1/* 2 * 3 * Bluetooth support for Intel devices 4 * 5 * Copyright (C) 2015 Intel Corporation 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24#include <linux/module.h> 25#include <linux/firmware.h> 26#include <linux/regmap.h> 27 28#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/hci_core.h> 30 31#include "btintel.h" 32 33#define VERSION "0.1" 34 35#define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 36 37int btintel_check_bdaddr(struct hci_dev *hdev) 38{ 39 struct hci_rp_read_bd_addr *bda; 40 struct sk_buff *skb; 41 42 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 43 HCI_INIT_TIMEOUT); 44 if (IS_ERR(skb)) { 45 int err = PTR_ERR(skb); 46 BT_ERR("%s: Reading Intel device address failed (%d)", 47 hdev->name, err); 48 return err; 49 } 50 51 if (skb->len != sizeof(*bda)) { 52 BT_ERR("%s: Intel device address length mismatch", hdev->name); 53 kfree_skb(skb); 54 return -EIO; 55 } 56 57 bda = (struct hci_rp_read_bd_addr *)skb->data; 58 59 /* For some Intel based controllers, the default Bluetooth device 60 * address 00:03:19:9E:8B:00 can be found. These controllers are 61 * fully operational, but have the danger of duplicate addresses 62 * and that in turn can cause problems with Bluetooth operation. 63 */ 64 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { 65 BT_ERR("%s: Found Intel default device address (%pMR)", 66 hdev->name, &bda->bdaddr); 67 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 68 } 69 70 kfree_skb(skb); 71 72 return 0; 73} 74EXPORT_SYMBOL_GPL(btintel_check_bdaddr); 75 76int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 77{ 78 struct sk_buff *skb; 79 int err; 80 81 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 82 if (IS_ERR(skb)) { 83 err = PTR_ERR(skb); 84 BT_ERR("%s: Changing Intel device address failed (%d)", 85 hdev->name, err); 86 return err; 87 } 88 kfree_skb(skb); 89 90 return 0; 91} 92EXPORT_SYMBOL_GPL(btintel_set_bdaddr); 93 94int btintel_set_diag(struct hci_dev *hdev, bool enable) 95{ 96 struct sk_buff *skb; 97 u8 param[3]; 98 int err; 99 100 if (enable) { 101 param[0] = 0x03; 102 param[1] = 0x03; 103 param[2] = 0x03; 104 } else { 105 param[0] = 0x00; 106 param[1] = 0x00; 107 param[2] = 0x00; 108 } 109 110 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); 111 if (IS_ERR(skb)) { 112 err = PTR_ERR(skb); 113 if (err == -ENODATA) 114 goto done; 115 BT_ERR("%s: Changing Intel diagnostic mode failed (%d)", 116 hdev->name, err); 117 return err; 118 } 119 kfree_skb(skb); 120 121done: 122 btintel_set_event_mask(hdev, enable); 123 return 0; 124} 125EXPORT_SYMBOL_GPL(btintel_set_diag); 126 127int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) 128{ 129 struct sk_buff *skb; 130 u8 param[2]; 131 int err; 132 133 param[0] = 0x01; 134 param[1] = 0x00; 135 136 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT); 137 if (IS_ERR(skb)) { 138 err = PTR_ERR(skb); 139 BT_ERR("%s: Entering Intel manufacturer mode failed (%d)", 140 hdev->name, err); 141 return PTR_ERR(skb); 142 } 143 kfree_skb(skb); 144 145 err = btintel_set_diag(hdev, enable); 146 147 param[0] = 0x00; 148 param[1] = 0x00; 149 150 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT); 151 if (IS_ERR(skb)) { 152 err = PTR_ERR(skb); 153 BT_ERR("%s: Leaving Intel manufacturer mode failed (%d)", 154 hdev->name, err); 155 return PTR_ERR(skb); 156 } 157 kfree_skb(skb); 158 159 return err; 160} 161EXPORT_SYMBOL_GPL(btintel_set_diag_mfg); 162 163void btintel_hw_error(struct hci_dev *hdev, u8 code) 164{ 165 struct sk_buff *skb; 166 u8 type = 0x00; 167 168 BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code); 169 170 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 171 if (IS_ERR(skb)) { 172 BT_ERR("%s: Reset after hardware error failed (%ld)", 173 hdev->name, PTR_ERR(skb)); 174 return; 175 } 176 kfree_skb(skb); 177 178 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); 179 if (IS_ERR(skb)) { 180 BT_ERR("%s: Retrieving Intel exception info failed (%ld)", 181 hdev->name, PTR_ERR(skb)); 182 return; 183 } 184 185 if (skb->len != 13) { 186 BT_ERR("%s: Exception info size mismatch", hdev->name); 187 kfree_skb(skb); 188 return; 189 } 190 191 BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1)); 192 193 kfree_skb(skb); 194} 