1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/firmware.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 31 #define VERSION "0.6" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 36 static bool reset = 1; 37 38 static struct usb_driver btusb_driver; 39 40 #define BTUSB_IGNORE 0x01 41 #define BTUSB_DIGIANSWER 0x02 42 #define BTUSB_CSR 0x04 43 #define BTUSB_SNIFFER 0x08 44 #define BTUSB_BCM92035 0x10 45 #define BTUSB_BROKEN_ISOC 0x20 46 #define BTUSB_WRONG_SCO_MTU 0x40 47 #define BTUSB_ATH3012 0x80 48 #define BTUSB_INTEL 0x100 49 #define BTUSB_INTEL_BOOT 0x200 50 #define BTUSB_BCM_PATCHRAM 0x400 51 #define BTUSB_MARVELL 0x800 52 53 static const struct usb_device_id btusb_table[] = { 54 /* Generic Bluetooth USB device */ 55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 56 57 /* Apple-specific (Broadcom) devices */ 58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) }, 59 60 /* MediaTek MT76x0E */ 61 { USB_DEVICE(0x0e8d, 0x763f) }, 62 63 /* Broadcom SoftSailing reporting vendor specific */ 64 { USB_DEVICE(0x0a5c, 0x21e1) }, 65 66 /* Apple MacBookPro 7,1 */ 67 { USB_DEVICE(0x05ac, 0x8213) }, 68 69 /* Apple iMac11,1 */ 70 { USB_DEVICE(0x05ac, 0x8215) }, 71 72 /* Apple MacBookPro6,2 */ 73 { USB_DEVICE(0x05ac, 0x8218) }, 74 75 /* Apple MacBookAir3,1, MacBookAir3,2 */ 76 { USB_DEVICE(0x05ac, 0x821b) }, 77 78 /* Apple MacBookAir4,1 */ 79 { USB_DEVICE(0x05ac, 0x821f) }, 80 81 /* Apple MacBookPro8,2 */ 82 { USB_DEVICE(0x05ac, 0x821a) }, 83 84 /* Apple MacMini5,1 */ 85 { USB_DEVICE(0x05ac, 0x8281) }, 86 87 /* AVM BlueFRITZ! USB v2.0 */ 88 { USB_DEVICE(0x057c, 0x3800) }, 89 90 /* Bluetooth Ultraport Module from IBM */ 91 { USB_DEVICE(0x04bf, 0x030a) }, 92 93 /* ALPS Modules with non-standard id */ 94 { USB_DEVICE(0x044e, 0x3001) }, 95 { USB_DEVICE(0x044e, 0x3002) }, 96 97 /* Ericsson with non-standard id */ 98 { USB_DEVICE(0x0bdb, 0x1002) }, 99 100 /* Canyon CN-BTU1 with HID interfaces */ 101 { USB_DEVICE(0x0c10, 0x0000) }, 102 103 /* Broadcom BCM20702A0 */ 104 { USB_DEVICE(0x0489, 0xe042) }, 105 { USB_DEVICE(0x04ca, 0x2003) }, 106 { USB_DEVICE(0x0b05, 0x17b5) }, 107 { USB_DEVICE(0x0b05, 0x17cb) }, 108 { USB_DEVICE(0x413c, 0x8197) }, 109 { USB_DEVICE(0x13d3, 0x3404), 110 .driver_info = BTUSB_BCM_PATCHRAM }, 111 112 /* Foxconn - Hon Hai */ 113 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 114 .driver_info = BTUSB_BCM_PATCHRAM }, 115 116 /* Broadcom devices with vendor specific id */ 117 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 118 .driver_info = BTUSB_BCM_PATCHRAM }, 119 120 /* ASUSTek Computer - Broadcom based */ 121 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, 122 123 /* Belkin F8065bf - Broadcom based */ 124 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, 125 126 /* IMC Networks - Broadcom based */ 127 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, 128 129 /* Intel Bluetooth USB Bootloader (RAM module) */ 130 { USB_DEVICE(0x8087, 0x0a5a), 131 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 132 133 { } /* Terminating entry */ 134 }; 135 136 MODULE_DEVICE_TABLE(usb, btusb_table); 137 138 static const struct usb_device_id blacklist_table[] = { 139 /* CSR BlueCore devices */ 140 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 141 142 /* Broadcom BCM2033 without firmware */ 143 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 144 145 /* Atheros 3011 with sflash firmware */ 146 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 147 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 148 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 149 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 150 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 151 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 152 153 /* Atheros AR9285 Malbec with sflash firmware */ 154 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 155 156 /* Atheros 3012 with sflash firmware */ 157 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 158 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 159 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 160 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 161 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 162 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 163 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 164 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 165 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 166 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 167 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 168 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 169 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 170 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 171 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 172 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 173 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 174 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 175 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 176 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 177 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 178 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 179 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 180 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 181 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 182 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 183 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 184 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 185 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 186 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 187 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 188 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 189 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 190 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 191 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 192 193 /* Atheros AR5BBU12 with sflash firmware */ 194 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 195 196 /* Atheros AR5BBU12 with sflash firmware */ 197 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 198 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 199 200 /* Broadcom BCM2035 */ 201 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 202 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 203 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 204 205 /* Broadcom BCM2045 */ 206 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 207 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 208 209 /* IBM/Lenovo ThinkPad with Broadcom chip */ 210 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 211 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 212 213 /* HP laptop with Broadcom chip */ 214 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 215 216 /* Dell laptop with Broadcom chip */ 217 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 218 219 /* Dell Wireless 370 and 410 devices */ 220 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 221 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 222 223 /* Belkin F8T012 and F8T013 devices */ 224 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 225 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 226 227 /* Asus WL-BTD202 device */ 228 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 229 230 /* Kensington Bluetooth USB adapter */ 231 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 232 233 /* RTX Telecom based adapters with buggy SCO support */ 234 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 235 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 236 237 /* CONWISE Technology based adapters with buggy SCO support */ 238 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, 239 240 /* Digianswer devices */ 241 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 242 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 243 244 /* CSR BlueCore Bluetooth Sniffer */ 245 { USB_DEVICE(0x0a12, 0x0002), 246 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 247 248 /* Frontline ComProbe Bluetooth Sniffer */ 249 { USB_DEVICE(0x16d3, 0x0002), 250 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 251 252 /* Intel Bluetooth device */ 253 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 254 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 255 256 /* Marvell device */ 257 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 258 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 259 260 { } /* Terminating entry */ 261 }; 262 263 #define BTUSB_MAX_ISOC_FRAMES 10 264 265 #define BTUSB_INTR_RUNNING 0 266 #define BTUSB_BULK_RUNNING 1 267 #define BTUSB_ISOC_RUNNING 2 268 #define BTUSB_SUSPENDING 3 269 #define BTUSB_DID_ISO_RESUME 4 270 271 struct btusb_data { 272 struct hci_dev *hdev; 273 struct usb_device *udev; 274 struct usb_interface *intf; 275 struct usb_interface *isoc; 276 277 unsigned long flags; 278 279 struct work_struct work; 280 struct work_struct waker; 281 282 struct usb_anchor deferred; 283 struct usb_anchor tx_anchor; 284 int tx_in_flight; 285 spinlock_t txlock; 286 287 struct usb_anchor intr_anchor; 288 struct usb_anchor bulk_anchor; 289 struct usb_anchor isoc_anchor; 290 spinlock_t rxlock; 291 292 struct sk_buff *evt_skb; 293 struct sk_buff *acl_skb; 294 struct sk_buff *sco_skb; 295 296 struct usb_endpoint_descriptor *intr_ep; 297 struct usb_endpoint_descriptor *bulk_tx_ep; 298 struct usb_endpoint_descriptor *bulk_rx_ep; 299 struct usb_endpoint_descriptor *isoc_tx_ep; 300 struct usb_endpoint_descriptor *isoc_rx_ep; 301 302 __u8 cmdreq_type; 303 304 unsigned int sco_num; 305 int isoc_altsetting; 306 int suspend_count; 307 308 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 309 }; 310 311 static inline void btusb_free_frags(struct btusb_data *data) 312 { 313 unsigned long flags; 314 315 spin_lock_irqsave(&data->rxlock, flags); 316 317 kfree_skb(data->evt_skb); 318 data->evt_skb = NULL; 319 320 kfree_skb(data->acl_skb); 321 data->acl_skb = NULL; 322 323 kfree_skb(data->sco_skb); 324 data->sco_skb = NULL; 325 326 spin_unlock_irqrestore(&data->rxlock, flags); 327 } 328 329 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 330 { 331 struct sk_buff *skb; 332 int err = 0; 333 334 spin_lock(&data->rxlock); 335 skb = data->evt_skb; 336 337 while (count) { 338 int len; 339 340 if (!skb) { 341 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 342 if (!skb) { 343 err = -ENOMEM; 344 break; 345 } 346 347 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 348 bt_cb(skb)->expect = HCI_EVENT_HDR_SIZE; 349 } 350 351 len = min_t(uint, bt_cb(skb)->expect, count); 352 memcpy(skb_put(skb, len), buffer, len); 353 354 count -= len; 355 buffer += len; 356 bt_cb(skb)->expect -= len; 357 358 if (skb->len == HCI_EVENT_HDR_SIZE) { 359 /* Complete event header */ 360 bt_cb(skb)->expect = hci_event_hdr(skb)->plen; 361 362 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 363 kfree_skb(skb); 364 skb = NULL; 365 366 err = -EILSEQ; 367 break; 368 } 369 } 370 371 if (bt_cb(skb)->expect == 0) { 372 /* Complete frame */ 373 hci_recv_frame(data->hdev, skb); 374 skb = NULL; 375 } 376 } 377 378 data->evt_skb = skb; 379 spin_unlock(&data->rxlock); 380 381 return err; 382 } 383 384 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 385 { 386 struct sk_buff *skb; 387 int err = 0; 388 389 spin_lock(&data->rxlock); 390 skb = data->acl_skb; 391 392 while (count) { 393 int len; 394 395 if (!skb) { 396 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 397 if (!skb) { 398 err = -ENOMEM; 399 break; 400 } 401 402 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 403 bt_cb(skb)->expect = HCI_ACL_HDR_SIZE; 404 } 405 406 len = min_t(uint, bt_cb(skb)->expect, count); 407 memcpy(skb_put(skb, len), buffer, len); 408 409 count -= len; 410 buffer += len; 411 bt_cb(skb)->expect -= len; 412 413 if (skb->len == HCI_ACL_HDR_SIZE) { 414 __le16 dlen = hci_acl_hdr(skb)->dlen; 415 416 /* Complete ACL header */ 417 bt_cb(skb)->expect = __le16_to_cpu(dlen); 418 419 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 420 kfree_skb(skb); 421 skb = NULL; 422 423 err = -EILSEQ; 424 break; 425 } 426 } 427 428 if (bt_cb(skb)->expect == 0) { 429 /* Complete frame */ 430 hci_recv_frame(data->hdev, skb); 431 skb = NULL; 432 } 433 } 434 435 data->acl_skb = skb; 436 spin_unlock(&data->rxlock); 437 438 return err; 439 } 440 441 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 442 { 443 struct sk_buff *skb; 444 int err = 0; 445 446 spin_lock(&data->rxlock); 447 skb = data->sco_skb; 448 449 while (count) { 450 int len; 451 452 if (!skb) { 453 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 454 if (!skb) { 455 err = -ENOMEM; 456 break; 457 } 458 459 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 460 bt_cb(skb)->expect = HCI_SCO_HDR_SIZE; 461 } 462 463 len = min_t(uint, bt_cb(skb)->expect, count); 464 memcpy(skb_put(skb, len), buffer, len); 465 466 count -= len; 467 buffer += len; 468 bt_cb(skb)->expect -= len; 469 470 if (skb->len == HCI_SCO_HDR_SIZE) { 471 /* Complete SCO header */ 472 bt_cb(skb)->expect = hci_sco_hdr(skb)->dlen; 473 474 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 475 kfree_skb(skb); 476 skb = NULL; 477 478 err = -EILSEQ; 479 break; 480 } 481 } 482 483 if (bt_cb(skb)->expect == 0) { 484 /* Complete frame */ 485 hci_recv_frame(data->hdev, skb); 486 skb = NULL; 487 } 488 } 489 490 data->sco_skb = skb; 491 spin_unlock(&data->rxlock); 492 493 return err; 494 } 495 496 static void btusb_intr_complete(struct urb *urb) 497 { 498 struct hci_dev *hdev = urb->context; 499 struct btusb_data *data = hci_get_drvdata(hdev); 500 int err; 501 502 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 503 urb->actual_length); 504 505 if (!test_bit(HCI_RUNNING, &hdev->flags)) 506 return; 507 508 if (urb->status == 0) { 509 hdev->stat.byte_rx += urb->actual_length; 510 511 if (btusb_recv_intr(data, urb->transfer_buffer, 512 urb->actual_length) < 0) { 513 BT_ERR("%s corrupted event packet", hdev->name); 514 hdev->stat.err_rx++; 515 } 516 } else if (urb->status == -ENOENT) { 517 /* Avoid suspend failed when usb_kill_urb */ 518 return; 519 } 520 521 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 522 return; 523 524 usb_mark_last_busy(data->udev); 525 usb_anchor_urb(urb, &data->intr_anchor); 526 527 err = usb_submit_urb(urb, GFP_ATOMIC); 528 if (err < 0) { 529 /* -EPERM: urb is being killed; 530 * -ENODEV: device got disconnected */ 531 if (err != -EPERM && err != -ENODEV) 532 BT_ERR("%s urb %p failed to resubmit (%d)", 533 hdev->name, urb, -err); 534 usb_unanchor_urb(urb); 535 } 536 } 537 538 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 539 { 540 struct btusb_data *data = hci_get_drvdata(hdev); 541 struct urb *urb; 542 unsigned char *buf; 543 unsigned int pipe; 544 int err, size; 545 546 BT_DBG("%s", hdev->name); 547 548 if (!data->intr_ep) 549 return -ENODEV; 550 551 urb = usb_alloc_urb(0, mem_flags); 552 if (!urb) 553 return -ENOMEM; 554 555 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 556 557 buf = kmalloc(size, mem_flags); 558 if (!buf) { 559 usb_free_urb(urb); 560 return -ENOMEM; 561 } 562 563 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 564 565 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 566 btusb_intr_complete, hdev, data->intr_ep->bInterval); 567 568 urb->transfer_flags |= URB_FREE_BUFFER; 569 570 usb_anchor_urb(urb, &data->intr_anchor); 571 572 err = usb_submit_urb(urb, mem_flags); 573 if (err < 0) { 574 if (err != -EPERM && err != -ENODEV) 575 BT_ERR("%s urb %p submission failed (%d)", 576 hdev->name, urb, -err); 577 usb_unanchor_urb(urb); 578 } 579 580 usb_free_urb(urb); 581 582 return err; 583 } 584 585 static void btusb_bulk_complete(struct urb *urb) 586 { 587 struct hci_dev *hdev = urb->context; 588 struct btusb_data *data = hci_get_drvdata(hdev); 589 int err; 590 591 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 592 urb->actual_length); 593 594 if (!test_bit(HCI_RUNNING, &hdev->flags)) 595 return; 596 597 if (urb->status == 0) { 598 hdev->stat.byte_rx += urb->actual_length; 599 600 if (data->recv_bulk(data, urb->transfer_buffer, 601 urb->actual_length) < 0) { 602 BT_ERR("%s corrupted ACL packet", hdev->name); 603 hdev->stat.err_rx++; 604 } 605 } else if (urb->status == -ENOENT) { 606 /* Avoid suspend failed when usb_kill_urb */ 607 return; 608 } 609 610 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 611 return; 612 613 usb_anchor_urb(urb, &data->bulk_anchor); 614 usb_mark_last_busy(data->udev); 615 616 err = usb_submit_urb(urb, GFP_ATOMIC); 617 if (err < 0) { 618 /* -EPERM: urb is being killed; 619 * -ENODEV: device got disconnected */ 620 if (err != -EPERM && err != -ENODEV) 621 BT_ERR("%s urb %p failed to resubmit (%d)", 622 hdev->name, urb, -err); 623 usb_unanchor_urb(urb); 624 } 625 } 626 627 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 628 { 629 struct btusb_data *data = hci_get_drvdata(hdev); 630 struct urb *urb; 631 unsigned char *buf; 632 unsigned int pipe; 633 int err, size = HCI_MAX_FRAME_SIZE; 634 635 BT_DBG("%s", hdev->name); 636 637 if (!data->bulk_rx_ep) 638 return -ENODEV; 639 640 urb = usb_alloc_urb(0, mem_flags); 641 if (!urb) 642 return -ENOMEM; 643 644 buf = kmalloc(size, mem_flags); 645 if (!buf) { 646 usb_free_urb(urb); 647 return -ENOMEM; 648 } 649 650 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 651 652 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 653 btusb_bulk_complete, hdev); 654 655 urb->transfer_flags |= URB_FREE_BUFFER; 656 657 usb_mark_last_busy(data->udev); 658 usb_anchor_urb(urb, &data->bulk_anchor); 659 660 err = usb_submit_urb(urb, mem_flags); 661 if (err < 0) { 662 if (err != -EPERM && err != -ENODEV) 663 BT_ERR("%s urb %p submission failed (%d)", 664 hdev->name, urb, -err); 665 usb_unanchor_urb(urb); 666 } 667 668 usb_free_urb(urb); 669 670 return err; 671 } 672 673 static void btusb_isoc_complete(struct urb *urb) 674 { 675 struct hci_dev *hdev = urb->context; 676 struct btusb_data *data = hci_get_drvdata(hdev); 677 int i, err; 678 679 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 680 urb->actual_length); 681 682 if (!test_bit(HCI_RUNNING, &hdev->flags)) 683 return; 684 685 if (urb->status == 0) { 686 for (i = 0; i < urb->number_of_packets; i++) { 687 unsigned int offset = urb->iso_frame_desc[i].offset; 688 unsigned int length = urb->iso_frame_desc[i].actual_length; 689 690 if (urb->iso_frame_desc[i].status) 691 continue; 692 693 hdev->stat.byte_rx += length; 694 695 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 696 length) < 0) { 697 BT_ERR("%s corrupted SCO packet", hdev->name); 698 hdev->stat.err_rx++; 699 } 700 } 701 } else if (urb->status == -ENOENT) { 702 /* Avoid suspend failed when usb_kill_urb */ 703 return; 704 } 705 706 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 707 return; 708 709 usb_anchor_urb(urb, &data->isoc_anchor); 710 711 err = usb_submit_urb(urb, GFP_ATOMIC); 712 if (err < 0) { 713 /* -EPERM: urb is being killed; 714 * -ENODEV: device got disconnected */ 715 if (err != -EPERM && err != -ENODEV) 716 BT_ERR("%s urb %p failed to resubmit (%d)", 717 hdev->name, urb, -err); 718 usb_unanchor_urb(urb); 719 } 720 } 721 722 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 723 { 724 int i, offset = 0; 725 726 BT_DBG("len %d mtu %d", len, mtu); 727 728 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 729 i++, offset += mtu, len -= mtu) { 730 urb->iso_frame_desc[i].offset = offset; 731 urb->iso_frame_desc[i].length = mtu; 732 } 733 734 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 735 urb->iso_frame_desc[i].offset = offset; 736 urb->iso_frame_desc[i].length = len; 737 i++; 738 } 739 740 urb->number_of_packets = i; 741 } 742 743 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 744 { 745 struct btusb_data *data = hci_get_drvdata(hdev); 746 struct urb *urb; 747 unsigned char *buf; 748 unsigned int pipe; 749 int err, size; 750 751 BT_DBG("%s", hdev->name); 752 753 if (!data->isoc_rx_ep) 754 return -ENODEV; 755 756 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 757 if (!urb) 758 return -ENOMEM; 759 760 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 761 BTUSB_MAX_ISOC_FRAMES; 762 763 buf = kmalloc(size, mem_flags); 764 if (!buf) { 765 usb_free_urb(urb); 766 return -ENOMEM; 767 } 768 769 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 770 771 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 772 hdev, data->isoc_rx_ep->bInterval); 773 774 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 775 776 __fill_isoc_descriptor(urb, size, 777 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 778 779 usb_anchor_urb(urb, &data->isoc_anchor); 780 781 err = usb_submit_urb(urb, mem_flags); 782 if (err < 0) { 783 if (err != -EPERM && err != -ENODEV) 784 BT_ERR("%s urb %p submission failed (%d)", 785 hdev->name, urb, -err); 786 usb_unanchor_urb(urb); 787 } 788 789 usb_free_urb(urb); 790 791 return err; 792 } 793 794 static void btusb_tx_complete(struct urb *urb) 795 { 796 struct sk_buff *skb = urb->context; 797 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 798 struct btusb_data *data = hci_get_drvdata(hdev); 799 800 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 801 urb->actual_length); 802 803 if (!test_bit(HCI_RUNNING, &hdev->flags)) 804 goto done; 805 806 if (!urb->status) 807 hdev->stat.byte_tx += urb->transfer_buffer_length; 808 else 809 hdev->stat.err_tx++; 810 811 done: 812 spin_lock(&data->txlock); 813 data->tx_in_flight--; 814 spin_unlock(&data->txlock); 815 816 kfree(urb->setup_packet); 817 818 kfree_skb(skb); 819 } 820 821 static void btusb_isoc_tx_complete(struct urb *urb) 822 { 823 struct sk_buff *skb = urb->context; 824 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 825 826 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 827 urb->actual_length); 828 829 if (!test_bit(HCI_RUNNING, &hdev->flags)) 830 goto done; 831 832 if (!urb->status) 833 hdev->stat.byte_tx += urb->transfer_buffer_length; 834 else 835 hdev->stat.err_tx++; 836 837 done: 838 kfree(urb->setup_packet); 839 840 kfree_skb(skb); 841 } 842 843 static int btusb_open(struct hci_dev *hdev) 844 { 845 struct btusb_data *data = hci_get_drvdata(hdev); 846 int err; 847 848 BT_DBG("%s", hdev->name); 849 850 err = usb_autopm_get_interface(data->intf); 851 if (err < 0) 852 return err; 853 854 data->intf->needs_remote_wakeup = 1; 855 856 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 857 goto done; 858 859 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 860 goto done; 861 862 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 863 if (err < 0) 864 goto failed; 865 866 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 867 if (err < 0) { 868 usb_kill_anchored_urbs(&data->intr_anchor); 869 goto failed; 870 } 871 872 set_bit(BTUSB_BULK_RUNNING, &data->flags); 873 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 874 875 done: 876 usb_autopm_put_interface(data->intf); 877 return 0; 878 879 failed: 880 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 881 clear_bit(HCI_RUNNING, &hdev->flags); 882 usb_autopm_put_interface(data->intf); 883 return err; 884 } 885 886 static void btusb_stop_traffic(struct btusb_data *data) 887 { 888 usb_kill_anchored_urbs(&data->intr_anchor); 889 usb_kill_anchored_urbs(&data->bulk_anchor); 890 usb_kill_anchored_urbs(&data->isoc_anchor); 