1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Bluetooth support for Realtek devices
5 * Copyright (C) 2015 Endless Mobile, Inc.
8 #include <linux/module.h>
9 #include <linux/firmware.h>
10 #include <asm/unaligned.h>
11 #include <linux/usb.h>
13 #include <net/bluetooth/bluetooth.h>
14 #include <net/bluetooth/hci_core.h>
20 #define RTL_CHIP_8723CS_CG 3
21 #define RTL_CHIP_8723CS_VF 4
22 #define RTL_CHIP_8723CS_XX 5
23 #define RTL_EPATCH_SIGNATURE "Realtech"
24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore"
25 #define RTL_ROM_LMP_8703B 0x8703
26 #define RTL_ROM_LMP_8723A 0x1200
27 #define RTL_ROM_LMP_8723B 0x8723
28 #define RTL_ROM_LMP_8821A 0x8821
29 #define RTL_ROM_LMP_8761A 0x8761
30 #define RTL_ROM_LMP_8822B 0x8822
31 #define RTL_ROM_LMP_8852A 0x8852
32 #define RTL_ROM_LMP_8851B 0x8851
33 #define RTL_CONFIG_MAGIC 0x8723ab55
35 #define RTL_VSC_OP_COREDUMP 0xfcff
37 #define IC_MATCH_FL_LMPSUBV (1 << 0)
38 #define IC_MATCH_FL_HCIREV (1 << 1)
39 #define IC_MATCH_FL_HCIVER (1 << 2)
40 #define IC_MATCH_FL_HCIBUS (1 << 3)
41 #define IC_MATCH_FL_CHIP_TYPE (1 << 4)
42 #define IC_INFO(lmps, hcir, hciv, bus) \
43 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \
44 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \
45 .lmp_subver = (lmps), \
50 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}})
51 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}})
52 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}})
54 #define RTL_PATCH_SNIPPETS 0x01
55 #define RTL_PATCH_DUMMY_HEADER 0x02
56 #define RTL_PATCH_SECURITY_HEADER 0x03
90 struct btrtl_device_info {
91 const struct id_table *ic_info;
100 struct list_head patch_subsecs;
103 static const struct id_table ic_id_table[] = {
105 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
106 .config_needed = false,
107 .has_rom_version = false,
108 .fw_name = "rtl_bt/rtl8723a_fw",
110 .hw_info = "rtl8723au" },
113 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
114 .config_needed = true,
115 .has_rom_version = true,
116 .fw_name = "rtl_bt/rtl8723bs_fw",
117 .cfg_name = "rtl_bt/rtl8723bs_config",
118 .hw_info = "rtl8723bs" },
121 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
122 .config_needed = false,
123 .has_rom_version = true,
124 .fw_name = "rtl_bt/rtl8723b_fw",
125 .cfg_name = "rtl_bt/rtl8723b_config",
126 .hw_info = "rtl8723bu" },
129 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
131 .lmp_subver = RTL_ROM_LMP_8703B,
132 .chip_type = RTL_CHIP_8723CS_CG,
134 .config_needed = true,
135 .has_rom_version = true,
136 .fw_name = "rtl_bt/rtl8723cs_cg_fw",
137 .cfg_name = "rtl_bt/rtl8723cs_cg_config",
138 .hw_info = "rtl8723cs-cg" },
141 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
143 .lmp_subver = RTL_ROM_LMP_8703B,
144 .chip_type = RTL_CHIP_8723CS_VF,
146 .config_needed = true,
147 .has_rom_version = true,
148 .fw_name = "rtl_bt/rtl8723cs_vf_fw",
149 .cfg_name = "rtl_bt/rtl8723cs_vf_config",
150 .hw_info = "rtl8723cs-vf" },
153 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
155 .lmp_subver = RTL_ROM_LMP_8703B,
156 .chip_type = RTL_CHIP_8723CS_XX,
158 .config_needed = true,
159 .has_rom_version = true,
160 .fw_name = "rtl_bt/rtl8723cs_xx_fw",
161 .cfg_name = "rtl_bt/rtl8723cs_xx_config",
162 .hw_info = "rtl8723cs" },
165 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
166 .config_needed = true,
167 .has_rom_version = true,
168 .fw_name = "rtl_bt/rtl8723d_fw",
169 .cfg_name = "rtl_bt/rtl8723d_config",
170 .hw_info = "rtl8723du" },
173 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
174 .config_needed = true,
175 .has_rom_version = true,
176 .fw_name = "rtl_bt/rtl8723ds_fw",
177 .cfg_name = "rtl_bt/rtl8723ds_config",
178 .hw_info = "rtl8723ds" },
181 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
