1 /*
2 * Copyright (C) 2013 Realtek Semiconductor Corp.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15 #ifdef HAVE_CONFIG_H
16 #include <config.h>
17 #endif
18
19 #include <stdio.h>
20 #include <errno.h>
21 #include <unistd.h>
22 #include <stdlib.h>
23 #include <termios.h>
24 #include <time.h>
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/param.h>
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/uio.h>
31 #include <sys/stat.h>
32 #include <fcntl.h>
33 #include <signal.h>
34 #include <stdint.h>
35 #include <string.h>
36 #include <endian.h>
37 #include <byteswap.h>
38 #include <netinet/in.h>
39 #include <poll.h>
40 #include <sys/timerfd.h>
41 #include <sys/epoll.h>
42
43 #include "rtb_fwc.h"
44 #include "hciattach.h"
45 #include "hciattach_h4.h"
46
47 #define RTK_VERSION "3.1.390bad8.20220519-142434"
48
49 #define TIMESTAMP_PR
50
51 #define MAX_EVENTS 10
52
53 /* #define SERIAL_NONBLOCK_READ */
54
55 #ifdef SERIAL_NONBLOCK_READ
56 #define FD_BLOCK 0
57 #define FD_NONBLOCK 1
58 #endif
59
60 /* #define RTL_8703A_SUPPORT */
61 /* #define RTL8723DSH4_UART_HWFLOWC */ /* 8723DS H4 special */
62
63 uint8_t DBG_ON = 1;
64
65 #define HCI_EVENT_HDR_SIZE 2
66 #define PATCH_DATA_FIELD_MAX_SIZE 252
67
68 #define HCI_CMD_READ_BD_ADDR 0x1009
69 #define HCI_VENDOR_CHANGE_BAUD 0xfc17
70 #define HCI_VENDOR_READ_ROM_VER 0xfc6d
71 #define HCI_CMD_READ_LOCAL_VER 0x1001
72 #define HCI_VENDOR_READ_CHIP_TYPE 0xfc61
73 #define HCI_CMD_RESET 0x0c03
74
75 /* HCI data types */
76 #define H5_ACK_PKT 0x00
77 #define HCI_COMMAND_PKT 0x01
78 #define HCI_ACLDATA_PKT 0x02
79 #define HCI_SCODATA_PKT 0x03
80 #define HCI_EVENT_PKT 0x04
81 #define H5_VDRSPEC_PKT 0x0E
82 #define H5_LINK_CTL_PKT 0x0F
83
84 #define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
85 #define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
86 #define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
87 #define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
88 #define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
89 #define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0xff) + ((hdr)[2] << 4))
90 #define H5_HDR_SIZE 4
91
92 struct sk_buff {
93 uint32_t max_len;
94 uint32_t data_len;
95 uint8_t *data;
96 };
97
98 struct hci_ev_cmd_complete {
99 uint8_t ncmd;
100 uint16_t opcode;
101 } __attribute__ ((packed));
102
103 #define OP_H5_SYNC 0x01
104 #define OP_H5_CONFIG 0x02
105 #define OP_ROM_VER ((1 << 24) | HCI_VENDOR_READ_ROM_VER)
106 #define OP_LMP_VER ((1 << 24) | HCI_CMD_READ_LOCAL_VER)
107 #define OP_CHIP_TYPE ((1 << 24) | HCI_VENDOR_READ_CHIP_TYPE)
108 #define OP_SET_BAUD ((1 << 24) | HCI_VENDOR_CHANGE_BAUD)
109 #define OP_HCI_RESET ((1 << 24) | HCI_CMD_RESET)
110
111 struct rtb_struct rtb_cfg;
112
113 /* bite reverse in bytes
114 * 00000001 -> 10000000
115 * 00000100 -> 00100000
116 */
117 const uint8_t byte_rev_table[256] = {
118 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
119 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
120 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
121 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
122 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
123 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
124 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
125 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
126 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
127 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
128 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
129 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
130 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
131 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
132 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
133 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
134 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
135 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
136 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
137 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
138 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
139 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
140 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
141 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
142 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
143 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
144 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
145 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
146 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
147 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
148 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
149 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff,
150 };
151
bit_rev8(uint8_t byte)152 static __inline uint8_t bit_rev8(uint8_t byte)
153 {
154 return byte_rev_table[byte];
155 }
156
bit_rev16(uint16_t x)157 static __inline uint16_t bit_rev16(uint16_t x)
158 {
159 return (bit_rev8(x & 0xff) << 8) | bit_rev8(x >> 8);
160 }
161
162 static const uint16_t crc_table[] = {
163 0x0000, 0x1081, 0x2102, 0x3183,
164 0x4204, 0x5285, 0x6306, 0x7387,
165 0x8408, 0x9489, 0xa50a, 0xb58b,
166 0xc60c, 0xd68d, 0xe70e, 0xf78f
167 };
168
169 /* Initialise the crc calculator */
170 #define H5_CRC_INIT(x) x = 0xffff
171
skb_alloc(unsigned int len)172 static __inline struct sk_buff *skb_alloc(unsigned int len)
173 {
174 struct sk_buff *skb = NULL;
175
176 if ((skb = malloc(len + sizeof(*skb)))) {
177 skb->max_len = len;
178 skb->data_len = 0;
179 skb->data = ((uint8_t *)skb) + sizeof(*skb);
180 } else {
181 RS_ERR("Allocate skb fails!");
182 skb = NULL;
183 return NULL;
184 }
185 memset(skb->data, 0, len);
186 return skb;
187 }
188
skb_free(struct sk_buff * skb)189 static __inline void skb_free(struct sk_buff *skb)
190 {
191 free(skb);
192 return;
193 }
194
195 /*
196 * Add data to a buffer
197 * This function extends the used data area of the buffer.
198 */
skb_put(struct sk_buff * skb,uint32_t len)199 static uint8_t *skb_put(struct sk_buff *skb, uint32_t len)
200 {
201 uint32_t old_len = skb->data_len;
202
203 if ((skb->data_len + len) > (skb->max_len)) {
204 RS_ERR("Buffer too small");
205 exit(EXIT_FAILURE);
206 }
207 skb->data_len += len;
208 return (skb->data + old_len);
209 }
210
211 /*
212 * Remove end from a buffer
213 * Cut the length of a buffer down by removing data from the tail
214 */
skb_trim(struct sk_buff * skb,uint32_t len)215 static void skb_trim(struct sk_buff *skb, uint32_t len)
216 {
217 if (skb->data_len > len) {
218 skb->data_len = len;
219 } else {
220 RS_ERR("Trim error, data_len %u < len %u", skb->data_len, len);
221 }
222 }
223
224 /*
225 * Remove data from the start of a buffer
226 * This function removes data from the start of a buffer.
227 * A pointer to the next data in the buffer is returned
228 */
skb_pull(struct sk_buff * skb,uint32_t len)229 static uint8_t *skb_pull(struct sk_buff *skb, uint32_t len)
230 {
231 if (len > skb->data_len) {
232 RS_ERR("Pull error, data_len %u < len %u", skb->data_len, len);
233 exit(EXIT_FAILURE);
234 }
235 skb->data_len -= len;
236 skb->data += len;
237 return skb->data;
238 }
239
240 /**
241 * Add "d" into crc scope, caculate the new crc value
242 *
243 * @param crc crc data
244 * @param d one byte data
245 */
h5_crc_update(uint16_t * crc,uint8_t d)246 static void h5_crc_update(uint16_t * crc, uint8_t d)
247 {
248 uint16_t reg = *crc;
249
250 reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
251 reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
252
253 *crc = reg;
254 }
255
256 struct __una_u16 {
257 uint16_t x;
258 };
__get_unaligned_cpu16(const void * p)259 static __inline uint16_t __get_unaligned_cpu16(const void *p)
260 {
261 const struct __una_u16 *ptr = (const struct __una_u16 *)p;
262 return ptr->x;
263 }
264
get_unaligned_be16(const void * p)265 static __inline uint16_t get_unaligned_be16(const void *p)
266 {
267 return __get_unaligned_cpu16((const uint8_t *)p);
268 }
269
270 /*
271 * Get crc data.
272 */
h5_get_crc(struct rtb_struct * h5)273 static uint16_t h5_get_crc(struct rtb_struct * h5)
274 {
275 uint16_t crc = 0;
276 uint8_t *data = h5->rx_skb->data + h5->rx_skb->data_len - 2;
277
278 crc = data[1] + (data[0] << 8);
279 return crc;
280 /* return get_unaligned_be16(&h5->rx_skb->data[h5->rx_skb->data_len - 2]); */
281 }
282
283 /*
284 * Add 0xc0 to buffer.
