3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
38 static bool disable_scofix
;
39 static bool force_scofix
;
41 static bool reset
= true;
43 static struct usb_driver btusb_driver
;
45 #define BTUSB_IGNORE 0x01
46 #define BTUSB_DIGIANSWER 0x02
47 #define BTUSB_CSR 0x04
48 #define BTUSB_SNIFFER 0x08
49 #define BTUSB_BCM92035 0x10
50 #define BTUSB_BROKEN_ISOC 0x20
51 #define BTUSB_WRONG_SCO_MTU 0x40
52 #define BTUSB_ATH3012 0x80
53 #define BTUSB_INTEL 0x100
54 #define BTUSB_INTEL_BOOT 0x200
55 #define BTUSB_BCM_PATCHRAM 0x400
56 #define BTUSB_MARVELL 0x800
57 #define BTUSB_SWAVE 0x1000
58 #define BTUSB_INTEL_NEW 0x2000
59 #define BTUSB_AMP 0x4000
60 #define BTUSB_QCA_ROME 0x8000
61 #define BTUSB_BCM_APPLE 0x10000
62 #define BTUSB_REALTEK 0x20000
63 #define BTUSB_BCM2045 0x40000
64 #define BTUSB_IFNUM_2 0x80000
66 static const struct usb_device_id btusb_table
[] = {
67 /* Generic Bluetooth USB device */
68 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
70 /* Generic Bluetooth AMP device */
71 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info
= BTUSB_AMP
},
73 /* Generic Bluetooth USB interface */
74 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
76 /* Apple-specific (Broadcom) devices */
77 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
78 .driver_info
= BTUSB_BCM_APPLE
| BTUSB_IFNUM_2
},
80 /* MediaTek MT76x0E */
81 { USB_DEVICE(0x0e8d, 0x763f) },
83 /* Broadcom SoftSailing reporting vendor specific */
84 { USB_DEVICE(0x0a5c, 0x21e1) },
86 /* Apple MacBookPro 7,1 */
87 { USB_DEVICE(0x05ac, 0x8213) },
90 { USB_DEVICE(0x05ac, 0x8215) },
92 /* Apple MacBookPro6,2 */
93 { USB_DEVICE(0x05ac, 0x8218) },
95 /* Apple MacBookAir3,1, MacBookAir3,2 */
96 { USB_DEVICE(0x05ac, 0x821b) },
98 /* Apple MacBookAir4,1 */
99 { USB_DEVICE(0x05ac, 0x821f) },
101 /* Apple MacBookPro8,2 */
102 { USB_DEVICE(0x05ac, 0x821a) },
104 /* Apple MacMini5,1 */
105 { USB_DEVICE(0x05ac, 0x8281) },
107 /* AVM BlueFRITZ! USB v2.0 */
108 { USB_DEVICE(0x057c, 0x3800), .driver_info
= BTUSB_SWAVE
},
110 /* Bluetooth Ultraport Module from IBM */
111 { USB_DEVICE(0x04bf, 0x030a) },
113 /* ALPS Modules with non-standard id */
114 { USB_DEVICE(0x044e, 0x3001) },
115 { USB_DEVICE(0x044e, 0x3002) },
117 /* Ericsson with non-standard id */
118 { USB_DEVICE(0x0bdb, 0x1002) },
120 /* Canyon CN-BTU1 with HID interfaces */
121 { USB_DEVICE(0x0c10, 0x0000) },
123 /* Broadcom BCM20702A0 */
124 { USB_DEVICE(0x413c, 0x8197) },
126 /* Broadcom BCM20702B0 (Dynex/Insignia) */
127 { USB_DEVICE(0x19ff, 0x0239), .driver_info
= BTUSB_BCM_PATCHRAM
},
129 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
130 { USB_DEVICE(0x105b, 0xe065), .driver_info
= BTUSB_BCM_PATCHRAM
},
132 /* Foxconn - Hon Hai */
133 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
134 .driver_info
= BTUSB_BCM_PATCHRAM
},
136 /* Lite-On Technology - Broadcom based */
137 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
138 .driver_info
= BTUSB_BCM_PATCHRAM
},
140 /* Broadcom devices with vendor specific id */
141 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
142 .driver_info
= BTUSB_BCM_PATCHRAM
},
144 /* ASUSTek Computer - Broadcom based */
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
146 .driver_info
= BTUSB_BCM_PATCHRAM
},
148 /* Belkin F8065bf - Broadcom based */
149 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
150 .driver_info
= BTUSB_BCM_PATCHRAM
},
152 /* IMC Networks - Broadcom based */
153 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
154 .driver_info
= BTUSB_BCM_PATCHRAM
},
156 /* Toshiba Corp - Broadcom based */
157 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
158 .driver_info
= BTUSB_BCM_PATCHRAM
},
160 /* Intel Bluetooth USB Bootloader (RAM module) */
161 { USB_DEVICE(0x8087, 0x0a5a),
162 .driver_info
= BTUSB_INTEL_BOOT
| BTUSB_BROKEN_ISOC
},
164 { } /* Terminating entry */
167 MODULE_DEVICE_TABLE(usb
, btusb_table
);
169 static const struct usb_device_id blacklist_table
[] = {
170 /* CSR BlueCore devices */
171 { USB_DEVICE(0x0a12, 0x0001), .driver_info
= BTUSB_CSR
},
173 /* Broadcom BCM2033 without firmware */
174 { USB_DEVICE(0x0a5c, 0x2033), .driver_info
= BTUSB_IGNORE
},
176 /* Broadcom BCM2045 devices */
177 { USB_DEVICE(0x0a5c, 0x2045), .driver_info
= BTUSB_BCM2045
},
179 /* Atheros 3011 with sflash firmware */
180 { USB_DEVICE(0x0489, 0xe027), .driver_info
= BTUSB_IGNORE
},
181 { USB_DEVICE(0x0489, 0xe03d), .driver_info
= BTUSB_IGNORE
},
182 { USB_DEVICE(0x04f2, 0xaff1), .driver_info
= BTUSB_IGNORE
},
183 { USB_DEVICE(0x0930, 0x0215), .driver_info
= BTUSB_IGNORE
},
184 { USB_DEVICE(0x0cf3, 0x3002), .driver_info
= BTUSB_IGNORE
},
185 { USB_DEVICE(0x0cf3, 0xe019), .driver_info
= BTUSB_IGNORE
},
186 { USB_DEVICE(0x13d3, 0x3304), .driver_info
= BTUSB_IGNORE
},
188 /* Atheros AR9285 Malbec with sflash firmware */
189 { USB_DEVICE(0x03f0, 0x311d), .driver_info
= BTUSB_IGNORE
},
191 /* Atheros 3012 with sflash firmware */
192 { USB_DEVICE(0x0489, 0xe04d), .driver_info
= BTUSB_ATH3012
},
193 { USB_DEVICE(0x0489, 0xe04e), .driver_info
= BTUSB_ATH3012
},
194 { USB_DEVICE(0x0489, 0xe056), .driver_info
= BTUSB_ATH3012
},
195 { USB_DEVICE(0x0489, 0xe057), .driver_info
= BTUSB_ATH3012
},
196 { USB_DEVICE(0x0489, 0xe05f), .driver_info
= BTUSB_ATH3012
},
197 { USB_DEVICE(0x0489, 0xe076), .driver_info
= BTUSB_ATH3012
},
198 { USB_DEVICE(0x0489, 0xe078), .driver_info
= BTUSB_ATH3012
},
199 { USB_DEVICE(0x0489, 0xe095), .driver_info
= BTUSB_ATH3012
},
200 { USB_DEVICE(0x04c5, 0x1330), .driver_info
= BTUSB_ATH3012
},
201 { USB_DEVICE(0x04ca, 0x3004), .driver_info
= BTUSB_ATH3012
},
202 { USB_DEVICE(0x04ca, 0x3005), .driver_info
= BTUSB_ATH3012
},
203 { USB_DEVICE(0x04ca, 0x3006), .driver_info
= BTUSB_ATH3012
},
204 { USB_DEVICE(0x04ca, 0x3007), .driver_info
= BTUSB_ATH3012
},
205 { USB_DEVICE(0x04ca, 0x3008), .driver_info
= BTUSB_ATH3012
},
206 { USB_DEVICE(0x04ca, 0x300b), .driver_info
= BTUSB_ATH3012
},
207 { USB_DEVICE(0x04ca, 0x300d), .driver_info
= BTUSB_ATH3012
},
208 { USB_DEVICE(0x04ca, 0x300f), .driver_info
= BTUSB_ATH3012
},
209 { USB_DEVICE(0x04ca, 0x3010), .driver_info
= BTUSB_ATH3012
},
210 { USB_DEVICE(0x04ca, 0x3014), .driver_info
= BTUSB_ATH3012
},
211 { USB_DEVICE(0x0930, 0x0219), .driver_info
= BTUSB_ATH3012
},
212 { USB_DEVICE(0x0930, 0x021c), .driver_info
= BTUSB_ATH3012
},
213 { USB_DEVICE(0x0930, 0x0220), .driver_info
= BTUSB_ATH3012
},
214 { USB_DEVICE(0x0930, 0x0227), .driver_info
= BTUSB_ATH3012
},
215 { USB_DEVICE(0x0b05, 0x17d0), .driver_info
= BTUSB_ATH3012
},
216 { USB_DEVICE(0x0cf3, 0x0036), .driver_info
= BTUSB_ATH3012
},
217 { USB_DEVICE(0x0cf3, 0x3004), .driver_info
= BTUSB_ATH3012
},
218 { USB_DEVICE(0x0cf3, 0x3008), .driver_info
= BTUSB_ATH3012
},
219 { USB_DEVICE(0x0cf3, 0x311d), .driver_info
= BTUSB_ATH3012
},
220 { USB_DEVICE(0x0cf3, 0x311e), .driver_info
= BTUSB_ATH3012
},
221 { USB_DEVICE(0x0cf3, 0x311f), .driver_info
= BTUSB_ATH3012
},
222 { USB_DEVICE(0x0cf3, 0x3121), .driver_info
= BTUSB_ATH3012
},
223 { USB_DEVICE(0x0cf3, 0x817a), .driver_info
= BTUSB_ATH3012
},
224 { USB_DEVICE(0x0cf3, 0x817b), .driver_info
= BTUSB_ATH3012
},
225 { USB_DEVICE(0x0cf3, 0xe003), .driver_info
= BTUSB_ATH3012
},
226 { USB_DEVICE(0x0cf3, 0xe004), .driver_info
= BTUSB_ATH3012
},
227 { USB_DEVICE(0x0cf3, 0xe005), .driver_info
= BTUSB_ATH3012
},
228 { USB_DEVICE(0x0cf3, 0xe006), .driver_info
= BTUSB_ATH3012
},
229 { USB_DEVICE(0x13d3, 0x3362), .driver_info
= BTUSB_ATH3012
},
230 { USB_DEVICE(0x13d3, 0x3375), .driver_info
= BTUSB_ATH3012
},
231 { USB_DEVICE(0x13d3, 0x3393), .driver_info
= BTUSB_ATH3012
},
232 { USB_DEVICE(0x13d3, 0x3395), .driver_info
= BTUSB_ATH3012
},
233 { USB_DEVICE(0x13d3, 0x3402), .driver_info
= BTUSB_ATH3012
},
234 { USB_DEVICE(0x13d3, 0x3408), .driver_info
= BTUSB_ATH3012
},
235 { USB_DEVICE(0x13d3, 0x3423), .driver_info
= BTUSB_ATH3012
},
236 { USB_DEVICE(0x13d3, 0x3432), .driver_info
= BTUSB_ATH3012
},
237 { USB_DEVICE(0x13d3, 0x3472), .driver_info
= BTUSB_ATH3012
},
238 { USB_DEVICE(0x13d3, 0x3474), .driver_info
= BTUSB_ATH3012
},
239 { USB_DEVICE(0x13d3, 0x3487), .driver_info
= BTUSB_ATH3012
},
241 /* Atheros AR5BBU12 with sflash firmware */
242 { USB_DEVICE(0x0489, 0xe02c), .driver_info
= BTUSB_IGNORE
},
244 /* Atheros AR5BBU12 with sflash firmware */
245 { USB_DEVICE(0x0489, 0xe036), .driver_info
= BTUSB_ATH3012
},
246 { USB_DEVICE(0x0489, 0xe03c), .driver_info
= BTUSB_ATH3012
},
248 /* QCA ROME chipset */
249 { USB_DEVICE(0x0cf3, 0xe007), .driver_info
= BTUSB_QCA_ROME
},
250 { USB_DEVICE(0x0cf3, 0xe300), .driver_info
= BTUSB_QCA_ROME
},
251 { USB_DEVICE(0x0cf3, 0xe360), .driver_info
= BTUSB_QCA_ROME
},
253 /* Broadcom BCM2035 */
254 { USB_DEVICE(0x0a5c, 0x2009), .driver_info
= BTUSB_BCM92035
},
255 { USB_DEVICE(0x0a5c, 0x200a), .driver_info
= BTUSB_WRONG_SCO_MTU
},
256 { USB_DEVICE(0x0a5c, 0x2035), .driver_info
= BTUSB_WRONG_SCO_MTU
},
258 /* Broadcom BCM2045 */
259 { USB_DEVICE(0x0a5c, 0x2039), .driver_info
= BTUSB_WRONG_SCO_MTU
},
260 { USB_DEVICE(0x0a5c, 0x2101), .driver_info
= BTUSB_WRONG_SCO_MTU
},
262 /* IBM/Lenovo ThinkPad with Broadcom chip */
263 { USB_DEVICE(0x0a5c, 0x201e), .driver_info
= BTUSB_WRONG_SCO_MTU
},
264 { USB_DEVICE(0x0a5c, 0x2110), .driver_info
= BTUSB_WRONG_SCO_MTU
},
266 /* HP laptop with Broadcom chip */
267 { USB_DEVICE(0x03f0, 0x171d), .driver_info
= BTUSB_WRONG_SCO_MTU
},
269 /* Dell laptop with Broadcom chip */
270 { USB_DEVICE(0x413c, 0x8126), .driver_info
= BTUSB_WRONG_SCO_MTU
},
272 /* Dell Wireless 370 and 410 devices */
