1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/firmware.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 31 #define VERSION "0.6" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 36 static bool reset = 1; 37 38 static struct usb_driver btusb_driver; 39 40 #define BTUSB_IGNORE 0x01 41 #define BTUSB_DIGIANSWER 0x02 42 #define BTUSB_CSR 0x04 43 #define BTUSB_SNIFFER 0x08 44 #define BTUSB_BCM92035 0x10 45 #define BTUSB_BROKEN_ISOC 0x20 46 #define BTUSB_WRONG_SCO_MTU 0x40 47 #define BTUSB_ATH3012 0x80 48 #define BTUSB_INTEL 0x100 49 #define BTUSB_INTEL_BOOT 0x200 50 #define BTUSB_BCM_PATCHRAM 0x400 51 #define BTUSB_MARVELL 0x800 52 53 static const struct usb_device_id btusb_table[] = { 54 /* Generic Bluetooth USB device */ 55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 56 57 /* Apple-specific (Broadcom) devices */ 58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) }, 59 60 /* MediaTek MT76x0E */ 61 { USB_DEVICE(0x0e8d, 0x763f) }, 62 63 /* Broadcom SoftSailing reporting vendor specific */ 64 { USB_DEVICE(0x0a5c, 0x21e1) }, 65 66 /* Apple MacBookPro 7,1 */ 67 { USB_DEVICE(0x05ac, 0x8213) }, 68 69 /* Apple iMac11,1 */ 70 { USB_DEVICE(0x05ac, 0x8215) }, 71 72 /* Apple MacBookPro6,2 */ 73 { USB_DEVICE(0x05ac, 0x8218) }, 74 75 /* Apple MacBookAir3,1, MacBookAir3,2 */ 76 { USB_DEVICE(0x05ac, 0x821b) }, 77 78 /* Apple MacBookAir4,1 */ 79 { USB_DEVICE(0x05ac, 0x821f) }, 80 81 /* Apple MacBookPro8,2 */ 82 { USB_DEVICE(0x05ac, 0x821a) }, 83 84 /* Apple MacMini5,1 */ 85 { USB_DEVICE(0x05ac, 0x8281) }, 86 87 /* AVM BlueFRITZ! USB v2.0 */ 88 { USB_DEVICE(0x057c, 0x3800) }, 89 90 /* Bluetooth Ultraport Module from IBM */ 91 { USB_DEVICE(0x04bf, 0x030a) }, 92 93 /* ALPS Modules with non-standard id */ 94 { USB_DEVICE(0x044e, 0x3001) }, 95 { USB_DEVICE(0x044e, 0x3002) }, 96 97 /* Ericsson with non-standard id */ 98 { USB_DEVICE(0x0bdb, 0x1002) }, 99 100 /* Canyon CN-BTU1 with HID interfaces */ 101 { USB_DEVICE(0x0c10, 0x0000) }, 102 103 /* Broadcom BCM20702A0 */ 104 { USB_DEVICE(0x0489, 0xe042) }, 105 { USB_DEVICE(0x04ca, 0x2003) }, 106 { USB_DEVICE(0x0b05, 0x17b5) }, 107 { USB_DEVICE(0x0b05, 0x17cb) }, 108 { USB_DEVICE(0x413c, 0x8197) }, 109 110 /* Foxconn - Hon Hai */ 111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, 112 113 /* Broadcom devices with vendor specific id */ 114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 115 .driver_info = BTUSB_BCM_PATCHRAM }, 116 117 /* ASUSTek Computer - Broadcom based */ 118 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, 119 120 /* Belkin F8065bf - Broadcom based */ 121 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, 122 123 /* IMC Networks - Broadcom based */ 124 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, 125 126 /* Intel Bluetooth USB Bootloader (RAM module) */ 127 { USB_DEVICE(0x8087, 0x0a5a), 128 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 129 130 { } /* Terminating entry */ 131 }; 132 133 MODULE_DEVICE_TABLE(usb, btusb_table); 134 135 static const struct usb_device_id blacklist_table[] = { 136 /* CSR BlueCore devices */ 137 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 138 139 /* Broadcom BCM2033 without firmware */ 140 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 141 142 /* Atheros 3011 with sflash firmware */ 143 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 144 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 145 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 146 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 147 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 148 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 149 150 /* Atheros AR9285 Malbec with sflash firmware */ 151 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 152 153 /* Atheros 3012 with sflash firmware */ 154 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 155 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 156 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 157 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 158 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 159 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 160 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 161 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 162 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 163 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 164 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 165 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 166 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 167 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 168 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 169 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 170 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 171 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 172 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 173 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 174 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 175 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 176 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 177 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 178 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 179 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 180 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 181 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 182 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 183 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 184 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 185 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 186 187 /* Atheros AR5BBU12 with sflash firmware */ 188 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 189 190 /* Atheros AR5BBU12 with sflash firmware */ 191 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 192 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 193 194 /* Broadcom BCM2035 */ 195 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 196 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 197 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 198 199 /* Broadcom BCM2045 */ 200 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 201 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 202 203 /* IBM/Lenovo ThinkPad with Broadcom chip */ 204 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 205 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 206 207 /* HP laptop with Broadcom chip */ 208 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 209 210 /* Dell laptop with Broadcom chip */ 211 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 212 213 /* Dell Wireless 370 and 410 devices */ 214 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 215 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 216 217 /* Belkin F8T012 and F8T013 devices */ 218 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 219 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 220 221 /* Asus WL-BTD202 device */ 222 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 223 224 /* Kensington Bluetooth USB adapter */ 225 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 226 227 /* RTX Telecom based adapters with buggy SCO support */ 228 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 229 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 230 231 /* CONWISE Technology based adapters with buggy SCO support */ 232 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, 233 234 /* Digianswer devices */ 235 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 236 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 237 238 /* CSR BlueCore Bluetooth Sniffer */ 239 { USB_DEVICE(0x0a12, 0x0002), 240 