]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - drivers/bluetooth/btusb.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'drm/tegra/for-3.17-rc1' of git://anongit.freedesktop.org/tegra/linux into...
[mirror_ubuntu-artful-kernel.git] / drivers / bluetooth / btusb.c
1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30
31 #define VERSION "0.6"
32
33 static bool ignore_dga;
34 static bool ignore_csr;
35 static bool ignore_sniffer;
36 static bool disable_scofix;
37 static bool force_scofix;
38
39 static bool reset = 1;
40
41 static struct usb_driver btusb_driver;
42
43 #define BTUSB_IGNORE 0x01
44 #define BTUSB_DIGIANSWER 0x02
45 #define BTUSB_CSR 0x04
46 #define BTUSB_SNIFFER 0x08
47 #define BTUSB_BCM92035 0x10
48 #define BTUSB_BROKEN_ISOC 0x20
49 #define BTUSB_WRONG_SCO_MTU 0x40
50 #define BTUSB_ATH3012 0x80
51 #define BTUSB_INTEL 0x100
52 #define BTUSB_BCM_PATCHRAM 0x200
53
54 static const struct usb_device_id btusb_table[] = {
55 /* Generic Bluetooth USB device */
56 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
57
58 /* Apple-specific (Broadcom) devices */
59 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
60
61 /* MediaTek MT76x0E */
62 { USB_DEVICE(0x0e8d, 0x763f) },
63
64 /* Broadcom SoftSailing reporting vendor specific */
65 { USB_DEVICE(0x0a5c, 0x21e1) },
66
67 /* Apple MacBookPro 7,1 */
68 { USB_DEVICE(0x05ac, 0x8213) },
69
70 /* Apple iMac11,1 */
71 { USB_DEVICE(0x05ac, 0x8215) },
72
73 /* Apple MacBookPro6,2 */
74 { USB_DEVICE(0x05ac, 0x8218) },
75
76 /* Apple MacBookAir3,1, MacBookAir3,2 */
77 { USB_DEVICE(0x05ac, 0x821b) },
78
79 /* Apple MacBookAir4,1 */
80 { USB_DEVICE(0x05ac, 0x821f) },
81
82 /* Apple MacBookPro8,2 */
83 { USB_DEVICE(0x05ac, 0x821a) },
84
85 /* Apple MacMini5,1 */
86 { USB_DEVICE(0x05ac, 0x8281) },
87
88 /* AVM BlueFRITZ! USB v2.0 */
89 { USB_DEVICE(0x057c, 0x3800) },
90
91 /* Bluetooth Ultraport Module from IBM */
92 { USB_DEVICE(0x04bf, 0x030a) },
93
94 /* ALPS Modules with non-standard id */
95 { USB_DEVICE(0x044e, 0x3001) },
96 { USB_DEVICE(0x044e, 0x3002) },
97
98 /* Ericsson with non-standard id */
99 { USB_DEVICE(0x0bdb, 0x1002) },
100
101 /* Canyon CN-BTU1 with HID interfaces */
102 { USB_DEVICE(0x0c10, 0x0000) },
103
104 /* Broadcom BCM20702A0 */
105 { USB_DEVICE(0x0489, 0xe042) },
106 { USB_DEVICE(0x04ca, 0x2003) },
107 { USB_DEVICE(0x0b05, 0x17b5) },
108 { USB_DEVICE(0x0b05, 0x17cb) },
109 { USB_DEVICE(0x413c, 0x8197) },
110
111 /* Foxconn - Hon Hai */
112 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
113
114 /* Broadcom devices with vendor specific id */
115 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
116 .driver_info = BTUSB_BCM_PATCHRAM },
117
118 /* Belkin F8065bf - Broadcom based */
119 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
120
121 /* IMC Networks - Broadcom based */
122 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
123
124 { } /* Terminating entry */
125 };
126
127 MODULE_DEVICE_TABLE(usb, btusb_table);
128
129 static const struct usb_device_id blacklist_table[] = {
130 /* CSR BlueCore devices */
131 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
132
133 /* Broadcom BCM2033 without firmware */
134 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
135
136 /* Atheros 3011 with sflash firmware */
137 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
138 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
139 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
140 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
141 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
142 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
143
144 /* Atheros AR9285 Malbec with sflash firmware */
145 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
146
147 /* Atheros 3012 with sflash firmware */
148 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
149 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
150 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
151 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
152 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
153 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
154 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
177 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
178
179 /* Atheros AR5BBU12 with sflash firmware */
180 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
181
182 /* Atheros AR5BBU12 with sflash firmware */
183 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
184 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
185
186 /* Broadcom BCM2035 */
187 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
188 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
189 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
190
191 /* Broadcom BCM2045 */
192 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
193 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
194
195 /* IBM/Lenovo ThinkPad with Broadcom chip */
196 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
197 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
198
199 /* HP laptop with Broadcom chip */
200 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
201
202 /* Dell laptop with Broadcom chip */
203 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
204
205 /* Dell Wireless 370 and 410 devices */
206 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
207 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
208
209 /* Belkin F8T012 and F8T013 devices */
210 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
211 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
212
213 /* Asus WL-BTD202 device */
214 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
215
216 /* Kensington Bluetooth USB adapter */
217 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
218
219 /* RTX Telecom based adapters with buggy SCO support */
220 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
221 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
222
223 /* CONWISE Technology based adapters with buggy SCO support */
224 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
225
226 /* Digianswer devices */
227 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
228 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
229
230 /* CSR BlueCore Bluetooth Sniffer */
231 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
232
