1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/firmware.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 31 #define VERSION "0.6" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 36 static bool reset = 1; 37 38 static struct usb_driver btusb_driver; 39 40 #define BTUSB_IGNORE 0x01 41 #define BTUSB_DIGIANSWER 0x02 42 #define BTUSB_CSR 0x04 43 #define BTUSB_SNIFFER 0x08 44 #define BTUSB_BCM92035 0x10 45 #define BTUSB_BROKEN_ISOC 0x20 46 #define BTUSB_WRONG_SCO_MTU 0x40 47 #define BTUSB_ATH3012 0x80 48 #define BTUSB_INTEL 0x100 49 #define BTUSB_INTEL_BOOT 0x200 50 #define BTUSB_BCM_PATCHRAM 0x400 51 #define BTUSB_MARVELL 0x800 52 53 static const struct usb_device_id btusb_table[] = { 54 /* Generic Bluetooth USB device */ 55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 56 57 /* Apple-specific (Broadcom) devices */ 58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) }, 59 60 /* MediaTek MT76x0E */ 61 { USB_DEVICE(0x0e8d, 0x763f) }, 62 63 /* Broadcom SoftSailing reporting vendor specific */ 64 { USB_DEVICE(0x0a5c, 0x21e1) }, 65 66 /* Apple MacBookPro 7,1 */ 67 { USB_DEVICE(0x05ac, 0x8213) }, 68 69 /* Apple iMac11,1 */ 70 { USB_DEVICE(0x05ac, 0x8215) }, 71 72 /* Apple MacBookPro6,2 */ 73 { USB_DEVICE(0x05ac, 0x8218) }, 74 75 /* Apple MacBookAir3,1, MacBookAir3,2 */ 76 { USB_DEVICE(0x05ac, 0x821b) }, 77 78 /* Apple MacBookAir4,1 */ 79 { USB_DEVICE(0x05ac, 0x821f) }, 80 81 /* Apple MacBookPro8,2 */ 82 { USB_DEVICE(0x05ac, 0x821a) }, 83 84 /* Apple MacMini5,1 */ 85 { USB_DEVICE(0x05ac, 0x8281) }, 86 87 /* AVM BlueFRITZ! USB v2.0 */ 88 { USB_DEVICE(0x057c, 0x3800) }, 89 90 /* Bluetooth Ultraport Module from IBM */ 91 { USB_DEVICE(0x04bf, 0x030a) }, 92 93 /* ALPS Modules with non-standard id */ 94 { USB_DEVICE(0x044e, 0x3001) }, 95 { USB_DEVICE(0x044e, 0x3002) }, 96 97 /* Ericsson with non-standard id */ 98 { USB_DEVICE(0x0bdb, 0x1002) }, 99 100 /* Canyon CN-BTU1 with HID interfaces */ 101 { USB_DEVICE(0x0c10, 0x0000) }, 102 103 /* Broadcom BCM20702A0 */ 104 { USB_DEVICE(0x0489, 0xe042) }, 105 { USB_DEVICE(0x04ca, 0x2003) }, 106 { USB_DEVICE(0x0b05, 0x17b5) }, 107 { USB_DEVICE(0x0b05, 0x17cb) }, 108 { USB_DEVICE(0x413c, 0x8197) }, 109 110 /* Foxconn - Hon Hai */ 111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, 112 113 /* Broadcom devices with vendor specific id */ 114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 115 .driver_info = BTUSB_BCM_PATCHRAM }, 116 117 /* ASUSTek Computer - Broadcom based */ 118 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, 119 120 /* Belkin F8065bf - Broadcom based */ 121 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, 122 123 /* IMC Networks - Broadcom based */ 124 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, 125 126 /* Intel Bluetooth USB Bootloader (RAM module) */ 127 { USB_DEVICE(0x8087, 0x0a5a), 128 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 129 130 { } /* Terminating entry */ 131 }; 132 133 MODULE_DEVICE_TABLE(usb, btusb_table); 134 135 static const struct usb_device_id blacklist_table[] = { 136 /* CSR BlueCore devices */ 137 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 138 139 /* Broadcom BCM2033 without firmware */ 140 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 141 142 /* Atheros 3011 with sflash firmware */ 143 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 144 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 145 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 146 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 147 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 148 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 149 150 /* Atheros AR9285 Malbec with sflash firmware */ 151 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 152 153 /* Atheros 3012 with sflash firmware */ 154 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 155 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 156 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 157 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 158 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 159 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 160 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 161 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 162 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 163 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 164 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 165 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 166 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 167 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 168 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 169 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 170 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 171 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 172 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 173 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 174 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 175 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 176 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 177 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 178 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 179 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 180 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 181 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 182 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 183 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 184 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 185 186 /* Atheros AR5BBU12 with sflash firmware */ 187 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 188 189 /* Atheros AR5BBU12 with sflash firmware */ 190 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 191 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 192 193 /* Broadcom BCM2035 */ 194 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 195 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 196 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 197 198 /* Broadcom BCM2045 */ 199 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 200 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 201 202 /* IBM/Lenovo ThinkPad with Broadcom chip */ 203 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 204 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 205 206 /* HP laptop with Broadcom chip */ 207 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 208 209 /* Dell laptop with Broadcom chip */ 210 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 211 212 /* Dell Wireless 370 and 410 devices */ 213 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 214 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 215 216 /* Belkin F8T012 and F8T013 devices */ 217 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 218 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 219 220 /* Asus WL-BTD202 device */ 221 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 222 223 /* Kensington Bluetooth