search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'block-5.11-2021-01-10' of git://git.kernel.dk/linux-block
[linux/fpc-iii.git] / drivers / bluetooth / btusb.c
blob03b83aa912779b31c539aba19feb1d3718d042fc
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Generic Bluetooth USB driver
5 *
6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
7 */
8
9 #include <linux/dmi.h>
10 #include <linux/module.h>
11 #include <linux/usb.h>
12 #include <linux/usb/quirks.h>
13 #include <linux/firmware.h>
14 #include <linux/iopoll.h>
15 #include <linux/of_device.h>
16 #include <linux/of_irq.h>
17 #include <linux/suspend.h>
18 #include <linux/gpio/consumer.h>
19 #include <asm/unaligned.h>
20
21 #include <net/bluetooth/bluetooth.h>
22 #include <net/bluetooth/hci_core.h>
23
24 #include "btintel.h"
25 #include "btbcm.h"
26 #include "btrtl.h"
27
28 #define VERSION "0.8"
29
30 static bool disable_scofix;
31 static bool force_scofix;
32 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
33
34 static bool reset = true;
35
36 static struct usb_driver btusb_driver;
37
38 #define BTUSB_IGNORE 0x01
39 #define BTUSB_DIGIANSWER 0x02
40 #define BTUSB_CSR 0x04
41 #define BTUSB_SNIFFER 0x08
42 #define BTUSB_BCM92035 0x10
43 #define BTUSB_BROKEN_ISOC 0x20
44 #define BTUSB_WRONG_SCO_MTU 0x40
45 #define BTUSB_ATH3012 0x80
46 #define BTUSB_INTEL 0x100
47 #define BTUSB_INTEL_BOOT 0x200
48 #define BTUSB_BCM_PATCHRAM 0x400
49 #define BTUSB_MARVELL 0x800
50 #define BTUSB_SWAVE 0x1000
51 #define BTUSB_INTEL_NEW 0x2000
52 #define BTUSB_AMP 0x4000
53 #define BTUSB_QCA_ROME 0x8000
54 #define BTUSB_BCM_APPLE 0x10000
55 #define BTUSB_REALTEK 0x20000
56 #define BTUSB_BCM2045 0x40000
57 #define BTUSB_IFNUM_2 0x80000
58 #define BTUSB_CW6622 0x100000
59 #define BTUSB_MEDIATEK 0x200000
60 #define BTUSB_WIDEBAND_SPEECH 0x400000
61 #define BTUSB_VALID_LE_STATES 0x800000
62 #define BTUSB_QCA_WCN6855 0x1000000
63 #define BTUSB_INTEL_NEWGEN 0x2000000
64
65 static const struct usb_device_id btusb_table[] = {
66 /* Generic Bluetooth USB device */
67 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
68
69 /* Generic Bluetooth AMP device */
70 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
71
72 /* Generic Bluetooth USB interface */
73 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
74
75 /* Apple-specific (Broadcom) devices */
76 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
77 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
78
79 /* MediaTek MT76x0E */
80 { USB_DEVICE(0x0e8d, 0x763f) },
81
82 /* Broadcom SoftSailing reporting vendor specific */
83 { USB_DEVICE(0x0a5c, 0x21e1) },
84
85 /* Apple MacBookPro 7,1 */
86 { USB_DEVICE(0x05ac, 0x8213) },
87
88 /* Apple iMac11,1 */
89 { USB_DEVICE(0x05ac, 0x8215) },
90
91 /* Apple MacBookPro6,2 */
92 { USB_DEVICE(0x05ac, 0x8218) },
93
94 /* Apple MacBookAir3,1, MacBookAir3,2 */
95 { USB_DEVICE(0x05ac, 0x821b) },
96
97 /* Apple MacBookAir4,1 */
98 { USB_DEVICE(0x05ac, 0x821f) },
99
100 /* Apple MacBookPro8,2 */
101 { USB_DEVICE(0x05ac, 0x821a) },
102
103 /* Apple MacMini5,1 */
104 { USB_DEVICE(0x05ac, 0x8281) },
105
106 /* AVM BlueFRITZ! USB v2.0 */
107 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
108
109 /* Bluetooth Ultraport Module from IBM */
110 { USB_DEVICE(0x04bf, 0x030a) },
111
112 /* ALPS Modules with non-standard id */
113 { USB_DEVICE(0x044e, 0x3001) },
114 { USB_DEVICE(0x044e, 0x3002) },
115
116 /* Ericsson with non-standard id */
117 { USB_DEVICE(0x0bdb, 0x1002) },
118
119 /* Canyon CN-BTU1 with HID interfaces */
120 { USB_DEVICE(0x0c10, 0x0000) },
121
122 /* Broadcom BCM20702A0 */
123 { USB_DEVICE(0x413c, 0x8197) },
124
125 /* Broadcom BCM20702B0 (Dynex/Insignia) */
126 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
127
128 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
129 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
130 .driver_info = BTUSB_BCM_PATCHRAM },
131
132 /* Broadcom BCM920703 (HTC Vive) */
133 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
134 .driver_info = BTUSB_BCM_PATCHRAM },
135
136 /* Foxconn - Hon Hai */
137 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
138 .driver_info = BTUSB_BCM_PATCHRAM },
139
140 /* Lite-On Technology - Broadcom based */
141 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
142 .driver_info = BTUSB_BCM_PATCHRAM },
143
144 /* Broadcom devices with vendor specific id */
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
146 .driver_info = BTUSB_BCM_PATCHRAM },
147
148 /* ASUSTek Computer - Broadcom based */
149 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
150 .driver_info = BTUSB_BCM_PATCHRAM },
151
152 /* Belkin F8065bf - Broadcom based */
153 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
154 .driver_info = BTUSB_BCM_PATCHRAM },
155
156 /* IMC Networks - Broadcom based */
157 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
158 .driver_info = BTUSB_BCM_PATCHRAM },
159
160 /* Dell Computer - Broadcom based */
161 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
162 .driver_info = BTUSB_BCM_PATCHRAM },
163
164 /* Toshiba Corp - Broadcom based */
165 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
166 .driver_info = BTUSB_BCM_PATCHRAM },
167
168 /* Intel Bluetooth USB Bootloader (RAM module) */
169 { USB_DEVICE(0x8087, 0x0a5a),
170 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
171
172 { } /* Terminating entry */
173 };
174
175 MODULE_DEVICE_TABLE(usb, btusb_table);
176
177 static const struct usb_device_id blacklist_table[] = {
178 /* CSR BlueCore devices */
179 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
180
181 /* Broadcom BCM2033 without firmware */
182 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
183
184 /* Broadcom BCM2045 devices */
185 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
186
187 /* Atheros 3011 with sflash firmware */
188 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
189 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
190 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
191 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
192 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
193 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
194 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
195
196 /* Atheros AR9285 Malbec with sflash firmware */
197 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
198
199 /* Atheros 3012 with sflash firmware */
200 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
201 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
202 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
203 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
204 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
205 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
206 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
207 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
208 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
247 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
248 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
249 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
250
251 /* Atheros AR5BBU12 with sflash firmware */
252 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
253
254 /* Atheros AR5BBU12 with sflash firmware */
255 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
256 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
257
258 /* QCA ROME chipset */
259 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
260 BTUSB_WIDEBAND_SPEECH },
261 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
262 BTUSB_WIDEBAND_SPEECH },
263 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
264 BTUSB_WIDEBAND_SPEECH },
265 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
266 BTUSB_WIDEBAND_SPEECH },
267 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
268 BTUSB_WIDEBAND_SPEECH },
269 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
270 BTUSB_WIDEBAND_SPEECH },
271 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
272 BTUSB_WIDEBAND_SPEECH },
273 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
274 BTUSB_WIDEBAND_SPEECH },
275 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
276 BTUSB_WIDEBAND_SPEECH },
277 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
278 BTUSB_WIDEBAND_SPEECH },
279 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
280 BTUSB_WIDEBAND_SPEECH },
281 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
282 BTUSB_WIDEBAND_SPEECH },
283 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
284 BTUSB_WIDEBAND_SPEECH },
285 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
286 BTUSB_WIDEBAND_SPEECH },
287 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
288 BTUSB_WIDEBAND_SPEECH },
289 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
290 BTUSB_WIDEBAND_SPEECH },
291 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
292 BTUSB_WIDEBAND_SPEECH },
293 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
294 BTUSB_WIDEBAND_SPEECH },
295
296 /* QCA WCN6855 chipset */
297 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
298 BTUSB_WIDEBAND_SPEECH },
299
300 /* Broadcom BCM2035 */
301 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
302 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
303 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
304
305 /* Broadcom BCM2045 */
306 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
307 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
308
309 /* IBM/Lenovo ThinkPad with Broadcom chip */
310 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
311 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
312
313 /* HP laptop with Broadcom chip */
314 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
315
316 /* Dell laptop with Broadcom chip */
317 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
318
319 /* Dell Wireless 370 and 410 devices */
320 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
321 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
322
323 /* Belkin F8T012 and F8T013 devices */
324 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
325 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
326
327 /* Asus WL-BTD202 device */
328 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
329
330 /* Kensington Bluetooth USB adapter */
331 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
332
333 /* RTX Telecom based adapters with buggy SCO support */
334 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
335 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
336
337 /* CONWISE Technology based adapters with buggy SCO support */
338 { USB_DEVICE(0x0e5e, 0x6622),
339 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
340
341 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
342 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
343
344 /* Digianswer devices */
345 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
346 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
347
348 /* CSR BlueCore Bluetooth Sniffer */
349 { USB_DEVICE(0x0a12, 0x0002),
350 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
351
352 /* Frontline ComProbe Bluetooth Sniffer */
353 { USB_DEVICE(0x16d3, 0x0002),
354 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
355
356 /* Marvell Bluetooth devices */
357 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
358 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
359 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
360
361 /* Intel Bluetooth devices */
362 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW |
363 BTUSB_WIDEBAND_SPEECH |
364 BTUSB_VALID_LE_STATES },
365 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW |
366 BTUSB_WIDEBAND_SPEECH },
367 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_NEW |
368 BTUSB_WIDEBAND_SPEECH },
369 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_NEWGEN |
370 BTUSB_WIDEBAND_SPEECH},
371 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
372 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
373 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
374 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW |
375 BTUSB_WIDEBAND_SPEECH },
376 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL |
377 BTUSB_WIDEBAND_SPEECH },
378 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW |
379 BTUSB_WIDEBAND_SPEECH |
380 BTUSB_VALID_LE_STATES },
381
382 /* Other Intel Bluetooth devices */
383 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
384 .driver_info = BTUSB_IGNORE },
385
386 /* Realtek 8822CE Bluetooth devices */
387 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK |
388 BTUSB_WIDEBAND_SPEECH },
389
390 /* Realtek 8852AE Bluetooth devices */
391 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK |
392 BTUSB_WIDEBAND_SPEECH },
393
394 /* Realtek Bluetooth devices */
395 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
396 .driver_info = BTUSB_REALTEK },
397
398 /* MediaTek Bluetooth devices */
399 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01),
400 .driver_info = BTUSB_MEDIATEK },
401
402 /* Additional MediaTek MT7615E Bluetooth devices */
403 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK},
404
405 /* Additional Realtek 8723AE Bluetooth devices */
406 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
407 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
408
409 /* Additional Realtek 8723BE Bluetooth devices */
410 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
411 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
412 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
413 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
414 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
415 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
416
417 /* Additional Realtek 8723BU Bluetooth devices */
418 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
419
420 /* Additional Realtek 8723DE Bluetooth devices */
421 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
422 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
423
424 /* Additional Realtek 8821AE Bluetooth devices */
425 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
426 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
427 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
428 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
429 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
430
431 /* Additional Realtek 8822BE Bluetooth devices */
432 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
433 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
434
435 /* Additional Realtek 8822CE Bluetooth devices */
436 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK |
437 BTUSB_WIDEBAND_SPEECH },
438 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK |
439 BTUSB_WIDEBAND_SPEECH },
440 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK |
441 BTUSB_WIDEBAND_SPEECH },
442 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK |
443 BTUSB_WIDEBAND_SPEECH },
444 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK |
445 BTUSB_WIDEBAND_SPEECH },
446 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK |
447 BTUSB_WIDEBAND_SPEECH },
448 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK |
449 BTUSB_WIDEBAND_SPEECH },
450 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK |
451 BTUSB_WIDEBAND_SPEECH },
452 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK |
453 BTUSB_WIDEBAND_SPEECH },
454 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK |
455 BTUSB_WIDEBAND_SPEECH },
456
457 /* Silicon Wave based devices */
458 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
459
460 { } /* Terminating entry */
461 };
462
463 /* The Bluetooth USB module build into some devices needs to be reset on resume,
464 * this is a problem with the platform (likely shutting off all power) not with
465 * the module itself. So we use a DMI list to match known broken platforms.
466 */
467 static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
468 {
469 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
470 .matches = {
471 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
472 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
473 },
474 },
475 {
476 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
477 .matches = {
478 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
479 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
480 },
481 },
482 {
483 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
484 .matches = {
485 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
486 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
487 },
488 },
489 {}
490 };
491
492 #define BTUSB_MAX_ISOC_FRAMES 10
493
494 #define BTUSB_INTR_RUNNING 0
495 #define BTUSB_BULK_RUNNING 1
496 #define BTUSB_ISOC_RUNNING 2
497 #define BTUSB_SUSPENDING 3
498 #define BTUSB_DID_ISO_RESUME 4
499 #define BTUSB_BOOTLOADER 5
500 #define BTUSB_DOWNLOADING 6
501 #define BTUSB_FIRMWARE_LOADED 7
502 #define BTUSB_FIRMWARE_FAILED 8
503 #define BTUSB_BOOTING 9
504 #define BTUSB_DIAG_RUNNING 10
505 #define BTUSB_OOB_WAKE_ENABLED 11
506 #define BTUSB_HW_RESET_ACTIVE 12
507 #define BTUSB_TX_WAIT_VND_EVT 13
508 #define BTUSB_WAKEUP_DISABLE 14
509 #define BTUSB_USE_ALT1_FOR_WBS 15
510
511 struct btusb_data {
512 struct hci_dev *hdev;
513 struct usb_device *udev;
514 struct usb_interface *intf;
515 struct usb_interface *isoc;
516 struct usb_interface *diag;
517 unsigned isoc_ifnum;
518
519 unsigned long flags;
520
521 struct work_struct work;
522 struct work_struct waker;
523
524 struct usb_anchor deferred;
525 struct usb_anchor tx_anchor;
526 int tx_in_flight;
527 spinlock_t txlock;
528
529 struct usb_anchor intr_anchor;
530 struct usb_anchor bulk_anchor;
531 struct usb_anchor isoc_anchor;
532 struct usb_anchor diag_anchor;
533 struct usb_anchor ctrl_anchor;
534 spinlock_t rxlock;
535
536 struct sk_buff *evt_skb;
537 struct sk_buff *acl_skb;
538 struct sk_buff *sco_skb;
539
540 struct usb_endpoint_descriptor *intr_ep;
541 struct usb_endpoint_descriptor *bulk_tx_ep;
542 struct usb_endpoint_descriptor *bulk_rx_ep;
543 struct usb_endpoint_descriptor *isoc_tx_ep;
544 struct usb_endpoint_descriptor *isoc_rx_ep;
545 struct usb_endpoint_descriptor *diag_tx_ep;
546 struct usb_endpoint_descriptor *diag_rx_ep;
547
548 struct gpio_desc *reset_gpio;
549
550 __u8 cmdreq_type;
551 __u8 cmdreq;
552
553 unsigned int sco_num;
554 unsigned int air_mode;
555 bool usb_alt6_packet_flow;
556 int isoc_altsetting;
557 int suspend_count;
558
559 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
560 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
561
562 int (*setup_on_usb)(struct hci_dev *hdev);
563
564 int oob_wake_irq; /* irq for out-of-band wake-on-bt */
565 unsigned cmd_timeout_cnt;
566 };
567
568 static void btusb_intel_cmd_timeout(struct hci_dev *hdev)
569 {
570 struct btusb_data *data = hci_get_drvdata(hdev);
571 struct gpio_desc *reset_gpio = data->reset_gpio;
572
573 if (++data->cmd_timeout_cnt < 5)
574 return;
575
576 if (!reset_gpio) {
577 bt_dev_err(hdev, "No way to reset. Ignoring and continuing");
578 return;
579 }
580
581 /*
582 * Toggle the hard reset line if the platform provides one. The reset
583 * is going to yank the device off the USB and then replug. So doing
584 * once is enough. The cleanup is handled correctly on the way out
585 * (standard USB disconnect), and the new device is detected cleanly
586 * and bound to the driver again like it should be.
587 */
588 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
589 bt_dev_err(hdev, "last reset failed? Not resetting again");
590 return;
591 }
592
593 bt_dev_err(hdev, "Initiating HW reset via gpio");
594 gpiod_set_value_cansleep(reset_gpio, 1);
595 msleep(100);
596 gpiod_set_value_cansleep(reset_gpio, 0);
597 }
598
599 static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
600 {
601 struct btusb_data *data = hci_get_drvdata(hdev);
602 struct gpio_desc *reset_gpio = data->reset_gpio;
603
604 if (++data->cmd_timeout_cnt < 5)
605 return;
606
607 if (!reset_gpio) {
608 bt_dev_err(hdev, "No gpio to reset Realtek device, ignoring");
609 return;
610 }
611
612 /* Toggle the hard reset line. The Realtek device is going to
613 * yank itself off the USB and then replug. The cleanup is handled
614 * correctly on the way out (standard USB disconnect), and the new
615 * device is detected cleanly and bound to the driver again like
616 * it should be.
