projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: cdc_ncm: split out rx_max/tx_max update of setup
[deliverable/linux.git] / drivers / bluetooth / btusb.c
1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30
31 #define VERSION "0.6"
32
33 static bool ignore_dga;
34 static bool ignore_csr;
35 static bool ignore_sniffer;
36 static bool disable_scofix;
37 static bool force_scofix;
38
39 static bool reset = 1;
40
41 static struct usb_driver btusb_driver;
42
43 #define BTUSB_IGNORE 0x01
44 #define BTUSB_DIGIANSWER 0x02
45 #define BTUSB_CSR 0x04
46 #define BTUSB_SNIFFER 0x08
47 #define BTUSB_BCM92035 0x10
48 #define BTUSB_BROKEN_ISOC 0x20
49 #define BTUSB_WRONG_SCO_MTU 0x40
50 #define BTUSB_ATH3012 0x80
51 #define BTUSB_INTEL 0x100
52
53 static const struct usb_device_id btusb_table[] = {
54 /* Generic Bluetooth USB device */
55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
56
57 /* Apple-specific (Broadcom) devices */
58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
59
60 /* MediaTek MT76x0E */
61 { USB_DEVICE(0x0e8d, 0x763f) },
62
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x0a5c, 0x21e1) },
65
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
68
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
71
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
74
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
77
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
80
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
83
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
86
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
89
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
92
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
96
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
99
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
102
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0489, 0xe042) },
105 { USB_DEVICE(0x04ca, 0x2003) },
106 { USB_DEVICE(0x0b05, 0x17b5) },
107 { USB_DEVICE(0x0b05, 0x17cb) },
108 { USB_DEVICE(0x413c, 0x8197) },
109
110 /* Foxconn - Hon Hai */
111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
112
113 /* Broadcom devices with vendor specific id */
114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
115
116 /* Belkin F8065bf - Broadcom based */
117 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
118
119 /* IMC Networks - Broadcom based */
120 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
121
122 { } /* Terminating entry */
123 };
124
125 MODULE_DEVICE_TABLE(usb, btusb_table);
126
127 static const struct usb_device_id blacklist_table[] = {
128 /* CSR BlueCore devices */
129 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
130
131 /* Broadcom BCM2033 without firmware */
132 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
133
134 /* Atheros 3011 with sflash firmware */
135 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
136 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
137 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
138 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
139 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
140 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
141
142 /* Atheros AR9285 Malbec with sflash firmware */
143 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
144
145 /* Atheros 3012 with sflash firmware */
146 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
147 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
148 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
149 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
150 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
151 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
152 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
153 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
154 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x0cf3, 0x3005), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
177
178 /* Atheros AR5BBU12 with sflash firmware */
179 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
180
181 /* Atheros AR5BBU12 with sflash firmware */
182 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
183 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
184
185 /* Broadcom BCM2035 */
186 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
187 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
188 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
189
190 /* Broadcom BCM2045 */
191 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
192 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
193
194 /* IBM/Lenovo ThinkPad with Broadcom chip */
195 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
196 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
197
198 /* HP laptop with Broadcom chip */
199 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
200
201 /* Dell laptop with Broadcom chip */
202 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
203
204 /* Dell Wireless 370 and 410 devices */
205 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
206 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
207
208 /* Belkin F8T012 and F8T013 devices */
209 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
210 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
211
212 /* Asus WL-BTD202 device */
213 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
214
215 /* Kensington Bluetooth USB adapter */
216 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
217
218 /* RTX Telecom based adapters with buggy SCO support */
219 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
220 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
221
222 /* CONWISE Technology based adapters with buggy SCO support */
223 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
224
225 /* Digianswer devices */
