1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Bluetooth support for Realtek devices
5 * Copyright (C) 2015 Endless Mobile, Inc.
8 #include <linux/module.h>
9 #include <linux/firmware.h>
10 #include <asm/unaligned.h>
11 #include <linux/usb.h>
13 #include <net/bluetooth/bluetooth.h>
14 #include <net/bluetooth/hci_core.h>
20 #define RTL_CHIP_8723CS_CG 3
21 #define RTL_CHIP_8723CS_VF 4
22 #define RTL_CHIP_8723CS_XX 5
23 #define RTL_EPATCH_SIGNATURE "Realtech"
24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore"
25 #define RTL_ROM_LMP_8703B 0x8703
26 #define RTL_ROM_LMP_8723A 0x1200
27 #define RTL_ROM_LMP_8723B 0x8723
28 #define RTL_ROM_LMP_8821A 0x8821
29 #define RTL_ROM_LMP_8761A 0x8761
30 #define RTL_ROM_LMP_8822B 0x8822
31 #define RTL_ROM_LMP_8852A 0x8852
32 #define RTL_ROM_LMP_8851B 0x8851
33 #define RTL_CONFIG_MAGIC 0x8723ab55
35 #define RTL_VSC_OP_COREDUMP 0xfcff
37 #define IC_MATCH_FL_LMPSUBV (1 << 0)
38 #define IC_MATCH_FL_HCIREV (1 << 1)
39 #define IC_MATCH_FL_HCIVER (1 << 2)
40 #define IC_MATCH_FL_HCIBUS (1 << 3)
41 #define IC_MATCH_FL_CHIP_TYPE (1 << 4)
42 #define IC_INFO(lmps, hcir, hciv, bus) \
43 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \
44 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \
45 .lmp_subver = (lmps), \
50 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}})
51 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}})
52 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}})
54 #define RTL_PATCH_SNIPPETS 0x01
55 #define RTL_PATCH_DUMMY_HEADER 0x02
56 #define RTL_PATCH_SECURITY_HEADER 0x03
89 struct btrtl_device_info {
90 const struct id_table *ic_info;
99 struct list_head patch_subsecs;
102 static const struct id_table ic_id_table[] = {
104 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
105 .config_needed = false,
106 .has_rom_version = false,
107 .fw_name = "rtl_bt/rtl8723a_fw.bin",
109 .hw_info = "rtl8723au" },
112 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
113 .config_needed = true,
114 .has_rom_version = true,
115 .fw_name = "rtl_bt/rtl8723bs_fw.bin",
116 .cfg_name = "rtl_bt/rtl8723bs_config",
117 .hw_info = "rtl8723bs" },
120 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
121 .config_needed = false,
122 .has_rom_version = true,
123 .fw_name = "rtl_bt/rtl8723b_fw.bin",
124 .cfg_name = "rtl_bt/rtl8723b_config",
125 .hw_info = "rtl8723bu" },
128 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
130 .lmp_subver = RTL_ROM_LMP_8703B,
131 .chip_type = RTL_CHIP_8723CS_CG,
133 .config_needed = true,
134 .has_rom_version = true,
135 .fw_name = "rtl_bt/rtl8723cs_cg_fw.bin",
136 .cfg_name = "rtl_bt/rtl8723cs_cg_config",
137 .hw_info = "rtl8723cs-cg" },
140 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
142 .lmp_subver = RTL_ROM_LMP_8703B,
143 .chip_type = RTL_CHIP_8723CS_VF,
145 .config_needed = true,
146 .has_rom_version = true,
147 .fw_name = "rtl_bt/rtl8723cs_vf_fw.bin",
148 .cfg_name = "rtl_bt/rtl8723cs_vf_config",
149 .hw_info = "rtl8723cs-vf" },
152 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
154 .lmp_subver = RTL_ROM_LMP_8703B,
155 .chip_type = RTL_CHIP_8723CS_XX,
157 .config_needed = true,
158 .has_rom_version = true,
159 .fw_name = "rtl_bt/rtl8723cs_xx_fw.bin",
160 .cfg_name = "rtl_bt/rtl8723cs_xx_config",
161 .hw_info = "rtl8723cs" },
164 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
165 .config_needed = true,
166 .has_rom_version = true,
167 .fw_name = "rtl_bt/rtl8723d_fw.bin",
168 .cfg_name = "rtl_bt/rtl8723d_config",
169 .hw_info = "rtl8723du" },
172 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
173 .config_needed = true,
174 .has_rom_version = true,
175 .fw_name = "rtl_bt/rtl8723ds_fw.bin",
176 .cfg_name = "rtl_bt/rtl8723ds_config",
