xref: /openbmc/linux/drivers/bluetooth/btusb.c (revision 4800cd83)
1 /*
2  *
3  *  Generic Bluetooth USB driver
4  *
5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32 
33 #include <linux/usb.h>
34 
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 
38 #define VERSION "0.6"
39 
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45 
46 static int reset = 1;
47 
48 static struct usb_driver btusb_driver;
49 
50 #define BTUSB_IGNORE		0x01
51 #define BTUSB_DIGIANSWER	0x02
52 #define BTUSB_CSR		0x04
53 #define BTUSB_SNIFFER		0x08
54 #define BTUSB_BCM92035		0x10
55 #define BTUSB_BROKEN_ISOC	0x20
56 #define BTUSB_WRONG_SCO_MTU	0x40
57 
58 static struct usb_device_id btusb_table[] = {
59 	/* Generic Bluetooth USB device */
60 	{ USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
61 
62 	/* Apple MacBookPro 7,1 */
63 	{ USB_DEVICE(0x05ac, 0x8213) },
64 
65 	/* Apple iMac11,1 */
66 	{ USB_DEVICE(0x05ac, 0x8215) },
67 
68 	/* Apple MacBookPro6,2 */
69 	{ USB_DEVICE(0x05ac, 0x8218) },
70 
71 	/* Apple MacBookAir3,1, MacBookAir3,2 */
72 	{ USB_DEVICE(0x05ac, 0x821b) },
73 
74 	/* AVM BlueFRITZ! USB v2.0 */
75 	{ USB_DEVICE(0x057c, 0x3800) },
76 
77 	/* Bluetooth Ultraport Module from IBM */
78 	{ USB_DEVICE(0x04bf, 0x030a) },
79 
80 	/* ALPS Modules with non-standard id */
81 	{ USB_DEVICE(0x044e, 0x3001) },
82 	{ USB_DEVICE(0x044e, 0x3002) },
83 
84 	/* Ericsson with non-standard id */
85 	{ USB_DEVICE(0x0bdb, 0x1002) },
86 
87 	/* Canyon CN-BTU1 with HID interfaces */
88 	{ USB_DEVICE(0x0c10, 0x0000) },
89 
90 	{ }	/* Terminating entry */
91 };
92 
93 MODULE_DEVICE_TABLE(usb, btusb_table);
94 
95 static struct usb_device_id blacklist_table[] = {
96 	/* CSR BlueCore devices */
97 	{ USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
98 
99 	/* Broadcom BCM2033 without firmware */
100 	{ USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
101 
102 	/* Atheros 3011 with sflash firmware */
103 	{ USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
104 
105 	/* Atheros AR9285 Malbec with sflash firmware */
106 	{ USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
107 
108 	/* Atheros AR5BBU12 with sflash firmware */
109 	{ USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
110 
111 	/* Broadcom BCM2035 */
112 	{ USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
113 	{ USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
114 	{ USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
115 
116 	/* Broadcom BCM2045 */
117 	{ USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
118 	{ USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
119 
120 	/* IBM/Lenovo ThinkPad with Broadcom chip */
121 	{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
122 	{ USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
123 
124 	/* HP laptop with Broadcom chip */
125 	{ USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
126 
127 	/* Dell laptop with Broadcom chip */
128 	{ USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
129 
130 	/* Dell Wireless 370 and 410 devices */
131 	{ USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
132 	{ USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
133 
134 	/* Belkin F8T012 and F8T013 devices */
135 	{ USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
136 	{ USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
137 
138 	/* Asus WL-BTD202 device */
139 	{ USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
140 
141 	/* Kensington Bluetooth USB adapter */
142 	{ USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
143 
144 	/* RTX Telecom based adapters with buggy SCO support */
145 	{ USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
146 	{ USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
147 
148 	/* CONWISE Technology based adapters with buggy SCO support */
149 	{ USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
150 
151 	/* Digianswer devices */
152 	{ USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
153 	{ USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
