Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / bluetooth / btusb.c
blob3328eb0df8b63ebcfde5f872183cdec60394ec85
1 /*
3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
33 #include <linux/usb.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
38 #define VERSION "0.6"
40 static bool ignore_dga;
41 static bool ignore_csr;
42 static bool ignore_sniffer;
43 static bool disable_scofix;
44 static bool force_scofix;
46 static bool reset = 1;
48 static struct usb_driver btusb_driver;
50 #define BTUSB_IGNORE 0x01
51 #define BTUSB_DIGIANSWER 0x02
52 #define BTUSB_CSR 0x04
53 #define BTUSB_SNIFFER 0x08
54 #define BTUSB_BCM92035 0x10
55 #define BTUSB_BROKEN_ISOC 0x20
56 #define BTUSB_WRONG_SCO_MTU 0x40
57 #define BTUSB_ATH3012 0x80
59 static struct usb_device_id btusb_table[] = {
60 /* Generic Bluetooth USB device */
61 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x05ac, 0x21e1) },
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0a5c, 0x21e3) },
105 { USB_DEVICE(0x0a5c, 0x21f3) },
106 { USB_DEVICE(0x413c, 0x8197) },
108 { } /* Terminating entry */
111 MODULE_DEVICE_TABLE(usb, btusb_table);
113 static struct usb_device_id blacklist_table[] = {
114 /* CSR BlueCore devices */
115 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
117 /* Broadcom BCM2033 without firmware */
118 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
120 /* Atheros 3011 with sflash firmware */
121 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
122 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
123 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
124 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
126 /* Atheros AR9285 Malbec with sflash firmware */
127 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
129 /* Atheros 3012 with sflash firmware */
130 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
131 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
132 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
133 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
135 /* Atheros AR5BBU12 with sflash firmware */
136 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
138 /* Broadcom BCM2035 */
139 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
140 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
141 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
143 /* Broadcom BCM2045 */
144 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
145 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
147 /* IBM/Lenovo ThinkPad with Broadcom chip */
148 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
149 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
151 /* HP laptop with Broadcom chip */
152 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
154 /* Dell laptop with Broadcom chip */
155 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
157 /* Dell Wireless 370 and 410 devices */
158 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
159 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
161 /* Belkin F8T012 and F8T013 devices */
162 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
163 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
165 /* Asus WL-BTD202 device */
166 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
168 /* Kensington Bluetooth USB adapter */
169 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
171 /* RTX Telecom based adapters with buggy SCO support */
172 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
173 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
175 /* CONWISE Technology based adapters with buggy SCO support */
176 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
178 /* Digianswer devices */
179 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
180 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
182 /* CSR BlueCore Bluetooth Sniffer */
183 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
185 /* Frontline ComProbe Bluetooth Sniffer */
186 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
188 { } /* Terminating entry */
191 #define BTUSB_MAX_ISOC_FRAMES 10
193 #define BTUSB_INTR_RUNNING 0
194 #define BTUSB_BULK_RUNNING 1
195 #define BTUSB_ISOC_RUNNING 2