177 .hw_info = "rtl8723ds" },
180 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
181 .config_needed = false,
182 .has_rom_version = true,
183 .fw_name = "rtl_bt/rtl8821a_fw.bin",
184 .cfg_name = "rtl_bt/rtl8821a_config",
185 .hw_info = "rtl8821au" },
188 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
189 .config_needed = false,
190 .has_rom_version = true,
191 .has_msft_ext = true,
192 .fw_name = "rtl_bt/rtl8821c_fw.bin",
193 .cfg_name = "rtl_bt/rtl8821c_config",
194 .hw_info = "rtl8821cu" },
197 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART),
198 .config_needed = true,
199 .has_rom_version = true,
200 .has_msft_ext = true,
201 .fw_name = "rtl_bt/rtl8821cs_fw.bin",
202 .cfg_name = "rtl_bt/rtl8821cs_config",
203 .hw_info = "rtl8821cs" },
206 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
207 .config_needed = false,
208 .has_rom_version = true,
209 .fw_name = "rtl_bt/rtl8761a_fw.bin",
210 .cfg_name = "rtl_bt/rtl8761a_config",
211 .hw_info = "rtl8761au" },
214 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
215 .config_needed = false,
216 .has_rom_version = true,
217 .has_msft_ext = true,
218 .fw_name = "rtl_bt/rtl8761b_fw.bin",
219 .cfg_name = "rtl_bt/rtl8761b_config",
220 .hw_info = "rtl8761btv" },
223 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
224 .config_needed = false,
225 .has_rom_version = true,
226 .fw_name = "rtl_bt/rtl8761bu_fw.bin",
227 .cfg_name = "rtl_bt/rtl8761bu_config",
228 .hw_info = "rtl8761bu" },
230 /* 8822C with UART interface */
231 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
232 .config_needed = true,
233 .has_rom_version = true,
234 .has_msft_ext = true,
235 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
236 .cfg_name = "rtl_bt/rtl8822cs_config",
237 .hw_info = "rtl8822cs" },
239 /* 8822C with UART interface */
240 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
241 .config_needed = true,
242 .has_rom_version = true,
243 .has_msft_ext = true,
244 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
245 .cfg_name = "rtl_bt/rtl8822cs_config",
246 .hw_info = "rtl8822cs" },
248 /* 8822C with USB interface */
249 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
250 .config_needed = false,
251 .has_rom_version = true,
252 .has_msft_ext = true,
253 .fw_name = "rtl_bt/rtl8822cu_fw.bin",
254 .cfg_name = "rtl_bt/rtl8822cu_config",
255 .hw_info = "rtl8822cu" },
258 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
259 .config_needed = true,
260 .has_rom_version = true,
261 .has_msft_ext = true,
262 .fw_name = "rtl_bt/rtl8822b_fw.bin",
263 .cfg_name = "rtl_bt/rtl8822b_config",
264 .hw_info = "rtl8822bu" },
267 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
268 .config_needed = false,
269 .has_rom_version = true,
270 .has_msft_ext = true,
271 .fw_name = "rtl_bt/rtl8852au_fw.bin",
272 .cfg_name = "rtl_bt/rtl8852au_config",
273 .hw_info = "rtl8852au" },
275 /* 8852B with UART interface */
276 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART),
277 .config_needed = true,
278 .has_rom_version = true,
279 .has_msft_ext = true,
280 .fw_name = "rtl_bt/rtl8852bs_fw.bin",
281 .cfg_name = "rtl_bt/rtl8852bs_config",
282 .hw_info = "rtl8852bs" },
285 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
286 .config_needed = false,
287 .has_rom_version = true,
288 .has_msft_ext = true,
289 .fw_name = "rtl_bt/rtl8852bu_fw.bin",
290 .cfg_name = "rtl_bt/rtl8852bu_config",
291 .hw_info = "rtl8852bu" },
294 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
295 .config_needed = false,
296 .has_rom_version = true,
297 .has_msft_ext = true,
298 .fw_name = "rtl_bt/rtl8852cu_fw.bin",
299 .cfg_name = "rtl_bt/rtl8852cu_config",
300 .hw_info = "rtl8852cu" },
303 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB),
