btrtl.c source code [linux/drivers/bluetooth/btrtl.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Bluetooth support for Realtek devices
4	*
5	* Copyright (C) 2015 Endless Mobile, Inc.
6	*/
7
8	#include <linux/module.h>
9	#include <linux/firmware.h>
10	#include <asm/unaligned.h>
11	#include <linux/usb.h>
12
13	#include <net/bluetooth/bluetooth.h>
14	#include <net/bluetooth/hci_core.h>
15
16	#include "btrtl.h"
17
18	#define VERSION "0.1"
19
20	#define RTL_CHIP_8723CS_CG 3
21	#define RTL_CHIP_8723CS_VF 4
22	#define RTL_CHIP_8723CS_XX 5
23	#define RTL_EPATCH_SIGNATURE "Realtech"
24	#define RTL_EPATCH_SIGNATURE_V2 "RTBTCore"
25	#define RTL_ROM_LMP_8703B 0x8703
26	#define RTL_ROM_LMP_8723A 0x1200
27	#define RTL_ROM_LMP_8723B 0x8723
28	#define RTL_ROM_LMP_8821A 0x8821
29	#define RTL_ROM_LMP_8761A 0x8761
30	#define RTL_ROM_LMP_8822B 0x8822
31	#define RTL_ROM_LMP_8852A 0x8852
32	#define RTL_ROM_LMP_8851B 0x8851
33	#define RTL_CONFIG_MAGIC 0x8723ab55
34
35	#define RTL_VSC_OP_COREDUMP 0xfcff
36
37	#define IC_MATCH_FL_LMPSUBV (1 << 0)
38	#define IC_MATCH_FL_HCIREV (1 << 1)
39	#define IC_MATCH_FL_HCIVER (1 << 2)
40	#define IC_MATCH_FL_HCIBUS (1 << 3)
41	#define IC_MATCH_FL_CHIP_TYPE (1 << 4)
42	#define IC_INFO(lmps, hcir, hciv, bus) \
43	.match_flags = IC_MATCH_FL_LMPSUBV \| IC_MATCH_FL_HCIREV \| \
44	IC_MATCH_FL_HCIVER \| IC_MATCH_FL_HCIBUS, \
45	.lmp_subver = (lmps), \
46	.hci_rev = (hcir), \
47	.hci_ver = (hciv), \
48	.hci_bus = (bus)
49
50	#define RTL_CHIP_SUBVER (&(struct rtl_vendor_cmd) {{0x10, 0x38, 0x04, 0x28, 0x80}})
51	#define RTL_CHIP_REV (&(struct rtl_vendor_cmd) {{0x10, 0x3A, 0x04, 0x28, 0x80}})
52	#define RTL_SEC_PROJ (&(struct rtl_vendor_cmd) {{0x10, 0xA4, 0x0D, 0x00, 0xb0}})
53
54	#define RTL_PATCH_SNIPPETS 0x01
55	#define RTL_PATCH_DUMMY_HEADER 0x02
56	#define RTL_PATCH_SECURITY_HEADER 0x03
57
58	enum btrtl_chip_id {
59	CHIP_ID_8723A,
60	CHIP_ID_8723B,
61	CHIP_ID_8821A,
62	CHIP_ID_8761A,
63	CHIP_ID_8822B = `8`,
64	CHIP_ID_8723D,
65	CHIP_ID_8821C,
66	CHIP_ID_8822C = `13`,
67	CHIP_ID_8761B,
68	CHIP_ID_8852A = `18`,
69	CHIP_ID_8852B = `20`,
70	CHIP_ID_8852C = `25`,
71	CHIP_ID_8851B = `36`,
72	CHIP_ID_8852BT = `47`,
73	};
74
75	struct id_table {
76	__u16 match_flags;
77	__u16 lmp_subver;
78	__u16 hci_rev;
79	__u8 hci_ver;
80	__u8 hci_bus;
81	__u8 chip_type;
82	bool config_needed;
83	bool has_rom_version;
84	bool has_msft_ext;
85	char *fw_name;
86	char *cfg_name;
87	char *hw_info;
88	};
89
90	struct btrtl_device_info {
91	const struct id_table *ic_info;
92	u8 rom_version;
93	u8 *fw_data;
94	int fw_len;
95	u8 *cfg_data;
96	int cfg_len;
97	bool drop_fw;
98	int project_id;
99	u8 key_id;
100	struct list_head patch_subsecs;
101	};
102
103	static const struct id_table ic_id_table[] = {
104	/ 8723A /
105	{ IC_INFO(RTL_ROM_LMP_8723A, `0xb`, `0x6`, HCI_USB),
106	.config_needed = false,
107	.has_rom_version = false,
108	.fw_name = "rtl_bt/rtl8723a_fw",
109	.cfg_name = NULL,
110	.hw_info = "rtl8723au" },
111
112	/ 8723BS /
113	{ IC_INFO(RTL_ROM_LMP_8723B, `0xb`, `0x6`, HCI_UART),
114	.config_needed = true,
115	.has_rom_version = true,
116	.fw_name = "rtl_bt/rtl8723bs_fw",
117	.cfg_name = "rtl_bt/rtl8723bs_config",
118	.hw_info = "rtl8723bs" },
119
120	/ 8723B /
121	{ IC_INFO(RTL_ROM_LMP_8723B, `0xb`, `0x6`, HCI_USB),
122	.config_needed = false,
123	.has_rom_version = true,
124	.fw_name = "rtl_bt/rtl8723b_fw",
125	.cfg_name = "rtl_bt/rtl8723b_config",
126	.hw_info = "rtl8723bu" },
127
128	/ 8723CS-CG /
129	{ .match_flags = IC_MATCH_FL_LMPSUBV \| IC_MATCH_FL_CHIP_TYPE \|
130	IC_MATCH_FL_HCIBUS,
131	.lmp_subver = RTL_ROM_LMP_8703B,
132	.chip_type = RTL_CHIP_8723CS_CG,
133	.hci_bus = HCI_UART,
134	.config_needed = true,
135	.has_rom_version = true,
136	.fw_name = "rtl_bt/rtl8723cs_cg_fw",
137	.cfg_name = "rtl_bt/rtl8723cs_cg_config",
138	.hw_info = "rtl8723cs-cg" },
139
140	/ 8723CS-VF /
141	{ .match_flags = IC_MATCH_FL_LMPSUBV \| IC_MATCH_FL_CHIP_TYPE \|
142	IC_MATCH_FL_HCIBUS,
143	.lmp_subver = RTL_ROM_LMP_8703B,
144	.chip_type = RTL_CHIP_8723CS_VF,
145	.hci_bus = HCI_UART,
146	.config_needed = true,
147	.has_rom_version = true,
148	.fw_name = "rtl_bt/rtl8723cs_vf_fw",
149	.cfg_name = "rtl_bt/rtl8723cs_vf_config",
150	.hw_info = "rtl8723cs-vf" },
151
152	/ 8723CS-XX /
153	{ .match_flags = IC_MATCH_FL_LMPSUBV \| IC_MATCH_FL_CHIP_TYPE \|
154	IC_MATCH_FL_HCIBUS,
155	.lmp_subver = RTL_ROM_LMP_8703B,
156	.chip_type = RTL_CHIP_8723CS_XX,
157	.hci_bus = HCI_UART,
158	.config_needed = true,
159	.has_rom_version = true,
160	.fw_name = "rtl_bt/rtl8723cs_xx_fw",
161	.cfg_name = "rtl_bt/rtl8723cs_xx_config",
162	.hw_info = "rtl8723cs" },
163
164	/ 8723D /
165	{ IC_INFO(RTL_ROM_LMP_8723B, `0xd`, `0x8`, HCI_USB),
166	.config_needed = true,
167	.has_rom_version = true,
168	.fw_name = "rtl_bt/rtl8723d_fw",
169	.cfg_name = "rtl_bt/rtl8723d_config",
170	.hw_info = "rtl8723du" },
171
172	/ 8723DS /
173	{ IC_INFO(RTL_ROM_LMP_8723B, `0xd`, `0x8`, HCI_UART),
174	.config_needed = true,
175	.has_rom_version = true,
176	.fw_name = "rtl_bt/rtl8723ds_fw",
177	.cfg_name = "rtl_bt/rtl8723ds_config",
178	.hw_info = "rtl8723ds" },
179
180	/ 8821A /
181	{ IC_INFO(RTL_ROM_LMP_8821A, `0xa`, `0x6`, HCI_USB),
182	.config_needed = false,
183	.has_rom_version = true,
184	.fw_name = "rtl_bt/rtl8821a_fw",
185	.cfg_name = "rtl_bt/rtl8821a_config",
186	.hw_info = "rtl8821au" },
187
188	/ 8821C /
189	{ IC_INFO(RTL_ROM_LMP_8821A, `0xc`, `0x8`, HCI_USB),
