|
|
@@ -28,7 +28,7 @@
|
|
|
#include <net/bluetooth/bluetooth.h>
|
|
|
#include <net/bluetooth/hci_core.h>
|
|
|
|
|
|
-#define VERSION "0.6"
|
|
|
+#define VERSION "0.7"
|
|
|
|
|
|
static bool disable_scofix;
|
|
|
static bool force_scofix;
|
|
|
@@ -50,11 +50,16 @@ static struct usb_driver btusb_driver;
|
|
|
#define BTUSB_BCM_PATCHRAM 0x400
|
|
|
#define BTUSB_MARVELL 0x800
|
|
|
#define BTUSB_SWAVE 0x1000
|
|
|
+#define BTUSB_INTEL_NEW 0x2000
|
|
|
+#define BTUSB_AMP 0x4000
|
|
|
|
|
|
static const struct usb_device_id btusb_table[] = {
|
|
|
/* Generic Bluetooth USB device */
|
|
|
{ USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
|
|
|
|
|
|
+ /* Generic Bluetooth AMP device */
|
|
|
+ { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
|
|
|
+
|
|
|
/* Apple-specific (Broadcom) devices */
|
|
|
{ USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
|
|
|
|
|
|
@@ -110,16 +115,24 @@ static const struct usb_device_id btusb_table[] = {
|
|
|
{ USB_DEVICE(0x13d3, 0x3404),
|
|
|
.driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
|
|
|
+ /* Broadcom BCM20702B0 (Dynex/Insignia) */
|
|
|
+ { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
+
|
|
|
/* Foxconn - Hon Hai */
|
|
|
{ USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
|
|
|
.driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
|
|
|
+ /* Lite-On Technology - Broadcom based */
|
|
|
+ { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
|
|
|
+ .driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
+
|
|
|
/* Broadcom devices with vendor specific id */
|
|
|
{ USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
|
|
|
.driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
|
|
|
/* ASUSTek Computer - Broadcom based */
|
|
|
- { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) },
|
|
|
+ { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
|
|
|
+ .driver_info = BTUSB_BCM_PATCHRAM },
|
|
|
|
|
|
/* Belkin F8065bf - Broadcom based */
|
|
|
{ USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
|
|
|
@@ -189,6 +202,7 @@ static const struct usb_device_id blacklist_table[] = {
|
|
|
{ USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
|
|
|
{ USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
|
|
|
{ USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
|
|
|
+ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
|
|
|
{ USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
|
|
|
|
|
|
/* Atheros AR5BBU12 with sflash firmware */
|
|
|
@@ -253,13 +267,18 @@ static const struct usb_device_id blacklist_table[] = {
|
|
|
{ USB_DEVICE(0x16d3, 0x0002),
|
|
|
.driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
|
|
|
|
|
|
- /* Intel Bluetooth device */
|
|
|
+ /* Marvell Bluetooth devices */
|
|
|
+ { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
|
|
|
+ { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
|
|
|
+
|
|
|
+ /* Intel Bluetooth devices */
|
|
|
{ USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
|
|
|
{ USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
|
|
|
+ { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
|
|
|
|
|
|
- /* Marvell device */
|
|
|
- { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
|
|
|
- { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
|
|
|
+ /* Other Intel Bluetooth devices */
|
|
|
+ { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
|
