btrtl.c (24764B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Bluetooth support for Realtek devices 4 * 5 * Copyright (C) 2015 Endless Mobile, Inc. 6 */ 7 8#include <linux/module.h> 9#include <linux/firmware.h> 10#include <asm/unaligned.h> 11#include <linux/usb.h> 12 13#include <net/bluetooth/bluetooth.h> 14#include <net/bluetooth/hci_core.h> 15 16#include "btrtl.h" 17 18#define VERSION "0.1" 19 20#define RTL_EPATCH_SIGNATURE "Realtech" 21#define RTL_ROM_LMP_8723A 0x1200 22#define RTL_ROM_LMP_8723B 0x8723 23#define RTL_ROM_LMP_8821A 0x8821 24#define RTL_ROM_LMP_8761A 0x8761 25#define RTL_ROM_LMP_8822B 0x8822 26#define RTL_ROM_LMP_8852A 0x8852 27#define RTL_CONFIG_MAGIC 0x8723ab55 28 29#define IC_MATCH_FL_LMPSUBV (1 << 0) 30#define IC_MATCH_FL_HCIREV (1 << 1) 31#define IC_MATCH_FL_HCIVER (1 << 2) 32#define IC_MATCH_FL_HCIBUS (1 << 3) 33#define IC_INFO(lmps, hcir, hciv, bus) \ 34 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \ 35 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \ 36 .lmp_subver = (lmps), \ 37 .hci_rev = (hcir), \ 38 .hci_ver = (hciv), \ 39 .hci_bus = (bus) 40 41enum btrtl_chip_id { 42 CHIP_ID_8723A, 43 CHIP_ID_8723B, 44 CHIP_ID_8821A, 45 CHIP_ID_8761A, 46 CHIP_ID_8822B = 8, 47 CHIP_ID_8723D, 48 CHIP_ID_8821C, 49 CHIP_ID_8822C = 13, 50 CHIP_ID_8761B, 51 CHIP_ID_8852A = 18, 52 CHIP_ID_8852B = 20, 53 CHIP_ID_8852C = 25, 54}; 55 56struct id_table { 57 __u16 match_flags; 58 __u16 lmp_subver; 59 __u16 hci_rev; 60 __u8 hci_ver; 61 __u8 hci_bus; 62 bool config_needed; 63 bool has_rom_version; 64 bool has_msft_ext; 65 char *fw_name; 66 char *cfg_name; 67}; 68 69struct btrtl_device_info { 70 const struct id_table *ic_info; 71 u8 rom_version; 72 u8 *fw_data; 73 int fw_len; 74 u8 *cfg_data; 75 int cfg_len; 76 bool drop_fw; 77 int project_id; 78}; 79 80static const struct id_table ic_id_table[] = { 81 /* 8723A */ 82 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB), 83 .config_needed = false, 84 .has_rom_version = false, 85 .fw_name = "rtl_bt/rtl8723a_fw.bin", 86 .cfg_name = NULL }, 87 88 /* 8723BS */ 89 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART), 90 .config_needed = true, 91 .has_rom_version = true, 92 .fw_name = "rtl_bt/rtl8723bs_fw.bin", 93 .cfg_name = "rtl_bt/rtl8723bs_config" }, 94 95 /* 8723B */ 96 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB), 97 .config_needed = false, 98 .has_rom_version = true, 99 .fw_name = "rtl_bt/rtl8723b_fw.bin", 100 .cfg_name = "rtl_bt/rtl8723b_config" }, 101 102 /* 8723D */ 103 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB), 104 .config_needed = true, 105 .has_rom_version = true, 106 .fw_name = "rtl_bt/rtl8723d_fw.bin", 107 .cfg_name = "rtl_bt/rtl8723d_config" }, 108 109 /* 8723DS */ 110 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART), 111 .config_needed = true, 112 .has_rom_version = true, 113 .fw_name = "rtl_bt/rtl8723ds_fw.bin", 114 .cfg_name = "rtl_bt/rtl8723ds_config" }, 115 116 /* 8821A */ 117 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB), 118 .config_needed = false, 119 .has_rom_version = true, 120 .fw_name = "rtl_bt/rtl8821a_fw.bin", 121 .cfg_name = "rtl_bt/rtl8821a_config" }, 122 123 /* 8821C */ 124 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB), 125 .config_needed = false, 126 .has_rom_version = true, 127 .has_msft_ext = true, 128 .fw_name = "rtl_bt/rtl8821c_fw.bin", 129 .cfg_name = "rtl_bt/rtl8821c_config" }, 130 131 /* 8761A */ 132 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB), 133 .config_needed = false, 134 .has_rom_version = true, 135 .fw_name = "rtl_bt/rtl8761a_fw.bin", 136 .cfg_name = "rtl_bt/rtl8761a_config" }, 137 138 /* 8761B */ 139 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART), 140 .config_needed = false, 141 .has_rom_version = true, 142 .has_msft_ext = true, 143 .fw_name = "rtl_bt/rtl8761b_fw.bin", 144 .cfg_name = "rtl_bt/rtl8761b_config" }, 145 146 /* 8761BU */ 147 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB), 148 .config_needed = false, 149 .has_rom_version = true, 150 .fw_name = "rtl_bt/rtl8761bu_fw.bin", 151 .cfg_name = "rtl_bt/rtl8761bu_config" }, 152 153 /* 8822C with UART interface */ 154 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 155 .config_needed = true, 156 .has_rom_version = true, 157 .has_msft_ext = true, 158 .fw_name = "rtl_bt/rtl8822cs_fw.bin", 159 .cfg_name = "rtl_bt/rtl8822cs_config" }, 160 161 /* 8822C with UART interface */ 162 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART), 163 .config_needed = true, 164 .has_rom_version = true, 165 .has_msft_ext = true, 166 .fw_name = "rtl_bt/rtl8822cs_fw.bin", 167 .cfg_name = "rtl_bt/rtl8822cs_config" }, 168 169 /* 8822C with USB interface */ 170 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB), 171 .config_needed = false, 172 .has_rom_version = true, 173 .has_msft_ext = true, 174 .fw_name = "rtl_bt/rtl8822cu_fw.bin", 175 .cfg_name = "rtl_bt/rtl8822cu_config" }, 176 177 /* 8822B */ 178 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB), 179 .config_needed = true, 180 .has_rom_version = true, 181 .has_msft_ext = true, 182 .fw_name = "rtl_bt/rtl8822b_fw.bin", 183 .cfg_name = "rtl_bt/rtl8822b_config" }, 184 185 /* 8852A */ 186 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB), 187 .config_needed = false, 188 .has_rom_version = true, 189 .has_msft_ext = true, 190 .fw_name = "rtl_bt/rtl8852au_fw.bin", 191 .cfg_name = "rtl_bt/rtl8852au_config" }, 192 193 /* 8852B */ 194 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB), 195 .config_needed = false, 196 .has_rom_version = true, 197 .has_msft_ext = true, 198 .fw_name = "rtl_bt/rtl8852bu_fw.bin", 199 .cfg_name = "rtl_bt/rtl8852bu_config" }, 200 201 /* 8852C */ 202 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB), 203 .config_needed = false, 204 .has_rom_version = true, 205 .has_msft_ext = true, 206 .fw_name = "rtl_bt/rtl8852cu_fw.bin", 207 .cfg_name = "rtl_bt/rtl8852cu_config" }, 208 }; 209 210static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, 211 u8 hci_ver, u8 hci_bus) 212{ 213 int i; 214 215 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 216 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) && 217 (ic_id_table[i].lmp_subver != lmp_subver)) 218 continue; 219 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) && 220 (ic_id_table[i].hci_rev != hci_rev)) 221 continue; 222 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 223 (ic_id_table[i].hci_ver != hci_ver)) 224 continue; 225 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 226 (ic_id_table[i].hci_bus != hci_bus)) 227 continue; 228 229 break; 230 } 231 if (i >= ARRAY_SIZE(ic_id_table)) 232 return NULL; 233 234 return &ic_id_table[i]; 235} 236 237static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) 238{ 239 struct sk_buff *skb; 240 241 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 242 HCI_INIT_TIMEOUT); 243 if (IS_ERR(skb)) { 244 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)", 245 PTR_ERR(skb)); 246 return skb; 247 } 248 249 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 250 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch"); 251 kfree_skb(skb); 252 return ERR_PTR(-EIO); 253 } 254 255 return skb; 256} 257 258static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 259{ 260 struct rtl_rom_version_evt *rom_version; 261 struct sk_buff *skb; 262 263 /* Read RTL ROM version command */ 264 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 265 if (IS_ERR(skb)) { 266 rtl_dev_err(hdev, "Read ROM version failed (%ld)", 267 PTR_ERR(skb)); 268 return PTR_ERR(skb); 269 } 270 271 if (skb->len != sizeof(*rom_version)) { 272 rtl_dev_err(hdev, "version event length mismatch"); 273 kfree_skb(skb); 274 return -EIO; 