1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/firmware.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 31 #define VERSION "0.6" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 36 static bool reset = 1; 37 38 static struct usb_driver btusb_driver; 39 40 #define BTUSB_IGNORE 0x01 41 #define BTUSB_DIGIANSWER 0x02 42 #define BTUSB_CSR 0x04 43 #define BTUSB_SNIFFER 0x08 44 #define BTUSB_BCM92035 0x10 45 #define BTUSB_BROKEN_ISOC 0x20 46 #define BTUSB_WRONG_SCO_MTU 0x40 47 #define BTUSB_ATH3012 0x80 48 #define BTUSB_INTEL 0x100 49 #define BTUSB_INTEL_BOOT 0x200 50 #define BTUSB_BCM_PATCHRAM 0x400 51 #define BTUSB_MARVELL 0x800 52 53 static const struct usb_device_id btusb_table[] = { 54 /* Generic Bluetooth USB device */ 55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 56 57 /* Apple-specific (Broadcom) devices */ 58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) }, 59 60 /* MediaTek MT76x0E */ 61 { USB_DEVICE(0x0e8d, 0x763f) }, 62 63 /* Broadcom SoftSailing reporting vendor specific */ 64 { USB_DEVICE(0x0a5c, 0x21e1) }, 65 66 /* Apple MacBookPro 7,1 */ 67 { USB_DEVICE(0x05ac, 0x8213) }, 68 69 /* Apple iMac11,1 */ 70 { USB_DEVICE(0x05ac, 0x8215) }, 71 72 /* Apple MacBookPro6,2 */ 73 { USB_DEVICE(0x05ac, 0x8218) }, 74 75 /* Apple MacBookAir3,1, MacBookAir3,2 */ 76 { USB_DEVICE(0x05ac, 0x821b) }, 77 78 /* Apple MacBookAir4,1 */ 79 { USB_DEVICE(0x05ac, 0x821f) }, 80 81 /* Apple MacBookPro8,2 */ 82 { USB_DEVICE(0x05ac, 0x821a) }, 83 84 /* Apple MacMini5,1 */ 85 { USB_DEVICE(0x05ac, 0x8281) }, 86 87 /* AVM BlueFRITZ! USB v2.0 */ 88 { USB_DEVICE(0x057c, 0x3800) }, 89 90 /* Bluetooth Ultraport Module from IBM */ 91 { USB_DEVICE(0x04bf, 0x030a) }, 92 93 /* ALPS Modules with non-standard id */ 94 { USB_DEVICE(0x044e, 0x3001) }, 95 { USB_DEVICE(0x044e, 0x3002) }, 96 97 /* Ericsson with non-standard id */ 98 { USB_DEVICE(0x0bdb, 0x1002) }, 99 100 /* Canyon CN-BTU1 with HID interfaces */ 101 { USB_DEVICE(0x0c10, 0x0000) }, 102 103 /* Broadcom BCM20702A0 */ 104 { USB_DEVICE(0x0489, 0xe042) }, 105 { USB_DEVICE(0x04ca, 0x2003) }, 106 { USB_DEVICE(0x0b05, 0x17b5) }, 107 { USB_DEVICE(0x0b05, 0x17cb) }, 108 { USB_DEVICE(0x413c, 0x8197) }, 109 { USB_DEVICE(0x13d3, 0x3404), 110 .driver_info = BTUSB_BCM_PATCHRAM }, 111 112 /* Foxconn - Hon Hai */ 113 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 114 .driver_info = BTUSB_BCM_PATCHRAM }, 115 116 /* Broadcom devices with vendor specific id */ 117 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 118 .driver_info = BTUSB_BCM_PATCHRAM }, 119 120 /* ASUSTek Computer - Broadcom based */ 121 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, 122 123 /* Belkin F8065bf - Broadcom based */ 124 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, 125 126 /* IMC Networks - Broadcom based */ 127 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, 128 129 /* Intel Bluetooth USB Bootloader (RAM module) */ 130 { USB_DEVICE(0x8087, 0x0a5a), 131 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 132 133 { } /* Terminating entry */ 134 }; 135 136 MODULE_DEVICE_TABLE(usb, btusb_table); 137 138 static const struct usb_device_id blacklist_table[] = { 139 /* CSR BlueCore devices */ 140 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 141 142 /* Broadcom BCM2033 without firmware */ 143 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 144 145 /* Atheros 3011 with sflash firmware */ 146 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 147 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 148 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 149 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 150 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 151 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 152 153 /* Atheros AR9285 Malbec with sflash firmware */ 154 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 155 156 /* Atheros 3012 with sflash firmware */ 157 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 158 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 159 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 160 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 161 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 162 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 163 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 164 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 165 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 166 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 167 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 168 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 169 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 170 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 171 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 172 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 173 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 174 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 175 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 176 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 177 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 178 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 179 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 180 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 181 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 182 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 183 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 184 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 185 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 186 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 187 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 188 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 189 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 190 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 191 192 /* Atheros AR5BBU12 with sflash firmware */ 193 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 194 195 /* Atheros AR5BBU12 with sflash firmware */ 196 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 197 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 198 199 /* Broadcom BCM2035 */ 200 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 201 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 202 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 203 204 /* Broadcom BCM2045 */ 205 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 206 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 207 208 /* IBM/Lenovo ThinkPad with Broadcom chip */ 209 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 210 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 211 212 /* HP laptop with Broadcom chip */ 213 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 214 215 /* Dell laptop with Broadcom chip */ 216 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 217 218 /* Dell Wireless 370 and 410 devices */ 219 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 220 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 221 222 /* Belkin F8T012 and F8T013 devices */ 223 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 224 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 225 226 /* Asus WL-BTD202 device */ 227 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 228 229 /* Kensington Bluetooth USB adapter */ 230 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 231 232 /* RTX Telecom based adapters with buggy SCO support */ 233 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 234 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 235 236 /* CONWISE Technology based adapters with buggy SCO support */ 237 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, 238 239 /* Digianswer devices */ 240 