1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/dmi.h> 25 #include <linux/module.h> 26 #include <linux/usb.h> 27 #include <linux/usb/quirks.h> 28 #include <linux/firmware.h> 29 #include <linux/of_device.h> 30 #include <linux/of_irq.h> 31 #include <linux/suspend.h> 32 #include <asm/unaligned.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 37 #include "btintel.h" 38 #include "btbcm.h" 39 #include "btrtl.h" 40 41 #define VERSION "0.8" 42 43 static bool disable_scofix; 44 static bool force_scofix; 45 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 46 47 static bool reset = true; 48 49 static struct usb_driver btusb_driver; 50 51 #define BTUSB_IGNORE 0x01 52 #define BTUSB_DIGIANSWER 0x02 53 #define BTUSB_CSR 0x04 54 #define BTUSB_SNIFFER 0x08 55 #define BTUSB_BCM92035 0x10 56 #define BTUSB_BROKEN_ISOC 0x20 57 #define BTUSB_WRONG_SCO_MTU 0x40 58 #define BTUSB_ATH3012 0x80 59 #define BTUSB_INTEL 0x100 60 #define BTUSB_INTEL_BOOT 0x200 61 #define BTUSB_BCM_PATCHRAM 0x400 62 #define BTUSB_MARVELL 0x800 63 #define BTUSB_SWAVE 0x1000 64 #define BTUSB_INTEL_NEW 0x2000 65 #define BTUSB_AMP 0x4000 66 #define BTUSB_QCA_ROME 0x8000 67 #define BTUSB_BCM_APPLE 0x10000 68 #define BTUSB_REALTEK 0x20000 69 #define BTUSB_BCM2045 0x40000 70 #define BTUSB_IFNUM_2 0x80000 71 #define BTUSB_CW6622 0x100000 72 73 static const struct usb_device_id btusb_table[] = { 74 /* Generic Bluetooth USB device */ 75 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 76 77 /* Generic Bluetooth AMP device */ 78 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 79 80 /* Generic Bluetooth USB interface */ 81 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 82 83 /* Apple-specific (Broadcom) devices */ 84 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 85 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 86 87 /* MediaTek MT76x0E */ 88 { USB_DEVICE(0x0e8d, 0x763f) }, 89 90 /* Broadcom SoftSailing reporting vendor specific */ 91 { USB_DEVICE(0x0a5c, 0x21e1) }, 92 93 /* Apple MacBookPro 7,1 */ 94 { USB_DEVICE(0x05ac, 0x8213) }, 95 96 /* Apple iMac11,1 */ 97 { USB_DEVICE(0x05ac, 0x8215) }, 98 99 /* Apple MacBookPro6,2 */ 100 { USB_DEVICE(0x05ac, 0x8218) }, 101 102 /* Apple MacBookAir3,1, MacBookAir3,2 */ 103 { USB_DEVICE(0x05ac, 0x821b) }, 104 105 /* Apple MacBookAir4,1 */ 106 { USB_DEVICE(0x05ac, 0x821f) }, 107 108 /* Apple MacBookPro8,2 */ 109 { USB_DEVICE(0x05ac, 0x821a) }, 110 111 /* Apple MacMini5,1 */ 112 { USB_DEVICE(0x05ac, 0x8281) }, 113 114 /* AVM BlueFRITZ! USB v2.0 */ 115 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 116 117 /* Bluetooth Ultraport Module from IBM */ 118 { USB_DEVICE(0x04bf, 0x030a) }, 119 120 /* ALPS Modules with non-standard id */ 121 { USB_DEVICE(0x044e, 0x3001) }, 122 { USB_DEVICE(0x044e, 0x3002) }, 123 124 /* Ericsson with non-standard id */ 125 { USB_DEVICE(0x0bdb, 0x1002) }, 126 127 /* Canyon CN-BTU1 with HID interfaces */ 128 { USB_DEVICE(0x0c10, 0x0000) }, 129 130 /* Broadcom BCM20702A0 */ 131 { USB_DEVICE(0x413c, 0x8197) }, 132 133 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 134 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 135 136 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 137 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 138 .driver_info = BTUSB_BCM_PATCHRAM }, 139 140 /* Broadcom BCM920703 (HTC Vive) */ 141 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 142 .driver_info = BTUSB_BCM_PATCHRAM }, 143 144 /* Foxconn - Hon Hai */ 145 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 146 .driver_info = BTUSB_BCM_PATCHRAM }, 147 148 /* Lite-On Technology - Broadcom based */ 149 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 150 .driver_info = BTUSB_BCM_PATCHRAM }, 151 152 /* Broadcom devices with vendor specific id */ 153 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 154 .driver_info = BTUSB_BCM_PATCHRAM }, 155 156 /* ASUSTek Computer - Broadcom based */ 157 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 158 .driver_info = BTUSB_BCM_PATCHRAM }, 159 160 /* Belkin F8065bf - Broadcom based */ 161 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 162 .driver_info = BTUSB_BCM_PATCHRAM }, 163 164 /* IMC Networks - Broadcom based */ 165 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 166 .driver_info = BTUSB_BCM_PATCHRAM }, 167 168 /* Dell Computer - Broadcom based */ 169 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 170 .driver_info = BTUSB_BCM_PATCHRAM }, 171 172 /* Toshiba Corp - Broadcom based */ 173 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 174 .driver_info = BTUSB_BCM_PATCHRAM }, 175 176 /* Intel Bluetooth USB Bootloader (RAM module) */ 177 { USB_DEVICE(0x8087, 0x0a5a), 178 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 179 180 { } /* Terminating entry */ 181 }; 182 183 MODULE_DEVICE_TABLE(usb, btusb_table); 184 185 static const struct usb_device_id blacklist_table[] = { 186 /* CSR BlueCore devices */ 187 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 188 189 /* Broadcom BCM2033 without firmware */ 190 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 191 192 /* Broadcom BCM2045 devices */ 193 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 194 195 /* Atheros 3011 with sflash firmware */ 196 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 197 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 198 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 199 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 200 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 201 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 202 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 203 204 /* Atheros AR9285 Malbec with sflash firmware */ 205 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 206 207 /* Atheros 3012 with sflash firmware */ 208 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 249 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 250 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 251 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 252 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 253 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 254 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 255 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 256 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 257 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 258 259 /* Atheros AR5BBU12 with sflash firmware */ 260 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 261 262 /* Atheros AR5BBU12 with sflash firmware */ 263 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 264 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 265 266 /* QCA ROME chipset */ 267 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, 268 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, 269 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME }, 270 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, 271 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME }, 272 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, 273 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME }, 274 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME }, 275 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME }, 276 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME }, 277 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME }, 278 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME }, 279 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME }, 280 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME }, 281 282 /* Broadcom BCM2035 */ 283 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 284 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 285 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 286 287 /* Broadcom BCM2045 */ 288 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 289 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 290 291 /* IBM/Lenovo ThinkPad with Broadcom chip */ 292 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 293 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 294 295 /* HP laptop with Broadcom chip */ 296 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 297 298 /* Dell laptop with Broadcom chip */ 299 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 300 301 /* Dell Wireless 370 and 410 devices */ 302 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 303 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 304 305 /* Belkin F8T012 and F8T013 devices */ 306 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 307 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 308 309 /* Asus WL-BTD202 device */ 310 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 311 312 /* Kensington Bluetooth USB adapter */ 313 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 314 315 /* RTX Telecom based adapters with buggy SCO support */ 316 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 317 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 318 319 /* CONWISE Technology based adapters with buggy SCO support */ 320 { USB_DEVICE(0x0e5e, 0x6622), 321 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 322 323 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 324 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 325 326 /* Digianswer devices */ 327 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 328 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 329 330 /* CSR BlueCore Bluetooth Sniffer */ 331 { USB_DEVICE(0x0a12, 0x0002), 332 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 333 334 /* Frontline ComProbe Bluetooth Sniffer */ 335 { USB_DEVICE(0x16d3, 0x0002), 336 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 337 338 /* Marvell Bluetooth devices */ 339 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 340 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 341 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 342 343 /* Intel Bluetooth devices */ 344 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW }, 345 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW }, 346 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 347 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 348 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 349 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, 350 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL }, 351 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW }, 352 353 /* Other Intel Bluetooth devices */ 354 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 355 .driver_info = BTUSB_IGNORE }, 356 357 /* Realtek Bluetooth devices */ 358 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 359 .driver_info = BTUSB_REALTEK }, 360 361 /* Additional Realtek 8723AE Bluetooth devices */ 362 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 363 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 364 365 /* Additional Realtek 8723BE Bluetooth devices */ 366 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 367 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 368 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 369 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 370 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 371 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 372 373 /* Additional Realtek 8723BU Bluetooth devices */ 374 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 375 376 /* Additional Realtek 8723DE Bluetooth devices */ 377 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 378 379 /* Additional Realtek 8821AE Bluetooth devices */ 380 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 381 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 382 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 383 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 384 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 385 386 /* Additional Realtek 8822BE Bluetooth devices */ 387 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 388 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 389 390 /* Silicon Wave based devices */ 391 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 392 393 { } /* Terminating entry */ 394 }; 395 396 /* The Bluetooth USB module build into some devices needs to be reset on resume, 397 * this is a problem with the platform (likely shutting off all power) not with 398 * the module itself. So we use a DMI list to match known broken platforms. 