182 .config_needed = false,
183 .has_rom_version = true,
184 .fw_name = "rtl_bt/rtl8821a_fw",
185 .cfg_name = "rtl_bt/rtl8821a_config",
186 .hw_info = "rtl8821au" },
189 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
190 .config_needed = false,
191 .has_rom_version = true,
192 .has_msft_ext = true,
193 .fw_name = "rtl_bt/rtl8821c_fw",
194 .cfg_name = "rtl_bt/rtl8821c_config",
195 .hw_info = "rtl8821cu" },
198 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART),
199 .config_needed = true,
200 .has_rom_version = true,
201 .has_msft_ext = true,
202 .fw_name = "rtl_bt/rtl8821cs_fw",
203 .cfg_name = "rtl_bt/rtl8821cs_config",
204 .hw_info = "rtl8821cs" },
207 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
208 .config_needed = false,
209 .has_rom_version = true,
210 .fw_name = "rtl_bt/rtl8761a_fw",
211 .cfg_name = "rtl_bt/rtl8761a_config",
212 .hw_info = "rtl8761au" },
215 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
216 .config_needed = false,
217 .has_rom_version = true,
218 .has_msft_ext = true,
219 .fw_name = "rtl_bt/rtl8761b_fw",
220 .cfg_name = "rtl_bt/rtl8761b_config",
221 .hw_info = "rtl8761btv" },
224 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
225 .config_needed = false,
226 .has_rom_version = true,
227 .fw_name = "rtl_bt/rtl8761bu_fw",
228 .cfg_name = "rtl_bt/rtl8761bu_config",
229 .hw_info = "rtl8761bu" },
231 /* 8822C with UART interface */
232 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
233 .config_needed = true,
234 .has_rom_version = true,
235 .has_msft_ext = true,
236 .fw_name = "rtl_bt/rtl8822cs_fw",
237 .cfg_name = "rtl_bt/rtl8822cs_config",
238 .hw_info = "rtl8822cs" },
240 /* 8822C with UART interface */
241 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
242 .config_needed = true,
243 .has_rom_version = true,
244 .has_msft_ext = true,
245 .fw_name = "rtl_bt/rtl8822cs_fw",
246 .cfg_name = "rtl_bt/rtl8822cs_config",
247 .hw_info = "rtl8822cs" },
249 /* 8822C with USB interface */
250 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
251 .config_needed = false,
252 .has_rom_version = true,
253 .has_msft_ext = true,
254 .fw_name = "rtl_bt/rtl8822cu_fw",
255 .cfg_name = "rtl_bt/rtl8822cu_config",
256 .hw_info = "rtl8822cu" },
259 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
260 .config_needed = true,
261 .has_rom_version = true,
262 .has_msft_ext = true,
263 .fw_name = "rtl_bt/rtl8822b_fw",
264 .cfg_name = "rtl_bt/rtl8822b_config",
265 .hw_info = "rtl8822bu" },
268 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
269 .config_needed = false,
270 .has_rom_version = true,
271 .has_msft_ext = true,
272 .fw_name = "rtl_bt/rtl8852au_fw",
273 .cfg_name = "rtl_bt/rtl8852au_config",
274 .hw_info = "rtl8852au" },
276 /* 8852B with UART interface */
277 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART),
278 .config_needed = true,
279 .has_rom_version = true,
280 .has_msft_ext = true,
281 .fw_name = "rtl_bt/rtl8852bs_fw",
282 .cfg_name = "rtl_bt/rtl8852bs_config",
283 .hw_info = "rtl8852bs" },
286 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
287 .config_needed = false,
288 .has_rom_version = true,
289 .has_msft_ext = true,
290 .fw_name = "rtl_bt/rtl8852bu_fw",
291 .cfg_name = "rtl_bt/rtl8852bu_config",
292 .hw_info = "rtl8852bu" },
295 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
296 .config_needed = false,
297 .has_rom_version = true,
298 .has_msft_ext = true,
299 .fw_name = "rtl_bt/rtl8852cu_fw",
300 .cfg_name = "rtl_bt/rtl8852cu_config",
301 .hw_info = "rtl8852cu" },
304 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB),
305 .config_needed = false,
306 .has_rom_version = true,
307 .has_msft_ext = false,
308 .fw_name = "rtl_bt/rtl8851bu_fw",
309 .cfg_name = "rtl_bt/rtl8851bu_config",
310 .hw_info = "rtl8851bu" },