190	.config_needed = false,
191	.has_rom_version = true,
192	.has_msft_ext = true,
193	.fw_name = "rtl_bt/rtl8821c_fw",
194	.cfg_name = "rtl_bt/rtl8821c_config",
195	.hw_info = "rtl8821cu" },
196
197	/ 8821CS /
198	{ IC_INFO(RTL_ROM_LMP_8821A, `0xc`, `0x8`, HCI_UART),
199	.config_needed = true,
200	.has_rom_version = true,
201	.has_msft_ext = true,
202	.fw_name = "rtl_bt/rtl8821cs_fw",
203	.cfg_name = "rtl_bt/rtl8821cs_config",
204	.hw_info = "rtl8821cs" },
205
206	/ 8761A /
207	{ IC_INFO(RTL_ROM_LMP_8761A, `0xa`, `0x6`, HCI_USB),
208	.config_needed = false,
209	.has_rom_version = true,
210	.fw_name = "rtl_bt/rtl8761a_fw",
211	.cfg_name = "rtl_bt/rtl8761a_config",
212	.hw_info = "rtl8761au" },
213
214	/ 8761B /
215	{ IC_INFO(RTL_ROM_LMP_8761A, `0xb`, `0xa`, HCI_UART),
216	.config_needed = false,
217	.has_rom_version = true,
218	.has_msft_ext = true,
219	.fw_name = "rtl_bt/rtl8761b_fw",
220	.cfg_name = "rtl_bt/rtl8761b_config",
221	.hw_info = "rtl8761btv" },
222
223	/ 8761BU /
224	{ IC_INFO(RTL_ROM_LMP_8761A, `0xb`, `0xa`, HCI_USB),
225	.config_needed = false,
226	.has_rom_version = true,
227	.fw_name = "rtl_bt/rtl8761bu_fw",
228	.cfg_name = "rtl_bt/rtl8761bu_config",
229	.hw_info = "rtl8761bu" },
230
231	/ 8822C with UART interface /
232	{ IC_INFO(RTL_ROM_LMP_8822B, `0xc`, `0x8`, HCI_UART),
233	.config_needed = true,
234	.has_rom_version = true,
235	.has_msft_ext = true,
236	.fw_name = "rtl_bt/rtl8822cs_fw",
237	.cfg_name = "rtl_bt/rtl8822cs_config",
238	.hw_info = "rtl8822cs" },
239
240	/ 8822C with UART interface /
241	{ IC_INFO(RTL_ROM_LMP_8822B, `0xc`, `0xa`, HCI_UART),
242	.config_needed = true,
243	.has_rom_version = true,
244	.has_msft_ext = true,
245	.fw_name = "rtl_bt/rtl8822cs_fw",
246	.cfg_name = "rtl_bt/rtl8822cs_config",
247	.hw_info = "rtl8822cs" },
248
249	/ 8822C with USB interface /
250	{ IC_INFO(RTL_ROM_LMP_8822B, `0xc`, `0xa`, HCI_USB),
251	.config_needed = false,
252	.has_rom_version = true,
253	.has_msft_ext = true,
254	.fw_name = "rtl_bt/rtl8822cu_fw",
255	.cfg_name = "rtl_bt/rtl8822cu_config",
256	.hw_info = "rtl8822cu" },
257
258	/ 8822B /
259	{ IC_INFO(RTL_ROM_LMP_8822B, `0xb`, `0x7`, HCI_USB),
260	.config_needed = true,
261	.has_rom_version = true,
262	.has_msft_ext = true,
263	.fw_name = "rtl_bt/rtl8822b_fw",
264	.cfg_name = "rtl_bt/rtl8822b_config",
265	.hw_info = "rtl8822bu" },
266
267	/ 8852A /
268	{ IC_INFO(RTL_ROM_LMP_8852A, `0xa`, `0xb`, HCI_USB),
269	.config_needed = false,
270	.has_rom_version = true,
271	.has_msft_ext = true,
272	.fw_name = "rtl_bt/rtl8852au_fw",
273	.cfg_name = "rtl_bt/rtl8852au_config",
274	.hw_info = "rtl8852au" },
275
276	/ 8852B with UART interface /
277	{ IC_INFO(RTL_ROM_LMP_8852A, `0xb`, `0xb`, HCI_UART),
278	.config_needed = true,
279	.has_rom_version = true,
280	.has_msft_ext = true,
281	.fw_name = "rtl_bt/rtl8852bs_fw",
282	.cfg_name = "rtl_bt/rtl8852bs_config",
283	.hw_info = "rtl8852bs" },
284
285	/ 8852B /
286	{ IC_INFO(RTL_ROM_LMP_8852A, `0xb`, `0xb`, HCI_USB),
287	.config_needed = false,
288	.has_rom_version = true,
289	.has_msft_ext = true,
290	.fw_name = "rtl_bt/rtl8852bu_fw",
291	.cfg_name = "rtl_bt/rtl8852bu_config",
292	.hw_info = "rtl8852bu" },
293
294	/ 8852C /
295	{ IC_INFO(RTL_ROM_LMP_8852A, `0xc`, `0xc`, HCI_USB),
296	.config_needed = false,
297	.has_rom_version = true,
298	.has_msft_ext = true,
299	.fw_name = "rtl_bt/rtl8852cu_fw",
300	.cfg_name = "rtl_bt/rtl8852cu_config",
301	.hw_info = "rtl8852cu" },
302
303	/ 8851B /
304	{ IC_INFO(RTL_ROM_LMP_8851B, `0xb`, `0xc`, HCI_USB),
305	.config_needed = false,
306	.has_rom_version = true,
307	.has_msft_ext = false,
308	.fw_name = "rtl_bt/rtl8851bu_fw",
309	.cfg_name = "rtl_bt/rtl8851bu_config",
310	.hw_info = "rtl8851bu" },
311
312	/ 8852BT/8852BE-VT /
313	{ IC_INFO(RTL_ROM_LMP_8852A, `0x87`, `0xc`, HCI_USB),
314	.config_needed = false,
315	.has_rom_version = true,
316	.has_msft_ext = true,
317	.fw_name = "rtl_bt/rtl8852btu_fw",
318	.cfg_name = "rtl_bt/rtl8852btu_config",
319	.hw_info = "rtl8852btu" },
320	};
321
322	static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
323	u8 hci_ver, u8 hci_bus,
324	u8 chip_type)
325	{
326	int i;
327
328	for (i = `0`; i < ARRAY_SIZE(ic_id_table); i++) {
329	if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
330	(ic_id_table[i].lmp_subver != lmp_subver))
331	continue;
332	if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
333	(ic_id_table[i].hci_rev != hci_rev))
334	continue;
335	if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
336	(ic_id_table[i].hci_ver != hci_ver))
337	continue;
338	if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
339	(ic_id_table[i].hci_bus != hci_bus))
340	continue;
341	if ((ic_id_table[i].match_flags & IC_MATCH_FL_CHIP_TYPE) &&
342	(ic_id_table[i].chip_type != chip_type))
343	continue;
344
345	break;
346	}
347	if (i >= ARRAY_SIZE(ic_id_table))
348	return NULL;
349
350	return &ic_id_table[i];
351	}
352
353	static struct sk_buff btrtl_read_local_version(struct* hci_dev *hdev)
354	{
355	struct sk_buff *skb;
356
357	skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, plen: `0`, NULL,
358	HCI_INIT_TIMEOUT);
359	if (IS_ERR(ptr: skb)) {
360	rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)",
361	PTR_ERR(skb));
362	return skb;
363	}
364
365	if (skb->len != sizeof(struct hci_rp_read_local_version)) {
366	rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch");
367	kfree_skb(skb);
368	return ERR_PTR(error: -EIO);
