1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Bluetooth support for Realtek devices
5 * Copyright (C) 2015 Endless Mobile, Inc.
8 #include <linux/module.h>
9 #include <linux/firmware.h>
10 #include <asm/unaligned.h>
11 #include <linux/usb.h>
13 #include <net/bluetooth/bluetooth.h>
14 #include <net/bluetooth/hci_core.h>
20 #define RTL_CHIP_8723CS_CG 3
21 #define RTL_CHIP_8723CS_VF 4
22 #define RTL_CHIP_8723CS_XX 5
23 #define RTL_EPATCH_SIGNATURE "Realtech"
24 #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore"
25 #define RTL_ROM_LMP_8703B 0x8703
26 #define RTL_ROM_LMP_8723A 0x1200
27 #define RTL_ROM_LMP_8723B 0x8723
28 #define RTL_ROM_LMP_8821A 0x8821
29 #define RTL_ROM_LMP_8761A 0x8761
30 #define RTL_ROM_LMP_8822B 0x8822
31 #define RTL_ROM_LMP_8852A 0x8852
32 #define RTL_ROM_LMP_8851B 0x8851
33 #define RTL_CONFIG_MAGIC 0x8723ab55
35 #define IC_MATCH_FL_LMPSUBV (1 << 0)
36 #define IC_MATCH_FL_HCIREV (1 << 1)
37 #define IC_MATCH_FL_HCIVER (1 << 2)
38 #define IC_MATCH_FL_HCIBUS (1 << 3)
39 #define IC_MATCH_FL_CHIP_TYPE (1 << 4)
40 #define IC_INFO(lmps, hcir, hciv, bus) \
41 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \
42 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \
43 .lmp_subver = (lmps), \
48 #define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}})
49 #define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}})
50 #define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}})
52 #define RTL_PATCH_SNIPPETS 0x01
53 #define RTL_PATCH_DUMMY_HEADER 0x02
54 #define RTL_PATCH_SECURITY_HEADER 0x03
86 struct btrtl_device_info {
87 const struct id_table *ic_info;
96 struct list_head patch_subsecs;
99 static const struct id_table ic_id_table[] = {
101 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
102 .config_needed = false,
103 .has_rom_version = false,
104 .fw_name = "rtl_bt/rtl8723a_fw.bin",
108 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
109 .config_needed = true,
110 .has_rom_version = true,
111 .fw_name = "rtl_bt/rtl8723bs_fw.bin",
112 .cfg_name = "rtl_bt/rtl8723bs_config" },
115 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
116 .config_needed = false,
117 .has_rom_version = true,
118 .fw_name = "rtl_bt/rtl8723b_fw.bin",
119 .cfg_name = "rtl_bt/rtl8723b_config" },
122 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
124 .lmp_subver = RTL_ROM_LMP_8703B,
125 .chip_type = RTL_CHIP_8723CS_CG,
127 .config_needed = true,
128 .has_rom_version = true,
129 .fw_name = "rtl_bt/rtl8723cs_cg_fw.bin",
130 .cfg_name = "rtl_bt/rtl8723cs_cg_config" },
133 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
135 .lmp_subver = RTL_ROM_LMP_8703B,
136 .chip_type = RTL_CHIP_8723CS_VF,
138 .config_needed = true,
139 .has_rom_version = true,
140 .fw_name = "rtl_bt/rtl8723cs_vf_fw.bin",
141 .cfg_name = "rtl_bt/rtl8723cs_vf_config" },
144 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
146 .lmp_subver = RTL_ROM_LMP_8703B,
147 .chip_type = RTL_CHIP_8723CS_XX,
149 .config_needed = true,
150 .has_rom_version = true,
151 .fw_name = "rtl_bt/rtl8723cs_xx_fw.bin",
152 .cfg_name = "rtl_bt/rtl8723cs_xx_config" },
155 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
156 .config_needed = true,
157 .has_rom_version = true,
158 .fw_name = "rtl_bt/rtl8723d_fw.bin",
159 .cfg_name = "rtl_bt/rtl8723d_config" },
162 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
163 .config_needed = true,
164 .has_rom_version = true,
165 .fw_name = "rtl_bt/rtl8723ds_fw.bin",
166 .cfg_name = "rtl_bt/rtl8723ds_config" },
169 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
170 .config_needed = false,
171 .has_rom_version = true,
172 .fw_name = "rtl_bt/rtl8821a_fw.bin",
173 .cfg_name = "rtl_bt/rtl8821a_config" },
176 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
177 .config_needed = false,
178 .has_rom_version = true,
179 .has_msft_ext = true,
180 .fw_name = "rtl_bt/rtl8821c_fw.bin",
181 .cfg_name = "rtl_bt/rtl8821c_config" },
