1 /*
2 * Copyright (C) 2018 Realtek Semiconductor Corporation.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <stdint.h>
18 #include <stdbool.h>
19 #include <string.h>
20 #include <sys/types.h>
21 #include <sys/stat.h>
22 #include <fcntl.h>
23 #include <errno.h>
24 #include <unistd.h>
25 #include <ctype.h>
26 #include <time.h>
27 #include <sys/time.h>
28 #include <sys/ioctl.h>
29
30 #ifndef PATH_MAX
31 #define PATH_MAX 1024
32 #endif
33
34 #include "hciattach.h"
35 #include "rtb_fwc.h"
36
37 //#define BT_ADDR_FROM_VENDOR_STORAGE
38
39 #define FIRMWARE_DIRECTORY "/lib/firmware/rtlbt/"
40 #define BT_CONFIG_DIRECTORY "/lib/firmware/rtlbt/"
41 #define EXTRA_CONFIG_FILE "/opt/rtk_btconfig.txt"
42 #define BT_ADDR_FILE "/opt/bdaddr"
43 #define BDADDR_STRING_LEN 17
44
45 struct list_head {
46 struct list_head *next, *prev;
47 };
48
49 struct cfg_list_item {
50 struct list_head list;
51 uint16_t offset;
52 uint8_t len;
53 uint8_t data[0];
54 };
55
56 const uint8_t cfg_magic[4] = { 0x55, 0xab, 0x23, 0x87 };
57 static struct list_head list_configs;
58 static struct list_head list_extracfgs;
59
60 struct rtb_cfg_item {
61 uint16_t offset;
62 uint8_t len;
63 uint8_t data[0];
64 } __attribute__ ((packed));
65
66 #define RTB_CFG_HDR_LEN 6
67
68 struct rtb_patch_entry {
69 uint16_t chip_id;
70 uint16_t patch_len;
71 uint32_t soffset;
72 uint32_t svn_ver;
73 uint32_t coex_ver;
74 } __attribute__ ((packed));
75
76 struct rtb_patch_hdr {
77 uint8_t signature[8];
78 uint32_t fw_version;
79 uint16_t number_of_patch;
80 struct rtb_patch_entry entry[0];
81 } __attribute__ ((packed));
82
83 uint16_t project_id[]=
84 {
85 ROM_LMP_8723a,
86 ROM_LMP_8723b, /* RTL8723BS */
87 ROM_LMP_8821a, /* RTL8821AS */
88 ROM_LMP_8761a, /* RTL8761ATV */
89
90 ROM_LMP_8703a,
91 ROM_LMP_8763a,
92 ROM_LMP_8703b,
93 ROM_LMP_8723c, /* index 7 for 8723CS. What is for other 8723CS */
94 ROM_LMP_8822b, /* RTL8822BS */
95 ROM_LMP_8723b, /* RTL8723DS */
96 ROM_LMP_8821a, /* id 10 for RTL8821CS, lmp subver 0x8821 */
97 ROM_LMP_NONE,
98 ROM_LMP_NONE,
99 ROM_LMP_8822c, /* id 13 for RTL8822CS, lmp subver 0x8822 */
100 ROM_LMP_8761a, /* id 14 for 8761B */
101 ROM_LMP_NONE,
102 ROM_LMP_NONE,
103 ROM_LMP_NONE,
104 ROM_LMP_8852a, /* id 18 for 8852AS */
105 ROM_LMP_8723b, /* id 19 for 8723FS */
106 ROM_LMP_8852a, /* id 20 for 8852BS */
107 ROM_LMP_NONE,
108 ROM_LMP_NONE,
109 ROM_LMP_NONE,
110 ROM_LMP_NONE,
111 ROM_LMP_8852a, /* id 25 for 8852CS */
112 ROM_LMP_NONE,
113 ROM_LMP_NONE,
114 ROM_LMP_NONE,
115 ROM_LMP_NONE,
116 ROM_LMP_NONE,
117 ROM_LMP_NONE,
118 ROM_LMP_NONE,
119 ROM_LMP_NONE,
120 ROM_LMP_8852a, /* id 34 for 8852BP */
121 };
122
123 static struct patch_info h4_patch_table[] = {
124 /* match flags, chip type, lmp subver, proj id(unused), hci_ver,
125 * hci_rev, ...
126 */
127
128 /* RTL8761AT */
129 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761AT,
130 0x8761, 0xffff, 0, 0x000a,
131 "rtl8761at_fw", "rtl8761at_config", "RTL8761AT" },
132 /* RTL8761ATF */
133 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761ATF,
134 0x8761, 0xffff, 0, 0x000a,
135 "rtl8761atf_fw", "rtl8761atf_config", "RTL8761ATF" },
136 /* RTL8761B(8763) H4 Test Chip without download
137 * FW/Config is not used.
138 */
139 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761BTC,
140 0x8763, 0xffff, 0, 0x000b,
141 "rtl8761btc_fw", "rtl8761btc_config", "RTL8761BTC" },
142 /* RTL8761B H4 Test Chip wihtout download*/
143 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761BH4,
144 0x8761, 0xffff, 0, 0x000b,
145 "rtl8761bh4_fw", "rtl8761bh4_config", "RTL8761BH4" },
146
147 /* RTL8723DS */
148 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723DS,
149 ROM_LMP_8723b, ROM_LMP_8723b, 8, 0x000d,
150 "rtl8723dsh4_fw", "rtl8723dsh4_config", "RTL8723DSH4"},
151
152 { 0, 0, 0, ROM_LMP_NONE, 0, 0, "rtl_none_fw", "rtl_none_config", "NONE"}
153 };
154
155 static struct patch_info patch_table[] = {
156 /* match flags, chip type, lmp subver, proj id(unused), hci_ver,
157 * hci_rev, ...
