From patchwork Thu May 29 12:48:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hilda Wu X-Patchwork-Id: 893170 Received: from rtits2.realtek.com.tw (rtits2.realtek.com [211.75.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 930B6221262; Thu, 29 May 2025 12:48:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=211.75.126.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748522917; cv=none; b=h4B/ne6EBorlP5TxVOlVoi37ejzDYnEeojUiCM7gACMpgchYj6Tjt3dMsEvyK0sWG9N57/uNyU57/1iBse5aFpxvHxgEJ6Ttis5WxUiIQyKeoqGSB0CRBIVOezCBT/3BBnH8lXiMBwVwnF0S/zaQvsDTpU6Kk0qhMn3YORH3tWE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748522917; c=relaxed/simple; bh=ZY/trHTk2EXS9kc4fw4Ghrs2sfDGZogD2vjoXrY4wTk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hLrsUTu0qVWaKdrBcGddC2pcVbvbho1F7k4BIISOq+Jsk3BQ7YHeJWB4oVVsHANy153yR9OnPlVsIKXF6BeWBvYXIlNC6yXP/7QYMVU5AofyF3WgQFp2uuTZ9lE7yynTNTC4g1qPZ+b4+/Asvbaq1kMaavxSqiQT6S5M01S8Yf4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=realtek.com; spf=pass smtp.mailfrom=realtek.com; dkim=pass (2048-bit key) header.d=realtek.com header.i=@realtek.com header.b=hlQppWc+; arc=none smtp.client-ip=211.75.126.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=realtek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=realtek.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=realtek.com header.i=@realtek.com header.b="hlQppWc+" X-SpamFilter-By: ArmorX SpamTrap 5.80 with qID 54TCmQWY11428911, This message is accepted by code: ctloc85258 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=realtek.com; s=dkim; t=1748522906; bh=49xC+tCLZFbfQA9UsqhhJoUr8L90wCYTdxNIr5Lbvn0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Transfer-Encoding:Content-Type; b=hlQppWc+mzusvXFcWMP9HoHwIP+oFy/RZ8ZPQnQuYm2X8r1Vo2Rwio5j1bEEEbCw6 gNxmMFTeklh7iY63KI72vt7X6n7lho3uk8GG7FR35kfzZiIdKjUcIxtsj2yCETP7zO 20G17UVZaVjebxF3rr6bxBHmh7D4hVRLPlfROEHCZikY2bvQzZxCksHnRKrrgnVP8W /GJL6cpk0GdjTThpqqirJMSnheUtziW1Ln5/cIi/XNKnng5V+KukssnKzaut9vmgAF BIlhx28gchjZwDutBTeNkxJbIGSFyotBBBoR8t86gg2/tEhN4yTtJWzG92jtbiqMh5 dOsZB6s9ylP8A== Received: from mail.realtek.com (rtexh36506.realtek.com.tw[172.21.6.27]) by rtits2.realtek.com.tw (8.15.2/3.13/5.93) with ESMTPS id 54TCmQWY11428911 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 29 May 2025 20:48:26 +0800 Received: from RTEXDAG02.realtek.com.tw (172.21.6.101) by RTEXH36506.realtek.com.tw (172.21.6.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 29 May 2025 20:48:26 +0800 Received: from localhost.localhost (172.21.132.53) by RTEXDAG02.realtek.com.tw (172.21.6.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 29 May 2025 20:48:23 +0800 From: Hilda Wu To: CC: , , , , Subject: [PATCH 1/2] Bluetooth: btrtl: Firmware format v3 support Date: Thu, 29 May 2025 20:48:15 +0800 Message-ID: <20250529124816.4186320-2-hildawu@realtek.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250529124816.4186320-1-hildawu@realtek.com> References: <20250529124816.4186320-1-hildawu@realtek.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: RTEXH36505.realtek.com.tw (172.21.6.25) To RTEXDAG02.realtek.com.tw (172.21.6.101) Realtek changed the format of the firmware file as v3. The driver should implement the patch to extract the firmware data from the firmware file. The future chips must apply this patch for firmware loading. This patch is compatible with the both previous format, v2 and v3 as well. Signed-off-by: Alex Lu Signed-off-by: Hilda Wu --- drivers/bluetooth/btrtl.c | 670 +++++++++++++++++++++++++++++++++++++- drivers/bluetooth/btrtl.h | 97 ++++++ drivers/bluetooth/btusb.c | 3 + 3 files changed, 762 insertions(+), 8 deletions(-) diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c index 7838c89e529e..0e6332a45ced 100644 --- a/drivers/bluetooth/btrtl.c +++ b/drivers/bluetooth/btrtl.c @@ -22,6 +22,12 @@ #define RTL_CHIP_8723CS_XX 5 #define RTL_EPATCH_SIGNATURE "Realtech" #define RTL_EPATCH_SIGNATURE_V2 "RTBTCore" +#define RTL_EPATCH_SIGNATURE_V3 "BTNIC003" +#define RTL_PATCH_V3_1 0x01 +#define RTL_PATCH_V3_PATCH_IMAGE 0x02 +#define IMAGE_ID_F000 0xf000 +#define IMAGE_ID_F001 0xf001 +#define IMAGE_ID_F002 0xf002 #define RTL_ROM_LMP_8703B 0x8703 #define RTL_ROM_LMP_8723A 0x1200 #define RTL_ROM_LMP_8723B 0x8723 @@ -72,6 +78,7 @@ enum btrtl_chip_id { CHIP_ID_8851B = 36, CHIP_ID_8922A = 44, CHIP_ID_8852BT = 47, + CHIP_ID_8922D = 55, }; struct id_table { @@ -98,8 +105,11 @@ struct btrtl_device_info { int cfg_len; bool drop_fw; int project_id; + u32 opcode; + u8 fw_type; u8 key_id; struct list_head patch_subsecs; + struct list_head patch_images; }; static const struct id_table ic_id_table[] = { @@ -328,6 +338,15 @@ static const struct id_table ic_id_table[] = { .fw_name = "rtl_bt/rtl8852btu_fw", .cfg_name = "rtl_bt/rtl8852btu_config", .hw_info = "rtl8852btu" }, + + /* 8922DU */ + { IC_INFO(RTL_ROM_LMP_8922A, 0xd, 0xe, HCI_USB), + .config_needed = false, + .has_rom_version = true, + .has_msft_ext = true, + .fw_name = "rtl_bt/rtl8922du_fw", + .cfg_name = "rtl_bt/rtl8922du_config", + .hw_info = "rtl8922du" }, }; static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, @@ -361,6 +380,33 @@ static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev, return &ic_id_table[i]; } +static int btrtl_read_chip_id(struct hci_dev *hdev, u8 *chip_id) +{ + struct rtl_rp_read_chip_id *rp; + struct sk_buff *skb; + + /* Read RTL chip id command */ + skb = __hci_cmd_sync(hdev, 0xfc6f, 0, NULL, HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) + return PTR_ERR(skb); + + if (skb->len != sizeof(*rp)) { + rtl_dev_err(hdev, "read chip id event length mismatch"); + kfree_skb(skb); + return -EIO; + } + + rp = (struct rtl_rp_read_chip_id *)skb->data; + rtl_dev_info(hdev, "chip_id status=0x%02x id=0x%02x", + rp->status, rp->chip_id); + + if (chip_id) + *chip_id = rp->chip_id; + + kfree_skb(skb); + return 0; +} + static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev) { struct sk_buff *skb; @@ -439,6 +485,26 @@ static int btrtl_vendor_read_reg16(struct hci_dev *hdev, return 0; } +static int btrtl_vendor_write_mem(struct hci_dev *hdev, u32 addr, u32 val) +{ + struct rtl_vendor_write_cmd cp; + struct sk_buff *skb; + int err = 0; + + cp.type = 0x21; + cp.addr = cpu_to_le32(addr); + cp.val = cpu_to_le32(val); + skb = __hci_cmd_sync(hdev, 0xfc62, sizeof(cp), &cp, HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "RTL: Write mem32 failed (%d)", err); + return err; + } + + kfree_skb(skb); + return 0; +} + static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) { void *data = iov->data; @@ -452,6 +518,30 @@ static void *rtl_iov_pull_data(struct rtl_iovec *iov, u32 len) return data; } +static void btrtl_insert_ordered_patch_image(struct rtl_section_patch_image *image, + struct btrtl_device_info *btrtl_dev) +{ + struct list_head *pos; + struct list_head *next; + struct rtl_section_patch_image *node; + + list_for_each_safe(pos, next, &btrtl_dev->patch_images) { + node = list_entry(pos, struct rtl_section_patch_image, list); + + if (node->image_id > image->image_id) { + __list_add(&image->list, pos->prev, pos); + return; + } + + if (node->image_id == image->image_id && + node->index > image->index) { + __list_add(&image->list, pos->prev, pos); + return; + } + } + __list_add(&image->list, pos->prev, pos); +} + static void btrtl_insert_ordered_subsec(struct rtl_subsection *node, struct btrtl_device_info *btrtl_dev) { @@ -629,6 +719,295 @@ static int rtlbt_parse_firmware_v2(struct hci_dev *hdev, return -EPERM; *_buf = ptr; + btrtl_dev->fw_type = FW_TYPE_V2; + return len; +} + +static int rtlbt_parse_config(struct hci_dev *hdev, + struct rtl_section_patch_image *patch_image, + struct btrtl_device_info *btrtl_dev) +{ + const struct id_table *ic_info = NULL; + const struct firmware *fw; + char tmp_name[32]; + char filename[64]; + u8 *cfg_buf; + char *str; + char *p; + int len; + int ret; + + if (btrtl_dev && btrtl_dev->ic_info) + ic_info = btrtl_dev->ic_info; + + if (!ic_info) + return -EINVAL; + + str = ic_info->cfg_name; + if (btrtl_dev->fw_type == FW_TYPE_V3_1) { + if (!patch_image->image_id && !patch_image->index) { + snprintf(filename, sizeof(filename), "%s.bin", str); + goto load_fw; + } + goto done; + } + + len = strlen(str); + if (len > sizeof(tmp_name) - 1) + len = sizeof(tmp_name) - 1; + memcpy(tmp_name, str, len); + tmp_name[len] = '\0'; + + str = tmp_name; + p = strsep(&str, "."); + + ret = snprintf(filename, sizeof(filename), "%s", p); + if (patch_image->config_rule && patch_image->need_config) { + switch (patch_image->image_id) { + case IMAGE_ID_F000: + case IMAGE_ID_F001: + case IMAGE_ID_F002: + ret += snprintf(filename + ret, sizeof(filename) - ret, + "_%04x", patch_image->image_id); + break; + default: + goto done; + } + } else { + goto done; + } + + if (str) + snprintf(filename + ret, sizeof(filename) - ret, ".%s", str); + else + snprintf(filename + ret, sizeof(filename) - ret, ".bin"); +load_fw: + rtl_dev_info(hdev, "config file: %s", filename); + ret = request_firmware(&fw, filename, &hdev->dev); + if (ret < 0) { + rtl_dev_err(hdev, "request_firmware [%s] error", filename); + if (btrtl_dev->fw_type == FW_TYPE_V3_2) { + len = 4; + cfg_buf = kvmalloc(len, GFP_KERNEL); + if (!cfg_buf) + return -ENOMEM; + + memset(cfg_buf, 0xff, len); + patch_image->cfg_buf = cfg_buf; + patch_image->cfg_len = len; + return 0; + } + goto err_req_fw; + } + cfg_buf = kvmalloc(fw->size, GFP_KERNEL); + if (!cfg_buf) { + ret = -ENOMEM; + goto err; + } + memcpy(cfg_buf, fw->data, fw->size); + len = fw->size; + release_firmware(fw); + + patch_image->cfg_buf = cfg_buf; + patch_image->cfg_len = len; +done: + return 0; +err: + release_firmware(fw); +err_req_fw: + return ret; +} + +static int rtlbt_parse_section_v3(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev, + u32 opcode, u8 *data, u32 len) +{ + struct rtl_section_patch_image *patch_image; + struct rtl_patch_image_hdr *hdr; + u16 