184 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART),
185 .config_needed = true,
186 .has_rom_version = true,
187 .has_msft_ext = true,
188 .fw_name = "rtl_bt/rtl8821cs_fw.bin",
189 .cfg_name = "rtl_bt/rtl8821cs_config" },
192 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
193 .config_needed = false,
194 .has_rom_version = true,
195 .fw_name = "rtl_bt/rtl8761a_fw.bin",
196 .cfg_name = "rtl_bt/rtl8761a_config" },
199 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
200 .config_needed = false,
201 .has_rom_version = true,
202 .has_msft_ext = true,
203 .fw_name = "rtl_bt/rtl8761b_fw.bin",
204 .cfg_name = "rtl_bt/rtl8761b_config" },
207 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
208 .config_needed = false,
209 .has_rom_version = true,
210 .fw_name = "rtl_bt/rtl8761bu_fw.bin",
211 .cfg_name = "rtl_bt/rtl8761bu_config" },
213 /* 8822C with UART interface */
214 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
215 .config_needed = true,
216 .has_rom_version = true,
217 .has_msft_ext = true,
218 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
219 .cfg_name = "rtl_bt/rtl8822cs_config" },
221 /* 8822C with UART interface */
222 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
223 .config_needed = true,
224 .has_rom_version = true,
225 .has_msft_ext = true,
226 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
227 .cfg_name = "rtl_bt/rtl8822cs_config" },
229 /* 8822C with USB interface */
230 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
231 .config_needed = false,
232 .has_rom_version = true,
233 .has_msft_ext = true,
234 .fw_name = "rtl_bt/rtl8822cu_fw.bin",
235 .cfg_name = "rtl_bt/rtl8822cu_config" },
238 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
239 .config_needed = true,
240 .has_rom_version = true,
241 .has_msft_ext = true,
242 .fw_name = "rtl_bt/rtl8822b_fw.bin",
243 .cfg_name = "rtl_bt/rtl8822b_config" },
246 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
247 .config_needed = false,
248 .has_rom_version = true,
249 .has_msft_ext = true,
250 .fw_name = "rtl_bt/rtl8852au_fw.bin",
251 .cfg_name = "rtl_bt/rtl8852au_config" },
253 /* 8852B with UART interface */
254 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART),
255 .config_needed = true,
256 .has_rom_version = true,
257 .has_msft_ext = true,
258 .fw_name = "rtl_bt/rtl8852bs_fw.bin",
259 .cfg_name = "rtl_bt/rtl8852bs_config" },
262 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
263 .config_needed = false,
264 .has_rom_version = true,
265 .has_msft_ext = true,
266 .fw_name = "rtl_bt/rtl8852bu_fw.bin",
267 .cfg_name = "rtl_bt/rtl8852bu_config" },
270 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
271 .config_needed = false,
272 .has_rom_version = true,
273 .has_msft_ext = true,
274 .fw_name = "rtl_bt/rtl8852cu_fw.bin",
275 .cfg_name = "rtl_bt/rtl8852cu_config" },
278 { IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB),
279 .config_needed = false,
280 .has_rom_version = true,
281 .has_msft_ext = false,
282 .fw_name = "rtl_bt/rtl8851bu_fw.bin",
283 .cfg_name = "rtl_bt/rtl8851bu_config" },
286 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
287 u8 hci_ver, u8 hci_bus,
292 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
293 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
294 (ic_id_table[i].lmp_subver != lmp_subver))
296 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
297 (ic_id_table[i].hci_rev != hci_rev))
299 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
300 (ic_id_table[i].hci_ver != hci_ver))
302 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
303 (ic_id_table[i].hci_bus != hci_bus))
305 if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) &&
306 (ic_id_table[i].chip_type != chip_type))
311 if (i >= ARRAY_SIZE(ic_id_table))
314 return &ic_id_table[i];
317 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
321 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
