tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 *
3 * Generic Bluetooth USB driver
4 *
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/dmi.h>
25#include <linux/module.h>
26#include <linux/usb.h>
27#include <linux/usb/quirks.h>
28#include <linux/firmware.h>
29#include <linux/of_device.h>
30#include <linux/of_irq.h>
31#include <linux/suspend.h>
32#include <asm/unaligned.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36
37#include "btintel.h"
38#include "btbcm.h"
39#include "btrtl.h"
40
41#define VERSION "0.8"
42
43static bool disable_scofix;
44static bool force_scofix;
45static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND);
46
47static bool reset = true;
48
49static struct usb_driver btusb_driver;
50
51#define BTUSB_IGNORE 0x01
52#define BTUSB_DIGIANSWER 0x02
53#define BTUSB_CSR 0x04
54#define BTUSB_SNIFFER 0x08
55#define BTUSB_BCM92035 0x10
56#define BTUSB_BROKEN_ISOC 0x20
57#define BTUSB_WRONG_SCO_MTU 0x40
58#define BTUSB_ATH3012 0x80
59#define BTUSB_INTEL 0x100
60#define BTUSB_INTEL_BOOT 0x200
61#define BTUSB_BCM_PATCHRAM 0x400
62#define BTUSB_MARVELL 0x800
63#define BTUSB_SWAVE 0x1000
64#define BTUSB_INTEL_NEW 0x2000
65#define BTUSB_AMP 0x4000
66#define BTUSB_QCA_ROME 0x8000
67#define BTUSB_BCM_APPLE 0x10000
68#define BTUSB_REALTEK 0x20000
69#define BTUSB_BCM2045 0x40000
70#define BTUSB_IFNUM_2 0x80000
71#define BTUSB_CW6622 0x100000
72
73static const struct usb_device_id btusb_table[] = {
74 /* Generic Bluetooth USB device */
75 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
76
77 /* Generic Bluetooth AMP device */
78 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP },
79
80 /* Generic Bluetooth USB interface */
81 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) },
82
83 /* Apple-specific (Broadcom) devices */
84 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01),
85 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 },
86
87 /* MediaTek MT76x0E */
88 { USB_DEVICE(0x0e8d, 0x763f) },
89
90 /* Broadcom SoftSailing reporting vendor specific */
91 { USB_DEVICE(0x0a5c, 0x21e1) },
92
93 /* Apple MacBookPro 7,1 */
94 { USB_DEVICE(0x05ac, 0x8213) },
95
96 /* Apple iMac11,1 */
97 { USB_DEVICE(0x05ac, 0x8215) },
98
99 /* Apple MacBookPro6,2 */
100 { USB_DEVICE(0x05ac, 0x8218) },
101
102 /* Apple MacBookAir3,1, MacBookAir3,2 */
103 { USB_DEVICE(0x05ac, 0x821b) },
104
105 /* Apple MacBookAir4,1 */
106 { USB_DEVICE(0x05ac, 0x821f) },
107
108 /* Apple MacBookPro8,2 */
109 { USB_DEVICE(0x05ac, 0x821a) },
110
111 /* Apple MacMini5,1 */
112 { USB_DEVICE(0x05ac, 0x8281) },
113
114 /* AVM BlueFRITZ! USB v2.0 */
115 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE },
116
117 /* Bluetooth Ultraport Module from IBM */
118 { USB_DEVICE(0x04bf, 0x030a) },
119
120 /* ALPS Modules with non-standard id */
121 { USB_DEVICE(0x044e, 0x3001) },
122 { USB_DEVICE(0x044e, 0x3002) },
123
124 /* Ericsson with non-standard id */
125 { USB_DEVICE(0x0bdb, 0x1002) },
126
127 /* Canyon CN-BTU1 with HID interfaces */
128 { USB_DEVICE(0x0c10, 0x0000) },
129
130 /* Broadcom BCM20702A0 */
131 { USB_DEVICE(0x413c, 0x8197) },
132
133 /* Broadcom BCM20702B0 (Dynex/Insignia) */
134 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
135
136 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */
137 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01),
138 .driver_info = BTUSB_BCM_PATCHRAM },
139
140 /* Broadcom BCM920703 (HTC Vive) */
141 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01),
142 .driver_info = BTUSB_BCM_PATCHRAM },
143
144 /* Foxconn - Hon Hai */
145 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
146 .driver_info = BTUSB_BCM_PATCHRAM },
147
148 /* Lite-On Technology - Broadcom based */
149 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
150 .driver_info = BTUSB_BCM_PATCHRAM },
151
152 /* Broadcom devices with vendor specific id */
153 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
154 .driver_info = BTUSB_BCM_PATCHRAM },
155
156 /* ASUSTek Computer - Broadcom based */
157 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
158 .driver_info = BTUSB_BCM_PATCHRAM },
159
160 /* Belkin F8065bf - Broadcom based */
161 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
162 .driver_info = BTUSB_BCM_PATCHRAM },
163
164 /* IMC Networks - Broadcom based */
165 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
166 .driver_info = BTUSB_BCM_PATCHRAM },
167
168 /* Dell Computer - Broadcom based */
169 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01),
170 .driver_info = BTUSB_BCM_PATCHRAM },
171
172 /* Toshiba Corp - Broadcom based */
173 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01),
174 .driver_info = BTUSB_BCM_PATCHRAM },
175
176 /* Intel Bluetooth USB Bootloader (RAM module) */
177 { USB_DEVICE(0x8087, 0x0a5a),
178 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
179
180 { } /* Terminating entry */
181};
182
183MODULE_DEVICE_TABLE(usb, btusb_table);
184
185static const struct usb_device_id blacklist_table[] = {
186 /* CSR BlueCore devices */
187 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
188
189 /* Broadcom BCM2033 without firmware */
190 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
191
192 /* Broadcom BCM2045 devices */
193 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 },
194
195 /* Atheros 3011 with sflash firmware */
196 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
197 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
198 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
199 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
200 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
201 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
202 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
203
204 /* Atheros AR9285 Malbec with sflash firmware */
205 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
206
207 /* Atheros 3012 with sflash firmware */
208 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
209 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
210 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
211 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
212 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
213 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
214 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
215 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 },
216 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
217 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
218 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
219 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
220 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
221 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
222 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
223 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 },
224 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
225 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
226 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 },
227 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 },
228 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
229 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
230 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
231 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
232 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
233 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
234 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
235 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
236 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
237 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
238 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
239 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
240 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
241 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
242 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
243 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
244 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
245 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
246 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
247 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
248 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
249 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 },
250 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
251 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
252 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
253 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
254 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
255 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
256 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
257 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
258
259 /* Atheros AR5BBU12 with sflash firmware */
260 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
261
262 /* Atheros AR5BBU12 with sflash firmware */
263 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
264 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
265
266 /* QCA ROME chipset */
267 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
268 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
269 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME },
270 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
271 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME },
272 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
273 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
274 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME },
275 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME },
276 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME },
277 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME },
278 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME },
279 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME },
280 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME },
281
282 /* Broadcom BCM2035 */
283 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
284 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
285 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
286
287 /* Broadcom BCM2045 */
288 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
289 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
290
291 /* IBM/Lenovo ThinkPad with Broadcom chip */
292 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
293 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
294
295 /* HP laptop with Broadcom chip */
296 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
297
298 /* Dell laptop with Broadcom chip */
299 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
300
301 /* Dell Wireless 370 and 410 devices */
302 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
303 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
304
305 /* Belkin F8T012 and F8T013 devices */
306 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
307 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
308
309 /* Asus WL-BTD202 device */
310 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
311
312 /* Kensington Bluetooth USB adapter */
313 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
314
315 /* RTX Telecom based adapters with buggy SCO support */
316 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
317 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
318
319 /* CONWISE Technology based adapters with buggy SCO support */
320 { USB_DEVICE(0x0e5e, 0x6622),
321 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622},
322
323 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */
324 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE },
325
326 /* Digianswer devices */
327 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
328 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
329
330 /* CSR BlueCore Bluetooth Sniffer */
331 { USB_DEVICE(0x0a12, 0x0002),
332 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
333
334 /* Frontline ComProbe Bluetooth Sniffer */
335 { USB_DEVICE(0x16d3, 0x0002),
336 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
337
338 /* Marvell Bluetooth devices */
339 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
340 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
341 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL },
342
343 /* Intel Bluetooth devices */
344 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_NEW },
345 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_NEW },
346 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
347 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
348 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
349 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW },
350 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL },
351 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW },
352
353 /* Other Intel Bluetooth devices */
354 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),
355 .driver_info = BTUSB_IGNORE },
356
357 /* Realtek Bluetooth devices */
358 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01),
359 .driver_info = BTUSB_REALTEK },
360
361 /* Additional Realtek 8723AE Bluetooth devices */
362 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
363 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },
364
365 /* Additional Realtek 8723BE Bluetooth devices */
366 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK },
367 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK },
368 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK },
369 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK },
370 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK },
371 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK },
372
373 /* Additional Realtek 8723BU Bluetooth devices */
374 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
375
376 /* Additional Realtek 8723DE Bluetooth devices */
377 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
378
379 /* Additional Realtek 8821AE Bluetooth devices */
380 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
381 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK },
382 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK },
383 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK },
384 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK },
385
386 /* Additional Realtek 8822BE Bluetooth devices */
387 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK },
388 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK },
389
390 /* Silicon Wave based devices */
391 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE },
392
393 { } /* Terminating entry */
394};
395
396/* The Bluetooth USB module build into some devices needs to be reset on resume,
397 * this is a problem with the platform (likely shutting off all power) not with
398 * the module itself. So we use a DMI list to match known broken platforms.
