1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Bluetooth support for Realtek devices
5 * Copyright (C) 2015 Endless Mobile, Inc.
8 #include <linux/module.h>
9 #include <linux/firmware.h>
10 #include <asm/unaligned.h>
11 #include <linux/usb.h>
13 #include <net/bluetooth/bluetooth.h>
14 #include <net/bluetooth/hci_core.h>
20 #define RTL_EPATCH_SIGNATURE "Realtech"
21 #define RTL_ROM_LMP_3499 0x3499
22 #define RTL_ROM_LMP_8723A 0x1200
23 #define RTL_ROM_LMP_8723B 0x8723
24 #define RTL_ROM_LMP_8723D 0x8873
25 #define RTL_ROM_LMP_8821A 0x8821
26 #define RTL_ROM_LMP_8761A 0x8761
27 #define RTL_ROM_LMP_8822B 0x8822
28 #define RTL_CONFIG_MAGIC 0x8723ab55
30 #define IC_MATCH_FL_LMPSUBV (1 << 0)
31 #define IC_MATCH_FL_HCIREV (1 << 1)
32 #define IC_MATCH_FL_HCIVER (1 << 2)
33 #define IC_MATCH_FL_HCIBUS (1 << 3)
34 #define IC_INFO(lmps, hcir) \
35 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV, \
36 .lmp_subver = (lmps), \
51 struct btrtl_device_info {
52 const struct id_table *ic_info;
60 static const struct id_table ic_id_table[] = {
61 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8723A, 0x0,
62 .config_needed = false,
63 .has_rom_version = false,
64 .fw_name = "rtl_bt/rtl8723a_fw.bin",
67 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_3499, 0x0,
68 .config_needed = false,
69 .has_rom_version = false,
70 .fw_name = "rtl_bt/rtl8723a_fw.bin",
74 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV |
75 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS,
76 .lmp_subver = RTL_ROM_LMP_8723B,
80 .config_needed = true,
81 .has_rom_version = true,
82 .fw_name = "rtl_bt/rtl8723bs_fw.bin",
83 .cfg_name = "rtl_bt/rtl8723bs_config" },
86 { IC_INFO(RTL_ROM_LMP_8723B, 0xb),
87 .config_needed = false,
88 .has_rom_version = true,
89 .fw_name = "rtl_bt/rtl8723b_fw.bin",
90 .cfg_name = "rtl_bt/rtl8723b_config" },
93 { IC_INFO(RTL_ROM_LMP_8723B, 0xd),
94 .config_needed = true,
95 .has_rom_version = true,
96 .fw_name = "rtl_bt/rtl8723d_fw.bin",
97 .cfg_name = "rtl_bt/rtl8723d_config" },
100 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV |
101 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS,
102 .lmp_subver = RTL_ROM_LMP_8723B,
106 .config_needed = true,
107 .has_rom_version = true,
108 .fw_name = "rtl_bt/rtl8723ds_fw.bin",
109 .cfg_name = "rtl_bt/rtl8723ds_config" },
112 { IC_INFO(RTL_ROM_LMP_8723D, 0x826C),
113 .config_needed = true,
114 .has_rom_version = true,
115 .fw_name = "rtl_bt/rtl8723d_fw.bin",
116 .cfg_name = "rtl_bt/rtl8723d_config" },
119 { IC_INFO(RTL_ROM_LMP_8821A, 0xa),
120 .config_needed = false,
121 .has_rom_version = true,
122 .fw_name = "rtl_bt/rtl8821a_fw.bin",
123 .cfg_name = "rtl_bt/rtl8821a_config" },
126 { IC_INFO(RTL_ROM_LMP_8821A, 0xc),
127 .config_needed = false,
128 .has_rom_version = true,
129 .fw_name = "rtl_bt/rtl8821c_fw.bin",
130 .cfg_name = "rtl_bt/rtl8821c_config" },
133 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8761A, 0x0,
134 .config_needed = false,
135 .has_rom_version = true,
136 .fw_name = "rtl_bt/rtl8761a_fw.bin",
137 .cfg_name = "rtl_bt/rtl8761a_config" },
139 /* 8822C with USB interface */
140 { IC_INFO(RTL_ROM_LMP_8822B, 0xc),
141 .config_needed = false,
142 .has_rom_version = true,
143 .fw_name = "rtl_bt/rtl8822cu_fw.bin",
144 .cfg_name = "rtl_bt/rtl8822cu_config" },
147 { IC_INFO(RTL_ROM_LMP_8822B, 0xb),
148 .config_needed = true,
149 .has_rom_version = true,
150 .fw_name = "rtl_bt/rtl8822b_fw.bin",
151 .cfg_name = "rtl_bt/rtl8822b_config" },
154 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
155 u8 hci_ver, u8 hci_bus)
159 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
160 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
161 (ic_id_table[i].lmp_subver != lmp_subver))
163 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
164 (ic_id_table[i].hci_rev != hci_rev))
166 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
