1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/dmi.h>
25#include <linux/module.h>
26#include <linux/usb.h>
27#include <linux/usb/quirks.h>
28#include <linux/firmware.h>
29#include <linux/of_device.h>
30#include <linux/of_irq.h>
31#include <linux/suspend.h>
32#include <asm/unaligned.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36
37#include "btintel.h"
38#include "btbcm.h"
39#include "btrtl.h"
40
41#define VERSION "0.8"
42
43static bool disable_scofix;
44static bool force_scofix;
45static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
46
47static bool reset = true;
48
49static struct usb_driver btusb_driver;
50
51#define BTUSB_IGNORE 0x01
52#define BTUSB_DIGIANSWER 0x02
53#define BTUSB_CSR 0x04
54#define BTUSB_SNIFFER 0x08
55#define BTUSB_BCM92035 0x10
56#define BTUSB_BROKEN_ISOC 0x20
57#define BTUSB_WRONG_SCO_MTU 0x40
58#define BTUSB_ATH3012 0x80
59#define BTUSB_INTEL 0x100
60#define BTUSB_INTEL_BOOT 0x200
61#define BTUSB_BCM_PATCHRAM 0x400
62#define BTUSB_MARVELL 0x800
63#define BTUSB_SWAVE 0x1000
64#define BTUSB_INTEL_NEW 0x2000
65#define BTUSB_AMP 0x4000
66#define BTUSB_QCA_ROME 0x8000
67#define BTUSB_BCM_APPLE 0x10000
68#define BTUSB_REALTEK 0x20000
69#define BTUSB_BCM2045 0x40000
70#define BTUSB_IFNUM_2 0x80000
71#define BTUSB_CW6622 0x100000
72
73static const struct usb_device_id btusb_table[] = {
74
75 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
76
77
78 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
79
80
81 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
82
83
84 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
85 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
86
87
88 { USB_DEVICE(0x0e8d, 0x763f) },
89
90
91 { USB_DEVICE(0x0a5c, 0x21e1) },
92
93
94 { USB_DEVICE(0x05ac, 0x8213) },
95
96
97 { USB_DEVICE(0x05ac, 0x8215) },
98
99
100 { USB_DEVICE(0x05ac, 0x8218) },
101
102
103 { USB_DEVICE(0x05ac, 0x821b) },
104
105
106 { USB_DEVICE(0x05ac, 0x821f) },
107
108
109 { USB_DEVICE(0x05ac, 0x821a) },
110
111
112 { USB_DEVICE(0x05ac, 0x8281) },
113
114
115 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
116
117
118 { USB_DEVICE(0x04bf, 0x030a) },
119
120
121 { USB_DEVICE(0x044e, 0x3001) },
122 { USB_DEVICE(0x044e, 0x3002) },
123
124
125 { USB_DEVICE(0x0bdb, 0x1002) },
126
127
128 { USB_DEVICE(0x0c10, 0x0000) },
129
130
131 { USB_DEVICE(0x413c, 0x8197) },
132
133
134 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
135
136
137 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
138 .driver_info = BTUSB_BCM_PATCHRAM },
139
140
141 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
142 .driver_info = BTUSB_BCM_PATCHRAM },
143
144
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
146 .driver_info = BTUSB_BCM_PATCHRAM },
147
148
149 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
150 .driver_info = BTUSB_BCM_PATCHRAM },
151
152
153 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
154 .driver_info = BTUSB_BCM_PATCHRAM },
155
156
157 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
158 .driver_info = BTUSB_BCM_PATCHRAM },
159
160
161 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
162 .driver_info = BTUSB_BCM_PATCHRAM },
163
164
165 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
166 .driver_info = BTUSB_BCM_PATCHRAM },
167
168
169 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
170 .driver_info = BTUSB_BCM_PATCHRAM },
171
172
173 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
174 .driver_info = BTUSB_BCM_PATCHRAM },
175
176
177 { USB_DEVICE(0x8087, 0x0a5a),
178 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
179
180 { }
181};
182
183MODULE_DEVICE_TABLE(usb, btusb_table);
184
185static const struct usb_device_id blacklist_table[] = {
186
187 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
188
189
190 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
191
192
193 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
194
195
196 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
197 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
198 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
199 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
200 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
201 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
202 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
203
204
205 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
206
207
208 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
247 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
248 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
249 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
250 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
251 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
252 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
253 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
254 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
255 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
256 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
257 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
258
259
260 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
261
262
263 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
264 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
265
266
267 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
268 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
269 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME },
270 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
271 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME },
272 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
273 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
274 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME },
275 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME },
276 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME },
277 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME },
278 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME },
279
280
281 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
282 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
283 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
284
285
286 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
287 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
288
289
290 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
291 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
292
293
294 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
295
296
297 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
298
299
300 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
301 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
302
303
304 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
305 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
306
307
308 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
309
310
311 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
312
313
314 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
315 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
316
317
318 { USB_DEVICE(0x0e5e, 0x6622),
319 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
320
321
322 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
323
324
325 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
326 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
327
328
329 { USB_DEVICE(0x0a12, 0x0002),
330 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
331
332
333 { USB_DEVICE(0x16d3, 0x0002),
334 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
335
336
337 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
338 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
339 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
340
341
342 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW },
343 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW },
344 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
345 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
346 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
347 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
348 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL },
349 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW },
350
351
352 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
353 .driver_info = BTUSB_IGNORE },
354
355
356 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
357 .driver_info = BTUSB_REALTEK },
358
359
360 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
361 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
362
363
364 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
365 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
366 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
367 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
368 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
369 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
370
371
372 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
373
374
375 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
376 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
377 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
378 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
379 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
380
381
382 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
383
384
385 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
386
387 { }
388};
389
390
391
392
393
394static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
395 {
396
397 .matches = {
398 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
399 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
400 },
401 },
402 {
403
404 .matches = {
405 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
406 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
407 },
408 },
409 {}
410};
411
412#define BTUSB_MAX_ISOC_FRAMES 10
413
