Commit | Line | Data |
---|---|---|
c942fddf | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
db33c77d CC |
2 | /* |
3 | * Bluetooth support for Realtek devices | |
4 | * | |
5 | * Copyright (C) 2015 Endless Mobile, Inc. | |
db33c77d CC |
6 | */ |
7 | ||
8 | #include <linux/module.h> | |
9 | #include <linux/firmware.h> | |
10 | #include <asm/unaligned.h> | |
11 | #include <linux/usb.h> | |
12 | ||
13 | #include <net/bluetooth/bluetooth.h> | |
14 | #include <net/bluetooth/hci_core.h> | |
15 | ||
16 | #include "btrtl.h" | |
17 | ||
18 | #define VERSION "0.1" | |
19 | ||
20 | #define RTL_EPATCH_SIGNATURE "Realtech" | |
db33c77d CC |
21 | #define RTL_ROM_LMP_8723A 0x1200 |
22 | #define RTL_ROM_LMP_8723B 0x8723 | |
23 | #define RTL_ROM_LMP_8821A 0x8821 | |
24 | #define RTL_ROM_LMP_8761A 0x8761 | |
1110a2db | 25 | #define RTL_ROM_LMP_8822B 0x8822 |
0d484db6 | 26 | #define RTL_ROM_LMP_8852A 0x8852 |
b85b0ee1 | 27 | #define RTL_CONFIG_MAGIC 0x8723ab55 |
db33c77d | 28 | |
907f8499 AL |
29 | #define IC_MATCH_FL_LMPSUBV (1 << 0) |
30 | #define IC_MATCH_FL_HCIREV (1 << 1) | |
c50903e3 MB |
31 | #define IC_MATCH_FL_HCIVER (1 << 2) |
32 | #define IC_MATCH_FL_HCIBUS (1 << 3) | |
6f9ff246 MC |
33 | #define IC_INFO(lmps, hcir, hciv, bus) \ |
34 | .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ | |
35 | IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ | |
907f8499 | 36 | .lmp_subver = (lmps), \ |
6f9ff246 MC |
37 | .hci_rev = (hcir), \ |
38 | .hci_ver = (hciv), \ | |
39 | .hci_bus = (bus) | |
907f8499 AL |
40 | |
41 | struct id_table { | |
42 | __u16 match_flags; | |
43 | __u16 lmp_subver; | |
44 | __u16 hci_rev; | |
c50903e3 MB |
45 | __u8 hci_ver; |
46 | __u8 hci_bus; | |
907f8499 | 47 | bool config_needed; |
26503ad2 | 48 | bool has_rom_version; |
907f8499 AL |
49 | char *fw_name; |
50 | char *cfg_name; | |
51 | }; | |
52 | ||
26503ad2 MB |
53 | struct btrtl_device_info { |
54 | const struct id_table *ic_info; | |
55 | u8 rom_version; | |
56 | u8 *fw_data; | |
57 | int fw_len; | |
58 | u8 *cfg_data; | |
59 | int cfg_len; | |
1996d9ca | 60 | bool drop_fw; |
26503ad2 MB |
61 | }; |
62 | ||
907f8499 | 63 | static const struct id_table ic_id_table[] = { |
6f9ff246 MC |
64 | /* 8723A */ |
65 | { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), | |
26503ad2 MB |
66 | .config_needed = false, |
67 | .has_rom_version = false, | |
68 | .fw_name = "rtl_bt/rtl8723a_fw.bin", | |
69 | .cfg_name = NULL }, | |
70 | ||
c50903e3 | 71 | /* 8723BS */ |
6f9ff246 | 72 | { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), |
c50903e3 MB |
73 | .config_needed = true, |
74 | .has_rom_version = true, | |
75 | .fw_name = "rtl_bt/rtl8723bs_fw.bin", | |
1cc194ca | 76 | .cfg_name = "rtl_bt/rtl8723bs_config" }, |
c50903e3 | 77 | |
907f8499 | 78 | /* 8723B */ |
6f9ff246 | 79 | { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), |
907f8499 | 80 | .config_needed = false, |
26503ad2 | 81 | .has_rom_version = true, |
907f8499 | 82 | .fw_name = "rtl_bt/rtl8723b_fw.bin", |
1cc194ca | 83 | .cfg_name = "rtl_bt/rtl8723b_config" }, |
907f8499 AL |
84 | |
85 | /* 8723D */ | |
6f9ff246 | 86 | { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), |
907f8499 | 87 | .config_needed = true, |
26503ad2 | 88 | .has_rom_version = true, |
907f8499 | 89 | .fw_name = "rtl_bt/rtl8723d_fw.bin", |
1cc194ca | 90 | .cfg_name = "rtl_bt/rtl8723d_config" }, |
907f8499 | 91 | |
c50903e3 | 92 | /* 8723DS */ |
6f9ff246 | 93 | { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), |
c50903e3 MB |
94 | .config_needed = true, |
95 | .has_rom_version = true, | |
96 | .fw_name = "rtl_bt/rtl8723ds_fw.bin", | |
1cc194ca | 97 | .cfg_name = "rtl_bt/rtl8723ds_config" }, |
c50903e3 | 98 | |
907f8499 | 99 | /* 8821A */ |
6f9ff246 | 100 | { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), |
907f8499 | 101 | .config_needed = false, |
26503ad2 | 102 | .has_rom_version = true, |
907f8499 | 103 | .fw_name = "rtl_bt/rtl8821a_fw.bin", |
1cc194ca | 104 | .cfg_name = "rtl_bt/rtl8821a_config" }, |
907f8499 AL |
