xref: /linux/drivers/bluetooth/btusb.c (revision 068df0f34e81bc06c5eb5012ec2eda25624e87aa) 
1 /*
2  *
3  *  Generic Bluetooth USB driver
4  *
5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32 
33 #include <linux/usb.h>
34 
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 
38 #define VERSION "0.6"
39 
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45 
46 static int reset = 1;
47 
48 static struct usb_driver btusb_driver;
49 
50 #define BTUSB_IGNORE		0x01
51 #define BTUSB_DIGIANSWER	0x02
52 #define BTUSB_CSR		0x04
53 #define BTUSB_SNIFFER		0x08
54 #define BTUSB_BCM92035		0x10
55 #define BTUSB_BROKEN_ISOC	0x20
56 #define BTUSB_WRONG_SCO_MTU	0x40
57 #define BTUSB_ATH3012		0x80
58 
59 static struct usb_device_id btusb_table[] = {
60 	/* Generic Bluetooth USB device */
61 	{ USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
62 
63 	/* Broadcom SoftSailing reporting vendor specific */
64 	{ USB_DEVICE(0x05ac, 0x21e1) },
65 
66 	/* Apple MacBookPro 7,1 */
67 	{ USB_DEVICE(0x05ac, 0x8213) },
68 
69 	/* Apple iMac11,1 */
70 	{ USB_DEVICE(0x05ac, 0x8215) },
71 
72 	/* Apple MacBookPro6,2 */
73 	{ USB_DEVICE(0x05ac, 0x8218) },
74 
75 	/* Apple MacBookAir3,1, MacBookAir3,2 */
76 	{ USB_DEVICE(0x05ac, 0x821b) },
77 
78 	/* Apple MacBookAir4,1 */
79 	{ USB_DEVICE(0x05ac, 0x821f) },
80 
81 	/* Apple MacBookPro8,2 */
82 	{ USB_DEVICE(0x05ac, 0x821a) },
83 
84 	/* Apple MacMini5,1 */
85 	{ USB_DEVICE(0x05ac, 0x8281) },
86 
87 	/* AVM BlueFRITZ! USB v2.0 */
88 	{ USB_DEVICE(0x057c, 0x3800) },
89 
90 	/* Bluetooth Ultraport Module from IBM */
91 	{ USB_DEVICE(0x04bf, 0x030a) },
92 
93 	/* ALPS Modules with non-standard id */
94 	{ USB_DEVICE(0x044e, 0x3001) },
95 	{ USB_DEVICE(0x044e, 0x3002) },
96 
97 	/* Ericsson with non-standard id */
98 	{ USB_DEVICE(0x0bdb, 0x1002) },
99 
100 	/* Canyon CN-BTU1 with HID interfaces */
101 	{ USB_DEVICE(0x0c10, 0x0000) },
102 
103 	{ }	/* Terminating entry */
104 };
105 
106 MODULE_DEVICE_TABLE(usb, btusb_table);
107 
108 static struct usb_device_id blacklist_table[] = {
109 	/* CSR BlueCore devices */
110 	{ USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
111 
112 	/* Broadcom BCM2033 without firmware */
113 	{ USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
114 
115 	/* Atheros 3011 with sflash firmware */
116 	{ USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
117 	{ USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
118 	{ USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
119 
120 	/* Atheros AR9285 Malbec with sflash firmware */
121 	{ USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
122 
123 	/* Atheros 3012 with sflash firmware */
124 	{ USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
125 
126 	/* Atheros AR5BBU12 with sflash firmware */
127 	{ USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
128 
129 	/* Broadcom BCM2035 */
130 	{ USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
131 	{ USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
132 	{ USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
133 
134 	/* Broadcom BCM2045 */
135 	{ USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
136 	{ USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
137 
138 	/* IBM/Lenovo ThinkPad with Broadcom chip */
139 	{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
140 	{ USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
141 
142 	/* HP laptop with Broadcom chip */
143 	{ USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
144 
145 	/* Dell laptop with Broadcom chip */
146 	{ USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
147 
148 	/* Dell Wireless 370 and 410 devices */
149 	{ USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
150 	{ USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
151 
152 	/* Belkin F8T012 and F8T013 devices */
153 	{ USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
154 	{ USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
155 
156 	/* Asus WL-BTD202 device */
157 	{ USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
158 
159 	/* Kensington Bluetooth USB adapter */
160 	{ USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
161 
