Commit | Line | Data |
---|---|---|
5e23b923 MH |
1 | /* |
2 | * | |
3 | * Generic Bluetooth USB driver | |
4 | * | |
9bfa35fe | 5 | * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> |
5e23b923 MH |
6 | * |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation; either version 2 of the License, or | |
11 | * (at your option) any later version. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
21 | * | |
22 | */ | |
23 | ||
5e23b923 | 24 | #include <linux/module.h> |
5e23b923 | 25 | #include <linux/usb.h> |
dffd30ee | 26 | #include <linux/firmware.h> |
a2698a9b | 27 | #include <asm/unaligned.h> |
5e23b923 MH |
28 | |
29 | #include <net/bluetooth/bluetooth.h> | |
30 | #include <net/bluetooth/hci_core.h> | |
31 | ||
4185a0f5 | 32 | #include "btintel.h" |
1df1f591 | 33 | #include "btbcm.h" |
db33c77d | 34 | #include "btrtl.h" |
1df1f591 | 35 | |
34dced9b | 36 | #define VERSION "0.8" |
cfeb4145 | 37 | |
90ab5ee9 RR |
38 | static bool disable_scofix; |
39 | static bool force_scofix; | |
7a9d4020 | 40 | |
917a3337 | 41 | static bool reset = true; |
cfeb4145 MH |
42 | |
43 | static struct usb_driver btusb_driver; | |
44 | ||
45 | #define BTUSB_IGNORE 0x01 | |
7a9d4020 MH |
46 | #define BTUSB_DIGIANSWER 0x02 |
47 | #define BTUSB_CSR 0x04 | |
48 | #define BTUSB_SNIFFER 0x08 | |
49 | #define BTUSB_BCM92035 0x10 | |
50 | #define BTUSB_BROKEN_ISOC 0x20 | |
51 | #define BTUSB_WRONG_SCO_MTU 0x40 | |
2d25f8b4 | 52 | #define BTUSB_ATH3012 0x80 |
dffd30ee | 53 | #define BTUSB_INTEL 0x100 |
40df783d MH |
54 | #define BTUSB_INTEL_BOOT 0x200 |
55 | #define BTUSB_BCM_PATCHRAM 0x400 | |
ae8df494 | 56 | #define BTUSB_MARVELL 0x800 |
4fcef8ed | 57 | #define BTUSB_SWAVE 0x1000 |
cda0dd78 | 58 | #define BTUSB_INTEL_NEW 0x2000 |
893ba544 | 59 | #define BTUSB_AMP 0x4000 |
3267c884 | 60 | #define BTUSB_QCA_ROME 0x8000 |
17b2772b | 61 | #define BTUSB_BCM_APPLE 0x10000 |
a2698a9b | 62 | #define BTUSB_REALTEK 0x20000 |
6c9d435d | 63 | #define BTUSB_BCM2045 0x40000 |
22f8e9db | 64 | #define BTUSB_IFNUM_2 0x80000 |
5e23b923 | 65 | |
54265202 | 66 | static const struct usb_device_id btusb_table[] = { |
5e23b923 MH |
67 | /* Generic Bluetooth USB device */ |
68 | { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, | |
69 | ||
893ba544 MH |
70 | /* Generic Bluetooth AMP device */ |
71 | { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, | |
72 | ||
d63b2826 DD |
73 | /* Generic Bluetooth USB interface */ |
74 | { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, | |
75 | ||
1fa6535f | 76 | /* Apple-specific (Broadcom) devices */ |
17b2772b | 77 | { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), |
22f8e9db | 78 | .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, |
1fa6535f | 79 | |
178c059e CYC |
80 | /* MediaTek MT76x0E */ |
81 | { USB_DEVICE(0x0e8d, 0x763f) }, | |
82 | ||
c510eae3 | 83 | /* Broadcom SoftSailing reporting vendor specific */ |
2e8b5063 | 84 | { USB_DEVICE(0x0a5c, 0x21e1) }, |
c510eae3 | 85 | |
3cd01976 NI |
86 | /* Apple MacBookPro 7,1 */ |
87 | { USB_DEVICE(0x05ac, 0x8213) }, | |
88 | ||
0a79f674 CL |
89 | /* Apple iMac11,1 */ |
90 | { USB_DEVICE(0x05ac, 0x8215) }, | |
91 | ||
9c047157 NI |
92 | /* Apple MacBookPro6,2 */ |
93 | { USB_DEVICE(0x05ac, 0x8218) }, | |
94 | ||
3e3ede7d EH |
95 | /* Apple MacBookAir3,1, MacBookAir3,2 */ |
96 | { USB_DEVICE(0x05ac, 0x821b) }, | |
97 | ||
a63b723d PAVM |
98 | /* Apple MacBookAir4,1 */ |
99 | { USB_DEVICE(0x05ac, 0x821f) }, | |
100 | ||
88d377b6 MAP |
101 | /* Apple MacBookPro8,2 */ |
102 | { USB_DEVICE(0x05ac, 0x821a) }, | |
103 | ||
f78b6826 JK |
104 | /* Apple MacMini5,1 */ |
105 | { USB_DEVICE(0x05ac, 0x8281) }, | |
106 | ||
cfeb4145 | 107 | /* AVM BlueFRITZ! USB v2.0 */ |
4fcef8ed | 108 | { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, |
cfeb4145 MH |
109 | |
110 | /* Bluetooth Ultraport Module from IBM */ | |
111 | { USB_DEVICE(0x04bf, 0x030a) }, | |
112 | ||
113 | /* ALPS Modules with non-standard id */ | |
114 | { USB_DEVICE(0x044e, 0x3001) }, | |
115 | { USB_DEVICE(0x044e, 0x3002) }, | |
116 | ||
117 | /* Ericsson with non-standard id */ | |
118 | { USB_DEVICE(0x0bdb, 0x1002) }, | |
119 | ||
120 | /* Canyon CN-BTU1 with HID interfaces */ | |
7a9d4020 | 121 | { USB_DEVICE(0x0c10, 0x0000) }, |
cfeb4145 | 122 | |
d13431ca WJS |
123 | /* Broadcom BCM20702A0 */ |
124 | { USB_DEVICE(0x413c, 0x8197) }, | |
125 | ||
d049f4e5 MH |
126 | /* Broadcom BCM20702B0 (Dynex/Insignia) */ |
127 | { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, | |
128 | ||
2faf71ce SR |
129 | /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ |
130 | { USB_DEVICE(0x105b, 0xe065), .driver_info = BTUSB_BCM_PATCHRAM }, | |
131 | ||
98514036 | 132 | /* Foxconn - Hon Hai */ |
6029ddc2 HS |
133 | { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), |
134 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
98514036 | 135 | |
8f0c304c MD |
136 | /* Lite-On Technology - Broadcom based */ |
137 | { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), | |
138 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
139 | ||
0b880062 | 140 | /* Broadcom devices with vendor specific id */ |
10d4c673 PG |
141 | { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), |
142 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
92c385f4 | 143 | |
c2aef6e8 | 144 | /* ASUSTek Computer - Broadcom based */ |
9a5abdaa RD |
145 | { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), |
146 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
c2aef6e8 | 147 | |
5bcecf32 | 148 | /* Belkin F8065bf - Broadcom based */ |
6331c686 MH |
149 | { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), |
150 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
5bcecf32 | 151 | |
9113bfd8 | 152 | /* IMC Networks - Broadcom based */ |
6331c686 MH |
153 | { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), |
154 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
9113bfd8 | 155 | |
1623d0bf DT |
156 | /* Toshiba Corp - Broadcom based */ |
157 | { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), | |
158 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
159 | ||
40df783d | 160 | /* Intel Bluetooth USB Bootloader (RAM module) */ |
d92f2df0 MH |
161 | { USB_DEVICE(0x8087, 0x0a5a), |
162 | .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, | |
40df783d | 163 | |
5e23b923 MH |
164 | { } /* Terminating entry */ |
165 | }; | |
166 | ||
167 | MODULE_DEVICE_TABLE(usb, btusb_table); | |
168 | ||
54265202 | 169 | static const struct usb_device_id blacklist_table[] = { |
cfeb4145 MH |
170 | /* CSR BlueCore devices */ |
171 | { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, | |
172 | ||
173 | /* Broadcom BCM2033 without firmware */ | |
174 | { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, | |
175 | ||
6c9d435d MH |
176 | /* Broadcom BCM2045 devices */ |
177 | { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, | |
178 | ||
be93112a | 179 | /* Atheros 3011 with sflash firmware */ |
0b880062 AS |
180 | { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, |
181 | { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, | |
2eeff0b4 | 182 | { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, |
0b880062 | 183 | { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, |
be93112a | 184 | { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, |
6eda541d | 185 | { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, |
2a7bcccc | 186 | { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, |
be93112a | 187 | |
509e7861 CYC |
188 | /* Atheros AR9285 Malbec with sflash firmware */ |
189 | { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, | |
190 | ||
d9f51b51 | 191 | /* Atheros 3012 with sflash firmware */ |
0b880062 AS |
192 | { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, |
193 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, | |
194 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, | |
195 | { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, | |
196 | { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, | |
692c062e | 197 | { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, |
4b552bc9 | 198 | { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
28c971d8 | 199 | { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
200 | { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
201 | { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, | |
202 | { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, | |
203 | { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, | |
1fb4e09a | 204 | { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
205 | { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, |
206 | { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, | |
7e730c7f | 207 | { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, |
ec0810d2 | 208 | { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, |
134d3b35 | 209 | { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, |
81d90442 | 210 | { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 211 | { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
cd355ff0 | 212 | { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 213 | { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, |
89d2975f | 214 | { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, |
a735f9e2 | 215 | { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, |
d66629c1 | 216 | { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, |
2d25f8b4 | 217 | { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, |
94a32d10 | 218 | { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, |
07c0ea87 | 219 | { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, |
b131237c | 220 | { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, |
1e56f1eb | 221 | { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 222 | { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, |
ebaf5795 | 223 | { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, |
18e0afab | 224 | { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 225 | { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, |
ac71311e | 226 | { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
0a3658cc | 227 | { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
ca79f232 | 228 | { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
229 | { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, |
230 | { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, | |
eed307e2 | 231 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
609574eb | 232 | { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, |
5b77a1f3 | 233 | { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, |
3bb30a7c | 234 | { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
033efa92 | 235 | { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, |
fa2f1394 | 236 | { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
75c6aca4 | 237 | { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, |
0d0cef61 | 238 | { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, |
72f9f8b5 | 239 | { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, |
d9f51b51 | 240 | |
e9036e33 CYC |
241 | /* Atheros AR5BBU12 with sflash firmware */ |
242 | { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, | |
243 | ||
85d59726 | 244 | /* Atheros AR5BBU12 with sflash firmware */ |
bc21fde2 | 245 | { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 246 | { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, |
85d59726 | 247 | |
3267c884 | 248 | /* QCA ROME chipset */ |
2054111b | 249 | { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, |
c9e44474 MH |
250 | { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, |
251 | { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, | |
3267c884 | 252 | |
cfeb4145 | 253 | /* Broadcom BCM2035 */ |
7a9d4020 | 254 | { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, |
0b880062 AS |
255 | { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, |
256 | { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 MH |
257 | |
258 | /* Broadcom BCM2045 */ | |
7a9d4020 MH |
259 | { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, |
260 | { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
bdbef3d6 | 261 | |
cfeb4145 | 262 | /* IBM/Lenovo ThinkPad with Broadcom chip */ |
7a9d4020 MH |
263 | { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, |
264 | { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 MH |
265 | |
266 | /* HP laptop with Broadcom chip */ | |
7a9d4020 | 267 | { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 MH |
268 | |
269 | /* Dell laptop with Broadcom chip */ | |
7a9d4020 | 270 | { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 | 271 | |
5ddd4a60 | 272 | /* Dell Wireless 370 and 410 devices */ |
7a9d4020 | 273 | { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, |
5ddd4a60 | 274 | { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 | 275 | |
7a9d4020 MH |
276 | /* Belkin F8T012 and F8T013 devices */ |
277 | { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
278 | { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 | 279 | |
5ddd4a60 MH |
280 | /* Asus WL-BTD202 device */ |
281 | { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
282 | ||
283 | /* Kensington Bluetooth USB adapter */ | |
284 | { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
285 | ||
cfeb4145 MH |
286 | /* RTX Telecom based adapters with buggy SCO support */ |
287 | { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, | |
288 | { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, | |
289 | ||
290 | /* CONWISE Technology based adapters with buggy SCO support */ | |
291 | { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, | |
292 | ||
4fcef8ed | 293 | /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ |
2eeac871 | 294 | { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, |
4fcef8ed | 295 | |
cfeb4145 MH |
296 | /* Digianswer devices */ |
297 | { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, | |
298 | { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, | |
299 | ||
300 | /* CSR BlueCore Bluetooth Sniffer */ | |
4f64fa80 MH |
301 | { USB_DEVICE(0x0a12, 0x0002), |
302 | .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, | |
cfeb4145 MH |
303 | |
304 | /* Frontline ComProbe Bluetooth Sniffer */ | |
4f64fa80 MH |
305 | { USB_DEVICE(0x16d3, 0x0002), |
306 | .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, | |
cfeb4145 | 307 | |
cb1ee89f MH |
308 | /* Marvell Bluetooth devices */ |
309 | { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, | |
310 | { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, | |
311 | ||
d0ac9eb7 | 312 | /* Intel Bluetooth devices */ |
407550fe | 313 | { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, |
dffd30ee | 314 | { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, |
ef4e5e4a | 315 | { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, |
cda0dd78 | 316 | { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, |