273 { USB_DEVICE(0x413c, 0x8152), .driver_info
= BTUSB_WRONG_SCO_MTU
},
274 { USB_DEVICE(0x413c, 0x8156), .driver_info
= BTUSB_WRONG_SCO_MTU
},
276 /* Belkin F8T012 and F8T013 devices */
277 { USB_DEVICE(0x050d, 0x0012), .driver_info
= BTUSB_WRONG_SCO_MTU
},
278 { USB_DEVICE(0x050d, 0x0013), .driver_info
= BTUSB_WRONG_SCO_MTU
},
280 /* Asus WL-BTD202 device */
281 { USB_DEVICE(0x0b05, 0x1715), .driver_info
= BTUSB_WRONG_SCO_MTU
},
283 /* Kensington Bluetooth USB adapter */
284 { USB_DEVICE(0x047d, 0x105e), .driver_info
= BTUSB_WRONG_SCO_MTU
},
286 /* RTX Telecom based adapters with buggy SCO support */
287 { USB_DEVICE(0x0400, 0x0807), .driver_info
= BTUSB_BROKEN_ISOC
},
288 { USB_DEVICE(0x0400, 0x080a), .driver_info
= BTUSB_BROKEN_ISOC
},
290 /* CONWISE Technology based adapters with buggy SCO support */
291 { USB_DEVICE(0x0e5e, 0x6622), .driver_info
= BTUSB_BROKEN_ISOC
},
293 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
294 { USB_DEVICE(0x1310, 0x0001), .driver_info
= BTUSB_SWAVE
},
296 /* Digianswer devices */
297 { USB_DEVICE(0x08fd, 0x0001), .driver_info
= BTUSB_DIGIANSWER
},
298 { USB_DEVICE(0x08fd, 0x0002), .driver_info
= BTUSB_IGNORE
},
300 /* CSR BlueCore Bluetooth Sniffer */
301 { USB_DEVICE(0x0a12, 0x0002),
302 .driver_info
= BTUSB_SNIFFER
| BTUSB_BROKEN_ISOC
},
304 /* Frontline ComProbe Bluetooth Sniffer */
305 { USB_DEVICE(0x16d3, 0x0002),
306 .driver_info
= BTUSB_SNIFFER
| BTUSB_BROKEN_ISOC
},
308 /* Marvell Bluetooth devices */
309 { USB_DEVICE(0x1286, 0x2044), .driver_info
= BTUSB_MARVELL
},
310 { USB_DEVICE(0x1286, 0x2046), .driver_info
= BTUSB_MARVELL
},
312 /* Intel Bluetooth devices */
313 { USB_DEVICE(0x8087, 0x07da), .driver_info
= BTUSB_CSR
},
314 { USB_DEVICE(0x8087, 0x07dc), .driver_info
= BTUSB_INTEL
},
315 { USB_DEVICE(0x8087, 0x0a2a), .driver_info
= BTUSB_INTEL
},
316 { USB_DEVICE(0x8087, 0x0a2b), .driver_info
= BTUSB_INTEL_NEW
},
317 { USB_DEVICE(0x8087, 0x0aa7), .driver_info
= BTUSB_INTEL
},
319 /* Other Intel Bluetooth devices */
320 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
321 .driver_info
= BTUSB_IGNORE
},
323 /* Realtek Bluetooth devices */
324 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
325 .driver_info
= BTUSB_REALTEK
},
327 /* Additional Realtek 8723AE Bluetooth devices */
328 { USB_DEVICE(0x0930, 0x021d), .driver_info
= BTUSB_REALTEK
},
329 { USB_DEVICE(0x13d3, 0x3394), .driver_info
= BTUSB_REALTEK
},
331 /* Additional Realtek 8723BE Bluetooth devices */
332 { USB_DEVICE(0x0489, 0xe085), .driver_info
= BTUSB_REALTEK
},
333 { USB_DEVICE(0x0489, 0xe08b), .driver_info
= BTUSB_REALTEK
},
334 { USB_DEVICE(0x13d3, 0x3410), .driver_info
= BTUSB_REALTEK
},
335 { USB_DEVICE(0x13d3, 0x3416), .driver_info
= BTUSB_REALTEK
},
336 { USB_DEVICE(0x13d3, 0x3459), .driver_info
= BTUSB_REALTEK
},
338 /* Additional Realtek 8821AE Bluetooth devices */
339 { USB_DEVICE(0x0b05, 0x17dc), .driver_info
= BTUSB_REALTEK
},
340 { USB_DEVICE(0x13d3, 0x3414), .driver_info
= BTUSB_REALTEK
},
341 { USB_DEVICE(0x13d3, 0x3458), .driver_info
= BTUSB_REALTEK
},
342 { USB_DEVICE(0x13d3, 0x3461), .driver_info
= BTUSB_REALTEK
},
343 { USB_DEVICE(0x13d3, 0x3462), .driver_info
= BTUSB_REALTEK
},
345 /* Silicon Wave based devices */
346 { USB_DEVICE(0x0c10, 0x0000), .driver_info
= BTUSB_SWAVE
},
348 { } /* Terminating entry */
351 #define BTUSB_MAX_ISOC_FRAMES 10
353 #define BTUSB_INTR_RUNNING 0
354 #define BTUSB_BULK_RUNNING 1
355 #define BTUSB_ISOC_RUNNING 2
356 #define BTUSB_SUSPENDING 3
357 #define BTUSB_DID_ISO_RESUME 4
358 #define BTUSB_BOOTLOADER 5
359 #define BTUSB_DOWNLOADING 6
360 #define BTUSB_FIRMWARE_LOADED 7
361 #define BTUSB_FIRMWARE_FAILED 8
362 #define BTUSB_BOOTING 9
363 #define BTUSB_RESET_RESUME 10
364 #define BTUSB_DIAG_RUNNING 11
367 struct hci_dev
*hdev
;
368 struct usb_device
*udev
;
369 struct usb_interface
*intf
;
370 struct usb_interface
*isoc
;
371 struct usb_interface
*diag
;
375 struct work_struct work
;
376 struct work_struct waker
;
378 struct usb_anchor deferred
;
379 struct usb_anchor tx_anchor
;
383 struct usb_anchor intr_anchor
;
384 struct usb_anchor bulk_anchor
;
385 struct usb_anchor isoc_anchor
;
386 struct usb_anchor diag_anchor
;
389 struct sk_buff
*evt_skb
;
390 struct sk_buff
*acl_skb
;
391 struct sk_buff
*sco_skb
;
393 struct usb_endpoint_descriptor
*intr_ep
;
394 struct usb_endpoint_descriptor
*bulk_tx_ep
;
395 struct usb_endpoint_descriptor
*bulk_rx_ep
;
396 struct usb_endpoint_descriptor
*isoc_tx_ep
;
397 struct usb_endpoint_descriptor
*isoc_rx_ep
;
398 struct usb_endpoint_descriptor
*diag_tx_ep
;
399 struct usb_endpoint_descriptor
*diag_rx_ep
;
404 unsigned int sco_num
;
408 int (*recv_event
)(struct hci_dev
*hdev
, struct sk_buff
*skb
);
409 int (*recv_bulk
)(struct btusb_data
*data
, void *buffer
, int count
);
411 int (*setup_on_usb
)(struct hci_dev
*hdev
);
414 static inline void btusb_free_frags(struct btusb_data
*data
)
418 spin_lock_irqsave(&data
->rxlock
, flags
);
420 kfree_skb(data
->evt_skb
);
421 data
->evt_skb
= NULL
;
423 kfree_skb(data
->acl_skb
);
424 data
->acl_skb
= NULL
;
426 kfree_skb(data
->sco_skb
);
427 data
->sco_skb
= NULL
;
429 spin_unlock_irqrestore(&data
->rxlock
, flags
);
432 static int btusb_recv_intr(struct btusb_data
*data
, void *buffer
, int count
)
437 spin_lock(&data
->rxlock
);
444 skb
= bt_skb_alloc(HCI_MAX_EVENT_SIZE
, GFP_ATOMIC
);
450 hci_skb_pkt_type(skb
) = HCI_EVENT_PKT
;
451 hci_skb_expect(skb
) = HCI_EVENT_HDR_SIZE
;
454 len
= min_t(uint
, hci_skb_expect(skb
), count
);
455 memcpy(skb_put(skb
, len
), buffer
, len
);
459 hci_skb_expect(skb
) -= len
;
461 if (skb
->len
== HCI_EVENT_HDR_SIZE
) {
462 /* Complete event header */
463 hci_skb_expect(skb
) = hci_event_hdr(skb
)->plen
;
465 if (skb_tailroom(skb
) < hci_skb_expect(skb
)) {
474 if (!hci_skb_expect(skb
)) {
476 data
->recv_event(data
->hdev
, skb
);
482 spin_unlock(&data
->rxlock
);
487 static int btusb_recv_bulk(struct btusb_data
*data
, void *buffer
, int count
)
492 spin_lock(&data
->rxlock
);
499 skb
= bt_skb_alloc(HCI_MAX_FRAME_SIZE
, GFP_ATOMIC
);
505 hci_skb_pkt_type(skb
) = HCI_ACLDATA_PKT
;
506 hci_skb_expect(skb
) = HCI_ACL_HDR_SIZE
;
509 len
= min_t(uint
, hci_skb_expect(skb
), count
);
510 memcpy(skb_put(skb
, len
), buffer
, len
);
514 hci_skb_expect(skb
) -= len
;
516 if (skb
->len
== HCI_ACL_HDR_SIZE
) {
517 __le16 dlen
= hci_acl_hdr(skb
)->dlen
;
519 /* Complete ACL header */
520 hci_skb_expect(skb
) = __le16_to_cpu(dlen
);
522 if (skb_tailroom(skb
) < hci_skb_expect(skb
)) {
531 if (!hci_skb_expect(skb
)) {
533 hci_recv_frame(data
->hdev
, skb
);
539 spin_unlock(&data
->rxlock
);
544 static int btusb_recv_isoc(struct btusb_data
*data
, void *buffer
, int count
)
549 spin_lock(&data
->rxlock
);
556 skb
= bt_skb_alloc(HCI_MAX_SCO_SIZE
, GFP_ATOMIC
);
562 hci_skb_pkt_type(skb
) = HCI_SCODATA_PKT
;
563 hci_skb_expect(skb
) = HCI_SCO_HDR_SIZE
;
566 len
= min_t(uint
, hci_skb_expect(skb
), count
);
567 memcpy(skb_put(skb
, len
), buffer
, len
);
571 hci_skb_expect(skb
) -= len
;
573 if (skb
->len
== HCI_SCO_HDR_SIZE
) {
574 /* Complete SCO header */
575 hci_skb_expect(skb
) = hci_sco_hdr(skb
)->dlen
;
577 if (skb_tailroom(skb
) < hci_skb_expect(skb
)) {
586 if (!hci_skb_expect(skb
)) {
588 hci_recv_frame(data
->hdev
, skb
);
594 spin_unlock(&data
->rxlock
);
599 static void btusb_intr_complete(struct urb
*urb
)
601 struct hci_dev
*hdev
= urb
->context
;
602 struct btusb_data
*data
= hci_get_drvdata(hdev
);
605 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
608 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
611 if (urb
->status
== 0) {
612 hdev
->stat
.byte_rx
+= urb
->actual_length
;
614 if (btusb_recv_intr(data
, urb
->transfer_buffer
,
615 urb
->actual_length
) < 0) {
616 BT_ERR("%s corrupted event packet", hdev
->name
);
619 } else if (urb
->status
== -ENOENT
) {
620 /* Avoid suspend failed when usb_kill_urb */
624 if (!test_bit(BTUSB_INTR_RUNNING
, &data
->flags
))
627 usb_mark_last_busy(data
->udev
);
628 usb_anchor_urb(urb
, &data
->intr_anchor
);
630 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
632 /* -EPERM: urb is being killed;
633 * -ENODEV: device got disconnected */
634 if (err
!= -EPERM
&& err
!= -ENODEV
)
635 BT_ERR("%s urb %p failed to resubmit (%d)",
636 hdev
->name
, urb
, -err
);
637 usb_unanchor_urb(urb
);
641 static int btusb_submit_intr_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
643 struct btusb_data
*data
= hci_get_drvdata(hdev
);
649 BT_DBG("%s", hdev
->name
);
654 urb
= usb_alloc_urb(0, mem_flags
);
658 size
= le16_to_cpu(data
->intr_ep
->wMaxPacketSize
);
660 buf
= kmalloc(size
, mem_flags
);
666 pipe
= usb_rcvintpipe(data
->udev
, data
->intr_ep
->bEndpointAddress
);
668 usb_fill_int_urb(urb
, data
->udev
, pipe
, buf
, size
,
669 btusb_intr_complete
, hdev
, data
->intr_ep
->bInterval
);
671 urb
->transfer_flags
|= URB_FREE_BUFFER
;
673 usb_anchor_urb(urb
, &data
->intr_anchor
);
675 err
= usb_submit_urb(urb
, mem_flags
);
677 if (err
!= -EPERM
&& err
!= -ENODEV
)
678 BT_ERR("%s urb %p submission failed (%d)",
679 hdev
->name
, urb
, -err
);
680 usb_unanchor_urb(urb
);
688 static void btusb_bulk_complete(struct urb
*urb
)
690 struct hci_dev
*hdev
= urb
->context
;
691 struct btusb_data
*data
= hci_get_drvdata(hdev
);
694 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
697 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
700 if (urb
->status
== 0) {
701 hdev
->stat
.byte_rx
+= urb
->actual_length
;
703 if (data