414#define BTUSB_INTR_RUNNING 0
415#define BTUSB_BULK_RUNNING 1
416#define BTUSB_ISOC_RUNNING 2
417#define BTUSB_SUSPENDING 3
418#define BTUSB_DID_ISO_RESUME 4
419#define BTUSB_BOOTLOADER 5
420#define BTUSB_DOWNLOADING 6
421#define BTUSB_FIRMWARE_LOADED 7
422#define BTUSB_FIRMWARE_FAILED 8
423#define BTUSB_BOOTING 9
424#define BTUSB_DIAG_RUNNING 10
425#define BTUSB_OOB_WAKE_ENABLED 11
426
427struct btusb_data {
428 struct hci_dev *hdev;
429 struct usb_device *udev;
430 struct usb_interface *intf;
431 struct usb_interface *isoc;
432 struct usb_interface *diag;
433 unsigned isoc_ifnum;
434
435 unsigned long flags;
436
437 struct work_struct work;
438 struct work_struct waker;
439
440 struct usb_anchor deferred;
441 struct usb_anchor tx_anchor;
442 int tx_in_flight;
443 spinlock_t txlock;
444
445 struct usb_anchor intr_anchor;
446 struct usb_anchor bulk_anchor;
447 struct usb_anchor isoc_anchor;
448 struct usb_anchor diag_anchor;
449 spinlock_t rxlock;
450
451 struct sk_buff *evt_skb;
452 struct sk_buff *acl_skb;
453 struct sk_buff *sco_skb;
454
455 struct usb_endpoint_descriptor *intr_ep;
456 struct usb_endpoint_descriptor *bulk_tx_ep;
457 struct usb_endpoint_descriptor *bulk_rx_ep;
458 struct usb_endpoint_descriptor *isoc_tx_ep;
459 struct usb_endpoint_descriptor *isoc_rx_ep;
460 struct usb_endpoint_descriptor *diag_tx_ep;
461 struct usb_endpoint_descriptor *diag_rx_ep;
462
463 __u8 cmdreq_type;
464 __u8 cmdreq;
465
466 unsigned int sco_num;
467 int isoc_altsetting;
468 int suspend_count;
469
470 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
471 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
472
473 int (*setup_on_usb)(struct hci_dev *hdev);
474
475 int oob_wake_irq;
476};
477
478static inline void btusb_free_frags(struct btusb_data *data)
479{
480 unsigned long flags;
481
482 spin_lock_irqsave(&data->rxlock, flags);
483
484 kfree_skb(data->evt_skb);
485 data->evt_skb = NULL;
486
487 kfree_skb(data->acl_skb);
488 data->acl_skb = NULL;
489
490 kfree_skb(data->sco_skb);
491 data->sco_skb = NULL;
492
493 spin_unlock_irqrestore(&data->rxlock, flags);
494}
495
496static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
497{
498 struct sk_buff *skb;
499 int err = 0;
500
501 spin_lock(&data->rxlock);
502 skb = data->evt_skb;
503
504 while (count) {
505 int len;
506
507 if (!skb) {
508 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
509 if (!skb) {
510 err = -ENOMEM;
511 break;
512 }
513
514 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
515 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
516 }
517
518 len = min_t(uint, hci_skb_expect(skb), count);
519 skb_put_data(skb, buffer, len);
520
521 count -= len;
522 buffer += len;
523 hci_skb_expect(skb) -= len;
524
525 if (skb->len == HCI_EVENT_HDR_SIZE) {
526
527 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
528
529 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
530 kfree_skb(skb);
531 skb = NULL;
532
533 err = -EILSEQ;
534 break;
535 }
536 }
537
538 if (!hci_skb_expect(skb)) {
539
540 data->recv_event(data->hdev, skb);
541 skb = NULL;
542 }
543 }
544
545 data->evt_skb = skb;
546 spin_unlock(&data->rxlock);
547
548 return err;
549}
550
551static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
552{
553 struct sk_buff *skb;
554 int err = 0;
555
556 spin_lock(&data->rxlock);
557 skb = data->acl_skb;
558
559 while (count) {
560 int len;
561
562 if (!skb) {
563 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
564 if (!skb) {
565 err = -ENOMEM;
566 break;
567 }
568
569 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
570 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
571 }
572
573 len = min_t(uint, hci_skb_expect(skb), count);
574 skb_put_data(skb, buffer, len);
575
576 count -= len;
577 buffer += len;
578 hci_skb_expect(skb) -= len;
579
580 if (skb->len == HCI_ACL_HDR_SIZE) {
581 __le16 dlen = hci_acl_hdr(skb)->dlen;
582
583
584 hci_skb_expect(skb) = __le16_to_cpu(dlen);
585
586 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
587 kfree_skb(skb);
588 skb = NULL;
589
590 err = -EILSEQ;
591 break;
592 }
593 }
594
595 if (!hci_skb_expect(skb)) {
596
597 hci_recv_frame(data->hdev, skb);
598 skb = NULL;
599 }
600 }
601
602 data->acl_skb = skb;
603 spin_unlock(&data->rxlock);
604
605 return err;
606}
607
608static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
609{
610 struct sk_buff *skb;
611 int err = 0;
612
613 spin_lock(&data->rxlock);
614 skb = data->sco_skb;
615
616 while (count) {
617 int len;
618
619 if (!skb) {
620 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
621 if (!skb) {
622 err = -ENOMEM;
623 break;
624 }
625
626 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
627 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
628 }
629
630 len = min_t(uint, hci_skb_expect(skb), count);
631 skb_put_data(skb, buffer, len);
632
633 count -= len;
634 buffer += len;
635 hci_skb_expect(skb) -= len;
636
637 if (skb->len == HCI_SCO_HDR_SIZE) {
638
639 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
640
641 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
642 kfree_skb(skb);
643 skb = NULL;
644
645 err = -EILSEQ;
646 break;
647 }
648 }
649
650 if (!hci_skb_expect(skb)) {
651
652 hci_recv_frame(data->hdev, skb);
653 skb = NULL;
654 }
655 }
656
657 data->sco_skb = skb;
658 spin_unlock(&data->rxlock);
659
660 return err;
661}
662
663static void btusb_intr_complete(struct urb *urb)
664{
665 struct hci_dev *hdev = urb->context;
666 struct btusb_data *data = hci_get_drvdata(hdev);
667 int err;
668
669 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
670 urb->actual_length);
671
672 if (!test_bit(HCI_RUNNING, &hdev->flags))
673 return;
674
675 if (urb->status == 0) {
676 hdev->stat.byte_rx += urb->actual_length;
677
678 if (btusb_recv_intr(data, urb->transfer_buffer,
679 urb->actual_length) < 0) {
680 bt_dev_err(hdev, "corrupted event packet");
681 hdev->stat.err_rx++;
682 }
683 } else if (urb->status == -ENOENT) {
684
685 return;
686 }
687
688 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
689 return;
690
691 usb_mark_last_busy(data->udev);
692 usb_anchor_urb(urb, &data->intr_anchor);
693
694 err = usb_submit_urb(urb, GFP_ATOMIC);
695 if (err < 0) {
696
697
698
699 if (err != -EPERM && err != -ENODEV)
700 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
701 urb, -err);
702 usb_unanchor_urb(urb);
703 }
704}
705
706static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
707{
708 struct btusb_data *data = hci_get_drvdata(hdev);
709 struct urb *urb;
710 unsigned char *buf;
711 unsigned int pipe;
712 int err, size;
713
714 BT_DBG("%s", hdev->name);
715
716 if (!data->intr_ep)
717 return -ENODEV;
718
719 urb = usb_alloc_urb(0, mem_flags);
720 if (!urb)
721 return -ENOMEM;
722
723 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
724
725 buf = kmalloc(size, mem_flags);
726 if (!buf) {
727 usb_free_urb(urb);
728 return -ENOMEM;
729 }
730
731 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
732
733 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
734 btusb_intr_complete, hdev, data->intr_ep->bInterval);
735
736 urb->transfer_flags |= URB_FREE_BUFFER;
737
738 usb_anchor_urb(urb, &data->intr_anchor);
739
740 err = usb_submit_urb(urb, mem_flags);
741 if (err < 0) {
742 if (err != -EPERM && err != -ENODEV)
743 bt_dev_err(hdev, "urb %p submission failed (%d)",
744 urb, -err);
745 usb_unanchor_urb(urb);
746 }
747
748 usb_free_urb(urb);
749
750 return err;
751}
752
753static void btusb_bulk_complete(struct urb *urb)
754{
755 struct hci_dev *hdev = urb->context;
756 struct btusb_data *data = hci_get_drvdata(hdev);
757 int err;
758
759 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
760 urb->actual_length);
761
762 if (!test_bit(HCI_RUNNING, &hdev->flags))
763 return;
764
765 if (urb->status == 0) {
766 hdev->stat.byte_rx += urb->actual_length;
767
768 if (data->recv_bulk(data, urb->transfer_buffer,
769 urb->actual_length) < 0) {
770 bt_dev_err(hdev, "corrupted ACL packet");
771 hdev->stat.err_rx++;
772 }
773 } else if (urb->status == -ENOENT) {
774
775 return;
776 }
777
778 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
779 return;
780
781 usb_anchor_urb(urb, &data->bulk_anchor);
782 usb_mark_last_busy(data->udev);
783
784 err = usb_submit_urb(urb, GFP_ATOMIC);
785 if (err < 0) {
786
787
788
789 if (err != -EPERM && err != -ENODEV)
790 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
791 urb, -err);
792 usb_unanchor_urb(urb);
793 }
794}
795
796static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
797{
798 struct btusb_data *data = hci_get_drvdata(hdev);
799 struct urb *urb;
800 unsigned char *buf;
801 unsigned int pipe;
802 int err, size = HCI_MAX_FRAME_SIZE;
803
804 BT_DBG("%s", hdev->name);
805
806 if (!data->bulk_rx_ep)
807 return -ENODEV;
808
809 urb = usb_alloc_urb(0, mem_flags);
810 if (!urb)
811 return -ENOMEM;
812
813 buf = kmalloc(size, mem_flags);
814 if (!buf) {
815 usb_free_urb(urb);
816 return -ENOMEM;
817 }
818
819 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
820
821 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
822 btusb_bulk_complete, hdev);
823
824 urb->transfer_flags |= URB_FREE_BUFFER;
825
826 usb_mark_last_busy(data->udev);
827 usb_anchor_urb(urb, &data->bulk_anchor);
828
829 err = usb_submit_urb(urb, mem_flags);
830 if (err < 0) {
831 if (err != -EPERM && err != -ENODEV)
832 bt_dev_err(hdev, "urb %p submission failed (%d)",
833 urb, -err);
834 usb_unanchor_urb(urb);
835 }
836
837 usb_free_urb(urb);
838
839 return err;
840}
841
842static void btusb_isoc_complete(struct urb *urb)
843{
844 struct hci_dev *hdev = urb->context;
845 struct btusb_data *data = hci_get_drvdata(hdev);
846 int i, err;
847
848 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
849 urb->actual_length);
850
851 if (!test_bit(HCI_RUNNING, &hdev->flags))
852 return;
853
854 if (urb->status == 0) {
855 for (i = 0; i < urb->number_of_packets; i++) {
