MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check
[linux-2.6/linux-mips.git] / drivers / bluetooth / btusb.c
blobf9b726091ad0bba89464bad3a59f363318eba508
1 /*
3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
33 #include <linux/usb.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
38 #define VERSION "0.6"
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
46 static int reset = 1;
48 static struct usb_driver btusb_driver;
50 #define BTUSB_IGNORE 0x01
51 #define BTUSB_DIGIANSWER 0x02
52 #define BTUSB_CSR 0x04
53 #define BTUSB_SNIFFER 0x08
54 #define BTUSB_BCM92035 0x10
55 #define BTUSB_BROKEN_ISOC 0x20
56 #define BTUSB_WRONG_SCO_MTU 0x40
57 #define BTUSB_ATH3012 0x80
59 static struct usb_device_id btusb_table[] = {
60 /* Generic Bluetooth USB device */
61 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x05ac, 0x21e1) },
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
103 { } /* Terminating entry */
106 MODULE_DEVICE_TABLE(usb, btusb_table);
108 static struct usb_device_id blacklist_table[] = {
109 /* CSR BlueCore devices */
110 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
112 /* Broadcom BCM2033 without firmware */
113 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
115 /* Atheros 3011 with sflash firmware */
116 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
117 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
118 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
120 /* Atheros AR9285 Malbec with sflash firmware */
121 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
123 /* Atheros 3012 with sflash firmware */
124 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
126 /* Atheros AR5BBU12 with sflash firmware */
127 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
129 /* Broadcom BCM2035 */
130 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
131 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
132 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
134 /* Broadcom BCM2045 */
135 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
136 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
138 /* IBM/Lenovo ThinkPad with Broadcom chip */
139 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
140 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
142 /* HP laptop with Broadcom chip */
143 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
145 /* Dell laptop with Broadcom chip */
146 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
148 /* Dell Wireless 370 and 410 devices */
149 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
150 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
152 /* Belkin F8T012 and F8T013 devices */
153 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
154 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
156 /* Asus WL-BTD202 device */
157 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
159 /* Kensington Bluetooth USB adapter */
160 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
162 /* RTX Telecom based adapters with buggy SCO support */
163 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
164 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
166 /* CONWISE Technology based adapters with buggy SCO support */
167 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
169 /* Digianswer devices */
170 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
171 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
173 /* CSR BlueCore Bluetooth Sniffer */
174 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
176 /* Frontline ComProbe Bluetooth Sniffer */
177 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
179 { } /* Terminating entry */
182 #define BTUSB_MAX_ISOC_FRAMES 10
184 #define BTUSB_INTR_RUNNING 0
185 #define BTUSB_BULK_RUNNING 1
186 #define BTUSB_ISOC_RUNNING 2
187 #define BTUSB_SUSPENDING 3
188 #define BTUSB_DID_ISO_RESUME 4
190 struct btusb_data {
191 struct hci_dev *hdev;
192 struct usb_device *udev;
193 struct usb_interface *intf;
194 struct usb_interface *isoc;
196 spinlock_t lock;
198 unsigned long flags;
200 struct work_struct work;
201 struct work_struct waker;
203 struct usb_anchor tx_anchor;