324 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
329 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
330 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
332 return ERR_PTR(-EIO);
338 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
340 struct rtl_rom_version_evt *rom_version;
343 /* Read RTL ROM version command */
344 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
346 rtl_dev_err(hdev, "Read ROM version failed (%ld)",
351 if (skb->len != sizeof(*rom_version)) {
352 rtl_dev_err(hdev, "version event length mismatch");
357 rom_version = (struct rtl_rom_version_evt *)skb->data;
358 rtl_dev_info(hdev, "rom_version status=%x version=%x",
359 rom_version->status, rom_version->version);
361 *version = rom_version->version;
367 static int btrtl_vendor_read_reg16(struct hci_dev *hdev,
368 struct rtl_vendor_cmd *cmd, u8 *rp)
373 skb = __hci_cmd_sync(hdev, 0xfc61, sizeof(*cmd), cmd,
377 rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err);
381 if (skb->len != 3 || skb->data[0]) {
382 bt_dev_err(hdev, "RTL: Read reg16 length mismatch");
388 memcpy(rp, skb->data + 1, 2);
395 static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len)
397 void *data = iov->data;
408 static void btrtl_insert_ordered_subsec(struct rtl_subsection *node,
409 struct btrtl_device_info *btrtl_dev)
411 struct list_head *pos;
412 struct list_head *next;
413 struct rtl_subsection *subsec;
415 list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) {
416 subsec = list_entry(pos, struct rtl_subsection, list);
417 if (subsec->prio >= node->prio)
420 __list_add(&node->list, pos->prev, pos);
423 static int btrtl_parse_section(struct hci_dev *hdev,
424 struct btrtl_device_info *btrtl_dev, u32 opcode,
427 struct rtl_section_hdr *hdr;
428 struct rtl_subsection *subsec;
429 struct rtl_common_subsec *common_subsec;
430 struct rtl_sec_hdr *sec_hdr;
436 struct rtl_iovec iov = {
441 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
444 num_subsecs = le16_to_cpu(hdr->num);
446 for (i = 0; i < num_subsecs; i++) {
447 common_subsec = rtl_iov_pull_data(&iov, sizeof(*common_subsec));
450 subsec_len = le32_to_cpu(common_subsec->len);
452 rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x",
453 common_subsec->eco, subsec_len);
455 ptr = rtl_iov_pull_data(&iov, subsec_len);
459 if (common_subsec->eco != btrtl_dev->rom_version + 1)
463 case RTL_PATCH_SECURITY_HEADER:
464 sec_hdr = (void *)common_subsec;
465 if (sec_hdr->key_id != btrtl_dev->key_id)
470 subsec = kzalloc(sizeof(*subsec), GFP_KERNEL);
473 subsec->opcode = opcode;
474 subsec->prio = common_subsec->prio;
475 subsec->len = subsec_len;
477 btrtl_insert_ordered_subsec(subsec, btrtl_dev);
484 static int rtlbt_parse_firmware_v2(struct hci_dev *hdev,
485 struct btrtl_device_info *btrtl_dev,
486 unsigned char **_buf)
488 struct rtl_epatch_header_v2 *hdr;
493 struct rtl_section *section;
494 struct rtl_subsection *entry, *tmp;
500 struct rtl_iovec iov = {
501 .data = btrtl_dev->fw_data,
502 .len = btrtl_dev->fw_len - 7, /* Cut the tail */
505 rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, reg_val);
510 rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id);
512 btrtl_dev->key_id = key_id;
514 hdr = rtl_iov_pull_data(&iov, sizeof(*hdr));
517 num_sections = le32_to_cpu(hdr->num_sections);
519 rtl_dev_dbg(hdev, "FW version %08x-%08x", *((u32 *)hdr->fw_version),
520 *((u32 *)(hdr->fw_version + 4)));
522 for (i = 0; i < num_sections; i++) {
523 section = rtl_iov_pull_data(&iov, sizeof(*section));
526 section_len = le32_to_cpu(section->len);
527 opcode = le32_to_cpu(section->opcode);
529 rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode);
531 ptr = rtl_iov_pull_data(&iov, section_len);
536 case RTL_PATCH_SNIPPETS:
537 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
540 case RTL_PATCH_SECURITY_HEADER:
541 /* If key_id from chip is zero, ignore all security