617 */
618 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
619 bt_dev_err(hdev, "last reset failed? Not resetting again");
620 return;
621 }
622
623 bt_dev_err(hdev, "Reset Realtek device via gpio");
624 gpiod_set_value_cansleep(reset_gpio, 1);
625 msleep(200);
626 gpiod_set_value_cansleep(reset_gpio, 0);
627 }
628
629 static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
630 {
631 struct btusb_data *data = hci_get_drvdata(hdev);
632 int err;
633
634 if (++data->cmd_timeout_cnt < 5)
635 return;
636
637 bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device.");
638 /* This is not an unbalanced PM reference since the device will reset */
639 err = usb_autopm_get_interface(data->intf);
640 if (!err)
641 usb_queue_reset_device(data->intf);
642 else
643 bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err);
644 }
645
646 static inline void btusb_free_frags(struct btusb_data *data)
647 {
648 unsigned long flags;
649
650 spin_lock_irqsave(&data->rxlock, flags);
651
652 kfree_skb(data->evt_skb);
653 data->evt_skb = NULL;
654
655 kfree_skb(data->acl_skb);
656 data->acl_skb = NULL;
657
658 kfree_skb(data->sco_skb);
659 data->sco_skb = NULL;
660
661 spin_unlock_irqrestore(&data->rxlock, flags);
662 }
663
664 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
665 {
666 struct sk_buff *skb;
667 unsigned long flags;
668 int err = 0;
669
670 spin_lock_irqsave(&data->rxlock, flags);
671 skb = data->evt_skb;
672
673 while (count) {
674 int len;
675
676 if (!skb) {
677 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
678 if (!skb) {
679 err = -ENOMEM;
680 break;
681 }
682
683 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
684 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
685 }
686
687 len = min_t(uint, hci_skb_expect(skb), count);
688 skb_put_data(skb, buffer, len);
689
690 count -= len;
691 buffer += len;
692 hci_skb_expect(skb) -= len;
693
694 if (skb->len == HCI_EVENT_HDR_SIZE) {
695 /* Complete event header */
696 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
697
698 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
699 kfree_skb(skb);
700 skb = NULL;
701
702 err = -EILSEQ;
703 break;
704 }
705 }
706
707 if (!hci_skb_expect(skb)) {
708 /* Complete frame */
709 data->recv_event(data->hdev, skb);
710 skb = NULL;
711 }
712 }
713
714 data->evt_skb = skb;
715 spin_unlock_irqrestore(&data->rxlock, flags);
716
717 return err;
718 }
719
720 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
721 {
722 struct sk_buff *skb;
723 unsigned long flags;
724 int err = 0;
725
726 spin_lock_irqsave(&data->rxlock, flags);
727 skb = data->acl_skb;
728
729 while (count) {
730 int len;
731
732 if (!skb) {
733 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
734 if (!skb) {
735 err = -ENOMEM;
736 break;
737 }
738
739 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
740 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
741 }
742
743 len = min_t(uint, hci_skb_expect(skb), count);
744 skb_put_data(skb, buffer, len);
745
746 count -= len;
747 buffer += len;
748 hci_skb_expect(skb) -= len;
749
750 if (skb->len == HCI_ACL_HDR_SIZE) {
751 __le16 dlen = hci_acl_hdr(skb)->dlen;
752
753 /* Complete ACL header */
754 hci_skb_expect(skb) = __le16_to_cpu(dlen);
755
756 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
757 kfree_skb(skb);
758 skb = NULL;
759
760 err = -EILSEQ;
761 break;
762 }
763 }
764
765 if (!hci_skb_expect(skb)) {
766 /* Complete frame */
767 hci_recv_frame(data->hdev, skb);
768 skb = NULL;
769 }
770 }
771
772 data->acl_skb = skb;
773 spin_unlock_irqrestore(&data->rxlock, flags);
774
775 return err;
776 }
777
778 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
779 {
780 struct sk_buff *skb;
781 unsigned long flags;
782 int err = 0;
783
784 spin_lock_irqsave(&data->rxlock, flags);
785 skb = data->sco_skb;
786
787 while (count) {
788 int len;
789
790 if (!skb) {
791 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
792 if (!skb) {
793 err = -ENOMEM;
794 break;
795 }
796
797 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
798 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
799 }
800
801 len = min_t(uint, hci_skb_expect(skb), count);
802 skb_put_data(skb, buffer, len);
803
804 count -= len;
805 buffer += len;
806 hci_skb_expect(skb) -= len;
807
808 if (skb->len == HCI_SCO_HDR_SIZE) {
809 /* Complete SCO header */
810 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
811
812 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
813 kfree_skb(skb);
814 skb = NULL;
815
816 err = -EILSEQ;
817 break;
818 }
819 }
820
821 if (!hci_skb_expect(skb)) {
822 /* Complete frame */
823 hci_recv_frame(data->hdev, skb);
824 skb = NULL;
825 }
826 }
827
828 data->sco_skb = skb;
829 spin_unlock_irqrestore(&data->rxlock, flags);
830
831 return err;
832 }
833
834 static void btusb_intr_complete(struct urb *urb)
835 {
836 struct hci_dev *hdev = urb->context;
837 struct btusb_data *data = hci_get_drvdata(hdev);
838 int err;
839
840 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
841 urb->actual_length);
842
843 if (!test_bit(HCI_RUNNING, &hdev->flags))
844 return;
845
846 if (urb->status == 0) {
847 hdev->stat.byte_rx += urb->actual_length;
848
849 if (btusb_recv_intr(data, urb->transfer_buffer,
850 urb->actual_length) < 0) {
851 bt_dev_err(hdev, "corrupted event packet");
852 hdev->stat.err_rx++;
853 }
854 } else if (urb->status == -ENOENT) {
855 /* Avoid suspend failed when usb_kill_urb */
856 return;
857 }
858
859 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
860 return;
861
862 usb_mark_last_busy(data->udev);
863 usb_anchor_urb(urb, &data->intr_anchor);
864
865 err = usb_submit_urb(urb, GFP_ATOMIC);
866 if (err < 0) {
867 /* -EPERM: urb is being killed;
868 * -ENODEV: device got disconnected
869 */
870 if (err != -EPERM && err != -ENODEV)
871 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
872 urb, -err);
873 usb_unanchor_urb(urb);
874 }
875 }
876
877 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
878 {
879 struct btusb_data *data = hci_get_drvdata(hdev);
880 struct urb *urb;
881 unsigned char *buf;
882 unsigned int pipe;
883 int err, size;
884
885 BT_DBG("%s", hdev->name);
886
887 if (!data->intr_ep)
888 return -ENODEV;
889
890 urb = usb_alloc_urb(0, mem_flags);
891 if (!urb)
892 return -ENOMEM;
893
894 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
895
896 buf = kmalloc(size, mem_flags);
897 if (!buf) {
898 usb_free_urb(urb);
899 return -ENOMEM;
900 }
901
902 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
903
904 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
905 btusb_intr_complete, hdev, data->intr_ep->bInterval);
906
907 urb->transfer_flags |= URB_FREE_BUFFER;
908
909 usb_anchor_urb(urb, &data->intr_anchor);
910
911 err = usb_submit_urb(urb, mem_flags);
912 if (err < 0) {
913 if (err != -EPERM && err != -ENODEV)
914 bt_dev_err(hdev, "urb %p submission failed (%d)",
915 urb, -err);
916 usb_unanchor_urb(urb);
917 }
918
919 usb_free_urb(urb);
920
921 return err;
922 }
923
924 static void btusb_bulk_complete(struct urb *urb)
925 {
926 struct hci_dev *hdev = urb->context;
927 struct btusb_data *data = hci_get_drvdata(hdev);
928 int err;
929
930 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
931 urb->actual_length);
932
933 if (!test_bit(HCI_RUNNING, &hdev->flags))
934 return;
935
936 if (urb->status == 0) {
937 hdev->stat.byte_rx += urb->actual_length;
938
939 if (data->recv_bulk(data, urb->transfer_buffer,
940 urb->actual_length) < 0) {
941 bt_dev_err(hdev, "corrupted ACL packet");
942 hdev->stat.err_rx++;
943 }
944 } else if (urb->status == -ENOENT) {
945 /* Avoid suspend failed when usb_kill_urb */
946 return;
947 }
948
949 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
950 return;
951
952 usb_anchor_urb(urb, &data->bulk_anchor);
953 usb_mark_last_busy(data->udev);
954
955 err = usb_submit_urb(urb, GFP_ATOMIC);
956 if (err < 0) {
957 /* -EPERM: urb is being killed;
958 * -ENODEV: device got disconnected
959 */
960 if (err != -EPERM && err != -ENODEV)
961 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
962 urb, -err);
963 usb_unanchor_urb(urb);
964 }
965 }
966
967 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
968 {
969 struct btusb_data *data = hci_get_drvdata(hdev);
970 struct urb *urb;
971 unsigned char *buf;
972 unsigned int pipe;
973 int err, size = HCI_MAX_FRAME_SIZE;
974
975 BT_DBG("%s", hdev->name);
976
977 if (!data->bulk_rx_ep)
978 return -ENODEV;
979
980 urb = usb_alloc_urb(0, mem_flags);
981 if (!urb)
982 return -ENOMEM;
983
984 buf = kmalloc(size, mem_flags);
985 if (!buf) {
986 usb_free_urb(urb);
987 return -ENOMEM;
988 }
989
990 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
991
992 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
993 btusb_bulk_complete, hdev);
994
995 urb->transfer_flags |= URB_FREE_BUFFER;
996
997 usb_mark_last_busy(data->udev);
998 usb_anchor_urb(urb, &data->bulk_anchor);
999
1000 err = usb_submit_urb(urb, mem_flags);
1001 if (err < 0) {
1002 if (err != -EPERM && err != -ENODEV)
1003 bt_dev_err(hdev, "urb %p submission failed (%d)",
1004 urb, -err);
1005 usb_unanchor_urb(urb);
1006 }
1007
1008 usb_free_urb(urb);
1009
1010 return err;
1011 }
1012
1013 static void btusb_isoc_complete(struct urb *urb)
1014 {
1015 struct hci_dev *hdev = urb->context;
1016 struct btusb_data *data = hci_get_drvdata(hdev);
1017 int i, err;
1018
1019 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1020 urb->actual_length);
1021
1022 if (!test_bit(HCI_RUNNING, &hdev->flags))
1023 return;
1024
1025 if (urb->status == 0) {
1026 for (i = 0; i < urb->number_of_packets; i++) {
1027 unsigned int offset = urb->iso_frame_desc[i].offset;
1028 unsigned int length = urb->iso_frame_desc[i].actual_length;
1029
1030 if (urb->iso_frame_desc[i].status)
1031 continue;
1032
1033 hdev->stat.byte_rx += length;
1034
1035 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
1036 length) < 0) {
1037 bt_dev_err(hdev, "corrupted SCO packet");
1038 hdev->stat.err_rx++;
1039 }
1040 }
1041 } else if (urb->status == -ENOENT) {
1042 /* Avoid suspend failed when usb_kill_urb */
1043 return;
1044 }
1045
1046 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
1047 return;
1048
1049 usb_anchor_urb(urb, &data->isoc_anchor);
1050
1051 err = usb_submit_urb(urb, GFP_ATOMIC);
1052 if (err < 0) {
1053 /* -EPERM: urb is being killed;
1054 * -ENODEV: device got disconnected
1055 */
1056 if (err != -EPERM && err != -ENODEV)
1057 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1058 urb, -err);
1059 usb_unanchor_urb(urb);
1060 }
1061 }
1062
1063 static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len,
1064 int mtu, struct btusb_data *data)
1065 {
1066 int i, offset = 0;
1067 unsigned int interval;
1068
1069 BT_DBG("len %d mtu %d", len, mtu);
1070
1071 /* For mSBC ALT 6 setting the host will send the packet at continuous
1072 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting
1073 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets.
1074 * To maintain the rate we send 63bytes of usb packets alternatively for
1075 * 7ms and 8ms to maintain the rate as 7.5ms.
1076 */
1077 if (data->usb_alt6_packet_flow) {
1078 interval = 7;
1079 data->usb_alt6_packet_flow = false;
1080 } else {
1081 interval = 6;
1082 data->usb_alt6_packet_flow = true;
1083 }
1084
1085 for (i = 0; i < interval; i++) {
1086 urb->iso_frame_desc[i].offset = offset;
1087 urb->iso_frame_desc[i].length = offset;
1088 }
1089
1090 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1091 urb->iso_frame_desc[i].offset = offset;
1092 urb->iso_frame_desc[i].length = len;
1093 i++;
1094 }
1095
1096 urb->number_of_packets = i;
1097 }
1098
1099 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
1100 {
1101 int i, offset = 0;
1102
1103 BT_DBG("len %d mtu %d", len, mtu);
1104
1105 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
1106 i++, offset += mtu, len -= mtu) {
1107 urb->iso_frame_desc[i].offset = offset;
1108 urb->iso_frame_desc[i].length = mtu;
1109 }
1110
1111 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
1112 urb->iso_frame_desc[i].offset = offset;
1113 urb->iso_frame_desc[i].length = len;
1114 i++;
1115 }
1116
1117 urb->number_of_packets = i;
1118 }
1119
1120 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
1121 {
1122 struct btusb_data *data = hci_get_drvdata(hdev);
1123 struct urb *urb;
1124 unsigned char *buf;
1125 unsigned int pipe;
1126 int err, size;
1127
1128 BT_DBG("%s", hdev->name);
1129
1130 if (!data->isoc_rx_ep)
1131 return -ENODEV;
1132
1133 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
1134 if (!urb)
1135 return -ENOMEM;
1136
1137 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
1138 BTUSB_MAX_ISOC_FRAMES;
1139
1140 buf = kmalloc(size, mem_flags);
1141 if (!buf) {
1142 usb_free_urb(urb);
1143 return -ENOMEM;
1144 }
1145
1146 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
1147
1148 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
1149 hdev, data->isoc_rx_ep->bInterval);
1150
1151 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
1152
1153 __fill_isoc_descriptor(urb, size,
1154 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
1155
1156 usb_anchor_urb(urb, &data->isoc_anchor);
1157
1158 err = usb_submit_urb(urb, mem_flags);
1159 if (err < 0) {
1160 if (err != -EPERM && err != -ENODEV)
1161 bt_dev_err(hdev, "urb %p submission failed (%d)",
1162 urb, -err);
1163 usb_unanchor_urb(urb);
1164 }
1165
1166 usb_free_urb(urb);
1167
1168 return err;
1169 }
1170
1171 static void btusb_diag_complete(struct urb *urb)
1172 {
1173 struct hci_dev *hdev = urb->context;
1174 struct btusb_data *data = hci_get_drvdata(hdev);
1175 int err;
1176
1177 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1178 urb->actual_length);
1179
1180 if (urb->status == 0) {
1181 struct sk_buff *skb;
1182
1183 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
1184 if (skb) {
1185 skb_put_data(skb, urb->transfer_buffer,
1186 urb->actual_length);
1187 hci_recv_diag(hdev, skb);
1188 }
1189 } else if (urb->status == -ENOENT) {
1190 /* Avoid suspend failed when usb_kill_urb */
1191 return;
1192 }
1193
1194 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1195 return;
1196
1197 usb_anchor_urb(urb, &data->diag_anchor);
1198 usb_mark_last_busy(data->udev);
1199
1200 err = usb_submit_urb(urb, GFP_ATOMIC);
1201 if (err < 0) {
1202 /* -EPERM: urb is being killed;
1203 * -ENODEV: device got disconnected
1204 */
1205 if (err != -EPERM && err != -ENODEV)
1206 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1207 urb, -err);
1208 usb_unanchor_urb(urb);
1209 }
1210 }
1211
1212 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1213 {
1214 struct btusb_data *data = hci_get_drvdata(hdev);
1215 struct urb *urb;
1216 unsigned char *buf;
1217 unsigned int pipe;
1218 int err, size = HCI_MAX_FRAME_SIZE;
1219
1220 BT_DBG("%s", hdev->name);
1221
1222 if (!data->diag_rx_ep)
1223 return -ENODEV;
1224
1225 urb = usb_alloc_urb(0, mem_flags);
1226 if (!urb)
1227 return -ENOMEM;
1228
1229 buf = kmalloc(size, mem_flags);
1230 if (!buf) {
1231 usb_free_urb(urb);
1232 return -ENOMEM;
1233 }
1234
1235 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1236
1237 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1238 btusb_diag_complete, hdev);
1239
1240 urb->transfer_flags |= URB_FREE_BUFFER;
1241
1242 usb_mark_last_busy(data->udev);
1243 usb_anchor_urb(urb, &data->diag_anchor);
1244
1245 err = usb_submit_urb(urb, mem_flags);
1246 if (err < 0) {
1247 if (err != -EPERM && err != -ENODEV)
1248 bt_dev_err(hdev, "urb %p submission failed (%d)",
1249 urb, -err);
1250 usb_unanchor_urb(urb);
1251 }
1252
1253 usb_free_urb(urb);
1254
1255 return err;
1256 }
1257
1258 static void btusb_tx_complete(struct urb *urb)
1259 {
1260 struct sk_buff *skb = urb->context;
1261 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1262 struct btusb_data *data = hci_get_drvdata(hdev);
1263 unsigned long flags;
1264
1265 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1266 urb->actual_length);
1267
1268 if (!test_bit(HCI_RUNNING, &hdev->flags))
1269 goto done;
1270
1271 if (!urb->status)
1272 hdev->stat.byte_tx += urb->transfer_buffer_length;
1273 else
1274 hdev->stat.err_tx++;
1275
1276 done:
1277 spin_lock_irqsave(&data->txlock, flags);
1278 data->tx_in_flight--;
1279 spin_unlock_irqrestore(&data->txlock, flags);
1280
1281 kfree(urb->setup_packet);
1282
1283 kfree_skb(skb);
1284 }
1285
1286 static void btusb_isoc_tx_complete(struct urb *urb)
1287 {
1288 struct sk_buff *skb = urb->context;
1289 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1290
1291 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1292 urb->actual_length);
1293
1294 if (!test_bit(HCI_RUNNING, &hdev->flags))
1295 goto done;
1296
1297 if (!urb->status)
1298 hdev->stat.byte_tx += urb->transfer_buffer_length;
1299 else
1300 hdev->stat.err_tx++;
1301
1302 done:
1303 kfree(urb->setup_packet);
1304
1305 kfree_skb(skb);
1306 }
1307
1308 static int btusb_open(struct hci_dev *hdev)
1309 {
1310 struct btusb_data *data = hci_get_drvdata(hdev);
1311 int err;
1312
1313 BT_DBG("%s", hdev->name);
1314
1315 err = usb_autopm_get_interface(data->intf);
1316 if (err < 0)
1317 return err;
1318
1319 /* Patching USB firmware files prior to starting any URBs of HCI path
1320 * It is more safe to use USB bulk channel for downloading USB patch
1321 */
1322 if (data->setup_on_usb) {
1323 err = data->setup_on_usb(hdev);
1324 if (err < 0)
1325 goto setup_fail;
1326 }
1327
1328 data->intf->needs_remote_wakeup = 1;
1329
1330 /* Disable device remote wakeup when host is suspended
1331 * For Realtek chips, global suspend without
1332 * SET_FEATURE (DEVICE_REMOTE_WAKEUP) can save more power in device.