233 /* Frontline ComProbe Bluetooth Sniffer */
234 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
235
236 /* Intel Bluetooth device */
237 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
238 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
239
240 { } /* Terminating entry */
241 };
242
243 #define BTUSB_MAX_ISOC_FRAMES 10
244
245 #define BTUSB_INTR_RUNNING 0
246 #define BTUSB_BULK_RUNNING 1
247 #define BTUSB_ISOC_RUNNING 2
248 #define BTUSB_SUSPENDING 3
249 #define BTUSB_DID_ISO_RESUME 4
250
251 struct btusb_data {
252 struct hci_dev *hdev;
253 struct usb_device *udev;
254 struct usb_interface *intf;
255 struct usb_interface *isoc;
256
257 spinlock_t lock;
258
259 unsigned long flags;
260
261 struct work_struct work;
262 struct work_struct waker;
263
264 struct usb_anchor tx_anchor;
265 struct usb_anchor intr_anchor;
266 struct usb_anchor bulk_anchor;
267 struct usb_anchor isoc_anchor;
268 struct usb_anchor deferred;
269 int tx_in_flight;
270 spinlock_t txlock;
271
272 struct usb_endpoint_descriptor *intr_ep;
273 struct usb_endpoint_descriptor *bulk_tx_ep;
274 struct usb_endpoint_descriptor *bulk_rx_ep;
275 struct usb_endpoint_descriptor *isoc_tx_ep;
276 struct usb_endpoint_descriptor *isoc_rx_ep;
277
278 __u8 cmdreq_type;
279
280 unsigned int sco_num;
281 int isoc_altsetting;
282 int suspend_count;
283 };
284
285 static int inc_tx(struct btusb_data *data)
286 {
287 unsigned long flags;
288 int rv;
289
290 spin_lock_irqsave(&data->txlock, flags);
291 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
292 if (!rv)
293 data->tx_in_flight++;
294 spin_unlock_irqrestore(&data->txlock, flags);
295
296 return rv;
297 }
298
299 static void btusb_intr_complete(struct urb *urb)
300 {
301 struct hci_dev *hdev = urb->context;
302 struct btusb_data *data = hci_get_drvdata(hdev);
303 int err;
304
305 BT_DBG("%s urb %p status %d count %d", hdev->name,
306 urb, urb->status, urb->actual_length);
307
308 if (!test_bit(HCI_RUNNING, &hdev->flags))
309 return;
310
311 if (urb->status == 0) {
312 hdev->stat.byte_rx += urb->actual_length;
313
314 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
315 urb->transfer_buffer,
316 urb->actual_length) < 0) {
317 BT_ERR("%s corrupted event packet", hdev->name);
318 hdev->stat.err_rx++;
319 }
320 }
321
322 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
323 return;
324
325 usb_mark_last_busy(data->udev);
326 usb_anchor_urb(urb, &data->intr_anchor);
327
328 err = usb_submit_urb(urb, GFP_ATOMIC);
329 if (err < 0) {
330 /* -EPERM: urb is being killed;
331 * -ENODEV: device got disconnected */
332 if (err != -EPERM && err != -ENODEV)
333 BT_ERR("%s urb %p failed to resubmit (%d)",
334 hdev->name, urb, -err);
335 usb_unanchor_urb(urb);
336 }
337 }
338
339 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
340 {
341 struct btusb_data *data = hci_get_drvdata(hdev);
342 struct urb *urb;
343 unsigned char *buf;
344 unsigned int pipe;
345 int err, size;
346
347 BT_DBG("%s", hdev->name);
348
349 if (!data->intr_ep)
350 return -ENODEV;
351
352 urb = usb_alloc_urb(0, mem_flags);
353 if (!urb)
354 return -ENOMEM;
355
356 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
357
358 buf = kmalloc(size, mem_flags);
359 if (!buf) {
360 usb_free_urb(urb);
361 return -ENOMEM;
362 }
363
364 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
365
366 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
367 btusb_intr_complete, hdev,
368 data->intr_ep->bInterval);
369
370 urb->transfer_flags |= URB_FREE_BUFFER;
371
372 usb_anchor_urb(urb, &data->intr_anchor);
373
374 err = usb_submit_urb(urb, mem_flags);
375 if (err < 0) {
376 if (err != -EPERM && err != -ENODEV)
377 BT_ERR("%s urb %p submission failed (%d)",
378 hdev->name, urb, -err);
379 usb_unanchor_urb(urb);
380 }
381
382 usb_free_urb(urb);
383
384 return err;
385 }
386
387 static void btusb_bulk_complete(struct urb *urb)
388 {
389 struct hci_dev *hdev = urb->context;
390 struct btusb_data *data = hci_get_drvdata(hdev);
391 int err;
392
393 BT_DBG("%s urb %p status %d count %d", hdev->name,
394 urb, urb->status, urb->actual_length);
395
396 if (!test_bit(HCI_RUNNING, &hdev->flags))
397 return;
398
399 if (urb->status == 0) {
400 hdev->stat.byte_rx += urb->actual_length;
401
402 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
403 urb->transfer_buffer,
404 urb->actual_length) < 0) {
405 BT_ERR("%s corrupted ACL packet", hdev->name);
406 hdev->stat.err_rx++;
407 }
408 }
409
410 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
411 return;
412
413 usb_anchor_urb(urb, &data->bulk_anchor);
414 usb_mark_last_busy(data->udev);
415
416 err = usb_submit_urb(urb, GFP_ATOMIC);
417 if (err < 0) {
418 /* -EPERM: urb is being killed;
419 * -ENODEV: device got disconnected */
420 if (err != -EPERM && err != -ENODEV)
421 BT_ERR("%s urb %p failed to resubmit (%d)",
422 hdev->name, urb, -err);
423 usb_unanchor_urb(urb);
424 }
425 }
426
427 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
428 {
429 struct btusb_data *data = hci_get_drvdata(hdev);
430 struct urb *urb;
431 unsigned char *buf;
432 unsigned int pipe;
433 int err, size = HCI_MAX_FRAME_SIZE;
434
435 BT_DBG("%s", hdev->name);
436
437 if (!data->bulk_rx_ep)
438 return -ENODEV;
439
440 urb = usb_alloc_urb(0, mem_flags);
441 if (!urb)
442 return -ENOMEM;
443
444 buf = kmalloc(size, mem_flags);
445 if (!buf) {
446 usb_free_urb(urb);
447 return -ENOMEM;
448 }
449
450 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
451
452 usb_fill_bulk_urb(urb, data->udev, pipe,
453 buf, size, btusb_bulk_complete, hdev);
454
455 urb->transfer_flags |= URB_FREE_BUFFER;
456
457 usb_mark_last_busy(data->udev);
458 usb_anchor_urb(urb, &data->bulk_anchor);
459
460 err = usb_submit_urb(urb, mem_flags);
461 if (err < 0) {
462 if (err != -EPERM && err != -ENODEV)
463 BT_ERR("%s urb %p submission failed (%d)",
464 hdev->name, urb, -err);
465 usb_unanchor_urb(urb);
466 }
467
468 usb_free_urb(urb);
469
470 return err;
471 }
472
473 static void btusb_isoc_complete(struct urb *urb)
474 {
475 struct hci_dev *hdev = urb->context;
476 struct btusb_data *data = hci_get_drvdata(hdev);
477 int i, err;
478
479 BT_DBG("%s urb %p status %d count %d", hdev->name,
480 urb, urb->status, urb->actual_length);
481
482 if (!test_bit(HCI_RUNNING, &hdev->flags))
483 return;
484
485 if (urb->status == 0) {
486 for (i = 0; i < urb->number_of_packets; i++) {