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 241 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 242 243 /* CSR BlueCore Bluetooth Sniffer */ 244 { USB_DEVICE(0x0a12, 0x0002), 245 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 246 247 /* Frontline ComProbe Bluetooth Sniffer */ 248 { USB_DEVICE(0x16d3, 0x0002), 249 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 250 251 /* Intel Bluetooth device */ 252 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 253 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 254 255 /* Marvell device */ 256 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 257 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 258 259 { } /* Terminating entry */ 260 }; 261 262 #define BTUSB_MAX_ISOC_FRAMES 10 263 264 #define BTUSB_INTR_RUNNING 0 265 #define BTUSB_BULK_RUNNING 1 266 #define BTUSB_ISOC_RUNNING 2 267 #define BTUSB_SUSPENDING 3 268 #define BTUSB_DID_ISO_RESUME 4 269 270 struct btusb_data { 271 struct hci_dev *hdev; 272 struct usb_device *udev; 273 struct usb_interface *intf; 274 struct usb_interface *isoc; 275 276 unsigned long flags; 277 278 struct work_struct work; 279 struct work_struct waker; 280 281 struct usb_anchor deferred; 282 struct usb_anchor tx_anchor; 283 int tx_in_flight; 284 spinlock_t txlock; 285 286 struct usb_anchor intr_anchor; 287 struct usb_anchor bulk_anchor; 288 struct usb_anchor isoc_anchor; 289 spinlock_t rxlock; 290 291 struct sk_buff *evt_skb; 292 struct sk_buff *acl_skb; 293 struct sk_buff *sco_skb; 294 295 struct usb_endpoint_descriptor *intr_ep; 296 struct usb_endpoint_descriptor *bulk_tx_ep; 297 struct usb_endpoint_descriptor *bulk_rx_ep; 298 struct usb_endpoint_descriptor *isoc_tx_ep; 299 struct usb_endpoint_descriptor *isoc_rx_ep; 300 301 __u8 cmdreq_type; 302 303 unsigned int sco_num; 304 int isoc_altsetting; 305 int suspend_count; 306 307 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 308 }; 309 310 static inline void btusb_free_frags(struct btusb_data *data) 311 { 312 unsigned long flags; 313 314 spin_lock_irqsave(&data->rxlock, flags); 315 316 kfree_skb(data->evt_skb); 317 data->evt_skb = NULL; 318 319 kfree_skb(data->acl_skb); 320 data->acl_skb = NULL; 321 322 kfree_skb(data->sco_skb); 323 data->sco_skb = NULL; 324 325 spin_unlock_irqrestore(&data->rxlock, flags); 326 } 327 328 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 329 { 330 struct sk_buff *skb; 331 int err = 0; 332 333 spin_lock(&data->rxlock); 334 skb = data->evt_skb; 335 336 while (count) { 337 int len; 338 339 if (!skb) { 340 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 341 if (!skb) { 342 err = -ENOMEM; 343 break; 344 } 345 346 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 347 bt_cb(skb)->expect = HCI_EVENT_HDR_SIZE; 348 } 349 350 len = min_t(uint, bt_cb(skb)->expect, count); 351 memcpy(skb_put(skb, len), buffer, len); 352 353 count -= len; 354 buffer += len; 355 bt_cb(skb)->expect -= len; 356 357 if (skb->len == HCI_EVENT_HDR_SIZE) { 358 /* Complete event header */ 359 bt_cb(skb)->expect = hci_event_hdr(skb)->plen; 360 361 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 362 kfree_skb(skb); 363 skb = NULL; 364 365 err = -EILSEQ; 366 break; 367 } 368 } 369 370 if (bt_cb(skb)->expect == 0) { 371 /* Complete frame */ 372 hci_recv_frame(data->hdev, skb); 373 skb = NULL; 374 } 375 } 376 377 data->evt_skb = skb; 378 spin_unlock(&data->rxlock); 379 380 return err; 381 } 382 383 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 384 { 385 struct sk_buff *skb; 386 int err = 0; 387 388 spin_lock(&data->rxlock); 389 skb = data->acl_skb; 390 391 while (count) { 392 int len; 393 394 if (!skb) { 395 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 396 if (!skb) { 397 err = -ENOMEM; 398 break; 399 } 400 401 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 402 bt_cb(skb)->expect = HCI_ACL_HDR_SIZE; 403 } 404 405 len = min_t(uint, bt_cb(skb)->expect, count); 406 memcpy(skb_put(skb, len), buffer, len); 407 408 count -= len; 409 buffer += len; 410 bt_cb(skb)->expect -= len; 411 412 if (skb->len == HCI_ACL_HDR_SIZE) { 413 __le16 dlen = hci_acl_hdr(skb)->dlen; 414 415 /* Complete ACL header */ 416 bt_cb(skb)->expect = __le16_to_cpu(dlen); 417 418 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 419 kfree_skb(skb); 420 skb = NULL; 421 422 err = -EILSEQ; 423 break; 424 } 425 } 426 427 if (bt_cb(skb)->expect == 0) { 428 /* Complete frame */ 429 hci_recv_frame(data->hdev, skb); 430 skb = NULL; 431 } 432 } 433 434 data->acl_skb = skb; 435 spin_unlock(&data->rxlock); 436 437 return err; 438 } 439 440 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 441 { 442 struct sk_buff *skb; 443 int err = 0; 444 445 spin_lock(&data->rxlock); 446 skb = data->sco_skb; 447 448 while (count) { 449 int len; 450 451 if (!skb) { 452 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 453 if (!skb) { 454 err = -ENOMEM; 455 break; 456 } 457 458 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 459 bt_cb(skb)->expect = HCI_SCO_HDR_SIZE; 460 } 461 462 len = min_t(uint, bt_cb(skb)->expect, count); 463 memcpy(skb_put(skb, len), buffer, len); 464 465 count -= len; 466 buffer += len; 467 bt_cb(skb)->expect -= len; 468 469 if (skb->len == HCI_SCO_HDR_SIZE) { 470 /* Complete SCO header */ 471 bt_cb(skb)->expect = hci_sco_hdr(skb)->dlen; 472 473 if (skb_tailroom(skb) < bt_cb(skb)->expect) { 474 kfree_skb(skb); 475 skb = NULL; 476 477 err = -EILSEQ; 478 break; 479 } 480 } 481 482 if (bt_cb(skb)->expect == 0) { 483 /* Complete frame */ 484 hci_recv_frame(data->hdev, skb); 485 skb = NULL; 486 } 487 } 488 489 data->sco_skb = skb; 490 spin_unlock(&data->rxlock); 491 492 return err; 493 } 494 495 static void btusb_intr_complete(struct urb *urb) 496 { 497 struct hci_dev *hdev = urb->context; 498 struct btusb_data *data = hci_get_drvdata(hdev); 499 int err; 500 501 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 502 urb->actual_length); 503 504 if (!test_bit(HCI_RUNNING, &hdev->flags)) 505 return; 506 507 if (urb->status == 0) { 508 hdev->stat.byte_rx += urb->actual_length; 509 510 if (btusb_recv_intr(data, urb->transfer_buffer, 511 urb->actual_length) < 0) { 512 BT_ERR("%s corrupted event packet", hdev->name); 513 hdev->stat.err_rx++; 514 } 515 } else if (urb->status == -ENOENT) { 516 /* Avoid suspend failed when usb_kill_urb */ 517 return; 518 } 519 520 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 521 return; 522 523 usb_mark_last_busy(data->udev); 524 usb_anchor_urb(urb, &data->intr_anchor); 525 526 err = usb_submit_urb(urb, GFP_ATOMIC); 527 if (err < 0) { 528 /* -EPERM: urb is being killed; 529 * -ENODEV: device got disconnected */ 530 if (err != -EPERM && err != -ENODEV) 531 BT_ERR("%s urb %p failed to resubmit (%d)", 532 hdev->name, urb, -err); 533 usb_unanchor_urb(urb); 534 } 535 } 536 537 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 538 { 539 struct btusb_data *data = hci_get_drvdata(hdev); 540 struct urb *urb; 541 unsigned char *buf; 542 unsigned int pipe; 543 int err, size; 544 545 BT_DBG("%s", hdev->name); 546 547 if (!data->intr_ep) 548 return -ENODEV; 549 550 urb = usb_alloc_urb(0, mem_flags); 551 if (!urb) 552 return -ENOMEM; 553 554 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 555 556 buf = kmalloc(size, mem_flags); 557 if (!buf) { 558 usb_free_urb(urb); 559 return -ENOMEM; 560 } 561 562 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 563 564 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 565 btusb_intr_complete, hdev, data->intr_ep->bInterval); 566 567 urb->transfer_flags |= URB_FREE_BUFFER; 568 569 usb_anchor_urb(urb, &data->intr_anchor); 570 571 err = usb_submit_urb(urb, mem_flags); 572 if (err < 0) { 573 if (err != -EPERM && err != -ENODEV) 574 BT_ERR("%s urb %p submission failed (%d)", 575 hdev->name, urb, -err); 576 