|
|
+ .driver_info = BTUSB_IGNORE },
|
|
|
|
|
|
{ } /* Terminating entry */
|
|
|
};
|
|
|
@@ -271,6 +290,11 @@ static const struct usb_device_id blacklist_table[] = {
|
|
|
#define BTUSB_ISOC_RUNNING 2
|
|
|
#define BTUSB_SUSPENDING 3
|
|
|
#define BTUSB_DID_ISO_RESUME 4
|
|
|
+#define BTUSB_BOOTLOADER 5
|
|
|
+#define BTUSB_DOWNLOADING 6
|
|
|
+#define BTUSB_FIRMWARE_LOADED 7
|
|
|
+#define BTUSB_FIRMWARE_FAILED 8
|
|
|
+#define BTUSB_BOOTING 9
|
|
|
|
|
|
struct btusb_data {
|
|
|
struct hci_dev *hdev;
|
|
|
@@ -304,6 +328,7 @@ struct btusb_data {
|
|
|
struct usb_endpoint_descriptor *isoc_rx_ep;
|
|
|
|
|
|
__u8 cmdreq_type;
|
|
|
+ __u8 cmdreq;
|
|
|
|
|
|
unsigned int sco_num;
|
|
|
int isoc_altsetting;
|
|
|
@@ -313,6 +338,16 @@ struct btusb_data {
|
|
|
int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
|
|
|
};
|
|
|
|
|
|
+static int btusb_wait_on_bit_timeout(void *word, int bit, unsigned long timeout,
|
|
|
+ unsigned mode)
|
|
|
+{
|
|
|
+ might_sleep();
|
|
|
+ if (!test_bit(bit, word))
|
|
|
+ return 0;
|
|
|
+ return out_of_line_wait_on_bit_timeout(word, bit, bit_wait_timeout,
|
|
|
+ mode, timeout);
|
|
|
+}
|
|
|
+
|
|
|
static inline void btusb_free_frags(struct btusb_data *data)
|
|
|
{
|
|
|
unsigned long flags;
|
|
|
@@ -957,7 +992,7 @@ static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
|
|
|
}
|
|
|
|
|
|
dr->bRequestType = data->cmdreq_type;
|
|
|
- dr->bRequest = 0;
|
|
|
+ dr->bRequest = data->cmdreq;
|
|
|
dr->wIndex = 0;
|
|
|
dr->wValue = 0;
|
|
|
dr->wLength = __cpu_to_le16(skb->len);
|
|
|
@@ -1295,6 +1330,26 @@ struct intel_version {
|
|
|
u8 fw_patch_num;
|
|
|
} __packed;
|
|
|
|
|
|
+struct intel_boot_params {
|
|
|
+ __u8 status;
|
|
|
+ __u8 otp_format;
|
|
|
+ __u8 otp_content;
|
|
|
+ __u8 otp_patch;
|
|
|
+ __le16 dev_revid;
|
|
|
+ __u8 secure_boot;
|
|
|
+ __u8 key_from_hdr;
|
|
|
+ __u8 key_type;
|
|
|
+ __u8 otp_lock;
|
|
|
+ __u8 api_lock;
|
|
|
+ __u8 debug_lock;
|
|
|
+ bdaddr_t otp_bdaddr;
|
|
|
+ __u8 min_fw_build_nn;
|
|
|
+ __u8 min_fw_build_cw;
|
|
|
+ __u8 min_fw_build_yy;
|
|
|
+ __u8 limited_cce;
|
|
|
+ __u8 unlocked_state;
|
|
|
+} __packed;
|
|
|
+
|
|
|
static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
|
|
|
struct intel_version *ver)
|
|
|
{
|
|
|
@@ -1703,6 +1758,562 @@ static int btusb_setup_intel(struct hci_dev *hdev)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
|
|
|
+{
|
|
|
+ struct sk_buff *skb;
|
|
|
+ struct hci_event_hdr *hdr;
|
|
|
+ struct hci_ev_cmd_complete *evt;
|
|
|
+
|
|
|
+ skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
|
|
|
+ if (!skb)
|
|
|
+ return -ENOMEM;
|
|
|
+
|
|
|
+ hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
|
|
|
+ hdr->evt = HCI_EV_CMD_COMPLETE;
|
|
|
+ hdr->plen = sizeof(*evt) + 1;
|
|
|
+
|
|
|
+ evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
|
|
|
+ evt->ncmd = 0x01;
|
|
|
+ evt->opcode = cpu_to_le16(opcode);
|
|
|
+
|
|
|
+ *skb_put(skb, 1) = 0x00;
|
|
|
+
|
|
|
+ bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
|
|
|
+
|
|
|
+ return hci_recv_frame(hdev, skb);
|
|
|
+}
|
|
|
+
|
|
|
+static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
|
|
|
+ int count)
|
|
|
+{
|
|
|
+ /* When the device is in bootloader mode, then it can send
|
|
|
+ * events via the bulk endpoint. These events are treated the
|
|
|
+ * same way as the ones received from the interrupt endpoint.
