1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Generic Bluetooth USB driver 5 * 6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 7 */ 8 9 #include <linux/dmi.h> 10 #include <linux/module.h> 11 #include <linux/usb.h> 12 #include <linux/usb/quirks.h> 13 #include <linux/firmware.h> 14 #include <linux/iopoll.h> 15 #include <linux/of_device.h> 16 #include <linux/of_irq.h> 17 #include <linux/suspend.h> 18 #include <linux/gpio/consumer.h> 19 #include <linux/debugfs.h> 20 #include <linux/unaligned.h> 21 22 #include <net/bluetooth/bluetooth.h> 23 #include <net/bluetooth/hci_core.h> 24 #include <net/bluetooth/hci_drv.h> 25 26 #include "btintel.h" 27 #include "btbcm.h" 28 #include "btrtl.h" 29 #include "btmtk.h" 30 31 #define VERSION "0.8" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 36 static bool enable_poll_sync = IS_ENABLED(CONFIG_BT_HCIBTUSB_POLL_SYNC); 37 static bool reset = true; 38 39 static struct usb_driver btusb_driver; 40 41 #define BTUSB_IGNORE BIT(0) 42 #define BTUSB_DIGIANSWER BIT(1) 43 #define BTUSB_CSR BIT(2) 44 #define BTUSB_SNIFFER BIT(3) 45 #define BTUSB_BCM92035 BIT(4) 46 #define BTUSB_BROKEN_ISOC BIT(5) 47 #define BTUSB_WRONG_SCO_MTU BIT(6) 48 #define BTUSB_ATH3012 BIT(7) 49 #define BTUSB_INTEL_COMBINED BIT(8) 50 #define BTUSB_INTEL_BOOT BIT(9) 51 #define BTUSB_BCM_PATCHRAM BIT(10) 52 #define BTUSB_MARVELL BIT(11) 53 #define BTUSB_SWAVE BIT(12) 54 #define BTUSB_AMP BIT(13) 55 #define BTUSB_QCA_ROME BIT(14) 56 #define BTUSB_BCM_APPLE BIT(15) 57 #define BTUSB_REALTEK BIT(16) 58 #define BTUSB_BCM2045 BIT(17) 59 #define BTUSB_IFNUM_2 BIT(18) 60 #define BTUSB_CW6622 BIT(19) 61 #define BTUSB_MEDIATEK BIT(20) 62 #define BTUSB_WIDEBAND_SPEECH BIT(21) 63 #define BTUSB_INVALID_LE_STATES BIT(22) 64 #define BTUSB_QCA_WCN6855 BIT(23) 65 #define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24) 66 #define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25) 67 #define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26) 68 #define BTUSB_ACTIONS_SEMI BIT(27) 69 #define BTUSB_BARROT BIT(28) 70 71 static const struct usb_device_id btusb_table[] = { 72 /* Generic Bluetooth USB device */ 73 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 74 75 /* Generic Bluetooth AMP device */ 76 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 77 78 /* Generic Bluetooth USB interface */ 79 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 80 81 /* Apple-specific (Broadcom) devices */ 82 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 83 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 84 85 /* MediaTek MT76x0E */ 86 { USB_DEVICE(0x0e8d, 0x763f) }, 87 88 /* Broadcom SoftSailing reporting vendor specific */ 89 { USB_DEVICE(0x0a5c, 0x21e1) }, 90 91 /* Apple MacBookPro 7,1 */ 92 { USB_DEVICE(0x05ac, 0x8213) }, 93 94 /* Apple iMac11,1 */ 95 { USB_DEVICE(0x05ac, 0x8215) }, 96 97 /* Apple MacBookPro6,2 */ 98 { USB_DEVICE(0x05ac, 0x8218) }, 99 100 /* Apple MacBookAir3,1, MacBookAir3,2 */ 101 { USB_DEVICE(0x05ac, 0x821b) }, 102 103 /* Apple MacBookAir4,1 */ 104 { USB_DEVICE(0x05ac, 0x821f) }, 105 106 /* Apple MacBookPro8,2 */ 107 { USB_DEVICE(0x05ac, 0x821a) }, 108 109 /* Apple MacMini5,1 */ 110 { USB_DEVICE(0x05ac, 0x8281) }, 111 112 /* AVM BlueFRITZ! USB v2.0 */ 113 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 114 115 /* Bluetooth Ultraport Module from IBM */ 116 { USB_DEVICE(0x04bf, 0x030a) }, 117 118 /* ALPS Modules with non-standard id */ 119 { USB_DEVICE(0x044e, 0x3001) }, 120 { USB_DEVICE(0x044e, 0x3002) }, 121 122 /* Ericsson with non-standard id */ 123 { USB_DEVICE(0x0bdb, 0x1002) }, 124 125 /* Canyon CN-BTU1 with HID interfaces */ 126 { USB_DEVICE(0x0c10, 0x0000) }, 127 128 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 129 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 130 131 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 132 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 133 .driver_info = BTUSB_BCM_PATCHRAM }, 134 135 /* Broadcom BCM920703 (HTC Vive) */ 136 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 137 .driver_info = BTUSB_BCM_PATCHRAM }, 138 139 /* Foxconn - Hon Hai */ 140 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 141 .driver_info = BTUSB_BCM_PATCHRAM }, 142 143 /* Lite-On Technology - Broadcom based */ 144 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 145 .driver_info = BTUSB_BCM_PATCHRAM }, 146 147 /* Broadcom devices with vendor specific id */ 148 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 149 .driver_info = BTUSB_BCM_PATCHRAM }, 150 151 /* ASUSTek Computer - Broadcom based */ 152 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 153 .driver_info = BTUSB_BCM_PATCHRAM }, 154 155 /* Belkin F8065bf - Broadcom based */ 156 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 157 .driver_info = BTUSB_BCM_PATCHRAM }, 158 159 /* IMC Networks - Broadcom based */ 160 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 161 .driver_info = BTUSB_BCM_PATCHRAM }, 162 163 /* Dell Computer - Broadcom based */ 164 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 165 .driver_info = BTUSB_BCM_PATCHRAM }, 166 167 /* Toshiba Corp - Broadcom based */ 168 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 169 .driver_info = BTUSB_BCM_PATCHRAM }, 170 171 /* Intel Bluetooth USB Bootloader (RAM module) */ 172 { USB_DEVICE(0x8087, 0x0a5a), 173 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 174 175 { } /* Terminating entry */ 176 }; 177 178 MODULE_DEVICE_TABLE(usb, btusb_table); 179 180 static const struct usb_device_id quirks_table[] = { 181 /* CSR BlueCore devices */ 182 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 183 184 /* Broadcom BCM2033 without firmware */ 185 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 186 187 /* Broadcom BCM2045 devices */ 188 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 189 190 /* Atheros 3011 with sflash firmware */ 191 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 192 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 193 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 194 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 195 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 196 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 197 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 198 199 /* Atheros AR9285 Malbec with sflash firmware */ 200 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 201 202 /* Atheros 3012 with sflash firmware */ 203 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 249 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 250 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 251 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 252 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 253 254 /* Atheros AR5BBU12 with sflash firmware */ 255 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 256 257 /* Atheros AR5BBU12 with sflash firmware */ 258 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 259 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 260 261 /* QCA ROME chipset */ 262 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME | 263 BTUSB_WIDEBAND_SPEECH }, 264 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME | 265 BTUSB_WIDEBAND_SPEECH }, 266 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME | 267 BTUSB_WIDEBAND_SPEECH }, 268 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME | 269 BTUSB_WIDEBAND_SPEECH }, 270 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME | 271 BTUSB_WIDEBAND_SPEECH }, 272 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME | 273 BTUSB_WIDEBAND_SPEECH }, 274 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME | 275 BTUSB_WIDEBAND_SPEECH }, 276 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME | 277 BTUSB_WIDEBAND_SPEECH }, 278 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME | 279 BTUSB_WIDEBAND_SPEECH }, 280 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME | 281 BTUSB_WIDEBAND_SPEECH }, 282 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME | 283 BTUSB_WIDEBAND_SPEECH }, 284 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME | 285 BTUSB_WIDEBAND_SPEECH }, 286 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME | 287 BTUSB_WIDEBAND_SPEECH }, 288 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME | 289 BTUSB_WIDEBAND_SPEECH }, 290 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME | 291 BTUSB_WIDEBAND_SPEECH }, 292 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME | 293 BTUSB_WIDEBAND_SPEECH }, 294 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME | 295 BTUSB_WIDEBAND_SPEECH }, 296 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME | 297 BTUSB_WIDEBAND_SPEECH }, 298 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME | 299 BTUSB_WIDEBAND_SPEECH }, 300 301 /* QCA WCN6855 chipset */ 302 { USB_DEVICE(0x0489, 0xe0c7), .driver_info = BTUSB_QCA_WCN6855 | 303 BTUSB_WIDEBAND_SPEECH }, 304 { USB_DEVICE(0x0489, 0xe0c9), .driver_info = BTUSB_QCA_WCN6855 | 305 BTUSB_WIDEBAND_SPEECH }, 306 { USB_DEVICE(0x0489, 0xe0ca), .driver_info = BTUSB_QCA_WCN6855 | 307 BTUSB_WIDEBAND_SPEECH }, 308 { USB_DEVICE(0x0489, 0xe0cb), .driver_info = BTUSB_QCA_WCN6855 | 309 BTUSB_WIDEBAND_SPEECH }, 310 { USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 | 311 BTUSB_WIDEBAND_SPEECH }, 312 { USB_DEVICE(0x0489, 0xe0ce), .driver_info = BTUSB_QCA_WCN6855 | 313 BTUSB_WIDEBAND_SPEECH }, 314 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 | 315 BTUSB_WIDEBAND_SPEECH }, 316 { USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 | 317 BTUSB_WIDEBAND_SPEECH }, 318 { USB_DEVICE(0x0489, 0xe0de), .driver_info = BTUSB_QCA_WCN6855 | 319 BTUSB_WIDEBAND_SPEECH }, 320 { USB_DEVICE(0x0489, 0xe0df), .driver_info = BTUSB_QCA_WCN6855 | 321 BTUSB_WIDEBAND_SPEECH }, 322 { USB_DEVICE(0x0489, 0xe0e1), .driver_info = BTUSB_QCA_WCN6855 | 323 BTUSB_WIDEBAND_SPEECH }, 324 { USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 | 325 BTUSB_WIDEBAND_SPEECH }, 326 { USB_DEVICE(0x0489, 0xe0ea), .driver_info = BTUSB_QCA_WCN6855 | 327 BTUSB_WIDEBAND_SPEECH }, 328 { USB_DEVICE(0x0489, 0xe0ec), .driver_info = BTUSB_QCA_WCN6855 | 329 BTUSB_WIDEBAND_SPEECH }, 330 { USB_DEVICE(0x04ca, 0x3022), .driver_info = BTUSB_QCA_WCN6855 | 331 BTUSB_WIDEBAND_SPEECH }, 332 { USB_DEVICE(0x04ca, 0x3023), .driver_info = BTUSB_QCA_WCN6855 | 333 BTUSB_WIDEBAND_SPEECH }, 334 { USB_DEVICE(0x04ca, 0x3024), .driver_info = BTUSB_QCA_WCN6855 | 335 BTUSB_WIDEBAND_SPEECH }, 336 { USB_DEVICE(0x04ca, 0x3a22), .driver_info = BTUSB_QCA_WCN6855 | 337 BTUSB_WIDEBAND_SPEECH }, 338 { USB_DEVICE(0x04ca, 0x3a24), .driver_info = BTUSB_QCA_WCN6855 | 339 BTUSB_WIDEBAND_SPEECH }, 340 { USB_DEVICE(0x04ca, 0x3a26), .driver_info = BTUSB_QCA_WCN6855 | 341 BTUSB_WIDEBAND_SPEECH }, 342 { USB_DEVICE(0x04ca, 0x3a27), .driver_info = BTUSB_QCA_WCN6855 | 343 BTUSB_WIDEBAND_SPEECH }, 344 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 | 345 BTUSB_WIDEBAND_SPEECH }, 346 { USB_DEVICE(0x10ab, 0x9108), .driver_info = BTUSB_QCA_WCN6855 | 347 BTUSB_WIDEBAND_SPEECH }, 348 { USB_DEVICE(0x10ab, 0x9109), .driver_info = BTUSB_QCA_WCN6855 | 349 BTUSB_WIDEBAND_SPEECH }, 350 { USB_DEVICE(0x10ab, 0x9208), .driver_info = BTUSB_QCA_WCN6855 | 351 BTUSB_WIDEBAND_SPEECH }, 352 { USB_DEVICE(0x10ab, 0x9209), .driver_info = BTUSB_QCA_WCN6855 | 353 BTUSB_WIDEBAND_SPEECH }, 354 { USB_DEVICE(0x10ab, 0x9308), .driver_info = BTUSB_QCA_WCN6855 | 355 BTUSB_WIDEBAND_SPEECH }, 356 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 | 357 BTUSB_WIDEBAND_SPEECH }, 358 { USB_DEVICE(0x10ab, 0x9408), .driver_info = BTUSB_QCA_WCN6855 | 359 BTUSB_WIDEBAND_SPEECH }, 360 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 | 361 BTUSB_WIDEBAND_SPEECH }, 362 { USB_DEVICE(0x10ab, 0x9508), .driver_info = BTUSB_QCA_WCN6855 | 363 BTUSB_WIDEBAND_SPEECH }, 364 { USB_DEVICE(0x10ab, 0x9509), .driver_info = BTUSB_QCA_WCN6855 | 365 BTUSB_WIDEBAND_SPEECH }, 366 { USB_DEVICE(0x10ab, 0x9608), .driver_info = BTUSB_QCA_WCN6855 | 367 BTUSB_WIDEBAND_SPEECH }, 368 { USB_DEVICE(0x10ab, 0x9609), .driver_info = BTUSB_QCA_WCN6855 | 369 BTUSB_WIDEBAND_SPEECH }, 370 { USB_DEVICE(0x10ab, 0x9f09), .driver_info = BTUSB_QCA_WCN6855 | 371 BTUSB_WIDEBAND_SPEECH }, 372 { USB_DEVICE(0x28de, 0x1401), .driver_info = BTUSB_QCA_WCN6855 | 373 BTUSB_WIDEBAND_SPEECH }, 374 375 /* QCA WCN785x chipset */ 376 { USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 | 377 BTUSB_WIDEBAND_SPEECH }, 378 { USB_DEVICE(0x0489, 0xe0fc), .driver_info = BTUSB_QCA_WCN6855 | 379 BTUSB_WIDEBAND_SPEECH }, 380 { USB_DEVICE(0x0489, 0xe0f3), .driver_info = BTUSB_QCA_WCN6855 | 381 BTUSB_WIDEBAND_SPEECH }, 382 { USB_DEVICE(0x0489, 0xe100), .driver_info = BTUSB_QCA_WCN6855 | 383 BTUSB_WIDEBAND_SPEECH }, 384 { USB_DEVICE(0x0489, 0xe103), .driver_info = BTUSB_QCA_WCN6855 | 385 BTUSB_WIDEBAND_SPEECH }, 386 { USB_DEVICE(0x0489, 0xe10a), .driver_info = BTUSB_QCA_WCN6855 | 387 BTUSB_WIDEBAND_SPEECH }, 388 { USB_DEVICE(0x0489, 0xe10d), .driver_info = BTUSB_QCA_WCN6855 | 389 BTUSB_WIDEBAND_SPEECH }, 390 { USB_DEVICE(0x0489, 0xe11b), .driver_info = BTUSB_QCA_WCN6855 | 391 BTUSB_WIDEBAND_SPEECH }, 392 { USB_DEVICE(0x0489, 0xe11c), .driver_info = BTUSB_QCA_WCN6855 | 393 BTUSB_WIDEBAND_SPEECH }, 394 { USB_DEVICE(0x0489, 0xe11f), .driver_info = BTUSB_QCA_WCN6855 | 395 BTUSB_WIDEBAND_SPEECH }, 396 { USB_DEVICE(0x0489, 0xe141), .driver_info = BTUSB_QCA_WCN6855 | 397 BTUSB_WIDEBAND_SPEECH }, 398 { USB_DEVICE(0x0489, 0xe14a), .driver_info = BTUSB_QCA_WCN6855 | 399 BTUSB_WIDEBAND_SPEECH }, 400 { USB_DEVICE(0x0489, 0xe14b), .driver_info = BTUSB_QCA_WCN6855 | 401 BTUSB_WIDEBAND_SPEECH }, 402 { USB_DEVICE(0x0489, 0xe14d), .driver_info = BTUSB_QCA_WCN6855 | 403 BTUSB_WIDEBAND_SPEECH }, 404 { USB_DEVICE(0x13d3, 0x3623), .driver_info = BTUSB_QCA_WCN6855 | 405 BTUSB_WIDEBAND_SPEECH }, 406 { USB_DEVICE(0x13d3, 0x3624), .driver_info = BTUSB_QCA_WCN6855 | 407 BTUSB_WIDEBAND_SPEECH }, 408 { USB_DEVICE(0x2c7c, 0x0130), .driver_info = BTUSB_QCA_WCN6855 | 409 BTUSB_WIDEBAND_SPEECH }, 410 { USB_DEVICE(0x2c7c, 0x0131), .driver_info = BTUSB_QCA_WCN6855 | 411 BTUSB_WIDEBAND_SPEECH }, 412 { USB_DEVICE(0x2c7c, 0x0132), .driver_info = BTUSB_QCA_WCN6855 | 413 BTUSB_WIDEBAND_SPEECH }, 414 415 /* Broadcom BCM2035 */ 416 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 417 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 418 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 419 420 /* Broadcom BCM2045 */ 421 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 422 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 423 424 /* IBM/Lenovo ThinkPad with Broadcom chip */ 425 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 426 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 427 428 /* HP laptop with Broadcom chip */ 429 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 430 431 /* Dell laptop with Broadcom chip */ 432 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 433 434 /* Dell Wireless 370 and 410 devices */ 435 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 436 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 437 438 /* Belkin F8T012 and F8T013 devices */ 439 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 440 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 441 442 /* Asus WL-BTD202 device */ 443 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 444 445 /* Kensington Bluetooth USB adapter */ 446 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 447 448 /* RTX Telecom based adapters with buggy SCO support */ 449 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 450 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 451 452 /* CONWISE Technology based adapters with buggy SCO support */ 453 { USB_DEVICE(0x0e5e, 0x6622), 454 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 455 456 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 457 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 458 459 /* Digianswer devices */ 460 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 461 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 462 463 /* CSR BlueCore Bluetooth Sniffer */ 464 { USB_DEVICE(0x0a12, 0x0002), 465 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 466 467 /* Frontline ComProbe Bluetooth Sniffer */ 468 { USB_DEVICE(0x16d3, 0x0002), 469 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 470 471 /* Marvell Bluetooth devices */ 472 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 473 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 474 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 475 476 /* Intel Bluetooth devices */ 477 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED }, 478 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED }, 479 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED }, 480 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED }, 481 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED }, 482 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED }, 483 { USB_DEVICE(0x8087, 0x0036), .driver_info = BTUSB_INTEL_COMBINED }, 484 { USB_DEVICE(0x8087, 0x0037), .driver_info = BTUSB_INTEL_COMBINED }, 485 { USB_DEVICE(0x8087, 0x0038), .driver_info = BTUSB_INTEL_COMBINED }, 486 { USB_DEVICE(0x8087, 0x0039), .driver_info = BTUSB_INTEL_COMBINED }, 487 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 488 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED | 489 BTUSB_INTEL_NO_WBS_SUPPORT | 490 BTUSB_INTEL_BROKEN_INITIAL_NCMD | 491 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 492 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED | 493 BTUSB_INTEL_NO_WBS_SUPPORT | 494 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 495 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED }, 496 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED | 497 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 498 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED }, 499 