projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware filename
[deliverable/linux.git] / drivers / bluetooth / btusb.c
1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31
32 #include "btintel.h"
33 #include "btbcm.h"
34 #include "btrtl.h"
35
36 #define VERSION "0.8"
37
38 static bool disable_scofix;
39 static bool force_scofix;
40
41 static bool reset = true;
42
43 static struct usb_driver btusb_driver;
44
45 #define BTUSB_IGNORE 0x01
46 #define BTUSB_DIGIANSWER 0x02
47 #define BTUSB_CSR 0x04
48 #define BTUSB_SNIFFER 0x08
49 #define BTUSB_BCM92035 0x10
50 #define BTUSB_BROKEN_ISOC 0x20
51 #define BTUSB_WRONG_SCO_MTU 0x40
52 #define BTUSB_ATH3012 0x80
53 #define BTUSB_INTEL 0x100
54 #define BTUSB_INTEL_BOOT 0x200
55 #define BTUSB_BCM_PATCHRAM 0x400
56 #define BTUSB_MARVELL 0x800
57 #define BTUSB_SWAVE 0x1000
58 #define BTUSB_INTEL_NEW 0x2000
59 #define BTUSB_AMP 0x4000
60 #define BTUSB_QCA_ROME 0x8000
61 #define BTUSB_BCM_APPLE 0x10000
62 #define BTUSB_REALTEK 0x20000
63 #define BTUSB_BCM2045 0x40000
64 #define BTUSB_IFNUM_2 0x80000
65
66 static const struct usb_device_id btusb_table[] = {
67 /* Generic Bluetooth USB device */
68 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
69
70 /* Generic Bluetooth AMP device */
71 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
72
73 /* Generic Bluetooth USB interface */
74 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
75
76 /* Apple-specific (Broadcom) devices */
77 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
78 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
79
80 /* MediaTek MT76x0E */
81 { USB_DEVICE(0x0e8d, 0x763f) },
82
83 /* Broadcom SoftSailing reporting vendor specific */
84 { USB_DEVICE(0x0a5c, 0x21e1) },
85
86 /* Apple MacBookPro 7,1 */
87 { USB_DEVICE(0x05ac, 0x8213) },
88
89 /* Apple iMac11,1 */
90 { USB_DEVICE(0x05ac, 0x8215) },
91
92 /* Apple MacBookPro6,2 */
93 { USB_DEVICE(0x05ac, 0x8218) },
94
95 /* Apple MacBookAir3,1, MacBookAir3,2 */
96 { USB_DEVICE(0x05ac, 0x821b) },
97
98 /* Apple MacBookAir4,1 */
99 { USB_DEVICE(0x05ac, 0x821f) },
100
101 /* Apple MacBookPro8,2 */
102 { USB_DEVICE(0x05ac, 0x821a) },
103
104 /* Apple MacMini5,1 */
105 { USB_DEVICE(0x05ac, 0x8281) },
106
107 /* AVM BlueFRITZ! USB v2.0 */
108 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
109
110 /* Bluetooth Ultraport Module from IBM */
111 { USB_DEVICE(0x04bf, 0x030a) },
112
113 /* ALPS Modules with non-standard id */
114 { USB_DEVICE(0x044e, 0x3001) },
115 { USB_DEVICE(0x044e, 0x3002) },
116
117 /* Ericsson with non-standard id */
118 { USB_DEVICE(0x0bdb, 0x1002) },
119
120 /* Canyon CN-BTU1 with HID interfaces */
121 { USB_DEVICE(0x0c10, 0x0000) },
122
123 /* Broadcom BCM20702A0 */
124 { USB_DEVICE(0x413c, 0x8197) },
125
126 /* Broadcom BCM20702B0 (Dynex/Insignia) */
127 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
128
129 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
130 { USB_DEVICE(0x105b, 0xe065), .driver_info = BTUSB_BCM_PATCHRAM },
131
132 /* Foxconn - Hon Hai */
133 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
134 .driver_info = BTUSB_BCM_PATCHRAM },
135
136 /* Lite-On Technology - Broadcom based */
137 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
138 .driver_info = BTUSB_BCM_PATCHRAM },
139
140 /* Broadcom devices with vendor specific id */
141 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
142 .driver_info = BTUSB_BCM_PATCHRAM },
143
144 /* ASUSTek Computer - Broadcom based */
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
146 .driver_info = BTUSB_BCM_PATCHRAM },
147
148 /* Belkin F8065bf - Broadcom based */
149 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
150 .driver_info = BTUSB_BCM_PATCHRAM },
151
152 /* IMC Networks - Broadcom based */
153 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
154 .driver_info = BTUSB_BCM_PATCHRAM },
155
156 /* Toshiba Corp - Broadcom based */
157 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
158 .driver_info = BTUSB_BCM_PATCHRAM },
159
160 /* Intel Bluetooth USB Bootloader (RAM module) */
161 { USB_DEVICE(0x8087, 0x0a5a),
162 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
163
164 { } /* Terminating entry */
165 };
166
167 MODULE_DEVICE_TABLE(usb, btusb_table);
168
169 static const struct usb_device_id blacklist_table[] = {
170 /* CSR BlueCore devices */
171 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
172
173 /* Broadcom BCM2033 without firmware */
174 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
175
176 /* Broadcom BCM2045 devices */
177 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
178
179 /* Atheros 3011 with sflash firmware */
180 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
181 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
182 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
183 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
184 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
185 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
186 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
187
188 /* Atheros AR9285 Malbec with sflash firmware */
189 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
190
191 /* Atheros 3012 with sflash firmware */
192 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
193 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
194 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
195 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
196 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
197 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
198 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
199 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
200 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
201 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
202 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
203 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
204 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
205 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
206 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
207 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
208 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
240
241 /* Atheros AR5BBU12 with sflash firmware */
242 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
243
244 /* Atheros AR5BBU12 with sflash firmware */
245 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
247
248 /* QCA ROME chipset */
249 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
250 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
251 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
252
253 /* Broadcom BCM2035 */
254 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
255 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
256 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
257
258 /* Broadcom BCM2045 */
259 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
260 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
261
262 /* IBM/Lenovo ThinkPad with Broadcom chip */
263 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
264 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
265
266 /* HP laptop with Broadcom chip */
267 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
268
269 /* Dell laptop with Broadcom chip */
270 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
271
272 /* Dell Wireless 370 and 410 devices */
273 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
274 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
275
276 /* Belkin F8T012 and F8T013 devices */
277 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
278 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
279
280 /* Asus WL-BTD202 device */
281 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
282
283 /* Kensington Bluetooth USB adapter */
284 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
285
286 /* RTX Telecom based adapters with buggy SCO support */
287 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
288 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
289
290 /* CONWISE Technology based adapters with buggy SCO support */
291 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
292
293 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
294 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
295
296 /* Digianswer devices */
297 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
298 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
299
300 /* CSR BlueCore Bluetooth Sniffer */
301 { USB_DEVICE(0x0a12, 0x0002),
302 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
303
304 /* Frontline ComProbe Bluetooth Sniffer */
305 { USB_DEVICE(0x16d3, 0x0002),
306 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
307
308 /* Marvell Bluetooth devices */
309 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
310 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
311
312 /* Intel Bluetooth devices */
313 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
314 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
315 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
316 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
317 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL },
318
319 /* Other Intel Bluetooth devices */
320 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
321 .driver_info = BTUSB_IGNORE },
322
323 /* Realtek Bluetooth devices */
324 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
325 .driver_info = BTUSB_REALTEK },
326
327 /* Additional Realtek 8723AE Bluetooth devices */
328 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
329 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
330
331 /* Additional Realtek 8723BE Bluetooth devices */
332 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
333 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
334 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
335 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
336 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
337
338 /* Additional Realtek 8821AE Bluetooth devices */
339 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
340 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
341 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
342 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
343 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
344
345 /* Silicon Wave based devices */
346 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
347
348 { } /* Terminating entry */
349 };
350
351 #define BTUSB_MAX_ISOC_FRAMES 10
352
353 #define BTUSB_INTR_RUNNING 0
354 #define BTUSB_BULK_RUNNING 1
355 #define BTUSB_ISOC_RUNNING 2
356 #define BTUSB_SUSPENDING 3
357 #define BTUSB_DID_ISO_RESUME 4
358 #define BTUSB_BOOTLOADER 5
359 #define BTUSB_DOWNLOADING 6
360 #define BTUSB_FIRMWARE_LOADED 7
361 #define BTUSB_FIRMWARE_FAILED 8
362 #define BTUSB_BOOTING 9
363 #define BTUSB_RESET_RESUME 10
364 #define BTUSB_DIAG_RUNNING 11
365
366 struct btusb_data {
367 struct hci_dev *hdev;
368 struct usb_device *udev;
369 struct usb_interface *intf;
370 struct usb_interface *isoc;
371 struct usb_interface *diag;
372
373 unsigned long flags;
374
375 struct work_struct work;
376 struct work_struct waker;
377
378 struct usb_anchor deferred;
379 struct usb_anchor tx_anchor;
380 int tx_in_flight;
381 spinlock_t txlock;
382
383 struct usb_anchor intr_anchor;
384 struct usb_anchor bulk_anchor;
385 struct usb_anchor isoc_anchor;
386 struct usb_anchor diag_anchor;
387 spinlock_t rxlock;
388
389 struct sk_buff *evt_skb;
390 struct sk_buff *acl_skb;
391 struct sk_buff *sco_skb;
392
393 struct usb_endpoint_descriptor *intr_ep;
394 struct usb_endpoint_descriptor *bulk_tx_ep;
395 struct usb_endpoint_descriptor *bulk_rx_ep;
396 struct usb_endpoint_descriptor *isoc_tx_ep;
397 struct usb_endpoint_descriptor *isoc_rx_ep;
398 struct usb_endpoint_descriptor *diag_tx_ep;
399 struct usb_endpoint_descriptor *diag_rx_ep;
400
401 __u8 cmdreq_type;
402 __u8 cmdreq;
403
404 unsigned int sco_num;
405 int isoc_altsetting;
406 int suspend_count;
407
408 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