196 #define BTUSB_SUSPENDING 3
197 #define BTUSB_DID_ISO_RESUME 4
199 struct btusb_data {
200 struct hci_dev *hdev;
201 struct usb_device *udev;
202 struct usb_interface *intf;
203 struct usb_interface *isoc;
205 spinlock_t lock;
207 unsigned long flags;
209 struct work_struct work;
210 struct work_struct waker;
212 struct usb_anchor tx_anchor;
213 struct usb_anchor intr_anchor;
214 struct usb_anchor bulk_anchor;
215 struct usb_anchor isoc_anchor;
216 struct usb_anchor deferred;
217 int tx_in_flight;
218 spinlock_t txlock;
220 struct usb_endpoint_descriptor *intr_ep;
221 struct usb_endpoint_descriptor *bulk_tx_ep;
222 struct usb_endpoint_descriptor *bulk_rx_ep;
223 struct usb_endpoint_descriptor *isoc_tx_ep;
224 struct usb_endpoint_descriptor *isoc_rx_ep;
226 __u8 cmdreq_type;
228 unsigned int sco_num;
229 int isoc_altsetting;
230 int suspend_count;
233 static int inc_tx(struct btusb_data *data)
235 unsigned long flags;
236 int rv;
238 spin_lock_irqsave(&data->txlock, flags);
239 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
240 if (!rv)
241 data->tx_in_flight++;
242 spin_unlock_irqrestore(&data->txlock, flags);
244 return rv;
247 static void btusb_intr_complete(struct urb *urb)
249 struct hci_dev *hdev = urb->context;
250 struct btusb_data *data = hdev->driver_data;
251 int err;
253 BT_DBG("%s urb %p status %d count %d", hdev->name,
254 urb, urb->status, urb->actual_length);
256 if (!test_bit(HCI_RUNNING, &hdev->flags))
257 return;
259 if (urb->status == 0) {
260 hdev->stat.byte_rx += urb->actual_length;
262 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
263 urb->transfer_buffer,
264 urb->actual_length) < 0) {
265 BT_ERR("%s corrupted event packet", hdev->name);
266 hdev->stat.err_rx++;
270 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
271 return;
273 usb_mark_last_busy(data->udev);
274 usb_anchor_urb(urb, &data->intr_anchor);
276 err = usb_submit_urb(urb, GFP_ATOMIC);
277 if (err < 0) {
278 /* -EPERM: urb is being killed;
279 * -ENODEV: device got disconnected */
280 if (err != -EPERM && err != -ENODEV)
281 BT_ERR("%s urb %p failed to resubmit (%d)",
282 hdev->name, urb, -err);
283 usb_unanchor_urb(urb);
287 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
289 struct btusb_data *data = hdev->driver_data;
290 struct urb *urb;
291 unsigned char *buf;
292 unsigned int pipe;
293 int err, size;
295 BT_DBG("%s", hdev->name);
297 if (!data->intr_ep)
298 return -ENODEV;
300 urb = usb_alloc_urb(0, mem_flags);
301 if (!urb)
302 return -ENOMEM;
304 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
306 buf = kmalloc(size, mem_flags);
307 if (!buf) {
308 usb_free_urb(urb);
309 return -ENOMEM;
312 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
314 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
315 btusb_intr_complete, hdev,
316 data->intr_ep->bInterval);
318 urb->transfer_flags |= URB_FREE_BUFFER;
320 usb_anchor_urb(urb, &data->intr_anchor);
322 err = usb_submit_urb(urb, mem_flags);
323 if (err < 0) {
324 if (err != -EPERM && err != -ENODEV)
325 BT_ERR("%s urb %p submission failed (%d)",
326 hdev->name, urb, -err);
327 usb_unanchor_urb(urb);
330 usb_free_urb(urb);
332 return err;
335 static void btusb_bulk_complete(struct urb *urb)
337 struct hci_dev *hdev = urb->context;
338 struct btusb_data *data = hdev->driver_data;
339 int err;
341 BT_DBG("%s urb %p status %d count %d", hdev->name,
342 urb, urb->status, urb->actual_length);
344 if (!test_bit(HCI_RUNNING, &hdev->flags))
345 return;
347 if (urb->status == 0) {
348 hdev->stat.byte_rx += urb->actual_length;
350 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
351 urb->transfer_buffer,
352 urb->actual_length) < 0) {
353 BT_ERR("%s corrupted ACL packet", hdev->name);
354 hdev->stat.err_rx++;
358 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
359 return;
361 usb_anchor_urb(urb, &data->bulk_anchor);
362 usb_mark_last_busy(data->udev);
364 err = usb_submit_urb(urb, GFP_ATOMIC);
365 if (err < 0) {
366 /* -EPERM: urb is being killed;
367 * -ENODEV: device got disconnected */
368 if (err != -EPERM && err != -ENODEV)
369 BT_ERR("%s urb %p failed to resubmit (%d)",
370 hdev->name, urb, -err);