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 241 242 /* Frontline ComProbe Bluetooth Sniffer */ 243 { USB_DEVICE(0x16d3, 0x0002), 244 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 245 246 /* Intel Bluetooth device */ 247 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 248 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 249 250 /* Marvell device */ 251 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 252 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 253 254 { } /* Terminating entry */ 255 }; 256 257 #define BTUSB_MAX_ISOC_FRAMES 10 258 259 #define BTUSB_INTR_RUNNING 0 260 #define BTUSB_BULK_RUNNING 1 261 #define BTUSB_ISOC_RUNNING 2 262 #define BTUSB_SUSPENDING 3 263 #define BTUSB_DID_ISO_RESUME 4 264 265 struct btusb_data { 266 struct hci_dev *hdev; 267 struct usb_device *udev; 268 struct usb_interface *intf; 269 struct usb_interface *isoc; 270 271 unsigned long flags; 272 273 struct work_struct work; 274 struct work_struct waker; 275 276 struct usb_anchor deferred; 277 struct usb_anchor tx_anchor; 278 int tx_in_flight; 279 spinlock_t txlock; 280 281 struct usb_anchor intr_anchor; 282 struct usb_anchor bulk_anchor; 283 struct usb_anchor isoc_anchor; 284 spinlock_t rxlock; 285 286 struct sk_buff *evt_skb; 287 struct sk_buff *acl_skb; 288 struct sk_buff *sco_skb; 289 290 struct usb_endpoint_descriptor *intr_ep; 291 struct usb_endpoint_descriptor *bulk_tx_ep; 292 struct usb_endpoint_descriptor *bulk_rx_ep; 293 struct usb_endpoint_descriptor *isoc_tx_ep; 294 struct usb_endpoint_descriptor *isoc_rx_ep; 295 296 __u8 cmdreq_type; 297 298 unsigned int sco_num; 299 int isoc_altsetting; 300 int suspend_count; 301 }; 302 303 static inline void btusb_free_frags(struct btusb_data *data) 304 { 305 unsigned long flags; 306 307 spin_lock_irqsave(&data->rxlock, flags); 308 309 kfree_skb(data->evt_skb); 310 data->evt_skb = NULL; 311 312 kfree_skb(data->acl_skb); 313 data->acl_skb = NULL; 314 315 kfree_skb(data->sco_skb); 316 data->sco_skb = NULL; 317 318 spin_unlock_irqrestore(&data->rxlock, flags); 319 } 320 321 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 322 { 323 struct sk_buff *skb; 324 int err = 0; 325 326 spin_lock(&data->rxlock); 327 skb = data->evt_skb; 328 329 while (count) { 330 int len; 331 332 if (!skb) { 333 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 334 if (!skb) { 335 err = -ENOMEM; 336 break; 337 } 338 339 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 340 bt_cb(skb)->expect = HCI_EVENT_HDR_SIZE; 341 } 342 343 len = min_t(uint, bt_cb(skb)->expect, count); 344 memcpy(skb_put(skb, len), buffer, len); 345 346 count -= len; 347 buffer += len; 348 bt_cb(skb)->expect -= len; 349 350 if (skb->len == HCI_EVENT_HDR_SIZE) { 351 /* Complete event header */ 352 bt_cb(skb)->expect = hci_event_hdr(skb)->plen; 353 354 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 355 kfree_skb(skb); 356 skb = NULL; 357 358 err = -EILSEQ; 359 break; 360 } 361 } 362 363 if (bt_cb(skb)->expect == 0) { 364 /* Complete frame */ 365 hci_recv_frame(data->hdev, skb); 366 skb = NULL; 367 } 368 } 369 370 data->evt_skb = skb; 371 spin_unlock(&data->rxlock); 372 373 return err; 374 } 375 376 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 377 { 378 struct sk_buff *skb; 379 int err = 0; 380 381 spin_lock(&data->rxlock); 382 skb = data->acl_skb; 383 384 while (count) { 385 int len; 386 387 if (!skb) { 388 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 389 if (!skb) { 390 err = -ENOMEM; 391 break; 392 } 393 394 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 395 bt_cb(skb)->expect = HCI_ACL_HDR_SIZE; 396 } 397 398 len = min_t(uint, bt_cb(skb)->expect, count); 399 memcpy(skb_put(skb, len), buffer, len); 400 401 count -= len; 402 buffer += len; 403 bt_cb(skb)->expect -= len; 404 405 if (skb->len == HCI_ACL_HDR_SIZE) { 406 __le16 dlen = hci_acl_hdr(skb)->dlen; 407 408 /* Complete ACL header */ 409 bt_cb(skb)->expect = __le16_to_cpu(dlen); 410 411 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 412 kfree_skb(skb); 413 skb = NULL; 414 415 err = -EILSEQ; 416 break; 417 } 418 } 419 420 if (bt_cb(skb)->expect == 0) { 421 /* Complete frame */ 422 hci_recv_frame(data->hdev, skb); 423 skb = NULL; 424 } 425 } 426 427 data->acl_skb = skb; 428 spin_unlock(&data->rxlock); 429 430 return err; 431 } 432 433 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 434 { 435 struct sk_buff *skb; 436 int err = 0; 437 438 spin_lock(&data->rxlock); 439 skb = data->sco_skb; 440 441 while (count) { 442 int len; 443 444 if (!skb) { 445 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 446 if (!skb) { 447 err = -ENOMEM; 448 break; 449 } 450 451 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 452 bt_cb(skb)->expect = HCI_SCO_HDR_SIZE; 453 } 454 455 len = min_t(uint, bt_cb(skb)->expect, count); 456 memcpy(skb_put(skb, len), buffer, len); 457 458 count -= len; 459 buffer += len; 460 bt_cb(skb)->expect -= len; 461 462 if (skb->len == HCI_SCO_HDR_SIZE) { 463 /* Complete SCO header */ 464 bt_cb(skb)->expect = hci_sco_hdr(skb)->dlen; 465 466 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 467 kfree_skb(skb); 468 skb = NULL; 469 470 err = -EILSEQ; 471 break; 472 } 473 } 474 475 if (bt_cb(skb)->expect == 0) { 476 /* Complete frame */ 477 hci_recv_frame(data->hdev, skb); 478 skb = NULL; 479 } 480 } 481 482 data->sco_skb = skb; 483 spin_unlock(&data->rxlock); 484 485 return err; 486 } 487 488 static void btusb_intr_complete(struct urb *urb) 489 { 490 struct hci_dev *hdev = urb->context; 491 struct btusb_data *data = hci_get_drvdata(hdev); 492 int err; 493 494 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 495 urb->actual_length); 496 497 if (!test_bit(HCI_RUNNING, &hdev->flags)) 498 return; 499 500 if (urb->status == 0) { 501 hdev->stat.byte_rx += urb->actual_length; 502 503 if (btusb_recv_intr(data, urb->transfer_buffer, 504 urb->actual_length) < 0) { 505 BT_ERR("%s corrupted event packet", hdev->name); 506 hdev->stat.err_rx++; 507 } 508 } else if (urb->status == -ENOENT) { 509 /* Avoid suspend failed when usb_kill_urb */ 510 return; 511 } 512 513 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 514 return; 515 516 usb_mark_last_busy(data->udev); 517 usb_anchor_urb(urb, &data->intr_anchor); 518 519 err = usb_submit_urb(urb, GFP_ATOMIC); 520 if (err < 0) { 521 /* -EPERM: urb is being killed; 522 * -ENODEV: device got disconnected */ 523 if (err != -EPERM && err != -ENODEV) 524 BT_ERR("%s urb %p failed to resubmit (%d)", 525 hdev->name, urb, -err); 526 usb_unanchor_urb(urb); 527 } 528 } 529 530 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 531 { 532 struct btusb_data *data = hci_get_drvdata(hdev); 533 struct urb *urb; 534 unsigned char *buf; 535 unsigned int pipe; 536 int err, size; 537 538 BT_DBG("%s", hdev->name); 539 540 if (!data->intr_ep) 541 return -ENODEV; 542 543 urb = usb_alloc_urb(0, mem_flags); 544 if (!urb) 545 return -ENOMEM; 546 547 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 548 549 buf = kmalloc(size, mem_flags); 550 if (!buf) { 551 usb_free_urb(urb); 552 return -ENOMEM; 553 } 554 555 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 556 557 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 558 btusb_intr_complete, hdev, data->intr_ep->bInterval); 559 560 urb->transfer_flags |= URB_FREE_BUFFER; 561 562 usb_anchor_urb(urb, &data->intr_anchor); 563 564 err = usb_submit_urb(urb, mem_flags); 565 if (err < 0) { 566 if (err != -EPERM && err != -ENODEV) 567 BT_ERR("%s urb %p submission failed (%d)", 568 hdev->name, urb, -err); 569 usb_unanchor_urb(urb); 570 } 571 572 usb_free_urb(urb); 573 574 return err; 575 } 576 577 static void btusb_bulk_complete(struct urb *urb) 578 { 579 struct hci_dev *hdev = urb->context; 580 struct