275 } 276 277 rom_version = (struct rtl_rom_version_evt *)skb->data; 278 rtl_dev_info(hdev, "rom_version status=%x version=%x", 279 rom_version->status, rom_version->version); 280 281 *version = rom_version->version; 282 283 kfree_skb(skb); 284 return 0; 285} 286 287static int rtlbt_parse_firmware(struct hci_dev *hdev, 288 struct btrtl_device_info *btrtl_dev, 289 unsigned char **_buf) 290{ 291 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 292 struct rtl_epatch_header *epatch_info; 293 unsigned char *buf; 294 int i, len; 295 size_t min_size; 296 u8 opcode, length, data; 297 int project_id = -1; 298 const unsigned char *fwptr, *chip_id_base; 299 const unsigned char *patch_length_base, *patch_offset_base; 300 u32 patch_offset = 0; 301 u16 patch_length, num_patches; 302 static const struct { 303 __u16 lmp_subver; 304 __u8 id; 305 } project_id_to_lmp_subver[] = { 306 { RTL_ROM_LMP_8723A, 0 }, 307 { RTL_ROM_LMP_8723B, 1 }, 308 { RTL_ROM_LMP_8821A, 2 }, 309 { RTL_ROM_LMP_8761A, 3 }, 310 { RTL_ROM_LMP_8822B, 8 }, 311 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ 312 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 313 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ 314 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ 315 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */ 316 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */ 317 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */ 318 }; 319 320 min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; 321 if (btrtl_dev->fw_len < min_size) 322 return -EINVAL; 323 324 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig); 325 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 326 rtl_dev_err(hdev, "extension section signature mismatch"); 327 return -EINVAL; 328 } 329 330 /* Loop from the end of the firmware parsing instructions, until 331 * we find an instruction that identifies the "project ID" for the 332 * hardware supported by this firwmare file. 333 * Once we have that, we double-check that that project_id is suitable 334 * for the hardware we are working with. 335 */ 336 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) { 337 opcode = *--fwptr; 338 length = *--fwptr; 339 data = *--fwptr; 340 341 BT_DBG("check op=%x len=%x data=%x", opcode, length, data); 342 343 if (opcode == 0xff) /* EOF */ 344 break; 345 346 if (length == 0) { 347 rtl_dev_err(hdev, "found instruction with length 0"); 348 return -EINVAL; 349 } 350 351 if (opcode == 0 && length == 1) { 352 project_id = data; 353 break; 354 } 355 356 fwptr -= length; 357 } 358 359 if (project_id < 0) { 360 rtl_dev_err(hdev, "failed to find version instruction"); 361 return -EINVAL; 362 } 363 364 /* Find project_id in table */ 365 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) { 366 if (project_id == project_id_to_lmp_subver[i].id) { 367 btrtl_dev->project_id = project_id; 368 break; 369 } 370 } 371 372 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 373 rtl_dev_err(hdev, "unknown project id %d", project_id); 374 return -EINVAL; 375 } 376 377 if (btrtl_dev->ic_info->lmp_subver != 378 project_id_to_lmp_subver[i].lmp_subver) { 379 rtl_dev_err(hdev, "firmware is for %x but this is a %x", 380 project_id_to_lmp_subver[i].lmp_subver, 381 btrtl_dev->ic_info->lmp_subver); 382 return -EINVAL; 383 } 384 385 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data; 386 if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) { 387 rtl_dev_err(hdev, "bad EPATCH signature"); 388 return -EINVAL; 389 } 390 391 num_patches = le16_to_cpu(epatch_info->num_patches); 392 BT_DBG("fw_version=%x, num_patches=%d", 393 le32_to_cpu(epatch_info->fw_version), num_patches); 394 395 /* After the rtl_epatch_header there is a funky patch metadata section. 