1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Bluetooth support for Realtek devices 4 * 5 * Copyright (C) 2015 Endless Mobile, Inc. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/firmware.h> 10 #include <asm/unaligned.h> 11 #include <linux/usb.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 16 #include "btrtl.h" 17 18 #define VERSION "0.1" 19 20 #define RTL_CHIP_8723CS_CG 3 21 #define RTL_CHIP_8723CS_VF 4 22 #define RTL_CHIP_8723CS_XX 5 23 #define RTL_EPATCH_SIGNATURE "Realtech" 24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore" 25 #define RTL_ROM_LMP_8703B 0x8703 26 #define RTL_ROM_LMP_8723A 0x1200 27 #define RTL_ROM_LMP_8723B 0x8723 28 #define RTL_ROM_LMP_8821A 0x8821 29 #define RTL_ROM_LMP_8761A 0x8761 30 #define RTL_ROM_LMP_8822B 0x8822 31 #define RTL_ROM_LMP_8852A 0x8852 32 #define RTL_ROM_LMP_8851B 0x8851 33 #define RTL_ROM_LMP_8922A 0x8922 34 #define RTL_CONFIG_MAGIC 0x8723ab55 35 36 #define RTL_VSC_OP_COREDUMP 0xfcff 37 38 #define IC_MATCH_FL_LMPSUBV (1 << 0) 39 #define IC_MATCH_FL_HCIREV (1 << 1) 40 #define IC_MATCH_FL_HCIVER (1 << 2) 41 #define IC_MATCH_FL_HCIBUS (1 << 3) 42 #define IC_MATCH_FL_CHIP_TYPE (1 << 4) 43 #define IC_INFO(lmps, hcir, hciv, bus) \ 44 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ 45 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ 46 .lmp_subver = (lmps), \ 47 .hci_rev = (hcir), \ 48 .hci_ver = (hciv), \ 49 .hci_bus = (bus) 50 51 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}}) 52 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}}) 53 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}}) 54 55 #define RTL_PATCH_SNIPPETS 0x01 56 #define RTL_PATCH_DUMMY_HEADER 0x02 57 #define RTL_PATCH_SECURITY_HEADER 0x03 58 59 enum btrtl_chip_id { 60 CHIP_ID_8723A, 61 CHIP_ID_8723B, 62 CHIP_ID_8821A, 63 CHIP_ID_8761A, 64 CHIP_ID_8822B = 8, 65 CHIP_ID_8723D, 66 CHIP_ID_8821C, 67 CHIP_ID_8822C = 13, 68 CHIP_ID_8761B, 69 CHIP_ID_8852A = 18, 70 CHIP_ID_8852B = 20, 71 CHIP_ID_8852C = 25, 72 CHIP_ID_8851B = 36, 73 CHIP_ID_8922A = 44, 74 CHIP_ID_8852BT = 47, 75 }; 76 77 struct id_table { 78 __u16 match_flags; 79 __u16 lmp_subver; 80 __u16 hci_rev; 81 __u8 hci_ver; 82 __u8 hci_bus; 83 __u8 chip_type; 84 bool config_needed; 85 bool has_rom_version; 86 bool has_msft_ext; 87 char *fw_name; 88 char *cfg_name; 89 char *hw_info; 90 }; 91 92 struct btrtl_device_info { 93 const struct id_table *ic_info; 94 u8 rom_version; 95 u8 *fw_data; 96 int fw_len; 97 u8 *cfg_data; 98 int cfg_len; 99 bool drop_fw; 100 int project_id; 101 u8 key_id; 102 struct list_head patch_subsecs; 103 }; 104 105 static const struct id_table ic_id_table[] = { 106 /* 8723A */ 107 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), 108 .config_needed = false, 109 .has_rom_version = false, 110 .fw_name = "rtl_bt/rtl8723a_fw", 111 .cfg_name = NULL, 112 .hw_info = "rtl8723au" }, 113 114 /* 8723BS */ 115 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), 116 .config_needed = true, 117 .has_rom_version = true, 118 .fw_name = "rtl_bt/rtl8723bs_fw", 119 .cfg_name = "rtl_bt/rtl8723bs_config", 120 .hw_info = "rtl8723bs" }, 121 122 /* 8723B */ 123 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), 124 .config_needed = false, 125 .has_rom_version = true, 126 .fw_name = "rtl_bt/rtl8723b_fw", 127 .cfg_name = "rtl_bt/rtl8723b_config", 128 .hw_info = "rtl8723bu" }, 129 130 /* 8723CS-CG */ 131 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 132 IC_MATCH_FL_HCIBUS, 133 .lmp_subver = RTL_ROM_LMP_8703B, 134 .chip_type = RTL_CHIP_8723CS_CG, 135 .hci_bus = HCI_UART, 136 .config_needed = true, 137 .has_rom_version = true, 138 .fw_name = "rtl_bt/rtl8723cs_cg_fw", 139 .cfg_name = "rtl_bt/rtl8723cs_cg_config", 140 .hw_info = "rtl8723cs-cg" }, 141 142 /* 8723CS-VF */ 143 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 144 IC_MATCH_FL_HCIBUS, 145 .lmp_subver = RTL_ROM_LMP_8703B, 146 .chip_type = RTL_CHIP_8723CS_VF, 147 .hci_bus = HCI_UART, 148 .config_needed = true, 149 .has_rom_version = true, 150 .fw_name = "rtl_bt/rtl8723cs_vf_fw", 151 .cfg_name = "rtl_bt/rtl8723cs_vf_config", 152 .hw_info = "rtl8723cs-vf" }, 153 154 /* 8723CS-XX */ 155 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 156 IC_MATCH_FL_HCIBUS, 157 .lmp_subver = RTL_ROM_LMP_8703B, 158 .chip_type = RTL_CHIP_8723CS_XX, 159 .hci_bus = HCI_UART, 160 .config_needed = true, 161 .has_rom_version = true, 162 .fw_name = "rtl_bt/rtl8723cs_xx_fw", 163 .cfg_name = "rtl_bt/rtl8723cs_xx_config", 164 .hw_info = "rtl8723cs" }, 165 166 /* 8723D */ 167 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), 168 .config_needed = true, 169 .has_rom_version = true, 170 .fw_name = "rtl_bt/rtl8723d_fw", 171 .cfg_name = "rtl_bt/rtl8723d_config", 172 .hw_info = "rtl8723du" }, 173 174 /* 8723DS */ 175 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), 176 .config_needed = true, 177 .has_rom_version = true, 178 .fw_name = "rtl_bt/rtl8723ds_fw", 179 .cfg_name = "rtl_bt/rtl8723ds_config", 180 .hw_info = "rtl8723ds" }, 181 182 /* 8821A */ 183 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), 184 .config_needed = false, 185 .has_rom_version = true, 186 .fw_name = "rtl_bt/rtl8821a_fw", 187 .cfg_name = "rtl_bt/rtl8821a_config", 188 .hw_info = "rtl8821au" }, 189 190 /* 8821C */ 191 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), 192 .config_needed = false, 193 .has_rom_version = true, 194 .has_msft_ext = true, 195 .fw_name = "rtl_bt/rtl8821c_fw", 196 .cfg_name = "rtl_bt/rtl8821c_config", 197 .hw_info = "rtl8821cu" }, 