linux/drivers/bluetooth/btusb.c
<<
>>
Prefs
   1/*
   2 *
   3 *  Generic Bluetooth USB driver
   4 *
   5 *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
   6 *
   7 *
   8 *  This program is free software; you can redistribute it and/or modify
   9 *  it under the terms of the GNU General Public License as published by
  10 *  the Free Software Foundation; either version 2 of the License, or
  11 *  (at your option) any later version.
  12 *
  13 *  This program is distributed in the hope that it will be useful,
  14 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 *  GNU General Public License for more details.
  17 *
  18 *  You should have received a copy of the GNU General Public License
  19 *  along with this program; if not, write to the Free Software
  20 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21 *
  22 */
  23
  24#include <linux/dmi.h>
  25#include <linux/module.h>
  26#include <linux/usb.h>
  27#include <linux/usb/quirks.h>
  28#include <linux/firmware.h>
  29#include <linux/of_device.h>
  30#include <linux/of_irq.h>
  31#include <linux/suspend.h>
  32#include <asm/unaligned.h>
  33
  34#include <net/bluetooth/bluetooth.h>
  35#include <net/bluetooth/hci_core.h>
  36
  37#include "btintel.h"
  38#include "btbcm.h"
  39#include "btrtl.h"
  40
  41#define VERSION "0.8"
  42
  43static bool disable_scofix;
  44static bool force_scofix;
  45static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
  46
  47static bool reset = true;
  48
  49static struct usb_driver btusb_driver;
  50
  51#define BTUSB_IGNORE            0x01
  52#define BTUSB_DIGIANSWER        0x02
  53#define BTUSB_CSR               0x04
  54#define BTUSB_SNIFFER           0x08
  55#define BTUSB_BCM92035          0x10
  56#define BTUSB_BROKEN_ISOC       0x20
  57#define BTUSB_WRONG_SCO_MTU     0x40
  58#define BTUSB_ATH3012           0x80
  59#define BTUSB_INTEL             0x100
  60#define BTUSB_INTEL_BOOT        0x200
  61#define BTUSB_BCM_PATCHRAM      0x400
  62#define BTUSB_MARVELL           0x800
  63#define BTUSB_SWAVE             0x1000
  64#define BTUSB_INTEL_NEW         0x2000
  65#define BTUSB_AMP               0x4000
  66#define BTUSB_QCA_ROME          0x8000
  67#define BTUSB_BCM_APPLE         0x10000
  68#define BTUSB_REALTEK           0x20000
  69#define BTUSB_BCM2045           0x40000
  70#define BTUSB_IFNUM_2           0x80000
  71#define BTUSB_CW6622            0x100000
  72
  73static const struct usb_device_id btusb_table[] = {
  74        /* Generic Bluetooth USB device */
  75        { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
  76
  77        /* Generic Bluetooth AMP device */
  78        { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
  79
  80        /* Generic Bluetooth USB interface */
  81        { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
  82
  83        /* Apple-specific (Broadcom) devices */
  84        { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
  85          .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
  86
  87        /* MediaTek MT76x0E */
  88        { USB_DEVICE(0x0e8d, 0x763f) },
  89
  90        /* Broadcom SoftSailing reporting vendor specific */
  91        { USB_DEVICE(0x0a5c, 0x21e1) },
  92
  93        /* Apple MacBookPro 7,1 */
  94        { USB_DEVICE(0x05ac, 0x8213) },
  95
  96        /* Apple iMac11,1 */
  97        { USB_DEVICE(0x05ac, 0x8215) },
  98
  99        /* Apple MacBookPro6,2 */
 100        { USB_DEVICE(0x05ac, 0x8218) },
 101
 102        /* Apple MacBookAir3,1, MacBookAir3,2 */
 103        { USB_DEVICE(0x05ac, 0x821b) },
 104
 105        /* Apple MacBookAir4,1 */
 106        { USB_DEVICE(0x05ac, 0x821f) },
 107
 108        /* Apple MacBookPro8,2 */
 109        { USB_DEVICE(0x05ac, 0x821a) },
 110
 111        /* Apple MacMini5,1 */
 112        { USB_DEVICE(0x05ac, 0x8281) },
 113
 114        /* AVM BlueFRITZ! USB v2.0 */
 115        { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
 116
 117        /* Bluetooth Ultraport Module from IBM */
 118        { USB_DEVICE(0x04bf, 0x030a) },
 119
 120        /* ALPS Modules with non-standard id */
 121        { USB_DEVICE(0x044e, 0x3001) },
 122        { USB_DEVICE(0x044e, 0x3002) },
 123
 124        /* Ericsson with non-standard id */
 125        { USB_DEVICE(0x0bdb, 0x1002) },
 126
 127        /* Canyon CN-BTU1 with HID interfaces */
 128        { USB_DEVICE(0x0c10, 0x0000) },
 129
 130        /* Broadcom BCM20702A0 */
 131        { USB_DEVICE(0x413c, 0x8197) },
 132
 133        /* Broadcom BCM20702B0 (Dynex/Insignia) */
 134        { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
 135
 136        /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
 137        { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
 138          .driver_info = BTUSB_BCM_PATCHRAM },
 139
 140        /* Broadcom BCM920703 (HTC Vive) */
 141        { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
 142          .driver_info = BTUSB_BCM_PATCHRAM },
 143
 144        /* Foxconn - Hon Hai */
 145        { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
 146          .driver_info = BTUSB_BCM_PATCHRAM },
 147
 148        /* Lite-On Technology - Broadcom based */
 149        { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
 150          .driver_info = BTUSB_BCM_PATCHRAM },
 151
 152        /* Broadcom devices with vendor specific id */
 153        { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
 154          .driver_info = BTUSB_BCM_PATCHRAM },
 155
 156        /* ASUSTek Computer - Broadcom based */
 157        { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
 158          .driver_info = BTUSB_BCM_PATCHRAM },
 159
 160        /* Belkin F8065bf - Broadcom based */
 161        { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
 162          .driver_info = BTUSB_BCM_PATCHRAM },
 163
 164        /* IMC Networks - Broadcom based */
 165        { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
 166          .driver_info = BTUSB_BCM_PATCHRAM },
 167
 168        /* Dell Computer - Broadcom based  */
 169        { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
 170          .driver_info = BTUSB_BCM_PATCHRAM },
 171
 172        /* Toshiba Corp - Broadcom based */
 173        { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
 174          .driver_info = BTUSB_BCM_PATCHRAM },
 175
 176        /* Intel Bluetooth USB Bootloader (RAM module) */
 177        { USB_DEVICE(0x8087, 0x0a5a),
 178          .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
 179
 180        { }     /* Terminating entry */
 181};
 182
 183MODULE_DEVICE_TABLE(usb, btusb_table);
 184
 185static const struct usb_device_id blacklist_table[] = {
 186        /* CSR BlueCore devices */
 187        { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
 188
 189        /* Broadcom BCM2033 without firmware */
 190        { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
 191
 192        /* Broadcom BCM2045 devices */
 193        { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
 194
 195        /* Atheros 3011 with sflash firmware */
 196        { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
 197        { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
 198        { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
 199        { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
 200        { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
 201        { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
 202        { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
 203
 204        /* Atheros AR9285 Malbec with sflash firmware */
 205        { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
 206
 207        /* Atheros 3012 with sflash firmware */
 208        { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
 209        { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
 210        { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
 211        { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
 212        { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
 213        { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
 214        { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
 215        { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
 216        { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
 217        { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
 218        { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
 219        { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
 220        { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
 221        { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
 222        { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
 223        { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
 224        { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
 225        { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
 226        { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
 227        { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
 228        { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
 229        { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
 230        { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
 231        { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
 232        { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
 233        { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
 234        { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
 235        { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
 236        { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
 237        { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
 238        { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
 239        { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
 240        { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
 241        { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
 242        { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
 243        { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
 244        { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
 245        { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
 246        { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
 247        { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
 248        { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
 249        { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
 250        { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
 251        { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
 252        { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
 253        { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
 254        { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
 255        { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
 256        { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
 257        { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
 258
 259        /* Atheros AR5BBU12 with sflash firmware */
 260        { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
 261
 262        /* Atheros AR5BBU12 with sflash firmware */
 263        { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
 264        { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
 265
 266        /* QCA ROME chipset */
 267        { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
 268        { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
 269        { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME },
 270        { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
 271        { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME },
 272        { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
 273        { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
 274        { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME },
 275        { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME },
 276        { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME },
 277        { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME },
 278        { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME },
 279        { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME },
 280        { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME },
 281
 282        /* Broadcom BCM2035 */
 283        { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
 284        { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
 285        { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
 286
 287        /* Broadcom BCM2045 */
 288        { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
 289        { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
 290
 291        /* IBM/Lenovo ThinkPad with Broadcom chip */
 292        { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
 293        { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
 294
 295        /* HP laptop with Broadcom chip */
 296        { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
 297
 298        /* Dell laptop with Broadcom chip */
 299        { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
 300
 301        /* Dell Wireless 370 and 410 devices */
 302        { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
 303        { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
 304
 305        /* Belkin F8T012 and F8T013 devices */
 306        { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
 307        { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
 308
 309        /* Asus WL-BTD202 device */
 310        { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
 311
 312        /* Kensington Bluetooth USB adapter */
 313        { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
 314
 315        /* RTX Telecom based adapters with buggy SCO support */
 316        { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
 317        { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
 318
 319        /* CONWISE Technology based adapters with buggy SCO support */
 320        { USB_DEVICE(0x0e5e, 0x6622),
 321          .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
 322
 323        /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
 324        { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
 325
 326        /* Digianswer devices */
 327        { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
 328        { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
 329
 330        /* CSR BlueCore Bluetooth Sniffer */
 331        { USB_DEVICE(0x0a12, 0x0002),
 332          .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
 333
 334        /* Frontline ComProbe Bluetooth Sniffer */
 335        { USB_DEVICE(0x16d3, 0x0002),
 336          .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
 337
 338        /* Marvell Bluetooth devices */
 339        { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
 340        { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
 341        { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
 342
 343        /* Intel Bluetooth devices */
 344        { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW },
 345        { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW },
 346        { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
 347        { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
 348        { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
 349        { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
 350        { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL },
 351        { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW },
 352
 353        /* Other Intel Bluetooth devices */
 354        { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
 355          .driver_info = BTUSB_IGNORE },
 356
 357        /* Realtek Bluetooth devices */
 358        { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
 359          .driver_info = BTUSB_REALTEK },
 360
 361        /* Additional Realtek 8723AE Bluetooth devices */
 362        { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
 363        { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
 364
 365        /* Additional Realtek 8723BE Bluetooth devices */
 366        { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
 367        { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
 368        { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
 369        { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
 370        { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
 371        { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
 372
 373        /* Additional Realtek 8723BU Bluetooth devices */
 374        { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
 375
 376        /* Additional Realtek 8723DE Bluetooth devices */
 377        { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
 378
 379        /* Additional Realtek 8821AE Bluetooth devices */
 380        { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
 381        { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
 382        { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
 383        { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
 384        { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
 385
 386        /* Additional Realtek 8822BE Bluetooth devices */
 387        { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
 388        { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
 389
 390        /* Silicon Wave based devices */
 391        { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
 392
 393        { }     /* Terminating entry */
 394};
 395
 396/* The Bluetooth USB module build into some devices needs to be reset on resume,
 397 * this is a problem with the platform (likely shutting off all power) not with
 398 * the module itself. So we use a DMI list to match known broken platforms.
