]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blob - drivers/bluetooth/btusb.c
projects / mirror_ubuntu-hirsute-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix memory leak in fixed btusb_close
[mirror_ubuntu-hirsute-kernel.git] / drivers / bluetooth / btusb.c
1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32
33 #include <linux/usb.h>
34
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37
38 #define VERSION "0.6"
39
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45
46 static int reset = 1;
47
48 static struct usb_driver btusb_driver;
49
50 #define BTUSB_IGNORE 0x01
51 #define BTUSB_DIGIANSWER 0x02
52 #define BTUSB_CSR 0x04
53 #define BTUSB_SNIFFER 0x08
54 #define BTUSB_BCM92035 0x10
55 #define BTUSB_BROKEN_ISOC 0x20
56 #define BTUSB_WRONG_SCO_MTU 0x40
57
58 static struct usb_device_id btusb_table[] = {
59 /* Generic Bluetooth USB device */
60 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
61
62 /* AVM BlueFRITZ! USB v2.0 */
63 { USB_DEVICE(0x057c, 0x3800) },
64
65 /* Bluetooth Ultraport Module from IBM */
66 { USB_DEVICE(0x04bf, 0x030a) },
67
68 /* ALPS Modules with non-standard id */
69 { USB_DEVICE(0x044e, 0x3001) },
70 { USB_DEVICE(0x044e, 0x3002) },
71
72 /* Ericsson with non-standard id */
73 { USB_DEVICE(0x0bdb, 0x1002) },
74
75 /* Canyon CN-BTU1 with HID interfaces */
76 { USB_DEVICE(0x0c10, 0x0000) },
77
78 { } /* Terminating entry */
79 };
80
81 MODULE_DEVICE_TABLE(usb, btusb_table);
82
83 static struct usb_device_id blacklist_table[] = {
84 /* CSR BlueCore devices */
85 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
86
87 /* Broadcom BCM2033 without firmware */
88 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
89
90 /* Broadcom BCM2035 */
91 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
92 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
93 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
94
95 /* Broadcom BCM2045 */
96 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
97 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
98
99 /* IBM/Lenovo ThinkPad with Broadcom chip */
100 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
101 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
102
103 /* HP laptop with Broadcom chip */
104 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
105
106 /* Dell laptop with Broadcom chip */
107 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
108
109 /* Dell Wireless 370 and 410 devices */
110 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
111 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
112
113 /* Belkin F8T012 and F8T013 devices */
114 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
115 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
116
117 /* Asus WL-BTD202 device */
118 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
119
120 /* Kensington Bluetooth USB adapter */
121 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
122
123 /* RTX Telecom based adapters with buggy SCO support */
124 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
125 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
126
127 /* CONWISE Technology based adapters with buggy SCO support */
128 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
129
130 /* Digianswer devices */
131 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
132 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
133
134 /* CSR BlueCore Bluetooth Sniffer */
135 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
136
137 /* Frontline ComProbe Bluetooth Sniffer */
138 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
139
140 { } /* Terminating entry */
141 };
142
143 #define BTUSB_MAX_ISOC_FRAMES 10
144
145 #define BTUSB_INTR_RUNNING 0
146 #define BTUSB_BULK_RUNNING 1