891 } 892 893 static int btusb_close(struct hci_dev *hdev) 894 { 895 struct btusb_data *data = hci_get_drvdata(hdev); 896 int err; 897 898 BT_DBG("%s", hdev->name); 899 900 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 901 return 0; 902 903 cancel_work_sync(&data->work); 904 cancel_work_sync(&data->waker); 905 906 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 907 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 908 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 909 910 btusb_stop_traffic(data); 911 btusb_free_frags(data); 912 913 err = usb_autopm_get_interface(data->intf); 914 if (err < 0) 915 goto failed; 916 917 data->intf->needs_remote_wakeup = 0; 918 usb_autopm_put_interface(data->intf); 919 920 failed: 921 usb_scuttle_anchored_urbs(&data->deferred); 922 return 0; 923 } 924 925 static int btusb_flush(struct hci_dev *hdev) 926 { 927 struct btusb_data *data = hci_get_drvdata(hdev); 928 929 BT_DBG("%s", hdev->name); 930 931 usb_kill_anchored_urbs(&data->tx_anchor); 932 btusb_free_frags(data); 933 934 return 0; 935 } 936 937 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 938 { 939 struct btusb_data *data = hci_get_drvdata(hdev); 940 struct usb_ctrlrequest *dr; 941 struct urb *urb; 942 unsigned int pipe; 943 944 urb = usb_alloc_urb(0, GFP_KERNEL); 945 if (!urb) 946 return ERR_PTR(-ENOMEM); 947 948 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 949 if (!dr) { 950 usb_free_urb(urb); 951 return ERR_PTR(-ENOMEM); 952 } 953 954 dr->bRequestType = data->cmdreq_type; 955 dr->bRequest = 0; 956 dr->wIndex = 0; 957 dr->wValue = 0; 958 dr->wLength = __cpu_to_le16(skb->len); 959 960 pipe = usb_sndctrlpipe(data->udev, 0x00); 961 962 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 963 skb->data, skb->len, btusb_tx_complete, skb); 964 965 skb->dev = (void *)hdev; 966 967 return urb; 968 } 969 970 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 971 { 972 struct btusb_data *data = hci_get_drvdata(hdev); 973 struct urb *urb; 974 unsigned int pipe; 975 976 if (!data->bulk_tx_ep) 977 return ERR_PTR(-ENODEV); 978 979 urb = usb_alloc_urb(0, GFP_KERNEL); 980 if (!urb) 981 return ERR_PTR(-ENOMEM); 982 983 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 984 985 usb_fill_bulk_urb(urb, data->udev, pipe, 986 skb->data, skb->len, btusb_tx_complete, skb); 987 988 skb->dev = (void *)hdev; 989 990 return urb; 991 } 992 993 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 994 { 995 struct btusb_data *data = hci_get_drvdata(hdev); 996 struct urb *urb; 997 unsigned int pipe; 998 999 if (!data->isoc_tx_ep) 1000 return ERR_PTR(-ENODEV); 1001 1002 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1003 if (!urb) 1004 return ERR_PTR(-ENOMEM); 1005 1006 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1007 1008 usb_fill_int_urb(urb, data->udev, pipe, 1009 skb->data, skb->len, btusb_isoc_tx_complete, 1010 skb, data->isoc_tx_ep->bInterval); 1011 1012 urb->transfer_flags = URB_ISO_ASAP; 1013 1014 __fill_isoc_descriptor(urb, skb->len, 1015 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1016 1017 skb->dev = (void *)hdev; 1018 1019 return urb; 1020 } 1021 1022 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1023 { 1024 struct btusb_data *data = hci_get_drvdata(hdev); 1025 int err; 1026 1027 usb_anchor_urb(urb, &data->tx_anchor); 1028 1029 err = usb_submit_urb(urb, GFP_KERNEL); 1030 if (err < 0) { 1031 if (err != -EPERM && err != -ENODEV) 1032 BT_ERR("%s urb %p submission failed (%d)", 1033 hdev->name, urb, -err); 1034 kfree(urb->setup_packet); 1035 usb_unanchor_urb(urb); 1036 } else { 1037 usb_mark_last_busy(data->udev); 1038 } 1039 1040 usb_free_urb(urb); 1041 return err; 1042 } 1043 1044 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1045 { 1046 struct btusb_data *data = hci_get_drvdata(hdev); 1047 unsigned long flags; 1048 bool suspending; 1049 1050 spin_lock_irqsave(&data->txlock, flags); 1051 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1052 if (!suspending) 1053 data->tx_in_flight++; 1054 spin_unlock_irqrestore(&data->txlock, flags); 1055 1056 if (!suspending) 1057 return submit_tx_urb(hdev, urb); 1058 1059 usb_anchor_urb(urb, &data->deferred); 1060 schedule_work(&data->waker); 1061 1062 usb_free_urb(urb); 1063 return 0; 1064 } 1065 1066 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1067 { 1068 struct urb *urb; 1069 1070 BT_DBG("%s", hdev->name); 1071 1072 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1073 return -EBUSY; 1074 1075 switch (bt_cb(skb)->pkt_type) { 1076 case HCI_COMMAND_PKT: 1077 urb = alloc_ctrl_urb(hdev, skb); 1078 if (IS_ERR(urb)) 1079 return PTR_ERR(urb); 1080 1081 hdev->stat.cmd_tx++; 1082 return submit_or_queue_tx_urb(hdev, urb); 1083 1084 case HCI_ACLDATA_PKT: 1085 urb = alloc_bulk_urb(hdev, skb); 1086 if (IS_ERR(urb)) 1087 return PTR_ERR(urb); 1088 1089 hdev->stat.acl_tx++; 1090 return submit_or_queue_tx_urb(hdev, urb); 1091 1092 case HCI_SCODATA_PKT: 1093 if (hci_conn_num(hdev, SCO_LINK) < 1) 1094 return -ENODEV; 1095 1096 urb = alloc_isoc_urb(hdev, skb); 1097 if (IS_ERR(urb)) 1098 return PTR_ERR(urb); 1099 1100 hdev->stat.sco_tx++; 1101 return submit_tx_urb(hdev, urb); 1102 } 1103 1104 return -EILSEQ; 1105 } 1106 1107 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1108 { 1109 struct btusb_data *data = hci_get_drvdata(hdev); 1110 1111 BT_DBG("%s evt %d", hdev->name, evt); 1112 1113 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1114 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1115 schedule_work(&data->work); 1116 } 1117 } 1118 1119 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1120 { 1121 struct btusb_data *data = hci_get_drvdata(hdev); 1122 struct usb_interface *intf = data->isoc; 1123 struct usb_endpoint_descriptor *ep_desc; 1124 int i, err; 1125 1126 if (!data->isoc) 1127 return -ENODEV; 1128 1129 err = usb_set_interface(data->udev, 1, altsetting); 1130 if (err < 0) { 1131 BT_ERR("%s setting interface failed (%d)", hdev->name, -err); 1132 return err; 1133 } 1134 1135 data->isoc_altsetting = altsetting; 1136 1137 data->isoc_tx_ep = NULL; 1138 data->isoc_rx_ep = NULL; 1139 1140 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1141 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1142 1143 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1144 data->isoc_tx_ep = ep_desc; 1145 continue; 1146 } 1147 1148 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1149 data->isoc_rx_ep = ep_desc; 1150 continue; 1151 } 1152 } 1153 1154 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1155 BT_ERR("%s invalid SCO descriptors", hdev->name); 1156 return -ENODEV; 1157 } 1158 1159 return 0; 1160 } 1161 1162 static void btusb_work(struct work_struct *work) 1163 { 1164 struct btusb_data *data = container_of(work, struct btusb_data, work); 1165 struct hci_dev *hdev = data->hdev; 1166 int new_alts; 1167 int err; 1168 1169 if (data->sco_num > 0) { 1170 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1171 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1172 if (err < 0) { 1173 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1174 usb_kill_anchored_urbs(&data->isoc_anchor); 1175 return; 1176 } 1177 1178 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1179 } 1180 1181 if (hdev->voice_setting & 0x0020) { 1182 static const int alts[3] = { 2, 4, 5 }; 1183 1184 new_alts = alts[data->sco_num - 1]; 1185 } else { 1186 new_alts = data->sco_num; 1187 } 1188 1189 if (data->isoc_altsetting != new_alts) { 1190 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1191 usb_kill_anchored_urbs(&data->isoc_anchor); 1192 1193 if (__set_isoc_interface(hdev, new_alts) < 0) 1194 return; 1195 } 1196 1197 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1198 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1199 