285 */
h5_slip_msgdelim(struct sk_buff * skb)286 static void h5_slip_msgdelim(struct sk_buff *skb)
287 {
288 const char pkt_delim = 0xc0;
289 memcpy(skb_put(skb, 1), &pkt_delim, 1);
290 }
291
292 /*
293 * Encode one byte in h5 proto
294 * 0xc0 -> 0xdb, 0xdc
295 * 0xdb -> 0xdb, 0xdd
296 * 0x11 -> 0xdb, 0xde
297 * 0x13 -> 0xdb, 0xdf
298 * others will not change
299 */
h5_slip_one_byte(struct sk_buff * skb,uint8_t c)300 static void h5_slip_one_byte(struct sk_buff *skb, uint8_t c)
301 {
302 const uint8_t esc_c0[2] = { 0xdb, 0xdc };
303 const uint8_t esc_db[2] = { 0xdb, 0xdd };
304 const uint8_t esc_11[2] = { 0xdb, 0xde };
305 const uint8_t esc_13[2] = { 0xdb, 0xdf };
306
307 switch (c) {
308 case 0xc0:
309 memcpy(skb_put(skb, 2), &esc_c0, 2);
310 break;
311
312 case 0xdb:
313 memcpy(skb_put(skb, 2), &esc_db, 2);
314 break;
315
316 case 0x11:
317 memcpy(skb_put(skb, 2), &esc_11, 2);
318 break;
319
320 case 0x13:
321 memcpy(skb_put(skb, 2), &esc_13, 2);
322 break;
323
324 default:
325 memcpy(skb_put(skb, 1), &c, 1);
326 break;
327 }
328 }
329
330 /*
331 * Decode one byte in h5 proto
332 * 0xdb, 0xdc -> 0xc0
333 * 0xdb, 0xdd -> 0xdb
334 * 0xdb, 0xde -> 0x11
335 * 0xdb, 0xdf -> 0x13
336 * others will not change
337 */
h5_unslip_one_byte(struct rtb_struct * h5,unsigned char byte)338 static void h5_unslip_one_byte(struct rtb_struct * h5, unsigned char byte)
339 {
340 const uint8_t c0 = 0xc0, db = 0xdb;
341 const uint8_t oof1 = 0x11, oof2 = 0x13;
342
343 if (H5_ESCSTATE_NOESC == h5->rx_esc_state) {
344 if (0xdb == byte) {
345 h5->rx_esc_state = H5_ESCSTATE_ESC;
346 } else {
347 memcpy(skb_put(h5->rx_skb, 1), &byte, 1);
348 /* Check Pkt Header's CRC enable bit */
349 if ((h5->rx_skb->data[0] & 0x40) != 0 &&
350 h5->rx_state != H5_W4_CRC) {
351 h5_crc_update(&h5->message_crc, byte);
352 }
353 h5->rx_count--;
354 }
355 } else if (H5_ESCSTATE_ESC == h5->rx_esc_state) {
356 switch (byte) {
357 case 0xdc:
358 memcpy(skb_put(h5->rx_skb, 1), &c0, 1);
359 if ((h5->rx_skb->data[0] & 0x40) != 0 &&
360 h5->rx_state != H5_W4_CRC)
361 h5_crc_update(&h5->message_crc, 0xc0);
362 h5->rx_esc_state = H5_ESCSTATE_NOESC;
363 h5->rx_count--;
364 break;
365
366 case 0xdd:
367 memcpy(skb_put(h5->rx_skb, 1), &db, 1);
368 if ((h5->rx_skb->data[0] & 0x40) != 0 &&
369 h5->rx_state != H5_W4_CRC)
370 h5_crc_update(&h5->message_crc, 0xdb);
371 h5->rx_esc_state = H5_ESCSTATE_NOESC;
372 h5->rx_count--;
373 break;
374
375 case 0xde:
376 memcpy(skb_put(h5->rx_skb, 1), &oof1, 1);
377 if ((h5->rx_skb->data[0] & 0x40) != 0 &&
378 h5->rx_state != H5_W4_CRC)
379 h5_crc_update(&h5->message_crc, oof1);
380 h5->rx_esc_state = H5_ESCSTATE_NOESC;
381 h5->rx_count--;
382 break;
383
384 case 0xdf:
385 memcpy(skb_put(h5->rx_skb, 1), &oof2, 1);
386 if ((h5->rx_skb->data[0] & 0x40) != 0 &&
387 h5->rx_state != H5_W4_CRC)
388 h5_crc_update(&h5->message_crc, oof2);
389 h5->rx_esc_state = H5_ESCSTATE_NOESC;
390 h5->rx_count--;
391 break;
392
393 default:
394 RS_ERR("Error: Invalid byte %02x after esc byte", byte);
395 skb_free(h5->rx_skb);
396 h5->rx_skb = NULL;
397 h5->rx_state = H5_W4_PKT_DELIMITER;
398 h5->rx_count = 0;
399 break;
400 }
401 }
402 }
403
404 /*
405 * Prepare h5 packet
406 * Refer to Core Spec Vol 4, Part D
407 * Three-wire UART Transport Layer: 4 PACKET HEADER
408 */
h5_prepare_pkt(struct rtb_struct * h5,uint8_t * data,int len,int pkt_type)409 static struct sk_buff *h5_prepare_pkt(struct rtb_struct * h5, uint8_t *data,
410 int len, int pkt_type)
411 {
412 struct sk_buff *nskb;
413 uint8_t hdr[4];
414 uint16_t H5_CRC_INIT(h5_txmsg_crc);
415 int rel, i;
416
417 switch (pkt_type) {
418 case HCI_ACLDATA_PKT:
419 case HCI_COMMAND_PKT:
420 case HCI_EVENT_PKT:
421 rel = 1; /* reliable */
422 break;
423
424 case H5_ACK_PKT:
425 case H5_VDRSPEC_PKT:
426 case H5_LINK_CTL_PKT:
427 rel = 0; /* unreliable */
428 break;
429
430 default:
431 RS_ERR("Unknown packet type");
432 return NULL;
433 }
434
435 /* Max len of packet: (len + 4(h5 hdr) + 2(crc))*2
436 * Because bytes 0xc0 and 0xdb are escaped, worst case is that the
437 * packet is only made of 0xc0 and 0xdb
438 * The additional 2-octets are 0xc0 delimiters at start and end of each
439 * packet.
440 */
441 nskb = skb_alloc((len + 6) * 2 + 2);
442 if (!nskb)
443 return NULL;
444
445 /* Add SLIP start byte: 0xc0 */
446 h5_slip_msgdelim(nskb);
447 /* Set ack number in SLIP header */
448 hdr[0] = h5->rxseq_txack << 3;
449 h5->is_txack_req = 0;
450
451 /* RS_DBG("Request packet no(%u) to card", h5->rxseq_txack); */
452 /* RS_DBG("Sending packet with seqno %u and wait %u", h5->msgq_txseq,
453 * h5->rxseq_txack);
454 */
455 if (rel) {
456 /* Set reliable bit and seq number */
457 hdr[0] |= 0x80 + h5->msgq_txseq;
458 /* RS_DBG("Sending packet with seqno(%u)", h5->msgq_txseq); */
459 ++(h5->msgq_txseq);
460 h5->msgq_txseq = (h5->msgq_txseq) & 0x07;
461 }
462 /* Set DIC Present bit */
463 if (h5->use_crc)
464 hdr[0] |= 0x40;
465
466 /* Set packet type and payload length */
467 hdr[1] = ((len << 4) & 0xff) | pkt_type;
468 hdr[2] = (uint8_t) (len >> 4);
469 /* Set header checksum */
470 hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
471
472 /* Encode h5 header */
473 for (i = 0; i < 4; i++) {
474 h5_slip_one_byte(nskb, hdr[i]);
475
476 if (h5->use_crc)
477 h5_crc_update(&h5_txmsg_crc, hdr[i]);
478 }
479
480 /* Encode payload */
481 for (i = 0; i < len; i++) {
482 h5_slip_one_byte(nskb, data[i]);
483
484 if (h5->use_crc)
485 h5_crc_update(&h5_txmsg_crc, data[i]);
486 }
487
488 /* Encode CRC */
489 if (h5->use_crc) {
490 h5_txmsg_crc = bit_rev16(h5_txmsg_crc);
491 h5_slip_one_byte(nskb, (uint8_t) ((h5_txmsg_crc >> 8) & 0x00ff));
492 h5_slip_one_byte(nskb, (uint8_t) (h5_txmsg_crc & 0x00ff));
493 }
494 /* Add 0xc0 at the end of the packet */
495 h5_slip_msgdelim(nskb);
496
497 return nskb;
498 }
499
500 /*
501 * Remove controller acked packet from host unacked lists
502 */
503 /* static void h5_remove_acked_pkt(struct rtb_struct * h5)
504 * {
505 * int pkts_to_be_removed = 0;
506 * int seqno = 0;
507 * int i = 0;
508 *
509 * seqno = h5->msgq_txseq;
510 * // pkts_to_be_removed = GetListLength(h5->unacked);
511 *
512 * while (pkts_to_be_removed) {
513 * if (h5->rxack == seqno)
514 * break;
515 *
516 * pkts_to_be_removed--;
517 * seqno = (seqno - 1) & 0x07;
518 * }
519 *
520 * if (h5->rxack != seqno) {
521 * RS_DBG("Peer acked invalid packet");
522 * }
523 * // skb_queue_walk_safe(&h5->unack, skb, tmp)
524 * // remove ack'ed packet from h5->unack queue
525 * for (i = 0; i < 5; ++i) {
526 * if (i >= pkts_to_be_removed)
527 * break;
528 * i++;
529 * //__skb_unlink(skb, &h5->unack);
530 * //skb_free(skb);
531 * }
532 *
533 * // if (skb_queue_empty(&h5->unack))
534 * // del_timer(&h5->th5);
535 * // spin_unlock_irqrestore(&h5->unack.lock, flags);
536 *
537 * if (i != pkts_to_be_removed)
538 * RS_DBG("Removed only (%u) out of (%u) pkts", i,
539 * pkts_to_be_removed);
540 * }
541 */
542
543 /*
544 * Send host ack.
545 */
rtb_send_ack(int fd)546 static void rtb_send_ack(int fd)
547 {
548 int len;
549 struct sk_buff *nskb = h5_prepare_pkt(&rtb_cfg, NULL, 0, H5_ACK_PKT);
550
551 len = write(fd, nskb->data, nskb->data_len);
552 if (len != nskb->data_len)
553 RS_ERR("Write pure ack fails");
554
555 skb_free(nskb);
556 return;
557 }
558
559 /*
560 * Parse hci command complete event in h5 init state.
