tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / drivers / bluetooth / btusb.c
at v6.3-rc1 4432 lines 122 kB view raw
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * 4 * Generic Bluetooth USB driver 5 * 6 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> 7 */ 8 9#include <linux/dmi.h> 10#include <linux/module.h> 11#include <linux/usb.h> 12#include <linux/usb/quirks.h> 13#include <linux/firmware.h> 14#include <linux/iopoll.h> 15#include <linux/of_device.h> 16#include <linux/of_irq.h> 17#include <linux/suspend.h> 18#include <linux/gpio/consumer.h> 19#include <linux/debugfs.h> 20#include <asm/unaligned.h> 21 22#include <net/bluetooth/bluetooth.h> 23#include <net/bluetooth/hci_core.h> 24 25#include "btintel.h" 26#include "btbcm.h" 27#include "btrtl.h" 28#include "btmtk.h" 29 30#define VERSION "0.8" 31 32static bool disable_scofix; 33static bool force_scofix; 34static bool enable_autosuspend = IS_ENABLED(CONFIG_BT_HCIBTUSB_AUTOSUSPEND); 35static bool enable_poll_sync = IS_ENABLED(CONFIG_BT_HCIBTUSB_POLL_SYNC); 36static bool reset = true; 37 38static struct usb_driver btusb_driver; 39 40#define BTUSB_IGNORE BIT(0) 41#define BTUSB_DIGIANSWER BIT(1) 42#define BTUSB_CSR BIT(2) 43#define BTUSB_SNIFFER BIT(3) 44#define BTUSB_BCM92035 BIT(4) 45#define BTUSB_BROKEN_ISOC BIT(5) 46#define BTUSB_WRONG_SCO_MTU BIT(6) 47#define BTUSB_ATH3012 BIT(7) 48#define BTUSB_INTEL_COMBINED BIT(8) 49#define BTUSB_INTEL_BOOT BIT(9) 50#define BTUSB_BCM_PATCHRAM BIT(10) 51#define BTUSB_MARVELL BIT(11) 52#define BTUSB_SWAVE BIT(12) 53#define BTUSB_AMP BIT(13) 54#define BTUSB_QCA_ROME BIT(14) 55#define BTUSB_BCM_APPLE BIT(15) 56#define BTUSB_REALTEK BIT(16) 57#define BTUSB_BCM2045 BIT(17) 58#define BTUSB_IFNUM_2 BIT(18) 59#define BTUSB_CW6622 BIT(19) 60#define BTUSB_MEDIATEK BIT(20) 61#define BTUSB_WIDEBAND_SPEECH BIT(21) 62#define BTUSB_VALID_LE_STATES BIT(22) 63#define BTUSB_QCA_WCN6855 BIT(23) 64#define BTUSB_INTEL_BROKEN_SHUTDOWN_LED BIT(24) 65#define BTUSB_INTEL_BROKEN_INITIAL_NCMD BIT(25) 66#define BTUSB_INTEL_NO_WBS_SUPPORT BIT(26) 67#define BTUSB_ACTIONS_SEMI BIT(27) 68 69static const struct usb_device_id btusb_table[] = { 70 /* Generic Bluetooth USB device */ 71 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, 72 73 /* Generic Bluetooth AMP device */ 74 { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, 75 76 /* Generic Bluetooth USB interface */ 77 { USB_INTERFACE_INFO(0xe0, 0x01, 0x01) }, 78 79 /* Apple-specific (Broadcom) devices */ 80 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01), 81 .driver_info = BTUSB_BCM_APPLE | BTUSB_IFNUM_2 }, 82 83 /* MediaTek MT76x0E */ 84 { USB_DEVICE(0x0e8d, 0x763f) }, 85 86 /* Broadcom SoftSailing reporting vendor specific */ 87 { USB_DEVICE(0x0a5c, 0x21e1) }, 88 89 /* Apple MacBookPro 7,1 */ 90 { USB_DEVICE(0x05ac, 0x8213) }, 91 92 /* Apple iMac11,1 */ 93 { USB_DEVICE(0x05ac, 0x8215) }, 94 95 /* Apple MacBookPro6,2 */ 96 { USB_DEVICE(0x05ac, 0x8218) }, 97 98 /* Apple MacBookAir3,1, MacBookAir3,2 */ 99 { USB_DEVICE(0x05ac, 0x821b) }, 100 101 /* Apple MacBookAir4,1 */ 102 { USB_DEVICE(0x05ac, 0x821f) }, 103 104 /* Apple MacBookPro8,2 */ 105 { USB_DEVICE(0x05ac, 0x821a) }, 106 107 /* Apple MacMini5,1 */ 108 { USB_DEVICE(0x05ac, 0x8281) }, 109 110 /* AVM BlueFRITZ! USB v2.0 */ 111 { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, 112 113 /* Bluetooth Ultraport Module from IBM */ 114 { USB_DEVICE(0x04bf, 0x030a) }, 115 116 /* ALPS Modules with non-standard id */ 117 { USB_DEVICE(0x044e, 0x3001) }, 118 { USB_DEVICE(0x044e, 0x3002) }, 119 120 /* Ericsson with non-standard id */ 121 { USB_DEVICE(0x0bdb, 0x1002) }, 122 123 /* Canyon CN-BTU1 with HID interfaces */ 124 { USB_DEVICE(0x0c10, 0x0000) }, 125 126 /* Broadcom BCM20702B0 (Dynex/Insignia) */ 127 { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, 128 129 /* Broadcom BCM43142A0 (Foxconn/Lenovo) */ 130 { USB_VENDOR_AND_INTERFACE_INFO(0x105b, 0xff, 0x01, 0x01), 131 .driver_info = BTUSB_BCM_PATCHRAM }, 132 133 /* Broadcom BCM920703 (HTC Vive) */ 134 { USB_VENDOR_AND_INTERFACE_INFO(0x0bb4, 0xff, 0x01, 0x01), 135 .driver_info = BTUSB_BCM_PATCHRAM }, 136 137 /* Foxconn - Hon Hai */ 138 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), 139 .driver_info = BTUSB_BCM_PATCHRAM }, 140 141 /* Lite-On Technology - Broadcom based */ 142 { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), 143 .driver_info = BTUSB_BCM_PATCHRAM }, 144 145 /* Broadcom devices with vendor specific id */ 146 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 147 .driver_info = BTUSB_BCM_PATCHRAM }, 148 149 /* ASUSTek Computer - Broadcom based */ 150 { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), 151 .driver_info = BTUSB_BCM_PATCHRAM }, 152 153 /* Belkin F8065bf - Broadcom based */ 154 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01), 155 .driver_info = BTUSB_BCM_PATCHRAM }, 156 157 /* IMC Networks - Broadcom based */ 158 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01), 159 .driver_info = BTUSB_BCM_PATCHRAM }, 160 161 /* Dell Computer - Broadcom based */ 162 { USB_VENDOR_AND_INTERFACE_INFO(0x413c, 0xff, 0x01, 0x01), 163 .driver_info = BTUSB_BCM_PATCHRAM }, 164 165 /* Toshiba Corp - Broadcom based */ 166 { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), 167 .driver_info = BTUSB_BCM_PATCHRAM }, 168 169 /* Intel Bluetooth USB Bootloader (RAM module) */ 170 { USB_DEVICE(0x8087, 0x0a5a), 171 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, 172 173 { } /* Terminating entry */ 174}; 175 176MODULE_DEVICE_TABLE(usb, btusb_table); 177 178static const struct usb_device_id blacklist_table[] = { 179 /* CSR BlueCore devices */ 180 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, 181 182 /* Broadcom BCM2033 without firmware */ 183 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, 184 185 /* Broadcom BCM2045 devices */ 186 { USB_DEVICE(0x0a5c, 0x2045), .driver_info = BTUSB_BCM2045 }, 187 188 /* Atheros 3011 with sflash firmware */ 189 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, 190 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 191 { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, 192 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 193 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 194 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, 195 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 