1 /* 2 * 3 * Generic Bluetooth USB driver 4 * 5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include <linux/module.h> 25 #include <linux/usb.h> 26 #include <linux/usb/quirks.h> 27 #include <linux/firmware.h> 28 #include <linux/of_device.h> 29 #include <linux/of_irq.h> 30 #include <linux/suspend.h> 31 #include <asm/unaligned.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 36 #include "btintel.h" 37 #include "btbcm.h" 38 #include "btrtl.h" 39 40 #define VERSION "0.8" 41 42 static bool disable_scofix; 43 static bool force_scofix; 44 static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 45 46 static bool reset = true; 47 48 static struct usb_driver btusb_driver; 49 50 #define BTUSB_IGNORE 0x01 51 #define BTUSB_DIGIANSWER 0x02 52 #define BTUSB_CSR 0x04 53 #define BTUSB_SNIFFER 0x08 54 #define BTUSB_BCM92035 0x10 55 #define BTUSB_BROKEN_ISOC 0x20 56 #define BTUSB_WRONG_SCO_MTU 0x40 57 #define BTUSB_ATH3012 0x80 58 #define BTUSB_INTEL 0x100 59 #define BTUSB_INTEL_BOOT 0x200 60 #define BTUSB_BCM_PATCHRAM 0x400 61 #define BTUSB_MARVELL 0x800 62 #define BTUSB_SWAVE 0x1000 63 #define BTUSB_INTEL_NEW 0x2000 64 #define BTUSB_AMP 0x4000 65 #define BTUSB_QCA_ROME 0x8000 66 #define BTUSB_BCM_APPLE 0x10000 67 #define BTUSB_REALTEK 0x20000 68 #define BTUSB_BCM2045 0x40000 69 #define BTUSB_IFNUM_2 0x80000 70 #define BTUSB_CW6622 0x100000 71 72 static const struct usb_device_id btusb_table[] = { 73 /* Generic Bluetooth USB device */ 74 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 75 76 /* Generic Bluetooth AMP device */ 77 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 78 79 /* Generic Bluetooth USB interface */ 80 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 81 82 /* Apple-specific (Broadcom) devices */ 83 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 84 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 85 86 /* MediaTek MT76x0E */ 87 { USB_DEVICE(0x0e8d, 0x763f) }, 88 89 /* Broadcom SoftSailing reporting vendor specific */ 90 { USB_DEVICE(0x0a5c, 0x21e1) }, 91 92 /* Apple MacBookPro 7,1 */ 93 { USB_DEVICE(0x05ac, 0x8213) }, 94 95 /* Apple iMac11,1 */ 96 { USB_DEVICE(0x05ac, 0x8215) }, 97 98 /* Apple MacBookPro6,2 */ 99 { USB_DEVICE(0x05ac, 0x8218) }, 100 101 /* Apple MacBookAir3,1, MacBookAir3,2 */ 102 { USB_DEVICE(0x05ac, 0x821b) }, 103 104 /* Apple MacBookAir4,1 */ 105 { USB_DEVICE(0x05ac, 0x821f) }, 106 107 /* Apple MacBookPro8,2 */ 108 { USB_DEVICE(0x05ac, 0x821a) }, 109 110 /* Apple MacMini5,1 */ 111 { USB_DEVICE(0x05ac, 0x8281) }, 112 113 /* AVM BlueFRITZ! USB v2.0 */ 114 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 115 116 /* Bluetooth Ultraport Module from IBM */ 117 { USB_DEVICE(0x04bf, 0x030a) }, 118 119 /* ALPS Modules with non-standard id */ 120 { USB_DEVICE(0x044e, 0x3001) }, 121 { USB_DEVICE(0x044e, 0x3002) }, 122 123 /* Ericsson with non-standard id */ 124 { USB_DEVICE(0x0bdb, 0x1002) }, 125 126 /* Canyon CN-BTU1 with HID interfaces */ 127 { USB_DEVICE(0x0c10, 0x0000) }, 128 129 /* Broadcom BCM20702A0 */ 130 { USB_DEVICE(0x413c, 0x8197) }, 131 132 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 133 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 134 135 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 136 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 137 .driver_info = BTUSB_BCM_PATCHRAM }, 138 139 /* Broadcom BCM920703 (HTC Vive) */ 140 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 141 .driver_info = BTUSB_BCM_PATCHRAM }, 142 143 /* Foxconn - Hon Hai */ 144 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 145 .driver_info = BTUSB_BCM_PATCHRAM }, 146 147 /* Lite-On Technology - Broadcom based */ 148 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 149 .driver_info = BTUSB_BCM_PATCHRAM }, 150 151 /* Broadcom devices with vendor specific id */ 152 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 153 .driver_info = BTUSB_BCM_PATCHRAM }, 154 155 /* ASUSTek Computer - Broadcom based */ 156 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 157 .driver_info = BTUSB_BCM_PATCHRAM }, 158 159 /* Belkin F8065bf - Broadcom based */ 160 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 161 .driver_info = BTUSB_BCM_PATCHRAM }, 162 163 /* IMC Networks - Broadcom based */ 164 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 165 .driver_info = BTUSB_BCM_PATCHRAM }, 166 167 /* Dell Computer - Broadcom based */ 168 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 169 .driver_info = BTUSB_BCM_PATCHRAM }, 170 171 /* Toshiba Corp - Broadcom based */ 172 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 173 .driver_info = BTUSB_BCM_PATCHRAM }, 174 175 /* Intel Bluetooth USB Bootloader (RAM module) */ 176 { USB_DEVICE(0x8087, 0x0a5a), 177 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 178 179 { } /* Terminating entry */ 180 }; 181 182 MODULE_DEVICE_TABLE(usb, btusb_table); 183 184 static const struct usb_device_id blacklist_table[] = { 185 /* CSR BlueCore devices */ 186 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 187 188 /* Broadcom BCM2033 without firmware */ 189 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 190 191 /* Broadcom BCM2045 devices */ 192 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 193 194 /* Atheros 3011 with sflash firmware */ 195 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 196 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 197 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 198 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 199 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 200 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 201 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 202 203 /* Atheros AR9285 Malbec with sflash firmware */ 204 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 205 206 /* Atheros 3012 with sflash firmware */ 207 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 249 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 250 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 251 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 252 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 253 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 254 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 255 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 256 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 257 258 /* Atheros AR5BBU12 with sflash firmware */ 259 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 260 261 /* Atheros AR5BBU12 with sflash firmware */ 262 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 263 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 264 265 /* QCA ROME chipset */ 266 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, 267 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, 268 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME }, 269 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, 270 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME }, 271 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, 272 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME }, 273 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME }, 274 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME }, 275 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME }, 276 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME }, 277 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME }, 278 279 /* Broadcom BCM2035 */ 280 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 281 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 282 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 283 284 /* Broadcom BCM2045 */ 285 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 286 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 287 288 /* IBM/Lenovo ThinkPad with Broadcom chip */ 289 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 290 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 291 292 /* HP laptop with Broadcom chip */ 293 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 294 295 /* Dell laptop with Broadcom chip */ 296 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 297 298 /* Dell Wireless 370 and 410 devices */ 299 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 300 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 301 302 /* Belkin F8T012 and F8T013 devices */ 303 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 304 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 305 306 /* Asus WL-BTD202 device */ 307 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 308 309 /* Kensington Bluetooth USB adapter */ 310 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 311 312 /* RTX Telecom based adapters with buggy SCO support */ 313 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 314 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 315 316 /* CONWISE Technology based adapters with buggy SCO support */ 317 { USB_DEVICE(0x0e5e, 0x6622), 318 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 319 320 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 321 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 322 323 /* Digianswer devices */ 324 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 325 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 326 327 /* CSR BlueCore Bluetooth Sniffer */ 328 { USB_DEVICE(0x0a12, 0x0002), 329 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 330 331 /* Frontline ComProbe Bluetooth Sniffer */ 332 { USB_DEVICE(0x16d3, 0x0002), 333 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 334 335 /* Marvell Bluetooth devices */ 336 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 337 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 338 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 339 340 /* Intel Bluetooth devices */ 341 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW }, 342 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW }, 343 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 344 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, 345 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, 346 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, 347 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL }, 348 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW }, 349 350 /* Other Intel Bluetooth devices */ 351 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 352 .driver_info = BTUSB_IGNORE }, 353 354 /* Realtek Bluetooth devices */ 355 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 356 .driver_info = BTUSB_REALTEK }, 357 358 /* Additional Realtek 8723AE Bluetooth devices */ 359 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 360 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 361 362 /* Additional Realtek 8723BE Bluetooth devices */ 363 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 364 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 365 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 366 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 367 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 368 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 369 370 /* Additional Realtek 8821AE Bluetooth devices */ 371 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 372 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 373 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 374 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 375 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 376 377 /* Additional Realtek 8822BE Bluetooth devices */ 378 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 379 380 /* Silicon Wave based devices */ 381 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 382 383 { } /* Terminating