/* * Copyright (C) 2018 Realtek Semiconductor Corporation. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef PATH_MAX #define PATH_MAX 1024 #endif #include "hciattach.h" #include "rtb_fwc.h" //#define BT_ADDR_FROM_VENDOR_STORAGE #define FIRMWARE_DIRECTORY "/lib/firmware/rtlbt/" #define BT_CONFIG_DIRECTORY "/lib/firmware/rtlbt/" #define EXTRA_CONFIG_FILE "/opt/rtk_btconfig.txt" #define BT_ADDR_FILE "/opt/bdaddr" #define BDADDR_STRING_LEN 17 struct list_head { struct list_head *next, *prev; }; struct cfg_list_item { struct list_head list; uint16_t offset; uint8_t len; uint8_t data[0]; }; const uint8_t cfg_magic[4] = { 0x55, 0xab, 0x23, 0x87 }; static struct list_head list_configs; static struct list_head list_extracfgs; struct rtb_cfg_item { uint16_t offset; uint8_t len; uint8_t data[0]; } __attribute__ ((packed)); #define RTB_CFG_HDR_LEN 6 struct rtb_patch_entry { uint16_t chip_id; uint16_t patch_len; uint32_t soffset; uint32_t svn_ver; uint32_t coex_ver; } __attribute__ ((packed)); struct rtb_patch_hdr { uint8_t signature[8]; uint32_t fw_version; uint16_t number_of_patch; struct rtb_patch_entry entry[0]; } __attribute__ ((packed)); uint16_t project_id[]= { ROM_LMP_8723a, ROM_LMP_8723b, /* RTL8723BS */ ROM_LMP_8821a, /* RTL8821AS */ ROM_LMP_8761a, /* RTL8761ATV */ ROM_LMP_8703a, ROM_LMP_8763a, ROM_LMP_8703b, ROM_LMP_8723c, /* index 7 for 8723CS. What is for other 8723CS */ ROM_LMP_8822b, /* RTL8822BS */ ROM_LMP_8723b, /* RTL8723DS */ ROM_LMP_8821a, /* id 10 for RTL8821CS, lmp subver 0x8821 */ ROM_LMP_NONE, ROM_LMP_NONE, ROM_LMP_8822c, /* id 13 for RTL8822CS, lmp subver 0x8822 */ ROM_LMP_8761a, /* id 14 for 8761B */ ROM_LMP_NONE, ROM_LMP_NONE, ROM_LMP_NONE, ROM_LMP_8852a, /* id 18 for 8852AS */ ROM_LMP_8723b, /* id 19 for 8723FS */ ROM_LMP_8852a, /* id 20 for 8852BS */ }; static struct patch_info h4_patch_table[] = { /* match flags, chip type, lmp subver, proj id(unused), hci_ver, * hci_rev, ... */ /* RTL8761AT */ { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761AT, 0x8761, 0xffff, 0, 0x000a, "rtl8761at_fw", "rtl8761at_config", "RTL8761AT" }, /* RTL8761ATF */ { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761ATF, 0x8761, 0xffff, 0, 0x000a, "rtl8761atf_fw", "rtl8761atf_config", "RTL8761ATF" }, /* RTL8761B(8763) H4 Test Chip without download * FW/Config is not used. */ { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761BTC, 0x8763, 0xffff, 0, 0x000b, "rtl8761btc_fw", "rtl8761btc_config", "RTL8761BTC" }, /* RTL8761B H4 Test Chip wihtout download*/ { RTL_FW_MATCH_CHIP_TYPE, CHIP_8761BH4, 0x8761, 0xffff, 0, 0x000b, "rtl8761bh4_fw", "rtl8761bh4_config", "RTL8761BH4" }, /* RTL8723DS */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723DS, ROM_LMP_8723b, ROM_LMP_8723b, 8, 0x000d, "rtl8723dsh4_fw", "rtl8723dsh4_config", "RTL8723DSH4"}, { 0, 0, 0, ROM_LMP_NONE, 0, 0, "rtl_none_fw", "rtl_none_config", "NONE"} }; static struct patch_info patch_table[] = { /* match flags, chip type, lmp subver, proj id(unused), hci_ver, * hci_rev, ... */ /* RTL8723AS */ { 0, 0, ROM_LMP_8723a, ROM_LMP_8723a, 0, 0, "rtl8723a_fw", "rtl8723a_config", "RTL8723AS"}, /* RTL8821CS */ { RTL_FW_MATCH_HCI_REV, CHIP_8821CS, ROM_LMP_8821a, ROM_LMP_8821a, 0, 0x000c, "rtl8821c_fw", "rtl8821c_config", "RTL8821CS"}, /* RTL8821AS */ { 0, 0, ROM_LMP_8821a, ROM_LMP_8821a, 0, 0, "rtl8821a_fw", "rtl8821a_config", "RTL8821AS"}, /* RTL8761ATV */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, 0, ROM_LMP_8761a, ROM_LMP_8761a, 0x06, 0x000a, "rtl8761a_fw", "rtl8761a_config", "RTL8761ATV"}, /* RTL8725AS */ { RTL_FW_MATCH_CHIP_TYPE | RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8725AS, ROM_LMP_8761a, ROM_LMP_8761a, 0x0a, 0x000b, "rtl8725as_fw", "rtl8725as_config", "RTL8725AS"}, /* RTL8761BTV */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8761B, ROM_LMP_8761a, ROM_LMP_8761a, 0x0a, 0x000b, "rtl8761b_fw", "rtl8761b_config", "RTL8761BTV"}, /* RTL8703AS * RTL8822BS * */ #ifdef RTL_8703A_SUPPORT { RTL_FW_MATCH_CHIP_TYPE, CHIP_8703AS, ROM_LMP_8723b, ROM_LMP_8723b, 0, 0, "rtl8703a_fw", "rtl8703a_config", "RTL8703AS"}, #endif { RTL_FW_MATCH_HCI_REV, CHIP_8822BS, ROM_LMP_8822b, ROM_LMP_8822b, 0, 0x000b, "rtl8822b_fw", "rtl8822b_config", "RTL8822BS"}, { RTL_FW_MATCH_HCI_REV, CHIP_8822CS, ROM_LMP_8822c, ROM_LMP_8822c, 0, 0x000c, "rtl8822cs_fw", "rtl8822cs_config", "RTL8822CS"}, /* RTL8852AS */ { RTL_FW_MATCH_HCI_REV, CHIP_8852AS, ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000a, "rtl8852as_fw", "rtl8852as_config", "RTL8852AS" }, /* RTL8852BS */ { RTL_FW_MATCH_HCI_REV, CHIP_8852BS, ROM_LMP_8852a, ROM_LMP_8852a, 11, 0x000b, "rtl8852bs_fw", "rtl8852bs_config", "RTL8852BS" }, /* RTL8703BS * RTL8723CS_XX * RTL8723CS_CG * RTL8723CS_VF * Use the sampe lmp subversion 0x8703 * */ { RTL_FW_MATCH_CHIP_TYPE, CHIP_8703BS, ROM_LMP_8703b, ROM_LMP_8703b, 0, 0, "rtl8703b_fw", "rtl8703b_config", "RTL8703BS"}, { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_XX, ROM_LMP_8703b, ROM_LMP_8723cs_xx, 0, 0, "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_XX"}, { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_CG, ROM_LMP_8703b, ROM_LMP_8723cs_cg, 0, 0, "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_CG"}, { RTL_FW_MATCH_CHIP_TYPE, CHIP_8723CS_VF, ROM_LMP_8703b, ROM_LMP_8723cs_vf, 0, 0, "rtl8723cs_fw", "rtl8723cs_config", "RTL8723CS_VF"}, /* RTL8723BS */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, 0, ROM_LMP_8723b, ROM_LMP_8723b, 6, 0x000b, "rtl8723b_fw", "rtl8723b_config", "RTL8723BS"}, /* RTL8723DS */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723DS, ROM_LMP_8723b, ROM_LMP_8723b, 8, 0x000d, "rtl8723d_fw", "rtl8723d_config", "RTL8723DS"}, /* RTL8723FS */ { RTL_FW_MATCH_HCI_VER | RTL_FW_MATCH_HCI_REV, CHIP_8723FS, ROM_LMP_8723b, ROM_LMP_8723b, 11, 0x000f, "rtl8723fs_fw", "rtl8723fs_config", "RTL8723FS"}, /* add entries here*/ { 0, 0, 0, ROM_LMP_NONE, 0, 0, "rtl_none_fw", "rtl_none_config", "NONE"} }; static __inline uint16_t get_unaligned_le16(uint8_t * p) { return (uint16_t) (*p) + ((uint16_t) (*(p + 1)) << 8); } static __inline uint32_t get_unaligned_le32(uint8_t * p) { return (uint32_t) (*p) + ((uint32_t) (*(p + 1)) << 8) + ((uint32_t) (*(p + 2)) << 16) + ((uint32_t) (*(p + 3)) << 24); } /* list head from kernel */ #define offsetof(TYPE, MEMBER) ((size_t)&((TYPE *)0)->MEMBER) #define container_of(ptr, type, member) ({ \ const typeof( ((type *)0)->member ) *__mptr = (ptr); \ (type *)( (char *)__mptr - offsetof(type,member) );}) #define list_entry(ptr, type, member) \ container_of(ptr, type, member) #define list_for_each_safe(pos, n, head) \ for (pos = (head)->next, n = pos->next; pos != (head); \ pos = n, n = pos->next) static inline void INIT_LIST_HEAD(struct list_head *list) { list->next = list; list->prev = list; } static inline int list_empty(const struct list_head *head) { return head->next == head; } static inline void __list_add(struct list_head *_new, struct list_head *prev, struct list_head *next) { next->prev = _new; _new->next = next; _new->prev = prev; prev->next = _new; } static inline void list_add_tail(struct list_head *_new, struct list_head *head) { __list_add(_new, head->prev, head); } static inline void __list_del(struct list_head *prev, struct list_head *next) { next->prev = prev; prev->next = next; } #define LIST_POISON1 ((void *) 0x00100100) #define LIST_POISON2 ((void *) 0x00200200) static inline void list_del(struct list_head *entry) { __list_del(entry->prev, entry->next); entry->next = (struct list_head*)LIST_POISON1; entry->prev = (struct list_head*)LIST_POISON2; } static inline void __list_splice(const struct list_head *list, struct list_head *prev, struct list_head *next) { struct list_head *first = list->next; struct list_head *last = list->prev; first->prev = prev; prev->next = first; last->next = next; next->prev = last; } static inline void list_splice_tail(struct list_head *list, struct list_head *head) { if (!list_empty(list)) __list_splice(list, head->prev, head); } static