1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Generic Bluetooth USB driver 5 * 6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 7 */ 8 9 #include <linux/dmi.h> 10 #include <linux/module.h> 11 #include <linux/usb.h> 12 #include <linux/usb/quirks.h> 13 #include <linux/firmware.h> 14 #include <linux/iopoll.h> 15 #include <linux/of_device.h> 16 #include <linux/of_irq.h> 17 #include <linux/suspend.h> 18 #include <linux/gpio/consumer.h> 19 #include <asm/unaligned.h> 20 21 #include <net/bluetooth/bluetooth.h> 22 #include <net/bluetooth/hci_core.h> 23 24 #include "btintel.h" 25 #include "btbcm.h" 26 #include "btrtl.h" 27 28 #define VERSION "0.8" 29 30 static bool disable_scofix; 31 static bool force_scofix; 32 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 33 34 static bool reset = true; 35 36 static struct usb_driver btusb_driver; 37 38 #define BTUSB_IGNORE 0x01 39 #define BTUSB_DIGIANSWER 0x02 40 #define BTUSB_CSR 0x04 41 #define BTUSB_SNIFFER 0x08 42 #define BTUSB_BCM92035 0x10 43 #define BTUSB_BROKEN_ISOC 0x20 44 #define BTUSB_WRONG_SCO_MTU 0x40 45 #define BTUSB_ATH3012 0x80 46 #define BTUSB_INTEL 0x100 47 #define BTUSB_INTEL_BOOT 0x200 48 #define BTUSB_BCM_PATCHRAM 0x400 49 #define BTUSB_MARVELL 0x800 50 #define BTUSB_SWAVE 0x1000 51 #define BTUSB_INTEL_NEW 0x2000 52 #define BTUSB_AMP 0x4000 53 #define BTUSB_QCA_ROME 0x8000 54 #define BTUSB_BCM_APPLE 0x10000 55 #define BTUSB_REALTEK 0x20000 56 #define BTUSB_BCM2045 0x40000 57 #define BTUSB_IFNUM_2 0x80000 58 #define BTUSB_CW6622 0x100000 59 #define BTUSB_MEDIATEK 0x200000 60 61 static const struct usb_device_id btusb_table[] = { 62 /* Generic Bluetooth USB device */ 63 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 64 65 /* Generic Bluetooth AMP device */ 66 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 67 68 /* Generic Bluetooth USB interface */ 69 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 70 71 /* Apple-specific (Broadcom) devices */ 72 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 73 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 74 75 /* MediaTek MT76x0E */ 76 { USB_DEVICE(0x0e8d, 0x763f) }, 77 78 /* Broadcom SoftSailing reporting vendor specific */ 79 { USB_DEVICE(0x0a5c, 0x21e1) }, 80 81 /* Apple MacBookPro 7,1 */ 82 { USB_DEVICE(0x05ac, 0x8213) }, 83 84 /* Apple iMac11,1 */ 85 { USB_DEVICE(0x05ac, 0x8215) }, 86 87 /* Apple MacBookPro6,2 */ 88 { USB_DEVICE(0x05ac, 0x8218) }, 89 90 /* Apple MacBookAir3,1, MacBookAir3,2 */ 91 { USB_DEVICE(0x05ac, 0x821b) }, 92 93 /* Apple MacBookAir4,1 */ 94 { USB_DEVICE(0x05ac, 0x821f) }, 95 96 /* Apple MacBookPro8,2 */ 97 { USB_DEVICE(0x05ac, 0x821a) }, 98 99 /* Apple MacMini5,1 */ 100 { USB_DEVICE(0x05ac, 0x8281) }, 101 102 /* AVM BlueFRITZ! USB v2.0 */ 103 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 104 105 /* Bluetooth Ultraport Module from IBM */ 106 { USB_DEVICE(0x04bf, 0x030a) }, 107 108 /* ALPS Modules with non-standard id */ 109 { USB_DEVICE(0x044e, 0x3001) }, 110 { USB_DEVICE(0x044e, 0x3002) }, 111 112 /* Ericsson with non-standard id */ 113 { USB_DEVICE(0x0bdb, 0x1002) }, 114 115 /* Canyon CN-BTU1 with HID interfaces */ 116 { USB_DEVICE(0x0c10, 0x0000) }, 117 118 /* Broadcom BCM20702A0 */ 119 { USB_DEVICE(0x413c, 0x8197) }, 120 121 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 122 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 123 124 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 125 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 126 .driver_info = BTUSB_BCM_PATCHRAM }, 127 128 /* Broadcom BCM920703 (HTC Vive) */ 129 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 130 .driver_info = BTUSB_BCM_PATCHRAM }, 131 132 /* Foxconn - Hon Hai */ 133 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 134 .driver_info = BTUSB_BCM_PATCHRAM }, 135 136 /* Lite-On Technology - Broadcom based */ 137 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 138 .driver_info = BTUSB_BCM_PATCHRAM }, 139 140 /* Broadcom devices with vendor specific id */ 141 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 142 .driver_info = BTUSB_BCM_PATCHRAM }, 143 144 /* ASUSTek Computer - Broadcom based */ 145 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 146 .driver_info = BTUSB_BCM_PATCHRAM }, 147 148 /* Belkin F8065bf - Broadcom based */ 149 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 150 .driver_info = BTUSB_BCM_PATCHRAM }, 151 152 /* IMC Networks - Broadcom based */ 153 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 154 .driver_info = BTUSB_BCM_PATCHRAM }, 155 156 /* Dell Computer - Broadcom based */ 157 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 158 .driver_info = BTUSB_BCM_PATCHRAM }, 159 160 /* Toshiba Corp - Broadcom based */ 161 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 162 .driver_info = BTUSB_BCM_PATCHRAM }, 163 164 /* Intel Bluetooth USB Bootloader (RAM module) */ 165 { USB_DEVICE(0x8087, 0x0a5a), 166 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 167 168 { } /* Terminating entry */ 169 }; 170 171 MODULE_DEVICE_TABLE(usb, btusb_table); 172 173 static const struct usb_device_id blacklist_table[] = { 174 /* CSR BlueCore devices */ 175 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 176 177 /* Broadcom BCM2033 without firmware */ 178 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 179 180 /* Broadcom BCM2045 devices */ 181 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 182 183 /* Atheros 3011 with sflash firmware */ 184 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 185 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 186 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 187 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 188 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 189 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 190 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 191 192 /* Atheros AR9285 Malbec with sflash firmware */ 193 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 194 195 /* Atheros 3012 with sflash firmware */ 196 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 197 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 198 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 199 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 200 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 201 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 202 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 203 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 246 247 /* Atheros AR5BBU12 with sflash firmware */ 248 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 249 250 /* Atheros AR5BBU12 with sflash firmware */ 251 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 252 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 253 254 /* QCA ROME chipset */ 255 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME }, 256 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, 257 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, 258 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME }, 259 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, 260 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME }, 261 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, 262 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME }, 263 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME }, 264 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME }, 265 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME }, 266 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME }, 267 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME }, 268 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME }, 269 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME }, 270 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME }, 271 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME }, 272 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME }, 273 274 /* Broadcom BCM2035 */ 275 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 276 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 277 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 278 279 /* Broadcom BCM2045 */ 280 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 281 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 282 283 /* IBM/Lenovo ThinkPad with Broadcom chip */ 284 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 285 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 286 287 /* HP laptop with Broadcom chip */ 288 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 289 290 /* Dell laptop with Broadcom chip */ 291 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 292 293 /* Dell Wireless 370 and 410 devices */ 294 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 295 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 296 297 /* Belkin F8T012 and F8T013 devices */ 298 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 299 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 300 301 /* Asus WL-BTD202 device */ 302 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 303 304 /* Kensington Bluetooth USB adapter */ 305 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 306 307 /* RTX Telecom based adapters with buggy SCO support */ 308 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 309 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 310 311 /* CONWISE Technology based adapters with buggy SCO support */ 312 { USB_DEVICE(0x0e5e, 0x6622), 313 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 314 315 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 316 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 317 318 /* Digianswer devices */ 319 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 320 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 321 322 /* CSR BlueCore Bluetooth Sniffer */ 323 { USB_DEVICE(0x0a12, 0x0002), 324 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 325 326 /* Frontline ComProbe Bluetooth Sniffer */ 327 { USB_DEVICE(0x16d3, 0x0002), 328 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 329 330 /* Marvell Bluetooth devices */ 331 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 332 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 333 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 334 335 /* Intel Bluetooth devices */ 336 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW }, 337 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW }, 338 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_NEW }, 339 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 340 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 341 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 342 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, 343 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL }, 344 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW }, 345 346 /* Other Intel Bluetooth devices */ 347 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 348 .driver_info = BTUSB_IGNORE }, 349 350 /* Realtek Bluetooth devices */ 351 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 352 .driver_info = BTUSB_REALTEK }, 353 354 /* MediaTek Bluetooth devices */ 355 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01), 356 .driver_info = BTUSB_MEDIATEK }, 357 358 /* Additional Realtek 8723AE Bluetooth devices */ 359 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 360 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 361 362 /* Additional Realtek 8723BE Bluetooth devices */ 363 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 364 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 365 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 366 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 367 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 368 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 369 370 /* Additional Realtek 8723BU Bluetooth devices */ 371 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 372 373 /* Additional Realtek 8723DE Bluetooth devices */ 374 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK }, 375 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 376 377 /* Additional Realtek 8821AE Bluetooth devices */ 378 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 379 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 380 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 381 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 382 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 383 384 /* Additional Realtek 8822BE Bluetooth devices */ 385 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 386 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 387 388 /* Additional Realtek 8822CE Bluetooth devices */ 389 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK }, 390 391 /* Silicon Wave based devices */ 392 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 393 394 { } /* Terminating entry */ 395 }; 396 397 /* The Bluetooth USB module build into some devices needs to be reset on resume, 398 * this is a problem with the platform (likely shutting off all power) not with 399 * the module itself. So we use a DMI list to match known broken platforms. 