369	}
370
371	return skb;
372	}
373
374	static int rtl_read_rom_version(struct hci_dev hdev, u8 version)
375	{
376	struct rtl_rom_version_evt *rom_version;
377	struct sk_buff *skb;
378
379	/ Read RTL ROM version command /
380	skb = __hci_cmd_sync(hdev, opcode: `0xfc6d`, plen: `0`, NULL, HCI_INIT_TIMEOUT);
381	if (IS_ERR(ptr: skb)) {
382	rtl_dev_err(hdev, "Read ROM version failed (%ld)",
383	PTR_ERR(skb));
384	return PTR_ERR(ptr: skb);
385	}
386
387	if (skb->len != sizeof(*rom_version)) {
388	rtl_dev_err(hdev, "version event length mismatch");
389	kfree_skb(skb);
390	return -EIO;
391	}
392
393	rom_version = (struct rtl_rom_version_evt *)skb->data;
394	rtl_dev_info(hdev, "rom_version status=%x version=%x",
395	rom_version->status, rom_version->version);
396
397	*version = rom_version->version;
398
399	kfree_skb(skb);
400	return `0`;
401	}
402
403	static int btrtl_vendor_read_reg16(struct hci_dev *hdev,
404	struct rtl_vendor_cmd cmd, u8 rp)
405	{
406	struct sk_buff *skb;
407	int err = `0`;
408
409	skb = __hci_cmd_sync(hdev, opcode: `0xfc61`, plen: sizeof(*cmd), param: cmd,
410	HCI_INIT_TIMEOUT);
411	if (IS_ERR(ptr: skb)) {
412	err = PTR_ERR(ptr: skb);
413	rtl_dev_err(hdev, "RTL: Read reg16 failed (%d)", err);
414	return err;
415	}
416
417	if (skb->len != `3` \|\| skb->data[`0`]) {
418	bt_dev_err(hdev, "RTL: Read reg16 length mismatch");
419	kfree_skb(skb);
420	return -EIO;
421	}
422
423	if (rp)
424	memcpy(rp, skb->data + `1`, `2`);
425
426	kfree_skb(skb);
427
428	return `0`;
429	}
430
431	static void rtl_iov_pull_data(struct* rtl_iovec *iov, u32 len)
432	{
433	void *data = iov->data;
434
435	if (iov->len < len)
436	return NULL;
437
438	iov->data += len;
439	iov->len -= len;
440
441	return data;
442	}
443
444	static void btrtl_insert_ordered_subsec(struct rtl_subsection *node,
445	struct btrtl_device_info *btrtl_dev)
446	{
447	struct list_head *pos;
448	struct list_head *next;
449	struct rtl_subsection *subsec;
450
451	list_for_each_safe(pos, next, &btrtl_dev->patch_subsecs) {
452	subsec = list_entry(pos, struct rtl_subsection, list);
453	if (subsec->prio >= node->prio)
454	break;
455	}
456	__list_add(new: &node->list, prev: pos->prev, next: pos);
457	}
458
459	static int btrtl_parse_section(struct hci_dev *hdev,
460	struct btrtl_device_info *btrtl_dev, u32 opcode,
461	u8 *data, u32 len)
462	{
463	struct rtl_section_hdr *hdr;
464	struct rtl_subsection *subsec;
465	struct rtl_common_subsec *common_subsec;
466	struct rtl_sec_hdr *sec_hdr;
467	int i;
468	u8 *ptr;
469	u16 num_subsecs;
470	u32 subsec_len;
471	int rc = `0`;
472	struct rtl_iovec iov = {
473	.data = data,
474	.len = len,
475	};
476
477	hdr = rtl_iov_pull_data(iov: &iov, len: sizeof(*hdr));
478	if (!hdr)
479	return -EINVAL;
480	num_subsecs = le16_to_cpu(hdr->num);
481
482	for (i = `0`; i < num_subsecs; i++) {
483	common_subsec = rtl_iov_pull_data(iov: &iov, len: sizeof(*common_subsec));
484	if (!common_subsec)
485	break;
486	subsec_len = le32_to_cpu(common_subsec->len);
487
488	rtl_dev_dbg(hdev, "subsec, eco 0x%02x, len %08x",
489	common_subsec->eco, subsec_len);
490
491	ptr = rtl_iov_pull_data(iov: &iov, len: subsec_len);
492	if (!ptr)
493	break;
494
495	if (common_subsec->eco != btrtl_dev->rom_version + `1`)
496	continue;
497
498	switch (opcode) {
499	case RTL_PATCH_SECURITY_HEADER:
500	sec_hdr = (void *)common_subsec;
501	if (sec_hdr->key_id != btrtl_dev->key_id)
502	continue;
503	break;
504	}
505
506	subsec = kzalloc(size: sizeof(*subsec), GFP_KERNEL);
507	if (!subsec)
508	return -ENOMEM;
509	subsec->opcode = opcode;
510	subsec->prio = common_subsec->prio;
511	subsec->len = subsec_len;
512	subsec->data = ptr;
513	btrtl_insert_ordered_subsec(node: subsec, btrtl_dev);
514	rc += subsec_len;
515	}
516
517	return rc;
518	}
519
520	static int rtlbt_parse_firmware_v2(struct hci_dev *hdev,
521	struct btrtl_device_info *btrtl_dev,
522	unsigned char **_buf)
523	{
524	struct rtl_epatch_header_v2 *hdr;
525	int rc;
526	u8 reg_val[`2`];
527	u8 key_id;
528	u32 num_sections;
529	struct rtl_section *section;
530	struct rtl_subsection entry, tmp;
531	u32 section_len;
532	u32 opcode;
533	int len = `0`;
534	int i;
535	u8 *ptr;
536	struct rtl_iovec iov = {
537	.data = btrtl_dev->fw_data,
538	.len = btrtl_dev->fw_len - `7`, / Cut the tail /
539	};
540
541	rc = btrtl_vendor_read_reg16(hdev, RTL_SEC_PROJ, rp: reg_val);
542	if (rc < `0`)
543	return -EIO;
544	key_id = reg_val[`0`];
545
546	rtl_dev_dbg(hdev, "%s: key id %u", __func__, key_id);
547
548	btrtl_dev->key_id = key_id;
549
550	hdr = rtl_iov_pull_data(iov: &iov, len: sizeof(*hdr));
551	if (!hdr)
552	return -EINVAL;
553	num_sections = le32_to_cpu(hdr->num_sections);
554
555	rtl_dev_dbg(hdev, "FW version %08x-%08x", ((u32 )hdr->fw_version),
556	((u32 )(hdr->fw_version + `4`)));
557
558	for (i = `0`; i < num_sections; i++) {
559	section = rtl_iov_pull_data(iov: &iov, len: sizeof(*section));
560	if (!section)
561	break;
562	section_len = le32_to_cpu(section->len);
563	opcode = le32_to_cpu(section->opcode);
564
565	rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode);
566
567	ptr = rtl_iov_pull_data(iov: &iov, len: section_len);
568	if (!ptr)
569	break;
570
571	switch (opcode) {
572	case RTL_PATCH_SNIPPETS:
573	rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
574	data: ptr, len: section_len);
575	break;
576	case RTL_PATCH_SECURITY_HEADER:
577	/ If key_id from chip is zero, ignore all security*
578	* headers.