396 * Assuming 2 patches, the layout is: 397 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2 398 * 399 * Find the right patch for this chip. 400 */ 401 min_size += 8 * num_patches; 402 if (btrtl_dev->fw_len < min_size) 403 return -EINVAL; 404 405 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header); 406 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 407 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 408 for (i = 0; i < num_patches; i++) { 409 u16 chip_id = get_unaligned_le16(chip_id_base + 410 (i * sizeof(u16))); 411 if (chip_id == btrtl_dev->rom_version + 1) { 412 patch_length = get_unaligned_le16(patch_length_base + 413 (i * sizeof(u16))); 414 patch_offset = get_unaligned_le32(patch_offset_base + 415 (i * sizeof(u32))); 416 break; 417 } 418 } 419 420 if (!patch_offset) { 421 rtl_dev_err(hdev, "didn't find patch for chip id %d", 422 btrtl_dev->rom_version); 423 return -EINVAL; 424 } 425 426 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 427 min_size = patch_offset + patch_length; 428 if (btrtl_dev->fw_len < min_size) 429 return -EINVAL; 430 431 /* Copy the firmware into a new buffer and write the version at 432 * the end. 433 */ 434 len = patch_length; 435 buf = kvmalloc(patch_length, GFP_KERNEL); 436 if (!buf) 437 return -ENOMEM; 438 439 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4); 440 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); 441 442 *_buf = buf; 443 return len; 444} 445 446static int rtl_download_firmware(struct hci_dev *hdev, 447 const unsigned char *data, int fw_len) 448{ 449 struct rtl_download_cmd *dl_cmd; 450 int frag_num = fw_len / RTL_FRAG_LEN + 1; 451 int frag_len = RTL_FRAG_LEN; 452 int ret = 0; 453 int i; 454 struct sk_buff *skb; 455 struct hci_rp_read_local_version *rp; 456 457 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL); 458 if (!dl_cmd) 459 return -ENOMEM; 460 461 for (i = 0; i < frag_num; i++) { 462 struct sk_buff *skb; 463 464 BT_DBG("download fw (%d/%d)", i, frag_num); 465 466 if (i > 0x7f) 467 dl_cmd->index = (i & 0x7f) + 1; 468 else 469 dl_cmd->index = i; 470 471 if (i == (frag_num - 1)) { 472 dl_cmd->index |= 0x80; /* data end */ 473 frag_len = fw_len % RTL_FRAG_LEN; 474 } 475 memcpy(dl_cmd->data, data, frag_len); 476 477 /* Send download command */ 478 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 479 HCI_INIT_TIMEOUT); 480 if (IS_ERR(skb)) { 481 rtl_dev_err(hdev, "download fw command failed (%ld)", 482 PTR_ERR(skb)); 483 ret = PTR_ERR(skb); 484 goto out; 485 } 486 487 if (skb->len != sizeof(struct rtl_download_response)) { 488 rtl_dev_err(hdev, "download fw event length mismatch"); 489 kfree_skb(skb); 490 ret = -EIO; 491 goto out; 492 } 493 494 kfree_skb(skb); 495 data += RTL_FRAG_LEN; 496 } 497 498 skb = btrtl_read_local_version(hdev); 499 if (IS_ERR(skb)) { 500 ret = PTR_ERR(skb); 501 rtl_dev_err(hdev, "read local version failed"); 502 goto out; 503 } 504 505 rp = (struct hci_rp_read_local_version *)skb->data; 506 rtl_dev_info(hdev, "fw version 0x%04x%04x", 507 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver)); 508 kfree_skb(skb); 509 510out: 511 kfree(dl_cmd); 512 return ret; 513} 514 515static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) 516{ 517 const struct firmware *fw; 518 int ret; 519 520 rtl_dev_info(hdev, "loading %s", name); 521 ret = request_firmware(&fw, name, &hdev->dev); 522 if (ret < 0) 523 return ret; 524 ret = fw->size; 525 *buff = kvmalloc(fw->size, GFP_KERNEL); 526 if (*buff) 527 memcpy(*buff, fw->data, ret); 528 else 529 ret = -ENOMEM; 530 531 release_firmware(fw); 532 533 return ret; 534} 535 536static int btrtl_setup_rtl8723a(struct hci_dev *hdev, 537 struct btrtl_device_info *btrtl_dev) 538{ 539 if (btrtl_dev->fw_len < 8) 540 return -EINVAL; 541 542 /* Check that the firmware doesn't have the epatch signature 543 * (which is only for RTL8723B and newer). 