1
2
3
4
5
6
7
8
9#include <linux/module.h>
10#include <linux/firmware.h>
11#include <asm/unaligned.h>
12
13#include <net/bluetooth/bluetooth.h>
14#include <net/bluetooth/hci_core.h>
15
16#include "btbcm.h"
17
18#define VERSION "0.1"
19
20#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
21#define BDADDR_BCM20702A1 (&(bdaddr_t) {{0x00, 0x00, 0xa0, 0x02, 0x70, 0x20}})
22#define BDADDR_BCM2076B1 (&(bdaddr_t) {{0x79, 0x56, 0x00, 0xa0, 0x76, 0x20}})
23#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
24#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
25#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
26#define BDADDR_BCM43341B (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0x1b, 0x34, 0x43}})
27
28int btbcm_check_bdaddr(struct hci_dev *hdev)
29{
30 struct hci_rp_read_bd_addr *bda;
31 struct sk_buff *skb;
32
33 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
34 HCI_INIT_TIMEOUT);
35 if (IS_ERR(skb)) {
36 int err = PTR_ERR(skb);
37 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
38 return err;
39 }
40
41 if (skb->len != sizeof(*bda)) {
42 bt_dev_err(hdev, "BCM: Device address length mismatch");
43 kfree_skb(skb);
44 return -EIO;
45 }
46
47 bda = (struct hci_rp_read_bd_addr *)skb->data;
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
72 !bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
73 !bacmp(&bda->bdaddr, BDADDR_BCM2076B1) ||
74 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
75 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1) ||
76 !bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
77 !bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
78 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
79 &bda->bdaddr);
80 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
81 }
82
83 kfree_skb(skb);
84
85 return 0;
86}
87EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
88
89int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
90{
91 struct sk_buff *skb;
92 int err;
93
94 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
95 if (IS_ERR(skb)) {
96 err = PTR_ERR(skb);
97 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
98 return err;
99 }
100 kfree_skb(skb);
101
102 return 0;
103}
104EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
105
106int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
107{
108 const struct hci_command_hdr *cmd;
109 const u8 *fw_ptr;
110 size_t fw_size;
111 struct sk_buff *skb;
112 u16 opcode;
113 int err = 0;
114
115
116 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
117 if (IS_ERR(skb)) {
118 err = PTR_ERR(skb);
119 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
120 err);
121 goto done;
122 }
123 kfree_skb(skb);
124
125
126 msleep(50);
127
128 fw_ptr = fw->data;
129 fw_size = fw->size;
130
131 while (fw_size >= sizeof(*cmd)) {
132 const u8 *cmd_param;
133
134 cmd = (struct hci_command_hdr *)fw_ptr;
135 fw_ptr += sizeof(*cmd);
136 fw_size -= sizeof(*cmd);
137
138 if (fw_size < cmd->plen) {
139 bt_dev_err(hdev, "BCM: Patch is corrupted");
140 err = -EINVAL;
141 goto done;
142 }
143
144 cmd_param = fw_ptr;
145 fw_ptr += cmd->plen;
146 fw_size -= cmd->plen;
147
148 opcode = le16_to_cpu(cmd->opcode);
149
150 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
151 HCI_INIT_TIMEOUT);
152 if (IS_ERR(skb)) {
153 err = PTR_ERR(skb);
154 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
155 opcode, err);
156 goto done;
157 }
158 kfree_skb(skb);
159 }
160
161
162 msleep(250);
163
164done:
165 return err;
166}
167EXPORT_SYMBOL(btbcm_patchram);
168
169static int btbcm_reset(struct hci_dev *hdev)
170{
171 struct sk_buff *skb;
172
173 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
174 if (IS_ERR(skb)) {
175 int err = PTR_ERR(skb);
176 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
177 return err;
178 }
179 kfree_skb(skb);
180
181
182 msleep(100);
183
184 return 0;
185}
186
187static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
188{
189 struct sk_buff *skb;
190
