linux/drivers/bluetooth/btusb.c
<<
>>
Prefs
   1/*
   2 *
   3 *  Generic Bluetooth USB driver
   4 *
   5 *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
   6 *
   7 *
   8 *  This program is free software; you can redistribute it and/or modify
   9 *  it under the terms of the GNU General Public License as published by
  10 *  the Free Software Foundation; either version 2 of the License, or
  11 *  (at your option) any later version.
  12 *
  13 *  This program is distributed in the hope that it will be useful,
  14 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 *  GNU General Public License for more details.
  17 *
  18 *  You should have received a copy of the GNU General Public License
  19 *  along with this program; if not, write to the Free Software
  20 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21 *
  22 */
  23
  24#include <linux/module.h>
  25#include <linux/usb.h>
  26#include <linux/firmware.h>
  27
  28#include <net/bluetooth/bluetooth.h>
  29#include <net/bluetooth/hci_core.h>
  30
  31#define VERSION "0.6"
  32
  33static bool ignore_dga;
  34static bool ignore_csr;
  35static bool ignore_sniffer;
  36static bool disable_scofix;
  37static bool force_scofix;
  38
  39static bool reset = 1;
  40
  41static struct usb_driver btusb_driver;
  42
  43#define BTUSB_IGNORE            0x01
  44#define BTUSB_DIGIANSWER        0x02
  45#define BTUSB_CSR               0x04
  46#define BTUSB_SNIFFER           0x08
  47#define BTUSB_BCM92035          0x10
  48#define BTUSB_BROKEN_ISOC       0x20
  49#define BTUSB_WRONG_SCO_MTU     0x40
  50#define BTUSB_ATH3012           0x80
  51#define BTUSB_INTEL             0x100
  52
  53static struct usb_device_id btusb_table[] = {
  54        /* Generic Bluetooth USB device */
  55        { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
  56
  57        /* Apple-specific (Broadcom) devices */
  58        { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
  59
  60        /* Broadcom SoftSailing reporting vendor specific */
  61        { USB_DEVICE(0x0a5c, 0x21e1) },
  62
  63        /* Apple MacBookPro 7,1 */
  64        { USB_DEVICE(0x05ac, 0x8213) },
  65
  66        /* Apple iMac11,1 */
  67        { USB_DEVICE(0x05ac, 0x8215) },
  68
  69        /* Apple MacBookPro6,2 */
  70        { USB_DEVICE(0x05ac, 0x8218) },
  71
  72        /* Apple MacBookAir3,1, MacBookAir3,2 */
  73        { USB_DEVICE(0x05ac, 0x821b) },
  74
  75        /* Apple MacBookAir4,1 */
  76        { USB_DEVICE(0x05ac, 0x821f) },
  77
  78        /* Apple MacBookPro8,2 */
  79        { USB_DEVICE(0x05ac, 0x821a) },
  80
  81        /* Apple MacMini5,1 */
  82        { USB_DEVICE(0x05ac, 0x8281) },
  83
  84        /* AVM BlueFRITZ! USB v2.0 */
  85        { USB_DEVICE(0x057c, 0x3800) },
  86
  87        /* Bluetooth Ultraport Module from IBM */
  88        { USB_DEVICE(0x04bf, 0x030a) },
  89
  90        /* ALPS Modules with non-standard id */
  91        { USB_DEVICE(0x044e, 0x3001) },
  92        { USB_DEVICE(0x044e, 0x3002) },
  93
  94        /* Ericsson with non-standard id */
  95        { USB_DEVICE(0x0bdb, 0x1002) },
  96
  97        /* Canyon CN-BTU1 with HID interfaces */
  98        { USB_DEVICE(0x0c10, 0x0000) },
  99
 100        /* Broadcom BCM20702A0 */
 101        { USB_DEVICE(0x0b05, 0x17b5) },
 102        { USB_DEVICE(0x04ca, 0x2003) },
 103        { USB_DEVICE(0x0489, 0xe042) },
 104        { USB_DEVICE(0x413c, 0x8197) },
 105
 106        /* Foxconn - Hon Hai */
 107        { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
 108
 109        /*Broadcom devices with vendor specific id */
 110        { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
 111
 112        { }     /* Terminating entry */
 113};
 114
 115MODULE_DEVICE_TABLE(usb, btusb_table);
 116
 117static struct usb_device_id blacklist_table[] = {
 118        /* CSR BlueCore devices */
 119        { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
 120
 121        /* Broadcom BCM2033 without firmware */
 122        { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
 123
 124        /* Atheros 3011 with sflash firmware */
 125        { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
 126        { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
 127        { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
 128        { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
 129        { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
 130        { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
 131
 132        /* Atheros AR9285 Malbec with sflash firmware */
 133        { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
 134
 135        /* Atheros 3012 with sflash firmware */
 136        { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
 137        { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
 138        { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
 139        { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
 140        { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
 141        { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
 142        { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
 143        { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
 144        { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
 145        { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
 146        { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
 147        { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
 148        { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
 149        { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
 150        { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
 151        { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
 152        { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
 153        { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
 154
 155        /* Atheros AR5BBU12 with sflash firmware */
 156        { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
 157
 158        /* Atheros AR5BBU12 with sflash firmware */
 159        { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
 160        { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
 161
 162        /* Broadcom BCM2035 */
 163        { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
 164        { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
 165        { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
 166
 167        /* Broadcom BCM2045 */
 168        { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
 169        { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
 170
 171        /* IBM/Lenovo ThinkPad with Broadcom chip */
 172        { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
 173        { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
 174
 175        /* HP laptop with Broadcom chip */
 176        { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
 177
 178        /* Dell laptop with Broadcom chip */
 179        { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
 180
 181        /* Dell Wireless 370 and 410 devices */
 182        { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
 183        { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
 184
 185        /* Belkin F8T012 and F8T013 devices */
 186        { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