399 */ 400 static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 401 { 402 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 403 .matches = { 404 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 405 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 406 }, 407 }, 408 { 409 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 410 .matches = { 411 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 412 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 413 }, 414 }, 415 { 416 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 417 .matches = { 418 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 419 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 420 }, 421 }, 422 {} 423 }; 424 425 #define BTUSB_MAX_ISOC_FRAMES 10 426 427 #define BTUSB_INTR_RUNNING 0 428 #define BTUSB_BULK_RUNNING 1 429 #define BTUSB_ISOC_RUNNING 2 430 #define BTUSB_SUSPENDING 3 431 #define BTUSB_DID_ISO_RESUME 4 432 #define BTUSB_BOOTLOADER 5 433 #define BTUSB_DOWNLOADING 6 434 #define BTUSB_FIRMWARE_LOADED 7 435 #define BTUSB_FIRMWARE_FAILED 8 436 #define BTUSB_BOOTING 9 437 #define BTUSB_DIAG_RUNNING 10 438 #define BTUSB_OOB_WAKE_ENABLED 11 439 440 struct btusb_data { 441 struct hci_dev *hdev; 442 struct usb_device *udev; 443 struct usb_interface *intf; 444 struct usb_interface *isoc; 445 struct usb_interface *diag; 446 unsigned isoc_ifnum; 447 448 unsigned long flags; 449 450 struct work_struct work; 451 struct work_struct waker; 452 453 struct usb_anchor deferred; 454 struct usb_anchor tx_anchor; 455 int tx_in_flight; 456 spinlock_t txlock; 457 458 struct usb_anchor intr_anchor; 459 struct usb_anchor bulk_anchor; 460 struct usb_anchor isoc_anchor; 461 struct usb_anchor diag_anchor; 462 spinlock_t rxlock; 463 464 struct sk_buff *evt_skb; 465 struct sk_buff *acl_skb; 466 struct sk_buff *sco_skb; 467 468 struct usb_endpoint_descriptor *intr_ep; 469 struct usb_endpoint_descriptor *bulk_tx_ep; 470 struct usb_endpoint_descriptor *bulk_rx_ep; 471 struct usb_endpoint_descriptor *isoc_tx_ep; 472 struct usb_endpoint_descriptor *isoc_rx_ep; 473 struct usb_endpoint_descriptor *diag_tx_ep; 474 struct usb_endpoint_descriptor *diag_rx_ep; 475 476 __u8 cmdreq_type; 477 __u8 cmdreq; 478 479 unsigned int sco_num; 480 int isoc_altsetting; 481 int suspend_count; 482 483 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 484 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 485 486 int (*setup_on_usb)(struct hci_dev *hdev); 487 488 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 489 }; 490 491 static inline void btusb_free_frags(struct btusb_data *data) 492 { 493 unsigned long flags; 494 495 spin_lock_irqsave(&data->rxlock, flags); 496 497 kfree_skb(data->evt_skb); 498 data->evt_skb = NULL; 499 500 kfree_skb(data->acl_skb); 501 data->acl_skb = NULL; 502 503 kfree_skb(data->sco_skb); 504 data->sco_skb = NULL; 505 506 spin_unlock_irqrestore(&data->rxlock, flags); 507 } 508 509 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 510 { 511 struct sk_buff *skb; 512 int err = 0; 513 514 spin_lock(&data->rxlock); 515 skb = data->evt_skb; 516 517 while (count) { 518 int len; 519 520 if (!skb) { 521 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 522 if (!skb) { 523 err = -ENOMEM; 524 break; 525 } 526 527 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 528 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 529 } 530 531 len = min_t(uint, hci_skb_expect(skb), count); 532 skb_put_data(skb, buffer, len); 533 534 count -= len; 535 buffer += len; 536 hci_skb_expect(skb) -= len; 537 538 if (skb->len == HCI_EVENT_HDR_SIZE) { 539 /* Complete event header */ 540 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 541 542 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 543 kfree_skb(skb); 544 skb = NULL; 545 546 err = -EILSEQ; 547 break; 548 } 549 } 550 551 if (!hci_skb_expect(skb)) { 552 /* Complete frame */ 553 data->recv_event(data->hdev, skb); 554 skb = NULL; 555 } 556 } 557 558 data->evt_skb = skb; 559 spin_unlock(&data->rxlock); 560 561 return err; 562 } 563 564 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 565 { 566 struct sk_buff *skb; 567 int err = 0; 568 569 spin_lock(&data->rxlock); 570 skb = data->acl_skb; 571 572 while (count) { 573 int len; 574 575 if (!skb) { 576 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 577 if (!skb) { 578 err = -ENOMEM; 579 break; 580 } 581 582 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 583 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 584 } 585 586 len = min_t(uint, hci_skb_expect(skb), count); 587 skb_put_data(skb, buffer, len); 588 589 count -= len; 590 buffer += len; 591 hci_skb_expect(skb) -= len; 592 593 if (skb->len == HCI_ACL_HDR_SIZE) { 594 __le16 dlen = hci_acl_hdr(skb)->dlen; 595 596 /* Complete ACL header */ 597 hci_skb_expect(skb) = __le16_to_cpu(dlen); 598 599 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 600 kfree_skb(skb); 601 skb = NULL; 602 603 err = -EILSEQ; 604 break; 605 } 606 } 607 608 if (!hci_skb_expect(skb)) { 609 /* Complete frame */ 610 hci_recv_frame(data->hdev, skb); 611 skb = NULL; 612 } 613 } 614 615 data->acl_skb = skb; 616 spin_unlock(&data->rxlock); 617 618 return err; 619 } 620 621 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 622 { 623 struct sk_buff *skb; 624 int err = 0; 625 626 spin_lock(&data->rxlock); 627 skb = data->sco_skb; 628 629 while (count) { 630 int len; 631 632 if (!skb) { 633 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 634 if (!skb) { 635 err = -ENOMEM; 636 break; 637 } 638 639 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 640 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 641 } 642 643 len = min_t(uint, hci_skb_expect(skb), count); 644 skb_put_data(skb, buffer, len); 645 646 count -= len; 647 buffer += len; 648 hci_skb_expect(skb) -= len; 649 650 if (skb->len == HCI_SCO_HDR_SIZE) { 651 /* Complete SCO header */ 652 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; 653 654 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 655 kfree_skb(skb); 656 skb = NULL; 657 658 err = -EILSEQ; 659 break; 660 } 661 } 662 663 if (!hci_skb_expect(skb)) { 664 /* Complete frame */ 665 hci_recv_frame(data->hdev, skb); 666 skb = NULL; 667 } 668 } 669 670 data->sco_skb = skb; 671 spin_unlock(&data->rxlock); 672 673 return err; 674 } 675 676 static void btusb_intr_complete(struct urb *urb) 677 { 678 struct hci_dev *hdev = urb->context; 679 struct btusb_data *data = hci_get_drvdata(hdev); 680 int err; 681 682 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 683 urb->actual_length); 684 685 if (!test_bit(HCI_RUNNING, &hdev->flags)) 686 return; 687 688 if (urb->status == 0) { 689 hdev->stat.byte_rx += urb->actual_length; 690 691 if (btusb_recv_intr(data, urb->transfer_buffer, 692 urb->actual_length) < 0) { 693 bt_dev_err(hdev, "corrupted event packet"); 694 hdev->stat.err_rx++; 695 } 696 } else if (urb->status == -ENOENT) { 697 /* Avoid suspend failed when usb_kill_urb */ 698 return; 699 } 700 701 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 702 return; 703 704 usb_mark_last_busy(data->udev); 705 usb_anchor_urb(urb, &data->intr_anchor); 706 707 err = usb_submit_urb(urb, GFP_ATOMIC); 708 if (err < 0) { 709 /* -EPERM: urb is being killed; 710 * -ENODEV: device got disconnected 711 */ 712 if (err != -EPERM && err != -ENODEV) 713 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 714 urb, -err); 715 usb_unanchor_urb(urb); 716 } 717 } 718 719 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 720 { 721 struct btusb_data *data = hci_get_drvdata(hdev); 722 struct urb *urb; 723 unsigned char *buf; 724 unsigned int pipe; 725 int err, size; 726 727 BT_DBG("%s", hdev->name); 728 729 if (!data->intr_ep) 730 return -ENODEV; 731 732 urb = usb_alloc_urb(0, mem_flags); 733 if (!urb) 734 return -ENOMEM; 735 736 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 737 738 buf = kmalloc(size, mem_flags); 739 if (!buf) { 740 usb_free_urb(urb); 741 return -ENOMEM; 742 } 743 744 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 745 746 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 747 btusb_intr_complete, hdev, data->intr_ep->bInterval); 748 749 urb->transfer_flags |= URB_FREE_BUFFER; 750 751 usb_anchor_urb(urb, &data->intr_anchor); 752 753 err = usb_submit_urb(urb, mem_flags); 754 if (err < 0) { 755 if (err != -EPERM && err != -ENODEV) 756 bt_dev_err(hdev, "urb %p submission failed (%d)", 757 urb, -err); 758 usb_unanchor_urb(urb); 759 } 760 761 usb_free_urb(urb); 762 763 return err; 764 } 765 766 static void btusb_bulk_complete(struct urb *urb) 767 { 768 struct hci_dev *hdev = urb->context; 769 struct btusb_data *data = hci_get_drvdata(hdev); 770 int err; 771 772 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 773 urb->actual_length); 774 775 if (!test_bit(HCI_RUNNING, &hdev->flags)) 776 return; 777 778 if (urb->status == 0) { 779 hdev->stat.byte_rx += urb->actual_length; 780 781 if (data->recv_bulk(data, urb->transfer_buffer, 782 urb->actual_length) < 0) { 783 bt_dev_err(hdev, "corrupted ACL packet"); 784 hdev->stat.err_rx++; 785 } 786 } else if (urb->status == -ENOENT) { 787 /* Avoid suspend failed when usb_kill_urb */ 788 return; 789 } 790 791 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 792 return; 793 794 usb_anchor_urb(urb, &data->bulk_anchor); 795 usb_mark_last_busy(data->udev); 796 797 err = usb_submit_urb(urb, GFP_ATOMIC); 798 if (err < 0) { 799 /* -EPERM: urb is being killed; 800 * -ENODEV: device got disconnected 801 */ 802 if (err != -EPERM && err != -ENODEV) 803 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 804 urb, -err); 805 usb_unanchor_urb(urb); 806 } 807 } 808 809 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 810 { 811 struct btusb_data *data = hci_get_drvdata(hdev); 812 struct urb *urb; 813 unsigned char *buf; 814 unsigned int pipe; 815 int err, size = HCI_MAX_FRAME_SIZE; 816 817 BT_DBG("%s", hdev->name); 818 819 if (!data->bulk_rx_ep) 820 return -ENODEV; 821 822 urb = usb_alloc_urb(0, mem_flags); 823 if (!urb) 824 return -ENOMEM; 825 826 buf = kmalloc(size, mem_flags); 827 if (!buf) { 828 usb_free_urb(urb); 829 return -ENOMEM; 830 } 831 832 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 833 834 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 835 btusb_bulk_complete, hdev); 836 837 urb->transfer_flags |= URB_FREE_BUFFER; 838 839 usb_mark_last_busy(data->udev); 840 usb_anchor_urb(urb, &data->bulk_anchor); 841 842 err = usb_submit_urb(urb, mem_flags); 843 if (err < 0) { 844 if (err != -EPERM && err != -ENODEV) 845 bt_dev_err(hdev, "urb %p submission failed (%d)", 846 urb, -err); 847 usb_unanchor_urb(urb); 848 } 849 850 usb_free_urb(urb); 851 852 return err; 853 } 854 855 static void btusb_isoc_complete(struct urb *urb) 856 { 857 struct hci_dev *hdev = urb->context; 858 struct btusb_data *data = hci_get_drvdata(hdev); 859 int i, err; 860 861 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 862 urb->actual_length); 863 864 if (!test_bit(HCI_RUNNING, &hdev->flags)) 865 return; 866 867 if (urb->status == 0) { 868 for (i = 0; i < urb->number_of_packets; i++) { 869 unsigned int offset = urb->iso_frame_desc[i].offset; 870 unsigned int length = urb->iso_frame_desc[i].actual_length; 871 872 if (urb->iso_frame_desc[i].status) 873 continue; 874 875 hdev->stat.byte_rx += length; 876 877 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 878 length) < 0) { 879 bt_dev_err(hdev, "corrupted SCO packet"); 880 hdev->stat.err_rx++; 881 } 882 } 883 } else if (urb->status == -ENOENT) { 884 /* Avoid suspend failed when usb_kill_urb */ 885 return; 886 } 887 888 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 889 return; 890 891 usb_anchor_urb(urb, &data->isoc_anchor); 892 893 err = usb_submit_urb(urb, GFP_ATOMIC); 894 if (err < 0) { 895 /* -EPERM: urb is being killed; 896 * -ENODEV: device got disconnected 897 */ 898 if (err != -EPERM && err != -ENODEV) 899 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 900 urb, -err); 901 usb_unanchor_urb(urb); 902 } 903 } 904 905 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 906 { 907 int i, offset = 0; 908 909 BT_DBG("len %d mtu %d", len, mtu); 910 911 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 912 i++, offset += mtu, len -= mtu) { 913 urb->iso_frame_desc[i].offset = offset; 914 urb->iso_frame_desc[i].length = mtu; 915 } 916 917 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 918 urb->iso_frame_desc[i].offset = offset; 919 urb->iso_frame_desc[i].length = len; 920 i++; 921 } 922 923 urb->number_of_packets = i; 924 } 925 926 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 927 { 928 struct btusb_data *data = hci_get_drvdata(hdev); 929 struct urb *urb; 930 unsigned char *buf; 931 unsigned int pipe; 932 int err, size; 933 934 BT_DBG("%s", hdev->name); 935 936 if (!data->isoc_rx_ep) 937 return -ENODEV; 938 939 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 940 if (!urb) 941 return -ENOMEM; 942 943 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 944 BTUSB_MAX_ISOC_FRAMES; 945 946 buf = kmalloc(size, mem_flags); 947 if (!buf) { 948 usb_free_urb(urb); 949 return -ENOMEM; 950 } 951 952 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 953 954 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 955 hdev, data->isoc_rx_ep->bInterval); 956 957 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 958 959 __fill_isoc_descriptor(urb, size, 960 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 961 962 usb_anchor_urb(urb, &data->isoc_anchor); 963 964 err = usb_submit_urb(urb, mem_flags); 965 if (err < 0) { 966 if (err != -EPERM && err != -ENODEV) 967 bt_dev_err(hdev, "urb %p submission failed (%d)", 968 urb, -err); 969 usb_unanchor_urb(urb); 970 } 971 972 usb_free_urb(urb); 973 974 return err; 975 } 976 977 static void btusb_diag_complete(struct urb *urb) 978 { 979 struct hci_dev *hdev = urb->context; 980 struct btusb_data *data = hci_get_drvdata(hdev); 981 int err; 982 983 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 984 urb->actual_length); 985 986 if (urb->status == 0) { 987 struct sk_buff *skb; 988 989 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 990 if (skb) { 991 skb_put_data(skb, urb->transfer_buffer, 992 urb->actual_length); 993 hci_recv_diag(hdev, skb); 994 } 995 } else if (urb->status == -ENOENT) { 996 /* Avoid suspend failed when usb_kill_urb */ 997 return; 998 } 999 1000 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1001 return; 1002 1003 usb_anchor_urb(urb, &data->diag_anchor); 1004 usb_mark_last_busy(data->udev); 1005 1006 err = usb_submit_urb(urb, GFP_ATOMIC); 1007 if (err < 0) { 1008 /* -EPERM: urb is being killed; 1009 * -ENODEV: device got disconnected 1010 */ 1011 if (err != -EPERM && err != -ENODEV) 1012 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1013 urb, -err); 1014 usb_unanchor_urb(urb); 1015 } 1016 } 1017 1018 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1019 { 1020 struct btusb_data *data = hci_get_drvdata(hdev); 1021 struct urb *urb; 1022 unsigned char *buf; 1023 unsigned int pipe; 1024 int err, size = HCI_MAX_FRAME_SIZE; 1025 1026 BT_DBG("%s", hdev->name); 1027 1028 if (!data->diag_rx_ep) 1029 return -ENODEV; 1030 1031 urb = usb_alloc_urb(0, mem_flags); 1032 if (!urb) 1033 return -ENOMEM; 1034 1035 buf = kmalloc(size, mem_flags); 1036 if (!buf) { 1037 usb_free_urb(urb); 1038 return -ENOMEM; 1039 } 1040 1041 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1042 1043 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1044 btusb_diag_complete, hdev); 1045 1046 urb->transfer_flags |= URB_FREE_BUFFER; 1047 1048 usb_mark_last_busy(data->udev); 1049 usb_anchor_urb(urb, &data->diag_anchor); 1050 1051 err = usb_submit_urb(urb, mem_flags); 1052 if (err < 0) { 1053 if (err != -EPERM && err != -ENODEV) 1054 bt_dev_err(hdev, "urb %p submission failed (%d)", 1055 urb, -err); 1056 usb_unanchor_urb(urb); 1057 } 1058 1059 usb_free_urb(urb); 1060 1061 return err; 1062 } 1063 1064 static void btusb_tx_complete(struct urb *urb) 1065 { 1066 struct sk_buff *skb = urb->context; 1067 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1068 struct btusb_data *data = hci_get_drvdata(hdev); 1069 1070 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1071 urb->actual_length); 1072 1073 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1074 goto done; 1075 1076 if (!urb->status) 1077 hdev->stat.byte_tx += urb->transfer_buffer_length; 1078 else 1079 hdev->stat.err_tx++; 1080 1081 done: 1082 spin_lock(&data->txlock); 1083 data->tx_in_flight--; 1084 spin_unlock(&data->txlock); 1085 1086 kfree(urb->setup_packet); 1087 1088 kfree_skb(skb); 1089 } 1090 1091 static void btusb_isoc_tx_complete(struct urb *urb) 1092 { 1093 struct sk_buff *skb = urb->context; 1094 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1095 1096 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1097 urb->actual_length); 1098 1099 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1100 goto done; 1101 1102 if (!urb->status) 1103 hdev->stat.byte_tx += urb->transfer_buffer_length; 1104 else 1105 hdev->stat.err_tx++; 1106 1107 done: 1108 kfree(urb->setup_packet); 1109 1110 kfree_skb(skb); 1111 } 1112 1113 static int btusb_open(struct hci_dev *hdev) 1114 { 1115 struct btusb_data *data = hci_get_drvdata(hdev); 1116 int err; 1117 1118 BT_DBG("%s", hdev->name); 1119 1120 err = usb_autopm_get_interface(data->intf); 1121 if (err < 0) 1122 return err; 1123 1124 /* Patching USB firmware files prior to starting any URBs of HCI path 1125 * It is more safe to use USB bulk channel for downloading USB patch 1126 */ 1127 if (data->setup_on_usb) { 1128 err = data->setup_on_usb(hdev); 1129 if (err < 0) 1130 return err; 1131 } 1132 1133 data->intf->needs_remote_wakeup = 1; 1134 /* device specific wakeup source enabled and required for USB 1135 * remote wakeup while host is suspended 1136 */ 1137 device_wakeup_enable(&data->udev->dev); 1138 1139 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1140 goto done; 1141 1142 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1143 if (err < 0) 1144 goto failed; 1145 1146 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1147 if (err < 0) { 1148 usb_kill_anchored_urbs(&data->intr_anchor); 1149 goto failed; 1150 } 1151 1152 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1153 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1154 1155 if (data->diag) { 1156 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1157 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1158 } 1159 1160 done: 1161 usb_autopm_put_interface(data->intf); 1162 return 0; 1163 1164 failed: 1165 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1166 usb_autopm_put_interface(data->intf); 1167 return err; 1168 } 1169 1170 static void btusb_stop_traffic(struct btusb_data *data) 1171 { 1172 usb_kill_anchored_urbs(&data->intr_anchor); 1173 usb_kill_anchored_urbs(&data->bulk_anchor); 1174 usb_kill_anchored_urbs(&data->isoc_anchor); 1175 usb_kill_anchored_urbs(&data->diag_anchor); 1176 } 1177 1178 static int btusb_close(struct hci_dev *hdev) 1179 { 1180 struct btusb_data *data = hci_get_drvdata(hdev); 1181 int err; 1182 1183 BT_DBG("%s", hdev->name); 1184 1185 cancel_work_sync(&data->work); 1186 cancel_work_sync(&data->waker); 1187 1188 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1189 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1190 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1191 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1192 1193 btusb_stop_traffic(data); 1194 btusb_free_frags(data); 1195 1196 err = usb_autopm_get_interface(data->intf); 1197 if (err < 0) 1198 goto failed; 1199 1200 data->intf->needs_remote_wakeup = 0; 1201 device_wakeup_disable(&data->udev->dev); 1202 usb_autopm_put_interface(data->intf); 1203 1204 failed: 1205 usb_scuttle_anchored_urbs(&data->deferred); 1206 return 0; 1207 } 1208 1209 static int btusb_flush(struct hci_dev *hdev) 1210 { 1211 struct btusb_data *data = hci_get_drvdata(hdev); 1212 1213 BT_DBG("%s", hdev->name); 1214 1215 usb_kill_anchored_urbs(&data->tx_anchor); 1216 btusb_free_frags(data); 1217 1218 return 0; 1219 } 1220 1221 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1222 { 1223 struct btusb_data *data = hci_get_drvdata(hdev); 1224 struct usb_ctrlrequest *dr; 1225 struct urb *urb; 1226 unsigned int pipe; 1227 1228 urb = usb_alloc_urb(0, GFP_KERNEL); 1229 if (!urb) 1230 return ERR_PTR(-ENOMEM); 1231 1232 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1233 if (!dr) { 1234 usb_free_urb(urb); 1235 return ERR_PTR(-ENOMEM); 1236 } 1237 1238 dr->bRequestType = data->cmdreq_type; 1239 dr->bRequest = data->cmdreq; 1240 dr->wIndex = 0; 1241 dr->wValue = 0; 1242 dr->wLength = __cpu_to_le16(skb->len); 1243 1244 pipe = usb_sndctrlpipe(data->udev, 0x00); 1245 1246 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1247 skb->data, skb->len, btusb_tx_complete, skb); 1248 1249 skb->dev = (void *)hdev; 1250 1251 return urb; 1252 } 1253 1254 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1255 { 1256 struct btusb_data *data = hci_get_drvdata(hdev); 1257 struct urb *urb; 1258 unsigned int pipe; 1259 1260 if (!data->bulk_tx_ep) 1261 return ERR_PTR(-ENODEV); 1262 1263 urb = usb_alloc_urb(0, GFP_KERNEL); 1264 if (!urb) 1265 return ERR_PTR(-ENOMEM); 1266 1267 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1268 1269 usb_fill_bulk_urb(urb, data->udev, pipe, 1270 skb->data, skb->len, btusb_tx_complete, skb); 1271 1272 skb->dev = (void *)hdev; 1273 1274 return urb; 1275 } 1276 1277 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1278 { 1279 struct btusb_data *data = hci_get_drvdata(hdev); 1280 struct urb *urb; 1281 unsigned int pipe; 1282 1283 if (!data->isoc_tx_ep) 1284 return ERR_PTR(-ENODEV); 1285 1286 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1287 if (!urb) 1288 return ERR_PTR(-ENOMEM); 1289 1290 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1291 1292 usb_fill_int_urb(urb, data->udev, pipe, 1293 skb->data, skb->len, btusb_isoc_tx_complete, 1294 skb, data->isoc_tx_ep->bInterval); 1295 1296 urb->transfer_flags = URB_ISO_ASAP; 1297 1298 __fill_isoc_descriptor(urb, skb->len, 1299 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1300 1301 skb->dev = (void *)hdev; 1302 1303 return urb; 1304 } 1305 1306 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1307 { 1308 struct btusb_data *data = hci_get_drvdata(hdev); 1309 int err; 1310 1311 usb_anchor_urb(urb, &data->tx_anchor); 1312 1313 err = usb_submit_urb(urb, GFP_KERNEL); 1314 if (err < 0) { 1315 if (err != -EPERM && err != -ENODEV) 1316 bt_dev_err(hdev, "urb %p submission failed (%d)", 1317 urb, -err); 1318 kfree(urb->setup_packet); 1319 usb_unanchor_urb(urb); 1320 } else { 1321 usb_mark_last_busy(data->udev); 1322 } 1323 1324 usb_free_urb(urb); 1325 return err; 1326 } 1327 1328 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1329 { 1330 struct btusb_data *data = hci_get_drvdata(hdev); 1331 unsigned long flags; 1332 bool suspending; 1333 1334 spin_lock_irqsave(&data->txlock, flags); 1335 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1336 if (!suspending) 1337 data->tx_in_flight++; 1338 spin_unlock_irqrestore(&data->txlock, flags); 1339 1340 if (!suspending) 1341 return submit_tx_urb(hdev, urb); 1342 1343 usb_anchor_urb(urb, &data->deferred); 1344 schedule_work(&data->waker); 1345 1346 usb_free_urb(urb); 1347 return 0; 1348 } 1349 1350 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1351 { 1352 struct urb *urb; 1353 