1
2
3
4
5
6
7
8
9#include <linux/dmi.h>
10#include <linux/module.h>
11#include <linux/usb.h>
12#include <linux/usb/quirks.h>
13#include <linux/firmware.h>
14#include <linux/iopoll.h>
15#include <linux/of_device.h>
16#include <linux/of_irq.h>
17#include <linux/suspend.h>
18#include <linux/gpio/consumer.h>
19#include <asm/unaligned.h>
20
21#include <net/bluetooth/bluetooth.h>
22#include <net/bluetooth/hci_core.h>
23
24#include "btintel.h"
25#include "btbcm.h"
26#include "btrtl.h"
27
28#define VERSION "0.8"
29
30static bool disable_scofix;
31static bool force_scofix;
32static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
33
34static bool reset = true;
35
36static struct usb_driver btusb_driver;
37
38#define BTUSB_IGNORE 0x01
39#define BTUSB_DIGIANSWER 0x02
40#define BTUSB_CSR 0x04
41#define BTUSB_SNIFFER 0x08
42#define BTUSB_BCM92035 0x10
43#define BTUSB_BROKEN_ISOC 0x20
44#define BTUSB_WRONG_SCO_MTU 0x40
45#define BTUSB_ATH3012 0x80
46#define BTUSB_INTEL 0x100
47#define BTUSB_INTEL_BOOT 0x200
48#define BTUSB_BCM_PATCHRAM 0x400
49#define BTUSB_MARVELL 0x800
50#define BTUSB_SWAVE 0x1000
51#define BTUSB_INTEL_NEW 0x2000
52#define BTUSB_AMP 0x4000
53#define BTUSB_QCA_ROME 0x8000
54#define BTUSB_BCM_APPLE 0x10000
55#define BTUSB_REALTEK 0x20000
56#define BTUSB_BCM2045 0x40000
57#define BTUSB_IFNUM_2 0x80000
58#define BTUSB_CW6622 0x100000
59#define BTUSB_MEDIATEK 0x200000
60
61static const struct usb_device_id btusb_table[] = {
62
63 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
64
65
66 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
67
68
69 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
70
71
72 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
73 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
74
75
76 { USB_DEVICE(0x0e8d, 0x763f) },
77
78
79 { USB_DEVICE(0x0a5c, 0x21e1) },
80
81
82 { USB_DEVICE(0x05ac, 0x8213) },
83
84
85 { USB_DEVICE(0x05ac, 0x8215) },
86
87
88 { USB_DEVICE(0x05ac, 0x8218) },
89
90
91 { USB_DEVICE(0x05ac, 0x821b) },
92
93
94 { USB_DEVICE(0x05ac, 0x821f) },
95
96
97 { USB_DEVICE(0x05ac, 0x821a) },
98
99
100 { USB_DEVICE(0x05ac, 0x8281) },
101
102
103 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
104
105
106 { USB_DEVICE(0x04bf, 0x030a) },
107
108
109 { USB_DEVICE(0x044e, 0x3001) },
110 { USB_DEVICE(0x044e, 0x3002) },
111
112
113 { USB_DEVICE(0x0bdb, 0x1002) },
114
115
116 { USB_DEVICE(0x0c10, 0x0000) },
117
118
119 { USB_DEVICE(0x413c, 0x8197) },
120
121
122 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
123
124
125 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
126 .driver_info = BTUSB_BCM_PATCHRAM },
127
128
129 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
130 .driver_info = BTUSB_BCM_PATCHRAM },
131
132
133 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
134 .driver_info = BTUSB_BCM_PATCHRAM },
135
136
137 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
138 .driver_info = BTUSB_BCM_PATCHRAM },
139
140
141 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
142 .driver_info = BTUSB_BCM_PATCHRAM },
143
144
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
146 .driver_info = BTUSB_BCM_PATCHRAM },
147
148
149 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
150 .driver_info = BTUSB_BCM_PATCHRAM },
151
152
153 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
154 .driver_info = BTUSB_BCM_PATCHRAM },
155
156
157 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
158 .driver_info = BTUSB_BCM_PATCHRAM },
159
160
161 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
162 .driver_info = BTUSB_BCM_PATCHRAM },
163
164
165 { USB_DEVICE(0x8087, 0x0a5a),
166 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
167
168 { }
169};
170
171MODULE_DEVICE_TABLE(usb, btusb_table);
172
173static const struct usb_device_id blacklist_table[] = {
174
175 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
176
177
178 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
179
180
181 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
182
183
184 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
185 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
186 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
187 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
188 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
189 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
190 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
191
192
193 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
194
195
196 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
197 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
198 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
199 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
200 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
201 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
202 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
203 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
204 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
205 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
206 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
207 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
208 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
246
247
248 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
249
250
251 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
252 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
253
254
255 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME },
256 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
257 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
258 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME },
259 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
260 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME },
261 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
262 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
263 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME },
264 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME },
265 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME },
266 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME },
267 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME },
268 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME },
269 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME },
270 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME },
271 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME },
272 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME },
273
274
275 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
276 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
277 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
278
279
280 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
281 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
282
283
284 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
285 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
286
287
288 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
289
290
291 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
292
293
294 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
295 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
296
297
298 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
299 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
300
301
302 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
303
304
305 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
306
307
308 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
309 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
310
311
312 { USB_DEVICE(0x0e5e, 0x6622),
313 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
314
315
316 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
317
318
319 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
320 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
321
322
323 { USB_DEVICE(0x0a12, 0x0002),
324 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
325
326
327 { USB_DEVICE(0x16d3, 0x0002),
328 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
329
330
331 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
332 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
333 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
334
335
336 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW },
337 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW },
338 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_NEW },
339 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
340 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
341 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
342 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
343 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL },
344 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW },
345
346
347 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
348 .driver_info = BTUSB_IGNORE },
349
350
351 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
352 .driver_info = BTUSB_REALTEK },
353
354
355 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
356 .driver_info = BTUSB_MEDIATEK },
357
358
359 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
360 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
361
362
363 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
364 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
365 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
366 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
367 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
368 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
369
370
371 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
372
373
374 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
375 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
376
377
378 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
379 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
380 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
381 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
382 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
383
384
385 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
386 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
387
388
389 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK },
390
391
392 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
393
394 { }
395};
396
397
398
399
400
401static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
402 {
403
404 .matches = {
405 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
406 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
407 },
408 },
409 {
410
411 .matches = {
412 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
413 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
414 },
415 },
416 {
417
418 .matches = {
419 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
420 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
421 },
422 },
423 {}
424};
425
426#define BTUSB_MAX_ISOC_FRAMES 10
427
428#define BTUSB_INTR_RUNNING 0
429#define BTUSB_BULK_RUNNING 1
430#define BTUSB_ISOC_RUNNING 2
431#define BTUSB_SUSPENDING 3
432#define BTUSB_DID_ISO_RESUME 4
433#define BTUSB_BOOTLOADER 5
434#define BTUSB_DOWNLOADING 6
435#define BTUSB_FIRMWARE_LOADED 7
436#define BTUSB_FIRMWARE_FAILED 8
437#define BTUSB_BOOTING 9
438#define BTUSB_DIAG_RUNNING 10
439#define BTUSB_OOB_WAKE_ENABLED 11
440#define BTUSB_HW_RESET_ACTIVE 12
441#define BTUSB_TX_WAIT_VND_EVT 13
442#define BTUSB_WAKEUP_DISABLE 14
443
444struct btusb_data {
445 struct hci_dev *hdev;
446 struct usb_device *udev;
447 struct usb_interface *intf;
448 struct usb_interface *isoc;
449 struct usb_interface *diag;
450 unsigned isoc_ifnum;
451
452 unsigned long flags;
453
454 struct work_struct work;
455 struct work_struct waker;
456
457 struct usb_anchor deferred;
458 struct usb_anchor tx_anchor;
459 int tx_in_flight;
460 spinlock_t txlock;
461
462 struct usb_anchor intr_anchor;
463 struct usb_anchor bulk_anchor;
464 struct usb_anchor isoc_anchor;
465 struct usb_anchor diag_anchor;
466 struct usb_anchor ctrl_anchor;
467 spinlock_t rxlock;
468
469 struct sk_buff *evt_skb;
470 struct sk_buff *acl_skb;
471 struct sk_buff *sco_skb;
472
473 struct usb_endpoint_descriptor *intr_ep;
