1
2
3
4
5
6
7
8
9#include <linux/module.h>
10#include <linux/firmware.h>
11#include <asm/unaligned.h>
12
13#include <net/bluetooth/bluetooth.h>
14#include <net/bluetooth/hci_core.h>
15
16#include "btbcm.h"
17
18#define VERSION "0.1"
19
20#define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
21#define BDADDR_BCM20702A1 (&(bdaddr_t) {{0x00, 0x00, 0xa0, 0x02, 0x70, 0x20}})
22#define BDADDR_BCM2076B1 (&(bdaddr_t) {{0x79, 0x56, 0x00, 0xa0, 0x76, 0x20}})
23#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
24#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
25#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
26#define BDADDR_BCM4334B0 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb0, 0x34, 0x43}})
27#define BDADDR_BCM4345C5 (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0xc5, 0x45, 0x43}})
28#define BDADDR_BCM43341B (&(bdaddr_t) {{0xac, 0x1f, 0x00, 0x1b, 0x34, 0x43}})
29
30#define BCM_FW_NAME_LEN 64
31#define BCM_FW_NAME_COUNT_MAX 2
32
33typedef char bcm_fw_name[BCM_FW_NAME_LEN];
34
35int btbcm_check_bdaddr(struct hci_dev *hdev)
36{
37 struct hci_rp_read_bd_addr *bda;
38 struct sk_buff *skb;
39
40 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
41 HCI_INIT_TIMEOUT);
42 if (IS_ERR(skb)) {
43 int err = PTR_ERR(skb);
44
45 bt_dev_err(hdev, "BCM: Reading device address failed (%d)", err);
46 return err;
47 }
48
49 if (skb->len != sizeof(*bda)) {
50 bt_dev_err(hdev, "BCM: Device address length mismatch");
51 kfree_skb(skb);
52 return -EIO;
53 }
54
55 bda = (struct hci_rp_read_bd_addr *)skb->data;
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
80 !bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
81 !bacmp(&bda->bdaddr, BDADDR_BCM2076B1) ||
82 !bacmp(&bda->bdaddr, BDADDR_BCM4324B3) ||
83 !bacmp(&bda->bdaddr, BDADDR_BCM4330B1) ||
84 !bacmp(&bda->bdaddr, BDADDR_BCM4334B0) ||
85 !bacmp(&bda->bdaddr, BDADDR_BCM4345C5) ||
86 !bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
87 !bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
88 bt_dev_info(hdev, "BCM: Using default device address (%pMR)",
89 &bda->bdaddr);
90 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
91 }
92
93 kfree_skb(skb);
94
95 return 0;
96}
97EXPORT_SYMBOL_GPL(btbcm_check_bdaddr);
98
99int btbcm_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
100{
101 struct sk_buff *skb;
102 int err;
103
104 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
105 if (IS_ERR(skb)) {
106 err = PTR_ERR(skb);
107 bt_dev_err(hdev, "BCM: Change address command failed (%d)", err);
108 return err;
109 }
110 kfree_skb(skb);
111
112 return 0;
113}
114EXPORT_SYMBOL_GPL(btbcm_set_bdaddr);
115
116int btbcm_read_pcm_int_params(struct hci_dev *hdev,
117 struct bcm_set_pcm_int_params *params)
118{
119 struct sk_buff *skb;
120 int err = 0;
121
122 skb = __hci_cmd_sync(hdev, 0xfc1d, 0, NULL, HCI_INIT_TIMEOUT);
123 if (IS_ERR(skb)) {
124 err = PTR_ERR(skb);
125 bt_dev_err(hdev, "BCM: Read PCM int params failed (%d)", err);
126 return err;
127 }
128
129 if (skb->len != 6 || skb->data[0]) {
130 bt_dev_err(hdev, "BCM: Read PCM int params length mismatch");
131 kfree_skb(skb);
132 return -EIO;
133 }
134
135 if (params)
136 memcpy(params, skb->data + 1, 5);
137
138 kfree_skb(skb);
139
140 return 0;
141}
142EXPORT_SYMBOL_GPL(btbcm_read_pcm_int_params);
143
144int btbcm_write_pcm_int_params(struct hci_dev *hdev,
145 const struct bcm_set_pcm_int_params *params)
146{
147 struct sk_buff *skb;
148 int err;
149
150 skb = __hci_cmd_sync(hdev, 0xfc1c, 5, params, HCI_INIT_TIMEOUT);
151 if (IS_ERR(skb)) {
152 err = PTR_ERR(skb);
