1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/firmware.h> 27 #include <asm/unaligned.h> 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 32 #include "btintel.h" 33 #include "btbcm.h" 34 #include "btrtl.h" 35 36 #define VERSION "0.8" 37 38 static bool disable_scofix; 39 static bool force_scofix; 40 41 static bool reset = true; 42 43 static struct usb_driver btusb_driver; 44 45 #define BTUSB_IGNORE 0x01 46 #define BTUSB_DIGIANSWER 0x02 47 #define BTUSB_CSR 0x04 48 #define BTUSB_SNIFFER 0x08 49 #define BTUSB_BCM92035 0x10 50 #define BTUSB_BROKEN_ISOC 0x20 51 #define BTUSB_WRONG_SCO_MTU 0x40 52 #define BTUSB_ATH3012 0x80 53 #define BTUSB_INTEL 0x100 54 #define BTUSB_INTEL_BOOT 0x200 55 #define BTUSB_BCM_PATCHRAM 0x400 56 #define BTUSB_MARVELL 0x800 57 #define BTUSB_SWAVE 0x1000 58 #define BTUSB_INTEL_NEW 0x2000 59 #define BTUSB_AMP 0x4000 60 #define BTUSB_QCA_ROME 0x8000 61 #define BTUSB_BCM_APPLE 0x10000 62 #define BTUSB_REALTEK 0x20000 63 #define BTUSB_BCM2045 0x40000 64 #define BTUSB_IFNUM_2 0x80000 65 66 static const struct usb_device_id btusb_table[] = { 67 /* Generic Bluetooth USB device */ 68 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 69 70 /* Generic Bluetooth AMP device */ 71 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 72 73 /* Generic Bluetooth USB interface */ 74 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 75 76 /* Apple-specific (Broadcom) devices */ 77 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 78 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 79 80 /* MediaTek MT76x0E */ 81 { USB_DEVICE(0x0e8d, 0x763f) }, 82 83 /* Broadcom SoftSailing reporting vendor specific */ 84 { USB_DEVICE(0x0a5c, 0x21e1) }, 85 86 /* Apple MacBookPro 7,1 */ 87 { USB_DEVICE(0x05ac, 0x8213) }, 88 89 /* Apple iMac11,1 */ 90 { USB_DEVICE(0x05ac, 0x8215) }, 91 92 /* Apple MacBookPro6,2 */ 93 { USB_DEVICE(0x05ac, 0x8218) }, 94 95 /* Apple MacBookAir3,1, MacBookAir3,2 */ 96 { USB_DEVICE(0x05ac, 0x821b) }, 97 98 /* Apple MacBookAir4,1 */ 99 { USB_DEVICE(0x05ac, 0x821f) }, 100 101 /* Apple MacBookPro8,2 */ 102 { USB_DEVICE(0x05ac, 0x821a) }, 103 104 /* Apple MacMini5,1 */ 105 { USB_DEVICE(0x05ac, 0x8281) }, 106 107 /* AVM BlueFRITZ! USB v2.0 */ 108 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 109 110 /* Bluetooth Ultraport Module from IBM */ 111 { USB_DEVICE(0x04bf, 0x030a) }, 112 113 /* ALPS Modules with non-standard id */ 114 { USB_DEVICE(0x044e, 0x3001) }, 115 { USB_DEVICE(0x044e, 0x3002) }, 116 117 /* Ericsson with non-standard id */ 118 { USB_DEVICE(0x0bdb, 0x1002) }, 119 120 /* Canyon CN-BTU1 with HID interfaces */ 121 { USB_DEVICE(0x0c10, 0x0000) }, 122 123 /* Broadcom BCM20702A0 */ 124 { USB_DEVICE(0x413c, 0x8197) }, 125 126 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 127 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 128 129 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 130 { USB_DEVICE(0x105b, 0xe065), .driver_info = BTUSB_BCM_PATCHRAM }, 131 132 /* Foxconn - Hon Hai */ 133 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 134 .driver_info = BTUSB_BCM_PATCHRAM }, 135 136 /* Lite-On Technology - Broadcom based */ 137 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 138 .driver_info = BTUSB_BCM_PATCHRAM }, 139 140 /* Broadcom devices with vendor specific id */ 141 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 142 .driver_info = BTUSB_BCM_PATCHRAM }, 143 144 /* ASUSTek Computer - Broadcom based */ 145 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 146 .driver_info = BTUSB_BCM_PATCHRAM }, 147 148 /* Belkin F8065bf - Broadcom based */ 149 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 150 .driver_info = BTUSB_BCM_PATCHRAM }, 151 152 /* IMC Networks - Broadcom based */ 153 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 154 .driver_info = BTUSB_BCM_PATCHRAM }, 155 156 /* Toshiba Corp - Broadcom based */ 157 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 158 .driver_info = BTUSB_BCM_PATCHRAM }, 159 160 /* Intel Bluetooth USB Bootloader (RAM module) */ 161 { USB_DEVICE(0x8087, 0x0a5a), 162 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 163 164 { } /* Terminating entry */ 165 }; 166 167 MODULE_DEVICE_TABLE(usb, btusb_table); 168 169 static const struct usb_device_id blacklist_table[] = { 170 /* CSR BlueCore devices */ 171 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 172 173 /* Broadcom BCM2033 without firmware */ 174 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 175 176 /* Broadcom BCM2045 devices */ 177 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 178 179 /* Atheros 3011 with sflash firmware */ 180 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 181 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 182 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 183 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 184 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 185 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 186 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 187 188 /* Atheros AR9285 Malbec with sflash firmware */ 189 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 190 191 /* Atheros 3012 with sflash firmware */ 192 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 193 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 194 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 195 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 196 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 197 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 198 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 199 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 200 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 201 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 202 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 203 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 240 241 /* Atheros AR5BBU12 with sflash firmware */ 242 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 243 244 /* Atheros AR5BBU12 with sflash firmware */ 245 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 247 248 /* QCA ROME chipset */ 249 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, 250 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, 251 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, 252 253 /* Broadcom BCM2035 */ 254 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 255 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 256 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 257 258 /* Broadcom BCM2045 */ 259 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 260 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 261 262 /* IBM/Lenovo ThinkPad with Broadcom chip */ 263 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 264 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 265 266 /* HP laptop with Broadcom chip */ 267 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 268 269 /* Dell laptop with Broadcom chip */ 270 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 271 272 /* Dell Wireless 370 and 410 devices */ 273 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 274 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 275 276 /* Belkin F8T012 and F8T013 devices */ 277 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 278 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 279 280 /* Asus WL-BTD202 device */ 281 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 282 283 /* Kensington Bluetooth USB adapter */ 284 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 285 286 /* RTX Telecom based adapters with buggy SCO support */ 287 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 288 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 289 290 /* CONWISE Technology based adapters with buggy SCO support */ 291 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, 292 293 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 294 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 295 296 /* Digianswer devices */ 297 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 298 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 299 300 /* CSR BlueCore Bluetooth Sniffer */ 301 { USB_DEVICE(0x0a12, 0x0002), 302 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 303 304 /* Frontline ComProbe Bluetooth Sniffer */ 305 { USB_DEVICE(0x16d3, 0x0002), 306 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 307 308 /* Marvell Bluetooth devices */ 309 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 310 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 311 312 /* Intel Bluetooth devices */ 313 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 314 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 315 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 316 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, 317 318 /* Other Intel Bluetooth devices */ 319 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 320 .driver_info = BTUSB_IGNORE }, 321 322 /* Realtek Bluetooth devices */ 323 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 324 .driver_info = BTUSB_REALTEK }, 325 326 /* Additional Realtek 8723AE Bluetooth devices */ 327 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 328 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 329 330 /* Additional Realtek 8723BE Bluetooth devices */ 331 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 332 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 333 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 334 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 335 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 336 337 /* Additional Realtek 8821AE Bluetooth devices */ 338 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 339 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 340 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 341 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 342 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 343 344 /* Silicon Wave based devices */ 345 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 346 347 { } /* Terminating entry */ 348 }; 349 350 #define BTUSB_MAX_ISOC_FRAMES 10 351 352 #define BTUSB_INTR_RUNNING 0 353 #define BTUSB_BULK_RUNNING 1 354 #define BTUSB_ISOC_RUNNING 2 355 #define BTUSB_SUSPENDING 3 356 #define BTUSB_DID_ISO_RESUME 4 357 #define BTUSB_BOOTLOADER 5 358 #define BTUSB_DOWNLOADING 6 359 #define BTUSB_FIRMWARE_LOADED 7 360 #define BTUSB_FIRMWARE_FAILED 8 361 #define BTUSB_BOOTING 9 362 #define BTUSB_RESET_RESUME 10 363 #define BTUSB_DIAG_RUNNING 11 364 365 struct btusb_data { 366 struct hci_dev *hdev; 367 struct usb_device *udev; 368 struct usb_interface *intf; 369 struct usb_interface *isoc; 370 struct usb_interface *diag; 371 372 unsigned long flags; 373 374 struct work_struct work; 375 struct work_struct waker; 376 377 struct usb_anchor deferred; 378 struct usb_anchor tx_anchor; 379 int tx_in_flight; 380 spinlock_t txlock; 381 382 struct usb_anchor intr_anchor; 383 struct usb_anchor bulk_anchor; 384 struct usb_anchor isoc_anchor; 385 struct usb_anchor