Loading...
1/*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/kernel.h>
25#include <linux/module.h>
26#include <linux/init.h>
27#include <linux/slab.h>
28#include <linux/types.h>
29#include <linux/sched.h>
30#include <linux/errno.h>
31#include <linux/skbuff.h>
32
33#include <linux/usb.h>
34
35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h>
37
38#define VERSION "0.6"
39
40static int ignore_dga;
41static int ignore_csr;
42static int ignore_sniffer;
43static int disable_scofix;
44static int force_scofix;
45
46static int reset = 1;
47
48static struct usb_driver btusb_driver;
49
50#define BTUSB_IGNORE 0x01
51#define BTUSB_DIGIANSWER 0x02
52#define BTUSB_CSR 0x04
53#define BTUSB_SNIFFER 0x08
54#define BTUSB_BCM92035 0x10
55#define BTUSB_BROKEN_ISOC 0x20
56#define BTUSB_WRONG_SCO_MTU 0x40
57#define BTUSB_ATH3012 0x80
58
59static struct usb_device_id btusb_table[] = {
60 /* Generic Bluetooth USB device */
61 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
62
63 /* Apple MacBookPro 7,1 */
64 { USB_DEVICE(0x05ac, 0x8213) },
65
66 /* Apple iMac11,1 */
67 { USB_DEVICE(0x05ac, 0x8215) },
68
69 /* Apple MacBookPro6,2 */
70 { USB_DEVICE(0x05ac, 0x8218) },
71
72 /* Apple MacBookAir3,1, MacBookAir3,2 */
73 { USB_DEVICE(0x05ac, 0x821b) },
74
75 /* Apple MacBookAir4,1 */
76 { USB_DEVICE(0x05ac, 0x821f) },
77
78 /* Apple MacBookPro8,2 */
79 { USB_DEVICE(0x05ac, 0x821a) },
80
81 /* Apple MacMini5,1 */
82 { USB_DEVICE(0x05ac, 0x8281) },
83
84 /* AVM BlueFRITZ! USB v2.0 */
85 { USB_DEVICE(0x057c, 0x3800) },
86
87 /* Bluetooth Ultraport Module from IBM */
88 { USB_DEVICE(0x04bf, 0x030a) },
89
90 /* ALPS Modules with non-standard id */
91 { USB_DEVICE(0x044e, 0x3001) },
92 { USB_DEVICE(0x044e, 0x3002) },
93
94 /* Ericsson with non-standard id */
95 { USB_DEVICE(0x0bdb, 0x1002) },
96
97 /* Canyon CN-BTU1 with HID interfaces */
98 { USB_DEVICE(0x0c10, 0x0000) },
99
100 { } /* Terminating entry */
101};
102
103MODULE_DEVICE_TABLE(usb, btusb_table);
104
105static struct usb_device_id blacklist_table[] = {
106 /* CSR BlueCore devices */
107 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
108
109 /* Broadcom BCM2033 without firmware */
110 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
111
112 /* Atheros 3011 with sflash firmware */
113 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
114 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
115 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
116
117 /* Atheros AR9285 Malbec with sflash firmware */
118 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
119
120 /* Atheros 3012 with sflash firmware */
121 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
122
123 /* Atheros AR5BBU12 with sflash firmware */
124 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
125
126 /* Broadcom BCM2035 */
127 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
128 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
129 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
130
131 /* Broadcom BCM2045 */
132 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
133 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
134
135 /* IBM/Lenovo ThinkPad with Broadcom chip */
136 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
137 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
138
139 /* HP laptop with Broadcom chip */
140 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
141
142 /* Dell laptop with Broadcom chip */
143 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
144
145 /* Dell Wireless 370 and 410 devices */
146 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
147 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
148
149 /* Belkin F8T012 and F8T013 devices */
150 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
151 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
152
153 /* Asus WL-BTD202 device */
154 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
155
156 /* Kensington Bluetooth USB adapter */
157 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
158
159 /* RTX Telecom based adapters with buggy SCO support */
160 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
161 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
162
163 /* CONWISE Technology based adapters with buggy SCO support */
164 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
165
166 /* Digianswer devices */
167 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
168 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
169
170 /* CSR BlueCore Bluetooth Sniffer */
171 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
172
173 /* Frontline ComProbe Bluetooth Sniffer */
174 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
175
176 { } /* Terminating entry */
177};
178
179#define BTUSB_MAX_ISOC_FRAMES 10
180
181#define BTUSB_INTR_RUNNING 0
182#define BTUSB_BULK_RUNNING 1
183#define BTUSB_ISOC_RUNNING 2
184#define BTUSB_SUSPENDING 3
185#define BTUSB_DID_ISO_RESUME 4
186
187struct btusb_data {
188 struct hci_dev *hdev;
189 struct usb_device *udev;
190 struct usb_interface *intf;
191 struct usb_interface *isoc;
192
193 spinlock_t lock;
194
195 unsigned long flags;
196
197 struct work_struct work;
198 struct work_struct waker;
199
200 struct usb_anchor tx_anchor;
201 struct usb_anchor intr_anchor;
202 struct usb_anchor bulk_anchor;
203 struct usb_anchor isoc_anchor;
204 struct usb_anchor deferred;
205 int tx_in_flight;
206 spinlock_t txlock;
207
208 struct usb_endpoint_descriptor *intr_ep;
209 struct usb_endpoint_descriptor *bulk_tx_ep;
210 struct usb_endpoint_descriptor *bulk_rx_ep;
211 struct usb_endpoint_descriptor *isoc_tx_ep;
212 struct usb_endpoint_descriptor *isoc_rx_ep;
213
214 __u8 cmdreq_type;
215
216 unsigned int sco_num;
217 int isoc_altsetting;
218 int suspend_count;
219};
220
221static int inc_tx(struct btusb_data *data)
222{
223 unsigned long flags;
224 int rv;
225
226 spin_lock_irqsave(&data->txlock, flags);
227 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
228 if (!rv)
229 data->tx_in_flight++;
230 spin_unlock_irqrestore(&data->txlock, flags);
231
232 return rv;
233}
234
235static void btusb_intr_complete(struct urb *urb)
236{
237 struct hci_dev *hdev = urb->context;
238 struct btusb_data *data = hdev->driver_data;
239 int err;
240
241 BT_DBG("%s urb %p status %d count %d", hdev->name,
242 urb, urb->status, urb->actual_length);
243
244 if (!test_bit(HCI_RUNNING, &hdev->flags))
245 return;
246
247 if (urb->status == 0) {
248 hdev->stat.byte_rx += urb->actual_length;
249
250 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
251 urb->transfer_buffer,
252 urb->actual_length) < 0) {
253 BT_ERR("%s corrupted event packet", hdev->name);
254 hdev->stat.err_rx++;
255 }
256 }
257
258 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
259 return;
260
261 usb_mark_last_busy(data->udev);
262 usb_anchor_urb(urb, &data->intr_anchor);
263
264 err = usb_submit_urb(urb, GFP_ATOMIC);
265 if (err < 0) {
266 /* -EPERM: urb is being killed;
267 * -ENODEV: device got disconnected */
268 if (err != -EPERM && err != -ENODEV)
269 BT_ERR("%s urb %p failed to resubmit (%d)",
270 hdev->name, urb, -err);
271 usb_unanchor_urb(urb);
272 }
273}
274
275static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
276{
277 struct btusb_data *data = hdev->driver_data;
278 struct urb *urb;
279 unsigned char *buf;
280 unsigned int pipe;
281 int err, size;
282
283 BT_DBG("%s", hdev->name);
284
285 if (!data->intr_ep)
286 return -ENODEV;
287
288 urb = usb_alloc_urb(0, mem_flags);
289 if (!urb)
290 return -ENOMEM;
291
292 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
293
294 buf = kmalloc(size, mem_flags);
295 if (!buf) {
296 usb_free_urb(urb);
297 return -ENOMEM;
298 }
299
300 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
301
302 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
303 btusb_intr_complete, hdev,
304 data->intr_ep->bInterval);
305
306 urb->transfer_flags |= URB_FREE_BUFFER;
307
308 usb_anchor_urb(urb, &data->intr_anchor);
309
310 err = usb_submit_urb(urb, mem_flags);
311 if (err < 0) {
312 BT_ERR("%s urb %p submission failed (%d)",
313 hdev->name, urb, -err);
314 usb_unanchor_urb(urb);
315 }
316
317 usb_free_urb(urb);
318
319 return err;
320}
321
322static void btusb_bulk_complete(struct urb *urb)
323{
324 struct hci_dev *hdev = urb->context;
325 struct btusb_data *data = hdev->driver_data;
326 int err;
327
328 BT_DBG("%s urb %p status %d count %d", hdev->name,
329 urb, urb->status, urb->actual_length);
330
331 if (!test_bit(HCI_RUNNING, &hdev->flags))
332 return;
333
334 if (urb->status == 0) {
335 hdev->stat.byte_rx += urb->actual_length;
336
337 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
338 urb->transfer_buffer,
339 urb->actual_length) < 0) {
340 BT_ERR("%s corrupted ACL packet", hdev->name);
341 hdev->stat.err_rx++;
342 }
343 }
344
345 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
346 return;
347
348 usb_anchor_urb(urb, &data->bulk_anchor);
349 usb_mark_last_busy(data->udev);
350
351 err = usb_submit_urb(urb, GFP_ATOMIC);
352 if (err < 0) {
353 /* -EPERM: urb is being killed;
354 * -ENODEV: device got disconnected */
355 if (err != -EPERM && err != -ENODEV)
356 BT_ERR("%s urb %p failed to resubmit (%d)",
357 hdev->name, urb, -err);
358 usb_unanchor_urb(urb);
359 }
360}
361
362static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
363{
364 struct btusb_data *data = hdev->driver_data;
365 struct urb *urb;
366 unsigned char *buf;
367 unsigned int pipe;
368 int err, size = HCI_MAX_FRAME_SIZE;
369