154 
155 	/* CSR BlueCore Bluetooth Sniffer */
156 	{ USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
157 
158 	/* Frontline ComProbe Bluetooth Sniffer */
159 	{ USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
160 
161 	{ }	/* Terminating entry */
162 };
163 
164 #define BTUSB_MAX_ISOC_FRAMES	10
165 
166 #define BTUSB_INTR_RUNNING	0
167 #define BTUSB_BULK_RUNNING	1
168 #define BTUSB_ISOC_RUNNING	2
169 #define BTUSB_SUSPENDING	3
170 #define BTUSB_DID_ISO_RESUME	4
171 
172 struct btusb_data {
173 	struct hci_dev       *hdev;
174 	struct usb_device    *udev;
175 	struct usb_interface *intf;
176 	struct usb_interface *isoc;
177 
178 	spinlock_t lock;
179 
180 	unsigned long flags;
181 
182 	struct work_struct work;
183 	struct work_struct waker;
184 
185 	struct usb_anchor tx_anchor;
186 	struct usb_anchor intr_anchor;
187 	struct usb_anchor bulk_anchor;
188 	struct usb_anchor isoc_anchor;
189 	struct usb_anchor deferred;
190 	int tx_in_flight;
191 	spinlock_t txlock;
192 
193 	struct usb_endpoint_descriptor *intr_ep;
194 	struct usb_endpoint_descriptor *bulk_tx_ep;
195 	struct usb_endpoint_descriptor *bulk_rx_ep;
196 	struct usb_endpoint_descriptor *isoc_tx_ep;
197 	struct usb_endpoint_descriptor *isoc_rx_ep;
198 
199 	__u8 cmdreq_type;
200 
201 	unsigned int sco_num;
202 	int isoc_altsetting;
203 	int suspend_count;
204 };
205 
206 static int inc_tx(struct btusb_data *data)
207 {
208 	unsigned long flags;
209 	int rv;
210 
211 	spin_lock_irqsave(&data->txlock, flags);
212 	rv = test_bit(BTUSB_SUSPENDING, &data->flags);
213 	if (!rv)
214 		data->tx_in_flight++;
215 	spin_unlock_irqrestore(&data->txlock, flags);
216 
217 	return rv;
218 }
219 
220 static void btusb_intr_complete(struct urb *urb)
221 {
222 	struct hci_dev *hdev = urb->context;
223 	struct btusb_data *data = hdev->driver_data;
224 	int err;
225 
226 	BT_DBG("%s urb %p status %d count %d", hdev->name,
227 					urb, urb->status, urb->actual_length);
228 
229 	if (!test_bit(HCI_RUNNING, &hdev->flags))
230 		return;
231 
232 	if (urb->status == 0) {
233 		hdev->stat.byte_rx += urb->actual_length;
234 
235 		if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
236 						urb->transfer_buffer,
237 						urb->actual_length) < 0) {
238 			BT_ERR("%s corrupted event packet", hdev->name);
239 			hdev->stat.err_rx++;
240 		}
241 	}
242 
243 	if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
244 		return;
245 
246 	usb_mark_last_busy(data->udev);
247 	usb_anchor_urb(urb, &data->intr_anchor);
248 
249 	err = usb_submit_urb(urb, GFP_ATOMIC);
250 	if (err < 0) {
251 		if (err != -EPERM)
252 			BT_ERR("%s urb %p failed to resubmit (%d)",
253 						hdev->name, urb, -err);
254 		usb_unanchor_urb(urb);
255 	}
256 }
257 
258 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
259 {
260 	struct btusb_data *data = hdev->driver_data;
261 	struct urb *urb;
262 	unsigned char *buf;
263 	unsigned int pipe;
264 	int err, size;
265 
266 	BT_DBG("%s", hdev->name);
267 
268 	if (!data->intr_ep)
269 		return -ENODEV;
270 
271 	urb = usb_alloc_urb(0, mem_flags);
272 	if (!urb)
273 		return -ENOMEM;
274 
275 	size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
276 
277 	buf = kmalloc(size, mem_flags);
278 	if (!buf) {
279 		usb_free_urb(urb);
280 		return -ENOMEM;
281 	}
282 
283 	pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
284 
285 	usb_fill_int_urb(urb, data->udev, pipe, buf, size,
286 						btusb_intr_complete, hdev,
287 						data->intr_ep->bInterval);
288 
289 	urb->transfer_flags |= URB_FREE_BUFFER;
290 
291 	usb_anchor_urb(urb, &data->intr_anchor);
292 
293 	err = usb_submit_urb(urb, mem_flags);
294 	if (err < 0) {
295 		BT_ERR("%s urb %p submission failed (%d)",
296 						hdev->name, urb, -err);
297 		usb_unanchor_urb(urb);
298 	}
299 
300 	usb_free_urb(urb);
301 
302 	return err;
303 }
304 
305 static void btusb_bulk_complete(struct urb *urb)
306 {
307 	struct hci_dev *hdev = urb->context;
308 	struct btusb_data *data = hdev->driver_data;
309 	int err;
310 
311 	BT_DBG("%s urb %p status %d count %d", hdev->name,
