1
2
3
4
5
6
7
8
9#include <linux/module.h>
10#include <linux/firmware.h>
11#include <linux/dmi.h>
12#include <asm/unaligned.h>
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci_core.h>
16
17#include "btbcm.h"
18
19#define VERSION "0.1"
20
21#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
22#define BDADDR_BCM20702A1 (&(bdaddr_t) {{0x00, 0x00, 0xa0, 0x02, 0x70, 0x20}})
23#define BDADDR_BCM2076B1 (&(bdaddr_t) {{0x79, 0x56, 0x00, 0xa0, 0x76, 0x20}})
24#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
25#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
26#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
27#define BDADDR_BCM4334B0 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb0, 0x34, 0x43}})
28#define BDADDR_BCM4345C5 (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0xc5, 0x45, 0x43}})
29#define BDADDR_BCM43341B (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0x1b, 0x34, 0x43}})
30
31#define BCM_FW_NAME_LEN 64
32#define BCM_FW_NAME_COUNT_MAX 2
33
34typedef char bcm_fw_name[BCM_FW_NAME_LEN];
35
36int btbcm_check_bdaddr(struct hci_dev *hdev)
37{
38 struct hci_rp_read_bd_addr *bda;
39 struct sk_buff *skb;
40
41 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
42 HCI_INIT_TIMEOUT);
43 if (IS_ERR(skb)) {
44 int err = PTR_ERR(skb);
45
46 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
47 return err;
48 }
49
50 if (skb->len != sizeof(*bda)) {
51 bt_dev_err(hdev, "BCM: Device address length mismatch");
52 kfree_skb(skb);
53 return -EIO;
54 }
55
56 bda = (struct hci_rp_read_bd_addr *)skb->data;
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
81 !bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
82 !bacmp(&bda->bdaddr, BDADDR_BCM2076B1) ||
83 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
84 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1) ||
85 !bacmp(&bda->bdaddr, BDADDR_BCM4334B0) ||
86 !bacmp(&bda->bdaddr, BDADDR_BCM4345C5) ||
87 !bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
88 !bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
89 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
90 &bda->bdaddr);
91 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
92 }
93
94 kfree_skb(skb);
95
96 return 0;
97}
98EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
99
100int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
101{
102 struct sk_buff *skb;
103 int err;
104
105 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
106 if (IS_ERR(skb)) {
107 err = PTR_ERR(skb);
108 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
109 return err;
110 }
111 kfree_skb(skb);
112
113 return 0;
114}
115EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
116
117int btbcm_read_pcm_int_params(struct hci_dev *hdev,
118 struct bcm_set_pcm_int_params *params)
119{
120 struct sk_buff *skb;
121 int err = 0;
122
123 skb = __hci_cmd_sync(hdev, 0xfc1d, 0, NULL, HCI_INIT_TIMEOUT);
124 if (IS_ERR(skb)) {
125 err = PTR_ERR(skb);
126 bt_dev_err(hdev, "BCM: Read PCM int params failed (%d)", err);
127 return err;
128 }
129
130 if (skb->len != 6 || skb->data[0]) {
131 bt_dev_err(hdev, "BCM: Read PCM int params length mismatch");
132 kfree_skb(skb);
133 return -EIO;
134 }
135
136 if (params)
137 memcpy(params, skb->data + 1, 5);
138
139 kfree_skb(skb);
140
141 return 0;
142}
143EXPORT_SYMBOL_GPL(btbcm_read_pcm_int_params);
144
145int btbcm_write_pcm_int_params(struct hci_dev *hdev,
146 const struct bcm_set_pcm_int_params *params)
147{
148 struct sk_buff *skb;
149 int err;
150
151 skb = __hci_cmd_sync(hdev, 0xfc1c, 5, params, HCI_INIT_TIMEOUT);
152 if (IS_ERR(skb)) {
153 err = PTR_ERR(skb);
154 bt_dev_err(hdev, "BCM: Write PCM int params failed (%d)", err);
155 return err;
156 }
157 kfree_skb(skb);
158
159 return 0;
160}
161EXPORT_SYMBOL_GPL(btbcm_write_pcm_int_params);
162
163int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
164{
165 const struct hci_command_hdr *cmd;
