1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/module.h>
25#include <linux/firmware.h>
26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "btbcm.h"
32
33#define VERSION "0.1"
34
35#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
36#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
37#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
38
39int btbcm_check_bdaddr(struct hci_dev *hdev)
40{
41 struct hci_rp_read_bd_addr *bda;
42 struct sk_buff *skb;
43
44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
45 HCI_INIT_TIMEOUT);
46 if (IS_ERR(skb)) {
47 int err = PTR_ERR(skb);
48 BT_ERR("%s: BCM: Reading device address failed (%d)",
49 hdev->name, err);
50 return err;
51 }
52
53 if (skb->len != sizeof(*bda)) {
54 BT_ERR("%s: BCM: Device address length mismatch", hdev->name);
55 kfree_skb(skb);
56 return -EIO;
57 }
58
59 bda = (struct hci_rp_read_bd_addr *)skb->data;
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
76 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1)) {
77 BT_INFO("%s: BCM: Using default device address (%pMR)",
78 hdev->name, &bda->bdaddr);
79 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
80 }
81
82 kfree_skb(skb);
83
84 return 0;
85}
86EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
87
88int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
89{
90 struct sk_buff *skb;
91 int err;
92
93 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
94 if (IS_ERR(skb)) {
95 err = PTR_ERR(skb);
96 BT_ERR("%s: BCM: Change address command failed (%d)",
97 hdev->name, err);
98 return err;
99 }
100 kfree_skb(skb);
101
102 return 0;
103}
104EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
105
106int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
107{
108 const struct hci_command_hdr *cmd;
109 const u8 *fw_ptr;
110 size_t fw_size;
111 struct sk_buff *skb;
112 u16 opcode;
113 int err = 0;
114
115
116 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
117 if (IS_ERR(skb)) {
118 err = PTR_ERR(skb);
119 BT_ERR("%s: BCM: Download Minidrv command failed (%d)",
120 hdev->name, err);
121 goto done;
122 }
123 kfree_skb(skb);
124
125
126 msleep(50);
127
128 fw_ptr = fw->data;
129 fw_size = fw->size;
130
131 while (fw_size >= sizeof(*cmd)) {
132 const u8 *cmd_param;
133
134 cmd = (struct hci_command_hdr *)fw_ptr;
135 fw_ptr += sizeof(*cmd);
136 fw_size -= sizeof(*cmd);
137
138 if (fw_size < cmd->plen) {
139 BT_ERR("%s: BCM: Patch is corrupted", hdev->name);
140 err = -EINVAL;
141 goto done;
142 }
143
144 cmd_param = fw_ptr;
145 fw_ptr += cmd->plen;
146 fw_size -= cmd->plen;
147
148 opcode = le16_to_cpu(cmd->opcode);
149
150 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
151 HCI_INIT_TIMEOUT);
152 if (IS_ERR(skb)) {
153 err = PTR_ERR(skb);
154 BT_ERR("%s: BCM: Patch command %04x failed (%d)",
155 hdev->name, opcode, err);
156 goto done;
157 }
158 kfree_skb(skb);
159 }
160
161
162 msleep(250);
163
164done:
165 return err;
166}
167EXPORT_SYMBOL(btbcm_patchram);
168
169static int btbcm_reset(struct hci_dev *hdev)
170{
171 struct sk_buff *skb;
172
173 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
174 if (IS_ERR(skb)) {
175 int err = PTR_ERR(skb);
176 BT_ERR("%s: BCM: Reset failed (%d)", hdev->name, err);
177 return err;
178 }
179 kfree_skb(skb);
180
181
182 msleep(100);
183
184 return 0;
185}
186
187static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
188{
189 struct sk_buff *skb;
190
191 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
192 HCI_INIT_TIMEOUT);
193 if (IS_ERR(skb)) {
194 BT_ERR("%s: BCM: Reading local name failed (%ld)",
195 hdev->name, PTR_ERR(skb));
196 return skb;
197 }
198
199 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
200 BT_ERR("%s: BCM: Local name length mismatch", hdev->name);
201 kfree_skb(skb);
202 return ERR_PTR(-EIO);
203 }
204
205 return skb;
206}
207
208static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
209{
210 struct sk_buff *skb;
211
212 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
213 HCI_INIT_TIMEOUT);
214 if (IS_ERR(skb)) {