304 .config_needed = false,
305 .has_rom_version = true,
306 .has_msft_ext = false,
307 .fw_name = "rtl_bt/rtl8851bu_fw.bin",
308 .cfg_name = "rtl_bt/rtl8851bu_config",
309 .hw_info = "rtl8851bu" },
312 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
313 u8 hci_ver, u8 hci_bus,
318 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
319 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
320 (ic_id_table[i].lmp_subver != lmp_subver))
322 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
323 (ic_id_table[i].hci_rev != hci_rev))
325 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
326 (ic_id_table[i].hci_ver != hci_ver))
328 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
329 (ic_id_table[i].hci_bus != hci_bus))
331 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) &&
332 (ic_id_table[i].chip_type != chip_type))
337 if (i >= ARRAY_SIZE(ic_id_table))
340 return &ic_id_table[i];
343 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
347 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
350 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
355 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
356 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
358 return ERR_PTR(-EIO);
364 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
366 struct rtl_rom_version_evt *rom_version;
369 /* Read RTL ROM version command */
370 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
372 rtl_dev_err(hdev, "Read ROM version failed (%ld)",
377 if (skb->len != sizeof(*rom_version)) {
378 rtl_dev_err(hdev, "version event length mismatch");
383 rom_version = (struct rtl_rom_version_evt *)skb->data;
384 rtl_dev_info(hdev, "rom_version status=%x version=%x",
385 rom_version->status, rom_version->version);
387 *version = rom_version->version;
393 static int btrtl_vendor_read_reg16(struct hci_dev *hdev,
394 struct rtl_vendor_cmd *cmd, u8 *rp)
399 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd,
403 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err);
407 if (skb->len != 3 || skb->data[0]) {
408 bt_dev_err(hdev, "RTL: Read reg16 length mismatch");
414 memcpy(rp, skb->data + 1, 2);
421 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len)
423 void *data = iov->data;
434 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node,
435 struct btrtl_device_info *btrtl_dev)
437 struct list_head *pos;
438 struct list_head *next;
439 struct rtl_subsection *subsec;
441 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) {
442 subsec = list_entry(pos, struct rtl_subsection, list);
443 if (subsec->prio >= node->prio)
446 __list_add(&node->list, pos->prev, pos);
449 static int btrtl_parse_section(struct hci_dev *hdev,
450 struct btrtl_device_info *btrtl_dev, u32 opcode,
453 struct rtl_section_hdr *hdr;
454 struct rtl_subsection *subsec;
455 struct rtl_common_subsec *common_subsec;
456 struct rtl_sec_hdr *sec_hdr;
462 struct rtl_iovec iov = {
467 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
470 num_subsecs = le16_to_cpu(hdr->num);
472 for (i = 0; i < num_subsecs; i++) {
473 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec));
476 subsec_len = le32_to_cpu(common_subsec->len);
478 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x",
479 common_subsec->eco, subsec_len);
481 ptr = rtl_iov_pull_data(&iov, subsec_len);
485 if (common_subsec->eco != btrtl_dev->rom_version + 1)
489 case RTL_PATCH_SECURITY_HEADER:
490 sec_hdr = (void *)common_subsec;
491 if (sec_hdr->key_id != btrtl_dev->key_id)
496 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL);
499 subsec->opcode = opcode;
500 subsec->prio = common_subsec->prio;
501 subsec->len = subsec_len;
503 btrtl_insert_ordered_subsec(subsec, btrtl_dev);