370 BT_DBG("%s", hdev->name);
371
372 if (!data->bulk_rx_ep)
373 return -ENODEV;
374
375 urb = usb_alloc_urb(0, mem_flags);
376 if (!urb)
377 return -ENOMEM;
378
379 buf = kmalloc(size, mem_flags);
380 if (!buf) {
381 usb_free_urb(urb);
382 return -ENOMEM;
383 }
384
385 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
386
387 usb_fill_bulk_urb(urb, data->udev, pipe,
388 buf, size, btusb_bulk_complete, hdev);
389
390 urb->transfer_flags |= URB_FREE_BUFFER;
391
392 usb_mark_last_busy(data->udev);
393 usb_anchor_urb(urb, &data->bulk_anchor);
394
395 err = usb_submit_urb(urb, mem_flags);
396 if (err < 0) {
397 BT_ERR("%s urb %p submission failed (%d)",
398 hdev->name, urb, -err);
399 usb_unanchor_urb(urb);
400 }
401
402 usb_free_urb(urb);
403
404 return err;
405}
406
407static void btusb_isoc_complete(struct urb *urb)
408{
409 struct hci_dev *hdev = urb->context;
410 struct btusb_data *data = hdev->driver_data;
411 int i, err;
412
413 BT_DBG("%s urb %p status %d count %d", hdev->name,
414 urb, urb->status, urb->actual_length);
415
416 if (!test_bit(HCI_RUNNING, &hdev->flags))
417 return;
418
419 if (urb->status == 0) {
420 for (i = 0; i < urb->number_of_packets; i++) {
421 unsigned int offset = urb->iso_frame_desc[i].offset;
422 unsigned int length = urb->iso_frame_desc[i].actual_length;
423
424 if (urb->iso_frame_desc[i].status)
425 continue;
426
427 hdev->stat.byte_rx += length;
428
429 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
430 urb->transfer_buffer + offset,
431 length) < 0) {
432 BT_ERR("%s corrupted SCO packet", hdev->name);
433 hdev->stat.err_rx++;
434 }
435 }
436 }
437
438 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
439 return;
440
441 usb_anchor_urb(urb, &data->isoc_anchor);
442
443 err = usb_submit_urb(urb, GFP_ATOMIC);
444 if (err < 0) {
445 /* -EPERM: urb is being killed;
446 * -ENODEV: device got disconnected */
447 if (err != -EPERM && err != -ENODEV)
448 BT_ERR("%s urb %p failed to resubmit (%d)",
449 hdev->name, urb, -err);
450 usb_unanchor_urb(urb);
451 }
452}
453
454static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
455{
456 int i, offset = 0;
457
458 BT_DBG("len %d mtu %d", len, mtu);
459
460 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
461 i++, offset += mtu, len -= mtu) {
462 urb->iso_frame_desc[i].offset = offset;
463 urb->iso_frame_desc[i].length = mtu;
464 }
465
466 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
467 urb->iso_frame_desc[i].offset = offset;
468 urb->iso_frame_desc[i].length = len;
469 i++;
470 }
471
472 urb->number_of_packets = i;
473}
474
475static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
476{
477 struct btusb_data *data = hdev->driver_data;
478 struct urb *urb;
479 unsigned char *buf;
480 unsigned int pipe;
481 int err, size;
482
483 BT_DBG("%s", hdev->name);
484
485 if (!data->isoc_rx_ep)
486 return -ENODEV;
487
488 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
489 if (!urb)
490 return -ENOMEM;
491
492 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
493 BTUSB_MAX_ISOC_FRAMES;
494
495 buf = kmalloc(size, mem_flags);
496 if (!buf) {
497 usb_free_urb(urb);
498 return -ENOMEM;
499 }
500
501 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
502
503 urb->dev = data->udev;
504 urb->pipe = pipe;
505 urb->context = hdev;
506 urb->complete = btusb_isoc_complete;
507 urb->interval = data->isoc_rx_ep->bInterval;
508
509 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
510 urb->transfer_buffer = buf;
511 urb->transfer_buffer_length = size;
512
513 __fill_isoc_descriptor(urb, size,
514 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
515
516 usb_anchor_urb(urb, &data->isoc_anchor);
517
518 err = usb_submit_urb(urb, mem_flags);
519 if (err < 0) {
520 BT_ERR("%s urb %p submission failed (%d)",
521 hdev->name, urb, -err);
522 usb_unanchor_urb(urb);
523 }
524
525 usb_free_urb(urb);
526
527 return err;
528}
529
530static void btusb_tx_complete(struct urb *urb)
531{
532 struct sk_buff *skb = urb->context;
533 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
534 struct btusb_data *data = hdev->driver_data;
535
536 BT_DBG("%s urb %p status %d count %d", hdev->name,
537 urb, urb->status, urb->actual_length);
538
539 if (!test_bit(HCI_RUNNING, &hdev->flags))
540 goto done;
541
542 if (!urb->status)
543 hdev->stat.byte_tx += urb->transfer_buffer_length;
544 else
545 hdev->stat.err_tx++;
546
547done:
548 spin_lock(&data->txlock);
549 data->tx_in_flight--;
550 spin_unlock(&data->txlock);
551
552 kfree(urb->setup_packet);
553
554 kfree_skb(skb);
555}
556
557static void btusb_isoc_tx_complete(struct urb *urb)
558{
559 struct sk_buff *skb = urb->context;
560 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
561
562 BT_DBG("%s urb %p status %d count %d", hdev->name,
563 urb, urb->status, urb->actual_length);
564
565 if (!test_bit(HCI_RUNNING, &hdev->flags))
566 goto done;
567
568 if (!urb->status)
569 hdev->stat.byte_tx += urb->transfer_buffer_length;
570 else
571 hdev->stat.err_tx++;
572
573done:
574 kfree(urb->setup_packet);
575
576 kfree_skb(skb);
577}
578
579static int btusb_open(struct hci_dev *hdev)
580{
581 struct btusb_data *data = hdev->driver_data;
582 int err;
583
584 BT_DBG("%s", hdev->name);
585
586 err = usb_autopm_get_interface(data->intf);
587 if (err < 0)
588 return err;
589
590 data->intf->needs_remote_wakeup = 1;
591
592 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
593 goto done;
594
595 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
596 goto done;
597
598 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
599 if (err < 0)
600 goto failed;
601
602 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
603 if (err < 0) {
604 usb_kill_anchored_urbs(&data->intr_anchor);
605 goto failed;
606 }
607
608 set_bit(BTUSB_BULK_RUNNING, &data->flags);
609 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
610
611done:
612 usb_autopm_put_interface(data->intf);
613 return 0;
614
615failed:
616 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
617 clear_bit(HCI_RUNNING, &hdev->flags);
618 usb_autopm_put_interface(data->intf);
619 return err;
620}
621
622static void btusb_stop_traffic(struct btusb_data *data)
623{
624 usb_kill_anchored_urbs(&data->intr_anchor);
625 usb_kill_anchored_urbs(&data->bulk_anchor);
626 usb_kill_anchored_urbs(&data->isoc_anchor);
627}
628
629static int btusb_close(struct hci_dev *hdev)
630{
631 struct btusb_data *data = hdev->driver_data;
632 int err;
633
634 BT_DBG("%s", hdev->name);
635
636 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
637 return 0;
638
639 cancel_work_sync(&data->work);
640 cancel_work_sync(&data->waker);
641
642 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
643 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
644 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
645
646 btusb_stop_traffic(data);
647 err = usb_autopm_get_interface(data->intf);
648 if (err < 0)
649 goto failed;
650
651 data->intf->needs_remote_wakeup = 0;
652 usb_autopm_put_interface(data->intf);
653
654failed:
655 usb_scuttle_anchored_urbs(&data->deferred);
656 return 0;
657}
658
659static int btusb_flush(struct hci_dev *hdev)
660{
661 struct btusb_data *data = hdev->driver_data;
662
663 BT_DBG("%s", hdev->name);
664
665 usb_kill_anchored_urbs(&data->tx_anchor);
666
667 return 0;
668}
669
670static int btusb_send_frame(struct sk_buff *skb)
671{
672 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
673 struct btusb_data *data = hdev->driver_data;
674 struct usb_ctrlrequest *dr;
675 struct urb *urb;
676 unsigned int pipe;
677 int err;
678
679 BT_DBG("%s", hdev->name);
680
681 if (!test_bit(HCI_RUNNING, &hdev->flags))
682 return -EBUSY;
683
684 switch (bt_cb(skb)->pkt_type) {
685 case HCI_COMMAND_PKT:
686 urb = usb_alloc_urb(0, GFP_ATOMIC);
687 if (!urb)
688 return -ENOMEM;
689
690 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
691 if (!dr) {
692 usb_free_urb(urb);
693 return -ENOMEM;
694 }
695
696 dr->bRequestType = data->cmdreq_type;
697 dr->bRequest = 0;
698 dr->wIndex = 0;
699 dr->wValue = 0;
700 dr->wLength = __cpu_to_le16(skb->len);
701
702 pipe = usb_sndctrlpipe(data->udev, 0x00);
703
704 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
705 skb->data, skb->len, btusb_tx_complete, skb);
706
707 hdev->stat.cmd_tx++;
708 break;
709
710 case HCI_ACLDATA_PKT:
711 if (!data->bulk_tx_ep || (hdev->conn_hash.acl_num < 1 &&
712 hdev->conn_hash.le_num < 1))
713 return -ENODEV;
714
715 urb = usb_alloc_urb(0, GFP_ATOMIC);
716 if (!urb)
717 return -ENOMEM;
718
719 pipe = usb_sndbulkpipe(data->udev,
720 data->bulk_tx_ep->bEndpointAddress);
721
722 usb_fill_bulk_urb(urb, data->udev, pipe,
723 skb->data, skb->len, btusb_tx_complete, skb);
724
725 hdev->stat.acl_tx++;
726 break;
727
728 case HCI_SCODATA_PKT:
729 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
730 return -ENODEV;
731
732 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
733 if (!urb)
734 return -ENOMEM;
735
736 pipe = usb_sndisocpipe(data->udev,
737 data->isoc_tx_ep->bEndpointAddress);
738
739 usb_fill_int_urb(urb, data->udev, pipe,
740 skb->data, skb->len, btusb_isoc_tx_complete,
741 skb, data->isoc_tx_ep->bInterval);
742
743 urb->transfer_flags = URB_ISO_ASAP;
744
745 __fill_isoc_descriptor(urb, skb->len,
746 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
747
748 hdev->stat.sco_tx++;
749 goto skip_waking;
750
751 default:
752 return -EILSEQ;
753 }
754
755 err = inc_tx(data);
756 if (err) {
757 usb_anchor_urb(urb, &data->deferred);
758 schedule_work(&data->waker);
759 err = 0;
