search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
treewide: remove redundant IS_ERR() before error code check
[linux/fpc-iii.git] / drivers / bluetooth / bfusb.c
blob0e5954cac98e0c69fca26e450e972f8424cfe548
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * AVM BlueFRITZ! USB driver
5 *
6 * Copyright (C) 2003-2006 Marcel Holtmann <marcel@holtmann.org>
7 */
8
9 #include <linux/module.h>
10
11 #include <linux/kernel.h>
12 #include <linux/init.h>
13 #include <linux/slab.h>
14 #include <linux/types.h>
15 #include <linux/errno.h>
16 #include <linux/skbuff.h>
17
18 #include <linux/device.h>
19 #include <linux/firmware.h>
20
21 #include <linux/usb.h>
22
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
25
26 #define VERSION "1.2"
27
28 static struct usb_driver bfusb_driver;
29
30 static const struct usb_device_id bfusb_table[] = {
31 /* AVM BlueFRITZ! USB */
32 { USB_DEVICE(0x057c, 0x2200) },
33
34 { } /* Terminating entry */
35 };
36
37 MODULE_DEVICE_TABLE(usb, bfusb_table);
38
39 #define BFUSB_MAX_BLOCK_SIZE 256
40
41 #define BFUSB_BLOCK_TIMEOUT 3000
42
43 #define BFUSB_TX_PROCESS 1
44 #define BFUSB_TX_WAKEUP 2
45
46 #define BFUSB_MAX_BULK_TX 2
47 #define BFUSB_MAX_BULK_RX 2
48
49 struct bfusb_data {
50 struct hci_dev *hdev;
51
52 unsigned long state;
53
54 struct usb_device *udev;
55
56 unsigned int bulk_in_ep;
57 unsigned int bulk_out_ep;
58 unsigned int bulk_pkt_size;
59
60 rwlock_t lock;
61
62 struct sk_buff_head transmit_q;
63
64 struct sk_buff *reassembly;
65
66 atomic_t pending_tx;
67 struct sk_buff_head pending_q;
68 struct sk_buff_head completed_q;
69 };
70
71 struct bfusb_data_scb {
72 struct urb *urb;
73 };
74
75 static void bfusb_tx_complete(struct urb *urb);
76 static void bfusb_rx_complete(struct urb *urb);
77
78 static struct urb *bfusb_get_completed(struct bfusb_data *data)
79 {
80 struct sk_buff *skb;
81 struct urb *urb = NULL;
82
83 BT_DBG("bfusb %p", data);
84
85 skb = skb_dequeue(&data->completed_q);
86 if (skb) {
87 urb = ((struct bfusb_data_scb *) skb->cb)->urb;
88 kfree_skb(skb);
89 }
90
91 return urb;
92 }
93
94 static void bfusb_unlink_urbs(struct bfusb_data *data)
95 {
96 struct sk_buff *skb;
97 struct urb *urb;
98
99 BT_DBG("bfusb %p", data);
100
101 while ((skb = skb_dequeue(&data->pending_q))) {
102 urb = ((struct bfusb_data_scb *) skb->cb)->urb;
103 usb_kill_urb(urb);
104 skb_queue_tail(&data->completed_q, skb);
105 }
106
107 while ((urb = bfusb_get_completed(data)))
108 usb_free_urb(urb);
109 }
110
111 static int bfusb_send_bulk(struct bfusb_data *data, struct sk_buff *skb)
112 {
113 struct bfusb_data_scb *scb = (void *) skb->cb;
114 struct urb *urb = bfusb_get_completed(data);
115 int err, pipe;
116
117 BT_DBG("bfusb %p skb %p len %d", data, skb, skb->len);
118
119 if (!urb) {
120 urb = usb_alloc_urb(0, GFP_ATOMIC);
121 if (!urb)
122 return -ENOMEM;
123 }
124
125 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep);
126
127 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, skb->len,
128 bfusb_tx_complete, skb);
129
130 scb->urb = urb;
131
132 skb_queue_tail(&data->pending_q, skb);
133
134 err = usb_submit_urb(urb, GFP_ATOMIC);
135 if (err) {
136 BT_ERR("%s bulk tx submit failed urb %p err %d",
137 data->hdev->name, urb, err);
138 skb_unlink(skb, &data->pending_q);
139 usb_free_urb(urb);
140 } else
141 atomic_inc(&data->pending_tx);
142
143 return err;
144 }
145
146 static void bfusb_tx_wakeup(struct bfusb_data *data)
147 {
148 struct sk_buff *skb;
149
