1 /*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32
33 #include <linux/usb.h>
34
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37
38 #define VERSION "0.6"
39
40 static bool ignore_dga;
41 static bool ignore_csr;
42 static bool ignore_sniffer;
43 static bool disable_scofix;
44 static bool force_scofix;
45
46 static bool reset = 1;
47
48 static struct usb_driver btusb_driver;
49
50 #define BTUSB_IGNORE 0x01
51 #define BTUSB_DIGIANSWER 0x02
52 #define BTUSB_CSR 0x04
53 #define BTUSB_SNIFFER 0x08
54 #define BTUSB_BCM92035 0x10
55 #define BTUSB_BROKEN_ISOC 0x20
56 #define BTUSB_WRONG_SCO_MTU 0x40
57 #define BTUSB_ATH3012 0x80
58
59 static struct usb_device_id btusb_table[] = {
60 /* Generic Bluetooth USB device */
61 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
62
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x05ac, 0x21e1) },
65
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
68
69 /* Apple iMac11,1 */
70 { USB_DEVICE(0x05ac, 0x8215) },
71
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
74
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
77
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
80
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
83
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
86
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
89
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
92
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
96
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
99
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
102
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0a5c, 0x21e3) },
105 { USB_DEVICE(0x0a5c, 0x21f3) },
106 { USB_DEVICE(0x413c, 0x8197) },
107
108 { } /* Terminating entry */
109 };
110
111 MODULE_DEVICE_TABLE(usb, btusb_table);
112
113 static struct usb_device_id blacklist_table[] = {
114 /* CSR BlueCore devices */
115 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
116
117 /* Broadcom BCM2033 without firmware */
118 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
119
120 /* Atheros 3011 with sflash firmware */
121 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
122 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
123 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
124
125 /* Atheros AR9285 Malbec with sflash firmware */
126 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
127
128 /* Atheros 3012 with sflash firmware */
129 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
130
131 /* Atheros AR5BBU12 with sflash firmware */
132 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
133
134 /* Broadcom BCM2035 */
135 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
136 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
137 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
138
139 /* Broadcom BCM2045 */
140 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
141 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
142
143 /* IBM/Lenovo ThinkPad with Broadcom chip */
144 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
145 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
146
147 /* HP laptop with Broadcom chip */
148 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
149
150 /* Dell laptop with Broadcom chip */
151 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
152
153 /* Dell Wireless 370 and 410 devices */
154 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
155 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
156
157 /* Belkin F8T012 and F8T013 devices */
158 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
159 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
160
161 /* Asus WL-BTD202 device */
162 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
163
164 /* Kensington Bluetooth USB adapter */
165 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
166
167 /* RTX Telecom based adapters with buggy SCO support */
168 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
169 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
170
171 /* CONWISE Technology based adapters with buggy SCO support */