1333 */
1334 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1335 device_wakeup_disable(&data->udev->dev);
1336
1337 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1338 goto done;
1339
1340 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1341 if (err < 0)
1342 goto failed;
1343
1344 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1345 if (err < 0) {
1346 usb_kill_anchored_urbs(&data->intr_anchor);
1347 goto failed;
1348 }
1349
1350 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1351 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1352
1353 if (data->diag) {
1354 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1355 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1356 }
1357
1358 done:
1359 usb_autopm_put_interface(data->intf);
1360 return 0;
1361
1362 failed:
1363 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1364 setup_fail:
1365 usb_autopm_put_interface(data->intf);
1366 return err;
1367 }
1368
1369 static void btusb_stop_traffic(struct btusb_data *data)
1370 {
1371 usb_kill_anchored_urbs(&data->intr_anchor);
1372 usb_kill_anchored_urbs(&data->bulk_anchor);
1373 usb_kill_anchored_urbs(&data->isoc_anchor);
1374 usb_kill_anchored_urbs(&data->diag_anchor);
1375 usb_kill_anchored_urbs(&data->ctrl_anchor);
1376 }
1377
1378 static int btusb_close(struct hci_dev *hdev)
1379 {
1380 struct btusb_data *data = hci_get_drvdata(hdev);
1381 int err;
1382
1383 BT_DBG("%s", hdev->name);
1384
1385 cancel_work_sync(&data->work);
1386 cancel_work_sync(&data->waker);
1387
1388 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1389 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1390 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1391 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1392
1393 btusb_stop_traffic(data);
1394 btusb_free_frags(data);
1395
1396 err = usb_autopm_get_interface(data->intf);
1397 if (err < 0)
1398 goto failed;
1399
1400 data->intf->needs_remote_wakeup = 0;
1401
1402 /* Enable remote wake up for auto-suspend */
1403 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
1404 data->intf->needs_remote_wakeup = 1;
1405
1406 usb_autopm_put_interface(data->intf);
1407
1408 failed:
1409 usb_scuttle_anchored_urbs(&data->deferred);
1410 return 0;
1411 }
1412
1413 static int btusb_flush(struct hci_dev *hdev)
1414 {
1415 struct btusb_data *data = hci_get_drvdata(hdev);
1416
1417 BT_DBG("%s", hdev->name);
1418
1419 usb_kill_anchored_urbs(&data->tx_anchor);
1420 btusb_free_frags(data);
1421
1422 return 0;
1423 }
1424
1425 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1426 {
1427 struct btusb_data *data = hci_get_drvdata(hdev);
1428 struct usb_ctrlrequest *dr;
1429 struct urb *urb;
1430 unsigned int pipe;
1431
1432 urb = usb_alloc_urb(0, GFP_KERNEL);
1433 if (!urb)
1434 return ERR_PTR(-ENOMEM);
1435
1436 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1437 if (!dr) {
1438 usb_free_urb(urb);
1439 return ERR_PTR(-ENOMEM);
1440 }
1441
1442 dr->bRequestType = data->cmdreq_type;
1443 dr->bRequest = data->cmdreq;
1444 dr->wIndex = 0;
1445 dr->wValue = 0;
1446 dr->wLength = __cpu_to_le16(skb->len);
1447
1448 pipe = usb_sndctrlpipe(data->udev, 0x00);
1449
1450 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1451 skb->data, skb->len, btusb_tx_complete, skb);
1452
1453 skb->dev = (void *)hdev;
1454
1455 return urb;
1456 }
1457
1458 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1459 {
1460 struct btusb_data *data = hci_get_drvdata(hdev);
1461 struct urb *urb;
1462 unsigned int pipe;
1463
1464 if (!data->bulk_tx_ep)
1465 return ERR_PTR(-ENODEV);
1466
1467 urb = usb_alloc_urb(0, GFP_KERNEL);
1468 if (!urb)
1469 return ERR_PTR(-ENOMEM);
1470
1471 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1472
1473 usb_fill_bulk_urb(urb, data->udev, pipe,
1474 skb->data, skb->len, btusb_tx_complete, skb);
1475
1476 skb->dev = (void *)hdev;
1477
1478 return urb;
1479 }
1480
1481 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1482 {
1483 struct btusb_data *data = hci_get_drvdata(hdev);
1484 struct urb *urb;
1485 unsigned int pipe;
1486
1487 if (!data->isoc_tx_ep)
1488 return ERR_PTR(-ENODEV);
1489
1490 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1491 if (!urb)
1492 return ERR_PTR(-ENOMEM);
1493
1494 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1495
1496 usb_fill_int_urb(urb, data->udev, pipe,
1497 skb->data, skb->len, btusb_isoc_tx_complete,
1498 skb, data->isoc_tx_ep->bInterval);
1499
1500 urb->transfer_flags = URB_ISO_ASAP;
1501
1502 if (data->isoc_altsetting == 6)
1503 __fill_isoc_descriptor_msbc(urb, skb->len,
1504 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize),
1505 data);
1506 else
1507 __fill_isoc_descriptor(urb, skb->len,
1508 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1509 skb->dev = (void *)hdev;
1510
1511 return urb;
1512 }
1513
1514 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1515 {
1516 struct btusb_data *data = hci_get_drvdata(hdev);
1517 int err;
1518
1519 usb_anchor_urb(urb, &data->tx_anchor);
1520
1521 err = usb_submit_urb(urb, GFP_KERNEL);
1522 if (err < 0) {
1523 if (err != -EPERM && err != -ENODEV)
1524 bt_dev_err(hdev, "urb %p submission failed (%d)",
1525 urb, -err);
1526 kfree(urb->setup_packet);
1527 usb_unanchor_urb(urb);
1528 } else {
1529 usb_mark_last_busy(data->udev);
1530 }
1531
1532 usb_free_urb(urb);
1533 return err;
1534 }
1535
1536 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1537 {
1538 struct btusb_data *data = hci_get_drvdata(hdev);
1539 unsigned long flags;
1540 bool suspending;
1541
1542 spin_lock_irqsave(&data->txlock, flags);
1543 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1544 if (!suspending)
1545 data->tx_in_flight++;
1546 spin_unlock_irqrestore(&data->txlock, flags);
1547
1548 if (!suspending)
1549 return submit_tx_urb(hdev, urb);
1550
1551 usb_anchor_urb(urb, &data->deferred);
1552 schedule_work(&data->waker);
1553
1554 usb_free_urb(urb);
1555 return 0;
1556 }
1557
1558 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1559 {
1560 struct urb *urb;
1561
1562 BT_DBG("%s", hdev->name);
1563
1564 switch (hci_skb_pkt_type(skb)) {
1565 case HCI_COMMAND_PKT:
1566 urb = alloc_ctrl_urb(hdev, skb);
1567 if (IS_ERR(urb))
1568 return PTR_ERR(urb);
1569
1570 hdev->stat.cmd_tx++;
1571 return submit_or_queue_tx_urb(hdev, urb);
1572
1573 case HCI_ACLDATA_PKT:
1574 urb = alloc_bulk_urb(hdev, skb);
1575 if (IS_ERR(urb))
1576 return PTR_ERR(urb);
1577
1578 hdev->stat.acl_tx++;
1579 return submit_or_queue_tx_urb(hdev, urb);
1580
1581 case HCI_SCODATA_PKT:
1582 if (hci_conn_num(hdev, SCO_LINK) < 1)
1583 return -ENODEV;
1584
1585 urb = alloc_isoc_urb(hdev, skb);
1586 if (IS_ERR(urb))
1587 return PTR_ERR(urb);
1588
1589 hdev->stat.sco_tx++;
1590 return submit_tx_urb(hdev, urb);
1591 }
1592
1593 return -EILSEQ;
1594 }
1595
1596 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1597 {
1598 struct btusb_data *data = hci_get_drvdata(hdev);
1599
1600 BT_DBG("%s evt %d", hdev->name, evt);
1601
1602 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1603 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1604 data->air_mode = evt;
1605 schedule_work(&data->work);
1606 }
1607 }
1608
1609 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1610 {
1611 struct btusb_data *data = hci_get_drvdata(hdev);
1612 struct usb_interface *intf = data->isoc;
1613 struct usb_endpoint_descriptor *ep_desc;
1614 int i, err;
1615
1616 if (!data->isoc)
1617 return -ENODEV;
1618
1619 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1620 if (err < 0) {
1621 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1622 return err;
1623 }
1624
1625 data->isoc_altsetting = altsetting;
1626
1627 data->isoc_tx_ep = NULL;
1628 data->isoc_rx_ep = NULL;
1629
1630 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1631 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1632
1633 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1634 data->isoc_tx_ep = ep_desc;
1635 continue;
1636 }
1637
1638 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1639 data->isoc_rx_ep = ep_desc;
1640 continue;
1641 }
1642 }
1643
1644 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1645 bt_dev_err(hdev, "invalid SCO descriptors");
1646 return -ENODEV;
1647 }
1648
1649 return 0;
1650 }
1651
1652 static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts)
1653 {
1654 struct btusb_data *data = hci_get_drvdata(hdev);
1655 int err;
1656
1657 if (data->isoc_altsetting != new_alts) {
1658 unsigned long flags;
1659
1660 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1661 usb_kill_anchored_urbs(&data->isoc_anchor);
1662
1663 /* When isochronous alternate setting needs to be
1664 * changed, because SCO connection has been added
1665 * or removed, a packet fragment may be left in the
1666 * reassembling state. This could lead to wrongly
1667 * assembled fragments.
1668 *
1669 * Clear outstanding fragment when selecting a new
1670 * alternate setting.
1671 */
1672 spin_lock_irqsave(&data->rxlock, flags);
1673 kfree_skb(data->sco_skb);
1674 data->sco_skb = NULL;
1675 spin_unlock_irqrestore(&data->rxlock, flags);
1676
1677 err = __set_isoc_interface(hdev, new_alts);
1678 if (err < 0)
1679 return err;
1680 }
1681
1682 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1683 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1684 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1685 else
1686 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1687 }
1688
1689 return 0;
1690 }
1691
1692 static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data,
1693 int alt)
1694 {
1695 struct usb_interface *intf = data->isoc;
1696 int i;
1697
1698 BT_DBG("Looking for Alt no :%d", alt);
1699
1700 if (!intf)
1701 return NULL;
1702
1703 for (i = 0; i < intf->num_altsetting; i++) {
1704 if (intf->altsetting[i].desc.bAlternateSetting == alt)
1705 return &intf->altsetting[i];
1706 }
1707
1708 return NULL;
1709 }
1710
1711 static void btusb_work(struct work_struct *work)
1712 {
1713 struct btusb_data *data = container_of(work, struct btusb_data, work);
1714 struct hci_dev *hdev = data->hdev;
1715 int new_alts = 0;
1716 int err;
1717
1718 if (data->sco_num > 0) {
1719 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1720 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1721 if (err < 0) {
1722 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1723 usb_kill_anchored_urbs(&data->isoc_anchor);
1724 return;
1725 }
1726
1727 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1728 }
1729
1730 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) {
1731 if (hdev->voice_setting & 0x0020) {
1732 static const int alts[3] = { 2, 4, 5 };
1733
1734 new_alts = alts[data->sco_num - 1];
1735 } else {
1736 new_alts = data->sco_num;
1737 }
1738 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) {
1739 /* Check if Alt 6 is supported for Transparent audio */
1740 if (btusb_find_altsetting(data, 6)) {
1741 data->usb_alt6_packet_flow = true;
1742 new_alts = 6;
1743 } else if (test_bit(BTUSB_USE_ALT1_FOR_WBS, &data->flags)) {
1744 new_alts = 1;
1745 } else {
1746 bt_dev_err(hdev, "Device does not support ALT setting 6");
1747 }
1748 }
1749
1750 if (btusb_switch_alt_setting(hdev, new_alts) < 0)
1751 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts);
1752 } else {
1753 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1754 usb_kill_anchored_urbs(&data->isoc_anchor);
1755
1756 __set_isoc_interface(hdev, 0);
1757 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1758 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1759 }
1760 }
1761
1762 static void btusb_waker(struct work_struct *work)
1763 {
1764 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1765 int err;
1766
1767 err = usb_autopm_get_interface(data->intf);
1768 if (err < 0)
1769 return;
1770
1771 usb_autopm_put_interface(data->intf);
1772 }
1773
1774 static int btusb_setup_bcm92035(struct hci_dev *hdev)
1775 {
1776 struct sk_buff *skb;
1777 u8 val = 0x00;
1778
1779 BT_DBG("%s", hdev->name);
1780
1781 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1782 if (IS_ERR(skb))
1783 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1784 else
1785 kfree_skb(skb);
1786
1787 return 0;
1788 }
1789
1790 static int btusb_setup_csr(struct hci_dev *hdev)
1791 {
1792 struct btusb_data *data = hci_get_drvdata(hdev);
1793 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice);
1794 struct hci_rp_read_local_version *rp;
1795 struct sk_buff *skb;
1796 bool is_fake = false;
1797 int ret;
1798
1799 BT_DBG("%s", hdev->name);
1800
1801 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1802 HCI_INIT_TIMEOUT);
1803 if (IS_ERR(skb)) {
1804 int err = PTR_ERR(skb);
1805 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1806 return err;
1807 }
1808
1809 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1810 bt_dev_err(hdev, "CSR: Local version length mismatch");
1811 kfree_skb(skb);
1812 return -EIO;
1813 }
1814
1815 rp = (struct hci_rp_read_local_version *)skb->data;
1816
1817 /* Detect a wide host of Chinese controllers that aren't CSR.
1818 *
1819 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891
1820 *
1821 * The main thing they have in common is that these are really popular low-cost
1822 * options that support newer Bluetooth versions but rely on heavy VID/PID
1823 * squatting of this poor old Bluetooth 1.1 device. Even sold as such.
1824 *
1825 * We detect actual CSR devices by checking that the HCI manufacturer code
1826 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and
1827 * HCI rev values always match. As they both store the firmware number.
1828 */
1829 if (le16_to_cpu(rp->manufacturer) != 10 ||
1830 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver))
1831 is_fake = true;
1832
1833 /* Known legit CSR firmware build numbers and their supported BT versions:
1834 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e
1835 * - 1.2 (0x2) -> 0x04d9, 0x0529
1836 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c
1837 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External)
1838 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb
1839 *
1840 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that
1841 * support BT 1.1 only; so it's a dead giveaway when some
1842 * third-party BT 4.0 dongle reuses it.
1843 */
1844 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
1845 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
1846 is_fake = true;
1847
1848 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
1849 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
1850 is_fake = true;
1851
1852 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
1853 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
1854 is_fake = true;
1855
1856 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
1857 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
1858 is_fake = true;
1859
1860 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
1861 le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
1862 is_fake = true;
1863
1864 /* Other clones which beat all the above checks */
1865 else if (bcdDevice == 0x0134 &&
1866 le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
1867 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
1868 is_fake = true;
1869
1870 if (is_fake) {
1871 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds...");
1872
1873 /* Generally these clones have big discrepancies between
1874 * advertised features and what's actually supported.
1875 * Probably will need to be expanded in the future;
1876 * without these the controller will lock up.
1877 */
1878 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1879 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks);
1880
1881 /* Clear the reset quirk since this is not an actual
1882 * early Bluetooth 1.1 device from CSR.
1883 */
1884 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1885 clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
1886
1887 /*
1888 * Special workaround for clones with a Barrot 8041a02 chip,
1889 * these clones are really messed-up:
1890 * 1. Their bulk rx endpoint will never report any data unless
1891 * the device was suspended at least once (yes really).
1892 * 2. They will not wakeup when autosuspended and receiving data
1893 * on their bulk rx endpoint from e.g. a keyboard or mouse
1894 * (IOW remote-wakeup support is broken for the bulk endpoint).
1895 *
1896 * To fix 1. enable runtime-suspend, force-suspend the
1897 * hci and then wake-it up by disabling runtime-suspend.
1898 *
1899 * To fix 2. clear the hci's can_wake flag, this way the hci
1900 * will still be autosuspended when it is not open.