226 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
227 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
228
229 /* CSR BlueCore Bluetooth Sniffer */
230 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
231
232 /* Frontline ComProbe Bluetooth Sniffer */
233 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
234
235 /* Intel Bluetooth device */
236 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
237 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
238
239 { } /* Terminating entry */
240 };
241
242 #define BTUSB_MAX_ISOC_FRAMES 10
243
244 #define BTUSB_INTR_RUNNING 0
245 #define BTUSB_BULK_RUNNING 1
246 #define BTUSB_ISOC_RUNNING 2
247 #define BTUSB_SUSPENDING 3
248 #define BTUSB_DID_ISO_RESUME 4
249
250 struct btusb_data {
251 struct hci_dev *hdev;
252 struct usb_device *udev;
253 struct usb_interface *intf;
254 struct usb_interface *isoc;
255
256 spinlock_t lock;
257
258 unsigned long flags;
259
260 struct work_struct work;
261 struct work_struct waker;
262
263 struct usb_anchor tx_anchor;
264 struct usb_anchor intr_anchor;
265 struct usb_anchor bulk_anchor;
266 struct usb_anchor isoc_anchor;
267 struct usb_anchor deferred;
268 int tx_in_flight;
269 spinlock_t txlock;
270
271 struct usb_endpoint_descriptor *intr_ep;
272 struct usb_endpoint_descriptor *bulk_tx_ep;
273 struct usb_endpoint_descriptor *bulk_rx_ep;
274 struct usb_endpoint_descriptor *isoc_tx_ep;
275 struct usb_endpoint_descriptor *isoc_rx_ep;
276
277 __u8 cmdreq_type;
278
279 unsigned int sco_num;
280 int isoc_altsetting;
281 int suspend_count;
282 };
283
284 static int inc_tx(struct btusb_data *data)
285 {
286 unsigned long flags;
287 int rv;
288
289 spin_lock_irqsave(&data->txlock, flags);
290 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
291 if (!rv)
292 data->tx_in_flight++;
293 spin_unlock_irqrestore(&data->txlock, flags);
294
295 return rv;
296 }
297
298 static void btusb_intr_complete(struct urb *urb)
299 {
300 struct hci_dev *hdev = urb->context;
301 struct btusb_data *data = hci_get_drvdata(hdev);
302 int err;
303
304 BT_DBG("%s urb %p status %d count %d", hdev->name,
305 urb, urb->status, urb->actual_length);
306
307 if (!test_bit(HCI_RUNNING, &hdev->flags))
308 return;
309
310 if (urb->status == 0) {
311 hdev->stat.byte_rx += urb->actual_length;
312
313 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
314 urb->transfer_buffer,
315 urb->actual_length) < 0) {
316 BT_ERR("%s corrupted event packet", hdev->name);
317 hdev->stat.err_rx++;
318 }
319 }
320
321 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
322 return;
323
324 usb_mark_last_busy(data->udev);
325 usb_anchor_urb(urb, &data->intr_anchor);
326
327 err = usb_submit_urb(urb, GFP_ATOMIC);
328 if (err < 0) {
329 /* -EPERM: urb is being killed;
330 * -ENODEV: device got disconnected */
331 if (err != -EPERM && err != -ENODEV)
332 BT_ERR("%s urb %p failed to resubmit (%d)",
333 hdev->name, urb, -err);
334 usb_unanchor_urb(urb);
335 }
336 }
337
338 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
339 {
340 struct btusb_data *data = hci_get_drvdata(hdev);
341 struct urb *urb;
342 unsigned char *buf;
343 unsigned int pipe;
344 int err, size;
345
346 BT_DBG("%s", hdev->name);
347
348 if (!data->intr_ep)
349 return -ENODEV;
350
351 urb = usb_alloc_urb(0, mem_flags);
352 if (!urb)
353 return -ENOMEM;
354
355 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
356
357 buf = kmalloc(size, mem_flags);
358 if (!buf) {
359 usb_free_urb(urb);
360 return -ENOMEM;
361 }
362
363 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
364
365 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
366 btusb_intr_complete, hdev,
367 data->intr_ep->bInterval);
368
369 urb->transfer_flags |= URB_FREE_BUFFER;
370
371 usb_anchor_urb(urb, &data->intr_anchor);
372
373 err = usb_submit_urb(urb, mem_flags);
374 if (err < 0) {
375 if (err != -EPERM && err != -ENODEV)
376 BT_ERR("%s urb %p submission failed (%d)",
377 hdev->name, urb, -err);
378 usb_unanchor_urb(urb);
379 }
380
381 usb_free_urb(urb);
382
383 return err;
384 }
385
386 static void btusb_bulk_complete(struct urb *urb)
387 {
388 struct hci_dev *hdev = urb->context;
389 struct btusb_data *data = hci_get_drvdata(hdev);
390 int err;
391
392 BT_DBG("%s urb %p status %d count %d", hdev->name,
393 urb, urb->status, urb->actual_length);
394
395 if (!test_bit(HCI_RUNNING, &hdev->flags))
396 return;
397
398 if (urb->status == 0) {
399 hdev->stat.byte_rx += urb->actual_length;
400
401 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
402 urb->transfer_buffer,
403 urb->actual_length) < 0) {
404 BT_ERR("%s corrupted ACL packet", hdev->name);
405 hdev->stat.err_rx++;
406 }
407 }
408
409 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
410 return;
411
412 usb_anchor_urb(urb, &data->bulk_anchor);
413 usb_mark_last_busy(data->udev);
414
415 err = usb_submit_urb(urb, GFP_ATOMIC);
416 if (err < 0) {
417 /* -EPERM: urb is being killed;
418 * -ENODEV: device got disconnected */
419 if (err != -EPERM && err != -ENODEV)
420 BT_ERR("%s urb %p failed to resubmit (%d)",
421 hdev->name, urb, -err);
422 usb_unanchor_urb(urb);
423 }
424 }
425
426 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
427 {
428 struct btusb_data *data = hci_get_drvdata(hdev);
429 struct urb *urb;
430 unsigned char *buf;
431 unsigned int pipe;
432 int err, size = HCI_MAX_FRAME_SIZE;
433
434 BT_DBG("%s", hdev->name);
435
436 if (!data->bulk_rx_ep)
437 return -ENODEV;
438
439 urb = usb_alloc_urb(0, mem_flags);
440 if (!urb)
441 return -ENOMEM;
442
443 buf = kmalloc(size, mem_flags);
444 if (!buf) {
445 usb_free_urb(urb);
446 return -ENOMEM;
447 }
448
449 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
450
451 usb_fill_bulk_urb(urb, data->udev, pipe,
452 buf, size, btusb_bulk_complete, hdev);
453
454 urb->transfer_flags |= URB_FREE_BUFFER;
455
456 usb_mark_last_busy(data->udev);
