1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Generic Bluetooth USB driver 5 * 6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 7 */ 8 9 #include <linux/dmi.h> 10 #include <linux/module.h> 11 #include <linux/usb.h> 12 #include <linux/usb/quirks.h> 13 #include <linux/firmware.h> 14 #include <linux/iopoll.h> 15 #include <linux/of_device.h> 16 #include <linux/of_irq.h> 17 #include <linux/suspend.h> 18 #include <linux/gpio/consumer.h> 19 #include <linux/debugfs.h> 20 #include <linux/unaligned.h> 21 22 #include <net/bluetooth/bluetooth.h> 23 #include <net/bluetooth/hci_core.h> 24 #include <net/bluetooth/hci_drv.h> 25 26 #include "btintel.h" 27 #include "btbcm.h" 28 #include "btrtl.h" 29 #include "btmtk.h" 30 31 #define VERSION "0.8" 32 33 static bool disable_scofix; 34 static bool force_scofix; 35 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 36 static bool enable_poll_sync = IS_ENABLED(CONFIG_BT_HCIBTUSB_POLL_SYNC); 37 static bool reset = true; 38 39 static struct usb_driver btusb_driver; 40 41 #define BTUSB_IGNORE BIT(0) 42 #define BTUSB_DIGIANSWER BIT(1) 43 #define BTUSB_CSR BIT(2) 44 #define BTUSB_SNIFFER BIT(3) 45 #define BTUSB_BCM92035 BIT(4) 46 #define BTUSB_BROKEN_ISOC BIT(5) 47 #define BTUSB_WRONG_SCO_MTU BIT(6) 48 #define BTUSB_ATH3012 BIT(7) 49 #define BTUSB_INTEL_COMBINED BIT(8) 50 #define BTUSB_INTEL_BOOT BIT(9) 51 #define BTUSB_BCM_PATCHRAM BIT(10) 52 #define BTUSB_MARVELL BIT(11) 53 #define BTUSB_SWAVE BIT(12) 54 #define BTUSB_AMP BIT(13) 55 #define BTUSB_QCA_ROME BIT(14) 56 #define BTUSB_BCM_APPLE BIT(15) 57 #define BTUSB_REALTEK BIT(16) 58 #define BTUSB_BCM2045 BIT(17) 59 #define BTUSB_IFNUM_2 BIT(18) 60 #define BTUSB_CW6622 BIT(19) 61 #define BTUSB_MEDIATEK BIT(20) 62 #define BTUSB_WIDEBAND_SPEECH BIT(21) 63 #define BTUSB_INVALID_LE_STATES BIT(22) 64 #define BTUSB_QCA_WCN6855 BIT(23) 65 #define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24) 66 #define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25) 67 #define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26) 68 #define BTUSB_ACTIONS_SEMI BIT(27) 69 #define BTUSB_BARROT BIT(28) 70 71 static const struct usb_device_id btusb_table[] = { 72 /* Generic Bluetooth USB device */ 73 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 74 75 /* Generic Bluetooth AMP device */ 76 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 77 78 /* Generic Bluetooth USB interface */ 79 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 80 81 /* Apple-specific (Broadcom) devices */ 82 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 83 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 84 85 /* MediaTek MT76x0E */ 86 { USB_DEVICE(0x0e8d, 0x763f) }, 87 88 /* Broadcom SoftSailing reporting vendor specific */ 89 { USB_DEVICE(0x0a5c, 0x21e1) }, 90 91 /* Apple MacBookPro 7,1 */ 92 { USB_DEVICE(0x05ac, 0x8213) }, 93 94 /* Apple iMac11,1 */ 95 { USB_DEVICE(0x05ac, 0x8215) }, 96 97 /* Apple MacBookPro6,2 */ 98 { USB_DEVICE(0x05ac, 0x8218) }, 99 100 /* Apple MacBookAir3,1, MacBookAir3,2 */ 101 { USB_DEVICE(0x05ac, 0x821b) }, 102 103 /* Apple MacBookAir4,1 */ 104 { USB_DEVICE(0x05ac, 0x821f) }, 105 106 /* Apple MacBookPro8,2 */ 107 { USB_DEVICE(0x05ac, 0x821a) }, 108 109 /* Apple MacMini5,1 */ 110 { USB_DEVICE(0x05ac, 0x8281) }, 111 112 /* AVM BlueFRITZ! USB v2.0 */ 113 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 114 115 /* Bluetooth Ultraport Module from IBM */ 116 { USB_DEVICE(0x04bf, 0x030a) }, 117 118 /* ALPS Modules with non-standard id */ 119 { USB_DEVICE(0x044e, 0x3001) }, 120 { USB_DEVICE(0x044e, 0x3002) }, 121 122 /* Ericsson with non-standard id */ 123 { USB_DEVICE(0x0bdb, 0x1002) }, 124 125 /* Canyon CN-BTU1 with HID interfaces */ 126 { USB_DEVICE(0x0c10, 0x0000) }, 127 128 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 129 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 130 131 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 132 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 133 .driver_info = BTUSB_BCM_PATCHRAM }, 134 135 /* Broadcom BCM920703 (HTC Vive) */ 136 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 137 .driver_info = BTUSB_BCM_PATCHRAM }, 138 139 /* Foxconn - Hon Hai */ 140 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 141 .driver_info = BTUSB_BCM_PATCHRAM }, 142 143 /* Lite-On Technology - Broadcom based */ 144 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 145 .driver_info = BTUSB_BCM_PATCHRAM }, 146 147 /* Broadcom devices with vendor specific id */ 148 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 149 .driver_info = BTUSB_BCM_PATCHRAM }, 150 151 /* ASUSTek Computer - Broadcom based */ 152 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 153 .driver_info = BTUSB_BCM_PATCHRAM }, 154 155 /* Belkin F8065bf - Broadcom based */ 156 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 157 .driver_info = BTUSB_BCM_PATCHRAM }, 158 159 /* IMC Networks - Broadcom based */ 160 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 161 .driver_info = BTUSB_BCM_PATCHRAM }, 162 163 /* Dell Computer - Broadcom based */ 164 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 165 .driver_info = BTUSB_BCM_PATCHRAM }, 166 167 /* Toshiba Corp - Broadcom based */ 168 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 169 .driver_info = BTUSB_BCM_PATCHRAM }, 170 171 /* Intel Bluetooth USB Bootloader (RAM module) */ 172 { USB_DEVICE(0x8087, 0x0a5a), 173 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 174 175 { } /* Terminating entry */ 176 }; 177 178 MODULE_DEVICE_TABLE(usb, btusb_table); 179 180 static const struct usb_device_id quirks_table[] = { 181 /* CSR BlueCore devices */ 182 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 183 184 /* Broadcom BCM2033 without firmware */ 185 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 186 187 /* Broadcom BCM2045 devices */ 188 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 189 190 /* Atheros 3011 with sflash firmware */ 191 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 192 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 193 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 194 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 195 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 196 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 197 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 198 199 /* Atheros AR9285 Malbec with sflash firmware */ 200 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 201 202 /* Atheros 3012 with sflash firmware */ 203 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 249 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 250 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 251 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 252 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 253 254 /* Atheros AR5BBU12 with sflash firmware */ 255 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 256 257 /* Atheros AR5BBU12 with sflash firmware */ 258 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 259 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 260 261 /* QCA ROME chipset */ 262 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME | 263 BTUSB_WIDEBAND_SPEECH }, 264 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME | 265 BTUSB_WIDEBAND_SPEECH }, 266 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME | 267 BTUSB_WIDEBAND_SPEECH }, 268 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME | 269 BTUSB_WIDEBAND_SPEECH }, 270 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME | 271 BTUSB_WIDEBAND_SPEECH }, 272 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME | 273 BTUSB_WIDEBAND_SPEECH }, 274 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME | 275 BTUSB_WIDEBAND_SPEECH }, 276 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME | 277 BTUSB_WIDEBAND_SPEECH }, 278 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME | 279 BTUSB_WIDEBAND_SPEECH }, 280 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME | 281 BTUSB_WIDEBAND_SPEECH }, 282 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME | 283 BTUSB_WIDEBAND_SPEECH }, 284 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME | 285 BTUSB_WIDEBAND_SPEECH }, 286 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME | 287 BTUSB_WIDEBAND_SPEECH }, 288 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME | 289 BTUSB_WIDEBAND_SPEECH }, 290 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME | 291 BTUSB_WIDEBAND_SPEECH }, 292 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME | 293 BTUSB_WIDEBAND_SPEECH }, 294 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME | 295 BTUSB_WIDEBAND_SPEECH }, 296 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME | 297 BTUSB_WIDEBAND_SPEECH }, 298 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME | 299 BTUSB_WIDEBAND_SPEECH }, 300 301 /* QCA WCN6855 chipset */ 302 { USB_DEVICE(0x0489, 0xe0c7), .driver_info = BTUSB_QCA_WCN6855 | 303 BTUSB_WIDEBAND_SPEECH }, 304 { USB_DEVICE(0x0489, 0xe0c9), .driver_info = BTUSB_QCA_WCN6855 | 305 BTUSB_WIDEBAND_SPEECH }, 306 { USB_DEVICE(0x0489, 0xe0ca), .driver_info = BTUSB_QCA_WCN6855 | 307 BTUSB_WIDEBAND_SPEECH }, 308 { USB_DEVICE(0x0489, 0xe0cb), .driver_info = BTUSB_QCA_WCN6855 | 309 BTUSB_WIDEBAND_SPEECH }, 310 { USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 | 311 BTUSB_WIDEBAND_SPEECH }, 312 { USB_DEVICE(0x0489, 0xe0ce), .driver_info = BTUSB_QCA_WCN6855 | 313 BTUSB_WIDEBAND_SPEECH }, 314 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 | 315 BTUSB_WIDEBAND_SPEECH }, 316 { USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 | 317 BTUSB_WIDEBAND_SPEECH }, 318 { USB_DEVICE(0x0489, 0xe0de), .driver_info = BTUSB_QCA_WCN6855 | 319 BTUSB_WIDEBAND_SPEECH }, 320 { USB_DEVICE(0x0489, 0xe0df), .driver_info = BTUSB_QCA_WCN6855 | 321 BTUSB_WIDEBAND_SPEECH }, 322 { USB_DEVICE(0x0489, 0xe0e1), .driver_info = BTUSB_QCA_WCN6855 | 323 BTUSB_WIDEBAND_SPEECH }, 324 { USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 | 325 BTUSB_WIDEBAND_SPEECH }, 326 { USB_DEVICE(0x0489, 0xe0ea), .driver_info = BTUSB_QCA_WCN6855 | 327 BTUSB_WIDEBAND_SPEECH }, 328 { USB_DEVICE(0x0489, 0xe0ec), .driver_info = BTUSB_QCA_WCN6855 | 329 BTUSB_WIDEBAND_SPEECH }, 330 { USB_DEVICE(0x04ca, 0x3022), .driver_info = BTUSB_QCA_WCN6855 | 331 BTUSB_WIDEBAND_SPEECH }, 332 { USB_DEVICE(0x04ca, 0x3023), .driver_info = BTUSB_QCA_WCN6855 | 333 BTUSB_WIDEBAND_SPEECH }, 334 { USB_DEVICE(0x04ca, 0x3024), .driver_info = BTUSB_QCA_WCN6855 | 335 BTUSB_WIDEBAND_SPEECH }, 336 { USB_DEVICE(0x04ca, 0x3a22), .driver_info = BTUSB_QCA_WCN6855 | 337 BTUSB_WIDEBAND_SPEECH }, 338 { USB_DEVICE(0x04ca, 0x3a24), .driver_info = BTUSB_QCA_WCN6855 | 339 BTUSB_WIDEBAND_SPEECH }, 340 { USB_DEVICE(0x04ca, 0x3a26), .driver_info = BTUSB_QCA_WCN6855 | 341 BTUSB_WIDEBAND_SPEECH }, 342 { USB_DEVICE(0x04ca, 0x3a27), .driver_info = BTUSB_QCA_WCN6855 | 343 BTUSB_WIDEBAND_SPEECH }, 344 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 | 345 BTUSB_WIDEBAND_SPEECH }, 346 { USB_DEVICE(0x10ab, 0x9108), .driver_info = BTUSB_QCA_WCN6855 | 347 BTUSB_WIDEBAND_SPEECH }, 348 { USB_DEVICE(0x10ab, 0x9109), .driver_info = BTUSB_QCA_WCN6855 | 349 BTUSB_WIDEBAND_SPEECH }, 350 { USB_DEVICE(0x10ab, 0x9208), .driver_info = BTUSB_QCA_WCN6855 | 351 BTUSB_WIDEBAND_SPEECH }, 352 { USB_DEVICE(0x10ab, 0x9209), .driver_info = BTUSB_QCA_WCN6855 | 353 BTUSB_WIDEBAND_SPEECH }, 354 { USB_DEVICE(0x10ab, 0x9308), .driver_info = BTUSB_QCA_WCN6855 | 355 BTUSB_WIDEBAND_SPEECH }, 356 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 | 357 BTUSB_WIDEBAND_SPEECH }, 358 { USB_DEVICE(0x10ab, 0x9408), .driver_info = BTUSB_QCA_WCN6855 | 359 BTUSB_WIDEBAND_SPEECH }, 360 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 | 361 BTUSB_WIDEBAND_SPEECH }, 362 { USB_DEVICE(0x10ab, 0x9508), .driver_info = BTUSB_QCA_WCN6855 | 363 BTUSB_WIDEBAND_SPEECH }, 364 { USB_DEVICE(0x10ab, 0x9509), .driver_info = BTUSB_QCA_WCN6855 | 365 BTUSB_WIDEBAND_SPEECH }, 366 { USB_DEVICE(0x10ab, 0x9608), .driver_info = BTUSB_QCA_WCN6855 | 367 BTUSB_WIDEBAND_SPEECH }, 368 { USB_DEVICE(0x10ab, 0x9609), .driver_info = BTUSB_QCA_WCN6855 | 369 BTUSB_WIDEBAND_SPEECH }, 370 { USB_DEVICE(0x10ab, 0x9f09), .driver_info = BTUSB_QCA_WCN6855 | 371 BTUSB_WIDEBAND_SPEECH }, 372 { USB_DEVICE(0x28de, 0x1401), .driver_info = BTUSB_QCA_WCN6855 | 373 BTUSB_WIDEBAND_SPEECH }, 374 375 /* QCA WCN785x chipset */ 376 { USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 | 377 BTUSB_WIDEBAND_SPEECH }, 378 { USB_DEVICE(0x0489, 0xe0fc), .driver_info = BTUSB_QCA_WCN6855 | 379 BTUSB_WIDEBAND_SPEECH }, 380 { USB_DEVICE(0x0489, 0xe0f3), .driver_info = BTUSB_QCA_WCN6855 | 381 BTUSB_WIDEBAND_SPEECH }, 382 { USB_DEVICE(0x0489, 0xe100), .driver_info = BTUSB_QCA_WCN6855 | 383 BTUSB_WIDEBAND_SPEECH }, 384 { USB_DEVICE(0x0489, 0xe103), .driver_info = BTUSB_QCA_WCN6855 | 385 BTUSB_WIDEBAND_SPEECH }, 386 { USB_DEVICE(0x0489, 0xe10a), .driver_info = BTUSB_QCA_WCN6855 | 387 BTUSB_WIDEBAND_SPEECH }, 388 { USB_DEVICE(0x0489, 0xe10d), .driver_info = BTUSB_QCA_WCN6855 | 389 BTUSB_WIDEBAND_SPEECH }, 390 { USB_DEVICE(0x0489, 0xe11b), .driver_info = BTUSB_QCA_WCN6855 | 391 BTUSB_WIDEBAND_SPEECH }, 392 { USB_DEVICE(0x0489, 0xe11c), .driver_info = BTUSB_QCA_WCN6855 | 393 BTUSB_WIDEBAND_SPEECH }, 394 { USB_DEVICE(0x0489, 0xe11f), .driver_info = BTUSB_QCA_WCN6855 | 395 BTUSB_WIDEBAND_SPEECH }, 396 { USB_DEVICE(0x0489, 0xe141), .driver_info = BTUSB_QCA_WCN6855 | 397 BTUSB_WIDEBAND_SPEECH }, 398 { USB_DEVICE(0x0489, 0xe14a), .driver_info = BTUSB_QCA_WCN6855 | 399 BTUSB_WIDEBAND_SPEECH }, 400 { USB_DEVICE(0x0489, 0xe14b), .driver_info = BTUSB_QCA_WCN6855 | 401 BTUSB_WIDEBAND_SPEECH }, 402 { USB_DEVICE(0x0489, 0xe14d), .driver_info = BTUSB_QCA_WCN6855 | 403 BTUSB_WIDEBAND_SPEECH }, 404 { USB_DEVICE(0x13d3, 0x3623), .driver_info = BTUSB_QCA_WCN6855 | 405 BTUSB_WIDEBAND_SPEECH }, 406 { USB_DEVICE(0x13d3, 0x3624), .driver_info = BTUSB_QCA_WCN6855 | 407 BTUSB_WIDEBAND_SPEECH }, 408 { USB_DEVICE(0x2c7c, 0x0130), .driver_info = BTUSB_QCA_WCN6855 | 409 BTUSB_WIDEBAND_SPEECH }, 410 { USB_DEVICE(0x2c7c, 0x0131), .driver_info = BTUSB_QCA_WCN6855 | 411 BTUSB_WIDEBAND_SPEECH }, 412 { USB_DEVICE(0x2c7c, 0x0132), .driver_info = BTUSB_QCA_WCN6855 | 413 BTUSB_WIDEBAND_SPEECH }, 414 415 /* Broadcom BCM2035 */ 416 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 417 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 418 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 419 420 /* Broadcom BCM2045 */ 421 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 422 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 423 424 /* IBM/Lenovo ThinkPad with Broadcom chip */ 425 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 426 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 427 428 /* HP laptop with Broadcom chip */ 429 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 430 431 /* Dell laptop with Broadcom chip */ 432 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 433 434 /* Dell Wireless 370 and 410 devices */ 435 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 436 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 437 438 /* Belkin F8T012 and F8T013 devices */ 439 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 440 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 441 442 /* Asus WL-BTD202 device */ 443 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 444 445 /* Kensington Bluetooth USB adapter */ 446 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 447 448 /* RTX Telecom based adapters with buggy SCO support */ 449 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 450 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 451 452 /* CONWISE Technology based adapters with buggy SCO support */ 453 { USB_DEVICE(0x0e5e, 0x6622), 454 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 455 456 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 457 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 458 459 /* Digianswer devices */ 460 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 461 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 462 463 /* CSR BlueCore Bluetooth Sniffer */ 464 { USB_DEVICE(0x0a12, 0x0002), 465 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 466 467 /* Frontline ComProbe Bluetooth Sniffer */ 468 { USB_DEVICE(0x16d3, 0x0002), 469 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 470 471 /* Marvell Bluetooth devices */ 472 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 473 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 474 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 475 476 /* Intel Bluetooth devices */ 477 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED }, 478 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED }, 479 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED }, 480 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED }, 481 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED }, 482 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED }, 483 { USB_DEVICE(0x8087, 0x0036), .driver_info = BTUSB_INTEL_COMBINED }, 484 { USB_DEVICE(0x8087, 0x0037), .driver_info = BTUSB_INTEL_COMBINED }, 485 { USB_DEVICE(0x8087, 0x0038), .driver_info = BTUSB_INTEL_COMBINED }, 486 { USB_DEVICE(0x8087, 0x0039), .driver_info = BTUSB_INTEL_COMBINED }, 487 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 488 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED | 489 BTUSB_INTEL_NO_WBS_SUPPORT | 490 BTUSB_INTEL_BROKEN_INITIAL_NCMD | 491 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 492 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED | 493 BTUSB_INTEL_NO_WBS_SUPPORT | 494 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 495 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED }, 