312 /* 8852BT/8852BE-VT */
313 { IC_INFO(RTL_ROM_LMP_8852A, 0x87, 0xc, HCI_USB),
314 .config_needed = false,
315 .has_rom_version = true,
316 .has_msft_ext = true,
317 .fw_name = "rtl_bt/rtl8852btu_fw",
318 .cfg_name = "rtl_bt/rtl8852btu_config",
319 .hw_info = "rtl8852btu" },
322 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
323 u8 hci_ver, u8 hci_bus,
328 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
329 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
330 (ic_id_table[i].lmp_subver != lmp_subver))
332 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
333 (ic_id_table[i].hci_rev != hci_rev))
335 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
336 (ic_id_table[i].hci_ver != hci_ver))
338 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
339 (ic_id_table[i].hci_bus != hci_bus))
341 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) &&
342 (ic_id_table[i].chip_type != chip_type))
347 if (i >= ARRAY_SIZE(ic_id_table))
350 return &ic_id_table[i];
353 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
357 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
360 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
365 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
366 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
368 return ERR_PTR(-EIO);
374 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
376 struct rtl_rom_version_evt *rom_version;
379 /* Read RTL ROM version command */
380 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
382 rtl_dev_err(hdev, "Read ROM version failed (%ld)",
387 if (skb->len != sizeof(*rom_version)) {
388 rtl_dev_err(hdev, "version event length mismatch");
393 rom_version = (struct rtl_rom_version_evt *)skb->data;
394 rtl_dev_info(hdev, "rom_version status=%x version=%x",
395 rom_version->status, rom_version->version);
397 *version = rom_version->version;
403 static int btrtl_vendor_read_reg16(struct hci_dev *hdev,
404 struct rtl_vendor_cmd *cmd, u8 *rp)
409 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd,
413 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err);
417 if (skb->len != 3 || skb->data[0]) {
418 bt_dev_err(hdev, "RTL: Read reg16 length mismatch");
424 memcpy(rp, skb->data + 1, 2);
431 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len)
433 void *data = iov->data;
444 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node,
445 struct btrtl_device_info *btrtl_dev)
447 struct list_head *pos;
448 struct list_head *next;
449 struct rtl_subsection *subsec;
451 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) {
452 subsec = list_entry(pos, struct rtl_subsection, list);
453 if (subsec->prio >= node->prio)
456 __list_add(&node->list, pos->prev, pos);
459 static int btrtl_parse_section(struct hci_dev *hdev,
460 struct btrtl_device_info *btrtl_dev, u32 opcode,
463 struct rtl_section_hdr *hdr;
464 struct rtl_subsection *subsec;
465 struct rtl_common_subsec *common_subsec;
466 struct rtl_sec_hdr *sec_hdr;
472 struct rtl_iovec iov = {
477 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
480 num_subsecs = le16_to_cpu(hdr->num);
482 for (i = 0; i < num_subsecs; i++) {
483 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec));
486 subsec_len = le32_to_cpu(common_subsec->len);
488 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x",
489 common_subsec->eco, subsec_len);
491 ptr = rtl_iov_pull_data(&iov, subsec_len);
495 if (common_subsec->eco != btrtl_dev->rom_version + 1)
499 case RTL_PATCH_SECURITY_HEADER:
500 sec_hdr = (void *)common_subsec;
501 if (sec_hdr->key_id != btrtl_dev->key_id)
506 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL);
509 subsec->opcode = opcode;
510 subsec->prio = common_subsec->prio;
511 subsec->len = subsec_len;
513 btrtl_insert_ordered_subsec(subsec, btrtl_dev);
