search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming...
[linux/fpc-iii.git] / drivers / bluetooth / btusb.c
blob292c38e8aa1760c000cdcce9ee6d223e9f819559
1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30
31 #define VERSION "0.6"
32
33 static bool disable_scofix;
34 static bool force_scofix;
35
36 static bool reset = 1;
37
38 static struct usb_driver btusb_driver;
39
40 #define BTUSB_IGNORE 0x01
41 #define BTUSB_DIGIANSWER 0x02
42 #define BTUSB_CSR 0x04
43 #define BTUSB_SNIFFER 0x08
44 #define BTUSB_BCM92035 0x10
45 #define BTUSB_BROKEN_ISOC 0x20
46 #define BTUSB_WRONG_SCO_MTU 0x40
47 #define BTUSB_ATH3012 0x80
48 #define BTUSB_INTEL 0x100
49 #define BTUSB_INTEL_BOOT 0x200
50 #define BTUSB_BCM_PATCHRAM 0x400
51 #define BTUSB_MARVELL 0x800
52
53 static const struct usb_device_id btusb_table[] = {
54 /* Generic Bluetooth USB device */
55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
56
57 /* Apple-specific (Broadcom) devices */
58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
59
60 /* MediaTek MT76x0E */
61 { USB_DEVICE(0x0e8d, 0x763f) },
62
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x0a5c, 0x21e1) },
65
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
68
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
71
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
74
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
77
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
80
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
83
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
86
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
89
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
92
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
96
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
99
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
102
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0489, 0xe042) },
105 { USB_DEVICE(0x04ca, 0x2003) },
106 { USB_DEVICE(0x0b05, 0x17b5) },
107 { USB_DEVICE(0x0b05, 0x17cb) },
108 { USB_DEVICE(0x413c, 0x8197) },
109
110 /* Foxconn - Hon Hai */
111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
112
113 /* Broadcom devices with vendor specific id */
114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
115 .driver_info = BTUSB_BCM_PATCHRAM },
116
117 /* ASUSTek Computer - Broadcom based */
118 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) },
119
120 /* Belkin F8065bf - Broadcom based */
121 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
122
123 /* IMC Networks - Broadcom based */
124 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
125
126 /* Intel Bluetooth USB Bootloader (RAM module) */
127 { USB_DEVICE(0x8087, 0x0a5a),
128 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
129
130 { } /* Terminating entry */
131 };
132
133 MODULE_DEVICE_TABLE(usb, btusb_table);
134
135 static const struct usb_device_id blacklist_table[] = {
136 /* CSR BlueCore devices */
137 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
138
139 /* Broadcom BCM2033 without firmware */
140 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
141
142 /* Atheros 3011 with sflash firmware */
143 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
144 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
145 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
146 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
147 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
148 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
149
150 /* Atheros AR9285 Malbec with sflash firmware */
151 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
152
153 /* Atheros 3012 with sflash firmware */
154 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
177 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
178 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
179 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
180 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
181 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
182 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
183 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
184 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
185
186 /* Atheros AR5BBU12 with sflash firmware */
187 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
188
189 /* Atheros AR5BBU12 with sflash firmware */
190 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
191 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
192
193 /* Broadcom BCM2035 */
194 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
195 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
196 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
197
198 /* Broadcom BCM2045 */
199 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
200 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
201
202 /* IBM/Lenovo ThinkPad with Broadcom chip */
203 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
204 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
205
206 /* HP laptop with Broadcom chip */
207 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
208
209 /* Dell laptop with Broadcom chip */
210 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
211
212 /* Dell Wireless 370 and 410 devices */
213 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
214 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
215
216 /* Belkin F8T012 and F8T013 devices */
217 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
218 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
219
220 /* Asus WL-BTD202 device */
221 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
222
223 /* Kensington Bluetooth USB adapter */
224 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
225
226 /* RTX Telecom based adapters with buggy SCO support */
227 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
228 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
229
230 /* CONWISE Technology based adapters with buggy SCO support */
231 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
232
233 /* Digianswer devices */
234 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
235 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
236
237 /* CSR BlueCore Bluetooth Sniffer */
238 { USB_DEVICE(0x0a12, 0x0002),
239 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
240
241 /* Frontline ComProbe Bluetooth Sniffer */
242 { USB_DEVICE(0x16d3, 0x0002),
243 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
244
245 /* Intel Bluetooth device */
246 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
247 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
248
249 /* Marvell device */
250 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
251 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
252
253 { } /* Terminating entry */
254 };
255
256 #define BTUSB_MAX_ISOC_FRAMES 10
257
258 #define BTUSB_INTR_RUNNING 0
259 #define BTUSB_BULK_RUNNING 1
260 #define BTUSB_ISOC_RUNNING 2
261 #define BTUSB_SUSPENDING 3
262 #define BTUSB_DID_ISO_RESUME 4
263
264 struct btusb_data {
