERR(skb)) {
  379. err = PTR_ERR(skb);
  380. rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err);
  381. return err;
  382. }
  383. if (skb->len != 3 || skb->data[0]) {
  384. bt_dev_err(hdev, "RTL: Read reg16 length mismatch");
  385. kfree_skb(skb);
  386. return -EIO;
  387. }
  388. if (rp)
  389. memcpy(rp, skb->data + 1, 2);
  390. kfree_skb(skb);
  391. return 0;
  392. }
  393. static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len)
  394. {
  395. void *data = iov->data;
  396. if (iov->len < len)
  397. return NULL;
  398. iov->data += len;
  399. iov->len -= len;
  400. return data;
  401. }
  402. static void btrtl_insert_ordered_subsec(struct rtl_subsection *node,
  403. struct btrtl_device_info *btrtl_dev)
  404. {
  405. struct list_head *pos;
  406. struct list_head *next;
  407. struct rtl_subsection *subsec;
  408. list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) {
  409. subsec = list_entry(pos, struct rtl_subsection, list);
  410. if (subsec->prio >= node->prio)
  411. break;
  412. }
  413. __list_add(&node->list, pos->prev, pos);
  414. }
  415. static int btrtl_parse_section(struct hci_dev *hdev,
  416. struct btrtl_device_info *btrtl_dev, u32 opcode,
  417. u8 *data, u32 len)
  418. {
  419. struct rtl_section_hdr *hdr;
  420. struct rtl_subsection *subsec;
  421. struct rtl_common_subsec *common_subsec;
  422. struct rtl_sec_hdr *sec_hdr;
  423. int i;
  424. u8 *ptr;
  425. u16 num_subsecs;
  426. u32 subsec_len;
  427. int rc = 0;
  428. struct rtl_iovec iov = {
  429. .data = data,
  430. .len = len,
  431. };
  432. hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
  433. if (!hdr)
  434. return -EINVAL;
  435. num_subsecs = le16_to_cpu(hdr->num);
  436. for (i = 0; i < num_subsecs; i++) {
  437. common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec));
  438. if (!common_subsec)
  439. break;
  440. subsec_len = le32_to_cpu(common_subsec->len);
  441. rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x",
  442. common_subsec->eco, subsec_len);
  443. ptr = rtl_iov_pull_data(&iov, subsec_len);
  444. if (!ptr)
  445. break;
  446. if (common_subsec->eco != btrtl_dev->rom_version + 1)
  447. continue;
  448. switch (opcode) {
  449. case RTL_PATCH_SECURITY_HEADER:
  450. sec_hdr = (void *)common_subsec;
  451. if (sec_hdr->key_id != btrtl_dev->key_id)
  452. continue;
  453. break;
  454. }
  455. subsec = kzalloc_obj(*subsec);
  456. if (!subsec)
  457. return -ENOMEM;
  458. subsec->opcode = opcode;
  459. subsec->prio = common_subsec->prio;
  460. subsec->len = subsec_len;
  461. subsec->data = ptr;
  462. btrtl_insert_ordered_subsec(subsec, btrtl_dev);
  463. rc += subsec_len;
  464. }
  465. return rc;
  466. }
  467. static int rtlbt_parse_firmware_v2(struct hci_dev *hdev,
  468. struct btrtl_device_info *btrtl_dev,
  469. unsigned char **_buf)
  470. {
  471. struct rtl_epatch_header_v2 *hdr;
  472. int rc;
  473. u8 key_id;
  474. u32 num_sections;
  475. struct rtl_section *section;
  476. struct rtl_subsection *entry, *tmp;
  477. u32 section_len;
  478. u32 opcode;
  479. int len = 0;
  480. int i;
  481. u8 *ptr;
  482. struct rtl_iovec iov = {
  483. .data = btrtl_dev->fw_data,
  484. .len = btrtl_dev->fw_len - 7, /* Cut the tail */
  485. };
  486. key_id = btrtl_dev->key_id;
  487. hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
  488. if (!hdr)
  489. return -EINVAL;
  490. num_sections = le32_to_cpu(hdr->num_sections);
  491. rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version),
  492. *((u32 *)(hdr->fw_version + 4)));
  493. for (i = 0; i < num_sections; i++) {
  494. section = rtl_iov_pull_data(&iov, sizeof(*section));
  495. if (!section)
  496. break;
  497. section_len = le32_to_cpu(section->len);
  498. opcode = le32_to_cpu(section->opcode);
  499. rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode);
  500. ptr = rtl_iov_pull_data(&iov, section_len);
  501. if (!ptr)
  502. break;
  503. switch (opcode) {
  504. case RTL_PATCH_SNIPPETS:
  505. rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
  506. ptr, section_len);
  507. break;
  508. case RTL_PATCH_SECURITY_HEADER:
  509. /* If key_id from chip is zero, ignore all security
  510. * headers.
