1 /* 2 * 3 * AVM BlueFRITZ! USB driver 4 * 5 * Copyright (C) 2003-2006 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 26 #include <linux/kernel.h> 27 #include <linux/init.h> 28 #include <linux/slab.h> 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/skbuff.h> 32 33 #include <linux/device.h> 34 #include <linux/firmware.h> 35 36 #include <linux/usb.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 41 #define VERSION "1.2" 42 43 static struct usb_driver bfusb_driver; 44 45 static struct usb_device_id bfusb_table[] = { 46 /* AVM BlueFRITZ! USB */ 47 { USB_DEVICE(0x057c, 0x2200) }, 48 49 { } /* Terminating entry */ 50 }; 51 52 MODULE_DEVICE_TABLE(usb, bfusb_table); 53 54 #define BFUSB_MAX_BLOCK_SIZE 256 55 56 #define BFUSB_BLOCK_TIMEOUT 3000 57 58 #define BFUSB_TX_PROCESS 1 59 #define BFUSB_TX_WAKEUP 2 60 61 #define BFUSB_MAX_BULK_TX 2 62 #define BFUSB_MAX_BULK_RX 2 63 64 struct bfusb_data { 65 struct hci_dev *hdev; 66 67 unsigned long state; 68 69 struct usb_device *udev; 70 71 unsigned int bulk_in_ep; 72 unsigned int bulk_out_ep; 73 unsigned int bulk_pkt_size; 74 75 rwlock_t lock; 76 77 struct sk_buff_head transmit_q; 78 79 struct sk_buff *reassembly; 80 81 atomic_t pending_tx; 82 struct sk_buff_head pending_q; 83 struct sk_buff_head completed_q; 84 }; 85 86 struct bfusb_data_scb { 87 struct urb *urb; 88 }; 89 90 static void bfusb_tx_complete(struct urb *urb); 91 static void bfusb_rx_complete(struct urb *urb); 92 93 static struct urb *bfusb_get_completed(struct bfusb_data *data) 94 { 95 struct sk_buff *skb; 96 struct urb *urb = NULL; 97 98 BT_DBG("bfusb %p", data); 99 100 skb = skb_dequeue(&data->completed_q); 101 if (skb) { 102 urb = ((struct bfusb_data_scb *) skb->cb)->urb; 103 kfree_skb(skb); 104 } 105 106 return urb; 107 } 108 109 static void bfusb_unlink_urbs(struct bfusb_data *data) 110 { 111 struct sk_buff *skb; 112 struct urb *urb; 113 114 BT_DBG("bfusb %p", data); 115 116 while ((skb = skb_dequeue(&data->pending_q))) { 117 urb = ((struct bfusb_data_scb *) skb->cb)->urb; 118 usb_kill_urb(urb); 119 skb_queue_tail(&data->completed_q, skb); 120 } 121 122 while ((urb = bfusb_get_completed(data))) 123 usb_free_urb(urb); 124 } 125 126 static int bfusb_send_bulk(struct bfusb_data *data, struct sk_buff *skb) 127 { 128 struct bfusb_data_scb *scb = (void *) skb->cb; 129 struct urb *urb = bfusb_get_completed(data); 130 int err, pipe; 131 132 BT_DBG("bfusb %p skb %p len %d", data, skb, skb->len); 133 134 if (!urb && !(urb = usb_alloc_urb(0, GFP_ATOMIC))) 135 return -ENOMEM; 136 137 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep); 138 139 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, skb->len, 140 bfusb_tx_complete, skb); 141 142 scb->urb = urb; 143 144 skb_queue_tail(&data->pending_q, skb); 145 146 err = usb_submit_urb(urb, GFP_ATOMIC); 147 if (err) { 148 BT_ERR("%s bulk tx submit failed urb %p err %d", 149 data->hdev->name, urb, err); 150 skb_unlink(skb, &data->pending_q); 151 usb_free_urb(urb); 152 } else 153 atomic_inc(&data->pending_tx); 154 155 return err; 156 } 157 158 static void bfusb_tx_wakeup(struct bfusb_data *data) 159 { 160 struct sk_buff *skb; 161 162 BT_DBG("bfusb %p", data); 163 164 if (test_and_set_bit(BFUSB_TX_PROCESS, &data->state)) { 165 set_bit(BFUSB_TX_WAKEUP, &data->state); 166 return; 167 } 168 169 do { 170 clear_bit(BFUSB_TX_WAKEUP, &data->state); 171 172 while ((atomic_read(&data->pending_tx) < BFUSB_MAX_BULK_TX) && 173 (skb = skb_dequeue(&data->transmit_q))) { 174 if (bfusb_send_bulk(data, skb) < 0) { 175 