->recv_bulk(data
, urb
->transfer_buffer
,
704 urb
->actual_length
) < 0) {
705 BT_ERR("%s corrupted ACL packet", hdev
->name
);
708 } else if (urb
->status
== -ENOENT
) {
709 /* Avoid suspend failed when usb_kill_urb */
713 if (!test_bit(BTUSB_BULK_RUNNING
, &data
->flags
))
716 usb_anchor_urb(urb
, &data
->bulk_anchor
);
717 usb_mark_last_busy(data
->udev
);
719 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
721 /* -EPERM: urb is being killed;
722 * -ENODEV: device got disconnected */
723 if (err
!= -EPERM
&& err
!= -ENODEV
)
724 BT_ERR("%s urb %p failed to resubmit (%d)",
725 hdev
->name
, urb
, -err
);
726 usb_unanchor_urb(urb
);
730 static int btusb_submit_bulk_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
732 struct btusb_data
*data
= hci_get_drvdata(hdev
);
736 int err
, size
= HCI_MAX_FRAME_SIZE
;
738 BT_DBG("%s", hdev
->name
);
740 if (!data
->bulk_rx_ep
)
743 urb
= usb_alloc_urb(0, mem_flags
);
747 buf
= kmalloc(size
, mem_flags
);
753 pipe
= usb_rcvbulkpipe(data
->udev
, data
->bulk_rx_ep
->bEndpointAddress
);
755 usb_fill_bulk_urb(urb
, data
->udev
, pipe
, buf
, size
,
756 btusb_bulk_complete
, hdev
);
758 urb
->transfer_flags
|= URB_FREE_BUFFER
;
760 usb_mark_last_busy(data
->udev
);
761 usb_anchor_urb(urb
, &data
->bulk_anchor
);
763 err
= usb_submit_urb(urb
, mem_flags
);
765 if (err
!= -EPERM
&& err
!= -ENODEV
)
766 BT_ERR("%s urb %p submission failed (%d)",
767 hdev
->name
, urb
, -err
);
768 usb_unanchor_urb(urb
);
776 static void btusb_isoc_complete(struct urb
*urb
)
778 struct hci_dev
*hdev
= urb
->context
;
779 struct btusb_data
*data
= hci_get_drvdata(hdev
);
782 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
785 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
788 if (urb
->status
== 0) {
789 for (i
= 0; i
< urb
->number_of_packets
; i
++) {
790 unsigned int offset
= urb
->iso_frame_desc
[i
].offset
;
791 unsigned int length
= urb
->iso_frame_desc
[i
].actual_length
;
793 if (urb
->iso_frame_desc
[i
].status
)
796 hdev
->stat
.byte_rx
+= length
;
798 if (btusb_recv_isoc(data
, urb
->transfer_buffer
+ offset
,
800 BT_ERR("%s corrupted SCO packet", hdev
->name
);
804 } else if (urb
->status
== -ENOENT
) {
805 /* Avoid suspend failed when usb_kill_urb */
809 if (!test_bit(BTUSB_ISOC_RUNNING
, &data
->flags
))
812 usb_anchor_urb(urb
, &data
->isoc_anchor
);
814 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
816 /* -EPERM: urb is being killed;
817 * -ENODEV: device got disconnected */
818 if (err
!= -EPERM
&& err
!= -ENODEV
)
819 BT_ERR("%s urb %p failed to resubmit (%d)",
820 hdev
->name
, urb
, -err
);
821 usb_unanchor_urb(urb
);
825 static inline void __fill_isoc_descriptor(struct urb
*urb
, int len
, int mtu
)
829 BT_DBG("len %d mtu %d", len
, mtu
);
831 for (i
= 0; i
< BTUSB_MAX_ISOC_FRAMES
&& len
>= mtu
;
832 i
++, offset
+= mtu
, len
-= mtu
) {
833 urb
->iso_frame_desc
[i
].offset
= offset
;
834 urb
->iso_frame_desc
[i
].length
= mtu
;
837 if (len
&& i
< BTUSB_MAX_ISOC_FRAMES
) {
838 urb
->iso_frame_desc
[i
].offset
= offset
;
839 urb
->iso_frame_desc
[i
].length
= len
;
843 urb
->number_of_packets
= i
;
846 static int btusb_submit_isoc_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
848 struct btusb_data
*data
= hci_get_drvdata(hdev
);
854 BT_DBG("%s", hdev
->name
);
856 if (!data
->isoc_rx_ep
)
859 urb
= usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES
, mem_flags
);
863 size
= le16_to_cpu(data
->isoc_rx_ep
->wMaxPacketSize
) *
864 BTUSB_MAX_ISOC_FRAMES
;
866 buf
= kmalloc(size
, mem_flags
);
872 pipe
= usb_rcvisocpipe(data
->udev
, data
->isoc_rx_ep
->bEndpointAddress
);
874 usb_fill_int_urb(urb
, data
->udev
, pipe
, buf
, size
, btusb_isoc_complete
,
875 hdev
, data
->isoc_rx_ep
->bInterval
);
877 urb
->transfer_flags
= URB_FREE_BUFFER
| URB_ISO_ASAP
;
879 __fill_isoc_descriptor(urb
, size
,
880 le16_to_cpu(data
->isoc_rx_ep
->wMaxPacketSize
));
882 usb_anchor_urb(urb
, &data
->isoc_anchor
);
884 err
= usb_submit_urb(urb
, mem_flags
);
886 if (err
!= -EPERM
&& err
!= -ENODEV
)
887 BT_ERR("%s urb %p submission failed (%d)",
888 hdev
->name
, urb
, -err
);
889 usb_unanchor_urb(urb
);
897 static void btusb_diag_complete(struct urb
*urb
)
899 struct hci_dev
*hdev
= urb
->context
;
900 struct btusb_data
*data
= hci_get_drvdata(hdev
);
903 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
906 if (urb
->status
== 0) {
909 skb
= bt_skb_alloc(urb
->actual_length
, GFP_ATOMIC
);
911 memcpy(skb_put(skb
, urb
->actual_length
),
912 urb
->transfer_buffer
, urb
->actual_length
);
913 hci_recv_diag(hdev
, skb
);
915 } else if (urb
->status
== -ENOENT
) {
916 /* Avoid suspend failed when usb_kill_urb */
920 if (!test_bit(BTUSB_DIAG_RUNNING
, &data
->flags
))
923 usb_anchor_urb(urb
, &data
->diag_anchor
);
924 usb_mark_last_busy(data
->udev
);
926 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
928 /* -EPERM: urb is being killed;
929 * -ENODEV: device got disconnected */
930 if (err
!= -EPERM
&& err
!= -ENODEV
)
931 BT_ERR("%s urb %p failed to resubmit (%d)",
932 hdev
->name
, urb
, -err
);
933 usb_unanchor_urb(urb
);
937 static int btusb_submit_diag_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
939 struct btusb_data
*data
= hci_get_drvdata(hdev
);
943 int err
, size
= HCI_MAX_FRAME_SIZE
;
945 BT_DBG("%s", hdev
->name
);
947 if (!data
->diag_rx_ep
)
950 urb
= usb_alloc_urb(0, mem_flags
);
954 buf
= kmalloc(size
, mem_flags
);
960 pipe
= usb_rcvbulkpipe(data
->udev
, data
->diag_rx_ep
->bEndpointAddress
);
962 usb_fill_bulk_urb(urb
, data
->udev
, pipe
, buf
, size
,
963 btusb_diag_complete
, hdev
);
965 urb
->transfer_flags
|= URB_FREE_BUFFER
;
967 usb_mark_last_busy(data
->udev
);
968 usb_anchor_urb(urb
, &data
->diag_anchor
);
970 err
= usb_submit_urb(urb
, mem_flags
);
972 if (err
!= -EPERM
&& err
!= -ENODEV
)
973 BT_ERR("%s urb %p submission failed (%d)",
974 hdev
->name
, urb
, -err
);
975 usb_unanchor_urb(urb
);
983 static void btusb_tx_complete(struct urb
*urb
)
985 struct sk_buff
*skb
= urb
->context
;
986 struct hci_dev
*hdev
= (struct hci_dev
*)skb
->dev
;
987 struct btusb_data
*data
= hci_get_drvdata(hdev
);
989 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
992 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
996 hdev
->stat
.byte_tx
+= urb
->transfer_buffer_length
;
1001 spin_lock(&data
->txlock
);
1002 data
->tx_in_flight
--;
1003 spin_unlock(&data
->txlock
);
1005 kfree(urb
->setup_packet
);
1010 static void btusb_isoc_tx_complete(struct urb
*urb
)
1012 struct sk_buff
*skb
= urb
->context
;
1013 struct hci_dev
*hdev
= (struct hci_dev
*)skb
->dev
;
1015 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
1016 urb
->actual_length
);
1018 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
1022 hdev
->stat
.byte_tx
+= urb
->transfer_buffer_length
;
1024 hdev
->stat
.err_tx
++;
1027 kfree(urb
->setup_packet
);
1032 static int btusb_open(struct hci_dev
*hdev
)
1034 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1037 BT_DBG("%s", hdev
->name
);
1039 /* Patching USB firmware files prior to starting any URBs of HCI path
1040 * It is more safe to use USB bulk channel for downloading USB patch
1042 if (data
->setup_on_usb
) {
1043 err
= data
->setup_on_usb(hdev
);
1048 err
= usb_autopm_get_interface(data
->intf
);
1052 data
->intf
->needs_remote_wakeup
= 1;
1054 if (test_and_set_bit(BTUSB_INTR_RUNNING
, &data
->flags
))
1057 err
= btusb_submit_intr_urb(hdev
, GFP_KERNEL
);
1061 err
= btusb_submit_bulk_urb(hdev
, GFP_KERNEL
);
1063 usb_kill_anchored_urbs(&data
->intr_anchor
);
1067 set_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
1068 btusb_submit_bulk_urb(hdev
, GFP_KERNEL
);
1071 if (!btusb_submit_diag_urb(hdev
, GFP_KERNEL
))
1072 set_bit(BTUSB_DIAG_RUNNING
, &data
->flags
);
1076 usb_autopm_put_interface(data
->intf
);
1080 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
1081 usb_autopm_put_interface(data
->intf
);
1085 static void btusb_stop_traffic(struct btusb_data
*data
)
1087 usb_kill_anchored_urbs(&data
->intr_anchor
);
1088 usb_kill_anchored_urbs(&data
->bulk_anchor
);
1089 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1090 usb_kill_anchored_urbs(&data
->diag_anchor
);
1093 static int btusb_close(struct hci_dev
*hdev
)
1095 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1098 BT_DBG("%s", hdev
->name
);
1100 cancel_work_sync(&data
->work
);
1101 cancel_work_sync(&data
->waker
);
1103 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1104 clear_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
1105 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
1106 clear_bit(BTUSB_DIAG_RUNNING
, &data
->flags
);
1108 btusb_stop_traffic(data
);
1109 btusb_free_frags(data
);
1111 err
= usb_autopm_get_interface(data
->intf
);
1115 data
->intf
->needs_remote_wakeup
= 0;
1116 usb_autopm_put_interface(data
->intf
);
1119 usb_scuttle_anchored_urbs(&data
->deferred
);
1123 static int btusb_flush(struct hci_dev
*hdev
)
1125 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1127 BT_DBG("%s", hdev
->name
);
1129 usb_kill_anchored_urbs(&data
->tx_anchor
);
1130 btusb_free_frags(data
);
1135 static struct urb
*alloc_ctrl_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1137 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1138 struct usb_ctrlrequest
*dr
;
1142 urb
= usb_alloc_urb(0, GFP_KERNEL
);
1144 return ERR_PTR(-ENOMEM
);
1146 dr
= kmalloc(sizeof(*dr
), GFP_KERNEL
);
1149 return ERR_PTR(-ENOMEM
);
1152 dr
->bRequestType
= data
->cmdreq_type