  511. */
  512. if (!key_id)
  513. break;
  514. rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
  515. ptr, section_len);
  516. break;
  517. case RTL_PATCH_DUMMY_HEADER:
  518. rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
  519. ptr, section_len);
  520. break;
  521. default:
  522. rc = 0;
  523. break;
  524. }
  525. if (rc < 0) {
  526. rtl_dev_err(hdev, "RTL: Parse section (%u) err %d",
  527. opcode, rc);
  528. return rc;
  529. }
  530. len += rc;
  531. }
  532. if (!len)
  533. return -ENODATA;
  534. /* Allocate mem and copy all found subsecs. */
  535. ptr = kvmalloc(len, GFP_KERNEL);
  536. if (!ptr)
  537. return -ENOMEM;
  538. len = 0;
  539. list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
  540. rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x",
  541. entry->opcode, entry->data, entry->len);
  542. memcpy(ptr + len, entry->data, entry->len);
  543. len += entry->len;
  544. }
  545. if (!len) {
  546. kvfree(ptr);
  547. return -EPERM;
  548. }
  549. *_buf = ptr;
  550. return len;
  551. }
  552. static int rtlbt_parse_firmware(struct hci_dev *hdev,
  553. struct btrtl_device_info *btrtl_dev,
  554. unsigned char **_buf)
  555. {
  556. static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
  557. struct btrealtek_data *coredump_info = hci_get_priv(hdev);
  558. struct rtl_epatch_header *epatch_info;
  559. unsigned char *buf;
  560. int i, len;
  561. size_t min_size;
  562. u8 opcode, length, data;
  563. int project_id = -1;
  564. const unsigned char *fwptr, *chip_id_base;
  565. const unsigned char *patch_length_base, *patch_offset_base;
  566. u32 patch_offset = 0;
  567. u16 patch_length, num_patches;
  568. static const struct {
  569. __u16 lmp_subver;
  570. __u8 id;
  571. } project_id_to_lmp_subver[] = {
  572. { RTL_ROM_LMP_8723A, 0 },
  573. { RTL_ROM_LMP_8723B, 1 },
  574. { RTL_ROM_LMP_8821A, 2 },
  575. { RTL_ROM_LMP_8761A, 3 },
  576. { RTL_ROM_LMP_8703B, 7 },
  577. { RTL_ROM_LMP_8822B, 8 },
  578. { RTL_ROM_LMP_8723B, 9 }, /* 8723D */
  579. { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
  580. { RTL_ROM_LMP_8822B, 13 }, /* 8822C */
  581. { RTL_ROM_LMP_8761A, 14 }, /* 8761B */
  582. { RTL_ROM_LMP_8852A, 18 }, /* 8852A */
  583. { RTL_ROM_LMP_8852A, 20 }, /* 8852B */
  584. { RTL_ROM_LMP_8852A, 25 }, /* 8852C */
  585. { RTL_ROM_LMP_8851B, 36 }, /* 8851B */
  586. { RTL_ROM_LMP_8922A, 44 }, /* 8922A */
  587. { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */
  588. { RTL_ROM_LMP_8761A, 51 }, /* 8761C */
  589. };
  590. if (btrtl_dev->fw_len <= 8)
  591. return -EINVAL;
  592. if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8))
  593. min_size = sizeof(struct rtl_epatch_header) +
  594. sizeof(extension_sig) + 3;
  595. else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
  596. min_size = sizeof(struct rtl_epatch_header_v2) +
  597. sizeof(extension_sig) + 3;
  598. else
  599. return -EINVAL;
  600. if (btrtl_dev->fw_len < min_size)
  601. return -EINVAL;
  602. fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
  603. if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
  604. rtl_dev_err(hdev, "extension section signature mismatch");
  605. return -EINVAL;
  606. }
  607. /* Loop from the end of the firmware parsing instructions, until
  608. * we find an instruction that identifies the "project ID" for the
  609. * hardware supported by this firmware file.
  610. * Once we have that, we double-check that project_id is suitable
  611. * for the hardware we are working with.
