1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/module.h>
25#include <linux/usb.h>
26
27#include <net/bluetooth/bluetooth.h>
28#include <net/bluetooth/hci_core.h>
29
30#define VERSION "0.6"
31
32static bool ignore_dga;
33static bool ignore_csr;
34static bool ignore_sniffer;
35static bool disable_scofix;
36static bool force_scofix;
37
38static bool reset = 1;
39
40static struct usb_driver btusb_driver;
41
42#define BTUSB_IGNORE 0x01
43#define BTUSB_DIGIANSWER 0x02
44#define BTUSB_CSR 0x04
45#define BTUSB_SNIFFER 0x08
46#define BTUSB_BCM92035 0x10
47#define BTUSB_BROKEN_ISOC 0x20
48#define BTUSB_WRONG_SCO_MTU 0x40
49#define BTUSB_ATH3012 0x80
50
51static struct usb_device_id btusb_table[] = {
52
53 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
54
55
56 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
57
58
59 { USB_DEVICE(0x0a5c, 0x21e1) },
60
61
62 { USB_DEVICE(0x05ac, 0x8213) },
63
64
65 { USB_DEVICE(0x05ac, 0x8215) },
66
67
68 { USB_DEVICE(0x05ac, 0x8218) },
69
70
71 { USB_DEVICE(0x05ac, 0x821b) },
72
73
74 { USB_DEVICE(0x05ac, 0x821f) },
75
76
77 { USB_DEVICE(0x05ac, 0x821a) },
78
79
80 { USB_DEVICE(0x05ac, 0x8281) },
81
82
83 { USB_DEVICE(0x057c, 0x3800) },
84
85
86 { USB_DEVICE(0x04bf, 0x030a) },
87
88
89 { USB_DEVICE(0x044e, 0x3001) },
90 { USB_DEVICE(0x044e, 0x3002) },
91
92
93 { USB_DEVICE(0x0bdb, 0x1002) },
94
95
96 { USB_DEVICE(0x0c10, 0x0000) },
97
98
99 { USB_DEVICE(0x0489, 0xe042) },
100 { USB_DEVICE(0x413c, 0x8197) },
101
102
103 { USB_DEVICE(0x0489, 0xe033) },
104
105
106 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
107
108 { }
109};
110
111MODULE_DEVICE_TABLE(usb, btusb_table);
112
113static struct usb_device_id blacklist_table[] = {
114
115 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
116
117
118 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
119
120
121 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
122 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
123 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
124 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
125 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
126
127
128 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
129
130
131 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
132 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
133 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
134 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
135 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
136 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
137 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
138 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
139
140
141 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
142
143
144 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
145 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
146
147
148 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
149 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
150 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
151
152
153 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
154 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
155
156
157 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
158 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
159
160
161 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
162
163
164 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
165
166
167 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
168 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
169
170
171 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
172 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
173
174
175 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
176
177
178 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
179
180