158 */
159
160 /* RTL8723AS */
161 { 0, 0, ROM_LMP_8723a, ROM_LMP_8723a, 0, 0,
162 "rtl8723a_fw", "rtl8723a_config", "RTL8723AS"},
163 /* RTL8821CS */
164 { RTL_FW_MATCH_HCI_REV, CHIP_8821CS,
165 ROM_LMP_8821a, ROM_LMP_8821a, 0, 0x000c,
166 "rtl8821c_fw", "rtl8821c_config", "RTL8821CS"},
167 /* RTL8821AS */
168 { 0, 0, ROM_LMP_8821a, ROM_LMP_8821a, 0, 0,
169 "rtl8821a_fw", "rtl8821a_config", "RTL8821AS"},
170 /* RTL8761ATV */
171 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, 0,
172 ROM_LMP_8761a, ROM_LMP_8761a, 0x06, 0x000a,
173 "rtl8761a_fw", "rtl8761a_config", "RTL8761ATV"},
174 /* RTL8725AS */
175 { RTL_FW_MATCH_CHIP_TYPE | RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV,
176 CHIP_8725AS,
177 ROM_LMP_8761a, ROM_LMP_8761a, 0x0a, 0x000b,
178 "rtl8725as_fw", "rtl8725as_config", "RTL8725AS"},
179 /* RTL8761BTV */
180 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8761B,
181 ROM_LMP_8761a, ROM_LMP_8761a, 0x0a, 0x000b,
182 "rtl8761b_fw", "rtl8761b_config", "RTL8761BTV"},
183
184 /* RTL8703AS
185 * RTL8822BS
186 * */
187 #ifdef RTL_8703A_SUPPORT
188 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8703AS,
189 ROM_LMP_8723b, ROM_LMP_8723b, 0, 0,
190 "rtl8703a_fw", "rtl8703a_config", "RTL8703AS"},
191 #endif
192 { RTL_FW_MATCH_HCI_REV, CHIP_8822BS,
193 ROM_LMP_8822b, ROM_LMP_8822b, 0, 0x000b,
194 "rtl8822b_fw", "rtl8822b_config", "RTL8822BS"},
195 { RTL_FW_MATCH_HCI_REV, CHIP_8822CS,
196 ROM_LMP_8822c, ROM_LMP_8822c, 0, 0x000c,
197 "rtl8822cs_fw", "rtl8822cs_config", "RTL8822CS"},
198
199 /* RTL8852AS */
200 { RTL_FW_MATCH_HCI_REV, CHIP_8852AS,
201 ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000a,
202 "rtl8852as_fw", "rtl8852as_config", "RTL8852AS" },
203
204 /* RTL8852BS */
205 { RTL_FW_MATCH_CHIP_TYPE | RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8852BS,
206 ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000b,
207 "rtl8852bs_fw", "rtl8852bs_config", "RTL8852BS" },
208
209 /* RTL8852BP */
210 { RTL_FW_MATCH_CHIP_TYPE | RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8852BP,
211 ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000b,
212 "rtl8852bps_fw", "rtl8852bps_config", "RTL8852BP" },
213
214 /* RTL8852CS */
215 { RTL_FW_MATCH_CHIP_TYPE | RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8852CS,
216 ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000c,
217 "rtl8852cs_fw", "rtl8852cs_config", "RTL8852CS" },
218
219 /* RTL8703BS
220 * RTL8723CS_XX
221 * RTL8723CS_CG
222 * RTL8723CS_VF
223 * Use the sampe lmp subversion 0x8703
224 * */
225 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8703BS,
226 ROM_LMP_8703b, ROM_LMP_8703b, 0, 0,
227 "rtl8703b_fw", "rtl8703b_config", "RTL8703BS"},
228 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_XX,
229 ROM_LMP_8703b, ROM_LMP_8723cs_xx, 0, 0,
230 "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_XX"},
231 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_CG,
232 ROM_LMP_8703b, ROM_LMP_8723cs_cg, 0, 0,
233 "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_CG"},
234 { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_VF,
235 ROM_LMP_8703b, ROM_LMP_8723cs_vf, 0, 0,
236 "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_VF"},
237
238 /* RTL8723BS */
239 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, 0,
240 ROM_LMP_8723b, ROM_LMP_8723b, 6, 0x000b,
241 "rtl8723b_fw", "rtl8723b_config", "RTL8723BS"},
242 /* RTL8723DS */
243 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723DS,
244 ROM_LMP_8723b, ROM_LMP_8723b, 8, 0x000d,
245 "rtl8723d_fw", "rtl8723d_config", "RTL8723DS"},
246 /* RTL8723FS */
247 { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723FS,
248 ROM_LMP_8723b, ROM_LMP_8723b, 11, 0x000f,
249 "rtl8723fs_fw", "rtl8723fs_config", "RTL8723FS"},
250 /* add entries here*/
251
252 { 0, 0, 0, ROM_LMP_NONE, 0, 0, "rtl_none_fw", "rtl_none_config", "NONE"}
253 };
254
get_unaligned_le16(uint8_t * p)255 static __inline uint16_t get_unaligned_le16(uint8_t * p)
256 {
257 return (uint16_t) (*p) + ((uint16_t) (*(p + 1)) << 8);
258 }
259
get_unaligned_le32(uint8_t * p)260 static __inline uint32_t get_unaligned_le32(uint8_t * p)
261 {
262 return (uint32_t) (*p) + ((uint32_t) (*(p + 1)) << 8) +
263 ((uint32_t) (*(p + 2)) << 16) + ((uint32_t) (*(p + 3)) << 24);
264 }
265
266 /* list head from kernel */
267 #define offsetof(TYPE, MEMBER) ((size_t)&((TYPE *)0)->MEMBER)
268
269 #define container_of(ptr, type, member) ({ \
270 const typeof( ((type *)0)->member ) *__mptr = (ptr); \
271 (type *)( (char *)__mptr - offsetof(type,member) );})
272
273 #define list_entry(ptr, type, member) \
274 container_of(ptr, type, member)
275