520 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev,
521 struct btrtl_device_info *btrtl_dev,
522 unsigned char **_buf)
524 struct rtl_epatch_header_v2 *hdr;
529 struct rtl_section *section;
530 struct rtl_subsection *entry, *tmp;
536 struct rtl_iovec iov = {
537 .data = btrtl_dev->fw_data,
538 .len = btrtl_dev->fw_len - 7, /* Cut the tail */
541 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val);
546 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id);
548 btrtl_dev->key_id = key_id;
550 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
553 num_sections = le32_to_cpu(hdr->num_sections);
555 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version),
556 *((u32 *)(hdr->fw_version + 4)));
558 for (i = 0; i < num_sections; i++) {
559 section = rtl_iov_pull_data(&iov, sizeof(*section));
562 section_len = le32_to_cpu(section->len);
563 opcode = le32_to_cpu(section->opcode);
565 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode);
567 ptr = rtl_iov_pull_data(&iov, section_len);
572 case RTL_PATCH_SNIPPETS:
573 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
576 case RTL_PATCH_SECURITY_HEADER:
577 /* If key_id from chip is zero, ignore all security
582 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
585 case RTL_PATCH_DUMMY_HEADER:
586 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
594 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d",
604 /* Allocate mem and copy all found subsecs. */
605 ptr = kvmalloc(len, GFP_KERNEL);
610 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
611 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x",
612 entry->opcode, entry->data, entry->len);
613 memcpy(ptr + len, entry->data, entry->len);
624 static int rtlbt_parse_firmware(struct hci_dev *hdev,
625 struct btrtl_device_info *btrtl_dev,
626 unsigned char **_buf)
628 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
629 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
630 struct rtl_epatch_header *epatch_info;
634 u8 opcode, length, data;
636 const unsigned char *fwptr, *chip_id_base;
637 const unsigned char *patch_length_base, *patch_offset_base;
638 u32 patch_offset = 0;
639 u16 patch_length, num_patches;
640 static const struct {
643 } project_id_to_lmp_subver[] = {
644 { RTL_ROM_LMP_8723A, 0 },
645 { RTL_ROM_LMP_8723B, 1 },
646 { RTL_ROM_LMP_8821A, 2 },
647 { RTL_ROM_LMP_8761A, 3 },
648 { RTL_ROM_LMP_8703B, 7 },
649 { RTL_ROM_LMP_8822B, 8 },
650 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */
651 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
652 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */
653 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */
654 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */
655 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */
656 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */
657 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */
658 { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */
661 if (btrtl_dev->fw_len <= 8)
664 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8))
665 min_size = sizeof(struct rtl_epatch_header) +
666 sizeof(extension_sig) + 3;
667 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
668 min_size = sizeof(struct rtl_epatch_header_v2) +
669 sizeof(extension_sig) + 3;
673 if (btrtl_dev->fw_len < min_size)
676 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
677 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
678 rtl_dev_err(hdev, "extension section signature mismatch");
682 /* Loop from the end of the firmware parsing instructions, until
683 * we find an instruction that identifies the "project ID" for the
684 * hardware supported by this firwmare file.
685 * Once we have that, we double-check that project_id is suitable
686 * for the hardware we are working with.