856 unsigned int offset = urb->iso_frame_desc[i].offset;
857 unsigned int length = urb->iso_frame_desc[i].actual_length;
858
859 if (urb->iso_frame_desc[i].status)
860 continue;
861
862 hdev->stat.byte_rx += length;
863
864 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
865 length) < 0) {
866 bt_dev_err(hdev, "corrupted SCO packet");
867 hdev->stat.err_rx++;
868 }
869 }
870 } else if (urb->status == -ENOENT) {
871
872 return;
873 }
874
875 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
876 return;
877
878 usb_anchor_urb(urb, &data->isoc_anchor);
879
880 err = usb_submit_urb(urb, GFP_ATOMIC);
881 if (err < 0) {
882
883
884
885 if (err != -EPERM && err != -ENODEV)
886 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
887 urb, -err);
888 usb_unanchor_urb(urb);
889 }
890}
891
892static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
893{
894 int i, offset = 0;
895
896 BT_DBG("len %d mtu %d", len, mtu);
897
898 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
899 i++, offset += mtu, len -= mtu) {
900 urb->iso_frame_desc[i].offset = offset;
901 urb->iso_frame_desc[i].length = mtu;
902 }
903
904 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
905 urb->iso_frame_desc[i].offset = offset;
906 urb->iso_frame_desc[i].length = len;
907 i++;
908 }
909
910 urb->number_of_packets = i;
911}
912
913static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
914{
915 struct btusb_data *data = hci_get_drvdata(hdev);
916 struct urb *urb;
917 unsigned char *buf;
918 unsigned int pipe;
919 int err, size;
920
921 BT_DBG("%s", hdev->name);
922
923 if (!data->isoc_rx_ep)
924 return -ENODEV;
925
926 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
927 if (!urb)
928 return -ENOMEM;
929
930 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
931 BTUSB_MAX_ISOC_FRAMES;
932
933 buf = kmalloc(size, mem_flags);
934 if (!buf) {
935 usb_free_urb(urb);
936 return -ENOMEM;
937 }
938
939 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
940
941 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
942 hdev, data->isoc_rx_ep->bInterval);
943
944 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
945
946 __fill_isoc_descriptor(urb, size,
947 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
948
949 usb_anchor_urb(urb, &data->isoc_anchor);
950
951 err = usb_submit_urb(urb, mem_flags);
952 if (err < 0) {
953 if (err != -EPERM && err != -ENODEV)
954 bt_dev_err(hdev, "urb %p submission failed (%d)",
955 urb, -err);
956 usb_unanchor_urb(urb);
957 }
958
959 usb_free_urb(urb);
960
961 return err;
962}
963
964static void btusb_diag_complete(struct urb *urb)
965{
966 struct hci_dev *hdev = urb->context;
967 struct btusb_data *data = hci_get_drvdata(hdev);
968 int err;
969
970 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
971 urb->actual_length);
972
973 if (urb->status == 0) {
974 struct sk_buff *skb;
975
976 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
977 if (skb) {
978 skb_put_data(skb, urb->transfer_buffer,
979 urb->actual_length);
980 hci_recv_diag(hdev, skb);
981 }
982 } else if (urb->status == -ENOENT) {
983
984 return;
985 }
986
987 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
988 return;
989
990 usb_anchor_urb(urb, &data->diag_anchor);
991 usb_mark_last_busy(data->udev);
992
993 err = usb_submit_urb(urb, GFP_ATOMIC);
994 if (err < 0) {
995
996
997
998 if (err != -EPERM && err != -ENODEV)
999 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1000 urb, -err);
1001 usb_unanchor_urb(urb);
1002 }
1003}
1004
1005static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1006{
1007 struct btusb_data *data = hci_get_drvdata(hdev);
1008 struct urb *urb;
1009 unsigned char *buf;
1010 unsigned int pipe;
1011 int err, size = HCI_MAX_FRAME_SIZE;
1012
1013 BT_DBG("%s", hdev->name);
1014
1015 if (!data->diag_rx_ep)
1016 return -ENODEV;
1017
1018 urb = usb_alloc_urb(0, mem_flags);
1019 if (!urb)
1020 return -ENOMEM;
1021
1022 buf = kmalloc(size, mem_flags);
1023 if (!buf) {
1024 usb_free_urb(urb);
1025 return -ENOMEM;
1026 }
1027
1028 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1029
1030 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1031 btusb_diag_complete, hdev);
1032
1033 urb->transfer_flags |= URB_FREE_BUFFER;
1034
1035 usb_mark_last_busy(data->udev);
1036 usb_anchor_urb(urb, &data->diag_anchor);
1037
1038 err = usb_submit_urb(urb, mem_flags);
1039 if (err < 0) {
1040 if (err != -EPERM && err != -ENODEV)
1041 bt_dev_err(hdev, "urb %p submission failed (%d)",
1042 urb, -err);
1043 usb_unanchor_urb(urb);
1044 }
1045
1046 usb_free_urb(urb);
1047
1048 return err;
1049}
1050
1051static void btusb_tx_complete(struct urb *urb)
1052{
1053 struct sk_buff *skb = urb->context;
1054 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1055 struct btusb_data *data = hci_get_drvdata(hdev);
1056
1057 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1058 urb->actual_length);
1059
1060 if (!test_bit(HCI_RUNNING, &hdev->flags))
1061 goto done;
1062
1063 if (!urb->status)
1064 hdev->stat.byte_tx += urb->transfer_buffer_length;
1065 else
1066 hdev->stat.err_tx++;
1067
1068done:
1069 spin_lock(&data->txlock);
1070 data->tx_in_flight--;
1071 spin_unlock(&data->txlock);
1072
1073 kfree(urb->setup_packet);
1074
1075 kfree_skb(skb);
1076}
1077
1078static void btusb_isoc_tx_complete(struct urb *urb)
1079{
1080 struct sk_buff *skb = urb->context;
1081 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1082
1083 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1084 urb->actual_length);
1085
1086 if (!test_bit(HCI_RUNNING, &hdev->flags))
1087 goto done;
1088
1089 if (!urb->status)
1090 hdev->stat.byte_tx += urb->transfer_buffer_length;
1091 else
1092 hdev->stat.err_tx++;
1093
1094done:
1095 kfree(urb->setup_packet);
1096
1097 kfree_skb(skb);
1098}
1099
1100static int btusb_open(struct hci_dev *hdev)
1101{
1102 struct btusb_data *data = hci_get_drvdata(hdev);
1103 int err;
1104
1105 BT_DBG("%s", hdev->name);
1106
1107 err = usb_autopm_get_interface(data->intf);
1108 if (err < 0)
1109 return err;
1110
1111
1112
1113
1114 if (data->setup_on_usb) {
1115 err = data->setup_on_usb(hdev);
1116 if (err < 0)
1117 return err;
1118 }
1119
1120 data->intf->needs_remote_wakeup = 1;
1121
1122
1123
1124 device_wakeup_enable(&data->udev->dev);
1125
1126 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1127 goto done;
1128
1129 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1130 if (err < 0)
1131 goto failed;
1132
1133 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1134 if (err < 0) {
1135 usb_kill_anchored_urbs(&data->intr_anchor);
1136 goto failed;
1137 }
1138
1139 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1140 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1141
1142 if (data->diag) {
1143 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1144 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1145 }
1146
1147done:
1148 usb_autopm_put_interface(data->intf);
1149 return 0;
1150
1151failed:
1152 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1153 usb_autopm_put_interface(data->intf);
1154 return err;
1155}
1156
1157static void btusb_stop_traffic(struct btusb_data *data)
1158{
1159 usb_kill_anchored_urbs(&data->intr_anchor);
1160 usb_kill_anchored_urbs(&data->bulk_anchor);
1161 usb_kill_anchored_urbs(&data->isoc_anchor);
1162 usb_kill_anchored_urbs(&data->diag_anchor);
1163}
1164
1165static int btusb_close(struct hci_dev *hdev)
1166{
1167 struct btusb_data *data = hci_get_drvdata(hdev);
1168 int err;
1169
1170 BT_DBG("%s", hdev->name);
1171
1172 cancel_work_sync(&data->work);
1173 cancel_work_sync(&data->waker);
1174
1175 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1176 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1177 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1178 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1179
1180 btusb_stop_traffic(data);
1181 btusb_free_frags(data);
1182
1183 err = usb_autopm_get_interface(data->intf);
1184 if (err < 0)
1185 goto failed;
1186
1187 data->intf->needs_remote_wakeup = 0;
1188 device_wakeup_disable(&data->udev->dev);
1189 usb_autopm_put_interface(data->intf);
1190
1191failed:
1192 usb_scuttle_anchored_urbs(&data->deferred);
1193 return 0;
1194}
1195
1196static int btusb_flush(struct hci_dev *hdev)
1197{
1198 struct btusb_data *data = hci_get_drvdata(hdev);
1199
1200 BT_DBG("%s", hdev->name);
1201
1202 usb_kill_anchored_urbs(&data->tx_anchor);
1203 btusb_free_frags(data);
1204
1205 return 0;
1206}
1207
1208static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1209{
1210 struct btusb_data *data = hci_get_drvdata(hdev);
1211 struct usb_ctrlrequest *dr;
1212 struct urb *urb;
1213 unsigned int pipe;
1214
1215 urb = usb_alloc_urb(0, GFP_KERNEL);
1216 if (!urb)
1217 return ERR_PTR(-ENOMEM);
1218
1219 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1220 if (!dr) {
1221 usb_free_urb(urb);
1222 return ERR_PTR(-ENOMEM);
1223 }
1224
1225 dr->bRequestType = data->cmdreq_type;
1226 dr->bRequest = data->cmdreq;
1227 dr->wIndex = 0;
1228 dr->wValue = 0;
1229 dr->wLength = __cpu_to_le16(skb->len);
1230
1231 pipe = usb_sndctrlpipe(data->udev, 0x00);
1232
1233 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1234 skb->data, skb->len, btusb_tx_complete, skb);
1235
1236 skb->dev = (void *)hdev;
1237
1238 return urb;
1239}
1240
1241static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1242{
1243 struct btusb_data *data = hci_get_drvdata(hdev);
1244 struct urb *urb;
1245 unsigned int pipe;
1246
1247 if (!data->bulk_tx_ep)
1248 return ERR_PTR(-ENODEV);
1249
1250 urb = usb_alloc_urb(0, GFP_KERNEL);
1251 if (!urb)
1252 return ERR_PTR(-ENOMEM);
1253
1254 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1255
1256 usb_fill_bulk_urb(urb, data->udev, pipe,
1257 skb->data, skb->len, btusb_tx_complete, skb);
1258
1259 skb->dev = (void *)hdev;
1260
1261 return urb;
1262}
1263