1901 */
1902 if (bcdDevice == 0x8891 &&
1903 le16_to_cpu(rp->lmp_subver) == 0x1012 &&
1904 le16_to_cpu(rp->hci_rev) == 0x0810 &&
1905 le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_4_0) {
1906 bt_dev_warn(hdev, "CSR: detected a fake CSR dongle using a Barrot 8041a02 chip, this chip is very buggy and may have issues\n");
1907
1908 pm_runtime_allow(&data->udev->dev);
1909
1910 ret = pm_runtime_suspend(&data->udev->dev);
1911 if (ret >= 0)
1912 msleep(200);
1913 else
1914 bt_dev_err(hdev, "Failed to suspend the device for Barrot 8041a02 receive-issue workaround\n");
1915
1916 pm_runtime_forbid(&data->udev->dev);
1917
1918 device_set_wakeup_capable(&data->udev->dev, false);
1919 /* Re-enable autosuspend if this was requested */
1920 if (enable_autosuspend)
1921 usb_enable_autosuspend(data->udev);
1922 }
1923 }
1924
1925 kfree_skb(skb);
1926
1927 return 0;
1928 }
1929
1930 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1931 struct intel_version *ver)
1932 {
1933 const struct firmware *fw;
1934 char fwname[64];
1935 int ret;
1936
1937 snprintf(fwname, sizeof(fwname),
1938 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1939 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1940 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1941 ver->fw_build_ww, ver->fw_build_yy);
1942
1943 ret = request_firmware(&fw, fwname, &hdev->dev);
1944 if (ret < 0) {
1945 if (ret == -EINVAL) {
1946 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1947 ret);
1948 return NULL;
1949 }
1950
1951 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1952 fwname, ret);
1953
1954 /* If the correct firmware patch file is not found, use the
1955 * default firmware patch file instead
1956 */
1957 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1958 ver->hw_platform, ver->hw_variant);
1959 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1960 bt_dev_err(hdev, "failed to open default fw file: %s",
1961 fwname);
1962 return NULL;
1963 }
1964 }
1965
1966 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1967
1968 return fw;
1969 }
1970
1971 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1972 const struct firmware *fw,
1973 const u8 **fw_ptr, int *disable_patch)
1974 {
1975 struct sk_buff *skb;
1976 struct hci_command_hdr *cmd;
1977 const u8 *cmd_param;
1978 struct hci_event_hdr *evt = NULL;
1979 const u8 *evt_param = NULL;
1980 int remain = fw->size - (*fw_ptr - fw->data);
1981
1982 /* The first byte indicates the types of the patch command or event.
1983 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1984 * in the current firmware buffer doesn't start with 0x01 or
1985 * the size of remain buffer is smaller than HCI command header,
1986 * the firmware file is corrupted and it should stop the patching
1987 * process.
1988 */
1989 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1990 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1991 return -EINVAL;
1992 }
1993 (*fw_ptr)++;
1994 remain--;
1995
1996 cmd = (struct hci_command_hdr *)(*fw_ptr);
1997 *fw_ptr += sizeof(*cmd);
1998 remain -= sizeof(*cmd);
1999
2000 /* Ensure that the remain firmware data is long enough than the length
2001 * of command parameter. If not, the firmware file is corrupted.
2002 */
2003 if (remain < cmd->plen) {
2004 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
2005 return -EFAULT;
2006 }
2007
2008 /* If there is a command that loads a patch in the firmware
2009 * file, then enable the patch upon success, otherwise just
2010 * disable the manufacturer mode, for example patch activation
2011 * is not required when the default firmware patch file is used
2012 * because there are no patch data to load.
2013 */
2014 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
2015 *disable_patch = 0;
2016
2017 cmd_param = *fw_ptr;
2018 *fw_ptr += cmd->plen;
2019 remain -= cmd->plen;
2020
2021 /* This reads the expected events when the above command is sent to the
2022 * device. Some vendor commands expects more than one events, for
2023 * example command status event followed by vendor specific event.
2024 * For this case, it only keeps the last expected event. so the command
2025 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
2026 * last expected event.
2027 */
2028 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
2029 (*fw_ptr)++;
2030 remain--;
2031
2032 evt = (struct hci_event_hdr *)(*fw_ptr);
2033 *fw_ptr += sizeof(*evt);
2034 remain -= sizeof(*evt);
2035
2036 if (remain < evt->plen) {
2037 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
2038 return -EFAULT;
2039 }
2040
2041 evt_param = *fw_ptr;
2042 *fw_ptr += evt->plen;
2043 remain -= evt->plen;
2044 }
2045
2046 /* Every HCI commands in the firmware file has its correspond event.
2047 * If event is not found or remain is smaller than zero, the firmware
2048 * file is corrupted.
2049 */
2050 if (!evt || !evt_param || remain < 0) {
2051 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
2052 return -EFAULT;
2053 }
2054
2055 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
2056 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
2057 if (IS_ERR(skb)) {
2058 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
2059 cmd->opcode, PTR_ERR(skb));
2060 return PTR_ERR(skb);
2061 }
2062
2063 /* It ensures that the returned event matches the event data read from
2064 * the firmware file. At fist, it checks the length and then
2065 * the contents of the event.
2066 */
2067 if (skb->len != evt->plen) {
2068 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
2069 le16_to_cpu(cmd->opcode));
2070 kfree_skb(skb);
2071 return -EFAULT;
2072 }
2073
2074 if (memcmp(skb->data, evt_param, evt->plen)) {
2075 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
2076 le16_to_cpu(cmd->opcode));
2077 kfree_skb(skb);
2078 return -EFAULT;
2079 }
2080 kfree_skb(skb);
2081
2082 return 0;
2083 }
2084
2085 static int btusb_setup_intel(struct hci_dev *hdev)
2086 {
2087 struct sk_buff *skb;
2088 const struct firmware *fw;
2089 const u8 *fw_ptr;
2090 int disable_patch, err;
2091 struct intel_version ver;
2092
2093 BT_DBG("%s", hdev->name);
2094
2095 /* The controller has a bug with the first HCI command sent to it
2096 * returning number of completed commands as zero. This would stall the
2097 * command processing in the Bluetooth core.
2098 *
2099 * As a workaround, send HCI Reset command first which will reset the
2100 * number of completed commands and allow normal command processing
2101 * from now on.
2102 */
2103 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2104 if (IS_ERR(skb)) {
2105 bt_dev_err(hdev, "sending initial HCI reset command failed (%ld)",
2106 PTR_ERR(skb));
2107 return PTR_ERR(skb);
2108 }
2109 kfree_skb(skb);
2110
2111 /* Read Intel specific controller version first to allow selection of
2112 * which firmware file to load.
2113 *
2114 * The returned information are hardware variant and revision plus
2115 * firmware variant, revision and build number.
2116 */
2117 err = btintel_read_version(hdev, &ver);
2118 if (err)
2119 return err;
2120
2121 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
2122 ver.hw_platform, ver.hw_variant, ver.hw_revision,
2123 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
2124 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
2125
2126 /* fw_patch_num indicates the version of patch the device currently
2127 * have. If there is no patch data in the device, it is always 0x00.
2128 * So, if it is other than 0x00, no need to patch the device again.
2129 */
2130 if (ver.fw_patch_num) {
2131 bt_dev_info(hdev, "Intel device is already patched. "
2132 "patch num: %02x", ver.fw_patch_num);
2133 goto complete;
2134 }
2135
2136 /* Opens the firmware patch file based on the firmware version read
2137 * from the controller. If it fails to open the matching firmware
2138 * patch file, it tries to open the default firmware patch file.
2139 * If no patch file is found, allow the device to operate without
2140 * a patch.
2141 */
2142 fw = btusb_setup_intel_get_fw(hdev, &ver);
2143 if (!fw)
2144 goto complete;
2145 fw_ptr = fw->data;
2146
2147 /* Enable the manufacturer mode of the controller.
2148 * Only while this mode is enabled, the driver can download the
2149 * firmware patch data and configuration parameters.
2150 */
2151 err = btintel_enter_mfg(hdev);
2152 if (err) {
2153 release_firmware(fw);
2154 return err;
2155 }
2156
2157 disable_patch = 1;
2158
2159 /* The firmware data file consists of list of Intel specific HCI
2160 * commands and its expected events. The first byte indicates the
2161 * type of the message, either HCI command or HCI event.
2162 *
2163 * It reads the command and its expected event from the firmware file,
2164 * and send to the controller. Once __hci_cmd_sync_ev() returns,
2165 * the returned event is compared with the event read from the firmware
2166 * file and it will continue until all the messages are downloaded to
2167 * the controller.
2168 *
2169 * Once the firmware patching is completed successfully,
2170 * the manufacturer mode is disabled with reset and activating the
2171 * downloaded patch.
2172 *
2173 * If the firmware patching fails, the manufacturer mode is
2174 * disabled with reset and deactivating the patch.
2175 *
2176 * If the default patch file is used, no reset is done when disabling
2177 * the manufacturer.
2178 */
2179 while (fw->size > fw_ptr - fw->data) {
2180 int ret;
2181
2182 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
2183 &disable_patch);
2184 if (ret < 0)
2185 goto exit_mfg_deactivate;
2186 }
2187
2188 release_firmware(fw);
2189
2190 if (disable_patch)
2191 goto exit_mfg_disable;
2192
2193 /* Patching completed successfully and disable the manufacturer mode
2194 * with reset and activate the downloaded firmware patches.
2195 */
2196 err = btintel_exit_mfg(hdev, true, true);
2197 if (err)
2198 return err;
2199
2200 /* Need build number for downloaded fw patches in
2201 * every power-on boot
2202 */
2203 err = btintel_read_version(hdev, &ver);
2204 if (err)
2205 return err;
2206 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
2207 ver.fw_patch_num);
2208
2209 goto complete;
2210
2211 exit_mfg_disable:
2212 /* Disable the manufacturer mode without reset */
2213 err = btintel_exit_mfg(hdev, false, false);
2214 if (err)
2215 return err;
2216
2217 bt_dev_info(hdev, "Intel firmware patch completed");
2218
2219 goto complete;
2220
2221 exit_mfg_deactivate:
2222 release_firmware(fw);
2223
2224 /* Patching failed. Disable the manufacturer mode with reset and
2225 * deactivate the downloaded firmware patches.
2226 */
2227 err = btintel_exit_mfg(hdev, true, false);
2228 if (err)
2229 return err;
2230
2231 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
2232
2233 complete:
2234 /* Set the event mask for Intel specific vendor events. This enables
2235 * a few extra events that are useful during general operation.
2236 */
2237 btintel_set_event_mask_mfg(hdev, false);
2238
2239 btintel_check_bdaddr(hdev);
2240 return 0;
2241 }
2242
2243 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
2244 {
2245 struct sk_buff *skb;
2246 struct hci_event_hdr *hdr;
2247 struct hci_ev_cmd_complete *evt;
2248
2249 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
2250 if (!skb)
2251 return -ENOMEM;
2252
2253 hdr = skb_put(skb, sizeof(*hdr));
2254 hdr->evt = HCI_EV_CMD_COMPLETE;
2255 hdr->plen = sizeof(*evt) + 1;
2256
2257 evt = skb_put(skb, sizeof(*evt));
2258 evt->ncmd = 0x01;
2259 evt->opcode = cpu_to_le16(opcode);
2260
2261 skb_put_u8(skb, 0x00);
2262
2263 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
2264
2265 return hci_recv_frame(hdev, skb);
2266 }
2267
2268 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
2269 int count)
2270 {
2271 /* When the device is in bootloader mode, then it can send
2272 * events via the bulk endpoint. These events are treated the
2273 * same way as the ones received from the interrupt endpoint.
2274 */
2275 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
2276 return btusb_recv_intr(data, buffer, count);
2277
2278 return btusb_recv_bulk(data, buffer, count);
2279 }
2280
2281 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
2282 unsigned int len)
2283 {
2284 const struct intel_bootup *evt = ptr;
2285
2286 if (len != sizeof(*evt))
2287 return;
2288
2289 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags))
2290 wake_up_bit(&data->flags, BTUSB_BOOTING);
2291 }
2292
2293 static void btusb_intel_secure_send_result(struct btusb_data *data,
2294 const void *ptr, unsigned int len)
2295 {
2296 const struct intel_secure_send_result *evt = ptr;
2297
2298 if (len != sizeof(*evt))
2299 return;
2300
2301 if (evt->result)
2302 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
2303
2304 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
2305 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags))
2306 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
2307 }
2308
2309 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2310 {
2311 struct btusb_data *data = hci_get_drvdata(hdev);
2312
2313 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2314 struct hci_event_hdr *hdr = (void *)skb->data;
2315
2316 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2317 hdr->plen > 0) {
2318 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2319 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2320
2321 switch (skb->data[2]) {
2322 case 0x02:
2323 /* When switching to the operational firmware
2324 * the device sends a vendor specific event
2325 * indicating that the bootup completed.
2326 */
2327 btusb_intel_bootup(data, ptr, len);
2328 break;
2329 case 0x06:
2330 /* When the firmware loading completes the
2331 * device sends out a vendor specific event
2332 * indicating the result of the firmware
2333 * loading.
2334 */
2335 btusb_intel_secure_send_result(data, ptr, len);
2336 break;
2337 }
2338 }
2339 }
2340
2341 return hci_recv_frame(hdev, skb);
2342 }
2343
2344 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2345 {
2346 struct btusb_data *data = hci_get_drvdata(hdev);
2347 struct urb *urb;
2348
2349 BT_DBG("%s", hdev->name);
2350
2351 switch (hci_skb_pkt_type(skb)) {
2352 case HCI_COMMAND_PKT:
2353 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2354 struct hci_command_hdr *cmd = (void *)skb->data;
2355 __u16 opcode = le16_to_cpu(cmd->opcode);
2356
2357 /* When in bootloader mode and the command 0xfc09
2358 * is received, it needs to be send down the
2359 * bulk endpoint. So allocate a bulk URB instead.
2360 */
2361 if (opcode == 0xfc09)
2362 urb = alloc_bulk_urb(hdev, skb);
2363 else
2364 urb = alloc_ctrl_urb(hdev, skb);
2365
2366 /* When the 0xfc01 command is issued to boot into
2367 * the operational firmware, it will actually not
2368 * send a command complete event. To keep the flow
2369 * control working inject that event here.
2370 */
2371 if (opcode == 0xfc01)
2372 inject_cmd_complete(hdev, opcode);
2373 } else {
2374 urb = alloc_ctrl_urb(hdev, skb);
2375 }
2376 if (IS_ERR(urb))
2377 return PTR_ERR(urb);
2378
2379 hdev->stat.cmd_tx++;
2380 return submit_or_queue_tx_urb(hdev, urb);
2381
2382 case HCI_ACLDATA_PKT:
2383 urb = alloc_bulk_urb(hdev, skb);
2384 if (IS_ERR(urb))
2385 return PTR_ERR(urb);
2386
2387 hdev->stat.acl_tx++;
2388 return submit_or_queue_tx_urb(hdev, urb);
2389
2390 case HCI_SCODATA_PKT:
2391 if (hci_conn_num(hdev, SCO_LINK) < 1)
2392 return -ENODEV;
2393
2394 urb = alloc_isoc_urb(hdev, skb);
2395 if (IS_ERR(urb))
2396 return PTR_ERR(urb);
2397
2398 hdev->stat.sco_tx++;
2399 return submit_tx_urb(hdev, urb);
2400 }
2401
2402 return -EILSEQ;
2403 }
2404
2405 static bool btusb_setup_intel_new_get_fw_name(struct intel_version *ver,
2406 struct intel_boot_params *params,
2407 char *fw_name, size_t len,
2408 const char *suffix)
2409 {
2410 switch (ver->hw_variant) {
2411 case 0x0b: /* SfP */
2412 case 0x0c: /* WsP */
2413 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
2414 le16_to_cpu(ver->hw_variant),
2415 le16_to_cpu(params->dev_revid),
2416 suffix);
2417 break;
2418 case 0x11: /* JfP */
2419 case 0x12: /* ThP */
2420 case 0x13: /* HrP */
2421 case 0x14: /* CcP */
2422 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
2423 le16_to_cpu(ver->hw_variant),
2424 le16_to_cpu(ver->hw_revision),
2425 le16_to_cpu(ver->fw_revision),
2426 suffix);
2427 break;
2428 default:
2429 return false;
2430 }
2431 return true;
2432 }
2433
2434 static void btusb_setup_intel_newgen_get_fw_name(const struct intel_version_tlv *ver_tlv,
2435 char *fw_name, size_t len,
2436 const char *suffix)
2437 {
2438 /* The firmware file name for new generation controllers will be
2439 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step>
2440 */
2441 snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s",
2442 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver_tlv->cnvi_top),
2443 INTEL_CNVX_TOP_STEP(ver_tlv->cnvi_top)),
2444 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver_tlv->cnvr_top),
2445 INTEL_CNVX_TOP_STEP(ver_tlv->cnvr_top)),
2446 suffix);
2447 }
2448
2449 static int btusb_intel_download_firmware_newgen(struct hci_dev *hdev,
2450 struct intel_version_tlv *ver,
2451 u32 *boot_param)
2452 {
2453 const struct firmware *fw;
2454 char fwname[64];
2455 int err;
2456 struct btusb_data *data = hci_get_drvdata(hdev);
2457
2458 if (!ver || !boot_param)
2459 return -EINVAL;
2460
2461 /* The hardware platform number has a fixed value of 0x37 and
2462 * for now only accept this single value.
2463 */
2464 if (INTEL_HW_PLATFORM(ver->cnvi_bt) != 0x37) {
2465 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
2466 INTEL_HW_PLATFORM(ver->cnvi_bt));
2467 return -EINVAL;
2468 }
2469
2470 /* The firmware variant determines if the device is in bootloader
2471 * mode or is running operational firmware. The value 0x03 identifies
2472 * the bootloader and the value 0x23 identifies the operational
2473 * firmware.
2474 *
2475 * When the operational firmware is already present, then only
2476 * the check for valid Bluetooth device address is needed. This
2477 * determines if the device will be added as configured or
2478 * unconfigured controller.
2479 *
2480 * It is not possible to use the Secure Boot Parameters in this
2481 * case since that command is only available in bootloader mode.
2482 */
2483 if (ver->img_type == 0x03) {
2484 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2485 btintel_check_bdaddr(hdev);
2486 return 0;
2487 }
2488
2489 /* Check for supported iBT hardware variants of this firmware
2490 * loading method.
2491 *
2492 * This check has been put in place to ensure correct forward
2493 * compatibility options when newer hardware variants come along.
2494 */
2495 switch (INTEL_HW_VARIANT(ver->cnvi_bt)) {
2496 case 0x17: /* TyP */
2497 case 0x18: /* Slr */
2498 case 0x19: /* Slr-F */
2499 break;
2500 default:
2501 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
2502 INTEL_HW_VARIANT(ver->cnvi_bt));
2503 return -EINVAL;
2504 }
2505
2506 /* If the device is not in bootloader mode, then the only possible
2507 * choice is to return an error and abort the device initialization.
2508 */
2509 if (ver->img_type != 0x01) {
2510 bt_dev_err(hdev, "Unsupported Intel firmware variant (0x%x)",
2511 ver->img_type);
2512 return -ENODEV;
2513 }
2514
2515 /* It is required that every single firmware fragment is acknowledged
2516 * with a command complete event. If the boot parameters indicate
2517 * that this bootloader does not send them, then abort the setup.