215 BT_ERR("%s: BCM: Reading local version info failed (%ld)",
216 hdev->name, PTR_ERR(skb));
217 return skb;
218 }
219
220 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
221 BT_ERR("%s: BCM: Local version length mismatch", hdev->name);
222 kfree_skb(skb);
223 return ERR_PTR(-EIO);
224 }
225
226 return skb;
227}
228
229static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
230{
231 struct sk_buff *skb;
232
233 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
234 if (IS_ERR(skb)) {
235 BT_ERR("%s: BCM: Read verbose config info failed (%ld)",
236 hdev->name, PTR_ERR(skb));
237 return skb;
238 }
239
240 if (skb->len != 7) {
241 BT_ERR("%s: BCM: Verbose config length mismatch", hdev->name);
242 kfree_skb(skb);
243 return ERR_PTR(-EIO);
244 }
245
246 return skb;
247}
248
249static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
250{
251 struct sk_buff *skb;
252
253 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
254 if (IS_ERR(skb)) {
255 BT_ERR("%s: BCM: Read USB product info failed (%ld)",
256 hdev->name, PTR_ERR(skb));
257 return skb;
258 }
259
260 if (skb->len != 5) {
261 BT_ERR("%s: BCM: USB product length mismatch", hdev->name);
262 kfree_skb(skb);
263 return ERR_PTR(-EIO);
264 }
265
266 return skb;
267}
268
269static const struct {
270 u16 subver;
271 const char *name;
272} bcm_uart_subver_table[] = {
273 { 0x4103, "BCM4330B1" },
274 { 0x410e, "BCM43341B0" },
275 { 0x4406, "BCM4324B3" },
276 { 0x610c, "BCM4354" },
277 { }
278};
279
280int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len)
281{
282 u16 subver, rev;
283 const char *hw_name = NULL;
284 struct sk_buff *skb;
285 struct hci_rp_read_local_version *ver;
286 int i, err;
287
288
289 err = btbcm_reset(hdev);
290 if (err)
291 return err;
292
293
294 skb = btbcm_read_local_version(hdev);
295 if (IS_ERR(skb))
296 return PTR_ERR(skb);
297
298 ver = (struct hci_rp_read_local_version *)skb->data;
299 rev = le16_to_cpu(ver->hci_rev);
300 subver = le16_to_cpu(ver->lmp_subver);
301 kfree_skb(skb);
302
303
304 skb = btbcm_read_verbose_config(hdev);
305 if (IS_ERR(skb))
306 return PTR_ERR(skb);
307
308 BT_INFO("%s: BCM: chip id %u", hdev->name, skb->data[1]);
309 kfree_skb(skb);
310
311 switch ((rev & 0xf000) >> 12) {
312 case 0:
313 case 1:
314 case 3:
315 for (i = 0; bcm_uart_subver_table[i].name; i++) {
316 if (subver == bcm_uart_subver_table[i].subver) {
317 hw_name = bcm_uart_subver_table[i].name;
318 break;
319 }
320 }
321
322 snprintf(fw_name, len, "brcm/%s.hcd", hw_name ? : "BCM");
323 break;
324 default:
325 return 0;
326 }
327
328 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
329 hw_name ? : "BCM", (subver & 0xe000) >> 13,
330 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
331
332 return 0;
333}
334EXPORT_SYMBOL_GPL(btbcm_initialize);
335
336int btbcm_finalize(struct hci_dev *hdev)
337{
338 struct sk_buff *skb;
339 struct hci_rp_read_local_version *ver;
340 u16 subver, rev;
341 int err;
342
343
344 err = btbcm_reset(hdev);
345 if (err)
346 return err;
347
348
349 skb = btbcm_read_local_version(hdev);
350 if (IS_ERR(skb))
351 return PTR_ERR(skb);
352
353 ver = (struct hci_rp_read_local_version *)skb->data;
354 rev = le16_to_cpu(ver->hci_rev);
355 subver = le16_to_cpu(ver->lmp_subver);
356 kfree_skb(skb);
357
358 BT_INFO("%s: BCM (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
359 (subver & 0xe000) >> 13, (subver & 0x1f00) >> 8,
360 (subver & 0x00ff), rev & 0x0fff);
361
362 btbcm_check_bdaddr(hdev);
363
364 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
365
366 return 0;
367}
368EXPORT_SYMBOL_GPL(btbcm_finalize);
369
370static const struct {
371 u16 subver;
372 const char *name;
373} bcm_usb_subver_table[] = {
374 { 0x210b, "BCM43142A0" },
375 { 0x2112, "BCM4314A0" },
376 { 0x2118, "BCM20702A0" },
377 { 0x2126, "BCM4335A0" },
378 { 0x220e, "BCM20702A1" },
379 { 0x230f, "BCM4354A2" },
380 { 0x4106, "BCM4335B0" },
381 { 0x410e, "BCM20702B0" },
382 { 0x6109, "BCM4335C0" },
383 { 0x610c, "BCM4354" },
384 { }
385};
386
387int btbcm_setup_patchram(struct hci_dev *hdev)
388{
389 char fw_name[64];
