1 /*
2 *
3 * Bluetooth support for Broadcom devices
4 *
5 * Copyright (C) 2015 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/module.h>
25 #include <linux/firmware.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30
31 #include "btbcm.h"
32
33 #define VERSION "0.1"
34
35 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
36 #define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
37 #define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
38
btbcm_check_bdaddr(struct hci_dev * hdev)39 int btbcm_check_bdaddr(struct hci_dev *hdev)
40 {
41 struct hci_rp_read_bd_addr *bda;
42 struct sk_buff *skb;
43
44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
45 HCI_INIT_TIMEOUT);
46 if (IS_ERR(skb)) {
47 int err = PTR_ERR(skb);
48 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
49 return err;
50 }
51
52 if (skb->len != sizeof(*bda)) {
53 bt_dev_err(hdev, "BCM: Device address length mismatch");
54 kfree_skb(skb);
55 return -EIO;
56 }
57
58 bda = (struct hci_rp_read_bd_addr *)skb->data;
59
60 /* Check if the address indicates a controller with either an
61 * invalid or default address. In both cases the device needs
62 * to be marked as not having a valid address.
63 *
64 * The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller
65 * with no configured address.
66 *
67 * The address 43:24:B3:00:00:00 indicates a BCM4324B3 controller
68 * with waiting for configuration state.
69 *
70 * The address 43:30:B1:00:00:00 indicates a BCM4330B1 controller
71 * with waiting for configuration state.
72 */
73 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
74 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1)) {
76 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
77 &bda->bdaddr);
78 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
79 }
80
81 kfree_skb(skb);
82
83 return 0;
84 }
85 EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
86
btbcm_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)87 int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
88 {
89 struct sk_buff *skb;
90 int err;
91
92 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
93 if (IS_ERR(skb)) {
94 err = PTR_ERR(skb);
95 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
96 return err;
97 }
98 kfree_skb(skb);
99
100 return 0;
101 }
102 EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
103
btbcm_patchram(struct hci_dev * hdev,const struct firmware * fw)104 int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
105 {
106 const struct hci_command_hdr *cmd;
107 const u8 *fw_ptr;
108 size_t fw_size;
109 struct sk_buff *skb;
110 u16 opcode;
111 int err = 0;
112
113 /* Start Download */
114 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
115 if (IS_ERR(skb)) {
116 err = PTR_ERR(skb);
117 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
118 err);
119 goto done;
120 }
121 kfree_skb(skb);
122
123 /* 50 msec delay after Download Minidrv completes */
124 msleep(50);
125
126 fw_ptr = fw->data;
127 fw_size = fw->size;
128
129 while (fw_size >= sizeof(*cmd)) {
130 const u8 *cmd_param;
131
132 cmd = (struct hci_command_hdr *)fw_ptr;
133 fw_ptr += sizeof(*cmd);
134 fw_size -= sizeof(*cmd);
135
136 if (fw_size < cmd->plen) {
137 bt_dev_err(hdev, "BCM: Patch is corrupted");
138 err = -EINVAL;
139 goto done;
140 }
141
142 cmd_param = fw_ptr;
143 fw_ptr += cmd->plen;
144 fw_size -= cmd->plen;
145
146 opcode = le16_to_cpu(cmd->opcode);
147
148 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
149 HCI_INIT_TIMEOUT);
150 if (IS_ERR(skb)) {
151 err = PTR_ERR(skb);
152 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
153 opcode, err);
154 goto done;
155 }
156 kfree_skb(skb);
157 }
158
159 /* 250 msec delay after Launch Ram completes */
160 msleep(250);
161
162 done:
163 return err;
164 }
165 EXPORT_SYMBOL(btbcm_patchram);
166
btbcm_reset(struct hci_dev * hdev)167 static int btbcm_reset(struct hci_dev *hdev)
168 {
169 struct sk_buff *skb;
170
171 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
172 if (IS_ERR(skb)) {
173 int err = PTR_ERR(skb);
174 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
175 return err;
176 }
177 kfree_skb(skb);
178
179 /* 100 msec delay for module to complete reset process */
180 msleep(100);
181
182 return 0;
183 }
184
btbcm_read_local_name(struct hci_dev * hdev)185 static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
186 {
187 struct sk_buff *skb;
188
189 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
190 HCI_INIT_TIMEOUT);
191 if (IS_ERR(skb)) {
192 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