entry */ 384 }; 385 386 #define BTUSB_MAX_ISOC_FRAMES 10 387 388 #define BTUSB_INTR_RUNNING 0 389 #define BTUSB_BULK_RUNNING 1 390 #define BTUSB_ISOC_RUNNING 2 391 #define BTUSB_SUSPENDING 3 392 #define BTUSB_DID_ISO_RESUME 4 393 #define BTUSB_BOOTLOADER 5 394 #define BTUSB_DOWNLOADING 6 395 #define BTUSB_FIRMWARE_LOADED 7 396 #define BTUSB_FIRMWARE_FAILED 8 397 #define BTUSB_BOOTING 9 398 #define BTUSB_DIAG_RUNNING 10 399 #define BTUSB_OOB_WAKE_ENABLED 11 400 401 struct btusb_data { 402 struct hci_dev *hdev; 403 struct usb_device *udev; 404 struct usb_interface *intf; 405 struct usb_interface *isoc; 406 struct usb_interface *diag; 407 unsigned isoc_ifnum; 408 409 unsigned long flags; 410 411 struct work_struct work; 412 struct work_struct waker; 413 414 struct usb_anchor deferred; 415 struct usb_anchor tx_anchor; 416 int tx_in_flight; 417 spinlock_t txlock; 418 419 struct usb_anchor intr_anchor; 420 struct usb_anchor bulk_anchor; 421 struct usb_anchor isoc_anchor; 422 struct usb_anchor diag_anchor; 423 spinlock_t rxlock; 424 425 struct sk_buff *evt_skb; 426 struct sk_buff *acl_skb; 427 struct sk_buff *sco_skb; 428 429 struct usb_endpoint_descriptor *intr_ep; 430 struct usb_endpoint_descriptor *bulk_tx_ep; 431 struct usb_endpoint_descriptor *bulk_rx_ep; 432 struct usb_endpoint_descriptor *isoc_tx_ep; 433 struct usb_endpoint_descriptor *isoc_rx_ep; 434 struct usb_endpoint_descriptor *diag_tx_ep; 435 struct usb_endpoint_descriptor *diag_rx_ep; 436 437 __u8 cmdreq_type; 438 __u8 cmdreq; 439 440 unsigned int sco_num; 441 int isoc_altsetting; 442 int suspend_count; 443 444 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 445 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 446 447 int (*setup_on_usb)(struct hci_dev *hdev); 448 449 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 450 }; 451 452 static inline void btusb_free_frags(struct btusb_data *data) 453 { 454 unsigned long flags; 455 456 spin_lock_irqsave(&data->rxlock, flags); 457 458 kfree_skb(data->evt_skb); 459 data->evt_skb = NULL; 460 461 kfree_skb(data->acl_skb); 462 data->acl_skb = NULL; 463 464 kfree_skb(data->sco_skb); 465 data->sco_skb = NULL; 466 467 spin_unlock_irqrestore(&data->rxlock, flags); 468 } 469 470 static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 471 { 472 struct sk_buff *skb; 473 int err = 0; 474 475 spin_lock(&data->rxlock); 476 skb = data->evt_skb; 477 478 while (count) { 479 int len; 480 481 if (!skb) { 482 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 483 if (!skb) { 484 err = -ENOMEM; 485 break; 486 } 487 488 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 489 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 490 } 491 492 len = min_t(uint, hci_skb_expect(skb), count); 493 skb_put_data(skb, buffer, len); 494 495 count -= len; 496 buffer += len; 497 hci_skb_expect(skb) -= len; 498 499 if (skb->len == HCI_EVENT_HDR_SIZE) { 500 /* Complete event header */ 501 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 502 503 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 504 kfree_skb(skb); 505 skb = NULL; 506 507 err = -EILSEQ; 508 break; 509 } 510 } 511 512 if (!hci_skb_expect(skb)) { 513 /* Complete frame */ 514 data->recv_event(data->hdev, skb); 515 skb = NULL; 516 } 517 } 518 519 data->evt_skb = skb; 520 spin_unlock(&data->rxlock); 521 522 return err; 523 } 524 525 static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 526 { 527 struct sk_buff *skb; 528 int err = 0; 529 530 spin_lock(&data->rxlock); 531 skb = data->acl_skb; 532 533 while (count) { 534 int len; 535 536 if (!skb) { 537 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 538 if (!skb) { 539 err = -ENOMEM; 540 break; 541 } 542 543 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 544 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 545 } 546 547 len = min_t(uint, hci_skb_expect(skb), count); 548 skb_put_data(skb, buffer, len); 549 550 count -= len; 551 buffer += len; 552 hci_skb_expect(skb) -= len; 553 554 if (skb->len == HCI_ACL_HDR_SIZE) { 555 __le16 dlen = hci_acl_hdr(skb)->dlen; 556 557 /* Complete ACL header */ 558 hci_skb_expect(skb) = __le16_to_cpu(dlen); 559 560 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 561 kfree_skb(skb); 562 skb = NULL; 563 564 err = -EILSEQ; 565 break; 566 } 567 } 568 569 if (!hci_skb_expect(skb)) { 570 /* Complete frame */ 571 hci_recv_frame(data->hdev, skb); 572 skb = NULL; 573 } 574 } 575 576 data->acl_skb = skb; 577 spin_unlock(&data->rxlock); 578 579 return err; 580 } 581 582 static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 583 { 584 struct sk_buff *skb; 585 int err = 0; 586 587 spin_lock(&data->rxlock); 588 skb = data->sco_skb; 589 590 while (count) { 591 int len; 592 593 if (!skb) { 594 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 595 if (!skb) { 596 err = -ENOMEM; 597 break; 598 } 599 600 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 601 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 602 } 603 604 len = min_t(uint, hci_skb_expect(skb), count); 605 skb_put_data(skb, buffer, len); 606 607 count -= len; 608 buffer += len; 609 hci_skb_expect(skb) -= len; 610 611 if (skb->len == HCI_SCO_HDR_SIZE) { 612 /* Complete SCO header */ 613 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; 614 615 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 616 kfree_skb(skb); 617 skb = NULL; 618 619 err = -EILSEQ; 620 break; 621 } 622 } 623 624 if (!hci_skb_expect(skb)) { 625 /* Complete frame */ 626 hci_recv_frame(data->hdev, skb); 627 skb = NULL; 628 } 629 } 630 631 data->sco_skb = skb; 632 spin_unlock(&data->rxlock); 633 634 return err; 635 } 636 637 static void btusb_intr_complete(struct urb *urb) 638 { 639 struct hci_dev *hdev = urb->context; 640 struct btusb_data *data = hci_get_drvdata(hdev); 641 int err; 642 643 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 644 urb->actual_length); 645 646 if (!test_bit(HCI_RUNNING, &hdev->flags)) 647 return; 648 649 if (urb->status == 0) { 650 hdev->stat.byte_rx += urb->actual_length; 651 652 if (btusb_recv_intr(data, urb->transfer_buffer, 653 urb->actual_length) < 0) { 654 bt_dev_err(hdev, "corrupted event packet"); 655 hdev->stat.err_rx++; 656 } 657 } else if (urb->status == -ENOENT) { 658 /* Avoid suspend failed when usb_kill_urb */ 659 return; 660 } 661 662 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 663 return; 664 665 usb_mark_last_busy(data->udev); 666 usb_anchor_urb(urb, &data->intr_anchor); 667 668 err = usb_submit_urb(urb, GFP_ATOMIC); 669 if (err < 0) { 670 /* -EPERM: urb is being killed; 671 * -ENODEV: device got disconnected 672 */ 673 if (err != -EPERM && err != -ENODEV) 674 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 675 urb, -err); 676 usb_unanchor_urb(urb); 677 } 678 } 679 680 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 681 { 682 struct btusb_data *data = hci_get_drvdata(hdev); 683 struct urb *urb; 684 unsigned char *buf; 685 unsigned int pipe; 686 int err, size; 687 688 BT_DBG("%s", hdev->name); 689 690 if (!data->intr_ep) 691 return -ENODEV; 692 693 urb = usb_alloc_urb(0, mem_flags); 694 if (!urb) 695 return -ENOMEM; 696 697 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 698 699 buf = kmalloc(size, mem_flags); 700 if (!buf) { 701 usb_free_urb(urb); 702 return -ENOMEM; 703 } 704 705 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 706 707 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 708 btusb_intr_complete, hdev, data->intr_ep->bInterval); 709 710 urb->transfer_flags |= URB_FREE_BUFFER; 711 712 usb_anchor_urb(urb, &data->intr_anchor); 713 714 err = usb_submit_urb(urb, mem_flags); 715 if (err < 0) { 716 if (err != -EPERM && err != -ENODEV) 717 bt_dev_err(hdev, "urb %p submission failed (%d)", 718 urb, -err); 719 usb_unanchor_urb(urb); 720 } 721 722 usb_free_urb(urb); 723 724 return err; 725 } 726 727 static void btusb_bulk_complete(struct urb *urb) 728 { 729 struct hci_dev *hdev = urb->context; 730 struct btusb_data *data = hci_get_drvdata(hdev); 731 int err; 732 733 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 734 urb->actual_length); 735 736 if (!test_bit(HCI_RUNNING, &hdev->flags)) 737 return; 738 739 if (urb->status == 0) { 740 hdev->stat.byte_rx += urb->actual_length; 741 742 if (data->recv_bulk(data, urb->transfer_buffer, 743 urb->actual_length) < 0) { 744 bt_dev_err(hdev, "corrupted ACL packet"); 745 hdev->stat.err_rx++; 746 } 747 } else if (urb->status == -ENOENT) { 748 /* Avoid suspend failed when usb_kill_urb */ 749 return; 750 } 751 752 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 753 return; 754 755 usb_anchor_urb(urb, &data->bulk_anchor); 756 usb_mark_last_busy(data->udev); 757 758 err = usb_submit_urb(urb, GFP_ATOMIC); 759 if (err < 0) { 760 /* -EPERM: urb is being killed; 761 * -ENODEV: device got disconnected 762 */ 763 if (err != -EPERM && err != -ENODEV) 764 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 765 urb, -err); 766 usb_unanchor_urb(urb); 767 } 768 } 769 770 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 771 { 772 struct btusb_data *data = hci_get_drvdata(hdev); 773 struct urb *urb; 774 unsigned char *buf; 775 unsigned int pipe; 776 int err, size = HCI_MAX_FRAME_SIZE; 777 778 BT_DBG("%s", hdev->name); 779 780 if (!data->bulk_rx_ep) 781 return -ENODEV; 782 783 urb = usb_alloc_urb(0, mem_flags); 784 if (!urb) 785 return -ENOMEM; 786 787 buf = kmalloc(size, mem_flags); 788 if (!buf) { 789 usb_free_urb(urb); 790 return -ENOMEM; 791 } 792 793 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 794 795 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 796 btusb_bulk_complete, hdev); 797 798 urb->transfer_flags |= URB_FREE_BUFFER; 799 800 usb_mark_last_busy(data->udev); 801 usb_anchor_urb(urb, &data->bulk_anchor); 802 803 err = usb_submit_urb(urb, mem_flags); 804 if (err < 0) { 805 if (err != -EPERM && err != -ENODEV) 806 bt_dev_err(hdev, "urb %p submission failed (%d)", 807 urb, -err); 808 usb_unanchor_urb(urb); 809 } 810 811 usb_free_urb(urb); 812 813 return err; 814 } 815 816 static void btusb_isoc_complete(struct urb *urb) 817 { 818 struct hci_dev *hdev = urb->context; 819 struct btusb_data *data = hci_get_drvdata(hdev); 820 int i, err; 821 822 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 823 urb->actual_length); 824 825 if (!test_bit(HCI_RUNNING, &hdev->flags)) 826 return; 827 828 if (urb->status == 0) { 829 for (i = 0; i < urb->number_of_packets; i++) { 830 unsigned int offset = urb->iso_frame_desc[i].offset; 831 unsigned int length = urb->iso_frame_desc[i].actual_length; 832 833 if (urb->iso_frame_desc[i].status) 834 continue; 835 836 hdev->stat.byte_rx += length; 837 838 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 839 length) < 0) { 840 bt_dev_err(hdev, "corrupted SCO packet"); 841 hdev->stat.err_rx++; 842 } 843 } 844 } else if (urb->status == -ENOENT) { 845 /* Avoid suspend failed when usb_kill_urb */ 846 return; 847 } 848 849 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 850 return; 851 852 usb_anchor_urb(urb, &data->isoc_anchor); 853 854 err = usb_submit_urb(urb, GFP_ATOMIC); 855 if (err < 0) { 856 /* -EPERM: urb is being killed; 857 * -ENODEV: device got disconnected 858 */ 859 if (err != -EPERM && err != -ENODEV) 860 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 861 urb, -err); 862 usb_unanchor_urb(urb); 863 } 864 } 865 866 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 867 { 868 int i, offset = 0; 869 870 BT_DBG("len %d mtu %d", len, mtu); 871 872 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 873 i++, offset += mtu, len -= mtu) { 874 urb->iso_frame_desc[i].offset = offset; 875 urb->iso_frame_desc[i].length = mtu; 876 } 877 878 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 879 urb->iso_frame_desc[i].offset = offset; 880 urb->iso_frame_desc[i].length = len; 881 i++; 882 } 883 884 urb->number_of_packets = i; 885 } 886 887 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 888 { 889 struct btusb_data *data = hci_get_drvdata(hdev); 890 struct urb *urb; 891 unsigned char *buf; 892 unsigned int pipe; 893 int err, size; 894 895 BT_DBG("%s", hdev->name); 896 897 if (!data->isoc_rx_ep) 898 return -ENODEV; 899 900 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 901 if (!urb) 902 return -ENOMEM; 903 904 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 905 BTUSB_MAX_ISOC_FRAMES; 906 907 buf = kmalloc(size, mem_flags); 908 if (!buf) { 909 usb_free_urb(urb); 910 return -ENOMEM; 911 } 912 913 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 914 915 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 916 hdev, data->isoc_rx_ep->bInterval); 917 918 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 919 920 __fill_isoc_descriptor(urb, size, 921 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 922 923 usb_anchor_urb(urb, &data->isoc_anchor); 924 925 err = usb_submit_urb(urb, mem_flags); 926 if (err < 0) { 927 if (err != -EPERM && err != -ENODEV) 928 bt_dev_err(hdev, "urb %p submission failed (%d)", 929 urb, -err); 930 usb_unanchor_urb(urb); 931 } 932 933 usb_free_urb(urb); 934 935 return err; 936 } 937 938 static void btusb_diag_complete(struct urb *urb) 939 { 940 struct hci_dev *hdev = urb->context; 941 struct btusb_data *data = hci_get_drvdata(hdev); 942 int err; 943 944 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 945 urb->actual_length); 946 947 if (urb->status == 0) { 948 struct sk_buff *skb; 949 950 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 951 if (skb) { 952 skb_put_data(skb, urb->transfer_buffer, 953 urb->actual_length); 954 hci_recv_diag(hdev, skb); 955 } 956 } else if (urb->status == -ENOENT) { 957 /* Avoid suspend failed when usb_kill_urb */ 958 return; 959 } 960 961 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 962 return; 963 964 usb_anchor_urb(urb, &data->diag_anchor); 965 usb_mark_last_busy(data->udev); 966 967 err = usb_submit_urb(urb, GFP_ATOMIC); 968 if (err < 0) { 969 /* -EPERM: urb is being killed; 970 * -ENODEV: device got disconnected 971 */ 972 if (err != -EPERM && err != -ENODEV) 973 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 974 urb, -err); 975 usb_unanchor_urb(urb); 976 } 977 } 978 979 static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 980 { 981 struct btusb_data *data = hci_get_drvdata(hdev); 982 struct urb *urb; 983 unsigned char *buf; 984 unsigned int pipe; 985 int err, size = HCI_MAX_FRAME_SIZE; 986 987 BT_DBG("%s", hdev->name); 988 989 if (!data->diag_rx_ep) 990 return -ENODEV; 991 992 urb = usb_alloc_urb(0, mem_flags); 993 if (!urb) 994 return -ENOMEM; 995 996 buf = kmalloc(size, mem_flags); 997 if (!buf) { 998 usb_free_urb(urb); 999 return -ENOMEM; 1000 } 1001 1002 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1003 1004 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1005 btusb_diag_complete, hdev); 1006 1007 urb->transfer_flags |= URB_FREE_BUFFER; 1008 1009 usb_mark_last_busy(data->udev); 1010 usb_anchor_urb(urb, &data->diag_anchor); 1011 1012 err = usb_submit_urb(urb, mem_flags); 1013 if (err < 0) { 1014 if (err != -EPERM && err != -ENODEV) 1015 bt_dev_err(hdev, "urb %p submission failed (%d)", 1016 urb, -err); 1017 usb_unanchor_urb(urb); 1018 } 1019 1020 usb_free_urb(urb); 1021 1022 return err; 1023 } 1024 1025 static void btusb_tx_complete(struct urb *urb) 1026 { 1027 struct sk_buff *skb = urb->context; 1028 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1029 struct btusb_data *data = hci_get_drvdata(hdev); 1030 1031 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1032 urb->actual_length); 1033 1034 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1035 goto done; 1036 1037 if (!urb->status) 1038 hdev->stat.byte_tx += urb->transfer_buffer_length; 1039 else 1040 hdev->stat.err_tx++; 1041 1042 done: 1043 spin_lock(&data->txlock); 1044 data->tx_in_flight--; 1045 spin_unlock(&data->txlock); 1046 1047 kfree(urb->setup_packet); 1048 1049 kfree_skb(skb); 1050 } 1051 1052 static void btusb_isoc_tx_complete(struct urb *urb) 1053 { 1054 struct sk_buff *skb = urb->context; 1055 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1056 1057 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1058 urb->actual_length); 1059 1060 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1061 goto done; 1062 1063 if (!urb->status) 1064 hdev->stat.byte_tx += urb->transfer_buffer_length; 1065 else 1066 hdev->stat.err_tx++; 1067 1068 done: 1069 kfree(urb->setup_packet); 1070 1071 kfree_skb(skb); 1072 } 1073 1074 static int btusb_open(struct hci_dev *hdev) 1075 { 1076 struct btusb_data *data = hci_get_drvdata(hdev); 1077 int err; 1078 1079 BT_DBG("%s", hdev->name); 1080 1081 err = usb_autopm_get_interface(data->intf); 1082 if (err < 0) 1083 return err; 1084 1085 /* Patching USB firmware files prior to starting any URBs of HCI path 1086 * It is more safe to use USB bulk channel for downloading USB patch 1087 */ 1088 if (data->setup_on_usb) { 1089 err = data->setup_on_usb(hdev); 1090 if (err < 0) 1091 return err; 1092 } 1093 1094 data->intf->needs_remote_wakeup = 1; 1095 /* device specific wakeup source enabled and required for USB 1096 * remote wakeup while host is suspended 1097 */ 1098 device_wakeup_enable(&data->udev->dev); 1099 1100 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1101 goto done; 1102 1103 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1104 if (err < 0) 1105 goto failed; 1106 1107 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1108 if (err < 0) { 1109 usb_kill_anchored_urbs(&data->intr_anchor); 1110 goto failed; 1111 } 1112 1113 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1114 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1115 1116 if (data->diag) { 1117 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1118 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1119 } 1120 1121 done: 1122 usb_autopm_put_interface(data->intf); 1123 return 0; 1124 1125 failed: 1126 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1127 usb_autopm_put_interface(data->intf); 1128 return err; 1129 } 1130 1131 static void btusb_stop_traffic(struct btusb_data *data) 1132 { 1133 usb_kill_anchored_urbs(&data->intr_anchor); 1134 usb_kill_anchored_urbs(&data->bulk_anchor); 1135 usb_kill_anchored_urbs(&data->isoc_anchor); 1136 usb_kill_anchored_urbs(&data->diag_anchor); 1137 } 1138 1139 static int btusb_close(struct hci_dev *hdev) 1140 { 1141 struct btusb_data *data = hci_get_drvdata(hdev); 1142 int err; 1143 1144 BT_DBG("%s", hdev->name); 1145 1146 cancel_work_sync(&data->work); 1147 cancel_work_sync(&data->waker); 1148 1149 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1150 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1151 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1152 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1153 1154 btusb_stop_traffic(data); 1155 btusb_free_frags(data); 1156 1157 err = usb_autopm_get_interface(data->intf); 1158 if (err < 0) 1159 goto failed; 1160 1161 data->intf->needs_remote_wakeup = 0; 1162 device_wakeup_disable(&data->udev->dev); 1163 usb_autopm_put_interface(data->intf); 1164 1165 failed: 1166 usb_scuttle_anchored_urbs(&data->deferred); 1167 return 0; 1168 } 1169 1170 static int btusb_flush(struct hci_dev *hdev) 1171 { 1172 struct btusb_data *data = hci_get_drvdata(hdev); 1173 1174 BT_DBG("%s", hdev->name); 1175 1176 usb_kill_anchored_urbs(&data->tx_anchor); 1177 btusb_free_frags(data); 1178 1179 return 0; 1180 } 1181 1182 static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1183 { 1184 struct btusb_data *data = hci_get_drvdata(hdev); 1185 struct usb_ctrlrequest *dr; 1186 struct urb *urb; 1187 unsigned int pipe; 1188 1189 urb = usb_alloc_urb(0, GFP_KERNEL); 1190 if (!urb) 1191 return ERR_PTR(-ENOMEM); 1192 1193 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1194 if (!dr) { 1195 usb_free_urb(urb); 1196 return ERR_PTR(-ENOMEM); 1197 } 1198 1199 dr->bRequestType = data->cmdreq_type; 1200 dr->bRequest = data->cmdreq; 1201 dr->wIndex = 0; 1202 dr->wValue = 0; 1203 dr->wLength = __cpu_to_le16(skb->len); 1204 1205 pipe = usb_sndctrlpipe(data->udev, 0x00); 1206 1207 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1208 skb->data, skb->len, btusb_tx_complete, skb); 1209 1210 skb->dev = (void *)hdev; 1211 1212 return urb; 1213 } 1214 1215 static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1216 { 1217 struct btusb_data *data = hci_get_drvdata(hdev); 1218 struct urb *urb; 1219 unsigned int pipe; 1220 1221 if (!data->bulk_tx_ep) 1222 return ERR_PTR(-ENODEV); 1223 1224 urb = usb_alloc_urb(0, GFP_KERNEL); 1225 if (!urb) 1226 return ERR_PTR(-ENOMEM); 1227 1228 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1229 1230 usb_fill_bulk_urb(urb, data->udev, pipe, 1231 skb->data, skb->len, btusb_tx_complete, skb); 1232 1233 skb->dev = (void *)hdev; 1234 1235 return urb; 1236 } 1237 1238 static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1239 { 1240 struct btusb_data *data = hci_get_drvdata(hdev); 1241 struct urb *urb; 1242 unsigned int pipe; 1243 1244 if (!data->isoc_tx_ep) 1245 return ERR_PTR(-ENODEV); 1246 1247 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1248 if (!urb) 1249 return ERR_PTR(-ENOMEM); 1250 1251 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1252 1253 usb_fill_int_urb(urb, data->udev, pipe, 1254 skb->data, skb->len, btusb_isoc_tx_complete, 1255 skb, data->isoc_tx_ep->bInterval); 1256 1257 urb->transfer_flags = URB_ISO_ASAP; 1258 1259 __fill_isoc_descriptor(urb, skb->len, 1260 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1261 1262 skb->dev = (void *)hdev; 1263 1264 return urb; 1265 } 1266 1267 static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1268 { 1269 struct btusb_data *data = hci_get_drvdata(hdev); 1270 int err; 1271 1272 usb_anchor_urb(urb, &data->tx_anchor); 1273 1274 err = usb_submit_urb(urb, GFP_KERNEL); 1275 if (err < 0) { 1276 if (err != -EPERM && err != -ENODEV) 1277 bt_dev_err(hdev, "urb %p submission failed (%d)", 1278 urb, -err); 1279 kfree(urb->setup_packet); 1280 usb_unanchor_urb(urb); 1281 } else { 1282 usb_mark_last_busy(data->udev); 1283 } 1284 1285 usb_free_urb(urb); 1286 return err; 1287 } 1288 1289 static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1290 { 1291 struct btusb_data *data = hci_get_drvdata(hdev); 1292 unsigned long flags; 1293 bool suspending; 1294 1295 spin_lock_irqsave(&data->txlock, flags); 1296 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1297 if (!suspending) 1298 data->tx_in_flight++; 1299 spin_unlock_irqrestore(&data->txlock, flags); 1300 1301 if (!suspending) 1302 return submit_tx_urb(hdev, urb); 1303 1304 usb_anchor_urb(urb, &data->deferred); 1305 schedule_work(&data->waker); 1306 1307 usb_free_urb(urb); 1308 return 0; 1309 } 1310 1311 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1312 { 1313 struct urb *urb; 1314 1315 BT_DBG("%s", hdev->name); 1316 1317 switch (hci_skb_pkt_type(skb)) { 1318 case HCI_COMMAND_PKT: 1319 urb = alloc_ctrl_urb(hdev, skb); 1320 if (IS_ERR(urb)) 1321 return PTR_ERR(urb); 1322 1323 hdev->stat.cmd_tx++; 1324 return submit_or_queue_tx_urb(hdev, urb); 1325 1326 case HCI_ACLDATA_PKT: 1327 urb = alloc_bulk_urb(hdev, skb); 1328 if (IS_ERR(urb)) 1329 return PTR_ERR(urb); 1330 1331 hdev->stat.acl_tx++; 1332 return submit_or_queue_tx_urb(hdev, urb); 1333 1334 case HCI_SCODATA_PKT: 1335 if (hci_conn_num(hdev, SCO_LINK) < 1) 1336 return -ENODEV; 1337 1338 urb = alloc_isoc_urb(hdev, skb); 1339 if (IS_ERR(urb)) 1340 return PTR_ERR(urb); 1341 1342 hdev->stat.sco_tx++; 1343 return