196 197 /* Atheros AR9285 Malbec with sflash firmware */ 198 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, 199 200 /* Atheros 3012 with sflash firmware */ 201 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, 202 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, 203 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, 204 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 205 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, 206 { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, 207 { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, 208 { USB_DEVICE(0x0489, 0xe095), .driver_info = BTUSB_ATH3012 }, 209 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, 210 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, 211 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 212 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, 213 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 214 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 215 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 216 { USB_DEVICE(0x04ca, 0x300d), .driver_info = BTUSB_ATH3012 }, 217 { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 218 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 219 { USB_DEVICE(0x04ca, 0x3014), .driver_info = BTUSB_ATH3012 }, 220 { USB_DEVICE(0x04ca, 0x3018), .driver_info = BTUSB_ATH3012 }, 221 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 222 { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, 223 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, 224 { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, 225 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, 226 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, 227 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, 228 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, 229 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, 230 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, 231 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, 232 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, 233 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, 234 { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, 235 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 236 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 237 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 238 { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 239 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 240 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 241 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, 242 { USB_DEVICE(0x13d3, 0x3395), .driver_info = BTUSB_ATH3012 }, 243 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, 244 { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, 245 { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, 246 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, 247 { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 }, 248 { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, 249 { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 }, 250 { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 }, 251 252 /* Atheros AR5BBU12 with sflash firmware */ 253 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 254 255 /* Atheros AR5BBU12 with sflash firmware */ 256 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, 257 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 258 259 /* QCA ROME chipset */ 260 { USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME | 261 BTUSB_WIDEBAND_SPEECH }, 262 { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME | 263 BTUSB_WIDEBAND_SPEECH }, 264 { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME | 265 BTUSB_WIDEBAND_SPEECH }, 266 { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME | 267 BTUSB_WIDEBAND_SPEECH }, 268 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME | 269 BTUSB_WIDEBAND_SPEECH }, 270 { USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME | 271 BTUSB_WIDEBAND_SPEECH }, 272 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME | 273 BTUSB_WIDEBAND_SPEECH }, 274 { USB_DEVICE(0x0cf3, 0xe500), .driver_info = BTUSB_QCA_ROME | 275 BTUSB_WIDEBAND_SPEECH }, 276 { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME | 277 BTUSB_WIDEBAND_SPEECH }, 278 { USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME | 279 BTUSB_WIDEBAND_SPEECH }, 280 { USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME | 281 BTUSB_WIDEBAND_SPEECH }, 282 { USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME | 283 BTUSB_WIDEBAND_SPEECH }, 284 { USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME | 285 BTUSB_WIDEBAND_SPEECH }, 286 { USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME | 287 BTUSB_WIDEBAND_SPEECH }, 288 { USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME | 289 BTUSB_WIDEBAND_SPEECH }, 290 { USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME | 291 BTUSB_WIDEBAND_SPEECH }, 292 { USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME | 293 BTUSB_WIDEBAND_SPEECH }, 294 { USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME | 295 BTUSB_WIDEBAND_SPEECH }, 296 { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME | 297 BTUSB_WIDEBAND_SPEECH }, 298 299 /* QCA WCN6855 chipset */ 300 { USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 | 301 BTUSB_WIDEBAND_SPEECH | 302 BTUSB_VALID_LE_STATES }, 303 { USB_DEVICE(0x0489, 0xe0cc), .driver_info = BTUSB_QCA_WCN6855 | 304 BTUSB_WIDEBAND_SPEECH | 305 BTUSB_VALID_LE_STATES }, 306 { USB_DEVICE(0x0489, 0xe0d6), .driver_info = BTUSB_QCA_WCN6855 | 307 BTUSB_WIDEBAND_SPEECH | 308 BTUSB_VALID_LE_STATES }, 309 { USB_DEVICE(0x0489, 0xe0e3), .driver_info = BTUSB_QCA_WCN6855 | 310 BTUSB_WIDEBAND_SPEECH | 311 BTUSB_VALID_LE_STATES }, 312 { USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 | 313 BTUSB_WIDEBAND_SPEECH | 314 BTUSB_VALID_LE_STATES }, 315 { USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 | 316 BTUSB_WIDEBAND_SPEECH | 317 BTUSB_VALID_LE_STATES }, 318 { USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 | 319 BTUSB_WIDEBAND_SPEECH | 320 BTUSB_VALID_LE_STATES }, 321 { USB_DEVICE(0x10ab, 0x9108), .driver_info = BTUSB_QCA_WCN6855 | 322 BTUSB_WIDEBAND_SPEECH | 323 BTUSB_VALID_LE_STATES }, 324 { USB_DEVICE(0x10ab, 0x9109), .driver_info = BTUSB_QCA_WCN6855 | 325 