561 */
h5_init_hci_cc(struct sk_buff * skb)562 static void h5_init_hci_cc(struct sk_buff *skb)
563 {
564 struct hci_ev_cmd_complete *ev = NULL;
565 uint16_t opcode = 0;
566 uint8_t status = 0;
567
568 skb_pull(skb, HCI_EVENT_HDR_SIZE);
569 ev = (struct hci_ev_cmd_complete *)skb->data;
570 opcode = le16_to_cpu(ev->opcode);
571
572 RS_DBG("Receive cmd complete event of command: %04x", opcode);
573
574 skb_pull(skb, sizeof(struct hci_ev_cmd_complete));
575
576 status = skb->data[0];
577 if (status) {
578 RS_ERR("status is %u for cmd %04x", status, opcode);
579 return;
580 }
581
582 if (rtb_cfg.cmd_state.opcode != opcode) {
583 RS_ERR("%s: Received unexpected cc for cmd %04x, %04x of cc",
584 __func__, rtb_cfg.cmd_state.opcode, opcode);
585 return;
586 }
587
588 rtb_cfg.cmd_state.state = CMD_STATE_SUCCESS;
589
590 switch (opcode) {
591 case HCI_VENDOR_CHANGE_BAUD:
592 RS_INFO("Received cc of vendor change baud");
593 break;
594 case HCI_CMD_READ_BD_ADDR:
595 RS_INFO("BD Address: %02x:%02x:%02x:%02x:%02x:%02x",
596 skb->data[5], skb->data[4], skb->data[3],
597 skb->data[2], skb->data[1], skb->data[0]);
598 break;
599
600 case HCI_CMD_READ_LOCAL_VER:
601 rtb_cfg.hci_ver = skb->data[1];
602 rtb_cfg.hci_rev = (skb->data[2] | skb->data[3] << 8);
603 rtb_cfg.lmp_subver = (skb->data[7] | (skb->data[8] << 8));
604 RS_INFO("HCI Version 0x%02x", rtb_cfg.hci_ver);
605 RS_INFO("HCI Revision 0x%04x", rtb_cfg.hci_rev);
606 RS_INFO("LMP Subversion 0x%04x", rtb_cfg.lmp_subver);
607 break;
608
609 case HCI_VENDOR_READ_ROM_VER:
610 rtb_cfg.eversion = skb->data[1];
611 RS_INFO("Read ROM version %02x", rtb_cfg.eversion);
612 break;
613
614 case HCI_VENDOR_READ_CHIP_TYPE:
615 rtb_cfg.chip_type = (skb->data[1] & 0x0f);
616 rtb_cfg.chip_ver = (skb->data[2] & 0x0f);
617 RS_INFO("Read chip type %02x", rtb_cfg.chip_type);
618 RS_INFO("Read chip ver %02x", rtb_cfg.chip_ver);
619 break;
620
621 default:
622 return;
623 }
624
625 /* Count the cmd num for makeing the seq number aligned */
626 rtb_cfg.num_of_cmd_sent++;
627 }
628
629 /*
630 * Parse hci command complete event in h5 post state.
631 */
h5_post_hci_cc(struct sk_buff * skb)632 static void h5_post_hci_cc(struct sk_buff *skb)
633 {
634 struct hci_ev_cmd_complete *ev = NULL;
635 uint16_t opcode = 0;
636 uint8_t status = 0;
637
638 skb_pull(skb, HCI_EVENT_HDR_SIZE);
639 ev = (struct hci_ev_cmd_complete *)skb->data;
640 opcode = le16_to_cpu(ev->opcode);
641
642 RS_DBG("Receive cmd complete event of command: %04x", opcode);
643
644 skb_pull(skb, sizeof(struct hci_ev_cmd_complete));
645
646 status = skb->data[0];
647 if (status) {
648 RS_ERR("status is %u for cmd %04x", status, opcode);
649 return;
650 }
651
652 if (rtb_cfg.cmd_state.opcode != opcode) {
653 RS_ERR("%s: Received unexpected cc for cmd %04x, %04x of cc",
654 __func__, rtb_cfg.cmd_state.opcode, opcode);
655 return;
656 }
657
658 rtb_cfg.cmd_state.state = CMD_STATE_SUCCESS;
659
660 switch (opcode) {
661 case HCI_CMD_RESET:
662 RS_INFO("Received cc of hci reset cmd");
663 rtb_cfg.link_estab_state = H5_ACTIVE;
664 break;
665 default:
666 break;
667 }
668 }
669
670 /*
671 * Process a hci frame
672 */
hci_recv_frame(struct sk_buff * skb)673 static void hci_recv_frame(struct sk_buff *skb)
674 {
675 if (rtb_cfg.link_estab_state == H5_INIT) {
676 if (skb->data[0] == 0x0e)
677 h5_init_hci_cc(skb);
678
679 /*
680 * rtb_send_ack(rtb_cfg.serial_fd);
681 * usleep(10000);
682 * rtb_send_ack(rtb_cfg.serial_fd);
683 */
684 } else if (rtb_cfg.link_estab_state == H5_PATCH) {
685 if (skb->data[0] != 0x0e) {
686 RS_INFO("Received event 0x%x during download patch",
687 skb->data[0]);
688 return;
689 }
690
691 rtb_cfg.rx_index = skb->data[6];
692
693 /* RS_INFO("rx_index %d", rtb_cfg.rx_index); */
694
695 /* Download fw/config done */
696 if (rtb_cfg.rx_index & 0x80) {
697 rtb_cfg.rx_index &= ~0x80;
698 rtb_cfg.link_estab_state = H5_HCI_RESET;
699 }
700 } else if (rtb_cfg.link_estab_state == H5_HCI_RESET) {
701 if (skb->data[0] == 0x0e)
702 h5_post_hci_cc(skb);
703 } else {
704 RS_ERR("receive packets in active state");
705 }
706 }
707
h5_handle_internal_rx(struct sk_buff * skb)708 static void h5_handle_internal_rx(struct sk_buff *skb)
709 {
710 int len;
711 uint8_t sync_req[2] = { 0x01, 0x7E };
712 uint8_t sync_resp[2] = { 0x02, 0x7D };
713 uint8_t sync_resp_pkt[0x8] = {
714 0xc0, 0x00, 0x2F, 0x00, 0xD0, 0x02, 0x7D, 0xc0
715 };
716 uint8_t conf_req[2] = { 0x03, 0xFC };
717 uint8_t conf_resp[2] = { 0x04, 0x7B };
718 uint8_t conf_resp_pkt[0x8] = {
719 0xc0, 0x00, 0x2F, 0x00, 0xD0, 0x04, 0x7B, 0xc0
720 };
721
722 if (rtb_cfg.link_estab_state == H5_SYNC) {
723 if (!memcmp(skb->data, sync_req, 2)) {
724 RS_INFO("[SYNC] Get SYNC Pkt\n");
725 len = write(rtb_cfg.serial_fd, sync_resp_pkt, 0x8);
726 if (len != 0x08)
727 RS_ERR("Send h5 sync resp error, %s",
728 strerror(errno));
729 } else if (!memcmp(skb->data, sync_resp, 2)) {
730 RS_INFO("[SYNC] Get SYNC Resp Pkt");
731 rtb_cfg.link_estab_state = H5_CONFIG;
732 }
733 } else if (rtb_cfg.link_estab_state == H5_CONFIG) {
734 if (!memcmp(skb->data, sync_req, 0x2)) {
735 RS_INFO("[CONFIG] Get SYNC pkt");
736 len = write(rtb_cfg.serial_fd, sync_resp_pkt, 0x8);
737 if (len != 0x08)
738 RS_ERR("Send h5 sync resp error, %s",
739 strerror(errno));
740 } else if (!memcmp(skb->data, conf_req, 0x2)) {
741 RS_INFO("[CONFIG] Get CONFG pkt");
742 len = write(rtb_cfg.serial_fd, conf_resp_pkt, 0x8);
743 if (len != 0x08)
744 RS_ERR("Send h5 sync resp to ctl error, %s",
745 strerror(errno));
746 } else if (!memcmp(skb->data, conf_resp, 0x2)) {
747 RS_INFO("[CONFIG] Get CONFG resp pkt");
748 /* Change state to H5_INIT after receiving a conf resp
749 */
750 rtb_cfg.link_estab_state = H5_INIT;
751 if (skb->data_len > 2) {
752 rtb_cfg.use_crc = ((skb->data[2]) >> 4) & 0x01;
753 RS_INFO("dic is %u, cfg field 0x%02x",
754 rtb_cfg.use_crc, skb->data[2]);
755 }
756 } else {
757 RS_WARN("[CONFIG] Get unknown pkt");
758 rtb_send_ack(rtb_cfg.serial_fd);
759 }
760 }
761 }
762
763 /*
764 * Process the received complete h5 packet
765 */
h5_complete_rx_pkt(struct rtb_struct * h5)766 static void h5_complete_rx_pkt(struct rtb_struct *h5)
767 {
768 int pass_up = 1;
769 uint8_t *h5_hdr = NULL;
770
771 h5_hdr = (uint8_t *) (h5->rx_skb->data);
772 if (H5_HDR_RELIABLE(h5_hdr)) {
773 /* RS_DBG("Received reliable seqno %u from card", h5->rxseq_txack);
774 */
775 h5->rxseq_txack = H5_HDR_SEQ(h5_hdr) + 1;
776 /* h5->rxseq_txack %= 8; */
777 h5->rxseq_txack &= 0x07;
778 h5->is_txack_req = 1;
779 }
780
781 h5->rxack = H5_HDR_ACK(h5_hdr);
782
783 switch (H5_HDR_PKT_TYPE(h5_hdr)) {
784 case HCI_ACLDATA_PKT:
785 case HCI_EVENT_PKT:
786 case HCI_COMMAND_PKT:
787 /* h5_remove_acked_pkt(h5); */
788 pass_up = 1;
789 break;
790 case HCI_SCODATA_PKT:
791 pass_up = 1;
792 break;
793 case H5_LINK_CTL_PKT:
794 pass_up = 0;
795 skb_pull(h5->rx_skb, H5_HDR_SIZE);
796 h5_handle_internal_rx(h5->rx_skb);
797 break;
798 default: /* Pure ack or other unexpected pkt */
799 pass_up = 0;
800 break;
801 }
802
803 if (pass_up) {
804 skb_pull(h5->rx_skb, H5_HDR_SIZE);
805 hci_recv_frame(h5->rx_skb);
806 }
807
808 if (h5->is_txack_req) {
809 rtb_send_ack(rtb_cfg.serial_fd);
810 h5->is_txack_req = 0;
811 }
812
813 skb_free(h5->rx_skb);
814
815 h5->rx_state = H5_W4_PKT_DELIMITER;
816 h5->rx_skb = NULL;
817 }
818
819 /*
820 * Parse the receive data in h5 proto.