544 */ 545 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) { 546 rtl_dev_err(hdev, "unexpected EPATCH signature!"); 547 return -EINVAL; 548 } 549 550 return rtl_download_firmware(hdev, btrtl_dev->fw_data, 551 btrtl_dev->fw_len); 552} 553 554static int btrtl_setup_rtl8723b(struct hci_dev *hdev, 555 struct btrtl_device_info *btrtl_dev) 556{ 557 unsigned char *fw_data = NULL; 558 int ret; 559 u8 *tbuff; 560 561 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data); 562 if (ret < 0) 563 goto out; 564 565 if (btrtl_dev->cfg_len > 0) { 566 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); 567 if (!tbuff) { 568 ret = -ENOMEM; 569 goto out; 570 } 571 572 memcpy(tbuff, fw_data, ret); 573 kvfree(fw_data); 574 575 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); 576 ret += btrtl_dev->cfg_len; 577 578 fw_data = tbuff; 579 } 580 581 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); 582 583 ret = rtl_download_firmware(hdev, fw_data, ret); 584 585out: 586 kvfree(fw_data); 587 return ret; 588} 589 590void btrtl_free(struct btrtl_device_info *btrtl_dev) 591{ 592 kvfree(btrtl_dev->fw_data); 593 kvfree(btrtl_dev->cfg_data); 594 kfree(btrtl_dev); 595} 596EXPORT_SYMBOL_GPL(btrtl_free); 597 598struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, 599 const char *postfix) 600{ 601 struct btrtl_device_info *btrtl_dev; 602 struct sk_buff *skb; 603 struct hci_rp_read_local_version *resp; 604 char cfg_name[40]; 605 u16 hci_rev, lmp_subver; 606 u8 hci_ver; 607 int ret; 608 u16 opcode; 609 u8 cmd[2]; 610 611 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); 612 if (!btrtl_dev) { 613 ret = -ENOMEM; 614 goto err_alloc; 615 } 616 617 skb = btrtl_read_local_version(hdev); 618 if (IS_ERR(skb)) { 619 ret = PTR_ERR(skb); 620 goto err_free; 621 } 622 623 resp = (struct hci_rp_read_local_version *)skb->data; 624 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 625 resp->hci_ver, resp->hci_rev, 626 resp->lmp_ver, resp->lmp_subver); 627 628 hci_ver = resp->hci_ver; 629 hci_rev = le16_to_cpu(resp->hci_rev); 630 lmp_subver = le16_to_cpu(resp->lmp_subver); 631 632 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 633 hdev->bus); 634 635 if (!btrtl_dev->ic_info) 636 btrtl_dev->drop_fw = true; 637 638 if (btrtl_dev->drop_fw) { 639 opcode = hci_opcode_pack(0x3f, 0x66); 640 cmd[0] = opcode & 0xff; 641 cmd[1] = opcode >> 8; 642 643 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 644 if (!skb) 645 goto out_free; 646 647 skb_put_data(skb, cmd, sizeof(cmd)); 648 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 649 650 hdev->send(hdev, skb); 651 652 /* Ensure the above vendor command is sent to controller and 653 * process has done. 654 */ 655 msleep(200); 656 657 /* Read the local version again. Expect to have the vanilla 658 * version as cold boot. 659 */ 660 skb = btrtl_read_local_version(hdev); 661 if (IS_ERR(skb)) { 662 ret = PTR_ERR(skb); 663 goto err_free; 664 } 665 666 resp = (struct hci_rp_read_local_version *)skb->data; 667 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x", 668 resp->hci_ver, resp->hci_rev, 669 resp->lmp_ver, resp->lmp_subver); 670 671 hci_ver = resp->hci_ver; 672 hci_rev = le16_to_cpu(resp->hci_rev); 673 lmp_subver = le16_to_cpu(resp->lmp_subver); 674 675 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver, 676 hdev->bus); 677 } 678out_free: 679 kfree_skb(skb); 680 681 if (!btrtl_dev->ic_info) { 682 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x", 683 lmp_subver, hci_rev, hci_ver); 684 return btrtl_dev; 685 } 686 687 if (btrtl_dev->ic_info->has_rom_version) { 688 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version); 689 if (ret) 690 goto err_free; 691 } 692 693 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name, 694 &btrtl_dev->fw_data); 695 if (btrtl_dev->fw_len < 0) { 696 rtl_dev_err(hdev, "firmware file %s not found", 697 btrtl_dev->ic_info->fw_name); 698 