 399 */
 400static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
 401        {
 402                /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
 403                .matches = {
 404                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 405                        DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
 406                },
 407        },
 408        {
 409                /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
 410                .matches = {
 411                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 412                        DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
 413                },
 414        },
 415        {
 416                /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
 417                .matches = {
 418                        DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
 419                        DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
 420                },
 421        },
 422        {}
 423};
 424
 425#define BTUSB_MAX_ISOC_FRAMES   10
 426
 427#define BTUSB_INTR_RUNNING      0
 428#define BTUSB_BULK_RUNNING      1
 429#define BTUSB_ISOC_RUNNING      2
 430#define BTUSB_SUSPENDING        3
 431#define BTUSB_DID_ISO_RESUME    4
 432#define BTUSB_BOOTLOADER        5
 433#define BTUSB_DOWNLOADING       6
 434#define BTUSB_FIRMWARE_LOADED   7
 435#define BTUSB_FIRMWARE_FAILED   8
 436#define BTUSB_BOOTING           9
 437#define BTUSB_DIAG_RUNNING      10
 438#define BTUSB_OOB_WAKE_ENABLED  11
 439
 440struct btusb_data {
 441        struct hci_dev       *hdev;
 442        struct usb_device    *udev;
 443        struct usb_interface *intf;
 444        struct usb_interface *isoc;
 445        struct usb_interface *diag;
 446        unsigned isoc_ifnum;
 447
 448        unsigned long flags;
 449
 450        struct work_struct work;
 451        struct work_struct waker;
 452
 453        struct usb_anchor deferred;
 454        struct usb_anchor tx_anchor;
 455        int tx_in_flight;
 456        spinlock_t txlock;
 457
 458        struct usb_anchor intr_anchor;
 459        struct usb_anchor bulk_anchor;
 460        struct usb_anchor isoc_anchor;
 461        struct usb_anchor diag_anchor;
 462        spinlock_t rxlock;
 463
 464        struct sk_buff *evt_skb;
 465        struct sk_buff *acl_skb;
 466        struct sk_buff *sco_skb;
 467
 468        struct usb_endpoint_descriptor *intr_ep;
 469        struct usb_endpoint_descriptor *bulk_tx_ep;
 470        struct usb_endpoint_descriptor *bulk_rx_ep;
 471        struct usb_endpoint_descriptor *isoc_tx_ep;
 472        struct usb_endpoint_descriptor *isoc_rx_ep;
 473        struct usb_endpoint_descriptor *diag_tx_ep;
 474        struct usb_endpoint_descriptor *diag_rx_ep;
 475
 476        __u8 cmdreq_type;
 477        __u8 cmdreq;
 478
 479        unsigned int sco_num;
 480        int isoc_altsetting;
 481        int suspend_count;
 482
 483        int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
 484        int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
 485
 486        int (*setup_on_usb)(struct hci_dev *hdev);
 487
 488        int oob_wake_irq;   /* irq for out-of-band wake-on-bt */
 489};
 490
 491static inline void btusb_free_frags(struct btusb_data *data)
 492{
 493        unsigned long flags;
 494
 495        spin_lock_irqsave(&data->rxlock, flags);
 496
 497        kfree_skb(data->evt_skb);
 498        data->evt_skb = NULL;
 499
 500        kfree_skb(data->acl_skb);
 501        data->acl_skb = NULL;
 502
 503        kfree_skb(data->sco_skb);
 504        data->sco_skb = NULL;
 505
 506        spin_unlock_irqrestore(&data->rxlock, flags);
 507}
 508
 509static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
 510{
 511        struct sk_buff *skb;
 512        int err = 0;
 513
 514        spin_lock(&data->rxlock);
 515        skb = data->evt_skb;
 516
 517        while (count) {
 518                int len;
 519
 520                if (!skb) {
 521                        skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
 522                        if (!skb) {
 523                                err = -ENOMEM;
 524                                break;
 525                        }
 526
 527                        hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
 528                        hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
 529                }
 530
 531                len = min_t(uint, hci_skb_expect(skb), count);
 532                skb_put_data(skb, buffer, len);
 533
 534                count -= len;
 535                buffer += len;
 536                hci_skb_expect(skb) -= len;
 537
 538                if (skb->len == HCI_EVENT_HDR_SIZE) {
 539                        /* Complete event header */
 540                        hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
 541
 542                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 543                                kfree_skb(skb);
 544                                skb = NULL;
 545
 546                                err = -EILSEQ;
 547                                break;
 548                        }
 549                }
 550
 551                if (!hci_skb_expect(skb)) {
 552                        /* Complete frame */
 553                        data->recv_event(data->hdev, skb);
 554                        skb = NULL;
 555                }
 556        }
 557
 558        data->evt_skb = skb;
 559        spin_unlock(&data->rxlock);
 560
 561        return err;
 562}
 563
 564static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
 565{
 566        struct sk_buff *skb;
 567        int err = 0;
 568
 569        spin_lock(&data->rxlock);
 570        skb = data->acl_skb;
 571
 572        while (count) {
 573                int len;
 574
 575                if (!skb) {
 576                        skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
 577                        if (!skb) {
 578                                err = -ENOMEM;
 579                                break;
 580                        }
 581
 582                        hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
 583                        hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
 584                }
 585
 586                len = min_t(uint, hci_skb_expect(skb), count);
 587                skb_put_data(skb, buffer, len);
 588
 589                count -= len;
 590                buffer += len;
 591                hci_skb_expect(skb) -= len;
 592
 593                if (skb->len == HCI_ACL_HDR_SIZE) {
 594                        __le16 dlen = hci_acl_hdr(skb)->dlen;
 595
 596                        /* Complete ACL header */
 597                        hci_skb_expect(skb) = __le16_to_cpu(dlen);
 598
 599                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 600                                kfree_skb(skb);
 601                                skb = NULL;
 602
 603                                err = -EILSEQ;
 604                                break;
 605                        }
 606                }
 607
 608                if (!hci_skb_expect(skb)) {
 609                        /* Complete frame */
 610                        hci_recv_frame(data->hdev, skb);
 611                        skb = NULL;
 612                }
 613        }
 614
 615        data->acl_skb = skb;
 616        spin_unlock(&data->rxlock);
 617
 618        return err;
 619}
 620
 621static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
 622{
 623        struct sk_buff *skb;
 624        int err = 0;
 625
 626        spin_lock(&data->rxlock);
 627        skb = data->sco_skb;
 628
 629        while (count) {
 630                int len;
 631
 632                if (!skb) {
 633                        skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
 634                        if (!skb) {
 635                                err = -ENOMEM;
 636                                break;
 637                        }
 638
 639                        hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
 640                        hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
 641                }
 642
 643                len = min_t(uint, hci_skb_expect(skb), count);
 644                skb_put_data(skb, buffer, len);
 645
 646                count -= len;
 647                buffer += len;
 648                hci_skb_expect(skb) -= len;
 649
 650                if (skb->len == HCI_SCO_HDR_SIZE) {
 651                        /* Complete SCO header */
 652                        hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
 653
 654                        if (skb_tailroom(skb) < hci_skb_expect(skb)) {
 655                                kfree_skb(skb);
 656                                skb = NULL;
 657
 658                                err = -EILSEQ;
 659                                break;
 660                        }
 661                }
 662
 663                if (!hci_skb_expect(skb)) {
 664                        /* Complete frame */
 665                        hci_recv_frame(data->hdev, skb);
 666                        skb = NULL;
 667                }
 668        }
 669
 670        data->sco_skb = skb;
 671        spin_unlock(&data->rxlock);
 672
 673        return err;
 674}
 675
 676static void btusb_intr_complete(struct urb *urb)
 677{
 678        struct hci_dev *hdev = urb->context;
 679        struct btusb_data *data = hci_get_drvdata(hdev);
 680        int err;
 681
 682        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 683               urb->actual_length);
 684
 685        if (!test_bit(HCI_RUNNING, &hdev->flags))
 686                return;
 687
 688        if (urb->status == 0) {
 689                hdev->stat.byte_rx += urb->actual_length;
 690
 691                if (btusb_recv_intr(data, urb->transfer_buffer,
 692                                    urb->actual_length) < 0) {
 693                        bt_dev_err(hdev, "corrupted event packet");
 694                        hdev->stat.err_rx++;
 695                }
 696        } else if (urb->status == -ENOENT) {
 697                /* Avoid suspend failed when usb_kill_urb */
 698                return;
 699        }
 700
 701        if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
 702                return;
 703
 704        usb_mark_last_busy(data->udev);
 705        usb_anchor_urb(urb, &data->intr_anchor);
 706
 707        err = usb_submit_urb(urb, GFP_ATOMIC);
 708        if (err < 0) {
 709                /* -EPERM: urb is being killed;
 710                 * -ENODEV: device got disconnected
 711                 */
 712                if (err != -EPERM && err != -ENODEV)
 713                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
 714                                   urb, -err);
 715                usb_unanchor_urb(urb);
 716        }
 717}
 718
 719static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
 720{
 721        struct btusb_data *data = hci_get_drvdata(hdev);
 722        struct urb *urb;
 723        unsigned char *buf;
 724        unsigned int pipe;
 725        int err, size;
 726
 727        BT_DBG("%s", hdev->name);
 728
 729        if (!data->intr_ep)
 730                return -ENODEV;
 731
 732        urb = usb_alloc_urb(0, mem_flags);
 733        if (!urb)
 734                return -ENOMEM;
 735
 736        size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
 737
 738        buf = kmalloc(size, mem_flags);
 739        if (!buf) {
 740                usb_free_urb(urb);
 741                return -ENOMEM;
 742        }
 743
 744        pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
 745
 746        usb_fill_int_urb(urb, data->udev, pipe, buf, size,
 747                         btusb_intr_complete, hdev, data->intr_ep->bInterval);
 748
 749        urb->transfer_flags |= URB_FREE_BUFFER;
 750
 751        usb_anchor_urb(urb, &data->intr_anchor);
 752
 753        err = usb_submit_urb(urb, mem_flags);
 754        if (err < 0) {
 755                if (err != -EPERM && err != -ENODEV)
 756                        bt_dev_err(hdev, "urb %p submission failed (%d)",
 757                                   urb, -err);
 758                usb_unanchor_urb(urb);
 759        }
 760
 761        usb_free_urb(urb);
 762
 763        return err;
 764}
 765
 766static void btusb_bulk_complete(struct urb *urb)
 767{
 768        struct hci_dev *hdev = urb->context;
 769        struct btusb_data *data = hci_get_drvdata(hdev);
 770        int err;
 771
 772        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 773               urb->actual_length);
 774
 775        if (!test_bit(HCI_RUNNING, &hdev->flags))
 776                return;
 777
 778        if (urb->status == 0) {
 779                hdev->stat.byte_rx += urb->actual_length;
 780
 781                if (data->recv_bulk(data, urb->transfer_buffer,
 782                                    urb->actual_length) < 0) {
 783                        bt_dev_err(hdev, "corrupted ACL packet");
 784                        hdev->stat.err_rx++;
 785                }
 786        } else if (urb->status == -ENOENT) {
 787                /* Avoid suspend failed when usb_kill_urb */
 788                return;
 789        }
 790
 791        if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
 792                return;
 793
 794        usb_anchor_urb(urb, &data->bulk_anchor);
 795        usb_mark_last_busy(data->udev);
 796
 797        err = usb_submit_urb(urb, GFP_ATOMIC);
 798        if (err < 0) {
 799                /* -EPERM: urb is being killed;
 800                 * -ENODEV: device got disconnected
 801                 */
 802                if (err != -EPERM && err != -ENODEV)
 803                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
 804                                   urb, -err);
 805                usb_unanchor_urb(urb);
 806        }
 807}
 808
 809static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
 810{
 811        struct btusb_data *data = hci_get_drvdata(hdev);
 812        struct urb *urb;
 813        unsigned char *buf;
 814        unsigned int pipe;
 815        int err, size = HCI_MAX_FRAME_SIZE;
 816
 817        BT_DBG("%s", hdev->name);
 818
 819        if (!data->bulk_rx_ep)
 820                return -ENODEV;
 821
 822        urb = usb_alloc_urb(0, mem_flags);
 823        if (!urb)
 824                return -ENOMEM;
 825
 826        buf = kmalloc(size, mem_flags);
 827        if (!buf) {
 828                usb_free_urb(urb);
 829                return -ENOMEM;
 830        }
 831
 832        pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
 833
 834        usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
 835                          btusb_bulk_complete, hdev);
 836
 837        urb->transfer_flags |= URB_FREE_BUFFER;
 838
 839        usb_mark_last_busy(data->udev);
 840        usb_anchor_urb(urb, &data->bulk_anchor);
 841
 842        err = usb_submit_urb(urb, mem_flags);
 843        if (err < 0) {
 844                if (err != -EPERM && err != -ENODEV)
 845                        bt_dev_err(hdev, "urb %p submission failed (%d)",
 846                                   urb, -err);
 847                usb_unanchor_urb(urb);
 848        }
 849
 850        usb_free_urb(urb);
 851
 852        return err;
 853}
 854
 855static void btusb_isoc_complete(struct urb *urb)
 856{
 857        struct hci_dev *hdev = urb->context;
 858        struct btusb_data *data = hci_get_drvdata(hdev);
 859        int i, err;
 860
 861        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 862               urb->actual_length);
 863
 864        if (!test_bit(HCI_RUNNING, &hdev->flags))
 865                return;
 866
 867        if (urb->status == 0) {
 868                for (i = 0; i < urb->number_of_packets; i++) {
 869                        unsigned int offset = urb->iso_frame_desc[i].offset;
