1 /*
2 *
3 * Realtek Bluetooth USB download firmware driver
4 *
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <linux/kernel.h>
23 #include <linux/module.h>
24 #include <linux/init.h>
25 #include <linux/slab.h>
26 #include <linux/types.h>
27 #include <linux/sched.h>
28 #include <linux/errno.h>
29 #include <linux/skbuff.h>
30 #include <linux/usb.h>
31 #include <linux/dcache.h>
32 #include <linux/in.h>
33 #include <net/sock.h>
34 #include <asm/unaligned.h>
35
36 #include <linux/interrupt.h>
37 #include <linux/module.h>
38 #include <linux/slab.h>
39 #include <linux/types.h>
40 #include <linux/sched.h>
41 #include <linux/skbuff.h>
42 #include <linux/errno.h>
43 #include <linux/usb.h>
44 #include <linux/cdev.h>
45 #include <linux/device.h>
46 #include <linux/poll.h>
47
48 #include <linux/version.h>
49
50 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
51 #include <linux/pm_runtime.h>
52 #endif
53
54 #include <linux/firmware.h>
55 #include <linux/suspend.h>
56 #include <net/bluetooth/bluetooth.h>
57 #include <net/bluetooth/hci_core.h>
58 #include <net/bluetooth/hci.h>
59
60 #include "rtk_misc.h"
61
62 #include <linux/file.h>
63 #include <linux/ctype.h>
64 #define BDADDR_STRING_LEN 17
65 #define BDADDR_FILE "/opt/bdaddr"
66
67 struct cfg_list_item {
68 struct list_head list;
69 u16 offset;
70 u8 len;
71 u8 data[0];
72 };
73
74 static struct list_head list_configs;
75
76 #define EXTRA_CONFIG_FILE "/opt/rtk_btconfig.txt"
77 static struct list_head list_extracfgs;
78
79 #define CMD_CMP_EVT 0x0e
80 #define PKT_LEN 300
81 #define MSG_TO 1000 //us
82 #define PATCH_SEG_MAX 252
83 #define DATA_END 0x80
84 #define DOWNLOAD_OPCODE 0xfc20
85 /* This command is used only for TV patch
86 * if host is going to suspend state, it should send this command to
87 * Controller. Controller will scan the special advertising packet
88 * which indicates Controller to wake up host */
89 #define STARTSCAN_OPCODE 0xfc28
90 #define TRUE 1
91 #define FALSE 0
92 #define CMD_HDR_LEN sizeof(struct hci_command_hdr)
93 #define EVT_HDR_LEN sizeof(struct hci_event_hdr)
94 #define CMD_CMP_LEN sizeof(struct hci_ev_cmd_complete)
95
96 #define HCI_CMD_READ_BD_ADDR 0x1009
97 #define HCI_VENDOR_CHANGE_BDRATE 0xfc17
98 #define HCI_VENDOR_READ_RTK_ROM_VERISION 0xfc6d
99 #define HCI_VENDOR_READ_LMP_VERISION 0x1001
100
101 #define ROM_LMP_NONE 0x0000
102 #define ROM_LMP_8723a 0x1200
103 #define ROM_LMP_8723b 0x8723
104 #define ROM_LMP_8821a 0X8821
105 #define ROM_LMP_8761a 0X8761
106 #define ROM_LMP_8822b 0X8822
107 #define ROM_LMP_8852a 0x8852
108
109 struct rtk_eversion_evt {
110 uint8_t status;
111 uint8_t version;
112 } __attribute__ ((packed));
113
114 struct rtk_epatch_entry {
115 uint16_t chipID;
116 uint16_t patch_length;
117 uint32_t start_offset;
118 } __attribute__ ((packed));
119
120 struct rtk_epatch {
121 uint8_t signature[8];
122 uint32_t fw_version;
123 uint16_t number_of_total_patch;
124 struct rtk_epatch_entry entry[0];
125 } __attribute__ ((packed));
126
127 struct rtk_extension_entry {
128 uint8_t opcode;
129 uint8_t length;
130 uint8_t *data;
131 } __attribute__ ((packed));
132
133 //signature: Realtech
134 const uint8_t RTK_EPATCH_SIGNATURE[8] =
135 { 0x52, 0x65, 0x61, 0x6C, 0x74, 0x65, 0x63, 0x68 };
136 //Extension Section IGNATURE:0x77FD0451
137 const uint8_t Extension_Section_SIGNATURE[4] = { 0x51, 0x04, 0xFD, 0x77 };
138
139 uint16_t project_id[] = {
140 ROM_LMP_8723a,
141 ROM_LMP_8723b,
142 ROM_LMP_8821a,
143 ROM_LMP_8761a,
144 ROM_LMP_NONE,
145 ROM_LMP_NONE,
146 ROM_LMP_NONE,
147 ROM_LMP_NONE,
148 ROM_LMP_8822b,
149 ROM_LMP_8723b, /* RTL8723DU */
150 ROM_LMP_8821a, /* RTL8821CU */
151 ROM_LMP_NONE,
152 ROM_LMP_NONE,
153 ROM_LMP_8822b, /* RTL8822CU */
154 ROM_LMP_8761a, /* index 14 for 8761BU */
155 ROM_LMP_NONE,
156 ROM_LMP_NONE,
157 ROM_LMP_NONE,
158 ROM_LMP_8852a, /* index 18 for 8852AU */
159 ROM_LMP_8723b, /* index 19 for 8723FU */
160 };
161
162 enum rtk_endpoit {
163 CTRL_EP = 0,
164 INTR_EP = 1,
165 BULK_EP = 2,
166 ISOC_EP = 3
167 };
168
169 /* software id */
170 #define RTLPREVIOUS 0x00
171 #define RTL8822BU 0x70
172 #define RTL8723DU 0x71
173 #define RTL8821CU 0x72
174 #define RTL8822CU 0x73
175 #define RTL8761BU 0x74
176 #define RTL8852AU 0x75
177 #define RTL8723FU 0x76
178
179 typedef struct {
180 uint16_t prod_id;
181 uint16_t lmp_sub;
182 char * mp_patch_name;
183 char * patch_name;
184 char * config_name;
185 u8 chip_type;
186 } patch_info;
187
188 typedef struct {
189 struct list_head list_node;
190 struct usb_interface *intf;
191 struct usb_device *udev;
192 patch_info *patch_entry;
193 } dev_data;
194
195 typedef struct {
196 dev_data *dev_entry;
197 int pipe_in, pipe_out;
198 uint8_t *send_pkt;
199 uint8_t *rcv_pkt;
200 struct hci_command_hdr *cmd_hdr;
201 struct hci_event_hdr *evt_hdr;
202 struct hci_ev_cmd_complete *cmd_cmp;
203 uint8_t *req_para, *rsp_para;
204 uint8_t *fw_data;
205 int pkt_len, fw_len;
206 } xchange_data;
207
208 typedef struct {
209 uint8_t index;
210 uint8_t data[PATCH_SEG_MAX];
211 } __attribute__ ((packed)) download_cp;
212
213 typedef struct {
214 uint8_t status;
215 uint8_t index;
216 } __attribute__ ((packed)) download_rp;
217
218 #define RTK_VENDOR_CONFIG_MAGIC 0x8723ab55
219 const u8 cfg_magic[4] = { 0x55, 0xab, 0x23, 0x87 };
220 struct rtk_bt_vendor_config_entry {
221 uint16_t offset;
222 uint8_t entry_len;
223 uint8_t entry_data[0];
224 } __attribute__ ((packed));
225
226 struct rtk_bt_vendor_config {
227 uint32_t signature;
228 uint16_t data_len;
229 struct rtk_bt_vendor_config_entry entry[0];
230 } __attribute__ ((packed));
231 #define BT_CONFIG_HDRLEN sizeof(struct rtk_bt_vendor_config)
232
233 static uint8_t gEVersion = 0xFF;
234
235 static dev_data *dev_data_find(struct usb_interface *intf);
236 static patch_info *get_patch_entry(struct usb_device *udev);
237 static int load_firmware(dev_data * dev_entry, uint8_t ** buff);
238 static void init_xdata(xchange_data * xdata, dev_data * dev_entry);
239 static int check_fw_version(xchange_data * xdata);
240 static int download_data(xchange_data * xdata);
241 static int send_hci_cmd(xchange_data * xdata);
242 static int rcv_hci_evt(xchange_data * xdata);
243 static uint8_t rtk_get_eversion(dev_data * dev_entry);
244
245 static patch_info fw_patch_table[] = {
246 /* { pid, lmp_sub, mp_fw_name, fw_name, config_name, chip_type } */
247 {0x1724, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* RTL8723A */
248 {0x8723, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AE */
249 {0xA723, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AE for LI */
250 {0x0723, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AE */
251 {0x3394, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AE for Azurewave */
252
253 {0x0724, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AU */
254 {0x8725, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AU */
255 {0x872A, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AU */
256 {0x872B, 0x1200, "mp_rtl8723a_fw", "rtl8723a_fw", "rtl8723a_config", RTLPREVIOUS}, /* 8723AU */
257
258 {0xb720, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BU */
259 {0xb72A, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BU */
260 {0xb728, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for LC */
261 {0xb723, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
262 {0xb72B, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
263 {0xb001, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for HP */
264 {0xb002, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
265 {0xb003, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
266 {0xb004, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