USB adapter */ 224 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 225 226 /* RTX Telecom based adapters with buggy SCO support */ 227 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 228 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 229 230 /* CONWISE Technology based adapters with buggy SCO support */ 231 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, 232 233 /* Digianswer devices */ 234 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 235 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 236 237 /* CSR BlueCore Bluetooth Sniffer */ 238 { USB_DEVICE(0x0a12, 0x0002), 239 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 240 241 /* Frontline ComProbe Bluetooth Sniffer */ 242 { USB_DEVICE(0x16d3, 0x0002), 243 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 244 245 /* Intel Bluetooth device */ 246 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 247 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 248 249 /* Marvell device */ 250 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 251 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 252 253 { } /* Terminating entry */ 254 }; 255 256 #define BTUSB_MAX_ISOC_FRAMES 10 257 258 #define BTUSB_INTR_RUNNING 0 259 #define BTUSB_BULK_RUNNING 1 260 #define BTUSB_ISOC_RUNNING 2 261 #define BTUSB_SUSPENDING 3 262 #define BTUSB_DID_ISO_RESUME 4 263 264 struct btusb_data { 265 struct hci_dev *hdev; 266 struct usb_device *udev; 267 struct usb_interface *intf; 268 struct usb_interface *isoc; 269 270 spinlock_t lock; 271 272 unsigned long flags; 273 274 struct work_struct work; 275 struct work_struct waker; 276 277 struct usb_anchor tx_anchor; 278 struct usb_anchor intr_anchor; 279 struct usb_anchor bulk_anchor; 280 struct usb_anchor isoc_anchor; 281 struct usb_anchor deferred; 282 int tx_in_flight; 283 spinlock_t txlock; 284 285 struct usb_endpoint_descriptor *intr_ep; 286 struct usb_endpoint_descriptor *bulk_tx_ep; 287 struct usb_endpoint_descriptor *bulk_rx_ep; 288 struct usb_endpoint_descriptor *isoc_tx_ep; 289 struct usb_endpoint_descriptor *isoc_rx_ep; 290 291 __u8 cmdreq_type; 292 293 unsigned int sco_num; 294 int isoc_altsetting; 295 int suspend_count; 296 }; 297 298 static int inc_tx(struct btusb_data *data) 299 { 300 unsigned long flags; 301 int rv; 302 303 spin_lock_irqsave(&data->txlock, flags); 304 rv = test_bit(BTUSB_SUSPENDING, &data->flags); 305 if (!rv) 306 data->tx_in_flight++; 307 spin_unlock_irqrestore(&data->txlock, flags); 308 309 return rv; 310 } 311 312 static void btusb_intr_complete(struct urb *urb) 313 { 314 struct hci_dev *hdev = urb->context; 315 struct btusb_data *data = hci_get_drvdata(hdev); 316 int err; 317 318 BT_DBG("%s urb %p status %d count %d", hdev->name, 319 urb, urb->status, urb->actual_length); 320 321 if (!test_bit(HCI_RUNNING, &hdev->flags)) 322 return; 323 324 if (urb->status == 0) { 325 hdev->stat.byte_rx += urb->actual_length; 326 327 if (hci_recv_fragment(hdev, HCI_EVENT_PKT, 328 urb->transfer_buffer, 329 urb->actual_length) < 0) { 330 BT_ERR("%s corrupted event packet", hdev->name); 331 hdev->stat.err_rx++; 332 } 333 } 334 335 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 336 return; 337 338 usb_mark_last_busy(data->udev); 339 usb_anchor_urb(urb, &data->intr_anchor); 340 341 err = usb_submit_urb(urb, GFP_ATOMIC); 342 if (err < 0) { 343 /* -EPERM: urb is being killed; 344 * -ENODEV: device got disconnected */ 345 if (err != -EPERM && err != -ENODEV) 346 BT_ERR("%s urb %p failed to resubmit (%d)", 347 hdev->name, urb, -err); 348 usb_unanchor_urb(urb); 349 } 350 } 351 352 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 353 { 354 struct btusb_data *data = hci_get_drvdata(hdev); 355 struct urb *urb; 356 unsigned char *buf; 357 unsigned int pipe; 358 int err, size; 359 360 BT_DBG("%s", hdev->name); 361 362 if (!data->intr_ep) 363 return -ENODEV; 364 365 urb = usb_alloc_urb(0, mem_flags); 366 if (!urb) 367 return -ENOMEM; 368 369 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 370 371 buf = kmalloc(size, mem_flags); 372 if (!buf) { 373 usb_free_urb(urb); 374 return -ENOMEM; 375 } 376 377 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 378 379 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 380 btusb_intr_complete, hdev, 381 data->intr_ep->bInterval); 382 383 urb->transfer_flags |= URB_FREE_BUFFER; 384 385 usb_anchor_urb(urb, &data->intr_anchor); 386 387 err = usb_submit_urb(urb, mem_flags); 388 if (err < 0) { 389 if (err != -EPERM && err != -ENODEV) 390 BT_ERR("%s urb %p submission failed (%d)", 391 hdev->name, urb, -err); 392 usb_unanchor_urb(urb); 393 } 394 395 usb_free_urb(urb); 396 397 return err; 398 } 399 400 static void btusb_bulk_complete(struct urb *urb) 401 { 402 struct hci_dev *hdev = urb->context; 403 struct btusb_data *data = hci_get_drvdata(hdev); 404 int err; 405 406 BT_DBG("%s urb %p status %d count %d", hdev->name, 407 urb, urb->status, urb->actual_length); 408 409 if (!test_bit(HCI_RUNNING, &hdev->flags)) 410 return; 411 412 if (urb->status == 0) { 413 hdev->stat.byte_rx += urb->actual_length; 414 415 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT, 416 urb->transfer_buffer, 417 urb->actual_length) < 0) { 418 BT_ERR("%s corrupted ACL packet", hdev->name); 419 hdev->stat.err_rx++; 420 } 421 } 422 423 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 424 return; 425 426 usb_anchor_urb(urb, &data->bulk_anchor); 427 usb_mark_last_busy(data->udev); 428 429 err = usb_submit_urb(urb, GFP_ATOMIC); 430 if (err < 0) { 431 /* -EPERM: urb is being killed; 432 * -ENODEV: device got disconnected */ 433 if (err != -EPERM && err != -ENODEV) 434 BT_ERR("%s urb %p failed to resubmit (%d)", 435 hdev->name, urb, -err); 436 usb_unanchor_urb(urb); 437 } 438 } 439 440 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 441 { 442 struct btusb_data *data = hci_get_drvdata(hdev); 443 struct urb *urb; 444 unsigned char *buf; 445 unsigned int pipe; 446 int err, size = HCI_MAX_FRAME_SIZE; 447 448 BT_DBG("%s", hdev->name); 449 450 if (!data->bulk_rx_ep) 451 return -ENODEV; 452 453 urb = usb_alloc_urb(0, mem_flags); 454 if (!urb) 455 return -ENOMEM; 456 457 buf = kmalloc(size, mem_flags); 458 if (!buf) { 459 usb_free_urb(urb); 460 return -ENOMEM; 461 } 462 463 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 464 465 usb_fill_bulk_urb(urb, data->udev, pipe, 466 buf, size, btusb_bulk_complete, hdev); 467 468 urb->transfer_flags |= URB_FREE_BUFFER; 469 470 usb_mark_last_busy(data->udev); 471 usb_anchor_urb(urb, &data->bulk_anchor); 472 473 err = usb_submit_urb(urb, mem_flags); 474 if (err < 0) { 475 if (err != -EPERM && err != -ENODEV) 476 BT_ERR("%s urb %p submission failed (%d)", 477 hdev->name, urb, -err); 478 usb_unanchor_urb(urb); 479 } 480 481 usb_free_urb(urb); 482 483 return err; 484 } 485 486 static void btusb_isoc_complete(struct urb *urb) 487 { 488 struct hci_dev *hdev = urb->context; 489 struct btusb_data *data = hci_get_drvdata(hdev); 490 int i, err; 491 492 BT_DBG("%s urb %p status %d count %d", hdev->name, 493 urb, urb->status, urb->actual_length); 