3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
38 static bool disable_scofix
;
39 static bool force_scofix
;
41 static bool reset
= true;
43 static struct usb_driver btusb_driver
;
45 #define BTUSB_IGNORE 0x01
46 #define BTUSB_DIGIANSWER 0x02
47 #define BTUSB_CSR 0x04
48 #define BTUSB_SNIFFER 0x08
49 #define BTUSB_BCM92035 0x10
50 #define BTUSB_BROKEN_ISOC 0x20
51 #define BTUSB_WRONG_SCO_MTU 0x40
52 #define BTUSB_ATH3012 0x80
53 #define BTUSB_INTEL 0x100
54 #define BTUSB_INTEL_BOOT 0x200
55 #define BTUSB_BCM_PATCHRAM 0x400
56 #define BTUSB_MARVELL 0x800
57 #define BTUSB_SWAVE 0x1000
58 #define BTUSB_INTEL_NEW 0x2000
59 #define BTUSB_AMP 0x4000
60 #define BTUSB_QCA_ROME 0x8000
61 #define BTUSB_BCM_APPLE 0x10000
62 #define BTUSB_REALTEK 0x20000
64 static const struct usb_device_id btusb_table
[] = {
65 /* Generic Bluetooth USB device */
66 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
68 /* Generic Bluetooth AMP device */
69 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info
= BTUSB_AMP
},
71 /* Generic Bluetooth USB interface */
72 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
74 /* Apple-specific (Broadcom) devices */
75 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
76 .driver_info
= BTUSB_BCM_APPLE
},
78 /* MediaTek MT76x0E */
79 { USB_DEVICE(0x0e8d, 0x763f) },
81 /* Broadcom SoftSailing reporting vendor specific */
82 { USB_DEVICE(0x0a5c, 0x21e1) },
84 /* Apple MacBookPro 7,1 */
85 { USB_DEVICE(0x05ac, 0x8213) },
88 { USB_DEVICE(0x05ac, 0x8215) },
90 /* Apple MacBookPro6,2 */
91 { USB_DEVICE(0x05ac, 0x8218) },
93 /* Apple MacBookAir3,1, MacBookAir3,2 */
94 { USB_DEVICE(0x05ac, 0x821b) },
96 /* Apple MacBookAir4,1 */
97 { USB_DEVICE(0x05ac, 0x821f) },
99 /* Apple MacBookPro8,2 */
100 { USB_DEVICE(0x05ac, 0x821a) },
102 /* Apple MacMini5,1 */
103 { USB_DEVICE(0x05ac, 0x8281) },
105 /* AVM BlueFRITZ! USB v2.0 */
106 { USB_DEVICE(0x057c, 0x3800), .driver_info
= BTUSB_SWAVE
},
108 /* Bluetooth Ultraport Module from IBM */
109 { USB_DEVICE(0x04bf, 0x030a) },
111 /* ALPS Modules with non-standard id */
112 { USB_DEVICE(0x044e, 0x3001) },
113 { USB_DEVICE(0x044e, 0x3002) },
115 /* Ericsson with non-standard id */
116 { USB_DEVICE(0x0bdb, 0x1002) },
118 /* Canyon CN-BTU1 with HID interfaces */
119 { USB_DEVICE(0x0c10, 0x0000) },
121 /* Broadcom BCM20702A0 */
122 { USB_DEVICE(0x413c, 0x8197) },
124 /* Broadcom BCM20702B0 (Dynex/Insignia) */
125 { USB_DEVICE(0x19ff, 0x0239), .driver_info
= BTUSB_BCM_PATCHRAM
},
127 /* Foxconn - Hon Hai */
128 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
129 .driver_info
= BTUSB_BCM_PATCHRAM
},
131 /* Lite-On Technology - Broadcom based */
132 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
133 .driver_info
= BTUSB_BCM_PATCHRAM
},
135 /* Broadcom devices with vendor specific id */
136 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
137 .driver_info
= BTUSB_BCM_PATCHRAM
},
139 /* ASUSTek Computer - Broadcom based */
140 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
141 .driver_info
= BTUSB_BCM_PATCHRAM
},
143 /* Belkin F8065bf - Broadcom based */
144 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
145 .driver_info
= BTUSB_BCM_PATCHRAM
},
147 /* IMC Networks - Broadcom based */
148 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
149 .driver_info
= BTUSB_BCM_PATCHRAM
},
151 /* Intel Bluetooth USB Bootloader (RAM module) */
152 { USB_DEVICE(0x8087, 0x0a5a),
153 .driver_info
= BTUSB_INTEL_BOOT
| BTUSB_BROKEN_ISOC
},
155 { } /* Terminating entry */
158 MODULE_DEVICE_TABLE(usb
, btusb_table
);
160 static const struct usb_device_id blacklist_table
[] = {
161 /* CSR BlueCore devices */
162 { USB_DEVICE(0x0a12, 0x0001), .driver_info
= BTUSB_CSR
},
164 /* Broadcom BCM2033 without firmware */
165 { USB_DEVICE(0x0a5c, 0x2033), .driver_info
= BTUSB_IGNORE
},
167 /* Atheros 3011 with sflash firmware */
168 { USB_DEVICE(0x0489, 0xe027), .driver_info
= BTUSB_IGNORE
},
169 { USB_DEVICE(0x0489, 0xe03d), .driver_info
= BTUSB_IGNORE
},
170 { USB_DEVICE(0x04f2, 0xaff1), .driver_info
= BTUSB_IGNORE
},
171 { USB_DEVICE(0x0930, 0x0215), .driver_info
= BTUSB_IGNORE
},
172 { USB_DEVICE(0x0cf3, 0x3002), .driver_info
= BTUSB_IGNORE
},
173 { USB_DEVICE(0x0cf3, 0xe019), .driver_info
= BTUSB_IGNORE
},
174 { USB_DEVICE(0x13d3, 0x3304), .driver_info
= BTUSB_IGNORE
},
176 /* Atheros AR9285 Malbec with sflash firmware */
177 { USB_DEVICE(0x03f0, 0x311d), .driver_info
= BTUSB_IGNORE
},
179 /* Atheros 3012 with sflash firmware */
180 { USB_DEVICE(0x0489, 0xe04d), .driver_info
= BTUSB_ATH3012
},
181 { USB_DEVICE(0x0489, 0xe04e), .driver_info
= BTUSB_ATH3012
},
182 { USB_DEVICE(0x0489, 0xe056), .driver_info
= BTUSB_ATH3012
},
183 { USB_DEVICE(0x0489, 0xe057), .driver_info
= BTUSB_ATH3012
},
184 { USB_DEVICE(0x0489, 0xe05f), .driver_info
= BTUSB_ATH3012
},
185 { USB_DEVICE(0x0489, 0xe076), .driver_info
= BTUSB_ATH3012
},
186 { USB_DEVICE(0x0489, 0xe078), .driver_info
= BTUSB_ATH3012
},
187 { USB_DEVICE(0x04c5, 0x1330), .driver_info
= BTUSB_ATH3012
},
188 { USB_DEVICE(0x04ca, 0x3004), .driver_info
= BTUSB_ATH3012
},
189 { USB_DEVICE(0x04ca, 0x3005), .driver_info
= BTUSB_ATH3012
},
190 { USB_DEVICE(0x04ca, 0x3006), .driver_info
= BTUSB_ATH3012
},
191 { USB_DEVICE(0x04ca, 0x3007), .driver_info
= BTUSB_ATH3012
},
192 { USB_DEVICE(0x04ca, 0x3008), .driver_info
= BTUSB_ATH3012
},
193 { USB_DEVICE(0x04ca, 0x300b), .driver_info
= BTUSB_ATH3012
},
194 { USB_DEVICE(0x04ca, 0x300d), .driver_info
= BTUSB_ATH3012
},
195 { USB_DEVICE(0x04ca, 0x300f), .driver_info
= BTUSB_ATH3012
},
196 { USB_DEVICE(0x04ca, 0x3010), .driver_info
= BTUSB_ATH3012
},
197 { USB_DEVICE(0x0930, 0x0219), .driver_info
= BTUSB_ATH3012
},
198 { USB_DEVICE(0x0930, 0x0220), .driver_info
= BTUSB_ATH3012
},
199 { USB_DEVICE(0x0930, 0x0227), .driver_info
= BTUSB_ATH3012
},
200 { USB_DEVICE(0x0b05, 0x17d0), .driver_info
= BTUSB_ATH3012
},
201 { USB_DEVICE(0x0cf3, 0x0036), .driver_info
= BTUSB_ATH3012
},
202 { USB_DEVICE(0x0cf3, 0x3004), .driver_info
= BTUSB_ATH3012
},
203 { USB_DEVICE(0x0cf3, 0x3008), .driver_info
= BTUSB_ATH3012
},
204 { USB_DEVICE(0x0cf3, 0x311d), .driver_info
= BTUSB_ATH3012
},
205 { USB_DEVICE(0x0cf3, 0x311e), .driver_info
= BTUSB_ATH3012
},
206 { USB_DEVICE(0x0cf3, 0x311f), .driver_info
= BTUSB_ATH3012
},
207 { USB_DEVICE(0x0cf3, 0x3121), .driver_info
= BTUSB_ATH3012
},
208 { USB_DEVICE(0x0cf3, 0x817a), .driver_info
= BTUSB_ATH3012
},
209 { USB_DEVICE(0x0cf3, 0xe003), .driver_info
= BTUSB_ATH3012
},
210 { USB_DEVICE(0x0cf3, 0xe004), .driver_info
= BTUSB_ATH3012
},
211 { USB_DEVICE(0x0cf3, 0xe005), .driver_info
= BTUSB_ATH3012
},
212 { USB_DEVICE(0x0cf3, 0xe006), .driver_info
= BTUSB_ATH3012
},
213 { USB_DEVICE(0x13d3, 0x3362), .driver_info
= BTUSB_ATH3012
},
214 { USB_DEVICE(0x13d3, 0x3375), .driver_info
= BTUSB_ATH3012
},
215 { USB_DEVICE(0x13d3, 0x3393), .driver_info
= BTUSB_ATH3012
},
216 { USB_DEVICE(0x13d3, 0x3402), .driver_info
= BTUSB_ATH3012
},
217 { USB_DEVICE(0x13d3, 0x3408), .driver_info
= BTUSB_ATH3012
},
218 { USB_DEVICE(0x13d3, 0x3423), .driver_info
= BTUSB_ATH3012
},
219 { USB_DEVICE(0x13d3, 0x3432), .driver_info
= BTUSB_ATH3012
},
220 { USB_DEVICE(0x13d3, 0x3474), .driver_info
= BTUSB_ATH3012
},
222 /* Atheros AR5BBU12 with sflash firmware */
223 { USB_DEVICE(0x0489, 0xe02c), .driver_info
= BTUSB_IGNORE
},
225 /* Atheros AR5BBU12 with sflash firmware */
226 { USB_DEVICE(0x0489, 0xe036), .driver_info
= BTUSB_ATH3012
},
227 { USB_DEVICE(0x0489, 0xe03c), .driver_info
= BTUSB_ATH3012
},
229 /* QCA ROME chipset */
230 { USB_DEVICE(0x0cf3, 0xe007), .driver_info
= BTUSB_QCA_ROME
},
231 { USB_DEVICE(0x0cf3, 0xe300), .driver_info
= BTUSB_QCA_ROME
},
232 { USB_DEVICE(0x0cf3, 0xe360), .driver_info
= BTUSB_QCA_ROME
},
234 /* Broadcom BCM2035 */
235 { USB_DEVICE(0x0a5c, 0x2009), .driver_info
= BTUSB_BCM92035
},
236 { USB_DEVICE(0x0a5c, 0x200a), .driver_info
= BTUSB_WRONG_SCO_MTU
},
237 { USB_DEVICE(0x0a5c, 0x2035), .driver_info
= BTUSB_WRONG_SCO_MTU
},
239 /* Broadcom BCM2045 */
240 { USB_DEVICE(0x0a5c, 0x2039), .driver_info
= BTUSB_WRONG_SCO_MTU
},
241 { USB_DEVICE(0x0a5c, 0x2101), .driver_info
= BTUSB_WRONG_SCO_MTU
},
243 /* IBM/Lenovo ThinkPad with Broadcom chip */
244 { USB_DEVICE(0x0a5c, 0x201e), .driver_info
= BTUSB_WRONG_SCO_MTU
},
245 { USB_DEVICE(0x0a5c, 0x2110), .driver_info
= BTUSB_WRONG_SCO_MTU
},
247 /* HP laptop with Broadcom chip */
248 { USB_DEVICE(0x03f0, 0x171d), .driver_info
= BTUSB_WRONG_SCO_MTU
},
250 /* Dell laptop with Broadcom chip */
251 { USB_DEVICE(0x413c, 0x8126), .driver_info
= BTUSB_WRONG_SCO_MTU
},
253 /* Dell Wireless 370 and 410 devices */
254 { USB_DEVICE(0x413c, 0x8152), .driver_info
= BTUSB_WRONG_SCO_MTU
},
255 { USB_DEVICE(0x413c, 0x8156), .driver_info
