1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/module.h>
25#include <linux/firmware.h>
26#include <linux/regmap.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "btintel.h"
32
33#define VERSION "0.1"
34
35#define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
36
37int btintel_check_bdaddr(struct hci_dev *hdev)
38{
39 struct hci_rp_read_bd_addr *bda;
40 struct sk_buff *skb;
41
42 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
43 HCI_INIT_TIMEOUT);
44 if (IS_ERR(skb)) {
45 int err = PTR_ERR(skb);
46 BT_ERR("%s: Reading Intel device address failed (%d)",
47 hdev->name, err);
48 return err;
49 }
50
51 if (skb->len != sizeof(*bda)) {
52 BT_ERR("%s: Intel device address length mismatch", hdev->name);
53 kfree_skb(skb);
54 return -EIO;
55 }
56
57 bda = (struct hci_rp_read_bd_addr *)skb->data;
58
59
60
61
62
63
64 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
65 BT_ERR("%s: Found Intel default device address (%pMR)",
66 hdev->name, &bda->bdaddr);
67 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
68 }
69
70 kfree_skb(skb);
71
72 return 0;
73}
74EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
75
76int btintel_enter_mfg(struct hci_dev *hdev)
77{
78 const u8 param[] = { 0x01, 0x00 };
79 struct sk_buff *skb;
80
81 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
82 if (IS_ERR(skb)) {
83 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
84 PTR_ERR(skb));
85 return PTR_ERR(skb);
86 }
87 kfree_skb(skb);
88
89 return 0;
90}
91EXPORT_SYMBOL_GPL(btintel_enter_mfg);
92
93int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
94{
95 u8 param[] = { 0x00, 0x00 };
96 struct sk_buff *skb;
97
98
99
100
101
102
103 if (reset)
104 param[1] |= patched ? 0x02 : 0x01;
105
106 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
107 if (IS_ERR(skb)) {
108 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
109 PTR_ERR(skb));
110 return PTR_ERR(skb);
111 }
112 kfree_skb(skb);
113
114 return 0;
115}
116EXPORT_SYMBOL_GPL(btintel_exit_mfg);
117
118int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
119{
120 struct sk_buff *skb;
121 int err;
122
123 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
124 if (IS_ERR(skb)) {
125 err = PTR_ERR(skb);
126 BT_ERR("%s: Changing Intel device address failed (%d)",
127 hdev->name, err);
128 return err;
129 }
130 kfree_skb(skb);
131
132 return 0;
133}
134EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
135
136int btintel_set_diag(struct hci_dev *hdev, bool enable)
137{
138 struct sk_buff *skb;
139 u8 param[3];
140 int err;
141
142 if (enable) {
143 param[0] = 0x03;
144 param[1] = 0x03;
145 param[2] = 0x03;
146 } else {
147 param[0] = 0x00;
148 param[1] = 0x00;
149 param[2] = 0x00;
150 }
151
152 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
153 if (IS_ERR(skb)) {
154 err = PTR_ERR(skb);
155 if (err == -ENODATA)
156 goto done;
157 BT_ERR("%s: Changing Intel diagnostic mode failed (%d)",
158 hdev->name, err);
159 return err;
160 }
161 kfree_skb(skb);
162
163done:
164 btintel_set_event_mask(hdev, enable);
165 return 0;
166}
167EXPORT_SYMBOL_GPL(btintel_set_diag);
168
169int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
170{
171 int err, ret;
172
173 err = btintel_enter_mfg(hdev);
174 if (err)
175 return err;
176
177 ret = btintel_set_diag(hdev, enable);
178
179 err = btintel_exit_mfg(hdev, false, false);
180 if (err)
181 return err;
182
183 return ret;
184}
185EXPORT_SYMBOL_GPL(btintel_set_diag_mfg);
186
187void btintel_hw_error(struct hci_dev *hdev, u8 code)
188{
189 struct sk_buff *skb;
190 u8 type = 0x00;
191
192 BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code);
193
194 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
195 if (IS_ERR(skb)) {
196 BT_ERR("%s: Reset after hardware error failed (%ld)",
197 hdev->name, PTR_ERR(skb));
198 return;
199 }
200 kfree_skb(skb);
201
202 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
203 if (IS_ERR(skb)) {
204 BT_ERR("%s: Retrieving Intel exception info failed (%ld)",
205 hdev->name, PTR_ERR(skb));
206 return;
207 }
208
209 if (skb->len != 13) {
210 BT_ERR("%s: Exception info size mismatch", hdev->name);