267 {0xb005, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE */
268
269 {0x3410, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Azurewave */
270 {0x3416, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Azurewave */
271 {0x3459, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Azurewave */
272 {0xE085, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Foxconn */
273 {0xE08B, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Foxconn */
274 {0xE09E, 0x8723, "mp_rtl8723b_fw", "rtl8723b_fw", "rtl8723b_config", RTLPREVIOUS}, /* RTL8723BE for Foxconn */
275
276 {0xA761, 0x8761, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AU only */
277 {0x818B, 0x8761, "mp_rtl8761a_fw", "rtl8761aw_fw", "rtl8761aw_config", RTLPREVIOUS}, /* RTL8761AW + 8192EU */
278 {0x818C, 0x8761, "mp_rtl8761a_fw", "rtl8761aw_fw", "rtl8761aw_config", RTLPREVIOUS}, /* RTL8761AW + 8192EU */
279 {0x8760, 0x8761, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AU + 8192EE */
280 {0xB761, 0x8761, "mp_rtl8761a_fw", "rtl8761au_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AUV only */
281 {0x8761, 0x8761, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AU + 8192EE for LI */
282 {0x8A60, 0x8761, "mp_rtl8761a_fw", "rtl8761au8812ae_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AU + 8812AE */
283 {0x3527, 0x8761, "mp_rtl8761a_fw", "rtl8761au8192ee_fw", "rtl8761a_config", RTLPREVIOUS}, /* RTL8761AU + 8814AE */
284
285 {0x8821, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
286 {0x0821, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
287 {0x0823, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AU */
288 {0x3414, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
289 {0x3458, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
290 {0x3461, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
291 {0x3462, 0x8821, "mp_rtl8821a_fw", "rtl8821a_fw", "rtl8821a_config", RTLPREVIOUS}, /* RTL8821AE */
292
293 {0xb82c, 0x8822, "mp_rtl8822bu_fw", "rtl8822bu_fw", "rtl8822bu_config", RTL8822BU}, /* RTL8822BU */
294
295 {0xd720, 0x8723, "mp_rtl8723du_fw", "rtl8723du_fw", "rtl8723du_config", RTL8723DU}, /* RTL8723DU */
296 {0xd723, 0x8723, "mp_rtl8723du_fw", "rtl8723du_fw", "rtl8723du_config", RTL8723DU}, /* RTL8723DU */
297 {0xd739, 0x8723, "mp_rtl8723du_fw", "rtl8723du_fw", "rtl8723du_config", RTL8723DU}, /* RTL8723DU */
298 {0xb009, 0x8723, "mp_rtl8723du_fw", "rtl8723du_fw", "rtl8723du_config", RTL8723DU}, /* RTL8723DU */
299 {0x0231, 0x8723, "mp_rtl8723du_fw", "rtl8723du_fw", "rtl8723du_config", RTL8723DU}, /* RTL8723DU for LiteOn */
300
301 {0xb820, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CU */
302 {0xc820, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CU */
303 {0xc821, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
304 {0xc823, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
305 {0xc824, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
306 {0xc825, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
307 {0xc827, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
308 {0xc025, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
309 {0xc024, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
310 {0xc030, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
311 {0xb00a, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
312 {0xb00e, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
313 {0xc032, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
314 {0x4000, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for LiteOn */
315 {0x4001, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for LiteOn */
316 {0x3529, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
317 {0x3530, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
318 {0x3532, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
319 {0x3533, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
320 {0x3538, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
321 {0x3539, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for Azurewave */
322 {0x3540, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE */
323 {0x3541, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for GSD */
324 {0x3543, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CE for GSD */
325 {0xc80c, 0x8821, "mp_rtl8821cu_fw", "rtl8821cu_fw", "rtl8821cu_config", RTL8821CU}, /* RTL8821CUH */
326
327 {0xc82c, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CU */
328 {0xc82e, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CU */
329 {0xc81d, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CU */
330 {0xc822, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
331 {0xc82b, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
332 {0xb00c, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
333 {0xb00d, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
334 {0xc123, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
335 {0xc126, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
336 {0xc127, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
337 {0xc128, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
338 {0xc129, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
339 {0xc131, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
340 {0xc136, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
341 {0x3549, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE for Azurewave */
342 {0x3548, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE for Azurewave */
343 {0xc125, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
344 {0x4005, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE for LiteOn */
345 {0x3051, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE for LiteOn */
346 {0x18ef, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
347 {0x161f, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
348 {0x3053, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
349 {0xc547, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
350 {0x3553, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
351 {0x3555, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE */
352 {0xc82f, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE-VS */
353 {0xc02f, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE-VS */
354 {0xc03f, 0x8822, "mp_rtl8822cu_fw", "rtl8822cu_fw", "rtl8822cu_config", RTL8822CU}, /* RTL8822CE-VS */
355
356 {0x8771, 0x8761, "mp_rtl8761b_fw", "rtl8761bu_fw", "rtl8761bu_config", RTL8761BU}, /* RTL8761BU only */
357 {0xa725, 0x8761, "mp_rtl8761b_fw", "rtl8725au_fw", "rtl8725au_config", RTL8761BU}, /* RTL8725AU */
358 {0xa72A, 0x8761, "mp_rtl8761b_fw", "rtl8725au_fw", "rtl8725au_config", RTL8761BU}, /* RTL8725AU BT only */
359
360 {0x885a, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AU */
361 {0x8852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
362 {0xa852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
363 {0x2852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
364 {0x385a, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
365 {0x3852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
366 {0x1852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
367 {0x4852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
368 {0x4006, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
369 {0x3561, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
370 {0x3562, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
371 {0x588a, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
372 {0x589a, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
373 {0x590a, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
374 {0xc125, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
375 {0xe852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