400 */ 401 static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 402 { 403 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 404 .matches = { 405 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 406 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 407 }, 408 }, 409 { 410 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 411 .matches = { 412 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 413 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 414 }, 415 }, 416 { 417 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 418 .matches = { 419 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 420 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 421 }, 422 }, 423 {} 424 }; 425 426 #define BTUSB_MAX_ISOC_FRAMES 10 427 428 #define BTUSB_INTR_RUNNING 0 429 #define BTUSB_BULK_RUNNING 1 430 #define BTUSB_ISOC_RUNNING 2 431 #define BTUSB_SUSPENDING 3 432 #define BTUSB_DID_ISO_RESUME 4 433 #define BTUSB_BOOTLOADER 5 434 #define BTUSB_DOWNLOADING 6 435 #define BTUSB_FIRMWARE_LOADED 7 436 #define BTUSB_FIRMWARE_FAILED 8 437 #define BTUSB_BOOTING 9 438 #define BTUSB_DIAG_RUNNING 10 439 #define BTUSB_OOB_WAKE_ENABLED 11 440 #define BTUSB_HW_RESET_ACTIVE 12 441 #define BTUSB_TX_WAIT_VND_EVT 13 442 #define BTUSB_WAKEUP_DISABLE 14 443 444 struct btusb_data { 445 struct hci_dev *hdev; 446 struct usb_device *udev; 447 struct usb_interface *intf; 448 struct usb_interface *isoc; 449 struct usb_interface *diag; 450 unsigned isoc_ifnum; 451 452 unsigned long flags; 453 454 struct work_struct work; 455 struct work_struct waker; 456 457 struct usb_anchor deferred; 458 struct usb_anchor tx_anchor; 459 int tx_in_flight; 460 spinlock_t txlock; 461 462 struct usb_anchor intr_anchor; 463 struct usb_anchor bulk_anchor; 464 struct usb_anchor isoc_anchor; 465 struct usb_anchor diag_anchor; 466 struct usb_anchor ctrl_anchor; 467 spinlock_t rxlock; 468 469 struct sk_buff *evt_skb; 470 struct sk_buff *acl_skb; 471 struct sk_buff *sco_skb; 472 473 struct usb_endpoint_descriptor *intr_ep; 474 struct usb_endpoint_descriptor *bulk_tx_ep; 475 struct usb_endpoint_descriptor *bulk_rx_ep; 476 struct usb_endpoint_descriptor *isoc_tx_ep; 477 struct usb_endpoint_descriptor *isoc_rx_ep; 478 struct usb_endpoint_descriptor *diag_tx_ep; 479 struct usb_endpoint_descriptor *diag_rx_ep; 480 481 struct gpio_desc *reset_gpio; 482 483 __u8 cmdreq_type; 484 __u8 cmdreq; 485 486 unsigned int sco_num; 487 int isoc_altsetting; 488 int suspend_count; 489 490 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 491 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 492 493 int (*setup_on_usb)(struct hci_dev *hdev); 494 495 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 496 unsigned cmd_timeout_cnt; 497 }; 498 499 500 static void btusb_intel_cmd_timeout(struct hci_dev *hdev) 501 { 502 struct btusb_data *data = hci_get_drvdata(hdev); 503 struct gpio_desc *reset_gpio = data->reset_gpio; 504 505 if (++data->cmd_timeout_cnt < 5) 506 return; 507 508 if (!reset_gpio) { 509 bt_dev_err(hdev, "No way to reset. Ignoring and continuing"); 510 return; 511 } 512 513 /* 514 * Toggle the hard reset line if the platform provides one. The reset 515 * is going to yank the device off the USB and then replug. So doing 516 * once is enough. The cleanup is handled correctly on the way out 517 * (standard USB disconnect), and the new device is detected cleanly 518 * and bound to the driver again like it should be. 519 */ 520 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 521 bt_dev_err(hdev, "last reset failed? Not resetting again"); 522 return; 523 } 524 525 bt_dev_err(hdev, "Initiating HW reset via gpio"); 526 gpiod_set_value_cansleep(reset_gpio, 1); 527 msleep(100); 528 gpiod_set_value_cansleep(reset_gpio, 0); 529 } 530 531 static void btusb_rtl_cmd_timeout(struct hci_dev *hdev) 532 { 533 struct btusb_data *data = hci_get_drvdata(hdev); 534 struct gpio_desc *reset_gpio = data->reset_gpio; 535 536 if (++data->cmd_timeout_cnt < 5) 537 return; 538 539 if (!reset_gpio) { 540 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring"); 541 return; 542 } 543 544 /* Toggle the hard reset line. The Realtek device is going to 545 * yank itself off the USB and then replug. The cleanup is handled 546 * correctly on the way out (standard USB disconnect), and the new 547 * device is detected cleanly and bound to the driver again like 548 * it should be. 549 */ 550 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 551 bt_dev_err(hdev, "last reset failed? Not resetting again"); 552 return; 553 } 554 555 bt_dev_err(hdev, "Reset Realtek device via gpio"); 556 gpiod_set_value_cansleep(reset_gpio, 1); 557 msleep(200); 558 gpiod_set_value_cansleep(reset_gpio, 0); 559 } 560 561 static inline void btusb_free_frags(struct btusb_data *data) 562 { 563 unsigned long flags; 564 565 spin_lock_irqsave(&data->rxlock, flags); 566 567 kfree_skb(data->evt_skb); 568 data->evt_skb = NULL; 569 570 kfree_skb(data->acl_skb); 571 data->acl_skb = NULL; 572 573 kfree_skb(data->sco_skb); 574 data->sco_skb = NULL; 575 576 spin_unlock_irqrestore(&data->rxlock, flags); 577 } 578 579 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 580 { 581 struct sk_buff *skb; 582 unsigned long flags; 583 int err = 0; 584 585 spin_lock_irqsave(&data->rxlock, flags); 586 skb = data->evt_skb; 587 588 while (count) { 589 int len; 590 591 if (!skb) { 592 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 593 if (!skb) { 594 err = -ENOMEM; 595 break; 596 } 597 598 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 599 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 600 } 601 602 len = min_t(uint, hci_skb_expect(skb), count); 603 skb_put_data(skb, buffer, len); 604 605 count -= len; 606 buffer += len; 607 hci_skb_expect(skb) -= len; 608 609 if (skb->len == HCI_EVENT_HDR_SIZE) { 610 /* Complete event header */ 611 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 612 613 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 614 kfree_skb(skb); 615 skb = NULL; 616 617 err = -EILSEQ; 618 break; 619 } 620 } 621 622 if (!hci_skb_expect(skb)) { 623 /* Complete frame */ 624 data->recv_event(data->hdev, skb); 625 skb = NULL; 626 } 627 } 628 629 data->evt_skb = skb; 630 spin_unlock_irqrestore(&data->rxlock, flags); 631 632 return err; 633 } 634 635 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 636 { 637 struct sk_buff *skb; 638 unsigned long flags; 639 int err = 0; 640 641 spin_lock_irqsave(&data->rxlock, flags); 642 skb = data->acl_skb; 643 644 while (count) { 645 int len; 646 647 if (!skb) { 648 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 649 if (!skb) { 650 err = -ENOMEM; 651 break; 652 } 653 654 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 655 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 656 } 657 658 len = min_t(uint, hci_skb_expect(skb), count); 659 skb_put_data(skb, buffer, len); 660 661 count -= len; 662 buffer += len; 663 hci_skb_expect(skb) -= len; 664 665 if (skb->len == HCI_ACL_HDR_SIZE) { 666 __le16 dlen = hci_acl_hdr(skb)->dlen; 667 668 /* Complete ACL header */ 669 hci_skb_expect(skb) = __le16_to_cpu(dlen); 670 671 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 672 kfree_skb(skb); 673 skb = NULL; 674 675 err = -EILSEQ; 676 break; 677 } 678 } 679 680 if (!hci_skb_expect(skb)) { 681 /* Complete frame */ 682 hci_recv_frame(data->hdev, skb); 683 skb = NULL; 684 } 685 } 686 687 data->acl_skb = skb; 688 spin_unlock_irqrestore(&data->rxlock, flags); 689 690 return err; 691 } 692 693 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 694 { 695 struct sk_buff *skb; 696 unsigned long flags; 697 int err = 0; 698 699 spin_lock_irqsave(&data->rxlock, flags); 700 skb = data->sco_skb; 701 702 while (count) { 703 int len; 704 705 if (!skb) { 706 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 707 if (!skb) { 708 err = -ENOMEM; 709 break; 710 } 711 712 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 713 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 714 } 715 716 len = min_t(uint, hci_skb_expect(skb), count); 717 skb_put_data(skb, buffer, len); 718 719 count -= len; 720 buffer += len; 721 hci_skb_expect(skb) -= len; 722 723 if (skb->len == HCI_SCO_HDR_SIZE) { 724 /* Complete SCO header */ 725 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; 726 727 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 728 kfree_skb(skb); 729 skb = NULL; 730 731 err = -EILSEQ; 732 break; 733 } 734 } 735 736 if (!hci_skb_expect(skb)) { 737 /* Complete frame */ 738 hci_recv_frame(data->hdev, skb); 739 skb = NULL; 740 } 741 } 742 743 data->sco_skb = skb; 744 spin_unlock_irqrestore(&data->rxlock, flags); 745 746 return err; 747 } 748 749 static void btusb_intr_complete(struct urb *urb) 750 { 751 struct hci_dev *hdev = urb->context; 752 struct btusb_data *data = hci_get_drvdata(hdev); 753 int err; 754 755 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 756 urb->actual_length); 757 758 if (!test_bit(HCI_RUNNING, &hdev->flags)) 759 return; 760 761 if (urb->status == 0) { 762 hdev->stat.byte_rx += urb->actual_length; 763 764 if (btusb_recv_intr(data, urb->transfer_buffer, 765 urb->actual_length) < 0) { 766 bt_dev_err(hdev, "corrupted event packet"); 767 hdev->stat.err_rx++; 768 } 769 } else if (urb->status == -ENOENT) { 770 /* Avoid suspend failed when usb_kill_urb */ 771 return; 772 } 773 774 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 775 return; 776 777 usb_mark_last_busy(data->udev); 778 usb_anchor_urb(urb, &data->intr_anchor); 779 780 err = usb_submit_urb(urb, GFP_ATOMIC); 781 if (err < 0) { 782 /* -EPERM: urb is being killed; 783 * -ENODEV: device got disconnected 784 */ 785 if (err != -EPERM && err != -ENODEV) 786 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 787 urb, -err); 788 usb_unanchor_urb(urb); 789 } 790 } 791 792 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 793 { 794 struct btusb_data *data = hci_get_drvdata(hdev); 795 struct urb *urb; 796 unsigned char *buf; 797 unsigned int pipe; 798 int err, size; 799 800 BT_DBG("%s", hdev->name); 801 802 if (!data->intr_ep) 803 return -ENODEV; 804 805 urb = usb_alloc_urb(0, mem_flags); 806 if (!urb) 807 return -ENOMEM; 808 809 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 810 811 buf = kmalloc(size, mem_flags); 812 if (!buf) { 813 usb_free_urb(urb); 814 return -ENOMEM; 815 } 816 817 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 818 819 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 820 btusb_intr_complete, hdev, data->intr_ep->bInterval); 821 822 urb->transfer_flags |= URB_FREE_BUFFER; 823 824 usb_anchor_urb(urb, &data->intr_anchor); 825 826 err = usb_submit_urb(urb, mem_flags); 827 if (err < 0) { 828 if (err != -EPERM && err != -ENODEV) 829 bt_dev_err(hdev, "urb %p submission failed (%d)", 830 urb, -err); 831 usb_unanchor_urb(urb); 832 } 833 834 usb_free_urb(urb); 835 836 return err; 837 } 838 839 static void btusb_bulk_complete(struct urb *urb) 840 { 841 struct hci_dev *hdev = urb->context; 842 struct btusb_data *data = hci_get_drvdata(hdev); 843 int err; 844 845 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 846 urb->actual_length); 847 848 if (!test_bit(HCI_RUNNING, &hdev->flags)) 849 return; 850 851 if (urb->status == 0) { 852 hdev->stat.byte_rx += urb->actual_length; 853 854 if (data->recv_bulk(data, urb->transfer_buffer, 855 urb->actual_length) < 0) { 856 bt_dev_err(hdev, "corrupted ACL packet"); 857 hdev->stat.err_rx++; 858 } 859 } else if (urb->status == -ENOENT) { 860 /* Avoid suspend failed when usb_kill_urb */ 861 return; 862 } 863 864 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 865 return; 866 867 usb_anchor_urb(urb, &data->bulk_anchor); 868 usb_mark_last_busy(data->udev); 869 870 err = usb_submit_urb(urb, GFP_ATOMIC); 871 if (err < 0) { 872 /* -EPERM: urb is being killed; 873 * -ENODEV: device got disconnected 874 */ 875 if (err != -EPERM && err != -ENODEV) 876 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 877 urb, -err); 878 usb_unanchor_urb(urb); 879 } 880 } 881 882 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 883 { 884 struct btusb_data *data = hci_get_drvdata(hdev); 885 struct urb *urb; 886 unsigned char *buf; 887 unsigned int pipe; 888 int err, size = HCI_MAX_FRAME_SIZE; 889 890 BT_DBG("%s", hdev->name); 891 892 if (!data->bulk_rx_ep) 893 return -ENODEV; 894 895 urb = usb_alloc_urb(0, mem_flags); 896 if (!urb) 897 return -ENOMEM; 898 899 buf = kmalloc(size, mem_flags); 900 if (!buf) { 901 usb_free_urb(urb); 902 return -ENOMEM; 903 } 904 905 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 906 907 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 908 btusb_bulk_complete, hdev); 909 910 urb->transfer_flags |= URB_FREE_BUFFER; 911 912 usb_mark_last_busy(data->udev); 913 usb_anchor_urb(urb, &data->bulk_anchor); 914 915 err = usb_submit_urb(urb, mem_flags); 916 if (err < 0) { 917 if (err != -EPERM && err != -ENODEV) 918 bt_dev_err(hdev, "urb %p submission failed (%d)", 919 urb, -err); 920 usb_unanchor_urb(urb); 921 } 922 923 usb_free_urb(urb); 924 925 return err; 926 } 927 928 static void btusb_isoc_complete(struct urb *urb) 929 { 930 struct hci_dev *hdev = urb->context; 931 struct btusb_data *data = hci_get_drvdata(hdev); 932 int i, err; 933 934 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 935 urb->actual_length); 936 937 if (!test_bit(HCI_RUNNING, &hdev->flags)) 938 return; 939 940 if (urb->status == 0) { 941 for (i = 0; i < urb->number_of_packets; i++) { 942 unsigned int offset = urb->iso_frame_desc[i].offset; 943 unsigned int length = urb->iso_frame_desc[i].actual_length; 944 945 if (urb->iso_frame_desc[i].status) 946 continue; 947 948 hdev->stat.byte_rx += length; 949 950 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 951 length) < 0) { 952 bt_dev_err(hdev, "corrupted SCO packet"); 953 hdev->stat.err_rx++; 954 } 955 } 956 } else if (urb->status == -ENOENT) { 957 /* Avoid suspend failed when usb_kill_urb */ 958 return; 959 } 960 961 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 962 return; 963 964 usb_anchor_urb(urb, &data->isoc_anchor); 965 966 err = usb_submit_urb(urb, GFP_ATOMIC); 967 if (err < 0) { 968 /* -EPERM: urb is being killed; 969 * -ENODEV: device got disconnected 970 */ 971 if (err != -EPERM && err != -ENODEV) 972 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 973 urb, -err); 974 usb_unanchor_urb(urb); 975 } 976 } 977 978 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 979 { 980 int i, offset = 0; 981 982 BT_DBG("len %d mtu %d", len, mtu); 983 984 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 985 i++, offset += mtu, len -= mtu) { 986 urb->iso_frame_desc[i].offset = offset; 987 urb->iso_frame_desc[i].length = mtu; 988 } 989 990 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 991 urb->iso_frame_desc[i].offset = offset; 992 urb->iso_frame_desc[i].length = len; 993 i++; 994 } 995 996 urb->number_of_packets = i; 997 } 998 999 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 1000 { 1001 struct btusb_data *data = hci_get_drvdata(hdev); 1002 struct urb *urb; 1003 unsigned char *buf; 1004 unsigned int pipe; 1005 int err, size; 1006 1007 BT_DBG("%s", hdev->name); 1008 1009 if (!data->isoc_rx_ep) 1010 return -ENODEV; 1011 1012 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 1013 if (!urb) 1014 return -ENOMEM; 1015 1016 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 1017 BTUSB_MAX_ISOC_FRAMES; 1018 1019 buf = kmalloc(size, mem_flags); 1020 if (!buf) { 1021 usb_free_urb(urb); 1022 return -ENOMEM; 1023 } 1024 1025 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 1026 1027 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 1028 hdev, data->isoc_rx_ep->bInterval); 1029 1030 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 1031 1032 __fill_isoc_descriptor(urb, size, 1033 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 1034 1035 usb_anchor_urb(urb, &data->isoc_anchor); 1036 1037 err = usb_submit_urb(urb, mem_flags); 1038 if (err < 0) { 1039 if (err != -EPERM && err != -ENODEV) 1040 bt_dev_err(hdev, "urb %p submission failed (%d)", 1041 urb, -err); 1042 usb_unanchor_urb(urb); 1043 } 1044 1045 usb_free_urb(urb); 1046 1047 return err; 1048 } 1049 1050 static void btusb_diag_complete(struct urb *urb) 