0001
0002
0003
0004
0005
0006
0007
0008 #include <linux/module.h>
0009 #include <linux/firmware.h>
0010 #include <asm/unaligned.h>
0011 #include <linux/usb.h>
0012
0013 #include <net/bluetooth/bluetooth.h>
0014 #include <net/bluetooth/hci_core.h>
0015
0016 #include "btrtl.h"
0017
0018 #define VERSION "0.1"
0019
0020 #define RTL_EPATCH_SIGNATURE "Realtech"
0021 #define RTL_ROM_LMP_8723A 0x1200
0022 #define RTL_ROM_LMP_8723B 0x8723
0023 #define RTL_ROM_LMP_8821A 0x8821
0024 #define RTL_ROM_LMP_8761A 0x8761
0025 #define RTL_ROM_LMP_8822B 0x8822
0026 #define RTL_ROM_LMP_8852A 0x8852
0027 #define RTL_CONFIG_MAGIC 0x8723ab55
0028
0029 #define IC_MATCH_FL_LMPSUBV (1 << 0)
0030 #define IC_MATCH_FL_HCIREV (1 << 1)
0031 #define IC_MATCH_FL_HCIVER (1 << 2)
0032 #define IC_MATCH_FL_HCIBUS (1 << 3)
0033 #define IC_INFO(lmps, hcir, hciv, bus) \
0034 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV | \
0035 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS, \
0036 .lmp_subver = (lmps), \
0037 .hci_rev = (hcir), \
0038 .hci_ver = (hciv), \
0039 .hci_bus = (bus)
0040
0041 enum btrtl_chip_id {
0042 CHIP_ID_8723A,
0043 CHIP_ID_8723B,
0044 CHIP_ID_8821A,
0045 CHIP_ID_8761A,
0046 CHIP_ID_8822B = 8,
0047 CHIP_ID_8723D,
0048 CHIP_ID_8821C,
0049 CHIP_ID_8822C = 13,
0050 CHIP_ID_8761B,
0051 CHIP_ID_8852A = 18,
0052 CHIP_ID_8852B = 20,
0053 CHIP_ID_8852C = 25,
0054 };
0055
0056 struct id_table {
0057 __u16 match_flags;
0058 __u16 lmp_subver;
0059 __u16 hci_rev;
0060 __u8 hci_ver;
0061 __u8 hci_bus;
0062 bool config_needed;
0063 bool has_rom_version;
0064 bool has_msft_ext;
0065 char *fw_name;
0066 char *cfg_name;
0067 };
0068
0069 struct btrtl_device_info {
0070 const struct id_table *ic_info;
0071 u8 rom_version;
0072 u8 *fw_data;
0073 int fw_len;
0074 u8 *cfg_data;
0075 int cfg_len;
0076 bool drop_fw;
0077 int project_id;
0078 };
0079
0080 static const struct id_table ic_id_table[] = {
0081
0082 { IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
0083 .config_needed = false,
0084 .has_rom_version = false,
0085 .fw_name = "rtl_bt/rtl8723a_fw.bin",
0086 .cfg_name = NULL },
0087
0088
0089 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
0090 .config_needed = true,
0091 .has_rom_version = true,
0092 .fw_name = "rtl_bt/rtl8723bs_fw.bin",
0093 .cfg_name = "rtl_bt/rtl8723bs_config" },
0094
0095
0096 { IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
0097 .config_needed = false,
0098 .has_rom_version = true,
0099 .fw_name = "rtl_bt/rtl8723b_fw.bin",
0100 .cfg_name = "rtl_bt/rtl8723b_config" },
0101
0102
0103 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
0104 .config_needed = true,
0105 .has_rom_version = true,
0106 .fw_name = "rtl_bt/rtl8723d_fw.bin",
0107 .cfg_name = "rtl_bt/rtl8723d_config" },
0108
0109
0110 { IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
0111 .config_needed = true,
0112 .has_rom_version = true,
0113 .fw_name = "rtl_bt/rtl8723ds_fw.bin",
0114 .cfg_name = "rtl_bt/rtl8723ds_config" },
0115
0116
0117 { IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
0118 .config_needed = false,
0119 .has_rom_version = true,
0120 .fw_name = "rtl_bt/rtl8821a_fw.bin",
0121 .cfg_name = "rtl_bt/rtl8821a_config" },
0122
0123
0124 { IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
0125 .config_needed = false,
0126 .has_rom_version = true,
0127 .has_msft_ext = true,
0128 .fw_name = "rtl_bt/rtl8821c_fw.bin",
0129 .cfg_name = "rtl_bt/rtl8821c_config" },
0130
0131
0132 { IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
0133 .config_needed = false,
0134 .has_rom_version = true,
0135 .fw_name = "rtl_bt/rtl8761a_fw.bin",
0136 .cfg_name = "rtl_bt/rtl8761a_config" },
0137
0138