688 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
693 BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
695 if (opcode == 0xff) /* EOF */
699 rtl_dev_err(hdev, "found instruction with length 0");
703 if (opcode == 0 && length == 1) {
711 if (project_id < 0) {
712 rtl_dev_err(hdev, "failed to find version instruction");
716 /* Find project_id in table */
717 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
718 if (project_id == project_id_to_lmp_subver[i].id) {
719 btrtl_dev->project_id = project_id;
724 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
725 rtl_dev_err(hdev, "unknown project id %d", project_id);
729 if (btrtl_dev->ic_info->lmp_subver !=
730 project_id_to_lmp_subver[i].lmp_subver) {
731 rtl_dev_err(hdev, "firmware is for %x but this is a %x",
732 project_id_to_lmp_subver[i].lmp_subver,
733 btrtl_dev->ic_info->lmp_subver);
737 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) {
738 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
739 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf);
740 rtl_dev_err(hdev, "bad EPATCH signature");
744 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
745 num_patches = le16_to_cpu(epatch_info->num_patches);
747 BT_DBG("fw_version=%x, num_patches=%d",
748 le32_to_cpu(epatch_info->fw_version), num_patches);
749 coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version);
751 /* After the rtl_epatch_header there is a funky patch metadata section.
752 * Assuming 2 patches, the layout is:
753 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
755 * Find the right patch for this chip.
757 min_size += 8 * num_patches;
758 if (btrtl_dev->fw_len < min_size)
761 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
762 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
763 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
764 for (i = 0; i < num_patches; i++) {
765 u16 chip_id = get_unaligned_le16(chip_id_base +
767 if (chip_id == btrtl_dev->rom_version + 1) {
768 patch_length = get_unaligned_le16(patch_length_base +
770 patch_offset = get_unaligned_le32(patch_offset_base +
777 rtl_dev_err(hdev, "didn't find patch for chip id %d",
778 btrtl_dev->rom_version);
782 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
783 min_size = patch_offset + patch_length;
784 if (btrtl_dev->fw_len < min_size)
787 /* Copy the firmware into a new buffer and write the version at
791 buf = kvmalloc(patch_length, GFP_KERNEL);
795 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
796 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
802 static int rtl_download_firmware(struct hci_dev *hdev,
803 const unsigned char *data, int fw_len)
805 struct rtl_download_cmd *dl_cmd;
806 int frag_num = fw_len / RTL_FRAG_LEN + 1;
807 int frag_len = RTL_FRAG_LEN;
812 struct hci_rp_read_local_version *rp;
814 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL);
818 for (i = 0; i < frag_num; i++) {
822 if (dl_cmd->index == 0x7f)
825 if (i == (frag_num - 1)) {
826 dl_cmd->index |= 0x80; /* data end */
827 frag_len = fw_len % RTL_FRAG_LEN;
829 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i,
830 frag_num, dl_cmd->index);
831 memcpy(dl_cmd->data, data, frag_len);
833 /* Send download command */
834 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
837 rtl_dev_err(hdev, "download fw command failed (%ld)",
843 if (skb->len != sizeof(struct rtl_download_response)) {
844 rtl_dev_err(hdev, "download fw event length mismatch");
851 data += RTL_FRAG_LEN;
854 skb = btrtl_read_local_version(hdev);
857 rtl_dev_err(hdev, "read local version failed");
861 rp = (struct hci_rp_read_local_version *)skb->data;
862 rtl_dev_info(hdev, "fw version 0x%04x%04x",
863 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
871 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
873 const struct firmware *fw;
876 rtl_dev_info(hdev, "loading %s", name);
877 ret = request_firmware(&fw, name, &hdev->dev);
881 *buff = kvmalloc(fw->size, GFP_KERNEL);
883 memcpy(*buff, fw->data, ret);
887 release_firmware(fw);
892 static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
893 struct btrtl_device_info *btrtl_dev)
895 if (btrtl_dev->fw_len < 8)
898 /* Check that the firmware doesn't have the epatch signature
899 * (which is only for RTL8723B and newer).