193 PTR_ERR(skb));
194 return skb;
195 }
196
197 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
198 bt_dev_err(hdev, "BCM: Local name length mismatch");
199 kfree_skb(skb);
200 return ERR_PTR(-EIO);
201 }
202
203 return skb;
204 }
205
btbcm_read_local_version(struct hci_dev * hdev)206 static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
207 {
208 struct sk_buff *skb;
209
210 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
211 HCI_INIT_TIMEOUT);
212 if (IS_ERR(skb)) {
213 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
214 PTR_ERR(skb));
215 return skb;
216 }
217
218 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
219 bt_dev_err(hdev, "BCM: Local version length mismatch");
220 kfree_skb(skb);
221 return ERR_PTR(-EIO);
222 }
223
224 return skb;
225 }
226
btbcm_read_verbose_config(struct hci_dev * hdev)227 static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
228 {
229 struct sk_buff *skb;
230
231 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
232 if (IS_ERR(skb)) {
233 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
234 PTR_ERR(skb));
235 return skb;
236 }
237
238 if (skb->len != 7) {
239 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
240 kfree_skb(skb);
241 return ERR_PTR(-EIO);
242 }
243
244 return skb;
245 }
246
btbcm_read_controller_features(struct hci_dev * hdev)247 static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
248 {
249 struct sk_buff *skb;
250
251 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
252 if (IS_ERR(skb)) {
253 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
254 PTR_ERR(skb));
255 return skb;
256 }
257
258 if (skb->len != 9) {
259 bt_dev_err(hdev, "BCM: Controller features length mismatch");
260 kfree_skb(skb);
261 return ERR_PTR(-EIO);
262 }
263
264 return skb;
265 }
266
btbcm_read_usb_product(struct hci_dev * hdev)267 static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
268 {
269 struct sk_buff *skb;
270
271 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
272 if (IS_ERR(skb)) {
273 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
274 PTR_ERR(skb));
275 return skb;
276 }
277
278 if (skb->len != 5) {
279 bt_dev_err(hdev, "BCM: USB product length mismatch");
280 kfree_skb(skb);
281 return ERR_PTR(-EIO);
282 }
283
284 return skb;
285 }
286
btbcm_read_info(struct hci_dev * hdev)287 static int btbcm_read_info(struct hci_dev *hdev)
288 {
289 struct sk_buff *skb;
290
291 /* Read Verbose Config Version Info */
292 skb = btbcm_read_verbose_config(hdev);
293 if (IS_ERR(skb))
294 return PTR_ERR(skb);
295
296 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
297 kfree_skb(skb);
298
299 /* Read Controller Features */
300 skb = btbcm_read_controller_features(hdev);
301 if (IS_ERR(skb))
302 return PTR_ERR(skb);
303
304 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
305 kfree_skb(skb);
306
307 /* Read Local Name */
308 skb = btbcm_read_local_name(hdev);
309 if (IS_ERR(skb))
310 return PTR_ERR(skb);
311
312 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
313 kfree_skb(skb);
314
315 return 0;
316 }
317
318 struct bcm_subver_table {
319 u16 subver;
320 const char *name;
321 };
322
323 static const struct bcm_subver_table bcm_uart_subver_table[] = {
324 { 0x4103, "BCM4330B1" }, /* 002.001.003 */
325 { 0x410e, "BCM43341B0" }, /* 002.001.014 */
326 { 0x4406, "BCM4324B3" }, /* 002.004.006 */
327 { 0x4606, "BCM4324B5" }, /* 002.006.006 */
328 { 0x6109, "BCM4335C0" }, /* 003.001.009 */
329 { 0x610c, "BCM4354" }, /* 003.001.012 */
330 { 0x2122, "BCM4343A0" }, /* 001.001.034 */
331 { 0x2209, "BCM43430A1" }, /* 001.002.009 */
332 { 0x6119, "BCM4345C0" }, /* 003.001.025 */
333 { 0x230f, "BCM4356A2" }, /* 001.003.015 */
334 { }
335 };
336
337 static const struct bcm_subver_table bcm_usb_subver_table[] = {
338 { 0x2105, "BCM20703A1" }, /* 001.001.005 */
339 { 0x210b, "BCM43142A0" }, /* 001.001.011 */
340 { 0x2112, "BCM4314A0" }, /* 001.001.018 */
341 { 0x2118, "BCM20702A0" }, /* 001.001.024 */
342 { 0x2126, "BCM4335A0" }, /* 001.001.038 */
343 { 0x220e, "BCM20702A1" }, /* 001.002.014 */
344 { 0x230f, "BCM4354A2" }, /* 001.003.015 */
345 { 0x4106, "BCM4335B0" }, /* 002.001.006 */
346 { 0x410e, "BCM20702B0" }, /* 002.001.014 */
347 { 0x6109, "BCM4335C0" }, /* 003.001.009 */
348 { 0x610c, "BCM4354" }, /* 003.001.012 */
349 { }
350 };
351
btbcm_initialize(struct hci_dev * hdev,char * fw_name,size_t len,bool reinit)352 int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len,
353 bool reinit)
354 {
355 u16 subver, rev, pid, vid;
