1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/module.h>
25#include <linux/firmware.h>
26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "btbcm.h"
32
33#define VERSION "0.1"
34
35#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
36#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
37#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
38
39int btbcm_check_bdaddr(struct hci_dev *hdev)
40{
41 struct hci_rp_read_bd_addr *bda;
42 struct sk_buff *skb;
43
44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
45 HCI_INIT_TIMEOUT);
46 if (IS_ERR(skb)) {
47 int err = PTR_ERR(skb);
48 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
49 return err;
50 }
51
52 if (skb->len != sizeof(*bda)) {
53 bt_dev_err(hdev, "BCM: Device address length mismatch");
54 kfree_skb(skb);
55 return -EIO;
56 }
57
58 bda = (struct hci_rp_read_bd_addr *)skb->data;
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
74 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1)) {
76 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
77 &bda->bdaddr);
78 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
79 }
80
81 kfree_skb(skb);
82
83 return 0;
84}
85EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
86
87int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
88{
89 struct sk_buff *skb;
90 int err;
91
92 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
93 if (IS_ERR(skb)) {
94 err = PTR_ERR(skb);
95 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
96 return err;
97 }
98 kfree_skb(skb);
99
100 return 0;
101}
102EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
103
104int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
105{
106 const struct hci_command_hdr *cmd;
107 const u8 *fw_ptr;
108 size_t fw_size;
109 struct sk_buff *skb;
110 u16 opcode;
111 int err = 0;
112
113
114 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
115 if (IS_ERR(skb)) {
116 err = PTR_ERR(skb);
117 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
118 err);
119 goto done;
120 }
121 kfree_skb(skb);
122
123
124 msleep(50);
125
126 fw_ptr = fw->data;
127 fw_size = fw->size;
128
129 while (fw_size >= sizeof(*cmd)) {
130 const u8 *cmd_param;
131
132 cmd = (struct hci_command_hdr *)fw_ptr;
133 fw_ptr += sizeof(*cmd);
134 fw_size -= sizeof(*cmd);
135
136 if (fw_size < cmd->plen) {
137 bt_dev_err(hdev, "BCM: Patch is corrupted");
138 err = -EINVAL;
139 goto done;
140 }
141
142 cmd_param = fw_ptr;
143 fw_ptr += cmd->plen;
144 fw_size -= cmd->plen;
145
146 opcode = le16_to_cpu(cmd->opcode);
147
148 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
149 HCI_INIT_TIMEOUT);
150 if (IS_ERR(skb)) {
151 err = PTR_ERR(skb);
152 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
153 opcode, err);
154 goto done;
155 }
156 kfree_skb(skb);
157 }
158
159
160 msleep(250);
161
162done:
163 return err;
164}
165EXPORT_SYMBOL(btbcm_patchram);
166
167static int btbcm_reset(struct hci_dev *hdev)
168{
169 struct sk_buff *skb;
170
171 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
172 if (IS_ERR(skb)) {
173 int err = PTR_ERR(skb);
174 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
175 return err;
176 }
177 kfree_skb(skb);
178
179
180 msleep(100);
181
182 return 0;
183}
184
185static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
186{
187 struct sk_buff *skb;
188
189 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
190 HCI_INIT_TIMEOUT);
191 if (IS_ERR(skb)) {
192 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
193 PTR_ERR(skb));
194 return skb;
195 }
196
197 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
198 bt_dev_err(hdev, "BCM: Local name length mismatch");
199 kfree_skb(skb);
200 return ERR_PTR(-EIO);
201 }
202
