1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Bluetooth support for Realtek devices 4 * 5 * Copyright (C) 2015 Endless Mobile, Inc. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/firmware.h> 10 #include <linux/unaligned.h> 11 #include <linux/usb.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 16 #include "btrtl.h" 17 18 #define VERSION "0.1" 19 20 #define RTL_CHIP_8723CS_CG 3 21 #define RTL_CHIP_8723CS_VF 4 22 #define RTL_CHIP_8723CS_XX 5 23 #define RTL_EPATCH_SIGNATURE "Realtech" 24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore" 25 #define RTL_ROM_LMP_8703B 0x8703 26 #define RTL_ROM_LMP_8723A 0x1200 27 #define RTL_ROM_LMP_8723B 0x8723 28 #define RTL_ROM_LMP_8821A 0x8821 29 #define RTL_ROM_LMP_8761A 0x8761 30 #define RTL_ROM_LMP_8822B 0x8822 31 #define RTL_ROM_LMP_8852A 0x8852 32 #define RTL_ROM_LMP_8851B 0x8851 33 #define RTL_ROM_LMP_8922A 0x8922 34 #define RTL_CONFIG_MAGIC 0x8723ab55 35 36 #define RTL_VSC_OP_COREDUMP 0xfcff 37 38 #define IC_MATCH_FL_LMPSUBV (1 << 0) 39 #define IC_MATCH_FL_HCIREV (1 << 1) 40 #define IC_MATCH_FL_HCIVER (1 << 2) 41 #define IC_MATCH_FL_HCIBUS (1 << 3) 42 #define IC_MATCH_FL_CHIP_TYPE (1 << 4) 43 #define IC_INFO(lmps, hcir, hciv, bus) \ 44 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ 45 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ 46 .lmp_subver = (lmps), \ 47 .hci_rev = (hcir), \ 48 .hci_ver = (hciv), \ 49 .hci_bus = (bus) 50 51 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}}) 52 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}}) 53 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}}) 54 55 #define RTL_PATCH_SNIPPETS 0x01 56 #define RTL_PATCH_DUMMY_HEADER 0x02 57 #define RTL_PATCH_SECURITY_HEADER 0x03 58 59 enum btrtl_chip_id { 60 CHIP_ID_8723A, 61 CHIP_ID_8723B, 62 CHIP_ID_8821A, 63 CHIP_ID_8761A, 64 CHIP_ID_8822B = 8, 65 CHIP_ID_8723D, 66 CHIP_ID_8821C, 67 CHIP_ID_8822C = 13, 68 CHIP_ID_8761B, 69 CHIP_ID_8852A = 18, 70 CHIP_ID_8852B = 20, 71 CHIP_ID_8852C = 25, 72 CHIP_ID_8851B = 36, 73 CHIP_ID_8922A = 44, 74 CHIP_ID_8852BT = 47, 75 }; 76 77 struct id_table { 78 __u16 match_flags; 79 __u16 lmp_subver; 80 __u16 hci_rev; 81 __u8 hci_ver; 82 __u8 hci_bus; 83 __u8 chip_type; 84 bool config_needed; 85 bool has_rom_version; 86 bool has_msft_ext; 87 char *fw_name; 88 char *cfg_name; 89 char *hw_info; 90 }; 91 92 struct btrtl_device_info { 93 const struct id_table *ic_info; 94 u8 rom_version; 95 u8 *fw_data; 96 int fw_len; 97 u8 *cfg_data; 98 int cfg_len; 99 bool drop_fw; 100 int project_id; 101 u8 key_id; 102 struct list_head patch_subsecs; 103 }; 104 105 static const struct id_table ic_id_table[] = { 106 /* 8723A */ 107 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), 108 .config_needed = false, 109 .has_rom_version = false, 110 .fw_name = "rtl_bt/rtl8723a_fw", 111 .cfg_name = NULL, 112 .hw_info = "rtl8723au" }, 113 114 /* 8723BS */ 115 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), 116 .config_needed = true, 117 .has_rom_version = true, 118 .fw_name = "rtl_bt/rtl8723bs_fw", 119 .cfg_name = "rtl_bt/rtl8723bs_config", 120 .hw_info = "rtl8723bs" }, 121 122 /* 8723B */ 123 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), 124 .config_needed = false, 125 .has_rom_version = true, 126 .fw_name = "rtl_bt/rtl8723b_fw", 127 .cfg_name = "rtl_bt/rtl8723b_config", 128 .hw_info = "rtl8723bu" }, 129 130 /* 8723CS-CG */ 131 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 132 IC_MATCH_FL_HCIBUS, 133 .lmp_subver = RTL_ROM_LMP_8703B, 134 .chip_type = RTL_CHIP_8723CS_CG, 135 .hci_bus = HCI_UART, 136 .config_needed = true, 137 .has_rom_version = true, 138 .fw_name = "rtl_bt/rtl8723cs_cg_fw", 139 .cfg_name = "rtl_bt/rtl8723cs_cg_config", 140 .hw_info = "rtl8723cs-cg" }, 141 142 /* 8723CS-VF */ 143 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 144 IC_MATCH_FL_HCIBUS, 145 .lmp_subver = RTL_ROM_LMP_8703B, 146 .chip_type = RTL_CHIP_8723CS_VF, 147 .hci_bus = HCI_UART, 148 .config_needed = true, 149 .has_rom_version = true, 150 .fw_name = "rtl_bt/rtl8723cs_vf_fw", 151 .cfg_name = "rtl_bt/rtl8723cs_vf_config", 152 .hw_info = "rtl8723cs-vf" }, 153 154 /* 8723CS-XX */ 155 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 156 IC_MATCH_FL_HCIBUS, 157 .lmp_subver = RTL_ROM_LMP_8703B, 158 .chip_type = RTL_CHIP_8723CS_XX, 159 .hci_bus = HCI_UART, 160 .config_needed = true, 161 .has_rom_version = true, 162 .fw_name = "rtl_bt/rtl8723cs_xx_fw", 163 .cfg_name = "rtl_bt/rtl8723cs_xx_config", 164 .hw_info = "rtl8723cs" }, 165 166 /* 8723D */ 167 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), 168 .config_needed = true, 169 .has_rom_version = true, 170 .fw_name = "rtl_bt/rtl8723d_fw", 171 .cfg_name = "rtl_bt/rtl8723d_config", 172 .hw_info = "rtl8723du" }, 173 174 /* 8723DS */ 175 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), 176 .config_needed = true, 177 .has_rom_version = true, 178 .fw_name = "rtl_bt/rtl8723ds_fw", 179 .cfg_name = "rtl_bt/rtl8723ds_config", 180 .hw_info = "rtl8723ds" }, 181 182 /* 8821A */ 183 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), 184 .config_needed = false, 185 .has_rom_version = true, 186 .fw_name = "rtl_bt/rtl8821a_fw", 187 .cfg_name = "rtl_bt/rtl8821a_config", 188 .hw_info = "rtl8821au" }, 189 190 /* 8821C */ 191 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), 192 .config_needed = false, 193 .has_rom_version = true, 194 .has_msft_ext = true, 195 .fw_name = "rtl_bt/rtl8821c_fw", 196 .cfg_name = "rtl_bt/rtl8821c_config", 197 .hw_info = "rtl8821cu" }, 198 199 /* 