439e65d3 | 317 | { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL }, |
dffd30ee | 318 | |
d0ac9eb7 MH |
319 | /* Other Intel Bluetooth devices */ |
320 | { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), | |
321 | .driver_info = BTUSB_IGNORE }, | |
ae8df494 | 322 | |
a2698a9b DD |
323 | /* Realtek Bluetooth devices */ |
324 | { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), | |
325 | .driver_info = BTUSB_REALTEK }, | |
326 | ||
327 | /* Additional Realtek 8723AE Bluetooth devices */ | |
328 | { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, | |
329 | { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, | |
330 | ||
331 | /* Additional Realtek 8723BE Bluetooth devices */ | |
332 | { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, | |
333 | { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, | |
334 | { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, | |
335 | { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, | |
336 | { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, | |
337 | ||
338 | /* Additional Realtek 8821AE Bluetooth devices */ | |
339 | { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, | |
340 | { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, | |
341 | { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, | |
342 | { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, | |
343 | { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, | |
344 | ||
4481c076 PP |
345 | /* Silicon Wave based devices */ |
346 | { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, | |
347 | ||
5e23b923 MH |
348 | { } /* Terminating entry */ |
349 | }; | |
350 | ||
9bfa35fe MH |
351 | #define BTUSB_MAX_ISOC_FRAMES 10 |
352 | ||
5e23b923 MH |
353 | #define BTUSB_INTR_RUNNING 0 |
354 | #define BTUSB_BULK_RUNNING 1 | |
9bfa35fe | 355 | #define BTUSB_ISOC_RUNNING 2 |
7bee549e | 356 | #define BTUSB_SUSPENDING 3 |
08b8b6c4 | 357 | #define BTUSB_DID_ISO_RESUME 4 |
cda0dd78 MH |
358 | #define BTUSB_BOOTLOADER 5 |
359 | #define BTUSB_DOWNLOADING 6 | |
ce6bb929 | 360 | #define BTUSB_FIRMWARE_LOADED 7 |
cda0dd78 | 361 | #define BTUSB_FIRMWARE_FAILED 8 |
ce6bb929 | 362 | #define BTUSB_BOOTING 9 |
04b8c814 | 363 | #define BTUSB_RESET_RESUME 10 |
9d08f504 | 364 | #define BTUSB_DIAG_RUNNING 11 |
5e23b923 MH |
365 | |
366 | struct btusb_data { | |
367 | struct hci_dev *hdev; | |
368 | struct usb_device *udev; | |
5fbcd260 | 369 | struct usb_interface *intf; |
9bfa35fe | 370 | struct usb_interface *isoc; |
9d08f504 | 371 | struct usb_interface *diag; |
5e23b923 | 372 | |
5e23b923 MH |
373 | unsigned long flags; |
374 | ||
375 | struct work_struct work; | |
7bee549e | 376 | struct work_struct waker; |
5e23b923 | 377 | |
803b5836 | 378 | struct usb_anchor deferred; |
5e23b923 | 379 | struct usb_anchor tx_anchor; |
803b5836 MH |
380 | int tx_in_flight; |
381 | spinlock_t txlock; | |
382 | ||
5e23b923 MH |
383 | struct usb_anchor intr_anchor; |
384 | struct usb_anchor bulk_anchor; | |
9bfa35fe | 385 | struct usb_anchor isoc_anchor; |
9d08f504 | 386 | struct usb_anchor diag_anchor; |
803b5836 MH |
387 | spinlock_t rxlock; |
388 | ||
389 | struct sk_buff *evt_skb; | |
390 | struct sk_buff *acl_skb; | |
391 | struct sk_buff *sco_skb; | |
5e23b923 MH |
392 | |
393 | struct usb_endpoint_descriptor *intr_ep; | |
394 | struct usb_endpoint_descriptor *bulk_tx_ep; | |
395 | struct usb_endpoint_descriptor *bulk_rx_ep; | |
9bfa35fe MH |
396 | struct usb_endpoint_descriptor *isoc_tx_ep; |
397 | struct usb_endpoint_descriptor *isoc_rx_ep; | |
9d08f504 MH |
398 | struct usb_endpoint_descriptor *diag_tx_ep; |
399 | struct usb_endpoint_descriptor *diag_rx_ep; | |
9bfa35fe | 400 | |
7a9d4020 | 401 | __u8 cmdreq_type; |
893ba544 | 402 | __u8 cmdreq; |
7a9d4020 | 403 | |
43c2e57f | 404 | unsigned int sco_num; |
9bfa35fe | 405 | int isoc_altsetting; |
6a88adf2 | 406 | int suspend_count; |
2cbd3f5c | 407 | |
97307f51 | 408 | int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); |
2cbd3f5c | 409 | int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); |
ace31982 KBYT |
410 | |
411 | int (*setup_on_usb)(struct hci_dev *hdev); | |
5e23b923 MH |
412 | }; |
413 | ||
803b5836 MH |
414 | static inline void btusb_free_frags(struct btusb_data *data) |
415 | { | |
416 | unsigned long flags; | |
417 | ||
418 | spin_lock_irqsave(&data->rxlock, flags); | |
419 | ||
420 | kfree_skb(data->evt_skb); | |
421 | data->evt_skb = NULL; | |
422 | ||
423 | kfree_skb(data->acl_skb); | |
424 | data->acl_skb = NULL; | |
425 | ||
426 | kfree_skb(data->sco_skb); | |
427 | data->sco_skb = NULL; | |
428 | ||
429 | spin_unlock_irqrestore(&data->rxlock, flags); | |
430 | } | |
431 | ||
1ffa4ad0 MH |
432 | static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) |
433 | { | |
803b5836 MH |
434 | struct sk_buff *skb; |
435 | int err = 0; | |
436 | ||
437 | spin_lock(&data->rxlock); | |
438 | skb = data->evt_skb; | |
439 | ||
440 | while (count) { | |
441 | int len; | |
442 | ||
443 | if (!skb) { | |
444 | skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); | |
445 | if (!skb) { | |
446 | err = -ENOMEM; | |
447 | break; | |
448 | } | |
449 | ||
618e8bc2 MH |
450 | hci_skb_pkt_type(skb) = HCI_EVENT_PKT; |
451 | hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; | |
803b5836 MH |
452 | } |
453 | ||
618e8bc2 | 454 | len = min_t(uint, hci_skb_expect(skb), count); |
803b5836 MH |
455 | memcpy(skb_put(skb, len), buffer, len); |
456 | ||
457 | count -= len; | |
458 | buffer += len; | |
618e8bc2 | 459 | hci_skb_expect(skb) -= len; |
803b5836 MH |
460 | |
461 | if (skb->len == HCI_EVENT_HDR_SIZE) { | |
462 | /* Complete event header */ | |
618e8bc2 | 463 | hci_skb_expect(skb) = hci_event_hdr(skb)->plen; |
803b5836 | 464 | |
618e8bc2 | 465 | if (skb_tailroom(skb) < hci_skb_expect(skb)) { |
803b5836 MH |
466 | kfree_skb(skb); |
467 | skb = NULL; | |
468 | ||
469 | err = -EILSEQ; | |
470 | break; | |
471 | } | |
472 | } | |
473 | ||
618e8bc2 | 474 | if (!hci_skb_expect(skb)) { |
803b5836 | 475 | /* Complete frame */ |
97307f51 | 476 | data->recv_event(data->hdev, skb); |
803b5836 MH |
477 | skb = NULL; |
478 | } | |
479 | } | |
480 | ||
481 | data->evt_skb = skb; | |
482 | spin_unlock(&data->rxlock); | |
483 | ||
484 | return err; | |
1ffa4ad0 MH |
485 | } |
486 | ||
487 | static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) | |
488 | { | |
803b5836 MH |
489 | struct sk_buff *skb; |
490 | int err = 0; | |
491 | ||
492 | spin_lock(&data->rxlock); | |
493 | skb = data->acl_skb; | |
494 | ||
495 | while (count) { | |
496 | int len; | |
497 | ||
498 | if (!skb) { | |
499 | skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); | |
500 | if (!skb) { | |
501 | err = -ENOMEM; | |
502 | break; | |
503 | } | |
504 | ||
618e8bc2 MH |
505 | hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; |
506 | hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; | |
803b5836 MH |
507 | } |
508 | ||
618e8bc2 | 509 | len = min_t(uint, hci_skb_expect(skb), count); |
803b5836 MH |
510 | memcpy(skb_put(skb, len), buffer, len); |
511 | ||
512 | count -= len; | |
513 | buffer += len; | |
618e8bc2 | 514 | hci_skb_expect(skb) -= len; |
803b5836 MH |
515 | |
516 | if (skb->len == HCI_ACL_HDR_SIZE) { | |
517 | __le16 dlen = hci_acl_hdr(skb)->dlen; | |
518 | ||
519 | /* Complete ACL header */ | |
618e8bc2 | 520 | hci_skb_expect(skb) = __le16_to_cpu(dlen); |
803b5836 | 521 | |
618e8bc2 | 522 | if (skb_tailroom(skb) < hci_skb_expect(skb)) { |
803b5836 MH |
523 | kfree_skb(skb); |
524 | skb = NULL; | |
525 | ||
526 | err = -EILSEQ; | |
527 | break; | |
528 | } | |
529 | } | |
530 | ||
618e8bc2 | 531 | if (!hci_skb_expect(skb)) { |
803b5836 MH |
532 | /* Complete frame */ |
533 | hci_recv_frame(data->hdev, skb); | |
534 | skb = NULL; | |
535 | } | |
536 | } | |
537 | ||
538 | data->acl_skb = skb; | |
539 | spin_unlock(&data->rxlock); | |
540 | ||
541 | return err; | |
1ffa4ad0 MH |
542 | } |
543 | ||
544 | static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) | |
545 | { | |
803b5836 MH |
546 | struct sk_buff *skb; |
547 | int err = 0; | |
548 | ||
549 | spin_lock(&data->rxlock); | |
550 | skb = data->sco_skb; | |
551 | ||
552 | while (count) { | |
553 | int len; | |
554 | ||
555 | if (!skb) { | |
556 | skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); | |
557 | if (!skb) { | |
558 | err = -ENOMEM; | |
559 | break; | |
560 | } | |
561 | ||
618e8bc2 MH |
562 | hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; |
563 | hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; | |
803b5836 MH |
564 | } |
565 | ||
618e8bc2 | 566 | len = min_t(uint, hci_skb_expect(skb), count); |
803b5836 MH |
567 | memcpy(skb_put(skb, len), buffer, len); |
568 | ||
569 | count -= len; | |
570 | buffer += len; | |
618e8bc2 | 571 | hci_skb_expect(skb) -= len; |
803b5836 MH |
572 | |
573 | if (skb->len == HCI_SCO_HDR_SIZE) { | |
574 | /* Complete SCO header */ | |
618e8bc2 | 575 | hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen; |
803b5836 | 576 | |
618e8bc2 | 577 | if (skb_tailroom(skb) < hci_skb_expect(skb)) { |
803b5836 MH |
578 | kfree_skb(skb); |
579 | skb = NULL; | |
580 | ||
581 | err = -EILSEQ; | |
582 | break; | |
583 | } | |
584 | } | |
585 | ||
618e8bc2 | 586 | if (!hci_skb_expect(skb)) { |
803b5836 MH |
587 | /* Complete frame */ |
588 | hci_recv_frame(data->hdev, skb); | |
589 | skb = NULL; | |
590 | } | |
591 | } | |
592 | ||
593 | data->sco_skb = skb; | |
594 | spin_unlock(&data->rxlock); | |
595 | ||
596 | return err; | |
1ffa4ad0 MH |
597 | } |
598 | ||
5e23b923 MH |
599 | static void btusb_intr_complete(struct urb *urb) |
600 | { | |
601 | struct hci_dev *hdev = urb->context; | |
155961e8 | 602 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
603 | int err; |
604 | ||
89e7533d MH |
605 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
606 | urb->actual_length); | |
5e23b923 MH |
607 | |
608 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
609 | return; | |
610 | ||
611 | if (urb->status == 0) { | |
9bfa35fe MH |
612 | hdev->stat.byte_rx += urb->actual_length; |
613 | ||
1ffa4ad0 MH |
614 | if (btusb_recv_intr(data, urb->transfer_buffer, |
615 | urb->actual_length) < 0) { | |
5e23b923 MH |
616 | BT_ERR("%s corrupted event packet", hdev->name); |
617 | hdev->stat.err_rx++; | |
618 | } | |
85560c4a CC |
619 | } else if (urb->status == -ENOENT) { |
620 | /* Avoid suspend failed when usb_kill_urb */ | |
621 | return; | |
5e23b923 MH |
622 | } |
623 | ||
624 | if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) | |
625 | return; | |
626 | ||
7bee549e | 627 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
628 | usb_anchor_urb(urb, &data->intr_anchor); |
629 | ||
630 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
631 | if (err < 0) { | |
4935f1c1 PB |
632 | /* -EPERM: urb is being killed; |
633 | * -ENODEV: device got disconnected */ | |
634 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 635 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 636 | hdev->name, urb, -err); |
5e23b923 MH |
637 | usb_unanchor_urb(urb); |
638 | } | |
639 | } | |
640 | ||
2eda66f4 | 641 | static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) |
5e23b923 | 642 | { |
155961e8 | 643 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
644 | struct urb *urb; |
645 | unsigned char *buf; | |
646 | unsigned int pipe; | |
647 | int err, size; | |
648 | ||
649 | BT_DBG("%s", hdev->name); | |
650 | ||
9bfa35fe MH |
651 | if (!data->intr_ep) |
652 | return -ENODEV; | |
653 | ||
2eda66f4 | 654 | urb = usb_alloc_urb(0, mem_flags); |
5e23b923 MH |
655 | if (!urb) |
656 | return -ENOMEM; | |
657 | ||
658 | size = le16_to_cpu(data->intr_ep->wMaxPacketSize); | |
659 | ||
2eda66f4 | 660 | buf = kmalloc(size, mem_flags); |
5e23b923 MH |
661 | if (!buf) { |
662 | usb_free_urb(urb); | |
663 | return -ENOMEM; | |
664 | } | |
665 | ||
666 | pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); | |
667 | ||
668 | usb_fill_int_urb(urb, data->udev, pipe, buf, size, | |
89e7533d | 669 | btusb_intr_complete, hdev, data->intr_ep->bInterval); |
5e23b923 MH |
670 | |
671 | urb->transfer_flags |= URB_FREE_BUFFER; | |
672 | ||
673 | usb_anchor_urb(urb, &data->intr_anchor); | |
674 | ||
2eda66f4 | 675 | err = usb_submit_urb(urb, mem_flags); |
5e23b923 | 676 | if (err < 0) { |
d4b8d1c9 PB |
677 | if (err != -EPERM && err != -ENODEV) |
678 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 679 | hdev->name, urb, -err); |
5e23b923 | 680 | usb_unanchor_urb(urb); |
5e23b923 MH |
681 | } |
682 | ||
683 | usb_free_urb(urb); | |
684 | ||
685 | return err; | |
686 | } | |
687 | ||
688 | static void btusb_bulk_complete(struct urb *urb) | |
689 | { | |
690 | struct hci_dev *hdev = urb->context; | |
155961e8 | 691 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
692 | int err; |
693 | ||
89e7533d MH |
694 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
695 | urb->actual_length); | |
5e23b923 MH |
696 | |
697 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
698 | return; | |
699 | ||
700 | if (urb->status == 0) { | |
9bfa35fe MH |
701 | hdev->stat.byte_rx += urb->actual_length; |
702 | ||
2cbd3f5c | 703 | if (data->recv_bulk(data, urb->transfer_buffer, |
1ffa4ad0 | 704 | urb->actual_length) < 0) { |
5e23b923 MH |
705 | BT_ERR("%s corrupted ACL packet", hdev->name); |
706 | hdev->stat.err_rx++; | |
707 | } | |
85560c4a CC |
708 | } else if (urb->status == -ENOENT) { |
709 | /* Avoid suspend failed when usb_kill_urb */ | |
710 | return; | |
5e23b923 MH |
711 | } |
712 | ||
713 | if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) | |
714 | return; | |
715 | ||
716 | usb_anchor_urb(urb, &data->bulk_anchor); | |
652fd781 | 717 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
718 | |
719 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
720 | if (err < 0) { | |
4935f1c1 PB |
721 | /* -EPERM: urb is being killed; |
722 | * -ENODEV: device got disconnected */ | |
723 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 724 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 725 | hdev->name, urb, -err); |
5e23b923 MH |
726 | usb_unanchor_urb(urb); |
727 | } | |
728 | } | |
729 | ||
2eda66f4 | 730 | static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) |
5e23b923 | 731 | { |
155961e8 | 732 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
733 | struct urb *urb; |
734 | unsigned char *buf; | |
735 | unsigned int pipe; | |
290ba200 | 736 | int err, size = HCI_MAX_FRAME_SIZE; |
5e23b923 MH |
737 | |
738 | BT_DBG("%s", hdev->name); | |
739 | ||
9bfa35fe MH |
740 | if (!data->bulk_rx_ep) |
741 | return -ENODEV; | |
742 | ||
2eda66f4 | 743 | urb = usb_alloc_urb(0, mem_flags); |
5e23b923 MH |
744 | if (!urb) |
745 | return -ENOMEM; | |
746 | ||
2eda66f4 | 747 | buf = kmalloc(size, mem_flags); |
5e23b923 MH |
748 | if (!buf) { |
749 | usb_free_urb(urb); | |
750 | return -ENOMEM; | |
751 | } | |
752 | ||
753 | pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); | |
754 | ||
89e7533d MH |