198 199 /* 8821CS */ 200 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART), 201 .config_needed = true, 202 .has_rom_version = true, 203 .has_msft_ext = true, 204 .fw_name = "rtl_bt/rtl8821cs_fw", 205 .cfg_name = "rtl_bt/rtl8821cs_config", 206 .hw_info = "rtl8821cs" }, 207 208 /* 8761A */ 209 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), 210 .config_needed = false, 211 .has_rom_version = true, 212 .fw_name = "rtl_bt/rtl8761a_fw", 213 .cfg_name = "rtl_bt/rtl8761a_config", 214 .hw_info = "rtl8761au" }, 215 216 /* 8761B */ 217 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART), 218 .config_needed = false, 219 .has_rom_version = true, 220 .has_msft_ext = true, 221 .fw_name = "rtl_bt/rtl8761b_fw", 222 .cfg_name = "rtl_bt/rtl8761b_config", 223 .hw_info = "rtl8761btv" }, 224 225 /* 8761BU */ 226 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), 227 .config_needed = false, 228 .has_rom_version = true, 229 .fw_name = "rtl_bt/rtl8761bu_fw", 230 .cfg_name = "rtl_bt/rtl8761bu_config", 231 .hw_info = "rtl8761bu" }, 232 233 /* 8822C with UART interface */ 234 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 235 .config_needed = true, 236 .has_rom_version = true, 237 .has_msft_ext = true, 238 .fw_name = "rtl_bt/rtl8822cs_fw", 239 .cfg_name = "rtl_bt/rtl8822cs_config", 240 .hw_info = "rtl8822cs" }, 241 242 /* 8822C with UART interface */ 243 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), 244 .config_needed = true, 245 .has_rom_version = true, 246 .has_msft_ext = true, 247 .fw_name = "rtl_bt/rtl8822cs_fw", 248 .cfg_name = "rtl_bt/rtl8822cs_config", 249 .hw_info = "rtl8822cs" }, 250 251 /* 8822C with USB interface */ 252 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), 253 .config_needed = false, 254 .has_rom_version = true, 255 .has_msft_ext = true, 256 .fw_name = "rtl_bt/rtl8822cu_fw", 257 .cfg_name = "rtl_bt/rtl8822cu_config", 258 .hw_info = "rtl8822cu" }, 259 260 /* 8822B */ 261 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), 262 .config_needed = true, 263 .has_rom_version = true, 264 .has_msft_ext = true, 265 .fw_name = "rtl_bt/rtl8822b_fw", 266 .cfg_name = "rtl_bt/rtl8822b_config", 267 .hw_info = "rtl8822bu" }, 268 269 /* 8852A */ 270 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), 271 .config_needed = false, 272 .has_rom_version = true, 273 .has_msft_ext = true, 274 .fw_name = "rtl_bt/rtl8852au_fw", 275 .cfg_name = "rtl_bt/rtl8852au_config", 276 .hw_info = "rtl8852au" }, 277 278 /* 8852B with UART interface */ 279 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART), 280 .config_needed = true, 281 .has_rom_version = true, 282 .has_msft_ext = true, 283 .fw_name = "rtl_bt/rtl8852bs_fw", 284 .cfg_name = "rtl_bt/rtl8852bs_config", 285 .hw_info = "rtl8852bs" }, 286 287 /* 8852B */ 288 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB), 289 .config_needed = false, 290 .has_rom_version = true, 291 .has_msft_ext = true, 292 .fw_name = "rtl_bt/rtl8852bu_fw", 293 .cfg_name = "rtl_bt/rtl8852bu_config", 294 .hw_info = "rtl8852bu" }, 295 296 /* 8852C */ 297 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB), 298 .config_needed = false, 299 .has_rom_version = true, 300 .has_msft_ext = true, 301 .fw_name = "rtl_bt/rtl8852cu_fw", 302 .cfg_name = "rtl_bt/rtl8852cu_config", 303 .hw_info = "rtl8852cu" }, 304 305 /* 8851B */ 306 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB), 307 .config_needed = false, 308 .has_rom_version = true, 309 .has_msft_ext = false, 310 .fw_name = "rtl_bt/rtl8851bu_fw", 311 .cfg_name = "rtl_bt/rtl8851bu_config", 312 .hw_info = "rtl8851bu" }, 313 314 /* 8922A */ 315 { IC_INFO(RTL_ROM_LMP_8922A, 0xa, 0xc, HCI_USB), 316 .config_needed = false, 317 .has_rom_version = true, 318 .has_msft_ext = true, 319 .fw_name = "rtl_bt/rtl8922au_fw", 320 .cfg_name = "rtl_bt/rtl8922au_config", 321 .hw_info = "rtl8922au" }, 322 323 /* 8852BT/8852BE-VT */ 324 { IC_INFO(RTL_ROM_LMP_8852A, 0x87, 0xc, HCI_USB), 325 .config_needed = false, 326 .has_rom_version = true, 327 .has_msft_ext = true, 328 .fw_name = "rtl_bt/rtl8852btu_fw", 329 .cfg_name = "rtl_bt/rtl8852btu_config", 330 .hw_info = "rtl8852btu" }, 331 }; 332 333 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, 334 u8 hci_ver, u8 hci_bus, 335 u8 chip_type) 336 { 337 int i; 338 339 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 340 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && 341 (ic_id_table[i].lmp_subver != lmp_subver)) 342 continue; 343 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && 344 (ic_id_table[i].hci_rev != hci_rev)) 345 continue; 346 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 347 (ic_id_table[i].hci_ver != hci_ver)) 348 continue; 349 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 350 (ic_id_table[i].hci_bus != hci_bus)) 351 continue; 352 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) && 353 (ic_id_table[i].chip_type != chip_type)) 354 continue; 355 356 break; 357 } 358 if (i >= ARRAY_SIZE(ic_id_table)) 359 return NULL; 360 361 return &ic_id_table[i]; 362 } 363 364 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) 365 { 366 struct sk_buff *skb; 367 368 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 369 HCI_INIT_TIMEOUT); 370 if (IS_ERR(skb)) { 371 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", 372 PTR_ERR(skb)); 373 return skb; 374 } 375 376 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 377 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); 378 kfree_skb(skb); 379 return ERR_PTR(-EIO); 380 } 381 382 return skb; 383 } 384 385 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 386 { 387 struct rtl_rom_version_evt *rom_version; 388 struct sk_buff *skb; 389 390 /* Read RTL ROM version command */ 391 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 392 if (IS_ERR(skb)) { 393 rtl_dev_err(hdev, "Read ROM version failed (%ld)", 394 PTR_ERR(skb)); 395 return PTR_ERR(skb); 396 } 397 398 if (skb->len != sizeof(*rom_version)) { 399 rtl_dev_err(hdev, "version event length mismatch"); 400 kfree_skb(skb); 401 return -EIO; 402 } 403 404 rom_version = (struct rtl_rom_version_evt *)skb->data; 405 rtl_dev_info(hdev, "rom_version status=%x version=%x", 406 rom_version->status, rom_version->version); 407 408 *version = rom_version->version; 409 410 kfree_skb(skb); 411 return 0; 412 } 413 414 static int btrtl_vendor_read_reg16(struct hci_dev *hdev, 415 struct rtl_vendor_cmd *cmd, u8 *rp) 416 { 417 struct sk_buff *skb; 418 int err = 0; 419 420 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd, 421 HCI_INIT_TIMEOUT); 422 if (IS_ERR(skb)) { 423 err = PTR_ERR(skb); 424 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err); 425 return err; 426 } 427 428 if (skb->len != 3 || skb->data[0]) { 429 bt_dev_err(hdev, "RTL: Read reg16 length mismatch"); 430 kfree_skb(skb); 431 return -EIO; 432 } 433 434 if (rp) 435 memcpy(rp, skb->data + 1, 2); 436 437 kfree_skb(skb); 438 439 return 0; 440 } 441 442 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) 443 { 444 void *data = iov->data; 445 446 if (iov->len < len) 447 return NULL; 448 449 iov->data += len; 450 iov->len -= len; 451 452 return data; 453 } 454 455 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node, 456 struct btrtl_device_info *btrtl_dev) 457 { 458 struct list_head *pos; 459 struct list_head *next; 460 struct rtl_subsection *subsec; 461 462 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) { 463 subsec = list_entry(pos, struct rtl_subsection, list); 464 if (subsec->prio >= node->prio) 465 break; 466 } 467 __list_add(&node->list, pos->prev, pos); 468 } 469 470 static int btrtl_parse_section(struct hci_dev *hdev, 471 struct btrtl_device_info *btrtl_dev, u32 opcode, 472 u8 *data, u32 len) 473 { 474 struct rtl_section_hdr *hdr; 475 struct rtl_subsection *subsec; 476 struct rtl_common_subsec *common_subsec; 477 struct rtl_sec_hdr *sec_hdr; 478 int i; 479 u8 *ptr; 480 u16 num_subsecs; 481 u32 subsec_len; 482 int rc = 0; 483 struct rtl_iovec iov = { 484 .data = data, 485 .len = len, 486 }; 487 488 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 489 if (!hdr) 490 return -EINVAL; 491 num_subsecs = le16_to_cpu(hdr->num); 492 493 for (i = 0; i < num_subsecs; i++) { 494 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec)); 495 if (!common_subsec) 496 break; 497 subsec_len = le32_to_cpu(common_subsec->len); 498 499 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x", 500 common_subsec->eco, subsec_len); 501 502 ptr = rtl_iov_pull_data(&iov, subsec_len); 503 if (!ptr) 504 break; 505 506 if (common_subsec->eco != btrtl_dev->rom_version + 1) 507 continue; 508 509 switch (opcode) { 510 case RTL_PATCH_SECURITY_HEADER: 511 sec_hdr = (void *)common_subsec; 512 if (sec_hdr->key_id != btrtl_dev->key_id) 513 continue; 514 break; 515 } 516 517 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL); 518 if (!subsec) 519 return -ENOMEM; 520 subsec->opcode = opcode; 521 subsec->prio = common_subsec->prio; 522 subsec->len = subsec_len; 523 subsec->data = ptr; 524 btrtl_insert_ordered_subsec(subsec, btrtl_dev); 525 rc += subsec_len; 526 } 527 528 return rc; 529 } 530 531 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev, 532 struct btrtl_device_info *btrtl_dev, 533 unsigned char **_buf) 534 { 535 struct rtl_epatch_header_v2 *hdr; 536 int rc; 537 u8 reg_val[2]; 538 u8 key_id; 539 u32 num_sections; 540 struct rtl_section *section; 541 struct rtl_subsection *entry, *tmp; 542 u32 section_len; 543 u32 opcode; 544 int len = 0; 545 int i; 546 u8 *ptr; 547 struct rtl_iovec iov = { 548 .data = btrtl_dev->fw_data, 549 .len = btrtl_dev->fw_len - 7, /* Cut the tail */ 550 }; 551 552 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val); 553 if (rc < 0) 554 return -EIO; 555 key_id = reg_val[0]; 556 557 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id); 558 559 btrtl_dev->key_id = key_id; 560 561 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 562 if (!hdr) 563 return -EINVAL; 564 num_sections = le32_to_cpu(hdr->num_sections); 565 566 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version), 567 *((u32 *)(hdr->fw_version + 4))); 568 569 for (i = 0; i < num_sections; i++) { 570 section = rtl_iov_pull_data(&iov, sizeof(*section)); 571 if (!section) 572 break; 573 section_len = le32_to_cpu(section->len); 574 opcode = le32_to_cpu(section->opcode); 575 576 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode); 577 578 ptr = rtl_iov_pull_data(&iov, section_len); 579 if (!ptr) 580 break; 581 582 switch (opcode) { 583 case RTL_PATCH_SNIPPETS: 584 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 585 ptr, section_len); 586 break; 587 case RTL_PATCH_SECURITY_HEADER: 588 /* If key_id from chip is zero, ignore all security 589 * headers. 