390 const struct firmware *fw;
391 u16 subver, rev, pid, vid;
392 const char *hw_name = NULL;
393 struct sk_buff *skb;
394 struct hci_rp_read_local_version *ver;
395 int i, err;
396
397
398 err = btbcm_reset(hdev);
399 if (err)
400 return err;
401
402
403 skb = btbcm_read_local_version(hdev);
404 if (IS_ERR(skb))
405 return PTR_ERR(skb);
406
407 ver = (struct hci_rp_read_local_version *)skb->data;
408 rev = le16_to_cpu(ver->hci_rev);
409 subver = le16_to_cpu(ver->lmp_subver);
410 kfree_skb(skb);
411
412
413 skb = btbcm_read_verbose_config(hdev);
414 if (IS_ERR(skb))
415 return PTR_ERR(skb);
416
417 BT_INFO("%s: BCM: chip id %u", hdev->name, skb->data[1]);
418 kfree_skb(skb);
419
420
421 skb = btbcm_read_local_name(hdev);
422 if (IS_ERR(skb))
423 return PTR_ERR(skb);
424
425 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
426 kfree_skb(skb);
427
428 switch ((rev & 0xf000) >> 12) {
429 case 0:
430 case 3:
431 for (i = 0; bcm_uart_subver_table[i].name; i++) {
432 if (subver == bcm_uart_subver_table[i].subver) {
433 hw_name = bcm_uart_subver_table[i].name;
434 break;
435 }
436 }
437
438 snprintf(fw_name, sizeof(fw_name), "brcm/%s.hcd",
439 hw_name ? : "BCM");
440 break;
441 case 1:
442 case 2:
443
444 skb = btbcm_read_usb_product(hdev);
445 if (IS_ERR(skb))
446 return PTR_ERR(skb);
447
448 vid = get_unaligned_le16(skb->data + 1);
449 pid = get_unaligned_le16(skb->data + 3);
450 kfree_skb(skb);
451
452 for (i = 0; bcm_usb_subver_table[i].name; i++) {
453 if (subver == bcm_usb_subver_table[i].subver) {
454 hw_name = bcm_usb_subver_table[i].name;
455 break;
456 }
457 }
458
459 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%4.4x-%4.4x.hcd",
460 hw_name ? : "BCM", vid, pid);
461 break;
462 default:
463 return 0;
464 }
465
466 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
467 hw_name ? : "BCM", (subver & 0xe000) >> 13,
468 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
469
470 err = request_firmware(&fw, fw_name, &hdev->dev);
471 if (err < 0) {
472 BT_INFO("%s: BCM: Patch %s not found", hdev->name, fw_name);
473 goto done;
474 }
475
476 btbcm_patchram(hdev, fw);
477
478 release_firmware(fw);
479
480
481 err = btbcm_reset(hdev);
482 if (err)
483 return err;
484
485
486 skb = btbcm_read_local_version(hdev);
487 if (IS_ERR(skb))
488 return PTR_ERR(skb);
489
490 ver = (struct hci_rp_read_local_version *)skb->data;
491 rev = le16_to_cpu(ver->hci_rev);
492 subver = le16_to_cpu(ver->lmp_subver);
493 kfree_skb(skb);
494
495 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
496 hw_name ? : "BCM", (subver & 0xe000) >> 13,
497 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
498
499
500 skb = btbcm_read_local_name(hdev);
501 if (IS_ERR(skb))
502 return PTR_ERR(skb);
503
504 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
505 kfree_skb(skb);
506
507done:
508 btbcm_check_bdaddr(hdev);
509
510 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
511
512 return 0;
513}
514EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
515
516int btbcm_setup_apple(struct hci_dev *hdev)
517{
518 struct sk_buff *skb;
519 int err;
520
521
522 err = btbcm_reset(hdev);
523 if (err)
524 return err;
525
526
527 skb = btbcm_read_verbose_config(hdev);
528 if (!IS_ERR(skb)) {
529 BT_INFO("%s: BCM: chip id %u build %4.4u", hdev->name,
530 skb->data[1], get_unaligned_le16(skb->data + 5));
531 kfree_skb(skb);
532 }
533
534
535 skb = btbcm_read_usb_product(hdev);
536 if (!IS_ERR(skb)) {
537 BT_INFO("%s: BCM: product %4.4x:%4.4x", hdev->name,
538 get_unaligned_le16(skb->data + 1),
539 get_unaligned_le16(skb->data + 3));
540 kfree_skb(skb);
541 }
542
543
544 skb = btbcm_read_local_name(hdev);
545 if (!IS_ERR(skb)) {
546 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
547 kfree_skb(skb);
548 }
549
550 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
551
552 return 0;
553}
554EXPORT_SYMBOL_GPL(btbcm_setup_apple);
555
556MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
557MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
558MODULE_VERSION(VERSION);
559MODULE_LICENSE("GPL");
560