755 | usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, |
756 | btusb_bulk_complete, hdev); | |
5e23b923 MH |
757 | |
758 | urb->transfer_flags |= URB_FREE_BUFFER; | |
759 | ||
7bee549e | 760 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
761 | usb_anchor_urb(urb, &data->bulk_anchor); |
762 | ||
2eda66f4 | 763 | err = usb_submit_urb(urb, mem_flags); |
5e23b923 | 764 | if (err < 0) { |
d4b8d1c9 PB |
765 | if (err != -EPERM && err != -ENODEV) |
766 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 767 | hdev->name, urb, -err); |
5e23b923 | 768 | usb_unanchor_urb(urb); |
5e23b923 MH |
769 | } |
770 | ||
771 | usb_free_urb(urb); | |
772 | ||
773 | return err; | |
774 | } | |
775 | ||
9bfa35fe MH |
776 | static void btusb_isoc_complete(struct urb *urb) |
777 | { | |
778 | struct hci_dev *hdev = urb->context; | |
155961e8 | 779 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
780 | int i, err; |
781 | ||
89e7533d MH |
782 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
783 | urb->actual_length); | |
9bfa35fe MH |
784 | |
785 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
786 | return; | |
787 | ||
788 | if (urb->status == 0) { | |
789 | for (i = 0; i < urb->number_of_packets; i++) { | |
790 | unsigned int offset = urb->iso_frame_desc[i].offset; | |
791 | unsigned int length = urb->iso_frame_desc[i].actual_length; | |
792 | ||
793 | if (urb->iso_frame_desc[i].status) | |
794 | continue; | |
795 | ||
796 | hdev->stat.byte_rx += length; | |
797 | ||
1ffa4ad0 MH |
798 | if (btusb_recv_isoc(data, urb->transfer_buffer + offset, |
799 | length) < 0) { | |
9bfa35fe MH |
800 | BT_ERR("%s corrupted SCO packet", hdev->name); |
801 | hdev->stat.err_rx++; | |
802 | } | |
803 | } | |
85560c4a CC |
804 | } else if (urb->status == -ENOENT) { |
805 | /* Avoid suspend failed when usb_kill_urb */ | |
806 | return; | |
9bfa35fe MH |
807 | } |
808 | ||
809 | if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) | |
810 | return; | |
811 | ||
812 | usb_anchor_urb(urb, &data->isoc_anchor); | |
813 | ||
814 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
815 | if (err < 0) { | |
4935f1c1 PB |
816 | /* -EPERM: urb is being killed; |
817 | * -ENODEV: device got disconnected */ | |
818 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 819 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 820 | hdev->name, urb, -err); |
9bfa35fe MH |
821 | usb_unanchor_urb(urb); |
822 | } | |
823 | } | |
824 | ||
42b16b3f | 825 | static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) |
9bfa35fe MH |
826 | { |
827 | int i, offset = 0; | |
828 | ||
829 | BT_DBG("len %d mtu %d", len, mtu); | |
830 | ||
831 | for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; | |
832 | i++, offset += mtu, len -= mtu) { | |
833 | urb->iso_frame_desc[i].offset = offset; | |
834 | urb->iso_frame_desc[i].length = mtu; | |
835 | } | |
836 | ||
837 | if (len && i < BTUSB_MAX_ISOC_FRAMES) { | |
838 | urb->iso_frame_desc[i].offset = offset; | |
839 | urb->iso_frame_desc[i].length = len; | |
840 | i++; | |
841 | } | |
842 | ||
843 | urb->number_of_packets = i; | |
844 | } | |
845 | ||
2eda66f4 | 846 | static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) |
9bfa35fe | 847 | { |
155961e8 | 848 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
849 | struct urb *urb; |
850 | unsigned char *buf; | |
851 | unsigned int pipe; | |
852 | int err, size; | |
853 | ||
854 | BT_DBG("%s", hdev->name); | |
855 | ||
856 | if (!data->isoc_rx_ep) | |
857 | return -ENODEV; | |
858 | ||
2eda66f4 | 859 | urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); |
9bfa35fe MH |
860 | if (!urb) |
861 | return -ENOMEM; | |
862 | ||
863 | size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * | |
864 | BTUSB_MAX_ISOC_FRAMES; | |
865 | ||
2eda66f4 | 866 | buf = kmalloc(size, mem_flags); |
9bfa35fe MH |
867 | if (!buf) { |
868 | usb_free_urb(urb); | |
869 | return -ENOMEM; | |
870 | } | |
871 | ||
872 | pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); | |
873 | ||
fa0fb93f | 874 | usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, |
89e7533d | 875 | hdev, data->isoc_rx_ep->bInterval); |
9bfa35fe | 876 | |
89e7533d | 877 | urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; |
9bfa35fe MH |
878 | |
879 | __fill_isoc_descriptor(urb, size, | |
89e7533d | 880 | le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); |
9bfa35fe MH |
881 | |
882 | usb_anchor_urb(urb, &data->isoc_anchor); | |
883 | ||
2eda66f4 | 884 | err = usb_submit_urb(urb, mem_flags); |
9bfa35fe | 885 | if (err < 0) { |
d4b8d1c9 PB |
886 | if (err != -EPERM && err != -ENODEV) |
887 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 888 | hdev->name, urb, -err); |
9bfa35fe | 889 | usb_unanchor_urb(urb); |
9bfa35fe MH |
890 | } |
891 | ||
892 | usb_free_urb(urb); | |
893 | ||
894 | return err; | |
895 | } | |
896 | ||
9d08f504 MH |
897 | static void btusb_diag_complete(struct urb *urb) |
898 | { | |
899 | struct hci_dev *hdev = urb->context; | |
900 | struct btusb_data *data = hci_get_drvdata(hdev); | |
901 | int err; | |
902 | ||
903 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, | |
904 | urb->actual_length); | |
905 | ||
906 | if (urb->status == 0) { | |
907 | struct sk_buff *skb; | |
908 | ||
909 | skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); | |
910 | if (skb) { | |
911 | memcpy(skb_put(skb, urb->actual_length), | |
912 | urb->transfer_buffer, urb->actual_length); | |
913 | hci_recv_diag(hdev, skb); | |
914 | } | |
915 | } else if (urb->status == -ENOENT) { | |
916 | /* Avoid suspend failed when usb_kill_urb */ | |
917 | return; | |
918 | } | |
919 | ||
920 | if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) | |
921 | return; | |
922 | ||
923 | usb_anchor_urb(urb, &data->diag_anchor); | |
924 | usb_mark_last_busy(data->udev); | |
925 | ||
926 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
927 | if (err < 0) { | |
928 | /* -EPERM: urb is being killed; | |
929 | * -ENODEV: device got disconnected */ | |
930 | if (err != -EPERM && err != -ENODEV) | |
931 | BT_ERR("%s urb %p failed to resubmit (%d)", | |
932 | hdev->name, urb, -err); | |
933 | usb_unanchor_urb(urb); | |
934 | } | |
935 | } | |
936 | ||
937 | static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) | |
938 | { | |
939 | struct btusb_data *data = hci_get_drvdata(hdev); | |
940 | struct urb *urb; | |
941 | unsigned char *buf; | |
942 | unsigned int pipe; | |
943 | int err, size = HCI_MAX_FRAME_SIZE; | |
944 | ||
945 | BT_DBG("%s", hdev->name); | |
946 | ||
947 | if (!data->diag_rx_ep) | |
948 | return -ENODEV; | |
949 | ||
950 | urb = usb_alloc_urb(0, mem_flags); | |
951 | if (!urb) | |
952 | return -ENOMEM; | |
953 | ||
954 | buf = kmalloc(size, mem_flags); | |
955 | if (!buf) { | |
956 | usb_free_urb(urb); | |
957 | return -ENOMEM; | |
958 | } | |
959 | ||
960 | pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); | |
961 | ||
962 | usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, | |
963 | btusb_diag_complete, hdev); | |
964 | ||
965 | urb->transfer_flags |= URB_FREE_BUFFER; | |
966 | ||
967 | usb_mark_last_busy(data->udev); | |
968 | usb_anchor_urb(urb, &data->diag_anchor); | |
969 | ||
970 | err = usb_submit_urb(urb, mem_flags); | |
971 | if (err < 0) { | |
972 | if (err != -EPERM && err != -ENODEV) | |
973 | BT_ERR("%s urb %p submission failed (%d)", | |
974 | hdev->name, urb, -err); | |
975 | usb_unanchor_urb(urb); | |
976 | } | |
977 | ||
978 | usb_free_urb(urb); | |
979 | ||
980 | return err; | |
981 | } | |
982 | ||
5e23b923 | 983 | static void btusb_tx_complete(struct urb *urb) |
7bee549e ON |
984 | { |
985 | struct sk_buff *skb = urb->context; | |
89e7533d | 986 | struct hci_dev *hdev = (struct hci_dev *)skb->dev; |
155961e8 | 987 | struct btusb_data *data = hci_get_drvdata(hdev); |
7bee549e | 988 | |
89e7533d MH |
989 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
990 | urb->actual_length); | |
7bee549e ON |
991 | |
992 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
993 | goto done; | |
994 | ||
995 | if (!urb->status) | |
996 | hdev->stat.byte_tx += urb->transfer_buffer_length; | |
997 | else | |
998 | hdev->stat.err_tx++; | |
999 | ||
1000 | done: | |
1001 | spin_lock(&data->txlock); | |
1002 | data->tx_in_flight--; | |
1003 | spin_unlock(&data->txlock); | |
1004 | ||
1005 | kfree(urb->setup_packet); | |
1006 | ||
1007 | kfree_skb(skb); | |
1008 | } | |
1009 | ||
1010 | static void btusb_isoc_tx_complete(struct urb *urb) | |
5e23b923 MH |
1011 | { |
1012 | struct sk_buff *skb = urb->context; | |
89e7533d | 1013 | struct hci_dev *hdev = (struct hci_dev *)skb->dev; |
5e23b923 | 1014 | |
89e7533d MH |
1015 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
1016 | urb->actual_length); | |
5e23b923 MH |
1017 | |
1018 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
1019 | goto done; | |
1020 | ||
1021 | if (!urb->status) | |
1022 | hdev->stat.byte_tx += urb->transfer_buffer_length; | |
1023 | else | |
1024 | hdev->stat.err_tx++; | |
1025 | ||
1026 | done: | |
1027 | kfree(urb->setup_packet); | |
1028 | ||
1029 | kfree_skb(skb); | |
1030 | } | |
1031 | ||
1032 | static int btusb_open(struct hci_dev *hdev) | |
1033 | { | |
155961e8 | 1034 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
1035 | int err; |
1036 | ||
1037 | BT_DBG("%s", hdev->name); | |
1038 | ||
ace31982 KBYT |
1039 | /* Patching USB firmware files prior to starting any URBs of HCI path |
1040 | * It is more safe to use USB bulk channel for downloading USB patch | |
1041 | */ | |
1042 | if (data->setup_on_usb) { | |
1043 | err = data->setup_on_usb(hdev); | |
eb50042f | 1044 | if (err < 0) |
ace31982 KBYT |
1045 | return err; |
1046 | } | |
1047 | ||
7bee549e ON |
1048 | err = usb_autopm_get_interface(data->intf); |
1049 | if (err < 0) | |
1050 | return err; | |
1051 | ||
1052 | data->intf->needs_remote_wakeup = 1; | |
1053 | ||
5e23b923 | 1054 | if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) |
7bee549e | 1055 | goto done; |
5e23b923 | 1056 | |
2eda66f4 | 1057 | err = btusb_submit_intr_urb(hdev, GFP_KERNEL); |
43c2e57f MH |
1058 | if (err < 0) |
1059 | goto failed; | |
1060 | ||
1061 | err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); | |
5e23b923 | 1062 | if (err < 0) { |
43c2e57f MH |
1063 | usb_kill_anchored_urbs(&data->intr_anchor); |
1064 | goto failed; | |
5e23b923 MH |
1065 | } |
1066 | ||
43c2e57f MH |
1067 | set_bit(BTUSB_BULK_RUNNING, &data->flags); |
1068 | btusb_submit_bulk_urb(hdev, GFP_KERNEL); | |
1069 | ||
9d08f504 MH |
1070 | if (data->diag) { |
1071 | if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) | |
1072 | set_bit(BTUSB_DIAG_RUNNING, &data->flags); | |
1073 | } | |
1074 | ||
7bee549e ON |
1075 | done: |
1076 | usb_autopm_put_interface(data->intf); | |
43c2e57f MH |
1077 | return 0; |
1078 | ||
1079 | failed: | |
1080 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | |
7bee549e | 1081 | usb_autopm_put_interface(data->intf); |
5e23b923 MH |
1082 | return err; |
1083 | } | |
1084 | ||
7bee549e ON |
1085 | static void btusb_stop_traffic(struct btusb_data *data) |
1086 | { | |
1087 | usb_kill_anchored_urbs(&data->intr_anchor); | |
1088 | usb_kill_anchored_urbs(&data->bulk_anchor); | |
1089 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
9d08f504 | 1090 | usb_kill_anchored_urbs(&data->diag_anchor); |
7bee549e ON |
1091 | } |
1092 | ||
5e23b923 MH |
1093 | static int btusb_close(struct hci_dev *hdev) |
1094 | { | |
155961e8 | 1095 | struct btusb_data *data = hci_get_drvdata(hdev); |
7bee549e | 1096 | int err; |
5e23b923 MH |
1097 | |
1098 | BT_DBG("%s", hdev->name); | |
1099 | ||
e8c3c3d2 | 1100 | cancel_work_sync(&data->work); |
404291ac | 1101 | cancel_work_sync(&data->waker); |
e8c3c3d2 | 1102 | |
9bfa35fe | 1103 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
5e23b923 | 1104 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); |
5e23b923 | 1105 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); |
9d08f504 | 1106 | clear_bit(BTUSB_DIAG_RUNNING, &data->flags); |
7bee549e ON |
1107 | |
1108 | btusb_stop_traffic(data); | |
803b5836 MH |
1109 | btusb_free_frags(data); |
1110 | ||
7bee549e ON |
1111 | err = usb_autopm_get_interface(data->intf); |
1112 | if (err < 0) | |
7b8e2c1d | 1113 | goto failed; |
7bee549e ON |
1114 | |
1115 | data->intf->needs_remote_wakeup = 0; | |
1116 | usb_autopm_put_interface(data->intf); | |
5e23b923 | 1117 | |
7b8e2c1d ON |
1118 | failed: |
1119 | usb_scuttle_anchored_urbs(&data->deferred); | |
5e23b923 MH |
1120 | return 0; |
1121 | } | |
1122 | ||
1123 | static int btusb_flush(struct hci_dev *hdev) | |
1124 | { | |
155961e8 | 1125 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
1126 | |
1127 | BT_DBG("%s", hdev->name); | |
1128 | ||
1129 | usb_kill_anchored_urbs(&data->tx_anchor); | |
803b5836 | 1130 | btusb_free_frags(data); |
5e23b923 MH |
1131 | |
1132 | return 0; | |
1133 | } | |
1134 | ||
047b2ec8 | 1135 | static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) |
5e23b923 | 1136 | { |
155961e8 | 1137 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
1138 | struct usb_ctrlrequest *dr; |
1139 | struct urb *urb; | |
1140 | unsigned int pipe; | |
5e23b923 | 1141 | |
047b2ec8 MH |
1142 | urb = usb_alloc_urb(0, GFP_KERNEL); |
1143 | if (!urb) | |
1144 | return ERR_PTR(-ENOMEM); | |
5e23b923 | 1145 | |
047b2ec8 MH |
1146 | dr = kmalloc(sizeof(*dr), GFP_KERNEL); |
1147 | if (!dr) { | |
1148 | usb_free_urb(urb); | |
1149 | return ERR_PTR(-ENOMEM); | |
1150 | } | |
5e23b923 | 1151 | |
047b2ec8 | 1152 | dr->bRequestType = data->cmdreq_type; |
893ba544 | 1153 | dr->bRequest = data->cmdreq; |
047b2ec8 MH |
1154 | dr->wIndex = 0; |
1155 | dr->wValue = 0; | |
1156 | dr->wLength = __cpu_to_le16(skb->len); | |
7bd8f09f | 1157 | |
047b2ec8 | 1158 | pipe = usb_sndctrlpipe(data->udev, 0x00); |
5e23b923 | 1159 | |
89e7533d | 1160 | usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, |
047b2ec8 | 1161 | skb->data, skb->len, btusb_tx_complete, skb); |
5e23b923 | 1162 | |
89e7533d | 1163 | skb->dev = (void *)hdev; |
5e23b923 | 1164 | |
047b2ec8 MH |
1165 | return urb; |
1166 | } | |
5e23b923 | 1167 | |
047b2ec8 MH |
1168 | static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) |
1169 | { | |
1170 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1171 | struct urb *urb; | |
1172 | unsigned int pipe; | |
5e23b923 | 1173 | |
047b2ec8 MH |
1174 | if (!data->bulk_tx_ep) |
1175 | return ERR_PTR(-ENODEV); | |
9bfa35fe | 1176 | |
047b2ec8 MH |
1177 | urb = usb_alloc_urb(0, GFP_KERNEL); |
1178 | if (!urb) | |
1179 | return ERR_PTR(-ENOMEM); | |
5e23b923 | 1180 | |
047b2ec8 | 1181 | pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); |
5e23b923 | 1182 | |
047b2ec8 MH |
1183 | usb_fill_bulk_urb(urb, data->udev, pipe, |
1184 | skb->data, skb->len, btusb_tx_complete, skb); | |
5e23b923 | 1185 | |
89e7533d | 1186 | skb->dev = (void *)hdev; |
5e23b923 | 1187 | |
047b2ec8 MH |
1188 | return urb; |
1189 | } | |
9bfa35fe | 1190 | |