162 	/* RTX Telecom based adapters with buggy SCO support */
163 	{ USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
164 	{ USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
165 
166 	/* CONWISE Technology based adapters with buggy SCO support */
167 	{ USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
168 
169 	/* Digianswer devices */
170 	{ USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
171 	{ USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
172 
173 	/* CSR BlueCore Bluetooth Sniffer */
174 	{ USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
175 
176 	/* Frontline ComProbe Bluetooth Sniffer */
177 	{ USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
178 
179 	{ }	/* Terminating entry */
180 };
181 
182 #define BTUSB_MAX_ISOC_FRAMES	10
183 
184 #define BTUSB_INTR_RUNNING	0
185 #define BTUSB_BULK_RUNNING	1
186 #define BTUSB_ISOC_RUNNING	2
187 #define BTUSB_SUSPENDING	3
188 #define BTUSB_DID_ISO_RESUME	4
189 
190 struct btusb_data {
191 	struct hci_dev       *hdev;
192 	struct usb_device    *udev;
193 	struct usb_interface *intf;
194 	struct usb_interface *isoc;
195 
196 	spinlock_t lock;
197 
198 	unsigned long flags;
199 
200 	struct work_struct work;
201 	struct work_struct waker;
202 
203 	struct usb_anchor tx_anchor;
204 	struct usb_anchor intr_anchor;
205 	struct usb_anchor bulk_anchor;
206 	struct usb_anchor isoc_anchor;
207 	struct usb_anchor deferred;
208 	int tx_in_flight;
209 	spinlock_t txlock;
210 
211 	struct usb_endpoint_descriptor *intr_ep;
212 	struct usb_endpoint_descriptor *bulk_tx_ep;
213 	struct usb_endpoint_descriptor *bulk_rx_ep;
214 	struct usb_endpoint_descriptor *isoc_tx_ep;
215 	struct usb_endpoint_descriptor *isoc_rx_ep;
216 
217 	__u8 cmdreq_type;
218 
219 	unsigned int sco_num;
220 	int isoc_altsetting;
221 	int suspend_count;
222 };
223 
224 static int inc_tx(struct btusb_data *data)
225 {
226 	unsigned long flags;
227 	int rv;
228 
229 	spin_lock_irqsave(&data->txlock, flags);
230 	rv = test_bit(BTUSB_SUSPENDING, &data->flags);
231 	if (!rv)
232 		data->tx_in_flight++;
233 	spin_unlock_irqrestore(&data->txlock, flags);
234 
235 	return rv;
236 }
237 
238 static void btusb_intr_complete(struct urb *urb)
239 {
240 	struct hci_dev *hdev = urb->context;
241 	struct btusb_data *data = hdev->driver_data;
242 	int err;
243 
244 	BT_DBG("%s urb %p status %d count %d", hdev->name,
245 					urb, urb->status, urb->actual_length);
246 
247 	if (!test_bit(HCI_RUNNING, &hdev->flags))
248 		return;
249 
250 	if (urb->status == 0) {
251 		hdev->stat.byte_rx += urb->actual_length;
252 
253 		if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
254 						urb->transfer_buffer,
255 						urb->actual_length) < 0) {
256 			BT_ERR("%s corrupted event packet", hdev->name);
257 			hdev->stat.err_rx++;
258 		}
259 	}
260 
261 	if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
262 		return;
263 
264 	usb_mark_last_busy(data->udev);
265 	usb_anchor_urb(urb, &data->intr_anchor);
266 
267 	err = usb_submit_urb(urb, GFP_ATOMIC);
268 	if (err < 0) {
269 		/* -EPERM: urb is being killed;
270 		 * -ENODEV: device got disconnected */
271 		if (err != -EPERM && err != -ENODEV)
272 			BT_ERR("%s urb %p failed to resubmit (%d)",
273 						hdev->name, urb, -err);
274 		usb_unanchor_urb(urb);
275 	}
276 }
277 
278 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
279 {
280 	struct btusb_data *data = hdev->driver_data;
281 	struct urb *urb;
282 	unsigned char *buf;
283 	unsigned int pipe;
284 	int err, size;
285 
286 	BT_DBG("%s", hdev->name);
287 
288 	if (!data->intr_ep)
289 		return -ENODEV;
290 
291 	urb = usb_alloc_urb(0, mem_flags);
292 	if (!urb)
293 		return -ENOMEM;
294 
295 	size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
296 
297 	buf = kmalloc(size, mem_flags);
298 	if (!buf) {
299 		usb_free_urb(urb);
300 		return -ENOMEM;
301 	}
302 
303 	pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
304 
305 	usb_fill_int_urb(urb, data->udev, pipe, buf, size,
306 						btusb_intr_complete, hdev,
307 						data->intr_ep->bInterval);
308 
309 	urb->transfer_flags |= URB_FREE_BUFFER;
310 
311 	usb_anchor_urb(urb, &data->intr_anchor);
312 