;
1153 dr
->bRequest
= data
->cmdreq
;
1156 dr
->wLength
= __cpu_to_le16(skb
->len
);
1158 pipe
= usb_sndctrlpipe(data
->udev
, 0x00);
1160 usb_fill_control_urb(urb
, data
->udev
, pipe
, (void *)dr
,
1161 skb
->data
, skb
->len
, btusb_tx_complete
, skb
);
1163 skb
->dev
= (void *)hdev
;
1168 static struct urb
*alloc_bulk_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1170 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1174 if (!data
->bulk_tx_ep
)
1175 return ERR_PTR(-ENODEV
);
1177 urb
= usb_alloc_urb(0, GFP_KERNEL
);
1179 return ERR_PTR(-ENOMEM
);
1181 pipe
= usb_sndbulkpipe(data
->udev
, data
->bulk_tx_ep
->bEndpointAddress
);
1183 usb_fill_bulk_urb(urb
, data
->udev
, pipe
,
1184 skb
->data
, skb
->len
, btusb_tx_complete
, skb
);
1186 skb
->dev
= (void *)hdev
;
1191 static struct urb
*alloc_isoc_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1193 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1197 if (!data
->isoc_tx_ep
)
1198 return ERR_PTR(-ENODEV
);
1200 urb
= usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES
, GFP_KERNEL
);
1202 return ERR_PTR(-ENOMEM
);
1204 pipe
= usb_sndisocpipe(data
->udev
, data
->isoc_tx_ep
->bEndpointAddress
);
1206 usb_fill_int_urb(urb
, data
->udev
, pipe
,
1207 skb
->data
, skb
->len
, btusb_isoc_tx_complete
,
1208 skb
, data
->isoc_tx_ep
->bInterval
);
1210 urb
->transfer_flags
= URB_ISO_ASAP
;
1212 __fill_isoc_descriptor(urb
, skb
->len
,
1213 le16_to_cpu(data
->isoc_tx_ep
->wMaxPacketSize
));
1215 skb
->dev
= (void *)hdev
;
1220 static int submit_tx_urb(struct hci_dev
*hdev
, struct urb
*urb
)
1222 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1225 usb_anchor_urb(urb
, &data
->tx_anchor
);
1227 err
= usb_submit_urb(urb
, GFP_KERNEL
);
1229 if (err
!= -EPERM
&& err
!= -ENODEV
)
1230 BT_ERR("%s urb %p submission failed (%d)",
1231 hdev
->name
, urb
, -err
);
1232 kfree(urb
->setup_packet
);
1233 usb_unanchor_urb(urb
);
1235 usb_mark_last_busy(data
->udev
);
1242 static int submit_or_queue_tx_urb(struct hci_dev
*hdev
, struct urb
*urb
)
1244 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1245 unsigned long flags
;
1248 spin_lock_irqsave(&data
->txlock
, flags
);
1249 suspending
= test_bit(BTUSB_SUSPENDING
, &data
->flags
);
1251 data
->tx_in_flight
++;
1252 spin_unlock_irqrestore(&data
->txlock
, flags
);
1255 return submit_tx_urb(hdev
, urb
);
1257 usb_anchor_urb(urb
, &data
->deferred
);
1258 schedule_work(&data
->waker
);
1264 static int btusb_send_frame(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1268 BT_DBG("%s", hdev
->name
);
1270 switch (hci_skb_pkt_type(skb
)) {
1271 case HCI_COMMAND_PKT
:
1272 urb
= alloc_ctrl_urb(hdev
, skb
);
1274 return PTR_ERR(urb
);
1276 hdev
->stat
.cmd_tx
++;
1277 return submit_or_queue_tx_urb(hdev
, urb
);
1279 case HCI_ACLDATA_PKT
:
1280 urb
= alloc_bulk_urb(hdev
, skb
);
1282 return PTR_ERR(urb
);
1284 hdev
->stat
.acl_tx
++;
1285 return submit_or_queue_tx_urb(hdev
, urb
);
1287 case HCI_SCODATA_PKT
:
1288 if (hci_conn_num(hdev
, SCO_LINK
) < 1)
1291 urb
= alloc_isoc_urb(hdev
, skb
);
1293 return PTR_ERR(urb
);
1295 hdev
->stat
.sco_tx
++;
1296 return submit_tx_urb(hdev
, urb
);
1302 static void btusb_notify(struct hci_dev
*hdev
, unsigned int evt
)
1304 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1306 BT_DBG("%s evt %d", hdev
->name
, evt
);
1308 if (hci_conn_num(hdev
, SCO_LINK
) != data
->sco_num
) {
1309 data
->sco_num
= hci_conn_num(hdev
, SCO_LINK
);
1310 schedule_work(&data
->work
);
1314 static inline int __set_isoc_interface(struct hci_dev
*hdev
, int altsetting
)
1316 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1317 struct usb_interface
*intf
= data
->isoc
;
1318 struct usb_endpoint_descriptor
*ep_desc
;
1324 err
= usb_set_interface(data
->udev
, 1, altsetting
);
1326 BT_ERR("%s setting interface failed (%d)", hdev
->name
, -err
);
1330 data
->isoc_altsetting
= altsetting
;
1332 data
->isoc_tx_ep
= NULL
;
1333 data
->isoc_rx_ep
= NULL
;
1335 for (i
= 0; i
< intf
->cur_altsetting
->desc
.bNumEndpoints
; i
++) {
1336 ep_desc
= &intf
->cur_altsetting
->endpoint
[i
].desc
;
1338 if (!data
->isoc_tx_ep
&& usb_endpoint_is_isoc_out(ep_desc
)) {
1339 data
->isoc_tx_ep
= ep_desc
;
1343 if (!data
->isoc_rx_ep
&& usb_endpoint_is_isoc_in(ep_desc
)) {
1344 data
->isoc_rx_ep
= ep_desc
;
1349 if (!data
->isoc_tx_ep
|| !data
->isoc_rx_ep
) {
1350 BT_ERR("%s invalid SCO descriptors", hdev
->name
);
1357 static void btusb_work(struct work_struct
*work
)
1359 struct btusb_data
*data
= container_of(work
, struct btusb_data
, work
);
1360 struct hci_dev
*hdev
= data
->hdev
;
1364 if (data
->sco_num
> 0) {
1365 if (!test_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
)) {
1366 err
= usb_autopm_get_interface(data
->isoc
? data
->isoc
: data
->intf
);
1368 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1369 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1373 set_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
);
1376 if (hdev
->voice_setting
& 0x0020) {
1377 static const int alts
[3] = { 2, 4, 5 };
1379 new_alts
= alts
[data
->sco_num
- 1];
1381 new_alts
= data
->sco_num
;
1384 if (data
->isoc_altsetting
!= new_alts
) {
1385 unsigned long flags
;
1387 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1388 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1390 /* When isochronous alternate setting needs to be
1391 * changed, because SCO connection has been added
1392 * or removed, a packet fragment may be left in the
1393 * reassembling state. This could lead to wrongly
1394 * assembled fragments.
1396 * Clear outstanding fragment when selecting a new
1397 * alternate setting.
1399 spin_lock_irqsave(&data
->rxlock
, flags
);
1400 kfree_skb(data
->sco_skb
);
1401 data
->sco_skb
= NULL
;
1402 spin_unlock_irqrestore(&data
->rxlock
, flags
);
1404 if (__set_isoc_interface(hdev
, new_alts
) < 0)
1408 if (!test_and_set_bit(BTUSB_ISOC_RUNNING
, &data
->flags
)) {
1409 if (btusb_submit_isoc_urb(hdev
, GFP_KERNEL
) < 0)
1410 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1412 btusb_submit_isoc_urb(hdev
, GFP_KERNEL
);
1415 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1416 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1418 __set_isoc_interface(hdev
, 0);
1419 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
))
1420 usb_autopm_put_interface(data
->isoc
? data
->isoc
: data
->intf
);
1424 static void btusb_waker(struct work_struct
*work
)
1426 struct btusb_data
*data
= container_of(work
, struct btusb_data
, waker
);
1429 err
= usb_autopm_get_interface(data
->intf
);
1433 usb_autopm_put_interface(data
->intf
);
1436 static int btusb_setup_bcm92035(struct hci_dev
*hdev
)
1438 struct sk_buff
*skb
;
1441 BT_DBG("%s", hdev
->name
);
1443 skb
= __hci_cmd_sync(hdev
, 0xfc3b, 1, &val
, HCI_INIT_TIMEOUT
);
1445 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb
));
1452 static int btusb_setup_csr(struct hci_dev
*hdev
)
1454 struct hci_rp_read_local_version
*rp
;
1455 struct sk_buff
*skb
;
1457 BT_DBG("%s", hdev
->name
);
1459 skb
= __hci_cmd_sync(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
,
1462 int err
= PTR_ERR(skb
);
1463 BT_ERR("%s: CSR: Local version failed (%d)", hdev
->name
, err
);
1467 if (skb
->len
!= sizeof(struct hci_rp_read_local_version
)) {
1468 BT_ERR("%s: CSR: Local version length mismatch", hdev
->name
);
1473 rp
= (struct hci_rp_read_local_version
*)skb
->data
;
1475 /* Detect controllers which aren't real CSR ones. */
1476 if (le16_to_cpu(rp
->manufacturer
) != 10 ||
1477 le16_to_cpu(rp
->lmp_subver
) == 0x0c5c) {
1478 /* Clear the reset quirk since this is not an actual
1479 * early Bluetooth 1.1 device from CSR.
1481 clear_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
1483 /* These fake CSR controllers have all a broken
1484 * stored link key handling and so just disable it.
1486 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY
, &hdev
->quirks
);
1494 static const struct firmware
*btusb_setup_intel_get_fw(struct hci_dev
*hdev
,
1495 struct intel_version
*ver
)
1497 const struct firmware
*fw
;
1501 snprintf(fwname
, sizeof(fwname
),
1502 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1503 ver
->hw_platform
, ver
->hw_variant
, ver
->hw_revision
,
1504 ver
->fw_variant
, ver
->fw_revision
, ver
->fw_build_num
,
1505 ver
->fw_build_ww
, ver
->fw_build_yy
);
1507 ret
= request_firmware(&fw
, fwname
, &hdev
->dev
);
1509 if (ret
== -EINVAL
) {
1510 BT_ERR("%s Intel firmware file request failed (%d)",
1515 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1516 hdev
->name
, fwname
, ret
);
1518 /* If the correct firmware patch file is not found, use the
1519 * default firmware patch file instead
1521 snprintf(fwname
, sizeof(fwname
), "intel/ibt-hw-%x.%x.bseq",
1522 ver
->hw_platform
, ver
->hw_variant
);
1523 if (request_firmware(&fw
, fwname
, &hdev
->dev
) < 0) {
1524 BT_ERR("%s failed to open default Intel fw file: %s",
1525 hdev
->name
, fwname
);
1530 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev
->name
, fwname
);
1535 static int btusb_setup_intel_patching(struct hci_dev
*hdev
,
1536 const struct firmware
*fw
,
1537 const u8
**fw_ptr
, int *disable_patch
)
1539 struct sk_buff
*skb
;
1540 struct hci_command_hdr
*cmd
;
1541 const u8
*cmd_param
;
1542 struct hci_event_hdr
*evt
= NULL
;
1543 const u8
*evt_param
= NULL
;
1544 int remain
= fw
->size
- (*fw_ptr
- fw
->data
);
1546 /* The first byte indicates the types of the patch command or event.