181 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
182 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
183
184
185 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
186
187
188 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
189 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
190
191
192 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
193
194
195 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
196
197 { }
198};
199
200#define BTUSB_MAX_ISOC_FRAMES 10
201
202#define BTUSB_INTR_RUNNING 0
203#define BTUSB_BULK_RUNNING 1
204#define BTUSB_ISOC_RUNNING 2
205#define BTUSB_SUSPENDING 3
206#define BTUSB_DID_ISO_RESUME 4
207
208struct btusb_data {
209 struct hci_dev *hdev;
210 struct usb_device *udev;
211 struct usb_interface *intf;
212 struct usb_interface *isoc;
213
214 spinlock_t lock;
215
216 unsigned long flags;
217
218 struct work_struct work;
219 struct work_struct waker;
220
221 struct usb_anchor tx_anchor;
222 struct usb_anchor intr_anchor;
223 struct usb_anchor bulk_anchor;
224 struct usb_anchor isoc_anchor;
225 struct usb_anchor deferred;
226 int tx_in_flight;
227 spinlock_t txlock;
228
229 struct usb_endpoint_descriptor *intr_ep;
230 struct usb_endpoint_descriptor *bulk_tx_ep;
231 struct usb_endpoint_descriptor *bulk_rx_ep;
232 struct usb_endpoint_descriptor *isoc_tx_ep;
233 struct usb_endpoint_descriptor *isoc_rx_ep;
234
235 __u8 cmdreq_type;
236
237 unsigned int sco_num;
238 int isoc_altsetting;
239 int suspend_count;
240};
241
242static int inc_tx(struct btusb_data *data)
243{
244 unsigned long flags;
245 int rv;
246
247 spin_lock_irqsave(&data->txlock, flags);
248 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
249 if (!rv)
250 data->tx_in_flight++;
251 spin_unlock_irqrestore(&data->txlock, flags);
252
253 return rv;
254}
255
256static void btusb_intr_complete(struct urb *urb)
257{
258 struct hci_dev *hdev = urb->context;
259 struct btusb_data *data = hci_get_drvdata(hdev);
260 int err;
261
262 BT_DBG("%s urb %p status %d count %d", hdev->name,
263 urb, urb->status, urb->actual_length);
264
265 if (!test_bit(HCI_RUNNING, &hdev->flags))
266 return;
267
268 if (urb->status == 0) {
269 hdev->stat.byte_rx += urb->actual_length;
270
271 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
272 urb->transfer_buffer,
273 urb->actual_length) < 0) {
274 BT_ERR("%s corrupted event packet", hdev->name);
275 hdev->stat.err_rx++;
276 }
277 }
278
279 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
280 return;
281
282 usb_mark_last_busy(data->udev);
283 usb_anchor_urb(urb, &data->intr_anchor);
284
285 err = usb_submit_urb(urb, GFP_ATOMIC);
286 if (err < 0) {
287
288
289 if (err != -EPERM && err != -ENODEV)
290 BT_ERR("%s urb %p failed to resubmit (%d)",
291 hdev->name, urb, -err);
292 usb_unanchor_urb(urb);
293 }
294}
295
296static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
297{
298 struct btusb_data *data = hci_get_drvdata(hdev);
299 struct urb *urb;
300 unsigned char *buf;
301 unsigned int pipe;
302 int err, size;
303
304 BT_DBG("%s", hdev->name);
305
306 if (!data->intr_ep)
307 return -ENODEV;
308
309 urb = usb_alloc_urb(0, mem_flags);
310 if (!urb)
311 return -ENOMEM;
312
313 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
314
315 buf = kmalloc(size, mem_flags);
316 if (!buf) {
317 usb_free_urb(urb);
318 return -ENOMEM;
319 }
320
321 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
322
323 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
324 btusb_intr_complete, hdev,
325 data->intr_ep->bInterval);
326
327 urb->transfer_flags |= URB_FREE_BUFFER;
328
329 usb_anchor_urb(urb, &data->intr_anchor);
330
331 err = usb_submit_urb(urb, mem_flags);
332 if (err < 0) {
333 if (err != -EPERM && err != -ENODEV)
334 BT_ERR("%s urb %p submission failed (%d)",
335 hdev->name, urb, -err);
336 usb_unanchor_urb(urb);