= BTUSB_WRONG_SCO_MTU
},
257 /* Belkin F8T012 and F8T013 devices */
258 { USB_DEVICE(0x050d, 0x0012), .driver_info
= BTUSB_WRONG_SCO_MTU
},
259 { USB_DEVICE(0x050d, 0x0013), .driver_info
= BTUSB_WRONG_SCO_MTU
},
261 /* Asus WL-BTD202 device */
262 { USB_DEVICE(0x0b05, 0x1715), .driver_info
= BTUSB_WRONG_SCO_MTU
},
264 /* Kensington Bluetooth USB adapter */
265 { USB_DEVICE(0x047d, 0x105e), .driver_info
= BTUSB_WRONG_SCO_MTU
},
267 /* RTX Telecom based adapters with buggy SCO support */
268 { USB_DEVICE(0x0400, 0x0807), .driver_info
= BTUSB_BROKEN_ISOC
},
269 { USB_DEVICE(0x0400, 0x080a), .driver_info
= BTUSB_BROKEN_ISOC
},
271 /* CONWISE Technology based adapters with buggy SCO support */
272 { USB_DEVICE(0x0e5e, 0x6622), .driver_info
= BTUSB_BROKEN_ISOC
},
274 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
275 { USB_DEVICE(0x1310, 0x0001), .driver_info
= BTUSB_SWAVE
},
277 /* Digianswer devices */
278 { USB_DEVICE(0x08fd, 0x0001), .driver_info
= BTUSB_DIGIANSWER
},
279 { USB_DEVICE(0x08fd, 0x0002), .driver_info
= BTUSB_IGNORE
},
281 /* CSR BlueCore Bluetooth Sniffer */
282 { USB_DEVICE(0x0a12, 0x0002),
283 .driver_info
= BTUSB_SNIFFER
| BTUSB_BROKEN_ISOC
},
285 /* Frontline ComProbe Bluetooth Sniffer */
286 { USB_DEVICE(0x16d3, 0x0002),
287 .driver_info
= BTUSB_SNIFFER
| BTUSB_BROKEN_ISOC
},
289 /* Marvell Bluetooth devices */
290 { USB_DEVICE(0x1286, 0x2044), .driver_info
= BTUSB_MARVELL
},
291 { USB_DEVICE(0x1286, 0x2046), .driver_info
= BTUSB_MARVELL
},
293 /* Intel Bluetooth devices */
294 { USB_DEVICE(0x8087, 0x07da), .driver_info
= BTUSB_CSR
},
295 { USB_DEVICE(0x8087, 0x07dc), .driver_info
= BTUSB_INTEL
},
296 { USB_DEVICE(0x8087, 0x0a2a), .driver_info
= BTUSB_INTEL
},
297 { USB_DEVICE(0x8087, 0x0a2b), .driver_info
= BTUSB_INTEL_NEW
},
299 /* Other Intel Bluetooth devices */
300 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
301 .driver_info
= BTUSB_IGNORE
},
303 /* Realtek Bluetooth devices */
304 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
305 .driver_info
= BTUSB_REALTEK
},
307 /* Additional Realtek 8723AE Bluetooth devices */
308 { USB_DEVICE(0x0930, 0x021d), .driver_info
= BTUSB_REALTEK
},
309 { USB_DEVICE(0x13d3, 0x3394), .driver_info
= BTUSB_REALTEK
},
311 /* Additional Realtek 8723BE Bluetooth devices */
312 { USB_DEVICE(0x0489, 0xe085), .driver_info
= BTUSB_REALTEK
},
313 { USB_DEVICE(0x0489, 0xe08b), .driver_info
= BTUSB_REALTEK
},
314 { USB_DEVICE(0x13d3, 0x3410), .driver_info
= BTUSB_REALTEK
},
315 { USB_DEVICE(0x13d3, 0x3416), .driver_info
= BTUSB_REALTEK
},
316 { USB_DEVICE(0x13d3, 0x3459), .driver_info
= BTUSB_REALTEK
},
318 /* Additional Realtek 8821AE Bluetooth devices */
319 { USB_DEVICE(0x0b05, 0x17dc), .driver_info
= BTUSB_REALTEK
},
320 { USB_DEVICE(0x13d3, 0x3414), .driver_info
= BTUSB_REALTEK
},
321 { USB_DEVICE(0x13d3, 0x3458), .driver_info
= BTUSB_REALTEK
},
322 { USB_DEVICE(0x13d3, 0x3461), .driver_info
= BTUSB_REALTEK
},
323 { USB_DEVICE(0x13d3, 0x3462), .driver_info
= BTUSB_REALTEK
},
325 /* Silicon Wave based devices */
326 { USB_DEVICE(0x0c10, 0x0000), .driver_info
= BTUSB_SWAVE
},
328 { } /* Terminating entry */
331 #define BTUSB_MAX_ISOC_FRAMES 10
333 #define BTUSB_INTR_RUNNING 0
334 #define BTUSB_BULK_RUNNING 1
335 #define BTUSB_ISOC_RUNNING 2
336 #define BTUSB_SUSPENDING 3
337 #define BTUSB_DID_ISO_RESUME 4
338 #define BTUSB_BOOTLOADER 5
339 #define BTUSB_DOWNLOADING 6
340 #define BTUSB_FIRMWARE_LOADED 7
341 #define BTUSB_FIRMWARE_FAILED 8
342 #define BTUSB_BOOTING 9
343 #define BTUSB_RESET_RESUME 10
346 struct hci_dev
*hdev
;
347 struct usb_device
*udev
;
348 struct usb_interface
*intf
;
349 struct usb_interface
*isoc
;
353 struct work_struct work
;
354 struct work_struct waker
;
356 struct usb_anchor deferred
;
357 struct usb_anchor tx_anchor
;
361 struct usb_anchor intr_anchor
;
362 struct usb_anchor bulk_anchor
;
363 struct usb_anchor isoc_anchor
;
366 struct sk_buff
*evt_skb
;
367 struct sk_buff
*acl_skb
;
368 struct sk_buff
*sco_skb
;
370 struct usb_endpoint_descriptor
*intr_ep
;
371 struct usb_endpoint_descriptor
*bulk_tx_ep
;
372 struct usb_endpoint_descriptor
*bulk_rx_ep
;
373 struct usb_endpoint_descriptor
*isoc_tx_ep
;
374 struct usb_endpoint_descriptor
*isoc_rx_ep
;
379 unsigned int sco_num
;
383 int (*recv_event
)(struct hci_dev
*hdev
, struct sk_buff
*skb
);
384 int (*recv_bulk
)(struct btusb_data
*data
, void *buffer
, int count
);
386 int (*setup_on_usb
)(struct hci_dev
*hdev
);
389 static inline void btusb_free_frags(struct btusb_data
*data
)
393 spin_lock_irqsave(&data
->rxlock
, flags
);
395 kfree_skb(data
->evt_skb
);
396 data
->evt_skb
= NULL
;
398 kfree_skb(data
->acl_skb
);
399 data
->acl_skb
= NULL
;
401 kfree_skb(data
->sco_skb
);
402 data
->sco_skb
= NULL
;
404 spin_unlock_irqrestore(&data
->rxlock
, flags
);
407 static int btusb_recv_intr(struct btusb_data
*data
, void *buffer
, int count
)
412 spin_lock(&data
->rxlock
);
419 skb
= bt_skb_alloc(HCI_MAX_EVENT_SIZE
, GFP_ATOMIC
);
425 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
426 bt_cb(skb
)->expect
= HCI_EVENT_HDR_SIZE
;
429 len
= min_t(uint
, bt_cb(skb
)->expect
, count
);
430 memcpy(skb_put(skb
, len
), buffer
, len
);
434 bt_cb(skb
)->expect
-= len
;
436 if (skb
->len
== HCI_EVENT_HDR_SIZE
) {
437 /* Complete event header */
438 bt_cb(skb
)->expect
= hci_event_hdr(skb
)->plen
;
440 if (skb_tailroom(skb
) < bt_cb(skb
)->expect
) {
449 if (bt_cb(skb
)->expect
== 0) {
451 data
->recv_event(data
->hdev
, skb
);
457 spin_unlock(&data
->rxlock
);
462 static int btusb_recv_bulk(struct btusb_data
*data
, void *buffer
, int count
)
467 spin_lock(&data
->rxlock
);
474 skb
= bt_skb_alloc(HCI_MAX_FRAME_SIZE
, GFP_ATOMIC
);
480 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
481 bt_cb(skb
)->expect
= HCI_ACL_HDR_SIZE
;
484 len
= min_t(uint
, bt_cb(skb
)->expect
, count
);
485 memcpy(skb_put(skb
, len
), buffer
, len
);
489 bt_cb(skb
)->expect
-= len
;
491 if (skb
->len
== HCI_ACL_HDR_SIZE
) {
492 __le16 dlen
= hci_acl_hdr(skb
)->dlen
;
494 /* Complete ACL header */
495 bt_cb(skb
)->expect
= __le16_to_cpu(dlen
);
497 if (skb_tailroom(skb
) < bt_cb(skb
)->expect
) {
506 if (bt_cb(skb
)->expect
== 0) {
508 hci_recv_frame(data
->hdev
, skb
);
514 spin_unlock(&data
->rxlock
);
519 static int btusb_recv_isoc(struct btusb_data
*data
, void *buffer
, int count
)
524 spin_lock(&data
->rxlock
);
531 skb
= bt_skb_alloc(HCI_MAX_SCO_SIZE
, GFP_ATOMIC
);
537 bt_cb(skb
)->pkt_type
= HCI_SCODATA_PKT
;
538 bt_cb(skb
)->expect
= HCI_SCO_HDR_SIZE
;
541 len
= min_t(uint
, bt_cb(skb
)->expect
, count
);
542 memcpy(skb_put(skb
, len
), buffer
, len
);
546 bt_cb(skb
)->expect
-= len
;
548 if (skb
->len
== HCI_SCO_HDR_SIZE
) {
549 /* Complete SCO header */
550 bt_cb(skb
)->expect
= hci_sco_hdr(skb
)->dlen
;
552 if (skb_tailroom(skb
) < bt_cb(skb
)->expect
) {
561 if (bt_cb(skb
)->expect
== 0) {
563 hci_recv_frame(data
->hdev
, skb
);
569 spin_unlock(&data
->rxlock
);
574 static void btusb_intr_complete(struct urb
*urb
)
576 struct hci_dev
*hdev
= urb
->context
;
577 struct btusb_data
*data
= hci_get_drvdata(hdev
);
580 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
583 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
586 if (urb
->status
== 0) {
587 hdev
->stat
.byte_rx
+= urb
->actual_length
;
589 if (btusb_recv_intr(data
, urb
->transfer_buffer
,
590 urb
->actual_length
) < 0) {
591 BT_ERR("%s corrupted event packet", hdev
->name
);
594 } else if (urb
->status
== -ENOENT
) {
595 /* Avoid suspend failed when usb_kill_urb */
599 if (!test_bit(BTUSB_INTR_RUNNING
, &data
->flags
))
602 usb_mark_last_busy(data
->udev
);
603 usb_anchor_urb(urb
, &data
->intr_anchor
);
605 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
607 /* -EPERM: urb is being killed;
608 * -ENODEV: device got disconnected */
609 if (err
!= -EPERM
&& err
!= -ENODEV
)
610 BT_ERR("%s urb %p failed to resubmit (%d)",
611 hdev
->name
, urb
, -err
);
612 usb_unanchor_urb(urb
);
616 static int btusb_submit_intr_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
618 struct btusb_data
*data
= hci_get_drvdata(hdev
);
624 BT_DBG("%s", hdev
->name
);
629 urb
= usb_alloc_urb(0, mem_flags
);
633 size
= le16_to_cpu(data
->intr_ep
->wMaxPacketSize
);
635 buf
= kmalloc(size
, mem_flags
);
641 pipe
= usb_rcvintpipe(data
->udev
, data
->intr_ep
->bEndpointAddress
);
643 usb_fill_int_urb(urb
, data
->udev
, pipe
, buf
, size
,
644 btusb_intr_complete
, hdev
, data
->intr_ep
->bInterval
);
646 urb
->transfer_flags
|= URB_FREE_BUFFER
;
648 usb_anchor_urb(urb
, &data
->intr_anchor
);
650 err
= usb_submit_urb(urb
, mem_flags
);
652 if (err
!= -EPERM
&& err
!= -ENODEV
)
653 BT_ERR("%s urb %p submission failed (%d)",
654 hdev
