1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Bluetooth support for Realtek devices 4 * 5 * Copyright (C) 2015 Endless Mobile, Inc. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/firmware.h> 10 #include <asm/unaligned.h> 11 #include <linux/usb.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 16 #include "btrtl.h" 17 18 #define VERSION "0.1" 19 20 #define RTL_CHIP_8723CS_CG 3 21 #define RTL_CHIP_8723CS_VF 4 22 #define RTL_CHIP_8723CS_XX 5 23 #define RTL_EPATCH_SIGNATURE "Realtech" 24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore" 25 #define RTL_ROM_LMP_8703B 0x8703 26 #define RTL_ROM_LMP_8723A 0x1200 27 #define RTL_ROM_LMP_8723B 0x8723 28 #define RTL_ROM_LMP_8821A 0x8821 29 #define RTL_ROM_LMP_8761A 0x8761 30 #define RTL_ROM_LMP_8822B 0x8822 31 #define RTL_ROM_LMP_8852A 0x8852 32 #define RTL_ROM_LMP_8851B 0x8851 33 #define RTL_CONFIG_MAGIC 0x8723ab55 34 35 #define RTL_VSC_OP_COREDUMP 0xfcff 36 37 #define IC_MATCH_FL_LMPSUBV (1 << 0) 38 #define IC_MATCH_FL_HCIREV (1 << 1) 39 #define IC_MATCH_FL_HCIVER (1 << 2) 40 #define IC_MATCH_FL_HCIBUS (1 << 3) 41 #define IC_MATCH_FL_CHIP_TYPE (1 << 4) 42 #define IC_INFO(lmps, hcir, hciv, bus) \ 43 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ 44 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ 45 .lmp_subver = (lmps), \ 46 .hci_rev = (hcir), \ 47 .hci_ver = (hciv), \ 48 .hci_bus = (bus) 49 50 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}}) 51 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}}) 52 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}}) 53 54 #define RTL_PATCH_SNIPPETS 0x01 55 #define RTL_PATCH_DUMMY_HEADER 0x02 56 #define RTL_PATCH_SECURITY_HEADER 0x03 57 58 enum btrtl_chip_id { 59 CHIP_ID_8723A, 60 CHIP_ID_8723B, 61 CHIP_ID_8821A, 62 CHIP_ID_8761A, 63 CHIP_ID_8822B = 8, 64 CHIP_ID_8723D, 65 CHIP_ID_8821C, 66 CHIP_ID_8822C = 13, 67 CHIP_ID_8761B, 68 CHIP_ID_8852A = 18, 69 CHIP_ID_8852B = 20, 70 CHIP_ID_8852C = 25, 71 CHIP_ID_8851B = 36, 72 CHIP_ID_8852BT = 47, 73 }; 74 75 struct id_table { 76 __u16 match_flags; 77 __u16 lmp_subver; 78 __u16 hci_rev; 79 __u8 hci_ver; 80 __u8 hci_bus; 81 __u8 chip_type; 82 bool config_needed; 83 bool has_rom_version; 84 bool has_msft_ext; 85 char *fw_name; 86 char *cfg_name; 87 char *hw_info; 88 }; 89 90 struct btrtl_device_info { 91 const struct id_table *ic_info; 92 u8 rom_version; 93 u8 *fw_data; 94 int fw_len; 95 u8 *cfg_data; 96 int cfg_len; 97 bool drop_fw; 98 int project_id; 99 u8 key_id; 100 struct list_head patch_subsecs; 101 }; 102 103 static const struct id_table ic_id_table[] = { 104 /* 8723A */ 105 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), 106 .config_needed = false, 107 .has_rom_version = false, 108 .fw_name = "rtl_bt/rtl8723a_fw", 109 .cfg_name = NULL, 110 .hw_info = "rtl8723au" }, 111 112 /* 8723BS */ 113 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), 114 .config_needed = true, 115 .has_rom_version = true, 116 .fw_name = "rtl_bt/rtl8723bs_fw", 117 .cfg_name = "rtl_bt/rtl8723bs_config", 118 .hw_info = "rtl8723bs" }, 119 120 /* 8723B */ 121 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), 122 .config_needed = false, 123 .has_rom_version = true, 124 .fw_name = "rtl_bt/rtl8723b_fw", 125 .cfg_name = "rtl_bt/rtl8723b_config", 126 .hw_info = "rtl8723bu" }, 127 128 /* 8723CS-CG */ 129 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 130 IC_MATCH_FL_HCIBUS, 131 .lmp_subver = RTL_ROM_LMP_8703B, 132 .chip_type = RTL_CHIP_8723CS_CG, 133 .hci_bus = HCI_UART, 134 .config_needed = true, 135 .has_rom_version = true, 136 .fw_name = "rtl_bt/rtl8723cs_cg_fw", 137 .cfg_name = "rtl_bt/rtl8723cs_cg_config", 138 .hw_info = "rtl8723cs-cg" }, 139 140 /* 8723CS-VF */ 141 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 142 IC_MATCH_FL_HCIBUS, 143 .lmp_subver = RTL_ROM_LMP_8703B, 144 .chip_type = RTL_CHIP_8723CS_VF, 145 .hci_bus = HCI_UART, 146 .config_needed = true, 147 .has_rom_version = true, 148 .fw_name = "rtl_bt/rtl8723cs_vf_fw", 149 .cfg_name = "rtl_bt/rtl8723cs_vf_config", 150 .hw_info = "rtl8723cs-vf" }, 151 152 /* 8723CS-XX */ 153 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE | 154 IC_MATCH_FL_HCIBUS, 155 .lmp_subver = RTL_ROM_LMP_8703B, 156 .chip_type = RTL_CHIP_8723CS_XX, 157 .hci_bus = HCI_UART, 158 .config_needed = true, 159 .has_rom_version = true, 160 .fw_name = "rtl_bt/rtl8723cs_xx_fw", 161 .cfg_name = "rtl_bt/rtl8723cs_xx_config", 162 .hw_info = "rtl8723cs" }, 163 164 /* 8723D */ 165 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), 166 .config_needed = true, 167 .has_rom_version = true, 168 .fw_name = "rtl_bt/rtl8723d_fw", 169 .cfg_name = "rtl_bt/rtl8723d_config", 170 .hw_info = "rtl8723du" }, 171 172 /* 8723DS */ 173 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), 174 .config_needed = true, 175 .has_rom_version = true, 176 .fw_name = "rtl_bt/rtl8723ds_fw", 177 .cfg_name = "rtl_bt/rtl8723ds_config", 178 .hw_info = "rtl8723ds" }, 179 180 /* 8821A */ 181 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), 182 .config_needed = false, 183 .has_rom_version = true, 184 .fw_name = "rtl_bt/rtl8821a_fw", 185 .cfg_name = "rtl_bt/rtl8821a_config", 186 .hw_info = "rtl8821au" }, 187 188 /* 8821C */ 189 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), 190 .config_needed = false, 191 .has_rom_version = true, 192 .has_msft_ext = true, 193 .fw_name = "rtl_bt/rtl8821c_fw", 194 .cfg_name = "rtl_bt/rtl8821c_config", 195 .hw_info = "rtl8821cu" }, 