821 */
h5_recv(struct rtb_struct * h5,void * data,int count)822 static int h5_recv(struct rtb_struct *h5, void *data, int count)
823 {
824 unsigned char *ptr;
825 ptr = (unsigned char *)data;
826
827 while (count) {
828 if (h5->rx_count) {
829 if (*ptr == 0xc0) {
830 RS_ERR("Short h5 packet");
831 skb_free(h5->rx_skb);
832 h5->rx_state = H5_W4_PKT_START;
833 h5->rx_count = 0;
834 } else
835 h5_unslip_one_byte(h5, *ptr);
836
837 ptr++;
838 count--;
839 continue;
840 }
841
842 switch (h5->rx_state) {
843 case H5_W4_HDR:
844 /* Check header checksum */
845 if ((0xff & (uint8_t)~(h5->rx_skb->data[0] + h5->rx_skb->data[1] +
846 h5->rx_skb->data[2])) != h5->rx_skb->data[3]) {
847 RS_ERR("h5 hdr checksum error");
848 skb_free(h5->rx_skb);
849 h5->rx_state = H5_W4_PKT_DELIMITER;
850 h5->rx_count = 0;
851 continue;
852 }
853
854 /* The received seq number is unexpected */
855 if (h5->rx_skb->data[0] & 0x80 &&
856 (h5->rx_skb->data[0] & 0x07) != h5->rxseq_txack) {
857 uint8_t rxseq_txack = (h5->rx_skb->data[0] & 0x07);
858 RS_ERR("Out-of-order packet arrived, got(%u)expected(%u)",
859 h5->rx_skb->data[0] & 0x07,
860 h5->rxseq_txack);
861 h5->is_txack_req = 1;
862
863 skb_free(h5->rx_skb);
864 h5->rx_state = H5_W4_PKT_DELIMITER;
865 h5->rx_count = 0;
866
867 /* Depend on whether Controller will reset ack
868 * number or not
869 */
870 if (rtb_cfg.link_estab_state == H5_PATCH &&
871 rtb_cfg.tx_index == rtb_cfg.total_num)
872 rtb_cfg.rxseq_txack = rxseq_txack;
873
874 continue;
875 }
876 h5->rx_state = H5_W4_DATA;
877 h5->rx_count =
878 (h5->rx_skb->data[1] >> 4) +
879 (h5->rx_skb->data[2] << 4);
880 continue;
881
882 case H5_W4_DATA:
883 /* Packet with crc */
884 if (h5->rx_skb->data[0] & 0x40) {
885 h5->rx_state = H5_W4_CRC;
886 h5->rx_count = 2;
887 } else {
888 h5_complete_rx_pkt(h5);
889 }
890 continue;
891
892 case H5_W4_CRC:
893 if (bit_rev16(h5->message_crc) != h5_get_crc(h5)) {
894 RS_ERR("Checksum failed, computed %04x received %04x",
895 bit_rev16(h5->message_crc),
896 h5_get_crc(h5));
897 skb_free(h5->rx_skb);
898 h5->rx_state = H5_W4_PKT_DELIMITER;
899 h5->rx_count = 0;
900 continue;
901 }
902 skb_trim(h5->rx_skb, h5->rx_skb->data_len - 2);
903 h5_complete_rx_pkt(h5);
904 continue;
905
906 case H5_W4_PKT_DELIMITER:
907 switch (*ptr) {
908 case 0xc0:
909 h5->rx_state = H5_W4_PKT_START;
910 break;
911
912 default:
913 break;
914 }
915 ptr++;
916 count--;
917 break;
918
919 case H5_W4_PKT_START:
920 switch (*ptr) {
921 case 0xc0:
922 ptr++;
923 count--;
924 break;
925
926 default:
927 h5->rx_state = H5_W4_HDR;
928 h5->rx_count = 4;
929 h5->rx_esc_state = H5_ESCSTATE_NOESC;
930 H5_CRC_INIT(h5->message_crc);
931
932 /* Do not increment ptr or decrement count
933 * Allocate packet. Max len of a H5 pkt=
934 * 0xFFF (payload) +4 (header) +2 (crc)
935 */
936 h5->rx_skb = skb_alloc(0x1005);
937 if (!h5->rx_skb) {
938 RS_ERR("Can't alloc skb for new pkt");
939 h5->rx_state = H5_W4_PKT_DELIMITER;
940 h5->rx_count = 0;
941 return 0;
942 }
943 break;
944 }
945 break;
946
947 default:
948 break;
949 }
950 }
951 return count;
952 }
953
op_string(uint32_t op)954 static const char *op_string(uint32_t op)
955 {
956 switch (op) {
957 case OP_SET_BAUD:
958 return "OP_SET_BAUD";
959 case OP_H5_SYNC:
960 return "OP_H5_SYNC";
961 case OP_H5_CONFIG:
962 return "OP_H5_CONFIG";
963 case OP_HCI_RESET:
964 return "OP_HCI_RESET";
965 case OP_CHIP_TYPE:
966 return "OP_CHIP_TYPE";
967 case OP_ROM_VER:
968 return "OP_ROM_VER";
969 case OP_LMP_VER:
970 return "OP_LMP_VER";
971 default:
972 return "OP_UNKNOWN";
973 }
974 }
975
start_transmit_wait(int fd,struct sk_buff * skb,uint32_t op,unsigned int msec,int retry)976 static int start_transmit_wait(int fd, struct sk_buff *skb,
977 uint32_t op, unsigned int msec, int retry)
978 {
979 unsigned char buf[128];
980 ssize_t result;
981 struct iovec iov;
982 ssize_t ret;
983 uint8_t *data;
984 int len;
985 int op_result = -1;
986 uint64_t expired;
987 int n;
988 struct epoll_event events[MAX_EVENTS];
989 int nfds;
990 uint16_t opcode = 0;
991
992 if (fd == -1 || !skb) {
993 RS_ERR("Invalid parameter");
994 return -1;
995 }
996
997 data = skb->data;
998 len = skb->data_len;
999
1000 if (op & (1 << 24)) {
1001 opcode = (op & 0xffff);
1002 if (opcode != rtb_cfg.cmd_state.opcode ||
1003 rtb_cfg.cmd_state.state != CMD_STATE_UNKNOWN) {
1004 RS_ERR("Invalid opcode or cmd state");
1005 return -1;
1006 }
1007 }
1008
1009 iov.iov_base = data;
1010 iov.iov_len = len;
1011 do {
1012 ret = writev(fd, &iov, 1);
1013 if (ret != len)
1014 RS_WARN("Writev partially, ret %d", (int)ret);
1015 } while (ret < 0 && errno == EINTR);
1016
1017 if (ret < 0) {
1018 RS_ERR("Call writev error, %s", strerror(errno));
1019 return -errno;
1020 }
1021
1022 /* Set timeout */
1023 if (rtb_cfg.timerfd > 0)
1024 timeout_set(rtb_cfg.timerfd, msec);
1025
1026 do {
1027 nfds = epoll_wait(rtb_cfg.epollfd, events, MAX_EVENTS, msec);
1028 if (nfds == -1) {
1029 RS_ERR("epoll_wait, %s (%d)", strerror(errno), errno);
1030 exit(EXIT_FAILURE);
1031 }
1032
1033 for (n = 0; n < nfds; ++n) {
1034 if (events[n].data.fd == rtb_cfg.serial_fd) {
1035 if (events[n].events & (EPOLLERR | EPOLLHUP |
1036 EPOLLRDHUP)) {
1037 RS_ERR("%s: Error happens on serial fd",
1038 __func__);
1039 exit(EXIT_FAILURE);
1040 }
1041 result = read(events[n].data.fd, buf,
1042 sizeof(buf));
1043 if (result <= 0) {
1044 RS_ERR("Read serial error, %s",
1045 strerror(errno));
1046 continue;
1047 } else {
1048 h5_recv(&rtb_cfg, buf, result);
1049 }
1050 } else if (events[n].data.fd == rtb_cfg.timerfd) {
1051 if (events[n].events & (EPOLLERR | EPOLLHUP |
1052 EPOLLRDHUP)) {
1053 RS_ERR("%s: Error happens on timer fd",
1054 __func__);
1055 exit(EXIT_FAILURE);
1056 }
1057 RS_WARN("%s Transmission timeout",
1058 op_string(op));
1059 result = read(events[n].data.fd, &expired,
1060 sizeof(expired));
1061 if (result != sizeof(expired)) {
1062 RS_ERR("Skip retransmit");
1063 break;
1064 }
1065 if (retry <= 0) {
1066 RS_ERR("Retransmission exhausts");
1067 tcflush(fd, TCIOFLUSH);
1068 exit(EXIT_FAILURE);
1069 }
1070
1071 iov.iov_base = data;
1072 iov.iov_len = len;
1073
1074 do {
1075 ret = writev(fd, &iov, 1);
1076 if (ret != len)
1077 RS_WARN("Writev partial, %d",
1078 (int)ret);
1079 } while (ret < 0 && errno == EINTR);
1080
1081 if (ret < 0) {