371 usb_unanchor_urb(urb);
375 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
377 struct btusb_data *data = hdev->driver_data;
378 struct urb *urb;
379 unsigned char *buf;
380 unsigned int pipe;
381 int err, size = HCI_MAX_FRAME_SIZE;
383 BT_DBG("%s", hdev->name);
385 if (!data->bulk_rx_ep)
386 return -ENODEV;
388 urb = usb_alloc_urb(0, mem_flags);
389 if (!urb)
390 return -ENOMEM;
392 buf = kmalloc(size, mem_flags);
393 if (!buf) {
394 usb_free_urb(urb);
395 return -ENOMEM;
398 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
400 usb_fill_bulk_urb(urb, data->udev, pipe,
401 buf, size, btusb_bulk_complete, hdev);
403 urb->transfer_flags |= URB_FREE_BUFFER;
405 usb_mark_last_busy(data->udev);
406 usb_anchor_urb(urb, &data->bulk_anchor);
408 err = usb_submit_urb(urb, mem_flags);
409 if (err < 0) {
410 if (err != -EPERM && err != -ENODEV)
411 BT_ERR("%s urb %p submission failed (%d)",
412 hdev->name, urb, -err);
413 usb_unanchor_urb(urb);
416 usb_free_urb(urb);
418 return err;
421 static void btusb_isoc_complete(struct urb *urb)
423 struct hci_dev *hdev = urb->context;
424 struct btusb_data *data = hdev->driver_data;
425 int i, err;
427 BT_DBG("%s urb %p status %d count %d", hdev->name,
428 urb, urb->status, urb->actual_length);
430 if (!test_bit(HCI_RUNNING, &hdev->flags))
431 return;
433 if (urb->status == 0) {
434 for (i = 0; i < urb->number_of_packets; i++) {
435 unsigned int offset = urb->iso_frame_desc[i].offset;
436 unsigned int length = urb->iso_frame_desc[i].actual_length;
438 if (urb->iso_frame_desc[i].status)
439 continue;
441 hdev->stat.byte_rx += length;
443 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
444 urb->transfer_buffer + offset,
445 length) < 0) {
446 BT_ERR("%s corrupted SCO packet", hdev->name);
447 hdev->stat.err_rx++;
452 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
453 return;
455 usb_anchor_urb(urb, &data->isoc_anchor);
457 err = usb_submit_urb(urb, GFP_ATOMIC);
458 if (err < 0) {
459 /* -EPERM: urb is being killed;
460 * -ENODEV: device got disconnected */
461 if (err != -EPERM && err != -ENODEV)
462 BT_ERR("%s urb %p failed to resubmit (%d)",
463 hdev->name, urb, -err);
464 usb_unanchor_urb(urb);
468 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
470 int i, offset = 0;
472 BT_DBG("len %d mtu %d", len, mtu);
474 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
475 i++, offset += mtu, len -= mtu) {
476 urb->iso_frame_desc[i].offset = offset;
477 urb->iso_frame_desc[i].length = mtu;
480 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
481 urb->iso_frame_desc[i].offset = offset;
482 urb->iso_frame_desc[i].length = len;
483 i++;
486 urb->number_of_packets = i;
489 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
491 struct btusb_data *data = hdev->driver_data;
492 struct urb *urb;
493 unsigned char *buf;
494 unsigned int pipe;
495 int err, size;
497 BT_DBG("%s", hdev->name);
499 if (!data->isoc_rx_ep)
500 return -ENODEV;
502 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
503 if (!urb)
504 return -ENOMEM;
506 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
507 BTUSB_MAX_ISOC_FRAMES;
509 buf = kmalloc(size, mem_flags);
510 if (!buf) {
511 usb_free_urb(urb);
512 return -ENOMEM;
515 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
517 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
518 hdev, data->isoc_rx_ep->bInterval);
520 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
522 __fill_isoc_descriptor(urb, size,
523 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
525 usb_anchor_urb(urb, &data->isoc_anchor);
527 err = usb_submit_urb(urb, mem_flags);
528 if (err < 0) {
529 if (err != -EPERM && err != -ENODEV)
530 BT_ERR("%s urb %p submission failed (%d)",
531 hdev->name, urb, -err);
532 usb_unanchor_urb(urb);
535 usb_free_urb(urb);
537 return err;
540 static void btusb_tx_complete(struct urb *urb)
542 struct sk_buff *skb = urb->context;
543 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
544 struct btusb_data *data = hdev->driver_data;
546 BT_DBG("%s urb %p status %d count %d", hdev->name,
547 urb, urb->status, urb->actual_length);
549 if (!test_bit(HCI_RUNNING, &hdev->flags))