image_id; + u16 chip_id; + u32 patch_image_len; + u8 *ptr; + int ret = 0; + u8 i; + struct rtl_iovec iov = { + .data = data, + .len = len, + }; + + hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); + if (!hdr) + return -EINVAL; + + if (btrtl_dev->opcode && btrtl_dev->opcode != opcode) { + rtl_dev_err(hdev, "invalid opcode 0x%02x", opcode); + return -EINVAL; + } + + if (!btrtl_dev->opcode) { + btrtl_dev->opcode = opcode; + switch (btrtl_dev->opcode) { + case RTL_PATCH_V3_1: + btrtl_dev->fw_type = FW_TYPE_V3_1; + break; + case RTL_PATCH_V3_PATCH_IMAGE: + btrtl_dev->fw_type = FW_TYPE_V3_2; + break; + default: + return -EINVAL; + } + } + + patch_image_len = (u32)le64_to_cpu(hdr->patch_image_len); + chip_id = le16_to_cpu(hdr->chip_id); + image_id = le16_to_cpu(hdr->image_id); + rtl_dev_info(hdev, "image (%04x:%02x), chip id %u, cut 0x%02x, len %08x" + , image_id, hdr->index, chip_id, hdr->ic_cut, + patch_image_len); + + if (btrtl_dev->key_id && btrtl_dev->key_id != hdr->key_id) { + rtl_dev_err(hdev, "invalid key_id (%u, %u)", hdr->key_id, + btrtl_dev->key_id); + return -EINVAL; + } + + if (hdr->ic_cut != btrtl_dev->rom_version + 1) { + rtl_dev_info(hdev, "unused ic_cut (%u, %u)", hdr->ic_cut, + btrtl_dev->rom_version + 1); + return -EINVAL; + } + + if (btrtl_dev->fw_type == FW_TYPE_V3_1 && !btrtl_dev->project_id) + btrtl_dev->project_id = chip_id; + + if (btrtl_dev->fw_type == FW_TYPE_V3_2 && + chip_id != btrtl_dev->project_id) { + rtl_dev_err(hdev, "invalid chip_id (%u, %d)", chip_id, + btrtl_dev->project_id); + return -EINVAL; + } + + ptr = rtl_iov_pull_data(&iov, patch_image_len); + if (!ptr) + return -ENODATA; + + patch_image = kzalloc(sizeof(*patch_image), GFP_KERNEL); + if (!patch_image) + return -ENOMEM; + patch_image->index = hdr->index; + patch_image->image_id = image_id; + patch_image->config_rule = hdr->config_rule; + patch_image->need_config = hdr->need_config; + + for (i = 0; i < DL_FIX_ADDR_MAX; i++) { + patch_image->fix[i].addr = + (u32)le64_to_cpu(hdr->addr_fix[i * 2]); + patch_image->fix[i].value = + (u32)le64_to_cpu(hdr->addr_fix[i * 2 + 1]); + } + + patch_image->image_len = patch_image_len; + patch_image->image_data = kvmalloc(patch_image_len, GFP_KERNEL); + if (!patch_image->image_data) { + ret = -ENOMEM; + goto err; + } + memcpy(patch_image->image_data, ptr, patch_image_len); + patch_image->image_ver = + get_unaligned_le32(ptr + patch_image->image_len - 4); + rtl_dev_info(hdev, "image version: %08x", patch_image->image_ver); + + rtlbt_parse_config(hdev, patch_image, btrtl_dev); + + ret = patch_image->image_len; + + btrtl_insert_ordered_patch_image(patch_image, btrtl_dev); + + return ret; +err: + kfree(patch_image); + return ret; +} + +static int rtlbt_parse_firmware_v3(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct rtl_epatch_header_v3 *hdr; + int rc; + u32 num_sections; + struct rtl_section_v3 *section; + u32 section_len; + u32 opcode; + int len = 0; + int i; + u8 *ptr; + struct rtl_iovec iov = { + .data = btrtl_dev->fw_data, + .len = btrtl_dev->fw_len, + }; + struct rtl_vendor_cmd cmd_data = { {0x10, 0xa4, 0xad, 0x00, 0xb0} }; + u8 reg_val[2]; + + if (btrtl_dev->project_id >= CHIP_ID_8922D) { + /* A0010DA4 */ + cmd_data.param[2] = 0x0d; + cmd_data.param[3] = 0x01; + cmd_data.param[4] = 0xa0; + } + + rc = btrtl_vendor_read_reg16(hdev, &cmd_data, reg_val); + if (rc < 0) + return -EIO; + + rtl_dev_info(hdev, "key id %u", reg_val[0]); + + btrtl_dev->key_id = reg_val[0]; + + hdr = rtl_iov_pull_data(&iov, sizeof(*hdr)); + if (!hdr) + return -EINVAL; + num_sections = le32_to_cpu(hdr->num_sections); + + rtl_dev_dbg(hdev, "timpstamp %08x-%08x", *((u32 *)hdr->timestamp), + *((u32 *)(hdr->timestamp + 4))); + + for (i = 0; i < num_sections; i++) { + section = rtl_iov_pull_data(&iov, sizeof(*section)); + if (!section) + break; + + section_len = (u32)le64_to_cpu(section->len); + opcode = le32_to_cpu(section->opcode); + + rtl_dev_dbg(hdev, "opcode 0x%04x", section->opcode); + + ptr = rtl_iov_pull_data(&iov, section_len); + if (!ptr) + break; + + rc = 0; + switch (opcode) { + case RTL_PATCH_V3_1: + case RTL_PATCH_V3_PATCH_IMAGE: + rc = rtlbt_parse_section_v3(hdev, btrtl_dev, opcode, + ptr, section_len); + break; + default: + rtl_dev_warn(hdev, "Unknown opcode %08x", opcode); + break; + } + if (rc < 0) { + rtl_dev_err(hdev, "Parse section (%u) err (%d)", + opcode, rc); + continue; + } + len += rc; + } + + rtl_dev_info(hdev, "image payload total len: 0x%08x", len); + if (!len) + return -ENODATA; + return len; } @@ -673,6 +1052,9 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, if (btrtl_dev->fw_len <= 8) return -EINVAL; + if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE_V3, 8)) + return rtlbt_parse_firmware_v3(hdev, btrtl_dev); + if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; @@ -808,10 +1190,11 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); *_buf = buf; + btrtl_dev->fw_type = FW_TYPE_V1; return len; } -static