204 struct usb_anchor intr_anchor;
205 struct usb_anchor bulk_anchor;
206 struct usb_anchor isoc_anchor;
207 struct usb_anchor deferred;
208 int tx_in_flight;
209 spinlock_t txlock;
211 struct usb_endpoint_descriptor *intr_ep;
212 struct usb_endpoint_descriptor *bulk_tx_ep;
213 struct usb_endpoint_descriptor *bulk_rx_ep;
214 struct usb_endpoint_descriptor *isoc_tx_ep;
215 struct usb_endpoint_descriptor *isoc_rx_ep;
217 __u8 cmdreq_type;
219 unsigned int sco_num;
220 int isoc_altsetting;
221 int suspend_count;
224 static int inc_tx(struct btusb_data *data)
226 unsigned long flags;
227 int rv;
229 spin_lock_irqsave(&data->txlock, flags);
230 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
231 if (!rv)
232 data->tx_in_flight++;
233 spin_unlock_irqrestore(&data->txlock, flags);
235 return rv;
238 static void btusb_intr_complete(struct urb *urb)
240 struct hci_dev *hdev = urb->context;
241 struct btusb_data *data = hdev->driver_data;
242 int err;
244 BT_DBG("%s urb %p status %d count %d", hdev->name,
245 urb, urb->status, urb->actual_length);
247 if (!test_bit(HCI_RUNNING, &hdev->flags))
248 return;
250 if (urb->status == 0) {
251 hdev->stat.byte_rx += urb->actual_length;
253 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
254 urb->transfer_buffer,
255 urb->actual_length) < 0) {
256 BT_ERR("%s corrupted event packet", hdev->name);
257 hdev->stat.err_rx++;
261 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
262 return;
264 usb_mark_last_busy(data->udev);
265 usb_anchor_urb(urb, &data->intr_anchor);
267 err = usb_submit_urb(urb, GFP_ATOMIC);
268 if (err < 0) {
269 /* -EPERM: urb is being killed;
270 * -ENODEV: device got disconnected */
271 if (err != -EPERM && err != -ENODEV)
272 BT_ERR("%s urb %p failed to resubmit (%d)",
273 hdev->name, urb, -err);
274 usb_unanchor_urb(urb);
278 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
280 struct btusb_data *data = hdev->driver_data;
281 struct urb *urb;
282 unsigned char *buf;
283 unsigned int pipe;
284 int err, size;
286 BT_DBG("%s", hdev->name);
288 if (!data->intr_ep)
289 return -ENODEV;
291 urb = usb_alloc_urb(0, mem_flags);
292 if (!urb)
293 return -ENOMEM;
295 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
297 buf = kmalloc(size, mem_flags);
298 if (!buf) {
299 usb_free_urb(urb);
300 return -ENOMEM;
303 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
305 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
306 btusb_intr_complete, hdev,
307 data->intr_ep->bInterval);
309 urb->transfer_flags |= URB_FREE_BUFFER;
311 usb_anchor_urb(urb, &data->intr_anchor);
313 err = usb_submit_urb(urb, mem_flags);
314 if (err < 0) {
315 BT_ERR("%s urb %p submission failed (%d)",
316 hdev->name, urb, -err);
317 usb_unanchor_urb(urb);
320 usb_free_urb(urb);
322 return err;
325 static void btusb_bulk_complete(struct urb *urb)
327 struct hci_dev *hdev = urb->context;
328 struct btusb_data *data = hdev->driver_data;
329 int err;
331 BT_DBG("%s urb %p status %d count %d", hdev->name,
332 urb, urb->status, urb->actual_length);
334 if (!test_bit(HCI_RUNNING, &hdev->flags))
335 return;
337 if (urb->status == 0) {
338 hdev->stat.byte_rx += urb->actual_length;
340 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
341 urb->transfer_buffer,
342 urb->actual_length) < 0) {
343 BT_ERR("%s corrupted ACL packet", hdev->name);
344 hdev->stat.err_rx++;
348 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
349 return;
351 usb_anchor_urb(urb, &data->bulk_anchor);
352 usb_mark_last_busy(data->udev);
354 err = usb_submit_urb(urb, GFP_ATOMIC);
355 if (err < 0) {
356 /* -EPERM: urb is being killed;
357 * -ENODEV: device got disconnected */
358 if (err != -EPERM && err != -ENODEV)
359 BT_ERR("%s urb %p failed to resubmit (%d)",
360 hdev->name, urb, -err);
361 usb_unanchor_urb(urb);
365 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
367 struct btusb_data *data = hdev->driver_data;
368 struct urb *urb;
369 unsigned char *buf;
370 unsigned int pipe;
371 int err, size = HCI_MAX_FRAME_SIZE;
373 BT_DBG("%s", hdev->name);
375 if (!data->bulk_rx_ep)
376 return -ENODEV;
378 urb = usb_alloc_urb(0, mem_flags);