150 BT_DBG("bfusb %p", data);
151
152 if (test_and_set_bit(BFUSB_TX_PROCESS, &data->state)) {
153 set_bit(BFUSB_TX_WAKEUP, &data->state);
154 return;
155 }
156
157 do {
158 clear_bit(BFUSB_TX_WAKEUP, &data->state);
159
160 while ((atomic_read(&data->pending_tx) < BFUSB_MAX_BULK_TX) &&
161 (skb = skb_dequeue(&data->transmit_q))) {
162 if (bfusb_send_bulk(data, skb) < 0) {
163 skb_queue_head(&data->transmit_q, skb);
164 break;
165 }
166 }
167
168 } while (test_bit(BFUSB_TX_WAKEUP, &data->state));
169
170 clear_bit(BFUSB_TX_PROCESS, &data->state);
171 }
172
173 static void bfusb_tx_complete(struct urb *urb)
174 {
175 struct sk_buff *skb = (struct sk_buff *) urb->context;
176 struct bfusb_data *data = (struct bfusb_data *) skb->dev;
177
178 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len);
179
180 atomic_dec(&data->pending_tx);
181
182 if (!test_bit(HCI_RUNNING, &data->hdev->flags))
183 return;
184
185 if (!urb->status)
186 data->hdev->stat.byte_tx += skb->len;
187 else
188 data->hdev->stat.err_tx++;
189
190 read_lock(&data->lock);
191
192 skb_unlink(skb, &data->pending_q);
193 skb_queue_tail(&data->completed_q, skb);
194
195 bfusb_tx_wakeup(data);
196
197 read_unlock(&data->lock);
198 }
199
200
201 static int bfusb_rx_submit(struct bfusb_data *data, struct urb *urb)
202 {
203 struct bfusb_data_scb *scb;
204 struct sk_buff *skb;
205 int err, pipe, size = HCI_MAX_FRAME_SIZE + 32;
206
207 BT_DBG("bfusb %p urb %p", data, urb);
208
209 if (!urb) {
210 urb = usb_alloc_urb(0, GFP_ATOMIC);
211 if (!urb)
212 return -ENOMEM;
213 }
214
215 skb = bt_skb_alloc(size, GFP_ATOMIC);
216 if (!skb) {
217 usb_free_urb(urb);
218 return -ENOMEM;
219 }
220
221 skb->dev = (void *) data;
222
223 scb = (struct bfusb_data_scb *) skb->cb;
224 scb->urb = urb;
225
226 pipe = usb_rcvbulkpipe(data->udev, data->bulk_in_ep);
227
228 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, size,
229 bfusb_rx_complete, skb);
230
231 skb_queue_tail(&data->pending_q, skb);
232
233 err = usb_submit_urb(urb, GFP_ATOMIC);
234 if (err) {
235 BT_ERR("%s bulk rx submit failed urb %p err %d",
236 data->hdev->name, urb, err);
237 skb_unlink(skb, &data->pending_q);
238 kfree_skb(skb);
239 usb_free_urb(urb);
240 }
241
242 return err;
243 }
244
245 static inline int bfusb_recv_block(struct bfusb_data *data, int hdr, unsigned char *buf, int len)
246 {
247 BT_DBG("bfusb %p hdr 0x%02x data %p len %d", data, hdr, buf, len);
248
249 if (hdr & 0x10) {
250 BT_ERR("%s error in block", data->hdev->name);
251 kfree_skb(data->reassembly);
252 data->reassembly = NULL;
253 return -EIO;
254 }
255
256 if (hdr & 0x04) {
257 struct sk_buff *skb;
258 unsigned char pkt_type;
259 int pkt_len = 0;
260
261 if (data->reassembly) {
262 BT_ERR("%s unexpected start block", data->hdev->name);
263 kfree_skb(data->reassembly);
264 data->reassembly = NULL;
265 }
266
267 if (len < 1) {
268 BT_ERR("%s no packet type found", data->hdev->name);
269 return -EPROTO;
270 }
271
272 pkt_type = *buf++; len--;
273
274 switch (pkt_type) {
275 case HCI_EVENT_PKT:
276 if (len >= HCI_EVENT_HDR_SIZE) {
277 struct hci_event_hdr *hdr = (struct hci_event_hdr *) buf;
278 pkt_len = HCI_EVENT_HDR_SIZE + hdr->plen;
279 } else {
280 BT_ERR("%s event block is too short", data->hdev->name);
281 return -EILSEQ;
282 }
283 break;
284
285 case HCI_ACLDATA_PKT:
286 if (len >= HCI_ACL_HDR_SIZE) {
287 struct hci_acl_hdr *hdr = (struct hci_acl_hdr *) buf;
288 pkt_len = HCI_ACL_HDR_SIZE + __le16_to_cpu(hdr->dlen);