500 /* Other Intel Bluetooth devices */ 501 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 502 .driver_info = BTUSB_IGNORE }, 503 504 /* Realtek 8821CE Bluetooth devices */ 505 { USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK | 506 BTUSB_WIDEBAND_SPEECH }, 507 { USB_DEVICE(0x13d3, 0x3533), .driver_info = BTUSB_REALTEK | 508 BTUSB_WIDEBAND_SPEECH }, 509 510 /* Realtek 8822CE Bluetooth devices */ 511 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | 512 BTUSB_WIDEBAND_SPEECH }, 513 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK | 514 BTUSB_WIDEBAND_SPEECH }, 515 516 /* Realtek 8822CU Bluetooth devices */ 517 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 518 BTUSB_WIDEBAND_SPEECH }, 519 520 /* Realtek 8851BE Bluetooth devices */ 521 { USB_DEVICE(0x0bda, 0xb850), .driver_info = BTUSB_REALTEK }, 522 { USB_DEVICE(0x13d3, 0x3600), .driver_info = BTUSB_REALTEK }, 523 { USB_DEVICE(0x13d3, 0x3601), .driver_info = BTUSB_REALTEK }, 524 { USB_DEVICE(0x0489, 0xe112), .driver_info = BTUSB_REALTEK | 525 BTUSB_WIDEBAND_SPEECH }, 526 527 /* Realtek 8851BU Bluetooth devices */ 528 { USB_DEVICE(0x3625, 0x010b), .driver_info = BTUSB_REALTEK | 529 BTUSB_WIDEBAND_SPEECH }, 530 { USB_DEVICE(0x2001, 0x332a), .driver_info = BTUSB_REALTEK | 531 BTUSB_WIDEBAND_SPEECH }, 532 { USB_DEVICE(0x7392, 0xe611), .driver_info = BTUSB_REALTEK | 533 BTUSB_WIDEBAND_SPEECH }, 534 535 /* Realtek 8852AE Bluetooth devices */ 536 { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK | 537 BTUSB_WIDEBAND_SPEECH }, 538 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | 539 BTUSB_WIDEBAND_SPEECH }, 540 { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK | 541 BTUSB_WIDEBAND_SPEECH }, 542 { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | 543 BTUSB_WIDEBAND_SPEECH }, 544 { USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK | 545 BTUSB_WIDEBAND_SPEECH }, 546 { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK | 547 BTUSB_WIDEBAND_SPEECH }, 548 { USB_DEVICE(0x0cb8, 0xc549), .driver_info = BTUSB_REALTEK | 549 BTUSB_WIDEBAND_SPEECH }, 550 551 /* Realtek 8852CE Bluetooth devices */ 552 { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK | 553 BTUSB_WIDEBAND_SPEECH }, 554 { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK | 555 BTUSB_WIDEBAND_SPEECH }, 556 { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK | 557 BTUSB_WIDEBAND_SPEECH }, 558 { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK | 559 BTUSB_WIDEBAND_SPEECH }, 560 { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK | 561 BTUSB_WIDEBAND_SPEECH }, 562 { USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK | 563 BTUSB_WIDEBAND_SPEECH }, 564 { USB_DEVICE(0x13d3, 0x3612), .driver_info = BTUSB_REALTEK | 565 BTUSB_WIDEBAND_SPEECH }, 566 { USB_DEVICE(0x0489, 0xe122), .driver_info = BTUSB_REALTEK | 567 BTUSB_WIDEBAND_SPEECH }, 568 569 /* Realtek 8852BE Bluetooth devices */ 570 { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | 571 BTUSB_WIDEBAND_SPEECH }, 572 { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | 573 BTUSB_WIDEBAND_SPEECH }, 574 { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | 575 BTUSB_WIDEBAND_SPEECH }, 576 { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | 577 BTUSB_WIDEBAND_SPEECH }, 578 { USB_DEVICE(0x13d3, 0x3570), .driver_info = BTUSB_REALTEK | 579 BTUSB_WIDEBAND_SPEECH }, 580 { USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK | 581 BTUSB_WIDEBAND_SPEECH }, 582 { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | 583 BTUSB_WIDEBAND_SPEECH }, 584 { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | 585 BTUSB_WIDEBAND_SPEECH }, 586 { USB_DEVICE(0x0489, 0xe123), .driver_info = BTUSB_REALTEK | 587 BTUSB_WIDEBAND_SPEECH }, 588 { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | 589 BTUSB_WIDEBAND_SPEECH }, 590 591 /* Realtek 8852BT/8852BE-VT Bluetooth devices */ 592 { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | 593 BTUSB_WIDEBAND_SPEECH }, 594 { USB_DEVICE(0x0489, 0xe12f), .driver_info = BTUSB_REALTEK | 595 BTUSB_WIDEBAND_SPEECH }, 596 { USB_DEVICE(0x13d3, 0x3618), .driver_info = BTUSB_REALTEK | 597 BTUSB_WIDEBAND_SPEECH }, 598 { USB_DEVICE(0x13d3, 0x3619), .driver_info = BTUSB_REALTEK | 599 BTUSB_WIDEBAND_SPEECH }, 600 601 /* Realtek 8922AE Bluetooth devices */ 602 { USB_DEVICE(0x0bda, 0x8922), .driver_info = BTUSB_REALTEK | 603 BTUSB_WIDEBAND_SPEECH }, 604 { USB_DEVICE(0x13d3, 0x3617), .driver_info = BTUSB_REALTEK | 605 BTUSB_WIDEBAND_SPEECH }, 606 { USB_DEVICE(0x13d3, 0x3616), .driver_info = BTUSB_REALTEK | 607 BTUSB_WIDEBAND_SPEECH }, 608 { USB_DEVICE(0x0489, 0xe130), .driver_info = BTUSB_REALTEK | 609 BTUSB_WIDEBAND_SPEECH }, 610 611 /* Realtek Bluetooth devices */ 612 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 613 .driver_info = BTUSB_REALTEK }, 614 615 /* MediaTek Bluetooth devices */ 616 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01), 617 .driver_info = BTUSB_MEDIATEK | 618 BTUSB_WIDEBAND_SPEECH }, 619 620 /* Additional MediaTek MT7615E Bluetooth devices */ 621 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK}, 622 623 /* Additional MediaTek MT7663 Bluetooth devices */ 624 { USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK | 625 BTUSB_WIDEBAND_SPEECH }, 626 { USB_DEVICE(0x04ca, 0x3801), .driver_info = BTUSB_MEDIATEK | 627 BTUSB_WIDEBAND_SPEECH }, 628 629 /* Additional MediaTek MT7668 Bluetooth devices */ 630 { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK | 631 BTUSB_WIDEBAND_SPEECH }, 632 633 /* Additional MediaTek MT7920 Bluetooth devices */ 634 { USB_DEVICE(0x0489, 0xe134), .driver_info = BTUSB_MEDIATEK | 635 BTUSB_WIDEBAND_SPEECH }, 636 { USB_DEVICE(0x0489, 0xe135), .driver_info = BTUSB_MEDIATEK | 637 BTUSB_WIDEBAND_SPEECH }, 638 { USB_DEVICE(0x13d3, 0x3620), .driver_info = BTUSB_MEDIATEK | 639 BTUSB_WIDEBAND_SPEECH }, 640 { USB_DEVICE(0x13d3, 0x3621), .driver_info = BTUSB_MEDIATEK | 641 BTUSB_WIDEBAND_SPEECH }, 642 { USB_DEVICE(0x13d3, 0x3622), .driver_info = BTUSB_MEDIATEK | 643 BTUSB_WIDEBAND_SPEECH }, 644 { USB_DEVICE(0x0489, 0xe158), .driver_info = BTUSB_MEDIATEK | 645 BTUSB_WIDEBAND_SPEECH }, 646 647 /* Additional MediaTek MT7921 Bluetooth devices */ 648 { USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK | 649 BTUSB_WIDEBAND_SPEECH }, 650 { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK | 651 BTUSB_WIDEBAND_SPEECH }, 652 { USB_DEVICE(0x0489, 0xe0e0), .driver_info = BTUSB_MEDIATEK | 653 BTUSB_WIDEBAND_SPEECH }, 654 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 655 BTUSB_WIDEBAND_SPEECH }, 656 { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK | 657 BTUSB_WIDEBAND_SPEECH }, 658 { USB_DEVICE(0x0e8d, 0x0608), .driver_info = BTUSB_MEDIATEK | 659 BTUSB_WIDEBAND_SPEECH }, 660 { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK | 661 BTUSB_WIDEBAND_SPEECH }, 662 { USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK | 663 BTUSB_WIDEBAND_SPEECH }, 664 { USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK | 665 BTUSB_WIDEBAND_SPEECH }, 666 { USB_DEVICE(0x13d3, 0x3576), .driver_info = BTUSB_MEDIATEK | 667 BTUSB_WIDEBAND_SPEECH }, 668 { USB_DEVICE(0x13d3, 0x3578), .driver_info = BTUSB_MEDIATEK | 669 BTUSB_WIDEBAND_SPEECH }, 670 { USB_DEVICE(0x13d3, 0x3583), .driver_info = BTUSB_MEDIATEK | 671 BTUSB_WIDEBAND_SPEECH }, 672 { USB_DEVICE(0x13d3, 0x3606), .driver_info = BTUSB_MEDIATEK | 673 BTUSB_WIDEBAND_SPEECH }, 674 /* MediaTek MT7902 Bluetooth devices */ 675 { USB_DEVICE(0x0e8d, 0x1ede), .driver_info = BTUSB_MEDIATEK | 676 BTUSB_WIDEBAND_SPEECH }, 677 { USB_DEVICE(0x13d3, 0x3579), .driver_info = BTUSB_MEDIATEK | 678 BTUSB_WIDEBAND_SPEECH }, 679 { USB_DEVICE(0x13d3, 0x3580), .driver_info = BTUSB_MEDIATEK | 680 BTUSB_WIDEBAND_SPEECH }, 681 { USB_DEVICE(0x13d3, 0x3594), .driver_info = BTUSB_MEDIATEK | 682 BTUSB_WIDEBAND_SPEECH }, 683 { USB_DEVICE(0x13d3, 0x3596), .driver_info = BTUSB_MEDIATEK | 684 BTUSB_WIDEBAND_SPEECH }, 685 /* MediaTek MT7922 Bluetooth devices */ 686 { USB_DEVICE(0x13d3, 0x3585), .driver_info = BTUSB_MEDIATEK | 687 BTUSB_WIDEBAND_SPEECH }, 688 { USB_DEVICE(0x13d3, 0x3610), .driver_info = BTUSB_MEDIATEK | 689 BTUSB_WIDEBAND_SPEECH }, 690 691 /* MediaTek MT7922A Bluetooth devices */ 692 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK | 693 BTUSB_WIDEBAND_SPEECH }, 694 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK | 695 BTUSB_WIDEBAND_SPEECH }, 696 { USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK | 697 BTUSB_WIDEBAND_SPEECH }, 698 { USB_DEVICE(0x0489, 0xe0e4), .driver_info = BTUSB_MEDIATEK | 699 BTUSB_WIDEBAND_SPEECH }, 700 { USB_DEVICE(0x0489, 0xe0f1), .driver_info = BTUSB_MEDIATEK | 701 BTUSB_WIDEBAND_SPEECH }, 702 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 703 BTUSB_WIDEBAND_SPEECH }, 704 { USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK | 705 BTUSB_WIDEBAND_SPEECH }, 706 { USB_DEVICE(0x0489, 0xe0f6), .driver_info = BTUSB_MEDIATEK | 707 BTUSB_WIDEBAND_SPEECH }, 708 { USB_DEVICE(0x0489, 0xe102), .driver_info = BTUSB_MEDIATEK | 709 BTUSB_WIDEBAND_SPEECH }, 710 { USB_DEVICE(0x0489, 0xe11d), .driver_info = BTUSB_MEDIATEK | 711 BTUSB_WIDEBAND_SPEECH }, 712 { USB_DEVICE(0x0489, 0xe152), .driver_info = BTUSB_MEDIATEK | 713 BTUSB_WIDEBAND_SPEECH }, 714 { USB_DEVICE(0x0489, 0xe153), .driver_info = BTUSB_MEDIATEK | 715 BTUSB_WIDEBAND_SPEECH }, 716 { USB_DEVICE(0x0489, 0xe170), .driver_info = BTUSB_MEDIATEK | 717 BTUSB_WIDEBAND_SPEECH }, 718 { USB_DEVICE(0x0489, 0xe174), .driver_info = BTUSB_MEDIATEK | 719 BTUSB_WIDEBAND_SPEECH }, 720 { USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK | 721 BTUSB_WIDEBAND_SPEECH }, 722 { USB_DEVICE(0x04ca, 0x3807), .driver_info = BTUSB_MEDIATEK | 723 BTUSB_WIDEBAND_SPEECH }, 724 { USB_DEVICE(0x04ca, 0x38e4), .driver_info = BTUSB_MEDIATEK | 725 BTUSB_WIDEBAND_SPEECH }, 726 { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK | 727 BTUSB_WIDEBAND_SPEECH }, 728 { USB_DEVICE(0x13d3, 0x3584), .driver_info = BTUSB_MEDIATEK | 729 BTUSB_WIDEBAND_SPEECH }, 730 { USB_DEVICE(0x13d3, 0x3605), .driver_info = BTUSB_MEDIATEK | 731 BTUSB_WIDEBAND_SPEECH }, 732 { USB_DEVICE(0x13d3, 0x3607), .driver_info = BTUSB_MEDIATEK | 733 BTUSB_WIDEBAND_SPEECH }, 734 { USB_DEVICE(0x13d3, 0x3614), .driver_info = BTUSB_MEDIATEK | 735 BTUSB_WIDEBAND_SPEECH }, 736 { USB_DEVICE(0x13d3, 0x3615), .driver_info = BTUSB_MEDIATEK | 737 BTUSB_WIDEBAND_SPEECH }, 738 { USB_DEVICE(0x13d3, 0x3633), .driver_info = BTUSB_MEDIATEK | 739 BTUSB_WIDEBAND_SPEECH }, 740 { USB_DEVICE(0x35f5, 0x7922), .driver_info = BTUSB_MEDIATEK | 741 BTUSB_WIDEBAND_SPEECH }, 742 743 /* Additional MediaTek MT7925 Bluetooth devices */ 744 { USB_DEVICE(0x0489, 0xe111), .driver_info = BTUSB_MEDIATEK | 745 BTUSB_WIDEBAND_SPEECH }, 746 { USB_DEVICE(0x0489, 0xe113), .driver_info = BTUSB_MEDIATEK | 747 BTUSB_WIDEBAND_SPEECH }, 748 { USB_DEVICE(0x0489, 0xe118), .driver_info = BTUSB_MEDIATEK | 749 BTUSB_WIDEBAND_SPEECH }, 750 { USB_DEVICE(0x0489, 0xe11e), .driver_info = BTUSB_MEDIATEK | 751 BTUSB_WIDEBAND_SPEECH }, 752 { USB_DEVICE(0x0489, 0xe124), .driver_info = BTUSB_MEDIATEK | 753 BTUSB_WIDEBAND_SPEECH }, 754 { USB_DEVICE(0x0489, 0xe139), .driver_info = BTUSB_MEDIATEK | 755 BTUSB_WIDEBAND_SPEECH }, 756 { USB_DEVICE(0x0489, 0xe13a), .driver_info = BTUSB_MEDIATEK | 757 BTUSB_WIDEBAND_SPEECH }, 758 { USB_DEVICE(0x0489, 0xe0fa), .driver_info = BTUSB_MEDIATEK | 759 BTUSB_WIDEBAND_SPEECH }, 760 { USB_DEVICE(0x0489, 0xe10f), .driver_info = BTUSB_MEDIATEK | 761 BTUSB_WIDEBAND_SPEECH }, 762 { USB_DEVICE(0x0489, 0xe110), .driver_info = BTUSB_MEDIATEK | 763 BTUSB_WIDEBAND_SPEECH }, 764 { USB_DEVICE(0x0489, 0xe116), .driver_info = BTUSB_MEDIATEK | 765 BTUSB_WIDEBAND_SPEECH }, 766 { USB_DEVICE(0x13d3, 0x3588), .driver_info = BTUSB_MEDIATEK | 767 BTUSB_WIDEBAND_SPEECH }, 768 { USB_DEVICE(0x0489, 0xe14e), .driver_info = BTUSB_MEDIATEK | 769 BTUSB_WIDEBAND_SPEECH }, 770 { USB_DEVICE(0x0489, 0xe14f), .driver_info = BTUSB_MEDIATEK | 771 BTUSB_WIDEBAND_SPEECH }, 772 { USB_DEVICE(0x0489, 0xe150), .driver_info = BTUSB_MEDIATEK | 773 BTUSB_WIDEBAND_SPEECH }, 774 { USB_DEVICE(0x0489, 0xe151), .driver_info = BTUSB_MEDIATEK | 775 BTUSB_WIDEBAND_SPEECH }, 776 { USB_DEVICE(0x13d3, 0x3602), .driver_info = BTUSB_MEDIATEK | 777 BTUSB_WIDEBAND_SPEECH }, 778 { USB_DEVICE(0x13d3, 0x3603), .driver_info = BTUSB_MEDIATEK | 779 BTUSB_WIDEBAND_SPEECH }, 780 { USB_DEVICE(0x13d3, 0x3604), .driver_info = BTUSB_MEDIATEK | 781 BTUSB_WIDEBAND_SPEECH }, 782 { USB_DEVICE(0x13d3, 0x3608), .driver_info = BTUSB_MEDIATEK | 783 BTUSB_WIDEBAND_SPEECH }, 784 { USB_DEVICE(0x13d3, 0x3613), .driver_info = BTUSB_MEDIATEK | 785 BTUSB_WIDEBAND_SPEECH }, 786 { USB_DEVICE(0x13d3, 0x3627), .driver_info = BTUSB_MEDIATEK | 787 BTUSB_WIDEBAND_SPEECH }, 788 { USB_DEVICE(0x13d3, 0x3628), .driver_info = BTUSB_MEDIATEK | 789 BTUSB_WIDEBAND_SPEECH }, 790 { USB_DEVICE(0x13d3, 0x3630), .driver_info = BTUSB_MEDIATEK | 791 BTUSB_WIDEBAND_SPEECH }, 792 { USB_DEVICE(0x2c7c, 0x7009), .driver_info = BTUSB_MEDIATEK | 793 BTUSB_WIDEBAND_SPEECH }, 794 795 /* Additional Realtek 8723AE Bluetooth devices */ 796 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 797 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 798 799 /* Additional Realtek 8723BE Bluetooth devices */ 800 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 801 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 802 { USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK }, 803 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 804 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 805 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 806 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 807 808 /* Additional Realtek 8723BU Bluetooth devices */ 809 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 810 { USB_DEVICE(0x2c0a, 0x8761), .driver_info = BTUSB_REALTEK }, 811 812 /* Additional Realtek 8723DE Bluetooth devices */ 813 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK }, 814 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 815 816 /* Additional Realtek 8761BUV Bluetooth devices */ 817 { USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK | 818 BTUSB_WIDEBAND_SPEECH }, 819 { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK | 820 BTUSB_WIDEBAND_SPEECH }, 821 { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK | 822 BTUSB_WIDEBAND_SPEECH }, 823 { USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK | 824 BTUSB_WIDEBAND_SPEECH }, 825 { USB_DEVICE(0x6655, 0x8771), .driver_info = BTUSB_REALTEK | 826 BTUSB_WIDEBAND_SPEECH }, 827 { USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK | 828 BTUSB_WIDEBAND_SPEECH }, 829 { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | 830 BTUSB_WIDEBAND_SPEECH }, 831 { USB_DEVICE(0x2b89, 0x6275), .driver_info = BTUSB_REALTEK | 832 BTUSB_WIDEBAND_SPEECH }, 833 834 /* Additional Realtek 8821AE Bluetooth devices */ 835 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 836 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 837 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 838 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 839 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 840 841 /* Additional Realtek 8822BE Bluetooth devices */ 842 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 843 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 844 845 /* Additional Realtek 8822CE Bluetooth devices */ 846 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK | 847 BTUSB_WIDEBAND_SPEECH }, 848 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK | 849 BTUSB_WIDEBAND_SPEECH }, 850 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK | 851 BTUSB_WIDEBAND_SPEECH }, 852 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK | 853 BTUSB_WIDEBAND_SPEECH }, 854 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 855 BTUSB_WIDEBAND_SPEECH }, 856 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK | 857 BTUSB_WIDEBAND_SPEECH }, 858 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK | 859 BTUSB_WIDEBAND_SPEECH }, 860 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK | 861 BTUSB_WIDEBAND_SPEECH }, 862 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK | 863 BTUSB_WIDEBAND_SPEECH }, 864 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK | 865 BTUSB_WIDEBAND_SPEECH }, 866 { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | 867 BTUSB_WIDEBAND_SPEECH }, 868 869 /* Barrot Technology Bluetooth devices */ 870 { USB_DEVICE(0x33fa, 0x0010), .driver_info = BTUSB_BARROT }, 871 { USB_DEVICE(0x33fa, 0x0012), .driver_info = BTUSB_BARROT }, 872 873 /* Actions Semiconductor ATS2851 based devices */ 874 { USB_DEVICE(0x10d7, 0xb012), .driver_info = BTUSB_ACTIONS_SEMI }, 875 876 /* Silicon Wave based devices */ 877 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 878 879 { } /* Terminating entry */ 880 }; 881 882 /* The Bluetooth USB module build into some devices needs to be reset on resume, 883 * this is a problem with the platform (likely shutting off all power) not with 884 * the module itself. So we use a DMI list to match known broken platforms. 