LXR linux/drivers/bluetooth/btusb.c

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 *
   4 *  Generic Bluetooth USB driver
   5 *
   6 *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
   7 */
   8
   9#include <linux/dmi.h>
  10#include <linux/module.h>
  11#include <linux/usb.h>
  12#include <linux/usb/quirks.h>
  13#include <linux/firmware.h>
  14#include <linux/iopoll.h>
  15#include <linux/of_device.h>
  16#include <linux/of_irq.h>
  17#include <linux/suspend.h>
  18#include <linux/gpio/consumer.h>
  19#include <asm/unaligned.h>
  20
  21#include <net/bluetooth/bluetooth.h>
  22#include <net/bluetooth/hci_core.h>
  23
  24#include "btintel.h"
  25#include "btbcm.h"
  26#include "btrtl.h"
  27
  28#define VERSION "0.8"
  29
  30static bool disable_scofix;
  31static bool force_scofix;
  32static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
  33
  34static bool reset = true;
  35
  36static struct usb_driver btusb_driver;
  37
  38#define BTUSB_IGNORE            0x01
  39#define BTUSB_DIGIANSWER        0x02
  40#define BTUSB_CSR               0x04
  41#define BTUSB_SNIFFER           0x08
  42#define BTUSB_BCM92035          0x10
  43#define BTUSB_BROKEN_ISOC       0x20
  44#define BTUSB_WRONG_SCO_MTU     0x40
  45#define BTUSB_ATH3012           0x80
  46#define BTUSB_INTEL_COMBINED    0x100
  47#define BTUSB_INTEL_BOOT        0x200
  48#define BTUSB_BCM_PATCHRAM      0x400
  49#define BTUSB_MARVELL           0x800
  50#define BTUSB_SWAVE             0x1000
  51#define BTUSB_AMP               0x4000
  52#define BTUSB_QCA_ROME          0x8000
  53#define BTUSB_BCM_APPLE         0x10000
  54#define BTUSB_REALTEK           0x20000
  55#define BTUSB_BCM2045           0x40000
  56#define BTUSB_IFNUM_2           0x80000
  57#define BTUSB_CW6622            0x100000
  58#define BTUSB_MEDIATEK          0x200000
  59#define BTUSB_WIDEBAND_SPEECH   0x400000
  60#define BTUSB_VALID_LE_STATES   0x800000
  61#define BTUSB_QCA_WCN6855       0x1000000
  62#define BTUSB_INTEL_BROKEN_INITIAL_NCMD 0x4000000
  63
  64static const struct usb_device_id btusb_table[] = {
  65        /* Generic Bluetooth USB device */
  66        { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
  67
  68        /* Generic Bluetooth AMP device */
  69        { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
  70
  71        /* Generic Bluetooth USB interface */
  72        { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
  73
  74        /* Apple-specific (Broadcom) devices */
  75        { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
  76          .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
  77
  78        /* MediaTek MT76x0E */
  79        { USB_DEVICE(0x0e8d, 0x763f) },
  80
  81        /* Broadcom SoftSailing reporting vendor specific */
  82        { USB_DEVICE(0x0a5c, 0x21e1) },
  83
  84        /* Apple MacBookPro 7,1 */
  85        { USB_DEVICE(0x05ac, 0x8213) },
  86
  87        /* Apple iMac11,1 */
  88        { USB_DEVICE(0x05ac, 0x8215) },
  89
  90        /* Apple MacBookPro6,2 */
  91        { USB_DEVICE(0x05ac, 0x8218) },
  92
  93        /* Apple MacBookAir3,1, MacBookAir3,2 */
  94        { USB_DEVICE(0x05ac, 0x821b) },
  95
  96        /* Apple MacBookAir4,1 */
  97        { USB_DEVICE(0x05ac, 0x821f) },
  98
  99        /* Apple MacBookPro8,2 */
 100        { USB_DEVICE(0x05ac, 0x821a) },
 101
 102        /* Apple MacMini5,1 */
 103        { USB_DEVICE(0x05ac, 0x8281) },
 104
 105        /* AVM BlueFRITZ! USB v2.0 */
 106        { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
 107
 108        /* Bluetooth Ultraport Module from IBM */
 109        { USB_DEVICE(0x04bf, 0x030a) },
 110
 111        /* ALPS Modules with non-standard id */
 112        { USB_DEVICE(0x044e, 0x3001) },
 113        { USB_DEVICE(0x044e, 0x3002) },
 114
 115        /* Ericsson with non-standard id */
 116        { USB_DEVICE(0x0bdb, 0x1002) },
 117
 118        /* Canyon CN-BTU1 with HID interfaces */
 119        { USB_DEVICE(0x0c10, 0x0000) },
 120
 121        /* Broadcom BCM20702B0 (Dynex/Insignia) */
 122        { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
 123
 124        /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
 125        { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
 126          .driver_info = BTUSB_BCM_PATCHRAM },
 127
 128        /* Broadcom BCM920703 (HTC Vive) */
 129        { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
 130          .driver_info = BTUSB_BCM_PATCHRAM },
 131
 132        /* Foxconn - Hon Hai */
 133        { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
 134          .driver_info = BTUSB_BCM_PATCHRAM },
 135
 136        /* Lite-On Technology - Broadcom based */
 137        { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
 138          .driver_info = BTUSB_BCM_PATCHRAM },
 139
 140        /* Broadcom devices with vendor specific id */
 141        { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
 142          .driver_info = BTUSB_BCM_PATCHRAM },
 143
 144        /* ASUSTek Computer - Broadcom based */
 145        { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
 146          .driver_info = BTUSB_BCM_PATCHRAM },
 147
 148        /* Belkin F8065bf - Broadcom based */
 149        { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
 150          .driver_info = BTUSB_BCM_PATCHRAM },
 151
 152        /* IMC Networks - Broadcom based */
 153        { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
 154          .driver_info = BTUSB_BCM_PATCHRAM },
 155
 156        /* Dell Computer - Broadcom based  */
 157        { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
 158          .driver_info = BTUSB_BCM_PATCHRAM },
 159
 160        /* Toshiba Corp - Broadcom based */
 161        { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
 162          .driver_info = BTUSB_BCM_PATCHRAM },
 163
 164        /* Intel Bluetooth USB Bootloader (RAM module) */
 165        { USB_DEVICE(0x8087, 0x0a5a),
 166          .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
 167
 168        { }     /* Terminating entry */
 169};
 170
 171MODULE_DEVICE_TABLE(usb, btusb_table);
 172
 173static const struct usb_device_id blacklist_table[] = {
 174        /* CSR BlueCore devices */
 175        { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
 176
 177        /* Broadcom BCM2033 without firmware */
 178        { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
 179
 180        /* Broadcom BCM2045 devices */
 181        { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
 182
 183        /* Atheros 3011 with sflash firmware */
 184        { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
 185        { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
 186        { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
 187        { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
 188        { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
 189        { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
 190        { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
 191
 192        /* Atheros AR9285 Malbec with sflash firmware */
 193        { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
 194
 195        /* Atheros 3012 with sflash firmware */
 196        { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
 197        { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
 198        { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
 199        { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
 200        { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
 201        { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
 202        { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
 203        { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
 204        { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
 205        { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
 206        { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
 207        { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
 208        { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
 209        { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
 210        { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
 211        { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
 212        { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
 213        { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
 214        { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
 215        { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
 216        { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
 217        { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
 218        { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
 219        { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
 220        { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
 221        { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
 222        { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
 223        { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
 224        { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
 225        { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
 226        { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
 227        { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
 228        { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
 229        { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
 230        { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
 231        { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
 232        { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
 233        { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
 234        { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
 235        { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
 236        { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
 237        { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
 238        { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
 239        { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
 240        { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
 241        { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
 242        { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
 243        { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
 244        { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
 245        { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
 246
 247        /* Atheros AR5BBU12 with sflash firmware */
 248        { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
 249
 250        /* Atheros AR5BBU12 with sflash firmware */
 251        { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
 252        { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
 253
 254        /* QCA ROME chipset */
 255        { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
 256                                                     BTUSB_WIDEBAND_SPEECH },
 257        { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
 258                                                     BTUSB_WIDEBAND_SPEECH },
 259        { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
 260                                                     BTUSB_WIDEBAND_SPEECH },
 261        { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
 262                                                     BTUSB_WIDEBAND_SPEECH },
 263        { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
 264                                                     BTUSB_WIDEBAND_SPEECH },
 265        { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
 266                                                     BTUSB_WIDEBAND_SPEECH },
 267        { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
 268                                                     BTUSB_WIDEBAND_SPEECH },
 269        { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME |
 270                                                     BTUSB_WIDEBAND_SPEECH },
 271        { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
 272                                                     BTUSB_WIDEBAND_SPEECH },
 273        { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
 274                                                     BTUSB_WIDEBAND_SPEECH },
 275        { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
 276                                                     BTUSB_WIDEBAND_SPEECH },
 277        { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
 278                                                     BTUSB_WIDEBAND_SPEECH },
 279        { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
 280                                                     BTUSB_WIDEBAND_SPEECH },
 281        { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
 282                                                     BTUSB_WIDEBAND_SPEECH },
 283        { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
 284                                                     BTUSB_WIDEBAND_SPEECH },
 285        { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
 286                                                     BTUSB_WIDEBAND_SPEECH },
 287        { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
 288                                                     BTUSB_WIDEBAND_SPEECH },
 289        { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
 290                                                     BTUSB_WIDEBAND_SPEECH },
 291        { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
 292                                                     BTUSB_WIDEBAND_SPEECH },
 293
 294        /* QCA WCN6855 chipset */
 295        { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
 296                                                     BTUSB_WIDEBAND_SPEECH |
 297                                                     BTUSB_VALID_LE_STATES },
 298
 299        /* Broadcom BCM2035 */
 300        { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
 301        { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
 302        { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
 303
 304        /* Broadcom BCM2045 */
 305        { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
 306        { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
 307
 308        /* IBM/Lenovo ThinkPad with Broadcom chip */
 309        { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
 310        { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
 311
 312        /* HP laptop with Broadcom chip */
 313        { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
 314
 315        /* Dell laptop with Broadcom chip */
 316        { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
 317
 318        /* Dell Wireless 370 and 410 devices */
 319        { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
 320        { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
 321
 322        /* Belkin F8T012 and F8T013 devices */
 323        { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
 324        { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
 325
 326        /* Asus WL-BTD202 device */
 327        { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
 328
 329        /* Kensington Bluetooth USB adapter */
 330        { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
 331
 332        /* RTX Telecom based adapters with buggy SCO support */
 333        { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
 334        { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
 335
 336        /* CONWISE Technology based adapters with buggy SCO support */
 337        { USB_DEVICE(0x0e5e, 0x6622),
 338          .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
 339
 340        /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
 341        { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
 342
 343        /* Digianswer devices */
 344        { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
 345        { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
 346
 347        /* CSR BlueCore Bluetooth Sniffer */
 348        { USB_DEVICE(0x0a12, 0x0002),
 349          .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
 350
 351        /* Frontline ComProbe Bluetooth Sniffer */
 352        { USB_DEVICE(0x16d3, 0x0002),
 353          .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
 354
 355        /* Marvell Bluetooth devices */
 356        { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
 357        { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
 358        { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
 359
 360        /* Intel Bluetooth devices */
 361        { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED },
 362        { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED },
 363        { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED },
 364        { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED },
 365        { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED },
 366        { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
 367        { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED |
 368                                                     BTUSB_INTEL_BROKEN_INITIAL_NCMD },
 369        { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED },
 370        { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED },
 371        { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED },
 372        { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED },
 373
 374        /* Other Intel Bluetooth devices */
 375        { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
 376          .driver_info = BTUSB_IGNORE },
 377
 378        /* Realtek 8822CE Bluetooth devices */
 379        { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK |
 380                                                     BTUSB_WIDEBAND_SPEECH },
 381        { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK |
 382                                                     BTUSB_WIDEBAND_SPEECH },
 383
 384        /* Realtek 8852AE Bluetooth devices */
 385        { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK |
 386                                                     BTUSB_WIDEBAND_SPEECH },
 387
 388        /* Realtek Bluetooth devices */
 389        { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
 390          .driver_info = BTUSB_REALTEK },
 391
 392        /* MediaTek Bluetooth devices */
 393        { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
 394          .driver_info = BTUSB_MEDIATEK |
 395                         BTUSB_WIDEBAND_SPEECH |
 396                         BTUSB_VALID_LE_STATES },
 397
 398        /* Additional MediaTek MT7615E Bluetooth devices */
 399        { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK},
 400
 401        /* Additional MediaTek MT7668 Bluetooth devices */
 402        { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK |
 403                                                     BTUSB_WIDEBAND_SPEECH |
 404                                                     BTUSB_VALID_LE_STATES },
 405
 406        /* Additional MediaTek MT7921 Bluetooth devices */
 407        { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK |
 408                                                     BTUSB_WIDEBAND_SPEECH |
 409                                                     BTUSB_VALID_LE_STATES },
 410        { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK |
 411                                                     BTUSB_WIDEBAND_SPEECH |
 412                                                     BTUSB_VALID_LE_STATES },
 413        { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK |
 414                                                     BTUSB_WIDEBAND_SPEECH |
 415                                                     BTUSB_VALID_LE_STATES },
 416
 417        /* Additional Realtek 8723AE Bluetooth devices */
 418        { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
 419        { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
 420
 421        /* Additional Realtek 8723BE Bluetooth devices */
 422        { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
 423        { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
 424        { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
 425        { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
 426        { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
 427        { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
 428
 429        /* Additional Realtek 8723BU Bluetooth devices */
 430        { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
 431
 432        /* Additional Realtek 8723DE Bluetooth devices */
 433        { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
 434        { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
 435
 436        /* Additional Realtek 8761BU Bluetooth devices */
 437        { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK |
 438                                                     BTUSB_WIDEBAND_SPEECH },
 439
 440        /* Additional Realtek 8821AE Bluetooth devices */
 441        { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
 442        { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
 443        { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
 444        { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
 445        { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
 446
 447        /* Additional Realtek 8822BE Bluetooth devices */
 448        { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
 449        { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
 450
 451        /* Additional Realtek 8822CE Bluetooth devices */
 452        { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK |
 453                                                     BTUSB_WIDEBAND_SPEECH },
 454        /* Bluetooth component of Realtek 8852AE device */
 455        { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK |
 456                                                     BTUSB_WIDEBAND_SPEECH },
 457
 458        { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK |
 459                                                     BTUSB_WIDEBAND_SPEECH },
 460        { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK |
 461                                                     BTUSB_WIDEBAND_SPEECH },
 462        { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK |
 463                                                     BTUSB_WIDEBAND_SPEECH },
 464        { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
 465                                                     BTUSB_WIDEBAND_SPEECH },
 466        { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK |
 467                                                     BTUSB_WIDEBAND_SPEECH },
 468        { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK |
 469                                                     BTUSB_WIDEBAND_SPEECH },
 470        { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK |
 471                                                     BTUSB_WIDEBAND_SPEECH },
 472        { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK |
 473                                                     BTUSB_WIDEBAND_SPEECH },
 474        { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK |
 475                                                     BTUSB_WIDEBAND_SPEECH },
 476        { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK |
 477                                                     BTUSB_WIDEBAND_SPEECH },
 478
 479        /* Silicon Wave based devices */
 480        { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
 481
 482        { }     /* Terminating entry */
 483};
 484
 485/* The Bluetooth USB module build into some devices needs to be reset on resume,
 486 * this is a problem with the platform (likely shutting off all power) not with
 487 * the module itself. So we use a DMI list to match known broken platforms.