496 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED | 497 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 498 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED }, 499 500 /* Other Intel Bluetooth devices */ 501 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 502 .driver_info = BTUSB_IGNORE }, 503 504 /* Realtek 8821CE Bluetooth devices */ 505 { USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK | 506 BTUSB_WIDEBAND_SPEECH }, 507 { USB_DEVICE(0x13d3, 0x3533), .driver_info = BTUSB_REALTEK | 508 BTUSB_WIDEBAND_SPEECH }, 509 510 /* Realtek 8822CE Bluetooth devices */ 511 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | 512 BTUSB_WIDEBAND_SPEECH }, 513 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK | 514 BTUSB_WIDEBAND_SPEECH }, 515 516 /* Realtek 8822CU Bluetooth devices */ 517 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 518 BTUSB_WIDEBAND_SPEECH }, 519 520 /* Realtek 8851BE Bluetooth devices */ 521 { USB_DEVICE(0x0bda, 0xb850), .driver_info = BTUSB_REALTEK }, 522 { USB_DEVICE(0x13d3, 0x3600), .driver_info = BTUSB_REALTEK }, 523 { USB_DEVICE(0x13d3, 0x3601), .driver_info = BTUSB_REALTEK }, 524 525 /* Realtek 8851BU Bluetooth devices */ 526 { USB_DEVICE(0x3625, 0x010b), .driver_info = BTUSB_REALTEK | 527 BTUSB_WIDEBAND_SPEECH }, 528 { USB_DEVICE(0x2001, 0x332a), .driver_info = BTUSB_REALTEK | 529 BTUSB_WIDEBAND_SPEECH }, 530 531 /* Realtek 8852AE Bluetooth devices */ 532 { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK | 533 BTUSB_WIDEBAND_SPEECH }, 534 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | 535 BTUSB_WIDEBAND_SPEECH }, 536 { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK | 537 BTUSB_WIDEBAND_SPEECH }, 538 { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | 539 BTUSB_WIDEBAND_SPEECH }, 540 { USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK | 541 BTUSB_WIDEBAND_SPEECH }, 542 { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK | 543 BTUSB_WIDEBAND_SPEECH }, 544 { USB_DEVICE(0x0cb8, 0xc549), .driver_info = BTUSB_REALTEK | 545 BTUSB_WIDEBAND_SPEECH }, 546 547 /* Realtek 8852CE Bluetooth devices */ 548 { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK | 549 BTUSB_WIDEBAND_SPEECH }, 550 { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK | 551 BTUSB_WIDEBAND_SPEECH }, 552 { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK | 553 BTUSB_WIDEBAND_SPEECH }, 554 { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK | 555 BTUSB_WIDEBAND_SPEECH }, 556 { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK | 557 BTUSB_WIDEBAND_SPEECH }, 558 { USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK | 559 BTUSB_WIDEBAND_SPEECH }, 560 { USB_DEVICE(0x0489, 0xe122), .driver_info = BTUSB_REALTEK | 561 BTUSB_WIDEBAND_SPEECH }, 562 563 /* Realtek 8852BE Bluetooth devices */ 564 { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | 565 BTUSB_WIDEBAND_SPEECH }, 566 { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | 567 BTUSB_WIDEBAND_SPEECH }, 568 { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | 569 BTUSB_WIDEBAND_SPEECH }, 570 { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | 571 BTUSB_WIDEBAND_SPEECH }, 572 { USB_DEVICE(0x13d3, 0x3570), .driver_info = BTUSB_REALTEK | 573 BTUSB_WIDEBAND_SPEECH }, 574 { USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK | 575 BTUSB_WIDEBAND_SPEECH }, 576 { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | 577 BTUSB_WIDEBAND_SPEECH }, 578 { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | 579 BTUSB_WIDEBAND_SPEECH }, 580 { USB_DEVICE(0x13d3, 0x3618), .driver_info = BTUSB_REALTEK | 581 BTUSB_WIDEBAND_SPEECH }, 582 { USB_DEVICE(0x0489, 0xe123), .driver_info = BTUSB_REALTEK | 583 BTUSB_WIDEBAND_SPEECH }, 584 { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | 585 BTUSB_WIDEBAND_SPEECH }, 586 587 /* Realtek 8852BT/8852BE-VT Bluetooth devices */ 588 { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | 589 BTUSB_WIDEBAND_SPEECH }, 590 { USB_DEVICE(0x0489, 0xe12f), .driver_info = BTUSB_REALTEK | 591 BTUSB_WIDEBAND_SPEECH }, 592 { USB_DEVICE(0x13d3, 0x3618), .driver_info = BTUSB_REALTEK | 593 BTUSB_WIDEBAND_SPEECH }, 594 { USB_DEVICE(0x13d3, 0x3619), .driver_info = BTUSB_REALTEK | 595 BTUSB_WIDEBAND_SPEECH }, 596 597 /* Realtek 8922AE Bluetooth devices */ 598 { USB_DEVICE(0x0bda, 0x8922), .driver_info = BTUSB_REALTEK | 599 BTUSB_WIDEBAND_SPEECH }, 600 { USB_DEVICE(0x13d3, 0x3617), .driver_info = BTUSB_REALTEK | 601 BTUSB_WIDEBAND_SPEECH }, 602 { USB_DEVICE(0x13d3, 0x3616), .driver_info = BTUSB_REALTEK | 603 BTUSB_WIDEBAND_SPEECH }, 604 { USB_DEVICE(0x0489, 0xe130), .driver_info = BTUSB_REALTEK | 605 BTUSB_WIDEBAND_SPEECH }, 606 607 /* Realtek Bluetooth devices */ 608 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 609 .driver_info = BTUSB_REALTEK }, 610 611 /* MediaTek Bluetooth devices */ 612 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01), 613 .driver_info = BTUSB_MEDIATEK | 614 BTUSB_WIDEBAND_SPEECH }, 615 616 /* Additional MediaTek MT7615E Bluetooth devices */ 617 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK}, 618 619 /* Additional MediaTek MT7663 Bluetooth devices */ 620 { USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK | 621 BTUSB_WIDEBAND_SPEECH }, 622 { USB_DEVICE(0x04ca, 0x3801), .driver_info = BTUSB_MEDIATEK | 623 BTUSB_WIDEBAND_SPEECH }, 624 625 /* Additional MediaTek MT7668 Bluetooth devices */ 626 { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK | 627 BTUSB_WIDEBAND_SPEECH }, 628 629 /* Additional MediaTek MT7920 Bluetooth devices */ 630 { USB_DEVICE(0x0489, 0xe134), .driver_info = BTUSB_MEDIATEK | 631 BTUSB_WIDEBAND_SPEECH }, 632 { USB_DEVICE(0x0489, 0xe135), .driver_info = BTUSB_MEDIATEK | 633 BTUSB_WIDEBAND_SPEECH }, 634 { USB_DEVICE(0x13d3, 0x3620), .driver_info = BTUSB_MEDIATEK | 635 BTUSB_WIDEBAND_SPEECH }, 636 { USB_DEVICE(0x13d3, 0x3621), .driver_info = BTUSB_MEDIATEK | 637 BTUSB_WIDEBAND_SPEECH }, 638 { USB_DEVICE(0x13d3, 0x3622), .driver_info = BTUSB_MEDIATEK | 639 BTUSB_WIDEBAND_SPEECH }, 640 641 /* Additional MediaTek MT7921 Bluetooth devices */ 642 { USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK | 643 BTUSB_WIDEBAND_SPEECH }, 644 { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK | 645 BTUSB_WIDEBAND_SPEECH }, 646 { USB_DEVICE(0x0489, 0xe0e0), .driver_info = BTUSB_MEDIATEK | 647 BTUSB_WIDEBAND_SPEECH }, 648 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 649 BTUSB_WIDEBAND_SPEECH }, 650 { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK | 651 BTUSB_WIDEBAND_SPEECH }, 652 { USB_DEVICE(0x0e8d, 0x0608), .driver_info = BTUSB_MEDIATEK | 653 BTUSB_WIDEBAND_SPEECH }, 654 { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK | 655 BTUSB_WIDEBAND_SPEECH }, 656 { USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK | 657 BTUSB_WIDEBAND_SPEECH }, 658 { USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK | 659 BTUSB_WIDEBAND_SPEECH }, 660 { USB_DEVICE(0x13d3, 0x3576), .driver_info = BTUSB_MEDIATEK | 661 BTUSB_WIDEBAND_SPEECH }, 662 { USB_DEVICE(0x13d3, 0x3578), .driver_info = BTUSB_MEDIATEK | 663 BTUSB_WIDEBAND_SPEECH }, 664 { USB_DEVICE(0x13d3, 0x3583), .driver_info = BTUSB_MEDIATEK | 665 BTUSB_WIDEBAND_SPEECH }, 666 { USB_DEVICE(0x13d3, 0x3606), .driver_info = BTUSB_MEDIATEK | 667 BTUSB_WIDEBAND_SPEECH }, 668 669 /* MediaTek MT7922 Bluetooth devices */ 670 { USB_DEVICE(0x13d3, 0x3585), .driver_info = BTUSB_MEDIATEK | 671 BTUSB_WIDEBAND_SPEECH }, 672 { USB_DEVICE(0x13d3, 0x3610), .driver_info = BTUSB_MEDIATEK | 673 BTUSB_WIDEBAND_SPEECH }, 674 675 /* MediaTek MT7922A Bluetooth devices */ 676 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK | 677 BTUSB_WIDEBAND_SPEECH }, 678 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK | 679 BTUSB_WIDEBAND_SPEECH }, 680 { USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK | 681 BTUSB_WIDEBAND_SPEECH }, 682 { USB_DEVICE(0x0489, 0xe0e4), .driver_info = BTUSB_MEDIATEK | 683 BTUSB_WIDEBAND_SPEECH }, 684 { USB_DEVICE(0x0489, 0xe0f1), .driver_info = BTUSB_MEDIATEK | 685 BTUSB_WIDEBAND_SPEECH }, 686 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 687 BTUSB_WIDEBAND_SPEECH }, 688 { USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK | 689 BTUSB_WIDEBAND_SPEECH }, 690 { USB_DEVICE(0x0489, 0xe0f6), .driver_info = BTUSB_MEDIATEK | 691 BTUSB_WIDEBAND_SPEECH }, 692 { USB_DEVICE(0x0489, 0xe102), .driver_info = BTUSB_MEDIATEK | 693 BTUSB_WIDEBAND_SPEECH }, 694 { USB_DEVICE(0x0489, 0xe152), .driver_info = BTUSB_MEDIATEK | 695 BTUSB_WIDEBAND_SPEECH }, 696 { USB_DEVICE(0x0489, 0xe153), .driver_info = BTUSB_MEDIATEK | 697 BTUSB_WIDEBAND_SPEECH }, 698 { USB_DEVICE(0x0489, 0xe170), .driver_info = BTUSB_MEDIATEK | 699 BTUSB_WIDEBAND_SPEECH }, 700 { USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK | 701 BTUSB_WIDEBAND_SPEECH }, 702 { USB_DEVICE(0x04ca, 0x38e4), .driver_info = BTUSB_MEDIATEK | 703 BTUSB_WIDEBAND_SPEECH }, 704 { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK | 705 BTUSB_WIDEBAND_SPEECH }, 706 { USB_DEVICE(0x13d3, 0x3584), .driver_info = BTUSB_MEDIATEK | 707 BTUSB_WIDEBAND_SPEECH }, 708 { USB_DEVICE(0x13d3, 0x3605), .driver_info = BTUSB_MEDIATEK | 709 BTUSB_WIDEBAND_SPEECH }, 710 { USB_DEVICE(0x13d3, 0x3607), .driver_info = BTUSB_MEDIATEK | 711 BTUSB_WIDEBAND_SPEECH }, 712 { USB_DEVICE(0x13d3, 0x3614), .driver_info = BTUSB_MEDIATEK | 713 BTUSB_WIDEBAND_SPEECH }, 714 { USB_DEVICE(0x13d3, 0x3615), .driver_info = BTUSB_MEDIATEK | 715 BTUSB_WIDEBAND_SPEECH }, 716 { USB_DEVICE(0x13d3, 0x3633), .driver_info = BTUSB_MEDIATEK | 717 BTUSB_WIDEBAND_SPEECH }, 718 { USB_DEVICE(0x35f5, 0x7922), .driver_info = BTUSB_MEDIATEK | 719 BTUSB_WIDEBAND_SPEECH }, 720 721 /* Additional MediaTek MT7925 Bluetooth devices */ 722 { USB_DEVICE(0x0489, 0xe111), .driver_info = BTUSB_MEDIATEK | 723 BTUSB_WIDEBAND_SPEECH }, 724 { USB_DEVICE(0x0489, 0xe113), .driver_info = BTUSB_MEDIATEK | 725 BTUSB_WIDEBAND_SPEECH }, 726 { USB_DEVICE(0x0489, 0xe118), .driver_info = BTUSB_MEDIATEK | 727 BTUSB_WIDEBAND_SPEECH }, 728 { USB_DEVICE(0x0489, 0xe11e), .driver_info = BTUSB_MEDIATEK | 729 BTUSB_WIDEBAND_SPEECH }, 730 { USB_DEVICE(0x0489, 0xe124), .driver_info = BTUSB_MEDIATEK | 731 BTUSB_WIDEBAND_SPEECH }, 732 { USB_DEVICE(0x0489, 0xe139), .driver_info = BTUSB_MEDIATEK | 733 BTUSB_WIDEBAND_SPEECH }, 734 { USB_DEVICE(0x0489, 0xe14e), .driver_info = BTUSB_MEDIATEK | 735 BTUSB_WIDEBAND_SPEECH }, 736 { USB_DEVICE(0x0489, 0xe14f), .driver_info = BTUSB_MEDIATEK | 737 BTUSB_WIDEBAND_SPEECH }, 738 { USB_DEVICE(0x0489, 0xe150), .driver_info = BTUSB_MEDIATEK | 739 BTUSB_WIDEBAND_SPEECH }, 740 { USB_DEVICE(0x0489, 0xe151), .driver_info = BTUSB_MEDIATEK | 741 BTUSB_WIDEBAND_SPEECH }, 742 { USB_DEVICE(0x13d3, 0x3602), .driver_info = BTUSB_MEDIATEK | 743 BTUSB_WIDEBAND_SPEECH }, 744 { USB_DEVICE(0x13d3, 0x3603), .driver_info = BTUSB_MEDIATEK | 745 BTUSB_WIDEBAND_SPEECH }, 746 { USB_DEVICE(0x13d3, 0x3604), .driver_info = BTUSB_MEDIATEK | 747 BTUSB_WIDEBAND_SPEECH }, 748 { USB_DEVICE(0x13d3, 0x3608), .driver_info = BTUSB_MEDIATEK | 749 BTUSB_WIDEBAND_SPEECH }, 750 { USB_DEVICE(0x13d3, 0x3613), .driver_info = BTUSB_MEDIATEK | 751 BTUSB_WIDEBAND_SPEECH }, 752 { USB_DEVICE(0x13d3, 0x3627), .driver_info = BTUSB_MEDIATEK | 753 BTUSB_WIDEBAND_SPEECH }, 754 { USB_DEVICE(0x13d3, 0x3628), .driver_info = BTUSB_MEDIATEK | 755 BTUSB_WIDEBAND_SPEECH }, 756 { USB_DEVICE(0x13d3, 0x3630), .driver_info = BTUSB_MEDIATEK | 757 BTUSB_WIDEBAND_SPEECH }, 758 { USB_DEVICE(0x2c7c, 0x7009), .driver_info = BTUSB_MEDIATEK | 759 BTUSB_WIDEBAND_SPEECH }, 760 761 /* Additional Realtek 8723AE Bluetooth devices */ 762 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 763 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 764 765 /* Additional Realtek 8723BE Bluetooth devices */ 766 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 767 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 768 { USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK }, 769 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 770 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 771 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 772 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 773 774 /* Additional Realtek 8723BU Bluetooth devices */ 775 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 776 777 /* Additional Realtek 8723DE Bluetooth devices */ 778 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK }, 779 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 780 781 /* Additional Realtek 8761BUV Bluetooth devices */ 782 { USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK | 783 BTUSB_WIDEBAND_SPEECH }, 784 { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK | 785 BTUSB_WIDEBAND_SPEECH }, 786 { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK | 787 BTUSB_WIDEBAND_SPEECH }, 788 { USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK | 789 BTUSB_WIDEBAND_SPEECH }, 790 { USB_DEVICE(0x6655, 0x8771), .driver_info = BTUSB_REALTEK | 791 BTUSB_WIDEBAND_SPEECH }, 792 { USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK | 793 BTUSB_WIDEBAND_SPEECH }, 794 { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | 795 BTUSB_WIDEBAND_SPEECH }, 796 { USB_DEVICE(0x2b89, 0x6275), .driver_info = BTUSB_REALTEK | 797 BTUSB_WIDEBAND_SPEECH }, 798 799 /* Additional Realtek 8821AE Bluetooth devices */ 800 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 801 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 802 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 803 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 804 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 805 806 /* Additional Realtek 8822BE Bluetooth devices */ 807 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 808 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 809 810 /* Additional Realtek 8822CE Bluetooth devices */ 811 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK | 812 BTUSB_WIDEBAND_SPEECH }, 813 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK | 814 BTUSB_WIDEBAND_SPEECH }, 815 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK | 816 BTUSB_WIDEBAND_SPEECH }, 817 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK | 818 BTUSB_WIDEBAND_SPEECH }, 819 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 820 BTUSB_WIDEBAND_SPEECH }, 821 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK | 822 BTUSB_WIDEBAND_SPEECH }, 823 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK | 824 BTUSB_WIDEBAND_SPEECH }, 825 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK | 826 BTUSB_WIDEBAND_SPEECH }, 827 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK | 828 BTUSB_WIDEBAND_SPEECH }, 829 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK | 830 BTUSB_WIDEBAND_SPEECH }, 831 { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | 832 BTUSB_WIDEBAND_SPEECH }, 833 834 /* Barrot Technology Bluetooth devices */ 835 { USB_DEVICE(0x33fa, 0x0010), .driver_info = BTUSB_BARROT }, 836 { USB_DEVICE(0x33fa, 0x0012), .driver_info = BTUSB_BARROT }, 837 838 /* Actions Semiconductor ATS2851 based devices */ 839 { USB_DEVICE(0x10d7, 0xb012), .driver_info = BTUSB_ACTIONS_SEMI }, 840 841 /* Silicon Wave based devices */ 842 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 843 844 { } /* Terminating entry */ 845 }; 846 847 /* The Bluetooth USB module build into some devices needs to be reset on resume, 848 * this is a problem with the platform (likely shutting off all power) not with 849 * the module itself. So we use a DMI list to match known broken platforms. 