885 */ 886 static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 887 { 888 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 889 .matches = { 890 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 891 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 892 }, 893 }, 894 { 895 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 896 .matches = { 897 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 898 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 899 }, 900 }, 901 { 902 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 903 .matches = { 904 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 905 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 906 }, 907 }, 908 {} 909 }; 910 911 struct qca_dump_info { 912 /* fields for dump collection */ 913 u16 id_vendor; 914 u16 id_product; 915 u32 fw_version; 916 u32 controller_id; 917 u32 ram_dump_size; 918 u16 ram_dump_seqno; 919 }; 920 921 #define BTUSB_MAX_ISOC_FRAMES 10 922 923 #define BTUSB_INTR_RUNNING 0 924 #define BTUSB_BULK_RUNNING 1 925 #define BTUSB_ISOC_RUNNING 2 926 #define BTUSB_SUSPENDING 3 927 #define BTUSB_DID_ISO_RESUME 4 928 #define BTUSB_BOOTLOADER 5 929 #define BTUSB_DOWNLOADING 6 930 #define BTUSB_FIRMWARE_LOADED 7 931 #define BTUSB_FIRMWARE_FAILED 8 932 #define BTUSB_BOOTING 9 933 #define BTUSB_DIAG_RUNNING 10 934 #define BTUSB_OOB_WAKE_ENABLED 11 935 #define BTUSB_HW_RESET_ACTIVE 12 936 #define BTUSB_TX_WAIT_VND_EVT 13 937 #define BTUSB_WAKEUP_AUTOSUSPEND 14 938 #define BTUSB_USE_ALT3_FOR_WBS 15 939 #define BTUSB_ALT6_CONTINUOUS_TX 16 940 #define BTUSB_HW_SSR_ACTIVE 17 941 942 struct btusb_data { 943 struct hci_dev *hdev; 944 struct usb_device *udev; 945 struct usb_interface *intf; 946 struct usb_interface *isoc; 947 struct usb_interface *diag; 948 unsigned isoc_ifnum; 949 950 unsigned long flags; 951 952 bool poll_sync; 953 int intr_interval; 954 struct work_struct work; 955 struct work_struct waker; 956 struct delayed_work rx_work; 957 958 struct sk_buff_head acl_q; 959 960 struct usb_anchor deferred; 961 struct usb_anchor tx_anchor; 962 int tx_in_flight; 963 spinlock_t txlock; 964 965 struct usb_anchor intr_anchor; 966 struct usb_anchor bulk_anchor; 967 struct usb_anchor isoc_anchor; 968 struct usb_anchor diag_anchor; 969 struct usb_anchor ctrl_anchor; 970 spinlock_t rxlock; 971 972 struct sk_buff *evt_skb; 973 struct sk_buff *acl_skb; 974 struct sk_buff *sco_skb; 975 976 struct usb_endpoint_descriptor *intr_ep; 977 struct usb_endpoint_descriptor *bulk_tx_ep; 978 struct usb_endpoint_descriptor *bulk_rx_ep; 979 struct usb_endpoint_descriptor *isoc_tx_ep; 980 struct usb_endpoint_descriptor *isoc_rx_ep; 981 struct usb_endpoint_descriptor *diag_tx_ep; 982 struct usb_endpoint_descriptor *diag_rx_ep; 983 984 struct gpio_desc *reset_gpio; 985 986 __u8 cmdreq_type; 987 __u8 cmdreq; 988 989 unsigned int sco_num; 990 unsigned int air_mode; 991 bool usb_alt6_packet_flow; 992 int isoc_altsetting; 993 int suspend_count; 994 995 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 996 int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb); 997 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 998 999 int (*setup_on_usb)(struct hci_dev *hdev); 1000 1001 int (*suspend)(struct hci_dev *hdev); 1002 int (*resume)(struct hci_dev *hdev); 1003 int (*disconnect)(struct hci_dev *hdev); 1004 1005 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 1006 1007 struct qca_dump_info qca_dump; 1008 }; 1009 1010 static void btusb_reset(struct hci_dev *hdev) 1011 { 1012 struct btusb_data *data; 1013 int err; 1014 1015 data = hci_get_drvdata(hdev); 1016 /* This is not an unbalanced PM reference since the device will reset */ 1017 err = usb_autopm_get_interface(data->intf); 1018 if (err) { 1019 bt_dev_err(hdev, "Failed usb_autopm_get_interface: %d", err); 1020 return; 1021 } 1022 1023 bt_dev_err(hdev, "Resetting usb device."); 1024 usb_queue_reset_device(data->intf); 1025 } 1026 1027 static void btusb_intel_reset(struct hci_dev *hdev) 1028 { 1029 struct btusb_data *data = hci_get_drvdata(hdev); 1030 struct gpio_desc *reset_gpio = data->reset_gpio; 1031 struct btintel_data *intel_data = hci_get_priv(hdev); 1032 1033 if (intel_data->acpi_reset_method) { 1034 if (test_and_set_bit(INTEL_ACPI_RESET_ACTIVE, intel_data->flags)) { 1035 bt_dev_err(hdev, "acpi: last reset failed ? Not resetting again"); 1036 return; 1037 } 1038 1039 bt_dev_err(hdev, "Initiating acpi reset method"); 1040 /* If ACPI reset method fails, lets try with legacy GPIO 1041 * toggling 1042 */ 1043 if (!intel_data->acpi_reset_method(hdev)) { 1044 return; 1045 } 1046 } 1047 1048 if (!reset_gpio) { 1049 btusb_reset(hdev); 1050 return; 1051 } 1052 1053 /* 1054 * Toggle the hard reset line if the platform provides one. The reset 1055 * is going to yank the device off the USB and then replug. So doing 1056 * once is enough. The cleanup is handled correctly on the way out 1057 * (standard USB disconnect), and the new device is detected cleanly 1058 * and bound to the driver again like it should be. 1059 */ 1060 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1061 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1062 return; 1063 } 1064 1065 bt_dev_err(hdev, "Initiating HW reset via gpio"); 1066 gpiod_set_value_cansleep(reset_gpio, 1); 1067 msleep(100); 1068 gpiod_set_value_cansleep(reset_gpio, 0); 1069 } 1070 1071 #define RTK_DEVCOREDUMP_CODE_MEMDUMP 0x01 1072 #define RTK_DEVCOREDUMP_CODE_HW_ERR 0x02 1073 #define RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT 0x03 1074 1075 #define RTK_SUB_EVENT_CODE_COREDUMP 0x34 1076 1077 struct rtk_dev_coredump_hdr { 1078 u8 type; 1079 u8 code; 1080 u8 reserved[2]; 1081 } __packed; 1082 1083 static inline void btusb_rtl_alloc_devcoredump(struct hci_dev *hdev, 1084 struct rtk_dev_coredump_hdr *hdr, u8 *buf, u32 len) 1085 { 1086 struct sk_buff *skb; 1087 1088 skb = alloc_skb(len + sizeof(*hdr), GFP_ATOMIC); 1089 if (!skb) 1090 return; 1091 1092 skb_put_data(skb, hdr, sizeof(*hdr)); 1093 if (len) 1094 skb_put_data(skb, buf, len); 1095 1096 if (!hci_devcd_init(hdev, skb->len)) { 1097 hci_devcd_append(hdev, skb); 1098 hci_devcd_complete(hdev); 1099 } else { 1100 bt_dev_err(hdev, "RTL: Failed to generate devcoredump"); 1101 kfree_skb(skb); 1102 } 1103 } 1104 1105 static void btusb_rtl_reset(struct hci_dev *hdev) 1106 { 1107 struct btusb_data *data = hci_get_drvdata(hdev); 1108 struct gpio_desc *reset_gpio = data->reset_gpio; 1109 struct rtk_dev_coredump_hdr hdr = { 1110 .type = RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT, 1111 }; 1112 1113 btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0); 1114 1115 if (!reset_gpio) { 1116 btusb_reset(hdev); 1117 return; 1118 } 1119 1120 /* Toggle the hard reset line. The Realtek device is going to 1121 * yank itself off the USB and then replug. The cleanup is handled 1122 * correctly on the way out (standard USB disconnect), and the new 1123 * device is detected cleanly and bound to the driver again like 1124 * it should be. 1125 */ 1126 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1127 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1128 return; 1129 } 1130 1131 bt_dev_err(hdev, "Reset Realtek device via gpio"); 1132 gpiod_set_value_cansleep(reset_gpio, 1); 1133 msleep(200); 1134 gpiod_set_value_cansleep(reset_gpio, 0); 1135 } 1136 1137 static void btusb_rtl_hw_error(struct hci_dev *hdev, u8 code) 1138 { 1139 struct rtk_dev_coredump_hdr hdr = { 1140 .type = RTK_DEVCOREDUMP_CODE_HW_ERR, 1141 .code = code, 1142 }; 1143 1144 bt_dev_err(hdev, "RTL: hw err, trigger devcoredump (%d)", code); 1145 1146 btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0); 1147 } 1148 1149 static void btusb_qca_reset(struct hci_dev *hdev) 1150 { 1151 struct btusb_data *data = hci_get_drvdata(hdev); 1152 struct gpio_desc *reset_gpio = data->reset_gpio; 1153 1154 if (test_bit(BTUSB_HW_SSR_ACTIVE, &data->flags)) { 1155 bt_dev_info(hdev, "Ramdump in progress, defer reset"); 1156 return; 1157 } 1158 1159 if (reset_gpio) { 1160 bt_dev_err(hdev, "Reset qca device via bt_en gpio"); 1161 1162 /* Toggle the hard reset line. The qca bt device is going to 1163 * yank itself off the USB and then replug. The cleanup is handled 1164 * correctly on the way out (standard USB disconnect), and the new 1165 * device is detected cleanly and bound to the driver again like 1166 * it should be. 1167 */ 1168 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1169 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1170 return; 1171 } 1172 1173 gpiod_set_value_cansleep(reset_gpio, 0); 1174 msleep(200); 1175 gpiod_set_value_cansleep(reset_gpio, 1); 1176 1177 return; 1178 } 1179 1180 btusb_reset(hdev); 1181 } 1182 1183 static u8 btusb_classify_qca_pkt_type(struct hci_dev *hdev, struct sk_buff *skb) 1184 { 1185 /* Some Qualcomm controllers, e.g., QCNFA765 with WCN6855 chip, send debug 1186 * packets as ACL frames with connection handle 0x2EDC. These are not real 1187 * ACL packets and should be reclassified as HCI_DIAG_PKT to prevent 1188 * "ACL packet for unknown connection handle 3804" errors. 1189 */ 1190 if (skb->len >= 2) { 1191 u16 handle = get_unaligned_le16(skb->data); 1192 1193 if (handle == 0x2EDC) 1194 return HCI_DIAG_PKT; 1195 } 1196 1197 /* Use default packet type for other packets */ 1198 return hci_skb_pkt_type(skb); 1199 } 1200 1201 static inline void btusb_free_frags(struct btusb_data *data) 1202 { 1203 unsigned long flags; 1204 1205 spin_lock_irqsave(&data->rxlock, flags); 1206 1207 dev_kfree_skb_irq(data->evt_skb); 1208 data->evt_skb = NULL; 1209 1210 dev_kfree_skb_irq(data->acl_skb); 1211 data->acl_skb = NULL; 1212 1213 dev_kfree_skb_irq(data->sco_skb); 1214 data->sco_skb = NULL; 1215 1216 spin_unlock_irqrestore(&data->rxlock, flags); 1217 } 1218 1219 static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb) 1220 { 1221 if (data->intr_interval) { 1222 /* Trigger dequeue immediately if an event is received */ 1223 schedule_delayed_work(&data->rx_work, 0); 1224 } 1225 1226 return data->recv_event(data->hdev, skb); 1227 } 1228 1229 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 1230 { 1231 struct sk_buff *skb; 1232 unsigned long flags; 1233 int err = 0; 1234 1235 spin_lock_irqsave(&data->rxlock, flags); 1236 skb = data->evt_skb; 1237 1238 while (count) { 1239 int len; 1240 1241 if (!skb) { 1242 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 1243 if (!skb) { 1244 err = -ENOMEM; 1245 break; 1246 } 1247 1248 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1249 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 1250 } 1251 1252 len = min_t(uint, hci_skb_expect(skb), count); 1253 skb_put_data(skb, buffer, len); 1254 1255 count -= len; 1256 buffer += len; 1257 hci_skb_expect(skb) -= len; 1258 1259 if (skb->len == HCI_EVENT_HDR_SIZE) { 1260 /* Complete event header */ 1261 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 1262 1263 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1264 kfree_skb(skb); 1265 skb = NULL; 1266 1267 err = -EILSEQ; 1268 break; 1269 } 1270 } 1271 1272 if (!hci_skb_expect(skb)) { 1273 /* Each chunk should correspond to at least 1 or more 1274 * events so if there are still bytes left that doesn't 1275 * constitute a new event this is likely a bug in the 1276 * controller. 1277 */ 1278 if (count && count < HCI_EVENT_HDR_SIZE) { 1279 bt_dev_warn(data->hdev, 1280 "Unexpected continuation: %d bytes", 1281 count); 1282 count = 0; 1283 } 1284 1285 /* Complete frame */ 1286 btusb_recv_event(data, skb); 1287 skb = NULL; 1288 } 1289 } 1290 1291 data->evt_skb = skb; 1292 spin_unlock_irqrestore(&data->rxlock, flags); 1293 1294 return err; 1295 } 1296 1297 static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb) 1298 { 1299 /* Only queue ACL packet if intr_interval is set as it means 1300 * force_poll_sync has been enabled. 1301 */ 1302 if (!data->intr_interval) 1303 return data->recv_acl(data->hdev, skb); 1304 1305 skb_queue_tail(&data->acl_q, skb); 1306 schedule_delayed_work(&data->rx_work, data->intr_interval); 1307 1308 return 0; 1309 } 1310 1311 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 1312 { 1313 struct sk_buff *skb; 1314 unsigned long flags; 1315 int err = 0; 1316 1317 spin_lock_irqsave(&data->rxlock, flags); 1318 skb = data->acl_skb; 1319 1320 while (count) { 1321 int len; 1322 1323 if (!skb) { 1324 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 1325 if (!skb) { 1326 err = -ENOMEM; 1327 break; 1328 } 1329 1330 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 1331 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 1332 } 1333 1334 len = min_t(uint, hci_skb_expect(skb), count); 1335 skb_put_data(skb, buffer, len); 1336 1337 count -= len; 1338 buffer += len; 1339 hci_skb_expect(skb) -= len; 1340 1341 if (skb->len == HCI_ACL_HDR_SIZE) { 1342 __le16 dlen = hci_acl_hdr(skb)->dlen; 1343 1344 /* Complete ACL header */ 1345 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1346 1347 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1348 kfree_skb(skb); 1349 skb = NULL; 1350 1351 err = -EILSEQ; 1352 break; 1353 } 1354 } 1355 1356 if (!hci_skb_expect(skb)) { 1357 /* Complete frame */ 1358 btusb_recv_acl(data, skb); 1359 skb = NULL; 1360 } 1361 } 1362 1363 data->acl_skb = skb; 1364 spin_unlock_irqrestore(&data->rxlock, flags); 1365 1366 return err; 1367 } 1368 1369 static bool btusb_validate_sco_handle(struct hci_dev *hdev, 1370 struct hci_sco_hdr *hdr) 1371 { 1372 __u16 handle; 1373 1374 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) 1375 // Can't validate, userspace controls everything. 1376 return true; 1377 1378 /* 1379 * USB isochronous transfers are not designed to be reliable and may 1380 * lose fragments. When this happens, the next first fragment 1381 * encountered might actually be a continuation fragment. 1382 * Validate the handle to detect it and drop it, or else the upper 1383 * layer will get garbage for a while. 1384 */ 1385 1386 handle = hci_handle(__le16_to_cpu(hdr->handle)); 1387 1388 switch (hci_conn_lookup_type(hdev, handle)) { 1389 case SCO_LINK: 1390 case ESCO_LINK: 1391 return true; 1392 default: 1393 return false; 1394 } 1395 } 1396 1397 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 1398 { 1399 struct sk_buff *skb; 1400 unsigned long flags; 1401 int err = 0; 1402 1403 spin_lock_irqsave(&data->rxlock, flags); 1404 skb = data->sco_skb; 1405 1406 while (count) { 1407 int len; 1408 1409 if (!skb) { 1410 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 1411 if (!skb) { 1412 err = -ENOMEM; 1413 break; 1414 } 1415 1416 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 1417 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 1418 } 1419 1420 len = min_t(uint, hci_skb_expect(skb), count); 1421 skb_put_data(skb, buffer, len); 1422 1423 count -= len; 1424 buffer += len; 1425 hci_skb_expect(skb) -= len; 1426 1427 if (skb->len == HCI_SCO_HDR_SIZE) { 1428 /* Complete SCO header */ 1429 struct hci_sco_hdr *hdr = hci_sco_hdr(skb); 1430 1431 hci_skb_expect(skb) = hdr->dlen; 1432 1433 if (skb_tailroom(skb) < hci_skb_expect(skb) || 1434 !btusb_validate_sco_handle(data->hdev, hdr)) { 1435 kfree_skb(skb); 1436 skb = NULL; 1437 1438 err = -EILSEQ; 1439 break; 1440 } 1441 } 1442 1443 if (!hci_skb_expect(skb)) { 1444 /* Complete frame */ 1445 hci_recv_frame(data->hdev, skb); 1446 skb = NULL; 1447 } 1448 } 1449 1450 data->sco_skb = skb; 1451 spin_unlock_irqrestore(&data->rxlock, flags); 1452 1453 return err; 1454 } 1455 1456 static void btusb_intr_complete(struct urb *urb) 1457 { 1458 struct hci_dev *hdev = urb->context; 1459 struct btusb_data *data = hci_get_drvdata(hdev); 1460 int err; 1461 1462 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1463 urb->actual_length); 1464 1465 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1466 return; 1467 1468 if (urb->status == 0) { 1469 hdev->stat.byte_rx += urb->actual_length; 1470 1471 if (btusb_recv_intr(data, urb->transfer_buffer, 1472 urb->actual_length) < 0) { 1473 bt_dev_err(hdev, "corrupted event packet"); 1474 hdev->stat.err_rx++; 1475 } 1476 } else if (urb->status == -ENOENT) { 1477 /* Avoid suspend failed when usb_kill_urb */ 1478 return; 1479 } 1480 1481 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 1482 return; 1483 1484 usb_mark_last_busy(data->udev); 1485 usb_anchor_urb(urb, &data->intr_anchor); 1486 1487 err = usb_submit_urb(urb, GFP_ATOMIC); 1488 if (err < 0) { 1489 /* -EPERM: urb is being killed; 1490 * -ENODEV: device got disconnected 1491 */ 1492 if (err != -EPERM && err != -ENODEV) 1493 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1494 urb, -err); 1495 if (err != -EPERM) 1496 hci_cmd_sync_cancel(hdev, -err); 1497 usb_unanchor_urb(urb); 1498 } 1499 } 1500 1501 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1502 { 1503 struct btusb_data *data = hci_get_drvdata(hdev); 1504 struct urb *urb; 1505 unsigned char *buf; 1506 unsigned int pipe; 1507 int err, size; 1508 1509 BT_DBG("%s", hdev->name); 1510 1511 if (!data->intr_ep) 1512 return -ENODEV; 1513 1514 urb = usb_alloc_urb(0, mem_flags); 1515 if (!urb) 1516 return -ENOMEM; 1517 1518 if (le16_to_cpu(data->udev->descriptor.idVendor) == 0x0a12 && 1519 le16_to_cpu(data->udev->descriptor.idProduct) == 0x0001) 1520 /* Fake CSR devices don't seem to support sort-transter */ 1521 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 1522 else 1523 /* Use maximum HCI Event size so the USB stack handles 1524 * ZPL/short-transfer automatically. 1525 */ 1526 size = HCI_MAX_EVENT_SIZE; 1527 1528 buf = kmalloc(size, mem_flags); 1529 if (!buf) { 1530 usb_free_urb(urb); 1531 return -ENOMEM; 1532 } 1533 1534 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 1535 1536 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 1537 btusb_intr_complete, hdev, data->intr_ep->bInterval); 1538 1539 urb->transfer_flags |= URB_FREE_BUFFER; 1540 1541 usb_anchor_urb(urb, &data->intr_anchor); 1542 1543 err = usb_submit_urb(urb, mem_flags); 1544 if (err < 0) { 1545 if (err != -EPERM && err != -ENODEV) 1546 bt_dev_err(hdev, "urb %p submission failed (%d)", 1547 urb, -err); 1548 if (err != -EPERM) 1549 hci_cmd_sync_cancel(hdev, -err); 1550 usb_unanchor_urb(urb); 1551 } 1552 1553 /* Only initialize intr_interval if URB poll sync is enabled */ 1554 if (!data->poll_sync) 1555 goto done; 1556 1557 /* The units are frames (milliseconds) for full and low speed devices, 1558 * and microframes (1/8 millisecond) for highspeed and SuperSpeed 1559 * devices. 1560 * 1561 * This is done once on open/resume so it shouldn't change even if 1562 * force_poll_sync changes. 