153 bt_dev_err(hdev, "BCM: Write PCM int params failed (%d)", err);
154 return err;
155 }
156 kfree_skb(skb);
157
158 return 0;
159}
160EXPORT_SYMBOL_GPL(btbcm_write_pcm_int_params);
161
162int btbcm_patchram(struct hci_dev *hdev, const struct firmware *fw)
163{
164 const struct hci_command_hdr *cmd;
165 const u8 *fw_ptr;
166 size_t fw_size;
167 struct sk_buff *skb;
168 u16 opcode;
169 int err = 0;
170
171
172 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
173 if (IS_ERR(skb)) {
174 err = PTR_ERR(skb);
175 bt_dev_err(hdev, "BCM: Download Minidrv command failed (%d)",
176 err);
177 goto done;
178 }
179 kfree_skb(skb);
180
181
182 msleep(50);
183
184 fw_ptr = fw->data;
185 fw_size = fw->size;
186
187 while (fw_size >= sizeof(*cmd)) {
188 const u8 *cmd_param;
189
190 cmd = (struct hci_command_hdr *)fw_ptr;
191 fw_ptr += sizeof(*cmd);
192 fw_size -= sizeof(*cmd);
193
194 if (fw_size < cmd->plen) {
195 bt_dev_err(hdev, "BCM: Patch is corrupted");
196 err = -EINVAL;
197 goto done;
198 }
199
200 cmd_param = fw_ptr;
201 fw_ptr += cmd->plen;
202 fw_size -= cmd->plen;
203
204 opcode = le16_to_cpu(cmd->opcode);
205
206 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
207 HCI_INIT_TIMEOUT);
208 if (IS_ERR(skb)) {
209 err = PTR_ERR(skb);
210 bt_dev_err(hdev, "BCM: Patch command %04x failed (%d)",
211 opcode, err);
212 goto done;
213 }
214 kfree_skb(skb);
215 }
216
217
218 msleep(250);
219
220done:
221 return err;
222}
223EXPORT_SYMBOL(btbcm_patchram);
224
225static int btbcm_reset(struct hci_dev *hdev)
226{
227 struct sk_buff *skb;
228
229 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
230 if (IS_ERR(skb)) {
231 int err = PTR_ERR(skb);
232
233 bt_dev_err(hdev, "BCM: Reset failed (%d)", err);
234 return err;
235 }
236 kfree_skb(skb);
237
238
239 msleep(100);
240
241 return 0;
242}
243
244static struct sk_buff *btbcm_read_local_name(struct hci_dev *hdev)
245{
246 struct sk_buff *skb;
247
248 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL,
249 HCI_INIT_TIMEOUT);
250 if (IS_ERR(skb)) {
251 bt_dev_err(hdev, "BCM: Reading local name failed (%ld)",
252 PTR_ERR(skb));
253 return skb;
254 }
255
256 if (skb->len != sizeof(struct hci_rp_read_local_name)) {
257 bt_dev_err(hdev, "BCM: Local name length mismatch");
258 kfree_skb(skb);
259 return ERR_PTR(-EIO);
260 }
261
262 return skb;
263}
264
265static struct sk_buff *btbcm_read_local_version(struct hci_dev *hdev)
266{
267 struct sk_buff *skb;
268
269 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
270 HCI_INIT_TIMEOUT);
271 if (IS_ERR(skb)) {
272 bt_dev_err(hdev, "BCM: Reading local version info failed (%ld)",
273 PTR_ERR(skb));
274 return skb;
275 }
276
277 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
278 bt_dev_err(hdev, "BCM: Local version length mismatch");
279 kfree_skb(skb);
280 return ERR_PTR(-EIO);
281 }
282
283 return skb;
284}
285
286static struct sk_buff *btbcm_read_verbose_config(struct hci_dev *hdev)
287{
288 struct sk_buff *skb;
289
290 skb = __hci_cmd_sync(hdev, 0xfc79, 0, NULL, HCI_INIT_TIMEOUT);
291 if (IS_ERR(skb)) {
292 bt_dev_err(hdev, "BCM: Read verbose config info failed (%ld)",
293 PTR_ERR(skb));
294 return skb;
295 }
296
297 if (skb->len != 7) {
298 bt_dev_err(hdev, "BCM: Verbose config length mismatch");
299 kfree_skb(skb);
300 return ERR_PTR(-EIO);
301 }
302
303 return skb;
304}
305
306static struct sk_buff *btbcm_read_controller_features(struct hci_dev *hdev)
307{
308 struct sk_buff *skb;
309
310 skb = __hci_cmd_sync(hdev, 0xfc6e, 0, NULL, HCI_INIT_TIMEOUT);
311 if (IS_ERR(skb)) {
312 bt_dev_err(hdev, "BCM: Read controller features failed (%ld)",
313 PTR_ERR(skb));