590 */ 591 if (!key_id) 592 break; 593 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 594 ptr, section_len); 595 break; 596 case RTL_PATCH_DUMMY_HEADER: 597 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 598 ptr, section_len); 599 break; 600 default: 601 rc = 0; 602 break; 603 } 604 if (rc < 0) { 605 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d", 606 opcode, rc); 607 return rc; 608 } 609 len += rc; 610 } 611 612 if (!len) 613 return -ENODATA; 614 615 /* Allocate mem and copy all found subsecs. */ 616 ptr = kvmalloc(len, GFP_KERNEL); 617 if (!ptr) 618 return -ENOMEM; 619 620 len = 0; 621 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 622 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x", 623 entry->opcode, entry->data, entry->len); 624 memcpy(ptr + len, entry->data, entry->len); 625 len += entry->len; 626 } 627 628 if (!len) 629 return -EPERM; 630 631 *_buf = ptr; 632 return len; 633 } 634 635 static int rtlbt_parse_firmware(struct hci_dev *hdev, 636 struct btrtl_device_info *btrtl_dev, 637 unsigned char **_buf) 638 { 639 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 640 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 641 struct rtl_epatch_header *epatch_info; 642 unsigned char *buf; 643 int i, len; 644 size_t min_size; 645 u8 opcode, length, data; 646 int project_id = -1; 647 const unsigned char *fwptr, *chip_id_base; 648 const unsigned char *patch_length_base, *patch_offset_base; 649 u32 patch_offset = 0; 650 u16 patch_length, num_patches; 651 static const struct { 652 __u16 lmp_subver; 653 __u8 id; 654 } project_id_to_lmp_subver[] = { 655 { RTL_ROM_LMP_8723A, 0 }, 656 { RTL_ROM_LMP_8723B, 1 }, 657 { RTL_ROM_LMP_8821A, 2 }, 658 { RTL_ROM_LMP_8761A, 3 }, 659 { RTL_ROM_LMP_8703B, 7 }, 660 { RTL_ROM_LMP_8822B, 8 }, 661 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ 662 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 663 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ 664 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ 665 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ 666 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */ 667 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */ 668 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */ 669 { RTL_ROM_LMP_8922A, 44 }, /* 8922A */ 670 { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */ 671 }; 672 673 if (btrtl_dev->fw_len <= 8) 674 return -EINVAL; 675 676 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) 677 min_size = sizeof(struct rtl_epatch_header) + 678 sizeof(extension_sig) + 3; 679 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 680 min_size = sizeof(struct rtl_epatch_header_v2) + 681 sizeof(extension_sig) + 3; 682 else 683 return -EINVAL; 684 685 if (btrtl_dev->fw_len < min_size) 686 return -EINVAL; 687 688 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); 689 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 690 rtl_dev_err(hdev, "extension section signature mismatch"); 691 return -EINVAL; 692 } 693 694 /* Loop from the end of the firmware parsing instructions, until 695 * we find an instruction that identifies the "project ID" for the 696 * hardware supported by this firwmare file. 697 * Once we have that, we double-check that project_id is suitable 698 * for the hardware we are working with. 699 */ 700 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { 701 opcode = *--fwptr; 702 length = *--fwptr; 703 data = *--fwptr; 704 705 BT_DBG("check op=%x len=%x data=%x", opcode, length, data); 706 707 if (opcode == 0xff) /* EOF */ 708 break; 709 710 if (length == 0) { 711 rtl_dev_err(hdev, "found instruction with length 0"); 712 return -EINVAL; 713 } 714 715 if (opcode == 0 && length == 1) { 716 project_id = data; 717 break; 718 } 719 720 fwptr -= length; 721 } 722 723 if (project_id < 0) { 724 rtl_dev_err(hdev, "failed to find version instruction"); 725 return -EINVAL; 726 } 727 728 /* Find project_id in table */ 729 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { 730 if (project_id == project_id_to_lmp_subver[i].id) { 731 btrtl_dev->project_id = project_id; 732 break; 733 } 734 } 735 736 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 737 rtl_dev_err(hdev, "unknown project id %d", project_id); 738 return -EINVAL; 739 } 740 741 if (btrtl_dev->ic_info->lmp_subver != 742 project_id_to_lmp_subver[i].lmp_subver) { 743 rtl_dev_err(hdev, "firmware is for %x but this is a %x", 744 project_id_to_lmp_subver[i].lmp_subver, 745 btrtl_dev->ic_info->lmp_subver); 746 return -EINVAL; 747 } 748 749 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) { 750 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 751 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf); 752 rtl_dev_err(hdev, "bad EPATCH signature"); 753 return -EINVAL; 754 } 755 756 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; 757 num_patches = le16_to_cpu(epatch_info->num_patches); 758 759 BT_DBG("fw_version=%x, num_patches=%d", 760 le32_to_cpu(epatch_info->fw_version), num_patches); 761 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version); 762 763 /* After the rtl_epatch_header there is a funky patch metadata section. 