105 | |
106 | /* 8821C */ | |
6f9ff246 | 107 | { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), |
907f8499 | 108 | .config_needed = false, |
26503ad2 | 109 | .has_rom_version = true, |
907f8499 | 110 | .fw_name = "rtl_bt/rtl8821c_fw.bin", |
1cc194ca | 111 | .cfg_name = "rtl_bt/rtl8821c_config" }, |
907f8499 AL |
112 | |
113 | /* 8761A */ | |
6f9ff246 | 114 | { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), |
907f8499 | 115 | .config_needed = false, |
26503ad2 | 116 | .has_rom_version = true, |
907f8499 | 117 | .fw_name = "rtl_bt/rtl8761a_fw.bin", |
1cc194ca | 118 | .cfg_name = "rtl_bt/rtl8761a_config" }, |
907f8499 | 119 | |
04896832 | 120 | /* 8761B */ |
6f9ff246 | 121 | { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), |
04896832 ZSZ |
122 | .config_needed = false, |
123 | .has_rom_version = true, | |
124 | .fw_name = "rtl_bt/rtl8761b_fw.bin", | |
125 | .cfg_name = "rtl_bt/rtl8761b_config" }, | |
126 | ||
848fc616 | 127 | /* 8822C with UART interface */ |
6f9ff246 | 128 | { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), |
848fc616 MC |
129 | .config_needed = true, |
130 | .has_rom_version = true, | |
131 | .fw_name = "rtl_bt/rtl8822cs_fw.bin", | |
132 | .cfg_name = "rtl_bt/rtl8822cs_config" }, | |
133 | ||
8ecfdc95 | 134 | /* 8822C with USB interface */ |
6f9ff246 | 135 | { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), |
8ecfdc95 AL |
136 | .config_needed = false, |
137 | .has_rom_version = true, | |
138 | .fw_name = "rtl_bt/rtl8822cu_fw.bin", | |
139 | .cfg_name = "rtl_bt/rtl8822cu_config" }, | |
140 | ||
907f8499 | 141 | /* 8822B */ |
6f9ff246 | 142 | { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), |
907f8499 | 143 | .config_needed = true, |
26503ad2 | 144 | .has_rom_version = true, |
907f8499 | 145 | .fw_name = "rtl_bt/rtl8822b_fw.bin", |
1cc194ca | 146 | .cfg_name = "rtl_bt/rtl8822b_config" }, |
0d484db6 MC |
147 | |
148 | /* 8852A */ | |
149 | { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), | |
150 | .config_needed = false, | |
151 | .has_rom_version = true, | |
152 | .fw_name = "rtl_bt/rtl8852au_fw.bin", | |
153 | .cfg_name = "rtl_bt/rtl8852au_config" }, | |
907f8499 AL |
154 | }; |
155 | ||
c50903e3 MB |
156 | static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, |
157 | u8 hci_ver, u8 hci_bus) | |
26503ad2 MB |
158 | { |
159 | int i; | |
160 | ||
161 | for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { | |
162 | if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && | |
163 | (ic_id_table[i].lmp_subver != lmp_subver)) | |
164 | continue; | |
165 | if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && | |
166 | (ic_id_table[i].hci_rev != hci_rev)) | |
167 | continue; | |
c50903e3 MB |
168 | if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && |
169 | (ic_id_table[i].hci_ver != hci_ver)) | |
170 | continue; | |
171 | if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && | |
172 | (ic_id_table[i].hci_bus != hci_bus)) | |
173 | continue; | |
26503ad2 MB |
174 | |
175 | break; | |
176 | } | |
177 | if (i >= ARRAY_SIZE(ic_id_table)) | |
178 | return NULL; | |
179 | ||
180 | return &ic_id_table[i]; | |
181 | } | |
182 | ||
240b64a8 AL |
183 | static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) |
184 | { | |
185 | struct sk_buff *skb; | |
186 | ||
187 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, | |
188 | HCI_INIT_TIMEOUT); | |
189 | if (IS_ERR(skb)) { | |
190 | rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", | |
191 | PTR_ERR(skb)); | |
192 | return skb; | |
193 | } | |
194 | ||
195 | if (skb->len != sizeof(struct hci_rp_read_local_version)) { | |
196 | rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); | |
197 | kfree_skb(skb); | |
198 | return ERR_PTR(-EIO); | |
199 | } | |
200 | ||
201 | return skb; | |
202 | } | |
203 | ||
db33c77d CC |
204 | static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) |
205 | { | |
206 | struct rtl_rom_version_evt *rom_version; | |
207 | struct sk_buff *skb; | |
208 | ||
209 | /* Read RTL ROM version command */ | |