147 #define BTUSB_ISOC_RUNNING 2
148 #define BTUSB_SUSPENDING 3
149
150 struct btusb_data {
151 struct hci_dev *hdev;
152 struct usb_device *udev;
153 struct usb_interface *intf;
154 struct usb_interface *isoc;
155
156 spinlock_t lock;
157
158 unsigned long flags;
159
160 struct work_struct work;
161 struct work_struct waker;
162
163 struct usb_anchor tx_anchor;
164 struct usb_anchor intr_anchor;
165 struct usb_anchor bulk_anchor;
166 struct usb_anchor isoc_anchor;
167 struct usb_anchor deferred;
168 int tx_in_flight;
169 spinlock_t txlock;
170
171 struct usb_endpoint_descriptor *intr_ep;
172 struct usb_endpoint_descriptor *bulk_tx_ep;
173 struct usb_endpoint_descriptor *bulk_rx_ep;
174 struct usb_endpoint_descriptor *isoc_tx_ep;
175 struct usb_endpoint_descriptor *isoc_rx_ep;
176
177 __u8 cmdreq_type;
178
179 unsigned int sco_num;
180 int isoc_altsetting;
181 int suspend_count;
182 int did_iso_resume:1;
183 };
184
185 static int inc_tx(struct btusb_data *data)
186 {
187 unsigned long flags;
188 int rv;
189
190 spin_lock_irqsave(&data->txlock, flags);
191 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
192 if (!rv)
193 data->tx_in_flight++;
194 spin_unlock_irqrestore(&data->txlock, flags);
195
196 return rv;
197 }
198
199 static void btusb_intr_complete(struct urb *urb)
200 {
201 struct hci_dev *hdev = urb->context;
202 struct btusb_data *data = hdev->driver_data;
203 int err;
204
205 BT_DBG("%s urb %p status %d count %d", hdev->name,
206 urb, urb->status, urb->actual_length);
207
208 if (!test_bit(HCI_RUNNING, &hdev->flags))
209 return;
210
211 if (urb->status == 0) {
212 hdev->stat.byte_rx += urb->actual_length;
213
214 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
215 urb->transfer_buffer,
216 urb->actual_length) < 0) {
217 BT_ERR("%s corrupted event packet", hdev->name);
218 hdev->stat.err_rx++;
219 }
220 }
221
222 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
223 return;
224
225 usb_mark_last_busy(data->udev);
226 usb_anchor_urb(urb, &data->intr_anchor);
227
228 err = usb_submit_urb(urb, GFP_ATOMIC);
229 if (err < 0) {
230 BT_ERR("%s urb %p failed to resubmit (%d)",
231 hdev->name, urb, -err);
232 usb_unanchor_urb(urb);
233 }
234 }
235
236 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
237 {
238 struct btusb_data *data = hdev->driver_data;
239 struct urb *urb;
240 unsigned char *buf;
241 unsigned int pipe;
242 int err, size;
243
244 BT_DBG("%s", hdev->name);
245
246 if (!data->intr_ep)
247 return -ENODEV;
248
249 urb = usb_alloc_urb(0, mem_flags);
250 if (!urb)
251 return -ENOMEM;
252
253 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
254
255 buf = kmalloc(size, mem_flags);
256 if (!buf) {
257 usb_free_urb(urb);
258 return -ENOMEM;
259 }
260
261 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
262
263 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
264 btusb_intr_complete, hdev,
265 data->intr_ep->bInterval);
266
267 urb->transfer_flags |= URB_FREE_BUFFER;
268
269 usb_anchor_urb(urb, &data->intr_anchor);
270
271 err = usb_submit_urb(urb, mem_flags);
272 if (err < 0) {
273 BT_ERR("%s urb %p submission failed (%d)",
274 hdev->name, urb, -err);
275 usb_unanchor_urb(urb);
276 }
277
278 usb_free_urb(urb);
279
280 return err;
281 }
282
283 static void btusb_bulk_complete(struct urb *urb)
284 {
285 struct hci_dev *hdev = urb->context;
286 struct btusb_data *data = hdev->driver_data;
287 int err;
288
289 BT_DBG("%s urb %p status %d count %d", hdev->name,
290 urb, urb->status, urb->actual_length);
291
292 if (!test_bit(HCI_RUNNING, &hdev->flags))
293 return;
294
295 if (urb->status == 0) {
296 hdev->stat.byte_rx += urb->actual_length;
297
298 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
299 urb->transfer_buffer,
300 urb->actual_length) < 0) {
