| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Oct 2020 16:28:38 +0800
From: Kai-Heng Feng <kai.heng.feng@...onical.com>
To: marcel@...tmann.org, johan.hedberg@...il.com
Cc: max.chou@...ltek.com, alex_lu@...lsil.com.cn,
Kai-Heng Feng <kai.heng.feng@...onical.com>,
linux-bluetooth@...r.kernel.org (open list:BLUETOOTH DRIVERS),
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH v2] Bluetooth: btrtl: Ask 8821C to drop old firmware
Some platforms keep USB power even when they are powered off and in S5,
this makes Realtek 8821C keep its firmware even after a cold boot, and
make 8821C never load new firmware.
So use vendor specific HCI command to ask 8821C drop its firmware after
system shutdown.
Newer firmware doesn't have this issue so we only use this trick for old
8821C firmware version.
Suggested-by: Max Chou <max.chou@...ltek.com>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@...onical.com>
---
v2:
- Fix incorrect parAnthesis on le16_to_cpu.
- Ensure firmware gets re-uploaded in initialization.
drivers/bluetooth/btrtl.c | 46 +++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c
index 3a9afc905f24..37e24bbb2eb4 100644
--- a/drivers/bluetooth/btrtl.c
+++ b/drivers/bluetooth/btrtl.c
@@ -55,6 +55,7 @@ struct btrtl_device_info {
int fw_len;
u8 *cfg_data;
int cfg_len;
+ bool drop_fw;
};
static const struct id_table ic_id_table[] = {
@@ -563,6 +564,8 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
u16 hci_rev, lmp_subver;
u8 hci_ver;
int ret;
+ u16 opcode;
+ u8 cmd[2];
btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
if (!btrtl_dev) {
@@ -584,6 +587,49 @@ struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
hci_ver = resp->hci_ver;
hci_rev = le16_to_cpu(resp->hci_rev);
lmp_subver = le16_to_cpu(resp->lmp_subver);
+
+ if (resp->hci_ver == 0x8 && le16_to_cpu(resp->hci_rev) == 0x826c &&
+ resp->lmp_ver == 0x8 && le16_to_cpu(resp->lmp_subver) == 0xa99e)
+ btrtl_dev->drop_fw = true;
+
+ if (btrtl_dev->drop_fw) {
+ opcode = hci_opcode_pack(0x3f, 0x66);
+ cmd[0] = opcode & 0xff;
+ cmd[1] = opcode >> 8;
+
+ skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
+ if (IS_ERR(skb))
+ goto out_free;
+
+ skb_put_data(skb, cmd, sizeof(cmd));
+ hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
+
+ hdev->send(hdev, skb);
+
+ /* Ensure the above vendor command is sent to controller and
+ * process has done.
+ */
+ msleep(200);
+
+ /* Read the local version again. Expect to have the vanilla
+ * version as cold boot.
+ */
+ skb = btrtl_read_local_version(hdev);
+ if (IS_ERR(skb)) {
+ ret = PTR_ERR(skb);
+ goto err_free;
+ }
+
+ resp = (struct hci_rp_read_local_version *)skb->data;
+ rtl_dev_info(hdev, "examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x",
+ resp->hci_ver, resp->hci_rev,
+ resp->lmp_ver, resp->lmp_subver);
+
+ hci_ver = resp->hci_ver;
+ hci_rev = le16_to_cpu(resp->hci_rev);
+ lmp_subver = le16_to_cpu(resp->lmp_subver);
+ }
+out_free:
kfree_skb(skb);
btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
--
2.17.1
Powered by blists - more mailing lists