2518 */
2519 if (ver->limited_cce != 0x00) {
2520 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)",
2521 ver->limited_cce);
2522 return -EINVAL;
2523 }
2524
2525 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */
2526 if (ver->sbe_type > 0x01) {
2527 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)",
2528 ver->sbe_type);
2529 return -EINVAL;
2530 }
2531
2532 /* If the OTP has no valid Bluetooth device address, then there will
2533 * also be no valid address for the operational firmware.
2534 */
2535 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) {
2536 bt_dev_info(hdev, "No device address configured");
2537 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2538 }
2539
2540 btusb_setup_intel_newgen_get_fw_name(ver, fwname, sizeof(fwname), "sfi");
2541 err = request_firmware(&fw, fwname, &hdev->dev);
2542 if (err < 0) {
2543 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err);
2544 return err;
2545 }
2546
2547 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2548
2549 if (fw->size < 644) {
2550 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2551 fw->size);
2552 err = -EBADF;
2553 goto done;
2554 }
2555
2556 set_bit(BTUSB_DOWNLOADING, &data->flags);
2557
2558 /* Start firmware downloading and get boot parameter */
2559 err = btintel_download_firmware_newgen(hdev, fw, boot_param,
2560 INTEL_HW_VARIANT(ver->cnvi_bt),
2561 ver->sbe_type);
2562 if (err < 0) {
2563 /* When FW download fails, send Intel Reset to retry
2564 * FW download.
2565 */
2566 btintel_reset_to_bootloader(hdev);
2567 goto done;
2568 }
2569 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2570
2571 bt_dev_info(hdev, "Waiting for firmware download to complete");
2572
2573 /* Before switching the device into operational mode and with that
2574 * booting the loaded firmware, wait for the bootloader notification
2575 * that all fragments have been successfully received.
2576 *
2577 * When the event processing receives the notification, then the
2578 * BTUSB_DOWNLOADING flag will be cleared.
2579 *
2580 * The firmware loading should not take longer than 5 seconds
2581 * and thus just timeout if that happens and fail the setup
2582 * of this device.
2583 */
2584 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2585 TASK_INTERRUPTIBLE,
2586 msecs_to_jiffies(5000));
2587 if (err == -EINTR) {
2588 bt_dev_err(hdev, "Firmware loading interrupted");
2589 goto done;
2590 }
2591
2592 if (err) {
2593 bt_dev_err(hdev, "Firmware loading timeout");
2594 err = -ETIMEDOUT;
2595 btintel_reset_to_bootloader(hdev);
2596 goto done;
2597 }
2598
2599 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2600 bt_dev_err(hdev, "Firmware loading failed");
2601 err = -ENOEXEC;
2602 goto done;
2603 }
2604
2605 done:
2606 release_firmware(fw);
2607 return err;
2608 }
2609
2610 static int btusb_intel_download_firmware(struct hci_dev *hdev,
2611 struct intel_version *ver,
2612 struct intel_boot_params *params,
2613 u32 *boot_param)
2614 {
2615 const struct firmware *fw;
2616 char fwname[64];
2617 int err;
2618 struct btusb_data *data = hci_get_drvdata(hdev);
2619
2620 if (!ver || !params)
2621 return -EINVAL;
2622
2623 /* The hardware platform number has a fixed value of 0x37 and
2624 * for now only accept this single value.
2625 */
2626 if (ver->hw_platform != 0x37) {
2627 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
2628 ver->hw_platform);
2629 return -EINVAL;
2630 }
2631
2632 /* Check for supported iBT hardware variants of this firmware
2633 * loading method.
2634 *
2635 * This check has been put in place to ensure correct forward
2636 * compatibility options when newer hardware variants come along.
2637 */
2638 switch (ver->hw_variant) {
2639 case 0x0b: /* SfP */
2640 case 0x0c: /* WsP */
2641 case 0x11: /* JfP */
2642 case 0x12: /* ThP */
2643 case 0x13: /* HrP */
2644 case 0x14: /* CcP */
2645 break;
2646 default:
2647 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
2648 ver->hw_variant);
2649 return -EINVAL;
2650 }
2651
2652 btintel_version_info(hdev, ver);
2653
2654 /* The firmware variant determines if the device is in bootloader
2655 * mode or is running operational firmware. The value 0x06 identifies
2656 * the bootloader and the value 0x23 identifies the operational
2657 * firmware.
2658 *
2659 * When the operational firmware is already present, then only
2660 * the check for valid Bluetooth device address is needed. This
2661 * determines if the device will be added as configured or
2662 * unconfigured controller.
2663 *
2664 * It is not possible to use the Secure Boot Parameters in this
2665 * case since that command is only available in bootloader mode.
2666 */
2667 if (ver->fw_variant == 0x23) {
2668 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2669 btintel_check_bdaddr(hdev);
2670 return 0;
2671 }
2672
2673 /* If the device is not in bootloader mode, then the only possible
2674 * choice is to return an error and abort the device initialization.
2675 */
2676 if (ver->fw_variant != 0x06) {
2677 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
2678 ver->fw_variant);
2679 return -ENODEV;
2680 }
2681
2682 /* Read the secure boot parameters to identify the operating
2683 * details of the bootloader.
2684 */
2685 err = btintel_read_boot_params(hdev, params);
2686 if (err)
2687 return err;
2688
2689 /* It is required that every single firmware fragment is acknowledged
2690 * with a command complete event. If the boot parameters indicate
2691 * that this bootloader does not send them, then abort the setup.
2692 */
2693 if (params->limited_cce != 0x00) {
2694 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
2695 params->limited_cce);
2696 return -EINVAL;
2697 }
2698
2699 /* If the OTP has no valid Bluetooth device address, then there will
2700 * also be no valid address for the operational firmware.
2701 */
2702 if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) {
2703 bt_dev_info(hdev, "No device address configured");
2704 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2705 }
2706
2707 /* With this Intel bootloader only the hardware variant and device
2708 * revision information are used to select the right firmware for SfP
2709 * and WsP.
2710 *
2711 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2712 *
2713 * Currently the supported hardware variants are:
2714 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2715 * 12 (0x0c) for iBT3.5 (WsP)
2716 *
2717 * For ThP/JfP and for future SKU's, the FW name varies based on HW
2718 * variant, HW revision and FW revision, as these are dependent on CNVi
2719 * and RF Combination.
2720 *
2721 * 17 (0x11) for iBT3.5 (JfP)
2722 * 18 (0x12) for iBT3.5 (ThP)
2723 *
2724 * The firmware file name for these will be
2725 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
2726 *
2727 */
2728 err = btusb_setup_intel_new_get_fw_name(ver, params, fwname,
2729 sizeof(fwname), "sfi");
2730 if (!err) {
2731 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2732 return -EINVAL;
2733 }
2734
2735 err = request_firmware(&fw, fwname, &hdev->dev);
2736 if (err < 0) {
2737 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err);
2738 return err;
2739 }
2740
2741 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2742
2743 if (fw->size < 644) {
2744 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2745 fw->size);
2746 err = -EBADF;
2747 goto done;
2748 }
2749
2750 set_bit(BTUSB_DOWNLOADING, &data->flags);
2751
2752 /* Start firmware downloading and get boot parameter */
2753 err = btintel_download_firmware(hdev, fw, boot_param);
2754 if (err < 0) {
2755 /* When FW download fails, send Intel Reset to retry
2756 * FW download.
2757 */
2758 btintel_reset_to_bootloader(hdev);
2759 goto done;
2760 }
2761 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2762
2763 bt_dev_info(hdev, "Waiting for firmware download to complete");
2764
2765 /* Before switching the device into operational mode and with that
2766 * booting the loaded firmware, wait for the bootloader notification
2767 * that all fragments have been successfully received.
2768 *
2769 * When the event processing receives the notification, then the
2770 * BTUSB_DOWNLOADING flag will be cleared.
2771 *
2772 * The firmware loading should not take longer than 5 seconds
2773 * and thus just timeout if that happens and fail the setup
2774 * of this device.
2775 */
2776 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2777 TASK_INTERRUPTIBLE,
2778 msecs_to_jiffies(5000));
2779 if (err == -EINTR) {
2780 bt_dev_err(hdev, "Firmware loading interrupted");
2781 goto done;
2782 }
2783
2784 if (err) {
2785 bt_dev_err(hdev, "Firmware loading timeout");
2786 err = -ETIMEDOUT;
2787 btintel_reset_to_bootloader(hdev);
2788 goto done;
2789 }
2790
2791 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2792 bt_dev_err(hdev, "Firmware loading failed");
2793 err = -ENOEXEC;
2794 goto done;
2795 }
2796
2797 done:
2798 release_firmware(fw);
2799 return err;
2800 }
2801
2802 static int btusb_setup_intel_new(struct hci_dev *hdev)
2803 {
2804 struct btusb_data *data = hci_get_drvdata(hdev);
2805 struct intel_version ver;
2806 struct intel_boot_params params;
2807 u32 boot_param;
2808 char ddcname[64];
2809 ktime_t calltime, delta, rettime;
2810 unsigned long long duration;
2811 int err;
2812 struct intel_debug_features features;
2813
2814 BT_DBG("%s", hdev->name);
2815
2816 /* Set the default boot parameter to 0x0 and it is updated to
2817 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2818 * command while downloading the firmware.
2819 */
2820 boot_param = 0x00000000;
2821
2822 calltime = ktime_get();
2823
2824 /* Read the Intel version information to determine if the device
2825 * is in bootloader mode or if it already has operational firmware
2826 * loaded.
2827 */
2828 err = btintel_read_version(hdev, &ver);
2829 if (err) {
2830 bt_dev_err(hdev, "Intel Read version failed (%d)", err);
2831 btintel_reset_to_bootloader(hdev);
2832 return err;
2833 }
2834
2835 err = btusb_intel_download_firmware(hdev, &ver, &params, &boot_param);
2836 if (err)
2837 return err;
2838
2839 /* controller is already having an operational firmware */
2840 if (ver.fw_variant == 0x23)
2841 goto finish;
2842
2843 rettime = ktime_get();
2844 delta = ktime_sub(rettime, calltime);
2845 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2846
2847 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2848
2849 calltime = ktime_get();
2850
2851 set_bit(BTUSB_BOOTING, &data->flags);
2852
2853 err = btintel_send_intel_reset(hdev, boot_param);
2854 if (err) {
2855 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
2856 btintel_reset_to_bootloader(hdev);
2857 return err;
2858 }
2859
2860 /* The bootloader will not indicate when the device is ready. This
2861 * is done by the operational firmware sending bootup notification.
2862 *
2863 * Booting into operational firmware should not take longer than
2864 * 1 second. However if that happens, then just fail the setup
2865 * since something went wrong.
2866 */
2867 bt_dev_info(hdev, "Waiting for device to boot");
2868
2869 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2870 TASK_INTERRUPTIBLE,
2871 msecs_to_jiffies(1000));
2872
2873 if (err == -EINTR) {
2874 bt_dev_err(hdev, "Device boot interrupted");
2875 return -EINTR;
2876 }
2877
2878 if (err) {
2879 bt_dev_err(hdev, "Device boot timeout");
2880 btintel_reset_to_bootloader(hdev);
2881 return -ETIMEDOUT;
2882 }
2883
2884 rettime = ktime_get();
2885 delta = ktime_sub(rettime, calltime);
2886 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2887
2888 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2889
2890 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2891
2892 err = btusb_setup_intel_new_get_fw_name(&ver, &params, ddcname,
2893 sizeof(ddcname), "ddc");
2894
2895 if (!err) {
2896 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2897 } else {
2898 /* Once the device is running in operational mode, it needs to
2899 * apply the device configuration (DDC) parameters.
2900 *
2901 * The device can work without DDC parameters, so even if it
2902 * fails to load the file, no need to fail the setup.
2903 */
2904 btintel_load_ddc_config(hdev, ddcname);
2905 }
2906
2907 /* Read the Intel supported features and if new exception formats
2908 * supported, need to load the additional DDC config to enable.
2909 */
2910 btintel_read_debug_features(hdev, &features);
2911
2912 /* Set DDC mask for available debug features */
2913 btintel_set_debug_features(hdev, &features);
2914
2915 /* Read the Intel version information after loading the FW */
2916 err = btintel_read_version(hdev, &ver);
2917 if (err)
2918 return err;
2919
2920 btintel_version_info(hdev, &ver);
2921
2922 finish:
2923 /* All Intel controllers that support the Microsoft vendor
2924 * extension are using 0xFC1E for VsMsftOpCode.
2925 */
2926 switch (ver.hw_variant) {
2927 case 0x12: /* ThP */
2928 hci_set_msft_opcode(hdev, 0xFC1E);
2929 break;
2930 }
2931
2932 /* Set the event mask for Intel specific vendor events. This enables
2933 * a few extra events that are useful during general operation. It
2934 * does not enable any debugging related events.
2935 *
2936 * The device will function correctly without these events enabled
2937 * and thus no need to fail the setup.
2938 */
2939 btintel_set_event_mask(hdev, false);
2940
2941 return 0;
2942 }
2943
2944 static int btusb_setup_intel_newgen(struct hci_dev *hdev)
2945 {
2946 struct btusb_data *data = hci_get_drvdata(hdev);
2947 u32 boot_param;
2948 char ddcname[64];
2949 ktime_t calltime, delta, rettime;
2950 unsigned long long duration;
2951 int err;
2952 struct intel_debug_features features;
2953 struct intel_version_tlv version;
2954
2955 bt_dev_dbg(hdev, "");
2956
2957 /* Set the default boot parameter to 0x0 and it is updated to
2958 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2959 * command while downloading the firmware.
2960 */
2961 boot_param = 0x00000000;
2962
2963 calltime = ktime_get();
2964
2965 /* Read the Intel version information to determine if the device
2966 * is in bootloader mode or if it already has operational firmware
2967 * loaded.
2968 */
2969 err = btintel_read_version_tlv(hdev, &version);
2970 if (err) {
2971 bt_dev_err(hdev, "Intel Read version failed (%d)", err);
2972 btintel_reset_to_bootloader(hdev);
2973 return err;
2974 }
2975
2976 btintel_version_info_tlv(hdev, &version);
2977
2978 err = btusb_intel_download_firmware_newgen(hdev, &version, &boot_param);
2979 if (err)
2980 return err;
2981
2982 /* check if controller is already having an operational firmware */
2983 if (version.img_type == 0x03)
2984 goto finish;
2985
2986 rettime = ktime_get();
2987 delta = ktime_sub(rettime, calltime);
2988 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
2989
2990 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2991
2992 calltime = ktime_get();
2993
2994 set_bit(BTUSB_BOOTING, &data->flags);
2995
2996 err = btintel_send_intel_reset(hdev, boot_param);
2997 if (err) {
2998 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
2999 btintel_reset_to_bootloader(hdev);
3000 return err;
3001 }
3002
3003 /* The bootloader will not indicate when the device is ready. This
3004 * is done by the operational firmware sending bootup notification.
3005 *
3006 * Booting into operational firmware should not take longer than
3007 * 1 second. However if that happens, then just fail the setup
3008 * since something went wrong.
3009 */
3010 bt_dev_info(hdev, "Waiting for device to boot");
3011
3012 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
3013 TASK_INTERRUPTIBLE,
3014 msecs_to_jiffies(1000));
3015
3016 if (err == -EINTR) {
3017 bt_dev_err(hdev, "Device boot interrupted");
3018 return -EINTR;
3019 }
3020
3021 if (err) {
3022 bt_dev_err(hdev, "Device boot timeout");
3023 btintel_reset_to_bootloader(hdev);
3024 return -ETIMEDOUT;
3025 }
3026
3027 rettime = ktime_get();
3028 delta = ktime_sub(rettime, calltime);
3029 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
3030
3031 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
3032
3033 clear_bit(BTUSB_BOOTLOADER, &data->flags);
3034
3035 btusb_setup_intel_newgen_get_fw_name(&version, ddcname, sizeof(ddcname),
3036 "ddc");
3037 /* Once the device is running in operational mode, it needs to
3038 * apply the device configuration (DDC) parameters.
3039 *
3040 * The device can work without DDC parameters, so even if it
3041 * fails to load the file, no need to fail the setup.
3042 */
3043 btintel_load_ddc_config(hdev, ddcname);
3044
3045 /* Read the Intel supported features and if new exception formats
3046 * supported, need to load the additional DDC config to enable.
3047 */
3048 btintel_read_debug_features(hdev, &features);
3049
3050 /* Set DDC mask for available debug features */
3051 btintel_set_debug_features(hdev, &features);
3052
3053 /* Read the Intel version information after loading the FW */
3054 err = btintel_read_version_tlv(hdev, &version);
3055 if (err)
3056 return err;
3057
3058 btintel_version_info_tlv(hdev, &version);
3059
3060 finish:
3061 /* Set the event mask for Intel specific vendor events. This enables
3062 * a few extra events that are useful during general operation. It
3063 * does not enable any debugging related events.
3064 *
3065 * The device will function correctly without these events enabled
3066 * and thus no need to fail the setup.
3067 */
3068 btintel_set_event_mask(hdev, false);
3069
3070 return 0;
3071 }
3072 static int btusb_shutdown_intel(struct hci_dev *hdev)
3073 {
3074 struct sk_buff *skb;
3075 long ret;
3076
3077 /* In the shutdown sequence where Bluetooth is turned off followed
3078 * by WiFi being turned off, turning WiFi back on causes issue with
3079 * the RF calibration.
3080 *
3081 * To ensure that any RF activity has been stopped, issue HCI Reset
3082 * command to clear all ongoing activity including advertising,
3083 * scanning etc.
3084 */
3085 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3086 if (IS_ERR(skb)) {
3087 ret = PTR_ERR(skb);
3088 bt_dev_err(hdev, "HCI reset during shutdown failed");
3089 return ret;
3090 }
3091 kfree_skb(skb);
3092
3093 /* Some platforms have an issue with BT LED when the interface is
3094 * down or BT radio is turned off, which takes 5 seconds to BT LED
3095 * goes off. This command turns off the BT LED immediately.