850 */ 851 static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 852 { 853 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 854 .matches = { 855 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 856 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 857 }, 858 }, 859 { 860 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 861 .matches = { 862 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 863 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 864 }, 865 }, 866 { 867 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 868 .matches = { 869 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 870 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 871 }, 872 }, 873 {} 874 }; 875 876 struct qca_dump_info { 877 /* fields for dump collection */ 878 u16 id_vendor; 879 u16 id_product; 880 u32 fw_version; 881 u32 controller_id; 882 u32 ram_dump_size; 883 u16 ram_dump_seqno; 884 }; 885 886 #define BTUSB_MAX_ISOC_FRAMES 10 887 888 #define BTUSB_INTR_RUNNING 0 889 #define BTUSB_BULK_RUNNING 1 890 #define BTUSB_ISOC_RUNNING 2 891 #define BTUSB_SUSPENDING 3 892 #define BTUSB_DID_ISO_RESUME 4 893 #define BTUSB_BOOTLOADER 5 894 #define BTUSB_DOWNLOADING 6 895 #define BTUSB_FIRMWARE_LOADED 7 896 #define BTUSB_FIRMWARE_FAILED 8 897 #define BTUSB_BOOTING 9 898 #define BTUSB_DIAG_RUNNING 10 899 #define BTUSB_OOB_WAKE_ENABLED 11 900 #define BTUSB_HW_RESET_ACTIVE 12 901 #define BTUSB_TX_WAIT_VND_EVT 13 902 #define BTUSB_WAKEUP_AUTOSUSPEND 14 903 #define BTUSB_USE_ALT3_FOR_WBS 15 904 #define BTUSB_ALT6_CONTINUOUS_TX 16 905 #define BTUSB_HW_SSR_ACTIVE 17 906 907 struct btusb_data { 908 struct hci_dev *hdev; 909 struct usb_device *udev; 910 struct usb_interface *intf; 911 struct usb_interface *isoc; 912 struct usb_interface *diag; 913 unsigned isoc_ifnum; 914 915 unsigned long flags; 916 917 bool poll_sync; 918 int intr_interval; 919 struct work_struct work; 920 struct work_struct waker; 921 struct delayed_work rx_work; 922 923 struct sk_buff_head acl_q; 924 925 struct usb_anchor deferred; 926 struct usb_anchor tx_anchor; 927 int tx_in_flight; 928 spinlock_t txlock; 929 930 struct usb_anchor intr_anchor; 931 struct usb_anchor bulk_anchor; 932 struct usb_anchor isoc_anchor; 933 struct usb_anchor diag_anchor; 934 struct usb_anchor ctrl_anchor; 935 spinlock_t rxlock; 936 937 struct sk_buff *evt_skb; 938 struct sk_buff *acl_skb; 939 struct sk_buff *sco_skb; 940 941 struct usb_endpoint_descriptor *intr_ep; 942 struct usb_endpoint_descriptor *bulk_tx_ep; 943 struct usb_endpoint_descriptor *bulk_rx_ep; 944 struct usb_endpoint_descriptor *isoc_tx_ep; 945 struct usb_endpoint_descriptor *isoc_rx_ep; 946 struct usb_endpoint_descriptor *diag_tx_ep; 947 struct usb_endpoint_descriptor *diag_rx_ep; 948 949 struct gpio_desc *reset_gpio; 950 951 __u8 cmdreq_type; 952 __u8 cmdreq; 953 954 unsigned int sco_num; 955 unsigned int air_mode; 956 bool usb_alt6_packet_flow; 957 int isoc_altsetting; 958 int suspend_count; 959 960 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 961 int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb); 962 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 963 964 int (*setup_on_usb)(struct hci_dev *hdev); 965 966 int (*suspend)(struct hci_dev *hdev); 967 int (*resume)(struct hci_dev *hdev); 968 int (*disconnect)(struct hci_dev *hdev); 969 970 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 971 972 struct qca_dump_info qca_dump; 973 }; 974 975 static void btusb_reset(struct hci_dev *hdev) 976 { 977 struct btusb_data *data; 978 int err; 979 980 data = hci_get_drvdata(hdev); 981 /* This is not an unbalanced PM reference since the device will reset */ 982 err = usb_autopm_get_interface(data->intf); 983 if (err) { 984 bt_dev_err(hdev, "Failed usb_autopm_get_interface: %d", err); 985 return; 986 } 987 988 bt_dev_err(hdev, "Resetting usb device."); 989 usb_queue_reset_device(data->intf); 990 } 991 992 static void btusb_intel_reset(struct hci_dev *hdev) 993 { 994 struct btusb_data *data = hci_get_drvdata(hdev); 995 struct gpio_desc *reset_gpio = data->reset_gpio; 996 struct btintel_data *intel_data = hci_get_priv(hdev); 997 998 if (intel_data->acpi_reset_method) { 999 if (test_and_set_bit(INTEL_ACPI_RESET_ACTIVE, intel_data->flags)) { 1000 bt_dev_err(hdev, "acpi: last reset failed ? Not resetting again"); 1001 return; 1002 } 1003 1004 bt_dev_err(hdev, "Initiating acpi reset method"); 1005 /* If ACPI reset method fails, lets try with legacy GPIO 1006 * toggling 1007 */ 1008 if (!intel_data->acpi_reset_method(hdev)) { 1009 return; 1010 } 1011 } 1012 1013 if (!reset_gpio) { 1014 btusb_reset(hdev); 1015 return; 1016 } 1017 1018 /* 1019 * Toggle the hard reset line if the platform provides one. The reset 1020 * is going to yank the device off the USB and then replug. So doing 1021 * once is enough. The cleanup is handled correctly on the way out 1022 * (standard USB disconnect), and the new device is detected cleanly 1023 * and bound to the driver again like it should be. 1024 */ 1025 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1026 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1027 return; 1028 } 1029 1030 bt_dev_err(hdev, "Initiating HW reset via gpio"); 1031 gpiod_set_value_cansleep(reset_gpio, 1); 1032 msleep(100); 1033 gpiod_set_value_cansleep(reset_gpio, 0); 1034 } 1035 1036 #define RTK_DEVCOREDUMP_CODE_MEMDUMP 0x01 1037 #define RTK_DEVCOREDUMP_CODE_HW_ERR 0x02 1038 #define RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT 0x03 1039 1040 #define RTK_SUB_EVENT_CODE_COREDUMP 0x34 1041 1042 struct rtk_dev_coredump_hdr { 1043 u8 type; 1044 u8 code; 1045 u8 reserved[2]; 1046 } __packed; 1047 1048 static inline void btusb_rtl_alloc_devcoredump(struct hci_dev *hdev, 1049 struct rtk_dev_coredump_hdr *hdr, u8 *buf, u32 len) 1050 { 1051 struct sk_buff *skb; 1052 1053 skb = alloc_skb(len + sizeof(*hdr), GFP_ATOMIC); 1054 if (!skb) 1055 return; 1056 1057 skb_put_data(skb, hdr, sizeof(*hdr)); 1058 if (len) 1059 skb_put_data(skb, buf, len); 1060 1061 if (!hci_devcd_init(hdev, skb->len)) { 1062 hci_devcd_append(hdev, skb); 1063 hci_devcd_complete(hdev); 1064 } else { 1065 bt_dev_err(hdev, "RTL: Failed to generate devcoredump"); 1066 kfree_skb(skb); 1067 } 1068 } 1069 1070 static void btusb_rtl_reset(struct hci_dev *hdev) 1071 { 1072 struct btusb_data *data = hci_get_drvdata(hdev); 1073 struct gpio_desc *reset_gpio = data->reset_gpio; 1074 struct rtk_dev_coredump_hdr hdr = { 1075 .type = RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT, 1076 }; 1077 1078 btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0); 1079 1080 if (!reset_gpio) { 1081 btusb_reset(hdev); 1082 return; 1083 } 1084 1085 /* Toggle the hard reset line. The Realtek device is going to 1086 * yank itself off the USB and then replug. The cleanup is handled 1087 * correctly on the way out (standard USB disconnect), and the new 1088 * device is detected cleanly and bound to the driver again like 1089 * it should be. 1090 */ 1091 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1092 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1093 return; 1094 } 1095 1096 bt_dev_err(hdev, "Reset Realtek device via gpio"); 1097 gpiod_set_value_cansleep(reset_gpio, 1); 1098 msleep(200); 1099 gpiod_set_value_cansleep(reset_gpio, 0); 1100 } 1101 1102 static void btusb_rtl_hw_error(struct hci_dev *hdev, u8 code) 1103 { 1104 struct rtk_dev_coredump_hdr hdr = { 1105 .type = RTK_DEVCOREDUMP_CODE_HW_ERR, 1106 .code = code, 1107 }; 1108 1109 bt_dev_err(hdev, "RTL: hw err, trigger devcoredump (%d)", code); 1110 1111 btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0); 1112 } 1113 1114 static void btusb_qca_reset(struct hci_dev *hdev) 1115 { 1116 struct btusb_data *data = hci_get_drvdata(hdev); 1117 struct gpio_desc *reset_gpio = data->reset_gpio; 1118 1119 if (test_bit(BTUSB_HW_SSR_ACTIVE, &data->flags)) { 1120 bt_dev_info(hdev, "Ramdump in progress, defer reset"); 1121 return; 1122 } 1123 1124 if (reset_gpio) { 1125 bt_dev_err(hdev, "Reset qca device via bt_en gpio"); 1126 1127 /* Toggle the hard reset line. The qca bt device is going to 1128 * yank itself off the USB and then replug. The cleanup is handled 1129 * correctly on the way out (standard USB disconnect), and the new 1130 * device is detected cleanly and bound to the driver again like 1131 * it should be. 1132 */ 1133 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 1134 bt_dev_err(hdev, "last reset failed? Not resetting again"); 1135 return; 1136 } 1137 1138 gpiod_set_value_cansleep(reset_gpio, 0); 1139 msleep(200); 1140 gpiod_set_value_cansleep(reset_gpio, 1); 1141 1142 return; 1143 } 1144 1145 btusb_reset(hdev); 1146 } 1147 1148 static u8 btusb_classify_qca_pkt_type(struct hci_dev *hdev, struct sk_buff *skb) 1149 { 1150 /* Some Qualcomm controllers, e.g., QCNFA765 with WCN6855 chip, send debug 1151 * packets as ACL frames with connection handle 0x2EDC. These are not real 1152 * ACL packets and should be reclassified as HCI_DIAG_PKT to prevent 1153 * "ACL packet for unknown connection handle 3804" errors. 1154 */ 1155 if (skb->len >= 2) { 1156 u16 handle = get_unaligned_le16(skb->data); 1157 1158 if (handle == 0x2EDC) 1159 return HCI_DIAG_PKT; 1160 } 1161 1162 /* Use default packet type for other packets */ 1163 return hci_skb_pkt_type(skb); 1164 } 1165 1166 static inline void btusb_free_frags(struct btusb_data *data) 1167 { 1168 unsigned long flags; 1169 1170 spin_lock_irqsave(&data->rxlock, flags); 1171 1172 dev_kfree_skb_irq(data->evt_skb); 1173 data->evt_skb = NULL; 1174 1175 dev_kfree_skb_irq(data->acl_skb); 1176 data->acl_skb = NULL; 1177 1178 dev_kfree_skb_irq(data->sco_skb); 1179 data->sco_skb = NULL; 1180 1181 spin_unlock_irqrestore(&data->rxlock, flags); 1182 } 1183 1184 static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb) 1185 { 1186 if (data->intr_interval) { 1187 /* Trigger dequeue immediately if an event is received */ 1188 schedule_delayed_work(&data->rx_work, 0); 1189 } 1190 1191 return data->recv_event(data->hdev, skb); 1192 } 1193 1194 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 1195 { 1196 struct sk_buff *skb; 1197 unsigned long flags; 1198 int err = 0; 1199 1200 spin_lock_irqsave(&data->rxlock, flags); 1201 skb = data->evt_skb; 1202 1203 while (count) { 1204 int len; 1205 1206 if (!skb) { 1207 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 1208 if (!skb) { 1209 err = -ENOMEM; 1210 break; 1211 } 1212 1213 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1214 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 1215 } 1216 1217 len = min_t(uint, hci_skb_expect(skb), count); 1218 skb_put_data(skb, buffer, len); 1219 1220 count -= len; 1221 buffer += len; 1222 hci_skb_expect(skb) -= len; 1223 1224 if (skb->len == HCI_EVENT_HDR_SIZE) { 1225 /* Complete event header */ 1226 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 1227 1228 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1229 kfree_skb(skb); 1230 skb = NULL; 1231 1232 err = -EILSEQ; 1233 break; 1234 } 1235 } 1236 1237 if (!hci_skb_expect(skb)) { 1238 /* Each chunk should correspond to at least 1 or more 1239 * events so if there are still bytes left that doesn't 1240 * constitute a new event this is likely a bug in the 1241 * controller. 1242 */ 1243 if (count && count < HCI_EVENT_HDR_SIZE) { 1244 bt_dev_warn(data->hdev, 1245 "Unexpected continuation: %d bytes", 1246 count); 1247 count = 0; 1248 } 1249 1250 /* Complete frame */ 1251 btusb_recv_event(data, skb); 1252 skb = NULL; 1253 } 1254 } 1255 1256 data->evt_skb = skb; 1257 spin_unlock_irqrestore(&data->rxlock, flags); 1258 1259 return err; 1260 } 1261 1262 static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb) 1263 { 1264 /* Only queue ACL packet if intr_interval is set as it means 1265 * force_poll_sync has been enabled. 1266 */ 1267 if (!data->intr_interval) 1268 return data->recv_acl(data->hdev, skb); 1269 1270 skb_queue_tail(&data->acl_q, skb); 1271 schedule_delayed_work(&data->rx_work, data->intr_interval); 1272 1273 return 0; 1274 } 1275 1276 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 1277 { 1278 struct sk_buff *skb; 1279 unsigned long flags; 1280 int err = 0; 1281 1282 spin_lock_irqsave(&data->rxlock, flags); 1283 skb = data->acl_skb; 1284 1285 while (count) { 1286 int len; 1287 1288 if (!skb) { 1289 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 1290 if (!skb) { 1291 err = -ENOMEM; 1292 break; 1293 } 1294 1295 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 1296 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 1297 } 1298 1299 len = min_t(uint, hci_skb_expect(skb), count); 1300 skb_put_data(skb, buffer, len); 1301 1302 count -= len; 1303 buffer += len; 1304 hci_skb_expect(skb) -= len; 1305 1306 if (skb->len == HCI_ACL_HDR_SIZE) { 1307 __le16 dlen = hci_acl_hdr(skb)->dlen; 1308 1309 /* Complete ACL header */ 1310 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1311 1312 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1313 kfree_skb(skb); 1314 skb = NULL; 1315 1316 err = -EILSEQ; 1317 break; 1318 } 1319 } 1320 1321 if (!hci_skb_expect(skb)) { 1322 /* Complete frame */ 1323 btusb_recv_acl(data, skb); 1324 skb = NULL; 1325 } 1326 } 1327 1328 data->acl_skb = skb; 1329 spin_unlock_irqrestore(&data->rxlock, flags); 1330 1331 return err; 1332 } 1333 1334 static bool btusb_validate_sco_handle(struct hci_dev *hdev, 1335 struct hci_sco_hdr *hdr) 1336 { 1337 __u16 handle; 1338 1339 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) 1340 // Can't validate, userspace controls everything. 1341 return true; 1342 1343 /* 1344 * USB isochronous transfers are not designed to be reliable and may 1345 * lose fragments. When this happens, the next first fragment 1346 * encountered might actually be a continuation fragment. 1347 * Validate the handle to detect it and drop it, or else the upper 1348 * layer will get garbage for a while. 1349 */ 1350 1351 handle = hci_handle(__le16_to_cpu(hdr->handle)); 1352 1353 switch (hci_conn_lookup_type(hdev, handle)) { 1354 case SCO_LINK: 1355 case ESCO_LINK: 1356 return true; 1357 default: 1358 return false; 1359 } 1360 } 1361 1362 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 1363 { 1364 struct sk_buff *skb; 1365 unsigned long flags; 1366 int err = 0; 1367 1368 spin_lock_irqsave(&data->rxlock, flags); 1369 skb = data->sco_skb; 1370 1371 while (count) { 1372 int len; 1373 1374 if (!skb) { 1375 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 1376 if (!skb) { 1377 err = -ENOMEM; 1378 break; 1379 } 1380 1381 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 1382 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 1383 } 1384 1385 len = min_t(uint, hci_skb_expect(skb), count); 1386 skb_put_data(skb, buffer, len); 1387 1388 count -= len; 1389 buffer += len; 1390 hci_skb_expect(skb) -= len; 1391 1392 if (skb->len == HCI_SCO_HDR_SIZE) { 1393 /* Complete SCO header */ 1394 struct hci_sco_hdr *hdr = hci_sco_hdr(skb); 1395 1396 hci_skb_expect(skb) = hdr->dlen; 1397 1398 if (skb_tailroom(skb) < hci_skb_expect(skb) || 1399 !btusb_validate_sco_handle(data->hdev, hdr)) { 1400 kfree_skb(skb); 1401 skb = NULL; 1402 1403 err = -EILSEQ; 1404 break; 1405 } 1406 } 1407 1408 if (!hci_skb_expect(skb)) { 1409 /* Complete frame */ 1410 hci_recv_frame(data->hdev, skb); 1411 skb = NULL; 1412 } 1413 } 1414 1415 data->sco_skb = skb; 1416 spin_unlock_irqrestore(&data->rxlock, flags); 1417 1418 return err; 1419 } 1420 1421 static void btusb_intr_complete(struct urb *urb) 1422 { 1423 struct hci_dev *hdev = urb->context; 1424 struct btusb_data *data = hci_get_drvdata(hdev); 1425 int err; 1426 1427 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1428 urb->actual_length); 1429 1430 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1431 return; 1432 1433 if (urb->status == 0) { 1434 hdev->stat.byte_rx += urb->actual_length; 1435 1436 if (btusb_recv_intr(data, urb->transfer_buffer, 1437 urb->actual_length) < 0) { 1438 bt_dev_err(hdev, "corrupted event packet"); 1439 hdev->stat.err_rx++; 1440 } 1441 } else if (urb->status == -ENOENT) { 1442 /* Avoid suspend failed when usb_kill_urb */ 1443 return; 1444 } 1445 1446 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 1447 return; 1448 1449 usb_mark_last_busy(data->udev); 1450 usb_anchor_urb(urb, &data->intr_anchor); 1451 1452 err = usb_submit_urb(urb, GFP_ATOMIC); 1453 if (err < 0) { 1454 /* -EPERM: urb is being killed; 1455 * -ENODEV: device got disconnected 1456 */ 1457 if (err != -EPERM && err != -ENODEV) 1458 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1459 urb, -err); 1460 if (err != -EPERM) 1461 hci_cmd_sync_cancel(hdev, -err); 1462 usb_unanchor_urb(urb); 1463 } 1464 } 1465 1466 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1467 { 1468 struct btusb_data *data = hci_get_drvdata(hdev); 1469 struct urb *urb; 1470 unsigned char *buf; 1471 unsigned int pipe; 1472 int err, size; 1473 1474 BT_DBG("%s", hdev->name); 1475 1476 if (!data->intr_ep) 1477 return -ENODEV; 1478 1479 urb = usb_alloc_urb(0, mem_flags); 1480 if (!urb) 1481 return -ENOMEM; 1482 1483 if (le16_to_cpu(data->udev->descriptor.idVendor) == 0x0a12 && 1484 le16_to_cpu(data->udev->descriptor.idProduct) == 0x0001) 1485 /* Fake CSR devices don't seem to support sort-transter */ 1486 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 1487 else 1488 /* Use maximum HCI Event size so the USB stack handles 1489 * ZPL/short-transfer automatically. 1490 */ 1491 size = HCI_MAX_EVENT_SIZE; 1492 1493 buf = kmalloc(size, mem_flags); 1494 if (!buf) { 1495 usb_free_urb(urb); 1496 return -ENOMEM; 1497 } 1498 1499 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 1500 1501 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 1502 btusb_intr_complete, hdev, data->intr_ep->bInterval); 1503 1504 urb->transfer_flags |= URB_FREE_BUFFER; 1505 1506 usb_anchor_urb(urb, &data->intr_anchor); 1507 1508 err = usb_submit_urb(urb, mem_flags); 1509 if (err < 0) { 1510 if (err != -EPERM && err != -ENODEV) 1511 bt_dev_err(hdev, "urb %p submission failed (%d)", 1512 urb, -err); 1513 if (err != -EPERM) 1514 hci_cmd_sync_cancel(hdev, -err); 1515 usb_unanchor_urb(urb); 1516 } 1517 1518 /* Only initialize intr_interval if URB poll sync is enabled */ 1519 if (!data->poll_sync) 1520 goto done; 1521 1522 /* The units are frames (milliseconds) for full and low speed devices, 1523 * and microframes (1/8 millisecond) for highspeed and SuperSpeed 1524 * devices. 1525 * 1526 * This is done once on open/resume so it shouldn't change even if 1527 * force_poll_sync changes. 