1563 */ 1564 switch (urb->dev->speed) { 1565 case USB_SPEED_SUPER_PLUS: 1566 case USB_SPEED_SUPER: /* units are 125us */ 1567 data->intr_interval = usecs_to_jiffies(urb->interval * 125); 1568 break; 1569 default: 1570 data->intr_interval = msecs_to_jiffies(urb->interval); 1571 break; 1572 } 1573 1574 done: 1575 usb_free_urb(urb); 1576 1577 return err; 1578 } 1579 1580 static void btusb_bulk_complete(struct urb *urb) 1581 { 1582 struct hci_dev *hdev = urb->context; 1583 struct btusb_data *data = hci_get_drvdata(hdev); 1584 int err; 1585 1586 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1587 urb->actual_length); 1588 1589 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1590 return; 1591 1592 if (urb->status == 0) { 1593 hdev->stat.byte_rx += urb->actual_length; 1594 1595 if (data->recv_bulk(data, urb->transfer_buffer, 1596 urb->actual_length) < 0) { 1597 bt_dev_err(hdev, "corrupted ACL packet"); 1598 hdev->stat.err_rx++; 1599 } 1600 } else if (urb->status == -ENOENT) { 1601 /* Avoid suspend failed when usb_kill_urb */ 1602 return; 1603 } 1604 1605 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 1606 return; 1607 1608 usb_anchor_urb(urb, &data->bulk_anchor); 1609 usb_mark_last_busy(data->udev); 1610 1611 err = usb_submit_urb(urb, GFP_ATOMIC); 1612 if (err < 0) { 1613 /* -EPERM: urb is being killed; 1614 * -ENODEV: device got disconnected 1615 */ 1616 if (err != -EPERM && err != -ENODEV) 1617 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1618 urb, -err); 1619 usb_unanchor_urb(urb); 1620 } 1621 } 1622 1623 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 1624 { 1625 struct btusb_data *data = hci_get_drvdata(hdev); 1626 struct urb *urb; 1627 unsigned char *buf; 1628 unsigned int pipe; 1629 int err, size = HCI_MAX_FRAME_SIZE; 1630 1631 BT_DBG("%s", hdev->name); 1632 1633 if (!data->bulk_rx_ep) 1634 return -ENODEV; 1635 1636 urb = usb_alloc_urb(0, mem_flags); 1637 if (!urb) 1638 return -ENOMEM; 1639 1640 buf = kmalloc(size, mem_flags); 1641 if (!buf) { 1642 usb_free_urb(urb); 1643 return -ENOMEM; 1644 } 1645 1646 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 1647 1648 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1649 btusb_bulk_complete, hdev); 1650 1651 urb->transfer_flags |= URB_FREE_BUFFER; 1652 1653 usb_mark_last_busy(data->udev); 1654 usb_anchor_urb(urb, &data->bulk_anchor); 1655 1656 err = usb_submit_urb(urb, mem_flags); 1657 if (err < 0) { 1658 if (err != -EPERM && err != -ENODEV) 1659 bt_dev_err(hdev, "urb %p submission failed (%d)", 1660 urb, -err); 1661 usb_unanchor_urb(urb); 1662 } 1663 1664 usb_free_urb(urb); 1665 1666 return err; 1667 } 1668 1669 static void btusb_isoc_complete(struct urb *urb) 1670 { 1671 struct hci_dev *hdev = urb->context; 1672 struct btusb_data *data = hci_get_drvdata(hdev); 1673 int i, err; 1674 1675 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1676 urb->actual_length); 1677 1678 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1679 return; 1680 1681 if (urb->status == 0) { 1682 for (i = 0; i < urb->number_of_packets; i++) { 1683 unsigned int offset = urb->iso_frame_desc[i].offset; 1684 unsigned int length = urb->iso_frame_desc[i].actual_length; 1685 1686 if (urb->iso_frame_desc[i].status) 1687 continue; 1688 1689 hdev->stat.byte_rx += length; 1690 1691 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 1692 length) < 0) { 1693 bt_dev_err(hdev, "corrupted SCO packet"); 1694 hdev->stat.err_rx++; 1695 } 1696 } 1697 } else if (urb->status == -ENOENT) { 1698 /* Avoid suspend failed when usb_kill_urb */ 1699 return; 1700 } 1701 1702 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 1703 return; 1704 1705 usb_anchor_urb(urb, &data->isoc_anchor); 1706 1707 err = usb_submit_urb(urb, GFP_ATOMIC); 1708 if (err < 0) { 1709 /* -EPERM: urb is being killed; 1710 * -ENODEV: device got disconnected 1711 */ 1712 if (err != -EPERM && err != -ENODEV) 1713 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1714 urb, -err); 1715 usb_unanchor_urb(urb); 1716 } 1717 } 1718 1719 static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len, 1720 int mtu, struct btusb_data *data) 1721 { 1722 int i = 0, offset = 0; 1723 unsigned int interval; 1724 1725 BT_DBG("len %d mtu %d", len, mtu); 1726 1727 /* For mSBC ALT 6 settings some chips need to transmit the data 1728 * continuously without the zero length of USB packets. 1729 */ 1730 if (test_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags)) 1731 goto ignore_usb_alt6_packet_flow; 1732 1733 /* For mSBC ALT 6 setting the host will send the packet at continuous 1734 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting 1735 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets. 1736 * To maintain the rate we send 63bytes of usb packets alternatively for 1737 * 7ms and 8ms to maintain the rate as 7.5ms. 1738 */ 1739 if (data->usb_alt6_packet_flow) { 1740 interval = 7; 1741 data->usb_alt6_packet_flow = false; 1742 } else { 1743 interval = 6; 1744 data->usb_alt6_packet_flow = true; 1745 } 1746 1747 for (i = 0; i < interval; i++) { 1748 urb->iso_frame_desc[i].offset = offset; 1749 urb->iso_frame_desc[i].length = offset; 1750 } 1751 1752 ignore_usb_alt6_packet_flow: 1753 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1754 urb->iso_frame_desc[i].offset = offset; 1755 urb->iso_frame_desc[i].length = len; 1756 i++; 1757 } 1758 1759 urb->number_of_packets = i; 1760 } 1761 1762 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 1763 { 1764 int i, offset = 0; 1765 1766 BT_DBG("len %d mtu %d", len, mtu); 1767 1768 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 1769 i++, offset += mtu, len -= mtu) { 1770 urb->iso_frame_desc[i].offset = offset; 1771 urb->iso_frame_desc[i].length = mtu; 1772 } 1773 1774 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1775 urb->iso_frame_desc[i].offset = offset; 1776 urb->iso_frame_desc[i].length = len; 1777 i++; 1778 } 1779 1780 urb->number_of_packets = i; 1781 } 1782 1783 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 1784 { 1785 struct btusb_data *data = hci_get_drvdata(hdev); 1786 struct urb *urb; 1787 unsigned char *buf; 1788 unsigned int pipe; 1789 int err, size; 1790 1791 BT_DBG("%s", hdev->name); 1792 1793 if (!data->isoc_rx_ep) 1794 return -ENODEV; 1795 1796 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 1797 if (!urb) 1798 return -ENOMEM; 1799 1800 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 1801 BTUSB_MAX_ISOC_FRAMES; 1802 1803 buf = kmalloc(size, mem_flags); 1804 if (!buf) { 1805 usb_free_urb(urb); 1806 return -ENOMEM; 1807 } 1808 1809 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 1810 1811 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 1812 hdev, data->isoc_rx_ep->bInterval); 1813 1814 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 1815 1816 __fill_isoc_descriptor(urb, size, 1817 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 1818 1819 usb_anchor_urb(urb, &data->isoc_anchor); 1820 1821 err = usb_submit_urb(urb, mem_flags); 1822 if (err < 0) { 1823 if (err != -EPERM && err != -ENODEV) 1824 bt_dev_err(hdev, "urb %p submission failed (%d)", 1825 urb, -err); 1826 usb_unanchor_urb(urb); 1827 } 1828 1829 usb_free_urb(urb); 1830 1831 return err; 1832 } 1833 1834 static void btusb_diag_complete(struct urb *urb) 1835 { 1836 struct hci_dev *hdev = urb->context; 1837 struct btusb_data *data = hci_get_drvdata(hdev); 1838 int err; 1839 1840 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1841 urb->actual_length); 1842 1843 if (urb->status == 0) { 1844 struct sk_buff *skb; 1845 1846 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 1847 if (skb) { 1848 skb_put_data(skb, urb->transfer_buffer, 1849 urb->actual_length); 1850 hci_recv_diag(hdev, skb); 1851 } 1852 } else if (urb->status == -ENOENT) { 1853 /* Avoid suspend failed when usb_kill_urb */ 1854 return; 1855 } 1856 1857 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1858 return; 1859 1860 usb_anchor_urb(urb, &data->diag_anchor); 1861 usb_mark_last_busy(data->udev); 1862 1863 err = usb_submit_urb(urb, GFP_ATOMIC); 1864 if (err < 0) { 1865 /* -EPERM: urb is being killed; 1866 * -ENODEV: device got disconnected 1867 */ 1868 if (err != -EPERM && err != -ENODEV) 1869 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1870 urb, -err); 1871 usb_unanchor_urb(urb); 1872 } 1873 } 1874 1875 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1876 { 1877 struct btusb_data *data = hci_get_drvdata(hdev); 1878 struct urb *urb; 1879 unsigned char *buf; 1880 unsigned int pipe; 1881 int err, size = HCI_MAX_FRAME_SIZE; 1882 1883 BT_DBG("%s", hdev->name); 1884 1885 if (!data->diag_rx_ep) 1886 return -ENODEV; 1887 1888 urb = usb_alloc_urb(0, mem_flags); 1889 if (!urb) 1890 return -ENOMEM; 1891 1892 buf = kmalloc(size, mem_flags); 1893 if (!buf) { 1894 usb_free_urb(urb); 1895 return -ENOMEM; 1896 } 1897 1898 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1899 1900 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1901 btusb_diag_complete, hdev); 1902 1903 urb->transfer_flags |= URB_FREE_BUFFER; 1904 1905 usb_mark_last_busy(data->udev); 1906 usb_anchor_urb(urb, &data->diag_anchor); 1907 1908 err = usb_submit_urb(urb, mem_flags); 1909 if (err < 0) { 1910 if (err != -EPERM && err != -ENODEV) 1911 bt_dev_err(hdev, "urb %p submission failed (%d)", 1912 urb, -err); 1913 usb_unanchor_urb(urb); 1914 } 1915 1916 usb_free_urb(urb); 1917 1918 return err; 1919 } 1920 1921 static void btusb_tx_complete(struct urb *urb) 1922 { 1923 struct sk_buff *skb = urb->context; 1924 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1925 struct btusb_data *data = hci_get_drvdata(hdev); 1926 unsigned long flags; 1927 1928 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1929 urb->actual_length); 1930 1931 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1932 goto done; 1933 1934 if (!urb->status) { 1935 hdev->stat.byte_tx += urb->transfer_buffer_length; 1936 } else { 1937 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) 1938 hci_cmd_sync_cancel(hdev, -urb->status); 1939 hdev->stat.err_tx++; 1940 } 1941 1942 done: 1943 spin_lock_irqsave(&data->txlock, flags); 1944 data->tx_in_flight--; 1945 spin_unlock_irqrestore(&data->txlock, flags); 1946 1947 kfree(urb->setup_packet); 1948 1949 kfree_skb(skb); 1950 } 1951 1952 static void btusb_isoc_tx_complete(struct urb *urb) 1953 { 1954 struct sk_buff *skb = urb->context; 1955 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1956 1957 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1958 urb->actual_length); 1959 1960 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1961 goto done; 1962 1963 if (!urb->status) 1964 hdev->stat.byte_tx += urb->transfer_buffer_length; 1965 else 1966 hdev->stat.err_tx++; 1967 1968 done: 1969 kfree(urb->setup_packet); 1970 1971 kfree_skb(skb); 1972 } 1973 1974 static int btusb_open(struct hci_dev *hdev) 1975 { 1976 struct btusb_data *data = hci_get_drvdata(hdev); 1977 int err; 1978 1979 BT_DBG("%s", hdev->name); 1980 1981 err = usb_autopm_get_interface(data->intf); 1982 if (err < 0) 1983 return err; 1984 1985 /* Patching USB firmware files prior to starting any URBs of HCI path 1986 * It is more safe to use USB bulk channel for downloading USB patch 1987 */ 1988 if (data->setup_on_usb) { 1989 err = data->setup_on_usb(hdev); 1990 if (err < 0) 1991 goto setup_fail; 1992 } 1993 1994 data->intf->needs_remote_wakeup = 1; 1995 1996 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1997 goto done; 1998 1999 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 2000 if (err < 0) 2001 goto failed; 2002 2003 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 2004 if (err < 0) { 2005 usb_kill_anchored_urbs(&data->intr_anchor); 2006 goto failed; 2007 } 2008 2009 set_bit(BTUSB_BULK_RUNNING, &data->flags); 2010 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 2011 2012 if (data->diag) { 2013 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 2014 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 2015 } 2016 2017 done: 2018 usb_autopm_put_interface(data->intf); 2019 return 0; 2020 2021 failed: 2022 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2023 setup_fail: 2024 usb_autopm_put_interface(data->intf); 2025 return err; 2026 } 2027 2028 static void btusb_stop_traffic(struct btusb_data *data) 2029 { 2030 usb_kill_anchored_urbs(&data->intr_anchor); 2031 usb_kill_anchored_urbs(&data->bulk_anchor); 2032 usb_kill_anchored_urbs(&data->isoc_anchor); 2033 usb_kill_anchored_urbs(&data->diag_anchor); 2034 usb_kill_anchored_urbs(&data->ctrl_anchor); 2035 } 2036 2037 static int btusb_close(struct hci_dev *hdev) 2038 { 2039 struct btusb_data *data = hci_get_drvdata(hdev); 2040 int err; 2041 2042 BT_DBG("%s", hdev->name); 2043 2044 cancel_delayed_work(&data->rx_work); 2045 cancel_work_sync(&data->work); 2046 cancel_work_sync(&data->waker); 2047 2048 skb_queue_purge(&data->acl_q); 2049 2050 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2051 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 2052 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2053 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 2054 2055 btusb_stop_traffic(data); 2056 btusb_free_frags(data); 2057 2058 err = usb_autopm_get_interface(data->intf); 2059 if (err < 0) 2060 goto failed; 2061 2062 data->intf->needs_remote_wakeup = 0; 2063 2064 /* Enable remote wake up for auto-suspend */ 2065 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) 2066 data->intf->needs_remote_wakeup = 1; 2067 2068 usb_autopm_put_interface(data->intf); 2069 2070 failed: 2071 usb_scuttle_anchored_urbs(&data->deferred); 2072 return 0; 2073 } 2074 2075 static int btusb_flush(struct hci_dev *hdev) 2076 { 2077 struct btusb_data *data = hci_get_drvdata(hdev); 2078 2079 BT_DBG("%s", hdev->name); 2080 2081 cancel_delayed_work(&data->rx_work); 2082 2083 skb_queue_purge(&data->acl_q); 2084 2085 usb_kill_anchored_urbs(&data->tx_anchor); 2086 btusb_free_frags(data); 2087 2088 return 0; 2089 } 2090 2091 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 2092 { 2093 struct btusb_data *data = hci_get_drvdata(hdev); 2094 struct usb_ctrlrequest *dr; 2095 struct urb *urb; 2096 unsigned int pipe; 2097 2098 urb = usb_alloc_urb(0, GFP_KERNEL); 2099 if (!urb) 2100 return ERR_PTR(-ENOMEM); 2101 2102 dr = kmalloc_obj(*dr); 2103 if (!dr) { 2104 usb_free_urb(urb); 2105 return ERR_PTR(-ENOMEM); 2106 } 2107 2108 dr->bRequestType = data->cmdreq_type; 2109 dr->bRequest = data->cmdreq; 2110 dr->wIndex = 0; 2111 dr->wValue = 0; 2112 dr->wLength = __cpu_to_le16(skb->len); 2113 2114 pipe = usb_sndctrlpipe(data->udev, 0x00); 2115 2116 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 2117 skb->data, skb->len, btusb_tx_complete, skb); 2118 2119 skb->dev = (void *)hdev; 2120 2121 return urb; 2122 } 2123 2124 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 2125 { 2126 struct btusb_data *data = hci_get_drvdata(hdev); 2127 struct urb *urb; 2128 unsigned int pipe; 2129 2130 if (!data->bulk_tx_ep) 2131 return ERR_PTR(-ENODEV); 2132 2133 urb = usb_alloc_urb(0, GFP_KERNEL); 2134 if (!urb) 2135 return ERR_PTR(-ENOMEM); 2136 2137 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 2138 2139 usb_fill_bulk_urb(urb, data->udev, pipe, 2140 skb->data, skb->len, btusb_tx_complete, skb); 2141 2142 skb->dev = (void *)hdev; 2143 2144 return urb; 2145 } 2146 2147 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 2148 { 2149 struct btusb_data *data = hci_get_drvdata(hdev); 2150 struct urb *urb; 2151 unsigned int pipe; 2152 2153 if (!data->isoc_tx_ep) 2154 return ERR_PTR(-ENODEV); 2155 2156 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 2157 if (!urb) 2158 return ERR_PTR(-ENOMEM); 2159 2160 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 2161 2162 usb_fill_int_urb(urb, data->udev, pipe, 2163 skb->data, skb->len, btusb_isoc_tx_complete, 2164 skb, data->isoc_tx_ep->bInterval); 2165 2166 urb->transfer_flags = URB_ISO_ASAP; 2167 2168 if (data->isoc_altsetting == 6) 2169 __fill_isoc_descriptor_msbc(urb, skb->len, 2170 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize), 2171 data); 2172 else 2173 __fill_isoc_descriptor(urb, skb->len, 2174 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 2175 skb->dev = (void *)hdev; 2176 2177 return urb; 2178 } 2179 2180 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 2181 { 2182 struct btusb_data *data = hci_get_drvdata(hdev); 2183 int err; 2184 2185 usb_anchor_urb(urb, &data->tx_anchor); 2186 2187 err = usb_submit_urb(urb, GFP_KERNEL); 2188 if (err < 0) { 2189 if (err != -EPERM && err != -ENODEV) 2190 bt_dev_err(hdev, "urb %p submission failed (%d)", 2191 urb, -err); 2192 kfree(urb->setup_packet); 2193 usb_unanchor_urb(urb); 2194 } else { 2195 usb_mark_last_busy(data->udev); 2196 } 2197 2198 usb_free_urb(urb); 2199 return err; 2200 } 2201 2202 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 2203 { 2204 struct btusb_data *data = hci_get_drvdata(hdev); 2205 unsigned long flags; 2206 bool suspending; 2207 2208 spin_lock_irqsave(&data->txlock, flags); 2209 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 2210 if (!suspending) 2211 data->tx_in_flight++; 2212 spin_unlock_irqrestore(&data->txlock, flags); 2213 2214 if (!suspending) 2215 return submit_tx_urb(hdev, urb); 2216 2217 usb_anchor_urb(urb, &data->deferred); 2218 schedule_work(&data->waker); 2219 2220 usb_free_urb(urb); 2221 return 0; 2222 } 2223 2224 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 2225 { 2226 struct urb *urb; 2227 2228 BT_DBG("%s", hdev->name); 2229 2230 switch (hci_skb_pkt_type(skb)) { 2231 case HCI_COMMAND_PKT: 2232 urb = alloc_ctrl_urb(hdev, skb); 2233 if (IS_ERR(urb)) 2234 return PTR_ERR(urb); 2235 2236 hdev->stat.cmd_tx++; 2237 return submit_or_queue_tx_urb(hdev, urb); 2238 2239 case HCI_ACLDATA_PKT: 2240 urb = alloc_bulk_urb(hdev, skb); 2241 if (IS_ERR(urb)) 2242 return PTR_ERR(urb); 2243 2244 hdev->stat.acl_tx++; 2245 return submit_or_queue_tx_urb(hdev, urb); 2246 2247 case HCI_SCODATA_PKT: 2248 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 2249 hci_conn_num(hdev, SCO_LINK) < 1) 2250 return -ENODEV; 2251 2252 urb = alloc_isoc_urb(hdev, skb); 2253 if (IS_ERR(urb)) 2254 return PTR_ERR(urb); 2255 2256 hdev->stat.sco_tx++; 2257 return submit_tx_urb(hdev, urb); 2258 2259 case HCI_ISODATA_PKT: 2260 urb = alloc_bulk_urb(hdev, skb); 2261 if (IS_ERR(urb)) 2262 return PTR_ERR(urb); 2263 2264 return submit_or_queue_tx_urb(hdev, urb); 2265 } 2266 2267 return -EILSEQ; 2268 } 2269 2270 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 2271 { 2272 struct btusb_data *data = hci_get_drvdata(hdev); 2273 2274 BT_DBG("%s evt %d", hdev->name, evt); 2275 2276 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 2277 data->sco_num = hci_conn_num(hdev, SCO_LINK); 2278 data->air_mode = evt; 2279 schedule_work(&data->work); 2280 } 2281 } 2282 2283 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 2284 { 2285 struct btusb_data *data = hci_get_drvdata(hdev); 2286 struct usb_interface *intf = data->isoc; 2287 struct usb_endpoint_descriptor *ep_desc; 2288 int i, err; 2289 2290 if (!data->isoc) 2291 return -ENODEV; 2292 2293 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 2294 if (err < 0) { 2295 bt_dev_err(hdev, "setting interface failed (%d)", -err); 2296 return err; 2297 } 2298 2299 data->isoc_altsetting = altsetting; 2300 2301 data->isoc_tx_ep = NULL; 2302 data->isoc_rx_ep = NULL; 2303 2304 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2305 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2306 2307 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 2308 data->isoc_tx_ep = ep_desc; 2309 continue; 2310 } 2311 2312 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 2313 data->isoc_rx_ep = ep_desc; 2314 continue; 2315 } 2316 } 2317 2318 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 2319 bt_dev_err(hdev, "invalid SCO descriptors"); 2320 return -ENODEV; 2321 } 2322 2323 return 0; 2324 } 2325 2326 static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts) 2327 { 2328 struct btusb_data *data = hci_get_drvdata(hdev); 2329 int err; 2330 2331 if (data->isoc_altsetting != new_alts) { 2332 unsigned long flags; 2333 2334 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2335 usb_kill_anchored_urbs(&data->isoc_anchor); 2336 2337 /* When isochronous alternate setting needs to be 2338 * changed, because SCO connection has been added 2339 * or removed, a packet fragment may be left in the 2340 * reassembling state. This could lead to wrongly 2341 * assembled fragments. 