 187        { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
 188
 189        /* Asus WL-BTD202 device */
 190        { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
 191
 192        /* Kensington Bluetooth USB adapter */
 193        { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
 194
 195        /* RTX Telecom based adapters with buggy SCO support */
 196        { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
 197        { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
 198
 199        /* CONWISE Technology based adapters with buggy SCO support */
 200        { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
 201
 202        /* Digianswer devices */
 203        { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
 204        { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
 205
 206        /* CSR BlueCore Bluetooth Sniffer */
 207        { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
 208
 209        /* Frontline ComProbe Bluetooth Sniffer */
 210        { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
 211
 212        /* Intel Bluetooth device */
 213        { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
 214
 215        { }     /* Terminating entry */
 216};
 217
 218#define BTUSB_MAX_ISOC_FRAMES   10
 219
 220#define BTUSB_INTR_RUNNING      0
 221#define BTUSB_BULK_RUNNING      1
 222#define BTUSB_ISOC_RUNNING      2
 223#define BTUSB_SUSPENDING        3
 224#define BTUSB_DID_ISO_RESUME    4
 225
 226struct btusb_data {
 227        struct hci_dev       *hdev;
 228        struct usb_device    *udev;
 229        struct usb_interface *intf;
 230        struct usb_interface *isoc;
 231
 232        spinlock_t lock;
 233
 234        unsigned long flags;
 235
 236        struct work_struct work;
 237        struct work_struct waker;
 238
 239        struct usb_anchor tx_anchor;
 240        struct usb_anchor intr_anchor;
 241        struct usb_anchor bulk_anchor;
 242        struct usb_anchor isoc_anchor;
 243        struct usb_anchor deferred;
 244        int tx_in_flight;
 245        spinlock_t txlock;
 246
 247        struct usb_endpoint_descriptor *intr_ep;
 248        struct usb_endpoint_descriptor *bulk_tx_ep;
 249        struct usb_endpoint_descriptor *bulk_rx_ep;
 250        struct usb_endpoint_descriptor *isoc_tx_ep;
 251        struct usb_endpoint_descriptor *isoc_rx_ep;
 252
 253        __u8 cmdreq_type;
 254
 255        unsigned int sco_num;
 256        int isoc_altsetting;
 257        int suspend_count;
 258};
 259
 260static int inc_tx(struct btusb_data *data)
 261{
 262        unsigned long flags;
 263        int rv;
 264
 265        spin_lock_irqsave(&data->txlock, flags);
 266        rv = test_bit(BTUSB_SUSPENDING, &data->flags);
 267        if (!rv)
 268                data->tx_in_flight++;
 269        spin_unlock_irqrestore(&data->txlock, flags);
 270
 271        return rv;
 272}
 273
 274static void btusb_intr_complete(struct urb *urb)
 275{
 276        struct hci_dev *hdev = urb->context;
 277        struct btusb_data *data = hci_get_drvdata(hdev);
 278        int err;
 279
 280        BT_DBG("%s urb %p status %d count %d", hdev->name,
 281                                        urb, urb->status, urb->actual_length);
 282
 283        if (!test_bit(HCI_RUNNING, &hdev->flags))
 284                return;
 285
 286        if (urb->status == 0) {
 287                hdev->stat.byte_rx += urb->actual_length;
 288
 289                if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
 290                                                urb->transfer_buffer,
 291                                                urb->actual_length) < 0) {
 292                        BT_ERR("%s corrupted event packet", hdev->name);
 293                        hdev->stat.err_rx++;
 294                }
 295        }
 296
 297        if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
 298                return;
 299
 300        usb_mark_last_busy(data->udev);
 301        usb_anchor_urb(urb, &data->intr_anchor);
 302
 303        err = usb_submit_urb(urb, GFP_ATOMIC);
 304        if (err < 0) {
 305                /* -EPERM: urb is being killed;
 306                 * -ENODEV: device got disconnected */
 307                if (err != -EPERM && err != -ENODEV)
 308                        BT_ERR("%s urb %p failed to resubmit (%d)",
 309                                                hdev->name, urb, -err);
 310                usb_unanchor_urb(urb);
 311        }
 312}
 313
 314static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
 315{
 316        struct btusb_data *data = hci_get_drvdata(hdev);
 317        struct urb *urb;
 318        unsigned char *buf;
 319        unsigned int pipe;
 320        int err, size;
 321
 322        BT_DBG("%s", hdev->name);
 323
 324        if (!data->intr_ep)
 325                return -ENODEV;
 326
 327        urb = usb_alloc_urb(0, mem_flags);
 328        if (!urb)
 329                return -ENOMEM;
 330
 331        size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
 332
 333        buf = kmalloc(size, mem_flags);
 334        if (!buf) {
 335                usb_free_urb(urb);
 336                return -ENOMEM;
 337        }
 338
 339        pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
 340
 341        usb_fill_int_urb(urb, data->udev, pipe, buf, size,
 342                                                btusb_intr_complete, hdev,
 343                                                data->intr_ep->bInterval);
 344
 345        urb->transfer_flags |= URB_FREE_BUFFER;
 346
 347        usb_anchor_urb(urb, &data->intr_anchor);
 348
 349        err = usb_submit_urb(urb, mem_flags);
 350        if (err < 0) {
 351                if (err != -EPERM && err != -ENODEV)
 352                        BT_ERR("%s urb %p submission failed (%d)",
 353                                                hdev->name, urb, -err);
 354                usb_unanchor_urb(urb);
 355        }
 356
 357        usb_free_urb(urb);
 358
 359        return err;
 360}
 361
 362static void btusb_bulk_complete(struct urb *urb)
 363{
 364        struct hci_dev *hdev = urb->context;
 365        struct btusb_data *data = hci_get_drvdata(hdev);
 366        int err;
 367
 368        BT_DBG("%s urb %p status %d count %d", hdev->name,
 369                                        urb, urb->status, urb->actual_length);
 370
 371        if (!test_bit(HCI_RUNNING, &hdev->flags))
 372                return;
 373
 374        if (urb->status == 0) {
 375                hdev->stat.byte_rx += urb->actual_length;
 376
 377                if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
 378                                                urb->transfer_buffer,
 379                                                urb->actual_length) < 0) {
 380                        BT_ERR("%s corrupted ACL packet", hdev->name);
 381                        hdev->stat.err_rx++;
 382                }
 383        }
 384
 385        if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
 386                return;
 387
 388        usb_anchor_urb(urb, &data->bulk_anchor);
 389        usb_mark_last_busy(data->udev);
 390
 391        err = usb_submit_urb(urb, GFP_ATOMIC);
 392        if (err < 0) {
 393                /* -EPERM: urb is being killed;
 394                 * -ENODEV: device got disconnected */