 870                        unsigned int length = urb->iso_frame_desc[i].actual_length;
 871
 872                        if (urb->iso_frame_desc[i].status)
 873                                continue;
 874
 875                        hdev->stat.byte_rx += length;
 876
 877                        if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
 878                                            length) < 0) {
 879                                bt_dev_err(hdev, "corrupted SCO packet");
 880                                hdev->stat.err_rx++;
 881                        }
 882                }
 883        } else if (urb->status == -ENOENT) {
 884                /* Avoid suspend failed when usb_kill_urb */
 885                return;
 886        }
 887
 888        if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
 889                return;
 890
 891        usb_anchor_urb(urb, &data->isoc_anchor);
 892
 893        err = usb_submit_urb(urb, GFP_ATOMIC);
 894        if (err < 0) {
 895                /* -EPERM: urb is being killed;
 896                 * -ENODEV: device got disconnected
 897                 */
 898                if (err != -EPERM && err != -ENODEV)
 899                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
 900                                   urb, -err);
 901                usb_unanchor_urb(urb);
 902        }
 903}
 904
 905static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
 906{
 907        int i, offset = 0;
 908
 909        BT_DBG("len %d mtu %d", len, mtu);
 910
 911        for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
 912                                        i++, offset += mtu, len -= mtu) {
 913                urb->iso_frame_desc[i].offset = offset;
 914                urb->iso_frame_desc[i].length = mtu;
 915        }
 916
 917        if (len && i < BTUSB_MAX_ISOC_FRAMES) {
 918                urb->iso_frame_desc[i].offset = offset;
 919                urb->iso_frame_desc[i].length = len;
 920                i++;
 921        }
 922
 923        urb->number_of_packets = i;
 924}
 925
 926static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
 927{
 928        struct btusb_data *data = hci_get_drvdata(hdev);
 929        struct urb *urb;
 930        unsigned char *buf;
 931        unsigned int pipe;
 932        int err, size;
 933
 934        BT_DBG("%s", hdev->name);
 935
 936        if (!data->isoc_rx_ep)
 937                return -ENODEV;
 938
 939        urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
 940        if (!urb)
 941                return -ENOMEM;
 942
 943        size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
 944                                                BTUSB_MAX_ISOC_FRAMES;
 945
 946        buf = kmalloc(size, mem_flags);
 947        if (!buf) {
 948                usb_free_urb(urb);
 949                return -ENOMEM;
 950        }
 951
 952        pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
 953
 954        usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
 955                         hdev, data->isoc_rx_ep->bInterval);
 956
 957        urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
 958
 959        __fill_isoc_descriptor(urb, size,
 960                               le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
 961
 962        usb_anchor_urb(urb, &data->isoc_anchor);
 963
 964        err = usb_submit_urb(urb, mem_flags);
 965        if (err < 0) {
 966                if (err != -EPERM && err != -ENODEV)
 967                        bt_dev_err(hdev, "urb %p submission failed (%d)",
 968                                   urb, -err);
 969                usb_unanchor_urb(urb);
 970        }
 971
 972        usb_free_urb(urb);
 973
 974        return err;
 975}
 976
 977static void btusb_diag_complete(struct urb *urb)
 978{
 979        struct hci_dev *hdev = urb->context;
 980        struct btusb_data *data = hci_get_drvdata(hdev);
 981        int err;
 982
 983        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 984               urb->actual_length);
 985
 986        if (urb->status == 0) {
 987                struct sk_buff *skb;
 988
 989                skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
 990                if (skb) {
 991                        skb_put_data(skb, urb->transfer_buffer,
 992                                     urb->actual_length);
 993                        hci_recv_diag(hdev, skb);
 994                }
 995        } else if (urb->status == -ENOENT) {
 996                /* Avoid suspend failed when usb_kill_urb */
 997                return;
 998        }
 999
1000        if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1001                return;
1002
1003        usb_anchor_urb(urb, &data->diag_anchor);
1004        usb_mark_last_busy(data->udev);
1005
1006        err = usb_submit_urb(urb, GFP_ATOMIC);
1007        if (err < 0) {
1008                /* -EPERM: urb is being killed;
1009                 * -ENODEV: device got disconnected
1010                 */
1011                if (err != -EPERM && err != -ENODEV)
1012                        bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1013                                   urb, -err);
1014                usb_unanchor_urb(urb);
1015        }
1016}
1017
1018static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1019{
1020        struct btusb_data *data = hci_get_drvdata(hdev);
1021        struct urb *urb;
1022        unsigned char *buf;
1023        unsigned int pipe;
1024        int err, size = HCI_MAX_FRAME_SIZE;
1025
1026        BT_DBG("%s", hdev->name);
1027
1028        if (!data->diag_rx_ep)
1029                return -ENODEV;
1030
1031        urb = usb_alloc_urb(0, mem_flags);
1032        if (!urb)
1033                return -ENOMEM;
1034
1035        buf = kmalloc(size, mem_flags);
1036        if (!buf) {
1037                usb_free_urb(urb);
1038                return -ENOMEM;
1039        }
1040
1041        pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1042
1043        usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1044                          btusb_diag_complete, hdev);
1045
1046        urb->transfer_flags |= URB_FREE_BUFFER;
1047
1048        usb_mark_last_busy(data->udev);
1049        usb_anchor_urb(urb, &data->diag_anchor);
1050
1051        err = usb_submit_urb(urb, mem_flags);
1052        if (err < 0) {
1053                if (err != -EPERM && err != -ENODEV)
1054                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1055                                   urb, -err);
1056                usb_unanchor_urb(urb);
1057        }
1058
1059        usb_free_urb(urb);
1060
1061        return err;
1062}
1063
1064static void btusb_tx_complete(struct urb *urb)
1065{
1066        struct sk_buff *skb = urb->context;
1067        struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1068        struct btusb_data *data = hci_get_drvdata(hdev);
1069
1070        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1071               urb->actual_length);
1072
1073        if (!test_bit(HCI_RUNNING, &hdev->flags))
1074                goto done;
1075
1076        if (!urb->status)
1077                hdev->stat.byte_tx += urb->transfer_buffer_length;
1078        else
1079                hdev->stat.err_tx++;
1080
1081done:
1082        spin_lock(&data->txlock);
1083        data->tx_in_flight--;
1084        spin_unlock(&data->txlock);
1085
1086        kfree(urb->setup_packet);
1087
1088        kfree_skb(skb);
1089}
1090
1091static void btusb_isoc_tx_complete(struct urb *urb)
1092{
1093        struct sk_buff *skb = urb->context;
1094        struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1095
1096        BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1097               urb->actual_length);
1098
1099        if (!test_bit(HCI_RUNNING, &hdev->flags))
1100                goto done;
1101
1102        if (!urb->status)
1103                hdev->stat.byte_tx += urb->transfer_buffer_length;
1104        else
1105                hdev->stat.err_tx++;
1106
1107done:
1108        kfree(urb->setup_packet);
1109
1110        kfree_skb(skb);
1111}
1112
1113static int btusb_open(struct hci_dev *hdev)
1114{
1115        struct btusb_data *data = hci_get_drvdata(hdev);
1116        int err;
1117
1118        BT_DBG("%s", hdev->name);
1119
1120        err = usb_autopm_get_interface(data->intf);
1121        if (err < 0)
1122                return err;
1123
1124        /* Patching USB firmware files prior to starting any URBs of HCI path
1125         * It is more safe to use USB bulk channel for downloading USB patch
1126         */
1127        if (data->setup_on_usb) {
1128                err = data->setup_on_usb(hdev);
1129                if (err < 0)
1130                        return err;
1131        }
1132
1133        data->intf->needs_remote_wakeup = 1;
1134        /* device specific wakeup source enabled and required for USB
1135         * remote wakeup while host is suspended
1136         */
1137        device_wakeup_enable(&data->udev->dev);
1138
1139        if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1140                goto done;
1141
1142        err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1143        if (err < 0)
1144                goto failed;
1145
1146        err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1147        if (err < 0) {
1148                usb_kill_anchored_urbs(&data->intr_anchor);
1149                goto failed;
1150        }
1151
1152        set_bit(BTUSB_BULK_RUNNING, &data->flags);
1153        btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1154
1155        if (data->diag) {
1156                if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1157                        set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1158        }
1159
1160done:
1161        usb_autopm_put_interface(data->intf);
1162        return 0;
1163
1164failed:
1165        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1166        usb_autopm_put_interface(data->intf);
1167        return err;
1168}
1169
1170static void btusb_stop_traffic(struct btusb_data *data)
1171{
1172        usb_kill_anchored_urbs(&data->intr_anchor);
1173        usb_kill_anchored_urbs(&data->bulk_anchor);
1174        usb_kill_anchored_urbs(&data->isoc_anchor);
1175        usb_kill_anchored_urbs(&data->diag_anchor);
1176}
1177
1178static int btusb_close(struct hci_dev *hdev)
1179{
1180        struct btusb_data *data = hci_get_drvdata(hdev);
1181        int err;
1182
1183        BT_DBG("%s", hdev->name);
1184
1185        cancel_work_sync(&data->work);
1186        cancel_work_sync(&data->waker);
1187
1188        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1189        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1190        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1191        clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1192
1193        btusb_stop_traffic(data);
1194        btusb_free_frags(data);
1195
1196        err = usb_autopm_get_interface(data->intf);
1197        if (err < 0)
1198                goto failed;
1199
1200        data->intf->needs_remote_wakeup = 0;
1201        device_wakeup_disable(&data->udev->dev);
1202        usb_autopm_put_interface(data->intf);
1203
1204failed:
1205        usb_scuttle_anchored_urbs(&data->deferred);
1206        return 0;
1207}
1208
1209static int btusb_flush(struct hci_dev *hdev)
1210{
1211        struct btusb_data *data = hci_get_drvdata(hdev);
1212
1213        BT_DBG("%s", hdev->name);
1214
1215        usb_kill_anchored_urbs(&data->tx_anchor);
1216        btusb_free_frags(data);
1217
1218        return 0;
1219}
1220
1221static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1222{
1223        struct btusb_data *data = hci_get_drvdata(hdev);
1224        struct usb_ctrlrequest *dr;
1225        struct urb *urb;
1226        unsigned int pipe;
1227
1228        urb = usb_alloc_urb(0, GFP_KERNEL);
1229        if (!urb)
1230                return ERR_PTR(-ENOMEM);
1231
1232        dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1233        if (!dr) {
1234                usb_free_urb(urb);
1235                return ERR_PTR(-ENOMEM);
1236        }
1237
1238        dr->bRequestType = data->cmdreq_type;
1239        dr->bRequest     = data->cmdreq;
1240        dr->wIndex       = 0;
1241        dr->wValue       = 0;
1242        dr->wLength      = __cpu_to_le16(skb->len);
1243
1244        pipe = usb_sndctrlpipe(data->udev, 0x00);
1245
1246        usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1247                             skb->data, skb->len, btusb_tx_complete, skb);
1248
1249        skb->dev = (void *)hdev;
1250
1251        return urb;
1252}
1253
1254static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1255{
1256        struct btusb_data *data = hci_get_drvdata(hdev);
1257        struct urb *urb;
1258        unsigned int pipe;
1259
1260        if (!data->bulk_tx_ep)
1261                return ERR_PTR(-ENODEV);
1262
1263        urb = usb_alloc_urb(0, GFP_KERNEL);
1264        if (!urb)
1265                return ERR_PTR(-ENOMEM);
1266
1267        pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1268
1269        usb_fill_bulk_urb(urb, data->udev, pipe,
1270                          skb->data, skb->len, btusb_tx_complete, skb);
1271
1272        skb->dev = (void *)hdev;
1273
1274        return urb;
1275}
1276
1277static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1278{
1279        struct btusb_data *data = hci_get_drvdata(hdev);
1280        struct urb *urb;
1281        unsigned int pipe;
1282
1283        if (!data->isoc_tx_ep)
1284                return ERR_PTR(-ENODEV);
1285
1286        urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1287        if (!urb)
1288                return ERR_PTR(-ENOMEM);
1289
1290        pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1291
1292        usb_fill_int_urb(urb, data->udev, pipe,
1293                         skb->data, skb->len, btusb_isoc_tx_complete,
1294                         skb, data->isoc_tx_ep->bInterval);
1295
1296        urb->transfer_flags  = URB_ISO_ASAP;
1297
1298        __fill_isoc_descriptor(urb, skb->len,
1299                               le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1300
1301        skb->dev = (void *)hdev;
1302
1303        return urb;
1304}
1305
1306static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1307{
1308        struct btusb_data *data = hci_get_drvdata(hdev);
1309        int err;
1310
1311        usb_anchor_urb(urb, &data->tx_anchor);
1312
1313        err = usb_submit_urb(urb, GFP_KERNEL);
1314        if (err < 0) {
1315                if (err != -EPERM && err != -ENODEV)
1316                        bt_dev_err(hdev, "urb %p submission failed (%d)",
1317                                   urb, -err);
1318                kfree(urb->setup_packet);
1319                usb_unanchor_urb(urb);
1320        } else {
1321                usb_mark_last_busy(data->udev);
1322        }
1323
1324        usb_free_urb(urb);
1325        return err;
1326}
1327
1328static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1329{
1330        struct btusb_data *data = hci_get_drvdata(hdev);
1331        unsigned long flags;
1332        bool suspending;
1333
1334        spin_lock_irqsave(&data->txlock, flags);
1335        suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1336        if (!suspending)
1337                data->tx_in_flight++;
1338        spin_unlock_irqrestore(&data->txlock, flags);
1339
1340        if (!suspending)
1341                return submit_tx_urb(hdev, urb);
1342
1343        usb_anchor_urb(urb, &data->deferred);
1344        schedule_work(&data->waker);
1345
1346        usb_free_urb(urb);
1347        return 0;
1348}
1349
1350static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1351{
1352        struct urb *urb;
1353
1354        BT_DBG("%s", hdev->name);
1355
1356        switch (hci_skb_pkt_type(skb)) {
1357        case HCI_COMMAND_PKT:
1358                urb = alloc_ctrl_urb(hdev, skb);
