1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/module.h>
25#include <linux/firmware.h>
26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "btbcm.h"
32
33#define VERSION "0.1"
34
35#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
36#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
37#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
38
39int btbcm_check_bdaddr(struct hci_dev *hdev)
40{
41 struct hci_rp_read_bd_addr *bda;
42 struct sk_buff *skb;
43
44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
45 HCI_INIT_TIMEOUT);
46 if (IS_ERR(skb)) {
47 int err = PTR_ERR(skb);
48 BT_ERR("%s: BCM: Reading device address failed (%d)",
49 hdev->name, err);
50 return err;
51 }
52
53 if (skb->len != sizeof(*bda)) {
54 BT_ERR("%s: BCM: Device address length mismatch", hdev->name);
55 kfree_skb(skb);
56 return -EIO;
57 }
58
59 bda = (struct hci_rp_read_bd_addr *)skb->data;
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
76 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1)) {
77 BT_INFO("%s: BCM: Using default device address (%pMR)",
78 hdev->name, &bda->bdaddr);
79 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
80 }
81
82 kfree_skb(skb);
83
84 return 0;
85}
86EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
87
88int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
89{
90 struct sk_buff *skb;
91 int err;
92
93 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
94 if (IS_ERR(skb)) {
95 err = PTR_ERR(skb);
96 BT_ERR("%s: BCM: Change address command failed (%d)",
97 hdev->name, err);
98 return err;
99 }
100 kfree_skb(skb);
101
102 return 0;
103}
104EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
105
106int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
107{
108 const struct hci_command_hdr *cmd;
109 const u8 *fw_ptr;
110 size_t fw_size;
111 struct sk_buff *skb;
112 u16 opcode;
113 int err = 0;
114
115
116 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
117 if (IS_ERR(skb)) {
118 err = PTR_ERR(skb);
119 BT_ERR("%s: BCM: Download Minidrv command failed (%d)",
120 hdev->name, err);
121 goto done;
122 }
123 kfree_skb(skb);
124
125
126 msleep(50);
127
128 fw_ptr = fw->data;
129 fw_size = fw->size;
130
131 while (fw_size >= sizeof(*cmd)) {
132 const u8 *cmd_param;
133
134 cmd = (struct hci_command_hdr *)fw_ptr;
135 fw_ptr += sizeof(*cmd);
136 fw_size -= sizeof(*cmd);
137
138 if (fw_size < cmd->plen) {
139 BT_ERR("%s: BCM: Patch is corrupted", hdev->name);
140 err = -EINVAL;
141 goto done;
142 }
143
144 cmd_param = fw_ptr;
145 fw_ptr += cmd->plen;
146 fw_size -= cmd->plen;
147
148 opcode = le16_to_cpu(cmd->opcode);
149
150 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
151 HCI_INIT_TIMEOUT);
152 if (IS_ERR(skb)) {
153 err = PTR_ERR(skb);
154 BT_ERR("%s: BCM: Patch command %04x failed (%d)",
155 hdev->name, opcode, err);
156 goto done;
157 }
158 kfree_skb(skb);
159 }
160
161
162 msleep(250);
163
164done:
165 return err;
166}
167EXPORT_SYMBOL(btbcm_patchram);
168
169static int btbcm_reset(struct hci_dev *hdev)
170{
171 struct sk_buff *skb;
172
173 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
174 if (IS_ERR(skb)) {
175 int err = PTR_ERR(skb);
176 BT_ERR("%s: BCM: Reset failed (%d)", hdev->name, err);
177 return err;
178 }
179 kfree_skb(skb);