  612. */
  613. while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
  614. opcode = *--fwptr;
  615. length = *--fwptr;
  616. data = *--fwptr;
  617. BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
  618. if (opcode == 0xff) /* EOF */
  619. break;
  620. if (length == 0) {
  621. rtl_dev_err(hdev, "found instruction with length 0");
  622. return -EINVAL;
  623. }
  624. if (opcode == 0 && length == 1) {
  625. project_id = data;
  626. break;
  627. }
  628. fwptr -= length;
  629. }
  630. if (project_id < 0) {
  631. rtl_dev_err(hdev, "failed to find version instruction");
  632. return -EINVAL;
  633. }
  634. /* Find project_id in table */
  635. for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
  636. if (project_id == project_id_to_lmp_subver[i].id) {
  637. btrtl_dev->project_id = project_id;
  638. break;
  639. }
  640. }
  641. if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
  642. rtl_dev_err(hdev, "unknown project id %d", project_id);
  643. return -EINVAL;
  644. }
  645. if (btrtl_dev->ic_info->lmp_subver !=
  646. project_id_to_lmp_subver[i].lmp_subver) {
  647. rtl_dev_err(hdev, "firmware is for %x but this is a %x",
  648. project_id_to_lmp_subver[i].lmp_subver,
  649. btrtl_dev->ic_info->lmp_subver);
  650. return -EINVAL;
  651. }
  652. if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) {
  653. if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
  654. return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf);
  655. rtl_dev_err(hdev, "bad EPATCH signature");
  656. return -EINVAL;
  657. }
  658. epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
  659. num_patches = le16_to_cpu(epatch_info->num_patches);
  660. BT_DBG("fw_version=%x, num_patches=%d",
  661. le32_to_cpu(epatch_info->fw_version), num_patches);
  662. coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version);
  663. /* After the rtl_epatch_header there is a funky patch metadata section.
  664. * Assuming 2 patches, the layout is:
  665. * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
  666. *
  667. * Find the right patch for this chip.
  668. */
  669. min_size += 8 * num_patches;
  670. if (btrtl_dev->fw_len < min_size)
  671. return -EINVAL;
  672. chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
  673. patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
  674. patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
  675. for (i = 0; i < num_patches; i++) {
  676. u16 chip_id = get_unaligned_le16(chip_id_base +
  677. (i * sizeof(u16)));
  678. if (chip_id == btrtl_dev->rom_version + 1) {
  679. patch_length = get_unaligned_le16(patch_length_base +
  680. (i * sizeof(u16)));
  681. patch_offset = get_unaligned_le32(patch_offset_base +
  682. (i * sizeof(u32)));
  683. break;
  684. }
  685. }
  686. if (!patch_offset) {
  687. rtl_dev_err(hdev, "didn't find patch for chip id %d",
  688. btrtl_dev->rom_version);
  689. return -EINVAL;
  690. }
  691. BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
  692. min_size = patch_offset + patch_length;
  693. if (btrtl_dev->fw_len < min_size)
  694. return -EINVAL;
  695. /* Copy the firmware into a new buffer and write the version at
  696. * the end.
  697. */
  698. len = patch_length;
  699. buf = kvmalloc(patch_length, GFP_KERNEL);
  700. if (!buf)
  701. return -ENOMEM;
  702. memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
  703. memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
  704. *_buf = buf;
  705. return len;
  706. }
  707. static int rtl_download_firmware(struct hci_dev *hdev,
  708. const unsigned char *data, int fw_len)
  709. {
  710. struct rtl_download_cmd *dl_cmd;
  711. int frag_num = fw_len / RTL_FRAG_LEN + 1;
  712. int frag_len = RTL_FRAG_LEN;
  713. int ret = 0;
  714. int i;
  715. int j = 0;
  716. struct sk_buff *skb;
  717. struct hci_rp_read_local_version *rp;
  718. dl_cmd = kmalloc_obj(*dl_cmd);
  719. if (!dl_cmd)
  720. return -ENOMEM;
  721. for (i = 0; i < frag_num; i++) {
  722. struct sk_buff *skb;
  723. dl_cmd->index = j++;
  724. if (dl_cmd->index == 0x7f)
  725. j = 1;
  726. if (i == (frag_num - 1)) {
  727. dl_cmd->index |= 0x80; /* data end */
  728. frag_len = fw_len % RTL_FRAG_LEN;
  729. }
  730. rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i,