1359                if (IS_ERR(urb))
1360                        return PTR_ERR(urb);
1361
1362                hdev->stat.cmd_tx++;
1363                return submit_or_queue_tx_urb(hdev, urb);
1364
1365        case HCI_ACLDATA_PKT:
1366                urb = alloc_bulk_urb(hdev, skb);
1367                if (IS_ERR(urb))
1368                        return PTR_ERR(urb);
1369
1370                hdev->stat.acl_tx++;
1371                return submit_or_queue_tx_urb(hdev, urb);
1372
1373        case HCI_SCODATA_PKT:
1374                if (hci_conn_num(hdev, SCO_LINK) < 1)
1375                        return -ENODEV;
1376
1377                urb = alloc_isoc_urb(hdev, skb);
1378                if (IS_ERR(urb))
1379                        return PTR_ERR(urb);
1380
1381                hdev->stat.sco_tx++;
1382                return submit_tx_urb(hdev, urb);
1383        }
1384
1385        return -EILSEQ;
1386}
1387
1388static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1389{
1390        struct btusb_data *data = hci_get_drvdata(hdev);
1391
1392        BT_DBG("%s evt %d", hdev->name, evt);
1393
1394        if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1395                data->sco_num = hci_conn_num(hdev, SCO_LINK);
1396                schedule_work(&data->work);
1397        }
1398}
1399
1400static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1401{
1402        struct btusb_data *data = hci_get_drvdata(hdev);
1403        struct usb_interface *intf = data->isoc;
1404        struct usb_endpoint_descriptor *ep_desc;
1405        int i, err;
1406
1407        if (!data->isoc)
1408                return -ENODEV;
1409
1410        err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1411        if (err < 0) {
1412                bt_dev_err(hdev, "setting interface failed (%d)", -err);
1413                return err;
1414        }
1415
1416        data->isoc_altsetting = altsetting;
1417
1418        data->isoc_tx_ep = NULL;
1419        data->isoc_rx_ep = NULL;
1420
1421        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1422                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1423
1424                if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1425                        data->isoc_tx_ep = ep_desc;
1426                        continue;
1427                }
1428
1429                if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1430                        data->isoc_rx_ep = ep_desc;
1431                        continue;
1432                }
1433        }
1434
1435        if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1436                bt_dev_err(hdev, "invalid SCO descriptors");
1437                return -ENODEV;
1438        }
1439
1440        return 0;
1441}
1442
1443static void btusb_work(struct work_struct *work)
1444{
1445        struct btusb_data *data = container_of(work, struct btusb_data, work);
1446        struct hci_dev *hdev = data->hdev;
1447        int new_alts;
1448        int err;
1449
1450        if (data->sco_num > 0) {
1451                if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1452                        err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1453                        if (err < 0) {
1454                                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1455                                usb_kill_anchored_urbs(&data->isoc_anchor);
1456                                return;
1457                        }
1458
1459                        set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1460                }
1461
1462                if (hdev->voice_setting & 0x0020) {
1463                        static const int alts[3] = { 2, 4, 5 };
1464
1465                        new_alts = alts[data->sco_num - 1];
1466                } else {
1467                        new_alts = data->sco_num;
1468                }
1469
1470                if (data->isoc_altsetting != new_alts) {
1471                        unsigned long flags;
1472
1473                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1474                        usb_kill_anchored_urbs(&data->isoc_anchor);
1475
1476                        /* When isochronous alternate setting needs to be
1477                         * changed, because SCO connection has been added
1478                         * or removed, a packet fragment may be left in the
1479                         * reassembling state. This could lead to wrongly
1480                         * assembled fragments.
1481                         *
1482                         * Clear outstanding fragment when selecting a new
1483                         * alternate setting.
1484                         */
1485                        spin_lock_irqsave(&data->rxlock, flags);
1486                        kfree_skb(data->sco_skb);
1487                        data->sco_skb = NULL;
1488                        spin_unlock_irqrestore(&data->rxlock, flags);
1489
1490                        if (__set_isoc_interface(hdev, new_alts) < 0)
1491                                return;
1492                }
1493
1494                if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1495                        if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1496                                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1497                        else
1498                                btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1499                }
1500        } else {
1501                clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1502                usb_kill_anchored_urbs(&data->isoc_anchor);
1503
1504                __set_isoc_interface(hdev, 0);
1505                if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1506                        usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1507        }
1508}
1509
1510static void btusb_waker(struct work_struct *work)
1511{
1512        struct btusb_data *data = container_of(work, struct btusb_data, waker);
1513        int err;
1514
1515        err = usb_autopm_get_interface(data->intf);
1516        if (err < 0)
1517                return;
1518
1519        usb_autopm_put_interface(data->intf);
1520}
1521
1522static int btusb_setup_bcm92035(struct hci_dev *hdev)
1523{
1524        struct sk_buff *skb;
1525        u8 val = 0x00;
1526
1527        BT_DBG("%s", hdev->name);
1528
1529        skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1530        if (IS_ERR(skb))
1531                bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1532        else
1533                kfree_skb(skb);
1534
1535        return 0;
1536}
1537
1538static int btusb_setup_csr(struct hci_dev *hdev)
1539{
1540        struct hci_rp_read_local_version *rp;
1541        struct sk_buff *skb;
1542
1543        BT_DBG("%s", hdev->name);
1544
1545        skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1546                             HCI_INIT_TIMEOUT);
1547        if (IS_ERR(skb)) {
1548                int err = PTR_ERR(skb);
1549                bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1550                return err;
1551        }
1552
1553        if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1554                bt_dev_err(hdev, "CSR: Local version length mismatch");
1555                kfree_skb(skb);
1556                return -EIO;
1557        }
1558
1559        rp = (struct hci_rp_read_local_version *)skb->data;
1560
1561        /* Detect controllers which aren't real CSR ones. */
1562        if (le16_to_cpu(rp->manufacturer) != 10 ||
1563            le16_to_cpu(rp->lmp_subver) == 0x0c5c) {
1564                /* Clear the reset quirk since this is not an actual
1565                 * early Bluetooth 1.1 device from CSR.
1566                 */
1567                clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1568
1569                /* These fake CSR controllers have all a broken
1570                 * stored link key handling and so just disable it.
1571                 */
1572                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1573        }
1574
1575        kfree_skb(skb);
1576
1577        return 0;
1578}
1579
1580static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1581                                                       struct intel_version *ver)
1582{
1583        const struct firmware *fw;
1584        char fwname[64];
1585        int ret;
1586
1587        snprintf(fwname, sizeof(fwname),
1588                 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1589                 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1590                 ver->fw_variant,  ver->fw_revision, ver->fw_build_num,
1591                 ver->fw_build_ww, ver->fw_build_yy);
1592
1593        ret = request_firmware(&fw, fwname, &hdev->dev);
1594        if (ret < 0) {
1595                if (ret == -EINVAL) {
1596                        BT_ERR("%s Intel firmware file request failed (%d)",
1597                               hdev->name, ret);
1598                        return NULL;
1599                }
1600
1601                BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1602                       hdev->name, fwname, ret);
1603
1604                /* If the correct firmware patch file is not found, use the
1605                 * default firmware patch file instead
1606                 */
1607                snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1608                         ver->hw_platform, ver->hw_variant);
1609                if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1610                        BT_ERR("%s failed to open default Intel fw file: %s",
1611                               hdev->name, fwname);
1612                        return NULL;
1613                }
1614        }
1615
1616        bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1617
1618        return fw;
1619}
1620
1621static int btusb_setup_intel_patching(struct hci_dev *hdev,
1622                                      const struct firmware *fw,
1623                                      const u8 **fw_ptr, int *disable_patch)
1624{
1625        struct sk_buff *skb;
1626        struct hci_command_hdr *cmd;
1627        const u8 *cmd_param;
1628        struct hci_event_hdr *evt = NULL;
1629        const u8 *evt_param = NULL;
1630        int remain = fw->size - (*fw_ptr - fw->data);
1631
1632        /* The first byte indicates the types of the patch command or event.
1633         * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1634         * in the current firmware buffer doesn't start with 0x01 or
1635         * the size of remain buffer is smaller than HCI command header,
1636         * the firmware file is corrupted and it should stop the patching
1637         * process.
1638         */
1639        if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1640                BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1641                return -EINVAL;
1642        }
1643        (*fw_ptr)++;
1644        remain--;
1645
1646        cmd = (struct hci_command_hdr *)(*fw_ptr);
1647        *fw_ptr += sizeof(*cmd);
1648        remain -= sizeof(*cmd);
1649
1650        /* Ensure that the remain firmware data is long enough than the length
1651         * of command parameter. If not, the firmware file is corrupted.
1652         */
1653        if (remain < cmd->plen) {
1654                BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1655                return -EFAULT;
1656        }
1657
1658        /* If there is a command that loads a patch in the firmware
1659         * file, then enable the patch upon success, otherwise just
1660         * disable the manufacturer mode, for example patch activation
1661         * is not required when the default firmware patch file is used
1662         * because there are no patch data to load.
1663         */
1664        if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1665                *disable_patch = 0;
1666
1667        cmd_param = *fw_ptr;
1668        *fw_ptr += cmd->plen;
1669        remain -= cmd->plen;
1670
1671        /* This reads the expected events when the above command is sent to the
1672         * device. Some vendor commands expects more than one events, for
1673         * example command status event followed by vendor specific event.
1674         * For this case, it only keeps the last expected event. so the command
1675         * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1676         * last expected event.
1677         */
1678        while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1679                (*fw_ptr)++;
1680                remain--;
1681
1682                evt = (struct hci_event_hdr *)(*fw_ptr);
1683                *fw_ptr += sizeof(*evt);
1684                remain -= sizeof(*evt);
1685
1686                if (remain < evt->plen) {
1687                        BT_ERR("%s Intel fw corrupted: invalid evt len",
1688                               hdev->name);
1689                        return -EFAULT;
1690                }
1691
1692                evt_param = *fw_ptr;
1693                *fw_ptr += evt->plen;
1694                remain -= evt->plen;
1695        }
1696
1697        /* Every HCI commands in the firmware file has its correspond event.
1698         * If event is not found or remain is smaller than zero, the firmware
1699         * file is corrupted.
1700         */
1701        if (!evt || !evt_param || remain < 0) {
1702                BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1703                return -EFAULT;
1704        }
1705
1706        skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1707                                cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1708        if (IS_ERR(skb)) {
1709                BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1710                       hdev->name, cmd->opcode, PTR_ERR(skb));
1711                return PTR_ERR(skb);
1712        }
1713
1714        /* It ensures that the returned event matches the event data read from
1715         * the firmware file. At fist, it checks the length and then
1716         * the contents of the event.
1717         */
1718        if (skb->len != evt->plen) {
1719                BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1720                       le16_to_cpu(cmd->opcode));
1721                kfree_skb(skb);
1722                return -EFAULT;
1723        }
1724
1725        if (memcmp(skb->data, evt_param, evt->plen)) {
1726                BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1727                       hdev->name, le16_to_cpu(cmd->opcode));
1728                kfree_skb(skb);
1729                return -EFAULT;
1730        }
1731        kfree_skb(skb);
1732
1733        return 0;
1734}
1735
1736static int btusb_setup_intel(struct hci_dev *hdev)
1737{
1738        struct sk_buff *skb;
1739        const struct firmware *fw;
1740        const u8 *fw_ptr;
1741        int disable_patch, err;
1742        struct intel_version ver;
1743
1744        BT_DBG("%s", hdev->name);
1745
1746        /* The controller has a bug with the first HCI command sent to it
1747         * returning number of completed commands as zero. This would stall the
1748         * command processing in the Bluetooth core.
1749         *
1750         * As a workaround, send HCI Reset command first which will reset the
1751         * number of completed commands and allow normal command processing
1752         * from now on.
1753         */
1754        skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1755        if (IS_ERR(skb)) {
1756                BT_ERR("%s sending initial HCI reset command failed (%ld)",
1757                       hdev->name, PTR_ERR(skb));
1758                return PTR_ERR(skb);
1759        }
1760        kfree_skb(skb);
1761
1762        /* Read Intel specific controller version first to allow selection of
1763         * which firmware file to load.