457 usb_anchor_urb(urb, &data->bulk_anchor);
458
459 err = usb_submit_urb(urb, mem_flags);
460 if (err < 0) {
461 if (err != -EPERM && err != -ENODEV)
462 BT_ERR("%s urb %p submission failed (%d)",
463 hdev->name, urb, -err);
464 usb_unanchor_urb(urb);
465 }
466
467 usb_free_urb(urb);
468
469 return err;
470 }
471
472 static void btusb_isoc_complete(struct urb *urb)
473 {
474 struct hci_dev *hdev = urb->context;
475 struct btusb_data *data = hci_get_drvdata(hdev);
476 int i, err;
477
478 BT_DBG("%s urb %p status %d count %d", hdev->name,
479 urb, urb->status, urb->actual_length);
480
481 if (!test_bit(HCI_RUNNING, &hdev->flags))
482 return;
483
484 if (urb->status == 0) {
485 for (i = 0; i < urb->number_of_packets; i++) {
486 unsigned int offset = urb->iso_frame_desc[i].offset;
487 unsigned int length = urb->iso_frame_desc[i].actual_length;
488
489 if (urb->iso_frame_desc[i].status)
490 continue;
491
492 hdev->stat.byte_rx += length;
493
494 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
495 urb->transfer_buffer + offset,
496 length) < 0) {
497 BT_ERR("%s corrupted SCO packet", hdev->name);
498 hdev->stat.err_rx++;
499 }
500 }
501 }
502
503 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
504 return;
505
506 usb_anchor_urb(urb, &data->isoc_anchor);
507
508 err = usb_submit_urb(urb, GFP_ATOMIC);
509 if (err < 0) {
510 /* -EPERM: urb is being killed;
511 * -ENODEV: device got disconnected */
512 if (err != -EPERM && err != -ENODEV)
513 BT_ERR("%s urb %p failed to resubmit (%d)",
514 hdev->name, urb, -err);
515 usb_unanchor_urb(urb);
516 }
517 }
518
519 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
520 {
521 int i, offset = 0;
522
523 BT_DBG("len %d mtu %d", len, mtu);
524
525 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
526 i++, offset += mtu, len -= mtu) {
527 urb->iso_frame_desc[i].offset = offset;
528 urb->iso_frame_desc[i].length = mtu;
529 }
530
531 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
532 urb->iso_frame_desc[i].offset = offset;
533 urb->iso_frame_desc[i].length = len;
534 i++;
535 }
536
537 urb->number_of_packets = i;
538 }
539
540 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
541 {
542 struct btusb_data *data = hci_get_drvdata(hdev);
543 struct urb *urb;
544 unsigned char *buf;
545 unsigned int pipe;
546 int err, size;
547
548 BT_DBG("%s", hdev->name);
549
550 if (!data->isoc_rx_ep)
551 return -ENODEV;
552
553 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
554 if (!urb)
555 return -ENOMEM;
556
557 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
558 BTUSB_MAX_ISOC_FRAMES;
559
560 buf = kmalloc(size, mem_flags);
561 if (!buf) {
562 usb_free_urb(urb);
563 return -ENOMEM;
564 }
565
566 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
567
568 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
569 hdev, data->isoc_rx_ep->bInterval);
570
571 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
572
573 __fill_isoc_descriptor(urb, size,
574 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
575
576 usb_anchor_urb(urb, &data->isoc_anchor);
577
578 err = usb_submit_urb(urb, mem_flags);
579 if (err < 0) {
580 if (err != -EPERM && err != -ENODEV)
581 BT_ERR("%s urb %p submission failed (%d)",
582 hdev->name, urb, -err);
583 usb_unanchor_urb(urb);
584 }
585
586 usb_free_urb(urb);
587
588 return err;
589 }
590
591 static void btusb_tx_complete(struct urb *urb)
592 {
593 struct sk_buff *skb = urb->context;
594 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
595 struct btusb_data *data = hci_get_drvdata(hdev);
596
597 BT_DBG("%s urb %p status %d count %d", hdev->name,
598 urb, urb->status, urb->actual_length);
599
600 if (!test_bit(HCI_RUNNING, &hdev->flags))
601 goto done;
602
603 if (!urb->status)
604 hdev->stat.byte_tx += urb->transfer_buffer_length;
605 else
606 hdev->stat.err_tx++;
607
608 done:
609 spin_lock(&data->txlock);
610 data->tx_in_flight--;
611 spin_unlock(&data->txlock);
612
613 kfree(urb->setup_packet);
614
615 kfree_skb(skb);
616 }
617
618 static void btusb_isoc_tx_complete(struct urb *urb)
619 {
620 struct sk_buff *skb = urb->context;
621 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
622
623 BT_DBG("%s urb %p status %d count %d", hdev->name,
624 urb, urb->status, urb->actual_length);
625
626 if (!test_bit(HCI_RUNNING, &hdev->flags))
627 goto done;
628
629 if (!urb->status)
630 hdev->stat.byte_tx += urb->transfer_buffer_length;
631 else
632 hdev->stat.err_tx++;
633
634 done:
635 kfree(urb->setup_packet);
636
637 kfree_skb(skb);
638 }
639
640 static int btusb_open(struct hci_dev *hdev)
641 {
642 struct btusb_data *data = hci_get_drvdata(hdev);
643 int err;
644
645 BT_DBG("%s", hdev->name);
646
647 err = usb_autopm_get_interface(data->intf);
648 if (err < 0)
649 return err;
650
651 data->intf->needs_remote_wakeup = 1;
652
653 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
654 goto done;
655
656 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
657 goto done;
658
659 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
660 if (err < 0)
661 goto failed;
662
663 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
664 if (err < 0) {
665 usb_kill_anchored_urbs(&data->intr_anchor);
666 goto failed;
667 }
668
669 set_bit(BTUSB_BULK_RUNNING, &data->flags);
670 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
671
672 done:
673 usb_autopm_put_interface(data->intf);
674 return 0;
675
676 failed:
677 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
678 clear_bit(HCI_RUNNING, &hdev->flags);
679 usb_autopm_put_interface(data->intf);
680 return err;
681 }
682
683 static void btusb_stop_traffic(struct btusb_data *data)
684 {
685 usb_kill_anchored_urbs(&data->intr_anchor);
686 usb_kill_anchored_urbs(&data->bulk_anchor);
687 usb_kill_anchored_urbs(&data->isoc_anchor);
688 }
689
690 static int btusb_close(struct hci_dev *hdev)