379 if (!urb)
380 return -ENOMEM;
382 buf = kmalloc(size, mem_flags);
383 if (!buf) {
384 usb_free_urb(urb);
385 return -ENOMEM;
388 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
390 usb_fill_bulk_urb(urb, data->udev, pipe,
391 buf, size, btusb_bulk_complete, hdev);
393 urb->transfer_flags |= URB_FREE_BUFFER;
395 usb_mark_last_busy(data->udev);
396 usb_anchor_urb(urb, &data->bulk_anchor);
398 err = usb_submit_urb(urb, mem_flags);
399 if (err < 0) {
400 BT_ERR("%s urb %p submission failed (%d)",
401 hdev->name, urb, -err);
402 usb_unanchor_urb(urb);
405 usb_free_urb(urb);
407 return err;
410 static void btusb_isoc_complete(struct urb *urb)
412 struct hci_dev *hdev = urb->context;
413 struct btusb_data *data = hdev->driver_data;
414 int i, err;
416 BT_DBG("%s urb %p status %d count %d", hdev->name,
417 urb, urb->status, urb->actual_length);
419 if (!test_bit(HCI_RUNNING, &hdev->flags))
420 return;
422 if (urb->status == 0) {
423 for (i = 0; i < urb->number_of_packets; i++) {
424 unsigned int offset = urb->iso_frame_desc[i].offset;
425 unsigned int length = urb->iso_frame_desc[i].actual_length;
427 if (urb->iso_frame_desc[i].status)
428 continue;
430 hdev->stat.byte_rx += length;
432 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
433 urb->transfer_buffer + offset,
434 length) < 0) {
435 BT_ERR("%s corrupted SCO packet", hdev->name);
436 hdev->stat.err_rx++;
441 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
442 return;
444 usb_anchor_urb(urb, &data->isoc_anchor);
446 err = usb_submit_urb(urb, GFP_ATOMIC);
447 if (err < 0) {
448 /* -EPERM: urb is being killed;
449 * -ENODEV: device got disconnected */
450 if (err != -EPERM && err != -ENODEV)
451 BT_ERR("%s urb %p failed to resubmit (%d)",
452 hdev->name, urb, -err);
453 usb_unanchor_urb(urb);
457 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
459 int i, offset = 0;
461 BT_DBG("len %d mtu %d", len, mtu);
463 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
464 i++, offset += mtu, len -= mtu) {
465 urb->iso_frame_desc[i].offset = offset;
466 urb->iso_frame_desc[i].length = mtu;
469 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
470 urb->iso_frame_desc[i].offset = offset;
471 urb->iso_frame_desc[i].length = len;
472 i++;
475 urb->number_of_packets = i;
478 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
480 struct btusb_data *data = hdev->driver_data;
481 struct urb *urb;
482 unsigned char *buf;
483 unsigned int pipe;
484 int err, size;
486 BT_DBG("%s", hdev->name);
488 if (!data->isoc_rx_ep)
489 return -ENODEV;
491 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
492 if (!urb)
493 return -ENOMEM;
495 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
496 BTUSB_MAX_ISOC_FRAMES;
498 buf = kmalloc(size, mem_flags);
499 if (!buf) {
500 usb_free_urb(urb);
501 return -ENOMEM;
504 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
506 urb->dev = data->udev;
507 urb->pipe = pipe;
508 urb->context = hdev;
509 urb->complete = btusb_isoc_complete;
510 urb->interval = data->isoc_rx_ep->bInterval;
512 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
513 urb->transfer_buffer = buf;
514 urb->transfer_buffer_length = size;
516 __fill_isoc_descriptor(urb, size,
517 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
519 usb_anchor_urb(urb, &data->isoc_anchor);
521 err = usb_submit_urb(urb, mem_flags);
522 if (err < 0) {
523 BT_ERR("%s urb %p submission failed (%d)",
524 hdev->name, urb, -err);
525 usb_unanchor_urb(urb);
528 usb_free_urb(urb);
530 return err;
533 static void btusb_tx_complete(struct urb *urb)
535 struct sk_buff *skb = urb->context;
536 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
537 struct btusb_data *data = hdev->driver_data;
539 BT_DBG("%s urb %p status %d count %d", hdev->name,
540 urb, urb->status, urb->actual_length);
542 if (!test_bit(HCI_RUNNING, &hdev->flags))
543 goto done;
545 if (!urb->status)
546 hdev->stat.byte_tx += urb->transfer_buffer_length;
547 else
548 hdev->stat.err_tx++;
550 done:
551 spin_lock(&data->txlock);
552 data->tx_in_flight--;
553 spin_unlock(&data->txlock);
555 kfree(urb->setup_packet);
557 kfree_skb(skb);