1051 { 1052 struct hci_dev *hdev = urb->context; 1053 struct btusb_data *data = hci_get_drvdata(hdev); 1054 int err; 1055 1056 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1057 urb->actual_length); 1058 1059 if (urb->status == 0) { 1060 struct sk_buff *skb; 1061 1062 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 1063 if (skb) { 1064 skb_put_data(skb, urb->transfer_buffer, 1065 urb->actual_length); 1066 hci_recv_diag(hdev, skb); 1067 } 1068 } else if (urb->status == -ENOENT) { 1069 /* Avoid suspend failed when usb_kill_urb */ 1070 return; 1071 } 1072 1073 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1074 return; 1075 1076 usb_anchor_urb(urb, &data->diag_anchor); 1077 usb_mark_last_busy(data->udev); 1078 1079 err = usb_submit_urb(urb, GFP_ATOMIC); 1080 if (err < 0) { 1081 /* -EPERM: urb is being killed; 1082 * -ENODEV: device got disconnected 1083 */ 1084 if (err != -EPERM && err != -ENODEV) 1085 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1086 urb, -err); 1087 usb_unanchor_urb(urb); 1088 } 1089 } 1090 1091 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1092 { 1093 struct btusb_data *data = hci_get_drvdata(hdev); 1094 struct urb *urb; 1095 unsigned char *buf; 1096 unsigned int pipe; 1097 int err, size = HCI_MAX_FRAME_SIZE; 1098 1099 BT_DBG("%s", hdev->name); 1100 1101 if (!data->diag_rx_ep) 1102 return -ENODEV; 1103 1104 urb = usb_alloc_urb(0, mem_flags); 1105 if (!urb) 1106 return -ENOMEM; 1107 1108 buf = kmalloc(size, mem_flags); 1109 if (!buf) { 1110 usb_free_urb(urb); 1111 return -ENOMEM; 1112 } 1113 1114 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1115 1116 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1117 btusb_diag_complete, hdev); 1118 1119 urb->transfer_flags |= URB_FREE_BUFFER; 1120 1121 usb_mark_last_busy(data->udev); 1122 usb_anchor_urb(urb, &data->diag_anchor); 1123 1124 err = usb_submit_urb(urb, mem_flags); 1125 if (err < 0) { 1126 if (err != -EPERM && err != -ENODEV) 1127 bt_dev_err(hdev, "urb %p submission failed (%d)", 1128 urb, -err); 1129 usb_unanchor_urb(urb); 1130 } 1131 1132 usb_free_urb(urb); 1133 1134 return err; 1135 } 1136 1137 static void btusb_tx_complete(struct urb *urb) 1138 { 1139 struct sk_buff *skb = urb->context; 1140 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1141 struct btusb_data *data = hci_get_drvdata(hdev); 1142 unsigned long flags; 1143 1144 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1145 urb->actual_length); 1146 1147 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1148 goto done; 1149 1150 if (!urb->status) 1151 hdev->stat.byte_tx += urb->transfer_buffer_length; 1152 else 1153 hdev->stat.err_tx++; 1154 1155 done: 1156 spin_lock_irqsave(&data->txlock, flags); 1157 data->tx_in_flight--; 1158 spin_unlock_irqrestore(&data->txlock, flags); 1159 1160 kfree(urb->setup_packet); 1161 1162 kfree_skb(skb); 1163 } 1164 1165 static void btusb_isoc_tx_complete(struct urb *urb) 1166 { 1167 struct sk_buff *skb = urb->context; 1168 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1169 1170 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1171 urb->actual_length); 1172 1173 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1174 goto done; 1175 1176 if (!urb->status) 1177 hdev->stat.byte_tx += urb->transfer_buffer_length; 1178 else 1179 hdev->stat.err_tx++; 1180 1181 done: 1182 kfree(urb->setup_packet); 1183 1184 kfree_skb(skb); 1185 } 1186 1187 static int btusb_open(struct hci_dev *hdev) 1188 { 1189 struct btusb_data *data = hci_get_drvdata(hdev); 1190 int err; 1191 1192 BT_DBG("%s", hdev->name); 1193 1194 err = usb_autopm_get_interface(data->intf); 1195 if (err < 0) 1196 return err; 1197 1198 /* Patching USB firmware files prior to starting any URBs of HCI path 1199 * It is more safe to use USB bulk channel for downloading USB patch 1200 */ 1201 if (data->setup_on_usb) { 1202 err = data->setup_on_usb(hdev); 1203 if (err < 0) 1204 goto setup_fail; 1205 } 1206 1207 data->intf->needs_remote_wakeup = 1; 1208 1209 /* Disable device remote wakeup when host is suspended 1210 * For Realtek chips, global suspend without 1211 * SET_FEATURE (DEVICE_REMOTE_WAKEUP) can save more power in device. 1212 */ 1213 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) 1214 device_wakeup_disable(&data->udev->dev); 1215 1216 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1217 goto done; 1218 1219 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1220 if (err < 0) 1221 goto failed; 1222 1223 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1224 if (err < 0) { 1225 usb_kill_anchored_urbs(&data->intr_anchor); 1226 goto failed; 1227 } 1228 1229 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1230 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1231 1232 if (data->diag) { 1233 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1234 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1235 } 1236 1237 done: 1238 usb_autopm_put_interface(data->intf); 1239 return 0; 1240 1241 failed: 1242 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1243 setup_fail: 1244 usb_autopm_put_interface(data->intf); 1245 return err; 1246 } 1247 1248 static void btusb_stop_traffic(struct btusb_data *data) 1249 { 1250 usb_kill_anchored_urbs(&data->intr_anchor); 1251 usb_kill_anchored_urbs(&data->bulk_anchor); 1252 usb_kill_anchored_urbs(&data->isoc_anchor); 1253 usb_kill_anchored_urbs(&data->diag_anchor); 1254 usb_kill_anchored_urbs(&data->ctrl_anchor); 1255 } 1256 1257 static int btusb_close(struct hci_dev *hdev) 1258 { 1259 struct btusb_data *data = hci_get_drvdata(hdev); 1260 int err; 1261 1262 BT_DBG("%s", hdev->name); 1263 1264 cancel_work_sync(&data->work); 1265 cancel_work_sync(&data->waker); 1266 1267 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1268 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1269 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1270 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1271 1272 btusb_stop_traffic(data); 1273 btusb_free_frags(data); 1274 1275 err = usb_autopm_get_interface(data->intf); 1276 if (err < 0) 1277 goto failed; 1278 1279 data->intf->needs_remote_wakeup = 0; 1280 1281 /* Enable remote wake up for auto-suspend */ 1282 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) 1283 data->intf->needs_remote_wakeup = 1; 1284 1285 usb_autopm_put_interface(data->intf); 1286 1287 failed: 1288 usb_scuttle_anchored_urbs(&data->deferred); 1289 return 0; 1290 } 1291 1292 static int btusb_flush(struct hci_dev *hdev) 1293 { 1294 struct btusb_data *data = hci_get_drvdata(hdev); 1295 1296 BT_DBG("%s", hdev->name); 1297 1298 usb_kill_anchored_urbs(&data->tx_anchor); 1299 btusb_free_frags(data); 1300 1301 return 0; 1302 } 1303 1304 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1305 { 1306 struct btusb_data *data = hci_get_drvdata(hdev); 1307 struct usb_ctrlrequest *dr; 1308 struct urb *urb; 1309 unsigned int pipe; 1310 1311 urb = usb_alloc_urb(0, GFP_KERNEL); 1312 if (!urb) 1313 return ERR_PTR(-ENOMEM); 1314 1315 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1316 if (!dr) { 1317 usb_free_urb(urb); 1318 return ERR_PTR(-ENOMEM); 1319 } 1320 1321 dr->bRequestType = data->cmdreq_type; 1322 dr->bRequest = data->cmdreq; 1323 dr->wIndex = 0; 1324 dr->wValue = 0; 1325 dr->wLength = __cpu_to_le16(skb->len); 1326 1327 pipe = usb_sndctrlpipe(data->udev, 0x00); 1328 1329 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1330 skb->data, skb->len, btusb_tx_complete, skb); 1331 1332 skb->dev = (void *)hdev; 1333 1334 return urb; 1335 } 1336 1337 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1338 { 1339 struct btusb_data *data = hci_get_drvdata(hdev); 1340 struct urb *urb; 1341 unsigned int pipe; 1342 1343 if (!data->bulk_tx_ep) 1344 return ERR_PTR(-ENODEV); 1345 1346 urb = usb_alloc_urb(0, GFP_KERNEL); 1347 if (!urb) 1348 return ERR_PTR(-ENOMEM); 1349 1350 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1351 1352 usb_fill_bulk_urb(urb, data->udev, pipe, 1353 skb->data, skb->len, btusb_tx_complete, skb); 1354 1355 skb->dev = (void *)hdev; 1356 1357 return urb; 1358 } 1359 1360 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1361 { 1362 struct btusb_data *data = hci_get_drvdata(hdev); 1363 struct urb *urb; 1364 unsigned int pipe; 1365 1366 if (!data->isoc_tx_ep) 1367 return ERR_PTR(-ENODEV); 1368 1369 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1370 if (!urb) 1371 return ERR_PTR(-ENOMEM); 1372 1373 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1374 1375 usb_fill_int_urb(urb, data->udev, pipe, 1376 skb->data, skb->len, btusb_isoc_tx_complete, 1377 skb, data->isoc_tx_ep->bInterval); 1378 1379 urb->transfer_flags = URB_ISO_ASAP; 1380 1381 __fill_isoc_descriptor(urb, skb->len, 1382 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1383 1384 skb->dev = (void *)hdev; 1385 1386 return urb; 1387 } 1388 1389 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1390 { 1391 struct btusb_data *data = hci_get_drvdata(hdev); 1392 int err; 1393 1394 usb_anchor_urb(urb, &data->tx_anchor); 1395 1396 err = usb_submit_urb(urb, GFP_KERNEL); 1397 if (err < 0) { 1398 if (err != -EPERM && err != -ENODEV) 1399 bt_dev_err(hdev, "urb %p submission failed (%d)", 1400 urb, -err); 1401 kfree(urb->setup_packet); 1402 usb_unanchor_urb(urb); 1403 } else { 1404 usb_mark_last_busy(data->udev); 1405 } 1406 1407 usb_free_urb(urb); 1408 return err; 1409 } 1410 1411 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1412 { 1413 struct btusb_data *data = hci_get_drvdata(hdev); 1414 unsigned long flags; 1415 bool suspending; 1416 1417 spin_lock_irqsave(&data->txlock, flags); 1418 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1419 if (!suspending) 1420 data->tx_in_flight++; 1421 spin_unlock_irqrestore(&data->txlock, flags); 1422 1423 if (!suspending) 1424 return submit_tx_urb(hdev, urb); 1425 1426 usb_anchor_urb(urb, &data->deferred); 1427 schedule_work(&data->waker); 1428 1429 usb_free_urb(urb); 1430 return 0; 1431 } 1432 1433 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1434 { 1435 struct urb *urb; 1436 1437 BT_DBG("%s", hdev->name); 1438 1439 switch (hci_skb_pkt_type(skb)) { 1440 case HCI_COMMAND_PKT: 1441 urb = alloc_ctrl_urb(hdev, skb); 1442 if (IS_ERR(urb)) 1443 return PTR_ERR(urb); 1444 1445 hdev->stat.cmd_tx++; 1446 return submit_or_queue_tx_urb(hdev, urb); 1447 1448 case HCI_ACLDATA_PKT: 1449 urb = alloc_bulk_urb(hdev, skb); 1450 if (IS_ERR(urb)) 1451 return PTR_ERR(urb); 1452 1453 hdev->stat.acl_tx++; 1454 return submit_or_queue_tx_urb(hdev, urb); 1455 1456 case HCI_SCODATA_PKT: 1457 if (hci_conn_num(hdev, SCO_LINK) < 1) 1458 return -ENODEV; 1459 1460 urb = alloc_isoc_urb(hdev, skb); 1461 if (IS_ERR(urb)) 1462 return PTR_ERR(urb); 1463 1464 hdev->stat.sco_tx++; 1465 return submit_tx_urb(hdev, urb); 1466 } 1467 1468 return -EILSEQ; 1469 } 1470 1471 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1472 { 1473 struct btusb_data *data = hci_get_drvdata(hdev); 1474 1475 BT_DBG("%s evt %d", hdev->name, evt); 1476 1477 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1478 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1479 schedule_work(&data->work); 1480 } 1481 } 1482 1483 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1484 { 1485 struct btusb_data *data = hci_get_drvdata(hdev); 1486 struct usb_interface *intf = data->isoc; 1487 struct usb_endpoint_descriptor *ep_desc; 1488 int i, err; 1489 1490 if (!data->isoc) 1491 return -ENODEV; 1492 1493 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 1494 if (err < 0) { 1495 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1496 return err; 1497 } 1498 1499 data->isoc_altsetting = altsetting; 1500 1501 data->isoc_tx_ep = NULL; 1502 data->isoc_rx_ep = NULL; 1503 1504 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1505 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1506 1507 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1508 data->isoc_tx_ep = ep_desc; 1509 continue; 1510 } 1511 1512 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1513 data->isoc_rx_ep = ep_desc; 1514 continue; 1515 } 1516 } 1517 1518 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1519 bt_dev_err(hdev, "invalid SCO descriptors"); 1520 return -ENODEV; 1521 } 1522 1523 return 0; 1524 } 1525 1526 static void btusb_work(struct work_struct *work) 1527 { 1528 struct btusb_data *data = container_of(work, struct btusb_data, work); 1529 struct hci_dev *hdev = data->hdev; 1530 int new_alts; 1531 int err; 1532 1533 if (data->sco_num > 0) { 1534 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1535 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1536 if (err < 0) { 1537 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1538 usb_kill_anchored_urbs(&data->isoc_anchor); 1539 return; 1540 } 1541 1542 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1543 } 1544 1545 if (hdev->voice_setting & 0x0020) { 1546 static const int alts[3] = { 2, 4, 5 }; 1547 1548 new_alts = alts[data->sco_num - 1]; 1549 } else { 1550 new_alts = data->sco_num; 1551 } 1552 1553 if (data->isoc_altsetting != new_alts) { 1554 unsigned long flags; 1555 1556 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1557 usb_kill_anchored_urbs(&data->isoc_anchor); 1558 1559 /* When isochronous alternate setting needs to be 1560 * changed, because SCO connection has been added 1561 * or removed, a packet fragment may be left in the 1562 * reassembling state. This could lead to wrongly 1563 * assembled fragments. 1564 * 1565 * Clear outstanding fragment when selecting a new 1566 * alternate setting. 