3096 */
3097 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
3098 if (IS_ERR(skb)) {
3099 ret = PTR_ERR(skb);
3100 bt_dev_err(hdev, "turning off Intel device LED failed");
3101 return ret;
3102 }
3103 kfree_skb(skb);
3104
3105 return 0;
3106 }
3107
3108 static int btusb_shutdown_intel_new(struct hci_dev *hdev)
3109 {
3110 struct sk_buff *skb;
3111
3112 /* Send HCI Reset to the controller to stop any BT activity which
3113 * were triggered. This will help to save power and maintain the
3114 * sync b/w Host and controller
3115 */
3116 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3117 if (IS_ERR(skb)) {
3118 bt_dev_err(hdev, "HCI reset during shutdown failed");
3119 return PTR_ERR(skb);
3120 }
3121 kfree_skb(skb);
3122
3123 return 0;
3124 }
3125
3126 #define FIRMWARE_MT7663 "mediatek/mt7663pr2h.bin"
3127 #define FIRMWARE_MT7668 "mediatek/mt7668pr2h.bin"
3128
3129 #define HCI_WMT_MAX_EVENT_SIZE 64
3130
3131 enum {
3132 BTMTK_WMT_PATCH_DWNLD = 0x1,
3133 BTMTK_WMT_FUNC_CTRL = 0x6,
3134 BTMTK_WMT_RST = 0x7,
3135 BTMTK_WMT_SEMAPHORE = 0x17,
3136 };
3137
3138 enum {
3139 BTMTK_WMT_INVALID,
3140 BTMTK_WMT_PATCH_UNDONE,
3141 BTMTK_WMT_PATCH_DONE,
3142 BTMTK_WMT_ON_UNDONE,
3143 BTMTK_WMT_ON_DONE,
3144 BTMTK_WMT_ON_PROGRESS,
3145 };
3146
3147 struct btmtk_wmt_hdr {
3148 u8 dir;
3149 u8 op;
3150 __le16 dlen;
3151 u8 flag;
3152 } __packed;
3153
3154 struct btmtk_hci_wmt_cmd {
3155 struct btmtk_wmt_hdr hdr;
3156 u8 data[256];
3157 } __packed;
3158
3159 struct btmtk_hci_wmt_evt {
3160 struct hci_event_hdr hhdr;
3161 struct btmtk_wmt_hdr whdr;
3162 } __packed;
3163
3164 struct btmtk_hci_wmt_evt_funcc {
3165 struct btmtk_hci_wmt_evt hwhdr;
3166 __be16 status;
3167 } __packed;
3168
3169 struct btmtk_tci_sleep {
3170 u8 mode;
3171 __le16 duration;
3172 __le16 host_duration;
3173 u8 host_wakeup_pin;
3174 u8 time_compensation;
3175 } __packed;
3176
3177 struct btmtk_hci_wmt_params {
3178 u8 op;
3179 u8 flag;
3180 u16 dlen;
3181 const void *data;
3182 u32 *status;
3183 };
3184
3185 static void btusb_mtk_wmt_recv(struct urb *urb)
3186 {
3187 struct hci_dev *hdev = urb->context;
3188 struct btusb_data *data = hci_get_drvdata(hdev);
3189 struct hci_event_hdr *hdr;
3190 struct sk_buff *skb;
3191 int err;
3192
3193 if (urb->status == 0 && urb->actual_length > 0) {
3194 hdev->stat.byte_rx += urb->actual_length;
3195
3196 /* WMT event shouldn't be fragmented and the size should be
3197 * less than HCI_WMT_MAX_EVENT_SIZE.
3198 */
3199 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
3200 if (!skb) {
3201 hdev->stat.err_rx++;
3202 goto err_out;
3203 }
3204
3205 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3206 skb_put_data(skb, urb->transfer_buffer, urb->actual_length);
3207
3208 hdr = (void *)skb->data;
3209 /* Fix up the vendor event id with 0xff for vendor specific
3210 * instead of 0xe4 so that event send via monitoring socket can
3211 * be parsed properly.
3212 */
3213 hdr->evt = 0xff;
3214
3215 /* When someone waits for the WMT event, the skb is being cloned
3216 * and being processed the events from there then.
3217 */
3218 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) {
3219 data->evt_skb = skb_clone(skb, GFP_ATOMIC);
3220 if (!data->evt_skb)
3221 goto err_out;
3222 }
3223
3224 err = hci_recv_frame(hdev, skb);
3225 if (err < 0)
3226 goto err_free_skb;
3227
3228 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT,
3229 &data->flags)) {
3230 /* Barrier to sync with other CPUs */
3231 smp_mb__after_atomic();
3232 wake_up_bit(&data->flags,
3233 BTUSB_TX_WAIT_VND_EVT);
3234 }
3235 err_out:
3236 return;
3237 err_free_skb:
3238 kfree_skb(data->evt_skb);
3239 data->evt_skb = NULL;
3240 return;
3241 } else if (urb->status == -ENOENT) {
3242 /* Avoid suspend failed when usb_kill_urb */
3243 return;
3244 }
3245
3246 usb_mark_last_busy(data->udev);
3247
3248 /* The URB complete handler is still called with urb->actual_length = 0
3249 * when the event is not available, so we should keep re-submitting
3250 * URB until WMT event returns, Also, It's necessary to wait some time
3251 * between the two consecutive control URBs to relax the target device
3252 * to generate the event. Otherwise, the WMT event cannot return from
3253 * the device successfully.
3254 */
3255 udelay(100);
3256
3257 usb_anchor_urb(urb, &data->ctrl_anchor);
3258 err = usb_submit_urb(urb, GFP_ATOMIC);
3259 if (err < 0) {
3260 /* -EPERM: urb is being killed;
3261 * -ENODEV: device got disconnected
3262 */
3263 if (err != -EPERM && err != -ENODEV)
3264 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
3265 urb, -err);
3266 usb_unanchor_urb(urb);
3267 }
3268 }
3269
3270 static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev)
3271 {
3272 struct btusb_data *data = hci_get_drvdata(hdev);
3273 struct usb_ctrlrequest *dr;
3274 unsigned char *buf;
3275 int err, size = 64;
3276 unsigned int pipe;
3277 struct urb *urb;
3278
3279 urb = usb_alloc_urb(0, GFP_KERNEL);
3280 if (!urb)
3281 return -ENOMEM;
3282
3283 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
3284 if (!dr) {
3285 usb_free_urb(urb);
3286 return -ENOMEM;
3287 }
3288
3289 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN;
3290 dr->bRequest = 1;
3291 dr->wIndex = cpu_to_le16(0);
3292 dr->wValue = cpu_to_le16(48);
3293 dr->wLength = cpu_to_le16(size);
3294
3295 buf = kmalloc(size, GFP_KERNEL);
3296 if (!buf) {
3297 kfree(dr);
3298 usb_free_urb(urb);
3299 return -ENOMEM;
3300 }
3301
3302 pipe = usb_rcvctrlpipe(data->udev, 0);
3303
3304 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
3305 buf, size, btusb_mtk_wmt_recv, hdev);
3306
3307 urb->transfer_flags |= URB_FREE_BUFFER;
3308
3309 usb_anchor_urb(urb, &data->ctrl_anchor);
3310 err = usb_submit_urb(urb, GFP_KERNEL);
3311 if (err < 0) {
3312 if (err != -EPERM && err != -ENODEV)
3313 bt_dev_err(hdev, "urb %p submission failed (%d)",
3314 urb, -err);
3315 usb_unanchor_urb(urb);
3316 }
3317
3318 usb_free_urb(urb);
3319
3320 return err;
3321 }
3322
3323 static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
3324 struct btmtk_hci_wmt_params *wmt_params)
3325 {
3326 struct btusb_data *data = hci_get_drvdata(hdev);
3327 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
3328 u32 hlen, status = BTMTK_WMT_INVALID;
3329 struct btmtk_hci_wmt_evt *wmt_evt;
3330 struct btmtk_hci_wmt_cmd wc;
3331 struct btmtk_wmt_hdr *hdr;
3332 int err;
3333
3334 /* Submit control IN URB on demand to process the WMT event */
3335 err = btusb_mtk_submit_wmt_recv_urb(hdev);
3336 if (err < 0)
3337 return err;
3338
3339 /* Send the WMT command and wait until the WMT event returns */
3340 hlen = sizeof(*hdr) + wmt_params->dlen;
3341 if (hlen > 255)
3342 return -EINVAL;
3343
3344 hdr = (struct btmtk_wmt_hdr *)&wc;
3345 hdr->dir = 1;
3346 hdr->op = wmt_params->op;
3347 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
3348 hdr->flag = wmt_params->flag;
3349 memcpy(wc.data, wmt_params->data, wmt_params->dlen);
3350
3351 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3352
3353 err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
3354
3355 if (err < 0) {
3356 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3357 return err;
3358 }
3359
3360 /* The vendor specific WMT commands are all answered by a vendor
3361 * specific event and will have the Command Status or Command
3362 * Complete as with usual HCI command flow control.
3363 *
3364 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT
3365 * state to be cleared. The driver specific event receive routine
3366 * will clear that state and with that indicate completion of the
3367 * WMT command.
3368 */
3369 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT,
3370 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT);
3371 if (err == -EINTR) {
3372 bt_dev_err(hdev, "Execution of wmt command interrupted");
3373 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3374 return err;
3375 }
3376
3377 if (err) {
3378 bt_dev_err(hdev, "Execution of wmt command timed out");
3379 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
3380 return -ETIMEDOUT;
3381 }
3382
3383 /* Parse and handle the return WMT event */
3384 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
3385 if (wmt_evt->whdr.op != hdr->op) {
3386 bt_dev_err(hdev, "Wrong op received %d expected %d",
3387 wmt_evt->whdr.op, hdr->op);
3388 err = -EIO;
3389 goto err_free_skb;
3390 }
3391
3392 switch (wmt_evt->whdr.op) {
3393 case BTMTK_WMT_SEMAPHORE:
3394 if (wmt_evt->whdr.flag == 2)
3395 status = BTMTK_WMT_PATCH_UNDONE;
3396 else
3397 status = BTMTK_WMT_PATCH_DONE;
3398 break;
3399 case BTMTK_WMT_FUNC_CTRL:
3400 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt;
3401 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404)
3402 status = BTMTK_WMT_ON_DONE;
3403 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420)
3404 status = BTMTK_WMT_ON_PROGRESS;
3405 else
3406 status = BTMTK_WMT_ON_UNDONE;
3407 break;
3408 }
3409
3410 if (wmt_params->status)
3411 *wmt_params->status = status;
3412
3413 err_free_skb:
3414 kfree_skb(data->evt_skb);
3415 data->evt_skb = NULL;
3416
3417 return err;
3418 }
3419
3420 static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
3421 {
3422 struct btmtk_hci_wmt_params wmt_params;
3423 const struct firmware *fw;
3424 const u8 *fw_ptr;
3425 size_t fw_size;
3426 int err, dlen;
3427 u8 flag, param;
3428
3429 err = request_firmware(&fw, fwname, &hdev->dev);
3430 if (err < 0) {
3431 bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
3432 return err;
3433 }
3434
3435 /* Power on data RAM the firmware relies on. */
3436 param = 1;
3437 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3438 wmt_params.flag = 3;
3439 wmt_params.dlen = sizeof(param);
3440 wmt_params.data = &param;
3441 wmt_params.status = NULL;
3442
3443 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3444 if (err < 0) {
3445 bt_dev_err(hdev, "Failed to power on data RAM (%d)", err);
3446 goto err_release_fw;
3447 }
3448
3449 fw_ptr = fw->data;
3450 fw_size = fw->size;
3451
3452 /* The size of patch header is 30 bytes, should be skip */
3453 if (fw_size < 30) {
3454 err = -EINVAL;
3455 goto err_release_fw;
3456 }
3457
3458 fw_size -= 30;
3459 fw_ptr += 30;
3460 flag = 1;
3461
3462 wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
3463 wmt_params.status = NULL;
3464
3465 while (fw_size > 0) {
3466 dlen = min_t(int, 250, fw_size);
3467
3468 /* Tell deivice the position in sequence */
3469 if (fw_size - dlen <= 0)
3470 flag = 3;
3471 else if (fw_size < fw->size - 30)
3472 flag = 2;
3473
3474 wmt_params.flag = flag;
3475 wmt_params.dlen = dlen;
3476 wmt_params.data = fw_ptr;
3477
3478 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3479 if (err < 0) {
3480 bt_dev_err(hdev, "Failed to send wmt patch dwnld (%d)",
3481 err);
3482 goto err_release_fw;
3483 }
3484
3485 fw_size -= dlen;
3486 fw_ptr += dlen;
3487 }
3488
3489 wmt_params.op = BTMTK_WMT_RST;
3490 wmt_params.flag = 4;
3491 wmt_params.dlen = 0;
3492 wmt_params.data = NULL;
3493 wmt_params.status = NULL;
3494
3495 /* Activate funciton the firmware providing to */
3496 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3497 if (err < 0) {
3498 bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
3499 goto err_release_fw;
3500 }
3501
3502 /* Wait a few moments for firmware activation done */
3503 usleep_range(10000, 12000);
3504
3505 err_release_fw:
3506 release_firmware(fw);
3507
3508 return err;
3509 }
3510
3511 static int btusb_mtk_func_query(struct hci_dev *hdev)
3512 {
3513 struct btmtk_hci_wmt_params wmt_params;
3514 int status, err;
3515 u8 param = 0;
3516
3517 /* Query whether the function is enabled */
3518 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3519 wmt_params.flag = 4;
3520 wmt_params.dlen = sizeof(param);
3521 wmt_params.data = &param;
3522 wmt_params.status = &status;
3523
3524 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3525 if (err < 0) {
3526 bt_dev_err(hdev, "Failed to query function status (%d)", err);
3527 return err;
3528 }
3529
3530 return status;
3531 }
3532
3533 static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
3534 {
3535 int pipe, err, size = sizeof(u32);
3536 void *buf;
3537
3538 buf = kzalloc(size, GFP_KERNEL);
3539 if (!buf)
3540 return -ENOMEM;
3541
3542 pipe = usb_rcvctrlpipe(data->udev, 0);
3543 err = usb_control_msg(data->udev, pipe, 0x63,
3544 USB_TYPE_VENDOR | USB_DIR_IN,
3545 reg >> 16, reg & 0xffff,
3546 buf, size, USB_CTRL_SET_TIMEOUT);
3547 if (err < 0)
3548 goto err_free_buf;
3549
3550 *val = get_unaligned_le32(buf);
3551
3552 err_free_buf:
3553 kfree(buf);
3554
3555 return err;
3556 }
3557
3558 static int btusb_mtk_id_get(struct btusb_data *data, u32 *id)
3559 {
3560 return btusb_mtk_reg_read(data, 0x80000008, id);
3561 }
3562
3563 static int btusb_mtk_setup(struct hci_dev *hdev)
3564 {
3565 struct btusb_data *data = hci_get_drvdata(hdev);
3566 struct btmtk_hci_wmt_params wmt_params;
3567 ktime_t calltime, delta, rettime;
3568 struct btmtk_tci_sleep tci_sleep;
3569 unsigned long long duration;
3570 struct sk_buff *skb;
3571 const char *fwname;
3572 int err, status;
3573 u32 dev_id;
3574 u8 param;
3575
3576 calltime = ktime_get();
3577
3578 err = btusb_mtk_id_get(data, &dev_id);
3579 if (err < 0) {
3580 bt_dev_err(hdev, "Failed to get device id (%d)", err);
3581 return err;
3582 }
3583
3584 switch (dev_id) {
3585 case 0x7663:
3586 fwname = FIRMWARE_MT7663;
3587 break;
3588 case 0x7668:
3589 fwname = FIRMWARE_MT7668;
3590 break;
3591 default:
3592 bt_dev_err(hdev, "Unsupported support hardware variant (%08x)",
3593 dev_id);
3594 return -ENODEV;
3595 }
3596
3597 /* Query whether the firmware is already download */
3598 wmt_params.op = BTMTK_WMT_SEMAPHORE;
3599 wmt_params.flag = 1;
3600 wmt_params.dlen = 0;
3601 wmt_params.data = NULL;
3602 wmt_params.status = &status;
3603
3604 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3605 if (err < 0) {
3606 bt_dev_err(hdev, "Failed to query firmware status (%d)", err);
3607 return err;
3608 }
3609
3610 if (status == BTMTK_WMT_PATCH_DONE) {
3611 bt_dev_info(hdev, "firmware already downloaded");
3612 goto ignore_setup_fw;
3613 }
3614
3615 /* Setup a firmware which the device definitely requires */
3616 err = btusb_mtk_setup_firmware(hdev, fwname);
3617 if (err < 0)
3618 return err;
3619
3620 ignore_setup_fw:
3621 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status,
3622 status < 0 || status != BTMTK_WMT_ON_PROGRESS,
3623 2000, 5000000);
3624 /* -ETIMEDOUT happens */
3625 if (err < 0)
3626 return err;
3627
3628 /* The other errors happen in btusb_mtk_func_query */
3629 if (status < 0)
3630 return status;
3631
3632 if (status == BTMTK_WMT_ON_DONE) {
3633 bt_dev_info(hdev, "function already on");
3634 goto ignore_func_on;
3635 }
3636
3637 /* Enable Bluetooth protocol */
3638 param = 1;
3639 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3640 wmt_params.flag = 0;
3641 wmt_params.dlen = sizeof(param);
3642 wmt_params.data = &param;
3643 wmt_params.status = NULL;
3644
3645 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3646 if (err < 0) {
3647 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3648 return err;
3649 }
3650
3651 ignore_func_on:
3652 /* Apply the low power environment setup */
3653 tci_sleep.mode = 0x5;
3654 tci_sleep.duration = cpu_to_le16(0x640);
3655 tci_sleep.host_duration = cpu_to_le16(0x640);
3656 tci_sleep.host_wakeup_pin = 0;
3657 tci_sleep.time_compensation = 0;
3658
3659 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep,
3660 HCI_INIT_TIMEOUT);
3661 if (IS_ERR(skb)) {
3662 err = PTR_ERR(skb);
3663 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err);
3664 return err;
3665 }
3666 kfree_skb(skb);
3667
3668 rettime = ktime_get();
3669 delta = ktime_sub(rettime, calltime);
3670 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
3671
3672 bt_dev_info(hdev, "Device setup in %llu usecs", duration);
3673
3674 return 0;
3675 }
3676
3677 static int btusb_mtk_shutdown(struct hci_dev *hdev)
3678 {
3679 struct btmtk_hci_wmt_params wmt_params;
3680 u8 param = 0;
3681 int err;
3682
3683 /* Disable the device */
3684 wmt_params.op = BTMTK_WMT_FUNC_CTRL;
3685 wmt_params.flag = 0;
3686 wmt_params.dlen = sizeof(param);
3687 wmt_params.data = &param;
3688 wmt_params.status = NULL;
3689
3690 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3691 if (err < 0) {
3692 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err);
3693 return err;
3694 }
3695
3696 return 0;
3697 }
3698
3699 MODULE_FIRMWARE(FIRMWARE_MT7663);
3700 MODULE_FIRMWARE(FIRMWARE_MT7668);
3701
3702 #ifdef CONFIG_PM
3703 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
3704 static int marvell_config_oob_wake(struct hci_dev *hdev)
3705 {
3706 struct sk_buff *skb;