skb_queue_head(&data->transmit_q, skb); 176 break; 177 } 178 } 179 180 } while (test_bit(BFUSB_TX_WAKEUP, &data->state)); 181 182 clear_bit(BFUSB_TX_PROCESS, &data->state); 183 } 184 185 static void bfusb_tx_complete(struct urb *urb) 186 { 187 struct sk_buff *skb = (struct sk_buff *) urb->context; 188 struct bfusb_data *data = (struct bfusb_data *) skb->dev; 189 190 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len); 191 192 atomic_dec(&data->pending_tx); 193 194 if (!test_bit(HCI_RUNNING, &data->hdev->flags)) 195 return; 196 197 if (!urb->status) 198 data->hdev->stat.byte_tx += skb->len; 199 else 200 data->hdev->stat.err_tx++; 201 202 read_lock(&data->lock); 203 204 skb_unlink(skb, &data->pending_q); 205 skb_queue_tail(&data->completed_q, skb); 206 207 bfusb_tx_wakeup(data); 208 209 read_unlock(&data->lock); 210 } 211 212 213 static int bfusb_rx_submit(struct bfusb_data *data, struct urb *urb) 214 { 215 struct bfusb_data_scb *scb; 216 struct sk_buff *skb; 217 int err, pipe, size = HCI_MAX_FRAME_SIZE + 32; 218 219 BT_DBG("bfusb %p urb %p", data, urb); 220 221 if (!urb && !(urb = usb_alloc_urb(0, GFP_ATOMIC))) 222 return -ENOMEM; 223 224 skb = bt_skb_alloc(size, GFP_ATOMIC); 225 if (!skb) { 226 usb_free_urb(urb); 227 return -ENOMEM; 228 } 229 230 skb->dev = (void *) data; 231 232 scb = (struct bfusb_data_scb *) skb->cb; 233 scb->urb = urb; 234 235 pipe = usb_rcvbulkpipe(data->udev, data->bulk_in_ep); 236 237 usb_fill_bulk_urb(urb, data->udev, pipe, skb->data, size, 238 bfusb_rx_complete, skb); 239 240 skb_queue_tail(&data->pending_q, skb); 241 242 err = usb_submit_urb(urb, GFP_ATOMIC); 243 if (err) { 244 BT_ERR("%s bulk rx submit failed urb %p err %d", 245 data->hdev->name, urb, err); 246 skb_unlink(skb, &data->pending_q); 247 kfree_skb(skb); 248 usb_free_urb(urb); 249 } 250 251 return err; 252 } 253 254 static inline int bfusb_recv_block(struct bfusb_data *data, int hdr, unsigned char *buf, int len) 255 { 256 BT_DBG("bfusb %p hdr 0x%02x data %p len %d", data, hdr, buf, len); 257 258 if (hdr & 0x10) { 259 BT_ERR("%s error in block", data->hdev->name); 260 kfree_skb(data->reassembly); 261 data->reassembly = NULL; 262 return -EIO; 263 } 264 265 if (hdr & 0x04) { 266 struct sk_buff *skb; 267 unsigned char pkt_type; 268 int pkt_len = 0; 269 270 if (data->reassembly) { 271 BT_ERR("%s unexpected start block", data->hdev->name); 272 kfree_skb(data->reassembly); 273 data->reassembly = NULL; 274 } 275 276 if (len < 1) { 277 BT_ERR("%s no packet type found", data->hdev->name); 278 return -EPROTO; 279 } 280 281 pkt_type = *buf++; len--; 282 283 switch (pkt_type) { 284 case HCI_EVENT_PKT: 285 if (len >= HCI_EVENT_HDR_SIZE) { 286 struct hci_event_hdr *hdr = (struct hci_event_hdr *) buf; 287 pkt_len = HCI_EVENT_HDR_SIZE + hdr->plen; 288 } else { 289 BT_ERR("%s event block is too short", data->hdev->name); 290 return -EILSEQ; 291 } 292 break; 293 294 case HCI_ACLDATA_PKT: 295 if (len >= HCI_ACL_HDR_SIZE) { 296 struct hci_acl_hdr *hdr = (struct hci_acl_hdr *) buf; 297 pkt_len = HCI_ACL_HDR_SIZE + __le16_to_cpu(hdr->dlen); 298 } else { 299 BT_ERR("%s data block is too short", data->hdev->name); 300 return -EILSEQ; 301 } 302 break; 303 304 case HCI_SCODATA_PKT: 305 if (len >= HCI_SCO_HDR_SIZE) { 306 struct hci_sco_hdr *hdr = (struct hci_sco_hdr *) buf; 307 pkt_len = HCI_SCO_HDR_SIZE + hdr->dlen; 308 } else { 309 BT_ERR("%s audio block is too short", data->hdev->name); 310 return -EILSEQ; 311 } 312 break; 313 } 314 315 skb = bt_skb_alloc(pkt_len, GFP_ATOMIC); 316 if (!skb) { 317 BT_ERR("%s no memory for the packet", data->hdev->name); 318 return -ENOMEM; 319 } 320 321 skb->dev = (void *) data->hdev; 322 bt_cb(skb)->pkt_type = pkt_type; 323 324 data->reassembly = skb; 325 } else { 326 if (!data->reassembly) { 327 BT_ERR("%s unexpected continuation block", data->hdev->name); 328 return -EIO; 329 } 330 } 331 332 if (len > 0) 333 memcpy(skb_put(data->reassembly, len), buf, len); 334 335 if (hdr & 0x08) { 336 hci_recv_frame(data->reassembly); 337 data->reassembly = NULL; 338 } 339 340 return 0; 341 } 342 343 static void bfusb_rx_complete(struct urb *urb) 344 { 345 struct sk_buff *skb = (struct sk_buff *) urb->context; 346 struct bfusb_data *data = (struct bfusb_data *) skb->dev; 347 unsigned char *buf = urb->transfer_buffer; 348 int count = urb->actual_length; 349 int err, hdr, len; 350 351 BT_DBG("bfusb %p urb %p skb %p len %d", data, urb, skb, skb->len); 352 353 read_lock(&data->lock); 354 355 if (!test_bit(HCI_RUNNING, &data->hdev->flags)) 356 goto unlock; 357 358 if (urb->status || !count) 359 goto resubmit; 360 361 data->hdev->stat.byte_rx += count; 362 363 skb_put(skb, count); 364 365 while (count) { 366 hdr = buf[0] | (buf[1] << 8); 367 368 if (hdr & 0x4000) { 369 len = 0; 370 count -= 2; 371 buf += 2; 372 } else { 373 len = (buf[2] == 0) ? 256 : buf[2]; 374 count -= 3; 375 buf += 3; 376 } 377 378 if (count < len) { 379 BT_ERR("%s block extends over URB buffer ranges", 380 data->hdev->name); 381 } 382 383 if ((hdr & 0xe1) == 0xc1) 384 bfusb_recv_block(data, hdr, buf, len); 385 386 count -= len; 387 buf += len; 388 } 389 390 skb_unlink(skb, &data->pending_q); 391 kfree_skb(skb); 392 393 bfusb_rx_submit(data, urb); 394 395 read_unlock(&data->lock); 396 397 return; 398 399 resubmit: 400 urb->dev = data->udev; 401 402 err = usb_submit_urb(urb, GFP_ATOMIC); 403 if (err) { 404 BT_ERR("%s bulk resubmit failed urb %p err %d", 405 data->hdev->name, urb, err); 406 } 407 408 unlock: 409 read_unlock(&data->lock); 410 } 411 412 static int bfusb_open(struct hci_dev *hdev) 413 { 414 struct bfusb_data *data = hci_get_drvdata(hdev); 415 unsigned long flags; 416 int i, err; 417 418 BT_DBG("hdev %p bfusb %p", hdev, data); 419 420 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 421 return 0; 422 423 write_lock_irqsave(&data->lock, flags); 424 425 err = bfusb_rx_submit(data, NULL); 426 if (!err) { 427 for (i = 1; i < BFUSB_MAX_BULK_RX; i++) 428 bfusb_rx_submit(data, NULL); 429 } else { 430 clear_bit(HCI_RUNNING, &hdev->flags); 431 } 432 433 write_unlock_irqrestore(&data->lock, flags); 434 435 return err; 436 } 437 438 static int bfusb_flush(struct hci_dev *hdev) 439 { 440 struct bfusb_data *data = hci_get_drvdata(hdev); 441 442 BT_DBG("hdev %p bfusb %p", hdev, data); 443 444 skb_queue_purge(&data->transmit_q); 445 446 return 0; 447 } 448 449 static int bfusb_close(struct hci_dev *hdev) 450 { 451 struct bfusb_data *data = hci_get_drvdata(hdev); 452 unsigned long flags; 453 454 BT_DBG("hdev %p bfusb %p", hdev, data); 455 456 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 457 return 0; 458 459 write_lock_irqsave(&data->lock, flags); 460 write_unlock_irqrestore(&data->lock, flags); 461 462 bfusb_unlink_urbs(data); 463 bfusb_flush(hdev); 464 465 return 0; 466 } 467 468 static int bfusb_send_frame(struct sk_buff *skb) 469 { 470 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 471 struct bfusb_data *data; 472 struct sk_buff *nskb; 473 unsigned char buf[3]; 474 int sent = 0, size, count; 475 476 