494 495 if (!test_bit(HCI_RUNNING, &hdev->flags)) 496 return; 497 498 if (urb->status == 0) { 499 for (i = 0; i < urb->number_of_packets; i++) { 500 unsigned int offset = urb->iso_frame_desc[i].offset; 501 unsigned int length = urb->iso_frame_desc[i].actual_length; 502 503 if (urb->iso_frame_desc[i].status) 504 continue; 505 506 hdev->stat.byte_rx += length; 507 508 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT, 509 urb->transfer_buffer + offset, 510 length) < 0) { 511 BT_ERR("%s corrupted SCO packet", hdev->name); 512 hdev->stat.err_rx++; 513 } 514 } 515 } 516 517 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 518 return; 519 520 usb_anchor_urb(urb, &data->isoc_anchor); 521 522 err = usb_submit_urb(urb, GFP_ATOMIC); 523 if (err < 0) { 524 /* -EPERM: urb is being killed; 525 * -ENODEV: device got disconnected */ 526 if (err != -EPERM && err != -ENODEV) 527 BT_ERR("%s urb %p failed to resubmit (%d)", 528 hdev->name, urb, -err); 529 usb_unanchor_urb(urb); 530 } 531 } 532 533 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 534 { 535 int i, offset = 0; 536 537 BT_DBG("len %d mtu %d", len, mtu); 538 539 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 540 i++, offset += mtu, len -= mtu) { 541 urb->iso_frame_desc[i].offset = offset; 542 urb->iso_frame_desc[i].length = mtu; 543 } 544 545 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 546 urb->iso_frame_desc[i].offset = offset; 547 urb->iso_frame_desc[i].length = len; 548 i++; 549 } 550 551 urb->number_of_packets = i; 552 } 553 554 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 555 { 556 struct btusb_data *data = hci_get_drvdata(hdev); 557 struct urb *urb; 558 unsigned char *buf; 559 unsigned int pipe; 560 int err, size; 561 562 BT_DBG("%s", hdev->name); 563 564 if (!data->isoc_rx_ep) 565 return -ENODEV; 566 567 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 568 if (!urb) 569 return -ENOMEM; 570 571 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 572 BTUSB_MAX_ISOC_FRAMES; 573 574 buf = kmalloc(size, mem_flags); 575 if (!buf) { 576 usb_free_urb(urb); 577 return -ENOMEM; 578 } 579 580 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 581 582 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 583 hdev, data->isoc_rx_ep->bInterval); 584 585 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 586 587 __fill_isoc_descriptor(urb, size, 588 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 589 590 usb_anchor_urb(urb, &data->isoc_anchor); 591 592 err = usb_submit_urb(urb, mem_flags); 593 if (err < 0) { 594 if (err != -EPERM && err != -ENODEV) 595 BT_ERR("%s urb %p submission failed (%d)", 596 hdev->name, urb, -err); 597 usb_unanchor_urb(urb); 598 } 599 600 usb_free_urb(urb); 601 602 return err; 603 } 604 605 static void btusb_tx_complete(struct urb *urb) 606 { 607 struct sk_buff *skb = urb->context; 608 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 609 struct btusb_data *data = hci_get_drvdata(hdev); 610 611 BT_DBG("%s urb %p status %d count %d", hdev->name, 612 urb, urb->status, urb->actual_length); 613 614 if (!test_bit(HCI_RUNNING, &hdev->flags)) 615 goto done; 616 617 if (!urb->status) 618 hdev->stat.byte_tx += urb->transfer_buffer_length; 619 else 620 hdev->stat.err_tx++; 621 622 done: 623 spin_lock(&data->txlock); 624 data->tx_in_flight--; 625 spin_unlock(&data->txlock); 626 627 kfree(urb->setup_packet); 628 629 kfree_skb(skb); 630 } 631 632 static void btusb_isoc_tx_complete(struct urb *urb) 633 { 634 struct sk_buff *skb = urb->context; 635 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 636 637 BT_DBG("%s urb %p status %d count %d", hdev->name, 638 urb, urb->status, urb->actual_length); 639 640 if (!test_bit(HCI_RUNNING, &hdev->flags)) 641 goto done; 642 643 if (!urb->status) 644 hdev->stat.byte_tx += urb->transfer_buffer_length; 645 else 646 hdev->stat.err_tx++; 647 648 done: 649 kfree(urb->setup_packet); 650 651 kfree_skb(skb); 652 } 653 654 static int btusb_open(struct hci_dev *hdev) 655 { 656 struct btusb_data *data = hci_get_drvdata(hdev); 657 int err; 658 659 BT_DBG("%s", hdev->name); 660 661 err = usb_autopm_get_interface(data->intf); 662 if (err < 0) 663 return err; 664 665 data->intf->needs_remote_wakeup = 1; 666 667 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 668 goto done; 669 670 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 671 goto done; 672 673 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 674 if (err < 0) 675 goto failed; 676 677 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 678 if (err < 0) { 679 usb_kill_anchored_urbs(&data->intr_anchor); 680 goto failed; 681 } 682 683 set_bit(BTUSB_BULK_RUNNING, &data->flags); 684 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 685 686 done: 687 usb_autopm_put_interface(data->intf); 688 return 0; 689 690 failed: 691 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 692 clear_bit(HCI_RUNNING, &hdev->flags); 693 usb_autopm_put_interface(data->intf); 694 return err; 695 } 696 697 static void btusb_stop_traffic(struct btusb_data *data) 698 { 699 usb_kill_anchored_urbs(&data->intr_anchor); 700 usb_kill_anchored_urbs(&data->bulk_anchor); 701 usb_kill_anchored_urbs(&data->isoc_anchor); 702 } 703 704 static int btusb_close(struct hci_dev *hdev) 705 { 706 struct btusb_data *data = hci_get_drvdata(hdev); 707 int err; 708 709 BT_DBG("%s", hdev->name); 710 711 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 712 return 0; 713 714 cancel_work_sync(&data->work); 715 cancel_work_sync(&data->waker); 716 717 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 718 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 719 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 720 721 btusb_stop_traffic(data); 722 err = usb_autopm_get_interface(data->intf); 723 if (err < 0) 724 goto failed; 725 726 data->intf->needs_remote_wakeup = 0; 727 usb_autopm_put_interface(data->intf); 728 729 failed: 730 usb_scuttle_anchored_urbs(&data->deferred); 731 return 0; 732 } 733 734 static int btusb_flush(struct hci_dev *hdev) 735 { 736 struct btusb_data *data = hci_get_drvdata(hdev); 737 738 BT_DBG("%s", hdev->name); 739 740 usb_kill_anchored_urbs(&data->tx_anchor); 741 742 return 0; 743 } 744 745 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 746 { 747 struct btusb_data *data = hci_get_drvdata(hdev); 748 struct usb_ctrlrequest *dr; 749 struct urb *urb; 750 unsigned int pipe; 751 int err; 752 753 BT_DBG("%s", hdev->name); 754 755 if (!test_bit(HCI_RUNNING, &hdev->flags)) 756 return -EBUSY; 757 758 skb->dev = (void *) hdev; 759 760 switch (bt_cb(skb)->pkt_type) { 761 case HCI_COMMAND_PKT: 762 urb = usb_alloc_urb(0, GFP_ATOMIC); 763 if (!urb) 764 return -ENOMEM; 765 766 dr = kmalloc(sizeof(*dr), GFP_ATOMIC); 767 if (!dr) { 768 usb_free_urb(urb); 769 return -ENOMEM; 770 } 771 772 dr->bRequestType = data->cmdreq_type; 773 dr->bRequest = 0; 774 dr->wIndex = 0; 775 dr->wValue = 0; 776 dr->wLength = __cpu_to_le16(skb->len); 777 778 pipe = usb_sndctrlpipe(data->udev, 0x00); 779 780 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr, 