764 * Assuming 2 patches, the layout is: 765 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 766 * 767 * Find the right patch for this chip. 768 */ 769 min_size += 8 * num_patches; 770 if (btrtl_dev->fw_len < min_size) 771 return -EINVAL; 772 773 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); 774 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 775 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 776 for (i = 0; i < num_patches; i++) { 777 u16 chip_id = get_unaligned_le16(chip_id_base + 778 (i * sizeof(u16))); 779 if (chip_id == btrtl_dev->rom_version + 1) { 780 patch_length = get_unaligned_le16(patch_length_base + 781 (i * sizeof(u16))); 782 patch_offset = get_unaligned_le32(patch_offset_base + 783 (i * sizeof(u32))); 784 break; 785 } 786 } 787 788 if (!patch_offset) { 789 rtl_dev_err(hdev, "didn't find patch for chip id %d", 790 btrtl_dev->rom_version); 791 return -EINVAL; 792 } 793 794 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 795 min_size = patch_offset + patch_length; 796 if (btrtl_dev->fw_len < min_size) 797 return -EINVAL; 798 799 /* Copy the firmware into a new buffer and write the version at 800 * the end. 801 */ 802 len = patch_length; 803 buf = kvmalloc(patch_length, GFP_KERNEL); 804 if (!buf) 805 return -ENOMEM; 806 807 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); 808 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); 809 810 *_buf = buf; 811 return len; 812 } 813 814 static int rtl_download_firmware(struct hci_dev *hdev, 815 const unsigned char *data, int fw_len) 816 { 817 struct rtl_download_cmd *dl_cmd; 818 int frag_num = fw_len / RTL_FRAG_LEN + 1; 819 int frag_len = RTL_FRAG_LEN; 820 int ret = 0; 821 int i; 822 int j = 0; 823 struct sk_buff *skb; 824 struct hci_rp_read_local_version *rp; 825 826 dl_cmd = kmalloc(sizeof(*dl_cmd), GFP_KERNEL); 827 if (!dl_cmd) 828 return -ENOMEM; 829 830 for (i = 0; i < frag_num; i++) { 831 struct sk_buff *skb; 832 833 dl_cmd->index = j++; 834 if (dl_cmd->index == 0x7f) 835 j = 1; 836 837 if (i == (frag_num - 1)) { 838 dl_cmd->index |= 0x80; /* data end */ 839 frag_len = fw_len % RTL_FRAG_LEN; 840 } 841 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i, 842 frag_num, dl_cmd->index); 843 memcpy(dl_cmd->data, data, frag_len); 844 845 /* Send download command */ 846 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 847 HCI_INIT_TIMEOUT); 848 if (IS_ERR(skb)) { 849 rtl_dev_err(hdev, "download fw command failed (%ld)", 850 PTR_ERR(skb)); 851 ret = PTR_ERR(skb); 852 goto out; 853 } 854 855 if (skb->len != sizeof(struct rtl_download_response)) { 856 rtl_dev_err(hdev, "download fw event length mismatch"); 857 kfree_skb(skb); 858 ret = -EIO; 859 goto out; 860 } 861 862 kfree_skb(skb); 863 data += RTL_FRAG_LEN; 864 } 865 866 skb = btrtl_read_local_version(hdev); 867 if (IS_ERR(skb)) { 868 ret = PTR_ERR(skb); 869 rtl_dev_err(hdev, "read local version failed"); 870 goto out; 871 } 872 873 rp = (struct hci_rp_read_local_version *)skb->data; 874 rtl_dev_info(hdev, "fw version 0x%04x%04x", 875 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); 876 kfree_skb(skb); 877 878 out: 879 kfree(dl_cmd); 880 return ret; 881 } 882 883 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) 884 { 885 const struct firmware *fw; 886 int ret; 887 888 rtl_dev_info(hdev, "loading %s", name); 889 ret = request_firmware(&fw, name, &hdev->dev); 890 if (ret < 0) 891 return ret; 892 ret = fw->size; 893 *buff = kvmemdup(fw->data, fw->size, GFP_KERNEL); 894 if (!*buff) 895 ret = -ENOMEM; 896 897 release_firmware(fw); 898 899 return ret; 900 } 901 902 static int btrtl_setup_rtl8723a(struct hci_dev *hdev, 903 struct btrtl_device_info *btrtl_dev) 904 { 905 if (btrtl_dev->fw_len < 8) 906 return -EINVAL; 907 908 /* Check that the firmware doesn't have the epatch signature 909 * (which is only for RTL8723B and newer). 910 */ 911 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { 912 rtl_dev_err(hdev, "unexpected EPATCH signature!"); 913 return -EINVAL; 914 } 915 916 return rtl_download_firmware(hdev, btrtl_dev->fw_data, 917 btrtl_dev->fw_len); 918 } 919 920 static int btrtl_setup_rtl8723b(struct hci_dev *hdev, 921 struct btrtl_device_info *btrtl_dev) 922 { 923 unsigned char *fw_data = NULL; 924 int ret; 925 u8 *tbuff; 926 927 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); 928 if (ret < 0) 929 goto out; 930 931 if (btrtl_dev->cfg_len > 0) { 932 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); 933 if (!tbuff) { 934 ret = -ENOMEM; 935 goto out; 936 } 937 938 memcpy(tbuff, fw_data, ret); 939 kvfree(fw_data); 940 941 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); 942 ret += btrtl_dev->cfg_len; 943 944 fw_data = tbuff; 945 } 946 947 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); 948 949 ret = rtl_download_firmware(hdev, fw_data, ret); 950 951 out: 952 kvfree(fw_data); 953 return ret; 954 } 955 956 static void btrtl_coredump(struct hci_dev *hdev) 957 { 958 static const u8 param[] = { 0x00, 0x00 }; 959 960 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param); 961 } 962 963 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb) 964 { 965 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 966 char buf[80]; 967 968 if (coredump_info->rtl_dump.controller) 969 snprintf(buf, sizeof(buf), "Controller Name: %s\n", 970 coredump_info->rtl_dump.controller); 971 else 972 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n"); 973 skb_put_data(skb, buf, strlen(buf)); 974 975 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 976 coredump_info->rtl_dump.fw_version); 977 skb_put_data(skb, buf, strlen(buf)); 978 979 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name); 980 skb_put_data(skb, buf, strlen(buf)); 981 982 snprintf(buf, sizeof(buf), "Vendor: Realtek\n"); 983 skb_put_data(skb, buf, strlen(buf)); 984 } 985 986 static void btrtl_register_devcoredump_support(struct hci_dev *hdev) 987 { 988 hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL); 989 990 } 991 992 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name) 993 { 994 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 995 996 coredump_info->rtl_dump.driver_name = driver_name; 997 } 998 EXPORT_SYMBOL_GPL(btrtl_set_driver_name); 999 1000 static bool rtl_has_chip_type(u16 lmp_subver) 1001 { 1002 switch (lmp_subver) { 1003 case RTL_ROM_LMP_8703B: 1004 return true; 1005 default: 1006 break; 1007 } 1008 1009 return false; 1010 } 1011 1012 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type) 1013 { 1014 struct rtl_chip_type_evt *chip_type; 1015 struct sk_buff *skb; 1016 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0}; 1017 1018 /* Read RTL chip type command */ 1019 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT); 1020 if (IS_ERR(skb)) { 1021 rtl_dev_err(hdev, "Read chip type failed (%ld)", 1022 PTR_ERR(skb)); 1023 return PTR_ERR(skb); 1024 } 1025 1026 chip_type = skb_pull_data(skb, sizeof(*chip_type)); 1027 if (!chip_type) { 1028 rtl_dev_err(hdev, "RTL chip type event length mismatch"); 1029 kfree_skb(skb); 1030 return -EIO; 1031 } 1032 1033 rtl_dev_info(hdev, "chip_type status=%x type=%x", 1034 chip_type->status, chip_type->type); 1035 1036 *type = chip_type->type & 0x0f; 1037 1038 kfree_skb(skb); 1039 return 0; 1040 } 1041 1042 void btrtl_free(struct btrtl_device_info *btrtl_dev) 1043 { 1044 struct rtl_subsection *entry, *tmp; 1045 1046 kvfree(btrtl_dev->fw_data); 1047 kvfree(btrtl_dev->cfg_data); 1048 1049 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 1050 list_del(&entry->list); 1051 kfree(entry); 1052 } 1053 1054 kfree(btrtl_dev); 1055 } 1056 EXPORT_SYMBOL_GPL(btrtl_free); 1057 1058 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, 1059 const char *postfix) 1060 { 1061 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 1062 struct btrtl_device_info *btrtl_dev; 1063 struct sk_buff *skb; 1064 struct hci_rp_read_local_version *resp; 1065 struct hci_command_hdr *cmd; 1066 char fw_name[40]; 1067 char cfg_name[40]; 1068 u16 hci_rev, lmp_subver; 1069 u8 hci_ver, lmp_ver, chip_type = 0; 1070 int ret; 1071 u8 reg_val[2]; 1072 1073 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); 1074 if (!btrtl_dev) { 1075 ret = -ENOMEM; 1076 goto err_alloc; 1077 } 1078 1079 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); 1080 1081 check_version: 1082 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val); 1083 if (ret < 0) 1084 goto err_free; 1085 lmp_subver = get_unaligned_le16(reg_val); 1086 1087 if (lmp_subver == RTL_ROM_LMP_8822B) { 1088 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val); 1089 if (ret < 0) 1090 goto err_free; 1091 hci_rev = get_unaligned_le16(reg_val); 1092 1093 /* 8822E */ 1094 if (hci_rev == 0x000e) { 1095 hci_ver = 0x0c; 1096 lmp_ver = 0x0c; 1097 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, 1098 hci_ver, hdev->bus, 1099 chip_type); 1100 goto next; 1101 } 1102 } 1103 1104 skb = btrtl_read_local_version(hdev); 1105 if (IS_ERR(skb)) { 1106 ret = PTR_ERR(skb); 1107 goto err_free; 1108 } 1109 1110 resp = (struct hci_rp_read_local_version *)skb->data; 1111 1112 hci_ver = resp->hci_ver; 1113 hci_rev = le16_to_cpu(resp->hci_rev); 1114 lmp_ver = resp->lmp_ver; 1115 lmp_subver = le16_to_cpu(resp->lmp_subver); 1116 1117 kfree_skb(skb); 1118 1119 if (rtl_has_chip_type(lmp_subver)) { 1120 ret = rtl_read_chip_type(hdev, &chip_type); 1121 if (ret) 1122 goto err_free; 1123 } 1124 1125 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 1126 hdev->bus, chip_type); 1127 1128 next: 1129 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 1130 hci_ver, hci_rev, 1131 lmp_ver, lmp_subver); 1132 1133 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw) 1134 btrtl_dev->drop_fw = true; 1135 else 1136 btrtl_dev->drop_fw = false; 1137 1138 if (btrtl_dev->drop_fw) { 1139 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL); 1140 if (!skb) 1141 goto err_free; 1142 1143 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE); 1144 cmd->opcode = cpu_to_le16(0xfc66); 1145 cmd->plen = 0; 1146 1147 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 1148 1149 ret = hdev->send(hdev, skb); 1150 if (ret < 0) { 1151 bt_dev_err(hdev, "sending frame failed (%d)", ret); 1152 kfree_skb(skb); 1153 goto err_free; 1154 } 1155 1156 /* Ensure the above vendor command is sent to controller and 1157 * process has done. 1158 */ 1159 msleep(200); 1160 1161 goto check_version; 1162 } 1163 1164 if (!btrtl_dev->ic_info) { 1165 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", 1166 lmp_subver, hci_rev, hci_ver); 1167 return btrtl_dev; 1168 } 1169 1170 if (btrtl_dev->ic_info->has_rom_version) { 1171 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); 1172 if (ret) 1173 goto err_free; 1174 } 1175 1176 if (!btrtl_dev->ic_info->fw_name) { 1177 ret = -ENOMEM; 1178 goto err_free; 1179 } 1180 1181 btrtl_dev->fw_len = -EIO; 1182 if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) { 1183 snprintf(fw_name, sizeof(fw_name), "%s_v2.bin", 1184 btrtl_dev->ic_info->fw_name); 1185 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1186 &btrtl_dev->fw_data); 1187 } 1188 1189 if (btrtl_dev->fw_len < 0) { 1190 snprintf(fw_name, sizeof(fw_name), "%s.bin", 1191 btrtl_dev->ic_info->fw_name); 1192 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1193 &btrtl_dev->fw_data); 1194 } 1195 1196 if (btrtl_dev->fw_len < 0) { 1197 rtl_dev_err(hdev, "firmware file %s not found", 1198 btrtl_dev->ic_info->fw_name); 1199 ret = btrtl_dev->fw_len; 1200 goto err_free; 1201 } 1202 1203 if (btrtl_dev->ic_info->cfg_name) { 1204 if (postfix) { 1205 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", 1206 btrtl_dev->ic_info->cfg_name, postfix); 1207 } else { 1208 snprintf(cfg_name, sizeof(cfg_name), "%s.bin", 1209 btrtl_dev->ic_info->cfg_name); 1210 } 1211 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, 1212 &btrtl_dev->cfg_data); 1213 if (btrtl_dev->ic_info->config_needed && 1214 btrtl_dev->cfg_len <= 0) { 1215 rtl_dev_err(hdev, "mandatory config file %s not found", 1216 btrtl_dev->ic_info->cfg_name); 1217 ret = btrtl_dev->cfg_len; 1218 goto err_free; 1219 } 1220 } 1221 1222 /* The following chips supports the Microsoft vendor extension, 1223 * therefore set the corresponding VsMsftOpCode. 