btusb_data *data = hci_get_drvdata(hdev); 581 int err; 582 583 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 584 urb->actual_length); 585 586 if (!test_bit(HCI_RUNNING, &hdev->flags)) 587 return; 588 589 if (urb->status == 0) { 590 hdev->stat.byte_rx += urb->actual_length; 591 592 if (btusb_recv_bulk(data, urb->transfer_buffer, 593 urb->actual_length) < 0) { 594 BT_ERR("%s corrupted ACL packet", hdev->name); 595 hdev->stat.err_rx++; 596 } 597 } else if (urb->status == -ENOENT) { 598 /* Avoid suspend failed when usb_kill_urb */ 599 return; 600 } 601 602 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 603 return; 604 605 usb_anchor_urb(urb, &data->bulk_anchor); 606 usb_mark_last_busy(data->udev); 607 608 err = usb_submit_urb(urb, GFP_ATOMIC); 609 if (err < 0) { 610 /* -EPERM: urb is being killed; 611 * -ENODEV: device got disconnected */ 612 if (err != -EPERM && err != -ENODEV) 613 BT_ERR("%s urb %p failed to resubmit (%d)", 614 hdev->name, urb, -err); 615 usb_unanchor_urb(urb); 616 } 617 } 618 619 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 620 { 621 struct btusb_data *data = hci_get_drvdata(hdev); 622 struct urb *urb; 623 unsigned char *buf; 624 unsigned int pipe; 625 int err, size = HCI_MAX_FRAME_SIZE; 626 627 BT_DBG("%s", hdev->name); 628 629 if (!data->bulk_rx_ep) 630 return -ENODEV; 631 632 urb = usb_alloc_urb(0, mem_flags); 633 if (!urb) 634 return -ENOMEM; 635 636 buf = kmalloc(size, mem_flags); 637 if (!buf) { 638 usb_free_urb(urb); 639 return -ENOMEM; 640 } 641 642 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 643 644 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 645 btusb_bulk_complete, hdev); 646 647 urb->transfer_flags |= URB_FREE_BUFFER; 648 649 usb_mark_last_busy(data->udev); 650 usb_anchor_urb(urb, &data->bulk_anchor); 651 652 err = usb_submit_urb(urb, mem_flags); 653 if (err < 0) { 654 if (err != -EPERM && err != -ENODEV) 655 BT_ERR("%s urb %p submission failed (%d)", 656 hdev->name, urb, -err); 657 usb_unanchor_urb(urb); 658 } 659 660 usb_free_urb(urb); 661 662 return err; 663 } 664 665 static void btusb_isoc_complete(struct urb *urb) 666 { 667 struct hci_dev *hdev = urb->context; 668 struct btusb_data *data = hci_get_drvdata(hdev); 669 int i, err; 670 671 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 672 urb->actual_length); 673 674 if (!test_bit(HCI_RUNNING, &hdev->flags)) 675 return; 676 677 if (urb->status == 0) { 678 for (i = 0; i < urb->number_of_packets; i++) { 679 unsigned int offset = urb->iso_frame_desc[i].offset; 680 unsigned int length = urb->iso_frame_desc[i].actual_length; 681 682 if (urb->iso_frame_desc[i].status) 683 continue; 684 685 hdev->stat.byte_rx += length; 686 687 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 688 length) < 0) { 689 BT_ERR("%s corrupted SCO packet", hdev->name); 690 hdev->stat.err_rx++; 691 } 692 } 693 } else if (urb->status == -ENOENT) { 694 /* Avoid suspend failed when usb_kill_urb */ 695 return; 696 } 697 698 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 699 return; 700 701 usb_anchor_urb(urb, &data->isoc_anchor); 702 703 err = usb_submit_urb(urb, GFP_ATOMIC); 704 if (err < 0) { 705 /* -EPERM: urb is being killed; 706 * -ENODEV: device got disconnected */ 707 if (err != -EPERM && err != -ENODEV) 708 BT_ERR("%s urb %p failed to resubmit (%d)", 709 hdev->name, urb, -err); 710 usb_unanchor_urb(urb); 711 } 712 } 713 714 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 715 { 716 int i, offset = 0; 717 718 BT_DBG("len %d mtu %d", len, mtu); 719 720 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 721 i++, offset += mtu, len -= mtu) { 722 urb->iso_frame_desc[i].offset = offset; 723 urb->iso_frame_desc[i].length = mtu; 724 } 725 726 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 727 urb->iso_frame_desc[i].offset = offset; 728 urb->iso_frame_desc[i].length = len; 729 i++; 730 } 731 732 urb->number_of_packets = i; 733 } 734 735 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 736 { 737 struct btusb_data *data = hci_get_drvdata(hdev); 738 struct urb *urb; 739 unsigned char *buf; 740 unsigned int pipe; 741 int err, size; 742 743 BT_DBG("%s", hdev->name); 744 745 if (!data->isoc_rx_ep) 746 return -ENODEV; 747 748 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 749 if (!urb) 750 return -ENOMEM; 751 752 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 753 BTUSB_MAX_ISOC_FRAMES; 754 755 buf = kmalloc(size, mem_flags); 756 if (!buf) { 757 usb_free_urb(urb); 758 return -ENOMEM; 759 } 760 761 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 762 763 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 764 hdev, data->isoc_rx_ep->bInterval); 765 766 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 767 768 __fill_isoc_descriptor(urb, size, 769 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 770 771 usb_anchor_urb(urb, &data->isoc_anchor); 772 773 err = usb_submit_urb(urb, mem_flags); 774 if (err < 0) { 775 if (err != -EPERM && err != -ENODEV) 776 BT_ERR("%s urb %p submission failed (%d)", 777 hdev->name, urb, -err); 778 usb_unanchor_urb(urb); 779 } 780 781 usb_free_urb(urb); 782 783 return err; 784 } 785 786 static void btusb_tx_complete(struct urb *urb) 787 { 788 struct sk_buff *skb = urb->context; 789 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 790 struct btusb_data *data = hci_get_drvdata(hdev); 791 792 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 793 urb->actual_length); 794 795 if (!test_bit(HCI_RUNNING, &hdev->flags)) 796 goto done; 797 798 if (!urb->status) 799 hdev->stat.byte_tx += urb->transfer_buffer_length; 800 else 801 hdev->stat.err_tx++; 802 803 done: 804 spin_lock(&data->txlock); 805 data->tx_in_flight--; 806 spin_unlock(&data->txlock); 807 808 kfree(urb->setup_packet); 809 810 kfree_skb(skb); 811 } 812 813 static void btusb_isoc_tx_complete(struct urb *urb) 814 { 815 struct sk_buff *skb = urb->context; 816 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 817 818 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 819 urb->actual_length); 820 821 if (!test_bit(HCI_RUNNING, &hdev->flags)) 822 goto done; 823 824 if (!urb->status) 825 hdev->stat.byte_tx += urb->transfer_buffer_length; 826 else 827 hdev->stat.err_tx++; 828 829 done: 830 kfree(urb->setup_packet); 831 832 kfree_skb(skb); 833 } 834 835 static int btusb_open(struct hci_dev *hdev) 836 { 837 struct btusb_data *data = hci_get_drvdata(hdev); 838 int err; 839 840 BT_DBG("%s", hdev->name); 841 842 err = usb_autopm_get_interface(data->intf); 843 if (err < 0) 844 return err; 845 846 data->intf->needs_remote_wakeup = 1; 847 848 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 849 goto done; 850 851 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 852 goto done; 853 854 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 855 if (err < 0) 856 goto failed; 857 858 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 859 if (err < 0) { 860 usb_kill_anchored_urbs(&data->intr_anchor); 861 goto failed; 862 } 863 864 set_bit(BTUSB_BULK_RUNNING, &data->flags); 865 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 866 867 done: 868 usb_autopm_put_interface(data->intf); 869 return 0; 870 871 failed: 872 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 873 clear_bit(HCI_RUNNING, &hdev->flags); 874 usb_autopm_put_interface(data->intf); 875 return err; 876 } 877 878 static void btusb_stop_traffic(struct btusb_data *data) 879 { 880 usb_kill_anchored_urbs(&data->intr_anchor); 881 usb_kill_anchored_urbs(&data->bulk_anchor); 882 usb_kill_anchored_urbs(&data->isoc_anchor); 883 } 884 885 static int btusb_close(struct hci_dev *hdev) 886 { 887 struct btusb_data *data = hci_get_drvdata(hdev); 888 int err; 889 890 BT_DBG("%s", hdev->name); 891 892 