337 }
338
339 usb_free_urb(urb);
340
341 return err;
342}
343
344static void btusb_bulk_complete(struct urb *urb)
345{
346 struct hci_dev *hdev = urb->context;
347 struct btusb_data *data = hci_get_drvdata(hdev);
348 int err;
349
350 BT_DBG("%s urb %p status %d count %d", hdev->name,
351 urb, urb->status, urb->actual_length);
352
353 if (!test_bit(HCI_RUNNING, &hdev->flags))
354 return;
355
356 if (urb->status == 0) {
357 hdev->stat.byte_rx += urb->actual_length;
358
359 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
360 urb->transfer_buffer,
361 urb->actual_length) < 0) {
362 BT_ERR("%s corrupted ACL packet", hdev->name);
363 hdev->stat.err_rx++;
364 }
365 }
366
367 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
368 return;
369
370 usb_anchor_urb(urb, &data->bulk_anchor);
371 usb_mark_last_busy(data->udev);
372
373 err = usb_submit_urb(urb, GFP_ATOMIC);
374 if (err < 0) {
375
376
377 if (err != -EPERM && err != -ENODEV)
378 BT_ERR("%s urb %p failed to resubmit (%d)",
379 hdev->name, urb, -err);
380 usb_unanchor_urb(urb);
381 }
382}
383
384static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
385{
386 struct btusb_data *data = hci_get_drvdata(hdev);
387 struct urb *urb;
388 unsigned char *buf;
389 unsigned int pipe;
390 int err, size = HCI_MAX_FRAME_SIZE;
391
392 BT_DBG("%s", hdev->name);
393
394 if (!data->bulk_rx_ep)
395 return -ENODEV;
396
397 urb = usb_alloc_urb(0, mem_flags);
398 if (!urb)
399 return -ENOMEM;
400
401 buf = kmalloc(size, mem_flags);
402 if (!buf) {
403 usb_free_urb(urb);
404 return -ENOMEM;
405 }
406
407 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
408
409 usb_fill_bulk_urb(urb, data->udev, pipe,
410 buf, size, btusb_bulk_complete, hdev);
411
412 urb->transfer_flags |= URB_FREE_BUFFER;
413
414 usb_mark_last_busy(data->udev);
415 usb_anchor_urb(urb, &data->bulk_anchor);
416
417 err = usb_submit_urb(urb, mem_flags);
418 if (err < 0) {
419 if (err != -EPERM && err != -ENODEV)
420 BT_ERR("%s urb %p submission failed (%d)",
421 hdev->name, urb, -err);
422 usb_unanchor_urb(urb);
423 }
424
425 usb_free_urb(urb);
426
427 return err;
428}
429
430static void btusb_isoc_complete(struct urb *urb)
431{
432 struct hci_dev *hdev = urb->context;
433 struct btusb_data *data = hci_get_drvdata(hdev);
434 int i, err;
435
436 BT_DBG("%s urb %p status %d count %d", hdev->name,
437 urb, urb->status, urb->actual_length);
438
439 if (!test_bit(HCI_RUNNING, &hdev->flags))
440 return;
441
442 if (urb->status == 0) {
443 for (i = 0; i < urb->number_of_packets; i++) {
444 unsigned int offset = urb->iso_frame_desc[i].offset;
445 unsigned int length = urb->iso_frame_desc[i].actual_length;
446
447 if (urb->iso_frame_desc[i].status)
448 continue;
449
450 hdev->stat.byte_rx += length;
451
452 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
453 urb->transfer_buffer + offset,
454 length) < 0) {
455 BT_ERR("%s corrupted SCO packet", hdev->name);
456 hdev->stat.err_rx++;
457 }
458 }
459 }
460
461 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
462 return;
463
464 usb_anchor_urb(urb, &data->isoc_anchor);
465
466 err = usb_submit_urb(urb, GFP_ATOMIC);
467 if (err < 0) {
468
469
470 if (err != -EPERM && err != -ENODEV)
471 BT_ERR("%s urb %p failed to resubmit (%d)",
472 hdev->name, urb, -err);
473 usb_unanchor_urb(urb);
474 }
475}
476
477static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
478{
479 int i, offset = 0;
480
481 BT_DBG("len %d mtu %d", len, mtu);
482
483 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
484 i++, offset += mtu, len -= mtu) {
485 urb->iso_frame_desc[i].offset = offset;
486 urb->iso_frame_desc[i].length = mtu;
487 }
488
489 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
490 urb->iso_frame_desc[i].offset = offset;
491 urb->iso_frame_desc[i].length = len;
492 i++;
493 }
494