 488 */
 489static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
 490        {
 491                /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
 492                .matches = {
 493                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 494                        DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
 495                },
 496        },
 497        {
 498                /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
 499                .matches = {
 500                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 501                        DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
 502                },
 503        },
 504        {
 505                /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
 506                .matches = {
 507                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 508                        DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
 509                },
 510        },
 511        {}
 512};
 513
 514#define BTUSB_MAX_ISOC_FRAMES   10
 515
 516#define BTUSB_INTR_RUNNING      0
 517#define BTUSB_BULK_RUNNING      1
 518#define BTUSB_ISOC_RUNNING      2
 519#define BTUSB_SUSPENDING        3
 520#define BTUSB_DID_ISO_RESUME    4
 521#define BTUSB_BOOTLOADER        5
 522#define BTUSB_DOWNLOADING       6
 523#define BTUSB_FIRMWARE_LOADED   7
 524#define BTUSB_FIRMWARE_FAILED   8
 525#define BTUSB_BOOTING           9
 526#define BTUSB_DIAG_RUNNING      10
 527#define BTUSB_OOB_WAKE_ENABLED  11
 528#define BTUSB_HW_RESET_ACTIVE   12
 529#define BTUSB_TX_WAIT_VND_EVT   13
 530#define BTUSB_WAKEUP_AUTOSUSPEND        14
 531#define BTUSB_USE_ALT3_FOR_WBS  15
 532
 533struct btusb_data {
 534        struct hci_dev       *hdev;
 535        struct usb_device    *udev;
 536        struct usb_interface *intf;
 537        struct usb_interface *isoc;
 538        struct usb_interface *diag;
 539        unsigned isoc_ifnum;
 540
 541        unsigned long flags;
 542
 543        struct work_struct work;
 544        struct work_struct waker;
 545
 546        struct usb_anchor deferred;
 547        struct usb_anchor tx_anchor;
 548        int tx_in_flight;
 549        spinlock_t txlock;
 550
 551        struct usb_anchor intr_anchor;
 552        struct usb_anchor bulk_anchor;
 553        struct usb_anchor isoc_anchor;
 554        struct usb_anchor diag_anchor;
 555        struct usb_anchor ctrl_anchor;
 556        spinlock_t rxlock;
 557
 558        struct sk_buff *evt_skb;
 559        struct sk_buff *acl_skb;
 560        struct sk_buff *sco_skb;
 561
 562        struct usb_endpoint_descriptor *intr_ep;
 563        struct usb_endpoint_descriptor *bulk_tx_ep;
 564        struct usb_endpoint_descriptor *bulk_rx_ep;
 565        struct usb_endpoint_descriptor *isoc_tx_ep;
 566        struct usb_endpoint_descriptor *isoc_rx_ep;
 567        struct usb_endpoint_descriptor *diag_tx_ep;
 568        struct usb_endpoint_descriptor *diag_rx_ep;
 569
 570        struct gpio_desc *reset_gpio;
 571
 572        __u8 cmdreq_type;
 573        __u8 cmdreq;
 574
 575        unsigned int sco_num;
 576        unsigned int air_mode;
 577        bool usb_alt6_packet_flow;
 578        int isoc_altsetting;
 579        int suspend_count;
 580
 581        int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
 582        int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb);
 583        int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
 584
 585        int (*setup_on_usb)(struct hci_dev *hdev);
 586
 587        int oob_wake_irq;   /* irq for out-of-band wake-on-bt */
 588        unsigned cmd_timeout_cnt;
 589};
 590
 591static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
 592{
 593        struct btusb_data *data = hci_get_drvdata(hdev);
 594        struct gpio_desc *reset_gpio = data->reset_gpio;
 595
 596        if (++data->cmd_timeout_cnt < 5)
 597                return;
 598
 599        if (!reset_gpio) {
 600                bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
 601                return;
 602        }
 603
 604        /*
 605         * Toggle the hard reset line if the platform provides one. The reset
 606         * is going to yank the device off the USB and then replug. So doing
 607         * once is enough. The cleanup is handled correctly on the way out
 608         * (standard USB disconnect), and the new device is detected cleanly
 609         * and bound to the driver again like it should be.
 610         */
 611        if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
 612                bt_dev_err(hdev, "last reset failed? Not resetting again");
 613                return;
 614        }
 615
 616        bt_dev_err(hdev, "Initiating HW reset via gpio");
 617        gpiod_set_value_cansleep(reset_gpio, 1);
 618        msleep(100);
 619        gpiod_set_value_cansleep(reset_gpio, 0);
 620}
 621
 622static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
 623{
 624        struct btusb_data *data = hci_get_drvdata(hdev);
 625        struct gpio_desc *reset_gpio = data->reset_gpio;
 626
 627        if (++data->cmd_timeout_cnt < 5)
 628                return;
 629
 630        if (!reset_gpio) {
 631                bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
 632                return;
 633        }
 634
 635        /* Toggle the hard reset line. The Realtek device is going to
 636         * yank itself off the USB and then replug. The cleanup is handled
 637         * correctly on the way out (standard USB disconnect), and the new
 638         * device is detected cleanly and bound to the driver again like
 639         * it should be.
 640         */
 641        if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
 642                bt_dev_err(hdev, "last reset failed? Not resetting again");
 643                return;
 644        }
 645
 646        bt_dev_err(hdev, "Reset Realtek device via gpio");
 647        gpiod_set_value_cansleep(reset_gpio, 1);
 648        msleep(200);
 649        gpiod_set_value_cansleep(reset_gpio, 0);
 650}
 651
 652static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
 653{
 654        struct btusb_data *data = hci_get_drvdata(hdev);
 655        int err;
 656
 657        if (++data->cmd_timeout_cnt < 5)
 658                return;
 659
 660        bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device.");
 661        /* This is not an unbalanced PM reference since the device will reset */
 662        err = usb_autopm_get_interface(data->intf);
 663        if (!err)
 664                usb_queue_reset_device(data->intf);
 665        else
 666                bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err);
 667}
 668
 669static inline void btusb_free_frags(struct btusb_data *data)
 670{
 671        unsigned long flags;
 672
 673        spin_lock_irqsave(&data->rxlock, flags);
 674
 675        kfree_skb(data->evt_skb);
 676        data->evt_skb = NULL;
 677
 678        kfree_skb(data->acl_skb);
 679        data->acl_skb = NULL;
 680
 681        kfree_skb(data->sco_skb);
 682        data->sco_skb = NULL;
 683
 684        spin_unlock_irqrestore(&data->rxlock, flags);
 685}
 686
 687static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
 688{
 689        struct sk_buff *skb;
 690        unsigned long flags;
 691        int err = 0;
 692
 693        spin_lock_irqsave(&data->rxlock, flags);
 694        skb = data->evt_skb;
 695
 696        while (count) {
 697                int len;
 698
 699                if (!skb) {
 700                        skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
 701                        if (!skb) {
 702                                err = -ENOMEM;
 703                                break;
 704                        }
 705
 706                        hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
 707                        hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
 708                }
 709
 710                len = min_t(uint, hci_skb_expect(skb), count);
 711                skb_put_data(skb, buffer, len);
 712
 713                count -= len;
 714                buffer += len;
 715                hci_skb_expect(skb) -= len;
 716
 717                if (skb->len == HCI_EVENT_HDR_SIZE) {
 718                        /* Complete event header */
 719                        hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
 720
 721                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 722                                kfree_skb(skb);
 723                                skb = NULL;
 724
 725                                err = -EILSEQ;
 726                                break;
 727                        }
 728                }
 729
 730                if (!hci_skb_expect(skb)) {
 731                        /* Complete frame */
 732                        data->recv_event(data->hdev, skb);
 733                        skb = NULL;
 734                }
 735        }
 736
 737        data->evt_skb = skb;
 738        spin_unlock_irqrestore(&data->rxlock, flags);
 739
 740        return err;
 741}
 742
 743static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
 744{
 745        struct sk_buff *skb;
 746        unsigned long flags;
 747        int err = 0;
 748
 749        spin_lock_irqsave(&data->rxlock, flags);
 750        skb = data->acl_skb;
 751
 752        while (count) {
 753                int len;
 754
 755                if (!skb) {
 756                        skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
 757                        if (!skb) {
 758                                err = -ENOMEM;
 759                                break;
 760                        }
 761
 762                        hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
 763                        hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
 764                }
 765
 766                len = min_t(uint, hci_skb_expect(skb), count);
 767                skb_put_data(skb, buffer, len);
 768
 769                count -= len;
 770                buffer += len;
 771                hci_skb_expect(skb) -= len;
 772
 773                if (skb->len == HCI_ACL_HDR_SIZE) {
 774                        __le16 dlen = hci_acl_hdr(skb)->dlen;
 775
 776                        /* Complete ACL header */
 777                        hci_skb_expect(skb) = __le16_to_cpu(dlen);
 778
 779                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 780                                kfree_skb(skb);
 781                                skb = NULL;
 782
 783                                err = -EILSEQ;
 784                                break;
 785                        }
 786                }
 787
 788                if (!hci_skb_expect(skb)) {
 789                        /* Complete frame */
 790                        data->recv_acl(data->hdev, skb);
 791                        skb = NULL;
 792                }
 793        }
 794
 795        data->acl_skb = skb;
 796        spin_unlock_irqrestore(&data->rxlock, flags);
 797
 798        return err;
 799}
 800
 801static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
 802{
 803        struct sk_buff *skb;
 804        unsigned long flags;
 805        int err = 0;
 806
 807        spin_lock_irqsave(&data->rxlock, flags);
 808        skb = data->sco_skb;
 809
 810        while (count) {
 811                int len;
 812
 813                if (!skb) {
 814                        skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
 815                        if (!skb) {
 816                                err = -ENOMEM;
 817                                break;
 818                        }
 819
 820                        hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
 821                        hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
 822                }
 823
 824                len = min_t(uint, hci_skb_expect(skb), count);
 825                skb_put_data(skb, buffer, len);
 826
 827                count -= len;
 828                buffer += len;
 829                hci_skb_expect(skb) -= len;
 830
 831                if (skb->len == HCI_SCO_HDR_SIZE) {
 832                        /* Complete SCO header */
 833                        hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
 834
 835                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 836                                kfree_skb(skb);
 837                                skb = NULL;
 838
 839                                err = -EILSEQ;
 840                                break;
 841                        }
 842                }
 843
 844                if (!hci_skb_expect(skb)) {
 845                        /* Complete frame */
 846                        hci_recv_frame(data->hdev, skb);
 847                        skb = NULL;
 848                }
 849        }
 850
 851        data->sco_skb = skb;
 852        spin_unlock_irqrestore(&data->rxlock, flags);
 853
 854        return err;
 855}
 856
 857static void btusb_intr_complete(struct urb *urb)
 858{
 859        struct hci_dev *hdev = urb->context;
 860        struct btusb_data *data = hci_get_drvdata(hdev);
 861        int err;
 862
 863        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 864               urb->actual_length);
 865
 866        if (!test_bit(HCI_RUNNING, &hdev->flags))
 867                return;
 868
 869        if (urb->status == 0) {
 870                hdev->stat.byte_rx += urb->actual_length;
 871
 872                if (btusb_recv_intr(data, urb->transfer_buffer,
 873                                    urb->actual_length) < 0) {
 874                        bt_dev_err(hdev, "corrupted event packet");
 875                        hdev->stat.err_rx++;
 876                }
 877        } else if (urb->status == -ENOENT) {
 878                /* Avoid suspend failed when usb_kill_urb */
 879                return;
 880        }
 881
 882        if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
 883                return;
 884
 885        usb_mark_last_busy(data->udev);
 886        usb_anchor_urb(urb, &data->intr_anchor);
 887
 888        err = usb_submit_urb(urb, GFP_ATOMIC);
 889        if (err < 0) {
 890                /* -EPERM: urb is being killed;
 891                 * -ENODEV: device got disconnected
 892                 */
 893                if (err != -EPERM && err != -ENODEV)
 894                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
 895                                   urb, -err);
 896                usb_unanchor_urb(urb);
 897        }
 898}
 899
 900static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
 901{
 902        struct btusb_data *data = hci_get_drvdata(hdev);
 903        struct urb *urb;
 904        unsigned char *buf;
 905        unsigned int pipe;
 906        int err, size;
 907
 908        BT_DBG("%s", hdev->name);
 909
 910        if (!data->intr_ep)
 911                return -ENODEV;
 912
 913        urb = usb_alloc_urb(0, mem_flags);
 914        if (!urb)
 915                return -ENOMEM;
 916
 917        size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
 918
 919        buf = kmalloc(size, mem_flags);
 920        if (!buf) {
 921                usb_free_urb(urb);
 922                return -ENOMEM;
 923        }
 924
 925        pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
 926
 927        usb_fill_int_urb(urb, data->udev, pipe, buf, size,
 928                         btusb_intr_complete, hdev, data->intr_ep->bInterval);
 929
 930        urb->transfer_flags |= URB_FREE_BUFFER;
 931
 932        usb_anchor_urb(urb, &data->intr_anchor);
 933
 934        err = usb_submit_urb(urb, mem_flags);
 935        if (err < 0) {
 936                if (err != -EPERM && err != -ENODEV)
 937                        bt_dev_err(hdev, "urb %p submission failed (%d)",
 938                                   urb, -err);
 939                usb_unanchor_urb(urb);
 940        }
 941
 942        usb_free_urb(urb);
 943
 944        return err;
 945}
 946
 947static void btusb_bulk_complete(struct urb *urb)
 948{
 949        struct hci_dev *hdev = urb->context;
 950        struct btusb_data *data = hci_get_drvdata(hdev);
 951        int err;
 952
 953        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 954               urb->actual_length);
 955
 956        if (!test_bit(HCI_RUNNING, &hdev->flags))
 957                return;
 958
 959        if (urb->status == 0) {
 960                hdev->stat.byte_rx += urb->actual_length;
 961
 962                if (data->recv_bulk(data, urb->transfer_buffer,
 963                                    urb->actual_length) < 0) {
 964                        bt_dev_err(hdev, "corrupted ACL packet");
 965                        hdev->stat.err_rx++;
 966                }
 967        } else if (urb->status == -ENOENT) {
 968                /* Avoid suspend failed when usb_kill_urb */
 969                return;
 970        }
 971
 972        if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
 973                return;
 974
 975        usb_anchor_urb(urb, &data->bulk_anchor);
 976        usb_mark_last_busy(data->udev);
 977
 978        err = usb_submit_urb(urb, GFP_ATOMIC);
 979        if (err < 0) {
 980                /* -EPERM: urb is being killed;
 981                 * -ENODEV: device got disconnected
 982                 */
 983                if (err != -EPERM && err != -ENODEV)
 984                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
 985                                   urb, -err);
 986                usb_unanchor_urb(urb);
 987        }
 988}
 989
 990static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
 991{
 992        struct btusb_data *data = hci_get_drvdata(hdev);
 993        struct urb *urb;
 994        unsigned char *buf;
 995        unsigned int pipe;
 996        int err, size = HCI_MAX_FRAME_SIZE;
 997
 998        BT_DBG("%s", hdev->name);
 999
1000        if (!data->bulk_rx_ep)

1001                return -ENODEV;
1002
1003        urb = usb_alloc_urb(0, mem_flags);
1004        if (!urb)
1005                return -ENOMEM;
1006
1007        buf = kmalloc(size, mem_flags);
1008        if (!buf) {
1009                usb_free_urb(urb);
1010                return -ENOMEM;
1011        }
1012
1013        pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
1014
1015        usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1016                          btusb_bulk_complete, hdev);
1017
1018        urb->transfer_flags |= URB_FREE_BUFFER;
1019
1020        usb_mark_last_busy(data->udev);
1021        usb_anchor_urb(urb, &data->bulk_anchor);
1022
1023        err = usb_submit_urb(urb, mem_flags);
1024        if (err < 0) {
1025                if (err != -EPERM && err != -ENODEV)
1026                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1027                                   urb, -err);
1028                usb_unanchor_urb(urb);
1029        }
1030
1031        usb_free_urb(urb);
1032
1033        return err;
1034}
1035
1036static void btusb_isoc_complete(struct urb *urb)
1037{
1038        struct hci_dev *hdev = urb->context;
1039        struct btusb_data *data = hci_get_drvdata(hdev);
1040        int i, err;
1041
1042        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1043               urb->actual_length);
1044
1045        if (!test_bit(HCI_RUNNING, &hdev->flags))
1046                return;
1047
1048        if (urb->status == 0) {
1049                for (i = 0; i < urb->number_of_packets; i++) {
1050                        unsigned int offset = urb->iso_frame_desc[i].offset;
1051                        unsigned int length = urb->iso_frame_desc[i].actual_length;
1052
1053                        if (urb->iso_frame_desc[i].status)
1054                                continue;
1055
1056                        hdev->stat.byte_rx += length;
1057
1058                        if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
1059                                            length) < 0) {
1060                                bt_dev_err(hdev, "corrupted SCO packet");
1061                                hdev->stat.err_rx++;
1062                        }
1063                }
1064        } else if (urb->status == -ENOENT) {
1065                /* Avoid suspend failed when usb_kill_urb */
1066                return;
1067        }
1068
1069        if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
1070                return;
1071
1072        usb_anchor_urb(urb, &data->isoc_anchor);
1073
1074        err = usb_submit_urb(urb, GFP_ATOMIC);
1075        if (err < 0) {
1076                /* -EPERM: urb is being killed;
1077                 * -ENODEV: device got disconnected
1078                 */
1079                if (err != -EPERM && err != -ENODEV)
1080                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1081                                   urb, -err);
1082                usb_unanchor_urb(urb);
1083        }
1084}
1085
1086static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1087                                               int mtu, struct btusb_data *data)
1088{
1089        int i, offset = 0;
1090        unsigned int interval;
1091
1092        BT_DBG("len %d mtu %d", len, mtu);
1093
1094        /* For mSBC ALT 6 setting the host will send the packet at continuous
1095         * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
1096         * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets.