diag_anchor; 386 spinlock_t rxlock; 387 388 struct sk_buff *evt_skb; 389 struct sk_buff *acl_skb; 390 struct sk_buff *sco_skb; 391 392 struct usb_endpoint_descriptor *intr_ep; 393 struct usb_endpoint_descriptor *bulk_tx_ep; 394 struct usb_endpoint_descriptor *bulk_rx_ep; 395 struct usb_endpoint_descriptor *isoc_tx_ep; 396 struct usb_endpoint_descriptor *isoc_rx_ep; 397 struct usb_endpoint_descriptor *diag_tx_ep; 398 struct usb_endpoint_descriptor *diag_rx_ep; 399 400 __u8 cmdreq_type; 401 __u8 cmdreq; 402 403 unsigned int sco_num; 404 int isoc_altsetting; 405 int suspend_count; 406 407 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 408 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 409 410 int (*setup_on_usb)(struct hci_dev *hdev); 411 }; 412 413 static inline void btusb_free_frags(struct btusb_data *data) 414 { 415 unsigned long flags; 416 417 spin_lock_irqsave(&data->rxlock, flags); 418 419 kfree_skb(data->evt_skb); 420 data->evt_skb = NULL; 421 422 kfree_skb(data->acl_skb); 423 data->acl_skb = NULL; 424 425 kfree_skb(data->sco_skb); 426 data->sco_skb = NULL; 427 428 spin_unlock_irqrestore(&data->rxlock, flags); 429 } 430 431 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 432 { 433 struct sk_buff *skb; 434 int err = 0; 435 436 spin_lock(&data->rxlock); 437 skb = data->evt_skb; 438 439 while (count) { 440 int len; 441 442 if (!skb) { 443 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 444 if (!skb) { 445 err = -ENOMEM; 446 break; 447 } 448 449 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 450 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 451 } 452 453 len = min_t(uint, hci_skb_expect(skb), count); 454 memcpy(skb_put(skb, len), buffer, len); 455 456 count -= len; 457 buffer += len; 458 hci_skb_expect(skb) -= len; 459 460 if (skb->len == HCI_EVENT_HDR_SIZE) { 461 /* Complete event header */ 462 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 463 464 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 465 kfree_skb(skb); 466 skb = NULL; 467 468 err = -EILSEQ; 469 break; 470 } 471 } 472 473 if (!hci_skb_expect(skb)) { 474 /* Complete frame */ 475 data->recv_event(data->hdev, skb); 476 skb = NULL; 477 } 478 } 479 480 data->evt_skb = skb; 481 spin_unlock(&data->rxlock); 482 483 return err; 484 } 485 486 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 487 { 488 struct sk_buff *skb; 489 int err = 0; 490 491 spin_lock(&data->rxlock); 492 skb = data->acl_skb; 493 494 while (count) { 495 int len; 496 497 if (!skb) { 498 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 499 if (!skb) { 500 err = -ENOMEM; 501 break; 502 } 503 504 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 505 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 506 } 507 508 len = min_t(uint, hci_skb_expect(skb), count); 509 memcpy(skb_put(skb, len), buffer, len); 510 511 count -= len; 512 buffer += len; 513 hci_skb_expect(skb) -= len; 514 515 if (skb->len == HCI_ACL_HDR_SIZE) { 516 __le16 dlen = hci_acl_hdr(skb)->dlen; 517 518 /* Complete ACL header */ 519 hci_skb_expect(skb) = __le16_to_cpu(dlen); 520 521 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 522 kfree_skb(skb); 523 skb = NULL; 524 525 err = -EILSEQ; 526 break; 527 } 528 } 529 530 if (!hci_skb_expect(skb)) { 531 /* Complete frame */ 532 hci_recv_frame(data->hdev, skb); 533 skb = NULL; 534 } 535 } 536 537 data->acl_skb = skb; 538 spin_unlock(&data->rxlock); 539 540 return err; 541 } 542 543 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 544 { 545 struct sk_buff *skb; 546 int err = 0; 547 548 spin_lock(&data->rxlock); 549 skb = data->sco_skb; 550 551 while (count) { 552 int len; 553 554 if (!skb) { 555 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 556 if (!skb) { 557 err = -ENOMEM; 558 break; 559 } 560 561 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 562 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 563 } 564 565 len = min_t(uint, hci_skb_expect(skb), count); 566 memcpy(skb_put(skb, len), buffer, len); 567 568 count -= len; 569 buffer += len; 570 hci_skb_expect(skb) -= len; 571 572 if (skb->len == HCI_SCO_HDR_SIZE) { 573 /* Complete SCO header */ 574 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; 575 576 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 577 kfree_skb(skb); 578 skb = NULL; 579 580 err = -EILSEQ; 581 break; 582 } 583 } 584 585 if (!hci_skb_expect(skb)) { 586 /* Complete frame */ 587 hci_recv_frame(data->hdev, skb); 588 skb = NULL; 589 } 590 } 591 592 data->sco_skb = skb; 593 spin_unlock(&data->rxlock); 594 595 return err; 596 } 597 598 static void btusb_intr_complete(struct urb *urb) 599 { 600 struct hci_dev *hdev = urb->context; 601 struct btusb_data *data = hci_get_drvdata(hdev); 602 int err; 603 604 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 605 urb->actual_length); 606 607 if (!test_bit(HCI_RUNNING, &hdev->flags)) 608 return; 609 610 if (urb->status == 0) { 611 hdev->stat.byte_rx += urb->actual_length; 612 613 if (btusb_recv_intr(data, urb->transfer_buffer, 614 urb->actual_length) < 0) { 615 BT_ERR("%s corrupted event packet", hdev->name); 616 hdev->stat.err_rx++; 617 } 618 } else if (urb->status == -ENOENT) { 619 /* Avoid suspend failed when usb_kill_urb */ 620 return; 621 } 622 623 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 624 return; 625 626 usb_mark_last_busy(data->udev); 627 usb_anchor_urb(urb, &data->intr_anchor); 628 629 err = usb_submit_urb(urb, GFP_ATOMIC); 630 if (err < 0) { 631 /* -EPERM: urb is being killed; 632 * -ENODEV: device got disconnected */ 633 if (err != -EPERM && err != -ENODEV) 634 BT_ERR("%s urb %p failed to resubmit (%d)", 635 hdev->name, urb, -err); 636 usb_unanchor_urb(urb); 637 } 638 } 639 640 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 641 { 642 struct btusb_data *data = hci_get_drvdata(hdev); 643 struct urb *urb; 644 unsigned char *buf; 645 unsigned int pipe; 646 int err, size; 647 648 BT_DBG("%s", hdev->name); 649 650 if (!data->intr_ep) 651 return -ENODEV; 652 653 urb = usb_alloc_urb(0, mem_flags); 654 if (!urb) 655 return -ENOMEM; 656 657 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 658 659 buf = kmalloc(size, mem_flags); 660 if (!buf) { 661 usb_free_urb(urb); 662 return -ENOMEM; 663 } 664 665 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 666 667 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 668 btusb_intr_complete, hdev, data->intr_ep->bInterval); 669 670 urb->transfer_flags |= URB_FREE_BUFFER; 671 672 usb_anchor_urb(urb, &data->intr_anchor); 673 674 err = usb_submit_urb(urb, mem_flags); 675 if (err < 0) { 676 if (err != -EPERM && err != -ENODEV) 677 BT_ERR("%s urb %p submission failed (%d)", 678 hdev->name, urb, -err); 679 usb_unanchor_urb(urb); 680 } 681 682 usb_free_urb(urb); 683 684 return err; 685 } 686 687 static void btusb_bulk_complete(struct urb *urb) 688 { 689 struct hci_dev *hdev = urb->context; 690 struct btusb_data *data = hci_get_drvdata(hdev); 691 int err; 692 693 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 694 urb->actual_length); 695 696 if (!test_bit(HCI_RUNNING, &hdev->flags)) 697 return; 698 699 if (urb->status == 0) { 700 hdev->stat.byte_rx += urb->actual_length; 701 702 if (data->recv_bulk(data, urb->transfer_buffer, 703 urb->actual_length) < 0) { 704 BT_ERR("%s corrupted ACL packet", hdev->name); 705 hdev->stat.err_rx++; 706 } 707 } else if (urb->status == -ENOENT) { 708 /* Avoid suspend failed when usb_kill_urb */ 709 return; 710 } 711 712 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 713 return; 714 715 usb_anchor_urb(urb, &data->bulk_anchor); 716 usb_mark_last_busy(data->udev); 717 718 err = usb_submit_urb(urb, GFP_ATOMIC); 719 if (err < 0) { 720 /* -EPERM: urb is being killed; 721 * -ENODEV: device got disconnected */ 722 if (err != -EPERM && err != -ENODEV) 723 BT_ERR("%s urb %p failed to resubmit (%d)", 724 hdev->name, urb, -err); 725 usb_unanchor_urb(urb); 726 } 727 } 728 729 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 730 { 731 struct btusb_data *data = hci_get_drvdata(hdev); 732 struct urb *urb; 733 unsigned char *buf; 734 unsigned int pipe; 735 int err, size = HCI_MAX_FRAME_SIZE; 736 737 BT_DBG("%s", hdev->name); 738 739 if (!data->bulk_rx_ep) 740 return -ENODEV; 741 742 urb = usb_alloc_urb(0, mem_flags); 743 if (!urb) 744 return -ENOMEM; 745 746 buf = kmalloc(size, mem_flags); 747 if (!buf) { 748 usb_free_urb(urb); 749 return -ENOMEM; 750 } 751 752 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 753 754 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 755 btusb_bulk_complete, hdev); 756 757 urb->transfer_flags |= URB_FREE_BUFFER; 758 759 usb_mark_last_busy(data->udev); 760 usb_anchor_urb(urb, &data->bulk_anchor); 761 762 err = usb_submit_urb(urb, mem_flags); 763 if (err < 0) { 764 if (err != -EPERM && err != -ENODEV) 765 BT_ERR("%s urb %p submission failed (%d)", 766 hdev->name, urb, -err); 767 usb_unanchor_urb(urb); 768 } 769 770 usb_free_urb(urb); 771 772 return err; 773 } 774 775 static void btusb_isoc_complete(struct urb *urb) 776 { 777 struct hci_dev *hdev = urb->context; 778 struct btusb_data *data = hci_get_drvdata(hdev); 779 int i, err; 780 781 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 782 urb->actual_length); 783 784 if (!test_bit(HCI_RUNNING, &hdev->flags)) 785 return; 786 787 if (urb->status == 0) { 788 for (i = 0; i < urb->number_of_packets; i++) { 789 unsigned int offset = urb->iso_frame_desc[i].offset; 790 unsigned int length = urb->iso_frame_desc[i].actual_length; 791 792 if (urb->iso_frame_desc[i].status) 793 continue; 794 795 hdev->stat.byte_rx += length; 796 797 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 798 length) < 0) { 799 BT_ERR("%s corrupted SCO packet", hdev->name); 800 hdev->stat.err_rx++; 801 } 802 } 803 } else if (urb->status == -ENOENT) { 804 /* Avoid suspend failed when usb_kill_urb */ 805 return; 806 } 807 808 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 809 return; 810 811 usb_anchor_urb(urb, &data->isoc_anchor); 812 813 err = usb_submit_urb(urb, GFP_ATOMIC); 814 if (err < 0) { 815 /* -EPERM: urb is being killed; 816 * -ENODEV: device got disconnected */ 817 if (err != -EPERM && err != -ENODEV) 818 BT_ERR("%s urb %p failed to resubmit (%d)", 819 hdev->name, urb, -err); 820 usb_unanchor_urb(urb); 821 } 822 } 823 824 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 825 { 826 int i, offset = 0; 827 828 BT_DBG("len %d mtu %d", len, mtu); 829 830 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 831 i++, offset += mtu, len -= mtu) { 832 urb->iso_frame_desc[i].offset = offset; 833 urb->iso_frame_desc[i].length = mtu; 834 } 835 836 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 837 urb->iso_frame_desc[i].offset = offset; 838 urb->iso_frame_desc[i].length = len; 839 i++; 840 } 841 842 urb->number_of_packets = i; 843 } 844 845 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 846 { 847 struct btusb_data *data = hci_get_drvdata(hdev); 848 struct urb *urb; 849 unsigned char *buf; 850 unsigned int pipe; 851 int err, size; 852 853 BT_DBG("%s", hdev->name); 854 855 if (!data->isoc_rx_ep) 856 