781 skb->data, skb->len, btusb_tx_complete, skb); 782 783 hdev->stat.cmd_tx++; 784 break; 785 786 case HCI_ACLDATA_PKT: 787 if (!data->bulk_tx_ep) 788 return -ENODEV; 789 790 urb = usb_alloc_urb(0, GFP_ATOMIC); 791 if (!urb) 792 return -ENOMEM; 793 794 pipe = usb_sndbulkpipe(data->udev, 795 data->bulk_tx_ep->bEndpointAddress); 796 797 usb_fill_bulk_urb(urb, data->udev, pipe, 798 skb->data, skb->len, btusb_tx_complete, skb); 799 800 hdev->stat.acl_tx++; 801 break; 802 803 case HCI_SCODATA_PKT: 804 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1) 805 return -ENODEV; 806 807 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC); 808 if (!urb) 809 return -ENOMEM; 810 811 pipe = usb_sndisocpipe(data->udev, 812 data->isoc_tx_ep->bEndpointAddress); 813 814 usb_fill_int_urb(urb, data->udev, pipe, 815 skb->data, skb->len, btusb_isoc_tx_complete, 816 skb, data->isoc_tx_ep->bInterval); 817 818 urb->transfer_flags = URB_ISO_ASAP; 819 820 __fill_isoc_descriptor(urb, skb->len, 821 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 822 823 hdev->stat.sco_tx++; 824 goto skip_waking; 825 826 default: 827 return -EILSEQ; 828 } 829 830 err = inc_tx(data); 831 if (err) { 832 usb_anchor_urb(urb, &data->deferred); 833 schedule_work(&data->waker); 834 err = 0; 835 goto done; 836 } 837 838 skip_waking: 839 usb_anchor_urb(urb, &data->tx_anchor); 840 841 err = usb_submit_urb(urb, GFP_ATOMIC); 842 if (err < 0) { 843 if (err != -EPERM && err != -ENODEV) 844 BT_ERR("%s urb %p submission failed (%d)", 845 hdev->name, urb, -err); 846 kfree(urb->setup_packet); 847 usb_unanchor_urb(urb); 848 } else { 849 usb_mark_last_busy(data->udev); 850 } 851 852 done: 853 usb_free_urb(urb); 854 return err; 855 } 856 857 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 858 { 859 struct btusb_data *data = hci_get_drvdata(hdev); 860 861 BT_DBG("%s evt %d", hdev->name, evt); 862 863 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 864 data->sco_num = hci_conn_num(hdev, SCO_LINK); 865 schedule_work(&data->work); 866 } 867 } 868 869 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 870 { 871 struct btusb_data *data = hci_get_drvdata(hdev); 872 struct usb_interface *intf = data->isoc; 873 struct usb_endpoint_descriptor *ep_desc; 874 int i, err; 875 876 if (!data->isoc) 877 return -ENODEV; 878 879 err = usb_set_interface(data->udev, 1, altsetting); 880 if (err < 0) { 881 BT_ERR("%s setting interface failed (%d)", hdev->name, -err); 882 return err; 883 } 884 885 data->isoc_altsetting = altsetting; 886 887 data->isoc_tx_ep = NULL; 888 data->isoc_rx_ep = NULL; 889 890 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 891 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 892 893 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 894 data->isoc_tx_ep = ep_desc; 895 continue; 896 } 897 898 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 899 data->isoc_rx_ep = ep_desc; 900 continue; 901 } 902 } 903 904 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 905 BT_ERR("%s invalid SCO descriptors", hdev->name); 906 return -ENODEV; 907 } 908 909 return 0; 910 } 911 912 static void btusb_work(struct work_struct *work) 913 { 914 struct btusb_data *data = container_of(work, struct btusb_data, work); 915 struct hci_dev *hdev = data->hdev; 916 int new_alts; 917 int err; 918 919 if (data->sco_num > 0) { 920 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 921 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 922 if (err < 0) { 923 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 924 usb_kill_anchored_urbs(&data->isoc_anchor); 925 return; 926 } 927 928 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 929 } 930 931 if (hdev->voice_setting & 0x0020) { 932 static const int alts[3] = { 2, 4, 5 }; 933 new_alts = alts[data->sco_num - 1]; 934 } else { 935 new_alts = data->sco_num; 936 } 937 938 if (data->isoc_altsetting != new_alts) { 939 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 940 usb_kill_anchored_urbs(&data->isoc_anchor); 941 942 if (__set_isoc_interface(hdev, new_alts) < 0) 943 return; 944 } 945 946 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 947 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 948 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 949 else 950 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 951 } 952 } else { 953 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 954 usb_kill_anchored_urbs(&data->isoc_anchor); 955 956 __set_isoc_interface(hdev, 0); 957 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 958 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 959 } 960 } 961 962 static void btusb_waker(struct work_struct *work) 963 { 964 struct btusb_data *data = container_of(work, struct btusb_data, waker); 965 int err; 966 967 err = usb_autopm_get_interface(data->intf); 968 if (err < 0) 969 return; 970 971 usb_autopm_put_interface(data->intf); 972 } 973 974 static int btusb_setup_bcm92035(struct hci_dev *hdev) 975 { 976 struct sk_buff *skb; 977 u8 val = 0x00; 978 979 BT_DBG("%s", hdev->name); 980 981 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 982 if (IS_ERR(skb)) 983 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); 984 else 985 kfree_skb(skb); 986 987 return 0; 988 } 989 990 static int btusb_setup_csr(struct hci_dev *hdev) 991 { 992 struct hci_rp_read_local_version *rp; 993 struct sk_buff *skb; 994 int ret; 995 996 BT_DBG("%s", hdev->name); 997 998 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 999 HCI_INIT_TIMEOUT); 1000 if (IS_ERR(skb)) { 1001 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); 1002 return -PTR_ERR(skb); 1003 } 1004 1005 rp = (struct hci_rp_read_local_version *) skb->data; 1006 1007 if (!rp->status) { 1008 if (le16_to_cpu(rp->manufacturer) != 10) { 1009 /* Clear the reset quirk since this is not an actual 1010 * early Bluetooth 1.1 device from CSR. 1011 */ 1012 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1013 1014 /* These fake CSR controllers have all a broken 1015 * stored link key handling and so just disable it. 1016 */ 1017 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, 1018 &hdev->quirks); 1019 } 1020 } 1021 1022 ret = -bt_to_errno(rp->status); 1023 1024 kfree_skb(skb); 1025 1026 return ret; 1027 } 1028 1029 struct intel_version { 1030 u8 status; 1031 u8 hw_platform; 1032 u8 hw_variant; 1033 u8 hw_revision; 1034 u8 fw_variant; 1035 u8 fw_revision; 1036 u8 fw_build_num; 1037 u8 fw_build_ww; 1038 u8 fw_build_yy; 1039 u8 fw_patch_num; 1040 } __packed; 1041 1042 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1043 struct intel_version *ver) 1044 { 1045 const struct firmware *fw; 1046 char fwname[64]; 1047 int ret; 1048 1049 snprintf(fwname, sizeof(fwname), 1050 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1051 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1052 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1053 ver->fw_build_ww, ver->fw_build_yy); 1054 1055 ret = request_firmware(&fw, fwname, &hdev->dev); 1056 if (ret < 0) { 1057 if (ret == -EINVAL) { 1058 