3707 struct btusb_data *data = hci_get_drvdata(hdev);
3708 struct device *dev = &data->udev->dev;
3709 u16 pin, gap, opcode;
3710 int ret;
3711 u8 cmd[5];
3712
3713 /* Move on if no wakeup pin specified */
3714 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
3715 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
3716 return 0;
3717
3718 /* Vendor specific command to configure a GPIO as wake-up pin */
3719 opcode = hci_opcode_pack(0x3F, 0x59);
3720 cmd[0] = opcode & 0xFF;
3721 cmd[1] = opcode >> 8;
3722 cmd[2] = 2; /* length of parameters that follow */
3723 cmd[3] = pin;
3724 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
3725
3726 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
3727 if (!skb) {
3728 bt_dev_err(hdev, "%s: No memory\n", __func__);
3729 return -ENOMEM;
3730 }
3731
3732 skb_put_data(skb, cmd, sizeof(cmd));
3733 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
3734
3735 ret = btusb_send_frame(hdev, skb);
3736 if (ret) {
3737 bt_dev_err(hdev, "%s: configuration failed\n", __func__);
3738 kfree_skb(skb);
3739 return ret;
3740 }
3741
3742 return 0;
3743 }
3744 #endif
3745
3746 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
3747 const bdaddr_t *bdaddr)
3748 {
3749 struct sk_buff *skb;
3750 u8 buf[8];
3751 long ret;
3752
3753 buf[0] = 0xfe;
3754 buf[1] = sizeof(bdaddr_t);
3755 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
3756
3757 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3758 if (IS_ERR(skb)) {
3759 ret = PTR_ERR(skb);
3760 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
3761 ret);
3762 return ret;
3763 }
3764 kfree_skb(skb);
3765
3766 return 0;
3767 }
3768
3769 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
3770 const bdaddr_t *bdaddr)
3771 {
3772 struct sk_buff *skb;
3773 u8 buf[10];
3774 long ret;
3775
3776 buf[0] = 0x01;
3777 buf[1] = 0x01;
3778 buf[2] = 0x00;
3779 buf[3] = sizeof(bdaddr_t);
3780 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
3781
3782 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
3783 if (IS_ERR(skb)) {
3784 ret = PTR_ERR(skb);
3785 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3786 return ret;
3787 }
3788 kfree_skb(skb);
3789
3790 return 0;
3791 }
3792
3793 static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3794 const bdaddr_t *bdaddr)
3795 {
3796 struct sk_buff *skb;
3797 u8 buf[6];
3798 long ret;
3799
3800 memcpy(buf, bdaddr, sizeof(bdaddr_t));
3801
3802 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf,
3803 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3804 if (IS_ERR(skb)) {
3805 ret = PTR_ERR(skb);
3806 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3807 return ret;
3808 }
3809 kfree_skb(skb);
3810
3811 return 0;
3812 }
3813
3814 #define QCA_DFU_PACKET_LEN 4096
3815
3816 #define QCA_GET_TARGET_VERSION 0x09
3817 #define QCA_CHECK_STATUS 0x05
3818 #define QCA_DFU_DOWNLOAD 0x01
3819
3820 #define QCA_SYSCFG_UPDATED 0x40
3821 #define QCA_PATCH_UPDATED 0x80
3822 #define QCA_DFU_TIMEOUT 3000
3823 #define QCA_FLAG_MULTI_NVM 0x80
3824
3825 struct qca_version {
3826 __le32 rom_version;
3827 __le32 patch_version;
3828 __le32 ram_version;
3829 __le16 board_id;
3830 __le16 flag;
3831 __u8 reserved[4];
3832 } __packed;
3833
3834 struct qca_rampatch_version {
3835 __le16 rom_version_high;
3836 __le16 rom_version_low;
3837 __le16 patch_version;
3838 } __packed;
3839
3840 struct qca_device_info {
3841 u32 rom_version;
3842 u8 rampatch_hdr; /* length of header in rampatch */
3843 u8 nvm_hdr; /* length of header in NVM */
3844 u8 ver_offset; /* offset of version structure in rampatch */
3845 };
3846
3847 static const struct qca_device_info qca_devices_table[] = {
3848 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */
3849 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */
3850 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3851 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3852 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3853 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3854 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3855 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3856 };
3857
3858 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
3859 void *data, u16 size)
3860 {
3861 int pipe, err;
3862 u8 *buf;
3863
3864 buf = kmalloc(size, GFP_KERNEL);
3865 if (!buf)
3866 return -ENOMEM;
3867
3868 /* Found some of USB hosts have IOT issues with ours so that we should
3869 * not wait until HCI layer is ready.
3870 */
3871 pipe = usb_rcvctrlpipe(udev, 0);
3872 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
3873 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3874 if (err < 0) {
3875 dev_err(&udev->dev, "Failed to access otp area (%d)", err);
3876 goto done;
3877 }
3878
3879 memcpy(data, buf, size);
3880
3881 done:
3882 kfree(buf);
3883
3884 return err;
3885 }
3886
3887 static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
3888 const struct firmware *firmware,
3889 size_t hdr_size)
3890 {
3891 struct btusb_data *btdata = hci_get_drvdata(hdev);
3892 struct usb_device *udev = btdata->udev;
3893 size_t count, size, sent = 0;
3894 int pipe, len, err;
3895 u8 *buf;
3896
3897 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
3898 if (!buf)
3899 return -ENOMEM;
3900
3901 count = firmware->size;
3902
3903 size = min_t(size_t, count, hdr_size);
3904 memcpy(buf, firmware->data, size);
3905
3906 /* USB patches should go down to controller through USB path
3907 * because binary format fits to go down through USB channel.
3908 * USB control path is for patching headers and USB bulk is for
3909 * patch body.
3910 */
3911 pipe = usb_sndctrlpipe(udev, 0);
3912 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
3913 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
3914 if (err < 0) {
3915 bt_dev_err(hdev, "Failed to send headers (%d)", err);
3916 goto done;
3917 }
3918
3919 sent += size;
3920 count -= size;
3921
3922 while (count) {
3923 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
3924
3925 memcpy(buf, firmware->data + sent, size);
3926
3927 pipe = usb_sndbulkpipe(udev, 0x02);
3928 err = usb_bulk_msg(udev, pipe, buf, size, &len,
3929 QCA_DFU_TIMEOUT);
3930 if (err < 0) {
3931 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
3932 sent, firmware->size, err);
3933 break;
3934 }
3935
3936 if (size != len) {
3937 bt_dev_err(hdev, "Failed to get bulk buffer");
3938 err = -EILSEQ;
3939 break;
3940 }
3941
3942 sent += size;
3943 count -= size;
3944 }
3945
3946 done:
3947 kfree(buf);
3948 return err;
3949 }
3950
3951 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
3952 struct qca_version *ver,
3953 const struct qca_device_info *info)
3954 {
3955 struct qca_rampatch_version *rver;
3956 const struct firmware *fw;
3957 u32 ver_rom, ver_patch, rver_rom;
3958 u16 rver_rom_low, rver_rom_high, rver_patch;
3959 char fwname[64];
3960 int err;
3961
3962 ver_rom = le32_to_cpu(ver->rom_version);
3963 ver_patch = le32_to_cpu(ver->patch_version);
3964
3965 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
3966
3967 err = request_firmware(&fw, fwname, &hdev->dev);
3968 if (err) {
3969 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
3970 fwname, err);
3971 return err;
3972 }
3973
3974 bt_dev_info(hdev, "using rampatch file: %s", fwname);
3975
3976 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3977 rver_rom_low = le16_to_cpu(rver->rom_version_low);
3978 rver_patch = le16_to_cpu(rver->patch_version);
3979
3980 if (ver_rom & ~0xffffU) {
3981 rver_rom_high = le16_to_cpu(rver->rom_version_high);
3982 rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3983 } else {
3984 rver_rom = rver_rom_low;
3985 }
3986
3987 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3988 "firmware rome 0x%x build 0x%x",
3989 rver_rom, rver_patch, ver_rom, ver_patch);
3990
3991 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
3992 bt_dev_err(hdev, "rampatch file version did not match with firmware");
3993 err = -EINVAL;
3994 goto done;
3995 }
3996
3997 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
3998
3999 done:
4000 release_firmware(fw);
4001
4002 return err;
4003 }
4004
4005 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
4006 struct qca_version *ver,
4007 const struct qca_device_info *info)
4008 {
4009 const struct firmware *fw;
4010 char fwname[64];
4011 int err;
4012
4013 if (((ver->flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) {
4014 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x_%04x.bin",
4015 le32_to_cpu(ver->rom_version),
4016 le16_to_cpu(ver->board_id));
4017 } else {
4018 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
4019 le32_to_cpu(ver->rom_version));
4020 }
4021
4022 err = request_firmware(&fw, fwname, &hdev->dev);
4023 if (err) {
4024 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
4025 fwname, err);
4026 return err;
4027 }
4028
4029 bt_dev_info(hdev, "using NVM file: %s", fwname);
4030
4031 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
4032
4033 release_firmware(fw);
4034
4035 return err;
4036 }
4037
4038 /* identify the ROM version and check whether patches are needed */
4039 static bool btusb_qca_need_patch(struct usb_device *udev)
4040 {
4041 struct qca_version ver;
4042
4043 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
4044 sizeof(ver)) < 0)
4045 return false;
4046 /* only low ROM versions need patches */
4047 return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
4048 }
4049
4050 static int btusb_setup_qca(struct hci_dev *hdev)
4051 {
4052 struct btusb_data *btdata = hci_get_drvdata(hdev);
4053 struct usb_device *udev = btdata->udev;
4054 const struct qca_device_info *info = NULL;
4055 struct qca_version ver;
4056 u32 ver_rom;
4057 u8 status;
4058 int i, err;
4059
4060 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
4061 sizeof(ver));
4062 if (err < 0)
4063 return err;
4064
4065 ver_rom = le32_to_cpu(ver.rom_version);
4066
4067 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
4068 if (ver_rom == qca_devices_table[i].rom_version)
4069 info = &qca_devices_table[i];
4070 }
4071 if (!info) {
4072 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
4073 return -ENODEV;
4074 }
4075
4076 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
4077 sizeof(status));
4078 if (err < 0)
4079 return err;
4080
4081 if (!(status & QCA_PATCH_UPDATED)) {
4082 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
4083 if (err < 0)
4084 return err;
4085 }
4086
4087 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
4088 sizeof(ver));
4089 if (err < 0)
4090 return err;
4091
4092 if (!(status & QCA_SYSCFG_UPDATED)) {
4093 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
4094 if (err < 0)
4095 return err;
4096 }
4097
4098 return 0;
4099 }
4100
4101 static inline int __set_diag_interface(struct hci_dev *hdev)
4102 {
4103 struct btusb_data *data = hci_get_drvdata(hdev);
4104 struct usb_interface *intf = data->diag;
4105 int i;
4106
4107 if (!data->diag)
4108 return -ENODEV;
4109
4110 data->diag_tx_ep = NULL;
4111 data->diag_rx_ep = NULL;
4112
4113 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
4114 struct usb_endpoint_descriptor *ep_desc;
4115
4116 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
4117
4118 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
4119 data->diag_tx_ep = ep_desc;
4120 continue;
4121 }
4122
4123 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
4124 data->diag_rx_ep = ep_desc;
4125 continue;
4126 }
4127 }
4128
4129 if (!data->diag_tx_ep || !data->diag_rx_ep) {
4130 bt_dev_err(hdev, "invalid diagnostic descriptors");
4131 return -ENODEV;
4132 }
4133
4134 return 0;
4135 }
4136
4137 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
4138 {
4139 struct btusb_data *data = hci_get_drvdata(hdev);
4140 struct sk_buff *skb;
4141 struct urb *urb;
4142 unsigned int pipe;
4143
4144 if (!data->diag_tx_ep)
4145 return ERR_PTR(-ENODEV);
4146
4147 urb = usb_alloc_urb(0, GFP_KERNEL);
4148 if (!urb)
4149 return ERR_PTR(-ENOMEM);
4150
4151 skb = bt_skb_alloc(2, GFP_KERNEL);
4152 if (!skb) {
4153 usb_free_urb(urb);
4154 return ERR_PTR(-ENOMEM);
4155 }
4156
4157 skb_put_u8(skb, 0xf0);
4158 skb_put_u8(skb, enable);
4159
4160 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
4161
4162 usb_fill_bulk_urb(urb, data->udev, pipe,
4163 skb->data, skb->len, btusb_tx_complete, skb);
4164
4165 skb->dev = (void *)hdev;
4166
4167 return urb;
4168 }
4169
4170 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
4171 {
4172 struct btusb_data *data = hci_get_drvdata(hdev);
4173 struct urb *urb;
4174
4175 if (!data->diag)
4176 return -ENODEV;
4177
4178 if (!test_bit(HCI_RUNNING, &hdev->flags))
4179 return -ENETDOWN;
4180
4181 urb = alloc_diag_urb(hdev, enable);
4182 if (IS_ERR(urb))
4183 return PTR_ERR(urb);
4184
4185 return submit_or_queue_tx_urb(hdev, urb);
4186 }
4187
4188 #ifdef CONFIG_PM
4189 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
4190 {
4191 struct btusb_data *data = priv;
4192
4193 pm_wakeup_event(&data->udev->dev, 0);
4194 pm_system_wakeup();
4195
4196 /* Disable only if not already disabled (keep it balanced) */
4197 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4198 disable_irq_nosync(irq);
4199 disable_irq_wake(irq);
4200 }
4201 return IRQ_HANDLED;
4202 }
4203
4204 static const struct of_device_id btusb_match_table[] = {
4205 { .compatible = "usb1286,204e" },
4206 { .compatible = "usbcf3,e300" }, /* QCA6174A */
4207 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */
4208 { }
4209 };
4210 MODULE_DEVICE_TABLE(of, btusb_match_table);
4211
4212 /* Use an oob wakeup pin? */
4213 static int btusb_config_oob_wake(struct hci_dev *hdev)
4214 {
4215 struct btusb_data *data = hci_get_drvdata(hdev);
4216 struct device *dev = &data->udev->dev;
4217 int irq, ret;
4218
4219 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4220
4221 if (!of_match_device(btusb_match_table, dev))
4222 return 0;
4223
4224 /* Move on if no IRQ specified */
4225 irq = of_irq_get_byname(dev->of_node, "wakeup");
4226 if (irq <= 0) {
4227 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
4228 return 0;
4229 }
4230
4231 irq_set_status_flags(irq, IRQ_NOAUTOEN);
4232 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
4233 0, "OOB Wake-on-BT", data);
4234 if (ret) {
4235 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
4236 return ret;
4237 }
4238
4239 ret = device_init_wakeup(dev, true);
4240 if (ret) {
4241 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
4242 return ret;
4243 }
4244
4245 data->oob_wake_irq = irq;
4246 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
4247 return 0;
4248 }
4249 #endif
4250
4251 static void btusb_check_needs_reset_resume(struct usb_interface *intf)
4252 {
4253 if (dmi_check_system(btusb_needs_reset_resume_table))
4254 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
4255 }
4256
4257 static bool btusb_prevent_wake(struct hci_dev *hdev)
4258 {
4259 struct btusb_data *data = hci_get_drvdata(hdev);
4260
4261 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags))
4262 return true;
4263
4264 return !device_may_wakeup(&data->udev->dev);
4265 }
4266
4267 static int btusb_probe(struct usb_interface *intf,
4268 const struct usb_device_id *id)
4269 {
4270 struct usb_endpoint_descriptor *ep_desc;
4271 struct gpio_desc *reset_gpio;
4272 struct btusb_data *data;
4273 struct hci_dev *hdev;
4274 unsigned ifnum_base;
4275 int i, err;
4276
4277 BT_DBG("intf %p id %p", intf, id);
4278
4279 /* interface numbers are hardcoded in the spec */
4280 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
4281 if (!(id->driver_info & BTUSB_IFNUM_2))
4282 return -ENODEV;
4283 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
4284 return -ENODEV;
4285 }
4286
4287 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
4288
4289 if (!id->driver_info) {
4290 const struct usb_device_id *match;
4291
4292 match = usb_match_id(intf, blacklist_table);
4293 if (match)
4294 id = match;
4295 }
4296
4297 if (id->driver_info == BTUSB_IGNORE)
4298 return -ENODEV;
4299
4300 if (id->driver_info & BTUSB_ATH3012) {
4301 struct usb_device *udev = interface_to_usbdev(intf);
4302
4303 /* Old firmware would otherwise let ath3k driver load
4304 * patch and sysconfig files
4305 */
4306 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
4307 !btusb_qca_need_patch(udev))
4308 return -ENODEV;
4309 }
4310
4311 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
4312 if (!data)
4313 return -ENOMEM;
4314
4315 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
4316 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
4317
4318 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
4319 data->intr_ep = ep_desc;
4320 continue;