submit_tx_urb(hdev, urb); 1344 } 1345 1346 return -EILSEQ; 1347 } 1348 1349 static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1350 { 1351 struct btusb_data *data = hci_get_drvdata(hdev); 1352 1353 BT_DBG("%s evt %d", hdev->name, evt); 1354 1355 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1356 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1357 schedule_work(&data->work); 1358 } 1359 } 1360 1361 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1362 { 1363 struct btusb_data *data = hci_get_drvdata(hdev); 1364 struct usb_interface *intf = data->isoc; 1365 struct usb_endpoint_descriptor *ep_desc; 1366 int i, err; 1367 1368 if (!data->isoc) 1369 return -ENODEV; 1370 1371 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 1372 if (err < 0) { 1373 bt_dev_err(hdev, "setting interface failed (%d)", -err); 1374 return err; 1375 } 1376 1377 data->isoc_altsetting = altsetting; 1378 1379 data->isoc_tx_ep = NULL; 1380 data->isoc_rx_ep = NULL; 1381 1382 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 1383 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 1384 1385 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 1386 data->isoc_tx_ep = ep_desc; 1387 continue; 1388 } 1389 1390 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 1391 data->isoc_rx_ep = ep_desc; 1392 continue; 1393 } 1394 } 1395 1396 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 1397 bt_dev_err(hdev, "invalid SCO descriptors"); 1398 return -ENODEV; 1399 } 1400 1401 return 0; 1402 } 1403 1404 static void btusb_work(struct work_struct *work) 1405 { 1406 struct btusb_data *data = container_of(work, struct btusb_data, work); 1407 struct hci_dev *hdev = data->hdev; 1408 int new_alts; 1409 int err; 1410 1411 if (data->sco_num > 0) { 1412 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 1413 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 1414 if (err < 0) { 1415 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1416 usb_kill_anchored_urbs(&data->isoc_anchor); 1417 return; 1418 } 1419 1420 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 1421 } 1422 1423 if (hdev->voice_setting & 0x0020) { 1424 static const int alts[3] = { 2, 4, 5 }; 1425 1426 new_alts = alts[data->sco_num - 1]; 1427 } else { 1428 new_alts = data->sco_num; 1429 } 1430 1431 if (data->isoc_altsetting != new_alts) { 1432 unsigned long flags; 1433 1434 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1435 usb_kill_anchored_urbs(&data->isoc_anchor); 1436 1437 /* When isochronous alternate setting needs to be 1438 * changed, because SCO connection has been added 1439 * or removed, a packet fragment may be left in the 1440 * reassembling state. This could lead to wrongly 1441 * assembled fragments. 1442 * 1443 * Clear outstanding fragment when selecting a new 1444 * alternate setting. 1445 */ 1446 spin_lock_irqsave(&data->rxlock, flags); 1447 kfree_skb(data->sco_skb); 1448 data->sco_skb = NULL; 1449 spin_unlock_irqrestore(&data->rxlock, flags); 1450 1451 if (__set_isoc_interface(hdev, new_alts) < 0) 1452 return; 1453 } 1454 1455 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1456 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 1457 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1458 else 1459 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 1460 } 1461 } else { 1462 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1463 usb_kill_anchored_urbs(&data->isoc_anchor); 1464 1465 __set_isoc_interface(hdev, 0); 1466 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 1467 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 1468 } 1469 } 1470 1471 static void btusb_waker(struct work_struct *work) 1472 { 1473 struct btusb_data *data = container_of(work, struct btusb_data, waker); 1474 int err; 1475 1476 err = usb_autopm_get_interface(data->intf); 1477 if (err < 0) 1478 return; 1479 1480 usb_autopm_put_interface(data->intf); 1481 } 1482 1483 static int btusb_setup_bcm92035(struct hci_dev *hdev) 1484 { 1485 struct sk_buff *skb; 1486 u8 val = 0x00; 1487 1488 BT_DBG("%s", hdev->name); 1489 1490 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 1491 if (IS_ERR(skb)) 1492 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 1493 else 1494 kfree_skb(skb); 1495 1496 return 0; 1497 } 1498 1499 static int btusb_setup_csr(struct hci_dev *hdev) 1500 { 1501 struct hci_rp_read_local_version *rp; 1502 struct sk_buff *skb; 1503 1504 BT_DBG("%s", hdev->name); 1505 1506 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1507 HCI_INIT_TIMEOUT); 1508 if (IS_ERR(skb)) { 1509 int err = PTR_ERR(skb); 1510 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 1511 return err; 1512 } 1513 1514 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 1515 bt_dev_err(hdev, "CSR: Local version length mismatch"); 1516 kfree_skb(skb); 1517 return -EIO; 1518 } 1519 1520 rp = (struct hci_rp_read_local_version *)skb->data; 1521 1522 /* Detect controllers which aren't real CSR ones. */ 1523 if (le16_to_cpu(rp->manufacturer) != 10 || 1524 le16_to_cpu(rp->lmp_subver) == 0x0c5c) { 1525 /* Clear the reset quirk since this is not an actual 1526 * early Bluetooth 1.1 device from CSR. 1527 */ 1528 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1529 1530 /* These fake CSR controllers have all a broken 1531 * stored link key handling and so just disable it. 1532 */ 1533 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1534 } 1535 1536 kfree_skb(skb); 1537 1538 return 0; 1539 } 1540 1541 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, 1542 struct intel_version *ver) 1543 { 1544 const struct firmware *fw; 1545 char fwname[64]; 1546 int ret; 1547 1548 snprintf(fwname, sizeof(fwname), 1549 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1550 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1551 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1552 ver->fw_build_ww, ver->fw_build_yy); 1553 1554 ret = request_firmware(&fw, fwname, &hdev->dev); 1555 if (ret < 0) { 1556 if (ret == -EINVAL) { 1557 BT_ERR("%s Intel firmware file request failed (%d)", 1558 hdev->name, ret); 1559 return NULL; 1560 } 1561 1562 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1563 hdev->name, fwname, ret); 1564 1565 /* If the correct firmware patch file is not found, use the 1566 * default firmware patch file instead 1567 */ 1568 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1569 ver->hw_platform, ver->hw_variant); 1570 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1571 BT_ERR("%s failed to open default Intel fw file: %s", 1572 hdev->name, fwname); 1573 return NULL; 1574 } 1575 } 1576 1577 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1578 1579 return fw; 1580 } 1581 1582 static int btusb_setup_intel_patching(struct hci_dev *hdev, 1583 const struct firmware *fw, 1584 const u8 **fw_ptr, int *disable_patch) 1585 { 1586 struct sk_buff *skb; 1587 struct hci_command_hdr *cmd; 1588 const u8 *cmd_param; 1589 struct hci_event_hdr *evt = NULL; 1590 const u8 *evt_param = NULL; 1591 int remain = fw->size - (*fw_ptr - fw->data); 1592 1593 /* The first byte indicates the types of the patch command or event. 1594 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1595 * in the current firmware buffer doesn't start with 0x01 or 1596 * the size of remain buffer is smaller than HCI command header, 1597 * the firmware file is corrupted and it should stop the patching 1598 * process. 1599 */ 1600 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1601 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1602 return -EINVAL; 1603 } 1604 (*fw_ptr)++; 1605 remain--; 1606 1607 cmd = (struct hci_command_hdr *)(*fw_ptr); 1608 *fw_ptr += sizeof(*cmd); 1609 remain -= sizeof(*cmd); 1610 1611 /* Ensure that the remain firmware data is long enough than the length 1612 * of command parameter. If not, the firmware file is corrupted. 1613 */ 1614 if (remain < cmd->plen) { 1615 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1616 return -EFAULT; 1617 } 1618 1619 /* If there is a command that loads a patch in the firmware 1620 * file, then enable the patch upon success, otherwise just 1621 * disable the manufacturer mode, for example patch activation 1622 * is not required when the default firmware patch file is used 1623 * because there are no patch data to load. 1624 */ 1625 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1626 *disable_patch = 0; 1627 1628 cmd_param = *fw_ptr; 1629 *fw_ptr += cmd->plen; 1630 remain -= cmd->plen; 1631 1632 /* This reads the expected events when the above command is sent to the 1633 * device. Some vendor commands expects more than one events, for 1634 * example command status event followed by vendor specific event. 1635 * For this case, it only keeps the last expected event. so the command 1636 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1637 * last expected event. 1638 */ 1639 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1640 (*fw_ptr)++; 1641 remain--; 1642 1643 evt = (struct hci_event_hdr *)(*fw_ptr); 1644 *fw_ptr += sizeof(*evt); 1645 remain -= sizeof(*evt); 1646 1647 if (remain < evt->plen) { 1648 BT_ERR("%s Intel fw corrupted: invalid evt len", 1649 hdev->name); 1650 return -EFAULT; 1651 } 1652 1653 evt_param = *fw_ptr; 1654 *fw_ptr += evt->plen; 1655 remain -= evt->plen; 1656 } 1657 1658 /* Every HCI commands in the firmware file has its correspond event. 1659 * If event is not found or remain is smaller than zero, the firmware 1660 * file is corrupted. 1661 */ 1662 if (!evt || !evt_param || remain < 0) { 1663 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1664 return -EFAULT; 1665 } 1666 1667 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1668 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1669 if (IS_ERR(skb)) { 1670 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1671 hdev->name, cmd->opcode, PTR_ERR(skb)); 1672 return PTR_ERR(skb); 1673 } 1674 1675 /* It ensures that the returned event matches the event data read from 1676 * the firmware file. At fist, it checks the length and then 1677 * the contents of the event. 1678 */ 1679 if (skb->len != evt->plen) { 1680 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1681 le16_to_cpu(cmd->opcode)); 1682 kfree_skb(skb); 1683 return -EFAULT; 1684 } 1685 1686 if (memcmp(skb->data, evt_param, evt->plen)) { 1687 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1688 hdev->name, le16_to_cpu(cmd->opcode)); 1689 kfree_skb(skb); 1690 return -EFAULT; 1691 } 1692 kfree_skb(skb); 1693 1694 return 0; 1695 } 1696 1697 static int btusb_setup_intel(struct hci_dev *hdev) 1698 { 1699 struct sk_buff *skb; 1700 const struct firmware *fw; 1701 const u8 *fw_ptr; 1702 int disable_patch, err; 1703 struct intel_version ver; 1704 1705 BT_DBG("%s", hdev->name); 1706 1707 /* The controller has a bug with the first HCI command sent to it 1708 * returning number of completed commands as zero. This would stall the 1709 * command processing in the Bluetooth core. 1710 * 1711 * As a workaround, send HCI Reset command first which will reset the 1712 * number of completed commands and allow normal command processing 1713 * from now on. 1714 */ 1715 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1716 if (IS_ERR(skb)) { 1717 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1718 hdev->name, PTR_ERR(skb)); 1719 return PTR_ERR(skb); 1720 } 1721 kfree_skb(skb); 1722 1723 /* Read Intel specific controller version first to allow selection of 1724 * which firmware file to load. 1725 * 1726 * The returned information are hardware variant and revision plus 1727 * firmware variant, revision and build number. 