1567 */ 1568 spin_lock_irqsave(&data->rxlock, flags); 1569 kfree_skb(data->sco_skb); 1570 data->sco_skb = NULL; 1571 spin_unlock_irqrestore(&data->rxlock, flags); 1572 1573 if (__set_isoc_interface(hdev, new_alts) < 0) 1574 return; 1575 } 1576 1577 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1578 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1579 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1580 else 1581 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1582 } 1583 } else { 1584 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1585 usb_kill_anchored_urbs(&data->isoc_anchor); 1586 1587 __set_isoc_interface(hdev, 0); 1588 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1589 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1590 } 1591 } 1592 1593 static void btusb_waker(struct work_struct *work) 1594 { 1595 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1596 int err; 1597 1598 err = usb_autopm_get_interface(data->intf); 1599 if (err < 0) 1600 return; 1601 1602 usb_autopm_put_interface(data->intf); 1603 } 1604 1605 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1606 { 1607 struct sk_buff *skb; 1608 u8 val = 0x00; 1609 1610 BT_DBG("%s", hdev->name); 1611 1612 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1613 if (IS_ERR(skb)) 1614 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 1615 else 1616 kfree_skb(skb); 1617 1618 return 0; 1619 } 1620 1621 static int btusb_setup_csr(struct hci_dev *hdev) 1622 { 1623 struct hci_rp_read_local_version *rp; 1624 struct sk_buff *skb; 1625 1626 BT_DBG("%s", hdev->name); 1627 1628 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1629 HCI_INIT_TIMEOUT); 1630 if (IS_ERR(skb)) { 1631 int err = PTR_ERR(skb); 1632 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 1633 return err; 1634 } 1635 1636 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 1637 bt_dev_err(hdev, "CSR: Local version length mismatch"); 1638 kfree_skb(skb); 1639 return -EIO; 1640 } 1641 1642 rp = (struct hci_rp_read_local_version *)skb->data; 1643 1644 /* Detect controllers which aren't real CSR ones. */ 1645 if (le16_to_cpu(rp->manufacturer) != 10 || 1646 le16_to_cpu(rp->lmp_subver) == 0x0c5c) { 1647 /* Clear the reset quirk since this is not an actual 1648 * early Bluetooth 1.1 device from CSR. 1649 */ 1650 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1651 1652 /* These fake CSR controllers have all a broken 1653 * stored link key handling and so just disable it. 1654 */ 1655 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1656 } 1657 1658 kfree_skb(skb); 1659 1660 return 0; 1661 } 1662 1663 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1664 struct intel_version *ver) 1665 { 1666 const struct firmware *fw; 1667 char fwname[64]; 1668 int ret; 1669 1670 snprintf(fwname, sizeof(fwname), 1671 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1672 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1673 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1674 ver->fw_build_ww, ver->fw_build_yy); 1675 1676 ret = request_firmware(&fw, fwname, &hdev->dev); 1677 if (ret < 0) { 1678 if (ret == -EINVAL) { 1679 bt_dev_err(hdev, "Intel firmware file request failed (%d)", 1680 ret); 1681 return NULL; 1682 } 1683 1684 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)", 1685 fwname, ret); 1686 1687 /* If the correct firmware patch file is not found, use the 1688 * default firmware patch file instead 1689 */ 1690 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1691 ver->hw_platform, ver->hw_variant); 1692 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1693 bt_dev_err(hdev, "failed to open default fw file: %s", 1694 fwname); 1695 return NULL; 1696 } 1697 } 1698 1699 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1700 1701 return fw; 1702 } 1703 1704 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1705 const struct firmware *fw, 1706 const u8 **fw_ptr, int *disable_patch) 1707 { 1708 struct sk_buff *skb; 1709 struct hci_command_hdr *cmd; 1710 const u8 *cmd_param; 1711 struct hci_event_hdr *evt = NULL; 1712 const u8 *evt_param = NULL; 1713 int remain = fw->size - (*fw_ptr - fw->data); 1714 1715 /* The first byte indicates the types of the patch command or event. 1716 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1717 * in the current firmware buffer doesn't start with 0x01 or 1718 * the size of remain buffer is smaller than HCI command header, 1719 * the firmware file is corrupted and it should stop the patching 1720 * process. 1721 */ 1722 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1723 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read"); 1724 return -EINVAL; 1725 } 1726 (*fw_ptr)++; 1727 remain--; 1728 1729 cmd = (struct hci_command_hdr *)(*fw_ptr); 1730 *fw_ptr += sizeof(*cmd); 1731 remain -= sizeof(*cmd); 1732 1733 /* Ensure that the remain firmware data is long enough than the length 1734 * of command parameter. If not, the firmware file is corrupted. 1735 */ 1736 if (remain < cmd->plen) { 1737 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len"); 1738 return -EFAULT; 1739 } 1740 1741 /* If there is a command that loads a patch in the firmware 1742 * file, then enable the patch upon success, otherwise just 1743 * disable the manufacturer mode, for example patch activation 1744 * is not required when the default firmware patch file is used 1745 * because there are no patch data to load. 1746 */ 1747 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1748 *disable_patch = 0; 1749 1750 cmd_param = *fw_ptr; 1751 *fw_ptr += cmd->plen; 1752 remain -= cmd->plen; 1753 1754 /* This reads the expected events when the above command is sent to the 1755 * device. Some vendor commands expects more than one events, for 1756 * example command status event followed by vendor specific event. 1757 * For this case, it only keeps the last expected event. so the command 1758 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1759 * last expected event. 1760 */ 1761 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1762 (*fw_ptr)++; 1763 remain--; 1764 1765 evt = (struct hci_event_hdr *)(*fw_ptr); 1766 *fw_ptr += sizeof(*evt); 1767 remain -= sizeof(*evt); 1768 1769 if (remain < evt->plen) { 1770 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len"); 1771 return -EFAULT; 1772 } 1773 1774 evt_param = *fw_ptr; 1775 *fw_ptr += evt->plen; 1776 remain -= evt->plen; 1777 } 1778 1779 /* Every HCI commands in the firmware file has its correspond event. 1780 * If event is not found or remain is smaller than zero, the firmware 1781 * file is corrupted. 1782 */ 1783 if (!evt || !evt_param || remain < 0) { 1784 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read"); 1785 return -EFAULT; 1786 } 1787 1788 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1789 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1790 if (IS_ERR(skb)) { 1791 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)", 1792 cmd->opcode, PTR_ERR(skb)); 1793 return PTR_ERR(skb); 1794 } 1795 1796 /* It ensures that the returned event matches the event data read from 1797 * the firmware file. At fist, it checks the length and then 1798 * the contents of the event. 1799 */ 1800 if (skb->len != evt->plen) { 1801 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)", 1802 le16_to_cpu(cmd->opcode)); 1803 kfree_skb(skb); 1804 return -EFAULT; 1805 } 1806 1807 if (memcmp(skb->data, evt_param, evt->plen)) { 1808 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)", 1809 le16_to_cpu(cmd->opcode)); 1810 kfree_skb(skb); 1811 return -EFAULT; 1812 } 1813 kfree_skb(skb); 1814 1815 return 0; 1816 } 1817 1818 static int btusb_setup_intel(struct hci_dev *hdev) 1819 { 1820 struct sk_buff *skb; 1821 const struct firmware *fw; 1822 const u8 *fw_ptr; 1823 int disable_patch, err; 1824 struct intel_version ver; 1825 1826 BT_DBG("%s", hdev->name); 1827 1828 /* The controller has a bug with the first HCI command sent to it 1829 * returning number of completed commands as zero. This would stall the 1830 * command processing in the Bluetooth core. 1831 * 1832 * As a workaround, send HCI Reset command first which will reset the 1833 * number of completed commands and allow normal command processing 1834 * from now on. 1835 */ 1836 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1837 if (IS_ERR(skb)) { 1838 bt_dev_err(hdev, "sending initial HCI reset command failed (%ld)", 1839 PTR_ERR(skb)); 1840 return PTR_ERR(skb); 1841 } 1842 kfree_skb(skb); 1843 1844 /* Read Intel specific controller version first to allow selection of 1845 * which firmware file to load. 1846 * 1847 * The returned information are hardware variant and revision plus 1848 * firmware variant, revision and build number. 1849 */ 1850 err = btintel_read_version(hdev, &ver); 1851 if (err) 1852 return err; 1853 1854 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1855 ver.hw_platform, ver.hw_variant, ver.hw_revision, 1856 ver.fw_variant, ver.fw_revision, ver.fw_build_num, 1857 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num); 1858 1859 /* fw_patch_num indicates the version of patch the device currently 1860 * have. If there is no patch data in the device, it is always 0x00. 1861 * So, if it is other than 0x00, no need to patch the device again. 1862 */ 1863 if (ver.fw_patch_num) { 1864 bt_dev_info(hdev, "Intel device is already patched. " 1865 "patch num: %02x", ver.fw_patch_num); 1866 goto complete; 1867 } 1868 1869 /* Opens the firmware patch file based on the firmware version read 1870 * from the controller. If it fails to open the matching firmware 1871 * patch file, it tries to open the default firmware patch file. 1872 * If no patch file is found, allow the device to operate without 1873 * a patch. 1874 */ 1875 fw = btusb_setup_intel_get_fw(hdev, &ver); 1876 if (!fw) 1877 goto complete; 1878 fw_ptr = fw->data; 1879 1880 /* Enable the manufacturer mode of the controller. 1881 * Only while this mode is enabled, the driver can download the 1882 * firmware patch data and configuration parameters. 1883 */ 1884 err = btintel_enter_mfg(hdev); 1885 if (err) { 1886 release_firmware(fw); 1887 return err; 1888 } 1889 1890 disable_patch = 1; 1891 1892 /* The firmware data file consists of list of Intel specific HCI 1893 * commands and its expected events. The first byte indicates the 1894 * type of the message, either HCI command or HCI event. 1895 * 1896 * It reads the command and its expected event from the firmware file, 1897 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1898 * the returned event is compared with the event read from the firmware 1899 * file and it will continue until all the messages are downloaded to 1900 * the controller. 1901 * 1902 * Once the firmware patching is completed successfully, 1903 * the manufacturer mode is disabled with reset and activating the 1904 * downloaded patch. 1905 * 1906 * If the firmware patching fails, the manufacturer mode is 1907 * disabled with reset and deactivating the patch. 1908 * 1909 * If the default patch file is used, no reset is done when disabling 1910 * the manufacturer. 1911 */ 1912 while (fw->size > fw_ptr - fw->data) { 1913 int ret; 1914 1915 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1916 &disable_patch); 1917 if (ret < 0) 1918 goto exit_mfg_deactivate; 1919 } 1920 1921 release_firmware(fw); 1922 1923 if (disable_patch) 1924 goto exit_mfg_disable; 1925 1926 /* Patching completed successfully and disable the manufacturer mode 1927 * with reset and activate the downloaded firmware patches. 1928 */ 1929 err = btintel_exit_mfg(hdev, true, true); 1930 if (err) 1931 return err; 1932 1933 bt_dev_info(hdev, "Intel firmware patch completed and activated"); 1934 1935 goto complete; 1936 1937 exit_mfg_disable: 1938 /* Disable the manufacturer mode without reset */ 1939 err = btintel_exit_mfg(hdev, false, false); 1940 if (err) 1941 return err; 1942 1943 bt_dev_info(hdev, "Intel firmware patch completed"); 1944 1945 goto complete; 1946 1947 exit_mfg_deactivate: 1948 release_firmware(fw); 1949 1950 /* Patching failed. Disable the manufacturer mode with reset and 1951 * deactivate the downloaded firmware patches. 1952 */ 1953 err = btintel_exit_mfg(hdev, true, false); 1954 if (err) 1955 return err; 1956 1957 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1958 1959 complete: 1960 /* Set the event mask for Intel specific vendor events. This enables 1961 * a few extra events that are useful during general operation. 1962 */ 1963 btintel_set_event_mask_mfg(hdev, false); 1964 1965 btintel_check_bdaddr(hdev); 1966 return 0; 1967 } 1968 1969 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1970 { 1971 struct sk_buff *skb; 1972 struct hci_event_hdr *hdr; 1973 struct hci_ev_cmd_complete *evt; 1974 1975 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 1976 if (!skb) 1977 return -ENOMEM; 1978 1979 hdr = skb_put(skb, sizeof(*hdr)); 1980 hdr->evt = HCI_EV_CMD_COMPLETE; 1981 hdr->plen = sizeof(*evt) + 1; 1982 1983 evt = skb_put(skb, sizeof(*evt)); 1984 evt->ncmd = 0x01; 1985 evt->opcode = cpu_to_le16(opcode); 1986 1987 skb_put_u8(skb, 0x00); 1988 1989 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1990 1991 return hci_recv_frame(hdev, skb); 1992 } 1993 1994 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 1995 int count) 1996 { 1997 /* When the device is in bootloader mode, then it can send 1998 * events via the bulk endpoint. These events are treated the 1999 * same way as the ones received from the interrupt endpoint. 2000 */ 2001 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) 2002 return btusb_recv_intr(data, buffer, count); 2003 2004 return btusb_recv_bulk(data, buffer, count); 2005 } 2006 2007 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr, 2008 unsigned int len) 2009 { 2010 const struct intel_bootup *evt = ptr; 2011 2012 if (len != sizeof(*evt)) 2013 return; 2014 2015 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) 2016 wake_up_bit(&data->flags, BTUSB_BOOTING); 2017 } 2018 2019 static void btusb_intel_secure_send_result(struct btusb_data *data, 2020 const void *ptr, unsigned int len) 2021 { 2022 const struct intel_secure_send_result *evt = ptr; 2023 2024 if (len != sizeof(*evt)) 2025 return; 2026 2027 if (evt->result) 2028 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags); 2029 2030 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) && 2031 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) 2032 wake_up_bit(&data->flags, BTUSB_DOWNLOADING); 2033 } 2034 2035 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 2036 { 2037 struct btusb_data *data = hci_get_drvdata(hdev); 2038 2039 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 2040 struct hci_event_hdr *hdr = (void *)skb->data; 2041 2042 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 2043 hdr->plen > 0) { 2044 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 2045 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 2046 2047 switch (skb->data[2]) { 2048 case 0x02: 2049 /* When switching to the operational firmware 2050 * the device sends a vendor specific event 2051 * indicating that the bootup completed. 2052 */ 2053 btusb_intel_bootup(data, ptr, len); 2054 break; 2055 case 0x06: 2056 /* When the firmware loading completes the 2057 * device sends out a vendor specific event 2058 * indicating the result of the firmware 2059 * loading. 2060 */ 2061 btusb_intel_secure_send_result(data, ptr, len); 2062 break; 2063 } 2064 } 2065 } 2066 2067 return hci_recv_frame(hdev, skb); 2068 } 2069 2070 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 2071 { 2072 struct btusb_data *data = hci_get_drvdata(hdev); 2073 struct urb *urb; 2074 2075 BT_DBG("%s", hdev->name); 2076 2077 switch (hci_skb_pkt_type(skb)) { 2078 case HCI_COMMAND_PKT: 2079 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 2080 struct hci_command_hdr *cmd = (void *)skb->data; 2081 __u16 opcode = le16_to_cpu(cmd->opcode); 2082 2083 /* When in bootloader mode and the command 0xfc09 2084 * is received, it needs to be send down the 2085 * bulk endpoint. So allocate a bulk URB instead. 