8821CS */ 200 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART), 201 .config_needed = true, 202 .has_rom_version = true, 203 .has_msft_ext = true, 204 .fw_name = "rtl_bt/rtl8821cs_fw", 205 .cfg_name = "rtl_bt/rtl8821cs_config", 206 .hw_info = "rtl8821cs" }, 207 208 /* 8761A */ 209 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), 210 .config_needed = false, 211 .has_rom_version = true, 212 .fw_name = "rtl_bt/rtl8761a_fw", 213 .cfg_name = "rtl_bt/rtl8761a_config", 214 .hw_info = "rtl8761au" }, 215 216 /* 8761B */ 217 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART), 218 .config_needed = false, 219 .has_rom_version = true, 220 .has_msft_ext = true, 221 .fw_name = "rtl_bt/rtl8761b_fw", 222 .cfg_name = "rtl_bt/rtl8761b_config", 223 .hw_info = "rtl8761btv" }, 224 225 /* 8761BU */ 226 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), 227 .config_needed = false, 228 .has_rom_version = true, 229 .fw_name = "rtl_bt/rtl8761bu_fw", 230 .cfg_name = "rtl_bt/rtl8761bu_config", 231 .hw_info = "rtl8761bu" }, 232 233 /* 8822C with UART interface */ 234 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 235 .config_needed = true, 236 .has_rom_version = true, 237 .has_msft_ext = true, 238 .fw_name = "rtl_bt/rtl8822cs_fw", 239 .cfg_name = "rtl_bt/rtl8822cs_config", 240 .hw_info = "rtl8822cs" }, 241 242 /* 8822C with UART interface */ 243 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), 244 .config_needed = true, 245 .has_rom_version = true, 246 .has_msft_ext = true, 247 .fw_name = "rtl_bt/rtl8822cs_fw", 248 .cfg_name = "rtl_bt/rtl8822cs_config", 249 .hw_info = "rtl8822cs" }, 250 251 /* 8822C with USB interface */ 252 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), 253 .config_needed = false, 254 .has_rom_version = true, 255 .has_msft_ext = true, 256 .fw_name = "rtl_bt/rtl8822cu_fw", 257 .cfg_name = "rtl_bt/rtl8822cu_config", 258 .hw_info = "rtl8822cu" }, 259 260 /* 8822B */ 261 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), 262 .config_needed = true, 263 .has_rom_version = true, 264 .has_msft_ext = true, 265 .fw_name = "rtl_bt/rtl8822b_fw", 266 .cfg_name = "rtl_bt/rtl8822b_config", 267 .hw_info = "rtl8822bu" }, 268 269 /* 8852A */ 270 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), 271 .config_needed = false, 272 .has_rom_version = true, 273 .has_msft_ext = true, 274 .fw_name = "rtl_bt/rtl8852au_fw", 275 .cfg_name = "rtl_bt/rtl8852au_config", 276 .hw_info = "rtl8852au" }, 277 278 /* 8852B with UART interface */ 279 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART), 280 .config_needed = true, 281 .has_rom_version = true, 282 .has_msft_ext = true, 283 .fw_name = "rtl_bt/rtl8852bs_fw", 284 .cfg_name = "rtl_bt/rtl8852bs_config", 285 .hw_info = "rtl8852bs" }, 286 287 /* 8852B */ 288 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB), 289 .config_needed = false, 290 .has_rom_version = true, 291 .has_msft_ext = true, 292 .fw_name = "rtl_bt/rtl8852bu_fw", 293 .cfg_name = "rtl_bt/rtl8852bu_config", 294 .hw_info = "rtl8852bu" }, 295 296 /* 8852C */ 297 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB), 298 .config_needed = false, 299 .has_rom_version = true, 300 .has_msft_ext = true, 301 .fw_name = "rtl_bt/rtl8852cu_fw", 302 .cfg_name = "rtl_bt/rtl8852cu_config", 303 .hw_info = "rtl8852cu" }, 304 305 /* 8851B */ 306 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB), 307 .config_needed = false, 308 .has_rom_version = true, 309 .has_msft_ext = false, 310 .fw_name = "rtl_bt/rtl8851bu_fw", 311 .cfg_name = "rtl_bt/rtl8851bu_config", 312 .hw_info = "rtl8851bu" }, 313 314 /* 8922A */ 315 { IC_INFO(RTL_ROM_LMP_8922A, 0xa, 0xc, HCI_USB), 316 .config_needed = false, 317 .has_rom_version = true, 318 .has_msft_ext = true, 319 .fw_name = "rtl_bt/rtl8922au_fw", 320 .cfg_name = "rtl_bt/rtl8922au_config", 321 .hw_info = "rtl8922au" }, 322 323 /* 8852BT/8852BE-VT */ 324 { IC_INFO(RTL_ROM_LMP_8852A, 0x87, 0xc, HCI_USB), 325 .config_needed = false, 326 .has_rom_version = true, 327 .has_msft_ext = true, 328 .fw_name = "rtl_bt/rtl8852btu_fw", 329 .cfg_name = "rtl_bt/rtl8852btu_config", 330 .hw_info = "rtl8852btu" }, 331 }; 332 333 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, 334 u8 hci_ver, u8 hci_bus, 335 u8 chip_type) 336 { 337 int i; 338 339 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 340 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && 341 (ic_id_table[i].lmp_subver != lmp_subver)) 342 continue; 343 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && 344 (ic_id_table[i].hci_rev != hci_rev)) 345 continue; 346 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 347 (ic_id_table[i].hci_ver != hci_ver)) 348 continue; 349 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 350 (ic_id_table[i].hci_bus != hci_bus)) 351 continue; 352 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) && 353 (ic_id_table[i].chip_type != chip_type)) 354 continue; 355 356 break; 357 } 358 if (i >= ARRAY_SIZE(ic_id_table)) 359 return NULL; 360 361 return &ic_id_table[i]; 362 } 363 364 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) 365 { 366 struct sk_buff *skb; 367 368 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 369 HCI_INIT_TIMEOUT); 370 if (IS_ERR(skb)) { 371 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", 372 PTR_ERR(skb)); 373 return skb; 374 } 375 376 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 377 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); 378 kfree_skb(skb); 379 return ERR_PTR(-EIO); 380 } 381 382 return skb; 383 } 