760 goto done;
761 }
762
763skip_waking:
764 usb_anchor_urb(urb, &data->tx_anchor);
765
766 err = usb_submit_urb(urb, GFP_ATOMIC);
767 if (err < 0) {
768 BT_ERR("%s urb %p submission failed", hdev->name, urb);
769 kfree(urb->setup_packet);
770 usb_unanchor_urb(urb);
771 } else {
772 usb_mark_last_busy(data->udev);
773 }
774
775 usb_free_urb(urb);
776
777done:
778 return err;
779}
780
781static void btusb_destruct(struct hci_dev *hdev)
782{
783 struct btusb_data *data = hdev->driver_data;
784
785 BT_DBG("%s", hdev->name);
786
787 kfree(data);
788}
789
790static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
791{
792 struct btusb_data *data = hdev->driver_data;
793
794 BT_DBG("%s evt %d", hdev->name, evt);
795
796 if (hdev->conn_hash.sco_num != data->sco_num) {
797 data->sco_num = hdev->conn_hash.sco_num;
798 schedule_work(&data->work);
799 }
800}
801
802static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
803{
804 struct btusb_data *data = hdev->driver_data;
805 struct usb_interface *intf = data->isoc;
806 struct usb_endpoint_descriptor *ep_desc;
807 int i, err;
808
809 if (!data->isoc)
810 return -ENODEV;
811
812 err = usb_set_interface(data->udev, 1, altsetting);
813 if (err < 0) {
814 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
815 return err;
816 }
817
818 data->isoc_altsetting = altsetting;
819
820 data->isoc_tx_ep = NULL;
821 data->isoc_rx_ep = NULL;
822
823 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
824 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
825
826 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
827 data->isoc_tx_ep = ep_desc;
828 continue;
829 }
830
831 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
832 data->isoc_rx_ep = ep_desc;
833 continue;
834 }
835 }
836
837 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
838 BT_ERR("%s invalid SCO descriptors", hdev->name);
839 return -ENODEV;
840 }
841
842 return 0;
843}
844
845static void btusb_work(struct work_struct *work)
846{
847 struct btusb_data *data = container_of(work, struct btusb_data, work);
848 struct hci_dev *hdev = data->hdev;
849 int err;
850
851 if (hdev->conn_hash.sco_num > 0) {
852 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
853 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
854 if (err < 0) {
855 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
856 usb_kill_anchored_urbs(&data->isoc_anchor);
857 return;
858 }
859
860 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
861 }
862 if (data->isoc_altsetting != 2) {
863 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
864 usb_kill_anchored_urbs(&data->isoc_anchor);
865
866 if (__set_isoc_interface(hdev, 2) < 0)
867 return;
868 }
869
870 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
871 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
872 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
873 else
874 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
875 }
876 } else {
877 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
878 usb_kill_anchored_urbs(&data->isoc_anchor);
879
880 __set_isoc_interface(hdev, 0);
881 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
882 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
883 }
884}
885
886static void btusb_waker(struct work_struct *work)
887{
888 struct btusb_data *data = container_of(work, struct btusb_data, waker);
889 int err;
890
891 err = usb_autopm_get_interface(data->intf);
892 if (err < 0)
893 return;
894
895 usb_autopm_put_interface(data->intf);
896}
897
898static int btusb_probe(struct usb_interface *intf,
899 const struct usb_device_id *id)
900{
901 struct usb_endpoint_descriptor *ep_desc;
902 struct btusb_data *data;
903 struct hci_dev *hdev;
904 int i, err;
905
906 BT_DBG("intf %p id %p", intf, id);
907
908 /* interface numbers are hardcoded in the spec */
909 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
910 return -ENODEV;
911
912 if (!id->driver_info) {
913 const struct usb_device_id *match;
914 match = usb_match_id(intf, blacklist_table);
915 if (match)
916 id = match;
917 }
918
919 if (id->driver_info == BTUSB_IGNORE)
920 return -ENODEV;
921
922 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
923 return -ENODEV;
924
925 if (ignore_csr && id->driver_info & BTUSB_CSR)
926 return -ENODEV;
927
928 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
929 return -ENODEV;
930
931 if (id->driver_info & BTUSB_ATH3012) {
932 struct usb_device *udev = interface_to_usbdev(intf);
933
934 /* Old firmware would otherwise let ath3k driver load
935 * patch and sysconfig files */
936 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
937 return -ENODEV;
938 }
939
940 data = kzalloc(sizeof(*data), GFP_KERNEL);
941 if (!data)
942 return -ENOMEM;
943
944 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
945 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
946
947 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
948 data->intr_ep = ep_desc;
949 continue;
950 }
951
952 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
953 data->bulk_tx_ep = ep_desc;
954 continue;
955 }
956
957 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
958 data->bulk_rx_ep = ep_desc;
959 continue;
960 }
961 }
962
963 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
964 kfree(data);
965 return -ENODEV;
966 }
967
968 data->cmdreq_type = USB_TYPE_CLASS;
969
970 data->udev = interface_to_usbdev(intf);
971 data->intf = intf;
972
973 spin_lock_init(&data->lock);
974
975 INIT_WORK(&data->work, btusb_work);
976 INIT_WORK(&data->waker, btusb_waker);
977 spin_lock_init(&data->txlock);
978
979 init_usb_anchor(&data->tx_anchor);
980 init_usb_anchor(&data->intr_anchor);
981 init_usb_anchor(&data->bulk_anchor);
982 init_usb_anchor(&data->isoc_anchor);
983 init_usb_anchor(&data->deferred);
984
985 hdev = hci_alloc_dev();
986 if (!hdev) {
987 kfree(data);
988 return -ENOMEM;
989 }
990
991 hdev->bus = HCI_USB;
992 hdev->driver_data = data;
993
994 data->hdev = hdev;
995
996 SET_HCIDEV_DEV(hdev, &intf->dev);
997
998 hdev->open = btusb_open;
999 hdev->close = btusb_close;
1000 hdev->flush = btusb_flush;
1001 hdev->send = btusb_send_frame;
1002 hdev->destruct = btusb_destruct;
1003 hdev->notify = btusb_notify;
1004
1005 hdev->owner = THIS_MODULE;
1006
1007 /* Interface numbers are hardcoded in the specification */
1008 data->isoc = usb_ifnum_to_if(data->udev, 1);
1009
1010 if (!reset)
1011 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1012
1013 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1014 if (!disable_scofix)
1015 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1016 }
1017
1018 if (id->driver_info & BTUSB_BROKEN_ISOC)
1019 data->isoc = NULL;
1020
1021 if (id->driver_info & BTUSB_DIGIANSWER) {
1022 data->cmdreq_type = USB_TYPE_VENDOR;
1023 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1024 }
1025
1026 if (id->driver_info & BTUSB_CSR) {
1027 struct usb_device *udev = data->udev;
1028
1029 /* Old firmware would otherwise execute USB reset */
1030 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1031 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1032 }
1033
1034 if (id->driver_info & BTUSB_SNIFFER) {
1035 struct usb_device *udev = data->udev;
1036
1037 /* New sniffer firmware has crippled HCI interface */
1038 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1039 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1040
1041 data->isoc = NULL;
1042 }
1043
1044 if (id->driver_info & BTUSB_BCM92035) {
1045 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1046 struct sk_buff *skb;
1047
1048 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1049 if (skb) {
1050 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1051 skb_queue_tail(&hdev->driver_init, skb);
1052 }
1053 }
1054
1055 if (data->isoc) {
1056 err = usb_driver_claim_interface(&btusb_driver,
1057 data->isoc, data);
1058 if (err < 0) {
1059 hci_free_dev(hdev);
1060 kfree(data);
1061 return err;
1062 }
1063 }
1064
1065 err = hci_register_dev(hdev);
1066 if (err < 0) {
1067 hci_free_dev(hdev);
1068 kfree(data);
1069 return err;
1070 }
1071
1072 usb_set_intfdata(intf, data);
1073
1074 return 0;
1075}
1076
1077static void btusb_disconnect(struct usb_interface *intf)
1078{
1079 struct btusb_data *data = usb_get_intfdata(intf);
1080 struct hci_dev *hdev;
1081
1082 BT_DBG("intf %p", intf);
1083
1084 if (!data)
1085 return;
1086
1087 hdev = data->hdev;
1088
1089 __hci_dev_hold(hdev);
1090
1091 usb_set_intfdata(data->intf, NULL);
1092
1093 if (data->isoc)
1094 usb_set_intfdata(data->isoc, NULL);
1095
1096 hci_unregister_dev(hdev);
1097
1098 if (intf == data->isoc)
1099 usb_driver_release_interface(&btusb_driver, data->intf);
1100 else if (data->isoc)
1101 usb_driver_release_interface(&btusb_driver, data->isoc);
1102
1103 __hci_dev_put(hdev);
1104
1105 hci_free_dev(hdev);
1106}
1107
1108#ifdef CONFIG_PM
1109static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1110{
1111 struct btusb_data *data = usb_get_intfdata(intf);
1112
1113 BT_DBG("intf %p", intf);
1114
1115 if (data->suspend_count++)
1116 return 0;
1117
1118 spin_lock_irq(&data->txlock);
1119 if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1120 set_bit(BTUSB_SUSPENDING, &data->flags);
1121 spin_unlock_irq(&data->txlock);
1122 } else {
1123 spin_unlock_irq(&data->txlock);
1124 data->suspend_count--;
1125 return -EBUSY;
1126 }
1127
1128 cancel_work_sync(&data->work);
1129
1130 btusb_stop_traffic(data);
1131 usb_kill_anchored_urbs(&data->tx_anchor);
1132
1133 return 0;
1134}
1135