1547 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1548 * in the current firmware buffer doesn't start with 0x01 or
1549 * the size of remain buffer is smaller than HCI command header,
1550 * the firmware file is corrupted and it should stop the patching
1553 if (remain
> HCI_COMMAND_HDR_SIZE
&& *fw_ptr
[0] != 0x01) {
1554 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev
->name
);
1560 cmd
= (struct hci_command_hdr
*)(*fw_ptr
);
1561 *fw_ptr
+= sizeof(*cmd
);
1562 remain
-= sizeof(*cmd
);
1564 /* Ensure that the remain firmware data is long enough than the length
1565 * of command parameter. If not, the firmware file is corrupted.
1567 if (remain
< cmd
->plen
) {
1568 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev
->name
);
1572 /* If there is a command that loads a patch in the firmware
1573 * file, then enable the patch upon success, otherwise just
1574 * disable the manufacturer mode, for example patch activation
1575 * is not required when the default firmware patch file is used
1576 * because there are no patch data to load.
1578 if (*disable_patch
&& le16_to_cpu(cmd
->opcode
) == 0xfc8e)
1581 cmd_param
= *fw_ptr
;
1582 *fw_ptr
+= cmd
->plen
;
1583 remain
-= cmd
->plen
;
1585 /* This reads the expected events when the above command is sent to the
1586 * device. Some vendor commands expects more than one events, for
1587 * example command status event followed by vendor specific event.
1588 * For this case, it only keeps the last expected event. so the command
1589 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1590 * last expected event.
1592 while (remain
> HCI_EVENT_HDR_SIZE
&& *fw_ptr
[0] == 0x02) {
1596 evt
= (struct hci_event_hdr
*)(*fw_ptr
);
1597 *fw_ptr
+= sizeof(*evt
);
1598 remain
-= sizeof(*evt
);
1600 if (remain
< evt
->plen
) {
1601 BT_ERR("%s Intel fw corrupted: invalid evt len",
1606 evt_param
= *fw_ptr
;
1607 *fw_ptr
+= evt
->plen
;
1608 remain
-= evt
->plen
;
1611 /* Every HCI commands in the firmware file has its correspond event.
1612 * If event is not found or remain is smaller than zero, the firmware
1613 * file is corrupted.
1615 if (!evt
|| !evt_param
|| remain
< 0) {
1616 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev
->name
);
1620 skb
= __hci_cmd_sync_ev(hdev
, le16_to_cpu(cmd
->opcode
), cmd
->plen
,
1621 cmd_param
, evt
->evt
, HCI_INIT_TIMEOUT
);
1623 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1624 hdev
->name
, cmd
->opcode
, PTR_ERR(skb
));
1625 return PTR_ERR(skb
);
1628 /* It ensures that the returned event matches the event data read from
1629 * the firmware file. At fist, it checks the length and then
1630 * the contents of the event.
1632 if (skb
->len
!= evt
->plen
) {
1633 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev
->name
,
1634 le16_to_cpu(cmd
->opcode
));
1639 if (memcmp(skb
->data
, evt_param
, evt
->plen
)) {
1640 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1641 hdev
->name
, le16_to_cpu(cmd
->opcode
));
1650 static int btusb_setup_intel(struct hci_dev
*hdev
)
1652 struct sk_buff
*skb
;
1653 const struct firmware
*fw
;
1655 int disable_patch
, err
;
1656 struct intel_version ver
;
1658 BT_DBG("%s", hdev
->name
);
1660 /* The controller has a bug with the first HCI command sent to it
1661 * returning number of completed commands as zero. This would stall the
1662 * command processing in the Bluetooth core.
1664 * As a workaround, send HCI Reset command first which will reset the
1665 * number of completed commands and allow normal command processing
1668 skb
= __hci_cmd_sync(hdev
, HCI_OP_RESET
, 0, NULL
, HCI_INIT_TIMEOUT
);
1670 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1671 hdev
->name
, PTR_ERR(skb
));
1672 return PTR_ERR(skb
);
1676 /* Read Intel specific controller version first to allow selection of
1677 * which firmware file to load.
1679 * The returned information are hardware variant and revision plus
1680 * firmware variant, revision and build number.
1682 err
= btintel_read_version(hdev
, &ver
);
1686 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1687 hdev
->name
, ver
.hw_platform
, ver
.hw_variant
, ver
.hw_revision
,
1688 ver
.fw_variant
, ver
.fw_revision
, ver
.fw_build_num
,
1689 ver
.fw_build_ww
, ver
.fw_build_yy
, ver
.fw_patch_num
);
1691 /* fw_patch_num indicates the version of patch the device currently
1692 * have. If there is no patch data in the device, it is always 0x00.
1693 * So, if it is other than 0x00, no need to patch the device again.
1695 if (ver
.fw_patch_num
) {
1696 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1697 hdev
->name
, ver
.fw_patch_num
);
1701 /* Opens the firmware patch file based on the firmware version read
1702 * from the controller. If it fails to open the matching firmware
1703 * patch file, it tries to open the default firmware patch file.
1704 * If no patch file is found, allow the device to operate without
1707 fw
= btusb_setup_intel_get_fw(hdev
, &ver
);
1712 /* Enable the manufacturer mode of the controller.
1713 * Only while this mode is enabled, the driver can download the
1714 * firmware patch data and configuration parameters.
1716 err
= btintel_enter_mfg(hdev
);
1718 release_firmware(fw
);
1724 /* The firmware data file consists of list of Intel specific HCI
1725 * commands and its expected events. The first byte indicates the
1726 * type of the message, either HCI command or HCI event.
1728 * It reads the command and its expected event from the firmware file,
1729 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1730 * the returned event is compared with the event read from the firmware
1731 * file and it will continue until all the messages are downloaded to
1734 * Once the firmware patching is completed successfully,
1735 * the manufacturer mode is disabled with reset and activating the
1738 * If the firmware patching fails, the manufacturer mode is
1739 * disabled with reset and deactivating the patch.
1741 * If the default patch file is used, no reset is done when disabling
1744 while (fw
->size
> fw_ptr
- fw
->data
) {
1747 ret
= btusb_setup_intel_patching(hdev
, fw
, &fw_ptr
,
1750 goto exit_mfg_deactivate
;
1753 release_firmware(fw
);
1756 goto exit_mfg_disable
;
1758 /* Patching completed successfully and disable the manufacturer mode
1759 * with reset and activate the downloaded firmware patches.
1761 err
= btintel_exit_mfg(hdev
, true, true);
1765 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1771 /* Disable the manufacturer mode without reset */
1772 err
= btintel_exit_mfg(hdev
, false, false);
1776 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev
->name
);
1780 exit_mfg_deactivate
:
1781 release_firmware(fw
);
1783 /* Patching failed. Disable the manufacturer mode with reset and
1784 * deactivate the downloaded firmware patches.
1786 err
= btintel_exit_mfg(hdev
, true, false);
1790 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1794 /* Set the event mask for Intel specific vendor events. This enables
1795 * a few extra events that are useful during general operation.
1797 btintel_set_event_mask_mfg(hdev
, false);
1799 btintel_check_bdaddr(hdev
);
1803 static int inject_cmd_complete(struct hci_dev
*hdev
, __u16 opcode
)
1805 struct sk_buff
*skb
;
1806 struct hci_event_hdr
*hdr
;
1807 struct hci_ev_cmd_complete
*evt
;
1809 skb
= bt_skb_alloc(sizeof(*hdr
) + sizeof(*evt
) + 1, GFP_ATOMIC
);
1813 hdr
= (struct hci_event_hdr
*)skb_put(skb
, sizeof(*hdr
));
1814 hdr
->evt
= HCI_EV_CMD_COMPLETE
;
1815 hdr
->plen
= sizeof(*evt
) + 1;
1817 evt
= (struct hci_ev_cmd_complete
*)skb_put(skb
, sizeof(*evt
));
1819 evt
->opcode
= cpu_to_le16(opcode
);
1821 *skb_put(skb
, 1) = 0x00;
1823 hci_skb_pkt_type(skb
) = HCI_EVENT_PKT
;
1825 return hci_recv_frame(hdev
, skb
);
1828 static int btusb_recv_bulk_intel(struct btusb_data
*data
, void *buffer
,
1831 /* When the device is in bootloader mode, then it can send
1832 * events via the bulk endpoint. These events are treated the
1833 * same way as the ones received from the interrupt endpoint.
1835 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
))
1836 return btusb_recv_intr(data
, buffer
, count
);
1838 return btusb_recv_bulk(data
, buffer
, count
);
1841 static void btusb_intel_bootup(struct btusb_data
*data
, const void *ptr
,
1844 const struct intel_bootup
*evt
= ptr
;
1846 if (len
!= sizeof(*evt
))
1849 if (test_and_clear_bit(BTUSB_BOOTING
, &data
->flags
)) {
1850 smp_mb__after_atomic();
1851 wake_up_bit(&data
->flags
, BTUSB_BOOTING
);
1855 static void btusb_intel_secure_send_result(struct btusb_data
*data
,
1856 const void *ptr
, unsigned int len
)
1858 const struct intel_secure_send_result
*evt
= ptr
;
1860 if (len
!= sizeof(*evt
))
1864 set_bit(BTUSB_FIRMWARE_FAILED
, &data
->flags
);
1866 if (test_and_clear_bit(BTUSB_DOWNLOADING
, &data
->flags
) &&
1867 test_bit(BTUSB_FIRMWARE_LOADED
, &data
->flags
)) {
1868 smp_mb__after_atomic();
1869 wake_up_bit(&data
->flags
, BTUSB_DOWNLOADING
);
1873 static int btusb_recv_event_intel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1875 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1877 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
)) {
1878 struct hci_event_hdr
*hdr
= (void *)skb
->data
;
1880 if (skb
->len
> HCI_EVENT_HDR_SIZE
&& hdr
->evt
== 0xff &&
1882 const void *ptr
= skb
->data
+ HCI_EVENT_HDR_SIZE
+ 1;
1883 unsigned int len
= skb
->len
- HCI_EVENT_HDR_SIZE
- 1;
1885 switch (skb
->data
[2]) {
1887 /* When switching to the operational firmware
1888 * the device sends a vendor specific event
1889 * indicating that the bootup completed.
1891 btusb_intel_bootup(data
, ptr
, len
);
1894 /* When the firmware loading completes the
1895 * device sends out a vendor specific event
1896 * indicating the result of the firmware
1899 btusb_intel_secure_send_result(data
, ptr
, len
);
1905 return hci_recv_frame(hdev
, skb
);
1908 static int btusb_send_frame_intel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1910 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1913 BT_DBG("%s", hdev
->name
);
1915 switch (hci_skb_pkt_type(skb
)) {
1916 case HCI_COMMAND_PKT
:
1917 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
)) {
1918 struct hci_command_hdr
*cmd
= (void *)skb
->data
;
1919 __u16 opcode
= le16_to_cpu(cmd
->opcode
);
1921 /* When in bootloader mode and the command 0xfc09
1922 * is received, it needs to be send down the
1923 * bulk endpoint. So allocate a bulk URB instead.
1925 if (opcode
== 0xfc09)
1926 urb
= alloc_bulk_urb(hdev
, skb
);
1928 urb
= alloc_ctrl_urb(hdev
, skb
);
1930 /* When the 0xfc01 command is issued to boot into
1931 * the operational firmware, it will actually not
1932 * send a command complete event. To keep the flow
1933 * control working inject that event here.