210 | skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); | |
211 | if (IS_ERR(skb)) { | |
f1300c03 | 212 | rtl_dev_err(hdev, "Read ROM version failed (%ld)", |
a5c76e67 | 213 | PTR_ERR(skb)); |
db33c77d CC |
214 | return PTR_ERR(skb); |
215 | } | |
216 | ||
217 | if (skb->len != sizeof(*rom_version)) { | |
f1300c03 | 218 | rtl_dev_err(hdev, "version event length mismatch"); |
db33c77d CC |
219 | kfree_skb(skb); |
220 | return -EIO; | |
221 | } | |
222 | ||
223 | rom_version = (struct rtl_rom_version_evt *)skb->data; | |
f1300c03 | 224 | rtl_dev_info(hdev, "rom_version status=%x version=%x", |
a5c76e67 | 225 | rom_version->status, rom_version->version); |
db33c77d CC |
226 | |
227 | *version = rom_version->version; | |
228 | ||
229 | kfree_skb(skb); | |
230 | return 0; | |
231 | } | |
232 | ||
26503ad2 MB |
233 | static int rtlbt_parse_firmware(struct hci_dev *hdev, |
234 | struct btrtl_device_info *btrtl_dev, | |
907f8499 | 235 | unsigned char **_buf) |
db33c77d | 236 | { |
e5070e07 | 237 | static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; |
db33c77d CC |
238 | struct rtl_epatch_header *epatch_info; |
239 | unsigned char *buf; | |
26503ad2 | 240 | int i, len; |
db33c77d | 241 | size_t min_size; |
26503ad2 | 242 | u8 opcode, length, data; |
db33c77d CC |
243 | int project_id = -1; |
244 | const unsigned char *fwptr, *chip_id_base; | |
245 | const unsigned char *patch_length_base, *patch_offset_base; | |
246 | u32 patch_offset = 0; | |
247 | u16 patch_length, num_patches; | |
1110a2db LF |
248 | static const struct { |
249 | __u16 lmp_subver; | |
250 | __u8 id; | |
251 | } project_id_to_lmp_subver[] = { | |
252 | { RTL_ROM_LMP_8723A, 0 }, | |
253 | { RTL_ROM_LMP_8723B, 1 }, | |
254 | { RTL_ROM_LMP_8821A, 2 }, | |
255 | { RTL_ROM_LMP_8761A, 3 }, | |
256 | { RTL_ROM_LMP_8822B, 8 }, | |
907f8499 AL |
257 | { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ |
258 | { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ | |
8ecfdc95 | 259 | { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ |
04896832 | 260 | { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ |
0d484db6 | 261 | { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ |
db33c77d CC |
262 | }; |
263 | ||
db33c77d | 264 | min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; |
26503ad2 | 265 | if (btrtl_dev->fw_len < min_size) |
db33c77d CC |
266 | return -EINVAL; |
267 | ||
26503ad2 | 268 | fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); |
db33c77d | 269 | if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { |
f1300c03 | 270 | rtl_dev_err(hdev, "extension section signature mismatch"); |
db33c77d CC |
271 | return -EINVAL; |
272 | } | |
273 | ||
274 | /* Loop from the end of the firmware parsing instructions, until | |
275 | * we find an instruction that identifies the "project ID" for the | |
276 | * hardware supported by this firwmare file. | |
277 | * Once we have that, we double-check that that project_id is suitable | |
278 | * for the hardware we are working with. | |
279 | */ | |
26503ad2 | 280 | while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { |
db33c77d CC |
281 | opcode = *--fwptr; |
282 | length = *--fwptr; | |
283 | data = *--fwptr; | |
284 | ||
285 | BT_DBG("check op=%x len=%x data=%x", opcode, length, data); | |
286 | ||
287 | if (opcode == 0xff) /* EOF */ | |
288 | break; | |
289 | ||
290 | if (length == 0) { | |
f1300c03 | 291 | rtl_dev_err(hdev, "found instruction with length 0"); |
db33c77d CC |
292 | return -EINVAL; |
293 | } | |
294 | ||
295 | if (opcode == 0 && length == 1) { | |
296 | project_id = data; | |
297 | break; | |
298 | } | |
299 | ||
300 | fwptr -= length; | |
301 | } | |
302 | ||
303 | if (project_id < 0) { | |
f1300c03 | 304 | rtl_dev_err(hdev, "failed to find version instruction"); |
db33c77d CC |
305 | return -EINVAL; |
306 | } | |
307 | ||
1110a2db LF |
308 | /* Find project_id in table */ |
309 | for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { | |
310 | if (project_id == project_id_to_lmp_subver[i].id) | |
311 | break; | |
312 | } | |
313 | ||
314 | if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { | |
f1300c03 | 315 | rtl_dev_err(hdev, "unknown project id %d", project_id); |
db33c77d CC |
316 | return -EINVAL; |
317 | } | |
318 | ||
26503ad2 MB |
319 | if (btrtl_dev->ic_info->lmp_subver != |
320 | project_id_to_lmp_subver[i].lmp_subver) { | |
f1300c03 | 321 | rtl_dev_err(hdev, "firmware is for %x but this is a %x", |
a5c76e67 HG |
322 | project_id_to_lmp_subver[i].lmp_subver, |
323 | btrtl_dev->ic_info->lmp_subver); | |
db33c77d CC |
324 | return -EINVAL; |
325 | } | |
326 | ||
26503ad2 | 327 | epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; |
db33c77d | 328 | if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) { |
f1300c03 | 329 | rtl_dev_err(hdev, "bad EPATCH signature"); |
db33c77d CC |
330 | return -EINVAL; |
331 | } | |
332 | ||
333 | num_patches = le16_to_cpu(epatch_info->num_patches); | |
334 | BT_DBG("fw_version=%x, num_patches=%d", | |
335 | le32_to_cpu(epatch_info->fw_version), num_patches); | |
336 | ||
337 | /* After the rtl_epatch_header there is a funky patch metadata section. | |
338 | * Assuming 2 patches, the layout is: | |
339 | * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 | |
340 | * | |
341 | * Find the right patch for this chip. | |
342 | */ | |
343 | min_size += 8 * num_patches; | |
26503ad2 | 344 | if (btrtl_dev->fw_len < min_size) |
db33c77d CC |
345 | return -EINVAL; |
346 | ||
26503ad2 | 347 | chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); |
db33c77d CC |
348 | patch_length_base = chip_id_base + (sizeof(u16) * num_patches); |
349 | patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); | |
350 | for (i = 0; i < num_patches; i++) { | |
351 | u16 chip_id = get_unaligned_le16(chip_id_base + | |
352 | (i * sizeof(u16))); | |
26503ad2 | 353 | if (chip_id == btrtl_dev->rom_version + 1) { |
db33c77d CC |
354 | patch_length = get_unaligned_le16(patch_length_base + |
355 | (i * sizeof(u16))); | |
356 | patch_offset = get_unaligned_le32(patch_offset_base + | |
357 | (i * sizeof(u32))); | |
358 | break; | |
359 | } | |
360 | } | |
361 | ||
362 | if (!patch_offset) { | |
a5c76e67 HG |
363 | rtl_dev_err(hdev, "didn't find patch for chip id %d", |
364 | btrtl_dev->rom_version); | |
db33c77d CC |
365 | return -EINVAL; |
366 | } | |
367 | ||
368 | BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); | |
369 | min_size = patch_offset + patch_length; | |
26503ad2 | 370 | if (btrtl_dev->fw_len < min_size) |
db33c77d CC |
371 | return -EINVAL; |
372 | ||
373 | /* Copy the firmware into a new buffer and write the version at | |
374 | * the end. | |
375 | */ | |
376 | len = patch_length; | |
268d3636 | 377 | buf = kvmalloc(patch_length, GFP_KERNEL); |
db33c77d CC |
378 | if (!buf) |
379 | return -ENOMEM; | |
380 | ||
268d3636 | 381 | memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); |
db33c77d CC |
382 | memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); |
383 | ||
384 | *_buf = buf; | |
385 | return len; | |
386 | } | |
387 | ||
388 | static int rtl_download_firmware(struct hci_dev *hdev, | |
389 | const unsigned char *data, int fw_len) | |
390 | { | |
391 | struct rtl_download_cmd *dl_cmd; | |
392 | int frag_num = fw_len / RTL_FRAG_LEN + 1; | |
393 | int frag_len = RTL_FRAG_LEN; | |
394 | int ret = 0; | |
395 | int i; | |
240b64a8 AL |
396 | struct sk_buff *skb; |
397 | struct hci_rp_read_local_version *rp; | |
db33c77d CC |
398 | |
399 | dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL); | |
400 | if (!dl_cmd) | |
401 | return -ENOMEM; | |
402 | ||
403 | for (i = 0; i < frag_num; i++) { | |
404 | struct sk_buff *skb; | |
405 | ||
406 | BT_DBG("download fw (%d/%d)", i, frag_num); | |
407 | ||
cf0d9a70 MC |
408 | if (i > 0x7f) |
409 | dl_cmd->index = (i & 0x7f) + 1; | |
410 | else | |
411 | dl_cmd->index = i; | |
412 | ||
db33c77d CC |
413 | if (i == (frag_num - 1)) { |
414 | dl_cmd->index |= 0x80; /* data end */ | |
415 | frag_len = fw_len % RTL_FRAG_LEN; | |