1224 */ 1225 if (btrtl_dev->ic_info->has_msft_ext) 1226 hci_set_msft_opcode(hdev, 0xFCF0); 1227 1228 if (btrtl_dev->ic_info) 1229 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info; 1230 1231 return btrtl_dev; 1232 1233 err_free: 1234 btrtl_free(btrtl_dev); 1235 err_alloc: 1236 return ERR_PTR(ret); 1237 } 1238 EXPORT_SYMBOL_GPL(btrtl_initialize); 1239 1240 int btrtl_download_firmware(struct hci_dev *hdev, 1241 struct btrtl_device_info *btrtl_dev) 1242 { 1243 int err = 0; 1244 1245 /* Match a set of subver values that correspond to stock firmware, 1246 * which is not compatible with standard btusb. 1247 * If matched, upload an alternative firmware that does conform to 1248 * standard btusb. Once that firmware is uploaded, the subver changes 1249 * to a different value. 1250 */ 1251 if (!btrtl_dev->ic_info) { 1252 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1253 err = 0; 1254 goto done; 1255 } 1256 1257 switch (btrtl_dev->ic_info->lmp_subver) { 1258 case RTL_ROM_LMP_8723A: 1259 err = btrtl_setup_rtl8723a(hdev, btrtl_dev); 1260 break; 1261 case RTL_ROM_LMP_8723B: 1262 case RTL_ROM_LMP_8821A: 1263 case RTL_ROM_LMP_8761A: 1264 case RTL_ROM_LMP_8822B: 1265 case RTL_ROM_LMP_8852A: 1266 case RTL_ROM_LMP_8703B: 1267 case RTL_ROM_LMP_8851B: 1268 case RTL_ROM_LMP_8922A: 1269 err = btrtl_setup_rtl8723b(hdev, btrtl_dev); 1270 break; 1271 default: 1272 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1273 break; 1274 } 1275 1276 done: 1277 btrtl_register_devcoredump_support(hdev); 1278 1279 return err; 1280 } 1281 EXPORT_SYMBOL_GPL(btrtl_download_firmware); 1282 1283 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) 1284 { 1285 /* Enable controller to do both LE scan and BR/EDR inquiry 1286 * simultaneously. 1287 */ 1288 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1289 1290 /* Enable central-peripheral role (able to create new connections with 1291 * an existing connection in slave role). 1292 */ 1293 /* Enable WBS supported for the specific Realtek devices. */ 1294 switch (btrtl_dev->project_id) { 1295 case CHIP_ID_8822C: 1296 case CHIP_ID_8852A: 1297 case CHIP_ID_8852B: 1298 case CHIP_ID_8852C: 1299 case CHIP_ID_8851B: 1300 case CHIP_ID_8922A: 1301 case CHIP_ID_8852BT: 1302 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 1303 1304 /* RTL8852C needs to transmit mSBC data continuously without 1305 * the zero length of USB packets for the ALT 6 supported chips 1306 */ 1307 if (btrtl_dev->project_id == CHIP_ID_8852C) 1308 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP); 1309 1310 if (btrtl_dev->project_id == CHIP_ID_8852A || 1311 btrtl_dev->project_id == CHIP_ID_8852B || 1312 btrtl_dev->project_id == CHIP_ID_8852C) 1313 set_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks); 1314 1315 hci_set_aosp_capable(hdev); 1316 break; 1317 default: 1318 rtl_dev_dbg(hdev, "Central-peripheral role not enabled."); 1319 rtl_dev_dbg(hdev, "WBS supported not enabled."); 1320 break; 1321 } 1322 1323 if (!btrtl_dev->ic_info) 1324 return; 1325 1326 switch (btrtl_dev->ic_info->lmp_subver) { 1327 case RTL_ROM_LMP_8703B: 1328 /* 8723CS reports two pages for local ext features, 1329 * but it doesn't support any features from page 2 - 1330 * it either responds with garbage or with error status 1331 */ 1332 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2, 1333 &hdev->quirks); 1334 break; 1335 default: 1336 break; 1337 } 1338 } 1339 EXPORT_SYMBOL_GPL(btrtl_set_quirks); 1340 1341 int btrtl_setup_realtek(struct hci_dev *hdev) 1342 { 1343 struct btrtl_device_info *btrtl_dev; 1344 int ret; 1345 1346 btrtl_dev = btrtl_initialize(hdev, NULL); 1347 if (IS_ERR(btrtl_dev)) 1348 return PTR_ERR(btrtl_dev); 1349 1350 ret = btrtl_download_firmware(hdev, btrtl_dev); 1351 1352 btrtl_set_quirks(hdev, btrtl_dev); 1353 1354 hci_set_hw_info(hdev, 1355 "RTL lmp_subver=%u hci_rev=%u hci_ver=%u hci_bus=%u", 1356 btrtl_dev->ic_info->lmp_subver, 1357 btrtl_dev->ic_info->hci_rev, 1358 btrtl_dev->ic_info->hci_ver, 1359 btrtl_dev->ic_info->hci_bus); 1360 1361 btrtl_free(btrtl_dev); 1362 return ret; 1363 } 1364 EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 1365 1366 int btrtl_shutdown_realtek(struct hci_dev *hdev) 1367 { 1368 struct sk_buff *skb; 1369 int ret; 1370 1371 /* According to the vendor driver, BT must be reset on close to avoid 1372 * firmware crash. 