474 struct usb_endpoint_descriptor *bulk_tx_ep;
475 struct usb_endpoint_descriptor *bulk_rx_ep;
476 struct usb_endpoint_descriptor *isoc_tx_ep;
477 struct usb_endpoint_descriptor *isoc_rx_ep;
478 struct usb_endpoint_descriptor *diag_tx_ep;
479 struct usb_endpoint_descriptor *diag_rx_ep;
480
481 struct gpio_desc *reset_gpio;
482
483 __u8 cmdreq_type;
484 __u8 cmdreq;
485
486 unsigned int sco_num;
487 int isoc_altsetting;
488 int suspend_count;
489
490 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
491 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
492
493 int (*setup_on_usb)(struct hci_dev *hdev);
494
495 int oob_wake_irq;
496 unsigned cmd_timeout_cnt;
497};
498
499
500static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
501{
502 struct btusb_data *data = hci_get_drvdata(hdev);
503 struct gpio_desc *reset_gpio = data->reset_gpio;
504
505 if (++data->cmd_timeout_cnt < 5)
506 return;
507
508 if (!reset_gpio) {
509 bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
510 return;
511 }
512
513
514
515
516
517
518
519
520 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
521 bt_dev_err(hdev, "last reset failed? Not resetting again");
522 return;
523 }
524
525 bt_dev_err(hdev, "Initiating HW reset via gpio");
526 gpiod_set_value_cansleep(reset_gpio, 1);
527 msleep(100);
528 gpiod_set_value_cansleep(reset_gpio, 0);
529}
530
531static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
532{
533 struct btusb_data *data = hci_get_drvdata(hdev);
534 struct gpio_desc *reset_gpio = data->reset_gpio;
535
536 if (++data->cmd_timeout_cnt < 5)
537 return;
538
539 if (!reset_gpio) {
540 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
541 return;
542 }
543
544
545
546
547
548
549
550 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
551 bt_dev_err(hdev, "last reset failed? Not resetting again");
552 return;
553 }
554
555 bt_dev_err(hdev, "Reset Realtek device via gpio");
556 gpiod_set_value_cansleep(reset_gpio, 1);
557 msleep(200);
558 gpiod_set_value_cansleep(reset_gpio, 0);
559}
560
561static inline void btusb_free_frags(struct btusb_data *data)
562{
563 unsigned long flags;
564
565 spin_lock_irqsave(&data->rxlock, flags);
566
567 kfree_skb(data->evt_skb);
568 data->evt_skb = NULL;
569
570 kfree_skb(data->acl_skb);
571 data->acl_skb = NULL;
572
573 kfree_skb(data->sco_skb);
574 data->sco_skb = NULL;
575
576 spin_unlock_irqrestore(&data->rxlock, flags);
577}
578
579static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
580{
581 struct sk_buff *skb;
582 unsigned long flags;
583 int err = 0;
584
585 spin_lock_irqsave(&data->rxlock, flags);
586 skb = data->evt_skb;
587
588 while (count) {
589 int len;
590
591 if (!skb) {
592 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
593 if (!skb) {
594 err = -ENOMEM;
595 break;
596 }
597
598 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
599 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
600 }
601
602 len = min_t(uint, hci_skb_expect(skb), count);
603 skb_put_data(skb, buffer, len);
604
605 count -= len;
606 buffer += len;
607 hci_skb_expect(skb) -= len;
608
609 if (skb->len == HCI_EVENT_HDR_SIZE) {
610
611 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
612
613 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
614 kfree_skb(skb);
615 skb = NULL;
616
617 err = -EILSEQ;
618 break;
619 }
620 }
621
622 if (!hci_skb_expect(skb)) {
623
624 data->recv_event(data->hdev, skb);
625 skb = NULL;
626 }
627 }
628
629 data->evt_skb = skb;
630 spin_unlock_irqrestore(&data->rxlock, flags);
631
632 return err;
633}
634
635static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
636{
637 struct sk_buff *skb;
638 unsigned long flags;
639 int err = 0;
640
641 spin_lock_irqsave(&data->rxlock, flags);
642 skb = data->acl_skb;
643
644 while (count) {
645 int len;
646
647 if (!skb) {
648 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
649 if (!skb) {
650 err = -ENOMEM;
651 break;
652 }
653
654 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
655 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
656 }
657
658 len = min_t(uint, hci_skb_expect(skb), count);
659 skb_put_data(skb, buffer, len);
660
661 count -= len;
662 buffer += len;
663 hci_skb_expect(skb) -= len;
664
665 if (skb->len == HCI_ACL_HDR_SIZE) {
666 __le16 dlen = hci_acl_hdr(skb)->dlen;
667
668
669 hci_skb_expect(skb) = __le16_to_cpu(dlen);
670
671 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
672 kfree_skb(skb);
673 skb = NULL;
674
675 err = -EILSEQ;
676 break;
677 }
678 }
679
680 if (!hci_skb_expect(skb)) {
681
682 hci_recv_frame(data->hdev, skb);
683 skb = NULL;
684 }
685 }
686
687 data->acl_skb = skb;
688 spin_unlock_irqrestore(&data->rxlock, flags);
689
690 return err;
691}
692
693static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
694{
695 struct sk_buff *skb;
696 unsigned long flags;
697 int err = 0;
698
699 spin_lock_irqsave(&data->rxlock, flags);
700 skb = data->sco_skb;
701
702 while (count) {
703 int len;
704
705 if (!skb) {
706 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
707 if (!skb) {
708 err = -ENOMEM;
709 break;
710 }
711
712 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
713 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
714 }
715
716 len = min_t(uint, hci_skb_expect(skb), count);
717 skb_put_data(skb, buffer, len);
718
719 count -= len;
720 buffer += len;
721 hci_skb_expect(skb) -= len;
722
723 if (skb->len == HCI_SCO_HDR_SIZE) {
724
725 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
726
727 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
728 kfree_skb(skb);
729 skb = NULL;
730
731 err = -EILSEQ;
732 break;
733 }
734 }
735
736 if (!hci_skb_expect(skb)) {
737
738 hci_recv_frame(data->hdev, skb);
739 skb = NULL;
740 }
741 }
742
743 data->sco_skb = skb;
744 spin_unlock_irqrestore(&data->rxlock, flags);
745
746 return err;
747}
748
749static void btusb_intr_complete(struct urb *urb)
750{
751 struct hci_dev *hdev = urb->context;
752 struct btusb_data *data = hci_get_drvdata(hdev);
753 int err;
754
755 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
756 urb->actual_length);
757
758 if (!test_bit(HCI_RUNNING, &hdev->flags))
759 return;
760
761 if (urb->status == 0) {
762 hdev->stat.byte_rx += urb->actual_length;
763
764 if (btusb_recv_intr(data, urb->transfer_buffer,
765 urb->actual_length) < 0) {
766 bt_dev_err(hdev, "corrupted event packet");
767 hdev->stat.err_rx++;
768 }
769 } else if (urb->status == -ENOENT) {
770
771 return;
772 }
773
774 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
775 return;
776
777 usb_mark_last_busy(data->udev);
778 usb_anchor_urb(urb, &data->intr_anchor);
779
780 err = usb_submit_urb(urb, GFP_ATOMIC);
781 if (err < 0) {
782
783
784
785 if (err != -EPERM && err != -ENODEV)
786 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
787 urb, -err);
788 usb_unanchor_urb(urb);
789 }
790}
791
792static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
793{
794 struct btusb_data *data = hci_get_drvdata(hdev);
795 struct urb *urb;
796 unsigned char *buf;
797 unsigned int pipe;
798 int err, size;
799
800 BT_DBG("%s", hdev->name);
801
802 if (!data->intr_ep)
803 return -ENODEV;
804
805 urb = usb_alloc_urb(0, mem_flags);
806 if (!urb)
807 return -ENOMEM;
808
809 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
810
811 buf = kmalloc(size, mem_flags);
812 if (!buf) {
813 usb_free_urb(urb);
814 return -ENOMEM;
815 }
816
817 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
818
819 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
820 btusb_intr_complete, hdev, data->intr_ep->bInterval);
821
822 urb->transfer_flags |= URB_FREE_BUFFER;
823
824 usb_anchor_urb(urb, &data->intr_anchor);
825
826 err = usb_submit_urb(urb, mem_flags);
827 if (err < 0) {
828 if (err != -EPERM && err != -ENODEV)
829 bt_dev_err(hdev, "urb %p submission failed (%d)",
830 urb, -err);
831 usb_unanchor_urb(urb);
832 }
833
834 usb_free_urb(urb);
835
836 return err;
837}
838
839static void btusb_bulk_complete(struct urb *urb)
840{
841 struct hci_dev *hdev = urb->context;
842 struct btusb_data *data = hci_get_drvdata(hdev);
843 int err;
844
845 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
846 urb->actual_length);
847
848 if (!test_bit(HCI_RUNNING, &hdev->flags))
849 return;
850
851 if (urb->status == 0) {
852 hdev->stat.byte_rx += urb->actual_length;
853
854 if (data->recv_bulk(data, urb->transfer_buffer,
855 urb->actual_length) < 0) {
856 bt_dev_err(hdev, "corrupted ACL packet");
857 hdev->stat.err_rx++;
858 }
859 } else if (urb->status == -ENOENT) {
860
861 return;
862 }
863
864 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
865 return;
866
867 usb_anchor_urb(urb, &data->bulk_anchor);
868 usb_mark_last_busy(data->udev);
869
870 err = usb_submit_urb(urb, GFP_ATOMIC);
871 if (err < 0) {
872
873
874
875 if (err != -EPERM && err != -ENODEV)
876 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
877 urb, -err);
878 usb_unanchor_urb(urb);
879 }
880}
881
882static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
883{
884 struct btusb_data *data = hci_get_drvdata(hdev);
885 struct urb *urb;
886 unsigned char *buf;
887 unsigned int pipe;
888 int err, size = HCI_MAX_FRAME_SIZE;
889
890 BT_DBG("%s", hdev->name);
891
892 if (!data->bulk_rx_ep)
893 return -ENODEV;
894
895 urb = usb_alloc_urb(0, mem_flags);
896 if (!urb)
897 return -ENOMEM;
898
899 buf = kmalloc(size, mem_flags);
900 if (!buf) {
901 usb_free_urb(urb);
902 return -ENOMEM;
903 }
904
905 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
906
907 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
908 btusb_bulk_complete, hdev);
909
910 urb->transfer_flags |= URB_FREE_BUFFER;
911
912 usb_mark_last_busy(data->udev);
913 usb_anchor_urb(urb, &data->bulk_anchor);
914
915 err = usb_submit_urb(urb, mem_flags);
916 if (err < 0) {
917 if (err != -EPERM && err != -ENODEV)
918 bt_dev_err(hdev, "urb %p submission failed (%d)",
919 urb, -err);
920 usb_unanchor_urb(urb);
921 }
922
923 usb_free_urb(urb);
924
925 return err;
926}
927
928static void btusb_isoc_complete(struct urb *urb)
929{
930 struct hci_dev *hdev = urb->context;
931 struct btusb_data *data = hci_get_drvdata(hdev);
932 int i, err;
933
934 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
935 urb->actual_length);
936
937 if (!test_bit(HCI_RUNNING, &hdev->flags))
938 return;
939
940 if (urb->status == 0) {
941 for (i = 0; i < urb->number_of_packets; i++) {
942 unsigned int offset = urb->iso_frame_desc[i].offset;
943 unsigned int length = urb->iso_frame_desc[i].actual_length;
944
945 if (urb->iso_frame_desc[i].status)
946 continue;
947
948 hdev->stat.byte_rx += length;
949
950 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
951 length) < 0) {
952 bt_dev_err(hdev, "corrupted SCO packet");
953 hdev->stat.err_rx++;
954 }
955 }
956 } else if (urb->status == -ENOENT) {
957
958 return;
959 }
960
961 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
962 return;
963
964 usb_anchor_urb(urb, &data->isoc_anchor);
965
966 err = usb_submit_urb(urb, GFP_ATOMIC);
967 if (err < 0) {
968
969
970
971 if (err != -EPERM && err != -ENODEV)
972 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
973 urb, -err);
974 usb_unanchor_urb(urb);
975 }
976}
977
978static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
979{
980 int i, offset = 0;
981
982 BT_DBG("len %d mtu %d", len, mtu);
983
984 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
985 i++, offset += mtu, len -= mtu) {
986 urb->iso_frame_desc[i].offset = offset;
987 urb->iso_frame_desc[i].length = mtu;
988 }
989
990 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
991 urb->iso_frame_desc[i].offset = offset;
992 urb->iso_frame_desc[i].length = len;
993 i++;
994 }
995
996 urb->number_of_packets = i;
997}
998
999static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1000{
1001 struct btusb_data *data = hci_get_drvdata(hdev);
1002 struct urb *urb;
1003 unsigned char *buf;
1004 unsigned int pipe;
1005 int err, size;
1006
1007 BT_DBG("%s", hdev->name);
1008
1009 if (!data->isoc_rx_ep)
1010 return -ENODEV;
1011
1012 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1013 if (!urb)
1014 return -ENOMEM;
1015
1016 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1017 BTUSB_MAX_ISOC_FRAMES;
1018
1019 buf = kmalloc(size, mem_flags);
1020 if (!buf) {