1264static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1265{
1266 struct btusb_data *data = hci_get_drvdata(hdev);
1267 struct urb *urb;
1268 unsigned int pipe;
1269
1270 if (!data->isoc_tx_ep)
1271 return ERR_PTR(-ENODEV);
1272
1273 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1274 if (!urb)
1275 return ERR_PTR(-ENOMEM);
1276
1277 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1278
1279 usb_fill_int_urb(urb, data->udev, pipe,
1280 skb->data, skb->len, btusb_isoc_tx_complete,
1281 skb, data->isoc_tx_ep->bInterval);
1282
1283 urb->transfer_flags = URB_ISO_ASAP;
1284
1285 __fill_isoc_descriptor(urb, skb->len,
1286 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1287
1288 skb->dev = (void *)hdev;
1289
1290 return urb;
1291}
1292
1293static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1294{
1295 struct btusb_data *data = hci_get_drvdata(hdev);
1296 int err;
1297
1298 usb_anchor_urb(urb, &data->tx_anchor);
1299
1300 err = usb_submit_urb(urb, GFP_KERNEL);
1301 if (err < 0) {
1302 if (err != -EPERM && err != -ENODEV)
1303 bt_dev_err(hdev, "urb %p submission failed (%d)",
1304 urb, -err);
1305 kfree(urb->setup_packet);
1306 usb_unanchor_urb(urb);
1307 } else {
1308 usb_mark_last_busy(data->udev);
1309 }
1310
1311 usb_free_urb(urb);
1312 return err;
1313}
1314
1315static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1316{
1317 struct btusb_data *data = hci_get_drvdata(hdev);
1318 unsigned long flags;
1319 bool suspending;
1320
1321 spin_lock_irqsave(&data->txlock, flags);
1322 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1323 if (!suspending)
1324 data->tx_in_flight++;
1325 spin_unlock_irqrestore(&data->txlock, flags);
1326
1327 if (!suspending)
1328 return submit_tx_urb(hdev, urb);
1329
1330 usb_anchor_urb(urb, &data->deferred);
1331 schedule_work(&data->waker);
1332
1333 usb_free_urb(urb);
1334 return 0;
1335}
1336
1337static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1338{
1339 struct urb *urb;
1340
1341 BT_DBG("%s", hdev->name);
1342
1343 switch (hci_skb_pkt_type(skb)) {
1344 case HCI_COMMAND_PKT:
1345 urb = alloc_ctrl_urb(hdev, skb);
1346 if (IS_ERR(urb))
1347 return PTR_ERR(urb);
1348
1349 hdev->stat.cmd_tx++;
1350 return submit_or_queue_tx_urb(hdev, urb);
1351
1352 case HCI_ACLDATA_PKT:
1353 urb = alloc_bulk_urb(hdev, skb);
1354 if (IS_ERR(urb))
1355 return PTR_ERR(urb);
1356
1357 hdev->stat.acl_tx++;
1358 return submit_or_queue_tx_urb(hdev, urb);
1359
1360 case HCI_SCODATA_PKT:
1361 if (hci_conn_num(hdev, SCO_LINK) < 1)
1362 return -ENODEV;
1363
1364 urb = alloc_isoc_urb(hdev, skb);
1365 if (IS_ERR(urb))
1366 return PTR_ERR(urb);
1367
1368 hdev->stat.sco_tx++;
1369 return submit_tx_urb(hdev, urb);
1370 }
1371
1372 return -EILSEQ;
1373}
1374
1375static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1376{
1377 struct btusb_data *data = hci_get_drvdata(hdev);
1378
1379 BT_DBG("%s evt %d", hdev->name, evt);
1380
1381 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1382 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1383 schedule_work(&data->work);
1384 }
1385}
1386
1387static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1388{
1389 struct btusb_data *data = hci_get_drvdata(hdev);
1390 struct usb_interface *intf = data->isoc;
1391 struct usb_endpoint_descriptor *ep_desc;
1392 int i, err;
1393
1394 if (!data->isoc)
1395 return -ENODEV;
1396
1397 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1398 if (err < 0) {
1399 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1400 return err;
1401 }
1402
1403 data->isoc_altsetting = altsetting;
1404
1405 data->isoc_tx_ep = NULL;
1406 data->isoc_rx_ep = NULL;
1407
1408 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1409 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1410
1411 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1412 data->isoc_tx_ep = ep_desc;
1413 continue;
1414 }
1415
1416 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1417 data->isoc_rx_ep = ep_desc;
1418 continue;
1419 }
1420 }
1421
1422 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1423 bt_dev_err(hdev, "invalid SCO descriptors");
1424 return -ENODEV;
1425 }
1426
1427 return 0;
1428}
1429
1430static void btusb_work(struct work_struct *work)
1431{
1432 struct btusb_data *data = container_of(work, struct btusb_data, work);
1433 struct hci_dev *hdev = data->hdev;
1434 int new_alts;
1435 int err;
1436
1437 if (data->sco_num > 0) {
1438 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1439 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1440 if (err < 0) {
1441 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1442 usb_kill_anchored_urbs(&data->isoc_anchor);
1443 return;
1444 }
1445
1446 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1447 }
1448
1449 if (hdev->voice_setting & 0x0020) {
1450 static const int alts[3] = { 2, 4, 5 };
1451
1452 new_alts = alts[data->sco_num - 1];
1453 } else {
1454 new_alts = data->sco_num;
1455 }
1456
1457 if (data->isoc_altsetting != new_alts) {
1458 unsigned long flags;
1459
1460 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1461 usb_kill_anchored_urbs(&data->isoc_anchor);
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472 spin_lock_irqsave(&data->rxlock, flags);
1473 kfree_skb(data->sco_skb);
1474 data->sco_skb = NULL;
1475 spin_unlock_irqrestore(&data->rxlock, flags);
1476
1477 if (__set_isoc_interface(hdev, new_alts) < 0)
1478 return;
1479 }
1480
1481 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1482 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1483 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1484 else
1485 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1486 }
1487 } else {
1488 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1489 usb_kill_anchored_urbs(&data->isoc_anchor);
1490
1491 __set_isoc_interface(hdev, 0);
1492 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1493 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1494 }
1495}
1496
1497static void btusb_waker(struct work_struct *work)
1498{
1499 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1500 int err;
1501
1502 err = usb_autopm_get_interface(data->intf);
1503 if (err < 0)
1504 return;
1505
1506 usb_autopm_put_interface(data->intf);
1507}
1508
1509static int btusb_setup_bcm92035(struct hci_dev *hdev)
1510{
1511 struct sk_buff *skb;
1512 u8 val = 0x00;
1513
1514 BT_DBG("%s", hdev->name);
1515
1516 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1517 if (IS_ERR(skb))
1518 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1519 else
1520 kfree_skb(skb);
1521
1522 return 0;
1523}
1524
1525static int btusb_setup_csr(struct hci_dev *hdev)
1526{
1527 struct hci_rp_read_local_version *rp;
1528 struct sk_buff *skb;
1529
1530 BT_DBG("%s", hdev->name);
1531
1532 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1533 HCI_INIT_TIMEOUT);
1534 if (IS_ERR(skb)) {
1535 int err = PTR_ERR(skb);
1536 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1537 return err;
1538 }
1539
1540 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1541 bt_dev_err(hdev, "CSR: Local version length mismatch");
1542 kfree_skb(skb);
1543 return -EIO;
1544 }
1545
1546 rp = (struct hci_rp_read_local_version *)skb->data;
1547
1548
1549 if (le16_to_cpu(rp->manufacturer) != 10 ||
1550 le16_to_cpu(rp->lmp_subver) == 0x0c5c) {
1551
1552
1553
1554 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1555
1556
1557
1558
1559 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1560 }
1561
1562 kfree_skb(skb);
1563
1564 return 0;
1565}
1566
1567static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1568 struct intel_version *ver)
1569{
1570 const struct firmware *fw;
1571 char fwname[64];
1572 int ret;
1573
1574 snprintf(fwname, sizeof(fwname),
1575 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1576 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1577 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1578 ver->fw_build_ww, ver->fw_build_yy);
1579
1580 ret = request_firmware(&fw, fwname, &hdev->dev);
1581 if (ret < 0) {
1582 if (ret == -EINVAL) {
1583 BT_ERR("%s Intel firmware file request failed (%d)",
1584 hdev->name, ret);
1585 return NULL;
1586 }
1587
1588 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1589 hdev->name, fwname, ret);
1590
1591
1592
1593
1594 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1595 ver->hw_platform, ver->hw_variant);
1596 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1597 BT_ERR("%s failed to open default Intel fw file: %s",
1598 hdev->name, fwname);
1599 return NULL;
1600 }
1601 }
1602
1603 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1604
1605 return fw;
1606}
1607
1608static int btusb_setup_intel_patching(struct hci_dev *hdev,
1609 const struct firmware *fw,
1610 const u8 **fw_ptr, int *disable_patch)
1611{
1612 struct sk_buff *skb;
1613 struct hci_command_hdr *cmd;
1614 const u8 *cmd_param;
1615 struct hci_event_hdr *evt = NULL;
1616 const u8 *evt_param = NULL;
1617 int remain = fw->size - (*fw_ptr - fw->data);
1618
1619
1620
1621
1622
1623
1624
1625
1626 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1627 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1628 return -EINVAL;
1629 }
1630 (*fw_ptr)++;
1631 remain--;
1632
1633 cmd = (struct hci_command_hdr *)(*fw_ptr);
1634 *fw_ptr += sizeof(*cmd);
1635 remain -= sizeof(*cmd);
1636
1637
1638
1639
1640 if (remain < cmd->plen) {
1641 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1642 return -EFAULT;
1643 }
1644
1645
1646
1647
1648
1649
1650
1651 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1652 *disable_patch = 0;
1653
1654 cmd_param = *fw_ptr;
1655 *fw_ptr += cmd->plen;
1656 remain -= cmd->plen;
1657
1658
1659
1660
1661
1662
1663
1664
1665 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1666 (*fw_ptr)++;
1667 remain--;
1668
1669 evt = (struct hci_event_hdr *)(*fw_ptr);
1670 *fw_ptr += sizeof(*evt);
1671 remain -= sizeof(*evt);