312 					urb, urb->status, urb->actual_length);
313 
314 	if (!test_bit(HCI_RUNNING, &hdev->flags))
315 		return;
316 
317 	if (urb->status == 0) {
318 		hdev->stat.byte_rx += urb->actual_length;
319 
320 		if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
321 						urb->transfer_buffer,
322 						urb->actual_length) < 0) {
323 			BT_ERR("%s corrupted ACL packet", hdev->name);
324 			hdev->stat.err_rx++;
325 		}
326 	}
327 
328 	if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
329 		return;
330 
331 	usb_anchor_urb(urb, &data->bulk_anchor);
332 	usb_mark_last_busy(data->udev);
333 
334 	err = usb_submit_urb(urb, GFP_ATOMIC);
335 	if (err < 0) {
336 		if (err != -EPERM)
337 			BT_ERR("%s urb %p failed to resubmit (%d)",
338 						hdev->name, urb, -err);
339 		usb_unanchor_urb(urb);
340 	}
341 }
342 
343 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
344 {
345 	struct btusb_data *data = hdev->driver_data;
346 	struct urb *urb;
347 	unsigned char *buf;
348 	unsigned int pipe;
349 	int err, size = HCI_MAX_FRAME_SIZE;
350 
351 	BT_DBG("%s", hdev->name);
352 
353 	if (!data->bulk_rx_ep)
354 		return -ENODEV;
355 
356 	urb = usb_alloc_urb(0, mem_flags);
357 	if (!urb)
358 		return -ENOMEM;
359 
360 	buf = kmalloc(size, mem_flags);
361 	if (!buf) {
362 		usb_free_urb(urb);
363 		return -ENOMEM;
364 	}
365 
366 	pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
367 
368 	usb_fill_bulk_urb(urb, data->udev, pipe,
369 					buf, size, btusb_bulk_complete, hdev);
370 
371 	urb->transfer_flags |= URB_FREE_BUFFER;
372 
373 	usb_mark_last_busy(data->udev);
374 	usb_anchor_urb(urb, &data->bulk_anchor);
375 
376 	err = usb_submit_urb(urb, mem_flags);
377 	if (err < 0) {
378 		BT_ERR("%s urb %p submission failed (%d)",
379 						hdev->name, urb, -err);
380 		usb_unanchor_urb(urb);
381 	}
382 
383 	usb_free_urb(urb);
384 
385 	return err;
386 }
387 
388 static void btusb_isoc_complete(struct urb *urb)
389 {
390 	struct hci_dev *hdev = urb->context;
391 	struct btusb_data *data = hdev->driver_data;
392 	int i, err;
393 
394 	BT_DBG("%s urb %p status %d count %d", hdev->name,
395 					urb, urb->status, urb->actual_length);
396 
397 	if (!test_bit(HCI_RUNNING, &hdev->flags))
398 		return;
399 
400 	if (urb->status == 0) {
401 		for (i = 0; i < urb->number_of_packets; i++) {
402 			unsigned int offset = urb->iso_frame_desc[i].offset;
403 			unsigned int length = urb->iso_frame_desc[i].actual_length;
404 
405 			if (urb->iso_frame_desc[i].status)
406 				continue;
407 
408 			hdev->stat.byte_rx += length;
409 
410 			if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
411 						urb->transfer_buffer + offset,
412 								length) < 0) {
413 				BT_ERR("%s corrupted SCO packet", hdev->name);
414 				hdev->stat.err_rx++;
415 			}
416 		}
417 	}
418 
419 	if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
420 		return;
421 
422 	usb_anchor_urb(urb, &data->isoc_anchor);
423 
424 	err = usb_submit_urb(urb, GFP_ATOMIC);
425 	if (err < 0) {
426 		if (err != -EPERM)
427 			BT_ERR("%s urb %p failed to resubmit (%d)",
428 						hdev->name, urb, -err);
429 		usb_unanchor_urb(urb);
430 	}
431 }
432 
433 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
434 {
435 	int i, offset = 0;
436 
437 	BT_DBG("len %d mtu %d", len, mtu);
438 
439 	for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
440 					i++, offset += mtu, len -= mtu) {
441 		urb->iso_frame_desc[i].offset = offset;
442 		urb->iso_frame_desc[i].length = mtu;
443 	}
444 
445 	if (len && i < BTUSB_MAX_ISOC_FRAMES) {
446 		urb->iso_frame_desc[i].offset = offset;
447 		urb->iso_frame_desc[i].length = len;
448 		i++;
449 	}
450 
451 	urb->number_of_packets = i;
452 }
453 
454 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
455 {
456 	struct btusb_data *data = hdev->driver_data;
457 	struct urb *urb;
458 	unsigned char *buf;
459 	unsigned int pipe;
460 	int err, size;
461 
462 	BT_DBG("%s", hdev->name);
463 
464 	if (!data->isoc_rx_ep)
465 		return -ENODEV;
466 
467 	urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