1021 usb_free_urb(urb);
1022 return -ENOMEM;
1023 }
1024
1025 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1026
1027 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
1028 hdev, data->isoc_rx_ep->bInterval);
1029
1030 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1031
1032 __fill_isoc_descriptor(urb, size,
1033 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1034
1035 usb_anchor_urb(urb, &data->isoc_anchor);
1036
1037 err = usb_submit_urb(urb, mem_flags);
1038 if (err < 0) {
1039 if (err != -EPERM && err != -ENODEV)
1040 bt_dev_err(hdev, "urb %p submission failed (%d)",
1041 urb, -err);
1042 usb_unanchor_urb(urb);
1043 }
1044
1045 usb_free_urb(urb);
1046
1047 return err;
1048}
1049
1050static void btusb_diag_complete(struct urb *urb)
1051{
1052 struct hci_dev *hdev = urb->context;
1053 struct btusb_data *data = hci_get_drvdata(hdev);
1054 int err;
1055
1056 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1057 urb->actual_length);
1058
1059 if (urb->status == 0) {
1060 struct sk_buff *skb;
1061
1062 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
1063 if (skb) {
1064 skb_put_data(skb, urb->transfer_buffer,
1065 urb->actual_length);
1066 hci_recv_diag(hdev, skb);
1067 }
1068 } else if (urb->status == -ENOENT) {
1069
1070 return;
1071 }
1072
1073 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1074 return;
1075
1076 usb_anchor_urb(urb, &data->diag_anchor);
1077 usb_mark_last_busy(data->udev);
1078
1079 err = usb_submit_urb(urb, GFP_ATOMIC);
1080 if (err < 0) {
1081
1082
1083
1084 if (err != -EPERM && err != -ENODEV)
1085 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1086 urb, -err);
1087 usb_unanchor_urb(urb);
1088 }
1089}
1090
1091static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1092{
1093 struct btusb_data *data = hci_get_drvdata(hdev);
1094 struct urb *urb;
1095 unsigned char *buf;
1096 unsigned int pipe;
1097 int err, size = HCI_MAX_FRAME_SIZE;
1098
1099 BT_DBG("%s", hdev->name);
1100
1101 if (!data->diag_rx_ep)
1102 return -ENODEV;
1103
1104 urb = usb_alloc_urb(0, mem_flags);
1105 if (!urb)
1106 return -ENOMEM;
1107
1108 buf = kmalloc(size, mem_flags);
1109 if (!buf) {
1110 usb_free_urb(urb);
1111 return -ENOMEM;
1112 }
1113
1114 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1115
1116 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1117 btusb_diag_complete, hdev);
1118
1119 urb->transfer_flags |= URB_FREE_BUFFER;
1120
1121 usb_mark_last_busy(data->udev);
1122 usb_anchor_urb(urb, &data->diag_anchor);
1123
1124 err = usb_submit_urb(urb, mem_flags);
1125 if (err < 0) {
1126 if (err != -EPERM && err != -ENODEV)
1127 bt_dev_err(hdev, "urb %p submission failed (%d)",
1128 urb, -err);
1129 usb_unanchor_urb(urb);
1130 }
1131
1132 usb_free_urb(urb);
1133
1134 return err;
1135}
1136
1137static void btusb_tx_complete(struct urb *urb)
1138{
1139 struct sk_buff *skb = urb->context;
1140 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1141 struct btusb_data *data = hci_get_drvdata(hdev);
1142 unsigned long flags;
1143
1144 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1145 urb->actual_length);
1146
1147 if (!test_bit(HCI_RUNNING, &hdev->flags))
1148 goto done;
1149
1150 if (!urb->status)
1151 hdev->stat.byte_tx += urb->transfer_buffer_length;
1152 else
1153 hdev->stat.err_tx++;
1154
1155done:
1156 spin_lock_irqsave(&data->txlock, flags);
1157 data->tx_in_flight--;
1158 spin_unlock_irqrestore(&data->txlock, flags);
1159
1160 kfree(urb->setup_packet);
1161
1162 kfree_skb(skb);
1163}
1164
1165static void btusb_isoc_tx_complete(struct urb *urb)
1166{
1167 struct sk_buff *skb = urb->context;
1168 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1169
1170 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1171 urb->actual_length);
1172
1173 if (!test_bit(HCI_RUNNING, &hdev->flags))
1174 goto done;
1175
1176 if (!urb->status)
1177 hdev->stat.byte_tx += urb->transfer_buffer_length;
1178 else
1179 hdev->stat.err_tx++;
1180
1181done:
1182 kfree(urb->setup_packet);
1183
1184 kfree_skb(skb);
1185}
1186
1187static int btusb_open(struct hci_dev *hdev)
1188{
1189 struct btusb_data *data = hci_get_drvdata(hdev);
1190 int err;
1191
1192 BT_DBG("%s", hdev->name);
1193
1194 err = usb_autopm_get_interface(data->intf);
1195 if (err < 0)
1196 return err;
1197
1198
1199
1200
1201 if (data->setup_on_usb) {
1202 err = data->setup_on_usb(hdev);
1203 if (err < 0)
1204 goto setup_fail;
1205 }
1206
1207 data->intf->needs_remote_wakeup = 1;
1208
1209
1210
1211
1212
1213 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1214 device_wakeup_disable(&data->udev->dev);
1215
1216 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1217 goto done;
1218
1219 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1220 if (err < 0)
1221 goto failed;
1222
1223 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1224 if (err < 0) {
1225 usb_kill_anchored_urbs(&data->intr_anchor);
1226 goto failed;
1227 }
1228
1229 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1230 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1231
1232 if (data->diag) {
1233 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1234 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1235 }
1236
1237done:
1238 usb_autopm_put_interface(data->intf);
1239 return 0;
1240
1241failed:
1242 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1243setup_fail:
1244 usb_autopm_put_interface(data->intf);
1245 return err;
1246}
1247
1248static void btusb_stop_traffic(struct btusb_data *data)
1249{
1250 usb_kill_anchored_urbs(&data->intr_anchor);
1251 usb_kill_anchored_urbs(&data->bulk_anchor);
1252 usb_kill_anchored_urbs(&data->isoc_anchor);
1253 usb_kill_anchored_urbs(&data->diag_anchor);
1254 usb_kill_anchored_urbs(&data->ctrl_anchor);
1255}
1256
1257static int btusb_close(struct hci_dev *hdev)
1258{
1259 struct btusb_data *data = hci_get_drvdata(hdev);
1260 int err;
1261
1262 BT_DBG("%s", hdev->name);
1263
1264 cancel_work_sync(&data->work);
1265 cancel_work_sync(&data->waker);
1266
1267 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1268 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1269 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1270 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1271
1272 btusb_stop_traffic(data);
1273 btusb_free_frags(data);
1274
1275 err = usb_autopm_get_interface(data->intf);
1276 if (err < 0)
1277 goto failed;
1278
1279 data->intf->needs_remote_wakeup = 0;
1280
1281
1282 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1283 data->intf->needs_remote_wakeup = 1;
1284
1285 usb_autopm_put_interface(data->intf);
1286
1287failed:
1288 usb_scuttle_anchored_urbs(&data->deferred);
1289 return 0;
1290}
1291
1292static int btusb_flush(struct hci_dev *hdev)
1293{
1294 struct btusb_data *data = hci_get_drvdata(hdev);
1295
1296 BT_DBG("%s", hdev->name);
1297
1298 usb_kill_anchored_urbs(&data->tx_anchor);
1299 btusb_free_frags(data);
1300
1301 return 0;
1302}
1303
1304static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1305{
1306 struct btusb_data *data = hci_get_drvdata(hdev);
1307 struct usb_ctrlrequest *dr;
1308 struct urb *urb;
1309 unsigned int pipe;
1310
1311 urb = usb_alloc_urb(0, GFP_KERNEL);
1312 if (!urb)
1313 return ERR_PTR(-ENOMEM);
1314
1315 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1316 if (!dr) {
1317 usb_free_urb(urb);
1318 return ERR_PTR(-ENOMEM);
1319 }
1320
1321 dr->bRequestType = data->cmdreq_type;
1322 dr->bRequest = data->cmdreq;
1323 dr->wIndex = 0;
1324 dr->wValue = 0;
1325 dr->wLength = __cpu_to_le16(skb->len);
1326
1327 pipe = usb_sndctrlpipe(data->udev, 0x00);
1328
1329 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1330 skb->data, skb->len, btusb_tx_complete, skb);
1331
1332 skb->dev = (void *)hdev;
1333
1334 return urb;
1335}
1336
1337static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1338{
1339 struct btusb_data *data = hci_get_drvdata(hdev);
1340 struct urb *urb;
1341 unsigned int pipe;
1342
1343 if (!data->bulk_tx_ep)
1344 return ERR_PTR(-ENODEV);
1345
1346 urb = usb_alloc_urb(0, GFP_KERNEL);
1347 if (!urb)
1348 return ERR_PTR(-ENOMEM);
1349
1350 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1351
1352 usb_fill_bulk_urb(urb, data->udev, pipe,
1353 skb->data, skb->len, btusb_tx_complete, skb);
1354
1355 skb->dev = (void *)hdev;
1356
1357 return urb;
1358}
1359
1360static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1361{
1362 struct btusb_data *data = hci_get_drvdata(hdev);
1363 struct urb *urb;
1364 unsigned int pipe;
1365
1366 if (!data->isoc_tx_ep)
1367 return ERR_PTR(-ENODEV);
1368
1369 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1370 if (!urb)
1371 return ERR_PTR(-ENOMEM);
1372
1373 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1374
1375 usb_fill_int_urb(urb, data->udev, pipe,
1376 skb->data, skb->len, btusb_isoc_tx_complete,
1377 skb, data->isoc_tx_ep->bInterval);
1378
1379 urb->transfer_flags = URB_ISO_ASAP;
1380
1381 __fill_isoc_descriptor(urb, skb->len,
1382 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1383
1384 skb->dev = (void *)hdev;
1385
1386 return urb;
1387}
1388
1389static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1390{
1391 struct btusb_data *data = hci_get_drvdata(hdev);
1392 int err;
1393
1394 usb_anchor_urb(urb, &data->tx_anchor);
1395
1396 err = usb_submit_urb(urb, GFP_KERNEL);
1397 if (err < 0) {
1398 if (err != -EPERM && err != -ENODEV)
1399 bt_dev_err(hdev, "urb %p submission failed (%d)",
1400 urb, -err);
1401 kfree(urb->setup_packet);
1402 usb_unanchor_urb(urb);
1403 } else {
1404 usb_mark_last_busy(data->udev);
1405 }
1406
1407 usb_free_urb(urb);
1408 return err;
1409}
1410
1411static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1412{
1413 struct btusb_data *data = hci_get_drvdata(hdev);
1414 unsigned long flags;
1415 bool suspending;
1416
1417 spin_lock_irqsave(&data->txlock, flags);
1418 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1419 if (!suspending)
1420 data->tx_in_flight++;
1421 spin_unlock_irqrestore(&data->txlock, flags);
1422
1423 if (!suspending)
1424 return submit_tx_urb(hdev, urb);
1425
1426 usb_anchor_urb(urb, &data->deferred);
1427 schedule_work(&data->waker);
1428
1429 usb_free_urb(urb);
1430 return 0;
1431}
1432
1433static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1434{
1435 struct urb *urb;
1436
1437 BT_DBG("%s", hdev->name);
1438
1439 switch (hci_skb_pkt_type(skb)) {
1440 case HCI_COMMAND_PKT:
1441 urb = alloc_ctrl_urb(hdev, skb);
1442 if (IS_ERR(urb))
1443 return PTR_ERR(urb);
1444
1445 hdev->stat.cmd_tx++;
1446 return submit_or_queue_tx_urb(hdev, urb);
1447
1448 case HCI_ACLDATA_PKT:
1449 urb = alloc_bulk_urb(hdev, skb);
1450 if (IS_ERR(urb))
1451 return PTR_ERR(urb);
1452
1453 hdev->stat.acl_tx++;
1454 return submit_or_queue_tx_urb(hdev, urb);
1455
1456 case HCI_SCODATA_PKT:
1457 if (hci_conn_num(hdev, SCO_LINK) < 1)
1458 return -ENODEV;
1459
1460 urb = alloc_isoc_urb(hdev, skb);
1461 if (IS_ERR(urb))
1462 return PTR_ERR(urb);
1463
1464 hdev->stat.sco_tx++;
1465 return submit_tx_urb(hdev, urb);
1466 }
1467
1468 return -EILSEQ;
1469}
1470
1471static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1472{
1473 struct btusb_data *data = hci_get_drvdata(hdev);
1474
1475 BT_DBG("%s evt %d", hdev->name, evt);
1476
1477 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1478 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1479 schedule_work(&data->work);
1480 }
1481}
1482
1483static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1484{
1485 struct btusb_data *data = hci_get_drvdata(hdev);
1486 struct usb_interface *intf = data->isoc;
1487 struct usb_endpoint_descriptor *ep_desc;
1488 int i, err;
1489
1490 if (!data->isoc)
1491 return -ENODEV;
1492
1493 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1494 if (err < 0) {
1495 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1496 return err;
1497 }
1498
1499 data->isoc_altsetting = altsetting;
1500
1501 data->isoc_tx_ep = NULL;
1502 data->isoc_rx_ep = NULL;
1503
1504 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1505 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1506
1507 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1508 data->isoc_tx_ep = ep_desc;
1509 continue;
1510 }
1511
1512 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1513 data->isoc_rx_ep = ep_desc;