399 */
400static const struct dmi_system_id btusb_needs_reset_resume_table[] = {
401 {
402 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */
403 .matches = {
404 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
405 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"),
406 },
407 },
408 {
409 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */
410 .matches = {
411 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
412 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"),
413 },
414 },
415 {
416 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */
417 .matches = {
418 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
419 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"),
420 },
421 },
422 {}
423};
424
425#define BTUSB_MAX_ISOC_FRAMES 10
426
427#define BTUSB_INTR_RUNNING 0
428#define BTUSB_BULK_RUNNING 1
429#define BTUSB_ISOC_RUNNING 2
430#define BTUSB_SUSPENDING 3
431#define BTUSB_DID_ISO_RESUME 4
432#define BTUSB_BOOTLOADER 5
433#define BTUSB_DOWNLOADING 6
434#define BTUSB_FIRMWARE_LOADED 7
435#define BTUSB_FIRMWARE_FAILED 8
436#define BTUSB_BOOTING 9
437#define BTUSB_DIAG_RUNNING 10
438#define BTUSB_OOB_WAKE_ENABLED 11
439
440struct btusb_data {
441 struct hci_dev *hdev;
442 struct usb_device *udev;
443 struct usb_interface *intf;
444 struct usb_interface *isoc;
445 struct usb_interface *diag;
446 unsigned isoc_ifnum;
447
448 unsigned long flags;
449
450 struct work_struct work;
451 struct work_struct waker;
452
453 struct usb_anchor deferred;
454 struct usb_anchor tx_anchor;
455 int tx_in_flight;
456 spinlock_t txlock;
457
458 struct usb_anchor intr_anchor;
459 struct usb_anchor bulk_anchor;
460 struct usb_anchor isoc_anchor;
461 struct usb_anchor diag_anchor;
462 spinlock_t rxlock;
463
464 struct sk_buff *evt_skb;
465 struct sk_buff *acl_skb;
466 struct sk_buff *sco_skb;
467
468 struct usb_endpoint_descriptor *intr_ep;
469 struct usb_endpoint_descriptor *bulk_tx_ep;
470 struct usb_endpoint_descriptor *bulk_rx_ep;
471 struct usb_endpoint_descriptor *isoc_tx_ep;
472 struct usb_endpoint_descriptor *isoc_rx_ep;
473 struct usb_endpoint_descriptor *diag_tx_ep;
474 struct usb_endpoint_descriptor *diag_rx_ep;
475
476 __u8 cmdreq_type;
477 __u8 cmdreq;
478
479 unsigned int sco_num;
480 int isoc_altsetting;
481 int suspend_count;
482
483 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb);
484 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count);
485
486 int (*setup_on_usb)(struct hci_dev *hdev);
487
488 int oob_wake_irq; /* irq for out-of-band wake-on-bt */
489};
490
491static inline void btusb_free_frags(struct btusb_data *data)
492{
493 unsigned long flags;
494
495 spin_lock_irqsave(&data->rxlock, flags);
496
497 kfree_skb(data->evt_skb);
498 data->evt_skb = NULL;
499
500 kfree_skb(data->acl_skb);
501 data->acl_skb = NULL;
502
503 kfree_skb(data->sco_skb);
504 data->sco_skb = NULL;
505
506 spin_unlock_irqrestore(&data->rxlock, flags);
507}
508
509static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
510{
511 struct sk_buff *skb;
512 int err = 0;
513
514 spin_lock(&data->rxlock);
515 skb = data->evt_skb;
516
517 while (count) {
518 int len;
519
520 if (!skb) {
521 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC);
522 if (!skb) {
523 err = -ENOMEM;
524 break;
525 }
526
527 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
528 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE;
529 }
530
531 len = min_t(uint, hci_skb_expect(skb), count);
532 skb_put_data(skb, buffer, len);
533
534 count -= len;
535 buffer += len;
536 hci_skb_expect(skb) -= len;
537
538 if (skb->len == HCI_EVENT_HDR_SIZE) {
539 /* Complete event header */
540 hci_skb_expect(skb) = hci_event_hdr(skb)->plen;
541
542 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
543 kfree_skb(skb);
544 skb = NULL;
545
546 err = -EILSEQ;
547 break;
548 }
549 }
550
551 if (!hci_skb_expect(skb)) {
552 /* Complete frame */
553 data->recv_event(data->hdev, skb);
554 skb = NULL;
555 }
556 }
557
558 data->evt_skb = skb;
559 spin_unlock(&data->rxlock);
560
561 return err;
562}
563
564static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
565{
566 struct sk_buff *skb;
567 int err = 0;
568
569 spin_lock(&data->rxlock);
570 skb = data->acl_skb;
571
572 while (count) {
573 int len;
574
575 if (!skb) {
576 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
577 if (!skb) {
578 err = -ENOMEM;
579 break;
580 }
581
582 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
583 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE;
584 }
585
586 len = min_t(uint, hci_skb_expect(skb), count);
587 skb_put_data(skb, buffer, len);
588
589 count -= len;
590 buffer += len;
591 hci_skb_expect(skb) -= len;
592
593 if (skb->len == HCI_ACL_HDR_SIZE) {
594 __le16 dlen = hci_acl_hdr(skb)->dlen;
595
596 /* Complete ACL header */
597 hci_skb_expect(skb) = __le16_to_cpu(dlen);
598
599 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
600 kfree_skb(skb);
601 skb = NULL;
602
603 err = -EILSEQ;
604 break;
605 }
606 }
607
608 if (!hci_skb_expect(skb)) {
609 /* Complete frame */
610 hci_recv_frame(data->hdev, skb);
611 skb = NULL;
612 }
613 }
614
615 data->acl_skb = skb;
616 spin_unlock(&data->rxlock);
617
618 return err;
619}
620
621static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
622{
623 struct sk_buff *skb;
624 int err = 0;
625
626 spin_lock(&data->rxlock);
627 skb = data->sco_skb;
628
629 while (count) {
630 int len;
631
632 if (!skb) {
633 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC);
634 if (!skb) {
635 err = -ENOMEM;
636 break;
637 }
638
639 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
640 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE;
641 }
642
643 len = min_t(uint, hci_skb_expect(skb), count);
644 skb_put_data(skb, buffer, len);
645
646 count -= len;
647 buffer += len;
648 hci_skb_expect(skb) -= len;
649
650 if (skb->len == HCI_SCO_HDR_SIZE) {
651 /* Complete SCO header */
652 hci_skb_expect(skb) = hci_sco_hdr(skb)->dlen;
653
654 if (skb_tailroom(skb) < hci_skb_expect(skb)) {
655 kfree_skb(skb);
656 skb = NULL;
657
658 err = -EILSEQ;
659 break;
660 }
661 }
662
663 if (!hci_skb_expect(skb)) {
664 /* Complete frame */
665 hci_recv_frame(data->hdev, skb);
666 skb = NULL;
667 }
668 }
669
670 data->sco_skb = skb;
671 spin_unlock(&data->rxlock);
672
673 return err;
674}
675
676static void btusb_intr_complete(struct urb *urb)
677{
678 struct hci_dev *hdev = urb->context;
679 struct btusb_data *data = hci_get_drvdata(hdev);
680 int err;
681
682 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
683 urb->actual_length);
684
685 if (!test_bit(HCI_RUNNING, &hdev->flags))
686 return;
687
688 if (urb->status == 0) {
689 hdev->stat.byte_rx += urb->actual_length;
690
691 if (btusb_recv_intr(data, urb->transfer_buffer,
692 urb->actual_length) < 0) {
693 bt_dev_err(hdev, "corrupted event packet");
694 hdev->stat.err_rx++;
695 }
696 } else if (urb->status == -ENOENT) {
697 /* Avoid suspend failed when usb_kill_urb */
698 return;
699 }
700
701 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
702 return;
703
704 usb_mark_last_busy(data->udev);
705 usb_anchor_urb(urb, &data->intr_anchor);
706
707 err = usb_submit_urb(urb, GFP_ATOMIC);
708 if (err < 0) {
709 /* -EPERM: urb is being killed;
710 * -ENODEV: device got disconnected
711 */
712 if (err != -EPERM && err != -ENODEV)
713 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
714 urb, -err);
715 usb_unanchor_urb(urb);
716 }
717}
718
719static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
720{
721 struct btusb_data *data = hci_get_drvdata(hdev);
722 struct urb *urb;
723 unsigned char *buf;
724 unsigned int pipe;
725 int err, size;
726
727 BT_DBG("%s", hdev->name);
728
729 if (!data->intr_ep)
730 return -ENODEV;
731
732 urb = usb_alloc_urb(0, mem_flags);
733 if (!urb)
734 return -ENOMEM;
735
736 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
737
738 buf = kmalloc(size, mem_flags);
739 if (!buf) {
740 usb_free_urb(urb);
741 return -ENOMEM;
742 }
743
744 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
745
746 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
747 btusb_intr_complete, hdev, data->intr_ep->bInterval);
748
749 urb->transfer_flags |= URB_FREE_BUFFER;
750
751 usb_anchor_urb(urb, &data->intr_anchor);
752
753 err = usb_submit_urb(urb, mem_flags);
754 if (err < 0) {
755 if (err != -EPERM && err != -ENODEV)
756 bt_dev_err(hdev, "urb %p submission failed (%d)",
757 urb, -err);
758 usb_unanchor_urb(urb);
759 }
760
761 usb_free_urb(urb);
762
763 return err;
764}
765
766static void btusb_bulk_complete(struct urb *urb)
767{
768 struct hci_dev *hdev = urb->context;
769 struct btusb_data *data = hci_get_drvdata(hdev);
770 int err;
771
772 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
773 urb->actual_length);
774
775 if (!test_bit(HCI_RUNNING, &hdev->flags))
776 return;
777
778 if (urb->status == 0) {
779 hdev->stat.byte_rx += urb->actual_length;
780
781 if (data->recv_bulk(data, urb->transfer_buffer,
782 urb->actual_length) < 0) {
783 bt_dev_err(hdev, "corrupted ACL packet");
784 hdev->stat.err_rx++;
785 }
786 } else if (urb->status == -ENOENT) {
787 /* Avoid suspend failed when usb_kill_urb */
788 return;
789 }
790
791 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
792 return;
793
794 usb_anchor_urb(urb, &data->bulk_anchor);
795 usb_mark_last_busy(data->udev);
796
797 err = usb_submit_urb(urb, GFP_ATOMIC);
798 if (err < 0) {
799 /* -EPERM: urb is being killed;
800 * -ENODEV: device got disconnected
801 */
802 if (err != -EPERM && err != -ENODEV)
803 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
804 urb, -err);
805 usb_unanchor_urb(urb);
806 }
807}
808
809static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
810{
811 struct btusb_data *data = hci_get_drvdata(hdev);
812 struct urb *urb;
813 unsigned char *buf;
814 unsigned int pipe;
815 int err, size = HCI_MAX_FRAME_SIZE;
816
817 BT_DBG("%s", hdev->name);
818
819 if (!data->bulk_rx_ep)
820 return -ENODEV;
821
822 urb = usb_alloc_urb(0, mem_flags);
823 if (!urb)
824 return -ENOMEM;
825
826 buf = kmalloc(size, mem_flags);
827 if (!buf) {
828 usb_free_urb(urb);
829 return -ENOMEM;
830 }
831
832 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
833
834 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
835 btusb_bulk_complete, hdev);
836
837 urb->transfer_flags |= URB_FREE_BUFFER;
838
839 usb_mark_last_busy(data->udev);
840 usb_anchor_urb(urb, &data->bulk_anchor);
841
842 err = usb_submit_urb(urb, mem_flags);
843 if (err < 0) {
844 if (err != -EPERM && err != -ENODEV)
845 bt_dev_err(hdev, "urb %p submission failed (%d)",
846 urb, -err);
847 usb_unanchor_urb(urb);
848 }
849
850 usb_free_urb(urb);
851
852 return err;
853}
854
855static void btusb_isoc_complete(struct urb *urb)
856{
857 struct hci_dev *hdev = urb->context;
858 struct btusb_data *data = hci_get_drvdata(hdev);
859 int i, err;
860
861 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
862 urb->actual_length);
863
864 if (!test_bit(HCI_RUNNING, &hdev->flags))
865 return;
866
867 if (urb->status == 0) {
868 for (i = 0; i < urb->number_of_packets; i++) {
869 unsigned int offset = urb->iso_frame_desc[i].offset;
870 unsigned int length = urb->iso_frame_desc[i].actual_length;
871
872 if (urb->iso_frame_desc[i].status)
873 continue;
874
875 hdev->stat.byte_rx += length;
876
877 if (btusb_recv_isoc(data, urb->transfer_buffer + offset,
878 length) < 0) {
879 bt_dev_err(hdev, "corrupted SCO packet");
880 hdev->stat.err_rx++;
881 }
882 }
883 } else if (urb->status == -ENOENT) {
884 /* Avoid suspend failed when usb_kill_urb */
885 return;
886 }
887
888 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
889 return;
890
891 usb_anchor_urb(urb, &data->isoc_anchor);
892
893 err = usb_submit_urb(urb, GFP_ATOMIC);
894 if (err < 0) {
895 /* -EPERM: urb is being killed;
896 * -ENODEV: device got disconnected
897 */
898 if (err != -EPERM && err != -ENODEV)
899 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
900 urb, -err);
901 usb_unanchor_urb(urb);
902 }
903}
904
905static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
906{
907 int i, offset = 0;
908
909 BT_DBG("len %d mtu %d", len, mtu);
910
911 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
912 i++, offset += mtu, len -= mtu) {
913 urb->iso_frame_desc[i].offset = offset;
914 urb->iso_frame_desc[i].length = mtu;
915 }
916
917 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
918 urb->iso_frame_desc[i].offset = offset;
919 urb->iso_frame_desc[i].length = len;
920 i++;
921 }
922
923 urb->number_of_packets = i;
924}
925
926static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
927{
928 struct btusb_data *data = hci_get_drvdata(hdev);
929 struct urb *urb;
930 unsigned char *buf;
931 unsigned int pipe;
932 int err, size;
933
934 BT_DBG("%s", hdev->name);
935
936 if (!data->isoc_rx_ep)
937 return -ENODEV;
938
939 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
940 if (!urb)
941 return -ENOMEM;
942
943 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
944 BTUSB_MAX_ISOC_FRAMES;
945
946 buf = kmalloc(size, mem_flags);
947 if (!buf) {
948 usb_free_urb(urb);
949 return -ENOMEM;
950 }
951
952 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
953
954 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
955 hdev, data->isoc_rx_ep->bInterval);
956
957 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
958
959 __fill_isoc_descriptor(urb, size,
960 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