1528 */ 1529 switch (urb->dev->speed) { 1530 case USB_SPEED_SUPER_PLUS: 1531 case USB_SPEED_SUPER: /* units are 125us */ 1532 data->intr_interval = usecs_to_jiffies(urb->interval * 125); 1533 break; 1534 default: 1535 data->intr_interval = msecs_to_jiffies(urb->interval); 1536 break; 1537 } 1538 1539 done: 1540 usb_free_urb(urb); 1541 1542 return err; 1543 } 1544 1545 static void btusb_bulk_complete(struct urb *urb) 1546 { 1547 struct hci_dev *hdev = urb->context; 1548 struct btusb_data *data = hci_get_drvdata(hdev); 1549 int err; 1550 1551 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1552 urb->actual_length); 1553 1554 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1555 return; 1556 1557 if (urb->status == 0) { 1558 hdev->stat.byte_rx += urb->actual_length; 1559 1560 if (data->recv_bulk(data, urb->transfer_buffer, 1561 urb->actual_length) < 0) { 1562 bt_dev_err(hdev, "corrupted ACL packet"); 1563 hdev->stat.err_rx++; 1564 } 1565 } else if (urb->status == -ENOENT) { 1566 /* Avoid suspend failed when usb_kill_urb */ 1567 return; 1568 } 1569 1570 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 1571 return; 1572 1573 usb_anchor_urb(urb, &data->bulk_anchor); 1574 usb_mark_last_busy(data->udev); 1575 1576 err = usb_submit_urb(urb, GFP_ATOMIC); 1577 if (err < 0) { 1578 /* -EPERM: urb is being killed; 1579 * -ENODEV: device got disconnected 1580 */ 1581 if (err != -EPERM && err != -ENODEV) 1582 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1583 urb, -err); 1584 usb_unanchor_urb(urb); 1585 } 1586 } 1587 1588 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 1589 { 1590 struct btusb_data *data = hci_get_drvdata(hdev); 1591 struct urb *urb; 1592 unsigned char *buf; 1593 unsigned int pipe; 1594 int err, size = HCI_MAX_FRAME_SIZE; 1595 1596 BT_DBG("%s", hdev->name); 1597 1598 if (!data->bulk_rx_ep) 1599 return -ENODEV; 1600 1601 urb = usb_alloc_urb(0, mem_flags); 1602 if (!urb) 1603 return -ENOMEM; 1604 1605 buf = kmalloc(size, mem_flags); 1606 if (!buf) { 1607 usb_free_urb(urb); 1608 return -ENOMEM; 1609 } 1610 1611 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 1612 1613 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1614 btusb_bulk_complete, hdev); 1615 1616 urb->transfer_flags |= URB_FREE_BUFFER; 1617 1618 usb_mark_last_busy(data->udev); 1619 usb_anchor_urb(urb, &data->bulk_anchor); 1620 1621 err = usb_submit_urb(urb, mem_flags); 1622 if (err < 0) { 1623 if (err != -EPERM && err != -ENODEV) 1624 bt_dev_err(hdev, "urb %p submission failed (%d)", 1625 urb, -err); 1626 usb_unanchor_urb(urb); 1627 } 1628 1629 usb_free_urb(urb); 1630 1631 return err; 1632 } 1633 1634 static void btusb_isoc_complete(struct urb *urb) 1635 { 1636 struct hci_dev *hdev = urb->context; 1637 struct btusb_data *data = hci_get_drvdata(hdev); 1638 int i, err; 1639 1640 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1641 urb->actual_length); 1642 1643 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1644 return; 1645 1646 if (urb->status == 0) { 1647 for (i = 0; i < urb->number_of_packets; i++) { 1648 unsigned int offset = urb->iso_frame_desc[i].offset; 1649 unsigned int length = urb->iso_frame_desc[i].actual_length; 1650 1651 if (urb->iso_frame_desc[i].status) 1652 continue; 1653 1654 hdev->stat.byte_rx += length; 1655 1656 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 1657 length) < 0) { 1658 bt_dev_err(hdev, "corrupted SCO packet"); 1659 hdev->stat.err_rx++; 1660 } 1661 } 1662 } else if (urb->status == -ENOENT) { 1663 /* Avoid suspend failed when usb_kill_urb */ 1664 return; 1665 } 1666 1667 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 1668 return; 1669 1670 usb_anchor_urb(urb, &data->isoc_anchor); 1671 1672 err = usb_submit_urb(urb, GFP_ATOMIC); 1673 if (err < 0) { 1674 /* -EPERM: urb is being killed; 1675 * -ENODEV: device got disconnected 1676 */ 1677 if (err != -EPERM && err != -ENODEV) 1678 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1679 urb, -err); 1680 usb_unanchor_urb(urb); 1681 } 1682 } 1683 1684 static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len, 1685 int mtu, struct btusb_data *data) 1686 { 1687 int i = 0, offset = 0; 1688 unsigned int interval; 1689 1690 BT_DBG("len %d mtu %d", len, mtu); 1691 1692 /* For mSBC ALT 6 settings some chips need to transmit the data 1693 * continuously without the zero length of USB packets. 1694 */ 1695 if (test_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags)) 1696 goto ignore_usb_alt6_packet_flow; 1697 1698 /* For mSBC ALT 6 setting the host will send the packet at continuous 1699 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting 1700 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets. 1701 * To maintain the rate we send 63bytes of usb packets alternatively for 1702 * 7ms and 8ms to maintain the rate as 7.5ms. 1703 */ 1704 if (data->usb_alt6_packet_flow) { 1705 interval = 7; 1706 data->usb_alt6_packet_flow = false; 1707 } else { 1708 interval = 6; 1709 data->usb_alt6_packet_flow = true; 1710 } 1711 1712 for (i = 0; i < interval; i++) { 1713 urb->iso_frame_desc[i].offset = offset; 1714 urb->iso_frame_desc[i].length = offset; 1715 } 1716 1717 ignore_usb_alt6_packet_flow: 1718 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1719 urb->iso_frame_desc[i].offset = offset; 1720 urb->iso_frame_desc[i].length = len; 1721 i++; 1722 } 1723 1724 urb->number_of_packets = i; 1725 } 1726 1727 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 1728 { 1729 int i, offset = 0; 1730 1731 BT_DBG("len %d mtu %d", len, mtu); 1732 1733 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 1734 i++, offset += mtu, len -= mtu) { 1735 urb->iso_frame_desc[i].offset = offset; 1736 urb->iso_frame_desc[i].length = mtu; 1737 } 1738 1739 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1740 urb->iso_frame_desc[i].offset = offset; 1741 urb->iso_frame_desc[i].length = len; 1742 i++; 1743 } 1744 1745 urb->number_of_packets = i; 1746 } 1747 1748 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 1749 { 1750 struct btusb_data *data = hci_get_drvdata(hdev); 1751 struct urb *urb; 1752 unsigned char *buf; 1753 unsigned int pipe; 1754 int err, size; 1755 1756 BT_DBG("%s", hdev->name); 1757 1758 if (!data->isoc_rx_ep) 1759 return -ENODEV; 1760 1761 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 1762 if (!urb) 1763 return -ENOMEM; 1764 1765 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 1766 BTUSB_MAX_ISOC_FRAMES; 1767 1768 buf = kmalloc(size, mem_flags); 1769 if (!buf) { 1770 usb_free_urb(urb); 1771 return -ENOMEM; 1772 } 1773 1774 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 1775 1776 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 1777 hdev, data->isoc_rx_ep->bInterval); 1778 1779 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 1780 1781 __fill_isoc_descriptor(urb, size, 1782 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 1783 1784 usb_anchor_urb(urb, &data->isoc_anchor); 1785 1786 err = usb_submit_urb(urb, mem_flags); 1787 if (err < 0) { 1788 if (err != -EPERM && err != -ENODEV) 1789 bt_dev_err(hdev, "urb %p submission failed (%d)", 1790 urb, -err); 1791 usb_unanchor_urb(urb); 1792 } 1793 1794 usb_free_urb(urb); 1795 1796 return err; 1797 } 1798 1799 static void btusb_diag_complete(struct urb *urb) 1800 { 1801 struct hci_dev *hdev = urb->context; 1802 struct btusb_data *data = hci_get_drvdata(hdev); 1803 int err; 1804 1805 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1806 urb->actual_length); 1807 1808 if (urb->status == 0) { 1809 struct sk_buff *skb; 1810 1811 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 1812 if (skb) { 1813 skb_put_data(skb, urb->transfer_buffer, 1814 urb->actual_length); 1815 hci_recv_diag(hdev, skb); 1816 } 1817 } else if (urb->status == -ENOENT) { 1818 /* Avoid suspend failed when usb_kill_urb */ 1819 return; 1820 } 1821 1822 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1823 return; 1824 1825 usb_anchor_urb(urb, &data->diag_anchor); 1826 usb_mark_last_busy(data->udev); 1827 1828 err = usb_submit_urb(urb, GFP_ATOMIC); 1829 if (err < 0) { 1830 /* -EPERM: urb is being killed; 1831 * -ENODEV: device got disconnected 1832 */ 1833 if (err != -EPERM && err != -ENODEV) 1834 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1835 urb, -err); 1836 usb_unanchor_urb(urb); 1837 } 1838 } 1839 1840 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1841 { 1842 struct btusb_data *data = hci_get_drvdata(hdev); 1843 struct urb *urb; 1844 unsigned char *buf; 1845 unsigned int pipe; 1846 int err, size = HCI_MAX_FRAME_SIZE; 1847 1848 BT_DBG("%s", hdev->name); 1849 1850 if (!data->diag_rx_ep) 1851 return -ENODEV; 1852 1853 urb = usb_alloc_urb(0, mem_flags); 1854 if (!urb) 1855 return -ENOMEM; 1856 1857 buf = kmalloc(size, mem_flags); 1858 if (!buf) { 1859 usb_free_urb(urb); 1860 return -ENOMEM; 1861 } 1862 1863 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1864 1865 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1866 btusb_diag_complete, hdev); 1867 1868 urb->transfer_flags |= URB_FREE_BUFFER; 1869 1870 usb_mark_last_busy(data->udev); 1871 usb_anchor_urb(urb, &data->diag_anchor); 1872 1873 err = usb_submit_urb(urb, mem_flags); 1874 if (err < 0) { 1875 if (err != -EPERM && err != -ENODEV) 1876 bt_dev_err(hdev, "urb %p submission failed (%d)", 1877 urb, -err); 1878 usb_unanchor_urb(urb); 1879 } 1880 1881 usb_free_urb(urb); 1882 1883 return err; 1884 } 1885 1886 static void btusb_tx_complete(struct urb *urb) 1887 { 1888 struct sk_buff *skb = urb->context; 1889 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1890 struct btusb_data *data = hci_get_drvdata(hdev); 1891 unsigned long flags; 1892 1893 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1894 urb->actual_length); 1895 1896 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1897 goto done; 1898 1899 if (!urb->status) { 1900 hdev->stat.byte_tx += urb->transfer_buffer_length; 1901 } else { 1902 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) 1903 hci_cmd_sync_cancel(hdev, -urb->status); 1904 hdev->stat.err_tx++; 1905 } 1906 1907 done: 1908 spin_lock_irqsave(&data->txlock, flags); 1909 data->tx_in_flight--; 1910 spin_unlock_irqrestore(&data->txlock, flags); 1911 1912 kfree(urb->setup_packet); 1913 1914 kfree_skb(skb); 1915 } 1916 1917 static void btusb_isoc_tx_complete(struct urb *urb) 1918 { 1919 struct sk_buff *skb = urb->context; 1920 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1921 1922 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1923 urb->actual_length); 1924 1925 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1926 goto done; 1927 1928 if (!urb->status) 1929 hdev->stat.byte_tx += urb->transfer_buffer_length; 1930 else 1931 hdev->stat.err_tx++; 1932 1933 done: 1934 kfree(urb->setup_packet); 1935 1936 kfree_skb(skb); 1937 } 1938 1939 static int btusb_open(struct hci_dev *hdev) 1940 { 1941 struct btusb_data *data = hci_get_drvdata(hdev); 1942 int err; 1943 1944 BT_DBG("%s", hdev->name); 1945 1946 err = usb_autopm_get_interface(data->intf); 1947 if (err < 0) 1948 return err; 1949 1950 /* Patching USB firmware files prior to starting any URBs of HCI path 1951 * It is more safe to use USB bulk channel for downloading USB patch 1952 */ 1953 if (data->setup_on_usb) { 1954 err = data->setup_on_usb(hdev); 1955 if (err < 0) 1956 goto setup_fail; 1957 } 1958 1959 data->intf->needs_remote_wakeup = 1; 1960 1961 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1962 goto done; 1963 1964 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1965 if (err < 0) 1966 goto failed; 1967 1968 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1969 if (err < 0) { 1970 usb_kill_anchored_urbs(&data->intr_anchor); 1971 goto failed; 1972 } 1973 1974 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1975 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1976 1977 if (data->diag) { 1978 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1979 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1980 } 1981 1982 done: 1983 usb_autopm_put_interface(data->intf); 1984 return 0; 1985 1986 failed: 1987 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1988 setup_fail: 1989 usb_autopm_put_interface(data->intf); 1990 return err; 1991 } 1992 1993 static void btusb_stop_traffic(struct btusb_data *data) 1994 { 1995 usb_kill_anchored_urbs(&data->intr_anchor); 1996 usb_kill_anchored_urbs(&data->bulk_anchor); 1997 usb_kill_anchored_urbs(&data->isoc_anchor); 1998 usb_kill_anchored_urbs(&data->diag_anchor); 1999 usb_kill_anchored_urbs(&data->ctrl_anchor); 2000 } 2001 2002 static int btusb_close(struct hci_dev *hdev) 2003 { 2004 struct btusb_data *data = hci_get_drvdata(hdev); 2005 int err; 2006 2007 BT_DBG("%s", hdev->name); 2008 2009 cancel_delayed_work(&data->rx_work); 2010 cancel_work_sync(&data->work); 2011 cancel_work_sync(&data->waker); 2012 2013 skb_queue_purge(&data->acl_q); 2014 2015 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2016 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 2017 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 2018 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 2019 2020 btusb_stop_traffic(data); 2021 btusb_free_frags(data); 2022 2023 err = usb_autopm_get_interface(data->intf); 2024 if (err < 0) 2025 goto failed; 2026 2027 data->intf->needs_remote_wakeup = 0; 2028 2029 /* Enable remote wake up for auto-suspend */ 2030 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) 2031 data->intf->needs_remote_wakeup = 1; 2032 2033 usb_autopm_put_interface(data->intf); 2034 2035 failed: 2036 usb_scuttle_anchored_urbs(&data->deferred); 2037 return 0; 2038 } 2039 2040 static int btusb_flush(struct hci_dev *hdev) 2041 { 2042 struct btusb_data *data = hci_get_drvdata(hdev); 2043 2044 BT_DBG("%s", hdev->name); 2045 2046 cancel_delayed_work(&data->rx_work); 2047 2048 skb_queue_purge(&data->acl_q); 2049 2050 usb_kill_anchored_urbs(&data->tx_anchor); 2051 btusb_free_frags(data); 2052 2053 return 0; 2054 } 2055 2056 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 2057 { 2058 struct btusb_data *data = hci_get_drvdata(hdev); 2059 struct usb_ctrlrequest *dr; 2060 struct urb *urb; 2061 unsigned int pipe; 2062 2063 urb = usb_alloc_urb(0, GFP_KERNEL); 2064 if (!urb) 2065 return ERR_PTR(-ENOMEM); 2066 2067 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 2068 if (!dr) { 2069 usb_free_urb(urb); 2070 return ERR_PTR(-ENOMEM); 2071 } 2072 2073 dr->bRequestType = data->cmdreq_type; 2074 dr->bRequest = data->cmdreq; 2075 dr->wIndex = 0; 2076 dr->wValue = 0; 2077 dr->wLength = __cpu_to_le16(skb->len); 2078 2079 pipe = usb_sndctrlpipe(data->udev, 0x00); 2080 2081 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 2082 skb->data, skb->len, btusb_tx_complete, skb); 2083 2084 skb->dev = (void *)hdev; 2085 2086 return urb; 2087 } 2088 2089 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 2090 { 2091 struct btusb_data *data = hci_get_drvdata(hdev); 2092 struct urb *urb; 2093 unsigned int pipe; 2094 2095 if (!data->bulk_tx_ep) 2096 return ERR_PTR(-ENODEV); 2097 2098 urb = usb_alloc_urb(0, GFP_KERNEL); 2099 if (!urb) 2100 return ERR_PTR(-ENOMEM); 2101 2102 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 2103 2104 usb_fill_bulk_urb(urb, data->udev, pipe, 2105 skb->data, skb->len, btusb_tx_complete, skb); 2106 2107 skb->dev = (void *)hdev; 2108 2109 return urb; 2110 } 2111 2112 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 2113 { 2114 struct btusb_data *data = hci_get_drvdata(hdev); 2115 struct urb *urb; 2116 unsigned int pipe; 2117 2118 if (!data->isoc_tx_ep) 2119 return ERR_PTR(-ENODEV); 2120 2121 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 2122 if (!urb) 2123 return ERR_PTR(-ENOMEM); 2124 2125 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 2126 2127 usb_fill_int_urb(urb, data->udev, pipe, 2128 skb->data, skb->len, btusb_isoc_tx_complete, 2129 skb, data->isoc_tx_ep->bInterval); 2130 2131 urb->transfer_flags = URB_ISO_ASAP; 2132 2133 if (data->isoc_altsetting == 6) 2134 __fill_isoc_descriptor_msbc(urb, skb->len, 2135 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize), 2136 data); 2137 else 2138 __fill_isoc_descriptor(urb, skb->len, 2139 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 2140 skb->dev = (void *)hdev; 2141 2142 return urb; 2143 } 2144 2145 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 2146 { 2147 struct btusb_data *data = hci_get_drvdata(hdev); 2148 int err; 2149 2150 usb_anchor_urb(urb, &data->tx_anchor); 2151 2152 err = usb_submit_urb(urb, GFP_KERNEL); 2153 if (err < 0) { 2154 if (err != -EPERM && err != -ENODEV) 2155 bt_dev_err(hdev, "urb %p submission failed (%d)", 2156 urb, -err); 2157 kfree(urb->setup_packet); 2158 usb_unanchor_urb(urb); 2159 } else { 2160 usb_mark_last_busy(data->udev); 2161 } 2162 2163 usb_free_urb(urb); 2164 return err; 2165 } 2166 2167 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 2168 { 2169 struct btusb_data *data = hci_get_drvdata(hdev); 2170 unsigned long flags; 2171 bool suspending; 2172 2173 spin_lock_irqsave(&data->txlock, flags); 2174 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 2175 if (!suspending) 2176 data->tx_in_flight++; 2177 spin_unlock_irqrestore(&data->txlock, flags); 2178 2179 if (!suspending) 2180 return submit_tx_urb(hdev, urb); 2181 2182 usb_anchor_urb(urb, &data->deferred); 2183 schedule_work(&data->waker); 2184 2185 usb_free_urb(urb); 2186 return 0; 2187 } 2188 2189 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 2190 { 2191 struct urb *urb; 2192 2193 BT_DBG("%s", hdev->name); 2194 2195 switch (hci_skb_pkt_type(skb)) { 2196 case HCI_COMMAND_PKT: 2197 urb = alloc_ctrl_urb(hdev, skb); 2198 if (IS_ERR(urb)) 2199 return PTR_ERR(urb); 2200 2201 hdev->stat.cmd_tx++; 2202 return submit_or_queue_tx_urb(hdev, urb); 2203 2204 case HCI_ACLDATA_PKT: 2205 urb = alloc_bulk_urb(hdev, skb); 2206 if (IS_ERR(urb)) 2207 return PTR_ERR(urb); 2208 2209 hdev->stat.acl_tx++; 2210 return submit_or_queue_tx_urb(hdev, urb); 2211 2212 case HCI_SCODATA_PKT: 2213 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 2214 hci_conn_num(hdev, SCO_LINK) < 1) 2215 return -ENODEV; 2216 2217 urb = alloc_isoc_urb(hdev, skb); 2218 if (IS_ERR(urb)) 2219 return PTR_ERR(urb); 2220 2221 hdev->stat.sco_tx++; 2222 return submit_tx_urb(hdev, urb); 2223 2224 case HCI_ISODATA_PKT: 2225 urb = alloc_bulk_urb(hdev, skb); 2226 if (IS_ERR(urb)) 2227 return PTR_ERR(urb); 2228 2229 return submit_or_queue_tx_urb(hdev, urb); 2230 } 2231 2232 return -EILSEQ; 2233 } 2234 2235 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 2236 { 2237 struct btusb_data *data = hci_get_drvdata(hdev); 2238 2239 BT_DBG("%s evt %d", hdev->name, evt); 2240 2241 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 2242 data->sco_num = hci_conn_num(hdev, SCO_LINK); 2243 data->air_mode = evt; 2244 schedule_work(&data->work); 2245 } 2246 } 2247 2248 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 2249 { 2250 struct btusb_data *data = hci_get_drvdata(hdev); 2251 struct usb_interface *intf = data->isoc; 2252 struct usb_endpoint_descriptor *ep_desc; 2253 int i, err; 2254 2255 if (!data->isoc) 2256 return -ENODEV; 2257 2258 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 2259 if (err < 0) { 2260 bt_dev_err(hdev, "setting interface failed (%d)", -err); 2261 return err; 2262 } 2263 2264 data->isoc_altsetting = altsetting; 2265 2266 data->isoc_tx_ep = NULL; 2267 data->isoc_rx_ep = NULL; 2268 2269 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2270 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2271 2272 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 2273 data->isoc_tx_ep = ep_desc; 2274 continue; 2275 } 2276 2277 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 2278 data->isoc_rx_ep = ep_desc; 2279 continue; 2280 } 2281 } 2282 2283 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 2284 bt_dev_err(hdev, "invalid SCO descriptors"); 2285 return -ENODEV; 2286 } 2287 2288 return 0; 2289 } 2290 2291 static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts) 2292 { 2293 struct btusb_data *data = hci_get_drvdata(hdev); 2294 int err; 2295 2296 if (data->isoc_altsetting != new_alts) { 2297 unsigned long flags; 2298 2299 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2300 usb_kill_anchored_urbs(&data->isoc_anchor); 2301 2302 /* When isochronous alternate setting needs to be 2303 * changed, because SCO connection has been added 2304 * or removed, a packet fragment may be left in the 2305 * reassembling state. This could lead to wrongly 2306 * assembled fragments. 