usb_unanchor_urb(urb); 577 } 578 579 usb_free_urb(urb); 580 581 return err; 582 } 583 584 static void btusb_bulk_complete(struct urb *urb) 585 { 586 struct hci_dev *hdev = urb->context; 587 struct btusb_data *data = hci_get_drvdata(hdev); 588 int err; 589 590 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 591 urb->actual_length); 592 593 if (!test_bit(HCI_RUNNING, &hdev->flags)) 594 return; 595 596 if (urb->status == 0) { 597 hdev->stat.byte_rx += urb->actual_length; 598 599 if (data->recv_bulk(data, urb->transfer_buffer, 600 urb->actual_length) < 0) { 601 BT_ERR("%s corrupted ACL packet", hdev->name); 602 hdev->stat.err_rx++; 603 } 604 } else if (urb->status == -ENOENT) { 605 /* Avoid suspend failed when usb_kill_urb */ 606 return; 607 } 608 609 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 610 return; 611 612 usb_anchor_urb(urb, &data->bulk_anchor); 613 usb_mark_last_busy(data->udev); 614 615 err = usb_submit_urb(urb, GFP_ATOMIC); 616 if (err < 0) { 617 /* -EPERM: urb is being killed; 618 * -ENODEV: device got disconnected */ 619 if (err != -EPERM && err != -ENODEV) 620 BT_ERR("%s urb %p failed to resubmit (%d)", 621 hdev->name, urb, -err); 622 usb_unanchor_urb(urb); 623 } 624 } 625 626 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 627 { 628 struct btusb_data *data = hci_get_drvdata(hdev); 629 struct urb *urb; 630 unsigned char *buf; 631 unsigned int pipe; 632 int err, size = HCI_MAX_FRAME_SIZE; 633 634 BT_DBG("%s", hdev->name); 635 636 if (!data->bulk_rx_ep) 637 return -ENODEV; 638 639 urb = usb_alloc_urb(0, mem_flags); 640 if (!urb) 641 return -ENOMEM; 642 643 buf = kmalloc(size, mem_flags); 644 if (!buf) { 645 usb_free_urb(urb); 646 return -ENOMEM; 647 } 648 649 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 650 651 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 652 btusb_bulk_complete, hdev); 653 654 urb->transfer_flags |= URB_FREE_BUFFER; 655 656 usb_mark_last_busy(data->udev); 657 usb_anchor_urb(urb, &data->bulk_anchor); 658 659 err = usb_submit_urb(urb, mem_flags); 660 if (err < 0) { 661 if (err != -EPERM && err != -ENODEV) 662 BT_ERR("%s urb %p submission failed (%d)", 663 hdev->name, urb, -err); 664 usb_unanchor_urb(urb); 665 } 666 667 usb_free_urb(urb); 668 669 return err; 670 } 671 672 static void btusb_isoc_complete(struct urb *urb) 673 { 674 struct hci_dev *hdev = urb->context; 675 struct btusb_data *data = hci_get_drvdata(hdev); 676 int i, err; 677 678 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 679 urb->actual_length); 680 681 if (!test_bit(HCI_RUNNING, &hdev->flags)) 682 return; 683 684 if (urb->status == 0) { 685 for (i = 0; i < urb->number_of_packets; i++) { 686 unsigned int offset = urb->iso_frame_desc[i].offset; 687 unsigned int length = urb->iso_frame_desc[i].actual_length; 688 689 if (urb->iso_frame_desc[i].status) 690 continue; 691 692 hdev->stat.byte_rx += length; 693 694 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 695 length) < 0) { 696 BT_ERR("%s corrupted SCO packet", hdev->name); 697 hdev->stat.err_rx++; 698 } 699 } 700 } else if (urb->status == -ENOENT) { 701 /* Avoid suspend failed when usb_kill_urb */ 702 return; 703 } 704 705 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 706 return; 707 708 usb_anchor_urb(urb, &data->isoc_anchor); 709 710 err = usb_submit_urb(urb, GFP_ATOMIC); 711 if (err < 0) { 712 /* -EPERM: urb is being killed; 713 * -ENODEV: device got disconnected */ 714 if (err != -EPERM && err != -ENODEV) 715 BT_ERR("%s urb %p failed to resubmit (%d)", 716 hdev->name, urb, -err); 717 usb_unanchor_urb(urb); 718 } 719 } 720 721 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 722 { 723 int i, offset = 0; 724 725 BT_DBG("len %d mtu %d", len, mtu); 726 727 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 728 i++, offset += mtu, len -= mtu) { 729 urb->iso_frame_desc[i].offset = offset; 730 urb->iso_frame_desc[i].length = mtu; 731 } 732 733 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 734 urb->iso_frame_desc[i].offset = offset; 735 urb->iso_frame_desc[i].length = len; 736 i++; 737 } 738 739 urb->number_of_packets = i; 740 } 741 742 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 743 { 744 struct btusb_data *data = hci_get_drvdata(hdev); 745 struct urb *urb; 746 unsigned char *buf; 747 unsigned int pipe; 748 int err, size; 749 750 BT_DBG("%s", hdev->name); 751 752 if (!data->isoc_rx_ep) 753 return -ENODEV; 754 755 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 756 if (!urb) 757 return -ENOMEM; 758 759 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 760 BTUSB_MAX_ISOC_FRAMES; 761 762 buf = kmalloc(size, mem_flags); 763 if (!buf) { 764 usb_free_urb(urb); 765 return -ENOMEM; 766 } 767 768 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 769 770 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 771 hdev, data->isoc_rx_ep->bInterval); 772 773 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 774 775 __fill_isoc_descriptor(urb, size, 776 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 777 778 usb_anchor_urb(urb, &data->isoc_anchor); 779 780 err = usb_submit_urb(urb, mem_flags); 781 if (err < 0) { 782 if (err != -EPERM && err != -ENODEV) 783 BT_ERR("%s urb %p submission failed (%d)", 784 hdev->name, urb, -err); 785 usb_unanchor_urb(urb); 786 } 787 788 usb_free_urb(urb); 789 790 return err; 791 } 792 793 static void btusb_tx_complete(struct urb *urb) 794 { 795 struct sk_buff *skb = urb->context; 796 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 797 struct btusb_data *data = hci_get_drvdata(hdev); 798 799 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 800 urb->actual_length); 801 802 if (!test_bit(HCI_RUNNING, &hdev->flags)) 803 goto done; 804 805 if (!urb->status) 806 hdev->stat.byte_tx += urb->transfer_buffer_length; 807 else 808 hdev->stat.err_tx++; 809 810 done: 811 spin_lock(&data->txlock); 812 data->tx_in_flight--; 813 spin_unlock(&data->txlock); 814 815 kfree(urb->setup_packet); 816 817 kfree_skb(skb); 818 } 819 820 static void btusb_isoc_tx_complete(struct urb *urb) 821 { 822 struct sk_buff *skb = urb->context; 823 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 824 825 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 826 urb->actual_length); 827 828 if (!test_bit(HCI_RUNNING, &hdev->flags)) 829 goto done; 830 831 if (!urb->status) 832 hdev->stat.byte_tx += urb->transfer_buffer_length; 833 else 834 hdev->stat.err_tx++; 835 836 done: 837 kfree(urb->setup_packet); 838 839 kfree_skb(skb); 840 } 841 842 static int btusb_open(struct hci_dev *hdev) 843 { 844 struct btusb_data *data = hci_get_drvdata(hdev); 845 int err; 846 847 BT_DBG("%s", hdev->name); 848 849 err = usb_autopm_get_interface(data->intf); 850 if (err < 0) 851 return err; 852 853 data->intf->needs_remote_wakeup = 1; 854 855 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 856 goto done; 857 858 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 859 goto done; 860 861 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 862 if (err < 0) 863 goto failed; 864 865 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 866 if (err < 0) { 867 usb_kill_anchored_urbs(&data->intr_anchor); 868 goto failed; 869 } 870 871 set_bit(BTUSB_BULK_RUNNING, &data->flags); 872 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 873 874 done: 875 usb_autopm_put_interface(data->intf); 876 return 0; 877 878 failed: 879 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 880 clear_bit(HCI_RUNNING, &hdev->flags); 881 usb_autopm_put_interface(data->intf); 882 return err; 883 } 884 885 static void btusb_stop_traffic(struct btusb_data *data) 886 { 887 usb_kill_anchored_urbs(&data->intr_anchor); 888 usb_kill_anchored_urbs(&data->bulk_anchor); 889 usb_kill_anchored_urbs(&data->isoc_anchor); 890 } 891 892 static int btusb_close(struct