1097         * To maintain the rate we send 63bytes of usb packets alternatively for
1098         * 7ms and 8ms to maintain the rate as 7.5ms.
1099         */
1100        if (data->usb_alt6_packet_flow) {
1101                interval = 7;
1102                data->usb_alt6_packet_flow = false;
1103        } else {
1104                interval = 6;
1105                data->usb_alt6_packet_flow = true;
1106        }
1107
1108        for (i = 0; i < interval; i++) {
1109                urb->iso_frame_desc[i].offset = offset;
1110                urb->iso_frame_desc[i].length = offset;
1111        }
1112
1113        if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1114                urb->iso_frame_desc[i].offset = offset;
1115                urb->iso_frame_desc[i].length = len;
1116                i++;
1117        }
1118
1119        urb->number_of_packets = i;
1120}
1121
1122static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
1123{
1124        int i, offset = 0;
1125
1126        BT_DBG("len %d mtu %d", len, mtu);
1127
1128        for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
1129                                        i++, offset += mtu, len -= mtu) {
1130                urb->iso_frame_desc[i].offset = offset;
1131                urb->iso_frame_desc[i].length = mtu;
1132        }
1133
1134        if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1135                urb->iso_frame_desc[i].offset = offset;
1136                urb->iso_frame_desc[i].length = len;
1137                i++;
1138        }
1139
1140        urb->number_of_packets = i;
1141}
1142
1143static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1144{
1145        struct btusb_data *data = hci_get_drvdata(hdev);
1146        struct urb *urb;
1147        unsigned char *buf;
1148        unsigned int pipe;
1149        int err, size;
1150
1151        BT_DBG("%s", hdev->name);
1152
1153        if (!data->isoc_rx_ep)
1154                return -ENODEV;
1155
1156        urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1157        if (!urb)
1158                return -ENOMEM;
1159
1160        size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1161                                                BTUSB_MAX_ISOC_FRAMES;
1162
1163        buf = kmalloc(size, mem_flags);
1164        if (!buf) {
1165                usb_free_urb(urb);
1166                return -ENOMEM;
1167        }
1168
1169        pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1170
1171        usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
1172                         hdev, data->isoc_rx_ep->bInterval);
1173
1174        urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1175
1176        __fill_isoc_descriptor(urb, size,
1177                               le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1178
1179        usb_anchor_urb(urb, &data->isoc_anchor);
1180
1181        err = usb_submit_urb(urb, mem_flags);
1182        if (err < 0) {
1183                if (err != -EPERM && err != -ENODEV)
1184                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1185                                   urb, -err);
1186                usb_unanchor_urb(urb);
1187        }
1188
1189        usb_free_urb(urb);
1190
1191        return err;
1192}
1193
1194static void btusb_diag_complete(struct urb *urb)
1195{
1196        struct hci_dev *hdev = urb->context;
1197        struct btusb_data *data = hci_get_drvdata(hdev);
1198        int err;
1199
1200        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1201               urb->actual_length);
1202
1203        if (urb->status == 0) {
1204                struct sk_buff *skb;
1205
1206                skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
1207                if (skb) {
1208                        skb_put_data(skb, urb->transfer_buffer,
1209                                     urb->actual_length);
1210                        hci_recv_diag(hdev, skb);
1211                }
1212        } else if (urb->status == -ENOENT) {
1213                /* Avoid suspend failed when usb_kill_urb */
1214                return;
1215        }
1216
1217        if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1218                return;
1219
1220        usb_anchor_urb(urb, &data->diag_anchor);
1221        usb_mark_last_busy(data->udev);
1222
1223        err = usb_submit_urb(urb, GFP_ATOMIC);
1224        if (err < 0) {
1225                /* -EPERM: urb is being killed;
1226                 * -ENODEV: device got disconnected
1227                 */
1228                if (err != -EPERM && err != -ENODEV)
1229                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1230                                   urb, -err);
1231                usb_unanchor_urb(urb);
1232        }
1233}
1234
1235static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1236{
1237        struct btusb_data *data = hci_get_drvdata(hdev);
1238        struct urb *urb;
1239        unsigned char *buf;
1240        unsigned int pipe;
1241        int err, size = HCI_MAX_FRAME_SIZE;
1242
1243        BT_DBG("%s", hdev->name);
1244
1245        if (!data->diag_rx_ep)
1246                return -ENODEV;
1247
1248        urb = usb_alloc_urb(0, mem_flags);
1249        if (!urb)
1250                return -ENOMEM;
1251
1252        buf = kmalloc(size, mem_flags);
1253        if (!buf) {
1254                usb_free_urb(urb);
1255                return -ENOMEM;
1256        }
1257
1258        pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1259
1260        usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1261                          btusb_diag_complete, hdev);
1262
1263        urb->transfer_flags |= URB_FREE_BUFFER;
1264
1265        usb_mark_last_busy(data->udev);
1266        usb_anchor_urb(urb, &data->diag_anchor);
1267
1268        err = usb_submit_urb(urb, mem_flags);
1269        if (err < 0) {
1270                if (err != -EPERM && err != -ENODEV)
1271                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1272                                   urb, -err);
1273                usb_unanchor_urb(urb);
1274        }
1275
1276        usb_free_urb(urb);
1277
1278        return err;
1279}
1280
1281static void btusb_tx_complete(struct urb *urb)
1282{
1283        struct sk_buff *skb = urb->context;
1284        struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1285        struct btusb_data *data = hci_get_drvdata(hdev);
1286        unsigned long flags;
1287
1288        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1289               urb->actual_length);
1290
1291        if (!test_bit(HCI_RUNNING, &hdev->flags))
1292                goto done;
1293
1294        if (!urb->status)
1295                hdev->stat.byte_tx += urb->transfer_buffer_length;
1296        else
1297                hdev->stat.err_tx++;
1298
1299done:
1300        spin_lock_irqsave(&data->txlock, flags);
1301        data->tx_in_flight--;
1302        spin_unlock_irqrestore(&data->txlock, flags);
1303
1304        kfree(urb->setup_packet);
1305
1306        kfree_skb(skb);
1307}
1308
1309static void btusb_isoc_tx_complete(struct urb *urb)
1310{
1311        struct sk_buff *skb = urb->context;
1312        struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1313
1314        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1315               urb->actual_length);
1316
1317        if (!test_bit(HCI_RUNNING, &hdev->flags))
1318                goto done;
1319
1320        if (!urb->status)
1321                hdev->stat.byte_tx += urb->transfer_buffer_length;
1322        else
1323                hdev->stat.err_tx++;
1324
1325done:
1326        kfree(urb->setup_packet);
1327
1328        kfree_skb(skb);
1329}
1330
1331static int btusb_open(struct hci_dev *hdev)
1332{
1333        struct btusb_data *data = hci_get_drvdata(hdev);
1334        int err;
1335
1336        BT_DBG("%s", hdev->name);
1337
1338        err = usb_autopm_get_interface(data->intf);
1339        if (err < 0)
1340                return err;
1341
1342        /* Patching USB firmware files prior to starting any URBs of HCI path
1343         * It is more safe to use USB bulk channel for downloading USB patch
1344         */
1345        if (data->setup_on_usb) {
1346                err = data->setup_on_usb(hdev);
1347                if (err < 0)
1348                        goto setup_fail;
1349        }
1350
1351        data->intf->needs_remote_wakeup = 1;
1352
1353        if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1354                goto done;
1355
1356        err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1357        if (err < 0)
1358                goto failed;
1359
1360        err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1361        if (err < 0) {
1362                usb_kill_anchored_urbs(&data->intr_anchor);
1363                goto failed;
1364        }
1365
1366        set_bit(BTUSB_BULK_RUNNING, &data->flags);
1367        btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1368
1369        if (data->diag) {
1370                if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1371                        set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1372        }
1373
1374done:
1375        usb_autopm_put_interface(data->intf);
1376        return 0;
1377
1378failed:
1379        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1380setup_fail:
1381        usb_autopm_put_interface(data->intf);
1382        return err;
1383}
1384
1385static void btusb_stop_traffic(struct btusb_data *data)
1386{
1387        usb_kill_anchored_urbs(&data->intr_anchor);
1388        usb_kill_anchored_urbs(&data->bulk_anchor);
1389        usb_kill_anchored_urbs(&data->isoc_anchor);
1390        usb_kill_anchored_urbs(&data->diag_anchor);
1391        usb_kill_anchored_urbs(&data->ctrl_anchor);
1392}
1393
1394static int btusb_close(struct hci_dev *hdev)
1395{
1396        struct btusb_data *data = hci_get_drvdata(hdev);
1397        int err;
1398
1399        BT_DBG("%s", hdev->name);
1400
1401        cancel_work_sync(&data->work);
1402        cancel_work_sync(&data->waker);
1403
1404        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1405        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1406        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1407        clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1408
1409        btusb_stop_traffic(data);
1410        btusb_free_frags(data);
1411
1412        err = usb_autopm_get_interface(data->intf);
1413        if (err < 0)
1414                goto failed;
1415
1416        data->intf->needs_remote_wakeup = 0;
1417
1418        /* Enable remote wake up for auto-suspend */
1419        if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags))
1420                data->intf->needs_remote_wakeup = 1;
1421
1422        usb_autopm_put_interface(data->intf);
1423
1424failed:
1425        usb_scuttle_anchored_urbs(&data->deferred);
1426        return 0;
1427}
1428
1429static int btusb_flush(struct hci_dev *hdev)
1430{
1431        struct btusb_data *data = hci_get_drvdata(hdev);
1432
1433        BT_DBG("%s", hdev->name);
1434
1435        usb_kill_anchored_urbs(&data->tx_anchor);
1436        btusb_free_frags(data);
1437
1438        return 0;
1439}
1440
1441static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1442{
1443        struct btusb_data *data = hci_get_drvdata(hdev);
1444        struct usb_ctrlrequest *dr;
1445        struct urb *urb;
1446        unsigned int pipe;
1447
1448        urb = usb_alloc_urb(0, GFP_KERNEL);
1449        if (!urb)
1450                return ERR_PTR(-ENOMEM);
1451
1452        dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1453        if (!dr) {
1454                usb_free_urb(urb);
1455                return ERR_PTR(-ENOMEM);
1456        }
1457
1458        dr->bRequestType = data->cmdreq_type;
1459        dr->bRequest     = data->cmdreq;
1460        dr->wIndex       = 0;
1461        dr->wValue       = 0;
1462        dr->wLength      = __cpu_to_le16(skb->len);
1463
1464        pipe = usb_sndctrlpipe(data->udev, 0x00);
1465
1466        usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1467                             skb->data, skb->len, btusb_tx_complete, skb);
1468
1469        skb->dev = (void *)hdev;
1470
1471        return urb;
1472}
1473
1474static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1475{
1476        struct btusb_data *data = hci_get_drvdata(hdev);
1477        struct urb *urb;
1478        unsigned int pipe;
1479
1480        if (!data->bulk_tx_ep)
1481                return ERR_PTR(-ENODEV);
1482
1483        urb = usb_alloc_urb(0, GFP_KERNEL);
1484        if (!urb)
1485                return ERR_PTR(-ENOMEM);
1486
1487        pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1488
1489        usb_fill_bulk_urb(urb, data->udev, pipe,
1490                          skb->data, skb->len, btusb_tx_complete, skb);
1491
1492        skb->dev = (void *)hdev;
1493
1494        return urb;
1495}
1496
1497static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1498{
1499        struct btusb_data *data = hci_get_drvdata(hdev);
1500        struct urb *urb;
1501        unsigned int pipe;
1502
1503        if (!data->isoc_tx_ep)
1504                return ERR_PTR(-ENODEV);
1505
1506        urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1507        if (!urb)
1508                return ERR_PTR(-ENOMEM);
1509
1510        pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1511
1512        usb_fill_int_urb(urb, data->udev, pipe,
1513                         skb->data, skb->len, btusb_isoc_tx_complete,
1514                         skb, data->isoc_tx_ep->bInterval);
1515
1516        urb->transfer_flags  = URB_ISO_ASAP;
1517
1518        if (data->isoc_altsetting == 6)
1519                __fill_isoc_descriptor_msbc(urb, skb->len,
1520                                            le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize),
1521                                            data);
1522        else
1523                __fill_isoc_descriptor(urb, skb->len,
1524                                       le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1525        skb->dev = (void *)hdev;
1526
1527        return urb;
1528}
1529
1530static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1531{
1532        struct btusb_data *data = hci_get_drvdata(hdev);
1533        int err;
1534
1535        usb_anchor_urb(urb, &data->tx_anchor);
1536
1537        err = usb_submit_urb(urb, GFP_KERNEL);
1538        if (err < 0) {
1539                if (err != -EPERM && err != -ENODEV)
1540                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1541                                   urb, -err);
1542                kfree(urb->setup_packet);
1543                usb_unanchor_urb(urb);
1544        } else {
1545                usb_mark_last_busy(data->udev);
1546        }
1547
1548        usb_free_urb(urb);
1549        return err;
1550}
1551
1552static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1553{
1554        struct btusb_data *data = hci_get_drvdata(hdev);
1555        unsigned long flags;
1556        bool suspending;
1557
1558        spin_lock_irqsave(&data->txlock, flags);
1559        suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1560        if (!suspending)
1561                data->tx_in_flight++;
1562        spin_unlock_irqrestore(&data->txlock, flags);
1563
1564        if (!suspending)
1565                return submit_tx_urb(hdev, urb);
1566
1567        usb_anchor_urb(urb, &data->deferred);
1568        schedule_work(&data->waker);
1569
1570        usb_free_urb(urb);
1571        return 0;
1572}
1573
1574static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1575{
1576        struct urb *urb;
1577
1578        BT_DBG("%s", hdev->name);
1579
1580        switch (hci_skb_pkt_type(skb)) {
1581        case HCI_COMMAND_PKT:
1582                urb = alloc_ctrl_urb(hdev, skb);
1583                if (IS_ERR(urb))
1584                        return PTR_ERR(urb);
1585
1586                hdev->stat.cmd_tx++;
1587                return submit_or_queue_tx_urb(hdev, urb);
1588
1589        case HCI_ACLDATA_PKT:
1590                urb = alloc_bulk_urb(hdev, skb);
1591                if (IS_ERR(urb))
1592                        return PTR_ERR(urb);
1593
1594                hdev->stat.acl_tx++;
1595                return submit_or_queue_tx_urb(hdev, urb);
1596
1597        case HCI_SCODATA_PKT:
1598                if (hci_conn_num(hdev, SCO_LINK) < 1)
1599                        return -ENODEV;
1600
1601                urb = alloc_isoc_urb(hdev, skb);
1602                if (IS_ERR(urb))
1603                        return PTR_ERR(urb);
1604
1605                hdev->stat.sco_tx++;
1606                return submit_tx_urb(hdev, urb);
1607        }
1608
1609        return -EILSEQ;
1610}
1611
1612static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1613{
1614        struct btusb_data *data = hci_get_drvdata(hdev);
1615
1616        BT_DBG("%s evt %d", hdev->name, evt);
1617
1618        if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1619                data->sco_num = hci_conn_num(hdev, SCO_LINK);
1620                data->air_mode = evt;
1621                schedule_work(&data->work);
1622        }
1623}
1624
1625static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1626{
1627        struct btusb_data *data = hci_get_drvdata(hdev);
1628        struct usb_interface *intf = data->isoc;
1629        struct usb_endpoint_descriptor *ep_desc;
1630        int i, err;
1631
1632        if (!data->isoc)
1633                return -ENODEV;
1634
1635        err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1636        if (err < 0) {
1637                bt_dev_err(hdev, "setting interface failed (%d)", -err);
1638                return err;
1639        }
1640
1641        data->isoc_altsetting = altsetting;
1642
1643        data->isoc_tx_ep = NULL;
1644        data->isoc_rx_ep = NULL;
1645
1646        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1647                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1648
1649                if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1650                        data->isoc_tx_ep = ep_desc;
1651                        continue;
1652                }
1653
1654                if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1655                        data->isoc_rx_ep = ep_desc;
1656                        continue;
1657                }
1658        }
1659
1660        if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1661                bt_dev_err(hdev, "invalid SCO descriptors");
1662                return -ENODEV;
1663        }
1664
1665        return 0;
1666}
1667
1668static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts)
1669{
1670        struct btusb_data *data = hci_get_drvdata(hdev);
1671        int err;
1672
1673        if (data->isoc_altsetting != new_alts) {
1674                unsigned long flags;
1675
1676                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1677                usb_kill_anchored_urbs(&data->isoc_anchor);
1678
1679                /* When isochronous alternate setting needs to be
1680                 * changed, because SCO connection has been added
1681                 * or removed, a packet fragment may be left in the
1682                 * reassembling state. This could lead to wrongly
1683                 * assembled fragments.