196 197 /* 8821CS */ 198 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART), 199 .config_needed = true, 200 .has_rom_version = true, 201 .has_msft_ext = true, 202 .fw_name = "rtl_bt/rtl8821cs_fw", 203 .cfg_name = "rtl_bt/rtl8821cs_config", 204 .hw_info = "rtl8821cs" }, 205 206 /* 8761A */ 207 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), 208 .config_needed = false, 209 .has_rom_version = true, 210 .fw_name = "rtl_bt/rtl8761a_fw", 211 .cfg_name = "rtl_bt/rtl8761a_config", 212 .hw_info = "rtl8761au" }, 213 214 /* 8761B */ 215 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART), 216 .config_needed = false, 217 .has_rom_version = true, 218 .has_msft_ext = true, 219 .fw_name = "rtl_bt/rtl8761b_fw", 220 .cfg_name = "rtl_bt/rtl8761b_config", 221 .hw_info = "rtl8761btv" }, 222 223 /* 8761BU */ 224 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), 225 .config_needed = false, 226 .has_rom_version = true, 227 .fw_name = "rtl_bt/rtl8761bu_fw", 228 .cfg_name = "rtl_bt/rtl8761bu_config", 229 .hw_info = "rtl8761bu" }, 230 231 /* 8822C with UART interface */ 232 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 233 .config_needed = true, 234 .has_rom_version = true, 235 .has_msft_ext = true, 236 .fw_name = "rtl_bt/rtl8822cs_fw", 237 .cfg_name = "rtl_bt/rtl8822cs_config", 238 .hw_info = "rtl8822cs" }, 239 240 /* 8822C with UART interface */ 241 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), 242 .config_needed = true, 243 .has_rom_version = true, 244 .has_msft_ext = true, 245 .fw_name = "rtl_bt/rtl8822cs_fw", 246 .cfg_name = "rtl_bt/rtl8822cs_config", 247 .hw_info = "rtl8822cs" }, 248 249 /* 8822C with USB interface */ 250 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), 251 .config_needed = false, 252 .has_rom_version = true, 253 .has_msft_ext = true, 254 .fw_name = "rtl_bt/rtl8822cu_fw", 255 .cfg_name = "rtl_bt/rtl8822cu_config", 256 .hw_info = "rtl8822cu" }, 257 258 /* 8822B */ 259 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), 260 .config_needed = true, 261 .has_rom_version = true, 262 .has_msft_ext = true, 263 .fw_name = "rtl_bt/rtl8822b_fw", 264 .cfg_name = "rtl_bt/rtl8822b_config", 265 .hw_info = "rtl8822bu" }, 266 267 /* 8852A */ 268 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), 269 .config_needed = false, 270 .has_rom_version = true, 271 .has_msft_ext = true, 272 .fw_name = "rtl_bt/rtl8852au_fw", 273 .cfg_name = "rtl_bt/rtl8852au_config", 274 .hw_info = "rtl8852au" }, 275 276 /* 8852B with UART interface */ 277 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART), 278 .config_needed = true, 279 .has_rom_version = true, 280 .has_msft_ext = true, 281 .fw_name = "rtl_bt/rtl8852bs_fw", 282 .cfg_name = "rtl_bt/rtl8852bs_config", 283 .hw_info = "rtl8852bs" }, 284 285 /* 8852B */ 286 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB), 287 .config_needed = false, 288 .has_rom_version = true, 289 .has_msft_ext = true, 290 .fw_name = "rtl_bt/rtl8852bu_fw", 291 .cfg_name = "rtl_bt/rtl8852bu_config", 292 .hw_info = "rtl8852bu" }, 293 294 /* 8852C */ 295 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB), 296 .config_needed = false, 297 .has_rom_version = true, 298 .has_msft_ext = true, 299 .fw_name = "rtl_bt/rtl8852cu_fw", 300 .cfg_name = "rtl_bt/rtl8852cu_config", 301 .hw_info = "rtl8852cu" }, 302 303 /* 8851B */ 304 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB), 305 .config_needed = false, 306 .has_rom_version = true, 307 .has_msft_ext = false, 308 .fw_name = "rtl_bt/rtl8851bu_fw", 309 .cfg_name = "rtl_bt/rtl8851bu_config", 310 .hw_info = "rtl8851bu" }, 311 312 /* 8852BT/8852BE-VT */ 313 { IC_INFO(RTL_ROM_LMP_8852A, 0x87, 0xc, HCI_USB), 314 .config_needed = false, 315 .has_rom_version = true, 316 .has_msft_ext = true, 317 .fw_name = "rtl_bt/rtl8852btu_fw", 318 .cfg_name = "rtl_bt/rtl8852btu_config", 319 .hw_info = "rtl8852btu" }, 320 }; 321 322 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, 323 u8 hci_ver, u8 hci_bus, 324 u8 chip_type) 325 { 326 int i; 327 328 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 329 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && 330 (ic_id_table[i].lmp_subver != lmp_subver)) 331 continue; 332 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && 333 (ic_id_table[i].hci_rev != hci_rev)) 334 continue; 335 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 336 (ic_id_table[i].hci_ver != hci_ver)) 337 continue; 338 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 339 (ic_id_table[i].hci_bus != hci_bus)) 340 continue; 341 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) && 342 (ic_id_table[i].chip_type != chip_type)) 343 continue; 344 345 break; 346 } 347 if (i >= ARRAY_SIZE(ic_id_table)) 348 return NULL; 349 350 return &ic_id_table[i]; 351 } 352 353 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) 354 { 355 struct sk_buff *skb; 356 357 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 358 HCI_INIT_TIMEOUT); 359 if (IS_ERR(skb)) { 360 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", 361 PTR_ERR(skb)); 362 return skb; 363 } 364 365 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 366 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); 367 kfree_skb(skb); 368 return ERR_PTR(-EIO); 369 } 370 371 return skb; 372 } 373 374 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 375 { 376 struct rtl_rom_version_evt *rom_version; 377 struct sk_buff *skb; 378 379 /* Read RTL ROM