->name
, urb
, -err
);
655 usb_unanchor_urb(urb
);
663 static void btusb_bulk_complete(struct urb
*urb
)
665 struct hci_dev
*hdev
= urb
->context
;
666 struct btusb_data
*data
= hci_get_drvdata(hdev
);
669 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
672 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
675 if (urb
->status
== 0) {
676 hdev
->stat
.byte_rx
+= urb
->actual_length
;
678 if (data
->recv_bulk(data
, urb
->transfer_buffer
,
679 urb
->actual_length
) < 0) {
680 BT_ERR("%s corrupted ACL packet", hdev
->name
);
683 } else if (urb
->status
== -ENOENT
) {
684 /* Avoid suspend failed when usb_kill_urb */
688 if (!test_bit(BTUSB_BULK_RUNNING
, &data
->flags
))
691 usb_anchor_urb(urb
, &data
->bulk_anchor
);
692 usb_mark_last_busy(data
->udev
);
694 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
696 /* -EPERM: urb is being killed;
697 * -ENODEV: device got disconnected */
698 if (err
!= -EPERM
&& err
!= -ENODEV
)
699 BT_ERR("%s urb %p failed to resubmit (%d)",
700 hdev
->name
, urb
, -err
);
701 usb_unanchor_urb(urb
);
705 static int btusb_submit_bulk_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
707 struct btusb_data
*data
= hci_get_drvdata(hdev
);
711 int err
, size
= HCI_MAX_FRAME_SIZE
;
713 BT_DBG("%s", hdev
->name
);
715 if (!data
->bulk_rx_ep
)
718 urb
= usb_alloc_urb(0, mem_flags
);
722 buf
= kmalloc(size
, mem_flags
);
728 pipe
= usb_rcvbulkpipe(data
->udev
, data
->bulk_rx_ep
->bEndpointAddress
);
730 usb_fill_bulk_urb(urb
, data
->udev
, pipe
, buf
, size
,
731 btusb_bulk_complete
, hdev
);
733 urb
->transfer_flags
|= URB_FREE_BUFFER
;
735 usb_mark_last_busy(data
->udev
);
736 usb_anchor_urb(urb
, &data
->bulk_anchor
);
738 err
= usb_submit_urb(urb
, mem_flags
);
740 if (err
!= -EPERM
&& err
!= -ENODEV
)
741 BT_ERR("%s urb %p submission failed (%d)",
742 hdev
->name
, urb
, -err
);
743 usb_unanchor_urb(urb
);
751 static void btusb_isoc_complete(struct urb
*urb
)
753 struct hci_dev
*hdev
= urb
->context
;
754 struct btusb_data
*data
= hci_get_drvdata(hdev
);
757 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
760 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
763 if (urb
->status
== 0) {
764 for (i
= 0; i
< urb
->number_of_packets
; i
++) {
765 unsigned int offset
= urb
->iso_frame_desc
[i
].offset
;
766 unsigned int length
= urb
->iso_frame_desc
[i
].actual_length
;
768 if (urb
->iso_frame_desc
[i
].status
)
771 hdev
->stat
.byte_rx
+= length
;
773 if (btusb_recv_isoc(data
, urb
->transfer_buffer
+ offset
,
775 BT_ERR("%s corrupted SCO packet", hdev
->name
);
779 } else if (urb
->status
== -ENOENT
) {
780 /* Avoid suspend failed when usb_kill_urb */
784 if (!test_bit(BTUSB_ISOC_RUNNING
, &data
->flags
))
787 usb_anchor_urb(urb
, &data
->isoc_anchor
);
789 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
791 /* -EPERM: urb is being killed;
792 * -ENODEV: device got disconnected */
793 if (err
!= -EPERM
&& err
!= -ENODEV
)
794 BT_ERR("%s urb %p failed to resubmit (%d)",
795 hdev
->name
, urb
, -err
);
796 usb_unanchor_urb(urb
);
800 static inline void __fill_isoc_descriptor(struct urb
*urb
, int len
, int mtu
)
804 BT_DBG("len %d mtu %d", len
, mtu
);
806 for (i
= 0; i
< BTUSB_MAX_ISOC_FRAMES
&& len
>= mtu
;
807 i
++, offset
+= mtu
, len
-= mtu
) {
808 urb
->iso_frame_desc
[i
].offset
= offset
;
809 urb
->iso_frame_desc
[i
].length
= mtu
;
812 if (len
&& i
< BTUSB_MAX_ISOC_FRAMES
) {
813 urb
->iso_frame_desc
[i
].offset
= offset
;
814 urb
->iso_frame_desc
[i
].length
= len
;
818 urb
->number_of_packets
= i
;
821 static int btusb_submit_isoc_urb(struct hci_dev
*hdev
, gfp_t mem_flags
)
823 struct btusb_data
*data
= hci_get_drvdata(hdev
);
829 BT_DBG("%s", hdev
->name
);
831 if (!data
->isoc_rx_ep
)
834 urb
= usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES
, mem_flags
);
838 size
= le16_to_cpu(data
->isoc_rx_ep
->wMaxPacketSize
) *
839 BTUSB_MAX_ISOC_FRAMES
;
841 buf
= kmalloc(size
, mem_flags
);
847 pipe
= usb_rcvisocpipe(data
->udev
, data
->isoc_rx_ep
->bEndpointAddress
);
849 usb_fill_int_urb(urb
, data
->udev
, pipe
, buf
, size
, btusb_isoc_complete
,
850 hdev
, data
->isoc_rx_ep
->bInterval
);
852 urb
->transfer_flags
= URB_FREE_BUFFER
| URB_ISO_ASAP
;
854 __fill_isoc_descriptor(urb
, size
,
855 le16_to_cpu(data
->isoc_rx_ep
->wMaxPacketSize
));
857 usb_anchor_urb(urb
, &data
->isoc_anchor
);
859 err
= usb_submit_urb(urb
, mem_flags
);
861 if (err
!= -EPERM
&& err
!= -ENODEV
)
862 BT_ERR("%s urb %p submission failed (%d)",
863 hdev
->name
, urb
, -err
);
864 usb_unanchor_urb(urb
);
872 static void btusb_tx_complete(struct urb
*urb
)
874 struct sk_buff
*skb
= urb
->context
;
875 struct hci_dev
*hdev
= (struct hci_dev
*)skb
->dev
;
876 struct btusb_data
*data
= hci_get_drvdata(hdev
);
878 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
881 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
885 hdev
->stat
.byte_tx
+= urb
->transfer_buffer_length
;
890 spin_lock(&data
->txlock
);
891 data
->tx_in_flight
--;
892 spin_unlock(&data
->txlock
);
894 kfree(urb
->setup_packet
);
899 static void btusb_isoc_tx_complete(struct urb
*urb
)
901 struct sk_buff
*skb
= urb
->context
;
902 struct hci_dev
*hdev
= (struct hci_dev
*)skb
->dev
;
904 BT_DBG("%s urb %p status %d count %d", hdev
->name
, urb
, urb
->status
,
907 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
911 hdev
->stat
.byte_tx
+= urb
->transfer_buffer_length
;
916 kfree(urb
->setup_packet
);
921 static int btusb_open(struct hci_dev
*hdev
)
923 struct btusb_data
*data
= hci_get_drvdata(hdev
);
926 BT_DBG("%s", hdev
->name
);
928 /* Patching USB firmware files prior to starting any URBs of HCI path
929 * It is more safe to use USB bulk channel for downloading USB patch
931 if (data
->setup_on_usb
) {
932 err
= data
->setup_on_usb(hdev
);
937 err
= usb_autopm_get_interface(data
->intf
);
941 data
->intf
->needs_remote_wakeup
= 1;
943 if (test_and_set_bit(HCI_RUNNING
, &hdev
->flags
))
946 if (test_and_set_bit(BTUSB_INTR_RUNNING
, &data
->flags
))
949 err
= btusb_submit_intr_urb(hdev
, GFP_KERNEL
);
953 err
= btusb_submit_bulk_urb(hdev
, GFP_KERNEL
);
955 usb_kill_anchored_urbs(&data
->intr_anchor
);
959 set_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
960 btusb_submit_bulk_urb(hdev
, GFP_KERNEL
);
963 usb_autopm_put_interface(data
->intf
);
967 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
968 clear_bit(HCI_RUNNING
, &hdev
->flags
);
969 usb_autopm_put_interface(data
->intf
);
973 static void btusb_stop_traffic(struct btusb_data
*data
)
975 usb_kill_anchored_urbs(&data
->intr_anchor
);
976 usb_kill_anchored_urbs(&data
->bulk_anchor
);
977 usb_kill_anchored_urbs(&data
->isoc_anchor
);
980 static int btusb_close(struct hci_dev
*hdev
)
982 struct btusb_data
*data
= hci_get_drvdata(hdev
);
985 BT_DBG("%s", hdev
->name
);
987 if (!test_and_clear_bit(HCI_RUNNING
, &hdev
->flags
))
990 cancel_work_sync(&data
->work
);
991 cancel_work_sync(&data
->waker
);
993 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
994 clear_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
995 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
997 btusb_stop_traffic(data
);
998 btusb_free_frags(data
);
1000 err
= usb_autopm_get_interface(data
->intf
);
1004 data
->intf
->needs_remote_wakeup
= 0;
1005 usb_autopm_put_interface(data
->intf
);
1008 usb_scuttle_anchored_urbs(&data
->deferred
);
1012 static int btusb_flush(struct hci_dev
*hdev
)
1014 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1016 BT_DBG("%s", hdev
->name
);
1018 usb_kill_anchored_urbs(&data
->tx_anchor
);
1019 btusb_free_frags(data
);
1024 static struct urb
*alloc_ctrl_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1026 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1027 struct usb_ctrlrequest
*dr
;
1031 urb
= usb_alloc_urb(0, GFP_KERNEL
);
1033 return ERR_PTR(-ENOMEM
);
1035 dr
= kmalloc(sizeof(*dr
), GFP_KERNEL
);
1038 return ERR_PTR(-ENOMEM
);
1041 dr
->bRequestType
= data
->cmdreq_type
;
1042 dr
->bRequest
= data
->cmdreq
;
1045 dr
->wLength
= __cpu_to_le16(skb
->len
);
1047 pipe
= usb_sndctrlpipe(data
->udev
, 0x00);
1049 usb_fill_control_urb(urb
, data
->udev
, pipe
, (void *)dr
,
1050 skb
->data
, skb
->len
, btusb_tx_complete
, skb
);
1052 skb
->dev
= (void *)hdev
;
1057 static struct urb
*alloc_bulk_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1059 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1063 if (!data
->bulk_tx_ep
)
1064 return ERR_PTR(-ENODEV
);
1066 urb
= usb_alloc_urb(0, GFP_KERNEL
);
1068 return ERR_PTR(-ENOMEM
);
1070 pipe
= usb_sndbulkpipe(data
->udev
, data
->bulk_tx_ep
->bEndpointAddress
);
1072 usb_fill_bulk_urb(urb
, data
->udev
, pipe
,
1073 skb
->data
, skb
->len