1684                 *
1685                 * Clear outstanding fragment when selecting a new
1686                 * alternate setting.
1687                 */
1688                spin_lock_irqsave(&data->rxlock, flags);
1689                kfree_skb(data->sco_skb);
1690                data->sco_skb = NULL;
1691                spin_unlock_irqrestore(&data->rxlock, flags);
1692
1693                err = __set_isoc_interface(hdev, new_alts);
1694                if (err < 0)
1695                        return err;
1696        }
1697
1698        if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1699                if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1700                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1701                else
1702                        btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1703        }
1704
1705        return 0;
1706}
1707
1708static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data,
1709                                                        int alt)
1710{
1711        struct usb_interface *intf = data->isoc;
1712        int i;
1713
1714        BT_DBG("Looking for Alt no :%d", alt);
1715
1716        if (!intf)
1717                return NULL;
1718
1719        for (i = 0; i < intf->num_altsetting; i++) {
1720                if (intf->altsetting[i].desc.bAlternateSetting == alt)
1721                        return &intf->altsetting[i];
1722        }
1723
1724        return NULL;
1725}
1726
1727static void btusb_work(struct work_struct *work)
1728{
1729        struct btusb_data *data = container_of(work, struct btusb_data, work);
1730        struct hci_dev *hdev = data->hdev;
1731        int new_alts = 0;
1732        int err;
1733
1734        if (data->sco_num > 0) {
1735                if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1736                        err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1737                        if (err < 0) {
1738                                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1739                                usb_kill_anchored_urbs(&data->isoc_anchor);
1740                                return;
1741                        }
1742
1743                        set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1744                }
1745
1746                if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) {
1747                        if (hdev->voice_setting & 0x0020) {
1748                                static const int alts[3] = { 2, 4, 5 };
1749
1750                                new_alts = alts[data->sco_num - 1];
1751                        } else {
1752                                new_alts = data->sco_num;
1753                        }
1754                } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) {
1755                        /* Bluetooth USB spec recommends alt 6 (63 bytes), but
1756                         * many adapters do not support it.  Alt 1 appears to
1757                         * work for all adapters that do not have alt 6, and
1758                         * which work with WBS at all.  Some devices prefer
1759                         * alt 3 (HCI payload >= 60 Bytes let air packet
1760                         * data satisfy 60 bytes), requiring
1761                         * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72
1762                         * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1.
1763                         */
1764                        if (btusb_find_altsetting(data, 6))
1765                                new_alts = 6;
1766                        else if (btusb_find_altsetting(data, 3) &&
1767                                 hdev->sco_mtu >= 72 &&
1768                                 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags))
1769                                new_alts = 3;
1770                        else
1771                                new_alts = 1;
1772                }
1773
1774                if (btusb_switch_alt_setting(hdev, new_alts) < 0)
1775                        bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
1776        } else {
1777                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1778                usb_kill_anchored_urbs(&data->isoc_anchor);
1779
1780                __set_isoc_interface(hdev, 0);
1781                if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1782                        usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1783        }
1784}
1785
1786static void btusb_waker(struct work_struct *work)
1787{
1788        struct btusb_data *data = container_of(work, struct btusb_data, waker);
1789        int err;
1790
1791        err = usb_autopm_get_interface(data->intf);
1792        if (err < 0)
1793                return;
1794
1795        usb_autopm_put_interface(data->intf);
1796}
1797
1798static int btusb_setup_bcm92035(struct hci_dev *hdev)
1799{
1800        struct sk_buff *skb;
1801        u8 val = 0x00;
1802
1803        BT_DBG("%s", hdev->name);
1804
1805        skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1806        if (IS_ERR(skb))
1807                bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1808        else
1809                kfree_skb(skb);
1810
1811        return 0;
1812}
1813
1814static int btusb_setup_csr(struct hci_dev *hdev)
1815{
1816        struct btusb_data *data = hci_get_drvdata(hdev);
1817        u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice);
1818        struct hci_rp_read_local_version *rp;
1819        struct sk_buff *skb;
1820        bool is_fake = false;
1821        int ret;
1822
1823        BT_DBG("%s", hdev->name);
1824
1825        skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1826                             HCI_INIT_TIMEOUT);
1827        if (IS_ERR(skb)) {
1828                int err = PTR_ERR(skb);
1829                bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1830                return err;
1831        }
1832
1833        if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1834                bt_dev_err(hdev, "CSR: Local version length mismatch");
1835                kfree_skb(skb);
1836                return -EIO;
1837        }
1838
1839        rp = (struct hci_rp_read_local_version *)skb->data;
1840
1841        /* Detect a wide host of Chinese controllers that aren't CSR.
1842         *
1843         * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891
1844         *
1845         * The main thing they have in common is that these are really popular low-cost
1846         * options that support newer Bluetooth versions but rely on heavy VID/PID
1847         * squatting of this poor old Bluetooth 1.1 device. Even sold as such.
1848         *
1849         * We detect actual CSR devices by checking that the HCI manufacturer code
1850         * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and
1851         * HCI rev values always match. As they both store the firmware number.
1852         */
1853        if (le16_to_cpu(rp->manufacturer) != 10 ||
1854            le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver))
1855                is_fake = true;
1856
1857        /* Known legit CSR firmware build numbers and their supported BT versions:
1858         * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e
1859         * - 1.2 (0x2) ->                 0x04d9, 0x0529
1860         * - 2.0 (0x3) ->         0x07a6, 0x07ad, 0x0c5c
1861         * - 2.1 (0x4) ->         0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External)
1862         * - 4.0 (0x6) ->         0x1d86, 0x2031, 0x22bb
1863         *
1864         * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that
1865         *      support BT 1.1 only; so it's a dead giveaway when some
1866         *      third-party BT 4.0 dongle reuses it.
1867         */
1868        else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
1869                 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
1870                is_fake = true;
1871
1872        else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
1873                 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
1874                is_fake = true;
1875
1876        else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
1877                 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
1878                is_fake = true;
1879
1880        else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
1881                 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
1882                is_fake = true;
1883
1884        else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
1885                 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
1886                is_fake = true;
1887
1888        /* Other clones which beat all the above checks */
1889        else if (bcdDevice == 0x0134 &&
1890                 le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
1891                 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
1892                is_fake = true;
1893
1894        if (is_fake) {
1895                bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once...");
1896
1897                /* Generally these clones have big discrepancies between
1898                 * advertised features and what's actually supported.
1899                 * Probably will need to be expanded in the future;
1900                 * without these the controller will lock up.
1901                 */
1902                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1903                set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
1904
1905                /* Clear the reset quirk since this is not an actual
1906                 * early Bluetooth 1.1 device from CSR.
1907                 */
1908                clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1909                clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1910
1911                /*
1912                 * Special workaround for these BT 4.0 chip clones, and potentially more:
1913                 *
1914                 * - 0x0134: a Barrot 8041a02                 (HCI rev: 0x1012 sub: 0x0810)
1915                 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709)
1916                 *
1917                 * These controllers are really messed-up.
1918                 *
1919                 * 1. Their bulk RX endpoint will never report any data unless
1920                 * the device was suspended at least once (yes, really).
1921                 * 2. They will not wakeup when autosuspended and receiving data
1922                 * on their bulk RX endpoint from e.g. a keyboard or mouse
1923                 * (IOW remote-wakeup support is broken for the bulk endpoint).
1924                 *
1925                 * To fix 1. enable runtime-suspend, force-suspend the
1926                 * HCI and then wake-it up by disabling runtime-suspend.
1927                 *
1928                 * To fix 2. clear the HCI's can_wake flag, this way the HCI
1929                 * will still be autosuspended when it is not open.
1930                 *
1931                 * --
1932                 *
1933                 * Because these are widespread problems we prefer generic solutions; so
1934                 * apply this initialization quirk to every controller that gets here,
1935                 * it should be harmless. The alternative is to not work at all.
1936                 */
1937                pm_runtime_allow(&data->udev->dev);
1938
1939                ret = pm_runtime_suspend(&data->udev->dev);
1940                if (ret >= 0)
1941                        msleep(200);
1942                else
1943                        bt_dev_err(hdev, "CSR: Failed to suspend the device for our Barrot 8041a02 receive-issue workaround");
1944
1945                pm_runtime_forbid(&data->udev->dev);
1946
1947                device_set_wakeup_capable(&data->udev->dev, false);
1948
1949                /* Re-enable autosuspend if this was requested */
1950                if (enable_autosuspend)
1951                        usb_enable_autosuspend(data->udev);
1952        }
1953
1954        kfree_skb(skb);
1955
1956        return 0;
1957}
1958
1959static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1960{
1961        struct sk_buff *skb;
1962        struct hci_event_hdr *hdr;
1963        struct hci_ev_cmd_complete *evt;
1964
1965        skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1966        if (!skb)
1967                return -ENOMEM;
1968
1969        hdr = skb_put(skb, sizeof(*hdr));
1970        hdr->evt = HCI_EV_CMD_COMPLETE;
1971        hdr->plen = sizeof(*evt) + 1;
1972
1973        evt = skb_put(skb, sizeof(*evt));
1974        evt->ncmd = 0x01;
1975        evt->opcode = cpu_to_le16(opcode);
1976
1977        skb_put_u8(skb, 0x00);
1978
1979        hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1980
1981        return hci_recv_frame(hdev, skb);
1982}
1983
1984static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1985                                 int count)
1986{
1987        struct hci_dev *hdev = data->hdev;
1988
1989        /* When the device is in bootloader mode, then it can send
1990         * events via the bulk endpoint. These events are treated the
1991         * same way as the ones received from the interrupt endpoint.
1992         */
1993        if (btintel_test_flag(hdev, INTEL_BOOTLOADER))
1994                return btusb_recv_intr(data, buffer, count);
1995
1996        return btusb_recv_bulk(data, buffer, count);
1997}
1998
1999static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2000{

2001        if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2002                struct hci_event_hdr *hdr = (void *)skb->data;
2003
2004                if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2005                    hdr->plen > 0) {
2006                        const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2007                        unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2008
2009                        switch (skb->data[2]) {
2010                        case 0x02:
2011                                /* When switching to the operational firmware
2012                                 * the device sends a vendor specific event
2013                                 * indicating that the bootup completed.
2014                                 */
2015                                btintel_bootup(hdev, ptr, len);
2016                                break;
2017                        case 0x06:
2018                                /* When the firmware loading completes the
2019                                 * device sends out a vendor specific event
2020                                 * indicating the result of the firmware
2021                                 * loading.
2022                                 */
2023                                btintel_secure_send_result(hdev, ptr, len);
2024                                break;
2025                        }
2026                }
2027        }
2028
2029        return hci_recv_frame(hdev, skb);
2030}
2031
2032static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2033{
2034        struct urb *urb;
2035
2036        BT_DBG("%s", hdev->name);
2037
2038        switch (hci_skb_pkt_type(skb)) {
2039        case HCI_COMMAND_PKT:
2040                if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2041                        struct hci_command_hdr *cmd = (void *)skb->data;
2042                        __u16 opcode = le16_to_cpu(cmd->opcode);
2043
2044                        /* When in bootloader mode and the command 0xfc09
2045                         * is received, it needs to be send down the
2046                         * bulk endpoint. So allocate a bulk URB instead.
2047                         */
2048                        if (opcode == 0xfc09)
2049                                urb = alloc_bulk_urb(hdev, skb);
2050                        else
2051                                urb = alloc_ctrl_urb(hdev, skb);
2052
2053                        /* When the 0xfc01 command is issued to boot into
2054                         * the operational firmware, it will actually not
2055                         * send a command complete event. To keep the flow
2056                         * control working inject that event here.