BT_ERR("%s Intel firmware file request failed (%d)", 1059 hdev->name, ret); 1060 return NULL; 1061 } 1062 1063 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1064 hdev->name, fwname, ret); 1065 1066 /* If the correct firmware patch file is not found, use the 1067 * default firmware patch file instead 1068 */ 1069 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1070 ver->hw_platform, ver->hw_variant); 1071 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1072 BT_ERR("%s failed to open default Intel fw file: %s", 1073 hdev->name, fwname); 1074 return NULL; 1075 } 1076 } 1077 1078 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); 1079 1080 return fw; 1081 } 1082 1083 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1084 const struct firmware *fw, 1085 const u8 **fw_ptr, int *disable_patch) 1086 { 1087 struct sk_buff *skb; 1088 struct hci_command_hdr *cmd; 1089 const u8 *cmd_param; 1090 struct hci_event_hdr *evt = NULL; 1091 const u8 *evt_param = NULL; 1092 int remain = fw->size - (*fw_ptr - fw->data); 1093 1094 /* The first byte indicates the types of the patch command or event. 1095 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1096 * in the current firmware buffer doesn't start with 0x01 or 1097 * the size of remain buffer is smaller than HCI command header, 1098 * the firmware file is corrupted and it should stop the patching 1099 * process. 1100 */ 1101 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1102 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1103 return -EINVAL; 1104 } 1105 (*fw_ptr)++; 1106 remain--; 1107 1108 cmd = (struct hci_command_hdr *)(*fw_ptr); 1109 *fw_ptr += sizeof(*cmd); 1110 remain -= sizeof(*cmd); 1111 1112 /* Ensure that the remain firmware data is long enough than the length 1113 * of command parameter. If not, the firmware file is corrupted. 1114 */ 1115 if (remain < cmd->plen) { 1116 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1117 return -EFAULT; 1118 } 1119 1120 /* If there is a command that loads a patch in the firmware 1121 * file, then enable the patch upon success, otherwise just 1122 * disable the manufacturer mode, for example patch activation 1123 * is not required when the default firmware patch file is used 1124 * because there are no patch data to load. 1125 */ 1126 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1127 *disable_patch = 0; 1128 1129 cmd_param = *fw_ptr; 1130 *fw_ptr += cmd->plen; 1131 remain -= cmd->plen; 1132 1133 /* This reads the expected events when the above command is sent to the 1134 * device. Some vendor commands expects more than one events, for 1135 * example command status event followed by vendor specific event. 1136 * For this case, it only keeps the last expected event. so the command 1137 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1138 * last expected event. 1139 */ 1140 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1141 (*fw_ptr)++; 1142 remain--; 1143 1144 evt = (struct hci_event_hdr *)(*fw_ptr); 1145 *fw_ptr += sizeof(*evt); 1146 remain -= sizeof(*evt); 1147 1148 if (remain < evt->plen) { 1149 BT_ERR("%s Intel fw corrupted: invalid evt len", 1150 hdev->name); 1151 return -EFAULT; 1152 } 1153 1154 evt_param = *fw_ptr; 1155 *fw_ptr += evt->plen; 1156 remain -= evt->plen; 1157 } 1158 1159 /* Every HCI commands in the firmware file has its correspond event. 1160 * If event is not found or remain is smaller than zero, the firmware 1161 * file is corrupted. 1162 */ 1163 if (!evt || !evt_param || remain < 0) { 1164 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1165 return -EFAULT; 1166 } 1167 1168 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1169 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1170 if (IS_ERR(skb)) { 1171 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1172 hdev->name, cmd->opcode, PTR_ERR(skb)); 1173 return PTR_ERR(skb); 1174 } 1175 1176 /* It ensures that the returned event matches the event data read from 1177 * the firmware file. At fist, it checks the length and then 1178 * the contents of the event. 1179 */ 1180 if (skb->len != evt->plen) { 1181 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1182 le16_to_cpu(cmd->opcode)); 1183 kfree_skb(skb); 1184 return -EFAULT; 1185 } 1186 1187 if (memcmp(skb->data, evt_param, evt->plen)) { 1188 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1189 hdev->name, le16_to_cpu(cmd->opcode)); 1190 kfree_skb(skb); 1191 return -EFAULT; 1192 } 1193 kfree_skb(skb); 1194 1195 return 0; 1196 } 1197 1198 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 1199 1200 static int btusb_check_bdaddr_intel(struct hci_dev *hdev) 1201 { 1202 struct sk_buff *skb; 1203 struct hci_rp_read_bd_addr *rp; 1204 1205 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1206 HCI_INIT_TIMEOUT); 1207 if (IS_ERR(skb)) { 1208 BT_ERR("%s reading Intel device address failed (%ld)", 1209 hdev->name, PTR_ERR(skb)); 1210 return PTR_ERR(skb); 1211 } 1212 1213 if (skb->len != sizeof(*rp)) { 1214 BT_ERR("%s Intel device address length mismatch", hdev->name); 1215 kfree_skb(skb); 1216 return -EIO; 1217 } 1218 1219 rp = (struct hci_rp_read_bd_addr *) skb->data; 1220 if (rp->status) { 1221 BT_ERR("%s Intel device address result failed (%02x)", 1222 hdev->name, rp->status); 1223 kfree_skb(skb); 1224 return -bt_to_errno(rp->status); 1225 } 1226 1227 /* For some Intel based controllers, the default Bluetooth device 1228 * address 00:03:19:9E:8B:00 can be found. These controllers are 1229 * fully operational, but have the danger of duplicate addresses 1230 * and that in turn can cause problems with Bluetooth operation. 1231 */ 1232 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) { 1233 BT_ERR("%s found Intel default device address (%pMR)", 1234 hdev->name, &rp->bdaddr); 1235 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1236 } 1237 1238 kfree_skb(skb); 1239 1240 return 0; 1241 } 1242 1243 static int btusb_setup_intel(struct hci_dev *hdev) 1244 { 1245 struct sk_buff *skb; 1246 const struct firmware *fw; 1247 const u8 *fw_ptr; 1248 int disable_patch; 1249 struct intel_version *ver; 1250 1251 const u8 mfg_enable[] = { 0x01, 0x00 }; 1252 const u8 mfg_disable[] = { 0x00, 0x00 }; 1253 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 }; 1254 const u8 mfg_reset_activate[] = { 0x00, 0x02 }; 1255 1256 BT_DBG("%s", hdev->name); 1257 1258 /* The controller has a bug with the first HCI command sent to it 1259 * returning number of completed commands as zero. This would stall the 1260 * command processing in the Bluetooth core. 1261 * 1262 * As a workaround, send HCI Reset command first which will reset the 1263 * number of completed commands and allow normal command processing 1264 * from now on. 1265 */ 1266 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1267 if (IS_ERR(skb)) { 1268 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1269 hdev->name, PTR_ERR(skb)); 1270 return PTR_ERR(skb); 1271 } 1272 kfree_skb(skb); 1273 1274 /* Read Intel specific controller version first to allow selection of 1275 * which firmware file to load. 1276 * 1277 * The returned information are hardware variant and revision plus 1278 * firmware variant, revision and build number. 