289 } else {
290 BT_ERR("%s data block is too short", data->hdev->name);
291 return -EILSEQ;
292 }
293 break;
294
295 case HCI_SCODATA_PKT:
296 if (len >= HCI_SCO_HDR_SIZE) {
297 struct hci_sco_hdr *hdr = (struct hci_sco_hdr *) buf;
298 pkt_len = HCI_SCO_HDR_SIZE + hdr->dlen;
299 } else {
300 BT_ERR("%s audio block is too short", data->hdev->name);
301 return -EILSEQ;
302 }
303 break;
304 }
305
306 skb = bt_skb_alloc(pkt_len, GFP_ATOMIC);
307 if (!skb) {
308 BT_ERR("%s no memory for the packet", data->hdev->name);
309 return -ENOMEM;
310 }
311
312 hci_skb_pkt_type(skb) = pkt_type;
313
314 data->reassembly = skb;
315 } else {
316 if (!data->reassembly) {
317 BT_ERR("%s unexpected continuation block", data->hdev->name);
318 return -EIO;
319 }
320 }
321
322 if (len > 0)
323 skb_put_data(data->reassembly, buf, len);
324
325 if (hdr & 0x08) {
326 hci_recv_frame(data->hdev, data->reassembly);
327 data->reassembly = NULL;
328 }
329
330 return 0;
331 }
332
333 static void bfusb_rx_complete(struct urb *urb)
334 {
335 struct sk_buff *skb = (struct sk_buff *) urb->context;
336 struct bfusb_data *data = (struct bfusb_data *) skb->dev;
337 unsigned char *buf = urb->transfer_buffer;
338 int count = urb->actual_length;
339 int err, hdr, len;
340
341 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len);
342
343 read_lock(&data->lock);
344
345 if (!test_bit(HCI_RUNNING, &data->hdev->flags))
346 goto unlock;
347
348 if (urb->status || !count)
349 goto resubmit;
350
351 data->hdev->stat.byte_rx += count;
352
353 skb_put(skb, count);
354
355 while (count) {
356 hdr = buf[0] | (buf[1] << 8);
357
358 if (hdr & 0x4000) {
359 len = 0;
360 count -= 2;
361 buf += 2;
362 } else {
363 len = (buf[2] == 0) ? 256 : buf[2];
364 count -= 3;
365 buf += 3;
366 }
367
368 if (count < len) {
369 BT_ERR("%s block extends over URB buffer ranges",
370 data->hdev->name);
371 }
372
373 if ((hdr & 0xe1) == 0xc1)
374 bfusb_recv_block(data, hdr, buf, len);
375
376 count -= len;
377 buf += len;
378 }
379
380 skb_unlink(skb, &data->pending_q);
381 kfree_skb(skb);
382
383 bfusb_rx_submit(data, urb);
384
385 read_unlock(&data->lock);
386
387 return;
388
389 resubmit:
390 urb->dev = data->udev;
391
392 err = usb_submit_urb(urb, GFP_ATOMIC);
393 if (err) {
394 BT_ERR("%s bulk resubmit failed urb %p err %d",
395 data->hdev->name, urb, err);
396 }
397
398 unlock:
399 read_unlock(&data->lock);
400 }
401
402 static int bfusb_open(struct hci_dev *hdev)
403 {
404 struct bfusb_data *data = hci_get_drvdata(hdev);
405 unsigned long flags;
406 int i, err;
407
408 BT_DBG("hdev %p bfusb %p", hdev, data);
409
410 write_lock_irqsave(&data->lock, flags);
411
412 err = bfusb_rx_submit(data, NULL);
413 if (!err) {
414 for (i = 1; i < BFUSB_MAX_BULK_RX; i++)
415 bfusb_rx_submit(data, NULL);
416 }
417
418 write_unlock_irqrestore(&data->lock, flags);
419
420 return err;
421 }
422
423 static int bfusb_flush(struct hci_dev *hdev)
424 {
425 struct bfusb_data *data = hci_get_drvdata(hdev);
426
427 BT_DBG("hdev %p bfusb %p", hdev, data);
428
429 skb_queue_purge(&data->transmit_q);
430
431 return 0;
432 }
433
434 static int bfusb_close(struct hci_dev *hdev)
435 {
436 struct bfusb_data *data = hci_get_drvdata(hdev);
437 unsigned long flags;
438
439 BT_DBG("hdev %p bfusb %p", hdev, data);
440
441 write_lock_irqsave(&data->lock, flags);
442 write_unlock_irqrestore(&data->lock, flags);
443
444 bfusb_unlink_urbs(data);
445 bfusb_flush(hdev);
446
447 return 0;
448 }
449