2086 */ 2087 if (opcode == 0xfc09) 2088 urb = alloc_bulk_urb(hdev, skb); 2089 else 2090 urb = alloc_ctrl_urb(hdev, skb); 2091 2092 /* When the 0xfc01 command is issued to boot into 2093 * the operational firmware, it will actually not 2094 * send a command complete event. To keep the flow 2095 * control working inject that event here. 2096 */ 2097 if (opcode == 0xfc01) 2098 inject_cmd_complete(hdev, opcode); 2099 } else { 2100 urb = alloc_ctrl_urb(hdev, skb); 2101 } 2102 if (IS_ERR(urb)) 2103 return PTR_ERR(urb); 2104 2105 hdev->stat.cmd_tx++; 2106 return submit_or_queue_tx_urb(hdev, urb); 2107 2108 case HCI_ACLDATA_PKT: 2109 urb = alloc_bulk_urb(hdev, skb); 2110 if (IS_ERR(urb)) 2111 return PTR_ERR(urb); 2112 2113 hdev->stat.acl_tx++; 2114 return submit_or_queue_tx_urb(hdev, urb); 2115 2116 case HCI_SCODATA_PKT: 2117 if (hci_conn_num(hdev, SCO_LINK) < 1) 2118 return -ENODEV; 2119 2120 urb = alloc_isoc_urb(hdev, skb); 2121 if (IS_ERR(urb)) 2122 return PTR_ERR(urb); 2123 2124 hdev->stat.sco_tx++; 2125 return submit_tx_urb(hdev, urb); 2126 } 2127 2128 return -EILSEQ; 2129 } 2130 2131 static bool btusb_setup_intel_new_get_fw_name(struct intel_version *ver, 2132 struct intel_boot_params *params, 2133 char *fw_name, size_t len, 2134 const char *suffix) 2135 { 2136 switch (ver->hw_variant) { 2137 case 0x0b: /* SfP */ 2138 case 0x0c: /* WsP */ 2139 snprintf(fw_name, len, "intel/ibt-%u-%u.%s", 2140 le16_to_cpu(ver->hw_variant), 2141 le16_to_cpu(params->dev_revid), 2142 suffix); 2143 break; 2144 case 0x11: /* JfP */ 2145 case 0x12: /* ThP */ 2146 case 0x13: /* HrP */ 2147 case 0x14: /* CcP */ 2148 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s", 2149 le16_to_cpu(ver->hw_variant), 2150 le16_to_cpu(ver->hw_revision), 2151 le16_to_cpu(ver->fw_revision), 2152 suffix); 2153 break; 2154 default: 2155 return false; 2156 } 2157 return true; 2158 } 2159 2160 static int btusb_setup_intel_new(struct hci_dev *hdev) 2161 { 2162 struct btusb_data *data = hci_get_drvdata(hdev); 2163 struct intel_version ver; 2164 struct intel_boot_params params; 2165 const struct firmware *fw; 2166 u32 boot_param; 2167 char fwname[64]; 2168 ktime_t calltime, delta, rettime; 2169 unsigned long long duration; 2170 int err; 2171 2172 BT_DBG("%s", hdev->name); 2173 2174 /* Set the default boot parameter to 0x0 and it is updated to 2175 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2176 * command while downloading the firmware. 2177 */ 2178 boot_param = 0x00000000; 2179 2180 calltime = ktime_get(); 2181 2182 /* Read the Intel version information to determine if the device 2183 * is in bootloader mode or if it already has operational firmware 2184 * loaded. 2185 */ 2186 err = btintel_read_version(hdev, &ver); 2187 if (err) { 2188 bt_dev_err(hdev, "Intel Read version failed (%d)", err); 2189 btintel_reset_to_bootloader(hdev); 2190 return err; 2191 } 2192 2193 /* The hardware platform number has a fixed value of 0x37 and 2194 * for now only accept this single value. 2195 */ 2196 if (ver.hw_platform != 0x37) { 2197 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 2198 ver.hw_platform); 2199 return -EINVAL; 2200 } 2201 2202 /* Check for supported iBT hardware variants of this firmware 2203 * loading method. 2204 * 2205 * This check has been put in place to ensure correct forward 2206 * compatibility options when newer hardware variants come along. 2207 */ 2208 switch (ver.hw_variant) { 2209 case 0x0b: /* SfP */ 2210 case 0x0c: /* WsP */ 2211 case 0x11: /* JfP */ 2212 case 0x12: /* ThP */ 2213 case 0x13: /* HrP */ 2214 case 0x14: /* CcP */ 2215 break; 2216 default: 2217 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 2218 ver.hw_variant); 2219 return -EINVAL; 2220 } 2221 2222 btintel_version_info(hdev, &ver); 2223 2224 /* The firmware variant determines if the device is in bootloader 2225 * mode or is running operational firmware. The value 0x06 identifies 2226 * the bootloader and the value 0x23 identifies the operational 2227 * firmware. 2228 * 2229 * When the operational firmware is already present, then only 2230 * the check for valid Bluetooth device address is needed. This 2231 * determines if the device will be added as configured or 2232 * unconfigured controller. 2233 * 2234 * It is not possible to use the Secure Boot Parameters in this 2235 * case since that command is only available in bootloader mode. 2236 */ 2237 if (ver.fw_variant == 0x23) { 2238 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2239 btintel_check_bdaddr(hdev); 2240 return 0; 2241 } 2242 2243 /* If the device is not in bootloader mode, then the only possible 2244 * choice is to return an error and abort the device initialization. 2245 */ 2246 if (ver.fw_variant != 0x06) { 2247 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 2248 ver.fw_variant); 2249 return -ENODEV; 2250 } 2251 2252 /* Read the secure boot parameters to identify the operating 2253 * details of the bootloader. 2254 */ 2255 err = btintel_read_boot_params(hdev, ¶ms); 2256 if (err) 2257 return err; 2258 2259 /* It is required that every single firmware fragment is acknowledged 2260 * with a command complete event. If the boot parameters indicate 2261 * that this bootloader does not send them, then abort the setup. 2262 */ 2263 if (params.limited_cce != 0x00) { 2264 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 2265 params.limited_cce); 2266 return -EINVAL; 2267 } 2268 2269 /* If the OTP has no valid Bluetooth device address, then there will 2270 * also be no valid address for the operational firmware. 2271 */ 2272 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) { 2273 bt_dev_info(hdev, "No device address configured"); 2274 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2275 } 2276 2277 /* With this Intel bootloader only the hardware variant and device 2278 * revision information are used to select the right firmware for SfP 2279 * and WsP. 2280 * 2281 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 2282 * 2283 * Currently the supported hardware variants are: 2284 * 11 (0x0b) for iBT3.0 (LnP/SfP) 2285 * 12 (0x0c) for iBT3.5 (WsP) 2286 * 2287 * For ThP/JfP and for future SKU's, the FW name varies based on HW 2288 * variant, HW revision and FW revision, as these are dependent on CNVi 2289 * and RF Combination. 2290 * 2291 * 17 (0x11) for iBT3.5 (JfP) 2292 * 18 (0x12) for iBT3.5 (ThP) 2293 * 2294 * The firmware file name for these will be 2295 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 2296 * 2297 */ 2298 err = btusb_setup_intel_new_get_fw_name(&ver, ¶ms, fwname, 2299 sizeof(fwname), "sfi"); 2300 if (!err) { 2301 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2302 return -EINVAL; 2303 } 2304 2305 err = request_firmware(&fw, fwname, &hdev->dev); 2306 if (err < 0) { 2307 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err); 2308 return err; 2309 } 2310 2311 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2312 2313 /* Save the DDC file name for later use to apply once the firmware 2314 * downloading is done. 2315 */ 2316 err = btusb_setup_intel_new_get_fw_name(&ver, ¶ms, fwname, 2317 sizeof(fwname), "ddc"); 2318 if (!err) { 2319 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2320 return -EINVAL; 2321 } 2322 2323 if (fw->size < 644) { 2324 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 2325 fw->size); 2326 err = -EBADF; 2327 goto done; 2328 } 2329 2330 set_bit(BTUSB_DOWNLOADING, &data->flags); 2331 2332 /* Start firmware downloading and get boot parameter */ 2333 err = btintel_download_firmware(hdev, fw, &boot_param); 2334 if (err < 0) { 2335 /* When FW download fails, send Intel Reset to retry 2336 * FW download. 2337 */ 2338 btintel_reset_to_bootloader(hdev); 2339 goto done; 2340 } 2341 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); 2342 2343 bt_dev_info(hdev, "Waiting for firmware download to complete"); 2344 2345 /* Before switching the device into operational mode and with that 2346 * booting the loaded firmware, wait for the bootloader notification 2347 * that all fragments have been successfully received. 2348 * 2349 * When the event processing receives the notification, then the 2350 * BTUSB_DOWNLOADING flag will be cleared. 2351 * 2352 * The firmware loading should not take longer than 5 seconds 2353 * and thus just timeout if that happens and fail the setup 2354 * of this device. 2355 */ 2356 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, 2357 TASK_INTERRUPTIBLE, 2358 msecs_to_jiffies(5000)); 2359 if (err == -EINTR) { 2360 bt_dev_err(hdev, "Firmware loading interrupted"); 2361 goto done; 2362 } 2363 2364 if (err) { 2365 bt_dev_err(hdev, "Firmware loading timeout"); 2366 err = -ETIMEDOUT; 2367 btintel_reset_to_bootloader(hdev); 2368 goto done; 2369 } 2370 2371 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { 2372 bt_dev_err(hdev, "Firmware loading failed"); 2373 err = -ENOEXEC; 2374 goto done; 2375 } 2376 2377 rettime = ktime_get(); 2378 delta = ktime_sub(rettime, calltime); 2379 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2380 2381 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 2382 2383 done: 2384 release_firmware(fw); 2385 2386 if (err < 0) 2387 return err; 2388 2389 calltime = ktime_get(); 2390 2391 set_bit(BTUSB_BOOTING, &data->flags); 2392 2393 err = btintel_send_intel_reset(hdev, boot_param); 2394 if (err) { 2395 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err); 2396 btintel_reset_to_bootloader(hdev); 2397 return err; 2398 } 2399 2400 /* The bootloader will not indicate when the device is ready. This 2401 * is done by the operational firmware sending bootup notification. 2402 * 2403 * Booting into operational firmware should not take longer than 2404 * 1 second. However if that happens, then just fail the setup 2405 * since something went wrong. 2406 */ 2407 bt_dev_info(hdev, "Waiting for device to boot"); 2408 2409 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, 2410 TASK_INTERRUPTIBLE, 2411 msecs_to_jiffies(1000)); 2412 2413 if (err == -EINTR) { 2414 bt_dev_err(hdev, "Device boot interrupted"); 2415 return -EINTR; 2416 } 2417 2418 if (err) { 2419 bt_dev_err(hdev, "Device boot timeout"); 2420 btintel_reset_to_bootloader(hdev); 2421 return -ETIMEDOUT; 2422 } 2423 2424 rettime = ktime_get(); 2425 delta = ktime_sub(rettime, calltime); 2426 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2427 2428 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 2429 2430 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2431 2432 /* Once the device is running in operational mode, it needs to apply 2433 * the device configuration (DDC) parameters. 2434 * 2435 * The device can work without DDC parameters, so even if it fails 2436 * to load the file, no need to fail the setup. 2437 */ 2438 btintel_load_ddc_config(hdev, fwname); 2439 2440 /* Set the event mask for Intel specific vendor events. This enables 2441 * a few extra events that are useful during general operation. It 2442 * does not enable any debugging related events. 2443 * 2444 * The device will function correctly without these events enabled 2445 * and thus no need to fail the setup. 2446 */ 2447 btintel_set_event_mask(hdev, false); 2448 2449 /* Read the Intel version information after loading the FW */ 2450 err = btintel_read_version(hdev, &ver); 2451 if (err) 2452 return err; 2453 2454 btintel_version_info(hdev, &ver); 2455 2456 return 0; 2457 } 2458 2459 static int btusb_shutdown_intel(struct hci_dev *hdev) 2460 { 2461 struct sk_buff *skb; 2462 long ret; 2463 2464 /* In the shutdown sequence where Bluetooth is turned off followed 2465 * by WiFi being turned off, turning WiFi back on causes issue with 2466 * the RF calibration. 2467 * 2468 * To ensure that any RF activity has been stopped, issue HCI Reset 2469 * command to clear all ongoing activity including advertising, 2470 * scanning etc. 2471 */ 2472 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 2473 if (IS_ERR(skb)) { 2474 ret = PTR_ERR(skb); 2475 bt_dev_err(hdev, "HCI reset during shutdown failed"); 2476 return ret; 2477 } 2478 kfree_skb(skb); 2479 2480 /* Some platforms have an issue with BT LED when the interface is 2481 * down or BT radio is turned off, which takes 5 seconds to BT LED 2482 * goes off. This command turns off the BT LED immediately. 2483 */ 2484 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2485 if (IS_ERR(skb)) { 2486 ret = PTR_ERR(skb); 2487 bt_dev_err(hdev, "turning off Intel device LED failed"); 2488 return ret; 2489 } 2490 kfree_skb(skb); 2491 2492 return 0; 2493 } 2494 2495 static int btusb_shutdown_intel_new(struct hci_dev *hdev) 2496 { 2497 struct sk_buff *skb; 2498 2499 /* Send HCI Reset to the controller to stop any BT activity which 2500 * were triggered. This will help to save power and maintain the 2501 * sync b/w Host and controller 2502 */ 2503 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 2504 if (IS_ERR(skb)) { 2505 bt_dev_err(hdev, "HCI reset during shutdown failed"); 2506 return PTR_ERR(skb); 2507 } 2508 kfree_skb(skb); 2509 2510 return 0; 2511 } 2512 2513 #define FIRMWARE_MT7663 "mediatek/mt7663pr2h.bin" 2514 #define FIRMWARE_MT7668 "mediatek/mt7668pr2h.bin" 2515 2516 #define HCI_WMT_MAX_EVENT_SIZE 64 2517 2518 enum { 2519 BTMTK_WMT_PATCH_DWNLD = 0x1, 2520 BTMTK_WMT_FUNC_CTRL = 0x6, 2521 BTMTK_WMT_RST = 0x7, 2522 BTMTK_WMT_SEMAPHORE = 0x17, 2523 }; 2524 2525 enum { 2526 BTMTK_WMT_INVALID, 2527 BTMTK_WMT_PATCH_UNDONE, 2528 BTMTK_WMT_PATCH_DONE, 2529 BTMTK_WMT_ON_UNDONE, 2530 BTMTK_WMT_ON_DONE, 2531 BTMTK_WMT_ON_PROGRESS, 2532 }; 2533 2534 struct btmtk_wmt_hdr { 2535 u8 dir; 2536 u8 op; 2537 __le16 dlen; 2538 u8 flag; 2539 } __packed; 2540 2541 struct btmtk_hci_wmt_cmd { 2542 struct btmtk_wmt_hdr hdr; 2543 u8 data[256]; 2544 } __packed; 2545 2546 struct btmtk_hci_wmt_evt { 2547 struct hci_event_hdr hhdr; 2548 struct btmtk_wmt_hdr whdr; 2549 } __packed; 2550 2551 struct btmtk_hci_wmt_evt_funcc { 2552 struct btmtk_hci_wmt_evt hwhdr; 2553 __be16 status; 2554 } __packed; 2555 2556 struct btmtk_tci_sleep { 2557 u8 mode; 2558 __le16 duration; 2559 __le16 host_duration; 2560 u8 host_wakeup_pin; 2561 u8 time_compensation; 2562 } __packed; 2563 2564 struct btmtk_hci_wmt_params { 2565 u8 op; 2566 u8 flag; 2567 u16 dlen; 2568 const void *data; 2569 u32 *status; 2570 }; 2571 2572 static void btusb_mtk_wmt_recv(struct urb *urb) 2573 { 2574 struct hci_dev *hdev = urb->context; 2575 struct btusb_data *data = hci_get_drvdata(hdev); 2576 struct hci_event_hdr *hdr; 2577 struct sk_buff *skb; 2578 int err; 2579 2580 if (urb->status == 0 && urb->actual_length > 0) { 2581 hdev->stat.byte_rx += urb->actual_length; 2582 2583 /* WMT event shouldn't be fragmented and the size should be 2584 * less than HCI_WMT_MAX_EVENT_SIZE. 2585 */ 2586 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 2587 if (!skb) { 2588 hdev->stat.err_rx++; 2589 goto err_out; 2590 } 2591 2592 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2593 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 2594 2595 hdr = (void *)skb->data; 2596 /* Fix up the vendor event id with 0xff for vendor specific 2597 * instead of 0xe4 so that event send via monitoring socket can 2598 * be parsed properly. 