0139 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
0140 .config_needed = false,
0141 .has_rom_version = true,
0142 .has_msft_ext = true,
0143 .fw_name = "rtl_bt/rtl8761b_fw.bin",
0144 .cfg_name = "rtl_bt/rtl8761b_config" },
0145
0146
0147 { IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
0148 .config_needed = false,
0149 .has_rom_version = true,
0150 .fw_name = "rtl_bt/rtl8761bu_fw.bin",
0151 .cfg_name = "rtl_bt/rtl8761bu_config" },
0152
0153
0154 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
0155 .config_needed = true,
0156 .has_rom_version = true,
0157 .has_msft_ext = true,
0158 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
0159 .cfg_name = "rtl_bt/rtl8822cs_config" },
0160
0161
0162 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
0163 .config_needed = true,
0164 .has_rom_version = true,
0165 .has_msft_ext = true,
0166 .fw_name = "rtl_bt/rtl8822cs_fw.bin",
0167 .cfg_name = "rtl_bt/rtl8822cs_config" },
0168
0169
0170 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
0171 .config_needed = false,
0172 .has_rom_version = true,
0173 .has_msft_ext = true,
0174 .fw_name = "rtl_bt/rtl8822cu_fw.bin",
0175 .cfg_name = "rtl_bt/rtl8822cu_config" },
0176
0177
0178 { IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
0179 .config_needed = true,
0180 .has_rom_version = true,
0181 .has_msft_ext = true,
0182 .fw_name = "rtl_bt/rtl8822b_fw.bin",
0183 .cfg_name = "rtl_bt/rtl8822b_config" },
0184
0185
0186 { IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
0187 .config_needed = false,
0188 .has_rom_version = true,
0189 .has_msft_ext = true,
0190 .fw_name = "rtl_bt/rtl8852au_fw.bin",
0191 .cfg_name = "rtl_bt/rtl8852au_config" },
0192
0193
0194 { IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
0195 .config_needed = false,
0196 .has_rom_version = true,
0197 .has_msft_ext = true,
0198 .fw_name = "rtl_bt/rtl8852bu_fw.bin",
0199 .cfg_name = "rtl_bt/rtl8852bu_config" },
0200
0201
0202 { IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
0203 .config_needed = false,
0204 .has_rom_version = true,
0205 .has_msft_ext = true,
0206 .fw_name = "rtl_bt/rtl8852cu_fw.bin",
0207 .cfg_name = "rtl_bt/rtl8852cu_config" },
0208 };
0209
0210 static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
0211 u8 hci_ver, u8 hci_bus)
0212 {
0213 int i;
0214
0215 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
0216 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
0217 (ic_id_table[i].lmp_subver != lmp_subver))
0218 continue;
0219 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
0220 (ic_id_table[i].hci_rev != hci_rev))
0221 continue;
0222 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
0223 (ic_id_table[i].hci_ver != hci_ver))
0224 continue;
0225 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
0226 (ic_id_table[i].hci_bus != hci_bus))
0227 continue;
0228
0229 break;
0230 }
0231 if (i >= ARRAY_SIZE(ic_id_table))
0232 return NULL;
0233
0234 return &ic_id_table[i];
0235 }
0236
0237 static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
0238 {
0239 struct sk_buff *skb;
0240
0241 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
0242 HCI_INIT_TIMEOUT);
0243 if (IS_ERR(skb)) {
0244 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
0245 PTR_ERR(skb));
0246 return skb;
0247 }
0248
0249 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
0250 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
0251 kfree_skb(skb);
0252 return ERR_PTR(-EIO);
0253 }
0254
0255 return skb;
0256 }
0257
0258 static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
0259 {
0260 struct rtl_rom_version_evt *rom_version;
0261 struct sk_buff *skb;
0262
0263