|
|
|
+ */
|
|
|
+ if (test_bit(BTUSB_BOOTLOADER, &data->flags))
|
|
|
+ return btusb_recv_intr(data, buffer, count);
|
|
|
+
|
|
|
+ return btusb_recv_bulk(data, buffer, count);
|
|
|
+}
|
|
|
+
|
|
|
+static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
|
|
|
+{
|
|
|
+ struct btusb_data *data = hci_get_drvdata(hdev);
|
|
|
+
|
|
|
+ if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
|
|
|
+ struct hci_event_hdr *hdr = (void *)skb->data;
|
|
|
+
|
|
|
+ /* When the firmware loading completes the device sends
|
|
|
+ * out a vendor specific event indicating the result of
|
|
|
+ * the firmware loading.
|
|
|
+ */
|
|
|
+ if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 &&
|
|
|
+ skb->data[2] == 0x06) {
|
|
|
+ if (skb->data[3] != 0x00)
|
|
|
+ test_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
|
|
|
+
|
|
|
+ if (test_and_clear_bit(BTUSB_DOWNLOADING,
|
|
|
+ &data->flags) &&
|
|
|
+ test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) {
|
|
|
+ smp_mb__after_atomic();
|
|
|
+ wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* When switching to the operational firmware the device
|
|
|
+ * sends a vendor specific event indicating that the bootup
|
|
|
+ * completed.
|
|
|
+ */
|
|
|
+ if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 &&
|
|
|
+ skb->data[2] == 0x02) {
|
|
|
+ if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) {
|
|
|
+ smp_mb__after_atomic();
|
|
|
+ wake_up_bit(&data->flags, BTUSB_BOOTING);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return hci_recv_frame(hdev, skb);
|
|
|
+}
|
|
|
+
|
|
|
+static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
|
|
|
+{
|
|
|
+ struct btusb_data *data = hci_get_drvdata(hdev);
|
|
|
+ struct urb *urb;
|
|
|
+
|
|
|
+ BT_DBG("%s", hdev->name);
|
|
|
+
|
|
|
+ if (!test_bit(HCI_RUNNING, &hdev->flags))
|
|
|
+ return -EBUSY;
|
|
|
+
|
|
|
+ switch (bt_cb(skb)->pkt_type) {
|
|
|
+ case HCI_COMMAND_PKT:
|
|
|
+ if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
|
|
|
+ struct hci_command_hdr *cmd = (void *)skb->data;
|
|
|
+ __u16 opcode = le16_to_cpu(cmd->opcode);
|
|
|
+
|
|
|
+ /* When in bootloader mode and the command 0xfc09
|
|
|
+ * is received, it needs to be send down the
|
|
|
+ * bulk endpoint. So allocate a bulk URB instead.
|
|
|
+ */
|
|
|
+ if (opcode == 0xfc09)
|
|
|
+ urb = alloc_bulk_urb(hdev, skb);
|
|
|
+ else
|
|
|
+ urb = alloc_ctrl_urb(hdev, skb);
|
|
|
+
|
|
|
+ /* When the 0xfc01 command is issued to boot into
|
|
|
+ * the operational firmware, it will actually not
|
|
|
+ * send a command complete event. To keep the flow
|
|
|
+ * control working inject that event here.