191 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
192 HCI_INIT_TIMEOUT);
193 if (IS_ERR(skb)) {
194 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
195 PTR_ERR(skb));
196 return skb;
197 }
198
199 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
200 bt_dev_err(hdev, "BCM: Local name length mismatch");
201 kfree_skb(skb);
202 return ERR_PTR(-EIO);
203 }
204
205 return skb;
206}
207
208static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
209{
210 struct sk_buff *skb;
211
212 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
213 HCI_INIT_TIMEOUT);
214 if (IS_ERR(skb)) {
215 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
216 PTR_ERR(skb));
217 return skb;
218 }
219
220 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
221 bt_dev_err(hdev, "BCM: Local version length mismatch");
222 kfree_skb(skb);
223 return ERR_PTR(-EIO);
224 }
225
226 return skb;
227}
228
229static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
230{
231 struct sk_buff *skb;
232
233 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
234 if (IS_ERR(skb)) {
235 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
236 PTR_ERR(skb));
237 return skb;
238 }
239
240 if (skb->len != 7) {
241 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
242 kfree_skb(skb);
243 return ERR_PTR(-EIO);
244 }
245
246 return skb;
247}
248
249static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
250{
251 struct sk_buff *skb;
252
253 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
254 if (IS_ERR(skb)) {
255 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
256 PTR_ERR(skb));
257 return skb;
258 }
259
260 if (skb->len != 9) {
261 bt_dev_err(hdev, "BCM: Controller features length mismatch");
262 kfree_skb(skb);
263 return ERR_PTR(-EIO);
264 }
265
266 return skb;
267}
268
269static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
270{
271 struct sk_buff *skb;
272
273 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
274 if (IS_ERR(skb)) {
275 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
276 PTR_ERR(skb));
277 return skb;
278 }
279
280 if (skb->len != 5) {
281 bt_dev_err(hdev, "BCM: USB product length mismatch");
282 kfree_skb(skb);
283 return ERR_PTR(-EIO);
284 }
285
286 return skb;
287}
288
289static int btbcm_read_info(struct hci_dev *hdev)
290{
291 struct sk_buff *skb;
292
293
294 skb = btbcm_read_verbose_config(hdev);
295 if (IS_ERR(skb))
296 return PTR_ERR(skb);
297
298 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
299 kfree_skb(skb);
300
301
302 skb = btbcm_read_controller_features(hdev);
303 if (IS_ERR(skb))
304 return PTR_ERR(skb);
305
306 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
307 kfree_skb(skb);
308
309
310 skb = btbcm_read_local_name(hdev);
311 if (IS_ERR(skb))
312 return PTR_ERR(skb);
313
314 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
315 kfree_skb(skb);
316
317 return 0;
318}
319
320struct bcm_subver_table {
321 u16 subver;
322 const char *name;
323};
324
325static const struct bcm_subver_table bcm_uart_subver_table[] = {
326 { 0x4103, "BCM4330B1" },
327 { 0x410e, "BCM43341B0" },
328 { 0x4204, "BCM2076B1" },
329 { 0x4406, "BCM4324B3" },
330 { 0x6109, "BCM4335C0" },
331 { 0x610c, "BCM4354" },
332 { 0x2122, "BCM4343A0" },
333 { 0x2209, "BCM43430A1" },
334 { 0x6119, "BCM4345C0" },
335 { 0x230f, "BCM4356A2" },
336 { 0x220e, "BCM20702A1" },
337 { 0x4217, "BCM4329B1" },
338 { 0x6106, "BCM4359C0" },
339 { }
340};
341
342static const struct bcm_subver_table bcm_usb_subver_table[] = {
343 { 0x210b, "BCM43142A0" },
344 { 0x2112, "BCM4314A0" },
345 { 0x2118, "BCM20702A0" },
346 { 0x2126, "BCM4335A0" },
347 { 0x220e, "BCM20702A1" },
348 { 0x230f, "BCM4354A2" },
349 { 0x4106, "BCM4335B0" },
350 { 0x410e, "BCM20702B0" },
351 { 0x6109, "BCM4335C0" },
352 { 0x610c, "BCM4354" },
353 { }
354};
355
356int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len,
357 bool reinit)
358{
359 u16 subver, rev, pid, vid;
360 const char *hw_name = "BCM";
361 struct sk_buff *skb;
