lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20201022142648.446-1-kai.heng.feng@canonical.com>
Date:   Thu, 22 Oct 2020 22:26:48 +0800
From:   Kai-Heng Feng <kai.heng.feng@...onical.com>
To:     marcel@...tmann.org, johan.hedberg@...il.com
Cc:     max.chou@...ltek.com, alex_lu@...lsil.com.cn,
        Kai-Heng Feng <kai.heng.feng@...onical.com>,
        linux-bluetooth@...r.kernel.org (open list:BLUETOOTH DRIVERS),
        linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] Bluetooth: btrtl: Ask 8821C to drop old firmware after shutdown

Some platforms keep USB power even when they are powered off and in S5,
this makes Realtek 8821C keep its firmware even after a cold boot, and
make 8821C never load new firmware.

So use vendor specific HCI command to ask 8821C drop its firmware after
system shutdown.

Newer firmware doesn't have this issue so we only use this trick for old
8821C firmware version.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@...onical.com>
---
 drivers/bluetooth/btrtl.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c
index 3a9afc905f24..2f3843fb2b95 100644
--- a/drivers/bluetooth/btrtl.c
+++ b/drivers/bluetooth/btrtl.c
@@ -55,6 +55,7 @@ struct btrtl_device_info {
 	int fw_len;
 	u8 *cfg_data;
 	int cfg_len;
+	bool drop_fw;
 };
 
 static const struct id_table ic_id_table[] = {
@@ -584,6 +585,11 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
 	hci_ver = resp->hci_ver;
 	hci_rev = le16_to_cpu(resp->hci_rev);
 	lmp_subver = le16_to_cpu(resp->lmp_subver);
+
+	if (resp->hci_ver == 0x8 && le16_to_cpu(resp->hci_rev == 0x826c) &&
+	    resp->lmp_ver == 0x8 && le16_to_cpu(resp->lmp_subver == 0xa99e))
+		btrtl_dev->drop_fw = true;
+
 	kfree_skb(skb);
 
 	btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
@@ -671,6 +677,9 @@ EXPORT_SYMBOL_GPL(btrtl_download_firmware);
 int btrtl_setup_realtek(struct hci_dev *hdev)
 {
 	struct btrtl_device_info *btrtl_dev;
+	struct sk_buff *skb;
+	u16 opcode;
+	u8 cmd[2];
 	int ret;
 
 	btrtl_dev = btrtl_initialize(hdev, NULL);
@@ -679,6 +688,22 @@ int btrtl_setup_realtek(struct hci_dev *hdev)
 
 	ret = btrtl_download_firmware(hdev, btrtl_dev);
 
+	if (btrtl_dev->drop_fw) {
+		opcode = hci_opcode_pack(0x3f, 0x66);
+		cmd[0] = opcode & 0xff;
+		cmd[1] = opcode >> 8;
+
+		skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
+		if (IS_ERR(skb))
+			goto out_free;
+
+		skb_put_data(skb, cmd, sizeof(cmd));
+		hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
+
+		hdev->send(hdev, skb);
+	}
+
+out_free:
 	btrtl_free(btrtl_dev);
 
 	/* Enable controller to do both LE scan and BR/EDR inquiry
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