301 BT_ERR("%s corrupted ACL packet", hdev->name);
302 hdev->stat.err_rx++;
303 }
304 }
305
306 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
307 return;
308
309 usb_anchor_urb(urb, &data->bulk_anchor);
310
311 err = usb_submit_urb(urb, GFP_ATOMIC);
312 if (err < 0) {
313 BT_ERR("%s urb %p failed to resubmit (%d)",
314 hdev->name, urb, -err);
315 usb_unanchor_urb(urb);
316 }
317 }
318
319 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
320 {
321 struct btusb_data *data = hdev->driver_data;
322 struct urb *urb;
323 unsigned char *buf;
324 unsigned int pipe;
325 int err, size = HCI_MAX_FRAME_SIZE;
326
327 BT_DBG("%s", hdev->name);
328
329 if (!data->bulk_rx_ep)
330 return -ENODEV;
331
332 urb = usb_alloc_urb(0, mem_flags);
333 if (!urb)
334 return -ENOMEM;
335
336 buf = kmalloc(size, mem_flags);
337 if (!buf) {
338 usb_free_urb(urb);
339 return -ENOMEM;
340 }
341
342 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
343
344 usb_fill_bulk_urb(urb, data->udev, pipe,
345 buf, size, btusb_bulk_complete, hdev);
346
347 urb->transfer_flags |= URB_FREE_BUFFER;
348
349 usb_mark_last_busy(data->udev);
350 usb_anchor_urb(urb, &data->bulk_anchor);
351
352 err = usb_submit_urb(urb, mem_flags);
353 if (err < 0) {
354 BT_ERR("%s urb %p submission failed (%d)",
355 hdev->name, urb, -err);
356 usb_unanchor_urb(urb);
357 }
358
359 usb_free_urb(urb);
360
361 return err;
362 }
363
364 static void btusb_isoc_complete(struct urb *urb)
365 {
366 struct hci_dev *hdev = urb->context;
367 struct btusb_data *data = hdev->driver_data;
368 int i, err;
369
370 BT_DBG("%s urb %p status %d count %d", hdev->name,
371 urb, urb->status, urb->actual_length);
372
373 if (!test_bit(HCI_RUNNING, &hdev->flags))
374 return;
375
376 if (urb->status == 0) {
377 for (i = 0; i < urb->number_of_packets; i++) {
378 unsigned int offset = urb->iso_frame_desc[i].offset;
379 unsigned int length = urb->iso_frame_desc[i].actual_length;
380
381 if (urb->iso_frame_desc[i].status)
382 continue;
383
384 hdev->stat.byte_rx += length;
385
386 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
387 urb->transfer_buffer + offset,
388 length) < 0) {
389 BT_ERR("%s corrupted SCO packet", hdev->name);
390 hdev->stat.err_rx++;
391 }
392 }
393 }
394
395 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
396 return;
397
398 usb_anchor_urb(urb, &data->isoc_anchor);
399
400 err = usb_submit_urb(urb, GFP_ATOMIC);
401 if (err < 0) {
402 BT_ERR("%s urb %p failed to resubmit (%d)",
403 hdev->name, urb, -err);
404 usb_unanchor_urb(urb);
405 }
406 }
407
408 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
409 {
410 int i, offset = 0;
411
412 BT_DBG("len %d mtu %d", len, mtu);
413
414 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
415 i++, offset += mtu, len -= mtu) {
416 urb->iso_frame_desc[i].offset = offset;
417 urb->iso_frame_desc[i].length = mtu;
418 }
419
420 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
421 urb->iso_frame_desc[i].offset = offset;
422 urb->iso_frame_desc[i].length = len;
423 i++;
424 }
425
426 urb->number_of_packets = i;
427 }
428
429 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
430 {
431 struct btusb_data *data = hdev->driver_data;
432 struct urb *urb;
433 unsigned char *buf;
434 unsigned int pipe;
435 int err, size;
436
437 BT_DBG("%s", hdev->name);
438
439 if (!data->isoc_rx_ep)
440 return -ENODEV;
441
442 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
443 if (!urb)
444 return -ENOMEM;
445
446 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
447 BTUSB_MAX_ISOC_FRAMES;
448
449 buf = kmalloc(size, mem_flags);
450 if (!buf) {
451 usb_free_urb(urb);
452 return -ENOMEM;
453 }
454
455 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
456
457 urb->dev = data->udev;
458 urb->pipe = pipe;