691 {
692 struct btusb_data *data = hci_get_drvdata(hdev);
693 int err;
694
695 BT_DBG("%s", hdev->name);
696
697 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
698 return 0;
699
700 cancel_work_sync(&data->work);
701 cancel_work_sync(&data->waker);
702
703 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
704 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
705 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
706
707 btusb_stop_traffic(data);
708 err = usb_autopm_get_interface(data->intf);
709 if (err < 0)
710 goto failed;
711
712 data->intf->needs_remote_wakeup = 0;
713 usb_autopm_put_interface(data->intf);
714
715 failed:
716 usb_scuttle_anchored_urbs(&data->deferred);
717 return 0;
718 }
719
720 static int btusb_flush(struct hci_dev *hdev)
721 {
722 struct btusb_data *data = hci_get_drvdata(hdev);
723
724 BT_DBG("%s", hdev->name);
725
726 usb_kill_anchored_urbs(&data->tx_anchor);
727
728 return 0;
729 }
730
731 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
732 {
733 struct btusb_data *data = hci_get_drvdata(hdev);
734 struct usb_ctrlrequest *dr;
735 struct urb *urb;
736 unsigned int pipe;
737 int err;
738
739 BT_DBG("%s", hdev->name);
740
741 if (!test_bit(HCI_RUNNING, &hdev->flags))
742 return -EBUSY;
743
744 skb->dev = (void *) hdev;
745
746 switch (bt_cb(skb)->pkt_type) {
747 case HCI_COMMAND_PKT:
748 urb = usb_alloc_urb(0, GFP_ATOMIC);
749 if (!urb)
750 return -ENOMEM;
751
752 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
753 if (!dr) {
754 usb_free_urb(urb);
755 return -ENOMEM;
756 }
757
758 dr->bRequestType = data->cmdreq_type;
759 dr->bRequest = 0;
760 dr->wIndex = 0;
761 dr->wValue = 0;
762 dr->wLength = __cpu_to_le16(skb->len);
763
764 pipe = usb_sndctrlpipe(data->udev, 0x00);
765
766 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
767 skb->data, skb->len, btusb_tx_complete, skb);
768
769 hdev->stat.cmd_tx++;
770 break;
771
772 case HCI_ACLDATA_PKT:
773 if (!data->bulk_tx_ep)
774 return -ENODEV;
775
776 urb = usb_alloc_urb(0, GFP_ATOMIC);
777 if (!urb)
778 return -ENOMEM;
779
780 pipe = usb_sndbulkpipe(data->udev,
781 data->bulk_tx_ep->bEndpointAddress);
782
783 usb_fill_bulk_urb(urb, data->udev, pipe,
784 skb->data, skb->len, btusb_tx_complete, skb);
785
786 hdev->stat.acl_tx++;
787 break;
788
789 case HCI_SCODATA_PKT:
790 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
791 return -ENODEV;
792
793 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
794 if (!urb)
795 return -ENOMEM;
796
797 pipe = usb_sndisocpipe(data->udev,
798 data->isoc_tx_ep->bEndpointAddress);
799
800 usb_fill_int_urb(urb, data->udev, pipe,
801 skb->data, skb->len, btusb_isoc_tx_complete,
802 skb, data->isoc_tx_ep->bInterval);
803
804 urb->transfer_flags = URB_ISO_ASAP;
805
806 __fill_isoc_descriptor(urb, skb->len,
807 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
808
809 hdev->stat.sco_tx++;
810 goto skip_waking;
811
812 default:
813 return -EILSEQ;
814 }
815
816 err = inc_tx(data);
817 if (err) {
818 usb_anchor_urb(urb, &data->deferred);
819 schedule_work(&data->waker);
820 err = 0;
821 goto done;
822 }
823
824 skip_waking:
825 usb_anchor_urb(urb, &data->tx_anchor);
826
827 err = usb_submit_urb(urb, GFP_ATOMIC);
828 if (err < 0) {
829 if (err != -EPERM && err != -ENODEV)
830 BT_ERR("%s urb %p submission failed (%d)",
831 hdev->name, urb, -err);
832 kfree(urb->setup_packet);
833 usb_unanchor_urb(urb);
834 } else {
835 usb_mark_last_busy(data->udev);
836 }
837
838 done:
839 usb_free_urb(urb);
840 return err;
841 }
842
843 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
844 {
845 struct btusb_data *data = hci_get_drvdata(hdev);
846
847 BT_DBG("%s evt %d", hdev->name, evt);
848
849 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
850 data->sco_num = hci_conn_num(hdev, SCO_LINK);
851 schedule_work(&data->work);
852 }
853 }
854
855 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
856 {
857 struct btusb_data *data = hci_get_drvdata(hdev);
858 struct usb_interface *intf = data->isoc;
859 struct usb_endpoint_descriptor *ep_desc;
860 int i, err;
861
862 if (!data->isoc)
863 return -ENODEV;
864
865 err = usb_set_interface(data->udev, 1, altsetting);
866 if (err < 0) {
867 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
868 return err;
869 }
870
871 data->isoc_altsetting = altsetting;
872
873 data->isoc_tx_ep = NULL;
874 data->isoc_rx_ep = NULL;
875
876 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
877 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
878
879 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
880 data->isoc_tx_ep = ep_desc;
881 continue;
882 }
883
884 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
885 data->isoc_rx_ep = ep_desc;
886 continue;
887 }
888 }
889
890 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
891 BT_ERR("%s invalid SCO descriptors", hdev->name);
892 return -ENODEV;
893 }
894
895 return 0;
896 }
897
898 static void btusb_work(struct work_struct *work)
899 {
900 struct btusb_data *data = container_of(work, struct btusb_data, work);
901 struct hci_dev *hdev = data->hdev;
902 int new_alts;
903 int err;
904
905 if (data->sco_num > 0) {
906 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
907 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
908 if (err < 0) {
909 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
910 usb_kill_anchored_urbs(&data->isoc_anchor);
911 return;
912 }
913
914 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
915 }
916
917 if (hdev->voice_setting & 0x0020) {
918 static const int alts[3] = { 2, 4, 5 };
919 new_alts = alts[data->sco_num - 1];
920 } else {
921 new_alts = data->sco_num;
922 }
923
924 if (data->isoc_altsetting != new_alts) {
925 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
926 usb_kill_anchored_urbs(&data->isoc_anchor);
927