172 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
173
174 /* Digianswer devices */
175 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
176 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
177
178 /* CSR BlueCore Bluetooth Sniffer */
179 { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
180
181 /* Frontline ComProbe Bluetooth Sniffer */
182 { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
183
184 { } /* Terminating entry */
185 };
186
187 #define BTUSB_MAX_ISOC_FRAMES 10
188
189 #define BTUSB_INTR_RUNNING 0
190 #define BTUSB_BULK_RUNNING 1
191 #define BTUSB_ISOC_RUNNING 2
192 #define BTUSB_SUSPENDING 3
193 #define BTUSB_DID_ISO_RESUME 4
194
195 struct btusb_data {
196 struct hci_dev *hdev;
197 struct usb_device *udev;
198 struct usb_interface *intf;
199 struct usb_interface *isoc;
200
201 spinlock_t lock;
202
203 unsigned long flags;
204
205 struct work_struct work;
206 struct work_struct waker;
207
208 struct usb_anchor tx_anchor;
209 struct usb_anchor intr_anchor;
210 struct usb_anchor bulk_anchor;
211 struct usb_anchor isoc_anchor;
212 struct usb_anchor deferred;
213 int tx_in_flight;
214 spinlock_t txlock;
215
216 struct usb_endpoint_descriptor *intr_ep;
217 struct usb_endpoint_descriptor *bulk_tx_ep;
218 struct usb_endpoint_descriptor *bulk_rx_ep;
219 struct usb_endpoint_descriptor *isoc_tx_ep;
220 struct usb_endpoint_descriptor *isoc_rx_ep;
221
222 __u8 cmdreq_type;
223
224 unsigned int sco_num;
225 int isoc_altsetting;
226 int suspend_count;
227 };
228
inc_tx(struct btusb_data * data)229 static int inc_tx(struct btusb_data *data)
230 {
231 unsigned long flags;
232 int rv;
233
234 spin_lock_irqsave(&data->txlock, flags);
235 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
236 if (!rv)
237 data->tx_in_flight++;
238 spin_unlock_irqrestore(&data->txlock, flags);
239
240 return rv;
241 }
242
btusb_intr_complete(struct urb * urb)243 static void btusb_intr_complete(struct urb *urb)
244 {
245 struct hci_dev *hdev = urb->context;
246 struct btusb_data *data = hdev->driver_data;
247 int err;
248
249 BT_DBG("%s urb %p status %d count %d", hdev->name,
250 urb, urb->status, urb->actual_length);
251
252 if (!test_bit(HCI_RUNNING, &hdev->flags))
253 return;
254
255 if (urb->status == 0) {
256 hdev->stat.byte_rx += urb->actual_length;
257
258 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
259 urb->transfer_buffer,
260 urb->actual_length) < 0) {
261 BT_ERR("%s corrupted event packet", hdev->name);
262 hdev->stat.err_rx++;
263 }
264 }
265
266 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
267 return;
268
269 usb_mark_last_busy(data->udev);
270 usb_anchor_urb(urb, &data->intr_anchor);
271
272 err = usb_submit_urb(urb, GFP_ATOMIC);
273 if (err < 0) {
274 /* -EPERM: urb is being killed;
275 * -ENODEV: device got disconnected */
276 if (err != -EPERM && err != -ENODEV)
277 BT_ERR("%s urb %p failed to resubmit (%d)",
278 hdev->name, urb, -err);
279 usb_unanchor_urb(urb);
280 }
281 }
282
btusb_submit_intr_urb(struct hci_dev * hdev,gfp_t mem_flags)283 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
284 {
285 struct btusb_data *data = hdev->driver_data;
286 struct urb *urb;
287 unsigned char *buf;
288 unsigned int pipe;
289 int err, size;
290
291 BT_DBG("%s", hdev->name);
292
293 if (!data->intr_ep)
294 return -ENODEV;
295
296 urb = usb_alloc_urb(0, mem_flags);
297 if (!urb)
298 return -ENOMEM;
299
300 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
301
302 buf = kmalloc(size, mem_flags);
303 if (!buf) {
304 usb_free_urb(urb);
305 return -ENOMEM;
306 }
307
308 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
309
310 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
311 btusb_intr_complete, hdev,
312 data->intr_ep->bInterval);
313
314 urb->transfer_flags |= URB_FREE_BUFFER;
315
316 usb_anchor_urb(urb, &data->intr_anchor);
317
318 err = usb_submit_urb(urb, mem_flags);
319 if (err < 0) {
320 if (err != -EPERM && err != -ENODEV)
321 BT_ERR("%s urb %p submission failed (%d)",
322 hdev->name, urb, -err);
323 usb_unanchor_urb(urb);