return -ENODEV; 857 858 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 859 if (!urb) 860 return -ENOMEM; 861 862 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 863 BTUSB_MAX_ISOC_FRAMES; 864 865 buf = kmalloc(size, mem_flags); 866 if (!buf) { 867 usb_free_urb(urb); 868 return -ENOMEM; 869 } 870 871 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 872 873 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 874 hdev, data->isoc_rx_ep->bInterval); 875 876 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 877 878 __fill_isoc_descriptor(urb, size, 879 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 880 881 usb_anchor_urb(urb, &data->isoc_anchor); 882 883 err = usb_submit_urb(urb, mem_flags); 884 if (err < 0) { 885 if (err != -EPERM && err != -ENODEV) 886 BT_ERR("%s urb %p submission failed (%d)", 887 hdev->name, urb, -err); 888 usb_unanchor_urb(urb); 889 } 890 891 usb_free_urb(urb); 892 893 return err; 894 } 895 896 static void btusb_diag_complete(struct urb *urb) 897 { 898 struct hci_dev *hdev = urb->context; 899 struct btusb_data *data = hci_get_drvdata(hdev); 900 int err; 901 902 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 903 urb->actual_length); 904 905 if (urb->status == 0) { 906 struct sk_buff *skb; 907 908 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 909 if (skb) { 910 memcpy(skb_put(skb, urb->actual_length), 911 urb->transfer_buffer, urb->actual_length); 912 hci_recv_diag(hdev, skb); 913 } 914 } else if (urb->status == -ENOENT) { 915 /* Avoid suspend failed when usb_kill_urb */ 916 return; 917 } 918 919 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 920 return; 921 922 usb_anchor_urb(urb, &data->diag_anchor); 923 usb_mark_last_busy(data->udev); 924 925 err = usb_submit_urb(urb, GFP_ATOMIC); 926 if (err < 0) { 927 /* -EPERM: urb is being killed; 928 * -ENODEV: device got disconnected */ 929 if (err != -EPERM && err != -ENODEV) 930 BT_ERR("%s urb %p failed to resubmit (%d)", 931 hdev->name, urb, -err); 932 usb_unanchor_urb(urb); 933 } 934 } 935 936 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 937 { 938 struct btusb_data *data = hci_get_drvdata(hdev); 939 struct urb *urb; 940 unsigned char *buf; 941 unsigned int pipe; 942 int err, size = HCI_MAX_FRAME_SIZE; 943 944 BT_DBG("%s", hdev->name); 945 946 if (!data->diag_rx_ep) 947 return -ENODEV; 948 949 urb = usb_alloc_urb(0, mem_flags); 950 if (!urb) 951 return -ENOMEM; 952 953 buf = kmalloc(size, mem_flags); 954 if (!buf) { 955 usb_free_urb(urb); 956 return -ENOMEM; 957 } 958 959 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 960 961 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 962 btusb_diag_complete, hdev); 963 964 urb->transfer_flags |= URB_FREE_BUFFER; 965 966 usb_mark_last_busy(data->udev); 967 usb_anchor_urb(urb, &data->diag_anchor); 968 969 err = usb_submit_urb(urb, mem_flags); 970 if (err < 0) { 971 if (err != -EPERM && err != -ENODEV) 972 BT_ERR("%s urb %p submission failed (%d)", 973 hdev->name, urb, -err); 974 usb_unanchor_urb(urb); 975 } 976 977 usb_free_urb(urb); 978 979 return err; 980 } 981 982 static void btusb_tx_complete(struct urb *urb) 983 { 984 struct sk_buff *skb = urb->context; 985 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 986 struct btusb_data *data = hci_get_drvdata(hdev); 987 988 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 989 urb->actual_length); 990 991 if (!test_bit(HCI_RUNNING, &hdev->flags)) 992 goto done; 993 994 if (!urb->status) 995 hdev->stat.byte_tx += urb->transfer_buffer_length; 996 else 997 hdev->stat.err_tx++; 998 999 done: 1000 spin_lock(&data->txlock); 1001 data->tx_in_flight--; 1002 spin_unlock(&data->txlock); 1003 1004 kfree(urb->setup_packet); 1005 1006 kfree_skb(skb); 1007 } 1008 1009 static void btusb_isoc_tx_complete(struct urb *urb) 1010 { 1011 struct sk_buff *skb = urb->context; 1012 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1013 1014 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1015 urb->actual_length); 1016 1017 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1018 goto done; 1019 1020 if (!urb->status) 1021 hdev->stat.byte_tx += urb->transfer_buffer_length; 1022 else 1023 hdev->stat.err_tx++; 1024 1025 done: 1026 kfree(urb->setup_packet); 1027 1028 kfree_skb(skb); 1029 } 1030 1031 static int btusb_open(struct hci_dev *hdev) 1032 { 1033 struct btusb_data *data = hci_get_drvdata(hdev); 1034 int err; 1035 1036 BT_DBG("%s", hdev->name); 1037 1038 /* Patching USB firmware files prior to starting any URBs of HCI path 1039 * It is more safe to use USB bulk channel for downloading USB patch 1040 */ 1041 if (data->setup_on_usb) { 1042 err = data->setup_on_usb(hdev); 1043 if (err < 0) 1044 return err; 1045 } 1046 1047 err = usb_autopm_get_interface(data->intf); 1048 if (err < 0) 1049 return err; 1050 1051 data->intf->needs_remote_wakeup = 1; 1052 1053 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1054 goto done; 1055 1056 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1057 if (err < 0) 1058 goto failed; 1059 1060 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1061 if (err < 0) { 1062 usb_kill_anchored_urbs(&data->intr_anchor); 1063 goto failed; 1064 } 1065 1066 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1067 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1068 1069 if (data->diag) { 1070 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1071 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1072 } 1073 1074 done: 1075 usb_autopm_put_interface(data->intf); 1076 return 0; 1077 1078 failed: 1079 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1080 usb_autopm_put_interface(data->intf); 1081 return err; 1082 } 1083 1084 static void btusb_stop_traffic(struct btusb_data *data) 1085 { 1086 usb_kill_anchored_urbs(&data->intr_anchor); 1087 usb_kill_anchored_urbs(&data->bulk_anchor); 1088 usb_kill_anchored_urbs(&data->isoc_anchor); 1089 usb_kill_anchored_urbs(&data->diag_anchor); 1090 } 1091 1092 static int btusb_close(struct hci_dev *hdev) 1093 { 1094 struct btusb_data *data = hci_get_drvdata(hdev); 1095 int err; 1096 1097 BT_DBG("%s", hdev->name); 1098 1099 cancel_work_sync(&data->work); 1100 cancel_work_sync(&data->waker); 1101 1102 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1103 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1104 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1105 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1106 1107 btusb_stop_traffic(data); 1108 btusb_free_frags(data); 1109 1110 err = usb_autopm_get_interface(data->intf); 1111 if (err < 0) 1112 goto failed; 1113 1114 data->intf->needs_remote_wakeup = 0; 1115 usb_autopm_put_interface(data->intf); 1116 1117 failed: 1118 usb_scuttle_anchored_urbs(&data->deferred); 1119 return 0; 1120 } 1121 1122 static int btusb_flush(struct hci_dev *hdev) 1123 { 1124 struct btusb_data *data = hci_get_drvdata(hdev); 1125 1126 BT_DBG("%s", hdev->name); 1127 1128 usb_kill_anchored_urbs(&data->tx_anchor); 1129 btusb_free_frags(data); 1130 1131 return 0; 1132 } 1133 1134 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1135 { 1136 struct btusb_data *data = hci_get_drvdata(hdev); 1137 struct usb_ctrlrequest *dr; 1138 struct urb *urb; 1139 unsigned int pipe; 1140 1141 urb = usb_alloc_urb(0, GFP_KERNEL); 1142 if (!urb) 1143 return ERR_PTR(-ENOMEM); 1144 1145 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1146 if (!dr) { 1147 usb_free_urb(urb); 1148 return ERR_PTR(-ENOMEM); 1149 } 1150 1151 dr->bRequestType = data->cmdreq_type; 1152 dr->bRequest = data->cmdreq; 1153 dr->wIndex = 0; 1154 dr->wValue = 0; 1155 dr->wLength = __cpu_to_le16(skb->len); 1156 1157 pipe = usb_sndctrlpipe(data->udev, 0x00); 1158 1159 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1160 skb->data, skb->len, btusb_tx_complete, skb); 1161 1162 skb->dev = (void *)hdev; 1163 1164 return urb; 1165 } 1166 1167 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1168 { 1169 struct btusb_data *data = hci_get_drvdata(hdev); 1170 struct urb *urb; 1171 unsigned int pipe; 1172 1173 if (!data->bulk_tx_ep) 1174 return ERR_PTR(-ENODEV); 1175 1176 urb = usb_alloc_urb(0, GFP_KERNEL); 1177 if (!urb) 1178 return ERR_PTR(-ENOMEM); 1179 1180 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1181 1182 usb_fill_bulk_urb(urb, data->udev, pipe, 1183 skb->data, skb->len, btusb_tx_complete, skb); 1184 1185 skb->dev = (void *)hdev; 1186 1187 return urb; 1188 } 1189 1190 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1191 { 1192 struct btusb_data *data = hci_get_drvdata(hdev); 1193 struct urb *urb; 1194 unsigned int pipe; 1195 1196 if (!data->isoc_tx_ep) 1197 return ERR_PTR(-ENODEV); 1198 1199 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1200 if (!urb) 1201 return ERR_PTR(-ENOMEM); 1202 1203 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1204 1205 usb_fill_int_urb(urb, data->udev, pipe, 1206 skb->data, skb->len, btusb_isoc_tx_complete, 1207 skb, data->isoc_tx_ep->bInterval); 1208 1209 urb->transfer_flags = URB_ISO_ASAP; 1210 1211 __fill_isoc_descriptor(urb, skb->len, 1212 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1213 1214 skb->dev = (void *)hdev; 1215 1216 return urb; 1217 } 1218 1219 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1220 { 1221 struct btusb_data *data = hci_get_drvdata(hdev); 1222 int err; 1223 1224 usb_anchor_urb(urb, &data->tx_anchor); 1225 1226 err = usb_submit_urb(urb, GFP_KERNEL); 1227 if (err < 0) { 1228 if (err != -EPERM && err != -ENODEV) 1229 BT_ERR("%s urb %p submission failed (%d)", 1230 hdev->name, urb, -err); 1231 kfree(urb->setup_packet); 1232 usb_unanchor_urb(urb); 1233 } else { 1234 usb_mark_last_busy(data->udev); 1235 } 1236 1237 usb_free_urb(urb); 1238 return err; 1239 } 1240 1241 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1242 { 1243 struct btusb_data *data = hci_get_drvdata(hdev); 1244 unsigned long flags; 1245 bool suspending; 1246 1247 spin_lock_irqsave(&data->txlock, flags); 1248 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1249 if (!suspending) 1250 data->tx_in_flight++; 1251 spin_unlock_irqrestore(&data->txlock, flags); 1252 1253 if (!suspending) 1254 return submit_tx_urb(hdev, urb); 1255 1256 usb_anchor_urb(urb, &data->deferred); 1257 schedule_work(&data->waker); 1258 1259 usb_free_urb(urb); 1260 return 0; 1261 } 1262 1263 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1264 { 1265 struct urb *urb; 1266 1267 BT_DBG("%s", hdev->name); 1268 1269 switch (hci_skb_pkt_type(skb)) { 1270 case HCI_COMMAND_PKT: 1271 urb = alloc_ctrl_urb(hdev, skb); 1272 if (IS_ERR(urb)) 1273 return PTR_ERR(urb); 1274 1275 hdev->stat.cmd_tx++; 1276 return submit_or_queue_tx_urb(hdev, urb); 1277 1278 case HCI_ACLDATA_PKT: 1279 urb = alloc_bulk_urb(hdev, skb); 1280 if (IS_ERR(urb)) 1281 return PTR_ERR(urb); 1282 1283 hdev->stat.acl_tx++; 1284 return submit_or_queue_tx_urb(hdev, urb); 1285 1286 case HCI_SCODATA_PKT: 1287 if (hci_conn_num(hdev, SCO_LINK) < 1) 1288 return -ENODEV; 1289 1290 urb = alloc_isoc_urb(hdev, skb); 1291 if (IS_ERR(urb)) 1292 return PTR_ERR(urb); 1293 1294 hdev->stat.sco_tx++; 1295 return submit_tx_urb(hdev, urb); 