1082 RS_ERR("ReCall writev error, %s",
1083 strerror(errno));
1084 return -errno;
1085 }
1086
1087 retry--;
1088 timeout_set(rtb_cfg.timerfd, msec);
1089 }
1090 }
1091
1092 if (!(op & (1 << 24))) {
1093 /* h5 sync or config */
1094 if (op == OP_H5_SYNC && rtb_cfg.link_estab_state ==
1095 H5_CONFIG) {
1096 op_result = 0;
1097 break;
1098 }
1099
1100 if (op == OP_H5_CONFIG && rtb_cfg.link_estab_state ==
1101 H5_INIT) {
1102 op_result = 0;
1103 break;
1104 }
1105 continue;
1106 }
1107
1108 if (rtb_cfg.cmd_state.opcode == opcode &&
1109 rtb_cfg.cmd_state.state == CMD_STATE_SUCCESS) {
1110 op_result = 0;
1111 break;
1112 }
1113 } while (1);
1114
1115 /* Disarms timer */
1116 timeout_set(rtb_cfg.timerfd, 0);
1117
1118 return op_result;
1119 }
1120
h5_download_patch(int dd,int index,uint8_t * data,int len,struct termios * ti)1121 static int h5_download_patch(int dd, int index, uint8_t *data, int len,
1122 struct termios *ti)
1123 {
1124 unsigned char buf[64];
1125 int retlen;
1126 struct iovec iov;
1127 ssize_t ret;
1128 int nfds;
1129 struct epoll_event events[MAX_EVENTS];
1130 int n;
1131 int timeout;
1132 uint64_t expired;
1133 int retry = 3;
1134 struct sk_buff *nskb;
1135 uint8_t hci_patch[PATCH_DATA_FIELD_MAX_SIZE + 4];
1136
1137 if (index & 0x80) {
1138 rtb_cfg.tx_index = index & 0x7f;
1139 timeout = 1000;
1140 } else {
1141 rtb_cfg.tx_index = index;
1142 timeout = 800;
1143 }
1144
1145 /* download cmd: 0xfc20 */
1146 hci_patch[0] = 0x20;
1147 hci_patch[1] = 0xfc;
1148 hci_patch[2] = len + 1;
1149 hci_patch[3] = (uint8_t)index;
1150 if (data)
1151 memcpy(&hci_patch[4], data, len);
1152
1153 /* length: 2-byte opcode + 1-byte len + 1-byte index + payload */
1154 nskb = h5_prepare_pkt(&rtb_cfg, hci_patch, len + 4, HCI_COMMAND_PKT);
1155 if (!nskb) {
1156 RS_ERR("Prepare command packet for download");
1157 return -1;
1158 }
1159
1160 /* Save pkt address and length for re-transmission */
1161 len = nskb->data_len;
1162 data = nskb->data;
1163
1164 iov.iov_base = nskb->data;
1165 iov.iov_len = nskb->data_len;
1166 do {
1167 ret = writev(dd, &iov, 1);
1168 if (ret != len)
1169 RS_WARN("Writev partially, ret %d", (int)ret);
1170 } while (ret < 0 && errno == EINTR);
1171
1172 if (ret < 0) {
1173 RS_ERR("Call writev error, %s", strerror(errno));
1174 skb_free(nskb);
1175 return -errno;
1176 }
1177
1178 /* RS_INFO("%s: tx_index %d, rx_index %d", __func__,
1179 * rtb_cfg.tx_index, rtb_cfg.rx_index);
1180 */
1181
1182 if (index & 0x80) {
1183 /* For the last pkt, wait for its complete */
1184 tcdrain(dd);
1185
1186 if (rtb_cfg.uart_flow_ctrl) {
1187 RS_INFO("Enable host hw flow control");
1188 ti->c_cflag |= CRTSCTS;
1189 } else {
1190 RS_INFO("Disable host hw flow control");
1191 ti->c_cflag &= ~CRTSCTS;
1192 }
1193
1194 if (tcsetattr(dd, TCSANOW, ti) < 0) {
1195 RS_ERR("Can't set port settings");
1196 skb_free(nskb);
1197 return -1;
1198 }
1199
1200 /* RS_INFO("Change baud to %d", rtb_cfg.final_speed);
1201 * if (set_speed(dd, ti, rtb_cfg.final_speed) < 0) {
1202 * RS_ERR("Set final speed %d error",
1203 * rtb_cfg.final_speed);
1204 * }
1205 */
1206 }
1207
1208 if (rtb_cfg.timerfd > 0)
1209 timeout_set(rtb_cfg.timerfd, timeout);
1210
1211 do {
1212 nfds = epoll_wait(rtb_cfg.epollfd, events, MAX_EVENTS, -1);
1213 if (nfds == -1) {
1214 RS_ERR("epoll_wait, %s (%d)", strerror(errno), errno);
1215 exit(EXIT_FAILURE);
1216 }
1217
1218 for (n = 0; n < nfds; ++n) {
1219 if (events[n].data.fd == dd) {
1220 if (events[n].events & (EPOLLERR | EPOLLHUP |
1221 EPOLLRDHUP)) {
1222 RS_ERR("%s: Error happens on serial fd",
1223 __func__);
1224 exit(EXIT_FAILURE);
1225 }
1226 retlen = read(dd, buf, sizeof(buf));
1227 if (retlen <= 0) {
1228 RS_ERR("Read serial error, %s", strerror(errno));
1229 continue;
1230 } else {
1231 h5_recv(&rtb_cfg, buf, retlen);
1232 }
1233 } else if (events[n].data.fd == rtb_cfg.timerfd) {
1234 int fd = events[n].data.fd;
1235
1236 if (events[n].events & (EPOLLERR | EPOLLHUP |
1237 EPOLLRDHUP)) {
1238 RS_ERR("%s: Error happens on timer fd",
1239 __func__);
1240 exit(EXIT_FAILURE);
1241 }
1242 RS_WARN("Patch pkt trans timeout, re-trans");
1243 ret = read(fd, &expired, sizeof(expired));
1244 if (ret != sizeof(expired)) {
1245 RS_ERR("Read expired info error");
1246 exit(EXIT_FAILURE);
1247 }
1248 if (retry <= 0) {
1249 RS_ERR("%s: Retransmission exhausts",
1250 __func__);
1251 tcflush(fd, TCIOFLUSH);
1252 exit(EXIT_FAILURE);
1253 }
1254
1255 iov.iov_base = data;
1256 iov.iov_len = len;
1257
1258 do {
1259 ret = writev(dd, &iov, 1);
1260 if (ret != len)
1261 RS_WARN("Writev partial, %d",
1262 (int)ret);
1263 } while (ret < 0 && errno == EINTR);
1264
1265 if (ret < 0) {
1266 RS_ERR("ReCall writev error, %s",
1267 strerror(errno));
1268 skb_free(nskb);
1269 return -errno;
1270 }
1271
1272 retry--;
1273 timeout_set(fd, timeout);
1274 }
1275 }
1276 } while (rtb_cfg.rx_index != rtb_cfg.tx_index);
1277
1278 /* Disarms timer */
1279 if (rtb_cfg.timerfd > 0)
1280 timeout_set(rtb_cfg.timerfd, 0);
1281
1282 skb_free(nskb);
1283 return 0;
1284 }
1285
1286 /*
1287 * Change the Controller's UART speed.
1288 */
h5_vendor_change_speed(int fd,uint32_t baudrate)1289 int h5_vendor_change_speed(int fd, uint32_t baudrate)
1290 {
1291 struct sk_buff *nskb = NULL;
1292 unsigned char cmd[16] = { 0 };
1293 int result;
1294
1295 cmd[0] = 0x17;
1296 cmd[1] = 0xfc;
1297 cmd[2] = 4;
1298
1299 baudrate = cpu_to_le32(baudrate);
1300 #ifdef BAUDRATE_4BYTES
1301 memcpy((uint16_t *) & cmd[3], &baudrate, 4);
1302 #else
1303 memcpy((uint16_t *) & cmd[3], &baudrate, 2);
1304
1305 cmd[5] = 0;
1306 cmd[6] = 0;
1307 #endif
1308
1309 RS_DBG("baudrate in change speed command: 0x%02x 0x%02x 0x%02x 0x%02x",
1310 cmd[3], cmd[4], cmd[5], cmd[6]);
1311
1312 nskb = h5_prepare_pkt(&rtb_cfg, cmd, 7, HCI_COMMAND_PKT);
1313 if (!nskb) {
1314 RS_ERR("Prepare command packet for change speed fail");
1315 return -1;
1316 }
1317
1318 rtb_cfg.cmd_state.opcode = HCI_VENDOR_CHANGE_BAUD;;
1319 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1320 result = start_transmit_wait(fd, nskb, OP_SET_BAUD, 1000, 0);
1321 skb_free(nskb);
1322 if (result < 0) {
1323 RS_ERR("OP_SET_BAUD Transmission error");
1324 return result;
1325 }
1326
1327 return 0;
1328 }
1329
1330 /*
1331 * Init realtek Bluetooth h5 proto.
1332 * There are two steps: h5 sync and h5 config.