265 struct hci_dev *hdev;
266 struct usb_device *udev;
267 struct usb_interface *intf;
268 struct usb_interface *isoc;
269
270 spinlock_t lock;
271
272 unsigned long flags;
273
274 struct work_struct work;
275 struct work_struct waker;
276
277 struct usb_anchor tx_anchor;
278 struct usb_anchor intr_anchor;
279 struct usb_anchor bulk_anchor;
280 struct usb_anchor isoc_anchor;
281 struct usb_anchor deferred;
282 int tx_in_flight;
283 spinlock_t txlock;
284
285 struct usb_endpoint_descriptor *intr_ep;
286 struct usb_endpoint_descriptor *bulk_tx_ep;
287 struct usb_endpoint_descriptor *bulk_rx_ep;
288 struct usb_endpoint_descriptor *isoc_tx_ep;
289 struct usb_endpoint_descriptor *isoc_rx_ep;
290
291 __u8 cmdreq_type;
292
293 unsigned int sco_num;
294 int isoc_altsetting;
295 int suspend_count;
296 };
297
298 static int inc_tx(struct btusb_data *data)
299 {
300 unsigned long flags;
301 int rv;
302
303 spin_lock_irqsave(&data->txlock, flags);
304 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
305 if (!rv)
306 data->tx_in_flight++;
307 spin_unlock_irqrestore(&data->txlock, flags);
308
309 return rv;
310 }
311
312 static void btusb_intr_complete(struct urb *urb)
313 {
314 struct hci_dev *hdev = urb->context;
315 struct btusb_data *data = hci_get_drvdata(hdev);
316 int err;
317
318 BT_DBG("%s urb %p status %d count %d", hdev->name,
319 urb, urb->status, urb->actual_length);
320
321 if (!test_bit(HCI_RUNNING, &hdev->flags))
322 return;
323
324 if (urb->status == 0) {
325 hdev->stat.byte_rx += urb->actual_length;
326
327 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
328 urb->transfer_buffer,
329 urb->actual_length) < 0) {
330 BT_ERR("%s corrupted event packet", hdev->name);
331 hdev->stat.err_rx++;
332 }
333 }
334
335 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
336 return;
337
338 usb_mark_last_busy(data->udev);
339 usb_anchor_urb(urb, &data->intr_anchor);
340
341 err = usb_submit_urb(urb, GFP_ATOMIC);
342 if (err < 0) {
343 /* -EPERM: urb is being killed;
344 * -ENODEV: device got disconnected */
345 if (err != -EPERM && err != -ENODEV)
346 BT_ERR("%s urb %p failed to resubmit (%d)",
347 hdev->name, urb, -err);
348 usb_unanchor_urb(urb);
349 }
350 }
351
352 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
353 {
354 struct btusb_data *data = hci_get_drvdata(hdev);
355 struct urb *urb;
356 unsigned char *buf;
357 unsigned int pipe;
358 int err, size;
359
360 BT_DBG("%s", hdev->name);
361
362 if (!data->intr_ep)
363 return -ENODEV;
364
365 urb = usb_alloc_urb(0, mem_flags);
366 if (!urb)
367 return -ENOMEM;
368
369 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
370
371 buf = kmalloc(size, mem_flags);
372 if (!buf) {
373 usb_free_urb(urb);
374 return -ENOMEM;
375 }
376
377 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
378
379 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
380 btusb_intr_complete, hdev,
381 data->intr_ep->bInterval);
382
383 urb->transfer_flags |= URB_FREE_BUFFER;
384
385 usb_anchor_urb(urb, &data->intr_anchor);
386
387 err = usb_submit_urb(urb, mem_flags);
388 if (err < 0) {
389 if (err != -EPERM && err != -ENODEV)
390 BT_ERR("%s urb %p submission failed (%d)",
391 hdev->name, urb, -err);
392 usb_unanchor_urb(urb);
393 }
394
395 usb_free_urb(urb);
396
397 return err;
398 }
399
400 static void btusb_bulk_complete(struct urb *urb)
401 {
402 struct hci_dev *hdev = urb->context;
403 struct btusb_data *data = hci_get_drvdata(hdev);
404 int err;
405
406 BT_DBG("%s urb %p status %d count %d", hdev->name,
407 urb, urb->status, urb->actual_length);
408
409 if (!test_bit(HCI_RUNNING, &hdev->flags))
410 return;
411
412 if (urb->status == 0) {
413 hdev->stat.byte_rx += urb->actual_length;
414
415 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
416 urb->transfer_buffer,
417 urb->actual_length) < 0) {
418 BT_ERR("%s corrupted ACL packet", hdev->name);
419 hdev->stat.err_rx++;
420 }
421 }
422
423 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
424 return;
425
426 usb_anchor_urb(urb, &data->bulk_anchor);
427 usb_mark_last_busy(data->udev);
428
429 err = usb_submit_urb(urb, GFP_ATOMIC);
430 if (err < 0) {
431 /* -EPERM: urb is being killed;
432 * -ENODEV: device got disconnected */
433 if (err != -EPERM && err != -ENODEV)
434 BT_ERR("%s urb %p failed to resubmit (%d)",
435 hdev->name, urb, -err);
436 usb_unanchor_urb(urb);
437 }
438 }
439
440 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
441 {
442 struct btusb_data *data = hci_get_drvdata(hdev);
443 struct urb *urb;
444 unsigned char *buf;
445 unsigned int pipe;
446 int err, size = HCI_MAX_FRAME_SIZE;
447
448 BT_DBG("%s", hdev->name);
449
450 if (!data->bulk_rx_ep)
451 return -ENODEV;
452
453 urb = usb_alloc_urb(0, mem_flags);
454 if (!urb)
455 return -ENOMEM;
456
457 buf = kmalloc(size, mem_flags);
458 if (!buf) {
459 usb_free_urb(urb);
460 return -ENOMEM;
461 }
462
463 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
464
465 usb_fill_bulk_urb(urb, data->udev, pipe,
466 buf, size, btusb_bulk_complete, hdev);
467
468 urb->transfer_flags |= URB_FREE_BUFFER;
469
470 usb_mark_last_busy(data->udev);
471 usb_anchor_urb(urb, &data->bulk_anchor);
472
473 err = usb_submit_urb(urb, mem_flags);
474 if (err < 0) {
475 if (err != -EPERM && err != -ENODEV)
476 BT_ERR("%s urb %p submission failed (%d)",
477 hdev->name, urb, -err);
478 usb_unanchor_urb(urb);
479 }
480
481 usb_free_urb(urb);
482
483 return err;
484 }
485
486 static void btusb_isoc_complete(struct urb *urb)
487 {
488 struct hci_dev *hdev = urb->context;
489 struct btusb_data *data = hci_get_drvdata(hdev);
490 int i, err;
491
492 BT_DBG("%s urb %p status %d count %d", hdev->name,
493 urb, urb->status, urb->actual_length);
494
495 if (!test_bit(HCI_RUNNING, &hdev->flags))
496 return;
497
498 if (urb->status == 0) {
499 for (i = 0; i < urb->number_of_packets; i++) {
500 unsigned int offset = urb->iso_frame_desc[i].offset;
501 unsigned int length = urb->iso_frame_desc[i].actual_length;
502
503 if (urb->iso_frame_desc[i].status)
504 continue;
505
506 hdev->stat.byte_rx += length;
507
508 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
509 urb->transfer_buffer + offset,
510 length) < 0) {
511 BT_ERR("%s corrupted SCO packet", hdev->name);
512 hdev->stat.err_rx++;
513 }
514 }
515 }
516
517 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
518 return;
519
520 usb_anchor_urb(urb, &data->isoc_anchor);
521
522 err = usb_submit_urb(urb, GFP_ATOMIC);
523 if (err < 0) {
524 /* -EPERM: urb is being killed;
525 * -ENODEV: device got disconnected */
526 if (err != -EPERM && err != -ENODEV)
527 BT_ERR("%s urb %p failed to resubmit (%d)",
528 hdev->name, urb, -err);
529 usb_unanchor_urb(urb);
530 }
531 }
532
533 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
534 {
535 int i, offset = 0;
536
537 BT_DBG("len %d mtu %d", len, mtu);
538
539 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
540 i++, offset += mtu, len -= mtu) {
541 urb->iso_frame_desc[i].offset = offset;
542 urb->iso_frame_desc[i].length = mtu;
543 }
544
545 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