2307 * 2308 * Clear outstanding fragment when selecting a new 2309 * alternate setting. 2310 */ 2311 spin_lock_irqsave(&data->rxlock, flags); 2312 dev_kfree_skb_irq(data->sco_skb); 2313 data->sco_skb = NULL; 2314 spin_unlock_irqrestore(&data->rxlock, flags); 2315 2316 err = __set_isoc_interface(hdev, new_alts); 2317 if (err < 0) 2318 return err; 2319 } 2320 2321 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2322 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 2323 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2324 else 2325 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 2326 } 2327 2328 return 0; 2329 } 2330 2331 static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data, 2332 int alt) 2333 { 2334 struct usb_interface *intf = data->isoc; 2335 int i; 2336 2337 BT_DBG("Looking for Alt no :%d", alt); 2338 2339 if (!intf) 2340 return NULL; 2341 2342 for (i = 0; i < intf->num_altsetting; i++) { 2343 if (intf->altsetting[i].desc.bAlternateSetting == alt) 2344 return &intf->altsetting[i]; 2345 } 2346 2347 return NULL; 2348 } 2349 2350 static void btusb_work(struct work_struct *work) 2351 { 2352 struct btusb_data *data = container_of(work, struct btusb_data, work); 2353 struct hci_dev *hdev = data->hdev; 2354 int new_alts = 0; 2355 int err; 2356 2357 if (data->sco_num > 0) { 2358 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 2359 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 2360 if (err < 0) { 2361 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2362 usb_kill_anchored_urbs(&data->isoc_anchor); 2363 return; 2364 } 2365 2366 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 2367 } 2368 2369 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) { 2370 if (hdev->voice_setting & 0x0020) { 2371 static const int alts[3] = { 2, 4, 5 }; 2372 2373 new_alts = alts[data->sco_num - 1]; 2374 } else { 2375 new_alts = data->sco_num; 2376 } 2377 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) { 2378 /* Bluetooth USB spec recommends alt 6 (63 bytes), but 2379 * many adapters do not support it. Alt 1 appears to 2380 * work for all adapters that do not have alt 6, and 2381 * which work with WBS at all. Some devices prefer 2382 * alt 3 (HCI payload >= 60 Bytes let air packet 2383 * data satisfy 60 bytes), requiring 2384 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72 2385 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1. 2386 */ 2387 if (btusb_find_altsetting(data, 6)) 2388 new_alts = 6; 2389 else if (btusb_find_altsetting(data, 3) && 2390 hdev->sco_mtu >= 72 && 2391 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags)) 2392 new_alts = 3; 2393 else 2394 new_alts = 1; 2395 } 2396 2397 if (btusb_switch_alt_setting(hdev, new_alts) < 0) 2398 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts); 2399 } else { 2400 usb_kill_anchored_urbs(&data->isoc_anchor); 2401 2402 if (test_and_clear_bit(BTUSB_ISOC_RUNNING, &data->flags)) 2403 __set_isoc_interface(hdev, 0); 2404 2405 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 2406 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 2407 } 2408 } 2409 2410 static void btusb_waker(struct work_struct *work) 2411 { 2412 struct btusb_data *data = container_of(work, struct btusb_data, waker); 2413 int err; 2414 2415 err = usb_autopm_get_interface(data->intf); 2416 if (err < 0) 2417 return; 2418 2419 usb_autopm_put_interface(data->intf); 2420 } 2421 2422 static void btusb_rx_work(struct work_struct *work) 2423 { 2424 struct btusb_data *data = container_of(work, struct btusb_data, 2425 rx_work.work); 2426 struct sk_buff *skb; 2427 2428 /* Dequeue ACL data received during the interval */ 2429 while ((skb = skb_dequeue(&data->acl_q))) 2430 data->recv_acl(data->hdev, skb); 2431 } 2432 2433 static int btusb_setup_bcm92035(struct hci_dev *hdev) 2434 { 2435 struct sk_buff *skb; 2436 u8 val = 0x00; 2437 2438 BT_DBG("%s", hdev->name); 2439 2440 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 2441 if (IS_ERR(skb)) 2442 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 2443 else 2444 kfree_skb(skb); 2445 2446 return 0; 2447 } 2448 2449 static int btusb_setup_csr(struct hci_dev *hdev) 2450 { 2451 struct btusb_data *data = hci_get_drvdata(hdev); 2452 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice); 2453 struct hci_rp_read_local_version *rp; 2454 struct sk_buff *skb; 2455 bool is_fake = false; 2456 int ret; 2457 2458 BT_DBG("%s", hdev->name); 2459 2460 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 2461 HCI_INIT_TIMEOUT); 2462 if (IS_ERR(skb)) { 2463 int err = PTR_ERR(skb); 2464 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 2465 return err; 2466 } 2467 2468 rp = skb_pull_data(skb, sizeof(*rp)); 2469 if (!rp) { 2470 bt_dev_err(hdev, "CSR: Local version length mismatch"); 2471 kfree_skb(skb); 2472 return -EIO; 2473 } 2474 2475 bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x", 2476 rp->hci_ver, le16_to_cpu(rp->hci_rev)); 2477 2478 bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u", 2479 rp->lmp_ver, le16_to_cpu(rp->lmp_subver), 2480 le16_to_cpu(rp->manufacturer)); 2481 2482 /* Detect a wide host of Chinese controllers that aren't CSR. 2483 * 2484 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 2485 * 2486 * The main thing they have in common is that these are really popular low-cost 2487 * options that support newer Bluetooth versions but rely on heavy VID/PID 2488 * squatting of this poor old Bluetooth 1.1 device. Even sold as such. 2489 * 2490 * We detect actual CSR devices by checking that the HCI manufacturer code 2491 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and 2492 * HCI rev values always match. As they both store the firmware number. 2493 */ 2494 if (le16_to_cpu(rp->manufacturer) != 10 || 2495 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) 2496 is_fake = true; 2497 2498 /* Known legit CSR firmware build numbers and their supported BT versions: 2499 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e 2500 * - 1.2 (0x2) -> 0x04d9, 0x0529 2501 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c 2502 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) 2503 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb 2504 * 2505 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that 2506 * support BT 1.1 only; so it's a dead giveaway when some 2507 * third-party BT 4.0 dongle reuses it. 2508 */ 2509 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && 2510 rp->hci_ver > BLUETOOTH_VER_1_1) 2511 is_fake = true; 2512 2513 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && 2514 rp->hci_ver > BLUETOOTH_VER_1_2) 2515 is_fake = true; 2516 2517 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && 2518 rp->hci_ver > BLUETOOTH_VER_2_0) 2519 is_fake = true; 2520 2521 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && 2522 rp->hci_ver > BLUETOOTH_VER_2_1) 2523 is_fake = true; 2524 2525 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && 2526 rp->hci_ver > BLUETOOTH_VER_4_0) 2527 is_fake = true; 2528 2529 /* Other clones which beat all the above checks */ 2530 else if (bcdDevice == 0x0134 && 2531 le16_to_cpu(rp->lmp_subver) == 0x0c5c && 2532 rp->hci_ver == BLUETOOTH_VER_2_0) 2533 is_fake = true; 2534 2535 if (is_fake) { 2536 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once..."); 2537 2538 /* Generally these clones have big discrepancies between 2539 * advertised features and what's actually supported. 2540 * Probably will need to be expanded in the future; 2541 * without these the controller will lock up. 2542 */ 2543 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 2544 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ERR_DATA_REPORTING); 2545 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL); 2546 hci_set_quirk(hdev, HCI_QUIRK_NO_SUSPEND_NOTIFIER); 2547 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_VOICE_SETTING); 2548 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_PAGE_SCAN_TYPE); 2549 2550 /* Clear the reset quirk since this is not an actual 2551 * early Bluetooth 1.1 device from CSR. 2552 */ 2553 hci_clear_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 2554 hci_clear_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 2555 2556 /* 2557 * Special workaround for these BT 4.0 chip clones, and potentially more: 2558 * 2559 * - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012) 2560 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709) 2561 * 2562 * These controllers are really messed-up. 2563 * 2564 * 1. Their bulk RX endpoint will never report any data unless 2565 * the device was suspended at least once (yes, really). 2566 * 2. They will not wakeup when autosuspended and receiving data 2567 * on their bulk RX endpoint from e.g. a keyboard or mouse 2568 * (IOW remote-wakeup support is broken for the bulk endpoint). 2569 * 2570 * To fix 1. enable runtime-suspend, force-suspend the 2571 * HCI and then wake-it up by disabling runtime-suspend. 2572 * 2573 * To fix 2. clear the HCI's can_wake flag, this way the HCI 2574 * will still be autosuspended when it is not open. 2575 * 2576 * -- 2577 * 2578 * Because these are widespread problems we prefer generic solutions; so 2579 * apply this initialization quirk to every controller that gets here, 2580 * it should be harmless. The alternative is to not work at all. 2581 */ 2582 pm_runtime_allow(&data->udev->dev); 2583 2584 ret = pm_runtime_suspend(&data->udev->dev); 2585 if (ret >= 0) 2586 msleep(200); 2587 else 2588 bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround"); 2589 2590 pm_runtime_forbid(&data->udev->dev); 2591 2592 device_set_wakeup_capable(&data->udev->dev, false); 2593 2594 /* Re-enable autosuspend if this was requested */ 2595 if (enable_autosuspend) 2596 usb_enable_autosuspend(data->udev); 2597 } 2598 2599 kfree_skb(skb); 2600 2601 return 0; 2602 } 2603 2604 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 2605 { 2606 struct sk_buff *skb; 2607 struct hci_event_hdr *hdr; 2608 struct hci_ev_cmd_complete *evt; 2609 2610 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 2611 if (!skb) 2612 return -ENOMEM; 2613 2614 hdr = skb_put(skb, sizeof(*hdr)); 2615 hdr->evt = HCI_EV_CMD_COMPLETE; 2616 hdr->plen = sizeof(*evt) + 1; 2617 2618 evt = skb_put(skb, sizeof(*evt)); 2619 evt->ncmd = 0x01; 2620 evt->opcode = cpu_to_le16(opcode); 2621 2622 skb_put_u8(skb, 0x00); 2623 2624 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2625 2626 return hci_recv_frame(hdev, skb); 2627 } 2628 2629 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 2630 int count) 2631 { 2632 struct hci_dev *hdev = data->hdev; 2633 2634 /* When the device is in bootloader mode, then it can send 2635 * events via the bulk endpoint. These events are treated the 2636 * same way as the ones received from the interrupt endpoint. 2637 */ 2638 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) 2639 return btusb_recv_intr(data, buffer, count); 2640 2641 return btusb_recv_bulk(data, buffer, count); 2642 } 2643 2644 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 2645 { 2646 struct urb *urb; 2647 2648 BT_DBG("%s", hdev->name); 2649 2650 switch (hci_skb_pkt_type(skb)) { 2651 case HCI_COMMAND_PKT: 2652 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2653 struct hci_command_hdr *cmd = (void *)skb->data; 2654 __u16 opcode = le16_to_cpu(cmd->opcode); 2655 2656 /* When in bootloader mode and the command 0xfc09 2657 * is received, it needs to be send down the 2658 * bulk endpoint. So allocate a bulk URB instead. 2659 */ 2660 if (opcode == 0xfc09) 2661 urb = alloc_bulk_urb(hdev, skb); 2662 else 2663 urb = alloc_ctrl_urb(hdev, skb); 2664 2665 /* When the BTINTEL_HCI_OP_RESET command is issued to 2666 * boot into the operational firmware, it will actually 2667 * not send a command complete event. To keep the flow 2668 * control working inject that event here. 2669 */ 2670 if (opcode == BTINTEL_HCI_OP_RESET) 2671 inject_cmd_complete(hdev, opcode); 2672 } else { 2673 urb = alloc_ctrl_urb(hdev, skb); 2674 } 2675 if (IS_ERR(urb)) 2676 return PTR_ERR(urb); 2677 2678 hdev->stat.cmd_tx++; 2679 return submit_or_queue_tx_urb(hdev, urb); 2680 2681 case HCI_ACLDATA_PKT: 2682 urb = alloc_bulk_urb(hdev, skb); 2683 if (IS_ERR(urb)) 2684 return PTR_ERR(urb); 2685 2686 hdev->stat.acl_tx++; 2687 return submit_or_queue_tx_urb(hdev, urb); 2688 2689 case HCI_SCODATA_PKT: 2690 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && 2691 hci_conn_num(hdev, SCO_LINK) < 1) 2692 return -ENODEV; 2693 2694 urb = alloc_isoc_urb(hdev, skb); 2695 if (IS_ERR(urb)) 2696 return PTR_ERR(urb); 2697 2698 hdev->stat.sco_tx++; 2699 return submit_tx_urb(hdev, urb); 2700 2701 case HCI_ISODATA_PKT: 2702 urb = alloc_bulk_urb(hdev, skb); 2703 if (IS_ERR(urb)) 2704 return PTR_ERR(urb); 2705 2706 return submit_or_queue_tx_urb(hdev, urb); 2707 } 2708 2709 return -EILSEQ; 2710 } 2711 2712 static int btusb_setup_realtek(struct hci_dev *hdev) 2713 { 2714 struct btusb_data *data = hci_get_drvdata(hdev); 2715 int ret; 2716 2717 ret = btrtl_setup_realtek(hdev); 2718 2719 if (btrealtek_test_flag(data->hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP)) 2720 set_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags); 2721 2722 return ret; 2723 } 2724 2725 static int btusb_recv_event_realtek(struct hci_dev *hdev, struct sk_buff *skb) 2726 { 2727 if (skb->data[0] == HCI_VENDOR_PKT && skb->data[2] == RTK_SUB_EVENT_CODE_COREDUMP) { 2728 struct rtk_dev_coredump_hdr hdr = { 2729 .code = RTK_DEVCOREDUMP_CODE_MEMDUMP, 2730 }; 2731 2732 bt_dev_dbg(hdev, "RTL: received coredump vendor evt, len %u", 2733 skb->len); 2734 2735 btusb_rtl_alloc_devcoredump(hdev, &hdr, skb->data, skb->len); 2736 kfree_skb(skb); 2737 2738 return 0; 2739 } 2740 2741 return hci_recv_frame(hdev, skb); 2742 } 2743 2744 static void btusb_mtk_claim_iso_intf(struct btusb_data *data) 2745 { 2746 struct btmtk_data *btmtk_data; 2747 int err; 2748 2749 if (!data->hdev) 2750 return; 2751 2752 btmtk_data = hci_get_priv(data->hdev); 2753 if (!btmtk_data) 2754 return; 2755 2756 if (!btmtk_data->isopkt_intf) { 2757 bt_dev_err(data->hdev, "Can't claim NULL iso interface"); 2758 return; 2759 } 2760 2761 /* 2762 * The function usb_driver_claim_interface() is documented to need 2763 * locks held if it's not called from a probe routine. The code here 2764 * is called from the hci_power_on workqueue, so grab the lock. 2765 */ 2766 device_lock(&btmtk_data->isopkt_intf->dev); 2767 err = usb_driver_claim_interface(&btusb_driver, 2768 btmtk_data->isopkt_intf, data); 2769 device_unlock(&btmtk_data->isopkt_intf->dev); 2770 if (err < 0) { 2771 btmtk_data->isopkt_intf = NULL; 2772 bt_dev_err(data->hdev, "Failed to claim iso interface: %d", err); 2773 return; 2774 } 2775 2776 set_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags); 2777 init_usb_anchor(&btmtk_data->isopkt_anchor); 2778 } 2779 2780 static void btusb_mtk_release_iso_intf(struct hci_dev *hdev) 2781 { 2782 struct btmtk_data *btmtk_data; 2783 2784 if (!hdev) 2785 return; 2786 2787 btmtk_data = hci_get_priv(hdev); 2788 if (!btmtk_data) 2789 return; 2790 2791 if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 2792 usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor); 2793 clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags); 2794 2795 if (btmtk_data->isopkt_skb) { 2796 dev_kfree_skb_irq(btmtk_data->isopkt_skb); 2797 btmtk_data->isopkt_skb = NULL; 2798 } 2799 2800 if (btmtk_data->isopkt_intf) { 2801 usb_set_intfdata(btmtk_data->isopkt_intf, NULL); 2802 usb_driver_release_interface(&btusb_driver, 2803 btmtk_data->isopkt_intf); 2804 btmtk_data->isopkt_intf = NULL; 2805 } 2806 } 2807 2808 clear_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags); 2809 } 2810 2811 static int btusb_mtk_disconnect(struct hci_dev *hdev) 2812 { 2813 /* This function describes the specific additional steps taken by MediaTek 2814 * when Bluetooth usb driver's resume function is called. 