2599 */ 2600 hdr->evt = 0xff; 2601 2602 /* When someone waits for the WMT event, the skb is being cloned 2603 * and being processed the events from there then. 2604 */ 2605 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) { 2606 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 2607 if (!data->evt_skb) 2608 goto err_out; 2609 } 2610 2611 err = hci_recv_frame(hdev, skb); 2612 if (err < 0) 2613 goto err_free_skb; 2614 2615 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT, 2616 &data->flags)) { 2617 /* Barrier to sync with other CPUs */ 2618 smp_mb__after_atomic(); 2619 wake_up_bit(&data->flags, 2620 BTUSB_TX_WAIT_VND_EVT); 2621 } 2622 err_out: 2623 return; 2624 err_free_skb: 2625 kfree_skb(data->evt_skb); 2626 data->evt_skb = NULL; 2627 return; 2628 } else if (urb->status == -ENOENT) { 2629 /* Avoid suspend failed when usb_kill_urb */ 2630 return; 2631 } 2632 2633 usb_mark_last_busy(data->udev); 2634 2635 /* The URB complete handler is still called with urb->actual_length = 0 2636 * when the event is not available, so we should keep re-submitting 2637 * URB until WMT event returns, Also, It's necessary to wait some time 2638 * between the two consecutive control URBs to relax the target device 2639 * to generate the event. Otherwise, the WMT event cannot return from 2640 * the device successfully. 2641 */ 2642 udelay(100); 2643 2644 usb_anchor_urb(urb, &data->ctrl_anchor); 2645 err = usb_submit_urb(urb, GFP_ATOMIC); 2646 if (err < 0) { 2647 /* -EPERM: urb is being killed; 2648 * -ENODEV: device got disconnected 2649 */ 2650 if (err != -EPERM && err != -ENODEV) 2651 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 2652 urb, -err); 2653 usb_unanchor_urb(urb); 2654 } 2655 } 2656 2657 static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev) 2658 { 2659 struct btusb_data *data = hci_get_drvdata(hdev); 2660 struct usb_ctrlrequest *dr; 2661 unsigned char *buf; 2662 int err, size = 64; 2663 unsigned int pipe; 2664 struct urb *urb; 2665 2666 urb = usb_alloc_urb(0, GFP_KERNEL); 2667 if (!urb) 2668 return -ENOMEM; 2669 2670 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 2671 if (!dr) { 2672 usb_free_urb(urb); 2673 return -ENOMEM; 2674 } 2675 2676 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 2677 dr->bRequest = 1; 2678 dr->wIndex = cpu_to_le16(0); 2679 dr->wValue = cpu_to_le16(48); 2680 dr->wLength = cpu_to_le16(size); 2681 2682 buf = kmalloc(size, GFP_KERNEL); 2683 if (!buf) { 2684 kfree(dr); 2685 return -ENOMEM; 2686 } 2687 2688 pipe = usb_rcvctrlpipe(data->udev, 0); 2689 2690 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 2691 buf, size, btusb_mtk_wmt_recv, hdev); 2692 2693 urb->transfer_flags |= URB_FREE_BUFFER; 2694 2695 usb_anchor_urb(urb, &data->ctrl_anchor); 2696 err = usb_submit_urb(urb, GFP_KERNEL); 2697 if (err < 0) { 2698 if (err != -EPERM && err != -ENODEV) 2699 bt_dev_err(hdev, "urb %p submission failed (%d)", 2700 urb, -err); 2701 usb_unanchor_urb(urb); 2702 } 2703 2704 usb_free_urb(urb); 2705 2706 return err; 2707 } 2708 2709 static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev, 2710 struct btmtk_hci_wmt_params *wmt_params) 2711 { 2712 struct btusb_data *data = hci_get_drvdata(hdev); 2713 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 2714 u32 hlen, status = BTMTK_WMT_INVALID; 2715 struct btmtk_hci_wmt_evt *wmt_evt; 2716 struct btmtk_hci_wmt_cmd wc; 2717 struct btmtk_wmt_hdr *hdr; 2718 int err; 2719 2720 /* Submit control IN URB on demand to process the WMT event */ 2721 err = btusb_mtk_submit_wmt_recv_urb(hdev); 2722 if (err < 0) 2723 return err; 2724 2725 /* Send the WMT command and wait until the WMT event returns */ 2726 hlen = sizeof(*hdr) + wmt_params->dlen; 2727 if (hlen > 255) 2728 return -EINVAL; 2729 2730 hdr = (struct btmtk_wmt_hdr *)&wc; 2731 hdr->dir = 1; 2732 hdr->op = wmt_params->op; 2733 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 2734 hdr->flag = wmt_params->flag; 2735 memcpy(wc.data, wmt_params->data, wmt_params->dlen); 2736 2737 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2738 2739 err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc); 2740 2741 if (err < 0) { 2742 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2743 return err; 2744 } 2745 2746 /* The vendor specific WMT commands are all answered by a vendor 2747 * specific event and will have the Command Status or Command 2748 * Complete as with usual HCI command flow control. 2749 * 2750 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 2751 * state to be cleared. The driver specific event receive routine 2752 * will clear that state and with that indicate completion of the 2753 * WMT command. 2754 */ 2755 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT, 2756 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 2757 if (err == -EINTR) { 2758 bt_dev_err(hdev, "Execution of wmt command interrupted"); 2759 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2760 return err; 2761 } 2762 2763 if (err) { 2764 bt_dev_err(hdev, "Execution of wmt command timed out"); 2765 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2766 return -ETIMEDOUT; 2767 } 2768 2769 /* Parse and handle the return WMT event */ 2770 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 2771 if (wmt_evt->whdr.op != hdr->op) { 2772 bt_dev_err(hdev, "Wrong op received %d expected %d", 2773 wmt_evt->whdr.op, hdr->op); 2774 err = -EIO; 2775 goto err_free_skb; 2776 } 2777 2778 switch (wmt_evt->whdr.op) { 2779 case BTMTK_WMT_SEMAPHORE: 2780 if (wmt_evt->whdr.flag == 2) 2781 status = BTMTK_WMT_PATCH_UNDONE; 2782 else 2783 status = BTMTK_WMT_PATCH_DONE; 2784 break; 2785 case BTMTK_WMT_FUNC_CTRL: 2786 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 2787 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 2788 status = BTMTK_WMT_ON_DONE; 2789 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 2790 status = BTMTK_WMT_ON_PROGRESS; 2791 else 2792 status = BTMTK_WMT_ON_UNDONE; 2793 break; 2794 } 2795 2796 if (wmt_params->status) 2797 *wmt_params->status = status; 2798 2799 err_free_skb: 2800 kfree_skb(data->evt_skb); 2801 data->evt_skb = NULL; 2802 2803 return err; 2804 } 2805 2806 static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname) 2807 { 2808 struct btmtk_hci_wmt_params wmt_params; 2809 const struct firmware *fw; 2810 const u8 *fw_ptr; 2811 size_t fw_size; 2812 int err, dlen; 2813 u8 flag; 2814 2815 err = request_firmware(&fw, fwname, &hdev->dev); 2816 if (err < 0) { 2817 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 2818 return err; 2819 } 2820 2821 fw_ptr = fw->data; 2822 fw_size = fw->size; 2823 2824 /* The size of patch header is 30 bytes, should be skip */ 2825 if (fw_size < 30) { 2826 err = -EINVAL; 2827 goto err_release_fw; 2828 } 2829 2830 fw_size -= 30; 2831 fw_ptr += 30; 2832 flag = 1; 2833 2834 wmt_params.op = BTMTK_WMT_PATCH_DWNLD; 2835 wmt_params.status = NULL; 2836 2837 while (fw_size > 0) { 2838 dlen = min_t(int, 250, fw_size); 2839 2840 /* Tell deivice the position in sequence */ 2841 if (fw_size - dlen <= 0) 2842 flag = 3; 2843 else if (fw_size < fw->size - 30) 2844 flag = 2; 2845 2846 wmt_params.flag = flag; 2847 wmt_params.dlen = dlen; 2848 wmt_params.data = fw_ptr; 2849 2850 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2851 if (err < 0) { 2852 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)", 2853 err); 2854 goto err_release_fw; 2855 } 2856 2857 fw_size -= dlen; 2858 fw_ptr += dlen; 2859 } 2860 2861 wmt_params.op = BTMTK_WMT_RST; 2862 wmt_params.flag = 4; 2863 wmt_params.dlen = 0; 2864 wmt_params.data = NULL; 2865 wmt_params.status = NULL; 2866 2867 /* Activate funciton the firmware providing to */ 2868 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2869 if (err < 0) { 2870 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err); 2871 goto err_release_fw; 2872 } 2873 2874 /* Wait a few moments for firmware activation done */ 2875 usleep_range(10000, 12000); 2876 2877 err_release_fw: 2878 release_firmware(fw); 2879 2880 return err; 2881 } 2882 2883 static int btusb_mtk_func_query(struct hci_dev *hdev) 2884 { 2885 struct btmtk_hci_wmt_params wmt_params; 2886 int status, err; 2887 u8 param = 0; 2888 2889 /* Query whether the function is enabled */ 2890 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2891 wmt_params.flag = 4; 2892 wmt_params.dlen = sizeof(param); 2893 wmt_params.data = ¶m; 2894 wmt_params.status = &status; 2895 2896 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2897 if (err < 0) { 2898 bt_dev_err(hdev, "Failed to query function status (%d)", err); 2899 return err; 2900 } 2901 2902 return status; 2903 } 2904 2905 static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val) 2906 { 2907 int pipe, err, size = sizeof(u32); 2908 void *buf; 2909 2910 buf = kzalloc(size, GFP_KERNEL); 2911 if (!buf) 2912 return -ENOMEM; 2913 2914 pipe = usb_rcvctrlpipe(data->udev, 0); 2915 err = usb_control_msg(data->udev, pipe, 0x63, 2916 USB_TYPE_VENDOR | USB_DIR_IN, 2917 reg >> 16, reg & 0xffff, 2918 buf, size, USB_CTRL_SET_TIMEOUT); 2919 if (err < 0) 2920 goto err_free_buf; 2921 2922 *val = get_unaligned_le32(buf); 2923 2924 err_free_buf: 2925 kfree(buf); 2926 2927 return err; 2928 } 2929 2930 static int btusb_mtk_id_get(struct btusb_data *data, u32 *id) 2931 { 2932 return btusb_mtk_reg_read(data, 0x80000008, id); 2933 } 2934 2935 static int btusb_mtk_setup(struct hci_dev *hdev) 2936 { 2937 struct btusb_data *data = hci_get_drvdata(hdev); 2938 struct btmtk_hci_wmt_params wmt_params; 2939 ktime_t calltime, delta, rettime; 2940 struct btmtk_tci_sleep tci_sleep; 2941 unsigned long long duration; 2942 struct sk_buff *skb; 2943 const char *fwname; 2944 int err, status; 2945 u32 dev_id; 2946 u8 param; 2947 2948 calltime = ktime_get(); 2949 2950 err = btusb_mtk_id_get(data, &dev_id); 2951 if (err < 0) { 2952 bt_dev_err(hdev, "Failed to get device id (%d)", err); 2953 return err; 2954 } 2955 2956 switch (dev_id) { 2957 case 0x7663: 2958 fwname = FIRMWARE_MT7663; 2959 break; 2960 case 0x7668: 2961 fwname = FIRMWARE_MT7668; 2962 break; 2963 default: 2964 bt_dev_err(hdev, "Unsupported support hardware variant (%08x)", 2965 dev_id); 2966 return -ENODEV; 2967 } 2968 2969 /* Query whether the firmware is already download */ 2970 wmt_params.op = BTMTK_WMT_SEMAPHORE; 2971 wmt_params.flag = 1; 2972 wmt_params.dlen = 0; 2973 wmt_params.data = NULL; 2974 wmt_params.status = &status; 2975 2976 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2977 if (err < 0) { 2978 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 2979 return err; 2980 } 2981 2982 if (status == BTMTK_WMT_PATCH_DONE) { 2983 bt_dev_info(hdev, "firmware already downloaded"); 2984 goto ignore_setup_fw; 2985 } 2986 2987 /* Setup a firmware which the device definitely requires */ 2988 err = btusb_mtk_setup_firmware(hdev, fwname); 2989 if (err < 0) 2990 return err; 2991 2992 ignore_setup_fw: 2993 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status, 2994 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 2995 2000, 5000000); 2996 /* -ETIMEDOUT happens */ 2997 if (err < 0) 2998 return err; 2999 3000 /* The other errors happen in btusb_mtk_func_query */ 3001 if (status < 0) 3002 return status; 3003 3004 if (status == BTMTK_WMT_ON_DONE) { 3005 bt_dev_info(hdev, "function already on"); 3006 goto ignore_func_on; 3007 } 3008 3009 /* Enable Bluetooth protocol */ 3010 param = 1; 3011 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 3012 wmt_params.flag = 0; 3013 wmt_params.dlen = sizeof(param); 3014 wmt_params.data = ¶m; 3015 wmt_params.status = NULL; 3016 3017 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 3018 if (err < 0) { 3019 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 3020 return err; 3021 } 3022 3023 ignore_func_on: 3024 /* Apply the low power environment setup */ 3025 tci_sleep.mode = 0x5; 3026 tci_sleep.duration = cpu_to_le16(0x640); 3027 tci_sleep.host_duration = cpu_to_le16(0x640); 3028 tci_sleep.host_wakeup_pin = 0; 3029 tci_sleep.time_compensation = 0; 3030 3031 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 3032 HCI_INIT_TIMEOUT); 3033 if (IS_ERR(skb)) { 3034 err = PTR_ERR(skb); 3035 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 3036 return err; 3037 } 3038 kfree_skb(skb); 3039 3040 rettime = ktime_get(); 3041 delta = ktime_sub(rettime, calltime); 3042 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 3043 3044 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 3045 3046 return 0; 3047 } 3048 3049 static int btusb_mtk_shutdown(struct hci_dev *hdev) 3050 { 3051 struct btmtk_hci_wmt_params wmt_params; 3052 u8 param = 0; 3053 int err; 3054 3055 /* Disable the device */ 3056 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 3057 wmt_params.flag = 0; 3058 wmt_params.dlen = sizeof(param); 3059 wmt_params.data = ¶m; 3060 wmt_params.status = NULL; 3061 3062 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 3063 if (err < 0) { 3064 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 3065 return err; 3066 } 3067 3068 return 0; 3069 } 3070 3071 MODULE_FIRMWARE(FIRMWARE_MT7663); 3072 MODULE_FIRMWARE(FIRMWARE_MT7668); 3073 3074 #ifdef CONFIG_PM 3075 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 3076 static int marvell_config_oob_wake(struct hci_dev *hdev) 3077 { 3078 struct sk_buff *skb; 3079 struct btusb_data *data = hci_get_drvdata(hdev); 3080 struct device *dev = &data->udev->dev; 3081 u16 pin, gap, opcode; 3082 int ret; 3083 u8 cmd[5]; 3084 3085 /* Move on if no wakeup pin specified */ 3086 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 3087 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 3088 return 0; 3089 3090 /* Vendor specific command to configure a GPIO as wake-up pin */ 3091 opcode = hci_opcode_pack(0x3F, 0x59); 3092 cmd[0] = opcode & 0xFF; 3093 cmd[1] = opcode >> 8; 3094 cmd[2] = 2; /* length of parameters that follow */ 3095 cmd[3] = pin; 3096 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 3097 3098 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 3099 if (!skb) { 3100 bt_dev_err(hdev, "%s: No memory\n", __func__); 3101 