211 kfree_skb(skb);
212 return;
213 }
214
215 BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1));
216
217 kfree_skb(skb);
218}
219EXPORT_SYMBOL_GPL(btintel_hw_error);
220
221void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
222{
223 const char *variant;
224
225 switch (ver->fw_variant) {
226 case 0x06:
227 variant = "Bootloader";
228 break;
229 case 0x23:
230 variant = "Firmware";
231 break;
232 default:
233 return;
234 }
235
236 BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name,
237 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
238 ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy);
239}
240EXPORT_SYMBOL_GPL(btintel_version_info);
241
242int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
243 const void *param)
244{
245 while (plen > 0) {
246 struct sk_buff *skb;
247 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
248
249 cmd_param[0] = fragment_type;
250 memcpy(cmd_param + 1, param, fragment_len);
251
252 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
253 cmd_param, HCI_INIT_TIMEOUT);
254 if (IS_ERR(skb))
255 return PTR_ERR(skb);
256
257 kfree_skb(skb);
258
259 plen -= fragment_len;
260 param += fragment_len;
261 }
262
263 return 0;
264}
265EXPORT_SYMBOL_GPL(btintel_secure_send);
266
267int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
268{
269 const struct firmware *fw;
270 struct sk_buff *skb;
271 const u8 *fw_ptr;
272 int err;
273
274 err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
275 if (err < 0) {
276 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
277 ddc_name, err);
278 return err;
279 }
280
281 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
282
283 fw_ptr = fw->data;
284
285
286
287
288 while (fw->size > fw_ptr - fw->data) {
289 u8 cmd_plen = fw_ptr[0] + sizeof(u8);
290
291 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
292 HCI_INIT_TIMEOUT);
293 if (IS_ERR(skb)) {
294 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
295 PTR_ERR(skb));
296 release_firmware(fw);
297 return PTR_ERR(skb);
298 }
299
300 fw_ptr += cmd_plen;
301 kfree_skb(skb);
302 }
303
304 release_firmware(fw);
305
306 bt_dev_info(hdev, "Applying Intel DDC parameters completed");
307
308 return 0;
309}
310EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
311
312int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
313{
314 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
315 struct sk_buff *skb;
316 int err;
317
318 if (debug)
319 mask[1] |= 0x62;
320
321 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
322 if (IS_ERR(skb)) {
323 err = PTR_ERR(skb);
324 BT_ERR("%s: Setting Intel event mask failed (%d)",
325 hdev->name, err);
326 return err;
327 }
328 kfree_skb(skb);
329
330 return 0;
331}
332EXPORT_SYMBOL_GPL(btintel_set_event_mask);
333
334int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
335{
336 int err, ret;
337
338 err = btintel_enter_mfg(hdev);
339 if (err)
340 return err;
341
342 ret = btintel_set_event_mask(hdev, debug);
343
344 err = btintel_exit_mfg(hdev, false, false);
345 if (err)
346 return err;
347
348 return ret;
349}
350EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
351
352int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
353{
354 struct sk_buff *skb;
355
356 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
357 if (IS_ERR(skb)) {
358 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
359 PTR_ERR(skb));
360 return PTR_ERR(skb);
361 }
362
363 if (skb->len != sizeof(*ver)) {
364 bt_dev_err(hdev, "Intel version event size mismatch");
365 kfree_skb(skb);
366 return -EILSEQ;
367 }
368
369 memcpy(ver, skb->data, sizeof(*ver));
370
371 kfree_skb(skb);
372
373 return 0;
374}
375EXPORT_SYMBOL_GPL(btintel_read_version);
376
377
378
379#define IBT_REG_MODE_8BIT 0x00
380#define IBT_REG_MODE_16BIT 0x01
381#define IBT_REG_MODE_32BIT 0x02
382
383struct regmap_ibt_context {
384 struct hci_dev *hdev;
385 __u16 op_write;
386 __u16 op_read;
387};
388
389struct ibt_cp_reg_access {
390 __le32 addr;
391 __u8 mode;
392 __u8 len;
393 __u8 data[0];
394} __packed;
395
396struct ibt_rp_reg_access {
397 __u8 status;
398 __le32 addr;
399 __u8 data[0];