  731. frag_num, dl_cmd->index);
  732. memcpy(dl_cmd->data, data, frag_len);
  733. /* Send download command */
  734. skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
  735. HCI_INIT_TIMEOUT);
  736. if (IS_ERR(skb)) {
  737. rtl_dev_err(hdev, "download fw command failed (%ld)",
  738. PTR_ERR(skb));
  739. ret = PTR_ERR(skb);
  740. goto out;
  741. }
  742. if (skb->len != sizeof(struct rtl_download_response)) {
  743. rtl_dev_err(hdev, "download fw event length mismatch");
  744. kfree_skb(skb);
  745. ret = -EIO;
  746. goto out;
  747. }
  748. kfree_skb(skb);
  749. data += RTL_FRAG_LEN;
  750. }
  751. skb = btrtl_read_local_version(hdev);
  752. if (IS_ERR(skb)) {
  753. ret = PTR_ERR(skb);
  754. rtl_dev_err(hdev, "read local version failed");
  755. goto out;
  756. }
  757. rp = (struct hci_rp_read_local_version *)skb->data;
  758. rtl_dev_info(hdev, "fw version 0x%04x%04x",
  759. __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
  760. kfree_skb(skb);
  761. out:
  762. kfree(dl_cmd);
  763. return ret;
  764. }
  765. static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
  766. {
  767. const struct firmware *fw;
  768. int ret;
  769. rtl_dev_info(hdev, "loading %s", name);
  770. ret = request_firmware(&fw, name, &hdev->dev);
  771. if (ret < 0)
  772. return ret;
  773. ret = fw->size;
  774. *buff = kvmemdup(fw->data, fw->size, GFP_KERNEL);
  775. if (!*buff)
  776. ret = -ENOMEM;
  777. release_firmware(fw);
  778. return ret;
  779. }
  780. static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
  781. struct btrtl_device_info *btrtl_dev)
  782. {
  783. if (btrtl_dev->fw_len < 8)
  784. return -EINVAL;
  785. /* Check that the firmware doesn't have the epatch signature
  786. * (which is only for RTL8723B and newer).
  787. */
  788. if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
  789. rtl_dev_err(hdev, "unexpected EPATCH signature!");
  790. return -EINVAL;
  791. }
  792. return rtl_download_firmware(hdev, btrtl_dev->fw_data,
  793. btrtl_dev->fw_len);
  794. }
  795. static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
  796. struct btrtl_device_info *btrtl_dev)
  797. {
  798. unsigned char *fw_data = NULL;
  799. int ret;
  800. u8 *tbuff;
  801. ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
  802. if (ret < 0)
  803. goto out;
  804. if (btrtl_dev->cfg_len > 0) {
  805. tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
  806. if (!tbuff) {
  807. ret = -ENOMEM;
  808. goto out;
  809. }
  810. memcpy(tbuff, fw_data, ret);
  811. kvfree(fw_data);
  812. memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
  813. ret += btrtl_dev->cfg_len;
  814. fw_data = tbuff;
  815. }
  816. rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
  817. ret = rtl_download_firmware(hdev, fw_data, ret);
  818. out:
  819. kvfree(fw_data);
  820. return ret;
  821. }
  822. static void btrtl_coredump(struct hci_dev *hdev)
  823. {
  824. static const u8 param[] = { 0x00, 0x00 };
  825. __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param);
  826. }
  827. static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
  828. {
  829. struct btrealtek_data *coredump_info = hci_get_priv(hdev);
  830. char buf[80];
  831. if (coredump_info->rtl_dump.controller)
  832. snprintf(buf, sizeof(buf), "Controller Name: %s\n",
  833. coredump_info->rtl_dump.controller);
  834. else
  835. snprintf(buf, sizeof(buf), "Controller Name: Unknown\n");
  836. skb_put_data(skb, buf, strlen(buf));
  837. snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
  838. coredump_info->rtl_dump.fw_version);
  839. skb_put_data(skb, buf, strlen(buf));
  840. snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name);
  841. skb_put_data(skb, buf, strlen(buf));
  842. snprintf(buf, sizeof(buf), "Vendor: Realtek\n");
  843. skb_put_data(skb, buf, strlen(buf));
  844. }
  845. static void btrtl_register_devcoredump_support(struct hci_dev *hdev)
  846. {
  847. hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL);
  848. }
  849. void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name)
  850. {
  851. struct btrealtek_data *coredump_info = hci_get_priv(hdev);
  852. coredump_info->rtl_dump.driver_name = driver_name;
  853. }