1514 continue;
1515 }
1516 }
1517
1518 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1519 bt_dev_err(hdev, "invalid SCO descriptors");
1520 return -ENODEV;
1521 }
1522
1523 return 0;
1524}
1525
1526static void btusb_work(struct work_struct *work)
1527{
1528 struct btusb_data *data = container_of(work, struct btusb_data, work);
1529 struct hci_dev *hdev = data->hdev;
1530 int new_alts;
1531 int err;
1532
1533 if (data->sco_num > 0) {
1534 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1535 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1536 if (err < 0) {
1537 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1538 usb_kill_anchored_urbs(&data->isoc_anchor);
1539 return;
1540 }
1541
1542 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1543 }
1544
1545 if (hdev->voice_setting & 0x0020) {
1546 static const int alts[3] = { 2, 4, 5 };
1547
1548 new_alts = alts[data->sco_num - 1];
1549 } else {
1550 new_alts = data->sco_num;
1551 }
1552
1553 if (data->isoc_altsetting != new_alts) {
1554 unsigned long flags;
1555
1556 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1557 usb_kill_anchored_urbs(&data->isoc_anchor);
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568 spin_lock_irqsave(&data->rxlock, flags);
1569 kfree_skb(data->sco_skb);
1570 data->sco_skb = NULL;
1571 spin_unlock_irqrestore(&data->rxlock, flags);
1572
1573 if (__set_isoc_interface(hdev, new_alts) < 0)
1574 return;
1575 }
1576
1577 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1578 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1579 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1580 else
1581 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1582 }
1583 } else {
1584 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1585 usb_kill_anchored_urbs(&data->isoc_anchor);
1586
1587 __set_isoc_interface(hdev, 0);
1588 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1589 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1590 }
1591}
1592
1593static void btusb_waker(struct work_struct *work)
1594{
1595 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1596 int err;
1597
1598 err = usb_autopm_get_interface(data->intf);
1599 if (err < 0)
1600 return;
1601
1602 usb_autopm_put_interface(data->intf);
1603}
1604
1605static int btusb_setup_bcm92035(struct hci_dev *hdev)
1606{
1607 struct sk_buff *skb;
1608 u8 val = 0x00;
1609
1610 BT_DBG("%s", hdev->name);
1611
1612 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1613 if (IS_ERR(skb))
1614 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1615 else
1616 kfree_skb(skb);
1617
1618 return 0;
1619}
1620
1621static int btusb_setup_csr(struct hci_dev *hdev)
1622{
1623 struct hci_rp_read_local_version *rp;
1624 struct sk_buff *skb;
1625
1626 BT_DBG("%s", hdev->name);
1627
1628 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1629 HCI_INIT_TIMEOUT);
1630 if (IS_ERR(skb)) {
1631 int err = PTR_ERR(skb);
1632 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1633 return err;
1634 }
1635
1636 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1637 bt_dev_err(hdev, "CSR: Local version length mismatch");
1638 kfree_skb(skb);
1639 return -EIO;
1640 }
1641
1642 rp = (struct hci_rp_read_local_version *)skb->data;
1643
1644
1645 if (le16_to_cpu(rp->manufacturer) != 10 ||
1646 le16_to_cpu(rp->lmp_subver) == 0x0c5c) {
1647
1648
1649
1650 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1651
1652
1653
1654
1655 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1656 }
1657
1658 kfree_skb(skb);
1659
1660 return 0;
1661}
1662
1663static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1664 struct intel_version *ver)
1665{
1666 const struct firmware *fw;
1667 char fwname[64];
1668 int ret;
1669
1670 snprintf(fwname, sizeof(fwname),
1671 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1672 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1673 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1674 ver->fw_build_ww, ver->fw_build_yy);
1675
1676 ret = request_firmware(&fw, fwname, &hdev->dev);
1677 if (ret < 0) {
1678 if (ret == -EINVAL) {
1679 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1680 ret);
1681 return NULL;
1682 }
1683
1684 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1685 fwname, ret);
1686
1687
1688
1689
1690 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1691 ver->hw_platform, ver->hw_variant);
1692 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1693 bt_dev_err(hdev, "failed to open default fw file: %s",
1694 fwname);
1695 return NULL;
1696 }
1697 }
1698
1699 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1700
1701 return fw;
1702}
1703
1704static int btusb_setup_intel_patching(struct hci_dev *hdev,
1705 const struct firmware *fw,
1706 const u8 **fw_ptr, int *disable_patch)
1707{
1708 struct sk_buff *skb;
1709 struct hci_command_hdr *cmd;
1710 const u8 *cmd_param;
1711 struct hci_event_hdr *evt = NULL;
1712 const u8 *evt_param = NULL;
1713 int remain = fw->size - (*fw_ptr - fw->data);
1714
1715
1716
1717
1718
1719
1720
1721
1722 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1723 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1724 return -EINVAL;
1725 }
1726 (*fw_ptr)++;
1727 remain--;
1728
1729 cmd = (struct hci_command_hdr *)(*fw_ptr);
1730 *fw_ptr += sizeof(*cmd);
1731 remain -= sizeof(*cmd);
1732
1733
1734
1735
1736 if (remain < cmd->plen) {
1737 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
1738 return -EFAULT;
1739 }
1740
1741
1742
1743
1744
1745
1746
1747 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1748 *disable_patch = 0;
1749
1750 cmd_param = *fw_ptr;
1751 *fw_ptr += cmd->plen;
1752 remain -= cmd->plen;
1753
1754
1755
1756
1757
1758
1759
1760
1761 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1762 (*fw_ptr)++;
1763 remain--;
1764
1765 evt = (struct hci_event_hdr *)(*fw_ptr);
1766 *fw_ptr += sizeof(*evt);
1767 remain -= sizeof(*evt);
1768
1769 if (remain < evt->plen) {
1770 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
1771 return -EFAULT;
1772 }
1773
1774 evt_param = *fw_ptr;
1775 *fw_ptr += evt->plen;
1776 remain -= evt->plen;
1777 }
1778
1779
1780
1781
1782
1783 if (!evt || !evt_param || remain < 0) {
1784 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
1785 return -EFAULT;
1786 }
1787
1788 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1789 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1790 if (IS_ERR(skb)) {
1791 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
1792 cmd->opcode, PTR_ERR(skb));
1793 return PTR_ERR(skb);
1794 }
1795
1796
1797
1798
1799
1800 if (skb->len != evt->plen) {
1801 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
1802 le16_to_cpu(cmd->opcode));
1803 kfree_skb(skb);
1804 return -EFAULT;
1805 }
1806
1807 if (memcmp(skb->data, evt_param, evt->plen)) {
1808 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
1809 le16_to_cpu(cmd->opcode));
1810 kfree_skb(skb);
1811 return -EFAULT;
1812 }
1813 kfree_skb(skb);
1814
1815 return 0;
1816}
1817
1818static int btusb_setup_intel(struct hci_dev *hdev)
1819{
1820 struct sk_buff *skb;
1821 const struct firmware *fw;
1822 const u8 *fw_ptr;
1823 int disable_patch, err;
1824 struct intel_version ver;
1825
1826 BT_DBG("%s", hdev->name);
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1837 if (IS_ERR(skb)) {
1838 bt_dev_err(hdev, "sending initial HCI reset command failed (%ld)",
1839 PTR_ERR(skb));
1840 return PTR_ERR(skb);
1841 }
1842 kfree_skb(skb);
1843
1844
1845
1846
1847
1848
1849
1850 err = btintel_read_version(hdev, &ver);
1851 if (err)
1852 return err;
1853
1854 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1855 ver.hw_platform, ver.hw_variant, ver.hw_revision,
1856 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
1857 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
1858
1859
1860
1861
1862
1863 if (ver.fw_patch_num) {
1864 bt_dev_info(hdev, "Intel device is already patched. "
1865 "patch num: %02x", ver.fw_patch_num);
1866 goto complete;
1867 }
1868
1869
1870
1871
1872
1873
1874
1875 fw = btusb_setup_intel_get_fw(hdev, &ver);
1876 if (!fw)
1877 goto complete;
1878 fw_ptr = fw->data;
1879
1880
1881
1882
1883
1884 err = btintel_enter_mfg(hdev);
1885 if (err) {
1886 release_firmware(fw);
1887 return err;
1888 }
1889
1890 disable_patch = 1;
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912 while (fw->size > fw_ptr - fw->data) {
1913 int ret;
1914
1915 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1916 &disable_patch);
1917 if (ret < 0)
1918 goto exit_mfg_deactivate;
1919 }
1920
1921 release_firmware(fw);
1922
1923 if (disable_patch)
1924 goto exit_mfg_disable;
1925
1926
1927
1928
1929 err = btintel_exit_mfg(hdev, true, true);
1930 if (err)
1931 return err;
1932
1933 bt_dev_info(hdev, "Intel firmware patch completed and activated");
1934
1935 goto complete;
1936
1937exit_mfg_disable:
1938
1939 err = btintel_exit_mfg(hdev, false, false);
1940 if (err)
1941 return err;
1942
1943 bt_dev_info(hdev, "Intel firmware patch completed");
1944
1945 goto complete;
1946
1947exit_mfg_deactivate:
1948 release_firmware(fw);
1949
1950
1951
1952
1953 err = btintel_exit_mfg(hdev, true, false);
1954 if (err)
1955 return err;
1956
1957 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1958
1959complete:
1960
1961
1962
1963 btintel_set_event_mask_mfg(hdev, false);
1964
1965 btintel_check_bdaddr(hdev);
1966 return 0;
1967}
1968
1969static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1970{
1971 struct sk_buff *skb;
1972 struct hci_event_hdr *hdr;
1973 struct hci_ev_cmd_complete *evt;
1974
1975 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1976 if (!skb)
1977 return -ENOMEM;
1978
1979 hdr = skb_put(skb, sizeof(*hdr));
1980 hdr->evt = HCI_EV_CMD_COMPLETE;
1981 hdr->plen = sizeof(*evt) + 1;
1982
1983 evt = skb_put(skb, sizeof(*evt));
1984 evt->ncmd = 0x01;
1985 evt->opcode = cpu_to_le16(opcode);
1986
1987 skb_put_u8(skb, 0x00);
1988
1989 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1990
1991 return hci_recv_frame(hdev, skb);
1992}
1993
1994static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1995 int count)
1996{
1997
1998
1999
2000
2001 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
2002 return btusb_recv_intr(data, buffer, count);
2003
2004 return btusb_recv_bulk(data, buffer, count);
2005}
2006
2007static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
2008 unsigned int len)
2009{
2010 const struct intel_bootup *evt = ptr;
2011
2012 if (len != sizeof(*evt))
2013 return;
2014
2015 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags))
2016 wake_up_bit(&data->flags, BTUSB_BOOTING);
2017}
2018
2019static void btusb_intel_secure_send_result(struct btusb_data *data,
2020 const void *ptr, unsigned int len)
2021{
2022 const struct intel_secure_send_result *evt = ptr;
2023
2024 if (len != sizeof(*evt))
2025 return;
2026
2027 if (evt->result)
2028 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
2029
2030 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
2031 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags))
2032 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
2033}
2034
2035static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2036{
2037 struct btusb_data *data = hci_get_drvdata(hdev);
2038
2039 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2040 struct hci_event_hdr *hdr = (void *)skb->data;
2041
2042 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2043 hdr->plen > 0) {
2044 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2045 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2046
2047 switch (skb->data[2]) {
2048 case 0x02:
2049
2050
2051
2052
2053 btusb_intel_bootup(data, ptr, len);
2054 break;
2055 case 0x06:
2056
2057
2058
2059
2060
2061 btusb_intel_secure_send_result(data, ptr, len);
2062 break;
2063 }
2064 }
2065 }
2066
2067 return hci_recv_frame(hdev, skb);
2068}
2069
2070static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2071{
2072 struct btusb_data *data = hci_get_drvdata(hdev);
2073 struct urb *urb;
2074
2075 BT_DBG("%s", hdev->name);
2076
2077 switch (hci_skb_pkt_type(skb)) {
2078 case HCI_COMMAND_PKT:
2079 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2080 struct hci_command_hdr *cmd = (void *)skb->data;