int rtl_download_firmware(struct hci_dev *hdev, +static int rtl_download_firmware(struct hci_dev *hdev, u8 fw_type, const unsigned char *data, int fw_len) { struct rtl_download_cmd *dl_cmd; @@ -822,6 +1205,13 @@ static int rtl_download_firmware(struct hci_dev *hdev, int j = 0; struct sk_buff *skb; struct hci_rp_read_local_version *rp; + u8 dl_rp_len = sizeof(struct rtl_download_response); + + if (is_v3_fw(fw_type)) { + j = 1; + if (fw_type == FW_TYPE_V3_2) + dl_rp_len++; + } dl_cmd = kmalloc(sizeof(*dl_cmd), GFP_KERNEL); if (!dl_cmd) @@ -834,7 +1224,7 @@ static int rtl_download_firmware(struct hci_dev *hdev, if (dl_cmd->index == 0x7f) j = 1; - if (i == (frag_num - 1)) { + if (i == (frag_num - 1) && !is_v3_fw(fw_type)) { dl_cmd->index |= 0x80; /* data end */ frag_len = fw_len % RTL_FRAG_LEN; } @@ -852,7 +1242,7 @@ static int rtl_download_firmware(struct hci_dev *hdev, goto out; } - if (skb->len != sizeof(struct rtl_download_response)) { + if (skb->len != dl_rp_len) { rtl_dev_err(hdev, "download fw event length mismatch"); kfree_skb(skb); ret = -EIO; @@ -863,6 +1253,9 @@ static int rtl_download_firmware(struct hci_dev *hdev, data += RTL_FRAG_LEN; } + if (is_v3_fw(fw_type)) + goto out; + skb = btrtl_read_local_version(hdev); if (IS_ERR(skb)) { ret = PTR_ERR(skb); @@ -880,6 +1273,226 @@ static int rtl_download_firmware(struct hci_dev *hdev, return ret; } +static int rtl_check_download_state(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct sk_buff *skb; + int ret = 0; + u8 state; + + skb = __hci_cmd_sync(hdev, 0xfdcf, 0, NULL, HCI_CMD_TIMEOUT); + if (IS_ERR(skb)) { + rtl_dev_err(hdev, "write tb error %lu", PTR_ERR(skb)); + return -EIO; + } + + /* Other driver might be downloading the combined firmware. */ + state = skb->data[0]; + kfree_skb(skb); + if (state == 0x03) { + btrealtek_set_flag(hdev, REALTEK_DOWNLOADING); + ret = btrealtek_wait_on_flag_timeout(hdev, REALTEK_DOWNLOADING, + TASK_INTERRUPTIBLE, + msecs_to_jiffies(5000)); + if (ret == -EINTR) { + bt_dev_err(hdev, "Firmware loading interrupted"); + return ret; + } + + if (ret) { + bt_dev_err(hdev, "Firmware loading timeout"); + return -ETIMEDOUT; + } + + ret = -EALREADY; + } + + return 0; +} + +static int rtl_finalize_download(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct hci_rp_read_local_version *rp_ver; + u8 params[2] = { 0x03, 0xb2 }; + struct sk_buff *skb; + u16 opcode; + u32 len; + int ret; + + opcode = 0xfc8e; + len = 2; + if (btrtl_dev->opcode == RTL_PATCH_V3_1) { + opcode = 0xfc20; + params[0] = 0x80; + len = 1; + } + skb = __hci_cmd_sync(hdev, opcode, len, params, HCI_CMD_TIMEOUT); + if (IS_ERR(skb)) { + rtl_dev_err(hdev, "Watchdog reset err (%ld)", PTR_ERR(skb)); + return -EIO; + } + rtl_dev_info(hdev, "Watchdog reset status %02x", skb->data[0]); + kfree_skb(skb); + + skb = btrtl_read_local_version(hdev); + if (IS_ERR(skb)) { + ret = PTR_ERR(skb); + rtl_dev_err(hdev, "read local version failed (%d)", ret); + return ret; + } + + rp_ver = (struct hci_rp_read_local_version *)skb->data; + rtl_dev_info(hdev, "fw version 0x%04x%04x", + __le16_to_cpu(rp_ver->hci_rev), + __le16_to_cpu(rp_ver->lmp_subver)); + kfree_skb(skb); + + return 0; +} + +static int rtl_security_check(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct rtl_section_patch_image *tmp = NULL; + struct rtl_section_patch_image *image = NULL; + u32 val; + int ret; + + list_for_each_entry_reverse(tmp, &btrtl_dev->patch_images, list) { + /* Check security hdr */ + if (!tmp->fix[DL_FIX_SEC_HDR_ADDR].value || + !tmp->fix[DL_FIX_SEC_HDR_ADDR].addr || + tmp->fix[DL_FIX_SEC_HDR_ADDR].addr == 0xffffffff) + continue; + rtl_dev_info(hdev, "addr 0x%08x, value 0x%08x", + tmp->fix[DL_FIX_SEC_HDR_ADDR].addr, + tmp->fix[DL_FIX_SEC_HDR_ADDR].value); + image = tmp; + break; + } + + if (!image) + return 0; + + rtl_dev_info(hdev, "sec image (%04x:%02x)", image->image_id, + image->index); + val = image->fix[DL_FIX_PATCH_ADDR].value + image->image_len - + image->fix[DL_FIX_SEC_HDR_ADDR].value; + ret = btrtl_vendor_write_mem(hdev, image->fix[DL_FIX_PATCH_ADDR].addr, + val); + if (ret) { + rtl_dev_err(hdev, "write sec reg failed (%d)", ret); + return ret; + } + return 0; +} + +static int rtl_download_firmware_v3(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct rtl_section_patch_image *image, *tmp; + struct rtl_rp_dl_v3 *rp; + struct sk_buff *skb; + u8 *fw_data; + int fw_len; + int ret = 0; + u8 i; + + if (btrtl_dev->fw_type == FW_TYPE_V3_2) { + ret = rtl_check_download_state(hdev, btrtl_dev); + if (ret) { + if (ret == -EALREADY) + return 0; + return ret; + } + } + + list_for_each_entry_safe(image, tmp, &btrtl_dev->patch_images, list) { + rtl_dev_dbg(hdev, "image (%04x:%02x)", image->image_id, + image->index); + + for (i = DL_FIX_CI_ID; i < DL_FIX_ADDR_MAX; i++) { + if (!image->fix[i].addr || + image->fix[i].addr == 0xffffffff) { + rtl_dev_dbg(hdev, "no need to write addr %08x", + image->fix[i].addr); + continue; + } + rtl_dev_dbg(hdev, "write