376 {0xb852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
377 {0xc852, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
378 {0xc549, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
379 {0xc127, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
380 {0x3565, 0x8852, "mp_rtl8852au_fw", "rtl8852au_fw", "rtl8852au_config", RTL8852AU}, /* RTL8852AE */
381
382 {0xb733, 0x8723, "mp_rtl8723fu_fw", "rtl8723fu_fw", "rtl8723fu_config", RTL8723FU}, /* RTL8723FU */
383 {0xb73a, 0x8723, "mp_rtl8723fu_fw", "rtl8723fu_fw", "rtl8723fu_config", RTL8723FU}, /* RTL8723FU */
384 {0xf72b, 0x8723, "mp_rtl8723fu_fw", "rtl8723fu_fw", "rtl8723fu_config", RTL8723FU}, /* RTL8723FU */
385
386 /* NOTE: must append patch entries above the null entry */
387 {0, 0, NULL, NULL, NULL, 0}
388 };
389
390 static LIST_HEAD(dev_data_list);
391
util_hexdump(const u8 * buf,size_t len)392 void util_hexdump(const u8 *buf, size_t len)
393 {
394 static const char hexdigits[] = "0123456789abcdef";
395 char str[16 * 3];
396 size_t i;
397
398 if (!buf || !len)
399 return;
400
401 for (i = 0; i < len; i++) {
402 str[((i % 16) * 3)] = hexdigits[buf[i] >> 4];
403 str[((i % 16) * 3) + 1] = hexdigits[buf[i] & 0xf];
404 str[((i % 16) * 3) + 2] = ' ';
405 if ((i + 1) % 16 == 0) {
406 str[16 * 3 - 1] = '\0';
407 RTKBT_DBG("%s", str);
408 }
409 }
410
411 if (i % 16 > 0) {
412 str[(i % 16) * 3 - 1] = '\0';
413 RTKBT_DBG("%s", str);
414 }
415 }
416
417 #if defined RTKBT_SWITCH_PATCH || defined RTKBT_TV_POWERON_WHITELIST
__rtk_send_hci_cmd(struct usb_device * udev,u8 * buf,u16 size)418 int __rtk_send_hci_cmd(struct usb_device *udev, u8 *buf, u16 size)
419 {
420 int result;
421 unsigned int pipe = usb_sndctrlpipe(udev, 0);
422
423 result = usb_control_msg(udev, pipe, 0, USB_TYPE_CLASS, 0, 0,
424 buf, size, 1000); /* 1000 msecs */
425
426 if (result < 0)
427 RTKBT_ERR("%s: Couldn't send hci cmd, err %d",
428 __func__, result);
429
430 return result;
431 }
432
__rtk_recv_hci_evt(struct usb_device * udev,u8 * buf,u8 len,u16 opcode)433 int __rtk_recv_hci_evt(struct usb_device *udev, u8 *buf, u8 len, u16 opcode)
434 {
435 int recv_length = 0;
436 int result = 0;
437 int i;
438 unsigned int pipe = usb_rcvintpipe(udev, 1);
439 struct hci_event_hdr *hdr;
440 struct hci_ev_cmd_complete *cmd_cmpl;
441
442 if (len < sizeof(*hdr) + sizeof(*cmd_cmpl)) {
443 RTKBT_ERR("%s: Invalid buf length %u", __func__, len);
444 return -1;
445 }
446
447 while (1) {
448 for (i = 0; i < 5; i++) {
449 result = usb_interrupt_msg(udev, pipe,
450 (void *)buf, PKT_LEN,
451 &recv_length, MSG_TO);
452 if (result >= 0)
453 break;
454 }
455
456 if (result < 0) {
457 RTKBT_ERR("%s; Couldn't receive HCI event, err %d",
458 __func__, result);
459 return result;
460 }
461
462 /* Ignore the event which is not command complete event */
463 if (recv_length < sizeof(*hdr) + sizeof(*cmd_cmpl))
464 continue;
465
466 hdr = (struct hci_event_hdr *)buf;
467 cmd_cmpl = (struct hci_ev_cmd_complete *)(buf + sizeof(*hdr));
468 if (hdr->evt == 0x0e) {
469 if (opcode == cmd_cmpl->opcode)
470 return recv_length;
471 }
472 }
473 }
474 #endif
475
476 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0)
file_inode(const struct file * f)477 static inline struct inode *file_inode(const struct file *f)
478 {
479 return f->f_path.dentry->d_inode;
480 }
481 #endif
482
config_lists_init(void)483 static int config_lists_init(void)
484 {
485 INIT_LIST_HEAD(&list_configs);
486 INIT_LIST_HEAD(&list_extracfgs);
487
488 return 0;
489 }
490
config_lists_free(void)491 static void config_lists_free(void)
492 {
493 struct list_head *iter;
494 struct list_head *tmp;
495 struct list_head *head;
496 struct cfg_list_item *n;
497
498 if (!list_empty(&list_extracfgs))
499 list_splice_tail(&list_extracfgs, &list_configs);
500 head = &list_configs;
501 list_for_each_safe(iter, tmp, head) {
502 n = list_entry(iter, struct cfg_list_item, list);
503 if (n) {
504 list_del(&n->list);
505 kfree(n);
506 }
507 }
508
509 INIT_LIST_HEAD(&list_configs);
510 INIT_LIST_HEAD(&list_extracfgs);
511 }
512
line_process(char * buf,int len)513 static void line_process(char *buf, int len)
514 {
515 char *argv[32];
516 int argc = 0;
517 unsigned long offset;
518 u8 l;
519 u8 i = 0;
520 char *ptr = buf;
521 char *head = buf;
522 struct cfg_list_item *item;
523
524 while ((ptr = strsep(&head, ", \t")) != NULL) {
525 if (!ptr[0])
526 continue;
527 argv[argc++] = ptr;
528 if (argc >= 32) {
529 RTKBT_WARN("%s: Config item is too long", __func__);
530 break;
531 }
532 }
533
534 if (argc < 4) {
535 RTKBT_WARN("%s: Invalid Config item, ignore", __func__);
536 return;
537 }
538
539 offset = simple_strtoul(argv[0], NULL, 16);
540 offset = offset | (simple_strtoul(argv[1], NULL, 16) << 8);
541 l = (u8)simple_strtoul(argv[2], NULL, 16);
542 if (l != (u8)(argc - 3)) {
543 RTKBT_ERR("invalid len %u", l);
544 return;
545 }
546
547 item = kzalloc(sizeof(*item) + l, GFP_KERNEL);
548 if (!item) {
549 RTKBT_WARN("%s: Cannot alloc mem for item, %04lx, %u", __func__,
550 offset, l);
551 return;
552 }
553
554 item->offset = (u16)offset;
555 item->len = l;
556 for (i = 0; i < l; i++)
557 item->data[i] = (u8)simple_strtoul(argv[3 + i], NULL, 16);
558 list_add_tail(&item->list, &list_extracfgs);
559 }
560
config_process(u8 * buff,int len)561 static void config_process(u8 *buff, int len)
562 {
563 char *head = (void *)buff;
564 char *ptr = (void *)buff;
565
566 while ((ptr = strsep(&head, "\n\r")) != NULL) {
567 if (!ptr[0])
568 continue;
569 line_process(ptr, strlen(ptr) + 1);
570 }
571 }
572
config_file_proc(const char * path)573 static void config_file_proc(const char *path)
574 {
575 int size;
576 int rc;
577 struct file *file;
578 u8 tbuf[256];
579 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
580 loff_t pos = 0;
581 #endif
582
583 file = filp_open(path, O_RDONLY, 0);
584 if (IS_ERR(file))
585 return;
586
587 if (!S_ISREG(file_inode(file)->i_mode))
588 return;
589 size = i_size_read(file_inode(file));
590 if (size <= 0)
591 return;
592
593 memset(tbuf, 0, sizeof(tbuf));
594 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
595 rc = kernel_read(file, tbuf, size, &pos);
596 #else
597 rc = kernel_read(file, 0, tbuf, size);
598 #endif
599 fput(file);
600 if (rc != size) {
601 if (rc >= 0)
602 rc = -EIO;
603 return;
604 }
605
606 tbuf[rc++] = '\n';
607 tbuf[rc++] = '\0';
608 config_process(tbuf, rc);
609 }
610
patch_add(struct usb_interface * intf)611 int patch_add(struct usb_interface *intf)
612 {
613 dev_data *dev_entry;
614 struct usb_device *udev;
615
616 RTKBT_DBG("patch_add");
617 dev_entry = dev_data_find(intf);
618 if (NULL != dev_entry) {
619 return -1;
620 }
621
622 udev = interface_to_usbdev(intf);
623 #if BTUSB_RPM
624 RTKBT_DBG("auto suspend is enabled");
625 usb_enable_autosuspend(udev);
626 pm_runtime_set_autosuspend_delay(&(udev->dev), 2000);
627 #else
628 RTKBT_DBG("auto suspend is disabled");
629 usb_disable_autosuspend(udev);
630 #endif
631
632 dev_entry = kzalloc(sizeof(dev_data), GFP_KERNEL);
633 dev_entry->intf = intf;
634 dev_entry->udev = udev;
635 dev_entry->patch_entry = get_patch_entry(udev);
636 if (NULL == dev_entry->patch_entry) {
637 kfree(dev_entry);
638 return -1;
639 }
640 list_add(&dev_entry->list_node, &dev_data_list);
641
642 /* Should reset the gEVersion to 0xff, otherwise the stored gEVersion
643 * would cause rtk_get_eversion() returning previous gEVersion if
644 * change to different ECO chip.
645 * This would cause downloading wrong patch, and the controller can't
646 * work. */
647 RTKBT_DBG("%s: Reset gEVersion to 0xff", __func__);
648 gEVersion = 0xff;
649
650 return 0;
651 }
652
patch_remove(struct usb_interface * intf)653 void patch_remove(struct usb_interface *intf)
