• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  *  Bluetooth support for Intel devices
4  *
5  *  Copyright (C) 2015  Intel Corporation
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/module.h>
25 #include <linux/firmware.h>
26 #include <linux/regmap.h>
27 
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 
31 #include "btintel.h"
32 
33 #define VERSION "0.1"
34 
35 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
36 
btintel_check_bdaddr(struct hci_dev * hdev)37 int btintel_check_bdaddr(struct hci_dev *hdev)
38 {
39 	struct hci_rp_read_bd_addr *bda;
40 	struct sk_buff *skb;
41 
42 	skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
43 			     HCI_INIT_TIMEOUT);
44 	if (IS_ERR(skb)) {
45 		int err = PTR_ERR(skb);
46 		BT_ERR("%s: Reading Intel device address failed (%d)",
47 		       hdev->name, err);
48 		return err;
49 	}
50 
51 	if (skb->len != sizeof(*bda)) {
52 		BT_ERR("%s: Intel device address length mismatch", hdev->name);
53 		kfree_skb(skb);
54 		return -EIO;
55 	}
56 
57 	bda = (struct hci_rp_read_bd_addr *)skb->data;
58 
59 	/* For some Intel based controllers, the default Bluetooth device
60 	 * address 00:03:19:9E:8B:00 can be found. These controllers are
61 	 * fully operational, but have the danger of duplicate addresses
62 	 * and that in turn can cause problems with Bluetooth operation.
63 	 */
64 	if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
65 		BT_ERR("%s: Found Intel default device address (%pMR)",
66 		       hdev->name, &bda->bdaddr);
67 		set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
68 	}
69 
70 	kfree_skb(skb);
71 
72 	return 0;
73 }
74 EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
75 
btintel_set_bdaddr(struct hci_dev * hdev,const bdaddr_t * bdaddr)76 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
77 {
78 	struct sk_buff *skb;
79 	int err;
80 
81 	skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
82 	if (IS_ERR(skb)) {
83 		err = PTR_ERR(skb);
84 		BT_ERR("%s: Changing Intel device address failed (%d)",
85 		       hdev->name, err);
86 		return err;
87 	}
88 	kfree_skb(skb);
89 
90 	return 0;
91 }
92 EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
93 
btintel_set_diag(struct hci_dev * hdev,bool enable)94 int btintel_set_diag(struct hci_dev *hdev, bool enable)
95 {
96 	struct sk_buff *skb;
97 	u8 param[3];
98 	int err;
99 
100 	if (enable) {
101 		param[0] = 0x03;
102 		param[1] = 0x03;
103 		param[2] = 0x03;
104 	} else {
105 		param[0] = 0x00;
106 		param[1] = 0x00;
107 		param[2] = 0x00;
108 	}
109 
110 	skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
111 	if (IS_ERR(skb)) {
112 		err = PTR_ERR(skb);
113 		if (err == -ENODATA)
114 			goto done;
115 		BT_ERR("%s: Changing Intel diagnostic mode failed (%d)",
116 		       hdev->name, err);
117 		return err;
118 	}
119 	kfree_skb(skb);
120 
121 done:
122 	btintel_set_event_mask(hdev, enable);
123 	return 0;
124 }
125 EXPORT_SYMBOL_GPL(btintel_set_diag);
126 
btintel_set_diag_mfg(struct hci_dev * hdev,bool enable)127 int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
128 {
129 	struct sk_buff *skb;
130 	u8 param[2];
131 	int err;
132 
133 	param[0] = 0x01;
134 	param[1] = 0x00;
135 
136 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT);
137 	if (IS_ERR(skb)) {
138 		err = PTR_ERR(skb);
139 		BT_ERR("%s: Entering Intel manufacturer mode failed (%d)",
140 		       hdev->name, err);
141 		return PTR_ERR(skb);
142 	}
143 	kfree_skb(skb);
144 
145 	err = btintel_set_diag(hdev, enable);
146 
147 	param[0] = 0x00;
148 	param[1] = 0x00;
149 
150 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT);
151 	if (IS_ERR(skb)) {