2342 * 2343 * Clear outstanding fragment when selecting a new 2344 * alternate setting. 2345 */ 2346 spin_lock_irqsave(&data->rxlock, flags); 2347 dev_kfree_skb_irq(data->sco_skb); 2348 data->sco_skb = NULL; 2349 spin_unlock_irqrestore(&data->rxlock, flags); 2350 2351 err = __set_isoc_interface(hdev, new_alts); 2352 if (err < 0) 2353 return err; 2354 } 2355 2356 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2357 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 2358 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2359 else 2360 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 2361 } 2362 2363 return 0; 2364 } 2365 2366 static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data, 2367 int alt) 2368 { 2369 struct usb_interface *intf = data->isoc; 2370 int i; 2371 2372 BT_DBG("Looking for Alt no :%d", alt); 2373 2374 if (!intf) 2375 return NULL; 2376 2377 for (i = 0; i < intf->num_altsetting; i++) { 2378 if (intf->altsetting[i].desc.bAlternateSetting == alt) 2379 return &intf->altsetting[i]; 2380 } 2381 2382 return NULL; 2383 } 2384 2385 static void btusb_work(struct work_struct *work) 2386 { 2387 struct btusb_data *data = container_of(work, struct btusb_data, work); 2388 struct hci_dev *hdev = data->hdev; 2389 int new_alts = 0; 2390 int err; 2391 2392 if (data->sco_num > 0) { 2393 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 2394 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 2395 if (err < 0) { 2396 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2397 usb_kill_anchored_urbs(&data->isoc_anchor); 2398 return; 2399 } 2400 2401 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 2402 } 2403 2404 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) { 2405 if (hdev->voice_setting & 0x0020) { 2406 static const int alts[3] = { 2, 4, 5 }; 2407 unsigned int sco_idx; 2408 2409 sco_idx = min_t(unsigned int, data->sco_num - 1, 2410 ARRAY_SIZE(alts) - 1); 2411 new_alts = alts[sco_idx]; 2412 } else { 2413 new_alts = data->sco_num; 2414 } 2415 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) { 2416 /* Bluetooth USB spec recommends alt 6 (63 bytes), but 2417 * many adapters do not support it. Alt 1 appears to 2418 * work for all adapters that do not have alt 6, and 2419 * which work with WBS at all. Some devices prefer 2420 * alt 3 (HCI payload >= 60 Bytes let air packet 2421 * data satisfy 60 bytes), requiring 2422 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72 2423 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1. 2424 */ 2425 if (btusb_find_altsetting(data, 6)) 2426 new_alts = 6; 2427 else if (btusb_find_altsetting(data, 3) && 2428 hdev->sco_mtu >= 72 && 2429 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags)) 2430 new_alts = 3; 2431 else 2432 new_alts = 1; 2433 } 2434 2435 if (btusb_switch_alt_setting(hdev, new_alts) < 0) 2436 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts); 2437 } else { 2438 usb_kill_anchored_urbs(&data->isoc_anchor); 2439 2440 if (test_and_clear_bit(BTUSB_ISOC_RUNNING, &data->flags)) 2441 __set_isoc_interface(hdev, 0); 2442 2443 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 2444 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 2445 } 2446 } 2447 2448 static void btusb_waker(struct work_struct *work) 2449 { 2450 struct btusb_data *data = container_of(work, struct btusb_data, waker); 2451 int err; 2452 2453 err = usb_autopm_get_interface(data->intf); 2454 if (err < 0) 2455 return; 2456 2457 usb_autopm_put_interface(data->intf); 2458 } 2459 2460 static void btusb_rx_work(struct work_struct *work) 2461 { 2462 struct btusb_data *data = container_of(work, struct btusb_data, 2463 rx_work.work); 2464 struct sk_buff *skb; 2465 2466 /* Dequeue ACL data received during the interval */ 2467 while ((skb = skb_dequeue(&data->acl_q))) 2468 data->recv_acl(data->hdev, skb); 2469 } 2470 2471 static int btusb_setup_bcm92035(struct hci_dev *hdev) 2472 { 2473 struct sk_buff *skb; 2474 u8 val = 0x00; 2475 2476 BT_DBG("%s", hdev->name); 2477 2478 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 2479 if (IS_ERR(skb)) 2480 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 2481 else 2482 kfree_skb(skb); 2483 2484 return 0; 2485 } 2486 2487 static int btusb_setup_csr(struct hci_dev *hdev) 2488 { 2489 struct btusb_data *data = hci_get_drvdata(hdev); 2490 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice); 2491 struct hci_rp_read_local_version *rp; 2492 struct sk_buff *skb; 2493 bool is_fake = false; 2494 int ret; 2495 2496 BT_DBG("%s", hdev->name); 2497 2498 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 2499 HCI_INIT_TIMEOUT); 2500 if (IS_ERR(skb)) { 2501 int err = PTR_ERR(skb); 2502 2503 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 2504 return err; 2505 } 2506 2507 rp = skb_pull_data(skb, sizeof(*rp)); 2508 if (!rp) { 2509 bt_dev_err(hdev, "CSR: Local version length mismatch"); 2510 kfree_skb(skb); 2511 return -EIO; 2512 } 2513 2514 bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x", 2515 rp->hci_ver, le16_to_cpu(rp->hci_rev)); 2516 2517 bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u", 2518 rp->lmp_ver, le16_to_cpu(rp->lmp_subver), 2519 le16_to_cpu(rp->manufacturer)); 2520 2521 /* Detect a wide host of Chinese controllers that aren't CSR. 2522 * 2523 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 2524 * 2525 * The main thing they have in common is that these are really popular low-cost 2526 * options that support newer Bluetooth versions but rely on heavy VID/PID 2527 * squatting of this poor old Bluetooth 1.1 device. Even sold as such. 2528 * 2529 * We detect actual CSR devices by checking that the HCI manufacturer code 2530 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and 2531 * HCI rev values always match. As they both store the firmware number. 2532 */ 2533 if (le16_to_cpu(rp->manufacturer) != 10 || 2534 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) 2535 is_fake = true; 2536 2537 /* Known legit CSR firmware build numbers and their supported BT versions: 2538 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e 2539 * - 1.2 (0x2) -> 0x04d9, 0x0529 2540 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c 2541 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) 2542 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb 2543 * 2544 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that 2545 * support BT 1.1 only; so it's a dead giveaway when some 2546 * third-party BT 4.0 dongle reuses it. 2547 */ 2548 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && 2549 rp->hci_ver > BLUETOOTH_VER_1_1) 2550 is_fake = true; 2551 2552 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && 2553 rp->hci_ver > BLUETOOTH_VER_1_2) 2554 is_fake = true; 2555 2556 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && 2557 rp->hci_ver > BLUETOOTH_VER_2_0) 2558 is_fake = true; 2559 2560 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && 2561 rp->hci_ver > BLUETOOTH_VER_2_1) 2562 is_fake = true; 2563 2564 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && 2565 rp->hci_ver > BLUETOOTH_VER_4_0) 2566 is_fake = true; 2567 2568 /* Other clones which beat all the above checks */ 2569 else if (bcdDevice == 0x0134 && 2570 le16_to_cpu(rp->lmp_subver) == 0x0c5c && 2571 rp->hci_ver == BLUETOOTH_VER_2_0) 2572 is_fake = true; 2573 2574 if (is_fake) { 2575 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once..."); 2576 2577 /* Generally these clones have big discrepancies between 2578 * advertised features and what's actually supported. 2579 * Probably will need to be expanded in the future; 2580 * without these the controller will lock up. 2581 */ 2582 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 2583 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ERR_DATA_REPORTING); 2584 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL); 2585 hci_set_quirk(hdev, HCI_QUIRK_NO_SUSPEND_NOTIFIER); 2586 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_VOICE_SETTING); 2587 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_PAGE_SCAN_TYPE); 2588 2589 /* Clear the reset quirk since this is not an actual 2590 * early Bluetooth 1.1 device from CSR. 2591 */ 2592 hci_clear_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 2593 hci_clear_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 2594 2595 /* 2596 * Special workaround for these BT 4.0 chip clones, and potentially more: 2597 * 2598 * - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012) 2599 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709) 2600 * 2601 * These controllers are really messed-up. 2602 * 2603 * 1. Their bulk RX endpoint will never report any data unless 2604 * the device was suspended at least once (yes, really). 2605 * 2. They will not wakeup when autosuspended and receiving data 2606 * on their bulk RX endpoint from e.g. a keyboard or mouse 2607 * (IOW remote-wakeup support is broken for the bulk endpoint). 2608 * 2609 * To fix 1. enable runtime-suspend, force-suspend the 2610 * HCI and then wake-it up by disabling runtime-suspend. 2611 * 2612 * To fix 2. clear the HCI's can_wake flag, this way the HCI 2613 * will still be autosuspended when it is not open. 2614 * 2615 * -- 2616 * 2617 * Because these are widespread problems we prefer generic solutions; so 2618 * apply this initialization quirk to every controller that gets here, 2619 * it should be harmless. The alternative is to not work at all. 2620 */ 2621 pm_runtime_allow(&data->udev->dev); 2622 2623 ret = pm_runtime_suspend(&data->udev->dev); 2624 if (ret >= 0) 2625 msleep(200); 2626 else 2627 bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround"); 2628 2629 pm_runtime_forbid(&data->udev->dev); 2630 2631 device_set_wakeup_capable(&data->udev->dev, false); 2632 2633 /* Re-enable autosuspend if this was requested */ 2634 if (enable_autosuspend) 2635 usb_enable_autosuspend(data->udev); 2636 } 2637 2638 kfree_skb(skb); 2639 2640 return 0; 2641 } 2642 2643 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 2644 { 2645 struct sk_buff *skb; 2646 struct hci_event_hdr *hdr; 2647 struct hci_ev_cmd_complete *evt; 2648 2649 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 2650 if (!skb) 2651 return -ENOMEM; 2652 2653 hdr = skb_put(skb, sizeof(*hdr)); 2654 hdr->evt = HCI_EV_CMD_COMPLETE; 2655 hdr->plen = sizeof(*evt) + 1; 2656 2657 evt = skb_put(skb, sizeof(*evt)); 2658 evt->ncmd = 0x01; 2659 evt->opcode = cpu_to_le16(opcode); 2660 2661 skb_put_u8(skb, 0x00); 2662 2663 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2664 2665 return hci_recv_frame(hdev, skb); 2666 } 2667 2668 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 2669 int count) 2670 { 2671 struct hci_dev *hdev = data->hdev; 2672 2673 /* When the device is in bootloader mode, then it can send 2674 * events via the bulk endpoint. These events are treated the 2675 * same way as the ones received from the interrupt endpoint. 2676 */ 2677 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) 2678 return btusb_recv_intr(data, buffer, count); 2679 2680 return btusb_recv_bulk(data, buffer, count); 2681 } 2682 2683 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 2684 { 2685 struct urb *urb; 2686 2687 BT_DBG("%s", hdev->name); 2688 2689 switch (hci_skb_pkt_type(skb)) { 2690 case HCI_COMMAND_PKT: 2691 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2692 struct hci_command_hdr *cmd = (void *)skb->data; 2693 __u16 opcode = le16_to_cpu(cmd->opcode); 2694 2695 /* When in bootloader mode and the command 0xfc09 2696 * is received, it needs to be send down the 2697 * bulk endpoint. So allocate a bulk URB instead. 2698 */ 2699 if (opcode == 0xfc09) 2700 urb = alloc_bulk_urb(hdev, skb); 2701 else 2702 urb = alloc_ctrl_urb(hdev, skb); 2703 2704 /* When the BTINTEL_HCI_OP_RESET command is issued to 2705 * boot into the operational firmware, it will actually 2706 * not send a command complete event. To keep the flow 2707 * control working inject that event here. 2708 */ 2709 if (opcode == BTINTEL_HCI_OP_RESET) 2710 inject_cmd_complete(hdev, opcode); 2711 } else { 2712 urb = alloc_ctrl_urb(hdev, skb); 2713 } 2714 if (IS_ERR(urb)) 2715 return PTR_ERR(urb); 2716 2717 hdev->stat.cmd_tx++; 2718 return submit_or_queue_tx_urb(hdev, urb); 2719 2720 case HCI_ACLDATA_PKT: 2721 urb = alloc_bulk_urb(hdev, skb); 2722 if (IS_ERR(urb)) 2723 return PTR_ERR(urb); 2724 2725 hdev->stat.acl_tx++; 2726 return submit_or_queue_tx_urb(hdev, urb); 2727 2728 case HCI_SCODATA_PKT: 2729 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 2730 hci_conn_num(hdev, SCO_LINK) < 1) 2731 return -ENODEV; 2732 2733 urb = alloc_isoc_urb(hdev, skb); 2734 if (IS_ERR(urb)) 2735 return PTR_ERR(urb); 2736 2737 hdev->stat.sco_tx++; 2738 return submit_tx_urb(hdev, urb); 2739 2740 case HCI_ISODATA_PKT: 2741 urb = alloc_bulk_urb(hdev, skb); 2742 if (IS_ERR(urb)) 2743 return PTR_ERR(urb); 2744 2745 return submit_or_queue_tx_urb(hdev, urb); 2746 } 2747 2748 return -EILSEQ; 2749 } 2750 2751 static int btusb_setup_realtek(struct hci_dev *hdev) 2752 { 2753 struct btusb_data *data = hci_get_drvdata(hdev); 2754 int ret; 2755 2756 ret = btrtl_setup_realtek(hdev); 2757 2758 if (btrealtek_test_flag(data->hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP)) 2759 set_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags); 2760 2761 return ret; 2762 } 2763 2764 static int btusb_recv_event_realtek(struct hci_dev *hdev, struct sk_buff *skb) 2765 { 2766 if (skb->data[0] == HCI_VENDOR_PKT && skb->data[2] == RTK_SUB_EVENT_CODE_COREDUMP) { 2767 struct rtk_dev_coredump_hdr hdr = { 2768 .code = RTK_DEVCOREDUMP_CODE_MEMDUMP, 2769 }; 2770 2771 bt_dev_dbg(hdev, "RTL: received coredump vendor evt, len %u", 2772 skb->len); 2773 2774 btusb_rtl_alloc_devcoredump(hdev, &hdr, skb->data, skb->len); 2775 kfree_skb(skb); 2776 2777 return 0; 2778 } 2779 2780 return hci_recv_frame(hdev, skb); 2781 } 2782 2783 static void btusb_mtk_claim_iso_intf(struct btusb_data *data) 2784 { 2785 struct btmtk_data *btmtk_data; 2786 int err; 2787 2788 if (!data->hdev) 2789 return; 2790 2791 btmtk_data = hci_get_priv(data->hdev); 2792 if (!btmtk_data) 2793 return; 2794 2795 if (!btmtk_data->isopkt_intf) { 2796 bt_dev_err(data->hdev, "Can't claim NULL iso interface"); 2797 return; 2798 } 2799 2800 /* 2801 * The function usb_driver_claim_interface() is documented to need 2802 * locks held if it's not called from a probe routine. The code here 2803 * is called from the hci_power_on workqueue, so grab the lock. 2804 */ 2805 device_lock(&btmtk_data->isopkt_intf->dev); 2806 err = usb_driver_claim_interface(&btusb_driver, 2807 btmtk_data->isopkt_intf, data); 2808 device_unlock(&btmtk_data->isopkt_intf->dev); 2809 if (err < 0) { 2810 btmtk_data->isopkt_intf = NULL; 2811 bt_dev_err(data->hdev, "Failed to claim iso interface: %d", err); 2812 return; 2813 } 2814 2815 set_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags); 2816 init_usb_anchor(&btmtk_data->isopkt_anchor); 2817 } 2818 2819 static void btusb_mtk_release_iso_intf(struct hci_dev *hdev) 2820 { 2821 struct btmtk_data *btmtk_data; 2822 2823 if (!hdev) 2824 return; 2825 2826 btmtk_data = hci_get_priv(hdev); 2827 if (!btmtk_data) 2828 return; 2829 2830 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 2831 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 2832 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 2833 2834 if (btmtk_data->isopkt_skb) { 2835 dev_kfree_skb_irq(btmtk_data->isopkt_skb); 2836 btmtk_data->isopkt_skb = NULL; 2837 } 2838 2839 if (btmtk_data->isopkt_intf) { 2840 usb_set_intfdata(btmtk_data->isopkt_intf, NULL); 2841 usb_driver_release_interface(&btusb_driver, 2842 btmtk_data->isopkt_intf); 2843 btmtk_data->isopkt_intf = NULL; 2844 } 2845 } 2846 2847 clear_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags); 2848 } 2849 2850 static int btusb_mtk_disconnect(struct hci_dev *hdev) 2851 { 2852 /* This function describes the specific additional steps taken by MediaTek 2853 * when Bluetooth usb driver's resume function is called. 