, btusb_tx_complete
, skb
);
1075 skb
->dev
= (void *)hdev
;
1080 static struct urb
*alloc_isoc_urb(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1082 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1086 if (!data
->isoc_tx_ep
)
1087 return ERR_PTR(-ENODEV
);
1089 urb
= usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES
, GFP_KERNEL
);
1091 return ERR_PTR(-ENOMEM
);
1093 pipe
= usb_sndisocpipe(data
->udev
, data
->isoc_tx_ep
->bEndpointAddress
);
1095 usb_fill_int_urb(urb
, data
->udev
, pipe
,
1096 skb
->data
, skb
->len
, btusb_isoc_tx_complete
,
1097 skb
, data
->isoc_tx_ep
->bInterval
);
1099 urb
->transfer_flags
= URB_ISO_ASAP
;
1101 __fill_isoc_descriptor(urb
, skb
->len
,
1102 le16_to_cpu(data
->isoc_tx_ep
->wMaxPacketSize
));
1104 skb
->dev
= (void *)hdev
;
1109 static int submit_tx_urb(struct hci_dev
*hdev
, struct urb
*urb
)
1111 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1114 usb_anchor_urb(urb
, &data
->tx_anchor
);
1116 err
= usb_submit_urb(urb
, GFP_KERNEL
);
1118 if (err
!= -EPERM
&& err
!= -ENODEV
)
1119 BT_ERR("%s urb %p submission failed (%d)",
1120 hdev
->name
, urb
, -err
);
1121 kfree(urb
->setup_packet
);
1122 usb_unanchor_urb(urb
);
1124 usb_mark_last_busy(data
->udev
);
1131 static int submit_or_queue_tx_urb(struct hci_dev
*hdev
, struct urb
*urb
)
1133 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1134 unsigned long flags
;
1137 spin_lock_irqsave(&data
->txlock
, flags
);
1138 suspending
= test_bit(BTUSB_SUSPENDING
, &data
->flags
);
1140 data
->tx_in_flight
++;
1141 spin_unlock_irqrestore(&data
->txlock
, flags
);
1144 return submit_tx_urb(hdev
, urb
);
1146 usb_anchor_urb(urb
, &data
->deferred
);
1147 schedule_work(&data
->waker
);
1153 static int btusb_send_frame(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1157 BT_DBG("%s", hdev
->name
);
1159 switch (bt_cb(skb
)->pkt_type
) {
1160 case HCI_COMMAND_PKT
:
1161 urb
= alloc_ctrl_urb(hdev
, skb
);
1163 return PTR_ERR(urb
);
1165 hdev
->stat
.cmd_tx
++;
1166 return submit_or_queue_tx_urb(hdev
, urb
);
1168 case HCI_ACLDATA_PKT
:
1169 urb
= alloc_bulk_urb(hdev
, skb
);
1171 return PTR_ERR(urb
);
1173 hdev
->stat
.acl_tx
++;
1174 return submit_or_queue_tx_urb(hdev
, urb
);
1176 case HCI_SCODATA_PKT
:
1177 if (hci_conn_num(hdev
, SCO_LINK
) < 1)
1180 urb
= alloc_isoc_urb(hdev
, skb
);
1182 return PTR_ERR(urb
);
1184 hdev
->stat
.sco_tx
++;
1185 return submit_tx_urb(hdev
, urb
);
1191 static void btusb_notify(struct hci_dev
*hdev
, unsigned int evt
)
1193 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1195 BT_DBG("%s evt %d", hdev
->name
, evt
);
1197 if (hci_conn_num(hdev
, SCO_LINK
) != data
->sco_num
) {
1198 data
->sco_num
= hci_conn_num(hdev
, SCO_LINK
);
1199 schedule_work(&data
->work
);
1203 static inline int __set_isoc_interface(struct hci_dev
*hdev
, int altsetting
)
1205 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1206 struct usb_interface
*intf
= data
->isoc
;
1207 struct usb_endpoint_descriptor
*ep_desc
;
1213 err
= usb_set_interface(data
->udev
, 1, altsetting
);
1215 BT_ERR("%s setting interface failed (%d)", hdev
->name
, -err
);
1219 data
->isoc_altsetting
= altsetting
;
1221 data
->isoc_tx_ep
= NULL
;
1222 data
->isoc_rx_ep
= NULL
;
1224 for (i
= 0; i
< intf
->cur_altsetting
->desc
.bNumEndpoints
; i
++) {
1225 ep_desc
= &intf
->cur_altsetting
->endpoint
[i
].desc
;
1227 if (!data
->isoc_tx_ep
&& usb_endpoint_is_isoc_out(ep_desc
)) {
1228 data
->isoc_tx_ep
= ep_desc
;
1232 if (!data
->isoc_rx_ep
&& usb_endpoint_is_isoc_in(ep_desc
)) {
1233 data
->isoc_rx_ep
= ep_desc
;
1238 if (!data
->isoc_tx_ep
|| !data
->isoc_rx_ep
) {
1239 BT_ERR("%s invalid SCO descriptors", hdev
->name
);
1246 static void btusb_work(struct work_struct
*work
)
1248 struct btusb_data
*data
= container_of(work
, struct btusb_data
, work
);
1249 struct hci_dev
*hdev
= data
->hdev
;
1253 if (data
->sco_num
> 0) {
1254 if (!test_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
)) {
1255 err
= usb_autopm_get_interface(data
->isoc
? data
->isoc
: data
->intf
);
1257 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1258 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1262 set_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
);
1265 if (hdev
->voice_setting
& 0x0020) {
1266 static const int alts
[3] = { 2, 4, 5 };
1268 new_alts
= alts
[data
->sco_num
- 1];
1270 new_alts
= data
->sco_num
;
1273 if (data
->isoc_altsetting
!= new_alts
) {
1274 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1275 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1277 /* When isochronous alternate setting needs to be
1278 * changed, because SCO connection has been added
1279 * or removed, a packet fragment may be left in the
1280 * reassembling state. This could lead to wrongly
1281 * assembled fragments.
1283 * Clear outstanding fragment when selecting a new
1284 * alternate setting.
1286 spin_lock(&data
->rxlock
);
1287 kfree_skb(data
->sco_skb
);
1288 data
->sco_skb
= NULL
;
1289 spin_unlock(&data
->rxlock
);
1291 if (__set_isoc_interface(hdev
, new_alts
) < 0)
1295 if (!test_and_set_bit(BTUSB_ISOC_RUNNING
, &data
->flags
)) {
1296 if (btusb_submit_isoc_urb(hdev
, GFP_KERNEL
) < 0)
1297 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1299 btusb_submit_isoc_urb(hdev
, GFP_KERNEL
);
1302 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
1303 usb_kill_anchored_urbs(&data
->isoc_anchor
);
1305 __set_isoc_interface(hdev
, 0);
1306 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME
, &data
->flags
))
1307 usb_autopm_put_interface(data
->isoc
? data
->isoc
: data
->intf
);
1311 static void btusb_waker(struct work_struct
*work
)
1313 struct btusb_data
*data
= container_of(work
, struct btusb_data
, waker
);
1316 err
= usb_autopm_get_interface(data
->intf
);
1320 usb_autopm_put_interface(data
->intf
);
1323 static int btusb_setup_bcm92035(struct hci_dev
*hdev
)
1325 struct sk_buff
*skb
;
1328 BT_DBG("%s", hdev
->name
);
1330 skb
= __hci_cmd_sync(hdev
, 0xfc3b, 1, &val
, HCI_INIT_TIMEOUT
);
1332 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb
));
1339 static int btusb_setup_csr(struct hci_dev
*hdev
)
1341 struct hci_rp_read_local_version
*rp
;
1342 struct sk_buff
*skb
;
1344 BT_DBG("%s", hdev
->name
);
1346 skb
= __hci_cmd_sync(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
,
1349 int err
= PTR_ERR(skb
);
1350 BT_ERR("%s: CSR: Local version failed (%d)", hdev
->name
, err
);
1354 if (skb
->len
!= sizeof(struct hci_rp_read_local_version
)) {
1355 BT_ERR("%s: CSR: Local version length mismatch", hdev
->name
);
1360 rp
= (struct hci_rp_read_local_version
*)skb
->data
;
1362 /* Detect controllers which aren't real CSR ones. */
1363 if (le16_to_cpu(rp
->manufacturer
) != 10 ||
1364 le16_to_cpu(rp
->lmp_subver
) == 0x0c5c) {
1365 /* Clear the reset quirk since this is not an actual
1366 * early Bluetooth 1.1 device from CSR.
1368 clear_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
1370 /* These fake CSR controllers have all a broken
1371 * stored link key handling and so just disable it.
1373 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY
, &hdev
->quirks
);
1381 static const struct firmware
*btusb_setup_intel_get_fw(struct hci_dev
*hdev
,
1382 struct intel_version
*ver
)
1384 const struct firmware
*fw
;
1388 snprintf(fwname
, sizeof(fwname
),
1389 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1390 ver
->hw_platform
, ver
->hw_variant
, ver
->hw_revision
,
1391 ver
->fw_variant
, ver
->fw_revision
, ver
->fw_build_num
,
1392 ver
->fw_build_ww
, ver
->fw_build_yy
);
1394 ret
= request_firmware(&fw
, fwname
, &hdev
->dev
);
1396 if (ret
== -EINVAL
) {
1397 BT_ERR("%s Intel firmware file request failed (%d)",
1402 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1403 hdev
->name
, fwname
, ret
);
1405 /* If the correct firmware patch file is not found, use the
1406 * default firmware patch file instead
1408 snprintf(fwname
, sizeof(fwname
), "intel/ibt-hw-%x.%x.bseq",
1409 ver
->hw_platform
, ver
->hw_variant
);
1410 if (request_firmware(&fw
, fwname
, &hdev
->dev
) < 0) {
1411 BT_ERR("%s failed to open default Intel fw file: %s",
1412 hdev
->name
, fwname
);
1417 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev
->name
, fwname
);
1422 static int btusb_setup_intel_patching(struct hci_dev
*hdev
,
1423 const struct firmware
*fw
,
1424 const u8
**fw_ptr
, int *disable_patch
)
1426 struct sk_buff
*skb
;
1427 struct hci_command_hdr
*cmd
;
1428 const u8
*cmd_param
;
1429 struct hci_event_hdr
*evt
= NULL
;
1430 const u8
*evt_param
= NULL
;
1431 int remain
= fw
->size
- (*fw_ptr
- fw
->data
);
1433 /* The first byte indicates the types of the patch command or event.
