1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/kernel.h>
25#include <linux/module.h>
26#include <linux/init.h>
27#include <linux/slab.h>
28#include <linux/types.h>
29#include <linux/sched.h>
30#include <linux/errno.h>
31#include <linux/skbuff.h>
32
33#include <linux/usb.h>
34
35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h>
37
38#define VERSION "0.6"
39
40static int ignore_dga;
41static int ignore_csr;
42static int ignore_sniffer;
43static int disable_scofix;
44static int force_scofix;
45
46static int reset = 1;
47
48static struct usb_driver btusb_driver;
49
50#define BTUSB_IGNORE 0x01
51#define BTUSB_DIGIANSWER 0x02
52#define BTUSB_CSR 0x04
53#define BTUSB_SNIFFER 0x08
54#define BTUSB_BCM92035 0x10
55#define BTUSB_BROKEN_ISOC 0x20
56#define BTUSB_WRONG_SCO_MTU 0x40
57#define BTUSB_ATH3012 0x80
58
59static struct usb_device_id btusb_table[] = {
60
61 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
62
63
64 { USB_DEVICE(0x05ac, 0x8213) },
65
66
67 { USB_DEVICE(0x05ac, 0x8215) },
68
69
70 { USB_DEVICE(0x05ac, 0x8218) },
71
72
73 { USB_DEVICE(0x05ac, 0x821b) },
74
75
76 { USB_DEVICE(0x05ac, 0x821f) },
77
78
79 { USB_DEVICE(0x05ac, 0x821a) },
80
81
82 { USB_DEVICE(0x05ac, 0x8281) },
83
84
85 { USB_DEVICE(0x057c, 0x3800) },
86
87
88 { USB_DEVICE(0x04bf, 0x030a) },
89
90
91 { USB_DEVICE(0x044e, 0x3001) },
92 { USB_DEVICE(0x044e, 0x3002) },
93
94
95 { USB_DEVICE(0x0bdb, 0x1002) },
96
97
98 { USB_DEVICE(0x0c10, 0x0000) },
99
100 { }
101};
102
103MODULE_DEVICE_TABLE(usb, btusb_table);
104
105static struct usb_device_id blacklist_table[] = {
106
107 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
108
109
110 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
111
112
113 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
114 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
115 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
116
117
118 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
119
120
121 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
122
123
124 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
125
126
127 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
128 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
129 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
130
131
132 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
133 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
134
135
136 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
137 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
138
139
140 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
141
142
143 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
144
145
146 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
147 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
148
149
150 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
151 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
152
153
154 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
155
156
157 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
158
159
160 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
161 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
162
163
164 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
165
166
167 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
168 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
169
170
171 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
172
173
174 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
175
176 { }
177};
178
179#define BTUSB_MAX_ISOC_FRAMES 10
180
181#define BTUSB_INTR_RUNNING 0
182#define BTUSB_BULK_RUNNING 1
183#define BTUSB_ISOC_RUNNING 2
184#define BTUSB_SUSPENDING 3
185#define BTUSB_DID_ISO_RESUME 4
186
187struct btusb_data {
188 struct hci_dev *hdev;