2854 */ 2855 btusb_mtk_release_iso_intf(hdev); 2856 2857 return 0; 2858 } 2859 2860 static int btusb_mtk_reset(struct hci_dev *hdev, void *rst_data) 2861 { 2862 struct btusb_data *data = hci_get_drvdata(hdev); 2863 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 2864 int err; 2865 2866 /* It's MediaTek specific bluetooth reset mechanism via USB */ 2867 if (test_and_set_bit(BTMTK_HW_RESET_ACTIVE, &btmtk_data->flags)) { 2868 bt_dev_err(hdev, "last reset failed? Not resetting again"); 2869 return -EBUSY; 2870 } 2871 2872 err = usb_autopm_get_interface(data->intf); 2873 if (err < 0) 2874 return err; 2875 2876 /* Release MediaTek ISO data interface */ 2877 btusb_mtk_release_iso_intf(hdev); 2878 2879 btusb_stop_traffic(data); 2880 usb_kill_anchored_urbs(&data->tx_anchor); 2881 2882 /* Toggle the hard reset line. The MediaTek device is going to 2883 * yank itself off the USB and then replug. The cleanup is handled 2884 * correctly on the way out (standard USB disconnect), and the new 2885 * device is detected cleanly and bound to the driver again like 2886 * it should be. 2887 */ 2888 if (data->reset_gpio) { 2889 gpiod_set_value_cansleep(data->reset_gpio, 1); 2890 msleep(200); 2891 gpiod_set_value_cansleep(data->reset_gpio, 0); 2892 return 0; 2893 } 2894 2895 err = btmtk_usb_subsys_reset(hdev, btmtk_data->dev_id); 2896 2897 usb_queue_reset_device(data->intf); 2898 clear_bit(BTMTK_HW_RESET_ACTIVE, &btmtk_data->flags); 2899 2900 return err; 2901 } 2902 2903 static int btusb_send_frame_mtk(struct hci_dev *hdev, struct sk_buff *skb) 2904 { 2905 struct urb *urb; 2906 2907 BT_DBG("%s", hdev->name); 2908 2909 if (hci_skb_pkt_type(skb) == HCI_ISODATA_PKT) { 2910 urb = alloc_mtk_intr_urb(hdev, skb, btusb_tx_complete); 2911 if (IS_ERR(urb)) 2912 return PTR_ERR(urb); 2913 2914 return submit_or_queue_tx_urb(hdev, urb); 2915 } else { 2916 return btusb_send_frame(hdev, skb); 2917 } 2918 } 2919 2920 static int btusb_mtk_setup(struct hci_dev *hdev) 2921 { 2922 struct btusb_data *data = hci_get_drvdata(hdev); 2923 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 2924 2925 /* MediaTek WMT vendor cmd requiring below USB resources to 2926 * complete the handshake. 2927 */ 2928 btmtk_data->drv_name = btusb_driver.name; 2929 btmtk_data->intf = data->intf; 2930 btmtk_data->udev = data->udev; 2931 btmtk_data->ctrl_anchor = &data->ctrl_anchor; 2932 btmtk_data->reset_sync = btusb_mtk_reset; 2933 2934 /* Claim ISO data interface and endpoint */ 2935 if (!test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 2936 btmtk_data->isopkt_intf = usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM); 2937 btusb_mtk_claim_iso_intf(data); 2938 } 2939 2940 return btmtk_usb_setup(hdev); 2941 } 2942 2943 static int btusb_mtk_shutdown(struct hci_dev *hdev) 2944 { 2945 int ret; 2946 2947 ret = btmtk_usb_shutdown(hdev); 2948 2949 /* Release MediaTek iso interface after shutdown */ 2950 btusb_mtk_release_iso_intf(hdev); 2951 2952 return ret; 2953 } 2954 2955 #ifdef CONFIG_PM 2956 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 2957 static int marvell_config_oob_wake(struct hci_dev *hdev) 2958 { 2959 struct sk_buff *skb; 2960 struct btusb_data *data = hci_get_drvdata(hdev); 2961 struct device *dev = &data->udev->dev; 2962 u16 pin, gap, opcode; 2963 int ret; 2964 u8 cmd[5]; 2965 2966 /* Move on if no wakeup pin specified */ 2967 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 2968 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 2969 return 0; 2970 2971 /* Vendor specific command to configure a GPIO as wake-up pin */ 2972 opcode = hci_opcode_pack(0x3F, 0x59); 2973 cmd[0] = opcode & 0xFF; 2974 cmd[1] = opcode >> 8; 2975 cmd[2] = 2; /* length of parameters that follow */ 2976 cmd[3] = pin; 2977 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 2978 2979 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 2980 if (!skb) { 2981 bt_dev_err(hdev, "%s: No memory", __func__); 2982 return -ENOMEM; 2983 } 2984 2985 skb_put_data(skb, cmd, sizeof(cmd)); 2986 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 2987 2988 ret = btusb_send_frame(hdev, skb); 2989 if (ret) { 2990 bt_dev_err(hdev, "%s: configuration failed", __func__); 2991 kfree_skb(skb); 2992 return ret; 2993 } 2994 2995 return 0; 2996 } 2997 #endif 2998 2999 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 3000 const bdaddr_t *bdaddr) 3001 { 3002 struct sk_buff *skb; 3003 u8 buf[8]; 3004 long ret; 3005 3006 buf[0] = 0xfe; 3007 buf[1] = sizeof(bdaddr_t); 3008 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 3009 3010 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3011 if (IS_ERR(skb)) { 3012 ret = PTR_ERR(skb); 3013 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 3014 ret); 3015 return ret; 3016 } 3017 kfree_skb(skb); 3018 3019 return 0; 3020 } 3021 3022 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 3023 const bdaddr_t *bdaddr) 3024 { 3025 struct sk_buff *skb; 3026 u8 buf[10]; 3027 long ret; 3028 3029 buf[0] = 0x01; 3030 buf[1] = 0x01; 3031 buf[2] = 0x00; 3032 buf[3] = sizeof(bdaddr_t); 3033 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 3034 3035 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3036 if (IS_ERR(skb)) { 3037 ret = PTR_ERR(skb); 3038 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3039 return ret; 3040 } 3041 kfree_skb(skb); 3042 3043 return 0; 3044 } 3045 3046 static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev, 3047 const bdaddr_t *bdaddr) 3048 { 3049 struct sk_buff *skb; 3050 u8 buf[6]; 3051 long ret; 3052 3053 memcpy(buf, bdaddr, sizeof(bdaddr_t)); 3054 3055 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf, 3056 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 3057 if (IS_ERR(skb)) { 3058 ret = PTR_ERR(skb); 3059 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3060 return ret; 3061 } 3062 kfree_skb(skb); 3063 3064 return 0; 3065 } 3066 3067 #define QCA_MEMDUMP_ACL_HANDLE 0x2EDD 3068 #define QCA_MEMDUMP_SIZE_MAX 0x100000 3069 #define QCA_MEMDUMP_VSE_CLASS 0x01 3070 #define QCA_MEMDUMP_MSG_TYPE 0x08 3071 #define QCA_MEMDUMP_PKT_SIZE 248 3072 #define QCA_LAST_SEQUENCE_NUM 0xffff 3073 3074 struct qca_dump_hdr { 3075 u8 vse_class; 3076 u8 msg_type; 3077 __le16 seqno; 3078 u8 reserved; 3079 union { 3080 u8 data[0]; 3081 struct { 3082 __le32 ram_dump_size; 3083 u8 data0[0]; 3084 } __packed; 3085 }; 3086 } __packed; 3087 3088 3089 static void btusb_dump_hdr_qca(struct hci_dev *hdev, struct sk_buff *skb) 3090 { 3091 char buf[128]; 3092 struct btusb_data *btdata = hci_get_drvdata(hdev); 3093 3094 snprintf(buf, sizeof(buf), "Controller Name: 0x%x\n", 3095 btdata->qca_dump.controller_id); 3096 skb_put_data(skb, buf, strlen(buf)); 3097 3098 snprintf(buf, sizeof(buf), "Firmware Version: 0x%x\n", 3099 btdata->qca_dump.fw_version); 3100 skb_put_data(skb, buf, strlen(buf)); 3101 3102 snprintf(buf, sizeof(buf), "Driver: %s\nVendor: qca\n", 3103 btusb_driver.name); 3104 skb_put_data(skb, buf, strlen(buf)); 3105 3106 snprintf(buf, sizeof(buf), "VID: 0x%x\nPID:0x%x\n", 3107 btdata->qca_dump.id_vendor, btdata->qca_dump.id_product); 3108 skb_put_data(skb, buf, strlen(buf)); 3109 3110 snprintf(buf, sizeof(buf), "Lmp Subversion: 0x%x\n", 3111 hdev->lmp_subver); 3112 skb_put_data(skb, buf, strlen(buf)); 3113 } 3114 3115 static void btusb_coredump_qca(struct hci_dev *hdev) 3116 { 3117 int err; 3118 static const u8 param[] = { 0x26 }; 3119 3120 err = __hci_cmd_send(hdev, 0xfc0c, 1, param); 3121 if (err < 0) 3122 bt_dev_err(hdev, "%s: triggle crash failed (%d)", __func__, err); 3123 } 3124 3125 /* Return: 0 on success, negative errno on failure. */ 3126 static int handle_dump_pkt_qca(struct hci_dev *hdev, struct sk_buff *skb) 3127 { 3128 int ret = 0; 3129 unsigned int skip = 0; 3130 u8 pkt_type; 3131 u16 seqno; 3132 u32 dump_size; 3133 3134 struct qca_dump_hdr *dump_hdr; 3135 struct btusb_data *btdata = hci_get_drvdata(hdev); 3136 struct usb_device *udev = btdata->udev; 3137 3138 pkt_type = hci_skb_pkt_type(skb); 3139 skip = sizeof(struct hci_event_hdr); 3140 if (pkt_type == HCI_ACLDATA_PKT) 3141 skip += sizeof(struct hci_acl_hdr); 3142 3143 skb_pull(skb, skip); 3144 dump_hdr = (struct qca_dump_hdr *)skb->data; 3145 3146 seqno = le16_to_cpu(dump_hdr->seqno); 3147 if (seqno == 0) { 3148 set_bit(BTUSB_HW_SSR_ACTIVE, &btdata->flags); 3149 dump_size = le32_to_cpu(dump_hdr->ram_dump_size); 3150 if (!dump_size || (dump_size > QCA_MEMDUMP_SIZE_MAX)) { 3151 ret = -EILSEQ; 3152 bt_dev_err(hdev, "Invalid memdump size(%u)", 3153 dump_size); 3154 goto out; 3155 } 3156 3157 ret = hci_devcd_init(hdev, dump_size); 3158 if (ret < 0) { 3159 bt_dev_err(hdev, "memdump init error(%d)", ret); 3160 goto out; 3161 } 3162 3163 btdata->qca_dump.ram_dump_size = dump_size; 3164 btdata->qca_dump.ram_dump_seqno = 0; 3165 3166 skb_pull(skb, offsetof(struct qca_dump_hdr, data0)); 3167 3168 usb_disable_autosuspend(udev); 3169 bt_dev_info(hdev, "%s memdump size(%u)\n", 3170 (pkt_type == HCI_ACLDATA_PKT) ? "ACL" : "event", 3171 dump_size); 3172 } else { 3173 skb_pull(skb, offsetof(struct qca_dump_hdr, data)); 3174 } 3175 3176 if (!btdata->qca_dump.ram_dump_size) { 3177 ret = -EINVAL; 3178 bt_dev_err(hdev, "memdump is not active"); 3179 goto out; 3180 } 3181 3182 if ((seqno > btdata->qca_dump.ram_dump_seqno + 1) && (seqno != QCA_LAST_SEQUENCE_NUM)) { 3183 dump_size = QCA_MEMDUMP_PKT_SIZE * (seqno - btdata->qca_dump.ram_dump_seqno - 1); 3184 hci_devcd_append_pattern(hdev, 0x0, dump_size); 3185 bt_dev_err(hdev, 3186 "expected memdump seqno(%u) is not received(%u)\n", 3187 btdata->qca_dump.ram_dump_seqno, seqno); 3188 btdata->qca_dump.ram_dump_seqno = seqno; 3189 kfree_skb(skb); 3190 return ret; 3191 } 3192 3193 hci_devcd_append(hdev, skb); 3194 btdata->qca_dump.ram_dump_seqno++; 3195 if (seqno == QCA_LAST_SEQUENCE_NUM) { 3196 bt_dev_info(hdev, 3197 "memdump done: pkts(%u), total(%u)\n", 3198 btdata->qca_dump.ram_dump_seqno, btdata->qca_dump.ram_dump_size); 3199 3200 hci_devcd_complete(hdev); 3201 goto out; 3202 } 3203 return ret; 3204 3205 out: 3206 if (btdata->qca_dump.ram_dump_size) 3207 usb_enable_autosuspend(udev); 3208 btdata->qca_dump.ram_dump_size = 0; 3209 btdata->qca_dump.ram_dump_seqno = 0; 3210 clear_bit(BTUSB_HW_SSR_ACTIVE, &btdata->flags); 3211 3212 if (ret < 0) 3213 kfree_skb(skb); 3214 return ret; 3215 } 3216 3217 /* Return: true if the ACL packet is a dump packet, false otherwise. */ 3218 static bool acl_pkt_is_dump_qca(struct hci_dev *hdev, struct sk_buff *skb) 3219 { 3220 struct hci_event_hdr *event_hdr; 3221 struct hci_acl_hdr *acl_hdr; 3222 struct qca_dump_hdr *dump_hdr; 3223 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); 3224 bool is_dump = false; 3225 3226 if (!clone) 3227 return false; 3228 3229 acl_hdr = skb_pull_data(clone, sizeof(*acl_hdr)); 3230 if (!acl_hdr || (le16_to_cpu(acl_hdr->handle) != QCA_MEMDUMP_ACL_HANDLE)) 3231 goto out; 3232 3233 event_hdr = skb_pull_data(clone, sizeof(*event_hdr)); 3234 if (!event_hdr || (event_hdr->evt != HCI_VENDOR_PKT)) 3235 goto out; 3236 3237 dump_hdr = skb_pull_data(clone, sizeof(*dump_hdr)); 3238 if (!dump_hdr || (dump_hdr->vse_class != QCA_MEMDUMP_VSE_CLASS) || 3239 (dump_hdr->msg_type != QCA_MEMDUMP_MSG_TYPE)) 3240 goto out; 3241 3242 is_dump = true; 3243 out: 3244 consume_skb(clone); 3245 return is_dump; 3246 } 3247 3248 /* Return: true if the event packet is a dump packet, false otherwise. */ 3249 static bool evt_pkt_is_dump_qca(struct hci_dev *hdev, struct sk_buff *skb) 3250 { 3251 struct hci_event_hdr *event_hdr; 3252 struct qca_dump_hdr *dump_hdr; 3253 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); 3254 bool is_dump = false; 3255 3256 if (!clone) 3257 return false; 3258 3259 event_hdr = skb_pull_data(clone, sizeof(*event_hdr)); 3260 if (!event_hdr || (event_hdr->evt != HCI_VENDOR_PKT)) 3261 goto out; 3262 3263 dump_hdr = skb_pull_data(clone, sizeof(*dump_hdr)); 3264 if (!dump_hdr || (dump_hdr->vse_class != QCA_MEMDUMP_VSE_CLASS) || 3265 (dump_hdr->msg_type != QCA_MEMDUMP_MSG_TYPE)) 3266 goto out; 3267 3268 is_dump = true; 3269 out: 3270 consume_skb(clone); 3271 return is_dump; 3272 } 3273 3274 static int btusb_recv_acl_qca(struct hci_dev *hdev, struct sk_buff *skb) 3275 { 3276 if (acl_pkt_is_dump_qca(hdev, skb)) 3277 return handle_dump_pkt_qca(hdev, skb); 3278 return hci_recv_frame(hdev, skb); 3279 } 3280 3281 static int btusb_recv_evt_qca(struct hci_dev *hdev, struct sk_buff *skb) 3282 { 3283 if (evt_pkt_is_dump_qca(hdev, skb)) 3284 return handle_dump_pkt_qca(hdev, skb); 3285 return hci_recv_frame(hdev, skb); 3286 } 3287 3288 3289 #define QCA_DFU_PACKET_LEN 4096 3290 3291 #define QCA_GET_TARGET_VERSION 0x09 3292 #define QCA_CHECK_STATUS 0x05 3293 #define QCA_DFU_DOWNLOAD 0x01 3294 3295 #define QCA_SYSCFG_UPDATED 0x40 3296 #define QCA_PATCH_UPDATED 0x80 3297 #define QCA_DFU_TIMEOUT 3000 3298 #define QCA_FLAG_MULTI_NVM 0x80 3299 #define QCA_BT_RESET_WAIT_MS 100 3300 3301 #define WCN6855_2_0_RAM_VERSION_GF 0x400c1200 3302 #define WCN6855_2_1_RAM_VERSION_GF 0x400c1211 3303 3304 struct qca_version { 3305 __le32 rom_version; 3306 __le32 patch_version; 3307 __le32 ram_version; 3308 __u8 chip_id; 3309 __u8 platform_id; 3310 __le16 flag; 3311 __u8 reserved[4]; 3312 } __packed; 3313 3314 struct qca_rampatch_version { 3315 __le16 rom_version_high; 3316 __le16 rom_version_low; 3317 __le16 patch_version; 3318 } __packed; 3319 3320 struct qca_device_info { 3321 u32 rom_version; 3322 u8 rampatch_hdr; /* length of header in rampatch */ 3323 u8 nvm_hdr; /* length of header in NVM */ 3324 u8 ver_offset; /* offset of version structure in rampatch */ 3325 }; 3326 3327 struct qca_custom_firmware { 3328 u32 rom_version; 3329 u16 board_id; 3330 const char *subdirectory; 3331 }; 3332 3333 static const struct qca_device_info qca_devices_table[] = { 3334 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */ 3335 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */ 3336 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */ 3337 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */ 3338 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */ 3339 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */ 3340 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */ 3341 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */ 3342 { 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */ 3343 { 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */ 3344 }; 3345 3346 static const struct qca_custom_firmware qca_custom_btfws[] = { 3347 { 0x00130201, 0x030A, "QCA2066" }, 3348 { 0x00130201, 0x030B, "QCA2066" }, 3349 { }, 3350 }; 3351 3352 static u16 qca_extract_board_id(const struct qca_version *ver) 3353 { 3354 u16 flag = le16_to_cpu(ver->flag); 3355 u16 board_id = 0; 3356 3357 if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) { 3358 /* The board_id should be split into two bytes 3359 * The 1st byte is chip ID, and the 2nd byte is platform ID 3360 * For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID 3361 * we have several platforms, and platform IDs are continuously added 3362 * Platform ID: 3363 * 0x00 is for Mobile 3364 * 0x01 is for X86 3365 * 0x02 is for Automotive 3366 * 0x03 is for Consumer electronic 3367 */ 3368 board_id = (ver->chip_id << 8) + ver->platform_id; 3369 } 3370 3371 /* Take 0xffff as invalid board ID */ 3372 if (board_id == 0xffff) 3373 board_id = 0; 3374 3375 return board_id; 3376 } 3377 3378 static const char *qca_get_fw_subdirectory(const struct qca_version *ver) 3379 { 3380 const struct qca_custom_firmware *ptr; 3381 u32 rom_ver; 3382 u16 board_id; 3383 3384 rom_ver = le32_to_cpu(ver->rom_version); 3385 board_id = qca_extract_board_id(ver); 3386 if (!board_id) 3387 return NULL; 3388 3389 for (ptr = qca_custom_btfws; ptr->rom_version; ptr++) { 3390 if (ptr->rom_version == rom_ver && 3391 ptr->board_id == board_id) 3392 return ptr->subdirectory; 3393 } 3394 3395 return NULL; 3396 } 3397 3398 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 3399 void *data, u16 size) 3400 { 3401 int pipe, err; 3402 u8 *buf; 3403 3404 buf = kmalloc(size, GFP_KERNEL); 3405 if (!buf) 3406 return -ENOMEM; 3407 3408 /* Found some of USB hosts have IOT issues with ours so that we should 3409 * not wait until HCI layer is ready. 3410 */ 3411 pipe = usb_rcvctrlpipe(udev, 0); 3412 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 3413 0, 0, buf, size, USB_CTRL_GET_TIMEOUT); 3414 if (err < 0) { 3415 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 3416 goto done; 3417 } 3418 3419 memcpy(data, buf, size); 3420 3421 done: 3422 kfree(buf); 3423 3424 return err; 3425 } 3426 3427 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 3428 const struct firmware *firmware, 3429 size_t hdr_size) 3430 { 3431 struct btusb_data *btdata = hci_get_drvdata(hdev); 3432 struct usb_device *udev = btdata->udev; 3433 size_t count, size, sent = 0; 3434 int pipe, len, err; 3435 u8 *buf; 3436 3437 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 3438 if (!buf) 3439 return -ENOMEM; 3440 3441 count = firmware->size; 3442 3443 size = min_t(size_t, count, hdr_size); 3444 memcpy(buf, firmware->data, size); 3445 3446 /* USB patches should go down to controller through USB path 3447 * because binary format fits to go down through USB channel. 