313 	err = usb_submit_urb(urb, mem_flags);
314 	if (err < 0) {
315 		BT_ERR("%s urb %p submission failed (%d)",
316 						hdev->name, urb, -err);
317 		usb_unanchor_urb(urb);
318 	}
319 
320 	usb_free_urb(urb);
321 
322 	return err;
323 }
324 
325 static void btusb_bulk_complete(struct urb *urb)
326 {
327 	struct hci_dev *hdev = urb->context;
328 	struct btusb_data *data = hdev->driver_data;
329 	int err;
330 
331 	BT_DBG("%s urb %p status %d count %d", hdev->name,
332 					urb, urb->status, urb->actual_length);
333 
334 	if (!test_bit(HCI_RUNNING, &hdev->flags))
335 		return;
336 
337 	if (urb->status == 0) {
338 		hdev->stat.byte_rx += urb->actual_length;
339 
340 		if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
341 						urb->transfer_buffer,
342 						urb->actual_length) < 0) {
343 			BT_ERR("%s corrupted ACL packet", hdev->name);
344 			hdev->stat.err_rx++;
345 		}
346 	}
347 
348 	if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
349 		return;
350 
351 	usb_anchor_urb(urb, &data->bulk_anchor);
352 	usb_mark_last_busy(data->udev);
353 
354 	err = usb_submit_urb(urb, GFP_ATOMIC);
355 	if (err < 0) {
356 		/* -EPERM: urb is being killed;
357 		 * -ENODEV: device got disconnected */
358 		if (err != -EPERM && err != -ENODEV)
359 			BT_ERR("%s urb %p failed to resubmit (%d)",
360 						hdev->name, urb, -err);
361 		usb_unanchor_urb(urb);
362 	}
363 }
364 
365 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
366 {
367 	struct btusb_data *data = hdev->driver_data;
368 	struct urb *urb;
369 	unsigned char *buf;
370 	unsigned int pipe;
371 	int err, size = HCI_MAX_FRAME_SIZE;
372 
373 	BT_DBG("%s", hdev->name);
374 
375 	if (!data->bulk_rx_ep)
376 		return -ENODEV;
377 
378 	urb = usb_alloc_urb(0, mem_flags);
379 	if (!urb)
380 		return -ENOMEM;
381 
382 	buf = kmalloc(size, mem_flags);
383 	if (!buf) {
384 		usb_free_urb(urb);
385 		return -ENOMEM;
386 	}
387 
388 	pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
389 
390 	usb_fill_bulk_urb(urb, data->udev, pipe,
391 					buf, size, btusb_bulk_complete, hdev);
392 
393 	urb->transfer_flags |= URB_FREE_BUFFER;
394 
395 	usb_mark_last_busy(data->udev);
396 	usb_anchor_urb(urb, &data->bulk_anchor);
397 
398 	err = usb_submit_urb(urb, mem_flags);
399 	if (err < 0) {
400 		BT_ERR("%s urb %p submission failed (%d)",
401 						hdev->name, urb, -err);
402 		usb_unanchor_urb(urb);
403 	}
404 
405 	usb_free_urb(urb);
406 
407 	return err;
408 }
409 
410 static void btusb_isoc_complete(struct urb *urb)
411 {
412 	struct hci_dev *hdev = urb->context;
413 	struct btusb_data *data = hdev->driver_data;
414 	int i, err;
415 
416 	BT_DBG("%s urb %p status %d count %d", hdev->name,
417 					urb, urb->status, urb->actual_length);
418 
419 	if (!test_bit(HCI_RUNNING, &hdev->flags))
420 		return;
421 
422 	if (urb->status == 0) {
423 		for (i = 0; i < urb->number_of_packets; i++) {
424 			unsigned int offset = urb->iso_frame_desc[i].offset;
425 			unsigned int length = urb->iso_frame_desc[i].actual_length;
426 
427 			if (urb->iso_frame_desc[i].status)
428 				continue;
429 
430 			hdev->stat.byte_rx += length;
431 
432 			if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
433 						urb->transfer_buffer + offset,
434 								length) < 0) {
435 				BT_ERR("%s corrupted SCO packet", hdev->name);
436 				hdev->stat.err_rx++;
437 			}
438 		}
439 	}
440 
441 	if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
442 		return;
443 
444 	usb_anchor_urb(urb, &data->isoc_anchor);
445 
446 	err = usb_submit_urb(urb, GFP_ATOMIC);
447 	if (err < 0) {
448 		/* -EPERM: urb is being killed;
449 		 * -ENODEV: device got disconnected */
450 		if (err != -EPERM && err != -ENODEV)
451 			BT_ERR("%s urb %p failed to resubmit (%d)",
452 						hdev->name, urb, -err);
453 		usb_unanchor_urb(urb);
454 	}
455 }
456 
457 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
458 {
459 	int i, offset = 0;
460 
461 	BT_DBG("len %d mtu %d", len, mtu);
462 
463 	for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
464 					i++, offset += mtu, len -= mtu) {
465 		urb->iso_frame_desc[i].offset = offset;
466 		urb->iso_frame_desc[i].length = mtu;
467 	}
468 
469 	if (len && i < BTUSB_MAX_ISOC_FRAMES) {