550 goto done;
552 if (!urb->status)
553 hdev->stat.byte_tx += urb->transfer_buffer_length;
554 else
555 hdev->stat.err_tx++;
557 done:
558 spin_lock(&data->txlock);
559 data->tx_in_flight--;
560 spin_unlock(&data->txlock);
562 kfree(urb->setup_packet);
564 kfree_skb(skb);
567 static void btusb_isoc_tx_complete(struct urb *urb)
569 struct sk_buff *skb = urb->context;
570 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
572 BT_DBG("%s urb %p status %d count %d", hdev->name,
573 urb, urb->status, urb->actual_length);
575 if (!test_bit(HCI_RUNNING, &hdev->flags))
576 goto done;
578 if (!urb->status)
579 hdev->stat.byte_tx += urb->transfer_buffer_length;
580 else
581 hdev->stat.err_tx++;
583 done:
584 kfree(urb->setup_packet);
586 kfree_skb(skb);
589 static int btusb_open(struct hci_dev *hdev)
591 struct btusb_data *data = hdev->driver_data;
592 int err;
594 BT_DBG("%s", hdev->name);
596 err = usb_autopm_get_interface(data->intf);
597 if (err < 0)
598 return err;
600 data->intf->needs_remote_wakeup = 1;
602 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
603 goto done;
605 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
606 goto done;
608 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
609 if (err < 0)
610 goto failed;
612 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
613 if (err < 0) {
614 usb_kill_anchored_urbs(&data->intr_anchor);
615 goto failed;
618 set_bit(BTUSB_BULK_RUNNING, &data->flags);
619 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
621 done:
622 usb_autopm_put_interface(data->intf);
623 return 0;
625 failed:
626 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
627 clear_bit(HCI_RUNNING, &hdev->flags);
628 usb_autopm_put_interface(data->intf);
629 return err;
632 static void btusb_stop_traffic(struct btusb_data *data)
634 usb_kill_anchored_urbs(&data->intr_anchor);
635 usb_kill_anchored_urbs(&data->bulk_anchor);
636 usb_kill_anchored_urbs(&data->isoc_anchor);
639 static int btusb_close(struct hci_dev *hdev)
641 struct btusb_data *data = hdev->driver_data;
642 int err;
644 BT_DBG("%s", hdev->name);
646 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
647 return 0;
649 cancel_work_sync(&data->work);
650 cancel_work_sync(&data->waker);
652 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
653 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
654 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
656 btusb_stop_traffic(data);
657 err = usb_autopm_get_interface(data->intf);
658 if (err < 0)
659 goto failed;
661 data->intf->needs_remote_wakeup = 0;
662 usb_autopm_put_interface(data->intf);
664 failed:
665 usb_scuttle_anchored_urbs(&data->deferred);
666 return 0;
669 static int btusb_flush(struct hci_dev *hdev)
671 struct btusb_data *data = hdev->driver_data;
673 BT_DBG("%s", hdev->name);
675 usb_kill_anchored_urbs(&data->tx_anchor);
677 return 0;
680 static int btusb_send_frame(struct sk_buff *skb)
682 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
683 struct btusb_data *data = hdev->driver_data;
684 struct usb_ctrlrequest *dr;
685 struct urb *urb;
686 unsigned int pipe;
687 int err;
689 BT_DBG("%s", hdev->name);
691 if (!test_bit(HCI_RUNNING, &hdev->flags))
692 return -EBUSY;
694 switch (bt_cb(skb)->pkt_type) {
695 case HCI_COMMAND_PKT:
696 urb = usb_alloc_urb(0, GFP_ATOMIC);
697 if (!urb)
698 return -ENOMEM;
700 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
701 if (!dr) {
702 usb_free_urb(urb);
703 return -ENOMEM;
706 dr->bRequestType = data->cmdreq_type;
707 dr->bRequest = 0;
708 dr->wIndex = 0;
709 dr->wValue = 0;
710 dr->wLength = __cpu_to_le16(skb->len);
712 pipe = usb_sndctrlpipe(data->udev, 0x00);
714 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
715 skb->data, skb->len, btusb_tx_complete, skb);
717 hdev->stat.cmd_tx++;
718 break;
720 case HCI_ACLDATA_PKT:
721 if (!data->bulk_tx_ep)
722 return -ENODEV;
724 urb = usb_alloc_urb(0, GFP_ATOMIC);
725 if (!urb)
726 return -ENOMEM;
728 pipe = usb_sndbulkpipe(data->udev,
729 data->bulk_tx_ep->bEndpointAddress);
731 usb_fill_bulk_urb(urb, data->udev, pipe,
732 skb->data, skb->len, btusb_tx_complete, skb);
734 hdev->stat.acl_tx++;
735 break;