inline void list_replace(struct list_head *old, struct list_head *new) { new->next = old->next; new->next->prev = new; new->prev = old->prev; new->prev->next = new; } static inline void list_replace_init(struct list_head *old, struct list_head *new) { list_replace(old, new); INIT_LIST_HEAD(old); } static int config_lists_init(void) { INIT_LIST_HEAD(&list_configs); INIT_LIST_HEAD(&list_extracfgs); return 0; } static void config_lists_free(void) { struct list_head *iter; struct list_head *tmp; struct list_head *head; struct cfg_list_item *n; if (!list_empty(&list_extracfgs)) list_splice_tail(&list_extracfgs, &list_configs); head = &list_configs; list_for_each_safe(iter, tmp, head) { n = list_entry(iter, struct cfg_list_item, list); if (n) { list_del(&n->list); free(n); } } INIT_LIST_HEAD(&list_configs); INIT_LIST_HEAD(&list_extracfgs); } static void line_process(char *buf, int len /*@unused@*/) { char *argv[32]; int argc = 0; char *ptr = buf; char *head = buf; unsigned long int offset; uint8_t l; uint8_t i = 0; struct cfg_list_item *item; RS_INFO("%s", buf); while ((ptr = strsep(&head, ", \t")) != NULL) { if (!ptr[0]) continue; argv[argc++] = ptr; if (argc >= 32) { RS_WARN("%s: Config item is too long", __func__); break; } } if (argc < 4) { RS_WARN("%s: Invalid Config item, ignore", __func__); return; } offset = strtoul(argv[0], NULL, 16); offset = offset | (strtoul(argv[1], NULL, 16) << 8); l = (uint8_t)strtoul(argv[2], NULL, 16); if (l != (uint8_t)(argc - 3)) { RS_ERR("Invalid Config item len %u", l); return; } item = malloc(sizeof(*item) + l); if (!item) { RS_WARN("%s: Cannot alloc mem for item, %04lx, %u", __func__, offset, l); return; } memset(item, 0, sizeof(*item)); item->offset = (uint16_t)offset; item->len = l; for (i = 0; i < l; i++) item->data[i] = (uint8_t)strtoul(argv[3 + i], NULL, 16); list_add_tail(&item->list, &list_extracfgs); } static void config_process(uint8_t *buf, int len /*@unused@*/) { char *head = (void *)buf; char *ptr = (void *)buf; while ((ptr = strsep(&head, "\n\r")) != NULL) { if (!ptr[0]) continue; line_process(ptr, strlen(ptr) + 1); } } static void parse_extra_config(const char *path) { int fd; uint8_t buf[256]; int result; fd = open(path, O_RDONLY); if (fd == -1) { RS_INFO("Couldnt open extra config %s, %s", path, strerror(errno)); return; } result = read(fd, buf, sizeof(buf)); if (result == -1) { RS_ERR("Couldnt read %s, %s", path, strerror(errno)); goto done; } else if (result == 0) { RS_ERR("File is empty"); goto done; } if (result > 254) { RS_ERR("Extra Config file is too big"); goto done; } buf[result++] = '\n'; buf[result++] = '\0'; config_process(buf, result); done: close(fd); } /* Get the entry from patch_table according to LMP subversion */ struct patch_info *get_patch_entry(struct rtb_struct *btrtl) { struct patch_info *n = NULL; if (btrtl->proto == HCI_UART_3WIRE) n = patch_table; else n = h4_patch_table; for (; n->lmp_subver; n++) { if ((n->match_flags & RTL_FW_MATCH_CHIP_TYPE) && n->chip_type != btrtl->chip_type) continue; if ((n->match_flags & RTL_FW_MATCH_HCI_VER) && n->hci_ver != btrtl->hci_ver) continue; if ((n->match_flags & RTL_FW_MATCH_HCI_REV) && n->hci_rev != btrtl->hci_rev) continue; if (n->lmp_subver != btrtl->lmp_subver) continue; break; } return n; } static int is_mac(uint8_t chip_type, uint16_t offset) { int result = 0; switch (chip_type) { case CHIP_8822BS: case CHIP_8723DS: case CHIP_8821CS: case CHIP_8723CS_XX: case CHIP_8723CS_CG: case CHIP_8723CS_VF: if (offset == 0x0044) return 1; break; case CHIP_8822CS: case CHIP_8761B: case CHIP_8852AS: case CHIP_8723FS: case CHIP_8852BS: if (offset == 0x0030) return 1; break; case 0: /* special for not setting chip_type */ case CHIP_8761AT: case CHIP_8761ATF: case CHIP_8761BTC: case CHIP_8723BS: if (offset == 0x003c) return 1; break; default: break; } return result; } static uint16_t get_mac_offset(uint8_t chip_type) { switch (chip_type) { case CHIP_8822BS: case CHIP_8723DS: case CHIP_8821CS: return 0x0044; case CHIP_8822CS: case CHIP_8761B: case CHIP_8852AS: case CHIP_8723FS: case CHIP_8852BS: return 0x0030; case 0: /* special for not setting chip_type */ case CHIP_8761AT: case CHIP_8761ATF: case CHIP_8761BTC: case CHIP_8723BS: return 0x003c; default: return 0x003c; } } static void merge_configs(struct list_head *head, struct list_head *head2) { struct list_head *epos, *enext; struct list_head *pos, *next; struct cfg_list_item *n; struct cfg_list_item *extra; if (!head || !head2) return; if (list_empty(head2)) return; if (list_empty(head)) { list_splice_tail(head2, head); INIT_LIST_HEAD(head2); return; } /* Add or update & replace */ list_for_each_safe(epos, enext, head2) { extra = list_entry(epos, struct cfg_list_item, list); list_for_each_safe(pos, next, head) { n = list_entry(pos, struct cfg_list_item, list); if (extra->offset == n->offset) { if (extra->len < n->len) { /* Update the cfg data */ RS_INFO("Update cfg: ofs %04x len %u", n->offset, n->len); memcpy(n->data, extra->data, extra->len); list_del(epos); free(extra); } else { /* Replace the item */ list_del(epos); list_replace_init(pos, epos); /* free the old item */ free(n); } } } } if (list_empty(head2)) return; list_for_each_safe(epos, enext, head2) { extra = list_entry(epos, struct cfg_list_item, list); RS_INFO("Add new cfg: ofs %04x, len %u", extra->offset, extra->len); /* Add the item to list */ list_del(epos); list_add_tail(epos, head); } } /* * Parse realtek Bluetooth config file. * The content starts with vendor magic: 55 ab 23 87 */ int rtb_parse_config(uint8_t *cfg_buf, size_t len) { uint16_t cfg_len; uint16_t tmp; struct rtb_cfg_item *entry; uint16_t i; struct cfg_list_item *item; if (!cfg_buf || !len) { RS_ERR("%s: Invalid parameter", __func__); return -1; } if (memcmp(cfg_buf, cfg_magic, 4)) { RS_ERR("Signature %02x %02x %02x %02x is incorrect", cfg_buf[0], cfg_buf[1], cfg_buf[2], cfg_buf[3]); return -1; } cfg_len = ((uint16_t)cfg_buf[5] << 8) + cfg_buf[4]; if (cfg_len != len - RTB_CFG_HDR_LEN) { RS_ERR("Config len %u is incorrect(%zd)", cfg_len, len - RTB_CFG_HDR_LEN); return -1; } entry = (struct rtb_cfg_item *)(cfg_buf + 6); i = 0; while (i < cfg_len) { /* Add config item to list */ item = malloc(sizeof(*item) + entry->len); if (item) { memset(item, 0, sizeof(*item)); item->offset = le16_to_cpu(entry->offset); item->len = entry->len; memcpy(item->data, entry->data, item->len); list_add_tail(&item->list, &list_configs); } else { RS_ERR("Cannot alloc mem for entry %04x, %u", entry->offset, entry->len); } tmp = entry->len + sizeof(struct rtb_cfg_item); i += tmp; entry = (struct rtb_cfg_item *)((uint8_t *)entry + tmp); } return 0; } int bachk(const char *str) { if (!str) return -1; if (strlen(str) != 17) return -1; while (*str) { if (!isxdigit(*str++)) return -1; if (!isxdigit(*str++)) return -1; if (*str == 0) break; if (*str++ != ':') return -1; } return 0; } /* * Get random Bluetooth addr. */ /* static void rtb_get_ram_addr(char bt_addr[0]) * { * srand(time(NULL) + getpid() + getpid() * 987654 + rand()); * * uint32_t addr = rand(); * memcpy(bt_addr, &addr, sizeof(uint8_t)); * } */ typedef uint8_t RT_U8, *PRT_U8; typedef int8_t RT_S8, *PRT_S8; typedef uint16_t RT_U16, *PRT_U16; typedef int32_t RT_S32, *PRT_S32; typedef uint32_t RT_U32, *PRT_U32; static void rtk_get_ram_addr(uint8_t bt_addr[0]) { srand(time(NULL) + getpid() + getpid() * 987654 + rand()); RT_U32 addr = rand(); memcpy(bt_addr, &addr, sizeof(RT_U8)); } #ifdef BT_ADDR_FROM_VENDOR_STORAGE typedef unsigned short uint16; typedef unsigned int uint32; typedef unsigned char uint8; #define VENDOR_REQ_TAG 0x56524551 #define VENDOR_READ_IO _IOW('v', 0x01, unsigned int) #define VENDOR_WRITE_IO _IOW('v', 0x02, unsigned int) #define VENDOR_ID_MAX 5 static char *vendor_id_table[] = { "VENDOR_SN_ID", "VENDOR_WIFI_MAC_ID", "VENDOR_LAN_MAC_ID", "VENDOR_BT_MAC_ID", "VENDOR_IMEI_ID", }; #define VENDOR_SN_ID 1 #define VENDOR_WIFI_MAC_ID 2 #define VENDOR_LAN_MAC_ID 3 #define