560 static void btusb_isoc_tx_complete(struct urb *urb)
562 struct sk_buff *skb = urb->context;
563 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
565 BT_DBG("%s urb %p status %d count %d", hdev->name,
566 urb, urb->status, urb->actual_length);
568 if (!test_bit(HCI_RUNNING, &hdev->flags))
569 goto done;
571 if (!urb->status)
572 hdev->stat.byte_tx += urb->transfer_buffer_length;
573 else
574 hdev->stat.err_tx++;
576 done:
577 kfree(urb->setup_packet);
579 kfree_skb(skb);
582 static int btusb_open(struct hci_dev *hdev)
584 struct btusb_data *data = hdev->driver_data;
585 int err;
587 BT_DBG("%s", hdev->name);
589 err = usb_autopm_get_interface(data->intf);
590 if (err < 0)
591 return err;
593 data->intf->needs_remote_wakeup = 1;
595 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
596 goto done;
598 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
599 goto done;
601 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
602 if (err < 0)
603 goto failed;
605 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
606 if (err < 0) {
607 usb_kill_anchored_urbs(&data->intr_anchor);
608 goto failed;
611 set_bit(BTUSB_BULK_RUNNING, &data->flags);
612 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
614 done:
615 usb_autopm_put_interface(data->intf);
616 return 0;
618 failed:
619 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
620 clear_bit(HCI_RUNNING, &hdev->flags);
621 usb_autopm_put_interface(data->intf);
622 return err;
625 static void btusb_stop_traffic(struct btusb_data *data)
627 usb_kill_anchored_urbs(&data->intr_anchor);
628 usb_kill_anchored_urbs(&data->bulk_anchor);
629 usb_kill_anchored_urbs(&data->isoc_anchor);
632 static int btusb_close(struct hci_dev *hdev)
634 struct btusb_data *data = hdev->driver_data;
635 int err;
637 BT_DBG("%s", hdev->name);
639 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
640 return 0;
642 cancel_work_sync(&data->work);
643 cancel_work_sync(&data->waker);
645 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
646 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
647 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
649 btusb_stop_traffic(data);
650 err = usb_autopm_get_interface(data->intf);
651 if (err < 0)
652 goto failed;
654 data->intf->needs_remote_wakeup = 0;
655 usb_autopm_put_interface(data->intf);
657 failed:
658 usb_scuttle_anchored_urbs(&data->deferred);
659 return 0;
662 static int btusb_flush(struct hci_dev *hdev)
664 struct btusb_data *data = hdev->driver_data;
666 BT_DBG("%s", hdev->name);
668 usb_kill_anchored_urbs(&data->tx_anchor);
670 return 0;
673 static int btusb_send_frame(struct sk_buff *skb)
675 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
676 struct btusb_data *data = hdev->driver_data;
677 struct usb_ctrlrequest *dr;
678 struct urb *urb;
679 unsigned int pipe;
680 int err;
682 BT_DBG("%s", hdev->name);
684 if (!test_bit(HCI_RUNNING, &hdev->flags))
685 return -EBUSY;
687 switch (bt_cb(skb)->pkt_type) {
688 case HCI_COMMAND_PKT:
689 urb = usb_alloc_urb(0, GFP_ATOMIC);
690 if (!urb)
691 return -ENOMEM;
693 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
694 if (!dr) {
695 usb_free_urb(urb);
696 return -ENOMEM;
699 dr->bRequestType = data->cmdreq_type;
700 dr->bRequest = 0;
701 dr->wIndex = 0;
702 dr->wValue = 0;
703 dr->wLength = __cpu_to_le16(skb->len);
705 pipe = usb_sndctrlpipe(data->udev, 0x00);
707 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
708 skb->data, skb->len, btusb_tx_complete, skb);
710 hdev->stat.cmd_tx++;
711 break;
713 case HCI_ACLDATA_PKT:
714 if (!data->bulk_tx_ep)
715 return -ENODEV;
717 urb = usb_alloc_urb(0, GFP_ATOMIC);
718 if (!urb)
719 return -ENOMEM;
721 pipe = usb_sndbulkpipe(data->udev,
722 data->bulk_tx_ep->bEndpointAddress);
724 usb_fill_bulk_urb(urb, data->udev, pipe,
725 skb->data, skb->len, btusb_tx_complete, skb);
727 hdev->stat.acl_tx++;
728 break;
730 case HCI_SCODATA_PKT:
731 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
732 return -ENODEV;
734 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
735 if (!urb)
736 return -ENOMEM;
738 pipe = usb_sndisocpipe(data->udev,
739 data->isoc_tx_ep->bEndpointAddress);