324 }
325
326 usb_free_urb(urb);
327
328 return err;
329 }
330
btusb_bulk_complete(struct urb * urb)331 static void btusb_bulk_complete(struct urb *urb)
332 {
333 struct hci_dev *hdev = urb->context;
334 struct btusb_data *data = hdev->driver_data;
335 int err;
336
337 BT_DBG("%s urb %p status %d count %d", hdev->name,
338 urb, urb->status, urb->actual_length);
339
340 if (!test_bit(HCI_RUNNING, &hdev->flags))
341 return;
342
343 if (urb->status == 0) {
344 hdev->stat.byte_rx += urb->actual_length;
345
346 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
347 urb->transfer_buffer,
348 urb->actual_length) < 0) {
349 BT_ERR("%s corrupted ACL packet", hdev->name);
350 hdev->stat.err_rx++;
351 }
352 }
353
354 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
355 return;
356
357 usb_anchor_urb(urb, &data->bulk_anchor);
358 usb_mark_last_busy(data->udev);
359
360 err = usb_submit_urb(urb, GFP_ATOMIC);
361 if (err < 0) {
362 /* -EPERM: urb is being killed;
363 * -ENODEV: device got disconnected */
364 if (err != -EPERM && err != -ENODEV)
365 BT_ERR("%s urb %p failed to resubmit (%d)",
366 hdev->name, urb, -err);
367 usb_unanchor_urb(urb);
368 }
369 }
370
btusb_submit_bulk_urb(struct hci_dev * hdev,gfp_t mem_flags)371 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
372 {
373 struct btusb_data *data = hdev->driver_data;
374 struct urb *urb;
375 unsigned char *buf;
376 unsigned int pipe;
377 int err, size = HCI_MAX_FRAME_SIZE;
378
379 BT_DBG("%s", hdev->name);
380
381 if (!data->bulk_rx_ep)
382 return -ENODEV;
383
384 urb = usb_alloc_urb(0, mem_flags);
385 if (!urb)
386 return -ENOMEM;
387
388 buf = kmalloc(size, mem_flags);
389 if (!buf) {
390 usb_free_urb(urb);
391 return -ENOMEM;
392 }
393
394 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
395
396 usb_fill_bulk_urb(urb, data->udev, pipe,
397 buf, size, btusb_bulk_complete, hdev);
398
399 urb->transfer_flags |= URB_FREE_BUFFER;
400
401 usb_mark_last_busy(data->udev);
402 usb_anchor_urb(urb, &data->bulk_anchor);
403
404 err = usb_submit_urb(urb, mem_flags);
405 if (err < 0) {
406 if (err != -EPERM && err != -ENODEV)
407 BT_ERR("%s urb %p submission failed (%d)",
408 hdev->name, urb, -err);
409 usb_unanchor_urb(urb);
410 }
411
412 usb_free_urb(urb);
413
414 return err;
415 }
416
btusb_isoc_complete(struct urb * urb)417 static void btusb_isoc_complete(struct urb *urb)
418 {
419 struct hci_dev *hdev = urb->context;
420 struct btusb_data *data = hdev->driver_data;
421 int i, err;
422
423 BT_DBG("%s urb %p status %d count %d", hdev->name,
424 urb, urb->status, urb->actual_length);
425
426 if (!test_bit(HCI_RUNNING, &hdev->flags))
427 return;
428
429 if (urb->status == 0) {
430 for (i = 0; i < urb->number_of_packets; i++) {
431 unsigned int offset = urb->iso_frame_desc[i].offset;
432 unsigned int length = urb->iso_frame_desc[i].actual_length;
433
434 if (urb->iso_frame_desc[i].status)
435 continue;
436
437 hdev->stat.byte_rx += length;
438
439 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
440 urb->transfer_buffer + offset,
441 length) < 0) {
442 BT_ERR("%s corrupted SCO packet", hdev->name);
443 hdev->stat.err_rx++;
444 }
445 }
446 }
447
448 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
449 return;
450
451 usb_anchor_urb(urb, &data->isoc_anchor);
452
453 err = usb_submit_urb(urb, GFP_ATOMIC);
454 if (err < 0) {
455 /* -EPERM: urb is being killed;
456 * -ENODEV: device got disconnected */
457 if (err != -EPERM && err != -ENODEV)
458 BT_ERR("%s urb %p failed to resubmit (%d)",
459 hdev->name, urb, -err);
460 usb_unanchor_urb(urb);
461 }
462 }
463
__fill_isoc_descriptor(struct urb * urb,int len,int mtu)464 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
465 {
466 int i, offset = 0;
467
468 BT_DBG("len %d mtu %d", len, mtu);
469
470 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
471 i++, offset += mtu, len -= mtu) {
472 urb->iso_frame_desc[i].offset = offset;
473 urb->iso_frame_desc[i].length = mtu;
474 }
475
476 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
477 urb->iso_frame_desc[i].offset = offset;