0264 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
0265 if (IS_ERR(skb)) {
0266 rtl_dev_err(hdev, "Read ROM version failed (%ld)",
0267 PTR_ERR(skb));
0268 return PTR_ERR(skb);
0269 }
0270
0271 if (skb->len != sizeof(*rom_version)) {
0272 rtl_dev_err(hdev, "version event length mismatch");
0273 kfree_skb(skb);
0274 return -EIO;
0275 }
0276
0277 rom_version = (struct rtl_rom_version_evt *)skb->data;
0278 rtl_dev_info(hdev, "rom_version status=%x version=%x",
0279 rom_version->status, rom_version->version);
0280
0281 *version = rom_version->version;
0282
0283 kfree_skb(skb);
0284 return 0;
0285 }
0286
0287 static int rtlbt_parse_firmware(struct hci_dev *hdev,
0288 struct btrtl_device_info *btrtl_dev,
0289 unsigned char **_buf)
0290 {
0291 static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
0292 struct rtl_epatch_header *epatch_info;
0293 unsigned char *buf;
0294 int i, len;
0295 size_t min_size;
0296 u8 opcode, length, data;
0297 int project_id = -1;
0298 const unsigned char *fwptr, *chip_id_base;
0299 const unsigned char *patch_length_base, *patch_offset_base;
0300 u32 patch_offset = 0;
0301 u16 patch_length, num_patches;
0302 static const struct {
0303 __u16 lmp_subver;
0304 __u8 id;
0305 } project_id_to_lmp_subver[] = {
0306 { RTL_ROM_LMP_8723A, 0 },
0307 { RTL_ROM_LMP_8723B, 1 },
0308 { RTL_ROM_LMP_8821A, 2 },
0309 { RTL_ROM_LMP_8761A, 3 },
0310 { RTL_ROM_LMP_8822B, 8 },
0311 { RTL_ROM_LMP_8723B, 9 },
0312 { RTL_ROM_LMP_8821A, 10 },
0313 { RTL_ROM_LMP_8822B, 13 },
0314 { RTL_ROM_LMP_8761A, 14 },
0315 { RTL_ROM_LMP_8852A, 18 },
0316 { RTL_ROM_LMP_8852A, 20 },
0317 { RTL_ROM_LMP_8852A, 25 },
0318 };
0319
0320 min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3;
0321 if (btrtl_dev->fw_len < min_size)
0322 return -EINVAL;
0323
0324 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
0325 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
0326 rtl_dev_err(hdev, "extension section signature mismatch");
0327 return -EINVAL;
0328 }
0329
0330
0331
0332
0333
0334
0335
0336 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
0337 opcode = *--fwptr;
0338 length = *--fwptr;
0339 data = *--fwptr;
0340
0341 BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
0342
0343 if (opcode == 0xff)
0344 break;
0345
0346 if (length == 0) {
0347 rtl_dev_err(hdev, "found instruction with length 0");
0348 return -EINVAL;
0349 }
0350
0351 if (opcode == 0 && length == 1) {
0352 project_id = data;
0353 break;
0354 }
0355
0356 fwptr -= length;
0357 }
0358
0359 if (project_id < 0) {
0360 rtl_dev_err(hdev, "failed to find version instruction");
0361 return -EINVAL;
0362 }
0363
0364
0365 for (i = 0; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
0366 if (project_id == project_id_to_lmp_subver[i].id) {
0367 btrtl_dev->project_id = project_id;
0368 break;
0369 }
0370 }
0371
0372 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
0373 rtl_dev_err(hdev, "unknown project id %d", project_id);
0374 return -EINVAL;
0375 }
0376
0377 if (btrtl_dev->ic_info->lmp_subver !=
0378 project_id_to_lmp_subver[i].lmp_subver) {
0379 rtl_dev_err(hdev, "firmware is for %x but this is a %x",
0380 project_id_to_lmp_subver[i].lmp_subver,
0381 btrtl_dev->ic_info->lmp_subver);
0382 return -EINVAL;
0383 }
0384
0385 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
0386 if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) {
0387 rtl_dev_err(hdev, "bad EPATCH signature");
0388 return -EINVAL;
0389 }
0390
0391 num_patches = le16_to_cpu(epatch_info->num_patches);
0392 BT_DBG("fw_version=%x, num_patches=%d",
0393 le32_to_cpu(epatch_info->fw_version), num_patches);
0394
0395
0396
0397
0398
0399
0400
0401 min_size += 8 * num_patches;