654 {
655 dev_data *dev_entry;
656 struct usb_device *udev;
657
658 udev = interface_to_usbdev(intf);
659 #if BTUSB_RPM
660 usb_disable_autosuspend(udev);
661 #endif
662
663 dev_entry = dev_data_find(intf);
664 if (NULL == dev_entry) {
665 return;
666 }
667
668 RTKBT_DBG("patch_remove");
669 list_del(&dev_entry->list_node);
670 kfree(dev_entry);
671 }
672
send_reset_command(xchange_data * xdata)673 static int send_reset_command(xchange_data *xdata)
674 {
675 int ret_val;
676
677 RTKBT_DBG("HCI reset.");
678
679 xdata->cmd_hdr->opcode = cpu_to_le16(HCI_OP_RESET);
680 xdata->cmd_hdr->plen = 0;
681 xdata->pkt_len = CMD_HDR_LEN;
682
683 ret_val = send_hci_cmd(xdata);
684 if (ret_val < 0) {
685 RTKBT_ERR("failed to send hci cmd.");
686 return ret_val;
687 }
688
689 ret_val = rcv_hci_evt(xdata);
690 if (ret_val < 0) {
691 RTKBT_ERR("failed to recv hci event.");
692 return ret_val;
693 }
694
695 return 0;
696 }
697
get_max_patch_size(u8 chip_type)698 static inline int get_max_patch_size(u8 chip_type)
699 {
700 int max_patch_size = 0;
701
702 switch (chip_type) {
703 case RTLPREVIOUS:
704 max_patch_size = 24 * 1024;
705 break;
706 case RTL8822BU:
707 max_patch_size = 25 * 1024;
708 break;
709 case RTL8723DU:
710 case RTL8822CU:
711 case RTL8761BU:
712 case RTL8821CU:
713 max_patch_size = 40 * 1024;
714 break;
715 case RTL8852AU:
716 case RTL8723FU:
717 max_patch_size = 40 * 1024 + 529;
718 break;
719 default:
720 max_patch_size = 40 * 1024;
721 break;
722 }
723
724 return max_patch_size;
725 }
726
download_patch(struct usb_interface * intf)727 int download_patch(struct usb_interface *intf)
728 {
729 dev_data *dev_entry;
730 patch_info *pinfo;
731 xchange_data *xdata = NULL;
732 uint8_t *fw_buf;
733 int ret_val;
734 int max_patch_size = 0;
735
736 RTKBT_DBG("download_patch start");
737 dev_entry = dev_data_find(intf);
738 if (NULL == dev_entry) {
739 ret_val = -1;
740 RTKBT_ERR("NULL == dev_entry");
741 goto patch_end;
742 }
743
744 xdata = kzalloc(sizeof(xchange_data), GFP_KERNEL);
745 if (NULL == xdata) {
746 ret_val = -1;
747 RTKBT_DBG("NULL == xdata");
748 goto patch_end;
749 }
750
751 init_xdata(xdata, dev_entry);
752
753 ret_val = check_fw_version(xdata);
754 if (ret_val < 0) {
755 RTKBT_ERR("Failed to get Local Version Information");
756 goto patch_end;
757
758 } else if (ret_val > 0) {
759 RTKBT_DBG("Firmware already exists");
760 /* Patch alread exists, just return */
761 if (gEVersion == 0xff) {
762 RTKBT_DBG("global_version is not set, get it!");
763 gEVersion = rtk_get_eversion(dev_entry);
764 }
765 goto patch_end;
766 }
767
768 xdata->fw_len = load_firmware(dev_entry, &xdata->fw_data);
769 if (xdata->fw_len <= 0) {
770 RTKBT_ERR("load firmware failed!");
771 ret_val = -1;
772 goto patch_end;
773 }
774
775 fw_buf = xdata->fw_data;
776
777 pinfo = dev_entry->patch_entry;
778 if (!pinfo) {
779 RTKBT_ERR("%s: No patch entry", __func__);
780 ret_val = -1;
781 goto patch_fail;
782 }
783 max_patch_size = get_max_patch_size(pinfo->chip_type);
784 if (xdata->fw_len > max_patch_size) {
785 RTKBT_ERR("FW/CONFIG total length larger than allowed %d",
786 max_patch_size);
787 ret_val = -1;
788 goto patch_fail;
789 }
790
791 ret_val = download_data(xdata);
792 if (ret_val < 0) {
793 RTKBT_ERR("download_data failed, err %d", ret_val);
794 goto patch_fail;
795 }
796
797 ret_val = check_fw_version(xdata);
798 if (ret_val <= 0) {
799 RTKBT_ERR("%s: Read Local Version Info failure after download",
800 __func__);
801 ret_val = -1;
802 goto patch_fail;
803 }
804
805 ret_val = 0;
806 patch_fail:
807 kfree(fw_buf);
808 patch_end:
809 if (xdata != NULL) {
810 if (xdata->send_pkt)
811 kfree(xdata->send_pkt);
812 if (xdata->rcv_pkt)
813 kfree(xdata->rcv_pkt);
814 kfree(xdata);
815 }
816 RTKBT_DBG("Rtk patch end %d", ret_val);
817 return ret_val;
818 }
819
820 #ifdef RTKBT_SWITCH_PATCH
821 /* @return:
822 * -1: error
823 * 0: download patch successfully
824 * >0: patch already exists */
download_lps_patch(struct usb_interface * intf)825 int download_lps_patch(struct usb_interface *intf)
826 {
827 dev_data *dev_entry;
828 xchange_data *xdata = NULL;
829 uint8_t *fw_buf;
830 int result;
831 char name1[64];
832 char *origin_name1;
833 char name2[64];
834 char *origin_name2;
835
836 RTKBT_DBG("Download LPS Patch start");
837 dev_entry = dev_data_find(intf);
838 if (!dev_entry) {
839 RTKBT_ERR("No Patch found");
840 return -1;
841 }
842
843 xdata = kzalloc(sizeof(xchange_data), GFP_KERNEL);
844 if (!xdata) {
845 RTKBT_ERR("Couldn't alloc xdata");
846 return -1;
847 }
848
849 init_xdata(xdata, dev_entry);
850
851 result = check_fw_version(xdata);
852 if (result < 0) {
853 RTKBT_ERR("Failed to get Local Version Information");
854 goto patch_end;
855
856 } else if (result > 0) {
857 RTKBT_DBG("Firmware already exists");
858 /* Patch alread exists, just return */
859 if (gEVersion == 0xff) {
860 RTKBT_DBG("global_version is not set, get it!");
861 gEVersion = rtk_get_eversion(dev_entry);
862 }
863 goto patch_end;
864 }
865
866 origin_name1 = dev_entry->patch_entry->patch_name;
867 origin_name2 = dev_entry->patch_entry->config_name;
868 snprintf(name1, sizeof(name1), "lps_%s", origin_name1);
869 snprintf(name2, sizeof(name2), "lps_%s", origin_name2);
870 dev_entry->patch_entry->patch_name = name1;
871 dev_entry->patch_entry->config_name = name2;
872 RTKBT_INFO("Loading %s and %s", name1, name2);
873 xdata->fw_len = load_firmware(dev_entry, &xdata->fw_data);
874 dev_entry->patch_entry->patch_name = origin_name1;
875 dev_entry->patch_entry->config_name = origin_name2;
876 if (xdata->fw_len <= 0) {
877 result = -1;
878 RTKBT_ERR("load firmware failed!");
879 goto patch_end;
880 }
881
882 fw_buf = xdata->fw_data;
883
884 pinfo = dev_entry->patch_entry;
885 if (!pinfo) {
886 RTKBT_ERR("%s: No patch entry", __func__);
887 result = -1;
888 goto patch_fail;
889 }
890 max_patch_size = get_max_patch_size(pinfo->chip_type);
891 if (xdata->fw_len > max_patch_size) {
892 result = -1;
893 RTKBT_ERR("FW/CONFIG total length larger than allowed %d",
894 max_patch_size);
895 goto patch_fail;
896 }
897
898 result = download_data(xdata);
899 if (result < 0) {
900 RTKBT_ERR("download_data failed, err %d", result);
901 goto patch_fail;
902 }
903
904 result = check_fw_version(xdata);
905 if (result <= 0) {
906 RTKBT_ERR("%s: Read Local Version Info failure after download",
907 __func__);
908 result = -1;
909 goto patch_fail;
910 }
911
912 result = 0;
913
914 patch_fail:
915 kfree(fw_buf);
916 patch_end:
917 if (xdata->send_pkt)
918 kfree(xdata->send_pkt);
919 if (xdata->rcv_pkt)
920 kfree(xdata->rcv_pkt);
921 kfree(xdata);
922 RTKBT_DBG("Download LPS Patch end %d", result);
923
924 return result;
925 }
926 #endif
927
set_scan(struct usb_interface * intf)928 int set_scan(struct usb_interface *intf)
929 {
930 dev_data *dev_entry;
931 xchange_data *xdata = NULL;
932 int result;
933
934 RTKBT_DBG("%s", __func__);
935 dev_entry = dev_data_find(intf);
936 if (!dev_entry)
937 return -1;
938
939 xdata = kzalloc(sizeof(xchange_data), GFP_KERNEL);
940 if (!xdata) {
941 RTKBT_ERR("Could not alloc xdata");
942 return -1;
943 }
944
945 init_xdata(xdata, dev_entry);
946
947 xdata->cmd_hdr->opcode = cpu_to_le16(STARTSCAN_OPCODE);
948 xdata->cmd_hdr->plen = 1;
949 xdata->pkt_len = CMD_HDR_LEN + 1;
950 xdata->send_pkt[CMD_HDR_LEN] = 1;
951
952 result = send_hci_cmd(xdata);
953 if (result < 0)
954 goto end;
955
956 result = rcv_hci_evt(xdata);
957 end:
958 if (xdata) {
959 if (xdata->send_pkt)
960 kfree(xdata->send_pkt);
961 if (xdata->rcv_pkt)
962 kfree(xdata->rcv_pkt);
963 kfree(xdata);
964 }
965
966 RTKBT_DBG("%s done", __func__);
967
968 return result;
969 }
970