1728 */ 1729 err = btintel_read_version(hdev, &ver); 1730 if (err) 1731 return err; 1732 1733 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", 1734 ver.hw_platform, ver.hw_variant, ver.hw_revision, 1735 ver.fw_variant, ver.fw_revision, ver.fw_build_num, 1736 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num); 1737 1738 /* fw_patch_num indicates the version of patch the device currently 1739 * have. If there is no patch data in the device, it is always 0x00. 1740 * So, if it is other than 0x00, no need to patch the device again. 1741 */ 1742 if (ver.fw_patch_num) { 1743 bt_dev_info(hdev, "Intel device is already patched. " 1744 "patch num: %02x", ver.fw_patch_num); 1745 goto complete; 1746 } 1747 1748 /* Opens the firmware patch file based on the firmware version read 1749 * from the controller. If it fails to open the matching firmware 1750 * patch file, it tries to open the default firmware patch file. 1751 * If no patch file is found, allow the device to operate without 1752 * a patch. 1753 */ 1754 fw = btusb_setup_intel_get_fw(hdev, &ver); 1755 if (!fw) 1756 goto complete; 1757 fw_ptr = fw->data; 1758 1759 /* Enable the manufacturer mode of the controller. 1760 * Only while this mode is enabled, the driver can download the 1761 * firmware patch data and configuration parameters. 1762 */ 1763 err = btintel_enter_mfg(hdev); 1764 if (err) { 1765 release_firmware(fw); 1766 return err; 1767 } 1768 1769 disable_patch = 1; 1770 1771 /* The firmware data file consists of list of Intel specific HCI 1772 * commands and its expected events. The first byte indicates the 1773 * type of the message, either HCI command or HCI event. 1774 * 1775 * It reads the command and its expected event from the firmware file, 1776 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1777 * the returned event is compared with the event read from the firmware 1778 * file and it will continue until all the messages are downloaded to 1779 * the controller. 1780 * 1781 * Once the firmware patching is completed successfully, 1782 * the manufacturer mode is disabled with reset and activating the 1783 * downloaded patch. 1784 * 1785 * If the firmware patching fails, the manufacturer mode is 1786 * disabled with reset and deactivating the patch. 1787 * 1788 * If the default patch file is used, no reset is done when disabling 1789 * the manufacturer. 1790 */ 1791 while (fw->size > fw_ptr - fw->data) { 1792 int ret; 1793 1794 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, 1795 &disable_patch); 1796 if (ret < 0) 1797 goto exit_mfg_deactivate; 1798 } 1799 1800 release_firmware(fw); 1801 1802 if (disable_patch) 1803 goto exit_mfg_disable; 1804 1805 /* Patching completed successfully and disable the manufacturer mode 1806 * with reset and activate the downloaded firmware patches. 1807 */ 1808 err = btintel_exit_mfg(hdev, true, true); 1809 if (err) 1810 return err; 1811 1812 bt_dev_info(hdev, "Intel firmware patch completed and activated"); 1813 1814 goto complete; 1815 1816 exit_mfg_disable: 1817 /* Disable the manufacturer mode without reset */ 1818 err = btintel_exit_mfg(hdev, false, false); 1819 if (err) 1820 return err; 1821 1822 bt_dev_info(hdev, "Intel firmware patch completed"); 1823 1824 goto complete; 1825 1826 exit_mfg_deactivate: 1827 release_firmware(fw); 1828 1829 /* Patching failed. Disable the manufacturer mode with reset and 1830 * deactivate the downloaded firmware patches. 1831 */ 1832 err = btintel_exit_mfg(hdev, true, false); 1833 if (err) 1834 return err; 1835 1836 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1837 1838 complete: 1839 /* Set the event mask for Intel specific vendor events. This enables 1840 * a few extra events that are useful during general operation. 1841 */ 1842 btintel_set_event_mask_mfg(hdev, false); 1843 1844 btintel_check_bdaddr(hdev); 1845 return 0; 1846 } 1847 1848 static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 1849 { 1850 struct sk_buff *skb; 1851 struct hci_event_hdr *hdr; 1852 struct hci_ev_cmd_complete *evt; 1853 1854 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 1855 if (!skb) 1856 return -ENOMEM; 1857 1858 hdr = skb_put(skb, sizeof(*hdr)); 1859 hdr->evt = HCI_EV_CMD_COMPLETE; 1860 hdr->plen = sizeof(*evt) + 1; 1861 1862 evt = skb_put(skb, sizeof(*evt)); 1863 evt->ncmd = 0x01; 1864 evt->opcode = cpu_to_le16(opcode); 1865 1866 skb_put_u8(skb, 0x00); 1867 1868 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 1869 1870 return hci_recv_frame(hdev, skb); 1871 } 1872 1873 static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 1874 int count) 1875 { 1876 /* When the device is in bootloader mode, then it can send 1877 * events via the bulk endpoint. These events are treated the 1878 * same way as the ones received from the interrupt endpoint. 1879 */ 1880 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) 1881 return btusb_recv_intr(data, buffer, count); 1882 1883 return btusb_recv_bulk(data, buffer, count); 1884 } 1885 1886 static void btusb_intel_bootup(struct btusb_data *data, const void *ptr, 1887 unsigned int len) 1888 { 1889 const struct intel_bootup *evt = ptr; 1890 1891 if (len != sizeof(*evt)) 1892 return; 1893 1894 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) { 1895 smp_mb__after_atomic(); 1896 wake_up_bit(&data->flags, BTUSB_BOOTING); 1897 } 1898 } 1899 1900 static void btusb_intel_secure_send_result(struct btusb_data *data, 1901 const void *ptr, unsigned int len) 1902 { 1903 const struct intel_secure_send_result *evt = ptr; 1904 1905 if (len != sizeof(*evt)) 1906 return; 1907 1908 if (evt->result) 1909 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags); 1910 1911 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) && 1912 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) { 1913 smp_mb__after_atomic(); 1914 wake_up_bit(&data->flags, BTUSB_DOWNLOADING); 1915 } 1916 } 1917 1918 static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 1919 { 1920 struct btusb_data *data = hci_get_drvdata(hdev); 1921 1922 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 1923 struct hci_event_hdr *hdr = (void *)skb->data; 1924 1925 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 1926 hdr->plen > 0) { 1927 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 1928 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 1929 1930 switch (skb->data[2]) { 1931 case 0x02: 1932 /* When switching to the operational firmware 1933 * the device sends a vendor specific event 1934 * indicating that the bootup completed. 1935 */ 1936 btusb_intel_bootup(data, ptr, len); 1937 break; 1938 case 0x06: 1939 /* When the firmware loading completes the 1940 * device sends out a vendor specific event 1941 * indicating the result of the firmware 1942 * loading. 1943 */ 1944 btusb_intel_secure_send_result(data, ptr, len); 1945 break; 1946 } 1947 } 1948 } 1949 1950 return hci_recv_frame(hdev, skb); 1951 } 1952 1953 static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 1954 { 1955 struct btusb_data *data = hci_get_drvdata(hdev); 1956 struct urb *urb; 1957 1958 BT_DBG("%s", hdev->name); 1959 1960 switch (hci_skb_pkt_type(skb)) { 1961 case HCI_COMMAND_PKT: 1962 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { 1963 struct hci_command_hdr *cmd = (void *)skb->data; 1964 __u16 opcode = le16_to_cpu(cmd->opcode); 1965 1966 /* When in bootloader mode and the command 0xfc09 1967 * is received, it needs to be send down the 1968 * bulk endpoint. So allocate a bulk URB instead. 1969 */ 1970 if (opcode == 0xfc09) 1971 urb = alloc_bulk_urb(hdev, skb); 1972 else 1973 urb = alloc_ctrl_urb(hdev, skb); 1974 1975 /* When the 0xfc01 command is issued to boot into 1976 * the operational firmware, it will actually not 1977 * send a command complete event. To keep the flow 1978 * control working inject that event here. 1979 */ 1980 if (opcode == 0xfc01) 1981 inject_cmd_complete(hdev, opcode); 1982 } else { 1983 urb = alloc_ctrl_urb(hdev, skb); 1984 } 1985 if (IS_ERR(urb)) 1986 return PTR_ERR(urb); 1987 1988 hdev->stat.cmd_tx++; 1989 return submit_or_queue_tx_urb(hdev, urb); 1990 1991 case HCI_ACLDATA_PKT: 1992 urb = alloc_bulk_urb(hdev, skb); 1993 if (IS_ERR(urb)) 1994 return PTR_ERR(urb); 1995 1996 hdev->stat.acl_tx++; 1997 return submit_or_queue_tx_urb(hdev, urb); 1998 1999 case HCI_SCODATA_PKT: 2000 if (hci_conn_num(hdev, SCO_LINK) < 1) 2001 return -ENODEV; 2002 2003 urb = alloc_isoc_urb(hdev, skb); 2004 if (IS_ERR(urb)) 2005 return PTR_ERR(urb); 2006 2007 hdev->stat.sco_tx++; 2008 return submit_tx_urb(hdev, urb); 2009 } 2010 2011 return -EILSEQ; 2012 } 2013 2014 static int btusb_setup_intel_new(struct hci_dev *hdev) 2015 { 2016 struct btusb_data *data = hci_get_drvdata(hdev); 2017 struct intel_version ver; 2018 struct intel_boot_params params; 2019 const struct firmware *fw; 2020 u32 boot_param; 2021 char fwname[64]; 2022 ktime_t calltime, delta, rettime; 2023 unsigned long long duration; 2024 int err; 2025 2026 BT_DBG("%s", hdev->name); 2027 2028 /* Set the default boot parameter to 0x0 and it is updated to 2029 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2030 * command while downloading the firmware. 2031 */ 2032 boot_param = 0x00000000; 2033 2034 calltime = ktime_get(); 2035 2036 /* Read the Intel version information to determine if the device 2037 * is in bootloader mode or if it already has operational firmware 2038 * loaded. 2039 */ 2040 err = btintel_read_version(hdev, &ver); 2041 if (err) 2042 return err; 2043 2044 /* The hardware platform number has a fixed value of 0x37 and 2045 * for now only accept this single value. 2046 */ 2047 if (ver.hw_platform != 0x37) { 2048 BT_ERR("%s: Unsupported Intel hardware platform (%u)", 2049 hdev->name, ver.hw_platform); 2050 return -EINVAL; 2051 } 2052 2053 /* Check for supported iBT hardware variants of this firmware 2054 * loading method. 2055 * 2056 * This check has been put in place to ensure correct forward 2057 * compatibility options when newer hardware variants come along. 2058 */ 2059 switch (ver.hw_variant) { 2060 case 0x0b: /* SfP */ 2061 case 0x0c: /* WsP */ 2062 case 0x11: /* JfP */ 2063 case 0x12: /* ThP */ 2064 case 0x13: /* HrP */ 2065 case 0x14: /* QnJ, IcP */ 2066 break; 2067 default: 2068 BT_ERR("%s: Unsupported Intel hardware variant (%u)", 2069 hdev->name, ver.hw_variant); 2070 return -EINVAL; 2071 } 2072 2073 btintel_version_info(hdev, &ver); 2074 2075 /* The firmware variant determines if the device is in bootloader 2076 * mode or is running operational firmware. The value 0x06 identifies 2077 * the bootloader and the value 0x23 identifies the operational 2078 * firmware. 2079 * 2080 * When the operational firmware is already present, then only 2081 * the check for valid Bluetooth device address is needed. This 2082 * determines if the device will be added as configured or 2083 * unconfigured controller. 2084 * 2085 * It is not possible to use the Secure Boot Parameters in this 2086 * case since that command is only available in bootloader mode. 2087 */ 2088 if (ver.fw_variant == 0x23) { 2089 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2090 btintel_check_bdaddr(hdev); 2091 return 0; 2092 } 2093 2094 /* If the device is not in bootloader mode, then the only possible 2095 * choice is to return an error and abort the device initialization. 2096 */ 2097 if (ver.fw_variant != 0x06) { 2098 BT_ERR("%s: Unsupported Intel firmware variant (%u)", 2099 hdev->name, ver.fw_variant); 2100 return -ENODEV; 2101 } 2102 2103 /* Read the secure boot parameters to identify the operating 2104 * details of the bootloader. 2105 */ 2106 err = btintel_read_boot_params(hdev, ¶ms); 2107 if (err) 2108 return err; 2109 2110 /* It is required that every single firmware fragment is acknowledged 2111 * with a command complete event. If the boot parameters indicate 2112 * that this bootloader does not send them, then abort the setup. 