961
962 usb_anchor_urb(urb, &data->isoc_anchor);
963
964 err = usb_submit_urb(urb, mem_flags);
965 if (err < 0) {
966 if (err != -EPERM && err != -ENODEV)
967 bt_dev_err(hdev, "urb %p submission failed (%d)",
968 urb, -err);
969 usb_unanchor_urb(urb);
970 }
971
972 usb_free_urb(urb);
973
974 return err;
975}
976
977static void btusb_diag_complete(struct urb *urb)
978{
979 struct hci_dev *hdev = urb->context;
980 struct btusb_data *data = hci_get_drvdata(hdev);
981 int err;
982
983 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
984 urb->actual_length);
985
986 if (urb->status == 0) {
987 struct sk_buff *skb;
988
989 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC);
990 if (skb) {
991 skb_put_data(skb, urb->transfer_buffer,
992 urb->actual_length);
993 hci_recv_diag(hdev, skb);
994 }
995 } else if (urb->status == -ENOENT) {
996 /* Avoid suspend failed when usb_kill_urb */
997 return;
998 }
999
1000 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags))
1001 return;
1002
1003 usb_anchor_urb(urb, &data->diag_anchor);
1004 usb_mark_last_busy(data->udev);
1005
1006 err = usb_submit_urb(urb, GFP_ATOMIC);
1007 if (err < 0) {
1008 /* -EPERM: urb is being killed;
1009 * -ENODEV: device got disconnected
1010 */
1011 if (err != -EPERM && err != -ENODEV)
1012 bt_dev_err(hdev, "urb %p failed to resubmit (%d)",
1013 urb, -err);
1014 usb_unanchor_urb(urb);
1015 }
1016}
1017
1018static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags)
1019{
1020 struct btusb_data *data = hci_get_drvdata(hdev);
1021 struct urb *urb;
1022 unsigned char *buf;
1023 unsigned int pipe;
1024 int err, size = HCI_MAX_FRAME_SIZE;
1025
1026 BT_DBG("%s", hdev->name);
1027
1028 if (!data->diag_rx_ep)
1029 return -ENODEV;
1030
1031 urb = usb_alloc_urb(0, mem_flags);
1032 if (!urb)
1033 return -ENOMEM;
1034
1035 buf = kmalloc(size, mem_flags);
1036 if (!buf) {
1037 usb_free_urb(urb);
1038 return -ENOMEM;
1039 }
1040
1041 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress);
1042
1043 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size,
1044 btusb_diag_complete, hdev);
1045
1046 urb->transfer_flags |= URB_FREE_BUFFER;
1047
1048 usb_mark_last_busy(data->udev);
1049 usb_anchor_urb(urb, &data->diag_anchor);
1050
1051 err = usb_submit_urb(urb, mem_flags);
1052 if (err < 0) {
1053 if (err != -EPERM && err != -ENODEV)
1054 bt_dev_err(hdev, "urb %p submission failed (%d)",
1055 urb, -err);
1056 usb_unanchor_urb(urb);
1057 }
1058
1059 usb_free_urb(urb);
1060
1061 return err;
1062}
1063
1064static void btusb_tx_complete(struct urb *urb)
1065{
1066 struct sk_buff *skb = urb->context;
1067 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1068 struct btusb_data *data = hci_get_drvdata(hdev);
1069
1070 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1071 urb->actual_length);
1072
1073 if (!test_bit(HCI_RUNNING, &hdev->flags))
1074 goto done;
1075
1076 if (!urb->status)
1077 hdev->stat.byte_tx += urb->transfer_buffer_length;
1078 else
1079 hdev->stat.err_tx++;
1080
1081done:
1082 spin_lock(&data->txlock);
1083 data->tx_in_flight--;
1084 spin_unlock(&data->txlock);
1085
1086 kfree(urb->setup_packet);
1087
1088 kfree_skb(skb);
1089}
1090
1091static void btusb_isoc_tx_complete(struct urb *urb)
1092{
1093 struct sk_buff *skb = urb->context;
1094 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1095
1096 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1097 urb->actual_length);
1098
1099 if (!test_bit(HCI_RUNNING, &hdev->flags))
1100 goto done;
1101
1102 if (!urb->status)
1103 hdev->stat.byte_tx += urb->transfer_buffer_length;
1104 else
1105 hdev->stat.err_tx++;
1106
1107done:
1108 kfree(urb->setup_packet);
1109
1110 kfree_skb(skb);
1111}
1112
1113static int btusb_open(struct hci_dev *hdev)
1114{
1115 struct btusb_data *data = hci_get_drvdata(hdev);
1116 int err;
1117
1118 BT_DBG("%s", hdev->name);
1119
1120 err = usb_autopm_get_interface(data->intf);
1121 if (err < 0)
1122 return err;
1123
1124 /* Patching USB firmware files prior to starting any URBs of HCI path
1125 * It is more safe to use USB bulk channel for downloading USB patch
1126 */
1127 if (data->setup_on_usb) {
1128 err = data->setup_on_usb(hdev);
1129 if (err < 0)
1130 return err;
1131 }
1132
1133 data->intf->needs_remote_wakeup = 1;
1134 /* device specific wakeup source enabled and required for USB
1135 * remote wakeup while host is suspended
1136 */
1137 device_wakeup_enable(&data->udev->dev);
1138
1139 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
1140 goto done;
1141
1142 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
1143 if (err < 0)
1144 goto failed;
1145
1146 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1147 if (err < 0) {
1148 usb_kill_anchored_urbs(&data->intr_anchor);
1149 goto failed;
1150 }
1151
1152 set_bit(BTUSB_BULK_RUNNING, &data->flags);
1153 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
1154
1155 if (data->diag) {
1156 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL))
1157 set_bit(BTUSB_DIAG_RUNNING, &data->flags);
1158 }
1159
1160done:
1161 usb_autopm_put_interface(data->intf);
1162 return 0;
1163
1164failed:
1165 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1166 usb_autopm_put_interface(data->intf);
1167 return err;
1168}
1169
1170static void btusb_stop_traffic(struct btusb_data *data)
1171{
1172 usb_kill_anchored_urbs(&data->intr_anchor);
1173 usb_kill_anchored_urbs(&data->bulk_anchor);
1174 usb_kill_anchored_urbs(&data->isoc_anchor);
1175 usb_kill_anchored_urbs(&data->diag_anchor);
1176}
1177
1178static int btusb_close(struct hci_dev *hdev)
1179{
1180 struct btusb_data *data = hci_get_drvdata(hdev);
1181 int err;
1182
1183 BT_DBG("%s", hdev->name);
1184
1185 cancel_work_sync(&data->work);
1186 cancel_work_sync(&data->waker);
1187
1188 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1189 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1190 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1191 clear_bit(BTUSB_DIAG_RUNNING, &data->flags);
1192
1193 btusb_stop_traffic(data);
1194 btusb_free_frags(data);
1195
1196 err = usb_autopm_get_interface(data->intf);
1197 if (err < 0)
1198 goto failed;
1199
1200 data->intf->needs_remote_wakeup = 0;
1201 device_wakeup_disable(&data->udev->dev);
1202 usb_autopm_put_interface(data->intf);
1203
1204failed:
1205 usb_scuttle_anchored_urbs(&data->deferred);
1206 return 0;
1207}
1208
1209static int btusb_flush(struct hci_dev *hdev)
1210{
1211 struct btusb_data *data = hci_get_drvdata(hdev);
1212
1213 BT_DBG("%s", hdev->name);
1214
1215 usb_kill_anchored_urbs(&data->tx_anchor);
1216 btusb_free_frags(data);
1217
1218 return 0;
1219}
1220
1221static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb)
1222{
1223 struct btusb_data *data = hci_get_drvdata(hdev);
1224 struct usb_ctrlrequest *dr;
1225 struct urb *urb;
1226 unsigned int pipe;
1227
1228 urb = usb_alloc_urb(0, GFP_KERNEL);
1229 if (!urb)
1230 return ERR_PTR(-ENOMEM);
1231
1232 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
1233 if (!dr) {
1234 usb_free_urb(urb);
1235 return ERR_PTR(-ENOMEM);
1236 }
1237
1238 dr->bRequestType = data->cmdreq_type;
1239 dr->bRequest = data->cmdreq;
1240 dr->wIndex = 0;
1241 dr->wValue = 0;
1242 dr->wLength = __cpu_to_le16(skb->len);
1243
1244 pipe = usb_sndctrlpipe(data->udev, 0x00);
1245
1246 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr,
1247 skb->data, skb->len, btusb_tx_complete, skb);
1248
1249 skb->dev = (void *)hdev;
1250
1251 return urb;
1252}
1253
1254static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb)
1255{
1256 struct btusb_data *data = hci_get_drvdata(hdev);
1257 struct urb *urb;
1258 unsigned int pipe;
1259
1260 if (!data->bulk_tx_ep)
1261 return ERR_PTR(-ENODEV);
1262
1263 urb = usb_alloc_urb(0, GFP_KERNEL);
1264 if (!urb)
1265 return ERR_PTR(-ENOMEM);
1266
1267 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress);
1268
1269 usb_fill_bulk_urb(urb, data->udev, pipe,
1270 skb->data, skb->len, btusb_tx_complete, skb);
1271
1272 skb->dev = (void *)hdev;
1273
1274 return urb;
1275}
1276
1277static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb)
1278{
1279 struct btusb_data *data = hci_get_drvdata(hdev);
1280 struct urb *urb;
1281 unsigned int pipe;
1282
1283 if (!data->isoc_tx_ep)
1284 return ERR_PTR(-ENODEV);
1285
1286 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL);
1287 if (!urb)
1288 return ERR_PTR(-ENOMEM);
1289
1290 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress);
1291
1292 usb_fill_int_urb(urb, data->udev, pipe,
1293 skb->data, skb->len, btusb_isoc_tx_complete,
1294 skb, data->isoc_tx_ep->bInterval);
1295
1296 urb->transfer_flags = URB_ISO_ASAP;
1297
1298 __fill_isoc_descriptor(urb, skb->len,
1299 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
1300
1301 skb->dev = (void *)hdev;
1302
1303 return urb;
1304}
1305
1306static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb)
1307{
1308 struct btusb_data *data = hci_get_drvdata(hdev);
1309 int err;
1310
1311 usb_anchor_urb(urb, &data->tx_anchor);
1312
1313 err = usb_submit_urb(urb, GFP_KERNEL);
1314 if (err < 0) {
1315 if (err != -EPERM && err != -ENODEV)
1316 bt_dev_err(hdev, "urb %p submission failed (%d)",
1317 urb, -err);
1318 kfree(urb->setup_packet);
1319 usb_unanchor_urb(urb);
1320 } else {
1321 usb_mark_last_busy(data->udev);
1322 }
1323
1324 usb_free_urb(urb);
1325 return err;
1326}
1327
1328static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb)
1329{
1330 struct btusb_data *data = hci_get_drvdata(hdev);
1331 unsigned long flags;
1332 bool suspending;
1333
1334 spin_lock_irqsave(&data->txlock, flags);
1335 suspending = test_bit(BTUSB_SUSPENDING, &data->flags);
1336 if (!suspending)
1337 data->tx_in_flight++;
1338 spin_unlock_irqrestore(&data->txlock, flags);
1339
1340 if (!suspending)
1341 return submit_tx_urb(hdev, urb);
1342
1343 usb_anchor_urb(urb, &data->deferred);
1344 schedule_work(&data->waker);
1345
1346 usb_free_urb(urb);
1347 return 0;
1348}
1349
1350static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1351{
1352 struct urb *urb;
1353
1354 BT_DBG("%s", hdev->name);
1355
1356 switch (hci_skb_pkt_type(skb)) {
1357 case HCI_COMMAND_PKT:
1358 urb = alloc_ctrl_urb(hdev, skb);
1359 if (IS_ERR(urb))
1360 return PTR_ERR(urb);
1361
1362 hdev->stat.cmd_tx++;
1363 return submit_or_queue_tx_urb(hdev, urb);
1364
1365 case HCI_ACLDATA_PKT:
1366 urb = alloc_bulk_urb(hdev, skb);
1367 if (IS_ERR(urb))
1368 return PTR_ERR(urb);
1369
1370 hdev->stat.acl_tx++;
1371 return submit_or_queue_tx_urb(hdev, urb);
1372
1373 case HCI_SCODATA_PKT:
1374 if (hci_conn_num(hdev, SCO_LINK) < 1)
1375 return -ENODEV;
1376
1377 urb = alloc_isoc_urb(hdev, skb);
1378 if (IS_ERR(urb))
1379 return PTR_ERR(urb);
1380
1381 hdev->stat.sco_tx++;
1382 return submit_tx_urb(hdev, urb);
1383 }
1384
1385 return -EILSEQ;
1386}
1387
1388static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
1389{
1390 struct btusb_data *data = hci_get_drvdata(hdev);
1391
1392 BT_DBG("%s evt %d", hdev->name, evt);
1393
1394 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
1395 data->sco_num = hci_conn_num(hdev, SCO_LINK);
1396 schedule_work(&data->work);
1397 }
1398}
1399
1400static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
1401{
1402 struct btusb_data *data = hci_get_drvdata(hdev);
1403 struct usb_interface *intf = data->isoc;
1404 struct usb_endpoint_descriptor *ep_desc;
1405 int i, err;
1406
1407 if (!data->isoc)
1408 return -ENODEV;
1409
1410 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting);
1411 if (err < 0) {
1412 bt_dev_err(hdev, "setting interface failed (%d)", -err);
1413 return err;
1414 }
1415
1416 data->isoc_altsetting = altsetting;
1417
1418 data->isoc_tx_ep = NULL;
1419 data->isoc_rx_ep = NULL;
1420
1421 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1422 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1423
1424 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
1425 data->isoc_tx_ep = ep_desc;
1426 continue;
1427 }
1428
1429 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
1430 data->isoc_rx_ep = ep_desc;
1431 continue;
1432 }
1433 }
1434
1435 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
1436 bt_dev_err(hdev, "invalid SCO descriptors");
1437 return -ENODEV;
1438 }
1439
1440 return 0;
1441}
1442
1443static void btusb_work(struct work_struct *work)
1444{
1445 struct btusb_data *data = container_of(work, struct btusb_data, work);
1446 struct hci_dev *hdev = data->hdev;
1447 int new_alts;
1448 int err;
1449
1450 if (data->sco_num > 0) {
1451 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
1452 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
1453 if (err < 0) {
1454 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1455 usb_kill_anchored_urbs(&data->isoc_anchor);
1456 return;
1457 }
1458
1459 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
1460 }
1461
1462 if (hdev->voice_setting & 0x0020) {
1463 static const int alts[3] = { 2, 4, 5 };
1464
1465 new_alts = alts[data->sco_num - 1];
1466 } else {
1467 new_alts = data->sco_num;
1468 }
1469
1470 if (data->isoc_altsetting != new_alts) {
1471 unsigned long flags;
1472
1473 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1474 usb_kill_anchored_urbs(&data->isoc_anchor);
1475
1476 /* When isochronous alternate setting needs to be
1477 * changed, because SCO connection has been added
1478 * or removed, a packet fragment may be left in the
1479 * reassembling state. This could lead to wrongly
1480 * assembled fragments.