189 struct usb_device *udev;
190 struct usb_interface *intf;
191 struct usb_interface *isoc;
192
193 spinlock_t lock;
194
195 unsigned long flags;
196
197 struct work_struct work;
198 struct work_struct waker;
199
200 struct usb_anchor tx_anchor;
201 struct usb_anchor intr_anchor;
202 struct usb_anchor bulk_anchor;
203 struct usb_anchor isoc_anchor;
204 struct usb_anchor deferred;
205 int tx_in_flight;
206 spinlock_t txlock;
207
208 struct usb_endpoint_descriptor *intr_ep;
209 struct usb_endpoint_descriptor *bulk_tx_ep;
210 struct usb_endpoint_descriptor *bulk_rx_ep;
211 struct usb_endpoint_descriptor *isoc_tx_ep;
212 struct usb_endpoint_descriptor *isoc_rx_ep;
213
214 __u8 cmdreq_type;
215
216 unsigned int sco_num;
217 int isoc_altsetting;
218 int suspend_count;
219};
220
221static int inc_tx(struct btusb_data *data)
222{
223 unsigned long flags;
224 int rv;
225
226 spin_lock_irqsave(&data->txlock, flags);
227 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
228 if (!rv)
229 data->tx_in_flight++;
230 spin_unlock_irqrestore(&data->txlock, flags);
231
232 return rv;
233}
234
235static void btusb_intr_complete(struct urb *urb)
236{
237 struct hci_dev *hdev = urb->context;
238 struct btusb_data *data = hdev->driver_data;
239 int err;
240
241 BT_DBG("%s urb %p status %d count %d", hdev->name,
242 urb, urb->status, urb->actual_length);
243
244 if (!test_bit(HCI_RUNNING, &hdev->flags))
245 return;
246
247 if (urb->status == 0) {
248 hdev->stat.byte_rx += urb->actual_length;
249
250 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
251 urb->transfer_buffer,
252 urb->actual_length) < 0) {
253 BT_ERR("%s corrupted event packet", hdev->name);
254 hdev->stat.err_rx++;
255 }
256 }
257
258 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
259 return;
260
261 usb_mark_last_busy(data->udev);
262 usb_anchor_urb(urb, &data->intr_anchor);
263
264 err = usb_submit_urb(urb, GFP_ATOMIC);
265 if (err < 0) {
266
267
268 if (err != -EPERM && err != -ENODEV)
269 BT_ERR("%s urb %p failed to resubmit (%d)",
270 hdev->name, urb, -err);
271 usb_unanchor_urb(urb);
272 }
273}
274
275static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
276{
277 struct btusb_data *data = hdev->driver_data;
278 struct urb *urb;
279 unsigned char *buf;
280 unsigned int pipe;
281 int err, size;
282
283 BT_DBG("%s", hdev->name);
284
285 if (!data->intr_ep)
286 return -ENODEV;
287
288 urb = usb_alloc_urb(0, mem_flags);
289 if (!urb)
290 return -ENOMEM;
291
292 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
293
294 buf = kmalloc(size, mem_flags);
295 if (!buf) {
296 usb_free_urb(urb);
297 return -ENOMEM;
298 }
299
300 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
301
302 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
303 btusb_intr_complete, hdev,
304 data->intr_ep->bInterval);
305
306 urb->transfer_flags |= URB_FREE_BUFFER;
307
308 usb_anchor_urb(urb, &data->intr_anchor);
309
310 err = usb_submit_urb(urb, mem_flags);
311 if (err < 0) {
312 BT_ERR("%s urb %p submission failed (%d)",
313 hdev->name, urb, -err);
314 usb_unanchor_urb(urb);
315 }
316
317 usb_free_urb(urb);
318
319 return err;
320}
321
322static void btusb_bulk_complete(struct urb *urb)
323{
324 struct hci_dev *hdev = urb->context;
325 struct btusb_data *data = hdev->driver_data;
326 int err;
327
328 BT_DBG("%s urb %p status %d count %d", hdev->name,
329 urb, urb->status, urb->actual_length);
330
331 if (!test_bit(HCI_RUNNING, &hdev->flags))
332 return;
333
334 if (urb->status == 0) {
335 hdev->stat.byte_rx += urb->actual_length;
336
337 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
338 urb->transfer_buffer,
339 urb->actual_length) < 0) {
340 BT_ERR("%s corrupted ACL packet", hdev->name);
341 hdev->stat.err_rx++;
342 }
343 }
344