737 case HCI_SCODATA_PKT:
738 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
739 return -ENODEV;
741 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
742 if (!urb)
743 return -ENOMEM;
745 pipe = usb_sndisocpipe(data->udev,
746 data->isoc_tx_ep->bEndpointAddress);
748 usb_fill_int_urb(urb, data->udev, pipe,
749 skb->data, skb->len, btusb_isoc_tx_complete,
750 skb, data->isoc_tx_ep->bInterval);
752 urb->transfer_flags = URB_ISO_ASAP;
754 __fill_isoc_descriptor(urb, skb->len,
755 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
757 hdev->stat.sco_tx++;
758 goto skip_waking;
760 default:
761 return -EILSEQ;
764 err = inc_tx(data);
765 if (err) {
766 usb_anchor_urb(urb, &data->deferred);
767 schedule_work(&data->waker);
768 err = 0;
769 goto done;
772 skip_waking:
773 usb_anchor_urb(urb, &data->tx_anchor);
775 err = usb_submit_urb(urb, GFP_ATOMIC);
776 if (err < 0) {
777 if (err != -EPERM && err != -ENODEV)
778 BT_ERR("%s urb %p submission failed (%d)",
779 hdev->name, urb, -err);
780 kfree(urb->setup_packet);
781 usb_unanchor_urb(urb);
782 } else {
783 usb_mark_last_busy(data->udev);
786 done:
787 usb_free_urb(urb);
788 return err;
791 static void btusb_destruct(struct hci_dev *hdev)
793 struct btusb_data *data = hdev->driver_data;
795 BT_DBG("%s", hdev->name);
797 kfree(data);
800 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
802 struct btusb_data *data = hdev->driver_data;
804 BT_DBG("%s evt %d", hdev->name, evt);
806 if (hdev->conn_hash.sco_num != data->sco_num) {
807 data->sco_num = hdev->conn_hash.sco_num;
808 schedule_work(&data->work);
812 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
814 struct btusb_data *data = hdev->driver_data;
815 struct usb_interface *intf = data->isoc;
816 struct usb_endpoint_descriptor *ep_desc;
817 int i, err;
819 if (!data->isoc)
820 return -ENODEV;
822 err = usb_set_interface(data->udev, 1, altsetting);
823 if (err < 0) {
824 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
825 return err;
828 data->isoc_altsetting = altsetting;
830 data->isoc_tx_ep = NULL;
831 data->isoc_rx_ep = NULL;
833 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
834 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
836 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
837 data->isoc_tx_ep = ep_desc;
838 continue;
841 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
842 data->isoc_rx_ep = ep_desc;
843 continue;
847 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
848 BT_ERR("%s invalid SCO descriptors", hdev->name);
849 return -ENODEV;
852 return 0;
855 static void btusb_work(struct work_struct *work)
857 struct btusb_data *data = container_of(work, struct btusb_data, work);
858 struct hci_dev *hdev = data->hdev;
859 int err;
861 if (hdev->conn_hash.sco_num > 0) {
862 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
863 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
864 if (err < 0) {
865 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
866 usb_kill_anchored_urbs(&data->isoc_anchor);
867 return;
870 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
872 if (data->isoc_altsetting != 2) {
873 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
874 usb_kill_anchored_urbs(&data->isoc_anchor);
876 if (__set_isoc_interface(hdev, 2) < 0)
877 return;
880 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
881 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
882 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
883 else
884 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
886 } else {
887 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
888 usb_kill_anchored_urbs(&data->isoc_anchor);
890 __set_isoc_interface(hdev, 0);
891 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
892 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
896 static void btusb_waker(struct work_struct *work)
898 struct btusb_data *data = container_of(work, struct btusb_data, waker);
899 int err;
901 err = usb_autopm_get_interface(data->intf);
902 if (err < 0)
903 return;
905 usb_autopm_put_interface(data->intf);
908 static int btusb_probe(struct usb_interface *intf,
909 const struct usb_device_id *id)