180
181
182 msleep(100);
183
184 return 0;
185}
186
187static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
188{
189 struct sk_buff *skb;
190
191 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
192 HCI_INIT_TIMEOUT);
193 if (IS_ERR(skb)) {
194 BT_ERR("%s: BCM: Reading local name failed (%ld)",
195 hdev->name, PTR_ERR(skb));
196 return skb;
197 }
198
199 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
200 BT_ERR("%s: BCM: Local name length mismatch", hdev->name);
201 kfree_skb(skb);
202 return ERR_PTR(-EIO);
203 }
204
205 return skb;
206}
207
208static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
209{
210 struct sk_buff *skb;
211
212 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
213 HCI_INIT_TIMEOUT);
214 if (IS_ERR(skb)) {
215 BT_ERR("%s: BCM: Reading local version info failed (%ld)",
216 hdev->name, PTR_ERR(skb));
217 return skb;
218 }
219
220 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
221 BT_ERR("%s: BCM: Local version length mismatch", hdev->name);
222 kfree_skb(skb);
223 return ERR_PTR(-EIO);
224 }
225
226 return skb;
227}
228
229static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
230{
231 struct sk_buff *skb;
232
233 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
234 if (IS_ERR(skb)) {
235 BT_ERR("%s: BCM: Read verbose config info failed (%ld)",
236 hdev->name, PTR_ERR(skb));
237 return skb;
238 }
239
240 if (skb->len != 7) {
241 BT_ERR("%s: BCM: Verbose config length mismatch", hdev->name);
242 kfree_skb(skb);
243 return ERR_PTR(-EIO);
244 }
245
246 return skb;
247}
248
249static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
250{
251 struct sk_buff *skb;
252
253 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
254 if (IS_ERR(skb)) {
255 BT_ERR("%s: BCM: Read controller features failed (%ld)",
256 hdev->name, PTR_ERR(skb));
257 return skb;
258 }
259
260 if (skb->len != 9) {
261 BT_ERR("%s: BCM: Controller features length mismatch",
262 hdev->name);
263 kfree_skb(skb);
264 return ERR_PTR(-EIO);
265 }
266
267 return skb;
268}
269
270static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
271{
272 struct sk_buff *skb;
273
274 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
275 if (IS_ERR(skb)) {
276 BT_ERR("%s: BCM: Read USB product info failed (%ld)",
277 hdev->name, PTR_ERR(skb));
278 return skb;
279 }
280
281 if (skb->len != 5) {
282 BT_ERR("%s: BCM: USB product length mismatch", hdev->name);
283 kfree_skb(skb);
284 return ERR_PTR(-EIO);
285 }
286
287 return skb;
288}
289
290static const struct {
291 u16 subver;
292 const char *name;
293} bcm_uart_subver_table[] = {
294 { 0x4103, "BCM4330B1" },
295 { 0x410e, "BCM43341B0" },
296 { 0x4406, "BCM4324B3" },
297 { 0x610c, "BCM4354" },
298 { 0x2209, "BCM43430A1" },
299 { }
300};
301
302int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len)
303{
304 u16 subver, rev;
305 const char *hw_name = NULL;
306 struct sk_buff *skb;
307 struct hci_rp_read_local_version *ver;
308 int i, err;
309
310
311 err = btbcm_reset(hdev);
312 if (err)
313 return err;
314
315
316 skb = btbcm_read_local_version(hdev);
317 if (IS_ERR(skb))
318 return PTR_ERR(skb);
319
320 ver = (struct hci_rp_read_local_version *)skb->data;
321 rev = le16_to_cpu(ver->hci_rev);
322 subver = le16_to_cpu(ver->lmp_subver);