579	*/
580	if (!key_id)
581	break;
582	rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
583	data: ptr, len: section_len);
584	break;
585	case RTL_PATCH_DUMMY_HEADER:
586	rc = btrtl_parse_section(hdev, btrtl_dev, opcode,
587	data: ptr, len: section_len);
588	break;
589	default:
590	rc = `0`;
591	break;
592	}
593	if (rc < `0`) {
594	rtl_dev_err(hdev, "RTL: Parse section (%u) err %d",
595	opcode, rc);
596	return rc;
597	}
598	len += rc;
599	}
600
601	if (!len)
602	return -ENODATA;
603
604	/ Allocate mem and copy all found subsecs. /
605	ptr = kvmalloc(size: len, GFP_KERNEL);
606	if (!ptr)
607	return -ENOMEM;
608
609	len = `0`;
610	list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
611	rtl_dev_dbg(hdev, "RTL: opcode %08x, addr %p, len 0x%x",
612	entry->opcode, entry->data, entry->len);
613	memcpy(ptr + len, entry->data, entry->len);
614	len += entry->len;
615	}
616
617	if (!len)
618	return -EPERM;
619
620	*_buf = ptr;
621	return len;
622	}
623
624	static int rtlbt_parse_firmware(struct hci_dev *hdev,
625	struct btrtl_device_info *btrtl_dev,
626	unsigned char **_buf)
627	{
628	static const u8 extension_sig[] = { `0x51`, `0x04`, `0xfd`, `0x77` };
629	struct btrealtek_data *coredump_info = hci_get_priv(hdev);
630	struct rtl_epatch_header *epatch_info;
631	unsigned char *buf;
632	int i, len;
633	size_t min_size;
634	u8 opcode, length, data;
635	int project_id = -`1`;
636	const unsigned char fwptr, chip_id_base;
637	const unsigned char patch_length_base, patch_offset_base;
638	u32 patch_offset = `0`;
639	u16 patch_length, num_patches;
640	static const struct {
641	__u16 lmp_subver;
642	__u8 id;
643	} project_id_to_lmp_subver[] = {
644	{ RTL_ROM_LMP_8723A, `0` },
645	{ RTL_ROM_LMP_8723B, `1` },
646	{ RTL_ROM_LMP_8821A, `2` },
647	{ RTL_ROM_LMP_8761A, `3` },
648	{ RTL_ROM_LMP_8703B, `7` },
649	{ RTL_ROM_LMP_8822B, `8` },
650	{ RTL_ROM_LMP_8723B, `9` }, / 8723D /
651	{ RTL_ROM_LMP_8821A, `10` }, / 8821C /
652	{ RTL_ROM_LMP_8822B, `13` }, / 8822C /
653	{ RTL_ROM_LMP_8761A, `14` }, / 8761B /
654	{ RTL_ROM_LMP_8852A, `18` }, / 8852A /
655	{ RTL_ROM_LMP_8852A, `20` }, / 8852B /
656	{ RTL_ROM_LMP_8852A, `25` }, / 8852C /
657	{ RTL_ROM_LMP_8851B, `36` }, / 8851B /
658	{ RTL_ROM_LMP_8852A, `47` }, / 8852BT /
659	};
660
661	if (btrtl_dev->fw_len <= `8`)
662	return -EINVAL;
663
664	if (!memcmp(p: btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, size: `8`))
665	min_size = sizeof(struct rtl_epatch_header) +
666	sizeof(extension_sig) + `3`;
667	else if (!memcmp(p: btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, size: `8`))
668	min_size = sizeof(struct rtl_epatch_header_v2) +
669	sizeof(extension_sig) + `3`;
670	else
671	return -EINVAL;
672
673	if (btrtl_dev->fw_len < min_size)
674	return -EINVAL;
675
676	fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
677	if (memcmp(p: fwptr, q: extension_sig, size: sizeof(extension_sig)) != `0`) {
678	rtl_dev_err(hdev, "extension section signature mismatch");
679	return -EINVAL;
680	}
681
682	/ Loop from the end of the firmware parsing instructions, until*
683	* we find an instruction that identifies the "project ID" for the
684	* hardware supported by this firwmare file.
685	* Once we have that, we double-check that project_id is suitable
686	* for the hardware we are working with.
687	*/
688	while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + `3`)) {
689	opcode = *--fwptr;
690	length = *--fwptr;
691	data = *--fwptr;
692
693	BT_DBG("check op=%x len=%x data=%x", opcode, length, data);
694
695	if (opcode == `0xff`) / EOF /
696	break;
697
698	if (length == `0`) {
699	rtl_dev_err(hdev, "found instruction with length 0");
700	return -EINVAL;
701	}
702
703	if (opcode == `0` && length == `1`) {
704	project_id = data;
705	break;
706	}
707
708	fwptr -= length;
709	}
710
711	if (project_id < `0`) {
712	rtl_dev_err(hdev, "failed to find version instruction");
713	return -EINVAL;
714	}
715
716	/ Find project_id in table /
717	for (i = `0`; i < ARRAY_SIZE(project_id_to_lmp_subver); i++) {
718	if (project_id == project_id_to_lmp_subver[i].id) {
719	btrtl_dev->project_id = project_id;
720	break;
721	}
722	}
723
724	if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
725	rtl_dev_err(hdev, "unknown project id %d", project_id);
726	return -EINVAL;
727	}
728
729	if (btrtl_dev->ic_info->lmp_subver !=
730	project_id_to_lmp_subver[i].lmp_subver) {
731	rtl_dev_err(hdev, "firmware is for %x but this is a %x",
732	project_id_to_lmp_subver[i].lmp_subver,
733	btrtl_dev->ic_info->lmp_subver);
734	return -EINVAL;
735	}
736
737	if (memcmp(p: btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, size: `8`) != `0`) {
738	if (!memcmp(p: btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V2, size: `8`))
739	return rtlbt_parse_firmware_v2(hdev, btrtl_dev, _buf);
740	rtl_dev_err(hdev, "bad EPATCH signature");
741	return -EINVAL;
742	}
743
744	epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
745	num_patches = le16_to_cpu(epatch_info->num_patches);
746
747	BT_DBG("fw_version=%x, num_patches=%d",
748	le32_to_cpu(epatch_info->fw_version), num_patches);
749	coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version);
750
751	/ After the rtl_epatch_header there is a funky patch metadata section.*
752	* Assuming 2 patches, the layout is:
753	* ChipID1 ChipID2 PatchLength1 PatchLength2 PatchOffset1 PatchOffset2
754	*
755	* Find the right patch for this chip.