546 urb->iso_frame_desc[i].offset = offset;
547 urb->iso_frame_desc[i].length = len;
548 i++;
549 }
550
551 urb->number_of_packets = i;
552 }
553
554 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
555 {
556 struct btusb_data *data = hci_get_drvdata(hdev);
557 struct urb *urb;
558 unsigned char *buf;
559 unsigned int pipe;
560 int err, size;
561
562 BT_DBG("%s", hdev->name);
563
564 if (!data->isoc_rx_ep)
565 return -ENODEV;
566
567 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
568 if (!urb)
569 return -ENOMEM;
570
571 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
572 BTUSB_MAX_ISOC_FRAMES;
573
574 buf = kmalloc(size, mem_flags);
575 if (!buf) {
576 usb_free_urb(urb);
577 return -ENOMEM;
578 }
579
580 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
581
582 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
583 hdev, data->isoc_rx_ep->bInterval);
584
585 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
586
587 __fill_isoc_descriptor(urb, size,
588 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
589
590 usb_anchor_urb(urb, &data->isoc_anchor);
591
592 err = usb_submit_urb(urb, mem_flags);
593 if (err < 0) {
594 if (err != -EPERM && err != -ENODEV)
595 BT_ERR("%s urb %p submission failed (%d)",
596 hdev->name, urb, -err);
597 usb_unanchor_urb(urb);
598 }
599
600 usb_free_urb(urb);
601
602 return err;
603 }
604
605 static void btusb_tx_complete(struct urb *urb)
606 {
607 struct sk_buff *skb = urb->context;
608 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
609 struct btusb_data *data = hci_get_drvdata(hdev);
610
611 BT_DBG("%s urb %p status %d count %d", hdev->name,
612 urb, urb->status, urb->actual_length);
613
614 if (!test_bit(HCI_RUNNING, &hdev->flags))
615 goto done;
616
617 if (!urb->status)
618 hdev->stat.byte_tx += urb->transfer_buffer_length;
619 else
620 hdev->stat.err_tx++;
621
622 done:
623 spin_lock(&data->txlock);
624 data->tx_in_flight--;
625 spin_unlock(&data->txlock);
626
627 kfree(urb->setup_packet);
628
629 kfree_skb(skb);
630 }
631
632 static void btusb_isoc_tx_complete(struct urb *urb)
633 {
634 struct sk_buff *skb = urb->context;
635 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
636
637 BT_DBG("%s urb %p status %d count %d", hdev->name,
638 urb, urb->status, urb->actual_length);
639
640 if (!test_bit(HCI_RUNNING, &hdev->flags))
641 goto done;
642
643 if (!urb->status)
644 hdev->stat.byte_tx += urb->transfer_buffer_length;
645 else
646 hdev->stat.err_tx++;
647
648 done:
649 kfree(urb->setup_packet);
650
651 kfree_skb(skb);
652 }
653
654 static int btusb_open(struct hci_dev *hdev)
655 {
656 struct btusb_data *data = hci_get_drvdata(hdev);
657 int err;
658
659 BT_DBG("%s", hdev->name);
660
661 err = usb_autopm_get_interface(data->intf);
662 if (err < 0)
663 return err;
664
665 data->intf->needs_remote_wakeup = 1;
666
667 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
668 goto done;
669
670 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
671 goto done;
672
673 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
674 if (err < 0)
675 goto failed;
676
677 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
678 if (err < 0) {
679 usb_kill_anchored_urbs(&data->intr_anchor);
680 goto failed;
681 }
682
683 set_bit(BTUSB_BULK_RUNNING, &data->flags);
684 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
685
686 done:
687 usb_autopm_put_interface(data->intf);
688 return 0;
689
690 failed:
691 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
692 clear_bit(HCI_RUNNING, &hdev->flags);
693 usb_autopm_put_interface(data->intf);
694 return err;
695 }
696
697 static void btusb_stop_traffic(struct btusb_data *data)
698 {
699 usb_kill_anchored_urbs(&data->intr_anchor);
700 usb_kill_anchored_urbs(&data->bulk_anchor);
701 usb_kill_anchored_urbs(&data->isoc_anchor);
702 }
703
704 static int btusb_close(struct hci_dev *hdev)
705 {
706 struct btusb_data *data = hci_get_drvdata(hdev);
707 int err;
708
709 BT_DBG("%s", hdev->name);
710
711 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
712 return 0;
713
714 cancel_work_sync(&data->work);
715 cancel_work_sync(&data->waker);
716
717 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
718 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
719 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
720
721 btusb_stop_traffic(data);
722 err = usb_autopm_get_interface(data->intf);
723 if (err < 0)
724 goto failed;
725
726 data->intf->needs_remote_wakeup = 0;
727 usb_autopm_put_interface(data->intf);
728
729 failed:
730 usb_scuttle_anchored_urbs(&data->deferred);
731 return 0;
732 }
733
734 static int btusb_flush(struct hci_dev *hdev)
735 {
736 struct btusb_data *data = hci_get_drvdata(hdev);
737
738 BT_DBG("%s", hdev->name);
739
740 usb_kill_anchored_urbs(&data->tx_anchor);
741
742 return 0;
743 }
744
745 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
746 {
747 struct btusb_data *data = hci_get_drvdata(hdev);
748 struct usb_ctrlrequest *dr;
749 struct urb *urb;
750 unsigned int pipe;
751 int err;
752
753 BT_DBG("%s", hdev->name);
754
755 if (!test_bit(HCI_RUNNING, &hdev->flags))
756 return -EBUSY;
757
758 skb->dev = (void *) hdev;
759
760 switch (bt_cb(skb)->pkt_type) {
761 case HCI_COMMAND_PKT:
762 urb = usb_alloc_urb(0, GFP_ATOMIC);
763 if (!urb)
764 return -ENOMEM;
765
766 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
767 if (!dr) {
768 usb_free_urb(urb);
769 return -ENOMEM;
770 }
771
772 dr->bRequestType = data->cmdreq_type;
773 dr->bRequest = 0;
774 dr->wIndex = 0;
775 dr->wValue = 0;
776 dr->wLength = __cpu_to_le16(skb->len);
777
778 pipe = usb_sndctrlpipe(data->udev, 0x00);
779
780 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
781 skb->data, skb->len, btusb_tx_complete, skb);
782
783 hdev->stat.cmd_tx++;
784 break;
785
786 case HCI_ACLDATA_PKT:
787 if (!data->bulk_tx_ep)
788 return -ENODEV;
789
790 urb = usb_alloc_urb(0, GFP_ATOMIC);
791 if (!urb)
792 return -ENOMEM;
793
794 pipe = usb_sndbulkpipe(data->udev,
795 data->bulk_tx_ep->bEndpointAddress);
796
797 usb_fill_bulk_urb(urb, data->udev, pipe,
798 skb->data, skb->len, btusb_tx_complete, skb);
799
800 hdev->stat.acl_tx++;
801 break;
802
803 case HCI_SCODATA_PKT:
804 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
805 return -ENODEV;
806
807 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
808 if (!urb)
809 return -ENOMEM;
810
811 pipe = usb_sndisocpipe(data->udev,
812 data->isoc_tx_ep->bEndpointAddress);
813
814 usb_fill_int_urb(urb, data->udev, pipe,
815 skb->data, skb->len, btusb_isoc_tx_complete,
816 skb, data->isoc_tx_ep->bInterval);
817
818 urb->transfer_flags = URB_ISO_ASAP;
819
820 __fill_isoc_descriptor(urb, skb->len,
821 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
822
823 hdev->stat.sco_tx++;
824 goto skip_waking;
825
826 default:
827 return -EILSEQ;
828 }
829
830 err = inc_tx(data);
831 if (err) {
832 usb_anchor_urb(urb, &data->deferred);
833 schedule_work(&data->waker);
834 err = 0;
835 goto done;
836 }
837
838 skip_waking:
839 usb_anchor_urb(urb, &data->tx_anchor);
840