1333 */
rtb_init_h5(int fd,struct termios * ti)1334 int rtb_init_h5(int fd, struct termios *ti)
1335 {
1336 struct sk_buff *nskb;
1337 unsigned char h5sync[2] = { 0x01, 0x7E };
1338 /* 16-bit CCITT CRC may be used and the sliding win size is 4 */
1339 unsigned char h5conf[3] = { 0x03, 0xFC, 0x14 };
1340 int result;
1341
1342 /* Disable CRTSCTS by default */
1343 ti->c_cflag &= ~CRTSCTS;
1344
1345 /* set even parity */
1346 ti->c_cflag |= PARENB;
1347 ti->c_cflag &= ~(PARODD);
1348 if (tcsetattr(fd, TCSANOW, ti) < 0) {
1349 RS_ERR("Can't set port settings");
1350 return -1;
1351 }
1352
1353 /* h5 sync */
1354 rtb_cfg.link_estab_state = H5_SYNC;
1355 nskb = h5_prepare_pkt(&rtb_cfg, h5sync, sizeof(h5sync),
1356 H5_LINK_CTL_PKT);
1357 result = start_transmit_wait(fd, nskb, OP_H5_SYNC, 500, 10);
1358 skb_free(nskb);
1359 if (result < 0) {
1360 RS_ERR("OP_H5_SYNC Transmission error");
1361 return -1;
1362 }
1363
1364 /* h5 config */
1365 nskb = h5_prepare_pkt(&rtb_cfg, h5conf, sizeof(h5conf), H5_LINK_CTL_PKT);
1366 result = start_transmit_wait(fd, nskb, OP_H5_CONFIG, 500, 10);
1367 skb_free(nskb);
1368 if (result < 0) {
1369 RS_ERR("OP_H5_CONFIG Transmission error");
1370 return -1;
1371 }
1372
1373 rtb_send_ack(fd);
1374 RS_DBG("H5 init finished\n");
1375
1376 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1377
1378 return 0;
1379 }
1380
h5_hci_reset(int fd)1381 static int h5_hci_reset(int fd)
1382 {
1383 uint8_t cmd[3] = { 0x03, 0x0c, 0x00};
1384 struct sk_buff *nskb;
1385 int result;
1386
1387 RS_INFO("%s: Issue hci reset cmd", __func__);
1388
1389 nskb = h5_prepare_pkt(&rtb_cfg, cmd, sizeof(cmd), HCI_COMMAND_PKT);
1390 if (!nskb) {
1391 RS_ERR("%s: Failed to alloc mem for hci reset skb", __func__);
1392 return -1;
1393 }
1394
1395 rtb_cfg.cmd_state.opcode = HCI_CMD_RESET;
1396 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1397
1398 result = start_transmit_wait(fd, nskb, OP_HCI_RESET, 1500, 1);
1399 skb_free(nskb);
1400 if (result < 0)
1401 RS_ERR("hci reset failed");
1402
1403 return result;
1404 }
1405
1406 #ifdef SERIAL_NONBLOCK_READ
set_fd_nonblock(int fd)1407 static int set_fd_nonblock(int fd)
1408 {
1409 long arg;
1410 int old_fl;
1411
1412 arg = fcntl(fd, F_GETFL);
1413 if (arg < 0)
1414 return -errno;
1415
1416 /* Return if already nonblock */
1417 if (arg & O_NONBLOCK)
1418 return FD_NONBLOCK;
1419 old_fl = FD_BLOCK;
1420
1421 arg |= O_NONBLOCK;
1422 if (fcntl(fd, F_SETFL, arg) < 0)
1423 return -errno;
1424
1425 return old_fl;
1426 }
1427
set_fd_block(int fd)1428 static int set_fd_block(int fd)
1429 {
1430 long arg;
1431
1432 arg = fcntl(fd, F_GETFL);
1433 if (arg < 0)
1434 return -errno;
1435
1436 /* Return if already block */
1437 if (!(arg & O_NONBLOCK))
1438 return 0;
1439
1440 arg &= ~O_NONBLOCK;
1441 if (fcntl(fd, F_SETFL, arg) < 0)
1442 return -errno;
1443
1444 return 0;
1445 }
1446 #endif
1447
1448 /*
1449 * Download Realtek Firmware and Config
1450 */
rtb_download_fwc(int fd,uint8_t * buf,int size,int proto,struct termios * ti)1451 static int rtb_download_fwc(int fd, uint8_t *buf, int size, int proto,
1452 struct termios *ti)
1453 {
1454 uint8_t curr_idx = 0;
1455 uint8_t curr_len = 0;
1456 uint8_t lp_len = 0;
1457 uint8_t add_pkts = 0;
1458 uint16_t end_idx = 0;
1459 uint16_t total_idx = 0;
1460 uint16_t num;
1461 unsigned char *pkt_buf;
1462 uint16_t i, j;
1463 int result;
1464 #ifdef SERIAL_NONBLOCK_READ
1465 int old_fl;
1466 #endif
1467
1468 end_idx = (uint16_t)((size - 1) / PATCH_DATA_FIELD_MAX_SIZE);
1469 lp_len = size % PATCH_DATA_FIELD_MAX_SIZE;
1470
1471 num = rtb_cfg.num_of_cmd_sent;
1472 num += end_idx + 1;
1473
1474 add_pkts = num % 8 ? (8 - num % 8) : 0;
1475
1476 #ifdef SERIAL_NONBLOCK_READ
1477 old_fl = set_fd_nonblock(fd);
1478 if (old_fl < 0) {
1479 RS_ERR("Set fd nonblock error, %s", strerror(errno));
1480 }
1481 if (old_fl == FD_BLOCK)
1482 RS_INFO("old fd state is block");
1483 #endif
1484
1485 /* Make sure the next seqno is zero after download patch and
1486 * hci reset
1487 */
1488 if (proto == HCI_UART_3WIRE) {
1489 if (add_pkts)
1490 add_pkts -= 1;
1491 else
1492 add_pkts += 7;
1493 } else
1494 add_pkts = 0; /* No additional packets need */
1495
1496 total_idx = add_pkts + end_idx;
1497 rtb_cfg.total_num = total_idx;
1498
1499 RS_INFO("end_idx: %u, lp_len: %u, additional pkts: %u\n", end_idx,
1500 lp_len, add_pkts);
1501 RS_INFO("Start downloading...");
1502
1503 if (lp_len == 0)
1504 lp_len = PATCH_DATA_FIELD_MAX_SIZE;
1505
1506 pkt_buf = buf;
1507
1508 for (i = 0; i <= total_idx; i++) {
1509 /* Index will roll over when it reaches 0x80
1510 * 0, 1, 2, 3, ..., 126, 127(7f), 1, 2, 3, ...
1511 */
1512 if (i > 0x7f)
1513 j = (i & 0x7f) + 1;
1514 else
1515 j = i;
1516
1517 if (i < end_idx) {
1518 curr_idx = j;
1519 curr_len = PATCH_DATA_FIELD_MAX_SIZE;
1520 } else if (i == end_idx) {
1521 /* Send last data packets */
1522 if (i == total_idx)
1523 curr_idx = j | 0x80;
1524 else
1525 curr_idx = j;
1526 curr_len = lp_len;
1527 } else if (i < total_idx) {
1528 /* Send additional packets */
1529 curr_idx = j;
1530 pkt_buf = NULL;
1531 curr_len = 0;
1532 RS_INFO("Send additional packet %u", curr_idx);
1533 } else {
1534 /* Send last packet */
1535 curr_idx = j | 0x80;
1536 pkt_buf = NULL;
1537 curr_len = 0;
1538 RS_INFO("Last packet %u", curr_idx);
1539 }
1540
1541 if (curr_idx & 0x80)
1542 RS_INFO("Send last pkt");
1543
1544 if (proto == HCI_UART_H4) {
1545 curr_idx = h4_download_patch(fd, curr_idx, pkt_buf,
1546 curr_len);
1547 if (curr_idx != j && i != total_idx) {
1548 RS_ERR("Index mismatch %u, curr_idx %u", j,
1549 curr_idx);
1550 return -1;
1551 }
1552 } else if (proto == HCI_UART_3WIRE) {
1553 if (h5_download_patch(fd, curr_idx, pkt_buf, curr_len,
1554 ti) < 0)
1555 return -1;
1556 }
1557
1558 if (curr_idx < end_idx) {
1559 pkt_buf += PATCH_DATA_FIELD_MAX_SIZE;
1560 }
1561 }
1562
1563 /* Make hci reset after Controller applies the Firmware and Config */
1564 if (proto == HCI_UART_H4)
1565 result = h4_hci_reset(fd);
1566 else
1567 result = h5_hci_reset(fd);
1568
1569 if (proto == HCI_UART_3WIRE) {
1570 /* Make sure the last pure ack is sent */
1571 tcdrain(fd);
1572 }
1573
1574 if (result)
1575 return result;
1576
1577
1578 #ifdef SERIAL_NONBLOCK_READ
1579 if (old_fl == FD_BLOCK)
1580 set_fd_block(fd);
1581 #endif
1582
1583 return 0;
1584 }
1585
1586 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]) )
1587 struct rtb_baud {
1588 uint32_t rtb_speed;
1589 int uart_speed;
1590 };
1591
1592 #ifdef BAUDRATE_4BYTES
1593 struct rtb_baud baudrates[] = {
1594 #ifdef RTL_8703A_SUPPORT
1595 {0x00004003, 1500000}, /* for rtl8703as */
1596 #endif
1597 {0x0252C014, 115200},
1598 {0x0252C00A, 230400},
1599 {0x05F75004, 921600},