756	*/
757	min_size += `8` * num_patches;
758	if (btrtl_dev->fw_len < min_size)
759	return -EINVAL;
760
761	chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
762	patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
763	patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
764	for (i = `0`; i < num_patches; i++) {
765	u16 chip_id = get_unaligned_le16(p: chip_id_base +
766	(i * sizeof(u16)));
767	if (chip_id == btrtl_dev->rom_version + `1`) {
768	patch_length = get_unaligned_le16(p: patch_length_base +
769	(i * sizeof(u16)));
770	patch_offset = get_unaligned_le32(p: patch_offset_base +
771	(i * sizeof(u32)));
772	break;
773	}
774	}
775
776	if (!patch_offset) {
777	rtl_dev_err(hdev, "didn't find patch for chip id %d",
778	btrtl_dev->rom_version);
779	return -EINVAL;
780	}
781
782	BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
783	min_size = patch_offset + patch_length;
784	if (btrtl_dev->fw_len < min_size)
785	return -EINVAL;
786
787	/ Copy the firmware into a new buffer and write the version at*
788	* the end.
789	*/
790	len = patch_length;
791	buf = kvmalloc(size: patch_length, GFP_KERNEL);
792	if (!buf)
793	return -ENOMEM;
794
795	memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - `4`);
796	memcpy(buf + patch_length - `4`, &epatch_info->fw_version, `4`);
797
798	*_buf = buf;
799	return len;
800	}
801
802	static int rtl_download_firmware(struct hci_dev *hdev,
803	const unsigned char data, int* fw_len)
804	{
805	struct rtl_download_cmd *dl_cmd;
806	int frag_num = fw_len / RTL_FRAG_LEN + `1`;
807	int frag_len = RTL_FRAG_LEN;
808	int ret = `0`;
809	int i;
810	int j = `0`;
811	struct sk_buff *skb;
812	struct hci_rp_read_local_version *rp;
813
814	dl_cmd = kmalloc(size: sizeof(struct rtl_download_cmd), GFP_KERNEL);
815	if (!dl_cmd)
816	return -ENOMEM;
817
818	for (i = `0`; i < frag_num; i++) {
819	struct sk_buff *skb;
820
821	dl_cmd->index = j++;
822	if (dl_cmd->index == `0x7f`)
823	j = `1`;
824
825	if (i == (frag_num - `1`)) {
826	dl_cmd->index \|= `0x80`; / data end /
827	frag_len = fw_len % RTL_FRAG_LEN;
828	}
829	rtl_dev_dbg(hdev, "download fw (%d/%d). index = %d", i,
830	frag_num, dl_cmd->index);
831	memcpy(dl_cmd->data, data, frag_len);
832
833	/ Send download command /
834	skb = __hci_cmd_sync(hdev, opcode: `0xfc20`, plen: frag_len + `1`, param: dl_cmd,
835	HCI_INIT_TIMEOUT);
836	if (IS_ERR(ptr: skb)) {
837	rtl_dev_err(hdev, "download fw command failed (%ld)",
838	PTR_ERR(skb));
839	ret = PTR_ERR(ptr: skb);
840	goto out;
841	}
842
843	if (skb->len != sizeof(struct rtl_download_response)) {
844	rtl_dev_err(hdev, "download fw event length mismatch");
845	kfree_skb(skb);
846	ret = -EIO;
847	goto out;
848	}
849
850	kfree_skb(skb);
851	data += RTL_FRAG_LEN;
852	}
853
854	skb = btrtl_read_local_version(hdev);
855	if (IS_ERR(ptr: skb)) {
856	ret = PTR_ERR(ptr: skb);
857	rtl_dev_err(hdev, "read local version failed");
858	goto out;
859	}
860
861	rp = (struct hci_rp_read_local_version *)skb->data;
862	rtl_dev_info(hdev, "fw version 0x%04x%04x",
863	__le16_to_cpu(rp->hci_rev), __le16_to_cpu(rp->lmp_subver));
864	kfree_skb(skb);
865
866	out:
867	kfree(objp: dl_cmd);
868	return ret;
869	}
870
871	static int rtl_load_file(struct hci_dev hdev, const* char name, u8 *buff)
872	{
873	const struct firmware *fw;
874	int ret;
875
876	rtl_dev_info(hdev, "loading %s", name);
877	ret = request_firmware(fw: &fw, name, device: &hdev->dev);
878	if (ret < `0`)
879	return ret;
880	ret = fw->size;
881	*buff = kvmalloc(size: fw->size, GFP_KERNEL);
882	if (*buff)
883	memcpy(*buff, fw->data, ret);
884	else
885	ret = -ENOMEM;
886
887	release_firmware(fw);
888
889	return ret;
890	}
891
892	static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
893	struct btrtl_device_info *btrtl_dev)
894	{
895	if (btrtl_dev->fw_len < `8`)
896	return -EINVAL;
897
898	/ Check that the firmware doesn't have the epatch signature*
899	* (which is only for RTL8723B and newer).