495 urb->number_of_packets = i;
496}
497
498static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
499{
500 struct btusb_data *data = hci_get_drvdata(hdev);
501 struct urb *urb;
502 unsigned char *buf;
503 unsigned int pipe;
504 int err, size;
505
506 BT_DBG("%s", hdev->name);
507
508 if (!data->isoc_rx_ep)
509 return -ENODEV;
510
511 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
512 if (!urb)
513 return -ENOMEM;
514
515 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
516 BTUSB_MAX_ISOC_FRAMES;
517
518 buf = kmalloc(size, mem_flags);
519 if (!buf) {
520 usb_free_urb(urb);
521 return -ENOMEM;
522 }
523
524 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
525
526 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
527 hdev, data->isoc_rx_ep->bInterval);
528
529 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
530
531 __fill_isoc_descriptor(urb, size,
532 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
533
534 usb_anchor_urb(urb, &data->isoc_anchor);
535
536 err = usb_submit_urb(urb, mem_flags);
537 if (err < 0) {
538 if (err != -EPERM && err != -ENODEV)
539 BT_ERR("%s urb %p submission failed (%d)",
540 hdev->name, urb, -err);
541 usb_unanchor_urb(urb);
542 }
543
544 usb_free_urb(urb);
545
546 return err;
547}
548
549static void btusb_tx_complete(struct urb *urb)
550{
551 struct sk_buff *skb = urb->context;
552 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
553 struct btusb_data *data = hci_get_drvdata(hdev);
554
555 BT_DBG("%s urb %p status %d count %d", hdev->name,
556 urb, urb->status, urb->actual_length);
557
558 if (!test_bit(HCI_RUNNING, &hdev->flags))
559 goto done;
560
561 if (!urb->status)
562 hdev->stat.byte_tx += urb->transfer_buffer_length;
563 else
564 hdev->stat.err_tx++;
565
566done:
567 spin_lock(&data->txlock);
568 data->tx_in_flight--;
569 spin_unlock(&data->txlock);
570
571 kfree(urb->setup_packet);
572
573 kfree_skb(skb);
574}
575
576static void btusb_isoc_tx_complete(struct urb *urb)
577{
578 struct sk_buff *skb = urb->context;
579 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
580
581 BT_DBG("%s urb %p status %d count %d", hdev->name,
582 urb, urb->status, urb->actual_length);
583
584 if (!test_bit(HCI_RUNNING, &hdev->flags))
585 goto done;
586
587 if (!urb->status)
588 hdev->stat.byte_tx += urb->transfer_buffer_length;
589 else
590 hdev->stat.err_tx++;
591
592done:
593 kfree(urb->setup_packet);
594
595 kfree_skb(skb);
596}
597
598static int btusb_open(struct hci_dev *hdev)
599{
600 struct btusb_data *data = hci_get_drvdata(hdev);
601 int err;
602
603 BT_DBG("%s", hdev->name);
604
605 err = usb_autopm_get_interface(data->intf);
606 if (err < 0)
607 return err;
608
609 data->intf->needs_remote_wakeup = 1;
610
611 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
612 goto done;
613
614 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
615 goto done;
616
617 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
618 if (err < 0)
619 goto failed;
620
621 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
622 if (err < 0) {
623 usb_kill_anchored_urbs(&data->intr_anchor);
624 goto failed;
625 }
626
627 set_bit(BTUSB_BULK_RUNNING, &data->flags);
628 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
629
630done:
631 usb_autopm_put_interface(data->intf);
632 return 0;
633
634failed:
635 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
636 clear_bit(HCI_RUNNING, &hdev->flags);
637 usb_autopm_put_interface(data->intf);
638 return err;
639}
640
641static void btusb_stop_traffic(struct btusb_data *data)
642{
643 usb_kill_anchored_urbs(&data->intr_anchor);
644 usb_kill_anchored_urbs(&data->bulk_anchor);
645 usb_kill_anchored_urbs(&data->isoc_anchor);
646}
647
648static int btusb_close(struct hci_dev *hdev)
649{
650 struct btusb_data *data = hci_get_drvdata(hdev);
651 int err;
652