345 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
346 return;
347
348 usb_anchor_urb(urb, &data->bulk_anchor);
349 usb_mark_last_busy(data->udev);
350
351 err = usb_submit_urb(urb, GFP_ATOMIC);
352 if (err < 0) {
353
354
355 if (err != -EPERM && err != -ENODEV)
356 BT_ERR("%s urb %p failed to resubmit (%d)",
357 hdev->name, urb, -err);
358 usb_unanchor_urb(urb);
359 }
360}
361
362static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
363{
364 struct btusb_data *data = hdev->driver_data;
365 struct urb *urb;
366 unsigned char *buf;
367 unsigned int pipe;
368 int err, size = HCI_MAX_FRAME_SIZE;
369
370 BT_DBG("%s", hdev->name);
371
372 if (!data->bulk_rx_ep)
373 return -ENODEV;
374
375 urb = usb_alloc_urb(0, mem_flags);
376 if (!urb)
377 return -ENOMEM;
378
379 buf = kmalloc(size, mem_flags);
380 if (!buf) {
381 usb_free_urb(urb);
382 return -ENOMEM;
383 }
384
385 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
386
387 usb_fill_bulk_urb(urb, data->udev, pipe,
388 buf, size, btusb_bulk_complete, hdev);
389
390 urb->transfer_flags |= URB_FREE_BUFFER;
391
392 usb_mark_last_busy(data->udev);
393 usb_anchor_urb(urb, &data->bulk_anchor);
394
395 err = usb_submit_urb(urb, mem_flags);
396 if (err < 0) {
397 BT_ERR("%s urb %p submission failed (%d)",
398 hdev->name, urb, -err);
399 usb_unanchor_urb(urb);
400 }
401
402 usb_free_urb(urb);
403
404 return err;
405}
406
407static void btusb_isoc_complete(struct urb *urb)
408{
409 struct hci_dev *hdev = urb->context;
410 struct btusb_data *data = hdev->driver_data;
411 int i, err;
412
413 BT_DBG("%s urb %p status %d count %d", hdev->name,
414 urb, urb->status, urb->actual_length);
415
416 if (!test_bit(HCI_RUNNING, &hdev->flags))
417 return;
418
419 if (urb->status == 0) {
420 for (i = 0; i < urb->number_of_packets; i++) {
421 unsigned int offset = urb->iso_frame_desc[i].offset;
422 unsigned int length = urb->iso_frame_desc[i].actual_length;
423
424 if (urb->iso_frame_desc[i].status)
425 continue;
426
427 hdev->stat.byte_rx += length;
428
429 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
430 urb->transfer_buffer + offset,
431 length) < 0) {
432 BT_ERR("%s corrupted SCO packet", hdev->name);
433 hdev->stat.err_rx++;
434 }
435 }
436 }
437
438 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
439 return;
440
441 usb_anchor_urb(urb, &data->isoc_anchor);
442
443 err = usb_submit_urb(urb, GFP_ATOMIC);
444 if (err < 0) {
445
446
447 if (err != -EPERM && err != -ENODEV)
448 BT_ERR("%s urb %p failed to resubmit (%d)",
449 hdev->name, urb, -err);
450 usb_unanchor_urb(urb);
451 }
452}
453
454static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
455{
456 int i, offset = 0;
457
458 BT_DBG("len %d mtu %d", len, mtu);
459
460 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
461 i++, offset += mtu, len -= mtu) {
462 urb->iso_frame_desc[i].offset = offset;
463 urb->iso_frame_desc[i].length = mtu;
464 }
465
466 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
467 urb->iso_frame_desc[i].offset = offset;
468 urb->iso_frame_desc[i].length = len;
469 i++;
470 }
471
472 urb->number_of_packets = i;
473}
474
475static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
476{
477 struct btusb_data *data = hdev->driver_data;
478 struct urb *urb;
479 unsigned char *buf;
480 unsigned int pipe;
481 int err, size;
482
483 BT_DBG("%s", hdev->name);
484
485 if (!data->isoc_rx_ep)
486 return -ENODEV;
487
488 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
489 if (!urb)
490 return -ENOMEM;
491
492 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
493 BTUSB_MAX_ISOC_FRAMES;
494
495 buf = kmalloc(size, mem_flags);
496 if (!buf) {
497 usb_free_urb(urb);
498 return -ENOMEM;
499 }
500
501 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
502