1434 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1435 * in the current firmware buffer doesn't start with 0x01 or
1436 * the size of remain buffer is smaller than HCI command header,
1437 * the firmware file is corrupted and it should stop the patching
1440 if (remain
> HCI_COMMAND_HDR_SIZE
&& *fw_ptr
[0] != 0x01) {
1441 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev
->name
);
1447 cmd
= (struct hci_command_hdr
*)(*fw_ptr
);
1448 *fw_ptr
+= sizeof(*cmd
);
1449 remain
-= sizeof(*cmd
);
1451 /* Ensure that the remain firmware data is long enough than the length
1452 * of command parameter. If not, the firmware file is corrupted.
1454 if (remain
< cmd
->plen
) {
1455 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev
->name
);
1459 /* If there is a command that loads a patch in the firmware
1460 * file, then enable the patch upon success, otherwise just
1461 * disable the manufacturer mode, for example patch activation
1462 * is not required when the default firmware patch file is used
1463 * because there are no patch data to load.
1465 if (*disable_patch
&& le16_to_cpu(cmd
->opcode
) == 0xfc8e)
1468 cmd_param
= *fw_ptr
;
1469 *fw_ptr
+= cmd
->plen
;
1470 remain
-= cmd
->plen
;
1472 /* This reads the expected events when the above command is sent to the
1473 * device. Some vendor commands expects more than one events, for
1474 * example command status event followed by vendor specific event.
1475 * For this case, it only keeps the last expected event. so the command
1476 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1477 * last expected event.
1479 while (remain
> HCI_EVENT_HDR_SIZE
&& *fw_ptr
[0] == 0x02) {
1483 evt
= (struct hci_event_hdr
*)(*fw_ptr
);
1484 *fw_ptr
+= sizeof(*evt
);
1485 remain
-= sizeof(*evt
);
1487 if (remain
< evt
->plen
) {
1488 BT_ERR("%s Intel fw corrupted: invalid evt len",
1493 evt_param
= *fw_ptr
;
1494 *fw_ptr
+= evt
->plen
;
1495 remain
-= evt
->plen
;
1498 /* Every HCI commands in the firmware file has its correspond event.
1499 * If event is not found or remain is smaller than zero, the firmware
1500 * file is corrupted.
1502 if (!evt
|| !evt_param
|| remain
< 0) {
1503 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev
->name
);
1507 skb
= __hci_cmd_sync_ev(hdev
, le16_to_cpu(cmd
->opcode
), cmd
->plen
,
1508 cmd_param
, evt
->evt
, HCI_INIT_TIMEOUT
);
1510 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1511 hdev
->name
, cmd
->opcode
, PTR_ERR(skb
));
1512 return PTR_ERR(skb
);
1515 /* It ensures that the returned event matches the event data read from
1516 * the firmware file. At fist, it checks the length and then
1517 * the contents of the event.
1519 if (skb
->len
!= evt
->plen
) {
1520 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev
->name
,
1521 le16_to_cpu(cmd
->opcode
));
1526 if (memcmp(skb
->data
, evt_param
, evt
->plen
)) {
1527 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1528 hdev
->name
, le16_to_cpu(cmd
->opcode
));
1537 static int btusb_setup_intel(struct hci_dev
*hdev
)
1539 struct sk_buff
*skb
;
1540 const struct firmware
*fw
;
1543 struct intel_version
*ver
;
1545 const u8 mfg_enable
[] = { 0x01, 0x00 };
1546 const u8 mfg_disable
[] = { 0x00, 0x00 };
1547 const u8 mfg_reset_deactivate
[] = { 0x00, 0x01 };
1548 const u8 mfg_reset_activate
[] = { 0x00, 0x02 };
1550 BT_DBG("%s", hdev
->name
);
1552 /* The controller has a bug with the first HCI command sent to it
1553 * returning number of completed commands as zero. This would stall the
1554 * command processing in the Bluetooth core.
1556 * As a workaround, send HCI Reset command first which will reset the
1557 * number of completed commands and allow normal command processing
1560 skb
= __hci_cmd_sync(hdev
, HCI_OP_RESET
, 0, NULL
, HCI_INIT_TIMEOUT
);
1562 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1563 hdev
->name
, PTR_ERR(skb
));
1564 return PTR_ERR(skb
);
1568 /* Read Intel specific controller version first to allow selection of
1569 * which firmware file to load.
1571 * The returned information are hardware variant and revision plus
1572 * firmware variant, revision and build number.
1574 skb
= __hci_cmd_sync(hdev
, 0xfc05, 0, NULL
, HCI_INIT_TIMEOUT
);
1576 BT_ERR("%s reading Intel fw version command failed (%ld)",
1577 hdev
->name
, PTR_ERR(skb
));
1578 return PTR_ERR(skb
);
1581 if (skb
->len
!= sizeof(*ver
)) {
1582 BT_ERR("%s Intel version event length mismatch", hdev
->name
);
1587 ver
= (struct intel_version
*)skb
->data
;
1589 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1590 hdev
->name
, ver
->hw_platform
, ver
->hw_variant
,
1591 ver
->hw_revision
, ver
->fw_variant
, ver
->fw_revision
,
1592 ver
->fw_build_num
, ver
->fw_build_ww
, ver
->fw_build_yy
,
1595 /* fw_patch_num indicates the version of patch the device currently
1596 * have. If there is no patch data in the device, it is always 0x00.
1597 * So, if it is other than 0x00, no need to patch the device again.
1599 if (ver
->fw_patch_num
) {
1600 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1601 hdev
->name
, ver
->fw_patch_num
);
1603 btintel_check_bdaddr(hdev
);
1607 /* Opens the firmware patch file based on the firmware version read
1608 * from the controller. If it fails to open the matching firmware
1609 * patch file, it tries to open the default firmware patch file.
1610 * If no patch file is found, allow the device to operate without
1613 fw
= btusb_setup_intel_get_fw(hdev
, ver
);
1616 btintel_check_bdaddr(hdev
);
1623 /* This Intel specific command enables the manufacturer mode of the
1626 * Only while this mode is enabled, the driver can download the
1627 * firmware patch data and configuration parameters.
1629 skb
= __hci_cmd_sync(hdev
, 0xfc11, 2, mfg_enable
, HCI_INIT_TIMEOUT
);
1631 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1632 hdev
->name
, PTR_ERR(skb
));
1633 release_firmware(fw
);
1634 return PTR_ERR(skb
);
1641 /* The firmware data file consists of list of Intel specific HCI
1642 * commands and its expected events. The first byte indicates the
1643 * type of the message, either HCI command or HCI event.
1645 * It reads the command and its expected event from the firmware file,
1646 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1647 * the returned event is compared with the event read from the firmware
1648 * file and it will continue until all the messages are downloaded to
1651 * Once the firmware patching is completed successfully,
1652 * the manufacturer mode is disabled with reset and activating the
1655 * If the firmware patching fails, the manufacturer mode is
1656 * disabled with reset and deactivating the patch.
1658 * If the default patch file is used, no reset is done when disabling
1661 while (fw
->size
> fw_ptr
- fw
->data
) {
1664 ret
= btusb_setup_intel_patching(hdev
, fw
, &fw_ptr
,
1667 goto exit_mfg_deactivate
;
1670 release_firmware(fw
);
1673 goto exit_mfg_disable
;
1675 /* Patching completed successfully and disable the manufacturer mode
1676 * with reset and activate the downloaded firmware patches.
1678 skb
= __hci_cmd_sync(hdev
, 0xfc11, sizeof(mfg_reset_activate
),
1679 mfg_reset_activate
, HCI_INIT_TIMEOUT
);
1681 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1682 hdev
->name
, PTR_ERR(skb
));
1683 return PTR_ERR(skb
);
1687 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1690 btintel_check_bdaddr(hdev
);
1694 /* Disable the manufacturer mode without reset */
1695 skb
= __hci_cmd_sync(hdev
, 0xfc11, sizeof(mfg_disable
), mfg_disable
,
1698 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1699 hdev
->name
, PTR_ERR(skb
));
1700 return PTR_ERR(skb
);
1704 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev
->name
);
1706 btintel_check_bdaddr(hdev
);
1709 exit_mfg_deactivate
:
1710 release_firmware(fw
);
1712 /* Patching failed. Disable the manufacturer mode with reset and
1713 * deactivate the downloaded firmware patches.
1715 skb
= __hci_cmd_sync(hdev
, 0xfc11, sizeof(mfg_reset_deactivate
),
1716 mfg_reset_deactivate
, HCI_INIT_TIMEOUT
);
1718 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1719 hdev
->name
, PTR_ERR(skb
));
1720 return PTR_ERR(skb
);
1724 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1727 btintel_check_bdaddr(hdev
);
1731 static int inject_cmd_complete(struct hci_dev
*hdev
, __u16 opcode
)
1733 struct sk_buff
*skb
;
1734 struct hci_event_hdr
*hdr
;
1735 struct hci_ev_cmd_complete
*evt
;
1737 skb
= bt_skb_alloc(sizeof(*hdr
) + sizeof(*evt
) + 1, GFP_ATOMIC
);
1741 hdr
= (struct hci_event_hdr
*)skb_put(skb
, sizeof(*hdr
));
1742 hdr
->evt
= HCI_EV_CMD_COMPLETE
;
1743 hdr
->plen
= sizeof(*evt
) + 1;
1745 evt
= (struct hci_ev_cmd_complete
*)skb_put(skb
, sizeof(*evt
));
1747 evt
->opcode
= cpu_to_le16(opcode
);
1749 *skb_put(skb
, 1) = 0x00;
1751 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
1753 return hci_recv_frame(hdev
, skb
);
1756 static int btusb_recv_bulk_intel(struct btusb_data
*data
, void *buffer
,
1759 /* When the device is in bootloader mode, then it can send
1760 * events via the bulk endpoint. These events are treated the
1761 * same way as the ones received from the interrupt endpoint.
1763 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
))
1764 return btusb_recv_intr(data
, buffer
, count
);
1766 return btusb_recv_bulk(data
, buffer
, count
);
1769 static void btusb_intel_bootup(struct btusb_data
*data
, const void *ptr
,
1772 const struct intel_bootup
*evt
= ptr
;
1774 if (len
!= sizeof(*evt
))
1777 if (test_and_clear_bit(BTUSB_BOOTING
, &data
->flags
)) {
1778 smp_mb__after_atomic();
1779 wake_up_bit(&data
->flags
, BTUSB_BOOTING
);
1783 static void btusb_intel_secure_send_result(struct btusb_data
*data
,
1784 const void *ptr
, unsigned int len
)
1786 const struct intel_secure_send_result
*evt
= ptr
;
1788 if (len
!= sizeof(*evt
))
1792 set_bit(BTUSB_FIRMWARE_FAILED
, &data
->flags
);
1794 if (test_and_clear_bit(BTUSB_DOWNLOADING
, &data
->flags
) &&
1795 test_bit(BTUSB_FIRMWARE_LOADED
, &data
->flags
)) {
1796 smp_mb__after_atomic();
1797 wake_up_bit(&data
->flags
, BTUSB_DOWNLOADING
);
1801 static int btusb_recv_event_intel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1803 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1805 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
)) {
1806 struct hci_event_hdr
*hdr
= (void *)skb
->data
;
1808 if (skb
->len
> HCI_EVENT_HDR_SIZE
&& hdr
->evt
== 0xff &&
1810 const void *ptr
= skb
->data
+ HCI_EVENT_HDR_SIZE
+ 1;
1811 unsigned int len
= skb
->len
- HCI_EVENT_HDR_SIZE
- 1;
1813 switch (skb
->data
[2]) {
1815 /* When switching to the operational firmware
1816 * the device sends a vendor specific event
1817 * indicating that the bootup completed.