1481 *
1482 * Clear outstanding fragment when selecting a new
1483 * alternate setting.
1484 */
1485 spin_lock_irqsave(&data->rxlock, flags);
1486 kfree_skb(data->sco_skb);
1487 data->sco_skb = NULL;
1488 spin_unlock_irqrestore(&data->rxlock, flags);
1489
1490 if (__set_isoc_interface(hdev, new_alts) < 0)
1491 return;
1492 }
1493
1494 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1495 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
1496 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1497 else
1498 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
1499 }
1500 } else {
1501 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1502 usb_kill_anchored_urbs(&data->isoc_anchor);
1503
1504 __set_isoc_interface(hdev, 0);
1505 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
1506 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
1507 }
1508}
1509
1510static void btusb_waker(struct work_struct *work)
1511{
1512 struct btusb_data *data = container_of(work, struct btusb_data, waker);
1513 int err;
1514
1515 err = usb_autopm_get_interface(data->intf);
1516 if (err < 0)
1517 return;
1518
1519 usb_autopm_put_interface(data->intf);
1520}
1521
1522static int btusb_setup_bcm92035(struct hci_dev *hdev)
1523{
1524 struct sk_buff *skb;
1525 u8 val = 0x00;
1526
1527 BT_DBG("%s", hdev->name);
1528
1529 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
1530 if (IS_ERR(skb))
1531 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb));
1532 else
1533 kfree_skb(skb);
1534
1535 return 0;
1536}
1537
1538static int btusb_setup_csr(struct hci_dev *hdev)
1539{
1540 struct hci_rp_read_local_version *rp;
1541 struct sk_buff *skb;
1542
1543 BT_DBG("%s", hdev->name);
1544
1545 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1546 HCI_INIT_TIMEOUT);
1547 if (IS_ERR(skb)) {
1548 int err = PTR_ERR(skb);
1549 bt_dev_err(hdev, "CSR: Local version failed (%d)", err);
1550 return err;
1551 }
1552
1553 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
1554 bt_dev_err(hdev, "CSR: Local version length mismatch");
1555 kfree_skb(skb);
1556 return -EIO;
1557 }
1558
1559 rp = (struct hci_rp_read_local_version *)skb->data;
1560
1561 /* Detect controllers which aren't real CSR ones. */
1562 if (le16_to_cpu(rp->manufacturer) != 10 ||
1563 le16_to_cpu(rp->lmp_subver) == 0x0c5c) {
1564 /* Clear the reset quirk since this is not an actual
1565 * early Bluetooth 1.1 device from CSR.
1566 */
1567 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1568
1569 /* These fake CSR controllers have all a broken
1570 * stored link key handling and so just disable it.
1571 */
1572 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
1573 }
1574
1575 kfree_skb(skb);
1576
1577 return 0;
1578}
1579
1580static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1581 struct intel_version *ver)
1582{
1583 const struct firmware *fw;
1584 char fwname[64];
1585 int ret;
1586
1587 snprintf(fwname, sizeof(fwname),
1588 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1589 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1590 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1591 ver->fw_build_ww, ver->fw_build_yy);
1592
1593 ret = request_firmware(&fw, fwname, &hdev->dev);
1594 if (ret < 0) {
1595 if (ret == -EINVAL) {
1596 BT_ERR("%s Intel firmware file request failed (%d)",
1597 hdev->name, ret);
1598 return NULL;
1599 }
1600
1601 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1602 hdev->name, fwname, ret);
1603
1604 /* If the correct firmware patch file is not found, use the
1605 * default firmware patch file instead
1606 */
1607 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1608 ver->hw_platform, ver->hw_variant);
1609 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1610 BT_ERR("%s failed to open default Intel fw file: %s",
1611 hdev->name, fwname);
1612 return NULL;
1613 }
1614 }
1615
1616 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1617
1618 return fw;
1619}
1620
1621static int btusb_setup_intel_patching(struct hci_dev *hdev,
1622 const struct firmware *fw,
1623 const u8 **fw_ptr, int *disable_patch)
1624{
1625 struct sk_buff *skb;
1626 struct hci_command_hdr *cmd;
1627 const u8 *cmd_param;
1628 struct hci_event_hdr *evt = NULL;
1629 const u8 *evt_param = NULL;
1630 int remain = fw->size - (*fw_ptr - fw->data);
1631
1632 /* The first byte indicates the types of the patch command or event.
1633 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1634 * in the current firmware buffer doesn't start with 0x01 or
1635 * the size of remain buffer is smaller than HCI command header,
1636 * the firmware file is corrupted and it should stop the patching
1637 * process.
1638 */
1639 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1640 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1641 return -EINVAL;
1642 }
1643 (*fw_ptr)++;
1644 remain--;
1645
1646 cmd = (struct hci_command_hdr *)(*fw_ptr);
1647 *fw_ptr += sizeof(*cmd);
1648 remain -= sizeof(*cmd);
1649
1650 /* Ensure that the remain firmware data is long enough than the length
1651 * of command parameter. If not, the firmware file is corrupted.
1652 */
1653 if (remain < cmd->plen) {
1654 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1655 return -EFAULT;
1656 }
1657
1658 /* If there is a command that loads a patch in the firmware
1659 * file, then enable the patch upon success, otherwise just
1660 * disable the manufacturer mode, for example patch activation
1661 * is not required when the default firmware patch file is used
1662 * because there are no patch data to load.
1663 */
1664 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1665 *disable_patch = 0;
1666
1667 cmd_param = *fw_ptr;
1668 *fw_ptr += cmd->plen;
1669 remain -= cmd->plen;
1670
1671 /* This reads the expected events when the above command is sent to the
1672 * device. Some vendor commands expects more than one events, for
1673 * example command status event followed by vendor specific event.
1674 * For this case, it only keeps the last expected event. so the command
1675 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1676 * last expected event.
1677 */
1678 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1679 (*fw_ptr)++;
1680 remain--;
1681
1682 evt = (struct hci_event_hdr *)(*fw_ptr);
1683 *fw_ptr += sizeof(*evt);
1684 remain -= sizeof(*evt);
1685
1686 if (remain < evt->plen) {
1687 BT_ERR("%s Intel fw corrupted: invalid evt len",
1688 hdev->name);
1689 return -EFAULT;
1690 }
1691
1692 evt_param = *fw_ptr;
1693 *fw_ptr += evt->plen;
1694 remain -= evt->plen;
1695 }
1696
1697 /* Every HCI commands in the firmware file has its correspond event.
1698 * If event is not found or remain is smaller than zero, the firmware
1699 * file is corrupted.
1700 */
1701 if (!evt || !evt_param || remain < 0) {
1702 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1703 return -EFAULT;
1704 }
1705
1706 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1707 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1708 if (IS_ERR(skb)) {
1709 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1710 hdev->name, cmd->opcode, PTR_ERR(skb));
1711 return PTR_ERR(skb);
1712 }
1713
1714 /* It ensures that the returned event matches the event data read from
1715 * the firmware file. At fist, it checks the length and then
1716 * the contents of the event.
1717 */
1718 if (skb->len != evt->plen) {
1719 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1720 le16_to_cpu(cmd->opcode));
1721 kfree_skb(skb);
1722 return -EFAULT;
1723 }
1724
1725 if (memcmp(skb->data, evt_param, evt->plen)) {
1726 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1727 hdev->name, le16_to_cpu(cmd->opcode));
1728 kfree_skb(skb);
1729 return -EFAULT;
1730 }
1731 kfree_skb(skb);
1732
1733 return 0;
1734}
1735
1736static int btusb_setup_intel(struct hci_dev *hdev)
1737{
1738 struct sk_buff *skb;
1739 const struct firmware *fw;
1740 const u8 *fw_ptr;
1741 int disable_patch, err;
1742 struct intel_version ver;
1743
1744 BT_DBG("%s", hdev->name);
1745
1746 /* The controller has a bug with the first HCI command sent to it
1747 * returning number of completed commands as zero. This would stall the
1748 * command processing in the Bluetooth core.
1749 *
1750 * As a workaround, send HCI Reset command first which will reset the
1751 * number of completed commands and allow normal command processing
1752 * from now on.
1753 */
1754 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1755 if (IS_ERR(skb)) {
1756 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1757 hdev->name, PTR_ERR(skb));
1758 return PTR_ERR(skb);
1759 }
1760 kfree_skb(skb);
1761
1762 /* Read Intel specific controller version first to allow selection of
1763 * which firmware file to load.
1764 *
1765 * The returned information are hardware variant and revision plus
1766 * firmware variant, revision and build number.
1767 */
1768 err = btintel_read_version(hdev, &ver);
1769 if (err)
1770 return err;
1771
1772 bt_dev_info(hdev, "read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1773 ver.hw_platform, ver.hw_variant, ver.hw_revision,
1774 ver.fw_variant, ver.fw_revision, ver.fw_build_num,
1775 ver.fw_build_ww, ver.fw_build_yy, ver.fw_patch_num);
1776
1777 /* fw_patch_num indicates the version of patch the device currently
1778 * have. If there is no patch data in the device, it is always 0x00.
1779 * So, if it is other than 0x00, no need to patch the device again.
1780 */
1781 if (ver.fw_patch_num) {
1782 bt_dev_info(hdev, "Intel device is already patched. "
1783 "patch num: %02x", ver.fw_patch_num);
1784 goto complete;
1785 }
1786
1787 /* Opens the firmware patch file based on the firmware version read
1788 * from the controller. If it fails to open the matching firmware
1789 * patch file, it tries to open the default firmware patch file.
1790 * If no patch file is found, allow the device to operate without
1791 * a patch.
1792 */
1793 fw = btusb_setup_intel_get_fw(hdev, &ver);
1794 if (!fw)
1795 goto complete;
1796 fw_ptr = fw->data;
1797
1798 /* Enable the manufacturer mode of the controller.
1799 * Only while this mode is enabled, the driver can download the
1800 * firmware patch data and configuration parameters.
1801 */
1802 err = btintel_enter_mfg(hdev);
1803 if (err) {
1804 release_firmware(fw);
1805 return err;
1806 }
1807
1808 disable_patch = 1;
1809
1810 /* The firmware data file consists of list of Intel specific HCI
1811 * commands and its expected events. The first byte indicates the
1812 * type of the message, either HCI command or HCI event.