dev_data_find(struct usb_interface * intf)971 dev_data *dev_data_find(struct usb_interface * intf)
972 {
973 dev_data *dev_entry;
974
975 list_for_each_entry(dev_entry, &dev_data_list, list_node) {
976 if (dev_entry->intf == intf) {
977 patch_info *patch = dev_entry->patch_entry;
978 if (!patch)
979 return NULL;
980
981 RTKBT_INFO("chip type value: 0x%02x", patch->chip_type);
982 return dev_entry;
983 }
984 }
985
986 return NULL;
987 }
988
get_patch_entry(struct usb_device * udev)989 patch_info *get_patch_entry(struct usb_device * udev)
990 {
991 patch_info *patch_entry;
992 uint16_t pid;
993
994 patch_entry = fw_patch_table;
995 pid = le16_to_cpu(udev->descriptor.idProduct);
996 RTKBT_DBG("pid = 0x%x", pid);
997 while (pid != patch_entry->prod_id) {
998 if (0 == patch_entry->prod_id) {
999 RTKBT_DBG
1000 ("get_patch_entry =NULL, can not find device pid in patch_table");
1001 return NULL; //break;
1002 }
1003 patch_entry++;
1004 }
1005
1006 return patch_entry;
1007 }
1008
is_mac(u8 chip_type,u16 offset)1009 static int is_mac(u8 chip_type, u16 offset)
1010 {
1011 int result = 0;
1012
1013 switch (chip_type) {
1014 case RTL8822BU:
1015 case RTL8723DU:
1016 case RTL8821CU:
1017 if (offset == 0x0044)
1018 return 1;
1019 break;
1020 case RTL8822CU:
1021 case RTL8761BU:
1022 case RTL8852AU:
1023 case RTL8723FU:
1024 if (offset == 0x0030)
1025 return 1;
1026 break;
1027 case RTLPREVIOUS:
1028 if (offset == 0x003c)
1029 return 1;
1030 break;
1031 }
1032
1033 return result;
1034 }
1035
get_mac_offset(u8 chip_type)1036 static uint16_t get_mac_offset(u8 chip_type)
1037 {
1038 switch (chip_type) {
1039 case RTL8822BU:
1040 case RTL8723DU:
1041 case RTL8821CU:
1042 return 0x0044;
1043 case RTL8822CU:
1044 case RTL8761BU:
1045 case RTL8852AU:
1046 case RTL8723FU:
1047 return 0x0030;
1048 case RTLPREVIOUS:
1049 return 0x003c;
1050 default:
1051 return 0x003c;
1052 }
1053 }
1054
merge_configs(struct list_head * head,struct list_head * head2)1055 static void merge_configs(struct list_head *head, struct list_head *head2)
1056 {
1057 struct list_head *epos, *enext;
1058 struct list_head *pos, *next;
1059 struct cfg_list_item *n;
1060 struct cfg_list_item *extra;
1061
1062 if (!head || !head2)
1063 return;
1064
1065 if (list_empty(head2))
1066 return;
1067
1068 if (list_empty(head)) {
1069 list_splice_tail(head2, head);
1070 INIT_LIST_HEAD(head2);
1071 return;
1072 }
1073
1074 /* Add or update & replace */
1075 list_for_each_safe(epos, enext, head2) {
1076 extra = list_entry(epos, struct cfg_list_item, list);
1077
1078 list_for_each_safe(pos, next, head) {
1079 n = list_entry(pos, struct cfg_list_item, list);
1080 if (extra->offset == n->offset) {
1081 if (extra->len < n->len) {
1082 /* Update the cfg data */
1083 RTKBT_INFO("Update cfg: ofs %04x len %u",
1084 n->offset, n->len);
1085 memcpy(n->data, extra->data,
1086 extra->len);
1087 list_del(epos);
1088 kfree(extra);
1089 } else {
1090 /* Replace the item */
1091 list_del(epos);
1092 list_replace_init(pos, epos);
1093 /* free the old item */
1094 kfree(n);
1095 }
1096 }
1097
1098 }
1099
1100 }
1101
1102 if (list_empty(head2))
1103 return;
1104 list_for_each_safe(epos, enext, head2) {
1105 extra = list_entry(epos, struct cfg_list_item, list);
1106 RTKBT_INFO("Add new cfg: ofs %04x, len %u", extra->offset,
1107 extra->len);
1108 /* Add the item to list */
1109 list_del(epos);
1110 list_add_tail(epos, head);
1111 }
1112 }
1113
rtk_parse_config_file(u8 * config_buf,int filelen)1114 int rtk_parse_config_file(u8 *config_buf, int filelen)
1115 {
1116 struct rtk_bt_vendor_config *config = (void *)config_buf;
1117 u16 config_len = 0, temp = 0;
1118 struct rtk_bt_vendor_config_entry *entry = NULL;
1119 u32 i = 0;
1120 struct cfg_list_item *item;
1121
1122 if (!config_buf)
1123 return -EINVAL;
1124
1125 config_len = le16_to_cpu(config->data_len);
1126 entry = config->entry;
1127
1128 if (le32_to_cpu(config->signature) != RTK_VENDOR_CONFIG_MAGIC) {
1129 RTKBT_ERR("sig magic num %08x, not rtk vendor magic %08x",
1130 config->signature, RTK_VENDOR_CONFIG_MAGIC);
1131 return -1;
1132 }
1133
1134 if (config_len != filelen - BT_CONFIG_HDRLEN) {
1135 RTKBT_ERR("config length %u is not right %u", config_len,
1136 (u16)(filelen - BT_CONFIG_HDRLEN));
1137 return -1;
1138 }
1139
1140 for (i = 0; i < config_len;) {
1141 /* Add config item to list */
1142 item = kzalloc(sizeof(*item) + entry->entry_len, GFP_KERNEL);
1143 if (item) {
1144 item->offset = le16_to_cpu(entry->offset);
1145 item->len = entry->entry_len;
1146 memcpy(item->data, entry->entry_data, item->len);
1147 list_add_tail(&item->list, &list_configs);
1148 } else {
1149 RTKBT_ERR("Cannot alloc mem for entry %04x, %u",
1150 entry->offset, entry->entry_len);
1151 break;
1152 }
1153
1154 temp = entry->entry_len +
1155 sizeof(struct rtk_bt_vendor_config_entry);
1156 i += temp;
1157 entry =
1158 (struct rtk_bt_vendor_config_entry *)((uint8_t *) entry +
1159 temp);
1160 }
1161
1162 return 0;;
1163 }
1164
rtk_get_fw_project_id(uint8_t * p_buf)1165 uint8_t rtk_get_fw_project_id(uint8_t * p_buf)
1166 {
1167 uint8_t opcode;
1168 uint8_t len;
1169 uint8_t data = 0;
1170
1171 do {
1172 opcode = *p_buf;
1173 len = *(p_buf - 1);
1174 if (opcode == 0x00) {
1175 if (len == 1) {
1176 data = *(p_buf - 2);
1177 RTKBT_DBG
1178 ("rtk_get_fw_project_id: opcode %d, len %d, data %d",
1179 opcode, len, data);
1180 break;
1181 } else {
1182 RTKBT_ERR
1183 ("rtk_get_fw_project_id: invalid len %d",
1184 len);
1185 }
1186 }
1187 p_buf -= len + 2;
1188 } while (*p_buf != 0xFF);
1189
1190 return data;
1191 }
1192
rtk_get_patch_entry(uint8_t * epatch_buf,struct rtk_epatch_entry * entry)1193 static void rtk_get_patch_entry(uint8_t * epatch_buf,
1194 struct rtk_epatch_entry *entry)
1195 {
1196 uint32_t svn_ver;
1197 uint32_t coex_ver;
1198 uint32_t tmp;
1199 uint16_t i;
1200 struct rtk_epatch *epatch_info = (struct rtk_epatch *)epatch_buf;
1201
1202 epatch_info->number_of_total_patch =
1203 le16_to_cpu(epatch_info->number_of_total_patch);
1204 RTKBT_DBG("fw_version = 0x%x", le32_to_cpu(epatch_info->fw_version));
1205 RTKBT_DBG("number_of_total_patch = %d",
1206 epatch_info->number_of_total_patch);
1207
1208 /* get right epatch entry */
1209 for (i = 0; i < epatch_info->number_of_total_patch; i++) {
1210 if (get_unaligned_le16(epatch_buf + 14 + 2 * i) ==
1211 gEVersion + 1) {
1212 entry->chipID = gEVersion + 1;
1213 entry->patch_length = get_unaligned_le16(epatch_buf +
1214 14 +
1215 2 * epatch_info->number_of_total_patch +
1216 2 * i);
1217 entry->start_offset = get_unaligned_le32(epatch_buf +
1218 14 +
1219 4 * epatch_info-> number_of_total_patch +
1220 4 * i);
1221 break;
1222 }
1223 }
1224
1225 if (i >= epatch_info->number_of_total_patch) {
1226 entry->patch_length = 0;
1227 entry->start_offset = 0;
1228 RTKBT_ERR("No corresponding patch found\n");
1229 return;
1230 }
1231
1232 svn_ver = get_unaligned_le32(epatch_buf +
1233 entry->start_offset +
1234 entry->patch_length - 8);
1235 coex_ver = get_unaligned_le32(epatch_buf +
1236 entry->start_offset +
1237 entry->patch_length - 12);
1238
1239 RTKBT_DBG("chipID %d", entry->chipID);
1240 RTKBT_DBG("patch_length 0x%04x", entry->patch_length);
1241 RTKBT_DBG("start_offset 0x%08x", entry->start_offset);
1242
1243 RTKBT_DBG("Svn version: %8d", svn_ver);
1244 tmp = ((coex_ver >> 16) & 0x7ff) + (coex_ver >> 27) * 10000;
1245 RTKBT_DBG("Coexistence: BTCOEX_20%06d-%04x",
1246 tmp, (coex_ver & 0xffff));
1247 }
1248
bachk(const char * str)1249 int bachk(const char *str)
1250 {
1251 if (!str)
1252 return -1;
1253
1254 if (strlen(str) != 17)
1255 return -1;
1256
1257 while (*str) {
1258 if (!isxdigit(*str++))
1259 return -1;
1260
1261 if (!isxdigit(*str++))
1262 return -1;
1263
1264 if (*str == 0)
1265 break;