version command */ 380 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 381 if (IS_ERR(skb)) { 382 rtl_dev_err(hdev, "Read ROM version failed (%ld)", 383 PTR_ERR(skb)); 384 return PTR_ERR(skb); 385 } 386 387 if (skb->len != sizeof(*rom_version)) { 388 rtl_dev_err(hdev, "version event length mismatch"); 389 kfree_skb(skb); 390 return -EIO; 391 } 392 393 rom_version = (struct rtl_rom_version_evt *)skb->data; 394 rtl_dev_info(hdev, "rom_version status=%x version=%x", 395 rom_version->status, rom_version->version); 396 397 *version = rom_version->version; 398 399 kfree_skb(skb); 400 return 0; 401 } 402 403 static int btrtl_vendor_read_reg16(struct hci_dev *hdev, 404 struct rtl_vendor_cmd *cmd, u8 *rp) 405 { 406 struct sk_buff *skb; 407 int err = 0; 408 409 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd, 410 HCI_INIT_TIMEOUT); 411 if (IS_ERR(skb)) { 412 err = PTR_ERR(skb); 413 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err); 414 return err; 415 } 416 417 if (skb->len != 3 || skb->data[0]) { 418 bt_dev_err(hdev, "RTL: Read reg16 length mismatch"); 419 kfree_skb(skb); 420 return -EIO; 421 } 422 423 if (rp) 424 memcpy(rp, skb->data + 1, 2); 425 426 kfree_skb(skb); 427 428 return 0; 429 } 430 431 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) 432 { 433 void *data = iov->data; 434 435 if (iov->len < len) 436 return NULL; 437 438 iov->data += len; 439 iov->len -= len; 440 441 return data; 442 } 443 444 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node, 445 struct btrtl_device_info *btrtl_dev) 446 { 447 struct list_head *pos; 448 struct list_head *next; 449 struct rtl_subsection *subsec; 450 451 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) { 452 subsec = list_entry(pos, struct rtl_subsection, list); 453 if (subsec->prio >= node->prio) 454 break; 455 } 456 __list_add(&node->list, pos->prev, pos); 457 } 458 459 static int btrtl_parse_section(struct hci_dev *hdev, 460 struct btrtl_device_info *btrtl_dev, u32 opcode, 461 u8 *data, u32 len) 462 { 463 struct rtl_section_hdr *hdr; 464 struct rtl_subsection *subsec; 465 struct rtl_common_subsec *common_subsec; 466 struct rtl_sec_hdr *sec_hdr; 467 int i; 468 u8 *ptr; 469 u16 num_subsecs; 470 u32 subsec_len; 471 int rc = 0; 472 struct rtl_iovec iov = { 473 .data = data, 474 .len = len, 475 }; 476 477 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 478 if (!hdr) 479 return -EINVAL; 480 num_subsecs = le16_to_cpu(hdr->num); 481 482 for (i = 0; i < num_subsecs; i++) { 483 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec)); 484 if (!common_subsec) 485 break; 486 subsec_len = le32_to_cpu(common_subsec->len); 487 488 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x", 489 common_subsec->eco, subsec_len); 490 491 ptr = rtl_iov_pull_data(&iov, subsec_len); 492 if (!ptr) 493 break; 494 495 if (common_subsec->eco != btrtl_dev->rom_version + 1) 496 continue; 497 498 switch (opcode) { 499 case RTL_PATCH_SECURITY_HEADER: 500 sec_hdr = (void *)common_subsec; 501 if (sec_hdr->key_id != btrtl_dev->key_id) 502 continue; 503 break; 504 } 505 506 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL); 507 if (!subsec) 508 return -ENOMEM; 509 subsec->opcode = opcode; 510 subsec->prio = common_subsec->prio; 511 subsec->len = subsec_len; 512 subsec->data = ptr; 513 btrtl_insert_ordered_subsec(subsec, btrtl_dev); 514 rc += subsec_len; 515 } 516 517 return rc; 518 } 519 520 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev, 521 struct btrtl_device_info *btrtl_dev, 522 unsigned char **_buf) 523 { 524 struct rtl_epatch_header_v2 *hdr; 525 int rc; 526 u8 reg_val[2]; 527 u8 key_id; 528 u32 num_sections; 529 struct rtl_section *section; 530 struct rtl_subsection *entry, *tmp; 531 u32 section_len; 532 u32 opcode; 533 int len = 0; 534 int i; 535 u8 *ptr; 536 struct rtl_iovec iov = { 537 .data = btrtl_dev->fw_data, 538 .len = btrtl_dev->fw_len - 7, /* Cut the tail */ 539 }; 540 541 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val); 542 if (rc < 0) 543 return -EIO; 544 key_id = reg_val[0]; 545 546 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id); 547 548 btrtl_dev->key_id = key_id; 549 550 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); 551 if (!hdr) 552 return -EINVAL; 553 num_sections = le32_to_cpu(hdr->num_sections); 554 555 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version), 556 *((u32 *)(hdr->fw_version + 4))); 557 558 for (i = 0; i < num_sections; i++) { 559 section = rtl_iov_pull_data(&iov, sizeof(*section)); 560 if (!section) 561 break; 562 section_len = le32_to_cpu(section->len); 563 opcode = le32_to_cpu(section->opcode); 564 565 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode); 566 567 ptr = rtl_iov_pull_data(&iov, section_len); 568 if (!ptr) 569 break; 570 571 switch (opcode) { 572 case RTL_PATCH_SNIPPETS: 573 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 574 ptr, section_len); 575 break; 576 case RTL_PATCH_SECURITY_HEADER: 577 /* If key_id from chip is zero, ignore all security 578 * headers. 