356 const char *hw_name = "BCM";
357 struct sk_buff *skb;
358 struct hci_rp_read_local_version *ver;
359 const struct bcm_subver_table *bcm_subver_table;
360 int i, err;
361
362 /* Reset */
363 err = btbcm_reset(hdev);
364 if (err)
365 return err;
366
367 /* Read Local Version Info */
368 skb = btbcm_read_local_version(hdev);
369 if (IS_ERR(skb))
370 return PTR_ERR(skb);
371
372 ver = (struct hci_rp_read_local_version *)skb->data;
373 rev = le16_to_cpu(ver->hci_rev);
374 subver = le16_to_cpu(ver->lmp_subver);
375 kfree_skb(skb);
376
377 /* Read controller information */
378 if (!reinit) {
379 err = btbcm_read_info(hdev);
380 if (err)
381 return err;
382 }
383
384 /* Upper nibble of rev should be between 0 and 3? */
385 if (((rev & 0xf000) >> 12) > 3)
386 return 0;
387
388 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
389 bcm_uart_subver_table;
390
391 for (i = 0; bcm_subver_table[i].name; i++) {
392 if (subver == bcm_subver_table[i].subver) {
393 hw_name = bcm_subver_table[i].name;
394 break;
395 }
396 }
397
398 if (hdev->bus == HCI_USB) {
399 /* Read USB Product Info */
400 skb = btbcm_read_usb_product(hdev);
401 if (IS_ERR(skb))
402 return PTR_ERR(skb);
403
404 vid = get_unaligned_le16(skb->data + 1);
405 pid = get_unaligned_le16(skb->data + 3);
406 kfree_skb(skb);
407
408 snprintf(fw_name, len, "brcm/%s-%4.4x-%4.4x.hcd",
409 hw_name, vid, pid);
410 } else {
411 snprintf(fw_name, len, "brcm/%s.hcd", hw_name);
412 }
413
414 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
415 hw_name, (subver & 0xe000) >> 13,
416 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
417
418 return 0;
419 }
420 EXPORT_SYMBOL_GPL(btbcm_initialize);
421
btbcm_finalize(struct hci_dev * hdev)422 int btbcm_finalize(struct hci_dev *hdev)
423 {
424 char fw_name[64];
425 int err;
426
427 /* Re-initialize */
428 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
429 if (err)
430 return err;
431
432 btbcm_check_bdaddr(hdev);
433
434 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
435
436 return 0;
437 }
438 EXPORT_SYMBOL_GPL(btbcm_finalize);
439
btbcm_setup_patchram(struct hci_dev * hdev)440 int btbcm_setup_patchram(struct hci_dev *hdev)
441 {
442 char fw_name[64];
443 const struct firmware *fw;
444 struct sk_buff *skb;
445 int err;
446
447 /* Initialize */
448 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), false);
449 if (err)
450 return err;
451
452 err = request_firmware(&fw, fw_name, &hdev->dev);
453 if (err < 0) {
454 bt_dev_info(hdev, "BCM: Patch %s not found", fw_name);
455 goto done;
456 }
457
458 btbcm_patchram(hdev, fw);
459
460 release_firmware(fw);
461
462 /* Re-initialize */
463 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
464 if (err)
465 return err;
466
467 /* Read Local Name */
468 skb = btbcm_read_local_name(hdev);
469 if (IS_ERR(skb))
470 return PTR_ERR(skb);
471
472 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
473 kfree_skb(skb);
474
475 done:
476 btbcm_check_bdaddr(hdev);
477
478 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
479
480 return 0;
481 }
482 EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
483
btbcm_setup_apple(struct hci_dev * hdev)484 int btbcm_setup_apple(struct hci_dev *hdev)
485 {
486 struct sk_buff *skb;
487 int err;
488
489 /* Reset */
490 err = btbcm_reset(hdev);
491 if (err)
492 return err;
493
494 /* Read Verbose Config Version Info */
495 skb = btbcm_read_verbose_config(hdev);
496 if (!IS_ERR(skb)) {
497 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
498 skb->data[1], get_unaligned_le16(skb->data + 5));
499 kfree_skb(skb);
500 }
501
502 /* Read USB Product Info */
503 skb = btbcm_read_usb_product(hdev);
504 if (!IS_ERR(skb)) {
505 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
506 get_unaligned_le16(skb->data + 1),
507 get_unaligned_le16(skb->data + 3));
508 kfree_skb(skb);
509 }
510
511 /* Read Controller Features */
512 skb = btbcm_read_controller_features(hdev);
513 if (!IS_ERR(skb)) {
514 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
515 kfree_skb(skb);
516 }
517
518 /* Read Local Name */
519 skb = btbcm_read_local_name(hdev);
520 if (!IS_ERR(skb)) {
521 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
522 kfree_skb(skb);
523 }
524
525 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
526
527 return 0;
528 }
529 EXPORT_SYMBOL_GPL(btbcm_setup_apple);
530
531 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
532 MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
533 MODULE_VERSION(VERSION);
534 MODULE_LICENSE("GPL");
535