  854. EXPORT_SYMBOL_GPL(btrtl_set_driver_name);
  855. static bool rtl_has_chip_type(u16 lmp_subver)
  856. {
  857. switch (lmp_subver) {
  858. case RTL_ROM_LMP_8703B:
  859. return true;
  860. default:
  861. break;
  862. }
  863. return false;
  864. }
  865. static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type)
  866. {
  867. struct rtl_chip_type_evt *chip_type;
  868. struct sk_buff *skb;
  869. const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0};
  870. /* Read RTL chip type command */
  871. skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT);
  872. if (IS_ERR(skb)) {
  873. rtl_dev_err(hdev, "Read chip type failed (%ld)",
  874. PTR_ERR(skb));
  875. return PTR_ERR(skb);
  876. }
  877. chip_type = skb_pull_data(skb, sizeof(*chip_type));
  878. if (!chip_type) {
  879. rtl_dev_err(hdev, "RTL chip type event length mismatch");
  880. kfree_skb(skb);
  881. return -EIO;
  882. }
  883. rtl_dev_info(hdev, "chip_type status=%x type=%x",
  884. chip_type->status, chip_type->type);
  885. *type = chip_type->type & 0x0f;
  886. kfree_skb(skb);
  887. return 0;
  888. }
  889. void btrtl_free(struct btrtl_device_info *btrtl_dev)
  890. {
  891. struct rtl_subsection *entry, *tmp;
  892. kvfree(btrtl_dev->fw_data);
  893. kvfree(btrtl_dev->cfg_data);
  894. list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
  895. list_del(&entry->list);
  896. kfree(entry);
  897. }
  898. kfree(btrtl_dev);
  899. }
  900. EXPORT_SYMBOL_GPL(btrtl_free);
  901. struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
  902. const char *postfix)
  903. {
  904. struct btrealtek_data *coredump_info = hci_get_priv(hdev);
  905. struct btrtl_device_info *btrtl_dev;
  906. struct sk_buff *skb;
  907. struct hci_rp_read_local_version *resp;
  908. struct hci_command_hdr *cmd;
  909. char fw_name[40];
  910. char cfg_name[40];
  911. u16 hci_rev, lmp_subver;
  912. u8 hci_ver, lmp_ver, chip_type = 0;
  913. int ret;
  914. int rc;
  915. u8 key_id;
  916. u8 reg_val[2];
  917. btrtl_dev = kzalloc_obj(*btrtl_dev);
  918. if (!btrtl_dev) {
  919. ret = -ENOMEM;
  920. goto err_alloc;
  921. }
  922. INIT_LIST_HEAD(&btrtl_dev->patch_subsecs);
  923. check_version:
  924. ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val);
  925. if (ret < 0)
  926. goto err_free;
  927. lmp_subver = get_unaligned_le16(reg_val);
  928. if (lmp_subver == RTL_ROM_LMP_8822B) {
  929. ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val);
  930. if (ret < 0)
  931. goto err_free;
  932. hci_rev = get_unaligned_le16(reg_val);
  933. /* 8822E */
  934. if (hci_rev == 0x000e) {
  935. hci_ver = 0x0c;
  936. lmp_ver = 0x0c;
  937. btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev,
  938. hci_ver, hdev->bus,
  939. chip_type);
  940. goto next;
  941. }
  942. }
  943. skb = btrtl_read_local_version(hdev);
  944. if (IS_ERR(skb)) {
  945. ret = PTR_ERR(skb);
  946. goto err_free;
  947. }
  948. resp = (struct hci_rp_read_local_version *)skb->data;
  949. hci_ver = resp->hci_ver;
  950. hci_rev = le16_to_cpu(resp->hci_rev);
  951. lmp_ver = resp->lmp_ver;
  952. lmp_subver = le16_to_cpu(resp->lmp_subver);
  953. kfree_skb(skb);
  954. if (rtl_has_chip_type(lmp_subver)) {
  955. ret = rtl_read_chip_type(hdev, &chip_type);
  956. if (ret)
  957. goto err_free;
  958. }
  959. btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
  960. hdev->bus, chip_type);
  961. next:
  962. rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
  963. hci_ver, hci_rev,
  964. lmp_ver, lmp_subver);
  965. if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw)
  966. btrtl_dev->drop_fw = true;
  967. else
  968. btrtl_dev->drop_fw = false;
  969. if (btrtl_dev->drop_fw) {
  970. skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL);
  971. if (!skb)
  972. goto err_free;
  973. cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE);
  974. cmd->opcode = cpu_to_le16(0xfc66);
  975. cmd->plen = 0;
  976. hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
  977. ret = hdev->send(hdev, skb);
  978. if (ret < 0) {
  979. bt_dev_err(hdev, "sending frame failed (%d)", ret);
  980. kfree_skb(skb);
  981. goto err_free;
  982. }
  983. /* Ensure the above vendor command is sent to controller and
  984. * process has done.