841 err = usb_submit_urb(urb, GFP_ATOMIC);
842 if (err < 0) {
843 if (err != -EPERM && err != -ENODEV)
844 BT_ERR("%s urb %p submission failed (%d)",
845 hdev->name, urb, -err);
846 kfree(urb->setup_packet);
847 usb_unanchor_urb(urb);
848 } else {
849 usb_mark_last_busy(data->udev);
850 }
851
852 done:
853 usb_free_urb(urb);
854 return err;
855 }
856
857 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
858 {
859 struct btusb_data *data = hci_get_drvdata(hdev);
860
861 BT_DBG("%s evt %d", hdev->name, evt);
862
863 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
864 data->sco_num = hci_conn_num(hdev, SCO_LINK);
865 schedule_work(&data->work);
866 }
867 }
868
869 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
870 {
871 struct btusb_data *data = hci_get_drvdata(hdev);
872 struct usb_interface *intf = data->isoc;
873 struct usb_endpoint_descriptor *ep_desc;
874 int i, err;
875
876 if (!data->isoc)
877 return -ENODEV;
878
879 err = usb_set_interface(data->udev, 1, altsetting);
880 if (err < 0) {
881 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
882 return err;
883 }
884
885 data->isoc_altsetting = altsetting;
886
887 data->isoc_tx_ep = NULL;
888 data->isoc_rx_ep = NULL;
889
890 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
891 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
892
893 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
894 data->isoc_tx_ep = ep_desc;
895 continue;
896 }
897
898 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
899 data->isoc_rx_ep = ep_desc;
900 continue;
901 }
902 }
903
904 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
905 BT_ERR("%s invalid SCO descriptors", hdev->name);
906 return -ENODEV;
907 }
908
909 return 0;
910 }
911
912 static void btusb_work(struct work_struct *work)
913 {
914 struct btusb_data *data = container_of(work, struct btusb_data, work);
915 struct hci_dev *hdev = data->hdev;
916 int new_alts;
917 int err;
918
919 if (data->sco_num > 0) {
920 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
921 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
922 if (err < 0) {
923 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
924 usb_kill_anchored_urbs(&data->isoc_anchor);
925 return;
926 }
927
928 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
929 }
930
931 if (hdev->voice_setting & 0x0020) {
932 static const int alts[3] = { 2, 4, 5 };
933 new_alts = alts[data->sco_num - 1];
934 } else {
935 new_alts = data->sco_num;
936 }
937
938 if (data->isoc_altsetting != new_alts) {
939 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
940 usb_kill_anchored_urbs(&data->isoc_anchor);
941
942 if (__set_isoc_interface(hdev, new_alts) < 0)
943 return;
944 }
945
946 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
947 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
948 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
949 else
950 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
951 }
952 } else {
953 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
954 usb_kill_anchored_urbs(&data->isoc_anchor);
955
956 __set_isoc_interface(hdev, 0);
957 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
958 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
959 }
960 }
961
962 static void btusb_waker(struct work_struct *work)
963 {
964 struct btusb_data *data = container_of(work, struct btusb_data, waker);
965 int err;
966
967 err = usb_autopm_get_interface(data->intf);
968 if (err < 0)
969 return;
970
971 usb_autopm_put_interface(data->intf);
972 }
973
974 static int btusb_setup_bcm92035(struct hci_dev *hdev)
975 {
976 struct sk_buff *skb;
977 u8 val = 0x00;
978
979 BT_DBG("%s", hdev->name);
980
981 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
982 if (IS_ERR(skb))
983 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
984 else
985 kfree_skb(skb);
986
987 return 0;
988 }
989
990 static int btusb_setup_csr(struct hci_dev *hdev)
991 {
992 struct hci_rp_read_local_version *rp;
993 struct sk_buff *skb;
994 int ret;
995
996 BT_DBG("%s", hdev->name);
997
998 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
999 HCI_INIT_TIMEOUT);
1000 if (IS_ERR(skb)) {
1001 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
1002 return -PTR_ERR(skb);
1003 }
1004
1005 rp = (struct hci_rp_read_local_version *) skb->data;
1006
1007 if (!rp->status) {
1008 if (le16_to_cpu(rp->manufacturer) != 10) {
1009 /* Clear the reset quirk since this is not an actual
1010 * early Bluetooth 1.1 device from CSR.
1011 */
1012 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1013
1014 /* These fake CSR controllers have all a broken
1015 * stored link key handling and so just disable it.
1016 */
1017 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1018 &hdev->quirks);
1019 }
1020 }
1021
1022 ret = -bt_to_errno(rp->status);
1023
1024 kfree_skb(skb);
1025
1026 return ret;
1027 }
1028
1029 struct intel_version {
1030 u8 status;
1031 u8 hw_platform;
1032 u8 hw_variant;
1033 u8 hw_revision;
1034 u8 fw_variant;
1035 u8 fw_revision;
1036 u8 fw_build_num;
1037 u8 fw_build_ww;
1038 u8 fw_build_yy;
1039 u8 fw_patch_num;
1040 } __packed;
1041
1042 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1043 struct intel_version *ver)
1044 {
1045 const struct firmware *fw;
1046 char fwname[64];
1047 int ret;
1048
1049 snprintf(fwname, sizeof(fwname),
1050 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1051 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1052 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1053 ver->fw_build_ww, ver->fw_build_yy);
1054
1055 ret = request_firmware(&fw, fwname, &hdev->dev);
1056 if (ret < 0) {
1057 if (ret == -EINVAL) {
1058 BT_ERR("%s Intel firmware file request failed (%d)",
1059 hdev->name, ret);
1060 return NULL;
1061 }
1062
1063 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1064 hdev->name, fwname, ret);
1065
1066 /* If the correct firmware patch file is not found, use the
1067 * default firmware patch file instead
1068 */
1069 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1070 ver->hw_platform, ver->hw_variant);
1071 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1072 BT_ERR("%s failed to open default Intel fw file: %s",
1073 hdev->name, fwname);
1074 return NULL;
1075 }
1076 }
1077
1078 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1079
1080 return fw;
1081 }
1082
1083 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1084 const struct firmware *fw,
1085 const u8 **fw_ptr, int *disable_patch)
1086 {
1087 struct sk_buff *skb;
1088 struct hci_command_hdr *cmd;
1089 const u8 *cmd_param;
1090 struct hci_event_hdr *evt = NULL;
1091 const u8 *evt_param = NULL;
1092 int remain = fw->size - (*fw_ptr - fw->data);
1093
1094 /* The first byte indicates the types of the patch command or event.
1095 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1096 * in the current firmware buffer doesn't start with 0x01 or
1097 * the size of remain buffer is smaller than HCI command header,
1098 * the firmware file is corrupted and it should stop the patching
1099 * process.