BTUSB_WIDEBAND_SPEECH | 326 BTUSB_VALID_LE_STATES }, 327 { USB_DEVICE(0x10ab, 0x9208), .driver_info = BTUSB_QCA_WCN6855 | 328 BTUSB_WIDEBAND_SPEECH | 329 BTUSB_VALID_LE_STATES }, 330 { USB_DEVICE(0x10ab, 0x9209), .driver_info = BTUSB_QCA_WCN6855 | 331 BTUSB_WIDEBAND_SPEECH | 332 BTUSB_VALID_LE_STATES }, 333 { USB_DEVICE(0x10ab, 0x9308), .driver_info = BTUSB_QCA_WCN6855 | 334 BTUSB_WIDEBAND_SPEECH | 335 BTUSB_VALID_LE_STATES }, 336 { USB_DEVICE(0x10ab, 0x9408), .driver_info = BTUSB_QCA_WCN6855 | 337 BTUSB_WIDEBAND_SPEECH | 338 BTUSB_VALID_LE_STATES }, 339 { USB_DEVICE(0x10ab, 0x9508), .driver_info = BTUSB_QCA_WCN6855 | 340 BTUSB_WIDEBAND_SPEECH | 341 BTUSB_VALID_LE_STATES }, 342 { USB_DEVICE(0x10ab, 0x9509), .driver_info = BTUSB_QCA_WCN6855 | 343 BTUSB_WIDEBAND_SPEECH | 344 BTUSB_VALID_LE_STATES }, 345 { USB_DEVICE(0x10ab, 0x9608), .driver_info = BTUSB_QCA_WCN6855 | 346 BTUSB_WIDEBAND_SPEECH | 347 BTUSB_VALID_LE_STATES }, 348 { USB_DEVICE(0x10ab, 0x9609), .driver_info = BTUSB_QCA_WCN6855 | 349 BTUSB_WIDEBAND_SPEECH | 350 BTUSB_VALID_LE_STATES }, 351 { USB_DEVICE(0x10ab, 0x9f09), .driver_info = BTUSB_QCA_WCN6855 | 352 BTUSB_WIDEBAND_SPEECH | 353 BTUSB_VALID_LE_STATES }, 354 { USB_DEVICE(0x04ca, 0x3022), .driver_info = BTUSB_QCA_WCN6855 | 355 BTUSB_WIDEBAND_SPEECH | 356 BTUSB_VALID_LE_STATES }, 357 { USB_DEVICE(0x0489, 0xe0c7), .driver_info = BTUSB_QCA_WCN6855 | 358 BTUSB_WIDEBAND_SPEECH | 359 BTUSB_VALID_LE_STATES }, 360 { USB_DEVICE(0x0489, 0xe0c9), .driver_info = BTUSB_QCA_WCN6855 | 361 BTUSB_WIDEBAND_SPEECH | 362 BTUSB_VALID_LE_STATES }, 363 { USB_DEVICE(0x0489, 0xe0ca), .driver_info = BTUSB_QCA_WCN6855 | 364 BTUSB_WIDEBAND_SPEECH | 365 BTUSB_VALID_LE_STATES }, 366 { USB_DEVICE(0x0489, 0xe0cb), .driver_info = BTUSB_QCA_WCN6855 | 367 BTUSB_WIDEBAND_SPEECH | 368 BTUSB_VALID_LE_STATES }, 369 { USB_DEVICE(0x0489, 0xe0ce), .driver_info = BTUSB_QCA_WCN6855 | 370 BTUSB_WIDEBAND_SPEECH | 371 BTUSB_VALID_LE_STATES }, 372 { USB_DEVICE(0x0489, 0xe0de), .driver_info = BTUSB_QCA_WCN6855 | 373 BTUSB_WIDEBAND_SPEECH | 374 BTUSB_VALID_LE_STATES }, 375 { USB_DEVICE(0x0489, 0xe0df), .driver_info = BTUSB_QCA_WCN6855 | 376 BTUSB_WIDEBAND_SPEECH | 377 BTUSB_VALID_LE_STATES }, 378 { USB_DEVICE(0x0489, 0xe0e1), .driver_info = BTUSB_QCA_WCN6855 | 379 BTUSB_WIDEBAND_SPEECH | 380 BTUSB_VALID_LE_STATES }, 381 { USB_DEVICE(0x0489, 0xe0ea), .driver_info = BTUSB_QCA_WCN6855 | 382 BTUSB_WIDEBAND_SPEECH | 383 BTUSB_VALID_LE_STATES }, 384 { USB_DEVICE(0x0489, 0xe0ec), .driver_info = BTUSB_QCA_WCN6855 | 385 BTUSB_WIDEBAND_SPEECH | 386 BTUSB_VALID_LE_STATES }, 387 { USB_DEVICE(0x04ca, 0x3023), .driver_info = BTUSB_QCA_WCN6855 | 388 BTUSB_WIDEBAND_SPEECH | 389 BTUSB_VALID_LE_STATES }, 390 { USB_DEVICE(0x04ca, 0x3024), .driver_info = BTUSB_QCA_WCN6855 | 391 BTUSB_WIDEBAND_SPEECH | 392 BTUSB_VALID_LE_STATES }, 393 { USB_DEVICE(0x04ca, 0x3a22), .driver_info = BTUSB_QCA_WCN6855 | 394 BTUSB_WIDEBAND_SPEECH | 395 BTUSB_VALID_LE_STATES }, 396 { USB_DEVICE(0x04ca, 0x3a24), .driver_info = BTUSB_QCA_WCN6855 | 397 BTUSB_WIDEBAND_SPEECH | 398 BTUSB_VALID_LE_STATES }, 399 { USB_DEVICE(0x04ca, 0x3a26), .driver_info = BTUSB_QCA_WCN6855 | 400 BTUSB_WIDEBAND_SPEECH | 401 BTUSB_VALID_LE_STATES }, 402 { USB_DEVICE(0x04ca, 0x3a27), .driver_info = BTUSB_QCA_WCN6855 | 403 BTUSB_WIDEBAND_SPEECH | 404 BTUSB_VALID_LE_STATES }, 405 406 /* QCA WCN785x chipset */ 407 { USB_DEVICE(0x0cf3, 0xe700), .driver_info = BTUSB_QCA_WCN6855 | 408 BTUSB_WIDEBAND_SPEECH | 409 BTUSB_VALID_LE_STATES }, 410 411 /* Broadcom BCM2035 */ 412 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, 413 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, 414 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, 415 416 /* Broadcom BCM2045 */ 417 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, 418 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, 419 420 /* IBM/Lenovo ThinkPad with Broadcom chip */ 421 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, 422 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, 423 424 /* HP laptop with Broadcom chip */ 425 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, 426 427 /* Dell laptop with Broadcom chip */ 428 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, 429 430 /* Dell Wireless 370 and 410 devices */ 431 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, 432 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, 433 434 /* Belkin F8T012 and F8T013 devices */ 435 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, 436 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, 437 438 /* Asus WL-BTD202 device */ 439 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, 440 441 /* Kensington Bluetooth USB adapter */ 442 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, 443 444 /* RTX Telecom based adapters with buggy SCO support */ 445 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, 446 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, 447 448 /* CONWISE Technology based adapters with buggy SCO support */ 449 { USB_DEVICE(0x0e5e, 0x6622), 450 .driver_info = BTUSB_BROKEN_ISOC | BTUSB_CW6622}, 451 452 /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ 453 { USB_DEVICE(0x1310, 0x0001), .driver_info = BTUSB_SWAVE }, 454 455 /* Digianswer devices */ 456 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, 457 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, 458 459 /* CSR BlueCore Bluetooth Sniffer */ 460 { USB_DEVICE(0x0a12, 0x0002), 461 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 462 463 /* Frontline ComProbe Bluetooth Sniffer */ 464 { USB_DEVICE(0x16d3, 0x0002), 465 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, 466 467 /* Marvell Bluetooth devices */ 468 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, 469 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, 470 { USB_DEVICE(0x1286, 0x204e), .driver_info = BTUSB_MARVELL }, 471 472 /* Intel Bluetooth devices */ 473 { USB_DEVICE(0x8087, 0x0025), .driver_info = BTUSB_INTEL_COMBINED }, 474 { USB_DEVICE(0x8087, 0x0026), .driver_info = BTUSB_INTEL_COMBINED }, 475 { USB_DEVICE(0x8087, 0x0029), .driver_info = BTUSB_INTEL_COMBINED }, 476 { USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED }, 477 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED }, 478 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED }, 479 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 