276 #define list_for_each_safe(pos, n, head) \
277 for (pos = (head)->next, n = pos->next; pos != (head); \
278 pos = n, n = pos->next)
279
INIT_LIST_HEAD(struct list_head * list)280 static inline void INIT_LIST_HEAD(struct list_head *list)
281 {
282 list->next = list;
283 list->prev = list;
284 }
285
list_empty(const struct list_head * head)286 static inline int list_empty(const struct list_head *head)
287 {
288 return head->next == head;
289 }
290
__list_add(struct list_head * _new,struct list_head * prev,struct list_head * next)291 static inline void __list_add(struct list_head *_new,
292 struct list_head *prev,
293 struct list_head *next)
294 {
295 next->prev = _new;
296 _new->next = next;
297 _new->prev = prev;
298 prev->next = _new;
299 }
300
list_add_tail(struct list_head * _new,struct list_head * head)301 static inline void list_add_tail(struct list_head *_new, struct list_head *head)
302 {
303 __list_add(_new, head->prev, head);
304 }
305
__list_del(struct list_head * prev,struct list_head * next)306 static inline void __list_del(struct list_head *prev, struct list_head *next)
307 {
308 next->prev = prev;
309 prev->next = next;
310 }
311
312 #define LIST_POISON1 ((void *) 0x00100100)
313 #define LIST_POISON2 ((void *) 0x00200200)
list_del(struct list_head * entry)314 static inline void list_del(struct list_head *entry)
315 {
316 __list_del(entry->prev, entry->next);
317 entry->next = (struct list_head*)LIST_POISON1;
318 entry->prev = (struct list_head*)LIST_POISON2;
319 }
320
__list_splice(const struct list_head * list,struct list_head * prev,struct list_head * next)321 static inline void __list_splice(const struct list_head *list,
322 struct list_head *prev,
323 struct list_head *next)
324 {
325 struct list_head *first = list->next;
326 struct list_head *last = list->prev;
327
328 first->prev = prev;
329 prev->next = first;
330
331 last->next = next;
332 next->prev = last;
333 }
334
list_splice_tail(struct list_head * list,struct list_head * head)335 static inline void list_splice_tail(struct list_head *list,
336 struct list_head *head)
337 {
338 if (!list_empty(list))
339 __list_splice(list, head->prev, head);
340 }
341
list_replace(struct list_head * old,struct list_head * new)342 static inline void list_replace(struct list_head *old,
343 struct list_head *new)
344 {
345 new->next = old->next;
346 new->next->prev = new;
347 new->prev = old->prev;
348 new->prev->next = new;
349 }
350
list_replace_init(struct list_head * old,struct list_head * new)351 static inline void list_replace_init(struct list_head *old,
352 struct list_head *new)
353 {
354 list_replace(old, new);
355 INIT_LIST_HEAD(old);
356 }
357
config_lists_init(void)358 static int config_lists_init(void)
359 {
360 INIT_LIST_HEAD(&list_configs);
361 INIT_LIST_HEAD(&list_extracfgs);
362
363 return 0;
364 }
365
config_lists_free(void)366 static void config_lists_free(void)
367 {
368 struct list_head *iter;
369 struct list_head *tmp;
370 struct list_head *head;
371 struct cfg_list_item *n;
372
373 if (!list_empty(&list_extracfgs))
374 list_splice_tail(&list_extracfgs, &list_configs);
375 head = &list_configs;
376 list_for_each_safe(iter, tmp, head) {
377 n = list_entry(iter, struct cfg_list_item, list);
378 if (n) {
379 list_del(&n->list);
380 free(n);
381 }
382 }
383
384 INIT_LIST_HEAD(&list_configs);
385 INIT_LIST_HEAD(&list_extracfgs);
386 }
387
line_process(char * buf,int len)388 static void line_process(char *buf, int len /*@unused@*/)
389 {
390 char *argv[32];
391 int argc = 0;
392 char *ptr = buf;
393 char *head = buf;
394 unsigned long int offset;
395 uint8_t l;
396 uint8_t i = 0;
397 struct cfg_list_item *item;
398
399 RS_INFO("%s", buf);
400
401 while ((ptr = strsep(&head, ", \t")) != NULL) {
402 if (!ptr[0])
403 continue;
404 argv[argc++] = ptr;
405 if (argc >= 32) {
406 RS_WARN("%s: Config item is too long", __func__);
407 break;
408 }
409 }
410
411 if (argc < 4) {
412 RS_WARN("%s: Invalid Config item, ignore", __func__);
413 return;
414 }
415
416 offset = strtoul(argv[0], NULL, 16);
417 offset = offset | (strtoul(argv[1], NULL, 16) << 8);
418 l = (uint8_t)strtoul(argv[2], NULL, 16);
419 if (l != (uint8_t)(argc - 3)) {
420 RS_ERR("Invalid Config item len %u", l);
421 return;
422 }
423
424 item = malloc(sizeof(*item) + l);
425 if (!item) {
426 RS_WARN("%s: Cannot alloc mem for item, %04lx, %u", __func__,
427 offset, l);
428 return;
429 }
430 memset(item, 0, sizeof(*item));
431 item->offset = (uint16_t)offset;
432 item->len = l;
433 for (i = 0; i < l; i++)
434 item->data[i] = (uint8_t)strtoul(argv[3 + i], NULL, 16);
435 list_add_tail(&item->list, &list_extracfgs);
436 }
437
