1
2
3
4
5
6
7
8
9#include <linux/module.h>
10#include <linux/firmware.h>
11#include <asm/unaligned.h>
12
13#include <net/bluetooth/bluetooth.h>
14#include <net/bluetooth/hci_core.h>
15
16#include "btbcm.h"
17
18#define VERSION "0.1"
19
20#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
21#define BDADDR_BCM20702A1 (&(bdaddr_t) {{0x00, 0x00, 0xa0, 0x02, 0x70, 0x20}})
22#define BDADDR_BCM2076B1 (&(bdaddr_t) {{0x79, 0x56, 0x00, 0xa0, 0x76, 0x20}})
23#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
24#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
25#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
26#define BDADDR_BCM43341B (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0x1b, 0x34, 0x43}})
27
28int btbcm_check_bdaddr(struct hci_dev *hdev)
29{
30 struct hci_rp_read_bd_addr *bda;
31 struct sk_buff *skb;
32
33 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
34 HCI_INIT_TIMEOUT);
35 if (IS_ERR(skb)) {
36 int err = PTR_ERR(skb);
37 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
38 return err;
39 }
40
41 if (skb->len != sizeof(*bda)) {
42 bt_dev_err(hdev, "BCM: Device address length mismatch");
43 kfree_skb(skb);
44 return -EIO;
45 }
46
47 bda = (struct hci_rp_read_bd_addr *)skb->data;
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
72 !bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
73 !bacmp(&bda->bdaddr, BDADDR_BCM2076B1) ||
74 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1) ||
76 !bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
77 !bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
78 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
79 &bda->bdaddr);
80 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
81 }
82
83 kfree_skb(skb);
84
85 return 0;
86}
87EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
88
89int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
90{
91 struct sk_buff *skb;
92 int err;
93
94 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
95 if (IS_ERR(skb)) {
96 err = PTR_ERR(skb);
97 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
98 return err;
99 }
100 kfree_skb(skb);
101
102 return 0;
103}
104EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
105
106int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
107{
108 const struct hci_command_hdr *cmd;
109 const u8 *fw_ptr;
110 size_t fw_size;
111 struct sk_buff *skb;
112 u16 opcode;
113 int err = 0;
114
115
116 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
117 if (IS_ERR(skb)) {
118 err = PTR_ERR(skb);
119 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
120 err);
121 goto done;
122 }
123 kfree_skb(skb);
124
125
126 msleep(50);
127
128 fw_ptr = fw->data;
129 fw_size = fw->size;
130
131 while (fw_size >= sizeof(*cmd)) {
132 const u8 *cmd_param;
133
134 cmd = (struct hci_command_hdr *)fw_ptr;
135 fw_ptr += sizeof(*cmd);
136 fw_size -= sizeof(*cmd);
137
138 if (fw_size < cmd->plen) {
139 bt_dev_err(hdev, "BCM: Patch is corrupted");
140 err = -EINVAL;
141 goto done;
142 }
143
144 cmd_param = fw_ptr;
145 fw_ptr += cmd->plen;
146 fw_size -= cmd->plen;
147
148 opcode = le16_to_cpu(cmd->opcode);
149
150 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
151 HCI_INIT_TIMEOUT);
152 if (IS_ERR(skb)) {
153 err = PTR_ERR(skb);
154 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
155 opcode, err);
156 goto done;
157 }
158 kfree_skb(skb);
159 }
160
161
162 msleep(250);
163
164done:
165 return err;
166}
167EXPORT_SYMBOL(btbcm_patchram);
168
169static int btbcm_reset(struct hci_dev *hdev)
170{
171 struct sk_buff *skb;
172
173 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
174 if (IS_ERR(skb)) {
175 int err = PTR_ERR(skb);
176 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
177 return err;
178 }
179 kfree_skb(skb);
180
181
182 msleep(100);
183
184 return 0;
185}
186
187static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
188{
189 struct sk_buff *skb;
190
191 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