416 | } | |
417 | memcpy(dl_cmd->data, data, frag_len); | |
418 | ||
419 | /* Send download command */ | |
420 | skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, | |
421 | HCI_INIT_TIMEOUT); | |
422 | if (IS_ERR(skb)) { | |
f1300c03 | 423 | rtl_dev_err(hdev, "download fw command failed (%ld)", |
a5c76e67 | 424 | PTR_ERR(skb)); |
d171dfb6 | 425 | ret = PTR_ERR(skb); |
db33c77d CC |
426 | goto out; |
427 | } | |
428 | ||
429 | if (skb->len != sizeof(struct rtl_download_response)) { | |
f1300c03 | 430 | rtl_dev_err(hdev, "download fw event length mismatch"); |
db33c77d CC |
431 | kfree_skb(skb); |
432 | ret = -EIO; | |
433 | goto out; | |
434 | } | |
435 | ||
436 | kfree_skb(skb); | |
437 | data += RTL_FRAG_LEN; | |
438 | } | |
439 | ||
240b64a8 AL |
440 | skb = btrtl_read_local_version(hdev); |
441 | if (IS_ERR(skb)) { | |
442 | ret = PTR_ERR(skb); | |
443 | rtl_dev_err(hdev, "read local version failed"); | |
444 | goto out; | |
445 | } | |
446 | ||
447 | rp = (struct hci_rp_read_local_version *)skb->data; | |
448 | rtl_dev_info(hdev, "fw version 0x%04x%04x", | |
449 | __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); | |
450 | kfree_skb(skb); | |
451 | ||
db33c77d CC |
452 | out: |
453 | kfree(dl_cmd); | |
454 | return ret; | |
455 | } | |
456 | ||
26503ad2 | 457 | static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) |
1110a2db LF |
458 | { |
459 | const struct firmware *fw; | |
460 | int ret; | |
461 | ||
f1300c03 | 462 | rtl_dev_info(hdev, "loading %s", name); |
1110a2db | 463 | ret = request_firmware(&fw, name, &hdev->dev); |
abed84a0 | 464 | if (ret < 0) |
1110a2db | 465 | return ret; |
1110a2db | 466 | ret = fw->size; |
268d3636 MM |
467 | *buff = kvmalloc(fw->size, GFP_KERNEL); |
468 | if (*buff) | |
469 | memcpy(*buff, fw->data, ret); | |
470 | else | |
c3327bde | 471 | ret = -ENOMEM; |
1110a2db LF |
472 | |
473 | release_firmware(fw); | |
474 | ||
475 | return ret; | |
476 | } | |
477 | ||
26503ad2 MB |
478 | static int btrtl_setup_rtl8723a(struct hci_dev *hdev, |
479 | struct btrtl_device_info *btrtl_dev) | |
db33c77d | 480 | { |
26503ad2 MB |
481 | if (btrtl_dev->fw_len < 8) |
482 | return -EINVAL; | |
db33c77d CC |
483 | |
484 | /* Check that the firmware doesn't have the epatch signature | |
485 | * (which is only for RTL8723B and newer). | |
486 | */ | |
26503ad2 | 487 | if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { |
f1300c03 | 488 | rtl_dev_err(hdev, "unexpected EPATCH signature!"); |
26503ad2 | 489 | return -EINVAL; |
db33c77d CC |
490 | } |
491 | ||
26503ad2 MB |
492 | return rtl_download_firmware(hdev, btrtl_dev->fw_data, |
493 | btrtl_dev->fw_len); | |
db33c77d CC |
494 | } |
495 | ||
26503ad2 MB |
496 | static int btrtl_setup_rtl8723b(struct hci_dev *hdev, |
497 | struct btrtl_device_info *btrtl_dev) | |
db33c77d CC |
498 | { |
499 | unsigned char *fw_data = NULL; | |
db33c77d | 500 | int ret; |
1110a2db | 501 | u8 *tbuff; |
db33c77d | 502 | |
26503ad2 | 503 | ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); |
db33c77d CC |
504 | if (ret < 0) |
505 | goto out; | |
506 | ||
26503ad2 | 507 | if (btrtl_dev->cfg_len > 0) { |
268d3636 | 508 | tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); |
1110a2db LF |
509 | if (!tbuff) { |
510 | ret = -ENOMEM; | |
511 | goto out; | |
512 | } | |
513 | ||
514 | memcpy(tbuff, fw_data, ret); | |
268d3636 | 515 | kvfree(fw_data); |
1110a2db | 516 | |
26503ad2 MB |
517 | memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); |
518 | ret += btrtl_dev->cfg_len; | |
1110a2db LF |
519 | |
520 | fw_data = tbuff; | |
521 | } | |
522 | ||
f1300c03 | 523 | rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); |
1110a2db | 524 | |
db33c77d | 525 | ret = rtl_download_firmware(hdev, fw_data, ret); |
db33c77d CC |
526 | |
527 | out: | |
268d3636 | 528 | kvfree(fw_data); |
db33c77d CC |
529 | return ret; |
530 | } | |
531 | ||
26503ad2 MB |
532 | void btrtl_free(struct btrtl_device_info *btrtl_dev) |
533 | { | |
268d3636 MM |
534 | kvfree(btrtl_dev->fw_data); |