1279 */ 1280 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 1281 if (IS_ERR(skb)) { 1282 BT_ERR("%s reading Intel fw version command failed (%ld)", 1283 hdev->name, PTR_ERR(skb)); 1284 return PTR_ERR(skb); 1285 } 1286 1287 if (skb->len != sizeof(*ver)) { 1288 BT_ERR("%s Intel version event length mismatch", hdev->name); 1289 kfree_skb(skb); 1290 return -EIO; 1291 } 1292 1293 ver = (struct intel_version *)skb->data; 1294 if (ver->status) { 1295 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name, 1296 ver->status); 1297 kfree_skb(skb); 1298 return -bt_to_errno(ver->status); 1299 } 1300 1301 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1302 hdev->name, ver->hw_platform, ver->hw_variant, 1303 ver->hw_revision, ver->fw_variant, ver->fw_revision, 1304 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy, 1305 ver->fw_patch_num); 1306 1307 /* fw_patch_num indicates the version of patch the device currently 1308 * have. If there is no patch data in the device, it is always 0x00. 1309 * So, if it is other than 0x00, no need to patch the deivce again. 1310 */ 1311 if (ver->fw_patch_num) { 1312 BT_INFO("%s: Intel device is already patched. patch num: %02x", 1313 hdev->name, ver->fw_patch_num); 1314 kfree_skb(skb); 1315 btusb_check_bdaddr_intel(hdev); 1316 return 0; 1317 } 1318 1319 /* Opens the firmware patch file based on the firmware version read 1320 * from the controller. If it fails to open the matching firmware 1321 * patch file, it tries to open the default firmware patch file. 1322 * If no patch file is found, allow the device to operate without 1323 * a patch. 1324 */ 1325 fw = btusb_setup_intel_get_fw(hdev, ver); 1326 if (!fw) { 1327 kfree_skb(skb); 1328 btusb_check_bdaddr_intel(hdev); 1329 return 0; 1330 } 1331 fw_ptr = fw->data; 1332 1333 /* This Intel specific command enables the manufacturer mode of the 1334 * controller. 1335 * 1336 * Only while this mode is enabled, the driver can download the 1337 * firmware patch data and configuration parameters. 1338 */ 1339 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT); 1340 if (IS_ERR(skb)) { 1341 BT_ERR("%s entering Intel manufacturer mode failed (%ld)", 1342 hdev->name, PTR_ERR(skb)); 1343 release_firmware(fw); 1344 return PTR_ERR(skb); 1345 } 1346 1347 if (skb->data[0]) { 1348 u8 evt_status = skb->data[0]; 1349 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)", 1350 hdev->name, evt_status); 1351 kfree_skb(skb); 1352 release_firmware(fw); 1353 return -bt_to_errno(evt_status); 1354 } 1355 kfree_skb(skb); 1356 1357 disable_patch = 1; 1358 1359 /* The firmware data file consists of list of Intel specific HCI 1360 * commands and its expected events. The first byte indicates the 1361 * type of the message, either HCI command or HCI event. 1362 * 1363 * It reads the command and its expected event from the firmware file, 1364 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1365 * the returned event is compared with the event read from the firmware 1366 * file and it will continue until all the messages are downloaded to 1367 * the controller. 1368 * 1369 * Once the firmware patching is completed successfully, 1370 * the manufacturer mode is disabled with reset and activating the 1371 * downloaded patch. 1372 * 1373 * If the firmware patching fails, the manufacturer mode is 1374 * disabled with reset and deactivating the patch. 1375 * 1376 * If the default patch file is used, no reset is done when disabling 1377 * the manufacturer. 1378 */ 1379 while (fw->size > fw_ptr - fw->data) { 1380 int ret; 1381 1382 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1383 &disable_patch); 1384 if (ret < 0) 1385 goto exit_mfg_deactivate; 1386 } 1387 1388 release_firmware(fw); 1389 1390 if (disable_patch) 1391 goto exit_mfg_disable; 1392 1393 /* Patching completed successfully and disable the manufacturer mode 1394 * with reset and activate the downloaded firmware patches. 1395 */ 1396 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate), 1397 mfg_reset_activate, HCI_INIT_TIMEOUT); 1398 if (IS_ERR(skb)) { 1399 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1400 hdev->name, PTR_ERR(skb)); 1401 return PTR_ERR(skb); 1402 } 1403 kfree_skb(skb); 1404 1405 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", 1406 hdev->name); 1407 1408 btusb_check_bdaddr_intel(hdev); 1409 return 0; 1410 1411 exit_mfg_disable: 1412 /* Disable the manufacturer mode without reset */ 1413 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable, 1414 HCI_INIT_TIMEOUT); 1415 if (IS_ERR(skb)) { 1416 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1417 hdev->name, PTR_ERR(skb)); 1418 return PTR_ERR(skb); 1419 } 1420 kfree_skb(skb); 1421 1422 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); 1423 1424 btusb_check_bdaddr_intel(hdev); 1425 return 0; 1426 1427 exit_mfg_deactivate: 1428 release_firmware(fw); 1429 1430 /* Patching failed. Disable the manufacturer mode with reset and 1431 * deactivate the downloaded firmware patches. 1432 */ 1433 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate), 1434 mfg_reset_deactivate, HCI_INIT_TIMEOUT); 1435 if (IS_ERR(skb)) { 1436 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1437 hdev->name, PTR_ERR(skb)); 1438 return PTR_ERR(skb); 1439 } 1440 kfree_skb(skb); 1441 1442 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", 1443 hdev->name); 1444 1445 btusb_check_bdaddr_intel(hdev); 1446 return 0; 1447 } 1448 1449 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1450 { 1451 struct sk_buff *skb; 1452 long ret; 1453 1454 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 1455 if (IS_ERR(skb)) { 1456 ret = PTR_ERR(skb); 1457 BT_ERR("%s: changing Intel device address failed (%ld)", 1458 hdev->name, ret); 1459 return ret; 1460 } 1461 kfree_skb(skb); 1462 1463 return 0; 1464 } 1465 1466 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 1467 const bdaddr_t *bdaddr) 1468 { 1469 struct sk_buff *skb; 1470 u8 buf[8]; 1471 long ret; 1472 1473 buf[0] = 0xfe; 1474 buf[1] = sizeof(bdaddr_t); 1475 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 1476 1477 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 1478 if (IS_ERR(skb)) { 1479 ret = PTR_ERR(skb); 1480 BT_ERR("%s: changing Marvell device address failed (%ld)", 1481 hdev->name, ret); 1482 return ret; 1483 } 1484 kfree_skb(skb); 1485 1486 return 0; 1487 } 1488 1489 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}}) 1490 1491 static int btusb_setup_bcm_patchram(struct hci_dev *hdev) 1492 { 1493 struct btusb_data *data = hci_get_drvdata(hdev); 1494 struct usb_device *udev = data->udev; 1495 char fw_name[64]; 1496 const struct firmware *fw; 1497 const u8 *fw_ptr; 1498 size_t fw_size; 1499 const struct hci_command_hdr *cmd; 1500 const u8 *cmd_param; 1501 u16 opcode; 1502 struct sk_buff *skb; 1503 struct hci_rp_read_local_version *ver; 1504 struct hci_rp_read_bd_addr *bda; 1505 long ret; 1506 1507 