911 struct usb_endpoint_descriptor *ep_desc;
912 struct btusb_data *data;
913 struct hci_dev *hdev;
914 int i, err;
916 BT_DBG("intf %p id %p", intf, id);
918 /* interface numbers are hardcoded in the spec */
919 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
920 return -ENODEV;
922 if (!id->driver_info) {
923 const struct usb_device_id *match;
924 match = usb_match_id(intf, blacklist_table);
925 if (match)
926 id = match;
929 if (id->driver_info == BTUSB_IGNORE)
930 return -ENODEV;
932 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
933 return -ENODEV;
935 if (ignore_csr && id->driver_info & BTUSB_CSR)
936 return -ENODEV;
938 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
939 return -ENODEV;
941 if (id->driver_info & BTUSB_ATH3012) {
942 struct usb_device *udev = interface_to_usbdev(intf);
944 /* Old firmware would otherwise let ath3k driver load
945 * patch and sysconfig files */
946 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
947 return -ENODEV;
950 data = kzalloc(sizeof(*data), GFP_KERNEL);
951 if (!data)
952 return -ENOMEM;
954 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
955 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
957 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
958 data->intr_ep = ep_desc;
959 continue;
962 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
963 data->bulk_tx_ep = ep_desc;
964 continue;
967 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
968 data->bulk_rx_ep = ep_desc;
969 continue;
973 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
974 kfree(data);
975 return -ENODEV;
978 data->cmdreq_type = USB_TYPE_CLASS;
980 data->udev = interface_to_usbdev(intf);
981 data->intf = intf;
983 spin_lock_init(&data->lock);
985 INIT_WORK(&data->work, btusb_work);
986 INIT_WORK(&data->waker, btusb_waker);
987 spin_lock_init(&data->txlock);
989 init_usb_anchor(&data->tx_anchor);
990 init_usb_anchor(&data->intr_anchor);
991 init_usb_anchor(&data->bulk_anchor);
992 init_usb_anchor(&data->isoc_anchor);
993 init_usb_anchor(&data->deferred);
995 hdev = hci_alloc_dev();
996 if (!hdev) {
997 kfree(data);
998 return -ENOMEM;
1001 hdev->bus = HCI_USB;
1002 hdev->driver_data = data;
1004 data->hdev = hdev;
1006 SET_HCIDEV_DEV(hdev, &intf->dev);
1008 hdev->open = btusb_open;
1009 hdev->close = btusb_close;
1010 hdev->flush = btusb_flush;
1011 hdev->send = btusb_send_frame;
1012 hdev->destruct = btusb_destruct;
1013 hdev->notify = btusb_notify;
1015 hdev->owner = THIS_MODULE;
1017 /* Interface numbers are hardcoded in the specification */
1018 data->isoc = usb_ifnum_to_if(data->udev, 1);
1020 if (!reset)
1021 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1023 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1024 if (!disable_scofix)
1025 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1028 if (id->driver_info & BTUSB_BROKEN_ISOC)
1029 data->isoc = NULL;
1031 if (id->driver_info & BTUSB_DIGIANSWER) {
1032 data->cmdreq_type = USB_TYPE_VENDOR;
1033 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1036 if (id->driver_info & BTUSB_CSR) {
1037 struct usb_device *udev = data->udev;
1039 /* Old firmware would otherwise execute USB reset */
1040 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1041 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1044 if (id->driver_info & BTUSB_SNIFFER) {
1045 struct usb_device *udev = data->udev;
1047 /* New sniffer firmware has crippled HCI interface */
1048 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1049 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1051 data->isoc = NULL;
1054 if (id->driver_info & BTUSB_BCM92035) {
1055 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1056 struct sk_buff *skb;
1058 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1059 if (skb) {
1060 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1061 skb_queue_tail(&hdev->driver_init, skb);
1065 if (data->isoc) {
1066 err = usb_driver_claim_interface(&btusb_driver,
1067 data->isoc, data);
1068 if (err < 0) {
1069 hci_free_dev(hdev);
1070 kfree(data);
1071 return err;
1075 err = hci_register_dev(hdev);
1076 if (err < 0) {
1077 hci_free_dev(hdev);
1078 kfree(data);