1136static void play_deferred(struct btusb_data *data)
1137{
1138 struct urb *urb;
1139 int err;
1140
1141 while ((urb = usb_get_from_anchor(&data->deferred))) {
1142 err = usb_submit_urb(urb, GFP_ATOMIC);
1143 if (err < 0)
1144 break;
1145
1146 data->tx_in_flight++;
1147 }
1148 usb_scuttle_anchored_urbs(&data->deferred);
1149}
1150
1151static int btusb_resume(struct usb_interface *intf)
1152{
1153 struct btusb_data *data = usb_get_intfdata(intf);
1154 struct hci_dev *hdev = data->hdev;
1155 int err = 0;
1156
1157 BT_DBG("intf %p", intf);
1158
1159 if (--data->suspend_count)
1160 return 0;
1161
1162 if (!test_bit(HCI_RUNNING, &hdev->flags))
1163 goto done;
1164
1165 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1166 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1167 if (err < 0) {
1168 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1169 goto failed;
1170 }
1171 }
1172
1173 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1174 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1175 if (err < 0) {
1176 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1177 goto failed;
1178 }
1179
1180 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1181 }
1182
1183 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1184 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1185 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1186 else
1187 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1188 }
1189
1190 spin_lock_irq(&data->txlock);
1191 play_deferred(data);
1192 clear_bit(BTUSB_SUSPENDING, &data->flags);
1193 spin_unlock_irq(&data->txlock);
1194 schedule_work(&data->work);
1195
1196 return 0;
1197
1198failed:
1199 usb_scuttle_anchored_urbs(&data->deferred);
1200done:
1201 spin_lock_irq(&data->txlock);
1202 clear_bit(BTUSB_SUSPENDING, &data->flags);
1203 spin_unlock_irq(&data->txlock);
1204
1205 return err;
1206}
1207#endif
1208
1209static struct usb_driver btusb_driver = {
1210 .name = "btusb",
1211 .probe = btusb_probe,
1212 .disconnect = btusb_disconnect,
1213#ifdef CONFIG_PM
1214 .suspend = btusb_suspend,
1215 .resume = btusb_resume,
1216#endif
1217 .id_table = btusb_table,
1218 .supports_autosuspend = 1,
1219};
1220
1221static int __init btusb_init(void)
1222{
1223 BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1224
1225 return usb_register(&btusb_driver);
1226}
1227
1228static void __exit btusb_exit(void)
1229{
1230 usb_deregister(&btusb_driver);
1231}
1232
1233module_init(btusb_init);
1234module_exit(btusb_exit);
1235
1236module_param(ignore_dga, bool, 0644);
1237MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1238
1239module_param(ignore_csr, bool, 0644);
1240MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1241
1242module_param(ignore_sniffer, bool, 0644);
1243MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1244
1245module_param(disable_scofix, bool, 0644);
1246MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1247
1248module_param(force_scofix, bool, 0644);
1249MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1250
1251module_param(reset, bool, 0644);
1252MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1253
1254MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1255MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1256MODULE_VERSION(VERSION);
1257MODULE_LICENSE("GPL");
1/*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/module.h>
25#include <linux/usb.h>
26#include <linux/firmware.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#define VERSION "0.6"
32
33static bool ignore_dga;
34static bool ignore_csr;
35static bool ignore_sniffer;
36static bool disable_scofix;
37static bool force_scofix;
38
39static bool reset = 1;
40
41static struct usb_driver btusb_driver;
42
43#define BTUSB_IGNORE 0x01
44#define BTUSB_DIGIANSWER 0x02
45#define BTUSB_CSR 0x04
46#define BTUSB_SNIFFER 0x08
47#define BTUSB_BCM92035 0x10
48#define BTUSB_BROKEN_ISOC 0x20
49#define BTUSB_WRONG_SCO_MTU 0x40
50#define BTUSB_ATH3012 0x80
51#define BTUSB_INTEL 0x100
52
53static const struct usb_device_id btusb_table[] = {
54 /* Generic Bluetooth USB device */
55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
56
57 /* Apple-specific (Broadcom) devices */
58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
59
60 /* MediaTek MT76x0E */
61 { USB_DEVICE(0x0e8d, 0x763f) },
62
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x0a5c, 0x21e1) },
65
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
68
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
71
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
74
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
77
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
80
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
83
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
86
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
89
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
92
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
96
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
99
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
102
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0489, 0xe042) },
105 { USB_DEVICE(0x04ca, 0x2003) },
106 { USB_DEVICE(0x0b05, 0x17b5) },
107 { USB_DEVICE(0x0b05, 0x17cb) },
108 { USB_DEVICE(0x413c, 0x8197) },
109
110 /* Foxconn - Hon Hai */
111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
112
113 /* Broadcom devices with vendor specific id */
114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
115
116 /* Belkin F8065bf - Broadcom based */
117 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
118
119 /* IMC Networks - Broadcom based */
120 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
121
122 { } /* Terminating entry */
123};
124
125MODULE_DEVICE_TABLE(usb, btusb_table);
126
127static const struct usb_device_id blacklist_table[] = {
128 /* CSR BlueCore devices */
129 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
130
131 /* Broadcom BCM2033 without firmware */
132 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
133
134 /* Atheros 3011 with sflash firmware */
135 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
136 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
137 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
138 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
139 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
140 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
141
142 /* Atheros AR9285 Malbec with sflash firmware */
143 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
144
145 /* Atheros 3012 with sflash firmware */
146 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
147 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
148 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
149 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
150 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
151 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
152 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
153 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
154 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x0cf3, 0x3005), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
177
178 /* Atheros AR5BBU12 with sflash firmware */
179 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
180
181 /* Atheros AR5BBU12 with sflash firmware */
182 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
183 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
184
185 /* Broadcom BCM2035 */
186 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
187 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
188 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
189
190 /* Broadcom BCM2045 */
191 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
192 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
193
194 /* IBM/Lenovo ThinkPad with Broadcom chip */
195 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
196 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
197
198 /* HP laptop with Broadcom chip */
199 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
200
201 /* Dell laptop with Broadcom chip */
202 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
203
204 /* Dell Wireless 370 and 410 devices */
205 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
206 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
207
208 /* Belkin F8T012 and F8T013 devices */
209 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
210 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
211
212 /* Asus WL-BTD202 device */
213 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
214
215 /* Kensington Bluetooth USB adapter */
216 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
217
218 /* RTX Telecom based adapters with buggy SCO support */
219 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
220 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
221
222 /* CONWISE Technology based adapters with buggy SCO support */
223 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
224
225 /* Digianswer devices */
226 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
227 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
228
229 /* CSR BlueCore Bluetooth Sniffer */
230 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
231
232 /* Frontline ComProbe Bluetooth Sniffer */
233 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
234
235 /* Intel Bluetooth device */
236 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
237 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