487 unsigned int offset = urb->iso_frame_desc[i].offset;
488 unsigned int length = urb->iso_frame_desc[i].actual_length;
489
490 if (urb->iso_frame_desc[i].status)
491 continue;
492
493 hdev->stat.byte_rx += length;
494
495 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
496 urb->transfer_buffer + offset,
497 length) < 0) {
498 BT_ERR("%s corrupted SCO packet", hdev->name);
499 hdev->stat.err_rx++;
500 }
501 }
502 }
503
504 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
505 return;
506
507 usb_anchor_urb(urb, &data->isoc_anchor);
508
509 err = usb_submit_urb(urb, GFP_ATOMIC);
510 if (err < 0) {
511 /* -EPERM: urb is being killed;
512 * -ENODEV: device got disconnected */
513 if (err != -EPERM && err != -ENODEV)
514 BT_ERR("%s urb %p failed to resubmit (%d)",
515 hdev->name, urb, -err);
516 usb_unanchor_urb(urb);
517 }
518 }
519
520 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
521 {
522 int i, offset = 0;
523
524 BT_DBG("len %d mtu %d", len, mtu);
525
526 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
527 i++, offset += mtu, len -= mtu) {
528 urb->iso_frame_desc[i].offset = offset;
529 urb->iso_frame_desc[i].length = mtu;
530 }
531
532 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
533 urb->iso_frame_desc[i].offset = offset;
534 urb->iso_frame_desc[i].length = len;
535 i++;
536 }
537
538 urb->number_of_packets = i;
539 }
540
541 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
542 {
543 struct btusb_data *data = hci_get_drvdata(hdev);
544 struct urb *urb;
545 unsigned char *buf;
546 unsigned int pipe;
547 int err, size;
548
549 BT_DBG("%s", hdev->name);
550
551 if (!data->isoc_rx_ep)
552 return -ENODEV;
553
554 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
555 if (!urb)
556 return -ENOMEM;
557
558 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
559 BTUSB_MAX_ISOC_FRAMES;
560
561 buf = kmalloc(size, mem_flags);
562 if (!buf) {
563 usb_free_urb(urb);
564 return -ENOMEM;
565 }
566
567 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
568
569 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
570 hdev, data->isoc_rx_ep->bInterval);
571
572 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
573
574 __fill_isoc_descriptor(urb, size,
575 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
576
577 usb_anchor_urb(urb, &data->isoc_anchor);
578
579 err = usb_submit_urb(urb, mem_flags);
580 if (err < 0) {
581 if (err != -EPERM && err != -ENODEV)
582 BT_ERR("%s urb %p submission failed (%d)",
583 hdev->name, urb, -err);
584 usb_unanchor_urb(urb);
585 }
586
587 usb_free_urb(urb);
588
589 return err;
590 }
591
592 static void btusb_tx_complete(struct urb *urb)
593 {
594 struct sk_buff *skb = urb->context;
595 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
596 struct btusb_data *data = hci_get_drvdata(hdev);
597
598 BT_DBG("%s urb %p status %d count %d", hdev->name,
599 urb, urb->status, urb->actual_length);
600
601 if (!test_bit(HCI_RUNNING, &hdev->flags))
602 goto done;
603
604 if (!urb->status)
605 hdev->stat.byte_tx += urb->transfer_buffer_length;
606 else
607 hdev->stat.err_tx++;
608
609 done:
610 spin_lock(&data->txlock);
611 data->tx_in_flight--;
612 spin_unlock(&data->txlock);
613
614 kfree(urb->setup_packet);
615
616 kfree_skb(skb);
617 }
618
619 static void btusb_isoc_tx_complete(struct urb *urb)
620 {
621 struct sk_buff *skb = urb->context;
622 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
623
624 BT_DBG("%s urb %p status %d count %d", hdev->name,
625 urb, urb->status, urb->actual_length);
626
627 if (!test_bit(HCI_RUNNING, &hdev->flags))
628 goto done;
629
630 if (!urb->status)
631 hdev->stat.byte_tx += urb->transfer_buffer_length;
632 else
633 hdev->stat.err_tx++;
634
635 done:
636 kfree(urb->setup_packet);
637
638 kfree_skb(skb);
639 }
640
641 static int btusb_open(struct hci_dev *hdev)
642 {
643 struct btusb_data *data = hci_get_drvdata(hdev);
644 int err;
645
646 BT_DBG("%s", hdev->name);
647
648 err = usb_autopm_get_interface(data->intf);
649 if (err < 0)
650 return err;
651
652 data->intf->needs_remote_wakeup = 1;
653
654 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
655 goto done;
656
657 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
658 goto done;
659
660 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
661 if (err < 0)
662 goto failed;
663
664 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
665 if (err < 0) {
666 usb_kill_anchored_urbs(&data->intr_anchor);
667 goto failed;
668 }
669
670 set_bit(BTUSB_BULK_RUNNING, &data->flags);
671 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
672
673 done:
674 usb_autopm_put_interface(data->intf);
675 return 0;
676
677 failed:
678 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
679 clear_bit(HCI_RUNNING, &hdev->flags);
680 usb_autopm_put_interface(data->intf);
681 return err;
682 }
683
684 static void btusb_stop_traffic(struct btusb_data *data)
685 {
686 usb_kill_anchored_urbs(&data->intr_anchor);
687 usb_kill_anchored_urbs(&data->bulk_anchor);
688 usb_kill_anchored_urbs(&data->isoc_anchor);
689 }
690
691 static int btusb_close(struct hci_dev *hdev)
692 {
693 struct btusb_data *data = hci_get_drvdata(hdev);
694 int err;
695
696 BT_DBG("%s", hdev->name);
697
698 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
699 return 0;
700
701 cancel_work_sync(&data->work);
702 cancel_work_sync(&data->waker);
703
704 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
705 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
706 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
707
708 btusb_stop_traffic(data);
709 err = usb_autopm_get_interface(data->intf);
710 if (err < 0)
711 goto failed;
712
713 data->intf->needs_remote_wakeup = 0;
714 usb_autopm_put_interface(data->intf);
715
716 failed:
717 usb_scuttle_anchored_urbs(&data->deferred);
718 return 0;
719 }
720
721 static int btusb_flush(struct hci_dev *hdev)
722 {
723 struct btusb_data *data = hci_get_drvdata(hdev);
724
725 BT_DBG("%s", hdev->name);
726
727 usb_kill_anchored_urbs(&data->tx_anchor);
728
729 return 0;
730 }
731
732 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
733 {
734 struct btusb_data *data = hci_get_drvdata(hdev);
735 struct usb_ctrlrequest *dr;
736 struct urb *urb;
737 unsigned int pipe;
738 int err;
739
740 BT_DBG("%s", hdev->name);
741
742 if (!test_bit(HCI_RUNNING, &hdev->flags))
743 return -EBUSY;
744
745 skb->dev = (void *) hdev;