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, bt_cb(skb)->pkt_type, skb->len); 477 478 if (!hdev) { 479 BT_ERR("Frame for unknown HCI device (hdev=NULL)"); 480 return -ENODEV; 481 } 482 483 if (!test_bit(HCI_RUNNING, &hdev->flags)) 484 return -EBUSY; 485 486 data = hci_get_drvdata(hdev); 487 488 switch (bt_cb(skb)->pkt_type) { 489 case HCI_COMMAND_PKT: 490 hdev->stat.cmd_tx++; 491 break; 492 case HCI_ACLDATA_PKT: 493 hdev->stat.acl_tx++; 494 break; 495 case HCI_SCODATA_PKT: 496 hdev->stat.sco_tx++; 497 break; 498 }; 499 500 /* Prepend skb with frame type */ 501 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1); 502 503 count = skb->len; 504 505 /* Max HCI frame size seems to be 1511 + 1 */ 506 nskb = bt_skb_alloc(count + 32, GFP_ATOMIC); 507 if (!nskb) { 508 BT_ERR("Can't allocate memory for new packet"); 509 return -ENOMEM; 510 } 511 512 nskb->dev = (void *) data; 513 514 while (count) { 515 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE); 516 517 buf[0] = 0xc1 | ((sent == 0) ? 0x04 : 0) | ((count == size) ? 0x08 : 0); 518 buf[1] = 0x00; 519 buf[2] = (size == BFUSB_MAX_BLOCK_SIZE) ? 0 : size; 520 521 memcpy(skb_put(nskb, 3), buf, 3); 522 skb_copy_from_linear_data_offset(skb, sent, skb_put(nskb, size), size); 523 524 sent += size; 525 count -= size; 526 } 527 528 /* Don't send frame with multiple size of bulk max packet */ 529 if ((nskb->len % data->bulk_pkt_size) == 0) { 530 buf[0] = 0xdd; 531 buf[1] = 0x00; 532 memcpy(skb_put(nskb, 2), buf, 2); 533 } 534 535 read_lock(&data->lock); 536 537 skb_queue_tail(&data->transmit_q, nskb); 538 bfusb_tx_wakeup(data); 539 540 read_unlock(&data->lock); 541 542 kfree_skb(skb); 543 544 return 0; 545 } 546 547 static int bfusb_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg) 548 { 549 return -ENOIOCTLCMD; 550 } 551 552 static int bfusb_load_firmware(struct bfusb_data *data, 553 const unsigned char *firmware, int count) 554 { 555 unsigned char *buf; 556 int err, pipe, len, size, sent = 0; 557 558 BT_DBG("bfusb %p udev %p", data, data->udev); 559 560 BT_INFO("BlueFRITZ! USB loading firmware"); 561 562 buf = kmalloc(BFUSB_MAX_BLOCK_SIZE + 3, GFP_KERNEL); 563 if (!buf) { 564 BT_ERR("Can't allocate memory chunk for firmware"); 565 return -ENOMEM; 566 } 567 568 pipe = usb_sndctrlpipe(data->udev, 0); 569 570 if (usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 571 0, 1, 0, NULL, 0, USB_CTRL_SET_TIMEOUT) < 0) { 572 BT_ERR("Can't change to loading configuration"); 573 kfree(buf); 574 return -EBUSY; 575 } 576 577 data->udev->toggle[0] = data->udev->toggle[1] = 0; 578 579 pipe = usb_sndbulkpipe(data->udev, data->bulk_out_ep); 580 581 while (count) { 582 size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE + 3); 583 584 memcpy(buf, firmware + sent, size); 585 586 err = usb_bulk_msg(data->udev, pipe, buf, size, 587 &len, BFUSB_BLOCK_TIMEOUT); 588 589 if (err || (len != size)) { 590 BT_ERR("Error in firmware loading"); 591 goto error; 592 } 593 594 sent += size; 595 count -= size; 596 } 597 598 err = usb_bulk_msg(data->udev, pipe, NULL, 0, 599 &len, BFUSB_BLOCK_TIMEOUT); 600 if (err < 0) { 601 BT_ERR("Error in null packet request"); 602 goto error; 603 } 604 605 pipe = usb_sndctrlpipe(data->udev, 0); 606 607 err = usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 608 0, 2, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); 609 if (err < 0) { 610 BT_ERR("Can't change to running configuration"); 611 goto error; 612 } 613 614 data->udev->toggle[0] = data->udev->toggle[1] = 0; 615 616 BT_INFO("BlueFRITZ! USB device ready"); 