238
239 { } /* Terminating entry */
240};
241
242#define BTUSB_MAX_ISOC_FRAMES 10
243
244#define BTUSB_INTR_RUNNING 0
245#define BTUSB_BULK_RUNNING 1
246#define BTUSB_ISOC_RUNNING 2
247#define BTUSB_SUSPENDING 3
248#define BTUSB_DID_ISO_RESUME 4
249
250struct btusb_data {
251 struct hci_dev *hdev;
252 struct usb_device *udev;
253 struct usb_interface *intf;
254 struct usb_interface *isoc;
255
256 spinlock_t lock;
257
258 unsigned long flags;
259
260 struct work_struct work;
261 struct work_struct waker;
262
263 struct usb_anchor tx_anchor;
264 struct usb_anchor intr_anchor;
265 struct usb_anchor bulk_anchor;
266 struct usb_anchor isoc_anchor;
267 struct usb_anchor deferred;
268 int tx_in_flight;
269 spinlock_t txlock;
270
271 struct usb_endpoint_descriptor *intr_ep;
272 struct usb_endpoint_descriptor *bulk_tx_ep;
273 struct usb_endpoint_descriptor *bulk_rx_ep;
274 struct usb_endpoint_descriptor *isoc_tx_ep;
275 struct usb_endpoint_descriptor *isoc_rx_ep;
276
277 __u8 cmdreq_type;
278
279 unsigned int sco_num;
280 int isoc_altsetting;
281 int suspend_count;
282};
283
284static int inc_tx(struct btusb_data *data)
285{
286 unsigned long flags;
287 int rv;
288
289 spin_lock_irqsave(&data->txlock, flags);
290 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
291 if (!rv)
292 data->tx_in_flight++;
293 spin_unlock_irqrestore(&data->txlock, flags);
294
295 return rv;
296}
297
298static void btusb_intr_complete(struct urb *urb)
299{
300 struct hci_dev *hdev = urb->context;
301 struct btusb_data *data = hci_get_drvdata(hdev);
302 int err;
303
304 BT_DBG("%s urb %p status %d count %d", hdev->name,
305 urb, urb->status, urb->actual_length);
306
307 if (!test_bit(HCI_RUNNING, &hdev->flags))
308 return;
309
310 if (urb->status == 0) {
311 hdev->stat.byte_rx += urb->actual_length;
312
313 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
314 urb->transfer_buffer,
315 urb->actual_length) < 0) {
316 BT_ERR("%s corrupted event packet", hdev->name);
317 hdev->stat.err_rx++;
318 }
319 }
320
321 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
322 return;
323
324 usb_mark_last_busy(data->udev);
325 usb_anchor_urb(urb, &data->intr_anchor);
326
327 err = usb_submit_urb(urb, GFP_ATOMIC);
328 if (err < 0) {
329 /* -EPERM: urb is being killed;
330 * -ENODEV: device got disconnected */
331 if (err != -EPERM && err != -ENODEV)
332 BT_ERR("%s urb %p failed to resubmit (%d)",
333 hdev->name, urb, -err);
334 usb_unanchor_urb(urb);
335 }
336}
337
338static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
339{
340 struct btusb_data *data = hci_get_drvdata(hdev);
341 struct urb *urb;
342 unsigned char *buf;
343 unsigned int pipe;
344 int err, size;
345
346 BT_DBG("%s", hdev->name);
347
348 if (!data->intr_ep)
349 return -ENODEV;
350
351 urb = usb_alloc_urb(0, mem_flags);
352 if (!urb)
353 return -ENOMEM;
354
355 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
356
357 buf = kmalloc(size, mem_flags);
358 if (!buf) {
359 usb_free_urb(urb);
360 return -ENOMEM;
361 }
362
363 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
364
365 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
366 btusb_intr_complete, hdev,
367 data->intr_ep->bInterval);
368
369 urb->transfer_flags |= URB_FREE_BUFFER;
370
371 usb_anchor_urb(urb, &data->intr_anchor);
372
373 err = usb_submit_urb(urb, mem_flags);
374 if (err < 0) {
375 if (err != -EPERM && err != -ENODEV)
376 BT_ERR("%s urb %p submission failed (%d)",
377 hdev->name, urb, -err);
378 usb_unanchor_urb(urb);
379 }
380
381 usb_free_urb(urb);
382
383 return err;
384}
385
386static void btusb_bulk_complete(struct urb *urb)
387{
388 struct hci_dev *hdev = urb->context;
389 struct btusb_data *data = hci_get_drvdata(hdev);
390 int err;
391
392 BT_DBG("%s urb %p status %d count %d", hdev->name,
393 urb, urb->status, urb->actual_length);
394
395 if (!test_bit(HCI_RUNNING, &hdev->flags))
396 return;
397
398 if (urb->status == 0) {
399 hdev->stat.byte_rx += urb->actual_length;
400
401 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
402 urb->transfer_buffer,
403 urb->actual_length) < 0) {
404 BT_ERR("%s corrupted ACL packet", hdev->name);
405 hdev->stat.err_rx++;
406 }
407 }
408
409 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
410 return;
411
412 usb_anchor_urb(urb, &data->bulk_anchor);
413 usb_mark_last_busy(data->udev);
414
415 err = usb_submit_urb(urb, GFP_ATOMIC);
416 if (err < 0) {
417 /* -EPERM: urb is being killed;
418 * -ENODEV: device got disconnected */
419 if (err != -EPERM && err != -ENODEV)
420 BT_ERR("%s urb %p failed to resubmit (%d)",
421 hdev->name, urb, -err);
422 usb_unanchor_urb(urb);
423 }
424}
425
426static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
427{
428 struct btusb_data *data = hci_get_drvdata(hdev);
429 struct urb *urb;
430 unsigned char *buf;
431 unsigned int pipe;
432 int err, size = HCI_MAX_FRAME_SIZE;
433
434 BT_DBG("%s", hdev->name);
435
436 if (!data->bulk_rx_ep)
437 return -ENODEV;
438
439 urb = usb_alloc_urb(0, mem_flags);
440 if (!urb)
441 return -ENOMEM;
442
443 buf = kmalloc(size, mem_flags);
444 if (!buf) {
445 usb_free_urb(urb);
446 return -ENOMEM;
447 }
448
449 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
450
451 usb_fill_bulk_urb(urb, data->udev, pipe,
452 buf, size, btusb_bulk_complete, hdev);
453
454 urb->transfer_flags |= URB_FREE_BUFFER;
455
456 usb_mark_last_busy(data->udev);
457 usb_anchor_urb(urb, &data->bulk_anchor);
458
459 err = usb_submit_urb(urb, mem_flags);
460 if (err < 0) {
461 if (err != -EPERM && err != -ENODEV)
462 BT_ERR("%s urb %p submission failed (%d)",
463 hdev->name, urb, -err);
464 usb_unanchor_urb(urb);
465 }
466
467 usb_free_urb(urb);
468
469 return err;
470}
471
472static void btusb_isoc_complete(struct urb *urb)
473{
474 struct hci_dev *hdev = urb->context;
475 struct btusb_data *data = hci_get_drvdata(hdev);
476 int i, err;
477
478 BT_DBG("%s urb %p status %d count %d", hdev->name,
479 urb, urb->status, urb->actual_length);
480
481 if (!test_bit(HCI_RUNNING, &hdev->flags))
482 return;
483
484 if (urb->status == 0) {
485 for (i = 0; i < urb->number_of_packets; i++) {
486 unsigned int offset = urb->iso_frame_desc[i].offset;
487 unsigned int length = urb->iso_frame_desc[i].actual_length;
488
489 if (urb->iso_frame_desc[i].status)
490 continue;
491
492 hdev->stat.byte_rx += length;
493
494 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
495 urb->transfer_buffer + offset,
496 length) < 0) {
497 BT_ERR("%s corrupted SCO packet", hdev->name);
498 hdev->stat.err_rx++;
499 }
500 }
501 }
502
503 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
504 return;
505
506 usb_anchor_urb(urb, &data->isoc_anchor);
507
508 err = usb_submit_urb(urb, GFP_ATOMIC);
509 if (err < 0) {
510 /* -EPERM: urb is being killed;
511 * -ENODEV: device got disconnected */
512 if (err != -EPERM && err != -ENODEV)
513 BT_ERR("%s urb %p failed to resubmit (%d)",
514 hdev->name, urb, -err);
515 usb_unanchor_urb(urb);
516 }
517}
518
519static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
520{
521 int i, offset = 0;
522
523 BT_DBG("len %d mtu %d", len, mtu);
524
525 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
526 i++, offset += mtu, len -= mtu) {
527 urb->iso_frame_desc[i].offset = offset;
528 urb->iso_frame_desc[i].length = mtu;
529 }
530
531 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
532 urb->iso_frame_desc[i].offset = offset;
533 urb->iso_frame_desc[i].length = len;
534 i++;
535 }
536
537 urb->number_of_packets = i;
538}
539
540static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
541{
542 struct btusb_data *data = hci_get_drvdata(hdev);
543 struct urb *urb;
544 unsigned char *buf;
545 unsigned int pipe;
546 int err, size;
547
548 BT_DBG("%s", hdev->name);
549
550 if (!data->isoc_rx_ep)
551 return -ENODEV;
552
553 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
554 if (!urb)
555 return -ENOMEM;
556
557 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
558 BTUSB_MAX_ISOC_FRAMES;
559
560 buf = kmalloc(size, mem_flags);
561 if (!buf) {
562 usb_free_urb(urb);
563 return -ENOMEM;
564 }
565
566 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
567
568 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
569 hdev, data->isoc_rx_ep->bInterval);
570
571 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
572
573 __fill_isoc_descriptor(urb, size,
574 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
575
576 usb_anchor_urb(urb, &data->isoc_anchor);
577
578 err = usb_submit_urb(urb, mem_flags);
579 if (err < 0) {
580 if (err != -EPERM && err != -ENODEV)
581 BT_ERR("%s urb %p submission failed (%d)",
582 hdev->name, urb, -err);
583 usb_unanchor_urb(urb);
584 }
585
586 usb_free_urb(urb);
587
588 return err;
589}
590
591static void btusb_tx_complete(struct urb *urb)
592{
593 struct sk_buff *skb = urb->context;
594 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
595 struct btusb_data *data = hci_get_drvdata(hdev);
596
597 BT_DBG("%s urb %p status %d count %d", hdev->name,
598 urb, urb->status, urb->actual_length);
599
600 if (!test_bit(HCI_RUNNING, &hdev->flags))
601 goto done;
602
603 if (!urb->status)
604 hdev->stat.byte_tx += urb->transfer_buffer_length;
605 else
606 hdev->stat.err_tx++;
607
608done:
609 spin_lock(&data->txlock);
610 data->tx_in_flight--;
611 spin_unlock(&data->txlock);
612
613 kfree(urb->setup_packet);
614
615 kfree_skb(skb);
616}
617
618static void btusb_isoc_tx_complete(struct urb *urb)
619{
620 struct sk_buff *skb = urb->context;