746
747 switch (bt_cb(skb)->pkt_type) {
748 case HCI_COMMAND_PKT:
749 urb = usb_alloc_urb(0, GFP_ATOMIC);
750 if (!urb)
751 return -ENOMEM;
752
753 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
754 if (!dr) {
755 usb_free_urb(urb);
756 return -ENOMEM;
757 }
758
759 dr->bRequestType = data->cmdreq_type;
760 dr->bRequest = 0;
761 dr->wIndex = 0;
762 dr->wValue = 0;
763 dr->wLength = __cpu_to_le16(skb->len);
764
765 pipe = usb_sndctrlpipe(data->udev, 0x00);
766
767 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
768 skb->data, skb->len, btusb_tx_complete, skb);
769
770 hdev->stat.cmd_tx++;
771 break;
772
773 case HCI_ACLDATA_PKT:
774 if (!data->bulk_tx_ep)
775 return -ENODEV;
776
777 urb = usb_alloc_urb(0, GFP_ATOMIC);
778 if (!urb)
779 return -ENOMEM;
780
781 pipe = usb_sndbulkpipe(data->udev,
782 data->bulk_tx_ep->bEndpointAddress);
783
784 usb_fill_bulk_urb(urb, data->udev, pipe,
785 skb->data, skb->len, btusb_tx_complete, skb);
786
787 hdev->stat.acl_tx++;
788 break;
789
790 case HCI_SCODATA_PKT:
791 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
792 return -ENODEV;
793
794 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
795 if (!urb)
796 return -ENOMEM;
797
798 pipe = usb_sndisocpipe(data->udev,
799 data->isoc_tx_ep->bEndpointAddress);
800
801 usb_fill_int_urb(urb, data->udev, pipe,
802 skb->data, skb->len, btusb_isoc_tx_complete,
803 skb, data->isoc_tx_ep->bInterval);
804
805 urb->transfer_flags = URB_ISO_ASAP;
806
807 __fill_isoc_descriptor(urb, skb->len,
808 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
809
810 hdev->stat.sco_tx++;
811 goto skip_waking;
812
813 default:
814 return -EILSEQ;
815 }
816
817 err = inc_tx(data);
818 if (err) {
819 usb_anchor_urb(urb, &data->deferred);
820 schedule_work(&data->waker);
821 err = 0;
822 goto done;
823 }
824
825 skip_waking:
826 usb_anchor_urb(urb, &data->tx_anchor);
827
828 err = usb_submit_urb(urb, GFP_ATOMIC);
829 if (err < 0) {
830 if (err != -EPERM && err != -ENODEV)
831 BT_ERR("%s urb %p submission failed (%d)",
832 hdev->name, urb, -err);
833 kfree(urb->setup_packet);
834 usb_unanchor_urb(urb);
835 } else {
836 usb_mark_last_busy(data->udev);
837 }
838
839 done:
840 usb_free_urb(urb);
841 return err;
842 }
843
844 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
845 {
846 struct btusb_data *data = hci_get_drvdata(hdev);
847
848 BT_DBG("%s evt %d", hdev->name, evt);
849
850 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
851 data->sco_num = hci_conn_num(hdev, SCO_LINK);
852 schedule_work(&data->work);
853 }
854 }
855
856 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
857 {
858 struct btusb_data *data = hci_get_drvdata(hdev);
859 struct usb_interface *intf = data->isoc;
860 struct usb_endpoint_descriptor *ep_desc;
861 int i, err;
862
863 if (!data->isoc)
864 return -ENODEV;
865
866 err = usb_set_interface(data->udev, 1, altsetting);
867 if (err < 0) {
868 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
869 return err;
870 }
871
872 data->isoc_altsetting = altsetting;
873
874 data->isoc_tx_ep = NULL;
875 data->isoc_rx_ep = NULL;
876
877 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
878 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
879
880 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
881 data->isoc_tx_ep = ep_desc;
882 continue;
883 }
884
885 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
886 data->isoc_rx_ep = ep_desc;
887 continue;
888 }
889 }
890
891 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
892 BT_ERR("%s invalid SCO descriptors", hdev->name);
893 return -ENODEV;
894 }
895
896 return 0;
897 }
898
899 static void btusb_work(struct work_struct *work)
900 {
901 struct btusb_data *data = container_of(work, struct btusb_data, work);
902 struct hci_dev *hdev = data->hdev;
903 int new_alts;
904 int err;
905
906 if (data->sco_num > 0) {
907 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
908 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
909 if (err < 0) {
910 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
911 usb_kill_anchored_urbs(&data->isoc_anchor);
912 return;
913 }
914
915 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
916 }
917
918 if (hdev->voice_setting & 0x0020) {
919 static const int alts[3] = { 2, 4, 5 };
920 new_alts = alts[data->sco_num - 1];
921 } else {
922 new_alts = data->sco_num;
923 }
924
925 if (data->isoc_altsetting != new_alts) {
926 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
927 usb_kill_anchored_urbs(&data->isoc_anchor);
928
929 if (__set_isoc_interface(hdev, new_alts) < 0)
930 return;
931 }
932
933 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
934 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
935 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
936 else
937 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
938 }
939 } else {
940 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
941 usb_kill_anchored_urbs(&data->isoc_anchor);
942
943 __set_isoc_interface(hdev, 0);
944 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
945 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
946 }
947 }
948
949 static void btusb_waker(struct work_struct *work)
950 {
951 struct btusb_data *data = container_of(work, struct btusb_data, waker);
952 int err;
953
954 err = usb_autopm_get_interface(data->intf);
955 if (err < 0)
956 return;
957
958 usb_autopm_put_interface(data->intf);
959 }
960
961 static int btusb_setup_bcm92035(struct hci_dev *hdev)
962 {
963 struct sk_buff *skb;
964 u8 val = 0x00;
965
966 BT_DBG("%s", hdev->name);
967
968 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
969 if (IS_ERR(skb))
970 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
971 else
972 kfree_skb(skb);
973
974 return 0;
975 }
976
977 static int btusb_setup_csr(struct hci_dev *hdev)
978 {
979 struct hci_rp_read_local_version *rp;
980 struct sk_buff *skb;
981 int ret;
982
983 BT_DBG("%s", hdev->name);
984
985 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
986 HCI_INIT_TIMEOUT);
987 if (IS_ERR(skb)) {
988 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
989 return -PTR_ERR(skb);
990 }
991
992 rp = (struct hci_rp_read_local_version *) skb->data;
993
994 if (!rp->status) {
995 if (le16_to_cpu(rp->manufacturer) != 10) {
996 /* Clear the reset quirk since this is not an actual
997 * early Bluetooth 1.1 device from CSR.