152 		err = PTR_ERR(skb);
153 		BT_ERR("%s: Leaving Intel manufacturer mode failed (%d)",
154 		       hdev->name, err);
155 		return PTR_ERR(skb);
156 	}
157 	kfree_skb(skb);
158 
159 	return err;
160 }
161 EXPORT_SYMBOL_GPL(btintel_set_diag_mfg);
162 
btintel_hw_error(struct hci_dev * hdev,u8 code)163 void btintel_hw_error(struct hci_dev *hdev, u8 code)
164 {
165 	struct sk_buff *skb;
166 	u8 type = 0x00;
167 
168 	BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code);
169 
170 	skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
171 	if (IS_ERR(skb)) {
172 		BT_ERR("%s: Reset after hardware error failed (%ld)",
173 		       hdev->name, PTR_ERR(skb));
174 		return;
175 	}
176 	kfree_skb(skb);
177 
178 	skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
179 	if (IS_ERR(skb)) {
180 		BT_ERR("%s: Retrieving Intel exception info failed (%ld)",
181 		       hdev->name, PTR_ERR(skb));
182 		return;
183 	}
184 
185 	if (skb->len != 13) {
186 		BT_ERR("%s: Exception info size mismatch", hdev->name);
187 		kfree_skb(skb);
188 		return;
189 	}
190 
191 	BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1));
192 
193 	kfree_skb(skb);
194 }
195 EXPORT_SYMBOL_GPL(btintel_hw_error);
196 
btintel_version_info(struct hci_dev * hdev,struct intel_version * ver)197 void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
198 {
199 	const char *variant;
200 
201 	switch (ver->fw_variant) {
202 	case 0x06:
203 		variant = "Bootloader";
204 		break;
205 	case 0x23:
206 		variant = "Firmware";
207 		break;
208 	default:
209 		return;
210 	}
211 
212 	BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name,
213 		variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
214 		ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy);
215 }
216 EXPORT_SYMBOL_GPL(btintel_version_info);
217 
btintel_secure_send(struct hci_dev * hdev,u8 fragment_type,u32 plen,const void * param)218 int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
219 			const void *param)
220 {
221 	while (plen > 0) {
222 		struct sk_buff *skb;
223 		u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
224 
225 		cmd_param[0] = fragment_type;
226 		memcpy(cmd_param + 1, param, fragment_len);
227 
228 		skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
229 				     cmd_param, HCI_INIT_TIMEOUT);
230 		if (IS_ERR(skb))
231 			return PTR_ERR(skb);
232 
233 		kfree_skb(skb);
234 
235 		plen -= fragment_len;
236 		param += fragment_len;
237 	}
238 
239 	return 0;
240 }
241 EXPORT_SYMBOL_GPL(btintel_secure_send);
242 
btintel_load_ddc_config(struct hci_dev * hdev,const char * ddc_name)243 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
244 {
245 	const struct firmware *fw;
246 	struct sk_buff *skb;
247 	const u8 *fw_ptr;
248 	int err;
249 
250 	err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
251 	if (err < 0) {
252 		bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
253 			   ddc_name, err);
254 		return err;
255 	}
256 
257 	bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
258 
259 	fw_ptr = fw->data;
260 
261 	/* DDC file contains one or more DDC structure which has
262 	 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
263 	 */
264 	while (fw->size > fw_ptr - fw->data) {
265 		u8 cmd_plen = fw_ptr[0] + sizeof(u8);
266 
267 		skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
268 				     HCI_INIT_TIMEOUT);
269 		if (IS_ERR(skb)) {
270 			bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
271 				   PTR_ERR(skb));
272 			release_firmware(fw);
273 			return PTR_ERR(skb);
274 		}
275 
276 		fw_ptr += cmd_plen;
277 		kfree_skb(skb);
278 	}
279 
280 	release_firmware(fw);