617 618 kfree(buf); 619 return 0; 620 621 error: 622 kfree(buf); 623 624 pipe = usb_sndctrlpipe(data->udev, 0); 625 626 usb_control_msg(data->udev, pipe, USB_REQ_SET_CONFIGURATION, 627 0, 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); 628 629 return err; 630 } 631 632 static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *id) 633 { 634 const struct firmware *firmware; 635 struct usb_device *udev = interface_to_usbdev(intf); 636 struct usb_host_endpoint *bulk_out_ep; 637 struct usb_host_endpoint *bulk_in_ep; 638 struct hci_dev *hdev; 639 struct bfusb_data *data; 640 641 BT_DBG("intf %p id %p", intf, id); 642 643 /* Check number of endpoints */ 644 if (intf->cur_altsetting->desc.bNumEndpoints < 2) 645 return -EIO; 646 647 bulk_out_ep = &intf->cur_altsetting->endpoint[0]; 648 bulk_in_ep = &intf->cur_altsetting->endpoint[1]; 649 650 if (!bulk_out_ep || !bulk_in_ep) { 651 BT_ERR("Bulk endpoints not found"); 652 goto done; 653 } 654 655 /* Initialize control structure and load firmware */ 656 data = devm_kzalloc(&intf->dev, sizeof(struct bfusb_data), GFP_KERNEL); 657 if (!data) { 658 BT_ERR("Can't allocate memory for control structure"); 659 goto done; 660 } 661 662 data->udev = udev; 663 data->bulk_in_ep = bulk_in_ep->desc.bEndpointAddress; 664 data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress; 665 data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize); 666 667 rwlock_init(&data->lock); 668 669 data->reassembly = NULL; 670 671 skb_queue_head_init(&data->transmit_q); 672 skb_queue_head_init(&data->pending_q); 673 skb_queue_head_init(&data->completed_q); 674 675 if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) { 676 BT_ERR("Firmware request failed"); 677 goto done; 678 } 679 680 BT_DBG("firmware data %p size %zu", firmware->data, firmware->size); 681 682 if (bfusb_load_firmware(data, firmware->data, firmware->size) < 0) { 683 BT_ERR("Firmware loading failed"); 684 goto release; 685 } 686 687 release_firmware(firmware); 688 689 /* Initialize and register HCI device */ 690 hdev = hci_alloc_dev(); 691 if (!hdev) { 692 BT_ERR("Can't allocate HCI device"); 693 goto done; 694 } 695 696 data->hdev = hdev; 697 698 hdev->bus = HCI_USB; 699 hci_set_drvdata(hdev, data); 700 SET_HCIDEV_DEV(hdev, &intf->dev); 701 702 hdev->open = bfusb_open; 703 hdev->close = bfusb_close; 704 hdev->flush = bfusb_flush; 705 hdev->send = bfusb_send_frame; 706 hdev->ioctl = bfusb_ioctl; 707 708 if (hci_register_dev(hdev) < 0) { 709 BT_ERR("Can't register HCI device"); 710 hci_free_dev(hdev); 711 goto done; 712 } 713 714 usb_set_intfdata(intf, data); 715 716 return 0; 717 718 release: 719 release_firmware(firmware); 720 721 done: 722 return -EIO; 723 } 724 725 static void bfusb_disconnect(struct usb_interface *intf) 726 { 727 struct bfusb_data *data = usb_get_intfdata(intf); 728 struct hci_dev *hdev = data->hdev; 729 730 BT_DBG("intf %p", intf); 731 732 if (!hdev) 733 return; 734 735 usb_set_intfdata(intf, NULL); 736 737 bfusb_close(hdev); 738 739 hci_unregister_dev(hdev); 740 hci_free_dev(hdev); 741 } 742 743 static struct usb_driver bfusb_driver = { 744 .name = "bfusb", 745 .probe = bfusb_probe, 746 .disconnect = bfusb_disconnect, 747 .id_table = bfusb_table, 748 .disable_hub_initiated_lpm = 1, 749 }; 750 751 module_usb_driver(bfusb_driver); 752 753 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 754 MODULE_DESCRIPTION("BlueFRITZ! USB driver ver " VERSION); 755 MODULE_VERSION(VERSION); 756 MODULE_LICENSE("GPL"); 757 MODULE_FIRMWARE("bfubase.frm"); 758