409 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
410
411 int (*setup_on_usb)(struct hci_dev *hdev);
412 };
413
414 static inline void btusb_free_frags(struct btusb_data *data)
415 {
416 unsigned long flags;
417
418 spin_lock_irqsave(&data->rxlock, flags);
419
420 kfree_skb(data->evt_skb);
421 data->evt_skb = NULL;
422
423 kfree_skb(data->acl_skb);
424 data->acl_skb = NULL;
425
426 kfree_skb(data->sco_skb);
427 data->sco_skb = NULL;
428
429 spin_unlock_irqrestore(&data->rxlock, flags);
430 }
431
432 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
433 {
434 struct sk_buff *skb;
435 int err = 0;
436
437 spin_lock(&data->rxlock);
438 skb = data->evt_skb;
439
440 while (count) {
441 int len;
442
443 if (!skb) {
444 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
445 if (!skb) {
446 err = -ENOMEM;
447 break;
448 }
449
450 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
451 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
452 }
453
454 len = min_t(uint, hci_skb_expect(skb), count);
455 memcpy(skb_put(skb, len), buffer, len);
456
457 count -= len;
458 buffer += len;
459 hci_skb_expect(skb) -= len;
460
461 if (skb->len == HCI_EVENT_HDR_SIZE) {
462 /* Complete event header */
463 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
464
465 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
466 kfree_skb(skb);
467 skb = NULL;
468
469 err = -EILSEQ;
470 break;
471 }
472 }
473
474 if (!hci_skb_expect(skb)) {
475 /* Complete frame */
476 data->recv_event(data->hdev, skb);
477 skb = NULL;
478 }
479 }
480
481 data->evt_skb = skb;
482 spin_unlock(&data->rxlock);
483
484 return err;
485 }
486
487 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
488 {
489 struct sk_buff *skb;
490 int err = 0;
491
492 spin_lock(&data->rxlock);
493 skb = data->acl_skb;
494
495 while (count) {
496 int len;
497
498 if (!skb) {
499 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
500 if (!skb) {
501 err = -ENOMEM;
502 break;
503 }
504
505 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
506 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
507 }
508
509 len = min_t(uint, hci_skb_expect(skb), count);
510 memcpy(skb_put(skb, len), buffer, len);
511
512 count -= len;
513 buffer += len;
514 hci_skb_expect(skb) -= len;
515
516 if (skb->len == HCI_ACL_HDR_SIZE) {
517 __le16 dlen = hci_acl_hdr(skb)->dlen;
518
519 /* Complete ACL header */
520 hci_skb_expect(skb) = __le16_to_cpu(dlen);
521
522 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
523 kfree_skb(skb);
524 skb = NULL;
525
526 err = -EILSEQ;
527 break;
528 }
529 }
530
531 if (!hci_skb_expect(skb)) {
532 /* Complete frame */
533 hci_recv_frame(data->hdev, skb);
534 skb = NULL;
535 }
536 }
537
538 data->acl_skb = skb;
539 spin_unlock(&data->rxlock);
540
541 return err;
542 }
543
544 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
545 {
546 struct sk_buff *skb;
547 int err = 0;
548
549 spin_lock(&data->rxlock);
550 skb = data->sco_skb;
551
552 while (count) {
553 int len;
554
555 if (!skb) {
556 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
557 if (!skb) {
558 err = -ENOMEM;
559 break;
560 }
561
562 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
563 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
564 }
565
566 len = min_t(uint, hci_skb_expect(skb), count);
567 memcpy(skb_put(skb, len), buffer, len);
568
569 count -= len;
570 buffer += len;
571 hci_skb_expect(skb) -= len;
572
573 if (skb->len == HCI_SCO_HDR_SIZE) {
574 /* Complete SCO header */
575 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
576
577 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
578 kfree_skb(skb);
579 skb = NULL;
580
581 err = -EILSEQ;
582 break;
583 }
584 }
585
586 if (!hci_skb_expect(skb)) {
587 /* Complete frame */
588 hci_recv_frame(data->hdev, skb);
589 skb = NULL;
590 }
591 }
592
593 data->sco_skb = skb;
594 spin_unlock(&data->rxlock);
595
596 return err;
597 }
598
599 static void btusb_intr_complete(struct urb *urb)
600 {
601 struct hci_dev *hdev = urb->context;
602 struct btusb_data *data = hci_get_drvdata(hdev);
603 int err;
604
605 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
606 urb->actual_length);
607
608 if (!test_bit(HCI_RUNNING, &hdev->flags))
609 return;
610
611 if (urb->status == 0) {
612 hdev->stat.byte_rx += urb->actual_length;
613
614 if (btusb_recv_intr(data, urb->transfer_buffer,
615 urb->actual_length) < 0) {
616 BT_ERR("%s corrupted event packet", hdev->name);
617 hdev->stat.err_rx++;
618 }
619 } else if (urb->status == -ENOENT) {
620 /* Avoid suspend failed when usb_kill_urb */
621 return;
622 }
623
624 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
625 return;
626
627 usb_mark_last_busy(data->udev);
628 usb_anchor_urb(urb, &data->intr_anchor);
629
630 err = usb_submit_urb(urb, GFP_ATOMIC);
631 if (err < 0) {
632 /* -EPERM: urb is being killed;
633 * -ENODEV: device got disconnected */
634 if (err != -EPERM && err != -ENODEV)
635 BT_ERR("%s urb %p failed to resubmit (%d)",
636 hdev->name, urb, -err);
637 usb_unanchor_urb(urb);
638 }
639 }
640
641 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
642 {
643 struct btusb_data *data = hci_get_drvdata(hdev);
644 struct urb *urb;
645 unsigned char *buf;
646 unsigned int pipe;
647 int err, size;
648
649 BT_DBG("%s", hdev->name);
650
651 if (!data->intr_ep)
652 return -ENODEV;
653
654 urb = usb_alloc_urb(0, mem_flags);
655 if (!urb)
656 return -ENOMEM;
657
658 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
659
660 buf = kmalloc(size, mem_flags);
661 if (!buf) {
662 usb_free_urb(urb);
663 return -ENOMEM;
664 }
665
666 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
667
668 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
669 btusb_intr_complete, hdev, data->intr_ep->bInterval);
670
671 urb->transfer_flags |= URB_FREE_BUFFER;
672
673 usb_anchor_urb(urb, &data->intr_anchor);
674
675 err = usb_submit_urb(urb, mem_flags);
676 if (err < 0) {
677 if (err != -EPERM && err != -ENODEV)
678 BT_ERR("%s urb %p submission failed (%d)",
679 hdev->name, urb, -err);
680 usb_unanchor_urb(urb);
681 }
682
683 usb_free_urb(urb);
684
685 return err;
686 }
687
688 static void btusb_bulk_complete(struct urb *urb)
689 {
690 struct hci_dev *hdev = urb->context;
691 struct btusb_data *data = hci_get_drvdata(hdev);
692 int err;
693
694 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
695 urb->actual_length);
696
697 if (!test_bit(HCI_RUNNING, &hdev->flags))
698 return;
699
700 if (urb->status == 0) {
701 hdev->stat.byte_rx += urb->actual_length;
702
703 if (data->recv_bulk(data, urb->transfer_buffer,
704 urb->actual_length) < 0) {
705 BT_ERR("%s corrupted ACL packet", hdev->name);
706 hdev->stat.err_rx++;
707 }
708 } else if (urb->status == -ENOENT) {
709 /* Avoid suspend failed when usb_kill_urb */
710 return;
711 }
712
713 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
714 return;
715
716 usb_anchor_urb(urb, &data->bulk_anchor);
717 usb_mark_last_busy(data->udev);
718
719 err = usb_submit_urb(urb, GFP_ATOMIC);
720 if (err < 0) {
721 /* -EPERM: urb is being killed;
722 * -ENODEV: device got disconnected */
723 if (err != -EPERM && err != -ENODEV)
724 BT_ERR("%s urb %p failed to resubmit (%d)",
725 hdev->name, urb, -err);
726 usb_unanchor_urb(urb);
727 }
728 }
729
730 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
731 {
732 struct btusb_data *data = hci_get_drvdata(hdev);
733 struct urb *urb;
734 unsigned char *buf;
735 unsigned int pipe;
736 int err, size = HCI_MAX_FRAME_SIZE;
737
738 BT_DBG("%s", hdev->name);
739
740 if (!data->bulk_rx_ep)
741 return -ENODEV;
742
743 urb = usb_alloc_urb(0, mem_flags);
744 if (!urb)
745 return -ENOMEM;
746
747 buf = kmalloc(size, mem_flags);
748 if (!buf) {
749 usb_free_urb(urb);
750 return -ENOMEM;
751 }
752
753 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
754
755 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
756 btusb_bulk_complete, hdev);
757
758 urb->transfer_flags |= URB_FREE_BUFFER;
759
760 usb_mark_last_busy(data->udev);
761 usb_anchor_urb(urb, &data->bulk_anchor);
762
763 err = usb_submit_urb(urb, mem_flags);
764 if (err < 0) {
765 if (err != -EPERM && err != -ENODEV)
766 BT_ERR("%s urb %p submission failed (%d)",
767 hdev->name, urb, -err);
768 usb_unanchor_urb(urb);
769 }
770
771 usb_free_urb(urb);
772
773 return err;
774 }
775
776 static void btusb_isoc_complete(struct urb *urb)
777 {
778 struct hci_dev *hdev = urb->context;
779 struct btusb_data *data = hci_get_drvdata(hdev);
780 int i, err;
781
782 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
783 urb->actual_length);
784
785 if (!test_bit(HCI_RUNNING, &hdev->flags))
786 return;
787
788 if (urb->status == 0) {
789 for (i = 0; i < urb->number_of_packets; i++) {
790 unsigned int offset = urb->iso_frame_desc[i].offset;
791 unsigned int length = urb->iso_frame_desc[i].actual_length;
792
793 if (urb->iso_frame_desc[i].status)
794 continue;
795
796 hdev->stat.byte_rx += length;
797
798 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
799 length) < 0) {
800 BT_ERR("%s corrupted SCO packet", hdev->name);
801 hdev->stat.err_rx++;
802 }
803 }
804 } else if (urb->status == -ENOENT) {
805 /* Avoid suspend failed when usb_kill_urb */
806 return;
807 }
808
809 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
810 return;
811
812 usb_anchor_urb(urb, &data->isoc_anchor);
813
814 err = usb_submit_urb(urb, GFP_ATOMIC);
815 if (err < 0) {
816 /* -EPERM: urb is being killed;
817 * -ENODEV: device got disconnected */
818 if (err != -EPERM && err != -ENODEV)
819 BT_ERR("%s urb %p failed to resubmit (%d)",
820 hdev->name, urb, -err);
821 usb_unanchor_urb(urb);
822 }
823 }
824
825 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
826 {
827 int i, offset = 0;
828
829 BT_DBG("len %d mtu %d", len, mtu);
830
831 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
832 i++, offset += mtu, len -= mtu) {
833 urb->iso_frame_desc[i].offset = offset;
834 urb->iso_frame_desc[i].length = mtu;
835 }
836
837 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
838 urb->iso_frame_desc[i].offset = offset;
839 urb->iso_frame_desc[i].length = len;
840 i++;
841 }
842
843 urb->number_of_packets = i;
844 }
845
846 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
847 {
848 struct btusb_data *data = hci_get_drvdata(hdev);
849 struct urb *urb;
850 unsigned char *buf;
851 unsigned int pipe;
852 int err, size;
853
854 BT_DBG("%s", hdev->name);
855
856 if (!data->isoc_rx_ep)
857 return -ENODEV;
858
859 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
860 if (!urb)
861 return -ENOMEM;
862
863 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
864 BTUSB_MAX_ISOC_FRAMES;
865
866 buf = kmalloc(size, mem_flags);
867 if (!buf) {
868 usb_free_urb(urb);
869 return -ENOMEM;
870 }
871
872 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
873
874 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
875 hdev, data->isoc_rx_ep->bInterval);
876
877 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
878
879 __fill_isoc_descriptor(urb, size,
880 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
881
882 usb_anchor_urb(urb, &data->isoc_anchor);
883
884 err = usb_submit_urb(urb, mem_flags);
885 if (err < 0) {
886 if (err != -EPERM && err != -ENODEV)
887 BT_ERR("%s urb %p submission failed (%d)",
888 hdev->name, urb, -err);
889 usb_unanchor_urb(urb);
890 }
891
892 usb_free_urb(urb);
893
894 return err;
895 }
896
897 static void btusb_diag_complete(struct urb *urb)
898 {
899 struct hci_dev *hdev = urb->context;
900 struct btusb_data *data = hci_get_drvdata(hdev);
901 int err;
902
903 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
904 urb->actual_length);
905
906 if (urb->status == 0) {
907 struct sk_buff *skb;
908
909 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
910 if (skb) {
911 memcpy(skb_put(skb, urb->actual_length),
912 urb->transfer_buffer, urb->actual_length);
913 hci_recv_diag(hdev, skb);
914 }
915 } else if (urb->status == -ENOENT) {
916 /* Avoid suspend failed when usb_kill_urb */
917 return;
918 }
919
920 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
921 return;
922