return -ENOMEM; 3102 } 3103 3104 skb_put_data(skb, cmd, sizeof(cmd)); 3105 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 3106 3107 ret = btusb_send_frame(hdev, skb); 3108 if (ret) { 3109 bt_dev_err(hdev, "%s: configuration failed\n", __func__); 3110 kfree_skb(skb); 3111 return ret; 3112 } 3113 3114 return 0; 3115 } 3116 #endif 3117 3118 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 3119 const bdaddr_t *bdaddr) 3120 { 3121 struct sk_buff *skb; 3122 u8 buf[8]; 3123 long ret; 3124 3125 buf[0] = 0xfe; 3126 buf[1] = sizeof(bdaddr_t); 3127 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 3128 3129 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3130 if (IS_ERR(skb)) { 3131 ret = PTR_ERR(skb); 3132 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 3133 ret); 3134 return ret; 3135 } 3136 kfree_skb(skb); 3137 3138 return 0; 3139 } 3140 3141 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 3142 const bdaddr_t *bdaddr) 3143 { 3144 struct sk_buff *skb; 3145 u8 buf[10]; 3146 long ret; 3147 3148 buf[0] = 0x01; 3149 buf[1] = 0x01; 3150 buf[2] = 0x00; 3151 buf[3] = sizeof(bdaddr_t); 3152 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 3153 3154 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3155 if (IS_ERR(skb)) { 3156 ret = PTR_ERR(skb); 3157 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3158 return ret; 3159 } 3160 kfree_skb(skb); 3161 3162 return 0; 3163 } 3164 3165 #define QCA_DFU_PACKET_LEN 4096 3166 3167 #define QCA_GET_TARGET_VERSION 0x09 3168 #define QCA_CHECK_STATUS 0x05 3169 #define QCA_DFU_DOWNLOAD 0x01 3170 3171 #define QCA_SYSCFG_UPDATED 0x40 3172 #define QCA_PATCH_UPDATED 0x80 3173 #define QCA_DFU_TIMEOUT 3000 3174 3175 struct qca_version { 3176 __le32 rom_version; 3177 __le32 patch_version; 3178 __le32 ram_version; 3179 __le32 ref_clock; 3180 __u8 reserved[4]; 3181 } __packed; 3182 3183 struct qca_rampatch_version { 3184 __le16 rom_version; 3185 __le16 patch_version; 3186 } __packed; 3187 3188 struct qca_device_info { 3189 u32 rom_version; 3190 u8 rampatch_hdr; /* length of header in rampatch */ 3191 u8 nvm_hdr; /* length of header in NVM */ 3192 u8 ver_offset; /* offset of version structure in rampatch */ 3193 }; 3194 3195 static const struct qca_device_info qca_devices_table[] = { 3196 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ 3197 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ 3198 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */ 3199 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ 3200 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ 3201 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ 3202 }; 3203 3204 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 3205 void *data, u16 size) 3206 { 3207 int pipe, err; 3208 u8 *buf; 3209 3210 buf = kmalloc(size, GFP_KERNEL); 3211 if (!buf) 3212 return -ENOMEM; 3213 3214 /* Found some of USB hosts have IOT issues with ours so that we should 3215 * not wait until HCI layer is ready. 3216 */ 3217 pipe = usb_rcvctrlpipe(udev, 0); 3218 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 3219 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3220 if (err < 0) { 3221 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 3222 goto done; 3223 } 3224 3225 memcpy(data, buf, size); 3226 3227 done: 3228 kfree(buf); 3229 3230 return err; 3231 } 3232 3233 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 3234 const struct firmware *firmware, 3235 size_t hdr_size) 3236 { 3237 struct btusb_data *btdata = hci_get_drvdata(hdev); 3238 struct usb_device *udev = btdata->udev; 3239 size_t count, size, sent = 0; 3240 int pipe, len, err; 3241 u8 *buf; 3242 3243 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 3244 if (!buf) 3245 return -ENOMEM; 3246 3247 count = firmware->size; 3248 3249 size = min_t(size_t, count, hdr_size); 3250 memcpy(buf, firmware->data, size); 3251 3252 /* USB patches should go down to controller through USB path 3253 * because binary format fits to go down through USB channel. 3254 * USB control path is for patching headers and USB bulk is for 3255 * patch body. 3256 */ 3257 pipe = usb_sndctrlpipe(udev, 0); 3258 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 3259 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3260 if (err < 0) { 3261 bt_dev_err(hdev, "Failed to send headers (%d)", err); 3262 goto done; 3263 } 3264 3265 sent += size; 3266 count -= size; 3267 3268 while (count) { 3269 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 3270 3271 memcpy(buf, firmware->data + sent, size); 3272 3273 pipe = usb_sndbulkpipe(udev, 0x02); 3274 err = usb_bulk_msg(udev, pipe, buf, size, &len, 3275 QCA_DFU_TIMEOUT); 3276 if (err < 0) { 3277 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 3278 sent, firmware->size, err); 3279 break; 3280 } 3281 3282 if (size != len) { 3283 bt_dev_err(hdev, "Failed to get bulk buffer"); 3284 err = -EILSEQ; 3285 break; 3286 } 3287 3288 sent += size; 3289 count -= size; 3290 } 3291 3292 done: 3293 kfree(buf); 3294 return err; 3295 } 3296 3297 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 3298 struct qca_version *ver, 3299 const struct qca_device_info *info) 3300 { 3301 struct qca_rampatch_version *rver; 3302 const struct firmware *fw; 3303 u32 ver_rom, ver_patch; 3304 u16 rver_rom, rver_patch; 3305 char fwname[64]; 3306 int err; 3307 3308 ver_rom = le32_to_cpu(ver->rom_version); 3309 ver_patch = le32_to_cpu(ver->patch_version); 3310 3311 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 3312 3313 err = request_firmware(&fw, fwname, &hdev->dev); 3314 if (err) { 3315 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 3316 fwname, err); 3317 return err; 3318 } 3319 3320 bt_dev_info(hdev, "using rampatch file: %s", fwname); 3321 3322 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 3323 rver_rom = le16_to_cpu(rver->rom_version); 3324 rver_patch = le16_to_cpu(rver->patch_version); 3325 3326 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 3327 "firmware rome 0x%x build 0x%x", 3328 rver_rom, rver_patch, ver_rom, ver_patch); 3329 3330 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 3331 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 3332 err = -EINVAL; 3333 goto done; 3334 } 3335 3336 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 3337 3338 done: 3339 release_firmware(fw); 3340 3341 return err; 3342 } 3343 3344 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 3345 struct qca_version *ver, 3346 const struct qca_device_info *info) 3347 { 3348 const struct firmware *fw; 3349 char fwname[64]; 3350 int err; 3351 3352 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", 3353 le32_to_cpu(ver->rom_version)); 3354 3355 err = request_firmware(&fw, fwname, &hdev->dev); 3356 if (err) { 3357 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 3358 fwname, err); 3359 return err; 3360 } 3361 3362 bt_dev_info(hdev, "using NVM file: %s", fwname); 3363 3364 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 3365 3366 release_firmware(fw); 3367 3368 return err; 3369 } 3370 3371 /* identify the ROM version and check whether patches are needed */ 3372 static bool btusb_qca_need_patch(struct usb_device *udev) 3373 { 3374 struct qca_version ver; 3375 3376 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3377 sizeof(ver)) < 0) 3378 return false; 3379 /* only low ROM versions need patches */ 3380 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 3381 } 3382 3383 static int btusb_setup_qca(struct hci_dev *hdev) 3384 { 3385 struct btusb_data *btdata = hci_get_drvdata(hdev); 3386 struct usb_device *udev = btdata->udev; 3387 const struct qca_device_info *info = NULL; 3388 struct qca_version ver; 3389 u32 ver_rom; 3390 u8 status; 3391 int i, err; 3392 3393 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3394 sizeof(ver)); 3395 if (err < 0) 3396 return err; 3397 3398 ver_rom = le32_to_cpu(ver.rom_version); 3399 /* Don't care about high ROM versions */ 3400 if (ver_rom & ~0xffffU) 3401 return 0; 3402 3403 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 3404 if (ver_rom == qca_devices_table[i].rom_version) 3405 info = &qca_devices_table[i]; 3406 } 3407 if (!info) { 3408 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 3409 return -ENODEV; 3410 } 3411 3412 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 3413 sizeof(status)); 3414 if (err < 0) 3415 return err; 3416 3417 if (!(status & QCA_PATCH_UPDATED)) { 3418 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 3419 if (err < 0) 3420 return err; 3421 } 3422 3423 if (!(status & QCA_SYSCFG_UPDATED)) { 3424 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 3425 if (err < 0) 3426 return err; 3427 } 3428 3429 return 0; 3430 } 3431 3432 static inline int __set_diag_interface(struct hci_dev *hdev) 3433 { 3434 struct btusb_data *data = hci_get_drvdata(hdev); 3435 struct usb_interface *intf = data->diag; 3436 int i; 3437 3438 if (!data->diag) 3439 return -ENODEV; 3440 3441 data->diag_tx_ep = NULL; 3442 data->diag_rx_ep = NULL; 3443 3444 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3445 struct usb_endpoint_descriptor *ep_desc; 3446 3447 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3448 3449 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3450 data->diag_tx_ep = ep_desc; 3451 continue; 3452 } 3453 3454 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3455 data->diag_rx_ep = ep_desc; 3456 continue; 3457 } 3458 } 3459 3460 if (!data->diag_tx_ep || !data->diag_rx_ep) { 3461 bt_dev_err(hdev, "invalid diagnostic descriptors"); 3462 return -ENODEV; 3463 } 3464 3465 return 0; 3466 } 3467 3468 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 3469 { 3470 struct btusb_data *data = hci_get_drvdata(hdev); 3471 struct sk_buff *skb; 3472 struct urb *urb; 3473 unsigned int pipe; 3474 3475 if (!data->diag_tx_ep) 3476 return ERR_PTR(-ENODEV); 3477 3478 urb = usb_alloc_urb(0, GFP_KERNEL); 3479 if (!urb) 3480 return ERR_PTR(-ENOMEM); 3481 3482 skb = bt_skb_alloc(2, GFP_KERNEL); 3483 if (!skb) { 3484 usb_free_urb(urb); 3485 return ERR_PTR(-ENOMEM); 3486 } 3487 3488 skb_put_u8(skb, 0xf0); 3489 skb_put_u8(skb, enable); 3490 3491 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 3492 3493 usb_fill_bulk_urb(urb, data->udev, pipe, 3494 skb->data, skb->len, btusb_tx_complete, skb); 3495 3496 skb->dev = (void *)hdev; 3497 3498 return urb; 3499 } 3500 3501 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 3502 { 3503 struct btusb_data *data = hci_get_drvdata(hdev); 3504 struct urb *urb; 3505 3506 if (!data->diag) 3507 return -ENODEV; 3508 3509 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3510 return -ENETDOWN; 3511 3512 urb = alloc_diag_urb(hdev, enable); 3513 if (IS_ERR(urb)) 3514 return PTR_ERR(urb); 3515 3516 return submit_or_queue_tx_urb(hdev, urb); 3517 } 3518 3519 #ifdef CONFIG_PM 3520 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 3521 { 3522 struct btusb_data *data = priv; 3523 3524 pm_wakeup_event(&data->udev->dev, 0); 3525 pm_system_wakeup(); 3526 3527 /* Disable only if not already disabled (keep it balanced) */ 3528 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3529 disable_irq_nosync(irq); 3530 disable_irq_wake(irq); 3531 } 3532 return IRQ_HANDLED; 3533 } 3534 3535 static const struct of_device_id btusb_match_table[] = { 3536 { .compatible = "usb1286,204e" }, 3537 { .compatible = "usbcf3,e300" }, /* QCA6174A */ 3538 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */ 3539 { } 3540 }; 3541 MODULE_DEVICE_TABLE(of, btusb_match_table); 3542 3543 /* Use an oob wakeup pin? */ 3544 static int btusb_config_oob_wake(struct hci_dev *hdev) 3545 { 3546 struct btusb_data *data = hci_get_drvdata(hdev); 3547 struct device *dev = &data->udev->dev; 3548 int irq, ret; 3549 3550 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3551 3552 if (!of_match_device(btusb_match_table, dev)) 3553 return 0; 3554 3555 /* Move on if no IRQ specified */ 3556 irq = of_irq_get_byname(dev->of_node, "wakeup"); 3557 if (irq <= 0) { 3558 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 3559 return 0; 3560 } 3561 3562 irq_set_status_flags(irq, IRQ_NOAUTOEN); 3563 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 3564 0, "OOB Wake-on-BT", data); 3565 if (ret) { 3566 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 3567 return ret; 3568 } 3569 3570 ret = device_init_wakeup(dev, true); 3571 if (ret) { 3572 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 3573 return ret; 3574 } 3575 3576 data->oob_wake_irq = irq; 3577 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 3578 return 0; 3579 } 3580 #endif 3581 3582 static void btusb_check_needs_reset_resume(struct usb_interface *intf) 3583 { 3584 if (dmi_check_system(btusb_needs_reset_resume_table)) 3585 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3586 } 3587 3588 static int btusb_probe(struct usb_interface *intf, 3589 const struct usb_device_id *id) 3590 { 3591 struct usb_endpoint_descriptor *ep_desc; 3592 struct gpio_desc *reset_gpio; 3593 struct btusb_data *data; 3594 struct hci_dev *hdev; 3595 unsigned ifnum_base; 3596 int i, err; 3597 3598 BT_DBG("intf %p id %p", intf, id); 3599 3600 /* interface numbers are hardcoded in the spec */ 3601 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 3602 if (!