579 */ 580 if (!key_id) 581 break; 582 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 583 ptr, section_len); 584 break; 585 case RTL_PATCH_DUMMY_HEADER: 586 rc = btrtl_parse_section(hdev, btrtl_dev, opcode, 587 ptr, section_len); 588 break; 589 default: 590 rc = 0; 591 break; 592 } 593 if (rc < 0) { 594 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d", 595 opcode, rc); 596 return rc; 597 } 598 len += rc; 599 } 600 601 if (!len) 602 return -ENODATA; 603 604 /* Allocate mem and copy all found subsecs. */ 605 ptr = kvmalloc(len, GFP_KERNEL); 606 if (!ptr) 607 return -ENOMEM; 608 609 len = 0; 610 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 611 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x", 612 entry->opcode, entry->data, entry->len); 613 memcpy(ptr + len, entry->data, entry->len); 614 len += entry->len; 615 } 616 617 if (!len) 618 return -EPERM; 619 620 *_buf = ptr; 621 return len; 622 } 623 624 static int rtlbt_parse_firmware(struct hci_dev *hdev, 625 struct btrtl_device_info *btrtl_dev, 626 unsigned char **_buf) 627 { 628 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 629 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 630 struct rtl_epatch_header *epatch_info; 631 unsigned char *buf; 632 int i, len; 633 size_t min_size; 634 u8 opcode, length, data; 635 int project_id = -1; 636 const unsigned char *fwptr, *chip_id_base; 637 const unsigned char *patch_length_base, *patch_offset_base; 638 u32 patch_offset = 0; 639 u16 patch_length, num_patches; 640 static const struct { 641 __u16 lmp_subver; 642 __u8 id; 643 } project_id_to_lmp_subver[] = { 644 { RTL_ROM_LMP_8723A, 0 }, 645 { RTL_ROM_LMP_8723B, 1 }, 646 { RTL_ROM_LMP_8821A, 2 }, 647 { RTL_ROM_LMP_8761A, 3 }, 648 { RTL_ROM_LMP_8703B, 7 }, 649 { RTL_ROM_LMP_8822B, 8 }, 650 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ 651 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 652 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ 653 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ 654 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ 655 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */ 656 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */ 657 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */ 658 { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */ 659 }; 660 661 if (btrtl_dev->fw_len <= 8) 662 return -EINVAL; 663 664 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) 665 min_size = sizeof(struct rtl_epatch_header) + 666 sizeof(extension_sig) + 3; 667 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 668 min_size = sizeof(struct rtl_epatch_header_v2) + 669 sizeof(extension_sig) + 3; 670 else 671 return -EINVAL; 672 673 if (btrtl_dev->fw_len < min_size) 674 return -EINVAL; 675 676 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); 677 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 678 rtl_dev_err(hdev, "extension section signature mismatch"); 679 return -EINVAL; 680 } 681 682 /* Loop from the end of the firmware parsing instructions, until 683 * we find an instruction that identifies the "project ID" for the 684 * hardware supported by this firwmare file. 685 * Once we have that, we double-check that project_id is suitable 686 * for the hardware we are working with. 687 */ 688 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { 689 opcode = *--fwptr; 690 length = *--fwptr; 691 data = *--fwptr; 692 693 BT_DBG("check op=%x len=%x data=%x", opcode, length, data); 694 695 if (opcode == 0xff) /* EOF */ 696 break; 697 698 if (length == 0) { 699 rtl_dev_err(hdev, "found instruction with length 0"); 700 return -EINVAL; 701 } 702 703 if (opcode == 0 && length == 1) { 704 project_id = data; 705 break; 706 } 707 708 fwptr -= length; 709 } 710 711 if (project_id < 0) { 712 rtl_dev_err(hdev, "failed to find version instruction"); 713 return -EINVAL; 714 } 715 716 /* Find project_id in table */ 717 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { 718 if (project_id == project_id_to_lmp_subver[i].id) { 719 btrtl_dev->project_id = project_id; 720 break; 721 } 722 } 723 724 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 725 rtl_dev_err(hdev, "unknown project id %d", project_id); 726 return -EINVAL; 727 } 728 729 if (btrtl_dev->ic_info->lmp_subver != 730 project_id_to_lmp_subver[i].lmp_subver) { 731 rtl_dev_err(hdev, "firmware is for %x but this is a %x", 732 project_id_to_lmp_subver[i].lmp_subver, 733 btrtl_dev->ic_info->lmp_subver); 734 return -EINVAL; 735 } 736 737 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) { 738 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8)) 739 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf); 740 rtl_dev_err(hdev, "bad EPATCH signature"); 741 return -EINVAL; 742 } 743 744 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; 745 num_patches = le16_to_cpu(epatch_info->num_patches); 746 747 BT_DBG("fw_version=%x, num_patches=%d", 748 le32_to_cpu(epatch_info->fw_version), num_patches); 749 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version); 750 751 /* After the rtl_epatch_header there is a funky patch metadata section. 