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1200 else 1201 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1202 } 1203 } else { 1204 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1205 usb_kill_anchored_urbs(&data->isoc_anchor); 1206 1207 __set_isoc_interface(hdev, 0); 1208 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1209 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1210 } 1211 } 1212 1213 static void btusb_waker(struct work_struct *work) 1214 { 1215 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1216 int err; 1217 1218 err = usb_autopm_get_interface(data->intf); 1219 if (err < 0) 1220 return; 1221 1222 usb_autopm_put_interface(data->intf); 1223 } 1224 1225 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1226 { 1227 struct sk_buff *skb; 1228 u8 val = 0x00; 1229 1230 BT_DBG("%s", hdev->name); 1231 1232 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1233 if (IS_ERR(skb)) 1234 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); 1235 else 1236 kfree_skb(skb); 1237 1238 return 0; 1239 } 1240 1241 static int btusb_setup_csr(struct hci_dev *hdev) 1242 { 1243 struct hci_rp_read_local_version *rp; 1244 struct sk_buff *skb; 1245 int ret; 1246 1247 BT_DBG("%s", hdev->name); 1248 1249 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1250 HCI_INIT_TIMEOUT); 1251 if (IS_ERR(skb)) { 1252 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); 1253 return -PTR_ERR(skb); 1254 } 1255 1256 rp = (struct hci_rp_read_local_version *)skb->data; 1257 1258 if (!rp->status) { 1259 if (le16_to_cpu(rp->manufacturer) != 10) { 1260 /* Clear the reset quirk since this is not an actual 1261 * early Bluetooth 1.1 device from CSR. 1262 */ 1263 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1264 1265 /* These fake CSR controllers have all a broken 1266 * stored link key handling and so just disable it. 1267 */ 1268 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, 1269 &hdev->quirks); 1270 } 1271 } 1272 1273 ret = -bt_to_errno(rp->status); 1274 1275 kfree_skb(skb); 1276 1277 return ret; 1278 } 1279 1280 struct intel_version { 1281 u8 status; 1282 u8 hw_platform; 1283 u8 hw_variant; 1284 u8 hw_revision; 1285 u8 fw_variant; 1286 u8 fw_revision; 1287 u8 fw_build_num; 1288 u8 fw_build_ww; 1289 u8 fw_build_yy; 1290 u8 fw_patch_num; 1291 } __packed; 1292 1293 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1294 struct intel_version *ver) 1295 { 1296 const struct firmware *fw; 1297 char fwname[64]; 1298 int ret; 1299 1300 snprintf(fwname, sizeof(fwname), 1301 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1302 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1303 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1304 ver->fw_build_ww, ver->fw_build_yy); 1305 1306 ret = request_firmware(&fw, fwname, &hdev->dev); 1307 if (ret < 0) { 1308 if (ret == -EINVAL) { 1309 BT_ERR("%s Intel firmware file request failed (%d)", 1310 hdev->name, ret); 1311 return NULL; 1312 } 1313 1314 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1315 hdev->name, fwname, ret); 1316 1317 /* If the correct firmware patch file is not found, use the 1318 * default firmware patch file instead 1319 */ 1320 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1321 ver->hw_platform, ver->hw_variant); 1322 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1323 BT_ERR("%s failed to open default Intel fw file: %s", 1324 hdev->name, fwname); 1325 return NULL; 1326 } 1327 } 1328 1329 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); 1330 1331 return fw; 1332 } 1333 1334 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1335 const struct firmware *fw, 1336 const u8 **fw_ptr, int *disable_patch) 1337 { 1338 struct sk_buff *skb; 1339 struct hci_command_hdr *cmd; 1340 const u8 *cmd_param; 1341 struct hci_event_hdr *evt = NULL; 1342 const u8 *evt_param = NULL; 1343 int remain = fw->size - (*fw_ptr - fw->data); 1344 1345 /* The first byte indicates the types of the patch command or event. 1346 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1347 * in the current firmware buffer doesn't start with 0x01 or 1348 * the size of remain buffer is smaller than HCI command header, 1349 * the firmware file is corrupted and it should stop the patching 1350 * process. 1351 */ 1352 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1353 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1354 return -EINVAL; 1355 } 1356 (*fw_ptr)++; 1357 remain--; 1358 1359 cmd = (struct hci_command_hdr *)(*fw_ptr); 1360 *fw_ptr += sizeof(*cmd); 1361 remain -= sizeof(*cmd); 1362 1363 /* Ensure that the remain firmware data is long enough than the length 1364 * of command parameter. If not, the firmware file is corrupted. 1365 */ 1366 if (remain < cmd->plen) { 1367 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1368 return -EFAULT; 1369 } 1370 1371 /* If there is a command that loads a patch in the firmware 1372 * file, then enable the patch upon success, otherwise just 1373 * disable the manufacturer mode, for example patch activation 1374 * is not required when the default firmware patch file is used 1375 * because there are no patch data to load. 1376 */ 1377 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1378 *disable_patch = 0; 1379 1380 cmd_param = *fw_ptr; 1381 *fw_ptr += cmd->plen; 1382 remain -= cmd->plen; 1383 1384 /* This reads the expected events when the above command is sent to the 1385 * device. Some vendor commands expects more than one events, for 1386 * example command status event followed by vendor specific event. 1387 * For this case, it only keeps the last expected event. so the command 1388 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1389 * last expected event. 1390 */ 1391 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1392 (*fw_ptr)++; 1393 remain--; 1394 1395 evt = (struct hci_event_hdr *)(*fw_ptr); 1396 *fw_ptr += sizeof(*evt); 1397 remain -= sizeof(*evt); 1398 1399 if (remain < evt->plen) { 1400 BT_ERR("%s Intel fw corrupted: invalid evt len", 1401 hdev->name); 1402 return -EFAULT; 1403 } 1404 1405 evt_param = *fw_ptr; 1406 *fw_ptr += evt->plen; 1407 remain -= evt->plen; 1408 } 1409 1410 /* Every HCI commands in the firmware file has its correspond event. 1411 * If event is not found or remain is smaller than zero, the firmware 1412 * file is corrupted. 1413 */ 1414 if (!evt || !evt_param || remain < 0) { 1415 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1416 return -EFAULT; 1417 } 1418 1419 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1420 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1421 if (IS_ERR(skb)) { 1422 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1423 hdev->name, cmd->opcode, PTR_ERR(skb)); 1424 return PTR_ERR(skb); 1425 } 1426 1427 /* It ensures that the returned event matches the event data read from 1428 * the firmware file. At fist, it checks the length and then 1429 * the contents of the event. 1430 */ 1431 if (skb->len != evt->plen) { 1432 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1433 le16_to_cpu(cmd->opcode)); 1434 kfree_skb(skb); 1435 return -EFAULT; 1436 } 1437 1438 if (memcmp(skb->data, evt_param, evt->plen)) { 1439 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1440 hdev->name, le16_to_cpu(cmd->opcode)); 1441 kfree_skb(skb); 1442 return -EFAULT; 1443 } 1444 kfree_skb(skb); 1445 1446 return 0; 1447 } 1448 1449 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 1450 1451 static int btusb_check_bdaddr_intel(struct hci_dev *hdev) 1452 { 1453 struct sk_buff *skb; 1454 struct hci_rp_read_bd_addr *rp; 1455 1456 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1457 HCI_INIT_TIMEOUT); 1458 if (IS_ERR(skb)) { 1459 BT_ERR("%s reading Intel device address failed (%ld)", 1460 hdev->name, PTR_ERR(skb)); 1461 return PTR_ERR(skb); 1462 } 1463 1464 if (skb->len != sizeof(*rp)) { 1465 BT_ERR("%s Intel device address length mismatch", hdev->name); 1466 kfree_skb(skb); 1467 return -EIO; 1468 } 1469 1470 rp = (struct hci_rp_read_bd_addr *)skb->data; 1471 if (rp->status) { 1472 BT_ERR("%s Intel device address result failed (%02x)", 1473 hdev->name, rp->status); 1474 kfree_skb(skb); 1475 return -bt_to_errno(rp->status); 1476 } 1477 1478 /* For some Intel based controllers, the default Bluetooth device 1479 * address 00:03:19:9E:8B:00 can be found. These controllers are 1480 * fully operational, but have the danger of duplicate addresses 1481 * and that in turn can cause problems with Bluetooth operation. 