2081 __u16 opcode = le16_to_cpu(cmd->opcode);
2082
2083
2084
2085
2086
2087 if (opcode == 0xfc09)
2088 urb = alloc_bulk_urb(hdev, skb);
2089 else
2090 urb = alloc_ctrl_urb(hdev, skb);
2091
2092
2093
2094
2095
2096
2097 if (opcode == 0xfc01)
2098 inject_cmd_complete(hdev, opcode);
2099 } else {
2100 urb = alloc_ctrl_urb(hdev, skb);
2101 }
2102 if (IS_ERR(urb))
2103 return PTR_ERR(urb);
2104
2105 hdev->stat.cmd_tx++;
2106 return submit_or_queue_tx_urb(hdev, urb);
2107
2108 case HCI_ACLDATA_PKT:
2109 urb = alloc_bulk_urb(hdev, skb);
2110 if (IS_ERR(urb))
2111 return PTR_ERR(urb);
2112
2113 hdev->stat.acl_tx++;
2114 return submit_or_queue_tx_urb(hdev, urb);
2115
2116 case HCI_SCODATA_PKT:
2117 if (hci_conn_num(hdev, SCO_LINK) < 1)
2118 return -ENODEV;
2119
2120 urb = alloc_isoc_urb(hdev, skb);
2121 if (IS_ERR(urb))
2122 return PTR_ERR(urb);
2123
2124 hdev->stat.sco_tx++;
2125 return submit_tx_urb(hdev, urb);
2126 }
2127
2128 return -EILSEQ;
2129}
2130
2131static bool btusb_setup_intel_new_get_fw_name(struct intel_version *ver,
2132 struct intel_boot_params *params,
2133 char *fw_name, size_t len,
2134 const char *suffix)
2135{
2136 switch (ver->hw_variant) {
2137 case 0x0b:
2138 case 0x0c:
2139 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
2140 le16_to_cpu(ver->hw_variant),
2141 le16_to_cpu(params->dev_revid),
2142 suffix);
2143 break;
2144 case 0x11:
2145 case 0x12:
2146 case 0x13:
2147 case 0x14:
2148 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
2149 le16_to_cpu(ver->hw_variant),
2150 le16_to_cpu(ver->hw_revision),
2151 le16_to_cpu(ver->fw_revision),
2152 suffix);
2153 break;
2154 default:
2155 return false;
2156 }
2157 return true;
2158}
2159
2160static int btusb_setup_intel_new(struct hci_dev *hdev)
2161{
2162 struct btusb_data *data = hci_get_drvdata(hdev);
2163 struct intel_version ver;
2164 struct intel_boot_params params;
2165 const struct firmware *fw;
2166 u32 boot_param;
2167 char fwname[64];
2168 ktime_t calltime, delta, rettime;
2169 unsigned long long duration;
2170 int err;
2171
2172 BT_DBG("%s", hdev->name);
2173
2174
2175
2176
2177
2178 boot_param = 0x00000000;
2179
2180 calltime = ktime_get();
2181
2182
2183
2184
2185
2186 err = btintel_read_version(hdev, &ver);
2187 if (err) {
2188 bt_dev_err(hdev, "Intel Read version failed (%d)", err);
2189 btintel_reset_to_bootloader(hdev);
2190 return err;
2191 }
2192
2193
2194
2195
2196 if (ver.hw_platform != 0x37) {
2197 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
2198 ver.hw_platform);
2199 return -EINVAL;
2200 }
2201
2202
2203
2204
2205
2206
2207
2208 switch (ver.hw_variant) {
2209 case 0x0b:
2210 case 0x0c:
2211 case 0x11:
2212 case 0x12:
2213 case 0x13:
2214 case 0x14:
2215 break;
2216 default:
2217 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
2218 ver.hw_variant);
2219 return -EINVAL;
2220 }
2221
2222 btintel_version_info(hdev, &ver);
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237 if (ver.fw_variant == 0x23) {
2238 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2239 btintel_check_bdaddr(hdev);
2240 return 0;
2241 }
2242
2243
2244
2245
2246 if (ver.fw_variant != 0x06) {
2247 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
2248 ver.fw_variant);
2249 return -ENODEV;
2250 }
2251
2252
2253
2254
2255 err = btintel_read_boot_params(hdev, ¶ms);
2256 if (err)
2257 return err;
2258
2259
2260
2261
2262
2263 if (params.limited_cce != 0x00) {
2264 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
2265 params.limited_cce);
2266 return -EINVAL;
2267 }
2268
2269
2270
2271
2272 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) {
2273 bt_dev_info(hdev, "No device address configured");
2274 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2275 }
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298 err = btusb_setup_intel_new_get_fw_name(&ver, ¶ms, fwname,
2299 sizeof(fwname), "sfi");
2300 if (!err) {
2301 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2302 return -EINVAL;
2303 }
2304
2305 err = request_firmware(&fw, fwname, &hdev->dev);
2306 if (err < 0) {
2307 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err);
2308 return err;
2309 }
2310
2311 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2312
2313
2314
2315
2316 err = btusb_setup_intel_new_get_fw_name(&ver, ¶ms, fwname,
2317 sizeof(fwname), "ddc");
2318 if (!err) {
2319 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2320 return -EINVAL;
2321 }
2322
2323 if (fw->size < 644) {
2324 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2325 fw->size);
2326 err = -EBADF;
2327 goto done;
2328 }
2329
2330 set_bit(BTUSB_DOWNLOADING, &data->flags);
2331
2332
2333 err = btintel_download_firmware(hdev, fw, &boot_param);
2334 if (err < 0) {
2335
2336
2337
2338 btintel_reset_to_bootloader(hdev);
2339 goto done;
2340 }
2341 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2342
2343 bt_dev_info(hdev, "Waiting for firmware download to complete");
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2357 TASK_INTERRUPTIBLE,
2358 msecs_to_jiffies(5000));
2359 if (err == -EINTR) {
2360 bt_dev_err(hdev, "Firmware loading interrupted");
2361 goto done;
2362 }
2363
2364 if (err) {
2365 bt_dev_err(hdev, "Firmware loading timeout");
2366 err = -ETIMEDOUT;
2367 btintel_reset_to_bootloader(hdev);
2368 goto done;
2369 }
2370
2371 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2372 bt_dev_err(hdev, "Firmware loading failed");
2373 err = -ENOEXEC;
2374 goto done;
2375 }
2376
2377 rettime = ktime_get();
2378 delta = ktime_sub(rettime, calltime);
2379 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2380
2381 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2382
2383done:
2384 release_firmware(fw);
2385
2386 if (err < 0)
2387 return err;
2388
2389 calltime = ktime_get();
2390
2391 set_bit(BTUSB_BOOTING, &data->flags);
2392
2393 err = btintel_send_intel_reset(hdev, boot_param);
2394 if (err) {
2395 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
2396 btintel_reset_to_bootloader(hdev);
2397 return err;
2398 }
2399
2400
2401
2402
2403
2404
2405
2406
2407 bt_dev_info(hdev, "Waiting for device to boot");
2408
2409 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2410 TASK_INTERRUPTIBLE,
2411 msecs_to_jiffies(1000));
2412
2413 if (err == -EINTR) {
2414 bt_dev_err(hdev, "Device boot interrupted");
2415 return -EINTR;
2416 }
2417
2418 if (err) {
2419 bt_dev_err(hdev, "Device boot timeout");
2420 btintel_reset_to_bootloader(hdev);
2421 return -ETIMEDOUT;
2422 }
2423
2424 rettime = ktime_get();
2425 delta = ktime_sub(rettime, calltime);
2426 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2427
2428 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2429
2430 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2431
2432
2433
2434
2435
2436
2437
2438 btintel_load_ddc_config(hdev, fwname);
2439
2440
2441
2442
2443
2444
2445
2446
2447 btintel_set_event_mask(hdev, false);
2448
2449
2450 err = btintel_read_version(hdev, &ver);
2451 if (err)
2452 return err;
2453
2454 btintel_version_info(hdev, &ver);
2455
2456 return 0;
2457}
2458
2459static int btusb_shutdown_intel(struct hci_dev *hdev)
2460{
2461 struct sk_buff *skb;
2462 long ret;
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2473 if (IS_ERR(skb)) {
2474 ret = PTR_ERR(skb);
2475 bt_dev_err(hdev, "HCI reset during shutdown failed");
2476 return ret;
2477 }
2478 kfree_skb(skb);
2479
2480
2481
2482
2483
2484 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2485 if (IS_ERR(skb)) {
2486 ret = PTR_ERR(skb);
2487 bt_dev_err(hdev, "turning off Intel device LED failed");
2488 return ret;
2489 }
2490 kfree_skb(skb);
2491
2492 return 0;
2493}
2494
2495static int btusb_shutdown_intel_new(struct hci_dev *hdev)
2496{
2497 struct sk_buff *skb;
2498
2499
2500
2501
2502
2503 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2504 if (IS_ERR(skb)) {
2505 bt_dev_err(hdev, "HCI reset during shutdown failed");
2506 return PTR_ERR(skb);
2507 }
2508 kfree_skb(skb);
2509
2510 return 0;
2511}
2512
2513#define FIRMWARE_MT7663 "mediatek/mt7663pr2h.bin"
2514#define FIRMWARE_MT7668 "mediatek/mt7668pr2h.bin"
2515
2516#define HCI_WMT_MAX_EVENT_SIZE 64
2517
2518enum {
2519 BTMTK_WMT_PATCH_DWNLD = 0x1,
2520 BTMTK_WMT_FUNC_CTRL = 0x6,
2521 BTMTK_WMT_RST = 0x7,
2522 BTMTK_WMT_SEMAPHORE = 0x17,
2523};
2524
2525enum {
2526 BTMTK_WMT_INVALID,
2527 BTMTK_WMT_PATCH_UNDONE,
2528 BTMTK_WMT_PATCH_DONE,
2529 BTMTK_WMT_ON_UNDONE,
2530 BTMTK_WMT_ON_DONE,
2531 BTMTK_WMT_ON_PROGRESS,
2532};
2533
2534struct btmtk_wmt_hdr {
2535 u8 dir;
2536 u8 op;
2537 __le16 dlen;
2538 u8 flag;
2539} __packed;
2540
2541struct btmtk_hci_wmt_cmd {
2542 struct btmtk_wmt_hdr hdr;
2543 u8 data[256];
2544} __packed;
2545
2546struct btmtk_hci_wmt_evt {
2547 struct hci_event_hdr hhdr;
2548 struct btmtk_wmt_hdr whdr;
2549} __packed;
2550
2551struct btmtk_hci_wmt_evt_funcc {
2552 struct btmtk_hci_wmt_evt hwhdr;
2553 __be16 status;
2554} __packed;
2555
2556struct btmtk_tci_sleep {
2557 u8 mode;
2558 __le16 duration;
2559 __le16 host_duration;
2560 u8 host_wakeup_pin;
2561 u8 time_compensation;
2562} __packed;
2563
2564struct btmtk_hci_wmt_params {
2565 u8 op;
2566 u8 flag;
2567 u16 dlen;
2568 const void *data;
2569 u32 *status;
2570};
2571
2572static void btusb_mtk_wmt_recv(struct urb *urb)
2573{
2574 struct hci_dev *hdev = urb->context;
2575 struct btusb_data *data = hci_get_drvdata(hdev);
2576 struct hci_event_hdr *hdr;
2577 struct sk_buff *skb;
2578 int err;
2579
2580 if (urb->status == 0 && urb->actual_length > 0) {
2581 hdev->stat.byte_rx += urb->actual_length;
2582
2583
2584
2585
2586 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
2587 if (!skb) {
2588 hdev->stat.err_rx++;
2589 goto err_out;
2590 }
2591
2592 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2593 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
2594
2595 hdr = (void *)skb->data;
2596
2597
2598
2599
2600 hdr->evt = 0xff;
2601
2602
2603
2604
2605 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
2606 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
2607 if (!data->evt_skb)
2608 goto err_out;
2609 }
2610
2611 err = hci_recv_frame(hdev, skb);
2612 if (err < 0)
2613 goto err_free_skb;
2614
2615 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
2616 &data->flags)) {
2617
2618 smp_mb__after_atomic();
2619 wake_up_bit(&data->flags,
2620 BTUSB_TX_WAIT_VND_EVT);
2621 }
2622err_out:
2623 return;
2624err_free_skb:
2625 kfree_skb(data->evt_skb);
2626 data->evt_skb = NULL;
2627 return;
2628 } else if (urb->status == -ENOENT) {
2629
2630 return;
2631 }
2632
2633 usb_mark_last_busy(data->udev);
2634
2635
2636
2637
2638
2639
2640
2641
2642 udelay(100);
2643
2644 usb_anchor_urb(urb, &data->ctrl_anchor);
2645 err = usb_submit_urb(urb, GFP_ATOMIC);
2646 if (err < 0) {
2647
2648
2649
2650 if (err != -EPERM && err != -ENODEV)
2651 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
2652 urb, -err);
2653 usb_unanchor_urb(urb);
2654 }
2655}
2656
2657static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
2658{
2659 struct btusb_data *data = hci_get_drvdata(hdev);
2660 struct usb_ctrlrequest *dr;
2661 unsigned char *buf;
2662 int err, size = 64;
2663 unsigned int pipe;
2664 struct urb *urb;
2665
2666 urb = usb_alloc_urb(0, GFP_KERNEL);
2667 if (!urb)
2668 return -ENOMEM;
2669
2670 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
2671 if (!dr) {
2672 usb_free_urb(urb);
2673 return -ENOMEM;
2674 }
2675
2676 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
2677 dr->bRequest = 1;
2678 dr->wIndex = cpu_to_le16(0);
2679 dr->wValue = cpu_to_le16(48);
2680 dr->wLength = cpu_to_le16(size);
2681
2682 buf = kmalloc(size, GFP_KERNEL);
2683 if (!buf) {
2684 kfree(dr);
2685 return -ENOMEM;
2686 }
2687
2688 pipe = usb_rcvctrlpipe(data->udev, 0);
2689
2690 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
2691 buf, size, btusb_mtk_wmt_recv, hdev);
2692
2693 urb->transfer_flags |= URB_FREE_BUFFER;
2694
2695 usb_anchor_urb(urb, &data->ctrl_anchor);
2696 err = usb_submit_urb(urb, GFP_KERNEL);
2697 if (err < 0) {
2698 if (err != -EPERM && err != -ENODEV)
2699 bt_dev_err(hdev, "urb %p submission failed (%d)",
2700 urb, -err);
2701 usb_unanchor_urb(urb);
2702 }
2703
2704 usb_free_urb(urb);
2705
2706 return err;
2707}
2708
2709static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