config_process(uint8_t * buf,int len)438 static void config_process(uint8_t *buf, int len /*@unused@*/)
439 {
440 char *head = (void *)buf;
441 char *ptr = (void *)buf;
442
443 while ((ptr = strsep(&head, "\n\r")) != NULL) {
444 if (!ptr[0])
445 continue;
446 line_process(ptr, strlen(ptr) + 1);
447 }
448 }
449
parse_extra_config(const char * path)450 static void parse_extra_config(const char *path)
451 {
452 int fd;
453 uint8_t buf[256];
454 int result;
455
456 fd = open(path, O_RDONLY);
457 if (fd == -1) {
458 RS_INFO("Couldnt open extra config %s, %s", path,
459 strerror(errno));
460 return;
461 }
462
463 result = read(fd, buf, sizeof(buf));
464 if (result == -1) {
465 RS_ERR("Couldnt read %s, %s", path, strerror(errno));
466 goto done;
467 } else if (result == 0) {
468 RS_ERR("File is empty");
469 goto done;
470 }
471
472 if (result > 254) {
473 RS_ERR("Extra Config file is too big");
474 goto done;
475 }
476 buf[result++] = '\n';
477 buf[result++] = '\0';
478
479 config_process(buf, result);
480
481 done:
482 close(fd);
483 }
484
485 /* Get the entry from patch_table according to LMP subversion */
get_patch_entry(struct rtb_struct * btrtl)486 struct patch_info *get_patch_entry(struct rtb_struct *btrtl)
487 {
488 struct patch_info *n = NULL;
489
490 if (btrtl->proto == HCI_UART_3WIRE)
491 n = patch_table;
492 else
493 n = h4_patch_table;
494 for (; n->lmp_subver; n++) {
495 if ((n->match_flags & RTL_FW_MATCH_CHIP_TYPE) &&
496 n->chip_type != btrtl->chip_type)
497 continue;
498 if ((n->match_flags & RTL_FW_MATCH_HCI_VER) &&
499 n->hci_ver != btrtl->hci_ver)
500 continue;
501 if ((n->match_flags & RTL_FW_MATCH_HCI_REV) &&
502 n->hci_rev != btrtl->hci_rev)
503 continue;
504 if (n->lmp_subver != btrtl->lmp_subver)
505 continue;
506
507 break;
508 }
509
510 return n;
511 }
512
is_mac(uint8_t chip_type,uint16_t offset)513 static int is_mac(uint8_t chip_type, uint16_t offset)
514 {
515 int result = 0;
516
517 switch (chip_type) {
518 case CHIP_8822BS:
519 case CHIP_8723DS:
520 case CHIP_8821CS:
521 case CHIP_8723CS_XX:
522 case CHIP_8723CS_CG:
523 case CHIP_8723CS_VF:
524 if (offset == 0x0044)
525 return 1;
526 break;
527 case CHIP_8822CS:
528 case CHIP_8761B:
529 case CHIP_8852AS:
530 case CHIP_8723FS:
531 case CHIP_8852BS:
532 case CHIP_8852CS:
533 if (offset == 0x0030)
534 return 1;
535 break;
536 // case 0: /* special for not setting chip_type */
537 case CHIP_8761AT:
538 case CHIP_8761ATF:
539 case CHIP_8761BTC:
540 case CHIP_8723BS:
541 if (offset == 0x003c)
542 return 1;
543 break;
544 default:
545 break;
546 }
547
548 return result;
549 }
550
get_mac_offset(uint8_t chip_type)551 static uint16_t get_mac_offset(uint8_t chip_type)
552 {
553 switch (chip_type) {
554 case CHIP_8822BS:
555 case CHIP_8723DS:
556 case CHIP_8821CS:
557 return 0x0044;
558 case CHIP_8822CS:
559 case CHIP_8761B:
560 case CHIP_8852AS:
561 case CHIP_8723FS:
562 case CHIP_8852BS:
563 case CHIP_8852CS:
564 return 0x0030;
565 // case 0: /* special for not setting chip_type */
566 case CHIP_8761AT:
567 case CHIP_8761ATF:
568 case CHIP_8761BTC:
569 case CHIP_8723BS:
570 return 0x003c;
571 default:
572 return 0x003c;
573 }
574 }
575
merge_configs(struct list_head * head,struct list_head * head2)576 static void merge_configs(struct list_head *head, struct list_head *head2)
577 {
578 struct list_head *epos, *enext;
579 struct list_head *pos, *next;
580 struct cfg_list_item *n;
581 struct cfg_list_item *extra;
582
583 if (!head || !head2)
584 return;
585
586 if (list_empty(head2))
587 return;
588
589 if (list_empty(head)) {
590 list_splice_tail(head2, head);
591 INIT_LIST_HEAD(head2);
592 return;
593 }
594
595 /* Add or update & replace */
596 list_for_each_safe(epos, enext, head2) {
597 extra = list_entry(epos, struct cfg_list_item, list);
598
599 list_for_each_safe(pos, next, head) {
600 n = list_entry(pos, struct cfg_list_item, list);
601 if (extra->offset == n->offset) {
602 if (extra->len < n->len) {
603 /* Update the cfg data */
604 RS_INFO("Update cfg: ofs %04x len %u",
605 n->offset, n->len);
606 memcpy(n->data, extra->data,
607 extra->len);
608 list_del(epos);
609 free(extra);
610 } else {
611 /* Replace the item */
612 list_del(epos);
613 list_replace_init(pos, epos);
614 /* free the old item */
615 free(n);
616 }
617 }
618
619 }
620
621 }
622
623 if (list_empty(head2))
624 return;
625 list_for_each_safe(epos, enext, head2) {
626 extra = list_entry(epos, struct cfg_list_item, list);
627 RS_INFO("Add new cfg: ofs %04x, len %u", extra->offset,
628 extra->len);
629 /* Add the item to list */
630 list_del(epos);
631 list_add_tail(epos, head);
632 }
633 }
634
635 /*
636 * Parse realtek Bluetooth config file.