2815 */ 2816 btusb_mtk_release_iso_intf(hdev); 2817 2818 return 0; 2819 } 2820 2821 static int btusb_mtk_reset(struct hci_dev *hdev, void *rst_data) 2822 { 2823 struct btusb_data *data = hci_get_drvdata(hdev); 2824 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 2825 int err; 2826 2827 /* It's MediaTek specific bluetooth reset mechanism via USB */ 2828 if (test_and_set_bit(BTMTK_HW_RESET_ACTIVE, &btmtk_data->flags)) { 2829 bt_dev_err(hdev, "last reset failed? Not resetting again"); 2830 return -EBUSY; 2831 } 2832 2833 err = usb_autopm_get_interface(data->intf); 2834 if (err < 0) 2835 return err; 2836 2837 /* Release MediaTek ISO data interface */ 2838 btusb_mtk_release_iso_intf(hdev); 2839 2840 btusb_stop_traffic(data); 2841 usb_kill_anchored_urbs(&data->tx_anchor); 2842 2843 /* Toggle the hard reset line. The MediaTek device is going to 2844 * yank itself off the USB and then replug. The cleanup is handled 2845 * correctly on the way out (standard USB disconnect), and the new 2846 * device is detected cleanly and bound to the driver again like 2847 * it should be. 2848 */ 2849 if (data->reset_gpio) { 2850 gpiod_set_value_cansleep(data->reset_gpio, 1); 2851 msleep(200); 2852 gpiod_set_value_cansleep(data->reset_gpio, 0); 2853 return 0; 2854 } 2855 2856 err = btmtk_usb_subsys_reset(hdev, btmtk_data->dev_id); 2857 2858 usb_queue_reset_device(data->intf); 2859 clear_bit(BTMTK_HW_RESET_ACTIVE, &btmtk_data->flags); 2860 2861 return err; 2862 } 2863 2864 static int btusb_send_frame_mtk(struct hci_dev *hdev, struct sk_buff *skb) 2865 { 2866 struct urb *urb; 2867 2868 BT_DBG("%s", hdev->name); 2869 2870 if (hci_skb_pkt_type(skb) == HCI_ISODATA_PKT) { 2871 urb = alloc_mtk_intr_urb(hdev, skb, btusb_tx_complete); 2872 if (IS_ERR(urb)) 2873 return PTR_ERR(urb); 2874 2875 return submit_or_queue_tx_urb(hdev, urb); 2876 } else { 2877 return btusb_send_frame(hdev, skb); 2878 } 2879 } 2880 2881 static int btusb_mtk_setup(struct hci_dev *hdev) 2882 { 2883 struct btusb_data *data = hci_get_drvdata(hdev); 2884 struct btmtk_data *btmtk_data = hci_get_priv(hdev); 2885 2886 /* MediaTek WMT vendor cmd requiring below USB resources to 2887 * complete the handshake. 2888 */ 2889 btmtk_data->drv_name = btusb_driver.name; 2890 btmtk_data->intf = data->intf; 2891 btmtk_data->udev = data->udev; 2892 btmtk_data->ctrl_anchor = &data->ctrl_anchor; 2893 btmtk_data->reset_sync = btusb_mtk_reset; 2894 2895 /* Claim ISO data interface and endpoint */ 2896 if (!test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) { 2897 btmtk_data->isopkt_intf = usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM); 2898 btusb_mtk_claim_iso_intf(data); 2899 } 2900 2901 return btmtk_usb_setup(hdev); 2902 } 2903 2904 static int btusb_mtk_shutdown(struct hci_dev *hdev) 2905 { 2906 int ret; 2907 2908 ret = btmtk_usb_shutdown(hdev); 2909 2910 /* Release MediaTek iso interface after shutdown */ 2911 btusb_mtk_release_iso_intf(hdev); 2912 2913 return ret; 2914 } 2915 2916 #ifdef CONFIG_PM 2917 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 2918 static int marvell_config_oob_wake(struct hci_dev *hdev) 2919 { 2920 struct sk_buff *skb; 2921 struct btusb_data *data = hci_get_drvdata(hdev); 2922 struct device *dev = &data->udev->dev; 2923 u16 pin, gap, opcode; 2924 int ret; 2925 u8 cmd[5]; 2926 2927 /* Move on if no wakeup pin specified */ 2928 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 2929 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 2930 return 0; 2931 2932 /* Vendor specific command to configure a GPIO as wake-up pin */ 2933 opcode = hci_opcode_pack(0x3F, 0x59); 2934 cmd[0] = opcode & 0xFF; 2935 cmd[1] = opcode >> 8; 2936 cmd[2] = 2; /* length of parameters that follow */ 2937 cmd[3] = pin; 2938 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 2939 2940 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 2941 if (!skb) { 2942 bt_dev_err(hdev, "%s: No memory", __func__); 2943 return -ENOMEM; 2944 } 2945 2946 skb_put_data(skb, cmd, sizeof(cmd)); 2947 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 2948 2949 ret = btusb_send_frame(hdev, skb); 2950 if (ret) { 2951 bt_dev_err(hdev, "%s: configuration failed", __func__); 2952 kfree_skb(skb); 2953 return ret; 2954 } 2955 2956 return 0; 2957 } 2958 #endif 2959 2960 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 2961 const bdaddr_t *bdaddr) 2962 { 2963 struct sk_buff *skb; 2964 u8 buf[8]; 2965 long ret; 2966 2967 buf[0] = 0xfe; 2968 buf[1] = sizeof(bdaddr_t); 2969 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 2970 2971 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2972 if (IS_ERR(skb)) { 2973 ret = PTR_ERR(skb); 2974 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 2975 ret); 2976 return ret; 2977 } 2978 kfree_skb(skb); 2979 2980 return 0; 2981 } 2982 2983 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 2984 const bdaddr_t *bdaddr) 2985 { 2986 struct sk_buff *skb; 2987 u8 buf[10]; 2988 long ret; 2989 2990 buf[0] = 0x01; 2991 buf[1] = 0x01; 2992 buf[2] = 0x00; 2993 buf[3] = sizeof(bdaddr_t); 2994 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 2995 2996 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2997 if (IS_ERR(skb)) { 2998 ret = PTR_ERR(skb); 2999 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3000 return ret; 3001 } 3002 kfree_skb(skb); 3003 3004 return 0; 3005 } 3006 3007 static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev, 3008 const bdaddr_t *bdaddr) 3009 { 3010 struct sk_buff *skb; 3011 u8 buf[6]; 3012 long ret; 3013 3014 memcpy(buf, bdaddr, sizeof(bdaddr_t)); 3015 3016 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf, 3017 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 3018 if (IS_ERR(skb)) { 3019 ret = PTR_ERR(skb); 3020 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3021 return ret; 3022 } 3023 kfree_skb(skb); 3024 3025 return 0; 3026 } 3027 3028 #define QCA_MEMDUMP_ACL_HANDLE 0x2EDD 3029 #define QCA_MEMDUMP_SIZE_MAX 0x100000 3030 #define QCA_MEMDUMP_VSE_CLASS 0x01 3031 #define QCA_MEMDUMP_MSG_TYPE 0x08 3032 #define QCA_MEMDUMP_PKT_SIZE 248 3033 #define QCA_LAST_SEQUENCE_NUM 0xffff 3034 3035 struct qca_dump_hdr { 3036 u8 vse_class; 3037 u8 msg_type; 3038 __le16 seqno; 3039 u8 reserved; 3040 union { 3041 u8 data[0]; 3042 struct { 3043 __le32 ram_dump_size; 3044 u8 data0[0]; 3045 } __packed; 3046 }; 3047 } __packed; 3048 3049 3050 static void btusb_dump_hdr_qca(struct hci_dev *hdev, struct sk_buff *skb) 3051 { 3052 char buf[128]; 3053 struct btusb_data *btdata = hci_get_drvdata(hdev); 3054 3055 snprintf(buf, sizeof(buf), "Controller Name: 0x%x\n", 3056 btdata->qca_dump.controller_id); 3057 skb_put_data(skb, buf, strlen(buf)); 3058 3059 snprintf(buf, sizeof(buf), "Firmware Version: 0x%x\n", 3060 btdata->qca_dump.fw_version); 3061 skb_put_data(skb, buf, strlen(buf)); 3062 3063 snprintf(buf, sizeof(buf), "Driver: %s\nVendor: qca\n", 3064 btusb_driver.name); 3065 skb_put_data(skb, buf, strlen(buf)); 3066 3067 snprintf(buf, sizeof(buf), "VID: 0x%x\nPID:0x%x\n", 3068 btdata->qca_dump.id_vendor, btdata->qca_dump.id_product); 3069 skb_put_data(skb, buf, strlen(buf)); 3070 3071 snprintf(buf, sizeof(buf), "Lmp Subversion: 0x%x\n", 3072 hdev->lmp_subver); 3073 skb_put_data(skb, buf, strlen(buf)); 3074 } 3075 3076 static void btusb_coredump_qca(struct hci_dev *hdev) 3077 { 3078 int err; 3079 static const u8 param[] = { 0x26 }; 3080 3081 err = __hci_cmd_send(hdev, 0xfc0c, 1, param); 3082 if (err < 0) 3083 bt_dev_err(hdev, "%s: triggle crash failed (%d)", __func__, err); 3084 } 3085 3086 /* Return: 0 on success, negative errno on failure. */ 3087 static int handle_dump_pkt_qca(struct hci_dev *hdev, struct sk_buff *skb) 3088 { 3089 int ret = 0; 3090 unsigned int skip = 0; 3091 u8 pkt_type; 3092 u16 seqno; 3093 u32 dump_size; 3094 3095 struct qca_dump_hdr *dump_hdr; 3096 struct btusb_data *btdata = hci_get_drvdata(hdev); 3097 struct usb_device *udev = btdata->udev; 3098 3099 pkt_type = hci_skb_pkt_type(skb); 3100 skip = sizeof(struct hci_event_hdr); 3101 if (pkt_type == HCI_ACLDATA_PKT) 3102 skip += sizeof(struct hci_acl_hdr); 3103 3104 skb_pull(skb, skip); 3105 dump_hdr = (struct qca_dump_hdr *)skb->data; 3106 3107 seqno = le16_to_cpu(dump_hdr->seqno); 3108 if (seqno == 0) { 3109 set_bit(BTUSB_HW_SSR_ACTIVE, &btdata->flags); 3110 dump_size = le32_to_cpu(dump_hdr->ram_dump_size); 3111 if (!dump_size || (dump_size > QCA_MEMDUMP_SIZE_MAX)) { 3112 ret = -EILSEQ; 3113 bt_dev_err(hdev, "Invalid memdump size(%u)", 3114 dump_size); 3115 goto out; 3116 } 3117 3118 ret = hci_devcd_init(hdev, dump_size); 3119 if (ret < 0) { 3120 bt_dev_err(hdev, "memdump init error(%d)", ret); 3121 goto out; 3122 } 3123 3124 btdata->qca_dump.ram_dump_size = dump_size; 3125 btdata->qca_dump.ram_dump_seqno = 0; 3126 3127 skb_pull(skb, offsetof(struct qca_dump_hdr, data0)); 3128 3129 usb_disable_autosuspend(udev); 3130 bt_dev_info(hdev, "%s memdump size(%u)\n", 3131 (pkt_type == HCI_ACLDATA_PKT) ? "ACL" : "event", 3132 dump_size); 3133 } else { 3134 skb_pull(skb, offsetof(struct qca_dump_hdr, data)); 3135 } 3136 3137 if (!btdata->qca_dump.ram_dump_size) { 3138 ret = -EINVAL; 3139 bt_dev_err(hdev, "memdump is not active"); 3140 goto out; 3141 } 3142 3143 if ((seqno > btdata->qca_dump.ram_dump_seqno + 1) && (seqno != QCA_LAST_SEQUENCE_NUM)) { 3144 dump_size = QCA_MEMDUMP_PKT_SIZE * (seqno - btdata->qca_dump.ram_dump_seqno - 1); 3145 hci_devcd_append_pattern(hdev, 0x0, dump_size); 3146 bt_dev_err(hdev, 3147 "expected memdump seqno(%u) is not received(%u)\n", 3148 btdata->qca_dump.ram_dump_seqno, seqno); 3149 btdata->qca_dump.ram_dump_seqno = seqno; 3150 kfree_skb(skb); 3151 return ret; 3152 } 3153 3154 hci_devcd_append(hdev, skb); 3155 btdata->qca_dump.ram_dump_seqno++; 3156 if (seqno == QCA_LAST_SEQUENCE_NUM) { 3157 bt_dev_info(hdev, 3158 "memdump done: pkts(%u), total(%u)\n", 3159 btdata->qca_dump.ram_dump_seqno, btdata->qca_dump.ram_dump_size); 3160 3161 hci_devcd_complete(hdev); 3162 goto out; 3163 } 3164 return ret; 3165 3166 out: 3167 if (btdata->qca_dump.ram_dump_size) 3168 usb_enable_autosuspend(udev); 3169 btdata->qca_dump.ram_dump_size = 0; 3170 btdata->qca_dump.ram_dump_seqno = 0; 3171 clear_bit(BTUSB_HW_SSR_ACTIVE, &btdata->flags); 3172 3173 if (ret < 0) 3174 kfree_skb(skb); 3175 return ret; 3176 } 3177 3178 /* Return: true if the ACL packet is a dump packet, false otherwise. */ 3179 static bool acl_pkt_is_dump_qca(struct hci_dev *hdev, struct sk_buff *skb) 3180 { 3181 struct hci_event_hdr *event_hdr; 3182 struct hci_acl_hdr *acl_hdr; 3183 struct qca_dump_hdr *dump_hdr; 3184 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); 3185 bool is_dump = false; 3186 3187 if (!clone) 3188 return false; 3189 3190 acl_hdr = skb_pull_data(clone, sizeof(*acl_hdr)); 3191 if (!acl_hdr || (le16_to_cpu(acl_hdr->handle) != QCA_MEMDUMP_ACL_HANDLE)) 3192 goto out; 3193 3194 event_hdr = skb_pull_data(clone, sizeof(*event_hdr)); 3195 if (!event_hdr || (event_hdr->evt != HCI_VENDOR_PKT)) 3196 goto out; 3197 3198 dump_hdr = skb_pull_data(clone, sizeof(*dump_hdr)); 3199 if (!dump_hdr || (dump_hdr->vse_class != QCA_MEMDUMP_VSE_CLASS) || 3200 (dump_hdr->msg_type != QCA_MEMDUMP_MSG_TYPE)) 3201 goto out; 3202 3203 is_dump = true; 3204 out: 3205 consume_skb(clone); 3206 return is_dump; 3207 } 3208 3209 /* Return: true if the event packet is a dump packet, false otherwise. */ 3210 static bool evt_pkt_is_dump_qca(struct hci_dev *hdev, struct sk_buff *skb) 3211 { 3212 struct hci_event_hdr *event_hdr; 3213 struct qca_dump_hdr *dump_hdr; 3214 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); 3215 bool is_dump = false; 3216 3217 if (!clone) 3218 return false; 3219 3220 event_hdr = skb_pull_data(clone, sizeof(*event_hdr)); 3221 if (!event_hdr || (event_hdr->evt != HCI_VENDOR_PKT)) 3222 goto out; 3223 3224 dump_hdr = skb_pull_data(clone, sizeof(*dump_hdr)); 3225 if (!dump_hdr || (dump_hdr->vse_class != QCA_MEMDUMP_VSE_CLASS) || 3226 (dump_hdr->msg_type != QCA_MEMDUMP_MSG_TYPE)) 3227 goto out; 3228 3229 is_dump = true; 3230 out: 3231 consume_skb(clone); 3232 return is_dump; 3233 } 3234 3235 static int btusb_recv_acl_qca(struct hci_dev *hdev, struct sk_buff *skb) 3236 { 3237 if (acl_pkt_is_dump_qca(hdev, skb)) 3238 return handle_dump_pkt_qca(hdev, skb); 3239 return hci_recv_frame(hdev, skb); 3240 } 3241 3242 static int btusb_recv_evt_qca(struct hci_dev *hdev, struct sk_buff *skb) 3243 { 3244 if (evt_pkt_is_dump_qca(hdev, skb)) 3245 return handle_dump_pkt_qca(hdev, skb); 3246 return hci_recv_frame(hdev, skb); 3247 } 3248 3249 3250 #define QCA_DFU_PACKET_LEN 4096 3251 3252 #define QCA_GET_TARGET_VERSION 0x09 3253 #define QCA_CHECK_STATUS 0x05 3254 #define QCA_DFU_DOWNLOAD 0x01 3255 3256 #define QCA_SYSCFG_UPDATED 0x40 3257 #define QCA_PATCH_UPDATED 0x80 3258 #define QCA_DFU_TIMEOUT 3000 3259 #define QCA_FLAG_MULTI_NVM 0x80 3260 #define QCA_BT_RESET_WAIT_MS 100 3261 3262 #define WCN6855_2_0_RAM_VERSION_GF 0x400c1200 3263 #define WCN6855_2_1_RAM_VERSION_GF 0x400c1211 3264 3265 struct qca_version { 3266 __le32 rom_version; 3267 __le32 patch_version; 3268 __le32 ram_version; 3269 __u8 chip_id; 3270 __u8 platform_id; 3271 __le16 flag; 3272 __u8 reserved[4]; 3273 } __packed; 3274 3275 struct qca_rampatch_version { 3276 __le16 rom_version_high; 3277 __le16 rom_version_low; 3278 __le16 patch_version; 3279 } __packed; 3280 3281 struct qca_device_info { 3282 u32 rom_version; 3283 u8 rampatch_hdr; /* length of header in rampatch */ 3284 u8 nvm_hdr; /* length of header in NVM */ 3285 u8 ver_offset; /* offset of version structure in rampatch */ 3286 }; 3287 3288 struct qca_custom_firmware { 3289 u32 rom_version; 3290 u16 board_id; 3291 const char *subdirectory; 3292 }; 3293 3294 static const struct qca_device_info qca_devices_table[] = { 3295 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */ 3296 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */ 3297 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */ 3298 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */ 3299 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */ 3300 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */ 3301 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */ 3302 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */ 3303 { 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */ 3304 { 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */ 3305 }; 3306 3307 static const struct qca_custom_firmware qca_custom_btfws[] = { 3308 { 0x00130201, 0x030A, "QCA2066" }, 3309 { 0x00130201, 0x030B, "QCA2066" }, 3310 { }, 3311 }; 3312 3313 static u16 qca_extract_board_id(const struct qca_version *ver) 3314 { 3315 u16 flag = le16_to_cpu(ver->flag); 3316 u16 board_id = 0; 3317 3318 if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) { 3319 /* The board_id should be split into two bytes 3320 * The 1st byte is chip ID, and the 2nd byte is platform ID 3321 * For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID 3322 * we have several platforms, and platform IDs are continuously added 3323 * Platform ID: 3324 * 0x00 is for Mobile 3325 * 0x01 is for X86 3326 * 0x02 is for Automotive 3327 * 0x03 is for Consumer electronic 3328 */ 3329 board_id = (ver->chip_id << 8) + ver->platform_id; 3330 } 3331 3332 /* Take 0xffff as invalid board ID */ 3333 if (board_id == 0xffff) 3334 board_id = 0; 3335 3336 return board_id; 3337 } 3338 3339 static const char *qca_get_fw_subdirectory(const struct qca_version *ver) 3340 { 3341 const struct qca_custom_firmware *ptr; 3342 u32 rom_ver; 3343 u16 board_id; 3344 3345 rom_ver = le32_to_cpu(ver->rom_version); 3346 board_id = qca_extract_board_id(ver); 3347 if (!board_id) 3348 return NULL; 3349 3350 for (ptr = qca_custom_btfws; ptr->rom_version; ptr++) { 3351 if (ptr->rom_version == rom_ver && 3352 ptr->board_id == board_id) 3353 return ptr->subdirectory; 3354 } 3355 3356 return NULL; 3357 } 3358 3359 static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 3360 void *data, u16 size) 3361 { 3362 int pipe, err; 3363 u8 *buf; 3364 3365 buf = kmalloc(size, GFP_KERNEL); 3366 if (!buf) 3367 return -ENOMEM; 3368 3369 /* Found some of USB hosts have IOT issues with ours so that we should 3370 * not wait until HCI layer is ready. 3371 */ 3372 pipe = usb_rcvctrlpipe(udev, 0); 3373 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 3374 0, 0, buf, size, USB_CTRL_GET_TIMEOUT); 3375 if (err < 0) { 3376 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 3377 goto done; 3378 } 3379 3380 memcpy(data, buf, size); 3381 3382 done: 3383 kfree(buf); 3384 3385 return err; 3386 } 3387 3388 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 3389 const struct firmware *firmware, 3390 size_t hdr_size) 3391 { 3392 struct btusb_data *btdata = hci_get_drvdata(hdev); 3393 struct usb_device *udev = btdata->udev; 3394 size_t count, size, sent = 0; 3395 int pipe, len, err; 3396 u8 *buf; 3397 3398 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 3399 if (!buf) 3400 return -ENOMEM; 3401 3402 count = firmware->size; 3403 3404 size = min_t(size_t, count, hdr_size); 3405 memcpy(buf, firmware->data, size); 3406 3407 /* USB patches should go down to controller through USB path 3408 * because binary format fits to go down through USB channel. 