653 BT_DBG("%s", hdev->name);
654
655 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
656 return 0;
657
658 cancel_work_sync(&data->work);
659 cancel_work_sync(&data->waker);
660
661 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
662 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
663 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
664
665 btusb_stop_traffic(data);
666 err = usb_autopm_get_interface(data->intf);
667 if (err < 0)
668 goto failed;
669
670 data->intf->needs_remote_wakeup = 0;
671 usb_autopm_put_interface(data->intf);
672
673failed:
674 usb_scuttle_anchored_urbs(&data->deferred);
675 return 0;
676}
677
678static int btusb_flush(struct hci_dev *hdev)
679{
680 struct btusb_data *data = hci_get_drvdata(hdev);
681
682 BT_DBG("%s", hdev->name);
683
684 usb_kill_anchored_urbs(&data->tx_anchor);
685
686 return 0;
687}
688
689static int btusb_send_frame(struct sk_buff *skb)
690{
691 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
692 struct btusb_data *data = hci_get_drvdata(hdev);
693 struct usb_ctrlrequest *dr;
694 struct urb *urb;
695 unsigned int pipe;
696 int err;
697
698 BT_DBG("%s", hdev->name);
699
700 if (!test_bit(HCI_RUNNING, &hdev->flags))
701 return -EBUSY;
702
703 switch (bt_cb(skb)->pkt_type) {
704 case HCI_COMMAND_PKT:
705 urb = usb_alloc_urb(0, GFP_ATOMIC);
706 if (!urb)
707 return -ENOMEM;
708
709 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
710 if (!dr) {
711 usb_free_urb(urb);
712 return -ENOMEM;
713 }
714
715 dr->bRequestType = data->cmdreq_type;
716 dr->bRequest = 0;
717 dr->wIndex = 0;
718 dr->wValue = 0;
719 dr->wLength = __cpu_to_le16(skb->len);
720
721 pipe = usb_sndctrlpipe(data->udev, 0x00);
722
723 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
724 skb->data, skb->len, btusb_tx_complete, skb);
725
726 hdev->stat.cmd_tx++;
727 break;
728
729 case HCI_ACLDATA_PKT:
730 if (!data->bulk_tx_ep)
731 return -ENODEV;
732
733 urb = usb_alloc_urb(0, GFP_ATOMIC);
734 if (!urb)
735 return -ENOMEM;
736
737 pipe = usb_sndbulkpipe(data->udev,
738 data->bulk_tx_ep->bEndpointAddress);
739
740 usb_fill_bulk_urb(urb, data->udev, pipe,
741 skb->data, skb->len, btusb_tx_complete, skb);
742
743 hdev->stat.acl_tx++;
744 break;
745
746 case HCI_SCODATA_PKT:
747 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
748 return -ENODEV;
749
750 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
751 if (!urb)
752 return -ENOMEM;
753
754 pipe = usb_sndisocpipe(data->udev,
755 data->isoc_tx_ep->bEndpointAddress);
756
757 usb_fill_int_urb(urb, data->udev, pipe,
758 skb->data, skb->len, btusb_isoc_tx_complete,
759 skb, data->isoc_tx_ep->bInterval);
760
761 urb->transfer_flags = URB_ISO_ASAP;
762
763 __fill_isoc_descriptor(urb, skb->len,
764 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
765
766 hdev->stat.sco_tx++;
767 goto skip_waking;
768
769 default:
770 return -EILSEQ;
771 }
772
773 err = inc_tx(data);
774 if (err) {
775 usb_anchor_urb(urb, &data->deferred);
776 schedule_work(&data->waker);
777 err = 0;
778 goto done;
779 }
780
781skip_waking:
782 usb_anchor_urb(urb, &data->tx_anchor);
783
784 err = usb_submit_urb(urb, GFP_ATOMIC);
785 if (err < 0) {
786 if (err != -EPERM && err != -ENODEV)
787 BT_ERR("%s urb %p submission failed (%d)",
788 hdev->name, urb, -err);
789 kfree(urb->setup_packet);
790 usb_unanchor_urb(urb);
791 } else {
792 usb_mark_last_busy(data->udev);
793 }
794
795done:
796 usb_free_urb(urb);
797 return err;
798}
799
800static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
801{
802 struct btusb_data *data = hci_get_drvdata(hdev);
803
804 BT_DBG("%s evt %d", hdev->name, evt);
805
806 if (hdev->conn_hash.sco_num != data->sco_num) {
807 data->sco_num = hdev->conn_hash.sco_num;
808 schedule_work(&data->work);
809 }
810}
811
812static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