535 | kvfree(btrtl_dev->cfg_data); | |
26503ad2 MB |
536 | kfree(btrtl_dev); |
537 | } | |
538 | EXPORT_SYMBOL_GPL(btrtl_free); | |
539 | ||
1cc194ca HG |
540 | struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, |
541 | const char *postfix) | |
db33c77d | 542 | { |
26503ad2 | 543 | struct btrtl_device_info *btrtl_dev; |
db33c77d CC |
544 | struct sk_buff *skb; |
545 | struct hci_rp_read_local_version *resp; | |
1cc194ca | 546 | char cfg_name[40]; |
907f8499 | 547 | u16 hci_rev, lmp_subver; |
c50903e3 | 548 | u8 hci_ver; |
26503ad2 | 549 | int ret; |
1996d9ca KHF |
550 | u16 opcode; |
551 | u8 cmd[2]; | |
26503ad2 MB |
552 | |
553 | btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); | |
554 | if (!btrtl_dev) { | |
555 | ret = -ENOMEM; | |
556 | goto err_alloc; | |
557 | } | |
db33c77d CC |
558 | |
559 | skb = btrtl_read_local_version(hdev); | |
26503ad2 MB |
560 | if (IS_ERR(skb)) { |
561 | ret = PTR_ERR(skb); | |
562 | goto err_free; | |
563 | } | |
db33c77d CC |
564 | |
565 | resp = (struct hci_rp_read_local_version *)skb->data; | |
f1300c03 | 566 | rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", |
a5c76e67 HG |
567 | resp->hci_ver, resp->hci_rev, |
568 | resp->lmp_ver, resp->lmp_subver); | |
db33c77d | 569 | |
c50903e3 | 570 | hci_ver = resp->hci_ver; |
907f8499 | 571 | hci_rev = le16_to_cpu(resp->hci_rev); |
db33c77d | 572 | lmp_subver = le16_to_cpu(resp->lmp_subver); |
1996d9ca KHF |
573 | |
574 | if (resp->hci_ver == 0x8 && le16_to_cpu(resp->hci_rev) == 0x826c && | |
575 | resp->lmp_ver == 0x8 && le16_to_cpu(resp->lmp_subver) == 0xa99e) | |
576 | btrtl_dev->drop_fw = true; | |
577 | ||
578 | if (btrtl_dev->drop_fw) { | |
579 | opcode = hci_opcode_pack(0x3f, 0x66); | |
580 | cmd[0] = opcode & 0xff; | |
581 | cmd[1] = opcode >> 8; | |
582 | ||
583 | skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); | |
f5e8e215 | 584 | if (!skb) |
1996d9ca KHF |
585 | goto out_free; |
586 | ||
587 | skb_put_data(skb, cmd, sizeof(cmd)); | |
588 | hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; | |
589 | ||
590 | hdev->send(hdev, skb); | |
591 | ||
592 | /* Ensure the above vendor command is sent to controller and | |
593 | * process has done. | |
594 | */ | |
595 | msleep(200); | |
596 | ||
597 | /* Read the local version again. Expect to have the vanilla | |
598 | * version as cold boot. | |
599 | */ | |
600 | skb = btrtl_read_local_version(hdev); | |
601 | if (IS_ERR(skb)) { | |
602 | ret = PTR_ERR(skb); | |
603 | goto err_free; | |
604 | } | |
605 | ||
606 | resp = (struct hci_rp_read_local_version *)skb->data; | |
607 | rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", | |
608 | resp->hci_ver, resp->hci_rev, | |
609 | resp->lmp_ver, resp->lmp_subver); | |
610 | ||
611 | hci_ver = resp->hci_ver; | |
612 | hci_rev = le16_to_cpu(resp->hci_rev); | |
613 | lmp_subver = le16_to_cpu(resp->lmp_subver); | |
614 | } | |
615 | out_free: | |
db33c77d CC |
616 | kfree_skb(skb); |
617 | ||
c50903e3 MB |
618 | btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, |
619 | hdev->bus); | |
620 | ||
26503ad2 | 621 | if (!btrtl_dev->ic_info) { |
d182215d | 622 | rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", |
c50903e3 | 623 | lmp_subver, hci_rev, hci_ver); |
00df214b | 624 | return btrtl_dev; |
26503ad2 MB |
625 | } |
626 | ||
627 | if (btrtl_dev->ic_info->has_rom_version) { | |
628 | ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); | |
629 | if (ret) | |
630 | goto err_free; | |
631 | } | |
632 | ||
633 | btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name, | |
634 | &btrtl_dev->fw_data); | |
635 | if (btrtl_dev->fw_len < 0) { | |
f1300c03 | 636 | rtl_dev_err(hdev, "firmware file %s not found", |
26503ad2 MB |
637 | btrtl_dev->ic_info->fw_name); |
638 | ret = btrtl_dev->fw_len; | |
639 | goto err_free; | |
640 | } | |
641 | ||
642 | if (btrtl_dev->ic_info->cfg_name) { | |
1cc194ca HG |
643 | if (postfix) { |
644 | snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", | |