923 usb_anchor_urb(urb, &data->diag_anchor);
924 usb_mark_last_busy(data->udev);
925
926 err = usb_submit_urb(urb, GFP_ATOMIC);
927 if (err < 0) {
928 /* -EPERM: urb is being killed;
929 * -ENODEV: device got disconnected */
930 if (err != -EPERM && err != -ENODEV)
931 BT_ERR("%s urb %p failed to resubmit (%d)",
932 hdev->name, urb, -err);
933 usb_unanchor_urb(urb);
934 }
935 }
936
937 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
938 {
939 struct btusb_data *data = hci_get_drvdata(hdev);
940 struct urb *urb;
941 unsigned char *buf;
942 unsigned int pipe;
943 int err, size = HCI_MAX_FRAME_SIZE;
944
945 BT_DBG("%s", hdev->name);
946
947 if (!data->diag_rx_ep)
948 return -ENODEV;
949
950 urb = usb_alloc_urb(0, mem_flags);
951 if (!urb)
952 return -ENOMEM;
953
954 buf = kmalloc(size, mem_flags);
955 if (!buf) {
956 usb_free_urb(urb);
957 return -ENOMEM;
958 }
959
960 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
961
962 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
963 btusb_diag_complete, hdev);
964
965 urb->transfer_flags |= URB_FREE_BUFFER;
966
967 usb_mark_last_busy(data->udev);
968 usb_anchor_urb(urb, &data->diag_anchor);
969
970 err = usb_submit_urb(urb, mem_flags);
971 if (err < 0) {
972 if (err != -EPERM && err != -ENODEV)
973 BT_ERR("%s urb %p submission failed (%d)",
974 hdev->name, urb, -err);
975 usb_unanchor_urb(urb);
976 }
977
978 usb_free_urb(urb);
979
980 return err;
981 }
982
983 static void btusb_tx_complete(struct urb *urb)
984 {
985 struct sk_buff *skb = urb->context;
986 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
987 struct btusb_data *data = hci_get_drvdata(hdev);
988
989 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
990 urb->actual_length);
991
992 if (!test_bit(HCI_RUNNING, &hdev->flags))
993 goto done;
994
995 if (!urb->status)
996 hdev->stat.byte_tx += urb->transfer_buffer_length;
997 else
998 hdev->stat.err_tx++;
999
1000 done:
1001 spin_lock(&data->txlock);
1002 data->tx_in_flight--;
1003 spin_unlock(&data->txlock);
1004
1005 kfree(urb->setup_packet);
1006
1007 kfree_skb(skb);
1008 }
1009
1010 static void btusb_isoc_tx_complete(struct urb *urb)
1011 {
1012 struct sk_buff *skb = urb->context;
1013 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1014
1015 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1016 urb->actual_length);
1017
1018 if (!test_bit(HCI_RUNNING, &hdev->flags))
1019 goto done;
1020
1021 if (!urb->status)
1022 hdev->stat.byte_tx += urb->transfer_buffer_length;
1023 else
1024 hdev->stat.err_tx++;
1025
1026 done:
1027 kfree(urb->setup_packet);
1028
1029 kfree_skb(skb);
1030 }
1031
1032 static int btusb_open(struct hci_dev *hdev)
1033 {
1034 struct btusb_data *data = hci_get_drvdata(hdev);
1035 int err;
1036
1037 BT_DBG("%s", hdev->name);
1038
1039 /* Patching USB firmware files prior to starting any URBs of HCI path
1040 * It is more safe to use USB bulk channel for downloading USB patch
1041 */
1042 if (data->setup_on_usb) {
1043 err = data->setup_on_usb(hdev);
1044 if (err < 0)
1045 return err;
1046 }
1047
1048 err = usb_autopm_get_interface(data->intf);
1049 if (err < 0)
1050 return err;
1051
1052 data->intf->needs_remote_wakeup = 1;
1053
1054 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1055 goto done;
1056
1057 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1058 if (err < 0)
1059 goto failed;
1060
1061 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1062 if (err < 0) {
1063 usb_kill_anchored_urbs(&data->intr_anchor);
1064 goto failed;
1065 }
1066
1067 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1068 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1069
1070 if (data->diag) {
1071 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1072 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1073 }
1074
1075 done:
1076 usb_autopm_put_interface(data->intf);
1077 return 0;
1078
1079 failed:
1080 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1081 usb_autopm_put_interface(data->intf);
1082 return err;
1083 }
1084
1085 static void btusb_stop_traffic(struct btusb_data *data)
1086 {
1087 usb_kill_anchored_urbs(&data->intr_anchor);
1088 usb_kill_anchored_urbs(&data->bulk_anchor);
1089 usb_kill_anchored_urbs(&data->isoc_anchor);
1090 usb_kill_anchored_urbs(&data->diag_anchor);
1091 }
1092
1093 static int btusb_close(struct hci_dev *hdev)
1094 {
1095 struct btusb_data *data = hci_get_drvdata(hdev);
1096 int err;
1097
1098 BT_DBG("%s", hdev->name);
1099
1100 cancel_work_sync(&data->work);
1101 cancel_work_sync(&data->waker);
1102
1103 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1104 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1105 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1106 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1107
1108 btusb_stop_traffic(data);
1109 btusb_free_frags(data);
1110
1111 err = usb_autopm_get_interface(data->intf);
1112 if (err < 0)
1113 goto failed;
1114
1115 data->intf->needs_remote_wakeup = 0;
1116 usb_autopm_put_interface(data->intf);
1117
1118 failed:
1119 usb_scuttle_anchored_urbs(&data->deferred);
1120 return 0;
1121 }
1122
1123 static int btusb_flush(struct hci_dev *hdev)
1124 {
1125 struct btusb_data *data = hci_get_drvdata(hdev);
1126
1127 BT_DBG("%s", hdev->name);
1128
1129 usb_kill_anchored_urbs(&data->tx_anchor);
1130 btusb_free_frags(data);
1131
1132 return 0;
1133 }
1134
1135 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1136 {
1137 struct btusb_data *data = hci_get_drvdata(hdev);
1138 struct usb_ctrlrequest *dr;
1139 struct urb *urb;
1140 unsigned int pipe;
1141
1142 urb = usb_alloc_urb(0, GFP_KERNEL);
1143 if (!urb)
1144 return ERR_PTR(-ENOMEM);
1145
1146 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1147 if (!dr) {
1148 usb_free_urb(urb);
1149 return ERR_PTR(-ENOMEM);
1150 }
1151
1152 dr->bRequestType = data->cmdreq_type;
1153 dr->bRequest = data->cmdreq;
1154 dr->wIndex = 0;
1155 dr->wValue = 0;
1156 dr->wLength = __cpu_to_le16(skb->len);
1157
1158 pipe = usb_sndctrlpipe(data->udev, 0x00);
1159
1160 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1161 skb->data, skb->len, btusb_tx_complete, skb);
1162
1163 skb->dev = (void *)hdev;
1164
1165 return urb;
1166 }
1167
1168 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1169 {
1170 struct btusb_data *data = hci_get_drvdata(hdev);
1171 struct urb *urb;
1172 unsigned int pipe;
1173
1174 if (!data->bulk_tx_ep)
1175 return ERR_PTR(-ENODEV);
1176
1177 urb = usb_alloc_urb(0, GFP_KERNEL);
1178 if (!urb)
1179 return ERR_PTR(-ENOMEM);
1180
1181 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1182
1183 usb_fill_bulk_urb(urb, data->udev, pipe,
1184 skb->data, skb->len, btusb_tx_complete, skb);
1185
1186 skb->dev = (void *)hdev;
1187
1188 return urb;
1189 }
1190
1191 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1192 {
1193 struct btusb_data *data = hci_get_drvdata(hdev);
1194 struct urb *urb;
1195 unsigned int pipe;
1196
1197 if (!data->isoc_tx_ep)
1198 return ERR_PTR(-ENODEV);
1199
1200 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1201 if (!urb)
1202 return ERR_PTR(-ENOMEM);
1203
1204 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1205
1206 usb_fill_int_urb(urb, data->udev, pipe,
1207 skb->data, skb->len, btusb_isoc_tx_complete,
1208 skb, data->isoc_tx_ep->bInterval);
1209
1210 urb->transfer_flags = URB_ISO_ASAP;
1211
1212 __fill_isoc_descriptor(urb, skb->len,
1213 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1214
1215 skb->dev = (void *)hdev;
1216
1217 return urb;
1218 }
1219
1220 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1221 {
1222 struct btusb_data *data = hci_get_drvdata(hdev);
1223 int err;
1224
1225 usb_anchor_urb(urb, &data->tx_anchor);
1226
1227 err = usb_submit_urb(urb, GFP_KERNEL);
1228 if (err < 0) {
1229 if (err != -EPERM && err != -ENODEV)
1230 BT_ERR("%s urb %p submission failed (%d)",
1231 hdev->name, urb, -err);
1232 kfree(urb->setup_packet);
1233 usb_unanchor_urb(urb);
1234 } else {
1235 usb_mark_last_busy(data->udev);
1236 }
1237
1238 usb_free_urb(urb);
1239 return err;
1240 }
1241
1242 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1243 {
1244 struct btusb_data *data = hci_get_drvdata(hdev);
1245 unsigned long flags;
1246 bool suspending;
1247
1248 spin_lock_irqsave(&data->txlock, flags);
1249 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1250 if (!suspending)
1251 data->tx_in_flight++;
1252 spin_unlock_irqrestore(&data->txlock, flags);
1253
1254 if (!suspending)
1255 return submit_tx_urb(hdev, urb);
1256
1257 usb_anchor_urb(urb, &data->deferred);
1258 schedule_work(&data->waker);
1259
1260 usb_free_urb(urb);
1261 return 0;
1262 }
1263
1264 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1265 {
1266 struct urb *urb;
1267
1268 BT_DBG("%s", hdev->name);
1269
1270 switch (hci_skb_pkt_type(skb)) {
1271 case HCI_COMMAND_PKT:
1272 urb = alloc_ctrl_urb(hdev, skb);
1273 if (IS_ERR(urb))
1274 return PTR_ERR(urb);
1275
1276 hdev->stat.cmd_tx++;
1277 return submit_or_queue_tx_urb(hdev, urb);
1278
1279 case HCI_ACLDATA_PKT:
1280 urb = alloc_bulk_urb(hdev, skb);
1281 if (IS_ERR(urb))
1282 return PTR_ERR(urb);
1283
1284 hdev->stat.acl_tx++;
1285 return submit_or_queue_tx_urb(hdev, urb);
1286
1287 case HCI_SCODATA_PKT:
1288 if (hci_conn_num(hdev, SCO_LINK) < 1)
1289 return -ENODEV;
1290
1291 urb = alloc_isoc_urb(hdev, skb);
1292 if (IS_ERR(urb))
1293 return PTR_ERR(urb);
1294
1295 hdev->stat.sco_tx++;
1296 return submit_tx_urb(hdev, urb);
1297 }
1298
1299 return -EILSEQ;
1300 }
1301
1302 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1303 {
1304 struct btusb_data *data = hci_get_drvdata(hdev);
1305
1306 BT_DBG("%s evt %d", hdev->name, evt);
1307
1308 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1309 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1310 schedule_work(&data->work);
1311 }
1312 }
1313
1314 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1315 {
1316 struct btusb_data *data = hci_get_drvdata(hdev);
1317 struct usb_interface *intf = data->isoc;
1318 struct usb_endpoint_descriptor *ep_desc;
1319 int i, err;
1320
1321 if (!data->isoc)
1322 return -ENODEV;
1323
1324 err = usb_set_interface(data->udev, 1, altsetting);
1325 if (err < 0) {
1326 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
1327 return err;
1328 }
1329
1330 data->isoc_altsetting = altsetting;
1331
1332 data->isoc_tx_ep = NULL;
1333 data->isoc_rx_ep = NULL;
1334
1335 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1336 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1337
1338 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1339 data->isoc_tx_ep = ep_desc;
1340 continue;
1341 }
1342
1343 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1344 data->isoc_rx_ep = ep_desc;
1345 continue;
1346 }
1347 }
1348
1349 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1350 BT_ERR("%s invalid SCO descriptors", hdev->name);
1351 return -ENODEV;
1352 }
1353
1354 return 0;
1355 }
1356
1357 static void btusb_work(struct work_struct *work)
1358 {
1359 struct btusb_data *data = container_of(work, struct btusb_data, work);
1360 struct hci_dev *hdev = data->hdev;
1361 int new_alts;
1362 int err;
1363
1364 if (data->sco_num > 0) {
1365 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1366 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1367 if (err < 0) {
1368 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1369 usb_kill_anchored_urbs(&data->isoc_anchor);
1370 return;
1371 }
1372
1373 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1374 }
1375
1376 if (hdev->voice_setting & 0x0020) {
1377 static const int alts[3] = { 2, 4, 5 };
1378
1379 new_alts = alts[data->sco_num - 1];
1380 } else {
1381 new_alts = data->sco_num;
1382 }
1383
1384 if (data->isoc_altsetting != new_alts) {
1385 unsigned long flags;
1386
1387 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1388 usb_kill_anchored_urbs(&data->isoc_anchor);
1389
1390 /* When isochronous alternate setting needs to be
1391 * changed, because SCO connection has been added
1392 * or removed, a packet fragment may be left in the
1393 * reassembling state. This could lead to wrongly
1394 * assembled fragments.