900	*/
901	if (!memcmp(p: btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, size: `8`)) {
902	rtl_dev_err(hdev, "unexpected EPATCH signature!");
903	return -EINVAL;
904	}
905
906	return rtl_download_firmware(hdev, data: btrtl_dev->fw_data,
907	fw_len: btrtl_dev->fw_len);
908	}
909
910	static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
911	struct btrtl_device_info *btrtl_dev)
912	{
913	unsigned char *fw_data = NULL;
914	int ret;
915	u8 *tbuff;
916
917	ret = rtlbt_parse_firmware(hdev, btrtl_dev, buf: &fw_data);
918	if (ret < `0`)
919	goto out;
920
921	if (btrtl_dev->cfg_len > `0`) {
922	tbuff = kvzalloc(size: ret + btrtl_dev->cfg_len, GFP_KERNEL);
923	if (!tbuff) {
924	ret = -ENOMEM;
925	goto out;
926	}
927
928	memcpy(tbuff, fw_data, ret);
929	kvfree(addr: fw_data);
930
931	memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
932	ret += btrtl_dev->cfg_len;
933
934	fw_data = tbuff;
935	}
936
937	rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret);
938
939	ret = rtl_download_firmware(hdev, data: fw_data, fw_len: ret);
940
941	out:
942	kvfree(addr: fw_data);
943	return ret;
944	}
945
946	static void btrtl_coredump(struct hci_dev *hdev)
947	{
948	static const u8 param[] = { `0x00`, `0x00` };
949
950	__hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, plen: sizeof(param), param);
951	}
952
953	static void btrtl_dmp_hdr(struct hci_dev hdev, struct* sk_buff *skb)
954	{
955	struct btrealtek_data *coredump_info = hci_get_priv(hdev);
956	char buf[`80`];
957
958	if (coredump_info->rtl_dump.controller)
959	snprintf(buf, size: sizeof(buf), fmt: "Controller Name: %s\n",
960	coredump_info->rtl_dump.controller);
961	else
962	snprintf(buf, size: sizeof(buf), fmt: "Controller Name: Unknown\n");
963	skb_put_data(skb, data: buf, strlen(buf));
964
965	snprintf(buf, size: sizeof(buf), fmt: "Firmware Version: 0x%X\n",
966	coredump_info->rtl_dump.fw_version);
967	skb_put_data(skb, data: buf, strlen(buf));
968
969	snprintf(buf, size: sizeof(buf), fmt: "Driver: %s\n", coredump_info->rtl_dump.driver_name);
970	skb_put_data(skb, data: buf, strlen(buf));
971
972	snprintf(buf, size: sizeof(buf), fmt: "Vendor: Realtek\n");
973	skb_put_data(skb, data: buf, strlen(buf));
974	}
975
976	static void btrtl_register_devcoredump_support(struct hci_dev *hdev)
977	{
978	hci_devcd_register(hdev, coredump: btrtl_coredump, dmp_hdr: btrtl_dmp_hdr, NULL);
979
980	}
981
982	void btrtl_set_driver_name(struct hci_dev hdev, const* char *driver_name)
983	{
984	struct btrealtek_data *coredump_info = hci_get_priv(hdev);
985
986	coredump_info->rtl_dump.driver_name = driver_name;
987	}
988	EXPORT_SYMBOL_GPL(btrtl_set_driver_name);
989
990	static bool rtl_has_chip_type(u16 lmp_subver)
991	{
992	switch (lmp_subver) {
993	case RTL_ROM_LMP_8703B:
994	return true;
995	default:
996	break;
997	}
998
999	return false;
1000	}
1001
1002	static int rtl_read_chip_type(struct hci_dev hdev, u8 type)
1003	{
1004	struct rtl_chip_type_evt *chip_type;
1005	struct sk_buff *skb;
1006	const unsigned char cmd_buf[] = {`0x00`, `0x94`, `0xa0`, `0x00`, `0xb0`};
1007
1008	/ Read RTL chip type command /
1009	skb = __hci_cmd_sync(hdev, opcode: `0xfc61`, plen: `5`, param: cmd_buf, HCI_INIT_TIMEOUT);
1010	if (IS_ERR(ptr: skb)) {
1011	rtl_dev_err(hdev, "Read chip type failed (%ld)",
1012	PTR_ERR(skb));
1013	return PTR_ERR(ptr: skb);
1014	}
1015
1016	chip_type = skb_pull_data(skb, len: sizeof(*chip_type));
1017	if (!chip_type) {
1018	rtl_dev_err(hdev, "RTL chip type event length mismatch");
1019	kfree_skb(skb);
1020	return -EIO;
1021	}
1022
1023	rtl_dev_info(hdev, "chip_type status=%x type=%x",
1024	chip_type->status, chip_type->type);
1025
1026	*type = chip_type->type & `0x0f`;
1027
1028	kfree_skb(skb);
1029	return `0`;
1030	}
1031
1032	void btrtl_free(struct btrtl_device_info *btrtl_dev)
1033	{
1034	struct rtl_subsection entry, tmp;
1035
1036	kvfree(addr: btrtl_dev->fw_data);
1037	kvfree(addr: btrtl_dev->cfg_data);
1038
1039	list_for_each_entry_safe(entry, tmp, &btrtl_dev->patch_subsecs, list) {
1040	list_del(entry: &entry->list);
1041	kfree(objp: entry);
1042	}
1043
1044	kfree(objp: btrtl_dev);
1045	}
1046	EXPORT_SYMBOL_GPL(btrtl_free);
1047
1048	struct btrtl_device_info btrtl_initialize(struct* hci_dev *hdev,
1049	const char *postfix)
1050	{
1051	struct btrealtek_data *coredump_info = hci_get_priv(hdev);
1052	struct btrtl_device_info *btrtl_dev;
1053	struct sk_buff *skb;
1054	struct hci_rp_read_local_version *resp;
1055	struct hci_command_hdr *cmd;
1056	char fw_name[`40`];
1057	char cfg_name[`40`];
1058	u16 hci_rev, lmp_subver;
1059	u8 hci_ver, lmp_ver, chip_type = `0`;
1060	int ret;
1061	u8 reg_val[`2`];
1062
1063	btrtl_dev = kzalloc(size: sizeof(*btrtl_dev), GFP_KERNEL);
1064	if (!btrtl_dev) {
1065	ret = -ENOMEM;
1066	goto err_alloc;
1067	}
1068
1069	INIT_LIST_HEAD(list: &btrtl_dev->patch_subsecs);
1070
1071	check_version:
1072	ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, rp: reg_val);
1073	if (ret < `0`)
1074	goto err_free;
1075	lmp_subver = get_unaligned_le16(p: reg_val);
1076
1077	if (lmp_subver == RTL_ROM_LMP_8822B) {
1078	ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_REV, rp: reg_val);
1079	if (ret < `0`)
1080	goto err_free;
1081	hci_rev = get_unaligned_le16(p: reg_val);
1082
1083	/ 8822E /
1084	if (hci_rev == `0x000e`) {
1085	hci_ver = `0x0c`;
1086	lmp_ver = `0x0c`;
1087	btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev,
1088	hci_ver, hci_bus: hdev->bus,
1089	chip_type);
1090	goto next;
1091	}
1092	}
1093
1094	skb = btrtl_read_local_version(hdev);
1095	if (IS_ERR(ptr: skb)) {
1096	ret = PTR_ERR(ptr: skb);
1097	goto err_free;
1098	}
1099
1100	resp = (struct hci_rp_read_local_version *)skb->data;
1101
1102	hci_ver = resp->hci_ver;
1103	hci_rev = le16_to_cpu(resp->hci_rev);
1104	lmp_ver = resp->lmp_ver;
1105	lmp_subver = le16_to_cpu(resp->lmp_subver);
1106
1107	kfree_skb(skb);
1108
1109	if (rtl_has_chip_type(lmp_subver)) {
1110	ret = rtl_read_chip_type(hdev, type: &chip_type);
1111	if (ret)
1112	goto err_free;
1113	}
1114
1115	btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
1116	hci_bus: hdev->bus, chip_type);
1117
1118	next:
1119	rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
1120	hci_ver, hci_rev,
1121	lmp_ver, lmp_subver);
1122
1123	if (!btrtl_dev->ic_info && !btrtl_dev->drop_fw)
1124	btrtl_dev->drop_fw = true;
1125	else
1126	btrtl_dev->drop_fw = false;
1127
1128	if (btrtl_dev->drop_fw) {
1129	skb = bt_skb_alloc(len: sizeof(*cmd), GFP_KERNEL);
1130	if (!skb)
1131	goto err_free;
1132
1133	cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE);
1134	cmd->opcode = cpu_to_le16(`0xfc66`);
1135	cmd->plen = `0`;
1136
1137	hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1138
1139	ret = hdev->send(hdev, skb);
1140	if (ret < `0`) {
1141	bt_dev_err(hdev, "sending frame failed (%d)", ret);
1142	kfree_skb(skb);
1143	goto err_free;
1144	}
1145
1146	/ Ensure the above vendor command is sent to controller and*
1147	* process has done.
