1 /* 2 * 3 * AVM BlueFRITZ! USB driver 4 * 5 * Copyright (C) 2003-2006 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 26 #include <linux/kernel.h> 27 #include <linux/init.h> 28 #include <linux/slab.h> 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/skbuff.h> 32 33 #include <linux/device.h> 34 #include <linux/firmware.h> 35 36 #include <linux/usb.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 41 #define VERSION "1.2" 42 43 static struct usb_driver bfusb_driver; 44 45 static const struct usb_device_id bfusb_table[] = { 46 /* AVM BlueFRITZ! USB */ 47 { USB_DEVICE(0x057c, 0x2200) }, 48 49 { } /* Terminating entry */ 50 }; 51 52 MODULE_DEVICE_TABLE(usb, bfusb_table); 53 54 #define BFUSB_MAX_BLOCK_SIZE 256 55 56 #define BFUSB_BLOCK_TIMEOUT 3000 57 58 #define BFUSB_TX_PROCESS 1 59 #define BFUSB_TX_WAKEUP 2 60 61 #define BFUSB_MAX_BULK_TX 2 62 #define BFUSB_MAX_BULK_RX 2 63 64 struct bfusb_data { 65 struct hci_dev *hdev; 66 67 unsigned long state; 68 69 struct usb_device *udev; 70 71 unsigned int bulk_in_ep; 72 unsigned int bulk_out_ep; 73 unsigned int bulk_pkt_size; 74 75 rwlock_t lock; 76 77 struct sk_buff_head transmit_q; 78 79 struct sk_buff *reassembly; 80 81 atomic_t pending_tx; 82 struct sk_buff_head pending_q; 83 struct sk_buff_head completed_q; 84 }; 85 86 struct bfusb_data_scb { 87 struct urb *urb; 88 }; 89 90 static void bfusb_tx_complete(struct urb *urb); 91 static void bfusb_rx_complete(struct urb *urb); 92 93 static struct urb *bfusb_get_completed(struct bfusb_data *data) 94 { 95 struct sk_buff *skb; 96 struct urb *urb = NULL; 97 98 BT_DBG("bfusb %p", data); 99 100 skb = skb_dequeue(&data->completed_q); 101 if (skb) { 102 urb = ((struct bfusb_data_scb *) skb->cb)->urb; 103 kfree_skb(skb); 104 } 105 106 return urb; 107 } 108 109 static void bfusb_unlink_urbs(struct bfusb_data *data) 110 { 111 struct sk_buff *skb; 112 struct urb *urb; 113 114 BT_DBG("bfusb %p", data); 115 116 while ((skb = skb_dequeue(&data->pending_q))) { 117 urb = ((struct bfusb_data_scb *) skb->cb)->urb; 118 usb_kill_urb(urb); 119 skb_queue_tail(&data->completed_q, skb); 120 } 121 122 while ((urb = bfusb_get_completed(data))) 123 usb_free_urb(urb); 124 } 125 126 static int bfusb_send_bulk(struct bfusb_data *data, struct sk_buff *skb) 127 { 128 struct bfusb_data_scb *scb = (void *) skb->cb; 129 struct urb *urb = bfusb_get_completed(data); 130 int err, pipe; 131 132 BT_DBG("bfusb %p skb %p len %d", data, skb, skb->len); 133 134 if (!urb) { 135 urb = usb_alloc_urb(0, GFP_ATOMIC); 136 if (!urb) 137 return -ENOMEM; 138 } 139 140 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep); 141 142 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, skb->len, 143 bfusb_tx_complete, skb); 144 145 scb->urb = urb; 146 147 skb_queue_tail(&data->pending_q, skb); 148 149 err = usb_submit_urb(urb, GFP_ATOMIC); 150 if (err) { 151 BT_ERR("%s bulk tx submit failed urb %p err %d", 152 data->hdev->name, urb, err); 153 skb_unlink(skb, &data->pending_q); 154 usb_free_urb(urb); 155 } else 156 atomic_inc(&data->pending_tx); 157 158 return err; 159 } 160 161 static void bfusb_tx_wakeup(struct bfusb_data *data) 162 { 163 struct sk_buff *skb; 164 165 BT_DBG("bfusb %p", data); 166 167 if (test_and_set_bit(BFUSB_TX_PROCESS, &data->state)) { 168 set_bit(BFUSB_TX_WAKEUP, &data->state); 169 return; 170 } 171 172 do { 173 clear_bit(BFUSB_TX_WAKEUP, &data->state); 174 175 while ((atomic_read(&data->pending_tx) < BFUSB_MAX_BULK_TX) && 176 (skb = skb_dequeue(&data->transmit_q))) { 177 if (bfusb_send_bulk(data, skb) < 0) { 178 skb_queue_head(&data->transmit_q, skb); 179 break; 180 } 181 } 182 183 } while (test_bit(BFUSB_TX_WAKEUP, &data->state)); 184 185 clear_bit(BFUSB_TX_PROCESS, &data->state); 186 } 187 188 static void bfusb_tx_complete(struct urb *urb) 189 { 190 struct sk_buff *skb = (struct sk_buff *) urb->context; 191 struct bfusb_data *data = (struct bfusb_data *) skb->dev; 192 193 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len); 194 195 atomic_dec(&data->pending_tx); 196 197 if (!test_bit(HCI_RUNNING, &data->hdev->flags)) 198 return; 199 200 if (!urb->status) 201 data->hdev->stat.byte_tx += skb->len; 202 else 203 data->hdev->stat.err_tx++; 204 205 read_lock(&data->lock); 206 207 skb_unlink(skb, &data->pending_q); 208 skb_queue_tail(&data->completed_q, skb); 209 210 bfusb_tx_wakeup(data); 211 212 read_unlock(&data->lock); 213 } 214 215 216 static int bfusb_rx_submit(struct bfusb_data *data, struct urb *urb) 217 { 218 struct bfusb_data_scb *scb; 219 struct sk_buff *skb; 220 int err, pipe, size = HCI_MAX_FRAME_SIZE + 32; 221 222 BT_DBG("bfusb %p urb %p", data, urb); 223 224 if (!urb) { 225 urb = usb_alloc_urb(0, GFP_ATOMIC); 226 if (!urb) 227 return -ENOMEM; 228 } 229 230 skb = bt_skb_alloc(size, GFP_ATOMIC); 231 if (!skb) { 232 usb_free_urb(urb); 233 return -ENOMEM; 234 } 235 236 skb->dev = (void *) data; 237 238 scb = (struct bfusb_data_scb *) skb->cb; 239 scb->urb = urb; 240 241 pipe = usb_rcvbulkpipe(data->udev, data->bulk_in_ep); 242 243 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, size, 244 bfusb_rx_complete, skb); 245 246 skb_queue_tail(&data->pending_q, skb); 247 248 err = usb_submit_urb(urb, GFP_ATOMIC); 249 if (err) { 250 BT_ERR("%s bulk rx submit failed urb %p err %d", 251 data->hdev->name, urb, err); 252 skb_unlink(skb, &data->pending_q); 253 kfree_skb(skb); 254 usb_free_urb(urb); 255 } 256 257 return err; 258 } 259 260 static inline int bfusb_recv_block(struct bfusb_data *data, int hdr, unsigned char *buf, int len) 261 { 262 BT_DBG("bfusb %p hdr 0x%02x data %p len %d", data, hdr, buf, len); 263 264 if (hdr & 0x10) { 265 BT_ERR("%s error in block", data->hdev->name); 266 kfree_skb(data->reassembly); 267 data->reassembly = NULL; 268 return -EIO; 269 } 270 271 if (hdr & 0x04) { 272 struct sk_buff *skb; 273 unsigned char pkt_type; 274 int pkt_len = 0; 275 276 if (data->reassembly) { 277 BT_ERR("%s unexpected start block", data->hdev->name); 278 kfree_skb(data->reassembly); 279 data->reassembly = NULL; 280 } 281 282 if (len < 1) { 283 BT_ERR("%s no packet type found", data->hdev->name); 284 return -EPROTO; 285 } 286 287 pkt_type = *buf++; len--; 288 289 switch (pkt_type) { 290 case HCI_EVENT_PKT: 291 if (len >= HCI_EVENT_HDR_SIZE) { 292 struct hci_event_hdr *hdr = (struct hci_event_hdr *) buf; 293 pkt_len = HCI_EVENT_HDR_SIZE + hdr->plen; 294 } else { 295 BT_ERR("%s event block is too short", data->hdev->name); 296 return -EILSEQ; 297 } 298 break; 299 300 case HCI_ACLDATA_PKT: 301 if (len >= HCI_ACL_HDR_SIZE) { 302 struct hci_acl_hdr *hdr = (struct hci_acl_hdr *) buf; 303 pkt_len = HCI_ACL_HDR_SIZE + __le16_to_cpu(hdr->dlen); 304 } else { 305 BT_ERR("%s data block is too short", data->hdev->name); 306 return -EILSEQ; 307 } 308 break; 309 310 case HCI_SCODATA_PKT: 311 if (len >= HCI_SCO_HDR_SIZE) { 