645 | btrtl_dev->ic_info->cfg_name, postfix); | |
646 | } else { | |
647 | snprintf(cfg_name, sizeof(cfg_name), "%s.bin", | |
648 | btrtl_dev->ic_info->cfg_name); | |
649 | } | |
650 | btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, | |
26503ad2 MB |
651 | &btrtl_dev->cfg_data); |
652 | if (btrtl_dev->ic_info->config_needed && | |
653 | btrtl_dev->cfg_len <= 0) { | |
f1300c03 | 654 | rtl_dev_err(hdev, "mandatory config file %s not found", |
26503ad2 MB |
655 | btrtl_dev->ic_info->cfg_name); |
656 | ret = btrtl_dev->cfg_len; | |
657 | goto err_free; | |
658 | } | |
659 | } | |
660 | ||
661 | return btrtl_dev; | |
662 | ||
663 | err_free: | |
664 | btrtl_free(btrtl_dev); | |
665 | err_alloc: | |
666 | return ERR_PTR(ret); | |
667 | } | |
668 | EXPORT_SYMBOL_GPL(btrtl_initialize); | |
669 | ||
670 | int btrtl_download_firmware(struct hci_dev *hdev, | |
671 | struct btrtl_device_info *btrtl_dev) | |
672 | { | |
db33c77d CC |
673 | /* Match a set of subver values that correspond to stock firmware, |
674 | * which is not compatible with standard btusb. | |
675 | * If matched, upload an alternative firmware that does conform to | |
676 | * standard btusb. Once that firmware is uploaded, the subver changes | |
677 | * to a different value. | |
678 | */ | |
00df214b | 679 | if (!btrtl_dev->ic_info) { |
f1300c03 | 680 | rtl_dev_info(hdev, "assuming no firmware upload needed"); |
00df214b KHF |
681 | return 0; |
682 | } | |
683 | ||
26503ad2 | 684 | switch (btrtl_dev->ic_info->lmp_subver) { |
db33c77d | 685 | case RTL_ROM_LMP_8723A: |
26503ad2 | 686 | return btrtl_setup_rtl8723a(hdev, btrtl_dev); |
db33c77d | 687 | case RTL_ROM_LMP_8723B: |
db33c77d | 688 | case RTL_ROM_LMP_8821A: |
db33c77d | 689 | case RTL_ROM_LMP_8761A: |
1110a2db | 690 | case RTL_ROM_LMP_8822B: |
0d484db6 | 691 | case RTL_ROM_LMP_8852A: |
26503ad2 | 692 | return btrtl_setup_rtl8723b(hdev, btrtl_dev); |
db33c77d | 693 | default: |
f1300c03 | 694 | rtl_dev_info(hdev, "assuming no firmware upload needed"); |
db33c77d CC |
695 | return 0; |
696 | } | |
697 | } | |
26503ad2 MB |
698 | EXPORT_SYMBOL_GPL(btrtl_download_firmware); |
699 | ||
700 | int btrtl_setup_realtek(struct hci_dev *hdev) | |
701 | { | |
702 | struct btrtl_device_info *btrtl_dev; | |
703 | int ret; | |
704 | ||
1cc194ca | 705 | btrtl_dev = btrtl_initialize(hdev, NULL); |
26503ad2 MB |
706 | if (IS_ERR(btrtl_dev)) |
707 | return PTR_ERR(btrtl_dev); | |
708 | ||
709 | ret = btrtl_download_firmware(hdev, btrtl_dev); | |
710 | ||
711 | btrtl_free(btrtl_dev); | |
712 | ||
65251e2e AL |
713 | /* Enable controller to do both LE scan and BR/EDR inquiry |
714 | * simultaneously. | |
715 | */ | |
716 | set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
717 | ||
26503ad2 MB |
718 | return ret; |
719 | } | |
db33c77d CC |
720 | EXPORT_SYMBOL_GPL(btrtl_setup_realtek); |
721 | ||
7af3f558 JHP |
722 | int btrtl_shutdown_realtek(struct hci_dev *hdev) |
723 | { | |
724 | struct sk_buff *skb; | |
725 | int ret; | |
726 | ||
727 | /* According to the vendor driver, BT must be reset on close to avoid | |
728 | * firmware crash. | |
729 | */ | |
730 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
731 | if (IS_ERR(skb)) { | |
732 | ret = PTR_ERR(skb); | |
733 | bt_dev_err(hdev, "HCI reset during shutdown failed"); | |
734 | return ret; | |
735 | } | |
736 | kfree_skb(skb); | |
737 | ||
738 | return 0; | |
739 | } | |
740 | EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); | |
741 | ||
b85b0ee1 MB |
742 | static unsigned int btrtl_convert_baudrate(u32 device_baudrate) |
743 | { | |
744 | switch (device_baudrate) { | |
745 | case 0x0252a00a: | |
746 | return 230400; | |
747 | ||
748 | case 0x05f75004: | |
749 | return 921600; | |
750 | ||
751 | case 0x00005004: | |
752 | return 1000000; | |
753 | ||
754 | case 0x04928002: | |
755 | case 0x01128002: | |
756 | return 1500000; | |
757 | ||
758 | case 0x00005002: | |
759 | return 2000000; | |
760 | ||
761 | case 0x0000b001: | |
762 | return 2500000; | |
763 | ||
764 | case 0x04928001: | |
765 | return 3000000; | |