1600 {0x00005004, 1000000},
1601 {0x04928002, 1500000},
1602 {0x01128002, 1500000}, //8761AT
1603 {0x00005002, 2000000},
1604 {0x0000B001, 2500000},
1605 {0x04928001, 3000000},
1606 {0x052A6001, 3500000},
1607 {0x00005001, 4000000},
1608 };
1609 #else
1610 struct rtb_baud baudrates[] = {
1611 {0x701d, 115200}
1612 {0x6004, 921600},
1613 {0x4003, 1500000},
1614 {0x5002, 2000000},
1615 {0x8001, 3000000},
1616 {0x9001, 3000000},
1617 {0x7001, 3500000},
1618 {0x5001, 4000000},
1619 };
1620 #endif
1621
vendor_speed_to_std(uint32_t rtb_speed,uint32_t * uart_speed)1622 static void vendor_speed_to_std(uint32_t rtb_speed, uint32_t *uart_speed)
1623 {
1624 *uart_speed = 115200;
1625
1626 unsigned int i;
1627 for (i = 0; i < ARRAY_SIZE(baudrates); i++) {
1628 if (baudrates[i].rtb_speed == rtb_speed) {
1629 *uart_speed = baudrates[i].uart_speed;
1630 return;
1631 }
1632 }
1633 return;
1634 }
1635
std_speed_to_vendor(int uart_speed,uint32_t * rtb_speed)1636 static inline void std_speed_to_vendor(int uart_speed, uint32_t *rtb_speed)
1637 {
1638 *rtb_speed = 0x701D;
1639
1640 unsigned int i;
1641 for (i = 0; i < ARRAY_SIZE(baudrates); i++) {
1642 if (baudrates[i].uart_speed == uart_speed) {
1643 *rtb_speed = baudrates[i].rtb_speed;
1644 return;
1645 }
1646 }
1647
1648 return;
1649 }
1650
rtb_read_chip_type(int dd)1651 void rtb_read_chip_type(int dd)
1652 {
1653 /* 0xB000A094 */
1654 unsigned char cmd_buff[] = {
1655 0x61, 0xfc, 0x05, 0x10, 0xA6, 0xAD, 0x00, 0xB0
1656 };
1657 struct sk_buff *nskb;
1658 int result;
1659
1660 nskb = h5_prepare_pkt(&rtb_cfg, cmd_buff, sizeof(cmd_buff),
1661 HCI_COMMAND_PKT);
1662 if (!nskb) {
1663 RS_ERR("Alloc chip type cmd skb buff error");
1664 exit(EXIT_FAILURE);
1665 }
1666
1667 rtb_cfg.cmd_state.opcode = HCI_VENDOR_READ_CHIP_TYPE;
1668 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1669 result = start_transmit_wait(dd, nskb, OP_CHIP_TYPE, 250, 3);
1670 skb_free(nskb);
1671 if (result < 0)
1672 RS_ERR("OP_CHIP_TYPE Transmission error");
1673
1674 return;
1675 }
1676
1677 /*
1678 * Read ECO version with vendor cmd 0xfc65
1679 */
rtb_read_eversion(int dd)1680 void rtb_read_eversion(int dd)
1681 {
1682 int result;
1683 unsigned char cmd_buf[3] = { 0x6d, 0xfc, 0x00 };
1684 struct sk_buff *nskb;
1685
1686 nskb= h5_prepare_pkt(&rtb_cfg, cmd_buf, 3, HCI_COMMAND_PKT);
1687 if (!nskb) {
1688 RS_ERR("Alloc eversion cmd skb buff error");
1689 exit(EXIT_FAILURE);
1690 }
1691
1692 rtb_cfg.cmd_state.opcode = HCI_VENDOR_READ_ROM_VER;
1693 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1694 result = start_transmit_wait(dd, nskb, OP_ROM_VER, 500, 3);
1695 skb_free(nskb);
1696 if (result < 0) {
1697 RS_ERR("OP_ROM_VER Transmit error");
1698 }
1699
1700 return;
1701 }
1702
rtb_read_local_version(int dd)1703 void rtb_read_local_version(int dd)
1704 {
1705 int result;
1706 unsigned char cmd_buf[3] = { 0x01, 0x10, 0x00 };
1707 struct sk_buff *nskb;
1708
1709 nskb = h5_prepare_pkt(&rtb_cfg, cmd_buf, 3, HCI_COMMAND_PKT);
1710 if (!nskb) {
1711 RS_ERR("Alloc local ver cmd skb buff error");
1712 exit(EXIT_FAILURE);
1713 }
1714
1715 rtb_cfg.cmd_state.state = CMD_STATE_UNKNOWN;
1716 rtb_cfg.cmd_state.opcode = HCI_CMD_READ_LOCAL_VER;
1717 result = start_transmit_wait(dd, nskb, OP_LMP_VER, 500, 3);
1718 skb_free(nskb);
1719 if (result < 0) {
1720 RS_ERR("OP_LMP_VER Transmit error");
1721 }
1722
1723 return;
1724 }
1725
1726 /*
1727 * Config Realtek Bluetooth.
1728 * Config parameters are got from Realtek Config file and FW.
1729 *
1730 * speed is the init_speed in uart struct
1731 * Returns 0 on success
1732 */
rtb_config(int fd,int proto,int speed,struct termios * ti)1733 static int rtb_config(int fd, int proto, int speed, struct termios *ti)
1734 {
1735 int final_speed = 0;
1736 int ret = 0;
1737 int max_patch_size = 0;
1738
1739 rtb_cfg.proto = proto;
1740
1741 /* Read Local Version Information and RTK ROM version */
1742 if (proto == HCI_UART_3WIRE) {
1743 RS_INFO("Realtek H5 IC");
1744 rtb_read_local_version(fd);
1745 rtb_read_eversion(fd);
1746 } else {
1747 RS_INFO("Realtek H4 IC");
1748
1749 /* The following set is for special requirement that enables
1750 * flow control before initializing */
1751 #ifdef RTL8723DSH4_UART_HWFLOWC
1752 ti->c_cflag &= ~PARENB;
1753 ti->c_cflag |= CRTSCTS;
1754 if (tcsetattr(fd, TCSANOW, ti) < 0) {
1755 RS_ERR("H4 Can't enable RTSCTS");
1756 return -1;
1757 }
1758 usleep(20 * 1000);
1759 #endif
1760 h4_read_local_ver(fd);
1761 h4_vendor_read_rom_ver(fd);
1762 if (rtb_cfg.lmp_subver == ROM_LMP_8761btc) {
1763 /* 8761B Test Chip */
1764 rtb_cfg.chip_type = CHIP_8761BTC;
1765 rtb_cfg.uart_flow_ctrl = 1;
1766 /* TODO: Change to different uart baud */
1767 std_speed_to_vendor(1500000, &rtb_cfg.vendor_baud);
1768 goto change_baud;
1769 } else if (rtb_cfg.lmp_subver == ROM_LMP_8761a) {
1770 if (rtb_cfg.hci_rev == 0x000b) {
1771 /* 8761B Test Chip without download */
1772 rtb_cfg.chip_type = CHIP_8761BH4;
1773 /* rtb_cfg.uart_flow_ctrl = 1; */
1774 /* TODO: Change to different uart baud */
1775 /* std_speed_to_vendor(1500000, &rtb_cfg.vendor_baud);
1776 * goto change_baud;
1777 */
1778 } else if (rtb_cfg.hci_rev == 0x000a) {
1779 if (rtb_cfg.eversion == 3)
1780 rtb_cfg.chip_type = CHIP_8761ATF;
1781 else if (rtb_cfg.eversion == 2)
1782 rtb_cfg.chip_type = CHIP_8761AT;
1783 else
1784 rtb_cfg.chip_type = CHIP_UNKNOWN;
1785 }
1786 } else if (rtb_cfg.lmp_subver == ROM_LMP_8723b) {
1787 if (rtb_cfg.hci_ver == 0x08 &&
1788 rtb_cfg.hci_rev == 0x000d) {
1789 rtb_cfg.chip_type = CHIP_8723DS;
1790 } else if (rtb_cfg.hci_ver == 0x06 &&
1791 rtb_cfg.hci_rev == 0x000b) {
1792 rtb_cfg.chip_type = CHIP_8723BS;
1793 } else {
1794 RS_ERR("H4: unknown chip");
1795 return -1;
1796 }
1797 }
1798
1799 }
1800
1801 RS_INFO("LMP Subversion 0x%04x", rtb_cfg.lmp_subver);
1802 RS_INFO("EVersion %u", rtb_cfg.eversion);
1803
1804 switch (rtb_cfg.lmp_subver) {
1805 case ROM_LMP_8723a:
1806 break;
1807 case ROM_LMP_8723b:
1808 #ifdef RTL_8703A_SUPPORT
1809 /* Set chip type for matching fw/config entry */
1810 rtl->chip_type = CHIP_8703AS;
1811 #endif
1812 break;
1813 case ROM_LMP_8821a:
1814 break;
1815 case ROM_LMP_8761a:
1816 rtb_read_chip_type(fd);
1817 break;
1818 case ROM_LMP_8703b:
1819 rtb_read_chip_type(fd);
1820 break;
1821 case ROM_LMP_8852a:
1822 rtb_read_chip_type(fd);
1823 break;
1824 }
1825
1826 if((rtb_cfg.chip_type == CHIP_8852BPE_VR) || (rtb_cfg.chip_type == CHIP_8852BPS)) {
1827 rtb_cfg.chip_type = CHIP_8852BP;
1828 RS_INFO("chip_type: %d", rtb_cfg.chip_type);
1829 }
1830
1831 if(rtb_cfg.chip_type == CHIP_8852BP) {
1832 rtb_cfg.eversion = rtb_cfg.chip_ver;
1833 RS_INFO("eversion: %d", rtb_cfg.eversion);
1834 }
1835