2057                         */
2058                        if (opcode == 0xfc01)
2059                                inject_cmd_complete(hdev, opcode);
2060                } else {
2061                        urb = alloc_ctrl_urb(hdev, skb);
2062                }
2063                if (IS_ERR(urb))
2064                        return PTR_ERR(urb);
2065
2066                hdev->stat.cmd_tx++;
2067                return submit_or_queue_tx_urb(hdev, urb);
2068
2069        case HCI_ACLDATA_PKT:
2070                urb = alloc_bulk_urb(hdev, skb);
2071                if (IS_ERR(urb))
2072                        return PTR_ERR(urb);
2073
2074                hdev->stat.acl_tx++;
2075                return submit_or_queue_tx_urb(hdev, urb);
2076
2077        case HCI_SCODATA_PKT:
2078                if (hci_conn_num(hdev, SCO_LINK) < 1)
2079                        return -ENODEV;
2080
2081                urb = alloc_isoc_urb(hdev, skb);
2082                if (IS_ERR(urb))
2083                        return PTR_ERR(urb);
2084
2085                hdev->stat.sco_tx++;
2086                return submit_tx_urb(hdev, urb);
2087        }
2088
2089        return -EILSEQ;
2090}
2091
2092/* UHW CR mapping */
2093#define MTK_BT_MISC             0x70002510
2094#define MTK_BT_SUBSYS_RST       0x70002610
2095#define MTK_UDMA_INT_STA_BT     0x74000024
2096#define MTK_UDMA_INT_STA_BT1    0x74000308
2097#define MTK_BT_WDT_STATUS       0x740003A0
2098#define MTK_EP_RST_OPT          0x74011890
2099#define MTK_EP_RST_IN_OUT_OPT   0x00010001
2100#define MTK_BT_RST_DONE         0x00000100
2101#define MTK_BT_RESET_WAIT_MS    100
2102#define MTK_BT_RESET_NUM_TRIES  10
2103#define FIRMWARE_MT7663         "mediatek/mt7663pr2h.bin"
2104#define FIRMWARE_MT7668         "mediatek/mt7668pr2h.bin"
2105
2106#define HCI_WMT_MAX_EVENT_SIZE          64
2107/* It is for mt79xx download rom patch*/
2108#define MTK_FW_ROM_PATCH_HEADER_SIZE    32
2109#define MTK_FW_ROM_PATCH_GD_SIZE        64
2110#define MTK_FW_ROM_PATCH_SEC_MAP_SIZE   64
2111#define MTK_SEC_MAP_COMMON_SIZE 12
2112#define MTK_SEC_MAP_NEED_SEND_SIZE      52
2113
2114enum {
2115        BTMTK_WMT_PATCH_DWNLD = 0x1,
2116        BTMTK_WMT_FUNC_CTRL = 0x6,
2117        BTMTK_WMT_RST = 0x7,
2118        BTMTK_WMT_SEMAPHORE = 0x17,
2119};
2120
2121enum {
2122        BTMTK_WMT_INVALID,
2123        BTMTK_WMT_PATCH_UNDONE,
2124        BTMTK_WMT_PATCH_PROGRESS,
2125        BTMTK_WMT_PATCH_DONE,
2126        BTMTK_WMT_ON_UNDONE,
2127        BTMTK_WMT_ON_DONE,
2128        BTMTK_WMT_ON_PROGRESS,
2129};
2130
2131struct btmtk_wmt_hdr {
2132        u8      dir;
2133        u8      op;
2134        __le16  dlen;
2135        u8      flag;
2136} __packed;
2137
2138struct btmtk_hci_wmt_cmd {
2139        struct btmtk_wmt_hdr hdr;
2140        u8 data[];
2141} __packed;
2142
2143struct btmtk_hci_wmt_evt {
2144        struct hci_event_hdr hhdr;
2145        struct btmtk_wmt_hdr whdr;
2146} __packed;
2147
2148struct btmtk_hci_wmt_evt_funcc {
2149        struct btmtk_hci_wmt_evt hwhdr;
2150        __be16 status;
2151} __packed;
2152
2153struct btmtk_tci_sleep {
2154        u8 mode;
2155        __le16 duration;
2156        __le16 host_duration;
2157        u8 host_wakeup_pin;
2158        u8 time_compensation;
2159} __packed;
2160
2161struct btmtk_hci_wmt_params {
2162        u8 op;
2163        u8 flag;
2164        u16 dlen;
2165        const void *data;
2166        u32 *status;
2167};
2168
2169struct btmtk_patch_header {
2170        u8 datetime[16];
2171        u8 platform[4];
2172        __le16 hwver;
2173        __le16 swver;
2174        __le32 magicnum;
2175} __packed;
2176
2177struct btmtk_global_desc {
2178        __le32 patch_ver;
2179        __le32 sub_sys;
2180        __le32 feature_opt;
2181        __le32 section_num;
2182} __packed;
2183
2184struct btmtk_section_map {
2185        __le32 sectype;
2186        __le32 secoffset;
2187        __le32 secsize;
2188        union {
2189                __le32 u4SecSpec[13];
2190                struct {
2191                        __le32 dlAddr;
2192                        __le32 dlsize;
2193                        __le32 seckeyidx;
2194                        __le32 alignlen;
2195                        __le32 sectype;
2196                        __le32 dlmodecrctype;
2197                        __le32 crc;
2198                        __le32 reserved[6];
2199                } bin_info_spec;
2200        };
2201} __packed;
2202
2203static void btusb_mtk_wmt_recv(struct urb *urb)
2204{
2205        struct hci_dev *hdev = urb->context;
2206        struct btusb_data *data = hci_get_drvdata(hdev);
2207        struct hci_event_hdr *hdr;
2208        struct sk_buff *skb;
2209        int err;
2210
2211        if (urb->status == 0 && urb->actual_length > 0) {
2212                hdev->stat.byte_rx += urb->actual_length;
2213
2214                /* WMT event shouldn't be fragmented and the size should be
2215                 * less than HCI_WMT_MAX_EVENT_SIZE.
2216                 */
2217                skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
2218                if (!skb) {
2219                        hdev->stat.err_rx++;
2220                        return;
2221                }
2222
2223                hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2224                skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
2225
2226                hdr = (void *)skb->data;
2227                /* Fix up the vendor event id with 0xff for vendor specific
2228                 * instead of 0xe4 so that event send via monitoring socket can
2229                 * be parsed properly.
2230                 */
2231                hdr->evt = 0xff;
2232
2233                /* When someone waits for the WMT event, the skb is being cloned
2234                 * and being processed the events from there then.
2235                 */
2236                if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
2237                        data->evt_skb = skb_clone(skb, GFP_ATOMIC);
2238                        if (!data->evt_skb) {
2239                                kfree_skb(skb);
2240                                return;
2241                        }
2242                }
2243
2244                err = hci_recv_frame(hdev, skb);
2245                if (err < 0) {
2246                        kfree_skb(data->evt_skb);
2247                        data->evt_skb = NULL;
2248                        return;
2249                }
2250
2251                if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
2252                                       &data->flags)) {
2253                        /* Barrier to sync with other CPUs */
2254                        smp_mb__after_atomic();
2255                        wake_up_bit(&data->flags,
2256                                    BTUSB_TX_WAIT_VND_EVT);
2257                }
2258                return;
2259        } else if (urb->status == -ENOENT) {
2260                /* Avoid suspend failed when usb_kill_urb */
2261                return;
2262        }
2263
2264        usb_mark_last_busy(data->udev);
2265
2266        /* The URB complete handler is still called with urb->actual_length = 0
2267         * when the event is not available, so we should keep re-submitting
2268         * URB until WMT event returns, Also, It's necessary to wait some time
2269         * between the two consecutive control URBs to relax the target device
2270         * to generate the event. Otherwise, the WMT event cannot return from
2271         * the device successfully.
2272         */
2273        udelay(500);
2274
2275        usb_anchor_urb(urb, &data->ctrl_anchor);
2276        err = usb_submit_urb(urb, GFP_ATOMIC);
2277        if (err < 0) {
2278                /* -EPERM: urb is being killed;
2279                 * -ENODEV: device got disconnected
2280                 */
2281                if (err != -EPERM && err != -ENODEV)
2282                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
2283                                   urb, -err);
2284                usb_unanchor_urb(urb);
2285        }
2286}
2287
2288static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
2289{
2290        struct btusb_data *data = hci_get_drvdata(hdev);
2291        struct usb_ctrlrequest *dr;
2292        unsigned char *buf;
2293        int err, size = 64;
2294        unsigned int pipe;
2295        struct urb *urb;
2296
2297        urb = usb_alloc_urb(0, GFP_KERNEL);
2298        if (!urb)
2299                return -ENOMEM;
2300
2301        dr = kmalloc(sizeof(*dr), GFP_KERNEL);
2302        if (!dr) {
2303                usb_free_urb(urb);
2304                return -ENOMEM;
2305        }
2306
2307        dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
2308        dr->bRequest     = 1;
2309        dr->wIndex       = cpu_to_le16(0);
2310        dr->wValue       = cpu_to_le16(48);
2311        dr->wLength      = cpu_to_le16(size);
2312
2313        buf = kmalloc(size, GFP_KERNEL);
2314        if (!buf) {
2315                kfree(dr);
2316                usb_free_urb(urb);
2317                return -ENOMEM;
2318        }
2319
2320        pipe = usb_rcvctrlpipe(data->udev, 0);
2321
2322        usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
2323                             buf, size, btusb_mtk_wmt_recv, hdev);
2324
2325        urb->transfer_flags |= URB_FREE_BUFFER;
2326
2327        usb_anchor_urb(urb, &data->ctrl_anchor);
2328        err = usb_submit_urb(urb, GFP_KERNEL);
2329        if (err < 0) {
2330                if (err != -EPERM && err != -ENODEV)
2331                        bt_dev_err(hdev, "urb %p submission failed (%d)",
2332                                   urb, -err);
2333                usb_unanchor_urb(urb);
2334        }
2335
2336        usb_free_urb(urb);
2337
2338        return err;
2339}
2340
2341static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
2342                                  struct btmtk_hci_wmt_params *wmt_params)
2343{
2344        struct btusb_data *data = hci_get_drvdata(hdev);
2345        struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
2346        u32 hlen, status = BTMTK_WMT_INVALID;
2347        struct btmtk_hci_wmt_evt *wmt_evt;
2348        struct btmtk_hci_wmt_cmd *wc;
2349        struct btmtk_wmt_hdr *hdr;
2350        int err;
2351
2352        /* Send the WMT command and wait until the WMT event returns */
2353        hlen = sizeof(*hdr) + wmt_params->dlen;
2354        if (hlen > 255)
2355                return -EINVAL;
2356
2357        wc = kzalloc(hlen, GFP_KERNEL);
2358        if (!wc)
2359                return -ENOMEM;
2360
2361        hdr = &wc->hdr;
2362        hdr->dir = 1;
2363        hdr->op = wmt_params->op;
2364        hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
2365        hdr->flag = wmt_params->flag;
2366        memcpy(wc->data, wmt_params->data, wmt_params->dlen);
2367
2368        set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2369
2370        err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
2371
2372        if (err < 0) {
2373                clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2374                goto err_free_wc;
2375        }
2376
2377        /* Submit control IN URB on demand to process the WMT event */
2378        err = btusb_mtk_submit_wmt_recv_urb(hdev);
2379        if (err < 0)
2380                goto err_free_wc;
2381
2382        /* The vendor specific WMT commands are all answered by a vendor
2383         * specific event and will have the Command Status or Command
2384         * Complete as with usual HCI command flow control.
2385         *
2386         * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
2387         * state to be cleared. The driver specific event receive routine
2388         * will clear that state and with that indicate completion of the
2389         * WMT command.
2390         */
2391        err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT,
2392                                  TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
2393        if (err == -EINTR) {
2394                bt_dev_err(hdev, "Execution of wmt command interrupted");
2395                clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2396                goto err_free_wc;
2397        }
2398
2399        if (err) {
2400                bt_dev_err(hdev, "Execution of wmt command timed out");
2401                clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2402                err = -ETIMEDOUT;
2403                goto err_free_wc;
2404        }
2405
2406        /* Parse and handle the return WMT event */
2407        wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
2408        if (wmt_evt->whdr.op != hdr->op) {
2409                bt_dev_err(hdev, "Wrong op received %d expected %d",
2410                           wmt_evt->whdr.op, hdr->op);
2411                err = -EIO;
2412                goto err_free_skb;
2413        }
2414
2415        switch (wmt_evt->whdr.op) {
2416        case BTMTK_WMT_SEMAPHORE:
2417                if (wmt_evt->whdr.flag == 2)
2418                        status = BTMTK_WMT_PATCH_UNDONE;
2419                else
2420                        status = BTMTK_WMT_PATCH_DONE;
2421                break;
2422        case BTMTK_WMT_FUNC_CTRL:
2423                wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
2424                if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
2425                        status = BTMTK_WMT_ON_DONE;
2426                else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
2427                        status = BTMTK_WMT_ON_PROGRESS;
2428                else
2429                        status = BTMTK_WMT_ON_UNDONE;
2430                break;
2431        case BTMTK_WMT_PATCH_DWNLD:
2432                if (wmt_evt->whdr.flag == 2)
2433                        status = BTMTK_WMT_PATCH_DONE;
2434                else if (wmt_evt->whdr.flag == 1)
2435                        status = BTMTK_WMT_PATCH_PROGRESS;
2436                else
2437                        status = BTMTK_WMT_PATCH_UNDONE;
2438                break;
2439        }
2440
2441        if (wmt_params->status)
2442                *wmt_params->status = status;
2443
2444err_free_skb:
2445        kfree_skb(data->evt_skb);
2446        data->evt_skb = NULL;
2447err_free_wc:
2448        kfree(wc);
2449        return err;
2450}
2451
2452static int btusb_mtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname)
2453{
2454        struct btmtk_hci_wmt_params wmt_params;
2455        struct btmtk_global_desc *globaldesc = NULL;
2456        struct btmtk_section_map *sectionmap;
2457        const struct firmware *fw;
2458        const u8 *fw_ptr;
2459        const u8 *fw_bin_ptr;
2460        int err, dlen, i, status;
2461        u8 flag, first_block, retry;
2462        u32 section_num, dl_size, section_offset;
2463        u8 cmd[64];
2464
2465        err = request_firmware(&fw, fwname, &hdev->dev);
2466        if (err < 0) {
2467                bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
2468                return err;
2469        }
2470
2471        fw_ptr = fw->data;
2472        fw_bin_ptr = fw_ptr;
2473        globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
2474        section_num = le32_to_cpu(globaldesc->section_num);
2475
2476        for (i = 0; i < section_num; i++) {
2477                first_block = 1;
2478                fw_ptr = fw_bin_ptr;
2479                sectionmap = (struct btmtk_section_map *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
2480                              MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i);
2481
2482                section_offset = le32_to_cpu(sectionmap->secoffset);
2483                dl_size = le32_to_cpu(sectionmap->bin_info_spec.dlsize);
2484
2485                if (dl_size > 0) {
2486                        retry = 20;
2487                        while (retry > 0) {
2488                                cmd[0] = 0; /* 0 means legacy dl mode. */
2489                                memcpy(cmd + 1,
2490                                       fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
2491                                       MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
2492                                       MTK_SEC_MAP_COMMON_SIZE,
2493                                       MTK_SEC_MAP_NEED_SEND_SIZE + 1);
2494
2495                                wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
2496                                wmt_params.status = &status;
2497                                wmt_params.flag = 0;
2498                                wmt_params.dlen = MTK_SEC_MAP_NEED_SEND_SIZE + 1;
2499                                wmt_params.data = &cmd;
2500
2501                                err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2502                                if (err < 0) {
2503                                        bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
2504                                                   err);
2505                                        goto err_release_fw;
2506                                }
2507
2508                                if (status == BTMTK_WMT_PATCH_UNDONE) {
2509                                        break;
2510                                } else if (status == BTMTK_WMT_PATCH_PROGRESS) {
2511                                        msleep(100);
2512                                        retry--;
2513                                } else if (status == BTMTK_WMT_PATCH_DONE) {
2514                                        goto next_section;
2515                                } else {
2516                                        bt_dev_err(hdev, "Failed wmt patch dwnld status (%d)",
2517                                                   status);
2518                                        goto err_release_fw;
2519                                }
2520                        }
2521
2522                        fw_ptr += section_offset;
2523                        wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
2524                        wmt_params.status = NULL;
2525
2526                        while (dl_size > 0) {
2527                                dlen = min_t(int, 250, dl_size);
2528                                if (first_block == 1) {
2529                                        flag = 1;
2530                                        first_block = 0;
2531                                } else if (dl_size - dlen <= 0) {
2532                                        flag = 3;
2533                                } else {
2534                                        flag = 2;
2535                                }
2536
2537                                wmt_params.flag = flag;
2538                                wmt_params.dlen = dlen;
2539                                wmt_params.data = fw_ptr;
2540
2541                                err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2542                                if (err < 0) {
2543                                        bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
2544                                                   err);
2545                                        goto err_release_fw;
2546                                }
2547
2548                                dl_size -= dlen;
2549                                fw_ptr += dlen;
2550                        }
2551                }
2552next_section:
2553                continue;
2554        }
2555        /* Wait a few moments for firmware activation done */
2556        usleep_range(100000, 120000);
2557
2558err_release_fw:
2559        release_firmware(fw);
2560
2561        return err;
2562}
2563
2564static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
2565{
2566        struct btmtk_hci_wmt_params wmt_params;
2567        const struct firmware *fw;
2568        const u8 *fw_ptr;
2569        size_t fw_size;
2570        int err, dlen;
2571        u8 flag, param;
2572
2573        err = request_firmware(&fw, fwname, &hdev->dev);
2574        if (err < 0) {
2575                bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
2576                return err;
2577        }
2578
2579        /* Power on data RAM the firmware relies on. */
2580        param = 1;
2581        wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2582        wmt_params.flag = 3;
2583        wmt_params.dlen = sizeof(param);
2584        wmt_params.data = &param;
2585        wmt_params.status = NULL;
2586
2587        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2588        if (err < 0) {
2589                bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
2590                goto err_release_fw;
2591        }
2592
2593        fw_ptr = fw->data;
2594        fw_size = fw->size;
2595