VENDOR_BT_MAC_ID 4 #define VENDOR_IMEI_ID 5 #define VENDOR_STORAGE_DEBUG struct rk_vendor_req { uint32 tag; uint16 id; uint16 len; uint8 data[1024]; }; static void rknand_get_randeom_btaddr(uint8_t *bt_addr) { int i; /* No autogen BDA. Generate one now. */ bt_addr[4] = 0x22; bt_addr[5] = 0x22; for (i = 0; i < 4; i++) rtk_get_ram_addr(&bt_addr[i]); } static void rknand_print_hex_data(char *s, struct rk_vendor_req *buf, uint32 len) { unsigned char i = 0; #ifdef VENDOR_STORAGE_DEBUG fprintf(stdout, "%s\n",s); fprintf(stdout, "tag = %d // id = %d // len = %d // data = 0x%p\n", buf->tag, buf->id, buf->len, buf->data); #endif printf("%s: ", vendor_id_table[buf->id - 1]); if (buf->id == VENDOR_SN_ID || buf->id == VENDOR_IMEI_ID) { for (i = 0; i < len; i++) printf("%c", buf->data[i]); } else { for (i = 0; i < len; i++) printf("%02x", buf->data[i]); } fprintf(stdout, "\n"); } static int vendor_storage_read(int cmd, uint8_t *buf, int buf_len) { int ret ; uint8 p_buf[100]; /* malloc req buffer or used extern buffer */ struct rk_vendor_req *req; req = (struct rk_vendor_req *)p_buf; memset(p_buf, 0, 100); int sys_fd = open("/dev/vendor_storage", O_RDWR, 0); if(sys_fd < 0){ printf("vendor_storage open fail\n"); return -1; } req->tag = VENDOR_REQ_TAG; req->id = cmd; req->len = 50; ret = ioctl(sys_fd, VENDOR_READ_IO, req); if(ret){ printf("vendor read error %d\n", ret); return -1; } close(sys_fd); rknand_print_hex_data("vendor read:", req, req->len); memcpy(buf, req->data, req->len); return req->len; } static int vendor_storage_write(int cmd, uint8_t *num) { int ret; uint8 p_buf[100]; /* malloc req buffer or used extern buffer */ struct rk_vendor_req *req; req = (struct rk_vendor_req *)p_buf; int sys_fd = open("/dev/vendor_storage",O_RDWR,0); if(sys_fd < 0){ printf("vendor_storage open fail\n"); return -1; } req->tag = VENDOR_REQ_TAG; req->id = cmd; if (cmd != VENDOR_SN_ID && cmd != VENDOR_IMEI_ID) req->len = 6; else req->len = strlen((char *)num); memcpy(req->data, num, req->len); ret = ioctl(sys_fd, VENDOR_WRITE_IO, req); if(ret){ printf("vendor write error\n"); return -1; } rknand_print_hex_data("vendor write:", req, req->len); return 0; } static int vendor_storage_read_bt_addr(char *tbuf) { uint8 raw_buf[100] = {0}; int raw_len = 0; int i; raw_len = vendor_storage_read(VENDOR_BT_MAC_ID, raw_buf, 100); if (raw_len < 0) return -1; for (i = 0; i < 6; i++) { sprintf(tbuf + i * 3, "%02x:", raw_buf[i]); } tbuf[17] = '\0'; return 17; } static int vendor_storage_write_bt_addr(uint8_t *tbuf) { return vendor_storage_write(VENDOR_BT_MAC_ID, tbuf); } #endif /* * Write the random addr to the BT_ADDR_FILE. */ /* static void rtb_write_btmac2file(char bt_addr[6]) * { * int fd; * fd = open(BT_ADDR_FILE, O_CREAT | O_RDWR | O_TRUNC); * * if (fd > 0) { * chmod(BT_ADDR_FILE, 0666); * char addr[18] = { 0 }; * addr[17] = '\0'; * sprintf(addr, "%2x:%2x:%2x:%2x:%2x:%2x", bt_addr[0], bt_addr[1], * bt_addr[2], bt_addr[3], bt_addr[4], bt_addr[5]); * write(fd, addr, strlen(addr)); * close(fd); * } else { * RS_ERR("open file error:%s\n", BT_ADDR_FILE); * } * } */ /* * Read and parse Realtek Bluetooth Config file. */ uint8_t *rtb_read_config(const char *file, int *cfg_len, uint8_t chip_type) { char *file_name; struct stat st; ssize_t file_len; int fd; uint8_t *buf; #ifndef BT_ADDR_FROM_VENDOR_STORAGE size_t size; #endif size_t result; struct list_head *pos, *next; struct cfg_list_item *n; uint16_t config_len; uint16_t dlen; uint32_t baudrate; uint8_t *p; if (!file || !cfg_len) { RS_ERR("%s: Invalid parameter", __func__); return NULL; } config_lists_init(); /* All extra configs will be added to list_extracfgs */ parse_extra_config(EXTRA_CONFIG_FILE); list_for_each_safe(pos, next, &list_extracfgs) { n = list_entry(pos, struct cfg_list_item, list); RS_INFO("extra cfg: ofs %04x, len %u", n->offset, n->len); } #ifdef BT_ADDR_FROM_VENDOR_STORAGE int ret = 0; uint8_t bdaddr[6]; uint16_t ofs; char tbuf[BDADDR_STRING_LEN + 1]; char *str; int i = 0; ret = vendor_storage_read_bt_addr(tbuf); if (ret >= 0 && bachk(tbuf) < 0) { ret = -1; RS_ERR("vendor_storage bt addr chechk failed"); } if (ret < 0) { RS_ERR("vendor storage read bt addr failed, generate one"); rknand_get_randeom_btaddr(bdaddr); vendor_storage_write_bt_addr(bdaddr); } else { str = tbuf; for (i = 5; i >= 0; i--) { bdaddr[i] = (uint8_t)strtoul(str, NULL, 16); str += 3; } /*reserve LAP addr from 0x9e8b00 to 0x9e8b3f, change to 0x008b** */ if (0x9e == bdaddr[3] && 0x8b == bdaddr[4] && (bdaddr[5] <= 0x3f)) { bdaddr[3] = 0x00; } RS_DBG("BT MAC is %02x:%02x:%02x:%02x:%02x:%02x", bdaddr[5], bdaddr[4], bdaddr[3], bdaddr[2], bdaddr[1], bdaddr[0]); ofs = get_mac_offset(chip_type); n = malloc(sizeof(*n) + 6); if (n) { n->offset = ofs; n->len = 6; memcpy(n->data, bdaddr, 6); list_add_tail(&n->list, &list_extracfgs); } else { RS_ERR("Couldn't alloc cfg item for bdaddr"); } } #else if (stat(BT_ADDR_FILE, &st) < 0) { RS_INFO("Couldnt access customer BT MAC file %s", BT_ADDR_FILE); goto read_cfg; } size = st.st_size; /* Only read the first 17-byte if the file length is larger */ if (size > BDADDR_STRING_LEN) size = BDADDR_STRING_LEN; fd = open(BT_ADDR_FILE, O_RDONLY); if (fd == -1) { RS_INFO("Couldnt open BT MAC file %s, %s", BT_ADDR_FILE, strerror(errno)); } else { uint16_t ofs; char *str; int i = 0; uint8_t bdaddr[6]; uint8_t tbuf[BDADDR_STRING_LEN + 1]; memset(tbuf, 0, sizeof(tbuf)); result = read(fd, tbuf, size); close(fd); if (result == -1) { RS_ERR("Couldnt read BT MAC file %s, err %s", BT_ADDR_FILE, strerror(errno)); goto read_cfg; } if (bachk((const char *)tbuf) < 0) { goto read_cfg; } str = (char *)tbuf; for (i = 5; i >= 0; i--) { bdaddr[i] = (uint8_t)strtoul(str, NULL, 16); str += 3; } /* Reserve LAP addr from 0x9e8b00 to 0x9e8b3f, * Change to 0x008bXX */ if (0x9e == bdaddr[3] && 0x8b == bdaddr[4] && bdaddr[5] <= 0x3f) bdaddr[3] = 0x00; RS_DBG("BT MAC %02x:%02x:%02x:%02x:%02x:%02x", bdaddr[5], bdaddr[4], bdaddr[3], bdaddr[2], bdaddr[1], bdaddr[0]); ofs = get_mac_offset(chip_type); n = malloc(sizeof(*n) + 6); if (n) { n->offset = ofs; n->len = 6; memcpy(n->data, bdaddr, 6); list_add_tail(&n->list, &list_extracfgs); } else { RS_ERR("Couldn't alloc cfg item for bdaddr"); } } read_cfg: #endif *cfg_len = 0; file_name = malloc(PATH_MAX); if (!file_name) { RS_ERR("Can't allocate memory for Config file name"); return NULL; } memset(file_name, 0, PATH_MAX); snprintf(file_name, PATH_MAX, "%s%s", BT_CONFIG_DIRECTORY, file); if (stat(file_name, &st) < 0) { RS_ERR("Can't access Config file: %s, %s", file_name, strerror(errno)); goto err_stat; } file_len = st.st_size; if ((fd = open(file_name, O_RDONLY)) < 0) { perror("Can't open Config file"); goto err_open; } buf = malloc(file_len); if (!buf) { RS_ERR("Couldnt malloc buffer for Config %zd", file_len); goto err_malloc; } result = read(fd, buf, file_len); if (result < (ssize_t)file_len) { perror("Can't read Config file"); goto err_read; } close(fd); free(file_name); result = rtb_parse_config(buf, file_len); if (result < 0) { RS_ERR("Invalid Config content"); close(fd); free(buf); config_lists_free(); exit(EXIT_FAILURE); } RS_INFO("Origin cfg len %u", (uint16_t)file_len); util_hexdump((const uint8_t *)buf, file_len); merge_configs(&list_configs, &list_extracfgs); config_len = 4; /* magic word length */ config_len += 2; /* data length field */ /* Calculate the config_len */ dlen = 0; list_for_each_safe(pos, next, &list_configs) { n = list_entry(pos, struct cfg_list_item, list); switch (n->offset) { case 0x003c: case 0x0030: case 0x0044: if (is_mac(chip_type, n->offset) && n->len == 6) { char s[18]; sprintf(s, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X", n->data[5], n->data[4], n->data[3], n->data[2], n->data[1], n->data[0]); RS_INFO("bdaddr ofs %04x, %s", n->offset, s); } break; case 0x000c: #ifdef BAUDRATE_4BYTES baudrate = get_unaligned_le32(n->data); #else baudrate = get_unaligned_le16(n->data); #endif rtb_cfg.vendor_baud = baudrate; RS_INFO("Config baudrate: %08x", baudrate); if (n->len > 12) { uint8_t d = n->data[12]; rtb_cfg.uart_flow_ctrl = (d & 0x4) ? 