1296 } 1297 1298 return -EILSEQ; 1299 } 1300 1301 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1302 { 1303 struct btusb_data *data = hci_get_drvdata(hdev); 1304 1305 BT_DBG("%s evt %d", hdev->name, evt); 1306 1307 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1308 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1309 schedule_work(&data->work); 1310 } 1311 } 1312 1313 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1314 { 1315 struct btusb_data *data = hci_get_drvdata(hdev); 1316 struct usb_interface *intf = data->isoc; 1317 struct usb_endpoint_descriptor *ep_desc; 1318 int i, err; 1319 1320 if (!data->isoc) 1321 return -ENODEV; 1322 1323 err = usb_set_interface(data->udev, 1, altsetting); 1324 if (err < 0) { 1325 BT_ERR("%s setting interface failed (%d)", hdev->name, -err); 1326 return err; 1327 } 1328 1329 data->isoc_altsetting = altsetting; 1330 1331 data->isoc_tx_ep = NULL; 1332 data->isoc_rx_ep = NULL; 1333 1334 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1335 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1336 1337 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1338 data->isoc_tx_ep = ep_desc; 1339 continue; 1340 } 1341 1342 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1343 data->isoc_rx_ep = ep_desc; 1344 continue; 1345 } 1346 } 1347 1348 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1349 BT_ERR("%s invalid SCO descriptors", hdev->name); 1350 return -ENODEV; 1351 } 1352 1353 return 0; 1354 } 1355 1356 static void btusb_work(struct work_struct *work) 1357 { 1358 struct btusb_data *data = container_of(work, struct btusb_data, work); 1359 struct hci_dev *hdev = data->hdev; 1360 int new_alts; 1361 int err; 1362 1363 if (data->sco_num > 0) { 1364 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1365 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1366 if (err < 0) { 1367 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1368 usb_kill_anchored_urbs(&data->isoc_anchor); 1369 return; 1370 } 1371 1372 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1373 } 1374 1375 if (hdev->voice_setting & 0x0020) { 1376 static const int alts[3] = { 2, 4, 5 }; 1377 1378 new_alts = alts[data->sco_num - 1]; 1379 } else { 1380 new_alts = data->sco_num; 1381 } 1382 1383 if (data->isoc_altsetting != new_alts) { 1384 unsigned long flags; 1385 1386 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1387 usb_kill_anchored_urbs(&data->isoc_anchor); 1388 1389 /* When isochronous alternate setting needs to be 1390 * changed, because SCO connection has been added 1391 * or removed, a packet fragment may be left in the 1392 * reassembling state. This could lead to wrongly 1393 * assembled fragments. 1394 * 1395 * Clear outstanding fragment when selecting a new 1396 * alternate setting. 1397 */ 1398 spin_lock_irqsave(&data->rxlock, flags); 1399 kfree_skb(data->sco_skb); 1400 data->sco_skb = NULL; 1401 spin_unlock_irqrestore(&data->rxlock, flags); 1402 1403 if (__set_isoc_interface(hdev, new_alts) < 0) 1404 return; 1405 } 1406 1407 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1408 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1409 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1410 else 1411 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1412 } 1413 } else { 1414 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1415 usb_kill_anchored_urbs(&data->isoc_anchor); 1416 1417 __set_isoc_interface(hdev, 0); 1418 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1419 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1420 } 1421 } 1422 1423 static void btusb_waker(struct work_struct *work) 1424 { 1425 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1426 int err; 1427 1428 err = usb_autopm_get_interface(data->intf); 1429 if (err < 0) 1430 return; 1431 1432 usb_autopm_put_interface(data->intf); 1433 } 1434 1435 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1436 { 1437 struct sk_buff *skb; 1438 u8 val = 0x00; 1439 1440 BT_DBG("%s", hdev->name); 1441 1442 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1443 if (IS_ERR(skb)) 1444 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); 1445 else 1446 kfree_skb(skb); 1447 1448 return 0; 1449 } 1450 1451 static int btusb_setup_csr(struct hci_dev *hdev) 1452 { 1453 struct hci_rp_read_local_version *rp; 1454 struct sk_buff *skb; 1455 1456 BT_DBG("%s", hdev->name); 1457 1458 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1459 HCI_INIT_TIMEOUT); 1460 if (IS_ERR(skb)) { 1461 int err = PTR_ERR(skb); 1462 BT_ERR("%s: CSR: Local version failed (%d)", hdev->name, err); 1463 return err; 1464 } 1465 1466 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 1467 BT_ERR("%s: CSR: Local version length mismatch", hdev->name); 1468 kfree_skb(skb); 1469 return -EIO; 1470 } 1471 1472 rp = (struct hci_rp_read_local_version *)skb->data; 1473 1474 /* Detect controllers which aren't real CSR ones. */ 1475 if (le16_to_cpu(rp->manufacturer) != 10 || 1476 le16_to_cpu(rp->lmp_subver) == 0x0c5c) { 1477 /* Clear the reset quirk since this is not an actual 1478 * early Bluetooth 1.1 device from CSR. 1479 */ 1480 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1481 1482 /* These fake CSR controllers have all a broken 1483 * stored link key handling and so just disable it. 1484 */ 1485 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1486 } 1487 1488 kfree_skb(skb); 1489 1490 return 0; 1491 } 1492 1493 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1494 struct intel_version *ver) 1495 { 1496 const struct firmware *fw; 1497 char fwname[64]; 1498 int ret; 1499 1500 snprintf(fwname, sizeof(fwname), 1501 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1502 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1503 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1504 ver->fw_build_ww, ver->fw_build_yy); 1505 1506 ret = request_firmware(&fw, fwname, &hdev->dev); 1507 if (ret < 0) { 1508 if (ret == -EINVAL) { 1509 BT_ERR("%s Intel firmware file request failed (%d)", 1510 hdev->name, ret); 1511 return NULL; 1512 } 1513 1514 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1515 hdev->name, fwname, ret); 1516 1517 /* If the correct firmware patch file is not found, use the 1518 * default firmware patch file instead 1519 */ 1520 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1521 ver->hw_platform, ver->hw_variant); 1522 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1523 BT_ERR("%s failed to open default Intel fw file: %s", 1524 hdev->name, fwname); 1525 return NULL; 1526 } 1527 } 1528 1529 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); 1530 1531 return fw; 1532 } 1533 1534 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1535 const struct firmware *fw, 1536 const u8 **fw_ptr, int *disable_patch) 1537 { 1538 struct sk_buff *skb; 1539 struct hci_command_hdr *cmd; 1540 const u8 *cmd_param; 1541 struct hci_event_hdr *evt = NULL; 1542 const u8 *evt_param = NULL; 1543 int remain = fw->size - (*fw_ptr - fw->data); 1544 1545 /* The first byte indicates the types of the patch command or event. 1546 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1547 * in the current firmware buffer doesn't start with 0x01 or 1548 * the size of remain buffer is smaller than HCI command header, 1549 * the firmware file is corrupted and it should stop the patching 1550 * process. 1551 */ 1552 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1553 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1554 return -EINVAL; 1555 } 1556 (*fw_ptr)++; 1557 remain--; 1558 1559 cmd = (struct hci_command_hdr *)(*fw_ptr); 1560 *fw_ptr += sizeof(*cmd); 1561 remain -= sizeof(*cmd); 1562 1563 /* Ensure that the remain firmware data is long enough than the length 1564 * of command parameter. If not, the firmware file is corrupted. 1565 */ 1566 if (remain < cmd->plen) { 1567 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1568 return -EFAULT; 1569 } 1570 1571 /* If there is a command that loads a patch in the firmware 1572 * file, then enable the patch upon success, otherwise just 1573 * disable the manufacturer mode, for example patch activation 1574 * is not required when the default firmware patch file is used 1575 * because there are no patch data to load. 1576 */ 1577 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1578 *disable_patch = 0; 1579 1580 cmd_param = *fw_ptr; 1581 *fw_ptr += cmd->plen; 1582 remain -= cmd->plen; 1583 1584 /* This reads the expected events when the above command is sent to the 1585 * device. Some vendor commands expects more than one events, for 1586 * example command status event followed by vendor specific event. 1587 * For this case, it only keeps the last expected event. so the command 1588 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1589 * last expected event. 1590 */ 1591 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1592 (*fw_ptr)++; 1593 remain--; 1594 1595 evt = (struct hci_event_hdr *)(*fw_ptr); 1596 *fw_ptr += sizeof(*evt); 1597 remain -= sizeof(*evt); 1598 1599 if (remain < evt->plen) { 1600 BT_ERR("%s Intel fw corrupted: invalid evt len", 1601 hdev->name); 1602 return -EFAULT; 1603 } 1604 1605 evt_param = *fw_ptr; 1606 *fw_ptr += evt->plen; 1607 remain -= evt->plen; 1608 } 1609 1610 /* Every HCI commands in the firmware file has its correspond event. 1611 * If event is not found or remain is smaller than zero, the firmware 1612 * file is corrupted. 1613 */ 1614 if (!evt || !evt_param || remain < 0) { 1615 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1616 return -EFAULT; 1617 } 1618 1619 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1620 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1621 if (IS_ERR(skb)) { 1622 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1623 hdev->name, cmd->opcode, PTR_ERR(skb)); 1624 return PTR_ERR(skb); 1625 } 1626 1627 /* It ensures that the returned event matches the event data read from 1628 * the firmware file. At fist, it checks the length and then 1629 * the contents of the event. 1630 */ 1631 if (skb->len != evt->plen) { 1632 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1633 le16_to_cpu(cmd->opcode)); 1634 kfree_skb(skb); 1635 return -EFAULT; 1636 } 1637 1638 if (memcmp(skb->data, evt_param, evt->plen)) { 1639 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1640 hdev->name, le16_to_cpu(cmd->opcode)); 1641 kfree_skb(skb); 1642 return -EFAULT; 1643 } 1644 kfree_skb(skb); 1645 1646 return 0; 1647 } 1648 1649 static int btusb_setup_intel(struct hci_dev *hdev) 1650 { 1651 struct sk_buff *skb; 1652 const struct firmware *fw; 1653 const u8 *fw_ptr; 1654 int disable_patch, err; 1655 struct intel_version ver; 1656 1657 BT_DBG("%s", hdev->name); 1658 1659 /* The controller has a bug with the first HCI command sent to it 1660 * returning number of completed commands as zero. This would stall the 1661 * command processing in the Bluetooth core. 1662 * 1663 * As a workaround, send HCI Reset command first which will reset the 1664 * number of completed commands and allow normal command processing 1665 * from now on. 1666 */ 1667 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1668 if (IS_ERR(skb)) { 1669 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1670 hdev->name, PTR_ERR(skb)); 1671 return PTR_ERR(skb); 1672 } 1673 kfree_skb(skb); 1674 1675 /* Read Intel specific controller version first to allow selection of 1676 * which firmware file to load. 1677 * 1678 * The returned information are hardware variant and revision plus 1679 * firmware variant, revision and build number. 