480 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED | 481 BTUSB_INTEL_NO_WBS_SUPPORT | 482 BTUSB_INTEL_BROKEN_INITIAL_NCMD | 483 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 484 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL_COMBINED | 485 BTUSB_INTEL_NO_WBS_SUPPORT | 486 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 487 { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_COMBINED }, 488 { USB_DEVICE(0x8087, 0x0aa7), .driver_info = BTUSB_INTEL_COMBINED | 489 BTUSB_INTEL_BROKEN_SHUTDOWN_LED }, 490 { USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_COMBINED }, 491 492 /* Other Intel Bluetooth devices */ 493 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 494 .driver_info = BTUSB_IGNORE }, 495 496 /* Realtek 8821CE Bluetooth devices */ 497 { USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK | 498 BTUSB_WIDEBAND_SPEECH }, 499 500 /* Realtek 8822CE Bluetooth devices */ 501 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | 502 BTUSB_WIDEBAND_SPEECH }, 503 { USB_DEVICE(0x0bda, 0xc822), .driver_info = BTUSB_REALTEK | 504 BTUSB_WIDEBAND_SPEECH }, 505 506 /* Realtek 8822CU Bluetooth devices */ 507 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 508 BTUSB_WIDEBAND_SPEECH }, 509 510 /* Realtek 8852AE Bluetooth devices */ 511 { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK | 512 BTUSB_WIDEBAND_SPEECH }, 513 { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | 514 BTUSB_WIDEBAND_SPEECH }, 515 { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK | 516 BTUSB_WIDEBAND_SPEECH }, 517 { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | 518 BTUSB_WIDEBAND_SPEECH }, 519 { USB_DEVICE(0x04c5, 0x165c), .driver_info = BTUSB_REALTEK | 520 BTUSB_WIDEBAND_SPEECH }, 521 { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK | 522 BTUSB_WIDEBAND_SPEECH }, 523 { USB_DEVICE(0x0cb8, 0xc549), .driver_info = BTUSB_REALTEK | 524 BTUSB_WIDEBAND_SPEECH }, 525 526 /* Realtek 8852CE Bluetooth devices */ 527 { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK | 528 BTUSB_WIDEBAND_SPEECH }, 529 { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK | 530 BTUSB_WIDEBAND_SPEECH }, 531 { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK | 532 BTUSB_WIDEBAND_SPEECH }, 533 { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK | 534 BTUSB_WIDEBAND_SPEECH }, 535 { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK | 536 BTUSB_WIDEBAND_SPEECH }, 537 { USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK | 538 BTUSB_WIDEBAND_SPEECH }, 539 540 /* Realtek 8852BE Bluetooth devices */ 541 { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | 542 BTUSB_WIDEBAND_SPEECH }, 543 544 /* Realtek Bluetooth devices */ 545 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 546 .driver_info = BTUSB_REALTEK }, 547 548 /* MediaTek Bluetooth devices */ 549 { USB_VENDOR_AND_INTERFACE_INFO(0x0e8d, 0xe0, 0x01, 0x01), 550 .driver_info = BTUSB_MEDIATEK | 551 BTUSB_WIDEBAND_SPEECH | 552 BTUSB_VALID_LE_STATES }, 553 554 /* Additional MediaTek MT7615E Bluetooth devices */ 555 { USB_DEVICE(0x13d3, 0x3560), .driver_info = BTUSB_MEDIATEK}, 556 557 /* Additional MediaTek MT7663 Bluetooth devices */ 558 { USB_DEVICE(0x043e, 0x310c), .driver_info = BTUSB_MEDIATEK | 559 BTUSB_WIDEBAND_SPEECH | 560 BTUSB_VALID_LE_STATES }, 561 562 /* Additional MediaTek MT7668 Bluetooth devices */ 563 { USB_DEVICE(0x043e, 0x3109), .driver_info = BTUSB_MEDIATEK | 564 BTUSB_WIDEBAND_SPEECH | 565 BTUSB_VALID_LE_STATES }, 566 567 /* Additional MediaTek MT7921 Bluetooth devices */ 568 { USB_DEVICE(0x0489, 0xe0c8), .driver_info = BTUSB_MEDIATEK | 569 BTUSB_WIDEBAND_SPEECH | 570 BTUSB_VALID_LE_STATES }, 571 { USB_DEVICE(0x0489, 0xe0e0), .driver_info = BTUSB_MEDIATEK | 572 BTUSB_WIDEBAND_SPEECH | 573 BTUSB_VALID_LE_STATES }, 574 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 575 BTUSB_WIDEBAND_SPEECH | 576 BTUSB_VALID_LE_STATES }, 577 { USB_DEVICE(0x04ca, 0x3802), .driver_info = BTUSB_MEDIATEK | 578 BTUSB_WIDEBAND_SPEECH | 579 BTUSB_VALID_LE_STATES }, 580 { USB_DEVICE(0x13d3, 0x3563), .driver_info = BTUSB_MEDIATEK | 581 BTUSB_WIDEBAND_SPEECH | 582 BTUSB_VALID_LE_STATES }, 583 { USB_DEVICE(0x13d3, 0x3564), .driver_info = BTUSB_MEDIATEK | 584 BTUSB_WIDEBAND_SPEECH | 585 BTUSB_VALID_LE_STATES }, 586 { USB_DEVICE(0x13d3, 0x3567), .driver_info = BTUSB_MEDIATEK | 587 BTUSB_WIDEBAND_SPEECH | 588 BTUSB_VALID_LE_STATES }, 589 { USB_DEVICE(0x13d3, 0x3578), .driver_info = BTUSB_MEDIATEK | 590 BTUSB_WIDEBAND_SPEECH | 591 BTUSB_VALID_LE_STATES }, 592 { USB_DEVICE(0x13d3, 0x3583), .driver_info = BTUSB_MEDIATEK | 593 BTUSB_WIDEBAND_SPEECH | 594 BTUSB_VALID_LE_STATES }, 595 { USB_DEVICE(0x0489, 0xe0cd), .driver_info = BTUSB_MEDIATEK | 596 BTUSB_WIDEBAND_SPEECH | 597 BTUSB_VALID_LE_STATES }, 598 { USB_DEVICE(0x0e8d, 0x0608), .driver_info = BTUSB_MEDIATEK | 599 BTUSB_WIDEBAND_SPEECH | 600 BTUSB_VALID_LE_STATES }, 601 602 /* MediaTek MT7922A Bluetooth devices */ 603 { USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK | 604 BTUSB_WIDEBAND_SPEECH | 605 BTUSB_VALID_LE_STATES }, 606 { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK | 607 BTUSB_WIDEBAND_SPEECH | 608 BTUSB_VALID_LE_STATES }, 609 { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK | 610 BTUSB_WIDEBAND_SPEECH | 611 BTUSB_VALID_LE_STATES }, 612 { USB_DEVICE(0x0489, 0xe0e2), .driver_info = BTUSB_MEDIATEK | 613 BTUSB_WIDEBAND_SPEECH | 614 BTUSB_VALID_LE_STATES }, 615 { USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK | 616 BTUSB_WIDEBAND_SPEECH | 617 BTUSB_VALID_LE_STATES }, 618 619 /* Additional Realtek 8723AE Bluetooth devices */ 620 { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, 621 { USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK }, 622 623 /* Additional Realtek 8723BE Bluetooth devices */ 624 { USB_DEVICE(0x0489, 0xe085), .driver_info = BTUSB_REALTEK }, 625 { USB_DEVICE(0x0489, 0xe08b), .driver_info = BTUSB_REALTEK }, 626 { USB_DEVICE(0x04f2, 0xb49f), .driver_info = BTUSB_REALTEK }, 627 { USB_DEVICE(0x13d3, 0x3410), .driver_info = BTUSB_REALTEK }, 628 { USB_DEVICE(0x13d3, 0x3416), .driver_info = BTUSB_REALTEK }, 629 { USB_DEVICE(0x13d3, 0x3459), .driver_info = BTUSB_REALTEK }, 630 { USB_DEVICE(0x13d3, 0x3494), .driver_info = BTUSB_REALTEK }, 631 632 /* Additional Realtek 8723BU Bluetooth devices */ 633 