478 urb->iso_frame_desc[i].length = len;
479 i++;
480 }
481
482 urb->number_of_packets = i;
483 }
484
btusb_submit_isoc_urb(struct hci_dev * hdev,gfp_t mem_flags)485 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
486 {
487 struct btusb_data *data = hdev->driver_data;
488 struct urb *urb;
489 unsigned char *buf;
490 unsigned int pipe;
491 int err, size;
492
493 BT_DBG("%s", hdev->name);
494
495 if (!data->isoc_rx_ep)
496 return -ENODEV;
497
498 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
499 if (!urb)
500 return -ENOMEM;
501
502 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
503 BTUSB_MAX_ISOC_FRAMES;
504
505 buf = kmalloc(size, mem_flags);
506 if (!buf) {
507 usb_free_urb(urb);
508 return -ENOMEM;
509 }
510
511 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
512
513 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
514 hdev, data->isoc_rx_ep->bInterval);
515
516 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
517
518 __fill_isoc_descriptor(urb, size,
519 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
520
521 usb_anchor_urb(urb, &data->isoc_anchor);
522
523 err = usb_submit_urb(urb, mem_flags);
524 if (err < 0) {
525 if (err != -EPERM && err != -ENODEV)
526 BT_ERR("%s urb %p submission failed (%d)",
527 hdev->name, urb, -err);
528 usb_unanchor_urb(urb);
529 }
530
531 usb_free_urb(urb);
532
533 return err;
534 }
535
btusb_tx_complete(struct urb * urb)536 static void btusb_tx_complete(struct urb *urb)
537 {
538 struct sk_buff *skb = urb->context;
539 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
540 struct btusb_data *data = hdev->driver_data;
541
542 BT_DBG("%s urb %p status %d count %d", hdev->name,
543 urb, urb->status, urb->actual_length);
544
545 if (!test_bit(HCI_RUNNING, &hdev->flags))
546 goto done;
547
548 if (!urb->status)
549 hdev->stat.byte_tx += urb->transfer_buffer_length;
550 else
551 hdev->stat.err_tx++;
552
553 done:
554 spin_lock(&data->txlock);
555 data->tx_in_flight--;
556 spin_unlock(&data->txlock);
557
558 kfree(urb->setup_packet);
559
560 kfree_skb(skb);
561 }
562
btusb_isoc_tx_complete(struct urb * urb)563 static void btusb_isoc_tx_complete(struct urb *urb)
564 {
565 struct sk_buff *skb = urb->context;
566 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
567
568 BT_DBG("%s urb %p status %d count %d", hdev->name,
569 urb, urb->status, urb->actual_length);
570
571 if (!test_bit(HCI_RUNNING, &hdev->flags))
572 goto done;
573
574 if (!urb->status)
575 hdev->stat.byte_tx += urb->transfer_buffer_length;
576 else
577 hdev->stat.err_tx++;
578
579 done:
580 kfree(urb->setup_packet);
581
582 kfree_skb(skb);
583 }
584
btusb_open(struct hci_dev * hdev)585 static int btusb_open(struct hci_dev *hdev)
586 {
587 struct btusb_data *data = hdev->driver_data;
588 int err;
589
590 BT_DBG("%s", hdev->name);
591
592 err = usb_autopm_get_interface(data->intf);
593 if (err < 0)
594 return err;
595
596 data->intf->needs_remote_wakeup = 1;
597
598 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
599 goto done;
600
601 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
602 goto done;
603
604 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
605 if (err < 0)
606 goto failed;
607
608 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
609 if (err < 0) {
610 usb_kill_anchored_urbs(&data->intr_anchor);
611 goto failed;
612 }
613
614 set_bit(BTUSB_BULK_RUNNING, &data->flags);
615 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
616
617 done:
618 usb_autopm_put_interface(data->intf);
619 return 0;
620
621 failed:
622 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
623 clear_bit(HCI_RUNNING, &hdev->flags);
624 usb_autopm_put_interface(data->intf);
625 return err;
626 }
627
btusb_stop_traffic(struct btusb_data * data)628 static void btusb_stop_traffic(struct btusb_data *data)
629 {
630 usb_kill_anchored_urbs(&data->intr_anchor);
631 usb_kill_anchored_urbs(&data->bulk_anchor);
632 usb_kill_anchored_urbs(&data->isoc_anchor);
633 }
634
btusb_close(struct hci_dev * hdev)635 static int btusb_close(struct hci_dev *hdev)