1764         *
1765         * The returned information are hardware variant and revision plus
1766         * firmware variant, revision and build number.
1767         */
1768        err = btintel_read_version(hdev, &ver);
1769        if (err)
1770                return err;
1771
1772        bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1773                    ver.hw_platform, ver.hw_variant, ver.hw_revision,
1774                    ver.fw_variant,  ver.fw_revision, ver.fw_build_num,
1775                    ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
1776
1777        /* fw_patch_num indicates the version of patch the device currently
1778         * have. If there is no patch data in the device, it is always 0x00.
1779         * So, if it is other than 0x00, no need to patch the device again.
1780         */
1781        if (ver.fw_patch_num) {
1782                bt_dev_info(hdev, "Intel device is already patched. "
1783                            "patch num: %02x", ver.fw_patch_num);
1784                goto complete;
1785        }
1786
1787        /* Opens the firmware patch file based on the firmware version read
1788         * from the controller. If it fails to open the matching firmware
1789         * patch file, it tries to open the default firmware patch file.
1790         * If no patch file is found, allow the device to operate without
1791         * a patch.
1792         */
1793        fw = btusb_setup_intel_get_fw(hdev, &ver);
1794        if (!fw)
1795                goto complete;
1796        fw_ptr = fw->data;
1797
1798        /* Enable the manufacturer mode of the controller.
1799         * Only while this mode is enabled, the driver can download the
1800         * firmware patch data and configuration parameters.
1801         */
1802        err = btintel_enter_mfg(hdev);
1803        if (err) {
1804                release_firmware(fw);
1805                return err;
1806        }
1807
1808        disable_patch = 1;
1809
1810        /* The firmware data file consists of list of Intel specific HCI
1811         * commands and its expected events. The first byte indicates the
1812         * type of the message, either HCI command or HCI event.
1813         *
1814         * It reads the command and its expected event from the firmware file,
1815         * and send to the controller. Once __hci_cmd_sync_ev() returns,
1816         * the returned event is compared with the event read from the firmware
1817         * file and it will continue until all the messages are downloaded to
1818         * the controller.
1819         *
1820         * Once the firmware patching is completed successfully,
1821         * the manufacturer mode is disabled with reset and activating the
1822         * downloaded patch.
1823         *
1824         * If the firmware patching fails, the manufacturer mode is
1825         * disabled with reset and deactivating the patch.
1826         *
1827         * If the default patch file is used, no reset is done when disabling
1828         * the manufacturer.
1829         */
1830        while (fw->size > fw_ptr - fw->data) {
1831                int ret;
1832
1833                ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1834                                                 &disable_patch);
1835                if (ret < 0)
1836                        goto exit_mfg_deactivate;
1837        }
1838
1839        release_firmware(fw);
1840
1841        if (disable_patch)
1842                goto exit_mfg_disable;
1843
1844        /* Patching completed successfully and disable the manufacturer mode
1845         * with reset and activate the downloaded firmware patches.
1846         */
1847        err = btintel_exit_mfg(hdev, true, true);
1848        if (err)
1849                return err;
1850
1851        bt_dev_info(hdev, "Intel firmware patch completed and activated");
1852
1853        goto complete;
1854
1855exit_mfg_disable:
1856        /* Disable the manufacturer mode without reset */
1857        err = btintel_exit_mfg(hdev, false, false);
1858        if (err)
1859                return err;
1860
1861        bt_dev_info(hdev, "Intel firmware patch completed");
1862
1863        goto complete;
1864
1865exit_mfg_deactivate:
1866        release_firmware(fw);
1867
1868        /* Patching failed. Disable the manufacturer mode with reset and
1869         * deactivate the downloaded firmware patches.
1870         */
1871        err = btintel_exit_mfg(hdev, true, false);
1872        if (err)
1873                return err;
1874
1875        bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1876
1877complete:
1878        /* Set the event mask for Intel specific vendor events. This enables
1879         * a few extra events that are useful during general operation.
1880         */
1881        btintel_set_event_mask_mfg(hdev, false);
1882
1883        btintel_check_bdaddr(hdev);
1884        return 0;
1885}
1886
1887static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1888{
1889        struct sk_buff *skb;
1890        struct hci_event_hdr *hdr;
1891        struct hci_ev_cmd_complete *evt;
1892
1893        skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
1894        if (!skb)
1895                return -ENOMEM;
1896
1897        hdr = skb_put(skb, sizeof(*hdr));
1898        hdr->evt = HCI_EV_CMD_COMPLETE;
1899        hdr->plen = sizeof(*evt) + 1;
1900
1901        evt = skb_put(skb, sizeof(*evt));
1902        evt->ncmd = 0x01;
1903        evt->opcode = cpu_to_le16(opcode);
1904
1905        skb_put_u8(skb, 0x00);
1906
1907        hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1908
1909        return hci_recv_frame(hdev, skb);
1910}
1911
1912static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1913                                 int count)
1914{
1915        /* When the device is in bootloader mode, then it can send
1916         * events via the bulk endpoint. These events are treated the
1917         * same way as the ones received from the interrupt endpoint.
1918         */
1919        if (test_bit(BTUSB_BOOTLOADER, &data->flags))
1920                return btusb_recv_intr(data, buffer, count);
1921
1922        return btusb_recv_bulk(data, buffer, count);
1923}
1924
1925static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
1926                               unsigned int len)
1927{
1928        const struct intel_bootup *evt = ptr;
1929
1930        if (len != sizeof(*evt))
1931                return;
1932
1933        if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) {
1934                smp_mb__after_atomic();
1935                wake_up_bit(&data->flags, BTUSB_BOOTING);
1936        }
1937}
1938
1939static void btusb_intel_secure_send_result(struct btusb_data *data,
1940                                           const void *ptr, unsigned int len)
1941{
1942        const struct intel_secure_send_result *evt = ptr;
1943
1944        if (len != sizeof(*evt))
1945                return;
1946
1947        if (evt->result)
1948                set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
1949
1950        if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
1951            test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) {
1952                smp_mb__after_atomic();
1953                wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
1954        }
1955}
1956
1957static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
1958{
1959        struct btusb_data *data = hci_get_drvdata(hdev);
1960
1961        if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1962                struct hci_event_hdr *hdr = (void *)skb->data;
1963
1964                if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
1965                    hdr->plen > 0) {
1966                        const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
1967                        unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
1968
1969                        switch (skb->data[2]) {
1970                        case 0x02:
1971                                /* When switching to the operational firmware
1972                                 * the device sends a vendor specific event
1973                                 * indicating that the bootup completed.
1974                                 */
1975                                btusb_intel_bootup(data, ptr, len);
1976                                break;
1977                        case 0x06:
1978                                /* When the firmware loading completes the
1979                                 * device sends out a vendor specific event
1980                                 * indicating the result of the firmware
1981                                 * loading.
1982                                 */
1983                                btusb_intel_secure_send_result(data, ptr, len);
1984                                break;
1985                        }
1986                }
1987        }
1988
1989        return hci_recv_frame(hdev, skb);
1990}
1991
1992static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
1993{
1994        struct btusb_data *data = hci_get_drvdata(hdev);
1995        struct urb *urb;
1996
1997        BT_DBG("%s", hdev->name);
1998
1999        switch (hci_skb_pkt_type(skb)) {
2000        case HCI_COMMAND_PKT:
2001                if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2002                        struct hci_command_hdr *cmd = (void *)skb->data;
2003                        __u16 opcode = le16_to_cpu(cmd->opcode);
2004
2005                        /* When in bootloader mode and the command 0xfc09
2006                         * is received, it needs to be send down the
2007                         * bulk endpoint. So allocate a bulk URB instead.
2008                         */
2009                        if (opcode == 0xfc09)
2010                                urb = alloc_bulk_urb(hdev, skb);
2011                        else
2012                                urb = alloc_ctrl_urb(hdev, skb);
2013
2014                        /* When the 0xfc01 command is issued to boot into
2015                         * the operational firmware, it will actually not
2016                         * send a command complete event. To keep the flow
2017                         * control working inject that event here.
2018                         */
2019                        if (opcode == 0xfc01)
2020                                inject_cmd_complete(hdev, opcode);
2021                } else {
2022                        urb = alloc_ctrl_urb(hdev, skb);
2023                }
2024                if (IS_ERR(urb))
2025                        return PTR_ERR(urb);
2026
2027                hdev->stat.cmd_tx++;
2028                return submit_or_queue_tx_urb(hdev, urb);
2029
2030        case HCI_ACLDATA_PKT:
2031                urb = alloc_bulk_urb(hdev, skb);
2032                if (IS_ERR(urb))
2033                        return PTR_ERR(urb);
2034
2035                hdev->stat.acl_tx++;
2036                return submit_or_queue_tx_urb(hdev, urb);
2037
2038        case HCI_SCODATA_PKT:
2039                if (hci_conn_num(hdev, SCO_LINK) < 1)
2040                        return -ENODEV;
2041
2042                urb = alloc_isoc_urb(hdev, skb);
2043                if (IS_ERR(urb))
2044                        return PTR_ERR(urb);
2045
2046                hdev->stat.sco_tx++;
2047                return submit_tx_urb(hdev, urb);
2048        }
2049
2050        return -EILSEQ;
2051}
2052
2053static int btusb_setup_intel_new(struct hci_dev *hdev)
2054{
2055        struct btusb_data *data = hci_get_drvdata(hdev);
2056        struct intel_version ver;
2057        struct intel_boot_params params;
2058        const struct firmware *fw;
2059        u32 boot_param;
2060        char fwname[64];
2061        ktime_t calltime, delta, rettime;
2062        unsigned long long duration;
2063        int err;
2064
2065        BT_DBG("%s", hdev->name);
2066
2067        /* Set the default boot parameter to 0x0 and it is updated to
2068         * SKU specific boot parameter after reading Intel_Write_Boot_Params
2069         * command while downloading the firmware.
2070         */
2071        boot_param = 0x00000000;
2072
2073        calltime = ktime_get();
2074
2075        /* Read the Intel version information to determine if the device
2076         * is in bootloader mode or if it already has operational firmware
2077         * loaded.
2078         */
2079        err = btintel_read_version(hdev, &ver);
2080        if (err)
2081                return err;
2082
2083        /* The hardware platform number has a fixed value of 0x37 and
2084         * for now only accept this single value.
2085         */
2086        if (ver.hw_platform != 0x37) {
2087                BT_ERR("%s: Unsupported Intel hardware platform (%u)",
2088                       hdev->name, ver.hw_platform);
2089                return -EINVAL;
2090        }
2091
2092        /* Check for supported iBT hardware variants of this firmware
2093         * loading method.
2094         *
2095         * This check has been put in place to ensure correct forward
2096         * compatibility options when newer hardware variants come along.
2097         */
2098        switch (ver.hw_variant) {
2099        case 0x0b:      /* SfP */
2100        case 0x0c:      /* WsP */
2101        case 0x11:      /* JfP */
2102        case 0x12:      /* ThP */
2103        case 0x13:      /* HrP */
2104        case 0x14:      /* QnJ, IcP */
2105                break;
2106        default:
2107                BT_ERR("%s: Unsupported Intel hardware variant (%u)",
2108                       hdev->name, ver.hw_variant);
2109                return -EINVAL;
2110        }
2111
2112        btintel_version_info(hdev, &ver);
2113
2114        /* The firmware variant determines if the device is in bootloader
2115         * mode or is running operational firmware. The value 0x06 identifies
2116         * the bootloader and the value 0x23 identifies the operational
2117         * firmware.
2118         *
2119         * When the operational firmware is already present, then only
2120         * the check for valid Bluetooth device address is needed. This
2121         * determines if the device will be added as configured or
2122         * unconfigured controller.
2123         *
2124         * It is not possible to use the Secure Boot Parameters in this
2125         * case since that command is only available in bootloader mode.
2126         */
2127        if (ver.fw_variant == 0x23) {
2128                clear_bit(BTUSB_BOOTLOADER, &data->flags);
2129                btintel_check_bdaddr(hdev);
2130                return 0;
2131        }
2132
2133        /* If the device is not in bootloader mode, then the only possible
2134         * choice is to return an error and abort the device initialization.
2135         */
2136        if (ver.fw_variant != 0x06) {
2137                BT_ERR("%s: Unsupported Intel firmware variant (%u)",
2138                       hdev->name, ver.fw_variant);
2139                return -ENODEV;
2140        }
2141
2142        /* Read the secure boot parameters to identify the operating
2143         * details of the bootloader.
2144         */
2145        err = btintel_read_boot_params(hdev, &params);
2146        if (err)
2147                return err;
2148
2149        /* It is required that every single firmware fragment is acknowledged
2150         * with a command complete event. If the boot parameters indicate
2151         * that this bootloader does not send them, then abort the setup.