752 * Assuming 2 patches, the layout is: 753 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 754 * 755 * Find the right patch for this chip. 756 */ 757 min_size += 8 * num_patches; 758 if (btrtl_dev->fw_len < min_size) 759 return -EINVAL; 760 761 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); 762 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 763 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 764 for (i = 0; i < num_patches; i++) { 765 u16 chip_id = get_unaligned_le16(chip_id_base + 766 (i * sizeof(u16))); 767 if (chip_id == btrtl_dev->rom_version + 1) { 768 patch_length = get_unaligned_le16(patch_length_base + 769 (i * sizeof(u16))); 770 patch_offset = get_unaligned_le32(patch_offset_base + 771 (i * sizeof(u32))); 772 break; 773 } 774 } 775 776 if (!patch_offset) { 777 rtl_dev_err(hdev, "didn't find patch for chip id %d", 778 btrtl_dev->rom_version); 779 return -EINVAL; 780 } 781 782 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 783 min_size = patch_offset + patch_length; 784 if (btrtl_dev->fw_len < min_size) 785 return -EINVAL; 786 787 /* Copy the firmware into a new buffer and write the version at 788 * the end. 789 */ 790 len = patch_length; 791 buf = kvmalloc(patch_length, GFP_KERNEL); 792 if (!buf) 793 return -ENOMEM; 794 795 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); 796 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); 797 798 *_buf = buf; 799 return len; 800 } 801 802 static int rtl_download_firmware(struct hci_dev *hdev, 803 const unsigned char *data, int fw_len) 804 { 805 struct rtl_download_cmd *dl_cmd; 806 int frag_num = fw_len / RTL_FRAG_LEN + 1; 807 int frag_len = RTL_FRAG_LEN; 808 int ret = 0; 809 int i; 810 int j = 0; 811 struct sk_buff *skb; 812 struct hci_rp_read_local_version *rp; 813 814 dl_cmd = kmalloc(sizeof(*dl_cmd), GFP_KERNEL); 815 if (!dl_cmd) 816 return -ENOMEM; 817 818 for (i = 0; i < frag_num; i++) { 819 struct sk_buff *skb; 820 821 dl_cmd->index = j++; 822 if (dl_cmd->index == 0x7f) 823 j = 1; 824 825 if (i == (frag_num - 1)) { 826 dl_cmd->index |= 0x80; /* data end */ 827 frag_len = fw_len % RTL_FRAG_LEN; 828 } 829 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i, 830 frag_num, dl_cmd->index); 831 memcpy(dl_cmd->data, data, frag_len); 832 833 /* Send download command */ 834 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 835 HCI_INIT_TIMEOUT); 836 if (IS_ERR(skb)) { 837 rtl_dev_err(hdev, "download fw command failed (%ld)", 838 PTR_ERR(skb)); 839 ret = PTR_ERR(skb); 840 goto out; 841 } 842 843 if (skb->len != sizeof(struct rtl_download_response)) { 844 rtl_dev_err(hdev, "download fw event length mismatch"); 845 kfree_skb(skb); 846 ret = -EIO; 847 goto out; 848 } 849 850 kfree_skb(skb); 851 data += RTL_FRAG_LEN; 852 } 853 854 skb = btrtl_read_local_version(hdev); 855 if (IS_ERR(skb)) { 856 ret = PTR_ERR(skb); 857 rtl_dev_err(hdev, "read local version failed"); 858 goto out; 859 } 860 861 rp = (struct hci_rp_read_local_version *)skb->data; 862 rtl_dev_info(hdev, "fw version 0x%04x%04x", 863 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); 864 kfree_skb(skb); 865 866 out: 867 kfree(dl_cmd); 868 return ret; 869 } 870 871 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) 872 { 873 const struct firmware *fw; 874 int ret; 875 876 rtl_dev_info(hdev, "loading %s", name); 877 ret = request_firmware(&fw, name, &hdev->dev); 878 if (ret < 0) 879 return ret; 880 ret = fw->size; 881 *buff = kvmalloc(fw->size, GFP_KERNEL); 882 if (*buff) 883 memcpy(*buff, fw->data, ret); 884 else 885 ret = -ENOMEM; 886 887 release_firmware(fw); 888 889 return ret; 890 } 891 892 static int btrtl_setup_rtl8723a(struct hci_dev *hdev, 893 struct btrtl_device_info *btrtl_dev) 894 { 895 if (btrtl_dev->fw_len < 8) 896 return -EINVAL; 897 898 /* Check that the firmware doesn't have the epatch signature 899 * (which is only for RTL8723B and newer). 900 */ 901 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { 902 rtl_dev_err(hdev, "unexpected EPATCH signature!"); 903 return -EINVAL; 904 } 905 906 return rtl_download_firmware(hdev, btrtl_dev->fw_data, 907 btrtl_dev->fw_len); 908 } 909 910 static int btrtl_setup_rtl8723b(struct hci_dev *hdev, 911 struct btrtl_device_info *btrtl_dev) 912 { 913 unsigned char *fw_data = NULL; 914 int ret; 915 u8 *tbuff; 916 917 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); 918 if (ret < 0) 919 goto out; 920 921 if (btrtl_dev->cfg_len > 0) { 922 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); 923 if (!tbuff) { 924 ret = -ENOMEM; 925 goto out; 926 } 927 928 memcpy(tbuff, fw_data, ret); 929 kvfree(fw_data); 930 931 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); 932 ret += btrtl_dev->cfg_len; 933 934 fw_data = tbuff; 935 } 936 937 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); 938 939 ret = rtl_download_firmware(hdev, fw_data, ret); 940 941 out: 942 kvfree(fw_data); 943 return ret; 944 } 945 946 static void btrtl_coredump(struct hci_dev *hdev) 947 { 948 static const u8 param[] = { 0x00, 0x00 }; 949 950 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param); 951 } 952 953 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb) 954 { 955 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 956 char buf[80]; 957 958 if (coredump_info->rtl_dump.controller) 959 snprintf(buf, sizeof(buf), "Controller Name: %s\n", 960 coredump_info->rtl_dump.controller); 961 else 962 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n"); 963 skb_put_data(skb, buf, strlen(buf)); 964 965 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 966 coredump_info->rtl_dump.fw_version); 967 skb_put_data(skb, buf, strlen(buf)); 968 969 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name); 970 skb_put_data(skb, buf, strlen(buf)); 971 972 snprintf(buf, sizeof(buf), "Vendor: Realtek\n"); 973 skb_put_data(skb, buf, strlen(buf)); 974 } 975 976 static void btrtl_register_devcoredump_support(struct hci_dev *hdev) 977 { 978 hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL); 979 980 } 981 982 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name) 983 { 984 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 985 986 coredump_info->rtl_dump.driver_name = driver_name; 987 } 988 EXPORT_SYMBOL_GPL(btrtl_set_driver_name); 989 990 static bool rtl_has_chip_type(u16 lmp_subver) 991 { 992 switch (lmp_subver) { 993 case RTL_ROM_LMP_8703B: 994 return true; 995 default: 996 break; 997 } 998 999 return false; 1000 } 1001 1002 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type) 1003 { 1004 struct rtl_chip_type_evt *chip_type; 1005 struct sk_buff *skb; 1006 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0}; 1007 1008 /* Read RTL chip type command */ 1009 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT); 1010 if (IS_ERR(skb)) { 1011 rtl_dev_err(hdev, "Read chip type failed (%ld)", 1012 PTR_ERR(skb)); 1013 return PTR_ERR(skb); 1014 } 1015 1016 chip_type = skb_pull_data(skb, sizeof(*chip_type)); 1017 if (!chip_type) { 1018 rtl_dev_err(hdev, "RTL chip type event length mismatch"); 1019 kfree_skb(skb); 1020 return -EIO; 1021 } 1022 1023 rtl_dev_info(hdev, "chip_type status=%x type=%x", 1024 chip_type->status, chip_type->type); 1025 1026 *type = chip_type->type & 0x0f; 1027 1028 kfree_skb(skb); 1029 return 0; 1030 } 1031 1032 void btrtl_free(struct btrtl_device_info *btrtl_dev) 1033 { 1034 struct rtl_subsection *entry, *tmp; 1035 1036 kvfree(btrtl_dev->fw_data); 1037 kvfree(btrtl_dev->cfg_data); 1038 1039 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) { 1040 list_del(&entry->list); 1041 kfree(entry); 1042 } 1043 1044 kfree(btrtl_dev); 1045 } 1046 EXPORT_SYMBOL_GPL(btrtl_free); 1047 1048 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, 1049 const char *postfix) 1050 { 1051 struct btrealtek_data *coredump_info = hci_get_priv(hdev); 1052 struct btrtl_device_info *btrtl_dev; 1053 struct sk_buff *skb; 1054 struct hci_rp_read_local_version *resp; 1055 struct hci_command_hdr *cmd; 1056 char fw_name[40]; 1057 char cfg_name[40]; 1058 u16 hci_rev, lmp_subver; 1059 u8 hci_ver, lmp_ver, chip_type = 0; 1060 int ret; 1061 u8 reg_val[2]; 1062 1063 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); 1064 if (!btrtl_dev) { 1065 ret = -ENOMEM; 1066 goto err_alloc; 1067 } 1068 1069 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); 1070 1071 check_version: 1072 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val); 1073 if (ret < 0) 1074 goto err_free; 1075 lmp_subver = get_unaligned_le16(reg_val); 1076 1077 if (lmp_subver == RTL_ROM_LMP_8822B) { 1078 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val); 1079 if (ret < 0) 1080 goto err_free; 1081 hci_rev = get_unaligned_le16(reg_val); 1082 1083 /* 8822E */ 1084 if (hci_rev == 0x000e) { 1085 hci_ver = 0x0c; 1086 lmp_ver = 0x0c; 1087 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, 1088 hci_ver, hdev->bus, 1089 chip_type); 1090 goto next; 1091 } 1092 } 1093 1094 skb = btrtl_read_local_version(hdev); 1095 if (IS_ERR(skb)) { 1096 ret = PTR_ERR(skb); 1097 goto err_free; 1098 } 1099 1100 resp = (struct hci_rp_read_local_version *)skb->data; 1101 1102 hci_ver = resp->hci_ver; 1103 hci_rev = le16_to_cpu(resp->hci_rev); 1104 lmp_ver = resp->lmp_ver; 1105 lmp_subver = le16_to_cpu(resp->lmp_subver); 1106 1107 kfree_skb(skb); 1108 1109 if (rtl_has_chip_type(lmp_subver)) { 1110 ret = rtl_read_chip_type(hdev, &chip_type); 1111 if (ret) 1112 goto err_free; 1113 } 1114 1115 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 1116 hdev->bus, chip_type); 1117 1118 next: 1119 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 1120 hci_ver, hci_rev, 1121 lmp_ver, lmp_subver); 1122 1123 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw) 1124 btrtl_dev->drop_fw = true; 1125 else 1126 btrtl_dev->drop_fw = false; 1127 1128 if (btrtl_dev->drop_fw) { 1129 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL); 1130 if (!skb) 1131 goto err_free; 1132 1133 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE); 1134 cmd->opcode = cpu_to_le16(0xfc66); 1135 cmd->plen = 0; 1136 1137 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 1138 1139 ret = hdev->send(hdev, skb); 1140 if (ret < 0) { 1141 bt_dev_err(hdev, "sending frame failed (%d)", ret); 1142 kfree_skb(skb); 1143 goto err_free; 1144 } 1145 1146 /* Ensure the above vendor command is sent to controller and 1147 * process has done. 1148 */ 1149 msleep(200); 1150 1151 goto check_version; 1152 } 1153 1154 if (!btrtl_dev->ic_info) { 1155 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", 1156 lmp_subver, hci_rev, hci_ver); 1157 return btrtl_dev; 1158 } 1159 1160 if (btrtl_dev->ic_info->has_rom_version) { 1161 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); 1162 if (ret) 1163 goto err_free; 1164 } 1165 1166 if (!btrtl_dev->ic_info->fw_name) { 1167 ret = -ENOMEM; 1168 goto err_free; 1169 } 1170 1171 btrtl_dev->fw_len = -EIO; 1172 if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) { 1173 snprintf(fw_name, sizeof(fw_name), "%s_v2.bin", 1174 btrtl_dev->ic_info->fw_name); 1175 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1176 &btrtl_dev->fw_data); 1177 } 1178 1179 if (btrtl_dev->fw_len < 0) { 1180 snprintf(fw_name, sizeof(fw_name), "%s.bin", 1181 btrtl_dev->ic_info->fw_name); 1182 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name, 1183 &btrtl_dev->fw_data); 1184 } 1185 1186 if (btrtl_dev->fw_len < 0) { 1187 rtl_dev_err(hdev, "firmware file %s not found", 1188 btrtl_dev->ic_info->fw_name); 1189 ret = btrtl_dev->fw_len; 1190 goto err_free; 1191 } 1192 1193 if (btrtl_dev->ic_info->cfg_name) { 1194 if (postfix) { 1195 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", 1196 btrtl_dev->ic_info->cfg_name, postfix); 1197 } else { 1198 snprintf(cfg_name, sizeof(cfg_name), "%s.bin", 1199 btrtl_dev->ic_info->cfg_name); 1200 } 1201 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, 1202 &btrtl_dev->cfg_data); 1203 if (btrtl_dev->ic_info->config_needed && 1204 btrtl_dev->cfg_len <= 0) { 1205 rtl_dev_err(hdev, "mandatory config file %s not found", 1206 btrtl_dev->ic_info->cfg_name); 1207 ret = btrtl_dev->cfg_len; 1208 goto err_free; 1209 } 1210 } 1211 1212 /* The following chips supports the Microsoft vendor extension, 1213 * therefore set the corresponding VsMsftOpCode. 