636 {
637 struct btusb_data *data = hdev->driver_data;
638 int err;
639
640 BT_DBG("%s", hdev->name);
641
642 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
643 return 0;
644
645 cancel_work_sync(&data->work);
646 cancel_work_sync(&data->waker);
647
648 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
649 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
650 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
651
652 btusb_stop_traffic(data);
653 err = usb_autopm_get_interface(data->intf);
654 if (err < 0)
655 goto failed;
656
657 data->intf->needs_remote_wakeup = 0;
658 usb_autopm_put_interface(data->intf);
659
660 failed:
661 usb_scuttle_anchored_urbs(&data->deferred);
662 return 0;
663 }
664
btusb_flush(struct hci_dev * hdev)665 static int btusb_flush(struct hci_dev *hdev)
666 {
667 struct btusb_data *data = hdev->driver_data;
668
669 BT_DBG("%s", hdev->name);
670
671 usb_kill_anchored_urbs(&data->tx_anchor);
672
673 return 0;
674 }
675
btusb_send_frame(struct sk_buff * skb)676 static int btusb_send_frame(struct sk_buff *skb)
677 {
678 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
679 struct btusb_data *data = hdev->driver_data;
680 struct usb_ctrlrequest *dr;
681 struct urb *urb;
682 unsigned int pipe;
683 int err;
684
685 BT_DBG("%s", hdev->name);
686
687 if (!test_bit(HCI_RUNNING, &hdev->flags))
688 return -EBUSY;
689
690 switch (bt_cb(skb)->pkt_type) {
691 case HCI_COMMAND_PKT:
692 urb = usb_alloc_urb(0, GFP_ATOMIC);
693 if (!urb)
694 return -ENOMEM;
695
696 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
697 if (!dr) {
698 usb_free_urb(urb);
699 return -ENOMEM;
700 }
701
702 dr->bRequestType = data->cmdreq_type;
703 dr->bRequest = 0;
704 dr->wIndex = 0;
705 dr->wValue = 0;
706 dr->wLength = __cpu_to_le16(skb->len);
707
708 pipe = usb_sndctrlpipe(data->udev, 0x00);
709
710 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
711 skb->data, skb->len, btusb_tx_complete, skb);
712
713 hdev->stat.cmd_tx++;
714 break;
715
716 case HCI_ACLDATA_PKT:
717 if (!data->bulk_tx_ep)
718 return -ENODEV;
719
720 urb = usb_alloc_urb(0, GFP_ATOMIC);
721 if (!urb)
722 return -ENOMEM;
723
724 pipe = usb_sndbulkpipe(data->udev,
725 data->bulk_tx_ep->bEndpointAddress);
726
727 usb_fill_bulk_urb(urb, data->udev, pipe,
728 skb->data, skb->len, btusb_tx_complete, skb);
729
730 hdev->stat.acl_tx++;
731 break;
732
733 case HCI_SCODATA_PKT:
734 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
735 return -ENODEV;
736
737 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
738 if (!urb)
739 return -ENOMEM;
740
741 pipe = usb_sndisocpipe(data->udev,
742 data->isoc_tx_ep->bEndpointAddress);
743
744 usb_fill_int_urb(urb, data->udev, pipe,
745 skb->data, skb->len, btusb_isoc_tx_complete,
746 skb, data->isoc_tx_ep->bInterval);
747
748 urb->transfer_flags = URB_ISO_ASAP;
749
750 __fill_isoc_descriptor(urb, skb->len,
751 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
752
753 hdev->stat.sco_tx++;
754 goto skip_waking;
755
756 default:
757 return -EILSEQ;
758 }
759
760 err = inc_tx(data);
761 if (err) {
762 usb_anchor_urb(urb, &data->deferred);
763 schedule_work(&data->waker);
764 err = 0;
765 goto done;
766 }
767
768 skip_waking:
769 usb_anchor_urb(urb, &data->tx_anchor);
770
771 err = usb_submit_urb(urb, GFP_ATOMIC);
772 if (err < 0) {
773 if (err != -EPERM && err != -ENODEV)
774 BT_ERR("%s urb %p submission failed (%d)",
775 hdev->name, urb, -err);
776 kfree(urb->setup_packet);
777 usb_unanchor_urb(urb);
778 } else {
779 usb_mark_last_busy(data->udev);
780 }
781
782 done:
783 usb_free_urb(urb);
784 return err;
785 }
786
btusb_destruct(struct hci_dev * hdev)787 static void btusb_destruct(struct hci_dev *hdev)
788 {
789 struct btusb_data *data = hdev->driver_data;
790
791 BT_DBG("%s", hdev->name);
792
793 kfree(data);
794 }
795
btusb_notify(struct hci_dev * hdev,unsigned int evt)796 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
797 {
798 struct btusb_data *data = hdev->driver_data;
799
800 BT_DBG("%s evt %d", hdev->name, evt);
801
802 if (hdev->conn_hash.sco_num != data->sco_num) {