621 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
622
623 BT_DBG("%s urb %p status %d count %d", hdev->name,
624 urb, urb->status, urb->actual_length);
625
626 if (!test_bit(HCI_RUNNING, &hdev->flags))
627 goto done;
628
629 if (!urb->status)
630 hdev->stat.byte_tx += urb->transfer_buffer_length;
631 else
632 hdev->stat.err_tx++;
633
634done:
635 kfree(urb->setup_packet);
636
637 kfree_skb(skb);
638}
639
640static int btusb_open(struct hci_dev *hdev)
641{
642 struct btusb_data *data = hci_get_drvdata(hdev);
643 int err;
644
645 BT_DBG("%s", hdev->name);
646
647 err = usb_autopm_get_interface(data->intf);
648 if (err < 0)
649 return err;
650
651 data->intf->needs_remote_wakeup = 1;
652
653 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
654 goto done;
655
656 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
657 goto done;
658
659 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
660 if (err < 0)
661 goto failed;
662
663 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
664 if (err < 0) {
665 usb_kill_anchored_urbs(&data->intr_anchor);
666 goto failed;
667 }
668
669 set_bit(BTUSB_BULK_RUNNING, &data->flags);
670 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
671
672done:
673 usb_autopm_put_interface(data->intf);
674 return 0;
675
676failed:
677 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
678 clear_bit(HCI_RUNNING, &hdev->flags);
679 usb_autopm_put_interface(data->intf);
680 return err;
681}
682
683static void btusb_stop_traffic(struct btusb_data *data)
684{
685 usb_kill_anchored_urbs(&data->intr_anchor);
686 usb_kill_anchored_urbs(&data->bulk_anchor);
687 usb_kill_anchored_urbs(&data->isoc_anchor);
688}
689
690static int btusb_close(struct hci_dev *hdev)
691{
692 struct btusb_data *data = hci_get_drvdata(hdev);
693 int err;
694
695 BT_DBG("%s", hdev->name);
696
697 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
698 return 0;
699
700 cancel_work_sync(&data->work);
701 cancel_work_sync(&data->waker);
702
703 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
704 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
705 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
706
707 btusb_stop_traffic(data);
708 err = usb_autopm_get_interface(data->intf);
709 if (err < 0)
710 goto failed;
711
712 data->intf->needs_remote_wakeup = 0;
713 usb_autopm_put_interface(data->intf);
714
715failed:
716 usb_scuttle_anchored_urbs(&data->deferred);
717 return 0;
718}
719
720static int btusb_flush(struct hci_dev *hdev)
721{
722 struct btusb_data *data = hci_get_drvdata(hdev);
723
724 BT_DBG("%s", hdev->name);
725
726 usb_kill_anchored_urbs(&data->tx_anchor);
727
728 return 0;
729}
730
731static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
732{
733 struct btusb_data *data = hci_get_drvdata(hdev);
734 struct usb_ctrlrequest *dr;
735 struct urb *urb;
736 unsigned int pipe;
737 int err;
738
739 BT_DBG("%s", hdev->name);
740
741 if (!test_bit(HCI_RUNNING, &hdev->flags))
742 return -EBUSY;
743
744 skb->dev = (void *) hdev;
745
746 switch (bt_cb(skb)->pkt_type) {
747 case HCI_COMMAND_PKT:
748 urb = usb_alloc_urb(0, GFP_ATOMIC);
749 if (!urb)
750 return -ENOMEM;
751
752 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
753 if (!dr) {
754 usb_free_urb(urb);
755 return -ENOMEM;
756 }
757
758 dr->bRequestType = data->cmdreq_type;
759 dr->bRequest = 0;
760 dr->wIndex = 0;
761 dr->wValue = 0;
762 dr->wLength = __cpu_to_le16(skb->len);
763
764 pipe = usb_sndctrlpipe(data->udev, 0x00);
765
766 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
767 skb->data, skb->len, btusb_tx_complete, skb);
768
769 hdev->stat.cmd_tx++;
770 break;
771
772 case HCI_ACLDATA_PKT:
773 if (!data->bulk_tx_ep)
774 return -ENODEV;
775
776 urb = usb_alloc_urb(0, GFP_ATOMIC);
777 if (!urb)
778 return -ENOMEM;
779
780 pipe = usb_sndbulkpipe(data->udev,
781 data->bulk_tx_ep->bEndpointAddress);
782
783 usb_fill_bulk_urb(urb, data->udev, pipe,
784 skb->data, skb->len, btusb_tx_complete, skb);
785
786 hdev->stat.acl_tx++;
787 break;
788
789 case HCI_SCODATA_PKT:
790 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
791 return -ENODEV;
792
793 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
794 if (!urb)
795 return -ENOMEM;
796
797 pipe = usb_sndisocpipe(data->udev,
798 data->isoc_tx_ep->bEndpointAddress);
799
800 usb_fill_int_urb(urb, data->udev, pipe,
801 skb->data, skb->len, btusb_isoc_tx_complete,
802 skb, data->isoc_tx_ep->bInterval);
803
804 urb->transfer_flags = URB_ISO_ASAP;
805
806 __fill_isoc_descriptor(urb, skb->len,
807 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
808
809 hdev->stat.sco_tx++;
810 goto skip_waking;
811
812 default:
813 return -EILSEQ;
814 }
815
816 err = inc_tx(data);
817 if (err) {
818 usb_anchor_urb(urb, &data->deferred);
819 schedule_work(&data->waker);
820 err = 0;
821 goto done;
822 }
823
824skip_waking:
825 usb_anchor_urb(urb, &data->tx_anchor);
826
827 err = usb_submit_urb(urb, GFP_ATOMIC);
828 if (err < 0) {
829 if (err != -EPERM && err != -ENODEV)
830 BT_ERR("%s urb %p submission failed (%d)",
831 hdev->name, urb, -err);
832 kfree(urb->setup_packet);
833 usb_unanchor_urb(urb);
834 } else {
835 usb_mark_last_busy(data->udev);
836 }
837
838done:
839 usb_free_urb(urb);
840 return err;
841}
842
843static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
844{
845 struct btusb_data *data = hci_get_drvdata(hdev);
846
847 BT_DBG("%s evt %d", hdev->name, evt);
848
849 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
850 data->sco_num = hci_conn_num(hdev, SCO_LINK);
851 schedule_work(&data->work);
852 }
853}
854
855static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
856{
857 struct btusb_data *data = hci_get_drvdata(hdev);
858 struct usb_interface *intf = data->isoc;
859 struct usb_endpoint_descriptor *ep_desc;
860 int i, err;
861
862 if (!data->isoc)
863 return -ENODEV;
864
865 err = usb_set_interface(data->udev, 1, altsetting);
866 if (err < 0) {
867 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
868 return err;
869 }
870
871 data->isoc_altsetting = altsetting;
872
873 data->isoc_tx_ep = NULL;
874 data->isoc_rx_ep = NULL;
875
876 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
877 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
878
879 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
880 data->isoc_tx_ep = ep_desc;
881 continue;
882 }
883
884 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
885 data->isoc_rx_ep = ep_desc;
886 continue;
887 }
888 }
889
890 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
891 BT_ERR("%s invalid SCO descriptors", hdev->name);
892 return -ENODEV;
893 }
894
895 return 0;
896}
897
898static void btusb_work(struct work_struct *work)
899{
900 struct btusb_data *data = container_of(work, struct btusb_data, work);
901 struct hci_dev *hdev = data->hdev;
902 int new_alts;
903 int err;
904
905 if (data->sco_num > 0) {
906 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
907 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
908 if (err < 0) {
909 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
910 usb_kill_anchored_urbs(&data->isoc_anchor);
911 return;
912 }
913
914 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
915 }
916
917 if (hdev->voice_setting & 0x0020) {
918 static const int alts[3] = { 2, 4, 5 };
919 new_alts = alts[data->sco_num - 1];
920 } else {
921 new_alts = data->sco_num;
922 }
923
924 if (data->isoc_altsetting != new_alts) {
925 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
926 usb_kill_anchored_urbs(&data->isoc_anchor);
927
928 if (__set_isoc_interface(hdev, new_alts) < 0)
929 return;
930 }
931
932 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
933 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
934 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
935 else
936 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
937 }
938 } else {
939 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
940 usb_kill_anchored_urbs(&data->isoc_anchor);
941
942 __set_isoc_interface(hdev, 0);
943 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
944 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
945 }
946}
947
948static void btusb_waker(struct work_struct *work)
949{
950 struct btusb_data *data = container_of(work, struct btusb_data, waker);
951 int err;
952
953 err = usb_autopm_get_interface(data->intf);
954 if (err < 0)
955 return;
956
957 usb_autopm_put_interface(data->intf);
958}
959
960static int btusb_setup_bcm92035(struct hci_dev *hdev)
961{
962 struct sk_buff *skb;
963 u8 val = 0x00;
964
965 BT_DBG("%s", hdev->name);
966
967 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
968 if (IS_ERR(skb))
969 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
970 else
971 kfree_skb(skb);
972
973 return 0;
974}
975
976static int btusb_setup_csr(struct hci_dev *hdev)
977{
978 struct hci_rp_read_local_version *rp;
979 struct sk_buff *skb;
980 int ret;
981
982 BT_DBG("%s", hdev->name);
983
984 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
985 HCI_INIT_TIMEOUT);
986 if (IS_ERR(skb)) {
987 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
988 return -PTR_ERR(skb);
989 }
990
991 rp = (struct hci_rp_read_local_version *) skb->data;
992
993 if (!rp->status) {
994 if (le16_to_cpu(rp->manufacturer) != 10) {
995 /* Clear the reset quirk since this is not an actual
996 * early Bluetooth 1.1 device from CSR.
997 */
998 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
999
1000 /* These fake CSR controllers have all a broken
1001 * stored link key handling and so just disable it.