3448 * USB control path is for patching headers and USB bulk is for 3449 * patch body. 3450 */ 3451 pipe = usb_sndctrlpipe(udev, 0); 3452 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 3453 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3454 if (err < 0) { 3455 bt_dev_err(hdev, "Failed to send headers (%d)", err); 3456 goto done; 3457 } 3458 3459 sent += size; 3460 count -= size; 3461 3462 /* ep2 need time to switch from function acl to function dfu, 3463 * so we add 20ms delay here. 3464 */ 3465 msleep(20); 3466 3467 while (count) { 3468 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 3469 3470 memcpy(buf, firmware->data + sent, size); 3471 3472 pipe = usb_sndbulkpipe(udev, 0x02); 3473 err = usb_bulk_msg(udev, pipe, buf, size, &len, 3474 QCA_DFU_TIMEOUT); 3475 if (err < 0) { 3476 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 3477 sent, firmware->size, err); 3478 break; 3479 } 3480 3481 if (size != len) { 3482 bt_dev_err(hdev, "Failed to get bulk buffer"); 3483 err = -EILSEQ; 3484 break; 3485 } 3486 3487 sent += size; 3488 count -= size; 3489 } 3490 3491 done: 3492 kfree(buf); 3493 return err; 3494 } 3495 3496 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 3497 struct qca_version *ver, 3498 const struct qca_device_info *info) 3499 { 3500 struct qca_rampatch_version *rver; 3501 const struct firmware *fw; 3502 const char *fw_subdir; 3503 u32 ver_rom, ver_patch, rver_rom; 3504 u16 rver_rom_low, rver_rom_high, rver_patch; 3505 char fwname[80]; 3506 int err; 3507 3508 ver_rom = le32_to_cpu(ver->rom_version); 3509 ver_patch = le32_to_cpu(ver->patch_version); 3510 3511 fw_subdir = qca_get_fw_subdirectory(ver); 3512 if (fw_subdir) 3513 snprintf(fwname, sizeof(fwname), "qca/%s/rampatch_usb_%08x.bin", 3514 fw_subdir, ver_rom); 3515 else 3516 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", 3517 ver_rom); 3518 3519 err = request_firmware(&fw, fwname, &hdev->dev); 3520 if (err) { 3521 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 3522 fwname, err); 3523 return err; 3524 } 3525 3526 bt_dev_info(hdev, "using rampatch file: %s", fwname); 3527 3528 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 3529 rver_rom_low = le16_to_cpu(rver->rom_version_low); 3530 rver_patch = le16_to_cpu(rver->patch_version); 3531 3532 if (ver_rom & ~0xffffU) { 3533 rver_rom_high = le16_to_cpu(rver->rom_version_high); 3534 rver_rom = rver_rom_high << 16 | rver_rom_low; 3535 } else { 3536 rver_rom = rver_rom_low; 3537 } 3538 3539 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 3540 "firmware rome 0x%x build 0x%x", 3541 rver_rom, rver_patch, ver_rom, ver_patch); 3542 3543 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 3544 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 3545 err = -EINVAL; 3546 goto done; 3547 } 3548 3549 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 3550 3551 done: 3552 release_firmware(fw); 3553 3554 return err; 3555 } 3556 3557 static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, 3558 const struct qca_version *ver) 3559 { 3560 u32 rom_version = le32_to_cpu(ver->rom_version); 3561 const char *variant, *fw_subdir; 3562 int len; 3563 u16 board_id; 3564 3565 fw_subdir = qca_get_fw_subdirectory(ver); 3566 board_id = qca_extract_board_id(ver); 3567 3568 switch (le32_to_cpu(ver->ram_version)) { 3569 case WCN6855_2_0_RAM_VERSION_GF: 3570 case WCN6855_2_1_RAM_VERSION_GF: 3571 variant = "_gf"; 3572 break; 3573 default: 3574 variant = NULL; 3575 break; 3576 } 3577 3578 if (fw_subdir) 3579 len = snprintf(fwname, max_size, "qca/%s/nvm_usb_%08x", 3580 fw_subdir, rom_version); 3581 else 3582 len = snprintf(fwname, max_size, "qca/nvm_usb_%08x", 3583 rom_version); 3584 if (variant) 3585 len += snprintf(fwname + len, max_size - len, "%s", variant); 3586 if (board_id) 3587 len += snprintf(fwname + len, max_size - len, "_%04x", board_id); 3588 len += snprintf(fwname + len, max_size - len, ".bin"); 3589 } 3590 3591 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 3592 struct qca_version *ver, 3593 const struct qca_device_info *info) 3594 { 3595 const struct firmware *fw; 3596 char fwname[80]; 3597 int err; 3598 3599 btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); 3600 3601 err = request_firmware(&fw, fwname, &hdev->dev); 3602 if (err) { 3603 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 3604 fwname, err); 3605 return err; 3606 } 3607 3608 bt_dev_info(hdev, "using NVM file: %s", fwname); 3609 3610 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 3611 3612 release_firmware(fw); 3613 3614 return err; 3615 } 3616 3617 /* identify the ROM version and check whether patches are needed */ 3618 static bool btusb_qca_need_patch(struct usb_device *udev) 3619 { 3620 struct qca_version ver; 3621 3622 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3623 sizeof(ver)) < 0) 3624 return false; 3625 /* only low ROM versions need patches */ 3626 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 3627 } 3628 3629 static int btusb_setup_qca(struct hci_dev *hdev) 3630 { 3631 struct btusb_data *btdata = hci_get_drvdata(hdev); 3632 struct usb_device *udev = btdata->udev; 3633 const struct qca_device_info *info = NULL; 3634 struct qca_version ver; 3635 u32 ver_rom; 3636 u8 status; 3637 int i, err; 3638 3639 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3640 sizeof(ver)); 3641 if (err < 0) 3642 return err; 3643 3644 ver_rom = le32_to_cpu(ver.rom_version); 3645 3646 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 3647 if (ver_rom == qca_devices_table[i].rom_version) 3648 info = &qca_devices_table[i]; 3649 } 3650 if (!info) { 3651 /* If the rom_version is not matched in the qca_devices_table 3652 * and the high ROM version is not zero, we assume this chip no 3653 * need to load the rampatch and nvm. 3654 */ 3655 if (ver_rom & ~0xffffU) 3656 return 0; 3657 3658 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 3659 return -ENODEV; 3660 } 3661 3662 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 3663 sizeof(status)); 3664 if (err < 0) 3665 return err; 3666 3667 if (!(status & QCA_PATCH_UPDATED)) { 3668 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 3669 if (err < 0) 3670 return err; 3671 } 3672 3673 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3674 sizeof(ver)); 3675 if (err < 0) 3676 return err; 3677 3678 btdata->qca_dump.fw_version = le32_to_cpu(ver.patch_version); 3679 btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version); 3680 3681 if (!(status & QCA_SYSCFG_UPDATED)) { 3682 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 3683 if (err < 0) 3684 return err; 3685 3686 /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so 3687 * wait ~100ms for reset Done then go ahead, otherwise, it maybe 3688 * cause potential enable failure. 3689 */ 3690 if (info->rom_version >= 0x00130201) 3691 msleep(QCA_BT_RESET_WAIT_MS); 3692 } 3693 3694 /* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to 3695 * work with the likes of HSP/HFP mSBC. 3696 */ 3697 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN); 3698 3699 return 0; 3700 } 3701 3702 static inline int __set_diag_interface(struct hci_dev *hdev) 3703 { 3704 struct btusb_data *data = hci_get_drvdata(hdev); 3705 struct usb_interface *intf = data->diag; 3706 int ret; 3707 3708 if (!data->diag) 3709 return -ENODEV; 3710 3711 ret = usb_find_common_endpoints(intf->cur_altsetting, &data->diag_rx_ep, 3712 &data->diag_tx_ep, NULL, NULL); 3713 if (ret) { 3714 bt_dev_err(hdev, "invalid diagnostic descriptors"); 3715 return -ENODEV; 3716 } 3717 3718 return 0; 3719 } 3720 3721 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 3722 { 3723 struct btusb_data *data = hci_get_drvdata(hdev); 3724 struct sk_buff *skb; 3725 struct urb *urb; 3726 unsigned int pipe; 3727 3728 if (!data->diag_tx_ep) 3729 return ERR_PTR(-ENODEV); 3730 3731 urb = usb_alloc_urb(0, GFP_KERNEL); 3732 if (!urb) 3733 return ERR_PTR(-ENOMEM); 3734 3735 skb = bt_skb_alloc(2, GFP_KERNEL); 3736 if (!skb) { 3737 usb_free_urb(urb); 3738 return ERR_PTR(-ENOMEM); 3739 } 3740 3741 skb_put_u8(skb, 0xf0); 3742 skb_put_u8(skb, enable); 3743 3744 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 3745 3746 usb_fill_bulk_urb(urb, data->udev, pipe, 3747 skb->data, skb->len, btusb_tx_complete, skb); 3748 3749 skb->dev = (void *)hdev; 3750 3751 return urb; 3752 } 3753 3754 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 3755 { 3756 struct btusb_data *data = hci_get_drvdata(hdev); 3757 struct urb *urb; 3758 3759 if (!data->diag) 3760 return -ENODEV; 3761 3762 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3763 return -ENETDOWN; 3764 3765 urb = alloc_diag_urb(hdev, enable); 3766 if (IS_ERR(urb)) 3767 return PTR_ERR(urb); 3768 3769 return submit_or_queue_tx_urb(hdev, urb); 3770 } 3771 3772 #ifdef CONFIG_PM 3773 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 3774 { 3775 struct btusb_data *data = priv; 3776 3777 pm_wakeup_event(&data->udev->dev, 0); 3778 pm_system_wakeup(); 3779 3780 /* Disable only if not already disabled (keep it balanced) */ 3781 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3782 disable_irq_nosync(irq); 3783 disable_irq_wake(irq); 3784 } 3785 return IRQ_HANDLED; 3786 } 3787 3788 static const struct of_device_id btusb_match_table[] = { 3789 { .compatible = "usb1286,204e" }, 3790 { .compatible = "usbcf3,e300" }, /* QCA6174A */ 3791 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */ 3792 { } 3793 }; 3794 MODULE_DEVICE_TABLE(of, btusb_match_table); 3795 3796 /* Use an oob wakeup pin? */ 3797 static int btusb_config_oob_wake(struct hci_dev *hdev) 3798 { 3799 struct btusb_data *data = hci_get_drvdata(hdev); 3800 struct device *dev = &data->udev->dev; 3801 int irq, ret; 3802 3803 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3804 3805 if (!of_match_device(btusb_match_table, dev)) 3806 return 0; 3807 3808 /* Move on if no IRQ specified */ 3809 irq = of_irq_get_byname(dev->of_node, "wakeup"); 3810 if (irq <= 0) { 3811 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 3812 return 0; 3813 } 3814 3815 irq_set_status_flags(irq, IRQ_NOAUTOEN); 3816 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 3817 0, "OOB Wake-on-BT", data); 3818 if (ret) { 3819 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 3820 return ret; 3821 } 3822 3823 ret = device_init_wakeup(dev, true); 3824 if (ret) { 3825 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 3826 return ret; 3827 } 3828 3829 data->oob_wake_irq = irq; 3830 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 3831 return 0; 3832 } 3833 #endif 3834 3835 static void btusb_check_needs_reset_resume(struct usb_interface *intf) 3836 { 3837 if (dmi_check_system(btusb_needs_reset_resume_table)) 3838 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3839 } 3840 3841 static bool btusb_wakeup(struct hci_dev *hdev) 3842 { 3843 struct btusb_data *data = hci_get_drvdata(hdev); 3844 3845 return device_may_wakeup(&data->udev->dev); 3846 } 3847 3848 static int btusb_shutdown_qca(struct hci_dev *hdev) 3849 { 3850 struct sk_buff *skb; 3851 3852 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 3853 if (IS_ERR(skb)) { 3854 bt_dev_err(hdev, "HCI reset during shutdown failed"); 3855 return PTR_ERR(skb); 3856 } 3857 kfree_skb(skb); 3858 3859 return 0; 3860 } 3861 3862 static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf, 3863 size_t count, loff_t *ppos) 3864 { 3865 struct btusb_data *data = file->private_data; 3866 char buf[3]; 3867 3868 buf[0] = data->poll_sync ? 'Y' : 'N'; 3869 buf[1] = '\n'; 3870 buf[2] = '\0'; 3871 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 3872 } 3873 3874 static ssize_t force_poll_sync_write(struct file *file, 3875 const char __user *user_buf, 3876 size_t count, loff_t *ppos) 3877 { 3878 struct btusb_data *data = file->private_data; 3879 bool enable; 3880 int err; 3881 3882 err = kstrtobool_from_user(user_buf, count, &enable); 3883 if (err) 3884 return err; 3885 3886 /* Only allow changes while the adapter is down */ 3887 if (test_bit(HCI_UP, &data->hdev->flags)) 3888 return -EPERM; 3889 3890 if (data->poll_sync == enable) 3891 return -EALREADY; 3892 3893 data->poll_sync = enable; 3894 3895 return count; 3896 } 3897 3898 static const struct file_operations force_poll_sync_fops = { 3899 .owner = THIS_MODULE, 3900 .open = simple_open, 3901 .read = force_poll_sync_read, 3902 .write = force_poll_sync_write, 3903 .llseek = default_llseek, 3904 }; 3905 3906 #define BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS \ 3907 hci_opcode_pack(HCI_DRV_OGF_DRIVER_SPECIFIC, 0x0000) 3908 #define BTUSB_HCI_DRV_SUPPORTED_ALTSETTINGS_SIZE 0 3909 struct btusb_hci_drv_rp_supported_altsettings { 3910 __u8 num; 3911 __u8 altsettings[]; 3912 } __packed; 3913 3914 #define BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING \ 3915 hci_opcode_pack(HCI_DRV_OGF_DRIVER_SPECIFIC, 0x0001) 3916 #define BTUSB_HCI_DRV_SWITCH_ALTSETTING_SIZE 1 3917 struct btusb_hci_drv_cmd_switch_altsetting { 3918 __u8 altsetting; 3919 } __packed; 3920 3921 static const struct { 3922 u16 opcode; 3923 const char *desc; 3924 } btusb_hci_drv_supported_commands[] = { 3925 /* Common commands */ 3926 { HCI_DRV_OP_READ_INFO, "Read Info" }, 3927 3928 /* Driver specific commands */ 3929 { BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS, "Supported Altsettings" }, 3930 { BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING, "Switch Altsetting" }, 3931 }; 3932 static int btusb_hci_drv_read_info(struct hci_dev *hdev, void *data, 3933 u16 data_len) 3934 { 3935 struct hci_drv_rp_read_info *rp; 3936 size_t rp_size; 3937 int err, i; 3938 u16 opcode, num_supported_commands = 3939 ARRAY_SIZE(btusb_hci_drv_supported_commands); 3940 3941 rp_size = sizeof(*rp) + num_supported_commands * 2; 3942 3943 rp = kmalloc(rp_size, GFP_KERNEL); 3944 if (!rp) 3945 return -ENOMEM; 3946 3947 strscpy_pad(rp->driver_name, btusb_driver.name); 3948 3949 rp->num_supported_commands = cpu_to_le16(num_supported_commands); 3950 for (i = 0; i < num_supported_commands; i++) { 3951 opcode = btusb_hci_drv_supported_commands[i].opcode; 3952 bt_dev_info(hdev, 3953 "Supported HCI Drv command (0x%02x|0x%04x): %s", 3954 hci_opcode_ogf(opcode), 3955 hci_opcode_ocf(opcode), 3956 btusb_hci_drv_supported_commands[i].desc); 3957 rp->supported_commands[i] = cpu_to_le16(opcode); 3958 } 3959 3960 err = hci_drv_cmd_complete(hdev, HCI_DRV_OP_READ_INFO, 3961 HCI_DRV_STATUS_SUCCESS, rp, rp_size); 3962 3963 kfree(rp); 3964 return err; 3965 } 3966 3967 static int btusb_hci_drv_supported_altsettings(struct hci_dev *hdev, void *data, 3968 u16 data_len) 3969 { 3970 struct btusb_data *drvdata = hci_get_drvdata(hdev); 3971 struct btusb_hci_drv_rp_supported_altsettings *rp; 3972 size_t rp_size; 3973 int err; 3974 u8 i; 3975 3976 /* There are at most 7 alt (0 - 6) */ 3977 rp = kmalloc(sizeof(*rp) + 7, GFP_KERNEL); 3978 if (!rp) 3979 return -ENOMEM; 3980 3981 rp->num = 0; 3982 if (!drvdata->isoc) 3983 goto done; 3984 3985 for (i = 0; i <= 6; i++) { 3986 if (btusb_find_altsetting(drvdata, i)) 3987 rp->altsettings[rp->num++] = i; 3988 } 3989 3990 done: 3991 rp_size = sizeof(*rp) + rp->num; 3992 3993 err = hci_drv_cmd_complete(hdev, BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS, 3994 HCI_DRV_STATUS_SUCCESS, rp, rp_size); 3995 kfree(rp); 3996 return err; 3997 } 3998 3999 static int btusb_hci_drv_switch_altsetting(struct hci_dev *hdev, void *data, 4000 u16 data_len) 4001 { 4002 struct btusb_hci_drv_cmd_switch_altsetting *cmd = data; 4003 u8 status; 4004 4005 if (cmd->altsetting > 6) { 4006 status = HCI_DRV_STATUS_INVALID_PARAMETERS; 4007 } else { 4008 if (btusb_switch_alt_setting(hdev, cmd->altsetting)) 4009 status = HCI_DRV_STATUS_UNSPECIFIED_ERROR; 4010 else 4011 status = HCI_DRV_STATUS_SUCCESS; 4012 } 4013 4014 return hci_drv_cmd_status(hdev, BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING, 4015 status); 4016 } 4017 4018 static const struct hci_drv_handler btusb_hci_drv_common_handlers[] = { 4019 { btusb_hci_drv_read_info, HCI_DRV_READ_INFO_SIZE }, 4020 }; 4021 4022 static const struct hci_drv_handler btusb_hci_drv_specific_handlers[] = { 4023 { btusb_hci_drv_supported_altsettings, 4024 BTUSB_HCI_DRV_SUPPORTED_ALTSETTINGS_SIZE }, 4025 { btusb_hci_drv_switch_altsetting, 4026 BTUSB_HCI_DRV_SWITCH_ALTSETTING_SIZE }, 4027 }; 4028 4029 static struct hci_drv btusb_hci_drv = { 4030 .common_handler_count = ARRAY_SIZE(btusb_hci_drv_common_handlers), 4031 .common_handlers = btusb_hci_drv_common_handlers, 4032 .specific_handler_count = ARRAY_SIZE(btusb_hci_drv_specific_handlers), 4033 .specific_handlers = btusb_hci_drv_specific_handlers, 4034 }; 4035 4036 static int btusb_probe(struct usb_interface *intf, 4037 const struct usb_device_id *id) 4038 { 4039 struct gpio_desc *reset_gpio; 4040 struct btusb_data *data; 4041 struct hci_dev *hdev; 4042 unsigned ifnum_base; 4043 int err, priv_size; 4044 4045 BT_DBG("intf %p id %p", intf, id); 4046 4047 if ((id->driver_info & BTUSB_IFNUM_2) && 4048 (intf->cur_altsetting->desc.bInterfaceNumber != 0) && 4049 (intf->cur_altsetting->desc.bInterfaceNumber != 2)) 4050 return -ENODEV; 4051 4052 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 4053 4054 if (!id->driver_info) { 4055 const struct usb_device_id *match; 4056 4057 match = usb_match_id(intf, quirks_table); 4058 if (match) 4059 id = match; 4060 } 4061 4062 if (id->driver_info == BTUSB_IGNORE) 4063 return -ENODEV; 4064 4065 if (id->driver_info & BTUSB_ATH3012) { 4066 struct usb_device *udev = interface_to_usbdev(intf); 4067 4068 /* Old firmware would otherwise let ath3k driver load 4069 * patch and sysconfig files 4070 */ 4071 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 4072 !btusb_qca_need_patch(udev)) 4073 return -ENODEV; 4074 } 4075 4076 data = kzalloc_obj(*data); 4077 if (!data) 4078 return -ENOMEM; 4079 4080 err = usb_find_common_endpoints(intf->cur_altsetting, &data->bulk_rx_ep, 4081 &data->bulk_tx_ep, &data->intr_ep, NULL); 4082 if (err) { 4083 kfree(data); 4084 return -ENODEV; 4085 } 4086 4087 if (id->driver_info & BTUSB_AMP) { 4088 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 4089 data->cmdreq = 0x2b; 4090 } else { 4091 data->cmdreq_type = USB_TYPE_CLASS; 4092 data->cmdreq = 0x00; 4093 } 4094 4095 data->udev = interface_to_usbdev(intf); 