766 | ||
767 | case 0x052a6001: | |
768 | return 3500000; | |
769 | ||
770 | case 0x00005001: | |
771 | return 4000000; | |
772 | ||
773 | case 0x0252c014: | |
774 | default: | |
775 | return 115200; | |
776 | } | |
777 | } | |
778 | ||
779 | int btrtl_get_uart_settings(struct hci_dev *hdev, | |
780 | struct btrtl_device_info *btrtl_dev, | |
781 | unsigned int *controller_baudrate, | |
782 | u32 *device_baudrate, bool *flow_control) | |
783 | { | |
784 | struct rtl_vendor_config *config; | |
785 | struct rtl_vendor_config_entry *entry; | |
786 | int i, total_data_len; | |
787 | bool found = false; | |
788 | ||
789 | total_data_len = btrtl_dev->cfg_len - sizeof(*config); | |
790 | if (total_data_len <= 0) { | |
f1300c03 | 791 | rtl_dev_warn(hdev, "no config loaded"); |
b85b0ee1 MB |
792 | return -EINVAL; |
793 | } | |
794 | ||
795 | config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; | |
796 | if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { | |
f1300c03 | 797 | rtl_dev_err(hdev, "invalid config magic"); |
b85b0ee1 MB |
798 | return -EINVAL; |
799 | } | |
800 | ||
801 | if (total_data_len < le16_to_cpu(config->total_len)) { | |
f1300c03 | 802 | rtl_dev_err(hdev, "config is too short"); |
b85b0ee1 MB |
803 | return -EINVAL; |
804 | } | |
805 | ||
806 | for (i = 0; i < total_data_len; ) { | |
807 | entry = ((void *)config->entry) + i; | |
808 | ||
809 | switch (le16_to_cpu(entry->offset)) { | |
810 | case 0xc: | |
811 | if (entry->len < sizeof(*device_baudrate)) { | |
f1300c03 | 812 | rtl_dev_err(hdev, "invalid UART config entry"); |
b85b0ee1 MB |
813 | return -EINVAL; |
814 | } | |
815 | ||
816 | *device_baudrate = get_unaligned_le32(entry->data); | |
817 | *controller_baudrate = btrtl_convert_baudrate( | |
818 | *device_baudrate); | |
819 | ||
820 | if (entry->len >= 13) | |
821 | *flow_control = !!(entry->data[12] & BIT(2)); | |
822 | else | |
823 | *flow_control = false; | |
824 | ||
825 | found = true; | |
826 | break; | |
827 | ||
828 | default: | |
f1300c03 | 829 | rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", |
b85b0ee1 MB |
830 | le16_to_cpu(entry->offset), entry->len); |
831 | break; | |
515d6798 | 832 | } |
b85b0ee1 MB |
833 | |
834 | i += sizeof(*entry) + entry->len; | |
835 | } | |
836 | ||
837 | if (!found) { | |
f1300c03 | 838 | rtl_dev_err(hdev, "no UART config entry found"); |
b85b0ee1 MB |
839 | return -ENOENT; |
840 | } | |
841 | ||
f1300c03 AL |
842 | rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); |
843 | rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); | |
844 | rtl_dev_dbg(hdev, "flow control %d", *flow_control); | |
b85b0ee1 MB |
845 | |
846 | return 0; | |
847 | } | |
848 | EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); | |
849 | ||
db33c77d CC |
850 | MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); |
851 | MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); | |
852 | MODULE_VERSION(VERSION); | |
853 | MODULE_LICENSE("GPL"); | |
f96dbd32 MB |
854 | MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); |
855 | MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); | |
856 | MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); | |
c50903e3 MB |
857 | MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); |
858 | MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); | |
859 | MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); | |
860 | MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); | |
f96dbd32 MB |
861 | MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); |
862 | MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); | |
863 | MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); | |
864 | MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); | |
865 | MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); | |
866 | MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); | |
0d484db6 MC |
867 | MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); |
868 | MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); |