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 893 return 0; 894 895 cancel_work_sync(&data->work); 896 cancel_work_sync(&data->waker); 897 898 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 899 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 900 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 901 902 btusb_stop_traffic(data); 903 btusb_free_frags(data); 904 905 err = usb_autopm_get_interface(data->intf); 906 if (err < 0) 907 goto failed; 908 909 data->intf->needs_remote_wakeup = 0; 910 usb_autopm_put_interface(data->intf); 911 912 failed: 913 usb_scuttle_anchored_urbs(&data->deferred); 914 return 0; 915 } 916 917 static int btusb_flush(struct hci_dev *hdev) 918 { 919 struct btusb_data *data = hci_get_drvdata(hdev); 920 921 BT_DBG("%s", hdev->name); 922 923 usb_kill_anchored_urbs(&data->tx_anchor); 924 btusb_free_frags(data); 925 926 return 0; 927 } 928 929 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 930 { 931 struct btusb_data *data = hci_get_drvdata(hdev); 932 struct usb_ctrlrequest *dr; 933 struct urb *urb; 934 unsigned int pipe; 935 936 urb = usb_alloc_urb(0, GFP_KERNEL); 937 if (!urb) 938 return ERR_PTR(-ENOMEM); 939 940 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 941 if (!dr) { 942 usb_free_urb(urb); 943 return ERR_PTR(-ENOMEM); 944 } 945 946 dr->bRequestType = data->cmdreq_type; 947 dr->bRequest = 0; 948 dr->wIndex = 0; 949 dr->wValue = 0; 950 dr->wLength = __cpu_to_le16(skb->len); 951 952 pipe = usb_sndctrlpipe(data->udev, 0x00); 953 954 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 955 skb->data, skb->len, btusb_tx_complete, skb); 956 957 skb->dev = (void *)hdev; 958 959 return urb; 960 } 961 962 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 963 { 964 struct btusb_data *data = hci_get_drvdata(hdev); 965 struct urb *urb; 966 unsigned int pipe; 967 968 if (!data->bulk_tx_ep) 969 return ERR_PTR(-ENODEV); 970 971 urb = usb_alloc_urb(0, GFP_KERNEL); 972 if (!urb) 973 return ERR_PTR(-ENOMEM); 974 975 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 976 977 usb_fill_bulk_urb(urb, data->udev, pipe, 978 skb->data, skb->len, btusb_tx_complete, skb); 979 980 skb->dev = (void *)hdev; 981 982 return urb; 983 } 984 985 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 986 { 987 struct btusb_data *data = hci_get_drvdata(hdev); 988 struct urb *urb; 989 unsigned int pipe; 990 991 if (!data->isoc_tx_ep) 992 return ERR_PTR(-ENODEV); 993 994 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 995 if (!urb) 996 return ERR_PTR(-ENOMEM); 997 998 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 999 1000 usb_fill_int_urb(urb, data->udev, pipe, 1001 skb->data, skb->len, btusb_isoc_tx_complete, 1002 skb, data->isoc_tx_ep->bInterval); 1003 1004 urb->transfer_flags = URB_ISO_ASAP; 1005 1006 __fill_isoc_descriptor(urb, skb->len, 1007 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1008 1009 skb->dev = (void *)hdev; 1010 1011 return urb; 1012 } 1013 1014 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1015 { 1016 struct btusb_data *data = hci_get_drvdata(hdev); 1017 int err; 1018 1019 usb_anchor_urb(urb, &data->tx_anchor); 1020 1021 err = usb_submit_urb(urb, GFP_KERNEL); 1022 if (err < 0) { 1023 if (err != -EPERM && err != -ENODEV) 1024 BT_ERR("%s urb %p submission failed (%d)", 1025 hdev->name, urb, -err); 1026 kfree(urb->setup_packet); 1027 usb_unanchor_urb(urb); 1028 } else { 1029 usb_mark_last_busy(data->udev); 1030 } 1031 1032 usb_free_urb(urb); 1033 return err; 1034 } 1035 1036 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1037 { 1038 struct btusb_data *data = hci_get_drvdata(hdev); 1039 unsigned long flags; 1040 bool suspending; 1041 1042 spin_lock_irqsave(&data->txlock, flags); 1043 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1044 if (!suspending) 1045 data->tx_in_flight++; 1046 spin_unlock_irqrestore(&data->txlock, flags); 1047 1048 if (!suspending) 1049 return submit_tx_urb(hdev, urb); 1050 1051 usb_anchor_urb(urb, &data->deferred); 1052 schedule_work(&data->waker); 1053 1054 usb_free_urb(urb); 1055 return 0; 1056 } 1057 1058 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1059 { 1060 struct urb *urb; 1061 1062 BT_DBG("%s", hdev->name); 1063 1064 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1065 return -EBUSY; 1066 1067 switch (bt_cb(skb)->pkt_type) { 1068 case HCI_COMMAND_PKT: 1069 urb = alloc_ctrl_urb(hdev, skb); 1070 if (IS_ERR(urb)) 1071 return PTR_ERR(urb); 1072 1073 hdev->stat.cmd_tx++; 1074 return submit_or_queue_tx_urb(hdev, urb); 1075 1076 case HCI_ACLDATA_PKT: 1077 urb = alloc_bulk_urb(hdev, skb); 1078 if (IS_ERR(urb)) 1079 return PTR_ERR(urb); 1080 1081 hdev->stat.acl_tx++; 1082 return submit_or_queue_tx_urb(hdev, urb); 1083 1084 case HCI_SCODATA_PKT: 1085 if (hci_conn_num(hdev, SCO_LINK) < 1) 1086 return -ENODEV; 1087 1088 urb = alloc_isoc_urb(hdev, skb); 1089 if (IS_ERR(urb)) 1090 return PTR_ERR(urb); 1091 1092 hdev->stat.sco_tx++; 1093 return submit_tx_urb(hdev, urb); 1094 } 1095 1096 return -EILSEQ; 1097 } 1098 1099 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1100 { 1101 struct btusb_data *data = hci_get_drvdata(hdev); 1102 1103 BT_DBG("%s evt %d", hdev->name, evt); 1104 1105 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1106 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1107 schedule_work(&data->work); 1108 } 1109 } 1110 1111 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1112 { 1113 struct btusb_data *data = hci_get_drvdata(hdev); 1114 struct usb_interface *intf = data->isoc; 1115 struct usb_endpoint_descriptor *ep_desc; 1116 int i, err; 1117 1118 if (!data->isoc) 1119 return -ENODEV; 1120 1121 err = usb_set_interface(data->udev, 1, altsetting); 1122 if (err < 0) { 1123 BT_ERR("%s setting interface failed (%d)", hdev->name, -err); 1124 return err; 1125 } 1126 1127 data->isoc_altsetting = altsetting; 1128 1129 data->isoc_tx_ep = NULL; 1130 data->isoc_rx_ep = NULL; 1131 1132 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1133 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1134 1135 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1136 data->isoc_tx_ep = ep_desc; 1137 continue; 1138 } 1139 1140 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1141 data->isoc_rx_ep = ep_desc; 1142 continue; 1143 } 1144 } 1145 1146 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1147 BT_ERR("%s invalid SCO descriptors", hdev->name); 1148 return -ENODEV; 1149 } 1150 1151 return 0; 1152 } 1153 1154 static void btusb_work(struct work_struct *work) 1155 { 1156 struct btusb_data *data = container_of(work, struct btusb_data, work); 1157 struct hci_dev *hdev = data->hdev; 1158 int new_alts; 1159 int err; 1160 1161 if (data->sco_num > 0) { 1162 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1163 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1164 if (err < 0) { 1165 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1166 usb_kill_anchored_urbs(&data->isoc_anchor); 1167 return; 1168 } 1169 1170 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1171 } 1172 1173 if (hdev->voice_setting & 0x0020) { 1174 static const int alts[3] = { 2, 4, 5 }; 1175 1176 new_alts = alts[data->sco_num - 1]; 1177 } else { 1178 new_alts = data->sco_num; 1179 } 1180 1181 if (data->isoc_altsetting != new_alts) { 1182 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1183 usb_kill_anchored_urbs(&data->isoc_anchor); 1184 1185 if (__set_isoc_interface(hdev, new_alts) < 0) 1186 return; 1187 } 1188 1189 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1190 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1191 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1192 else 1193 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1194 } 1195 } else { 1196 