468 	if (!urb)
469 		return -ENOMEM;
470 
471 	size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
472 						BTUSB_MAX_ISOC_FRAMES;
473 
474 	buf = kmalloc(size, mem_flags);
475 	if (!buf) {
476 		usb_free_urb(urb);
477 		return -ENOMEM;
478 	}
479 
480 	pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
481 
482 	urb->dev      = data->udev;
483 	urb->pipe     = pipe;
484 	urb->context  = hdev;
485 	urb->complete = btusb_isoc_complete;
486 	urb->interval = data->isoc_rx_ep->bInterval;
487 
488 	urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
489 	urb->transfer_buffer = buf;
490 	urb->transfer_buffer_length = size;
491 
492 	__fill_isoc_descriptor(urb, size,
493 			le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
494 
495 	usb_anchor_urb(urb, &data->isoc_anchor);
496 
497 	err = usb_submit_urb(urb, mem_flags);
498 	if (err < 0) {
499 		BT_ERR("%s urb %p submission failed (%d)",
500 						hdev->name, urb, -err);
501 		usb_unanchor_urb(urb);
502 	}
503 
504 	usb_free_urb(urb);
505 
506 	return err;
507 }
508 
509 static void btusb_tx_complete(struct urb *urb)
510 {
511 	struct sk_buff *skb = urb->context;
512 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
513 	struct btusb_data *data = hdev->driver_data;
514 
515 	BT_DBG("%s urb %p status %d count %d", hdev->name,
516 					urb, urb->status, urb->actual_length);
517 
518 	if (!test_bit(HCI_RUNNING, &hdev->flags))
519 		goto done;
520 
521 	if (!urb->status)
522 		hdev->stat.byte_tx += urb->transfer_buffer_length;
523 	else
524 		hdev->stat.err_tx++;
525 
526 done:
527 	spin_lock(&data->txlock);
528 	data->tx_in_flight--;
529 	spin_unlock(&data->txlock);
530 
531 	kfree(urb->setup_packet);
532 
533 	kfree_skb(skb);
534 }
535 
536 static void btusb_isoc_tx_complete(struct urb *urb)
537 {
538 	struct sk_buff *skb = urb->context;
539 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
540 
541 	BT_DBG("%s urb %p status %d count %d", hdev->name,
542 					urb, urb->status, urb->actual_length);
543 
544 	if (!test_bit(HCI_RUNNING, &hdev->flags))
545 		goto done;
546 
547 	if (!urb->status)
548 		hdev->stat.byte_tx += urb->transfer_buffer_length;
549 	else
550 		hdev->stat.err_tx++;
551 
552 done:
553 	kfree(urb->setup_packet);
554 
555 	kfree_skb(skb);
556 }
557 
558 static int btusb_open(struct hci_dev *hdev)
559 {
560 	struct btusb_data *data = hdev->driver_data;
561 	int err;
562 
563 	BT_DBG("%s", hdev->name);
564 
565 	err = usb_autopm_get_interface(data->intf);
566 	if (err < 0)
567 		return err;
568 
569 	data->intf->needs_remote_wakeup = 1;
570 
571 	if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
572 		goto done;
573 
574 	if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
575 		goto done;
576 
577 	err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
578 	if (err < 0)
579 		goto failed;
580 
581 	err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
582 	if (err < 0) {
583 		usb_kill_anchored_urbs(&data->intr_anchor);
584 		goto failed;
585 	}
586 
587 	set_bit(BTUSB_BULK_RUNNING, &data->flags);
588 	btusb_submit_bulk_urb(hdev, GFP_KERNEL);
589 
590 done:
591 	usb_autopm_put_interface(data->intf);
592 	return 0;
593 
594 failed:
595 	clear_bit(BTUSB_INTR_RUNNING, &data->flags);
596 	clear_bit(HCI_RUNNING, &hdev->flags);
597 	usb_autopm_put_interface(data->intf);
598 	return err;
599 }
600 
601 static void btusb_stop_traffic(struct btusb_data *data)
602 {
603 	usb_kill_anchored_urbs(&data->intr_anchor);
604 	usb_kill_anchored_urbs(&data->bulk_anchor);
605 	usb_kill_anchored_urbs(&data->isoc_anchor);
606 }
607 
608 static int btusb_close(struct hci_dev *hdev)
609 {
610 	struct btusb_data *data = hdev->driver_data;
611 	int err;
612 
613 	BT_DBG("%s", hdev->name);
614 
615 	if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
616 		return 0;
617 
618 	cancel_work_sync(&data->work);
619 	cancel_work_sync(&data->waker);
620 
621 	clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
622 	clear_bit(BTUSB_BULK_RUNNING, &data->flags);
623 	clear_bit(BTUSB_INTR_RUNNING, &data->flags);
624 