459 urb->context = hdev;
460 urb->complete = btusb_isoc_complete;
461 urb->interval = data->isoc_rx_ep->bInterval;
462
463 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
464 urb->transfer_buffer = buf;
465 urb->transfer_buffer_length = size;
466
467 __fill_isoc_descriptor(urb, size,
468 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
469
470 usb_anchor_urb(urb, &data->isoc_anchor);
471
472 err = usb_submit_urb(urb, mem_flags);
473 if (err < 0) {
474 BT_ERR("%s urb %p submission failed (%d)",
475 hdev->name, urb, -err);
476 usb_unanchor_urb(urb);
477 }
478
479 usb_free_urb(urb);
480
481 return err;
482 }
483
484 static void btusb_tx_complete(struct urb *urb)
485 {
486 struct sk_buff *skb = urb->context;
487 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
488 struct btusb_data *data = hdev->driver_data;
489
490 BT_DBG("%s urb %p status %d count %d", hdev->name,
491 urb, urb->status, urb->actual_length);
492
493 if (!test_bit(HCI_RUNNING, &hdev->flags))
494 goto done;
495
496 if (!urb->status)
497 hdev->stat.byte_tx += urb->transfer_buffer_length;
498 else
499 hdev->stat.err_tx++;
500
501 done:
502 spin_lock(&data->txlock);
503 data->tx_in_flight--;
504 spin_unlock(&data->txlock);
505
506 kfree(urb->setup_packet);
507
508 kfree_skb(skb);
509 }
510
511 static void btusb_isoc_tx_complete(struct urb *urb)
512 {
513 struct sk_buff *skb = urb->context;
514 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
515
516 BT_DBG("%s urb %p status %d count %d", hdev->name,
517 urb, urb->status, urb->actual_length);
518
519 if (!test_bit(HCI_RUNNING, &hdev->flags))
520 goto done;
521
522 if (!urb->status)
523 hdev->stat.byte_tx += urb->transfer_buffer_length;
524 else
525 hdev->stat.err_tx++;
526
527 done:
528 kfree(urb->setup_packet);
529
530 kfree_skb(skb);
531 }
532
533 static int btusb_open(struct hci_dev *hdev)
534 {
535 struct btusb_data *data = hdev->driver_data;
536 int err;
537
538 BT_DBG("%s", hdev->name);
539
540 err = usb_autopm_get_interface(data->intf);
541 if (err < 0)
542 return err;
543
544 data->intf->needs_remote_wakeup = 1;
545
546 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
547 goto done;
548
549 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
550 goto done;
551
552 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
553 if (err < 0)
554 goto failed;
555
556 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
557 if (err < 0) {
558 usb_kill_anchored_urbs(&data->intr_anchor);
559 goto failed;
560 }
561
562 set_bit(BTUSB_BULK_RUNNING, &data->flags);
563 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
564
565 done:
566 usb_autopm_put_interface(data->intf);
567 return 0;
568
569 failed:
570 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
571 clear_bit(HCI_RUNNING, &hdev->flags);
572 usb_autopm_put_interface(data->intf);
573 return err;
574 }
575
576 static void btusb_stop_traffic(struct btusb_data *data)
577 {
578 usb_kill_anchored_urbs(&data->intr_anchor);
579 usb_kill_anchored_urbs(&data->bulk_anchor);
580 usb_kill_anchored_urbs(&data->isoc_anchor);
581 }
582
583 static int btusb_close(struct hci_dev *hdev)
584 {
585 struct btusb_data *data = hdev->driver_data;
586 int err;
587
588 BT_DBG("%s", hdev->name);
589
590 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
591 return 0;
592
593 cancel_work_sync(&data->work);
594 cancel_work_sync(&data->waker);
595
596 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
597 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
598 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
599
600 btusb_stop_traffic(data);
601 err = usb_autopm_get_interface(data->intf);
602 if (err < 0)
603 goto failed;
604
605 data->intf->needs_remote_wakeup = 0;
606 usb_autopm_put_interface(data->intf);
607
608 failed:
609 usb_scuttle_anchored_urbs(&data->deferred);
610 return 0;
611 }
612
613 static int btusb_flush(struct hci_dev *hdev)
614 {
615 struct btusb_data *data = hdev->driver_data;
616
617 BT_DBG("%s", hdev->name);
618
619 usb_kill_anchored_urbs(&data->tx_anchor);
620
621 return 0;
622 }
623
624 static int btusb_send_frame(struct sk_buff *skb)
625 {
626 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
627 struct btusb_data *data = hdev->driver_data;
628 struct usb_ctrlrequest *dr;
629 struct urb *urb;
630 unsigned int pipe;
631 int err;
632
633 BT_DBG("%s", hdev->name);
634
635 if (!test_bit(HCI_RUNNING, &hdev->flags))
636 return -EBUSY;
637
638 switch (bt_cb(skb)->pkt_type) {
639 case HCI_COMMAND_PKT:
640 urb = usb_alloc_urb(0, GFP_ATOMIC);
641 if (!urb)
642 return -ENOMEM;
643
644 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
645 if (!dr) {
646 usb_free_urb(urb);
647 return -ENOMEM;
648 }
649
650 dr->bRequestType = data->cmdreq_type;
651 dr->bRequest = 0;
652 dr->wIndex = 0;
653 dr->wValue = 0;
654 dr->wLength = __cpu_to_le16(skb->len);
655
656 pipe = usb_sndctrlpipe(data->udev, 0x00);
657
658 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
659 skb->data, skb->len, btusb_tx_complete, skb);
660
661 hdev->stat.cmd_tx++;
662 break;
663
664 case HCI_ACLDATA_PKT:
665 if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
666 return -ENODEV;
667
668 urb = usb_alloc_urb(0, GFP_ATOMIC);
669 if (!urb)
670 return -ENOMEM;
671
672 pipe = usb_sndbulkpipe(data->udev,
673 data->bulk_tx_ep->bEndpointAddress);
674
675 usb_fill_bulk_urb(urb, data->udev, pipe,
676 skb->data, skb->len, btusb_tx_complete, skb);
677
678 hdev->stat.acl_tx++;
679 break;
680
681 case HCI_SCODATA_PKT:
682 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
683 return -ENODEV;
684
685 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
686 if (!urb)
687 return -ENOMEM;
688
689 pipe = usb_sndisocpipe(data->udev,
690 data->isoc_tx_ep->bEndpointAddress);
691
692 urb->dev = data->udev;
693 urb->pipe = pipe;
694 urb->context = skb;
695 urb->complete = btusb_isoc_tx_complete;
696 urb->interval = data->isoc_tx_ep->bInterval;
697
698 urb->transfer_flags = URB_ISO_ASAP;
699 urb->transfer_buffer = skb->data;
700 urb->transfer_buffer_length = skb->len;
701
702 __fill_isoc_descriptor(urb, skb->len,
703 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
704
705 hdev->stat.sco_tx++;
706 goto skip_waking;
707
708 default:
709 return -EILSEQ;
710 }
711
712 err = inc_tx(data);
713 if (err) {
714 usb_anchor_urb(urb, &data->deferred);
715 schedule_work(&data->waker);
716 err = 0;
717 goto done;
718 }
719
720 skip_waking:
721 usb_anchor_urb(urb, &data->tx_anchor);
722
723 err = usb_submit_urb(urb, GFP_ATOMIC);
724 if (err < 0) {
725 BT_ERR("%s urb %p submission failed", hdev->name, urb);
726 kfree(urb->setup_packet);
727 usb_unanchor_urb(urb);
728 } else {
729 usb_mark_last_busy(data->udev);
730 }
731
732 usb_free_urb(urb);
733
734 done:
735 return err;
736 }
737
738 static void btusb_destruct(struct hci_dev *hdev)
739 {
740 struct btusb_data *data = hdev->driver_data;
741
742 BT_DBG("%s", hdev->name);
743
744 kfree(data);
745 }
746
747 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
748 {
749 struct btusb_data *data = hdev->driver_data;
750
751 BT_DBG("%s evt %d", hdev->name, evt);
752
753 if (hdev->conn_hash.sco_num != data->sco_num) {
754 data->sco_num = hdev->conn_hash.sco_num;
755 schedule_work(&data->work);
756 }
757 }
758
759 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
760 {
761 struct btusb_data *data = hdev->driver_data;
762 struct usb_interface *intf = data->isoc;
763 struct usb_endpoint_descriptor *ep_desc;
764 int i, err;
765
766 if (!data->isoc)
767 return -ENODEV;
768
769 err = usb_set_interface(data->udev, 1, altsetting);