510 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev,
511 struct btrtl_device_info *btrtl_dev,
512 unsigned char **_buf)
514 struct rtl_epatch_header_v2 *hdr;
519 struct rtl_section *section;
520 struct rtl_subsection *entry, *tmp;
526 struct rtl_iovec iov = {
527 .data = btrtl_dev->fw_data,
528 .len = btrtl_dev->fw_len - 7, /* Cut the tail */
531 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val);
536 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id);
538 btrtl_dev->key_id = key_id;
540 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
543 num_sections = le32_to_cpu(hdr->num_sections);
545 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version),
546 *((u32 *)(hdr->fw_version + 4)));
548 for (i = 0; i < num_sections; i++) {
549 section = rtl_iov_pull_data(&iov, sizeof(*section));
552 section_len = le32_to_cpu(section->len);
553 opcode = le32_to_cpu(section->opcode);
555 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode);
557 ptr = rtl_iov_pull_data(&iov, section_len);
562 case RTL_PATCH_SNIPPETS:
563 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
566 case RTL_PATCH_SECURITY_HEADER:
567 /* If key_id from chip is zero, ignore all security
572 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
575 case RTL_PATCH_DUMMY_HEADER:
576 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
584 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d",
594 /* Allocate mem and copy all found subsecs. */
595 ptr = kvmalloc(len, GFP_KERNEL);
600 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
601 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x",
602 entry->opcode, entry->data, entry->len);
603 memcpy(ptr + len, entry->data, entry->len);
614 static int rtlbt_parse_firmware(struct hci_dev *hdev,
615 struct btrtl_device_info *btrtl_dev,
616 unsigned char **_buf)
618 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
619 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
620 struct rtl_epatch_header *epatch_info;
624 u8 opcode, length, data;
626 const unsigned char *fwptr, *chip_id_base;
627 const unsigned char *patch_length_base, *patch_offset_base;
628 u32 patch_offset = 0;
629 u16 patch_length, num_patches;
630 static const struct {
633 } project_id_to_lmp_subver[] = {
634 { RTL_ROM_LMP_8723A, 0 },
635 { RTL_ROM_LMP_8723B, 1 },
636 { RTL_ROM_LMP_8821A, 2 },
637 { RTL_ROM_LMP_8761A, 3 },
638 { RTL_ROM_LMP_8703B, 7 },
639 { RTL_ROM_LMP_8822B, 8 },
640 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */
641 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
642 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */
643 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */
644 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */
645 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */
646 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */
647 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */
650 if (btrtl_dev->fw_len <= 8)
653 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8))
654 min_size = sizeof(struct rtl_epatch_header) +
655 sizeof(extension_sig) + 3;
656 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
657 min_size = sizeof(struct rtl_epatch_header_v2) +
658 sizeof(extension_sig) + 3;
662 if (btrtl_dev->fw_len < min_size)
665 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
666 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
667 rtl_dev_err(hdev, "extension section signature mismatch");
671 /* Loop from the end of the firmware parsing instructions, until
672 * we find an instruction that identifies the "project ID" for the
673 * hardware supported by this firwmare file.
674 * Once we have that, we double-check that project_id is suitable
675 * for the hardware we are working with.