384 385 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 386 { 387 struct rtl_rom_version_evt *rom_version; 388 struct sk_buff *skb; 389 390 /* Read RTL ROM version command */ 391 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 392 if (IS_ERR(skb)) { 393 rtl_dev_err(hdev, "Read ROM version failed (%ld)", 394 PTR_ERR(skb)); 395 return PTR_ERR(skb); 396 } 397 398 if (skb->len != sizeof(*rom_version)) { 399 rtl_dev_err(hdev, "version event length mismatch"); 400 kfree_skb(skb); 401 return -EIO; 402 } 403 404 rom_version = (struct rtl_rom_version_evt *)skb->data; 405 rtl_dev_info(hdev, "rom_version status=%x version=%x", 406 rom_version->status, rom_version->version); 407 408 *version = rom_version->version; 409 410 kfree_skb(skb); 411 return 0; 412 } 413 414 static int btrtl_vendor_read_reg16(struct hci_dev *hdev, 415 struct rtl_vendor_cmd *cmd, u8 *rp) 416 { 417 struct sk_buff *skb; 418 int err = 0; 419 420 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd, 421 HCI_INIT_TIMEOUT); 422 if (IS_ERR(skb)) { 423 err = PTR_ERR(skb); 424 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err); 425 return err; 426 } 427 428 if (skb->len != 3 || skb->data[0]) { 429 bt_dev_err(hdev, "RTL: Read reg16 length mismatch"); 430 kfree_skb(skb); 431 return -EIO; 432 } 433 434 if (rp) 435 memcpy(rp, skb->data + 1, 2); 436 437 kfree_skb(skb); 438 439 return 0; 440 } 441 442 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) 443 { 444 void *data = iov->data; 445 446 if (iov->len < len) 447 return NULL; 448 449 iov->data += len; 450 iov->len -= len; 451 452 return data; 453 } 454 455 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node, 456 struct btrtl_device_info *btrtl_dev) 457 { 458 struct list_head *pos; 459 struct list_head *next; 460 struct rtl_subsection *subsec; 461 462 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) { 463 subsec = list_entry(pos, struct rtl_subsection, list); 464 if (subsec->prio >= node->prio) 465 break; 466 } 467 __list_add(&node->list, pos->prev, pos); 468 } 469 470 static int btrtl_parse_section(struct hci_dev *hdev, 471 struct btrtl_device_info *btrtl_dev, u32 opcode, 472 u8 *data, u32 len) 473 { 474 struct rtl_section_hdr *hdr; 475 struct rtl_subsection *subsec; 476 struct rtl_common_subsec *common_subsec; 477 struct rtl_sec_hdr *sec_hdr; 478 int i; 479 u8 *ptr; 480 u16 num_subsecs; 481 u32 subsec_len; 482 int rc = 0; 483 struct rtl_iovec iov = { 484 .data = data, 485 .len = len, 486 }; 487 488 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 489 if (!hdr) 490 return -EINVAL; 491 num_subsecs = le16_to_cpu(hdr->num); 492 493 for (i = 0; i < num_subsecs; i++) { 494 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec)); 495 if (!common_subsec) 496 break; 497 subsec_len = le32_to_cpu(common_subsec->len); 498 499 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x", 500 common_subsec->eco, subsec_len); 501 502 ptr = rtl_iov_pull_data(&iov, subsec_len); 503 if (!ptr) 504 break; 505 506 if (common_subsec->eco != btrtl_dev->rom_version + 1) 507 continue; 508 509 switch (opcode) { 510 case RTL_PATCH_SECURITY_HEADER: 511 sec_hdr = (void *)common_subsec; 512 if (sec_hdr->key_id != btrtl_dev->key_id) 513 continue; 514 break; 515 } 516 517 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL); 518 if (!subsec) 519 return -ENOMEM; 520 subsec->opcode = opcode; 521 subsec->prio = common_subsec->prio; 522 subsec->len = subsec_len; 523 subsec->data = ptr; 524 btrtl_insert_ordered_subsec(subsec, btrtl_dev); 525 rc += subsec_len; 526 } 527 528 return rc; 529 } 530 531 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev, 532 struct btrtl_device_info *btrtl_dev, 533 unsigned char **_buf) 534 { 535 struct rtl_epatch_header_v2 *hdr; 536 int rc; 537 u8 reg_val[2]; 538 u8 key_id; 539 u32 num_sections; 540 struct rtl_section *section; 541 struct rtl_subsection *entry, *tmp; 542 u32 section_len; 543 u32 opcode; 544 int len = 0; 545 int i; 546 u8 *ptr; 547 struct rtl_iovec iov = { 548 .data = btrtl_dev->fw_data, 549 .len = btrtl_dev->fw_len - 7, /* Cut the tail */ 550 }; 551 552 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val); 553 if (rc < 0) 554 return -EIO; 555 key_id = reg_val[0]; 556 557 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id); 558 559 btrtl_dev->key_id = key_id; 560 561 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 562 if (!hdr) 563 return -EINVAL; 564 num_sections = le32_to_cpu(hdr->num_sections); 565 566 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version), 567 *((u32 *)(hdr->fw_version + 4))); 568 569 for (i = 0; i < num_sections; i++) { 570 section = rtl_iov_pull_data(&iov, sizeof(*section)); 571 if (!section) 572 break; 573 section_len = le32_to_cpu(section->len); 574 opcode = le32_to_cpu(section->opcode); 575 576 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode); 577 578 ptr = rtl_iov_pull_data(&iov, section_len); 579 if (!ptr) 580 break; 581 582 switch (opcode) { 583 case RTL_PATCH_SNIPPETS: 584 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 585 ptr, section_len); 586 break; 587 case RTL_PATCH_SECURITY_HEADER: 588 /* If key_id from chip is zero, ignore all security 589 * headers. 