901 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
902 rtl_dev_err(hdev, "unexpected EPATCH signature!");
906 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
910 static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
911 struct btrtl_device_info *btrtl_dev)
913 unsigned char *fw_data = NULL;
917 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
921 if (btrtl_dev->cfg_len > 0) {
922 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
928 memcpy(tbuff, fw_data, ret);
931 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
932 ret += btrtl_dev->cfg_len;
937 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
939 ret = rtl_download_firmware(hdev, fw_data, ret);
946 static void btrtl_coredump(struct hci_dev *hdev)
948 static const u8 param[] = { 0x00, 0x00 };
950 __hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param);
953 static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
955 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
958 if (coredump_info->rtl_dump.controller)
959 snprintf(buf, sizeof(buf), "Controller Name: %s\n",
960 coredump_info->rtl_dump.controller);
962 snprintf(buf, sizeof(buf), "Controller Name: Unknown\n");
963 skb_put_data(skb, buf, strlen(buf));
965 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
966 coredump_info->rtl_dump.fw_version);
967 skb_put_data(skb, buf, strlen(buf));
969 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name);
970 skb_put_data(skb, buf, strlen(buf));
972 snprintf(buf, sizeof(buf), "Vendor: Realtek\n");
973 skb_put_data(skb, buf, strlen(buf));
976 static void btrtl_register_devcoredump_support(struct hci_dev *hdev)
978 hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL);
982 void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name)
984 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
986 coredump_info->rtl_dump.driver_name = driver_name;
988 EXPORT_SYMBOL_GPL(btrtl_set_driver_name);
990 static bool rtl_has_chip_type(u16 lmp_subver)
992 switch (lmp_subver) {
993 case RTL_ROM_LMP_8703B:
1002 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type)
1004 struct rtl_chip_type_evt *chip_type;
1005 struct sk_buff *skb;
1006 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0};
1008 /* Read RTL chip type command */
1009 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT);
1011 rtl_dev_err(hdev, "Read chip type failed (%ld)",
1013 return PTR_ERR(skb);
1016 chip_type = skb_pull_data(skb, sizeof(*chip_type));
1018 rtl_dev_err(hdev, "RTL chip type event length mismatch");
1023 rtl_dev_info(hdev, "chip_type status=%x type=%x",
1024 chip_type->status, chip_type->type);
1026 *type = chip_type->type & 0x0f;
1032 void btrtl_free(struct btrtl_device_info *btrtl_dev)
1034 struct rtl_subsection *entry, *tmp;
1036 kvfree(btrtl_dev->fw_data);
1037 kvfree(btrtl_dev->cfg_data);
1039 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
1040 list_del(&entry->list);
1046 EXPORT_SYMBOL_GPL(btrtl_free);
1048 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
1049 const char *postfix)
1051 struct btrealtek_data *coredump_info = hci_get_priv(hdev);
1052 struct btrtl_device_info *btrtl_dev;
1053 struct sk_buff *skb;
1054 struct hci_rp_read_local_version *resp;
1055 struct hci_command_hdr *cmd;
1058 u16 hci_rev, lmp_subver;
1059 u8 hci_ver, lmp_ver, chip_type = 0;
1063 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
1069 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs);
1072 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val);
1075 lmp_subver = get_unaligned_le16(reg_val);
1077 if (lmp_subver == RTL_ROM_LMP_8822B) {
1078 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val);
1081 hci_rev = get_unaligned_le16(reg_val);
1084 if (hci_rev == 0x000e) {
1087 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev,
1094 skb = btrtl_read_local_version(hdev);
1100 resp = (struct hci_rp_read_local_version *)skb->data;
1102 hci_ver = resp->hci_ver;
1103 hci_rev = le16_to_cpu(resp->hci_rev);
1104 lmp_ver = resp->lmp_ver;