928 if (__set_isoc_interface(hdev, new_alts) < 0)
929 return;
930 }
931
932 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
933 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
934 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
935 else
936 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
937 }
938 } else {
939 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
940 usb_kill_anchored_urbs(&data->isoc_anchor);
941
942 __set_isoc_interface(hdev, 0);
943 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
944 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
945 }
946 }
947
948 static void btusb_waker(struct work_struct *work)
949 {
950 struct btusb_data *data = container_of(work, struct btusb_data, waker);
951 int err;
952
953 err = usb_autopm_get_interface(data->intf);
954 if (err < 0)
955 return;
956
957 usb_autopm_put_interface(data->intf);
958 }
959
960 static int btusb_setup_bcm92035(struct hci_dev *hdev)
961 {
962 struct sk_buff *skb;
963 u8 val = 0x00;
964
965 BT_DBG("%s", hdev->name);
966
967 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
968 if (IS_ERR(skb))
969 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
970 else
971 kfree_skb(skb);
972
973 return 0;
974 }
975
976 static int btusb_setup_csr(struct hci_dev *hdev)
977 {
978 struct hci_rp_read_local_version *rp;
979 struct sk_buff *skb;
980 int ret;
981
982 BT_DBG("%s", hdev->name);
983
984 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
985 HCI_INIT_TIMEOUT);
986 if (IS_ERR(skb)) {
987 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
988 return -PTR_ERR(skb);
989 }
990
991 rp = (struct hci_rp_read_local_version *) skb->data;
992
993 if (!rp->status) {
994 if (le16_to_cpu(rp->manufacturer) != 10) {
995 /* Clear the reset quirk since this is not an actual
996 * early Bluetooth 1.1 device from CSR.
997 */
998 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
999
1000 /* These fake CSR controllers have all a broken
1001 * stored link key handling and so just disable it.
1002 */
1003 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1004 &hdev->quirks);
1005 }
1006 }
1007
1008 ret = -bt_to_errno(rp->status);
1009
1010 kfree_skb(skb);
1011
1012 return ret;
1013 }
1014
1015 struct intel_version {
1016 u8 status;
1017 u8 hw_platform;
1018 u8 hw_variant;
1019 u8 hw_revision;
1020 u8 fw_variant;
1021 u8 fw_revision;
1022 u8 fw_build_num;
1023 u8 fw_build_ww;
1024 u8 fw_build_yy;
1025 u8 fw_patch_num;
1026 } __packed;
1027
1028 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1029 struct intel_version *ver)
1030 {
1031 const struct firmware *fw;
1032 char fwname[64];
1033 int ret;
1034
1035 snprintf(fwname, sizeof(fwname),
1036 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1037 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1038 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1039 ver->fw_build_ww, ver->fw_build_yy);
1040
1041 ret = request_firmware(&fw, fwname, &hdev->dev);
1042 if (ret < 0) {
1043 if (ret == -EINVAL) {
1044 BT_ERR("%s Intel firmware file request failed (%d)",
1045 hdev->name, ret);
1046 return NULL;
1047 }
1048
1049 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1050 hdev->name, fwname, ret);
1051
1052 /* If the correct firmware patch file is not found, use the
1053 * default firmware patch file instead
1054 */
1055 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1056 ver->hw_platform, ver->hw_variant);
1057 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1058 BT_ERR("%s failed to open default Intel fw file: %s",
1059 hdev->name, fwname);
1060 return NULL;
1061 }
1062 }
1063
1064 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1065
1066 return fw;
1067 }
1068
1069 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1070 const struct firmware *fw,
1071 const u8 **fw_ptr, int *disable_patch)
1072 {
1073 struct sk_buff *skb;
1074 struct hci_command_hdr *cmd;
1075 const u8 *cmd_param;
1076 struct hci_event_hdr *evt = NULL;
1077 const u8 *evt_param = NULL;
1078 int remain = fw->size - (*fw_ptr - fw->data);
1079
1080 /* The first byte indicates the types of the patch command or event.
1081 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1082 * in the current firmware buffer doesn't start with 0x01 or
1083 * the size of remain buffer is smaller than HCI command header,
1084 * the firmware file is corrupted and it should stop the patching
1085 * process.
1086 */
1087 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1088 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1089 return -EINVAL;
1090 }
1091 (*fw_ptr)++;
1092 remain--;
1093
1094 cmd = (struct hci_command_hdr *)(*fw_ptr);
1095 *fw_ptr += sizeof(*cmd);
1096 remain -= sizeof(*cmd);
1097
1098 /* Ensure that the remain firmware data is long enough than the length
1099 * of command parameter. If not, the firmware file is corrupted.
1100 */
1101 if (remain < cmd->plen) {
1102 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1103 return -EFAULT;
1104 }
1105
1106 /* If there is a command that loads a patch in the firmware
1107 * file, then enable the patch upon success, otherwise just
1108 * disable the manufacturer mode, for example patch activation
1109 * is not required when the default firmware patch file is used
1110 * because there are no patch data to load.
1111 */
1112 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1113 *disable_patch = 0;
1114
1115 cmd_param = *fw_ptr;
1116 *fw_ptr += cmd->plen;
1117 remain -= cmd->plen;
1118
1119 /* This reads the expected events when the above command is sent to the
1120 * device. Some vendor commands expects more than one events, for
1121 * example command status event followed by vendor specific event.
1122 * For this case, it only keeps the last expected event. so the command
1123 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1124 * last expected event.