590 */ 591 if (!key_id) 592 break; 593 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 594 ptr, section_len); 595 break; 596 case RTL_PATCH_DUMMY_HEADER: 597 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 598 ptr, section_len); 599 break; 600 default: 601 rc = 0; 602 break; 603 } 604 if (rc < 0) { 605 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d", 606 opcode, rc); 607 return rc; 608 } 609 len += rc; 610 } 611 612 if (!len) 613 return -ENODATA; 614 615 /* Allocate mem and copy all found subsecs. */ 616 ptr = kvmalloc(len, GFP_KERNEL); 617 if (!ptr) 618 return -ENOMEM; 619 620 len = 0; 621 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 622 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x", 623 entry->opcode, entry->data, entry->len); 624 memcpy(ptr + len, entry->data, entry->len); 625 len += entry->len; 626 } 627 628 if (!len) { 629 kvfree(ptr); 630 return -EPERM; 631 } 632 633 *_buf = ptr; 634 return len; 635 } 636 637 static int rtlbt_parse_firmware(struct hci_dev *hdev, 638 struct btrtl_device_info *btrtl_dev, 639 unsigned char **_buf) 640 { 641 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 642 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 643 struct rtl_epatch_header *epatch_info; 644 unsigned char *buf; 645 int i, len; 646 size_t min_size; 647 u8 opcode, length, data; 648 int project_id = -1; 649 const unsigned char *fwptr, *chip_id_base; 650 const unsigned char *patch_length_base, *patch_offset_base; 651 u32 patch_offset = 0; 652 u16 patch_length, num_patches; 653 static const struct { 654 __u16 lmp_subver; 655 __u8 id; 656 } project_id_to_lmp_subver[] = { 657 { RTL_ROM_LMP_8723A, 0 }, 658 { RTL_ROM_LMP_8723B, 1 }, 659 { RTL_ROM_LMP_8821A, 2 }, 660 { RTL_ROM_LMP_8761A, 3 }, 661 { RTL_ROM_LMP_8703B, 7 }, 662 { RTL_ROM_LMP_8822B, 8 }, 663 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ 664 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 665 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ 666 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ 667 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ 668 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */ 669 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */ 670 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */ 671 { RTL_ROM_LMP_8922A, 44 }, /* 8922A */ 672 { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */ 673 }; 674 675 if (btrtl_dev->fw_len <= 8) 676 return -EINVAL; 677 678 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) 679 min_size = sizeof(struct rtl_epatch_header) + 680 sizeof(extension_sig) + 3; 681 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 682 min_size = sizeof(struct rtl_epatch_header_v2) + 683 sizeof(extension_sig) + 3; 684 else 685 return -EINVAL; 686 687 if (btrtl_dev->fw_len < min_size) 688 return -EINVAL; 689 690 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); 691 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 692 rtl_dev_err(hdev, "extension section signature mismatch"); 693 return -EINVAL; 694 } 695 696 /* Loop from the end of the firmware parsing instructions, until 697 * we find an instruction that identifies the "project ID" for the 698 * hardware supported by this firmware file. 699 * Once we have that, we double-check that project_id is suitable 700 * for the hardware we are working with. 701 */ 702 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { 703 opcode = *--fwptr; 704 length = *--fwptr; 705 data = *--fwptr; 706 707 BT_DBG("check op=%x len=%x data=%x", opcode, length, data); 708 709 if (opcode == 0xff) /* EOF */ 710 break; 711 712 if (length == 0) { 713 rtl_dev_err(hdev, "found instruction with length 0"); 714 return -EINVAL; 715 } 716 717 if (opcode == 0 && length == 1) { 718 project_id = data; 719 break; 720 } 721 722 fwptr -= length; 723 } 724 725 if (project_id < 0) { 726 rtl_dev_err(hdev, "failed to find version instruction"); 727 return -EINVAL; 728 } 729 730 /* Find project_id in table */ 731 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { 732 if (project_id == project_id_to_lmp_subver[i].id) { 733 btrtl_dev->project_id = project_id; 734 break; 735 } 736 } 737 738 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 739 rtl_dev_err(hdev, "unknown project id %d", project_id); 740 return -EINVAL; 741 } 742 743 if (btrtl_dev->ic_info->lmp_subver != 744 project_id_to_lmp_subver[i].lmp_subver) { 745 rtl_dev_err(hdev, "firmware is for %x but this is a %x", 746 project_id_to_lmp_subver[i].lmp_subver, 747 btrtl_dev->ic_info->lmp_subver); 748 return -EINVAL; 749 } 750 751 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) { 752 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 753 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf); 754 rtl_dev_err(hdev, "bad EPATCH signature"); 755 return -EINVAL; 756 } 757 758 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; 759 num_patches = le16_to_cpu(epatch_info->num_patches); 760 761 BT_DBG("fw_version=%x, num_patches=%d", 762 le32_to_cpu(epatch_info->fw_version), num_patches); 763 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version); 764 765 /* After the rtl_epatch_header there is a funky patch metadata section. 