1482 */ 1483 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) { 1484 BT_ERR("%s found Intel default device address (%pMR)", 1485 hdev->name, &rp->bdaddr); 1486 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1487 } 1488 1489 kfree_skb(skb); 1490 1491 return 0; 1492 } 1493 1494 static int btusb_setup_intel(struct hci_dev *hdev) 1495 { 1496 struct sk_buff *skb; 1497 const struct firmware *fw; 1498 const u8 *fw_ptr; 1499 int disable_patch; 1500 struct intel_version *ver; 1501 1502 const u8 mfg_enable[] = { 0x01, 0x00 }; 1503 const u8 mfg_disable[] = { 0x00, 0x00 }; 1504 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 }; 1505 const u8 mfg_reset_activate[] = { 0x00, 0x02 }; 1506 1507 BT_DBG("%s", hdev->name); 1508 1509 /* The controller has a bug with the first HCI command sent to it 1510 * returning number of completed commands as zero. This would stall the 1511 * command processing in the Bluetooth core. 1512 * 1513 * As a workaround, send HCI Reset command first which will reset the 1514 * number of completed commands and allow normal command processing 1515 * from now on. 1516 */ 1517 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1518 if (IS_ERR(skb)) { 1519 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1520 hdev->name, PTR_ERR(skb)); 1521 return PTR_ERR(skb); 1522 } 1523 kfree_skb(skb); 1524 1525 /* Read Intel specific controller version first to allow selection of 1526 * which firmware file to load. 1527 * 1528 * The returned information are hardware variant and revision plus 1529 * firmware variant, revision and build number. 1530 */ 1531 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 1532 if (IS_ERR(skb)) { 1533 BT_ERR("%s reading Intel fw version command failed (%ld)", 1534 hdev->name, PTR_ERR(skb)); 1535 return PTR_ERR(skb); 1536 } 1537 1538 if (skb->len != sizeof(*ver)) { 1539 BT_ERR("%s Intel version event length mismatch", hdev->name); 1540 kfree_skb(skb); 1541 return -EIO; 1542 } 1543 1544 ver = (struct intel_version *)skb->data; 1545 if (ver->status) { 1546 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name, 1547 ver->status); 1548 kfree_skb(skb); 1549 return -bt_to_errno(ver->status); 1550 } 1551 1552 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1553 hdev->name, ver->hw_platform, ver->hw_variant, 1554 ver->hw_revision, ver->fw_variant, ver->fw_revision, 1555 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy, 1556 ver->fw_patch_num); 1557 1558 /* fw_patch_num indicates the version of patch the device currently 1559 * have. If there is no patch data in the device, it is always 0x00. 1560 * So, if it is other than 0x00, no need to patch the deivce again. 1561 */ 1562 if (ver->fw_patch_num) { 1563 BT_INFO("%s: Intel device is already patched. patch num: %02x", 1564 hdev->name, ver->fw_patch_num); 1565 kfree_skb(skb); 1566 btusb_check_bdaddr_intel(hdev); 1567 return 0; 1568 } 1569 1570 /* Opens the firmware patch file based on the firmware version read 1571 * from the controller. If it fails to open the matching firmware 1572 * patch file, it tries to open the default firmware patch file. 1573 * If no patch file is found, allow the device to operate without 1574 * a patch. 1575 */ 1576 fw = btusb_setup_intel_get_fw(hdev, ver); 1577 if (!fw) { 1578 kfree_skb(skb); 1579 btusb_check_bdaddr_intel(hdev); 1580 return 0; 1581 } 1582 fw_ptr = fw->data; 1583 1584 /* This Intel specific command enables the manufacturer mode of the 1585 * controller. 1586 * 1587 * Only while this mode is enabled, the driver can download the 1588 * firmware patch data and configuration parameters. 1589 */ 1590 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT); 1591 if (IS_ERR(skb)) { 1592 BT_ERR("%s entering Intel manufacturer mode failed (%ld)", 1593 hdev->name, PTR_ERR(skb)); 1594 release_firmware(fw); 1595 return PTR_ERR(skb); 1596 } 1597 1598 if (skb->data[0]) { 1599 u8 evt_status = skb->data[0]; 1600 1601 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)", 1602 hdev->name, evt_status); 1603 kfree_skb(skb); 1604 release_firmware(fw); 1605 return -bt_to_errno(evt_status); 1606 } 1607 kfree_skb(skb); 1608 1609 disable_patch = 1; 1610 1611 /* The firmware data file consists of list of Intel specific HCI 1612 * commands and its expected events. The first byte indicates the 1613 * type of the message, either HCI command or HCI event. 1614 * 1615 * It reads the command and its expected event from the firmware file, 1616 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1617 * the returned event is compared with the event read from the firmware 1618 * file and it will continue until all the messages are downloaded to 1619 * the controller. 1620 * 1621 * Once the firmware patching is completed successfully, 1622 * the manufacturer mode is disabled with reset and activating the 1623 * downloaded patch. 1624 * 1625 * If the firmware patching fails, the manufacturer mode is 1626 * disabled with reset and deactivating the patch. 1627 * 1628 * If the default patch file is used, no reset is done when disabling 1629 * the manufacturer. 1630 */ 1631 while (fw->size > fw_ptr - fw->data) { 1632 int ret; 1633 1634 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1635 &disable_patch); 1636 if (ret < 0) 1637 goto exit_mfg_deactivate; 1638 } 1639 1640 release_firmware(fw); 1641 1642 if (disable_patch) 1643 goto exit_mfg_disable; 1644 1645 /* Patching completed successfully and disable the manufacturer mode 1646 * with reset and activate the downloaded firmware patches. 1647 */ 1648 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate), 1649 mfg_reset_activate, HCI_INIT_TIMEOUT); 1650 if (IS_ERR(skb)) { 1651 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1652 hdev->name, PTR_ERR(skb)); 1653 return PTR_ERR(skb); 1654 } 1655 kfree_skb(skb); 1656 1657 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", 1658 hdev->name); 1659 1660 btusb_check_bdaddr_intel(hdev); 1661 return 0; 1662 1663 exit_mfg_disable: 1664 /* Disable the manufacturer mode without reset */ 1665 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable, 1666 HCI_INIT_TIMEOUT); 1667 if (IS_ERR(skb)) { 1668 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1669 hdev->name, PTR_ERR(skb)); 1670 return PTR_ERR(skb); 1671 } 1672 kfree_skb(skb); 1673 1674 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); 1675 1676 btusb_check_bdaddr_intel(hdev); 1677 return 0; 1678 1679 exit_mfg_deactivate: 1680 release_firmware(fw); 1681 1682 /* Patching failed. Disable the manufacturer mode with reset and 1683 * deactivate the downloaded firmware patches. 