167 (ic_id_table[i].hci_ver != hci_ver))
169 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
170 (ic_id_table[i].hci_bus != hci_bus))
175 if (i >= ARRAY_SIZE(ic_id_table))
178 return &ic_id_table[i];
181 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
185 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
188 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
193 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
194 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
196 return ERR_PTR(-EIO);
202 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
204 struct rtl_rom_version_evt *rom_version;
207 /* Read RTL ROM version command */
208 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
210 rtl_dev_err(hdev, "Read ROM version failed (%ld)",
215 if (skb->len != sizeof(*rom_version)) {
216 rtl_dev_err(hdev, "version event length mismatch");
221 rom_version = (struct rtl_rom_version_evt *)skb->data;
222 rtl_dev_info(hdev, "rom_version status=%x version=%x",
223 rom_version->status, rom_version->version);
225 *version = rom_version->version;
231 static int rtlbt_parse_firmware(struct hci_dev *hdev,
232 struct btrtl_device_info *btrtl_dev,
233 unsigned char **_buf)
235 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
236 struct rtl_epatch_header *epatch_info;
240 u8 opcode, length, data;
242 const unsigned char *fwptr, *chip_id_base;
243 const unsigned char *patch_length_base, *patch_offset_base;
244 u32 patch_offset = 0;
245 u16 patch_length, num_patches;
246 static const struct {
249 } project_id_to_lmp_subver[] = {
250 { RTL_ROM_LMP_8723A, 0 },
251 { RTL_ROM_LMP_8723B, 1 },
252 { RTL_ROM_LMP_8821A, 2 },
253 { RTL_ROM_LMP_8761A, 3 },
254 { RTL_ROM_LMP_8822B, 8 },
255 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */
256 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
257 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */
260 min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3;
261 if (btrtl_dev->fw_len < min_size)
264 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
265 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
266 rtl_dev_err(hdev, "extension section signature mismatch");
270 /* Loop from the end of the firmware parsing instructions, until
271 * we find an instruction that identifies the "project ID" for the
272 * hardware supported by this firwmare file.
273 * Once we have that, we double-check that that project_id is suitable
274 * for the hardware we are working with.
276 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
281 BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
283 if (opcode == 0xff) /* EOF */
287 rtl_dev_err(hdev, "found instruction with length 0");
291 if (opcode == 0 && length == 1) {
299 if (project_id < 0) {
300 rtl_dev_err(hdev, "failed to find version instruction");
304 /* Find project_id in table */
305 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
306 if (project_id == project_id_to_lmp_subver[i].id)
310 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
311 rtl_dev_err(hdev, "unknown project id %d", project_id);
315 if (btrtl_dev->ic_info->lmp_subver !=
316 project_id_to_lmp_subver[i].lmp_subver) {
317 rtl_dev_err(hdev, "firmware is for %x but this is a %x",
318 project_id_to_lmp_subver[i].lmp_subver,
319 btrtl_dev->ic_info->lmp_subver);
323 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
324 if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) {
325 rtl_dev_err(hdev, "bad EPATCH signature");
329 num_patches = le16_to_cpu(epatch_info->num_patches);
330 BT_DBG("fw_version=%x, num_patches=%d",
331 le32_to_cpu(epatch_info->fw_version), num_patches);
333 /* After the rtl_epatch_header there is a funky patch metadata section.
334 * Assuming 2 patches, the layout is:
335 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
337 * Find the right patch for this chip.