 395                if (err != -EPERM && err != -ENODEV)
 396                        BT_ERR("%s urb %p failed to resubmit (%d)",
 397                                                hdev->name, urb, -err);
 398                usb_unanchor_urb(urb);
 399        }
 400}
 401
 402static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
 403{
 404        struct btusb_data *data = hci_get_drvdata(hdev);
 405        struct urb *urb;
 406        unsigned char *buf;
 407        unsigned int pipe;
 408        int err, size = HCI_MAX_FRAME_SIZE;
 409
 410        BT_DBG("%s", hdev->name);
 411
 412        if (!data->bulk_rx_ep)
 413                return -ENODEV;
 414
 415        urb = usb_alloc_urb(0, mem_flags);
 416        if (!urb)
 417                return -ENOMEM;
 418
 419        buf = kmalloc(size, mem_flags);
 420        if (!buf) {
 421                usb_free_urb(urb);
 422                return -ENOMEM;
 423        }
 424
 425        pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
 426
 427        usb_fill_bulk_urb(urb, data->udev, pipe,
 428                                        buf, size, btusb_bulk_complete, hdev);
 429
 430        urb->transfer_flags |= URB_FREE_BUFFER;
 431
 432        usb_mark_last_busy(data->udev);
 433        usb_anchor_urb(urb, &data->bulk_anchor);
 434
 435        err = usb_submit_urb(urb, mem_flags);
 436        if (err < 0) {
 437                if (err != -EPERM && err != -ENODEV)
 438                        BT_ERR("%s urb %p submission failed (%d)",
 439                                                hdev->name, urb, -err);
 440                usb_unanchor_urb(urb);
 441        }
 442
 443        usb_free_urb(urb);
 444
 445        return err;
 446}
 447
 448static void btusb_isoc_complete(struct urb *urb)
 449{
 450        struct hci_dev *hdev = urb->context;
 451        struct btusb_data *data = hci_get_drvdata(hdev);
 452        int i, err;
 453
 454        BT_DBG("%s urb %p status %d count %d", hdev->name,
 455                                        urb, urb->status, urb->actual_length);
 456
 457        if (!test_bit(HCI_RUNNING, &hdev->flags))
 458                return;
 459
 460        if (urb->status == 0) {
 461                for (i = 0; i < urb->number_of_packets; i++) {
 462                        unsigned int offset = urb->iso_frame_desc[i].offset;
 463                        unsigned int length = urb->iso_frame_desc[i].actual_length;
 464
 465                        if (urb->iso_frame_desc[i].status)
 466                                continue;
 467
 468                        hdev->stat.byte_rx += length;
 469
 470                        if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
 471                                                urb->transfer_buffer + offset,
 472                                                                length) < 0) {
 473                                BT_ERR("%s corrupted SCO packet", hdev->name);
 474                                hdev->stat.err_rx++;
 475                        }
 476                }
 477        }
 478
 479        if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
 480                return;
 481
 482        usb_anchor_urb(urb, &data->isoc_anchor);
 483
 484        err = usb_submit_urb(urb, GFP_ATOMIC);
 485        if (err < 0) {
 486                /* -EPERM: urb is being killed;
 487                 * -ENODEV: device got disconnected */
 488                if (err != -EPERM && err != -ENODEV)
 489                        BT_ERR("%s urb %p failed to resubmit (%d)",
 490                                                hdev->name, urb, -err);
 491                usb_unanchor_urb(urb);
 492        }
 493}
 494
 495static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
 496{
 497        int i, offset = 0;
 498
 499        BT_DBG("len %d mtu %d", len, mtu);
 500
 501        for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
 502                                        i++, offset += mtu, len -= mtu) {
 503                urb->iso_frame_desc[i].offset = offset;
 504                urb->iso_frame_desc[i].length = mtu;
 505        }
 506
 507        if (len && i < BTUSB_MAX_ISOC_FRAMES) {
 508                urb->iso_frame_desc[i].offset = offset;
 509                urb->iso_frame_desc[i].length = len;
 510                i++;
 511        }
 512
 513        urb->number_of_packets = i;
 514}
 515
 516static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
 517{
 518        struct btusb_data *data = hci_get_drvdata(hdev);
 519        struct urb *urb;
 520        unsigned char *buf;
 521        unsigned int pipe;
 522        int err, size;
 523
 524        BT_DBG("%s", hdev->name);
 525
 526        if (!data->isoc_rx_ep)
 527                return -ENODEV;
 528
 529        urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
 530        if (!urb)
 531                return -ENOMEM;
 532
 533        size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
 534                                                BTUSB_MAX_ISOC_FRAMES;
 535
 536        buf = kmalloc(size, mem_flags);
 537        if (!buf) {
 538                usb_free_urb(urb);
 539                return -ENOMEM;
 540        }
 541
 542        pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
 543
 544        usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
 545                                hdev, data->isoc_rx_ep->bInterval);
 546
 547        urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
 548
 549        __fill_isoc_descriptor(urb, size,
 550                        le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
 551
 552        usb_anchor_urb(urb, &data->isoc_anchor);
 553
 554        err = usb_submit_urb(urb, mem_flags);
 555        if (err < 0) {
 556                if (err != -EPERM && err != -ENODEV)
 557                        BT_ERR("%s urb %p submission failed (%d)",
 558                                                hdev->name, urb, -err);
 559                usb_unanchor_urb(urb);
 560        }
 561
 562        usb_free_urb(urb);
 563
 564        return err;
 565}
 566
 567static void btusb_tx_complete(struct urb *urb)
 568{
 569        struct sk_buff *skb = urb->context;
 570        struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 571        struct btusb_data *data = hci_get_drvdata(hdev);
 572
 573        BT_DBG("%s urb %p status %d count %d", hdev->name,
 574                                        urb, urb->status, urb->actual_length);
 575
 576        if (!test_bit(HCI_RUNNING, &hdev->flags))
 577                goto done;
 578
 579        if (!urb->status)
 580                hdev->stat.byte_tx += urb->transfer_buffer_length;
 581        else
 582                hdev->stat.err_tx++;
 583
 584done:
 585        spin_lock(&data->txlock);
 586        data->tx_in_flight--;
 587        spin_unlock(&data->txlock);
 588
 589        kfree(urb->setup_packet);
 590
 591        kfree_skb(skb);
 592}
 593
 594static void btusb_isoc_tx_complete(struct urb *urb)
 595{
 596        struct sk_buff *skb = urb->context;
 597        struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 598
 599        BT_DBG("%s urb %p status %d count %d", hdev->name,
 600                                        urb, urb->status, urb->actual_length);
 601
 602        if (!test_bit(HCI_RUNNING, &hdev->flags))
 603                goto done;
 604
 605        if (!urb->status)