1680 */ 1681 err = btintel_read_version(hdev, &ver); 1682 if (err) 1683 return err; 1684 1685 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1686 hdev->name, ver.hw_platform, ver.hw_variant, ver.hw_revision, 1687 ver.fw_variant, ver.fw_revision, ver.fw_build_num, 1688 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num); 1689 1690 /* fw_patch_num indicates the version of patch the device currently 1691 * have. If there is no patch data in the device, it is always 0x00. 1692 * So, if it is other than 0x00, no need to patch the device again. 1693 */ 1694 if (ver.fw_patch_num) { 1695 BT_INFO("%s: Intel device is already patched. patch num: %02x", 1696 hdev->name, ver.fw_patch_num); 1697 goto complete; 1698 } 1699 1700 /* Opens the firmware patch file based on the firmware version read 1701 * from the controller. If it fails to open the matching firmware 1702 * patch file, it tries to open the default firmware patch file. 1703 * If no patch file is found, allow the device to operate without 1704 * a patch. 1705 */ 1706 fw = btusb_setup_intel_get_fw(hdev, &ver); 1707 if (!fw) 1708 goto complete; 1709 fw_ptr = fw->data; 1710 1711 /* Enable the manufacturer mode of the controller. 1712 * Only while this mode is enabled, the driver can download the 1713 * firmware patch data and configuration parameters. 1714 */ 1715 err = btintel_enter_mfg(hdev); 1716 if (err) { 1717 release_firmware(fw); 1718 return err; 1719 } 1720 1721 disable_patch = 1; 1722 1723 /* The firmware data file consists of list of Intel specific HCI 1724 * commands and its expected events. The first byte indicates the 1725 * type of the message, either HCI command or HCI event. 1726 * 1727 * It reads the command and its expected event from the firmware file, 1728 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1729 * the returned event is compared with the event read from the firmware 1730 * file and it will continue until all the messages are downloaded to 1731 * the controller. 1732 * 1733 * Once the firmware patching is completed successfully, 1734 * the manufacturer mode is disabled with reset and activating the 1735 * downloaded patch. 1736 * 1737 * If the firmware patching fails, the manufacturer mode is 1738 * disabled with reset and deactivating the patch. 1739 * 1740 * If the default patch file is used, no reset is done when disabling 1741 * the manufacturer. 1742 */ 1743 while (fw->size > fw_ptr - fw->data) { 1744 int ret; 1745 1746 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1747 &disable_patch); 1748 if (ret < 0) 1749 goto exit_mfg_deactivate; 1750 } 1751 1752 release_firmware(fw); 1753 1754 if (disable_patch) 1755 goto exit_mfg_disable; 1756 1757 /* Patching completed successfully and disable the manufacturer mode 1758 * with reset and activate the downloaded firmware patches. 1759 */ 1760 err = btintel_exit_mfg(hdev, true, true); 1761 if (err) 1762 return err; 1763 1764 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", 1765 hdev->name); 1766 1767 goto complete; 1768 1769 exit_mfg_disable: 1770 /* Disable the manufacturer mode without reset */ 1771 err = btintel_exit_mfg(hdev, false, false); 1772 if (err) 1773 return err; 1774 1775 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); 1776 1777 goto complete; 1778 1779 exit_mfg_deactivate: 1780 release_firmware(fw); 1781 1782 /* Patching failed. Disable the manufacturer mode with reset and 1783 * deactivate the downloaded firmware patches. 1784 */ 1785 err = btintel_exit_mfg(hdev, true, false); 1786 if (err) 1787 return err; 1788 1789 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", 1790 hdev->name); 1791 1792 complete: 1793 /* Set the event mask for Intel specific vendor events. This enables 1794 * a few extra events that are useful during general operation. 1795 */ 1796 btintel_set_event_mask_mfg(hdev, false); 1797 1798 btintel_check_bdaddr(hdev); 1799 return 0; 1800 } 1801 1802 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1803 { 1804 struct sk_buff *skb; 1805 struct hci_event_hdr *hdr; 1806 struct hci_ev_cmd_complete *evt; 1807 1808 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 1809 if (!skb) 1810 return -ENOMEM; 1811 1812 hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); 1813 hdr->evt = HCI_EV_CMD_COMPLETE; 1814 hdr->plen = sizeof(*evt) + 1; 1815 1816 evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); 1817 evt->ncmd = 0x01; 1818 evt->opcode = cpu_to_le16(opcode); 1819 1820 *skb_put(skb, 1) = 0x00; 1821 1822 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1823 1824 return hci_recv_frame(hdev, skb); 1825 } 1826 1827 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 1828 int count) 1829 { 1830 /* When the device is in bootloader mode, then it can send 1831 * events via the bulk endpoint. These events are treated the 1832 * same way as the ones received from the interrupt endpoint. 1833 */ 1834 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) 1835 return btusb_recv_intr(data, buffer, count); 1836 1837 return btusb_recv_bulk(data, buffer, count); 1838 } 1839 1840 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr, 1841 unsigned int len) 1842 { 1843 const struct intel_bootup *evt = ptr; 1844 1845 if (len != sizeof(*evt)) 1846 return; 1847 1848 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) { 1849 smp_mb__after_atomic(); 1850 wake_up_bit(&data->flags, BTUSB_BOOTING); 1851 } 1852 } 1853 1854 static void btusb_intel_secure_send_result(struct btusb_data *data, 1855 const void *ptr, unsigned int len) 1856 { 1857 const struct intel_secure_send_result *evt = ptr; 1858 1859 if (len != sizeof(*evt)) 1860 return; 1861 1862 if (evt->result) 1863 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags); 1864 1865 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) && 1866 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) { 1867 smp_mb__after_atomic(); 1868 wake_up_bit(&data->flags, BTUSB_DOWNLOADING); 1869 } 1870 } 1871 1872 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 1873 { 1874 struct btusb_data *data = hci_get_drvdata(hdev); 1875 1876 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 1877 struct hci_event_hdr *hdr = (void *)skb->data; 1878 1879 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 1880 hdr->plen > 0) { 1881 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 1882 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 1883 1884 switch (skb->data[2]) { 1885 case 0x02: 1886 /* When switching to the operational firmware 1887 * the device sends a vendor specific event 1888 * indicating that the bootup completed. 1889 */ 1890 btusb_intel_bootup(data, ptr, len); 1891 break; 1892 case 0x06: 1893 /* When the firmware loading completes the 1894 * device sends out a vendor specific event 1895 * indicating the result of the firmware 1896 * loading. 1897 */ 1898 btusb_intel_secure_send_result(data, ptr, len); 1899 break; 1900 } 1901 } 1902 } 1903 1904 return hci_recv_frame(hdev, skb); 1905 } 1906 1907 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 1908 { 1909 struct btusb_data *data = hci_get_drvdata(hdev); 1910 struct urb *urb; 1911 1912 BT_DBG("%s", hdev->name); 1913 1914 switch (hci_skb_pkt_type(skb)) { 1915 case HCI_COMMAND_PKT: 1916 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 1917 struct hci_command_hdr *cmd = (void *)skb->data; 1918 __u16 opcode = le16_to_cpu(cmd->opcode); 1919 1920 /* When in bootloader mode and the command 0xfc09 1921 * is received, it needs to be send down the 1922 * bulk endpoint. So allocate a bulk URB instead. 1923 */ 1924 if (opcode == 0xfc09) 1925 urb = alloc_bulk_urb(hdev, skb); 1926 else 1927 urb = alloc_ctrl_urb(hdev, skb); 1928 1929 /* When the 0xfc01 command is issued to boot into 1930 * the operational firmware, it will actually not 1931 * send a command complete event. To keep the flow 1932 * control working inject that event here. 1933 */ 1934 if (opcode == 0xfc01) 1935 inject_cmd_complete(hdev, opcode); 1936 } else { 1937 urb = alloc_ctrl_urb(hdev, skb); 1938 } 1939 if (IS_ERR(urb)) 1940 return PTR_ERR(urb); 1941 1942 hdev->stat.cmd_tx++; 1943 return submit_or_queue_tx_urb(hdev, urb); 1944 1945 case HCI_ACLDATA_PKT: 1946 urb = alloc_bulk_urb(hdev, skb); 1947 if (IS_ERR(urb)) 1948 return PTR_ERR(urb); 1949 1950 hdev->stat.acl_tx++; 1951 return submit_or_queue_tx_urb(hdev, urb); 1952 1953 case HCI_SCODATA_PKT: 1954 if (hci_conn_num(hdev, SCO_LINK) < 1) 1955 return -ENODEV; 1956 1957 urb = alloc_isoc_urb(hdev, skb); 1958 if (IS_ERR(urb)) 1959 return PTR_ERR(urb); 1960 1961 hdev->stat.sco_tx++; 1962 return submit_tx_urb(hdev, urb); 1963 } 1964 1965 return -EILSEQ; 1966 } 1967 1968 static int btusb_setup_intel_new(struct hci_dev *hdev) 1969 { 1970 static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, 1971 0x00, 0x08, 0x04, 0x00 }; 1972 struct btusb_data *data = hci_get_drvdata(hdev); 1973 struct sk_buff *skb; 1974 struct intel_version ver; 1975 struct intel_boot_params *params; 1976 const struct firmware *fw; 1977 const u8 *fw_ptr; 1978 u32 frag_len; 1979 char fwname[64]; 1980 ktime_t calltime, delta, rettime; 1981 unsigned long long duration; 1982 int err; 1983 1984 BT_DBG("%s", hdev->name); 1985 1986 calltime = ktime_get(); 1987 1988 /* Read the Intel version information to determine if the device 1989 * is in bootloader mode or if it already has operational firmware 1990 * loaded. 1991 */ 1992 err = btintel_read_version(hdev, &ver); 1993 if (err) 1994 return err; 1995 1996 /* The hardware platform number has a fixed value of 0x37 and 1997 * for now only accept this single value. 1998 */ 1999 if (ver.hw_platform != 0x37) { 2000 BT_ERR("%s: Unsupported Intel hardware platform (%u)", 2001 hdev->name, ver.hw_platform); 2002 return -EINVAL; 2003 } 2004 2005 /* At the moment the iBT 3.0 hardware variants 0x0b (LnP/SfP) 2006 * and 0x0c (WsP) are supported by this firmware loading method. 2007 * 2008 * This check has been put in place to ensure correct forward 2009 * compatibility options when newer hardware variants come along. 2010 */ 2011 if (ver.hw_variant != 0x0b && ver.hw_variant != 0x0c) { 2012 BT_ERR("%s: Unsupported Intel hardware variant (%u)", 2013 hdev->name, ver.hw_variant); 2014 return -EINVAL; 2015 } 2016 2017 btintel_version_info(hdev, &ver); 2018 2019 /* The firmware variant determines if the device is in bootloader 2020 * mode or is running operational firmware. The value 0x06 identifies 2021 * the bootloader and the value 0x23 identifies the operational 2022 * firmware. 2023 * 2024 * When the operational firmware is already present, then only 2025 * the check for valid Bluetooth device address is needed. This 2026 * determines if the device will be added as configured or 2027 * unconfigured controller. 