470 		urb->iso_frame_desc[i].offset = offset;
471 		urb->iso_frame_desc[i].length = len;
472 		i++;
473 	}
474 
475 	urb->number_of_packets = i;
476 }
477 
478 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
479 {
480 	struct btusb_data *data = hdev->driver_data;
481 	struct urb *urb;
482 	unsigned char *buf;
483 	unsigned int pipe;
484 	int err, size;
485 
486 	BT_DBG("%s", hdev->name);
487 
488 	if (!data->isoc_rx_ep)
489 		return -ENODEV;
490 
491 	urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
492 	if (!urb)
493 		return -ENOMEM;
494 
495 	size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
496 						BTUSB_MAX_ISOC_FRAMES;
497 
498 	buf = kmalloc(size, mem_flags);
499 	if (!buf) {
500 		usb_free_urb(urb);
501 		return -ENOMEM;
502 	}
503 
504 	pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
505 
506 	urb->dev      = data->udev;
507 	urb->pipe     = pipe;
508 	urb->context  = hdev;
509 	urb->complete = btusb_isoc_complete;
510 	urb->interval = data->isoc_rx_ep->bInterval;
511 
512 	urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
513 	urb->transfer_buffer = buf;
514 	urb->transfer_buffer_length = size;
515 
516 	__fill_isoc_descriptor(urb, size,
517 			le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
518 
519 	usb_anchor_urb(urb, &data->isoc_anchor);
520 
521 	err = usb_submit_urb(urb, mem_flags);
522 	if (err < 0) {
523 		BT_ERR("%s urb %p submission failed (%d)",
524 						hdev->name, urb, -err);
525 		usb_unanchor_urb(urb);
526 	}
527 
528 	usb_free_urb(urb);
529 
530 	return err;
531 }
532 
533 static void btusb_tx_complete(struct urb *urb)
534 {
535 	struct sk_buff *skb = urb->context;
536 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
537 	struct btusb_data *data = hdev->driver_data;
538 
539 	BT_DBG("%s urb %p status %d count %d", hdev->name,
540 					urb, urb->status, urb->actual_length);
541 
542 	if (!test_bit(HCI_RUNNING, &hdev->flags))
543 		goto done;
544 
545 	if (!urb->status)
546 		hdev->stat.byte_tx += urb->transfer_buffer_length;
547 	else
548 		hdev->stat.err_tx++;
549 
550 done:
551 	spin_lock(&data->txlock);
552 	data->tx_in_flight--;
553 	spin_unlock(&data->txlock);
554 
555 	kfree(urb->setup_packet);
556 
557 	kfree_skb(skb);
558 }
559 
560 static void btusb_isoc_tx_complete(struct urb *urb)
561 {
562 	struct sk_buff *skb = urb->context;
563 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
564 
565 	BT_DBG("%s urb %p status %d count %d", hdev->name,
566 					urb, urb->status, urb->actual_length);
567 
568 	if (!test_bit(HCI_RUNNING, &hdev->flags))
569 		goto done;
570 
571 	if (!urb->status)
572 		hdev->stat.byte_tx += urb->transfer_buffer_length;
573 	else
574 		hdev->stat.err_tx++;
575 
576 done:
577 	kfree(urb->setup_packet);
578 
579 	kfree_skb(skb);
580 }
581 
582 static int btusb_open(struct hci_dev *hdev)
583 {
584 	struct btusb_data *data = hdev->driver_data;
585 	int err;
586 
587 	BT_DBG("%s", hdev->name);
588 
589 	err = usb_autopm_get_interface(data->intf);
590 	if (err < 0)
591 		return err;
592 
593 	data->intf->needs_remote_wakeup = 1;
594 
595 	if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
596 		goto done;
597 
598 	if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
599 		goto done;
600 
601 	err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
602 	if (err < 0)
603 		goto failed;
604 
605 	err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
606 	if (err < 0) {
607 		usb_kill_anchored_urbs(&data->intr_anchor);
608 		goto failed;
609 	}
610 
611 	set_bit(BTUSB_BULK_RUNNING, &data->flags);
612 	btusb_submit_bulk_urb(hdev, GFP_KERNEL);
613 
614 done:
615 	usb_autopm_put_interface(data->intf);
616 	return 0;
617 
618 failed:
619 	clear_bit(BTUSB_INTR_RUNNING, &data->flags);
620 	clear_bit(HCI_RUNNING, &hdev->flags);
621 	usb_autopm_put_interface(data->intf);
622 	return err;
623 }
624 
625 static void btusb_stop_traffic(struct btusb_data *data)
626 {
627 	usb_kill_anchored_urbs(&data->intr_anchor);
628 	usb_kill_anchored_urbs(&data->bulk_anchor);
629 	usb_kill_anchored_urbs(&data->isoc_anchor);
630 }
631 
632 static int btusb_close(struct hci_dev *hdev)
633 {
634 	struct btusb_data *data = hdev->driver_data;