addr and val, 0x%08x, 0x%08x", + image->fix[i].addr, image->fix[i].value); + if (btrtl_vendor_write_mem(hdev, image->fix[i].addr, + image->fix[i].value)) { + rtl_dev_err(hdev, "write reg failed"); + ret = -EIO; + goto done; + } + } + + fw_len = image->image_len + image->cfg_len; + fw_data = kvmalloc(fw_len, GFP_KERNEL); + if (!fw_data) { + rtl_dev_err(hdev, "Couldn't alloc buf for image data"); + ret = -ENOMEM; + goto done; + } + memcpy(fw_data, image->image_data, image->image_len); + if (image->cfg_len > 0) + memcpy(fw_data + image->image_len, image->cfg_buf, + image->cfg_len); + + rtl_dev_dbg(hdev, "patch image (%04x:%02x). len: %d", + image->image_id, image->index, fw_len); + rtl_dev_dbg(hdev, "fw_data %p, image buf %p, len %u", fw_data, + image->image_data, image->image_len); + + ret = rtl_download_firmware(hdev, btrtl_dev->fw_type, fw_data, + fw_len); + kvfree(fw_data); + if (ret < 0) { + rtl_dev_err(hdev, "download firmware failed (%d)", ret); + goto done; + } + + if (image->list.next != &btrtl_dev->patch_images && + image->image_id == tmp->image_id) + continue; + + if (btrtl_dev->fw_type == FW_TYPE_V3_1) + continue; + + i = 0x80; + skb = __hci_cmd_sync(hdev, 0xfc20, 1, &i, HCI_CMD_TIMEOUT); + if (IS_ERR(skb)) { + ret = -EIO; + rtl_dev_err(hdev, "Failed to issue last cmd fc20, %ld", + PTR_ERR(skb)); + goto done; + } + rp = (void *)skb->data; + ret = rp->err; + kfree_skb(skb); + if (ret == 2) { + /* Verification failure */ + ret = -EFAULT; + goto done; + } + } + + if (btrtl_dev->fw_type == FW_TYPE_V3_1) { + ret = rtl_security_check(hdev, btrtl_dev); + if (ret) { + rtl_dev_err(hdev, "Security check failed (%d)", ret); + goto done; + } + } + + ret = rtl_finalize_download(hdev, btrtl_dev); + +done: + return ret; +} + static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) { const struct firmware *fw; @@ -913,7 +1526,7 @@ static int btrtl_setup_rtl8723a(struct hci_dev *hdev, return -EINVAL; } - return rtl_download_firmware(hdev, btrtl_dev->fw_data, + return rtl_download_firmware(hdev, FW_TYPE_V0, btrtl_dev->fw_data, btrtl_dev->fw_len); } @@ -928,7 +1541,7 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, if (ret < 0) goto out; - if (btrtl_dev->cfg_len > 0) { + if (!is_v3_fw(btrtl_dev->fw_type) && btrtl_dev->cfg_len > 0) { tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); if (!tbuff) { ret = -ENOMEM; @@ -944,9 +1557,14 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, fw_data = tbuff; } + if (is_v3_fw(btrtl_dev->fw_type)) { + ret = rtl_download_firmware_v3(hdev, btrtl_dev); + goto out; + } + rtl_dev_info(hdev, "cfg_sz %d, total sz %d", btrtl_dev->cfg_len, ret); - ret = rtl_download_firmware(hdev, fw_data, ret); + ret = rtl_download_firmware(hdev, btrtl_dev->fw_type, fw_data, ret); out: kvfree(fw_data); @@ -1042,6 +1660,7 @@ static int rtl_read_chip_type(struct hci_dev *hdev, u8 *type) void btrtl_free(struct btrtl_device_info *btrtl_dev) { struct rtl_subsection *entry, *tmp; + struct rtl_section_patch_image *image, *next; kvfree(btrtl_dev->fw_data); kvfree(btrtl_dev->cfg_data); @@ -1051,6 +1670,15 @@ void btrtl_free(struct btrtl_device_info *btrtl_dev) kfree(entry); } + list_for_each_entry_safe(image, next, &btrtl_dev->patch_images, list) { + list_del(&image->list); + if (image->image_data) + kvfree(image->image_data); + if (image->cfg_buf) + kvfree(image->cfg_buf); + kfree(image); + } + kfree(btrtl_dev); } EXPORT_SYMBOL_GPL(btrtl_free); @@ -1058,7 +1686,7 @@ EXPORT_SYMBOL_GPL(btrtl_free); struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, const char *postfix) { - struct btrealtek_data *coredump_info = hci_get_priv(hdev); + struct btrealtek_data *btrtl_data = hci_get_priv(hdev); struct btrtl_device_info *btrtl_dev; struct sk_buff *skb; struct hci_rp_read_local_version *resp; @@ -1069,6 +1697,7 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, u8 hci_ver, lmp_ver, chip_type = 0; int ret; u8 reg_val[2]; + u8 chip_id = 0; btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL); if (!btrtl_dev) { @@ -1077,8 +1706,14 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, } INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); + INIT_LIST_HEAD(&btrtl_dev->patch_images); check_version: + ret = btrtl_read_chip_id(hdev, &chip_id); + if (!ret && chip_id == CHIP_ID_8922D) { + btrtl_dev->project_id = chip_id; + goto read_local_ver; + ret = btrtl_vendor_read_reg16(hdev, RTL_CHIP_SUBVER, reg_val); if (ret < 0) goto err_free; @@ -1101,6 +1736,7 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, } } +read_local_ver: skb = btrtl_read_local_version(hdev); if (IS_ERR(skb)) { ret = PTR_ERR(skb); @@ -1228,7 +1864,7 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, hci_set_msft_opcode(hdev, 0xFCF0); if (btrtl_dev->ic_info) - coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info; + btrtl_data->rtl_dump.controller = btrtl_dev->ic_info->hw_info; return btrtl_dev; @@ -1301,6 +1937,7 @@ void