1395 *
1396 * Clear outstanding fragment when selecting a new
1397 * alternate setting.
1398 */
1399 spin_lock_irqsave(&data->rxlock, flags);
1400 kfree_skb(data->sco_skb);
1401 data->sco_skb = NULL;
1402 spin_unlock_irqrestore(&data->rxlock, flags);
1403
1404 if (__set_isoc_interface(hdev, new_alts) < 0)
1405 return;
1406 }
1407
1408 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1409 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1410 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1411 else
1412 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1413 }
1414 } else {
1415 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1416 usb_kill_anchored_urbs(&data->isoc_anchor);
1417
1418 __set_isoc_interface(hdev, 0);
1419 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1420 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1421 }
1422 }
1423
1424 static void btusb_waker(struct work_struct *work)
1425 {
1426 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1427 int err;
1428
1429 err = usb_autopm_get_interface(data->intf);
1430 if (err < 0)
1431 return;
1432
1433 usb_autopm_put_interface(data->intf);
1434 }
1435
1436 static int btusb_setup_bcm92035(struct hci_dev *hdev)
1437 {
1438 struct sk_buff *skb;
1439 u8 val = 0x00;
1440
1441 BT_DBG("%s", hdev->name);
1442
1443 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1444 if (IS_ERR(skb))
1445 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
1446 else
1447 kfree_skb(skb);
1448
1449 return 0;
1450 }
1451
1452 static int btusb_setup_csr(struct hci_dev *hdev)
1453 {
1454 struct hci_rp_read_local_version *rp;
1455 struct sk_buff *skb;
1456
1457 BT_DBG("%s", hdev->name);
1458
1459 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1460 HCI_INIT_TIMEOUT);
1461 if (IS_ERR(skb)) {
1462 int err = PTR_ERR(skb);
1463 BT_ERR("%s: CSR: Local version failed (%d)", hdev->name, err);
1464 return err;
1465 }
1466
1467 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1468 BT_ERR("%s: CSR: Local version length mismatch", hdev->name);
1469 kfree_skb(skb);
1470 return -EIO;
1471 }
1472
1473 rp = (struct hci_rp_read_local_version *)skb->data;
1474
1475 /* Detect controllers which aren't real CSR ones. */
1476 if (le16_to_cpu(rp->manufacturer) != 10 ||
1477 le16_to_cpu(rp->lmp_subver) == 0x0c5c) {
1478 /* Clear the reset quirk since this is not an actual
1479 * early Bluetooth 1.1 device from CSR.
1480 */
1481 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1482
1483 /* These fake CSR controllers have all a broken
1484 * stored link key handling and so just disable it.
1485 */
1486 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1487 }
1488
1489 kfree_skb(skb);
1490
1491 return 0;
1492 }
1493
1494 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1495 struct intel_version *ver)
1496 {
1497 const struct firmware *fw;
1498 char fwname[64];
1499 int ret;
1500
1501 snprintf(fwname, sizeof(fwname),
1502 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1503 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1504 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1505 ver->fw_build_ww, ver->fw_build_yy);
1506
1507 ret = request_firmware(&fw, fwname, &hdev->dev);
1508 if (ret < 0) {
1509 if (ret == -EINVAL) {
1510 BT_ERR("%s Intel firmware file request failed (%d)",
1511 hdev->name, ret);
1512 return NULL;
1513 }
1514
1515 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1516 hdev->name, fwname, ret);
1517
1518 /* If the correct firmware patch file is not found, use the
1519 * default firmware patch file instead
1520 */
1521 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1522 ver->hw_platform, ver->hw_variant);
1523 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1524 BT_ERR("%s failed to open default Intel fw file: %s",
1525 hdev->name, fwname);
1526 return NULL;
1527 }
1528 }
1529
1530 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1531
1532 return fw;
1533 }
1534
1535 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1536 const struct firmware *fw,
1537 const u8 **fw_ptr, int *disable_patch)
1538 {
1539 struct sk_buff *skb;
1540 struct hci_command_hdr *cmd;
1541 const u8 *cmd_param;
1542 struct hci_event_hdr *evt = NULL;
1543 const u8 *evt_param = NULL;
1544 int remain = fw->size - (*fw_ptr - fw->data);
1545
1546 /* The first byte indicates the types of the patch command or event.
1547 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1548 * in the current firmware buffer doesn't start with 0x01 or
1549 * the size of remain buffer is smaller than HCI command header,
1550 * the firmware file is corrupted and it should stop the patching
1551 * process.
1552 */
1553 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1554 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1555 return -EINVAL;
1556 }
1557 (*fw_ptr)++;
1558 remain--;
1559
1560 cmd = (struct hci_command_hdr *)(*fw_ptr);
1561 *fw_ptr += sizeof(*cmd);
1562 remain -= sizeof(*cmd);
1563
1564 /* Ensure that the remain firmware data is long enough than the length
1565 * of command parameter. If not, the firmware file is corrupted.
1566 */
1567 if (remain < cmd->plen) {
1568 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1569 return -EFAULT;
1570 }
1571
1572 /* If there is a command that loads a patch in the firmware
1573 * file, then enable the patch upon success, otherwise just
1574 * disable the manufacturer mode, for example patch activation
1575 * is not required when the default firmware patch file is used
1576 * because there are no patch data to load.
1577 */
1578 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1579 *disable_patch = 0;
1580
1581 cmd_param = *fw_ptr;
1582 *fw_ptr += cmd->plen;
1583 remain -= cmd->plen;
1584
1585 /* This reads the expected events when the above command is sent to the
1586 * device. Some vendor commands expects more than one events, for
1587 * example command status event followed by vendor specific event.
1588 * For this case, it only keeps the last expected event. so the command
1589 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1590 * last expected event.
1591 */
1592 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1593 (*fw_ptr)++;
1594 remain--;
1595
1596 evt = (struct hci_event_hdr *)(*fw_ptr);
1597 *fw_ptr += sizeof(*evt);
1598 remain -= sizeof(*evt);
1599
1600 if (remain < evt->plen) {
1601 BT_ERR("%s Intel fw corrupted: invalid evt len",
1602 hdev->name);
1603 return -EFAULT;
1604 }
1605
1606 evt_param = *fw_ptr;
1607 *fw_ptr += evt->plen;
1608 remain -= evt->plen;
1609 }
1610
1611 /* Every HCI commands in the firmware file has its correspond event.
1612 * If event is not found or remain is smaller than zero, the firmware
1613 * file is corrupted.
1614 */
1615 if (!evt || !evt_param || remain < 0) {
1616 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1617 return -EFAULT;
1618 }
1619
1620 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1621 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1622 if (IS_ERR(skb)) {
1623 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1624 hdev->name, cmd->opcode, PTR_ERR(skb));
1625 return PTR_ERR(skb);
1626 }
1627
1628 /* It ensures that the returned event matches the event data read from
1629 * the firmware file. At fist, it checks the length and then
1630 * the contents of the event.
1631 */
1632 if (skb->len != evt->plen) {
1633 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1634 le16_to_cpu(cmd->opcode));
1635 kfree_skb(skb);
1636 return -EFAULT;
1637 }
1638
1639 if (memcmp(skb->data, evt_param, evt->plen)) {
1640 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1641 hdev->name, le16_to_cpu(cmd->opcode));
1642 kfree_skb(skb);
1643 return -EFAULT;
1644 }
1645 kfree_skb(skb);
1646
1647 return 0;
1648 }
1649
1650 static int btusb_setup_intel(struct hci_dev *hdev)
1651 {
1652 struct sk_buff *skb;
1653 const struct firmware *fw;
1654 const u8 *fw_ptr;
1655 int disable_patch, err;
1656 struct intel_version ver;
1657
1658 BT_DBG("%s", hdev->name);
1659
1660 /* The controller has a bug with the first HCI command sent to it
1661 * returning number of completed commands as zero. This would stall the
1662 * command processing in the Bluetooth core.
1663 *
1664 * As a workaround, send HCI Reset command first which will reset the
1665 * number of completed commands and allow normal command processing
1666 * from now on.
1667 */
1668 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1669 if (IS_ERR(skb)) {
1670 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1671 hdev->name, PTR_ERR(skb));
1672 return PTR_ERR(skb);
1673 }
1674 kfree_skb(skb);
1675
1676 /* Read Intel specific controller version first to allow selection of
1677 * which firmware file to load.
1678 *
1679 * The returned information are hardware variant and revision plus
1680 * firmware variant, revision and build number.
1681 */
1682 err = btintel_read_version(hdev, &ver);
1683 if (err)
1684 return err;
1685
1686 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1687 hdev->name, ver.hw_platform, ver.hw_variant, ver.hw_revision,
1688 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
1689 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
1690
1691 /* fw_patch_num indicates the version of patch the device currently
1692 * have. If there is no patch data in the device, it is always 0x00.
1693 * So, if it is other than 0x00, no need to patch the device again.
1694 */
1695 if (ver.fw_patch_num) {
1696 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1697 hdev->name, ver.fw_patch_num);
1698 goto complete;
1699 }
1700
1701 /* Opens the firmware patch file based on the firmware version read
1702 * from the controller. If it fails to open the matching firmware
1703 * patch file, it tries to open the default firmware patch file.