635 	int err;
636 
637 	BT_DBG("%s", hdev->name);
638 
639 	if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
640 		return 0;
641 
642 	cancel_work_sync(&data->work);
643 	cancel_work_sync(&data->waker);
644 
645 	clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
646 	clear_bit(BTUSB_BULK_RUNNING, &data->flags);
647 	clear_bit(BTUSB_INTR_RUNNING, &data->flags);
648 
649 	btusb_stop_traffic(data);
650 	err = usb_autopm_get_interface(data->intf);
651 	if (err < 0)
652 		goto failed;
653 
654 	data->intf->needs_remote_wakeup = 0;
655 	usb_autopm_put_interface(data->intf);
656 
657 failed:
658 	usb_scuttle_anchored_urbs(&data->deferred);
659 	return 0;
660 }
661 
662 static int btusb_flush(struct hci_dev *hdev)
663 {
664 	struct btusb_data *data = hdev->driver_data;
665 
666 	BT_DBG("%s", hdev->name);
667 
668 	usb_kill_anchored_urbs(&data->tx_anchor);
669 
670 	return 0;
671 }
672 
673 static int btusb_send_frame(struct sk_buff *skb)
674 {
675 	struct hci_dev *hdev = (struct hci_dev *) skb->dev;
676 	struct btusb_data *data = hdev->driver_data;
677 	struct usb_ctrlrequest *dr;
678 	struct urb *urb;
679 	unsigned int pipe;
680 	int err;
681 
682 	BT_DBG("%s", hdev->name);
683 
684 	if (!test_bit(HCI_RUNNING, &hdev->flags))
685 		return -EBUSY;
686 
687 	switch (bt_cb(skb)->pkt_type) {
688 	case HCI_COMMAND_PKT:
689 		urb = usb_alloc_urb(0, GFP_ATOMIC);
690 		if (!urb)
691 			return -ENOMEM;
692 
693 		dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
694 		if (!dr) {
695 			usb_free_urb(urb);
696 			return -ENOMEM;
697 		}
698 
699 		dr->bRequestType = data->cmdreq_type;
700 		dr->bRequest     = 0;
701 		dr->wIndex       = 0;
702 		dr->wValue       = 0;
703 		dr->wLength      = __cpu_to_le16(skb->len);
704 
705 		pipe = usb_sndctrlpipe(data->udev, 0x00);
706 
707 		usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
708 				skb->data, skb->len, btusb_tx_complete, skb);
709 
710 		hdev->stat.cmd_tx++;
711 		break;
712 
713 	case HCI_ACLDATA_PKT:
714 		if (!data->bulk_tx_ep)
715 			return -ENODEV;
716 
717 		urb = usb_alloc_urb(0, GFP_ATOMIC);
718 		if (!urb)
719 			return -ENOMEM;
720 
721 		pipe = usb_sndbulkpipe(data->udev,
722 					data->bulk_tx_ep->bEndpointAddress);
723 
724 		usb_fill_bulk_urb(urb, data->udev, pipe,
725 				skb->data, skb->len, btusb_tx_complete, skb);
726 
727 		hdev->stat.acl_tx++;
728 		break;
729 
730 	case HCI_SCODATA_PKT:
731 		if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
732 			return -ENODEV;
733 
734 		urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
735 		if (!urb)
736 			return -ENOMEM;
737 
738 		pipe = usb_sndisocpipe(data->udev,
739 					data->isoc_tx_ep->bEndpointAddress);
740 
741 		usb_fill_int_urb(urb, data->udev, pipe,
742 				skb->data, skb->len, btusb_isoc_tx_complete,
743 				skb, data->isoc_tx_ep->bInterval);
744 
745 		urb->transfer_flags  = URB_ISO_ASAP;
746 
747 		__fill_isoc_descriptor(urb, skb->len,
748 				le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
749 
750 		hdev->stat.sco_tx++;
751 		goto skip_waking;
752 
753 	default:
754 		return -EILSEQ;
755 	}
756 
757 	err = inc_tx(data);
758 	if (err) {
759 		usb_anchor_urb(urb, &data->deferred);
760 		schedule_work(&data->waker);
761 		err = 0;
762 		goto done;
763 	}
764 
765 skip_waking:
766 	usb_anchor_urb(urb, &data->tx_anchor);
767 
768 	err = usb_submit_urb(urb, GFP_ATOMIC);
769 	if (err < 0) {
770 		BT_ERR("%s urb %p submission failed", hdev->name, urb);
771 		kfree(urb->setup_packet);
772 		usb_unanchor_urb(urb);
773 	} else {
774 		usb_mark_last_busy(data->udev);
775 	}
776 
777 	usb_free_urb(urb);
778 
779 done:
780 	return err;
781 }
782 
783 static void btusb_destruct(struct hci_dev *hdev)
784 {
785 	struct btusb_data *data = hdev->driver_data;
786 
787 	BT_DBG("%s", hdev->name);
788 
789 	kfree(data);
790 }
791 
792 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
793 {
794 	struct btusb_data *data = hdev->driver_data;
795 
796 	BT_DBG("%s evt %d", hdev->name, evt);
797 
798 	if (hdev->conn_hash.sco_num != data->sco_num) {
799 		data->sco_num = hdev->conn_hash.sco_num;
800 		schedule_work(&data->work);
801 	}
802 }
803 
804 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