1354 BT_DBG("%s", hdev->name); 1355 1356 switch (hci_skb_pkt_type(skb)) { 1357 case HCI_COMMAND_PKT: 1358 urb = alloc_ctrl_urb(hdev, skb); 1359 if (IS_ERR(urb)) 1360 return PTR_ERR(urb); 1361 1362 hdev->stat.cmd_tx++; 1363 return submit_or_queue_tx_urb(hdev, urb); 1364 1365 case HCI_ACLDATA_PKT: 1366 urb = alloc_bulk_urb(hdev, skb); 1367 if (IS_ERR(urb)) 1368 return PTR_ERR(urb); 1369 1370 hdev->stat.acl_tx++; 1371 return submit_or_queue_tx_urb(hdev, urb); 1372 1373 case HCI_SCODATA_PKT: 1374 if (hci_conn_num(hdev, SCO_LINK) < 1) 1375 return -ENODEV; 1376 1377 urb = alloc_isoc_urb(hdev, skb); 1378 if (IS_ERR(urb)) 1379 return PTR_ERR(urb); 1380 1381 hdev->stat.sco_tx++; 1382 return submit_tx_urb(hdev, urb); 1383 } 1384 1385 return -EILSEQ; 1386 } 1387 1388 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1389 { 1390 struct btusb_data *data = hci_get_drvdata(hdev); 1391 1392 BT_DBG("%s evt %d", hdev->name, evt); 1393 1394 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1395 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1396 schedule_work(&data->work); 1397 } 1398 } 1399 1400 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1401 { 1402 struct btusb_data *data = hci_get_drvdata(hdev); 1403 struct usb_interface *intf = data->isoc; 1404 struct usb_endpoint_descriptor *ep_desc; 1405 int i, err; 1406 1407 if (!data->isoc) 1408 return -ENODEV; 1409 1410 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 1411 if (err < 0) { 1412 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1413 return err; 1414 } 1415 1416 data->isoc_altsetting = altsetting; 1417 1418 data->isoc_tx_ep = NULL; 1419 data->isoc_rx_ep = NULL; 1420 1421 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1422 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1423 1424 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1425 data->isoc_tx_ep = ep_desc; 1426 continue; 1427 } 1428 1429 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1430 data->isoc_rx_ep = ep_desc; 1431 continue; 1432 } 1433 } 1434 1435 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1436 bt_dev_err(hdev, "invalid SCO descriptors"); 1437 return -ENODEV; 1438 } 1439 1440 return 0; 1441 } 1442 1443 static void btusb_work(struct work_struct *work) 1444 { 1445 struct btusb_data *data = container_of(work, struct btusb_data, work); 1446 struct hci_dev *hdev = data->hdev; 1447 int new_alts; 1448 int err; 1449 1450 if (data->sco_num > 0) { 1451 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1452 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1453 if (err < 0) { 1454 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1455 usb_kill_anchored_urbs(&data->isoc_anchor); 1456 return; 1457 } 1458 1459 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1460 } 1461 1462 if (hdev->voice_setting & 0x0020) { 1463 static const int alts[3] = { 2, 4, 5 }; 1464 1465 new_alts = alts[data->sco_num - 1]; 1466 } else { 1467 new_alts = data->sco_num; 1468 } 1469 1470 if (data->isoc_altsetting != new_alts) { 1471 unsigned long flags; 1472 1473 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1474 usb_kill_anchored_urbs(&data->isoc_anchor); 1475 1476 /* When isochronous alternate setting needs to be 1477 * changed, because SCO connection has been added 1478 * or removed, a packet fragment may be left in the 1479 * reassembling state. This could lead to wrongly 1480 * assembled fragments. 1481 * 1482 * Clear outstanding fragment when selecting a new 1483 * alternate setting. 1484 */ 1485 spin_lock_irqsave(&data->rxlock, flags); 1486 kfree_skb(data->sco_skb); 1487 data->sco_skb = NULL; 1488 spin_unlock_irqrestore(&data->rxlock, flags); 1489 1490 if (__set_isoc_interface(hdev, new_alts) < 0) 1491 return; 1492 } 1493 1494 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1495 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1496 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1497 else 1498 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1499 } 1500 } else { 1501 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1502 usb_kill_anchored_urbs(&data->isoc_anchor); 1503 1504 __set_isoc_interface(hdev, 0); 1505 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1506 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1507 } 1508 } 1509 1510 static void btusb_waker(struct work_struct *work) 1511 { 1512 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1513 int err; 1514 1515 err = usb_autopm_get_interface(data->intf); 1516 if (err < 0) 1517 return; 1518 1519 usb_autopm_put_interface(data->intf); 1520 } 1521 1522 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1523 { 1524 struct sk_buff *skb; 1525 u8 val = 0x00; 1526 1527 BT_DBG("%s", hdev->name); 1528 1529 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1530 if (IS_ERR(skb)) 1531 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 1532 else 1533 kfree_skb(skb); 1534 1535 return 0; 1536 } 1537 1538 static int btusb_setup_csr(struct hci_dev *hdev) 1539 { 1540 struct hci_rp_read_local_version *rp; 1541 struct sk_buff *skb; 1542 1543 BT_DBG("%s", hdev->name); 1544 1545 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1546 HCI_INIT_TIMEOUT); 1547 if (IS_ERR(skb)) { 1548 int err = PTR_ERR(skb); 1549 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 1550 return err; 1551 } 1552 1553 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 1554 bt_dev_err(hdev, "CSR: Local version length mismatch"); 1555 kfree_skb(skb); 1556 return -EIO; 1557 } 1558 1559 rp = (struct hci_rp_read_local_version *)skb->data; 1560 1561 /* Detect controllers which aren't real CSR ones. */ 1562 if (le16_to_cpu(rp->manufacturer) != 10 || 1563 le16_to_cpu(rp->lmp_subver) == 0x0c5c) { 1564 /* Clear the reset quirk since this is not an actual 1565 * early Bluetooth 1.1 device from CSR. 1566 */ 1567 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1568 1569 /* These fake CSR controllers have all a broken 1570 * stored link key handling and so just disable it. 1571 */ 1572 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1573 } 1574 1575 kfree_skb(skb); 1576 1577 return 0; 1578 } 1579 1580 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1581 struct intel_version *ver) 1582 { 1583 const struct firmware *fw; 1584 char fwname[64]; 1585 int ret; 1586 1587 snprintf(fwname, sizeof(fwname), 1588 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1589 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1590 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1591 ver->fw_build_ww, ver->fw_build_yy); 1592 1593 ret = request_firmware(&fw, fwname, &hdev->dev); 1594 if (ret < 0) { 1595 if (ret == -EINVAL) { 1596 BT_ERR("%s Intel firmware file request failed (%d)", 1597 hdev->name, ret); 1598 return NULL; 1599 } 1600 1601 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1602 hdev->name, fwname, ret); 1603 1604 /* If the correct firmware patch file is not found, use the 1605 * default firmware patch file instead 1606 */ 1607 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1608 ver->hw_platform, ver->hw_variant); 1609 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1610 BT_ERR("%s failed to open default Intel fw file: %s", 1611 hdev->name, fwname); 1612 return NULL; 1613 } 1614 } 1615 1616 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1617 1618 return fw; 1619 } 1620 1621 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1622 const struct firmware *fw, 1623 const u8 **fw_ptr, int *disable_patch) 1624 { 1625 struct sk_buff *skb; 1626 struct hci_command_hdr *cmd; 1627 const u8 *cmd_param; 1628 struct hci_event_hdr *evt = NULL; 1629 const u8 *evt_param = NULL; 1630 int remain = fw->size - (*fw_ptr - fw->data); 1631 1632 /* The first byte indicates the types of the patch command or event. 1633 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1634 * in the current firmware buffer doesn't start with 0x01 or 1635 * the size of remain buffer is smaller than HCI command header, 1636 * the firmware file is corrupted and it should stop the patching 1637 * process. 1638 */ 1639 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1640 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1641 return -EINVAL; 1642 } 1643 (*fw_ptr)++; 1644 remain--; 1645 1646 cmd = (struct hci_command_hdr *)(*fw_ptr); 1647 *fw_ptr += sizeof(*cmd); 1648 remain -= sizeof(*cmd); 1649 1650 /* Ensure that the remain firmware data is long enough than the length 1651 * of command parameter. If not, the firmware file is corrupted. 1652 */ 1653 if (remain < cmd->plen) { 1654 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1655 return -EFAULT; 1656 } 1657 1658 /* If there is a command that loads a patch in the firmware 1659 * file, then enable the patch upon success, otherwise just 1660 * disable the manufacturer mode, for example patch activation 1661 * is not required when the default firmware patch file is used 1662 * because there are no patch data to load. 1663 */ 1664 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1665 *disable_patch = 0; 1666 1667 cmd_param = *fw_ptr; 1668 *fw_ptr += cmd->plen; 1669 remain -= cmd->plen; 1670 1671 /* This reads the expected events when the above command is sent to the 1672 * device. Some vendor commands expects more than one events, for 1673 * example command status event followed by vendor specific event. 1674 * For this case, it only keeps the last expected event. so the command 1675 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1676 * last expected event. 1677 */ 1678 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1679 (*fw_ptr)++; 1680 remain--; 1681 1682 evt = (struct hci_event_hdr *)(*fw_ptr); 1683 *fw_ptr += sizeof(*evt); 1684 remain -= sizeof(*evt); 1685 1686 if (remain < evt->plen) { 1687 BT_ERR("%s Intel fw corrupted: invalid evt len", 1688 hdev->name); 1689 return -EFAULT; 1690 } 1691 1692 evt_param = *fw_ptr; 1693 *fw_ptr += evt->plen; 1694 remain -= evt->plen; 1695 } 1696 1697 /* Every HCI commands in the firmware file has its correspond event. 1698 * If event is not found or remain is smaller than zero, the firmware 1699 * file is corrupted. 1700 */ 1701 if (!evt || !evt_param || remain < 0) { 1702 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1703 return -EFAULT; 1704 } 1705 1706 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1707 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1708 if (IS_ERR(skb)) { 1709 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1710 hdev->name, cmd->opcode, PTR_ERR(skb)); 1711 return PTR_ERR(skb); 1712 } 1713 1714 /* It ensures that the returned event matches the event data read from 1715 * the firmware file. At fist, it checks the length and then 1716 * the contents of the event. 1717 */ 1718 if (skb->len != evt->plen) { 1719 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1720 le16_to_cpu(cmd->opcode)); 1721 kfree_skb(skb); 1722 return -EFAULT; 1723 } 1724 1725 if (memcmp(skb->data, evt_param, evt->plen)) { 1726 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1727 hdev->name, le16_to_cpu(cmd->opcode)); 1728 kfree_skb(skb); 1729 return -EFAULT; 1730 } 1731 kfree_skb(skb); 1732 1733 return 0; 1734 } 1735 1736 static int btusb_setup_intel(struct hci_dev *hdev) 1737 { 1738 struct sk_buff *skb; 1739 const struct firmware *fw; 1740 const u8 *fw_ptr; 1741 int disable_patch, err; 1742 struct intel_version ver; 1743 1744 BT_DBG("%s", hdev->name); 1745 1746 /* The controller has a bug with the first HCI command sent to it 1747 * returning number of completed commands as zero. This would stall the 1748 * command processing in the Bluetooth core. 1749 * 1750 * As a workaround, send HCI Reset command first which will reset the 1751 * number of completed commands and allow normal command processing 1752 * from now on. 1753 */ 1754 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1755 if (IS_ERR(skb)) { 1756 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1757 hdev->name, PTR_ERR(skb)); 1758 return PTR_ERR(skb); 1759 } 1760 kfree_skb(skb); 1761 1762 /* Read Intel specific controller version first to allow selection of 1763 * which firmware file to load. 1764 * 1765 * The returned information are hardware variant and revision plus 1766 * firmware variant, revision and build number. 