998 */
999 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1000
1001 /* These fake CSR controllers have all a broken
1002 * stored link key handling and so just disable it.
1003 */
1004 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1005 &hdev->quirks);
1006 }
1007 }
1008
1009 ret = -bt_to_errno(rp->status);
1010
1011 kfree_skb(skb);
1012
1013 return ret;
1014 }
1015
1016 struct intel_version {
1017 u8 status;
1018 u8 hw_platform;
1019 u8 hw_variant;
1020 u8 hw_revision;
1021 u8 fw_variant;
1022 u8 fw_revision;
1023 u8 fw_build_num;
1024 u8 fw_build_ww;
1025 u8 fw_build_yy;
1026 u8 fw_patch_num;
1027 } __packed;
1028
1029 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1030 struct intel_version *ver)
1031 {
1032 const struct firmware *fw;
1033 char fwname[64];
1034 int ret;
1035
1036 snprintf(fwname, sizeof(fwname),
1037 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1038 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1039 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1040 ver->fw_build_ww, ver->fw_build_yy);
1041
1042 ret = request_firmware(&fw, fwname, &hdev->dev);
1043 if (ret < 0) {
1044 if (ret == -EINVAL) {
1045 BT_ERR("%s Intel firmware file request failed (%d)",
1046 hdev->name, ret);
1047 return NULL;
1048 }
1049
1050 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1051 hdev->name, fwname, ret);
1052
1053 /* If the correct firmware patch file is not found, use the
1054 * default firmware patch file instead
1055 */
1056 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1057 ver->hw_platform, ver->hw_variant);
1058 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1059 BT_ERR("%s failed to open default Intel fw file: %s",
1060 hdev->name, fwname);
1061 return NULL;
1062 }
1063 }
1064
1065 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1066
1067 return fw;
1068 }
1069
1070 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1071 const struct firmware *fw,
1072 const u8 **fw_ptr, int *disable_patch)
1073 {
1074 struct sk_buff *skb;
1075 struct hci_command_hdr *cmd;
1076 const u8 *cmd_param;
1077 struct hci_event_hdr *evt = NULL;
1078 const u8 *evt_param = NULL;
1079 int remain = fw->size - (*fw_ptr - fw->data);
1080
1081 /* The first byte indicates the types of the patch command or event.
1082 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1083 * in the current firmware buffer doesn't start with 0x01 or
1084 * the size of remain buffer is smaller than HCI command header,
1085 * the firmware file is corrupted and it should stop the patching
1086 * process.
1087 */
1088 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1089 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1090 return -EINVAL;
1091 }
1092 (*fw_ptr)++;
1093 remain--;
1094
1095 cmd = (struct hci_command_hdr *)(*fw_ptr);
1096 *fw_ptr += sizeof(*cmd);
1097 remain -= sizeof(*cmd);
1098
1099 /* Ensure that the remain firmware data is long enough than the length
1100 * of command parameter. If not, the firmware file is corrupted.
1101 */
1102 if (remain < cmd->plen) {
1103 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1104 return -EFAULT;
1105 }
1106
1107 /* If there is a command that loads a patch in the firmware
1108 * file, then enable the patch upon success, otherwise just
1109 * disable the manufacturer mode, for example patch activation
1110 * is not required when the default firmware patch file is used
1111 * because there are no patch data to load.
1112 */
1113 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1114 *disable_patch = 0;
1115
1116 cmd_param = *fw_ptr;
1117 *fw_ptr += cmd->plen;
1118 remain -= cmd->plen;
1119
1120 /* This reads the expected events when the above command is sent to the
1121 * device. Some vendor commands expects more than one events, for
1122 * example command status event followed by vendor specific event.
1123 * For this case, it only keeps the last expected event. so the command
1124 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1125 * last expected event.
1126 */
1127 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1128 (*fw_ptr)++;
1129 remain--;
1130
1131 evt = (struct hci_event_hdr *)(*fw_ptr);
1132 *fw_ptr += sizeof(*evt);
1133 remain -= sizeof(*evt);
1134
1135 if (remain < evt->plen) {
1136 BT_ERR("%s Intel fw corrupted: invalid evt len",
1137 hdev->name);
1138 return -EFAULT;
1139 }
1140
1141 evt_param = *fw_ptr;
1142 *fw_ptr += evt->plen;
1143 remain -= evt->plen;
1144 }
1145
1146 /* Every HCI commands in the firmware file has its correspond event.
1147 * If event is not found or remain is smaller than zero, the firmware
1148 * file is corrupted.
1149 */
1150 if (!evt || !evt_param || remain < 0) {
1151 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1152 return -EFAULT;
1153 }
1154
1155 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1156 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1157 if (IS_ERR(skb)) {
1158 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1159 hdev->name, cmd->opcode, PTR_ERR(skb));
1160 return PTR_ERR(skb);
1161 }
1162
1163 /* It ensures that the returned event matches the event data read from
1164 * the firmware file. At fist, it checks the length and then
1165 * the contents of the event.
1166 */
1167 if (skb->len != evt->plen) {
1168 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1169 le16_to_cpu(cmd->opcode));
1170 kfree_skb(skb);
1171 return -EFAULT;
1172 }
1173
1174 if (memcmp(skb->data, evt_param, evt->plen)) {
1175 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1176 hdev->name, le16_to_cpu(cmd->opcode));
1177 kfree_skb(skb);
1178 return -EFAULT;
1179 }
1180 kfree_skb(skb);
1181
1182 return 0;
1183 }
1184
1185 static int btusb_setup_intel(struct hci_dev *hdev)
1186 {
1187 struct sk_buff *skb;
1188 const struct firmware *fw;
1189 const u8 *fw_ptr;
1190 int disable_patch;
1191 struct intel_version *ver;
1192
1193 const u8 mfg_enable[] = { 0x01, 0x00 };
1194 const u8 mfg_disable[] = { 0x00, 0x00 };
1195 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1196 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1197
1198 BT_DBG("%s", hdev->name);
1199
1200 /* The controller has a bug with the first HCI command sent to it
1201 * returning number of completed commands as zero. This would stall the
1202 * command processing in the Bluetooth core.