803 data->sco_num = hdev->conn_hash.sco_num;
804 schedule_work(&data->work);
805 }
806 }
807
__set_isoc_interface(struct hci_dev * hdev,int altsetting)808 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
809 {
810 struct btusb_data *data = hdev->driver_data;
811 struct usb_interface *intf = data->isoc;
812 struct usb_endpoint_descriptor *ep_desc;
813 int i, err;
814
815 if (!data->isoc)
816 return -ENODEV;
817
818 err = usb_set_interface(data->udev, 1, altsetting);
819 if (err < 0) {
820 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
821 return err;
822 }
823
824 data->isoc_altsetting = altsetting;
825
826 data->isoc_tx_ep = NULL;
827 data->isoc_rx_ep = NULL;
828
829 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
830 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
831
832 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
833 data->isoc_tx_ep = ep_desc;
834 continue;
835 }
836
837 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
838 data->isoc_rx_ep = ep_desc;
839 continue;
840 }
841 }
842
843 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
844 BT_ERR("%s invalid SCO descriptors", hdev->name);
845 return -ENODEV;
846 }
847
848 return 0;
849 }
850
btusb_work(struct work_struct * work)851 static void btusb_work(struct work_struct *work)
852 {
853 struct btusb_data *data = container_of(work, struct btusb_data, work);
854 struct hci_dev *hdev = data->hdev;
855 int err;
856
857 if (hdev->conn_hash.sco_num > 0) {
858 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
859 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
860 if (err < 0) {
861 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
862 usb_kill_anchored_urbs(&data->isoc_anchor);
863 return;
864 }
865
866 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
867 }
868 if (data->isoc_altsetting != 2) {
869 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
870 usb_kill_anchored_urbs(&data->isoc_anchor);
871
872 if (__set_isoc_interface(hdev, 2) < 0)
873 return;
874 }
875
876 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
877 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
878 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
879 else
880 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
881 }
882 } else {
883 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
884 usb_kill_anchored_urbs(&data->isoc_anchor);
885
886 __set_isoc_interface(hdev, 0);
887 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
888 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
889 }
890 }
891
btusb_waker(struct work_struct * work)892 static void btusb_waker(struct work_struct *work)
893 {
894 struct btusb_data *data = container_of(work, struct btusb_data, waker);
895 int err;
896
897 err = usb_autopm_get_interface(data->intf);
898 if (err < 0)
899 return;
900
901 usb_autopm_put_interface(data->intf);
902 }
903
btusb_probe(struct usb_interface * intf,const struct usb_device_id * id)904 static int btusb_probe(struct usb_interface *intf,
905 const struct usb_device_id *id)
906 {
907 struct usb_endpoint_descriptor *ep_desc;
908 struct btusb_data *data;
909 struct hci_dev *hdev;
910 int i, err;
911
912 BT_DBG("intf %p id %p", intf, id);
913
914 /* interface numbers are hardcoded in the spec */
915 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
916 return -ENODEV;
917
918 if (!id->driver_info) {
919 const struct usb_device_id *match;
920 match = usb_match_id(intf, blacklist_table);
921 if (match)
922 id = match;
923 }
924
925 if (id->driver_info == BTUSB_IGNORE)
926 return -ENODEV;
927
928 if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
929 return -ENODEV;
930
931 if (ignore_csr && id->driver_info & BTUSB_CSR)
932 return -ENODEV;
933
934 if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
935 return -ENODEV;
936
937 if (id->driver_info & BTUSB_ATH3012) {
938 struct usb_device *udev = interface_to_usbdev(intf);
939
940 /* Old firmware would otherwise let ath3k driver load
941 * patch and sysconfig files */
942 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