677 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
682 BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
684 if (opcode == 0xff) /* EOF */
688 rtl_dev_err(hdev, "found instruction with length 0");
692 if (opcode == 0 && length == 1) {
700 if (project_id < 0) {
701 rtl_dev_err(hdev, "failed to find version instruction");
705 /* Find project_id in table */
706 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
707 if (project_id == project_id_to_lmp_subver[i].id) {
708 btrtl_dev->project_id = project_id;
713 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
714 rtl_dev_err(hdev, "unknown project id %d", project_id);
718 if (btrtl_dev->ic_info->lmp_subver !=
719 project_id_to_lmp_subver[i].lmp_subver) {
720 rtl_dev_err(hdev, "firmware is for %x but this is a %x",
721 project_id_to_lmp_subver[i].lmp_subver,
722 btrtl_dev->ic_info->lmp_subver);
726 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) {
727 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
728 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf);
729 rtl_dev_err(hdev, "bad EPATCH signature");
733 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
734 num_patches = le16_to_cpu(epatch_info->num_patches);
736 BT_DBG("fw_version=%x, num_patches=%d",
737 le32_to_cpu(epatch_info->fw_version), num_patches);
738 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version);
740 /* After the rtl_epatch_header there is a funky patch metadata section.
741 * Assuming 2 patches, the layout is:
742 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
744 * Find the right patch for this chip.
746 min_size += 8 * num_patches;
747 if (btrtl_dev->fw_len < min_size)
750 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
751 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
752 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
753 for (i = 0; i < num_patches; i++) {
754 u16 chip_id = get_unaligned_le16(chip_id_base +
756 if (chip_id == btrtl_dev->rom_version + 1) {
757 patch_length = get_unaligned_le16(patch_length_base +
759 patch_offset = get_unaligned_le32(patch_offset_base +
766 rtl_dev_err(hdev, "didn't find patch for chip id %d",
767 btrtl_dev->rom_version);
771 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
772 min_size = patch_offset + patch_length;
773 if (btrtl_dev->fw_len < min_size)
776 /* Copy the firmware into a new buffer and write the version at
780 buf = kvmalloc(patch_length, GFP_KERNEL);
784 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
785 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
791 static int rtl_download_firmware(struct hci_dev *hdev,
792 const unsigned char *data, int fw_len)
794 struct rtl_download_cmd *dl_cmd;
795 int frag_num = fw_len / RTL_FRAG_LEN + 1;
796 int frag_len = RTL_FRAG_LEN;
801 struct hci_rp_read_local_version *rp;
803 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL);
807 for (i = 0; i < frag_num; i++) {
811 if (dl_cmd->index == 0x7f)
814 if (i == (frag_num - 1)) {
815 dl_cmd->index |= 0x80; /* data end */
816 frag_len = fw_len % RTL_FRAG_LEN;
818 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i,
819 frag_num, dl_cmd->index);
820 memcpy(dl_cmd->data, data, frag_len);
822 /* Send download command */
823 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
826 rtl_dev_err(hdev, "download fw command failed (%ld)",
832 if (skb->len != sizeof(struct rtl_download_response)) {
833 rtl_dev_err(hdev, "download fw event length mismatch");
840 data += RTL_FRAG_LEN;
843 skb = btrtl_read_local_version(hdev);
846 rtl_dev_err(hdev, "read local version failed");
850 rp = (struct hci_rp_read_local_version *)skb->data;
851 rtl_dev_info(hdev, "fw version 0x%04x%04x",
852 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
860 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
862 const struct firmware *fw;
865 rtl_dev_info(hdev, "loading %s", name);
866 ret = request_firmware(&fw, name, &hdev->dev);
870 *buff = kvmalloc(fw->size, GFP_KERNEL);
872 memcpy(*buff, fw->data, ret);
876 release_firmware(fw);
881 static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
882 struct btrtl_device_info *btrtl_dev)
884 if (btrtl_dev->fw_len < 8)
887 /* Check that the firmware doesn't have the epatch signature
888 * (which is only for RTL8723B and newer).