805 {
806 	struct btusb_data *data = hdev->driver_data;
807 	struct usb_interface *intf = data->isoc;
808 	struct usb_endpoint_descriptor *ep_desc;
809 	int i, err;
810 
811 	if (!data->isoc)
812 		return -ENODEV;
813 
814 	err = usb_set_interface(data->udev, 1, altsetting);
815 	if (err < 0) {
816 		BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
817 		return err;
818 	}
819 
820 	data->isoc_altsetting = altsetting;
821 
822 	data->isoc_tx_ep = NULL;
823 	data->isoc_rx_ep = NULL;
824 
825 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
826 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
827 
828 		if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
829 			data->isoc_tx_ep = ep_desc;
830 			continue;
831 		}
832 
833 		if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
834 			data->isoc_rx_ep = ep_desc;
835 			continue;
836 		}
837 	}
838 
839 	if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
840 		BT_ERR("%s invalid SCO descriptors", hdev->name);
841 		return -ENODEV;
842 	}
843 
844 	return 0;
845 }
846 
847 static void btusb_work(struct work_struct *work)
848 {
849 	struct btusb_data *data = container_of(work, struct btusb_data, work);
850 	struct hci_dev *hdev = data->hdev;
851 	int err;
852 
853 	if (hdev->conn_hash.sco_num > 0) {
854 		if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
855 			err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
856 			if (err < 0) {
857 				clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
858 				usb_kill_anchored_urbs(&data->isoc_anchor);
859 				return;
860 			}
861 
862 			set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
863 		}
864 		if (data->isoc_altsetting != 2) {
865 			clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
866 			usb_kill_anchored_urbs(&data->isoc_anchor);
867 
868 			if (__set_isoc_interface(hdev, 2) < 0)
869 				return;
870 		}
871 
872 		if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
873 			if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
874 				clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
875 			else
876 				btusb_submit_isoc_urb(hdev, GFP_KERNEL);
877 		}
878 	} else {
879 		clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
880 		usb_kill_anchored_urbs(&data->isoc_anchor);
881 
882 		__set_isoc_interface(hdev, 0);
883 		if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
884 			usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
885 	}
886 }
887 
888 static void btusb_waker(struct work_struct *work)
889 {
890 	struct btusb_data *data = container_of(work, struct btusb_data, waker);
891 	int err;
892 
893 	err = usb_autopm_get_interface(data->intf);
894 	if (err < 0)
895 		return;
896 
897 	usb_autopm_put_interface(data->intf);
898 }
899 
900 static int btusb_probe(struct usb_interface *intf,
901 				const struct usb_device_id *id)
902 {
903 	struct usb_endpoint_descriptor *ep_desc;
904 	struct btusb_data *data;
905 	struct hci_dev *hdev;
906 	int i, err;
907 
908 	BT_DBG("intf %p id %p", intf, id);
909 
910 	/* interface numbers are hardcoded in the spec */
911 	if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
912 		return -ENODEV;
913 
914 	if (!id->driver_info) {
915 		const struct usb_device_id *match;
916 		match = usb_match_id(intf, blacklist_table);
917 		if (match)
918 			id = match;
919 	}
920 
921 	if (id->driver_info == BTUSB_IGNORE)
922 		return -ENODEV;
923 
924 	if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
925 		return -ENODEV;
926 
927 	if (ignore_csr && id->driver_info & BTUSB_CSR)
928 		return -ENODEV;
929 
930 	if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
931 		return -ENODEV;
932 
933 	if (id->driver_info & BTUSB_ATH3012) {
934 		struct usb_device *udev = interface_to_usbdev(intf);
935 
936 		/* Old firmware would otherwise let ath3k driver load
937 		 * patch and sysconfig files */
938 		if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
939 			return -ENODEV;
940 	}
941 
942 	data = kzalloc(sizeof(*data), GFP_KERNEL);
943 	if (!data)
944 		return -ENOMEM;
945 
946 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
947 		ep_desc = &intf->cur_altsetting->endpoint[i].desc;
948 