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 634 635 /* Additional Realtek 8723DE Bluetooth devices */ 636 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK }, 637 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 638 639 /* Additional Realtek 8761BUV Bluetooth devices */ 640 { USB_DEVICE(0x2357, 0x0604), .driver_info = BTUSB_REALTEK | 641 BTUSB_WIDEBAND_SPEECH }, 642 { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK | 643 BTUSB_WIDEBAND_SPEECH }, 644 { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK | 645 BTUSB_WIDEBAND_SPEECH }, 646 { USB_DEVICE(0x0bda, 0x8771), .driver_info = BTUSB_REALTEK | 647 BTUSB_WIDEBAND_SPEECH }, 648 { USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK | 649 BTUSB_WIDEBAND_SPEECH }, 650 { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | 651 BTUSB_WIDEBAND_SPEECH }, 652 653 /* Additional Realtek 8821AE Bluetooth devices */ 654 { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, 655 { USB_DEVICE(0x13d3, 0x3414), .driver_info = BTUSB_REALTEK }, 656 { USB_DEVICE(0x13d3, 0x3458), .driver_info = BTUSB_REALTEK }, 657 { USB_DEVICE(0x13d3, 0x3461), .driver_info = BTUSB_REALTEK }, 658 { USB_DEVICE(0x13d3, 0x3462), .driver_info = BTUSB_REALTEK }, 659 660 /* Additional Realtek 8822BE Bluetooth devices */ 661 { USB_DEVICE(0x13d3, 0x3526), .driver_info = BTUSB_REALTEK }, 662 { USB_DEVICE(0x0b05, 0x185c), .driver_info = BTUSB_REALTEK }, 663 664 /* Additional Realtek 8822CE Bluetooth devices */ 665 { USB_DEVICE(0x04ca, 0x4005), .driver_info = BTUSB_REALTEK | 666 BTUSB_WIDEBAND_SPEECH }, 667 { USB_DEVICE(0x04c5, 0x161f), .driver_info = BTUSB_REALTEK | 668 BTUSB_WIDEBAND_SPEECH }, 669 { USB_DEVICE(0x0b05, 0x18ef), .driver_info = BTUSB_REALTEK | 670 BTUSB_WIDEBAND_SPEECH }, 671 { USB_DEVICE(0x13d3, 0x3548), .driver_info = BTUSB_REALTEK | 672 BTUSB_WIDEBAND_SPEECH }, 673 { USB_DEVICE(0x13d3, 0x3549), .driver_info = BTUSB_REALTEK | 674 BTUSB_WIDEBAND_SPEECH }, 675 { USB_DEVICE(0x13d3, 0x3553), .driver_info = BTUSB_REALTEK | 676 BTUSB_WIDEBAND_SPEECH }, 677 { USB_DEVICE(0x13d3, 0x3555), .driver_info = BTUSB_REALTEK | 678 BTUSB_WIDEBAND_SPEECH }, 679 { USB_DEVICE(0x2ff8, 0x3051), .driver_info = BTUSB_REALTEK | 680 BTUSB_WIDEBAND_SPEECH }, 681 { USB_DEVICE(0x1358, 0xc123), .driver_info = BTUSB_REALTEK | 682 BTUSB_WIDEBAND_SPEECH }, 683 { USB_DEVICE(0x0bda, 0xc123), .driver_info = BTUSB_REALTEK | 684 BTUSB_WIDEBAND_SPEECH }, 685 { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | 686 BTUSB_WIDEBAND_SPEECH }, 687 688 /* Actions Semiconductor ATS2851 based devices */ 689 { USB_DEVICE(0x10d7, 0xb012), .driver_info = BTUSB_ACTIONS_SEMI }, 690 691 /* Silicon Wave based devices */ 692 { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, 693 694 { } /* Terminating entry */ 695}; 696 697/* The Bluetooth USB module build into some devices needs to be reset on resume, 698 * this is a problem with the platform (likely shutting off all power) not with 699 * the module itself. So we use a DMI list to match known broken platforms. 700 */ 701static const struct dmi_system_id btusb_needs_reset_resume_table[] = { 702 { 703 /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ 704 .matches = { 705 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 706 DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), 707 }, 708 }, 709 { 710 /* Dell XPS 9360 (QCA ROME device 0cf3:e300) */ 711 .matches = { 712 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 713 DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9360"), 714 }, 715 }, 716 { 717 /* Dell Inspiron 5565 (QCA ROME device 0cf3:e009) */ 718 .matches = { 719 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), 720 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5565"), 721 }, 722 }, 723 {} 724}; 725 726#define BTUSB_MAX_ISOC_FRAMES 10 727 728#define BTUSB_INTR_RUNNING 0 729#define BTUSB_BULK_RUNNING 1 730#define BTUSB_ISOC_RUNNING 2 731#define BTUSB_SUSPENDING 3 732#define BTUSB_DID_ISO_RESUME 4 733#define BTUSB_BOOTLOADER 5 734#define BTUSB_DOWNLOADING 6 735#define BTUSB_FIRMWARE_LOADED 7 736#define BTUSB_FIRMWARE_FAILED 8 737#define BTUSB_BOOTING 9 738#define BTUSB_DIAG_RUNNING 10 739#define BTUSB_OOB_WAKE_ENABLED 11 740#define BTUSB_HW_RESET_ACTIVE 12 741#define BTUSB_TX_WAIT_VND_EVT 13 742#define BTUSB_WAKEUP_AUTOSUSPEND 14 743#define BTUSB_USE_ALT3_FOR_WBS 15 744#define BTUSB_ALT6_CONTINUOUS_TX 16 745 746struct btusb_data { 747 struct hci_dev *hdev; 748 struct usb_device *udev; 749 struct usb_interface *intf; 750 struct usb_interface *isoc; 751 struct usb_interface *diag; 752 unsigned isoc_ifnum; 753 754 unsigned long flags; 755 756 bool poll_sync; 757 int intr_interval; 758 struct work_struct work; 759 struct work_struct waker; 760 struct delayed_work rx_work; 761 762 struct sk_buff_head acl_q; 763 764 struct usb_anchor deferred; 765 struct usb_anchor tx_anchor; 766 int tx_in_flight; 767 spinlock_t txlock; 768 769 struct usb_anchor intr_anchor; 770 struct usb_anchor bulk_anchor; 771 struct usb_anchor isoc_anchor; 772 struct usb_anchor diag_anchor; 773 struct usb_anchor ctrl_anchor; 774 spinlock_t rxlock; 775 776 struct sk_buff *evt_skb; 777 struct sk_buff *acl_skb; 778 struct sk_buff *sco_skb; 779 780 struct usb_endpoint_descriptor *intr_ep; 781 struct usb_endpoint_descriptor *bulk_tx_ep; 782 struct usb_endpoint_descriptor *bulk_rx_ep; 783 struct usb_endpoint_descriptor *isoc_tx_ep; 784 struct usb_endpoint_descriptor *isoc_rx_ep; 785 struct usb_endpoint_descriptor *diag_tx_ep; 786 struct usb_endpoint_descriptor *diag_rx_ep; 787 788 struct gpio_desc *reset_gpio; 789 790 __u8 cmdreq_type; 791 __u8 cmdreq; 792 793 unsigned int sco_num; 794 unsigned int air_mode; 795 bool usb_alt6_packet_flow; 796 int isoc_altsetting; 797 int suspend_count; 798 799 int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); 800 int (*recv_acl)(struct hci_dev *hdev, struct sk_buff *skb); 801 int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); 802 803 int (*setup_on_usb)(struct hci_dev *hdev); 804 805 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 806 unsigned cmd_timeout_cnt; 807}; 808 809static void btusb_reset(struct hci_dev *hdev) 810{ 811 struct btusb_data *data; 812 int err; 813 814 if (hdev->reset) { 815 hdev->reset(hdev); 816 return; 817 } 818 819 data = hci_get_drvdata(hdev); 820 /* This is not an unbalanced PM reference since the device will reset */ 