766 * Assuming 2 patches, the layout is: 767 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 768 * 769 * Find the right patch for this chip. 770 */ 771 min_size += 8 * num_patches; 772 if (btrtl_dev->fw_len < min_size) 773 return -EINVAL; 774 775 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); 776 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 777 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 778 for (i = 0; i < num_patches; i++) { 779 u16 chip_id = get_unaligned_le16(chip_id_base + 780 (i * sizeof(u16))); 781 if (chip_id == btrtl_dev->rom_version + 1) { 782 patch_length = get_unaligned_le16(patch_length_base + 783 (i * sizeof(u16))); 784 patch_offset = get_unaligned_le32(patch_offset_base + 785 (i * sizeof(u32))); 786 break; 787 } 788 } 789 790 if (!patch_offset) { 791 rtl_dev_err(hdev, "didn't find patch for chip id %d", 792 btrtl_dev->rom_version); 793 return -EINVAL; 794 } 795 796 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 797 min_size = patch_offset + patch_length; 798 if (btrtl_dev->fw_len < min_size) 799 return -EINVAL; 800 801 /* Copy the firmware into a new buffer and write the version at 802 * the end. 803 */ 804 len = patch_length; 805 buf = kvmalloc(patch_length, GFP_KERNEL); 806 if (!buf) 807 return -ENOMEM; 808 809 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); 810 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); 811 812 *_buf = buf; 813 return len; 814 } 815 816 static int rtl_download_firmware(struct hci_dev *hdev, 817 const unsigned char *data, int fw_len) 818 { 819 struct rtl_download_cmd *dl_cmd; 820 int frag_num = fw_len / RTL_FRAG_LEN + 1; 821 int frag_len = RTL_FRAG_LEN; 822 int ret = 0; 823 int i; 824 int j = 0; 825 struct sk_buff *skb; 826 struct hci_rp_read_local_version *rp; 827 828 dl_cmd = kmalloc(sizeof(*dl_cmd), GFP_KERNEL); 829 if (!dl_cmd) 830 return -ENOMEM; 831 832 for (i = 0; i < frag_num; i++) { 833 struct sk_buff *skb; 834 835 dl_cmd->index = j++; 836 if (dl_cmd->index == 0x7f) 837 j = 1; 838 839 if (i == (frag_num - 1)) { 840 dl_cmd->index |= 0x80; /* data end */ 841 frag_len = fw_len % RTL_FRAG_LEN; 842 } 843 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i, 844 frag_num, dl_cmd->index); 845 memcpy(dl_cmd->data, data, frag_len); 846 847 /* Send download command */ 848 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 849 HCI_INIT_TIMEOUT); 850 if (IS_ERR(skb)) { 851 rtl_dev_err(hdev, "download fw command failed (%ld)", 852 PTR_ERR(skb)); 853 ret = PTR_ERR(skb); 854 goto out; 855 } 856 857 if (skb->len != sizeof(struct rtl_download_response)) { 858 rtl_dev_err(hdev, "download fw event length mismatch"); 859 kfree_skb(skb); 860 ret = -EIO; 861 goto out; 862 } 863 864 kfree_skb(skb); 865 data += RTL_FRAG_LEN; 866 } 867 868 skb = btrtl_read_local_version(hdev); 869 if (IS_ERR(skb)) { 870 ret = PTR_ERR(skb); 871 rtl_dev_err(hdev, "read local version failed"); 872 goto out; 873 } 874 875 rp = (struct hci_rp_read_local_version *)skb->data; 876 rtl_dev_info(hdev, "fw version 0x%04x%04x", 877 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); 878 kfree_skb(skb); 879 880 out: 881 kfree(dl_cmd); 882 return ret; 883 } 884 885 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) 886 { 887 const struct firmware *fw; 888 int ret; 889 890 rtl_dev_info(hdev, "loading %s", name); 891 ret = request_firmware(&fw, name, &hdev->dev); 892 if (ret < 0) 893 return ret; 894 ret = fw->size; 895 *buff = kvmemdup(fw->data, fw->size, GFP_KERNEL); 896 if (!*buff) 897 ret = -ENOMEM; 898 899 release_firmware(fw); 900 901 return ret; 902 } 903 904 static int btrtl_setup_rtl8723a(struct hci_dev *hdev, 905 struct btrtl_device_info *btrtl_dev) 906 { 907 if (btrtl_dev->fw_len < 8) 908 return -EINVAL; 909 910 /* Check that the firmware doesn't have the epatch signature 911 * (which is only for RTL8723B and newer). 912 */ 913 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { 914 rtl_dev_err(hdev, "unexpected EPATCH signature!"); 915 return -EINVAL; 916 } 917 918 return rtl_download_firmware(hdev, btrtl_dev->fw_data, 919 btrtl_dev->fw_len); 920 } 921 922 static int btrtl_setup_rtl8723b(struct hci_dev *hdev, 923 struct btrtl_device_info *btrtl_dev) 924 { 925 unsigned char *fw_data = NULL; 926 int ret; 927 u8 *tbuff; 928 929 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); 930 if (ret < 0) 931 goto out; 932 933 if (btrtl_dev->cfg_len > 0) { 934 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); 935 if (!tbuff) { 936 ret = -ENOMEM; 937 goto out; 938 } 939 940 memcpy(tbuff, fw_data, ret); 941 kvfree(fw_data); 942 943 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); 944 ret += btrtl_dev->cfg_len; 945 946 fw_data = tbuff; 947 } 948 949 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); 950 951 ret = rtl_download_firmware(hdev, fw_data, ret); 952 953 out: 954 kvfree(fw_data); 955 return ret; 956 } 957 958 static void btrtl_coredump(struct hci_dev *hdev) 959 { 960 static const u8 param[] = { 0x00, 0x00 }; 961 962 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param); 963 } 964 965 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb) 966 { 967 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 968 char buf[80]; 969 970 if (coredump_info->rtl_dump.controller) 971 snprintf(buf, sizeof(buf), "Controller Name: %s\n", 972 coredump_info->rtl_dump.controller); 973 else 974 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n"); 975 skb_put_data(skb, buf, strlen(buf)); 976 977 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 978 coredump_info->rtl_dump.fw_version); 979 skb_put_data(skb, buf, strlen(buf)); 980 981 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name); 982 skb_put_data(skb, buf, strlen(buf)); 983 984 snprintf(buf, sizeof(buf), "Vendor: Realtek\n"); 985 skb_put_data(skb, buf, strlen(buf)); 986 } 987 988 static void btrtl_register_devcoredump_support(struct hci_dev *hdev) 989 { 990 hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL); 991 992 } 993 994 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name) 995 { 996 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 997 998 coredump_info->rtl_dump.driver_name = driver_name; 999 } 1000 