314 return skb;
315 }
316
317 if (skb->len != 9) {
318 bt_dev_err(hdev, "BCM: Controller features length mismatch");
319 kfree_skb(skb);
320 return ERR_PTR(-EIO);
321 }
322
323 return skb;
324}
325
326static struct sk_buff *btbcm_read_usb_product(struct hci_dev *hdev)
327{
328 struct sk_buff *skb;
329
330 skb = __hci_cmd_sync(hdev, 0xfc5a, 0, NULL, HCI_INIT_TIMEOUT);
331 if (IS_ERR(skb)) {
332 bt_dev_err(hdev, "BCM: Read USB product info failed (%ld)",
333 PTR_ERR(skb));
334 return skb;
335 }
336
337 if (skb->len != 5) {
338 bt_dev_err(hdev, "BCM: USB product length mismatch");
339 kfree_skb(skb);
340 return ERR_PTR(-EIO);
341 }
342
343 return skb;
344}
345
346static int btbcm_read_info(struct hci_dev *hdev)
347{
348 struct sk_buff *skb;
349
350
351 skb = btbcm_read_verbose_config(hdev);
352 if (IS_ERR(skb))
353 return PTR_ERR(skb);
354
355 bt_dev_info(hdev, "BCM: chip id %u", skb->data[1]);
356 kfree_skb(skb);
357
358
359 skb = btbcm_read_controller_features(hdev);
360 if (IS_ERR(skb))
361 return PTR_ERR(skb);
362
363 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
364 kfree_skb(skb);
365
366 return 0;
367}
368
369static int btbcm_print_local_name(struct hci_dev *hdev)
370{
371 struct sk_buff *skb;
372
373
374 skb = btbcm_read_local_name(hdev);
375 if (IS_ERR(skb))
376 return PTR_ERR(skb);
377
378 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
379 kfree_skb(skb);
380
381 return 0;
382}
383
384struct bcm_subver_table {
385 u16 subver;
386 const char *name;
387};
388
389static const struct bcm_subver_table bcm_uart_subver_table[] = {
390 { 0x1111, "BCM4362A2" },
391 { 0x4103, "BCM4330B1" },
392 { 0x410d, "BCM4334B0" },
393 { 0x410e, "BCM43341B0" },
394 { 0x4204, "BCM2076B1" },
395 { 0x4406, "BCM4324B3" },
396 { 0x4606, "BCM4324B5" },
397 { 0x6109, "BCM4335C0" },
398 { 0x610c, "BCM4354" },
399 { 0x2122, "BCM4343A0" },
400 { 0x2209, "BCM43430A1" },
401 { 0x6119, "BCM4345C0" },
402 { 0x6606, "BCM4345C5" },
403 { 0x230f, "BCM4356A2" },
404 { 0x220e, "BCM20702A1" },
405 { 0x4217, "BCM4329B1" },
406 { 0x6106, "BCM4359C0" },
407 { 0x4106, "BCM4335A0" },
408 { 0x410c, "BCM43430B0" },
409 { }
410};
411
412static const struct bcm_subver_table bcm_usb_subver_table[] = {
413 { 0x2105, "BCM20703A1" },
414 { 0x210b, "BCM43142A0" },
415 { 0x2112, "BCM4314A0" },
416 { 0x2118, "BCM20702A0" },
417 { 0x2126, "BCM4335A0" },
418 { 0x220e, "BCM20702A1" },
419 { 0x230f, "BCM4356A2" },
420 { 0x4106, "BCM4335B0" },
421 { 0x410e, "BCM20702B0" },
422 { 0x6109, "BCM4335C0" },
423 { 0x610c, "BCM4354" },
424 { 0x6607, "BCM4350C5" },
425 { }
426};
427
428int btbcm_initialize(struct hci_dev *hdev, bool *fw_load_done)
429{
430 u16 subver, rev, pid, vid;
431 struct sk_buff *skb;
432 struct hci_rp_read_local_version *ver;
433 const struct bcm_subver_table *bcm_subver_table;
434 const char *hw_name = NULL;
435 char postfix[16] = "";
436 int fw_name_count = 0;
437 bcm_fw_name *fw_name;
438 const struct firmware *fw;
439 int i, err;
440
441
442 err = btbcm_reset(hdev);
443 if (err)
444 return err;
445
446
447 skb = btbcm_read_local_version(hdev);
448 if (IS_ERR(skb))
449 return PTR_ERR(skb);
450
451 ver = (struct hci_rp_read_local_version *)skb->data;
452 rev = le16_to_cpu(ver->hci_rev);
453 subver = le16_to_cpu(ver->lmp_subver);
454 kfree_skb(skb);
455
456
457 if (!(*fw_load_done)) {
458 err = btbcm_read_info(hdev);
459 if (err)
460 return err;
461 }
462 err = btbcm_print_local_name(hdev);
463 if (err)
464 return err;
465
466 bcm_subver_table = (hdev->bus == HCI_USB) ? bcm_usb_subver_table :
467 bcm_uart_subver_table;
468
469 for (i = 0; bcm_subver_table[i].name; i++) {