2113 */ 2114 if (params.limited_cce != 0x00) { 2115 BT_ERR("%s: Unsupported Intel firmware loading method (%u)", 2116 hdev->name, params.limited_cce); 2117 return -EINVAL; 2118 } 2119 2120 /* If the OTP has no valid Bluetooth device address, then there will 2121 * also be no valid address for the operational firmware. 2122 */ 2123 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) { 2124 bt_dev_info(hdev, "No device address configured"); 2125 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2126 } 2127 2128 /* With this Intel bootloader only the hardware variant and device 2129 * revision information are used to select the right firmware for SfP 2130 * and WsP. 2131 * 2132 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 2133 * 2134 * Currently the supported hardware variants are: 2135 * 11 (0x0b) for iBT3.0 (LnP/SfP) 2136 * 12 (0x0c) for iBT3.5 (WsP) 2137 * 2138 * For ThP/JfP and for future SKU's, the FW name varies based on HW 2139 * variant, HW revision and FW revision, as these are dependent on CNVi 2140 * and RF Combination. 2141 * 2142 * 17 (0x11) for iBT3.5 (JfP) 2143 * 18 (0x12) for iBT3.5 (ThP) 2144 * 2145 * The firmware file name for these will be 2146 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 2147 * 2148 */ 2149 switch (ver.hw_variant) { 2150 case 0x0b: /* SfP */ 2151 case 0x0c: /* WsP */ 2152 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi", 2153 le16_to_cpu(ver.hw_variant), 2154 le16_to_cpu(params.dev_revid)); 2155 break; 2156 case 0x11: /* JfP */ 2157 case 0x12: /* ThP */ 2158 case 0x13: /* HrP */ 2159 case 0x14: /* QnJ, IcP */ 2160 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi", 2161 le16_to_cpu(ver.hw_variant), 2162 le16_to_cpu(ver.hw_revision), 2163 le16_to_cpu(ver.fw_revision)); 2164 break; 2165 default: 2166 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2167 return -EINVAL; 2168 } 2169 2170 err = request_firmware(&fw, fwname, &hdev->dev); 2171 if (err < 0) { 2172 BT_ERR("%s: Failed to load Intel firmware file (%d)", 2173 hdev->name, err); 2174 return err; 2175 } 2176 2177 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2178 2179 /* Save the DDC file name for later use to apply once the firmware 2180 * downloading is done. 2181 */ 2182 switch (ver.hw_variant) { 2183 case 0x0b: /* SfP */ 2184 case 0x0c: /* WsP */ 2185 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc", 2186 le16_to_cpu(ver.hw_variant), 2187 le16_to_cpu(params.dev_revid)); 2188 break; 2189 case 0x11: /* JfP */ 2190 case 0x12: /* ThP */ 2191 case 0x13: /* HrP */ 2192 case 0x14: /* QnJ, IcP */ 2193 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc", 2194 le16_to_cpu(ver.hw_variant), 2195 le16_to_cpu(ver.hw_revision), 2196 le16_to_cpu(ver.fw_revision)); 2197 break; 2198 default: 2199 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2200 return -EINVAL; 2201 } 2202 2203 if (fw->size < 644) { 2204 BT_ERR("%s: Invalid size of firmware file (%zu)", 2205 hdev->name, fw->size); 2206 err = -EBADF; 2207 goto done; 2208 } 2209 2210 set_bit(BTUSB_DOWNLOADING, &data->flags); 2211 2212 /* Start firmware downloading and get boot parameter */ 2213 err = btintel_download_firmware(hdev, fw, &boot_param); 2214 if (err < 0) 2215 goto done; 2216 2217 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); 2218 2219 bt_dev_info(hdev, "Waiting for firmware download to complete"); 2220 2221 /* Before switching the device into operational mode and with that 2222 * booting the loaded firmware, wait for the bootloader notification 2223 * that all fragments have been successfully received. 2224 * 2225 * When the event processing receives the notification, then the 2226 * BTUSB_DOWNLOADING flag will be cleared. 2227 * 2228 * The firmware loading should not take longer than 5 seconds 2229 * and thus just timeout if that happens and fail the setup 2230 * of this device. 2231 */ 2232 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, 2233 TASK_INTERRUPTIBLE, 2234 msecs_to_jiffies(5000)); 2235 if (err == -EINTR) { 2236 BT_ERR("%s: Firmware loading interrupted", hdev->name); 2237 goto done; 2238 } 2239 2240 if (err) { 2241 BT_ERR("%s: Firmware loading timeout", hdev->name); 2242 err = -ETIMEDOUT; 2243 goto done; 2244 } 2245 2246 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { 2247 BT_ERR("%s: Firmware loading failed", hdev->name); 2248 err = -ENOEXEC; 2249 goto done; 2250 } 2251 2252 rettime = ktime_get(); 2253 delta = ktime_sub(rettime, calltime); 2254 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2255 2256 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 2257 2258 done: 2259 release_firmware(fw); 2260 2261 if (err < 0) 2262 return err; 2263 2264 calltime = ktime_get(); 2265 2266 set_bit(BTUSB_BOOTING, &data->flags); 2267 2268 err = btintel_send_intel_reset(hdev, boot_param); 2269 if (err) 2270 return err; 2271 2272 /* The bootloader will not indicate when the device is ready. This 2273 * is done by the operational firmware sending bootup notification. 2274 * 2275 * Booting into operational firmware should not take longer than 2276 * 1 second. However if that happens, then just fail the setup 2277 * since something went wrong. 2278 */ 2279 bt_dev_info(hdev, "Waiting for device to boot"); 2280 2281 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, 2282 TASK_INTERRUPTIBLE, 2283 msecs_to_jiffies(1000)); 2284 2285 if (err == -EINTR) { 2286 BT_ERR("%s: Device boot interrupted", hdev->name); 2287 return -EINTR; 2288 } 2289 2290 if (err) { 2291 BT_ERR("%s: Device boot timeout", hdev->name); 2292 return -ETIMEDOUT; 2293 } 2294 2295 rettime = ktime_get(); 2296 delta = ktime_sub(rettime, calltime); 2297 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2298 2299 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 2300 2301 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2302 2303 /* Once the device is running in operational mode, it needs to apply 2304 * the device configuration (DDC) parameters. 2305 * 2306 * The device can work without DDC parameters, so even if it fails 2307 * to load the file, no need to fail the setup. 2308 */ 2309 btintel_load_ddc_config(hdev, fwname); 2310 2311 /* Set the event mask for Intel specific vendor events. This enables 2312 * a few extra events that are useful during general operation. It 2313 * does not enable any debugging related events. 2314 * 2315 * The device will function correctly without these events enabled 2316 * and thus no need to fail the setup. 2317 */ 2318 btintel_set_event_mask(hdev, false); 2319 2320 return 0; 2321 } 2322 2323 static int btusb_shutdown_intel(struct hci_dev *hdev) 2324 { 2325 struct sk_buff *skb; 2326 long ret; 2327 2328 /* Some platforms have an issue with BT LED when the interface is 2329 * down or BT radio is turned off, which takes 5 seconds to BT LED 2330 * goes off. This command turns off the BT LED immediately. 2331 */ 2332 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2333 if (IS_ERR(skb)) { 2334 ret = PTR_ERR(skb); 2335 BT_ERR("%s: turning off Intel device LED failed (%ld)", 2336 hdev->name, ret); 2337 return ret; 2338 } 2339 kfree_skb(skb); 2340 2341 return 0; 2342 } 2343 2344 #ifdef CONFIG_PM 2345 /* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 2346 static int marvell_config_oob_wake(struct hci_dev *hdev) 2347 { 2348 struct sk_buff *skb; 2349 struct btusb_data *data = hci_get_drvdata(hdev); 2350 struct device *dev = &data->udev->dev; 2351 u16 pin, gap, opcode; 2352 int ret; 2353 u8 cmd[5]; 2354 2355 /* Move on if no wakeup pin specified */ 2356 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 2357 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 2358 return 0; 2359 2360 /* Vendor specific command to configure a GPIO as wake-up pin */ 2361 opcode = hci_opcode_pack(0x3F, 0x59); 2362 cmd[0] = opcode & 0xFF; 2363 cmd[1] = opcode >> 8; 2364 cmd[2] = 2; /* length of parameters that follow */ 2365 cmd[3] = pin; 2366 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 2367 2368 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 2369 if (!skb) { 2370 bt_dev_err(hdev, "%s: No memory\n", __func__); 2371 return -ENOMEM; 2372 } 2373 2374 skb_put_data(skb, cmd, sizeof(cmd)); 2375 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 2376 2377 ret = btusb_send_frame(hdev, skb); 2378 if (ret) { 2379 bt_dev_err(hdev, "%s: configuration failed\n", __func__); 2380 kfree_skb(skb); 2381 return ret; 2382 } 2383 2384 return 0; 2385 } 2386 #endif 2387 2388 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 2389 const bdaddr_t *bdaddr) 2390 { 2391 struct sk_buff *skb; 2392 u8 buf[8]; 2393 long ret; 2394 2395 buf[0] = 0xfe; 2396 buf[1] = sizeof(bdaddr_t); 2397 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 2398 2399 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2400 if (IS_ERR(skb)) { 2401 ret = PTR_ERR(skb); 2402 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 2403 ret); 2404 return ret; 2405 } 2406 kfree_skb(skb); 2407 2408 return 0; 2409 } 2410 2411 static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 2412 const bdaddr_t *bdaddr) 2413 { 2414 struct sk_buff *skb; 2415 u8 buf[10]; 2416 long ret; 2417 2418 buf[0] = 0x01; 2419 buf[1] = 0x01; 2420 buf[2] = 0x00; 2421 buf[3] = sizeof(bdaddr_t); 2422 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 2423 2424 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 2425 if (IS_ERR(skb)) { 2426 ret = PTR_ERR(skb); 2427 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 2428 return ret; 2429 } 2430 kfree_skb(skb); 2431 2432 return 0; 2433 } 2434 2435 #define QCA_DFU_PACKET_LEN 4096 2436 2437 #define QCA_GET_TARGET_VERSION 0x09 2438 #define QCA_CHECK_STATUS 0x05 2439 #define QCA_DFU_DOWNLOAD 0x01 2440 2441 #define QCA_SYSCFG_UPDATED 0x40 2442 #define QCA_PATCH_UPDATED 0x80 2443 #define QCA_DFU_TIMEOUT 3000 2444 2445 struct qca_version { 2446 __le32 rom_version; 2447 __le32 patch_version; 2448 __le32 ram_version; 2449 __le32 ref_clock; 2450 __u8 reserved[4]; 2451 } __packed; 2452 2453 struct qca_rampatch_version { 2454 __le16 rom_version; 2455 __le16 patch_version; 2456 } __packed; 2457 2458 struct qca_device_info { 2459 u32 rom_version; 2460 u8 rampatch_hdr; /* length of header in rampatch */ 2461 u8 nvm_hdr; /* length of header in NVM */ 2462 u8 ver_offset; /* offset of version structure in rampatch */ 2463 }; 2464 2465 static const struct qca_device_info qca_devices_table[] = { 2466 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ 2467 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ 2468 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */ 2469 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ 2470 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ 2471 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ 2472 }; 2473 2474 static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request, 2475 void *data, u16 size) 2476 { 2477 struct btusb_data *btdata = hci_get_drvdata(hdev); 2478 struct usb_device *udev = btdata->udev; 2479 int pipe, err; 2480 u8 *buf; 2481 2482 buf = kmalloc(size, GFP_KERNEL); 2483 if (!buf) 2484 return -ENOMEM; 2485 2486 /* Found some of USB hosts have IOT issues with ours so that we should 2487 * not wait until HCI layer is ready. 2488 */ 2489 pipe = usb_rcvctrlpipe(udev, 0); 2490 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 2491 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2492 if (err < 0) { 2493 bt_dev_err(hdev, "Failed to access otp area (%d)", err); 2494 goto done; 2495 } 2496 2497 memcpy(data, buf, size); 2498 2499 done: 2500 kfree(buf); 2501 2502 return err; 2503 } 2504 2505 static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 2506 const struct firmware *firmware, 2507 size_t hdr_size) 2508 { 2509 struct btusb_data *btdata = hci_get_drvdata(hdev); 2510 struct usb_device *udev = btdata->udev; 2511 size_t count, size, sent = 0; 2512 int pipe, len, err; 2513 u8 *buf; 2514 2515 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 2516 if (!buf) 2517 return -ENOMEM; 2518 2519 count = firmware->size; 2520 2521 size = min_t(size_t, count, hdr_size); 2522 memcpy(buf, firmware->data, size); 2523 2524 /* USB patches should go down to controller through USB path 2525 * because binary format fits to go down through USB channel. 