hci_dev *hdev) 893 { 894 struct btusb_data *data = hci_get_drvdata(hdev); 895 int err; 896 897 BT_DBG("%s", hdev->name); 898 899 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 900 return 0; 901 902 cancel_work_sync(&data->work); 903 cancel_work_sync(&data->waker); 904 905 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 906 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 907 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 908 909 btusb_stop_traffic(data); 910 btusb_free_frags(data); 911 912 err = usb_autopm_get_interface(data->intf); 913 if (err < 0) 914 goto failed; 915 916 data->intf->needs_remote_wakeup = 0; 917 usb_autopm_put_interface(data->intf); 918 919 failed: 920 usb_scuttle_anchored_urbs(&data->deferred); 921 return 0; 922 } 923 924 static int btusb_flush(struct hci_dev *hdev) 925 { 926 struct btusb_data *data = hci_get_drvdata(hdev); 927 928 BT_DBG("%s", hdev->name); 929 930 usb_kill_anchored_urbs(&data->tx_anchor); 931 btusb_free_frags(data); 932 933 return 0; 934 } 935 936 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 937 { 938 struct btusb_data *data = hci_get_drvdata(hdev); 939 struct usb_ctrlrequest *dr; 940 struct urb *urb; 941 unsigned int pipe; 942 943 urb = usb_alloc_urb(0, GFP_KERNEL); 944 if (!urb) 945 return ERR_PTR(-ENOMEM); 946 947 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 948 if (!dr) { 949 usb_free_urb(urb); 950 return ERR_PTR(-ENOMEM); 951 } 952 953 dr->bRequestType = data->cmdreq_type; 954 dr->bRequest = 0; 955 dr->wIndex = 0; 956 dr->wValue = 0; 957 dr->wLength = __cpu_to_le16(skb->len); 958 959 pipe = usb_sndctrlpipe(data->udev, 0x00); 960 961 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 962 skb->data, skb->len, btusb_tx_complete, skb); 963 964 skb->dev = (void *)hdev; 965 966 return urb; 967 } 968 969 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 970 { 971 struct btusb_data *data = hci_get_drvdata(hdev); 972 struct urb *urb; 973 unsigned int pipe; 974 975 if (!data->bulk_tx_ep) 976 return ERR_PTR(-ENODEV); 977 978 urb = usb_alloc_urb(0, GFP_KERNEL); 979 if (!urb) 980 return ERR_PTR(-ENOMEM); 981 982 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 983 984 usb_fill_bulk_urb(urb, data->udev, pipe, 985 skb->data, skb->len, btusb_tx_complete, skb); 986 987 skb->dev = (void *)hdev; 988 989 return urb; 990 } 991 992 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 993 { 994 struct btusb_data *data = hci_get_drvdata(hdev); 995 struct urb *urb; 996 unsigned int pipe; 997 998 if (!data->isoc_tx_ep) 999 return ERR_PTR(-ENODEV); 1000 1001 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1002 if (!urb) 1003 return ERR_PTR(-ENOMEM); 1004 1005 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1006 1007 usb_fill_int_urb(urb, data->udev, pipe, 1008 skb->data, skb->len, btusb_isoc_tx_complete, 1009 skb, data->isoc_tx_ep->bInterval); 1010 1011 urb->transfer_flags = URB_ISO_ASAP; 1012 1013 __fill_isoc_descriptor(urb, skb->len, 1014 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1015 1016 skb->dev = (void *)hdev; 1017 1018 return urb; 1019 } 1020 1021 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1022 { 1023 struct btusb_data *data = hci_get_drvdata(hdev); 1024 int err; 1025 1026 usb_anchor_urb(urb, &data->tx_anchor); 1027 1028 err = usb_submit_urb(urb, GFP_KERNEL); 1029 if (err < 0) { 1030 if (err != -EPERM && err != -ENODEV) 1031 BT_ERR("%s urb %p submission failed (%d)", 1032 hdev->name, urb, -err); 1033 kfree(urb->setup_packet); 1034 usb_unanchor_urb(urb); 1035 } else { 1036 usb_mark_last_busy(data->udev); 1037 } 1038 1039 usb_free_urb(urb); 1040 return err; 1041 } 1042 1043 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1044 { 1045 struct btusb_data *data = hci_get_drvdata(hdev); 1046 unsigned long flags; 1047 bool suspending; 1048 1049 spin_lock_irqsave(&data->txlock, flags); 1050 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1051 if (!suspending) 1052 data->tx_in_flight++; 1053 spin_unlock_irqrestore(&data->txlock, flags); 1054 1055 if (!suspending) 1056 return submit_tx_urb(hdev, urb); 1057 1058 usb_anchor_urb(urb, &data->deferred); 1059 schedule_work(&data->waker); 1060 1061 usb_free_urb(urb); 1062 return 0; 1063 } 1064 1065 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1066 { 1067 struct urb *urb; 1068 1069 BT_DBG("%s", hdev->name); 1070 1071 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1072 return -EBUSY; 1073 1074 switch (bt_cb(skb)->pkt_type) { 1075 case HCI_COMMAND_PKT: 1076 urb = alloc_ctrl_urb(hdev, skb); 1077 if (IS_ERR(urb)) 1078 return PTR_ERR(urb); 1079 1080 hdev->stat.cmd_tx++; 1081 return submit_or_queue_tx_urb(hdev, urb); 1082 1083 case HCI_ACLDATA_PKT: 1084 urb = alloc_bulk_urb(hdev, skb); 1085 if (IS_ERR(urb)) 1086 return PTR_ERR(urb); 1087 1088 hdev->stat.acl_tx++; 1089 return submit_or_queue_tx_urb(hdev, urb); 1090 1091 case HCI_SCODATA_PKT: 1092 if (hci_conn_num(hdev, SCO_LINK) < 1) 1093 return -ENODEV; 1094 1095 urb = alloc_isoc_urb(hdev, skb); 1096 if (IS_ERR(urb)) 1097 return PTR_ERR(urb); 1098 1099 hdev->stat.sco_tx++; 1100 return submit_tx_urb(hdev, urb); 1101 } 1102 1103 return -EILSEQ; 1104 } 1105 1106 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1107 { 1108 struct btusb_data *data = hci_get_drvdata(hdev); 1109 1110 BT_DBG("%s evt %d", hdev->name, evt); 1111 1112 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1113 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1114 schedule_work(&data->work); 1115 } 1116 } 1117 1118 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1119 { 1120 struct btusb_data *data = hci_get_drvdata(hdev); 1121 struct usb_interface *intf = data->isoc; 1122 struct usb_endpoint_descriptor *ep_desc; 1123 int i, err; 1124 1125 if (!data->isoc) 1126 return -ENODEV; 1127 1128 err = usb_set_interface(data->udev, 1, altsetting); 1129 if (err < 0) { 1130 BT_ERR("%s setting interface failed (%d)", hdev->name, -err); 1131 return err; 1132 } 1133 1134 data->isoc_altsetting = altsetting; 1135 1136 data->isoc_tx_ep = NULL; 1137 data->isoc_rx_ep = NULL; 1138 1139 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1140 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1141 1142 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1143 data->isoc_tx_ep = ep_desc; 1144 continue; 1145 } 1146 1147 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1148 data->isoc_rx_ep = ep_desc; 1149 continue; 1150 } 1151 } 1152 1153 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1154 BT_ERR("%s invalid SCO descriptors", hdev->name); 1155 return -ENODEV; 1156 } 1157 1158 return 0; 1159 } 1160 1161 static void btusb_work(struct work_struct *work) 1162 { 1163 struct btusb_data *data = container_of(work, struct btusb_data, work); 1164 struct hci_dev *hdev = data->hdev; 1165 int new_alts; 1166 int err; 1167 1168 if (data->sco_num > 0) { 1169 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1170 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1171 if (err < 0) { 1172 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1173 usb_kill_anchored_urbs(&data->isoc_anchor); 1174 return; 1175 } 1176 1177 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1178 } 1179 1180 if (hdev->voice_setting & 0x0020) { 1181 static const int alts[3] = { 2, 4, 5 }; 1182 1183 new_alts = alts[data->sco_num - 1]; 1184 } else { 1185 new_alts = data->sco_num; 1186 } 1187 1188 if (data->isoc_altsetting != new_alts) { 1189 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1190 usb_kill_anchored_urbs(&data->isoc_anchor); 1191 1192 if (__set_isoc_interface(hdev, new_alts) < 0) 1193 return; 1194 } 1195 1196 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1197 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1198 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1199 else 