1672
1673 if (remain < evt->plen) {
1674 BT_ERR("%s Intel fw corrupted: invalid evt len",
1675 hdev->name);
1676 return -EFAULT;
1677 }
1678
1679 evt_param = *fw_ptr;
1680 *fw_ptr += evt->plen;
1681 remain -= evt->plen;
1682 }
1683
1684
1685
1686
1687
1688 if (!evt || !evt_param || remain < 0) {
1689 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1690 return -EFAULT;
1691 }
1692
1693 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1694 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1695 if (IS_ERR(skb)) {
1696 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1697 hdev->name, cmd->opcode, PTR_ERR(skb));
1698 return PTR_ERR(skb);
1699 }
1700
1701
1702
1703
1704
1705 if (skb->len != evt->plen) {
1706 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1707 le16_to_cpu(cmd->opcode));
1708 kfree_skb(skb);
1709 return -EFAULT;
1710 }
1711
1712 if (memcmp(skb->data, evt_param, evt->plen)) {
1713 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1714 hdev->name, le16_to_cpu(cmd->opcode));
1715 kfree_skb(skb);
1716 return -EFAULT;
1717 }
1718 kfree_skb(skb);
1719
1720 return 0;
1721}
1722
1723static int btusb_setup_intel(struct hci_dev *hdev)
1724{
1725 struct sk_buff *skb;
1726 const struct firmware *fw;
1727 const u8 *fw_ptr;
1728 int disable_patch, err;
1729 struct intel_version ver;
1730
1731 BT_DBG("%s", hdev->name);
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1742 if (IS_ERR(skb)) {
1743 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1744 hdev->name, PTR_ERR(skb));
1745 return PTR_ERR(skb);
1746 }
1747 kfree_skb(skb);
1748
1749
1750
1751
1752
1753
1754
1755 err = btintel_read_version(hdev, &ver);
1756 if (err)
1757 return err;
1758
1759 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1760 ver.hw_platform, ver.hw_variant, ver.hw_revision,
1761 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
1762 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
1763
1764
1765
1766
1767
1768 if (ver.fw_patch_num) {
1769 bt_dev_info(hdev, "Intel device is already patched. "
1770 "patch num: %02x", ver.fw_patch_num);
1771 goto complete;
1772 }
1773
1774
1775
1776
1777
1778
1779
1780 fw = btusb_setup_intel_get_fw(hdev, &ver);
1781 if (!fw)
1782 goto complete;
1783 fw_ptr = fw->data;
1784
1785
1786
1787
1788
1789 err = btintel_enter_mfg(hdev);
1790 if (err) {
1791 release_firmware(fw);
1792 return err;
1793 }
1794
1795 disable_patch = 1;
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817 while (fw->size > fw_ptr - fw->data) {
1818 int ret;
1819
1820 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1821 &disable_patch);
1822 if (ret < 0)
1823 goto exit_mfg_deactivate;
1824 }
1825
1826 release_firmware(fw);
1827
1828 if (disable_patch)
1829 goto exit_mfg_disable;
1830
1831
1832
1833
1834 err = btintel_exit_mfg(hdev, true, true);
1835 if (err)
1836 return err;
1837
1838 bt_dev_info(hdev, "Intel firmware patch completed and activated");
1839
1840 goto complete;
1841
1842exit_mfg_disable:
1843
1844 err = btintel_exit_mfg(hdev, false, false);
1845 if (err)
1846 return err;
1847
1848 bt_dev_info(hdev, "Intel firmware patch completed");
1849
1850 goto complete;
1851
1852exit_mfg_deactivate:
1853 release_firmware(fw);
1854
1855
1856
1857
1858 err = btintel_exit_mfg(hdev, true, false);
1859 if (err)
1860 return err;
1861
1862 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1863
1864complete:
1865
1866
1867
1868 btintel_set_event_mask_mfg(hdev, false);
1869
1870 btintel_check_bdaddr(hdev);
1871 return 0;
1872}
1873
1874static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1875{
1876 struct sk_buff *skb;
1877 struct hci_event_hdr *hdr;
1878 struct hci_ev_cmd_complete *evt;
1879
1880 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
1881 if (!skb)
1882 return -ENOMEM;
1883
1884 hdr = skb_put(skb, sizeof(*hdr));
1885 hdr->evt = HCI_EV_CMD_COMPLETE;
1886 hdr->plen = sizeof(*evt) + 1;
1887
1888 evt = skb_put(skb, sizeof(*evt));
1889 evt->ncmd = 0x01;
1890 evt->opcode = cpu_to_le16(opcode);
1891
1892 skb_put_u8(skb, 0x00);
1893
1894 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1895
1896 return hci_recv_frame(hdev, skb);
1897}
1898
1899static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1900 int count)
1901{
1902
1903
1904
1905
1906 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
1907 return btusb_recv_intr(data, buffer, count);
1908
1909 return btusb_recv_bulk(data, buffer, count);
1910}
1911
1912static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
1913 unsigned int len)
1914{
1915 const struct intel_bootup *evt = ptr;
1916
1917 if (len != sizeof(*evt))
1918 return;
1919
1920 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) {
1921 smp_mb__after_atomic();
1922 wake_up_bit(&data->flags, BTUSB_BOOTING);
1923 }
1924}
1925
1926static void btusb_intel_secure_send_result(struct btusb_data *data,
1927 const void *ptr, unsigned int len)
1928{
1929 const struct intel_secure_send_result *evt = ptr;
1930
1931 if (len != sizeof(*evt))
1932 return;
1933
1934 if (evt->result)
1935 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
1936
1937 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
1938 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) {
1939 smp_mb__after_atomic();
1940 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
1941 }
1942}
1943
1944static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
1945{
1946 struct btusb_data *data = hci_get_drvdata(hdev);
1947
1948 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1949 struct hci_event_hdr *hdr = (void *)skb->data;
1950
1951 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
1952 hdr->plen > 0) {
1953 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
1954 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
1955
1956 switch (skb->data[2]) {
1957 case 0x02:
1958
1959
1960
1961
1962 btusb_intel_bootup(data, ptr, len);
1963 break;
1964 case 0x06:
1965
1966
1967
1968
1969
1970 btusb_intel_secure_send_result(data, ptr, len);
1971 break;
1972 }
1973 }
1974 }
1975
1976 return hci_recv_frame(hdev, skb);
1977}
1978
1979static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
1980{
1981 struct btusb_data *data = hci_get_drvdata(hdev);
1982 struct urb *urb;
1983
1984 BT_DBG("%s", hdev->name);
1985
1986 switch (hci_skb_pkt_type(skb)) {
1987 case HCI_COMMAND_PKT:
1988 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1989 struct hci_command_hdr *cmd = (void *)skb->data;
1990 __u16 opcode = le16_to_cpu(cmd->opcode);
1991
1992
1993
1994
1995
1996 if (opcode == 0xfc09)
1997 urb = alloc_bulk_urb(hdev, skb);
1998 else
1999 urb = alloc_ctrl_urb(hdev, skb);
2000
2001
2002
2003
2004
2005
2006 if (opcode == 0xfc01)
2007 inject_cmd_complete(hdev, opcode);
2008 } else {
2009 urb = alloc_ctrl_urb(hdev, skb);
2010 }
2011 if (IS_ERR(urb))
2012 return PTR_ERR(urb);
2013
2014 hdev->stat.cmd_tx++;
2015 return submit_or_queue_tx_urb(hdev, urb);
2016
2017 case HCI_ACLDATA_PKT:
2018 urb = alloc_bulk_urb(hdev, skb);
2019 if (IS_ERR(urb))
2020 return PTR_ERR(urb);
2021
2022 hdev->stat.acl_tx++;
2023 return submit_or_queue_tx_urb(hdev, urb);
2024
2025 case HCI_SCODATA_PKT:
2026 if (hci_conn_num(hdev, SCO_LINK) < 1)
2027 return -ENODEV;
2028
2029 urb = alloc_isoc_urb(hdev, skb);
2030 if (IS_ERR(urb))
2031 return PTR_ERR(urb);
2032
2033 hdev->stat.sco_tx++;
2034 return submit_tx_urb(hdev, urb);
2035 }
2036
2037 return -EILSEQ;
2038}
2039
2040static int btusb_setup_intel_new(struct hci_dev *hdev)
2041{
2042 struct btusb_data *data = hci_get_drvdata(hdev);
2043 struct intel_version ver;
2044 struct intel_boot_params params;
2045 const struct firmware *fw;
2046 u32 boot_param;
2047 char fwname[64];
2048 ktime_t calltime, delta, rettime;
2049 unsigned long long duration;
2050 int err;
2051
2052 BT_DBG("%s", hdev->name);
2053
2054
2055
2056
2057
2058 boot_param = 0x00000000;
2059
2060 calltime = ktime_get();
2061
2062
2063
2064
2065
2066 err = btintel_read_version(hdev, &ver);
2067 if (err)
2068 return err;
2069
2070
2071
2072
2073 if (ver.hw_platform != 0x37) {
2074 BT_ERR("%s: Unsupported Intel hardware platform (%u)",
2075 hdev->name, ver.hw_platform);
2076 return -EINVAL;
2077 }
2078
2079
2080
2081
2082
2083
2084
2085 switch (ver.hw_variant) {
2086 case 0x0b:
2087 case 0x0c:
2088 case 0x11:
2089 case 0x12:
2090 case 0x13:
2091 case 0x14:
2092 break;
2093 default:
2094 BT_ERR("%s: Unsupported Intel hardware variant (%u)",
2095 hdev->name, ver.hw_variant);
2096 return -EINVAL;
2097 }
2098
2099 btintel_version_info(hdev, &ver);
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114 if (ver.fw_variant == 0x23) {
2115 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2116 btintel_check_bdaddr(hdev);
2117 return 0;
2118 }
2119
2120
2121
2122
2123 if (ver.fw_variant != 0x06) {
2124 BT_ERR("%s: Unsupported Intel firmware variant (%u)",
2125 hdev->name, ver.fw_variant);
2126 return -ENODEV;
2127 }
2128
2129
2130
2131
2132 err = btintel_read_boot_params(hdev, ¶ms);
2133 if (err)
2134 return err;
2135
2136
2137
2138
2139
2140 if (params.limited_cce != 0x00) {
2141 BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2142 hdev->name, params.limited_cce);
2143 return -EINVAL;
2144 }
2145
2146
2147
2148
2149 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) {
2150 bt_dev_info(hdev, "No device address configured");
2151 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2152 }
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175 switch (ver.hw_variant) {
2176 case 0x0b:
2177 case 0x0c:
2178 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
2179 le16_to_cpu(ver.hw_variant),
2180 le16_to_cpu(params.dev_revid));
2181 break;
2182 case 0x11:
2183 case 0x12:
2184 case 0x13:
2185 case 0x14:
2186 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
2187 le16_to_cpu(ver.hw_variant),
2188 le16_to_cpu(ver.hw_revision),
2189 le16_to_cpu(ver.fw_revision));
2190 break;
2191 default:
2192 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2193 return -EINVAL;
2194 }
2195
2196 err = request_firmware(&fw, fwname, &hdev->dev);
2197 if (err < 0) {
2198 BT_ERR("%s: Failed to load Intel firmware file (%d)",
2199 hdev->name, err);
2200 return err;
2201 }
2202
2203 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2204
2205
2206
2207
2208 switch (ver.hw_variant) {
2209 case 0x0b:
2210 case 0x0c:
2211 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
2212 le16_to_cpu(ver.hw_variant),
2213 le16_to_cpu(params.dev_revid));
2214 break;
2215 case 0x11:
2216 case 0x12:
2217 case 0x13:
2218 case 0x14:
2219 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
2220 le16_to_cpu(ver.hw_variant),
2221 le16_to_cpu(ver.hw_revision),
2222 le16_to_cpu(ver.fw_revision));
2223 break;
2224 default:
2225 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2226 return -EINVAL;
2227 }
2228
2229 if (fw->size < 644) {
2230 BT_ERR("%s: Invalid size of firmware file (%zu)",
2231 hdev->name, fw->size);
2232 err = -EBADF;
2233 goto done;
2234 }
2235
2236 set_bit(BTUSB_DOWNLOADING, &data->flags);
2237
2238
2239 err = btintel_download_firmware(hdev, fw, &boot_param);
2240 if (err < 0)
2241 goto done;
2242
2243 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2244
2245 bt_dev_info(hdev, "Waiting for firmware download to complete");
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2259 TASK_INTERRUPTIBLE,
2260 msecs_to_jiffies(5000));
2261 if (err == -EINTR) {
2262 BT_ERR("%s: Firmware loading interrupted", hdev->name);
2263 goto done;
2264 }
2265
2266 if (err) {
2267 BT_ERR("%s: Firmware loading timeout", hdev->name);
2268 err = -ETIMEDOUT;
2269 goto done;
2270 }
2271
2272 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2273 BT_ERR("%s: Firmware loading failed", hdev->name);
2274 err = -ENOEXEC;
2275 goto done;
2276 }
2277
2278 rettime = ktime_get();
2279 delta = ktime_sub(rettime, calltime);
2280 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2281
2282 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2283
2284done:
2285 release_firmware(fw);
2286
2287 if (err < 0)
2288 return err;
2289
2290 calltime = ktime_get();
2291
2292 set_bit(BTUSB_BOOTING, &data->flags);
2293
2294 err = btintel_send_intel_reset(hdev, boot_param);
2295 if (err)
2296 return err;
2297
2298
2299
2300
2301
2302
2303
2304
2305 bt_dev_info(hdev, "Waiting for device to boot");
2306
2307 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2308 TASK_INTERRUPTIBLE,
2309 msecs_to_jiffies(1000));
2310
2311 if (err == -EINTR) {
2312 BT_ERR("%s: Device boot interrupted", hdev->name);
2313 return -EINTR;
2314 }
2315
2316 if (err) {
2317 BT_ERR("%s: Device boot timeout", hdev->name);
2318 return -ETIMEDOUT;
2319 }
2320
2321 rettime = ktime_get();
2322 delta = ktime_sub(rettime, calltime);
2323 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2324
2325 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2326
2327 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2328
2329
2330
2331
2332
2333
2334
2335 btintel_load_ddc_config(hdev, fwname);
2336
2337
2338
2339
2340
2341
2342
2343
2344 btintel_set_event_mask(hdev, false);
2345
2346 return 0;
2347}
2348
2349static int btusb_shutdown_intel(struct hci_dev *hdev)
2350{
2351 struct sk_buff *skb;
2352 long ret;
2353
2354
2355
2356
2357
2358 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2359 if (IS_ERR(skb)) {
2360 ret = PTR_ERR(skb);
2361 BT_ERR("%s: turning off Intel device LED failed (%ld)",
2362 hdev->name, ret);
2363 return ret;
2364 }
2365 kfree_skb(skb);
2366
2367 return 0;
2368}
2369
2370#ifdef CONFIG_PM
2371
2372static int marvell_config_oob_wake(struct hci_dev *hdev)
2373{
2374 struct sk_buff *skb;
2375 struct btusb_data *data = hci_get_drvdata(hdev);
2376 struct device *dev = &data->udev->dev;
2377 u16 pin, gap, opcode;
2378 int ret;
2379 u8 cmd[5];
2380
2381
2382 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
2383 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
2384 return 0;
2385
2386
2387 opcode = hci_opcode_pack(0x3F, 0x59);
2388 cmd[0] = opcode & 0xFF;
2389 cmd[1] = opcode >> 8;
2390 cmd[2] = 2;
2391 cmd[3] = pin;
2392 cmd[4] = gap;
2393
2394 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
2395 if (!skb) {
2396 bt_dev_err(hdev, "%s: No memory\n", __func__);
2397 return -ENOMEM;
2398 }
2399
2400 skb_put_data(skb, cmd, sizeof(cmd));
2401 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
2402
2403 ret = btusb_send_frame(hdev, skb);
2404 if (ret) {
2405 bt_dev_err(hdev, "%s: configuration failed\n", __func__);
2406 kfree_skb(skb);
2407 return ret;
2408 }
2409
2410 return 0;
2411}
2412#endif
2413
2414static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
2415 const bdaddr_t *bdaddr)
2416{
2417 struct sk_buff *skb;
2418 u8 buf[8];
2419 long ret;
2420
2421 buf[0] = 0xfe;
2422 buf[1] = sizeof(bdaddr_t);
2423 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
2424
2425 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2426 if (IS_ERR(skb)) {
2427 ret = PTR_ERR(skb);
2428 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
2429 ret);
2430 return ret;
2431 }
2432 kfree_skb(skb);
2433
2434 return 0;
2435}
2436
2437static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
2438 const bdaddr_t *bdaddr)
2439{
2440 struct sk_buff *skb;
2441 u8 buf[10];
2442 long ret;
2443
2444 buf[0] = 0x01;
2445 buf[1] = 0x01;
2446 buf[2] = 0x00;
2447 buf[3] = sizeof(bdaddr_t);
2448 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
2449
2450 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2451 if (IS_ERR(skb)) {
2452 ret = PTR_ERR(skb);
2453 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
2454 return ret;
2455 }
2456 kfree_skb(skb);
2457
2458 return 0;
2459}
2460
2461#define QCA_DFU_PACKET_LEN 4096
2462
2463#define QCA_GET_TARGET_VERSION 0x09
2464#define QCA_CHECK_STATUS 0x05
2465#define QCA_DFU_DOWNLOAD 0x01
2466
2467#define QCA_SYSCFG_UPDATED 0x40
2468#define QCA_PATCH_UPDATED 0x80
2469#define QCA_DFU_TIMEOUT 3000
2470
2471struct qca_version {
2472 __le32 rom_version;
2473 __le32 patch_version;
2474 __le32 ram_version;
2475 __le32 ref_clock;
2476 __u8 reserved[4];
2477} __packed;
2478
2479struct qca_rampatch_version {
2480 __le16 rom_version;
2481 __le16 patch_version;
2482} __packed;
2483
2484struct qca_device_info {
2485 u32 rom_version;
2486 u8 rampatch_hdr;
2487 u8 nvm_hdr;
2488 u8 ver_offset;
2489};
2490
2491static const struct qca_device_info qca_devices_table[] = {
2492 { 0x00000100, 20, 4, 10 },
2493 { 0x00000101, 20, 4, 10 },
2494 { 0x00000200, 28, 4, 18 },
2495 { 0x00000201, 28, 4, 18 },
2496 { 0x00000300, 28, 4, 18 },
2497 { 0x00000302, 28, 4, 18 },
2498};
2499
2500static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request,
2501 void *data, u16 size)
2502{
2503 struct btusb_data *btdata = hci_get_drvdata(hdev);
2504 struct usb_device *udev = btdata->udev;
2505 int pipe, err;
2506 u8 *buf;
2507
2508 buf = kmalloc(size, GFP_KERNEL);
2509 if (!buf)
2510 return -ENOMEM;
2511
2512
2513
2514
2515 pipe = usb_rcvctrlpipe(udev, 0);
2516 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
2517 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2518 if (err < 0) {
2519 bt_dev_err(hdev, "Failed to access otp area (%d)", err);
2520 goto done;
2521 }
2522
2523 memcpy(data, buf, size);
2524
2525done:
2526 kfree(buf);
2527
2528 return err;
2529}
2530
2531static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
2532 const struct firmware *firmware,
2533 size_t hdr_size)
2534{
2535 struct btusb_data *btdata = hci_get_drvdata(hdev);
2536 struct usb_device *udev = btdata->udev;
2537 size_t count, size, sent = 0;
2538 int pipe, len, err;
2539 u8 *buf;
2540
2541 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
2542 if (!buf)
2543 return -ENOMEM;
2544
2545 count = firmware->size;
2546
2547 size = min_t(size_t, count, hdr_size);
2548 memcpy(buf, firmware->data, size);
2549
2550
2551
2552
2553
2554
2555 pipe = usb_sndctrlpipe(udev, 0);
2556 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
2557 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2558 if (err < 0) {
2559 bt_dev_err(hdev, "Failed to send headers (%d)", err);
2560 goto done;
2561 }
2562
2563 sent += size;
2564 count -= size;
2565
2566 while (count) {
2567 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
2568
2569 memcpy(buf, firmware->data + sent, size);
2570
2571 pipe = usb_sndbulkpipe(udev, 0x02);
2572 err = usb_bulk_msg(udev, pipe, buf, size, &len,
2573 QCA_DFU_TIMEOUT);
2574 if (err < 0) {
2575 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
2576 sent, firmware->size, err);
2577 break;
2578 }
2579
2580 if (size != len) {
2581 bt_dev_err(hdev, "Failed to get bulk buffer");
2582 err = -EILSEQ;
2583 break;
2584 }
2585
2586 sent += size;
2587 count -= size;
2588 }
2589
2590done:
2591 kfree(buf);
2592 return err;
2593}
2594
2595static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
2596 struct qca_version *ver,
2597 const struct qca_device_info *info)
2598{
2599 struct qca_rampatch_version *rver;
2600 const struct firmware *fw;
2601 u32 ver_rom, ver_patch;
2602 u16 rver_rom, rver_patch;
2603 char fwname[64];
2604 int err;
2605
2606 ver_rom = le32_to_cpu(ver->rom_version);
2607 ver_patch = le32_to_cpu(ver->patch_version);
2608
2609 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
2610
2611 err = request_firmware(&fw, fwname, &hdev->dev);
2612 if (err) {
2613 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
2614 fwname, err);
2615 return err;
2616 }
2617
2618 bt_dev_info(hdev, "using rampatch file: %s", fwname);
2619
2620 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
2621 rver_rom = le16_to_cpu(rver->rom_version);
2622 rver_patch = le16_to_cpu(rver->patch_version);
2623
2624 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
2625 "firmware rome 0x%x build 0x%x",
2626 rver_rom, rver_patch, ver_rom, ver_patch);
2627
2628 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