|
|
|
+ */
|
|
|
+ if (opcode == 0xfc01)
|
|
|
+ inject_cmd_complete(hdev, opcode);
|
|
|
+ } else {
|
|
|
+ urb = alloc_ctrl_urb(hdev, skb);
|
|
|
+ }
|
|
|
+ if (IS_ERR(urb))
|
|
|
+ return PTR_ERR(urb);
|
|
|
+
|
|
|
+ hdev->stat.cmd_tx++;
|
|
|
+ return submit_or_queue_tx_urb(hdev, urb);
|
|
|
+
|
|
|
+ case HCI_ACLDATA_PKT:
|
|
|
+ urb = alloc_bulk_urb(hdev, skb);
|
|
|
+ if (IS_ERR(urb))
|
|
|
+ return PTR_ERR(urb);
|
|
|
+
|
|
|
+ hdev->stat.acl_tx++;
|
|
|
+ return submit_or_queue_tx_urb(hdev, urb);
|
|
|
+
|
|
|
+ case HCI_SCODATA_PKT:
|
|
|
+ if (hci_conn_num(hdev, SCO_LINK) < 1)
|
|
|
+ return -ENODEV;
|
|
|
+
|
|
|
+ urb = alloc_isoc_urb(hdev, skb);
|
|
|
+ if (IS_ERR(urb))
|
|
|
+ return PTR_ERR(urb);
|
|
|
+
|
|
|
+ hdev->stat.sco_tx++;
|
|
|
+ return submit_tx_urb(hdev, urb);
|
|
|
+ }
|
|
|
+
|
|
|
+ return -EILSEQ;
|
|
|
+}
|
|
|
+
|
|
|
+static int btusb_intel_secure_send(struct hci_dev *hdev, u8 fragment_type,
|
|
|
+ u32 plen, const void *param)
|
|
|
+{
|
|
|
+ while (plen > 0) {
|
|
|
+ struct sk_buff *skb;
|
|
|
+ u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
|
|
|
+
|
|
|
+ cmd_param[0] = fragment_type;
|
|
|
+ memcpy(cmd_param + 1, param, fragment_len);
|
|
|
+
|
|
|
+ skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
|
|
|
+ cmd_param, HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb))
|
|
|
+ return PTR_ERR(skb);
|
|
|
+
|
|
|
+ kfree_skb(skb);
|
|
|
+
|
|
|
+ plen -= fragment_len;
|
|
|
+ param += fragment_len;
|
|
|
+ }
|
|
|
+
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+static void btusb_intel_version_info(struct hci_dev *hdev,
|
|
|
+ struct intel_version *ver)
|
|
|
+{
|
|
|
+ const char *variant;
|
|
|
+
|
|
|
+ switch (ver->fw_variant) {
|
|
|
+ case 0x06:
|
|
|
+ variant = "Bootloader";
|
|
|
+ break;
|
|
|
+ case 0x23:
|
|
|
+ variant = "Firmware";
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name,
|
|
|
+ variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
|
|
|
+ ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy);
|
|
|
+}
|
|
|
+
|
|
|
+static int btusb_setup_intel_new(struct hci_dev *hdev)
|
|
|
+{
|
|
|
+ static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01,
|
|
|
+ 0x00, 0x08, 0x04, 0x00 };
|
|
|
+ struct btusb_data *data = hci_get_drvdata(hdev);
|
|
|
+ struct sk_buff *skb;
|
|
|
+ struct intel_version *ver;
|
|
|
+ struct intel_boot_params *params;
|
|
|
+ const struct firmware *fw;
|
|
|
+ const u8 *fw_ptr;
|
|
|
+ char fwname[64];
|
|
|
+ ktime_t calltime, delta, rettime;
|
|
|
+ unsigned long long duration;
|
|
|
+ int err;
|
|
|
+
|
|
|
+ BT_DBG("%s", hdev->name);
|
|
|
+
|
|
|
+ calltime = ktime_get();
|
|
|
+
|
|
|
+ /* Read the Intel version information to determine if the device
|
|
|
+ * is in bootloader mode or if it already has operational firmware
|
|
|
+ * loaded.
|
|
|
+ */
|
|
|
+ skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb)) {
|
|
|
+ BT_ERR("%s: Reading Intel version information failed (%ld)",
|
|
|
+ hdev->name, PTR_ERR(skb));
|
|
|
+ return PTR_ERR(skb);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (skb->len != sizeof(*ver)) {
|
|
|
+ BT_ERR("%s: Intel version event size mismatch", hdev->name);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -EILSEQ;
|
|
|
+ }
|
|
|
+
|
|
|
+ ver = (struct intel_version *)skb->data;
|
|
|
+ if (ver->status) {
|
|
|
+ BT_ERR("%s: Intel version command failure (%02x)",
|
|
|
+ hdev->name, ver->status);
|
|
|
+ err = -bt_to_errno(ver->status);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return err;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* The hardware platform number has a fixed value of 0x37 and
|
|
|
+ * for now only accept this single value.
|
|
|
+ */
|
|
|
+ if (ver->hw_platform != 0x37) {
|
|
|
+ BT_ERR("%s: Unsupported Intel hardware platform (%u)",
|
|
|
+ hdev->name, ver->hw_platform);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is
|
|
|
+ * supported by this firmware loading method. This check has been
|
|
|
+ * put in place to ensure correct forward compatibility options
|
|
|
+ * when newer hardware variants come along.
