xref: /linux/drivers/bluetooth/btintel.c (revision 2bc46b3ad3c15165f91459b07ff8682478683194)
1 /*
2  *
3  *  Bluetooth support for Intel devices
4  *
5  *  Copyright (C) 2015  Intel Corporation
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/module.h>
25 #include <linux/firmware.h>
26 #include <linux/regmap.h>
27 
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 
31 #include "btintel.h"
32 
33 #define VERSION "0.1"
34 
35 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
36 
37 int btintel_check_bdaddr(struct hci_dev *hdev)
38 {
39 	struct hci_rp_read_bd_addr *bda;
40 	struct sk_buff *skb;
41 
42 	skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
43 			     HCI_INIT_TIMEOUT);
44 	if (IS_ERR(skb)) {
45 		int err = PTR_ERR(skb);
46 		BT_ERR("%s: Reading Intel device address failed (%d)",
47 		       hdev->name, err);
48 		return err;
49 	}
50 
51 	if (skb->len != sizeof(*bda)) {
52 		BT_ERR("%s: Intel device address length mismatch", hdev->name);
53 		kfree_skb(skb);
54 		return -EIO;
55 	}
56 
57 	bda = (struct hci_rp_read_bd_addr *)skb->data;
58 
59 	/* For some Intel based controllers, the default Bluetooth device
60 	 * address 00:03:19:9E:8B:00 can be found. These controllers are
61 	 * fully operational, but have the danger of duplicate addresses
62 	 * and that in turn can cause problems with Bluetooth operation.
63 	 */
64 	if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
65 		BT_ERR("%s: Found Intel default device address (%pMR)",
66 		       hdev->name, &bda->bdaddr);
67 		set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
68 	}
69 
70 	kfree_skb(skb);
71 
72 	return 0;
73 }
74 EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
75 
76 int btintel_enter_mfg(struct hci_dev *hdev)
77 {
78 	const u8 param[] = { 0x01, 0x00 };
79 	struct sk_buff *skb;
80 
81 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
82 	if (IS_ERR(skb)) {
83 		bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
84 			   PTR_ERR(skb));
85 		return PTR_ERR(skb);
86 	}
87 	kfree_skb(skb);
88 
89 	return 0;
90 }
91 EXPORT_SYMBOL_GPL(btintel_enter_mfg);
92 
93 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
94 {
95 	u8 param[] = { 0x00, 0x00 };
96 	struct sk_buff *skb;
97 
98 	/* The 2nd command parameter specifies the manufacturing exit method:
99 	 * 0x00: Just disable the manufacturing mode (0x00).
100 	 * 0x01: Disable manufacturing mode and reset with patches deactivated.
101 	 * 0x02: Disable manufacturing mode and reset with patches activated.
102 	 */
103 	if (reset)
104 		param[1] |= patched ? 0x02 : 0x01;
105 
106 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
107 	if (IS_ERR(skb)) {
108 		bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
109 			   PTR_ERR(skb));
110 		return PTR_ERR(skb);
111 	}
112 	kfree_skb(skb);
113 
114 	return 0;
115 }
116 EXPORT_SYMBOL_GPL(btintel_exit_mfg);
117 
118 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
119 {
120 	struct sk_buff *skb;
121 	int err;
122 
123 	skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
124 	if (IS_ERR(skb)) {
125 		err = PTR_ERR(skb);
126 		BT_ERR("%s: Changing Intel device address failed (%d)",
127 		       hdev->name, err);
128 		return err;
129 	}
130 	kfree_skb(skb);
131 
132 	return 0;
133 }
134 EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
135 
136 int btintel_set_diag(struct hci_dev *hdev, bool enable)
137 {
138 	struct sk_buff *skb;
139 	u8 param[3];
140 	int err;
141 
142 	if (enable) {
143 		param[0] = 0x03;
144 		param[1] = 0x03;
145 		param[2] = 0x03;
146 	} else {
147 		param[0] = 0x00;
148 		param[1] = 0x00;