339 min_size += 8 * num_patches;
340 if (btrtl_dev->fw_len < min_size)
343 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
344 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
345 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
346 for (i = 0; i < num_patches; i++) {
347 u16 chip_id = get_unaligned_le16(chip_id_base +
349 if (chip_id == btrtl_dev->rom_version + 1) {
350 patch_length = get_unaligned_le16(patch_length_base +
352 patch_offset = get_unaligned_le32(patch_offset_base +
359 rtl_dev_err(hdev, "didn't find patch for chip id %d",
360 btrtl_dev->rom_version);
364 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
365 min_size = patch_offset + patch_length;
366 if (btrtl_dev->fw_len < min_size)
369 /* Copy the firmware into a new buffer and write the version at
373 buf = kvmalloc(patch_length, GFP_KERNEL);
377 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
378 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
384 static int rtl_download_firmware(struct hci_dev *hdev,
385 const unsigned char *data, int fw_len)
387 struct rtl_download_cmd *dl_cmd;
388 int frag_num = fw_len / RTL_FRAG_LEN + 1;
389 int frag_len = RTL_FRAG_LEN;
393 struct hci_rp_read_local_version *rp;
395 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL);
399 for (i = 0; i < frag_num; i++) {
402 BT_DBG("download fw (%d/%d)", i, frag_num);
405 dl_cmd->index = (i & 0x7f) + 1;
409 if (i == (frag_num - 1)) {
410 dl_cmd->index |= 0x80; /* data end */
411 frag_len = fw_len % RTL_FRAG_LEN;
413 memcpy(dl_cmd->data, data, frag_len);
415 /* Send download command */
416 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
419 rtl_dev_err(hdev, "download fw command failed (%ld)",
425 if (skb->len != sizeof(struct rtl_download_response)) {
426 rtl_dev_err(hdev, "download fw event length mismatch");
433 data += RTL_FRAG_LEN;
436 skb = btrtl_read_local_version(hdev);
439 rtl_dev_err(hdev, "read local version failed");
443 rp = (struct hci_rp_read_local_version *)skb->data;
444 rtl_dev_info(hdev, "fw version 0x%04x%04x",
445 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
453 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
455 const struct firmware *fw;
458 rtl_dev_info(hdev, "loading %s", name);
459 ret = request_firmware(&fw, name, &hdev->dev);
463 *buff = kvmalloc(fw->size, GFP_KERNEL);
465 memcpy(*buff, fw->data, ret);
469 release_firmware(fw);
474 static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
475 struct btrtl_device_info *btrtl_dev)
477 if (btrtl_dev->fw_len < 8)
480 /* Check that the firmware doesn't have the epatch signature
481 * (which is only for RTL8723B and newer).
483 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
484 rtl_dev_err(hdev, "unexpected EPATCH signature!");
488 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
492 static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
493 struct btrtl_device_info *btrtl_dev)
495 unsigned char *fw_data = NULL;
499 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
503 if (btrtl_dev->cfg_len > 0) {
504 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
510 memcpy(tbuff, fw_data, ret);
513 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
514 ret += btrtl_dev->cfg_len;
519 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
521 ret = rtl_download_firmware(hdev, fw_data, ret);
528 void btrtl_free(struct btrtl_device_info *btrtl_dev)
530 kvfree(btrtl_dev->fw_data);
531 kvfree(btrtl_dev->cfg_data);
534 EXPORT_SYMBOL_GPL(btrtl_free);
536 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
539 struct btrtl_device_info *btrtl_dev;
541 struct hci_rp_read_local_version *resp;
543 u16 hci_rev, lmp_subver;
547 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
553 skb = btrtl_read_local_version(hdev);
559 resp = (struct hci_rp_read_local_version *)skb->data;
560 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
561 resp->hci_ver, resp->hci_rev,
562 resp->lmp_ver, resp->lmp_subver);
564 hci_ver = resp->hci_ver;
565 hci_rev = le16_to_cpu(resp->hci_rev);
566 lmp_subver = le16_to_cpu(resp->lmp_subver);
569 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
572 if (!btrtl_dev->ic_info) {
573 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
574 lmp_subver, hci_rev, hci_ver);
578 if (btrtl_dev->ic_info->has_rom_version) {
579 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
584 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
585 &btrtl_dev->fw_data);
586 if (btrtl_dev->fw_len < 0) {
587 rtl_dev_err(hdev, "firmware file %s not found",
588 btrtl_dev->ic_info->fw_name);
589 ret = btrtl_dev->fw_len;
593 if (btrtl_dev->ic_info->cfg_name) {
595 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
596 btrtl_dev->ic_info->cfg_name, postfix);
598 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
599 btrtl_dev->ic_info->cfg_name);
601 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
602 &btrtl_dev->cfg_data);
603 if (btrtl_dev->ic_info->config_needed &&
604 btrtl_dev->cfg_len <= 0) {
605 rtl_dev_err(hdev, "mandatory config file %s not found",
606 btrtl_dev->ic_info->cfg_name);
607 ret = btrtl_dev->cfg_len;
615 btrtl_free(btrtl_dev);
619 EXPORT_SYMBOL_GPL(btrtl_initialize);
621 int btrtl_download_firmware(struct hci_dev *hdev,
622 struct btrtl_device_info *btrtl_dev)
624 /* Match a set of subver values that correspond to stock firmware,
625 * which is not compatible with standard btusb.