3409 * USB control path is for patching headers and USB bulk is for 3410 * patch body. 3411 */ 3412 pipe = usb_sndctrlpipe(udev, 0); 3413 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 3414 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3415 if (err < 0) { 3416 bt_dev_err(hdev, "Failed to send headers (%d)", err); 3417 goto done; 3418 } 3419 3420 sent += size; 3421 count -= size; 3422 3423 /* ep2 need time to switch from function acl to function dfu, 3424 * so we add 20ms delay here. 3425 */ 3426 msleep(20); 3427 3428 while (count) { 3429 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 3430 3431 memcpy(buf, firmware->data + sent, size); 3432 3433 pipe = usb_sndbulkpipe(udev, 0x02); 3434 err = usb_bulk_msg(udev, pipe, buf, size, &len, 3435 QCA_DFU_TIMEOUT); 3436 if (err < 0) { 3437 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 3438 sent, firmware->size, err); 3439 break; 3440 } 3441 3442 if (size != len) { 3443 bt_dev_err(hdev, "Failed to get bulk buffer"); 3444 err = -EILSEQ; 3445 break; 3446 } 3447 3448 sent += size; 3449 count -= size; 3450 } 3451 3452 done: 3453 kfree(buf); 3454 return err; 3455 } 3456 3457 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 3458 struct qca_version *ver, 3459 const struct qca_device_info *info) 3460 { 3461 struct qca_rampatch_version *rver; 3462 const struct firmware *fw; 3463 const char *fw_subdir; 3464 u32 ver_rom, ver_patch, rver_rom; 3465 u16 rver_rom_low, rver_rom_high, rver_patch; 3466 char fwname[80]; 3467 int err; 3468 3469 ver_rom = le32_to_cpu(ver->rom_version); 3470 ver_patch = le32_to_cpu(ver->patch_version); 3471 3472 fw_subdir = qca_get_fw_subdirectory(ver); 3473 if (fw_subdir) 3474 snprintf(fwname, sizeof(fwname), "qca/%s/rampatch_usb_%08x.bin", 3475 fw_subdir, ver_rom); 3476 else 3477 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", 3478 ver_rom); 3479 3480 err = request_firmware(&fw, fwname, &hdev->dev); 3481 if (err) { 3482 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 3483 fwname, err); 3484 return err; 3485 } 3486 3487 bt_dev_info(hdev, "using rampatch file: %s", fwname); 3488 3489 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 3490 rver_rom_low = le16_to_cpu(rver->rom_version_low); 3491 rver_patch = le16_to_cpu(rver->patch_version); 3492 3493 if (ver_rom & ~0xffffU) { 3494 rver_rom_high = le16_to_cpu(rver->rom_version_high); 3495 rver_rom = rver_rom_high << 16 | rver_rom_low; 3496 } else { 3497 rver_rom = rver_rom_low; 3498 } 3499 3500 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 3501 "firmware rome 0x%x build 0x%x", 3502 rver_rom, rver_patch, ver_rom, ver_patch); 3503 3504 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 3505 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 3506 err = -EINVAL; 3507 goto done; 3508 } 3509 3510 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 3511 3512 done: 3513 release_firmware(fw); 3514 3515 return err; 3516 } 3517 3518 static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, 3519 const struct qca_version *ver) 3520 { 3521 u32 rom_version = le32_to_cpu(ver->rom_version); 3522 const char *variant, *fw_subdir; 3523 int len; 3524 u16 board_id; 3525 3526 fw_subdir = qca_get_fw_subdirectory(ver); 3527 board_id = qca_extract_board_id(ver); 3528 3529 switch (le32_to_cpu(ver->ram_version)) { 3530 case WCN6855_2_0_RAM_VERSION_GF: 3531 case WCN6855_2_1_RAM_VERSION_GF: 3532 variant = "_gf"; 3533 break; 3534 default: 3535 variant = NULL; 3536 break; 3537 } 3538 3539 if (fw_subdir) 3540 len = snprintf(fwname, max_size, "qca/%s/nvm_usb_%08x", 3541 fw_subdir, rom_version); 3542 else 3543 len = snprintf(fwname, max_size, "qca/nvm_usb_%08x", 3544 rom_version); 3545 if (variant) 3546 len += snprintf(fwname + len, max_size - len, "%s", variant); 3547 if (board_id) 3548 len += snprintf(fwname + len, max_size - len, "_%04x", board_id); 3549 len += snprintf(fwname + len, max_size - len, ".bin"); 3550 } 3551 3552 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 3553 struct qca_version *ver, 3554 const struct qca_device_info *info) 3555 { 3556 const struct firmware *fw; 3557 char fwname[80]; 3558 int err; 3559 3560 btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); 3561 3562 err = request_firmware(&fw, fwname, &hdev->dev); 3563 if (err) { 3564 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 3565 fwname, err); 3566 return err; 3567 } 3568 3569 bt_dev_info(hdev, "using NVM file: %s", fwname); 3570 3571 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 3572 3573 release_firmware(fw); 3574 3575 return err; 3576 } 3577 3578 /* identify the ROM version and check whether patches are needed */ 3579 static bool btusb_qca_need_patch(struct usb_device *udev) 3580 { 3581 struct qca_version ver; 3582 3583 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3584 sizeof(ver)) < 0) 3585 return false; 3586 /* only low ROM versions need patches */ 3587 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 3588 } 3589 3590 static int btusb_setup_qca(struct hci_dev *hdev) 3591 { 3592 struct btusb_data *btdata = hci_get_drvdata(hdev); 3593 struct usb_device *udev = btdata->udev; 3594 const struct qca_device_info *info = NULL; 3595 struct qca_version ver; 3596 u32 ver_rom; 3597 u8 status; 3598 int i, err; 3599 3600 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3601 sizeof(ver)); 3602 if (err < 0) 3603 return err; 3604 3605 ver_rom = le32_to_cpu(ver.rom_version); 3606 3607 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 3608 if (ver_rom == qca_devices_table[i].rom_version) 3609 info = &qca_devices_table[i]; 3610 } 3611 if (!info) { 3612 /* If the rom_version is not matched in the qca_devices_table 3613 * and the high ROM version is not zero, we assume this chip no 3614 * need to load the rampatch and nvm. 3615 */ 3616 if (ver_rom & ~0xffffU) 3617 return 0; 3618 3619 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 3620 return -ENODEV; 3621 } 3622 3623 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 3624 sizeof(status)); 3625 if (err < 0) 3626 return err; 3627 3628 if (!(status & QCA_PATCH_UPDATED)) { 3629 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 3630 if (err < 0) 3631 return err; 3632 } 3633 3634 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3635 sizeof(ver)); 3636 if (err < 0) 3637 return err; 3638 3639 btdata->qca_dump.fw_version = le32_to_cpu(ver.patch_version); 3640 btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version); 3641 3642 if (!(status & QCA_SYSCFG_UPDATED)) { 3643 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 3644 if (err < 0) 3645 return err; 3646 3647 /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so 3648 * wait ~100ms for reset Done then go ahead, otherwise, it maybe 3649 * cause potential enable failure. 3650 */ 3651 if (info->rom_version >= 0x00130201) 3652 msleep(QCA_BT_RESET_WAIT_MS); 3653 } 3654 3655 /* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to 3656 * work with the likes of HSP/HFP mSBC. 3657 */ 3658 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN); 3659 3660 return 0; 3661 } 3662 3663 static inline int __set_diag_interface(struct hci_dev *hdev) 3664 { 3665 struct btusb_data *data = hci_get_drvdata(hdev); 3666 struct usb_interface *intf = data->diag; 3667 int i; 3668 3669 if (!data->diag) 3670 return -ENODEV; 3671 3672 data->diag_tx_ep = NULL; 3673 data->diag_rx_ep = NULL; 3674 3675 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3676 struct usb_endpoint_descriptor *ep_desc; 3677 3678 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3679 3680 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3681 data->diag_tx_ep = ep_desc; 3682 continue; 3683 } 3684 3685 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3686 data->diag_rx_ep = ep_desc; 3687 continue; 3688 } 3689 } 3690 3691 if (!data->diag_tx_ep || !data->diag_rx_ep) { 3692 bt_dev_err(hdev, "invalid diagnostic descriptors"); 3693 return -ENODEV; 3694 } 3695 3696 return 0; 3697 } 3698 3699 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 3700 { 3701 struct btusb_data *data = hci_get_drvdata(hdev); 3702 struct sk_buff *skb; 3703 struct urb *urb; 3704 unsigned int pipe; 3705 3706 if (!data->diag_tx_ep) 3707 return ERR_PTR(-ENODEV); 3708 3709 urb = usb_alloc_urb(0, GFP_KERNEL); 3710 if (!urb) 3711 return ERR_PTR(-ENOMEM); 3712 3713 skb = bt_skb_alloc(2, GFP_KERNEL); 3714 if (!skb) { 3715 usb_free_urb(urb); 3716 return ERR_PTR(-ENOMEM); 3717 } 3718 3719 skb_put_u8(skb, 0xf0); 3720 skb_put_u8(skb, enable); 3721 3722 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 3723 3724 usb_fill_bulk_urb(urb, data->udev, pipe, 3725 skb->data, skb->len, btusb_tx_complete, skb); 3726 3727 skb->dev = (void *)hdev; 3728 3729 return urb; 3730 } 3731 3732 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 3733 { 3734 struct btusb_data *data = hci_get_drvdata(hdev); 3735 struct urb *urb; 3736 3737 if (!data->diag) 3738 return -ENODEV; 3739 3740 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3741 return -ENETDOWN; 3742 3743 urb = alloc_diag_urb(hdev, enable); 3744 if (IS_ERR(urb)) 3745 return PTR_ERR(urb); 3746 3747 return submit_or_queue_tx_urb(hdev, urb); 3748 } 3749 3750 #ifdef CONFIG_PM 3751 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 3752 { 3753 struct btusb_data *data = priv; 3754 3755 pm_wakeup_event(&data->udev->dev, 0); 3756 pm_system_wakeup(); 3757 3758 /* Disable only if not already disabled (keep it balanced) */ 3759 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3760 disable_irq_nosync(irq); 3761 disable_irq_wake(irq); 3762 } 3763 return IRQ_HANDLED; 3764 } 3765 3766 static const struct of_device_id btusb_match_table[] = { 3767 { .compatible = "usb1286,204e" }, 3768 { .compatible = "usbcf3,e300" }, /* QCA6174A */ 3769 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */ 3770 { } 3771 }; 3772 MODULE_DEVICE_TABLE(of, btusb_match_table); 3773 3774 /* Use an oob wakeup pin? */ 3775 static int btusb_config_oob_wake(struct hci_dev *hdev) 3776 { 3777 struct btusb_data *data = hci_get_drvdata(hdev); 3778 struct device *dev = &data->udev->dev; 3779 int irq, ret; 3780 3781 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3782 3783 if (!of_match_device(btusb_match_table, dev)) 3784 return 0; 3785 3786 /* Move on if no IRQ specified */ 3787 irq = of_irq_get_byname(dev->of_node, "wakeup"); 3788 if (irq <= 0) { 3789 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 3790 return 0; 3791 } 3792 3793 irq_set_status_flags(irq, IRQ_NOAUTOEN); 3794 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 3795 0, "OOB Wake-on-BT", data); 3796 if (ret) { 3797 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 3798 return ret; 3799 } 3800 3801 ret = device_init_wakeup(dev, true); 3802 if (ret) { 3803 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 3804 return ret; 3805 } 3806 3807 data->oob_wake_irq = irq; 3808 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 3809 return 0; 3810 } 3811 #endif 3812 3813 static void btusb_check_needs_reset_resume(struct usb_interface *intf) 3814 { 3815 if (dmi_check_system(btusb_needs_reset_resume_table)) 3816 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3817 } 3818 3819 static bool btusb_wakeup(struct hci_dev *hdev) 3820 { 3821 struct btusb_data *data = hci_get_drvdata(hdev); 3822 3823 return device_may_wakeup(&data->udev->dev); 3824 } 3825 3826 static int btusb_shutdown_qca(struct hci_dev *hdev) 3827 { 3828 struct sk_buff *skb; 3829 3830 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 3831 if (IS_ERR(skb)) { 3832 bt_dev_err(hdev, "HCI reset during shutdown failed"); 3833 return PTR_ERR(skb); 3834 } 3835 kfree_skb(skb); 3836 3837 return 0; 3838 } 3839 3840 static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf, 3841 size_t count, loff_t *ppos) 3842 { 3843 struct btusb_data *data = file->private_data; 3844 char buf[3]; 3845 3846 buf[0] = data->poll_sync ? 'Y' : 'N'; 3847 buf[1] = '\n'; 3848 buf[2] = '\0'; 3849 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 3850 } 3851 3852 static ssize_t force_poll_sync_write(struct file *file, 3853 const char __user *user_buf, 3854 size_t count, loff_t *ppos) 3855 { 3856 struct btusb_data *data = file->private_data; 3857 bool enable; 3858 int err; 3859 3860 err = kstrtobool_from_user(user_buf, count, &enable); 3861 if (err) 3862 return err; 3863 3864 /* Only allow changes while the adapter is down */ 3865 if (test_bit(HCI_UP, &data->hdev->flags)) 3866 return -EPERM; 3867 3868 if (data->poll_sync == enable) 3869 return -EALREADY; 3870 3871 data->poll_sync = enable; 3872 3873 return count; 3874 } 3875 3876 static const struct file_operations force_poll_sync_fops = { 3877 .owner = THIS_MODULE, 3878 .open = simple_open, 3879 .read = force_poll_sync_read, 3880 .write = force_poll_sync_write, 3881 .llseek = default_llseek, 3882 }; 3883 3884 #define BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS \ 3885 hci_opcode_pack(HCI_DRV_OGF_DRIVER_SPECIFIC, 0x0000) 3886 #define BTUSB_HCI_DRV_SUPPORTED_ALTSETTINGS_SIZE 0 3887 struct btusb_hci_drv_rp_supported_altsettings { 3888 __u8 num; 3889 __u8 altsettings[]; 3890 } __packed; 3891 3892 #define BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING \ 3893 hci_opcode_pack(HCI_DRV_OGF_DRIVER_SPECIFIC, 0x0001) 3894 #define BTUSB_HCI_DRV_SWITCH_ALTSETTING_SIZE 1 3895 struct btusb_hci_drv_cmd_switch_altsetting { 3896 __u8 altsetting; 3897 } __packed; 3898 3899 static const struct { 3900 u16 opcode; 3901 const char *desc; 3902 } btusb_hci_drv_supported_commands[] = { 3903 /* Common commands */ 3904 { HCI_DRV_OP_READ_INFO, "Read Info" }, 3905 3906 /* Driver specific commands */ 3907 { BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS, "Supported Altsettings" }, 3908 { BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING, "Switch Altsetting" }, 3909 }; 3910 static int btusb_hci_drv_read_info(struct hci_dev *hdev, void *data, 3911 u16 data_len) 3912 { 3913 struct hci_drv_rp_read_info *rp; 3914 size_t rp_size; 3915 int err, i; 3916 u16 opcode, num_supported_commands = 3917 ARRAY_SIZE(btusb_hci_drv_supported_commands); 3918 3919 rp_size = sizeof(*rp) + num_supported_commands * 2; 3920 3921 rp = kmalloc(rp_size, GFP_KERNEL); 3922 if (!rp) 3923 return -ENOMEM; 3924 3925 strscpy_pad(rp->driver_name, btusb_driver.name); 3926 3927 rp->num_supported_commands = cpu_to_le16(num_supported_commands); 3928 for (i = 0; i < num_supported_commands; i++) { 3929 opcode = btusb_hci_drv_supported_commands[i].opcode; 3930 bt_dev_info(hdev, 3931 "Supported HCI Drv command (0x%02x|0x%04x): %s", 3932 hci_opcode_ogf(opcode), 3933 hci_opcode_ocf(opcode), 3934 btusb_hci_drv_supported_commands[i].desc); 3935 rp->supported_commands[i] = cpu_to_le16(opcode); 3936 } 3937 3938 err = hci_drv_cmd_complete(hdev, HCI_DRV_OP_READ_INFO, 3939 HCI_DRV_STATUS_SUCCESS, rp, rp_size); 3940 3941 kfree(rp); 3942 return err; 3943 } 3944 3945 static int btusb_hci_drv_supported_altsettings(struct hci_dev *hdev, void *data, 3946 u16 data_len) 3947 { 3948 struct btusb_data *drvdata = hci_get_drvdata(hdev); 3949 struct btusb_hci_drv_rp_supported_altsettings *rp; 3950 size_t rp_size; 3951 int err; 3952 u8 i; 3953 3954 /* There are at most 7 alt (0 - 6) */ 3955 rp = kmalloc(sizeof(*rp) + 7, GFP_KERNEL); 3956 if (!rp) 3957 return -ENOMEM; 3958 3959 rp->num = 0; 3960 if (!drvdata->isoc) 3961 goto done; 3962 3963 for (i = 0; i <= 6; i++) { 3964 if (btusb_find_altsetting(drvdata, i)) 3965 rp->altsettings[rp->num++] = i; 3966 } 3967 3968 done: 3969 rp_size = sizeof(*rp) + rp->num; 3970 3971 err = hci_drv_cmd_complete(hdev, BTUSB_HCI_DRV_OP_SUPPORTED_ALTSETTINGS, 3972 HCI_DRV_STATUS_SUCCESS, rp, rp_size); 3973 kfree(rp); 3974 return err; 3975 } 3976 3977 static int btusb_hci_drv_switch_altsetting(struct hci_dev *hdev, void *data, 3978 u16 data_len) 3979 { 3980 struct btusb_hci_drv_cmd_switch_altsetting *cmd = data; 3981 u8 status; 3982 3983 if (cmd->altsetting > 6) { 3984 status = HCI_DRV_STATUS_INVALID_PARAMETERS; 3985 } else { 3986 if (btusb_switch_alt_setting(hdev, cmd->altsetting)) 3987 status = HCI_DRV_STATUS_UNSPECIFIED_ERROR; 3988 else 3989 status = HCI_DRV_STATUS_SUCCESS; 3990 } 3991 3992 return hci_drv_cmd_status(hdev, BTUSB_HCI_DRV_OP_SWITCH_ALTSETTING, 3993 status); 3994 } 3995 3996 static const struct hci_drv_handler btusb_hci_drv_common_handlers[] = { 3997 { btusb_hci_drv_read_info, HCI_DRV_READ_INFO_SIZE }, 3998 }; 3999 4000 static const struct hci_drv_handler btusb_hci_drv_specific_handlers[] = { 4001 { btusb_hci_drv_supported_altsettings, 4002 BTUSB_HCI_DRV_SUPPORTED_ALTSETTINGS_SIZE }, 4003 { btusb_hci_drv_switch_altsetting, 4004 BTUSB_HCI_DRV_SWITCH_ALTSETTING_SIZE }, 4005 }; 4006 4007 static struct hci_drv btusb_hci_drv = { 4008 .common_handler_count = ARRAY_SIZE(btusb_hci_drv_common_handlers), 4009 .common_handlers = btusb_hci_drv_common_handlers, 4010 .specific_handler_count = ARRAY_SIZE(btusb_hci_drv_specific_handlers), 4011 .specific_handlers = btusb_hci_drv_specific_handlers, 4012 }; 4013 4014 static int btusb_probe(struct usb_interface *intf, 4015 const struct usb_device_id *id) 4016 { 4017 struct usb_endpoint_descriptor *ep_desc; 4018 struct gpio_desc *reset_gpio; 4019 struct btusb_data *data; 4020 struct hci_dev *hdev; 4021 unsigned ifnum_base; 4022 int i, err, priv_size; 4023 4024 BT_DBG("intf %p id %p", intf, id); 4025 4026 if ((id->driver_info & BTUSB_IFNUM_2) && 4027 (intf->cur_altsetting->desc.bInterfaceNumber != 0) && 4028 (intf->cur_altsetting->desc.bInterfaceNumber != 2)) 4029 return -ENODEV; 4030 4031 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 4032 4033 if (!id->driver_info) { 4034 const struct usb_device_id *match; 4035 4036 match = usb_match_id(intf, quirks_table); 4037 if (match) 4038 id = match; 4039 } 4040 4041 if (id->driver_info == BTUSB_IGNORE) 4042 return -ENODEV; 4043 4044 if (id->driver_info & BTUSB_ATH3012) { 4045 struct usb_device *udev = interface_to_usbdev(intf); 4046 4047 /* Old firmware would otherwise let ath3k driver load 4048 * patch and sysconfig files 4049 */ 4050 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 4051 !btusb_qca_need_patch(udev)) 4052 return -ENODEV; 4053 } 4054 4055 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 4056 if (!data) 4057 return -ENOMEM; 4058 4059 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 4060 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 4061 4062 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 4063 data->intr_ep = ep_desc; 4064 continue; 4065 } 4066 4067 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 4068 data->bulk_tx_ep = ep_desc; 4069 continue; 4070 } 4071 4072 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 4073 data->bulk_rx_ep = ep_desc; 4074 continue; 4075 } 4076 } 4077 4078 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 4079 return -ENODEV; 4080 4081 if (id->driver_info & BTUSB_AMP) { 4082 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 4083 data->cmdreq = 0x2b; 4084 } else { 4085 data->cmdreq_type = USB_TYPE_CLASS; 4086 data->cmdreq = 0x00; 4087 } 4088 4089 data->udev = interface_to_usbdev(intf); 4090 data->intf = intf; 4091 4092 