312 struct hci_sco_hdr *hdr = (struct hci_sco_hdr *) buf; 313 pkt_len = HCI_SCO_HDR_SIZE + hdr->dlen; 314 } else { 315 BT_ERR("%s audio block is too short", data->hdev->name); 316 return -EILSEQ; 317 } 318 break; 319 } 320 321 skb = bt_skb_alloc(pkt_len, GFP_ATOMIC); 322 if (!skb) { 323 BT_ERR("%s no memory for the packet", data->hdev->name); 324 return -ENOMEM; 325 } 326 327 hci_skb_pkt_type(skb) = pkt_type; 328 329 data->reassembly = skb; 330 } else { 331 if (!data->reassembly) { 332 BT_ERR("%s unexpected continuation block", data->hdev->name); 333 return -EIO; 334 } 335 } 336 337 if (len > 0) 338 skb_put_data(data->reassembly, buf, len); 339 340 if (hdr & 0x08) { 341 hci_recv_frame(data->hdev, data->reassembly); 342 data->reassembly = NULL; 343 } 344 345 return 0; 346 } 347 348 static void bfusb_rx_complete(struct urb *urb) 349 { 350 struct sk_buff *skb = (struct sk_buff *) urb->context; 351 struct bfusb_data *data = (struct bfusb_data *) skb->dev; 352 unsigned char *buf = urb->transfer_buffer; 353 int count = urb->actual_length; 354 int err, hdr, len; 355 356 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len); 357 358 read_lock(&data->lock); 359 360 if (!test_bit(HCI_RUNNING, &data->hdev->flags)) 361 goto unlock; 362 363 if (urb->status || !count) 364 goto resubmit; 365 366 data->hdev->stat.byte_rx += count; 367 368 skb_put(skb, count); 369 370 while (count) { 371 hdr = buf[0] | (buf[1] << 8); 372 373 if (hdr & 0x4000) { 374 len = 0; 375 count -= 2; 376 buf += 2; 377 } else { 378 len = (buf[2] == 0) ? 256 : buf[2]; 379 count -= 3; 380 buf += 3; 381 } 382 383 if (count < len) { 384 BT_ERR("%s block extends over URB buffer ranges", 385 data->hdev->name); 386 } 387 388 if ((hdr & 0xe1) == 0xc1) 389 bfusb_recv_block(data, hdr, buf, len); 390 391 count -= len; 392 buf += len; 393 } 394 395 skb_unlink(skb, &data->pending_q); 396 kfree_skb(skb); 397 398 bfusb_rx_submit(data, urb); 399 400 read_unlock(&data->lock); 401 402 return; 403 404 resubmit: 405 urb->dev = data->udev; 406 407 err = usb_submit_urb(urb, GFP_ATOMIC); 408 if (err) { 409 BT_ERR("%s bulk resubmit failed urb %p err %d", 410 data->hdev->name, urb, err); 411 } 412 413 unlock: 414 read_unlock(&data->lock); 415 } 416 417 static int bfusb_open(struct hci_dev *hdev) 418 { 419 struct bfusb_data *data = hci_get_drvdata(hdev); 420 unsigned long flags; 421 int i, err; 422 423 BT_DBG("hdev %p bfusb %p", hdev, data); 424 425 write_lock_irqsave(&data->lock, flags); 426 427 err = bfusb_rx_submit(data, NULL); 428 if (!err) { 429 for (i = 1; i < BFUSB_MAX_BULK_RX; i++) 430 bfusb_rx_submit(data, NULL); 431 } 432 433 write_unlock_irqrestore(&data->lock, flags); 434 435 return err; 436 } 437 438 static int bfusb_flush(struct hci_dev *hdev) 439 { 440 struct bfusb_data *data = hci_get_drvdata(hdev); 441 442 BT_DBG("hdev %p bfusb %p", hdev, data); 443 444 skb_queue_purge(&data->transmit_q); 445 446 return 0; 447 } 448 449 static int bfusb_close(struct hci_dev *hdev) 450 { 451 struct bfusb_data *data = hci_get_drvdata(hdev); 452 unsigned long flags; 453 454 BT_DBG("hdev %p bfusb %p", hdev, data); 455 456 write_lock_irqsave(&data->lock, flags); 457 write_unlock_irqrestore(&data->lock, flags); 458 459 bfusb_unlink_urbs(data); 460 bfusb_flush(hdev); 461 462 return 0; 463 } 464 465 static int bfusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 466 { 467 struct bfusb_data *data = hci_get_drvdata(hdev); 