1203 *
1204 * As a workaround, send HCI Reset command first which will reset the
1205 * number of completed commands and allow normal command processing
1206 * from now on.
1207 */
1208 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1209 if (IS_ERR(skb)) {
1210 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1211 hdev->name, PTR_ERR(skb));
1212 return PTR_ERR(skb);
1213 }
1214 kfree_skb(skb);
1215
1216 /* Read Intel specific controller version first to allow selection of
1217 * which firmware file to load.
1218 *
1219 * The returned information are hardware variant and revision plus
1220 * firmware variant, revision and build number.
1221 */
1222 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1223 if (IS_ERR(skb)) {
1224 BT_ERR("%s reading Intel fw version command failed (%ld)",
1225 hdev->name, PTR_ERR(skb));
1226 return PTR_ERR(skb);
1227 }
1228
1229 if (skb->len != sizeof(*ver)) {
1230 BT_ERR("%s Intel version event length mismatch", hdev->name);
1231 kfree_skb(skb);
1232 return -EIO;
1233 }
1234
1235 ver = (struct intel_version *)skb->data;
1236 if (ver->status) {
1237 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1238 ver->status);
1239 kfree_skb(skb);
1240 return -bt_to_errno(ver->status);
1241 }
1242
1243 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1244 hdev->name, ver->hw_platform, ver->hw_variant,
1245 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1246 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1247 ver->fw_patch_num);
1248
1249 /* fw_patch_num indicates the version of patch the device currently
1250 * have. If there is no patch data in the device, it is always 0x00.
1251 * So, if it is other than 0x00, no need to patch the deivce again.
1252 */
1253 if (ver->fw_patch_num) {
1254 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1255 hdev->name, ver->fw_patch_num);
1256 kfree_skb(skb);
1257 return 0;
1258 }
1259
1260 /* Opens the firmware patch file based on the firmware version read
1261 * from the controller. If it fails to open the matching firmware
1262 * patch file, it tries to open the default firmware patch file.
1263 * If no patch file is found, allow the device to operate without
1264 * a patch.
1265 */
1266 fw = btusb_setup_intel_get_fw(hdev, ver);
1267 if (!fw) {
1268 kfree_skb(skb);
1269 return 0;
1270 }
1271 fw_ptr = fw->data;
1272
1273 /* This Intel specific command enables the manufacturer mode of the
1274 * controller.
1275 *
1276 * Only while this mode is enabled, the driver can download the
1277 * firmware patch data and configuration parameters.
1278 */
1279 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1280 if (IS_ERR(skb)) {
1281 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1282 hdev->name, PTR_ERR(skb));
1283 release_firmware(fw);
1284 return PTR_ERR(skb);
1285 }
1286
1287 if (skb->data[0]) {
1288 u8 evt_status = skb->data[0];
1289 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1290 hdev->name, evt_status);
1291 kfree_skb(skb);
1292 release_firmware(fw);
1293 return -bt_to_errno(evt_status);
1294 }
1295 kfree_skb(skb);
1296
1297 disable_patch = 1;
1298
1299 /* The firmware data file consists of list of Intel specific HCI
1300 * commands and its expected events. The first byte indicates the
1301 * type of the message, either HCI command or HCI event.
1302 *
1303 * It reads the command and its expected event from the firmware file,
1304 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1305 * the returned event is compared with the event read from the firmware
1306 * file and it will continue until all the messages are downloaded to
1307 * the controller.
1308 *
1309 * Once the firmware patching is completed successfully,
1310 * the manufacturer mode is disabled with reset and activating the
1311 * downloaded patch.
1312 *
1313 * If the firmware patching fails, the manufacturer mode is
1314 * disabled with reset and deactivating the patch.
1315 *
1316 * If the default patch file is used, no reset is done when disabling
1317 * the manufacturer.
1318 */
1319 while (fw->size > fw_ptr - fw->data) {
1320 int ret;
1321
1322 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1323 &disable_patch);
1324 if (ret < 0)
1325 goto exit_mfg_deactivate;
1326 }
1327
1328 release_firmware(fw);
1329
1330 if (disable_patch)
1331 goto exit_mfg_disable;
1332
1333 /* Patching completed successfully and disable the manufacturer mode
1334 * with reset and activate the downloaded firmware patches.
1335 */
1336 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1337 mfg_reset_activate, HCI_INIT_TIMEOUT);
1338 if (IS_ERR(skb)) {
1339 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1340 hdev->name, PTR_ERR(skb));
1341 return PTR_ERR(skb);
1342 }
1343 kfree_skb(skb);
1344
1345 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1346 hdev->name);
1347
1348 return 0;
1349
1350 exit_mfg_disable:
1351 /* Disable the manufacturer mode without reset */
1352 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1353 HCI_INIT_TIMEOUT);
1354 if (IS_ERR(skb)) {
1355 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1356 hdev->name, PTR_ERR(skb));
1357 return PTR_ERR(skb);
1358 }
1359 kfree_skb(skb);
1360
1361 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1362 return 0;
1363
1364 exit_mfg_deactivate:
1365 release_firmware(fw);
1366
1367 /* Patching failed. Disable the manufacturer mode with reset and
1368 * deactivate the downloaded firmware patches.