1767 */ 1768 err = btintel_read_version(hdev, &ver); 1769 if (err) 1770 return err; 1771 1772 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1773 ver.hw_platform, ver.hw_variant, ver.hw_revision, 1774 ver.fw_variant, ver.fw_revision, ver.fw_build_num, 1775 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num); 1776 1777 /* fw_patch_num indicates the version of patch the device currently 1778 * have. If there is no patch data in the device, it is always 0x00. 1779 * So, if it is other than 0x00, no need to patch the device again. 1780 */ 1781 if (ver.fw_patch_num) { 1782 bt_dev_info(hdev, "Intel device is already patched. " 1783 "patch num: %02x", ver.fw_patch_num); 1784 goto complete; 1785 } 1786 1787 /* Opens the firmware patch file based on the firmware version read 1788 * from the controller. If it fails to open the matching firmware 1789 * patch file, it tries to open the default firmware patch file. 1790 * If no patch file is found, allow the device to operate without 1791 * a patch. 1792 */ 1793 fw = btusb_setup_intel_get_fw(hdev, &ver); 1794 if (!fw) 1795 goto complete; 1796 fw_ptr = fw->data; 1797 1798 /* Enable the manufacturer mode of the controller. 1799 * Only while this mode is enabled, the driver can download the 1800 * firmware patch data and configuration parameters. 1801 */ 1802 err = btintel_enter_mfg(hdev); 1803 if (err) { 1804 release_firmware(fw); 1805 return err; 1806 } 1807 1808 disable_patch = 1; 1809 1810 /* The firmware data file consists of list of Intel specific HCI 1811 * commands and its expected events. The first byte indicates the 1812 * type of the message, either HCI command or HCI event. 1813 * 1814 * It reads the command and its expected event from the firmware file, 1815 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1816 * the returned event is compared with the event read from the firmware 1817 * file and it will continue until all the messages are downloaded to 1818 * the controller. 1819 * 1820 * Once the firmware patching is completed successfully, 1821 * the manufacturer mode is disabled with reset and activating the 1822 * downloaded patch. 1823 * 1824 * If the firmware patching fails, the manufacturer mode is 1825 * disabled with reset and deactivating the patch. 1826 * 1827 * If the default patch file is used, no reset is done when disabling 1828 * the manufacturer. 1829 */ 1830 while (fw->size > fw_ptr - fw->data) { 1831 int ret; 1832 1833 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1834 &disable_patch); 1835 if (ret < 0) 1836 goto exit_mfg_deactivate; 1837 } 1838 1839 release_firmware(fw); 1840 1841 if (disable_patch) 1842 goto exit_mfg_disable; 1843 1844 /* Patching completed successfully and disable the manufacturer mode 1845 * with reset and activate the downloaded firmware patches. 1846 */ 1847 err = btintel_exit_mfg(hdev, true, true); 1848 if (err) 1849 return err; 1850 1851 bt_dev_info(hdev, "Intel firmware patch completed and activated"); 1852 1853 goto complete; 1854 1855 exit_mfg_disable: 1856 /* Disable the manufacturer mode without reset */ 1857 err = btintel_exit_mfg(hdev, false, false); 1858 if (err) 1859 return err; 1860 1861 bt_dev_info(hdev, "Intel firmware patch completed"); 1862 1863 goto complete; 1864 1865 exit_mfg_deactivate: 1866 release_firmware(fw); 1867 1868 /* Patching failed. Disable the manufacturer mode with reset and 1869 * deactivate the downloaded firmware patches. 1870 */ 1871 err = btintel_exit_mfg(hdev, true, false); 1872 if (err) 1873 return err; 1874 1875 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1876 1877 complete: 1878 /* Set the event mask for Intel specific vendor events. This enables 1879 * a few extra events that are useful during general operation. 1880 */ 1881 btintel_set_event_mask_mfg(hdev, false); 1882 1883 btintel_check_bdaddr(hdev); 1884 return 0; 1885 } 1886 1887 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1888 { 1889 struct sk_buff *skb; 1890 struct hci_event_hdr *hdr; 1891 struct hci_ev_cmd_complete *evt; 1892 1893 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 1894 if (!skb) 1895 return -ENOMEM; 1896 1897 hdr = skb_put(skb, sizeof(*hdr)); 1898 hdr->evt = HCI_EV_CMD_COMPLETE; 1899 hdr->plen = sizeof(*evt) + 1; 1900 1901 evt = skb_put(skb, sizeof(*evt)); 1902 evt->ncmd = 0x01; 1903 evt->opcode = cpu_to_le16(opcode); 1904 1905 skb_put_u8(skb, 0x00); 1906 1907 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1908 1909 return hci_recv_frame(hdev, skb); 1910 } 1911 1912 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 1913 int count) 1914 { 1915 /* When the device is in bootloader mode, then it can send 1916 * events via the bulk endpoint. These events are treated the 1917 * same way as the ones received from the interrupt endpoint. 1918 */ 1919 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) 1920 return btusb_recv_intr(data, buffer, count); 1921 1922 return btusb_recv_bulk(data, buffer, count); 1923 } 1924 1925 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr, 1926 unsigned int len) 1927 { 1928 const struct intel_bootup *evt = ptr; 1929 1930 if (len != sizeof(*evt)) 1931 return; 1932 1933 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) { 1934 smp_mb__after_atomic(); 1935 wake_up_bit(&data->flags, BTUSB_BOOTING); 1936 } 1937 } 1938 1939 static void btusb_intel_secure_send_result(struct btusb_data *data, 1940 const void *ptr, unsigned int len) 1941 { 1942 const struct intel_secure_send_result *evt = ptr; 1943 1944 if (len != sizeof(*evt)) 1945 return; 1946 1947 if (evt->result) 1948 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags); 1949 1950 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) && 1951 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) { 1952 smp_mb__after_atomic(); 1953 wake_up_bit(&data->flags, BTUSB_DOWNLOADING); 1954 } 1955 } 1956 1957 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 1958 { 1959 struct btusb_data *data = hci_get_drvdata(hdev); 1960 1961 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 1962 struct hci_event_hdr *hdr = (void *)skb->data; 1963 1964 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 1965 hdr->plen > 0) { 1966 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 1967 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 1968 1969 switch (skb->data[2]) { 1970 case 0x02: 1971 /* When switching to the operational firmware 1972 * the device sends a vendor specific event 1973 * indicating that the bootup completed. 1974 */ 1975 btusb_intel_bootup(data, ptr, len); 1976 break; 1977 case 0x06: 1978 /* When the firmware loading completes the 1979 * device sends out a vendor specific event 1980 * indicating the result of the firmware 1981 * loading. 1982 */ 1983 btusb_intel_secure_send_result(data, ptr, len); 1984 break; 1985 } 1986 } 1987 } 1988 1989 return hci_recv_frame(hdev, skb); 1990 } 1991 1992 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 1993 { 1994 struct btusb_data *data = hci_get_drvdata(hdev); 1995 struct urb *urb; 1996 1997 BT_DBG("%s", hdev->name); 1998 1999 switch (hci_skb_pkt_type(skb)) { 2000 case HCI_COMMAND_PKT: 2001 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 2002 struct hci_command_hdr *cmd = (void *)skb->data; 2003 __u16 opcode = le16_to_cpu(cmd->opcode); 2004 2005 /* When in bootloader mode and the command 0xfc09 2006 * is received, it needs to be send down the 2007 * bulk endpoint. So allocate a bulk URB instead. 2008 */ 2009 if (opcode == 0xfc09) 2010 urb = alloc_bulk_urb(hdev, skb); 2011 else 2012 urb = alloc_ctrl_urb(hdev, skb); 2013 2014 /* When the 0xfc01 command is issued to boot into 2015 * the operational firmware, it will actually not 2016 * send a command complete event. To keep the flow 2017 * control working inject that event here. 2018 */ 2019 if (opcode == 0xfc01) 2020 inject_cmd_complete(hdev, opcode); 2021 } else { 2022 urb = alloc_ctrl_urb(hdev, skb); 2023 } 2024 if (IS_ERR(urb)) 2025 return PTR_ERR(urb); 2026 2027 hdev->stat.cmd_tx++; 2028 return submit_or_queue_tx_urb(hdev, urb); 2029 2030 case HCI_ACLDATA_PKT: 2031 urb = alloc_bulk_urb(hdev, skb); 2032 if (IS_ERR(urb)) 2033 return PTR_ERR(urb); 2034 2035 hdev->stat.acl_tx++; 2036 return submit_or_queue_tx_urb(hdev, urb); 2037 2038 case HCI_SCODATA_PKT: 2039 if (hci_conn_num(hdev, SCO_LINK) < 1) 2040 return -ENODEV; 2041 2042 urb = alloc_isoc_urb(hdev, skb); 2043 if (IS_ERR(urb)) 2044 return PTR_ERR(urb); 2045 2046 hdev->stat.sco_tx++; 2047 return submit_tx_urb(hdev, urb); 2048 } 2049 2050 return -EILSEQ; 2051 } 2052 2053 static int btusb_setup_intel_new(struct hci_dev *hdev) 2054 { 2055 struct btusb_data *data = hci_get_drvdata(hdev); 2056 struct intel_version ver; 2057 struct intel_boot_params params; 2058 const struct firmware *fw; 2059 u32 boot_param; 2060 char fwname[64]; 2061 ktime_t calltime, delta, rettime; 2062 unsigned long long duration; 2063 int err; 2064 2065 BT_DBG("%s", hdev->name); 2066 2067 /* Set the default boot parameter to 0x0 and it is updated to 2068 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2069 * command while downloading the firmware. 2070 */ 2071 boot_param = 0x00000000; 2072 2073 calltime = ktime_get(); 2074 2075 /* Read the Intel version information to determine if the device 2076 * is in bootloader mode or if it already has operational firmware 2077 * loaded. 2078 */ 2079 err = btintel_read_version(hdev, &ver); 2080 if (err) 2081 return err; 2082 2083 /* The hardware platform number has a fixed value of 0x37 and 2084 * for now only accept this single value. 2085 */ 2086 if (ver.hw_platform != 0x37) { 2087 BT_ERR("%s: Unsupported Intel hardware platform (%u)", 2088 hdev->name, ver.hw_platform); 2089 return -EINVAL; 2090 } 2091 2092 /* Check for supported iBT hardware variants of this firmware 2093 * loading method. 2094 * 2095 * This check has been put in place to ensure correct forward 2096 * compatibility options when newer hardware variants come along. 2097 */ 2098 switch (ver.hw_variant) { 2099 case 0x0b: /* SfP */ 2100 case 0x0c: /* WsP */ 2101 case 0x11: /* JfP */ 2102 case 0x12: /* ThP */ 2103 case 0x13: /* HrP */ 2104 case 0x14: /* QnJ, IcP */ 2105 break; 2106 default: 2107 BT_ERR("%s: Unsupported Intel hardware variant (%u)", 2108 hdev->name, ver.hw_variant); 2109 return -EINVAL; 2110 } 2111 2112 btintel_version_info(hdev, &ver); 2113 2114 /* The firmware variant determines if the device is in bootloader 2115 * mode or is running operational firmware. The value 0x06 identifies 2116 * the bootloader and the value 0x23 identifies the operational 2117 * firmware. 2118 * 2119 * When the operational firmware is already present, then only 2120 * the check for valid Bluetooth device address is needed. This 2121 * determines if the device will be added as configured or 2122 * unconfigured controller. 2123 * 2124 * It is not possible to use the Secure Boot Parameters in this 2125 * case since that command is only available in bootloader mode. 2126 */ 2127 if (ver.fw_variant == 0x23) { 2128 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2129 btintel_check_bdaddr(hdev); 2130 return 0; 2131 } 2132 2133 /* If the device is not in bootloader mode, then the only possible 2134 * choice is to return an error and abort the device initialization. 2135 */ 2136 if (ver.fw_variant != 0x06) { 2137 BT_ERR("%s: Unsupported Intel firmware variant (%u)", 2138 hdev->name, ver.fw_variant); 2139 return -ENODEV; 2140 } 2141 2142 /* Read the secure boot parameters to identify the operating 2143 * details of the bootloader. 2144 */ 2145 err = btintel_read_boot_params(hdev, ¶ms); 2146 if (err) 2147 return err; 2148 2149 /* It is required that every single firmware fragment is acknowledged 2150 * with a command complete event. If the boot parameters indicate 2151 * that this bootloader does not send them, then abort the setup. 