2596        /* The size of patch header is 30 bytes, should be skip */
2597        if (fw_size < 30) {
2598                err = -EINVAL;
2599                goto err_release_fw;
2600        }
2601
2602        fw_size -= 30;
2603        fw_ptr += 30;
2604        flag = 1;
2605
2606        wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
2607        wmt_params.status = NULL;
2608
2609        while (fw_size > 0) {
2610                dlen = min_t(int, 250, fw_size);
2611
2612                /* Tell device the position in sequence */
2613                if (fw_size - dlen <= 0)
2614                        flag = 3;
2615                else if (fw_size < fw->size - 30)
2616                        flag = 2;
2617
2618                wmt_params.flag = flag;
2619                wmt_params.dlen = dlen;
2620                wmt_params.data = fw_ptr;
2621
2622                err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2623                if (err < 0) {
2624                        bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
2625                                   err);
2626                        goto err_release_fw;
2627                }
2628
2629                fw_size -= dlen;
2630                fw_ptr += dlen;
2631        }
2632
2633        wmt_params.op = BTMTK_WMT_RST;
2634        wmt_params.flag = 4;
2635        wmt_params.dlen = 0;
2636        wmt_params.data = NULL;
2637        wmt_params.status = NULL;
2638
2639        /* Activate funciton the firmware providing to */
2640        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2641        if (err < 0) {
2642                bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
2643                goto err_release_fw;
2644        }
2645
2646        /* Wait a few moments for firmware activation done */
2647        usleep_range(10000, 12000);
2648
2649err_release_fw:
2650        release_firmware(fw);
2651
2652        return err;
2653}
2654
2655static int btusb_mtk_func_query(struct hci_dev *hdev)
2656{
2657        struct btmtk_hci_wmt_params wmt_params;
2658        int status, err;
2659        u8 param = 0;
2660
2661        /* Query whether the function is enabled */
2662        wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2663        wmt_params.flag = 4;
2664        wmt_params.dlen = sizeof(param);
2665        wmt_params.data = &param;
2666        wmt_params.status = &status;
2667
2668        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2669        if (err < 0) {
2670                bt_dev_err(hdev, "Failed to query function status (%d)", err);
2671                return err;
2672        }
2673
2674        return status;
2675}
2676
2677static int btusb_mtk_uhw_reg_write(struct btusb_data *data, u32 reg, u32 val)
2678{
2679        struct hci_dev *hdev = data->hdev;
2680        int pipe, err;
2681        void *buf;
2682
2683        buf = kzalloc(4, GFP_KERNEL);
2684        if (!buf)
2685                return -ENOMEM;
2686
2687        put_unaligned_le32(val, buf);
2688
2689        pipe = usb_sndctrlpipe(data->udev, 0);
2690        err = usb_control_msg(data->udev, pipe, 0x02,
2691                              0x5E,
2692                              reg >> 16, reg & 0xffff,
2693                              buf, 4, USB_CTRL_SET_TIMEOUT);
2694        if (err < 0) {
2695                bt_dev_err(hdev, "Failed to write uhw reg(%d)", err);
2696                goto err_free_buf;
2697        }
2698
2699err_free_buf:
2700        kfree(buf);
2701
2702        return err;
2703}
2704
2705static int btusb_mtk_uhw_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2706{
2707        struct hci_dev *hdev = data->hdev;
2708        int pipe, err;
2709        void *buf;
2710
2711        buf = kzalloc(4, GFP_KERNEL);
2712        if (!buf)
2713                return -ENOMEM;
2714
2715        pipe = usb_rcvctrlpipe(data->udev, 0);
2716        err = usb_control_msg(data->udev, pipe, 0x01,
2717                              0xDE,
2718                              reg >> 16, reg & 0xffff,
2719                              buf, 4, USB_CTRL_SET_TIMEOUT);
2720        if (err < 0) {
2721                bt_dev_err(hdev, "Failed to read uhw reg(%d)", err);
2722                goto err_free_buf;
2723        }
2724
2725        *val = get_unaligned_le32(buf);
2726        bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val);
2727
2728err_free_buf:
2729        kfree(buf);
2730
2731        return err;
2732}
2733
2734static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2735{
2736        int pipe, err, size = sizeof(u32);
2737        void *buf;
2738
2739        buf = kzalloc(size, GFP_KERNEL);
2740        if (!buf)
2741                return -ENOMEM;
2742
2743        pipe = usb_rcvctrlpipe(data->udev, 0);
2744        err = usb_control_msg(data->udev, pipe, 0x63,
2745                              USB_TYPE_VENDOR | USB_DIR_IN,
2746                              reg >> 16, reg & 0xffff,
2747                              buf, size, USB_CTRL_SET_TIMEOUT);
2748        if (err < 0)
2749                goto err_free_buf;
2750
2751        *val = get_unaligned_le32(buf);
2752
2753err_free_buf:
2754        kfree(buf);
2755
2756        return err;
2757}
2758
2759static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id)
2760{
2761        return btusb_mtk_reg_read(data, reg, id);
2762}
2763
2764static int btusb_mtk_setup(struct hci_dev *hdev)
2765{
2766        struct btusb_data *data = hci_get_drvdata(hdev);
2767        struct btmtk_hci_wmt_params wmt_params;
2768        ktime_t calltime, delta, rettime;
2769        struct btmtk_tci_sleep tci_sleep;
2770        unsigned long long duration;
2771        struct sk_buff *skb;
2772        const char *fwname;
2773        int err, status;
2774        u32 dev_id;
2775        char fw_bin_name[64];
2776        u32 fw_version = 0;
2777        u8 param;
2778
2779        calltime = ktime_get();
2780
2781        err = btusb_mtk_id_get(data, 0x80000008, &dev_id);
2782        if (err < 0) {
2783                bt_dev_err(hdev, "Failed to get device id (%d)", err);
2784                return err;
2785        }
2786
2787        if (!dev_id) {
2788                err = btusb_mtk_id_get(data, 0x70010200, &dev_id);
2789                if (err < 0) {
2790                        bt_dev_err(hdev, "Failed to get device id (%d)", err);
2791                        return err;
2792                }
2793                err = btusb_mtk_id_get(data, 0x80021004, &fw_version);
2794                if (err < 0) {
2795                        bt_dev_err(hdev, "Failed to get fw version (%d)", err);
2796                        return err;
2797                }
2798        }
2799
2800        switch (dev_id) {
2801        case 0x7663:
2802                fwname = FIRMWARE_MT7663;
2803                break;
2804        case 0x7668:
2805                fwname = FIRMWARE_MT7668;
2806                break;
2807        case 0x7961:
2808                snprintf(fw_bin_name, sizeof(fw_bin_name),
2809                        "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
2810                         dev_id & 0xffff, (fw_version & 0xff) + 1);
2811                err = btusb_mtk_setup_firmware_79xx(hdev, fw_bin_name);
2812
2813                /* It's Device EndPoint Reset Option Register */
2814                btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
2815
2816                /* Enable Bluetooth protocol */
2817                param = 1;
2818                wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2819                wmt_params.flag = 0;
2820                wmt_params.dlen = sizeof(param);
2821                wmt_params.data = &param;
2822                wmt_params.status = NULL;
2823
2824                err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2825                if (err < 0) {
2826                        bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2827                        return err;
2828                }
2829
2830                hci_set_msft_opcode(hdev, 0xFD30);
2831                goto done;
2832        default:
2833                bt_dev_err(hdev, "Unsupported hardware variant (%08x)",
2834                           dev_id);
2835                return -ENODEV;
2836        }
2837
2838        /* Query whether the firmware is already download */
2839        wmt_params.op = BTMTK_WMT_SEMAPHORE;
2840        wmt_params.flag = 1;
2841        wmt_params.dlen = 0;
2842        wmt_params.data = NULL;
2843        wmt_params.status = &status;
2844
2845        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2846        if (err < 0) {
2847                bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
2848                return err;
2849        }
2850
2851        if (status == BTMTK_WMT_PATCH_DONE) {
2852                bt_dev_info(hdev, "firmware already downloaded");
2853                goto ignore_setup_fw;
2854        }
2855
2856        /* Setup a firmware which the device definitely requires */
2857        err = btusb_mtk_setup_firmware(hdev, fwname);
2858        if (err < 0)
2859                return err;
2860
2861ignore_setup_fw:
2862        err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
2863                                 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
2864                                 2000, 5000000);
2865        /* -ETIMEDOUT happens */
2866        if (err < 0)
2867                return err;
2868
2869        /* The other errors happen in btusb_mtk_func_query */
2870        if (status < 0)
2871                return status;
2872
2873        if (status == BTMTK_WMT_ON_DONE) {
2874                bt_dev_info(hdev, "function already on");
2875                goto ignore_func_on;
2876        }
2877
2878        /* Enable Bluetooth protocol */
2879        param = 1;
2880        wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2881        wmt_params.flag = 0;
2882        wmt_params.dlen = sizeof(param);
2883        wmt_params.data = &param;
2884        wmt_params.status = NULL;
2885
2886        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2887        if (err < 0) {
2888                bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2889                return err;
2890        }
2891
2892ignore_func_on:
2893        /* Apply the low power environment setup */
2894        tci_sleep.mode = 0x5;
2895        tci_sleep.duration = cpu_to_le16(0x640);
2896        tci_sleep.host_duration = cpu_to_le16(0x640);
2897        tci_sleep.host_wakeup_pin = 0;
2898        tci_sleep.time_compensation = 0;
2899
2900        skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
2901                             HCI_INIT_TIMEOUT);
2902        if (IS_ERR(skb)) {
2903                err = PTR_ERR(skb);
2904                bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
2905                return err;
2906        }
2907        kfree_skb(skb);
2908
2909done:
2910        rettime = ktime_get();
2911        delta = ktime_sub(rettime, calltime);
2912        duration = (unsigned long long)ktime_to_ns(delta) >> 10;
2913
2914        bt_dev_info(hdev, "Device setup in %llu usecs", duration);
2915
2916        return 0;
2917}
2918
2919static int btusb_mtk_shutdown(struct hci_dev *hdev)
2920{
2921        struct btmtk_hci_wmt_params wmt_params;
2922        u8 param = 0;
2923        int err;
2924
2925        /* Disable the device */
2926        wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2927        wmt_params.flag = 0;
2928        wmt_params.dlen = sizeof(param);
2929        wmt_params.data = &param;
2930        wmt_params.status = NULL;
2931
2932        err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2933        if (err < 0) {
2934                bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
2935                return err;
2936        }
2937
2938        return 0;
2939}
2940
2941static void btusb_mtk_cmd_timeout(struct hci_dev *hdev)
2942{
2943        struct btusb_data *data = hci_get_drvdata(hdev);
2944        u32 val;
2945        int err, retry = 0;
2946
2947        /* It's MediaTek specific bluetooth reset mechanism via USB */
2948        if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
2949                bt_dev_err(hdev, "last reset failed? Not resetting again");
2950                return;
2951        }
2952
2953        err = usb_autopm_get_interface(data->intf);
2954        if (err < 0)
2955                return;
2956
2957        btusb_stop_traffic(data);
2958        usb_kill_anchored_urbs(&data->tx_anchor);
2959
2960        /* It's Device EndPoint Reset Option Register */
2961        bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
2962        btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
2963        btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val);
2964
2965        /* Reset the bluetooth chip via USB interface. */
2966        btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1);
2967        btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF);
2968        btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val);
2969        btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF);
2970        btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val);
2971        /* MT7921 need to delay 20ms between toggle reset bit */
2972        msleep(20);
2973        btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0);
2974        btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val);
2975
2976        /* Poll the register until reset is completed */
2977        do {
2978                btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val);
2979                if (val & MTK_BT_RST_DONE) {
2980                        bt_dev_dbg(hdev, "Bluetooth Reset Successfully");
2981                        break;
2982                }
2983
2984                bt_dev_dbg(hdev, "Polling Bluetooth Reset CR");
2985                retry++;
2986                msleep(MTK_BT_RESET_WAIT_MS);
2987        } while (retry < MTK_BT_RESET_NUM_TRIES);
2988
2989        btusb_mtk_id_get(data, 0x70010200, &val);
2990        if (!val)
2991                bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
2992
2993        usb_queue_reset_device(data->intf);
2994
2995        clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags);
2996}
2997
2998static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
2999{
3000        struct btusb_data *data = hci_get_drvdata(hdev);

3001        u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
3002
3003        switch (handle) {
3004        case 0xfc6f:            /* Firmware dump from device */
3005                /* When the firmware hangs, the device can no longer
3006                 * suspend and thus disable auto-suspend.
3007                 */
3008                usb_disable_autosuspend(data->udev);
3009                fallthrough;
3010        case 0x05ff:            /* Firmware debug logging 1 */
3011        case 0x05fe:            /* Firmware debug logging 2 */
3012                return hci_recv_diag(hdev, skb);
3013        }
3014
3015        return hci_recv_frame(hdev, skb);
3016}
3017
3018MODULE_FIRMWARE(FIRMWARE_MT7663);
3019MODULE_FIRMWARE(FIRMWARE_MT7668);
3020
3021#ifdef CONFIG_PM
3022/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
3023static int marvell_config_oob_wake(struct hci_dev *hdev)
3024{
3025        struct sk_buff *skb;
3026        struct btusb_data *data = hci_get_drvdata(hdev);
3027        struct device *dev = &data->udev->dev;
3028        u16 pin, gap, opcode;
3029        int ret;
3030        u8 cmd[5];
3031
3032        /* Move on if no wakeup pin specified */
3033        if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
3034            of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
3035                return 0;
3036
3037        /* Vendor specific command to configure a GPIO as wake-up pin */
3038        opcode = hci_opcode_pack(0x3F, 0x59);
3039        cmd[0] = opcode & 0xFF;
3040        cmd[1] = opcode >> 8;
3041        cmd[2] = 2; /* length of parameters that follow */
3042        cmd[3] = pin;
3043        cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
3044
3045        skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
3046        if (!skb) {
3047                bt_dev_err(hdev, "%s: No memory", __func__);
3048                return -ENOMEM;
3049        }
3050
3051        skb_put_data(skb, cmd, sizeof(cmd));
3052        hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
3053
3054        ret = btusb_send_frame(hdev, skb);
3055        if (ret) {
3056                bt_dev_err(hdev, "%s: configuration failed", __func__);
3057                kfree_skb(skb);
3058                return ret;
3059        }
3060
3061        return 0;
3062}
3063#endif
3064
3065static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
3066                                    const bdaddr_t *bdaddr)
3067{
3068        struct sk_buff *skb;
3069        u8 buf[8];
3070        long ret;
3071
3072        buf[0] = 0xfe;
3073        buf[1] = sizeof(bdaddr_t);
3074        memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
3075
3076        skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3077        if (IS_ERR(skb)) {
3078                ret = PTR_ERR(skb);
3079                bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
3080                           ret);
3081                return ret;
3082        }
3083        kfree_skb(skb);
3084
3085        return 0;
3086}
3087
3088static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
3089                                    const bdaddr_t *bdaddr)
3090{
3091        struct sk_buff *skb;
3092        u8 buf[10];
3093        long ret;
3094
3095        buf[0] = 0x01;
3096        buf[1] = 0x01;
3097        buf[2] = 0x00;
3098        buf[3] = sizeof(bdaddr_t);
3099        memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
3100
3101        skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3102        if (IS_ERR(skb)) {
3103                ret = PTR_ERR(skb);
3104                bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3105                return ret;
3106        }
3107        kfree_skb(skb);
3108
3109        return 0;
3110}
3111
3112static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3113                                const bdaddr_t *bdaddr)
3114{
3115        struct sk_buff *skb;
3116        u8 buf[6];
3117        long ret;
3118
3119        memcpy(buf, bdaddr, sizeof(bdaddr_t));
3120
3121        skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf,
3122                                HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3123        if (IS_ERR(skb)) {
3124                ret = PTR_ERR(skb);
3125                bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3126                return ret;
3127        }
3128        kfree_skb(skb);
3129
3130        return 0;
3131}
3132
3133#define QCA_DFU_PACKET_LEN      4096
3134
3135#define QCA_GET_TARGET_VERSION  0x09
3136#define QCA_CHECK_STATUS        0x05
3137#define QCA_DFU_DOWNLOAD        0x01
3138
3139#define QCA_SYSCFG_UPDATED      0x40
3140#define QCA_PATCH_UPDATED       0x80
3141#define QCA_DFU_TIMEOUT         3000
3142#define QCA_FLAG_MULTI_NVM      0x80
3143
3144struct qca_version {
3145        __le32  rom_version;
3146        __le32  patch_version;
3147        __le32  ram_version;
3148        __le16  board_id;
3149        __le16  flag;
3150        __u8    reserved[4];
3151} __packed;
3152
3153struct qca_rampatch_version {
3154        __le16  rom_version_high;
3155        __le16  rom_version_low;
3156        __le16  patch_version;
3157} __packed;
3158
3159struct qca_device_info {
3160        u32     rom_version;
3161        u8      rampatch_hdr;   /* length of header in rampatch */
3162        u8      nvm_hdr;        /* length of header in NVM */
3163        u8      ver_offset;     /* offset of version structure in rampatch */
3164};
3165
3166static const struct qca_device_info qca_devices_table[] = {
3167        { 0x00000100, 20, 4,  8 }, /* Rome 1.0 */
3168        { 0x00000101, 20, 4,  8 }, /* Rome 1.1 */
3169        { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3170        { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3171        { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3172        { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3173        { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3174        { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3175};
3176
3177static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3178                                     void *data, u16 size)
3179{
3180        int pipe, err;
3181        u8 *buf;
3182
3183        buf = kmalloc(size, GFP_KERNEL);
3184        if (!buf)
3185                return -ENOMEM;
3186
3187        /* Found some of USB hosts have IOT issues with ours so that we should
3188         * not wait until HCI layer is ready.