203 return skb;
204}
205
206static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
207{
208 struct sk_buff *skb;
209
210 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
211 HCI_INIT_TIMEOUT);
212 if (IS_ERR(skb)) {
213 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
214 PTR_ERR(skb));
215 return skb;
216 }
217
218 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
219 bt_dev_err(hdev, "BCM: Local version length mismatch");
220 kfree_skb(skb);
221 return ERR_PTR(-EIO);
222 }
223
224 return skb;
225}
226
227static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
228{
229 struct sk_buff *skb;
230
231 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
232 if (IS_ERR(skb)) {
233 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
234 PTR_ERR(skb));
235 return skb;
236 }
237
238 if (skb->len != 7) {
239 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
240 kfree_skb(skb);
241 return ERR_PTR(-EIO);
242 }
243
244 return skb;
245}
246
247static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
248{
249 struct sk_buff *skb;
250
251 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
252 if (IS_ERR(skb)) {
253 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
254 PTR_ERR(skb));
255 return skb;
256 }
257
258 if (skb->len != 9) {
259 bt_dev_err(hdev, "BCM: Controller features length mismatch");
260 kfree_skb(skb);
261 return ERR_PTR(-EIO);
262 }
263
264 return skb;
265}
266
267static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
268{
269 struct sk_buff *skb;
270
271 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
272 if (IS_ERR(skb)) {
273 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
274 PTR_ERR(skb));
275 return skb;
276 }
277
278 if (skb->len != 5) {
279 bt_dev_err(hdev, "BCM: USB product length mismatch");
280 kfree_skb(skb);
281 return ERR_PTR(-EIO);
282 }
283
284 return skb;
285}
286
287static int btbcm_read_info(struct hci_dev *hdev)
288{
289 struct sk_buff *skb;
290
291
292 skb = btbcm_read_verbose_config(hdev);
293 if (IS_ERR(skb))
294 return PTR_ERR(skb);
295
296 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
297 kfree_skb(skb);
298
299
300 skb = btbcm_read_controller_features(hdev);
301 if (IS_ERR(skb))
302 return PTR_ERR(skb);
303
304 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
305 kfree_skb(skb);
306
307
308 skb = btbcm_read_local_name(hdev);
309 if (IS_ERR(skb))
310 return PTR_ERR(skb);
311
312 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
313 kfree_skb(skb);
314
315 return 0;
316}
317
318struct bcm_subver_table {
319 u16 subver;
320 const char *name;
321};
322
323static const struct bcm_subver_table bcm_uart_subver_table[] = {
324 { 0x4103, "BCM4330B1" },
325 { 0x410e, "BCM43341B0" },
326 { 0x4406, "BCM4324B3" },
327 { 0x610c, "BCM4354" },
328 { 0x2122, "BCM4343A0" },
329 { 0x2209, "BCM43430A1" },
330 { 0x6119, "BCM4345C0" },
331 { 0x230f, "BCM4356A2" },
332 { }
333};
334
335static const struct bcm_subver_table bcm_usb_subver_table[] = {
336 { 0x210b, "BCM43142A0" },
337 { 0x2112, "BCM4314A0" },
338 { 0x2118, "BCM20702A0" },
339 { 0x2126, "BCM4335A0" },
340 { 0x220e, "BCM20702A1" },
341 { 0x230f, "BCM4354A2" },
342 { 0x4106, "BCM4335B0" },
343 { 0x410e, "BCM20702B0" },
344 { 0x6109, "BCM4335C0" },
345 { 0x610c, "BCM4354" },
346 { }
347};
348
349int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len,
350 bool reinit)
351{
352 u16 subver, rev, pid, vid;
353 const char *hw_name = "BCM";
354 struct sk_buff *skb;
355 struct hci_rp_read_local_version *ver;
356 const struct bcm_subver_table *bcm_subver_table;
357 int i, err;
358
359
360 err = btbcm_reset(hdev);
361 if (err)
362 return err;
363
364
365 skb = btbcm_read_local_version(hdev);
366 if (IS_ERR(skb))