2028 * 2029 * It is not possible to use the Secure Boot Parameters in this 2030 * case since that command is only available in bootloader mode. 2031 */ 2032 if (ver.fw_variant == 0x23) { 2033 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2034 btintel_check_bdaddr(hdev); 2035 return 0; 2036 } 2037 2038 /* If the device is not in bootloader mode, then the only possible 2039 * choice is to return an error and abort the device initialization. 2040 */ 2041 if (ver.fw_variant != 0x06) { 2042 BT_ERR("%s: Unsupported Intel firmware variant (%u)", 2043 hdev->name, ver.fw_variant); 2044 return -ENODEV; 2045 } 2046 2047 /* Read the secure boot parameters to identify the operating 2048 * details of the bootloader. 2049 */ 2050 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); 2051 if (IS_ERR(skb)) { 2052 BT_ERR("%s: Reading Intel boot parameters failed (%ld)", 2053 hdev->name, PTR_ERR(skb)); 2054 return PTR_ERR(skb); 2055 } 2056 2057 if (skb->len != sizeof(*params)) { 2058 BT_ERR("%s: Intel boot parameters size mismatch", hdev->name); 2059 kfree_skb(skb); 2060 return -EILSEQ; 2061 } 2062 2063 params = (struct intel_boot_params *)skb->data; 2064 2065 BT_INFO("%s: Device revision is %u", hdev->name, 2066 le16_to_cpu(params->dev_revid)); 2067 2068 BT_INFO("%s: Secure boot is %s", hdev->name, 2069 params->secure_boot ? "enabled" : "disabled"); 2070 2071 BT_INFO("%s: OTP lock is %s", hdev->name, 2072 params->otp_lock ? "enabled" : "disabled"); 2073 2074 BT_INFO("%s: API lock is %s", hdev->name, 2075 params->api_lock ? "enabled" : "disabled"); 2076 2077 BT_INFO("%s: Debug lock is %s", hdev->name, 2078 params->debug_lock ? "enabled" : "disabled"); 2079 2080 BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name, 2081 params->min_fw_build_nn, params->min_fw_build_cw, 2082 2000 + params->min_fw_build_yy); 2083 2084 /* It is required that every single firmware fragment is acknowledged 2085 * with a command complete event. If the boot parameters indicate 2086 * that this bootloader does not send them, then abort the setup. 2087 */ 2088 if (params->limited_cce != 0x00) { 2089 BT_ERR("%s: Unsupported Intel firmware loading method (%u)", 2090 hdev->name, params->limited_cce); 2091 kfree_skb(skb); 2092 return -EINVAL; 2093 } 2094 2095 /* If the OTP has no valid Bluetooth device address, then there will 2096 * also be no valid address for the operational firmware. 2097 */ 2098 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 2099 BT_INFO("%s: No device address configured", hdev->name); 2100 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2101 } 2102 2103 /* With this Intel bootloader only the hardware variant and device 2104 * revision information are used to select the right firmware. 2105 * 2106 * Currently this bootloader support is limited to hardware variant 2107 * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). 2108 */ 2109 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", 2110 le16_to_cpu(params->dev_revid)); 2111 2112 err = request_firmware(&fw, fwname, &hdev->dev); 2113 if (err < 0) { 2114 BT_ERR("%s: Failed to load Intel firmware file (%d)", 2115 hdev->name, err); 2116 kfree_skb(skb); 2117 return err; 2118 } 2119 2120 BT_INFO("%s: Found device firmware: %s", hdev->name, fwname); 2121 2122 /* Save the DDC file name for later use to apply once the firmware 2123 * downloading is done. 2124 */ 2125 snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.ddc", 2126 le16_to_cpu(params->dev_revid)); 2127 2128 kfree_skb(skb); 2129 2130 if (fw->size < 644) { 2131 BT_ERR("%s: Invalid size of firmware file (%zu)", 2132 hdev->name, fw->size); 2133 err = -EBADF; 2134 goto done; 2135 } 2136 2137 set_bit(BTUSB_DOWNLOADING, &data->flags); 2138 2139 /* Start the firmware download transaction with the Init fragment 2140 * represented by the 128 bytes of CSS header. 2141 */ 2142 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 2143 if (err < 0) { 2144 BT_ERR("%s: Failed to send firmware header (%d)", 2145 hdev->name, err); 2146 goto done; 2147 } 2148 2149 /* Send the 256 bytes of public key information from the firmware 2150 * as the PKey fragment. 2151 */ 2152 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 2153 if (err < 0) { 2154 BT_ERR("%s: Failed to send firmware public key (%d)", 2155 hdev->name, err); 2156 goto done; 2157 } 2158 2159 /* Send the 256 bytes of signature information from the firmware 2160 * as the Sign fragment. 2161 */ 2162 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 2163 if (err < 0) { 2164 BT_ERR("%s: Failed to send firmware signature (%d)", 2165 hdev->name, err); 2166 goto done; 2167 } 2168 2169 fw_ptr = fw->data + 644; 2170 frag_len = 0; 2171 2172 while (fw_ptr - fw->data < fw->size) { 2173 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 2174 2175 frag_len += sizeof(*cmd) + cmd->plen; 2176 2177 /* The parameter length of the secure send command requires 2178 * a 4 byte alignment. It happens so that the firmware file 2179 * contains proper Intel_NOP commands to align the fragments 2180 * as needed. 2181 * 2182 * Send set of commands with 4 byte alignment from the 2183 * firmware data buffer as a single Data fragement. 2184 */ 2185 if (!(frag_len % 4)) { 2186 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 2187 if (err < 0) { 2188 BT_ERR("%s: Failed to send firmware data (%d)", 2189 hdev->name, err); 2190 goto done; 2191 } 2192 2193 fw_ptr += frag_len; 2194 frag_len = 0; 2195 } 2196 } 2197 2198 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); 2199 2200 BT_INFO("%s: Waiting for firmware download to complete", hdev->name); 2201 2202 /* Before switching the device into operational mode and with that 2203 * booting the loaded firmware, wait for the bootloader notification 2204 * that all fragments have been successfully received. 2205 * 2206 * When the event processing receives the notification, then the 2207 * BTUSB_DOWNLOADING flag will be cleared. 2208 * 2209 * The firmware loading should not take longer than 5 seconds 2210 * and thus just timeout if that happens and fail the setup 2211 * of this device. 2212 */ 2213 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, 2214 TASK_INTERRUPTIBLE, 2215 msecs_to_jiffies(5000)); 2216 if (err == 1) { 2217 BT_ERR("%s: Firmware loading interrupted", hdev->name); 2218 err = -EINTR; 2219 goto done; 2220 } 2221 2222 if (err) { 2223 BT_ERR("%s: Firmware loading timeout", hdev->name); 2224 err = -ETIMEDOUT; 2225 goto done; 2226 } 2227 2228 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { 2229 BT_ERR("%s: Firmware loading failed", hdev->name); 2230 err = -ENOEXEC; 2231 goto done; 2232 } 2233 2234 rettime = ktime_get(); 2235 delta = ktime_sub(rettime, calltime); 2236 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2237 2238 BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration); 2239 2240 done: 2241 release_firmware(fw); 2242 2243 if (err < 0) 2244 return err; 2245 2246 calltime = ktime_get(); 2247 2248 set_bit(BTUSB_BOOTING, &data->flags); 2249 2250 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, 2251 HCI_INIT_TIMEOUT); 2252 if (IS_ERR(skb)) 2253 return PTR_ERR(skb); 2254 2255 kfree_skb(skb); 2256 2257 /* The bootloader will not indicate when the device is ready. This 2258 * is done by the operational firmware sending bootup notification. 2259 * 2260 * Booting into operational firmware should not take longer than 2261 * 1 second. However if that happens, then just fail the setup 2262 * since something went wrong. 2263 */ 2264 BT_INFO("%s: Waiting for device to boot", hdev->name); 2265 2266 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, 2267 TASK_INTERRUPTIBLE, 2268 msecs_to_jiffies(1000)); 2269 2270 if (err == 1) { 2271 BT_ERR("%s: Device boot interrupted", hdev->name); 2272 return -EINTR; 2273 } 2274 2275 if (err) { 2276 BT_ERR("%s: Device boot timeout", hdev->name); 2277 return -ETIMEDOUT; 2278 } 2279 2280 rettime = ktime_get(); 2281 delta = ktime_sub(rettime, calltime); 2282 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2283 2284 BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration); 2285 2286 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2287 2288 /* Once the device is running in operational mode, it needs to apply 2289 * the device configuration (DDC) parameters. 2290 * 2291 * The device can work without DDC parameters, so even if it fails 2292 * to load the file, no need to fail the setup. 2293 */ 2294 btintel_load_ddc_config(hdev, fwname); 2295 2296 /* Set the event mask for Intel specific vendor events. This enables 2297 * a few extra events that are useful during general operation. It 2298 * does not enable any debugging related events. 2299 * 2300 * The device will function correctly without these events enabled 2301 * and thus no need to fail the setup. 2302 */ 2303 btintel_set_event_mask(hdev, false); 2304 2305 return 0; 2306 } 2307 2308 static int btusb_shutdown_intel(struct hci_dev *hdev) 2309 { 2310 struct sk_buff *skb; 2311 long ret; 2312 2313 /* Some platforms have an issue with BT LED when the interface is 2314 * down or BT radio is turned off, which takes 5 seconds to BT LED 2315 * goes off. This command turns off the BT LED immediately. 2316 */ 2317 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2318 if (IS_ERR(skb)) { 2319 ret = PTR_ERR(skb); 2320 BT_ERR("%s: turning off Intel device LED failed (%ld)", 2321 hdev->name, ret); 2322 return ret; 2323 } 2324 kfree_skb(skb); 2325 2326 return 0; 2327 } 2328 2329 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 2330 const bdaddr_t *bdaddr) 2331 { 2332 struct sk_buff *skb; 2333 u8 buf[8]; 2334 long ret; 2335 2336 buf[0] = 0xfe; 2337 buf[1] = sizeof(bdaddr_t); 2338 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 2339 2340 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2341 if (IS_ERR(skb)) { 2342 ret = PTR_ERR(skb); 2343 BT_ERR("%s: changing Marvell device address failed (%ld)", 2344 hdev->name, ret); 2345 return ret; 2346 } 2347 kfree_skb(skb); 2348 2349 return 0; 2350 } 2351 2352 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 2353 const bdaddr_t *bdaddr) 2354 { 2355 struct sk_buff *skb; 2356 u8 buf[10]; 2357 long ret; 2358 2359 buf[0] = 0x01; 2360 buf[1] = 0x01; 2361 buf[2] = 0x00; 2362 buf[3] = sizeof(bdaddr_t); 2363 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 2364 2365 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2366 if (IS_ERR(skb)) { 2367 ret = PTR_ERR(skb); 2368 BT_ERR("%s: Change address command failed (%ld)", 2369 hdev->name, ret); 2370 return ret; 2371 } 2372 kfree_skb(skb); 2373 2374 return 0; 2375 } 2376 2377 #define QCA_DFU_PACKET_LEN 4096 2378 2379 #define QCA_GET_TARGET_VERSION 0x09 2380 #define QCA_CHECK_STATUS 0x05 2381 #define QCA_DFU_DOWNLOAD 0x01 2382 2383 #define QCA_SYSCFG_UPDATED 0x40 2384 #define QCA_PATCH_UPDATED 0x80 2385 #define QCA_DFU_TIMEOUT 3000 2386 2387 struct qca_version { 2388 __le32 rom_version; 2389 __le32 patch_version; 2390 __le32 ram_version; 2391 __le32 ref_clock; 2392 __u8 reserved[4]; 2393 } __packed; 2394 2395 struct qca_rampatch_version { 2396 __le16 rom_version; 2397 __le16 patch_version; 2398 } __packed; 2399 2400 struct qca_device_info { 2401 u32 rom_version; 2402 u8 rampatch_hdr; /* length of header in rampatch */ 2403 u8 nvm_hdr; /* length of header in NVM */ 2404 u8 ver_offset; /* offset of version structure in rampatch */ 2405 }; 2406 2407 static const struct qca_device_info qca_devices_table[] = { 2408 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ 2409 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ 2410 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */ 2411 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ 2412 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ 2413 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ 2414 }; 2415 2416 static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request, 2417 void *data, u16 size) 2418 { 2419 struct btusb_data *btdata = hci_get_drvdata(hdev); 2420 struct usb_device *udev = btdata->udev; 2421 int pipe, err; 2422 u8 *buf; 2423 2424 buf = kmalloc(size, GFP_KERNEL); 2425 if (!buf) 2426 return -ENOMEM; 2427 2428 /* Found some of USB hosts have IOT issues with ours so that we should 2429 * not wait until HCI layer is ready. 