btrtl_set_quirks(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) case CHIP_ID_8851B: case CHIP_ID_8922A: case CHIP_ID_8852BT: + case CHIP_ID_8922D: set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); /* RTL8852C needs to transmit mSBC data continuously without @@ -1387,6 +2024,23 @@ int btrtl_shutdown_realtek(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); +int btrtl_recv_event(struct hci_dev *hdev, struct sk_buff *skb) +{ + struct hci_event_hdr *hdr = (void *)skb->data; + + if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && + hdr->plen > 0) { + if (skb->data[2] == 0x77 && + btrealtek_test_and_clear_flag(hdev, REALTEK_DOWNLOADING)) { + btrealtek_wake_up_flag(hdev, REALTEK_DOWNLOADING); + return 0; + } + } + + return hci_recv_frame(hdev, skb); +} +EXPORT_SYMBOL_GPL(btrtl_recv_event); + static unsigned int btrtl_convert_baudrate(u32 device_baudrate) { switch (device_baudrate) { diff --git a/drivers/bluetooth/btrtl.h b/drivers/bluetooth/btrtl.h index a2d9d34f9fb0..ea3537b9d4fd 100644 --- a/drivers/bluetooth/btrtl.h +++ b/drivers/bluetooth/btrtl.h @@ -12,6 +12,19 @@ #define rtl_dev_info(dev, fmt, ...) bt_dev_info(dev, "RTL: " fmt, ##__VA_ARGS__) #define rtl_dev_dbg(dev, fmt, ...) bt_dev_dbg(dev, "RTL: " fmt, ##__VA_ARGS__) +#define FW_TYPE_V0 0 +#define FW_TYPE_V1 1 +#define FW_TYPE_V2 2 +#define FW_TYPE_V3_1 3 +#define FW_TYPE_V3_2 4 +#define is_v3_fw(type) (type == FW_TYPE_V3_1 || type == FW_TYPE_V3_2) + +#define DL_FIX_CI_ID 0 +#define DL_FIX_CI_ADDR 1 +#define DL_FIX_PATCH_ADDR 2 +#define DL_FIX_SEC_HDR_ADDR 3 +#define DL_FIX_ADDR_MAX 4 + struct btrtl_device_info; struct rtl_chip_type_evt { @@ -103,8 +116,79 @@ struct rtl_vendor_cmd { __u8 param[5]; } __packed; +struct rtl_vendor_write_cmd { + u8 type; + __le32 addr; + __le32 val; +} __packed; + +struct rtl_rp_read_chip_id { + __u8 status; + __u8 chip_id; +} __packed; + +struct rtl_rp_dl_v3 { + __u8 status; + __u8 index; + __u8 err; +} __packed; + +struct rtl_epatch_header_v3 { + __u8 signature[8]; + __u8 timestamp[8]; + __le32 ver_rsvd; + __le32 num_sections; +} __packed; + +struct rtl_section_v3 { + __le32 opcode; + __le64 len; + u8 data[]; +} __packed; + +struct rtl_addr_fix { + u32 addr; + u32 value; +}; + +struct rtl_section_patch_image { + u16 image_id; + u8 index; + u8 config_rule; + u8 need_config; + + struct rtl_addr_fix fix[DL_FIX_ADDR_MAX]; + + u32 image_len; + u8 *image_data; + u32 image_ver; + + u8 *cfg_buf; + u16 cfg_len; + + struct list_head list; +}; + +struct rtl_patch_image_hdr { + __le16 chip_id; + u8 ic_cut; + u8 key_id; + u8 enable_ota; + __le16 image_id; + u8 config_rule; + u8 need_config; + u8 rsv[950]; + + __le64 addr_fix[DL_FIX_ADDR_MAX * 2]; + u8 index; + + __le64 patch_image_len; + __u8 data[]; +} __packed; + enum { REALTEK_ALT6_CONTINUOUS_TX_CHIP, + REALTEK_DOWNLOADING, __REALTEK_NUM_FLAGS, }; @@ -130,8 +214,20 @@ struct btrealtek_data { #define btrealtek_get_flag(hdev) \ (((struct btrealtek_data *)hci_get_priv(hdev))->flags) +#define btrealtek_wake_up_flag(hdev, nr) \ + do { \ + struct btrealtek_data *rtl = hci_get_priv((hdev)); \ + wake_up_bit(rtl->flags, (nr)); \ + } while (0) + #define btrealtek_test_flag(hdev, nr) test_bit((nr), btrealtek_get_flag(hdev)) +#define btrealtek_test_and_clear_flag(hdev, nr) \ + test_and_clear_bit((nr), btrealtek_get_flag(hdev)) + +#define btrealtek_wait_on_flag_timeout(hdev, nr, m, to) \ + wait_on_bit_timeout(btrealtek_get_flag(hdev), (nr), m, to) + #if IS_ENABLED(CONFIG_BT_RTL) struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, @@ -148,6 +244,7 @@ int btrtl_get_uart_settings(struct hci_dev *hdev, unsigned int *controller_baudrate, u32 *device_baudrate, bool *flow_control); void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name); +int btrtl_recv_event(struct hci_dev *hdev, struct sk_buff *skb); #else diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 3016ee9f2932..08ec38917850 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -2674,6 +2674,9 @@ static int btusb_recv_event_realtek(struct hci_dev *hdev, struct sk_buff *skb) return 0; } + if (skb->data[0] == HCI_VENDOR_PKT) + return btrtl_recv_event(hdev, skb); + return hci_recv_frame(hdev, skb); } From patchwork Thu May 29 12:48:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hilda Wu X-Patchwork-Id: 893394 Received: from rtits2.realtek.com.tw (rtits2.realtek.com [211.75.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E66AF21CFE0; Thu, 29 May 2025 12:48:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=211.75.126.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748522915; cv=none; b=QplM3+rvqSNk3zIKFtm3NDzQWWMXKdxmxdU90SkhoWS4mJSR99D3pKnqEQF16F9SQ1e8V6T5yDaq7G6IrrxiF/Jv7JkJWRohc5iBDXfoFeHpvzH6UrroJ2pBdT44DjbN7BfH7ZBTAQRzQAO8AIFlabUTUYiJtJ/VlHVhr7AoJ6I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748522915; c=relaxed/simple; bh=kb1V5rUXK7gOblUM5pHVDe1Qxjoy9ECqpnWozYjRmxM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ar1qmdX+KNIFf8nnHm7yCHLEzR5dmi0LadG513BAkfqxosSNgHsoW+YPrx3URWZo9HpxlywJhz4sYz5R9fuiCceD7MQARx+k3DrB2a8tb0CLpflfm7NJFdNezDhZBqeqjleD58yCUdN1inMTJ3GEcSD5Ycfw9l6fW4m3oe+IcT0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=realtek.com; spf=pass smtp.mailfrom=realtek.com; dkim=pass (2048-bit key) header.d=realtek.com header.i=@realtek.com header.b=pPsWKm43; arc=none smtp.client-ip=211.75.126.