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1197 usb_kill_anchored_urbs(&data->isoc_anchor); 1198 1199 __set_isoc_interface(hdev, 0); 1200 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1201 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1202 } 1203 } 1204 1205 static void btusb_waker(struct work_struct *work) 1206 { 1207 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1208 int err; 1209 1210 err = usb_autopm_get_interface(data->intf); 1211 if (err < 0) 1212 return; 1213 1214 usb_autopm_put_interface(data->intf); 1215 } 1216 1217 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1218 { 1219 struct sk_buff *skb; 1220 u8 val = 0x00; 1221 1222 BT_DBG("%s", hdev->name); 1223 1224 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1225 if (IS_ERR(skb)) 1226 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); 1227 else 1228 kfree_skb(skb); 1229 1230 return 0; 1231 } 1232 1233 static int btusb_setup_csr(struct hci_dev *hdev) 1234 { 1235 struct hci_rp_read_local_version *rp; 1236 struct sk_buff *skb; 1237 int ret; 1238 1239 BT_DBG("%s", hdev->name); 1240 1241 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1242 HCI_INIT_TIMEOUT); 1243 if (IS_ERR(skb)) { 1244 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); 1245 return -PTR_ERR(skb); 1246 } 1247 1248 rp = (struct hci_rp_read_local_version *)skb->data; 1249 1250 if (!rp->status) { 1251 if (le16_to_cpu(rp->manufacturer) != 10) { 1252 /* Clear the reset quirk since this is not an actual 1253 * early Bluetooth 1.1 device from CSR. 1254 */ 1255 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1256 1257 /* These fake CSR controllers have all a broken 1258 * stored link key handling and so just disable it. 1259 */ 1260 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, 1261 &hdev->quirks); 1262 } 1263 } 1264 1265 ret = -bt_to_errno(rp->status); 1266 1267 kfree_skb(skb); 1268 1269 return ret; 1270 } 1271 1272 struct intel_version { 1273 u8 status; 1274 u8 hw_platform; 1275 u8 hw_variant; 1276 u8 hw_revision; 1277 u8 fw_variant; 1278 u8 fw_revision; 1279 u8 fw_build_num; 1280 u8 fw_build_ww; 1281 u8 fw_build_yy; 1282 u8 fw_patch_num; 1283 } __packed; 1284 1285 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1286 struct intel_version *ver) 1287 { 1288 const struct firmware *fw; 1289 char fwname[64]; 1290 int ret; 1291 1292 snprintf(fwname, sizeof(fwname), 1293 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1294 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1295 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1296 ver->fw_build_ww, ver->fw_build_yy); 1297 1298 ret = request_firmware(&fw, fwname, &hdev->dev); 1299 if (ret < 0) { 1300 if (ret == -EINVAL) { 1301 BT_ERR("%s Intel firmware file request failed (%d)", 1302 hdev->name, ret); 1303 return NULL; 1304 } 1305 1306 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1307 hdev->name, fwname, ret); 1308 1309 /* If the correct firmware patch file is not found, use the 1310 * default firmware patch file instead 1311 */ 1312 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1313 ver->hw_platform, ver->hw_variant); 1314 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1315 BT_ERR("%s failed to open default Intel fw file: %s", 1316 hdev->name, fwname); 1317 return NULL; 1318 } 1319 } 1320 1321 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); 1322 1323 return fw; 1324 } 1325 1326 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1327 const struct firmware *fw, 1328 const u8 **fw_ptr, int *disable_patch) 1329 { 1330 struct sk_buff *skb; 1331 struct hci_command_hdr *cmd; 1332 const u8 *cmd_param; 1333 struct hci_event_hdr *evt = NULL; 1334 const u8 *evt_param = NULL; 1335 int remain = fw->size - (*fw_ptr - fw->data); 1336 1337 /* The first byte indicates the types of the patch command or event. 1338 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1339 * in the current firmware buffer doesn't start with 0x01 or 1340 * the size of remain buffer is smaller than HCI command header, 1341 * the firmware file is corrupted and it should stop the patching 1342 * process. 1343 */ 1344 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1345 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1346 return -EINVAL; 1347 } 1348 (*fw_ptr)++; 1349 remain--; 1350 1351 cmd = (struct hci_command_hdr *)(*fw_ptr); 1352 *fw_ptr += sizeof(*cmd); 1353 remain -= sizeof(*cmd); 1354 1355 /* Ensure that the remain firmware data is long enough than the length 1356 * of command parameter. If not, the firmware file is corrupted. 1357 */ 1358 if (remain < cmd->plen) { 1359 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1360 return -EFAULT; 1361 } 1362 1363 /* If there is a command that loads a patch in the firmware 1364 * file, then enable the patch upon success, otherwise just 1365 * disable the manufacturer mode, for example patch activation 1366 * is not required when the default firmware patch file is used 1367 * because there are no patch data to load. 1368 */ 1369 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1370 *disable_patch = 0; 1371 1372 cmd_param = *fw_ptr; 1373 *fw_ptr += cmd->plen; 1374 remain -= cmd->plen; 1375 1376 /* This reads the expected events when the above command is sent to the 1377 * device. Some vendor commands expects more than one events, for 1378 * example command status event followed by vendor specific event. 1379 * For this case, it only keeps the last expected event. so the command 1380 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1381 * last expected event. 1382 */ 1383 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1384 (*fw_ptr)++; 1385 remain--; 1386 1387 evt = (struct hci_event_hdr *)(*fw_ptr); 1388 *fw_ptr += sizeof(*evt); 1389 remain -= sizeof(*evt); 1390 1391 if (remain < evt->plen) { 1392 BT_ERR("%s Intel fw corrupted: invalid evt len", 1393 hdev->name); 1394 return -EFAULT; 1395 } 1396 1397 evt_param = *fw_ptr; 1398 *fw_ptr += evt->plen; 1399 remain -= evt->plen; 1400 } 1401 1402 /* Every HCI commands in the firmware file has its correspond event. 1403 * If event is not found or remain is smaller than zero, the firmware 1404 * file is corrupted. 1405 */ 1406 if (!evt || !evt_param || remain < 0) { 1407 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1408 return -EFAULT; 1409 } 1410 1411 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1412 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1413 if (IS_ERR(skb)) { 1414 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1415 hdev->name, cmd->opcode, PTR_ERR(skb)); 1416 return PTR_ERR(skb); 1417 } 1418 1419 /* It ensures that the returned event matches the event data read from 1420 * the firmware file. At fist, it checks the length and then 1421 * the contents of the event. 1422 */ 1423 if (skb->len != evt->plen) { 1424 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1425 le16_to_cpu(cmd->opcode)); 1426 kfree_skb(skb); 1427 return -EFAULT; 1428 } 1429 1430 if (memcmp(skb->data, evt_param, evt->plen)) { 1431 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1432 hdev->name, le16_to_cpu(cmd->opcode)); 1433 kfree_skb(skb); 1434 return -EFAULT; 1435 } 1436 kfree_skb(skb); 1437 1438 return 0; 1439 } 1440 1441 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 1442 1443 static int btusb_check_bdaddr_intel(struct hci_dev *hdev) 1444 { 1445 struct sk_buff *skb; 1446 struct hci_rp_read_bd_addr *rp; 1447 1448 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1449 HCI_INIT_TIMEOUT); 1450 if (IS_ERR(skb)) { 1451 BT_ERR("%s reading Intel device address failed (%ld)", 1452 hdev->name, PTR_ERR(skb)); 1453 return PTR_ERR(skb); 1454 } 1455 1456 if (skb->len != sizeof(*rp)) { 1457 BT_ERR("%s Intel device address length mismatch", hdev->name); 1458 kfree_skb(skb); 1459 return -EIO; 1460 } 1461 1462 rp = (struct hci_rp_read_bd_addr *)skb->data; 1463 if (rp->status) { 1464 BT_ERR("%s Intel device address result failed (%02x)", 1465 hdev->name, rp->status); 1466 kfree_skb(skb); 1467 return -bt_to_errno(rp->status); 1468 } 1469 1470 /* For some Intel based controllers, the default Bluetooth device 1471 * address 00:03:19:9E:8B:00 can be found. These controllers are 1472 * fully operational, but have the danger of duplicate addresses 1473 * and that in turn can cause problems with Bluetooth operation. 