|
|
|
+ */
|
|
|
+ if (ver->hw_variant != 0x0b) {
|
|
|
+ BT_ERR("%s: Unsupported Intel hardware variant (%u)",
|
|
|
+ hdev->name, ver->hw_variant);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+ btusb_intel_version_info(hdev, ver);
|
|
|
+
|
|
|
+ /* The firmware variant determines if the device is in bootloader
|
|
|
+ * mode or is running operational firmware. The value 0x06 identifies
|
|
|
+ * the bootloader and the value 0x23 identifies the operational
|
|
|
+ * firmware.
|
|
|
+ *
|
|
|
+ * When the operational firmware is already present, then only
|
|
|
+ * the check for valid Bluetooth device address is needed. This
|
|
|
+ * determines if the device will be added as configured or
|
|
|
+ * unconfigured controller.
|
|
|
+ *
|
|
|
+ * It is not possible to use the Secure Boot Parameters in this
|
|
|
+ * case since that command is only available in bootloader mode.
|
|
|
+ */
|
|
|
+ if (ver->fw_variant == 0x23) {
|
|
|
+ kfree_skb(skb);
|
|
|
+ clear_bit(BTUSB_BOOTLOADER, &data->flags);
|
|
|
+ btusb_check_bdaddr_intel(hdev);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* If the device is not in bootloader mode, then the only possible
|
|
|
+ * choice is to return an error and abort the device initialization.
|
|
|
+ */
|
|
|
+ if (ver->fw_variant != 0x06) {
|
|
|
+ BT_ERR("%s: Unsupported Intel firmware variant (%u)",
|
|
|
+ hdev->name, ver->fw_variant);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -ENODEV;
|
|
|
+ }
|
|
|
+
|
|
|
+ kfree_skb(skb);
|
|
|
+
|
|
|
+ /* Read the secure boot parameters to identify the operating
|
|
|
+ * details of the bootloader.
|
|
|
+ */
|
|
|
+ skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb)) {
|
|
|
+ BT_ERR("%s: Reading Intel boot parameters failed (%ld)",
|
|
|
+ hdev->name, PTR_ERR(skb));
|
|
|
+ return PTR_ERR(skb);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (skb->len != sizeof(*params)) {
|
|
|
+ BT_ERR("%s: Intel boot parameters size mismatch", hdev->name);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -EILSEQ;
|
|
|
+ }
|
|
|
+
|
|
|
+ params = (struct intel_boot_params *)skb->data;
|
|
|
+ if (params->status) {
|
|
|
+ BT_ERR("%s: Intel boot parameters command failure (%02x)",
|
|
|
+ hdev->name, params->status);
|
|
|
+ err = -bt_to_errno(params->status);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return err;
|
|
|
+ }
|
|
|
+
|
|
|
+ BT_INFO("%s: Device revision is %u", hdev->name,
|
|
|
+ le16_to_cpu(params->dev_revid));
|
|
|
+
|
|
|
+ BT_INFO("%s: Secure boot is %s", hdev->name,
|
|
|
+ params->secure_boot ? "enabled" : "disabled");
|
|
|
+
|
|
|
+ BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name,
|
|
|
+ params->min_fw_build_nn, params->min_fw_build_cw,
|
|
|
+ 2000 + params->min_fw_build_yy);
|
|
|
+
|
|
|
+ /* It is required that every single firmware fragment is acknowledged
|
|
|
+ * with a command complete event. If the boot parameters indicate
|
|
|
+ * that this bootloader does not send them, then abort the setup.
|
|
|
+ */
|
|
|
+ if (params->limited_cce != 0x00) {
|
|
|
+ BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
|
|
|
+ hdev->name, params->limited_cce);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* If the OTP has no valid Bluetooth device address, then there will
|
|
|
+ * also be no valid address for the operational firmware.
|
|
|
+ */
|
|
|
+ if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
|
|
|
+ BT_INFO("%s: No device address configured", hdev->name);
|
|
|
+ set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* With this Intel bootloader only the hardware variant and device
|
|
|
+ * revision information are used to select the right firmware.
|
|
|
+ *
|
|
|
+ * Currently this bootloader support is limited to hardware variant
|
|
|
+ * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b).