047b2ec8 MH |
1191 | static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) |
1192 | { | |
1193 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1194 | struct urb *urb; | |
1195 | unsigned int pipe; | |
9bfa35fe | 1196 | |
047b2ec8 MH |
1197 | if (!data->isoc_tx_ep) |
1198 | return ERR_PTR(-ENODEV); | |
9bfa35fe | 1199 | |
047b2ec8 MH |
1200 | urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); |
1201 | if (!urb) | |
1202 | return ERR_PTR(-ENOMEM); | |
9bfa35fe | 1203 | |
047b2ec8 | 1204 | pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); |
9bfa35fe | 1205 | |
047b2ec8 MH |
1206 | usb_fill_int_urb(urb, data->udev, pipe, |
1207 | skb->data, skb->len, btusb_isoc_tx_complete, | |
1208 | skb, data->isoc_tx_ep->bInterval); | |
9bfa35fe | 1209 | |
047b2ec8 | 1210 | urb->transfer_flags = URB_ISO_ASAP; |
5e23b923 | 1211 | |
047b2ec8 MH |
1212 | __fill_isoc_descriptor(urb, skb->len, |
1213 | le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); | |
5e23b923 | 1214 | |
89e7533d | 1215 | skb->dev = (void *)hdev; |
047b2ec8 MH |
1216 | |
1217 | return urb; | |
1218 | } | |
1219 | ||
1220 | static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) | |
1221 | { | |
1222 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1223 | int err; | |
7bee549e | 1224 | |
5e23b923 MH |
1225 | usb_anchor_urb(urb, &data->tx_anchor); |
1226 | ||
e9753eff | 1227 | err = usb_submit_urb(urb, GFP_KERNEL); |
5e23b923 | 1228 | if (err < 0) { |
5a9b80e2 PB |
1229 | if (err != -EPERM && err != -ENODEV) |
1230 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 1231 | hdev->name, urb, -err); |
5e23b923 MH |
1232 | kfree(urb->setup_packet); |
1233 | usb_unanchor_urb(urb); | |
7bee549e ON |
1234 | } else { |
1235 | usb_mark_last_busy(data->udev); | |
5e23b923 MH |
1236 | } |
1237 | ||
54a8a79c | 1238 | usb_free_urb(urb); |
5e23b923 MH |
1239 | return err; |
1240 | } | |
1241 | ||
047b2ec8 MH |
1242 | static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) |
1243 | { | |
1244 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1245 | unsigned long flags; | |
1246 | bool suspending; | |
1247 | ||
1248 | spin_lock_irqsave(&data->txlock, flags); | |
1249 | suspending = test_bit(BTUSB_SUSPENDING, &data->flags); | |
1250 | if (!suspending) | |
1251 | data->tx_in_flight++; | |
1252 | spin_unlock_irqrestore(&data->txlock, flags); | |
1253 | ||
1254 | if (!suspending) | |
1255 | return submit_tx_urb(hdev, urb); | |
1256 | ||
1257 | usb_anchor_urb(urb, &data->deferred); | |
1258 | schedule_work(&data->waker); | |
1259 | ||
1260 | usb_free_urb(urb); | |
1261 | return 0; | |
1262 | } | |
1263 | ||
1264 | static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) | |
1265 | { | |
1266 | struct urb *urb; | |
1267 | ||
1268 | BT_DBG("%s", hdev->name); | |
1269 | ||
618e8bc2 | 1270 | switch (hci_skb_pkt_type(skb)) { |
047b2ec8 MH |
1271 | case HCI_COMMAND_PKT: |
1272 | urb = alloc_ctrl_urb(hdev, skb); | |
1273 | if (IS_ERR(urb)) | |
1274 | return PTR_ERR(urb); | |
1275 | ||
1276 | hdev->stat.cmd_tx++; | |
1277 | return submit_or_queue_tx_urb(hdev, urb); | |
1278 | ||
1279 | case HCI_ACLDATA_PKT: | |
1280 | urb = alloc_bulk_urb(hdev, skb); | |
1281 | if (IS_ERR(urb)) | |
1282 | return PTR_ERR(urb); | |
1283 | ||
1284 | hdev->stat.acl_tx++; | |
1285 | return submit_or_queue_tx_urb(hdev, urb); | |
1286 | ||
1287 | case HCI_SCODATA_PKT: | |
1288 | if (hci_conn_num(hdev, SCO_LINK) < 1) | |
1289 | return -ENODEV; | |
1290 | ||
1291 | urb = alloc_isoc_urb(hdev, skb); | |
1292 | if (IS_ERR(urb)) | |
1293 | return PTR_ERR(urb); | |
1294 | ||
1295 | hdev->stat.sco_tx++; | |
1296 | return submit_tx_urb(hdev, urb); | |
1297 | } | |
1298 | ||
1299 | return -EILSEQ; | |
1300 | } | |
1301 | ||
5e23b923 MH |
1302 | static void btusb_notify(struct hci_dev *hdev, unsigned int evt) |
1303 | { | |
155961e8 | 1304 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
1305 | |
1306 | BT_DBG("%s evt %d", hdev->name, evt); | |
1307 | ||
014f7bc7 MH |
1308 | if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { |
1309 | data->sco_num = hci_conn_num(hdev, SCO_LINK); | |
43c2e57f | 1310 | schedule_work(&data->work); |
a780efa8 | 1311 | } |
5e23b923 MH |
1312 | } |
1313 | ||
42b16b3f | 1314 | static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) |
9bfa35fe | 1315 | { |
155961e8 | 1316 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
1317 | struct usb_interface *intf = data->isoc; |
1318 | struct usb_endpoint_descriptor *ep_desc; | |
1319 | int i, err; | |
1320 | ||
1321 | if (!data->isoc) | |
1322 | return -ENODEV; | |
1323 | ||
1324 | err = usb_set_interface(data->udev, 1, altsetting); | |
1325 | if (err < 0) { | |
1326 | BT_ERR("%s setting interface failed (%d)", hdev->name, -err); | |
1327 | return err; | |
1328 | } | |
1329 | ||
1330 | data->isoc_altsetting = altsetting; | |
1331 | ||
1332 | data->isoc_tx_ep = NULL; | |
1333 | data->isoc_rx_ep = NULL; | |
1334 | ||
1335 | for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { | |
1336 | ep_desc = &intf->cur_altsetting->endpoint[i].desc; | |
1337 | ||
1338 | if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { | |
1339 | data->isoc_tx_ep = ep_desc; | |
1340 | continue; | |
1341 | } | |
1342 | ||
1343 | if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { | |
1344 | data->isoc_rx_ep = ep_desc; | |
1345 | continue; | |
1346 | } | |
1347 | } | |
1348 | ||
1349 | if (!data->isoc_tx_ep || !data->isoc_rx_ep) { | |
1350 | BT_ERR("%s invalid SCO descriptors", hdev->name); | |
1351 | return -ENODEV; | |
1352 | } | |
1353 | ||
1354 | return 0; | |
1355 | } | |
1356 | ||
5e23b923 MH |
1357 | static void btusb_work(struct work_struct *work) |
1358 | { | |
1359 | struct btusb_data *data = container_of(work, struct btusb_data, work); | |
1360 | struct hci_dev *hdev = data->hdev; | |
f4001d28 | 1361 | int new_alts; |
7bee549e | 1362 | int err; |
5e23b923 | 1363 | |
014f7bc7 | 1364 | if (data->sco_num > 0) { |
08b8b6c4 | 1365 | if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { |
8efdd0cd | 1366 | err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); |
7bee549e ON |
1367 | if (err < 0) { |
1368 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
1369 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1370 | return; | |
1371 | } | |
1372 | ||
08b8b6c4 | 1373 | set_bit(BTUSB_DID_ISO_RESUME, &data->flags); |
7bee549e | 1374 | } |
f4001d28 MA |
1375 | |
1376 | if (hdev->voice_setting & 0x0020) { | |
1377 | static const int alts[3] = { 2, 4, 5 }; | |
89e7533d | 1378 | |
014f7bc7 | 1379 | new_alts = alts[data->sco_num - 1]; |
f4001d28 | 1380 | } else { |
014f7bc7 | 1381 | new_alts = data->sco_num; |
f4001d28 MA |
1382 | } |
1383 | ||
1384 | if (data->isoc_altsetting != new_alts) { | |
f6fc86f2 KP |
1385 | unsigned long flags; |
1386 | ||
9bfa35fe MH |
1387 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
1388 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1389 | ||
8f9d02f4 KP |
1390 | /* When isochronous alternate setting needs to be |
1391 | * changed, because SCO connection has been added | |
1392 | * or removed, a packet fragment may be left in the | |
1393 | * reassembling state. This could lead to wrongly | |
1394 | * assembled fragments. | |
1395 | * | |
1396 | * Clear outstanding fragment when selecting a new | |
1397 | * alternate setting. | |
1398 | */ | |
f6fc86f2 | 1399 | spin_lock_irqsave(&data->rxlock, flags); |
8f9d02f4 KP |
1400 | kfree_skb(data->sco_skb); |
1401 | data->sco_skb = NULL; | |
f6fc86f2 | 1402 | spin_unlock_irqrestore(&data->rxlock, flags); |
8f9d02f4 | 1403 | |
f4001d28 | 1404 | if (__set_isoc_interface(hdev, new_alts) < 0) |
9bfa35fe MH |
1405 | return; |
1406 | } | |
1407 | ||
1408 | if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { | |
2eda66f4 | 1409 | if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) |
9bfa35fe MH |
1410 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
1411 | else | |
2eda66f4 | 1412 | btusb_submit_isoc_urb(hdev, GFP_KERNEL); |
9bfa35fe MH |
1413 | } |
1414 | } else { | |
1415 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
1416 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1417 | ||
1418 | __set_isoc_interface(hdev, 0); | |
08b8b6c4 | 1419 | if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) |
8efdd0cd | 1420 | usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); |
5e23b923 MH |
1421 | } |
1422 | } | |
1423 | ||
7bee549e ON |
1424 | static void btusb_waker(struct work_struct *work) |
1425 | { | |
1426 | struct btusb_data *data = container_of(work, struct btusb_data, waker); | |
1427 | int err; | |
1428 | ||
1429 | err = usb_autopm_get_interface(data->intf); | |
1430 | if (err < 0) | |
1431 | return; | |
1432 | ||
1433 | usb_autopm_put_interface(data->intf); | |
1434 | } | |
1435 | ||
9f8f962c MH |
1436 | static int btusb_setup_bcm92035(struct hci_dev *hdev) |
1437 | { | |
1438 | struct sk_buff *skb; | |
1439 | u8 val = 0x00; | |
1440 | ||
1441 | BT_DBG("%s", hdev->name); | |
1442 | ||
1443 | skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); | |
1444 | if (IS_ERR(skb)) | |
1445 | BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); | |
1446 | else | |
1447 | kfree_skb(skb); | |
1448 | ||
1449 | return 0; | |
1450 | } | |
1451 | ||
81cac64b MH |
1452 | static int btusb_setup_csr(struct hci_dev *hdev) |
1453 | { | |
1454 | struct hci_rp_read_local_version *rp; | |
1455 | struct sk_buff *skb; | |
81cac64b MH |
1456 | |
1457 | BT_DBG("%s", hdev->name); | |
1458 | ||
7cd84d72 MH |
1459 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, |
1460 | HCI_INIT_TIMEOUT); | |
1461 | if (IS_ERR(skb)) { | |
1462 | int err = PTR_ERR(skb); | |
1463 | BT_ERR("%s: CSR: Local version failed (%d)", hdev->name, err); | |
1464 | return err; | |
1465 | } | |
1466 | ||
1467 | if (skb->len != sizeof(struct hci_rp_read_local_version)) { | |
1468 | BT_ERR("%s: CSR: Local version length mismatch", hdev->name); | |
1469 | kfree_skb(skb); | |
1470 | return -EIO; | |
1471 | } | |
81cac64b | 1472 | |
89e7533d | 1473 | rp = (struct hci_rp_read_local_version *)skb->data; |
81cac64b | 1474 | |
6cafcd95 JH |
1475 | /* Detect controllers which aren't real CSR ones. */ |
1476 | if (le16_to_cpu(rp->manufacturer) != 10 || | |
1477 | le16_to_cpu(rp->lmp_subver) == 0x0c5c) { | |
9641d343 MH |
1478 | /* Clear the reset quirk since this is not an actual |
1479 | * early Bluetooth 1.1 device from CSR. | |
1480 | */ | |
1481 | clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); | |
81cac64b | 1482 | |
9641d343 MH |
1483 | /* These fake CSR controllers have all a broken |
1484 | * stored link key handling and so just disable it. | |
1485 | */ | |
1486 | set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); | |
1487 | } | |
81cac64b MH |
1488 | |
1489 | kfree_skb(skb); | |
1490 | ||
9641d343 | 1491 | return 0; |
81cac64b MH |
1492 | } |
1493 | ||
dffd30ee | 1494 | static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, |
89e7533d | 1495 | struct intel_version *ver) |
dffd30ee THJA |
1496 | { |
1497 | const struct firmware *fw; | |
1498 | char fwname[64]; | |
1499 | int ret; | |
1500 | ||
1501 | snprintf(fwname, sizeof(fwname), | |
1502 | "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", | |
1503 | ver->hw_platform, ver->hw_variant, ver->hw_revision, | |
1504 | ver->fw_variant, ver->fw_revision, ver->fw_build_num, | |
1505 | ver->fw_build_ww, ver->fw_build_yy); | |
1506 | ||
1507 | ret = request_firmware(&fw, fwname, &hdev->dev); | |
1508 | if (ret < 0) { | |
1509 | if (ret == -EINVAL) { | |
1510 | BT_ERR("%s Intel firmware file request failed (%d)", | |
1511 | hdev->name, ret); | |
1512 | return NULL; | |
1513 | } | |
1514 | ||
1515 | BT_ERR("%s failed to open Intel firmware file: %s(%d)", | |
1516 | hdev->name, fwname, ret); | |
1517 | ||
1518 | /* If the correct firmware patch file is not found, use the | |
1519 | * default firmware patch file instead | |
1520 | */ | |
1521 | snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", | |
1522 | ver->hw_platform, ver->hw_variant); | |
1523 | if (request_firmware(&fw, fwname, &hdev->dev) < 0) { | |
1524 | BT_ERR("%s failed to open default Intel fw file: %s", | |
1525 | hdev->name, fwname); | |
1526 | return NULL; | |
1527 | } | |
1528 | } | |
1529 | ||
1530 | BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); | |
1531 | ||
1532 | return fw; | |
1533 | } | |
1534 | ||
1535 | static int btusb_setup_intel_patching(struct hci_dev *hdev, | |
1536 | const struct firmware *fw, | |
1537 | const u8 **fw_ptr, int *disable_patch) | |
1538 | { | |
1539 | struct sk_buff *skb; | |
1540 | struct hci_command_hdr *cmd; | |
1541 | const u8 *cmd_param; | |
1542 | struct hci_event_hdr *evt = NULL; | |
1543 | const u8 *evt_param = NULL; | |
1544 | int remain = fw->size - (*fw_ptr - fw->data); | |
1545 | ||
1546 | /* The first byte indicates the types of the patch command or event. | |
1547 | * 0x01 means HCI command and 0x02 is HCI event. If the first bytes | |
1548 | * in the current firmware buffer doesn't start with 0x01 or | |
1549 | * the size of remain buffer is smaller than HCI command header, | |
1550 | * the firmware file is corrupted and it should stop the patching | |
1551 | * process. | |
1552 | */ | |
1553 | if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { | |
1554 | BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); | |
1555 | return -EINVAL; | |
1556 | } | |
1557 | (*fw_ptr)++; | |
1558 | remain--; | |
1559 | ||
1560 | cmd = (struct hci_command_hdr *)(*fw_ptr); | |
1561 | *fw_ptr += sizeof(*cmd); | |
1562 | remain -= sizeof(*cmd); | |
1563 | ||
1564 | /* Ensure that the remain firmware data is long enough than the length | |
1565 | * of command parameter. If not, the firmware file is corrupted. | |
1566 | */ | |
1567 | if (remain < cmd->plen) { | |
1568 | BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); | |
1569 | return -EFAULT; | |
1570 | } | |
1571 | ||
1572 | /* If there is a command that loads a patch in the firmware | |
1573 | * file, then enable the patch upon success, otherwise just | |
1574 | * disable the manufacturer mode, for example patch activation | |
1575 | * is not required when the default firmware patch file is used | |
1576 | * because there are no patch data to load. | |
1577 | */ | |
1578 | if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) | |
1579 | *disable_patch = 0; | |
1580 | ||
1581 | cmd_param = *fw_ptr; | |
1582 | *fw_ptr += cmd->plen; | |
1583 | remain -= cmd->plen; | |
1584 | ||
1585 | /* This reads the expected events when the above command is sent to the | |
1586 | * device. Some vendor commands expects more than one events, for | |
1587 | * example command status event followed by vendor specific event. | |
1588 | * For this case, it only keeps the last expected event. so the command | |
1589 | * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of | |
1590 | * last expected event. | |
1591 | */ | |
1592 | while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { | |
1593 | (*fw_ptr)++; | |
1594 | remain--; | |
1595 | ||
1596 | evt = (struct hci_event_hdr *)(*fw_ptr); | |
1597 | *fw_ptr += sizeof(*evt); | |
1598 | remain -= sizeof(*evt); | |
1599 | ||
1600 | if (remain < evt->plen) { | |
1601 | BT_ERR("%s Intel fw corrupted: invalid evt len", | |
1602 | hdev->name); | |
1603 | return -EFAULT; | |
1604 | } | |
1605 | ||
1606 | evt_param = *fw_ptr; | |
1607 | *fw_ptr += evt->plen; | |
1608 | remain -= evt->plen; | |
1609 | } | |
1610 | ||
1611 | /* Every HCI commands in the firmware file has its correspond event. | |
1612 | * If event is not found or remain is smaller than zero, the firmware | |
1613 | * file is corrupted. | |
1614 | */ | |
1615 | if (!evt || !evt_param || remain < 0) { | |
1616 | BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); | |
1617 | return -EFAULT; | |
1618 | } | |
1619 | ||
1620 | skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, | |
1621 | cmd_param, evt->evt, HCI_INIT_TIMEOUT); | |
1622 | if (IS_ERR(skb)) { | |
1623 | BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", | |
1624 | hdev->name, cmd->opcode, PTR_ERR(skb)); | |
d9c78e97 | 1625 | return PTR_ERR(skb); |
dffd30ee THJA |
1626 | } |
1627 | ||
1628 | /* It ensures that the returned event matches the event data read from | |
1629 | * the firmware file. At fist, it checks the length and then | |
1630 | * the contents of the event. | |
1631 | */ | |
1632 | if (skb->len != evt->plen) { | |
1633 | BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, | |
1634 | le16_to_cpu(cmd->opcode)); | |
1635 | kfree_skb(skb); | |
1636 | return -EFAULT; | |
1637 | } | |
1638 | ||
1639 | if (memcmp(skb->data, evt_param, evt->plen)) { | |
1640 | BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", | |
1641 | hdev->name, le16_to_cpu(cmd->opcode)); | |
1642 | kfree_skb(skb); | |
1643 | return -EFAULT; | |
1644 | } | |
1645 | kfree_skb(skb); | |
1646 | ||
1647 | return 0; | |
1648 | } | |
1649 | ||
1650 | static int btusb_setup_intel(struct hci_dev *hdev) | |
1651 | { | |
1652 | struct sk_buff *skb; | |
1653 | const struct firmware *fw; | |
1654 | const u8 *fw_ptr; | |
28dc4b92 | 1655 | int disable_patch, err; |
6c483de1 | 1656 | struct intel_version ver; |
dffd30ee | 1657 | |
dffd30ee THJA |
1658 | BT_DBG("%s", hdev->name); |
1659 | ||
1660 | /* The controller has a bug with the first HCI command sent to it | |
1661 | * returning number of completed commands as zero. This would stall the | |
1662 | * command processing in the Bluetooth core. | |
1663 | * | |
1664 | * As a workaround, send HCI Reset command first which will reset the | |
1665 | * number of completed commands and allow normal command processing | |
1666 | * from now on. | |
1667 | */ | |
1668 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
1669 | if (IS_ERR(skb)) { | |
1670 | BT_ERR("%s sending initial HCI reset command failed (%ld)", | |
1671 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1672 | return PTR_ERR(skb); |
dffd30ee THJA |
1673 | } |
1674 | kfree_skb(skb); | |
1675 | ||
1676 | /* Read Intel specific controller version first to allow selection of | |
1677 | * which firmware file to load. | |
1678 | * | |
1679 | * The returned information are hardware variant and revision plus | |
1680 | * firmware variant, revision and build number. | |
1681 | */ | |
6c483de1 LP |
1682 | err = btintel_read_version(hdev, &ver); |
1683 | if (err) | |
1684 | return err; | |
dffd30ee THJA |
1685 | |
1686 | BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", | |
6c483de1 LP |
1687 | hdev->name, ver.hw_platform, ver.hw_variant, ver.hw_revision, |
1688 | ver.fw_variant, ver.fw_revision, ver.fw_build_num, | |
1689 | ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num); | |
dffd30ee THJA |
1690 | |
1691 | /* fw_patch_num indicates the version of patch the device currently | |
1692 | * have. If there is no patch data in the device, it is always 0x00. | |
5075edae | 1693 | * So, if it is other than 0x00, no need to patch the device again. |
dffd30ee | 1694 | */ |
6c483de1 | 1695 | if (ver.fw_patch_num) { |
dffd30ee | 1696 | BT_INFO("%s: Intel device is already patched. patch num: %02x", |
6c483de1 | 1697 | hdev->name, ver.fw_patch_num); |
213445b2 | 1698 | goto complete; |
dffd30ee THJA |
1699 | } |
1700 | ||
1701 | /* Opens the firmware patch file based on the firmware version read | |
1702 | * from the controller. If it fails to open the matching firmware | |
1703 | * patch file, it tries to open the default firmware patch file. | |
1704 | * If no patch file is found, allow the device to operate without | |
1705 | * a patch. | |
1706 | */ | |
6c483de1 LP |
1707 | fw = btusb_setup_intel_get_fw(hdev, &ver); |
1708 | if (!fw) | |
213445b2 | 1709 | goto complete; |
dffd30ee THJA |
1710 | fw_ptr = fw->data; |
1711 | ||
28dc4b92 | 1712 | /* Enable the manufacturer mode of the controller. |
dffd30ee THJA |
1713 | * Only while this mode is enabled, the driver can download the |
1714 | * firmware patch data and configuration parameters. | |
1715 | */ | |
28dc4b92 LP |
1716 | err = btintel_enter_mfg(hdev); |
1717 | if (err) { | |
dffd30ee | 1718 | release_firmware(fw); |
28dc4b92 | 1719 | return err; |
dffd30ee THJA |
1720 | } |
1721 | ||
dffd30ee THJA |
1722 | disable_patch = 1; |
1723 | ||
1724 | /* The firmware data file consists of list of Intel specific HCI | |
1725 | * commands and its expected events. The first byte indicates the | |
1726 | * type of the message, either HCI command or HCI event. | |
1727 | * | |
1728 | * It reads the command and its expected event from the firmware file, | |
1729 | * and send to the controller. Once __hci_cmd_sync_ev() returns, | |
1730 | * the returned event is compared with the event read from the firmware | |
1731 | * file and it will continue until all the messages are downloaded to | |
1732 | * the controller. | |
1733 | * | |
1734 | * Once the firmware patching is completed successfully, | |
1735 | * the manufacturer mode is disabled with reset and activating the | |
1736 | * downloaded patch. | |
1737 | * | |
1738 | * If the firmware patching fails, the manufacturer mode is | |
1739 | * disabled with reset and deactivating the patch. | |
1740 | * | |
1741 | * If the default patch file is used, no reset is done when disabling | |
1742 | * the manufacturer. | |
1743 | */ | |
1744 | while (fw->size > fw_ptr - fw->data) { | |
1745 | int ret; | |
1746 | ||
1747 | ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, | |
1748 | &disable_patch); | |
1749 | if (ret < 0) | |
1750 | goto exit_mfg_deactivate; | |
1751 | } | |
1752 | ||
1753 | release_firmware(fw); | |
1754 | ||
1755 | if (disable_patch) | |
1756 | goto exit_mfg_disable; | |
1757 | ||
1758 | /* Patching completed successfully and disable the manufacturer mode | |
1759 | * with reset and activate the downloaded firmware patches. | |
1760 | */ | |
28dc4b92 LP |
1761 | err = btintel_exit_mfg(hdev, true, true); |
1762 | if (err) | |
1763 | return err; | |
dffd30ee THJA |
1764 | |
1765 | BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", | |
1766 | hdev->name); | |
1767 | ||
213445b2 | 1768 | goto complete; |
dffd30ee THJA |
1769 | |
1770 | exit_mfg_disable: | |
1771 | /* Disable the manufacturer mode without reset */ | |
28dc4b92 LP |
1772 | err = btintel_exit_mfg(hdev, false, false); |
1773 | if (err) | |
1774 | return err; | |
dffd30ee THJA |
1775 | |
1776 | BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); | |
40cb0984 | 1777 | |
213445b2 | 1778 | goto complete; |
dffd30ee THJA |
1779 | |
1780 | exit_mfg_deactivate: | |
1781 | release_firmware(fw); | |
1782 | ||
1783 | /* Patching failed. Disable the manufacturer mode with reset and | |
1784 | * deactivate the downloaded firmware patches. | |
1785 | */ | |
28dc4b92 LP |
1786 | err = btintel_exit_mfg(hdev, true, false); |
1787 | if (err) | |
1788 | return err; | |
dffd30ee THJA |
1789 | |
1790 | BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", | |
1791 | hdev->name); | |
1792 | ||
213445b2 MH |
1793 | complete: |
1794 | /* Set the event mask for Intel specific vendor events. This enables | |
1795 | * a few extra events that are useful during general operation. | |
1796 | */ | |
1797 | btintel_set_event_mask_mfg(hdev, false); | |
1798 | ||
4185a0f5 | 1799 | btintel_check_bdaddr(hdev); |
dffd30ee THJA |
1800 | return 0; |
1801 | } | |
1802 | ||
cda0dd78 MH |
1803 | static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) |
1804 | { | |
1805 | struct sk_buff *skb; | |
1806 | struct hci_event_hdr *hdr; | |
1807 | struct hci_ev_cmd_complete *evt; | |
1808 | ||
1809 | skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); | |
1810 | if (!skb) | |
1811 | return -ENOMEM; | |
1812 | ||
1813 | hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); | |
1814 | hdr->evt = HCI_EV_CMD_COMPLETE; | |
1815 | hdr->plen = sizeof(*evt) + 1; | |
1816 | ||
1817 | evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); | |
1818 | evt->ncmd = 0x01; | |
1819 | evt->opcode = cpu_to_le16(opcode); | |
1820 | ||
1821 | *skb_put(skb, 1) = 0x00; | |
1822 | ||
618e8bc2 | 1823 | hci_skb_pkt_type(skb) = HCI_EVENT_PKT; |
cda0dd78 MH |
1824 | |
1825 | return hci_recv_frame(hdev, skb); | |
1826 | } | |
1827 | ||
1828 | static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, | |
1829 | int count) | |
1830 | { | |
1831 | /* When the device is in bootloader mode, then it can send | |
1832 | * events via the bulk endpoint. These events are treated the | |
1833 | * same way as the ones received from the interrupt endpoint. | |
1834 | */ | |
1835 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) | |
1836 | return btusb_recv_intr(data, buffer, count); | |
1837 | ||
1838 | return btusb_recv_bulk(data, buffer, count); | |
1839 | } | |
1840 | ||
ccd6da2a MH |
1841 | static void btusb_intel_bootup(struct btusb_data *data, const void *ptr, |
1842 | unsigned int len) | |
1843 | { | |
1844 | const struct intel_bootup *evt = ptr; | |
1845 | ||
1846 | if (len != sizeof(*evt)) | |
1847 | return; | |
1848 | ||
1849 | if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) { | |
1850 | smp_mb__after_atomic(); | |
1851 | wake_up_bit(&data->flags, BTUSB_BOOTING); | |
1852 | } | |
1853 | } | |
1854 | ||
1855 | static void btusb_intel_secure_send_result(struct btusb_data *data, | |
1856 | const void *ptr, unsigned int len) | |
1857 | { | |
1858 | const struct intel_secure_send_result *evt = ptr; | |
1859 | ||
1860 | if (len != sizeof(*evt)) | |
1861 | return; | |
1862 | ||
1863 | if (evt->result) | |
1864 | set_bit(BTUSB_FIRMWARE_FAILED, &data->flags); | |
1865 | ||
1866 | if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) && | |
1867 | test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) { | |
1868 | smp_mb__after_atomic(); | |
1869 | wake_up_bit(&data->flags, BTUSB_DOWNLOADING); | |
1870 | } | |
1871 | } | |
1872 | ||
cda0dd78 MH |
1873 | static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) |
1874 | { | |
1875 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1876 | ||
1877 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { | |
1878 | struct hci_event_hdr *hdr = (void *)skb->data; | |
1879 | ||
ccd6da2a MH |
1880 | if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && |
1881 | hdr->plen > 0) { | |
1882 | const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; | |
1883 | unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; | |
1884 | ||
1885 | switch (skb->data[2]) { | |
1886 | case 0x02: | |
1887 | /* When switching to the operational firmware | |
1888 | * the device sends a vendor specific event | |
1889 | * indicating that the bootup completed. | |
1890 | */ | |
1891 | btusb_intel_bootup(data, ptr, len); | |
1892 | break; | |
1893 | case 0x06: | |
1894 | /* When the firmware loading completes the | |
1895 | * device sends out a vendor specific event | |
1896 | * indicating the result of the firmware | |
1897 | * loading. | |
1898 | */ | |
1899 | btusb_intel_secure_send_result(data, ptr, len); | |
1900 | break; | |
fad70972 | 1901 | } |
cda0dd78 MH |
1902 | } |
1903 | } | |
1904 | ||
1905 | return hci_recv_frame(hdev, skb); | |
1906 | } | |
1907 | ||
1908 | static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) | |
1909 | { | |
1910 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1911 | struct urb *urb; | |
1912 | ||
1913 | BT_DBG("%s", hdev->name); | |
1914 | ||
618e8bc2 | 1915 | switch (hci_skb_pkt_type(skb)) { |
cda0dd78 MH |
1916 | case HCI_COMMAND_PKT: |
1917 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { | |
1918 | struct hci_command_hdr *cmd = (void *)skb->data; | |
1919 | __u16 opcode = le16_to_cpu(cmd->opcode); | |
1920 | ||
1921 | /* When in bootloader mode and the command 0xfc09 | |
1922 | * is received, it needs to be send down the | |
1923 | * bulk endpoint. So allocate a bulk URB instead. | |
1924 | */ | |
1925 | if (opcode == 0xfc09) | |
1926 | urb = alloc_bulk_urb(hdev, skb); | |
1927 | else | |
1928 | urb = alloc_ctrl_urb(hdev, skb); | |
1929 | ||
1930 | /* When the 0xfc01 command is issued to boot into | |
1931 | * the operational firmware, it will actually not | |
1932 | * send a command complete event. To keep the flow | |
1933 | * control working inject that event here. | |
1934 | */ | |
1935 | if (opcode == 0xfc01) | |
1936 | inject_cmd_complete(hdev, opcode); | |
1937 | } else { | |
1938 | urb = alloc_ctrl_urb(hdev, skb); | |
1939 | } | |
1940 | if (IS_ERR(urb)) | |
1941 | return PTR_ERR(urb); | |
1942 | ||
1943 | hdev->stat.cmd_tx++; | |
1944 | return submit_or_queue_tx_urb(hdev, urb); | |
1945 | ||
1946 | case HCI_ACLDATA_PKT: | |
1947 | urb = alloc_bulk_urb(hdev, skb); | |
1948 | if (IS_ERR(urb)) | |
1949 | return PTR_ERR(urb); | |
1950 | ||
1951 | hdev->stat.acl_tx++; | |
1952 | return submit_or_queue_tx_urb(hdev, urb); | |
1953 | ||
1954 | case HCI_SCODATA_PKT: | |
1955 | if (hci_conn_num(hdev, SCO_LINK) < 1) | |
1956 | return -ENODEV; | |
1957 | ||
1958 | urb = alloc_isoc_urb(hdev, skb); | |
1959 | if (IS_ERR(urb)) | |
1960 | return PTR_ERR(urb); | |
1961 | ||
1962 | hdev->stat.sco_tx++; | |
1963 | return submit_tx_urb(hdev, urb); | |
1964 | } | |
1965 | ||
1966 | return -EILSEQ; | |
1967 | } | |
1968 | ||
cda0dd78 MH |
1969 | static int btusb_setup_intel_new(struct hci_dev *hdev) |
1970 | { | |
1971 | static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, | |
1972 | 0x00, 0x08, 0x04, 0x00 }; | |
1973 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1974 | struct sk_buff *skb; | |
6c483de1 | 1975 | struct intel_version ver; |
cda0dd78 MH |
1976 | struct intel_boot_params *params; |
1977 | const struct firmware *fw; | |
1978 | const u8 *fw_ptr; | |
e66890a9 | 1979 | u32 frag_len; |
cda0dd78 MH |
1980 | char fwname[64]; |
1981 | ktime_t calltime, delta, rettime; | |
1982 | unsigned long long duration; | |
1983 | int err; | |
1984 | ||
1985 | BT_DBG("%s", hdev->name); | |
1986 | ||
1987 | calltime = ktime_get(); | |
1988 | ||
1989 | /* Read the Intel version information to determine if the device | |