2152         */
2153        if (params.limited_cce != 0x00) {
2154                BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2155                       hdev->name, params.limited_cce);
2156                return -EINVAL;
2157        }
2158
2159        /* If the OTP has no valid Bluetooth device address, then there will
2160         * also be no valid address for the operational firmware.
2161         */
2162        if (!bacmp(&params.otp_bdaddr, BDADDR_ANY)) {
2163                bt_dev_info(hdev, "No device address configured");
2164                set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2165        }
2166
2167        /* With this Intel bootloader only the hardware variant and device
2168         * revision information are used to select the right firmware for SfP
2169         * and WsP.
2170         *
2171         * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2172         *
2173         * Currently the supported hardware variants are:
2174         *   11 (0x0b) for iBT3.0 (LnP/SfP)
2175         *   12 (0x0c) for iBT3.5 (WsP)
2176         *
2177         * For ThP/JfP and for future SKU's, the FW name varies based on HW
2178         * variant, HW revision and FW revision, as these are dependent on CNVi
2179         * and RF Combination.
2180         *
2181         *   17 (0x11) for iBT3.5 (JfP)
2182         *   18 (0x12) for iBT3.5 (ThP)
2183         *
2184         * The firmware file name for these will be
2185         * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
2186         *
2187         */
2188        switch (ver.hw_variant) {
2189        case 0x0b:      /* SfP */
2190        case 0x0c:      /* WsP */
2191                snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
2192                         le16_to_cpu(ver.hw_variant),
2193                         le16_to_cpu(params.dev_revid));
2194                break;
2195        case 0x11:      /* JfP */
2196        case 0x12:      /* ThP */
2197        case 0x13:      /* HrP */
2198        case 0x14:      /* QnJ, IcP */
2199                snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
2200                         le16_to_cpu(ver.hw_variant),
2201                         le16_to_cpu(ver.hw_revision),
2202                         le16_to_cpu(ver.fw_revision));
2203                break;
2204        default:
2205                BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2206                return -EINVAL;
2207        }
2208
2209        err = request_firmware(&fw, fwname, &hdev->dev);
2210        if (err < 0) {
2211                BT_ERR("%s: Failed to load Intel firmware file (%d)",
2212                       hdev->name, err);
2213                return err;
2214        }
2215
2216        bt_dev_info(hdev, "Found device firmware: %s", fwname);
2217
2218        /* Save the DDC file name for later use to apply once the firmware
2219         * downloading is done.
2220         */
2221        switch (ver.hw_variant) {
2222        case 0x0b:      /* SfP */
2223        case 0x0c:      /* WsP */
2224                snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
2225                         le16_to_cpu(ver.hw_variant),
2226                         le16_to_cpu(params.dev_revid));
2227                break;
2228        case 0x11:      /* JfP */
2229        case 0x12:      /* ThP */
2230        case 0x13:      /* HrP */
2231        case 0x14:      /* QnJ, IcP */
2232                snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
2233                         le16_to_cpu(ver.hw_variant),
2234                         le16_to_cpu(ver.hw_revision),
2235                         le16_to_cpu(ver.fw_revision));
2236                break;
2237        default:
2238                BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2239                return -EINVAL;
2240        }
2241
2242        if (fw->size < 644) {
2243                BT_ERR("%s: Invalid size of firmware file (%zu)",
2244                       hdev->name, fw->size);
2245                err = -EBADF;
2246                goto done;
2247        }
2248
2249        set_bit(BTUSB_DOWNLOADING, &data->flags);
2250
2251        /* Start firmware downloading and get boot parameter */
2252        err = btintel_download_firmware(hdev, fw, &boot_param);
2253        if (err < 0)
2254                goto done;
2255
2256        set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2257
2258        bt_dev_info(hdev, "Waiting for firmware download to complete");
2259
2260        /* Before switching the device into operational mode and with that
2261         * booting the loaded firmware, wait for the bootloader notification
2262         * that all fragments have been successfully received.
2263         *
2264         * When the event processing receives the notification, then the
2265         * BTUSB_DOWNLOADING flag will be cleared.
2266         *
2267         * The firmware loading should not take longer than 5 seconds
2268         * and thus just timeout if that happens and fail the setup
2269         * of this device.
2270         */
2271        err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2272                                  TASK_INTERRUPTIBLE,
2273                                  msecs_to_jiffies(5000));
2274        if (err == -EINTR) {
2275                BT_ERR("%s: Firmware loading interrupted", hdev->name);
2276                goto done;
2277        }
2278
2279        if (err) {
2280                BT_ERR("%s: Firmware loading timeout", hdev->name);
2281                err = -ETIMEDOUT;
2282                goto done;
2283        }
2284
2285        if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2286                BT_ERR("%s: Firmware loading failed", hdev->name);
2287                err = -ENOEXEC;
2288                goto done;
2289        }
2290
2291        rettime = ktime_get();
2292        delta = ktime_sub(rettime, calltime);
2293        duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2294
2295        bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2296
2297done:
2298        release_firmware(fw);
2299
2300        if (err < 0)
2301                return err;
2302
2303        calltime = ktime_get();
2304
2305        set_bit(BTUSB_BOOTING, &data->flags);
2306
2307        err = btintel_send_intel_reset(hdev, boot_param);
2308        if (err)
2309                return err;
2310
2311        /* The bootloader will not indicate when the device is ready. This
2312         * is done by the operational firmware sending bootup notification.
2313         *
2314         * Booting into operational firmware should not take longer than
2315         * 1 second. However if that happens, then just fail the setup
2316         * since something went wrong.
2317         */
2318        bt_dev_info(hdev, "Waiting for device to boot");
2319
2320        err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2321                                  TASK_INTERRUPTIBLE,
2322                                  msecs_to_jiffies(1000));
2323
2324        if (err == -EINTR) {
2325                BT_ERR("%s: Device boot interrupted", hdev->name);
2326                return -EINTR;
2327        }
2328
2329        if (err) {
2330                BT_ERR("%s: Device boot timeout", hdev->name);
2331                return -ETIMEDOUT;
2332        }
2333
2334        rettime = ktime_get();
2335        delta = ktime_sub(rettime, calltime);
2336        duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2337
2338        bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2339
2340        clear_bit(BTUSB_BOOTLOADER, &data->flags);
2341
2342        /* Once the device is running in operational mode, it needs to apply
2343         * the device configuration (DDC) parameters.
2344         *
2345         * The device can work without DDC parameters, so even if it fails
2346         * to load the file, no need to fail the setup.
2347         */
2348        btintel_load_ddc_config(hdev, fwname);
2349
2350        /* Set the event mask for Intel specific vendor events. This enables
2351         * a few extra events that are useful during general operation. It
2352         * does not enable any debugging related events.
2353         *
2354         * The device will function correctly without these events enabled
2355         * and thus no need to fail the setup.
2356         */
2357        btintel_set_event_mask(hdev, false);
2358
2359        return 0;
2360}
2361
2362static int btusb_shutdown_intel(struct hci_dev *hdev)
2363{
2364        struct sk_buff *skb;
2365        long ret;
2366
2367        /* Some platforms have an issue with BT LED when the interface is
2368         * down or BT radio is turned off, which takes 5 seconds to BT LED
2369         * goes off. This command turns off the BT LED immediately.
2370         */
2371        skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2372        if (IS_ERR(skb)) {
2373                ret = PTR_ERR(skb);
2374                BT_ERR("%s: turning off Intel device LED failed (%ld)",
2375                       hdev->name, ret);
2376                return ret;
2377        }
2378        kfree_skb(skb);
2379
2380        return 0;
2381}
2382
2383#ifdef CONFIG_PM
2384/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
2385static int marvell_config_oob_wake(struct hci_dev *hdev)
2386{
2387        struct sk_buff *skb;
2388        struct btusb_data *data = hci_get_drvdata(hdev);
2389        struct device *dev = &data->udev->dev;
2390        u16 pin, gap, opcode;
2391        int ret;
2392        u8 cmd[5];
2393
2394        /* Move on if no wakeup pin specified */
2395        if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
2396            of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
2397                return 0;
2398
2399        /* Vendor specific command to configure a GPIO as wake-up pin */
2400        opcode = hci_opcode_pack(0x3F, 0x59);
2401        cmd[0] = opcode & 0xFF;
2402        cmd[1] = opcode >> 8;
2403        cmd[2] = 2; /* length of parameters that follow */
2404        cmd[3] = pin;
2405        cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
2406
2407        skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
2408        if (!skb) {
2409                bt_dev_err(hdev, "%s: No memory\n", __func__);
2410                return -ENOMEM;
2411        }
2412
2413        skb_put_data(skb, cmd, sizeof(cmd));
2414        hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
2415
2416        ret = btusb_send_frame(hdev, skb);
2417        if (ret) {
2418                bt_dev_err(hdev, "%s: configuration failed\n", __func__);
2419                kfree_skb(skb);
2420                return ret;
2421        }
2422
2423        return 0;
2424}
2425#endif
2426
2427static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
2428                                    const bdaddr_t *bdaddr)
2429{
2430        struct sk_buff *skb;
2431        u8 buf[8];
2432        long ret;
2433
2434        buf[0] = 0xfe;
2435        buf[1] = sizeof(bdaddr_t);
2436        memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
2437
2438        skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2439        if (IS_ERR(skb)) {
2440                ret = PTR_ERR(skb);
2441                bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
2442                           ret);
2443                return ret;
2444        }
2445        kfree_skb(skb);
2446
2447        return 0;
2448}
2449
2450static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
2451                                    const bdaddr_t *bdaddr)
2452{
2453        struct sk_buff *skb;
2454        u8 buf[10];
2455        long ret;
2456
2457        buf[0] = 0x01;
2458        buf[1] = 0x01;
2459        buf[2] = 0x00;
2460        buf[3] = sizeof(bdaddr_t);
2461        memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
2462
2463        skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2464        if (IS_ERR(skb)) {
2465                ret = PTR_ERR(skb);
2466                bt_dev_err(hdev, "Change address command failed (%ld)", ret);
2467                return ret;
2468        }
2469        kfree_skb(skb);
2470
2471        return 0;
2472}
2473
2474#define QCA_DFU_PACKET_LEN      4096
2475
2476#define QCA_GET_TARGET_VERSION  0x09
2477#define QCA_CHECK_STATUS        0x05
2478#define QCA_DFU_DOWNLOAD        0x01
2479
2480#define QCA_SYSCFG_UPDATED      0x40
2481#define QCA_PATCH_UPDATED       0x80
2482#define QCA_DFU_TIMEOUT         3000
2483
2484struct qca_version {
2485        __le32  rom_version;
2486        __le32  patch_version;
2487        __le32  ram_version;
2488        __le32  ref_clock;
2489        __u8    reserved[4];
2490} __packed;
2491
2492struct qca_rampatch_version {
2493        __le16  rom_version;
2494        __le16  patch_version;
2495} __packed;
2496
2497struct qca_device_info {
2498        u32     rom_version;
2499        u8      rampatch_hdr;   /* length of header in rampatch */
2500        u8      nvm_hdr;        /* length of header in NVM */
2501        u8      ver_offset;     /* offset of version structure in rampatch */
2502};
2503
2504static const struct qca_device_info qca_devices_table[] = {
2505        { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
2506        { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
2507        { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
2508        { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
2509        { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
2510        { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
2511};
2512
2513static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
2514                                     void *data, u16 size)
2515{
2516        int pipe, err;
2517        u8 *buf;
2518
2519        buf = kmalloc(size, GFP_KERNEL);
2520        if (!buf)
2521                return -ENOMEM;
2522
2523        /* Found some of USB hosts have IOT issues with ours so that we should
2524         * not wait until HCI layer is ready.
2525         */
2526        pipe = usb_rcvctrlpipe(udev, 0);
2527        err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
2528                              0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2529        if (err < 0) {
2530                dev_err(&udev->dev, "Failed to access otp area (%d)", err);
2531                goto done;
2532        }
2533
2534        memcpy(data, buf, size);
2535
2536done:
2537        kfree(buf);
2538
2539        return err;
2540}
2541
2542static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
2543                                       const struct firmware *firmware,
2544                                       size_t hdr_size)
2545{
2546        struct btusb_data *btdata = hci_get_drvdata(hdev);
2547        struct usb_device *udev = btdata->udev;
2548        size_t count, size, sent = 0;
2549        int pipe, len, err;
2550        u8 *buf;
2551
2552        buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
2553        if (!buf)
2554                return -ENOMEM;
2555
2556        count = firmware->size;
2557
2558        size = min_t(size_t, count, hdr_size);
2559        memcpy(buf, firmware->data, size);
2560
2561        /* USB patches should go down to controller through USB path
2562         * because binary format fits to go down through USB channel.
2563         * USB control path is for patching headers and USB bulk is for
2564         * patch body.