149 		param[2] = 0x00;
150 	}
151 
152 	skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
153 	if (IS_ERR(skb)) {
154 		err = PTR_ERR(skb);
155 		if (err == -ENODATA)
156 			goto done;
157 		BT_ERR("%s: Changing Intel diagnostic mode failed (%d)",
158 		       hdev->name, err);
159 		return err;
160 	}
161 	kfree_skb(skb);
162 
163 done:
164 	btintel_set_event_mask(hdev, enable);
165 	return 0;
166 }
167 EXPORT_SYMBOL_GPL(btintel_set_diag);
168 
169 int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
170 {
171 	int err, ret;
172 
173 	err = btintel_enter_mfg(hdev);
174 	if (err)
175 		return err;
176 
177 	ret = btintel_set_diag(hdev, enable);
178 
179 	err = btintel_exit_mfg(hdev, false, false);
180 	if (err)
181 		return err;
182 
183 	return ret;
184 }
185 EXPORT_SYMBOL_GPL(btintel_set_diag_mfg);
186 
187 void btintel_hw_error(struct hci_dev *hdev, u8 code)
188 {
189 	struct sk_buff *skb;
190 	u8 type = 0x00;
191 
192 	BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code);
193 
194 	skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
195 	if (IS_ERR(skb)) {
196 		BT_ERR("%s: Reset after hardware error failed (%ld)",
197 		       hdev->name, PTR_ERR(skb));
198 		return;
199 	}
200 	kfree_skb(skb);
201 
202 	skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
203 	if (IS_ERR(skb)) {
204 		BT_ERR("%s: Retrieving Intel exception info failed (%ld)",
205 		       hdev->name, PTR_ERR(skb));
206 		return;
207 	}
208 
209 	if (skb->len != 13) {
210 		BT_ERR("%s: Exception info size mismatch", hdev->name);
211 		kfree_skb(skb);
212 		return;
213 	}
214 
215 	BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1));
216 
217 	kfree_skb(skb);
218 }
219 EXPORT_SYMBOL_GPL(btintel_hw_error);
220 
221 void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
222 {
223 	const char *variant;
224 
225 	switch (ver->fw_variant) {
226 	case 0x06:
227 		variant = "Bootloader";
228 		break;
229 	case 0x23:
230 		variant = "Firmware";
231 		break;
232 	default:
233 		return;
234 	}
235 
236 	BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name,
237 		variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
238 		ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy);
239 }
240 EXPORT_SYMBOL_GPL(btintel_version_info);
241 
242 int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
243 			const void *param)
244 {
245 	while (plen > 0) {
246 		struct sk_buff *skb;
247 		u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
248 
249 		cmd_param[0] = fragment_type;
250 		memcpy(cmd_param + 1, param, fragment_len);
251 
252 		skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
253 				     cmd_param, HCI_INIT_TIMEOUT);
254 		if (IS_ERR(skb))
255 			return PTR_ERR(skb);
256 
257 		kfree_skb(skb);
258 
259 		plen -= fragment_len;
260 		param += fragment_len;
261 	}
262 
263 	return 0;
264 }
265 EXPORT_SYMBOL_GPL(btintel_secure_send);
266 
267 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
268 {
269 	const struct firmware *fw;
270 	struct sk_buff *skb;
271 	const u8 *fw_ptr;
272 	int err;
273 
274 	err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
275 	if (err < 0) {
276 		bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
277 			   ddc_name, err);
278 		return err;
279 	}
280 
281 	bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
282 
283 	fw_ptr = fw->data;
284 
285 	/* DDC file contains one or more DDC structure which has
286 	 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
287 	 */
288 	while (fw->size > fw_ptr - fw->data) {
289 		u8 cmd_plen = fw_ptr[0] + sizeof(u8);
290 