0402 if (btrtl_dev->fw_len < min_size)
0403 return -EINVAL;
0404
0405 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
0406 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
0407 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
0408 for (i = 0; i < num_patches; i++) {
0409 u16 chip_id = get_unaligned_le16(chip_id_base +
0410 (i * sizeof(u16)));
0411 if (chip_id == btrtl_dev->rom_version + 1) {
0412 patch_length = get_unaligned_le16(patch_length_base +
0413 (i * sizeof(u16)));
0414 patch_offset = get_unaligned_le32(patch_offset_base +
0415 (i * sizeof(u32)));
0416 break;
0417 }
0418 }
0419
0420 if (!patch_offset) {
0421 rtl_dev_err(hdev, "didn't find patch for chip id %d",
0422 btrtl_dev->rom_version);
0423 return -EINVAL;
0424 }
0425
0426 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
0427 min_size = patch_offset + patch_length;
0428 if (btrtl_dev->fw_len < min_size)
0429 return -EINVAL;
0430
0431
0432
0433
0434 len = patch_length;
0435 buf = kvmalloc(patch_length, GFP_KERNEL);
0436 if (!buf)
0437 return -ENOMEM;
0438
0439 memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
0440 memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
0441
0442 *_buf = buf;
0443 return len;
0444 }
0445
0446 static int rtl_download_firmware(struct hci_dev *hdev,
0447 const unsigned char *data, int fw_len)
0448 {
0449 struct rtl_download_cmd *dl_cmd;
0450 int frag_num = fw_len / RTL_FRAG_LEN + 1;
0451 int frag_len = RTL_FRAG_LEN;
0452 int ret = 0;
0453 int i;
0454 struct sk_buff *skb;
0455 struct hci_rp_read_local_version *rp;
0456
0457 dl_cmd = kmalloc(sizeof(struct rtl_download_cmd), GFP_KERNEL);
0458 if (!dl_cmd)
0459 return -ENOMEM;
0460
0461 for (i = 0; i < frag_num; i++) {
0462 struct sk_buff *skb;
0463
0464 BT_DBG("download fw (%d/%d)", i, frag_num);
0465
0466 if (i > 0x7f)
0467 dl_cmd->index = (i & 0x7f) + 1;
0468 else
0469 dl_cmd->index = i;
0470
0471 if (i == (frag_num - 1)) {
0472 dl_cmd->index |= 0x80;
0473 frag_len = fw_len % RTL_FRAG_LEN;
0474 }
0475 memcpy(dl_cmd->data, data, frag_len);
0476
0477
0478 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
0479 HCI_INIT_TIMEOUT);
0480 if (IS_ERR(skb)) {
0481 rtl_dev_err(hdev, "download fw command failed (%ld)",
0482 PTR_ERR(skb));
0483 ret = PTR_ERR(skb);
0484 goto out;
0485 }
0486
0487 if (skb->len != sizeof(struct rtl_download_response)) {
0488 rtl_dev_err(hdev, "download fw event length mismatch");
0489 kfree_skb(skb);
0490 ret = -EIO;
0491 goto out;
0492 }
0493
0494 kfree_skb(skb);
0495 data += RTL_FRAG_LEN;
0496 }
0497
0498 skb = btrtl_read_local_version(hdev);
0499 if (IS_ERR(skb)) {
0500 ret = PTR_ERR(skb);
0501 rtl_dev_err(hdev, "read local version failed");
0502 goto out;
0503 }
0504
0505 rp = (struct hci_rp_read_local_version *)skb->data;
0506 rtl_dev_info(hdev, "fw version 0x%04x%04x",
0507 __le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
0508 kfree_skb(skb);
0509
0510 out:
0511 kfree(dl_cmd);
0512 return ret;
0513 }
0514
0515 static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
0516 {
0517 const struct firmware *fw;
0518 int ret;
0519
0520 rtl_dev_info(hdev, "loading %s", name);
0521 ret = request_firmware(&fw, name, &hdev->dev);
0522 if (ret < 0)
0523 return ret;
0524 ret = fw->size;
0525 *buff = kvmalloc(fw->size, GFP_KERNEL);
0526 if (*buff)
0527 memcpy(*buff, fw->data, ret);
0528 else
0529 ret = -ENOMEM;
0530
0531 release_firmware(fw);
0532
0533 return ret;
0534 }
0535
0536 static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
0537 struct btrtl_device_info *btrtl_dev)
0538 {
0539 if (btrtl_dev->fw_len < 8)
0540 return -EINVAL;
0541
0542
0543
0544
0545 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