1100 */
1101 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1102 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1103 return -EINVAL;
1104 }
1105 (*fw_ptr)++;
1106 remain--;
1107
1108 cmd = (struct hci_command_hdr *)(*fw_ptr);
1109 *fw_ptr += sizeof(*cmd);
1110 remain -= sizeof(*cmd);
1111
1112 /* Ensure that the remain firmware data is long enough than the length
1113 * of command parameter. If not, the firmware file is corrupted.
1114 */
1115 if (remain < cmd->plen) {
1116 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1117 return -EFAULT;
1118 }
1119
1120 /* If there is a command that loads a patch in the firmware
1121 * file, then enable the patch upon success, otherwise just
1122 * disable the manufacturer mode, for example patch activation
1123 * is not required when the default firmware patch file is used
1124 * because there are no patch data to load.
1125 */
1126 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1127 *disable_patch = 0;
1128
1129 cmd_param = *fw_ptr;
1130 *fw_ptr += cmd->plen;
1131 remain -= cmd->plen;
1132
1133 /* This reads the expected events when the above command is sent to the
1134 * device. Some vendor commands expects more than one events, for
1135 * example command status event followed by vendor specific event.
1136 * For this case, it only keeps the last expected event. so the command
1137 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1138 * last expected event.
1139 */
1140 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1141 (*fw_ptr)++;
1142 remain--;
1143
1144 evt = (struct hci_event_hdr *)(*fw_ptr);
1145 *fw_ptr += sizeof(*evt);
1146 remain -= sizeof(*evt);
1147
1148 if (remain < evt->plen) {
1149 BT_ERR("%s Intel fw corrupted: invalid evt len",
1150 hdev->name);
1151 return -EFAULT;
1152 }
1153
1154 evt_param = *fw_ptr;
1155 *fw_ptr += evt->plen;
1156 remain -= evt->plen;
1157 }
1158
1159 /* Every HCI commands in the firmware file has its correspond event.
1160 * If event is not found or remain is smaller than zero, the firmware
1161 * file is corrupted.
1162 */
1163 if (!evt || !evt_param || remain < 0) {
1164 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1165 return -EFAULT;
1166 }
1167
1168 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1169 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1170 if (IS_ERR(skb)) {
1171 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1172 hdev->name, cmd->opcode, PTR_ERR(skb));
1173 return PTR_ERR(skb);
1174 }
1175
1176 /* It ensures that the returned event matches the event data read from
1177 * the firmware file. At fist, it checks the length and then
1178 * the contents of the event.
1179 */
1180 if (skb->len != evt->plen) {
1181 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1182 le16_to_cpu(cmd->opcode));
1183 kfree_skb(skb);
1184 return -EFAULT;
1185 }
1186
1187 if (memcmp(skb->data, evt_param, evt->plen)) {
1188 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1189 hdev->name, le16_to_cpu(cmd->opcode));
1190 kfree_skb(skb);
1191 return -EFAULT;
1192 }
1193 kfree_skb(skb);
1194
1195 return 0;
1196 }
1197
1198 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
1199
1200 static int btusb_check_bdaddr_intel(struct hci_dev *hdev)
1201 {
1202 struct sk_buff *skb;
1203 struct hci_rp_read_bd_addr *rp;
1204
1205 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1206 HCI_INIT_TIMEOUT);
1207 if (IS_ERR(skb)) {
1208 BT_ERR("%s reading Intel device address failed (%ld)",
1209 hdev->name, PTR_ERR(skb));
1210 return PTR_ERR(skb);
1211 }
1212
1213 if (skb->len != sizeof(*rp)) {
1214 BT_ERR("%s Intel device address length mismatch", hdev->name);
1215 kfree_skb(skb);
1216 return -EIO;
1217 }
1218
1219 rp = (struct hci_rp_read_bd_addr *) skb->data;
1220 if (rp->status) {
1221 BT_ERR("%s Intel device address result failed (%02x)",
1222 hdev->name, rp->status);
1223 kfree_skb(skb);
1224 return -bt_to_errno(rp->status);
1225 }
1226
1227 /* For some Intel based controllers, the default Bluetooth device
1228 * address 00:03:19:9E:8B:00 can be found. These controllers are
1229 * fully operational, but have the danger of duplicate addresses
1230 * and that in turn can cause problems with Bluetooth operation.
1231 */
1232 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) {
1233 BT_ERR("%s found Intel default device address (%pMR)",
1234 hdev->name, &rp->bdaddr);
1235 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1236 }
1237
1238 kfree_skb(skb);
1239
1240 return 0;
1241 }
1242
1243 static int btusb_setup_intel(struct hci_dev *hdev)
1244 {
1245 struct sk_buff *skb;
1246 const struct firmware *fw;
1247 const u8 *fw_ptr;
1248 int disable_patch;
1249 struct intel_version *ver;
1250
1251 const u8 mfg_enable[] = { 0x01, 0x00 };
1252 const u8 mfg_disable[] = { 0x00, 0x00 };
1253 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1254 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1255
1256 BT_DBG("%s", hdev->name);
1257
1258 /* The controller has a bug with the first HCI command sent to it
1259 * returning number of completed commands as zero. This would stall the
1260 * command processing in the Bluetooth core.
1261 *
1262 * As a workaround, send HCI Reset command first which will reset the
1263 * number of completed commands and allow normal command processing
1264 * from now on.
1265 */
1266 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1267 if (IS_ERR(skb)) {
1268 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1269 hdev->name, PTR_ERR(skb));
1270 return PTR_ERR(skb);
1271 }
1272 kfree_skb(skb);
1273
1274 /* Read Intel specific controller version first to allow selection of
1275 * which firmware file to load.
1276 *
1277 * The returned information are hardware variant and revision plus
1278 * firmware variant, revision and build number.
1279 */
1280 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1281 if (IS_ERR(skb)) {
1282 BT_ERR("%s reading Intel fw version command failed (%ld)",
1283 hdev->name, PTR_ERR(skb));
1284 return PTR_ERR(skb);
1285 }
1286
1287 if (skb->len != sizeof(*ver)) {
1288 BT_ERR("%s Intel version event length mismatch", hdev->name);
1289 kfree_skb(skb);
1290 return -EIO;
1291 }
1292
1293 ver = (struct intel_version *)skb->data;
1294 if (ver->status) {
1295 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1296 ver->status);
1297 kfree_skb(skb);
1298 return -bt_to_errno(ver->status);
1299 }
1300
1301 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1302 hdev->name, ver->hw_platform, ver->hw_variant,
1303 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1304 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1305 ver->fw_patch_num);
1306
1307 /* fw_patch_num indicates the version of patch the device currently
1308 * have. If there is no patch data in the device, it is always 0x00.
1309 * So, if it is other than 0x00, no need to patch the deivce again.