1819 btusb_intel_bootup(data
, ptr
, len
);
1822 /* When the firmware loading completes the
1823 * device sends out a vendor specific event
1824 * indicating the result of the firmware
1827 btusb_intel_secure_send_result(data
, ptr
, len
);
1833 return hci_recv_frame(hdev
, skb
);
1836 static int btusb_send_frame_intel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1838 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1841 BT_DBG("%s", hdev
->name
);
1843 switch (bt_cb(skb
)->pkt_type
) {
1844 case HCI_COMMAND_PKT
:
1845 if (test_bit(BTUSB_BOOTLOADER
, &data
->flags
)) {
1846 struct hci_command_hdr
*cmd
= (void *)skb
->data
;
1847 __u16 opcode
= le16_to_cpu(cmd
->opcode
);
1849 /* When in bootloader mode and the command 0xfc09
1850 * is received, it needs to be send down the
1851 * bulk endpoint. So allocate a bulk URB instead.
1853 if (opcode
== 0xfc09)
1854 urb
= alloc_bulk_urb(hdev
, skb
);
1856 urb
= alloc_ctrl_urb(hdev
, skb
);
1858 /* When the 0xfc01 command is issued to boot into
1859 * the operational firmware, it will actually not
1860 * send a command complete event. To keep the flow
1861 * control working inject that event here.
1863 if (opcode
== 0xfc01)
1864 inject_cmd_complete(hdev
, opcode
);
1866 urb
= alloc_ctrl_urb(hdev
, skb
);
1869 return PTR_ERR(urb
);
1871 hdev
->stat
.cmd_tx
++;
1872 return submit_or_queue_tx_urb(hdev
, urb
);
1874 case HCI_ACLDATA_PKT
:
1875 urb
= alloc_bulk_urb(hdev
, skb
);
1877 return PTR_ERR(urb
);
1879 hdev
->stat
.acl_tx
++;
1880 return submit_or_queue_tx_urb(hdev
, urb
);
1882 case HCI_SCODATA_PKT
:
1883 if (hci_conn_num(hdev
, SCO_LINK
) < 1)
1886 urb
= alloc_isoc_urb(hdev
, skb
);
1888 return PTR_ERR(urb
);
1890 hdev
->stat
.sco_tx
++;
1891 return submit_tx_urb(hdev
, urb
);
1897 static int btusb_setup_intel_new(struct hci_dev
*hdev
)
1899 static const u8 reset_param
[] = { 0x00, 0x01, 0x00, 0x01,
1900 0x00, 0x08, 0x04, 0x00 };
1901 struct btusb_data
*data
= hci_get_drvdata(hdev
);
1902 struct sk_buff
*skb
;
1903 struct intel_version
*ver
;
1904 struct intel_boot_params
*params
;
1905 const struct firmware
*fw
;
1909 ktime_t calltime
, delta
, rettime
;
1910 unsigned long long duration
;
1913 BT_DBG("%s", hdev
->name
);
1915 calltime
= ktime_get();
1917 /* Read the Intel version information to determine if the device
1918 * is in bootloader mode or if it already has operational firmware
1921 skb
= __hci_cmd_sync(hdev
, 0xfc05, 0, NULL
, HCI_INIT_TIMEOUT
);
1923 BT_ERR("%s: Reading Intel version information failed (%ld)",
1924 hdev
->name
, PTR_ERR(skb
));
1925 return PTR_ERR(skb
);
1928 if (skb
->len
!= sizeof(*ver
)) {
1929 BT_ERR("%s: Intel version event size mismatch", hdev
->name
);
1934 ver
= (struct intel_version
*)skb
->data
;
1936 /* The hardware platform number has a fixed value of 0x37 and
1937 * for now only accept this single value.
1939 if (ver
->hw_platform
!= 0x37) {
1940 BT_ERR("%s: Unsupported Intel hardware platform (%u)",
1941 hdev
->name
, ver
->hw_platform
);
1946 /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is
1947 * supported by this firmware loading method. This check has been
1948 * put in place to ensure correct forward compatibility options
1949 * when newer hardware variants come along.
1951 if (ver
->hw_variant
!= 0x0b) {
1952 BT_ERR("%s: Unsupported Intel hardware variant (%u)",
1953 hdev
->name
, ver
->hw_variant
);
1958 btintel_version_info(hdev
, ver
);
1960 /* The firmware variant determines if the device is in bootloader
1961 * mode or is running operational firmware. The value 0x06 identifies
1962 * the bootloader and the value 0x23 identifies the operational
1965 * When the operational firmware is already present, then only
1966 * the check for valid Bluetooth device address is needed. This
1967 * determines if the device will be added as configured or
1968 * unconfigured controller.
1970 * It is not possible to use the Secure Boot Parameters in this
1971 * case since that command is only available in bootloader mode.
1973 if (ver
->fw_variant
== 0x23) {
1975 clear_bit(BTUSB_BOOTLOADER
, &data
->flags
);
1976 btintel_check_bdaddr(hdev
);
1980 /* If the device is not in bootloader mode, then the only possible
1981 * choice is to return an error and abort the device initialization.
1983 if (ver
->fw_variant
!= 0x06) {
1984 BT_ERR("%s: Unsupported Intel firmware variant (%u)",
1985 hdev
->name
, ver
->fw_variant
);
1992 /* Read the secure boot parameters to identify the operating
1993 * details of the bootloader.
1995 skb
= __hci_cmd_sync(hdev
, 0xfc0d, 0, NULL
, HCI_INIT_TIMEOUT
);
1997 BT_ERR("%s: Reading Intel boot parameters failed (%ld)",
1998 hdev
->name
, PTR_ERR(skb
));
1999 return PTR_ERR(skb
);
2002 if (skb
->len
!= sizeof(*params
)) {
2003 BT_ERR("%s: Intel boot parameters size mismatch", hdev
->name
);
2008 params
= (struct intel_boot_params
*)skb
->data
;
2010 BT_INFO("%s: Device revision is %u", hdev
->name
,
2011 le16_to_cpu(params
->dev_revid
));
2013 BT_INFO("%s: Secure boot is %s", hdev
->name
,
2014 params
->secure_boot
? "enabled" : "disabled");
2016 BT_INFO("%s: Minimum firmware build %u week %u %u", hdev
->name
,
2017 params
->min_fw_build_nn
, params
->min_fw_build_cw
,
2018 2000 + params
->min_fw_build_yy
);
2020 /* It is required that every single firmware fragment is acknowledged
2021 * with a command complete event. If the boot parameters indicate
2022 * that this bootloader does not send them, then abort the setup.
2024 if (params
->limited_cce
!= 0x00) {
2025 BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2026 hdev
->name
, params
->limited_cce
);
2031 /* If the OTP has no valid Bluetooth device address, then there will
2032 * also be no valid address for the operational firmware.
2034 if (!bacmp(¶ms
->otp_bdaddr
, BDADDR_ANY
)) {
2035 BT_INFO("%s: No device address configured", hdev
->name
);
2036 set_bit(HCI_QUIRK_INVALID_BDADDR
, &hdev
->quirks
);
2039 /* With this Intel bootloader only the hardware variant and device
2040 * revision information are used to select the right firmware.
2042 * Currently this bootloader support is limited to hardware variant
2043 * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b).
2045 snprintf(fwname
, sizeof(fwname
), "intel/ibt-11-%u.sfi",
2046 le16_to_cpu(params
->dev_revid
));
2048 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2050 BT_ERR("%s: Failed to load Intel firmware file (%d)",
2056 BT_INFO("%s: Found device firmware: %s", hdev
->name
, fwname
);
2058 /* Save the DDC file name for later use to apply once the firmware
2059 * downloading is done.
2061 snprintf(fwname
, sizeof(fwname
), "intel/ibt-11-%u.ddc",
2062 le16_to_cpu(params
->dev_revid
));
2066 if (fw
->size
< 644) {
2067 BT_ERR("%s: Invalid size of firmware file (%zu)",
2068 hdev
->name
, fw
->size
);
2073 set_bit(BTUSB_DOWNLOADING
, &data
->flags
);
2075 /* Start the firmware download transaction with the Init fragment
2076 * represented by the 128 bytes of CSS header.
2078 err
= btintel_secure_send(hdev
, 0x00, 128, fw
->data
);
2080 BT_ERR("%s: Failed to send firmware header (%d)",
2085 /* Send the 256 bytes of public key information from the firmware
2086 * as the PKey fragment.
2088 err
= btintel_secure_send(hdev
, 0x03, 256, fw
->data
+ 128);
2090 BT_ERR("%s: Failed to send firmware public key (%d)",
2095 /* Send the 256 bytes of signature information from the firmware
2096 * as the Sign fragment.
2098 err
= btintel_secure_send(hdev
, 0x02, 256, fw
->data
+ 388);
2100 BT_ERR("%s: Failed to send firmware signature (%d)",
2105 fw_ptr
= fw
->data
+ 644;
2108 while (fw_ptr
- fw
->data
< fw
->size
) {
2109 struct hci_command_hdr
*cmd
= (void *)(fw_ptr
+ frag_len
);
2111 frag_len
+= sizeof(*cmd
) + cmd
->plen
;
2113 /* The parameter length of the secure send command requires
2114 * a 4 byte alignment. It happens so that the firmware file
2115 * contains proper Intel_NOP commands to align the fragments
2118 * Send set of commands with 4 byte alignment from the
2119 * firmware data buffer as a single Data fragement.
2121 if (!(frag_len
% 4)) {
2122 err
= btintel_secure_send(hdev
, 0x01, frag_len
, fw_ptr
);
2124 BT_ERR("%s: Failed to send firmware data (%d)",
2134 set_bit(BTUSB_FIRMWARE_LOADED
, &data
->flags
);
2136 BT_INFO("%s: Waiting for firmware download to complete", hdev
->name
);
2138 /* Before switching the device into operational mode and with that
2139 * booting the loaded firmware, wait for the bootloader notification
2140 * that all fragments have been successfully received.
2142 * When the event processing receives the notification, then the
2143 * BTUSB_DOWNLOADING flag will be cleared.
2145 * The firmware loading should not take longer than 5 seconds
2146 * and thus just timeout if that happens and fail the setup
2149 err
= wait_on_bit_timeout(&data
->flags
, BTUSB_DOWNLOADING
,
2151 msecs_to_jiffies(5000));
2153 BT_ERR("%s: Firmware loading interrupted", hdev
->name
);
2159 BT_ERR("%s: Firmware loading timeout", hdev
->name
);
2164 if (test_bit(BTUSB_FIRMWARE_FAILED
, &data
->flags
)) {
2165 BT_ERR("%s: Firmware loading failed", hdev
->name
);
2170 rettime
= ktime_get();
2171 delta
= ktime_sub(rettime
, calltime
);
2172 duration
= (unsigned long long) ktime_to_ns(delta
) >> 10;
2174 BT_INFO("%s: Firmware loaded in %llu usecs", hdev
->name
, duration
);
2177 release_firmware(fw
);
2182 calltime
= ktime_get();
2184 set_bit(BTUSB_BOOTING
, &data
->flags
);
2186 skb
= __hci_cmd_sync(hdev
, 0xfc01, sizeof(reset_param
), reset_param
,
2189 return PTR_ERR(skb
);
2193 /* The bootloader will not indicate when the device is ready. This
2194 * is done by the operational firmware sending bootup notification.