741 usb_fill_int_urb(urb, data->udev, pipe,
742 skb->data, skb->len, btusb_isoc_tx_complete,
743 skb, data->isoc_tx_ep->bInterval);
745 urb->transfer_flags = URB_ISO_ASAP;
747 __fill_isoc_descriptor(urb, skb->len,
748 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
750 hdev->stat.sco_tx++;
751 goto skip_waking;
753 default:
754 return -EILSEQ;
757 err = inc_tx(data);
758 if (err) {
759 usb_anchor_urb(urb, &data->deferred);
760 schedule_work(&data->waker);
761 err = 0;
762 goto done;
765 skip_waking:
766 usb_anchor_urb(urb, &data->tx_anchor);
768 err = usb_submit_urb(urb, GFP_ATOMIC);
769 if (err < 0) {
770 BT_ERR("%s urb %p submission failed", hdev->name, urb);
771 kfree(urb->setup_packet);
772 usb_unanchor_urb(urb);
773 } else {
774 usb_mark_last_busy(data->udev);
777 usb_free_urb(urb);
779 done:
780 return err;
783 static void btusb_destruct(struct hci_dev *hdev)
785 struct btusb_data *data = hdev->driver_data;
787 BT_DBG("%s", hdev->name);
789 kfree(data);
792 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
794 struct btusb_data *data = hdev->driver_data;
796 BT_DBG("%s evt %d", hdev->name, evt);
798 if (hdev->conn_hash.sco_num != data->sco_num) {
799 data->sco_num = hdev->conn_hash.sco_num;
800 schedule_work(&data->work);
804 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
806 struct btusb_data *data = hdev->driver_data;
807 struct usb_interface *intf = data->isoc;
808 struct usb_endpoint_descriptor *ep_desc;
809 int i, err;
811 if (!data->isoc)
812 return -ENODEV;
814 err = usb_set_interface(data->udev, 1, altsetting);
815 if (err < 0) {
816 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
817 return err;
820 data->isoc_altsetting = altsetting;
822 data->isoc_tx_ep = NULL;
823 data->isoc_rx_ep = NULL;
825 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
826 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
828 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
829 data->isoc_tx_ep = ep_desc;
830 continue;
833 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
834 data->isoc_rx_ep = ep_desc;
835 continue;
839 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
840 BT_ERR("%s invalid SCO descriptors", hdev->name);
841 return -ENODEV;
844 return 0;
847 static void btusb_work(struct work_struct *work)
849 struct btusb_data *data = container_of(work, struct btusb_data, work);
850 struct hci_dev *hdev = data->hdev;
851 int err;
853 if (hdev->conn_hash.sco_num > 0) {
854 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
855 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
856 if (err < 0) {
857 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
858 usb_kill_anchored_urbs(&data->isoc_anchor);
859 return;
862 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
864 if (data->isoc_altsetting != 2) {
865 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
866 usb_kill_anchored_urbs(&data->isoc_anchor);
868 if (__set_isoc_interface(hdev, 2) < 0)
869 return;
872 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
873 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
874 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
875 else
876 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
878 } else {
879 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
880 usb_kill_anchored_urbs(&data->isoc_anchor);
882 __set_isoc_interface(hdev, 0);
883 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
884 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
888 static void btusb_waker(struct work_struct *work)
890 struct btusb_data *data = container_of(work, struct btusb_data, waker);
891 int err;
893 err = usb_autopm_get_interface(data->intf);
894 if (err < 0)
895 return;
897 usb_autopm_put_interface(data->intf);
900 static int btusb_probe(struct usb_interface *intf,
901 const struct usb_device_id *id)
903 struct usb_endpoint_descriptor *ep_desc;
904 struct btusb_data *data;
905 struct hci_dev *hdev;
906 int i, err;
908 BT_DBG("intf %p id %p", intf, id);
910 /* interface numbers are hardcoded in the spec */
911 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
912 return -ENODEV;