1684 */ 1685 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate), 1686 mfg_reset_deactivate, HCI_INIT_TIMEOUT); 1687 if (IS_ERR(skb)) { 1688 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1689 hdev->name, PTR_ERR(skb)); 1690 return PTR_ERR(skb); 1691 } 1692 kfree_skb(skb); 1693 1694 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", 1695 hdev->name); 1696 1697 btusb_check_bdaddr_intel(hdev); 1698 return 0; 1699 } 1700 1701 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1702 { 1703 struct sk_buff *skb; 1704 long ret; 1705 1706 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 1707 if (IS_ERR(skb)) { 1708 ret = PTR_ERR(skb); 1709 BT_ERR("%s: changing Intel device address failed (%ld)", 1710 hdev->name, ret); 1711 return ret; 1712 } 1713 kfree_skb(skb); 1714 1715 return 0; 1716 } 1717 1718 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 1719 const bdaddr_t *bdaddr) 1720 { 1721 struct sk_buff *skb; 1722 u8 buf[8]; 1723 long ret; 1724 1725 buf[0] = 0xfe; 1726 buf[1] = sizeof(bdaddr_t); 1727 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 1728 1729 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 1730 if (IS_ERR(skb)) { 1731 ret = PTR_ERR(skb); 1732 BT_ERR("%s: changing Marvell device address failed (%ld)", 1733 hdev->name, ret); 1734 return ret; 1735 } 1736 kfree_skb(skb); 1737 1738 return 0; 1739 } 1740 1741 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}}) 1742 1743 static int btusb_setup_bcm_patchram(struct hci_dev *hdev) 1744 { 1745 struct btusb_data *data = hci_get_drvdata(hdev); 1746 struct usb_device *udev = data->udev; 1747 char fw_name[64]; 1748 const struct firmware *fw; 1749 const u8 *fw_ptr; 1750 size_t fw_size; 1751 const struct hci_command_hdr *cmd; 1752 const u8 *cmd_param; 1753 u16 opcode; 1754 struct sk_buff *skb; 1755 struct hci_rp_read_local_version *ver; 1756 struct hci_rp_read_bd_addr *bda; 1757 long ret; 1758 1759 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd", 1760 udev->product ? udev->product : "BCM", 1761 le16_to_cpu(udev->descriptor.idVendor), 1762 le16_to_cpu(udev->descriptor.idProduct)); 1763 1764 ret = request_firmware(&fw, fw_name, &hdev->dev); 1765 if (ret < 0) { 1766 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name); 1767 return 0; 1768 } 1769 1770 /* Reset */ 1771 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1772 if (IS_ERR(skb)) { 1773 ret = PTR_ERR(skb); 1774 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1775 goto done; 1776 } 1777 kfree_skb(skb); 1778 1779 /* Read Local Version Info */ 1780 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1781 HCI_INIT_TIMEOUT); 1782 if (IS_ERR(skb)) { 1783 ret = PTR_ERR(skb); 1784 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1785 hdev->name, ret); 1786 goto done; 1787 } 1788 1789 if (skb->len != sizeof(*ver)) { 1790 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1791 hdev->name); 1792 kfree_skb(skb); 1793 ret = -EIO; 1794 goto done; 1795 } 1796 1797 ver = (struct hci_rp_read_local_version *)skb->data; 1798 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1799 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1800 ver->lmp_ver, ver->lmp_subver); 1801 kfree_skb(skb); 1802 1803 /* Start Download */ 1804 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); 1805 if (IS_ERR(skb)) { 1806 ret = PTR_ERR(skb); 1807 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", 1808 hdev->name, ret); 1809 goto reset_fw; 1810 } 1811 kfree_skb(skb); 1812 1813 /* 50 msec delay after Download Minidrv completes */ 1814 msleep(50); 1815 1816 fw_ptr = fw->data; 1817 fw_size = fw->size; 1818 1819 while (fw_size >= sizeof(*cmd)) { 1820 cmd = (struct hci_command_hdr *)fw_ptr; 1821 fw_ptr += sizeof(*cmd); 1822 fw_size -= sizeof(*cmd); 1823 1824 if (fw_size < cmd->plen) { 1825 BT_ERR("%s: BCM: patch %s is corrupted", 1826 hdev->name, fw_name); 1827 ret = -EINVAL; 1828 goto reset_fw; 1829 } 1830 1831 cmd_param = fw_ptr; 1832 fw_ptr += cmd->plen; 1833 fw_size -= cmd->plen; 1834 1835 opcode = le16_to_cpu(cmd->opcode); 1836 1837 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, 1838 HCI_INIT_TIMEOUT); 1839 if (IS_ERR(skb)) { 1840 ret = PTR_ERR(skb); 1841 BT_ERR("%s: BCM: patch command %04x failed (%ld)", 1842 hdev->name, opcode, ret); 1843 goto reset_fw; 1844 } 1845 kfree_skb(skb); 1846 } 1847 1848 /* 250 msec delay after Launch Ram completes */ 1849 msleep(250); 1850 1851 reset_fw: 1852 /* Reset */ 1853 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1854 if (IS_ERR(skb)) { 1855 ret = PTR_ERR(skb); 1856 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1857 goto done; 1858 } 1859 kfree_skb(skb); 1860 1861 /* Read Local Version Info */ 1862 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1863 HCI_INIT_TIMEOUT); 1864 if (IS_ERR(skb)) { 1865 ret = PTR_ERR(skb); 1866 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1867 hdev->name, ret); 1868 goto done; 1869 } 1870 1871 if (skb->len != sizeof(*ver)) { 1872 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1873 hdev->name); 1874 kfree_skb(skb); 1875 ret = -EIO; 1876 goto done; 1877 } 1878 1879 ver = (struct hci_rp_read_local_version *)skb->data; 1880 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1881 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1882 ver->lmp_ver, ver->lmp_subver); 1883 kfree_skb(skb); 1884 1885 /* Read BD Address */ 1886 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1887 HCI_INIT_TIMEOUT); 1888 if (IS_ERR(skb)) { 1889 ret = PTR_ERR(skb); 1890 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)", 1891 hdev->name, ret); 1892 goto done; 1893 } 1894 1895 if (skb->len != sizeof(*bda)) { 1896 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch", 1897 hdev->name); 1898 kfree_skb(skb); 1899 ret = -EIO; 1900 goto done; 1901 } 1902 1903 bda = (struct hci_rp_read_bd_addr *)skb->data; 1904 if (bda->status) { 1905 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)", 1906 hdev->name, bda->status); 1907 kfree_skb(skb); 1908 ret = -bt_to_errno(bda->status); 1909 goto done; 1910 } 1911 1912 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller 1913 * with no configured address. 1914 */ 1915 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) { 1916 BT_INFO("%s: BCM: using default device address (%pMR)", 1917 hdev->name, &bda->bdaddr); 1918 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1919 } 1920 1921 kfree_skb(skb); 1922 1923 done: 1924 release_firmware(fw); 1925 1926 return ret; 1927 } 1928 1929 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1930 { 1931 struct sk_buff *skb; 1932 long ret; 1933 1934 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT); 1935 if (IS_ERR(skb)) { 1936 ret = PTR_ERR(skb); 1937 BT_ERR("%s: BCM: Change address command failed (%ld)", 1938 hdev->name, ret); 1939 return ret; 1940 } 1941 kfree_skb(skb); 1942 1943 return 0; 1944 } 1945 1946 static int btusb_probe(struct usb_interface *intf, 1947 const struct usb_device_id *id) 1948 { 1949 struct usb_endpoint_descriptor *ep_desc; 1950 struct btusb_data *data; 1951 struct hci_dev *hdev; 1952 int i, err; 1953 1954 BT_DBG("intf %p id %p", intf, id); 1955 1956 /* interface numbers are hardcoded in the spec */ 1957 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) 1958 return -ENODEV; 1959 1960 if (!id->driver_info) { 1961 const struct usb_device_id *match; 1962 1963 match = usb_match_id(intf, blacklist_table); 1964 if (match) 1965 id = match; 1966 } 1967 1968 if (id->driver_info == BTUSB_IGNORE) 1969 return -ENODEV; 1970 1971 if (id->driver_info & BTUSB_ATH3012) { 1972 struct usb_device *udev = interface_to_usbdev(intf); 1973 1974 /* Old firmware would otherwise let ath3k driver load 1975 * patch and sysconfig files */ 1976 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 1977 return -ENODEV; 1978 } 1979 1980 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 1981 if (!data) 1982 return -ENOMEM; 1983 1984 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1985 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1986 1987 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 1988 data->intr_ep = ep_desc; 1989 continue; 1990 } 1991 1992 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 1993 data->bulk_tx_ep = ep_desc; 1994 continue; 1995 } 1996 1997 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 1998 data->bulk_rx_ep = ep_desc; 1999 continue; 