  985. */
  986. msleep(200);
  987. goto check_version;
  988. }
  989. if (!btrtl_dev->ic_info) {
  990. rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
  991. lmp_subver, hci_rev, hci_ver);
  992. return btrtl_dev;
  993. }
  994. if (btrtl_dev->ic_info->has_rom_version) {
  995. ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
  996. if (ret)
  997. goto err_free;
  998. }
  999. if (!btrtl_dev->ic_info->fw_name) {
  1000. ret = -ENOMEM;
  1001. goto err_free;
  1002. }
  1003. rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val);
  1004. if (rc < 0)
  1005. goto err_free;
  1006. key_id = reg_val[0];
  1007. btrtl_dev->key_id = key_id;
  1008. rtl_dev_info(hdev, "%s: key id %u", __func__, key_id);
  1009. btrtl_dev->fw_len = -EIO;
  1010. if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) {
  1011. snprintf(fw_name, sizeof(fw_name), "%s_v2.bin",
  1012. btrtl_dev->ic_info->fw_name);
  1013. btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
  1014. &btrtl_dev->fw_data);
  1015. }
  1016. if (btrtl_dev->fw_len < 0) {
  1017. snprintf(fw_name, sizeof(fw_name), "%s.bin",
  1018. btrtl_dev->ic_info->fw_name);
  1019. btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
  1020. &btrtl_dev->fw_data);
  1021. }
  1022. if (btrtl_dev->fw_len < 0) {
  1023. rtl_dev_err(hdev, "firmware file %s not found",
  1024. btrtl_dev->ic_info->fw_name);
  1025. ret = btrtl_dev->fw_len;
  1026. goto err_free;
  1027. }
  1028. if (btrtl_dev->ic_info->cfg_name && !btrtl_dev->key_id) {
  1029. if (postfix) {
  1030. snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
  1031. btrtl_dev->ic_info->cfg_name, postfix);
  1032. } else {
  1033. snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
  1034. btrtl_dev->ic_info->cfg_name);
  1035. }
  1036. btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
  1037. &btrtl_dev->cfg_data);
  1038. if (btrtl_dev->ic_info->config_needed &&
  1039. btrtl_dev->cfg_len <= 0) {
  1040. rtl_dev_err(hdev, "mandatory config file %s not found",
  1041. btrtl_dev->ic_info->cfg_name);
  1042. ret = btrtl_dev->cfg_len;
  1043. if (!ret)
  1044. ret = -EINVAL;
  1045. goto err_free;
  1046. }
  1047. }
  1048. /* The following chips supports the Microsoft vendor extension,
  1049. * therefore set the corresponding VsMsftOpCode.
  1050. */
  1051. if (btrtl_dev->ic_info->has_msft_ext)
  1052. hci_set_msft_opcode(hdev, 0xFCF0);
  1053. if (btrtl_dev->ic_info)
  1054. coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info;
  1055. return btrtl_dev;
  1056. err_free:
  1057. btrtl_free(btrtl_dev);
  1058. err_alloc:
  1059. return ERR_PTR(ret);
  1060. }
  1061. EXPORT_SYMBOL_GPL(btrtl_initialize);
  1062. int btrtl_download_firmware(struct hci_dev *hdev,
  1063. struct btrtl_device_info *btrtl_dev)
  1064. {
  1065. int err = 0;
  1066. /* Match a set of subver values that correspond to stock firmware,
  1067. * which is not compatible with standard btusb.
  1068. * If matched, upload an alternative firmware that does conform to
  1069. * standard btusb. Once that firmware is uploaded, the subver changes
  1070. * to a different value.