890 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
891 rtl_dev_err(hdev, "unexpected EPATCH signature!");
895 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
899 static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
900 struct btrtl_device_info *btrtl_dev)
902 unsigned char *fw_data = NULL;
906 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
910 if (btrtl_dev->cfg_len > 0) {
911 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
917 memcpy(tbuff, fw_data, ret);
920 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
921 ret += btrtl_dev->cfg_len;
926 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
928 ret = rtl_download_firmware(hdev, fw_data, ret);
935 static void btrtl_coredump(struct hci_dev *hdev)
937 static const u8 param[] = { 0x00, 0x00 };
939 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param);
942 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
944 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
947 if (coredump_info->rtl_dump.controller)
948 snprintf(buf, sizeof(buf), "Controller Name: %s\n",
949 coredump_info->rtl_dump.controller);
951 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n");
952 skb_put_data(skb, buf, strlen(buf));
954 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
955 coredump_info->rtl_dump.fw_version);
956 skb_put_data(skb, buf, strlen(buf));
958 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name);
959 skb_put_data(skb, buf, strlen(buf));
961 snprintf(buf, sizeof(buf), "Vendor: Realtek\n");
962 skb_put_data(skb, buf, strlen(buf));
965 static int btrtl_register_devcoredump_support(struct hci_dev *hdev)
969 err = hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL);
974 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name)
976 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
978 coredump_info->rtl_dump.driver_name = driver_name;
980 EXPORT_SYMBOL_GPL(btrtl_set_driver_name);
982 static bool rtl_has_chip_type(u16 lmp_subver)
984 switch (lmp_subver) {
985 case RTL_ROM_LMP_8703B:
994 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type)
996 struct rtl_chip_type_evt *chip_type;
998 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0};
1000 /* Read RTL chip type command */
1001 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT);
1003 rtl_dev_err(hdev, "Read chip type failed (%ld)",
1005 return PTR_ERR(skb);
1008 chip_type = skb_pull_data(skb, sizeof(*chip_type));
1010 rtl_dev_err(hdev, "RTL chip type event length mismatch");
1015 rtl_dev_info(hdev, "chip_type status=%x type=%x",
1016 chip_type->status, chip_type->type);
1018 *type = chip_type->type & 0x0f;
1024 void btrtl_free(struct btrtl_device_info *btrtl_dev)
1026 struct rtl_subsection *entry, *tmp;
1028 kvfree(btrtl_dev->fw_data);
1029 kvfree(btrtl_dev->cfg_data);
1031 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
1032 list_del(&entry->list);
1038 EXPORT_SYMBOL_GPL(btrtl_free);
1040 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
1041 const char *postfix)
1043 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
1044 struct btrtl_device_info *btrtl_dev;
1045 struct sk_buff *skb;
1046 struct hci_rp_read_local_version *resp;
1047 struct hci_command_hdr *cmd;
1049 u16 hci_rev, lmp_subver;
1050 u8 hci_ver, lmp_ver, chip_type = 0;
1054 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
1060 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs);
1063 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val);
1066 lmp_subver = get_unaligned_le16(reg_val);
1068 if (lmp_subver == RTL_ROM_LMP_8822B) {
1069 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val);
1072 hci_rev = get_unaligned_le16(reg_val);
1075 if (hci_rev == 0x000e) {
1078 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev,