2430 */ 2431 pipe = usb_rcvctrlpipe(udev, 0); 2432 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 2433 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2434 if (err < 0) { 2435 BT_ERR("%s: Failed to access otp area (%d)", hdev->name, err); 2436 goto done; 2437 } 2438 2439 memcpy(data, buf, size); 2440 2441 done: 2442 kfree(buf); 2443 2444 return err; 2445 } 2446 2447 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 2448 const struct firmware *firmware, 2449 size_t hdr_size) 2450 { 2451 struct btusb_data *btdata = hci_get_drvdata(hdev); 2452 struct usb_device *udev = btdata->udev; 2453 size_t count, size, sent = 0; 2454 int pipe, len, err; 2455 u8 *buf; 2456 2457 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 2458 if (!buf) 2459 return -ENOMEM; 2460 2461 count = firmware->size; 2462 2463 size = min_t(size_t, count, hdr_size); 2464 memcpy(buf, firmware->data, size); 2465 2466 /* USB patches should go down to controller through USB path 2467 * because binary format fits to go down through USB channel. 2468 * USB control path is for patching headers and USB bulk is for 2469 * patch body. 2470 */ 2471 pipe = usb_sndctrlpipe(udev, 0); 2472 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 2473 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2474 if (err < 0) { 2475 BT_ERR("%s: Failed to send headers (%d)", hdev->name, err); 2476 goto done; 2477 } 2478 2479 sent += size; 2480 count -= size; 2481 2482 while (count) { 2483 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 2484 2485 memcpy(buf, firmware->data + sent, size); 2486 2487 pipe = usb_sndbulkpipe(udev, 0x02); 2488 err = usb_bulk_msg(udev, pipe, buf, size, &len, 2489 QCA_DFU_TIMEOUT); 2490 if (err < 0) { 2491 BT_ERR("%s: Failed to send body at %zd of %zd (%d)", 2492 hdev->name, sent, firmware->size, err); 2493 break; 2494 } 2495 2496 if (size != len) { 2497 BT_ERR("%s: Failed to get bulk buffer", hdev->name); 2498 err = -EILSEQ; 2499 break; 2500 } 2501 2502 sent += size; 2503 count -= size; 2504 } 2505 2506 done: 2507 kfree(buf); 2508 return err; 2509 } 2510 2511 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 2512 struct qca_version *ver, 2513 const struct qca_device_info *info) 2514 { 2515 struct qca_rampatch_version *rver; 2516 const struct firmware *fw; 2517 u32 ver_rom, ver_patch; 2518 u16 rver_rom, rver_patch; 2519 char fwname[64]; 2520 int err; 2521 2522 ver_rom = le32_to_cpu(ver->rom_version); 2523 ver_patch = le32_to_cpu(ver->patch_version); 2524 2525 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 2526 2527 err = request_firmware(&fw, fwname, &hdev->dev); 2528 if (err) { 2529 BT_ERR("%s: failed to request rampatch file: %s (%d)", 2530 hdev->name, fwname, err); 2531 return err; 2532 } 2533 2534 BT_INFO("%s: using rampatch file: %s", hdev->name, fwname); 2535 2536 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 2537 rver_rom = le16_to_cpu(rver->rom_version); 2538 rver_patch = le16_to_cpu(rver->patch_version); 2539 2540 BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x " 2541 "build 0x%x", hdev->name, rver_rom, rver_patch, ver_rom, 2542 ver_patch); 2543 2544 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 2545 BT_ERR("%s: rampatch file version did not match with firmware", 2546 hdev->name); 2547 err = -EINVAL; 2548 goto done; 2549 } 2550 2551 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 2552 2553 done: 2554 release_firmware(fw); 2555 2556 return err; 2557 } 2558 2559 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 2560 struct qca_version *ver, 2561 const struct qca_device_info *info) 2562 { 2563 const struct firmware *fw; 2564 char fwname[64]; 2565 int err; 2566 2567 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", 2568 le32_to_cpu(ver->rom_version)); 2569 2570 err = request_firmware(&fw, fwname, &hdev->dev); 2571 if (err) { 2572 BT_ERR("%s: failed to request NVM file: %s (%d)", 2573 hdev->name, fwname, err); 2574 return err; 2575 } 2576 2577 BT_INFO("%s: using NVM file: %s", hdev->name, fwname); 2578 2579 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 2580 2581 release_firmware(fw); 2582 2583 return err; 2584 } 2585 2586 static int btusb_setup_qca(struct hci_dev *hdev) 2587 { 2588 const struct qca_device_info *info = NULL; 2589 struct qca_version ver; 2590 u32 ver_rom; 2591 u8 status; 2592 int i, err; 2593 2594 err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver, 2595 sizeof(ver)); 2596 if (err < 0) 2597 return err; 2598 2599 ver_rom = le32_to_cpu(ver.rom_version); 2600 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 2601 if (ver_rom == qca_devices_table[i].rom_version) 2602 info = &qca_devices_table[i]; 2603 } 2604 if (!info) { 2605 BT_ERR("%s: don't support firmware rome 0x%x", hdev->name, 2606 ver_rom); 2607 return -ENODEV; 2608 } 2609 2610 err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status, 2611 sizeof(status)); 2612 if (err < 0) 2613 return err; 2614 2615 if (!(status & QCA_PATCH_UPDATED)) { 2616 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 2617 if (err < 0) 2618 return err; 2619 } 2620 2621 if (!(status & QCA_SYSCFG_UPDATED)) { 2622 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 2623 if (err < 0) 2624 return err; 2625 } 2626 2627 return 0; 2628 } 2629 2630 #ifdef CONFIG_BT_HCIBTUSB_BCM 2631 static inline int __set_diag_interface(struct hci_dev *hdev) 2632 { 2633 struct btusb_data *data = hci_get_drvdata(hdev); 2634 struct usb_interface *intf = data->diag; 2635 int i; 2636 2637 if (!data->diag) 2638 return -ENODEV; 2639 2640 data->diag_tx_ep = NULL; 2641 data->diag_rx_ep = NULL; 2642 2643 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2644 struct usb_endpoint_descriptor *ep_desc; 2645 2646 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2647 2648 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2649 data->diag_tx_ep = ep_desc; 2650 continue; 2651 } 2652 2653 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2654 data->diag_rx_ep = ep_desc; 2655 continue; 2656 } 2657 } 2658 2659 if (!data->diag_tx_ep || !data->diag_rx_ep) { 2660 BT_ERR("%s invalid diagnostic descriptors", hdev->name); 2661 return -ENODEV; 2662 } 2663 2664 return 0; 2665 } 2666 2667 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 2668 { 2669 struct btusb_data *data = hci_get_drvdata(hdev); 2670 struct sk_buff *skb; 2671 struct urb *urb; 2672 unsigned int pipe; 2673 2674 if (!data->diag_tx_ep) 2675 return ERR_PTR(-ENODEV); 2676 2677 urb = usb_alloc_urb(0, GFP_KERNEL); 2678 if (!urb) 2679 return ERR_PTR(-ENOMEM); 2680 2681 skb = bt_skb_alloc(2, GFP_KERNEL); 2682 if (!skb) { 2683 usb_free_urb(urb); 2684 return ERR_PTR(-ENOMEM); 2685 } 2686 2687 *skb_put(skb, 1) = 0xf0; 2688 *skb_put(skb, 1) = enable; 2689 2690 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 2691 2692 usb_fill_bulk_urb(urb, data->udev, pipe, 2693 skb->data, skb->len, btusb_tx_complete, skb); 2694 2695 skb->dev = (void *)hdev; 2696 2697 return urb; 2698 } 2699 2700 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 2701 { 2702 struct btusb_data *data = hci_get_drvdata(hdev); 2703 struct urb *urb; 2704 2705 if (!data->diag) 2706 return -ENODEV; 2707 2708 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2709 return -ENETDOWN; 2710 2711 urb = alloc_diag_urb(hdev, enable); 2712 if (IS_ERR(urb)) 2713 return PTR_ERR(urb); 2714 2715 return submit_or_queue_tx_urb(hdev, urb); 2716 } 2717 #endif 2718 2719 static int btusb_probe(struct usb_interface *intf, 2720 const struct usb_device_id *id) 2721 { 2722 struct usb_endpoint_descriptor *ep_desc; 2723 struct btusb_data *data; 2724 struct hci_dev *hdev; 2725 unsigned ifnum_base; 2726 int i, err; 2727 2728 BT_DBG("intf %p id %p", intf, id); 2729 2730 /* interface numbers are hardcoded in the spec */ 2731 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 2732 if (!(id->driver_info & BTUSB_IFNUM_2)) 2733 return -ENODEV; 2734 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 2735 return -ENODEV; 2736 } 2737 2738 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 2739 2740 if (!id->driver_info) { 2741 const struct usb_device_id *match; 2742 2743 match = usb_match_id(intf, blacklist_table); 2744 if (match) 2745 id = match; 2746 } 2747 2748 if (id->driver_info == BTUSB_IGNORE) 2749 return -ENODEV; 2750 2751 if (id->driver_info & BTUSB_ATH3012) { 2752 struct usb_device *udev = interface_to_usbdev(intf); 2753 2754 /* Old firmware would otherwise let ath3k driver load 2755 * patch and sysconfig files */ 2756 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 2757 return -ENODEV; 2758 } 2759 2760 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 2761 if (!data) 2762 return -ENOMEM; 2763 2764 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2765 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2766 2767 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 2768 data->intr_ep = ep_desc; 2769 continue; 2770 } 2771 2772 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2773 data->bulk_tx_ep = ep_desc; 2774 continue; 2775 } 2776 2777 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2778 data->bulk_rx_ep = ep_desc; 2779 continue; 2780 } 2781 } 2782 2783 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 2784 return -ENODEV; 2785 2786 if (id->driver_info & BTUSB_AMP) { 2787 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 2788 data->cmdreq = 0x2b; 2789 } else { 2790 data->cmdreq_type = USB_TYPE_CLASS; 2791 data->cmdreq = 0x00; 2792 } 2793 2794 data->udev = interface_to_usbdev(intf); 2795 data->intf = intf; 2796 2797 INIT_WORK(&data->work, btusb_work); 2798 INIT_WORK(&data->waker, btusb_waker); 2799 init_usb_anchor(&data->deferred); 2800 init_usb_anchor(&data->tx_anchor); 2801 spin_lock_init(&data->txlock); 2802 2803 init_usb_anchor(&data->intr_anchor); 2804 init_usb_anchor(&data->bulk_anchor); 2805 init_usb_anchor(&data->isoc_anchor); 2806 init_usb_anchor(&data->diag_anchor); 