503 urb->dev = data->udev;
504 urb->pipe = pipe;
505 urb->context = hdev;
506 urb->complete = btusb_isoc_complete;
507 urb->interval = data->isoc_rx_ep->bInterval;
508
509 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
510 urb->transfer_buffer = buf;
511 urb->transfer_buffer_length = size;
512
513 __fill_isoc_descriptor(urb, size,
514 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
515
516 usb_anchor_urb(urb, &data->isoc_anchor);
517
518 err = usb_submit_urb(urb, mem_flags);
519 if (err < 0) {
520 BT_ERR("%s urb %p submission failed (%d)",
521 hdev->name, urb, -err);
522 usb_unanchor_urb(urb);
523 }
524
525 usb_free_urb(urb);
526
527 return err;
528}
529
530static void btusb_tx_complete(struct urb *urb)
531{
532 struct sk_buff *skb = urb->context;
533 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
534 struct btusb_data *data = hdev->driver_data;
535
536 BT_DBG("%s urb %p status %d count %d", hdev->name,
537 urb, urb->status, urb->actual_length);
538
539 if (!test_bit(HCI_RUNNING, &hdev->flags))
540 goto done;
541
542 if (!urb->status)
543 hdev->stat.byte_tx += urb->transfer_buffer_length;
544 else
545 hdev->stat.err_tx++;
546
547done:
548 spin_lock(&data->txlock);
549 data->tx_in_flight--;
550 spin_unlock(&data->txlock);
551
552 kfree(urb->setup_packet);
553
554 kfree_skb(skb);
555}
556
557static void btusb_isoc_tx_complete(struct urb *urb)
558{
559 struct sk_buff *skb = urb->context;
560 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
561
562 BT_DBG("%s urb %p status %d count %d", hdev->name,
563 urb, urb->status, urb->actual_length);
564
565 if (!test_bit(HCI_RUNNING, &hdev->flags))
566 goto done;
567
568 if (!urb->status)
569 hdev->stat.byte_tx += urb->transfer_buffer_length;
570 else
571 hdev->stat.err_tx++;
572
573done:
574 kfree(urb->setup_packet);
575
576 kfree_skb(skb);
577}
578
579static int btusb_open(struct hci_dev *hdev)
580{
581 struct btusb_data *data = hdev->driver_data;
582 int err;
583
584 BT_DBG("%s", hdev->name);
585
586 err = usb_autopm_get_interface(data->intf);
587 if (err < 0)
588 return err;
589
590 data->intf->needs_remote_wakeup = 1;
591
592 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
593 goto done;
594
595 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
596 goto done;
597
598 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
599 if (err < 0)
600 goto failed;
601
602 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
603 if (err < 0) {
604 usb_kill_anchored_urbs(&data->intr_anchor);
605 goto failed;
606 }
607
608 set_bit(BTUSB_BULK_RUNNING, &data->flags);
609 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
610
611done:
612 usb_autopm_put_interface(data->intf);
613 return 0;
614
615failed:
616 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
617 clear_bit(HCI_RUNNING, &hdev->flags);
618 usb_autopm_put_interface(data->intf);
619 return err;
620}
621
622static void btusb_stop_traffic(struct btusb_data *data)
623{
624 usb_kill_anchored_urbs(&data->intr_anchor);
625 usb_kill_anchored_urbs(&data->bulk_anchor);
626 usb_kill_anchored_urbs(&data->isoc_anchor);
627}
628
629static int btusb_close(struct hci_dev *hdev)
630{
631 struct btusb_data *data = hdev->driver_data;
632 int err;
633
634 BT_DBG("%s", hdev->name);
635
636 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
637 return 0;
638
639 cancel_work_sync(&data->work);
640 cancel_work_sync(&data->waker);
641
642 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
643 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
644 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
645
646 btusb_stop_traffic(data);
647 err = usb_autopm_get_interface(data->intf);
648 if (err < 0)
649 goto failed;
650
651 data->intf->needs_remote_wakeup = 0;
652 usb_autopm_put_interface(data->intf);