2152 */ 2153 if (params.limited_cce != 0x00) { 2154 BT_ERR("%s: Unsupported Intel firmware loading method (%u)", 2155 hdev->name, params.limited_cce); 2156 return -EINVAL; 2157 } 2158 2159 /* If the OTP has no valid Bluetooth device address, then there will 2160 * also be no valid address for the operational firmware. 2161 */ 2162 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) { 2163 bt_dev_info(hdev, "No device address configured"); 2164 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2165 } 2166 2167 /* With this Intel bootloader only the hardware variant and device 2168 * revision information are used to select the right firmware for SfP 2169 * and WsP. 2170 * 2171 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 2172 * 2173 * Currently the supported hardware variants are: 2174 * 11 (0x0b) for iBT3.0 (LnP/SfP) 2175 * 12 (0x0c) for iBT3.5 (WsP) 2176 * 2177 * For ThP/JfP and for future SKU's, the FW name varies based on HW 2178 * variant, HW revision and FW revision, as these are dependent on CNVi 2179 * and RF Combination. 2180 * 2181 * 17 (0x11) for iBT3.5 (JfP) 2182 * 18 (0x12) for iBT3.5 (ThP) 2183 * 2184 * The firmware file name for these will be 2185 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 2186 * 2187 */ 2188 switch (ver.hw_variant) { 2189 case 0x0b: /* SfP */ 2190 case 0x0c: /* WsP */ 2191 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", 2192 le16_to_cpu(ver.hw_variant), 2193 le16_to_cpu(params.dev_revid)); 2194 break; 2195 case 0x11: /* JfP */ 2196 case 0x12: /* ThP */ 2197 case 0x13: /* HrP */ 2198 case 0x14: /* QnJ, IcP */ 2199 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi", 2200 le16_to_cpu(ver.hw_variant), 2201 le16_to_cpu(ver.hw_revision), 2202 le16_to_cpu(ver.fw_revision)); 2203 break; 2204 default: 2205 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2206 return -EINVAL; 2207 } 2208 2209 err = request_firmware(&fw, fwname, &hdev->dev); 2210 if (err < 0) { 2211 BT_ERR("%s: Failed to load Intel firmware file (%d)", 2212 hdev->name, err); 2213 return err; 2214 } 2215 2216 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2217 2218 /* Save the DDC file name for later use to apply once the firmware 2219 * downloading is done. 2220 */ 2221 switch (ver.hw_variant) { 2222 case 0x0b: /* SfP */ 2223 case 0x0c: /* WsP */ 2224 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", 2225 le16_to_cpu(ver.hw_variant), 2226 le16_to_cpu(params.dev_revid)); 2227 break; 2228 case 0x11: /* JfP */ 2229 case 0x12: /* ThP */ 2230 case 0x13: /* HrP */ 2231 case 0x14: /* QnJ, IcP */ 2232 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc", 2233 le16_to_cpu(ver.hw_variant), 2234 le16_to_cpu(ver.hw_revision), 2235 le16_to_cpu(ver.fw_revision)); 2236 break; 2237 default: 2238 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2239 return -EINVAL; 2240 } 2241 2242 if (fw->size < 644) { 2243 BT_ERR("%s: Invalid size of firmware file (%zu)", 2244 hdev->name, fw->size); 2245 err = -EBADF; 2246 goto done; 2247 } 2248 2249 set_bit(BTUSB_DOWNLOADING, &data->flags); 2250 2251 /* Start firmware downloading and get boot parameter */ 2252 err = btintel_download_firmware(hdev, fw, &boot_param); 2253 if (err < 0) 2254 goto done; 2255 2256 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); 2257 2258 bt_dev_info(hdev, "Waiting for firmware download to complete"); 2259 2260 /* Before switching the device into operational mode and with that 2261 * booting the loaded firmware, wait for the bootloader notification 2262 * that all fragments have been successfully received. 2263 * 2264 * When the event processing receives the notification, then the 2265 * BTUSB_DOWNLOADING flag will be cleared. 2266 * 2267 * The firmware loading should not take longer than 5 seconds 2268 * and thus just timeout if that happens and fail the setup 2269 * of this device. 2270 */ 2271 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, 2272 TASK_INTERRUPTIBLE, 2273 msecs_to_jiffies(5000)); 2274 if (err == -EINTR) { 2275 BT_ERR("%s: Firmware loading interrupted", hdev->name); 2276 goto done; 2277 } 2278 2279 if (err) { 2280 BT_ERR("%s: Firmware loading timeout", hdev->name); 2281 err = -ETIMEDOUT; 2282 goto done; 2283 } 2284 2285 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { 2286 BT_ERR("%s: Firmware loading failed", hdev->name); 2287 err = -ENOEXEC; 2288 goto done; 2289 } 2290 2291 rettime = ktime_get(); 2292 delta = ktime_sub(rettime, calltime); 2293 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2294 2295 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 2296 2297 done: 2298 release_firmware(fw); 2299 2300 if (err < 0) 2301 return err; 2302 2303 calltime = ktime_get(); 2304 2305 set_bit(BTUSB_BOOTING, &data->flags); 2306 2307 err = btintel_send_intel_reset(hdev, boot_param); 2308 if (err) 2309 return err; 2310 2311 /* The bootloader will not indicate when the device is ready. This 2312 * is done by the operational firmware sending bootup notification. 2313 * 2314 * Booting into operational firmware should not take longer than 2315 * 1 second. However if that happens, then just fail the setup 2316 * since something went wrong. 2317 */ 2318 bt_dev_info(hdev, "Waiting for device to boot"); 2319 2320 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, 2321 TASK_INTERRUPTIBLE, 2322 msecs_to_jiffies(1000)); 2323 2324 if (err == -EINTR) { 2325 BT_ERR("%s: Device boot interrupted", hdev->name); 2326 return -EINTR; 2327 } 2328 2329 if (err) { 2330 BT_ERR("%s: Device boot timeout", hdev->name); 2331 return -ETIMEDOUT; 2332 } 2333 2334 rettime = ktime_get(); 2335 delta = ktime_sub(rettime, calltime); 2336 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2337 2338 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 2339 2340 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2341 2342 /* Once the device is running in operational mode, it needs to apply 2343 * the device configuration (DDC) parameters. 2344 * 2345 * The device can work without DDC parameters, so even if it fails 2346 * to load the file, no need to fail the setup. 2347 */ 2348 btintel_load_ddc_config(hdev, fwname); 2349 2350 /* Set the event mask for Intel specific vendor events. This enables 2351 * a few extra events that are useful during general operation. It 2352 * does not enable any debugging related events. 2353 * 2354 * The device will function correctly without these events enabled 2355 * and thus no need to fail the setup. 2356 */ 2357 btintel_set_event_mask(hdev, false); 2358 2359 return 0; 2360 } 2361 2362 static int btusb_shutdown_intel(struct hci_dev *hdev) 2363 { 2364 struct sk_buff *skb; 2365 long ret; 2366 2367 /* Some platforms have an issue with BT LED when the interface is 2368 * down or BT radio is turned off, which takes 5 seconds to BT LED 2369 * goes off. This command turns off the BT LED immediately. 2370 */ 2371 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2372 if (IS_ERR(skb)) { 2373 ret = PTR_ERR(skb); 2374 BT_ERR("%s: turning off Intel device LED failed (%ld)", 2375 hdev->name, ret); 2376 return ret; 2377 } 2378 kfree_skb(skb); 2379 2380 return 0; 2381 } 2382 2383 #ifdef CONFIG_PM 2384 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 2385 static int marvell_config_oob_wake(struct hci_dev *hdev) 2386 { 2387 struct sk_buff *skb; 2388 struct btusb_data *data = hci_get_drvdata(hdev); 2389 struct device *dev = &data->udev->dev; 2390 u16 pin, gap, opcode; 2391 int ret; 2392 u8 cmd[5]; 2393 2394 /* Move on if no wakeup pin specified */ 2395 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 2396 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 2397 return 0; 2398 2399 /* Vendor specific command to configure a GPIO as wake-up pin */ 2400 opcode = hci_opcode_pack(0x3F, 0x59); 2401 cmd[0] = opcode & 0xFF; 2402 cmd[1] = opcode >> 8; 2403 cmd[2] = 2; /* length of parameters that follow */ 2404 cmd[3] = pin; 2405 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 2406 2407 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 2408 if (!skb) { 2409 bt_dev_err(hdev, "%s: No memory\n", __func__); 2410 return -ENOMEM; 2411 } 2412 2413 skb_put_data(skb, cmd, sizeof(cmd)); 2414 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 2415 2416 ret = btusb_send_frame(hdev, skb); 2417 if (ret) { 2418 bt_dev_err(hdev, "%s: configuration failed\n", __func__); 2419 kfree_skb(skb); 2420 return ret; 2421 } 2422 2423 return 0; 2424 } 2425 #endif 2426 2427 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 2428 const bdaddr_t *bdaddr) 2429 { 2430 struct sk_buff *skb; 2431 u8 buf[8]; 2432 long ret; 2433 2434 buf[0] = 0xfe; 2435 buf[1] = sizeof(bdaddr_t); 2436 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 2437 2438 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2439 if (IS_ERR(skb)) { 2440 ret = PTR_ERR(skb); 2441 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 2442 ret); 2443 return ret; 2444 } 2445 kfree_skb(skb); 2446 2447 return 0; 2448 } 2449 2450 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 2451 const bdaddr_t *bdaddr) 2452 { 2453 struct sk_buff *skb; 2454 u8 buf[10]; 2455 long ret; 2456 2457 buf[0] = 0x01; 2458 buf[1] = 0x01; 2459 buf[2] = 0x00; 2460 buf[3] = sizeof(bdaddr_t); 2461 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 2462 2463 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2464 if (IS_ERR(skb)) { 2465 ret = PTR_ERR(skb); 2466 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 2467 return ret; 2468 } 2469 kfree_skb(skb); 2470 2471 return 0; 2472 } 2473 2474 #define QCA_DFU_PACKET_LEN 4096 2475 2476 #define QCA_GET_TARGET_VERSION 0x09 2477 #define QCA_CHECK_STATUS 0x05 2478 #define QCA_DFU_DOWNLOAD 0x01 2479 2480 #define QCA_SYSCFG_UPDATED 0x40 2481 #define QCA_PATCH_UPDATED 0x80 2482 #define QCA_DFU_TIMEOUT 3000 2483 2484 struct qca_version { 2485 __le32 rom_version; 2486 __le32 patch_version; 2487 __le32 ram_version; 2488 __le32 ref_clock; 2489 __u8 reserved[4]; 2490 } __packed; 2491 2492 struct qca_rampatch_version { 2493 __le16 rom_version; 2494 __le16 patch_version; 2495 } __packed; 2496 2497 struct qca_device_info { 2498 u32 rom_version; 2499 u8 rampatch_hdr; /* length of header in rampatch */ 2500 u8 nvm_hdr; /* length of header in NVM */ 2501 u8 ver_offset; /* offset of version structure in rampatch */ 2502 }; 2503 2504 static const struct qca_device_info qca_devices_table[] = { 2505 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ 2506 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ 2507 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */ 2508 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ 2509 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ 2510 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ 2511 }; 2512 2513 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 2514 void *data, u16 size) 2515 { 2516 int pipe, err; 2517 u8 *buf; 2518 2519 buf = kmalloc(size, GFP_KERNEL); 2520 if (!buf) 2521 return -ENOMEM; 2522 2523 /* Found some of USB hosts have IOT issues with ours so that we should 2524 * not wait until HCI layer is ready. 2525 */ 2526 pipe = usb_rcvctrlpipe(udev, 0); 2527 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 2528 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2529 if (err < 0) { 2530 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 2531 goto done; 2532 } 2533 2534 memcpy(data, buf, size); 2535 2536 done: 2537 kfree(buf); 2538 2539 return err; 2540 } 2541 2542 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 2543 const struct firmware *firmware, 2544 size_t hdr_size) 2545 { 2546 struct btusb_data *btdata = hci_get_drvdata(hdev); 2547 struct usb_device *udev = btdata->udev; 2548 size_t count, size, sent = 0; 2549 int pipe, len, err; 2550 u8 *buf; 2551 2552 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 2553 if (!buf) 2554 return -ENOMEM; 2555 2556 count = firmware->size; 2557 2558 size = min_t(size_t, count, hdr_size); 2559 memcpy(buf, firmware->data, size); 2560 2561 /* USB patches should go down to controller through USB path 2562 * because binary format fits to go down through USB channel. 