1266
1267 if (*str++ != ':')
1268 return -1;
1269 }
1270
1271 return 0;
1272 }
1273
request_bdaddr(u8 * buf)1274 static int request_bdaddr(u8 *buf)
1275 {
1276 int size;
1277 int rc;
1278 struct file *file;
1279 u8 tbuf[BDADDR_STRING_LEN + 1];
1280 char *str;
1281 int i;
1282 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
1283 loff_t pos = 0;
1284 #endif
1285
1286 if (!buf)
1287 return -EINVAL;
1288
1289 file = filp_open(BDADDR_FILE, O_RDONLY, 0);
1290 if (IS_ERR(file))
1291 return -ENOENT;
1292
1293 if (!S_ISREG(file_inode(file)->i_mode))
1294 return -EINVAL;
1295 size = i_size_read(file_inode(file));
1296 if (size <= 0)
1297 return -EINVAL;
1298
1299 if (size > BDADDR_STRING_LEN)
1300 size = BDADDR_STRING_LEN;
1301
1302 memset(tbuf, 0, sizeof(tbuf));
1303 RTKBT_INFO("size = %d", size);
1304 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
1305 rc = kernel_read(file, tbuf, size, &pos);
1306 #else
1307 rc = kernel_read(file, 0, tbuf, size);
1308 #endif
1309 fput(file);
1310 if (rc != size) {
1311 if (rc >= 0)
1312 rc = -EIO;
1313 goto fail;
1314 }
1315
1316 if (bachk(tbuf) < 0) {
1317 rc = -EINVAL;
1318 goto fail;
1319 }
1320
1321 str = tbuf;
1322 for (i = 5; i >= 0; i--) {
1323 buf[i] = simple_strtol(str, NULL, 16);
1324 str += 3;
1325 }
1326
1327 return size;
1328 fail:
1329 return rc;
1330 }
1331
load_config(dev_data * dev_entry,int * length)1332 static u8 *load_config(dev_data *dev_entry, int *length)
1333 {
1334 patch_info *patch_entry;
1335 const char *config_name;
1336 const struct firmware *fw;
1337 struct usb_device *udev;
1338 int result;
1339 u8 *buf;
1340 u8 *p;
1341 u16 config_len;
1342 u16 dlen;
1343 u8 tmp_buf[32];
1344 int file_sz;
1345 struct cfg_list_item *n;
1346 struct list_head *pos, *next;
1347 u8 chip_type;
1348
1349 config_lists_init();
1350 patch_entry = dev_entry->patch_entry;
1351 config_name = patch_entry->config_name;
1352 udev = dev_entry->udev;
1353 chip_type = patch_entry->chip_type;
1354
1355 RTKBT_INFO("config filename %s", config_name);
1356 result = request_firmware(&fw, config_name, &udev->dev);
1357 if (result < 0)
1358 return 0;
1359
1360 file_sz = fw->size;
1361 buf = (u8 *)fw->data;
1362
1363 /* Load extra configs */
1364 config_file_proc(EXTRA_CONFIG_FILE);
1365 list_for_each_safe(pos, next, &list_extracfgs) {
1366 n = list_entry(pos, struct cfg_list_item, list);
1367 RTKBT_INFO("extra cfg: ofs %04x, len %u", n->offset, n->len);
1368 }
1369
1370 /* Load extra bdaddr config */
1371 memset(tmp_buf, 0, sizeof(tmp_buf));
1372 result = request_bdaddr(tmp_buf);
1373 if (result > 0) {
1374 n = kzalloc(sizeof(*n) + 6, GFP_KERNEL);
1375 if (n) {
1376 n->offset = get_mac_offset(patch_entry->chip_type);
1377 n->len = 6;
1378 memcpy(n->data, tmp_buf, 6);
1379 list_add_tail(&n->list, &list_extracfgs);
1380 } else {
1381 RTKBT_WARN("Couldn't alloc mem for bdaddr");
1382 }
1383 } else {
1384 if (result == -ENOENT)
1385 RTKBT_WARN("no bdaddr file %s", BDADDR_FILE);
1386 else
1387 RTKBT_WARN("invalid customer bdaddr %d", result);
1388 }
1389
1390 RTKBT_INFO("Origin cfg len %u", (u16)file_sz);
1391 util_hexdump((const u8 *)buf, file_sz);
1392
1393 result = rtk_parse_config_file(buf, file_sz);
1394 if (result < 0) {
1395 RTKBT_ERR("Parse config file error");
1396 buf = NULL;
1397 goto done;
1398 }
1399
1400 merge_configs(&list_configs, &list_extracfgs);
1401
1402 /* Calculate the config_len */
1403 config_len = 4; /* magic word length */
1404 config_len += 2; /* data length field */
1405 dlen = 0;
1406 list_for_each_safe(pos, next, &list_configs) {
1407 n = list_entry(pos, struct cfg_list_item, list);
1408 switch (n->offset) {
1409 case 0x003c:
1410 case 0x0030:
1411 case 0x0044:
1412 if (is_mac(chip_type, n->offset) && n->len == 6) {
1413 char s[18];
1414 sprintf(s, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
1415 n->data[5], n->data[4],
1416 n->data[3], n->data[2],
1417 n->data[1], n->data[0]);
1418 RTKBT_INFO("bdaddr ofs %04x, %s", n->offset, s);
1419 }
1420 break;
1421 default:
1422 break;
1423 }
1424
1425 config_len += (3 + n->len);
1426 dlen += (3 + n->len);
1427 }
1428
1429
1430 buf = kzalloc(config_len, GFP_KERNEL);
1431 if (!buf) {
1432 RTKBT_ERR("Couldn't alloc buf for configs");
1433 goto done;
1434 }
1435
1436 /* Save configs to a buffer */
1437 memcpy(buf, cfg_magic, 4);
1438 buf[4] = dlen & 0xff;
1439 buf[5] = (dlen >> 8) & 0xff;
1440 p = buf + 6;
1441 list_for_each_safe(pos, next, &list_configs) {
1442 n = list_entry(pos, struct cfg_list_item, list);
1443 p[0] = n->offset & 0xff;
1444 p[1] = (n->offset >> 8) & 0xff;
1445 p[2] = n->len;
1446 memcpy(p + 3, n->data, n->len);
1447 p += (3 + n->len);
1448 }
1449
1450 RTKBT_INFO("New cfg len %u", config_len);
1451 util_hexdump((const u8 *)buf, config_len);
1452
1453 *length = config_len;
1454
1455 done:
1456 config_lists_free();
1457 release_firmware(fw);
1458
1459 return buf;
1460 }
1461
load_firmware(dev_data * dev_entry,uint8_t ** buff)1462 int load_firmware(dev_data * dev_entry, uint8_t ** buff)
1463 {
1464 const struct firmware *fw;
1465 struct usb_device *udev;
1466 patch_info *patch_entry;
1467 char *fw_name;
1468 int fw_len = 0, ret_val = 0, config_len = 0, buf_len = -1;
1469 uint8_t *buf = *buff, *config_file_buf = NULL, *epatch_buf = NULL;
1470 uint8_t proj_id = 0;
1471 uint8_t need_download_fw = 1;
1472 uint16_t lmp_version;
1473 struct rtk_epatch_entry current_entry = { 0 };
1474
1475 RTKBT_DBG("load_firmware start");
1476 udev = dev_entry->udev;
1477 patch_entry = dev_entry->patch_entry;
1478 lmp_version = patch_entry->lmp_sub;
1479 RTKBT_DBG("lmp_version = 0x%04x", lmp_version);
1480
1481 config_file_buf = load_config(dev_entry, &config_len);
1482
1483 fw_name = patch_entry->patch_name;
1484 RTKBT_ERR("fw name is %s", fw_name);
1485 ret_val = request_firmware(&fw, fw_name, &udev->dev);
1486 if (ret_val < 0) {
1487 fw_len = 0;
1488 kfree(config_file_buf);
1489 config_file_buf = NULL;
1490 goto fw_fail;
1491 }
1492
1493 epatch_buf = kzalloc(fw->size, GFP_KERNEL);
1494 if (NULL == epatch_buf)
1495 goto alloc_fail;
1496
1497 memcpy(epatch_buf, fw->data, fw->size);
1498 buf_len = fw->size + config_len;
1499
1500 if (lmp_version == ROM_LMP_8723a) {
1501 RTKBT_DBG("This is 8723a, use old patch style!");
1502
1503 if (memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8) == 0) {
1504 RTKBT_ERR("8723a Check signature error!");
1505 need_download_fw = 0;
1506 } else {
1507 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1508 RTKBT_ERR("Can't alloc memory for fw&config");
1509 buf_len = -1;
1510 } else {
1511 RTKBT_DBG("8723a, fw copy direct");
1512 memcpy(buf, epatch_buf, fw->size);
1513 if (config_len) {
1514 memcpy(&buf[buf_len - config_len],
1515 config_file_buf, config_len);
1516 }
1517 }
1518 }
1519 } else {
1520 RTKBT_ERR("This is not 8723a, use new patch style!");
1521
1522 /* Get version from ROM */
1523 gEVersion = rtk_get_eversion(dev_entry);
1524 RTKBT_DBG("%s: New gEVersion %d", __func__, gEVersion);
1525 if (gEVersion == 0xFE) {
1526 RTKBT_ERR("%s: Read ROM version failure", __func__);
1527 need_download_fw = 0;
1528 fw_len = 0;
1529 goto alloc_fail;
1530 }
1531
1532 /* check Signature and Extension Section Field */
1533 if ((memcmp(epatch_buf, RTK_EPATCH_SIGNATURE, 8) != 0) ||
1534 memcmp(epatch_buf + buf_len - config_len - 4,
1535 Extension_Section_SIGNATURE, 4) != 0) {
1536 RTKBT_ERR("Check SIGNATURE error! do not download fw");
1537 need_download_fw = 0;
1538 } else {
1539 proj_id =
1540 rtk_get_fw_project_id(epatch_buf + buf_len -
1541 config_len - 5);
1542
1543 if (lmp_version != project_id[proj_id]) {
1544 RTKBT_ERR
1545 ("lmp_version is %x, project_id is %x, does not match!!!",
1546 lmp_version, project_id[proj_id]);