INIT_WORK(&data->work, btusb_work); 4093 INIT_WORK(&data->waker, btusb_waker); 4094 INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work); 4095 4096 skb_queue_head_init(&data->acl_q); 4097 4098 init_usb_anchor(&data->deferred); 4099 init_usb_anchor(&data->tx_anchor); 4100 spin_lock_init(&data->txlock); 4101 4102 init_usb_anchor(&data->intr_anchor); 4103 init_usb_anchor(&data->bulk_anchor); 4104 init_usb_anchor(&data->isoc_anchor); 4105 init_usb_anchor(&data->diag_anchor); 4106 init_usb_anchor(&data->ctrl_anchor); 4107 spin_lock_init(&data->rxlock); 4108 4109 priv_size = 0; 4110 4111 data->recv_event = hci_recv_frame; 4112 data->recv_bulk = btusb_recv_bulk; 4113 4114 if (id->driver_info & BTUSB_INTEL_COMBINED) { 4115 /* Allocate extra space for Intel device */ 4116 priv_size += sizeof(struct btintel_data); 4117 4118 /* Override the rx handlers */ 4119 data->recv_event = btintel_recv_event; 4120 data->recv_bulk = btusb_recv_bulk_intel; 4121 } else if (id->driver_info & BTUSB_REALTEK) { 4122 /* Allocate extra space for Realtek device */ 4123 priv_size += sizeof(struct btrealtek_data); 4124 4125 data->recv_event = btusb_recv_event_realtek; 4126 } else if (id->driver_info & BTUSB_MEDIATEK) { 4127 /* Allocate extra space for Mediatek device */ 4128 priv_size += sizeof(struct btmtk_data); 4129 } 4130 4131 data->recv_acl = hci_recv_frame; 4132 4133 hdev = hci_alloc_dev_priv(priv_size); 4134 if (!hdev) 4135 return -ENOMEM; 4136 4137 hdev->bus = HCI_USB; 4138 hci_set_drvdata(hdev, data); 4139 4140 data->hdev = hdev; 4141 4142 SET_HCIDEV_DEV(hdev, &intf->dev); 4143 4144 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset", 4145 GPIOD_OUT_LOW); 4146 if (IS_ERR(reset_gpio)) { 4147 err = PTR_ERR(reset_gpio); 4148 goto out_free_dev; 4149 } else if (reset_gpio) { 4150 data->reset_gpio = reset_gpio; 4151 } 4152 4153 hdev->open = btusb_open; 4154 hdev->close = btusb_close; 4155 hdev->flush = btusb_flush; 4156 hdev->send = btusb_send_frame; 4157 hdev->notify = btusb_notify; 4158 hdev->wakeup = btusb_wakeup; 4159 hdev->hci_drv = &btusb_hci_drv; 4160 4161 #ifdef CONFIG_PM 4162 err = btusb_config_oob_wake(hdev); 4163 if (err) 4164 goto out_free_dev; 4165 4166 /* Marvell devices may need a specific chip configuration */ 4167 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 4168 err = marvell_config_oob_wake(hdev); 4169 if (err) 4170 goto out_free_dev; 4171 } 4172 #endif 4173 if (id->driver_info & BTUSB_CW6622) 4174 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 4175 4176 if (id->driver_info & BTUSB_BCM2045) 4177 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY); 4178 4179 if (id->driver_info & BTUSB_BCM92035) 4180 hdev->setup = btusb_setup_bcm92035; 4181 4182 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4183 (id->driver_info & BTUSB_BCM_PATCHRAM)) { 4184 hdev->manufacturer = 15; 4185 hdev->setup = btbcm_setup_patchram; 4186 hdev->set_diag = btusb_bcm_set_diag; 4187 hdev->set_bdaddr = btbcm_set_bdaddr; 4188 4189 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4190 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4191 } 4192 4193 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4194 (id->driver_info & BTUSB_BCM_APPLE)) { 4195 hdev->manufacturer = 15; 4196 hdev->setup = btbcm_setup_apple; 4197 hdev->set_diag = btusb_bcm_set_diag; 4198 4199 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4200 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4201 } 4202 4203 /* Combined Intel Device setup to support multiple setup routine */ 4204 if (id->driver_info & BTUSB_INTEL_COMBINED) { 4205 err = btintel_configure_setup(hdev, btusb_driver.name); 4206 if (err) 4207 goto out_free_dev; 4208 4209 /* Transport specific configuration */ 4210 hdev->send = btusb_send_frame_intel; 4211 hdev->reset = btusb_intel_reset; 4212 4213 if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT) 4214 btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT); 4215 4216 if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD) 4217 btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD); 4218 4219 if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED) 4220 btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED); 4221 } 4222 4223 if (id->driver_info & BTUSB_MARVELL) 4224 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 4225 4226 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) && 4227 (id->driver_info & BTUSB_MEDIATEK)) { 4228 hdev->setup = btusb_mtk_setup; 4229 hdev->shutdown = btusb_mtk_shutdown; 4230 hdev->manufacturer = 70; 4231 hdev->reset = btmtk_reset_sync; 4232 hdev->set_bdaddr = btmtk_set_bdaddr; 4233 hdev->send = btusb_send_frame_mtk; 4234 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN); 4235 hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP); 4236 data->recv_acl = btmtk_usb_recv_acl; 4237 data->suspend = btmtk_usb_suspend; 4238 data->resume = btmtk_usb_resume; 4239 data->disconnect = btusb_mtk_disconnect; 4240 } 4241 4242 if (id->driver_info & BTUSB_SWAVE) { 4243 hci_set_quirk(hdev, HCI_QUIRK_FIXUP_INQUIRY_MODE); 4244 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LOCAL_COMMANDS); 4245 } 4246 4247 if (id->driver_info & BTUSB_INTEL_BOOT) { 4248 hdev->manufacturer = 2; 4249 hci_set_quirk(hdev, HCI_QUIRK_RAW_DEVICE); 4250 } 4251 4252 if (id->driver_info & BTUSB_ATH3012) { 4253 data->setup_on_usb = btusb_setup_qca; 4254 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4255 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4256 hci_set_quirk(hdev, HCI_QUIRK_STRICT_DUPLICATE_FILTER); 4257 } 4258 4259 if (id->driver_info & BTUSB_QCA_ROME) { 4260 data->setup_on_usb = btusb_setup_qca; 4261 hdev->shutdown = btusb_shutdown_qca; 4262 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4263 hdev->reset = btusb_qca_reset; 4264 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4265 btusb_check_needs_reset_resume(intf); 4266 } 4267 4268 if (id->driver_info & BTUSB_QCA_WCN6855) { 4269 data->qca_dump.id_vendor = id->idVendor; 4270 data->qca_dump.id_product = id->idProduct; 4271 data->recv_event = btusb_recv_evt_qca; 4272 data->recv_acl = btusb_recv_acl_qca; 4273 hci_devcd_register(hdev, btusb_coredump_qca, btusb_dump_hdr_qca, NULL); 4274 data->setup_on_usb = btusb_setup_qca; 4275 hdev->classify_pkt_type = btusb_classify_qca_pkt_type; 4276 hdev->shutdown = btusb_shutdown_qca; 4277 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855; 4278 hdev->reset = btusb_qca_reset; 4279 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4280 hci_set_msft_opcode(hdev, 0xFD70); 4281 } 4282 4283 if (id->driver_info & BTUSB_AMP) { 4284 /* AMP controllers do not support SCO packets */ 4285 data->isoc = NULL; 4286 } else { 4287 /* Interface orders are hardcoded in the specification */ 4288 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 4289 data->isoc_ifnum = ifnum_base + 1; 4290 } 4291 4292 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && 4293 (id->driver_info & BTUSB_REALTEK)) { 4294 btrtl_set_driver_name(hdev, btusb_driver.name); 4295 hdev->setup = btusb_setup_realtek; 4296 hdev->shutdown = btrtl_shutdown_realtek; 4297 hdev->reset = btusb_rtl_reset; 4298 hdev->hw_error = btusb_rtl_hw_error; 4299 4300 /* Realtek devices need to set remote wakeup on auto-suspend */ 4301 set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags); 4302 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags); 4303 } 4304 4305 if (id->driver_info & BTUSB_ACTIONS_SEMI) { 4306 /* Support is advertised, but not implemented */ 4307 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ERR_DATA_REPORTING); 4308 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER); 4309 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT); 4310 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_EXT_SCAN); 4311 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE); 4312 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_EXT_CREATE_CONN); 4313 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_WRITE_AUTH_PAYLOAD_TIMEOUT); 4314 } 4315 4316 if (!reset) 4317 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4318 4319 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 4320 if (!disable_scofix) 4321 hci_set_quirk(hdev, HCI_QUIRK_FIXUP_BUFFER_SIZE); 4322 } 4323 4324 if (id->driver_info & BTUSB_BROKEN_ISOC) 4325 data->isoc = NULL; 4326 4327 if (id->driver_info & BTUSB_WIDEBAND_SPEECH) 4328 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 4329 4330 if (id->driver_info & BTUSB_INVALID_LE_STATES) 4331 hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LE_STATES); 4332 4333 if (id->driver_info & BTUSB_DIGIANSWER) { 4334 data->cmdreq_type = USB_TYPE_VENDOR; 4335 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4336 } 4337 4338 if (id->driver_info & BTUSB_CSR) { 4339 struct usb_device *udev = data->udev; 4340 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 4341 4342 /* Old firmware would otherwise execute USB reset */ 4343 if (bcdDevice < 0x117) 4344 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE); 4345 4346 /* This must be set first in case we disable it for fakes */ 4347 hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY); 4348 4349 /* Fake CSR devices with broken commands */ 4350 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && 4351 le16_to_cpu(udev->descriptor.idProduct) == 0x0001) 4352 hdev->setup = btusb_setup_csr; 4353 } 4354 4355 if (id->driver_info & BTUSB_SNIFFER) { 4356 struct usb_device *udev = data->udev; 4357 4358 /* New sniffer firmware has crippled HCI interface */ 4359 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 4360 hci_set_quirk(hdev, HCI_QUIRK_RAW_DEVICE); 4361 } 4362 4363 if (id->driver_info & BTUSB_INTEL_BOOT) { 4364 /* A bug in the bootloader causes that interrupt interface is 4365 * only enabled after receiving SetInterface(0, AltSetting=0). 4366 */ 4367 err = usb_set_interface(data->udev, 0, 0); 4368 if (err < 0) { 4369 BT_ERR("failed to set interface 0, alt 0 %d", err); 4370 goto out_free_dev; 4371 } 4372 } 4373 4374 if (data->isoc) { 4375 err = usb_driver_claim_interface(&btusb_driver, 4376 data->isoc, data); 4377 if (err < 0) 4378 goto out_free_dev; 4379 } 4380 4381 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) { 4382 if (!usb_driver_claim_interface(&btusb_driver, 4383 data->diag, data)) 4384 __set_diag_interface(hdev); 4385 else 4386 data->diag = NULL; 4387 } 4388 4389 if (enable_autosuspend) 4390 usb_enable_autosuspend(data->udev); 4391 4392 data->poll_sync = enable_poll_sync; 4393 4394 err = hci_register_dev(hdev); 4395 if (err < 0) 4396 goto out_free_dev; 4397 4398 usb_set_intfdata(intf, data); 4399 4400 debugfs_create_file("force_poll_sync", 0644, hdev->debugfs, data, 4401 &force_poll_sync_fops); 4402 4403 return 0; 4404 4405 out_free_dev: 4406 if (data->reset_gpio) 4407 gpiod_put(data->reset_gpio); 4408 hci_free_dev(hdev); 4409 return err; 4410 } 4411 4412 static void btusb_disconnect(struct usb_interface *intf) 4413 { 4414 struct btusb_data *data = usb_get_intfdata(intf); 4415 struct hci_dev *hdev; 4416 4417 BT_DBG("intf %p", intf); 4418 4419 if (!data) 4420 return; 4421 4422 hdev = data->hdev; 4423 usb_set_intfdata(data->intf, NULL); 4424 4425 if (data->isoc) 4426 usb_set_intfdata(data->isoc, NULL); 4427 4428 if (data->diag) 4429 usb_set_intfdata(data->diag, NULL); 4430 4431 if (data->disconnect) 4432 data->disconnect(hdev); 4433 4434 hci_unregister_dev(hdev); 4435 4436 if (data->oob_wake_irq) 4437 device_init_wakeup(&data->udev->dev, false); 4438 if (data->reset_gpio) 4439 gpiod_put(data->reset_gpio); 4440 4441 if (intf == data->intf) { 4442 if (data->isoc) 4443 usb_driver_release_interface(&btusb_driver, data->isoc); 4444 if (data->diag) 4445 usb_driver_release_interface(&btusb_driver, data->diag); 4446 } else if (intf == data->isoc) { 4447 if (data->diag) 4448 usb_driver_release_interface(&btusb_driver, data->diag); 4449 usb_driver_release_interface(&btusb_driver, data->intf); 4450 } else if (intf == data->diag) { 4451 if (data->isoc) 4452 usb_driver_release_interface(&btusb_driver, data->isoc); 4453 usb_driver_release_interface(&btusb_driver, data->intf); 4454 } 4455 4456 hci_free_dev(hdev); 4457 } 4458 4459 #ifdef CONFIG_PM 4460 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 4461 { 4462 struct btusb_data *data = usb_get_intfdata(intf); 4463 4464 BT_DBG("intf %p", intf); 4465 4466 /* Don't auto-suspend if there are connections; external suspend calls 4467 * shall never fail. 4468 */ 4469 if (PMSG_IS_AUTO(message) && hci_conn_count(data->hdev)) 4470 return -EBUSY; 4471 4472 if (data->suspend_count++) 4473 return 0; 4474 4475 spin_lock_irq(&data->txlock); 4476 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 4477 set_bit(BTUSB_SUSPENDING, &data->flags); 4478 spin_unlock_irq(&data->txlock); 4479 } else { 4480 spin_unlock_irq(&data->txlock); 4481 data->suspend_count--; 4482 return -EBUSY; 4483 } 4484 4485 cancel_work_sync(&data->work); 4486 4487 if (data->suspend) 4488 data->suspend(data->hdev); 4489 4490 btusb_stop_traffic(data); 4491 usb_kill_anchored_urbs(&data->tx_anchor); 4492 4493 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 4494 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 4495 enable_irq_wake(data->oob_wake_irq); 4496 enable_irq(data->oob_wake_irq); 4497 } 4498 4499 /* For global suspend, Realtek devices lose the loaded fw 4500 * in them. But for autosuspend, firmware should remain. 4501 * Actually, it depends on whether the usb host sends 4502 * set feature (enable wakeup) or not. 4503 */ 4504 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) { 4505 if (PMSG_IS_AUTO(message) && 4506 device_can_wakeup(&data->udev->dev)) 4507 data->udev->do_remote_wakeup = 1; 4508 else if (!PMSG_IS_AUTO(message) && 4509 !device_may_wakeup(&data->udev->dev)) { 4510 data->udev->do_remote_wakeup = 0; 4511 data->udev->reset_resume = 1; 4512 } 4513 } 4514 4515 return 0; 4516 } 4517 4518 static void play_deferred(struct btusb_data *data) 4519 { 4520 struct urb *urb; 4521 int err; 4522 4523 while ((urb = usb_get_from_anchor(&data->deferred))) { 4524 usb_anchor_urb(urb, &data->tx_anchor); 4525 4526 err = usb_submit_urb(urb, GFP_ATOMIC); 4527 if (err < 0) { 4528 if (err != -EPERM && err != -ENODEV) 4529 BT_ERR("%s urb %p submission failed (%d)", 4530 data->hdev->name, urb, -err); 4531 kfree(urb->setup_packet); 4532 usb_unanchor_urb(urb); 4533 usb_free_urb(urb); 4534 break; 4535 } 4536 4537 data->tx_in_flight++; 4538 usb_free_urb(urb); 4539 } 4540 4541 /* Cleanup the rest deferred urbs. */ 4542 while ((urb = usb_get_from_anchor(&data->deferred))) { 4543 kfree(urb->setup_packet); 4544 usb_free_urb(urb); 4545 } 4546 } 4547 4548 static int btusb_resume(struct usb_interface *intf) 4549 { 4550 struct btusb_data *data = usb_get_intfdata(intf); 4551 struct hci_dev *hdev = data->hdev; 4552 int err = 0; 4553 4554 BT_DBG("intf %p", intf); 4555 4556 if (--data->suspend_count) 4557 return 0; 4558 4559 /* Disable only if not already disabled (keep it balanced) */ 4560 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 4561 disable_irq(data->oob_wake_irq); 4562 disable_irq_wake(data->oob_wake_irq); 4563 } 4564 4565 if (!test_bit(HCI_RUNNING, &hdev->flags)) 4566 goto done; 4567 4568 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 4569 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 4570 if (err < 0) { 4571 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 4572 goto failed; 4573 } 4574 } 4575 4576 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 4577 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 4578 if (err < 0) { 4579 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 4580 goto failed; 4581 } 4582 4583 btusb_submit_bulk_urb(hdev, GFP_NOIO); 4584 } 4585 4586 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 4587 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 4588 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 4589 else 4590 btusb_submit_isoc_urb(hdev, GFP_NOIO); 4591 } 4592 4593 if (data->resume) 4594 data->resume(hdev); 4595 4596 spin_lock_irq(&data->txlock); 4597 play_deferred(data); 4598 clear_bit(BTUSB_SUSPENDING, &data->flags); 4599 spin_unlock_irq(&data->txlock); 4600 schedule_work(&data->work); 4601 4602 return 0; 4603 4604 failed: 4605 usb_scuttle_anchored_urbs(&data->deferred); 4606 done: 4607 spin_lock_irq(&data->txlock); 4608 clear_bit(BTUSB_SUSPENDING, &data->flags); 4609 spin_unlock_irq(&data->txlock); 4610 4611 return err; 4612 } 4613 #endif 4614 4615 #ifdef CONFIG_DEV_COREDUMP 4616 static void btusb_coredump(struct device *dev) 4617 { 4618 struct btusb_data *data = dev_get_drvdata(dev); 4619 struct hci_dev *hdev = data->hdev; 4620 4621 if (hdev->dump.coredump) 4622 hdev->dump.coredump(hdev); 4623 } 4624 #endif 4625 4626 static struct usb_driver btusb_driver = { 4627 .name = "btusb", 4628 .probe = btusb_probe, 4629 .disconnect = btusb_disconnect, 4630 #ifdef CONFIG_PM 4631 .suspend = btusb_suspend, 4632 .resume = btusb_resume, 4633 #endif 4634 .id_table = btusb_table, 4635 .supports_autosuspend = 1, 4636 .disable_hub_initiated_lpm = 1, 4637 4638 #ifdef CONFIG_DEV_COREDUMP 4639 .driver = { 4640 .coredump = btusb_coredump, 4641 }, 4642 #endif 4643 }; 4644 4645 module_usb_driver(btusb_driver); 4646 4647 module_param(disable_scofix, bool, 0644); 4648 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 4649 4650 module_param(force_scofix, bool, 0644); 4651 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 4652 4653 module_param(enable_autosuspend, bool, 0644); 4654 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 4655 4656 module_param(reset, bool, 0644); 4657 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 4658 4659 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4660 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 4661 MODULE_VERSION(VERSION); 4662 MODULE_LICENSE("GPL"); 4663