626 * If matched, upload an alternative firmware that does conform to
627 * standard btusb. Once that firmware is uploaded, the subver changes
628 * to a different value.
630 if (!btrtl_dev->ic_info) {
631 rtl_dev_info(hdev, "assuming no firmware upload needed");
635 switch (btrtl_dev->ic_info->lmp_subver) {
636 case RTL_ROM_LMP_8723A:
637 case RTL_ROM_LMP_3499:
638 return btrtl_setup_rtl8723a(hdev, btrtl_dev);
639 case RTL_ROM_LMP_8723B:
640 case RTL_ROM_LMP_8821A:
641 case RTL_ROM_LMP_8761A:
642 case RTL_ROM_LMP_8822B:
643 return btrtl_setup_rtl8723b(hdev, btrtl_dev);
645 rtl_dev_info(hdev, "assuming no firmware upload needed");
649 EXPORT_SYMBOL_GPL(btrtl_download_firmware);
651 int btrtl_setup_realtek(struct hci_dev *hdev)
653 struct btrtl_device_info *btrtl_dev;
656 btrtl_dev = btrtl_initialize(hdev, NULL);
657 if (IS_ERR(btrtl_dev))
658 return PTR_ERR(btrtl_dev);
660 ret = btrtl_download_firmware(hdev, btrtl_dev);
662 btrtl_free(btrtl_dev);
664 /* Enable controller to do both LE scan and BR/EDR inquiry
667 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
671 EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
673 int btrtl_shutdown_realtek(struct hci_dev *hdev)
678 /* According to the vendor driver, BT must be reset on close to avoid
681 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
684 bt_dev_err(hdev, "HCI reset during shutdown failed");
691 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
693 static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
695 switch (device_baudrate) {
730 int btrtl_get_uart_settings(struct hci_dev *hdev,
731 struct btrtl_device_info *btrtl_dev,
732 unsigned int *controller_baudrate,
733 u32 *device_baudrate, bool *flow_control)
735 struct rtl_vendor_config *config;
736 struct rtl_vendor_config_entry *entry;
737 int i, total_data_len;
740 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
741 if (total_data_len <= 0) {
742 rtl_dev_warn(hdev, "no config loaded");
746 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
747 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
748 rtl_dev_err(hdev, "invalid config magic");
752 if (total_data_len < le16_to_cpu(config->total_len)) {
753 rtl_dev_err(hdev, "config is too short");
757 for (i = 0; i < total_data_len; ) {
758 entry = ((void *)config->entry) + i;
760 switch (le16_to_cpu(entry->offset)) {
762 if (entry->len < sizeof(*device_baudrate)) {
763 rtl_dev_err(hdev, "invalid UART config entry");
767 *device_baudrate = get_unaligned_le32(entry->data);
768 *controller_baudrate = btrtl_convert_baudrate(
771 if (entry->len >= 13)
772 *flow_control = !!(entry->data[12] & BIT(2));
774 *flow_control = false;
780 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
781 le16_to_cpu(entry->offset), entry->len);
785 i += sizeof(*entry) + entry->len;
789 rtl_dev_err(hdev, "no UART config entry found");
793 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
794 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
795 rtl_dev_dbg(hdev, "flow control %d", *flow_control);
799 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
801 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
802 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
803 MODULE_VERSION(VERSION);
804 MODULE_LICENSE("GPL");
805 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
806 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
807 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
808 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
809 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
810 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
811 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
812 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
813 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
814 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
815 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
816 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
817 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
projects / linux-2.6-microblaze.git / blob