2563 * USB control path is for patching headers and USB bulk is for 2564 * patch body. 2565 */ 2566 pipe = usb_sndctrlpipe(udev, 0); 2567 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 2568 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2569 if (err < 0) { 2570 bt_dev_err(hdev, "Failed to send headers (%d)", err); 2571 goto done; 2572 } 2573 2574 sent += size; 2575 count -= size; 2576 2577 while (count) { 2578 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 2579 2580 memcpy(buf, firmware->data + sent, size); 2581 2582 pipe = usb_sndbulkpipe(udev, 0x02); 2583 err = usb_bulk_msg(udev, pipe, buf, size, &len, 2584 QCA_DFU_TIMEOUT); 2585 if (err < 0) { 2586 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 2587 sent, firmware->size, err); 2588 break; 2589 } 2590 2591 if (size != len) { 2592 bt_dev_err(hdev, "Failed to get bulk buffer"); 2593 err = -EILSEQ; 2594 break; 2595 } 2596 2597 sent += size; 2598 count -= size; 2599 } 2600 2601 done: 2602 kfree(buf); 2603 return err; 2604 } 2605 2606 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 2607 struct qca_version *ver, 2608 const struct qca_device_info *info) 2609 { 2610 struct qca_rampatch_version *rver; 2611 const struct firmware *fw; 2612 u32 ver_rom, ver_patch; 2613 u16 rver_rom, rver_patch; 2614 char fwname[64]; 2615 int err; 2616 2617 ver_rom = le32_to_cpu(ver->rom_version); 2618 ver_patch = le32_to_cpu(ver->patch_version); 2619 2620 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 2621 2622 err = request_firmware(&fw, fwname, &hdev->dev); 2623 if (err) { 2624 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 2625 fwname, err); 2626 return err; 2627 } 2628 2629 bt_dev_info(hdev, "using rampatch file: %s", fwname); 2630 2631 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 2632 rver_rom = le16_to_cpu(rver->rom_version); 2633 rver_patch = le16_to_cpu(rver->patch_version); 2634 2635 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 2636 "firmware rome 0x%x build 0x%x", 2637 rver_rom, rver_patch, ver_rom, ver_patch); 2638 2639 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 2640 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 2641 err = -EINVAL; 2642 goto done; 2643 } 2644 2645 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 2646 2647 done: 2648 release_firmware(fw); 2649 2650 return err; 2651 } 2652 2653 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 2654 struct qca_version *ver, 2655 const struct qca_device_info *info) 2656 { 2657 const struct firmware *fw; 2658 char fwname[64]; 2659 int err; 2660 2661 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", 2662 le32_to_cpu(ver->rom_version)); 2663 2664 err = request_firmware(&fw, fwname, &hdev->dev); 2665 if (err) { 2666 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 2667 fwname, err); 2668 return err; 2669 } 2670 2671 bt_dev_info(hdev, "using NVM file: %s", fwname); 2672 2673 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 2674 2675 release_firmware(fw); 2676 2677 return err; 2678 } 2679 2680 /* identify the ROM version and check whether patches are needed */ 2681 static bool btusb_qca_need_patch(struct usb_device *udev) 2682 { 2683 struct qca_version ver; 2684 2685 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 2686 sizeof(ver)) < 0) 2687 return false; 2688 /* only low ROM versions need patches */ 2689 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 2690 } 2691 2692 static int btusb_setup_qca(struct hci_dev *hdev) 2693 { 2694 struct btusb_data *btdata = hci_get_drvdata(hdev); 2695 struct usb_device *udev = btdata->udev; 2696 const struct qca_device_info *info = NULL; 2697 struct qca_version ver; 2698 u32 ver_rom; 2699 u8 status; 2700 int i, err; 2701 2702 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 2703 sizeof(ver)); 2704 if (err < 0) 2705 return err; 2706 2707 ver_rom = le32_to_cpu(ver.rom_version); 2708 /* Don't care about high ROM versions */ 2709 if (ver_rom & ~0xffffU) 2710 return 0; 2711 2712 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 2713 if (ver_rom == qca_devices_table[i].rom_version) 2714 info = &qca_devices_table[i]; 2715 } 2716 if (!info) { 2717 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 2718 return -ENODEV; 2719 } 2720 2721 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 2722 sizeof(status)); 2723 if (err < 0) 2724 return err; 2725 2726 if (!(status & QCA_PATCH_UPDATED)) { 2727 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 2728 if (err < 0) 2729 return err; 2730 } 2731 2732 if (!(status & QCA_SYSCFG_UPDATED)) { 2733 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 2734 if (err < 0) 2735 return err; 2736 } 2737 2738 return 0; 2739 } 2740 2741 #ifdef CONFIG_BT_HCIBTUSB_BCM 2742 static inline int __set_diag_interface(struct hci_dev *hdev) 2743 { 2744 struct btusb_data *data = hci_get_drvdata(hdev); 2745 struct usb_interface *intf = data->diag; 2746 int i; 2747 2748 if (!data->diag) 2749 return -ENODEV; 2750 2751 data->diag_tx_ep = NULL; 2752 data->diag_rx_ep = NULL; 2753 2754 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2755 struct usb_endpoint_descriptor *ep_desc; 2756 2757 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2758 2759 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2760 data->diag_tx_ep = ep_desc; 2761 continue; 2762 } 2763 2764 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2765 data->diag_rx_ep = ep_desc; 2766 continue; 2767 } 2768 } 2769 2770 if (!data->diag_tx_ep || !data->diag_rx_ep) { 2771 bt_dev_err(hdev, "invalid diagnostic descriptors"); 2772 return -ENODEV; 2773 } 2774 2775 return 0; 2776 } 2777 2778 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 2779 { 2780 struct btusb_data *data = hci_get_drvdata(hdev); 2781 struct sk_buff *skb; 2782 struct urb *urb; 2783 unsigned int pipe; 2784 2785 if (!data->diag_tx_ep) 2786 return ERR_PTR(-ENODEV); 2787 2788 urb = usb_alloc_urb(0, GFP_KERNEL); 2789 if (!urb) 2790 return ERR_PTR(-ENOMEM); 2791 2792 skb = bt_skb_alloc(2, GFP_KERNEL); 2793 if (!skb) { 2794 usb_free_urb(urb); 2795 return ERR_PTR(-ENOMEM); 2796 } 2797 2798 skb_put_u8(skb, 0xf0); 2799 skb_put_u8(skb, enable); 2800 2801 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 2802 2803 usb_fill_bulk_urb(urb, data->udev, pipe, 2804 skb->data, skb->len, btusb_tx_complete, skb); 2805 2806 skb->dev = (void *)hdev; 2807 2808 return urb; 2809 } 2810 2811 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 2812 { 2813 struct btusb_data *data = hci_get_drvdata(hdev); 2814 struct urb *urb; 2815 2816 if (!data->diag) 2817 return -ENODEV; 2818 2819 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2820 return -ENETDOWN; 2821 2822 urb = alloc_diag_urb(hdev, enable); 2823 if (IS_ERR(urb)) 2824 return PTR_ERR(urb); 2825 2826 return submit_or_queue_tx_urb(hdev, urb); 2827 } 2828 #endif 2829 2830 #ifdef CONFIG_PM 2831 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 2832 { 2833 struct btusb_data *data = priv; 2834 2835 pm_wakeup_event(&data->udev->dev, 0); 2836 pm_system_wakeup(); 2837 2838 /* Disable only if not already disabled (keep it balanced) */ 2839 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 2840 disable_irq_nosync(irq); 2841 disable_irq_wake(irq); 2842 } 2843 return IRQ_HANDLED; 2844 } 2845 2846 static const struct of_device_id btusb_match_table[] = { 2847 { .compatible = "usb1286,204e" }, 2848 { } 2849 }; 2850 MODULE_DEVICE_TABLE(of, btusb_match_table); 2851 2852 /* Use an oob wakeup pin? */ 2853 static int btusb_config_oob_wake(struct hci_dev *hdev) 2854 { 2855 struct btusb_data *data = hci_get_drvdata(hdev); 2856 struct device *dev = &data->udev->dev; 2857 int irq, ret; 2858 2859 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 2860 2861 if (!of_match_device(btusb_match_table, dev)) 2862 return 0; 2863 2864 /* Move on if no IRQ specified */ 2865 irq = of_irq_get_byname(dev->of_node, "wakeup"); 2866 if (irq <= 0) { 2867 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 2868 return 0; 2869 } 2870 2871 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 2872 0, "OOB Wake-on-BT", data); 2873 if (ret) { 2874 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 2875 return ret; 2876 } 2877 2878 ret = device_init_wakeup(dev, true); 2879 if (ret) { 2880 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 2881 return ret; 2882 } 2883 2884 data->oob_wake_irq = irq; 2885 disable_irq(irq); 2886 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 2887 return 0; 2888 } 2889 #endif 2890 2891 static void btusb_check_needs_reset_resume(struct usb_interface *intf) 2892 { 2893 if (dmi_check_system(btusb_needs_reset_resume_table)) 2894 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 2895 } 2896 2897 static int btusb_probe(struct usb_interface *intf, 2898 const struct usb_device_id *id) 2899 { 2900 struct usb_endpoint_descriptor *ep_desc; 2901 struct btusb_data *data; 2902 struct hci_dev *hdev; 2903 unsigned ifnum_base; 2904 int i, err; 2905 2906 BT_DBG("intf %p id %p", intf, id); 2907 2908 /* interface numbers are hardcoded in the spec */ 2909 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 2910 if (!(id->driver_info & BTUSB_IFNUM_2)) 2911 return -ENODEV; 2912 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 2913 return -ENODEV; 2914 } 2915 2916 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 2917 2918 if (!id->driver_info) { 2919 const struct usb_device_id *match; 2920 2921 match = usb_match_id(intf, blacklist_table); 2922 if (match) 2923 id = match; 2924 } 2925 2926 if (id->driver_info == BTUSB_IGNORE) 2927 return -ENODEV; 2928 2929 if (id->driver_info & BTUSB_ATH3012) { 2930 struct usb_device *udev = interface_to_usbdev(intf); 2931 2932 /* Old firmware would otherwise let ath3k driver load 2933 * patch and sysconfig files 2934 */ 2935 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 2936 !btusb_qca_need_patch(udev)) 2937 return -ENODEV; 2938 } 2939 2940 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 2941 if (!data) 2942 return -ENOMEM; 2943 2944 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2945 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2946 2947 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 2948 data->intr_ep = ep_desc; 2949 continue; 2950 } 2951 2952 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2953 data->bulk_tx_ep = ep_desc; 2954 continue; 2955 } 2956 2957 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2958 data->bulk_rx_ep = ep_desc; 2959 continue; 2960 } 2961 } 2962 2963 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 2964 return -ENODEV; 2965 2966 if (id->driver_info & BTUSB_AMP) { 2967 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 2968 data->cmdreq = 0x2b; 2969 } else { 2970 data->cmdreq_type = USB_TYPE_CLASS; 2971 data->cmdreq = 0x00; 2972 } 2973 2974 data->udev = interface_to_usbdev(intf); 2975 data->intf = intf; 2976 2977 INIT_WORK(&data->work, btusb_work); 2978 INIT_WORK(&data->waker, btusb_waker); 2979 init_usb_anchor(&data->deferred); 2980 init_usb_anchor(&data->tx_anchor); 2981 spin_lock_init(&data->txlock); 2982 2983 init_usb_anchor(&data->intr_anchor); 2984 init_usb_anchor(&data->bulk_anchor); 2985 init_usb_anchor(&data->isoc_anchor); 2986 init_usb_anchor(&data->diag_anchor); 2987 spin_lock_init(&data->rxlock); 2988 2989 if (id->driver_info & BTUSB_INTEL_NEW) { 2990 data->recv_event = btusb_recv_event_intel; 2991 data->recv_bulk = btusb_recv_bulk_intel; 2992 set_bit(BTUSB_BOOTLOADER, &data->flags); 2993 } else { 2994 data->recv_event = hci_recv_frame; 2995 data->recv_bulk = btusb_recv_bulk; 2996 } 2997 2998 hdev = hci_alloc_dev(); 2999 if (!hdev) 3000 return -ENOMEM; 3001 3002 hdev->bus = HCI_USB; 3003 hci_set_drvdata(hdev, data); 3004 3005 if (id->driver_info & BTUSB_AMP) 