1369 */
1370 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1371 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1372 if (IS_ERR(skb)) {
1373 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1374 hdev->name, PTR_ERR(skb));
1375 return PTR_ERR(skb);
1376 }
1377 kfree_skb(skb);
1378
1379 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1380 hdev->name);
1381
1382 return 0;
1383 }
1384
1385 static int btusb_setup_bcm_patchram(struct hci_dev *hdev)
1386 {
1387 struct btusb_data *data = hci_get_drvdata(hdev);
1388 struct usb_device *udev = data->udev;
1389 char fw_name[64];
1390 const struct firmware *fw;
1391 const u8 *fw_ptr;
1392 size_t fw_size;
1393 const struct hci_command_hdr *cmd;
1394 const u8 *cmd_param;
1395 u16 opcode;
1396 struct sk_buff *skb;
1397 struct hci_rp_read_local_version *ver;
1398 long ret;
1399
1400 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd",
1401 udev->product ? udev->product : "BCM",
1402 le16_to_cpu(udev->descriptor.idVendor),
1403 le16_to_cpu(udev->descriptor.idProduct));
1404
1405 ret = request_firmware(&fw, fw_name, &hdev->dev);
1406 if (ret < 0) {
1407 BT_INFO("%s: BCM: patch %s not found", hdev->name,
1408 fw_name);
1409 return 0;
1410 }
1411
1412 /* Reset */
1413 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1414 if (IS_ERR(skb)) {
1415 ret = PTR_ERR(skb);
1416 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1417 goto done;
1418 }
1419 kfree_skb(skb);
1420
1421 /* Read Local Version Info */
1422 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1423 HCI_INIT_TIMEOUT);
1424 if (IS_ERR(skb)) {
1425 ret = PTR_ERR(skb);
1426 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1427 hdev->name, ret);
1428 goto done;
1429 }
1430
1431 if (skb->len != sizeof(*ver)) {
1432 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1433 hdev->name);
1434 kfree_skb(skb);
1435 ret = -EIO;
1436 goto done;
1437 }
1438
1439 ver = (struct hci_rp_read_local_version *) skb->data;
1440 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1441 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1442 ver->lmp_ver, ver->lmp_subver);
1443 kfree_skb(skb);
1444
1445 /* Start Download */
1446 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
1447 if (IS_ERR(skb)) {
1448 ret = PTR_ERR(skb);
1449 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)",
1450 hdev->name, ret);
1451 goto reset_fw;
1452 }
1453 kfree_skb(skb);
1454
1455 /* 50 msec delay after Download Minidrv completes */
1456 msleep(50);
1457
1458 fw_ptr = fw->data;
1459 fw_size = fw->size;
1460
1461 while (fw_size >= sizeof(*cmd)) {
1462 cmd = (struct hci_command_hdr *) fw_ptr;
1463 fw_ptr += sizeof(*cmd);
1464 fw_size -= sizeof(*cmd);
1465
1466 if (fw_size < cmd->plen) {
1467 BT_ERR("%s: BCM: patch %s is corrupted",
1468 hdev->name, fw_name);
1469 ret = -EINVAL;
1470 goto reset_fw;
1471 }
1472
1473 cmd_param = fw_ptr;
1474 fw_ptr += cmd->plen;
1475 fw_size -= cmd->plen;
1476
1477 opcode = le16_to_cpu(cmd->opcode);
1478
1479 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
1480 HCI_INIT_TIMEOUT);
1481 if (IS_ERR(skb)) {
1482 ret = PTR_ERR(skb);
1483 BT_ERR("%s: BCM: patch command %04x failed (%ld)",
1484 hdev->name, opcode, ret);
1485 goto reset_fw;
1486 }
1487 kfree_skb(skb);
1488 }
1489
1490 /* 250 msec delay after Launch Ram completes */
1491 msleep(250);
1492
1493 reset_fw:
1494 /* Reset */
1495 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1496 if (IS_ERR(skb)) {
1497 ret = PTR_ERR(skb);
1498 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1499 goto done;
1500 }
1501 kfree_skb(skb);
1502
1503 /* Read Local Version Info */
1504 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1505 HCI_INIT_TIMEOUT);
1506 if (IS_ERR(skb)) {
1507 ret = PTR_ERR(skb);
1508 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1509 hdev->name, ret);
1510 goto done;
1511 }
1512
1513 if (skb->len != sizeof(*ver)) {
1514 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1515 hdev->name);
1516 kfree_skb(skb);
1517 ret = -EIO;
1518 goto done;
1519 }
1520
1521 ver = (struct hci_rp_read_local_version *) skb->data;
1522 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1523 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1524 ver->lmp_ver, ver->lmp_subver);
1525 kfree_skb(skb);
1526
1527 done:
1528 release_firmware(fw);
1529
1530 return ret;
1531 }
1532
1533 static int btusb_probe(struct usb_interface *intf,
1534 const struct usb_device_id *id)
1535 {
1536 struct usb_endpoint_descriptor *ep_desc;
1537 struct btusb_data *data;
1538 struct hci_dev *hdev;
1539 int i, err;
1540
1541 BT_DBG("intf %p id %p", intf, id);
1542
1543 /* interface numbers are hardcoded in the spec */
1544 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1545 return -ENODEV;
1546
1547 if (!id->driver_info) {
1548 const struct usb_device_id *match;
1549 match = usb_match_id(intf, blacklist_table);
1550 if (match)
1551 id = match;
1552 }
1553
1554 if (id->driver_info == BTUSB_IGNORE)
1555 return -ENODEV;
1556
1557 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
1558 return -ENODEV;
1559
1560 if (ignore_csr && id->driver_info & BTUSB_CSR)
1561 return -ENODEV;
1562
1563 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
1564 return -ENODEV;
1565
1566 if (id->driver_info & BTUSB_ATH3012) {
1567 struct usb_device *udev = interface_to_usbdev(intf);
1568
1569 /* Old firmware would otherwise let ath3k driver load
1570 * patch and sysconfig files */
1571 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1572 return -ENODEV;
1573 }
1574
1575 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1576 if (!data)
1577 return -ENOMEM;
1578
1579 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1580 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1581
1582 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1583 data->intr_ep = ep_desc;
1584 continue;
1585 }
1586
1587 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1588 data->bulk_tx_ep = ep_desc;
1589 continue;
1590 }
1591
1592 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1593 data->bulk_rx_ep = ep_desc;
1594 continue;
1595 }
1596 }
1597
1598 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1599 return -ENODEV;
1600
1601 data->cmdreq_type = USB_TYPE_CLASS;
1602
1603 data->udev = interface_to_usbdev(intf);
1604 data->intf = intf;
1605
1606 spin_lock_init(&data->lock);
1607
1608 INIT_WORK(&data->work, btusb_work);
1609 INIT_WORK(&data->waker, btusb_waker);
1610 spin_lock_init(&data->txlock);
1611
1612 init_usb_anchor(&data->tx_anchor);
1613 init_usb_anchor(&data->intr_anchor);
1614 init_usb_anchor(&data->bulk_anchor);
1615 init_usb_anchor(&data->isoc_anchor);
1616 init_usb_anchor(&data->deferred);
1617
1618 hdev = hci_alloc_dev();