1125 */
1126 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1127 (*fw_ptr)++;
1128 remain--;
1129
1130 evt = (struct hci_event_hdr *)(*fw_ptr);
1131 *fw_ptr += sizeof(*evt);
1132 remain -= sizeof(*evt);
1133
1134 if (remain < evt->plen) {
1135 BT_ERR("%s Intel fw corrupted: invalid evt len",
1136 hdev->name);
1137 return -EFAULT;
1138 }
1139
1140 evt_param = *fw_ptr;
1141 *fw_ptr += evt->plen;
1142 remain -= evt->plen;
1143 }
1144
1145 /* Every HCI commands in the firmware file has its correspond event.
1146 * If event is not found or remain is smaller than zero, the firmware
1147 * file is corrupted.
1148 */
1149 if (!evt || !evt_param || remain < 0) {
1150 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1151 return -EFAULT;
1152 }
1153
1154 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1155 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1156 if (IS_ERR(skb)) {
1157 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1158 hdev->name, cmd->opcode, PTR_ERR(skb));
1159 return PTR_ERR(skb);
1160 }
1161
1162 /* It ensures that the returned event matches the event data read from
1163 * the firmware file. At fist, it checks the length and then
1164 * the contents of the event.
1165 */
1166 if (skb->len != evt->plen) {
1167 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1168 le16_to_cpu(cmd->opcode));
1169 kfree_skb(skb);
1170 return -EFAULT;
1171 }
1172
1173 if (memcmp(skb->data, evt_param, evt->plen)) {
1174 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1175 hdev->name, le16_to_cpu(cmd->opcode));
1176 kfree_skb(skb);
1177 return -EFAULT;
1178 }
1179 kfree_skb(skb);
1180
1181 return 0;
1182 }
1183
1184 static int btusb_setup_intel(struct hci_dev *hdev)
1185 {
1186 struct sk_buff *skb;
1187 const struct firmware *fw;
1188 const u8 *fw_ptr;
1189 int disable_patch;
1190 struct intel_version *ver;
1191
1192 const u8 mfg_enable[] = { 0x01, 0x00 };
1193 const u8 mfg_disable[] = { 0x00, 0x00 };
1194 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1195 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1196
1197 BT_DBG("%s", hdev->name);
1198
1199 /* The controller has a bug with the first HCI command sent to it
1200 * returning number of completed commands as zero. This would stall the
1201 * command processing in the Bluetooth core.
1202 *
1203 * As a workaround, send HCI Reset command first which will reset the
1204 * number of completed commands and allow normal command processing
1205 * from now on.
1206 */
1207 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1208 if (IS_ERR(skb)) {
1209 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1210 hdev->name, PTR_ERR(skb));
1211 return PTR_ERR(skb);
1212 }
1213 kfree_skb(skb);
1214
1215 /* Read Intel specific controller version first to allow selection of
1216 * which firmware file to load.
1217 *
1218 * The returned information are hardware variant and revision plus
1219 * firmware variant, revision and build number.
1220 */
1221 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1222 if (IS_ERR(skb)) {
1223 BT_ERR("%s reading Intel fw version command failed (%ld)",
1224 hdev->name, PTR_ERR(skb));
1225 return PTR_ERR(skb);
1226 }
1227
1228 if (skb->len != sizeof(*ver)) {
1229 BT_ERR("%s Intel version event length mismatch", hdev->name);
1230 kfree_skb(skb);
1231 return -EIO;
1232 }
1233
1234 ver = (struct intel_version *)skb->data;
1235 if (ver->status) {
1236 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1237 ver->status);
1238 kfree_skb(skb);
1239 return -bt_to_errno(ver->status);
1240 }
1241
1242 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1243 hdev->name, ver->hw_platform, ver->hw_variant,
1244 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1245 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1246 ver->fw_patch_num);
1247
1248 /* fw_patch_num indicates the version of patch the device currently
1249 * have. If there is no patch data in the device, it is always 0x00.
1250 * So, if it is other than 0x00, no need to patch the deivce again.
1251 */
1252 if (ver->fw_patch_num) {
1253 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1254 hdev->name, ver->fw_patch_num);
1255 kfree_skb(skb);
1256 return 0;
1257 }
1258
1259 /* Opens the firmware patch file based on the firmware version read
1260 * from the controller. If it fails to open the matching firmware
1261 * patch file, it tries to open the default firmware patch file.
1262 * If no patch file is found, allow the device to operate without
1263 * a patch.
1264 */
1265 fw = btusb_setup_intel_get_fw(hdev, ver);
1266 if (!fw) {
1267 kfree_skb(skb);
1268 return 0;
1269 }
1270 fw_ptr = fw->data;
1271
1272 /* This Intel specific command enables the manufacturer mode of the
1273 * controller.
1274 *
1275 * Only while this mode is enabled, the driver can download the
1276 * firmware patch data and configuration parameters.
1277 */
1278 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1279 if (IS_ERR(skb)) {
1280 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1281 hdev->name, PTR_ERR(skb));
1282 release_firmware(fw);
1283 return PTR_ERR(skb);
1284 }
1285
1286 if (skb->data[0]) {
1287 u8 evt_status = skb->data[0];
1288 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1289 hdev->name, evt_status);
1290 kfree_skb(skb);
1291 release_firmware(fw);
1292 return -bt_to_errno(evt_status);
1293 }
1294 kfree_skb(skb);
1295
1296 disable_patch = 1;
1297
1298 /* The firmware data file consists of list of Intel specific HCI
1299 * commands and its expected events. The first byte indicates the
1300 * type of the message, either HCI command or HCI event.
1301 *
1302 * It reads the command and its expected event from the firmware file,
1303 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1304 * the returned event is compared with the event read from the firmware
1305 * file and it will continue until all the messages are downloaded to
1306 * the controller.