1990 | * is in bootloader mode or if it already has operational firmware | |
1991 | * loaded. | |
1992 | */ | |
6c483de1 LP |
1993 | err = btintel_read_version(hdev, &ver); |
1994 | if (err) | |
1995 | return err; | |
cda0dd78 MH |
1996 | |
1997 | /* The hardware platform number has a fixed value of 0x37 and | |
1998 | * for now only accept this single value. | |
1999 | */ | |
6c483de1 | 2000 | if (ver.hw_platform != 0x37) { |
cda0dd78 | 2001 | BT_ERR("%s: Unsupported Intel hardware platform (%u)", |
6c483de1 | 2002 | hdev->name, ver.hw_platform); |
cda0dd78 MH |
2003 | return -EINVAL; |
2004 | } | |
2005 | ||
a0af53b5 THJA |
2006 | /* At the moment the iBT 3.0 hardware variants 0x0b (LnP/SfP) |
2007 | * and 0x0c (WsP) are supported by this firmware loading method. | |
2008 | * | |
2009 | * This check has been put in place to ensure correct forward | |
2010 | * compatibility options when newer hardware variants come along. | |
cda0dd78 | 2011 | */ |
a0af53b5 | 2012 | if (ver.hw_variant != 0x0b && ver.hw_variant != 0x0c) { |
cda0dd78 | 2013 | BT_ERR("%s: Unsupported Intel hardware variant (%u)", |
6c483de1 | 2014 | hdev->name, ver.hw_variant); |
cda0dd78 MH |
2015 | return -EINVAL; |
2016 | } | |
2017 | ||
6c483de1 | 2018 | btintel_version_info(hdev, &ver); |
cda0dd78 MH |
2019 | |
2020 | /* The firmware variant determines if the device is in bootloader | |
2021 | * mode or is running operational firmware. The value 0x06 identifies | |
2022 | * the bootloader and the value 0x23 identifies the operational | |
2023 | * firmware. | |
2024 | * | |
2025 | * When the operational firmware is already present, then only | |
2026 | * the check for valid Bluetooth device address is needed. This | |
2027 | * determines if the device will be added as configured or | |
2028 | * unconfigured controller. | |
2029 | * | |
2030 | * It is not possible to use the Secure Boot Parameters in this | |
2031 | * case since that command is only available in bootloader mode. | |
2032 | */ | |
6c483de1 | 2033 | if (ver.fw_variant == 0x23) { |
cda0dd78 | 2034 | clear_bit(BTUSB_BOOTLOADER, &data->flags); |
4185a0f5 | 2035 | btintel_check_bdaddr(hdev); |
cda0dd78 MH |
2036 | return 0; |
2037 | } | |
2038 | ||
2039 | /* If the device is not in bootloader mode, then the only possible | |
2040 | * choice is to return an error and abort the device initialization. | |
2041 | */ | |
6c483de1 | 2042 | if (ver.fw_variant != 0x06) { |
cda0dd78 | 2043 | BT_ERR("%s: Unsupported Intel firmware variant (%u)", |
6c483de1 | 2044 | hdev->name, ver.fw_variant); |
cda0dd78 MH |
2045 | return -ENODEV; |
2046 | } | |
2047 | ||
cda0dd78 MH |
2048 | /* Read the secure boot parameters to identify the operating |
2049 | * details of the bootloader. | |
2050 | */ | |
2051 | skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); | |
2052 | if (IS_ERR(skb)) { | |
2053 | BT_ERR("%s: Reading Intel boot parameters failed (%ld)", | |
2054 | hdev->name, PTR_ERR(skb)); | |
2055 | return PTR_ERR(skb); | |
2056 | } | |
2057 | ||
2058 | if (skb->len != sizeof(*params)) { | |
2059 | BT_ERR("%s: Intel boot parameters size mismatch", hdev->name); | |
2060 | kfree_skb(skb); | |
2061 | return -EILSEQ; | |
2062 | } | |
2063 | ||
2064 | params = (struct intel_boot_params *)skb->data; | |
cda0dd78 MH |
2065 | |
2066 | BT_INFO("%s: Device revision is %u", hdev->name, | |
2067 | le16_to_cpu(params->dev_revid)); | |
2068 | ||
2069 | BT_INFO("%s: Secure boot is %s", hdev->name, | |
2070 | params->secure_boot ? "enabled" : "disabled"); | |
2071 | ||
2220994e MH |
2072 | BT_INFO("%s: OTP lock is %s", hdev->name, |
2073 | params->otp_lock ? "enabled" : "disabled"); | |
2074 | ||
2075 | BT_INFO("%s: API lock is %s", hdev->name, | |
2076 | params->api_lock ? "enabled" : "disabled"); | |
2077 | ||
2078 | BT_INFO("%s: Debug lock is %s", hdev->name, | |
2079 | params->debug_lock ? "enabled" : "disabled"); | |
2080 | ||
cda0dd78 MH |
2081 | BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name, |
2082 | params->min_fw_build_nn, params->min_fw_build_cw, | |
2083 | 2000 + params->min_fw_build_yy); | |
2084 | ||
2085 | /* It is required that every single firmware fragment is acknowledged | |
2086 | * with a command complete event. If the boot parameters indicate | |
2087 | * that this bootloader does not send them, then abort the setup. | |
2088 | */ | |
2089 | if (params->limited_cce != 0x00) { | |
2090 | BT_ERR("%s: Unsupported Intel firmware loading method (%u)", | |
2091 | hdev->name, params->limited_cce); | |
2092 | kfree_skb(skb); | |
2093 | return -EINVAL; | |
2094 | } | |
2095 | ||
2096 | /* If the OTP has no valid Bluetooth device address, then there will | |
2097 | * also be no valid address for the operational firmware. | |
2098 | */ | |
2099 | if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { | |
2100 | BT_INFO("%s: No device address configured", hdev->name); | |
2101 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); | |
2102 | } | |
2103 | ||
2104 | /* With this Intel bootloader only the hardware variant and device | |
2105 | * revision information are used to select the right firmware. | |
2106 | * | |
2107 | * Currently this bootloader support is limited to hardware variant | |
2108 | * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). | |
2109 | */ | |
2110 | snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", | |
2111 | le16_to_cpu(params->dev_revid)); | |
2112 | ||
2113 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2114 | if (err < 0) { | |
2115 | BT_ERR("%s: Failed to load Intel firmware file (%d)", | |
2116 | hdev->name, err); | |
2117 | kfree_skb(skb); | |
2118 | return err; | |
2119 | } | |
2120 | ||
2121 | BT_INFO("%s: Found device firmware: %s", hdev->name, fwname); | |
2122 | ||
52cc9168 THJA |
2123 | /* Save the DDC file name for later use to apply once the firmware |
2124 | * downloading is done. | |
2125 | */ | |
2126 | snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.ddc", | |
2127 | le16_to_cpu(params->dev_revid)); | |
2128 | ||
cda0dd78 MH |
2129 | kfree_skb(skb); |
2130 | ||
2131 | if (fw->size < 644) { | |
2132 | BT_ERR("%s: Invalid size of firmware file (%zu)", | |
2133 | hdev->name, fw->size); | |
2134 | err = -EBADF; | |
2135 | goto done; | |
2136 | } | |
2137 | ||
2138 | set_bit(BTUSB_DOWNLOADING, &data->flags); | |
2139 | ||
2140 | /* Start the firmware download transaction with the Init fragment | |
2141 | * represented by the 128 bytes of CSS header. | |
2142 | */ | |
09df123d | 2143 | err = btintel_secure_send(hdev, 0x00, 128, fw->data); |
cda0dd78 MH |
2144 | if (err < 0) { |
2145 | BT_ERR("%s: Failed to send firmware header (%d)", | |
2146 | hdev->name, err); | |
2147 | goto done; | |
2148 | } | |
2149 | ||
2150 | /* Send the 256 bytes of public key information from the firmware | |
2151 | * as the PKey fragment. | |
2152 | */ | |
09df123d | 2153 | err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); |
cda0dd78 MH |
2154 | if (err < 0) { |
2155 | BT_ERR("%s: Failed to send firmware public key (%d)", | |
2156 | hdev->name, err); | |
2157 | goto done; | |
2158 | } | |
2159 | ||
2160 | /* Send the 256 bytes of signature information from the firmware | |
2161 | * as the Sign fragment. | |
2162 | */ | |
09df123d | 2163 | err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); |
cda0dd78 MH |
2164 | if (err < 0) { |
2165 | BT_ERR("%s: Failed to send firmware signature (%d)", | |
2166 | hdev->name, err); | |
2167 | goto done; | |
2168 | } | |
2169 | ||
2170 | fw_ptr = fw->data + 644; | |
e66890a9 | 2171 | frag_len = 0; |
cda0dd78 MH |
2172 | |
2173 | while (fw_ptr - fw->data < fw->size) { | |
e66890a9 | 2174 | struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); |
cda0dd78 | 2175 | |
e66890a9 | 2176 | frag_len += sizeof(*cmd) + cmd->plen; |
cda0dd78 | 2177 | |
5075edae | 2178 | /* The parameter length of the secure send command requires |
e66890a9 MH |
2179 | * a 4 byte alignment. It happens so that the firmware file |
2180 | * contains proper Intel_NOP commands to align the fragments | |
2181 | * as needed. | |
2182 | * | |
2183 | * Send set of commands with 4 byte alignment from the | |
2184 | * firmware data buffer as a single Data fragement. | |
cda0dd78 | 2185 | */ |
e66890a9 | 2186 | if (!(frag_len % 4)) { |
09df123d | 2187 | err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); |
e66890a9 MH |
2188 | if (err < 0) { |
2189 | BT_ERR("%s: Failed to send firmware data (%d)", | |
2190 | hdev->name, err); | |
2191 | goto done; | |
2192 | } | |
cda0dd78 | 2193 | |
e66890a9 MH |
2194 | fw_ptr += frag_len; |
2195 | frag_len = 0; | |
2196 | } | |
cda0dd78 MH |
2197 | } |
2198 | ||
ce6bb929 MH |
2199 | set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); |
2200 | ||
a087a98e JH |
2201 | BT_INFO("%s: Waiting for firmware download to complete", hdev->name); |
2202 | ||
cda0dd78 MH |
2203 | /* Before switching the device into operational mode and with that |
2204 | * booting the loaded firmware, wait for the bootloader notification | |
2205 | * that all fragments have been successfully received. | |
2206 | * | |
a087a98e JH |
2207 | * When the event processing receives the notification, then the |
2208 | * BTUSB_DOWNLOADING flag will be cleared. | |
2209 | * | |
2210 | * The firmware loading should not take longer than 5 seconds | |
2211 | * and thus just timeout if that happens and fail the setup | |
2212 | * of this device. | |
cda0dd78 | 2213 | */ |
129a7693 JH |
2214 | err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, |
2215 | TASK_INTERRUPTIBLE, | |
2216 | msecs_to_jiffies(5000)); | |
a087a98e JH |
2217 | if (err == 1) { |
2218 | BT_ERR("%s: Firmware loading interrupted", hdev->name); | |
2219 | err = -EINTR; | |
2220 | goto done; | |
2221 | } | |
cda0dd78 | 2222 | |
a087a98e JH |
2223 | if (err) { |
2224 | BT_ERR("%s: Firmware loading timeout", hdev->name); | |
2225 | err = -ETIMEDOUT; | |
2226 | goto done; | |
cda0dd78 MH |
2227 | } |
2228 | ||
2229 | if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { | |
2230 | BT_ERR("%s: Firmware loading failed", hdev->name); | |
2231 | err = -ENOEXEC; | |
2232 | goto done; | |
2233 | } | |
2234 | ||
2235 | rettime = ktime_get(); | |
2236 | delta = ktime_sub(rettime, calltime); | |
2237 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
2238 | ||
2239 | BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration); | |
2240 | ||
2241 | done: | |
2242 | release_firmware(fw); | |
2243 | ||
2244 | if (err < 0) | |
2245 | return err; | |
2246 | ||
2247 | calltime = ktime_get(); | |
2248 | ||
2249 | set_bit(BTUSB_BOOTING, &data->flags); | |
2250 | ||
2251 | skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, | |
2252 | HCI_INIT_TIMEOUT); | |
2253 | if (IS_ERR(skb)) | |
2254 | return PTR_ERR(skb); | |
2255 | ||
2256 | kfree_skb(skb); | |
2257 | ||
2258 | /* The bootloader will not indicate when the device is ready. This | |
2259 | * is done by the operational firmware sending bootup notification. | |
fad70972 JH |
2260 | * |
2261 | * Booting into operational firmware should not take longer than | |
2262 | * 1 second. However if that happens, then just fail the setup | |
2263 | * since something went wrong. | |
cda0dd78 | 2264 | */ |
fad70972 | 2265 | BT_INFO("%s: Waiting for device to boot", hdev->name); |
cda0dd78 | 2266 | |
129a7693 JH |
2267 | err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, |
2268 | TASK_INTERRUPTIBLE, | |
2269 | msecs_to_jiffies(1000)); | |
cda0dd78 | 2270 | |
fad70972 JH |
2271 | if (err == 1) { |
2272 | BT_ERR("%s: Device boot interrupted", hdev->name); | |
2273 | return -EINTR; | |
2274 | } | |
cda0dd78 | 2275 | |
fad70972 JH |
2276 | if (err) { |
2277 | BT_ERR("%s: Device boot timeout", hdev->name); | |
2278 | return -ETIMEDOUT; | |
cda0dd78 MH |
2279 | } |
2280 | ||
2281 | rettime = ktime_get(); | |
2282 | delta = ktime_sub(rettime, calltime); | |
2283 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
2284 | ||
2285 | BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration); | |
2286 | ||
2287 | clear_bit(BTUSB_BOOTLOADER, &data->flags); | |
2288 | ||
52cc9168 THJA |
2289 | /* Once the device is running in operational mode, it needs to apply |
2290 | * the device configuration (DDC) parameters. | |
2291 | * | |
2292 | * The device can work without DDC parameters, so even if it fails | |
2293 | * to load the file, no need to fail the setup. | |
2294 | */ | |
e924d3d6 | 2295 | btintel_load_ddc_config(hdev, fwname); |
52cc9168 | 2296 | |
213445b2 MH |
2297 | /* Set the event mask for Intel specific vendor events. This enables |
2298 | * a few extra events that are useful during general operation. It | |
2299 | * does not enable any debugging related events. | |
2300 | * | |
2301 | * The device will function correctly without these events enabled | |
2302 | * and thus no need to fail the setup. | |
2303 | */ | |
2304 | btintel_set_event_mask(hdev, false); | |
2305 | ||
cda0dd78 MH |
2306 | return 0; |
2307 | } | |
2308 | ||
bfbd45e9 THJA |
2309 | static int btusb_shutdown_intel(struct hci_dev *hdev) |
2310 | { | |
2311 | struct sk_buff *skb; | |
2312 | long ret; | |
2313 | ||
2314 | /* Some platforms have an issue with BT LED when the interface is | |
2315 | * down or BT radio is turned off, which takes 5 seconds to BT LED | |
2316 | * goes off. This command turns off the BT LED immediately. | |
2317 | */ | |
2318 | skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); | |
2319 | if (IS_ERR(skb)) { | |
2320 | ret = PTR_ERR(skb); | |
2321 | BT_ERR("%s: turning off Intel device LED failed (%ld)", | |
2322 | hdev->name, ret); | |
2323 | return ret; | |
2324 | } | |
2325 | kfree_skb(skb); | |
2326 | ||
2327 | return 0; | |
2328 | } | |
2329 | ||
ae8df494 AK |
2330 | static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, |
2331 | const bdaddr_t *bdaddr) | |
2332 | { | |
2333 | struct sk_buff *skb; | |
2334 | u8 buf[8]; | |
2335 | long ret; | |
2336 | ||
2337 | buf[0] = 0xfe; | |
2338 | buf[1] = sizeof(bdaddr_t); | |
2339 | memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); | |
2340 | ||
2341 | skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); | |
2342 | if (IS_ERR(skb)) { | |
2343 | ret = PTR_ERR(skb); | |
2344 | BT_ERR("%s: changing Marvell device address failed (%ld)", | |
2345 | hdev->name, ret); | |
2346 | return ret; | |
2347 | } | |
2348 | kfree_skb(skb); | |
2349 | ||
2350 | return 0; | |
2351 | } | |
2352 | ||
5859223e TK |
2353 | static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, |
2354 | const bdaddr_t *bdaddr) | |
2355 | { | |
2356 | struct sk_buff *skb; | |
2357 | u8 buf[10]; | |
2358 | long ret; | |
2359 | ||
2360 | buf[0] = 0x01; | |
2361 | buf[1] = 0x01; | |
2362 | buf[2] = 0x00; | |
2363 | buf[3] = sizeof(bdaddr_t); | |
2364 | memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); | |
2365 | ||
2366 | skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); | |
2367 | if (IS_ERR(skb)) { | |
2368 | ret = PTR_ERR(skb); | |