653
654failed:
655 usb_scuttle_anchored_urbs(&data->deferred);
656 return 0;
657}
658
659static int btusb_flush(struct hci_dev *hdev)
660{
661 struct btusb_data *data = hdev->driver_data;
662
663 BT_DBG("%s", hdev->name);
664
665 usb_kill_anchored_urbs(&data->tx_anchor);
666
667 return 0;
668}
669
670static int btusb_send_frame(struct sk_buff *skb)
671{
672 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
673 struct btusb_data *data = hdev->driver_data;
674 struct usb_ctrlrequest *dr;
675 struct urb *urb;
676 unsigned int pipe;
677 int err;
678
679 BT_DBG("%s", hdev->name);
680
681 if (!test_bit(HCI_RUNNING, &hdev->flags))
682 return -EBUSY;
683
684 switch (bt_cb(skb)->pkt_type) {
685 case HCI_COMMAND_PKT:
686 urb = usb_alloc_urb(0, GFP_ATOMIC);
687 if (!urb)
688 return -ENOMEM;
689
690 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
691 if (!dr) {
692 usb_free_urb(urb);
693 return -ENOMEM;
694 }
695
696 dr->bRequestType = data->cmdreq_type;
697 dr->bRequest = 0;
698 dr->wIndex = 0;
699 dr->wValue = 0;
700 dr->wLength = __cpu_to_le16(skb->len);
701
702 pipe = usb_sndctrlpipe(data->udev, 0x00);
703
704 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
705 skb->data, skb->len, btusb_tx_complete, skb);
706
707 hdev->stat.cmd_tx++;
708 break;
709
710 case HCI_ACLDATA_PKT:
711 if (!data->bulk_tx_ep || (hdev->conn_hash.acl_num < 1 &&
712 hdev->conn_hash.le_num < 1))
713 return -ENODEV;
714
715 urb = usb_alloc_urb(0, GFP_ATOMIC);
716 if (!urb)
717 return -ENOMEM;
718
719 pipe = usb_sndbulkpipe(data->udev,
720 data->bulk_tx_ep->bEndpointAddress);
721
722 usb_fill_bulk_urb(urb, data->udev, pipe,
723 skb->data, skb->len, btusb_tx_complete, skb);
724
725 hdev->stat.acl_tx++;
726 break;
727
728 case HCI_SCODATA_PKT:
729 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
730 return -ENODEV;
731
732 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
733 if (!urb)
734 return -ENOMEM;
735
736 pipe = usb_sndisocpipe(data->udev,
737 data->isoc_tx_ep->bEndpointAddress);
738
739 usb_fill_int_urb(urb, data->udev, pipe,
740 skb->data, skb->len, btusb_isoc_tx_complete,
741 skb, data->isoc_tx_ep->bInterval);
742
743 urb->transfer_flags = URB_ISO_ASAP;
744
745 __fill_isoc_descriptor(urb, skb->len,
746 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
747
748 hdev->stat.sco_tx++;
749 goto skip_waking;
750
751 default:
752 return -EILSEQ;
753 }
754
755 err = inc_tx(data);
756 if (err) {
757 usb_anchor_urb(urb, &data->deferred);
758 schedule_work(&data->waker);
759 err = 0;
760 goto done;
761 }
762
763skip_waking:
764 usb_anchor_urb(urb, &data->tx_anchor);
765
766 err = usb_submit_urb(urb, GFP_ATOMIC);
767 if (err < 0) {
768 BT_ERR("%s urb %p submission failed", hdev->name, urb);
769 kfree(urb->setup_packet);
770 usb_unanchor_urb(urb);
771 } else {
772 usb_mark_last_busy(data->udev);
773 }
774
775 usb_free_urb(urb);
776
777done:
778 return err;
779}
780
781static void btusb_destruct(struct hci_dev *hdev)
782{
783 struct btusb_data *data = hdev->driver_data;
784
785 BT_DBG("%s", hdev->name);
786
787 kfree(data);
788}
789
790static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
791{
792 struct btusb_data *data = hdev->driver_data;
793
794 BT_DBG("%s evt %d", hdev->name, evt);
795
796 if (hdev->conn_hash.sco_num != data->sco_num) {
797 data->sco_num = hdev->conn_hash.sco_num;
798 schedule_work(&data->work);
799 }
800}
801
802static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
803{
804 struct btusb_data *data = hdev->driver_data;
805 struct usb_interface *intf = data->isoc;
806 struct usb_endpoint_descriptor *ep_desc;
807 int i, err;
808
809 if (!data->isoc)
810 return -ENODEV;
811
812 err = usb_set_interface(data->udev, 1, altsetting);
813 if (err < 0) {