1214 */ 1215 if (btrtl_dev->ic_info->has_msft_ext) 1216 hci_set_msft_opcode(hdev, 0xFCF0); 1217 1218 if (btrtl_dev->ic_info) 1219 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info; 1220 1221 return btrtl_dev; 1222 1223 err_free: 1224 btrtl_free(btrtl_dev); 1225 err_alloc: 1226 return ERR_PTR(ret); 1227 } 1228 EXPORT_SYMBOL_GPL(btrtl_initialize); 1229 1230 int btrtl_download_firmware(struct hci_dev *hdev, 1231 struct btrtl_device_info *btrtl_dev) 1232 { 1233 int err = 0; 1234 1235 /* Match a set of subver values that correspond to stock firmware, 1236 * which is not compatible with standard btusb. 1237 * If matched, upload an alternative firmware that does conform to 1238 * standard btusb. Once that firmware is uploaded, the subver changes 1239 * to a different value. 1240 */ 1241 if (!btrtl_dev->ic_info) { 1242 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1243 err = 0; 1244 goto done; 1245 } 1246 1247 switch (btrtl_dev->ic_info->lmp_subver) { 1248 case RTL_ROM_LMP_8723A: 1249 err = btrtl_setup_rtl8723a(hdev, btrtl_dev); 1250 break; 1251 case RTL_ROM_LMP_8723B: 1252 case RTL_ROM_LMP_8821A: 1253 case RTL_ROM_LMP_8761A: 1254 case RTL_ROM_LMP_8822B: 1255 case RTL_ROM_LMP_8852A: 1256 case RTL_ROM_LMP_8703B: 1257 case RTL_ROM_LMP_8851B: 1258 err = btrtl_setup_rtl8723b(hdev, btrtl_dev); 1259 break; 1260 default: 1261 rtl_dev_info(hdev, "assuming no firmware upload needed"); 1262 break; 1263 } 1264 1265 done: 1266 btrtl_register_devcoredump_support(hdev); 1267 1268 return err; 1269 } 1270 EXPORT_SYMBOL_GPL(btrtl_download_firmware); 1271 1272 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) 1273 { 1274 /* Enable controller to do both LE scan and BR/EDR inquiry 1275 * simultaneously. 1276 */ 1277 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1278 1279 /* Enable central-peripheral role (able to create new connections with 1280 * an existing connection in slave role). 1281 */ 1282 /* Enable WBS supported for the specific Realtek devices. */ 1283 switch (btrtl_dev->project_id) { 1284 case CHIP_ID_8822C: 1285 case CHIP_ID_8852A: 1286 case CHIP_ID_8852B: 1287 case CHIP_ID_8852C: 1288 case CHIP_ID_8851B: 1289 case CHIP_ID_8852BT: 1290 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 1291 1292 /* RTL8852C needs to transmit mSBC data continuously without 1293 * the zero length of USB packets for the ALT 6 supported chips 1294 */ 1295 if (btrtl_dev->project_id == CHIP_ID_8852C) 1296 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP); 1297 1298 if (btrtl_dev->project_id == CHIP_ID_8852A || 1299 btrtl_dev->project_id == CHIP_ID_8852C) 1300 set_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks); 1301 1302 hci_set_aosp_capable(hdev); 1303 break; 1304 default: 1305 rtl_dev_dbg(hdev, "Central-peripheral role not enabled."); 1306 rtl_dev_dbg(hdev, "WBS supported not enabled."); 1307 break; 1308 } 1309 1310 if (!btrtl_dev->ic_info) 1311 return; 1312 1313 switch (btrtl_dev->ic_info->lmp_subver) { 1314 case RTL_ROM_LMP_8703B: 1315 /* 8723CS reports two pages for local ext features, 1316 * but it doesn't support any features from page 2 - 1317 * it either responds with garbage or with error status 1318 */ 1319 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2, 1320 &hdev->quirks); 1321 break; 1322 default: 1323 break; 1324 } 1325 } 1326 EXPORT_SYMBOL_GPL(btrtl_set_quirks); 1327 1328 int btrtl_setup_realtek(struct hci_dev *hdev) 1329 { 1330 struct btrtl_device_info *btrtl_dev; 1331 int ret; 1332 1333 btrtl_dev = btrtl_initialize(hdev, NULL); 1334 if (IS_ERR(btrtl_dev)) 1335 return PTR_ERR(btrtl_dev); 1336 1337 ret = btrtl_download_firmware(hdev, btrtl_dev); 1338 1339 btrtl_set_quirks(hdev, btrtl_dev); 1340 1341 hci_set_hw_info(hdev, 1342 "RTL lmp_subver=%u hci_rev=%u hci_ver=%u hci_bus=%u", 1343 btrtl_dev->ic_info->lmp_subver, 1344 btrtl_dev->ic_info->hci_rev, 1345 btrtl_dev->ic_info->hci_ver, 1346 btrtl_dev->ic_info->hci_bus); 1347 1348 btrtl_free(btrtl_dev); 1349 return ret; 1350 } 1351 EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 1352 1353 int btrtl_shutdown_realtek(struct hci_dev *hdev) 1354 { 1355 struct sk_buff *skb; 1356 int ret; 1357 1358 /* According to the vendor driver, BT must be reset on close to avoid 1359 * firmware crash. 