367 return PTR_ERR(skb);
368
369 ver = (struct hci_rp_read_local_version *)skb->data;
370 rev = le16_to_cpu(ver->hci_rev);
371 subver = le16_to_cpu(ver->lmp_subver);
372 kfree_skb(skb);
373
374
375 if (!reinit) {
376 err = btbcm_read_info(hdev);
377 if (err)
378 return err;
379 }
380
381
382 if (((rev & 0xf000) >> 12) > 3)
383 return 0;
384
385 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
386 bcm_uart_subver_table;
387
388 for (i = 0; bcm_subver_table[i].name; i++) {
389 if (subver == bcm_subver_table[i].subver) {
390 hw_name = bcm_subver_table[i].name;
391 break;
392 }
393 }
394
395 if (hdev->bus == HCI_USB) {
396
397 skb = btbcm_read_usb_product(hdev);
398 if (IS_ERR(skb))
399 return PTR_ERR(skb);
400
401 vid = get_unaligned_le16(skb->data + 1);
402 pid = get_unaligned_le16(skb->data + 3);
403 kfree_skb(skb);
404
405 snprintf(fw_name, len, "brcm/%s-%4.4x-%4.4x.hcd",
406 hw_name, vid, pid);
407 } else {
408 snprintf(fw_name, len, "brcm/%s.hcd", hw_name);
409 }
410
411 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
412 hw_name, (subver & 0xe000) >> 13,
413 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
414
415 return 0;
416}
417EXPORT_SYMBOL_GPL(btbcm_initialize);
418
419int btbcm_finalize(struct hci_dev *hdev)
420{
421 char fw_name[64];
422 int err;
423
424
425 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
426 if (err)
427 return err;
428
429 btbcm_check_bdaddr(hdev);
430
431 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
432
433 return 0;
434}
435EXPORT_SYMBOL_GPL(btbcm_finalize);
436
437int btbcm_setup_patchram(struct hci_dev *hdev)
438{
439 char fw_name[64];
440 const struct firmware *fw;
441 struct sk_buff *skb;
442 int err;
443
444
445 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), false);
446 if (err)
447 return err;
448
449 err = request_firmware(&fw, fw_name, &hdev->dev);
450 if (err < 0) {
451 bt_dev_info(hdev, "BCM: Patch %s not found", fw_name);
452 goto done;
453 }
454
455 btbcm_patchram(hdev, fw);
456
457 release_firmware(fw);
458
459
460 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
461 if (err)
462 return err;
463
464
465 skb = btbcm_read_local_name(hdev);
466 if (IS_ERR(skb))
467 return PTR_ERR(skb);
468
469 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
470 kfree_skb(skb);
471
472done:
473 btbcm_check_bdaddr(hdev);
474
475 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
476
477 return 0;
478}
479EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
480
481int btbcm_setup_apple(struct hci_dev *hdev)
482{
483 struct sk_buff *skb;
484 int err;
485
486
487 err = btbcm_reset(hdev);
488 if (err)
489 return err;
490
491
492 skb = btbcm_read_verbose_config(hdev);
493 if (!IS_ERR(skb)) {
494 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
495 skb->data[1], get_unaligned_le16(skb->data + 5));
496 kfree_skb(skb);
497 }
498
499
500 skb = btbcm_read_usb_product(hdev);
501 if (!IS_ERR(skb)) {
502 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
503 get_unaligned_le16(skb->data + 1),
504 get_unaligned_le16(skb->data + 3));
505 kfree_skb(skb);
506 }
507
508
509 skb = btbcm_read_controller_features(hdev);
510 if (!IS_ERR(skb)) {
511 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
512 kfree_skb(skb);
513 }
514
515
516 skb = btbcm_read_local_name(hdev);
517 if (!IS_ERR(skb)) {
518 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
519 kfree_skb(skb);
520 }
521
522 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
523
524 return 0;
525}
526EXPORT_SYMBOL_GPL(btbcm_setup_apple);
527
528MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
529MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
530MODULE_VERSION(VERSION);
531MODULE_LICENSE("GPL");
532