914 if (!id->driver_info) {
915 const struct usb_device_id *match;
916 match = usb_match_id(intf, blacklist_table);
917 if (match)
918 id = match;
921 if (id->driver_info == BTUSB_IGNORE)
922 return -ENODEV;
924 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
925 return -ENODEV;
927 if (ignore_csr && id->driver_info & BTUSB_CSR)
928 return -ENODEV;
930 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
931 return -ENODEV;
933 if (id->driver_info & BTUSB_ATH3012) {
934 struct usb_device *udev = interface_to_usbdev(intf);
936 /* Old firmware would otherwise let ath3k driver load
937 * patch and sysconfig files */
938 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
939 return -ENODEV;
942 data = kzalloc(sizeof(*data), GFP_KERNEL);
943 if (!data)
944 return -ENOMEM;
946 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
947 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
949 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
950 data->intr_ep = ep_desc;
951 continue;
954 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
955 data->bulk_tx_ep = ep_desc;
956 continue;
959 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
960 data->bulk_rx_ep = ep_desc;
961 continue;
965 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
966 kfree(data);
967 return -ENODEV;
970 data->cmdreq_type = USB_TYPE_CLASS;
972 data->udev = interface_to_usbdev(intf);
973 data->intf = intf;
975 spin_lock_init(&data->lock);
977 INIT_WORK(&data->work, btusb_work);
978 INIT_WORK(&data->waker, btusb_waker);
979 spin_lock_init(&data->txlock);
981 init_usb_anchor(&data->tx_anchor);
982 init_usb_anchor(&data->intr_anchor);
983 init_usb_anchor(&data->bulk_anchor);
984 init_usb_anchor(&data->isoc_anchor);
985 init_usb_anchor(&data->deferred);
987 hdev = hci_alloc_dev();
988 if (!hdev) {
989 kfree(data);
990 return -ENOMEM;
993 hdev->bus = HCI_USB;
994 hdev->driver_data = data;
996 data->hdev = hdev;
998 SET_HCIDEV_DEV(hdev, &intf->dev);
1000 hdev->open = btusb_open;
1001 hdev->close = btusb_close;
1002 hdev->flush = btusb_flush;
1003 hdev->send = btusb_send_frame;
1004 hdev->destruct = btusb_destruct;
1005 hdev->notify = btusb_notify;
1007 hdev->owner = THIS_MODULE;
1009 /* Interface numbers are hardcoded in the specification */
1010 data->isoc = usb_ifnum_to_if(data->udev, 1);
1012 if (!reset)
1013 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1015 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1016 if (!disable_scofix)
1017 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1020 if (id->driver_info & BTUSB_BROKEN_ISOC)
1021 data->isoc = NULL;
1023 if (id->driver_info & BTUSB_DIGIANSWER) {
1024 data->cmdreq_type = USB_TYPE_VENDOR;
1025 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1028 if (id->driver_info & BTUSB_CSR) {
1029 struct usb_device *udev = data->udev;
1031 /* Old firmware would otherwise execute USB reset */
1032 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1033 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1036 if (id->driver_info & BTUSB_SNIFFER) {
1037 struct usb_device *udev = data->udev;
1039 /* New sniffer firmware has crippled HCI interface */
1040 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1041 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1043 data->isoc = NULL;
1046 if (id->driver_info & BTUSB_BCM92035) {
1047 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1048 struct sk_buff *skb;
1050 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1051 if (skb) {
1052 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1053 skb_queue_tail(&hdev->driver_init, skb);
1057 if (data->isoc) {
1058 err = usb_driver_claim_interface(&btusb_driver,
1059 data->isoc, data);
1060 if (err < 0) {
1061 hci_free_dev(hdev);
1062 kfree(data);
1063 return err;
1067 err = hci_register_dev(hdev);
1068 if (err < 0) {
1069 hci_free_dev(hdev);
1070 kfree(data);
1071 return err;
1074 usb_set_intfdata(intf, data);
1076 return 0;
1079 static void btusb_disconnect(struct usb_interface *intf)
1081 struct btusb_data *data = usb_get_intfdata(intf);
1082 struct hci_dev *hdev;
1084 BT_DBG("intf %p", intf);
1086 if (!data)
1087 return;