  1071. */
  1072. if (!btrtl_dev->ic_info) {
  1073. rtl_dev_info(hdev, "assuming no firmware upload needed");
  1074. err = 0;
  1075. goto done;
  1076. }
  1077. switch (btrtl_dev->ic_info->lmp_subver) {
  1078. case RTL_ROM_LMP_8723A:
  1079. err = btrtl_setup_rtl8723a(hdev, btrtl_dev);
  1080. break;
  1081. case RTL_ROM_LMP_8723B:
  1082. case RTL_ROM_LMP_8821A:
  1083. case RTL_ROM_LMP_8761A:
  1084. case RTL_ROM_LMP_8822B:
  1085. case RTL_ROM_LMP_8852A:
  1086. case RTL_ROM_LMP_8703B:
  1087. case RTL_ROM_LMP_8851B:
  1088. case RTL_ROM_LMP_8922A:
  1089. err = btrtl_setup_rtl8723b(hdev, btrtl_dev);
  1090. break;
  1091. default:
  1092. rtl_dev_info(hdev, "assuming no firmware upload needed");
  1093. break;
  1094. }
  1095. done:
  1096. btrtl_register_devcoredump_support(hdev);
  1097. return err;
  1098. }
  1099. EXPORT_SYMBOL_GPL(btrtl_download_firmware);
  1100. void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev)
  1101. {
  1102. /* Enable controller to do both LE scan and BR/EDR inquiry
  1103. * simultaneously.
  1104. */
  1105. hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY);
  1106. /* Enable central-peripheral role (able to create new connections with
  1107. * an existing connection in slave role).
  1108. */
  1109. /* Enable WBS supported for the specific Realtek devices. */
  1110. switch (btrtl_dev->project_id) {
  1111. case CHIP_ID_8822C:
  1112. case CHIP_ID_8852A:
  1113. case CHIP_ID_8852B:
  1114. case CHIP_ID_8852C:
  1115. case CHIP_ID_8851B:
  1116. case CHIP_ID_8922A:
  1117. case CHIP_ID_8852BT:
  1118. case CHIP_ID_8761C:
  1119. hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
  1120. /* RTL8852C needs to transmit mSBC data continuously without
  1121. * the zero length of USB packets for the ALT 6 supported chips
  1122. */
  1123. if (btrtl_dev->project_id == CHIP_ID_8852C)
  1124. btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
  1125. if (btrtl_dev->project_id == CHIP_ID_8852A ||
  1126. btrtl_dev->project_id == CHIP_ID_8852B ||
  1127. btrtl_dev->project_id == CHIP_ID_8852C)
  1128. hci_set_quirk(hdev,
  1129. HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER);
  1130. hci_set_aosp_capable(hdev);
  1131. break;
  1132. default:
  1133. rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
  1134. rtl_dev_dbg(hdev, "WBS supported not enabled.");
  1135. break;
  1136. }
  1137. if (!btrtl_dev->ic_info)
  1138. return;
  1139. switch (btrtl_dev->ic_info->lmp_subver) {
  1140. case RTL_ROM_LMP_8703B:
  1141. /* 8723CS reports two pages for local ext features,
  1142. * but it doesn't support any features from page 2 -
  1143. * it either responds with garbage or with error status
  1144. */
  1145. hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2);
  1146. break;
  1147. default:
  1148. break;
  1149. }
  1150. }
  1151. EXPORT_SYMBOL_GPL(btrtl_set_quirks);
  1152. int btrtl_setup_realtek(struct hci_dev *hdev)
  1153. {
  1154. struct btrtl_device_info *btrtl_dev;
  1155. int ret;
  1156. btrtl_dev = btrtl_initialize(hdev, NULL);
  1157. if (IS_ERR(btrtl_dev))
  1158. return PTR_ERR(btrtl_dev);
  1159. ret = btrtl_download_firmware(hdev, btrtl_dev);
  1160. btrtl_set_quirks(hdev, btrtl_dev);
  1161. if (btrtl_dev->ic_info) {
  1162. hci_set_hw_info(hdev,
  1163. "RTL lmp_subver=%u hci_rev=%u hci_ver=%u hci_bus=%u",
  1164. btrtl_dev->ic_info->lmp_subver,
  1165. btrtl_dev->ic_info->hci_rev,
  1166. btrtl_dev->ic_info->hci_ver,
  1167. btrtl_dev->ic_info->hci_bus);
  1168. }
  1169. btrtl_free(btrtl_dev);
  1170. return ret;
  1171. }
  1172. EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
  1173. int btrtl_shutdown_realtek(struct hci_dev *hdev)
  1174. {
  1175. struct sk_buff *skb;
  1176. int ret;
  1177. /* According to the vendor driver, BT must be reset on close to avoid
  1178. * firmware crash.