1200 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1201 } 1202 } else { 1203 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1204 usb_kill_anchored_urbs(&data->isoc_anchor); 1205 1206 __set_isoc_interface(hdev, 0); 1207 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1208 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1209 } 1210 } 1211 1212 static void btusb_waker(struct work_struct *work) 1213 { 1214 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1215 int err; 1216 1217 err = usb_autopm_get_interface(data->intf); 1218 if (err < 0) 1219 return; 1220 1221 usb_autopm_put_interface(data->intf); 1222 } 1223 1224 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1225 { 1226 struct sk_buff *skb; 1227 u8 val = 0x00; 1228 1229 BT_DBG("%s", hdev->name); 1230 1231 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1232 if (IS_ERR(skb)) 1233 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); 1234 else 1235 kfree_skb(skb); 1236 1237 return 0; 1238 } 1239 1240 static int btusb_setup_csr(struct hci_dev *hdev) 1241 { 1242 struct hci_rp_read_local_version *rp; 1243 struct sk_buff *skb; 1244 int ret; 1245 1246 BT_DBG("%s", hdev->name); 1247 1248 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1249 HCI_INIT_TIMEOUT); 1250 if (IS_ERR(skb)) { 1251 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); 1252 return -PTR_ERR(skb); 1253 } 1254 1255 rp = (struct hci_rp_read_local_version *)skb->data; 1256 1257 if (!rp->status) { 1258 if (le16_to_cpu(rp->manufacturer) != 10) { 1259 /* Clear the reset quirk since this is not an actual 1260 * early Bluetooth 1.1 device from CSR. 1261 */ 1262 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1263 1264 /* These fake CSR controllers have all a broken 1265 * stored link key handling and so just disable it. 1266 */ 1267 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, 1268 &hdev->quirks); 1269 } 1270 } 1271 1272 ret = -bt_to_errno(rp->status); 1273 1274 kfree_skb(skb); 1275 1276 return ret; 1277 } 1278 1279 struct intel_version { 1280 u8 status; 1281 u8 hw_platform; 1282 u8 hw_variant; 1283 u8 hw_revision; 1284 u8 fw_variant; 1285 u8 fw_revision; 1286 u8 fw_build_num; 1287 u8 fw_build_ww; 1288 u8 fw_build_yy; 1289 u8 fw_patch_num; 1290 } __packed; 1291 1292 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1293 struct intel_version *ver) 1294 { 1295 const struct firmware *fw; 1296 char fwname[64]; 1297 int ret; 1298 1299 snprintf(fwname, sizeof(fwname), 1300 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1301 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1302 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1303 ver->fw_build_ww, ver->fw_build_yy); 1304 1305 ret = request_firmware(&fw, fwname, &hdev->dev); 1306 if (ret < 0) { 1307 if (ret == -EINVAL) { 1308 BT_ERR("%s Intel firmware file request failed (%d)", 1309 hdev->name, ret); 1310 return NULL; 1311 } 1312 1313 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1314 hdev->name, fwname, ret); 1315 1316 /* If the correct firmware patch file is not found, use the 1317 * default firmware patch file instead 1318 */ 1319 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1320 ver->hw_platform, ver->hw_variant); 1321 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1322 BT_ERR("%s failed to open default Intel fw file: %s", 1323 hdev->name, fwname); 1324 return NULL; 1325 } 1326 } 1327 1328 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); 1329 1330 return fw; 1331 } 1332 1333 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1334 const struct firmware *fw, 1335 const u8 **fw_ptr, int *disable_patch) 1336 { 1337 struct sk_buff *skb; 1338 struct hci_command_hdr *cmd; 1339 const u8 *cmd_param; 1340 struct hci_event_hdr *evt = NULL; 1341 const u8 *evt_param = NULL; 1342 int remain = fw->size - (*fw_ptr - fw->data); 1343 1344 /* The first byte indicates the types of the patch command or event. 1345 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1346 * in the current firmware buffer doesn't start with 0x01 or 1347 * the size of remain buffer is smaller than HCI command header, 1348 * the firmware file is corrupted and it should stop the patching 1349 * process. 1350 */ 1351 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1352 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1353 return -EINVAL; 1354 } 1355 (*fw_ptr)++; 1356 remain--; 1357 1358 cmd = (struct hci_command_hdr *)(*fw_ptr); 1359 *fw_ptr += sizeof(*cmd); 1360 remain -= sizeof(*cmd); 1361 1362 /* Ensure that the remain firmware data is long enough than the length 1363 * of command parameter. If not, the firmware file is corrupted. 1364 */ 1365 if (remain < cmd->plen) { 1366 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1367 return -EFAULT; 1368 } 1369 1370 /* If there is a command that loads a patch in the firmware 1371 * file, then enable the patch upon success, otherwise just 1372 * disable the manufacturer mode, for example patch activation 1373 * is not required when the default firmware patch file is used 1374 * because there are no patch data to load. 1375 */ 1376 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1377 *disable_patch = 0; 1378 1379 cmd_param = *fw_ptr; 1380 *fw_ptr += cmd->plen; 1381 remain -= cmd->plen; 1382 1383 /* This reads the expected events when the above command is sent to the 1384 * device. Some vendor commands expects more than one events, for 1385 * example command status event followed by vendor specific event. 1386 * For this case, it only keeps the last expected event. so the command 1387 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1388 * last expected event. 1389 */ 1390 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1391 (*fw_ptr)++; 1392 remain--; 1393 1394 evt = (struct hci_event_hdr *)(*fw_ptr); 1395 *fw_ptr += sizeof(*evt); 1396 remain -= sizeof(*evt); 1397 1398 if (remain < evt->plen) { 1399 BT_ERR("%s Intel fw corrupted: invalid evt len", 1400 hdev->name); 1401 return -EFAULT; 1402 } 1403 1404 evt_param = *fw_ptr; 1405 *fw_ptr += evt->plen; 1406 remain -= evt->plen; 1407 } 1408 1409 /* Every HCI commands in the firmware file has its correspond event. 1410 * If event is not found or remain is smaller than zero, the firmware 1411 * file is corrupted. 1412 */ 1413 if (!evt || !evt_param || remain < 0) { 1414 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1415 return -EFAULT; 1416 } 1417 1418 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1419 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1420 if (IS_ERR(skb)) { 1421 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1422 hdev->name, cmd->opcode, PTR_ERR(skb)); 1423 return PTR_ERR(skb); 1424 } 1425 1426 /* It ensures that the returned event matches the event data read from 1427 * the firmware file. At fist, it checks the length and then 1428 * the contents of the event. 1429 */ 1430 if (skb->len != evt->plen) { 1431 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1432 le16_to_cpu(cmd->opcode)); 1433 kfree_skb(skb); 1434 return -EFAULT; 1435 } 1436 1437 if (memcmp(skb->data, evt_param, evt->plen)) { 1438 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1439 hdev->name, le16_to_cpu(cmd->opcode)); 1440 kfree_skb(skb); 1441 return -EFAULT; 1442 } 1443 kfree_skb(skb); 1444 1445 return 0; 1446 } 1447 1448 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 1449 1450 static int btusb_check_bdaddr_intel(struct hci_dev *hdev) 1451 { 1452 struct sk_buff *skb; 1453 struct hci_rp_read_bd_addr *rp; 1454 1455 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1456 HCI_INIT_TIMEOUT); 1457 if (IS_ERR(skb)) { 1458 BT_ERR("%s reading Intel device address failed (%ld)", 1459 hdev->name, PTR_ERR(skb)); 1460 return PTR_ERR(skb); 1461 } 1462 1463 if (skb->len != sizeof(*rp)) { 1464 BT_ERR("%s Intel device address length mismatch", hdev->name); 1465 kfree_skb(skb); 1466 return -EIO; 1467 } 1468 1469 rp = (struct hci_rp_read_bd_addr *)skb->data; 1470 if (rp->status) { 1471 BT_ERR("%s Intel device address result failed (%02x)", 1472 hdev->name, rp->status); 1473 kfree_skb(skb); 1474 return -bt_to_errno(rp->status); 1475 } 1476 1477 /* For some Intel based controllers, the default Bluetooth device 1478 * address 00:03:19:9E:8B:00 can be found. These controllers are 1479 * fully operational, but have the danger of duplicate addresses 1480 * and that in turn can cause problems with Bluetooth operation. 