166 const u8 *fw_ptr;
167 size_t fw_size;
168 struct sk_buff *skb;
169 u16 opcode;
170 int err = 0;
171
172
173 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
174 if (IS_ERR(skb)) {
175 err = PTR_ERR(skb);
176 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
177 err);
178 goto done;
179 }
180 kfree_skb(skb);
181
182
183 msleep(50);
184
185 fw_ptr = fw->data;
186 fw_size = fw->size;
187
188 while (fw_size >= sizeof(*cmd)) {
189 const u8 *cmd_param;
190
191 cmd = (struct hci_command_hdr *)fw_ptr;
192 fw_ptr += sizeof(*cmd);
193 fw_size -= sizeof(*cmd);
194
195 if (fw_size < cmd->plen) {
196 bt_dev_err(hdev, "BCM: Patch is corrupted");
197 err = -EINVAL;
198 goto done;
199 }
200
201 cmd_param = fw_ptr;
202 fw_ptr += cmd->plen;
203 fw_size -= cmd->plen;
204
205 opcode = le16_to_cpu(cmd->opcode);
206
207 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
208 HCI_INIT_TIMEOUT);
209 if (IS_ERR(skb)) {
210 err = PTR_ERR(skb);
211 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
212 opcode, err);
213 goto done;
214 }
215 kfree_skb(skb);
216 }
217
218
219 msleep(250);
220
221done:
222 return err;
223}
224EXPORT_SYMBOL(btbcm_patchram);
225
226static int btbcm_reset(struct hci_dev *hdev)
227{
228 struct sk_buff *skb;
229
230 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
231 if (IS_ERR(skb)) {
232 int err = PTR_ERR(skb);
233
234 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
235 return err;
236 }
237 kfree_skb(skb);
238
239
240 msleep(100);
241
242 return 0;
243}
244
245static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
246{
247 struct sk_buff *skb;
248
249 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
250 HCI_INIT_TIMEOUT);
251 if (IS_ERR(skb)) {
252 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
253 PTR_ERR(skb));
254 return skb;
255 }
256
257 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
258 bt_dev_err(hdev, "BCM: Local name length mismatch");
259 kfree_skb(skb);
260 return ERR_PTR(-EIO);
261 }
262
263 return skb;
264}
265
266static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
267{
268 struct sk_buff *skb;
269
270 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
271 HCI_INIT_TIMEOUT);
272 if (IS_ERR(skb)) {
273 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
274 PTR_ERR(skb));
275 return skb;
276 }
277
278 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
279 bt_dev_err(hdev, "BCM: Local version length mismatch");
280 kfree_skb(skb);
281 return ERR_PTR(-EIO);
282 }
283
284 return skb;
285}
286
287static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
288{
289 struct sk_buff *skb;
290
291 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
292 if (IS_ERR(skb)) {
293 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
294 PTR_ERR(skb));
295 return skb;
296 }
297
298 if (skb->len != 7) {
299 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
300 kfree_skb(skb);
301 return ERR_PTR(-EIO);
302 }
303
304 return skb;
305}
306
307static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
308{
309 struct sk_buff *skb;
310
311 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
312 if (IS_ERR(skb)) {
313 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
314 PTR_ERR(skb));
315 return skb;
316 }
317
318 if (skb->len != 9) {
319 bt_dev_err(hdev, "BCM: Controller features length mismatch");
320 kfree_skb(skb);
321 return ERR_PTR(-EIO);
322 }
323
324 return skb;
325}
326
327static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
328{
329 struct sk_buff *skb;
330
331 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
332 if (IS_ERR(skb)) {
333 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
334 PTR_ERR(skb));
335 return skb;
336 }
337
338 if (skb->len != 5) {
339 bt_dev_err(hdev, "BCM: USB product length mismatch");
340 kfree_skb(skb);
341 return ERR_PTR(-EIO);
342 }
343
344 return skb;
345}
346
347static const struct dmi_system_id disable_broken_read_transmit_power[] = {