546 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
549 case RTL_PATCH_DUMMY_HEADER:
550 rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
558 rtl_dev_err(hdev, "RTL: Parse section (%u) err %d",
568 /* Allocate mem and copy all found subsecs. */
569 ptr = kvmalloc(len, GFP_KERNEL);
574 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
575 rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x",
576 entry->opcode, entry->data, entry->len);
577 memcpy(ptr + len, entry->data, entry->len);
588 static int rtlbt_parse_firmware(struct hci_dev *hdev,
589 struct btrtl_device_info *btrtl_dev,
590 unsigned char **_buf)
592 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
593 struct rtl_epatch_header *epatch_info;
597 u8 opcode, length, data;
599 const unsigned char *fwptr, *chip_id_base;
600 const unsigned char *patch_length_base, *patch_offset_base;
601 u32 patch_offset = 0;
602 u16 patch_length, num_patches;
603 static const struct {
606 } project_id_to_lmp_subver[] = {
607 { RTL_ROM_LMP_8723A, 0 },
608 { RTL_ROM_LMP_8723B, 1 },
609 { RTL_ROM_LMP_8821A, 2 },
610 { RTL_ROM_LMP_8761A, 3 },
611 { RTL_ROM_LMP_8703B, 7 },
612 { RTL_ROM_LMP_8822B, 8 },
613 { RTL_ROM_LMP_8723B, 9 }, /* 8723D */
614 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
615 { RTL_ROM_LMP_8822B, 13 }, /* 8822C */
616 { RTL_ROM_LMP_8761A, 14 }, /* 8761B */
617 { RTL_ROM_LMP_8852A, 18 }, /* 8852A */
618 { RTL_ROM_LMP_8852A, 20 }, /* 8852B */
619 { RTL_ROM_LMP_8852A, 25 }, /* 8852C */
620 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */
623 if (btrtl_dev->fw_len <= 8)
626 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8))
627 min_size = sizeof(struct rtl_epatch_header) +
628 sizeof(extension_sig) + 3;
629 else if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
630 min_size = sizeof(struct rtl_epatch_header_v2) +
631 sizeof(extension_sig) + 3;
635 if (btrtl_dev->fw_len < min_size)
638 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
639 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
640 rtl_dev_err(hdev, "extension section signature mismatch");
644 /* Loop from the end of the firmware parsing instructions, until
645 * we find an instruction that identifies the "project ID" for the
646 * hardware supported by this firwmare file.
647 * Once we have that, we double-check that project_id is suitable
648 * for the hardware we are working with.
650 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
655 BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
657 if (opcode == 0xff) /* EOF */
661 rtl_dev_err(hdev, "found instruction with length 0");
665 if (opcode == 0 && length == 1) {
673 if (project_id < 0) {
674 rtl_dev_err(hdev, "failed to find version instruction");
678 /* Find project_id in table */
679 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
680 if (project_id == project_id_to_lmp_subver[i].id) {
681 btrtl_dev->project_id = project_id;
686 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
687 rtl_dev_err(hdev, "unknown project id %d", project_id);
691 if (btrtl_dev->ic_info->lmp_subver !=
692 project_id_to_lmp_subver[i].lmp_subver) {
693 rtl_dev_err(hdev, "firmware is for %x but this is a %x",
694 project_id_to_lmp_subver[i].lmp_subver,
695 btrtl_dev->ic_info->lmp_subver);
699 if (memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8) != 0) {
700 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, 8))
701 return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf);
702 rtl_dev_err(hdev, "bad EPATCH signature");
706 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
707 num_patches = le16_to_cpu(epatch_info->num_patches);
708 BT_DBG("fw_version=%x, num_patches=%d",
709 le32_to_cpu(epatch_info->fw_version), num_patches);
711 /* After the rtl_epatch_header there is a funky patch metadata section.
712 * Assuming 2 patches, the layout is:
713 * ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
715 * Find the right patch for this chip.