  1179. */
  1180. skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT);
  1181. if (IS_ERR(skb)) {
  1182. ret = PTR_ERR(skb);
  1183. bt_dev_err(hdev, "HCI reset during shutdown failed");
  1184. return ret;
  1185. }
  1186. kfree_skb(skb);
  1187. return 0;
  1188. }
  1189. EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
  1190. static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
  1191. {
  1192. switch (device_baudrate) {
  1193. case 0x0252a00a:
  1194. return 230400;
  1195. case 0x05f75004:
  1196. return 921600;
  1197. case 0x00005004:
  1198. return 1000000;
  1199. case 0x04928002:
  1200. case 0x01128002:
  1201. return 1500000;
  1202. case 0x00005002:
  1203. return 2000000;
  1204. case 0x0000b001:
  1205. return 2500000;
  1206. case 0x04928001:
  1207. return 3000000;
  1208. case 0x052a6001:
  1209. return 3500000;
  1210. case 0x00005001:
  1211. return 4000000;
  1212. case 0x0252c014:
  1213. default:
  1214. return 115200;
  1215. }
  1216. }
  1217. int btrtl_get_uart_settings(struct hci_dev *hdev,
  1218. struct btrtl_device_info *btrtl_dev,
  1219. unsigned int *controller_baudrate,
  1220. u32 *device_baudrate, bool *flow_control)
  1221. {
  1222. struct rtl_vendor_config *config;
  1223. struct rtl_vendor_config_entry *entry;
  1224. int i, total_data_len;
  1225. bool found = false;
  1226. total_data_len = btrtl_dev->cfg_len - sizeof(*config);
  1227. if (total_data_len <= 0) {
  1228. rtl_dev_warn(hdev, "no config loaded");
  1229. return -EINVAL;
  1230. }
  1231. config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
  1232. if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
  1233. rtl_dev_err(hdev, "invalid config magic");
  1234. return -EINVAL;
  1235. }
  1236. if (total_data_len < le16_to_cpu(config->total_len)) {
  1237. rtl_dev_err(hdev, "config is too short");
  1238. return -EINVAL;
  1239. }
  1240. for (i = 0; i < total_data_len; ) {
  1241. entry = ((void *)config->entry) + i;
  1242. switch (le16_to_cpu(entry->offset)) {
  1243. case 0xc:
  1244. if (entry->len < sizeof(*device_baudrate)) {
  1245. rtl_dev_err(hdev, "invalid UART config entry");
  1246. return -EINVAL;
  1247. }
  1248. *device_baudrate = get_unaligned_le32(entry->data);
  1249. *controller_baudrate = btrtl_convert_baudrate(
  1250. *device_baudrate);
  1251. if (entry->len >= 13)
  1252. *flow_control = !!(entry->data[12] & BIT(2));
  1253. else
  1254. *flow_control = false;
  1255. found = true;
  1256. break;
  1257. default:
  1258. rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
  1259. le16_to_cpu(entry->offset), entry->len);
  1260. break;
  1261. }
  1262. i += sizeof(*entry) + entry->len;
  1263. }
  1264. if (!found) {
  1265. rtl_dev_err(hdev, "no UART config entry found");
  1266. return -ENOENT;
  1267. }
  1268. rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
  1269. rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
  1270. rtl_dev_dbg(hdev, "flow control %d", *flow_control);
  1271. return 0;
  1272. }
  1273. EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
  1274. MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
  1275. MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
  1276. MODULE_VERSION(VERSION);
  1277. MODULE_LICENSE("GPL");
  1278. MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
  1279. MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
  1280. MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
  1281. MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
  1282. MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
  1283. MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin");
  1284. MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin");
  1285. MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin");
  1286. MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin");
  1287. MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin");
  1288. MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin");
  1289. MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin");
  1290. MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin");
  1291. MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
  1292. MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
  1293. MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
  1294. MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
  1295. MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin");
  1296. MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin");
  1297. MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin");
  1298. MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin");
  1299. MODULE_FIRMWARE("rtl_bt/rtl8761cu_fw.bin");
  1300. MODULE_FIRMWARE("rtl_bt/rtl8761cu_config.bin");
  1301. MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
  1302. MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
  1303. MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin");
  1304. MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin");
  1305. MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin");
  1306. MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin");
  1307. MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
  1308. MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
  1309. MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin");
  1310. MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin");
  1311. MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin");
  1312. MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin");
  1313. MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin");
  1314. MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin");
  1315. MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
  1316. MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
  1317. MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin");
  1318. MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin");
  1319. MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
  1320. MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
  1321. MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin");
  1322. MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin");
  1323. MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
  1324. MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin");
  1325. MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
  1326. MODULE_FIRMWARE("rtl_bt/rtl8922au_fw.bin");
  1327. MODULE_FIRMWARE("rtl_bt/rtl8922au_config.bin");