|
|
|
+ */
|
|
|
+ snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi",
|
|
|
+ le16_to_cpu(params->dev_revid));
|
|
|
+
|
|
|
+ err = request_firmware(&fw, fwname, &hdev->dev);
|
|
|
+ if (err < 0) {
|
|
|
+ BT_ERR("%s: Failed to load Intel firmware file (%d)",
|
|
|
+ hdev->name, err);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return err;
|
|
|
+ }
|
|
|
+
|
|
|
+ BT_INFO("%s: Found device firmware: %s", hdev->name, fwname);
|
|
|
+
|
|
|
+ kfree_skb(skb);
|
|
|
+
|
|
|
+ if (fw->size < 644) {
|
|
|
+ BT_ERR("%s: Invalid size of firmware file (%zu)",
|
|
|
+ hdev->name, fw->size);
|
|
|
+ err = -EBADF;
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ set_bit(BTUSB_DOWNLOADING, &data->flags);
|
|
|
+
|
|
|
+ /* Start the firmware download transaction with the Init fragment
|
|
|
+ * represented by the 128 bytes of CSS header.
|
|
|
+ */
|
|
|
+ err = btusb_intel_secure_send(hdev, 0x00, 128, fw->data);
|
|
|
+ if (err < 0) {
|
|
|
+ BT_ERR("%s: Failed to send firmware header (%d)",
|
|
|
+ hdev->name, err);
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Send the 256 bytes of public key information from the firmware
|
|
|
+ * as the PKey fragment.
|
|
|
+ */
|
|
|
+ err = btusb_intel_secure_send(hdev, 0x03, 256, fw->data + 128);
|
|
|
+ if (err < 0) {
|
|
|
+ BT_ERR("%s: Failed to send firmware public key (%d)",
|
|
|
+ hdev->name, err);
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Send the 256 bytes of signature information from the firmware
|
|
|
+ * as the Sign fragment.
|
|
|
+ */
|
|
|
+ err = btusb_intel_secure_send(hdev, 0x02, 256, fw->data + 388);
|
|
|
+ if (err < 0) {
|
|
|
+ BT_ERR("%s: Failed to send firmware signature (%d)",
|
|
|
+ hdev->name, err);
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ fw_ptr = fw->data + 644;
|
|
|
+
|
|
|
+ while (fw_ptr - fw->data < fw->size) {
|
|
|
+ struct hci_command_hdr *cmd = (void *)fw_ptr;
|
|
|
+ u8 cmd_len;
|
|
|
+
|
|
|
+ cmd_len = sizeof(*cmd) + cmd->plen;
|
|
|
+
|
|
|
+ /* Send each command from the firmware data buffer as
|
|
|
+ * a single Data fragment.
|
|
|
+ */
|
|
|
+ err = btusb_intel_secure_send(hdev, 0x01, cmd_len, fw_ptr);
|
|
|
+ if (err < 0) {
|
|
|
+ BT_ERR("%s: Failed to send firmware data (%d)",
|
|
|
+ hdev->name, err);
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ fw_ptr += cmd_len;
|
|
|
+ }
|
|
|
+
|
|
|
+ set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
|
|
|
+
|
|
|
+ BT_INFO("%s: Waiting for firmware download to complete", hdev->name);
|
|
|
+
|
|
|
+ /* Before switching the device into operational mode and with that
|
|
|
+ * booting the loaded firmware, wait for the bootloader notification
|
|
|
+ * that all fragments have been successfully received.
|
|
|
+ *
|
|
|
+ * When the event processing receives the notification, then the
|
|
|
+ * BTUSB_DOWNLOADING flag will be cleared.
|
|
|
+ *
|
|
|
+ * The firmware loading should not take longer than 5 seconds
|
|
|
+ * and thus just timeout if that happens and fail the setup
|
|
|
+ * of this device.