625 	btusb_stop_traffic(data);
626 	err = usb_autopm_get_interface(data->intf);
627 	if (err < 0)
628 		goto failed;
629 
630 	data->intf->needs_remote_wakeup = 0;
631 	usb_autopm_put_interface(data->intf);
632 
633 failed:
634 	usb_scuttle_anchored_urbs(&data->deferred);
635 	return 0;
636 }
637 
638 static int btusb_flush(struct hci_dev *hdev)
639 {
640 	struct btusb_data *data = hdev->driver_data;
641 
642 	BT_DBG("%s", hdev->name);
643 
644 	usb_kill_anchored_urbs(&data->tx_anchor);
645 
646 	return 0;
647 }
648 
649 static int btusb_send_frame(struct sk_buff *skb)
650 {
651 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
652 	struct btusb_data *data = hdev->driver_data;
653 	struct usb_ctrlrequest *dr;
654 	struct urb *urb;
655 	unsigned int pipe;
656 	int err;
657 
658 	BT_DBG("%s", hdev->name);
659 
660 	if (!test_bit(HCI_RUNNING, &hdev->flags))
661 		return -EBUSY;
662 
663 	switch (bt_cb(skb)->pkt_type) {
664 	case HCI_COMMAND_PKT:
665 		urb = usb_alloc_urb(0, GFP_ATOMIC);
666 		if (!urb)
667 			return -ENOMEM;
668 
669 		dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
670 		if (!dr) {
671 			usb_free_urb(urb);
672 			return -ENOMEM;
673 		}
674 
675 		dr->bRequestType = data->cmdreq_type;
676 		dr->bRequest     = 0;
677 		dr->wIndex       = 0;
678 		dr->wValue       = 0;
679 		dr->wLength      = __cpu_to_le16(skb->len);
680 
681 		pipe = usb_sndctrlpipe(data->udev, 0x00);
682 
683 		usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
684 				skb->data, skb->len, btusb_tx_complete, skb);
685 
686 		hdev->stat.cmd_tx++;
687 		break;
688 
689 	case HCI_ACLDATA_PKT:
690 		if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
691 			return -ENODEV;
692 
693 		urb = usb_alloc_urb(0, GFP_ATOMIC);
694 		if (!urb)
695 			return -ENOMEM;
696 
697 		pipe = usb_sndbulkpipe(data->udev,
698 					data->bulk_tx_ep->bEndpointAddress);
699 
700 		usb_fill_bulk_urb(urb, data->udev, pipe,
701 				skb->data, skb->len, btusb_tx_complete, skb);
702 
703 		hdev->stat.acl_tx++;
704 		break;
705 
706 	case HCI_SCODATA_PKT:
707 		if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
708 			return -ENODEV;
709 
710 		urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
711 		if (!urb)
712 			return -ENOMEM;
713 
714 		pipe = usb_sndisocpipe(data->udev,
715 					data->isoc_tx_ep->bEndpointAddress);
716 
717 		urb->dev      = data->udev;
718 		urb->pipe     = pipe;
719 		urb->context  = skb;
720 		urb->complete = btusb_isoc_tx_complete;
721 		urb->interval = data->isoc_tx_ep->bInterval;
722 
723 		urb->transfer_flags  = URB_ISO_ASAP;
724 		urb->transfer_buffer = skb->data;
725 		urb->transfer_buffer_length = skb->len;
726 
727 		__fill_isoc_descriptor(urb, skb->len,
728 				le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
729 
730 		hdev->stat.sco_tx++;
731 		goto skip_waking;
732 
733 	default:
734 		return -EILSEQ;
735 	}
736 
737 	err = inc_tx(data);
738 	if (err) {
739 		usb_anchor_urb(urb, &data->deferred);
740 		schedule_work(&data->waker);
741 		err = 0;
742 		goto done;
743 	}
744 
745 skip_waking:
746 	usb_anchor_urb(urb, &data->tx_anchor);
747 
748 	err = usb_submit_urb(urb, GFP_ATOMIC);
749 	if (err < 0) {
750 		BT_ERR("%s urb %p submission failed", hdev->name, urb);
751 		kfree(urb->setup_packet);
752 		usb_unanchor_urb(urb);
753 	} else {
754 		usb_mark_last_busy(data->udev);
755 	}
756 
757 	usb_free_urb(urb);
758 
759 done:
760 	return err;
761 }
762 
763 static void btusb_destruct(struct hci_dev *hdev)
764 {
765 	struct btusb_data *data = hdev->driver_data;
766 
767 	BT_DBG("%s", hdev->name);
768 
769 	kfree(data);
770 }
771 
772 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
773 {
774 	struct btusb_data *data = hdev->driver_data;
775 
776 	BT_DBG("%s evt %d", hdev->name, evt);
777 
778 	if (hdev->conn_hash.sco_num != data->sco_num) {
779 		data->sco_num = hdev->conn_hash.sco_num;
780 		schedule_work(&data->work);
781 	}
782 }
783 
784 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
785 {
786 	struct btusb_data *data = hdev->driver_data;