2807 spin_lock_init(&data->rxlock); 2808 2809 if (id->driver_info & BTUSB_INTEL_NEW) { 2810 data->recv_event = btusb_recv_event_intel; 2811 data->recv_bulk = btusb_recv_bulk_intel; 2812 set_bit(BTUSB_BOOTLOADER, &data->flags); 2813 } else { 2814 data->recv_event = hci_recv_frame; 2815 data->recv_bulk = btusb_recv_bulk; 2816 } 2817 2818 hdev = hci_alloc_dev(); 2819 if (!hdev) 2820 return -ENOMEM; 2821 2822 hdev->bus = HCI_USB; 2823 hci_set_drvdata(hdev, data); 2824 2825 if (id->driver_info & BTUSB_AMP) 2826 hdev->dev_type = HCI_AMP; 2827 else 2828 hdev->dev_type = HCI_BREDR; 2829 2830 data->hdev = hdev; 2831 2832 SET_HCIDEV_DEV(hdev, &intf->dev); 2833 2834 hdev->open = btusb_open; 2835 hdev->close = btusb_close; 2836 hdev->flush = btusb_flush; 2837 hdev->send = btusb_send_frame; 2838 hdev->notify = btusb_notify; 2839 2840 if (id->driver_info & BTUSB_BCM2045) 2841 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 2842 2843 if (id->driver_info & BTUSB_BCM92035) 2844 hdev->setup = btusb_setup_bcm92035; 2845 2846 #ifdef CONFIG_BT_HCIBTUSB_BCM 2847 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 2848 hdev->manufacturer = 15; 2849 hdev->setup = btbcm_setup_patchram; 2850 hdev->set_diag = btusb_bcm_set_diag; 2851 hdev->set_bdaddr = btbcm_set_bdaddr; 2852 2853 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 2854 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 2855 } 2856 2857 if (id->driver_info & BTUSB_BCM_APPLE) { 2858 hdev->manufacturer = 15; 2859 hdev->setup = btbcm_setup_apple; 2860 hdev->set_diag = btusb_bcm_set_diag; 2861 2862 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 2863 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 2864 } 2865 #endif 2866 2867 if (id->driver_info & BTUSB_INTEL) { 2868 hdev->manufacturer = 2; 2869 hdev->setup = btusb_setup_intel; 2870 hdev->shutdown = btusb_shutdown_intel; 2871 hdev->set_diag = btintel_set_diag_mfg; 2872 hdev->set_bdaddr = btintel_set_bdaddr; 2873 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2874 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2875 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 2876 } 2877 2878 if (id->driver_info & BTUSB_INTEL_NEW) { 2879 hdev->manufacturer = 2; 2880 hdev->send = btusb_send_frame_intel; 2881 hdev->setup = btusb_setup_intel_new; 2882 hdev->hw_error = btintel_hw_error; 2883 hdev->set_diag = btintel_set_diag; 2884 hdev->set_bdaddr = btintel_set_bdaddr; 2885 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2886 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 2887 } 2888 2889 if (id->driver_info & BTUSB_MARVELL) 2890 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 2891 2892 if (id->driver_info & BTUSB_SWAVE) { 2893 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 2894 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 2895 } 2896 2897 if (id->driver_info & BTUSB_INTEL_BOOT) { 2898 hdev->manufacturer = 2; 2899 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2900 } 2901 2902 if (id->driver_info & BTUSB_ATH3012) { 2903 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 2904 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2905 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2906 } 2907 2908 if (id->driver_info & BTUSB_QCA_ROME) { 2909 data->setup_on_usb = btusb_setup_qca; 2910 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 2911 } 2912 2913 #ifdef CONFIG_BT_HCIBTUSB_RTL 2914 if (id->driver_info & BTUSB_REALTEK) { 2915 hdev->setup = btrtl_setup_realtek; 2916 2917 /* Realtek devices lose their updated firmware over suspend, 2918 * but the USB hub doesn't notice any status change. 2919 * Explicitly request a device reset on resume. 2920 */ 2921 set_bit(BTUSB_RESET_RESUME, &data->flags); 2922 } 2923 #endif 2924 2925 if (id->driver_info & BTUSB_AMP) { 2926 /* AMP controllers do not support SCO packets */ 2927 data->isoc = NULL; 2928 } else { 2929 /* Interface orders are hardcoded in the specification */ 2930 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 2931 } 2932 2933 if (!reset) 2934 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2935 2936 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 2937 if (!disable_scofix) 2938 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 2939 } 2940 2941 if (id->driver_info & BTUSB_BROKEN_ISOC) 2942 data->isoc = NULL; 2943 2944 if (id->driver_info & BTUSB_DIGIANSWER) { 2945 data->cmdreq_type = USB_TYPE_VENDOR; 2946 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2947 } 2948 2949 if (id->driver_info & BTUSB_CSR) { 2950 struct usb_device *udev = data->udev; 2951 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 2952 2953 /* Old firmware would otherwise execute USB reset */ 2954 if (bcdDevice < 0x117) 2955 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2956 2957 /* Fake CSR devices with broken commands */ 2958 if (bcdDevice <= 0x100 || bcdDevice == 0x134) 2959 hdev->setup = btusb_setup_csr; 2960 2961 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2962 } 2963 2964 if (id->driver_info & BTUSB_SNIFFER) { 2965 struct usb_device *udev = data->udev; 2966 2967 /* New sniffer firmware has crippled HCI interface */ 2968 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 2969 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2970 } 2971 2972 if (id->driver_info & BTUSB_INTEL_BOOT) { 2973 /* A bug in the bootloader causes that interrupt interface is 2974 * only enabled after receiving SetInterface(0, AltSetting=0). 2975 */ 2976 err = usb_set_interface(data->udev, 0, 0); 2977 if (err < 0) { 2978 BT_ERR("failed to set interface 0, alt 0 %d", err); 2979 hci_free_dev(hdev); 2980 return err; 2981 } 2982 } 2983 2984 if (data->isoc) { 2985 err = usb_driver_claim_interface(&btusb_driver, 2986 data->isoc, data); 2987 if (err < 0) { 2988 hci_free_dev(hdev); 2989 return err; 2990 } 2991 } 2992 2993 #ifdef CONFIG_BT_HCIBTUSB_BCM 2994 if (data->diag) { 2995 if (!usb_driver_claim_interface(&btusb_driver, 2996 data->diag, data)) 2997 __set_diag_interface(hdev); 2998 else 2999 data->diag = NULL; 3000 } 3001 #endif 3002 3003 err = hci_register_dev(hdev); 3004 if (err < 0) { 3005 hci_free_dev(hdev); 3006 return err; 3007 } 3008 3009 usb_set_intfdata(intf, data); 3010 3011 return 0; 3012 } 3013 3014 static void btusb_disconnect(struct usb_interface *intf) 3015 { 3016 struct btusb_data *data = usb_get_intfdata(intf); 3017 struct hci_dev *hdev; 3018 3019 BT_DBG("intf %p", intf); 3020 3021 if (!data) 3022 return; 3023 3024 hdev = data->hdev; 3025 usb_set_intfdata(data->intf, NULL); 3026 3027 if (data->isoc) 3028 usb_set_intfdata(data->isoc, NULL); 3029 3030 if (data->diag) 3031 usb_set_intfdata(data->diag, NULL); 3032 3033 hci_unregister_dev(hdev); 3034 3035 if (intf == data->intf) { 3036 if (data->isoc) 3037 usb_driver_release_interface(&btusb_driver, data->isoc); 3038 if (data->diag) 3039 usb_driver_release_interface(&btusb_driver, data->diag); 3040 } else if (intf == data->isoc) { 3041 if (data->diag) 3042 usb_driver_release_interface(&btusb_driver, data->diag); 3043 usb_driver_release_interface(&btusb_driver, data->intf); 3044 } else if (intf == data->diag) { 3045 usb_driver_release_interface(&btusb_driver, data->intf); 3046 if (data->isoc) 3047 usb_driver_release_interface(&btusb_driver, data->isoc); 3048 } 3049 3050 hci_free_dev(hdev); 3051 } 3052 3053 #ifdef CONFIG_PM 3054 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 3055 { 3056 struct btusb_data *data = usb_get_intfdata(intf); 3057 3058 BT_DBG("intf %p", intf); 3059 3060 if (data->suspend_count++) 3061 return 0; 3062 3063 spin_lock_irq(&data->txlock); 3064 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 3065 set_bit(BTUSB_SUSPENDING, &data->flags); 3066 spin_unlock_irq(&data->txlock); 3067 } else { 3068 spin_unlock_irq(&data->txlock); 3069 data->suspend_count--; 3070 return -EBUSY; 3071 } 3072 3073 cancel_work_sync(&data->work); 3074 3075 btusb_stop_traffic(data); 3076 usb_kill_anchored_urbs(&data->tx_anchor); 3077 3078 /* Optionally request a device reset on resume, but only when 3079 * wakeups are disabled. If wakeups are enabled we assume the 3080 * device will stay powered up throughout suspend. 3081 */ 3082 if (test_bit(BTUSB_RESET_RESUME, &data->flags) && 3083 !device_may_wakeup(&data->udev->dev)) 3084 data->udev->reset_resume = 1; 3085 3086 return 0; 3087 } 3088 3089 static void play_deferred(struct btusb_data *data) 3090 { 3091 struct urb *urb; 3092 int err; 3093 3094 while ((urb = usb_get_from_anchor(&data->deferred))) { 3095 err = usb_submit_urb(urb, GFP_ATOMIC); 3096 if (err < 0) 3097 break; 3098 3099 data->tx_in_flight++; 3100 } 3101 usb_scuttle_anchored_urbs(&data->deferred); 3102 } 3103 3104 static int btusb_resume(struct usb_interface *intf) 3105 { 3106 struct btusb_data *data = usb_get_intfdata(intf); 3107 struct hci_dev *hdev = data->hdev; 3108 int err = 0; 3109 3110 BT_DBG("intf %p", intf); 3111 3112 if (--data->suspend_count) 3113 return 0; 3114 3115 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3116 goto done; 3117 3118 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 3119 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 3120 if (err < 0) { 3121 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 3122 goto failed; 3123 } 3124 } 3125 3126 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 3127 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 3128 if (err < 0) { 3129 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 3130 goto failed; 3131 } 3132 3133 btusb_submit_bulk_urb(hdev, GFP_NOIO); 3134 } 3135 3136 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 3137 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 3138 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 3139 else 3140 btusb_submit_isoc_urb(hdev, GFP_NOIO); 3141 } 3142 3143 spin_lock_irq(&data->txlock); 3144 play_deferred(data); 3145 clear_bit(BTUSB_SUSPENDING, &data->flags); 3146 spin_unlock_irq(&data->txlock); 3147 schedule_work(&data->work); 3148 3149 return 0; 3150 3151 failed: 3152 usb_scuttle_anchored_urbs(&data->deferred); 3153 done: 3154 spin_lock_irq(&data->txlock); 3155 clear_bit(BTUSB_SUSPENDING, &data->flags); 3156 spin_unlock_irq(&data->txlock); 3157 3158 return err; 3159 } 3160 #endif 3161 3162 static struct usb_driver btusb_driver = { 3163 .name = "btusb", 3164 .probe = btusb_probe, 3165 .disconnect = btusb_disconnect, 3166 #ifdef CONFIG_PM 3167 .suspend = btusb_suspend, 3168 .resume = btusb_resume, 3169 #endif 3170 .id_table = btusb_table, 3171 .supports_autosuspend = 1, 3172 .disable_hub_initiated_lpm = 1, 3173 }; 3174 3175 module_usb_driver(btusb_driver); 3176 3177 module_param(disable_scofix, bool, 0644); 3178 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 3179 3180 module_param(force_scofix, bool, 0644); 3181 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 3182 3183 module_param(reset, bool, 0644); 3184 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 3185 3186 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 3187 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 3188 MODULE_VERSION(VERSION); 3189 MODULE_LICENSE("GPL"); 3190