1089 hdev = data->hdev;
1091 __hci_dev_hold(hdev);
1093 usb_set_intfdata(data->intf, NULL);
1095 if (data->isoc)
1096 usb_set_intfdata(data->isoc, NULL);
1098 hci_unregister_dev(hdev);
1100 if (intf == data->isoc)
1101 usb_driver_release_interface(&btusb_driver, data->intf);
1102 else if (data->isoc)
1103 usb_driver_release_interface(&btusb_driver, data->isoc);
1105 __hci_dev_put(hdev);
1107 hci_free_dev(hdev);
1110 #ifdef CONFIG_PM
1111 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1113 struct btusb_data *data = usb_get_intfdata(intf);
1115 BT_DBG("intf %p", intf);
1117 if (data->suspend_count++)
1118 return 0;
1120 spin_lock_irq(&data->txlock);
1121 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1122 set_bit(BTUSB_SUSPENDING, &data->flags);
1123 spin_unlock_irq(&data->txlock);
1124 } else {
1125 spin_unlock_irq(&data->txlock);
1126 data->suspend_count--;
1127 return -EBUSY;
1130 cancel_work_sync(&data->work);
1132 btusb_stop_traffic(data);
1133 usb_kill_anchored_urbs(&data->tx_anchor);
1135 return 0;
1138 static void play_deferred(struct btusb_data *data)
1140 struct urb *urb;
1141 int err;
1143 while ((urb = usb_get_from_anchor(&data->deferred))) {
1144 err = usb_submit_urb(urb, GFP_ATOMIC);
1145 if (err < 0)
1146 break;
1148 data->tx_in_flight++;
1150 usb_scuttle_anchored_urbs(&data->deferred);
1153 static int btusb_resume(struct usb_interface *intf)
1155 struct btusb_data *data = usb_get_intfdata(intf);
1156 struct hci_dev *hdev = data->hdev;
1157 int err = 0;
1159 BT_DBG("intf %p", intf);
1161 if (--data->suspend_count)
1162 return 0;
1164 if (!test_bit(HCI_RUNNING, &hdev->flags))
1165 goto done;
1167 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1168 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1169 if (err < 0) {
1170 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1171 goto failed;
1175 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1176 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1177 if (err < 0) {
1178 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1179 goto failed;
1182 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1185 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1186 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1187 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1188 else
1189 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1192 spin_lock_irq(&data->txlock);
1193 play_deferred(data);
1194 clear_bit(BTUSB_SUSPENDING, &data->flags);
1195 spin_unlock_irq(&data->txlock);
1196 schedule_work(&data->work);
1198 return 0;
1200 failed:
1201 usb_scuttle_anchored_urbs(&data->deferred);
1202 done:
1203 spin_lock_irq(&data->txlock);
1204 clear_bit(BTUSB_SUSPENDING, &data->flags);
1205 spin_unlock_irq(&data->txlock);
1207 return err;
1209 #endif
1211 static struct usb_driver btusb_driver = {
1212 .name = "btusb",
1213 .probe = btusb_probe,
1214 .disconnect = btusb_disconnect,
1215 #ifdef CONFIG_PM
1216 .suspend = btusb_suspend,
1217 .resume = btusb_resume,
1218 #endif
1219 .id_table = btusb_table,
1220 .supports_autosuspend = 1,
1223 static int __init btusb_init(void)
1225 BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1227 return usb_register(&btusb_driver);
1230 static void __exit btusb_exit(void)
1232 usb_deregister(&btusb_driver);
1235 module_init(btusb_init);
1236 module_exit(btusb_exit);
1238 module_param(ignore_dga, bool, 0644);
1239 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1241 module_param(ignore_csr, bool, 0644);
1242 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1244 module_param(ignore_sniffer, bool, 0644);
1245 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1247 module_param(disable_scofix, bool, 0644);
1248 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1250 module_param(force_scofix, bool, 0644);
1251 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1253 module_param(reset, bool, 0644);
1254 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1256 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1257 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1258 MODULE_VERSION(VERSION);
1259 MODULE_LICENSE("GPL");