 606                hdev->stat.byte_tx += urb->transfer_buffer_length;
 607        else
 608                hdev->stat.err_tx++;
 609
 610done:
 611        kfree(urb->setup_packet);
 612
 613        kfree_skb(skb);
 614}
 615
 616static int btusb_open(struct hci_dev *hdev)
 617{
 618        struct btusb_data *data = hci_get_drvdata(hdev);
 619        int err;
 620
 621        BT_DBG("%s", hdev->name);
 622
 623        err = usb_autopm_get_interface(data->intf);
 624        if (err < 0)
 625                return err;
 626
 627        data->intf->needs_remote_wakeup = 1;
 628
 629        if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
 630                goto done;
 631
 632        if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
 633                goto done;
 634
 635        err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
 636        if (err < 0)
 637                goto failed;
 638
 639        err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
 640        if (err < 0) {
 641                usb_kill_anchored_urbs(&data->intr_anchor);
 642                goto failed;
 643        }
 644
 645        set_bit(BTUSB_BULK_RUNNING, &data->flags);
 646        btusb_submit_bulk_urb(hdev, GFP_KERNEL);
 647
 648done:
 649        usb_autopm_put_interface(data->intf);
 650        return 0;
 651
 652failed:
 653        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
 654        clear_bit(HCI_RUNNING, &hdev->flags);
 655        usb_autopm_put_interface(data->intf);
 656        return err;
 657}
 658
 659static void btusb_stop_traffic(struct btusb_data *data)
 660{
 661        usb_kill_anchored_urbs(&data->intr_anchor);
 662        usb_kill_anchored_urbs(&data->bulk_anchor);
 663        usb_kill_anchored_urbs(&data->isoc_anchor);
 664}
 665
 666static int btusb_close(struct hci_dev *hdev)
 667{
 668        struct btusb_data *data = hci_get_drvdata(hdev);
 669        int err;
 670
 671        BT_DBG("%s", hdev->name);
 672
 673        if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
 674                return 0;
 675
 676        cancel_work_sync(&data->work);
 677        cancel_work_sync(&data->waker);
 678
 679        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 680        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
 681        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
 682
 683        btusb_stop_traffic(data);
 684        err = usb_autopm_get_interface(data->intf);
 685        if (err < 0)
 686                goto failed;
 687
 688        data->intf->needs_remote_wakeup = 0;
 689        usb_autopm_put_interface(data->intf);
 690
 691failed:
 692        usb_scuttle_anchored_urbs(&data->deferred);
 693        return 0;
 694}
 695
 696static int btusb_flush(struct hci_dev *hdev)
 697{
 698        struct btusb_data *data = hci_get_drvdata(hdev);
 699
 700        BT_DBG("%s", hdev->name);
 701
 702        usb_kill_anchored_urbs(&data->tx_anchor);
 703
 704        return 0;
 705}
 706
 707static int btusb_send_frame(struct sk_buff *skb)
 708{
 709        struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 710        struct btusb_data *data = hci_get_drvdata(hdev);
 711        struct usb_ctrlrequest *dr;
 712        struct urb *urb;
 713        unsigned int pipe;
 714        int err;
 715
 716        BT_DBG("%s", hdev->name);
 717
 718        if (!test_bit(HCI_RUNNING, &hdev->flags))
 719                return -EBUSY;
 720
 721        switch (bt_cb(skb)->pkt_type) {
 722        case HCI_COMMAND_PKT:
 723                urb = usb_alloc_urb(0, GFP_ATOMIC);
 724                if (!urb)
 725                        return -ENOMEM;
 726
 727                dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
 728                if (!dr) {
 729                        usb_free_urb(urb);
 730                        return -ENOMEM;
 731                }
 732
 733                dr->bRequestType = data->cmdreq_type;
 734                dr->bRequest     = 0;
 735                dr->wIndex       = 0;
 736                dr->wValue       = 0;
 737                dr->wLength      = __cpu_to_le16(skb->len);
 738
 739                pipe = usb_sndctrlpipe(data->udev, 0x00);
 740
 741                usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
 742                                skb->data, skb->len, btusb_tx_complete, skb);
 743
 744                hdev->stat.cmd_tx++;
 745                break;
 746
 747        case HCI_ACLDATA_PKT:
 748                if (!data->bulk_tx_ep)
 749                        return -ENODEV;
 750
 751                urb = usb_alloc_urb(0, GFP_ATOMIC);
 752                if (!urb)
 753                        return -ENOMEM;
 754
 755                pipe = usb_sndbulkpipe(data->udev,
 756                                        data->bulk_tx_ep->bEndpointAddress);
 757
 758                usb_fill_bulk_urb(urb, data->udev, pipe,
 759                                skb->data, skb->len, btusb_tx_complete, skb);
 760
 761                hdev->stat.acl_tx++;
 762                break;
 763
 764        case HCI_SCODATA_PKT:
 765                if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
 766                        return -ENODEV;
 767
 768                urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
 769                if (!urb)
 770                        return -ENOMEM;
 771
 772                pipe = usb_sndisocpipe(data->udev,
 773                                        data->isoc_tx_ep->bEndpointAddress);
 774
 775                usb_fill_int_urb(urb, data->udev, pipe,
 776                                skb->data, skb->len, btusb_isoc_tx_complete,
 777                                skb, data->isoc_tx_ep->bInterval);
 778
 779                urb->transfer_flags  = URB_ISO_ASAP;
 780
 781                __fill_isoc_descriptor(urb, skb->len,
 782                                le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
 783
 784                hdev->stat.sco_tx++;
 785                goto skip_waking;
 786
 787        default:
 788                return -EILSEQ;
 789        }
 790
 791        err = inc_tx(data);
 792        if (err) {
 793                usb_anchor_urb(urb, &data->deferred);
 794                schedule_work(&data->waker);
 795                err = 0;
 796                goto done;
 797        }
 798
 799skip_waking:
 800        usb_anchor_urb(urb, &data->tx_anchor);
 801
 802        err = usb_submit_urb(urb, GFP_ATOMIC);
 803        if (err < 0) {
 804                if (err != -EPERM && err != -ENODEV)
 805                        BT_ERR("%s urb %p submission failed (%d)",
 806                                                hdev->name, urb, -err);
 807                kfree(urb->setup_packet);
 808                usb_unanchor_urb(urb);
 809        } else {
 810                usb_mark_last_busy(data->udev);
 811        }
 812
 813done:
 814        usb_free_urb(urb);
 815        return err;
 816}
 817
 818static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
 819{
 820        struct btusb_data *data = hci_get_drvdata(hdev);
 821
 822        BT_DBG("%s evt %d", hdev->name, evt);
 823
 824        if (hdev->conn_hash.sco_num != data->sco_num) {
 825                data->sco_num = hdev->conn_hash.sco_num;
 826                schedule_work(&data->work);
 827        }
 828}
 829
 830static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
 831{