814 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
815 return err;
816 }
817
818 data->isoc_altsetting = altsetting;
819
820 data->isoc_tx_ep = NULL;
821 data->isoc_rx_ep = NULL;
822
823 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
824 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
825
826 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
827 data->isoc_tx_ep = ep_desc;
828 continue;
829 }
830
831 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
832 data->isoc_rx_ep = ep_desc;
833 continue;
834 }
835 }
836
837 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
838 BT_ERR("%s invalid SCO descriptors", hdev->name);
839 return -ENODEV;
840 }
841
842 return 0;
843}
844
845static void btusb_work(struct work_struct *work)
846{
847 struct btusb_data *data = container_of(work, struct btusb_data, work);
848 struct hci_dev *hdev = data->hdev;
849 int err;
850
851 if (hdev->conn_hash.sco_num > 0) {
852 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
853 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
854 if (err < 0) {
855 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
856 usb_kill_anchored_urbs(&data->isoc_anchor);
857 return;
858 }
859
860 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
861 }
862 if (data->isoc_altsetting != 2) {
863 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
864 usb_kill_anchored_urbs(&data->isoc_anchor);
865
866 if (__set_isoc_interface(hdev, 2) < 0)
867 return;
868 }
869
870 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
871 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
872 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
873 else
874 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
875 }
876 } else {
877 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
878 usb_kill_anchored_urbs(&data->isoc_anchor);
879
880 __set_isoc_interface(hdev, 0);
881 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
882 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
883 }
884}
885
886static void btusb_waker(struct work_struct *work)
887{
888 struct btusb_data *data = container_of(work, struct btusb_data, waker);
889 int err;
890
891 err = usb_autopm_get_interface(data->intf);
892 if (err < 0)
893 return;
894
895 usb_autopm_put_interface(data->intf);
896}
897
898static int btusb_probe(struct usb_interface *intf,
899 const struct usb_device_id *id)
900{
901 struct usb_endpoint_descriptor *ep_desc;
902 struct btusb_data *data;
903 struct hci_dev *hdev;
904 int i, err;
905
906 BT_DBG("intf %p id %p", intf, id);
907
908
909 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
910 return -ENODEV;
911
912 if (!id->driver_info) {
913 const struct usb_device_id *match;
914 match = usb_match_id(intf, blacklist_table);
915 if (match)
916 id = match;
917 }
918
919 if (id->driver_info == BTUSB_IGNORE)
920 return -ENODEV;
921
922 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
923 return -ENODEV;
924
925 if (ignore_csr && id->driver_info & BTUSB_CSR)
926 return -ENODEV;
927
928 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
929 return -ENODEV;
930
931 if (id->driver_info & BTUSB_ATH3012) {
932 struct usb_device *udev = interface_to_usbdev(intf);
933
934
935
936 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
937 return -ENODEV;
938 }
939
940 data = kzalloc(sizeof(*data), GFP_KERNEL);
941 if (!data)
942 return -ENOMEM;
943
944 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
945 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
946
947 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
948 data->intr_ep = ep_desc;
949 continue;
950 }
951
952 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
953 data->bulk_tx_ep = ep_desc;
954 continue;
955 }
956
957 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