787 	struct usb_interface *intf = data->isoc;
788 	struct usb_endpoint_descriptor *ep_desc;
789 	int i, err;
790 
791 	if (!data->isoc)
792 		return -ENODEV;
793 
794 	err = usb_set_interface(data->udev, 1, altsetting);
795 	if (err < 0) {
796 		BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
797 		return err;
798 	}
799 
800 	data->isoc_altsetting = altsetting;
801 
802 	data->isoc_tx_ep = NULL;
803 	data->isoc_rx_ep = NULL;
804 
805 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
806 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
807 
808 		if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
809 			data->isoc_tx_ep = ep_desc;
810 			continue;
811 		}
812 
813 		if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
814 			data->isoc_rx_ep = ep_desc;
815 			continue;
816 		}
817 	}
818 
819 	if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
820 		BT_ERR("%s invalid SCO descriptors", hdev->name);
821 		return -ENODEV;
822 	}
823 
824 	return 0;
825 }
826 
827 static void btusb_work(struct work_struct *work)
828 {
829 	struct btusb_data *data = container_of(work, struct btusb_data, work);
830 	struct hci_dev *hdev = data->hdev;
831 	int err;
832 
833 	if (hdev->conn_hash.sco_num > 0) {
834 		if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
835 			err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
836 			if (err < 0) {
837 				clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
838 				usb_kill_anchored_urbs(&data->isoc_anchor);
839 				return;
840 			}
841 
842 			set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
843 		}
844 		if (data->isoc_altsetting != 2) {
845 			clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
846 			usb_kill_anchored_urbs(&data->isoc_anchor);
847 
848 			if (__set_isoc_interface(hdev, 2) < 0)
849 				return;
850 		}
851 
852 		if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
853 			if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
854 				clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
855 			else
856 				btusb_submit_isoc_urb(hdev, GFP_KERNEL);
857 		}
858 	} else {
859 		clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
860 		usb_kill_anchored_urbs(&data->isoc_anchor);
861 
862 		__set_isoc_interface(hdev, 0);
863 		if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
864 			usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
865 	}
866 }
867 
868 static void btusb_waker(struct work_struct *work)
869 {
870 	struct btusb_data *data = container_of(work, struct btusb_data, waker);
871 	int err;
872 
873 	err = usb_autopm_get_interface(data->intf);
874 	if (err < 0)
875 		return;
876 
877 	usb_autopm_put_interface(data->intf);
878 }
879 
880 static int btusb_probe(struct usb_interface *intf,
881 				const struct usb_device_id *id)
882 {
883 	struct usb_endpoint_descriptor *ep_desc;
884 	struct btusb_data *data;
885 	struct hci_dev *hdev;
886 	int i, err;
887 
888 	BT_DBG("intf %p id %p", intf, id);
889 
890 	/* interface numbers are hardcoded in the spec */
891 	if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
892 		return -ENODEV;
893 
894 	if (!id->driver_info) {
895 		const struct usb_device_id *match;
896 		match = usb_match_id(intf, blacklist_table);
897 		if (match)
898 			id = match;
899 	}
900 
901 	if (id->driver_info == BTUSB_IGNORE)
902 		return -ENODEV;
903 
904 	if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
905 		return -ENODEV;
906 
907 	if (ignore_csr && id->driver_info & BTUSB_CSR)
908 		return -ENODEV;
909 
910 	if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
911 		return -ENODEV;
912 
913 	data = kzalloc(sizeof(*data), GFP_KERNEL);
914 	if (!data)
915 		return -ENOMEM;
916 
917 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
918 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
919 
920 		if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
921 			data->intr_ep = ep_desc;
922 			continue;
923 		}
924 
925 		if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
926 			data->bulk_tx_ep = ep_desc;
927 			continue;
928 		}
929 