813{
814 struct btusb_data *data = hci_get_drvdata(hdev);
815 struct usb_interface *intf = data->isoc;
816 struct usb_endpoint_descriptor *ep_desc;
817 int i, err;
818
819 if (!data->isoc)
820 return -ENODEV;
821
822 err = usb_set_interface(data->udev, 1, altsetting);
823 if (err < 0) {
824 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
825 return err;
826 }
827
828 data->isoc_altsetting = altsetting;
829
830 data->isoc_tx_ep = NULL;
831 data->isoc_rx_ep = NULL;
832
833 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
834 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
835
836 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
837 data->isoc_tx_ep = ep_desc;
838 continue;
839 }
840
841 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
842 data->isoc_rx_ep = ep_desc;
843 continue;
844 }
845 }
846
847 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
848 BT_ERR("%s invalid SCO descriptors", hdev->name);
849 return -ENODEV;
850 }
851
852 return 0;
853}
854
855static void btusb_work(struct work_struct *work)
856{
857 struct btusb_data *data = container_of(work, struct btusb_data, work);
858 struct hci_dev *hdev = data->hdev;
859 int new_alts;
860 int err;
861
862 if (hdev->conn_hash.sco_num > 0) {
863 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
864 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
865 if (err < 0) {
866 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
867 usb_kill_anchored_urbs(&data->isoc_anchor);
868 return;
869 }
870
871 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
872 }
873
874 if (hdev->voice_setting & 0x0020) {
875 static const int alts[3] = { 2, 4, 5 };
876 new_alts = alts[hdev->conn_hash.sco_num - 1];
877 } else {
878 new_alts = hdev->conn_hash.sco_num;
879 }
880
881 if (data->isoc_altsetting != new_alts) {
882 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
883 usb_kill_anchored_urbs(&data->isoc_anchor);
884
885 if (__set_isoc_interface(hdev, new_alts) < 0)
886 return;
887 }
888
889 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
890 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
891 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
892 else
893 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
894 }
895 } else {
896 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
897 usb_kill_anchored_urbs(&data->isoc_anchor);
898
899 __set_isoc_interface(hdev, 0);
900 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
901 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
902 }
903}
904
905static void btusb_waker(struct work_struct *work)
906{
907 struct btusb_data *data = container_of(work, struct btusb_data, waker);
908 int err;
909
910 err = usb_autopm_get_interface(data->intf);
911 if (err < 0)
912 return;
913
914 usb_autopm_put_interface(data->intf);
915}
916
917static int btusb_probe(struct usb_interface *intf,
918 const struct usb_device_id *id)
919{
920 struct usb_endpoint_descriptor *ep_desc;
921 struct btusb_data *data;
922 struct hci_dev *hdev;
923 int i, err;
924
925 BT_DBG("intf %p id %p", intf, id);
926
927
928 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
929 return -ENODEV;
930
931 if (!id->driver_info) {
932 const struct usb_device_id *match;
933 match = usb_match_id(intf, blacklist_table);
934 if (match)
935 id = match;
936 }
937
938 if (id->driver_info == BTUSB_IGNORE)
939 return -ENODEV;
940
941 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
942 return -ENODEV;
943
944 if (ignore_csr && id->driver_info & BTUSB_CSR)
945 return -ENODEV;
946
947 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
948 return -ENODEV;
949
950 if (id->driver_info & BTUSB_ATH3012) {
951 struct usb_device *udev = interface_to_usbdev(intf);
952
953
954
955 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
956 return -ENODEV;
957 }
958