717 min_size += 8 * num_patches;
718 if (btrtl_dev->fw_len < min_size)
721 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
722 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
723 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
724 for (i = 0; i < num_patches; i++) {
725 u16 chip_id = get_unaligned_le16(chip_id_base +
727 if (chip_id == btrtl_dev->rom_version + 1) {
728 patch_length = get_unaligned_le16(patch_length_base +
730 patch_offset = get_unaligned_le32(patch_offset_base +
737 rtl_dev_err(hdev, "didn't find patch for chip id %d",
738 btrtl_dev->rom_version);
742 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
743 min_size = patch_offset + patch_length;
744 if (btrtl_dev->fw_len < min_size)
747 /* Copy the firmware into a new buffer and write the version at
751 buf = kvmalloc(patch_length, GFP_KERNEL);
755 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
756 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
762 static int rtl_download_firmware(struct hci_dev *hdev,
763 const unsigned char *data, int fw_len)
765 struct rtl_download_cmd *dl_cmd;
766 int frag_num = fw_len / RTL_FRAG_LEN + 1;
767 int frag_len = RTL_FRAG_LEN;
772 struct hci_rp_read_local_version *rp;
774 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL);
778 for (i = 0; i < frag_num; i++) {
782 if (dl_cmd->index == 0x7f)
785 if (i == (frag_num - 1)) {
786 dl_cmd->index |= 0x80; /* data end */
787 frag_len = fw_len % RTL_FRAG_LEN;
789 rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i,
790 frag_num, dl_cmd->index);
791 memcpy(dl_cmd->data, data, frag_len);
793 /* Send download command */
794 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
797 rtl_dev_err(hdev, "download fw command failed (%ld)",
803 if (skb->len != sizeof(struct rtl_download_response)) {
804 rtl_dev_err(hdev, "download fw event length mismatch");
811 data += RTL_FRAG_LEN;
814 skb = btrtl_read_local_version(hdev);
817 rtl_dev_err(hdev, "read local version failed");
821 rp = (struct hci_rp_read_local_version *)skb->data;
822 rtl_dev_info(hdev, "fw version 0x%04x%04x",
823 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
831 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
833 const struct firmware *fw;
836 rtl_dev_info(hdev, "loading %s", name);
837 ret = request_firmware(&fw, name, &hdev->dev);
841 *buff = kvmalloc(fw->size, GFP_KERNEL);
843 memcpy(*buff, fw->data, ret);
847 release_firmware(fw);
852 static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
853 struct btrtl_device_info *btrtl_dev)
855 if (btrtl_dev->fw_len < 8)
858 /* Check that the firmware doesn't have the epatch signature
859 * (which is only for RTL8723B and newer).
861 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
862 rtl_dev_err(hdev, "unexpected EPATCH signature!");
866 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
870 static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
871 struct btrtl_device_info *btrtl_dev)
873 unsigned char *fw_data = NULL;
877 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
881 if (btrtl_dev->cfg_len > 0) {
882 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
888 memcpy(tbuff, fw_data, ret);
891 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
892 ret += btrtl_dev->cfg_len;
897 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
899 ret = rtl_download_firmware(hdev, fw_data, ret);
906 static bool rtl_has_chip_type(u16 lmp_subver)
908 switch (lmp_subver) {
909 case RTL_ROM_LMP_8703B:
918 static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type)
920 struct rtl_chip_type_evt *chip_type;
922 const unsigned char cmd_buf[] = {0x00, 0x94, 0xa0, 0x00, 0xb0};
924 /* Read RTL chip type command */
925 skb = __hci_cmd_sync(hdev, 0xfc61, 5, cmd_buf, HCI_INIT_TIMEOUT);
927 rtl_dev_err(hdev, "Read chip type failed (%ld)",
932 chip_type = skb_pull_data(skb, sizeof(*chip_type));
934 rtl_dev_err(hdev, "RTL chip type event length mismatch");
939 rtl_dev_info(hdev, "chip_type status=%x type=%x",
940 chip_type->status, chip_type->type);
942 *type = chip_type->type & 0x0f;
948 void btrtl_free(struct btrtl_device_info *btrtl_dev)
950 struct rtl_subsection *entry, *tmp;
952 kvfree(btrtl_dev->fw_data);
953 kvfree(btrtl_dev->cfg_data);
955 list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
956 list_del(&entry->list);
962 EXPORT_SYMBOL_GPL(btrtl_free);