195EXPORT_SYMBOL_GPL(btintel_hw_error); 196 197void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) 198{ 199 const char *variant; 200 201 switch (ver->fw_variant) { 202 case 0x06: 203 variant = "Bootloader"; 204 break; 205 case 0x23: 206 variant = "Firmware"; 207 break; 208 default: 209 return; 210 } 211 212 BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name, 213 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, 214 ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy); 215} 216EXPORT_SYMBOL_GPL(btintel_version_info); 217 218int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, 219 const void *param) 220{ 221 while (plen > 0) { 222 struct sk_buff *skb; 223 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; 224 225 cmd_param[0] = fragment_type; 226 memcpy(cmd_param + 1, param, fragment_len); 227 228 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, 229 cmd_param, HCI_INIT_TIMEOUT); 230 if (IS_ERR(skb)) 231 return PTR_ERR(skb); 232 233 kfree_skb(skb); 234 235 plen -= fragment_len; 236 param += fragment_len; 237 } 238 239 return 0; 240} 241EXPORT_SYMBOL_GPL(btintel_secure_send); 242 243int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) 244{ 245 const struct firmware *fw; 246 struct sk_buff *skb; 247 const u8 *fw_ptr; 248 int err; 249 250 err = request_firmware_direct(&fw, ddc_name, &hdev->dev); 251 if (err < 0) { 252 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", 253 ddc_name, err); 254 return err; 255 } 256 257 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); 258 259 fw_ptr = fw->data; 260 261 /* DDC file contains one or more DDC structure which has 262 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). 263 */ 264 while (fw->size > fw_ptr - fw->data) { 265 u8 cmd_plen = fw_ptr[0] + sizeof(u8); 266 267 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, 268 HCI_INIT_TIMEOUT); 269 if (IS_ERR(skb)) { 270 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", 271 PTR_ERR(skb)); 272 release_firmware(fw); 273 return PTR_ERR(skb); 274 } 275 276 fw_ptr += cmd_plen; 277 kfree_skb(skb); 278 } 279 280 release_firmware(fw); 281 282 bt_dev_info(hdev, "Applying Intel DDC parameters completed"); 283 284 return 0; 285} 286EXPORT_SYMBOL_GPL(btintel_load_ddc_config); 287 288int btintel_set_event_mask(struct hci_dev *hdev, bool debug) 289{ 290 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 291 struct sk_buff *skb; 292 int err; 293 294 if (debug) 295 mask[1] |= 0x62; 296 297 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); 298 if (IS_ERR(skb)) { 299 err = PTR_ERR(skb); 300 BT_ERR("%s: Setting Intel event mask failed (%d)", 301 hdev->name, err); 302 return err; 303 } 304 kfree_skb(skb); 305 306 return 0; 307} 308EXPORT_SYMBOL_GPL(btintel_set_event_mask); 309 310int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) 311{ 312 struct sk_buff *skb; 313 u8 param[2]; 314 int err; 315 316 param[0] = 0x01; 317 param[1] = 0x00; 318 319 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT); 320 if (IS_ERR(skb)) { 321 err = PTR_ERR(skb); 322 BT_ERR("%s: Entering Intel manufacturer mode failed (%d)", 323 hdev->name, err); 324 return PTR_ERR(skb); 325 } 326 kfree_skb(skb); 327 328 err = btintel_set_event_mask(hdev, debug); 329 330 param[0] = 0x00; 331 param[1] = 0x00; 332 333 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT); 334 if (IS_ERR(skb)) { 335 err = PTR_ERR(skb); 336 BT_ERR("%s: Leaving Intel manufacturer mode failed (%d)", 337 hdev->name, err); 338 return PTR_ERR(skb); 339 } 340 kfree_skb(skb); 341 342 return err; 343} 344EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); 345 346/* ------- REGMAP IBT SUPPORT ------- */ 347 348#define IBT_REG_MODE_8BIT 0x00 349#define IBT_REG_MODE_16BIT 0x01 350#define IBT_REG_MODE_32BIT 0x02 351 352struct regmap_ibt_context { 353 struct hci_dev *hdev; 354 __u16 op_write; 355 __u16 op_read; 356}; 357 358struct ibt_cp_reg_access { 359 __le32 addr; 360 __u8 mode; 361 __u8 len; 362 __u8 data[0]; 363} __packed; 364 365struct ibt_rp_reg_access { 366 __u8 status; 367 __le32 addr; 368 __u8 data[0]; 369} __packed; 370 371static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, 372 void *val, size_t val_size) 373{ 374 struct regmap_ibt_context *ctx = context; 375 struct