2710 struct btmtk_hci_wmt_params *wmt_params)
2711{
2712 struct btusb_data *data = hci_get_drvdata(hdev);
2713 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
2714 u32 hlen, status = BTMTK_WMT_INVALID;
2715 struct btmtk_hci_wmt_evt *wmt_evt;
2716 struct btmtk_hci_wmt_cmd wc;
2717 struct btmtk_wmt_hdr *hdr;
2718 int err;
2719
2720
2721 err = btusb_mtk_submit_wmt_recv_urb(hdev);
2722 if (err < 0)
2723 return err;
2724
2725
2726 hlen = sizeof(*hdr) + wmt_params->dlen;
2727 if (hlen > 255)
2728 return -EINVAL;
2729
2730 hdr = (struct btmtk_wmt_hdr *)&wc;
2731 hdr->dir = 1;
2732 hdr->op = wmt_params->op;
2733 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
2734 hdr->flag = wmt_params->flag;
2735 memcpy(wc.data, wmt_params->data, wmt_params->dlen);
2736
2737 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2738
2739 err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
2740
2741 if (err < 0) {
2742 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2743 return err;
2744 }
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT,
2756 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
2757 if (err == -EINTR) {
2758 bt_dev_err(hdev, "Execution of wmt command interrupted");
2759 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2760 return err;
2761 }
2762
2763 if (err) {
2764 bt_dev_err(hdev, "Execution of wmt command timed out");
2765 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
2766 return -ETIMEDOUT;
2767 }
2768
2769
2770 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
2771 if (wmt_evt->whdr.op != hdr->op) {
2772 bt_dev_err(hdev, "Wrong op received %d expected %d",
2773 wmt_evt->whdr.op, hdr->op);
2774 err = -EIO;
2775 goto err_free_skb;
2776 }
2777
2778 switch (wmt_evt->whdr.op) {
2779 case BTMTK_WMT_SEMAPHORE:
2780 if (wmt_evt->whdr.flag == 2)
2781 status = BTMTK_WMT_PATCH_UNDONE;
2782 else
2783 status = BTMTK_WMT_PATCH_DONE;
2784 break;
2785 case BTMTK_WMT_FUNC_CTRL:
2786 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
2787 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
2788 status = BTMTK_WMT_ON_DONE;
2789 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
2790 status = BTMTK_WMT_ON_PROGRESS;
2791 else
2792 status = BTMTK_WMT_ON_UNDONE;
2793 break;
2794 }
2795
2796 if (wmt_params->status)
2797 *wmt_params->status = status;
2798
2799err_free_skb:
2800 kfree_skb(data->evt_skb);
2801 data->evt_skb = NULL;
2802
2803 return err;
2804}
2805
2806static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
2807{
2808 struct btmtk_hci_wmt_params wmt_params;
2809 const struct firmware *fw;
2810 const u8 *fw_ptr;
2811 size_t fw_size;
2812 int err, dlen;
2813 u8 flag;
2814
2815 err = request_firmware(&fw, fwname, &hdev->dev);
2816 if (err < 0) {
2817 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
2818 return err;
2819 }
2820
2821 fw_ptr = fw->data;
2822 fw_size = fw->size;
2823
2824
2825 if (fw_size < 30) {
2826 err = -EINVAL;
2827 goto err_release_fw;
2828 }
2829
2830 fw_size -= 30;
2831 fw_ptr += 30;
2832 flag = 1;
2833
2834 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
2835 wmt_params.status = NULL;
2836
2837 while (fw_size > 0) {
2838 dlen = min_t(int, 250, fw_size);
2839
2840
2841 if (fw_size - dlen <= 0)
2842 flag = 3;
2843 else if (fw_size < fw->size - 30)
2844 flag = 2;
2845
2846 wmt_params.flag = flag;
2847 wmt_params.dlen = dlen;
2848 wmt_params.data = fw_ptr;
2849
2850 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2851 if (err < 0) {
2852 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
2853 err);
2854 goto err_release_fw;
2855 }
2856
2857 fw_size -= dlen;
2858 fw_ptr += dlen;
2859 }
2860
2861 wmt_params.op = BTMTK_WMT_RST;
2862 wmt_params.flag = 4;
2863 wmt_params.dlen = 0;
2864 wmt_params.data = NULL;
2865 wmt_params.status = NULL;
2866
2867
2868 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2869 if (err < 0) {
2870 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
2871 goto err_release_fw;
2872 }
2873
2874
2875 usleep_range(10000, 12000);
2876
2877err_release_fw:
2878 release_firmware(fw);
2879
2880 return err;
2881}
2882
2883static int btusb_mtk_func_query(struct hci_dev *hdev)
2884{
2885 struct btmtk_hci_wmt_params wmt_params;
2886 int status, err;
2887 u8 param = 0;
2888
2889
2890 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
2891 wmt_params.flag = 4;
2892 wmt_params.dlen = sizeof(param);
2893 wmt_params.data = ¶m;
2894 wmt_params.status = &status;
2895
2896 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2897 if (err < 0) {
2898 bt_dev_err(hdev, "Failed to query function status (%d)", err);
2899 return err;
2900 }
2901
2902 return status;
2903}
2904
2905static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
2906{
2907 int pipe, err, size = sizeof(u32);
2908 void *buf;
2909
2910 buf = kzalloc(size, GFP_KERNEL);
2911 if (!buf)
2912 return -ENOMEM;
2913
2914 pipe = usb_rcvctrlpipe(data->udev, 0);
2915 err = usb_control_msg(data->udev, pipe, 0x63,
2916 USB_TYPE_VENDOR | USB_DIR_IN,
2917 reg >> 16, reg & 0xffff,
2918 buf, size, USB_CTRL_SET_TIMEOUT);
2919 if (err < 0)
2920 goto err_free_buf;
2921
2922 *val = get_unaligned_le32(buf);
2923
2924err_free_buf:
2925 kfree(buf);
2926
2927 return err;
2928}
2929
2930static int btusb_mtk_id_get(struct btusb_data *data, u32 *id)
2931{
2932 return btusb_mtk_reg_read(data, 0x80000008, id);
2933}
2934
2935static int btusb_mtk_setup(struct hci_dev *hdev)
2936{
2937 struct btusb_data *data = hci_get_drvdata(hdev);
2938 struct btmtk_hci_wmt_params wmt_params;
2939 ktime_t calltime, delta, rettime;
2940 struct btmtk_tci_sleep tci_sleep;
2941 unsigned long long duration;
2942 struct sk_buff *skb;
2943 const char *fwname;
2944 int err, status;
2945 u32 dev_id;
2946 u8 param;
2947
2948 calltime = ktime_get();
2949
2950 err = btusb_mtk_id_get(data, &dev_id);
2951 if (err < 0) {
2952 bt_dev_err(hdev, "Failed to get device id (%d)", err);
2953 return err;
2954 }
2955
2956 switch (dev_id) {
2957 case 0x7663:
2958 fwname = FIRMWARE_MT7663;
2959 break;
2960 case 0x7668:
2961 fwname = FIRMWARE_MT7668;
2962 break;
2963 default:
2964 bt_dev_err(hdev, "Unsupported support hardware variant (%08x)",
2965 dev_id);
2966 return -ENODEV;
2967 }
2968
2969
2970 wmt_params.op = BTMTK_WMT_SEMAPHORE;
2971 wmt_params.flag = 1;
2972 wmt_params.dlen = 0;
2973 wmt_params.data = NULL;
2974 wmt_params.status = &status;
2975
2976 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
2977 if (err < 0) {
2978 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
2979 return err;
2980 }
2981
2982 if (status == BTMTK_WMT_PATCH_DONE) {
2983 bt_dev_info(hdev, "firmware already downloaded");
2984 goto ignore_setup_fw;
2985 }
2986
2987
2988 err = btusb_mtk_setup_firmware(hdev, fwname);
2989 if (err < 0)
2990 return err;
2991
2992ignore_setup_fw:
2993 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
2994 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
2995 2000, 5000000);
2996
2997 if (err < 0)
2998 return err;
2999
3000
3001 if (status < 0)
3002 return status;
3003
3004 if (status == BTMTK_WMT_ON_DONE) {
3005 bt_dev_info(hdev, "function already on");
3006 goto ignore_func_on;
3007 }
3008
3009
3010 param = 1;
3011 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3012 wmt_params.flag = 0;
3013 wmt_params.dlen = sizeof(param);
3014 wmt_params.data = ¶m;
3015 wmt_params.status = NULL;
3016
3017 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3018 if (err < 0) {
3019 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3020 return err;
3021 }
3022
3023ignore_func_on:
3024
3025 tci_sleep.mode = 0x5;
3026 tci_sleep.duration = cpu_to_le16(0x640);
3027 tci_sleep.host_duration = cpu_to_le16(0x640);
3028 tci_sleep.host_wakeup_pin = 0;
3029 tci_sleep.time_compensation = 0;
3030
3031 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
3032 HCI_INIT_TIMEOUT);
3033 if (IS_ERR(skb)) {
3034 err = PTR_ERR(skb);
3035 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
3036 return err;
3037 }
3038 kfree_skb(skb);
3039
3040 rettime = ktime_get();
3041 delta = ktime_sub(rettime, calltime);
3042 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
3043
3044 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
3045
3046 return 0;
3047}
3048
3049static int btusb_mtk_shutdown(struct hci_dev *hdev)
3050{
3051 struct btmtk_hci_wmt_params wmt_params;
3052 u8 param = 0;
3053 int err;
3054
3055
3056 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3057 wmt_params.flag = 0;
3058 wmt_params.dlen = sizeof(param);
3059 wmt_params.data = ¶m;
3060 wmt_params.status = NULL;
3061
3062 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3063 if (err < 0) {
3064 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3065 return err;
3066 }
3067
3068 return 0;
3069}
3070
3071MODULE_FIRMWARE(FIRMWARE_MT7663);
3072MODULE_FIRMWARE(FIRMWARE_MT7668);
3073
3074#ifdef CONFIG_PM
3075
3076static int marvell_config_oob_wake(struct hci_dev *hdev)
3077{
3078 struct sk_buff *skb;
3079 struct btusb_data *data = hci_get_drvdata(hdev);
3080 struct device *dev = &data->udev->dev;
3081 u16 pin, gap, opcode;
3082 int ret;
3083 u8 cmd[5];
3084
3085
3086 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
3087 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
3088 return 0;
3089
3090
3091 opcode = hci_opcode_pack(0x3F, 0x59);
3092 cmd[0] = opcode & 0xFF;
3093 cmd[1] = opcode >> 8;
3094 cmd[2] = 2;
3095 cmd[3] = pin;
3096 cmd[4] = gap;
3097
3098 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
3099 if (!skb) {
3100 bt_dev_err(hdev, "%s: No memory\n", __func__);
3101 return -ENOMEM;
3102 }
3103
3104 skb_put_data(skb, cmd, sizeof(cmd));
3105 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
3106
3107 ret = btusb_send_frame(hdev, skb);
3108 if (ret) {
3109 bt_dev_err(hdev, "%s: configuration failed\n", __func__);
3110 kfree_skb(skb);
3111 return ret;
3112 }
3113
3114 return 0;
3115}
3116#endif
3117
3118static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
3119 const bdaddr_t *bdaddr)
3120{
3121 struct sk_buff *skb;
3122 u8 buf[8];
3123 long ret;
3124
3125 buf[0] = 0xfe;
3126 buf[1] = sizeof(bdaddr_t);
3127 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
3128
3129 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3130 if (IS_ERR(skb)) {
3131 ret = PTR_ERR(skb);
3132 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
3133 ret);
3134 return ret;
3135 }
3136 kfree_skb(skb);
3137
3138 return 0;
3139}
3140
3141static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
3142 const bdaddr_t *bdaddr)
3143{
3144 struct sk_buff *skb;
3145 u8 buf[10];
3146 long ret;
3147
3148 buf[0] = 0x01;
3149 buf[1] = 0x01;
3150 buf[2] = 0x00;
3151 buf[3] = sizeof(bdaddr_t);
3152 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
3153
3154 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3155 if (IS_ERR(skb)) {
3156 ret = PTR_ERR(skb);
3157 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3158 return ret;
3159 }
3160 kfree_skb(skb);
3161
3162 return 0;
3163}
3164
3165#define QCA_DFU_PACKET_LEN 4096
3166
3167#define QCA_GET_TARGET_VERSION 0x09
3168#define QCA_CHECK_STATUS 0x05
3169#define QCA_DFU_DOWNLOAD 0x01
3170
3171#define QCA_SYSCFG_UPDATED 0x40
3172#define QCA_PATCH_UPDATED 0x80
3173#define QCA_DFU_TIMEOUT 3000
3174
3175struct qca_version {
3176 __le32 rom_version;
3177 __le32 patch_version;
3178 __le32 ram_version;
3179 __le32 ref_clock;
3180 __u8 reserved[4];
3181} __packed;
3182
3183struct qca_rampatch_version {
3184 __le16 rom_version;
3185 __le16 patch_version;
3186} __packed;
3187
3188struct qca_device_info {
3189 u32 rom_version;
3190 u8 rampatch_hdr;
3191 u8 nvm_hdr;
3192 u8 ver_offset;
3193};
3194
3195static const struct qca_device_info qca_devices_table[] = {
3196 { 0x00000100, 20, 4, 10 },
3197 { 0x00000101, 20, 4, 10 },
3198 { 0x00000200, 28, 4, 18 },
3199 { 0x00000201, 28, 4, 18 },
3200 { 0x00000300, 28, 4, 18 },
3201 { 0x00000302, 28, 4, 18 },
3202};
3203
3204static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3205 void *data, u16 size)
3206{
3207 int pipe, err;
3208 u8 *buf;
3209
3210 buf = kmalloc(size, GFP_KERNEL);
3211 if (!buf)
3212 return -ENOMEM;
3213
3214
3215
3216
3217 pipe = usb_rcvctrlpipe(udev, 0);
3218 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3219 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3220 if (err < 0) {