770 if (err < 0) {
771 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
772 return err;
773 }
774
775 data->isoc_altsetting = altsetting;
776
777 data->isoc_tx_ep = NULL;
778 data->isoc_rx_ep = NULL;
779
780 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
781 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
782
783 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
784 data->isoc_tx_ep = ep_desc;
785 continue;
786 }
787
788 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
789 data->isoc_rx_ep = ep_desc;
790 continue;
791 }
792 }
793
794 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
795 BT_ERR("%s invalid SCO descriptors", hdev->name);
796 return -ENODEV;
797 }
798
799 return 0;
800 }
801
802 static void btusb_work(struct work_struct *work)
803 {
804 struct btusb_data *data = container_of(work, struct btusb_data, work);
805 struct hci_dev *hdev = data->hdev;
806 int err;
807
808 if (hdev->conn_hash.sco_num > 0) {
809 if (!data->did_iso_resume) {
810 err = usb_autopm_get_interface(data->isoc);
811 if (err < 0) {
812 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
813 usb_kill_anchored_urbs(&data->isoc_anchor);
814 return;
815 }
816
817 data->did_iso_resume = 1;
818 }
819 if (data->isoc_altsetting != 2) {
820 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
821 usb_kill_anchored_urbs(&data->isoc_anchor);
822
823 if (__set_isoc_interface(hdev, 2) < 0)
824 return;
825 }
826
827 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
828 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
829 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
830 else
831 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
832 }
833 } else {
834 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
835 usb_kill_anchored_urbs(&data->isoc_anchor);
836
837 __set_isoc_interface(hdev, 0);
838 if (data->did_iso_resume) {
839 data->did_iso_resume = 0;
840 usb_autopm_put_interface(data->isoc);
841 }
842 }
843 }
844
845 static void btusb_waker(struct work_struct *work)
846 {
847 struct btusb_data *data = container_of(work, struct btusb_data, waker);
848 int err;
849
850 err = usb_autopm_get_interface(data->intf);
851 if (err < 0)
852 return;
853
854 usb_autopm_put_interface(data->intf);
855 }
856
857 static int btusb_probe(struct usb_interface *intf,
858 const struct usb_device_id *id)
859 {
860 struct usb_endpoint_descriptor *ep_desc;
861 struct btusb_data *data;
862 struct hci_dev *hdev;
863 int i, err;
864
865 BT_DBG("intf %p id %p", intf, id);
866
867 /* interface numbers are hardcoded in the spec */
868 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
869 return -ENODEV;
870
871 if (!id->driver_info) {
872 const struct usb_device_id *match;
873 match = usb_match_id(intf, blacklist_table);
874 if (match)
875 id = match;
876 }
877
878 if (id->driver_info == BTUSB_IGNORE)
879 return -ENODEV;
880
881 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
882 return -ENODEV;
883
884 if (ignore_csr && id->driver_info & BTUSB_CSR)
885 return -ENODEV;
886
887 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
888 return -ENODEV;
889
890 data = kzalloc(sizeof(*data), GFP_KERNEL);
891 if (!data)
892 return -ENOMEM;
893
894 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
895 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
896
897 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
898 data->intr_ep = ep_desc;
899 continue;
900 }
901
902 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
903 data->bulk_tx_ep = ep_desc;
904 continue;
905 }
906
907 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
908 data->bulk_rx_ep = ep_desc;
909 continue;
910 }
911 }
912
913 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
914 kfree(data);
915 return -ENODEV;
916 }
917