(id->driver_info & BTUSB_IFNUM_2)) 3603 return -ENODEV; 3604 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 3605 return -ENODEV; 3606 } 3607 3608 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 3609 3610 if (!id->driver_info) { 3611 const struct usb_device_id *match; 3612 3613 match = usb_match_id(intf, blacklist_table); 3614 if (match) 3615 id = match; 3616 } 3617 3618 if (id->driver_info == BTUSB_IGNORE) 3619 return -ENODEV; 3620 3621 if (id->driver_info & BTUSB_ATH3012) { 3622 struct usb_device *udev = interface_to_usbdev(intf); 3623 3624 /* Old firmware would otherwise let ath3k driver load 3625 * patch and sysconfig files 3626 */ 3627 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 3628 !btusb_qca_need_patch(udev)) 3629 return -ENODEV; 3630 } 3631 3632 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 3633 if (!data) 3634 return -ENOMEM; 3635 3636 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3637 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3638 3639 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 3640 data->intr_ep = ep_desc; 3641 continue; 3642 } 3643 3644 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3645 data->bulk_tx_ep = ep_desc; 3646 continue; 3647 } 3648 3649 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3650 data->bulk_rx_ep = ep_desc; 3651 continue; 3652 } 3653 } 3654 3655 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 3656 return -ENODEV; 3657 3658 if (id->driver_info & BTUSB_AMP) { 3659 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 3660 data->cmdreq = 0x2b; 3661 } else { 3662 data->cmdreq_type = USB_TYPE_CLASS; 3663 data->cmdreq = 0x00; 3664 } 3665 3666 data->udev = interface_to_usbdev(intf); 3667 data->intf = intf; 3668 3669 INIT_WORK(&data->work, btusb_work); 3670 INIT_WORK(&data->waker, btusb_waker); 3671 init_usb_anchor(&data->deferred); 3672 init_usb_anchor(&data->tx_anchor); 3673 spin_lock_init(&data->txlock); 3674 3675 init_usb_anchor(&data->intr_anchor); 3676 init_usb_anchor(&data->bulk_anchor); 3677 init_usb_anchor(&data->isoc_anchor); 3678 init_usb_anchor(&data->diag_anchor); 3679 init_usb_anchor(&data->ctrl_anchor); 3680 spin_lock_init(&data->rxlock); 3681 3682 if (id->driver_info & BTUSB_INTEL_NEW) { 3683 data->recv_event = btusb_recv_event_intel; 3684 data->recv_bulk = btusb_recv_bulk_intel; 3685 set_bit(BTUSB_BOOTLOADER, &data->flags); 3686 } else { 3687 data->recv_event = hci_recv_frame; 3688 data->recv_bulk = btusb_recv_bulk; 3689 } 3690 3691 hdev = hci_alloc_dev(); 3692 if (!hdev) 3693 return -ENOMEM; 3694 3695 hdev->bus = HCI_USB; 3696 hci_set_drvdata(hdev, data); 3697 3698 if (id->driver_info & BTUSB_AMP) 3699 hdev->dev_type = HCI_AMP; 3700 else 3701 hdev->dev_type = HCI_PRIMARY; 3702 3703 data->hdev = hdev; 3704 3705 SET_HCIDEV_DEV(hdev, &intf->dev); 3706 3707 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset", 3708 GPIOD_OUT_LOW); 3709 if (IS_ERR(reset_gpio)) { 3710 err = PTR_ERR(reset_gpio); 3711 goto out_free_dev; 3712 } else if (reset_gpio) { 3713 data->reset_gpio = reset_gpio; 3714 } 3715 3716 hdev->open = btusb_open; 3717 hdev->close = btusb_close; 3718 hdev->flush = btusb_flush; 3719 hdev->send = btusb_send_frame; 3720 hdev->notify = btusb_notify; 3721 3722 #ifdef CONFIG_PM 3723 err = btusb_config_oob_wake(hdev); 3724 if (err) 3725 goto out_free_dev; 3726 3727 /* Marvell devices may need a specific chip configuration */ 3728 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 3729 err = marvell_config_oob_wake(hdev); 3730 if (err) 3731 goto out_free_dev; 3732 } 3733 #endif 3734 if (id->driver_info & BTUSB_CW6622) 3735 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3736 3737 if (id->driver_info & BTUSB_BCM2045) 3738 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3739 3740 if (id->driver_info & BTUSB_BCM92035) 3741 hdev->setup = btusb_setup_bcm92035; 3742 3743 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 3744 (id->driver_info & BTUSB_BCM_PATCHRAM)) { 3745 hdev->manufacturer = 15; 3746 hdev->setup = btbcm_setup_patchram; 3747 hdev->set_diag = btusb_bcm_set_diag; 3748 hdev->set_bdaddr = btbcm_set_bdaddr; 3749 3750 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3751 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3752 } 3753 3754 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 3755 (id->driver_info & BTUSB_BCM_APPLE)) { 3756 hdev->manufacturer = 15; 3757 hdev->setup = btbcm_setup_apple; 3758 hdev->set_diag = btusb_bcm_set_diag; 3759 3760 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3761 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3762 } 3763 3764 if (id->driver_info & BTUSB_INTEL) { 3765 hdev->manufacturer = 2; 3766 hdev->setup = btusb_setup_intel; 3767 hdev->shutdown = btusb_shutdown_intel; 3768 hdev->set_diag = btintel_set_diag_mfg; 3769 hdev->set_bdaddr = btintel_set_bdaddr; 3770 hdev->cmd_timeout = btusb_intel_cmd_timeout; 3771 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3772 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3773 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3774 } 3775 3776 if (id->driver_info & BTUSB_INTEL_NEW) { 3777 hdev->manufacturer = 2; 3778 hdev->send = btusb_send_frame_intel; 3779 hdev->setup = btusb_setup_intel_new; 3780 hdev->shutdown = btusb_shutdown_intel_new; 3781 hdev->hw_error = btintel_hw_error; 3782 hdev->set_diag = btintel_set_diag; 3783 hdev->set_bdaddr = btintel_set_bdaddr; 3784 hdev->cmd_timeout = btusb_intel_cmd_timeout; 3785 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3786 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3787 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3788 } 3789 3790 if (id->driver_info & BTUSB_MARVELL) 3791 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 3792 3793 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) && 3794 (id->driver_info & BTUSB_MEDIATEK)) { 3795 hdev->setup = btusb_mtk_setup; 3796 hdev->shutdown = btusb_mtk_shutdown; 3797 hdev->manufacturer = 70; 3798 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks); 3799 } 3800 3801 if (id->driver_info & BTUSB_SWAVE) { 3802 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 3803 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 3804 } 3805 3806 if (id->driver_info & BTUSB_INTEL_BOOT) { 3807 hdev->manufacturer = 2; 3808 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3809 } 3810 3811 if (id->driver_info & BTUSB_ATH3012) { 3812 data->setup_on_usb = btusb_setup_qca; 3813 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3814 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3815 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3816 } 3817 3818 if (id->driver_info & BTUSB_QCA_ROME) { 3819 data->setup_on_usb = btusb_setup_qca; 3820 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3821 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3822 btusb_check_needs_reset_resume(intf); 3823 } 3824 3825 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && 3826 (id->driver_info & BTUSB_REALTEK)) { 3827 hdev->setup = btrtl_setup_realtek; 3828 hdev->shutdown = btrtl_shutdown_realtek; 3829 hdev->cmd_timeout = btusb_rtl_cmd_timeout; 3830 3831 /* Realtek devices lose their updated firmware over global 3832 * suspend that means host doesn't send SET_FEATURE 3833 * (DEVICE_REMOTE_WAKEUP) 3834 */ 3835 set_bit(BTUSB_WAKEUP_DISABLE, &data->flags); 3836 3837 err = usb_autopm_get_interface(intf); 3838 if (err < 0) 3839 goto out_free_dev; 3840 } 3841 3842 if (id->driver_info & BTUSB_AMP) { 3843 /* AMP controllers do not support SCO packets */ 3844 data->isoc = NULL; 3845 } else { 3846 /* Interface orders are hardcoded in the specification */ 3847 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 3848 data->isoc_ifnum = ifnum_base + 1; 3849 } 3850 3851 if (!reset) 3852 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3853 3854 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 3855 if (!disable_scofix) 3856 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 3857 } 3858 3859 if (id->driver_info & BTUSB_BROKEN_ISOC) 3860 data->isoc = NULL; 3861 3862 if (id->driver_info & BTUSB_DIGIANSWER) { 3863 data->cmdreq_type = USB_TYPE_VENDOR; 3864 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3865 } 3866 3867 if (id->driver_info & BTUSB_CSR) { 3868 struct usb_device *udev = data->udev; 3869 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 3870 3871 /* Old firmware would otherwise execute USB reset */ 3872 if (bcdDevice < 0x117) 3873 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3874 3875 /* Fake CSR devices with broken commands */ 3876 if (bcdDevice <= 0x100 || bcdDevice == 0x134) 3877 hdev->setup = btusb_setup_csr; 3878 3879 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3880 } 3881 3882 if (id->driver_info & BTUSB_SNIFFER) { 3883 struct usb_device *udev = data->udev; 3884 3885 /* New sniffer firmware has crippled HCI interface */ 3886 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 3887 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3888 } 3889 3890 if (id->driver_info & BTUSB_INTEL_BOOT) { 3891 /* A bug in the bootloader causes that interrupt interface is 3892 * only enabled after receiving SetInterface(0, AltSetting=0). 3893 */ 3894 err = usb_set_interface(data->udev, 0, 0); 3895 if (err < 0) { 3896 BT_ERR("failed to set interface 0, alt 0 %d", err); 3897 goto out_free_dev; 3898 } 3899 } 3900 3901 if (data->isoc) { 3902 err = usb_driver_claim_interface(&btusb_driver, 3903 data->isoc, data); 3904 if (err < 0) 3905 goto out_free_dev; 3906 } 3907 3908 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) { 3909 if (!usb_driver_claim_interface(&btusb_driver, 3910 data->diag, data)) 3911 __set_diag_interface(hdev); 3912 else 3913 data->diag = NULL; 3914 } 3915 3916 if (enable_autosuspend) 3917 usb_enable_autosuspend(data->udev); 3918 3919 err = hci_register_dev(hdev); 3920 if (err < 0) 3921 goto out_free_dev; 3922 3923 usb_set_intfdata(intf, data); 3924 3925 return 0; 3926 3927 out_free_dev: 3928 if (data->reset_gpio) 3929 gpiod_put(data->reset_gpio); 3930 hci_free_dev(hdev); 3931 return err; 3932 } 3933 3934 static void btusb_disconnect(struct usb_interface *intf) 3935 { 3936 struct btusb_data *data = usb_get_intfdata(intf); 3937 struct hci_dev *hdev; 3938 3939 BT_DBG("intf %p", intf); 3940 3941 if (!data) 3942 return; 3943 3944 hdev = data->hdev; 3945 usb_set_intfdata(data->intf, NULL); 3946 3947 if (data->isoc) 3948 usb_set_intfdata(data->isoc, NULL); 3949 3950 if (data->diag) 3951 usb_set_intfdata(data->diag, NULL); 3952 3953 hci_unregister_dev(hdev); 3954 3955 if (intf == data->intf) { 3956 if (data->isoc) 3957 usb_driver_release_interface(&btusb_driver, data->isoc); 3958 if (data->diag) 3959 usb_driver_release_interface(&btusb_driver, data->diag); 3960 } else if (intf == data->isoc) { 3961 if (data->diag) 3962 usb_driver_release_interface(&btusb_driver, data->diag); 3963 usb_driver_release_interface(&btusb_driver, data->intf); 3964 } else if (intf == data->diag) { 3965 usb_driver_release_interface(&btusb_driver, data->intf); 3966 if (data->isoc) 3967 usb_driver_release_interface(&btusb_driver, data->isoc); 3968 } 3969 3970 if (data->oob_wake_irq) 3971 device_init_wakeup(&data->udev->dev, false); 3972 3973 if (data->reset_gpio) 3974 gpiod_put(data->reset_gpio); 3975 3976 hci_free_dev(hdev); 3977 } 3978 3979 #ifdef CONFIG_PM 3980 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 3981 { 3982 struct btusb_data *data = usb_get_intfdata(intf); 3983 3984 BT_DBG("intf %p", intf); 3985 3986 if (data->suspend_count++) 3987 return 0; 3988 3989 spin_lock_irq(&data->txlock); 3990 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 3991 set_bit(BTUSB_SUSPENDING, &data->flags); 3992 spin_unlock_irq(&data->txlock); 3993 } else { 3994 spin_unlock_irq(&data->txlock); 3995 data->suspend_count--; 3996 return -EBUSY; 3997 } 3998 3999 cancel_work_sync(&data->work); 4000 4001 btusb_stop_traffic(data); 4002 usb_kill_anchored_urbs(&data->tx_anchor); 4003 4004 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 4005 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 4006 enable_irq_wake(data->oob_wake_irq); 4007 enable_irq(data->oob_wake_irq); 4008 } 4009 4010 /* For global suspend, Realtek devices lose the loaded fw 4011 * in them. But for autosuspend, firmware should remain. 4012 * Actually, it depends on whether the usb host sends 4013 * set feature (enable wakeup) or not. 4014 */ 4015 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) { 4016 if (PMSG_IS_AUTO(message) && 4017 device_can_wakeup(&data->udev->dev)) 4018 data->udev->do_remote_wakeup = 1; 4019 else if (!PMSG_IS_AUTO(message)) 4020 data->udev->reset_resume = 1; 4021 } 4022 4023 return 0; 4024 } 4025 4026 static void play_deferred(struct btusb_data *data) 4027 { 4028 struct urb *urb; 4029 int err; 4030 4031 while ((urb = usb_get_from_anchor(&data->deferred))) { 4032 usb_anchor_urb(urb, &data->tx_anchor); 4033 4034 err = usb_submit_urb(urb, GFP_ATOMIC); 4035 if (err < 0) { 4036 if (err != -EPERM && err != -ENODEV) 4037 BT_ERR("%s urb %p submission failed (%d)", 4038 data->hdev->name, urb, -err); 4039 kfree(urb->setup_packet); 4040 usb_unanchor_urb(urb); 4041 usb_free_urb(urb); 4042 break; 4043 } 4044 4045 data->tx_in_flight++; 4046 usb_free_urb(urb); 4047 } 4048 4049 /* Cleanup the rest deferred urbs. */ 4050 while ((urb = usb_get_from_anchor(&data->deferred))) { 4051 kfree(urb->setup_packet); 4052 usb_free_urb(urb); 4053 } 4054 } 4055 4056 static int btusb_resume(struct usb_interface *intf) 4057 { 4058 struct btusb_data *data = usb_get_intfdata(intf); 4059 struct hci_dev *hdev = data->hdev; 4060 int err = 0; 4061 4062 BT_DBG("intf %p", intf); 4063 4064 if (--data->suspend_count) 4065 return 0; 4066 4067 /* Disable only if not already disabled (keep it balanced) */ 4068 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 4069 disable_irq(data->oob_wake_irq); 4070 disable_irq_wake(data->oob_wake_irq); 4071 } 4072 4073 if (!test_bit(HCI_RUNNING, &hdev->flags)) 4074 goto done; 4075 4076 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 4077 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 4078 if (err < 0) { 4079 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 4080 goto failed; 4081 } 4082 } 4083 4084 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 4085 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 4086 if (err < 0) { 4087 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 4088 goto failed; 4089 } 4090 4091 btusb_submit_bulk_urb(hdev, GFP_NOIO); 4092 } 4093 4094 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 4095 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 4096 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 4097 else 4098 btusb_submit_isoc_urb(hdev, GFP_NOIO); 4099 } 4100 4101 spin_lock_irq(&data->txlock); 4102 play_deferred(data); 4103 clear_bit(BTUSB_SUSPENDING, &data->flags); 4104 spin_unlock_irq(&data->txlock); 4105 schedule_work(&data->work); 4106 4107 return 0; 4108 4109 failed: 4110 usb_scuttle_anchored_urbs(&data->deferred); 4111 done: 4112 spin_lock_irq(&data->txlock); 4113 clear_bit(BTUSB_SUSPENDING, &data->flags); 4114 spin_unlock_irq(&data->txlock); 4115 4116 return err; 4117 } 4118 #endif 4119 4120 static struct usb_driver btusb_driver = { 4121 .name = "btusb", 4122 .probe = btusb_probe, 4123 .disconnect = btusb_disconnect, 4124 #ifdef CONFIG_PM 4125 .suspend = btusb_suspend, 4126 .resume = btusb_resume, 4127 #endif 4128 .id_table = btusb_table, 4129 .supports_autosuspend = 1, 4130 .disable_hub_initiated_lpm = 1, 4131 }; 4132 4133 module_usb_driver(btusb_driver); 4134 4135 module_param(disable_scofix, bool, 0644); 4136 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 4137 4138 module_param(force_scofix, bool, 0644); 4139 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 4140 4141 module_param(enable_autosuspend, bool, 0644); 4142 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 4143 4144 module_param(reset, bool, 0644); 4145 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 4146 4147 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4148 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 4149 MODULE_VERSION(VERSION); 4150 MODULE_LICENSE("GPL"); 4151