637 * The content starts with vendor magic: 55 ab 23 87
638 */
rtb_parse_config(uint8_t * cfg_buf,size_t len)639 int rtb_parse_config(uint8_t *cfg_buf, size_t len)
640 {
641 uint16_t cfg_len;
642 uint16_t tmp;
643 struct rtb_cfg_item *entry;
644 uint16_t i;
645 struct cfg_list_item *item;
646
647 if (!cfg_buf || !len) {
648 RS_ERR("%s: Invalid parameter", __func__);
649 return -1;
650 }
651
652 if (memcmp(cfg_buf, cfg_magic, 4)) {
653 RS_ERR("Signature %02x %02x %02x %02x is incorrect",
654 cfg_buf[0], cfg_buf[1], cfg_buf[2], cfg_buf[3]);
655 return -1;
656 }
657
658 cfg_len = ((uint16_t)cfg_buf[5] << 8) + cfg_buf[4];
659 if (cfg_len != len - RTB_CFG_HDR_LEN) {
660 RS_ERR("Config len %u is incorrect(%zd)", cfg_len,
661 len - RTB_CFG_HDR_LEN);
662 return -1;
663 }
664
665 entry = (struct rtb_cfg_item *)(cfg_buf + 6);
666 i = 0;
667 while (i < cfg_len) {
668 /* Add config item to list */
669 item = malloc(sizeof(*item) + entry->len);
670 if (item) {
671 memset(item, 0, sizeof(*item));
672 item->offset = le16_to_cpu(entry->offset);
673 item->len = entry->len;
674 memcpy(item->data, entry->data, item->len);
675 list_add_tail(&item->list, &list_configs);
676 } else {
677 RS_ERR("Cannot alloc mem for entry %04x, %u",
678 entry->offset, entry->len);
679 }
680
681 tmp = entry->len + sizeof(struct rtb_cfg_item);
682 i += tmp;
683 entry = (struct rtb_cfg_item *)((uint8_t *)entry + tmp);
684 }
685
686 return 0;
687 }
688
bachk(const char * str)689 int bachk(const char *str)
690 {
691 if (!str)
692 return -1;
693
694 if (strlen(str) != 17)
695 return -1;
696
697 while (*str) {
698 if (!isxdigit(*str++))
699 return -1;
700
701 if (!isxdigit(*str++))
702 return -1;
703
704 if (*str == 0)
705 break;
706
707 if (*str++ != ':')
708 return -1;
709 }
710
711 return 0;
712 }
713 /*
714 * Get random Bluetooth addr.
715 */
716 /* static void rtb_get_ram_addr(char bt_addr[0])
717 * {
718 * srand(time(NULL) + getpid() + getpid() * 987654 + rand());
719 *
720 * uint32_t addr = rand();
721 * memcpy(bt_addr, &addr, sizeof(uint8_t));
722 * }
723 */
724 typedef uint8_t RT_U8, *PRT_U8;
725 typedef int8_t RT_S8, *PRT_S8;
726 typedef uint16_t RT_U16, *PRT_U16;
727 typedef int32_t RT_S32, *PRT_S32;
728 typedef uint32_t RT_U32, *PRT_U32;
rtk_get_ram_addr(uint8_t bt_addr[0])729 static void rtk_get_ram_addr(uint8_t bt_addr[0])
730 {
731 srand(time(NULL) + getpid() + getpid() * 987654 + rand());
732
733 RT_U32 addr = rand();
734 memcpy(bt_addr, &addr, sizeof(RT_U8));
735 }
736
737 #ifdef BT_ADDR_FROM_VENDOR_STORAGE
738
739 typedef unsigned short uint16;
740 typedef unsigned int uint32;
741 typedef unsigned char uint8;
742
743 #define VENDOR_REQ_TAG 0x56524551
744 #define VENDOR_READ_IO _IOW('v', 0x01, unsigned int)
745 #define VENDOR_WRITE_IO _IOW('v', 0x02, unsigned int)
746
747 #define VENDOR_ID_MAX 5
748 static char *vendor_id_table[] = {
749 "VENDOR_SN_ID",
750 "VENDOR_WIFI_MAC_ID",
751 "VENDOR_LAN_MAC_ID",
752 "VENDOR_BT_MAC_ID",
753 "VENDOR_IMEI_ID",
754 };
755
756 #define VENDOR_SN_ID 1
757 #define VENDOR_WIFI_MAC_ID 2
758 #define VENDOR_LAN_MAC_ID 3
759 #define VENDOR_BT_MAC_ID 4
760 #define VENDOR_IMEI_ID 5
761
762 #define VENDOR_STORAGE_DEBUG
763
764 struct rk_vendor_req {
765 uint32 tag;
766 uint16 id;
767 uint16 len;
768 uint8 data[1024];
769 };
770
rknand_get_randeom_btaddr(uint8_t * bt_addr)771 static void rknand_get_randeom_btaddr(uint8_t *bt_addr)
772 {
773 int i;
774 /* No autogen BDA. Generate one now. */
775 bt_addr[4] = 0x22;
776 bt_addr[5] = 0x22;
777 for (i = 0; i < 4; i++)
778 rtk_get_ram_addr(&bt_addr[i]);
779 }
780
rknand_print_hex_data(char * s,struct rk_vendor_req * buf,uint32 len)781 static void rknand_print_hex_data(char *s, struct rk_vendor_req *buf, uint32 len)
782 {
783 unsigned char i = 0;
784
785 #ifdef VENDOR_STORAGE_DEBUG
786 fprintf(stdout, "%s\n",s);
787 fprintf(stdout, "tag = %d // id = %d // len = %d // data = 0x%p\n", buf->tag, buf->id, buf->len, buf->data);
788 #endif
789
790 printf("%s: ", vendor_id_table[buf->id - 1]);
791 if (buf->id == VENDOR_SN_ID ||
792 buf->id == VENDOR_IMEI_ID) {
793 for (i = 0; i < len; i++)
794 printf("%c", buf->data[i]);
795 } else {
796 for (i = 0; i < len; i++)
797 printf("%02x", buf->data[i]);
798 }
799 fprintf(stdout, "\n");
800 }
801
vendor_storage_read(int cmd,uint8_t * buf,int buf_len)802 static int vendor_storage_read(int cmd, uint8_t *buf, int buf_len)
803 {
804 int ret ;
805 uint8 p_buf[100]; /* malloc req buffer or used extern buffer */
806 struct rk_vendor_req *req;
807
808 req = (struct rk_vendor_req *)p_buf;
809 memset(p_buf, 0, 100);
810 int sys_fd = open("/dev/vendor_storage", O_RDWR, 0);
811 if(sys_fd < 0){
812 printf("vendor_storage open fail\n");
813 return -1;
814 }
815
816 req->tag = VENDOR_REQ_TAG;
817 req->id = cmd;
818 req->len = 50;
819
820 ret = ioctl(sys_fd, VENDOR_READ_IO, req);
821
822 if(ret){
823 printf("vendor read error %d\n", ret);
824 return -1;
825 }
826 close(sys_fd);
827
828 rknand_print_hex_data("vendor read:", req, req->len);
829 memcpy(buf, req->data, req->len);
830 return req->len;
831 }
vendor_storage_write(int cmd,uint8_t * num)832 static int vendor_storage_write(int cmd, uint8_t *num)
833 {
834 int ret;
835 uint8 p_buf[100]; /* malloc req buffer or used extern buffer */
836 struct rk_vendor_req *req;
837
838 req = (struct rk_vendor_req *)p_buf;
839 int sys_fd = open("/dev/vendor_storage",O_RDWR,0);
840 if(sys_fd < 0){
841 printf("vendor_storage open fail\n");
842 return -1;
843 }
844
845 req->tag = VENDOR_REQ_TAG;
846 req->id = cmd;
847
848 if (cmd != VENDOR_SN_ID && cmd != VENDOR_IMEI_ID)
849 req->len = 6;
850 else
851 req->len = strlen((char *)num);
852 memcpy(req->data, num, req->len);
853
854 ret = ioctl(sys_fd, VENDOR_WRITE_IO, req);
855 if(ret){
856 printf("vendor write error\n");
857 return -1;
858 }
859
860 rknand_print_hex_data("vendor write:", req, req->len);
861 return 0;
862 }
vendor_storage_read_bt_addr(char * tbuf)863 static int vendor_storage_read_bt_addr(char *tbuf)
864 {
865 uint8 raw_buf[100] = {0};
866 int raw_len = 0;
867 int i;
868
869 raw_len = vendor_storage_read(VENDOR_BT_MAC_ID, raw_buf, 100);
870 if (raw_len < 0)
871 return -1;
872 for (i = 0; i < 6; i++) {
873 sprintf(tbuf + i * 3, "%02x:", raw_buf[i]);
874 }
875 tbuf[17] = '\0';
876 return 17;
877 }
vendor_storage_write_bt_addr(uint8_t * tbuf)878 static int vendor_storage_write_bt_addr(uint8_t *tbuf)
879 {
880 return vendor_storage_write(VENDOR_BT_MAC_ID, tbuf);
881 }
882 #endif
883
884 /*
885 * Write the random addr to the BT_ADDR_FILE.
886 */
887 /* static void rtb_write_btmac2file(char bt_addr[6])
888 * {
889 * int fd;
890 * fd = open(BT_ADDR_FILE, O_CREAT | O_RDWR | O_TRUNC);
891 *
892 * if (fd > 0) {
893 * chmod(BT_ADDR_FILE, 0666);
894 * char addr[18] = { 0 };
895 * addr[17] = '\0';
896 * sprintf(addr, "%2x:%2x:%2x:%2x:%2x:%2x", bt_addr[0], bt_addr[1],
897 * bt_addr[2], bt_addr[3], bt_addr[4], bt_addr[5]);
898 * write(fd, addr, strlen(addr));
899 * close(fd);
900 * } else {
901 * RS_ERR("open file error:%s\n", BT_ADDR_FILE);
902 * }
903 * }
904 */
905
906 /*
907 * Read and parse Realtek Bluetooth Config file.