1481 */ 1482 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) { 1483 BT_ERR("%s found Intel default device address (%pMR)", 1484 hdev->name, &rp->bdaddr); 1485 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1486 } 1487 1488 kfree_skb(skb); 1489 1490 return 0; 1491 } 1492 1493 static int btusb_setup_intel(struct hci_dev *hdev) 1494 { 1495 struct sk_buff *skb; 1496 const struct firmware *fw; 1497 const u8 *fw_ptr; 1498 int disable_patch; 1499 struct intel_version *ver; 1500 1501 const u8 mfg_enable[] = { 0x01, 0x00 }; 1502 const u8 mfg_disable[] = { 0x00, 0x00 }; 1503 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 }; 1504 const u8 mfg_reset_activate[] = { 0x00, 0x02 }; 1505 1506 BT_DBG("%s", hdev->name); 1507 1508 /* The controller has a bug with the first HCI command sent to it 1509 * returning number of completed commands as zero. This would stall the 1510 * command processing in the Bluetooth core. 1511 * 1512 * As a workaround, send HCI Reset command first which will reset the 1513 * number of completed commands and allow normal command processing 1514 * from now on. 1515 */ 1516 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1517 if (IS_ERR(skb)) { 1518 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1519 hdev->name, PTR_ERR(skb)); 1520 return PTR_ERR(skb); 1521 } 1522 kfree_skb(skb); 1523 1524 /* Read Intel specific controller version first to allow selection of 1525 * which firmware file to load. 1526 * 1527 * The returned information are hardware variant and revision plus 1528 * firmware variant, revision and build number. 1529 */ 1530 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); 1531 if (IS_ERR(skb)) { 1532 BT_ERR("%s reading Intel fw version command failed (%ld)", 1533 hdev->name, PTR_ERR(skb)); 1534 return PTR_ERR(skb); 1535 } 1536 1537 if (skb->len != sizeof(*ver)) { 1538 BT_ERR("%s Intel version event length mismatch", hdev->name); 1539 kfree_skb(skb); 1540 return -EIO; 1541 } 1542 1543 ver = (struct intel_version *)skb->data; 1544 if (ver->status) { 1545 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name, 1546 ver->status); 1547 kfree_skb(skb); 1548 return -bt_to_errno(ver->status); 1549 } 1550 1551 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1552 hdev->name, ver->hw_platform, ver->hw_variant, 1553 ver->hw_revision, ver->fw_variant, ver->fw_revision, 1554 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy, 1555 ver->fw_patch_num); 1556 1557 /* fw_patch_num indicates the version of patch the device currently 1558 * have. If there is no patch data in the device, it is always 0x00. 1559 * So, if it is other than 0x00, no need to patch the deivce again. 1560 */ 1561 if (ver->fw_patch_num) { 1562 BT_INFO("%s: Intel device is already patched. patch num: %02x", 1563 hdev->name, ver->fw_patch_num); 1564 kfree_skb(skb); 1565 btusb_check_bdaddr_intel(hdev); 1566 return 0; 1567 } 1568 1569 /* Opens the firmware patch file based on the firmware version read 1570 * from the controller. If it fails to open the matching firmware 1571 * patch file, it tries to open the default firmware patch file. 1572 * If no patch file is found, allow the device to operate without 1573 * a patch. 1574 */ 1575 fw = btusb_setup_intel_get_fw(hdev, ver); 1576 if (!fw) { 1577 kfree_skb(skb); 1578 btusb_check_bdaddr_intel(hdev); 1579 return 0; 1580 } 1581 fw_ptr = fw->data; 1582 1583 /* This Intel specific command enables the manufacturer mode of the 1584 * controller. 1585 * 1586 * Only while this mode is enabled, the driver can download the 1587 * firmware patch data and configuration parameters. 1588 */ 1589 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT); 1590 if (IS_ERR(skb)) { 1591 BT_ERR("%s entering Intel manufacturer mode failed (%ld)", 1592 hdev->name, PTR_ERR(skb)); 1593 release_firmware(fw); 1594 return PTR_ERR(skb); 1595 } 1596 1597 if (skb->data[0]) { 1598 u8 evt_status = skb->data[0]; 1599 1600 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)", 1601 hdev->name, evt_status); 1602 kfree_skb(skb); 1603 release_firmware(fw); 1604 return -bt_to_errno(evt_status); 1605 } 1606 kfree_skb(skb); 1607 1608 disable_patch = 1; 1609 1610 /* The firmware data file consists of list of Intel specific HCI 1611 * commands and its expected events. The first byte indicates the 1612 * type of the message, either HCI command or HCI event. 1613 * 1614 * It reads the command and its expected event from the firmware file, 1615 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1616 * the returned event is compared with the event read from the firmware 1617 * file and it will continue until all the messages are downloaded to 1618 * the controller. 1619 * 1620 * Once the firmware patching is completed successfully, 1621 * the manufacturer mode is disabled with reset and activating the 1622 * downloaded patch. 1623 * 1624 * If the firmware patching fails, the manufacturer mode is 1625 * disabled with reset and deactivating the patch. 1626 * 1627 * If the default patch file is used, no reset is done when disabling 1628 * the manufacturer. 1629 */ 1630 while (fw->size > fw_ptr - fw->data) { 1631 int ret; 1632 1633 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1634 &disable_patch); 1635 if (ret < 0) 1636 goto exit_mfg_deactivate; 1637 } 1638 1639 release_firmware(fw); 1640 1641 if (disable_patch) 1642 goto exit_mfg_disable; 1643 1644 /* Patching completed successfully and disable the manufacturer mode 1645 * with reset and activate the downloaded firmware patches. 1646 */ 1647 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate), 1648 mfg_reset_activate, HCI_INIT_TIMEOUT); 1649 if (IS_ERR(skb)) { 1650 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1651 hdev->name, PTR_ERR(skb)); 1652 return PTR_ERR(skb); 1653 } 1654 kfree_skb(skb); 1655 1656 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", 1657 hdev->name); 1658 1659 btusb_check_bdaddr_intel(hdev); 1660 return 0; 1661 1662 exit_mfg_disable: 1663 /* Disable the manufacturer mode without reset */ 1664 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable, 1665 HCI_INIT_TIMEOUT); 1666 if (IS_ERR(skb)) { 1667 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1668 hdev->name, PTR_ERR(skb)); 1669 return PTR_ERR(skb); 1670 } 1671 kfree_skb(skb); 1672 1673 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); 1674 1675 btusb_check_bdaddr_intel(hdev); 1676 return 0; 1677 1678 exit_mfg_deactivate: 1679 release_firmware(fw); 1680 1681 /* Patching failed. Disable the manufacturer mode with reset and 1682 * deactivate the downloaded firmware patches. 