1148	*/
1149	msleep(msecs: `200`);
1150
1151	goto check_version;
1152	}
1153
1154	if (!btrtl_dev->ic_info) {
1155	rtl_dev_info(hdev, "unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
1156	lmp_subver, hci_rev, hci_ver);
1157	return btrtl_dev;
1158	}
1159
1160	if (btrtl_dev->ic_info->has_rom_version) {
1161	ret = rtl_read_rom_version(hdev, version: &btrtl_dev->rom_version);
1162	if (ret)
1163	goto err_free;
1164	}
1165
1166	if (!btrtl_dev->ic_info->fw_name) {
1167	ret = -ENOMEM;
1168	goto err_free;
1169	}
1170
1171	btrtl_dev->fw_len = -EIO;
1172	if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == `0x000c`) {
1173	snprintf(buf: fw_name, size: sizeof(fw_name), fmt: "%s_v2.bin",
1174	btrtl_dev->ic_info->fw_name);
1175	btrtl_dev->fw_len = rtl_load_file(hdev, name: fw_name,
1176	buff: &btrtl_dev->fw_data);
1177	}
1178
1179	if (btrtl_dev->fw_len < `0`) {
1180	snprintf(buf: fw_name, size: sizeof(fw_name), fmt: "%s.bin",
1181	btrtl_dev->ic_info->fw_name);
1182	btrtl_dev->fw_len = rtl_load_file(hdev, name: fw_name,
1183	buff: &btrtl_dev->fw_data);
1184	}
1185
1186	if (btrtl_dev->fw_len < `0`) {
1187	rtl_dev_err(hdev, "firmware file %s not found",
1188	btrtl_dev->ic_info->fw_name);
1189	ret = btrtl_dev->fw_len;
1190	goto err_free;
1191	}
1192
1193	if (btrtl_dev->ic_info->cfg_name) {
1194	if (postfix) {
1195	snprintf(buf: cfg_name, size: sizeof(cfg_name), fmt: "%s-%s.bin",
1196	btrtl_dev->ic_info->cfg_name, postfix);
1197	} else {
1198	snprintf(buf: cfg_name, size: sizeof(cfg_name), fmt: "%s.bin",
1199	btrtl_dev->ic_info->cfg_name);
1200	}
1201	btrtl_dev->cfg_len = rtl_load_file(hdev, name: cfg_name,
1202	buff: &btrtl_dev->cfg_data);
1203	if (btrtl_dev->ic_info->config_needed &&
1204	btrtl_dev->cfg_len <= `0`) {
1205	rtl_dev_err(hdev, "mandatory config file %s not found",
1206	btrtl_dev->ic_info->cfg_name);
1207	ret = btrtl_dev->cfg_len;
1208	goto err_free;
1209	}
1210	}
1211
1212	/ The following chips supports the Microsoft vendor extension,*
1213	* therefore set the corresponding VsMsftOpCode.
1214	*/
1215	if (btrtl_dev->ic_info->has_msft_ext)
1216	hci_set_msft_opcode(hdev, opcode: `0xFCF0`);
1217
1218	if (btrtl_dev->ic_info)
1219	coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info;
1220
1221	return btrtl_dev;
1222
1223	err_free:
1224	btrtl_free(btrtl_dev);
1225	err_alloc:
1226	return ERR_PTR(error: ret);
1227	}
1228	EXPORT_SYMBOL_GPL(btrtl_initialize);
1229
1230	int btrtl_download_firmware(struct hci_dev *hdev,
1231	struct btrtl_device_info *btrtl_dev)
1232	{
1233	int err = `0`;
1234
1235	/ Match a set of subver values that correspond to stock firmware,*
1236	* which is not compatible with standard btusb.
1237	* If matched, upload an alternative firmware that does conform to
1238	* standard btusb. Once that firmware is uploaded, the subver changes
1239	* to a different value.
1240	*/
1241	if (!btrtl_dev->ic_info) {
1242	rtl_dev_info(hdev, "assuming no firmware upload needed");
1243	err = `0`;
1244	goto done;
1245	}
1246
1247	switch (btrtl_dev->ic_info->lmp_subver) {
1248	case RTL_ROM_LMP_8723A:
1249	err = btrtl_setup_rtl8723a(hdev, btrtl_dev);
1250	break;
1251	case RTL_ROM_LMP_8723B:
1252	case RTL_ROM_LMP_8821A:
1253	case RTL_ROM_LMP_8761A:
1254	case RTL_ROM_LMP_8822B:
1255	case RTL_ROM_LMP_8852A:
1256	case RTL_ROM_LMP_8703B:
1257	case RTL_ROM_LMP_8851B:
1258	err = btrtl_setup_rtl8723b(hdev, btrtl_dev);
1259	break;
1260	default:
1261	rtl_dev_info(hdev, "assuming no firmware upload needed");
1262	break;
1263	}
1264
1265	done:
1266	btrtl_register_devcoredump_support(hdev);
1267
1268	return err;
1269	}
1270	EXPORT_SYMBOL_GPL(btrtl_download_firmware);
1271
1272	void btrtl_set_quirks(struct hci_dev hdev, struct* btrtl_device_info *btrtl_dev)
1273	{
1274	/ Enable controller to do both LE scan and BR/EDR inquiry*
1275	* simultaneously.
1276	*/
1277	set_bit(nr: HCI_QUIRK_SIMULTANEOUS_DISCOVERY, addr: &hdev->quirks);
1278
1279	/ Enable central-peripheral role (able to create new connections with*
1280	* an existing connection in slave role).
1281	*/
1282	/ Enable WBS supported for the specific Realtek devices. /
1283	switch (btrtl_dev->project_id) {
1284	case CHIP_ID_8822C:
1285	case CHIP_ID_8852A:
1286	case CHIP_ID_8852B:
1287	case CHIP_ID_8852C:
1288	case CHIP_ID_8851B:
1289	case CHIP_ID_8852BT:
1290	set_bit(nr: HCI_QUIRK_VALID_LE_STATES, addr: &hdev->quirks);
1291	set_bit(nr: HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, addr: &hdev->quirks);
1292
1293	/ RTL8852C needs to transmit mSBC data continuously without*
1294	* the zero length of USB packets for the ALT 6 supported chips
1295	*/
1296	if (btrtl_dev->project_id == CHIP_ID_8852C)
1297	btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
1298
1299	if (btrtl_dev->project_id == CHIP_ID_8852A \|\|
1300	btrtl_dev->project_id == CHIP_ID_8852C)
1301	set_bit(nr: HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, addr: &hdev->quirks);
1302
1303	hci_set_aosp_capable(hdev);
1304	break;
1305	default:
1306	rtl_dev_dbg(hdev, "Central-peripheral role not enabled.");
1307	rtl_dev_dbg(hdev, "WBS supported not enabled.");
1308	break;
1309	}
1310
1311	if (!btrtl_dev->ic_info)
1312	return;
1313
1314	switch (btrtl_dev->ic_info->lmp_subver) {
1315	case RTL_ROM_LMP_8703B:
1316	/ 8723CS reports two pages for local ext features,*
1317	* but it doesn't support any features from page 2 -
1318	* it either responds with garbage or with error status
1319	*/
1320	set_bit(nr: HCI_QUIRK_BROKEN_LOCAL_EXT_FEATURES_PAGE_2,
1321	addr: &hdev->quirks);
1322	break;
1323	default:
1324	break;
1325	}
1326	}
1327	EXPORT_SYMBOL_GPL(btrtl_set_quirks);
1328
1329	int btrtl_setup_realtek(struct hci_dev *hdev)
1330	{
1331	struct btrtl_device_info *btrtl_dev;
1332	int ret;
1333
1334	btrtl_dev = btrtl_initialize(hdev, NULL);
1335	if (IS_ERR(ptr: btrtl_dev))
1336	return PTR_ERR(ptr: btrtl_dev);
1337
1338	ret = btrtl_download_firmware(hdev, btrtl_dev);
1339
1340	btrtl_set_quirks(hdev, btrtl_dev);
1341
1342	btrtl_free(btrtl_dev);
1343	return ret;
1344	}
1345	EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
1346
1347	int btrtl_shutdown_realtek(struct hci_dev *hdev)
1348	{
1349	struct sk_buff *skb;
1350	int ret;
1351
1352	/ According to the vendor driver, BT must be reset on close to avoid*
1353	* firmware crash.