1547 need_download_fw = 0;
1548 } else {
1549 RTKBT_DBG
1550 ("lmp_version is %x, project_id is %x, match!",
1551 lmp_version, project_id[proj_id]);
1552 rtk_get_patch_entry(epatch_buf, ¤t_entry);
1553
1554 if (current_entry.patch_length == 0)
1555 goto fw_fail;
1556
1557 buf_len =
1558 current_entry.patch_length + config_len;
1559 RTKBT_DBG("buf_len = 0x%x", buf_len);
1560
1561 if (!(buf = kzalloc(buf_len, GFP_KERNEL))) {
1562 RTKBT_ERR
1563 ("Can't alloc memory for multi fw&config");
1564 buf_len = -1;
1565 } else {
1566 memcpy(buf,
1567 epatch_buf +
1568 current_entry.start_offset,
1569 current_entry.patch_length);
1570 memcpy(buf + current_entry.patch_length - 4, epatch_buf + 8, 4); /*fw version */
1571 if (config_len) {
1572 memcpy(&buf
1573 [buf_len - config_len],
1574 config_file_buf,
1575 config_len);
1576 }
1577 }
1578 }
1579 }
1580 }
1581
1582 RTKBT_DBG("fw:%s exists, config file:%s exists",
1583 (buf_len > 0) ? "" : "not", (config_len > 0) ? "" : "not");
1584 if (buf && (buf_len > 0) && (need_download_fw)) {
1585 fw_len = buf_len;
1586 *buff = buf;
1587 }
1588
1589 RTKBT_DBG("load_firmware done");
1590
1591 alloc_fail:
1592 release_firmware(fw);
1593
1594 if (epatch_buf)
1595 kfree(epatch_buf);
1596
1597 if (config_file_buf)
1598 kfree(config_file_buf);
1599 fw_fail:
1600 return fw_len;
1601 }
1602
init_xdata(xchange_data * xdata,dev_data * dev_entry)1603 void init_xdata(xchange_data * xdata, dev_data * dev_entry)
1604 {
1605 memset(xdata, 0, sizeof(xchange_data));
1606 xdata->dev_entry = dev_entry;
1607 xdata->pipe_in = usb_rcvintpipe(dev_entry->udev, INTR_EP);
1608 xdata->pipe_out = usb_sndctrlpipe(dev_entry->udev, CTRL_EP);
1609 xdata->send_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1610 xdata->rcv_pkt = kzalloc(PKT_LEN, GFP_KERNEL);
1611 xdata->cmd_hdr = (struct hci_command_hdr *)(xdata->send_pkt);
1612 xdata->evt_hdr = (struct hci_event_hdr *)(xdata->rcv_pkt);
1613 xdata->cmd_cmp =
1614 (struct hci_ev_cmd_complete *)(xdata->rcv_pkt + EVT_HDR_LEN);
1615 xdata->req_para = xdata->send_pkt + CMD_HDR_LEN;
1616 xdata->rsp_para = xdata->rcv_pkt + EVT_HDR_LEN + CMD_CMP_LEN;
1617 }
1618
check_fw_version(xchange_data * xdata)1619 int check_fw_version(xchange_data * xdata)
1620 {
1621 struct hci_rp_read_local_version *read_ver_rsp;
1622 patch_info *patch_entry;
1623 int ret_val;
1624 int retry = 0;
1625
1626 /* Ensure that the first cmd is hci reset after system suspend
1627 * or system reboot */
1628 send_reset_command(xdata);
1629
1630 get_ver:
1631 xdata->cmd_hdr->opcode = cpu_to_le16(HCI_OP_READ_LOCAL_VERSION);
1632 xdata->cmd_hdr->plen = 0;
1633 xdata->pkt_len = CMD_HDR_LEN;
1634
1635 ret_val = send_hci_cmd(xdata);
1636 if (ret_val < 0) {
1637 RTKBT_ERR("%s: Failed to send HCI command.", __func__);
1638 goto version_end;
1639 }
1640
1641 ret_val = rcv_hci_evt(xdata);
1642 if (ret_val < 0) {
1643 RTKBT_ERR("%s: Failed to receive HCI event.", __func__);
1644 goto version_end;
1645 }
1646
1647 patch_entry = xdata->dev_entry->patch_entry;
1648 read_ver_rsp = (struct hci_rp_read_local_version *)(xdata->rsp_para);
1649 read_ver_rsp->lmp_subver = le16_to_cpu(read_ver_rsp->lmp_subver);
1650 read_ver_rsp->hci_rev = le16_to_cpu(read_ver_rsp->hci_rev);
1651 read_ver_rsp->manufacturer = le16_to_cpu(read_ver_rsp->manufacturer);
1652
1653 RTKBT_DBG("read_ver_rsp->lmp_subver = 0x%x", read_ver_rsp->lmp_subver);
1654 RTKBT_DBG("read_ver_rsp->hci_rev = 0x%x", read_ver_rsp->hci_rev);
1655 RTKBT_DBG("patch_entry->lmp_sub = 0x%x", patch_entry->lmp_sub);
1656 if (patch_entry->lmp_sub != read_ver_rsp->lmp_subver) {
1657 return 1;
1658 }
1659
1660 ret_val = 0;
1661 version_end:
1662 if (ret_val) {
1663 send_reset_command(xdata);
1664 retry++;
1665 if (retry < 2)
1666 goto get_ver;
1667 }
1668
1669 return ret_val;
1670 }
1671
rtk_get_eversion(dev_data * dev_entry)1672 uint8_t rtk_get_eversion(dev_data * dev_entry)
1673 {
1674 struct rtk_eversion_evt *eversion;
1675 patch_info *patch_entry;
1676 int ret_val = 0;
1677 xchange_data *xdata = NULL;
1678
1679 RTKBT_DBG("%s: gEVersion %d", __func__, gEVersion);
1680 if (gEVersion != 0xFF && gEVersion != 0xFE) {
1681 RTKBT_DBG("gEVersion != 0xFF, return it directly!");
1682 return gEVersion;
1683 }
1684
1685 xdata = kzalloc(sizeof(xchange_data), GFP_KERNEL);
1686 if (NULL == xdata) {
1687 ret_val = 0xFE;
1688 RTKBT_DBG("NULL == xdata");
1689 return ret_val;
1690 }
1691
1692 init_xdata(xdata, dev_entry);
1693
1694 xdata->cmd_hdr->opcode = cpu_to_le16(HCI_VENDOR_READ_RTK_ROM_VERISION);
1695 xdata->cmd_hdr->plen = 0;
1696 xdata->pkt_len = CMD_HDR_LEN;
1697
1698 ret_val = send_hci_cmd(xdata);
1699 if (ret_val < 0) {
1700 RTKBT_ERR("Failed to send read RTK rom version cmd.");
1701 ret_val = 0xFE;
1702 goto version_end;
1703 }
1704
1705 ret_val = rcv_hci_evt(xdata);
1706 if (ret_val < 0) {
1707 RTKBT_ERR("Failed to receive HCI event for rom version.");
1708 ret_val = 0xFE;
1709 goto version_end;
1710 }
1711
1712 patch_entry = xdata->dev_entry->patch_entry;
1713 eversion = (struct rtk_eversion_evt *)(xdata->rsp_para);
1714 RTKBT_DBG("eversion->status = 0x%x, eversion->version = 0x%x",
1715 eversion->status, eversion->version);
1716 if (eversion->status) {
1717 ret_val = 0;
1718 //global_eversion = 0;
1719 } else {
1720 ret_val = eversion->version;
1721 //global_eversion = eversion->version;
1722 }
1723
1724 version_end:
1725 if (xdata != NULL) {
1726 if (xdata->send_pkt)
1727 kfree(xdata->send_pkt);
1728 if (xdata->rcv_pkt)
1729 kfree(xdata->rcv_pkt);
1730 kfree(xdata);
1731 }
1732 return ret_val;
1733 }
1734
download_data(xchange_data * xdata)1735 int download_data(xchange_data * xdata)
1736 {
1737 download_cp *cmd_para;
1738 download_rp *evt_para;
1739 uint8_t *pcur;
1740 int pkt_len, frag_num, frag_len;
1741 int i, ret_val;
1742 int j;
1743
1744 RTKBT_DBG("download_data start");
1745
1746 cmd_para = (download_cp *) xdata->req_para;
1747 evt_para = (download_rp *) xdata->rsp_para;
1748 pcur = xdata->fw_data;
1749 pkt_len = CMD_HDR_LEN + sizeof(download_cp);
1750 frag_num = xdata->fw_len / PATCH_SEG_MAX + 1;
1751 frag_len = PATCH_SEG_MAX;
1752
1753 for (i = 0; i < frag_num; i++) {
1754 if (i > 0x7f)
1755 j = (i & 0x7f) + 1;
1756 else
1757 j = i;
1758
1759 cmd_para->index = j;
1760 if (i == (frag_num - 1)) {
1761 cmd_para->index |= DATA_END;
1762 frag_len = xdata->fw_len % PATCH_SEG_MAX;
1763 pkt_len -= (PATCH_SEG_MAX - frag_len);
1764 }
1765 xdata->cmd_hdr->opcode = cpu_to_le16(DOWNLOAD_OPCODE);
1766 xdata->cmd_hdr->plen = sizeof(uint8_t) + frag_len;
1767 xdata->pkt_len = pkt_len;
1768 memcpy(cmd_para->data, pcur, frag_len);
1769
1770 ret_val = send_hci_cmd(xdata);
1771 if (ret_val < 0) {
1772 return ret_val;
1773 }
1774
1775 ret_val = rcv_hci_evt(xdata);
1776 if (ret_val < 0) {
1777 return ret_val;
1778 }
1779
1780 if (0 != evt_para->status) {
1781 return -1;
1782 }
1783
1784 pcur += PATCH_SEG_MAX;
1785 }
1786
1787 RTKBT_DBG("download_data done");
1788 return xdata->fw_len;
1789 }
1790
send_hci_cmd(xchange_data * xdata)1791 int send_hci_cmd(xchange_data * xdata)
1792 {
1793 int ret_val;
1794
1795 ret_val = usb_control_msg(xdata->dev_entry->udev, xdata->pipe_out,
1796 0, USB_TYPE_CLASS, 0, 0,
1797 (void *)(xdata->send_pkt),
1798 xdata->pkt_len, MSG_TO);
1799
1800 if (ret_val < 0)
1801 RTKBT_ERR("%s; failed to send ctl msg for hci cmd, err %d",
1802 __func__, ret_val);
1803
1804 return ret_val;
1805 }
1806
rcv_hci_evt(xchange_data * xdata)1807 int rcv_hci_evt(xchange_data * xdata)
1808 {
1809 int ret_len = 0, ret_val = 0;
1810 int i; // Added by Realtek
1811
1812 while (1) {
1813 // **************************** Modifed by Realtek (begin)
1814 for (i = 0; i < 5; i++) // Try to send USB interrupt message 5 times.