2629 bt_dev_err(hdev, "rampatch file version did not match with firmware");
2630 err = -EINVAL;
2631 goto done;
2632 }
2633
2634 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
2635
2636done:
2637 release_firmware(fw);
2638
2639 return err;
2640}
2641
2642static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
2643 struct qca_version *ver,
2644 const struct qca_device_info *info)
2645{
2646 const struct firmware *fw;
2647 char fwname[64];
2648 int err;
2649
2650 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
2651 le32_to_cpu(ver->rom_version));
2652
2653 err = request_firmware(&fw, fwname, &hdev->dev);
2654 if (err) {
2655 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
2656 fwname, err);
2657 return err;
2658 }
2659
2660 bt_dev_info(hdev, "using NVM file: %s", fwname);
2661
2662 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
2663
2664 release_firmware(fw);
2665
2666 return err;
2667}
2668
2669static int btusb_setup_qca(struct hci_dev *hdev)
2670{
2671 const struct qca_device_info *info = NULL;
2672 struct qca_version ver;
2673 u32 ver_rom;
2674 u8 status;
2675 int i, err;
2676
2677 err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver,
2678 sizeof(ver));
2679 if (err < 0)
2680 return err;
2681
2682 ver_rom = le32_to_cpu(ver.rom_version);
2683 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
2684 if (ver_rom == qca_devices_table[i].rom_version)
2685 info = &qca_devices_table[i];
2686 }
2687 if (!info) {
2688 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
2689 return -ENODEV;
2690 }
2691
2692 err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status,
2693 sizeof(status));
2694 if (err < 0)
2695 return err;
2696
2697 if (!(status & QCA_PATCH_UPDATED)) {
2698 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
2699 if (err < 0)
2700 return err;
2701 }
2702
2703 if (!(status & QCA_SYSCFG_UPDATED)) {
2704 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
2705 if (err < 0)
2706 return err;
2707 }
2708
2709 return 0;
2710}
2711
2712#ifdef CONFIG_BT_HCIBTUSB_BCM
2713static inline int __set_diag_interface(struct hci_dev *hdev)
2714{
2715 struct btusb_data *data = hci_get_drvdata(hdev);
2716 struct usb_interface *intf = data->diag;
2717 int i;
2718
2719 if (!data->diag)
2720 return -ENODEV;
2721
2722 data->diag_tx_ep = NULL;
2723 data->diag_rx_ep = NULL;
2724
2725 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2726 struct usb_endpoint_descriptor *ep_desc;
2727
2728 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2729
2730 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2731 data->diag_tx_ep = ep_desc;
2732 continue;
2733 }
2734
2735 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2736 data->diag_rx_ep = ep_desc;
2737 continue;
2738 }
2739 }
2740
2741 if (!data->diag_tx_ep || !data->diag_rx_ep) {
2742 bt_dev_err(hdev, "invalid diagnostic descriptors");
2743 return -ENODEV;
2744 }
2745
2746 return 0;
2747}
2748
2749static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
2750{
2751 struct btusb_data *data = hci_get_drvdata(hdev);
2752 struct sk_buff *skb;
2753 struct urb *urb;
2754 unsigned int pipe;
2755
2756 if (!data->diag_tx_ep)
2757 return ERR_PTR(-ENODEV);
2758
2759 urb = usb_alloc_urb(0, GFP_KERNEL);
2760 if (!urb)
2761 return ERR_PTR(-ENOMEM);
2762
2763 skb = bt_skb_alloc(2, GFP_KERNEL);
2764 if (!skb) {
2765 usb_free_urb(urb);
2766 return ERR_PTR(-ENOMEM);
2767 }
2768
2769 skb_put_u8(skb, 0xf0);
2770 skb_put_u8(skb, enable);
2771
2772 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
2773
2774 usb_fill_bulk_urb(urb, data->udev, pipe,
2775 skb->data, skb->len, btusb_tx_complete, skb);
2776
2777 skb->dev = (void *)hdev;
2778
2779 return urb;
2780}
2781
2782static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
2783{
2784 struct btusb_data *data = hci_get_drvdata(hdev);
2785 struct urb *urb;
2786
2787 if (!data->diag)
2788 return -ENODEV;
2789
2790 if (!test_bit(HCI_RUNNING, &hdev->flags))
2791 return -ENETDOWN;
2792
2793 urb = alloc_diag_urb(hdev, enable);
2794 if (IS_ERR(urb))
2795 return PTR_ERR(urb);
2796
2797 return submit_or_queue_tx_urb(hdev, urb);
2798}
2799#endif
2800
2801#ifdef CONFIG_PM
2802static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
2803{
2804 struct btusb_data *data = priv;
2805
2806 pm_wakeup_event(&data->udev->dev, 0);
2807 pm_system_wakeup();
2808
2809
2810 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
2811 disable_irq_nosync(irq);
2812 disable_irq_wake(irq);
2813 }
2814 return IRQ_HANDLED;
2815}
2816
2817static const struct of_device_id btusb_match_table[] = {
2818 { .compatible = "usb1286,204e" },
2819 { }
2820};
2821MODULE_DEVICE_TABLE(of, btusb_match_table);
2822
2823
2824static int btusb_config_oob_wake(struct hci_dev *hdev)
2825{
2826 struct btusb_data *data = hci_get_drvdata(hdev);
2827 struct device *dev = &data->udev->dev;
2828 int irq, ret;
2829
2830 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
2831
2832 if (!of_match_device(btusb_match_table, dev))
2833 return 0;
2834
2835
2836 irq = of_irq_get_byname(dev->of_node, "wakeup");
2837 if (irq <= 0) {
2838 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
2839 return 0;
2840 }
2841
2842 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
2843 0, "OOB Wake-on-BT", data);
2844 if (ret) {
2845 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
2846 return ret;
2847 }
2848
2849 ret = device_init_wakeup(dev, true);
2850 if (ret) {
2851 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
2852 return ret;
2853 }
2854
2855 data->oob_wake_irq = irq;
2856 disable_irq(irq);
2857 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
2858 return 0;
2859}
2860#endif
2861
2862static void btusb_check_needs_reset_resume(struct usb_interface *intf)
2863{
2864 if (dmi_check_system(btusb_needs_reset_resume_table))
2865 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
2866}
2867
2868static int btusb_probe(struct usb_interface *intf,
2869 const struct usb_device_id *id)
2870{
2871 struct usb_endpoint_descriptor *ep_desc;
2872 struct btusb_data *data;
2873 struct hci_dev *hdev;
2874 unsigned ifnum_base;
2875 int i, err;
2876
2877 BT_DBG("intf %p id %p", intf, id);
2878
2879
2880 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
2881 if (!(id->driver_info & BTUSB_IFNUM_2))
2882 return -ENODEV;
2883 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
2884 return -ENODEV;
2885 }
2886
2887 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
2888
2889 if (!id->driver_info) {
2890 const struct usb_device_id *match;
2891
2892 match = usb_match_id(intf, blacklist_table);
2893 if (match)
2894 id = match;
2895 }
2896
2897 if (id->driver_info == BTUSB_IGNORE)
2898 return -ENODEV;
2899
2900 if (id->driver_info & BTUSB_ATH3012) {
2901 struct usb_device *udev = interface_to_usbdev(intf);
2902
2903
2904
2905
2906 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
2907 return -ENODEV;
2908 }
2909
2910 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
2911 if (!data)
2912 return -ENOMEM;
2913
2914 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2915 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2916
2917 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2918 data->intr_ep = ep_desc;
2919 continue;
2920 }
2921
2922 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2923 data->bulk_tx_ep = ep_desc;
2924 continue;
2925 }
2926
2927 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2928 data->bulk_rx_ep = ep_desc;
2929 continue;
2930 }
2931 }
2932
2933 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
2934 return -ENODEV;
2935
2936 if (id->driver_info & BTUSB_AMP) {
2937 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
2938 data->cmdreq = 0x2b;
2939 } else {
2940 data->cmdreq_type = USB_TYPE_CLASS;
2941 data->cmdreq = 0x00;
2942 }
2943
2944 data->udev = interface_to_usbdev(intf);
2945 data->intf = intf;
2946
2947 INIT_WORK(&data->work, btusb_work);
2948 INIT_WORK(&data->waker, btusb_waker);
2949 init_usb_anchor(&data->deferred);
2950 init_usb_anchor(&data->tx_anchor);
2951 spin_lock_init(&data->txlock);
2952
2953 init_usb_anchor(&data->intr_anchor);
2954 init_usb_anchor(&data->bulk_anchor);
2955 init_usb_anchor(&data->isoc_anchor);
2956 init_usb_anchor(&data->diag_anchor);
2957 spin_lock_init(&data->rxlock);
2958
2959 if (id->driver_info & BTUSB_INTEL_NEW) {
2960 data->recv_event = btusb_recv_event_intel;
2961 data->recv_bulk = btusb_recv_bulk_intel;
2962 set_bit(BTUSB_BOOTLOADER, &data->flags);
2963 } else {
2964 data->recv_event = hci_recv_frame;
2965 data->recv_bulk = btusb_recv_bulk;
2966 }
2967
2968 hdev = hci_alloc_dev();
2969 if (!hdev)
2970 return -ENOMEM;
2971
2972 hdev->bus = HCI_USB;
2973 hci_set_drvdata(hdev, data);
2974
2975 if (id->driver_info & BTUSB_AMP)
2976 hdev->dev_type = HCI_AMP;
2977 else
2978 hdev->dev_type = HCI_PRIMARY;
2979
2980 data->hdev = hdev;
2981
2982 SET_HCIDEV_DEV(hdev, &intf->dev);
2983
2984 hdev->open = btusb_open;
2985 hdev->close = btusb_close;
2986 hdev->flush = btusb_flush;
2987 hdev->send = btusb_send_frame;
2988 hdev->notify = btusb_notify;
2989
2990#ifdef CONFIG_PM
2991 err = btusb_config_oob_wake(hdev);
2992 if (err)
2993 goto out_free_dev;
2994
2995
2996 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
2997 err = marvell_config_oob_wake(hdev);
2998 if (err)
2999 goto out_free_dev;
3000 }
3001#endif
3002 if (id->driver_info & BTUSB_CW6622)
3003 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3004
3005 if (id->driver_info & BTUSB_BCM2045)
3006 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3007
3008 if (id->driver_info & BTUSB_BCM92035)
3009 hdev->setup = btusb_setup_bcm92035;
3010
3011#ifdef CONFIG_BT_HCIBTUSB_BCM
3012 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
3013 hdev->manufacturer = 15;
3014 hdev->setup = btbcm_setup_patchram;
3015 hdev->set_diag = btusb_bcm_set_diag;
3016 hdev->set_bdaddr = btbcm_set_bdaddr;
3017
3018