ret = btrtl_dev->fw_len; 699 goto err_free; 700 } 701 702 if (btrtl_dev->ic_info->cfg_name) { 703 if (postfix) { 704 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin", 705 btrtl_dev->ic_info->cfg_name, postfix); 706 } else { 707 snprintf(cfg_name, sizeof(cfg_name), "%s.bin", 708 btrtl_dev->ic_info->cfg_name); 709 } 710 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name, 711 &btrtl_dev->cfg_data); 712 if (btrtl_dev->ic_info->config_needed && 713 btrtl_dev->cfg_len <= 0) { 714 rtl_dev_err(hdev, "mandatory config file %s not found", 715 btrtl_dev->ic_info->cfg_name); 716 ret = btrtl_dev->cfg_len; 717 goto err_free; 718 } 719 } 720 721 /* The following chips supports the Microsoft vendor extension, 722 * therefore set the corresponding VsMsftOpCode. 723 */ 724 if (btrtl_dev->ic_info->has_msft_ext) 725 hci_set_msft_opcode(hdev, 0xFCF0); 726 727 return btrtl_dev; 728 729err_free: 730 btrtl_free(btrtl_dev); 731err_alloc: 732 return ERR_PTR(ret); 733} 734EXPORT_SYMBOL_GPL(btrtl_initialize); 735 736int btrtl_download_firmware(struct hci_dev *hdev, 737 struct btrtl_device_info *btrtl_dev) 738{ 739 /* Match a set of subver values that correspond to stock firmware, 740 * which is not compatible with standard btusb. 741 * If matched, upload an alternative firmware that does conform to 742 * standard btusb. Once that firmware is uploaded, the subver changes 743 * to a different value. 744 */ 745 if (!btrtl_dev->ic_info) { 746 rtl_dev_info(hdev, "assuming no firmware upload needed"); 747 return 0; 748 } 749 750 switch (btrtl_dev->ic_info->lmp_subver) { 751 case RTL_ROM_LMP_8723A: 752 return btrtl_setup_rtl8723a(hdev, btrtl_dev); 753 case RTL_ROM_LMP_8723B: 754 case RTL_ROM_LMP_8821A: 755 case RTL_ROM_LMP_8761A: 756 case RTL_ROM_LMP_8822B: 757 case RTL_ROM_LMP_8852A: 758 return btrtl_setup_rtl8723b(hdev, btrtl_dev); 759 default: 760 rtl_dev_info(hdev, "assuming no firmware upload needed"); 761 return 0; 762 } 763} 764EXPORT_SYMBOL_GPL(btrtl_download_firmware); 765 766void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) 767{ 768 /* Enable controller to do both LE scan and BR/EDR inquiry 769 * simultaneously. 770 */ 771 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 772 773 /* Enable central-peripheral role (able to create new connections with 774 * an existing connection in slave role). 775 */ 776 /* Enable WBS supported for the specific Realtek devices. */ 777 switch (btrtl_dev->project_id) { 778 case CHIP_ID_8822C: 779 case CHIP_ID_8852A: 780 case CHIP_ID_8852B: 781 case CHIP_ID_8852C: 782 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 783 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 784 hci_set_aosp_capable(hdev); 785 break; 786 default: 787 rtl_dev_dbg(hdev, "Central-peripheral role not enabled."); 788 rtl_dev_dbg(hdev, "WBS supported not enabled."); 789 break; 790 } 791} 792EXPORT_SYMBOL_GPL(btrtl_set_quirks); 793 794int btrtl_setup_realtek(struct hci_dev *hdev) 795{ 796 struct btrtl_device_info *btrtl_dev; 797 int ret; 798 799 btrtl_dev = btrtl_initialize(hdev, NULL); 800 if (IS_ERR(btrtl_dev)) 801 return PTR_ERR(btrtl_dev); 802 803 ret = btrtl_download_firmware(hdev, btrtl_dev); 804 805 btrtl_set_quirks(hdev, btrtl_dev); 806 807 btrtl_free(btrtl_dev); 808 return ret; 809} 810EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 811 812int btrtl_shutdown_realtek(struct hci_dev *hdev) 813{ 814 struct sk_buff *skb; 815 int ret; 816 817 /* According to the vendor driver, BT must be reset on close to avoid 818 * firmware crash. 