291 		skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
292 				     HCI_INIT_TIMEOUT);
293 		if (IS_ERR(skb)) {
294 			bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
295 				   PTR_ERR(skb));
296 			release_firmware(fw);
297 			return PTR_ERR(skb);
298 		}
299 
300 		fw_ptr += cmd_plen;
301 		kfree_skb(skb);
302 	}
303 
304 	release_firmware(fw);
305 
306 	bt_dev_info(hdev, "Applying Intel DDC parameters completed");
307 
308 	return 0;
309 }
310 EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
311 
312 int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
313 {
314 	u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
315 	struct sk_buff *skb;
316 	int err;
317 
318 	if (debug)
319 		mask[1] |= 0x62;
320 
321 	skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
322 	if (IS_ERR(skb)) {
323 		err = PTR_ERR(skb);
324 		BT_ERR("%s: Setting Intel event mask failed (%d)",
325 		       hdev->name, err);
326 		return err;
327 	}
328 	kfree_skb(skb);
329 
330 	return 0;
331 }
332 EXPORT_SYMBOL_GPL(btintel_set_event_mask);
333 
334 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
335 {
336 	int err, ret;
337 
338 	err = btintel_enter_mfg(hdev);
339 	if (err)
340 		return err;
341 
342 	ret = btintel_set_event_mask(hdev, debug);
343 
344 	err = btintel_exit_mfg(hdev, false, false);
345 	if (err)
346 		return err;
347 
348 	return ret;
349 }
350 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
351 
352 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
353 {
354 	struct sk_buff *skb;
355 
356 	skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
357 	if (IS_ERR(skb)) {
358 		bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
359 			   PTR_ERR(skb));
360 		return PTR_ERR(skb);
361 	}
362 
363 	if (skb->len != sizeof(*ver)) {
364 		bt_dev_err(hdev, "Intel version event size mismatch");
365 		kfree_skb(skb);
366 		return -EILSEQ;
367 	}
368 
369 	memcpy(ver, skb->data, sizeof(*ver));
370 
371 	kfree_skb(skb);
372 
373 	return 0;
374 }
375 EXPORT_SYMBOL_GPL(btintel_read_version);
376 
377 /* ------- REGMAP IBT SUPPORT ------- */
378 
379 #define IBT_REG_MODE_8BIT  0x00
380 #define IBT_REG_MODE_16BIT 0x01
381 #define IBT_REG_MODE_32BIT 0x02
382 
383 struct regmap_ibt_context {
384 	struct hci_dev *hdev;
385 	__u16 op_write;
386 	__u16 op_read;
387 };
388 
389 struct ibt_cp_reg_access {
390 	__le32  addr;
391 	__u8    mode;
392 	__u8    len;
393 	__u8    data[0];
394 } __packed;
395 
396 struct ibt_rp_reg_access {
397 	__u8    status;
398 	__le32  addr;
399 	__u8    data[0];
400 } __packed;
401 
402 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
403 			   void *val, size_t val_size)
404 {
405 	struct regmap_ibt_context *ctx = context;
406 	struct ibt_cp_reg_access cp;
407 	struct ibt_rp_reg_access *rp;
408 	struct sk_buff *skb;
409 	int err = 0;
410 
411 	if (reg_size != sizeof(__le32))
412 		return -EINVAL;
413 
414 	switch (val_size) {
415 	case 1:
416 		cp.mode = IBT_REG_MODE_8BIT;
417 		break;
418 	case 2:
419 		cp.mode = IBT_REG_MODE_16BIT;
420 		break;
421 	case 4:
422 		cp.mode = IBT_REG_MODE_32BIT;
423 		break;
424 	default:
425 		return -EINVAL;
426 	}
427 
428 	/* regmap provides a little-endian formatted addr */
429 	cp.addr = *(__le32 *)addr;
430 	cp.len = val_size;
431 
432 	bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
433 
434 	skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
435 			   HCI_CMD_TIMEOUT);
436 	if (IS_ERR(skb)) {
437 		err = PTR_ERR(skb);
438 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
439 			   le32_to_cpu(cp.addr), err);
440 		return err;
441 	}
442 