908 */
rtb_read_config(const char * file,int * cfg_len,uint8_t chip_type)909 uint8_t *rtb_read_config(const char *file, int *cfg_len, uint8_t chip_type)
910 {
911 char *file_name;
912 struct stat st;
913 ssize_t file_len;
914 int fd;
915 uint8_t *buf;
916 #ifndef BT_ADDR_FROM_VENDOR_STORAGE
917 size_t size;
918 #endif
919 size_t result;
920 struct list_head *pos, *next;
921 struct cfg_list_item *n;
922 uint16_t config_len;
923 uint16_t dlen;
924 uint32_t baudrate;
925 uint8_t *p;
926
927 if (!file || !cfg_len) {
928 RS_ERR("%s: Invalid parameter", __func__);
929 return NULL;
930 }
931
932 config_lists_init();
933
934 /* All extra configs will be added to list_extracfgs */
935 parse_extra_config(EXTRA_CONFIG_FILE);
936 list_for_each_safe(pos, next, &list_extracfgs) {
937 n = list_entry(pos, struct cfg_list_item, list);
938 RS_INFO("extra cfg: ofs %04x, len %u", n->offset, n->len);
939 }
940
941 #ifdef BT_ADDR_FROM_VENDOR_STORAGE
942 int ret = 0;
943 uint8_t bdaddr[6];
944 uint16_t ofs;
945 char tbuf[BDADDR_STRING_LEN + 1];
946 char *str;
947 int i = 0;
948
949 ret = vendor_storage_read_bt_addr(tbuf);
950 if (ret >= 0 && bachk(tbuf) < 0) {
951 ret = -1;
952 RS_ERR("vendor_storage bt addr chechk failed");
953 }
954 if (ret < 0) {
955 RS_ERR("vendor storage read bt addr failed, generate one");
956
957 rknand_get_randeom_btaddr(bdaddr);
958 vendor_storage_write_bt_addr(bdaddr);
959 } else {
960 str = tbuf;
961 for (i = 5; i >= 0; i--) {
962 bdaddr[i] = (uint8_t)strtoul(str, NULL, 16);
963 str += 3;
964 }
965
966 /*reserve LAP addr from 0x9e8b00 to 0x9e8b3f, change to 0x008b** */
967 if (0x9e == bdaddr[3] && 0x8b == bdaddr[4]
968 && (bdaddr[5] <= 0x3f)) {
969 bdaddr[3] = 0x00;
970 }
971
972 RS_DBG("BT MAC is %02x:%02x:%02x:%02x:%02x:%02x",
973 bdaddr[5], bdaddr[4],
974 bdaddr[3], bdaddr[2],
975 bdaddr[1], bdaddr[0]);
976 ofs = get_mac_offset(chip_type);
977 n = malloc(sizeof(*n) + 6);
978 if (n) {
979 n->offset = ofs;
980 n->len = 6;
981 memcpy(n->data, bdaddr, 6);
982 list_add_tail(&n->list, &list_extracfgs);
983 } else {
984 RS_ERR("Couldn't alloc cfg item for bdaddr");
985 }
986 }
987 #else
988 if (stat(BT_ADDR_FILE, &st) < 0) {
989 RS_INFO("Couldnt access customer BT MAC file %s",
990 BT_ADDR_FILE);
991
992 goto read_cfg;
993 }
994
995 size = st.st_size;
996 /* Only read the first 17-byte if the file length is larger */
997 if (size > BDADDR_STRING_LEN)
998 size = BDADDR_STRING_LEN;
999
1000 fd = open(BT_ADDR_FILE, O_RDONLY);
1001 if (fd == -1) {
1002 RS_INFO("Couldnt open BT MAC file %s, %s", BT_ADDR_FILE,
1003 strerror(errno));
1004 } else {
1005 uint16_t ofs;
1006 char *str;
1007 int i = 0;
1008 uint8_t bdaddr[6];
1009 uint8_t tbuf[BDADDR_STRING_LEN + 1];
1010
1011 memset(tbuf, 0, sizeof(tbuf));
1012 result = read(fd, tbuf, size);
1013 close(fd);
1014 if (result == -1) {
1015 RS_ERR("Couldnt read BT MAC file %s, err %s",
1016 BT_ADDR_FILE, strerror(errno));
1017 goto read_cfg;
1018 }
1019
1020 if (bachk((const char *)tbuf) < 0) {
1021 goto read_cfg;
1022 }
1023
1024 str = (char *)tbuf;
1025 for (i = 5; i >= 0; i--) {
1026 bdaddr[i] = (uint8_t)strtoul(str, NULL, 16);
1027 str += 3;
1028 }
1029
1030 /* Reserve LAP addr from 0x9e8b00 to 0x9e8b3f,
1031 * Change to 0x008bXX */
1032 if (0x9e == bdaddr[3] && 0x8b == bdaddr[4] &&
1033 bdaddr[5] <= 0x3f)
1034 bdaddr[3] = 0x00;
1035
1036 RS_DBG("BT MAC %02x:%02x:%02x:%02x:%02x:%02x",
1037 bdaddr[5], bdaddr[4], bdaddr[3], bdaddr[2],
1038 bdaddr[1], bdaddr[0]);
1039 ofs = get_mac_offset(chip_type);
1040 n = malloc(sizeof(*n) + 6);
1041 if (n) {
1042 n->offset = ofs;
1043 n->len = 6;
1044 memcpy(n->data, bdaddr, 6);
1045 list_add_tail(&n->list, &list_extracfgs);
1046 } else {
1047 RS_ERR("Couldn't alloc cfg item for bdaddr");
1048 }
1049 }
1050
1051 read_cfg:
1052 #endif
1053
1054 *cfg_len = 0;
1055 file_name = malloc(PATH_MAX);
1056 if (!file_name) {
1057 RS_ERR("Can't allocate memory for Config file name");
1058 return NULL;
1059 }
1060 memset(file_name, 0, PATH_MAX);
1061 snprintf(file_name, PATH_MAX, "%s%s", BT_CONFIG_DIRECTORY, file);
1062 if (stat(file_name, &st) < 0) {
1063 RS_ERR("Can't access Config file: %s, %s",
1064 file_name, strerror(errno));
1065 goto err_stat;
1066 }
1067
1068 file_len = st.st_size;
1069
1070 if ((fd = open(file_name, O_RDONLY)) < 0) {
1071 perror("Can't open Config file");
1072 goto err_open;
1073 }
1074
1075 buf = malloc(file_len);
1076 if (!buf) {
1077 RS_ERR("Couldnt malloc buffer for Config %zd", file_len);
1078 goto err_malloc;
1079 }
1080
1081 result = read(fd, buf, file_len);
1082 if (result < (ssize_t)file_len) {
1083 perror("Can't read Config file");
1084 goto err_read;
1085 }
1086 close(fd);
1087 free(file_name);
1088
1089 result = rtb_parse_config(buf, file_len);
1090 if (result < 0) {
1091 RS_ERR("Invalid Config content");
1092 close(fd);
1093 free(buf);
1094 config_lists_free();
1095 exit(EXIT_FAILURE);
1096 }
1097 RS_INFO("Origin cfg len %u", (uint16_t)file_len);
1098 util_hexdump((const uint8_t *)buf, file_len);
1099
1100 merge_configs(&list_configs, &list_extracfgs);
1101
1102 config_len = 4; /* magic word length */
1103 config_len += 2; /* data length field */
1104 /* Calculate the config_len */
1105 dlen = 0;
1106 list_for_each_safe(pos, next, &list_configs) {
1107 n = list_entry(pos, struct cfg_list_item, list);