3006 hdev->dev_type = HCI_AMP; 3007 else 3008 hdev->dev_type = HCI_PRIMARY; 3009 3010 data->hdev = hdev; 3011 3012 SET_HCIDEV_DEV(hdev, &intf->dev); 3013 3014 hdev->open = btusb_open; 3015 hdev->close = btusb_close; 3016 hdev->flush = btusb_flush; 3017 hdev->send = btusb_send_frame; 3018 hdev->notify = btusb_notify; 3019 3020 #ifdef CONFIG_PM 3021 err = btusb_config_oob_wake(hdev); 3022 if (err) 3023 goto out_free_dev; 3024 3025 /* Marvell devices may need a specific chip configuration */ 3026 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 3027 err = marvell_config_oob_wake(hdev); 3028 if (err) 3029 goto out_free_dev; 3030 } 3031 #endif 3032 if (id->driver_info & BTUSB_CW6622) 3033 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3034 3035 if (id->driver_info & BTUSB_BCM2045) 3036 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3037 3038 if (id->driver_info & BTUSB_BCM92035) 3039 hdev->setup = btusb_setup_bcm92035; 3040 3041 #ifdef CONFIG_BT_HCIBTUSB_BCM 3042 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 3043 hdev->manufacturer = 15; 3044 hdev->setup = btbcm_setup_patchram; 3045 hdev->set_diag = btusb_bcm_set_diag; 3046 hdev->set_bdaddr = btbcm_set_bdaddr; 3047 3048 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3049 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3050 } 3051 3052 if (id->driver_info & BTUSB_BCM_APPLE) { 3053 hdev->manufacturer = 15; 3054 hdev->setup = btbcm_setup_apple; 3055 hdev->set_diag = btusb_bcm_set_diag; 3056 3057 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 3058 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 3059 } 3060 #endif 3061 3062 if (id->driver_info & BTUSB_INTEL) { 3063 hdev->manufacturer = 2; 3064 hdev->setup = btusb_setup_intel; 3065 hdev->shutdown = btusb_shutdown_intel; 3066 hdev->set_diag = btintel_set_diag_mfg; 3067 hdev->set_bdaddr = btintel_set_bdaddr; 3068 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3069 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3070 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3071 } 3072 3073 if (id->driver_info & BTUSB_INTEL_NEW) { 3074 hdev->manufacturer = 2; 3075 hdev->send = btusb_send_frame_intel; 3076 hdev->setup = btusb_setup_intel_new; 3077 hdev->hw_error = btintel_hw_error; 3078 hdev->set_diag = btintel_set_diag; 3079 hdev->set_bdaddr = btintel_set_bdaddr; 3080 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3081 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3082 } 3083 3084 if (id->driver_info & BTUSB_MARVELL) 3085 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 3086 3087 if (id->driver_info & BTUSB_SWAVE) { 3088 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 3089 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 3090 } 3091 3092 if (id->driver_info & BTUSB_INTEL_BOOT) { 3093 hdev->manufacturer = 2; 3094 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3095 } 3096 3097 if (id->driver_info & BTUSB_ATH3012) { 3098 data->setup_on_usb = btusb_setup_qca; 3099 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3100 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3101 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3102 } 3103 3104 if (id->driver_info & BTUSB_QCA_ROME) { 3105 data->setup_on_usb = btusb_setup_qca; 3106 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3107 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3108 btusb_check_needs_reset_resume(intf); 3109 } 3110 3111 #ifdef CONFIG_BT_HCIBTUSB_RTL 3112 if (id->driver_info & BTUSB_REALTEK) { 3113 hdev->setup = btrtl_setup_realtek; 3114 3115 /* Realtek devices lose their updated firmware over suspend, 3116 * but the USB hub doesn't notice any status change. 3117 * Explicitly request a device reset on resume. 3118 */ 3119 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3120 } 3121 #endif 3122 3123 if (id->driver_info & BTUSB_AMP) { 3124 /* AMP controllers do not support SCO packets */ 3125 data->isoc = NULL; 3126 } else { 3127 /* Interface orders are hardcoded in the specification */ 3128 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 3129 data->isoc_ifnum = ifnum_base + 1; 3130 } 3131 3132 if (!reset) 3133 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3134 3135 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 3136 if (!disable_scofix) 3137 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 3138 } 3139 3140 if (id->driver_info & BTUSB_BROKEN_ISOC) 3141 data->isoc = NULL; 3142 3143 if (id->driver_info & BTUSB_DIGIANSWER) { 3144 data->cmdreq_type = USB_TYPE_VENDOR; 3145 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3146 } 3147 3148 if (id->driver_info & BTUSB_CSR) { 3149 struct usb_device *udev = data->udev; 3150 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 3151 3152 /* Old firmware would otherwise execute USB reset */ 3153 if (bcdDevice < 0x117) 3154 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3155 3156 /* Fake CSR devices with broken commands */ 3157 if (bcdDevice <= 0x100 || bcdDevice == 0x134) 3158 hdev->setup = btusb_setup_csr; 3159 3160 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3161 } 3162 3163 if (id->driver_info & BTUSB_SNIFFER) { 3164 struct usb_device *udev = data->udev; 3165 3166 /* New sniffer firmware has crippled HCI interface */ 3167 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 3168 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3169 } 3170 3171 if (id->driver_info & BTUSB_INTEL_BOOT) { 3172 /* A bug in the bootloader causes that interrupt interface is 3173 * only enabled after receiving SetInterface(0, AltSetting=0). 3174 */ 3175 err = usb_set_interface(data->udev, 0, 0); 3176 if (err < 0) { 3177 BT_ERR("failed to set interface 0, alt 0 %d", err); 3178 goto out_free_dev; 3179 } 3180 } 3181 3182 if (data->isoc) { 3183 err = usb_driver_claim_interface(&btusb_driver, 3184 data->isoc, data); 3185 if (err < 0) 3186 goto out_free_dev; 3187 } 3188 3189 #ifdef CONFIG_BT_HCIBTUSB_BCM 3190 if (data->diag) { 3191 if (!usb_driver_claim_interface(&btusb_driver, 3192 data->diag, data)) 3193 __set_diag_interface(hdev); 3194 else 3195 data->diag = NULL; 3196 } 3197 #endif 3198 3199 if (enable_autosuspend) 3200 usb_enable_autosuspend(data->udev); 3201 3202 err = hci_register_dev(hdev); 3203 if (err < 0) 3204 goto out_free_dev; 3205 3206 usb_set_intfdata(intf, data); 3207 3208 return 0; 3209 3210 out_free_dev: 3211 hci_free_dev(hdev); 3212 return err; 3213 } 3214 3215 static void btusb_disconnect(struct usb_interface *intf) 3216 { 3217 struct btusb_data *data = usb_get_intfdata(intf); 3218 struct hci_dev *hdev; 3219 3220 BT_DBG("intf %p", intf); 3221 3222 if (!data) 3223 return; 3224 3225 hdev = data->hdev; 3226 usb_set_intfdata(data->intf, NULL); 3227 3228 if (data->isoc) 3229 usb_set_intfdata(data->isoc, NULL); 3230 3231 if (data->diag) 3232 usb_set_intfdata(data->diag, NULL); 3233 3234 hci_unregister_dev(hdev); 3235 3236 if (intf == data->intf) { 3237 if (data->isoc) 3238 usb_driver_release_interface(&btusb_driver, data->isoc); 3239 if (data->diag) 3240 usb_driver_release_interface(&btusb_driver, data->diag); 3241 } else if (intf == data->isoc) { 3242 if (data->diag) 3243 usb_driver_release_interface(&btusb_driver, data->diag); 3244 usb_driver_release_interface(&btusb_driver, data->intf); 3245 } else if (intf == data->diag) { 3246 usb_driver_release_interface(&btusb_driver, data->intf); 3247 if (data->isoc) 3248 usb_driver_release_interface(&btusb_driver, data->isoc); 3249 } 3250 3251 if (data->oob_wake_irq) 3252 device_init_wakeup(&data->udev->dev, false); 3253 3254 hci_free_dev(hdev); 3255 } 3256 3257 #ifdef CONFIG_PM 3258 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 3259 { 3260 struct btusb_data *data = usb_get_intfdata(intf); 3261 3262 BT_DBG("intf %p", intf); 3263 3264 if (data->suspend_count++) 3265 return 0; 3266 3267 spin_lock_irq(&data->txlock); 3268 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 3269 set_bit(BTUSB_SUSPENDING, &data->flags); 3270 spin_unlock_irq(&data->txlock); 3271 } else { 3272 spin_unlock_irq(&data->txlock); 3273 data->suspend_count--; 3274 return -EBUSY; 3275 } 3276 3277 cancel_work_sync(&data->work); 3278 3279 btusb_stop_traffic(data); 3280 usb_kill_anchored_urbs(&data->tx_anchor); 3281 3282 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 3283 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3284 enable_irq_wake(data->oob_wake_irq); 3285 enable_irq(data->oob_wake_irq); 3286 } 3287 3288 return 0; 3289 } 3290 3291 static void play_deferred(struct btusb_data *data) 3292 { 3293 struct urb *urb; 3294 int err; 3295 3296 while ((urb = usb_get_from_anchor(&data->deferred))) { 3297 usb_anchor_urb(urb, &data->tx_anchor); 3298 3299 err = usb_submit_urb(urb, GFP_ATOMIC); 3300 if (err < 0) { 3301 if (err != -EPERM && err != -ENODEV) 3302 BT_ERR("%s urb %p submission failed (%d)", 3303 data->hdev->name, urb, -err); 3304 kfree(urb->setup_packet); 3305 usb_unanchor_urb(urb); 3306 usb_free_urb(urb); 3307 break; 3308 } 3309 3310 data->tx_in_flight++; 3311 usb_free_urb(urb); 3312 } 3313 3314 /* Cleanup the rest deferred urbs. */ 3315 while ((urb = usb_get_from_anchor(&data->deferred))) { 3316 kfree(urb->setup_packet); 3317 usb_free_urb(urb); 3318 } 3319 } 3320 3321 static int btusb_resume(struct usb_interface *intf) 3322 { 3323 struct btusb_data *data = usb_get_intfdata(intf); 3324 struct hci_dev *hdev = data->hdev; 3325 int err = 0; 3326 3327 BT_DBG("intf %p", intf); 3328 3329 if (--data->suspend_count) 3330 return 0; 3331 3332 /* Disable only if not already disabled (keep it balanced) */ 3333 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3334 disable_irq(data->oob_wake_irq); 3335 disable_irq_wake(data->oob_wake_irq); 3336 } 3337 3338 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3339 goto done; 3340 3341 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 3342 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 3343 if (err < 0) { 3344 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 3345 goto failed; 3346 } 3347 } 3348 3349 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 3350 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 3351 if (err < 0) { 3352 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 3353 goto failed; 3354 } 3355 3356 btusb_submit_bulk_urb(hdev, GFP_NOIO); 3357 } 3358 3359 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 3360 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 3361 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 3362 else 3363 btusb_submit_isoc_urb(hdev, GFP_NOIO); 3364 } 3365 3366 spin_lock_irq(&data->txlock); 3367 play_deferred(data); 3368 clear_bit(BTUSB_SUSPENDING, &data->flags); 3369 spin_unlock_irq(&data->txlock); 3370 schedule_work(&data->work); 3371 3372 return 0; 3373 3374 failed: 3375 usb_scuttle_anchored_urbs(&data->deferred); 3376 done: 3377 spin_lock_irq(&data->txlock); 3378 clear_bit(BTUSB_SUSPENDING, &data->flags); 3379 spin_unlock_irq(&data->txlock); 3380 3381 return err; 3382 } 3383 #endif 3384 3385 static struct usb_driver btusb_driver = { 3386 .name = "btusb", 3387 .probe = btusb_probe, 3388 .disconnect = btusb_disconnect, 3389 #ifdef CONFIG_PM 3390 .suspend = btusb_suspend, 3391 .resume = btusb_resume, 3392 #endif 3393 .id_table = btusb_table, 3394 .supports_autosuspend = 1, 3395 .disable_hub_initiated_lpm = 1, 3396 }; 3397 3398 module_usb_driver(btusb_driver); 3399 3400 module_param(disable_scofix, bool, 0644); 3401 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 3402 3403 module_param(force_scofix, bool, 0644); 3404 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 3405 3406 module_param(enable_autosuspend, bool, 0644); 3407 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 3408 3409 module_param(reset, bool, 0644); 3410 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 3411 3412 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 3413 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 3414 MODULE_VERSION(VERSION); 3415 MODULE_LICENSE("GPL"); 3416