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd", 1508 udev->product ? udev->product : "BCM", 1509 le16_to_cpu(udev->descriptor.idVendor), 1510 le16_to_cpu(udev->descriptor.idProduct)); 1511 1512 ret = request_firmware(&fw, fw_name, &hdev->dev); 1513 if (ret < 0) { 1514 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name); 1515 return 0; 1516 } 1517 1518 /* Reset */ 1519 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1520 if (IS_ERR(skb)) { 1521 ret = PTR_ERR(skb); 1522 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1523 goto done; 1524 } 1525 kfree_skb(skb); 1526 1527 /* Read Local Version Info */ 1528 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1529 HCI_INIT_TIMEOUT); 1530 if (IS_ERR(skb)) { 1531 ret = PTR_ERR(skb); 1532 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1533 hdev->name, ret); 1534 goto done; 1535 } 1536 1537 if (skb->len != sizeof(*ver)) { 1538 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1539 hdev->name); 1540 kfree_skb(skb); 1541 ret = -EIO; 1542 goto done; 1543 } 1544 1545 ver = (struct hci_rp_read_local_version *) skb->data; 1546 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1547 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1548 ver->lmp_ver, ver->lmp_subver); 1549 kfree_skb(skb); 1550 1551 /* Start Download */ 1552 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); 1553 if (IS_ERR(skb)) { 1554 ret = PTR_ERR(skb); 1555 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", 1556 hdev->name, ret); 1557 goto reset_fw; 1558 } 1559 kfree_skb(skb); 1560 1561 /* 50 msec delay after Download Minidrv completes */ 1562 msleep(50); 1563 1564 fw_ptr = fw->data; 1565 fw_size = fw->size; 1566 1567 while (fw_size >= sizeof(*cmd)) { 1568 cmd = (struct hci_command_hdr *) fw_ptr; 1569 fw_ptr += sizeof(*cmd); 1570 fw_size -= sizeof(*cmd); 1571 1572 if (fw_size < cmd->plen) { 1573 BT_ERR("%s: BCM: patch %s is corrupted", 1574 hdev->name, fw_name); 1575 ret = -EINVAL; 1576 goto reset_fw; 1577 } 1578 1579 cmd_param = fw_ptr; 1580 fw_ptr += cmd->plen; 1581 fw_size -= cmd->plen; 1582 1583 opcode = le16_to_cpu(cmd->opcode); 1584 1585 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, 1586 HCI_INIT_TIMEOUT); 1587 if (IS_ERR(skb)) { 1588 ret = PTR_ERR(skb); 1589 BT_ERR("%s: BCM: patch command %04x failed (%ld)", 1590 hdev->name, opcode, ret); 1591 goto reset_fw; 1592 } 1593 kfree_skb(skb); 1594 } 1595 1596 /* 250 msec delay after Launch Ram completes */ 1597 msleep(250); 1598 1599 reset_fw: 1600 /* Reset */ 1601 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1602 if (IS_ERR(skb)) { 1603 ret = PTR_ERR(skb); 1604 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1605 goto done; 1606 } 1607 kfree_skb(skb); 1608 1609 /* Read Local Version Info */ 1610 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1611 HCI_INIT_TIMEOUT); 1612 if (IS_ERR(skb)) { 1613 ret = PTR_ERR(skb); 1614 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1615 hdev->name, ret); 1616 goto done; 1617 } 1618 1619 if (skb->len != sizeof(*ver)) { 1620 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1621 hdev->name); 1622 kfree_skb(skb); 1623 ret = -EIO; 1624 goto done; 1625 } 1626 1627 ver = (struct hci_rp_read_local_version *) skb->data; 1628 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1629 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1630 ver->lmp_ver, ver->lmp_subver); 1631 kfree_skb(skb); 1632 1633 /* Read BD Address */ 1634 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1635 HCI_INIT_TIMEOUT); 1636 if (IS_ERR(skb)) { 1637 ret = PTR_ERR(skb); 1638 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)", 1639 hdev->name, ret); 1640 goto done; 1641 } 1642 1643 if (skb->len != sizeof(*bda)) { 1644 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch", 1645 hdev->name); 1646 kfree_skb(skb); 1647 ret = -EIO; 1648 goto done; 1649 } 1650 1651 bda = (struct hci_rp_read_bd_addr *) skb->data; 1652 if (bda->status) { 1653 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)", 1654 hdev->name, bda->status); 1655 kfree_skb(skb); 1656 ret = -bt_to_errno(bda->status); 1657 goto done; 1658 } 1659 1660 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller 1661 * with no configured address. 1662 */ 1663 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) { 1664 BT_INFO("%s: BCM: using default device address (%pMR)", 1665 hdev->name, &bda->bdaddr); 1666 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1667 } 1668 1669 kfree_skb(skb); 1670 1671 done: 1672 release_firmware(fw); 1673 1674 return ret; 1675 } 1676 1677 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1678 { 1679 struct sk_buff *skb; 1680 long ret; 1681 1682 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT); 1683 if (IS_ERR(skb)) { 1684 ret = PTR_ERR(skb); 1685 BT_ERR("%s: BCM: Change address command failed (%ld)", 1686 hdev->name, ret); 1687 return ret; 1688 } 1689 kfree_skb(skb); 1690 1691 return 0; 1692 } 1693 1694 static int btusb_probe(struct usb_interface *intf, 1695 const struct usb_device_id *id) 1696 { 1697 struct usb_endpoint_descriptor *ep_desc; 1698 struct btusb_data *data; 1699 struct hci_dev *hdev; 1700 int i, err; 1701 1702 BT_DBG("intf %p id %p", intf, id); 1703 1704 /* interface numbers are hardcoded in the spec */ 1705 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) 1706 return -ENODEV; 1707 1708 if (!id->driver_info) { 1709 const struct usb_device_id *match; 1710 match = usb_match_id(intf, blacklist_table); 1711 if (match) 1712 id = match; 1713 } 1714 1715 if (id->driver_info == BTUSB_IGNORE) 1716 return -ENODEV; 1717 1718 if (id->driver_info & BTUSB_ATH3012) { 1719 struct usb_device *udev = interface_to_usbdev(intf); 1720 1721 /* Old firmware would otherwise let ath3k driver load 1722 * patch and sysconfig files */ 1723 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 1724 return -ENODEV; 1725 } 1726 1727 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 1728 if (!data) 1729 return -ENOMEM; 1730 1731 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1732 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1733 1734 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 1735 data->intr_ep = ep_desc; 1736 continue; 1737 } 1738 1739 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 1740 data->bulk_tx_ep = ep_desc; 1741 continue; 1742 } 1743 1744 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 1745 data->bulk_rx_ep = ep_desc; 1746 continue; 1747 } 1748 } 1749 1750 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 1751 return -ENODEV; 1752 1753 data->cmdreq_type = USB_TYPE_CLASS; 1754 1755 data->udev = interface_to_usbdev(intf); 1756 data->intf = intf; 1757 1758 spin_lock_init(&data->lock); 1759 1760 INIT_WORK(&data->work, btusb_work); 1761 INIT_WORK(&data->waker, btusb_waker); 1762 spin_lock_init(&data->txlock); 1763 1764 init_usb_anchor(&data->tx_anchor); 1765 init_usb_anchor(&data->intr_anchor); 1766 init_usb_anchor(&data->bulk_anchor); 1767 init_usb_anchor(&data->isoc_anchor); 1768 init_usb_anchor(&data->deferred); 1769 1770 hdev = hci_alloc_dev(); 1771 if (!hdev) 1772 return -ENOMEM; 1773 1774 hdev->bus = HCI_USB; 1775 hci_set_drvdata(hdev, data); 1776 1777 data->hdev = hdev; 1778 1779 SET_HCIDEV_DEV(hdev, &intf->dev); 1780 1781 hdev->open = btusb_open; 1782 hdev->close = btusb_close; 1783 hdev->flush = btusb_flush; 1784 hdev->send = btusb_send_frame; 1785 hdev->notify = btusb_notify; 1786 1787 if (id->driver_info & BTUSB_BCM92035) 1788 hdev->setup = btusb_setup_bcm92035; 1789 1790 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 1791 hdev->setup = btusb_setup_bcm_patchram; 1792 hdev->set_bdaddr = btusb_set_bdaddr_bcm; 1793 } 1794 1795 if (id->driver_info & BTUSB_INTEL) { 1796 hdev->setup = btusb_setup_intel; 1797 hdev->set_bdaddr = btusb_set_bdaddr_intel; 1798 } 1799 1800 if (id->driver_info & BTUSB_MARVELL) 1801 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 1802 1803 if (id->driver_info & BTUSB_INTEL_BOOT) 1804 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 1805 1806 /* Interface numbers are hardcoded in the specification */ 1807 data->isoc = usb_ifnum_to_if(data->udev, 1); 1808 1809 if (!reset) 1810 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1811 1812 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 1813 if (!disable_scofix) 1814 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 1815 } 1816 1817 if (id->driver_info & BTUSB_BROKEN_ISOC) 1818 data->isoc = NULL; 1819 1820 if (id->driver_info & BTUSB_DIGIANSWER) { 1821 data->cmdreq_type = USB_TYPE_VENDOR; 1822 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1823 } 1824 1825 if (id->driver_info & BTUSB_CSR) { 1826 struct usb_device *udev = data->udev; 1827 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 1828 1829 /* Old firmware would otherwise execute USB reset */ 1830 if (bcdDevice < 0x117) 1831 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1832 1833 /* Fake CSR devices with broken commands */ 1834 if (bcdDevice <= 0x100) 1835 hdev->setup = btusb_setup_csr; 1836 } 1837 1838 if (id->driver_info & BTUSB_SNIFFER) { 1839 struct usb_device *udev = data->udev; 1840 1841 /* New sniffer firmware has crippled HCI interface */ 1842 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 1843 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 1844 } 1845 1846 if (id->driver_info & BTUSB_INTEL_BOOT) { 1847 /* A bug in the bootloader causes that interrupt interface is 1848 * only enabled after receiving SetInterface(0, AltSetting=0). 1849 */ 1850 err = usb_set_interface(data->udev, 0, 0); 1851 if (err < 0) { 1852 BT_ERR("failed to set interface 0, alt 0 %d", err); 1853 hci_free_dev(hdev); 1854 return err; 1855 } 1856 } 1857 1858 if (data->isoc) { 1859 err = usb_driver_claim_interface(&btusb_driver, 1860 data->isoc, data); 1861 if (err < 0) { 1862 hci_free_dev(hdev); 1863 return err; 1864 } 1865 } 1866 1867 err = hci_register_dev(hdev); 1868 if (err < 0) { 1869 hci_free_dev(hdev); 1870 return err; 1871 } 1872 1873 usb_set_intfdata(intf, data); 1874 1875 return 0; 1876 } 1877 1878 static void btusb_disconnect(struct usb_interface *intf) 1879 { 1880 struct btusb_data *data = usb_get_intfdata(intf); 1881 struct hci_dev *hdev; 1882 1883 BT_DBG("intf %p", intf); 1884 1885 if (!data) 1886 return; 1887 1888 hdev = data->hdev; 1889 usb_set_intfdata(data->intf, NULL); 1890 1891 if (data->isoc) 1892 usb_set_intfdata(data->isoc, NULL); 1893 1894 hci_unregister_dev(hdev); 1895 1896 if (intf == data->isoc) 1897 usb_driver_release_interface(&btusb_driver, data->intf); 1898 else if (data->isoc) 1899 usb_driver_release_interface(&btusb_driver, data->isoc); 1900 1901 hci_free_dev(hdev); 1902 } 1903 1904 #ifdef CONFIG_PM 1905 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 1906 { 1907 struct btusb_data *data = usb_get_intfdata(intf); 1908 1909 BT_DBG("intf %p", intf); 1910 1911 if (data->suspend_count++) 1912 return 0; 1913 1914 spin_lock_irq(&data->txlock); 1915 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 1916 set_bit(BTUSB_SUSPENDING, &data->flags); 1917 spin_unlock_irq(&data->txlock); 1918 } else { 1919 spin_unlock_irq(&data->txlock); 1920 data->suspend_count--; 1921 return -EBUSY; 1922 } 1923 1924 cancel_work_sync(&data->work); 1925 1926 btusb_stop_traffic(data); 1927 usb_kill_anchored_urbs(&data->tx_anchor); 1928 1929 return 0; 1930 } 1931 1932 static void play_deferred(struct btusb_data *data) 1933 { 1934 struct urb *urb; 1935 int err; 1936 1937 while ((urb = usb_get_from_anchor(&data->deferred))) { 1938 err = usb_submit_urb(urb, GFP_ATOMIC); 1939 if (err < 0) 1940 break; 1941 1942 data->tx_in_flight++; 1943 } 1944 usb_scuttle_anchored_urbs(&data->deferred); 1945 } 1946 1947 static int btusb_resume(struct usb_interface *intf) 1948 { 1949 struct btusb_data *data = usb_get_intfdata(intf); 1950 struct hci_dev *hdev = data->hdev; 1951 int err = 0; 1952 1953 BT_DBG("intf %p", intf); 1954 1955 if (--data->suspend_count) 1956 return 0; 1957 1958 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1959 goto done; 1960 1961 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 1962 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 1963 if (err < 0) { 1964 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1965 goto failed; 1966 } 1967 } 1968 1969 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 1970 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 1971 if (err < 0) { 1972 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1973 goto failed; 1974 } 1975 1976 btusb_submit_bulk_urb(hdev, GFP_NOIO); 1977 } 1978 1979 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1980 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 1981 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1982 else 1983 btusb_submit_isoc_urb(hdev, GFP_NOIO); 1984 } 1985 1986 spin_lock_irq(&data->txlock); 1987 play_deferred(data); 1988 clear_bit(BTUSB_SUSPENDING, &data->flags); 1989 spin_unlock_irq(&data->txlock); 1990 schedule_work(&data->work); 1991 1992 return 0; 1993 1994 failed: 1995 usb_scuttle_anchored_urbs(&data->deferred); 1996 done: 1997 spin_lock_irq(&data->txlock); 1998 clear_bit(BTUSB_SUSPENDING, &data->flags); 1999 spin_unlock_irq(&data->txlock); 2000 2001 return err; 2002 } 2003 #endif 2004 2005 static struct usb_driver btusb_driver = { 2006 .name = "btusb", 2007 .probe = btusb_probe, 2008 .disconnect = btusb_disconnect, 2009 #ifdef CONFIG_PM 2010 .suspend = btusb_suspend, 2011 .resume = btusb_resume, 2012 #endif 2013 .id_table = btusb_table, 2014 .supports_autosuspend = 1, 2015 .disable_hub_initiated_lpm = 1, 2016 }; 2017 2018 module_usb_driver(btusb_driver); 2019 2020 module_param(disable_scofix, bool, 0644); 2021 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 2022 2023 module_param(force_scofix, bool, 0644); 2024 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 2025 2026 module_param(reset, bool, 0644); 2027 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 2028 2029 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2030 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 2031 MODULE_VERSION(VERSION); 2032 MODULE_LICENSE("GPL"); 2033