192 HCI_INIT_TIMEOUT);
193 if (IS_ERR(skb)) {
194 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
195 PTR_ERR(skb));
196 return skb;
197 }
198
199 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
200 bt_dev_err(hdev, "BCM: Local name length mismatch");
201 kfree_skb(skb);
202 return ERR_PTR(-EIO);
203 }
204
205 return skb;
206}
207
208static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
209{
210 struct sk_buff *skb;
211
212 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
213 HCI_INIT_TIMEOUT);
214 if (IS_ERR(skb)) {
215 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
216 PTR_ERR(skb));
217 return skb;
218 }
219
220 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
221 bt_dev_err(hdev, "BCM: Local version length mismatch");
222 kfree_skb(skb);
223 return ERR_PTR(-EIO);
224 }
225
226 return skb;
227}
228
229static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
230{
231 struct sk_buff *skb;
232
233 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
234 if (IS_ERR(skb)) {
235 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
236 PTR_ERR(skb));
237 return skb;
238 }
239
240 if (skb->len != 7) {
241 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
242 kfree_skb(skb);
243 return ERR_PTR(-EIO);
244 }
245
246 return skb;
247}
248
249static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
250{
251 struct sk_buff *skb;
252
253 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
254 if (IS_ERR(skb)) {
255 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
256 PTR_ERR(skb));
257 return skb;
258 }
259
260 if (skb->len != 9) {
261 bt_dev_err(hdev, "BCM: Controller features length mismatch");
262 kfree_skb(skb);
263 return ERR_PTR(-EIO);
264 }
265
266 return skb;
267}
268
269static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
270{
271 struct sk_buff *skb;
272
273 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
274 if (IS_ERR(skb)) {
275 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
276 PTR_ERR(skb));
277 return skb;
278 }
279
280 if (skb->len != 5) {
281 bt_dev_err(hdev, "BCM: USB product length mismatch");
282 kfree_skb(skb);
283 return ERR_PTR(-EIO);
284 }
285
286 return skb;
287}
288
289static int btbcm_read_info(struct hci_dev *hdev)
290{
291 struct sk_buff *skb;
292
293
294 skb = btbcm_read_verbose_config(hdev);
295 if (IS_ERR(skb))
296 return PTR_ERR(skb);
297
298 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
299 kfree_skb(skb);
300
301
302 skb = btbcm_read_controller_features(hdev);
303 if (IS_ERR(skb))
304 return PTR_ERR(skb);
305
306 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
307 kfree_skb(skb);
308
309
310 skb = btbcm_read_local_name(hdev);
311 if (IS_ERR(skb))
312 return PTR_ERR(skb);
313
314 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
315 kfree_skb(skb);
316
317 return 0;
318}
319
320struct bcm_subver_table {
321 u16 subver;
322 const char *name;
323};
324
325static const struct bcm_subver_table bcm_uart_subver_table[] = {
326 { 0x4103, "BCM4330B1" },
327 { 0x410e, "BCM43341B0" },
328 { 0x4204, "BCM2076B1" },
329 { 0x4406, "BCM4324B3" },
330 { 0x6109, "BCM4335C0" },
331 { 0x610c, "BCM4354" },
332 { 0x2122, "BCM4343A0" },
333 { 0x2209, "BCM43430A1" },
334 { 0x6119, "BCM4345C0" },
335 { 0x230f, "BCM4356A2" },
336 { 0x220e, "BCM20702A1" },
337 { 0x4217, "BCM4329B1" },
338 { }
339};
340
341static const struct bcm_subver_table bcm_usb_subver_table[] = {
342 { 0x210b, "BCM43142A0" },
343 { 0x2112, "BCM4314A0" },
344 { 0x2118, "BCM20702A0" },
345 { 0x2126, "BCM4335A0" },
346 { 0x220e, "BCM20702A1" },
347 { 0x230f, "BCM4354A2" },
348 { 0x4106, "BCM4335B0" },
349 { 0x410e, "BCM20702B0" },
350 { 0x6109, "BCM4335C0" },
351 { 0x610c, "BCM4354" },
352 { }
353};
354
355int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len,
356 bool reinit)
357{
358 u16 subver, rev, pid, vid;
359 const char *hw_name = "BCM";
360 struct sk_buff *skb;