 832        struct btusb_data *data = hci_get_drvdata(hdev);
 833        struct usb_interface *intf = data->isoc;
 834        struct usb_endpoint_descriptor *ep_desc;
 835        int i, err;
 836
 837        if (!data->isoc)
 838                return -ENODEV;
 839
 840        err = usb_set_interface(data->udev, 1, altsetting);
 841        if (err < 0) {
 842                BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
 843                return err;
 844        }
 845
 846        data->isoc_altsetting = altsetting;
 847
 848        data->isoc_tx_ep = NULL;
 849        data->isoc_rx_ep = NULL;
 850
 851        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
 852                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
 853
 854                if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
 855                        data->isoc_tx_ep = ep_desc;
 856                        continue;
 857                }
 858
 859                if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
 860                        data->isoc_rx_ep = ep_desc;
 861                        continue;
 862                }
 863        }
 864
 865        if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
 866                BT_ERR("%s invalid SCO descriptors", hdev->name);
 867                return -ENODEV;
 868        }
 869
 870        return 0;
 871}
 872
 873static void btusb_work(struct work_struct *work)
 874{
 875        struct btusb_data *data = container_of(work, struct btusb_data, work);
 876        struct hci_dev *hdev = data->hdev;
 877        int new_alts;
 878        int err;
 879
 880        if (hdev->conn_hash.sco_num > 0) {
 881                if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
 882                        err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
 883                        if (err < 0) {
 884                                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 885                                usb_kill_anchored_urbs(&data->isoc_anchor);
 886                                return;
 887                        }
 888
 889                        set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
 890                }
 891
 892                if (hdev->voice_setting & 0x0020) {
 893                        static const int alts[3] = { 2, 4, 5 };
 894                        new_alts = alts[hdev->conn_hash.sco_num - 1];
 895                } else {
 896                        new_alts = hdev->conn_hash.sco_num;
 897                }
 898
 899                if (data->isoc_altsetting != new_alts) {
 900                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 901                        usb_kill_anchored_urbs(&data->isoc_anchor);
 902
 903                        if (__set_isoc_interface(hdev, new_alts) < 0)
 904                                return;
 905                }
 906
 907                if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
 908                        if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
 909                                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 910                        else
 911                                btusb_submit_isoc_urb(hdev, GFP_KERNEL);
 912                }
 913        } else {
 914                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 915                usb_kill_anchored_urbs(&data->isoc_anchor);
 916
 917                __set_isoc_interface(hdev, 0);
 918                if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
 919                        usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
 920        }
 921}
 922
 923static void btusb_waker(struct work_struct *work)
 924{
 925        struct btusb_data *data = container_of(work, struct btusb_data, waker);
 926        int err;
 927
 928        err = usb_autopm_get_interface(data->intf);
 929        if (err < 0)
 930                return;
 931
 932        usb_autopm_put_interface(data->intf);
 933}
 934
 935static int btusb_setup_bcm92035(struct hci_dev *hdev)
 936{
 937        struct sk_buff *skb;
 938        u8 val = 0x00;
 939
 940        BT_DBG("%s", hdev->name);
 941
 942        skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
 943        if (IS_ERR(skb))
 944                BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
 945        else
 946                kfree_skb(skb);
 947
 948        return 0;
 949}
 950
 951struct intel_version {
 952        u8 status;
 953        u8 hw_platform;
 954        u8 hw_variant;
 955        u8 hw_revision;
 956        u8 fw_variant;
 957        u8 fw_revision;
 958        u8 fw_build_num;
 959        u8 fw_build_ww;
 960        u8 fw_build_yy;
 961        u8 fw_patch_num;
 962} __packed;
 963
 964static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
 965                                                struct intel_version *ver)
 966{
 967        const struct firmware *fw;
 968        char fwname[64];
 969        int ret;
 970
 971        snprintf(fwname, sizeof(fwname),
 972                 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
 973                 ver->hw_platform, ver->hw_variant, ver->hw_revision,
 974                 ver->fw_variant,  ver->fw_revision, ver->fw_build_num,
 975                 ver->fw_build_ww, ver->fw_build_yy);
 976
 977        ret = request_firmware(&fw, fwname, &hdev->dev);
 978        if (ret < 0) {
 979                if (ret == -EINVAL) {
 980                        BT_ERR("%s Intel firmware file request failed (%d)",
 981                               hdev->name, ret);
 982                        return NULL;
 983                }
 984
 985                BT_ERR("%s failed to open Intel firmware file: %s(%d)",
 986                       hdev->name, fwname, ret);
 987
 988                /* If the correct firmware patch file is not found, use the
 989                 * default firmware patch file instead
 990                 */
 991                snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
 992                         ver->hw_platform, ver->hw_variant);
 993                if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
 994                        BT_ERR("%s failed to open default Intel fw file: %s",
 995                               hdev->name, fwname);
 996                        return NULL;
 997                }
 998        }
 999
1000        BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1001
1002        return fw;
1003}
1004
1005static int btusb_setup_intel_patching(struct hci_dev *hdev,
1006                                      const struct firmware *fw,
1007                                      const u8 **fw_ptr, int *disable_patch)
1008{
1009        struct sk_buff *skb;
1010        struct hci_command_hdr *cmd;
1011        const u8 *cmd_param;
1012        struct hci_event_hdr *evt = NULL;
1013        const u8 *evt_param = NULL;
1014        int remain = fw->size - (*fw_ptr - fw->data);
1015
1016        /* The first byte indicates the types of the patch command or event.
1017         * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1018         * in the current firmware buffer doesn't start with 0x01 or
1019         * the size of remain buffer is smaller than HCI command header,
1020         * the firmware file is corrupted and it should stop the patching
1021         * process.