1704 * If no patch file is found, allow the device to operate without
1705 * a patch.
1706 */
1707 fw = btusb_setup_intel_get_fw(hdev, &ver);
1708 if (!fw)
1709 goto complete;
1710 fw_ptr = fw->data;
1711
1712 /* Enable the manufacturer mode of the controller.
1713 * Only while this mode is enabled, the driver can download the
1714 * firmware patch data and configuration parameters.
1715 */
1716 err = btintel_enter_mfg(hdev);
1717 if (err) {
1718 release_firmware(fw);
1719 return err;
1720 }
1721
1722 disable_patch = 1;
1723
1724 /* The firmware data file consists of list of Intel specific HCI
1725 * commands and its expected events. The first byte indicates the
1726 * type of the message, either HCI command or HCI event.
1727 *
1728 * It reads the command and its expected event from the firmware file,
1729 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1730 * the returned event is compared with the event read from the firmware
1731 * file and it will continue until all the messages are downloaded to
1732 * the controller.
1733 *
1734 * Once the firmware patching is completed successfully,
1735 * the manufacturer mode is disabled with reset and activating the
1736 * downloaded patch.
1737 *
1738 * If the firmware patching fails, the manufacturer mode is
1739 * disabled with reset and deactivating the patch.
1740 *
1741 * If the default patch file is used, no reset is done when disabling
1742 * the manufacturer.
1743 */
1744 while (fw->size > fw_ptr - fw->data) {
1745 int ret;
1746
1747 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1748 &disable_patch);
1749 if (ret < 0)
1750 goto exit_mfg_deactivate;
1751 }
1752
1753 release_firmware(fw);
1754
1755 if (disable_patch)
1756 goto exit_mfg_disable;
1757
1758 /* Patching completed successfully and disable the manufacturer mode
1759 * with reset and activate the downloaded firmware patches.
1760 */
1761 err = btintel_exit_mfg(hdev, true, true);
1762 if (err)
1763 return err;
1764
1765 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1766 hdev->name);
1767
1768 goto complete;
1769
1770 exit_mfg_disable:
1771 /* Disable the manufacturer mode without reset */
1772 err = btintel_exit_mfg(hdev, false, false);
1773 if (err)
1774 return err;
1775
1776 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1777
1778 goto complete;
1779
1780 exit_mfg_deactivate:
1781 release_firmware(fw);
1782
1783 /* Patching failed. Disable the manufacturer mode with reset and
1784 * deactivate the downloaded firmware patches.
1785 */
1786 err = btintel_exit_mfg(hdev, true, false);
1787 if (err)
1788 return err;
1789
1790 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1791 hdev->name);
1792
1793 complete:
1794 /* Set the event mask for Intel specific vendor events. This enables
1795 * a few extra events that are useful during general operation.
1796 */
1797 btintel_set_event_mask_mfg(hdev, false);
1798
1799 btintel_check_bdaddr(hdev);
1800 return 0;
1801 }
1802
1803 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1804 {
1805 struct sk_buff *skb;
1806 struct hci_event_hdr *hdr;
1807 struct hci_ev_cmd_complete *evt;
1808
1809 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
1810 if (!skb)
1811 return -ENOMEM;
1812
1813 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr));
1814 hdr->evt = HCI_EV_CMD_COMPLETE;
1815 hdr->plen = sizeof(*evt) + 1;
1816
1817 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt));
1818 evt->ncmd = 0x01;
1819 evt->opcode = cpu_to_le16(opcode);
1820
1821 *skb_put(skb, 1) = 0x00;
1822
1823 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1824
1825 return hci_recv_frame(hdev, skb);
1826 }
1827
1828 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1829 int count)
1830 {
1831 /* When the device is in bootloader mode, then it can send
1832 * events via the bulk endpoint. These events are treated the
1833 * same way as the ones received from the interrupt endpoint.
1834 */
1835 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
1836 return btusb_recv_intr(data, buffer, count);
1837
1838 return btusb_recv_bulk(data, buffer, count);
1839 }
1840
1841 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
1842 unsigned int len)
1843 {
1844 const struct intel_bootup *evt = ptr;
1845
1846 if (len != sizeof(*evt))
1847 return;
1848
1849 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) {
1850 smp_mb__after_atomic();
1851 wake_up_bit(&data->flags, BTUSB_BOOTING);
1852 }
1853 }
1854
1855 static void btusb_intel_secure_send_result(struct btusb_data *data,
1856 const void *ptr, unsigned int len)
1857 {
1858 const struct intel_secure_send_result *evt = ptr;
1859
1860 if (len != sizeof(*evt))
1861 return;
1862
1863 if (evt->result)
1864 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
1865
1866 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
1867 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) {
1868 smp_mb__after_atomic();
1869 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
1870 }
1871 }
1872
1873 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
1874 {
1875 struct btusb_data *data = hci_get_drvdata(hdev);
1876
1877 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1878 struct hci_event_hdr *hdr = (void *)skb->data;
1879
1880 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
1881 hdr->plen > 0) {
1882 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
1883 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
1884
1885 switch (skb->data[2]) {
1886 case 0x02:
1887 /* When switching to the operational firmware
1888 * the device sends a vendor specific event
1889 * indicating that the bootup completed.
1890 */
1891 btusb_intel_bootup(data, ptr, len);
1892 break;
1893 case 0x06:
1894 /* When the firmware loading completes the
1895 * device sends out a vendor specific event
1896 * indicating the result of the firmware
1897 * loading.
1898 */
1899 btusb_intel_secure_send_result(data, ptr, len);
1900 break;
1901 }
1902 }
1903 }
1904
1905 return hci_recv_frame(hdev, skb);
1906 }
1907
1908 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
1909 {
1910 struct btusb_data *data = hci_get_drvdata(hdev);
1911 struct urb *urb;
1912
1913 BT_DBG("%s", hdev->name);
1914
1915 switch (hci_skb_pkt_type(skb)) {
1916 case HCI_COMMAND_PKT:
1917 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1918 struct hci_command_hdr *cmd = (void *)skb->data;
1919 __u16 opcode = le16_to_cpu(cmd->opcode);
1920
1921 /* When in bootloader mode and the command 0xfc09
1922 * is received, it needs to be send down the
1923 * bulk endpoint. So allocate a bulk URB instead.
1924 */
1925 if (opcode == 0xfc09)
1926 urb = alloc_bulk_urb(hdev, skb);
1927 else
1928 urb = alloc_ctrl_urb(hdev, skb);
1929
1930 /* When the 0xfc01 command is issued to boot into
1931 * the operational firmware, it will actually not
1932 * send a command complete event. To keep the flow
1933 * control working inject that event here.
1934 */
1935 if (opcode == 0xfc01)
1936 inject_cmd_complete(hdev, opcode);
1937 } else {
1938 urb = alloc_ctrl_urb(hdev, skb);
1939 }
1940 if (IS_ERR(urb))
1941 return PTR_ERR(urb);
1942
1943 hdev->stat.cmd_tx++;
1944 return submit_or_queue_tx_urb(hdev, urb);
1945
1946 case HCI_ACLDATA_PKT:
1947 urb = alloc_bulk_urb(hdev, skb);
1948 if (IS_ERR(urb))
1949 return PTR_ERR(urb);
1950
1951 hdev->stat.acl_tx++;
1952 return submit_or_queue_tx_urb(hdev, urb);
1953
1954 case HCI_SCODATA_PKT:
1955 if (hci_conn_num(hdev, SCO_LINK) < 1)
1956 return -ENODEV;
1957
1958 urb = alloc_isoc_urb(hdev, skb);
1959 if (IS_ERR(urb))
1960 return PTR_ERR(urb);
1961
1962 hdev->stat.sco_tx++;
1963 return submit_tx_urb(hdev, urb);
1964 }
1965
1966 return -EILSEQ;
1967 }
1968
1969 static int btusb_setup_intel_new(struct hci_dev *hdev)
1970 {
1971 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01,
1972 0x00, 0x08, 0x04, 0x00 };
1973 struct btusb_data *data = hci_get_drvdata(hdev);
1974 struct sk_buff *skb;
1975 struct intel_version ver;
1976 struct intel_boot_params *params;
1977 const struct firmware *fw;
1978 const u8 *fw_ptr;
1979 u32 frag_len;
1980 char fwname[64];
1981 ktime_t calltime, delta, rettime;
1982 unsigned long long duration;
1983 int err;
1984
1985 BT_DBG("%s", hdev->name);
1986
1987 calltime = ktime_get();
1988
1989 /* Read the Intel version information to determine if the device
1990 * is in bootloader mode or if it already has operational firmware
1991 * loaded.
1992 */
1993 err = btintel_read_version(hdev, &ver);
1994 if (err)
1995 return err;
1996
1997 /* The hardware platform number has a fixed value of 0x37 and
1998 * for now only accept this single value.
1999 */
2000 if (ver.hw_platform != 0x37) {
2001 BT_ERR("%s: Unsupported Intel hardware platform (%u)",
2002 hdev->name, ver.hw_platform);
2003 return -EINVAL;
2004 }
2005
2006 /* At the moment the iBT 3.0 hardware variants 0x0b (LnP/SfP)
2007 * and 0x0c (WsP) are supported by this firmware loading method.
2008 *
2009 * This check has been put in place to ensure correct forward
2010 * compatibility options when newer hardware variants come along.
2011 */
2012 if (ver.hw_variant != 0x0b && ver.hw_variant != 0x0c) {
2013 BT_ERR("%s: Unsupported Intel hardware variant (%u)",
2014 hdev->name, ver.hw_variant);
2015 return -EINVAL;
2016 }
2017
2018 btintel_version_info(hdev, &ver);
2019
2020 /* The firmware variant determines if the device is in bootloader
2021 * mode or is running operational firmware. The value 0x06 identifies
2022 * the bootloader and the value 0x23 identifies the operational
2023 * firmware.
2024 *
2025 * When the operational firmware is already present, then only
2026 * the check for valid Bluetooth device address is needed. This
2027 * determines if the device will be added as configured or
2028 * unconfigured controller.
2029 *
2030 * It is not possible to use the Secure Boot Parameters in this
2031 * case since that command is only available in bootloader mode.
2032 */
2033 if (ver.fw_variant == 0x23) {
2034 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2035 btintel_check_bdaddr(hdev);
2036 return 0;
2037 }
2038
2039 /* If the device is not in bootloader mode, then the only possible
2040 * choice is to return an error and abort the device initialization.
2041 */
2042 if (ver.fw_variant != 0x06) {
2043 BT_ERR("%s: Unsupported Intel firmware variant (%u)",
2044 hdev->name, ver.fw_variant);
2045 return -ENODEV;
2046 }
2047
2048 /* Read the secure boot parameters to identify the operating
2049 * details of the bootloader.