1108 switch (n->offset) {
1109 case 0x003c:
1110 case 0x0030:
1111 case 0x0044:
1112 if (is_mac(chip_type, n->offset) && n->len == 6) {
1113 char s[18];
1114 sprintf(s, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
1115 n->data[5], n->data[4],
1116 n->data[3], n->data[2],
1117 n->data[1], n->data[0]);
1118 RS_INFO("bdaddr ofs %04x, %s", n->offset, s);
1119 }
1120 break;
1121 case 0x000c:
1122 #ifdef BAUDRATE_4BYTES
1123 baudrate = get_unaligned_le32(n->data);
1124 #else
1125 baudrate = get_unaligned_le16(n->data);
1126 #endif
1127 rtb_cfg.vendor_baud = baudrate;
1128 RS_INFO("Config baudrate: %08x", baudrate);
1129
1130 if (n->len > 12) {
1131 uint8_t d = n->data[12];
1132 rtb_cfg.uart_flow_ctrl = (d & 0x4) ? 1 : 0;
1133 RS_INFO("uart flow ctrl: %u",
1134 rtb_cfg.uart_flow_ctrl);
1135 }
1136 break;
1137 #ifdef RTL8723DSH4_UART_HWFLOWC
1138 case 0x0018:
1139 if (chip_type == CHIP_8723DS &&
1140 rtb_cfg.proto == HCI_UART_H4) {
1141 if (n->data[0] & (1 << 2))
1142 rtb_cfg.uart_flow_ctrl = 1;
1143 RS_INFO("8723DSH4: hw flow control %u",
1144 rtb_cfg.uart_flow_ctrl);
1145 if (n->data[0] & 0x01) {
1146 rtb_cfg.parenb = 1;
1147 if (n->data[0] & 0x02)
1148 rtb_cfg.pareven = 1;
1149 else
1150 rtb_cfg.pareven = 0;
1151 }
1152 RS_INFO("8723DSH4: parity %u, even %u",
1153 rtb_cfg.parenb,
1154 rtb_cfg.pareven);
1155 }
1156 break;
1157 #endif
1158 default:
1159 break;
1160 }
1161
1162 config_len += (3 + n->len);
1163 dlen += (3 + n->len);
1164
1165 }
1166 p = realloc(buf, config_len);
1167 if (!p) {
1168 /* block is left untouched; it is not freed or moved */
1169 RS_ERR("Couldn't realloc buf for configs");
1170 free(buf);
1171 buf = NULL;
1172 *cfg_len = 0;
1173 goto done;
1174 }
1175 buf = p;
1176
1177 memcpy(buf, cfg_magic, 4);
1178 buf[4] = dlen & 0xff;
1179 buf[5] = (dlen >> 8) & 0xff;
1180 p = buf + 6;
1181 list_for_each_safe(pos, next, &list_configs) {
1182 n = list_entry(pos, struct cfg_list_item, list);
1183 p[0] = n->offset & 0xff;
1184 p[1] = (n->offset >> 8) & 0xff;
1185 p[2] = n->len;
1186 memcpy(p + 3, n->data, n->len);
1187 p += (3 + n->len);
1188 }
1189
1190 RS_INFO("Vendor baud from Config file: %08x", rtb_cfg.vendor_baud);
1191
1192 RS_INFO("New cfg len %u", config_len);
1193 util_hexdump((const uint8_t *)buf, config_len);
1194
1195 *cfg_len = config_len;
1196
1197 done:
1198 config_lists_free();
1199
1200 return buf;
1201
1202 err_read:
1203 free(buf);
1204 err_malloc:
1205 config_lists_free();
1206 close(fd);
1207 err_open:
1208 err_stat:
1209 free(file_name);
1210 return NULL;
1211 }
1212
1213 /*
1214 * Read Realtek Bluetooth firmaware file.
1215 */
rtb_read_firmware(struct rtb_struct * btrtl,int * fw_len)1216 uint8_t *rtb_read_firmware(struct rtb_struct *btrtl, int *fw_len)
1217 {
1218 char *filename;
1219 struct stat st;
1220 int fd = -1;
1221 size_t fwsize;
1222 uint8_t *fw_buf;
1223 ssize_t result;
1224
1225 if (!btrtl || !fw_len) {
1226 RS_ERR("%s: Invalid parameter", __func__);
1227 return NULL;
1228 }
1229
1230 filename = malloc(PATH_MAX);
1231 if (!filename) {
1232 RS_ERR("Can't allocate memory for fw name");
1233 return NULL;
1234 }
1235
1236 snprintf(filename, PATH_MAX, "%s%s", FIRMWARE_DIRECTORY,
1237 btrtl->patch_ent->patch_file);
1238
1239 if (stat(filename, &st) < 0) {
1240 RS_ERR("Can't access firmware %s, %s", filename,
1241 strerror(errno));
1242 goto err_stat;
1243 }
1244
1245 fwsize = st.st_size;
1246
1247 if ((fd = open(filename, O_RDONLY)) < 0) {
1248 RS_ERR("Can't open firmware, %s", strerror(errno));
1249 goto err_open;
1250 }
1251
1252 fw_buf = malloc(fwsize);
1253 if (!fw_buf) {
1254 RS_ERR("Can't allocate memory for fw, %s", strerror(errno));
1255 goto err_malloc;
1256 }
1257
1258 result = read(fd, fw_buf, fwsize);
1259 if (result != (ssize_t) fwsize) {
1260 RS_ERR("Read FW %s error, %s", filename, strerror(errno));
1261 goto err_read;
1262 }
1263
1264 *fw_len = (int)result;
1265 RS_INFO("Load FW %s OK, size %zd", filename, result);
1266
1267 close(fd);
1268 free(filename);
1269
1270 return fw_buf;
1271
1272 err_read:
1273 free(fw_buf);
1274 *fw_len = 0;
1275 err_malloc:
1276 close(fd);
1277 err_open:
1278 err_stat:
1279 free(filename);
1280 return NULL;
1281 }
1282
rtb_get_fw_project_id(uint8_t * p_buf)1283 static uint8_t rtb_get_fw_project_id(uint8_t *p_buf)
1284 {
1285 uint8_t opcode;
1286 uint8_t len;
1287 uint8_t data = 0;
1288
1289 do {
1290 opcode = *p_buf;
1291 len = *(p_buf - 1);
1292 if (opcode == 0x00) {
1293 if (len == 1) {
1294 data = *(p_buf - 2);
1295 RS_INFO("%s: opcode %u, len %u, data %u",
1296 __func__, opcode, len, data);
1297 break;
1298 } else {
1299 RS_ERR("%s: Invalid len %u", __func__, len);
1300 }
1301 }
1302 p_buf -= len + 2;
1303 } while (*p_buf != 0xFF);
1304
1305 return data;
1306 }
1307
rtb_get_patch_entry(void)1308 struct rtb_patch_entry *rtb_get_patch_entry(void)
1309 {
1310 uint16_t i;
1311 struct rtb_patch_hdr *patch;
1312 struct rtb_patch_entry *entry;
1313 uint32_t tmp;
1314 uint8_t *ci_base; /* Chip id base */
1315 uint8_t *pl_base; /* Patch length base */
1316 uint8_t *so_base; /* Start offset base */
1317
1318 patch = (struct rtb_patch_hdr *)rtb_cfg.fw_buf;
1319 entry = (struct rtb_patch_entry *)malloc(sizeof(*entry));
1320 if (!entry) {
1321 RS_ERR("Failed to allocate mem for patch entry");
1322 return NULL;
1323 }
1324