2369 | BT_ERR("%s: Change address command failed (%ld)", | |
2370 | hdev->name, ret); | |
2371 | return ret; | |
2372 | } | |
2373 | kfree_skb(skb); | |
2374 | ||
2375 | return 0; | |
2376 | } | |
2377 | ||
3267c884 KBYT |
2378 | #define QCA_DFU_PACKET_LEN 4096 |
2379 | ||
2380 | #define QCA_GET_TARGET_VERSION 0x09 | |
2381 | #define QCA_CHECK_STATUS 0x05 | |
2382 | #define QCA_DFU_DOWNLOAD 0x01 | |
2383 | ||
2384 | #define QCA_SYSCFG_UPDATED 0x40 | |
2385 | #define QCA_PATCH_UPDATED 0x80 | |
2386 | #define QCA_DFU_TIMEOUT 3000 | |
2387 | ||
2388 | struct qca_version { | |
2389 | __le32 rom_version; | |
2390 | __le32 patch_version; | |
2391 | __le32 ram_version; | |
2392 | __le32 ref_clock; | |
2393 | __u8 reserved[4]; | |
2394 | } __packed; | |
2395 | ||
2396 | struct qca_rampatch_version { | |
2397 | __le16 rom_version; | |
2398 | __le16 patch_version; | |
2399 | } __packed; | |
2400 | ||
2401 | struct qca_device_info { | |
bf906b3d KBYT |
2402 | u32 rom_version; |
2403 | u8 rampatch_hdr; /* length of header in rampatch */ | |
2404 | u8 nvm_hdr; /* length of header in NVM */ | |
2405 | u8 ver_offset; /* offset of version structure in rampatch */ | |
3267c884 KBYT |
2406 | }; |
2407 | ||
2408 | static const struct qca_device_info qca_devices_table[] = { | |
2409 | { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ | |
2410 | { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ | |
7f6e6363 | 2411 | { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */ |
3267c884 KBYT |
2412 | { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ |
2413 | { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ | |
2414 | { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ | |
2415 | }; | |
2416 | ||
2417 | static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request, | |
2418 | void *data, u16 size) | |
2419 | { | |
2420 | struct btusb_data *btdata = hci_get_drvdata(hdev); | |
2421 | struct usb_device *udev = btdata->udev; | |
2422 | int pipe, err; | |
2423 | u8 *buf; | |
2424 | ||
2425 | buf = kmalloc(size, GFP_KERNEL); | |
2426 | if (!buf) | |
2427 | return -ENOMEM; | |
2428 | ||
2429 | /* Found some of USB hosts have IOT issues with ours so that we should | |
2430 | * not wait until HCI layer is ready. | |
2431 | */ | |
2432 | pipe = usb_rcvctrlpipe(udev, 0); | |
2433 | err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, | |
2434 | 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); | |
2435 | if (err < 0) { | |
2436 | BT_ERR("%s: Failed to access otp area (%d)", hdev->name, err); | |
2437 | goto done; | |
2438 | } | |
2439 | ||
2440 | memcpy(data, buf, size); | |
2441 | ||
2442 | done: | |
2443 | kfree(buf); | |
2444 | ||
2445 | return err; | |
2446 | } | |
2447 | ||
2448 | static int btusb_setup_qca_download_fw(struct hci_dev *hdev, | |
2449 | const struct firmware *firmware, | |
2450 | size_t hdr_size) | |
2451 | { | |
2452 | struct btusb_data *btdata = hci_get_drvdata(hdev); | |
2453 | struct usb_device *udev = btdata->udev; | |
2454 | size_t count, size, sent = 0; | |
2455 | int pipe, len, err; | |
2456 | u8 *buf; | |
2457 | ||
2458 | buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); | |
2459 | if (!buf) | |
2460 | return -ENOMEM; | |
2461 | ||
2462 | count = firmware->size; | |
2463 | ||
2464 | size = min_t(size_t, count, hdr_size); | |
2465 | memcpy(buf, firmware->data, size); | |
2466 | ||
2467 | /* USB patches should go down to controller through USB path | |
2468 | * because binary format fits to go down through USB channel. | |
2469 | * USB control path is for patching headers and USB bulk is for | |
2470 | * patch body. | |
2471 | */ | |
2472 | pipe = usb_sndctrlpipe(udev, 0); | |
2473 | err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, | |
2474 | 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); | |
2475 | if (err < 0) { | |
2476 | BT_ERR("%s: Failed to send headers (%d)", hdev->name, err); | |
2477 | goto done; | |
2478 | } | |
2479 | ||
2480 | sent += size; | |
2481 | count -= size; | |
2482 | ||
2483 | while (count) { | |
2484 | size = min_t(size_t, count, QCA_DFU_PACKET_LEN); | |
2485 | ||
2486 | memcpy(buf, firmware->data + sent, size); | |
2487 | ||
2488 | pipe = usb_sndbulkpipe(udev, 0x02); | |
2489 | err = usb_bulk_msg(udev, pipe, buf, size, &len, | |
2490 | QCA_DFU_TIMEOUT); | |
2491 | if (err < 0) { | |
2492 | BT_ERR("%s: Failed to send body at %zd of %zd (%d)", | |
2493 | hdev->name, sent, firmware->size, err); | |
2494 | break; | |
2495 | } | |
2496 | ||
2497 | if (size != len) { | |
2498 | BT_ERR("%s: Failed to get bulk buffer", hdev->name); | |
2499 | err = -EILSEQ; | |
2500 | break; | |
2501 | } | |
2502 | ||
2503 | sent += size; | |
2504 | count -= size; | |
2505 | } | |
2506 | ||
2507 | done: | |
2508 | kfree(buf); | |
2509 | return err; | |
2510 | } | |
2511 | ||
2512 | static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, | |
2513 | struct qca_version *ver, | |
2514 | const struct qca_device_info *info) | |
2515 | { | |
2516 | struct qca_rampatch_version *rver; | |
2517 | const struct firmware *fw; | |
bf906b3d KBYT |
2518 | u32 ver_rom, ver_patch; |
2519 | u16 rver_rom, rver_patch; | |
3267c884 KBYT |
2520 | char fwname[64]; |
2521 | int err; | |
2522 | ||
bf906b3d KBYT |
2523 | ver_rom = le32_to_cpu(ver->rom_version); |
2524 | ver_patch = le32_to_cpu(ver->patch_version); | |
2525 | ||
2526 | snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); | |
3267c884 KBYT |
2527 | |
2528 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2529 | if (err) { | |
2530 | BT_ERR("%s: failed to request rampatch file: %s (%d)", | |
2531 | hdev->name, fwname, err); | |
2532 | return err; | |
2533 | } | |
2534 | ||
2535 | BT_INFO("%s: using rampatch file: %s", hdev->name, fwname); | |
bf906b3d | 2536 | |
3267c884 | 2537 | rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); |
bf906b3d KBYT |
2538 | rver_rom = le16_to_cpu(rver->rom_version); |
2539 | rver_patch = le16_to_cpu(rver->patch_version); | |
2540 | ||
3267c884 | 2541 | BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x " |
bf906b3d KBYT |
2542 | "build 0x%x", hdev->name, rver_rom, rver_patch, ver_rom, |
2543 | ver_patch); | |
3267c884 | 2544 | |
bf906b3d | 2545 | if (rver_rom != ver_rom || rver_patch <= ver_patch) { |
3267c884 KBYT |
2546 | BT_ERR("%s: rampatch file version did not match with firmware", |
2547 | hdev->name); | |
2548 | err = -EINVAL; | |
2549 | goto done; | |
2550 | } | |
2551 | ||
2552 | err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); | |
2553 | ||
2554 | done: | |
2555 | release_firmware(fw); | |
2556 | ||
2557 | return err; | |
2558 | } | |
2559 | ||
2560 | static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, | |
2561 | struct qca_version *ver, | |
2562 | const struct qca_device_info *info) | |
2563 | { | |
2564 | const struct firmware *fw; | |
2565 | char fwname[64]; | |
2566 | int err; | |
2567 | ||
2568 | snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", | |
2569 | le32_to_cpu(ver->rom_version)); | |
2570 | ||
2571 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2572 | if (err) { | |
2573 | BT_ERR("%s: failed to request NVM file: %s (%d)", | |
2574 | hdev->name, fwname, err); | |
2575 | return err; | |
2576 | } | |
2577 | ||
2578 | BT_INFO("%s: using NVM file: %s", hdev->name, fwname); | |
2579 | ||
2580 | err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); | |
2581 | ||
2582 | release_firmware(fw); | |
2583 | ||
2584 | return err; | |
2585 | } | |
2586 | ||
2587 | static int btusb_setup_qca(struct hci_dev *hdev) | |
2588 | { | |
2589 | const struct qca_device_info *info = NULL; | |
2590 | struct qca_version ver; | |
bf906b3d | 2591 | u32 ver_rom; |
3267c884 KBYT |
2592 | u8 status; |
2593 | int i, err; | |
2594 | ||
2595 | err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver, | |
eb50042f | 2596 | sizeof(ver)); |
3267c884 KBYT |
2597 | if (err < 0) |
2598 | return err; | |
2599 | ||
bf906b3d | 2600 | ver_rom = le32_to_cpu(ver.rom_version); |
3267c884 | 2601 | for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { |
bf906b3d | 2602 | if (ver_rom == qca_devices_table[i].rom_version) |
3267c884 KBYT |
2603 | info = &qca_devices_table[i]; |
2604 | } | |
2605 | if (!info) { | |
2606 | BT_ERR("%s: don't support firmware rome 0x%x", hdev->name, | |
bf906b3d | 2607 | ver_rom); |
3267c884 KBYT |
2608 | return -ENODEV; |
2609 | } | |
2610 | ||
2611 | err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status, | |
2612 | sizeof(status)); | |
2613 | if (err < 0) | |
2614 | return err; | |
2615 | ||
2616 | if (!(status & QCA_PATCH_UPDATED)) { | |
2617 | err = btusb_setup_qca_load_rampatch(hdev, &ver, info); | |
2618 | if (err < 0) | |
2619 | return err; | |
2620 | } | |
2621 | ||
2622 | if (!(status & QCA_SYSCFG_UPDATED)) { | |
2623 | err = btusb_setup_qca_load_nvm(hdev, &ver, info); | |
2624 | if (err < 0) | |
2625 | return err; | |
2626 | } | |
2627 | ||
2628 | return 0; | |
2629 | } | |
2630 | ||
9d08f504 MH |
2631 | #ifdef CONFIG_BT_HCIBTUSB_BCM |
2632 | static inline int __set_diag_interface(struct hci_dev *hdev) | |
2633 | { | |
2634 | struct btusb_data *data = hci_get_drvdata(hdev); | |
2635 | struct usb_interface *intf = data->diag; | |
2636 | int i; | |
2637 | ||
2638 | if (!data->diag) | |
2639 | return -ENODEV; | |
2640 | ||
2641 | data->diag_tx_ep = NULL; | |
2642 | data->diag_rx_ep = NULL; | |
2643 | ||
2644 | for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { | |
2645 | struct usb_endpoint_descriptor *ep_desc; | |
2646 | ||
2647 | ep_desc = &intf->cur_altsetting->endpoint[i].desc; | |
2648 | ||
2649 | if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { | |
2650 | data->diag_tx_ep = ep_desc; | |
2651 | continue; | |
2652 | } | |
2653 | ||
2654 | if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { | |
2655 | data->diag_rx_ep = ep_desc; | |
2656 | continue; | |
2657 | } | |
2658 | } | |
2659 | ||
2660 | if (!data->diag_tx_ep || !data->diag_rx_ep) { | |
2661 | BT_ERR("%s invalid diagnostic descriptors", hdev->name); | |
2662 | return -ENODEV; | |
2663 | } | |
2664 | ||
2665 | return 0; | |
2666 | } | |
2667 | ||
2668 | static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) | |
2669 | { | |
2670 | struct btusb_data *data = hci_get_drvdata(hdev); | |
2671 | struct sk_buff *skb; | |
2672 | struct urb *urb; | |
2673 | unsigned int pipe; | |
2674 | ||
2675 | if (!data->diag_tx_ep) | |
2676 | return ERR_PTR(-ENODEV); | |
2677 | ||
2678 | urb = usb_alloc_urb(0, GFP_KERNEL); | |
2679 | if (!urb) | |
2680 | return ERR_PTR(-ENOMEM); | |
2681 | ||
2682 | skb = bt_skb_alloc(2, GFP_KERNEL); | |
2683 | if (!skb) { | |
2684 | usb_free_urb(urb); | |
2685 | return ERR_PTR(-ENOMEM); | |
2686 | } | |
2687 | ||
2688 | *skb_put(skb, 1) = 0xf0; | |
2689 | *skb_put(skb, 1) = enable; | |
2690 | ||
2691 | pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); | |
2692 | ||
2693 | usb_fill_bulk_urb(urb, data->udev, pipe, | |
2694 | skb->data, skb->len, btusb_tx_complete, skb); | |
2695 | ||
2696 | skb->dev = (void *)hdev; | |
2697 | ||
2698 | return urb; | |
2699 | } | |
2700 | ||
2701 | static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) | |
2702 | { | |
2703 | struct btusb_data *data = hci_get_drvdata(hdev); | |
2704 | struct urb *urb; | |
2705 | ||
2706 | if (!data->diag) | |
2707 | return -ENODEV; | |
2708 | ||
2709 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
2710 | return -ENETDOWN; | |
2711 | ||
2712 | urb = alloc_diag_urb(hdev, enable); | |
2713 | if (IS_ERR(urb)) | |
2714 | return PTR_ERR(urb); | |
2715 | ||
2716 | return submit_or_queue_tx_urb(hdev, urb); | |
2717 | } | |
2718 | #endif | |
2719 | ||
5e23b923 | 2720 | static int btusb_probe(struct usb_interface *intf, |
89e7533d | 2721 | const struct usb_device_id *id) |
5e23b923 MH |
2722 | { |
2723 | struct usb_endpoint_descriptor *ep_desc; | |
2724 | struct btusb_data *data; | |
2725 | struct hci_dev *hdev; | |
22f8e9db | 2726 | unsigned ifnum_base; |
5e23b923 MH |
2727 | int i, err; |
2728 | ||
2729 | BT_DBG("intf %p id %p", intf, id); | |
2730 | ||
cfeb4145 | 2731 | /* interface numbers are hardcoded in the spec */ |
22f8e9db MH |
2732 | if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { |
2733 | if (!(id->driver_info & BTUSB_IFNUM_2)) | |
2734 | return -ENODEV; | |
2735 | if (intf->cur_altsetting->desc.bInterfaceNumber != 2) | |
2736 | return -ENODEV; | |
2737 | } | |
2738 | ||
2739 | ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; | |
5e23b923 MH |
2740 | |
2741 | if (!id->driver_info) { | |
2742 | const struct usb_device_id *match; | |
89e7533d | 2743 | |
5e23b923 MH |
2744 | match = usb_match_id(intf, blacklist_table); |
2745 | if (match) | |
2746 | id = match; | |
2747 | } | |
2748 | ||
cfeb4145 MH |
2749 | if (id->driver_info == BTUSB_IGNORE) |
2750 | return -ENODEV; | |
2751 | ||
2d25f8b4 SL |
2752 | if (id->driver_info & BTUSB_ATH3012) { |
2753 | struct usb_device *udev = interface_to_usbdev(intf); | |
2754 | ||
2755 | /* Old firmware would otherwise let ath3k driver load | |
2756 | * patch and sysconfig files */ | |
2757 | if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) | |
2758 | return -ENODEV; | |
2759 | } | |
2760 | ||
98921dbd | 2761 | data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); |
5e23b923 MH |
2762 | if (!data) |
2763 | return -ENOMEM; | |
2764 | ||
2765 | for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { | |
2766 | ep_desc = &intf->cur_altsetting->endpoint[i].desc; | |
2767 | ||
2768 | if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { | |
2769 | data->intr_ep = ep_desc; | |
2770 | continue; | |
2771 | } | |
2772 | ||
2773 | if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { | |
2774 | data->bulk_tx_ep = ep_desc; | |
2775 | continue; | |
2776 | } | |
2777 | ||
2778 | if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { | |
2779 | data->bulk_rx_ep = ep_desc; | |
2780 | continue; | |
2781 | } | |
2782 | } | |
2783 | ||
98921dbd | 2784 | if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) |
5e23b923 | 2785 | return -ENODEV; |
5e23b923 | 2786 | |
893ba544 MH |
2787 | if (id->driver_info & BTUSB_AMP) { |
2788 | data->cmdreq_type = USB_TYPE_CLASS | 0x01; | |
2789 | data->cmdreq = 0x2b; | |
2790 | } else { | |
2791 | data->cmdreq_type = USB_TYPE_CLASS; | |
2792 | data->cmdreq = 0x00; | |
2793 | } | |
7a9d4020 | 2794 | |
5e23b923 | 2795 | data->udev = interface_to_usbdev(intf); |
5fbcd260 | 2796 | data->intf = intf; |
5e23b923 | 2797 | |
5e23b923 | 2798 | INIT_WORK(&data->work, btusb_work); |
7bee549e | 2799 | INIT_WORK(&data->waker, btusb_waker); |
803b5836 MH |
2800 | init_usb_anchor(&data->deferred); |
2801 | init_usb_anchor(&data->tx_anchor); | |
7bee549e | 2802 | spin_lock_init(&data->txlock); |
5e23b923 | 2803 | |
5e23b923 MH |
2804 | init_usb_anchor(&data->intr_anchor); |
2805 | init_usb_anchor(&data->bulk_anchor); | |
9bfa35fe | 2806 | init_usb_anchor(&data->isoc_anchor); |
9d08f504 | 2807 | init_usb_anchor(&data->diag_anchor); |