2196 * Booting into operational firmware should not take longer than
2197 * 1 second. However if that happens, then just fail the setup
2198 * since something went wrong.
2200 BT_INFO("%s: Waiting for device to boot", hdev
->name
);
2202 err
= wait_on_bit_timeout(&data
->flags
, BTUSB_BOOTING
,
2204 msecs_to_jiffies(1000));
2207 BT_ERR("%s: Device boot interrupted", hdev
->name
);
2212 BT_ERR("%s: Device boot timeout", hdev
->name
);
2216 rettime
= ktime_get();
2217 delta
= ktime_sub(rettime
, calltime
);
2218 duration
= (unsigned long long) ktime_to_ns(delta
) >> 10;
2220 BT_INFO("%s: Device booted in %llu usecs", hdev
->name
, duration
);
2222 clear_bit(BTUSB_BOOTLOADER
, &data
->flags
);
2224 /* Once the device is running in operational mode, it needs to apply
2225 * the device configuration (DDC) parameters.
2227 * The device can work without DDC parameters, so even if it fails
2228 * to load the file, no need to fail the setup.
2230 btintel_load_ddc_config(hdev
, fwname
);
2235 static int btusb_shutdown_intel(struct hci_dev
*hdev
)
2237 struct sk_buff
*skb
;
2240 /* Some platforms have an issue with BT LED when the interface is
2241 * down or BT radio is turned off, which takes 5 seconds to BT LED
2242 * goes off. This command turns off the BT LED immediately.
2244 skb
= __hci_cmd_sync(hdev
, 0xfc3f, 0, NULL
, HCI_INIT_TIMEOUT
);
2247 BT_ERR("%s: turning off Intel device LED failed (%ld)",
2256 static int btusb_set_bdaddr_marvell(struct hci_dev
*hdev
,
2257 const bdaddr_t
*bdaddr
)
2259 struct sk_buff
*skb
;
2264 buf
[1] = sizeof(bdaddr_t
);
2265 memcpy(buf
+ 2, bdaddr
, sizeof(bdaddr_t
));
2267 skb
= __hci_cmd_sync(hdev
, 0xfc22, sizeof(buf
), buf
, HCI_INIT_TIMEOUT
);
2270 BT_ERR("%s: changing Marvell device address failed (%ld)",
2279 static int btusb_set_bdaddr_ath3012(struct hci_dev
*hdev
,
2280 const bdaddr_t
*bdaddr
)
2282 struct sk_buff
*skb
;
2289 buf
[3] = sizeof(bdaddr_t
);
2290 memcpy(buf
+ 4, bdaddr
, sizeof(bdaddr_t
));
2292 skb
= __hci_cmd_sync(hdev
, 0xfc0b, sizeof(buf
), buf
, HCI_INIT_TIMEOUT
);
2295 BT_ERR("%s: Change address command failed (%ld)",
2304 #define QCA_DFU_PACKET_LEN 4096
2306 #define QCA_GET_TARGET_VERSION 0x09
2307 #define QCA_CHECK_STATUS 0x05
2308 #define QCA_DFU_DOWNLOAD 0x01
2310 #define QCA_SYSCFG_UPDATED 0x40
2311 #define QCA_PATCH_UPDATED 0x80
2312 #define QCA_DFU_TIMEOUT 3000
2314 struct qca_version
{
2316 __le32 patch_version
;
2322 struct qca_rampatch_version
{
2324 __le16 patch_version
;
2327 struct qca_device_info
{
2329 u8 rampatch_hdr
; /* length of header in rampatch */
2330 u8 nvm_hdr
; /* length of header in NVM */
2331 u8 ver_offset
; /* offset of version structure in rampatch */
2334 static const struct qca_device_info qca_devices_table
[] = {
2335 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
2336 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
2337 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
2338 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
2339 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
2340 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
2343 static int btusb_qca_send_vendor_req(struct hci_dev
*hdev
, u8 request
,
2344 void *data
, u16 size
)
2346 struct btusb_data
*btdata
= hci_get_drvdata(hdev
);
2347 struct usb_device
*udev
= btdata
->udev
;
2351 buf
= kmalloc(size
, GFP_KERNEL
);
2355 /* Found some of USB hosts have IOT issues with ours so that we should
2356 * not wait until HCI layer is ready.
2358 pipe
= usb_rcvctrlpipe(udev
, 0);
2359 err
= usb_control_msg(udev
, pipe
, request
, USB_TYPE_VENDOR
| USB_DIR_IN
,
2360 0, 0, buf
, size
, USB_CTRL_SET_TIMEOUT
);
2362 BT_ERR("%s: Failed to access otp area (%d)", hdev
->name
, err
);
2366 memcpy(data
, buf
, size
);
2374 static int btusb_setup_qca_download_fw(struct hci_dev
*hdev
,
2375 const struct firmware
*firmware
,
2378 struct btusb_data
*btdata
= hci_get_drvdata(hdev
);
2379 struct usb_device
*udev
= btdata
->udev
;
2380 size_t count
, size
, sent
= 0;
2384 buf
= kmalloc(QCA_DFU_PACKET_LEN
, GFP_KERNEL
);
2388 count
= firmware
->size
;
2390 size
= min_t(size_t, count
, hdr_size
);
2391 memcpy(buf
, firmware
->data
, size
);
2393 /* USB patches should go down to controller through USB path
2394 * because binary format fits to go down through USB channel.
2395 * USB control path is for patching headers and USB bulk is for
2398 pipe
= usb_sndctrlpipe(udev
, 0);
2399 err
= usb_control_msg(udev
, pipe
, QCA_DFU_DOWNLOAD
, USB_TYPE_VENDOR
,
2400 0, 0, buf
, size
, USB_CTRL_SET_TIMEOUT
);
2402 BT_ERR("%s: Failed to send headers (%d)", hdev
->name
, err
);
2410 size
= min_t(size_t, count
, QCA_DFU_PACKET_LEN
);
2412 memcpy(buf
, firmware
->data
+ sent
, size
);
2414 pipe
= usb_sndbulkpipe(udev
, 0x02);
2415 err
= usb_bulk_msg(udev
, pipe
, buf
, size
, &len
,
2418 BT_ERR("%s: Failed to send body at %zd of %zd (%d)",
2419 hdev
->name
, sent
, firmware
->size
, err
);
2424 BT_ERR("%s: Failed to get bulk buffer", hdev
->name
);
2438 static int btusb_setup_qca_load_rampatch(struct hci_dev
*hdev
,
2439 struct qca_version
*ver
,
2440 const struct qca_device_info
*info
)
2442 struct qca_rampatch_version
*rver
;
2443 const struct firmware
*fw
;
2444 u32 ver_rom
, ver_patch
;
2445 u16 rver_rom
, rver_patch
;
2449 ver_rom
= le32_to_cpu(ver
->rom_version
);
2450 ver_patch
= le32_to_cpu(ver
->patch_version
);
2452 snprintf(fwname
, sizeof(fwname
), "qca/rampatch_usb_%08x.bin", ver_rom
);
2454 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2456 BT_ERR("%s: failed to request rampatch file: %s (%d)",
2457 hdev
->name
, fwname
, err
);
2461 BT_INFO("%s: using rampatch file: %s", hdev
->name
, fwname
);
2463 rver
= (struct qca_rampatch_version
*)(fw
->data
+ info
->ver_offset
);
2464 rver_rom
= le16_to_cpu(rver
->rom_version
);
2465 rver_patch
= le16_to_cpu(rver
->patch_version
);
2467 BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x "
2468 "build 0x%x", hdev
->name
, rver_rom
, rver_patch
, ver_rom
,
2471 if (rver_rom
!= ver_rom
|| rver_patch
<= ver_patch
) {
2472 BT_ERR("%s: rampatch file version did not match with firmware",
2478 err
= btusb_setup_qca_download_fw(hdev
, fw
, info
->rampatch_hdr
);
2481 release_firmware(fw
);
2486 static int btusb_setup_qca_load_nvm(struct hci_dev
*hdev
,
2487 struct qca_version
*ver
,
2488 const struct qca_device_info
*info
)
2490 const struct firmware
*fw
;
2494 snprintf(fwname
, sizeof(fwname
), "qca/nvm_usb_%08x.bin",
2495 le32_to_cpu(ver
->rom_version
));
2497 err
= request_firmware(&fw
, fwname
, &hdev
->dev
);
2499 BT_ERR("%s: failed to request NVM file: %s (%d)",
2500 hdev
->name
, fwname
, err
);
2504 BT_INFO("%s: using NVM file: %s", hdev
->name
, fwname
);
2506 err
= btusb_setup_qca_download_fw(hdev
, fw
, info
->nvm_hdr
);
2508 release_firmware(fw
);
2513 static int btusb_setup_qca(struct hci_dev
*hdev
)
2515 const struct qca_device_info
*info
= NULL
;
2516 struct qca_version ver
;
2521 err
= btusb_qca_send_vendor_req(hdev
, QCA_GET_TARGET_VERSION
, &ver
,
2526 ver_rom
= le32_to_cpu(ver
.rom_version
);
2527 for (i
= 0; i
< ARRAY_SIZE(qca_devices_table
); i
++) {
2528 if (ver_rom
== qca_devices_table
[i
].rom_version
)
2529 info
= &qca_devices_table
[i
];
2532 BT_ERR("%s: don't support firmware rome 0x%x", hdev
->name
,
2537 err
= btusb_qca_send_vendor_req(hdev
, QCA_CHECK_STATUS
, &status
,
2542 if (!(status
& QCA_PATCH_UPDATED
)) {
2543 err
= btusb_setup_qca_load_rampatch(hdev
, &ver
, info
);
2548 if (!(status
& QCA_SYSCFG_UPDATED
)) {
2549 err
= btusb_setup_qca_load_nvm(hdev
, &ver
, info
);
2557 static int btusb_probe(struct usb_interface
*intf
,
2558 const struct usb_device_id
*id
)
2560 struct usb_endpoint_descriptor
*ep_desc
;
2561 struct btusb_data
*data
;
2562 struct hci_dev
*hdev
;
2565 BT_DBG("intf %p id %p", intf
, id
);
2567 /* interface numbers are hardcoded in the spec */
2568 if (intf
->cur_altsetting
->desc
.bInterfaceNumber
!= 0)
2571 if (!id
->driver_info
) {
2572 const struct usb_device_id
*match
;
2574 match
= usb_match_id(intf
, blacklist_table
);
2579 if (id
->driver_info
== BTUSB_IGNORE
)
2582 if (id
->driver_info
& BTUSB_ATH3012
) {
2583 struct usb_device
*udev
= interface_to_usbdev(intf
);
2585 /* Old firmware would otherwise let ath3k driver load
2586 * patch and sysconfig files */
2587 if (le16_to_cpu(udev
->descriptor
.bcdDevice
) <= 0x0001)
2591 data
= devm_kzalloc(&intf
->dev
, sizeof(*data
), GFP_KERNEL
);
2595 for (i
= 0; i
< intf
->cur_altsetting
->desc
.bNumEndpoints
; i
++) {
2596 ep_desc
= &intf
->cur_altsetting
->endpoint
[i
].desc
;
2598 if (!data
->intr_ep
&& usb_endpoint_is_int_in(ep_desc
)) {
2599 data
->intr_ep
= ep_desc
;
2603 if (!data
->bulk_tx_ep
&& usb_endpoint_is_bulk_out(ep_desc
)) {
2604 data
->bulk_tx_ep
= ep_desc
;
2608 if (!data
->bulk_rx_ep
&& usb_endpoint_is_bulk_in(ep_desc
)) {
2609 data
->bulk_rx_ep
= ep_desc
;
2614 if (!data
->intr_ep
|| !data
->bulk_tx_ep
|| !data
->bulk_rx_ep
)