1 : 0; RS_INFO("uart flow ctrl: %u", rtb_cfg.uart_flow_ctrl); } break; #ifdef RTL8723DSH4_UART_HWFLOWC case 0x0018: if (chip_type == CHIP_8723DS && rtb_cfg.proto == HCI_UART_H4) { if (n->data[0] & (1 << 2)) rtb_cfg.uart_flow_ctrl = 1; RS_INFO("8723DSH4: hw flow control %u", rtb_cfg.uart_flow_ctrl); if (n->data[0] & 0x01) { rtb_cfg.parenb = 1; if (n->data[0] & 0x02) rtb_cfg.pareven = 1; else rtb_cfg.pareven = 0; } RS_INFO("8723DSH4: parity %u, even %u", rtb_cfg.parenb, rtb_cfg.pareven); } break; #endif default: break; } config_len += (3 + n->len); dlen += (3 + n->len); } p = realloc(buf, config_len); if (!p) { /* block is left untouched; it is not freed or moved */ RS_ERR("Couldn't realloc buf for configs"); free(buf); buf = NULL; *cfg_len = 0; goto done; } buf = p; memcpy(buf, cfg_magic, 4); buf[4] = dlen & 0xff; buf[5] = (dlen >> 8) & 0xff; p = buf + 6; list_for_each_safe(pos, next, &list_configs) { n = list_entry(pos, struct cfg_list_item, list); p[0] = n->offset & 0xff; p[1] = (n->offset >> 8) & 0xff; p[2] = n->len; memcpy(p + 3, n->data, n->len); p += (3 + n->len); } RS_INFO("Vendor baud from Config file: %08x", rtb_cfg.vendor_baud); RS_INFO("New cfg len %u", config_len); util_hexdump((const uint8_t *)buf, config_len); *cfg_len = config_len; done: config_lists_free(); return buf; err_read: free(buf); err_malloc: config_lists_free(); close(fd); err_open: err_stat: free(file_name); return NULL; } /* * Read Realtek Bluetooth firmaware file. */ uint8_t *rtb_read_firmware(struct rtb_struct *btrtl, int *fw_len) { char *filename; struct stat st; int fd = -1; size_t fwsize; uint8_t *fw_buf; ssize_t result; if (!btrtl || !fw_len) { RS_ERR("%s: Invalid parameter", __func__); return NULL; } filename = malloc(PATH_MAX); if (!filename) { RS_ERR("Can't allocate memory for fw name"); return NULL; } snprintf(filename, PATH_MAX, "%s%s", FIRMWARE_DIRECTORY, btrtl->patch_ent->patch_file); if (stat(filename, &st) < 0) { RS_ERR("Can't access firmware %s, %s", filename, strerror(errno)); goto err_stat; } fwsize = st.st_size; if ((fd = open(filename, O_RDONLY)) < 0) { RS_ERR("Can't open firmware, %s", strerror(errno)); goto err_open; } fw_buf = malloc(fwsize); if (!fw_buf) { RS_ERR("Can't allocate memory for fw, %s", strerror(errno)); goto err_malloc; } result = read(fd, fw_buf, fwsize); if (result != (ssize_t) fwsize) { RS_ERR("Read FW %s error, %s", filename, strerror(errno)); goto err_read; } *fw_len = (int)result; RS_INFO("Load FW %s OK, size %zd", filename, result); close(fd); free(filename); return fw_buf; err_read: free(fw_buf); *fw_len = 0; err_malloc: close(fd); err_open: err_stat: free(filename); return NULL; } static uint8_t rtb_get_fw_project_id(uint8_t *p_buf) { uint8_t opcode; uint8_t len; uint8_t data = 0; do { opcode = *p_buf; len = *(p_buf - 1); if (opcode == 0x00) { if (len == 1) { data = *(p_buf - 2); RS_INFO("%s: opcode %u, len %u, data %u", __func__, opcode, len, data); break; } else { RS_ERR("%s: Invalid len %u", __func__, len); } } p_buf -= len + 2; } while (*p_buf != 0xFF); return data; } struct rtb_patch_entry *rtb_get_patch_entry(void) { uint16_t i; struct rtb_patch_hdr *patch; struct rtb_patch_entry *entry; uint32_t tmp; uint8_t *ci_base; /* Chip id base */ uint8_t *pl_base; /* Patch length base */ uint8_t *so_base; /* Start offset base */ patch = (struct rtb_patch_hdr *)rtb_cfg.fw_buf; entry = (struct rtb_patch_entry *)malloc(sizeof(*entry)); if (!entry) { RS_ERR("Failed to allocate mem for patch entry"); return NULL; } patch->number_of_patch = le16_to_cpu(patch->number_of_patch); RS_DBG("FW version 0x%08x, Patch num %u", le32_to_cpu(patch->fw_version), patch->number_of_patch); ci_base = rtb_cfg.fw_buf + 14; pl_base = ci_base + 2 * patch->number_of_patch; so_base = pl_base + 2 * patch->number_of_patch; for (i = 0; i < patch->number_of_patch; i++) { uint16_t chip_id = get_unaligned_le16(ci_base + 2 * i); RS_INFO("Chip id 0x%04x", chip_id); if (chip_id == rtb_cfg.eversion + 1) { entry->chip_id = rtb_cfg.eversion + 1; entry->patch_len = get_unaligned_le16(pl_base + 2 * i); entry->soffset = get_unaligned_le32(so_base + 4 * i); RS_DBG("Patch length 0x%04x", entry->patch_len); RS_DBG("Start offset 0x%08x", entry->soffset); entry->svn_ver = get_unaligned_le32(rtb_cfg.fw_buf + entry->soffset + entry->patch_len - 8); entry->coex_ver = get_unaligned_le32(rtb_cfg.fw_buf + entry->soffset + entry->patch_len - 12); RS_INFO("Svn version: %8u", entry->svn_ver); tmp = ((entry->coex_ver >> 16) & 0x7ff) + (entry->coex_ver >> 27) * 10000; RS_INFO("Coexistence: BTCOEX_20%06u-%04x\n", tmp, (entry->coex_ver & 0xffff)); break; } } if (i == patch->number_of_patch) { RS_ERR("Failed to get entry"); free(entry); entry = NULL; } return entry; } uint8_t *rtb_get_final_patch(int fd, int proto, int *rlen) { struct rtb_struct *rtl = &rtb_cfg; uint8_t proj_id = 0; struct rtb_patch_entry *entry = NULL; struct rtb_patch_hdr *patch = (struct rtb_patch_hdr *)rtl->fw_buf; uint32_t svn_ver, coex_ver, tmp; const uint8_t rtb_patch_smagic[8] = { 0x52, 0x65, 0x61, 0x6C, 0x74, 0x65, 0x63, 0x68 }; const uint8_t rtb_patch_emagic[4] = { 0x51, 0x04, 0xFD, 0x77 }; uint8_t *buf; int len; if (!rlen) { RS_ERR("%s: Invalid parameter", __func__); return NULL; } /* Use single patch for 3wire && 8723a */ if (proto == HCI_UART_3WIRE && rtl->lmp_subver == ROM_LMP_8723a) { if (!memcmp(rtl->fw_buf, rtb_patch_smagic, 8)) { RS_ERR("Unexpected signature"); goto err; } len = rtl->config_len + rtl->fw_len; buf = malloc(len); if (!buf) { RS_ERR("Can't alloc mem for fwc, %s", strerror(errno)); goto err; } else { uint8_t *b; RS_INFO("FWC copy directly"); b = rtl->fw_buf + rtl->fw_len; svn_ver = get_unaligned_le32(b - 8); coex_ver = get_unaligned_le32(b - 12); RS_INFO("Svn version: %u\n", svn_ver); tmp = ((coex_ver >> 16) & 0x7ff) + (coex_ver >> 27) * 10000; RS_INFO("Coexistence: BTCOEX_20%06u-%04x\n", tmp, (coex_ver & 0xffff)); /* Copy Patch and Config */ memcpy(buf, rtl->fw_buf, rtl->fw_len); if (rtl->config_len) memcpy(buf + rtl->fw_len, rtl->config_buf, rtl->config_len); rtl->dl_fw_flag = 1; *rlen = len; return buf; } } if (memcmp(rtl->fw_buf, rtb_patch_smagic, 8)) { RS_ERR("Signature error"); goto err; } if (memcmp(rtl->fw_buf + rtl->fw_len - 4, rtb_patch_emagic, 4)) { RS_ERR("Extension section signature error"); goto err; } proj_id = rtb_get_fw_project_id(rtl->fw_buf + rtl->fw_len - 5); #ifdef RTL_8703A_SUPPORT if (rtl->hci_ver == 0x4 && rtl->lmp_subver == ROM_LMP_8723b) { RS_INFO("HCI version = 0x4, IC is 8703A."); } else { RS_ERR("error: lmp_version %x, hci_version %x, project_id %x", rtl->lmp_subver, rtl->hci_ver, project_id[proj_id]); goto err; } #else if (rtl->lmp_subver != ROM_LMP_8703b) { if (rtl->lmp_subver != project_id[proj_id]) { RS_ERR("lmp_subver %04x, project id %04x, mismatch\n", rtl->lmp_subver, project_id[proj_id]); goto err; } } else { if (rtb_cfg.patch_ent->proj_id != project_id[proj_id]) { RS_ERR("proj_id %04x, version %04x from firmware " "project_id[%u], mismatch", rtb_cfg.patch_ent->proj_id, project_id[proj_id], proj_id); goto err; } } #endif /* Entry is allocated dynamically. It should be freed later in the * function. */ entry = rtb_get_patch_entry(); if (entry) { len = entry->patch_len + rtl->config_len; } else { RS_ERR("Can't find the patch entry"); goto err; } buf = malloc(len); if (!buf) { RS_ERR("%s: Can't alloc memory for fwc, %s", __func__, strerror(errno)); free(entry); goto err; } else { memcpy(buf, rtl->fw_buf + entry->soffset, entry->patch_len); memcpy(buf + entry->patch_len - 4, &patch->fw_version, 4); if (rtl->config_len) memcpy(buf + entry->patch_len, rtl->config_buf, rtl->config_len); rtl->dl_fw_flag = 1; *rlen = len; } RS_INFO("FW %s exists, Config file %s exists", (rtl->fw_len > 0) ? "" : "not", (rtl->config_len > 0) ? "" : "not"); free(entry); return buf; err: rtl->dl_fw_flag = 0; *rlen = 0; return NULL; }