1813 *
1814 * It reads the command and its expected event from the firmware file,
1815 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1816 * the returned event is compared with the event read from the firmware
1817 * file and it will continue until all the messages are downloaded to
1818 * the controller.
1819 *
1820 * Once the firmware patching is completed successfully,
1821 * the manufacturer mode is disabled with reset and activating the
1822 * downloaded patch.
1823 *
1824 * If the firmware patching fails, the manufacturer mode is
1825 * disabled with reset and deactivating the patch.
1826 *
1827 * If the default patch file is used, no reset is done when disabling
1828 * the manufacturer.
1829 */
1830 while (fw->size > fw_ptr - fw->data) {
1831 int ret;
1832
1833 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1834 &disable_patch);
1835 if (ret < 0)
1836 goto exit_mfg_deactivate;
1837 }
1838
1839 release_firmware(fw);
1840
1841 if (disable_patch)
1842 goto exit_mfg_disable;
1843
1844 /* Patching completed successfully and disable the manufacturer mode
1845 * with reset and activate the downloaded firmware patches.
1846 */
1847 err = btintel_exit_mfg(hdev, true, true);
1848 if (err)
1849 return err;
1850
1851 bt_dev_info(hdev, "Intel firmware patch completed and activated");
1852
1853 goto complete;
1854
1855exit_mfg_disable:
1856 /* Disable the manufacturer mode without reset */
1857 err = btintel_exit_mfg(hdev, false, false);
1858 if (err)
1859 return err;
1860
1861 bt_dev_info(hdev, "Intel firmware patch completed");
1862
1863 goto complete;
1864
1865exit_mfg_deactivate:
1866 release_firmware(fw);
1867
1868 /* Patching failed. Disable the manufacturer mode with reset and
1869 * deactivate the downloaded firmware patches.
1870 */
1871 err = btintel_exit_mfg(hdev, true, false);
1872 if (err)
1873 return err;
1874
1875 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1876
1877complete:
1878 /* Set the event mask for Intel specific vendor events. This enables
1879 * a few extra events that are useful during general operation.
1880 */
1881 btintel_set_event_mask_mfg(hdev, false);
1882
1883 btintel_check_bdaddr(hdev);
1884 return 0;
1885}
1886
1887static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1888{
1889 struct sk_buff *skb;
1890 struct hci_event_hdr *hdr;
1891 struct hci_ev_cmd_complete *evt;
1892
1893 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC);
1894 if (!skb)
1895 return -ENOMEM;
1896
1897 hdr = skb_put(skb, sizeof(*hdr));
1898 hdr->evt = HCI_EV_CMD_COMPLETE;
1899 hdr->plen = sizeof(*evt) + 1;
1900
1901 evt = skb_put(skb, sizeof(*evt));
1902 evt->ncmd = 0x01;
1903 evt->opcode = cpu_to_le16(opcode);
1904
1905 skb_put_u8(skb, 0x00);
1906
1907 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
1908
1909 return hci_recv_frame(hdev, skb);
1910}
1911
1912static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer,
1913 int count)
1914{
1915 /* When the device is in bootloader mode, then it can send
1916 * events via the bulk endpoint. These events are treated the
1917 * same way as the ones received from the interrupt endpoint.
1918 */
1919 if (test_bit(BTUSB_BOOTLOADER, &data->flags))
1920 return btusb_recv_intr(data, buffer, count);
1921
1922 return btusb_recv_bulk(data, buffer, count);
1923}
1924
1925static void btusb_intel_bootup(struct btusb_data *data, const void *ptr,
1926 unsigned int len)
1927{
1928 const struct intel_bootup *evt = ptr;
1929
1930 if (len != sizeof(*evt))
1931 return;
1932
1933 if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) {
1934 smp_mb__after_atomic();
1935 wake_up_bit(&data->flags, BTUSB_BOOTING);
1936 }
1937}
1938
1939static void btusb_intel_secure_send_result(struct btusb_data *data,
1940 const void *ptr, unsigned int len)
1941{
1942 const struct intel_secure_send_result *evt = ptr;
1943
1944 if (len != sizeof(*evt))
1945 return;
1946
1947 if (evt->result)
1948 set_bit(BTUSB_FIRMWARE_FAILED, &data->flags);
1949
1950 if (test_and_clear_bit(BTUSB_DOWNLOADING, &data->flags) &&
1951 test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) {
1952 smp_mb__after_atomic();
1953 wake_up_bit(&data->flags, BTUSB_DOWNLOADING);
1954 }
1955}
1956
1957static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
1958{
1959 struct btusb_data *data = hci_get_drvdata(hdev);
1960
1961 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
1962 struct hci_event_hdr *hdr = (void *)skb->data;
1963
1964 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
1965 hdr->plen > 0) {
1966 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
1967 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
1968
1969 switch (skb->data[2]) {
1970 case 0x02:
1971 /* When switching to the operational firmware
1972 * the device sends a vendor specific event
1973 * indicating that the bootup completed.
1974 */
1975 btusb_intel_bootup(data, ptr, len);
1976 break;
1977 case 0x06:
1978 /* When the firmware loading completes the
1979 * device sends out a vendor specific event
1980 * indicating the result of the firmware
1981 * loading.
1982 */
1983 btusb_intel_secure_send_result(data, ptr, len);
1984 break;
1985 }
1986 }
1987 }
1988
1989 return hci_recv_frame(hdev, skb);
1990}
1991
1992static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
1993{
1994 struct btusb_data *data = hci_get_drvdata(hdev);
1995 struct urb *urb;
1996
1997 BT_DBG("%s", hdev->name);
1998
1999 switch (hci_skb_pkt_type(skb)) {
2000 case HCI_COMMAND_PKT:
2001 if (test_bit(BTUSB_BOOTLOADER, &data->flags)) {
2002 struct hci_command_hdr *cmd = (void *)skb->data;
2003 __u16 opcode = le16_to_cpu(cmd->opcode);
2004
2005 /* When in bootloader mode and the command 0xfc09
2006 * is received, it needs to be send down the
2007 * bulk endpoint. So allocate a bulk URB instead.
2008 */
2009 if (opcode == 0xfc09)
2010 urb = alloc_bulk_urb(hdev, skb);
2011 else
2012 urb = alloc_ctrl_urb(hdev, skb);
2013
2014 /* When the 0xfc01 command is issued to boot into
2015 * the operational firmware, it will actually not
2016 * send a command complete event. To keep the flow
2017 * control working inject that event here.
2018 */
2019 if (opcode == 0xfc01)
2020 inject_cmd_complete(hdev, opcode);
2021 } else {
2022 urb = alloc_ctrl_urb(hdev, skb);
2023 }
2024 if (IS_ERR(urb))
2025 return PTR_ERR(urb);
2026
2027 hdev->stat.cmd_tx++;
2028 return submit_or_queue_tx_urb(hdev, urb);
2029
2030 case HCI_ACLDATA_PKT:
2031 urb = alloc_bulk_urb(hdev, skb);
2032 if (IS_ERR(urb))
2033 return PTR_ERR(urb);
2034
2035 hdev->stat.acl_tx++;
2036 return submit_or_queue_tx_urb(hdev, urb);
2037
2038 case HCI_SCODATA_PKT:
2039 if (hci_conn_num(hdev, SCO_LINK) < 1)
2040 return -ENODEV;
2041
2042 urb = alloc_isoc_urb(hdev, skb);
2043 if (IS_ERR(urb))
2044 return PTR_ERR(urb);
2045
2046 hdev->stat.sco_tx++;
2047 return submit_tx_urb(hdev, urb);
2048 }
2049
2050 return -EILSEQ;
2051}
2052
2053static int btusb_setup_intel_new(struct hci_dev *hdev)
2054{
2055 struct btusb_data *data = hci_get_drvdata(hdev);
2056 struct intel_version ver;
2057 struct intel_boot_params params;
2058 const struct firmware *fw;
2059 u32 boot_param;
2060 char fwname[64];
2061 ktime_t calltime, delta, rettime;
2062 unsigned long long duration;
2063 int err;
2064
2065 BT_DBG("%s", hdev->name);
2066
2067 /* Set the default boot parameter to 0x0 and it is updated to
2068 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2069 * command while downloading the firmware.
2070 */
2071 boot_param = 0x00000000;
2072
2073 calltime = ktime_get();
2074
2075 /* Read the Intel version information to determine if the device
2076 * is in bootloader mode or if it already has operational firmware
2077 * loaded.
2078 */
2079 err = btintel_read_version(hdev, &ver);
2080 if (err)
2081 return err;
2082
2083 /* The hardware platform number has a fixed value of 0x37 and
2084 * for now only accept this single value.
2085 */
2086 if (ver.hw_platform != 0x37) {
2087 BT_ERR("%s: Unsupported Intel hardware platform (%u)",
2088 hdev->name, ver.hw_platform);
2089 return -EINVAL;
2090 }
2091
2092 /* Check for supported iBT hardware variants of this firmware
2093 * loading method.
2094 *
2095 * This check has been put in place to ensure correct forward
2096 * compatibility options when newer hardware variants come along.
2097 */
2098 switch (ver.hw_variant) {
2099 case 0x0b: /* SfP */
2100 case 0x0c: /* WsP */
2101 case 0x11: /* JfP */
2102 case 0x12: /* ThP */
2103 case 0x13: /* HrP */
2104 case 0x14: /* QnJ, IcP */
2105 break;
2106 default:
2107 BT_ERR("%s: Unsupported Intel hardware variant (%u)",
2108 hdev->name, ver.hw_variant);
2109 return -EINVAL;
2110 }
2111
2112 btintel_version_info(hdev, &ver);
2113
2114 /* The firmware variant determines if the device is in bootloader
2115 * mode or is running operational firmware. The value 0x06 identifies
2116 * the bootloader and the value 0x23 identifies the operational
2117 * firmware.
2118 *
2119 * When the operational firmware is already present, then only
2120 * the check for valid Bluetooth device address is needed. This
2121 * determines if the device will be added as configured or
2122 * unconfigured controller.
2123 *
2124 * It is not possible to use the Secure Boot Parameters in this
2125 * case since that command is only available in bootloader mode.
2126 */
2127 if (ver.fw_variant == 0x23) {
2128 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2129 btintel_check_bdaddr(hdev);
2130 return 0;
2131 }
2132
2133 /* If the device is not in bootloader mode, then the only possible
2134 * choice is to return an error and abort the device initialization.
2135 */
2136 if (ver.fw_variant != 0x06) {
2137 BT_ERR("%s: Unsupported Intel firmware variant (%u)",
2138 hdev->name, ver.fw_variant);
2139 return -ENODEV;
2140 }
2141
2142 /* Read the secure boot parameters to identify the operating
2143 * details of the bootloader.
2144 */
2145 err = btintel_read_boot_params(hdev, ¶ms);
2146 if (err)
2147 return err;
2148
2149 /* It is required that every single firmware fragment is acknowledged
2150 * with a command complete event. If the boot parameters indicate
2151 * that this bootloader does not send them, then abort the setup.
2152 */
2153 if (params.limited_cce != 0x00) {
2154 BT_ERR("%s: Unsupported Intel firmware loading method (%u)",
2155 hdev->name, params.limited_cce);
2156 return -EINVAL;
2157 }
2158
2159 /* If the OTP has no valid Bluetooth device address, then there will
2160 * also be no valid address for the operational firmware.
2161 */
2162 if (!bacmp(¶ms.otp_bdaddr, BDADDR_ANY)) {
2163 bt_dev_info(hdev, "No device address configured");
2164 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2165 }
2166
2167 /* With this Intel bootloader only the hardware variant and device
2168 * revision information are used to select the right firmware for SfP
2169 * and WsP.
2170 *
2171 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2172 *
2173 * Currently the supported hardware variants are:
2174 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2175 * 12 (0x0c) for iBT3.5 (WsP)
2176 *
2177 * For ThP/JfP and for future SKU's, the FW name varies based on HW
2178 * variant, HW revision and FW revision, as these are dependent on CNVi
2179 * and RF Combination.