959 data = kzalloc(sizeof(*data), GFP_KERNEL);
960 if (!data)
961 return -ENOMEM;
962
963 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
964 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
965
966 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
967 data->intr_ep = ep_desc;
968 continue;
969 }
970
971 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
972 data->bulk_tx_ep = ep_desc;
973 continue;
974 }
975
976 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
977 data->bulk_rx_ep = ep_desc;
978 continue;
979 }
980 }
981
982 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
983 kfree(data);
984 return -ENODEV;
985 }
986
987 data->cmdreq_type = USB_TYPE_CLASS;
988
989 data->udev = interface_to_usbdev(intf);
990 data->intf = intf;
991
992 spin_lock_init(&data->lock);
993
994 INIT_WORK(&data->work, btusb_work);
995 INIT_WORK(&data->waker, btusb_waker);
996 spin_lock_init(&data->txlock);
997
998 init_usb_anchor(&data->tx_anchor);
999 init_usb_anchor(&data->intr_anchor);
1000 init_usb_anchor(&data->bulk_anchor);
1001 init_usb_anchor(&data->isoc_anchor);
1002 init_usb_anchor(&data->deferred);
1003
1004 hdev = hci_alloc_dev();
1005 if (!hdev) {
1006 kfree(data);
1007 return -ENOMEM;
1008 }
1009
1010 hdev->bus = HCI_USB;
1011 hci_set_drvdata(hdev, data);
1012
1013 data->hdev = hdev;
1014
1015 SET_HCIDEV_DEV(hdev, &intf->dev);
1016
1017 hdev->open = btusb_open;
1018 hdev->close = btusb_close;
1019 hdev->flush = btusb_flush;
1020 hdev->send = btusb_send_frame;
1021 hdev->notify = btusb_notify;
1022
1023
1024 data->isoc = usb_ifnum_to_if(data->udev, 1);
1025
1026 if (!reset)
1027 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1028
1029 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1030 if (!disable_scofix)
1031 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1032 }
1033
1034 if (id->driver_info & BTUSB_BROKEN_ISOC)
1035 data->isoc = NULL;
1036
1037 if (id->driver_info & BTUSB_DIGIANSWER) {
1038 data->cmdreq_type = USB_TYPE_VENDOR;
1039 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1040 }
1041
1042 if (id->driver_info & BTUSB_CSR) {
1043 struct usb_device *udev = data->udev;
1044
1045
1046 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1047 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1048 }
1049
1050 if (id->driver_info & BTUSB_SNIFFER) {
1051 struct usb_device *udev = data->udev;
1052
1053
1054 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1055 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1056
1057 data->isoc = NULL;
1058 }
1059
1060 if (id->driver_info & BTUSB_BCM92035) {
1061 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1062 struct sk_buff *skb;
1063
1064 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1065 if (skb) {
1066 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1067 skb_queue_tail(&hdev->driver_init, skb);
1068 }
1069 }
1070
1071 if (data->isoc) {
1072 err = usb_driver_claim_interface(&btusb_driver,
1073 data->isoc, data);
1074 if (err < 0) {
1075 hci_free_dev(hdev);
1076 kfree(data);
1077 return err;
1078 }
1079 }
1080
1081 err = hci_register_dev(hdev);
1082 if (err < 0) {
1083 hci_free_dev(hdev);
1084 kfree(data);
1085 return err;
1086 }
1087
1088 usb_set_intfdata(intf, data);
1089
1090 return 0;
1091}
1092
1093static void btusb_disconnect(struct usb_interface *intf)
1094{
1095 struct btusb_data *data = usb_get_intfdata(intf);
1096 struct hci_dev *hdev;
1097
1098 BT_DBG("intf %p", intf);
1099
1100 if (!data)
1101 return;
1102
1103 hdev = data->hdev;
1104 usb_set_intfdata(data->intf, NULL);
1105
1106 if (data->isoc)
1107 usb_set_intfdata(data->isoc, NULL);
1108
1109 hci_unregister_dev(hdev);
1110
1111 if (intf == data->isoc)
1112 usb_driver_release_interface(&btusb_driver, data->intf);
1113 else if (data->isoc)
1114 usb_driver_release_interface(&btusb_driver, data->isoc);