1815 {
1816 ret_val =
1817 usb_interrupt_msg(xdata->dev_entry->udev,
1818 xdata->pipe_in,
1819 (void *)(xdata->rcv_pkt), PKT_LEN,
1820 &ret_len, MSG_TO);
1821 if (ret_val >= 0)
1822 break;
1823 }
1824 // **************************** Modifed by Realtek (end)
1825
1826 if (ret_val < 0) {
1827 RTKBT_ERR("%s; no usb intr msg for hci event, err %d",
1828 __func__, ret_val);
1829 return ret_val;
1830 }
1831
1832 if (CMD_CMP_EVT == xdata->evt_hdr->evt) {
1833 if (xdata->cmd_hdr->opcode == xdata->cmd_cmp->opcode)
1834 return ret_len;
1835 }
1836 }
1837 }
1838
print_acl(struct sk_buff * skb,int dataOut)1839 void print_acl(struct sk_buff *skb, int dataOut)
1840 {
1841 #if PRINT_ACL_DATA
1842 uint wlength = skb->len;
1843 uint icount = 0;
1844 u16 *handle = (u16 *) (skb->data);
1845 u16 dataLen = *(handle + 1);
1846 u8 *acl_data = (u8 *) (skb->data);
1847 //if (0==dataOut)
1848 printk("%d handle:%04x,len:%d,", dataOut, *handle, dataLen);
1849 //else
1850 // printk("In handle:%04x,len:%d,",*handle,dataLen);
1851 /* for(icount=4;(icount<wlength)&&(icount<32);icount++)
1852 {
1853 printk("%02x ",*(acl_data+icount) );
1854 }
1855 printk("\n");
1856 */
1857 #endif
1858 }
1859
print_command(struct sk_buff * skb)1860 void print_command(struct sk_buff *skb)
1861 {
1862 #if PRINT_CMD_EVENT
1863 uint wlength = skb->len;
1864 uint icount = 0;
1865 u16 *opcode = (u16 *) (skb->data);
1866 u8 *cmd_data = (u8 *) (skb->data);
1867 u8 paramLen = *(cmd_data + 2);
1868
1869 switch (*opcode) {
1870 case HCI_OP_INQUIRY:
1871 printk("HCI_OP_INQUIRY");
1872 break;
1873 case HCI_OP_INQUIRY_CANCEL:
1874 printk("HCI_OP_INQUIRY_CANCEL");
1875 break;
1876 case HCI_OP_EXIT_PERIODIC_INQ:
1877 printk("HCI_OP_EXIT_PERIODIC_INQ");
1878 break;
1879 case HCI_OP_CREATE_CONN:
1880 printk("HCI_OP_CREATE_CONN");
1881 break;
1882 case HCI_OP_DISCONNECT:
1883 printk("HCI_OP_DISCONNECT");
1884 break;
1885 case HCI_OP_CREATE_CONN_CANCEL:
1886 printk("HCI_OP_CREATE_CONN_CANCEL");
1887 break;
1888 case HCI_OP_ACCEPT_CONN_REQ:
1889 printk("HCI_OP_ACCEPT_CONN_REQ");
1890 break;
1891 case HCI_OP_REJECT_CONN_REQ:
1892 printk("HCI_OP_REJECT_CONN_REQ");
1893 break;
1894 case HCI_OP_AUTH_REQUESTED:
1895 printk("HCI_OP_AUTH_REQUESTED");
1896 break;
1897 case HCI_OP_SET_CONN_ENCRYPT:
1898 printk("HCI_OP_SET_CONN_ENCRYPT");
1899 break;
1900 case HCI_OP_REMOTE_NAME_REQ:
1901 printk("HCI_OP_REMOTE_NAME_REQ");
1902 break;
1903 case HCI_OP_READ_REMOTE_FEATURES:
1904 printk("HCI_OP_READ_REMOTE_FEATURES");
1905 break;
1906 case HCI_OP_SNIFF_MODE:
1907 printk("HCI_OP_SNIFF_MODE");
1908 break;
1909 case HCI_OP_EXIT_SNIFF_MODE:
1910 printk("HCI_OP_EXIT_SNIFF_MODE");
1911 break;
1912 case HCI_OP_SWITCH_ROLE:
1913 printk("HCI_OP_SWITCH_ROLE");
1914 break;
1915 case HCI_OP_SNIFF_SUBRATE:
1916 printk("HCI_OP_SNIFF_SUBRATE");
1917 break;
1918 case HCI_OP_RESET:
1919 printk("HCI_OP_RESET");
1920 break;
1921 default:
1922 printk("CMD");
1923 break;
1924 }
1925 printk(":%04x,len:%d,", *opcode, paramLen);
1926 for (icount = 3; (icount < wlength) && (icount < 24); icount++) {
1927 printk("%02x ", *(cmd_data + icount));
1928 }
1929 printk("\n");
1930
1931 #endif
1932 }
1933
print_event(struct sk_buff * skb)1934 void print_event(struct sk_buff *skb)
1935 {
1936 #if PRINT_CMD_EVENT
1937 uint wlength = skb->len;
1938 uint icount = 0;
1939 u8 *opcode = (u8 *) (skb->data);
1940 u8 paramLen = *(opcode + 1);
1941
1942 switch (*opcode) {
1943 case HCI_EV_INQUIRY_COMPLETE:
1944 printk("HCI_EV_INQUIRY_COMPLETE");
1945 break;
1946 case HCI_EV_INQUIRY_RESULT:
1947 printk("HCI_EV_INQUIRY_RESULT");
1948 break;
1949 case HCI_EV_CONN_COMPLETE:
1950 printk("HCI_EV_CONN_COMPLETE");
1951 break;
1952 case HCI_EV_CONN_REQUEST:
1953 printk("HCI_EV_CONN_REQUEST");
1954 break;
1955 case HCI_EV_DISCONN_COMPLETE:
1956 printk("HCI_EV_DISCONN_COMPLETE");
1957 break;
1958 case HCI_EV_AUTH_COMPLETE:
1959 printk("HCI_EV_AUTH_COMPLETE");
1960 break;
1961 case HCI_EV_REMOTE_NAME:
1962 printk("HCI_EV_REMOTE_NAME");
1963 break;
1964 case HCI_EV_ENCRYPT_CHANGE:
1965 printk("HCI_EV_ENCRYPT_CHANGE");
1966 break;
1967 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1968 printk("HCI_EV_CHANGE_LINK_KEY_COMPLETE");
1969 break;
1970 case HCI_EV_REMOTE_FEATURES:
1971 printk("HCI_EV_REMOTE_FEATURES");
1972 break;
1973 case HCI_EV_REMOTE_VERSION:
1974 printk("HCI_EV_REMOTE_VERSION");
1975 break;
1976 case HCI_EV_QOS_SETUP_COMPLETE:
1977 printk("HCI_EV_QOS_SETUP_COMPLETE");
1978 break;
1979 case HCI_EV_CMD_COMPLETE:
1980 printk("HCI_EV_CMD_COMPLETE");
1981 break;
1982 case HCI_EV_CMD_STATUS:
1983 printk("HCI_EV_CMD_STATUS");
1984 break;
1985 case HCI_EV_ROLE_CHANGE:
1986 printk("HCI_EV_ROLE_CHANGE");
1987 break;
1988 case HCI_EV_NUM_COMP_PKTS:
1989 printk("HCI_EV_NUM_COMP_PKTS");
1990 break;
1991 case HCI_EV_MODE_CHANGE:
1992 printk("HCI_EV_MODE_CHANGE");
1993 break;
1994 case HCI_EV_PIN_CODE_REQ:
1995 printk("HCI_EV_PIN_CODE_REQ");
1996 break;
1997 case HCI_EV_LINK_KEY_REQ:
1998 printk("HCI_EV_LINK_KEY_REQ");
1999 break;
2000 case HCI_EV_LINK_KEY_NOTIFY:
2001 printk("HCI_EV_LINK_KEY_NOTIFY");
2002 break;
2003 case HCI_EV_CLOCK_OFFSET:
2004 printk("HCI_EV_CLOCK_OFFSET");
2005 break;
2006 case HCI_EV_PKT_TYPE_CHANGE:
2007 printk("HCI_EV_PKT_TYPE_CHANGE");
2008 break;
2009 case HCI_EV_PSCAN_REP_MODE:
2010 printk("HCI_EV_PSCAN_REP_MODE");
2011 break;
2012 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2013 printk("HCI_EV_INQUIRY_RESULT_WITH_RSSI");
2014 break;
2015 case HCI_EV_REMOTE_EXT_FEATURES:
2016 printk("HCI_EV_REMOTE_EXT_FEATURES");
2017 break;
2018 case HCI_EV_SYNC_CONN_COMPLETE:
2019 printk("HCI_EV_SYNC_CONN_COMPLETE");
2020 break;
2021 case HCI_EV_SYNC_CONN_CHANGED:
2022 printk("HCI_EV_SYNC_CONN_CHANGED");
2023 break;
2024 case HCI_EV_SNIFF_SUBRATE:
2025 printk("HCI_EV_SNIFF_SUBRATE");
2026 break;
2027 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2028 printk("HCI_EV_EXTENDED_INQUIRY_RESULT");
2029 break;
2030 case HCI_EV_IO_CAPA_REQUEST:
2031 printk("HCI_EV_IO_CAPA_REQUEST");
2032 break;
2033 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2034 printk("HCI_EV_SIMPLE_PAIR_COMPLETE");
2035 break;
2036 case HCI_EV_REMOTE_HOST_FEATURES:
2037 printk("HCI_EV_REMOTE_HOST_FEATURES");
2038 break;
2039 default:
2040 printk("event");
2041 break;
2042 }
2043 printk(":%02x,len:%d,", *opcode, paramLen);
2044 for (icount = 2; (icount < wlength) && (icount < 24); icount++) {
2045 printk("%02x ", *(opcode + icount));
2046 }
2047 printk("\n");
2048
2049 #endif
2050 }
2051