1474 */ 1475 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) { 1476 BT_ERR("%s found Intel default device address (%pMR)", 1477 hdev->name, &rp->bdaddr); 1478 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1479 } 1480 1481 kfree_skb(skb); 1482 1483 return 0; 1484 } 1485 1486 static int btusb_setup_intel(struct hci_dev *hdev) 1487 { 1488 struct sk_buff *skb; 1489 const struct firmware *fw; 1490 const u8 *fw_ptr; 1491 int disable_patch; 1492 struct intel_version *ver; 1493 1494 const u8 mfg_enable[] = { 0x01, 0x00 }; 1495 const u8 mfg_disable[] = { 0x00, 0x00 }; 1496 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 }; 1497 const u8 mfg_reset_activate[] = { 0x00, 0x02 }; 1498 1499 BT_DBG("%s", hdev->name); 1500 1501 /* The controller has a bug with the first HCI command sent to it 1502 * returning number of completed commands as zero. This would stall the 1503 * command processing in the Bluetooth core. 1504 * 1505 * As a workaround, send HCI Reset command first which will reset the 1506 * number of completed commands and allow normal command processing 1507 * from now on. 1508 */ 1509 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1510 if (IS_ERR(skb)) { 1511 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1512 hdev->name, PTR_ERR(skb)); 1513 return PTR_ERR(skb); 1514 } 1515 kfree_skb(skb); 1516 1517 /* Read Intel specific controller version first to allow selection of 1518 * which firmware file to load. 1519 * 1520 * The returned information are hardware variant and revision plus 1521 * firmware variant, revision and build number. 1522 */ 1523 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 1524 if (IS_ERR(skb)) { 1525 BT_ERR("%s reading Intel fw version command failed (%ld)", 1526 hdev->name, PTR_ERR(skb)); 1527 return PTR_ERR(skb); 1528 } 1529 1530 if (skb->len != sizeof(*ver)) { 1531 BT_ERR("%s Intel version event length mismatch", hdev->name); 1532 kfree_skb(skb); 1533 return -EIO; 1534 } 1535 1536 ver = (struct intel_version *)skb->data; 1537 if (ver->status) { 1538 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name, 1539 ver->status); 1540 kfree_skb(skb); 1541 return -bt_to_errno(ver->status); 1542 } 1543 1544 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1545 hdev->name, ver->hw_platform, ver->hw_variant, 1546 ver->hw_revision, ver->fw_variant, ver->fw_revision, 1547 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy, 1548 ver->fw_patch_num); 1549 1550 /* fw_patch_num indicates the version of patch the device currently 1551 * have. If there is no patch data in the device, it is always 0x00. 1552 * So, if it is other than 0x00, no need to patch the deivce again. 1553 */ 1554 if (ver->fw_patch_num) { 1555 BT_INFO("%s: Intel device is already patched. patch num: %02x", 1556 hdev->name, ver->fw_patch_num); 1557 kfree_skb(skb); 1558 btusb_check_bdaddr_intel(hdev); 1559 return 0; 1560 } 1561 1562 /* Opens the firmware patch file based on the firmware version read 1563 * from the controller. If it fails to open the matching firmware 1564 * patch file, it tries to open the default firmware patch file. 1565 * If no patch file is found, allow the device to operate without 1566 * a patch. 1567 */ 1568 fw = btusb_setup_intel_get_fw(hdev, ver); 1569 if (!fw) { 1570 kfree_skb(skb); 1571 btusb_check_bdaddr_intel(hdev); 1572 return 0; 1573 } 1574 fw_ptr = fw->data; 1575 1576 /* This Intel specific command enables the manufacturer mode of the 1577 * controller. 1578 * 1579 * Only while this mode is enabled, the driver can download the 1580 * firmware patch data and configuration parameters. 1581 */ 1582 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT); 1583 if (IS_ERR(skb)) { 1584 BT_ERR("%s entering Intel manufacturer mode failed (%ld)", 1585 hdev->name, PTR_ERR(skb)); 1586 release_firmware(fw); 1587 return PTR_ERR(skb); 1588 } 1589 1590 if (skb->data[0]) { 1591 u8 evt_status = skb->data[0]; 1592 1593 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)", 1594 hdev->name, evt_status); 1595 kfree_skb(skb); 1596 release_firmware(fw); 1597 return -bt_to_errno(evt_status); 1598 } 1599 kfree_skb(skb); 1600 1601 disable_patch = 1; 1602 1603 /* The firmware data file consists of list of Intel specific HCI 1604 * commands and its expected events. The first byte indicates the 1605 * type of the message, either HCI command or HCI event. 1606 * 1607 * It reads the command and its expected event from the firmware file, 1608 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1609 * the returned event is compared with the event read from the firmware 1610 * file and it will continue until all the messages are downloaded to 1611 * the controller. 1612 * 1613 * Once the firmware patching is completed successfully, 1614 * the manufacturer mode is disabled with reset and activating the 1615 * downloaded patch. 1616 * 1617 * If the firmware patching fails, the manufacturer mode is 1618 * disabled with reset and deactivating the patch. 1619 * 1620 * If the default patch file is used, no reset is done when disabling 1621 * the manufacturer. 1622 */ 1623 while (fw->size > fw_ptr - fw->data) { 1624 int ret; 1625 1626 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1627 &disable_patch); 1628 if (ret < 0) 1629 goto exit_mfg_deactivate; 1630 } 1631 1632 release_firmware(fw); 1633 1634 if (disable_patch) 1635 goto exit_mfg_disable; 1636 1637 /* Patching completed successfully and disable the manufacturer mode 1638 * with reset and activate the downloaded firmware patches. 1639 */ 1640 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate), 1641 mfg_reset_activate, HCI_INIT_TIMEOUT); 1642 if (IS_ERR(skb)) { 1643 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1644 hdev->name, PTR_ERR(skb)); 1645 return PTR_ERR(skb); 1646 } 1647 kfree_skb(skb); 1648 1649 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", 1650 hdev->name); 1651 1652 btusb_check_bdaddr_intel(hdev); 1653 return 0; 1654 1655 exit_mfg_disable: 1656 /* Disable the manufacturer mode without reset */ 1657 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable, 1658 HCI_INIT_TIMEOUT); 1659 if (IS_ERR(skb)) { 1660 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1661 hdev->name, PTR_ERR(skb)); 1662 return PTR_ERR(skb); 1663 } 1664 kfree_skb(skb); 1665 1666 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); 1667 1668 btusb_check_bdaddr_intel(hdev); 1669 return 0; 1670 1671 exit_mfg_deactivate: 1672 release_firmware(fw); 1673 1674 /* Patching failed. Disable the manufacturer mode with reset and 1675 * deactivate the downloaded firmware patches. 