323 kfree_skb(skb);
324
325
326 skb = btbcm_read_verbose_config(hdev);
327 if (IS_ERR(skb))
328 return PTR_ERR(skb);
329
330 BT_INFO("%s: BCM: chip id %u", hdev->name, skb->data[1]);
331 kfree_skb(skb);
332
333 switch ((rev & 0xf000) >> 12) {
334 case 0:
335 case 1:
336 case 3:
337 for (i = 0; bcm_uart_subver_table[i].name; i++) {
338 if (subver == bcm_uart_subver_table[i].subver) {
339 hw_name = bcm_uart_subver_table[i].name;
340 break;
341 }
342 }
343
344 snprintf(fw_name, len, "brcm/%s.hcd", hw_name ? : "BCM");
345 break;
346 default:
347 return 0;
348 }
349
350 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
351 hw_name ? : "BCM", (subver & 0xe000) >> 13,
352 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
353
354 return 0;
355}
356EXPORT_SYMBOL_GPL(btbcm_initialize);
357
358int btbcm_finalize(struct hci_dev *hdev)
359{
360 struct sk_buff *skb;
361 struct hci_rp_read_local_version *ver;
362 u16 subver, rev;
363 int err;
364
365
366 err = btbcm_reset(hdev);
367 if (err)
368 return err;
369
370
371 skb = btbcm_read_local_version(hdev);
372 if (IS_ERR(skb))
373 return PTR_ERR(skb);
374
375 ver = (struct hci_rp_read_local_version *)skb->data;
376 rev = le16_to_cpu(ver->hci_rev);
377 subver = le16_to_cpu(ver->lmp_subver);
378 kfree_skb(skb);
379
380 BT_INFO("%s: BCM (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
381 (subver & 0xe000) >> 13, (subver & 0x1f00) >> 8,
382 (subver & 0x00ff), rev & 0x0fff);
383
384 btbcm_check_bdaddr(hdev);
385
386 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
387
388 return 0;
389}
390EXPORT_SYMBOL_GPL(btbcm_finalize);
391
392static const struct {
393 u16 subver;
394 const char *name;
395} bcm_usb_subver_table[] = {
396 { 0x210b, "BCM43142A0" },
397 { 0x2112, "BCM4314A0" },
398 { 0x2118, "BCM20702A0" },
399 { 0x2126, "BCM4335A0" },
400 { 0x220e, "BCM20702A1" },
401 { 0x230f, "BCM4354A2" },
402 { 0x4106, "BCM4335B0" },
403 { 0x410e, "BCM20702B0" },
404 { 0x6109, "BCM4335C0" },
405 { 0x610c, "BCM4354" },
406 { }
407};
408
409int btbcm_setup_patchram(struct hci_dev *hdev)
410{
411 char fw_name[64];
412 const struct firmware *fw;
413 u16 subver, rev, pid, vid;
414 const char *hw_name = NULL;
415 struct sk_buff *skb;
416 struct hci_rp_read_local_version *ver;
417 int i, err;
418
419
420 err = btbcm_reset(hdev);
421 if (err)
422 return err;
423
424
425 skb = btbcm_read_local_version(hdev);
426 if (IS_ERR(skb))
427 return PTR_ERR(skb);
428
429 ver = (struct hci_rp_read_local_version *)skb->data;
430 rev = le16_to_cpu(ver->hci_rev);
431 subver = le16_to_cpu(ver->lmp_subver);
432 kfree_skb(skb);
433
434
435 skb = btbcm_read_verbose_config(hdev);
436 if (IS_ERR(skb))
437 return PTR_ERR(skb);
438
439 BT_INFO("%s: BCM: chip id %u", hdev->name, skb->data[1]);
440 kfree_skb(skb);
441
442
443 skb = btbcm_read_controller_features(hdev);
444 if (IS_ERR(skb))
445 return PTR_ERR(skb);
446
447 BT_INFO("%s: BCM: features 0x%2.2x", hdev->name, skb->data[1]);
448 kfree_skb(skb);
449
450
451 skb = btbcm_read_local_name(hdev);
452 if (IS_ERR(skb))
453 return PTR_ERR(skb);
454
455 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
456 kfree_skb(skb);
457
458 switch ((rev & 0xf000) >> 12) {
459 case 0:
460 case 3:
461 for (i = 0; bcm_uart_subver_table[i].name; i++) {