1310 */
1311 if (ver->fw_patch_num) {
1312 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1313 hdev->name, ver->fw_patch_num);
1314 kfree_skb(skb);
1315 btusb_check_bdaddr_intel(hdev);
1316 return 0;
1317 }
1318
1319 /* Opens the firmware patch file based on the firmware version read
1320 * from the controller. If it fails to open the matching firmware
1321 * patch file, it tries to open the default firmware patch file.
1322 * If no patch file is found, allow the device to operate without
1323 * a patch.
1324 */
1325 fw = btusb_setup_intel_get_fw(hdev, ver);
1326 if (!fw) {
1327 kfree_skb(skb);
1328 btusb_check_bdaddr_intel(hdev);
1329 return 0;
1330 }
1331 fw_ptr = fw->data;
1332
1333 /* This Intel specific command enables the manufacturer mode of the
1334 * controller.
1335 *
1336 * Only while this mode is enabled, the driver can download the
1337 * firmware patch data and configuration parameters.
1338 */
1339 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1340 if (IS_ERR(skb)) {
1341 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1342 hdev->name, PTR_ERR(skb));
1343 release_firmware(fw);
1344 return PTR_ERR(skb);
1345 }
1346
1347 if (skb->data[0]) {
1348 u8 evt_status = skb->data[0];
1349 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1350 hdev->name, evt_status);
1351 kfree_skb(skb);
1352 release_firmware(fw);
1353 return -bt_to_errno(evt_status);
1354 }
1355 kfree_skb(skb);
1356
1357 disable_patch = 1;
1358
1359 /* The firmware data file consists of list of Intel specific HCI
1360 * commands and its expected events. The first byte indicates the
1361 * type of the message, either HCI command or HCI event.
1362 *
1363 * It reads the command and its expected event from the firmware file,
1364 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1365 * the returned event is compared with the event read from the firmware
1366 * file and it will continue until all the messages are downloaded to
1367 * the controller.
1368 *
1369 * Once the firmware patching is completed successfully,
1370 * the manufacturer mode is disabled with reset and activating the
1371 * downloaded patch.
1372 *
1373 * If the firmware patching fails, the manufacturer mode is
1374 * disabled with reset and deactivating the patch.
1375 *
1376 * If the default patch file is used, no reset is done when disabling
1377 * the manufacturer.
1378 */
1379 while (fw->size > fw_ptr - fw->data) {
1380 int ret;
1381
1382 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1383 &disable_patch);
1384 if (ret < 0)
1385 goto exit_mfg_deactivate;
1386 }
1387
1388 release_firmware(fw);
1389
1390 if (disable_patch)
1391 goto exit_mfg_disable;
1392
1393 /* Patching completed successfully and disable the manufacturer mode
1394 * with reset and activate the downloaded firmware patches.
1395 */
1396 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1397 mfg_reset_activate, HCI_INIT_TIMEOUT);
1398 if (IS_ERR(skb)) {
1399 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1400 hdev->name, PTR_ERR(skb));
1401 return PTR_ERR(skb);
1402 }
1403 kfree_skb(skb);
1404
1405 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1406 hdev->name);
1407
1408 btusb_check_bdaddr_intel(hdev);
1409 return 0;
1410
1411 exit_mfg_disable:
1412 /* Disable the manufacturer mode without reset */
1413 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1414 HCI_INIT_TIMEOUT);
1415 if (IS_ERR(skb)) {
1416 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1417 hdev->name, PTR_ERR(skb));
1418 return PTR_ERR(skb);
1419 }
1420 kfree_skb(skb);
1421
1422 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1423
1424 btusb_check_bdaddr_intel(hdev);
1425 return 0;
1426
1427 exit_mfg_deactivate:
1428 release_firmware(fw);
1429
1430 /* Patching failed. Disable the manufacturer mode with reset and
1431 * deactivate the downloaded firmware patches.
1432 */
1433 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1434 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1435 if (IS_ERR(skb)) {
1436 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1437 hdev->name, PTR_ERR(skb));
1438 return PTR_ERR(skb);
1439 }
1440 kfree_skb(skb);
1441
1442 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1443 hdev->name);
1444
1445 btusb_check_bdaddr_intel(hdev);
1446 return 0;
1447 }
1448
1449 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1450 {
1451 struct sk_buff *skb;
1452 long ret;
1453
1454 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
1455 if (IS_ERR(skb)) {
1456 ret = PTR_ERR(skb);
1457 BT_ERR("%s: changing Intel device address failed (%ld)",
1458 hdev->name, ret);
1459 return ret;
1460 }
1461 kfree_skb(skb);
1462
1463 return 0;
1464 }
1465
1466 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
1467 const bdaddr_t *bdaddr)
1468 {
1469 struct sk_buff *skb;
1470 u8 buf[8];
1471 long ret;
1472
1473 buf[0] = 0xfe;
1474 buf[1] = sizeof(bdaddr_t);
1475 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
1476
1477 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
1478 if (IS_ERR(skb)) {
1479 ret = PTR_ERR(skb);
1480 BT_ERR("%s: changing Marvell device address failed (%ld)",
1481 hdev->name, ret);
1482 return ret;
1483 }
1484 kfree_skb(skb);
1485
1486 return 0;
1487 }
1488
1489 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
1490
1491 static int btusb_setup_bcm_patchram(struct hci_dev *hdev)
1492 {
1493 struct btusb_data *data = hci_get_drvdata(hdev);
1494 struct usb_device *udev = data->udev;
1495 char fw_name[64];
1496 const struct firmware *fw;
1497 const u8 *fw_ptr;
1498 size_t fw_size;
1499 const struct hci_command_hdr *cmd;
1500 const u8 *cmd_param;
1501 u16 opcode;
1502 struct sk_buff *skb;
1503 struct hci_rp_read_local_version *ver;
1504 struct hci_rp_read_bd_addr *bda;
1505 long ret;
1506
1507 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd",
1508 udev->product ? udev->product : "BCM",
1509 le16_to_cpu(udev->descriptor.idVendor),
1510 le16_to_cpu(udev->descriptor.idProduct));
1511
1512 ret = request_firmware(&fw, fw_name, &hdev->dev);
1513 if (ret < 0) {
1514 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name);
1515 return 0;
1516 }
1517
1518 /* Reset */
1519 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1520 if (IS_ERR(skb)) {
1521 ret = PTR_ERR(skb);
1522 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1523 goto done;
1524 }
1525 kfree_skb(skb);
1526
1527 /* Read Local Version Info */
1528 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1529 HCI_INIT_TIMEOUT);
1530 if (IS_ERR(skb)) {
1531 ret = PTR_ERR(skb);
1532 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1533 hdev->name, ret);
1534 goto done;
1535 }
1536
1537 if (skb->len != sizeof(*ver)) {
1538 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1539 hdev->name);
1540 kfree_skb(skb);
1541 ret = -EIO;
1542 goto done;
1543 }
1544
1545 ver = (struct hci_rp_read_local_version *) skb->data;
1546 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1547 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1548 ver->lmp_ver, ver->lmp_subver);
1549 kfree_skb(skb);
1550
1551 /* Start Download */
1552 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
1553 if (IS_ERR(skb)) {
1554 ret = PTR_ERR(skb);
1555 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)",
1556 hdev->name, ret);
1557 goto reset_fw;
1558 }
1559 kfree_skb(skb);
1560
1561 /* 50 msec delay after Download Minidrv completes */
1562 msleep(50);
1563
1564 fw_ptr = fw->data;
1565 fw_size = fw->size;
1566
1567 while (fw_size >= sizeof(*cmd)) {
1568 cmd = (struct hci_command_hdr *) fw_ptr;
1569 fw_ptr += sizeof(*cmd);
1570 fw_size -= sizeof(*cmd);
1571