1676 */ 1677 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate), 1678 mfg_reset_deactivate, HCI_INIT_TIMEOUT); 1679 if (IS_ERR(skb)) { 1680 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1681 hdev->name, PTR_ERR(skb)); 1682 return PTR_ERR(skb); 1683 } 1684 kfree_skb(skb); 1685 1686 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", 1687 hdev->name); 1688 1689 btusb_check_bdaddr_intel(hdev); 1690 return 0; 1691 } 1692 1693 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1694 { 1695 struct sk_buff *skb; 1696 long ret; 1697 1698 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 1699 if (IS_ERR(skb)) { 1700 ret = PTR_ERR(skb); 1701 BT_ERR("%s: changing Intel device address failed (%ld)", 1702 hdev->name, ret); 1703 return ret; 1704 } 1705 kfree_skb(skb); 1706 1707 return 0; 1708 } 1709 1710 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 1711 const bdaddr_t *bdaddr) 1712 { 1713 struct sk_buff *skb; 1714 u8 buf[8]; 1715 long ret; 1716 1717 buf[0] = 0xfe; 1718 buf[1] = sizeof(bdaddr_t); 1719 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 1720 1721 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 1722 if (IS_ERR(skb)) { 1723 ret = PTR_ERR(skb); 1724 BT_ERR("%s: changing Marvell device address failed (%ld)", 1725 hdev->name, ret); 1726 return ret; 1727 } 1728 kfree_skb(skb); 1729 1730 return 0; 1731 } 1732 1733 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}}) 1734 1735 static int btusb_setup_bcm_patchram(struct hci_dev *hdev) 1736 { 1737 struct btusb_data *data = hci_get_drvdata(hdev); 1738 struct usb_device *udev = data->udev; 1739 char fw_name[64]; 1740 const struct firmware *fw; 1741 const u8 *fw_ptr; 1742 size_t fw_size; 1743 const struct hci_command_hdr *cmd; 1744 const u8 *cmd_param; 1745 u16 opcode; 1746 struct sk_buff *skb; 1747 struct hci_rp_read_local_version *ver; 1748 struct hci_rp_read_bd_addr *bda; 1749 long ret; 1750 1751 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd", 1752 udev->product ? udev->product : "BCM", 1753 le16_to_cpu(udev->descriptor.idVendor), 1754 le16_to_cpu(udev->descriptor.idProduct)); 1755 1756 ret = request_firmware(&fw, fw_name, &hdev->dev); 1757 if (ret < 0) { 1758 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name); 1759 return 0; 1760 } 1761 1762 /* Reset */ 1763 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1764 if (IS_ERR(skb)) { 1765 ret = PTR_ERR(skb); 1766 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1767 goto done; 1768 } 1769 kfree_skb(skb); 1770 1771 /* Read Local Version Info */ 1772 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1773 HCI_INIT_TIMEOUT); 1774 if (IS_ERR(skb)) { 1775 ret = PTR_ERR(skb); 1776 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1777 hdev->name, ret); 1778 goto done; 1779 } 1780 1781 if (skb->len != sizeof(*ver)) { 1782 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1783 hdev->name); 1784 kfree_skb(skb); 1785 ret = -EIO; 1786 goto done; 1787 } 1788 1789 ver = (struct hci_rp_read_local_version *)skb->data; 1790 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1791 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1792 ver->lmp_ver, ver->lmp_subver); 1793 kfree_skb(skb); 1794 1795 /* Start Download */ 1796 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); 1797 if (IS_ERR(skb)) { 1798 ret = PTR_ERR(skb); 1799 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", 1800 hdev->name, ret); 1801 goto reset_fw; 1802 } 1803 kfree_skb(skb); 1804 1805 /* 50 msec delay after Download Minidrv completes */ 1806 msleep(50); 1807 1808 fw_ptr = fw->data; 1809 fw_size = fw->size; 1810 1811 while (fw_size >= sizeof(*cmd)) { 1812 cmd = (struct hci_command_hdr *)fw_ptr; 1813 fw_ptr += sizeof(*cmd); 1814 fw_size -= sizeof(*cmd); 1815 1816 if (fw_size < cmd->plen) { 1817 BT_ERR("%s: BCM: patch %s is corrupted", 1818 hdev->name, fw_name); 1819 ret = -EINVAL; 1820 goto reset_fw; 1821 } 1822 1823 cmd_param = fw_ptr; 1824 fw_ptr += cmd->plen; 1825 fw_size -= cmd->plen; 1826 1827 opcode = le16_to_cpu(cmd->opcode); 1828 1829 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, 1830 HCI_INIT_TIMEOUT); 1831 if (IS_ERR(skb)) { 1832 ret = PTR_ERR(skb); 1833 BT_ERR("%s: BCM: patch command %04x failed (%ld)", 1834 hdev->name, opcode, ret); 1835 goto reset_fw; 1836 } 1837 kfree_skb(skb); 1838 } 1839 1840 /* 250 msec delay after Launch Ram completes */ 1841 msleep(250); 1842 1843 reset_fw: 1844 /* Reset */ 1845 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1846 if (IS_ERR(skb)) { 1847 ret = PTR_ERR(skb); 1848 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1849 goto done; 1850 } 1851 kfree_skb(skb); 1852 1853 /* Read Local Version Info */ 1854 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1855 HCI_INIT_TIMEOUT); 1856 if (IS_ERR(skb)) { 1857 ret = PTR_ERR(skb); 1858 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1859 hdev->name, ret); 1860 goto done; 1861 } 1862 1863 if (skb->len != sizeof(*ver)) { 1864 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1865 hdev->name); 1866 kfree_skb(skb); 1867 ret = -EIO; 1868 goto done; 1869 } 1870 1871 ver = (struct hci_rp_read_local_version *)skb->data; 1872 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1873 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1874 ver->lmp_ver, ver->lmp_subver); 1875 kfree_skb(skb); 1876 1877 /* Read BD Address */ 1878 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1879 HCI_INIT_TIMEOUT); 1880 if (IS_ERR(skb)) { 1881 ret = PTR_ERR(skb); 1882 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)", 1883 hdev->name, ret); 1884 goto done; 1885 } 1886 1887 if (skb->len != sizeof(*bda)) { 1888 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch", 1889 hdev->name); 1890 kfree_skb(skb); 1891 ret = -EIO; 1892 goto done; 1893 } 1894 1895 bda = (struct hci_rp_read_bd_addr *)skb->data; 1896 if (bda->status) { 1897 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)", 1898 hdev->name, bda->status); 1899 kfree_skb(skb); 1900 ret = -bt_to_errno(bda->status); 1901 goto done; 1902 } 1903 1904 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller 1905 * with no configured address. 1906 */ 1907 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) { 1908 BT_INFO("%s: BCM: using default device address (%pMR)", 1909 hdev->name, &bda->bdaddr); 1910 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1911 } 1912 1913 kfree_skb(skb); 1914 1915 done: 1916 release_firmware(fw); 1917 1918 return ret; 1919 } 1920 1921 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1922 { 1923 struct sk_buff *skb; 1924 long ret; 1925 1926 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT); 1927 if (IS_ERR(skb)) { 1928 ret = PTR_ERR(skb); 1929 BT_ERR("%s: BCM: Change address command failed (%ld)", 1930 hdev->name, ret); 1931 return ret; 1932 } 1933 kfree_skb(skb); 1934 1935 return 0; 1936 } 1937 1938 static int btusb_probe(struct usb_interface *intf, 1939 const struct usb_device_id *id) 1940 { 1941 struct usb_endpoint_descriptor *ep_desc; 1942 struct btusb_data *data; 1943 struct hci_dev *hdev; 1944 int i, err; 1945 1946 BT_DBG("intf %p id %p", intf, id); 1947 1948 /* interface numbers are hardcoded in the spec */ 1949 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) 1950 return -ENODEV; 1951 1952 if (!id->driver_info) { 1953 const struct usb_device_id *match; 1954 1955 match = usb_match_id(intf, blacklist_table); 1956 if (match) 1957 id = match; 1958 } 1959 1960 if (id->driver_info == BTUSB_IGNORE) 1961 return -ENODEV; 1962 1963 if (id->driver_info & BTUSB_ATH3012) { 1964 struct usb_device *udev = interface_to_usbdev(intf); 1965 1966 /* Old firmware would otherwise let ath3k driver load 1967 * patch and sysconfig files */ 1968 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 1969 return -ENODEV; 1970 } 1971 1972 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 1973 if (!data) 1974 return -ENOMEM; 1975 1976 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1977 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1978 1979 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 1980 data->intr_ep = ep_desc; 1981 continue; 1982 } 1983 1984 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 1985 data->bulk_tx_ep = ep_desc; 1986 continue; 1987 } 1988 1989 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 