348 {
349 .matches = {
350 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
351 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,1"),
352 },
353 },
354 {
355 .matches = {
356 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
357 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,2"),
358 },
359 },
360 {
361 .matches = {
362 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
363 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,4"),
364 },
365 },
366 {
367 .matches = {
368 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
369 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,1"),
370 },
371 },
372 {
373 .matches = {
374 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
375 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,2"),
376 },
377 },
378 {
379 .matches = {
380 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
381 DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,1"),
382 },
383 },
384 {
385 .matches = {
386 DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
387 DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,2"),
388 },
389 },
390 { }
391};
392
393static int btbcm_read_info(struct hci_dev *hdev)
394{
395 struct sk_buff *skb;
396
397
398 skb = btbcm_read_verbose_config(hdev);
399 if (IS_ERR(skb))
400 return PTR_ERR(skb);
401
402 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
403 kfree_skb(skb);
404
405
406 skb = btbcm_read_controller_features(hdev);
407 if (IS_ERR(skb))
408 return PTR_ERR(skb);
409
410 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
411 kfree_skb(skb);
412
413
414 if (dmi_first_match(disable_broken_read_transmit_power))
415 set_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks);
416
417 return 0;
418}
419
420static int btbcm_print_local_name(struct hci_dev *hdev)
421{
422 struct sk_buff *skb;
423
424
425 skb = btbcm_read_local_name(hdev);
426 if (IS_ERR(skb))
427 return PTR_ERR(skb);
428
429 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
430 kfree_skb(skb);
431
432 return 0;
433}
434
435struct bcm_subver_table {
436 u16 subver;
437 const char *name;
438};
439
440static const struct bcm_subver_table bcm_uart_subver_table[] = {
441 { 0x1111, "BCM4362A2" },
442 { 0x4103, "BCM4330B1" },
443 { 0x410d, "BCM4334B0" },
444 { 0x410e, "BCM43341B0" },
445 { 0x4204, "BCM2076B1" },
446 { 0x4406, "BCM4324B3" },
447 { 0x4606, "BCM4324B5" },
448 { 0x6109, "BCM4335C0" },
449 { 0x610c, "BCM4354" },
450 { 0x2122, "BCM4343A0" },
451 { 0x2209, "BCM43430A1" },
452 { 0x6119, "BCM4345C0" },
453 { 0x6606, "BCM4345C5" },
454 { 0x230f, "BCM4356A2" },
455 { 0x220e, "BCM20702A1" },
456 { 0x4217, "BCM4329B1" },
457 { 0x6106, "BCM4359C0" },
458 { 0x4106, "BCM4335A0" },
459 { 0x410c, "BCM43430B0" },
460 { }
461};
462
463static const struct bcm_subver_table bcm_usb_subver_table[] = {
464 { 0x2105, "BCM20703A1" },
465 { 0x210b, "BCM43142A0" },
466 { 0x2112, "BCM4314A0" },
467 { 0x2118, "BCM20702A0" },
468 { 0x2126, "BCM4335A0" },
469 { 0x220e, "BCM20702A1" },
470 { 0x230f, "BCM4356A2" },
471 { 0x4106, "BCM4335B0" },
472 { 0x410e, "BCM20702B0" },
473 { 0x6109, "BCM4335C0" },
474 { 0x610c, "BCM4354" },
475 { 0x6607, "BCM4350C5" },
476 { }
477};
478
479int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done)
480{
481 u16 subver, rev, pid, vid;
482 struct sk_buff *skb;
483 struct hci_rp_read_local_version *ver;
484 const struct bcm_subver_table *bcm_subver_table;
485 const char *hw_name = NULL;
486 char postfix[16] = "";
487 int fw_name_count = 0;
488 bcm_fw_name *fw_name;
489 const struct firmware *fw;
490 int i, err;
491
492
493 err = btbcm_reset(hdev);
494 if (err)
495 return err;
496
497
498 skb = btbcm_read_local_version(hdev);
499 if (IS_ERR(skb))
500 return PTR_ERR(skb);
501
502 ver = (struct hci_rp_read_local_version *)skb->data;
503 rev = le16_to_cpu(ver->hci_rev);
504 subver = le16_to_cpu(ver->lmp_subver);