821 err = usb_autopm_get_interface(data->intf); 822 if (err) { 823 bt_dev_err(hdev, "Failed usb_autopm_get_interface: %d", err); 824 return; 825 } 826 827 bt_dev_err(hdev, "Resetting usb device."); 828 usb_queue_reset_device(data->intf); 829} 830 831static void btusb_intel_cmd_timeout(struct hci_dev *hdev) 832{ 833 struct btusb_data *data = hci_get_drvdata(hdev); 834 struct gpio_desc *reset_gpio = data->reset_gpio; 835 836 if (++data->cmd_timeout_cnt < 5) 837 return; 838 839 if (!reset_gpio) { 840 btusb_reset(hdev); 841 return; 842 } 843 844 /* 845 * Toggle the hard reset line if the platform provides one. The reset 846 * is going to yank the device off the USB and then replug. So doing 847 * once is enough. The cleanup is handled correctly on the way out 848 * (standard USB disconnect), and the new device is detected cleanly 849 * and bound to the driver again like it should be. 850 */ 851 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 852 bt_dev_err(hdev, "last reset failed? Not resetting again"); 853 return; 854 } 855 856 bt_dev_err(hdev, "Initiating HW reset via gpio"); 857 gpiod_set_value_cansleep(reset_gpio, 1); 858 msleep(100); 859 gpiod_set_value_cansleep(reset_gpio, 0); 860} 861 862static void btusb_rtl_cmd_timeout(struct hci_dev *hdev) 863{ 864 struct btusb_data *data = hci_get_drvdata(hdev); 865 struct gpio_desc *reset_gpio = data->reset_gpio; 866 867 if (++data->cmd_timeout_cnt < 5) 868 return; 869 870 if (!reset_gpio) { 871 btusb_reset(hdev); 872 return; 873 } 874 875 /* Toggle the hard reset line. The Realtek device is going to 876 * yank itself off the USB and then replug. The cleanup is handled 877 * correctly on the way out (standard USB disconnect), and the new 878 * device is detected cleanly and bound to the driver again like 879 * it should be. 880 */ 881 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 882 bt_dev_err(hdev, "last reset failed? Not resetting again"); 883 return; 884 } 885 886 bt_dev_err(hdev, "Reset Realtek device via gpio"); 887 gpiod_set_value_cansleep(reset_gpio, 1); 888 msleep(200); 889 gpiod_set_value_cansleep(reset_gpio, 0); 890} 891 892static void btusb_qca_cmd_timeout(struct hci_dev *hdev) 893{ 894 struct btusb_data *data = hci_get_drvdata(hdev); 895 struct gpio_desc *reset_gpio = data->reset_gpio; 896 897 if (++data->cmd_timeout_cnt < 5) 898 return; 899 900 if (reset_gpio) { 901 bt_dev_err(hdev, "Reset qca device via bt_en gpio"); 902 903 /* Toggle the hard reset line. The qca bt device is going to 904 * yank itself off the USB and then replug. The cleanup is handled 905 * correctly on the way out (standard USB disconnect), and the new 906 * device is detected cleanly and bound to the driver again like 907 * it should be. 908 */ 909 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 910 bt_dev_err(hdev, "last reset failed? Not resetting again"); 911 return; 912 } 913 914 gpiod_set_value_cansleep(reset_gpio, 0); 915 msleep(200); 916 gpiod_set_value_cansleep(reset_gpio, 1); 917 918 return; 919 } 920 921 btusb_reset(hdev); 922} 923 924static inline void btusb_free_frags(struct btusb_data *data) 925{ 926 unsigned long flags; 927 928 spin_lock_irqsave(&data->rxlock, flags); 929 930 dev_kfree_skb_irq(data->evt_skb); 931 data->evt_skb = NULL; 932 933 dev_kfree_skb_irq(data->acl_skb); 934 data->acl_skb = NULL; 935 936 dev_kfree_skb_irq(data->sco_skb); 937 data->sco_skb = NULL; 938 939 spin_unlock_irqrestore(&data->rxlock, flags); 940} 941 942static int btusb_recv_event(struct btusb_data *data, struct sk_buff *skb) 943{ 944 if (data->intr_interval) { 945 /* Trigger dequeue immediatelly if an event is received */ 946 schedule_delayed_work(&data->rx_work, 0); 947 } 948 949 return data->recv_event(data->hdev, skb); 950} 951 952static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 953{ 954 struct sk_buff *skb; 955 unsigned long flags; 956 int err = 0; 957 958 spin_lock_irqsave(&data->rxlock, flags); 959 skb = data->evt_skb; 960 961 while (count) { 962 int len; 963 964 if (!skb) { 965 skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); 966 if (!skb) { 967 err = -ENOMEM; 968 break; 969 } 970 971 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 972 hci_skb_expect(skb) = HCI_EVENT_HDR_SIZE; 973 } 974 975 len = min_t(uint, hci_skb_expect(skb), count); 976 skb_put_data(skb, buffer, len); 977 978 count -= len; 979 buffer += len; 980 hci_skb_expect(skb) -= len; 981 982 if (skb->len == HCI_EVENT_HDR_SIZE) { 983 /* Complete event header */ 984 hci_skb_expect(skb) = hci_event_hdr(skb)->plen; 985 986 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 987 kfree_skb(skb); 988 skb = NULL; 989 990 err = -EILSEQ; 991 break; 992 } 993 } 994 995 if (!hci_skb_expect(skb)) { 996 /* Complete frame */ 997 btusb_recv_event(data, skb); 998 skb = NULL; 999 } 1000 } 1001 1002 data->evt_skb = skb; 1003 spin_unlock_irqrestore(&data->rxlock, flags); 1004 1005 return err; 1006} 1007 1008static int btusb_recv_acl(struct btusb_data *data, struct sk_buff *skb) 1009{ 1010 /* Only queue ACL packet if intr_interval is set as it means 1011 * force_poll_sync has been enabled. 1012 */ 1013 if (!data->intr_interval) 1014 return data->recv_acl(data->hdev, skb); 1015 1016 skb_queue_tail(&data->acl_q, skb); 1017 schedule_delayed_work(&data->rx_work, data->intr_interval); 1018 1019 return 0; 1020} 1021 1022static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 1023{ 1024 struct sk_buff *skb; 1025 unsigned long flags; 1026 int err = 0; 1027 1028 spin_lock_irqsave(&data->rxlock, flags); 1029 skb = data->acl_skb; 1030 1031 while (count) { 1032 int len; 1033 1034 if (!skb) { 1035 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 1036 if (!skb) { 1037 err = -ENOMEM; 1038 break; 1039 } 1040 1041 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT; 1042 hci_skb_expect(skb) = HCI_ACL_HDR_SIZE; 1043 } 1044 1045 len = min_t(uint, hci_skb_expect(skb), count); 1046 skb_put_data(skb, buffer, len); 1047 1048 count -= len; 1049 buffer += len; 1050 hci_skb_expect(skb) -= len; 1051 1052 if (skb->len == HCI_ACL_HDR_SIZE) { 1053 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle); 1054 __le16 dlen = hci_acl_hdr(skb)->dlen; 1055 __u8 type; 1056 1057 /* Complete ACL header */ 1058 hci_skb_expect(skb) = __le16_to_cpu(dlen); 1059 1060 /* Detect if ISO packet has been sent over bulk */ 1061 if (hci_conn_num(data->hdev, ISO_LINK)) { 1062 type = hci_conn_lookup_type(data->hdev, 1063 hci_handle(handle)); 1064 if (type == ISO_LINK) 1065 hci_skb_pkt_type(skb) = HCI_ISODATA_PKT; 1066 } 1067 1068 if (skb_tailroom(skb) < hci_skb_expect(skb)) { 1069 kfree_skb(skb); 1070 skb = NULL; 1071 1072 err = -EILSEQ; 1073 break; 1074 } 1075 } 1076 1077 if (!hci_skb_expect(skb)) { 1078 /* Complete frame */ 1079 btusb_recv_acl(data, skb); 1080 skb = NULL; 1081 } 1082 } 1083 1084 data->acl_skb = skb; 1085 spin_unlock_irqrestore(&data->rxlock, flags); 1086 1087 return err; 1088} 1089 1090static bool btusb_validate_sco_handle(struct hci_dev *hdev, 1091 struct hci_sco_hdr *hdr) 1092{ 1093 __u16 handle; 1094 1095 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) 1096 // Can't validate, userspace controls everything. 