2526 * USB control path is for patching headers and USB bulk is for 2527 * patch body. 2528 */ 2529 pipe = usb_sndctrlpipe(udev, 0); 2530 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 2531 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 2532 if (err < 0) { 2533 bt_dev_err(hdev, "Failed to send headers (%d)", err); 2534 goto done; 2535 } 2536 2537 sent += size; 2538 count -= size; 2539 2540 while (count) { 2541 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 2542 2543 memcpy(buf, firmware->data + sent, size); 2544 2545 pipe = usb_sndbulkpipe(udev, 0x02); 2546 err = usb_bulk_msg(udev, pipe, buf, size, &len, 2547 QCA_DFU_TIMEOUT); 2548 if (err < 0) { 2549 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 2550 sent, firmware->size, err); 2551 break; 2552 } 2553 2554 if (size != len) { 2555 bt_dev_err(hdev, "Failed to get bulk buffer"); 2556 err = -EILSEQ; 2557 break; 2558 } 2559 2560 sent += size; 2561 count -= size; 2562 } 2563 2564 done: 2565 kfree(buf); 2566 return err; 2567 } 2568 2569 static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 2570 struct qca_version *ver, 2571 const struct qca_device_info *info) 2572 { 2573 struct qca_rampatch_version *rver; 2574 const struct firmware *fw; 2575 u32 ver_rom, ver_patch; 2576 u16 rver_rom, rver_patch; 2577 char fwname[64]; 2578 int err; 2579 2580 ver_rom = le32_to_cpu(ver->rom_version); 2581 ver_patch = le32_to_cpu(ver->patch_version); 2582 2583 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 2584 2585 err = request_firmware(&fw, fwname, &hdev->dev); 2586 if (err) { 2587 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 2588 fwname, err); 2589 return err; 2590 } 2591 2592 bt_dev_info(hdev, "using rampatch file: %s", fwname); 2593 2594 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 2595 rver_rom = le16_to_cpu(rver->rom_version); 2596 rver_patch = le16_to_cpu(rver->patch_version); 2597 2598 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 2599 "firmware rome 0x%x build 0x%x", 2600 rver_rom, rver_patch, ver_rom, ver_patch); 2601 2602 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 2603 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 2604 err = -EINVAL; 2605 goto done; 2606 } 2607 2608 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 2609 2610 done: 2611 release_firmware(fw); 2612 2613 return err; 2614 } 2615 2616 static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 2617 struct qca_version *ver, 2618 const struct qca_device_info *info) 2619 { 2620 const struct firmware *fw; 2621 char fwname[64]; 2622 int err; 2623 2624 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", 2625 le32_to_cpu(ver->rom_version)); 2626 2627 err = request_firmware(&fw, fwname, &hdev->dev); 2628 if (err) { 2629 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 2630 fwname, err); 2631 return err; 2632 } 2633 2634 bt_dev_info(hdev, "using NVM file: %s", fwname); 2635 2636 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 2637 2638 release_firmware(fw); 2639 2640 return err; 2641 } 2642 2643 static int btusb_setup_qca(struct hci_dev *hdev) 2644 { 2645 const struct qca_device_info *info = NULL; 2646 struct qca_version ver; 2647 u32 ver_rom; 2648 u8 status; 2649 int i, err; 2650 2651 err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver, 2652 sizeof(ver)); 2653 if (err < 0) 2654 return err; 2655 2656 ver_rom = le32_to_cpu(ver.rom_version); 2657 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 2658 if (ver_rom == qca_devices_table[i].rom_version) 2659 info = &qca_devices_table[i]; 2660 } 2661 if (!info) { 2662 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 2663 return -ENODEV; 2664 } 2665 2666 err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status, 2667 sizeof(status)); 2668 if (err < 0) 2669 return err; 2670 2671 if (!(status & QCA_PATCH_UPDATED)) { 2672 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 2673 if (err < 0) 2674 return err; 2675 } 2676 2677 if (!(status & QCA_SYSCFG_UPDATED)) { 2678 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 2679 if (err < 0) 2680 return err; 2681 } 2682 2683 return 0; 2684 } 2685 2686 #ifdef CONFIG_BT_HCIBTUSB_BCM 2687 static inline int __set_diag_interface(struct hci_dev *hdev) 2688 { 2689 struct btusb_data *data = hci_get_drvdata(hdev); 2690 struct usb_interface *intf = data->diag; 2691 int i; 2692 2693 if (!data->diag) 2694 return -ENODEV; 2695 2696 data->diag_tx_ep = NULL; 2697 data->diag_rx_ep = NULL; 2698 2699 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2700 struct usb_endpoint_descriptor *ep_desc; 2701 2702 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2703 2704 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2705 data->diag_tx_ep = ep_desc; 2706 continue; 2707 } 2708 2709 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2710 data->diag_rx_ep = ep_desc; 2711 continue; 2712 } 2713 } 2714 2715 if (!data->diag_tx_ep || !data->diag_rx_ep) { 2716 bt_dev_err(hdev, "invalid diagnostic descriptors"); 2717 return -ENODEV; 2718 } 2719 2720 return 0; 2721 } 2722 2723 static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 2724 { 2725 struct btusb_data *data = hci_get_drvdata(hdev); 2726 struct sk_buff *skb; 2727 struct urb *urb; 2728 unsigned int pipe; 2729 2730 if (!data->diag_tx_ep) 2731 return ERR_PTR(-ENODEV); 2732 2733 urb = usb_alloc_urb(0, GFP_KERNEL); 2734 if (!urb) 2735 return ERR_PTR(-ENOMEM); 2736 2737 skb = bt_skb_alloc(2, GFP_KERNEL); 2738 if (!skb) { 2739 usb_free_urb(urb); 2740 return ERR_PTR(-ENOMEM); 2741 } 2742 2743 skb_put_u8(skb, 0xf0); 2744 skb_put_u8(skb, enable); 2745 2746 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 2747 2748 usb_fill_bulk_urb(urb, data->udev, pipe, 2749 skb->data, skb->len, btusb_tx_complete, skb); 2750 2751 skb->dev = (void *)hdev; 2752 2753 return urb; 2754 } 2755 2756 static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 2757 { 2758 struct btusb_data *data = hci_get_drvdata(hdev); 2759 struct urb *urb; 2760 2761 if (!data->diag) 2762 return -ENODEV; 2763 2764 if (!test_bit(HCI_RUNNING, &hdev->flags)) 2765 return -ENETDOWN; 2766 2767 urb = alloc_diag_urb(hdev, enable); 2768 if (IS_ERR(urb)) 2769 return PTR_ERR(urb); 2770 2771 return submit_or_queue_tx_urb(hdev, urb); 2772 } 2773 #endif 2774 2775 #ifdef CONFIG_PM 2776 static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 2777 { 2778 struct btusb_data *data = priv; 2779 2780 pm_wakeup_event(&data->udev->dev, 0); 2781 pm_system_wakeup(); 2782 2783 /* Disable only if not already disabled (keep it balanced) */ 2784 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 2785 disable_irq_nosync(irq); 2786 disable_irq_wake(irq); 2787 } 2788 return IRQ_HANDLED; 2789 } 2790 2791 static const struct of_device_id btusb_match_table[] = { 2792 { .compatible = "usb1286,204e" }, 2793 { } 2794 }; 2795 MODULE_DEVICE_TABLE(of, btusb_match_table); 2796 2797 /* Use an oob wakeup pin? */ 2798 static int btusb_config_oob_wake(struct hci_dev *hdev) 2799 { 2800 struct btusb_data *data = hci_get_drvdata(hdev); 2801 struct device *dev = &data->udev->dev; 2802 int irq, ret; 2803 2804 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 2805 2806 if (!of_match_device(btusb_match_table, dev)) 2807 return 0; 2808 2809 /* Move on if no IRQ specified */ 2810 irq = of_irq_get_byname(dev->of_node, "wakeup"); 2811 if (irq <= 0) { 2812 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 2813 return 0; 2814 } 2815 2816 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 2817 0, "OOB Wake-on-BT", data); 2818 if (ret) { 2819 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 2820 return ret; 2821 } 2822 2823 ret = device_init_wakeup(dev, true); 2824 if (ret) { 2825 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 2826 return ret; 2827 } 2828 2829 data->oob_wake_irq = irq; 2830 disable_irq(irq); 2831 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 2832 return 0; 2833 } 2834 #endif 2835 2836 static int btusb_probe(struct usb_interface *intf, 2837 const struct usb_device_id *id) 2838 { 2839 struct usb_endpoint_descriptor *ep_desc; 2840 struct btusb_data *data; 2841 struct hci_dev *hdev; 2842 unsigned ifnum_base; 2843 int i, err; 2844 2845 BT_DBG("intf %p id %p", intf, id); 2846 2847 /* interface numbers are hardcoded in the spec */ 2848 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 2849 if (!(id->driver_info & BTUSB_IFNUM_2)) 2850 return -ENODEV; 2851 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 2852 return -ENODEV; 2853 } 2854 2855 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 2856 2857 if (!id->driver_info) { 2858 const struct usb_device_id *match; 2859 2860 match = usb_match_id(intf, blacklist_table); 2861 if (match) 2862 id = match; 2863 } 2864 2865 if (id->driver_info == BTUSB_IGNORE) 2866 return -ENODEV; 2867 2868 if (id->driver_info & BTUSB_ATH3012) { 2869 struct usb_device *udev = interface_to_usbdev(intf); 2870 2871 /* Old firmware would otherwise let ath3k driver load 2872 * patch and sysconfig files 2873 */ 2874 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) 2875 return -ENODEV; 2876 } 2877 2878 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 2879 if (!data) 2880 return -ENOMEM; 2881 2882 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2883 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2884 2885 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 2886 data->intr_ep = ep_desc; 2887 continue; 2888 } 2889 2890 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 2891 data->bulk_tx_ep = ep_desc; 2892 continue; 2893 } 2894 2895 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 2896 data->bulk_rx_ep = ep_desc; 2897 continue; 2898 } 2899 } 2900 2901 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 2902 return -ENODEV; 2903 2904 if (id->driver_info & BTUSB_AMP) { 2905 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 2906 data->cmdreq = 0x2b; 2907 } else { 2908 data->cmdreq_type = USB_TYPE_CLASS; 2909 data->cmdreq = 0x00; 2910 } 2911 2912 data->udev = interface_to_usbdev(intf); 2913 data->intf = intf; 2914 2915 INIT_WORK(&data->work, btusb_work); 2916 INIT_WORK(&data->waker, btusb_waker); 2917 init_usb_anchor(&data->deferred); 2918 init_usb_anchor(&data->tx_anchor); 2919 spin_lock_init(&data->txlock); 2920 2921 init_usb_anchor(&data->intr_anchor); 2922 init_usb_anchor(&data->bulk_anchor); 2923 init_usb_anchor(&data->isoc_anchor); 2924 init_usb_anchor(&data->diag_anchor); 2925 spin_lock_init(&data->rxlock); 2926 2927 if (id->driver_info & BTUSB_INTEL_NEW) { 2928 data->recv_event = btusb_recv_event_intel; 2929 data->recv_bulk = btusb_recv_bulk_intel; 2930 set_bit(BTUSB_BOOTLOADER, &data->flags); 2931 } else { 2932 data->recv_event = hci_recv_frame; 2933 data->recv_bulk = btusb_recv_bulk; 2934 } 2935 2936 hdev = hci_alloc_dev(); 2937 if (!hdev) 2938 return -ENOMEM; 2939 2940 hdev->bus = HCI_USB; 2941 hci_set_drvdata(hdev, data); 2942 2943 if (id->driver_info & BTUSB_AMP) 2944 hdev->dev_type = HCI_AMP; 2945 else 2946 hdev->dev_type = HCI_PRIMARY; 2947 2948 data->hdev = hdev; 2949 2950 SET_HCIDEV_DEV(hdev, &intf->dev); 2951 2952 hdev->open = btusb_open; 2953 hdev->close = btusb_close; 2954 hdev->flush = btusb_flush; 2955 hdev->send = btusb_send_frame; 2956 hdev->notify = btusb_notify; 2957 2958 #ifdef