930 		if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
931 			data->bulk_rx_ep = ep_desc;
932 			continue;
933 		}
934 	}
935 
936 	if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
937 		kfree(data);
938 		return -ENODEV;
939 	}
940 
941 	data->cmdreq_type = USB_TYPE_CLASS;
942 
943 	data->udev = interface_to_usbdev(intf);
944 	data->intf = intf;
945 
946 	spin_lock_init(&data->lock);
947 
948 	INIT_WORK(&data->work, btusb_work);
949 	INIT_WORK(&data->waker, btusb_waker);
950 	spin_lock_init(&data->txlock);
951 
952 	init_usb_anchor(&data->tx_anchor);
953 	init_usb_anchor(&data->intr_anchor);
954 	init_usb_anchor(&data->bulk_anchor);
955 	init_usb_anchor(&data->isoc_anchor);
956 	init_usb_anchor(&data->deferred);
957 
958 	hdev = hci_alloc_dev();
959 	if (!hdev) {
960 		kfree(data);
961 		return -ENOMEM;
962 	}
963 
964 	hdev->bus = HCI_USB;
965 	hdev->driver_data = data;
966 
967 	data->hdev = hdev;
968 
969 	SET_HCIDEV_DEV(hdev, &intf->dev);
970 
971 	hdev->open     = btusb_open;
972 	hdev->close    = btusb_close;
973 	hdev->flush    = btusb_flush;
974 	hdev->send     = btusb_send_frame;
975 	hdev->destruct = btusb_destruct;
976 	hdev->notify   = btusb_notify;
977 
978 	hdev->owner = THIS_MODULE;
979 
980 	/* Interface numbers are hardcoded in the specification */
981 	data->isoc = usb_ifnum_to_if(data->udev, 1);
982 
983 	if (!reset)
984 		set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
985 
986 	if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
987 		if (!disable_scofix)
988 			set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
989 	}
990 
991 	if (id->driver_info & BTUSB_BROKEN_ISOC)
992 		data->isoc = NULL;
993 
994 	if (id->driver_info & BTUSB_DIGIANSWER) {
995 		data->cmdreq_type = USB_TYPE_VENDOR;
996 		set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
997 	}
998 
999 	if (id->driver_info & BTUSB_CSR) {
1000 		struct usb_device *udev = data->udev;
1001 
1002 		/* Old firmware would otherwise execute USB reset */
1003 		if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1004 			set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1005 	}
1006 
1007 	if (id->driver_info & BTUSB_SNIFFER) {
1008 		struct usb_device *udev = data->udev;
1009 
1010 		/* New sniffer firmware has crippled HCI interface */
1011 		if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1012 			set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1013 
1014 		data->isoc = NULL;
1015 	}
1016 
1017 	if (id->driver_info & BTUSB_BCM92035) {
1018 		unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1019 		struct sk_buff *skb;
1020 
1021 		skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1022 		if (skb) {
1023 			memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1024 			skb_queue_tail(&hdev->driver_init, skb);
1025 		}
1026 	}
1027 
1028 	if (data->isoc) {
1029 		err = usb_driver_claim_interface(&btusb_driver,
1030 							data->isoc, data);
1031 		if (err < 0) {
1032 			hci_free_dev(hdev);
1033 			kfree(data);
1034 			return err;
1035 		}
1036 	}
1037 
1038 	err = hci_register_dev(hdev);
1039 	if (err < 0) {
1040 		hci_free_dev(hdev);
1041 		kfree(data);
1042 		return err;
1043 	}
1044 
1045 	usb_set_intfdata(intf, data);
1046 
1047 	return 0;
1048 }
1049 
1050 static void btusb_disconnect(struct usb_interface *intf)
1051 {
1052 	struct btusb_data *data = usb_get_intfdata(intf);
1053 	struct hci_dev *hdev;
1054 
1055 	BT_DBG("intf %p", intf);
1056 
1057 	if (!data)
1058 		return;
1059 
1060 	hdev = data->hdev;
1061 
1062 	__hci_dev_hold(hdev);
1063 
1064 	usb_set_intfdata(data->intf, NULL);
1065 
1066 	if (data->isoc)
1067 		usb_set_intfdata(data->isoc, NULL);
1068 
1069 	hci_unregister_dev(hdev);
1070 
1071 	if (intf == data->isoc)
1072 		usb_driver_release_interface(&btusb_driver, data->intf);
1073 	else if (data->isoc)
1074 		usb_driver_release_interface(&btusb_driver, data->isoc);
1075 
1076 	__hci_dev_put(hdev);
1077 
1078 	hci_free_dev(hdev);
1079 }
1080 
1081 #ifdef CONFIG_PM
1082 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1083 {