2565         */
2566        pipe = usb_sndctrlpipe(udev, 0);
2567        err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
2568                              0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2569        if (err < 0) {
2570                bt_dev_err(hdev, "Failed to send headers (%d)", err);
2571                goto done;
2572        }
2573
2574        sent += size;
2575        count -= size;
2576
2577        while (count) {
2578                size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
2579
2580                memcpy(buf, firmware->data + sent, size);
2581
2582                pipe = usb_sndbulkpipe(udev, 0x02);
2583                err = usb_bulk_msg(udev, pipe, buf, size, &len,
2584                                   QCA_DFU_TIMEOUT);
2585                if (err < 0) {
2586                        bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
2587                                   sent, firmware->size, err);
2588                        break;
2589                }
2590
2591                if (size != len) {
2592                        bt_dev_err(hdev, "Failed to get bulk buffer");
2593                        err = -EILSEQ;
2594                        break;
2595                }
2596
2597                sent  += size;
2598                count -= size;
2599        }
2600
2601done:
2602        kfree(buf);
2603        return err;
2604}
2605
2606static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
2607                                         struct qca_version *ver,
2608                                         const struct qca_device_info *info)
2609{
2610        struct qca_rampatch_version *rver;
2611        const struct firmware *fw;
2612        u32 ver_rom, ver_patch;
2613        u16 rver_rom, rver_patch;
2614        char fwname[64];
2615        int err;
2616
2617        ver_rom = le32_to_cpu(ver->rom_version);
2618        ver_patch = le32_to_cpu(ver->patch_version);
2619
2620        snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
2621
2622        err = request_firmware(&fw, fwname, &hdev->dev);
2623        if (err) {
2624                bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
2625                           fwname, err);
2626                return err;
2627        }
2628
2629        bt_dev_info(hdev, "using rampatch file: %s", fwname);
2630
2631        rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
2632        rver_rom = le16_to_cpu(rver->rom_version);
2633        rver_patch = le16_to_cpu(rver->patch_version);
2634
2635        bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
2636                    "firmware rome 0x%x build 0x%x",
2637                    rver_rom, rver_patch, ver_rom, ver_patch);
2638
2639        if (rver_rom != ver_rom || rver_patch <= ver_patch) {
2640                bt_dev_err(hdev, "rampatch file version did not match with firmware");
2641                err = -EINVAL;
2642                goto done;
2643        }
2644
2645        err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
2646
2647done:
2648        release_firmware(fw);
2649
2650        return err;
2651}
2652
2653static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
2654                                    struct qca_version *ver,
2655                                    const struct qca_device_info *info)
2656{
2657        const struct firmware *fw;
2658        char fwname[64];
2659        int err;
2660
2661        snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
2662                 le32_to_cpu(ver->rom_version));
2663
2664        err = request_firmware(&fw, fwname, &hdev->dev);
2665        if (err) {
2666                bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
2667                           fwname, err);
2668                return err;
2669        }
2670
2671        bt_dev_info(hdev, "using NVM file: %s", fwname);
2672
2673        err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
2674
2675        release_firmware(fw);
2676
2677        return err;
2678}
2679
2680/* identify the ROM version and check whether patches are needed */
2681static bool btusb_qca_need_patch(struct usb_device *udev)
2682{
2683        struct qca_version ver;
2684
2685        if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
2686                                      sizeof(ver)) < 0)
2687                return false;
2688        /* only low ROM versions need patches */
2689        return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
2690}
2691
2692static int btusb_setup_qca(struct hci_dev *hdev)
2693{
2694        struct btusb_data *btdata = hci_get_drvdata(hdev);
2695        struct usb_device *udev = btdata->udev;
2696        const struct qca_device_info *info = NULL;
2697        struct qca_version ver;
2698        u32 ver_rom;
2699        u8 status;
2700        int i, err;
2701
2702        err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
2703                                        sizeof(ver));
2704        if (err < 0)
2705                return err;
2706
2707        ver_rom = le32_to_cpu(ver.rom_version);
2708        /* Don't care about high ROM versions */
2709        if (ver_rom & ~0xffffU)
2710                return 0;
2711
2712        for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
2713                if (ver_rom == qca_devices_table[i].rom_version)
2714                        info = &qca_devices_table[i];
2715        }
2716        if (!info) {
2717                bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
2718                return -ENODEV;
2719        }
2720
2721        err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
2722                                        sizeof(status));
2723        if (err < 0)
2724                return err;
2725
2726        if (!(status & QCA_PATCH_UPDATED)) {
2727                err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
2728                if (err < 0)
2729                        return err;
2730        }
2731
2732        if (!(status & QCA_SYSCFG_UPDATED)) {
2733                err = btusb_setup_qca_load_nvm(hdev, &ver, info);
2734                if (err < 0)
2735                        return err;
2736        }
2737
2738        return 0;
2739}
2740
2741#ifdef CONFIG_BT_HCIBTUSB_BCM
2742static inline int __set_diag_interface(struct hci_dev *hdev)
2743{
2744        struct btusb_data *data = hci_get_drvdata(hdev);
2745        struct usb_interface *intf = data->diag;
2746        int i;
2747
2748        if (!data->diag)
2749                return -ENODEV;
2750
2751        data->diag_tx_ep = NULL;
2752        data->diag_rx_ep = NULL;
2753
2754        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2755                struct usb_endpoint_descriptor *ep_desc;
2756
2757                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2758
2759                if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2760                        data->diag_tx_ep = ep_desc;
2761                        continue;
2762                }
2763
2764                if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2765                        data->diag_rx_ep = ep_desc;
2766                        continue;
2767                }
2768        }
2769
2770        if (!data->diag_tx_ep || !data->diag_rx_ep) {
2771                bt_dev_err(hdev, "invalid diagnostic descriptors");
2772                return -ENODEV;
2773        }
2774
2775        return 0;
2776}
2777
2778static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
2779{
2780        struct btusb_data *data = hci_get_drvdata(hdev);
2781        struct sk_buff *skb;
2782        struct urb *urb;
2783        unsigned int pipe;
2784
2785        if (!data->diag_tx_ep)
2786                return ERR_PTR(-ENODEV);
2787
2788        urb = usb_alloc_urb(0, GFP_KERNEL);
2789        if (!urb)
2790                return ERR_PTR(-ENOMEM);
2791
2792        skb = bt_skb_alloc(2, GFP_KERNEL);
2793        if (!skb) {
2794                usb_free_urb(urb);
2795                return ERR_PTR(-ENOMEM);
2796        }
2797
2798        skb_put_u8(skb, 0xf0);
2799        skb_put_u8(skb, enable);
2800
2801        pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
2802
2803        usb_fill_bulk_urb(urb, data->udev, pipe,
2804                          skb->data, skb->len, btusb_tx_complete, skb);
2805
2806        skb->dev = (void *)hdev;
2807
2808        return urb;
2809}
2810
2811static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
2812{
2813        struct btusb_data *data = hci_get_drvdata(hdev);
2814        struct urb *urb;
2815
2816        if (!data->diag)
2817                return -ENODEV;
2818
2819        if (!test_bit(HCI_RUNNING, &hdev->flags))
2820                return -ENETDOWN;
2821
2822        urb = alloc_diag_urb(hdev, enable);
2823        if (IS_ERR(urb))
2824                return PTR_ERR(urb);
2825
2826        return submit_or_queue_tx_urb(hdev, urb);
2827}
2828#endif
2829
2830#ifdef CONFIG_PM
2831static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
2832{
2833        struct btusb_data *data = priv;
2834
2835        pm_wakeup_event(&data->udev->dev, 0);
2836        pm_system_wakeup();
2837
2838        /* Disable only if not already disabled (keep it balanced) */
2839        if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
2840                disable_irq_nosync(irq);
2841                disable_irq_wake(irq);
2842        }
2843        return IRQ_HANDLED;
2844}
2845
2846static const struct of_device_id btusb_match_table[] = {
2847        { .compatible = "usb1286,204e" },
2848        { }
2849};
2850MODULE_DEVICE_TABLE(of, btusb_match_table);
2851
2852/* Use an oob wakeup pin? */
2853static int btusb_config_oob_wake(struct hci_dev *hdev)
2854{
2855        struct btusb_data *data = hci_get_drvdata(hdev);
2856        struct device *dev = &data->udev->dev;
2857        int irq, ret;
2858
2859        clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
2860
2861        if (!of_match_device(btusb_match_table, dev))
2862                return 0;
2863
2864        /* Move on if no IRQ specified */
2865        irq = of_irq_get_byname(dev->of_node, "wakeup");
2866        if (irq <= 0) {
2867                bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
2868                return 0;
2869        }
2870
2871        ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
2872                               0, "OOB Wake-on-BT", data);
2873        if (ret) {
2874                bt_dev_err(hdev, "%s: IRQ request failed", __func__);
2875                return ret;
2876        }
2877
2878        ret = device_init_wakeup(dev, true);
2879        if (ret) {
2880                bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
2881                return ret;
2882        }
2883
2884        data->oob_wake_irq = irq;
2885        disable_irq(irq);
2886        bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
2887        return 0;
2888}
2889#endif
2890
2891static void btusb_check_needs_reset_resume(struct usb_interface *intf)
2892{
2893        if (dmi_check_system(btusb_needs_reset_resume_table))
2894                interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
2895}
2896
2897static int btusb_probe(struct usb_interface *intf,
2898                       const struct usb_device_id *id)
2899{
2900        struct usb_endpoint_descriptor *ep_desc;
2901        struct btusb_data *data;
2902        struct hci_dev *hdev;
2903        unsigned ifnum_base;
2904        int i, err;
2905
2906        BT_DBG("intf %p id %p", intf, id);
2907
2908        /* interface numbers are hardcoded in the spec */
2909        if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
2910                if (!(id->driver_info & BTUSB_IFNUM_2))
2911                        return -ENODEV;
2912                if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
2913                        return -ENODEV;
2914        }
2915
2916        ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
2917
2918        if (!id->driver_info) {
2919                const struct usb_device_id *match;
2920
2921                match = usb_match_id(intf, blacklist_table);
2922                if (match)
2923                        id = match;
2924        }
2925
2926        if (id->driver_info == BTUSB_IGNORE)
2927                return -ENODEV;
2928
2929        if (id->driver_info & BTUSB_ATH3012) {
2930                struct usb_device *udev = interface_to_usbdev(intf);
2931
2932                /* Old firmware would otherwise let ath3k driver load
2933                 * patch and sysconfig files
2934                 */
2935                if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
2936                    !btusb_qca_need_patch(udev))
2937                        return -ENODEV;
2938        }
2939
2940        data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
2941        if (!data)
2942                return -ENOMEM;
2943
2944        for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2945                ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2946
2947                if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2948                        data->intr_ep = ep_desc;
2949                        continue;
2950                }
2951
2952                if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2953                        data->bulk_tx_ep = ep_desc;
2954                        continue;
2955                }
2956
2957                if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2958                        data->bulk_rx_ep = ep_desc;
2959                        continue;
2960                }
2961        }
2962
2963        if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
2964                return -ENODEV;
2965
2966        if (id->driver_info & BTUSB_AMP) {
2967                data->cmdreq_type = USB_TYPE_CLASS | 0x01;
2968                data->cmdreq = 0x2b;
2969        } else {
2970                data->cmdreq_type = USB_TYPE_CLASS;
2971                data->cmdreq = 0x00;
2972        }
2973
2974        data->udev = interface_to_usbdev(intf);
2975        data->intf = intf;
2976
2977        INIT_WORK(&data->work, btusb_work);
2978        INIT_WORK(&data->waker, btusb_waker);
2979        init_usb_anchor(&data->deferred);
2980        init_usb_anchor(&data->tx_anchor);
2981        spin_lock_init(&data->txlock);
2982
2983        init_usb_anchor(&data->intr_anchor);
2984        init_usb_anchor(&data->bulk_anchor);
2985        init_usb_anchor(&data->isoc_anchor);
2986        init_usb_anchor(&data->diag_anchor);
2987        spin_lock_init(&data->rxlock);
2988
2989        if (id->driver_info & BTUSB_INTEL_NEW) {
2990                data->recv_event = btusb_recv_event_intel;
2991                data->recv_bulk = btusb_recv_bulk_intel;
2992                set_bit(BTUSB_BOOTLOADER, &data->flags);
2993        } else {
2994                data->recv_event = hci_recv_frame;
2995                data->recv_bulk = btusb_recv_bulk;
2996        }
2997
2998        hdev = hci_alloc_dev();
2999        if (!hdev)
3000                return -ENOMEM;
3001
3002        hdev->bus = HCI_USB;
3003        hci_set_drvdata(hdev, data);
3004
3005        if (id->driver_info & BTUSB_AMP)
3006                hdev->dev_type = HCI_AMP;
3007        else
3008                hdev->dev_type = HCI_PRIMARY;
3009
3010        data->hdev = hdev;
3011
3012        SET_HCIDEV_DEV(hdev, &intf->dev);
3013
3014        hdev->open   = btusb_open;
3015        hdev->close  = btusb_close;
3016        hdev->flush  = btusb_flush;
3017        hdev->send   = btusb_send_frame;
3018        hdev->notify = btusb_notify;
3019
3020#ifdef CONFIG_PM
3021        err = btusb_config_oob_wake(hdev);
3022        if (err)
3023                goto out_free_dev;
3024
3025        /* Marvell devices may need a specific chip configuration */
3026        if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
3027                err = marvell_config_oob_wake(hdev);
3028                if (err)
3029                        goto out_free_dev;
3030        }
3031#endif
3032        if (id->driver_info & BTUSB_CW6622)
3033                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3034
3035        if (id->driver_info & BTUSB_BCM2045)
3036                set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3037
3038        if (id->driver_info & BTUSB_BCM92035)
3039                hdev->setup = btusb_setup_bcm92035;
3040
3041#ifdef CONFIG_BT_HCIBTUSB_BCM
3042        if (id->driver_info & BTUSB_BCM_PATCHRAM) {
3043                hdev->manufacturer = 15;
3044                hdev->setup = btbcm_setup_patchram;
3045                hdev->set_diag = btusb_bcm_set_diag;
3046                hdev->set_bdaddr = btbcm_set_bdaddr;
3047
3048                /* Broadcom LM_DIAG Interface numbers are hardcoded */
3049                data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3050        }
3051
3052        if (id->driver_info & BTUSB_BCM_APPLE) {
3053                hdev->manufacturer = 15;
3054                hdev->setup = btbcm_setup_apple;
3055                hdev->set_diag = btusb_bcm_set_diag;
3056
3057                /* Broadcom LM_DIAG Interface numbers are hardcoded */
3058                data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3059        }
3060#endif
3061
3062        if (id->driver_info & BTUSB_INTEL) {
3063                hdev->manufacturer = 2;
3064                hdev->setup = btusb_setup_intel;
3065                hdev->shutdown = btusb_shutdown_intel;
3066                hdev->set_diag = btintel_set_diag_mfg;
3067                hdev->set_bdaddr = btintel_set_bdaddr;
3068                set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3069                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3070                set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3071        }
3072
3073        if (id->driver_info & BTUSB_INTEL_NEW) {
3074                hdev->manufacturer = 2;
3075                hdev->send = btusb_send_frame_intel;
3076                hdev->setup = btusb_setup_intel_new;
3077                hdev->hw_error = btintel_hw_error;
3078                hdev->set_diag = btintel_set_diag;
3079                hdev->set_bdaddr = btintel_set_bdaddr;
3080                set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3081                set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3082        }
3083
3084        if (id->driver_info & BTUSB_MARVELL)
3085                hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3086
3087        if (id->driver_info & BTUSB_SWAVE) {
3088                set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3089                set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3090        }
3091
3092        if (id->driver_info & BTUSB_INTEL_BOOT) {
3093                hdev->manufacturer = 2;
3094                set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3095        }
3096
3097        if (id->driver_info & BTUSB_ATH3012) {
3098                data->setup_on_usb = btusb_setup_qca;
3099                hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3100                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3101                set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3102        }
3103
3104        if (id->driver_info & BTUSB_QCA_ROME) {
3105                data->setup_on_usb = btusb_setup_qca;
3106                hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3107                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3108                btusb_check_needs_reset_resume(intf);
3109        }
3110
3111#ifdef CONFIG_BT_HCIBTUSB_RTL
3112        if (id->driver_info & BTUSB_REALTEK) {
3113                hdev->setup = btrtl_setup_realtek;
3114
3115                /* Realtek devices lose their updated firmware over suspend,
3116                 * but the USB hub doesn't notice any status change.