2180 *
2181 * 17 (0x11) for iBT3.5 (JfP)
2182 * 18 (0x12) for iBT3.5 (ThP)
2183 *
2184 * The firmware file name for these will be
2185 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
2186 *
2187 */
2188 switch (ver.hw_variant) {
2189 case 0x0b: /* SfP */
2190 case 0x0c: /* WsP */
2191 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
2192 le16_to_cpu(ver.hw_variant),
2193 le16_to_cpu(params.dev_revid));
2194 break;
2195 case 0x11: /* JfP */
2196 case 0x12: /* ThP */
2197 case 0x13: /* HrP */
2198 case 0x14: /* QnJ, IcP */
2199 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
2200 le16_to_cpu(ver.hw_variant),
2201 le16_to_cpu(ver.hw_revision),
2202 le16_to_cpu(ver.fw_revision));
2203 break;
2204 default:
2205 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2206 return -EINVAL;
2207 }
2208
2209 err = request_firmware(&fw, fwname, &hdev->dev);
2210 if (err < 0) {
2211 BT_ERR("%s: Failed to load Intel firmware file (%d)",
2212 hdev->name, err);
2213 return err;
2214 }
2215
2216 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2217
2218 /* Save the DDC file name for later use to apply once the firmware
2219 * downloading is done.
2220 */
2221 switch (ver.hw_variant) {
2222 case 0x0b: /* SfP */
2223 case 0x0c: /* WsP */
2224 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
2225 le16_to_cpu(ver.hw_variant),
2226 le16_to_cpu(params.dev_revid));
2227 break;
2228 case 0x11: /* JfP */
2229 case 0x12: /* ThP */
2230 case 0x13: /* HrP */
2231 case 0x14: /* QnJ, IcP */
2232 snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
2233 le16_to_cpu(ver.hw_variant),
2234 le16_to_cpu(ver.hw_revision),
2235 le16_to_cpu(ver.fw_revision));
2236 break;
2237 default:
2238 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name);
2239 return -EINVAL;
2240 }
2241
2242 if (fw->size < 644) {
2243 BT_ERR("%s: Invalid size of firmware file (%zu)",
2244 hdev->name, fw->size);
2245 err = -EBADF;
2246 goto done;
2247 }
2248
2249 set_bit(BTUSB_DOWNLOADING, &data->flags);
2250
2251 /* Start firmware downloading and get boot parameter */
2252 err = btintel_download_firmware(hdev, fw, &boot_param);
2253 if (err < 0)
2254 goto done;
2255
2256 set_bit(BTUSB_FIRMWARE_LOADED, &data->flags);
2257
2258 bt_dev_info(hdev, "Waiting for firmware download to complete");
2259
2260 /* Before switching the device into operational mode and with that
2261 * booting the loaded firmware, wait for the bootloader notification
2262 * that all fragments have been successfully received.
2263 *
2264 * When the event processing receives the notification, then the
2265 * BTUSB_DOWNLOADING flag will be cleared.
2266 *
2267 * The firmware loading should not take longer than 5 seconds
2268 * and thus just timeout if that happens and fail the setup
2269 * of this device.
2270 */
2271 err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING,
2272 TASK_INTERRUPTIBLE,
2273 msecs_to_jiffies(5000));
2274 if (err == -EINTR) {
2275 BT_ERR("%s: Firmware loading interrupted", hdev->name);
2276 goto done;
2277 }
2278
2279 if (err) {
2280 BT_ERR("%s: Firmware loading timeout", hdev->name);
2281 err = -ETIMEDOUT;
2282 goto done;
2283 }
2284
2285 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2286 BT_ERR("%s: Firmware loading failed", hdev->name);
2287 err = -ENOEXEC;
2288 goto done;
2289 }
2290
2291 rettime = ktime_get();
2292 delta = ktime_sub(rettime, calltime);
2293 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2294
2295 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
2296
2297done:
2298 release_firmware(fw);
2299
2300 if (err < 0)
2301 return err;
2302
2303 calltime = ktime_get();
2304
2305 set_bit(BTUSB_BOOTING, &data->flags);
2306
2307 err = btintel_send_intel_reset(hdev, boot_param);
2308 if (err)
2309 return err;
2310
2311 /* The bootloader will not indicate when the device is ready. This
2312 * is done by the operational firmware sending bootup notification.
2313 *
2314 * Booting into operational firmware should not take longer than
2315 * 1 second. However if that happens, then just fail the setup
2316 * since something went wrong.
2317 */
2318 bt_dev_info(hdev, "Waiting for device to boot");
2319
2320 err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING,
2321 TASK_INTERRUPTIBLE,
2322 msecs_to_jiffies(1000));
2323
2324 if (err == -EINTR) {
2325 BT_ERR("%s: Device boot interrupted", hdev->name);
2326 return -EINTR;
2327 }
2328
2329 if (err) {
2330 BT_ERR("%s: Device boot timeout", hdev->name);
2331 return -ETIMEDOUT;
2332 }
2333
2334 rettime = ktime_get();
2335 delta = ktime_sub(rettime, calltime);
2336 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
2337
2338 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
2339
2340 clear_bit(BTUSB_BOOTLOADER, &data->flags);
2341
2342 /* Once the device is running in operational mode, it needs to apply
2343 * the device configuration (DDC) parameters.
2344 *
2345 * The device can work without DDC parameters, so even if it fails
2346 * to load the file, no need to fail the setup.
2347 */
2348 btintel_load_ddc_config(hdev, fwname);
2349
2350 /* Set the event mask for Intel specific vendor events. This enables
2351 * a few extra events that are useful during general operation. It
2352 * does not enable any debugging related events.
2353 *
2354 * The device will function correctly without these events enabled
2355 * and thus no need to fail the setup.
2356 */
2357 btintel_set_event_mask(hdev, false);
2358
2359 return 0;
2360}
2361
2362static int btusb_shutdown_intel(struct hci_dev *hdev)
2363{
2364 struct sk_buff *skb;
2365 long ret;
2366
2367 /* Some platforms have an issue with BT LED when the interface is
2368 * down or BT radio is turned off, which takes 5 seconds to BT LED
2369 * goes off. This command turns off the BT LED immediately.
2370 */
2371 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2372 if (IS_ERR(skb)) {
2373 ret = PTR_ERR(skb);
2374 BT_ERR("%s: turning off Intel device LED failed (%ld)",
2375 hdev->name, ret);
2376 return ret;
2377 }
2378 kfree_skb(skb);
2379
2380 return 0;
2381}
2382
2383#ifdef CONFIG_PM
2384/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */
2385static int marvell_config_oob_wake(struct hci_dev *hdev)
2386{
2387 struct sk_buff *skb;
2388 struct btusb_data *data = hci_get_drvdata(hdev);
2389 struct device *dev = &data->udev->dev;
2390 u16 pin, gap, opcode;
2391 int ret;
2392 u8 cmd[5];
2393
2394 /* Move on if no wakeup pin specified */
2395 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) ||
2396 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap))
2397 return 0;
2398
2399 /* Vendor specific command to configure a GPIO as wake-up pin */
2400 opcode = hci_opcode_pack(0x3F, 0x59);
2401 cmd[0] = opcode & 0xFF;
2402 cmd[1] = opcode >> 8;
2403 cmd[2] = 2; /* length of parameters that follow */
2404 cmd[3] = pin;
2405 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */
2406
2407 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
2408 if (!skb) {
2409 bt_dev_err(hdev, "%s: No memory\n", __func__);
2410 return -ENOMEM;
2411 }
2412
2413 skb_put_data(skb, cmd, sizeof(cmd));
2414 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
2415
2416 ret = btusb_send_frame(hdev, skb);
2417 if (ret) {
2418 bt_dev_err(hdev, "%s: configuration failed\n", __func__);
2419 kfree_skb(skb);
2420 return ret;
2421 }
2422
2423 return 0;
2424}
2425#endif
2426
2427static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
2428 const bdaddr_t *bdaddr)
2429{
2430 struct sk_buff *skb;
2431 u8 buf[8];
2432 long ret;
2433
2434 buf[0] = 0xfe;
2435 buf[1] = sizeof(bdaddr_t);
2436 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
2437
2438 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2439 if (IS_ERR(skb)) {
2440 ret = PTR_ERR(skb);
2441 bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
2442 ret);
2443 return ret;
2444 }
2445 kfree_skb(skb);
2446
2447 return 0;
2448}
2449
2450static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev,
2451 const bdaddr_t *bdaddr)
2452{
2453 struct sk_buff *skb;
2454 u8 buf[10];
2455 long ret;
2456
2457 buf[0] = 0x01;
2458 buf[1] = 0x01;
2459 buf[2] = 0x00;
2460 buf[3] = sizeof(bdaddr_t);
2461 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
2462
2463 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
2464 if (IS_ERR(skb)) {
2465 ret = PTR_ERR(skb);
2466 bt_dev_err(hdev, "Change address command failed (%ld)", ret);
2467 return ret;
2468 }
2469 kfree_skb(skb);
2470
2471 return 0;
2472}
2473
2474#define QCA_DFU_PACKET_LEN 4096
2475
2476#define QCA_GET_TARGET_VERSION 0x09
2477#define QCA_CHECK_STATUS 0x05
2478#define QCA_DFU_DOWNLOAD 0x01
2479
2480#define QCA_SYSCFG_UPDATED 0x40
2481#define QCA_PATCH_UPDATED 0x80
2482#define QCA_DFU_TIMEOUT 3000
2483
2484struct qca_version {
2485 __le32 rom_version;
2486 __le32 patch_version;
2487 __le32 ram_version;
2488 __le32 ref_clock;
2489 __u8 reserved[4];
2490} __packed;
2491
2492struct qca_rampatch_version {
2493 __le16 rom_version;
2494 __le16 patch_version;
2495} __packed;
2496
2497struct qca_device_info {
2498 u32 rom_version;
2499 u8 rampatch_hdr; /* length of header in rampatch */
2500 u8 nvm_hdr; /* length of header in NVM */
2501 u8 ver_offset; /* offset of version structure in rampatch */
2502};
2503
2504static const struct qca_device_info qca_devices_table[] = {
2505 { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
2506 { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
2507 { 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
2508 { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
2509 { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
2510 { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
2511};
2512
2513static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
2514 void *data, u16 size)
2515{
2516 int pipe, err;
2517 u8 *buf;
2518
2519 buf = kmalloc(size, GFP_KERNEL);
2520 if (!buf)
2521 return -ENOMEM;
2522
2523 /* Found some of USB hosts have IOT issues with ours so that we should
2524 * not wait until HCI layer is ready.
2525 */
2526 pipe = usb_rcvctrlpipe(udev, 0);
2527 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN,
2528 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2529 if (err < 0) {
2530 dev_err(&udev->dev, "Failed to access otp area (%d)", err);
2531 goto done;
2532 }
2533
2534 memcpy(data, buf, size);
2535
2536done:
2537 kfree(buf);
2538
2539 return err;
2540}
2541
2542static int btusb_setup_qca_download_fw(struct hci_dev *hdev,
2543 const struct firmware *firmware,
2544 size_t hdr_size)
2545{
2546 struct btusb_data *btdata = hci_get_drvdata(hdev);
2547 struct usb_device *udev = btdata->udev;
2548 size_t count, size, sent = 0;
2549 int pipe, len, err;
2550 u8 *buf;
2551
2552 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL);
2553 if (!buf)
2554 return -ENOMEM;
2555
2556 count = firmware->size;
2557
2558 size = min_t(size_t, count, hdr_size);
2559 memcpy(buf, firmware->data, size);
2560
2561 /* USB patches should go down to controller through USB path
2562 * because binary format fits to go down through USB channel.
2563 * USB control path is for patching headers and USB bulk is for
2564 * patch body.