1084 	struct btusb_data *data = usb_get_intfdata(intf);
1085 
1086 	BT_DBG("intf %p", intf);
1087 
1088 	if (data->suspend_count++)
1089 		return 0;
1090 
1091 	spin_lock_irq(&data->txlock);
1092 	if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1093 		set_bit(BTUSB_SUSPENDING, &data->flags);
1094 		spin_unlock_irq(&data->txlock);
1095 	} else {
1096 		spin_unlock_irq(&data->txlock);
1097 		data->suspend_count--;
1098 		return -EBUSY;
1099 	}
1100 
1101 	cancel_work_sync(&data->work);
1102 
1103 	btusb_stop_traffic(data);
1104 	usb_kill_anchored_urbs(&data->tx_anchor);
1105 
1106 	return 0;
1107 }
1108 
1109 static void play_deferred(struct btusb_data *data)
1110 {
1111 	struct urb *urb;
1112 	int err;
1113 
1114 	while ((urb = usb_get_from_anchor(&data->deferred))) {
1115 		err = usb_submit_urb(urb, GFP_ATOMIC);
1116 		if (err < 0)
1117 			break;
1118 
1119 		data->tx_in_flight++;
1120 	}
1121 	usb_scuttle_anchored_urbs(&data->deferred);
1122 }
1123 
1124 static int btusb_resume(struct usb_interface *intf)
1125 {
1126 	struct btusb_data *data = usb_get_intfdata(intf);
1127 	struct hci_dev *hdev = data->hdev;
1128 	int err = 0;
1129 
1130 	BT_DBG("intf %p", intf);
1131 
1132 	if (--data->suspend_count)
1133 		return 0;
1134 
1135 	if (!test_bit(HCI_RUNNING, &hdev->flags))
1136 		goto done;
1137 
1138 	if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1139 		err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1140 		if (err < 0) {
1141 			clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1142 			goto failed;
1143 		}
1144 	}
1145 
1146 	if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1147 		err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1148 		if (err < 0) {
1149 			clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1150 			goto failed;
1151 		}
1152 
1153 		btusb_submit_bulk_urb(hdev, GFP_NOIO);
1154 	}
1155 
1156 	if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1157 		if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1158 			clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1159 		else
1160 			btusb_submit_isoc_urb(hdev, GFP_NOIO);
1161 	}
1162 
1163 	spin_lock_irq(&data->txlock);
1164 	play_deferred(data);
1165 	clear_bit(BTUSB_SUSPENDING, &data->flags);
1166 	spin_unlock_irq(&data->txlock);
1167 	schedule_work(&data->work);
1168 
1169 	return 0;
1170 
1171 failed:
1172 	usb_scuttle_anchored_urbs(&data->deferred);
1173 done:
1174 	spin_lock_irq(&data->txlock);
1175 	clear_bit(BTUSB_SUSPENDING, &data->flags);
1176 	spin_unlock_irq(&data->txlock);
1177 
1178 	return err;
1179 }
1180 #endif
1181 
1182 static struct usb_driver btusb_driver = {
1183 	.name		= "btusb",
1184 	.probe		= btusb_probe,
1185 	.disconnect	= btusb_disconnect,
1186 #ifdef CONFIG_PM
1187 	.suspend	= btusb_suspend,
1188 	.resume		= btusb_resume,
1189 #endif
1190 	.id_table	= btusb_table,
1191 	.supports_autosuspend = 1,
1192 };
1193 
1194 static int __init btusb_init(void)
1195 {
1196 	BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1197 
1198 	return usb_register(&btusb_driver);
1199 }
1200 
1201 static void __exit btusb_exit(void)
1202 {
1203 	usb_deregister(&btusb_driver);
1204 }
1205 
1206 module_init(btusb_init);
1207 module_exit(btusb_exit);
1208 
1209 module_param(ignore_dga, bool, 0644);
1210 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1211 
1212 module_param(ignore_csr, bool, 0644);
1213 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1214 
1215 module_param(ignore_sniffer, bool, 0644);
1216 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1217 
1218 module_param(disable_scofix, bool, 0644);
1219 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1220 
1221 module_param(force_scofix, bool, 0644);
1222 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1223 
1224 module_param(reset, bool, 0644);
1225 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1226 
1227 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1228 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1229 MODULE_VERSION(VERSION);
1230 MODULE_LICENSE("GPL");
1231