3221 dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3222 goto done;
3223 }
3224
3225 memcpy(data, buf, size);
3226
3227done:
3228 kfree(buf);
3229
3230 return err;
3231}
3232
3233static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3234 const struct firmware *firmware,
3235 size_t hdr_size)
3236{
3237 struct btusb_data *btdata = hci_get_drvdata(hdev);
3238 struct usb_device *udev = btdata->udev;
3239 size_t count, size, sent = 0;
3240 int pipe, len, err;
3241 u8 *buf;
3242
3243 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3244 if (!buf)
3245 return -ENOMEM;
3246
3247 count = firmware->size;
3248
3249 size = min_t(size_t, count, hdr_size);
3250 memcpy(buf, firmware->data, size);
3251
3252
3253
3254
3255
3256
3257 pipe = usb_sndctrlpipe(udev, 0);
3258 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3259 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3260 if (err < 0) {
3261 bt_dev_err(hdev, "Failed to send headers (%d)", err);
3262 goto done;
3263 }
3264
3265 sent += size;
3266 count -= size;
3267
3268 while (count) {
3269 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3270
3271 memcpy(buf, firmware->data + sent, size);
3272
3273 pipe = usb_sndbulkpipe(udev, 0x02);
3274 err = usb_bulk_msg(udev, pipe, buf, size, &len,
3275 QCA_DFU_TIMEOUT);
3276 if (err < 0) {
3277 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3278 sent, firmware->size, err);
3279 break;
3280 }
3281
3282 if (size != len) {
3283 bt_dev_err(hdev, "Failed to get bulk buffer");
3284 err = -EILSEQ;
3285 break;
3286 }
3287
3288 sent += size;
3289 count -= size;
3290 }
3291
3292done:
3293 kfree(buf);
3294 return err;
3295}
3296
3297static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3298 struct qca_version *ver,
3299 const struct qca_device_info *info)
3300{
3301 struct qca_rampatch_version *rver;
3302 const struct firmware *fw;
3303 u32 ver_rom, ver_patch;
3304 u16 rver_rom, rver_patch;
3305 char fwname[64];
3306 int err;
3307
3308 ver_rom = le32_to_cpu(ver->rom_version);
3309 ver_patch = le32_to_cpu(ver->patch_version);
3310
3311 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
3312
3313 err = request_firmware(&fw, fwname, &hdev->dev);
3314 if (err) {
3315 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3316 fwname, err);
3317 return err;
3318 }
3319
3320 bt_dev_info(hdev, "using rampatch file: %s", fwname);
3321
3322 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3323 rver_rom = le16_to_cpu(rver->rom_version);
3324 rver_patch = le16_to_cpu(rver->patch_version);
3325
3326 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3327 "firmware rome 0x%x build 0x%x",
3328 rver_rom, rver_patch, ver_rom, ver_patch);
3329
3330 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3331 bt_dev_err(hdev, "rampatch file version did not match with firmware");
3332 err = -EINVAL;
3333 goto done;
3334 }
3335
3336 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
3337
3338done:
3339 release_firmware(fw);
3340
3341 return err;
3342}
3343
3344static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
3345 struct qca_version *ver,
3346 const struct qca_device_info *info)
3347{
3348 const struct firmware *fw;
3349 char fwname[64];
3350 int err;
3351
3352 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
3353 le32_to_cpu(ver->rom_version));
3354
3355 err = request_firmware(&fw, fwname, &hdev->dev);
3356 if (err) {
3357 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
3358 fwname, err);
3359 return err;
3360 }
3361
3362 bt_dev_info(hdev, "using NVM file: %s", fwname);
3363
3364 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
3365
3366 release_firmware(fw);
3367
3368 return err;
3369}
3370
3371
3372static bool btusb_qca_need_patch(struct usb_device *udev)
3373{
3374 struct qca_version ver;
3375
3376 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3377 sizeof(ver)) < 0)
3378 return false;
3379
3380 return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
3381}
3382
3383static int btusb_setup_qca(struct hci_dev *hdev)
3384{
3385 struct btusb_data *btdata = hci_get_drvdata(hdev);
3386 struct usb_device *udev = btdata->udev;
3387 const struct qca_device_info *info = NULL;
3388 struct qca_version ver;
3389 u32 ver_rom;
3390 u8 status;
3391 int i, err;
3392
3393 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
3394 sizeof(ver));
3395 if (err < 0)
3396 return err;
3397
3398 ver_rom = le32_to_cpu(ver.rom_version);
3399
3400 if (ver_rom & ~0xffffU)
3401 return 0;
3402
3403 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3404 if (ver_rom == qca_devices_table[i].rom_version)
3405 info = &qca_devices_table[i];
3406 }
3407 if (!info) {
3408 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
3409 return -ENODEV;
3410 }
3411
3412 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
3413 sizeof(status));
3414 if (err < 0)
3415 return err;
3416
3417 if (!(status & QCA_PATCH_UPDATED)) {
3418 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
3419 if (err < 0)
3420 return err;
3421 }
3422
3423 if (!(status & QCA_SYSCFG_UPDATED)) {
3424 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
3425 if (err < 0)
3426 return err;
3427 }
3428
3429 return 0;
3430}
3431
3432static inline int __set_diag_interface(struct hci_dev *hdev)
3433{
3434 struct btusb_data *data = hci_get_drvdata(hdev);
3435 struct usb_interface *intf = data->diag;
3436 int i;
3437
3438 if (!data->diag)
3439 return -ENODEV;
3440
3441 data->diag_tx_ep = NULL;
3442 data->diag_rx_ep = NULL;
3443
3444 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3445 struct usb_endpoint_descriptor *ep_desc;
3446
3447 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3448
3449 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3450 data->diag_tx_ep = ep_desc;
3451 continue;
3452 }
3453
3454 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3455 data->diag_rx_ep = ep_desc;
3456 continue;
3457 }
3458 }
3459
3460 if (!data->diag_tx_ep || !data->diag_rx_ep) {
3461 bt_dev_err(hdev, "invalid diagnostic descriptors");
3462 return -ENODEV;
3463 }
3464
3465 return 0;
3466}
3467
3468static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
3469{
3470 struct btusb_data *data = hci_get_drvdata(hdev);
3471 struct sk_buff *skb;
3472 struct urb *urb;
3473 unsigned int pipe;
3474
3475 if (!data->diag_tx_ep)
3476 return ERR_PTR(-ENODEV);
3477
3478 urb = usb_alloc_urb(0, GFP_KERNEL);
3479 if (!urb)
3480 return ERR_PTR(-ENOMEM);
3481
3482 skb = bt_skb_alloc(2, GFP_KERNEL);
3483 if (!skb) {
3484 usb_free_urb(urb);
3485 return ERR_PTR(-ENOMEM);
3486 }
3487
3488 skb_put_u8(skb, 0xf0);
3489 skb_put_u8(skb, enable);
3490
3491 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
3492
3493 usb_fill_bulk_urb(urb, data->udev, pipe,
3494 skb->data, skb->len, btusb_tx_complete, skb);
3495
3496 skb->dev = (void *)hdev;
3497
3498 return urb;
3499}
3500
3501static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
3502{
3503 struct btusb_data *data = hci_get_drvdata(hdev);
3504 struct urb *urb;
3505
3506 if (!data->diag)
3507 return -ENODEV;
3508
3509 if (!test_bit(HCI_RUNNING, &hdev->flags))
3510 return -ENETDOWN;
3511
3512 urb = alloc_diag_urb(hdev, enable);
3513 if (IS_ERR(urb))
3514 return PTR_ERR(urb);
3515
3516 return submit_or_queue_tx_urb(hdev, urb);
3517}
3518
3519#ifdef CONFIG_PM
3520static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
3521{
3522 struct btusb_data *data = priv;
3523
3524 pm_wakeup_event(&data->udev->dev, 0);
3525 pm_system_wakeup();
3526
3527
3528 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3529 disable_irq_nosync(irq);
3530 disable_irq_wake(irq);
3531 }
3532 return IRQ_HANDLED;
3533}
3534
3535static const struct of_device_id btusb_match_table[] = {
3536 { .compatible = "usb1286,204e" },
3537 { .compatible = "usbcf3,e300" },
3538 { .compatible = "usb4ca,301a" },
3539 { }
3540};
3541MODULE_DEVICE_TABLE(of, btusb_match_table);
3542
3543
3544static int btusb_config_oob_wake(struct hci_dev *hdev)
3545{
3546 struct btusb_data *data = hci_get_drvdata(hdev);
3547 struct device *dev = &data->udev->dev;
3548 int irq, ret;
3549
3550 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3551
3552 if (!of_match_device(btusb_match_table, dev))
3553 return 0;
3554
3555
3556 irq = of_irq_get_byname(dev->of_node, "wakeup");
3557 if (irq <= 0) {
3558 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
3559 return 0;
3560 }
3561
3562 irq_set_status_flags(irq, IRQ_NOAUTOEN);
3563 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
3564 0, "OOB Wake-on-BT", data);
3565 if (ret) {
3566 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
3567 return ret;
3568 }
3569
3570 ret = device_init_wakeup(dev, true);
3571 if (ret) {
3572 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
3573 return ret;
3574 }
3575
3576 data->oob_wake_irq = irq;
3577 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
3578 return 0;
3579}
3580#endif
3581
3582static void btusb_check_needs_reset_resume(struct usb_interface *intf)
3583{
3584 if (dmi_check_system(btusb_needs_reset_resume_table))
3585 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3586}
3587
3588static int btusb_probe(struct usb_interface *intf,
3589 const struct usb_device_id *id)
3590{
3591 struct usb_endpoint_descriptor *ep_desc;
3592 struct gpio_desc *reset_gpio;
3593 struct btusb_data *data;
3594 struct hci_dev *hdev;
3595 unsigned ifnum_base;
3596 int i, err;
3597
3598 BT_DBG("intf %p id %p", intf, id);
3599
3600
3601 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
3602 if (!(id->driver_info & BTUSB_IFNUM_2))
3603 return -ENODEV;
3604 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
3605 return -ENODEV;
3606 }
3607
3608 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
3609
3610 if (!id->driver_info) {
3611 const struct usb_device_id *match;
3612
3613 match = usb_match_id(intf, blacklist_table);
3614 if (match)
3615 id = match;
3616 }
3617
3618 if (id->driver_info == BTUSB_IGNORE)
3619 return -ENODEV;
3620
3621 if (id->driver_info & BTUSB_ATH3012) {
3622 struct usb_device *udev = interface_to_usbdev(intf);
3623
3624
3625
3626
3627 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
3628 !btusb_qca_need_patch(udev))
3629 return -ENODEV;
3630 }
3631
3632 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
3633 if (!data)
3634 return -ENOMEM;
3635
3636 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
3637 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
3638
3639 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
3640 data->intr_ep = ep_desc;
3641 continue;
3642 }
3643
3644 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
3645 data->bulk_tx_ep = ep_desc;
3646 continue;
3647 }
3648
3649 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
3650 data->bulk_rx_ep = ep_desc;
3651 continue;
3652 }
3653 }
3654
3655 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
3656 return -ENODEV;
3657
3658 if (id->driver_info & BTUSB_AMP) {
3659 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
3660 data->cmdreq = 0x2b;
3661 } else {
3662 data->cmdreq_type = USB_TYPE_CLASS;
3663 data->cmdreq = 0x00;
3664 }
3665
3666 data->udev = interface_to_usbdev(intf);
3667 data->intf = intf;
3668
3669 INIT_WORK(&data->work, btusb_work);
3670 INIT_WORK(&data->waker, btusb_waker);
3671 init_usb_anchor(&data->deferred);
3672 init_usb_anchor(&data->tx_anchor);
3673 spin_lock_init(&data->txlock);
3674
3675 init_usb_anchor(&data->intr_anchor);
3676 init_usb_anchor(&data->bulk_anchor);
3677 init_usb_anchor(&data->isoc_anchor);
3678 init_usb_anchor(&data->diag_anchor);
3679 init_usb_anchor(&data->ctrl_anchor);
3680 spin_lock_init(&data->rxlock);
3681
3682 if (id->driver_info & BTUSB_INTEL_NEW) {
3683 data->recv_event = btusb_recv_event_intel;
3684 data->recv_bulk = btusb_recv_bulk_intel;
3685 set_bit(BTUSB_BOOTLOADER, &data->flags);
3686 } else {
3687 data->recv_event = hci_recv_frame;
3688 data->recv_bulk = btusb_recv_bulk;
3689 }
3690
3691 hdev = hci_alloc_dev();
3692 if (!hdev)
3693 return -ENOMEM;
3694
3695 hdev->bus = HCI_USB;
3696 hci_set_drvdata(hdev, data);
3697
3698 if (id->driver_info & BTUSB_AMP)
3699 hdev->dev_type = HCI_AMP;
3700 else
3701 hdev->dev_type = HCI_PRIMARY;
3702
3703 data->hdev = hdev;
3704
3705 SET_HCIDEV_DEV(hdev, &intf->dev);
3706
3707 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset",