462 if (subver == bcm_uart_subver_table[i].subver) {
463 hw_name = bcm_uart_subver_table[i].name;
464 break;
465 }
466 }
467
468 snprintf(fw_name, sizeof(fw_name), "brcm/%s.hcd",
469 hw_name ? : "BCM");
470 break;
471 case 1:
472 case 2:
473
474 skb = btbcm_read_usb_product(hdev);
475 if (IS_ERR(skb))
476 return PTR_ERR(skb);
477
478 vid = get_unaligned_le16(skb->data + 1);
479 pid = get_unaligned_le16(skb->data + 3);
480 kfree_skb(skb);
481
482 for (i = 0; bcm_usb_subver_table[i].name; i++) {
483 if (subver == bcm_usb_subver_table[i].subver) {
484 hw_name = bcm_usb_subver_table[i].name;
485 break;
486 }
487 }
488
489 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%4.4x-%4.4x.hcd",
490 hw_name ? : "BCM", vid, pid);
491 break;
492 default:
493 return 0;
494 }
495
496 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
497 hw_name ? : "BCM", (subver & 0xe000) >> 13,
498 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
499
500 err = request_firmware(&fw, fw_name, &hdev->dev);
501 if (err < 0) {
502 BT_INFO("%s: BCM: Patch %s not found", hdev->name, fw_name);
503 goto done;
504 }
505
506 btbcm_patchram(hdev, fw);
507
508 release_firmware(fw);
509
510
511 err = btbcm_reset(hdev);
512 if (err)
513 return err;
514
515
516 skb = btbcm_read_local_version(hdev);
517 if (IS_ERR(skb))
518 return PTR_ERR(skb);
519
520 ver = (struct hci_rp_read_local_version *)skb->data;
521 rev = le16_to_cpu(ver->hci_rev);
522 subver = le16_to_cpu(ver->lmp_subver);
523 kfree_skb(skb);
524
525 BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name,
526 hw_name ? : "BCM", (subver & 0xe000) >> 13,
527 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
528
529
530 skb = btbcm_read_local_name(hdev);
531 if (IS_ERR(skb))
532 return PTR_ERR(skb);
533
534 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
535 kfree_skb(skb);
536
537done:
538 btbcm_check_bdaddr(hdev);
539
540 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
541
542 return 0;
543}
544EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
545
546int btbcm_setup_apple(struct hci_dev *hdev)
547{
548 struct sk_buff *skb;
549 int err;
550
551
552 err = btbcm_reset(hdev);
553 if (err)
554 return err;
555
556
557 skb = btbcm_read_verbose_config(hdev);
558 if (!IS_ERR(skb)) {
559 BT_INFO("%s: BCM: chip id %u build %4.4u", hdev->name,
560 skb->data[1], get_unaligned_le16(skb->data + 5));
561 kfree_skb(skb);
562 }
563
564
565 skb = btbcm_read_usb_product(hdev);
566 if (!IS_ERR(skb)) {
567 BT_INFO("%s: BCM: product %4.4x:%4.4x", hdev->name,
568 get_unaligned_le16(skb->data + 1),
569 get_unaligned_le16(skb->data + 3));
570 kfree_skb(skb);
571 }
572
573
574 skb = btbcm_read_controller_features(hdev);
575 if (!IS_ERR(skb)) {
576 BT_INFO("%s: BCM: features 0x%2.2x", hdev->name, skb->data[1]);
577 kfree_skb(skb);
578 }
579
580
581 skb = btbcm_read_local_name(hdev);
582 if (!IS_ERR(skb)) {
583 BT_INFO("%s: %s", hdev->name, (char *)(skb->data + 1));
584 kfree_skb(skb);
585 }
586
587 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
588
589 return 0;
590}
591EXPORT_SYMBOL_GPL(btbcm_setup_apple);
592
593MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
594MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
595MODULE_VERSION(VERSION);
596MODULE_LICENSE("GPL");
597