505 kfree_skb(skb);
506
507
508 if (!(*fw_load_done)) {
509 err = btbcm_read_info(hdev);
510 if (err)
511 return err;
512 }
513 err = btbcm_print_local_name(hdev);
514 if (err)
515 return err;
516
517 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
518 bcm_uart_subver_table;
519
520 for (i = 0; bcm_subver_table[i].name; i++) {
521 if (subver == bcm_subver_table[i].subver) {
522 hw_name = bcm_subver_table[i].name;
523 break;
524 }
525 }
526
527 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
528 hw_name ? hw_name : "BCM", (subver & 0xe000) >> 13,
529 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
530
531 if (*fw_load_done)
532 return 0;
533
534 if (hdev->bus == HCI_USB) {
535
536 skb = btbcm_read_usb_product(hdev);
537 if (IS_ERR(skb))
538 return PTR_ERR(skb);
539
540 vid = get_unaligned_le16(skb->data + 1);
541 pid = get_unaligned_le16(skb->data + 3);
542 kfree_skb(skb);
543
544 snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);
545 }
546
547 fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL);
548 if (!fw_name)
549 return -ENOMEM;
550
551 if (hw_name) {
552 snprintf(fw_name[fw_name_count], BCM_FW_NAME_LEN,
553 "brcm/%s%s.hcd", hw_name, postfix);
554 fw_name_count++;
555 }
556
557 snprintf(fw_name[fw_name_count], BCM_FW_NAME_LEN,
558 "brcm/BCM%s.hcd", postfix);
559 fw_name_count++;
560
561 for (i = 0; i < fw_name_count; i++) {
562 err = firmware_request_nowarn(&fw, fw_name[i], &hdev->dev);
563 if (err == 0) {
564 bt_dev_info(hdev, "%s '%s' Patch",
565 hw_name ? hw_name : "BCM", fw_name[i]);
566 *fw_load_done = true;
567 break;
568 }
569 }
570
571 if (*fw_load_done) {
572 err = btbcm_patchram(hdev, fw);
573 if (err)
574 bt_dev_info(hdev, "BCM: Patch failed (%d)", err);
575
576 release_firmware(fw);
577 } else {
578 bt_dev_err(hdev, "BCM: firmware Patch file not found, tried:");
579 for (i = 0; i < fw_name_count; i++)
580 bt_dev_err(hdev, "BCM: '%s'", fw_name[i]);
581 }
582
583 kfree(fw_name);
584 return 0;
585}
586EXPORT_SYMBOL_GPL(btbcm_initialize);
587
588int btbcm_finalize(struct hci_dev *hdev, bool *fw_load_done)
589{
590 int err;
591
592
593 if (*fw_load_done) {
594 err = btbcm_initialize(hdev, fw_load_done);
595 if (err)
596 return err;
597 }
598
599 btbcm_check_bdaddr(hdev);
600
601 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
602
603 return 0;
604}
605EXPORT_SYMBOL_GPL(btbcm_finalize);
606
607int btbcm_setup_patchram(struct hci_dev *hdev)
608{
609 bool fw_load_done = false;
610 int err;
611
612
613 err = btbcm_initialize(hdev, &fw_load_done);
614 if (err)
615 return err;
616
617
618 return btbcm_finalize(hdev, &fw_load_done);
619}
620EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
621
622int btbcm_setup_apple(struct hci_dev *hdev)
623{
624 struct sk_buff *skb;
625 int err;
626
627
628 err = btbcm_reset(hdev);
629 if (err)
630 return err;
631
632
633 skb = btbcm_read_verbose_config(hdev);
634 if (!IS_ERR(skb)) {
635 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
636 skb->data[1], get_unaligned_le16(skb->data + 5));
637 kfree_skb(skb);
638 }
639
640
641 skb = btbcm_read_usb_product(hdev);
642 if (!IS_ERR(skb)) {
643 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
644 get_unaligned_le16(skb->data + 1),
645 get_unaligned_le16(skb->data + 3));
646 kfree_skb(skb);
647 }
648
649
650 skb = btbcm_read_controller_features(hdev);
651 if (!IS_ERR(skb)) {
652 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
653 kfree_skb(skb);
654 }
655
656
657 skb = btbcm_read_local_name(hdev);
658 if (!IS_ERR(skb)) {
659 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
660 kfree_skb(skb);
661 }
662
663 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
664
665 return 0;
666}
667EXPORT_SYMBOL_GPL(btbcm_setup_apple);
668
669MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
670MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
671MODULE_VERSION(VERSION);
672MODULE_LICENSE("GPL");
673