0546 rtl_dev_err(hdev, "unexpected EPATCH signature!");
0547 return -EINVAL;
0548 }
0549
0550 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
0551 btrtl_dev->fw_len);
0552 }
0553
0554 static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
0555 struct btrtl_device_info *btrtl_dev)
0556 {
0557 unsigned char *fw_data = NULL;
0558 int ret;
0559 u8 *tbuff;
0560
0561 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
0562 if (ret < 0)
0563 goto out;
0564
0565 if (btrtl_dev->cfg_len > 0) {
0566 tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
0567 if (!tbuff) {
0568 ret = -ENOMEM;
0569 goto out;
0570 }
0571
0572 memcpy(tbuff, fw_data, ret);
0573 kvfree(fw_data);
0574
0575 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
0576 ret += btrtl_dev->cfg_len;
0577
0578 fw_data = tbuff;
0579 }
0580
0581 rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
0582
0583 ret = rtl_download_firmware(hdev, fw_data, ret);
0584
0585 out:
0586 kvfree(fw_data);
0587 return ret;
0588 }
0589
0590 void btrtl_free(struct btrtl_device_info *btrtl_dev)
0591 {
0592 kvfree(btrtl_dev->fw_data);
0593 kvfree(btrtl_dev->cfg_data);
0594 kfree(btrtl_dev);
0595 }
0596 EXPORT_SYMBOL_GPL(btrtl_free);
0597
0598 struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
0599 const char *postfix)
0600 {
0601 struct btrtl_device_info *btrtl_dev;
0602 struct sk_buff *skb;
0603 struct hci_rp_read_local_version *resp;
0604 char cfg_name[40];
0605 u16 hci_rev, lmp_subver;
0606 u8 hci_ver;
0607 int ret;
0608 u16 opcode;
0609 u8 cmd[2];
0610
0611 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
0612 if (!btrtl_dev) {
0613 ret = -ENOMEM;
0614 goto err_alloc;
0615 }
0616
0617 skb = btrtl_read_local_version(hdev);
0618 if (IS_ERR(skb)) {
0619 ret = PTR_ERR(skb);
0620 goto err_free;
0621 }
0622
0623 resp = (struct hci_rp_read_local_version *)skb->data;
0624 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
0625 resp->hci_ver, resp->hci_rev,
0626 resp->lmp_ver, resp->lmp_subver);
0627
0628 hci_ver = resp->hci_ver;
0629 hci_rev = le16_to_cpu(resp->hci_rev);
0630 lmp_subver = le16_to_cpu(resp->lmp_subver);
0631
0632 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
0633 hdev->bus);
0634
0635 if (!btrtl_dev->ic_info)
0636 btrtl_dev->drop_fw = true;
0637
0638 if (btrtl_dev->drop_fw) {
0639 opcode = hci_opcode_pack(0x3f, 0x66);
0640 cmd[0] = opcode & 0xff;
0641 cmd[1] = opcode >> 8;
0642
0643 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
0644 if (!skb)
0645 goto out_free;
0646
0647 skb_put_data(skb, cmd, sizeof(cmd));
0648 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
0649
0650 hdev->send(hdev, skb);
0651
0652
0653
0654
0655 msleep(200);
0656
0657
0658
0659
0660 skb = btrtl_read_local_version(hdev);
0661 if (IS_ERR(skb)) {
0662 ret = PTR_ERR(skb);
0663 goto err_free;
0664 }
0665
0666 resp = (struct hci_rp_read_local_version *)skb->data;
0667 rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
0668 resp->hci_ver, resp->hci_rev,
0669 resp->lmp_ver, resp->lmp_subver);
0670
0671 hci_ver = resp->hci_ver;
0672 hci_rev = le16_to_cpu(resp->hci_rev);
0673 lmp_subver = le16_to_cpu(resp->lmp_subver);
0674
0675 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
0676 hdev->bus);
0677 }
0678 out_free:
0679 kfree_skb(skb);
0680
0681 if (!btrtl_dev->ic_info) {
0682 rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
0683 lmp_subver, hci_rev, hci_ver);
0684 return btrtl_dev;
0685 }
0686
0687 if (btrtl_dev->ic_info->has_rom_version) {
0688 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
0689 if (ret)
0690 goto err_free;
0691 }
0692
0693 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