918 data->cmdreq_type = USB_TYPE_CLASS;
919
920 data->udev = interface_to_usbdev(intf);
921 data->intf = intf;
922
923 spin_lock_init(&data->lock);
924
925 INIT_WORK(&data->work, btusb_work);
926 INIT_WORK(&data->waker, btusb_waker);
927 spin_lock_init(&data->txlock);
928
929 init_usb_anchor(&data->tx_anchor);
930 init_usb_anchor(&data->intr_anchor);
931 init_usb_anchor(&data->bulk_anchor);
932 init_usb_anchor(&data->isoc_anchor);
933 init_usb_anchor(&data->deferred);
934
935 hdev = hci_alloc_dev();
936 if (!hdev) {
937 kfree(data);
938 return -ENOMEM;
939 }
940
941 hdev->type = HCI_USB;
942 hdev->driver_data = data;
943
944 data->hdev = hdev;
945
946 SET_HCIDEV_DEV(hdev, &intf->dev);
947
948 hdev->open = btusb_open;
949 hdev->close = btusb_close;
950 hdev->flush = btusb_flush;
951 hdev->send = btusb_send_frame;
952 hdev->destruct = btusb_destruct;
953 hdev->notify = btusb_notify;
954
955 hdev->owner = THIS_MODULE;
956
957 /* Interface numbers are hardcoded in the specification */
958 data->isoc = usb_ifnum_to_if(data->udev, 1);
959
960 if (!reset)
961 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
962
963 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
964 if (!disable_scofix)
965 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
966 }
967
968 if (id->driver_info & BTUSB_BROKEN_ISOC)
969 data->isoc = NULL;
970
971 if (id->driver_info & BTUSB_DIGIANSWER) {
972 data->cmdreq_type = USB_TYPE_VENDOR;
973 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
974 }
975
976 if (id->driver_info & BTUSB_CSR) {
977 struct usb_device *udev = data->udev;
978
979 /* Old firmware would otherwise execute USB reset */
980 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
981 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
982 }
983
984 if (id->driver_info & BTUSB_SNIFFER) {
985 struct usb_device *udev = data->udev;
986
987 /* New sniffer firmware has crippled HCI interface */
988 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
989 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
990
991 data->isoc = NULL;
992 }
993
994 if (id->driver_info & BTUSB_BCM92035) {
995 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
996 struct sk_buff *skb;
997
998 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
999 if (skb) {
1000 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1001 skb_queue_tail(&hdev->driver_init, skb);
1002 }
1003 }
1004
1005 if (data->isoc) {
1006 err = usb_driver_claim_interface(&btusb_driver,
1007 data->isoc, data);
1008 if (err < 0) {
1009 hci_free_dev(hdev);
1010 kfree(data);
1011 return err;
1012 }
1013 }
1014
1015 err = hci_register_dev(hdev);
1016 if (err < 0) {
1017 hci_free_dev(hdev);
1018 kfree(data);
1019 return err;
1020 }
1021
1022 usb_set_intfdata(intf, data);
1023
1024 return 0;
1025 }
1026
1027 static void btusb_disconnect(struct usb_interface *intf)
1028 {
1029 struct btusb_data *data = usb_get_intfdata(intf);
1030 struct hci_dev *hdev;
1031
1032 BT_DBG("intf %p", intf);
1033
1034 if (!data)
1035 return;
1036
1037 hdev = data->hdev;
1038
1039 __hci_dev_hold(hdev);
1040
1041 usb_set_intfdata(data->intf, NULL);
1042
1043 if (data->isoc)
1044 usb_set_intfdata(data->isoc, NULL);
1045
1046 hci_unregister_dev(hdev);
1047
1048 if (intf == data->isoc)
1049 usb_driver_release_interface(&btusb_driver, data->intf);
1050 else if (data->isoc)
1051 usb_driver_release_interface(&btusb_driver, data->isoc);
1052
1053 __hci_dev_put(hdev);
1054
1055 hci_free_dev(hdev);
1056 }
1057
1058 #ifdef CONFIG_PM
1059 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1060 {
1061 struct btusb_data *data = usb_get_intfdata(intf);
1062
1063 BT_DBG("intf %p", intf);
1064
1065 if (data->suspend_count++)
1066 return 0;
1067
1068 spin_lock_irq(&data->txlock);