1105 lmp_subver = le16_to_cpu(resp->lmp_subver);
1109 if (rtl_has_chip_type(lmp_subver)) {
1110 ret = rtl_read_chip_type(hdev, &chip_type);
1115 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
1116 hdev->bus, chip_type);
1119 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
1121 lmp_ver, lmp_subver);
1123 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw)
1124 btrtl_dev->drop_fw = true;
1126 btrtl_dev->drop_fw = false;
1128 if (btrtl_dev->drop_fw) {
1129 skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL);
1133 cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE);
1134 cmd->opcode = cpu_to_le16(0xfc66);
1137 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1139 ret = hdev->send(hdev, skb);
1141 bt_dev_err(hdev, "sending frame failed (%d)", ret);
1146 /* Ensure the above vendor command is sent to controller and
1154 if (!btrtl_dev->ic_info) {
1155 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
1156 lmp_subver, hci_rev, hci_ver);
1160 if (btrtl_dev->ic_info->has_rom_version) {
1161 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
1166 if (!btrtl_dev->ic_info->fw_name) {
1171 btrtl_dev->fw_len = -EIO;
1172 if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) {
1173 snprintf(fw_name, sizeof(fw_name), "%s_v2.bin",
1174 btrtl_dev->ic_info->fw_name);
1175 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
1176 &btrtl_dev->fw_data);
1179 if (btrtl_dev->fw_len < 0) {
1180 snprintf(fw_name, sizeof(fw_name), "%s.bin",
1181 btrtl_dev->ic_info->fw_name);
1182 btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
1183 &btrtl_dev->fw_data);
1186 if (btrtl_dev->fw_len < 0) {
1187 rtl_dev_err(hdev, "firmware file %s not found",
1188 btrtl_dev->ic_info->fw_name);
1189 ret = btrtl_dev->fw_len;
1193 if (btrtl_dev->ic_info->cfg_name) {
1195 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
1196 btrtl_dev->ic_info->cfg_name, postfix);
1198 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
1199 btrtl_dev->ic_info->cfg_name);
1201 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
1202 &btrtl_dev->cfg_data);
1203 if (btrtl_dev->ic_info->config_needed &&
1204 btrtl_dev->cfg_len <= 0) {
1205 rtl_dev_err(hdev, "mandatory config file %s not found",
1206 btrtl_dev->ic_info->cfg_name);
1207 ret = btrtl_dev->cfg_len;
1212 /* The following chips supports the Microsoft vendor extension,
1213 * therefore set the corresponding VsMsftOpCode.
1215 if (btrtl_dev->ic_info->has_msft_ext)
1216 hci_set_msft_opcode(hdev, 0xFCF0);
1218 if (btrtl_dev->ic_info)
1219 coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info;
1224 btrtl_free(btrtl_dev);
1226 return ERR_PTR(ret);
1228 EXPORT_SYMBOL_GPL(btrtl_initialize);
1230 int btrtl_download_firmware(struct hci_dev *hdev,
1231 struct btrtl_device_info *btrtl_dev)
1235 /* Match a set of subver values that correspond to stock firmware,
1236 * which is not compatible with standard btusb.
1237 * If matched, upload an alternative firmware that does conform to
1238 * standard btusb. Once that firmware is uploaded, the subver changes
1239 * to a different value.
1241 if (!btrtl_dev->ic_info) {
1242 rtl_dev_info(hdev, "assuming no firmware upload needed");
1247 switch (btrtl_dev->ic_info->lmp_subver) {
1248 case RTL_ROM_LMP_8723A:
1249 err = btrtl_setup_rtl8723a(hdev, btrtl_dev);
1251 case RTL_ROM_LMP_8723B:
1252 case RTL_ROM_LMP_8821A:
1253 case RTL_ROM_LMP_8761A:
1254 case RTL_ROM_LMP_8822B:
1255 case RTL_ROM_LMP_8852A:
1256 case RTL_ROM_LMP_8703B:
1257 case RTL_ROM_LMP_8851B:
1258 err = btrtl_setup_rtl8723b(hdev, btrtl_dev);
1261 rtl_dev_info(hdev, "assuming no firmware upload needed");
1266 btrtl_register_devcoredump_support(hdev);
1270 EXPORT_SYMBOL_GPL(btrtl_download_firmware);
1272 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev)
1274 /* Enable controller to do both LE scan and BR/EDR inquiry
1277 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1279 /* Enable central-peripheral role (able to create new connections with
1280 * an existing connection in slave role).