2050 */
2051 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
2052 if (IS_ERR(skb)) {
2053 BT_ERR("%s: Reading Intel boot parameters failed (%ld)",
2054 hdev->name, PTR_ERR(skb));
2055 return PTR_ERR(skb);
2056 }
2057
2058 if (skb->len != sizeof(*params)) {
2059 BT_ERR("%s: Intel boot parameters size mismatch", hdev->name);
2060 kfree_skb(skb);
2061 return -EILSEQ;
2062 }
2063
2064 params = (struct intel_boot_params *)skb->data;
2065
2066 BT_INFO("%s: Device revision is %u", hdev->name,
2067 le16_to_cpu(params->dev_revid));
2068
2069 BT_INFO("%s: Secure boot is %s", hdev->name,
2070 params->secure_boot ? "enabled" : "disabled");
2071
2072 BT_INFO("%s: OTP lock is %s", hdev->name,
2073 params->otp_lock ? "enabled" : "disabled");
2074
2075 BT_INFO("%s: API lock is %s", hdev->name,
2076 params->api_lock ? "enabled" : "disabled");
2077
2078 BT_INFO("%s: Debug lock is %s", hdev->name,
2079 params->debug_lock ? "enabled" : "disabled");
2080
2081 BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name,
2082 params->min_fw_build_nn, params->min_fw_build_cw,
2083 2000 + params->min_fw_build_yy);
2084
2085 /* It is required that every single firmware fragment is acknowledged
2086 * with a command complete event. If the boot parameters indicate
2087 * that this bootloader does not send them, then abort the setup.
2088 */
2089 if (params->limited_cce != 0x00) {
2090 BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2091 hdev->name, params->limited_cce);
2092 kfree_skb(skb);
2093 return -EINVAL;
2094 }
2095
2096 /* If the OTP has no valid Bluetooth device address, then there will
2097 * also be no valid address for the operational firmware.
2098 */
2099 if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) {
2100 BT_INFO("%s: No device address configured", hdev->name);
2101 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2102 }
2103
2104 /* With this Intel bootloader only the hardware variant and device
2105 * revision information are used to select the right firmware.
2106 *
2107 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2108 *
2109 * Currently the supported hardware variants are:
2110 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2111 * 12 (0x0c) for iBT3.5 (WsP)
2112 */
2113 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
2114 le16_to_cpu(ver.hw_variant),
2115 le16_to_cpu(params->dev_revid));
2116
2117 err = request_firmware(&fw, fwname, &hdev->dev);
2118 if (err < 0) {
2119 BT_ERR("%s: Failed to load Intel firmware file (%d)",
2120 hdev->name, err);
2121 kfree_skb(skb);
2122 return err;
2123 }
2124
2125 BT_INFO("%s: Found device firmware: %s", hdev->name, fwname);
2126
2127 /* Save the DDC file name for later use to apply once the firmware
2128 * downloading is done.
2129 */
2130 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
2131 le16_to_cpu(ver.hw_variant),
2132 le16_to_cpu(params->dev_revid));
2133
2134 kfree_skb(skb);
2135
2136 if (fw->size < 644) {
2137 BT_ERR("%s: Invalid size of firmware file (%zu)",
2138 hdev->name, fw->size);
2139 err = -EBADF;
2140 goto done;
2141 }
2142
2143 set_bit(BTUSB_DOWNLOADING, &data->flags);
2144
2145 /* Start the firmware download transaction with the Init fragment
2146 * represented by the 128 bytes of CSS header.
2147 */
2148 err = btintel_secure_send(hdev, 0x00, 128, fw->data);
2149 if (err < 0) {
2150 BT_ERR("%s: Failed to send firmware header (%d)",
2151 hdev->name, err);
2152 goto done;
2153 }
2154
2155 /* Send the 256 bytes of public key information from the firmware
2156 * as the PKey fragment.
2157 */
2158 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
2159 if (err < 0) {
2160 BT_ERR("%s: Failed to send firmware public key (%d)",
2161 hdev->name, err);
2162 goto done;
2163 }
2164
2165 /* Send the 256 bytes of signature information from the firmware
2166 * as the Sign fragment.
2167 */
2168 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
2169 if (err < 0) {
2170 BT_ERR("%s: Failed to send firmware signature (%d)",
2171 hdev->name, err);
2172 goto done;
2173 }
2174
2175 fw_ptr = fw->data + 644;
2176 frag_len = 0;
2177
2178 while (fw_ptr - fw->data < fw->size) {
2179 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
2180
2181 frag_len += sizeof(*cmd) + cmd->plen;
2182
2183 /* The parameter length of the secure send command requires
2184 * a 4 byte alignment. It happens so that the firmware file
2185 * contains proper Intel_NOP commands to align the fragments
2186 * as needed.
2187 *
2188 * Send set of commands with 4 byte alignment from the
2189 * firmware data buffer as a single Data fragement.
2190 */
2191 if (!(frag_len % 4)) {
2192 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
2193 if (err < 0) {
2194 BT_ERR("%s: Failed to send firmware data (%d)",
2195 hdev->name, err);
2196 goto done;
2197 }
2198
2199 fw_ptr += frag_len;
2200 frag_len = 0;
2201 }
2202 }
2203
2204 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2205
2206 BT_INFO("%s: Waiting for firmware download to complete", hdev->name);
2207
2208 /* Before switching the device into operational mode and with that
2209 * booting the loaded firmware, wait for the bootloader notification
2210 * that all fragments have been successfully received.
2211 *
2212 * When the event processing receives the notification, then the
2213 * BTUSB_DOWNLOADING flag will be cleared.
2214 *
2215 * The firmware loading should not take longer than 5 seconds
2216 * and thus just timeout if that happens and fail the setup
2217 * of this device.
2218 */
2219 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2220 TASK_INTERRUPTIBLE,
2221 msecs_to_jiffies(5000));
2222 if (err == 1) {
2223 BT_ERR("%s: Firmware loading interrupted", hdev->name);
2224 err = -EINTR;
2225 goto done;
2226 }
2227
2228 if (err) {
2229 BT_ERR("%s: Firmware loading timeout", hdev->name);
2230 err = -ETIMEDOUT;
2231 goto done;
2232 }
2233
2234 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2235 BT_ERR("%s: Firmware loading failed", hdev->name);
2236 err = -ENOEXEC;
2237 goto done;
2238 }
2239
2240 rettime = ktime_get();
2241 delta = ktime_sub(rettime, calltime);
2242 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2243
2244 BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration);
2245
2246 done:
2247 release_firmware(fw);
2248
2249 if (err < 0)
2250 return err;
2251
2252 calltime = ktime_get();
2253
2254 set_bit(BTUSB_BOOTING, &data->flags);
2255
2256 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param,
2257 HCI_INIT_TIMEOUT);
2258 if (IS_ERR(skb))
2259 return PTR_ERR(skb);
2260
2261 kfree_skb(skb);
2262
2263 /* The bootloader will not indicate when the device is ready. This
2264 * is done by the operational firmware sending bootup notification.
2265 *
2266 * Booting into operational firmware should not take longer than
2267 * 1 second. However if that happens, then just fail the setup
2268 * since something went wrong.
2269 */
2270 BT_INFO("%s: Waiting for device to boot", hdev->name);
2271
2272 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2273 TASK_INTERRUPTIBLE,
2274 msecs_to_jiffies(1000));
2275
2276 if (err == 1) {
2277 BT_ERR("%s: Device boot interrupted", hdev->name);
2278 return -EINTR;
2279 }
2280
2281 if (err) {
2282 BT_ERR("%s: Device boot timeout", hdev->name);
2283 return -ETIMEDOUT;
2284 }
2285
2286 rettime = ktime_get();
2287 delta = ktime_sub(rettime, calltime);
2288 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2289
2290 BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration);
2291
2292 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2293
2294 /* Once the device is running in operational mode, it needs to apply
2295 * the device configuration (DDC) parameters.
2296 *
2297 * The device can work without DDC parameters, so even if it fails
2298 * to load the file, no need to fail the setup.
2299 */
2300 btintel_load_ddc_config(hdev, fwname);
2301
2302 /* Set the event mask for Intel specific vendor events. This enables
2303 * a few extra events that are useful during general operation. It
2304 * does not enable any debugging related events.
2305 *
2306 * The device will function correctly without these events enabled
2307 * and thus no need to fail the setup.
2308 */
2309 btintel_set_event_mask(hdev, false);
2310
2311 return 0;
2312 }
2313
2314 static int btusb_shutdown_intel(struct hci_dev *hdev)
2315 {
2316 struct sk_buff *skb;
2317 long ret;
2318
2319 /* Some platforms have an issue with BT LED when the interface is
2320 * down or BT radio is turned off, which takes 5 seconds to BT LED
2321 * goes off. This command turns off the BT LED immediately.
2322 */
2323 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2324 if (IS_ERR(skb)) {
2325 ret = PTR_ERR(skb);
2326 BT_ERR("%s: turning off Intel device LED failed (%ld)",
2327 hdev->name, ret);
2328 return ret;
2329 }
2330 kfree_skb(skb);
2331
2332 return 0;
2333 }
2334
2335 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
2336 const bdaddr_t *bdaddr)
2337 {
2338 struct sk_buff *skb;
2339 u8 buf[8];
2340 long ret;
2341
2342 buf[0] = 0xfe;
2343 buf[1] = sizeof(bdaddr_t);
2344 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
2345
2346 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2347 if (IS_ERR(skb)) {
2348 ret = PTR_ERR(skb);
2349 BT_ERR("%s: changing Marvell device address failed (%ld)",
2350 hdev->name, ret);
2351 return ret;
2352 }
2353 kfree_skb(skb);
2354
2355 return 0;
2356 }
2357
2358 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
2359 const bdaddr_t *bdaddr)
2360 {
2361 struct sk_buff *skb;
2362 u8 buf[10];
2363 long ret;
2364
2365 buf[0] = 0x01;
2366 buf[1] = 0x01;
2367 buf[2] = 0x00;
2368 buf[3] = sizeof(bdaddr_t);
2369 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
2370
2371 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2372 if (IS_ERR(skb)) {
2373 ret = PTR_ERR(skb);
2374 BT_ERR("%s: Change address command failed (%ld)",
2375 hdev->name, ret);
2376 return ret;
2377 }
2378 kfree_skb(skb);
2379
2380 return 0;
2381 }
2382
2383 #define QCA_DFU_PACKET_LEN 4096
2384
2385 #define QCA_GET_TARGET_VERSION 0x09
2386 #define QCA_CHECK_STATUS 0x05
2387 #define QCA_DFU_DOWNLOAD 0x01
2388
2389 #define QCA_SYSCFG_UPDATED 0x40
2390 #define QCA_PATCH_UPDATED 0x80
2391 #define QCA_DFU_TIMEOUT 3000
2392
2393 struct qca_version {
2394 __le32 rom_version;
2395 __le32 patch_version;
2396 __le32 ram_version;
2397 __le32 ref_clock;
2398 __u8 reserved[4];
2399 } __packed;
2400
2401 struct qca_rampatch_version {
2402 __le16 rom_version;
2403 __le16 patch_version;
2404 } __packed;
2405
2406 struct qca_device_info {
2407 u32 rom_version;
2408 u8 rampatch_hdr; /* length of header in rampatch */
2409 u8 nvm_hdr; /* length of header in NVM */
2410 u8 ver_offset; /* offset of version structure in rampatch */
2411 };
2412
2413 static const struct qca_device_info qca_devices_table[] = {
2414 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
2415 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
2416 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
2417 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
2418 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
2419 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
2420 };
2421
2422 static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request,
2423 void *data, u16 size)
2424 {
2425 struct btusb_data *btdata = hci_get_drvdata(hdev);
2426 struct usb_device *udev = btdata->udev;
2427 int pipe, err;
2428 u8 *buf;
2429
2430 buf = kmalloc(size, GFP_KERNEL);
2431 if (!buf)
2432 return -ENOMEM;
2433
2434 /* Found some of USB hosts have IOT issues with ours so that we should
2435 * not wait until HCI layer is ready.