3189         */
3190        pipe = usb_rcvctrlpipe(udev, 0);
3191        err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3192                              0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3193        if (err < 0) {
3194                dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3195                goto done;
3196        }
3197
3198        memcpy(data, buf, size);
3199
3200done:
3201        kfree(buf);
3202
3203        return err;
3204}
3205
3206static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3207                                       const struct firmware *firmware,
3208                                       size_t hdr_size)
3209{
3210        struct btusb_data *btdata = hci_get_drvdata(hdev);
3211        struct usb_device *udev = btdata->udev;
3212        size_t count, size, sent = 0;
3213        int pipe, len, err;
3214        u8 *buf;
3215
3216        buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3217        if (!buf)
3218                return -ENOMEM;
3219
3220        count = firmware->size;
3221
3222        size = min_t(size_t, count, hdr_size);
3223        memcpy(buf, firmware->data, size);
3224
3225        /* USB patches should go down to controller through USB path
3226         * because binary format fits to go down through USB channel.
3227         * USB control path is for patching headers and USB bulk is for
3228         * patch body.
3229         */
3230        pipe = usb_sndctrlpipe(udev, 0);
3231        err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3232                              0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3233        if (err < 0) {
3234                bt_dev_err(hdev, "Failed to send headers (%d)", err);
3235                goto done;
3236        }
3237
3238        sent += size;
3239        count -= size;
3240
3241        /* ep2 need time to switch from function acl to function dfu,
3242         * so we add 20ms delay here.
3243         */
3244        msleep(20);
3245
3246        while (count) {
3247                size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3248
3249                memcpy(buf, firmware->data + sent, size);
3250
3251                pipe = usb_sndbulkpipe(udev, 0x02);
3252                err = usb_bulk_msg(udev, pipe, buf, size, &len,
3253                                   QCA_DFU_TIMEOUT);
3254                if (err < 0) {
3255                        bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3256                                   sent, firmware->size, err);
3257                        break;
3258                }
3259
3260                if (size != len) {
3261                        bt_dev_err(hdev, "Failed to get bulk buffer");
3262                        err = -EILSEQ;
3263                        break;
3264                }
3265
3266                sent  += size;
3267                count -= size;
3268        }
3269
3270done:
3271        kfree(buf);
3272        return err;
3273}
3274
3275static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3276                                         struct qca_version *ver,
3277                                         const struct qca_device_info *info)
3278{
3279        struct qca_rampatch_version *rver;
3280        const struct firmware *fw;
3281        u32 ver_rom, ver_patch, rver_rom;
3282        u16 rver_rom_low, rver_rom_high, rver_patch;
3283        char fwname[64];
3284        int err;
3285
3286        ver_rom = le32_to_cpu(ver->rom_version);
3287        ver_patch = le32_to_cpu(ver->patch_version);
3288
3289        snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
3290
3291        err = request_firmware(&fw, fwname, &hdev->dev);
3292        if (err) {
3293                bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3294                           fwname, err);
3295                return err;
3296        }
3297
3298        bt_dev_info(hdev, "using rampatch file: %s", fwname);
3299
3300        rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3301        rver_rom_low = le16_to_cpu(rver->rom_version_low);
3302        rver_patch = le16_to_cpu(rver->patch_version);
3303
3304        if (ver_rom & ~0xffffU) {
3305                rver_rom_high = le16_to_cpu(rver->rom_version_high);
3306                rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3307        } else {
3308                rver_rom = rver_rom_low;
3309        }
3310
3311        bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3312                    "firmware rome 0x%x build 0x%x",
3313                    rver_rom, rver_patch, ver_rom, ver_patch);
3314
3315        if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3316                bt_dev_err(hdev, "rampatch file version did not match with firmware");
3317                err = -EINVAL;
3318                goto done;
3319        }
3320
3321        err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
3322
3323done:
3324        release_firmware(fw);
3325
3326        return err;
3327}
3328
3329static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
3330                                    struct qca_version *ver,
3331                                    const struct qca_device_info *info)
3332{
3333        const struct firmware *fw;
3334        char fwname[64];
3335        int err;
3336
3337        if (((ver->flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) {
3338                /* if boardid equal 0, use default nvm without surfix */
3339                if (le16_to_cpu(ver->board_id) == 0x0) {
3340                        snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
3341                                 le32_to_cpu(ver->rom_version));
3342                } else {
3343                        snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x_%04x.bin",
3344                                le32_to_cpu(ver->rom_version),
3345                                le16_to_cpu(ver->board_id));
3346                }
3347        } else {
3348                snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
3349                         le32_to_cpu(ver->rom_version));
3350        }
3351
3352        err = request_firmware(&fw, fwname, &hdev->dev);
3353        if (err) {
3354                bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
3355                           fwname, err);
3356                return err;
3357        }
3358
3359        bt_dev_info(hdev, "using NVM file: %s", fwname);
3360
3361        err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
3362
3363        release_firmware(fw);
3364
3365        return err;
3366}
3367
3368/* identify the ROM version and check whether patches are needed */
3369static bool btusb_qca_need_patch(struct usb_device *udev)
3370{
3371        struct qca_version ver;
3372
3373        if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3374                                      sizeof(ver)) < 0)
3375                return false;
3376        /* only low ROM versions need patches */
3377        return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
3378}
3379
3380static int btusb_setup_qca(struct hci_dev *hdev)
3381{
3382        struct btusb_data *btdata = hci_get_drvdata(hdev);
3383        struct usb_device *udev = btdata->udev;
3384        const struct qca_device_info *info = NULL;
3385        struct qca_version ver;
3386        u32 ver_rom;
3387        u8 status;
3388        int i, err;
3389
3390        err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3391                                        sizeof(ver));
3392        if (err < 0)
3393                return err;
3394
3395        ver_rom = le32_to_cpu(ver.rom_version);
3396
3397        for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3398                if (ver_rom == qca_devices_table[i].rom_version)
3399                        info = &qca_devices_table[i];
3400        }
3401        if (!info) {
3402                /* If the rom_version is not matched in the qca_devices_table
3403                 * and the high ROM version is not zero, we assume this chip no
3404                 * need to load the rampatch and nvm.
3405                 */
3406                if (ver_rom & ~0xffffU)
3407                        return 0;
3408
3409                bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
3410                return -ENODEV;
3411        }
3412
3413        err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
3414                                        sizeof(status));
3415        if (err < 0)
3416                return err;
3417
3418        if (!(status & QCA_PATCH_UPDATED)) {
3419                err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
3420                if (err < 0)
3421                        return err;
3422        }
3423
3424        err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3425                                        sizeof(ver));
3426        if (err < 0)
3427                return err;
3428
3429        if (!(status & QCA_SYSCFG_UPDATED)) {
3430                err = btusb_setup_qca_load_nvm(hdev, &ver, info);
3431                if (err < 0)
3432                        return err;
3433        }
3434
3435        return 0;
3436}
3437
3438static inline int __set_diag_interface(struct hci_dev *hdev)
3439{
3440        struct btusb_data *data = hci_get_drvdata(hdev);
3441        struct usb_interface *intf = data->diag;
3442        int i;
3443
3444        if (!data->diag)
3445                return -ENODEV;
3446
3447        data->diag_tx_ep = NULL;
3448        data->diag_rx_ep = NULL;
3449
3450        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3451                struct usb_endpoint_descriptor *ep_desc;
3452
3453                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3454
3455                if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3456                        data->diag_tx_ep = ep_desc;
3457                        continue;
3458                }
3459
3460                if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3461                        data->diag_rx_ep = ep_desc;
3462                        continue;
3463                }
3464        }
3465
3466        if (!data->diag_tx_ep || !data->diag_rx_ep) {
3467                bt_dev_err(hdev, "invalid diagnostic descriptors");
3468                return -ENODEV;
3469        }
3470
3471        return 0;
3472}
3473
3474static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
3475{
3476        struct btusb_data *data = hci_get_drvdata(hdev);
3477        struct sk_buff *skb;
3478        struct urb *urb;
3479        unsigned int pipe;
3480
3481        if (!data->diag_tx_ep)
3482                return ERR_PTR(-ENODEV);
3483
3484        urb = usb_alloc_urb(0, GFP_KERNEL);
3485        if (!urb)
3486                return ERR_PTR(-ENOMEM);
3487
3488        skb = bt_skb_alloc(2, GFP_KERNEL);
3489        if (!skb) {
3490                usb_free_urb(urb);
3491                return ERR_PTR(-ENOMEM);
3492        }
3493
3494        skb_put_u8(skb, 0xf0);
3495        skb_put_u8(skb, enable);
3496
3497        pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
3498
3499        usb_fill_bulk_urb(urb, data->udev, pipe,
3500                          skb->data, skb->len, btusb_tx_complete, skb);
3501
3502        skb->dev = (void *)hdev;
3503
3504        return urb;
3505}
3506
3507static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
3508{
3509        struct btusb_data *data = hci_get_drvdata(hdev);
3510        struct urb *urb;
3511
3512        if (!data->diag)
3513                return -ENODEV;
3514
3515        if (!test_bit(HCI_RUNNING, &hdev->flags))
3516                return -ENETDOWN;
3517
3518        urb = alloc_diag_urb(hdev, enable);
3519        if (IS_ERR(urb))
3520                return PTR_ERR(urb);
3521
3522        return submit_or_queue_tx_urb(hdev, urb);
3523}
3524
3525#ifdef CONFIG_PM
3526static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
3527{
3528        struct btusb_data *data = priv;
3529
3530        pm_wakeup_event(&data->udev->dev, 0);
3531        pm_system_wakeup();
3532
3533        /* Disable only if not already disabled (keep it balanced) */
3534        if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3535                disable_irq_nosync(irq);
3536                disable_irq_wake(irq);
3537        }
3538        return IRQ_HANDLED;
3539}
3540
3541static const struct of_device_id btusb_match_table[] = {
3542        { .compatible = "usb1286,204e" },
3543        { .compatible = "usbcf3,e300" }, /* QCA6174A */
3544        { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */
3545        { }
3546};
3547MODULE_DEVICE_TABLE(of, btusb_match_table);
3548
3549/* Use an oob wakeup pin? */
3550static int btusb_config_oob_wake(struct hci_dev *hdev)
3551{
3552        struct btusb_data *data = hci_get_drvdata(hdev);
3553        struct device *dev = &data->udev->dev;
3554        int irq, ret;
3555
3556        clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3557
3558        if (!of_match_device(btusb_match_table, dev))
3559                return 0;
3560
3561        /* Move on if no IRQ specified */
3562        irq = of_irq_get_byname(dev->of_node, "wakeup");
3563        if (irq <= 0) {
3564                bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
3565                return 0;
3566        }
3567
3568        irq_set_status_flags(irq, IRQ_NOAUTOEN);
3569        ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
3570                               0, "OOB Wake-on-BT", data);
3571        if (ret) {
3572                bt_dev_err(hdev, "%s: IRQ request failed", __func__);
3573                return ret;
3574        }
3575
3576        ret = device_init_wakeup(dev, true);
3577        if (ret) {
3578                bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
3579                return ret;
3580        }
3581
3582        data->oob_wake_irq = irq;
3583        bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
3584        return 0;
3585}
3586#endif
3587
3588static void btusb_check_needs_reset_resume(struct usb_interface *intf)
3589{
3590        if (dmi_check_system(btusb_needs_reset_resume_table))
3591                interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3592}
3593
3594static bool btusb_prevent_wake(struct hci_dev *hdev)
3595{
3596        struct btusb_data *data = hci_get_drvdata(hdev);
3597
3598        return !device_may_wakeup(&data->udev->dev);
3599}
3600
3601static int btusb_shutdown_qca(struct hci_dev *hdev)
3602{
3603        struct sk_buff *skb;
3604
3605        skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3606        if (IS_ERR(skb)) {
3607                bt_dev_err(hdev, "HCI reset during shutdown failed");
3608                return PTR_ERR(skb);
3609        }
3610        kfree_skb(skb);
3611
3612        return 0;
3613}
3614
3615static int btusb_probe(struct usb_interface *intf,
3616                       const struct usb_device_id *id)
3617{
3618        struct usb_endpoint_descriptor *ep_desc;
3619        struct gpio_desc *reset_gpio;
3620        struct btusb_data *data;
3621        struct hci_dev *hdev;
3622        unsigned ifnum_base;
3623        int i, err, priv_size;
3624
3625        BT_DBG("intf %p id %p", intf, id);
3626
3627        /* interface numbers are hardcoded in the spec */
3628        if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
3629                if (!(id->driver_info & BTUSB_IFNUM_2))
3630                        return -ENODEV;
3631                if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
3632                        return -ENODEV;
3633        }
3634
3635        ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
3636
3637        if (!id->driver_info) {
3638                const struct usb_device_id *match;
3639
3640                match = usb_match_id(intf, blacklist_table);
3641                if (match)
3642                        id = match;
3643        }
3644
3645        if (id->driver_info == BTUSB_IGNORE)
3646                return -ENODEV;
3647
3648        if (id->driver_info & BTUSB_ATH3012) {
3649                struct usb_device *udev = interface_to_usbdev(intf);
3650
3651                /* Old firmware would otherwise let ath3k driver load
3652                 * patch and sysconfig files
3653                 */
3654                if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
3655                    !btusb_qca_need_patch(udev))
3656                        return -ENODEV;
3657        }
3658
3659        data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
3660        if (!data)
3661                return -ENOMEM;
3662
3663        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3664                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3665
3666                if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
3667                        data->intr_ep = ep_desc;
3668                        continue;
3669                }
3670
3671                if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3672                        data->bulk_tx_ep = ep_desc;
3673                        continue;
3674                }
3675
3676                if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3677                        data->bulk_rx_ep = ep_desc;
3678                        continue;
3679                }
3680        }
3681
3682        if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
3683                return -ENODEV;
3684
3685        if (id->driver_info & BTUSB_AMP) {
3686                data->cmdreq_type = USB_TYPE_CLASS | 0x01;
3687                data->cmdreq = 0x2b;
3688        } else {
3689                data->cmdreq_type = USB_TYPE_CLASS;
3690                data->cmdreq = 0x00;
3691        }
3692
3693        data->udev = interface_to_usbdev(intf);
3694        data->intf = intf;
3695
3696        INIT_WORK(&data->work, btusb_work);
3697        INIT_WORK(&data->waker, btusb_waker);
3698        init_usb_anchor(&data->deferred);
3699        init_usb_anchor(&data->tx_anchor);
3700        spin_lock_init(&data->txlock);
3701
3702        init_usb_anchor(&data->intr_anchor);
3703        init_usb_anchor(&data->bulk_anchor);
3704        init_usb_anchor(&data->isoc_anchor);
3705        init_usb_anchor(&data->diag_anchor);
3706        init_usb_anchor(&data->ctrl_anchor);
3707        spin_lock_init(&data->rxlock);
3708
3709        priv_size = 0;
3710
3711        data->recv_event = hci_recv_frame;
3712        data->recv_bulk = btusb_recv_bulk;
3713
3714        if (id->driver_info & BTUSB_INTEL_COMBINED) {