1325 patch->number_of_patch = le16_to_cpu(patch->number_of_patch);
1326
1327 RS_DBG("FW version 0x%08x, Patch num %u",
1328 le32_to_cpu(patch->fw_version), patch->number_of_patch);
1329
1330 ci_base = rtb_cfg.fw_buf + 14;
1331 pl_base = ci_base + 2 * patch->number_of_patch;
1332 so_base = pl_base + 2 * patch->number_of_patch;
1333 for (i = 0; i < patch->number_of_patch; i++) {
1334 uint16_t chip_id = get_unaligned_le16(ci_base + 2 * i);
1335
1336 RS_INFO("Chip id 0x%04x", chip_id);
1337 if (chip_id == rtb_cfg.eversion + 1) {
1338 entry->chip_id = rtb_cfg.eversion + 1;
1339 entry->patch_len = get_unaligned_le16(pl_base + 2 * i);
1340 entry->soffset = get_unaligned_le32(so_base + 4 * i);
1341 RS_DBG("Patch length 0x%04x", entry->patch_len);
1342 RS_DBG("Start offset 0x%08x", entry->soffset);
1343
1344 entry->svn_ver = get_unaligned_le32(rtb_cfg.fw_buf +
1345 entry->soffset +
1346 entry->patch_len - 8);
1347 entry->coex_ver = get_unaligned_le32(rtb_cfg.fw_buf +
1348 entry->soffset +
1349 entry->patch_len - 12);
1350
1351 RS_INFO("Svn version: %8u", entry->svn_ver);
1352 tmp = ((entry->coex_ver >> 16) & 0x7ff) +
1353 (entry->coex_ver >> 27) * 10000;
1354 RS_INFO("Coexistence: BTCOEX_20%06u-%04x\n", tmp,
1355 (entry->coex_ver & 0xffff));
1356
1357 break;
1358 }
1359 }
1360
1361 if (i == patch->number_of_patch) {
1362 RS_ERR("Failed to get entry");
1363 free(entry);
1364 entry = NULL;
1365 }
1366
1367 return entry;
1368 }
1369
rtb_get_final_patch(int fd,int proto,int * rlen)1370 uint8_t *rtb_get_final_patch(int fd, int proto, int *rlen)
1371 {
1372 struct rtb_struct *rtl = &rtb_cfg;
1373 uint8_t proj_id = 0;
1374 struct rtb_patch_entry *entry = NULL;
1375 struct rtb_patch_hdr *patch = (struct rtb_patch_hdr *)rtl->fw_buf;
1376 uint32_t svn_ver, coex_ver, tmp;
1377 const uint8_t rtb_patch_smagic[8] = {
1378 0x52, 0x65, 0x61, 0x6C, 0x74, 0x65, 0x63, 0x68
1379 };
1380 const uint8_t rtb_patch_emagic[4] = { 0x51, 0x04, 0xFD, 0x77 };
1381 uint8_t *buf;
1382 int len;
1383
1384 if (!rlen) {
1385 RS_ERR("%s: Invalid parameter", __func__);
1386 return NULL;
1387 }
1388
1389 /* Use single patch for 3wire && 8723a */
1390 if (proto == HCI_UART_3WIRE && rtl->lmp_subver == ROM_LMP_8723a) {
1391 if (!memcmp(rtl->fw_buf, rtb_patch_smagic, 8)) {
1392 RS_ERR("Unexpected signature");
1393 goto err;
1394 }
1395
1396 len = rtl->config_len + rtl->fw_len;
1397 buf = malloc(len);
1398 if (!buf) {
1399 RS_ERR("Can't alloc mem for fwc, %s", strerror(errno));
1400 goto err;
1401 } else {
1402 uint8_t *b;
1403
1404 RS_INFO("FWC copy directly");
1405
1406 b = rtl->fw_buf + rtl->fw_len;
1407 svn_ver = get_unaligned_le32(b - 8);
1408 coex_ver = get_unaligned_le32(b - 12);
1409
1410 RS_INFO("Svn version: %u\n", svn_ver);
1411 tmp = ((coex_ver >> 16) & 0x7ff) +
1412 (coex_ver >> 27) * 10000;
1413 RS_INFO("Coexistence: BTCOEX_20%06u-%04x\n", tmp,
1414 (coex_ver & 0xffff));
1415
1416 /* Copy Patch and Config */
1417 memcpy(buf, rtl->fw_buf, rtl->fw_len);
1418 if (rtl->config_len)
1419 memcpy(buf + rtl->fw_len,
1420 rtl->config_buf, rtl->config_len);
1421 rtl->dl_fw_flag = 1;
1422 *rlen = len;
1423 return buf;
1424 }
1425 }
1426
1427 if (memcmp(rtl->fw_buf, rtb_patch_smagic, 8)) {
1428 RS_ERR("Signature error");
1429 goto err;
1430 }
1431
1432 if (memcmp(rtl->fw_buf + rtl->fw_len - 4, rtb_patch_emagic, 4)) {
1433 RS_ERR("Extension section signature error");
1434 goto err;
1435 }
1436
1437 proj_id = rtb_get_fw_project_id(rtl->fw_buf + rtl->fw_len - 5);
1438
1439 #ifdef RTL_8703A_SUPPORT
1440 if (rtl->hci_ver == 0x4 && rtl->lmp_subver == ROM_LMP_8723b) {
1441 RS_INFO("HCI version = 0x4, IC is 8703A.");
1442 } else {
1443 RS_ERR("error: lmp_version %x, hci_version %x, project_id %x",
1444 rtl->lmp_subver, rtl->hci_ver, project_id[proj_id]);
1445 goto err;
1446 }
1447 #else
1448 if (rtl->lmp_subver != ROM_LMP_8703b) {
1449 if (rtl->lmp_subver != project_id[proj_id]) {
1450 RS_ERR("lmp_subver %04x, project id %04x, mismatch\n",
1451 rtl->lmp_subver, project_id[proj_id]);
1452 goto err;
1453 }
1454 } else {
1455 if (rtb_cfg.patch_ent->proj_id != project_id[proj_id]) {
1456 RS_ERR("proj_id %04x, version %04x from firmware "
1457 "project_id[%u], mismatch",
1458 rtb_cfg.patch_ent->proj_id,
1459 project_id[proj_id], proj_id);
1460 goto err;
1461 }
1462 }
1463 #endif
1464
1465 /* Entry is allocated dynamically. It should be freed later in the
1466 * function.
1467 */
1468 entry = rtb_get_patch_entry();
1469
1470 if (entry) {
1471 len = entry->patch_len + rtl->config_len;
1472 } else {
1473 RS_ERR("Can't find the patch entry");
1474 goto err;
1475 }
1476
1477 buf = malloc(len);
1478 if (!buf) {
1479 RS_ERR("%s: Can't alloc memory for fwc, %s", __func__,
1480 strerror(errno));
1481 free(entry);
1482 goto err;
1483 } else {
1484 memcpy(buf, rtl->fw_buf + entry->soffset, entry->patch_len);
1485 memcpy(buf + entry->patch_len - 4, &patch->fw_version, 4);
1486
1487 if (rtl->config_len)
1488 memcpy(buf + entry->patch_len, rtl->config_buf,
1489 rtl->config_len);
1490 rtl->dl_fw_flag = 1;
1491 *rlen = len;
1492 }
1493
1494 RS_INFO("FW %s exists, Config file %s exists",
1495 (rtl->fw_len > 0) ? "" : "not",
1496 (rtl->config_len > 0) ? "" : "not");
1497
1498 free(entry);
1499 return buf;
1500
1501 err:
1502 rtl->dl_fw_flag = 0;
1503 *rlen = 0;
1504 return NULL;
1505 }
1506
1507