3117                 * Explicitly request a device reset on resume.
3118                 */
3119                interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3120        }
3121#endif
3122
3123        if (id->driver_info & BTUSB_AMP) {
3124                /* AMP controllers do not support SCO packets */
3125                data->isoc = NULL;
3126        } else {
3127                /* Interface orders are hardcoded in the specification */
3128                data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3129                data->isoc_ifnum = ifnum_base + 1;
3130        }
3131
3132        if (!reset)
3133                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3134
3135        if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3136                if (!disable_scofix)
3137                        set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3138        }
3139
3140        if (id->driver_info & BTUSB_BROKEN_ISOC)
3141                data->isoc = NULL;
3142
3143        if (id->driver_info & BTUSB_DIGIANSWER) {
3144                data->cmdreq_type = USB_TYPE_VENDOR;
3145                set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3146        }
3147
3148        if (id->driver_info & BTUSB_CSR) {
3149                struct usb_device *udev = data->udev;
3150                u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3151
3152                /* Old firmware would otherwise execute USB reset */
3153                if (bcdDevice < 0x117)
3154                        set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3155
3156                /* Fake CSR devices with broken commands */
3157                if (bcdDevice <= 0x100 || bcdDevice == 0x134)
3158                        hdev->setup = btusb_setup_csr;
3159
3160                set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3161        }
3162
3163        if (id->driver_info & BTUSB_SNIFFER) {
3164                struct usb_device *udev = data->udev;
3165
3166                /* New sniffer firmware has crippled HCI interface */
3167                if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3168                        set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3169        }
3170
3171        if (id->driver_info & BTUSB_INTEL_BOOT) {
3172                /* A bug in the bootloader causes that interrupt interface is
3173                 * only enabled after receiving SetInterface(0, AltSetting=0).
3174                 */
3175                err = usb_set_interface(data->udev, 0, 0);
3176                if (err < 0) {
3177                        BT_ERR("failed to set interface 0, alt 0 %d", err);
3178                        goto out_free_dev;
3179                }
3180        }
3181
3182        if (data->isoc) {
3183                err = usb_driver_claim_interface(&btusb_driver,
3184                                                 data->isoc, data);
3185                if (err < 0)
3186                        goto out_free_dev;
3187        }
3188
3189#ifdef CONFIG_BT_HCIBTUSB_BCM
3190        if (data->diag) {
3191                if (!usb_driver_claim_interface(&btusb_driver,
3192                                                data->diag, data))
3193                        __set_diag_interface(hdev);
3194                else
3195                        data->diag = NULL;
3196        }
3197#endif
3198
3199        if (enable_autosuspend)
3200                usb_enable_autosuspend(data->udev);
3201
3202        err = hci_register_dev(hdev);
3203        if (err < 0)
3204                goto out_free_dev;
3205
3206        usb_set_intfdata(intf, data);
3207
3208        return 0;
3209
3210out_free_dev:
3211        hci_free_dev(hdev);
3212        return err;
3213}
3214
3215static void btusb_disconnect(struct usb_interface *intf)
3216{
3217        struct btusb_data *data = usb_get_intfdata(intf);
3218        struct hci_dev *hdev;
3219
3220        BT_DBG("intf %p", intf);
3221
3222        if (!data)
3223                return;
3224
3225        hdev = data->hdev;
3226        usb_set_intfdata(data->intf, NULL);
3227
3228        if (data->isoc)
3229                usb_set_intfdata(data->isoc, NULL);
3230
3231        if (data->diag)
3232                usb_set_intfdata(data->diag, NULL);
3233
3234        hci_unregister_dev(hdev);
3235
3236        if (intf == data->intf) {
3237                if (data->isoc)
3238                        usb_driver_release_interface(&btusb_driver, data->isoc);
3239                if (data->diag)
3240                        usb_driver_release_interface(&btusb_driver, data->diag);
3241        } else if (intf == data->isoc) {
3242                if (data->diag)
3243                        usb_driver_release_interface(&btusb_driver, data->diag);
3244                usb_driver_release_interface(&btusb_driver, data->intf);
3245        } else if (intf == data->diag) {
3246                usb_driver_release_interface(&btusb_driver, data->intf);
3247                if (data->isoc)
3248                        usb_driver_release_interface(&btusb_driver, data->isoc);
3249        }
3250
3251        if (data->oob_wake_irq)
3252                device_init_wakeup(&data->udev->dev, false);
3253
3254        hci_free_dev(hdev);
3255}
3256
3257#ifdef CONFIG_PM
3258static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
3259{
3260        struct btusb_data *data = usb_get_intfdata(intf);
3261
3262        BT_DBG("intf %p", intf);
3263
3264        if (data->suspend_count++)
3265                return 0;
3266
3267        spin_lock_irq(&data->txlock);
3268        if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
3269                set_bit(BTUSB_SUSPENDING, &data->flags);
3270                spin_unlock_irq(&data->txlock);
3271        } else {
3272                spin_unlock_irq(&data->txlock);
3273                data->suspend_count--;
3274                return -EBUSY;
3275        }
3276
3277        cancel_work_sync(&data->work);
3278
3279        btusb_stop_traffic(data);
3280        usb_kill_anchored_urbs(&data->tx_anchor);
3281
3282        if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
3283                set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3284                enable_irq_wake(data->oob_wake_irq);
3285                enable_irq(data->oob_wake_irq);
3286        }
3287
3288        return 0;
3289}
3290
3291static void play_deferred(struct btusb_data *data)
3292{
3293        struct urb *urb;
3294        int err;
3295
3296        while ((urb = usb_get_from_anchor(&data->deferred))) {
3297                usb_anchor_urb(urb, &data->tx_anchor);
3298
3299                err = usb_submit_urb(urb, GFP_ATOMIC);
3300                if (err < 0) {
3301                        if (err != -EPERM && err != -ENODEV)
3302                                BT_ERR("%s urb %p submission failed (%d)",
3303                                       data->hdev->name, urb, -err);
3304                        kfree(urb->setup_packet);
3305                        usb_unanchor_urb(urb);
3306                        usb_free_urb(urb);
3307                        break;
3308                }
3309
3310                data->tx_in_flight++;
3311                usb_free_urb(urb);
3312        }
3313
3314        /* Cleanup the rest deferred urbs. */
3315        while ((urb = usb_get_from_anchor(&data->deferred))) {
3316                kfree(urb->setup_packet);
3317                usb_free_urb(urb);
3318        }
3319}
3320
3321static int btusb_resume(struct usb_interface *intf)
3322{
3323        struct btusb_data *data = usb_get_intfdata(intf);
3324        struct hci_dev *hdev = data->hdev;
3325        int err = 0;
3326
3327        BT_DBG("intf %p", intf);
3328
3329        if (--data->suspend_count)
3330                return 0;
3331
3332        /* Disable only if not already disabled (keep it balanced) */
3333        if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3334                disable_irq(data->oob_wake_irq);
3335                disable_irq_wake(data->oob_wake_irq);
3336        }
3337
3338        if (!test_bit(HCI_RUNNING, &hdev->flags))
3339                goto done;
3340
3341        if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3342                err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3343                if (err < 0) {
3344                        clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3345                        goto failed;
3346                }
3347        }
3348
3349        if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3350                err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3351                if (err < 0) {
3352                        clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3353                        goto failed;
3354                }
3355
3356                btusb_submit_bulk_urb(hdev, GFP_NOIO);
3357        }
3358
3359        if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3360                if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3361                        clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3362                else
3363                        btusb_submit_isoc_urb(hdev, GFP_NOIO);
3364        }
3365
3366        spin_lock_irq(&data->txlock);
3367        play_deferred(data);
3368        clear_bit(BTUSB_SUSPENDING, &data->flags);
3369        spin_unlock_irq(&data->txlock);
3370        schedule_work(&data->work);
3371
3372        return 0;
3373
3374failed:
3375        usb_scuttle_anchored_urbs(&data->deferred);
3376done:
3377        spin_lock_irq(&data->txlock);
3378        clear_bit(BTUSB_SUSPENDING, &data->flags);
3379        spin_unlock_irq(&data->txlock);
3380
3381        return err;
3382}
3383#endif
3384
3385static struct usb_driver btusb_driver = {
3386        .name           = "btusb",
3387        .probe          = btusb_probe,
3388        .disconnect     = btusb_disconnect,
3389#ifdef CONFIG_PM
3390        .suspend        = btusb_suspend,
3391        .resume         = btusb_resume,
3392#endif
3393        .id_table       = btusb_table,
3394        .supports_autosuspend = 1,
3395        .disable_hub_initiated_lpm = 1,
3396};
3397
3398module_usb_driver(btusb_driver);
3399
3400module_param(disable_scofix, bool, 0644);
3401MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
3402
3403module_param(force_scofix, bool, 0644);
3404MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
3405
3406module_param(enable_autosuspend, bool, 0644);
3407MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
3408
3409module_param(reset, bool, 0644);
3410MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
3411
3412MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3413MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
3414MODULE_VERSION(VERSION);
3415MODULE_LICENSE("GPL");
3416