1373 */ 1374 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1375 if (IS_ERR(skb)) { 1376 ret = PTR_ERR(skb); 1377 bt_dev_err(hdev, "HCI reset during shutdown failed"); 1378 return ret; 1379 } 1380 kfree_skb(skb); 1381 1382 return 0; 1383 } 1384 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); 1385 1386 static unsigned int btrtl_convert_baudrate(u32 device_baudrate) 1387 { 1388 switch (device_baudrate) { 1389 case 0x0252a00a: 1390 return 230400; 1391 1392 case 0x05f75004: 1393 return 921600; 1394 1395 case 0x00005004: 1396 return 1000000; 1397 1398 case 0x04928002: 1399 case 0x01128002: 1400 return 1500000; 1401 1402 case 0x00005002: 1403 return 2000000; 1404 1405 case 0x0000b001: 1406 return 2500000; 1407 1408 case 0x04928001: 1409 return 3000000; 1410 1411 case 0x052a6001: 1412 return 3500000; 1413 1414 case 0x00005001: 1415 return 4000000; 1416 1417 case 0x0252c014: 1418 default: 1419 return 115200; 1420 } 1421 } 1422 1423 int btrtl_get_uart_settings(struct hci_dev *hdev, 1424 struct btrtl_device_info *btrtl_dev, 1425 unsigned int *controller_baudrate, 1426 u32 *device_baudrate, bool *flow_control) 1427 { 1428 struct rtl_vendor_config *config; 1429 struct rtl_vendor_config_entry *entry; 1430 int i, total_data_len; 1431 bool found = false; 1432 1433 total_data_len = btrtl_dev->cfg_len - sizeof(*config); 1434 if (total_data_len <= 0) { 1435 rtl_dev_warn(hdev, "no config loaded"); 1436 return -EINVAL; 1437 } 1438 1439 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; 1440 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { 1441 rtl_dev_err(hdev, "invalid config magic"); 1442 return -EINVAL; 1443 } 1444 1445 if (total_data_len < le16_to_cpu(config->total_len)) { 1446 rtl_dev_err(hdev, "config is too short"); 1447 return -EINVAL; 1448 } 1449 1450 for (i = 0; i < total_data_len; ) { 1451 entry = ((void *)config->entry) + i; 1452 1453 switch (le16_to_cpu(entry->offset)) { 1454 case 0xc: 1455 if (entry->len < sizeof(*device_baudrate)) { 1456 rtl_dev_err(hdev, "invalid UART config entry"); 1457 return -EINVAL; 1458 } 1459 1460 *device_baudrate = get_unaligned_le32(entry->data); 1461 *controller_baudrate = btrtl_convert_baudrate( 1462 *device_baudrate); 1463 1464 if (entry->len >= 13) 1465 *flow_control = !!(entry->data[12] & BIT(2)); 1466 else 1467 *flow_control = false; 1468 1469 found = true; 1470 break; 1471 1472 default: 1473 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", 1474 le16_to_cpu(entry->offset), entry->len); 1475 break; 1476 } 1477 1478 i += sizeof(*entry) + entry->len; 1479 } 1480 1481 if (!found) { 1482 rtl_dev_err(hdev, "no UART config entry found"); 1483 return -ENOENT; 1484 } 1485 1486 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); 1487 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); 1488 rtl_dev_dbg(hdev, "flow control %d", *flow_control); 1489 1490 return 0; 1491 } 1492 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); 1493 1494 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 1495 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 1496 MODULE_VERSION(VERSION); 1497 MODULE_LICENSE("GPL"); 1498 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); 1499 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); 1500 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); 1501 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); 1502 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); 1503 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin"); 1504 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin"); 1505 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin"); 1506 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin"); 1507 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin"); 1508 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin"); 1509 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin"); 1510 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin"); 1511 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); 1512 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); 1513 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); 1514 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); 1515 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin"); 1516 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin"); 1517 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin"); 1518 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin"); 1519 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 1520 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 1521 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin"); 1522 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin"); 1523 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin"); 1524 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin"); 1525 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); 1526 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); 1527 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin"); 1528 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin"); 1529 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin"); 1530 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin"); 1531 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin"); 1532 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin"); 1533 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); 1534 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); 1535 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin"); 1536 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin"); 1537 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); 1538 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); 1539 MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin"); 1540 MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin"); 1541 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); 1542 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin"); 1543 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin"); 1544 MODULE_FIRMWARE("rtl_bt/rtl8922au_fw.bin"); 1545 MODULE_FIRMWARE("rtl_bt/rtl8922au_config.bin"); 1546