803b5836 | 2808 | spin_lock_init(&data->rxlock); |
5e23b923 | 2809 | |
cda0dd78 MH |
2810 | if (id->driver_info & BTUSB_INTEL_NEW) { |
2811 | data->recv_event = btusb_recv_event_intel; | |
2812 | data->recv_bulk = btusb_recv_bulk_intel; | |
2813 | set_bit(BTUSB_BOOTLOADER, &data->flags); | |
2814 | } else { | |
2815 | data->recv_event = hci_recv_frame; | |
2816 | data->recv_bulk = btusb_recv_bulk; | |
2817 | } | |
2cbd3f5c | 2818 | |
5e23b923 | 2819 | hdev = hci_alloc_dev(); |
98921dbd | 2820 | if (!hdev) |
5e23b923 | 2821 | return -ENOMEM; |
5e23b923 | 2822 | |
c13854ce | 2823 | hdev->bus = HCI_USB; |
155961e8 | 2824 | hci_set_drvdata(hdev, data); |
5e23b923 | 2825 | |
893ba544 MH |
2826 | if (id->driver_info & BTUSB_AMP) |
2827 | hdev->dev_type = HCI_AMP; | |
2828 | else | |
2829 | hdev->dev_type = HCI_BREDR; | |
2830 | ||
5e23b923 MH |
2831 | data->hdev = hdev; |
2832 | ||
2833 | SET_HCIDEV_DEV(hdev, &intf->dev); | |
2834 | ||
9f8f962c MH |
2835 | hdev->open = btusb_open; |
2836 | hdev->close = btusb_close; | |
2837 | hdev->flush = btusb_flush; | |
2838 | hdev->send = btusb_send_frame; | |
2839 | hdev->notify = btusb_notify; | |
2840 | ||
6c9d435d MH |
2841 | if (id->driver_info & BTUSB_BCM2045) |
2842 | set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); | |
2843 | ||
9f8f962c MH |
2844 | if (id->driver_info & BTUSB_BCM92035) |
2845 | hdev->setup = btusb_setup_bcm92035; | |
5e23b923 | 2846 | |
c2bfb100 | 2847 | #ifdef CONFIG_BT_HCIBTUSB_BCM |
abbaf50e | 2848 | if (id->driver_info & BTUSB_BCM_PATCHRAM) { |
49a5f782 | 2849 | hdev->manufacturer = 15; |
c2bfb100 | 2850 | hdev->setup = btbcm_setup_patchram; |
9d08f504 | 2851 | hdev->set_diag = btusb_bcm_set_diag; |
1df1f591 | 2852 | hdev->set_bdaddr = btbcm_set_bdaddr; |
9d08f504 MH |
2853 | |
2854 | /* Broadcom LM_DIAG Interface numbers are hardcoded */ | |
22f8e9db | 2855 | data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); |
abbaf50e | 2856 | } |
10d4c673 | 2857 | |
9d08f504 | 2858 | if (id->driver_info & BTUSB_BCM_APPLE) { |
49a5f782 | 2859 | hdev->manufacturer = 15; |
c2bfb100 | 2860 | hdev->setup = btbcm_setup_apple; |
9d08f504 MH |
2861 | hdev->set_diag = btusb_bcm_set_diag; |
2862 | ||
2863 | /* Broadcom LM_DIAG Interface numbers are hardcoded */ | |
22f8e9db | 2864 | data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); |
9d08f504 | 2865 | } |
c2bfb100 | 2866 | #endif |
17b2772b | 2867 | |
cb8d6597 | 2868 | if (id->driver_info & BTUSB_INTEL) { |
49a5f782 | 2869 | hdev->manufacturer = 2; |
dffd30ee | 2870 | hdev->setup = btusb_setup_intel; |
bfbd45e9 | 2871 | hdev->shutdown = btusb_shutdown_intel; |
3e24767b | 2872 | hdev->set_diag = btintel_set_diag_mfg; |
4185a0f5 | 2873 | hdev->set_bdaddr = btintel_set_bdaddr; |
c33fb9b4 | 2874 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
c1154842 | 2875 | set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); |
3e24767b | 2876 | set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); |
cb8d6597 | 2877 | } |
dffd30ee | 2878 | |
cda0dd78 | 2879 | if (id->driver_info & BTUSB_INTEL_NEW) { |
49a5f782 | 2880 | hdev->manufacturer = 2; |
cda0dd78 MH |
2881 | hdev->send = btusb_send_frame_intel; |
2882 | hdev->setup = btusb_setup_intel_new; | |
eeb6abe9 | 2883 | hdev->hw_error = btintel_hw_error; |
6d2e50d2 | 2884 | hdev->set_diag = btintel_set_diag; |
4185a0f5 | 2885 | hdev->set_bdaddr = btintel_set_bdaddr; |
b970c5ba | 2886 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
d8270fbb | 2887 | set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); |
cda0dd78 MH |
2888 | } |
2889 | ||
ae8df494 AK |
2890 | if (id->driver_info & BTUSB_MARVELL) |
2891 | hdev->set_bdaddr = btusb_set_bdaddr_marvell; | |
2892 | ||
661cf88a MH |
2893 | if (id->driver_info & BTUSB_SWAVE) { |
2894 | set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); | |
d57dbe77 | 2895 | set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); |
661cf88a | 2896 | } |
d57dbe77 | 2897 | |
e4c534bb MH |
2898 | if (id->driver_info & BTUSB_INTEL_BOOT) { |
2899 | hdev->manufacturer = 2; | |
40df783d | 2900 | set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); |
e4c534bb | 2901 | } |
40df783d | 2902 | |
79f0c87d | 2903 | if (id->driver_info & BTUSB_ATH3012) { |
5859223e | 2904 | hdev->set_bdaddr = btusb_set_bdaddr_ath3012; |
3d50d51a | 2905 | set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); |
79f0c87d JP |
2906 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
2907 | } | |
5859223e | 2908 | |
3267c884 KBYT |
2909 | if (id->driver_info & BTUSB_QCA_ROME) { |
2910 | data->setup_on_usb = btusb_setup_qca; | |
2911 | hdev->set_bdaddr = btusb_set_bdaddr_ath3012; | |
2912 | } | |
2913 | ||
db33c77d | 2914 | #ifdef CONFIG_BT_HCIBTUSB_RTL |
04b8c814 | 2915 | if (id->driver_info & BTUSB_REALTEK) { |
db33c77d | 2916 | hdev->setup = btrtl_setup_realtek; |
04b8c814 DD |
2917 | |
2918 | /* Realtek devices lose their updated firmware over suspend, | |
2919 | * but the USB hub doesn't notice any status change. | |
2920 | * Explicitly request a device reset on resume. | |
2921 | */ | |
2922 | set_bit(BTUSB_RESET_RESUME, &data->flags); | |
2923 | } | |
db33c77d | 2924 | #endif |
a2698a9b | 2925 | |
893ba544 MH |
2926 | if (id->driver_info & BTUSB_AMP) { |
2927 | /* AMP controllers do not support SCO packets */ | |
2928 | data->isoc = NULL; | |
2929 | } else { | |
22f8e9db MH |
2930 | /* Interface orders are hardcoded in the specification */ |
2931 | data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); | |
893ba544 | 2932 | } |
9bfa35fe | 2933 | |
7a9d4020 | 2934 | if (!reset) |
a6c511c6 | 2935 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
cfeb4145 MH |
2936 | |
2937 | if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { | |
2938 | if (!disable_scofix) | |
2939 | set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); | |
2940 | } | |
2941 | ||
9bfa35fe MH |
2942 | if (id->driver_info & BTUSB_BROKEN_ISOC) |
2943 | data->isoc = NULL; | |
2944 | ||
7a9d4020 MH |
2945 | if (id->driver_info & BTUSB_DIGIANSWER) { |
2946 | data->cmdreq_type = USB_TYPE_VENDOR; | |
a6c511c6 | 2947 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
7a9d4020 MH |
2948 | } |
2949 | ||
2950 | if (id->driver_info & BTUSB_CSR) { | |
2951 | struct usb_device *udev = data->udev; | |
81cac64b | 2952 | u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); |
7a9d4020 MH |
2953 | |
2954 | /* Old firmware would otherwise execute USB reset */ | |
81cac64b | 2955 | if (bcdDevice < 0x117) |
a6c511c6 | 2956 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
81cac64b MH |
2957 | |
2958 | /* Fake CSR devices with broken commands */ | |
6cafcd95 | 2959 | if (bcdDevice <= 0x100 || bcdDevice == 0x134) |
81cac64b | 2960 | hdev->setup = btusb_setup_csr; |
49c989a0 JP |
2961 | |
2962 | set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
7a9d4020 MH |
2963 | } |
2964 | ||
cfeb4145 | 2965 | if (id->driver_info & BTUSB_SNIFFER) { |
9bfa35fe | 2966 | struct usb_device *udev = data->udev; |
cfeb4145 | 2967 | |
7a9d4020 | 2968 | /* New sniffer firmware has crippled HCI interface */ |
cfeb4145 MH |
2969 | if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) |
2970 | set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); | |
2971 | } | |
2972 | ||
3a5ef20c MH |
2973 | if (id->driver_info & BTUSB_INTEL_BOOT) { |
2974 | /* A bug in the bootloader causes that interrupt interface is | |
2975 | * only enabled after receiving SetInterface(0, AltSetting=0). | |
2976 | */ | |
2977 | err = usb_set_interface(data->udev, 0, 0); | |
2978 | if (err < 0) { | |
2979 | BT_ERR("failed to set interface 0, alt 0 %d", err); | |
2980 | hci_free_dev(hdev); | |
2981 | return err; | |
2982 | } | |
2983 | } | |
2984 | ||
9bfa35fe MH |
2985 | if (data->isoc) { |
2986 | err = usb_driver_claim_interface(&btusb_driver, | |
89e7533d | 2987 | data->isoc, data); |
9bfa35fe MH |
2988 | if (err < 0) { |
2989 | hci_free_dev(hdev); | |
9bfa35fe MH |
2990 | return err; |
2991 | } | |
2992 | } | |
2993 | ||
9d08f504 MH |
2994 | #ifdef CONFIG_BT_HCIBTUSB_BCM |
2995 | if (data->diag) { | |
2996 | if (!usb_driver_claim_interface(&btusb_driver, | |
2997 | data->diag, data)) | |
2998 | __set_diag_interface(hdev); | |
2999 | else | |
3000 | data->diag = NULL; | |
3001 | } | |
3002 | #endif | |
3003 | ||
5e23b923 MH |
3004 | err = hci_register_dev(hdev); |
3005 | if (err < 0) { | |
3006 | hci_free_dev(hdev); | |
5e23b923 MH |
3007 | return err; |
3008 | } | |
3009 | ||
3010 | usb_set_intfdata(intf, data); | |
3011 | ||
3012 | return 0; | |
3013 | } | |
3014 | ||
3015 | static void btusb_disconnect(struct usb_interface *intf) | |
3016 | { | |
3017 | struct btusb_data *data = usb_get_intfdata(intf); | |
3018 | struct hci_dev *hdev; | |
3019 | ||
3020 | BT_DBG("intf %p", intf); | |
3021 | ||
3022 | if (!data) | |
3023 | return; | |
3024 | ||
3025 | hdev = data->hdev; | |
5fbcd260 MH |
3026 | usb_set_intfdata(data->intf, NULL); |
3027 | ||
3028 | if (data->isoc) | |
3029 | usb_set_intfdata(data->isoc, NULL); | |
5e23b923 | 3030 | |
9d08f504 MH |
3031 | if (data->diag) |
3032 | usb_set_intfdata(data->diag, NULL); | |
3033 | ||
5e23b923 MH |
3034 | hci_unregister_dev(hdev); |
3035 | ||
9d08f504 MH |
3036 | if (intf == data->intf) { |
3037 | if (data->isoc) | |
3038 | usb_driver_release_interface(&btusb_driver, data->isoc); | |
3039 | if (data->diag) | |
3040 | usb_driver_release_interface(&btusb_driver, data->diag); | |
3041 | } else if (intf == data->isoc) { | |
3042 | if (data->diag) | |
3043 | usb_driver_release_interface(&btusb_driver, data->diag); | |
5fbcd260 | 3044 | usb_driver_release_interface(&btusb_driver, data->intf); |
9d08f504 MH |
3045 | } else if (intf == data->diag) { |
3046 | usb_driver_release_interface(&btusb_driver, data->intf); | |
3047 | if (data->isoc) | |
3048 | usb_driver_release_interface(&btusb_driver, data->isoc); | |
3049 | } | |
5fbcd260 | 3050 | |
5e23b923 MH |
3051 | hci_free_dev(hdev); |
3052 | } | |
3053 | ||
7bee549e | 3054 | #ifdef CONFIG_PM |
6a88adf2 MH |
3055 | static int btusb_suspend(struct usb_interface *intf, pm_message_t message) |
3056 | { | |
3057 | struct btusb_data *data = usb_get_intfdata(intf); | |
3058 | ||
3059 | BT_DBG("intf %p", intf); | |
3060 | ||
3061 | if (data->suspend_count++) | |
3062 | return 0; | |
3063 | ||
7bee549e | 3064 | spin_lock_irq(&data->txlock); |
5b1b0b81 | 3065 | if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { |
7bee549e ON |
3066 | set_bit(BTUSB_SUSPENDING, &data->flags); |
3067 | spin_unlock_irq(&data->txlock); | |
3068 | } else { | |
3069 | spin_unlock_irq(&data->txlock); | |
3070 | data->suspend_count--; | |
3071 | return -EBUSY; | |
3072 | } | |
3073 | ||
6a88adf2 MH |
3074 | cancel_work_sync(&data->work); |
3075 | ||
7bee549e | 3076 | btusb_stop_traffic(data); |
6a88adf2 MH |
3077 | usb_kill_anchored_urbs(&data->tx_anchor); |
3078 | ||
04b8c814 DD |
3079 | /* Optionally request a device reset on resume, but only when |
3080 | * wakeups are disabled. If wakeups are enabled we assume the | |
3081 | * device will stay powered up throughout suspend. | |
3082 | */ | |
3083 | if (test_bit(BTUSB_RESET_RESUME, &data->flags) && | |
3084 | !device_may_wakeup(&data->udev->dev)) | |
3085 | data->udev->reset_resume = 1; | |
3086 | ||
6a88adf2 MH |
3087 | return 0; |
3088 | } | |
3089 | ||
7bee549e ON |
3090 | static void play_deferred(struct btusb_data *data) |
3091 | { | |
3092 | struct urb *urb; | |
3093 | int err; | |
3094 | ||
3095 | while ((urb = usb_get_from_anchor(&data->deferred))) { | |
3096 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
3097 | if (err < 0) | |
3098 | break; | |
3099 | ||
3100 | data->tx_in_flight++; | |
3101 | } | |
3102 | usb_scuttle_anchored_urbs(&data->deferred); | |
3103 | } | |
3104 | ||
6a88adf2 MH |
3105 | static int btusb_resume(struct usb_interface *intf) |
3106 | { | |
3107 | struct btusb_data *data = usb_get_intfdata(intf); | |
3108 | struct hci_dev *hdev = data->hdev; | |
7bee549e | 3109 | int err = 0; |
6a88adf2 MH |
3110 | |
3111 | BT_DBG("intf %p", intf); | |
3112 | ||
3113 | if (--data->suspend_count) | |
3114 | return 0; | |
3115 | ||
3116 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
7bee549e | 3117 | goto done; |
6a88adf2 MH |
3118 | |
3119 | if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { | |
3120 | err = btusb_submit_intr_urb(hdev, GFP_NOIO); | |
3121 | if (err < 0) { | |
3122 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | |
7bee549e | 3123 | goto failed; |
6a88adf2 MH |
3124 | } |
3125 | } | |
3126 | ||
3127 | if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { | |
43c2e57f MH |
3128 | err = btusb_submit_bulk_urb(hdev, GFP_NOIO); |
3129 | if (err < 0) { | |
6a88adf2 | 3130 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); |
7bee549e ON |
3131 | goto failed; |
3132 | } | |
3133 | ||
3134 | btusb_submit_bulk_urb(hdev, GFP_NOIO); | |
6a88adf2 MH |
3135 | } |
3136 | ||
3137 | if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { | |
3138 | if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) | |
3139 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
3140 | else | |
3141 | btusb_submit_isoc_urb(hdev, GFP_NOIO); | |
3142 | } | |
3143 | ||
7bee549e ON |
3144 | spin_lock_irq(&data->txlock); |
3145 | play_deferred(data); | |
3146 | clear_bit(BTUSB_SUSPENDING, &data->flags); | |
3147 | spin_unlock_irq(&data->txlock); | |
3148 | schedule_work(&data->work); | |
3149 | ||
6a88adf2 | 3150 | return 0; |
7bee549e ON |
3151 | |
3152 | failed: | |
3153 | usb_scuttle_anchored_urbs(&data->deferred); | |
3154 | done: | |
3155 | spin_lock_irq(&data->txlock); | |
3156 | clear_bit(BTUSB_SUSPENDING, &data->flags); | |
3157 | spin_unlock_irq(&data->txlock); | |
3158 | ||
3159 | return err; | |
6a88adf2 | 3160 | } |
7bee549e | 3161 | #endif |
6a88adf2 | 3162 | |
5e23b923 MH |
3163 | static struct usb_driver btusb_driver = { |
3164 | .name = "btusb", | |
3165 | .probe = btusb_probe, | |
3166 | .disconnect = btusb_disconnect, | |
7bee549e | 3167 | #ifdef CONFIG_PM |
6a88adf2 MH |
3168 | .suspend = btusb_suspend, |
3169 | .resume = btusb_resume, | |
7bee549e | 3170 | #endif |
5e23b923 | 3171 | .id_table = btusb_table, |
7bee549e | 3172 | .supports_autosuspend = 1, |
e1f12eb6 | 3173 | .disable_hub_initiated_lpm = 1, |
5e23b923 MH |
3174 | }; |
3175 | ||
93f1508c | 3176 | module_usb_driver(btusb_driver); |
5e23b923 | 3177 | |
cfeb4145 MH |
3178 | module_param(disable_scofix, bool, 0644); |
3179 | MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); | |
3180 | ||
3181 | module_param(force_scofix, bool, 0644); | |
3182 | MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); | |
3183 | ||
3184 | module_param(reset, bool, 0644); | |
3185 | MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); | |
3186 | ||
5e23b923 MH |
3187 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
3188 | MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); | |
3189 | MODULE_VERSION(VERSION); | |
3190 | MODULE_LICENSE("GPL"); |