3708 GPIOD_OUT_LOW);
3709 if (IS_ERR(reset_gpio)) {
3710 err = PTR_ERR(reset_gpio);
3711 goto out_free_dev;
3712 } else if (reset_gpio) {
3713 data->reset_gpio = reset_gpio;
3714 }
3715
3716 hdev->open = btusb_open;
3717 hdev->close = btusb_close;
3718 hdev->flush = btusb_flush;
3719 hdev->send = btusb_send_frame;
3720 hdev->notify = btusb_notify;
3721
3722#ifdef CONFIG_PM
3723 err = btusb_config_oob_wake(hdev);
3724 if (err)
3725 goto out_free_dev;
3726
3727
3728 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
3729 err = marvell_config_oob_wake(hdev);
3730 if (err)
3731 goto out_free_dev;
3732 }
3733#endif
3734 if (id->driver_info & BTUSB_CW6622)
3735 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3736
3737 if (id->driver_info & BTUSB_BCM2045)
3738 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3739
3740 if (id->driver_info & BTUSB_BCM92035)
3741 hdev->setup = btusb_setup_bcm92035;
3742
3743 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3744 (id->driver_info & BTUSB_BCM_PATCHRAM)) {
3745 hdev->manufacturer = 15;
3746 hdev->setup = btbcm_setup_patchram;
3747 hdev->set_diag = btusb_bcm_set_diag;
3748 hdev->set_bdaddr = btbcm_set_bdaddr;
3749
3750
3751 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3752 }
3753
3754 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
3755 (id->driver_info & BTUSB_BCM_APPLE)) {
3756 hdev->manufacturer = 15;
3757 hdev->setup = btbcm_setup_apple;
3758 hdev->set_diag = btusb_bcm_set_diag;
3759
3760
3761 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3762 }
3763
3764 if (id->driver_info & BTUSB_INTEL) {
3765 hdev->manufacturer = 2;
3766 hdev->setup = btusb_setup_intel;
3767 hdev->shutdown = btusb_shutdown_intel;
3768 hdev->set_diag = btintel_set_diag_mfg;
3769 hdev->set_bdaddr = btintel_set_bdaddr;
3770 hdev->cmd_timeout = btusb_intel_cmd_timeout;
3771 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3772 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3773 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3774 }
3775
3776 if (id->driver_info & BTUSB_INTEL_NEW) {
3777 hdev->manufacturer = 2;
3778 hdev->send = btusb_send_frame_intel;
3779 hdev->setup = btusb_setup_intel_new;
3780 hdev->shutdown = btusb_shutdown_intel_new;
3781 hdev->hw_error = btintel_hw_error;
3782 hdev->set_diag = btintel_set_diag;
3783 hdev->set_bdaddr = btintel_set_bdaddr;
3784 hdev->cmd_timeout = btusb_intel_cmd_timeout;
3785 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3786 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3787 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3788 }
3789
3790 if (id->driver_info & BTUSB_MARVELL)
3791 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3792
3793 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
3794 (id->driver_info & BTUSB_MEDIATEK)) {
3795 hdev->setup = btusb_mtk_setup;
3796 hdev->shutdown = btusb_mtk_shutdown;
3797 hdev->manufacturer = 70;
3798 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
3799 }
3800
3801 if (id->driver_info & BTUSB_SWAVE) {
3802 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3803 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3804 }
3805
3806 if (id->driver_info & BTUSB_INTEL_BOOT) {
3807 hdev->manufacturer = 2;
3808 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3809 }
3810
3811 if (id->driver_info & BTUSB_ATH3012) {
3812 data->setup_on_usb = btusb_setup_qca;
3813 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3814 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3815 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3816 }
3817
3818 if (id->driver_info & BTUSB_QCA_ROME) {
3819 data->setup_on_usb = btusb_setup_qca;
3820 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3821 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3822 btusb_check_needs_reset_resume(intf);
3823 }
3824
3825 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
3826 (id->driver_info & BTUSB_REALTEK)) {
3827 hdev->setup = btrtl_setup_realtek;
3828 hdev->shutdown = btrtl_shutdown_realtek;
3829 hdev->cmd_timeout = btusb_rtl_cmd_timeout;
3830
3831
3832
3833
3834
3835 set_bit(BTUSB_WAKEUP_DISABLE, &data->flags);
3836
3837 err = usb_autopm_get_interface(intf);
3838 if (err < 0)
3839 goto out_free_dev;
3840 }
3841
3842 if (id->driver_info & BTUSB_AMP) {
3843
3844 data->isoc = NULL;
3845 } else {
3846
3847 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3848 data->isoc_ifnum = ifnum_base + 1;
3849 }
3850
3851 if (!reset)
3852 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3853
3854 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3855 if (!disable_scofix)
3856 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3857 }
3858
3859 if (id->driver_info & BTUSB_BROKEN_ISOC)
3860 data->isoc = NULL;
3861
3862 if (id->driver_info & BTUSB_DIGIANSWER) {
3863 data->cmdreq_type = USB_TYPE_VENDOR;
3864 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3865 }
3866
3867 if (id->driver_info & BTUSB_CSR) {
3868 struct usb_device *udev = data->udev;
3869 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3870
3871
3872 if (bcdDevice < 0x117)
3873 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3874
3875
3876 if (bcdDevice <= 0x100 || bcdDevice == 0x134)
3877 hdev->setup = btusb_setup_csr;
3878
3879 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3880 }
3881
3882 if (id->driver_info & BTUSB_SNIFFER) {
3883 struct usb_device *udev = data->udev;
3884
3885
3886 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3887 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3888 }
3889
3890 if (id->driver_info & BTUSB_INTEL_BOOT) {
3891
3892
3893
3894 err = usb_set_interface(data->udev, 0, 0);
3895 if (err < 0) {
3896 BT_ERR("failed to set interface 0, alt 0 %d", err);
3897 goto out_free_dev;
3898 }
3899 }
3900
3901 if (data->isoc) {
3902 err = usb_driver_claim_interface(&btusb_driver,
3903 data->isoc, data);
3904 if (err < 0)
3905 goto out_free_dev;
3906 }
3907
3908 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
3909 if (!usb_driver_claim_interface(&btusb_driver,
3910 data->diag, data))
3911 __set_diag_interface(hdev);
3912 else
3913 data->diag = NULL;
3914 }
3915
3916 if (enable_autosuspend)
3917 usb_enable_autosuspend(data->udev);
3918
3919 err = hci_register_dev(hdev);
3920 if (err < 0)
3921 goto out_free_dev;
3922
3923 usb_set_intfdata(intf, data);
3924
3925 return 0;
3926
3927out_free_dev:
3928 if (data->reset_gpio)
3929 gpiod_put(data->reset_gpio);
3930 hci_free_dev(hdev);
3931 return err;
3932}
3933
3934static void btusb_disconnect(struct usb_interface *intf)
3935{
3936 struct btusb_data *data = usb_get_intfdata(intf);
3937 struct hci_dev *hdev;
3938
3939 BT_DBG("intf %p", intf);
3940
3941 if (!data)
3942 return;
3943
3944 hdev = data->hdev;
3945 usb_set_intfdata(data->intf, NULL);
3946
3947 if (data->isoc)
3948 usb_set_intfdata(data->isoc, NULL);
3949
3950 if (data->diag)
3951 usb_set_intfdata(data->diag, NULL);
3952
3953 hci_unregister_dev(hdev);
3954
3955 if (intf == data->intf) {
3956 if (data->isoc)
3957 usb_driver_release_interface(&btusb_driver, data->isoc);
3958 if (data->diag)
3959 usb_driver_release_interface(&btusb_driver, data->diag);
3960 } else if (intf == data->isoc) {
3961 if (data->diag)
3962 usb_driver_release_interface(&btusb_driver, data->diag);
3963 usb_driver_release_interface(&btusb_driver, data->intf);
3964 } else if (intf == data->diag) {
3965 usb_driver_release_interface(&btusb_driver, data->intf);
3966 if (data->isoc)
3967 usb_driver_release_interface(&btusb_driver, data->isoc);
3968 }
3969
3970 if (data->oob_wake_irq)
3971 device_init_wakeup(&data->udev->dev, false);
3972
3973 if (data->reset_gpio)
3974 gpiod_put(data->reset_gpio);
3975
3976 hci_free_dev(hdev);
3977}
3978
3979#ifdef CONFIG_PM
3980static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
3981{
3982 struct btusb_data *data = usb_get_intfdata(intf);
3983
3984 BT_DBG("intf %p", intf);
3985
3986 if (data->suspend_count++)
3987 return 0;
3988
3989 spin_lock_irq(&data->txlock);
3990 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
3991 set_bit(BTUSB_SUSPENDING, &data->flags);
3992 spin_unlock_irq(&data->txlock);
3993 } else {
3994 spin_unlock_irq(&data->txlock);
3995 data->suspend_count--;
3996 return -EBUSY;
3997 }
3998
3999 cancel_work_sync(&data->work);
4000
4001 btusb_stop_traffic(data);
4002 usb_kill_anchored_urbs(&data->tx_anchor);
4003
4004 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
4005 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4006 enable_irq_wake(data->oob_wake_irq);
4007 enable_irq(data->oob_wake_irq);
4008 }
4009
4010
4011
4012
4013
4014
4015 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) {
4016 if (PMSG_IS_AUTO(message) &&
4017 device_can_wakeup(&data->udev->dev))
4018 data->udev->do_remote_wakeup = 1;
4019 else if (!PMSG_IS_AUTO(message))
4020 data->udev->reset_resume = 1;
4021 }
4022
4023 return 0;
4024}
4025
4026static void play_deferred(struct btusb_data *data)
4027{
4028 struct urb *urb;
4029 int err;
4030
4031 while ((urb = usb_get_from_anchor(&data->deferred))) {
4032 usb_anchor_urb(urb, &data->tx_anchor);
4033
4034 err = usb_submit_urb(urb, GFP_ATOMIC);
4035 if (err < 0) {
4036 if (err != -EPERM && err != -ENODEV)
4037 BT_ERR("%s urb %p submission failed (%d)",
4038 data->hdev->name, urb, -err);
4039 kfree(urb->setup_packet);
4040 usb_unanchor_urb(urb);
4041 usb_free_urb(urb);
4042 break;
4043 }
4044
4045 data->tx_in_flight++;
4046 usb_free_urb(urb);
4047 }
4048
4049
4050 while ((urb = usb_get_from_anchor(&data->deferred))) {
4051 kfree(urb->setup_packet);
4052 usb_free_urb(urb);
4053 }
4054}
4055
4056static int btusb_resume(struct usb_interface *intf)
4057{
4058 struct btusb_data *data = usb_get_intfdata(intf);
4059 struct hci_dev *hdev = data->hdev;
4060 int err = 0;
4061
4062 BT_DBG("intf %p", intf);
4063
4064 if (--data->suspend_count)
4065 return 0;
4066
4067
4068 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4069 disable_irq(data->oob_wake_irq);
4070 disable_irq_wake(data->oob_wake_irq);
4071 }
4072
4073 if (!test_bit(HCI_RUNNING, &hdev->flags))
4074 goto done;
4075
4076 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4077 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4078 if (err < 0) {
4079 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
4080 goto failed;
4081 }
4082 }
4083
4084 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4085 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4086 if (err < 0) {
4087 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
4088 goto failed;
4089 }
4090
4091 btusb_submit_bulk_urb(hdev, GFP_NOIO);
4092 }
4093
4094 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4095 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4096 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
4097 else
4098 btusb_submit_isoc_urb(hdev, GFP_NOIO);
4099 }
4100
4101 spin_lock_irq(&data->txlock);
4102 play_deferred(data);
4103 clear_bit(BTUSB_SUSPENDING, &data->flags);
4104 spin_unlock_irq(&data->txlock);
4105 schedule_work(&data->work);
4106
4107 return 0;
4108
4109failed:
4110 usb_scuttle_anchored_urbs(&data->deferred);
4111done:
4112 spin_lock_irq(&data->txlock);
4113 clear_bit(BTUSB_SUSPENDING, &data->flags);
4114 spin_unlock_irq(&data->txlock);
4115
4116 return err;
4117}
4118#endif
4119
4120static struct usb_driver btusb_driver = {
4121 .name = "btusb",
4122 .probe = btusb_probe,
4123 .disconnect = btusb_disconnect,
4124#ifdef CONFIG_PM
4125 .suspend = btusb_suspend,
4126 .resume = btusb_resume,
4127#endif
4128 .id_table = btusb_table,
4129 .supports_autosuspend = 1,
4130 .disable_hub_initiated_lpm = 1,
4131};
4132
4133module_usb_driver(btusb_driver);
4134
4135module_param(disable_scofix, bool, 0644);
4136MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4137
4138module_param(force_scofix, bool, 0644);
4139MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4140
4141module_param(enable_autosuspend, bool, 0644);
4142MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4143
4144module_param(reset, bool, 0644);
4145MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4146
4147MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4148MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4149MODULE_VERSION(VERSION);
4150MODULE_LICENSE("GPL");
4151