470 if (subver == bcm_subver_table[i].subver) {
471 hw_name = bcm_subver_table[i].name;
472 break;
473 }
474 }
475
476 bt_dev_info(hdev, "%s (%3.3u.%3.3u.%3.3u) build %4.4u",
477 hw_name ? hw_name : "BCM", (subver & 0xe000) >> 13,
478 (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff);
479
480 if (*fw_load_done)
481 return 0;
482
483 if (hdev->bus == HCI_USB) {
484
485 skb = btbcm_read_usb_product(hdev);
486 if (IS_ERR(skb))
487 return PTR_ERR(skb);
488
489 vid = get_unaligned_le16(skb->data + 1);
490 pid = get_unaligned_le16(skb->data + 3);
491 kfree_skb(skb);
492
493 snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid);
494 }
495
496 fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL);
497 if (!fw_name)
498 return -ENOMEM;
499
500 if (hw_name) {
501 snprintf(fw_name[fw_name_count], BCM_FW_NAME_LEN,
502 "brcm/%s%s.hcd", hw_name, postfix);
503 fw_name_count++;
504 }
505
506 snprintf(fw_name[fw_name_count], BCM_FW_NAME_LEN,
507 "brcm/BCM%s.hcd", postfix);
508 fw_name_count++;
509
510 for (i = 0; i < fw_name_count; i++) {
511 err = firmware_request_nowarn(&fw, fw_name[i], &hdev->dev);
512 if (err == 0) {
513 bt_dev_info(hdev, "%s '%s' Patch",
514 hw_name ? hw_name : "BCM", fw_name[i]);
515 *fw_load_done = true;
516 break;
517 }
518 }
519
520 if (*fw_load_done) {
521 err = btbcm_patchram(hdev, fw);
522 if (err)
523 bt_dev_info(hdev, "BCM: Patch failed (%d)", err);
524
525 release_firmware(fw);
526 } else {
527 bt_dev_err(hdev, "BCM: firmware Patch file not found, tried:");
528 for (i = 0; i < fw_name_count; i++)
529 bt_dev_err(hdev, "BCM: '%s'", fw_name[i]);
530 }
531
532 kfree(fw_name);
533 return 0;
534}
535EXPORT_SYMBOL_GPL(btbcm_initialize);
536
537int btbcm_finalize(struct hci_dev *hdev, bool *fw_load_done)
538{
539 int err;
540
541
542 if (*fw_load_done) {
543 err = btbcm_initialize(hdev, fw_load_done);
544 if (err)
545 return err;
546 }
547
548 btbcm_check_bdaddr(hdev);
549
550 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
551
552 return 0;
553}
554EXPORT_SYMBOL_GPL(btbcm_finalize);
555
556int btbcm_setup_patchram(struct hci_dev *hdev)
557{
558 bool fw_load_done = false;
559 int err;
560
561
562 err = btbcm_initialize(hdev, &fw_load_done);
563 if (err)
564 return err;
565
566
567 return btbcm_finalize(hdev, &fw_load_done);
568}
569EXPORT_SYMBOL_GPL(btbcm_setup_patchram);
570
571int btbcm_setup_apple(struct hci_dev *hdev)
572{
573 struct sk_buff *skb;
574 int err;
575
576
577 err = btbcm_reset(hdev);
578 if (err)
579 return err;
580
581
582 skb = btbcm_read_verbose_config(hdev);
583 if (!IS_ERR(skb)) {
584 bt_dev_info(hdev, "BCM: chip id %u build %4.4u",
585 skb->data[1], get_unaligned_le16(skb->data + 5));
586 kfree_skb(skb);
587 }
588
589
590 skb = btbcm_read_usb_product(hdev);
591 if (!IS_ERR(skb)) {
592 bt_dev_info(hdev, "BCM: product %4.4x:%4.4x",
593 get_unaligned_le16(skb->data + 1),
594 get_unaligned_le16(skb->data + 3));
595 kfree_skb(skb);
596 }
597
598
599 skb = btbcm_read_controller_features(hdev);
600 if (!IS_ERR(skb)) {
601 bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]);
602 kfree_skb(skb);
603 }
604
605
606 skb = btbcm_read_local_name(hdev);
607 if (!IS_ERR(skb)) {
608 bt_dev_info(hdev, "%s", (char *)(skb->data + 1));
609 kfree_skb(skb);
610 }
611
612 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
613
614 return 0;
615}
616EXPORT_SYMBOL_GPL(btbcm_setup_apple);
617
618MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
619MODULE_DESCRIPTION("Bluetooth support for Broadcom devices ver " VERSION);
620MODULE_VERSION(VERSION);
621MODULE_LICENSE("GPL");
622