1002 */
1003 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1004 &hdev->quirks);
1005 }
1006 }
1007
1008 ret = -bt_to_errno(rp->status);
1009
1010 kfree_skb(skb);
1011
1012 return ret;
1013}
1014
1015struct intel_version {
1016 u8 status;
1017 u8 hw_platform;
1018 u8 hw_variant;
1019 u8 hw_revision;
1020 u8 fw_variant;
1021 u8 fw_revision;
1022 u8 fw_build_num;
1023 u8 fw_build_ww;
1024 u8 fw_build_yy;
1025 u8 fw_patch_num;
1026} __packed;
1027
1028static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1029 struct intel_version *ver)
1030{
1031 const struct firmware *fw;
1032 char fwname[64];
1033 int ret;
1034
1035 snprintf(fwname, sizeof(fwname),
1036 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1037 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1038 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1039 ver->fw_build_ww, ver->fw_build_yy);
1040
1041 ret = request_firmware(&fw, fwname, &hdev->dev);
1042 if (ret < 0) {
1043 if (ret == -EINVAL) {
1044 BT_ERR("%s Intel firmware file request failed (%d)",
1045 hdev->name, ret);
1046 return NULL;
1047 }
1048
1049 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1050 hdev->name, fwname, ret);
1051
1052 /* If the correct firmware patch file is not found, use the
1053 * default firmware patch file instead
1054 */
1055 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1056 ver->hw_platform, ver->hw_variant);
1057 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1058 BT_ERR("%s failed to open default Intel fw file: %s",
1059 hdev->name, fwname);
1060 return NULL;
1061 }
1062 }
1063
1064 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1065
1066 return fw;
1067}
1068
1069static int btusb_setup_intel_patching(struct hci_dev *hdev,
1070 const struct firmware *fw,
1071 const u8 **fw_ptr, int *disable_patch)
1072{
1073 struct sk_buff *skb;
1074 struct hci_command_hdr *cmd;
1075 const u8 *cmd_param;
1076 struct hci_event_hdr *evt = NULL;
1077 const u8 *evt_param = NULL;
1078 int remain = fw->size - (*fw_ptr - fw->data);
1079
1080 /* The first byte indicates the types of the patch command or event.
1081 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1082 * in the current firmware buffer doesn't start with 0x01 or
1083 * the size of remain buffer is smaller than HCI command header,
1084 * the firmware file is corrupted and it should stop the patching
1085 * process.
1086 */
1087 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1088 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1089 return -EINVAL;
1090 }
1091 (*fw_ptr)++;
1092 remain--;
1093
1094 cmd = (struct hci_command_hdr *)(*fw_ptr);
1095 *fw_ptr += sizeof(*cmd);
1096 remain -= sizeof(*cmd);
1097
1098 /* Ensure that the remain firmware data is long enough than the length
1099 * of command parameter. If not, the firmware file is corrupted.
1100 */
1101 if (remain < cmd->plen) {
1102 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1103 return -EFAULT;
1104 }
1105
1106 /* If there is a command that loads a patch in the firmware
1107 * file, then enable the patch upon success, otherwise just
1108 * disable the manufacturer mode, for example patch activation
1109 * is not required when the default firmware patch file is used
1110 * because there are no patch data to load.
1111 */
1112 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1113 *disable_patch = 0;
1114
1115 cmd_param = *fw_ptr;
1116 *fw_ptr += cmd->plen;
1117 remain -= cmd->plen;
1118
1119 /* This reads the expected events when the above command is sent to the
1120 * device. Some vendor commands expects more than one events, for
1121 * example command status event followed by vendor specific event.
1122 * For this case, it only keeps the last expected event. so the command
1123 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1124 * last expected event.
1125 */
1126 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1127 (*fw_ptr)++;
1128 remain--;
1129
1130 evt = (struct hci_event_hdr *)(*fw_ptr);
1131 *fw_ptr += sizeof(*evt);
1132 remain -= sizeof(*evt);
1133
1134 if (remain < evt->plen) {
1135 BT_ERR("%s Intel fw corrupted: invalid evt len",
1136 hdev->name);
1137 return -EFAULT;
1138 }
1139
1140 evt_param = *fw_ptr;
1141 *fw_ptr += evt->plen;
1142 remain -= evt->plen;
1143 }
1144
1145 /* Every HCI commands in the firmware file has its correspond event.
1146 * If event is not found or remain is smaller than zero, the firmware
1147 * file is corrupted.
1148 */
1149 if (!evt || !evt_param || remain < 0) {
1150 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1151 return -EFAULT;
1152 }
1153
1154 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1155 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1156 if (IS_ERR(skb)) {
1157 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1158 hdev->name, cmd->opcode, PTR_ERR(skb));
1159 return PTR_ERR(skb);
1160 }
1161
1162 /* It ensures that the returned event matches the event data read from
1163 * the firmware file. At fist, it checks the length and then
1164 * the contents of the event.
1165 */
1166 if (skb->len != evt->plen) {
1167 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1168 le16_to_cpu(cmd->opcode));
1169 kfree_skb(skb);
1170 return -EFAULT;
1171 }
1172
1173 if (memcmp(skb->data, evt_param, evt->plen)) {
1174 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1175 hdev->name, le16_to_cpu(cmd->opcode));
1176 kfree_skb(skb);
1177 return -EFAULT;
1178 }
1179 kfree_skb(skb);
1180
1181 return 0;
1182}
1183
1184static int btusb_setup_intel(struct hci_dev *hdev)
1185{
1186 struct sk_buff *skb;
1187 const struct firmware *fw;
1188 const u8 *fw_ptr;
1189 int disable_patch;
1190 struct intel_version *ver;
1191
1192 const u8 mfg_enable[] = { 0x01, 0x00 };
1193 const u8 mfg_disable[] = { 0x00, 0x00 };
1194 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1195 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1196
1197 BT_DBG("%s", hdev->name);
1198
1199 /* The controller has a bug with the first HCI command sent to it
1200 * returning number of completed commands as zero. This would stall the
1201 * command processing in the Bluetooth core.
1202 *
1203 * As a workaround, send HCI Reset command first which will reset the
1204 * number of completed commands and allow normal command processing
1205 * from now on.
1206 */
1207 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1208 if (IS_ERR(skb)) {
1209 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1210 hdev->name, PTR_ERR(skb));
1211 return PTR_ERR(skb);
1212 }
1213 kfree_skb(skb);
1214
1215 /* Read Intel specific controller version first to allow selection of
1216 * which firmware file to load.
1217 *
1218 * The returned information are hardware variant and revision plus
1219 * firmware variant, revision and build number.
1220 */
1221 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1222 if (IS_ERR(skb)) {
1223 BT_ERR("%s reading Intel fw version command failed (%ld)",
1224 hdev->name, PTR_ERR(skb));
1225 return PTR_ERR(skb);
1226 }
1227
1228 if (skb->len != sizeof(*ver)) {
1229 BT_ERR("%s Intel version event length mismatch", hdev->name);
1230 kfree_skb(skb);
1231 return -EIO;
1232 }
1233
1234 ver = (struct intel_version *)skb->data;
1235 if (ver->status) {
1236 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1237 ver->status);
1238 kfree_skb(skb);
1239 return -bt_to_errno(ver->status);
1240 }
1241
1242 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1243 hdev->name, ver->hw_platform, ver->hw_variant,
1244 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1245 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1246 ver->fw_patch_num);
1247
1248 /* fw_patch_num indicates the version of patch the device currently
1249 * have. If there is no patch data in the device, it is always 0x00.
1250 * So, if it is other than 0x00, no need to patch the deivce again.
1251 */
1252 if (ver->fw_patch_num) {
1253 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1254 hdev->name, ver->fw_patch_num);
1255 kfree_skb(skb);
1256 return 0;
1257 }
1258
1259 /* Opens the firmware patch file based on the firmware version read
1260 * from the controller. If it fails to open the matching firmware
1261 * patch file, it tries to open the default firmware patch file.
1262 * If no patch file is found, allow the device to operate without
1263 * a patch.
1264 */
1265 fw = btusb_setup_intel_get_fw(hdev, ver);
1266 if (!fw) {
1267 kfree_skb(skb);
1268 return 0;
1269 }
1270 fw_ptr = fw->data;
1271
1272 /* This Intel specific command enables the manufacturer mode of the
1273 * controller.
1274 *
1275 * Only while this mode is enabled, the driver can download the
1276 * firmware patch data and configuration parameters.
1277 */
1278 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1279 if (IS_ERR(skb)) {
1280 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1281 hdev->name, PTR_ERR(skb));
1282 release_firmware(fw);
1283 return PTR_ERR(skb);
1284 }
1285
1286 if (skb->data[0]) {
1287 u8 evt_status = skb->data[0];
1288 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1289 hdev->name, evt_status);
1290 kfree_skb(skb);
1291 release_firmware(fw);
1292 return -bt_to_errno(evt_status);
1293 }
1294 kfree_skb(skb);
1295
1296 disable_patch = 1;
1297
1298 /* The firmware data file consists of list of Intel specific HCI
1299 * commands and its expected events. The first byte indicates the
1300 * type of the message, either HCI command or HCI event.
1301 *
1302 * It reads the command and its expected event from the firmware file,
1303 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1304 * the returned event is compared with the event read from the firmware
1305 * file and it will continue until all the messages are downloaded to
1306 * the controller.
1307 *
1308 * Once the firmware patching is completed successfully,
1309 * the manufacturer mode is disabled with reset and activating the
1310 * downloaded patch.
1311 *
1312 * If the firmware patching fails, the manufacturer mode is
1313 * disabled with reset and deactivating the patch.
1314 *
1315 * If the default patch file is used, no reset is done when disabling
1316 * the manufacturer.
1317 */
1318 while (fw->size > fw_ptr - fw->data) {
1319 int ret;
1320
1321 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1322 &disable_patch);
1323 if (ret < 0)
1324 goto exit_mfg_deactivate;
1325 }
1326
1327 release_firmware(fw);
1328
1329 if (disable_patch)
1330 goto exit_mfg_disable;
1331
1332 /* Patching completed successfully and disable the manufacturer mode
1333 * with reset and activate the downloaded firmware patches.
1334 */
1335 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1336 mfg_reset_activate, HCI_INIT_TIMEOUT);
1337 if (IS_ERR(skb)) {
1338 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1339 hdev->name, PTR_ERR(skb));
1340 return PTR_ERR(skb);
1341 }
1342 kfree_skb(skb);
1343
1344 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1345 hdev->name);
1346
1347 return 0;
1348
1349exit_mfg_disable:
1350 /* Disable the manufacturer mode without reset */
1351 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1352 HCI_INIT_TIMEOUT);
1353 if (IS_ERR(skb)) {
1354 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1355 hdev->name, PTR_ERR(skb));
1356 return PTR_ERR(skb);
1357 }
1358 kfree_skb(skb);
1359
1360 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1361 return 0;
1362
1363exit_mfg_deactivate:
1364 release_firmware(fw);
1365
1366 /* Patching failed. Disable the manufacturer mode with reset and
1367 * deactivate the downloaded firmware patches.