1354	*/
1355	skb = __hci_cmd_sync(hdev, HCI_OP_RESET, plen: `0`, NULL, HCI_INIT_TIMEOUT);
1356	if (IS_ERR(ptr: skb)) {
1357	ret = PTR_ERR(ptr: skb);
1358	bt_dev_err(hdev, "HCI reset during shutdown failed");
1359	return ret;
1360	}
1361	kfree_skb(skb);
1362
1363	return `0`;
1364	}
1365	EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek);
1366
1367	static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
1368	{
1369	switch (device_baudrate) {
1370	case `0x0252a00a`:
1371	return `230400`;
1372
1373	case `0x05f75004`:
1374	return `921600`;
1375
1376	case `0x00005004`:
1377	return `1000000`;
1378
1379	case `0x04928002`:
1380	case `0x01128002`:
1381	return `1500000`;
1382
1383	case `0x00005002`:
1384	return `2000000`;
1385
1386	case `0x0000b001`:
1387	return `2500000`;
1388
1389	case `0x04928001`:
1390	return `3000000`;
1391
1392	case `0x052a6001`:
1393	return `3500000`;
1394
1395	case `0x00005001`:
1396	return `4000000`;
1397
1398	case `0x0252c014`:
1399	default:
1400	return `115200`;
1401	}
1402	}
1403
1404	int btrtl_get_uart_settings(struct hci_dev *hdev,
1405	struct btrtl_device_info *btrtl_dev,
1406	unsigned int *controller_baudrate,
1407	u32 device_baudrate, bool flow_control)
1408	{
1409	struct rtl_vendor_config *config;
1410	struct rtl_vendor_config_entry *entry;
1411	int i, total_data_len;
1412	bool found = false;
1413
1414	total_data_len = btrtl_dev->cfg_len - sizeof(*config);
1415	if (total_data_len <= `0`) {
1416	rtl_dev_warn(hdev, "no config loaded");
1417	return -EINVAL;
1418	}
1419
1420	config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
1421	if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
1422	rtl_dev_err(hdev, "invalid config magic");
1423	return -EINVAL;
1424	}
1425
1426	if (total_data_len < le16_to_cpu(config->total_len)) {
1427	rtl_dev_err(hdev, "config is too short");
1428	return -EINVAL;
1429	}
1430
1431	for (i = `0`; i < total_data_len; ) {
1432	entry = ((void *)config->entry) + i;
1433
1434	switch (le16_to_cpu(entry->offset)) {
1435	case `0xc`:
1436	if (entry->len < sizeof(*device_baudrate)) {
1437	rtl_dev_err(hdev, "invalid UART config entry");
1438	return -EINVAL;
1439	}
1440
1441	*device_baudrate = get_unaligned_le32(p: entry->data);
1442	*controller_baudrate = btrtl_convert_baudrate(
1443	device_baudrate: *device_baudrate);
1444
1445	if (entry->len >= `13`)
1446	*flow_control = !!(entry->data[`12`] & BIT(`2`));
1447	else
1448	*flow_control = false;
1449
1450	found = true;
1451	break;
1452
1453	default:
1454	rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)",
1455	le16_to_cpu(entry->offset), entry->len);
1456	break;
1457	}
1458
1459	i += sizeof(*entry) + entry->len;
1460	}
1461
1462	if (!found) {
1463	rtl_dev_err(hdev, "no UART config entry found");
1464	return -ENOENT;
1465	}
1466
1467	rtl_dev_dbg(hdev, "device baudrate = 0x%08x", *device_baudrate);
1468	rtl_dev_dbg(hdev, "controller baudrate = %u", *controller_baudrate);
1469	rtl_dev_dbg(hdev, "flow control %d", *flow_control);
1470
1471	return `0`;
1472	}
1473	EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
1474
1475	MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
1476	MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
1477	MODULE_VERSION(VERSION);
1478	MODULE_LICENSE("GPL");
1479	MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
1480	MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
1481	MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
1482	MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
1483	MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
1484	MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_fw.bin");
1485	MODULE_FIRMWARE("rtl_bt/rtl8723cs_cg_config.bin");
1486	MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_fw.bin");
1487	MODULE_FIRMWARE("rtl_bt/rtl8723cs_vf_config.bin");
1488	MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_fw.bin");
1489	MODULE_FIRMWARE("rtl_bt/rtl8723cs_xx_config.bin");
1490	MODULE_FIRMWARE("rtl_bt/rtl8723d_fw.bin");
1491	MODULE_FIRMWARE("rtl_bt/rtl8723d_config.bin");
1492	MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
1493	MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
1494	MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
1495	MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
1496	MODULE_FIRMWARE("rtl_bt/rtl8761b_fw.bin");
1497	MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin");
1498	MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin");
1499	MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin");
1500	MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
1501	MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
1502	MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin");
1503	MODULE_FIRMWARE("rtl_bt/rtl8821c_config.bin");
1504	MODULE_FIRMWARE("rtl_bt/rtl8821cs_fw.bin");
1505	MODULE_FIRMWARE("rtl_bt/rtl8821cs_config.bin");
1506	MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
1507	MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
1508	MODULE_FIRMWARE("rtl_bt/rtl8822cs_fw.bin");
1509	MODULE_FIRMWARE("rtl_bt/rtl8822cs_config.bin");
1510	MODULE_FIRMWARE("rtl_bt/rtl8822cu_fw.bin");
1511	MODULE_FIRMWARE("rtl_bt/rtl8822cu_config.bin");
1512	MODULE_FIRMWARE("rtl_bt/rtl8851bu_fw.bin");
1513	MODULE_FIRMWARE("rtl_bt/rtl8851bu_config.bin");
1514	MODULE_FIRMWARE("rtl_bt/rtl8852au_fw.bin");
1515	MODULE_FIRMWARE("rtl_bt/rtl8852au_config.bin");
1516	MODULE_FIRMWARE("rtl_bt/rtl8852bs_fw.bin");
1517	MODULE_FIRMWARE("rtl_bt/rtl8852bs_config.bin");
1518	MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
1519	MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
1520	MODULE_FIRMWARE("rtl_bt/rtl8852btu_fw.bin");
1521	MODULE_FIRMWARE("rtl_bt/rtl8852btu_config.bin");
1522	MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
1523	MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin");
1524	MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
1525

source code of linux/drivers/bluetooth/btrtl.c