ibt_cp_reg_access cp; 376 struct ibt_rp_reg_access *rp; 377 struct sk_buff *skb; 378 int err = 0; 379 380 if (reg_size != sizeof(__le32)) 381 return -EINVAL; 382 383 switch (val_size) { 384 case 1: 385 cp.mode = IBT_REG_MODE_8BIT; 386 break; 387 case 2: 388 cp.mode = IBT_REG_MODE_16BIT; 389 break; 390 case 4: 391 cp.mode = IBT_REG_MODE_32BIT; 392 break; 393 default: 394 return -EINVAL; 395 } 396 397 /* regmap provides a little-endian formatted addr */ 398 cp.addr = *(__le32 *)addr; 399 cp.len = val_size; 400 401 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); 402 403 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, 404 HCI_CMD_TIMEOUT); 405 if (IS_ERR(skb)) { 406 err = PTR_ERR(skb); 407 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", 408 le32_to_cpu(cp.addr), err); 409 return err; 410 } 411 412 if (skb->len != sizeof(*rp) + val_size) { 413 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", 414 le32_to_cpu(cp.addr)); 415 err = -EINVAL; 416 goto done; 417 } 418 419 rp = (struct ibt_rp_reg_access *)skb->data; 420 421 if (rp->addr != cp.addr) { 422 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", 423 le32_to_cpu(rp->addr)); 424 err = -EINVAL; 425 goto done; 426 } 427 428 memcpy(val, rp->data, val_size); 429 430done: 431 kfree_skb(skb); 432 return err; 433} 434 435static int regmap_ibt_gather_write(void *context, 436 const void *addr, size_t reg_size, 437 const void *val, size_t val_size) 438{ 439 struct regmap_ibt_context *ctx = context; 440 struct ibt_cp_reg_access *cp; 441 struct sk_buff *skb; 442 int plen = sizeof(*cp) + val_size; 443 u8 mode; 444 int err = 0; 445 446 if (reg_size != sizeof(__le32)) 447 return -EINVAL; 448 449 switch (val_size) { 450 case 1: 451 mode = IBT_REG_MODE_8BIT; 452 break; 453 case 2: 454 mode = IBT_REG_MODE_16BIT; 455 break; 456 case 4: 457 mode = IBT_REG_MODE_32BIT; 458 break; 459 default: 460 return -EINVAL; 461 } 462 463 cp = kmalloc(plen, GFP_KERNEL); 464 if (!cp) 465 return -ENOMEM; 466 467 /* regmap provides a little-endian formatted addr/value */ 468 cp->addr = *(__le32 *)addr; 469 cp->mode = mode; 470 cp->len = val_size; 471 memcpy(&cp->data, val, val_size); 472 473 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); 474 475 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); 476 if (IS_ERR(skb)) { 477 err = PTR_ERR(skb); 478 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", 479 le32_to_cpu(cp->addr), err); 480 goto done; 481 } 482 kfree_skb(skb); 483 484done: 485 kfree(cp); 486 return err; 487} 488 489static int regmap_ibt_write(void *context, const void *data, size_t count) 490{ 491 /* data contains register+value, since we only support 32bit addr, 492 * minimum data size is 4 bytes. 493 */ 494 if (WARN_ONCE(count < 4, "Invalid register access")) 495 return -EINVAL; 496 497 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); 498} 499 500static void regmap_ibt_free_context(void *context) 501{ 502 kfree(context); 503} 504 505static struct regmap_bus regmap_ibt = { 506 .read = regmap_ibt_read, 507 .write = regmap_ibt_write, 508 .gather_write = regmap_ibt_gather_write, 509 .free_context = regmap_ibt_free_context, 510 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, 511 .val_format_endian_default = REGMAP_ENDIAN_LITTLE, 512}; 513 514/* Config is the same for all register regions */ 515static const struct regmap_config regmap_ibt_cfg = { 516 .name = "btintel_regmap", 517 .reg_bits = 32, 518 .val_bits = 32, 519}; 520 521struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, 522 u16 opcode_write) 523{ 524 struct regmap_ibt_context *ctx; 525 526 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, 527 opcode_write); 528 529 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 530 if (!ctx) 531 return ERR_PTR(-ENOMEM); 532 533 ctx->op_read = opcode_read; 534 ctx->op_write = opcode_write; 535 ctx->hdev = hdev; 536 537 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); 538} 539EXPORT_SYMBOL_GPL(btintel_regmap_init); 540 541MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 542MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 543MODULE_VERSION(VERSION); 544MODULE_LICENSE("GPL"); 545MODULE_FIRMWARE("intel/ibt-11-5.sfi"); 546MODULE_FIRMWARE("intel/ibt-11-5.ddc"); 547