2000 } 2001 } 2002 2003 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 2004 return -ENODEV; 2005 2006 data->cmdreq_type = USB_TYPE_CLASS; 2007 2008 data->udev = interface_to_usbdev(intf); 2009 data->intf = intf; 2010 2011 INIT_WORK(&data->work, btusb_work); 2012 INIT_WORK(&data->waker, btusb_waker); 2013 init_usb_anchor(&data->deferred); 2014 init_usb_anchor(&data->tx_anchor); 2015 spin_lock_init(&data->txlock); 2016 2017 init_usb_anchor(&data->intr_anchor); 2018 init_usb_anchor(&data->bulk_anchor); 2019 init_usb_anchor(&data->isoc_anchor); 2020 spin_lock_init(&data->rxlock); 2021 2022 data->recv_bulk = btusb_recv_bulk; 2023 2024 hdev = hci_alloc_dev(); 2025 if (!hdev) 2026 return -ENOMEM; 2027 2028 hdev->bus = HCI_USB; 2029 hci_set_drvdata(hdev, data); 2030 2031 data->hdev = hdev; 2032 2033 SET_HCIDEV_DEV(hdev, &intf->dev); 2034 2035 hdev->open = btusb_open; 2036 hdev->close = btusb_close; 2037 hdev->flush = btusb_flush; 2038 hdev->send = btusb_send_frame; 2039 hdev->notify = btusb_notify; 2040 2041 if (id->driver_info & BTUSB_BCM92035) 2042 hdev->setup = btusb_setup_bcm92035; 2043 2044 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 2045 hdev->setup = btusb_setup_bcm_patchram; 2046 hdev->set_bdaddr = btusb_set_bdaddr_bcm; 2047 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2048 } 2049 2050 if (id->driver_info & BTUSB_INTEL) { 2051 hdev->setup = btusb_setup_intel; 2052 hdev->set_bdaddr = btusb_set_bdaddr_intel; 2053 } 2054 2055 if (id->driver_info & BTUSB_MARVELL) 2056 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 2057 2058 if (id->driver_info & BTUSB_INTEL_BOOT) 2059 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2060 2061 /* Interface numbers are hardcoded in the specification */ 2062 data->isoc = usb_ifnum_to_if(data->udev, 1); 2063 2064 if (!reset) 2065 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2066 2067 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 2068 if (!disable_scofix) 2069 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 2070 } 2071 2072 if (id->driver_info & BTUSB_BROKEN_ISOC) 2073 data->isoc = NULL; 2074 2075 if (id->driver_info & BTUSB_DIGIANSWER) { 2076 data->cmdreq_type = USB_TYPE_VENDOR; 2077 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2078 } 2079 2080 if (id->driver_info & BTUSB_CSR) { 2081 struct usb_device *udev = data->udev; 2082 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 2083 2084 /* Old firmware would otherwise execute USB reset */ 2085 if (bcdDevice < 0x117) 2086 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2087 2088 /* Fake CSR devices with broken commands */ 2089 if (bcdDevice <= 0x100) 2090 hdev->setup = btusb_setup_csr; 2091 } 2092 2093 if (id->driver_info & BTUSB_SNIFFER) { 2094 struct usb_device *udev = data->udev; 2095 2096 /* New sniffer firmware has crippled HCI interface */ 2097 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 2098 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2099 } 2100 2101 if (id->driver_info & BTUSB_INTEL_BOOT) { 2102 /* A bug in the bootloader causes that interrupt interface is 2103 * only enabled after receiving SetInterface(0, AltSetting=0). 2104 */ 2105 err = usb_set_interface(data->udev, 0, 0); 2106 if (err < 0) { 2107 BT_ERR("failed to set interface 0, alt 0 %d", err); 2108 hci_free_dev(hdev); 2109 return err; 2110 } 2111 } 2112 2113 if (data->isoc) { 2114 err = usb_driver_claim_interface(&btusb_driver, 2115 data->isoc, data); 2116 if (err < 0) { 2117 hci_free_dev(hdev); 2118 return err; 2119 } 2120 } 2121 2122 err = hci_register_dev(hdev); 2123 if (err < 0) { 2124 hci_free_dev(hdev); 2125 return err; 2126 } 2127 2128 usb_set_intfdata(intf, data); 2129 2130 return 0; 2131 } 2132 2133 static void btusb_disconnect(struct usb_interface *intf) 2134 { 2135 struct btusb_data *data = usb_get_intfdata(intf); 2136 struct hci_dev *hdev; 2137 2138 BT_DBG("intf %p", intf); 2139 2140 if (!data) 2141 return; 2142 2143 hdev = data->hdev; 2144 usb_set_intfdata(data->intf, NULL); 2145 2146 if (data->isoc) 2147 usb_set_intfdata(data->isoc, NULL); 2148 2149 hci_unregister_dev(hdev); 2150 2151 if (intf == data->isoc) 2152 usb_driver_release_interface(&btusb_driver, data->intf); 2153 else if (data->isoc) 2154 usb_driver_release_interface(&btusb_driver, data->isoc); 2155 2156 btusb_free_frags(data); 2157 hci_free_dev(hdev); 2158 } 2159 2160 #ifdef CONFIG_PM 2161 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 2162 { 2163 struct btusb_data *data = usb_get_intfdata(intf); 2164 2165 BT_DBG("intf %p", intf); 2166 2167 if (data->suspend_count++) 2168 return 0; 2169 2170 spin_lock_irq(&data->txlock); 2171 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 2172 set_bit(BTUSB_SUSPENDING, &data->flags); 2173 spin_unlock_irq(&data->txlock); 2174 } else { 2175 spin_unlock_irq(&data->txlock); 2176 data->suspend_count--; 2177 return -EBUSY; 2178 } 2179 2180 cancel_work_sync(&data->work); 2181 2182 btusb_stop_traffic(data); 2183 usb_kill_anchored_urbs(&data->tx_anchor); 2184 2185 return 0; 2186 } 2187 2188 static void play_deferred(struct btusb_data *data) 2189 { 2190 struct urb *urb; 2191 int err; 2192 2193 while ((urb = usb_get_from_anchor(&data->deferred))) { 2194 err = usb_submit_urb(urb, GFP_ATOMIC); 2195 if (err < 0) 2196 break; 2197 2198 data->tx_in_flight++; 2199 } 2200 usb_scuttle_anchored_urbs(&data->deferred); 2201 } 2202 2203 static int btusb_resume(struct usb_interface *intf) 2204 { 2205 struct btusb_data *data = usb_get_intfdata(intf); 2206 struct hci_dev *hdev = data->hdev; 2207 int err = 0; 2208 2209 BT_DBG("intf %p", intf); 2210 2211 if (--data->suspend_count) 2212 return 0; 2213 2214 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2215 goto done; 2216 2217 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 2218 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 2219 if (err < 0) { 2220 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2221 goto failed; 2222 } 2223 } 2224 2225 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 2226 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 2227 if (err < 0) { 2228 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 2229 goto failed; 2230 } 2231 2232 btusb_submit_bulk_urb(hdev, GFP_NOIO); 2233 } 2234 2235 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2236 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 2237 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2238 else 2239 btusb_submit_isoc_urb(hdev, GFP_NOIO); 2240 } 2241 2242 spin_lock_irq(&data->txlock); 2243 play_deferred(data); 2244 clear_bit(BTUSB_SUSPENDING, &data->flags); 2245 spin_unlock_irq(&data->txlock); 2246 schedule_work(&data->work); 2247 2248 return 0; 2249 2250 failed: 2251 usb_scuttle_anchored_urbs(&data->deferred); 2252 done: 2253 spin_lock_irq(&data->txlock); 2254 clear_bit(BTUSB_SUSPENDING, &data->flags); 2255 spin_unlock_irq(&data->txlock); 2256 2257 return err; 2258 } 2259 #endif 2260 2261 static struct usb_driver btusb_driver = { 2262 .name = "btusb", 2263 .probe = btusb_probe, 2264 .disconnect = btusb_disconnect, 2265 #ifdef CONFIG_PM 2266 .suspend = btusb_suspend, 2267 .resume = btusb_resume, 2268 #endif 2269 .id_table = btusb_table, 2270 .supports_autosuspend = 1, 2271 .disable_hub_initiated_lpm = 1, 2272 }; 2273 2274 module_usb_driver(btusb_driver); 2275 2276 module_param(disable_scofix, bool, 0644); 2277 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 2278 2279 module_param(force_scofix, bool, 0644); 2280 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 2281 2282 module_param(reset, bool, 0644); 2283 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 2284 2285 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2286 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 2287 MODULE_VERSION(VERSION); 2288 MODULE_LICENSE("GPL"); 2289