1368 */
1369 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1370 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1371 if (IS_ERR(skb)) {
1372 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1373 hdev->name, PTR_ERR(skb));
1374 return PTR_ERR(skb);
1375 }
1376 kfree_skb(skb);
1377
1378 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1379 hdev->name);
1380
1381 return 0;
1382}
1383
1384static int btusb_probe(struct usb_interface *intf,
1385 const struct usb_device_id *id)
1386{
1387 struct usb_endpoint_descriptor *ep_desc;
1388 struct btusb_data *data;
1389 struct hci_dev *hdev;
1390 int i, err;
1391
1392 BT_DBG("intf %p id %p", intf, id);
1393
1394 /* interface numbers are hardcoded in the spec */
1395 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1396 return -ENODEV;
1397
1398 if (!id->driver_info) {
1399 const struct usb_device_id *match;
1400 match = usb_match_id(intf, blacklist_table);
1401 if (match)
1402 id = match;
1403 }
1404
1405 if (id->driver_info == BTUSB_IGNORE)
1406 return -ENODEV;
1407
1408 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
1409 return -ENODEV;
1410
1411 if (ignore_csr && id->driver_info & BTUSB_CSR)
1412 return -ENODEV;
1413
1414 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
1415 return -ENODEV;
1416
1417 if (id->driver_info & BTUSB_ATH3012) {
1418 struct usb_device *udev = interface_to_usbdev(intf);
1419
1420 /* Old firmware would otherwise let ath3k driver load
1421 * patch and sysconfig files */
1422 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1423 return -ENODEV;
1424 }
1425
1426 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1427 if (!data)
1428 return -ENOMEM;
1429
1430 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1431 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1432
1433 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1434 data->intr_ep = ep_desc;
1435 continue;
1436 }
1437
1438 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1439 data->bulk_tx_ep = ep_desc;
1440 continue;
1441 }
1442
1443 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1444 data->bulk_rx_ep = ep_desc;
1445 continue;
1446 }
1447 }
1448
1449 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1450 return -ENODEV;
1451
1452 data->cmdreq_type = USB_TYPE_CLASS;
1453
1454 data->udev = interface_to_usbdev(intf);
1455 data->intf = intf;
1456
1457 spin_lock_init(&data->lock);
1458
1459 INIT_WORK(&data->work, btusb_work);
1460 INIT_WORK(&data->waker, btusb_waker);
1461 spin_lock_init(&data->txlock);
1462
1463 init_usb_anchor(&data->tx_anchor);
1464 init_usb_anchor(&data->intr_anchor);
1465 init_usb_anchor(&data->bulk_anchor);
1466 init_usb_anchor(&data->isoc_anchor);
1467 init_usb_anchor(&data->deferred);
1468
1469 hdev = hci_alloc_dev();
1470 if (!hdev)
1471 return -ENOMEM;
1472
1473 hdev->bus = HCI_USB;
1474 hci_set_drvdata(hdev, data);
1475
1476 data->hdev = hdev;
1477
1478 SET_HCIDEV_DEV(hdev, &intf->dev);
1479
1480 hdev->open = btusb_open;
1481 hdev->close = btusb_close;
1482 hdev->flush = btusb_flush;
1483 hdev->send = btusb_send_frame;
1484 hdev->notify = btusb_notify;
1485
1486 if (id->driver_info & BTUSB_BCM92035)
1487 hdev->setup = btusb_setup_bcm92035;
1488
1489 if (id->driver_info & BTUSB_INTEL)
1490 hdev->setup = btusb_setup_intel;
1491
1492 /* Interface numbers are hardcoded in the specification */
1493 data->isoc = usb_ifnum_to_if(data->udev, 1);
1494
1495 if (!reset)
1496 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1497
1498 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1499 if (!disable_scofix)
1500 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1501 }
1502
1503 if (id->driver_info & BTUSB_BROKEN_ISOC)
1504 data->isoc = NULL;
1505
1506 if (id->driver_info & BTUSB_DIGIANSWER) {
1507 data->cmdreq_type = USB_TYPE_VENDOR;
1508 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1509 }
1510
1511 if (id->driver_info & BTUSB_CSR) {
1512 struct usb_device *udev = data->udev;
1513 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1514
1515 /* Old firmware would otherwise execute USB reset */
1516 if (bcdDevice < 0x117)
1517 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1518
1519 /* Fake CSR devices with broken commands */
1520 if (bcdDevice <= 0x100)
1521 hdev->setup = btusb_setup_csr;
1522 }
1523
1524 if (id->driver_info & BTUSB_SNIFFER) {
1525 struct usb_device *udev = data->udev;
1526
1527 /* New sniffer firmware has crippled HCI interface */
1528 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1529 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1530
1531 data->isoc = NULL;
1532 }
1533
1534 if (data->isoc) {
1535 err = usb_driver_claim_interface(&btusb_driver,
1536 data->isoc, data);
1537 if (err < 0) {
1538 hci_free_dev(hdev);
1539 return err;
1540 }
1541 }
1542
1543 err = hci_register_dev(hdev);
1544 if (err < 0) {
1545 hci_free_dev(hdev);
1546 return err;
1547 }
1548
1549 usb_set_intfdata(intf, data);
1550
1551 return 0;
1552}
1553
1554static void btusb_disconnect(struct usb_interface *intf)
1555{
1556 struct btusb_data *data = usb_get_intfdata(intf);
1557 struct hci_dev *hdev;
1558
1559 BT_DBG("intf %p", intf);
1560
1561 if (!data)
1562 return;
1563
1564 hdev = data->hdev;
1565 usb_set_intfdata(data->intf, NULL);
1566
1567 if (data->isoc)
1568 usb_set_intfdata(data->isoc, NULL);
1569
1570 hci_unregister_dev(hdev);
1571
1572 if (intf == data->isoc)
1573 usb_driver_release_interface(&btusb_driver, data->intf);
1574 else if (data->isoc)
1575 usb_driver_release_interface(&btusb_driver, data->isoc);
1576
1577 hci_free_dev(hdev);
1578}
1579
1580#ifdef CONFIG_PM
1581static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1582{
1583 struct btusb_data *data = usb_get_intfdata(intf);
1584
1585 BT_DBG("intf %p", intf);
1586
1587 if (data->suspend_count++)
1588 return 0;
1589
1590 spin_lock_irq(&data->txlock);
1591 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1592 set_bit(BTUSB_SUSPENDING, &data->flags);
1593 spin_unlock_irq(&data->txlock);
1594 } else {
1595 spin_unlock_irq(&data->txlock);
1596 data->suspend_count--;
1597 return -EBUSY;
1598 }
1599
1600 cancel_work_sync(&data->work);
1601
1602 btusb_stop_traffic(data);
1603 usb_kill_anchored_urbs(&data->tx_anchor);
1604
1605 return 0;
1606}
1607
1608static void play_deferred(struct btusb_data *data)
1609{
1610 struct urb *urb;
1611 int err;
1612
1613 while ((urb = usb_get_from_anchor(&data->deferred))) {
1614 err = usb_submit_urb(urb, GFP_ATOMIC);
1615 if (err < 0)
1616 break;
1617
1618 data->tx_in_flight++;
1619 }
1620 usb_scuttle_anchored_urbs(&data->deferred);
1621}
1622
1623static int btusb_resume(struct usb_interface *intf)
1624{
1625 struct btusb_data *data = usb_get_intfdata(intf);
1626 struct hci_dev *hdev = data->hdev;
1627 int err = 0;
1628
1629 BT_DBG("intf %p", intf);
1630
1631 if (--data->suspend_count)
1632 return 0;
1633
1634 if (!test_bit(HCI_RUNNING, &hdev->flags))
1635 goto done;
1636
1637 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1638 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1639 if (err < 0) {
1640 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1641 goto failed;
1642 }
1643 }
1644
1645 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1646 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1647 if (err < 0) {
1648 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1649 goto failed;
1650 }
1651
1652 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1653 }
1654
1655 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1656 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1657 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1658 else
1659 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1660 }
1661
1662 spin_lock_irq(&data->txlock);
1663 play_deferred(data);
1664 clear_bit(BTUSB_SUSPENDING, &data->flags);
1665 spin_unlock_irq(&data->txlock);
1666 schedule_work(&data->work);
1667
1668 return 0;
1669
1670failed:
1671 usb_scuttle_anchored_urbs(&data->deferred);
1672done:
1673 spin_lock_irq(&data->txlock);
1674 clear_bit(BTUSB_SUSPENDING, &data->flags);
1675 spin_unlock_irq(&data->txlock);
1676
1677 return err;
1678}
1679#endif
1680
1681static struct usb_driver btusb_driver = {
1682 .name = "btusb",
1683 .probe = btusb_probe,
1684 .disconnect = btusb_disconnect,
1685#ifdef CONFIG_PM
1686 .suspend = btusb_suspend,
1687 .resume = btusb_resume,
1688#endif
1689 .id_table = btusb_table,
1690 .supports_autosuspend = 1,
1691 .disable_hub_initiated_lpm = 1,
1692};
1693
1694module_usb_driver(btusb_driver);
1695
1696module_param(ignore_dga, bool, 0644);
1697MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1698
1699module_param(ignore_csr, bool, 0644);
1700MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1701
1702module_param(ignore_sniffer, bool, 0644);
1703MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1704
1705module_param(disable_scofix, bool, 0644);
1706MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1707
1708module_param(force_scofix, bool, 0644);
1709MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1710
1711module_param(reset, bool, 0644);
1712MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1713
1714MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1715MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1716MODULE_VERSION(VERSION);
1717MODULE_LICENSE("GPL");