1085 skb = btrtl_read_local_version(hdev);
1091 resp = (struct hci_rp_read_local_version *)skb->data;
1093 hci_ver = resp->hci_ver;
1094 hci_rev = le16_to_cpu(resp->hci_rev);
1095 lmp_ver = resp->lmp_ver;
1096 lmp_subver = le16_to_cpu(resp->lmp_subver);
1100 if (rtl_has_chip_type(lmp_subver)) {
1101 ret = rtl_read_chip_type(hdev, &chip_type);
1106 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
1107 hdev->bus, chip_type);
1110 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
1112 lmp_ver, lmp_subver);
1114 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw)
1115 btrtl_dev->drop_fw = true;
1117 btrtl_dev->drop_fw = false;
1119 if (btrtl_dev->drop_fw) {
1120 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL);
1124 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE);
1125 cmd->opcode = cpu_to_le16(0xfc66);
1128 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1130 ret = hdev->send(hdev, skb);
1132 bt_dev_err(hdev, "sending frame failed (%d)", ret);
1137 /* Ensure the above vendor command is sent to controller and
1145 if (!btrtl_dev->ic_info) {
1146 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
1147 lmp_subver, hci_rev, hci_ver);
1151 if (btrtl_dev->ic_info->has_rom_version) {
1152 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
1157 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
1158 &btrtl_dev->fw_data);
1159 if (btrtl_dev->fw_len < 0) {
1160 rtl_dev_err(hdev, "firmware file %s not found",
1161 btrtl_dev->ic_info->fw_name);
1162 ret = btrtl_dev->fw_len;
1166 if (btrtl_dev->ic_info->cfg_name) {
1168 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
1169 btrtl_dev->ic_info->cfg_name, postfix);
1171 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
1172 btrtl_dev->ic_info->cfg_name);
1174 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
1175 &btrtl_dev->cfg_data);
1176 if (btrtl_dev->ic_info->config_needed &&
1177 btrtl_dev->cfg_len <= 0) {
1178 rtl_dev_err(hdev, "mandatory config file %s not found",
1179 btrtl_dev->ic_info->cfg_name);
1180 ret = btrtl_dev->cfg_len;
1185 /* The following chips supports the Microsoft vendor extension,
1186 * therefore set the corresponding VsMsftOpCode.
1188 if (btrtl_dev->ic_info->has_msft_ext)
1189 hci_set_msft_opcode(hdev, 0xFCF0);
1191 if (btrtl_dev->ic_info)
1192 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info;
1197 btrtl_free(btrtl_dev);
1199 return ERR_PTR(ret);
1201 EXPORT_SYMBOL_GPL(btrtl_initialize);
1203 int btrtl_download_firmware(struct hci_dev *hdev,
1204 struct btrtl_device_info *btrtl_dev)
1208 /* Match a set of subver values that correspond to stock firmware,
1209 * which is not compatible with standard btusb.
1210 * If matched, upload an alternative firmware that does conform to
1211 * standard btusb. Once that firmware is uploaded, the subver changes
1212 * to a different value.
1214 if (!btrtl_dev->ic_info) {
1215 rtl_dev_info(hdev, "assuming no firmware upload needed");
1220 switch (btrtl_dev->ic_info->lmp_subver) {
1221 case RTL_ROM_LMP_8723A:
1222 err = btrtl_setup_rtl8723a(hdev, btrtl_dev);
1224 case RTL_ROM_LMP_8723B:
1225 case RTL_ROM_LMP_8821A:
1226 case RTL_ROM_LMP_8761A:
1227 case RTL_ROM_LMP_8822B:
1228 case RTL_ROM_LMP_8852A:
1229 case RTL_ROM_LMP_8703B:
1230 case RTL_ROM_LMP_8851B:
1231 err = btrtl_setup_rtl8723b(hdev, btrtl_dev);
1234 rtl_dev_info(hdev, "assuming no firmware upload needed");
1240 err = btrtl_register_devcoredump_support(hdev);
1244 EXPORT_SYMBOL_GPL(btrtl_download_firmware);
1246 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev)
1248 /* Enable controller to do both LE scan and BR/EDR inquiry
1251 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1253 /* Enable central-peripheral role (able to create new connections with
1254 * an existing connection in slave role).