1360 */ 1361 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1362 if (IS_ERR(skb)) { 1363 ret = PTR_ERR(skb); 1364 bt_dev_err(hdev, "HCI reset during shutdown failed"); 1365 return ret; 1366 } 1367 kfree_skb(skb); 1368 1369 return 0; 1370 } 1371 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); 1372 1373 static unsigned int btrtl_convert_baudrate(u32 device_baudrate) 1374 { 1375 switch (device_baudrate) { 1376 case 0x0252a00a: 1377 return 230400; 1378 1379 case 0x05f75004: 1380 return 921600; 1381 1382 case 0x00005004: 1383 return 1000000; 1384 1385 case 0x04928002: 1386 case 0x01128002: 1387 return 1500000; 1388 1389 case 0x00005002: 1390 return 2000000; 1391 1392 case 0x0000b001: 1393 return 2500000; 1394 1395 case 0x04928001: 1396 return 3000000; 1397 1398 case 0x052a6001: 1399 return 3500000; 1400 1401 case 0x00005001: 1402 return 4000000; 1403 1404 case 0x0252c014: 1405 default: 1406 return 115200; 1407 } 1408 } 1409 1410 int btrtl_get_uart_settings(struct hci_dev *hdev, 1411 struct btrtl_device_info *btrtl_dev, 1412 unsigned int *controller_baudrate, 1413 u32 *device_baudrate, bool *flow_control) 1414 { 1415 struct rtl_vendor_config *config; 1416 struct rtl_vendor_config_entry *entry; 1417 int i, total_data_len; 1418 bool found = false; 1419 1420 total_data_len = btrtl_dev->cfg_len - sizeof(*config); 1421 if (total_data_len <= 0) { 1422 rtl_dev_warn(hdev, "no config loaded"); 1423 return -EINVAL; 1424 } 1425 1426 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; 1427 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { 1428 rtl_dev_err(hdev, "invalid config magic"); 1429 return -EINVAL; 1430 } 1431 1432 if (total_data_len < le16_to_cpu(config->total_len)) { 1433 rtl_dev_err(hdev, "config is too short"); 1434 return -EINVAL; 1435 } 1436 1437 for (i = 0; i < total_data_len; ) { 1438 entry = ((void *)config->entry) + i; 1439 1440 switch (le16_to_cpu(entry->offset)) { 1441 case 0xc: 1442 if (entry->len < sizeof(*device_baudrate)) { 1443 rtl_dev_err(hdev, "invalid UART config entry"); 1444 return -EINVAL; 1445 } 1446 1447 *device_baudrate = get_unaligned_le32(entry->data); 1448 *controller_baudrate = btrtl_convert_baudrate( 1449 *device_baudrate); 1450 1451 if (entry->len >= 13) 1452 *flow_control = !!(entry->data[12] & BIT(2)); 1453 else 1454 *flow_control = false; 1455 1456 found = true; 1457 break; 1458 1459 default: 1460 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", 1461 le16_to_cpu(entry->offset), entry->len); 1462 break; 1463 } 1464 1465 i += sizeof(*entry) + entry->len; 1466 } 1467 1468 if (!found) { 1469 rtl_dev_err(hdev, "no UART config entry found"); 1470 return -ENOENT; 1471 } 1472 1473 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); 1474 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); 1475 rtl_dev_dbg(hdev, "flow control %d", *flow_control); 1476 1477 return 0; 1478 } 1479 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); 1480 1481 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 1482 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 1483 MODULE_VERSION(VERSION); 1484 MODULE_LICENSE("GPL"); 1485 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); 1486 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); 1487 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); 1488 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); 1489 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); 1490 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin"); 1491 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin"); 1492 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin"); 1493 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin"); 1494 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin"); 1495 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin"); 1496 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin"); 1497 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin"); 1498 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); 1499 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); 1500 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); 1501 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); 1502 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin"); 1503 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin"); 1504 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin"); 1505 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin"); 1506 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 1507 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 1508 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin"); 1509 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin"); 1510 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin"); 1511 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin"); 1512 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); 1513 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); 1514 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin"); 1515 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin"); 1516 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin"); 1517 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin"); 1518 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin"); 1519 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin"); 1520 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); 1521 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); 1522 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin"); 1523 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin"); 1524 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); 1525 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); 1526 MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin"); 1527 MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin"); 1528 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); 1529 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin"); 1530 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin"); 1531