1307 *
1308 * Once the firmware patching is completed successfully,
1309 * the manufacturer mode is disabled with reset and activating the
1310 * downloaded patch.
1311 *
1312 * If the firmware patching fails, the manufacturer mode is
1313 * disabled with reset and deactivating the patch.
1314 *
1315 * If the default patch file is used, no reset is done when disabling
1316 * the manufacturer.
1317 */
1318 while (fw->size > fw_ptr - fw->data) {
1319 int ret;
1320
1321 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1322 &disable_patch);
1323 if (ret < 0)
1324 goto exit_mfg_deactivate;
1325 }
1326
1327 release_firmware(fw);
1328
1329 if (disable_patch)
1330 goto exit_mfg_disable;
1331
1332 /* Patching completed successfully and disable the manufacturer mode
1333 * with reset and activate the downloaded firmware patches.
1334 */
1335 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1336 mfg_reset_activate, HCI_INIT_TIMEOUT);
1337 if (IS_ERR(skb)) {
1338 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1339 hdev->name, PTR_ERR(skb));
1340 return PTR_ERR(skb);
1341 }
1342 kfree_skb(skb);
1343
1344 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1345 hdev->name);
1346
1347 return 0;
1348
1349 exit_mfg_disable:
1350 /* Disable the manufacturer mode without reset */
1351 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1352 HCI_INIT_TIMEOUT);
1353 if (IS_ERR(skb)) {
1354 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1355 hdev->name, PTR_ERR(skb));
1356 return PTR_ERR(skb);
1357 }
1358 kfree_skb(skb);
1359
1360 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1361 return 0;
1362
1363 exit_mfg_deactivate:
1364 release_firmware(fw);
1365
1366 /* Patching failed. Disable the manufacturer mode with reset and
1367 * deactivate the downloaded firmware patches.
1368 */
1369 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1370 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1371 if (IS_ERR(skb)) {
1372 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1373 hdev->name, PTR_ERR(skb));
1374 return PTR_ERR(skb);
1375 }
1376 kfree_skb(skb);
1377
1378 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1379 hdev->name);
1380
1381 return 0;
1382 }
1383
1384 static int btusb_probe(struct usb_interface *intf,
1385 const struct usb_device_id *id)
1386 {
1387 struct usb_endpoint_descriptor *ep_desc;
1388 struct btusb_data *data;
1389 struct hci_dev *hdev;
1390 int i, err;
1391
1392 BT_DBG("intf %p id %p", intf, id);
1393
1394 /* interface numbers are hardcoded in the spec */
1395 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1396 return -ENODEV;
1397
1398 if (!id->driver_info) {
1399 const struct usb_device_id *match;
1400 match = usb_match_id(intf, blacklist_table);
1401 if (match)
1402 id = match;
1403 }
1404
1405 if (id->driver_info == BTUSB_IGNORE)
1406 return -ENODEV;
1407
1408 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
1409 return -ENODEV;
1410
1411 if (ignore_csr && id->driver_info & BTUSB_CSR)
1412 return -ENODEV;
1413
1414 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
1415 return -ENODEV;
1416
1417 if (id->driver_info & BTUSB_ATH3012) {
1418 struct usb_device *udev = interface_to_usbdev(intf);
1419
1420 /* Old firmware would otherwise let ath3k driver load
1421 * patch and sysconfig files */
1422 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1423 return -ENODEV;
1424 }
1425
1426 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1427 if (!data)
1428 return -ENOMEM;
1429
1430 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1431 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1432
1433 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1434 data->intr_ep = ep_desc;
1435 continue;
1436 }
1437
1438 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1439 data->bulk_tx_ep = ep_desc;
1440 continue;
1441 }
1442
1443 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1444 data->bulk_rx_ep = ep_desc;
1445 continue;
1446 }
1447 }
1448
1449 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1450 return -ENODEV;
1451
1452 data->cmdreq_type = USB_TYPE_CLASS;
1453
1454 data->udev = interface_to_usbdev(intf);
1455 data->intf = intf;
1456
1457 spin_lock_init(&data->lock);
1458
1459 INIT_WORK(&data->work, btusb_work);
1460 INIT_WORK(&data->waker, btusb_waker);
1461 spin_lock_init(&data->txlock);
1462
1463 init_usb_anchor(&data->tx_anchor);
1464 init_usb_anchor(&data->intr_anchor);
1465 init_usb_anchor(&data->bulk_anchor);
1466 init_usb_anchor(&data->isoc_anchor);
1467 init_usb_anchor(&data->deferred);
1468
1469 hdev = hci_alloc_dev();
1470 if (!hdev)
1471 return -ENOMEM;
1472
1473 hdev->bus = HCI_USB;
1474 hci_set_drvdata(hdev, data);
1475
1476 data->hdev = hdev;
1477
1478 SET_HCIDEV_DEV(hdev, &intf->dev);
1479
1480 hdev->open = btusb_open;
1481 hdev->close = btusb_close;
1482 hdev->flush = btusb_flush;
1483 hdev->send = btusb_send_frame;
1484 hdev->notify = btusb_notify;
1485
1486 if (id->driver_info & BTUSB_BCM92035)
1487 hdev->setup = btusb_setup_bcm92035;
1488
1489 if (id->driver_info & BTUSB_INTEL)
1490 hdev->setup = btusb_setup_intel;
1491
1492 /* Interface numbers are hardcoded in the specification */
1493 data->isoc = usb_ifnum_to_if(data->udev, 1);
1494
1495 if (!reset)
1496 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1497
1498 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1499 if (!disable_scofix)
1500 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1501 }
1502
1503 if (id->driver_info & BTUSB_BROKEN_ISOC)
1504 data->isoc = NULL;
1505
1506 if (id->driver_info & BTUSB_DIGIANSWER) {
1507 data->cmdreq_type = USB_TYPE_VENDOR;