1935 if (opcode
== 0xfc01)
1936 inject_cmd_complete(hdev
, opcode
);
1938 urb
= alloc_ctrl_urb(hdev
, skb
);
1941 return PTR_ERR(urb
);
1943 hdev
->stat
.cmd_tx
++;
1944 return submit_or_queue_tx_urb(hdev
, urb
);
1946 case HCI_ACLDATA_PKT
:
1947 urb
= alloc_bulk_urb(hdev
, skb
);
1949 return PTR_ERR(urb
);
1951 hdev
->stat
.acl_tx
++;
1952 return submit_or_queue_tx_urb(hdev
, urb
);
1954 case HCI_SCODATA_PKT
:
1955 if (hci_conn_num(hdev
, SCO_LINK
) < 1)
1958 urb
= alloc_isoc_urb(hdev
, skb
);
1960 return PTR_ERR(urb
);
1962 hdev
->stat
.sco_tx
++;
1963 return submit_tx_urb(hdev
, urb
);
1969 static int btusb_setup_intel_new(struct hci_dev
*hdev
)
1971 static const u8 reset_param
[] = { 0x00, 0x01, 0x00, 0x01,
1972 0x00, 0x08, 0x04, 0x00 };
1973 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1974 struct sk_buff
*skb
;
1975 struct intel_version ver
;
1976 struct intel_boot_params
*params
;
1977 const struct firmware
*fw
;
1981 ktime_t calltime
, delta
, rettime
;
1982 unsigned long long duration
;
1985 BT_DBG("%s", hdev
->name
);
1987 calltime
= ktime_get();
1989 /* Read the Intel version information to determine if the device
1990 * is in bootloader mode or if it already has operational firmware
1993 err
= btintel_read_version(hdev
, &ver
);
1997 /* The hardware platform number has a fixed value of 0x37 and
1998 * for now only accept this single value.
2000 if (ver
.hw_platform
!= 0x37) {
2001 BT_ERR("%s: Unsupported Intel hardware platform (%u)",
2002 hdev
->name
, ver
.hw_platform
);
2006 /* At the moment the iBT 3.0 hardware variants 0x0b (LnP/SfP)
2007 * and 0x0c (WsP) are supported by this firmware loading method.
2009 * This check has been put in place to ensure correct forward
2010 * compatibility options when newer hardware variants come along.
2012 if (ver
.hw_variant
!= 0x0b && ver
.hw_variant
!= 0x0c) {
2013 BT_ERR("%s: Unsupported Intel hardware variant (%u)",
2014 hdev
->name
, ver
.hw_variant
);
2018 btintel_version_info(hdev
, &ver
);
2020 /* The firmware variant determines if the device is in bootloader
2021 * mode or is running operational firmware. The value 0x06 identifies
2022 * the bootloader and the value 0x23 identifies the operational
2025 * When the operational firmware is already present, then only
2026 * the check for valid Bluetooth device address is needed. This
2027 * determines if the device will be added as configured or
2028 * unconfigured controller.
2030 * It is not possible to use the Secure Boot Parameters in this
2031 * case since that command is only available in bootloader mode.
2033 if (ver
.fw_variant
== 0x23) {
2034 clear_bit(BTUSB_BOOTLOADER
, &data
->flags
);
2035 btintel_check_bdaddr(hdev
);
2039 /* If the device is not in bootloader mode, then the only possible
2040 * choice is to return an error and abort the device initialization.
2042 if (ver
.fw_variant
!= 0x06) {
2043 BT_ERR("%s: Unsupported Intel firmware variant (%u)",
2044 hdev
->name
, ver
.fw_variant
);
2048 /* Read the secure boot parameters to identify the operating
2049 * details of the bootloader.
2051 skb
= __hci_cmd_sync(hdev
, 0xfc0d, 0, NULL
, HCI_INIT_TIMEOUT
);
2053 BT_ERR("%s: Reading Intel boot parameters failed (%ld)",
2054 hdev
->name
, PTR_ERR(skb
));
2055 return PTR_ERR(skb
);
2058 if (skb
->len
!= sizeof(*params
)) {
2059 BT_ERR("%s: Intel boot parameters size mismatch", hdev
->name
);
2064 params
= (struct intel_boot_params
*)skb
->data
;
2066 BT_INFO("%s: Device revision is %u", hdev
->name
,
2067 le16_to_cpu(params
->dev_revid
));
2069 BT_INFO("%s: Secure boot is %s", hdev
->name
,
2070 params
->secure_boot
? "enabled" : "disabled");
2072 BT_INFO("%s: OTP lock is %s", hdev
->name
,
2073 params
->otp_lock
? "enabled" : "disabled");
2075 BT_INFO("%s: API lock is %s", hdev
->name
,
2076 params
->api_lock
? "enabled" : "disabled");
2078 BT_INFO("%s: Debug lock is %s", hdev
->name
,
2079 params
->debug_lock
? "enabled" : "disabled");
2081 BT_INFO("%s: Minimum firmware build %u week %u %u", hdev
->name
,
2082 params
->min_fw_build_nn
, params
->min_fw_build_cw
,
2083 2000 + params
->min_fw_build_yy
);
2085 /* It is required that every single firmware fragment is acknowledged
2086 * with a command complete event. If the boot parameters indicate
2087 * that this bootloader does not send them, then abort the setup.
2089 if (params
->limited_cce
!= 0x00) {
2090 BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2091 hdev
->name
, params
->limited_cce
);
2096 /* If the OTP has no valid Bluetooth device address, then there will
2097 * also be no valid address for the operational firmware.
2099 if (!bacmp(¶ms
->otp_bdaddr
, BDADDR_ANY
)) {
2100 BT_INFO("%s: No device address configured", hdev
->name
);
2101 set_bit(HCI_QUIRK_INVALID_BDADDR
, &hdev
->quirks
);
2104 /* With this Intel bootloader only the hardware variant and device
2105 * revision information are used to select the right firmware.
2107 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2109 * Currently the supported hardware variants are:
2110 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2111 * 12 (0x0c) for iBT3.5 (WsP)
2113 snprintf(fwname
, sizeof(fwname
), "intel/ibt-%u-%u.sfi",
2114 le16_to_cpu(ver
.hw_variant
),
2115 le16_to_cpu(params
->dev_revid
));
2117 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2119 BT_ERR("%s: Failed to load Intel firmware file (%d)",
2125 BT_INFO("%s: Found device firmware: %s", hdev
->name
, fwname
);
2127 /* Save the DDC file name for later use to apply once the firmware
2128 * downloading is done.
2130 snprintf(fwname
, sizeof(fwname
), "intel/ibt-%u-%u.ddc",
2131 le16_to_cpu(ver
.hw_variant
),
2132 le16_to_cpu(params
->dev_revid
));
2136 if (fw
->size
< 644) {
2137 BT_ERR("%s: Invalid size of firmware file (%zu)",
2138 hdev
->name
, fw
->size
);
2143 set_bit(BTUSB_DOWNLOADING
, &data
->flags
);
2145 /* Start the firmware download transaction with the Init fragment
2146 * represented by the 128 bytes of CSS header.
2148 err
= btintel_secure_send(hdev
, 0x00, 128, fw
->data
);
2150 BT_ERR("%s: Failed to send firmware header (%d)",
2155 /* Send the 256 bytes of public key information from the firmware
2156 * as the PKey fragment.
2158 err
= btintel_secure_send(hdev
, 0x03, 256, fw
->data
+ 128);
2160 BT_ERR("%s: Failed to send firmware public key (%d)",
2165 /* Send the 256 bytes of signature information from the firmware
2166 * as the Sign fragment.
2168 err
= btintel_secure_send(hdev
, 0x02, 256, fw
->data
+ 388);
2170 BT_ERR("%s: Failed to send firmware signature (%d)",
2175 fw_ptr
= fw
->data
+ 644;
2178 while (fw_ptr
- fw
->data
< fw
->size
) {
2179 struct hci_command_hdr
*cmd
= (void *)(fw_ptr
+ frag_len
);
2181 frag_len
+= sizeof(*cmd
) + cmd
->plen
;
2183 /* The parameter length of the secure send command requires
2184 * a 4 byte alignment. It happens so that the firmware file
2185 * contains proper Intel_NOP commands to align the fragments
2188 * Send set of commands with 4 byte alignment from the
2189 * firmware data buffer as a single Data fragement.
2191 if (!(frag_len
% 4)) {
2192 err
= btintel_secure_send(hdev
, 0x01, frag_len
, fw_ptr
);
2194 BT_ERR("%s: Failed to send firmware data (%d)",
2204 set_bit(BTUSB_FIRMWARE_LOADED
, &data
->flags
);
2206 BT_INFO("%s: Waiting for firmware download to complete", hdev
->name
);
2208 /* Before switching the device into operational mode and with that
2209 * booting the loaded firmware, wait for the bootloader notification
2210 * that all fragments have been successfully received.
2212 * When the event processing receives the notification, then the
2213 * BTUSB_DOWNLOADING flag will be cleared.
2215 * The firmware loading should not take longer than 5 seconds
2216 * and thus just timeout if that happens and fail the setup
2219 err
= wait_on_bit_timeout(&data
->flags
, BTUSB_DOWNLOADING
,
2221 msecs_to_jiffies(5000));
2223 BT_ERR("%s: Firmware loading interrupted", hdev
->name
);
2229 BT_ERR("%s: Firmware loading timeout", hdev
->name
);
2234 if (test_bit(BTUSB_FIRMWARE_FAILED
, &data
->flags
)) {
2235 BT_ERR("%s: Firmware loading failed", hdev
->name
);
2240 rettime
= ktime_get();
2241 delta
= ktime_sub(rettime
, calltime
);
2242 duration
= (unsigned long long) ktime_to_ns(delta
) >> 10;
2244 BT_INFO("%s: Firmware loaded in %llu usecs", hdev
->name
, duration
);
2247 release_firmware(fw
);
2252 calltime
= ktime_get();
2254 set_bit(BTUSB_BOOTING
, &data
->flags
);
2256 skb
= __hci_cmd_sync(hdev
, 0xfc01, sizeof(reset_param
), reset_param
,
2259 return PTR_ERR(skb
);
2263 /* The bootloader will not indicate when the device is ready. This
2264 * is done by the operational firmware sending bootup notification.
2266 * Booting into operational firmware should not take longer than
2267 * 1 second. However if that happens, then just fail the setup
2268 * since something went wrong.
2270 BT_INFO("%s: Waiting for device to boot", hdev
->name
);
2272 err
= wait_on_bit_timeout(&data
->flags
, BTUSB_BOOTING
,
2274 msecs_to_jiffies(1000));
2277 BT_ERR("%s: Device boot interrupted", hdev
->name
);
2282 BT_ERR("%s: Device boot timeout", hdev
->name
);
2286 rettime
= ktime_get();
2287 delta
= ktime_sub(rettime
, calltime
);
2288 duration
= (unsigned long long) ktime_to_ns(delta
) >> 10;
2290 BT_INFO("%s: Device booted in %llu usecs", hdev
->name
, duration
);
2292 clear_bit(BTUSB_BOOTLOADER
, &data
->flags
);
2294 /* Once the device is running in operational mode, it needs to apply
2295 * the device configuration (DDC) parameters.
2297 * The device can work without DDC parameters, so even if it fails
2298 * to load the file, no need to fail the setup.
2300 btintel_load_ddc_config(hdev
, fwname
);
2302 /* Set the event mask for Intel specific vendor events. This enables
2303 * a few extra events that are useful during general operation. It
2304 * does not enable any debugging related events.
2306 * The device will function correctly without these events enabled
2307 * and thus no need to fail the setup.
2309 btintel_set_event_mask(hdev
, false);
2314 static int btusb_shutdown_intel(struct hci_dev
*hdev
)
2316 struct sk_buff
*skb
;
2319 /* Some platforms have an issue with BT LED when the interface is
2320 * down or BT radio is turned off, which takes 5 seconds to BT LED
2321 * goes off. This command turns off the BT LED immediately.