1683 */ 1684 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate), 1685 mfg_reset_deactivate, HCI_INIT_TIMEOUT); 1686 if (IS_ERR(skb)) { 1687 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", 1688 hdev->name, PTR_ERR(skb)); 1689 return PTR_ERR(skb); 1690 } 1691 kfree_skb(skb); 1692 1693 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", 1694 hdev->name); 1695 1696 btusb_check_bdaddr_intel(hdev); 1697 return 0; 1698 } 1699 1700 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1701 { 1702 struct sk_buff *skb; 1703 long ret; 1704 1705 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 1706 if (IS_ERR(skb)) { 1707 ret = PTR_ERR(skb); 1708 BT_ERR("%s: changing Intel device address failed (%ld)", 1709 hdev->name, ret); 1710 return ret; 1711 } 1712 kfree_skb(skb); 1713 1714 return 0; 1715 } 1716 1717 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 1718 const bdaddr_t *bdaddr) 1719 { 1720 struct sk_buff *skb; 1721 u8 buf[8]; 1722 long ret; 1723 1724 buf[0] = 0xfe; 1725 buf[1] = sizeof(bdaddr_t); 1726 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 1727 1728 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 1729 if (IS_ERR(skb)) { 1730 ret = PTR_ERR(skb); 1731 BT_ERR("%s: changing Marvell device address failed (%ld)", 1732 hdev->name, ret); 1733 return ret; 1734 } 1735 kfree_skb(skb); 1736 1737 return 0; 1738 } 1739 1740 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}}) 1741 1742 static int btusb_setup_bcm_patchram(struct hci_dev *hdev) 1743 { 1744 struct btusb_data *data = hci_get_drvdata(hdev); 1745 struct usb_device *udev = data->udev; 1746 char fw_name[64]; 1747 const struct firmware *fw; 1748 const u8 *fw_ptr; 1749 size_t fw_size; 1750 const struct hci_command_hdr *cmd; 1751 const u8 *cmd_param; 1752 u16 opcode; 1753 struct sk_buff *skb; 1754 struct hci_rp_read_local_version *ver; 1755 struct hci_rp_read_bd_addr *bda; 1756 long ret; 1757 1758 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd", 1759 udev->product ? udev->product : "BCM", 1760 le16_to_cpu(udev->descriptor.idVendor), 1761 le16_to_cpu(udev->descriptor.idProduct)); 1762 1763 ret = request_firmware(&fw, fw_name, &hdev->dev); 1764 if (ret < 0) { 1765 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name); 1766 return 0; 1767 } 1768 1769 /* Reset */ 1770 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1771 if (IS_ERR(skb)) { 1772 ret = PTR_ERR(skb); 1773 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1774 goto done; 1775 } 1776 kfree_skb(skb); 1777 1778 /* Read Local Version Info */ 1779 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1780 HCI_INIT_TIMEOUT); 1781 if (IS_ERR(skb)) { 1782 ret = PTR_ERR(skb); 1783 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1784 hdev->name, ret); 1785 goto done; 1786 } 1787 1788 if (skb->len != sizeof(*ver)) { 1789 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1790 hdev->name); 1791 kfree_skb(skb); 1792 ret = -EIO; 1793 goto done; 1794 } 1795 1796 ver = (struct hci_rp_read_local_version *)skb->data; 1797 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1798 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1799 ver->lmp_ver, ver->lmp_subver); 1800 kfree_skb(skb); 1801 1802 /* Start Download */ 1803 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); 1804 if (IS_ERR(skb)) { 1805 ret = PTR_ERR(skb); 1806 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", 1807 hdev->name, ret); 1808 goto reset_fw; 1809 } 1810 kfree_skb(skb); 1811 1812 /* 50 msec delay after Download Minidrv completes */ 1813 msleep(50); 1814 1815 fw_ptr = fw->data; 1816 fw_size = fw->size; 1817 1818 while (fw_size >= sizeof(*cmd)) { 1819 cmd = (struct hci_command_hdr *)fw_ptr; 1820 fw_ptr += sizeof(*cmd); 1821 fw_size -= sizeof(*cmd); 1822 1823 if (fw_size < cmd->plen) { 1824 BT_ERR("%s: BCM: patch %s is corrupted", 1825 hdev->name, fw_name); 1826 ret = -EINVAL; 1827 goto reset_fw; 1828 } 1829 1830 cmd_param = fw_ptr; 1831 fw_ptr += cmd->plen; 1832 fw_size -= cmd->plen; 1833 1834 opcode = le16_to_cpu(cmd->opcode); 1835 1836 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, 1837 HCI_INIT_TIMEOUT); 1838 if (IS_ERR(skb)) { 1839 ret = PTR_ERR(skb); 1840 BT_ERR("%s: BCM: patch command %04x failed (%ld)", 1841 hdev->name, opcode, ret); 1842 goto reset_fw; 1843 } 1844 kfree_skb(skb); 1845 } 1846 1847 /* 250 msec delay after Launch Ram completes */ 1848 msleep(250); 1849 1850 reset_fw: 1851 /* Reset */ 1852 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1853 if (IS_ERR(skb)) { 1854 ret = PTR_ERR(skb); 1855 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1856 goto done; 1857 } 1858 kfree_skb(skb); 1859 1860 /* Read Local Version Info */ 1861 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1862 HCI_INIT_TIMEOUT); 1863 if (IS_ERR(skb)) { 1864 ret = PTR_ERR(skb); 1865 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1866 hdev->name, ret); 1867 goto done; 1868 } 1869 1870 if (skb->len != sizeof(*ver)) { 1871 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1872 hdev->name); 1873 kfree_skb(skb); 1874 ret = -EIO; 1875 goto done; 1876 } 1877 1878 ver = (struct hci_rp_read_local_version *)skb->data; 1879 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1880 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1881 ver->lmp_ver, ver->lmp_subver); 1882 kfree_skb(skb); 1883 1884 /* Read BD Address */ 1885 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 1886 HCI_INIT_TIMEOUT); 1887 if (IS_ERR(skb)) { 1888 ret = PTR_ERR(skb); 1889 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)", 1890 hdev->name, ret); 1891 goto done; 1892 } 1893 1894 if (skb->len != sizeof(*bda)) { 1895 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch", 1896 hdev->name); 1897 kfree_skb(skb); 1898 ret = -EIO; 1899 goto done; 1900 } 1901 1902 bda = (struct hci_rp_read_bd_addr *)skb->data; 1903 if (bda->status) { 1904 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)", 1905 hdev->name, bda->status); 1906 kfree_skb(skb); 1907 ret = -bt_to_errno(bda->status); 1908 goto done; 1909 } 1910 1911 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller 1912 * with no configured address. 1913 */ 1914 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) { 1915 BT_INFO("%s: BCM: using default device address (%pMR)", 1916 hdev->name, &bda->bdaddr); 1917 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1918 } 1919 1920 kfree_skb(skb); 1921 1922 done: 1923 release_firmware(fw); 1924 1925 return ret; 1926 } 1927 1928 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr) 1929 { 1930 struct sk_buff *skb; 1931 long ret; 1932 1933 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT); 1934 if (IS_ERR(skb)) { 1935 ret = PTR_ERR(skb); 1936 BT_ERR("%s: BCM: Change address command failed (%ld)", 1937 hdev->name, ret); 1938 return ret; 1939 } 1940 kfree_skb(skb); 1941 1942 return 0; 1943 } 1944 1945 static int btusb_probe(struct usb_interface *intf, 1946 const struct usb_device_id *id) 1947 { 1948 struct usb_endpoint_descriptor *ep_desc; 1949 struct btusb_data *data; 1950 struct hci_dev *hdev; 1951 int i, err; 1952 1953 BT_DBG("intf %p id %p", intf, id); 1954 1955 /* interface numbers are hardcoded in the spec */ 1956 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) 1957 return -ENODEV; 1958 1959 if (!id->driver_info) { 1960 const struct usb_device_id *match; 1961 1962 match = usb_match_id(intf, blacklist_table); 1963 if (match) 1964 id = match; 1965 } 1966 1967 if (id->driver_info == BTUSB_IGNORE) 1968 return -ENODEV; 1969 1970 if (id->driver_info & BTUSB_ATH3012) { 1971 struct usb_device *udev = interface_to_usbdev(intf); 1972 1973 /* Old firmware would otherwise let ath3k driver load 1974 * patch and sysconfig files */ 1975 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 1976 return -ENODEV; 1977 } 1978 1979 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 1980 if (!data) 1981 return -ENOMEM; 1982 1983 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1984 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1985 1986 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 1987 data->intr_ep = ep_desc; 1988 continue; 1989 } 1990 1991 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 1992 data->bulk_tx_ep = ep_desc; 1993 continue; 1994 } 1995 1996 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 1997 data->bulk_rx_ep = ep_desc; 1998 continue; 1999 } 