EXPORT_SYMBOL_GPL(btrtl_set_driver_name); 1001 1002 static bool rtl_has_chip_type(u16 lmp_subver) 1003 { 1004 switch (lmp_subver) { 1005 case RTL_ROM_LMP_8703B: 1006 return true; 1007 default: 1008 break; 1009 } 1010 1011 return false; 1012 } 1013 1014 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type) 1015 { 1016 struct rtl_chip_type_evt *chip_type; 1017 struct sk_buff *skb; 1018 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0}; 1019 1020 /* Read RTL chip type command */ 1021 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT); 1022 if (IS_ERR(skb)) { 1023 rtl_dev_err(hdev, "Read chip type failed (%ld)", 1024 PTR_ERR(skb)); 1025 return PTR_ERR(skb); 1026 } 1027 1028 chip_type = skb_pull_data(skb, sizeof(*chip_type)); 1029 if (!chip_type) { 1030 rtl_dev_err(hdev, "RTL chip type event length mismatch"); 1031 kfree_skb(skb); 1032 return -EIO; 1033 } 1034 1035 rtl_dev_info(hdev, "chip_type status=%x type=%x", 1036 chip_type->status, chip_type->type); 1037 1038 *type = chip_type->type & 0x0f; 1039 1040 kfree_skb(skb); 1041 return 0; 1042 } 1043 1044 void btrtl_free(struct btrtl_device_info *btrtl_dev) 1045 { 1046 struct rtl_subsection *entry, *tmp; 1047 1048 kvfree(btrtl_dev->fw_data); 1049 kvfree(btrtl_dev->cfg_data); 1050 1051 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 1052 list_del(&entry->list); 1053 kfree(entry); 1054 } 1055 1056 kfree(btrtl_dev); 1057 } 1058 EXPORT_SYMBOL_GPL(btrtl_free); 1059 1060 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, 1061 const char *postfix) 1062 { 1063 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 1064 struct btrtl_device_info *btrtl_dev; 1065 struct sk_buff *skb; 1066 struct hci_rp_read_local_version *resp; 1067 struct hci_command_hdr *cmd; 1068 char fw_name[40]; 1069 char cfg_name[40]; 1070 u16 hci_rev, lmp_subver; 1071 u8 hci_ver, lmp_ver, chip_type = 0; 1072 int ret; 1073 u8 reg_val[2]; 1074 1075 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); 1076 if (!btrtl_dev) { 1077 ret = -ENOMEM; 1078 goto err_alloc; 1079 } 1080 1081 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); 1082 1083 check_version: 1084 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val); 1085 if (ret < 0) 1086 goto err_free; 1087 lmp_subver = get_unaligned_le16(reg_val); 1088 1089 if (lmp_subver == RTL_ROM_LMP_8822B) { 1090 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val); 1091 if (ret < 0) 1092 goto err_free; 1093 hci_rev = get_unaligned_le16(reg_val); 1094 1095 /* 8822E */ 1096 if (hci_rev == 0x000e) { 1097 hci_ver = 0x0c; 1098 lmp_ver = 0x0c; 1099 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, 1100 hci_ver, hdev->bus, 1101 chip_type); 1102 goto next; 1103 } 1104 } 1105 1106 skb = btrtl_read_local_version(hdev); 1107 if (IS_ERR(skb)) { 1108 ret = PTR_ERR(skb); 1109 goto err_free; 1110 } 1111 1112 resp = (struct hci_rp_read_local_version *)skb->data; 1113 1114 hci_ver = resp->hci_ver; 1115 hci_rev = le16_to_cpu(resp->hci_rev); 1116 lmp_ver = resp->lmp_ver; 1117 lmp_subver = le16_to_cpu(resp->lmp_subver); 1118 1119 kfree_skb(skb); 1120 1121 if (rtl_has_chip_type(lmp_subver)) { 1122 ret = rtl_read_chip_type(hdev, &chip_type); 1123 if (ret) 1124 goto err_free; 1125 } 1126 1127 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 1128 hdev->bus, chip_type); 1129 1130 next: 1131 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 1132 hci_ver, hci_rev, 1133 lmp_ver, lmp_subver); 1134 1135 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw) 1136 btrtl_dev->drop_fw = true; 1137 else 1138 btrtl_dev->drop_fw = false; 1139 1140 if (btrtl_dev->drop_fw) { 1141 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL); 1142 if (!skb) 1143 goto err_free; 1144 1145 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE); 1146 cmd->opcode = cpu_to_le16(0xfc66); 1147 cmd->plen = 0; 1148 1149 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 1150 1151 ret = hdev->send(hdev, skb); 1152 if (ret < 0) { 1153 bt_dev_err(hdev, "sending frame failed (%d)", ret); 1154 kfree_skb(skb); 1155 goto err_free; 1156 } 1157 1158 /* Ensure the above vendor command is sent to controller and 1159 * process has done. 1160 */ 1161 msleep(200); 1162 1163 goto check_version; 1164 } 1165 1166 if (!btrtl_dev->ic_info) { 1167 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", 1168 lmp_subver, hci_rev, hci_ver); 1169 return btrtl_dev; 1170 } 1171 1172 if (btrtl_dev->ic_info->has_rom_version) { 1173 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); 1174 if (ret) 1175 goto err_free; 1176 } 1177 1178 if (!btrtl_dev->ic_info->fw_name) { 1179 ret = -ENOMEM; 1180 goto err_free; 1181 } 1182 1183 btrtl_dev->fw_len = -EIO; 1184 if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) { 1185 snprintf(fw_name, sizeof(fw_name), "%s_v2.bin", 1186 btrtl_dev->ic_info->fw_name); 1187 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1188 &btrtl_dev->fw_data); 1189 } 1190 1191 if (btrtl_dev->fw_len < 0) { 1192 snprintf(fw_name, sizeof(fw_name), "%s.bin", 1193 btrtl_dev->ic_info->fw_name); 1194 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1195 &btrtl_dev->fw_data); 1196 } 1197 1198 if (btrtl_dev->fw_len < 0) { 1199 rtl_dev_err(hdev, "firmware file %s not found", 1200 btrtl_dev->ic_info->fw_name); 1201 ret = btrtl_dev->fw_len; 1202 goto err_free; 1203 } 1204 1205 if (btrtl_dev->ic_info->cfg_name) { 1206 if (postfix) { 1207 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", 1208 btrtl_dev->ic_info->cfg_name, postfix); 1209 } else { 1210 snprintf(cfg_name, sizeof(cfg_name), "%s.bin", 1211 btrtl_dev->ic_info->cfg_name); 1212 } 1213 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, 1214 &btrtl_dev->cfg_data); 1215 if (btrtl_dev->ic_info->config_needed && 1216 btrtl_dev->cfg_len <= 0) { 1217 rtl_dev_err(hdev, "mandatory config file %s not found", 1218 btrtl_dev->ic_info->cfg_name); 1219 ret = btrtl_dev->cfg_len; 1220 if (!ret) 1221 ret = -EINVAL; 1222 goto err_free; 1223 } 1224 } 1225 1226 /* The following chips supports the Microsoft vendor extension, 1227 * therefore set the corresponding VsMsftOpCode. 