1079 return err;
1082 usb_set_intfdata(intf, data);
1084 return 0;
1087 static void btusb_disconnect(struct usb_interface *intf)
1089 struct btusb_data *data = usb_get_intfdata(intf);
1090 struct hci_dev *hdev;
1092 BT_DBG("intf %p", intf);
1094 if (!data)
1095 return;
1097 hdev = data->hdev;
1099 __hci_dev_hold(hdev);
1101 usb_set_intfdata(data->intf, NULL);
1103 if (data->isoc)
1104 usb_set_intfdata(data->isoc, NULL);
1106 hci_unregister_dev(hdev);
1108 if (intf == data->isoc)
1109 usb_driver_release_interface(&btusb_driver, data->intf);
1110 else if (data->isoc)
1111 usb_driver_release_interface(&btusb_driver, data->isoc);
1113 __hci_dev_put(hdev);
1115 hci_free_dev(hdev);
1118 #ifdef CONFIG_PM
1119 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1121 struct btusb_data *data = usb_get_intfdata(intf);
1123 BT_DBG("intf %p", intf);
1125 if (data->suspend_count++)
1126 return 0;
1128 spin_lock_irq(&data->txlock);
1129 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1130 set_bit(BTUSB_SUSPENDING, &data->flags);
1131 spin_unlock_irq(&data->txlock);
1132 } else {
1133 spin_unlock_irq(&data->txlock);
1134 data->suspend_count--;
1135 return -EBUSY;
1138 cancel_work_sync(&data->work);
1140 btusb_stop_traffic(data);
1141 usb_kill_anchored_urbs(&data->tx_anchor);
1143 return 0;
1146 static void play_deferred(struct btusb_data *data)
1148 struct urb *urb;
1149 int err;
1151 while ((urb = usb_get_from_anchor(&data->deferred))) {
1152 err = usb_submit_urb(urb, GFP_ATOMIC);
1153 if (err < 0)
1154 break;
1156 data->tx_in_flight++;
1158 usb_scuttle_anchored_urbs(&data->deferred);
1161 static int btusb_resume(struct usb_interface *intf)
1163 struct btusb_data *data = usb_get_intfdata(intf);
1164 struct hci_dev *hdev = data->hdev;
1165 int err = 0;
1167 BT_DBG("intf %p", intf);
1169 if (--data->suspend_count)
1170 return 0;
1172 if (!test_bit(HCI_RUNNING, &hdev->flags))
1173 goto done;
1175 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1176 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1177 if (err < 0) {
1178 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1179 goto failed;
1183 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1184 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1185 if (err < 0) {
1186 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1187 goto failed;
1190 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1193 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1194 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1195 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1196 else
1197 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1200 spin_lock_irq(&data->txlock);
1201 play_deferred(data);
1202 clear_bit(BTUSB_SUSPENDING, &data->flags);
1203 spin_unlock_irq(&data->txlock);
1204 schedule_work(&data->work);
1206 return 0;
1208 failed:
1209 usb_scuttle_anchored_urbs(&data->deferred);
1210 done:
1211 spin_lock_irq(&data->txlock);
1212 clear_bit(BTUSB_SUSPENDING, &data->flags);
1213 spin_unlock_irq(&data->txlock);
1215 return err;
1217 #endif
1219 static struct usb_driver btusb_driver = {
1220 .name = "btusb",
1221 .probe = btusb_probe,
1222 .disconnect = btusb_disconnect,
1223 #ifdef CONFIG_PM
1224 .suspend = btusb_suspend,
1225 .resume = btusb_resume,
1226 #endif
1227 .id_table = btusb_table,
1228 .supports_autosuspend = 1,
1231 module_usb_driver(btusb_driver);
1233 module_param(ignore_dga, bool, 0644);
1234 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1236 module_param(ignore_csr, bool, 0644);
1237 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1239 module_param(ignore_sniffer, bool, 0644);
1240 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1242 module_param(disable_scofix, bool, 0644);
1243 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1245 module_param(force_scofix, bool, 0644);
1246 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1248 module_param(reset, bool, 0644);
1249 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1251 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1252 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1253 MODULE_VERSION(VERSION);
1254 MODULE_LICENSE("GPL");