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=realtek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=realtek.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=realtek.com header.i=@realtek.com header.b="pPsWKm43" X-SpamFilter-By: ArmorX SpamTrap 5.80 with qID 54TCmPHy91428909, This message is accepted by code: ctloc85258 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=realtek.com; s=dkim; t=1748522905; bh=2IT6HXW0M58UhOVk/j2nV0dAkkycG5LOxJ1YCdIVOG0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Transfer-Encoding:Content-Type; b=pPsWKm43c9ARsXHfCgKTm9gib6GXjhPDraQZxY1T6KwmPyKDie5rtAOj65B4WMKtV O9nX23i9ExK29hAyWK0KWwlB2340YVyl92j1iM0B2XC0IFyzmWlM9PJFPPkpBCD3L4 sR0GIRq4zne9GNUizqTfyQv3eSzm8qX+5bJrNwW/aLIJEHZjWbaOljibijQojTkZfw 14ZMDcjsTFEuDFwLjB+wLy1fbLsPtPPSqZSW2zTdbkgbFFXTHMnUvuFSgJghDnaF2c FtyF91DMMyUA+RWrDHkmKm2dF1W/D5UzXQSTB22VwTd+XHT2qle2IIWRT/QWsDa6oK 91KjpkqU5xwcw== Received: from mail.realtek.com (rtexh36506.realtek.com.tw[172.21.6.27]) by rtits2.realtek.com.tw (8.15.2/3.13/5.93) with ESMTPS id 54TCmPHy91428909 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 29 May 2025 20:48:25 +0800 Received: from RTEXDAG02.realtek.com.tw (172.21.6.101) by RTEXH36506.realtek.com.tw (172.21.6.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 29 May 2025 20:48:26 +0800 Received: from localhost.localhost (172.21.132.53) by RTEXDAG02.realtek.com.tw (172.21.6.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 29 May 2025 20:48:25 +0800 From: Hilda Wu To: CC: , , , , Subject: [PATCH 2/2] Bluetooth: btrtl: Add enhanced download support Date: Thu, 29 May 2025 20:48:16 +0800 Message-ID: <20250529124816.4186320-3-hildawu@realtek.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250529124816.4186320-1-hildawu@realtek.com> References: <20250529124816.4186320-1-hildawu@realtek.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: RTEXH36505.realtek.com.tw (172.21.6.25) To RTEXDAG02.realtek.com.tw (172.21.6.101) Add an enhanced download mode for firmware format v3. Use ACL to speed up firmware downloads. Signed-off-by: Alex Lu Signed-off-by: Hilda Wu --- drivers/bluetooth/btrtl.c | 205 +++++++++++++++++++++++++++++++++++++- drivers/bluetooth/btrtl.h | 5 + 2 files changed, 208 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c index 0e6332a45ced..2c6239091a68 100644 --- a/drivers/bluetooth/btrtl.c +++ b/drivers/bluetooth/btrtl.c @@ -108,6 +108,8 @@ struct btrtl_device_info { u32 opcode; u8 fw_type; u8 key_id; + u16 handle; + u16 acldata_pkt_len; struct list_head patch_subsecs; struct list_head patch_images; }; @@ -1310,6 +1312,178 @@ static int rtl_check_download_state(struct hci_dev *hdev, return 0; } +struct hci_rp_enhanced_download_mode { + __u8 status; + __u8 reserved1; + __le16 handle; + __le16 acldata_pkt_len; + __u8 reserved2; +} __packed; + +static int btrtl_enhanced_download_mode_enable(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev) +{ + struct hci_rp_enhanced_download_mode *ev; + struct sk_buff *skb; + u16 opcode = 0xfc1f; + u8 val = 1; + int ret = -EINVAL; + + skb = __hci_cmd_sync(hdev, opcode, 1, &val, HCI_CMD_TIMEOUT); + if (IS_ERR(skb)) { + bt_dev_err(hdev, "send %04x error (%lu)", opcode, PTR_ERR(skb)); + return -EIO; + } + if (skb->len != sizeof(*ev)) { + bt_dev_err(hdev, "got invalid cmd complete, %u %lu", skb->len, + sizeof(*ev)); + goto err; + } + ev = (struct hci_rp_enhanced_download_mode *)skb->data; + if (ev->status) { + bt_dev_err(hdev, "got invalid status 0x%02x", ev->status); + goto err; + } + btrtl_dev->handle = le16_to_cpu(ev->handle); + btrtl_dev->acldata_pkt_len = le16_to_cpu(ev->acldata_pkt_len); + kfree_skb(skb); + + bt_dev_info(hdev, "enhanced download mode enabled, handle %04x, acl %u", + btrtl_dev->handle, btrtl_dev->acldata_pkt_len); + + return 0; +err: + kfree_skb(skb); + return ret; +} + +struct rtl_acl_download_rp { + __u8 subevent; + __u8 index; + __le16 handle; + __le32 loaded_len; +} __packed; + +static int rtl_acl_download_firmware(struct hci_dev *hdev, + struct btrtl_device_info *btrtl_dev, + const unsigned char *data, int fw_len) +{ + struct btrealtek_data *btrtl_data = hci_get_priv(hdev); + int frag_num = fw_len / RTL_FRAG_LEN + 1; + int frag_len = RTL_FRAG_LEN; + int ret = 0; + int i; + int j = 0; + struct sk_buff *skb; + struct rtl_acl_download_rp *rp; + u16 max_payload_len; + struct hci_acl_hdr *hdr; + u8 index; + + if (is_v3_fw(btrtl_dev->fw_type)) + j = 1; + + btrtl_data->dlreq_status = 0; + btrtl_data->dlreq_result = 0; + btrtl_data->dlreq_rsp = NULL; + max_payload_len = (btrtl_dev->acldata_pkt_len - 