361 struct hci_rp_read_local_version *ver;
362 const struct bcm_subver_table *bcm_subver_table;
363 int i, err;
364
365
366 err = btbcm_reset(hdev);
367 if (err)
368 return err;
369
370
371 skb = btbcm_read_local_version(hdev);
372 if (IS_ERR(skb))
373 return PTR_ERR(skb);
374
375 ver = (struct hci_rp_read_local_version *)skb->data;
376 rev = le16_to_cpu(ver->hci_rev);
377 subver = le16_to_cpu(ver->lmp_subver);
378 kfree_skb(skb);
379
380
381 if (!reinit) {
382 err = btbcm_read_info(hdev);
383 if (err)
384 return err;
385 }
386
387
388 if (((rev & 0xf000) >> 12) > 3)
389 return 0;
390
391 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
392 bcm_uart_subver_table;
393
394 for (i = 0; bcm_subver_table[i].name; i++) {
395 if (subver == bcm_subver_table[i].subver) {
396 hw_name = bcm_subver_table[i].name;
397 break;
398 }
399 }
400
401 if (hdev->bus == HCI_USB) {
402
403 skb = btbcm_read_usb_product(hdev);
404 if (IS_ERR(skb))
405 return PTR_ERR(skb);
406
407 vid = get_unaligned_le16(skb->data + 1);
408 pid = get_unaligned_le16(skb->data + 3);
409 kfree_skb(skb);
410
411 snprintf(fw_name, len, "brcm/%s-%4.4x-%4.4x.hcd",
412 hw_name, vid, pid);
413 } else {
414 snprintf(fw_name, len, "brcm/%s.hcd", hw_name);
415 }
416
417 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
418 hw_name, (subver & 0xe000) >> 13,
419 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
420
421 return 0;
422}
423EXPORT_SYMBOL_GPL(btbcm_initialize);
424
425int btbcm_finalize(struct hci_dev *hdev)
426{
427 char fw_name[64];
428 int err;
429
430
431 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
432 if (err)
433 return err;
434
435 btbcm_check_bdaddr(hdev);
436
437 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
438
439 return 0;
440}
441EXPORT_SYMBOL_GPL(btbcm_finalize);
442
443int btbcm_setup_patchram(struct hci_dev *hdev)
444{
445 char fw_name[64];
446 const struct firmware *fw;
447 struct sk_buff *skb;
448 int err;
449
450
451 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), false);
452 if (err)
453 return err;
454
455 err = request_firmware(&fw, fw_name, &hdev->dev);
456 if (err < 0) {
457 bt_dev_info(hdev, "BCM: Patch %s not found", fw_name);
458 goto done;
459 }
460
461 btbcm_patchram(hdev, fw);
462
463 release_firmware(fw);
464
465
466 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
467 if (err)
468 return err;
469
470
471 skb = btbcm_read_local_name(hdev);
472 if (IS_ERR(skb))
473 return PTR_ERR(skb);
474
475 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
476 kfree_skb(skb);
477
478done:
479 btbcm_check_bdaddr(hdev);
480
481 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
482
483 return 0;
484}
485EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
486
487int btbcm_setup_apple(struct hci_dev *hdev)
488{
489 struct sk_buff *skb;
490 int err;
491
492
493 err = btbcm_reset(hdev);
494 if (err)
495 return err;
496
497
498 skb = btbcm_read_verbose_config(hdev);
499 if (!IS_ERR(skb)) {
500 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
501 skb->data[1], get_unaligned_le16(skb->data + 5));
502 kfree_skb(skb);
503 }
504
505
506 skb = btbcm_read_usb_product(hdev);
507 if (!IS_ERR(skb)) {
508 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
509 get_unaligned_le16(skb->data + 1),
510 get_unaligned_le16(skb->data + 3));
511 kfree_skb(skb);
512 }
513
514
515 skb = btbcm_read_controller_features(hdev);
516 if (!IS_ERR(skb)) {
517 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
518 kfree_skb(skb);
519 }
520
521
522 skb = btbcm_read_local_name(hdev);
523 if (!IS_ERR(skb)) {
524 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
525 kfree_skb(skb);
526 }
527
528 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
529
530 return 0;
531}
532EXPORT_SYMBOL_GPL(btbcm_setup_apple);
533
534MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
535MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
536MODULE_VERSION(VERSION);
537MODULE_LICENSE("GPL");
538