2436 */
2437 pipe = usb_rcvctrlpipe(udev, 0);
2438 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
2439 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2440 if (err < 0) {
2441 BT_ERR("%s: Failed to access otp area (%d)", hdev->name, err);
2442 goto done;
2443 }
2444
2445 memcpy(data, buf, size);
2446
2447 done:
2448 kfree(buf);
2449
2450 return err;
2451 }
2452
2453 static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
2454 const struct firmware *firmware,
2455 size_t hdr_size)
2456 {
2457 struct btusb_data *btdata = hci_get_drvdata(hdev);
2458 struct usb_device *udev = btdata->udev;
2459 size_t count, size, sent = 0;
2460 int pipe, len, err;
2461 u8 *buf;
2462
2463 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
2464 if (!buf)
2465 return -ENOMEM;
2466
2467 count = firmware->size;
2468
2469 size = min_t(size_t, count, hdr_size);
2470 memcpy(buf, firmware->data, size);
2471
2472 /* USB patches should go down to controller through USB path
2473 * because binary format fits to go down through USB channel.
2474 * USB control path is for patching headers and USB bulk is for
2475 * patch body.
2476 */
2477 pipe = usb_sndctrlpipe(udev, 0);
2478 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
2479 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2480 if (err < 0) {
2481 BT_ERR("%s: Failed to send headers (%d)", hdev->name, err);
2482 goto done;
2483 }
2484
2485 sent += size;
2486 count -= size;
2487
2488 while (count) {
2489 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
2490
2491 memcpy(buf, firmware->data + sent, size);
2492
2493 pipe = usb_sndbulkpipe(udev, 0x02);
2494 err = usb_bulk_msg(udev, pipe, buf, size, &len,
2495 QCA_DFU_TIMEOUT);
2496 if (err < 0) {
2497 BT_ERR("%s: Failed to send body at %zd of %zd (%d)",
2498 hdev->name, sent, firmware->size, err);
2499 break;
2500 }
2501
2502 if (size != len) {
2503 BT_ERR("%s: Failed to get bulk buffer", hdev->name);
2504 err = -EILSEQ;
2505 break;
2506 }
2507
2508 sent += size;
2509 count -= size;
2510 }
2511
2512 done:
2513 kfree(buf);
2514 return err;
2515 }
2516
2517 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
2518 struct qca_version *ver,
2519 const struct qca_device_info *info)
2520 {
2521 struct qca_rampatch_version *rver;
2522 const struct firmware *fw;
2523 u32 ver_rom, ver_patch;
2524 u16 rver_rom, rver_patch;
2525 char fwname[64];
2526 int err;
2527
2528 ver_rom = le32_to_cpu(ver->rom_version);
2529 ver_patch = le32_to_cpu(ver->patch_version);
2530
2531 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
2532
2533 err = request_firmware(&fw, fwname, &hdev->dev);
2534 if (err) {
2535 BT_ERR("%s: failed to request rampatch file: %s (%d)",
2536 hdev->name, fwname, err);
2537 return err;
2538 }
2539
2540 BT_INFO("%s: using rampatch file: %s", hdev->name, fwname);
2541
2542 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
2543 rver_rom = le16_to_cpu(rver->rom_version);
2544 rver_patch = le16_to_cpu(rver->patch_version);
2545
2546 BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x "
2547 "build 0x%x", hdev->name, rver_rom, rver_patch, ver_rom,
2548 ver_patch);
2549
2550 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
2551 BT_ERR("%s: rampatch file version did not match with firmware",
2552 hdev->name);
2553 err = -EINVAL;
2554 goto done;
2555 }
2556
2557 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
2558
2559 done:
2560 release_firmware(fw);
2561
2562 return err;
2563 }
2564
2565 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
2566 struct qca_version *ver,
2567 const struct qca_device_info *info)
2568 {
2569 const struct firmware *fw;
2570 char fwname[64];
2571 int err;
2572
2573 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
2574 le32_to_cpu(ver->rom_version));
2575
2576 err = request_firmware(&fw, fwname, &hdev->dev);
2577 if (err) {
2578 BT_ERR("%s: failed to request NVM file: %s (%d)",
2579 hdev->name, fwname, err);
2580 return err;
2581 }
2582
2583 BT_INFO("%s: using NVM file: %s", hdev->name, fwname);
2584
2585 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
2586
2587 release_firmware(fw);
2588
2589 return err;
2590 }
2591
2592 static int btusb_setup_qca(struct hci_dev *hdev)
2593 {
2594 const struct qca_device_info *info = NULL;
2595 struct qca_version ver;
2596 u32 ver_rom;
2597 u8 status;
2598 int i, err;
2599
2600 err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver,
2601 sizeof(ver));
2602 if (err < 0)
2603 return err;
2604
2605 ver_rom = le32_to_cpu(ver.rom_version);
2606 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
2607 if (ver_rom == qca_devices_table[i].rom_version)
2608 info = &qca_devices_table[i];
2609 }
2610 if (!info) {
2611 BT_ERR("%s: don't support firmware rome 0x%x", hdev->name,
2612 ver_rom);
2613 return -ENODEV;
2614 }
2615
2616 err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status,
2617 sizeof(status));
2618 if (err < 0)
2619 return err;
2620
2621 if (!(status & QCA_PATCH_UPDATED)) {
2622 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
2623 if (err < 0)
2624 return err;
2625 }
2626
2627 if (!(status & QCA_SYSCFG_UPDATED)) {
2628 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
2629 if (err < 0)
2630 return err;
2631 }
2632
2633 return 0;
2634 }
2635
2636 #ifdef CONFIG_BT_HCIBTUSB_BCM
2637 static inline int __set_diag_interface(struct hci_dev *hdev)
2638 {
2639 struct btusb_data *data = hci_get_drvdata(hdev);
2640 struct usb_interface *intf = data->diag;
2641 int i;
2642
2643 if (!data->diag)
2644 return -ENODEV;
2645
2646 data->diag_tx_ep = NULL;
2647 data->diag_rx_ep = NULL;
2648
2649 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2650 struct usb_endpoint_descriptor *ep_desc;
2651
2652 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2653
2654 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2655 data->diag_tx_ep = ep_desc;
2656 continue;
2657 }
2658
2659 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2660 data->diag_rx_ep = ep_desc;
2661 continue;
2662 }
2663 }
2664
2665 if (!data->diag_tx_ep || !data->diag_rx_ep) {
2666 BT_ERR("%s invalid diagnostic descriptors", hdev->name);
2667 return -ENODEV;
2668 }
2669
2670 return 0;
2671 }
2672
2673 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
2674 {
2675 struct btusb_data *data = hci_get_drvdata(hdev);
2676 struct sk_buff *skb;
2677 struct urb *urb;
2678 unsigned int pipe;
2679
2680 if (!data->diag_tx_ep)
2681 return ERR_PTR(-ENODEV);
2682
2683 urb = usb_alloc_urb(0, GFP_KERNEL);
2684 if (!urb)
2685 return ERR_PTR(-ENOMEM);
2686
2687 skb = bt_skb_alloc(2, GFP_KERNEL);
2688 if (!skb) {
2689 usb_free_urb(urb);
2690 return ERR_PTR(-ENOMEM);
2691 }
2692
2693 *skb_put(skb, 1) = 0xf0;
2694 *skb_put(skb, 1) = enable;
2695
2696 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
2697
2698 usb_fill_bulk_urb(urb, data->udev, pipe,
2699 skb->data, skb->len, btusb_tx_complete, skb);
2700
2701 skb->dev = (void *)hdev;
2702
2703 return urb;
2704 }
2705
2706 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
2707 {
2708 struct btusb_data *data = hci_get_drvdata(hdev);
2709 struct urb *urb;
2710
2711 if (!data->diag)
2712 return -ENODEV;
2713
2714 if (!test_bit(HCI_RUNNING, &hdev->flags))
2715 return -ENETDOWN;
2716
2717 urb = alloc_diag_urb(hdev, enable);
2718 if (IS_ERR(urb))
2719 return PTR_ERR(urb);
2720
2721 return submit_or_queue_tx_urb(hdev, urb);
2722 }
2723 #endif
2724
2725 static int btusb_probe(struct usb_interface *intf,
2726 const struct usb_device_id *id)
2727 {
2728 struct usb_endpoint_descriptor *ep_desc;
2729 struct btusb_data *data;
2730 struct hci_dev *hdev;
2731 unsigned ifnum_base;
2732 int i, err;
2733
2734 BT_DBG("intf %p id %p", intf, id);
2735
2736 /* interface numbers are hardcoded in the spec */
2737 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
2738 if (!(id->driver_info & BTUSB_IFNUM_2))
2739 return -ENODEV;
2740 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
2741 return -ENODEV;
2742 }
2743
2744 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
2745
2746 if (!id->driver_info) {
2747 const struct usb_device_id *match;
2748
2749 match = usb_match_id(intf, blacklist_table);
2750 if (match)
2751 id = match;
2752 }
2753
2754 if (id->driver_info == BTUSB_IGNORE)
2755 return -ENODEV;
2756
2757 if (id->driver_info & BTUSB_ATH3012) {
2758 struct usb_device *udev = interface_to_usbdev(intf);
2759
2760 /* Old firmware would otherwise let ath3k driver load
2761 * patch and sysconfig files */
2762 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
2763 return -ENODEV;
2764 }
2765
2766 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
2767 if (!data)
2768 return -ENOMEM;
2769
2770 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2771 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2772
2773 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2774 data->intr_ep = ep_desc;
2775 continue;
2776 }
2777
2778 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2779 data->bulk_tx_ep = ep_desc;
2780 continue;
2781 }
2782
2783 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2784 data->bulk_rx_ep = ep_desc;
2785 continue;
2786 }
2787 }
2788
2789 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
2790 return -ENODEV;
2791
2792 if (id->driver_info & BTUSB_AMP) {
2793 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
2794 data->cmdreq = 0x2b;
2795 } else {
2796 data->cmdreq_type = USB_TYPE_CLASS;
2797 data->cmdreq = 0x00;
2798 }
2799
2800 data->udev = interface_to_usbdev(intf);
2801 data->intf = intf;
2802
2803 INIT_WORK(&data->work, btusb_work);
2804 INIT_WORK(&data->waker, btusb_waker);
2805 init_usb_anchor(&data->deferred);
2806 init_usb_anchor(&data->tx_anchor);
2807 spin_lock_init(&data->txlock);
2808
2809 init_usb_anchor(&data->intr_anchor);
2810 init_usb_anchor(&data->bulk_anchor);
2811 init_usb_anchor(&data->isoc_anchor);
2812 init_usb_anchor(&data->diag_anchor);
2813 spin_lock_init(&data->rxlock);
2814
2815 if (id->driver_info & BTUSB_INTEL_NEW) {
2816 data->recv_event = btusb_recv_event_intel;
2817 data->recv_bulk = btusb_recv_bulk_intel;
2818 set_bit(BTUSB_BOOTLOADER, &data->flags);
2819 } else {
2820 data->recv_event = hci_recv_frame;
2821 data->recv_bulk = btusb_recv_bulk;
2822 }
2823
2824 hdev = hci_alloc_dev();
2825 if (!hdev)
2826 return -ENOMEM;
2827
2828 hdev->bus = HCI_USB;
2829 hci_set_drvdata(hdev, data);
2830
2831 if (id->driver_info & BTUSB_AMP)
2832 hdev->dev_type = HCI_AMP;
2833 else
2834 hdev->dev_type = HCI_BREDR;
2835
2836 data->hdev = hdev;
2837
2838 SET_HCIDEV_DEV(hdev, &intf->dev);
2839
2840 hdev->open = btusb_open;
2841 hdev->close = btusb_close;
2842 hdev->flush = btusb_flush;
2843 hdev->send = btusb_send_frame;
2844 hdev->notify = btusb_notify;
2845
2846 if (id->driver_info & BTUSB_BCM2045)
2847 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
2848
2849 if (id->driver_info & BTUSB_BCM92035)
2850 hdev->setup = btusb_setup_bcm92035;
2851
2852 #ifdef CONFIG_BT_HCIBTUSB_BCM
2853 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
2854 hdev->manufacturer = 15;
2855 hdev->setup = btbcm_setup_patchram;
2856 hdev->set_diag = btusb_bcm_set_diag;
2857 hdev->set_bdaddr = btbcm_set_bdaddr;
2858
2859 /* Broadcom LM_DIAG Interface numbers are hardcoded */
2860 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
2861 }
2862
2863 if (id->driver_info & BTUSB_BCM_APPLE) {
2864 hdev->manufacturer = 15;
2865 hdev->setup = btbcm_setup_apple;
2866 hdev->set_diag = btusb_bcm_set_diag;
2867
2868 /* Broadcom LM_DIAG Interface numbers are hardcoded */
2869 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
2870 }
2871 #endif
2872
2873 if (id->driver_info & BTUSB_INTEL) {
2874 hdev->manufacturer = 2;
2875 hdev->setup = btusb_setup_intel;
2876 hdev->shutdown = btusb_shutdown_intel;
2877 hdev->set_diag = btintel_set_diag_mfg;
2878 hdev->set_bdaddr = btintel_set_bdaddr;
2879 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
2880 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2881 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
2882 }
2883
2884 if (id->driver_info & BTUSB_INTEL_NEW) {
2885 hdev->manufacturer = 2;
2886 hdev->send = btusb_send_frame_intel;
2887 hdev->setup = btusb_setup_intel_new;
2888 hdev->hw_error = btintel_hw_error;
2889 hdev->set_diag = btintel_set_diag;
2890 hdev->set_bdaddr = btintel_set_bdaddr;
2891 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
2892 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
2893 }
2894
2895 if (id->driver_info & BTUSB_MARVELL)
2896 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
2897
2898 if (id->driver_info & BTUSB_SWAVE) {
2899 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
2900 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
2901 }
2902
2903 if (id->driver_info & BTUSB_INTEL_BOOT) {
2904 hdev->manufacturer = 2;
2905 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
2906 }
2907
2908 if (id->driver_info & BTUSB_ATH3012) {
2909 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
2910 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2911 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
2912 }
2913
2914 if (id->driver_info & BTUSB_QCA_ROME) {
2915 data->setup_on_usb = btusb_setup_qca;
2916 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
2917 }
2918
2919 #ifdef CONFIG_BT_HCIBTUSB_RTL
2920 if (id->driver_info & BTUSB_REALTEK) {
2921 hdev->setup = btrtl_setup_realtek;
2922
2923 /* Realtek devices lose their updated firmware over suspend,
2924 * but the USB hub doesn't notice any status change.