0694 &btrtl_dev->fw_data);
0695 if (btrtl_dev->fw_len < 0) {
0696 rtl_dev_err(hdev, "firmware file %s not found",
0697 btrtl_dev->ic_info->fw_name);
0698 ret = btrtl_dev->fw_len;
0699 goto err_free;
0700 }
0701
0702 if (btrtl_dev->ic_info->cfg_name) {
0703 if (postfix) {
0704 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
0705 btrtl_dev->ic_info->cfg_name, postfix);
0706 } else {
0707 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
0708 btrtl_dev->ic_info->cfg_name);
0709 }
0710 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
0711 &btrtl_dev->cfg_data);
0712 if (btrtl_dev->ic_info->config_needed &&
0713 btrtl_dev->cfg_len <= 0) {
0714 rtl_dev_err(hdev, "mandatory config file %s not found",
0715 btrtl_dev->ic_info->cfg_name);
0716 ret = btrtl_dev->cfg_len;
0717 goto err_free;
0718 }
0719 }
0720
0721
0722
0723
0724 if (btrtl_dev->ic_info->has_msft_ext)
0725 hci_set_msft_opcode(hdev, 0xFCF0);
0726
0727 return btrtl_dev;
0728
0729 err_free:
0730 btrtl_free(btrtl_dev);
0731 err_alloc:
0732 return ERR_PTR(ret);
0733 }
0734 EXPORT_SYMBOL_GPL(btrtl_initialize);
0735
0736 int btrtl_download_firmware(struct hci_dev *hdev,
0737 struct btrtl_device_info *btrtl_dev)
0738 {
0739
0740
0741
0742
0743
0744
0745 if (!btrtl_dev->ic_info) {
0746 rtl_dev_info(hdev, "assuming no firmware upload needed");
0747 return 0;
0748 }
0749
0750 switch (btrtl_dev->ic_info->lmp_subver) {
0751 case RTL_ROM_LMP_8723A:
0752 return btrtl_setup_rtl8723a(hdev, btrtl_dev);
0753 case RTL_ROM_LMP_8723B:
0754 case RTL_ROM_LMP_8821A:
0755 case RTL_ROM_LMP_8761A:
0756 case RTL_ROM_LMP_8822B:
0757 case RTL_ROM_LMP_8852A:
0758 return btrtl_setup_rtl8723b(hdev, btrtl_dev);
0759 default:
0760 rtl_dev_info(hdev, "assuming no firmware upload needed");
0761 return 0;
0762 }
0763 }
0764 EXPORT_SYMBOL_GPL(btrtl_download_firmware);
0765
0766 void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev)
0767 {
0768
0769
0770
0771 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
0772
0773
0774
0775
0776
0777 switch (btrtl_dev->project_id) {
0778 case CHIP_ID_8822C:
0779 case CHIP_ID_8852A:
0780 case CHIP_ID_8852B:
0781 case CHIP_ID_8852C:
0782 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
0783 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
0784 hci_set_aosp_capable(hdev);
0785 break;
0786 default:
0787 rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
0788 rtl_dev_dbg(hdev, "WBS supported not enabled.");
0789 break;
0790 }
0791 }
0792 EXPORT_SYMBOL_GPL(btrtl_set_quirks);
0793
0794 int btrtl_setup_realtek(struct hci_dev *hdev)
0795 {
0796 struct btrtl_device_info *btrtl_dev;
0797 int ret;
0798
0799 btrtl_dev = btrtl_initialize(hdev, NULL);
0800 if (IS_ERR(btrtl_dev))
0801 return PTR_ERR(btrtl_dev);
0802
0803 ret = btrtl_download_firmware(hdev, btrtl_dev);
0804
0805 btrtl_set_quirks(hdev, btrtl_dev);
0806
0807 btrtl_free(btrtl_dev);
0808 return ret;
0809 }
0810 EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
0811
0812 int btrtl_shutdown_realtek(struct hci_dev *hdev)
0813 {
0814 struct sk_buff *skb;
0815 int ret;
0816
0817
0818
0819
0820 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
0821 if (IS_ERR(skb)) {
0822 ret = PTR_ERR(skb);
0823 bt_dev_err(hdev, "HCI reset during shutdown failed");
0824 return ret;
0825 }
0826 kfree_skb(skb);
0827
0828 return 0;
0829 }
0830 EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
0831
0832 static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
0833 {
0834 switch (device_baudrate) {
0835 case 0x0252a00a:
0836 return 230400;
0837
0838 case 0x05f75004:
0839 return 921600;
0840
0841 case 0x00005004:
0842 return 1000000;
0843
0844 case 0x04928002:
0845 case 0x01128002:
0846 return 1500000;
0847
0848 case 0x00005002:
0849 return 2000000;
0850
0851 case 0x0000b001:
0852 return 2500000;
0853
0854 case 0x04928001:
0855 return 3000000;
0856
0857 case 0x052a6001:
0858 return 3500000;
0859
0860 case 0x00005001:
0861 return 4000000;
0862
0863 case 0x0252c014:
0864 default:
0865 return 115200;
0866 }
0867 }
0868
0869 int btrtl_get_uart_settings(struct hci_dev *hdev,
0870 struct btrtl_device_info *btrtl_dev,
0871 unsigned int *controller_baudrate,
0872 u32 *device_baudrate, bool *flow_control)
0873 {
0874 struct rtl_vendor_config *config;
0875 struct rtl_vendor_config_entry *entry;
0876 int i, total_data_len;
0877 bool found = false;
0878
0879 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
0880 if (total_data_len <= 0) {
0881 rtl_dev_warn(hdev, "no config loaded");
0882 return -EINVAL;
0883 }
0884
0885 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
0886 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
0887 rtl_dev_err(hdev, "invalid config magic");
0888 return -EINVAL;
0889 }
0890
0891 if (total_data_len < le16_to_cpu(config->total_len)) {
0892 rtl_dev_err(hdev, "config is too short");
0893 return -EINVAL;
0894 }
0895
0896 for (i = 0; i < total_data_len; ) {
0897 entry = ((void *)config->entry) + i;
0898
0899 switch (le16_to_cpu(entry->offset)) {
0900 case 0xc:
0901 if (entry->len < sizeof(*device_baudrate)) {
0902 rtl_dev_err(hdev, "invalid UART config entry");
0903 return -EINVAL;
0904 }
0905
0906 *device_baudrate = get_unaligned_le32(entry->data);
0907 *controller_baudrate = btrtl_convert_baudrate(
0908 *device_baudrate);
0909
0910 if (entry->len >= 13)
0911 *flow_control = !!(entry->data[12] & BIT(2));
0912 else
0913 *flow_control = false;
0914
0915 found = true;
0916 break;
0917
0918 default:
0919 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
0920 le16_to_cpu(entry->offset), entry->len);
0921 break;
0922 }
0923
0924 i += sizeof(*entry) + entry->len;
0925 }
0926
0927 if (!found) {
0928 rtl_dev_err(hdev, "no UART config entry found");
0929 return -ENOENT;
0930 }
0931
0932 rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
0933 rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
0934 rtl_dev_dbg(hdev, "flow control %d", *flow_control);
0935
0936 return 0;
0937 }
0938 EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
0939
0940 MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
0941 MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
0942 MODULE_VERSION(VERSION);
0943 MODULE_LICENSE("GPL");
0944 MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
0945 MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
0946 MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
0947 MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
0948 MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
0949 MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
0950 MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
0951 MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
0952 MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
0953 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
0954 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
0955 MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
0956 MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
0957 MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
0958 MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
0959 MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
0960 MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
0961 MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
0962 MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