1097 return true; 1098 1099 /* 1100 * USB isochronous transfers are not designed to be reliable and may 1101 * lose fragments. When this happens, the next first fragment 1102 * encountered might actually be a continuation fragment. 1103 * Validate the handle to detect it and drop it, or else the upper 1104 * layer will get garbage for a while. 1105 */ 1106 1107 handle = hci_handle(__le16_to_cpu(hdr->handle)); 1108 1109 switch (hci_conn_lookup_type(hdev, handle)) { 1110 case SCO_LINK: 1111 case ESCO_LINK: 1112 return true; 1113 default: 1114 return false; 1115 } 1116} 1117 1118static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 1119{ 1120 struct sk_buff *skb; 1121 unsigned long flags; 1122 int err = 0; 1123 1124 spin_lock_irqsave(&data->rxlock, flags); 1125 skb = data->sco_skb; 1126 1127 while (count) { 1128 int len; 1129 1130 if (!skb) { 1131 skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); 1132 if (!skb) { 1133 err = -ENOMEM; 1134 break; 1135 } 1136 1137 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT; 1138 hci_skb_expect(skb) = HCI_SCO_HDR_SIZE; 1139 } 1140 1141 len = min_t(uint, hci_skb_expect(skb), count); 1142 skb_put_data(skb, buffer, len); 1143 1144 count -= len; 1145 buffer += len; 1146 hci_skb_expect(skb) -= len; 1147 1148 if (skb->len == HCI_SCO_HDR_SIZE) { 1149 /* Complete SCO header */ 1150 struct hci_sco_hdr *hdr = hci_sco_hdr(skb); 1151 1152 hci_skb_expect(skb) = hdr->dlen; 1153 1154 if (skb_tailroom(skb) < hci_skb_expect(skb) || 1155 !btusb_validate_sco_handle(data->hdev, hdr)) { 1156 kfree_skb(skb); 1157 skb = NULL; 1158 1159 err = -EILSEQ; 1160 break; 1161 } 1162 } 1163 1164 if (!hci_skb_expect(skb)) { 1165 /* Complete frame */ 1166 hci_recv_frame(data->hdev, skb); 1167 skb = NULL; 1168 } 1169 } 1170 1171 data->sco_skb = skb; 1172 spin_unlock_irqrestore(&data->rxlock, flags); 1173 1174 return err; 1175} 1176 1177static void btusb_intr_complete(struct urb *urb) 1178{ 1179 struct hci_dev *hdev = urb->context; 1180 struct btusb_data *data = hci_get_drvdata(hdev); 1181 int err; 1182 1183 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1184 urb->actual_length); 1185 1186 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1187 return; 1188 1189 if (urb->status == 0) { 1190 hdev->stat.byte_rx += urb->actual_length; 1191 1192 if (btusb_recv_intr(data, urb->transfer_buffer, 1193 urb->actual_length) < 0) { 1194 bt_dev_err(hdev, "corrupted event packet"); 1195 hdev->stat.err_rx++; 1196 } 1197 } else if (urb->status == -ENOENT) { 1198 /* Avoid suspend failed when usb_kill_urb */ 1199 return; 1200 } 1201 1202 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 1203 return; 1204 1205 usb_mark_last_busy(data->udev); 1206 usb_anchor_urb(urb, &data->intr_anchor); 1207 1208 err = usb_submit_urb(urb, GFP_ATOMIC); 1209 if (err < 0) { 1210 /* -EPERM: urb is being killed; 1211 * -ENODEV: device got disconnected 1212 */ 1213 if (err != -EPERM && err != -ENODEV) 1214 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1215 urb, -err); 1216 if (err != -EPERM) 1217 hci_cmd_sync_cancel(hdev, -err); 1218 usb_unanchor_urb(urb); 1219 } 1220} 1221 1222static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) 1223{ 1224 struct btusb_data *data = hci_get_drvdata(hdev); 1225 struct urb *urb; 1226 unsigned char *buf; 1227 unsigned int pipe; 1228 int err, size; 1229 1230 BT_DBG("%s", hdev->name); 1231 1232 if (!data->intr_ep) 1233 return -ENODEV; 1234 1235 urb = usb_alloc_urb(0, mem_flags); 1236 if (!urb) 1237 return -ENOMEM; 1238 1239 size = le16_to_cpu(data->intr_ep->wMaxPacketSize); 1240 1241 buf = kmalloc(size, mem_flags); 1242 if (!buf) { 1243 usb_free_urb(urb); 1244 return -ENOMEM; 1245 } 1246 1247 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); 1248 1249 usb_fill_int_urb(urb, data->udev, pipe, buf, size, 1250 btusb_intr_complete, hdev, data->intr_ep->bInterval); 1251 1252 urb->transfer_flags |= URB_FREE_BUFFER; 1253 1254 usb_anchor_urb(urb, &data->intr_anchor); 1255 1256 err = usb_submit_urb(urb, mem_flags); 1257 if (err < 0) { 1258 if (err != -EPERM && err != -ENODEV) 1259 bt_dev_err(hdev, "urb %p submission failed (%d)", 1260 urb, -err); 1261 if (err != -EPERM) 1262 hci_cmd_sync_cancel(hdev, -err); 1263 usb_unanchor_urb(urb); 1264 } 1265 1266 /* Only initialize intr_interval if URB poll sync is enabled */ 1267 if (!data->poll_sync) 1268 goto done; 1269 1270 /* The units are frames (milliseconds) for full and low speed devices, 1271 * and microframes (1/8 millisecond) for highspeed and SuperSpeed 1272 * devices. 1273 * 1274 * This is done once on open/resume so it shouldn't change even if 1275 * force_poll_sync changes. 