2925 * Explicitly request a device reset on resume.
2926 */
2927 set_bit(BTUSB_RESET_RESUME, &data->flags);
2928 }
2929 #endif
2930
2931 if (id->driver_info & BTUSB_AMP) {
2932 /* AMP controllers do not support SCO packets */
2933 data->isoc = NULL;
2934 } else {
2935 /* Interface orders are hardcoded in the specification */
2936 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
2937 }
2938
2939 if (!reset)
2940 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
2941
2942 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
2943 if (!disable_scofix)
2944 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
2945 }
2946
2947 if (id->driver_info & BTUSB_BROKEN_ISOC)
2948 data->isoc = NULL;
2949
2950 if (id->driver_info & BTUSB_DIGIANSWER) {
2951 data->cmdreq_type = USB_TYPE_VENDOR;
2952 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
2953 }
2954
2955 if (id->driver_info & BTUSB_CSR) {
2956 struct usb_device *udev = data->udev;
2957 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
2958
2959 /* Old firmware would otherwise execute USB reset */
2960 if (bcdDevice < 0x117)
2961 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
2962
2963 /* Fake CSR devices with broken commands */
2964 if (bcdDevice <= 0x100 || bcdDevice == 0x134)
2965 hdev->setup = btusb_setup_csr;
2966
2967 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2968 }
2969
2970 if (id->driver_info & BTUSB_SNIFFER) {
2971 struct usb_device *udev = data->udev;
2972
2973 /* New sniffer firmware has crippled HCI interface */
2974 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
2975 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
2976 }
2977
2978 if (id->driver_info & BTUSB_INTEL_BOOT) {
2979 /* A bug in the bootloader causes that interrupt interface is
2980 * only enabled after receiving SetInterface(0, AltSetting=0).
2981 */
2982 err = usb_set_interface(data->udev, 0, 0);
2983 if (err < 0) {
2984 BT_ERR("failed to set interface 0, alt 0 %d", err);
2985 hci_free_dev(hdev);
2986 return err;
2987 }
2988 }
2989
2990 if (data->isoc) {
2991 err = usb_driver_claim_interface(&btusb_driver,
2992 data->isoc, data);
2993 if (err < 0) {
2994 hci_free_dev(hdev);
2995 return err;
2996 }
2997 }
2998
2999 #ifdef CONFIG_BT_HCIBTUSB_BCM
3000 if (data->diag) {
3001 if (!usb_driver_claim_interface(&btusb_driver,
3002 data->diag, data))
3003 __set_diag_interface(hdev);
3004 else
3005 data->diag = NULL;
3006 }
3007 #endif
3008
3009 err = hci_register_dev(hdev);
3010 if (err < 0) {
3011 hci_free_dev(hdev);
3012 return err;
3013 }
3014
3015 usb_set_intfdata(intf, data);
3016
3017 return 0;
3018 }
3019
3020 static void btusb_disconnect(struct usb_interface *intf)
3021 {
3022 struct btusb_data *data = usb_get_intfdata(intf);
3023 struct hci_dev *hdev;
3024
3025 BT_DBG("intf %p", intf);
3026
3027 if (!data)
3028 return;
3029
3030 hdev = data->hdev;
3031 usb_set_intfdata(data->intf, NULL);
3032
3033 if (data->isoc)
3034 usb_set_intfdata(data->isoc, NULL);
3035
3036 if (data->diag)
3037 usb_set_intfdata(data->diag, NULL);
3038
3039 hci_unregister_dev(hdev);
3040
3041 if (intf == data->intf) {
3042 if (data->isoc)
3043 usb_driver_release_interface(&btusb_driver, data->isoc);
3044 if (data->diag)
3045 usb_driver_release_interface(&btusb_driver, data->diag);
3046 } else if (intf == data->isoc) {
3047 if (data->diag)
3048 usb_driver_release_interface(&btusb_driver, data->diag);
3049 usb_driver_release_interface(&btusb_driver, data->intf);
3050 } else if (intf == data->diag) {
3051 usb_driver_release_interface(&btusb_driver, data->intf);
3052 if (data->isoc)
3053 usb_driver_release_interface(&btusb_driver, data->isoc);
3054 }
3055
3056 hci_free_dev(hdev);
3057 }
3058
3059 #ifdef CONFIG_PM
3060 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
3061 {
3062 struct btusb_data *data = usb_get_intfdata(intf);
3063
3064 BT_DBG("intf %p", intf);
3065
3066 if (data->suspend_count++)
3067 return 0;
3068
3069 spin_lock_irq(&data->txlock);
3070 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
3071 set_bit(BTUSB_SUSPENDING, &data->flags);
3072 spin_unlock_irq(&data->txlock);
3073 } else {
3074 spin_unlock_irq(&data->txlock);
3075 data->suspend_count--;
3076 return -EBUSY;
3077 }
3078
3079 cancel_work_sync(&data->work);
3080
3081 btusb_stop_traffic(data);
3082 usb_kill_anchored_urbs(&data->tx_anchor);
3083
3084 /* Optionally request a device reset on resume, but only when
3085 * wakeups are disabled. If wakeups are enabled we assume the
3086 * device will stay powered up throughout suspend.
3087 */
3088 if (test_bit(BTUSB_RESET_RESUME, &data->flags) &&
3089 !device_may_wakeup(&data->udev->dev))
3090 data->udev->reset_resume = 1;
3091
3092 return 0;
3093 }
3094
3095 static void play_deferred(struct btusb_data *data)
3096 {
3097 struct urb *urb;
3098 int err;
3099
3100 while ((urb = usb_get_from_anchor(&data->deferred))) {
3101 err = usb_submit_urb(urb, GFP_ATOMIC);
3102 if (err < 0)
3103 break;
3104
3105 data->tx_in_flight++;
3106 }
3107 usb_scuttle_anchored_urbs(&data->deferred);
3108 }
3109
3110 static int btusb_resume(struct usb_interface *intf)
3111 {
3112 struct btusb_data *data = usb_get_intfdata(intf);
3113 struct hci_dev *hdev = data->hdev;
3114 int err = 0;
3115
3116 BT_DBG("intf %p", intf);
3117
3118 if (--data->suspend_count)
3119 return 0;
3120
3121 if (!test_bit(HCI_RUNNING, &hdev->flags))
3122 goto done;
3123
3124 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3125 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3126 if (err < 0) {
3127 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3128 goto failed;
3129 }
3130 }
3131
3132 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3133 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3134 if (err < 0) {
3135 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3136 goto failed;
3137 }
3138
3139 btusb_submit_bulk_urb(hdev, GFP_NOIO);
3140 }
3141
3142 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3143 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3144 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3145 else
3146 btusb_submit_isoc_urb(hdev, GFP_NOIO);
3147 }
3148
3149 spin_lock_irq(&data->txlock);
3150 play_deferred(data);
3151 clear_bit(BTUSB_SUSPENDING, &data->flags);
3152 spin_unlock_irq(&data->txlock);
3153 schedule_work(&data->work);
3154
3155 return 0;
3156
3157 failed:
3158 usb_scuttle_anchored_urbs(&data->deferred);
3159 done:
3160 spin_lock_irq(&data->txlock);
3161 clear_bit(BTUSB_SUSPENDING, &data->flags);
3162 spin_unlock_irq(&data->txlock);
3163
3164 return err;
3165 }
3166 #endif
3167
3168 static struct usb_driver btusb_driver = {
3169 .name = "btusb",
3170 .probe = btusb_probe,
3171 .disconnect = btusb_disconnect,
3172 #ifdef CONFIG_PM
3173 .suspend = btusb_suspend,
3174 .resume = btusb_resume,
3175 #endif
3176 .id_table = btusb_table,
3177 .supports_autosuspend = 1,
3178 .disable_hub_initiated_lpm = 1,
3179 };
3180
3181 module_usb_driver(btusb_driver);
3182
3183 module_param(disable_scofix, bool, 0644);
3184 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
3185
3186 module_param(force_scofix, bool, 0644);
3187 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
3188
3189 module_param(reset, bool, 0644);
3190 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
3191
3192 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3193 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
3194 MODULE_VERSION(VERSION);
3195 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.096583 seconds and 6 git commands to generate.