2323 skb
= __hci_cmd_sync(hdev
, 0xfc3f, 0, NULL
, HCI_INIT_TIMEOUT
);
2326 BT_ERR("%s: turning off Intel device LED failed (%ld)",
2335 static int btusb_set_bdaddr_marvell(struct hci_dev
*hdev
,
2336 const bdaddr_t
*bdaddr
)
2338 struct sk_buff
*skb
;
2343 buf
[1] = sizeof(bdaddr_t
);
2344 memcpy(buf
+ 2, bdaddr
, sizeof(bdaddr_t
));
2346 skb
= __hci_cmd_sync(hdev
, 0xfc22, sizeof(buf
), buf
, HCI_INIT_TIMEOUT
);
2349 BT_ERR("%s: changing Marvell device address failed (%ld)",
2358 static int btusb_set_bdaddr_ath3012(struct hci_dev
*hdev
,
2359 const bdaddr_t
*bdaddr
)
2361 struct sk_buff
*skb
;
2368 buf
[3] = sizeof(bdaddr_t
);
2369 memcpy(buf
+ 4, bdaddr
, sizeof(bdaddr_t
));
2371 skb
= __hci_cmd_sync(hdev
, 0xfc0b, sizeof(buf
), buf
, HCI_INIT_TIMEOUT
);
2374 BT_ERR("%s: Change address command failed (%ld)",
2383 #define QCA_DFU_PACKET_LEN 4096
2385 #define QCA_GET_TARGET_VERSION 0x09
2386 #define QCA_CHECK_STATUS 0x05
2387 #define QCA_DFU_DOWNLOAD 0x01
2389 #define QCA_SYSCFG_UPDATED 0x40
2390 #define QCA_PATCH_UPDATED 0x80
2391 #define QCA_DFU_TIMEOUT 3000
2393 struct qca_version
{
2395 __le32 patch_version
;
2401 struct qca_rampatch_version
{
2403 __le16 patch_version
;
2406 struct qca_device_info
{
2408 u8 rampatch_hdr
; /* length of header in rampatch */
2409 u8 nvm_hdr
; /* length of header in NVM */
2410 u8 ver_offset
; /* offset of version structure in rampatch */
2413 static const struct qca_device_info qca_devices_table
[] = {
2414 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
2415 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
2416 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
2417 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
2418 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
2419 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
2422 static int btusb_qca_send_vendor_req(struct hci_dev
*hdev
, u8 request
,
2423 void *data
, u16 size
)
2425 struct btusb_data
*btdata
= hci_get_drvdata(hdev
);
2426 struct usb_device
*udev
= btdata
->udev
;
2430 buf
= kmalloc(size
, GFP_KERNEL
);
2434 /* Found some of USB hosts have IOT issues with ours so that we should
2435 * not wait until HCI layer is ready.
2437 pipe
= usb_rcvctrlpipe(udev
, 0);
2438 err
= usb_control_msg(udev
, pipe
, request
, USB_TYPE_VENDOR
| USB_DIR_IN
,
2439 0, 0, buf
, size
, USB_CTRL_SET_TIMEOUT
);
2441 BT_ERR("%s: Failed to access otp area (%d)", hdev
->name
, err
);
2445 memcpy(data
, buf
, size
);
2453 static int btusb_setup_qca_download_fw(struct hci_dev
*hdev
,
2454 const struct firmware
*firmware
,
2457 struct btusb_data
*btdata
= hci_get_drvdata(hdev
);
2458 struct usb_device
*udev
= btdata
->udev
;
2459 size_t count
, size
, sent
= 0;
2463 buf
= kmalloc(QCA_DFU_PACKET_LEN
, GFP_KERNEL
);
2467 count
= firmware
->size
;
2469 size
= min_t(size_t, count
, hdr_size
);
2470 memcpy(buf
, firmware
->data
, size
);
2472 /* USB patches should go down to controller through USB path
2473 * because binary format fits to go down through USB channel.
2474 * USB control path is for patching headers and USB bulk is for
2477 pipe
= usb_sndctrlpipe(udev
, 0);
2478 err
= usb_control_msg(udev
, pipe
, QCA_DFU_DOWNLOAD
, USB_TYPE_VENDOR
,
2479 0, 0, buf
, size
, USB_CTRL_SET_TIMEOUT
);
2481 BT_ERR("%s: Failed to send headers (%d)", hdev
->name
, err
);
2489 size
= min_t(size_t, count
, QCA_DFU_PACKET_LEN
);
2491 memcpy(buf
, firmware
->data
+ sent
, size
);
2493 pipe
= usb_sndbulkpipe(udev
, 0x02);
2494 err
= usb_bulk_msg(udev
, pipe
, buf
, size
, &len
,
2497 BT_ERR("%s: Failed to send body at %zd of %zd (%d)",
2498 hdev
->name
, sent
, firmware
->size
, err
);
2503 BT_ERR("%s: Failed to get bulk buffer", hdev
->name
);
2517 static int btusb_setup_qca_load_rampatch(struct hci_dev
*hdev
,
2518 struct qca_version
*ver
,
2519 const struct qca_device_info
*info
)
2521 struct qca_rampatch_version
*rver
;
2522 const struct firmware
*fw
;
2523 u32 ver_rom
, ver_patch
;
2524 u16 rver_rom
, rver_patch
;
2528 ver_rom
= le32_to_cpu(ver
->rom_version
);
2529 ver_patch
= le32_to_cpu(ver
->patch_version
);
2531 snprintf(fwname
, sizeof(fwname
), "qca/rampatch_usb_%08x.bin", ver_rom
);
2533 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2535 BT_ERR("%s: failed to request rampatch file: %s (%d)",
2536 hdev
->name
, fwname
, err
);
2540 BT_INFO("%s: using rampatch file: %s", hdev
->name
, fwname
);
2542 rver
= (struct qca_rampatch_version
*)(fw
->data
+ info
->ver_offset
);
2543 rver_rom
= le16_to_cpu(rver
->rom_version
);
2544 rver_patch
= le16_to_cpu(rver
->patch_version
);
2546 BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x "
2547 "build 0x%x", hdev
->name
, rver_rom
, rver_patch
, ver_rom
,
2550 if (rver_rom
!= ver_rom
|| rver_patch
<= ver_patch
) {
2551 BT_ERR("%s: rampatch file version did not match with firmware",
2557 err
= btusb_setup_qca_download_fw(hdev
, fw
, info
->rampatch_hdr
);
2560 release_firmware(fw
);
2565 static int btusb_setup_qca_load_nvm(struct hci_dev
*hdev
,
2566 struct qca_version
*ver
,
2567 const struct qca_device_info
*info
)
2569 const struct firmware
*fw
;
2573 snprintf(fwname
, sizeof(fwname
), "qca/nvm_usb_%08x.bin",
2574 le32_to_cpu(ver
->rom_version
));
2576 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2578 BT_ERR("%s: failed to request NVM file: %s (%d)",
2579 hdev
->name
, fwname
, err
);
2583 BT_INFO("%s: using NVM file: %s", hdev
->name
, fwname
);
2585 err
= btusb_setup_qca_download_fw(hdev
, fw
, info
->nvm_hdr
);
2587 release_firmware(fw
);
2592 static int btusb_setup_qca(struct hci_dev
*hdev
)
2594 const struct qca_device_info
*info
= NULL
;
2595 struct qca_version ver
;
2600 err
= btusb_qca_send_vendor_req(hdev
, QCA_GET_TARGET_VERSION
, &ver
,
2605 ver_rom
= le32_to_cpu(ver
.rom_version
);
2606 for (i
= 0; i
< ARRAY_SIZE(qca_devices_table
); i
++) {
2607 if (ver_rom
== qca_devices_table
[i
].rom_version
)
2608 info
= &qca_devices_table
[i
];
2611 BT_ERR("%s: don't support firmware rome 0x%x", hdev
->name
,
2616 err
= btusb_qca_send_vendor_req(hdev
, QCA_CHECK_STATUS
, &status
,
2621 if (!(status
& QCA_PATCH_UPDATED
)) {
2622 err
= btusb_setup_qca_load_rampatch(hdev
, &ver
, info
);
2627 if (!(status
& QCA_SYSCFG_UPDATED
)) {
2628 err
= btusb_setup_qca_load_nvm(hdev
, &ver
, info
);
2636 #ifdef CONFIG_BT_HCIBTUSB_BCM
2637 static inline int __set_diag_interface(struct hci_dev
*hdev
)
2639 struct btusb_data
*data
= hci_get_drvdata(hdev
);
2640 struct usb_interface
*intf
= data
->diag
;
2646 data
->diag_tx_ep
= NULL
;
2647 data
->diag_rx_ep
= NULL
;
2649 for (i
= 0; i
< intf
->cur_altsetting
->desc
.bNumEndpoints
; i
++) {
2650 struct usb_endpoint_descriptor
*ep_desc
;
2652 ep_desc
= &intf
->cur_altsetting
->endpoint
[i
].desc
;
2654 if (!data
->diag_tx_ep
&& usb_endpoint_is_bulk_out(ep_desc
)) {
2655 data
->diag_tx_ep
= ep_desc
;
2659 if (!data
->diag_rx_ep
&& usb_endpoint_is_bulk_in(ep_desc
)) {
2660 data
->diag_rx_ep
= ep_desc
;
2665 if (!data
->diag_tx_ep
|| !data
->diag_rx_ep
) {
2666 BT_ERR("%s invalid diagnostic descriptors", hdev
->name
);
2673 static struct urb
*alloc_diag_urb(struct hci_dev
*hdev
, bool enable
)
2675 struct btusb_data
*data
= hci_get_drvdata(hdev
);
2676 struct sk_buff
*skb
;
2680 if (!data
->diag_tx_ep
)
2681 return ERR_PTR(-ENODEV
);
2683 urb
= usb_alloc_urb(0, GFP_KERNEL
);
2685 return ERR_PTR(-ENOMEM
);
2687 skb
= bt_skb_alloc(2, GFP_KERNEL
);
2690 return ERR_PTR(-ENOMEM
);
2693 *skb_put(skb
, 1) = 0xf0;
2694 *skb_put(skb
, 1) = enable
;
2696 pipe
= usb_sndbulkpipe(data
->udev
, data
->diag_tx_ep
->bEndpointAddress
);
2698 usb_fill_bulk_urb(urb
, data
->udev
, pipe
,
2699 skb
->data
, skb
->len
, btusb_tx_complete
, skb
);
2701 skb
->dev
= (void *)hdev
;
2706 static int btusb_bcm_set_diag(struct hci_dev
*hdev
, bool enable
)
2708 struct btusb_data
*data
= hci_get_drvdata(hdev
);
2714 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
2717 urb
= alloc_diag_urb(hdev
, enable
);
2719 return PTR_ERR(urb
);
2721 return submit_or_queue_tx_urb(hdev
, urb
);
2725 static int btusb_probe(struct usb_interface
*intf
,
2726 const struct usb_device_id
*id
)
2728 struct usb_endpoint_descriptor
*ep_desc
;
2729 struct btusb_data
*data
;
2730 struct hci_dev
*hdev
;
2731 unsigned ifnum_base
;
2734 BT_DBG("intf %p id %p", intf
, id
);
2736 /* interface numbers are hardcoded in the spec */
2737 if (intf
->cur_altsetting
->desc
.bInterfaceNumber
!= 0) {
2738 if (!(id
->driver_info
& BTUSB_IFNUM_2
))
2740 if (intf
->cur_altsetting
->desc
.bInterfaceNumber
!= 2)
2744 ifnum_base
= intf
->cur_altsetting
->desc
.bInterfaceNumber
;
2746 if (!id
->driver_info
) {
2747 const struct usb_device_id
*match
;
2749 match
= usb_match_id(intf
, blacklist_table
);
2754 if (id
->driver_info
== BTUSB_IGNORE
)
2757 if (id
->driver_info
& BTUSB_ATH3012
) {
2758 struct usb_device
*udev
= interface_to_usbdev(intf
);
2760 /* Old firmware would otherwise let ath3k driver load
2761 * patch and sysconfig files */
2762 if (le16_to_cpu(udev
->descriptor
.bcdDevice
) <= 0x0001)
2766 data
= devm_kzalloc(&intf
->dev
, sizeof(*data
), GFP_KERNEL
);
2770 for (i
= 0; i
< intf
->cur_altsetting
->desc
.bNumEndpoints
; i
++) {
2771 ep_desc
= &intf
->cur_altsetting
->endpoint
[i
].desc
;
2773 if (!data
->intr_ep
&& usb_endpoint_is_int_in(ep_desc
)) {
2774 data
->intr_ep
= ep_desc
;
2778 if (!data
->bulk_tx_ep
&& usb_endpoint_is_bulk_out(ep_desc
)) {
2779 data
->bulk_tx_ep
= ep_desc
;
2783 if (!data
->bulk_rx_ep
&& usb_endpoint_is_bulk_in(ep_desc
)) {
2784 data
->bulk_rx_ep
= ep_desc
;
2789 if (!data
->intr_ep
|| !data
->bulk_tx_ep
|| !data
->bulk_rx_ep
)
2792 if (id
->driver_info
& BTUSB_AMP
) {
2793 data
->cmdreq_type
= USB_TYPE_CLASS
| 0x01;
2794 data
->cmdreq
= 0x2b;
2796 data
->cmdreq_type
= USB_TYPE_CLASS
;
2797 data
->cmdreq
= 0x00;
2800 data
->udev
= interface_to_usbdev(intf
);
2803 INIT_WORK(&data
->work
, btusb_work
);
2804 INIT_WORK(&data
->waker
, btusb_waker
);
2805 init_usb_anchor(&data
->deferred
);
2806 init_usb_anchor(&data