943 return -ENODEV;
944 }
945
946 data = kzalloc(sizeof(*data), GFP_KERNEL);
947 if (!data)
948 return -ENOMEM;
949
950 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
951 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
952
953 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
954 data->intr_ep = ep_desc;
955 continue;
956 }
957
958 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
959 data->bulk_tx_ep = ep_desc;
960 continue;
961 }
962
963 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
964 data->bulk_rx_ep = ep_desc;
965 continue;
966 }
967 }
968
969 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
970 kfree(data);
971 return -ENODEV;
972 }
973
974 data->cmdreq_type = USB_TYPE_CLASS;
975
976 data->udev = interface_to_usbdev(intf);
977 data->intf = intf;
978
979 spin_lock_init(&data->lock);
980
981 INIT_WORK(&data->work, btusb_work);
982 INIT_WORK(&data->waker, btusb_waker);
983 spin_lock_init(&data->txlock);
984
985 init_usb_anchor(&data->tx_anchor);
986 init_usb_anchor(&data->intr_anchor);
987 init_usb_anchor(&data->bulk_anchor);
988 init_usb_anchor(&data->isoc_anchor);
989 init_usb_anchor(&data->deferred);
990
991 hdev = hci_alloc_dev();
992 if (!hdev) {
993 kfree(data);
994 return -ENOMEM;
995 }
996
997 hdev->bus = HCI_USB;
998 hdev->driver_data = data;
999
1000 data->hdev = hdev;
1001
1002 SET_HCIDEV_DEV(hdev, &intf->dev);
1003
1004 hdev->open = btusb_open;
1005 hdev->close = btusb_close;
1006 hdev->flush = btusb_flush;
1007 hdev->send = btusb_send_frame;
1008 hdev->destruct = btusb_destruct;
1009 hdev->notify = btusb_notify;
1010
1011 hdev->owner = THIS_MODULE;
1012
1013 /* Interface numbers are hardcoded in the specification */
1014 data->isoc = usb_ifnum_to_if(data->udev, 1);
1015
1016 if (!reset)
1017 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1018
1019 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1020 if (!disable_scofix)
1021 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1022 }
1023
1024 if (id->driver_info & BTUSB_BROKEN_ISOC)
1025 data->isoc = NULL;
1026
1027 if (id->driver_info & BTUSB_DIGIANSWER) {
1028 data->cmdreq_type = USB_TYPE_VENDOR;
1029 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1030 }
1031
1032 if (id->driver_info & BTUSB_CSR) {
1033 struct usb_device *udev = data->udev;
1034
1035 /* Old firmware would otherwise execute USB reset */
1036 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1037 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1038 }
1039
1040 if (id->driver_info & BTUSB_SNIFFER) {
1041 struct usb_device *udev = data->udev;
1042
1043 /* New sniffer firmware has crippled HCI interface */
1044 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1045 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1046
1047 data->isoc = NULL;
1048 }
1049
1050 if (id->driver_info & BTUSB_BCM92035) {
1051 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1052 struct sk_buff *skb;
1053
1054 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1055 if (skb) {
1056 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1057 skb_queue_tail(&hdev->driver_init, skb);
1058 }
1059 }
1060
1061 if (data->isoc) {
1062 err = usb_driver_claim_interface(&btusb_driver,
1063 data->isoc, data);
1064 if (err < 0) {
1065 hci_free_dev(hdev);
1066 kfree(data);
1067 return err;
1068 }
1069 }
1070
1071 err = hci_register_dev(hdev);
1072 if (err < 0) {
1073 hci_free_dev(hdev);
1074 kfree(data);
1075 return err;
1076 }
1077
1078 usb_set_intfdata(intf, data);
1079
1080 return 0;
1081 }
1082
btusb_disconnect(struct usb_interface * intf)1083 static void btusb_disconnect(struct usb_interface *intf)
1084 {
1085 struct btusb_data *data = usb_get_intfdata(intf);
1086 struct hci_dev *hdev;
1087
1088 BT_DBG("intf %p", intf);
1089
1090 if (!data)
1091 return;
1092
1093 hdev = data->hdev;
1094
1095 __hci_dev_hold(hdev);
1096
1097 usb_set_intfdata(data->intf, NULL);
1098
1099 if (data->isoc)
1100 usb_set_intfdata(data->isoc, NULL);
1101
1102 hci_unregister_dev(hdev);
1103
1104 if (intf == data->isoc)