1572 if (fw_size < cmd->plen) {
1573 BT_ERR("%s: BCM: patch %s is corrupted",
1574 hdev->name, fw_name);
1575 ret = -EINVAL;
1576 goto reset_fw;
1577 }
1578
1579 cmd_param = fw_ptr;
1580 fw_ptr += cmd->plen;
1581 fw_size -= cmd->plen;
1582
1583 opcode = le16_to_cpu(cmd->opcode);
1584
1585 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
1586 HCI_INIT_TIMEOUT);
1587 if (IS_ERR(skb)) {
1588 ret = PTR_ERR(skb);
1589 BT_ERR("%s: BCM: patch command %04x failed (%ld)",
1590 hdev->name, opcode, ret);
1591 goto reset_fw;
1592 }
1593 kfree_skb(skb);
1594 }
1595
1596 /* 250 msec delay after Launch Ram completes */
1597 msleep(250);
1598
1599 reset_fw:
1600 /* Reset */
1601 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1602 if (IS_ERR(skb)) {
1603 ret = PTR_ERR(skb);
1604 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1605 goto done;
1606 }
1607 kfree_skb(skb);
1608
1609 /* Read Local Version Info */
1610 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1611 HCI_INIT_TIMEOUT);
1612 if (IS_ERR(skb)) {
1613 ret = PTR_ERR(skb);
1614 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1615 hdev->name, ret);
1616 goto done;
1617 }
1618
1619 if (skb->len != sizeof(*ver)) {
1620 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1621 hdev->name);
1622 kfree_skb(skb);
1623 ret = -EIO;
1624 goto done;
1625 }
1626
1627 ver = (struct hci_rp_read_local_version *) skb->data;
1628 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1629 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1630 ver->lmp_ver, ver->lmp_subver);
1631 kfree_skb(skb);
1632
1633 /* Read BD Address */
1634 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1635 HCI_INIT_TIMEOUT);
1636 if (IS_ERR(skb)) {
1637 ret = PTR_ERR(skb);
1638 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)",
1639 hdev->name, ret);
1640 goto done;
1641 }
1642
1643 if (skb->len != sizeof(*bda)) {
1644 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch",
1645 hdev->name);
1646 kfree_skb(skb);
1647 ret = -EIO;
1648 goto done;
1649 }
1650
1651 bda = (struct hci_rp_read_bd_addr *) skb->data;
1652 if (bda->status) {
1653 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)",
1654 hdev->name, bda->status);
1655 kfree_skb(skb);
1656 ret = -bt_to_errno(bda->status);
1657 goto done;
1658 }
1659
1660 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller
1661 * with no configured address.
1662 */
1663 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) {
1664 BT_INFO("%s: BCM: using default device address (%pMR)",
1665 hdev->name, &bda->bdaddr);
1666 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1667 }
1668
1669 kfree_skb(skb);
1670
1671 done:
1672 release_firmware(fw);
1673
1674 return ret;
1675 }
1676
1677 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1678 {
1679 struct sk_buff *skb;
1680 long ret;
1681
1682 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
1683 if (IS_ERR(skb)) {
1684 ret = PTR_ERR(skb);
1685 BT_ERR("%s: BCM: Change address command failed (%ld)",
1686 hdev->name, ret);
1687 return ret;
1688 }
1689 kfree_skb(skb);
1690
1691 return 0;
1692 }
1693
1694 static int btusb_probe(struct usb_interface *intf,
1695 const struct usb_device_id *id)
1696 {
1697 struct usb_endpoint_descriptor *ep_desc;
1698 struct btusb_data *data;
1699 struct hci_dev *hdev;
1700 int i, err;
1701
1702 BT_DBG("intf %p id %p", intf, id);
1703
1704 /* interface numbers are hardcoded in the spec */
1705 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1706 return -ENODEV;
1707
1708 if (!id->driver_info) {
1709 const struct usb_device_id *match;
1710 match = usb_match_id(intf, blacklist_table);
1711 if (match)
1712 id = match;
1713 }
1714
1715 if (id->driver_info == BTUSB_IGNORE)
1716 return -ENODEV;
1717
1718 if (id->driver_info & BTUSB_ATH3012) {
1719 struct usb_device *udev = interface_to_usbdev(intf);
1720
1721 /* Old firmware would otherwise let ath3k driver load
1722 * patch and sysconfig files */
1723 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1724 return -ENODEV;
1725 }
1726
1727 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1728 if (!data)
1729 return -ENOMEM;
1730
1731 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1732 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1733
1734 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1735 data->intr_ep = ep_desc;
1736 continue;
1737 }
1738
1739 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1740 data->bulk_tx_ep = ep_desc;
1741 continue;
1742 }
1743
1744 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1745 data->bulk_rx_ep = ep_desc;
1746 continue;
1747 }
1748 }
1749
1750 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1751 return -ENODEV;
1752
1753 data->cmdreq_type = USB_TYPE_CLASS;
1754
1755 data->udev = interface_to_usbdev(intf);
1756 data->intf = intf;
1757
1758 spin_lock_init(&data->lock);
1759
1760 INIT_WORK(&data->work, btusb_work);
1761 INIT_WORK(&data->waker, btusb_waker);
1762 spin_lock_init(&data->txlock);
1763
1764 init_usb_anchor(&data->tx_anchor);
1765 init_usb_anchor(&data->intr_anchor);
1766 init_usb_anchor(&data->bulk_anchor);
1767 init_usb_anchor(&data->isoc_anchor);
1768 init_usb_anchor(&data->deferred);
1769
1770 hdev = hci_alloc_dev();
1771 if (!hdev)
1772 return -ENOMEM;
1773
1774 hdev->bus = HCI_USB;
1775 hci_set_drvdata(hdev, data);
1776
1777 data->hdev = hdev;
1778
1779 SET_HCIDEV_DEV(hdev, &intf->dev);
1780
1781 hdev->open = btusb_open;
1782 hdev->close = btusb_close;
1783 hdev->flush = btusb_flush;
1784 hdev->send = btusb_send_frame;
1785 hdev->notify = btusb_notify;
1786
1787 if (id->driver_info & BTUSB_BCM92035)
1788 hdev->setup = btusb_setup_bcm92035;
1789
1790 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
1791 hdev->setup = btusb_setup_bcm_patchram;
1792 hdev->set_bdaddr = btusb_set_bdaddr_bcm;
1793 }
1794
1795 if (id->driver_info & BTUSB_INTEL) {
1796 hdev->setup = btusb_setup_intel;
1797 hdev->set_bdaddr = btusb_set_bdaddr_intel;
1798 }
1799
1800 if (id->driver_info & BTUSB_MARVELL)
1801 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
1802
1803 if (id->driver_info & BTUSB_INTEL_BOOT)
1804 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1805
1806 /* Interface numbers are hardcoded in the specification */
1807 data->isoc = usb_ifnum_to_if(data->udev, 1);
1808
1809 if (!reset)
1810 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1811
1812 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1813 if (!disable_scofix)
1814 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1815 }
1816
1817 if (id->driver_info & BTUSB_BROKEN_ISOC)
1818 data->isoc = NULL;
1819
1820 if (id->driver_info & BTUSB_DIGIANSWER) {
1821 data->cmdreq_type = USB_TYPE_VENDOR;
1822 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1823 }
1824
1825 if (id->driver_info & BTUSB_CSR) {
1826 struct usb_device *udev = data->udev;
1827 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1828
1829 /* Old firmware would otherwise execute USB reset */
1830 if (bcdDevice < 0x117)
1831 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1832
1833 /* Fake CSR devices with broken commands */
1834 if (bcdDevice <= 0x100)
1835 hdev->setup = btusb_setup_csr;
1836 }
1837
1838 if (id->driver_info & BTUSB_SNIFFER) {
1839 struct usb_device *udev = data->udev;
1840
1841 /* New sniffer firmware has crippled HCI interface */
1842 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1843 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1844 }
1845
1846 if (id->driver_info & BTUSB_INTEL_BOOT) {
1847 /* A bug in the bootloader causes that interrupt interface is
1848 * only enabled after receiving SetInterface(0, AltSetting=0).