1022         */
1023        if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1024                BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1025                return -EINVAL;
1026        }
1027        (*fw_ptr)++;
1028        remain--;
1029
1030        cmd = (struct hci_command_hdr *)(*fw_ptr);
1031        *fw_ptr += sizeof(*cmd);
1032        remain -= sizeof(*cmd);
1033
1034        /* Ensure that the remain firmware data is long enough than the length
1035         * of command parameter. If not, the firmware file is corrupted.
1036         */
1037        if (remain < cmd->plen) {
1038                BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1039                return -EFAULT;
1040        }
1041
1042        /* If there is a command that loads a patch in the firmware
1043         * file, then enable the patch upon success, otherwise just
1044         * disable the manufacturer mode, for example patch activation
1045         * is not required when the default firmware patch file is used
1046         * because there are no patch data to load.
1047         */
1048        if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1049                *disable_patch = 0;
1050
1051        cmd_param = *fw_ptr;
1052        *fw_ptr += cmd->plen;
1053        remain -= cmd->plen;
1054
1055        /* This reads the expected events when the above command is sent to the
1056         * device. Some vendor commands expects more than one events, for
1057         * example command status event followed by vendor specific event.
1058         * For this case, it only keeps the last expected event. so the command
1059         * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1060         * last expected event.
1061         */
1062        while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1063                (*fw_ptr)++;
1064                remain--;
1065
1066                evt = (struct hci_event_hdr *)(*fw_ptr);
1067                *fw_ptr += sizeof(*evt);
1068                remain -= sizeof(*evt);
1069
1070                if (remain < evt->plen) {
1071                        BT_ERR("%s Intel fw corrupted: invalid evt len",
1072                               hdev->name);
1073                        return -EFAULT;
1074                }
1075
1076                evt_param = *fw_ptr;
1077                *fw_ptr += evt->plen;
1078                remain -= evt->plen;
1079        }
1080
1081        /* Every HCI commands in the firmware file has its correspond event.
1082         * If event is not found or remain is smaller than zero, the firmware
1083         * file is corrupted.
1084         */
1085        if (!evt || !evt_param || remain < 0) {
1086                BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1087                return -EFAULT;
1088        }
1089
1090        skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1091                                cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1092        if (IS_ERR(skb)) {
1093                BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1094                       hdev->name, cmd->opcode, PTR_ERR(skb));
1095                return -PTR_ERR(skb);
1096        }
1097
1098        /* It ensures that the returned event matches the event data read from
1099         * the firmware file. At fist, it checks the length and then
1100         * the contents of the event.
1101         */
1102        if (skb->len != evt->plen) {
1103                BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1104                       le16_to_cpu(cmd->opcode));
1105                kfree_skb(skb);
1106                return -EFAULT;
1107        }
1108
1109        if (memcmp(skb->data, evt_param, evt->plen)) {
1110                BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1111                       hdev->name, le16_to_cpu(cmd->opcode));
1112                kfree_skb(skb);
1113                return -EFAULT;
1114        }
1115        kfree_skb(skb);
1116
1117        return 0;
1118}
1119
1120static int btusb_setup_intel(struct hci_dev *hdev)
1121{
1122        struct sk_buff *skb;
1123        const struct firmware *fw;
1124        const u8 *fw_ptr;
1125        int disable_patch;
1126        struct intel_version *ver;
1127
1128        const u8 mfg_enable[] = { 0x01, 0x00 };
1129        const u8 mfg_disable[] = { 0x00, 0x00 };
1130        const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1131        const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1132
1133        BT_DBG("%s", hdev->name);
1134
1135        /* The controller has a bug with the first HCI command sent to it
1136         * returning number of completed commands as zero. This would stall the
1137         * command processing in the Bluetooth core.
1138         *
1139         * As a workaround, send HCI Reset command first which will reset the
1140         * number of completed commands and allow normal command processing
1141         * from now on.
1142         */
1143        skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1144        if (IS_ERR(skb)) {
1145                BT_ERR("%s sending initial HCI reset command failed (%ld)",
1146                       hdev->name, PTR_ERR(skb));
1147                return -PTR_ERR(skb);
1148        }
1149        kfree_skb(skb);
1150
1151        /* Read Intel specific controller version first to allow selection of
1152         * which firmware file to load.
1153         *
1154         * The returned information are hardware variant and revision plus
1155         * firmware variant, revision and build number.
1156         */
1157        skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1158        if (IS_ERR(skb)) {
1159                BT_ERR("%s reading Intel fw version command failed (%ld)",
1160                       hdev->name, PTR_ERR(skb));
1161                return -PTR_ERR(skb);
1162        }
1163
1164        if (skb->len != sizeof(*ver)) {
1165                BT_ERR("%s Intel version event length mismatch", hdev->name);
1166                kfree_skb(skb);
1167                return -EIO;
1168        }
1169
1170        ver = (struct intel_version *)skb->data;
1171        if (ver->status) {
1172                BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1173                       ver->status);
1174                kfree_skb(skb);
1175                return -bt_to_errno(ver->status);
1176        }
1177
1178        BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1179                hdev->name, ver->hw_platform, ver->hw_variant,
1180                ver->hw_revision, ver->fw_variant,  ver->fw_revision,
1181                ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1182                ver->fw_patch_num);
1183
1184        /* fw_patch_num indicates the version of patch the device currently
1185         * have. If there is no patch data in the device, it is always 0x00.
1186         * So, if it is other than 0x00, no need to patch the deivce again.
1187         */
1188        if (ver->fw_patch_num) {
1189                BT_INFO("%s: Intel device is already patched. patch num: %02x",
1190                        hdev->name, ver->fw_patch_num);
1191                kfree_skb(skb);
1192                return 0;
1193        }
1194
1195        /* Opens the firmware patch file based on the firmware version read
1196         * from the controller. If it fails to open the matching firmware
1197         * patch file, it tries to open the default firmware patch file.
1198         * If no patch file is found, allow the device to operate without
1199         * a patch.
1200         */
1201        fw = btusb_setup_intel_get_fw(hdev, ver);
1202        if (!fw) {
1203                kfree_skb(skb);
1204                return 0;
1205        }
1206        fw_ptr = fw->data;
1207
1208        /* This Intel specific command enables the manufacturer mode of the
1209         * controller.