1069 if (!(interface_to_usbdev(intf)->auto_pm && data->tx_in_flight)) {
1070 set_bit(BTUSB_SUSPENDING, &data->flags);
1071 spin_unlock_irq(&data->txlock);
1072 } else {
1073 spin_unlock_irq(&data->txlock);
1074 data->suspend_count--;
1075 return -EBUSY;
1076 }
1077
1078 cancel_work_sync(&data->work);
1079
1080 btusb_stop_traffic(data);
1081 usb_kill_anchored_urbs(&data->tx_anchor);
1082
1083 return 0;
1084 }
1085
1086 static void play_deferred(struct btusb_data *data)
1087 {
1088 struct urb *urb;
1089 int err;
1090
1091 while ((urb = usb_get_from_anchor(&data->deferred))) {
1092 err = usb_submit_urb(urb, GFP_ATOMIC);
1093 if (err < 0)
1094 break;
1095
1096 data->tx_in_flight++;
1097 }
1098 usb_scuttle_anchored_urbs(&data->deferred);
1099 }
1100
1101 static int btusb_resume(struct usb_interface *intf)
1102 {
1103 struct btusb_data *data = usb_get_intfdata(intf);
1104 struct hci_dev *hdev = data->hdev;
1105 int err = 0;
1106
1107 BT_DBG("intf %p", intf);
1108
1109 if (--data->suspend_count)
1110 return 0;
1111
1112 if (!test_bit(HCI_RUNNING, &hdev->flags))
1113 goto done;
1114
1115 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1116 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1117 if (err < 0) {
1118 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1119 goto failed;
1120 }
1121 }
1122
1123 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1124 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1125 if (err < 0) {
1126 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1127 goto failed;
1128 }
1129
1130 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1131 }
1132
1133 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1134 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1135 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1136 else
1137 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1138 }
1139
1140 spin_lock_irq(&data->txlock);
1141 play_deferred(data);
1142 clear_bit(BTUSB_SUSPENDING, &data->flags);
1143 spin_unlock_irq(&data->txlock);
1144 schedule_work(&data->work);
1145
1146 return 0;
1147
1148 failed:
1149 usb_scuttle_anchored_urbs(&data->deferred);
1150 done:
1151 spin_lock_irq(&data->txlock);
1152 clear_bit(BTUSB_SUSPENDING, &data->flags);
1153 spin_unlock_irq(&data->txlock);
1154
1155 return err;
1156 }
1157 #endif
1158
1159 static struct usb_driver btusb_driver = {
1160 .name = "btusb",
1161 .probe = btusb_probe,
1162 .disconnect = btusb_disconnect,
1163 #ifdef CONFIG_PM
1164 .suspend = btusb_suspend,
1165 .resume = btusb_resume,
1166 #endif
1167 .id_table = btusb_table,
1168 .supports_autosuspend = 1,
1169 };
1170
1171 static int __init btusb_init(void)
1172 {
1173 BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1174
1175 return usb_register(&btusb_driver);
1176 }
1177
1178 static void __exit btusb_exit(void)
1179 {
1180 usb_deregister(&btusb_driver);
1181 }
1182
1183 module_init(btusb_init);
1184 module_exit(btusb_exit);
1185
1186 module_param(ignore_dga, bool, 0644);
1187 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1188
1189 module_param(ignore_csr, bool, 0644);
1190 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1191
1192 module_param(ignore_sniffer, bool, 0644);
1193 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1194
1195 module_param(disable_scofix, bool, 0644);
1196 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1197
1198 module_param(force_scofix, bool, 0644);
1199 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1200
1201 module_param(reset, bool, 0644);
1202 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1203
1204 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1205 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1206 MODULE_VERSION(VERSION);
1207 MODULE_LICENSE("GPL");
Ubuntu Hirsute Linux kernel mirror