1105 usb_driver_release_interface(&btusb_driver, data->intf);
1106 else if (data->isoc)
1107 usb_driver_release_interface(&btusb_driver, data->isoc);
1108
1109 __hci_dev_put(hdev);
1110
1111 hci_free_dev(hdev);
1112 }
1113
1114 #ifdef CONFIG_PM
btusb_suspend(struct usb_interface * intf,pm_message_t message)1115 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1116 {
1117 struct btusb_data *data = usb_get_intfdata(intf);
1118
1119 BT_DBG("intf %p", intf);
1120
1121 if (data->suspend_count++)
1122 return 0;
1123
1124 spin_lock_irq(&data->txlock);
1125 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1126 set_bit(BTUSB_SUSPENDING, &data->flags);
1127 spin_unlock_irq(&data->txlock);
1128 } else {
1129 spin_unlock_irq(&data->txlock);
1130 data->suspend_count--;
1131 return -EBUSY;
1132 }
1133
1134 cancel_work_sync(&data->work);
1135
1136 btusb_stop_traffic(data);
1137 usb_kill_anchored_urbs(&data->tx_anchor);
1138
1139 return 0;
1140 }
1141
play_deferred(struct btusb_data * data)1142 static void play_deferred(struct btusb_data *data)
1143 {
1144 struct urb *urb;
1145 int err;
1146
1147 while ((urb = usb_get_from_anchor(&data->deferred))) {
1148 err = usb_submit_urb(urb, GFP_ATOMIC);
1149 if (err < 0)
1150 break;
1151
1152 data->tx_in_flight++;
1153 }
1154 usb_scuttle_anchored_urbs(&data->deferred);
1155 }
1156
btusb_resume(struct usb_interface * intf)1157 static int btusb_resume(struct usb_interface *intf)
1158 {
1159 struct btusb_data *data = usb_get_intfdata(intf);
1160 struct hci_dev *hdev = data->hdev;
1161 int err = 0;
1162
1163 BT_DBG("intf %p", intf);
1164
1165 if (--data->suspend_count)
1166 return 0;
1167
1168 if (!test_bit(HCI_RUNNING, &hdev->flags))
1169 goto done;
1170
1171 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1172 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1173 if (err < 0) {
1174 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1175 goto failed;
1176 }
1177 }
1178
1179 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1180 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1181 if (err < 0) {
1182 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1183 goto failed;
1184 }
1185
1186 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1187 }
1188
1189 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1190 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1191 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1192 else
1193 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1194 }
1195
1196 spin_lock_irq(&data->txlock);
1197 play_deferred(data);
1198 clear_bit(BTUSB_SUSPENDING, &data->flags);
1199 spin_unlock_irq(&data->txlock);
1200 schedule_work(&data->work);
1201
1202 return 0;
1203
1204 failed:
1205 usb_scuttle_anchored_urbs(&data->deferred);
1206 done:
1207 spin_lock_irq(&data->txlock);
1208 clear_bit(BTUSB_SUSPENDING, &data->flags);
1209 spin_unlock_irq(&data->txlock);
1210
1211 return err;
1212 }
1213 #endif
1214
1215 static struct usb_driver btusb_driver = {
1216 .name = "btusb",
1217 .probe = btusb_probe,
1218 .disconnect = btusb_disconnect,
1219 #ifdef CONFIG_PM
1220 .suspend = btusb_suspend,
1221 .resume = btusb_resume,
1222 #endif
1223 .id_table = btusb_table,
1224 .supports_autosuspend = 1,
1225 };
1226
1227 module_usb_driver(btusb_driver);
1228
1229 module_param(ignore_dga, bool, 0644);
1230 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1231
1232 module_param(ignore_csr, bool, 0644);
1233 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1234
1235 module_param(ignore_sniffer, bool, 0644);
1236 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1237
1238 module_param(disable_scofix, bool, 0644);
1239 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1240
1241 module_param(force_scofix, bool, 0644);
1242 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1243
1244 module_param(reset, bool, 0644);
1245 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1246
1247 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1248 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1249 MODULE_VERSION(VERSION);
1250 MODULE_LICENSE("GPL");
1251