1210         *
1211         * Only while this mode is enabled, the driver can download the
1212         * firmware patch data and configuration parameters.
1213         */
1214        skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1215        if (IS_ERR(skb)) {
1216                BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1217                       hdev->name, PTR_ERR(skb));
1218                release_firmware(fw);
1219                return -PTR_ERR(skb);
1220        }
1221
1222        if (skb->data[0]) {
1223                u8 evt_status = skb->data[0];
1224                BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1225                       hdev->name, evt_status);
1226                kfree_skb(skb);
1227                release_firmware(fw);
1228                return -bt_to_errno(evt_status);
1229        }
1230        kfree_skb(skb);
1231
1232        disable_patch = 1;
1233
1234        /* The firmware data file consists of list of Intel specific HCI
1235         * commands and its expected events. The first byte indicates the
1236         * type of the message, either HCI command or HCI event.
1237         *
1238         * It reads the command and its expected event from the firmware file,
1239         * and send to the controller. Once __hci_cmd_sync_ev() returns,
1240         * the returned event is compared with the event read from the firmware
1241         * file and it will continue until all the messages are downloaded to
1242         * the controller.
1243         *
1244         * Once the firmware patching is completed successfully,
1245         * the manufacturer mode is disabled with reset and activating the
1246         * downloaded patch.
1247         *
1248         * If the firmware patching fails, the manufacturer mode is
1249         * disabled with reset and deactivating the patch.
1250         *
1251         * If the default patch file is used, no reset is done when disabling
1252         * the manufacturer.
1253         */
1254        while (fw->size > fw_ptr - fw->data) {
1255                int ret;
1256
1257                ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1258                                                 &disable_patch);
1259                if (ret < 0)
1260                        goto exit_mfg_deactivate;
1261        }
1262
1263        release_firmware(fw);
1264
1265        if (disable_patch)
1266                goto exit_mfg_disable;
1267
1268        /* Patching completed successfully and disable the manufacturer mode
1269         * with reset and activate the downloaded firmware patches.
1270         */
1271        skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1272                             mfg_reset_activate, HCI_INIT_TIMEOUT);
1273        if (IS_ERR(skb)) {
1274                BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1275                       hdev->name, PTR_ERR(skb));
1276                return -PTR_ERR(skb);
1277        }
1278        kfree_skb(skb);
1279
1280        BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1281                hdev->name);
1282
1283        return 0;
1284
1285exit_mfg_disable:
1286        /* Disable the manufacturer mode without reset */
1287        skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1288                             HCI_INIT_TIMEOUT);
1289        if (IS_ERR(skb)) {
1290                BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1291                       hdev->name, PTR_ERR(skb));
1292                return -PTR_ERR(skb);
1293        }
1294        kfree_skb(skb);
1295
1296        BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1297        return 0;
1298
1299exit_mfg_deactivate:
1300        release_firmware(fw);
1301
1302        /* Patching failed. Disable the manufacturer mode with reset and
1303         * deactivate the downloaded firmware patches.
1304         */
1305        skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1306                             mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1307        if (IS_ERR(skb)) {
1308                BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1309                       hdev->name, PTR_ERR(skb));
1310                return -PTR_ERR(skb);
1311        }
1312        kfree_skb(skb);
1313
1314        BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1315                hdev->name);
1316
1317        return 0;
1318}
1319
1320static int btusb_probe(struct usb_interface *intf,
1321                                const struct usb_device_id *id)
1322{
1323        struct usb_endpoint_descriptor *ep_desc;
1324        struct btusb_data *data;
1325        struct hci_dev *hdev;
1326        int i, err;
1327
1328        BT_DBG("intf %p id %p", intf, id);
1329
1330        /* interface numbers are hardcoded in the spec */
1331        if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1332                return -ENODEV;
1333
1334        if (!id->driver_info) {
1335                const struct usb_device_id *match;
1336                match = usb_match_id(intf, blacklist_table);
1337                if (match)
1338                        id = match;
1339        }
1340
1341        if (id->driver_info == BTUSB_IGNORE)
1342                return -ENODEV;
1343
1344        if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
1345                return -ENODEV;
1346
1347        if (ignore_csr && id->driver_info & BTUSB_CSR)
1348                return -ENODEV;
1349
1350        if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
1351                return -ENODEV;
1352
1353        if (id->driver_info & BTUSB_ATH3012) {
1354                struct usb_device *udev = interface_to_usbdev(intf);
1355
1356                /* Old firmware would otherwise let ath3k driver load
1357                 * patch and sysconfig files */
1358                if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1359                        return -ENODEV;
1360        }
1361
1362        data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1363        if (!data)
1364                return -ENOMEM;
1365
1366        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1367                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1368
1369                if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1370                        data->intr_ep = ep_desc;
1371                        continue;
1372                }
1373
1374                if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1375                        data->bulk_tx_ep = ep_desc;
1376                        continue;
1377                }
1378
1379                if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1380                        data->bulk_rx_ep = ep_desc;
1381                        continue;
1382                }
1383        }
1384
1385        if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1386                return -ENODEV;
1387
1388        data->cmdreq_type = USB_TYPE_CLASS;
1389
1390        data->udev = interface_to_usbdev(intf);
1391        data->intf = intf;
1392
1393        spin_lock_init(&data->lock);
1394
1395        INIT_WORK(&data->work, btusb_work);
1396        INIT_WORK(&data->waker, btusb_waker);
1397        spin_lock_init(&data->txlock);
1398
1399        init_usb_anchor(&data->tx_anchor);
1400        init_usb_anchor(&data->intr_anchor);
1401        init_usb_anchor(&data->bulk_anchor);
1402        init_usb_anchor(&data->isoc_anchor);
1403        init_usb_anchor(&data->deferred);
1404
1405        hdev = hci_alloc_dev();
1406        if (!hdev)
1407                return -ENOMEM;
1408
1409        hdev->bus = HCI_USB;
1410        hci_set_drvdata(hdev, data);
1411
1412        data->hdev = hdev;
1413
1414        SET_HCIDEV_DEV(hdev, &intf->dev);
1415
1416        hdev->open   = btusb_open;