2565 */
2566 pipe = usb_sndctrlpipe(udev, 0);
2567 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR,
2568 0, 0, buf, size, USB_CTRL_SET_TIMEOUT);
2569 if (err < 0) {
2570 bt_dev_err(hdev, "Failed to send headers (%d)", err);
2571 goto done;
2572 }
2573
2574 sent += size;
2575 count -= size;
2576
2577 while (count) {
2578 size = min_t(size_t, count, QCA_DFU_PACKET_LEN);
2579
2580 memcpy(buf, firmware->data + sent, size);
2581
2582 pipe = usb_sndbulkpipe(udev, 0x02);
2583 err = usb_bulk_msg(udev, pipe, buf, size, &len,
2584 QCA_DFU_TIMEOUT);
2585 if (err < 0) {
2586 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)",
2587 sent, firmware->size, err);
2588 break;
2589 }
2590
2591 if (size != len) {
2592 bt_dev_err(hdev, "Failed to get bulk buffer");
2593 err = -EILSEQ;
2594 break;
2595 }
2596
2597 sent += size;
2598 count -= size;
2599 }
2600
2601done:
2602 kfree(buf);
2603 return err;
2604}
2605
2606static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev,
2607 struct qca_version *ver,
2608 const struct qca_device_info *info)
2609{
2610 struct qca_rampatch_version *rver;
2611 const struct firmware *fw;
2612 u32 ver_rom, ver_patch;
2613 u16 rver_rom, rver_patch;
2614 char fwname[64];
2615 int err;
2616
2617 ver_rom = le32_to_cpu(ver->rom_version);
2618 ver_patch = le32_to_cpu(ver->patch_version);
2619
2620 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom);
2621
2622 err = request_firmware(&fw, fwname, &hdev->dev);
2623 if (err) {
2624 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)",
2625 fwname, err);
2626 return err;
2627 }
2628
2629 bt_dev_info(hdev, "using rampatch file: %s", fwname);
2630
2631 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
2632 rver_rom = le16_to_cpu(rver->rom_version);
2633 rver_patch = le16_to_cpu(rver->patch_version);
2634
2635 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
2636 "firmware rome 0x%x build 0x%x",
2637 rver_rom, rver_patch, ver_rom, ver_patch);
2638
2639 if (rver_rom != ver_rom || rver_patch <= ver_patch) {
2640 bt_dev_err(hdev, "rampatch file version did not match with firmware");
2641 err = -EINVAL;
2642 goto done;
2643 }
2644
2645 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr);
2646
2647done:
2648 release_firmware(fw);
2649
2650 return err;
2651}
2652
2653static int btusb_setup_qca_load_nvm(struct hci_dev *hdev,
2654 struct qca_version *ver,
2655 const struct qca_device_info *info)
2656{
2657 const struct firmware *fw;
2658 char fwname[64];
2659 int err;
2660
2661 snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin",
2662 le32_to_cpu(ver->rom_version));
2663
2664 err = request_firmware(&fw, fwname, &hdev->dev);
2665 if (err) {
2666 bt_dev_err(hdev, "failed to request NVM file: %s (%d)",
2667 fwname, err);
2668 return err;
2669 }
2670
2671 bt_dev_info(hdev, "using NVM file: %s", fwname);
2672
2673 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr);
2674
2675 release_firmware(fw);
2676
2677 return err;
2678}
2679
2680/* identify the ROM version and check whether patches are needed */
2681static bool btusb_qca_need_patch(struct usb_device *udev)
2682{
2683 struct qca_version ver;
2684
2685 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
2686 sizeof(ver)) < 0)
2687 return false;
2688 /* only low ROM versions need patches */
2689 return !(le32_to_cpu(ver.rom_version) & ~0xffffU);
2690}
2691
2692static int btusb_setup_qca(struct hci_dev *hdev)
2693{
2694 struct btusb_data *btdata = hci_get_drvdata(hdev);
2695 struct usb_device *udev = btdata->udev;
2696 const struct qca_device_info *info = NULL;
2697 struct qca_version ver;
2698 u32 ver_rom;
2699 u8 status;
2700 int i, err;
2701
2702 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver,
2703 sizeof(ver));
2704 if (err < 0)
2705 return err;
2706
2707 ver_rom = le32_to_cpu(ver.rom_version);
2708 /* Don't care about high ROM versions */
2709 if (ver_rom & ~0xffffU)
2710 return 0;
2711
2712 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
2713 if (ver_rom == qca_devices_table[i].rom_version)
2714 info = &qca_devices_table[i];
2715 }
2716 if (!info) {
2717 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom);
2718 return -ENODEV;
2719 }
2720
2721 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status,
2722 sizeof(status));
2723 if (err < 0)
2724 return err;
2725
2726 if (!(status & QCA_PATCH_UPDATED)) {
2727 err = btusb_setup_qca_load_rampatch(hdev, &ver, info);
2728 if (err < 0)
2729 return err;
2730 }
2731
2732 if (!(status & QCA_SYSCFG_UPDATED)) {
2733 err = btusb_setup_qca_load_nvm(hdev, &ver, info);
2734 if (err < 0)
2735 return err;
2736 }
2737
2738 return 0;
2739}
2740
2741#ifdef CONFIG_BT_HCIBTUSB_BCM
2742static inline int __set_diag_interface(struct hci_dev *hdev)
2743{
2744 struct btusb_data *data = hci_get_drvdata(hdev);
2745 struct usb_interface *intf = data->diag;
2746 int i;
2747
2748 if (!data->diag)
2749 return -ENODEV;
2750
2751 data->diag_tx_ep = NULL;
2752 data->diag_rx_ep = NULL;
2753
2754 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2755 struct usb_endpoint_descriptor *ep_desc;
2756
2757 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2758
2759 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2760 data->diag_tx_ep = ep_desc;
2761 continue;
2762 }
2763
2764 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2765 data->diag_rx_ep = ep_desc;
2766 continue;
2767 }
2768 }
2769
2770 if (!data->diag_tx_ep || !data->diag_rx_ep) {
2771 bt_dev_err(hdev, "invalid diagnostic descriptors");
2772 return -ENODEV;
2773 }
2774
2775 return 0;
2776}
2777
2778static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable)
2779{
2780 struct btusb_data *data = hci_get_drvdata(hdev);
2781 struct sk_buff *skb;
2782 struct urb *urb;
2783 unsigned int pipe;
2784
2785 if (!data->diag_tx_ep)
2786 return ERR_PTR(-ENODEV);
2787
2788 urb = usb_alloc_urb(0, GFP_KERNEL);
2789 if (!urb)
2790 return ERR_PTR(-ENOMEM);
2791
2792 skb = bt_skb_alloc(2, GFP_KERNEL);
2793 if (!skb) {
2794 usb_free_urb(urb);
2795 return ERR_PTR(-ENOMEM);
2796 }
2797
2798 skb_put_u8(skb, 0xf0);
2799 skb_put_u8(skb, enable);
2800
2801 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress);
2802
2803 usb_fill_bulk_urb(urb, data->udev, pipe,
2804 skb->data, skb->len, btusb_tx_complete, skb);
2805
2806 skb->dev = (void *)hdev;
2807
2808 return urb;
2809}
2810
2811static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable)
2812{
2813 struct btusb_data *data = hci_get_drvdata(hdev);
2814 struct urb *urb;
2815
2816 if (!data->diag)
2817 return -ENODEV;
2818
2819 if (!test_bit(HCI_RUNNING, &hdev->flags))
2820 return -ENETDOWN;
2821
2822 urb = alloc_diag_urb(hdev, enable);
2823 if (IS_ERR(urb))
2824 return PTR_ERR(urb);
2825
2826 return submit_or_queue_tx_urb(hdev, urb);
2827}
2828#endif
2829
2830#ifdef CONFIG_PM
2831static irqreturn_t btusb_oob_wake_handler(int irq, void *priv)
2832{
2833 struct btusb_data *data = priv;
2834
2835 pm_wakeup_event(&data->udev->dev, 0);
2836 pm_system_wakeup();
2837
2838 /* Disable only if not already disabled (keep it balanced) */
2839 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
2840 disable_irq_nosync(irq);
2841 disable_irq_wake(irq);
2842 }
2843 return IRQ_HANDLED;
2844}
2845
2846static const struct of_device_id btusb_match_table[] = {
2847 { .compatible = "usb1286,204e" },
2848 { }
2849};
2850MODULE_DEVICE_TABLE(of, btusb_match_table);
2851
2852/* Use an oob wakeup pin? */
2853static int btusb_config_oob_wake(struct hci_dev *hdev)
2854{
2855 struct btusb_data *data = hci_get_drvdata(hdev);
2856 struct device *dev = &data->udev->dev;
2857 int irq, ret;
2858
2859 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
2860
2861 if (!of_match_device(btusb_match_table, dev))
2862 return 0;
2863
2864 /* Move on if no IRQ specified */
2865 irq = of_irq_get_byname(dev->of_node, "wakeup");
2866 if (irq <= 0) {
2867 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__);
2868 return 0;
2869 }
2870
2871 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler,
2872 0, "OOB Wake-on-BT", data);
2873 if (ret) {
2874 bt_dev_err(hdev, "%s: IRQ request failed", __func__);
2875 return ret;
2876 }
2877
2878 ret = device_init_wakeup(dev, true);
2879 if (ret) {
2880 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__);
2881 return ret;
2882 }
2883
2884 data->oob_wake_irq = irq;
2885 disable_irq(irq);
2886 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq);
2887 return 0;
2888}
2889#endif
2890
2891static void btusb_check_needs_reset_resume(struct usb_interface *intf)
2892{
2893 if (dmi_check_system(btusb_needs_reset_resume_table))
2894 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
2895}
2896
2897static int btusb_probe(struct usb_interface *intf,
2898 const struct usb_device_id *id)
2899{
2900 struct usb_endpoint_descriptor *ep_desc;
2901 struct btusb_data *data;
2902 struct hci_dev *hdev;
2903 unsigned ifnum_base;
2904 int i, err;
2905
2906 BT_DBG("intf %p id %p", intf, id);
2907
2908 /* interface numbers are hardcoded in the spec */
2909 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) {
2910 if (!(id->driver_info & BTUSB_IFNUM_2))
2911 return -ENODEV;
2912 if (intf->cur_altsetting->desc.bInterfaceNumber != 2)
2913 return -ENODEV;
2914 }
2915
2916 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber;
2917
2918 if (!id->driver_info) {
2919 const struct usb_device_id *match;
2920
2921 match = usb_match_id(intf, blacklist_table);
2922 if (match)
2923 id = match;
2924 }
2925
2926 if (id->driver_info == BTUSB_IGNORE)
2927 return -ENODEV;
2928
2929 if (id->driver_info & BTUSB_ATH3012) {
2930 struct usb_device *udev = interface_to_usbdev(intf);
2931
2932 /* Old firmware would otherwise let ath3k driver load
2933 * patch and sysconfig files
2934 */
2935 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 &&
2936 !btusb_qca_need_patch(udev))
2937 return -ENODEV;
2938 }
2939
2940 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
2941 if (!data)
2942 return -ENOMEM;
2943
2944 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
2945 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
2946
2947 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
2948 data->intr_ep = ep_desc;
2949 continue;
2950 }
2951
2952 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
2953 data->bulk_tx_ep = ep_desc;
2954 continue;
2955 }
2956
2957 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
2958 data->bulk_rx_ep = ep_desc;
2959 continue;
2960 }
2961 }
2962
2963 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
2964 return -ENODEV;
2965
2966 if (id->driver_info & BTUSB_AMP) {
2967 data->cmdreq_type = USB_TYPE_CLASS | 0x01;
2968 data->cmdreq = 0x2b;
2969 } else {
2970 data->cmdreq_type = USB_TYPE_CLASS;
2971 data->cmdreq = 0x00;
2972 }
2973
2974 data->udev = interface_to_usbdev(intf);
2975 data->intf = intf;
2976
2977 INIT_WORK(&data->work, btusb_work);
2978 INIT_WORK(&data->waker, btusb_waker);
2979 init_usb_anchor(&data->deferred);
2980 init_usb_anchor(&data->tx_anchor);
2981 spin_lock_init(&data->txlock);
2982
2983 init_usb_anchor(&data->intr_anchor);
2984 init_usb_anchor(&data->bulk_anchor);
2985 init_usb_anchor(&data->isoc_anchor);
2986 init_usb_anchor(&data->diag_anchor);
2987 spin_lock_init(&data->rxlock);
2988
2989 if (id->driver_info & BTUSB_INTEL_NEW) {
2990 data->recv_event = btusb_recv_event_intel;
2991 data->recv_bulk = btusb_recv_bulk_intel;
2992 set_bit(BTUSB_BOOTLOADER, &data->flags);
2993 } else {
2994 data->recv_event = hci_recv_frame;
2995 data->recv_bulk = btusb_recv_bulk;
2996 }
2997
2998 hdev = hci_alloc_dev();
2999 if (!hdev)
3000 return -ENOMEM;
3001
3002 hdev->bus = HCI_USB;
3003 hci_set_drvdata(hdev, data);
3004
3005 if (id->driver_info & BTUSB_AMP)
3006 hdev->dev_type = HCI_AMP;
3007 else
3008 hdev->dev_type = HCI_PRIMARY;
3009
3010 data->hdev = hdev;
3011
3012 SET_HCIDEV_DEV(hdev, &intf->dev);
3013
3014 hdev->open = btusb_open;
3015 hdev->close = btusb_close;
3016 hdev->flush = btusb_flush;
3017 hdev->send = btusb_send_frame;
3018 hdev->notify = btusb_notify;
3019
3020#ifdef CONFIG_PM
3021 err = btusb_config_oob_wake(hdev);
3022 if (err)
3023 goto out_free_dev;
3024
3025 /* Marvell devices may need a specific chip configuration */
3026 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) {
3027 err = marvell_config_oob_wake(hdev);
3028 if (err)
3029 goto out_free_dev;
3030 }
3031#endif
3032 if (id->driver_info & BTUSB_CW6622)
3033 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3034
3035 if (id->driver_info & BTUSB_BCM2045)
3036 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);
3037
3038 if (id->driver_info & BTUSB_BCM92035)
3039 hdev->setup = btusb_setup_bcm92035;
3040
3041#ifdef CONFIG_BT_HCIBTUSB_BCM
3042 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
3043 hdev->manufacturer = 15;
3044 hdev->setup = btbcm_setup_patchram;
3045 hdev->set_diag = btusb_bcm_set_diag;
3046 hdev->set_bdaddr = btbcm_set_bdaddr;
3047
3048 /* Broadcom LM_DIAG Interface numbers are hardcoded */
3049 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3050 }
3051
3052 if (id->driver_info & BTUSB_BCM_APPLE) {
3053 hdev->manufacturer = 15;
3054 hdev->setup = btbcm_setup_apple;
3055 hdev->set_diag = btusb_bcm_set_diag;
3056
3057 /* Broadcom LM_DIAG Interface numbers are hardcoded */
3058 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2);
3059 }
3060#endif
3061
3062 if (id->driver_info & BTUSB_INTEL) {
3063 hdev->manufacturer = 2;
3064 hdev->setup = btusb_setup_intel;
3065 hdev->shutdown = btusb_shutdown_intel;
3066 hdev->set_diag = btintel_set_diag_mfg;
3067 hdev->set_bdaddr = btintel_set_bdaddr;
3068 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3069 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3070 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3071 }
3072
3073 if (id->driver_info & BTUSB_INTEL_NEW) {
3074 hdev->manufacturer = 2;
3075 hdev->send = btusb_send_frame_intel;
3076 hdev->setup = btusb_setup_intel_new;
3077 hdev->hw_error = btintel_hw_error;
3078 hdev->set_diag = btintel_set_diag;
3079 hdev->set_bdaddr = btintel_set_bdaddr;
3080 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3081 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3082 }
3083
3084 if (id->driver_info & BTUSB_MARVELL)
3085 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
3086
3087 if (id->driver_info & BTUSB_SWAVE) {
3088 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks);
3089 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks);
3090 }
3091
3092 if (id->driver_info & BTUSB_INTEL_BOOT) {
3093 hdev->manufacturer = 2;
3094 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3095 }
3096
3097 if (id->driver_info & BTUSB_ATH3012) {
3098 data->setup_on_usb = btusb_setup_qca;
3099 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3100 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3101 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3102 }
3103
3104 if (id->driver_info & BTUSB_QCA_ROME) {
3105 data->setup_on_usb = btusb_setup_qca;
3106 hdev->set_bdaddr = btusb_set_bdaddr_ath3012;
3107 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3108 btusb_check_needs_reset_resume(intf);
3109 }
3110
3111#ifdef CONFIG_BT_HCIBTUSB_RTL
3112 if (id->driver_info & BTUSB_REALTEK) {
3113 hdev->setup = btrtl_setup_realtek;
3114
3115 /* Realtek devices lose their updated firmware over suspend,
3116 * but the USB hub doesn't notice any status change.