3019 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3020 }
3021
3022 if (id->driver_info & BTUSB_BCM_APPLE) {
3023 hdev->manufacturer = 15;
3024 hdev->setup = btbcm_setup_apple;
3025 hdev->set_diag = btusb_bcm_set_diag;
3026
3027
3028 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3029 }
3030#endif
3031
3032 if (id->driver_info & BTUSB_INTEL) {
3033 hdev->manufacturer = 2;
3034 hdev->setup = btusb_setup_intel;
3035 hdev->shutdown = btusb_shutdown_intel;
3036 hdev->set_diag = btintel_set_diag_mfg;
3037 hdev->set_bdaddr = btintel_set_bdaddr;
3038 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3039 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3040 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3041 }
3042
3043 if (id->driver_info & BTUSB_INTEL_NEW) {
3044 hdev->manufacturer = 2;
3045 hdev->send = btusb_send_frame_intel;
3046 hdev->setup = btusb_setup_intel_new;
3047 hdev->hw_error = btintel_hw_error;
3048 hdev->set_diag = btintel_set_diag;
3049 hdev->set_bdaddr = btintel_set_bdaddr;
3050 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3051 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3052 }
3053
3054 if (id->driver_info & BTUSB_MARVELL)
3055 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3056
3057 if (id->driver_info & BTUSB_SWAVE) {
3058 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3059 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3060 }
3061
3062 if (id->driver_info & BTUSB_INTEL_BOOT) {
3063 hdev->manufacturer = 2;
3064 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3065 }
3066
3067 if (id->driver_info & BTUSB_ATH3012) {
3068 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3069 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3070 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3071 }
3072
3073 if (id->driver_info & BTUSB_QCA_ROME) {
3074 data->setup_on_usb = btusb_setup_qca;
3075 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3076 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3077 btusb_check_needs_reset_resume(intf);
3078 }
3079
3080#ifdef CONFIG_BT_HCIBTUSB_RTL
3081 if (id->driver_info & BTUSB_REALTEK) {
3082 hdev->setup = btrtl_setup_realtek;
3083
3084
3085
3086
3087
3088 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3089 }
3090#endif
3091
3092 if (id->driver_info & BTUSB_AMP) {
3093
3094 data->isoc = NULL;
3095 } else {
3096
3097 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3098 data->isoc_ifnum = ifnum_base + 1;
3099 }
3100
3101 if (!reset)
3102 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3103
3104 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3105 if (!disable_scofix)
3106 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3107 }
3108
3109 if (id->driver_info & BTUSB_BROKEN_ISOC)
3110 data->isoc = NULL;
3111
3112 if (id->driver_info & BTUSB_DIGIANSWER) {
3113 data->cmdreq_type = USB_TYPE_VENDOR;
3114 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3115 }
3116
3117 if (id->driver_info & BTUSB_CSR) {
3118 struct usb_device *udev = data->udev;
3119 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3120
3121
3122 if (bcdDevice < 0x117)
3123 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3124
3125
3126 if (bcdDevice <= 0x100 || bcdDevice == 0x134)
3127 hdev->setup = btusb_setup_csr;
3128
3129 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3130 }
3131
3132 if (id->driver_info & BTUSB_SNIFFER) {
3133 struct usb_device *udev = data->udev;
3134
3135
3136 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3137 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3138 }
3139
3140 if (id->driver_info & BTUSB_INTEL_BOOT) {
3141
3142
3143
3144 err = usb_set_interface(data->udev, 0, 0);
3145 if (err < 0) {
3146 BT_ERR("failed to set interface 0, alt 0 %d", err);
3147 goto out_free_dev;
3148 }
3149 }
3150
3151 if (data->isoc) {
3152 err = usb_driver_claim_interface(&btusb_driver,
3153 data->isoc, data);
3154 if (err < 0)
3155 goto out_free_dev;
3156 }
3157
3158#ifdef CONFIG_BT_HCIBTUSB_BCM
3159 if (data->diag) {
3160 if (!usb_driver_claim_interface(&btusb_driver,
3161 data->diag, data))
3162 __set_diag_interface(hdev);
3163 else
3164 data->diag = NULL;
3165 }
3166#endif
3167
3168 if (enable_autosuspend)
3169 usb_enable_autosuspend(data->udev);
3170
3171 err = hci_register_dev(hdev);
3172 if (err < 0)
3173 goto out_free_dev;
3174
3175 usb_set_intfdata(intf, data);
3176
3177 return 0;
3178
3179out_free_dev:
3180 hci_free_dev(hdev);
3181 return err;
3182}
3183
3184static void btusb_disconnect(struct usb_interface *intf)
3185{
3186 struct btusb_data *data = usb_get_intfdata(intf);
3187 struct hci_dev *hdev;
3188
3189 BT_DBG("intf %p", intf);
3190
3191 if (!data)
3192 return;
3193
3194 hdev = data->hdev;
3195 usb_set_intfdata(data->intf, NULL);
3196
3197 if (data->isoc)
3198 usb_set_intfdata(data->isoc, NULL);
3199
3200 if (data->diag)
3201 usb_set_intfdata(data->diag, NULL);
3202
3203 hci_unregister_dev(hdev);
3204
3205 if (intf == data->intf) {
3206 if (data->isoc)
3207 usb_driver_release_interface(&btusb_driver, data->isoc);
3208 if (data->diag)
3209 usb_driver_release_interface(&btusb_driver, data->diag);
3210 } else if (intf == data->isoc) {
3211 if (data->diag)
3212 usb_driver_release_interface(&btusb_driver, data->diag);
3213 usb_driver_release_interface(&btusb_driver, data->intf);
3214 } else if (intf == data->diag) {
3215 usb_driver_release_interface(&btusb_driver, data->intf);
3216 if (data->isoc)
3217 usb_driver_release_interface(&btusb_driver, data->isoc);
3218 }
3219
3220 if (data->oob_wake_irq)
3221 device_init_wakeup(&data->udev->dev, false);
3222
3223 hci_free_dev(hdev);
3224}
3225
3226#ifdef CONFIG_PM
3227static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
3228{
3229 struct btusb_data *data = usb_get_intfdata(intf);
3230
3231 BT_DBG("intf %p", intf);
3232
3233 if (data->suspend_count++)
3234 return 0;
3235
3236 spin_lock_irq(&data->txlock);
3237 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
3238 set_bit(BTUSB_SUSPENDING, &data->flags);
3239 spin_unlock_irq(&data->txlock);
3240 } else {
3241 spin_unlock_irq(&data->txlock);
3242 data->suspend_count--;
3243 return -EBUSY;
3244 }
3245
3246 cancel_work_sync(&data->work);
3247
3248 btusb_stop_traffic(data);
3249 usb_kill_anchored_urbs(&data->tx_anchor);
3250
3251 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
3252 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3253 enable_irq_wake(data->oob_wake_irq);
3254 enable_irq(data->oob_wake_irq);
3255 }
3256
3257 return 0;
3258}
3259
3260static void play_deferred(struct btusb_data *data)
3261{
3262 struct urb *urb;
3263 int err;
3264
3265 while ((urb = usb_get_from_anchor(&data->deferred))) {
3266 usb_anchor_urb(urb, &data->tx_anchor);
3267
3268 err = usb_submit_urb(urb, GFP_ATOMIC);
3269 if (err < 0) {
3270 if (err != -EPERM && err != -ENODEV)
3271 BT_ERR("%s urb %p submission failed (%d)",
3272 data->hdev->name, urb, -err);
3273 kfree(urb->setup_packet);
3274 usb_unanchor_urb(urb);
3275 usb_free_urb(urb);
3276 break;
3277 }
3278
3279 data->tx_in_flight++;
3280 usb_free_urb(urb);
3281 }
3282
3283
3284 while ((urb = usb_get_from_anchor(&data->deferred))) {
3285 kfree(urb->setup_packet);
3286 usb_free_urb(urb);
3287 }
3288}
3289
3290static int btusb_resume(struct usb_interface *intf)
3291{
3292 struct btusb_data *data = usb_get_intfdata(intf);
3293 struct hci_dev *hdev = data->hdev;
3294 int err = 0;
3295
3296 BT_DBG("intf %p", intf);
3297
3298 if (--data->suspend_count)
3299 return 0;
3300
3301
3302 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3303 disable_irq(data->oob_wake_irq);
3304 disable_irq_wake(data->oob_wake_irq);
3305 }
3306
3307 if (!test_bit(HCI_RUNNING, &hdev->flags))
3308 goto done;
3309
3310 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3311 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3312 if (err < 0) {
3313 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3314 goto failed;
3315 }
3316 }
3317
3318 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3319 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3320 if (err < 0) {
3321 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3322 goto failed;
3323 }
3324
3325 btusb_submit_bulk_urb(hdev, GFP_NOIO);
3326 }
3327
3328 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3329 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3330 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3331 else
3332 btusb_submit_isoc_urb(hdev, GFP_NOIO);
3333 }
3334
3335 spin_lock_irq(&data->txlock);
3336 play_deferred(data);
3337 clear_bit(BTUSB_SUSPENDING, &data->flags);
3338 spin_unlock_irq(&data->txlock);
3339 schedule_work(&data->work);
3340
3341 return 0;
3342
3343failed:
3344 usb_scuttle_anchored_urbs(&data->deferred);
3345done:
3346 spin_lock_irq(&data->txlock);
3347 clear_bit(BTUSB_SUSPENDING, &data->flags);
3348 spin_unlock_irq(&data->txlock);
3349
3350 return err;
3351}
3352#endif
3353
3354static struct usb_driver btusb_driver = {
3355 .name = "btusb",
3356 .probe = btusb_probe,
3357 .disconnect = btusb_disconnect,
3358#ifdef CONFIG_PM
3359 .suspend = btusb_suspend,
3360 .resume = btusb_resume,
3361#endif
3362 .id_table = btusb_table,
3363 .supports_autosuspend = 1,
3364 .disable_hub_initiated_lpm = 1,
3365};
3366
3367module_usb_driver(btusb_driver);
3368
3369module_param(disable_scofix, bool, 0644);
3370MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
3371
3372module_param(force_scofix, bool, 0644);
3373MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
3374
3375module_param(enable_autosuspend, bool, 0644);
3376MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
3377
3378module_param(reset, bool, 0644);
3379MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
3380
3381MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3382MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
3383MODULE_VERSION(VERSION);
3384MODULE_LICENSE("GPL");
3385