958 data->bulk_rx_ep = ep_desc;
959 continue;
960 }
961 }
962
963 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
964 kfree(data);
965 return -ENODEV;
966 }
967
968 data->cmdreq_type = USB_TYPE_CLASS;
969
970 data->udev = interface_to_usbdev(intf);
971 data->intf = intf;
972
973 spin_lock_init(&data->lock);
974
975 INIT_WORK(&data->work, btusb_work);
976 INIT_WORK(&data->waker, btusb_waker);
977 spin_lock_init(&data->txlock);
978
979 init_usb_anchor(&data->tx_anchor);
980 init_usb_anchor(&data->intr_anchor);
981 init_usb_anchor(&data->bulk_anchor);
982 init_usb_anchor(&data->isoc_anchor);
983 init_usb_anchor(&data->deferred);
984
985 hdev = hci_alloc_dev();
986 if (!hdev) {
987 kfree(data);
988 return -ENOMEM;
989 }
990
991 hdev->bus = HCI_USB;
992 hdev->driver_data = data;
993
994 data->hdev = hdev;
995
996 SET_HCIDEV_DEV(hdev, &intf->dev);
997
998 hdev->open = btusb_open;
999 hdev->close = btusb_close;
1000 hdev->flush = btusb_flush;
1001 hdev->send = btusb_send_frame;
1002 hdev->destruct = btusb_destruct;
1003 hdev->notify = btusb_notify;
1004
1005 hdev->owner = THIS_MODULE;
1006
1007
1008 data->isoc = usb_ifnum_to_if(data->udev, 1);
1009
1010 if (!reset)
1011 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1012
1013 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1014 if (!disable_scofix)
1015 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1016 }
1017
1018 if (id->driver_info & BTUSB_BROKEN_ISOC)
1019 data->isoc = NULL;
1020
1021 if (id->driver_info & BTUSB_DIGIANSWER) {
1022 data->cmdreq_type = USB_TYPE_VENDOR;
1023 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1024 }
1025
1026 if (id->driver_info & BTUSB_CSR) {
1027 struct usb_device *udev = data->udev;
1028
1029
1030 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1031 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1032 }
1033
1034 if (id->driver_info & BTUSB_SNIFFER) {
1035 struct usb_device *udev = data->udev;
1036
1037
1038 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1039 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1040
1041 data->isoc = NULL;
1042 }
1043
1044 if (id->driver_info & BTUSB_BCM92035) {
1045 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1046 struct sk_buff *skb;
1047
1048 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1049 if (skb) {
1050 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1051 skb_queue_tail(&hdev->driver_init, skb);
1052 }
1053 }
1054
1055 if (data->isoc) {
1056 err = usb_driver_claim_interface(&btusb_driver,
1057 data->isoc, data);
1058 if (err < 0) {
1059 hci_free_dev(hdev);
1060 kfree(data);
1061 return err;
1062 }
1063 }
1064
1065 err = hci_register_dev(hdev);
1066 if (err < 0) {
1067 hci_free_dev(hdev);
1068 kfree(data);
1069 return err;
1070 }
1071
1072 usb_set_intfdata(intf, data);
1073
1074 return 0;
1075}
1076
1077static void btusb_disconnect(struct usb_interface *intf)
1078{
1079 struct btusb_data *data = usb_get_intfdata(intf);
1080 struct hci_dev *hdev;
1081
1082 BT_DBG("intf %p", intf);
1083
1084 if (!data)
1085 return;
1086
1087 hdev = data->hdev;
1088
1089 __hci_dev_hold(hdev);
1090
1091 usb_set_intfdata(data->intf, NULL);
1092
1093 if (data->isoc)
1094 usb_set_intfdata(data->isoc, NULL);
1095
1096 hci_unregister_dev(hdev);
1097
1098 if (intf == data->isoc)
1099 usb_driver_release_interface(&btusb_driver, data->intf);
1100 else if (data->isoc)
1101 usb_driver_release_interface(&btusb_driver, data->isoc);
1102
1103 __hci_dev_put(hdev);
1104
1105 hci_free_dev(hdev);
1106}
1107
1108#ifdef CONFIG_PM
1109static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1110{
1111 struct btusb_data *data = usb_get_intfdata(intf);
1112
1113 BT_DBG("intf %p", intf);
1114
1115 if (data->suspend_count++)
1116 return 0;