3117 * Explicitly request a device reset on resume.
3118 */
3119 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME;
3120 }
3121#endif
3122
3123 if (id->driver_info & BTUSB_AMP) {
3124 /* AMP controllers do not support SCO packets */
3125 data->isoc = NULL;
3126 } else {
3127 /* Interface orders are hardcoded in the specification */
3128 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1);
3129 data->isoc_ifnum = ifnum_base + 1;
3130 }
3131
3132 if (!reset)
3133 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3134
3135 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
3136 if (!disable_scofix)
3137 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
3138 }
3139
3140 if (id->driver_info & BTUSB_BROKEN_ISOC)
3141 data->isoc = NULL;
3142
3143 if (id->driver_info & BTUSB_DIGIANSWER) {
3144 data->cmdreq_type = USB_TYPE_VENDOR;
3145 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3146 }
3147
3148 if (id->driver_info & BTUSB_CSR) {
3149 struct usb_device *udev = data->udev;
3150 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
3151
3152 /* Old firmware would otherwise execute USB reset */
3153 if (bcdDevice < 0x117)
3154 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
3155
3156 /* Fake CSR devices with broken commands */
3157 if (bcdDevice <= 0x100 || bcdDevice == 0x134)
3158 hdev->setup = btusb_setup_csr;
3159
3160 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3161 }
3162
3163 if (id->driver_info & BTUSB_SNIFFER) {
3164 struct usb_device *udev = data->udev;
3165
3166 /* New sniffer firmware has crippled HCI interface */
3167 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
3168 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
3169 }
3170
3171 if (id->driver_info & BTUSB_INTEL_BOOT) {
3172 /* A bug in the bootloader causes that interrupt interface is
3173 * only enabled after receiving SetInterface(0, AltSetting=0).
3174 */
3175 err = usb_set_interface(data->udev, 0, 0);
3176 if (err < 0) {
3177 BT_ERR("failed to set interface 0, alt 0 %d", err);
3178 goto out_free_dev;
3179 }
3180 }
3181
3182 if (data->isoc) {
3183 err = usb_driver_claim_interface(&btusb_driver,
3184 data->isoc, data);
3185 if (err < 0)
3186 goto out_free_dev;
3187 }
3188
3189#ifdef CONFIG_BT_HCIBTUSB_BCM
3190 if (data->diag) {
3191 if (!usb_driver_claim_interface(&btusb_driver,
3192 data->diag, data))
3193 __set_diag_interface(hdev);
3194 else
3195 data->diag = NULL;
3196 }
3197#endif
3198
3199 if (enable_autosuspend)
3200 usb_enable_autosuspend(data->udev);
3201
3202 err = hci_register_dev(hdev);
3203 if (err < 0)
3204 goto out_free_dev;
3205
3206 usb_set_intfdata(intf, data);
3207
3208 return 0;
3209
3210out_free_dev:
3211 hci_free_dev(hdev);
3212 return err;
3213}
3214
3215static void btusb_disconnect(struct usb_interface *intf)
3216{
3217 struct btusb_data *data = usb_get_intfdata(intf);
3218 struct hci_dev *hdev;
3219
3220 BT_DBG("intf %p", intf);
3221
3222 if (!data)
3223 return;
3224
3225 hdev = data->hdev;
3226 usb_set_intfdata(data->intf, NULL);
3227
3228 if (data->isoc)
3229 usb_set_intfdata(data->isoc, NULL);
3230
3231 if (data->diag)
3232 usb_set_intfdata(data->diag, NULL);
3233
3234 hci_unregister_dev(hdev);
3235
3236 if (intf == data->intf) {
3237 if (data->isoc)
3238 usb_driver_release_interface(&btusb_driver, data->isoc);
3239 if (data->diag)
3240 usb_driver_release_interface(&btusb_driver, data->diag);
3241 } else if (intf == data->isoc) {
3242 if (data->diag)
3243 usb_driver_release_interface(&btusb_driver, data->diag);
3244 usb_driver_release_interface(&btusb_driver, data->intf);
3245 } else if (intf == data->diag) {
3246 usb_driver_release_interface(&btusb_driver, data->intf);
3247 if (data->isoc)
3248 usb_driver_release_interface(&btusb_driver, data->isoc);
3249 }
3250
3251 if (data->oob_wake_irq)
3252 device_init_wakeup(&data->udev->dev, false);
3253
3254 hci_free_dev(hdev);
3255}
3256
3257#ifdef CONFIG_PM
3258static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
3259{
3260 struct btusb_data *data = usb_get_intfdata(intf);
3261
3262 BT_DBG("intf %p", intf);
3263
3264 if (data->suspend_count++)
3265 return 0;
3266
3267 spin_lock_irq(&data->txlock);
3268 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
3269 set_bit(BTUSB_SUSPENDING, &data->flags);
3270 spin_unlock_irq(&data->txlock);
3271 } else {
3272 spin_unlock_irq(&data->txlock);
3273 data->suspend_count--;
3274 return -EBUSY;
3275 }
3276
3277 cancel_work_sync(&data->work);
3278
3279 btusb_stop_traffic(data);
3280 usb_kill_anchored_urbs(&data->tx_anchor);
3281
3282 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) {
3283 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags);
3284 enable_irq_wake(data->oob_wake_irq);
3285 enable_irq(data->oob_wake_irq);
3286 }
3287
3288 return 0;
3289}
3290
3291static void play_deferred(struct btusb_data *data)
3292{
3293 struct urb *urb;
3294 int err;
3295
3296 while ((urb = usb_get_from_anchor(&data->deferred))) {
3297 usb_anchor_urb(urb, &data->tx_anchor);
3298
3299 err = usb_submit_urb(urb, GFP_ATOMIC);
3300 if (err < 0) {
3301 if (err != -EPERM && err != -ENODEV)
3302 BT_ERR("%s urb %p submission failed (%d)",
3303 data->hdev->name, urb, -err);
3304 kfree(urb->setup_packet);
3305 usb_unanchor_urb(urb);
3306 usb_free_urb(urb);
3307 break;
3308 }
3309
3310 data->tx_in_flight++;
3311 usb_free_urb(urb);
3312 }
3313
3314 /* Cleanup the rest deferred urbs. */
3315 while ((urb = usb_get_from_anchor(&data->deferred))) {
3316 kfree(urb->setup_packet);
3317 usb_free_urb(urb);
3318 }
3319}
3320
3321static int btusb_resume(struct usb_interface *intf)
3322{
3323 struct btusb_data *data = usb_get_intfdata(intf);
3324 struct hci_dev *hdev = data->hdev;
3325 int err = 0;
3326
3327 BT_DBG("intf %p", intf);
3328
3329 if (--data->suspend_count)
3330 return 0;
3331
3332 /* Disable only if not already disabled (keep it balanced) */
3333 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) {
3334 disable_irq(data->oob_wake_irq);
3335 disable_irq_wake(data->oob_wake_irq);
3336 }
3337
3338 if (!test_bit(HCI_RUNNING, &hdev->flags))
3339 goto done;
3340
3341 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
3342 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
3343 if (err < 0) {
3344 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
3345 goto failed;
3346 }
3347 }
3348
3349 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
3350 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
3351 if (err < 0) {
3352 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
3353 goto failed;
3354 }
3355
3356 btusb_submit_bulk_urb(hdev, GFP_NOIO);
3357 }
3358
3359 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
3360 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
3361 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
3362 else
3363 btusb_submit_isoc_urb(hdev, GFP_NOIO);
3364 }
3365
3366 spin_lock_irq(&data->txlock);
3367 play_deferred(data);
3368 clear_bit(BTUSB_SUSPENDING, &data->flags);
3369 spin_unlock_irq(&data->txlock);
3370 schedule_work(&data->work);
3371
3372 return 0;
3373
3374failed:
3375 usb_scuttle_anchored_urbs(&data->deferred);
3376done:
3377 spin_lock_irq(&data->txlock);
3378 clear_bit(BTUSB_SUSPENDING, &data->flags);
3379 spin_unlock_irq(&data->txlock);
3380
3381 return err;
3382}
3383#endif
3384
3385static struct usb_driver btusb_driver = {
3386 .name = "btusb",
3387 .probe = btusb_probe,
3388 .disconnect = btusb_disconnect,
3389#ifdef CONFIG_PM
3390 .suspend = btusb_suspend,
3391 .resume = btusb_resume,
3392#endif
3393 .id_table = btusb_table,
3394 .supports_autosuspend = 1,
3395 .disable_hub_initiated_lpm = 1,
3396};
3397
3398module_usb_driver(btusb_driver);
3399
3400module_param(disable_scofix, bool, 0644);
3401MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
3402
3403module_param(force_scofix, bool, 0644);
3404MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
3405
3406module_param(enable_autosuspend, bool, 0644);
3407MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default");
3408
3409module_param(reset, bool, 0644);
3410MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
3411
3412MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
3413MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
3414MODULE_VERSION(VERSION);
3415MODULE_LICENSE("GPL");