443 	if (skb->len != sizeof(*rp) + val_size) {
444 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
445 			   le32_to_cpu(cp.addr));
446 		err = -EINVAL;
447 		goto done;
448 	}
449 
450 	rp = (struct ibt_rp_reg_access *)skb->data;
451 
452 	if (rp->addr != cp.addr) {
453 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
454 			   le32_to_cpu(rp->addr));
455 		err = -EINVAL;
456 		goto done;
457 	}
458 
459 	memcpy(val, rp->data, val_size);
460 
461 done:
462 	kfree_skb(skb);
463 	return err;
464 }
465 
466 static int regmap_ibt_gather_write(void *context,
467 				   const void *addr, size_t reg_size,
468 				   const void *val, size_t val_size)
469 {
470 	struct regmap_ibt_context *ctx = context;
471 	struct ibt_cp_reg_access *cp;
472 	struct sk_buff *skb;
473 	int plen = sizeof(*cp) + val_size;
474 	u8 mode;
475 	int err = 0;
476 
477 	if (reg_size != sizeof(__le32))
478 		return -EINVAL;
479 
480 	switch (val_size) {
481 	case 1:
482 		mode = IBT_REG_MODE_8BIT;
483 		break;
484 	case 2:
485 		mode = IBT_REG_MODE_16BIT;
486 		break;
487 	case 4:
488 		mode = IBT_REG_MODE_32BIT;
489 		break;
490 	default:
491 		return -EINVAL;
492 	}
493 
494 	cp = kmalloc(plen, GFP_KERNEL);
495 	if (!cp)
496 		return -ENOMEM;
497 
498 	/* regmap provides a little-endian formatted addr/value */
499 	cp->addr = *(__le32 *)addr;
500 	cp->mode = mode;
501 	cp->len = val_size;
502 	memcpy(&cp->data, val, val_size);
503 
504 	bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
505 
506 	skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
507 	if (IS_ERR(skb)) {
508 		err = PTR_ERR(skb);
509 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
510 			   le32_to_cpu(cp->addr), err);
511 		goto done;
512 	}
513 	kfree_skb(skb);
514 
515 done:
516 	kfree(cp);
517 	return err;
518 }
519 
520 static int regmap_ibt_write(void *context, const void *data, size_t count)
521 {
522 	/* data contains register+value, since we only support 32bit addr,
523 	 * minimum data size is 4 bytes.
524 	 */
525 	if (WARN_ONCE(count < 4, "Invalid register access"))
526 		return -EINVAL;
527 
528 	return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
529 }
530 
531 static void regmap_ibt_free_context(void *context)
532 {
533 	kfree(context);
534 }
535 
536 static struct regmap_bus regmap_ibt = {
537 	.read = regmap_ibt_read,
538 	.write = regmap_ibt_write,
539 	.gather_write = regmap_ibt_gather_write,
540 	.free_context = regmap_ibt_free_context,
541 	.reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
542 	.val_format_endian_default = REGMAP_ENDIAN_LITTLE,
543 };
544 
545 /* Config is the same for all register regions */
546 static const struct regmap_config regmap_ibt_cfg = {
547 	.name      = "btintel_regmap",
548 	.reg_bits  = 32,
549 	.val_bits  = 32,
550 };
551 
552 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
553 				   u16 opcode_write)
554 {
555 	struct regmap_ibt_context *ctx;
556 
557 	bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
558 		    opcode_write);
559 
560 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
561 	if (!ctx)
562 		return ERR_PTR(-ENOMEM);
563 
564 	ctx->op_read = opcode_read;
565 	ctx->op_write = opcode_write;
566 	ctx->hdev = hdev;
567 
568 	return regmap_init(&hdev->dev, &regmap_ibt, ctx, &regmap_ibt_cfg);
569 }
570 EXPORT_SYMBOL_GPL(btintel_regmap_init);
571 
572 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
573 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
574 MODULE_VERSION(VERSION);
575 MODULE_LICENSE("GPL");
576 MODULE_FIRMWARE("intel/ibt-11-5.sfi");
577 MODULE_FIRMWARE("intel/ibt-11-5.ddc");
578