1417        hdev->close  = btusb_close;
1418        hdev->flush  = btusb_flush;
1419        hdev->send   = btusb_send_frame;
1420        hdev->notify = btusb_notify;
1421
1422        if (id->driver_info & BTUSB_BCM92035)
1423                hdev->setup = btusb_setup_bcm92035;
1424
1425        if (id->driver_info & BTUSB_INTEL)
1426                hdev->setup = btusb_setup_intel;
1427
1428        /* Interface numbers are hardcoded in the specification */
1429        data->isoc = usb_ifnum_to_if(data->udev, 1);
1430
1431        if (!reset)
1432                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1433
1434        if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1435                if (!disable_scofix)
1436                        set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1437        }
1438
1439        if (id->driver_info & BTUSB_BROKEN_ISOC)
1440                data->isoc = NULL;
1441
1442        if (id->driver_info & BTUSB_DIGIANSWER) {
1443                data->cmdreq_type = USB_TYPE_VENDOR;
1444                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1445        }
1446
1447        if (id->driver_info & BTUSB_CSR) {
1448                struct usb_device *udev = data->udev;
1449
1450                /* Old firmware would otherwise execute USB reset */
1451                if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1452                        set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1453        }
1454
1455        if (id->driver_info & BTUSB_SNIFFER) {
1456                struct usb_device *udev = data->udev;
1457
1458                /* New sniffer firmware has crippled HCI interface */
1459                if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1460                        set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1461
1462                data->isoc = NULL;
1463        }
1464
1465        if (data->isoc) {
1466                err = usb_driver_claim_interface(&btusb_driver,
1467                                                        data->isoc, data);
1468                if (err < 0) {
1469                        hci_free_dev(hdev);
1470                        return err;
1471                }
1472        }
1473
1474        err = hci_register_dev(hdev);
1475        if (err < 0) {
1476                hci_free_dev(hdev);
1477                return err;
1478        }
1479
1480        usb_set_intfdata(intf, data);
1481
1482        return 0;
1483}
1484
1485static void btusb_disconnect(struct usb_interface *intf)
1486{
1487        struct btusb_data *data = usb_get_intfdata(intf);
1488        struct hci_dev *hdev;
1489
1490        BT_DBG("intf %p", intf);
1491
1492        if (!data)
1493                return;
1494
1495        hdev = data->hdev;
1496        usb_set_intfdata(data->intf, NULL);
1497
1498        if (data->isoc)
1499                usb_set_intfdata(data->isoc, NULL);
1500
1501        hci_unregister_dev(hdev);
1502
1503        if (intf == data->isoc)
1504                usb_driver_release_interface(&btusb_driver, data->intf);
1505        else if (data->isoc)
1506                usb_driver_release_interface(&btusb_driver, data->isoc);
1507
1508        hci_free_dev(hdev);
1509}
1510
1511#ifdef CONFIG_PM
1512static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1513{
1514        struct btusb_data *data = usb_get_intfdata(intf);
1515
1516        BT_DBG("intf %p", intf);
1517
1518        if (data->suspend_count++)
1519                return 0;
1520
1521        spin_lock_irq(&data->txlock);
1522        if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1523                set_bit(BTUSB_SUSPENDING, &data->flags);
1524                spin_unlock_irq(&data->txlock);
1525        } else {
1526                spin_unlock_irq(&data->txlock);
1527                data->suspend_count--;
1528                return -EBUSY;
1529        }
1530
1531        cancel_work_sync(&data->work);
1532
1533        btusb_stop_traffic(data);
1534        usb_kill_anchored_urbs(&data->tx_anchor);
1535
1536        return 0;
1537}
1538
1539static void play_deferred(struct btusb_data *data)
1540{
1541        struct urb *urb;
1542        int err;
1543
1544        while ((urb = usb_get_from_anchor(&data->deferred))) {
1545                err = usb_submit_urb(urb, GFP_ATOMIC);
1546                if (err < 0)
1547                        break;
1548
1549                data->tx_in_flight++;
1550        }
1551        usb_scuttle_anchored_urbs(&data->deferred);
1552}
1553
1554static int btusb_resume(struct usb_interface *intf)
1555{
1556        struct btusb_data *data = usb_get_intfdata(intf);
1557        struct hci_dev *hdev = data->hdev;
1558        int err = 0;
1559
1560        BT_DBG("intf %p", intf);
1561
1562        if (--data->suspend_count)
1563                return 0;
1564
1565        if (!test_bit(HCI_RUNNING, &hdev->flags))
1566                goto done;
1567
1568        if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1569                err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1570                if (err < 0) {
1571                        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1572                        goto failed;
1573                }
1574        }
1575
1576        if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1577                err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1578                if (err < 0) {
1579                        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1580                        goto failed;
1581                }
1582
1583                btusb_submit_bulk_urb(hdev, GFP_NOIO);
1584        }
1585
1586        if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1587                if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1588                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1589                else
1590                        btusb_submit_isoc_urb(hdev, GFP_NOIO);
1591        }
1592
1593        spin_lock_irq(&data->txlock);
1594        play_deferred(data);
1595        clear_bit(BTUSB_SUSPENDING, &data->flags);
1596        spin_unlock_irq(&data->txlock);
1597        schedule_work(&data->work);
1598
1599        return 0;
1600
1601failed:
1602        usb_scuttle_anchored_urbs(&data->deferred);
1603done:
1604        spin_lock_irq(&data->txlock);
1605        clear_bit(BTUSB_SUSPENDING, &data->flags);
1606        spin_unlock_irq(&data->txlock);
1607
1608        return err;
1609}
1610#endif
1611
1612static struct usb_driver btusb_driver = {
1613        .name           = "btusb",
1614        .probe          = btusb_probe,
1615        .disconnect     = btusb_disconnect,
1616#ifdef CONFIG_PM
1617        .suspend        = btusb_suspend,
1618        .resume         = btusb_resume,
1619#endif
1620        .id_table       = btusb_table,
1621        .supports_autosuspend = 1,
1622        .disable_hub_initiated_lpm = 1,
1623};
1624
1625module_usb_driver(btusb_driver);
1626
1627module_param(ignore_dga, bool, 0644);
1628MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1629
1630module_param(ignore_csr, bool, 0644);
1631MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1632
1633module_param(ignore_sniffer, bool, 0644);
1634MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1635
1636module_param(disable_scofix, bool, 0644);
1637MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1638
1639module_param(force_scofix, bool, 0644);
1640MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1641
1642module_param(reset, bool, 0644);
1643MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1644
1645MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1646MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1647MODULE_VERSION(VERSION);
1648MODULE_LICENSE("GPL");
1649
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.