1117
1118 spin_lock_irq(&data->txlock);
1119 if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1120 set_bit(BTUSB_SUSPENDING, &data->flags);
1121 spin_unlock_irq(&data->txlock);
1122 } else {
1123 spin_unlock_irq(&data->txlock);
1124 data->suspend_count--;
1125 return -EBUSY;
1126 }
1127
1128 cancel_work_sync(&data->work);
1129
1130 btusb_stop_traffic(data);
1131 usb_kill_anchored_urbs(&data->tx_anchor);
1132
1133 return 0;
1134}
1135
1136static void play_deferred(struct btusb_data *data)
1137{
1138 struct urb *urb;
1139 int err;
1140
1141 while ((urb = usb_get_from_anchor(&data->deferred))) {
1142 err = usb_submit_urb(urb, GFP_ATOMIC);
1143 if (err < 0)
1144 break;
1145
1146 data->tx_in_flight++;
1147 }
1148 usb_scuttle_anchored_urbs(&data->deferred);
1149}
1150
1151static int btusb_resume(struct usb_interface *intf)
1152{
1153 struct btusb_data *data = usb_get_intfdata(intf);
1154 struct hci_dev *hdev = data->hdev;
1155 int err = 0;
1156
1157 BT_DBG("intf %p", intf);
1158
1159 if (--data->suspend_count)
1160 return 0;
1161
1162 if (!test_bit(HCI_RUNNING, &hdev->flags))
1163 goto done;
1164
1165 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1166 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1167 if (err < 0) {
1168 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1169 goto failed;
1170 }
1171 }
1172
1173 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1174 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1175 if (err < 0) {
1176 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1177 goto failed;
1178 }
1179
1180 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1181 }
1182
1183 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1184 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1185 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1186 else
1187 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1188 }
1189
1190 spin_lock_irq(&data->txlock);
1191 play_deferred(data);
1192 clear_bit(BTUSB_SUSPENDING, &data->flags);
1193 spin_unlock_irq(&data->txlock);
1194 schedule_work(&data->work);
1195
1196 return 0;
1197
1198failed:
1199 usb_scuttle_anchored_urbs(&data->deferred);
1200done:
1201 spin_lock_irq(&data->txlock);
1202 clear_bit(BTUSB_SUSPENDING, &data->flags);
1203 spin_unlock_irq(&data->txlock);
1204
1205 return err;
1206}
1207#endif
1208
1209static struct usb_driver btusb_driver = {
1210 .name = "btusb",
1211 .probe = btusb_probe,
1212 .disconnect = btusb_disconnect,
1213#ifdef CONFIG_PM
1214 .suspend = btusb_suspend,
1215 .resume = btusb_resume,
1216#endif
1217 .id_table = btusb_table,
1218 .supports_autosuspend = 1,
1219};
1220
1221static int __init btusb_init(void)
1222{
1223 BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1224
1225 return usb_register(&btusb_driver);
1226}
1227
1228static void __exit btusb_exit(void)
1229{
1230 usb_deregister(&btusb_driver);
1231}
1232
1233module_init(btusb_init);
1234module_exit(btusb_exit);
1235
1236module_param(ignore_dga, bool, 0644);
1237MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1238
1239module_param(ignore_csr, bool, 0644);
1240MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1241
1242module_param(ignore_sniffer, bool, 0644);
1243MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1244
1245module_param(disable_scofix, bool, 0644);
1246MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1247
1248module_param(force_scofix, bool, 0644);
1249MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1250
1251module_param(reset, bool, 0644);
1252MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1253
1254MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1255MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1256MODULE_VERSION(VERSION);
1257MODULE_LICENSE("GPL");
1258