4321 }
4322
4323 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
4324 data->bulk_tx_ep = ep_desc;
4325 continue;
4326 }
4327
4328 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
4329 data->bulk_rx_ep = ep_desc;
4330 continue;
4331 }
4332 }
4333
4334 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
4335 return -ENODEV;
4336
4337 if (id->driver_info & BTUSB_AMP) {
4338 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
4339 data->cmdreq = 0x2b;
4340 } else {
4341 data->cmdreq_type = USB_TYPE_CLASS;
4342 data->cmdreq = 0x00;
4343 }
4344
4345 data->udev = interface_to_usbdev(intf);
4346 data->intf = intf;
4347
4348 INIT_WORK(&data->work, btusb_work);
4349 INIT_WORK(&data->waker, btusb_waker);
4350 init_usb_anchor(&data->deferred);
4351 init_usb_anchor(&data->tx_anchor);
4352 spin_lock_init(&data->txlock);
4353
4354 init_usb_anchor(&data->intr_anchor);
4355 init_usb_anchor(&data->bulk_anchor);
4356 init_usb_anchor(&data->isoc_anchor);
4357 init_usb_anchor(&data->diag_anchor);
4358 init_usb_anchor(&data->ctrl_anchor);
4359 spin_lock_init(&data->rxlock);
4360
4361 if (id->driver_info & BTUSB_INTEL_NEW) {
4362 data->recv_event = btusb_recv_event_intel;
4363 data->recv_bulk = btusb_recv_bulk_intel;
4364 set_bit(BTUSB_BOOTLOADER, &data->flags);
4365 } else {
4366 data->recv_event = hci_recv_frame;
4367 data->recv_bulk = btusb_recv_bulk;
4368 }
4369
4370 hdev = hci_alloc_dev();
4371 if (!hdev)
4372 return -ENOMEM;
4373
4374 hdev->bus = HCI_USB;
4375 hci_set_drvdata(hdev, data);
4376
4377 if (id->driver_info & BTUSB_AMP)
4378 hdev->dev_type = HCI_AMP;
4379 else
4380 hdev->dev_type = HCI_PRIMARY;
4381
4382 data->hdev = hdev;
4383
4384 SET_HCIDEV_DEV(hdev, &intf->dev);
4385
4386 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset",
4387 GPIOD_OUT_LOW);
4388 if (IS_ERR(reset_gpio)) {
4389 err = PTR_ERR(reset_gpio);
4390 goto out_free_dev;
4391 } else if (reset_gpio) {
4392 data->reset_gpio = reset_gpio;
4393 }
4394
4395 hdev->open = btusb_open;
4396 hdev->close = btusb_close;
4397 hdev->flush = btusb_flush;
4398 hdev->send = btusb_send_frame;
4399 hdev->notify = btusb_notify;
4400 hdev->prevent_wake = btusb_prevent_wake;
4401
4402 #ifdef CONFIG_PM
4403 err = btusb_config_oob_wake(hdev);
4404 if (err)
4405 goto out_free_dev;
4406
4407 /* Marvell devices may need a specific chip configuration */
4408 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
4409 err = marvell_config_oob_wake(hdev);
4410 if (err)
4411 goto out_free_dev;
4412 }
4413 #endif
4414 if (id->driver_info & BTUSB_CW6622)
4415 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
4416
4417 if (id->driver_info & BTUSB_BCM2045)
4418 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
4419
4420 if (id->driver_info & BTUSB_BCM92035)
4421 hdev->setup = btusb_setup_bcm92035;
4422
4423 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4424 (id->driver_info & BTUSB_BCM_PATCHRAM)) {
4425 hdev->manufacturer = 15;
4426 hdev->setup = btbcm_setup_patchram;
4427 hdev->set_diag = btusb_bcm_set_diag;
4428 hdev->set_bdaddr = btbcm_set_bdaddr;
4429
4430 /* Broadcom LM_DIAG Interface numbers are hardcoded */
4431 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
4432 }
4433
4434 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) &&
4435 (id->driver_info & BTUSB_BCM_APPLE)) {
4436 hdev->manufacturer = 15;
4437 hdev->setup = btbcm_setup_apple;
4438 hdev->set_diag = btusb_bcm_set_diag;
4439
4440 /* Broadcom LM_DIAG Interface numbers are hardcoded */
4441 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
4442 }
4443
4444 if (id->driver_info & BTUSB_INTEL) {
4445 hdev->manufacturer = 2;
4446 hdev->setup = btusb_setup_intel;
4447 hdev->shutdown = btusb_shutdown_intel;
4448 hdev->set_diag = btintel_set_diag_mfg;
4449 hdev->set_bdaddr = btintel_set_bdaddr;
4450 hdev->cmd_timeout = btusb_intel_cmd_timeout;
4451 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4452 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4453 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
4454 }
4455
4456 if (id->driver_info & BTUSB_INTEL_NEW) {
4457 hdev->manufacturer = 2;
4458 hdev->send = btusb_send_frame_intel;
4459 hdev->setup = btusb_setup_intel_new;
4460 hdev->shutdown = btusb_shutdown_intel_new;
4461 hdev->hw_error = btintel_hw_error;
4462 hdev->set_diag = btintel_set_diag;
4463 hdev->set_bdaddr = btintel_set_bdaddr;
4464 hdev->cmd_timeout = btusb_intel_cmd_timeout;
4465 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4466 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4467 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
4468 }
4469
4470 if (id->driver_info & BTUSB_INTEL_NEWGEN) {
4471 hdev->manufacturer = 2;
4472 hdev->send = btusb_send_frame_intel;
4473 hdev->setup = btusb_setup_intel_newgen;
4474 hdev->shutdown = btusb_shutdown_intel_new;
4475 hdev->hw_error = btintel_hw_error;
4476 hdev->set_diag = btintel_set_diag;
4477 hdev->set_bdaddr = btintel_set_bdaddr;
4478 hdev->cmd_timeout = btusb_intel_cmd_timeout;
4479 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4480 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4481 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
4482
4483 data->recv_event = btusb_recv_event_intel;
4484 data->recv_bulk = btusb_recv_bulk_intel;
4485 set_bit(BTUSB_BOOTLOADER, &data->flags);
4486 }
4487
4488 if (id->driver_info & BTUSB_MARVELL)
4489 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
4490
4491 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) &&
4492 (id->driver_info & BTUSB_MEDIATEK)) {
4493 hdev->setup = btusb_mtk_setup;
4494 hdev->shutdown = btusb_mtk_shutdown;
4495 hdev->manufacturer = 70;
4496 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
4497 }
4498
4499 if (id->driver_info & BTUSB_SWAVE) {
4500 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
4501 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
4502 }
4503
4504 if (id->driver_info & BTUSB_INTEL_BOOT) {
4505 hdev->manufacturer = 2;
4506 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
4507 }
4508
4509 if (id->driver_info & BTUSB_ATH3012) {
4510 data->setup_on_usb = btusb_setup_qca;
4511 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4512 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4513 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
4514 }
4515
4516 if (id->driver_info & BTUSB_QCA_ROME) {
4517 data->setup_on_usb = btusb_setup_qca;
4518 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
4519 hdev->cmd_timeout = btusb_qca_cmd_timeout;
4520 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4521 btusb_check_needs_reset_resume(intf);
4522 }
4523
4524 if (id->driver_info & BTUSB_QCA_WCN6855) {
4525 data->setup_on_usb = btusb_setup_qca;
4526 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
4527 hdev->cmd_timeout = btusb_qca_cmd_timeout;
4528 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4529 }
4530
4531 if (id->driver_info & BTUSB_AMP) {
4532 /* AMP controllers do not support SCO packets */
4533 data->isoc = NULL;
4534 } else {
4535 /* Interface orders are hardcoded in the specification */
4536 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
4537 data->isoc_ifnum = ifnum_base + 1;
4538 }
4539
4540 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
4541 (id->driver_info & BTUSB_REALTEK)) {
4542 hdev->setup = btrtl_setup_realtek;
4543 hdev->shutdown = btrtl_shutdown_realtek;
4544 hdev->cmd_timeout = btusb_rtl_cmd_timeout;
4545
4546 /* Realtek devices lose their updated firmware over global
4547 * suspend that means host doesn't send SET_FEATURE
4548 * (DEVICE_REMOTE_WAKEUP)
4549 */
4550 set_bit(BTUSB_WAKEUP_DISABLE, &data->flags);
4551 if (btusb_find_altsetting(data, 1))
4552 set_bit(BTUSB_USE_ALT1_FOR_WBS, &data->flags);
4553 else
4554 bt_dev_err(hdev, "Device does not support ALT setting 1");
4555 }
4556
4557 if (!reset)
4558 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4559
4560 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
4561 if (!disable_scofix)
4562 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
4563 }
4564
4565 if (id->driver_info & BTUSB_BROKEN_ISOC)
4566 data->isoc = NULL;
4567
4568 if (id->driver_info & BTUSB_WIDEBAND_SPEECH)
4569 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
4570
4571 if (id->driver_info & BTUSB_VALID_LE_STATES)
4572 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
4573
4574 if (id->driver_info & BTUSB_DIGIANSWER) {
4575 data->cmdreq_type = USB_TYPE_VENDOR;
4576 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4577 }
4578
4579 if (id->driver_info & BTUSB_CSR) {
4580 struct usb_device *udev = data->udev;
4581 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
4582
4583 /* Old firmware would otherwise execute USB reset */
4584 if (bcdDevice < 0x117)
4585 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
4586
4587 /* This must be set first in case we disable it for fakes */
4588 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4589
4590 /* Fake CSR devices with broken commands */
4591 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 &&
4592 le16_to_cpu(udev->descriptor.idProduct) == 0x0001)
4593 hdev->setup = btusb_setup_csr;
4594 }
4595
4596 if (id->driver_info & BTUSB_SNIFFER) {
4597 struct usb_device *udev = data->udev;
4598
4599 /* New sniffer firmware has crippled HCI interface */
4600 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
4601 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
4602 }
4603
4604 if (id->driver_info & BTUSB_INTEL_BOOT) {
4605 /* A bug in the bootloader causes that interrupt interface is
4606 * only enabled after receiving SetInterface(0, AltSetting=0).
4607 */
4608 err = usb_set_interface(data->udev, 0, 0);
4609 if (err < 0) {
4610 BT_ERR("failed to set interface 0, alt 0 %d", err);
4611 goto out_free_dev;
4612 }
4613 }
4614
4615 if (data->isoc) {
4616 err = usb_driver_claim_interface(&btusb_driver,
4617 data->isoc, data);
4618 if (err < 0)
4619 goto out_free_dev;
4620 }
4621
4622 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) {
4623 if (!usb_driver_claim_interface(&btusb_driver,
4624 data->diag, data))
4625 __set_diag_interface(hdev);
4626 else
4627 data->diag = NULL;
4628 }
4629
4630 if (enable_autosuspend)
4631 usb_enable_autosuspend(data->udev);
4632
4633 err = hci_register_dev(hdev);
4634 if (err < 0)
4635 goto out_free_dev;
4636
4637 usb_set_intfdata(intf, data);
4638
4639 return 0;
4640
4641 out_free_dev:
4642 if (data->reset_gpio)
4643 gpiod_put(data->reset_gpio);
4644 hci_free_dev(hdev);
4645 return err;
4646 }
4647
4648 static void btusb_disconnect(struct usb_interface *intf)
4649 {
4650 struct btusb_data *data = usb_get_intfdata(intf);
4651 struct hci_dev *hdev;
4652
4653 BT_DBG("intf %p", intf);
4654
4655 if (!data)
4656 return;
4657
4658 hdev = data->hdev;
4659 usb_set_intfdata(data->intf, NULL);
4660
4661 if (data->isoc)
4662 usb_set_intfdata(data->isoc, NULL);
4663
4664 if (data->diag)
4665 usb_set_intfdata(data->diag, NULL);
4666
4667 hci_unregister_dev(hdev);
4668
4669 if (intf == data->intf) {
4670 if (data->isoc)
4671 usb_driver_release_interface(&btusb_driver, data->isoc);
4672 if (data->diag)
4673 usb_driver_release_interface(&btusb_driver, data->diag);
4674 } else if (intf == data->isoc) {
4675 if (data->diag)
4676 usb_driver_release_interface(&btusb_driver, data->diag);
4677 usb_driver_release_interface(&btusb_driver, data->intf);
4678 } else if (intf == data->diag) {
4679 usb_driver_release_interface(&btusb_driver, data->intf);
4680 if (data->isoc)
4681 usb_driver_release_interface(&btusb_driver, data->isoc);
4682 }
4683
4684 if (data->oob_wake_irq)
4685 device_init_wakeup(&data->udev->dev, false);
4686
4687 if (data->reset_gpio)
4688 gpiod_put(data->reset_gpio);
4689
4690 hci_free_dev(hdev);
4691 }
4692
4693 #ifdef CONFIG_PM
4694 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
4695 {
4696 struct btusb_data *data = usb_get_intfdata(intf);
4697
4698 BT_DBG("intf %p", intf);
4699
4700 if (data->suspend_count++)
4701 return 0;
4702
4703 spin_lock_irq(&data->txlock);
4704 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
4705 set_bit(BTUSB_SUSPENDING, &data->flags);
4706 spin_unlock_irq(&data->txlock);
4707 } else {
4708 spin_unlock_irq(&data->txlock);
4709 data->suspend_count--;
4710 return -EBUSY;
4711 }
4712
4713 cancel_work_sync(&data->work);
4714
4715 btusb_stop_traffic(data);
4716 usb_kill_anchored_urbs(&data->tx_anchor);
4717
4718 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
4719 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
4720 enable_irq_wake(data->oob_wake_irq);
4721 enable_irq(data->oob_wake_irq);
4722 }
4723
4724 /* For global suspend, Realtek devices lose the loaded fw
4725 * in them. But for autosuspend, firmware should remain.
4726 * Actually, it depends on whether the usb host sends
4727 * set feature (enable wakeup) or not.
4728 */
4729 if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) {
4730 if (PMSG_IS_AUTO(message) &&
4731 device_can_wakeup(&data->udev->dev))
4732 data->udev->do_remote_wakeup = 1;
4733 else if (!PMSG_IS_AUTO(message))
4734 data->udev->reset_resume = 1;
4735 }
4736
4737 return 0;
4738 }
4739
4740 static void play_deferred(struct btusb_data *data)
4741 {
4742 struct urb *urb;
4743 int err;
4744
4745 while ((urb = usb_get_from_anchor(&data->deferred))) {
4746 usb_anchor_urb(urb, &data->tx_anchor);
4747
4748 err = usb_submit_urb(urb, GFP_ATOMIC);
4749 if (err < 0) {
4750 if (err != -EPERM && err != -ENODEV)
4751 BT_ERR("%s urb %p submission failed (%d)",
4752 data->hdev->name, urb, -err);
4753 kfree(urb->setup_packet);
4754 usb_unanchor_urb(urb);
4755 usb_free_urb(urb);
4756 break;
4757 }
4758
4759 data->tx_in_flight++;
4760 usb_free_urb(urb);
4761 }
4762
4763 /* Cleanup the rest deferred urbs. */
4764 while ((urb = usb_get_from_anchor(&data->deferred))) {
4765 kfree(urb->setup_packet);
4766 usb_free_urb(urb);
4767 }
4768 }
4769
4770 static int btusb_resume(struct usb_interface *intf)
4771 {
4772 struct btusb_data *data = usb_get_intfdata(intf);
4773 struct hci_dev *hdev = data->hdev;
4774 int err = 0;
4775
4776 BT_DBG("intf %p", intf);
4777
4778 if (--data->suspend_count)
4779 return 0;
4780
4781 /* Disable only if not already disabled (keep it balanced) */
4782 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
4783 disable_irq(data->oob_wake_irq);
4784 disable_irq_wake(data->oob_wake_irq);
4785 }
4786
4787 if (!test_bit(HCI_RUNNING, &hdev->flags))
4788 goto done;
4789
4790 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
4791 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
4792 if (err < 0) {
4793 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
4794 goto failed;
4795 }
4796 }
4797
4798 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
4799 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
4800 if (err < 0) {
4801 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
4802 goto failed;
4803 }
4804
4805 btusb_submit_bulk_urb(hdev, GFP_NOIO);
4806 }
4807
4808 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
4809 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
4810 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
4811 else
4812 btusb_submit_isoc_urb(hdev, GFP_NOIO);
4813 }
4814
4815 spin_lock_irq(&data->txlock);
4816 play_deferred(data);
4817 clear_bit(BTUSB_SUSPENDING, &data->flags);
4818 spin_unlock_irq(&data->txlock);
4819 schedule_work(&data->work);
4820
4821 return 0;
4822
4823 failed:
4824 usb_scuttle_anchored_urbs(&data->deferred);
4825 done:
4826 spin_lock_irq(&data->txlock);
4827 clear_bit(BTUSB_SUSPENDING, &data->flags);
4828 spin_unlock_irq(&data->txlock);
4829
4830 return err;
4831 }
4832 #endif
4833
4834 static struct usb_driver btusb_driver = {
4835 .name = "btusb",
4836 .probe = btusb_probe,
4837 .disconnect = btusb_disconnect,
4838 #ifdef CONFIG_PM
4839 .suspend = btusb_suspend,
4840 .resume = btusb_resume,
4841 #endif
4842 .id_table = btusb_table,
4843 .supports_autosuspend = 1,
4844 .disable_hub_initiated_lpm = 1,
4845 };
4846
4847 module_usb_driver(btusb_driver);
4848
4849 module_param(disable_scofix, bool, 0644);
4850 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
4851
4852 module_param(force_scofix, bool, 0644);
4853 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
4854
4855 module_param(enable_autosuspend, bool, 0644);
4856 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
4857
4858 module_param(reset, bool, 0644);
4859 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
4860
4861 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4862 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
4863 MODULE_VERSION(VERSION);
4864 MODULE_LICENSE("GPL");
Linux with added FPC-III support