3715                /* Allocate extra space for Intel device */
3716                priv_size += sizeof(struct btintel_data);
3717
3718                /* Override the rx handlers */
3719                data->recv_event = btusb_recv_event_intel;
3720                data->recv_bulk = btusb_recv_bulk_intel;
3721        }
3722
3723        data->recv_acl = hci_recv_frame;
3724
3725        hdev = hci_alloc_dev_priv(priv_size);
3726        if (!hdev)
3727                return -ENOMEM;
3728
3729        hdev->bus = HCI_USB;
3730        hci_set_drvdata(hdev, data);
3731
3732        if (id->driver_info & BTUSB_AMP)
3733                hdev->dev_type = HCI_AMP;
3734        else
3735                hdev->dev_type = HCI_PRIMARY;
3736
3737        data->hdev = hdev;
3738
3739        SET_HCIDEV_DEV(hdev, &intf->dev);
3740
3741        reset_gpio = gpiod_get_optional(&data->udev->dev, "reset",
3742                                        GPIOD_OUT_LOW);
3743        if (IS_ERR(reset_gpio)) {
3744                err = PTR_ERR(reset_gpio);
3745                goto out_free_dev;
3746        } else if (reset_gpio) {
3747                data->reset_gpio = reset_gpio;
3748        }
3749
3750        hdev->open   = btusb_open;
3751        hdev->close  = btusb_close;
3752        hdev->flush  = btusb_flush;
3753        hdev->send   = btusb_send_frame;
3754        hdev->notify = btusb_notify;
3755        hdev->prevent_wake = btusb_prevent_wake;
3756
3757#ifdef CONFIG_PM
3758        err = btusb_config_oob_wake(hdev);
3759        if (err)
3760                goto out_free_dev;
3761
3762        /* Marvell devices may need a specific chip configuration */
3763        if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
3764                err = marvell_config_oob_wake(hdev);
3765                if (err)
3766                        goto out_free_dev;
3767        }
3768#endif
3769        if (id->driver_info & BTUSB_CW6622)
3770                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3771
3772        if (id->driver_info & BTUSB_BCM2045)
3773                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3774
3775        if (id->driver_info & BTUSB_BCM92035)
3776                hdev->setup = btusb_setup_bcm92035;
3777
3778        if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3779            (id->driver_info & BTUSB_BCM_PATCHRAM)) {
3780                hdev->manufacturer = 15;
3781                hdev->setup = btbcm_setup_patchram;
3782                hdev->set_diag = btusb_bcm_set_diag;
3783                hdev->set_bdaddr = btbcm_set_bdaddr;
3784
3785                /* Broadcom LM_DIAG Interface numbers are hardcoded */
3786                data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3787        }
3788
3789        if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3790            (id->driver_info & BTUSB_BCM_APPLE)) {
3791                hdev->manufacturer = 15;
3792                hdev->setup = btbcm_setup_apple;
3793                hdev->set_diag = btusb_bcm_set_diag;
3794
3795                /* Broadcom LM_DIAG Interface numbers are hardcoded */
3796                data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3797        }
3798
3799        /* Combined Intel Device setup to support multiple setup routine */
3800        if (id->driver_info & BTUSB_INTEL_COMBINED) {
3801                err = btintel_configure_setup(hdev);
3802                if (err)
3803                        goto out_free_dev;
3804
3805                /* Transport specific configuration */
3806                hdev->send = btusb_send_frame_intel;
3807                hdev->cmd_timeout = btusb_intel_cmd_timeout;
3808
3809                if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD)
3810                        btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD);
3811        }
3812
3813        if (id->driver_info & BTUSB_MARVELL)
3814                hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3815
3816        if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
3817            (id->driver_info & BTUSB_MEDIATEK)) {
3818                hdev->setup = btusb_mtk_setup;
3819                hdev->shutdown = btusb_mtk_shutdown;
3820                hdev->manufacturer = 70;
3821                hdev->cmd_timeout = btusb_mtk_cmd_timeout;
3822                set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
3823                data->recv_acl = btusb_recv_acl_mtk;
3824        }
3825
3826        if (id->driver_info & BTUSB_SWAVE) {
3827                set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3828                set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3829        }
3830
3831        if (id->driver_info & BTUSB_INTEL_BOOT) {
3832                hdev->manufacturer = 2;
3833                set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3834        }
3835
3836        if (id->driver_info & BTUSB_ATH3012) {
3837                data->setup_on_usb = btusb_setup_qca;
3838                hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3839                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3840                set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3841        }
3842
3843        if (id->driver_info & BTUSB_QCA_ROME) {
3844                data->setup_on_usb = btusb_setup_qca;
3845                hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3846                hdev->cmd_timeout = btusb_qca_cmd_timeout;
3847                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3848                btusb_check_needs_reset_resume(intf);
3849        }
3850
3851        if (id->driver_info & BTUSB_QCA_WCN6855) {
3852                data->setup_on_usb = btusb_setup_qca;
3853                hdev->shutdown = btusb_shutdown_qca;
3854                hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
3855                hdev->cmd_timeout = btusb_qca_cmd_timeout;
3856                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3857                hci_set_msft_opcode(hdev, 0xFD70);
3858        }
3859
3860        if (id->driver_info & BTUSB_AMP) {
3861                /* AMP controllers do not support SCO packets */
3862                data->isoc = NULL;
3863        } else {
3864                /* Interface orders are hardcoded in the specification */
3865                data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3866                data->isoc_ifnum = ifnum_base + 1;
3867        }
3868
3869        if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
3870            (id->driver_info & BTUSB_REALTEK)) {
3871                hdev->setup = btrtl_setup_realtek;
3872                hdev->shutdown = btrtl_shutdown_realtek;
3873                hdev->cmd_timeout = btusb_rtl_cmd_timeout;
3874
3875                /* Realtek devices need to set remote wakeup on auto-suspend */
3876                set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags);
3877                set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags);
3878        }
3879
3880        if (!reset)
3881                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3882
3883        if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3884                if (!disable_scofix)
3885                        set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3886        }
3887
3888        if (id->driver_info & BTUSB_BROKEN_ISOC)
3889                data->isoc = NULL;
3890
3891        if (id->driver_info & BTUSB_WIDEBAND_SPEECH)
3892                set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3893
3894        if (id->driver_info & BTUSB_VALID_LE_STATES)
3895                set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
3896
3897        if (id->driver_info & BTUSB_DIGIANSWER) {
3898                data->cmdreq_type = USB_TYPE_VENDOR;
3899                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3900        }
3901
3902        if (id->driver_info & BTUSB_CSR) {
3903                struct usb_device *udev = data->udev;
3904                u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3905
3906                /* Old firmware would otherwise execute USB reset */
3907                if (bcdDevice < 0x117)
3908                        set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3909
3910                /* This must be set first in case we disable it for fakes */
3911                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3912
3913                /* Fake CSR devices with broken commands */
3914                if (le16_to_cpu(udev->descriptor.idVendor)  == 0x0a12 &&
3915                    le16_to_cpu(udev->descriptor.idProduct) == 0x0001)
3916                        hdev->setup = btusb_setup_csr;
3917        }
3918
3919        if (id->driver_info & BTUSB_SNIFFER) {
3920                struct usb_device *udev = data->udev;
3921
3922                /* New sniffer firmware has crippled HCI interface */
3923                if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3924                        set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3925        }
3926
3927        if (id->driver_info & BTUSB_INTEL_BOOT) {
3928                /* A bug in the bootloader causes that interrupt interface is
3929                 * only enabled after receiving SetInterface(0, AltSetting=0).
3930                 */
3931                err = usb_set_interface(data->udev, 0, 0);
3932                if (err < 0) {
3933                        BT_ERR("failed to set interface 0, alt 0 %d", err);
3934                        goto out_free_dev;
3935                }
3936        }
3937
3938        if (data->isoc) {
3939                err = usb_driver_claim_interface(&btusb_driver,
3940                                                 data->isoc, data);
3941                if (err < 0)
3942                        goto out_free_dev;
3943        }
3944
3945        if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
3946                if (!usb_driver_claim_interface(&btusb_driver,
3947                                                data->diag, data))
3948                        __set_diag_interface(hdev);
3949                else
3950                        data->diag = NULL;
3951        }
3952
3953        if (enable_autosuspend)
3954                usb_enable_autosuspend(data->udev);
3955
3956        err = hci_register_dev(hdev);
3957        if (err < 0)
3958                goto out_free_dev;
3959
3960        usb_set_intfdata(intf, data);
3961
3962        return 0;
3963
3964out_free_dev:
3965        if (data->reset_gpio)
3966                gpiod_put(data->reset_gpio);
3967        hci_free_dev(hdev);
3968        return err;
3969}
3970
3971static void btusb_disconnect(struct usb_interface *intf)
3972{
3973        struct btusb_data *data = usb_get_intfdata(intf);
3974        struct hci_dev *hdev;
3975
3976        BT_DBG("intf %p", intf);
3977
3978        if (!data)
3979                return;
3980
3981        hdev = data->hdev;
3982        usb_set_intfdata(data->intf, NULL);
3983
3984        if (data->isoc)
3985                usb_set_intfdata(data->isoc, NULL);
3986
3987        if (data->diag)
3988                usb_set_intfdata(data->diag, NULL);
3989
3990        hci_unregister_dev(hdev);
3991
3992        if (intf == data->intf) {
3993                if (data->isoc)
3994                        usb_driver_release_interface(&btusb_driver, data->isoc);
3995                if (data->diag)
3996                        usb_driver_release_interface(&btusb_driver, data->diag);
3997        } else if (intf == data->isoc) {
3998                if (data->diag)
3999                        usb_driver_release_interface(&btusb_driver, data->diag);
4000                usb_driver_release_interface(&btusb_driver, data->intf);

4001        } else if (intf == data->diag) {
4002                usb_driver_release_interface(&btusb_driver, data->intf);
4003                if (data->isoc)
4004                        usb_driver_release_interface(&btusb_driver, data->isoc);
4005        }
4006
4007        if (data->oob_wake_irq)
4008                device_init_wakeup(&data->udev->dev, false);
4009
4010        if (data->reset_gpio)
4011                gpiod_put(data->reset_gpio);
4012
4013        hci_free_dev(hdev);
4014}
4015
4016#ifdef CONFIG_PM
4017static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
4018{
4019        struct btusb_data *data = usb_get_intfdata(intf);
4020
4021        BT_DBG("intf %p", intf);
4022
4023        if (data->suspend_count++)
4024                return 0;
4025
4026        spin_lock_irq(&data->txlock);
4027        if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
4028                set_bit(BTUSB_SUSPENDING, &data->flags);
4029                spin_unlock_irq(&data->txlock);
4030        } else {
4031                spin_unlock_irq(&data->txlock);
4032                data->suspend_count--;
4033                return -EBUSY;
4034        }
4035
4036        cancel_work_sync(&data->work);
4037
4038        btusb_stop_traffic(data);
4039        usb_kill_anchored_urbs(&data->tx_anchor);
4040
4041        if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
4042                set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4043                enable_irq_wake(data->oob_wake_irq);
4044                enable_irq(data->oob_wake_irq);
4045        }
4046
4047        /* For global suspend, Realtek devices lose the loaded fw
4048         * in them. But for autosuspend, firmware should remain.
4049         * Actually, it depends on whether the usb host sends
4050         * set feature (enable wakeup) or not.
4051         */
4052        if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) {
4053                if (PMSG_IS_AUTO(message) &&
4054                    device_can_wakeup(&data->udev->dev))
4055                        data->udev->do_remote_wakeup = 1;
4056                else if (!PMSG_IS_AUTO(message) &&
4057                         !device_may_wakeup(&data->udev->dev)) {
4058                        data->udev->do_remote_wakeup = 0;
4059                        data->udev->reset_resume = 1;
4060                }
4061        }
4062
4063        return 0;
4064}
4065
4066static void play_deferred(struct btusb_data *data)
4067{
4068        struct urb *urb;
4069        int err;
4070
4071        while ((urb = usb_get_from_anchor(&data->deferred))) {
4072                usb_anchor_urb(urb, &data->tx_anchor);
4073
4074                err = usb_submit_urb(urb, GFP_ATOMIC);
4075                if (err < 0) {
4076                        if (err != -EPERM && err != -ENODEV)
4077                                BT_ERR("%s urb %p submission failed (%d)",
4078                                       data->hdev->name, urb, -err);
4079                        kfree(urb->setup_packet);
4080                        usb_unanchor_urb(urb);
4081                        usb_free_urb(urb);
4082                        break;
4083                }
4084
4085                data->tx_in_flight++;
4086                usb_free_urb(urb);
4087        }
4088
4089        /* Cleanup the rest deferred urbs. */
4090        while ((urb = usb_get_from_anchor(&data->deferred))) {
4091                kfree(urb->setup_packet);
4092                usb_free_urb(urb);
4093        }
4094}
4095
4096static int btusb_resume(struct usb_interface *intf)
4097{
4098        struct btusb_data *data = usb_get_intfdata(intf);
4099        struct hci_dev *hdev = data->hdev;
4100        int err = 0;
4101
4102        BT_DBG("intf %p", intf);
4103
4104        if (--data->suspend_count)
4105                return 0;
4106
4107        /* Disable only if not already disabled (keep it balanced) */
4108        if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4109                disable_irq(data->oob_wake_irq);
4110                disable_irq_wake(data->oob_wake_irq);
4111        }
4112
4113        if (!test_bit(HCI_RUNNING, &hdev->flags))
4114                goto done;
4115
4116        if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4117                err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4118                if (err < 0) {
4119                        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
4120                        goto failed;
4121                }
4122        }
4123
4124        if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4125                err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4126                if (err < 0) {
4127                        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
4128                        goto failed;
4129                }
4130
4131                btusb_submit_bulk_urb(hdev, GFP_NOIO);
4132        }
4133
4134        if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4135                if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4136                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
4137                else
4138                        btusb_submit_isoc_urb(hdev, GFP_NOIO);
4139        }
4140
4141        spin_lock_irq(&data->txlock);
4142        play_deferred(data);
4143        clear_bit(BTUSB_SUSPENDING, &data->flags);
4144        spin_unlock_irq(&data->txlock);
4145        schedule_work(&data->work);
4146
4147        return 0;
4148
4149failed:
4150        usb_scuttle_anchored_urbs(&data->deferred);
4151done:
4152        spin_lock_irq(&data->txlock);
4153        clear_bit(BTUSB_SUSPENDING, &data->flags);
4154        spin_unlock_irq(&data->txlock);
4155
4156        return err;
4157}
4158#endif
4159
4160static struct usb_driver btusb_driver = {
4161        .name           = "btusb",
4162        .probe          = btusb_probe,
4163        .disconnect     = btusb_disconnect,
4164#ifdef CONFIG_PM
4165        .suspend        = btusb_suspend,
4166        .resume         = btusb_resume,
4167#endif
4168        .id_table       = btusb_table,
4169        .supports_autosuspend = 1,
4170        .disable_hub_initiated_lpm = 1,
4171};
4172
4173module_usb_driver(btusb_driver);
4174
4175module_param(disable_scofix, bool, 0644);
4176MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4177
4178module_param(force_scofix, bool, 0644);
4179MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4180
4181module_param(enable_autosuspend, bool, 0644);
4182MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4183
4184module_param(reset, bool, 0644);
4185MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4186
4187MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4188MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4189MODULE_VERSION(VERSION);
4190MODULE_LICENSE("GPL");
4191