450 static int bfusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
451 {
452 struct bfusb_data *data = hci_get_drvdata(hdev);
453 struct sk_buff *nskb;
454 unsigned char buf[3];
455 int sent = 0, size, count;
456
457 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb,
458 hci_skb_pkt_type(skb), skb->len);
459
460 switch (hci_skb_pkt_type(skb)) {
461 case HCI_COMMAND_PKT:
462 hdev->stat.cmd_tx++;
463 break;
464 case HCI_ACLDATA_PKT:
465 hdev->stat.acl_tx++;
466 break;
467 case HCI_SCODATA_PKT:
468 hdev->stat.sco_tx++;
469 break;
470 }
471
472 /* Prepend skb with frame type */
473 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
474
475 count = skb->len;
476
477 /* Max HCI frame size seems to be 1511 + 1 */
478 nskb = bt_skb_alloc(count + 32, GFP_KERNEL);
479 if (!nskb) {
480 BT_ERR("Can't allocate memory for new packet");
481 return -ENOMEM;
482 }
483
484 nskb->dev = (void *) data;
485
486 while (count) {
487 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE);
488
489 buf[0] = 0xc1 | ((sent == 0) ? 0x04 : 0) | ((count == size) ? 0x08 : 0);
490 buf[1] = 0x00;
491 buf[2] = (size == BFUSB_MAX_BLOCK_SIZE) ? 0 : size;
492
493 skb_put_data(nskb, buf, 3);
494 skb_copy_from_linear_data_offset(skb, sent, skb_put(nskb, size), size);
495
496 sent += size;
497 count -= size;
498 }
499
500 /* Don't send frame with multiple size of bulk max packet */
501 if ((nskb->len % data->bulk_pkt_size) == 0) {
502 buf[0] = 0xdd;
503 buf[1] = 0x00;
504 skb_put_data(nskb, buf, 2);
505 }
506
507 read_lock(&data->lock);
508
509 skb_queue_tail(&data->transmit_q, nskb);
510 bfusb_tx_wakeup(data);
511
512 read_unlock(&data->lock);
513
514 kfree_skb(skb);
515
516 return 0;
517 }
518
519 static int bfusb_load_firmware(struct bfusb_data *data,
520 const unsigned char *firmware, int count)
521 {
522 unsigned char *buf;
523 int err, pipe, len, size, sent = 0;
524
525 BT_DBG("bfusb %p udev %p", data, data->udev);
526
527 BT_INFO("BlueFRITZ! USB loading firmware");
528
529 buf = kmalloc(BFUSB_MAX_BLOCK_SIZE + 3, GFP_KERNEL);
530 if (!buf) {
531 BT_ERR("Can't allocate memory chunk for firmware");
532 return -ENOMEM;
533 }
534
535 pipe = usb_sndctrlpipe(data->udev, 0);
536
537 if (usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
538 0, 1, 0, NULL, 0, USB_CTRL_SET_TIMEOUT) < 0) {
539 BT_ERR("Can't change to loading configuration");
540 kfree(buf);
541 return -EBUSY;
542 }
543
544 data->udev->toggle[0] = data->udev->toggle[1] = 0;
545
546 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep);
547
548 while (count) {
549 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE + 3);
550
551 memcpy(buf, firmware + sent, size);
552
553 err = usb_bulk_msg(data->udev, pipe, buf, size,
554 &len, BFUSB_BLOCK_TIMEOUT);
555
556 if (err || (len != size)) {
557 BT_ERR("Error in firmware loading");
558 goto error;
559 }
560
561 sent += size;
562 count -= size;
563 }
564
565 err = usb_bulk_msg(data->udev, pipe, NULL, 0,
566 &len, BFUSB_BLOCK_TIMEOUT);
567 if (err < 0) {
568 BT_ERR("Error in null packet request");
569 goto error;
570 }
571
572 pipe = usb_sndctrlpipe(data->udev, 0);
573
574 err = usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
575 0, 2, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
576 if (err < 0) {
577 BT_ERR("Can't change to running configuration");
578 goto error;
579 }
580
581 data->udev->toggle[0] = data->udev->toggle[1] = 0;
582
583 BT_INFO("BlueFRITZ! USB device ready");
584
585 kfree(buf);
586 return 0;
587
588 error:
589 kfree(buf);
590
591 pipe = usb_sndctrlpipe(data->udev, 0);
592
593 usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION,
594 0, 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
595
596 return err;
597 }
598
599 static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
600 {
601 const struct firmware *firmware;
602 struct usb_device *udev = interface_to_usbdev(intf);
603 struct usb_host_endpoint *bulk_out_ep;
604 struct usb_host_endpoint *bulk_in_ep;
605 struct hci_dev *hdev;
606 struct bfusb_data *data;
607
608 BT_DBG("intf %p id %p", intf, id);
609
610 /* Check number of endpoints */
611 if (intf->cur_altsetting->desc.bNumEndpoints < 2)
612 return -EIO;
613
614 bulk_out_ep = &intf->cur_altsetting->endpoint[0];
615 bulk_in_ep = &intf->cur_altsetting->endpoint[1];
616
617 if (!bulk_out_ep || !bulk_in_ep) {
618 BT_ERR("Bulk endpoints not found");
619 goto done;
620 }
621
622 /* Initialize control structure and load firmware */
623 data = devm_kzalloc(&intf->dev, sizeof(struct bfusb_data), GFP_KERNEL);
624 if (!data)
625 return -ENOMEM;
626
627 data->udev = udev;
628 data->bulk_in_ep = bulk_in_ep->desc.bEndpointAddress;
629 data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress;
630 data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize);
631
632 rwlock_init(&data->lock);
633
634 data->reassembly = NULL;
635
636 skb_queue_head_init(&data->transmit_q);
637 skb_queue_head_init(&data->pending_q);
638 skb_queue_head_init(&data->completed_q);
639
640 if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) {
641 BT_ERR("Firmware request failed");
642 goto done;
643 }
644
645 BT_DBG("firmware data %p size %zu", firmware->data, firmware->size);
646
647 if (bfusb_load_firmware(data, firmware->data, firmware->size) < 0) {
648 BT_ERR("Firmware loading failed");
649 goto release;
650 }
651
652 release_firmware(firmware);
653
654 /* Initialize and register HCI device */
655 hdev = hci_alloc_dev();
656 if (!hdev) {
657 BT_ERR("Can't allocate HCI device");
658 goto done;
659 }
660
661 data->hdev = hdev;
662
663 hdev->bus = HCI_USB;
664 hci_set_drvdata(hdev, data);
665 SET_HCIDEV_DEV(hdev, &intf->dev);
666
667 hdev->open = bfusb_open;
668 hdev->close = bfusb_close;
669 hdev->flush = bfusb_flush;
670 hdev->send = bfusb_send_frame;
671
672 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
673
674 if (hci_register_dev(hdev) < 0) {
675 BT_ERR("Can't register HCI device");
676 hci_free_dev(hdev);
677 goto done;
678 }
679
680 usb_set_intfdata(intf, data);
681
682 return 0;
683
684 release:
685 release_firmware(firmware);
686
687 done:
688 return -EIO;
689 }
690
691 static void bfusb_disconnect(struct usb_interface *intf)
692 {
693 struct bfusb_data *data = usb_get_intfdata(intf);
694 struct hci_dev *hdev = data->hdev;
695
696 BT_DBG("intf %p", intf);
697
698 if (!hdev)
699 return;
700
701 usb_set_intfdata(intf, NULL);
702
703 bfusb_close(hdev);
704
705 hci_unregister_dev(hdev);
706 hci_free_dev(hdev);
707 }
708
709 static struct usb_driver bfusb_driver = {
710 .name = "bfusb",
711 .probe = bfusb_probe,
712 .disconnect = bfusb_disconnect,
713 .id_table = bfusb_table,
714 .disable_hub_initiated_lpm = 1,
715 };
716
717 module_usb_driver(bfusb_driver);
718
719 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
720 MODULE_DESCRIPTION("BlueFRITZ! USB driver ver " VERSION);
721 MODULE_VERSION(VERSION);
722 MODULE_LICENSE("GPL");
723 MODULE_FIRMWARE("bfubase.frm");
Linux with added FPC-III support