964 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
967 struct btrtl_device_info *btrtl_dev;
969 struct hci_rp_read_local_version *resp;
971 u16 hci_rev, lmp_subver;
972 u8 hci_ver, lmp_ver, chip_type = 0;
978 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
984 INIT_LIST_HEAD(&btrtl_dev->patch_subsecs);
987 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val);
990 lmp_subver = get_unaligned_le16(reg_val);
992 if (lmp_subver == RTL_ROM_LMP_8822B) {
993 ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, reg_val);
996 hci_rev = get_unaligned_le16(reg_val);
999 if (hci_rev == 0x000e) {
1002 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev,
1009 skb = btrtl_read_local_version(hdev);
1015 resp = (struct hci_rp_read_local_version *)skb->data;
1017 hci_ver = resp->hci_ver;
1018 hci_rev = le16_to_cpu(resp->hci_rev);
1019 lmp_ver = resp->lmp_ver;
1020 lmp_subver = le16_to_cpu(resp->lmp_subver);
1024 if (rtl_has_chip_type(lmp_subver)) {
1025 ret = rtl_read_chip_type(hdev, &chip_type);
1030 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
1031 hdev->bus, chip_type);
1034 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
1036 lmp_ver, lmp_subver);
1038 if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw)
1039 btrtl_dev->drop_fw = true;
1041 btrtl_dev->drop_fw = false;
1043 if (btrtl_dev->drop_fw) {
1044 opcode = hci_opcode_pack(0x3f, 0x66);
1045 cmd[0] = opcode & 0xff;
1046 cmd[1] = opcode >> 8;
1048 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1052 skb_put_data(skb, cmd, sizeof(cmd));
1053 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1055 ret = hdev->send(hdev, skb);
1057 bt_dev_err(hdev, "sending frame failed (%d)", ret);
1062 /* Ensure the above vendor command is sent to controller and
1070 if (!btrtl_dev->ic_info) {
1071 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
1072 lmp_subver, hci_rev, hci_ver);
1076 if (btrtl_dev->ic_info->has_rom_version) {
1077 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
1082 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
1083 &btrtl_dev->fw_data);
1084 if (btrtl_dev->fw_len < 0) {
1085 rtl_dev_err(hdev, "firmware file %s not found",
1086 btrtl_dev->ic_info->fw_name);
1087 ret = btrtl_dev->fw_len;
1091 if (btrtl_dev->ic_info->cfg_name) {
1093 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
1094 btrtl_dev->ic_info->cfg_name, postfix);
1096 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
1097 btrtl_dev->ic_info->cfg_name);
1099 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
1100 &btrtl_dev->cfg_data);
1101 if (btrtl_dev->ic_info->config_needed &&
1102 btrtl_dev->cfg_len <= 0) {
1103 rtl_dev_err(hdev, "mandatory config file %s not found",
1104 btrtl_dev->ic_info->cfg_name);
1105 ret = btrtl_dev->cfg_len;
1110 /* The following chips supports the Microsoft vendor extension,
1111 * therefore set the corresponding VsMsftOpCode.
1113 if (btrtl_dev->ic_info->has_msft_ext)
1114 hci_set_msft_opcode(hdev, 0xFCF0);
1119 btrtl_free(btrtl_dev);
1121 return ERR_PTR(ret);
1123 EXPORT_SYMBOL_GPL(btrtl_initialize);
1125 int btrtl_download_firmware(struct hci_dev *hdev,
1126 struct btrtl_device_info *btrtl_dev)
1128 /* Match a set of subver values that correspond to stock firmware,
1129 * which is not compatible with standard btusb.
1130 * If matched, upload an alternative firmware that does conform to
1131 * standard btusb. Once that firmware is uploaded, the subver changes
1132 * to a different value.
1134 if (!btrtl_dev->ic_info) {
1135 rtl_dev_info(hdev, "assuming no firmware upload needed");
1139 switch (btrtl_dev->ic_info->lmp_subver) {
1140 case RTL_ROM_LMP_8723A:
1141 return btrtl_setup_rtl8723a(hdev, btrtl_dev);
1142 case RTL_ROM_LMP_8723B:
1143 case RTL_ROM_LMP_8821A:
1144 case RTL_ROM_LMP_8761A:
1145 case RTL_ROM_LMP_8822B:
1146 case RTL_ROM_LMP_8852A:
1147 case RTL_ROM_LMP_8703B:
1148 case RTL_ROM_LMP_8851B:
1149 return btrtl_setup_rtl8723b(hdev, btrtl_dev);
1151 rtl_dev_info(hdev, "assuming no firmware upload needed");
1155 EXPORT_SYMBOL_GPL(btrtl_download_firmware);
1157 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev)
1159 /* Enable controller to do both LE scan and BR/EDR inquiry
1162 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1164 /* Enable central-peripheral role (able to create new connections with
1165 * an existing connection in slave role).