2000 } 2001 2002 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 2003 return -ENODEV; 2004 2005 data->cmdreq_type = USB_TYPE_CLASS; 2006 2007 data->udev = interface_to_usbdev(intf); 2008 data->intf = intf; 2009 2010 INIT_WORK(&data->work, btusb_work); 2011 INIT_WORK(&data->waker, btusb_waker); 2012 init_usb_anchor(&data->deferred); 2013 init_usb_anchor(&data->tx_anchor); 2014 spin_lock_init(&data->txlock); 2015 2016 init_usb_anchor(&data->intr_anchor); 2017 init_usb_anchor(&data->bulk_anchor); 2018 init_usb_anchor(&data->isoc_anchor); 2019 spin_lock_init(&data->rxlock); 2020 2021 data->recv_bulk = btusb_recv_bulk; 2022 2023 hdev = hci_alloc_dev(); 2024 if (!hdev) 2025 return -ENOMEM; 2026 2027 hdev->bus = HCI_USB; 2028 hci_set_drvdata(hdev, data); 2029 2030 data->hdev = hdev; 2031 2032 SET_HCIDEV_DEV(hdev, &intf->dev); 2033 2034 hdev->open = btusb_open; 2035 hdev->close = btusb_close; 2036 hdev->flush = btusb_flush; 2037 hdev->send = btusb_send_frame; 2038 hdev->notify = btusb_notify; 2039 2040 if (id->driver_info & BTUSB_BCM92035) 2041 hdev->setup = btusb_setup_bcm92035; 2042 2043 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 2044 hdev->setup = btusb_setup_bcm_patchram; 2045 hdev->set_bdaddr = btusb_set_bdaddr_bcm; 2046 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2047 } 2048 2049 if (id->driver_info & BTUSB_INTEL) { 2050 hdev->setup = btusb_setup_intel; 2051 hdev->set_bdaddr = btusb_set_bdaddr_intel; 2052 } 2053 2054 if (id->driver_info & BTUSB_MARVELL) 2055 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 2056 2057 if (id->driver_info & BTUSB_INTEL_BOOT) 2058 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2059 2060 /* Interface numbers are hardcoded in the specification */ 2061 data->isoc = usb_ifnum_to_if(data->udev, 1); 2062 2063 if (!reset) 2064 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2065 2066 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 2067 if (!disable_scofix) 2068 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 2069 } 2070 2071 if (id->driver_info & BTUSB_BROKEN_ISOC) 2072 data->isoc = NULL; 2073 2074 if (id->driver_info & BTUSB_DIGIANSWER) { 2075 data->cmdreq_type = USB_TYPE_VENDOR; 2076 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2077 } 2078 2079 if (id->driver_info & BTUSB_CSR) { 2080 struct usb_device *udev = data->udev; 2081 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 2082 2083 /* Old firmware would otherwise execute USB reset */ 2084 if (bcdDevice < 0x117) 2085 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2086 2087 /* Fake CSR devices with broken commands */ 2088 if (bcdDevice <= 0x100) 2089 hdev->setup = btusb_setup_csr; 2090 } 2091 2092 if (id->driver_info & BTUSB_SNIFFER) { 2093 struct usb_device *udev = data->udev; 2094 2095 /* New sniffer firmware has crippled HCI interface */ 2096 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 2097 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 2098 } 2099 2100 if (id->driver_info & BTUSB_INTEL_BOOT) { 2101 /* A bug in the bootloader causes that interrupt interface is 2102 * only enabled after receiving SetInterface(0, AltSetting=0). 2103 */ 2104 err = usb_set_interface(data->udev, 0, 0); 2105 if (err < 0) { 2106 BT_ERR("failed to set interface 0, alt 0 %d", err); 2107 hci_free_dev(hdev); 2108 return err; 2109 } 2110 } 2111 2112 if (data->isoc) { 2113 err = usb_driver_claim_interface(&btusb_driver, 2114 data->isoc, data); 2115 if (err < 0) { 2116 hci_free_dev(hdev); 2117 return err; 2118 } 2119 } 2120 2121 err = hci_register_dev(hdev); 2122 if (err < 0) { 2123 hci_free_dev(hdev); 2124 return err; 2125 } 2126 2127 usb_set_intfdata(intf, data); 2128 2129 return 0; 2130 } 2131 2132 static void btusb_disconnect(struct usb_interface *intf) 2133 { 2134 struct btusb_data *data = usb_get_intfdata(intf); 2135 struct hci_dev *hdev; 2136 2137 BT_DBG("intf %p", intf); 2138 2139 if (!data) 2140 return; 2141 2142 hdev = data->hdev; 2143 usb_set_intfdata(data->intf, NULL); 2144 2145 if (data->isoc) 2146 usb_set_intfdata(data->isoc, NULL); 2147 2148 hci_unregister_dev(hdev); 2149 2150 if (intf == data->isoc) 2151 usb_driver_release_interface(&btusb_driver, data->intf); 2152 else if (data->isoc) 2153 usb_driver_release_interface(&btusb_driver, data->isoc); 2154 2155 btusb_free_frags(data); 2156 hci_free_dev(hdev); 2157 } 2158 2159 #ifdef CONFIG_PM 2160 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 2161 { 2162 struct btusb_data *data = usb_get_intfdata(intf); 2163 2164 BT_DBG("intf %p", intf); 2165 2166 if (data->suspend_count++) 2167 return 0; 2168 2169 spin_lock_irq(&data->txlock); 2170 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 2171 set_bit(BTUSB_SUSPENDING, &data->flags); 2172 spin_unlock_irq(&data->txlock); 2173 } else { 2174 spin_unlock_irq(&data->txlock); 2175 data->suspend_count--; 2176 return -EBUSY; 2177 } 2178 2179 cancel_work_sync(&data->work); 2180 2181 btusb_stop_traffic(data); 2182 usb_kill_anchored_urbs(&data->tx_anchor); 2183 2184 return 0; 2185 } 2186 2187 static void play_deferred(struct btusb_data *data) 2188 { 2189 struct urb *urb; 2190 int err; 2191 2192 while ((urb = usb_get_from_anchor(&data->deferred))) { 2193 err = usb_submit_urb(urb, GFP_ATOMIC); 2194 if (err < 0) 2195 break; 2196 2197 data->tx_in_flight++; 2198 } 2199 usb_scuttle_anchored_urbs(&data->deferred); 2200 } 2201 2202 static int btusb_resume(struct usb_interface *intf) 2203 { 2204 struct btusb_data *data = usb_get_intfdata(intf); 2205 struct hci_dev *hdev = data->hdev; 2206 int err = 0; 2207 2208 BT_DBG("intf %p", intf); 2209 2210 if (--data->suspend_count) 2211 return 0; 2212 2213 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2214 goto done; 2215 2216 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 2217 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 2218 if (err < 0) { 2219 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2220 goto failed; 2221 } 2222 } 2223 2224 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 2225 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 2226 if (err < 0) { 2227 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 2228 goto failed; 2229 } 2230 2231 btusb_submit_bulk_urb(hdev, GFP_NOIO); 2232 } 2233 2234 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2235 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 2236 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2237 else 2238 btusb_submit_isoc_urb(hdev, GFP_NOIO); 2239 } 2240 2241 spin_lock_irq(&data->txlock); 2242 play_deferred(data); 2243 clear_bit(BTUSB_SUSPENDING, &data->flags); 2244 spin_unlock_irq(&data->txlock); 2245 schedule_work(&data->work); 2246 2247 return 0; 2248 2249 failed: 2250 usb_scuttle_anchored_urbs(&data->deferred); 2251 done: 2252 spin_lock_irq(&data->txlock); 2253 clear_bit(BTUSB_SUSPENDING, &data->flags); 2254 spin_unlock_irq(&data->txlock); 2255 2256 return err; 2257 } 2258 #endif 2259 2260 static struct usb_driver btusb_driver = { 2261 .name = "btusb", 2262 .probe = btusb_probe, 2263 .disconnect = btusb_disconnect, 2264 #ifdef CONFIG_PM 2265 .suspend = btusb_suspend, 2266 .resume = btusb_resume, 2267 #endif 2268 .id_table = btusb_table, 2269 .supports_autosuspend = 1, 2270 .disable_hub_initiated_lpm = 1, 2271 }; 2272 2273 module_usb_driver(btusb_driver); 2274 2275 module_param(disable_scofix, bool, 0644); 2276 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 2277 2278 module_param(force_scofix, bool, 0644); 2279 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 2280 2281 module_param(reset, bool, 0644); 2282 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 2283 2284 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2285 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 2286 MODULE_VERSION(VERSION); 2287 MODULE_LICENSE("GPL"); 2288