|
|
|
+ */
|
|
|
+ err = btusb_wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
|
|
|
+ msecs_to_jiffies(5000),
|
|
|
+ TASK_INTERRUPTIBLE);
|
|
|
+ if (err == 1) {
|
|
|
+ BT_ERR("%s: Firmware loading interrupted", hdev->name);
|
|
|
+ err = -EINTR;
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ BT_ERR("%s: Firmware loading timeout", hdev->name);
|
|
|
+ err = -ETIMEDOUT;
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
|
|
|
+ BT_ERR("%s: Firmware loading failed", hdev->name);
|
|
|
+ err = -ENOEXEC;
|
|
|
+ goto done;
|
|
|
+ }
|
|
|
+
|
|
|
+ rettime = ktime_get();
|
|
|
+ delta = ktime_sub(rettime, calltime);
|
|
|
+ duration = (unsigned long long) ktime_to_ns(delta) >> 10;
|
|
|
+
|
|
|
+ BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration);
|
|
|
+
|
|
|
+done:
|
|
|
+ release_firmware(fw);
|
|
|
+
|
|
|
+ if (err < 0)
|
|
|
+ return err;
|
|
|
+
|
|
|
+ calltime = ktime_get();
|
|
|
+
|
|
|
+ set_bit(BTUSB_BOOTING, &data->flags);
|
|
|
+
|
|
|
+ skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param,
|
|
|
+ HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb))
|
|
|
+ return PTR_ERR(skb);
|
|
|
+
|
|
|
+ kfree_skb(skb);
|
|
|
+
|
|
|
+ /* The bootloader will not indicate when the device is ready. This
|
|
|
+ * is done by the operational firmware sending bootup notification.
|
|
|
+ *
|
|
|
+ * Booting into operational firmware should not take longer than
|
|
|
+ * 1 second. However if that happens, then just fail the setup
|
|
|
+ * since something went wrong.
|
|
|
+ */
|
|
|
+ BT_INFO("%s: Waiting for device to boot", hdev->name);
|
|
|
+
|
|
|
+ err = btusb_wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
|
|
|
+ msecs_to_jiffies(1000),
|
|
|
+ TASK_INTERRUPTIBLE);
|
|
|
+
|
|
|
+ if (err == 1) {
|
|
|
+ BT_ERR("%s: Device boot interrupted", hdev->name);
|
|
|
+ return -EINTR;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ BT_ERR("%s: Device boot timeout", hdev->name);
|
|
|
+ return -ETIMEDOUT;
|
|
|
+ }
|
|
|
+
|
|
|
+ rettime = ktime_get();
|
|
|
+ delta = ktime_sub(rettime, calltime);
|
|
|
+ duration = (unsigned long long) ktime_to_ns(delta) >> 10;
|
|
|
+
|
|
|
+ BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration);
|
|
|
+
|
|
|
+ clear_bit(BTUSB_BOOTLOADER, &data->flags);
|
|
|
+
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+static void btusb_hw_error_intel(struct hci_dev *hdev, u8 code)
|
|
|
+{
|
|
|
+ struct sk_buff *skb;
|
|
|
+ u8 type = 0x00;
|
|
|
+
|
|
|
+ BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code);
|
|
|
+
|
|
|
+ skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb)) {
|
|
|
+ BT_ERR("%s: Reset after hardware error failed (%ld)",
|
|
|
+ hdev->name, PTR_ERR(skb));
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ kfree_skb(skb);
|
|
|
+
|
|
|
+ skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
|
|
|
+ if (IS_ERR(skb)) {
|
|
|
+ BT_ERR("%s: Retrieving Intel exception info failed (%ld)",
|
|
|
+ hdev->name, PTR_ERR(skb));
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (skb->len != 13) {
|
|
|
+ BT_ERR("%s: Exception info size mismatch", hdev->name);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (skb->data[0] != 0x00) {
|
|
|
+ BT_ERR("%s: Exception info command failure (%02x)",
|
|
|
+ hdev->name, skb->data[0]);
|
|
|
+ kfree_skb(skb);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1));
|
|
|
+
|
|
|
+ kfree_skb(skb);