949 		if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
950 			data->intr_ep = ep_desc;
951 			continue;
952 		}
953 
954 		if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
955 			data->bulk_tx_ep = ep_desc;
956 			continue;
957 		}
958 
959 		if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
960 			data->bulk_rx_ep = ep_desc;
961 			continue;
962 		}
963 	}
964 
965 	if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
966 		kfree(data);
967 		return -ENODEV;
968 	}
969 
970 	data->cmdreq_type = USB_TYPE_CLASS;
971 
972 	data->udev = interface_to_usbdev(intf);
973 	data->intf = intf;
974 
975 	spin_lock_init(&data->lock);
976 
977 	INIT_WORK(&data->work, btusb_work);
978 	INIT_WORK(&data->waker, btusb_waker);
979 	spin_lock_init(&data->txlock);
980 
981 	init_usb_anchor(&data->tx_anchor);
982 	init_usb_anchor(&data->intr_anchor);
983 	init_usb_anchor(&data->bulk_anchor);
984 	init_usb_anchor(&data->isoc_anchor);
985 	init_usb_anchor(&data->deferred);
986 
987 	hdev = hci_alloc_dev();
988 	if (!hdev) {
989 		kfree(data);
990 		return -ENOMEM;
991 	}
992 
993 	hdev->bus = HCI_USB;
994 	hdev->driver_data = data;
995 
996 	data->hdev = hdev;
997 
998 	SET_HCIDEV_DEV(hdev, &intf->dev);
999 
1000 	hdev->open     = btusb_open;
1001 	hdev->close    = btusb_close;
1002 	hdev->flush    = btusb_flush;
1003 	hdev->send     = btusb_send_frame;
1004 	hdev->destruct = btusb_destruct;
1005 	hdev->notify   = btusb_notify;
1006 
1007 	hdev->owner = THIS_MODULE;
1008 
1009 	/* Interface numbers are hardcoded in the specification */
1010 	data->isoc = usb_ifnum_to_if(data->udev, 1);
1011 
1012 	if (!reset)
1013 		set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1014 
1015 	if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1016 		if (!disable_scofix)
1017 			set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1018 	}
1019 
1020 	if (id->driver_info & BTUSB_BROKEN_ISOC)
1021 		data->isoc = NULL;
1022 
1023 	if (id->driver_info & BTUSB_DIGIANSWER) {
1024 		data->cmdreq_type = USB_TYPE_VENDOR;
1025 		set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1026 	}
1027 
1028 	if (id->driver_info & BTUSB_CSR) {
1029 		struct usb_device *udev = data->udev;
1030 
1031 		/* Old firmware would otherwise execute USB reset */
1032 		if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1033 			set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1034 	}
1035 
1036 	if (id->driver_info & BTUSB_SNIFFER) {
1037 		struct usb_device *udev = data->udev;
1038 
1039 		/* New sniffer firmware has crippled HCI interface */
1040 		if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1041 			set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1042 
1043 		data->isoc = NULL;
1044 	}
1045 
1046 	if (id->driver_info & BTUSB_BCM92035) {
1047 		unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1048 		struct sk_buff *skb;
1049 
1050 		skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1051 		if (skb) {
1052 			memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1053 			skb_queue_tail(&hdev->driver_init, skb);
1054 		}
1055 	}
1056 
1057 	if (data->isoc) {
1058 		err = usb_driver_claim_interface(&btusb_driver,
1059 							data->isoc, data);
1060 		if (err < 0) {
1061 			hci_free_dev(hdev);
1062 			kfree(data);
1063 			return err;
1064 		}
1065 	}
1066 
1067 	err = hci_register_dev(hdev);
1068 	if (err < 0) {
1069 		hci_free_dev(hdev);
1070 		kfree(data);
1071 		return err;
1072 	}
1073 
1074 	usb_set_intfdata(intf, data);
1075 
1076 	return 0;
1077 }
1078 
1079 static void btusb_disconnect(struct usb_interface *intf)
1080 {
1081 	struct btusb_data *data = usb_get_intfdata(intf);
1082 	struct hci_dev *hdev;
1083 
1084 	BT_DBG("intf %p", intf);
1085 
1086 	if (!data)
1087 		return;
1088 
1089 	hdev = data->hdev;
1090 
1091 	__hci_dev_hold(hdev);
1092 
1093 	usb_set_intfdata(data->intf, NULL);
1094 
1095 	if (data->isoc)
1096 		usb_set_intfdata(data->isoc, NULL);
1097 
1098 	hci_unregister_dev(hdev);
1099 
1100 	if (intf == data->isoc)
1101 		usb_driver_release_interface(&btusb_driver, data->intf);
1102 	else if (data->isoc)
1103 		usb_driver_release_interface(&btusb_driver, data->isoc);
1104 
1105 	__hci_dev_put(hdev);