400} __packed;
401
402static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
403 void *val, size_t val_size)
404{
405 struct regmap_ibt_context *ctx = context;
406 struct ibt_cp_reg_access cp;
407 struct ibt_rp_reg_access *rp;
408 struct sk_buff *skb;
409 int err = 0;
410
411 if (reg_size != sizeof(__le32))
412 return -EINVAL;
413
414 switch (val_size) {
415 case 1:
416 cp.mode = IBT_REG_MODE_8BIT;
417 break;
418 case 2:
419 cp.mode = IBT_REG_MODE_16BIT;
420 break;
421 case 4:
422 cp.mode = IBT_REG_MODE_32BIT;
423 break;
424 default:
425 return -EINVAL;
426 }
427
428
429 cp.addr = *(__le32 *)addr;
430 cp.len = val_size;
431
432 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
433
434 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
435 HCI_CMD_TIMEOUT);
436 if (IS_ERR(skb)) {
437 err = PTR_ERR(skb);
438 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
439 le32_to_cpu(cp.addr), err);
440 return err;
441 }
442
443 if (skb->len != sizeof(*rp) + val_size) {
444 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
445 le32_to_cpu(cp.addr));
446 err = -EINVAL;
447 goto done;
448 }
449
450 rp = (struct ibt_rp_reg_access *)skb->data;
451
452 if (rp->addr != cp.addr) {
453 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
454 le32_to_cpu(rp->addr));
455 err = -EINVAL;
456 goto done;
457 }
458
459 memcpy(val, rp->data, val_size);
460
461done:
462 kfree_skb(skb);
463 return err;
464}
465
466static int regmap_ibt_gather_write(void *context,
467 const void *addr, size_t reg_size,
468 const void *val, size_t val_size)
469{
470 struct regmap_ibt_context *ctx = context;
471 struct ibt_cp_reg_access *cp;
472 struct sk_buff *skb;
473 int plen = sizeof(*cp) + val_size;
474 u8 mode;
475 int err = 0;
476
477 if (reg_size != sizeof(__le32))
478 return -EINVAL;
479
480 switch (val_size) {
481 case 1:
482 mode = IBT_REG_MODE_8BIT;
483 break;
484 case 2:
485 mode = IBT_REG_MODE_16BIT;
486 break;
487 case 4:
488 mode = IBT_REG_MODE_32BIT;
489 break;
490 default:
491 return -EINVAL;
492 }
493
494 cp = kmalloc(plen, GFP_KERNEL);
495 if (!cp)
496 return -ENOMEM;
497
498
499 cp->addr = *(__le32 *)addr;
500 cp->mode = mode;
501 cp->len = val_size;
502 memcpy(&cp->data, val, val_size);
503
504 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
505
506 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
507 if (IS_ERR(skb)) {
508 err = PTR_ERR(skb);
509 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
510 le32_to_cpu(cp->addr), err);
511 goto done;
512 }
513 kfree_skb(skb);
514
515done:
516 kfree(cp);
517 return err;
518}
519
520static int regmap_ibt_write(void *context, const void *data, size_t count)
521{
522
523
524
525 if (WARN_ONCE(count < 4, "Invalid register access"))
526 return -EINVAL;
527
528 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
529}
530
531static void regmap_ibt_free_context(void *context)
532{
533 kfree(context);
534}
535
536static struct regmap_bus regmap_ibt = {
537 .read = regmap_ibt_read,
538 .write = regmap_ibt_write,
539 .gather_write = regmap_ibt_gather_write,
540 .free_context = regmap_ibt_free_context,
541 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
542 .val_format_endian_default = REGMAP_ENDIAN_LITTLE,
543};
544
545
546static const struct regmap_config regmap_ibt_cfg = {
547 .name = "btintel_regmap",
548 .reg_bits = 32,
549 .val_bits = 32,
550};
551
552struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
553 u16 opcode_write)
554{
555 struct regmap_ibt_context *ctx;
556
557 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
558 opcode_write);
559
560 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
561 if (!ctx)
562 return ERR_PTR(-ENOMEM);
563
564 ctx->op_read = opcode_read;
565 ctx->op_write = opcode_write;
566 ctx->hdev = hdev;
567
568 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg);
569}
570EXPORT_SYMBOL_GPL(btintel_regmap_init);
571
572MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
573MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
574MODULE_VERSION(VERSION);
575MODULE_LICENSE("GPL");
576MODULE_FIRMWARE("intel/ibt-11-5.sfi");
577MODULE_FIRMWARE("intel/ibt-11-5.ddc");
578