819 */ 820 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 821 if (IS_ERR(skb)) { 822 ret = PTR_ERR(skb); 823 bt_dev_err(hdev, "HCI reset during shutdown failed"); 824 return ret; 825 } 826 kfree_skb(skb); 827 828 return 0; 829} 830EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); 831 832static unsigned int btrtl_convert_baudrate(u32 device_baudrate) 833{ 834 switch (device_baudrate) { 835 case 0x0252a00a: 836 return 230400; 837 838 case 0x05f75004: 839 return 921600; 840 841 case 0x00005004: 842 return 1000000; 843 844 case 0x04928002: 845 case 0x01128002: 846 return 1500000; 847 848 case 0x00005002: 849 return 2000000; 850 851 case 0x0000b001: 852 return 2500000; 853 854 case 0x04928001: 855 return 3000000; 856 857 case 0x052a6001: 858 return 3500000; 859 860 case 0x00005001: 861 return 4000000; 862 863 case 0x0252c014: 864 default: 865 return 115200; 866 } 867} 868 869int btrtl_get_uart_settings(struct hci_dev *hdev, 870 struct btrtl_device_info *btrtl_dev, 871 unsigned int *controller_baudrate, 872 u32 *device_baudrate, bool *flow_control) 873{ 874 struct rtl_vendor_config *config; 875 struct rtl_vendor_config_entry *entry; 876 int i, total_data_len; 877 bool found = false; 878 879 total_data_len = btrtl_dev->cfg_len - sizeof(*config); 880 if (total_data_len <= 0) { 881 rtl_dev_warn(hdev, "no config loaded"); 882 return -EINVAL; 883 } 884 885 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data; 886 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) { 887 rtl_dev_err(hdev, "invalid config magic"); 888 return -EINVAL; 889 } 890 891 if (total_data_len < le16_to_cpu(config->total_len)) { 892 rtl_dev_err(hdev, "config is too short"); 893 return -EINVAL; 894 } 895 896 for (i = 0; i < total_data_len; ) { 897 entry = ((void *)config->entry) + i; 898 899 switch (le16_to_cpu(entry->offset)) { 900 case 0xc: 901 if (entry->len < sizeof(*device_baudrate)) { 902 rtl_dev_err(hdev, "invalid UART config entry"); 903 return -EINVAL; 904 } 905 906 *device_baudrate = get_unaligned_le32(entry->data); 907 *controller_baudrate = btrtl_convert_baudrate( 908 *device_baudrate); 909 910 if (entry->len >= 13) 911 *flow_control = !!(entry->data[12] & BIT(2)); 912 else 913 *flow_control = false; 914 915 found = true; 916 break; 917 918 default: 919 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)", 920 le16_to_cpu(entry->offset), entry->len); 921 break; 922 } 923 924 i += sizeof(*entry) + entry->len; 925 } 926 927 if (!found) { 928 rtl_dev_err(hdev, "no UART config entry found"); 929 return -ENOENT; 930 } 931 932 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate); 933 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate); 934 rtl_dev_dbg(hdev, "flow control %d", *flow_control); 935 936 return 0; 937} 938EXPORT_SYMBOL_GPL(btrtl_get_uart_settings); 939 940MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 941MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 942MODULE_VERSION(VERSION); 943MODULE_LICENSE("GPL"); 944MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin"); 945MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin"); 946MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin"); 947MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin"); 948MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin"); 949MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin"); 950MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin"); 951MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin"); 952MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin"); 953MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 954MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 955MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin"); 956MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin"); 957MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin"); 958MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin"); 959MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin"); 960MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin"); 961MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin"); 962MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");