1106 
1107 	hci_free_dev(hdev);
1108 }
1109 
1110 #ifdef CONFIG_PM
1111 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1112 {
1113 	struct btusb_data *data = usb_get_intfdata(intf);
1114 
1115 	BT_DBG("intf %p", intf);
1116 
1117 	if (data->suspend_count++)
1118 		return 0;
1119 
1120 	spin_lock_irq(&data->txlock);
1121 	if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1122 		set_bit(BTUSB_SUSPENDING, &data->flags);
1123 		spin_unlock_irq(&data->txlock);
1124 	} else {
1125 		spin_unlock_irq(&data->txlock);
1126 		data->suspend_count--;
1127 		return -EBUSY;
1128 	}
1129 
1130 	cancel_work_sync(&data->work);
1131 
1132 	btusb_stop_traffic(data);
1133 	usb_kill_anchored_urbs(&data->tx_anchor);
1134 
1135 	return 0;
1136 }
1137 
1138 static void play_deferred(struct btusb_data *data)
1139 {
1140 	struct urb *urb;
1141 	int err;
1142 
1143 	while ((urb = usb_get_from_anchor(&data->deferred))) {
1144 		err = usb_submit_urb(urb, GFP_ATOMIC);
1145 		if (err < 0)
1146 			break;
1147 
1148 		data->tx_in_flight++;
1149 	}
1150 	usb_scuttle_anchored_urbs(&data->deferred);
1151 }
1152 
1153 static int btusb_resume(struct usb_interface *intf)
1154 {
1155 	struct btusb_data *data = usb_get_intfdata(intf);
1156 	struct hci_dev *hdev = data->hdev;
1157 	int err = 0;
1158 
1159 	BT_DBG("intf %p", intf);
1160 
1161 	if (--data->suspend_count)
1162 		return 0;
1163 
1164 	if (!test_bit(HCI_RUNNING, &hdev->flags))
1165 		goto done;
1166 
1167 	if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1168 		err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1169 		if (err < 0) {
1170 			clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1171 			goto failed;
1172 		}
1173 	}
1174 
1175 	if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1176 		err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1177 		if (err < 0) {
1178 			clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1179 			goto failed;
1180 		}
1181 
1182 		btusb_submit_bulk_urb(hdev, GFP_NOIO);
1183 	}
1184 
1185 	if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1186 		if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1187 			clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1188 		else
1189 			btusb_submit_isoc_urb(hdev, GFP_NOIO);
1190 	}
1191 
1192 	spin_lock_irq(&data->txlock);
1193 	play_deferred(data);
1194 	clear_bit(BTUSB_SUSPENDING, &data->flags);
1195 	spin_unlock_irq(&data->txlock);
1196 	schedule_work(&data->work);
1197 
1198 	return 0;
1199 
1200 failed:
1201 	usb_scuttle_anchored_urbs(&data->deferred);
1202 done:
1203 	spin_lock_irq(&data->txlock);
1204 	clear_bit(BTUSB_SUSPENDING, &data->flags);
1205 	spin_unlock_irq(&data->txlock);
1206 
1207 	return err;
1208 }
1209 #endif
1210 
1211 static struct usb_driver btusb_driver = {
1212 	.name		= "btusb",
1213 	.probe		= btusb_probe,
1214 	.disconnect	= btusb_disconnect,
1215 #ifdef CONFIG_PM
1216 	.suspend	= btusb_suspend,
1217 	.resume		= btusb_resume,
1218 #endif
1219 	.id_table	= btusb_table,
1220 	.supports_autosuspend = 1,
1221 };
1222 
1223 static int __init btusb_init(void)
1224 {
1225 	BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1226 
1227 	return usb_register(&btusb_driver);
1228 }
1229 
1230 static void __exit btusb_exit(void)
1231 {
1232 	usb_deregister(&btusb_driver);
1233 }
1234 
1235 module_init(btusb_init);
1236 module_exit(btusb_exit);
1237 
1238 module_param(ignore_dga, bool, 0644);
1239 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1240 
1241 module_param(ignore_csr, bool, 0644);
1242 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1243 
1244 module_param(ignore_sniffer, bool, 0644);
1245 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1246 
1247 module_param(disable_scofix, bool, 0644);
1248 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1249 
1250 module_param(force_scofix, bool, 0644);
1251 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1252 
1253 module_param(reset, bool, 0644);
1254 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1255 
1256 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1257 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1258 MODULE_VERSION(VERSION);
1259 MODULE_LICENSE("GPL");
1260