|
|
|
+}
|
|
|
+
|
|
|
static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr)
|
|
|
{
|
|
|
struct sk_buff *skb;
|
|
|
@@ -2033,7 +2644,13 @@ static int btusb_probe(struct usb_interface *intf,
|
|
|
if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
|
|
|
return -ENODEV;
|
|
|
|
|
|
- data->cmdreq_type = USB_TYPE_CLASS;
|
|
|
+ if (id->driver_info & BTUSB_AMP) {
|
|
|
+ data->cmdreq_type = USB_TYPE_CLASS | 0x01;
|
|
|
+ data->cmdreq = 0x2b;
|
|
|
+ } else {
|
|
|
+ data->cmdreq_type = USB_TYPE_CLASS;
|
|
|
+ data->cmdreq = 0x00;
|
|
|
+ }
|
|
|
|
|
|
data->udev = interface_to_usbdev(intf);
|
|
|
data->intf = intf;
|
|
|
@@ -2049,8 +2666,14 @@ static int btusb_probe(struct usb_interface *intf,
|
|
|
init_usb_anchor(&data->isoc_anchor);
|
|
|
spin_lock_init(&data->rxlock);
|
|
|
|
|
|
- data->recv_event = hci_recv_frame;
|
|
|
- data->recv_bulk = btusb_recv_bulk;
|
|
|
+ if (id->driver_info & BTUSB_INTEL_NEW) {
|
|
|
+ data->recv_event = btusb_recv_event_intel;
|
|
|
+ data->recv_bulk = btusb_recv_bulk_intel;
|
|
|
+ set_bit(BTUSB_BOOTLOADER, &data->flags);
|
|
|
+ } else {
|
|
|
+ data->recv_event = hci_recv_frame;
|
|
|
+ data->recv_bulk = btusb_recv_bulk;
|
|
|
+ }
|
|
|
|
|
|
hdev = hci_alloc_dev();
|
|
|
if (!hdev)
|
|
|
@@ -2059,6 +2682,11 @@ static int btusb_probe(struct usb_interface *intf,
|
|
|
hdev->bus = HCI_USB;
|
|
|
hci_set_drvdata(hdev, data);
|
|
|
|
|
|
+ if (id->driver_info & BTUSB_AMP)
|
|
|
+ hdev->dev_type = HCI_AMP;
|
|
|
+ else
|
|
|
+ hdev->dev_type = HCI_BREDR;
|
|
|
+
|
|
|
data->hdev = hdev;
|
|
|
|
|
|
SET_HCIDEV_DEV(hdev, &intf->dev);
|
|
|
@@ -2081,6 +2709,15 @@ static int btusb_probe(struct usb_interface *intf,
|
|
|
if (id->driver_info & BTUSB_INTEL) {
|
|
|
hdev->setup = btusb_setup_intel;
|
|
|
hdev->set_bdaddr = btusb_set_bdaddr_intel;
|
|
|
+ set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (id->driver_info & BTUSB_INTEL_NEW) {
|
|
|
+ hdev->send = btusb_send_frame_intel;
|
|
|
+ hdev->setup = btusb_setup_intel_new;
|
|
|
+ hdev->hw_error = btusb_hw_error_intel;
|
|
|
+ hdev->set_bdaddr = btusb_set_bdaddr_intel;
|
|
|
+ set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
|
|
|
}
|
|
|
|
|
|
if (id->driver_info & BTUSB_MARVELL)
|
|
|
@@ -2094,11 +2731,18 @@ static int btusb_probe(struct usb_interface *intf,
|
|
|
if (id->driver_info & BTUSB_INTEL_BOOT)
|
|
|
set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
|
|
|
|
|
|
- if (id->driver_info & BTUSB_ATH3012)
|
|
|
+ if (id->driver_info & BTUSB_ATH3012) {
|
|
|
hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
|
|
|
+ set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
|
|
|
+ }
|
|
|
|
|
|
- /* Interface numbers are hardcoded in the specification */
|
|
|
- data->isoc = usb_ifnum_to_if(data->udev, 1);
|
|
|
+ if (id->driver_info & BTUSB_AMP) {
|
|
|
+ /* AMP controllers do not support SCO packets */
|
|
|
+ data->isoc = NULL;
|
|
|
+ } else {
|
|
|
+ /* Interface numbers are hardcoded in the specification */
|
|
|
+ data->isoc = usb_ifnum_to_if(data->udev, 1);
|
|
|
+ }
|
|
|
|
|
|
if (!reset)
|
|
|
set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
|
|
|
@@ -2192,7 +2836,6 @@ static void btusb_disconnect(struct usb_interface *intf)
|
|
|
else if (data->isoc)
|
|
|
usb_driver_release_interface(&btusb_driver, data->isoc);
|
|
|
|
|
|
- btusb_free_frags(data);
|
|
|
hci_free_dev(hdev);
|
|
|
}
|
|
|
|
David S. Miller