->tx_anchor
);
2807 spin_lock_init(&data
->txlock
);
2809 init_usb_anchor(&data
->intr_anchor
);
2810 init_usb_anchor(&data
->bulk_anchor
);
2811 init_usb_anchor(&data
->isoc_anchor
);
2812 init_usb_anchor(&data
->diag_anchor
);
2813 spin_lock_init(&data
->rxlock
);
2815 if (id
->driver_info
& BTUSB_INTEL_NEW
) {
2816 data
->recv_event
= btusb_recv_event_intel
;
2817 data
->recv_bulk
= btusb_recv_bulk_intel
;
2818 set_bit(BTUSB_BOOTLOADER
, &data
->flags
);
2820 data
->recv_event
= hci_recv_frame
;
2821 data
->recv_bulk
= btusb_recv_bulk
;
2824 hdev
= hci_alloc_dev();
2828 hdev
->bus
= HCI_USB
;
2829 hci_set_drvdata(hdev
, data
);
2831 if (id
->driver_info
& BTUSB_AMP
)
2832 hdev
->dev_type
= HCI_AMP
;
2834 hdev
->dev_type
= HCI_BREDR
;
2838 SET_HCIDEV_DEV(hdev
, &intf
->dev
);
2840 hdev
->open
= btusb_open
;
2841 hdev
->close
= btusb_close
;
2842 hdev
->flush
= btusb_flush
;
2843 hdev
->send
= btusb_send_frame
;
2844 hdev
->notify
= btusb_notify
;
2846 if (id
->driver_info
& BTUSB_BCM2045
)
2847 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY
, &hdev
->quirks
);
2849 if (id
->driver_info
& BTUSB_BCM92035
)
2850 hdev
->setup
= btusb_setup_bcm92035
;
2852 #ifdef CONFIG_BT_HCIBTUSB_BCM
2853 if (id
->driver_info
& BTUSB_BCM_PATCHRAM
) {
2854 hdev
->manufacturer
= 15;
2855 hdev
->setup
= btbcm_setup_patchram
;
2856 hdev
->set_diag
= btusb_bcm_set_diag
;
2857 hdev
->set_bdaddr
= btbcm_set_bdaddr
;
2859 /* Broadcom LM_DIAG Interface numbers are hardcoded */
2860 data
->diag
= usb_ifnum_to_if(data
->udev
, ifnum_base
+ 2);
2863 if (id
->driver_info
& BTUSB_BCM_APPLE
) {
2864 hdev
->manufacturer
= 15;
2865 hdev
->setup
= btbcm_setup_apple
;
2866 hdev
->set_diag
= btusb_bcm_set_diag
;
2868 /* Broadcom LM_DIAG Interface numbers are hardcoded */
2869 data
->diag
= usb_ifnum_to_if(data
->udev
, ifnum_base
+ 2);
2873 if (id
->driver_info
& BTUSB_INTEL
) {
2874 hdev
->manufacturer
= 2;
2875 hdev
->setup
= btusb_setup_intel
;
2876 hdev
->shutdown
= btusb_shutdown_intel
;
2877 hdev
->set_diag
= btintel_set_diag_mfg
;
2878 hdev
->set_bdaddr
= btintel_set_bdaddr
;
2879 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2880 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2881 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG
, &hdev
->quirks
);
2884 if (id
->driver_info
& BTUSB_INTEL_NEW
) {
2885 hdev
->manufacturer
= 2;
2886 hdev
->send
= btusb_send_frame_intel
;
2887 hdev
->setup
= btusb_setup_intel_new
;
2888 hdev
->hw_error
= btintel_hw_error
;
2889 hdev
->set_diag
= btintel_set_diag
;
2890 hdev
->set_bdaddr
= btintel_set_bdaddr
;
2891 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2892 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG
, &hdev
->quirks
);
2895 if (id
->driver_info
& BTUSB_MARVELL
)
2896 hdev
->set_bdaddr
= btusb_set_bdaddr_marvell
;
2898 if (id
->driver_info
& BTUSB_SWAVE
) {
2899 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE
, &hdev
->quirks
);
2900 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS
, &hdev
->quirks
);
2903 if (id
->driver_info
& BTUSB_INTEL_BOOT
) {
2904 hdev
->manufacturer
= 2;
2905 set_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
);
2908 if (id
->driver_info
& BTUSB_ATH3012
) {
2909 hdev
->set_bdaddr
= btusb_set_bdaddr_ath3012
;
2910 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2911 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2914 if (id
->driver_info
& BTUSB_QCA_ROME
) {
2915 data
->setup_on_usb
= btusb_setup_qca
;
2916 hdev
->set_bdaddr
= btusb_set_bdaddr_ath3012
;
2919 #ifdef CONFIG_BT_HCIBTUSB_RTL
2920 if (id
->driver_info
& BTUSB_REALTEK
) {
2921 hdev
->setup
= btrtl_setup_realtek
;
2923 /* Realtek devices lose their updated firmware over suspend,
2924 * but the USB hub doesn't notice any status change.
2925 * Explicitly request a device reset on resume.
2927 set_bit(BTUSB_RESET_RESUME
, &data
->flags
);
2931 if (id
->driver_info
& BTUSB_AMP
) {
2932 /* AMP controllers do not support SCO packets */
2935 /* Interface orders are hardcoded in the specification */
2936 data
->isoc
= usb_ifnum_to_if(data
->udev
, ifnum_base
+ 1);
2940 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2942 if (force_scofix
|| id
->driver_info
& BTUSB_WRONG_SCO_MTU
) {
2943 if (!disable_scofix
)
2944 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
);
2947 if (id
->driver_info
& BTUSB_BROKEN_ISOC
)
2950 if (id
->driver_info
& BTUSB_DIGIANSWER
) {
2951 data
->cmdreq_type
= USB_TYPE_VENDOR
;
2952 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2955 if (id
->driver_info
& BTUSB_CSR
) {
2956 struct usb_device
*udev
= data
->udev
;
2957 u16 bcdDevice
= le16_to_cpu(udev
->descriptor
.bcdDevice
);
2959 /* Old firmware would otherwise execute USB reset */
2960 if (bcdDevice
< 0x117)
2961 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2963 /* Fake CSR devices with broken commands */
2964 if (bcdDevice
<= 0x100 || bcdDevice
== 0x134)
2965 hdev
->setup
= btusb_setup_csr
;
2967 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2970 if (id
->driver_info
& BTUSB_SNIFFER
) {
2971 struct usb_device
*udev
= data
->udev
;
2973 /* New sniffer firmware has crippled HCI interface */
2974 if (le16_to_cpu(udev
->descriptor
.bcdDevice
) > 0x997)
2975 set_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
);
2978 if (id
->driver_info
& BTUSB_INTEL_BOOT
) {
2979 /* A bug in the bootloader causes that interrupt interface is
2980 * only enabled after receiving SetInterface(0, AltSetting=0).
2982 err
= usb_set_interface(data
->udev
, 0, 0);
2984 BT_ERR("failed to set interface 0, alt 0 %d", err
);
2991 err
= usb_driver_claim_interface(&btusb_driver
,
2999 #ifdef CONFIG_BT_HCIBTUSB_BCM
3001 if (!usb_driver_claim_interface(&btusb_driver
,
3003 __set_diag_interface(hdev
);
3009 err
= hci_register_dev(hdev
);
3015 usb_set_intfdata(intf
, data
);
3020 static void btusb_disconnect(struct usb_interface
*intf
)
3022 struct btusb_data
*data
= usb_get_intfdata(intf
);
3023 struct hci_dev
*hdev
;
3025 BT_DBG("intf %p", intf
);
3031 usb_set_intfdata(data
->intf
, NULL
);
3034 usb_set_intfdata(data
->isoc
, NULL
);
3037 usb_set_intfdata(data
->diag
, NULL
);
3039 hci_unregister_dev(hdev
);
3041 if (intf
== data
->intf
) {
3043 usb_driver_release_interface(&btusb_driver
, data
->isoc
);
3045 usb_driver_release_interface(&btusb_driver
, data
->diag
);
3046 } else if (intf
== data
->isoc
) {
3048 usb_driver_release_interface(&btusb_driver
, data
->diag
);
3049 usb_driver_release_interface(&btusb_driver
, data
->intf
);
3050 } else if (intf
== data
->diag
) {
3051 usb_driver_release_interface(&btusb_driver
, data
->intf
);
3053 usb_driver_release_interface(&btusb_driver
, data
->isoc
);
3060 static int btusb_suspend(struct usb_interface
*intf
, pm_message_t message
)
3062 struct btusb_data
*data
= usb_get_intfdata(intf
);
3064 BT_DBG("intf %p", intf
);
3066 if (data
->suspend_count
++)
3069 spin_lock_irq(&data
->txlock
);
3070 if (!(PMSG_IS_AUTO(message
) && data
->tx_in_flight
)) {
3071 set_bit(BTUSB_SUSPENDING
, &data
->flags
);
3072 spin_unlock_irq(&data
->txlock
);
3074 spin_unlock_irq(&data
->txlock
);
3075 data
->suspend_count
--;
3079 cancel_work_sync(&data
->work
);
3081 btusb_stop_traffic(data
);
3082 usb_kill_anchored_urbs(&data
->tx_anchor
);
3084 /* Optionally request a device reset on resume, but only when
3085 * wakeups are disabled. If wakeups are enabled we assume the
3086 * device will stay powered up throughout suspend.
3088 if (test_bit(BTUSB_RESET_RESUME
, &data
->flags
) &&
3089 !device_may_wakeup(&data
->udev
->dev
))
3090 data
->udev
->reset_resume
= 1;
3095 static void play_deferred(struct btusb_data
*data
)
3100 while ((urb
= usb_get_from_anchor(&data
->deferred
))) {
3101 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
3105 data
->tx_in_flight
++;
3107 usb_scuttle_anchored_urbs(&data
->deferred
);
3110 static int btusb_resume(struct usb_interface
*intf
)
3112 struct btusb_data
*data
= usb_get_intfdata(intf
);
3113 struct hci_dev
*hdev
= data
->hdev
;
3116 BT_DBG("intf %p", intf
);
3118 if (--data
->suspend_count
)
3121 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
3124 if (test_bit(BTUSB_INTR_RUNNING
, &data
->flags
)) {
3125 err
= btusb_submit_intr_urb(hdev
, GFP_NOIO
);
3127 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
3132 if (test_bit(BTUSB_BULK_RUNNING
, &data
->flags
)) {
3133 err
= btusb_submit_bulk_urb(hdev
, GFP_NOIO
);
3135 clear_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
3139 btusb_submit_bulk_urb(hdev
, GFP_NOIO
);
3142 if (test_bit(BTUSB_ISOC_RUNNING
, &data
->flags
)) {
3143 if (btusb_submit_isoc_urb(hdev
, GFP_NOIO
) < 0)
3144 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
3146 btusb_submit_isoc_urb(hdev
, GFP_NOIO
);
3149 spin_lock_irq(&data
->txlock
);
3150 play_deferred(data
);
3151 clear_bit(BTUSB_SUSPENDING
, &data
->flags
);
3152 spin_unlock_irq(&data
->txlock
);
3153 schedule_work(&data
->work
);
3158 usb_scuttle_anchored_urbs(&data
->deferred
);
3160 spin_lock_irq(&data
->txlock
);
3161 clear_bit(BTUSB_SUSPENDING
, &data
->flags
);
3162 spin_unlock_irq(&data
->txlock
);
3168 static struct usb_driver btusb_driver
= {
3170 .probe
= btusb_probe
,
3171 .disconnect
= btusb_disconnect
,
3173 .suspend
= btusb_suspend
,
3174 .resume
= btusb_resume
,
3176 .id_table
= btusb_table
,
3177 .supports_autosuspend
= 1,
3178 .disable_hub_initiated_lpm
= 1,
3181 module_usb_driver(btusb_driver
);
3183 module_param(disable_scofix
, bool, 0644);
3184 MODULE_PARM_DESC(disable_scofix
, "Disable fixup of wrong SCO buffer size");
3186 module_param(force_scofix
, bool, 0644);
3187 MODULE_PARM_DESC(force_scofix
, "Force fixup of wrong SCO buffers size");
3189 module_param(reset
, bool, 0644);
3190 MODULE_PARM_DESC(reset
, "Send HCI reset command on initialization");
3192 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3193 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION
);
3194 MODULE_VERSION(VERSION
);
3195 MODULE_LICENSE("GPL");