CONFIG_PM 2959 err = btusb_config_oob_wake(hdev); 2960 if (err) 2961 goto out_free_dev; 2962 2963 /* Marvell devices may need a specific chip configuration */ 2964 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 2965 err = marvell_config_oob_wake(hdev); 2966 if (err) 2967 goto out_free_dev; 2968 } 2969 #endif 2970 if (id->driver_info & BTUSB_CW6622) 2971 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 2972 2973 if (id->driver_info & BTUSB_BCM2045) 2974 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 2975 2976 if (id->driver_info & BTUSB_BCM92035) 2977 hdev->setup = btusb_setup_bcm92035; 2978 2979 #ifdef CONFIG_BT_HCIBTUSB_BCM 2980 if (id->driver_info & BTUSB_BCM_PATCHRAM) { 2981 hdev->manufacturer = 15; 2982 hdev->setup = btbcm_setup_patchram; 2983 hdev->set_diag = btusb_bcm_set_diag; 2984 hdev->set_bdaddr = btbcm_set_bdaddr; 2985 2986 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 2987 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 2988 } 2989 2990 if (id->driver_info & BTUSB_BCM_APPLE) { 2991 hdev->manufacturer = 15; 2992 hdev->setup = btbcm_setup_apple; 2993 hdev->set_diag = btusb_bcm_set_diag; 2994 2995 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 2996 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 2997 } 2998 #endif 2999 3000 if (id->driver_info & BTUSB_INTEL) { 3001 hdev->manufacturer = 2; 3002 hdev->setup = btusb_setup_intel; 3003 hdev->shutdown = btusb_shutdown_intel; 3004 hdev->set_diag = btintel_set_diag_mfg; 3005 hdev->set_bdaddr = btintel_set_bdaddr; 3006 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3007 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3008 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3009 } 3010 3011 if (id->driver_info & BTUSB_INTEL_NEW) { 3012 hdev->manufacturer = 2; 3013 hdev->send = btusb_send_frame_intel; 3014 hdev->setup = btusb_setup_intel_new; 3015 hdev->hw_error = btintel_hw_error; 3016 hdev->set_diag = btintel_set_diag; 3017 hdev->set_bdaddr = btintel_set_bdaddr; 3018 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3019 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 3020 } 3021 3022 if (id->driver_info & BTUSB_MARVELL) 3023 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 3024 3025 if (id->driver_info & BTUSB_SWAVE) { 3026 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 3027 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 3028 } 3029 3030 if (id->driver_info & BTUSB_INTEL_BOOT) { 3031 hdev->manufacturer = 2; 3032 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3033 } 3034 3035 if (id->driver_info & BTUSB_ATH3012) { 3036 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3037 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3038 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 3039 } 3040 3041 if (id->driver_info & BTUSB_QCA_ROME) { 3042 data->setup_on_usb = btusb_setup_qca; 3043 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3044 3045 /* QCA Rome devices lose their updated firmware over suspend, 3046 * but the USB hub doesn't notice any status change. 3047 * explicitly request a device reset on resume. 3048 */ 3049 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3050 } 3051 3052 #ifdef CONFIG_BT_HCIBTUSB_RTL 3053 if (id->driver_info & BTUSB_REALTEK) { 3054 hdev->setup = btrtl_setup_realtek; 3055 3056 /* Realtek devices lose their updated firmware over suspend, 3057 * but the USB hub doesn't notice any status change. 3058 * Explicitly request a device reset on resume. 3059 */ 3060 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3061 } 3062 #endif 3063 3064 if (id->driver_info & BTUSB_AMP) { 3065 /* AMP controllers do not support SCO packets */ 3066 data->isoc = NULL; 3067 } else { 3068 /* Interface orders are hardcoded in the specification */ 3069 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 3070 data->isoc_ifnum = ifnum_base + 1; 3071 } 3072 3073 if (!reset) 3074 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3075 3076 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 3077 if (!disable_scofix) 3078 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 3079 } 3080 3081 if (id->driver_info & BTUSB_BROKEN_ISOC) 3082 data->isoc = NULL; 3083 3084 if (id->driver_info & BTUSB_DIGIANSWER) { 3085 data->cmdreq_type = USB_TYPE_VENDOR; 3086 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3087 } 3088 3089 if (id->driver_info & BTUSB_CSR) { 3090 struct usb_device *udev = data->udev; 3091 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 3092 3093 /* Old firmware would otherwise execute USB reset */ 3094 if (bcdDevice < 0x117) 3095 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 3096 3097 /* Fake CSR devices with broken commands */ 3098 if (bcdDevice <= 0x100 || bcdDevice == 0x134) 3099 hdev->setup = btusb_setup_csr; 3100 3101 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 3102 } 3103 3104 if (id->driver_info & BTUSB_SNIFFER) { 3105 struct usb_device *udev = data->udev; 3106 3107 /* New sniffer firmware has crippled HCI interface */ 3108 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 3109 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 3110 } 3111 3112 if (id->driver_info & BTUSB_INTEL_BOOT) { 3113 /* A bug in the bootloader causes that interrupt interface is 3114 * only enabled after receiving SetInterface(0, AltSetting=0). 3115 */ 3116 err = usb_set_interface(data->udev, 0, 0); 3117 if (err < 0) { 3118 BT_ERR("failed to set interface 0, alt 0 %d", err); 3119 goto out_free_dev; 3120 } 3121 } 3122 3123 if (data->isoc) { 3124 err = usb_driver_claim_interface(&btusb_driver, 3125 data->isoc, data); 3126 if (err < 0) 3127 goto out_free_dev; 3128 } 3129 3130 #ifdef CONFIG_BT_HCIBTUSB_BCM 3131 if (data->diag) { 3132 if (!usb_driver_claim_interface(&btusb_driver, 3133 data->diag, data)) 3134 __set_diag_interface(hdev); 3135 else 3136 data->diag = NULL; 3137 } 3138 #endif 3139 3140 if (enable_autosuspend) 3141 usb_enable_autosuspend(data->udev); 3142 3143 err = hci_register_dev(hdev); 3144 if (err < 0) 3145 goto out_free_dev; 3146 3147 usb_set_intfdata(intf, data); 3148 3149 return 0; 3150 3151 out_free_dev: 3152 hci_free_dev(hdev); 3153 return err; 3154 } 3155 3156 static void btusb_disconnect(struct usb_interface *intf) 3157 { 3158 struct btusb_data *data = usb_get_intfdata(intf); 3159 struct hci_dev *hdev; 3160 3161 BT_DBG("intf %p", intf); 3162 3163 if (!data) 3164 return; 3165 3166 hdev = data->hdev; 3167 usb_set_intfdata(data->intf, NULL); 3168 3169 if (data->isoc) 3170 usb_set_intfdata(data->isoc, NULL); 3171 3172 if (data->diag) 3173 usb_set_intfdata(data->diag, NULL); 3174 3175 hci_unregister_dev(hdev); 3176 3177 if (intf == data->intf) { 3178 if (data->isoc) 3179 usb_driver_release_interface(&btusb_driver, data->isoc); 3180 if (data->diag) 3181 usb_driver_release_interface(&btusb_driver, data->diag); 3182 } else if (intf == data->isoc) { 3183 if (data->diag) 3184 usb_driver_release_interface(&btusb_driver, data->diag); 3185 usb_driver_release_interface(&btusb_driver, data->intf); 3186 } else if (intf == data->diag) { 3187 usb_driver_release_interface(&btusb_driver, data->intf); 3188 if (data->isoc) 3189 usb_driver_release_interface(&btusb_driver, data->isoc); 3190 } 3191 3192 if (data->oob_wake_irq) 3193 device_init_wakeup(&data->udev->dev, false); 3194 3195 hci_free_dev(hdev); 3196 } 3197 3198 #ifdef CONFIG_PM 3199 static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 3200 { 3201 struct btusb_data *data = usb_get_intfdata(intf); 3202 3203 BT_DBG("intf %p", intf); 3204 3205 if (data->suspend_count++) 3206 return 0; 3207 3208 spin_lock_irq(&data->txlock); 3209 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 3210 set_bit(BTUSB_SUSPENDING, &data->flags); 3211 spin_unlock_irq(&data->txlock); 3212 } else { 3213 spin_unlock_irq(&data->txlock); 3214 data->suspend_count--; 3215 return -EBUSY; 3216 } 3217 3218 cancel_work_sync(&data->work); 3219 3220 btusb_stop_traffic(data); 3221 usb_kill_anchored_urbs(&data->tx_anchor); 3222 3223 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 3224 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3225 enable_irq_wake(data->oob_wake_irq); 3226 enable_irq(data->oob_wake_irq); 3227 } 3228 3229 return 0; 3230 } 3231 3232 static void play_deferred(struct btusb_data *data) 3233 { 3234 struct urb *urb; 3235 int err; 3236 3237 while ((urb = usb_get_from_anchor(&data->deferred))) { 3238 usb_anchor_urb(urb, &data->tx_anchor); 3239 3240 err = usb_submit_urb(urb, GFP_ATOMIC); 3241 if (err < 0) { 3242 if (err != -EPERM && err != -ENODEV) 3243 BT_ERR("%s urb %p submission failed (%d)", 3244 data->hdev->name, urb, -err); 3245 kfree(urb->setup_packet); 3246 usb_unanchor_urb(urb); 3247 usb_free_urb(urb); 3248 break; 3249 } 3250 3251 data->tx_in_flight++; 3252 usb_free_urb(urb); 3253 } 3254 3255 /* Cleanup the rest deferred urbs. */ 3256 while ((urb = usb_get_from_anchor(&data->deferred))) { 3257 kfree(urb->setup_packet); 3258 usb_free_urb(urb); 3259 } 3260 } 3261 3262 static int btusb_resume(struct usb_interface *intf) 3263 { 3264 struct btusb_data *data = usb_get_intfdata(intf); 3265 struct hci_dev *hdev = data->hdev; 3266 int err = 0; 3267 3268 BT_DBG("intf %p", intf); 3269 3270 if (--data->suspend_count) 3271 return 0; 3272 3273 /* Disable only if not already disabled (keep it balanced) */ 3274 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3275 disable_irq(data->oob_wake_irq); 3276 disable_irq_wake(data->oob_wake_irq); 3277 } 3278 3279 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3280 goto done; 3281 3282 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 3283 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 3284 if (err < 0) { 3285 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 3286 goto failed; 3287 } 3288 } 3289 3290 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 3291 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 3292 if (err < 0) { 3293 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 3294 goto failed; 3295 } 3296 3297 btusb_submit_bulk_urb(hdev, GFP_NOIO); 3298 } 3299 3300 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 3301 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 3302 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 3303 else 3304 btusb_submit_isoc_urb(hdev, GFP_NOIO); 3305 } 3306 3307 spin_lock_irq(&data->txlock); 3308 play_deferred(data); 3309 clear_bit(BTUSB_SUSPENDING, &data->flags); 3310 spin_unlock_irq(&data->txlock); 3311 schedule_work(&data->work); 3312 3313 return 0; 3314 3315 failed: 3316 usb_scuttle_anchored_urbs(&data->deferred); 3317 done: 3318 spin_lock_irq(&data->txlock); 3319 clear_bit(BTUSB_SUSPENDING, &data->flags); 3320 spin_unlock_irq(&data->txlock); 3321 3322 return err; 3323 } 3324 #endif 3325 3326 static struct usb_driver btusb_driver = { 3327 .name = "btusb", 3328 .probe = btusb_probe, 3329 .disconnect = btusb_disconnect, 3330 #ifdef CONFIG_PM 3331 .suspend = btusb_suspend, 3332 .resume = btusb_resume, 3333 #endif 3334 .id_table = btusb_table, 3335 .supports_autosuspend = 1, 3336 .disable_hub_initiated_lpm = 1, 3337 }; 3338 3339 module_usb_driver(btusb_driver); 3340 3341 module_param(disable_scofix, bool, 0644); 3342 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 3343 3344 module_param(force_scofix, bool, 0644); 3345 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 3346 3347 module_param(enable_autosuspend, bool, 0644); 3348 MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 3349 3350 module_param(reset, bool, 0644); 3351 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 3352 3353 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 3354 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 3355 MODULE_VERSION(VERSION); 3356 MODULE_LICENSE("GPL"); 3357