1228 */ 1229 if (btrtl_dev->ic_info->has_msft_ext) 1230 hci_set_msft_opcode(hdev, 0xFCF0); 1231 1232 if (btrtl_dev->ic_info) 1233 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info; 1234 1235 return btrtl_dev; 1236 1237 err_free: 1238 btrtl_free(btrtl_dev); 1239 err_alloc: 1240 return ERR_PTR(ret); 1241 } 1242 EXPORT_SYMBOL_GPL(btrtl_initialize); 1243 1244 int btrtl_download_firmware(struct hci_dev *hdev, 1245 struct btrtl_device_info *btrtl_dev) 1246 { 1247 int err = 0; 1248 1249 /* Match a set of subver values that correspond to stock firmware, 1250 * which is not compatible with standard btusb. 1251 * If matched, upload an alternative firmware that does conform to 1252 * standard btusb. Once that firmware is uploaded, the subver changes 1253 * to a different value. 1254 */ 1255 if (!btrtl_dev->ic_info) { 1256 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1257 err = 0; 1258 goto done; 1259 } 1260 1261 switch (btrtl_dev->ic_info->lmp_subver) { 1262 case RTL_ROM_LMP_8723A: 1263 err = btrtl_setup_rtl8723a(hdev, btrtl_dev); 1264 break; 1265 case RTL_ROM_LMP_8723B: 1266 case RTL_ROM_LMP_8821A: 1267 case RTL_ROM_LMP_8761A: 1268 case RTL_ROM_LMP_8822B: 1269 case RTL_ROM_LMP_8852A: 1270 case RTL_ROM_LMP_8703B: 1271 case RTL_ROM_LMP_8851B: 1272 case RTL_ROM_LMP_8922A: 1273 err = btrtl_setup_rtl8723b(hdev, btrtl_dev); 1274 break; 1275 default: 1276 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1277 break; 1278 } 1279 1280 done: 1281 btrtl_register_devcoredump_support(hdev); 1282 1283 return err; 1284 } 1285 EXPORT_SYMBOL_GPL(btrtl_download_firmware); 1286 1287 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) 1288 { 1289 /* Enable controller to do both LE scan and BR/EDR inquiry 1290 * simultaneously. 1291 */ 1292 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 1293 1294 /* Enable central-peripheral role (able to create new connections with 1295 * an existing connection in slave role). 1296 */ 1297 /* Enable WBS supported for the specific Realtek devices. */ 1298 switch (btrtl_dev->project_id) { 1299 case CHIP_ID_8822C: 1300 case CHIP_ID_8852A: 1301 case CHIP_ID_8852B: 1302 case CHIP_ID_8852C: 1303 case CHIP_ID_8851B: 1304 case CHIP_ID_8922A: 1305 case CHIP_ID_8852BT: 1306 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 1307 1308 /* RTL8852C needs to transmit mSBC data continuously without 1309 * the zero length of USB packets for the ALT 6 supported chips 1310 */ 1311 if (btrtl_dev->project_id == CHIP_ID_8852C) 1312 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP); 1313 1314 if (btrtl_dev->project_id == CHIP_ID_8852A || 1315 btrtl_dev->project_id == CHIP_ID_8852B || 1316 btrtl_dev->project_id == CHIP_ID_8852C) 1317 hci_set_quirk(hdev, 1318 HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER); 1319 1320 hci_set_aosp_capable(hdev); 1321 break; 1322 default: 1323 rtl_dev_dbg(hdev, "Central-peripheral role not enabled."); 1324 rtl_dev_dbg(hdev, "WBS supported not enabled."); 1325 break; 1326 } 1327 1328 if (!btrtl_dev->ic_info) 1329 return; 1330 1331 switch (btrtl_dev->ic_info->lmp_subver) { 1332 case RTL_ROM_LMP_8703B: 1333 /* 8723CS reports two pages for local ext features, 1334 * but it doesn't support any features from page 2 - 1335 * it either responds with garbage or with error status 1336 */ 1337 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2); 1338 break; 1339 default: 1340 break; 1341 } 1342 } 1343 EXPORT_SYMBOL_GPL(btrtl_set_quirks); 1344 1345 int btrtl_setup_realtek(struct hci_dev *hdev) 1346 { 1347 struct btrtl_device_info *btrtl_dev; 1348 int ret; 1349 1350 btrtl_dev = btrtl_initialize(hdev, NULL); 1351 if (IS_ERR(btrtl_dev)) 1352 return PTR_ERR(btrtl_dev); 1353 1354 ret = btrtl_download_firmware(hdev, btrtl_dev); 1355 1356 btrtl_set_quirks(hdev, btrtl_dev); 1357 1358 if (btrtl_dev->ic_info) { 1359 hci_set_hw_info(hdev, 1360 "RTL lmp_subver=%u hci_rev=%u hci_ver=%u hci_bus=%u", 1361 btrtl_dev->ic_info->lmp_subver, 1362 btrtl_dev->ic_info->hci_rev, 1363 btrtl_dev->ic_info->hci_ver, 1364 btrtl_dev->ic_info->hci_bus); 1365 } 1366 1367 btrtl_free(btrtl_dev); 1368 return ret; 1369 } 1370 EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 1371 1372 int btrtl_shutdown_realtek(struct hci_dev *hdev) 1373 { 1374 struct sk_buff *skb; 1375 int ret; 1376 1377 /* According to the vendor driver, BT must be reset on close to avoid 1378 * firmware crash. 