281 
282 	bt_dev_info(hdev, "Applying Intel DDC parameters completed");
283 
284 	return 0;
285 }
286 EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
287 
btintel_set_event_mask(struct hci_dev * hdev,bool debug)288 int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
289 {
290 	u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
291 	struct sk_buff *skb;
292 	int err;
293 
294 	if (debug)
295 		mask[1] |= 0x62;
296 
297 	skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
298 	if (IS_ERR(skb)) {
299 		err = PTR_ERR(skb);
300 		BT_ERR("%s: Setting Intel event mask failed (%d)",
301 		       hdev->name, err);
302 		return err;
303 	}
304 	kfree_skb(skb);
305 
306 	return 0;
307 }
308 EXPORT_SYMBOL_GPL(btintel_set_event_mask);
309 
btintel_set_event_mask_mfg(struct hci_dev * hdev,bool debug)310 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
311 {
312 	struct sk_buff *skb;
313 	u8 param[2];
314 	int err;
315 
316 	param[0] = 0x01;
317 	param[1] = 0x00;
318 
319 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT);
320 	if (IS_ERR(skb)) {
321 		err = PTR_ERR(skb);
322 		BT_ERR("%s: Entering Intel manufacturer mode failed (%d)",
323 		       hdev->name, err);
324 		return PTR_ERR(skb);
325 	}
326 	kfree_skb(skb);
327 
328 	err = btintel_set_event_mask(hdev, debug);
329 
330 	param[0] = 0x00;
331 	param[1] = 0x00;
332 
333 	skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_INIT_TIMEOUT);
334 	if (IS_ERR(skb)) {
335 		err = PTR_ERR(skb);
336 		BT_ERR("%s: Leaving Intel manufacturer mode failed (%d)",
337 		       hdev->name, err);
338 		return PTR_ERR(skb);
339 	}
340 	kfree_skb(skb);
341 
342 	return err;
343 }
344 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
345 
346 /* ------- REGMAP IBT SUPPORT ------- */
347 
348 #define IBT_REG_MODE_8BIT  0x00
349 #define IBT_REG_MODE_16BIT 0x01
350 #define IBT_REG_MODE_32BIT 0x02
351 
352 struct regmap_ibt_context {
353 	struct hci_dev *hdev;
354 	__u16 op_write;
355 	__u16 op_read;
356 };
357 
358 struct ibt_cp_reg_access {
359 	__le32  addr;
360 	__u8    mode;
361 	__u8    len;
362 	__u8    data[0];
363 } __packed;
364 
365 struct ibt_rp_reg_access {
366 	__u8    status;
367 	__le32  addr;
368 	__u8    data[0];
369 } __packed;
370 
regmap_ibt_read(void * context,const void * addr,size_t reg_size,void * val,size_t val_size)371 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
372 			   void *val, size_t val_size)
373 {
374 	struct regmap_ibt_context *ctx = context;
375 	struct ibt_cp_reg_access cp;
376 	struct ibt_rp_reg_access *rp;
377 	struct sk_buff *skb;
378 	int err = 0;
379 
380 	if (reg_size != sizeof(__le32))
381 		return -EINVAL;
382 
383 	switch (val_size) {
384 	case 1:
385 		cp.mode = IBT_REG_MODE_8BIT;
386 		break;
387 	case 2:
388 		cp.mode = IBT_REG_MODE_16BIT;
389 		break;
390 	case 4:
391 		cp.mode = IBT_REG_MODE_32BIT;
392 		break;
393 	default:
394 		return -EINVAL;
395 	}
396 
397 	/* regmap provides a little-endian formatted addr */
398 	cp.addr = *(__le32 *)addr;
399 	cp.len = val_size;
400 
401 	bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
402 
403 	skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
404 			   HCI_CMD_TIMEOUT);
405 	if (IS_ERR(skb)) {
406 		err = PTR_ERR(skb);
407 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
408 			   le32_to_cpu(cp.addr), err);
409 		return err;
410 	}
411 
412 	if (skb->len != sizeof(*rp) + val_size) {
413 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
414 			   le32_to_cpu(cp.addr));
415 		err = -EINVAL;
416 		goto done;
417 	}
418 
419 	rp = (struct ibt_rp_reg_access *)skb->data;
420 