468 struct sk_buff *nskb; 469 unsigned char buf[3]; 470 int sent = 0, size, count; 471 472 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, 473 hci_skb_pkt_type(skb), skb->len); 474 475 switch (hci_skb_pkt_type(skb)) { 476 case HCI_COMMAND_PKT: 477 hdev->stat.cmd_tx++; 478 break; 479 case HCI_ACLDATA_PKT: 480 hdev->stat.acl_tx++; 481 break; 482 case HCI_SCODATA_PKT: 483 hdev->stat.sco_tx++; 484 break; 485 } 486 487 /* Prepend skb with frame type */ 488 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); 489 490 count = skb->len; 491 492 /* Max HCI frame size seems to be 1511 + 1 */ 493 nskb = bt_skb_alloc(count + 32, GFP_KERNEL); 494 if (!nskb) { 495 BT_ERR("Can't allocate memory for new packet"); 496 return -ENOMEM; 497 } 498 499 nskb->dev = (void *) data; 500 501 while (count) { 502 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE); 503 504 buf[0] = 0xc1 | ((sent == 0) ? 0x04 : 0) | ((count == size) ? 0x08 : 0); 505 buf[1] = 0x00; 506 buf[2] = (size == BFUSB_MAX_BLOCK_SIZE) ? 0 : size; 507 508 skb_put_data(nskb, buf, 3); 509 skb_copy_from_linear_data_offset(skb, sent, skb_put(nskb, size), size); 510 511 sent += size; 512 count -= size; 513 } 514 515 /* Don't send frame with multiple size of bulk max packet */ 516 if ((nskb->len % data->bulk_pkt_size) == 0) { 517 buf[0] = 0xdd; 518 buf[1] = 0x00; 519 skb_put_data(nskb, buf, 2); 520 } 521 522 read_lock(&data->lock); 523 524 skb_queue_tail(&data->transmit_q, nskb); 525 bfusb_tx_wakeup(data); 526 527 read_unlock(&data->lock); 528 529 kfree_skb(skb); 530 531 return 0; 532 } 533 534 static int bfusb_load_firmware(struct bfusb_data *data, 535 const unsigned char *firmware, int count) 536 { 537 unsigned char *buf; 538 int err, pipe, len, size, sent = 0; 539 540 BT_DBG("bfusb %p udev %p", data, data->udev); 541 542 BT_INFO("BlueFRITZ! USB loading firmware"); 543 544 buf = kmalloc(BFUSB_MAX_BLOCK_SIZE + 3, GFP_KERNEL); 545 if (!buf) { 546 BT_ERR("Can't allocate memory chunk for firmware"); 547 return -ENOMEM; 548 } 549 550 pipe = usb_sndctrlpipe(data->udev, 0); 551 552 if (usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 553 0, 1, 0, NULL, 0, USB_CTRL_SET_TIMEOUT) < 0) { 554 BT_ERR("Can't change to loading configuration"); 555 kfree(buf); 556 return -EBUSY; 557 } 558 559 data->udev->toggle[0] = data->udev->toggle[1] = 0; 560 561 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep); 562 563 while (count) { 564 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE + 3); 565 566 memcpy(buf, firmware + sent, size); 567 568 err = usb_bulk_msg(data->udev, pipe, buf, size, 569 &len, BFUSB_BLOCK_TIMEOUT); 570 571 if (err || (len != size)) { 572 BT_ERR("Error in firmware loading"); 573 goto error; 574 } 575 576 sent += size; 577 count -= size; 578 } 579 580 err = usb_bulk_msg(data->udev, pipe, NULL, 0, 581 &len, BFUSB_BLOCK_TIMEOUT); 582 if (err < 0) { 583 BT_ERR("Error in null packet request"); 584 goto error; 585 } 586 587 pipe = usb_sndctrlpipe(data->udev, 0); 588 589 err = usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 590 0, 2, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); 591 if (err < 0) { 592 BT_ERR("Can't change to running configuration"); 593 goto error; 594 } 595 596 data->udev->toggle[0] = data->udev->toggle[1] = 0; 597 598 BT_INFO("BlueFRITZ! USB device ready"); 599 600 kfree(buf); 601 return 0; 602 603 error: 604 kfree(buf); 605 606 pipe = usb_sndctrlpipe(data->udev, 0); 607 608 usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 609 0, 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); 610 611 return err; 612 } 613 614 static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *id) 615 { 616 const struct firmware *firmware; 617 struct usb_device *udev = interface_to_usbdev(intf); 618 struct usb_host_endpoint *bulk_out_ep; 619 struct usb_host_endpoint *bulk_in_ep; 620 struct hci_dev *hdev; 621 struct bfusb_data *data; 622 623 BT_DBG("intf %p id %p", intf, id); 624 625 /* Check number of endpoints */ 626 if (intf->cur_altsetting->desc.bNumEndpoints < 2) 627 return -EIO; 628 629 bulk_out_ep = &intf->cur_altsetting->endpoint[0]; 630 bulk_in_ep = &intf->cur_altsetting->endpoint[1]; 631 632 if (!bulk_out_ep || !bulk_in_ep) { 633 BT_ERR("Bulk endpoints not found"); 634 goto done; 635 } 636 637 /* Initialize control structure and load firmware */ 638 data = devm_kzalloc(&intf->dev, sizeof(struct bfusb_data), GFP_KERNEL); 639 if (!data) 640 return -ENOMEM; 641 642 data->udev = udev; 643 data->bulk_in_ep = bulk_in_ep->desc.bEndpointAddress; 644 data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress; 645 data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize); 646 647 rwlock_init(&data->lock); 648 649 data->reassembly = NULL; 650 651 skb_queue_head_init(&data->transmit_q); 652 skb_queue_head_init(&data->pending_q); 653 skb_queue_head_init(&data->completed_q); 654 655 if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) { 656 BT_ERR("Firmware request failed"); 657 goto done; 658 } 659 660 BT_DBG("firmware data %p size %zu", firmware->data, firmware->size); 661 662 if (bfusb_load_firmware(data, firmware->data, firmware->size) < 0) { 663 BT_ERR("Firmware loading failed"); 664 goto release; 665 } 666 667 release_firmware(firmware); 668 669 /* Initialize and register HCI device */ 670 hdev = hci_alloc_dev(); 671 if (!hdev) { 672 BT_ERR("Can't allocate HCI device"); 673 goto done; 674 } 675 676 data->hdev = hdev; 677 678 hdev->bus = HCI_USB; 679 hci_set_drvdata(hdev, data); 680 SET_HCIDEV_DEV(hdev, &intf->dev); 681 682 hdev->open = bfusb_open; 683 hdev->close = bfusb_close; 684 hdev->flush = bfusb_flush; 685 hdev->send = bfusb_send_frame; 686 687 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 688 689 if (hci_register_dev(hdev) < 0) { 690 BT_ERR("Can't register HCI device"); 691 hci_free_dev(hdev); 692 goto done; 693 } 694 695 usb_set_intfdata(intf, data); 696 697 return 0; 698 699 release: 700 release_firmware(firmware); 701 702 done: 703 return -EIO; 704 } 705 706 static void bfusb_disconnect(struct usb_interface *intf) 707 { 708 struct bfusb_data *data = usb_get_intfdata(intf); 709 struct hci_dev *hdev = data->hdev; 710 711 BT_DBG("intf %p", intf); 712 713 if (!hdev) 714 return; 715 716 usb_set_intfdata(intf, NULL); 717 718 bfusb_close(hdev); 719 720 hci_unregister_dev(hdev); 721 hci_free_dev(hdev); 722 } 723 724 static struct usb_driver bfusb_driver = { 725 .name = "bfusb", 726 .probe = bfusb_probe, 727 .disconnect = bfusb_disconnect, 728 .id_table = bfusb_table, 729 .disable_hub_initiated_lpm = 1, 730 }; 731 732 module_usb_driver(bfusb_driver); 733 734 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 735 MODULE_DESCRIPTION("BlueFRITZ! USB driver ver " VERSION); 736 MODULE_VERSION(VERSION); 737 MODULE_LICENSE("GPL"); 738 MODULE_FIRMWARE("bfubase.frm"); 739