1836 rtb_cfg.patch_ent = get_patch_entry(&rtb_cfg);
1837 if (rtb_cfg.patch_ent) {
1838 RS_INFO("IC: %s", rtb_cfg.patch_ent->ic_name);
1839 RS_INFO("Firmware/config: %s, %s",
1840 rtb_cfg.patch_ent->patch_file,
1841 rtb_cfg.patch_ent->config_file);
1842 } else {
1843 RS_ERR("Can not find firmware/config entry");
1844 return -1;
1845 }
1846
1847 rtb_cfg.config_buf = rtb_read_config(rtb_cfg.patch_ent->config_file,
1848 &rtb_cfg.config_len,
1849 rtb_cfg.patch_ent->chip_type);
1850 if (!rtb_cfg.config_buf) {
1851 RS_ERR("Read Config file error, use eFuse settings");
1852 rtb_cfg.config_len = 0;
1853 }
1854
1855 rtb_cfg.fw_buf = rtb_read_firmware(&rtb_cfg, &rtb_cfg.fw_len);
1856 if (!rtb_cfg.fw_buf) {
1857 RS_ERR("Read Bluetooth firmware error");
1858 rtb_cfg.fw_len = 0;
1859 /* Free config buf */
1860 if (rtb_cfg.config_buf) {
1861 free(rtb_cfg.config_buf);
1862 rtb_cfg.config_buf = NULL;
1863 rtb_cfg.config_len = 0;
1864 }
1865 return -1;
1866 } else {
1867 rtb_cfg.total_buf = rtb_get_final_patch(fd, proto,
1868 &rtb_cfg.total_len);
1869 /* If the above function executes successfully, the Config and
1870 * patch were copied to the total buf */
1871
1872 /* Free config buf */
1873 if (rtb_cfg.config_buf) {
1874 free(rtb_cfg.config_buf);
1875 rtb_cfg.config_buf = NULL;
1876 }
1877 /* Free the fw buf */
1878 free(rtb_cfg.fw_buf);
1879 rtb_cfg.fw_buf = NULL;
1880 rtb_cfg.fw_len = 0;
1881
1882 if (!rtb_cfg.total_buf) {
1883 RS_ERR("Failed to get the final patch");
1884 exit(EXIT_FAILURE);
1885 }
1886 }
1887
1888 switch ((rtb_cfg.patch_ent)->chip_type) {
1889 case CHIP_8822BS:
1890 max_patch_size = 25 * 1024;
1891 break;
1892 case CHIP_8821CS:
1893 case CHIP_8723DS:
1894 case CHIP_8822CS:
1895 case CHIP_8761B:
1896 case CHIP_8725AS:
1897 max_patch_size = 40 * 1024;
1898 break;
1899 case CHIP_8852AS:
1900 max_patch_size = 0x114D0 + 529; /* 69.2KB */
1901 break;
1902 case CHIP_8723FS:
1903 max_patch_size = 0xC4Cf + 529; /* 49.2KB */
1904 break;
1905 case CHIP_8852BS:
1906 case CHIP_8852BP:
1907 max_patch_size = 0x104D0 + 529; /* 65KB */
1908 break;
1909 case CHIP_8852CS:
1910 max_patch_size = 0x130D0 + 529; /* 76.2KB */
1911 break;
1912 default:
1913 max_patch_size = 24 * 1024;
1914 break;
1915 }
1916
1917 if (rtb_cfg.total_len > max_patch_size) {
1918 RS_ERR("Total length of fwc is larger than allowed");
1919 goto buf_free;
1920 }
1921
1922 RS_INFO("Total len %d for fwc", rtb_cfg.total_len);
1923
1924 /* rtl8723ds h4 */
1925 if (rtb_cfg.chip_type == CHIP_8723DS &&
1926 rtb_cfg.proto == HCI_UART_H4) {
1927 if (rtb_cfg.parenb) {
1928 /* set parity */
1929 ti->c_cflag |= PARENB;
1930 if (rtb_cfg.pareven)
1931 ti->c_cflag &= ~(PARODD);
1932 else
1933 ti->c_cflag |= PARODD;
1934 if (tcsetattr(fd, TCSANOW, ti) < 0) {
1935 RS_ERR("8723DSH4 Can't set parity");
1936 goto buf_free;
1937 }
1938 }
1939 }
1940
1941 change_baud:
1942 /* change baudrate if needed
1943 * rtb_cfg.vendor_baud is a __u32/__u16 vendor-specific variable
1944 * parsed from config file
1945 * */
1946 if (rtb_cfg.vendor_baud == 0) {
1947 /* No baud setting in Config file */
1948 std_speed_to_vendor(speed, &rtb_cfg.vendor_baud);
1949 RS_INFO("No baud from Config file, set baudrate: %d, 0x%08x",
1950 speed, rtb_cfg.vendor_baud);
1951 goto start_download;
1952 } else
1953 vendor_speed_to_std(rtb_cfg.vendor_baud,
1954 (uint32_t *)&(rtb_cfg.final_speed));
1955
1956 if (rtb_cfg.final_speed == 115200) {
1957 RS_INFO("Final speed is %d, no baud change needs",
1958 rtb_cfg.final_speed);
1959 goto start_download;
1960 }
1961
1962 if (proto == HCI_UART_3WIRE)
1963 h5_vendor_change_speed(fd, rtb_cfg.vendor_baud);
1964 else
1965 h4_vendor_change_speed(fd, rtb_cfg.vendor_baud);
1966
1967 /* Make sure the ack for cmd complete event is transmitted */
1968 tcdrain(fd);
1969 usleep(50000); /* The same value as before */
1970 final_speed = rtb_cfg.final_speed ? rtb_cfg.final_speed : speed;
1971 RS_INFO("Final speed %d", final_speed);
1972 if (set_speed(fd, ti, final_speed) < 0) {
1973 RS_ERR("Can't set baud rate: %d, %d, %d", final_speed,
1974 rtb_cfg.final_speed, speed);
1975 goto buf_free;
1976 }
1977
1978 start_download:
1979 /* For 8761B Test chip, no patch to download */
1980 if (rtb_cfg.chip_type == CHIP_8761BTC)
1981 goto done;
1982
1983 if (rtb_cfg.total_len > 0 && rtb_cfg.dl_fw_flag) {
1984 rtb_cfg.link_estab_state = H5_PATCH;
1985 rtb_cfg.rx_index = -1;
1986
1987 ret = rtb_download_fwc(fd, rtb_cfg.total_buf, rtb_cfg.total_len,
1988 proto, ti);
1989 free(rtb_cfg.total_buf);
1990 if (ret < 0)
1991 return ret;
1992 }
1993
1994 done:
1995
1996 RS_DBG("Init Process finished");
1997 return 0;
1998
1999 buf_free:
2000 free(rtb_cfg.total_buf);
2001 return -1;
2002 }
2003
rtb_init(int fd,int proto,int speed,struct termios * ti)2004 int rtb_init(int fd, int proto, int speed, struct termios *ti)
2005 {
2006 struct epoll_event ev;
2007 int result;
2008
2009 RS_INFO("Realtek hciattach version %s \n", RTK_VERSION);
2010
2011 memset(&rtb_cfg, 0, sizeof(rtb_cfg));
2012 rtb_cfg.serial_fd = fd;
2013 rtb_cfg.dl_fw_flag = 1;
2014
2015 rtb_cfg.epollfd = epoll_create(64);
2016 if (rtb_cfg.epollfd == -1) {
2017 RS_ERR("epoll_create1, %s (%d)", strerror(errno), errno);
2018 exit(EXIT_FAILURE);
2019 }
2020
2021 ev.events = EPOLLIN | EPOLLERR | EPOLLHUP | EPOLLRDHUP;
2022 ev.data.fd = fd;
2023 if (epoll_ctl(rtb_cfg.epollfd, EPOLL_CTL_ADD, fd, &ev) == -1) {
2024 RS_ERR("epoll_ctl: epoll ctl add, %s (%d)", strerror(errno),
2025 errno);
2026 exit(EXIT_FAILURE);
2027 }
2028
2029 rtb_cfg.timerfd = timerfd_create(CLOCK_MONOTONIC, 0);
2030 if (rtb_cfg.timerfd == -1) {
2031 RS_ERR("timerfd_create error, %s (%d)", strerror(errno), errno);
2032 return -1;
2033 }
2034
2035 if (rtb_cfg.timerfd > 0) {
2036 ev.events = EPOLLIN | EPOLLERR | EPOLLHUP | EPOLLRDHUP;
2037 ev.data.fd = rtb_cfg.timerfd;
2038 if (epoll_ctl(rtb_cfg.epollfd, EPOLL_CTL_ADD,
2039 rtb_cfg.timerfd, &ev) == -1) {
2040 RS_ERR("epoll_ctl: epoll ctl add, %s (%d)",
2041 strerror(errno), errno);
2042 exit(EXIT_FAILURE);
2043 }
2044 }
2045
2046 RS_INFO("Use epoll");
2047
2048 if (proto == HCI_UART_3WIRE) {
2049 if (rtb_init_h5(fd, ti) < 0)
2050 return -1;;
2051 }
2052
2053 result = rtb_config(fd, proto, speed, ti);
2054
2055 epoll_ctl(rtb_cfg.epollfd, EPOLL_CTL_DEL, fd, NULL);
2056 epoll_ctl(rtb_cfg.epollfd, EPOLL_CTL_DEL, rtb_cfg.timerfd, NULL);
2057 close(rtb_cfg.timerfd);
2058 rtb_cfg.timerfd = -1;
2059
2060 return result;
2061 }
2062
rtb_post(int fd,int proto,struct termios * ti)2063 int rtb_post(int fd, int proto, struct termios *ti)
2064 {
2065 /* No need to change baudrate */
2066 /* if (rtb_cfg.final_speed)
2067 * return set_speed(fd, ti, rtb_cfg.final_speed);
2068 */
2069
2070 return 0;
2071 }
2072