1) & ~0x3; + + for (i = 0; i < frag_num; i++) { + index = j++; + if (index == 0x7f) + j = 1; + + if (i == (frag_num - 1) && !is_v3_fw(btrtl_dev->fw_type)) { + index |= 0x80; /* data end */ + frag_len = fw_len % max_payload_len; + } + rtl_dev_dbg(hdev, "acl download fw (%d/%d). index = %d", i, + frag_num, index); + + skb = bt_skb_alloc(sizeof(*hdr) + 1 + frag_len, GFP_KERNEL); + if (!skb) + return -ENOMEM; + hdr = (struct hci_acl_hdr *)skb_put(skb, sizeof(*hdr)); + hdr->handle = cpu_to_le16(btrtl_dev->handle | 0x8000); + hdr->dlen = cpu_to_le16(1 + frag_len); + *(u8 *)skb_put(skb, 1) = index; + memcpy(skb_put(skb, frag_len), data, frag_len); + + hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; + + btrtl_data->dlreq_status = HCI_REQ_PEND; + + ret = hdev->send(hdev, skb); + if (ret < 0) { + bt_dev_err(hdev, "sending frame failed (%d)", ret); + goto err; + } + + ret = wait_event_interruptible_timeout(btrtl_data->dlreq_wait_q, + btrtl_data->dlreq_status != HCI_REQ_PEND, + HCI_INIT_TIMEOUT); + if (ret == -ERESTARTSYS) + goto out; + + switch (btrtl_data->dlreq_status) { + case HCI_REQ_DONE: + ret = -bt_to_errno(btrtl_data->dlreq_result); + break; + + case HCI_REQ_CANCELED: + ret = -btrtl_data->dlreq_result; + break; + + default: + ret = -ETIMEDOUT; + break; + } + + btrtl_data->dlreq_status = 0; + btrtl_data->dlreq_result = 0; + skb = btrtl_data->dlreq_rsp; + btrtl_data->dlreq_rsp = NULL; + + bt_dev_dbg(hdev, "end: err %d", ret); + + if (ret < 0) { + bt_dev_err(hdev, "wait on complete err (%d)", ret); + goto err; + } + + if (!skb) + return -ENODATA; + + if (skb->len != sizeof(*rp)) { + rtl_dev_err(hdev, "acl download fw event len mismatch"); + ret = -EIO; + goto err; + } + rp = (struct rtl_acl_download_rp *)skb->data; + if ((btrtl_dev->handle & 0xfff) != le16_to_cpu(rp->handle)) { + rtl_dev_err(hdev, "handle mismatch (%04x %04x)", + btrtl_dev->handle & 0xfff, + le16_to_cpu(rp->handle)); + ret = -EINVAL; + goto err; + } + if (index != rp->index) { + rtl_dev_err(hdev, "index mismatch (%u, %u)", index, + rp->index); + ret = -EINVAL; + goto err; + } + + kfree_skb(skb); + data += frag_len; + } +out: + return ret; +err: + kfree_skb(skb); + return ret; +} + static int rtl_finalize_download(struct hci_dev *hdev, struct btrtl_device_info *btrtl_dev) { @@ -1394,6 +1568,7 @@ static int rtl_download_firmware_v3(struct hci_dev *hdev, struct rtl_section_patch_image *image, *tmp; struct rtl_rp_dl_v3 *rp; struct sk_buff *skb; + u8 enh_dl = 0; u8 *fw_data; int fw_len; int ret = 0; @@ -1408,6 +1583,16 @@ static int rtl_download_firmware_v3(struct hci_dev *hdev, } } + switch (btrtl_dev->project_id) { + case CHIP_ID_8852C: + case CHIP_ID_8922D: + if (!btrtl_enhanced_download_mode_enable(hdev, btrtl_dev)) + enh_dl = 1; + break; + default: + break; + } + list_for_each_entry_safe(image, tmp, &btrtl_dev->patch_images, list) { rtl_dev_dbg(hdev, "image (%04x:%02x)", image->image_id, image->index); @@ -1446,8 +1631,13 @@ static int rtl_download_firmware_v3(struct hci_dev *hdev, rtl_dev_dbg(hdev, "fw_data %p, image buf %p, len %u", fw_data, image->image_data, image->image_len); - ret = rtl_download_firmware(hdev, btrtl_dev->fw_type, fw_data, - fw_len); + if (enh_dl) + ret = rtl_acl_download_firmware(hdev, btrtl_dev, + fw_data, fw_len); + else + ret = rtl_download_firmware(hdev, btrtl_dev->fw_type, + fw_data, fw_len); + kvfree(fw_data); if (ret < 0) { rtl_dev_err(hdev, "download firmware failed (%d)", ret); @@ -1707,6 +1897,7 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev, INIT_LIST_HEAD(&btrtl_dev->patch_subsecs); INIT_LIST_HEAD(&btrtl_dev->patch_images); + init_waitqueue_head(&btrtl_data->dlreq_wait_q); check_version: ret = btrtl_read_chip_id(hdev, &chip_id); @@ -2026,6 +2217,7 @@ EXPORT_SYMBOL_GPL(btrtl_shutdown_realtek); int btrtl_recv_event(struct hci_dev *hdev, struct sk_buff *skb) { + struct btrealtek_data *btrtl_data = hci_get_priv(hdev); struct hci_event_hdr *hdr = (void *)skb->data; if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && @@ -2034,6 +2226,15 @@ int btrtl_recv_event(struct hci_dev *hdev, struct sk_buff *skb) btrealtek_test_and_clear_flag(hdev, REALTEK_DOWNLOADING)) { btrealtek_wake_up_flag(hdev, REALTEK_DOWNLOADING); return 0; + } else if (skb->data[2] == 0x2a) { + if (btrtl_data->dlreq_status == HCI_REQ_PEND) { + btrtl_data->dlreq_result = 0; + btrtl_data->dlreq_status = HCI_REQ_DONE; + skb_pull(skb, sizeof(*hdr)); + btrtl_data->dlreq_rsp = skb; + wake_up_interruptible(&btrtl_data->dlreq_wait_q); + } + return 0; } } diff --git a/drivers/bluetooth/btrtl.h b/drivers/bluetooth/btrtl.h index ea3537b9d4fd..781ac845944e 100644 --- a/drivers/bluetooth/btrtl.h +++ b/drivers/bluetooth/btrtl.h @@ -203,6 +203,11 @@ struct btrealtek_data { DECLARE_BITMAP(flags, __REALTEK_NUM_FLAGS); struct rtl_dump_info rtl_dump; + + wait_queue_head_t dlreq_wait_q; + __u32 dlreq_status; + __u32 dlreq_result; + struct sk_buff *dlreq_rsp; }; #define btrealtek_set_flag(hdev, nr) \