362 struct hci_rp_read_local_version *ver;
363 const struct bcm_subver_table *bcm_subver_table;
364 int i, err;
365
366
367 err = btbcm_reset(hdev);
368 if (err)
369 return err;
370
371
372 skb = btbcm_read_local_version(hdev);
373 if (IS_ERR(skb))
374 return PTR_ERR(skb);
375
376 ver = (struct hci_rp_read_local_version *)skb->data;
377 rev = le16_to_cpu(ver->hci_rev);
378 subver = le16_to_cpu(ver->lmp_subver);
379 kfree_skb(skb);
380
381
382 if (!reinit) {
383 err = btbcm_read_info(hdev);
384 if (err)
385 return err;
386 }
387
388
389 if (((rev & 0xf000) >> 12) > 3)
390 return 0;
391
392 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
393 bcm_uart_subver_table;
394
395 for (i = 0; bcm_subver_table[i].name; i++) {
396 if (subver == bcm_subver_table[i].subver) {
397 hw_name = bcm_subver_table[i].name;
398 break;
399 }
400 }
401
402 if (hdev->bus == HCI_USB) {
403
404 skb = btbcm_read_usb_product(hdev);
405 if (IS_ERR(skb))
406 return PTR_ERR(skb);
407
408 vid = get_unaligned_le16(skb->data + 1);
409 pid = get_unaligned_le16(skb->data + 3);
410 kfree_skb(skb);
411
412 snprintf(fw_name, len, "brcm/%s-%4.4x-%4.4x.hcd",
413 hw_name, vid, pid);
414 } else {
415 snprintf(fw_name, len, "brcm/%s.hcd", hw_name);
416 }
417
418 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
419 hw_name, (subver & 0xe000) >> 13,
420 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
421
422 return 0;
423}
424EXPORT_SYMBOL_GPL(btbcm_initialize);
425
426int btbcm_finalize(struct hci_dev *hdev)
427{
428 char fw_name[64];
429 int err;
430
431
432 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
433 if (err)
434 return err;
435
436 btbcm_check_bdaddr(hdev);
437
438 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
439
440 return 0;
441}
442EXPORT_SYMBOL_GPL(btbcm_finalize);
443
444int btbcm_setup_patchram(struct hci_dev *hdev)
445{
446 char fw_name[64];
447 const struct firmware *fw;
448 struct sk_buff *skb;
449 int err;
450
451
452 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), false);
453 if (err)
454 return err;
455
456 err = request_firmware(&fw, fw_name, &hdev->dev);
457 if (err < 0) {
458 bt_dev_info(hdev, "BCM: Patch %s not found", fw_name);
459 goto done;
460 }
461
462 btbcm_patchram(hdev, fw);
463
464 release_firmware(fw);
465
466
467 err = btbcm_initialize(hdev, fw_name, sizeof(fw_name), true);
468 if (err)
469 return err;
470
471
472 skb = btbcm_read_local_name(hdev);
473 if (IS_ERR(skb))
474 return PTR_ERR(skb);
475
476 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
477 kfree_skb(skb);
478
479done:
480 btbcm_check_bdaddr(hdev);
481
482 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
483
484 return 0;
485}
486EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
487
488int btbcm_setup_apple(struct hci_dev *hdev)
489{
490 struct sk_buff *skb;
491 int err;
492
493
494 err = btbcm_reset(hdev);
495 if (err)
496 return err;
497
498
499 skb = btbcm_read_verbose_config(hdev);
500 if (!IS_ERR(skb)) {
501 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
502 skb->data[1], get_unaligned_le16(skb->data + 5));
503 kfree_skb(skb);
504 }
505
506
507 skb = btbcm_read_usb_product(hdev);
508 if (!IS_ERR(skb)) {
509 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
510 get_unaligned_le16(skb->data + 1),
511 get_unaligned_le16(skb->data + 3));
512 kfree_skb(skb);
513 }
514
515
516 skb = btbcm_read_controller_features(hdev);
517 if (!IS_ERR(skb)) {
518 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
519 kfree_skb(skb);
520 }
521
522
523 skb = btbcm_read_local_name(hdev);
524 if (!IS_ERR(skb)) {
525 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
526 kfree_skb(skb);
527 }
528
529 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
530
531 return 0;
532}
533EXPORT_SYMBOL_GPL(btbcm_setup_apple);
534
535MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
536MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
537MODULE_VERSION(VERSION);
538MODULE_LICENSE("GPL");
539