1508 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1509 }
1510
1511 if (id->driver_info & BTUSB_CSR) {
1512 struct usb_device *udev = data->udev;
1513 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1514
1515 /* Old firmware would otherwise execute USB reset */
1516 if (bcdDevice < 0x117)
1517 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1518
1519 /* Fake CSR devices with broken commands */
1520 if (bcdDevice <= 0x100)
1521 hdev->setup = btusb_setup_csr;
1522 }
1523
1524 if (id->driver_info & BTUSB_SNIFFER) {
1525 struct usb_device *udev = data->udev;
1526
1527 /* New sniffer firmware has crippled HCI interface */
1528 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1529 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1530
1531 data->isoc = NULL;
1532 }
1533
1534 if (data->isoc) {
1535 err = usb_driver_claim_interface(&btusb_driver,
1536 data->isoc, data);
1537 if (err < 0) {
1538 hci_free_dev(hdev);
1539 return err;
1540 }
1541 }
1542
1543 err = hci_register_dev(hdev);
1544 if (err < 0) {
1545 hci_free_dev(hdev);
1546 return err;
1547 }
1548
1549 usb_set_intfdata(intf, data);
1550
1551 return 0;
1552 }
1553
1554 static void btusb_disconnect(struct usb_interface *intf)
1555 {
1556 struct btusb_data *data = usb_get_intfdata(intf);
1557 struct hci_dev *hdev;
1558
1559 BT_DBG("intf %p", intf);
1560
1561 if (!data)
1562 return;
1563
1564 hdev = data->hdev;
1565 usb_set_intfdata(data->intf, NULL);
1566
1567 if (data->isoc)
1568 usb_set_intfdata(data->isoc, NULL);
1569
1570 hci_unregister_dev(hdev);
1571
1572 if (intf == data->isoc)
1573 usb_driver_release_interface(&btusb_driver, data->intf);
1574 else if (data->isoc)
1575 usb_driver_release_interface(&btusb_driver, data->isoc);
1576
1577 hci_free_dev(hdev);
1578 }
1579
1580 #ifdef CONFIG_PM
1581 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1582 {
1583 struct btusb_data *data = usb_get_intfdata(intf);
1584
1585 BT_DBG("intf %p", intf);
1586
1587 if (data->suspend_count++)
1588 return 0;
1589
1590 spin_lock_irq(&data->txlock);
1591 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1592 set_bit(BTUSB_SUSPENDING, &data->flags);
1593 spin_unlock_irq(&data->txlock);
1594 } else {
1595 spin_unlock_irq(&data->txlock);
1596 data->suspend_count--;
1597 return -EBUSY;
1598 }
1599
1600 cancel_work_sync(&data->work);
1601
1602 btusb_stop_traffic(data);
1603 usb_kill_anchored_urbs(&data->tx_anchor);
1604
1605 return 0;
1606 }
1607
1608 static void play_deferred(struct btusb_data *data)
1609 {
1610 struct urb *urb;
1611 int err;
1612
1613 while ((urb = usb_get_from_anchor(&data->deferred))) {
1614 err = usb_submit_urb(urb, GFP_ATOMIC);
1615 if (err < 0)
1616 break;
1617
1618 data->tx_in_flight++;
1619 }
1620 usb_scuttle_anchored_urbs(&data->deferred);
1621 }
1622
1623 static int btusb_resume(struct usb_interface *intf)
1624 {
1625 struct btusb_data *data = usb_get_intfdata(intf);
1626 struct hci_dev *hdev = data->hdev;
1627 int err = 0;
1628
1629 BT_DBG("intf %p", intf);
1630
1631 if (--data->suspend_count)
1632 return 0;
1633
1634 if (!test_bit(HCI_RUNNING, &hdev->flags))
1635 goto done;
1636
1637 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1638 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1639 if (err < 0) {
1640 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1641 goto failed;
1642 }
1643 }
1644
1645 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1646 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1647 if (err < 0) {
1648 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1649 goto failed;
1650 }
1651
1652 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1653 }
1654
1655 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1656 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1657 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1658 else
1659 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1660 }
1661
1662 spin_lock_irq(&data->txlock);
1663 play_deferred(data);
1664 clear_bit(BTUSB_SUSPENDING, &data->flags);
1665 spin_unlock_irq(&data->txlock);
1666 schedule_work(&data->work);
1667
1668 return 0;
1669
1670 failed:
1671 usb_scuttle_anchored_urbs(&data->deferred);
1672 done:
1673 spin_lock_irq(&data->txlock);
1674 clear_bit(BTUSB_SUSPENDING, &data->flags);
1675 spin_unlock_irq(&data->txlock);
1676
1677 return err;
1678 }
1679 #endif
1680
1681 static struct usb_driver btusb_driver = {
1682 .name = "btusb",
1683 .probe = btusb_probe,
1684 .disconnect = btusb_disconnect,
1685 #ifdef CONFIG_PM
1686 .suspend = btusb_suspend,
1687 .resume = btusb_resume,
1688 #endif
1689 .id_table = btusb_table,
1690 .supports_autosuspend = 1,
1691 .disable_hub_initiated_lpm = 1,
1692 };
1693
1694 module_usb_driver(btusb_driver);
1695
1696 module_param(ignore_dga, bool, 0644);
1697 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1698
1699 module_param(ignore_csr, bool, 0644);
1700 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1701
1702 module_param(ignore_sniffer, bool, 0644);
1703 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1704
1705 module_param(disable_scofix, bool, 0644);
1706 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1707
1708 module_param(force_scofix, bool, 0644);
1709 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1710
1711 module_param(reset, bool, 0644);
1712 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1713
1714 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1715 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1716 MODULE_VERSION(VERSION);
1717 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.091327 seconds and 5 git commands to generate.