1282 /* Enable WBS supported for the specific Realtek devices. */
1283 switch (btrtl_dev->project_id) {
1289 case CHIP_ID_8852BT:
1290 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
1291 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1293 /* RTL8852C needs to transmit mSBC data continuously without
1294 * the zero length of USB packets for the ALT 6 supported chips
1296 if (btrtl_dev->project_id == CHIP_ID_8852C)
1297 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
1299 if (btrtl_dev->project_id == CHIP_ID_8852A ||
1300 btrtl_dev->project_id == CHIP_ID_8852C)
1301 set_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks);
1303 hci_set_aosp_capable(hdev);
1306 rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
1307 rtl_dev_dbg(hdev, "WBS supported not enabled.");
1311 if (!btrtl_dev->ic_info)
1314 switch (btrtl_dev->ic_info->lmp_subver) {
1315 case RTL_ROM_LMP_8703B:
1316 /* 8723CS reports two pages for local ext features,
1317 * but it doesn't support any features from page 2 -
1318 * it either responds with garbage or with error status
1320 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2,
1327 EXPORT_SYMBOL_GPL(btrtl_set_quirks);
1329 int btrtl_setup_realtek(struct hci_dev *hdev)
1331 struct btrtl_device_info *btrtl_dev;
1334 btrtl_dev = btrtl_initialize(hdev, NULL);
1335 if (IS_ERR(btrtl_dev))
1336 return PTR_ERR(btrtl_dev);
1338 ret = btrtl_download_firmware(hdev, btrtl_dev);
1340 btrtl_set_quirks(hdev, btrtl_dev);
1342 btrtl_free(btrtl_dev);
1345 EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
1347 int btrtl_shutdown_realtek(struct hci_dev *hdev)
1349 struct sk_buff *skb;
1352 /* According to the vendor driver, BT must be reset on close to avoid
1355 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1358 bt_dev_err(hdev, "HCI reset during shutdown failed");
1365 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
1367 static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
1369 switch (device_baudrate) {
1404 int btrtl_get_uart_settings(struct hci_dev *hdev,
1405 struct btrtl_device_info *btrtl_dev,
1406 unsigned int *controller_baudrate,
1407 u32 *device_baudrate, bool *flow_control)
1409 struct rtl_vendor_config *config;
1410 struct rtl_vendor_config_entry *entry;
1411 int i, total_data_len;
1414 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
1415 if (total_data_len <= 0) {
1416 rtl_dev_warn(hdev, "no config loaded");
1420 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
1421 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
1422 rtl_dev_err(hdev, "invalid config magic");
1426 if (total_data_len < le16_to_cpu(config->total_len)) {
1427 rtl_dev_err(hdev, "config is too short");
1431 for (i = 0; i < total_data_len; ) {
1432 entry = ((void *)config->entry) + i;
1434 switch (le16_to_cpu(entry->offset)) {
1436 if (entry->len < sizeof(*device_baudrate)) {
1437 rtl_dev_err(hdev, "invalid UART config entry");
1441 *device_baudrate = get_unaligned_le32(entry->data);
1442 *controller_baudrate = btrtl_convert_baudrate(
1445 if (entry->len >= 13)
1446 *flow_control = !!(entry->data[12] & BIT(2));
1448 *flow_control = false;
1454 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
1455 le16_to_cpu(entry->offset), entry->len);
1459 i += sizeof(*entry) + entry->len;
1463 rtl_dev_err(hdev, "no UART config entry found");
1467 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
1468 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
1469 rtl_dev_dbg(hdev, "flow control %d", *flow_control);
1473 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
1475 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
1476 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
1477 MODULE_VERSION(VERSION);
1478 MODULE_LICENSE("GPL");
1479 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
1480 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
1481 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
1482 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
1483 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
1484 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin");
1485 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin");
1486 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin");
1487 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin");
1488 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin");
1489 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin");
1490 MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin");
1491 MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin");
1492 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
1493 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
1494 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
1495 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
1496 MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin");
1497 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin");
1498 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin");
1499 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin");
1500 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
1501 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
1502 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin");
1503 MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin");
1504 MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin");
1505 MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin");
1506 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
1507 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
1508 MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin");
1509 MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin");
1510 MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin");
1511 MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin");
1512 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin");
1513 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin");
1514 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
1515 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
1516 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin");
1517 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin");
1518 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
1519 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
1520 MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin");
1521 MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin");
1522 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
1523 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin");
1524 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
projects / linux-2.6-microblaze.git / blob