1849 */
1850 err = usb_set_interface(data->udev, 0, 0);
1851 if (err < 0) {
1852 BT_ERR("failed to set interface 0, alt 0 %d", err);
1853 hci_free_dev(hdev);
1854 return err;
1855 }
1856 }
1857
1858 if (data->isoc) {
1859 err = usb_driver_claim_interface(&btusb_driver,
1860 data->isoc, data);
1861 if (err < 0) {
1862 hci_free_dev(hdev);
1863 return err;
1864 }
1865 }
1866
1867 err = hci_register_dev(hdev);
1868 if (err < 0) {
1869 hci_free_dev(hdev);
1870 return err;
1871 }
1872
1873 usb_set_intfdata(intf, data);
1874
1875 return 0;
1876 }
1877
1878 static void btusb_disconnect(struct usb_interface *intf)
1879 {
1880 struct btusb_data *data = usb_get_intfdata(intf);
1881 struct hci_dev *hdev;
1882
1883 BT_DBG("intf %p", intf);
1884
1885 if (!data)
1886 return;
1887
1888 hdev = data->hdev;
1889 usb_set_intfdata(data->intf, NULL);
1890
1891 if (data->isoc)
1892 usb_set_intfdata(data->isoc, NULL);
1893
1894 hci_unregister_dev(hdev);
1895
1896 if (intf == data->isoc)
1897 usb_driver_release_interface(&btusb_driver, data->intf);
1898 else if (data->isoc)
1899 usb_driver_release_interface(&btusb_driver, data->isoc);
1900
1901 hci_free_dev(hdev);
1902 }
1903
1904 #ifdef CONFIG_PM
1905 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1906 {
1907 struct btusb_data *data = usb_get_intfdata(intf);
1908
1909 BT_DBG("intf %p", intf);
1910
1911 if (data->suspend_count++)
1912 return 0;
1913
1914 spin_lock_irq(&data->txlock);
1915 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1916 set_bit(BTUSB_SUSPENDING, &data->flags);
1917 spin_unlock_irq(&data->txlock);
1918 } else {
1919 spin_unlock_irq(&data->txlock);
1920 data->suspend_count--;
1921 return -EBUSY;
1922 }
1923
1924 cancel_work_sync(&data->work);
1925
1926 btusb_stop_traffic(data);
1927 usb_kill_anchored_urbs(&data->tx_anchor);
1928
1929 return 0;
1930 }
1931
1932 static void play_deferred(struct btusb_data *data)
1933 {
1934 struct urb *urb;
1935 int err;
1936
1937 while ((urb = usb_get_from_anchor(&data->deferred))) {
1938 err = usb_submit_urb(urb, GFP_ATOMIC);
1939 if (err < 0)
1940 break;
1941
1942 data->tx_in_flight++;
1943 }
1944 usb_scuttle_anchored_urbs(&data->deferred);
1945 }
1946
1947 static int btusb_resume(struct usb_interface *intf)
1948 {
1949 struct btusb_data *data = usb_get_intfdata(intf);
1950 struct hci_dev *hdev = data->hdev;
1951 int err = 0;
1952
1953 BT_DBG("intf %p", intf);
1954
1955 if (--data->suspend_count)
1956 return 0;
1957
1958 if (!test_bit(HCI_RUNNING, &hdev->flags))
1959 goto done;
1960
1961 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1962 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1963 if (err < 0) {
1964 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1965 goto failed;
1966 }
1967 }
1968
1969 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1970 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1971 if (err < 0) {
1972 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1973 goto failed;
1974 }
1975
1976 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1977 }
1978
1979 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1980 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1981 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1982 else
1983 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1984 }
1985
1986 spin_lock_irq(&data->txlock);
1987 play_deferred(data);
1988 clear_bit(BTUSB_SUSPENDING, &data->flags);
1989 spin_unlock_irq(&data->txlock);
1990 schedule_work(&data->work);
1991
1992 return 0;
1993
1994 failed:
1995 usb_scuttle_anchored_urbs(&data->deferred);
1996 done:
1997 spin_lock_irq(&data->txlock);
1998 clear_bit(BTUSB_SUSPENDING, &data->flags);
1999 spin_unlock_irq(&data->txlock);
2000
2001 return err;
2002 }
2003 #endif
2004
2005 static struct usb_driver btusb_driver = {
2006 .name = "btusb",
2007 .probe = btusb_probe,
2008 .disconnect = btusb_disconnect,
2009 #ifdef CONFIG_PM
2010 .suspend = btusb_suspend,
2011 .resume = btusb_resume,
2012 #endif
2013 .id_table = btusb_table,
2014 .supports_autosuspend = 1,
2015 .disable_hub_initiated_lpm = 1,
2016 };
2017
2018 module_usb_driver(btusb_driver);
2019
2020 module_param(disable_scofix, bool, 0644);
2021 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
2022
2023 module_param(force_scofix, bool, 0644);
2024 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
2025
2026 module_param(reset, bool, 0644);
2027 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
2028
2029 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2030 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
2031 MODULE_VERSION(VERSION);
2032 MODULE_LICENSE("GPL");
Linux with added FPC-III support