1619 if (!hdev)
1620 return -ENOMEM;
1621
1622 hdev->bus = HCI_USB;
1623 hci_set_drvdata(hdev, data);
1624
1625 data->hdev = hdev;
1626
1627 SET_HCIDEV_DEV(hdev, &intf->dev);
1628
1629 hdev->open = btusb_open;
1630 hdev->close = btusb_close;
1631 hdev->flush = btusb_flush;
1632 hdev->send = btusb_send_frame;
1633 hdev->notify = btusb_notify;
1634
1635 if (id->driver_info & BTUSB_BCM92035)
1636 hdev->setup = btusb_setup_bcm92035;
1637
1638 if (id->driver_info & BTUSB_BCM_PATCHRAM)
1639 hdev->setup = btusb_setup_bcm_patchram;
1640
1641 if (id->driver_info & BTUSB_INTEL)
1642 hdev->setup = btusb_setup_intel;
1643
1644 /* Interface numbers are hardcoded in the specification */
1645 data->isoc = usb_ifnum_to_if(data->udev, 1);
1646
1647 if (!reset)
1648 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1649
1650 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1651 if (!disable_scofix)
1652 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1653 }
1654
1655 if (id->driver_info & BTUSB_BROKEN_ISOC)
1656 data->isoc = NULL;
1657
1658 if (id->driver_info & BTUSB_DIGIANSWER) {
1659 data->cmdreq_type = USB_TYPE_VENDOR;
1660 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1661 }
1662
1663 if (id->driver_info & BTUSB_CSR) {
1664 struct usb_device *udev = data->udev;
1665 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1666
1667 /* Old firmware would otherwise execute USB reset */
1668 if (bcdDevice < 0x117)
1669 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1670
1671 /* Fake CSR devices with broken commands */
1672 if (bcdDevice <= 0x100)
1673 hdev->setup = btusb_setup_csr;
1674 }
1675
1676 if (id->driver_info & BTUSB_SNIFFER) {
1677 struct usb_device *udev = data->udev;
1678
1679 /* New sniffer firmware has crippled HCI interface */
1680 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1681 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1682
1683 data->isoc = NULL;
1684 }
1685
1686 if (data->isoc) {
1687 err = usb_driver_claim_interface(&btusb_driver,
1688 data->isoc, data);
1689 if (err < 0) {
1690 hci_free_dev(hdev);
1691 return err;
1692 }
1693 }
1694
1695 err = hci_register_dev(hdev);
1696 if (err < 0) {
1697 hci_free_dev(hdev);
1698 return err;
1699 }
1700
1701 usb_set_intfdata(intf, data);
1702
1703 return 0;
1704 }
1705
1706 static void btusb_disconnect(struct usb_interface *intf)
1707 {
1708 struct btusb_data *data = usb_get_intfdata(intf);
1709 struct hci_dev *hdev;
1710
1711 BT_DBG("intf %p", intf);
1712
1713 if (!data)
1714 return;
1715
1716 hdev = data->hdev;
1717 usb_set_intfdata(data->intf, NULL);
1718
1719 if (data->isoc)
1720 usb_set_intfdata(data->isoc, NULL);
1721
1722 hci_unregister_dev(hdev);
1723
1724 if (intf == data->isoc)
1725 usb_driver_release_interface(&btusb_driver, data->intf);
1726 else if (data->isoc)
1727 usb_driver_release_interface(&btusb_driver, data->isoc);
1728
1729 hci_free_dev(hdev);
1730 }
1731
1732 #ifdef CONFIG_PM
1733 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1734 {
1735 struct btusb_data *data = usb_get_intfdata(intf);
1736
1737 BT_DBG("intf %p", intf);
1738
1739 if (data->suspend_count++)
1740 return 0;
1741
1742 spin_lock_irq(&data->txlock);
1743 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1744 set_bit(BTUSB_SUSPENDING, &data->flags);
1745 spin_unlock_irq(&data->txlock);
1746 } else {
1747 spin_unlock_irq(&data->txlock);
1748 data->suspend_count--;
1749 return -EBUSY;
1750 }
1751
1752 cancel_work_sync(&data->work);
1753
1754 btusb_stop_traffic(data);
1755 usb_kill_anchored_urbs(&data->tx_anchor);
1756
1757 return 0;
1758 }
1759
1760 static void play_deferred(struct btusb_data *data)
1761 {
1762 struct urb *urb;
1763 int err;
1764
1765 while ((urb = usb_get_from_anchor(&data->deferred))) {
1766 err = usb_submit_urb(urb, GFP_ATOMIC);
1767 if (err < 0)
1768 break;
1769
1770 data->tx_in_flight++;
1771 }
1772 usb_scuttle_anchored_urbs(&data->deferred);
1773 }
1774
1775 static int btusb_resume(struct usb_interface *intf)
1776 {
1777 struct btusb_data *data = usb_get_intfdata(intf);
1778 struct hci_dev *hdev = data->hdev;
1779 int err = 0;
1780
1781 BT_DBG("intf %p", intf);
1782
1783 if (--data->suspend_count)
1784 return 0;
1785
1786 if (!test_bit(HCI_RUNNING, &hdev->flags))
1787 goto done;
1788
1789 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1790 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1791 if (err < 0) {
1792 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1793 goto failed;
1794 }
1795 }
1796
1797 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1798 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1799 if (err < 0) {
1800 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1801 goto failed;
1802 }
1803
1804 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1805 }
1806
1807 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1808 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1809 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1810 else
1811 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1812 }
1813
1814 spin_lock_irq(&data->txlock);
1815 play_deferred(data);
1816 clear_bit(BTUSB_SUSPENDING, &data->flags);
1817 spin_unlock_irq(&data->txlock);
1818 schedule_work(&data->work);
1819
1820 return 0;
1821
1822 failed:
1823 usb_scuttle_anchored_urbs(&data->deferred);
1824 done:
1825 spin_lock_irq(&data->txlock);
1826 clear_bit(BTUSB_SUSPENDING, &data->flags);
1827 spin_unlock_irq(&data->txlock);
1828
1829 return err;
1830 }
1831 #endif
1832
1833 static struct usb_driver btusb_driver = {
1834 .name = "btusb",
1835 .probe = btusb_probe,
1836 .disconnect = btusb_disconnect,
1837 #ifdef CONFIG_PM
1838 .suspend = btusb_suspend,
1839 .resume = btusb_resume,
1840 #endif
1841 .id_table = btusb_table,
1842 .supports_autosuspend = 1,
1843 .disable_hub_initiated_lpm = 1,
1844 };
1845
1846 module_usb_driver(btusb_driver);
1847
1848 module_param(ignore_dga, bool, 0644);
1849 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1850
1851 module_param(ignore_csr, bool, 0644);
1852 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1853
1854 module_param(ignore_sniffer, bool, 0644);
1855 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1856
1857 module_param(disable_scofix, bool, 0644);
1858 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1859
1860 module_param(force_scofix, bool, 0644);
1861 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1862
1863 module_param(reset, bool, 0644);
1864 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1865
1866 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1867 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1868 MODULE_VERSION(VERSION);
1869 MODULE_LICENSE("GPL");
Ubuntu Artful kernel mirror