4096 data->intf = intf; 4097 4098 INIT_WORK(&data->work, btusb_work); 4099 INIT_WORK(&data->waker, btusb_waker); 4100 INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work); 4101 4102 skb_queue_head_init(&data->acl_q); 4103 4104 init_usb_anchor(&data->deferred); 4105 init_usb_anchor(&data->tx_anchor); 4106 spin_lock_init(&data->txlock); 4107 4108 init_usb_anchor(&data->intr_anchor); 4109 init_usb_anchor(&data->bulk_anchor); 4110 init_usb_anchor(&data->isoc_anchor); 4111 init_usb_anchor(&data->diag_anchor); 4112 init_usb_anchor(&data->ctrl_anchor); 4113 spin_lock_init(&data->rxlock); 4114 4115 priv_size = 0; 4116 4117 data->recv_event = hci_recv_frame; 4118 data->recv_bulk = btusb_recv_bulk; 4119 4120 if (id->driver_info & BTUSB_INTEL_COMBINED) { 4121 /* Allocate extra space for Intel device */ 4122 priv_size += sizeof(struct btintel_data); 4123 4124 /* Override the rx handlers */ 4125 data->recv_event = btintel_recv_event; 4126 data->recv_bulk = btusb_recv_bulk_intel; 4127 } else if (id->driver_info & BTUSB_REALTEK) { 4128 /* Allocate extra space for Realtek device */ 4129 priv_size += sizeof(struct btrealtek_data); 4130 4131 data->recv_event = btusb_recv_event_realtek; 4132 } else if (id->driver_info & BTUSB_MEDIATEK) { 4133 /* Allocate extra space for Mediatek device */ 4134 priv_size += sizeof(struct btmtk_data); 4135 } 4136 4137 data->recv_acl = hci_recv_frame; 4138 4139 hdev = hci_alloc_dev_priv(priv_size); 4140 if (!hdev) { 4141 kfree(data); 4142 return -ENOMEM; 4143 } 4144 4145 hdev->bus = HCI_USB; 4146 hci_set_drvdata(hdev, data); 4147 4148 data->hdev = hdev; 4149 4150 SET_HCIDEV_DEV(hdev, &intf->dev); 4151 4152 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset", 4153 GPIOD_OUT_LOW); 4154 if (IS_ERR(reset_gpio)) { 4155 err = PTR_ERR(reset_gpio); 4156 goto out_free_dev; 4157 } else if (reset_gpio) { 4158 data->reset_gpio = reset_gpio; 4159 } 4160 4161 hdev->open = btusb_open; 4162 hdev->close = btusb_close; 4163 hdev->flush = btusb_flush; 4164 hdev->send = btusb_send_frame; 4165 hdev->notify = btusb_notify; 4166 hdev->wakeup = btusb_wakeup; 4167 hdev->hci_drv = &btusb_hci_drv; 4168 4169 #ifdef CONFIG_PM 4170 err = btusb_config_oob_wake(hdev); 4171 if (err) 4172 goto out_free_dev; 4173 4174 /* Marvell devices may need a specific chip configuration */ 4175 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 4176 err = marvell_config_oob_wake(hdev); 4177 if (err) 4178 goto out_free_dev; 4179 } 4180 #endif 4181 if (id->driver_info & BTUSB_CW6622) 4182 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 4183 4184 if (id->driver_info & BTUSB_BCM2045) 4185 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 4186 4187 if (id->driver_info & BTUSB_BCM92035) 4188 hdev->setup = btusb_setup_bcm92035; 4189 4190 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4191 (id->driver_info & BTUSB_BCM_PATCHRAM)) { 4192 hdev->manufacturer = 15; 4193 hdev->setup = btbcm_setup_patchram; 4194 hdev->set_diag = btusb_bcm_set_diag; 4195 hdev->set_bdaddr = btbcm_set_bdaddr; 4196 4197 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4198 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4199 } 4200 4201 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4202 (id->driver_info & BTUSB_BCM_APPLE)) { 4203 hdev->manufacturer = 15; 4204 hdev->setup = btbcm_setup_apple; 4205 hdev->set_diag = btusb_bcm_set_diag; 4206 4207 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4208 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4209 } 4210 4211 /* Combined Intel Device setup to support multiple setup routine */ 4212 if (id->driver_info & BTUSB_INTEL_COMBINED) { 4213 err = btintel_configure_setup(hdev, btusb_driver.name); 4214 if (err) 4215 goto out_free_dev; 4216 4217 /* Transport specific configuration */ 4218 hdev->send = btusb_send_frame_intel; 4219 hdev->reset = btusb_intel_reset; 4220 4221 if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT) 4222 btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT); 4223 4224 if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD) 4225 btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD); 4226 4227 if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED) 4228 btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED); 4229 } 4230 4231 if (id->driver_info & BTUSB_MARVELL) 4232 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 4233 4234 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) && 4235 (id->driver_info & BTUSB_MEDIATEK)) { 4236 hdev->setup = btusb_mtk_setup; 4237 hdev->shutdown = btusb_mtk_shutdown; 4238 hdev->manufacturer = 70; 4239 hdev->reset = btmtk_reset_sync; 4240 hdev->set_bdaddr = btmtk_set_bdaddr; 4241 hdev->send = btusb_send_frame_mtk; 4242 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN); 4243 hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP); 4244 data->recv_acl = btmtk_usb_recv_acl; 4245 data->suspend = btmtk_usb_suspend; 4246 data->resume = btmtk_usb_resume; 4247 data->disconnect = btusb_mtk_disconnect; 4248 } 4249 4250 if (id->driver_info & BTUSB_SWAVE) { 4251 hci_set_quirk(hdev, HCI_QUIRK_FIXUP_INQUIRY_MODE); 4252 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LOCAL_COMMANDS); 4253 } 4254 4255 if (id->driver_info & BTUSB_INTEL_BOOT) { 4256 hdev->manufacturer = 2; 4257 hci_set_quirk(hdev, HCI_QUIRK_RAW_DEVICE); 4258 } 4259 4260 if (id->driver_info & BTUSB_ATH3012) { 4261 data->setup_on_usb = btusb_setup_qca; 4262 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4263 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4264 hci_set_quirk(hdev, HCI_QUIRK_STRICT_DUPLICATE_FILTER); 4265 } 4266 4267 if (id->driver_info & BTUSB_QCA_ROME) { 4268 data->setup_on_usb = btusb_setup_qca; 4269 hdev->shutdown = btusb_shutdown_qca; 4270 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4271 hdev->reset = btusb_qca_reset; 4272 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4273 btusb_check_needs_reset_resume(intf); 4274 } 4275 4276 if (id->driver_info & BTUSB_QCA_WCN6855) { 4277 data->qca_dump.id_vendor = id->idVendor; 4278 data->qca_dump.id_product = id->idProduct; 4279 data->recv_event = btusb_recv_evt_qca; 4280 data->recv_acl = btusb_recv_acl_qca; 4281 hci_devcd_register(hdev, btusb_coredump_qca, btusb_dump_hdr_qca, NULL); 4282 data->setup_on_usb = btusb_setup_qca; 4283 hdev->classify_pkt_type = btusb_classify_qca_pkt_type; 4284 hdev->shutdown = btusb_shutdown_qca; 4285 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855; 4286 hdev->reset = btusb_qca_reset; 4287 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4288 hci_set_msft_opcode(hdev, 0xFD70); 4289 } 4290 4291 if (id->driver_info & BTUSB_AMP) { 4292 /* AMP controllers do not support SCO packets */ 4293 data->isoc = NULL; 4294 } else { 4295 /* Interface orders are hardcoded in the specification */ 4296 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 4297 data->isoc_ifnum = ifnum_base + 1; 4298 } 4299 4300 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && 4301 (id->driver_info & BTUSB_REALTEK)) { 4302 btrtl_set_driver_name(hdev, btusb_driver.name); 4303 hdev->setup = btusb_setup_realtek; 4304 hdev->shutdown = btrtl_shutdown_realtek; 4305 hdev->reset = btusb_rtl_reset; 4306 hdev->hw_error = btusb_rtl_hw_error; 4307 4308 /* Realtek devices need to set remote wakeup on auto-suspend */ 4309 set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags); 4310 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags); 4311 } 4312 4313 if (id->driver_info & BTUSB_ACTIONS_SEMI) { 4314 /* Support is advertised, but not implemented */ 4315 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ERR_DATA_REPORTING); 4316 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER); 4317 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT); 4318 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_EXT_SCAN); 4319 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE); 4320 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_EXT_CREATE_CONN); 4321 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_WRITE_AUTH_PAYLOAD_TIMEOUT); 4322 } 4323 4324 if (!reset) 4325 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4326 4327 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 4328 if (!disable_scofix) 4329 hci_set_quirk(hdev, HCI_QUIRK_FIXUP_BUFFER_SIZE); 4330 } 4331 4332 if (id->driver_info & BTUSB_BROKEN_ISOC) 4333 data->isoc = NULL; 4334 4335 if (id->driver_info & BTUSB_WIDEBAND_SPEECH) 4336 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 4337 4338 if (id->driver_info & BTUSB_INVALID_LE_STATES) 4339 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LE_STATES); 4340 4341 if (id->driver_info & BTUSB_DIGIANSWER) { 4342 data->cmdreq_type = USB_TYPE_VENDOR; 4343 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4344 } 4345 4346 if (id->driver_info & BTUSB_CSR) { 4347 struct usb_device *udev = data->udev; 4348 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 4349 4350 /* Old firmware would otherwise execute USB reset */ 4351 if (bcdDevice < 0x117) 4352 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4353 4354 /* This must be set first in case we disable it for fakes */ 4355 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4356 4357 /* Fake CSR devices with broken commands */ 4358 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && 4359 le16_to_cpu(udev->descriptor.idProduct) == 0x0001) 4360 hdev->setup = btusb_setup_csr; 4361 } 4362 4363 if (id->driver_info & BTUSB_SNIFFER) { 4364 struct usb_device *udev = data->udev; 4365 4366 /* New sniffer firmware has crippled HCI interface */ 4367 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 4368 hci_set_quirk(hdev, HCI_QUIRK_RAW_DEVICE); 4369 } 4370 4371 if (id->driver_info & BTUSB_INTEL_BOOT) { 4372 /* A bug in the bootloader causes that interrupt interface is 4373 * only enabled after receiving SetInterface(0, AltSetting=0). 4374 */ 4375 err = usb_set_interface(data->udev, 0, 0); 4376 if (err < 0) { 4377 BT_ERR("failed to set interface 0, alt 0 %d", err); 4378 goto out_free_dev; 4379 } 4380 } 4381 4382 if (data->isoc) { 4383 err = usb_driver_claim_interface(&btusb_driver, 4384 data->isoc, data); 4385 if (err < 0) 4386 goto out_free_dev; 4387 } 4388 4389 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) { 4390 if (!usb_driver_claim_interface(&btusb_driver, 4391 data->diag, data)) 4392 __set_diag_interface(hdev); 4393 else 4394 data->diag = NULL; 4395 } 4396 4397 if (enable_autosuspend) 4398 usb_enable_autosuspend(data->udev); 4399 4400 data->poll_sync = enable_poll_sync; 4401 4402 err = hci_register_dev(hdev); 4403 if (err < 0) 4404 goto out_free_dev; 4405 4406 usb_set_intfdata(intf, data); 4407 4408 debugfs_create_file("force_poll_sync", 0644, hdev->debugfs, data, 4409 &force_poll_sync_fops); 4410 4411 return 0; 4412 4413 out_free_dev: 4414 if (data->reset_gpio) 4415 gpiod_put(data->reset_gpio); 4416 hci_free_dev(hdev); 4417 kfree(data); 4418 return err; 4419 } 4420 4421 static void btusb_disconnect(struct usb_interface *intf) 4422 { 4423 struct btusb_data *data = usb_get_intfdata(intf); 4424 struct hci_dev *hdev; 4425 4426 BT_DBG("intf %p", intf); 4427 4428 if (!data) 4429 return; 4430 4431 hdev = data->hdev; 4432 usb_set_intfdata(data->intf, NULL); 4433 4434 if (data->isoc) 4435 usb_set_intfdata(data->isoc, NULL); 4436 4437 if (data->diag) 4438 usb_set_intfdata(data->diag, NULL); 4439 4440 if (data->disconnect) 4441 data->disconnect(hdev); 4442 4443 hci_unregister_dev(hdev); 4444 4445 if (data->oob_wake_irq) 4446 device_init_wakeup(&data->udev->dev, false); 4447 if (data->reset_gpio) 4448 gpiod_put(data->reset_gpio); 4449 4450 if (intf == data->intf) { 4451 if (data->isoc) 4452 usb_driver_release_interface(&btusb_driver, data->isoc); 4453 if (data->diag) 4454 usb_driver_release_interface(&btusb_driver, data->diag); 4455 } else if (intf == data->isoc) { 4456 if (data->diag) 4457 usb_driver_release_interface(&btusb_driver, data->diag); 4458 usb_driver_release_interface(&btusb_driver, data->intf); 4459 } else if (intf == data->diag) { 4460 if (data->isoc) 4461 usb_driver_release_interface(&btusb_driver, data->isoc); 4462 usb_driver_release_interface(&btusb_driver, data->intf); 4463 } 4464 4465 hci_free_dev(hdev); 4466 kfree(data); 4467 } 4468 4469 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 4470 { 4471 struct btusb_data *data = usb_get_intfdata(intf); 4472 4473 BT_DBG("intf %p", intf); 4474 4475 /* Don't auto-suspend if there are connections or discovery in 4476 * progress; external suspend calls shall never fail. 4477 */ 4478 if (PMSG_IS_AUTO(message) && 4479 (hci_conn_count(data->hdev) || hci_discovery_active(data->hdev))) 4480 return -EBUSY; 4481 4482 if (data->suspend_count++) 4483 return 0; 4484 4485 spin_lock_irq(&data->txlock); 4486 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 4487 set_bit(BTUSB_SUSPENDING, &data->flags); 4488 spin_unlock_irq(&data->txlock); 4489 } else { 4490 spin_unlock_irq(&data->txlock); 4491 data->suspend_count--; 4492 return -EBUSY; 4493 } 4494 4495 cancel_work_sync(&data->work); 4496 4497 if (data->suspend) 4498 data->suspend(data->hdev); 4499 4500 btusb_stop_traffic(data); 4501 usb_kill_anchored_urbs(&data->tx_anchor); 4502 4503 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 4504 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 4505 enable_irq_wake(data->oob_wake_irq); 4506 enable_irq(data->oob_wake_irq); 4507 } 4508 4509 /* For global suspend, Realtek devices lose the loaded fw 4510 * in them. But for autosuspend, firmware should remain. 4511 * Actually, it depends on whether the usb host sends 4512 * set feature (enable wakeup) or not. 4513 */ 4514 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) { 4515 if (PMSG_IS_AUTO(message) && 4516 device_can_wakeup(&data->udev->dev)) 4517 data->udev->do_remote_wakeup = 1; 4518 else if (!PMSG_IS_AUTO(message) && 4519 !device_may_wakeup(&data->udev->dev)) { 4520 data->udev->do_remote_wakeup = 0; 4521 data->udev->reset_resume = 1; 4522 } 4523 } 4524 4525 return 0; 4526 } 4527 4528 static void play_deferred(struct btusb_data *data) 4529 { 4530 struct urb *urb; 4531 int err; 4532 4533 while ((urb = usb_get_from_anchor(&data->deferred))) { 4534 usb_anchor_urb(urb, &data->tx_anchor); 4535 4536 err = usb_submit_urb(urb, GFP_ATOMIC); 4537 if (err < 0) { 4538 if (err != -EPERM && err != -ENODEV) 4539 BT_ERR("%s urb %p submission failed (%d)", 4540 data->hdev->name, urb, -err); 4541 kfree(urb->setup_packet); 4542 usb_unanchor_urb(urb); 4543 usb_free_urb(urb); 4544 break; 4545 } 4546 4547 data->tx_in_flight++; 4548 usb_free_urb(urb); 4549 } 4550 4551 /* Cleanup the rest deferred urbs. */ 4552 while ((urb = usb_get_from_anchor(&data->deferred))) { 4553 kfree(urb->setup_packet); 4554 usb_free_urb(urb); 4555 } 4556 } 4557 4558 static int btusb_resume(struct usb_interface *intf) 4559 { 4560 struct btusb_data *data = usb_get_intfdata(intf); 4561 struct hci_dev *hdev = data->hdev; 4562 int err = 0; 4563 4564 BT_DBG("intf %p", intf); 4565 4566 if (--data->suspend_count) 4567 return 0; 4568 4569 /* Disable only if not already disabled (keep it balanced) */ 4570 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 4571 disable_irq(data->oob_wake_irq); 4572 disable_irq_wake(data->oob_wake_irq); 4573 } 4574 4575 if (!test_bit(HCI_RUNNING, &hdev->flags)) 4576 goto done; 4577 4578 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 4579 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 4580 if (err < 0) { 4581 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 4582 goto failed; 4583 } 4584 } 4585 4586 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 4587 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 4588 if (err < 0) { 4589 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 4590 goto failed; 4591 } 4592 4593 btusb_submit_bulk_urb(hdev, GFP_NOIO); 4594 } 4595 4596 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 4597 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 4598 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 4599 else 4600 btusb_submit_isoc_urb(hdev, GFP_NOIO); 4601 } 4602 4603 if (data->resume) 4604 data->resume(hdev); 4605 4606 spin_lock_irq(&data->txlock); 4607 play_deferred(data); 4608 clear_bit(BTUSB_SUSPENDING, &data->flags); 4609 spin_unlock_irq(&data->txlock); 4610 schedule_work(&data->work); 4611 4612 return 0; 4613 4614 failed: 4615 usb_scuttle_anchored_urbs(&data->deferred); 4616 done: 4617 spin_lock_irq(&data->txlock); 4618 clear_bit(BTUSB_SUSPENDING, &data->flags); 4619 spin_unlock_irq(&data->txlock); 4620 4621 return err; 4622 } 4623 4624 #ifdef CONFIG_DEV_COREDUMP 4625 static void btusb_coredump(struct device *dev) 4626 { 4627 struct btusb_data *data = dev_get_drvdata(dev); 4628 struct hci_dev *hdev = data->hdev; 4629 4630 if (hdev->dump.coredump) 4631 hdev->dump.coredump(hdev); 4632 } 4633 #endif 4634 4635 static struct usb_driver btusb_driver = { 4636 .name = "btusb", 4637 .probe = btusb_probe, 4638 .disconnect = btusb_disconnect, 4639 .suspend = pm_ptr(btusb_suspend), 4640 .resume = pm_ptr(btusb_resume), 4641 .id_table = btusb_table, 4642 .supports_autosuspend = 1, 4643 .disable_hub_initiated_lpm = 1, 4644 4645 #ifdef CONFIG_DEV_COREDUMP 4646 .driver = { 4647 .coredump = btusb_coredump, 4648 }, 4649 #endif 4650 }; 4651 4652 module_usb_driver(btusb_driver); 4653 4654 module_param(disable_scofix, bool, 0644); 4655 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 4656 4657 module_param(force_scofix, bool, 0644); 4658 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 4659 4660 module_param(enable_autosuspend, bool, 0644); 4661 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 4662 4663 module_param(reset, bool, 0644); 4664 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 4665 4666 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4667 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 4668 MODULE_VERSION(VERSION); 4669 MODULE_LICENSE("GPL"); 4670