1256 /* Enable WBS supported for the specific Realtek devices. */
1257 switch (btrtl_dev->project_id) {
1263 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
1264 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1266 /* RTL8852C needs to transmit mSBC data continuously without
1267 * the zero length of USB packets for the ALT 6 supported chips
1269 if (btrtl_dev->project_id == CHIP_ID_8852C)
1270 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
1272 hci_set_aosp_capable(hdev);
1275 rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
1276 rtl_dev_dbg(hdev, "WBS supported not enabled.");
1280 if (!btrtl_dev->ic_info)
1283 switch (btrtl_dev->ic_info->lmp_subver) {
1284 case RTL_ROM_LMP_8703B:
1285 /* 8723CS reports two pages for local ext features,
1286 * but it doesn't support any features from page 2 -
1287 * it either responds with garbage or with error status
1289 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2,
1296 EXPORT_SYMBOL_GPL(btrtl_set_quirks);
1298 int btrtl_setup_realtek(struct hci_dev *hdev)
1300 struct btrtl_device_info *btrtl_dev;
1303 btrtl_dev = btrtl_initialize(hdev, NULL);
1304 if (IS_ERR(btrtl_dev))
1305 return PTR_ERR(btrtl_dev);
1307 ret = btrtl_download_firmware(hdev, btrtl_dev);
1309 btrtl_set_quirks(hdev, btrtl_dev);
1311 btrtl_free(btrtl_dev);
1314 EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
1316 int btrtl_shutdown_realtek(struct hci_dev *hdev)
1318 struct sk_buff *skb;
1321 /* According to the vendor driver, BT must be reset on close to avoid
1324 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1327 bt_dev_err(hdev, "HCI reset during shutdown failed");
1334 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
1336 static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
1338 switch (device_baudrate) {
1373 int btrtl_get_uart_settings(struct hci_dev *hdev,
1374 struct btrtl_device_info *btrtl_dev,
1375 unsigned int *controller_baudrate,
1376 u32 *device_baudrate, bool *flow_control)
1378 struct rtl_vendor_config *config;
1379 struct rtl_vendor_config_entry *entry;
1380 int i, total_data_len;
1383 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
1384 if (total_data_len <= 0) {
1385 rtl_dev_warn(hdev, "no config loaded");
1389 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
1390 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
1391 rtl_dev_err(hdev, "invalid config magic");
1395 if (total_data_len < le16_to_cpu(config->total_len)) {
1396 rtl_dev_err(hdev, "config is too short");
1400 for (i = 0; i < total_data_len; ) {
1401 entry = ((void *)config->entry) + i;
1403 switch (le16_to_cpu(entry->offset)) {
1405 if (entry->len < sizeof(*device_baudrate)) {
1406 rtl_dev_err(hdev, "invalid UART config entry");
1410 *device_baudrate = get_unaligned_le32(entry->data);
1411 *controller_baudrate = btrtl_convert_baudrate(
1414 if (entry->len >= 13)
1415 *flow_control = !!(entry->data[12] & BIT(2));
1417 *flow_control = false;
1423 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
1424 le16_to_cpu(entry->offset), entry->len);
1428 i += sizeof(*entry) + entry->len;
1432 rtl_dev_err(hdev, "no UART config entry found");
1436 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
1437 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
1438 rtl_dev_dbg(hdev, "flow control %d", *flow_control);
1442 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
1444 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
1445 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
1446 MODULE_VERSION(VERSION);
1447 MODULE_LICENSE("GPL");
1448 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
1449 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
1450 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
1451 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
1452 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
1453 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin");
1454 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin");
1455 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin");
1456 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin");
1457 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin");
1458 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin");
1459 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin");
1460 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin");
1461 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
1462 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
1463 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
1464 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
1465 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin");
1466 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin");
1467 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin");
1468 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin");
1469 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
1470 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
1471 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin");
1472 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin");
1473 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin");
1474 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin");
1475 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
1476 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
1477 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin");
1478 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin");
1479 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin");
1480 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin");
1481 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin");
1482 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin");
1483 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
1484 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
1485 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin");
1486 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin");
1487 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
1488 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
1489 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
1490 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
projects / linux-2.6-microblaze.git / blob