2617 if (id
->driver_info
& BTUSB_AMP
) {
2618 data
->cmdreq_type
= USB_TYPE_CLASS
| 0x01;
2619 data
->cmdreq
= 0x2b;
2621 data
->cmdreq_type
= USB_TYPE_CLASS
;
2622 data
->cmdreq
= 0x00;
2625 data
->udev
= interface_to_usbdev(intf
);
2628 INIT_WORK(&data
->work
, btusb_work
);
2629 INIT_WORK(&data
->waker
, btusb_waker
);
2630 init_usb_anchor(&data
->deferred
);
2631 init_usb_anchor(&data
->tx_anchor
);
2632 spin_lock_init(&data
->txlock
);
2634 init_usb_anchor(&data
->intr_anchor
);
2635 init_usb_anchor(&data
->bulk_anchor
);
2636 init_usb_anchor(&data
->isoc_anchor
);
2637 spin_lock_init(&data
->rxlock
);
2639 if (id
->driver_info
& BTUSB_INTEL_NEW
) {
2640 data
->recv_event
= btusb_recv_event_intel
;
2641 data
->recv_bulk
= btusb_recv_bulk_intel
;
2642 set_bit(BTUSB_BOOTLOADER
, &data
->flags
);
2644 data
->recv_event
= hci_recv_frame
;
2645 data
->recv_bulk
= btusb_recv_bulk
;
2648 hdev
= hci_alloc_dev();
2652 hdev
->bus
= HCI_USB
;
2653 hci_set_drvdata(hdev
, data
);
2655 if (id
->driver_info
& BTUSB_AMP
)
2656 hdev
->dev_type
= HCI_AMP
;
2658 hdev
->dev_type
= HCI_BREDR
;
2662 SET_HCIDEV_DEV(hdev
, &intf
->dev
);
2664 hdev
->open
= btusb_open
;
2665 hdev
->close
= btusb_close
;
2666 hdev
->flush
= btusb_flush
;
2667 hdev
->send
= btusb_send_frame
;
2668 hdev
->notify
= btusb_notify
;
2670 if (id
->driver_info
& BTUSB_BCM92035
)
2671 hdev
->setup
= btusb_setup_bcm92035
;
2673 #ifdef CONFIG_BT_HCIBTUSB_BCM
2674 if (id
->driver_info
& BTUSB_BCM_PATCHRAM
) {
2675 hdev
->setup
= btbcm_setup_patchram
;
2676 hdev
->set_bdaddr
= btbcm_set_bdaddr
;
2679 if (id
->driver_info
& BTUSB_BCM_APPLE
)
2680 hdev
->setup
= btbcm_setup_apple
;
2683 if (id
->driver_info
& BTUSB_INTEL
) {
2684 hdev
->setup
= btusb_setup_intel
;
2685 hdev
->shutdown
= btusb_shutdown_intel
;
2686 hdev
->set_bdaddr
= btintel_set_bdaddr
;
2687 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2688 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2691 if (id
->driver_info
& BTUSB_INTEL_NEW
) {
2692 hdev
->send
= btusb_send_frame_intel
;
2693 hdev
->setup
= btusb_setup_intel_new
;
2694 hdev
->hw_error
= btintel_hw_error
;
2695 hdev
->set_bdaddr
= btintel_set_bdaddr
;
2696 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2699 if (id
->driver_info
& BTUSB_MARVELL
)
2700 hdev
->set_bdaddr
= btusb_set_bdaddr_marvell
;
2702 if (id
->driver_info
& BTUSB_SWAVE
) {
2703 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE
, &hdev
->quirks
);
2704 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS
, &hdev
->quirks
);
2707 if (id
->driver_info
& BTUSB_INTEL_BOOT
)
2708 set_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
);
2710 if (id
->driver_info
& BTUSB_ATH3012
) {
2711 hdev
->set_bdaddr
= btusb_set_bdaddr_ath3012
;
2712 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2713 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
);
2716 if (id
->driver_info
& BTUSB_QCA_ROME
) {
2717 data
->setup_on_usb
= btusb_setup_qca
;
2718 hdev
->set_bdaddr
= btusb_set_bdaddr_ath3012
;
2721 #ifdef CONFIG_BT_HCIBTUSB_RTL
2722 if (id
->driver_info
& BTUSB_REALTEK
) {
2723 hdev
->setup
= btrtl_setup_realtek
;
2725 /* Realtek devices lose their updated firmware over suspend,
2726 * but the USB hub doesn't notice any status change.
2727 * Explicitly request a device reset on resume.
2729 set_bit(BTUSB_RESET_RESUME
, &data
->flags
);
2733 if (id
->driver_info
& BTUSB_AMP
) {
2734 /* AMP controllers do not support SCO packets */
2737 /* Interface numbers are hardcoded in the specification */
2738 data
->isoc
= usb_ifnum_to_if(data
->udev
, 1);
2742 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2744 if (force_scofix
|| id
->driver_info
& BTUSB_WRONG_SCO_MTU
) {
2745 if (!disable_scofix
)
2746 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
);
2749 if (id
->driver_info
& BTUSB_BROKEN_ISOC
)
2752 if (id
->driver_info
& BTUSB_DIGIANSWER
) {
2753 data
->cmdreq_type
= USB_TYPE_VENDOR
;
2754 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2757 if (id
->driver_info
& BTUSB_CSR
) {
2758 struct usb_device
*udev
= data
->udev
;
2759 u16 bcdDevice
= le16_to_cpu(udev
->descriptor
.bcdDevice
);
2761 /* Old firmware would otherwise execute USB reset */
2762 if (bcdDevice
< 0x117)
2763 set_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
);
2765 /* Fake CSR devices with broken commands */
2766 if (bcdDevice
<= 0x100 || bcdDevice
== 0x134)
2767 hdev
->setup
= btusb_setup_csr
;
2769 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
);
2772 if (id
->driver_info
& BTUSB_SNIFFER
) {
2773 struct usb_device
*udev
= data
->udev
;
2775 /* New sniffer firmware has crippled HCI interface */
2776 if (le16_to_cpu(udev
->descriptor
.bcdDevice
) > 0x997)
2777 set_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
);
2780 if (id
->driver_info
& BTUSB_INTEL_BOOT
) {
2781 /* A bug in the bootloader causes that interrupt interface is
2782 * only enabled after receiving SetInterface(0, AltSetting=0).
2784 err
= usb_set_interface(data
->udev
, 0, 0);
2786 BT_ERR("failed to set interface 0, alt 0 %d", err
);
2793 err
= usb_driver_claim_interface(&btusb_driver
,
2801 err
= hci_register_dev(hdev
);
2807 usb_set_intfdata(intf
, data
);
2812 static void btusb_disconnect(struct usb_interface
*intf
)
2814 struct btusb_data
*data
= usb_get_intfdata(intf
);
2815 struct hci_dev
*hdev
;
2817 BT_DBG("intf %p", intf
);
2823 usb_set_intfdata(data
->intf
, NULL
);
2826 usb_set_intfdata(data
->isoc
, NULL
);
2828 hci_unregister_dev(hdev
);
2830 if (intf
== data
->isoc
)
2831 usb_driver_release_interface(&btusb_driver
, data
->intf
);
2832 else if (data
->isoc
)
2833 usb_driver_release_interface(&btusb_driver
, data
->isoc
);
2839 static int btusb_suspend(struct usb_interface
*intf
, pm_message_t message
)
2841 struct btusb_data
*data
= usb_get_intfdata(intf
);
2843 BT_DBG("intf %p", intf
);
2845 if (data
->suspend_count
++)
2848 spin_lock_irq(&data
->txlock
);
2849 if (!(PMSG_IS_AUTO(message
) && data
->tx_in_flight
)) {
2850 set_bit(BTUSB_SUSPENDING
, &data
->flags
);
2851 spin_unlock_irq(&data
->txlock
);
2853 spin_unlock_irq(&data
->txlock
);
2854 data
->suspend_count
--;
2858 cancel_work_sync(&data
->work
);
2860 btusb_stop_traffic(data
);
2861 usb_kill_anchored_urbs(&data
->tx_anchor
);
2863 /* Optionally request a device reset on resume, but only when
2864 * wakeups are disabled. If wakeups are enabled we assume the
2865 * device will stay powered up throughout suspend.
2867 if (test_bit(BTUSB_RESET_RESUME
, &data
->flags
) &&
2868 !device_may_wakeup(&data
->udev
->dev
))
2869 data
->udev
->reset_resume
= 1;
2874 static void play_deferred(struct btusb_data
*data
)
2879 while ((urb
= usb_get_from_anchor(&data
->deferred
))) {
2880 err
= usb_submit_urb(urb
, GFP_ATOMIC
);
2884 data
->tx_in_flight
++;
2886 usb_scuttle_anchored_urbs(&data
->deferred
);
2889 static int btusb_resume(struct usb_interface
*intf
)
2891 struct btusb_data
*data
= usb_get_intfdata(intf
);
2892 struct hci_dev
*hdev
= data
->hdev
;
2895 BT_DBG("intf %p", intf
);
2897 if (--data
->suspend_count
)
2900 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
2903 if (test_bit(BTUSB_INTR_RUNNING
, &data
->flags
)) {
2904 err
= btusb_submit_intr_urb(hdev
, GFP_NOIO
);
2906 clear_bit(BTUSB_INTR_RUNNING
, &data
->flags
);
2911 if (test_bit(BTUSB_BULK_RUNNING
, &data
->flags
)) {
2912 err
= btusb_submit_bulk_urb(hdev
, GFP_NOIO
);
2914 clear_bit(BTUSB_BULK_RUNNING
, &data
->flags
);
2918 btusb_submit_bulk_urb(hdev
, GFP_NOIO
);
2921 if (test_bit(BTUSB_ISOC_RUNNING
, &data
->flags
)) {
2922 if (btusb_submit_isoc_urb(hdev
, GFP_NOIO
) < 0)
2923 clear_bit(BTUSB_ISOC_RUNNING
, &data
->flags
);
2925 btusb_submit_isoc_urb(hdev
, GFP_NOIO
);
2928 spin_lock_irq(&data
->txlock
);
2929 play_deferred(data
);
2930 clear_bit(BTUSB_SUSPENDING
, &data
->flags
);
2931 spin_unlock_irq(&data
->txlock
);
2932 schedule_work(&data
->work
);
2937 usb_scuttle_anchored_urbs(&data
->deferred
);
2939 spin_lock_irq(&data
->txlock
);
2940 clear_bit(BTUSB_SUSPENDING
, &data
->flags
);
2941 spin_unlock_irq(&data
->txlock
);
2947 static struct usb_driver btusb_driver
= {
2949 .probe
= btusb_probe
,
2950 .disconnect
= btusb_disconnect
,
2952 .suspend
= btusb_suspend
,
2953 .resume
= btusb_resume
,
2955 .id_table
= btusb_table
,
2956 .supports_autosuspend
= 1,
2957 .disable_hub_initiated_lpm
= 1,
2960 module_usb_driver(btusb_driver
);
2962 module_param(disable_scofix
, bool, 0644);
2963 MODULE_PARM_DESC(disable_scofix
, "Disable fixup of wrong SCO buffer size");
2965 module_param(force_scofix
, bool, 0644);
2966 MODULE_PARM_DESC(force_scofix
, "Force fixup of wrong SCO buffers size");
2968 module_param(reset
, bool, 0644);
2969 MODULE_PARM_DESC(reset
, "Send HCI reset command on initialization");
2971 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2972 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION
);
2973 MODULE_VERSION(VERSION
);
2974 MODULE_LICENSE("GPL");