1115
1116 hci_free_dev(hdev);
1117 kfree(data);
1118}
1119
1120#ifdef CONFIG_PM
1121static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1122{
1123 struct btusb_data *data = usb_get_intfdata(intf);
1124
1125 BT_DBG("intf %p", intf);
1126
1127 if (data->suspend_count++)
1128 return 0;
1129
1130 spin_lock_irq(&data->txlock);
1131 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1132 set_bit(BTUSB_SUSPENDING, &data->flags);
1133 spin_unlock_irq(&data->txlock);
1134 } else {
1135 spin_unlock_irq(&data->txlock);
1136 data->suspend_count--;
1137 return -EBUSY;
1138 }
1139
1140 cancel_work_sync(&data->work);
1141
1142 btusb_stop_traffic(data);
1143 usb_kill_anchored_urbs(&data->tx_anchor);
1144
1145 return 0;
1146}
1147
1148static void play_deferred(struct btusb_data *data)
1149{
1150 struct urb *urb;
1151 int err;
1152
1153 while ((urb = usb_get_from_anchor(&data->deferred))) {
1154 err = usb_submit_urb(urb, GFP_ATOMIC);
1155 if (err < 0)
1156 break;
1157
1158 data->tx_in_flight++;
1159 }
1160 usb_scuttle_anchored_urbs(&data->deferred);
1161}
1162
1163static int btusb_resume(struct usb_interface *intf)
1164{
1165 struct btusb_data *data = usb_get_intfdata(intf);
1166 struct hci_dev *hdev = data->hdev;
1167 int err = 0;
1168
1169 BT_DBG("intf %p", intf);
1170
1171 if (--data->suspend_count)
1172 return 0;
1173
1174 if (!test_bit(HCI_RUNNING, &hdev->flags))
1175 goto done;
1176
1177 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1178 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1179 if (err < 0) {
1180 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1181 goto failed;
1182 }
1183 }
1184
1185 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1186 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1187 if (err < 0) {
1188 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1189 goto failed;
1190 }
1191
1192 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1193 }
1194
1195 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1196 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1197 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1198 else
1199 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1200 }
1201
1202 spin_lock_irq(&data->txlock);
1203 play_deferred(data);
1204 clear_bit(BTUSB_SUSPENDING, &data->flags);
1205 spin_unlock_irq(&data->txlock);
1206 schedule_work(&data->work);
1207
1208 return 0;
1209
1210failed:
1211 usb_scuttle_anchored_urbs(&data->deferred);
1212done:
1213 spin_lock_irq(&data->txlock);
1214 clear_bit(BTUSB_SUSPENDING, &data->flags);
1215 spin_unlock_irq(&data->txlock);
1216
1217 return err;
1218}
1219#endif
1220
1221static struct usb_driver btusb_driver = {
1222 .name = "btusb",
1223 .probe = btusb_probe,
1224 .disconnect = btusb_disconnect,
1225#ifdef CONFIG_PM
1226 .suspend = btusb_suspend,
1227 .resume = btusb_resume,
1228#endif
1229 .id_table = btusb_table,
1230 .supports_autosuspend = 1,
1231 .disable_hub_initiated_lpm = 1,
1232};
1233
1234module_usb_driver(btusb_driver);
1235
1236module_param(ignore_dga, bool, 0644);
1237MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1238
1239module_param(ignore_csr, bool, 0644);
1240MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1241
1242module_param(ignore_sniffer, bool, 0644);
1243MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1244
1245module_param(disable_scofix, bool, 0644);
1246MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1247
1248module_param(force_scofix, bool, 0644);
1249MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1250
1251module_param(reset, bool, 0644);
1252MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1253
1254MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1255MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1256MODULE_VERSION(VERSION);
1257MODULE_LICENSE("GPL");
1258