1167 /* Enable WBS supported for the specific Realtek devices. */
1168 switch (btrtl_dev->project_id) {
1174 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
1175 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
1177 /* RTL8852C needs to transmit mSBC data continuously without
1178 * the zero length of USB packets for the ALT 6 supported chips
1180 if (btrtl_dev->project_id == CHIP_ID_8852C)
1181 btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
1183 hci_set_aosp_capable(hdev);
1186 rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
1187 rtl_dev_dbg(hdev, "WBS supported not enabled.");
1191 if (!btrtl_dev->ic_info)
1194 switch (btrtl_dev->ic_info->lmp_subver) {
1195 case RTL_ROM_LMP_8703B:
1196 /* 8723CS reports two pages for local ext features,
1197 * but it doesn't support any features from page 2 -
1198 * it either responds with garbage or with error status
1200 set_bit(HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2,
1207 EXPORT_SYMBOL_GPL(btrtl_set_quirks);
1209 int btrtl_setup_realtek(struct hci_dev *hdev)
1211 struct btrtl_device_info *btrtl_dev;
1214 btrtl_dev = btrtl_initialize(hdev, NULL);
1215 if (IS_ERR(btrtl_dev))
1216 return PTR_ERR(btrtl_dev);
1218 ret = btrtl_download_firmware(hdev, btrtl_dev);
1220 btrtl_set_quirks(hdev, btrtl_dev);
1222 btrtl_free(btrtl_dev);
1225 EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
1227 int btrtl_shutdown_realtek(struct hci_dev *hdev)
1229 struct sk_buff *skb;
1232 /* According to the vendor driver, BT must be reset on close to avoid
1235 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1238 bt_dev_err(hdev, "HCI reset during shutdown failed");
1245 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
1247 static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
1249 switch (device_baudrate) {
1284 int btrtl_get_uart_settings(struct hci_dev *hdev,
1285 struct btrtl_device_info *btrtl_dev,
1286 unsigned int *controller_baudrate,
1287 u32 *device_baudrate, bool *flow_control)
1289 struct rtl_vendor_config *config;
1290 struct rtl_vendor_config_entry *entry;
1291 int i, total_data_len;
1294 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
1295 if (total_data_len <= 0) {
1296 rtl_dev_warn(hdev, "no config loaded");
1300 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
1301 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
1302 rtl_dev_err(hdev, "invalid config magic");
1306 if (total_data_len < le16_to_cpu(config->total_len)) {
1307 rtl_dev_err(hdev, "config is too short");
1311 for (i = 0; i < total_data_len; ) {
1312 entry = ((void *)config->entry) + i;
1314 switch (le16_to_cpu(entry->offset)) {
1316 if (entry->len < sizeof(*device_baudrate)) {
1317 rtl_dev_err(hdev, "invalid UART config entry");
1321 *device_baudrate = get_unaligned_le32(entry->data);
1322 *controller_baudrate = btrtl_convert_baudrate(
1325 if (entry->len >= 13)
1326 *flow_control = !!(entry->data[12] & BIT(2));
1328 *flow_control = false;
1334 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
1335 le16_to_cpu(entry->offset), entry->len);
1339 i += sizeof(*entry) + entry->len;
1343 rtl_dev_err(hdev, "no UART config entry found");
1347 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
1348 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
1349 rtl_dev_dbg(hdev, "flow control %d", *flow_control);
1353 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
1355 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
1356 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
1357 MODULE_VERSION(VERSION);
1358 MODULE_LICENSE("GPL");
1359 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
1360 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
1361 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
1362 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
1363 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
1364 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin");
1365 MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin");
1366 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin");
1367 MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin");
1368 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin");
1369 MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin");
1370 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
1371 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
1372 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
1373 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
1374 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
1375 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
1376 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
1377 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
1378 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
1379 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
1380 MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin");
1381 MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin");
1382 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
1383 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
1384 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
1385 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
1386 MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin");
1387 MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin");
projects / linux-2.6-microblaze.git / blob