421 	if (rp->addr != cp.addr) {
422 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
423 			   le32_to_cpu(rp->addr));
424 		err = -EINVAL;
425 		goto done;
426 	}
427 
428 	memcpy(val, rp->data, val_size);
429 
430 done:
431 	kfree_skb(skb);
432 	return err;
433 }
434 
regmap_ibt_gather_write(void * context,const void * addr,size_t reg_size,const void * val,size_t val_size)435 static int regmap_ibt_gather_write(void *context,
436 				   const void *addr, size_t reg_size,
437 				   const void *val, size_t val_size)
438 {
439 	struct regmap_ibt_context *ctx = context;
440 	struct ibt_cp_reg_access *cp;
441 	struct sk_buff *skb;
442 	int plen = sizeof(*cp) + val_size;
443 	u8 mode;
444 	int err = 0;
445 
446 	if (reg_size != sizeof(__le32))
447 		return -EINVAL;
448 
449 	switch (val_size) {
450 	case 1:
451 		mode = IBT_REG_MODE_8BIT;
452 		break;
453 	case 2:
454 		mode = IBT_REG_MODE_16BIT;
455 		break;
456 	case 4:
457 		mode = IBT_REG_MODE_32BIT;
458 		break;
459 	default:
460 		return -EINVAL;
461 	}
462 
463 	cp = kmalloc(plen, GFP_KERNEL);
464 	if (!cp)
465 		return -ENOMEM;
466 
467 	/* regmap provides a little-endian formatted addr/value */
468 	cp->addr = *(__le32 *)addr;
469 	cp->mode = mode;
470 	cp->len = val_size;
471 	memcpy(&cp->data, val, val_size);
472 
473 	bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
474 
475 	skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
476 	if (IS_ERR(skb)) {
477 		err = PTR_ERR(skb);
478 		bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
479 			   le32_to_cpu(cp->addr), err);
480 		goto done;
481 	}
482 	kfree_skb(skb);
483 
484 done:
485 	kfree(cp);
486 	return err;
487 }
488 
regmap_ibt_write(void * context,const void * data,size_t count)489 static int regmap_ibt_write(void *context, const void *data, size_t count)
490 {
491 	/* data contains register+value, since we only support 32bit addr,
492 	 * minimum data size is 4 bytes.
493 	 */
494 	if (WARN_ONCE(count < 4, "Invalid register access"))
495 		return -EINVAL;
496 
497 	return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
498 }
499 
regmap_ibt_free_context(void * context)500 static void regmap_ibt_free_context(void *context)
501 {
502 	kfree(context);
503 }
504 
505 static struct regmap_bus regmap_ibt = {
506 	.read = regmap_ibt_read,
507 	.write = regmap_ibt_write,
508 	.gather_write = regmap_ibt_gather_write,
509 	.free_context = regmap_ibt_free_context,
510 	.reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
511 	.val_format_endian_default = REGMAP_ENDIAN_LITTLE,
512 };
513 
514 /* Config is the same for all register regions */
515 static const struct regmap_config regmap_ibt_cfg = {
516 	.name      = "btintel_regmap",
517 	.reg_bits  = 32,
518 	.val_bits  = 32,
519 };
520 
btintel_regmap_init(struct hci_dev * hdev,u16 opcode_read,u16 opcode_write)521 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
522 				   u16 opcode_write)
523 {
524 	struct regmap_ibt_context *ctx;
525 
526 	bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
527 		    opcode_write);
528 
529 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
530 	if (!ctx)
531 		return ERR_PTR(-ENOMEM);
532 
533 	ctx->op_read = opcode_read;
534 	ctx->op_write = opcode_write;
535 	ctx->hdev = hdev;
536 
537 	return regmap_init(&hdev->dev, &regmap_ibt, ctx, &regmap_ibt_cfg);
538 }
539 EXPORT_SYMBOL_GPL(btintel_regmap_init);
540 
541 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
542 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
543 MODULE_VERSION(VERSION);
544 MODULE_LICENSE("GPL");
545 MODULE_FIRMWARE("intel/ibt-11-5.sfi");
546 MODULE_FIRMWARE("intel/ibt-11-5.ddc");
547