1990 data->bulk_rx_ep = ep_desc; 1991 continue; 1992 } 1993 } 1994 1995 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 1996 return -ENODEV; 1997 1998 data->cmdreq_type = USB_TYPE_CLASS; 1999 2000 data->udev = interface_to_usbdev(intf); 2001 data->intf = intf; 2002 2003 INIT_WORK(&data->work, btusb_work); 2004 INIT_WORK(&data->waker, btusb_waker); 2005 init_usb_anchor(&data->deferred); 2006 init_usb_anchor(&data->tx_anchor); 2007 spin_lock_init(&data->txlock); 2008 2009 init_usb_anchor(&data->intr_anchor); 2010 init_usb_anchor(&data->bulk_anchor); 2011 init_usb_anchor(&data->isoc_anchor); 2012 spin_lock_init(&data->rxlock); 2013 2014 hdev = hci_alloc_dev(); 2015 if (!hdev) 2016 return -ENOMEM; 2017 2018 hdev->bus = HCI_USB; 2019 hci_set_drvdata(hdev, data); 2020 2021 data->hdev = hdev; 2022 2023 SET_HCIDEV_DEV(hdev, &intf->dev); 2024 2025 hdev->open = btusb_open; 2026 hdev->close = btusb_close; 2027 hdev->flush = btusb_flush; 2028 hdev->send = btusb_send_frame; 2029 hdev->notify = btusb_notify; 2030 2031 if (id->driver_info & BTUSB_BCM92035) 2032 hdev->setup = btusb_setup_bcm92035; 2033 2034 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 2035 hdev->setup = btusb_setup_bcm_patchram; 2036 hdev->set_bdaddr = btusb_set_bdaddr_bcm; 2037 } 2038 2039 if (id->driver_info & BTUSB_INTEL) { 2040 hdev->setup = btusb_setup_intel; 2041 hdev->set_bdaddr = btusb_set_bdaddr_intel; 2042 } 2043 2044 if (id->driver_info & BTUSB_MARVELL) 2045 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 2046 2047 if (id->driver_info & BTUSB_INTEL_BOOT) 2048 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2049 2050 /* Interface numbers are hardcoded in the specification */ 2051 data->isoc = usb_ifnum_to_if(data->udev, 1); 2052 2053 if (!reset) 2054 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2055 2056 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 2057 if (!disable_scofix) 2058 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 2059 } 2060 2061 if (id->driver_info & BTUSB_BROKEN_ISOC) 2062 data->isoc = NULL; 2063 2064 if (id->driver_info & BTUSB_DIGIANSWER) { 2065 data->cmdreq_type = USB_TYPE_VENDOR; 2066 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2067 } 2068 2069 if (id->driver_info & BTUSB_CSR) { 2070 struct usb_device *udev = data->udev; 2071 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 2072 2073 /* Old firmware would otherwise execute USB reset */ 2074 if (bcdDevice < 0x117) 2075 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2076 2077 /* Fake CSR devices with broken commands */ 2078 if (bcdDevice <= 0x100) 2079 hdev->setup = btusb_setup_csr; 2080 } 2081 2082 if (id->driver_info & BTUSB_SNIFFER) { 2083 struct usb_device *udev = data->udev; 2084 2085 /* New sniffer firmware has crippled HCI interface */ 2086 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 2087 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2088 } 2089 2090 if (id->driver_info & BTUSB_INTEL_BOOT) { 2091 /* A bug in the bootloader causes that interrupt interface is 2092 * only enabled after receiving SetInterface(0, AltSetting=0). 2093 */ 2094 err = usb_set_interface(data->udev, 0, 0); 2095 if (err < 0) { 2096 BT_ERR("failed to set interface 0, alt 0 %d", err); 2097 hci_free_dev(hdev); 2098 return err; 2099 } 2100 } 2101 2102 if (data->isoc) { 2103 err = usb_driver_claim_interface(&btusb_driver, 2104 data->isoc, data); 2105 if (err < 0) { 2106 hci_free_dev(hdev); 2107 return err; 2108 } 2109 } 2110 2111 err = hci_register_dev(hdev); 2112 if (err < 0) { 2113 hci_free_dev(hdev); 2114 return err; 2115 } 2116 2117 usb_set_intfdata(intf, data); 2118 2119 return 0; 2120 } 2121 2122 static void btusb_disconnect(struct usb_interface *intf) 2123 { 2124 struct btusb_data *data = usb_get_intfdata(intf); 2125 struct hci_dev *hdev; 2126 2127 BT_DBG("intf %p", intf); 2128 2129 if (!data) 2130 return; 2131 2132 hdev = data->hdev; 2133 usb_set_intfdata(data->intf, NULL); 2134 2135 if (data->isoc) 2136 usb_set_intfdata(data->isoc, NULL); 2137 2138 hci_unregister_dev(hdev); 2139 2140 if (intf == data->isoc) 2141 usb_driver_release_interface(&btusb_driver, data->intf); 2142 else if (data->isoc) 2143 usb_driver_release_interface(&btusb_driver, data->isoc); 2144 2145 btusb_free_frags(data); 2146 hci_free_dev(hdev); 2147 } 2148 2149 #ifdef CONFIG_PM 2150 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 2151 { 2152 struct btusb_data *data = usb_get_intfdata(intf); 2153 2154 BT_DBG("intf %p", intf); 2155 2156 if (data->suspend_count++) 2157 return 0; 2158 2159 spin_lock_irq(&data->txlock); 2160 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 2161 set_bit(BTUSB_SUSPENDING, &data->flags); 2162 spin_unlock_irq(&data->txlock); 2163 } else { 2164 spin_unlock_irq(&data->txlock); 2165 data->suspend_count--; 2166 return -EBUSY; 2167 } 2168 2169 cancel_work_sync(&data->work); 2170 2171 btusb_stop_traffic(data); 2172 usb_kill_anchored_urbs(&data->tx_anchor); 2173 2174 return 0; 2175 } 2176 2177 static void play_deferred(struct btusb_data *data) 2178 { 2179 struct urb *urb; 2180 int err; 2181 2182 while ((urb = usb_get_from_anchor(&data->deferred))) { 2183 err = usb_submit_urb(urb, GFP_ATOMIC); 2184 if (err < 0) 2185 break; 2186 2187 data->tx_in_flight++; 2188 } 2189 usb_scuttle_anchored_urbs(&data->deferred); 2190 } 2191 2192 static int btusb_resume(struct usb_interface *intf) 2193 { 2194 struct btusb_data *data = usb_get_intfdata(intf); 2195 struct hci_dev *hdev = data->hdev; 2196 int err = 0; 2197 2198 BT_DBG("intf %p", intf); 2199 2200 if (--data->suspend_count) 2201 return 0; 2202 2203 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2204 goto done; 2205 2206 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 2207 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 2208 if (err < 0) { 2209 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2210 goto failed; 2211 } 2212 } 2213 2214 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 2215 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 2216 if (err < 0) { 2217 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 2218 goto failed; 2219 } 2220 2221 btusb_submit_bulk_urb(hdev, GFP_NOIO); 2222 } 2223 2224 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2225 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 2226 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2227 else 2228 btusb_submit_isoc_urb(hdev, GFP_NOIO); 2229 } 2230 2231 spin_lock_irq(&data->txlock); 2232 play_deferred(data); 2233 clear_bit(BTUSB_SUSPENDING, &data->flags); 2234 spin_unlock_irq(&data->txlock); 2235 schedule_work(&data->work); 2236 2237 return 0; 2238 2239 failed: 2240 usb_scuttle_anchored_urbs(&data->deferred); 2241 done: 2242 spin_lock_irq(&data->txlock); 2243 clear_bit(BTUSB_SUSPENDING, &data->flags); 2244 spin_unlock_irq(&data->txlock); 2245 2246 return err; 2247 } 2248 #endif 2249 2250 static struct usb_driver btusb_driver = { 2251 .name = "btusb", 2252 .probe = btusb_probe, 2253 .disconnect = btusb_disconnect, 2254 #ifdef CONFIG_PM 2255 .suspend = btusb_suspend, 2256 .resume = btusb_resume, 2257 #endif 2258 .id_table = btusb_table, 2259 .supports_autosuspend = 1, 2260 .disable_hub_initiated_lpm = 1, 2261 }; 2262 2263 module_usb_driver(btusb_driver); 2264 2265 module_param(disable_scofix, bool, 0644); 2266 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 2267 2268 module_param(force_scofix, bool, 0644); 2269 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 2270 2271 module_param(reset, bool, 0644); 2272 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 2273 2274 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2275 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 2276 MODULE_VERSION(VERSION); 2277 MODULE_LICENSE("GPL"); 2278