1379 */ 1380 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_CMD_TIMEOUT); 1381 if (IS_ERR(skb)) { 1382 ret = PTR_ERR(skb); 1383 bt_dev_err(hdev, "HCI reset during shutdown failed"); 1384 return ret; 1385 } 1386 kfree_skb(skb); 1387 1388 return 0; 1389 } 1390 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); 1391 1392 static unsigned int btrtl_convert_baudrate(u32 device_baudrate) 1393 { 1394 switch (device_baudrate) { 1395 case 0x0252a00a: 1396 return 230400; 1397 1398 case 0x05f75004: 1399 return 921600; 1400 1401 case 0x00005004: 1402 return 1000000; 1403 1404 case 0x04928002: 1405 case 0x01128002: 1406 return 1500000; 1407 1408 case 0x00005002: 1409 return 2000000; 1410 1411 case 0x0000b001: 1412 return 2500000; 1413 1414 case 0x04928001: 1415 return 3000000; 1416 1417 case 0x052a6001: 1418 return 3500000; 1419 1420 case 0x00005001: 1421 return 4000000; 1422 1423 case 0x0252c014: 1424 default: 1425 return 115200; 1426 } 1427 } 1428 1429 int btrtl_get_uart_settings(struct hci_dev *hdev, 1430 struct btrtl_device_info *btrtl_dev, 1431 unsigned int *controller_baudrate, 1432 u32 *device_baudrate, bool *flow_control) 1433 { 1434 struct rtl_vendor_config *config; 1435 struct rtl_vendor_config_entry *entry; 1436 int i, total_data_len; 1437 bool found = false; 1438 1439 total_data_len = btrtl_dev->cfg_len - sizeof(*config); 1440 if (total_data_len <= 0) { 1441 rtl_dev_warn(hdev, "no config loaded"); 1442 return -EINVAL; 1443 } 1444 1445 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; 1446 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { 1447 rtl_dev_err(hdev, "invalid config magic"); 1448 return -EINVAL; 1449 } 1450 1451 if (total_data_len < le16_to_cpu(config->total_len)) { 1452 rtl_dev_err(hdev, "config is too short"); 1453 return -EINVAL; 1454 } 1455 1456 for (i = 0; i < total_data_len; ) { 1457 entry = ((void *)config->entry) + i; 1458 1459 switch (le16_to_cpu(entry->offset)) { 1460 case 0xc: 1461 if (entry->len < sizeof(*device_baudrate)) { 1462 rtl_dev_err(hdev, "invalid UART config entry"); 1463 return -EINVAL; 1464 } 1465 1466 *device_baudrate = get_unaligned_le32(entry->data); 1467 *controller_baudrate = btrtl_convert_baudrate( 1468 *device_baudrate); 1469 1470 if (entry->len >= 13) 1471 *flow_control = !!(entry->data[12] & BIT(2)); 1472 else 1473 *flow_control = false; 1474 1475 found = true; 1476 break; 1477 1478 default: 1479 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", 1480 le16_to_cpu(entry->offset), entry->len); 1481 break; 1482 } 1483 1484 i += sizeof(*entry) + entry->len; 1485 } 1486 1487 if (!found) { 1488 rtl_dev_err(hdev, "no UART config entry found"); 1489 return -ENOENT; 1490 } 1491 1492 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); 1493 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); 1494 rtl_dev_dbg(hdev, "flow control %d", *flow_control); 1495 1496 return 0; 1497 } 1498 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); 1499 1500 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 1501 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 1502 MODULE_VERSION(VERSION); 1503 MODULE_LICENSE("GPL"); 1504 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); 1505 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); 1506 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); 1507 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); 1508 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); 1509 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin"); 1510 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin"); 1511 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin"); 1512 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin"); 1513 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin"); 1514 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin"); 1515 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin"); 1516 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin"); 1517 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); 1518 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); 1519 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); 1520 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); 1521 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin"); 1522 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin"); 1523 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin"); 1524 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin"); 1525 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 1526 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 1527 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin"); 1528 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin"); 1529 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin"); 1530 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin"); 1531 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); 1532 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); 1533 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin"); 1534 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin"); 1535 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin"); 1536 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin"); 1537 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin"); 1538 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin"); 1539 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); 1540 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); 1541 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin"); 1542 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin"); 1543 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); 1544 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); 1545 MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin"); 1546 MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin"); 1547 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); 1548 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin"); 1549 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin"); 1550 MODULE_FIRMWARE("rtl_bt/rtl8922au_fw.bin"); 1551 MODULE_FIRMWARE("rtl_bt/rtl8922au_config.bin"); 1552