1276 */ 1277 switch (urb->dev->speed) { 1278 case USB_SPEED_SUPER_PLUS: 1279 case USB_SPEED_SUPER: /* units are 125us */ 1280 data->intr_interval = usecs_to_jiffies(urb->interval * 125); 1281 break; 1282 default: 1283 data->intr_interval = msecs_to_jiffies(urb->interval); 1284 break; 1285 } 1286 1287done: 1288 usb_free_urb(urb); 1289 1290 return err; 1291} 1292 1293static void btusb_bulk_complete(struct urb *urb) 1294{ 1295 struct hci_dev *hdev = urb->context; 1296 struct btusb_data *data = hci_get_drvdata(hdev); 1297 int err; 1298 1299 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1300 urb->actual_length); 1301 1302 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1303 return; 1304 1305 if (urb->status == 0) { 1306 hdev->stat.byte_rx += urb->actual_length; 1307 1308 if (data->recv_bulk(data, urb->transfer_buffer, 1309 urb->actual_length) < 0) { 1310 bt_dev_err(hdev, "corrupted ACL packet"); 1311 hdev->stat.err_rx++; 1312 } 1313 } else if (urb->status == -ENOENT) { 1314 /* Avoid suspend failed when usb_kill_urb */ 1315 return; 1316 } 1317 1318 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) 1319 return; 1320 1321 usb_anchor_urb(urb, &data->bulk_anchor); 1322 usb_mark_last_busy(data->udev); 1323 1324 err = usb_submit_urb(urb, GFP_ATOMIC); 1325 if (err < 0) { 1326 /* -EPERM: urb is being killed; 1327 * -ENODEV: device got disconnected 1328 */ 1329 if (err != -EPERM && err != -ENODEV) 1330 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1331 urb, -err); 1332 usb_unanchor_urb(urb); 1333 } 1334} 1335 1336static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) 1337{ 1338 struct btusb_data *data = hci_get_drvdata(hdev); 1339 struct urb *urb; 1340 unsigned char *buf; 1341 unsigned int pipe; 1342 int err, size = HCI_MAX_FRAME_SIZE; 1343 1344 BT_DBG("%s", hdev->name); 1345 1346 if (!data->bulk_rx_ep) 1347 return -ENODEV; 1348 1349 urb = usb_alloc_urb(0, mem_flags); 1350 if (!urb) 1351 return -ENOMEM; 1352 1353 buf = kmalloc(size, mem_flags); 1354 if (!buf) { 1355 usb_free_urb(urb); 1356 return -ENOMEM; 1357 } 1358 1359 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); 1360 1361 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1362 btusb_bulk_complete, hdev); 1363 1364 urb->transfer_flags |= URB_FREE_BUFFER; 1365 1366 usb_mark_last_busy(data->udev); 1367 usb_anchor_urb(urb, &data->bulk_anchor); 1368 1369 err = usb_submit_urb(urb, mem_flags); 1370 if (err < 0) { 1371 if (err != -EPERM && err != -ENODEV) 1372 bt_dev_err(hdev, "urb %p submission failed (%d)", 1373 urb, -err); 1374 usb_unanchor_urb(urb); 1375 } 1376 1377 usb_free_urb(urb); 1378 1379 return err; 1380} 1381 1382static void btusb_isoc_complete(struct urb *urb) 1383{ 1384 struct hci_dev *hdev = urb->context; 1385 struct btusb_data *data = hci_get_drvdata(hdev); 1386 int i, err; 1387 1388 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1389 urb->actual_length); 1390 1391 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1392 return; 1393 1394 if (urb->status == 0) { 1395 for (i = 0; i < urb->number_of_packets; i++) { 1396 unsigned int offset = urb->iso_frame_desc[i].offset; 1397 unsigned int length = urb->iso_frame_desc[i].actual_length; 1398 1399 if (urb->iso_frame_desc[i].status) 1400 continue; 1401 1402 hdev->stat.byte_rx += length; 1403 1404 if (btusb_recv_isoc(data, urb->transfer_buffer + offset, 1405 length) < 0) { 1406 bt_dev_err(hdev, "corrupted SCO packet"); 1407 hdev->stat.err_rx++; 1408 } 1409 } 1410 } else if (urb->status == -ENOENT) { 1411 /* Avoid suspend failed when usb_kill_urb */ 1412 return; 1413 } 1414 1415 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) 1416 return; 1417 1418 usb_anchor_urb(urb, &data->isoc_anchor); 1419 1420 err = usb_submit_urb(urb, GFP_ATOMIC); 1421 if (err < 0) { 1422 /* -EPERM: urb is being killed; 1423 * -ENODEV: device got disconnected 1424 */ 1425 if (err != -EPERM && err != -ENODEV) 1426 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1427 urb, -err); 1428 usb_unanchor_urb(urb); 1429 } 1430} 1431 1432static inline void __fill_isoc_descriptor_msbc(struct urb *urb, int len, 1433 int mtu, struct btusb_data *data) 1434{ 1435 int i = 0, offset = 0; 1436 unsigned int interval; 1437 1438 BT_DBG("len %d mtu %d", len, mtu); 1439 1440 /* For mSBC ALT 6 settings some chips need to transmit the data 1441 * continuously without the zero length of USB packets. 1442 */ 1443 if (test_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags)) 1444 goto ignore_usb_alt6_packet_flow; 1445 1446 /* For mSBC ALT 6 setting the host will send the packet at continuous 1447 * flow. As per core spec 5, vol 4, part B, table 2.1. For ALT setting 1448 * 6 the HCI PACKET INTERVAL should be 7.5ms for every usb packets. 1449 * To maintain the rate we send 63bytes of usb packets alternatively for 1450 * 7ms and 8ms to maintain the rate as 7.5ms. 1451 */ 1452 if (data->usb_alt6_packet_flow) { 1453 interval = 7; 1454 data->usb_alt6_packet_flow = false; 1455 } else { 1456 interval = 6; 1457 data->usb_alt6_packet_flow = true; 1458 } 1459 1460 for (i = 0; i < interval; i++) { 1461 urb->iso_frame_desc[i].offset = offset; 1462 urb->iso_frame_desc[i].length = offset; 1463 } 1464 1465ignore_usb_alt6_packet_flow: 1466 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1467 urb->iso_frame_desc[i].offset = offset; 1468 urb->iso_frame_desc[i].length = len; 1469 i++; 1470 } 1471 1472 urb->number_of_packets = i; 1473} 1474 1475static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) 1476{ 1477 int i, offset = 0; 1478 1479 BT_DBG("len %d mtu %d", len, mtu); 1480 1481 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; 1482 i++, offset += mtu, len -= mtu) { 1483 urb->iso_frame_desc[i].offset = offset; 1484 urb->iso_frame_desc[i].length = mtu; 1485 } 1486 1487 if (len && i < BTUSB_MAX_ISOC_FRAMES) { 1488 urb->iso_frame_desc[i].offset = offset; 1489 urb->iso_frame_desc[i].length = len; 1490 i++; 1491 } 1492 1493 urb->number_of_packets = i; 1494} 1495 1496static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) 1497{ 1498 struct btusb_data *data = hci_get_drvdata(hdev); 1499 struct urb *urb; 1500 unsigned char *buf; 1501 unsigned int pipe; 1502 int err, size; 1503 1504 BT_DBG("%s", hdev->name); 1505 1506 if (!data->isoc_rx_ep) 1507 return -ENODEV; 1508 1509 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); 1510 if (!urb) 1511 return -ENOMEM; 1512 1513 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * 1514 BTUSB_MAX_ISOC_FRAMES; 1515 1516 buf = kmalloc(size, mem_flags); 1517 if (!buf) { 1518 usb_free_urb(urb); 1519 return -ENOMEM; 1520 } 1521 1522 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); 1523 1524 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, 1525 hdev, data->isoc_rx_ep->bInterval); 1526 1527 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; 1528 1529 __fill_isoc_descriptor(urb, size, 1530 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); 1531 1532 usb_anchor_urb(urb, &data->isoc_anchor); 1533 1534 err = usb_submit_urb(urb, mem_flags); 1535 if (err < 0) { 1536 if (err != -EPERM && err != -ENODEV) 1537 bt_dev_err(hdev, "urb %p submission failed (%d)", 1538 urb, -err); 1539 usb_unanchor_urb(urb); 1540 } 1541 1542 usb_free_urb(urb); 1543 1544 return err; 1545} 1546 1547static void btusb_diag_complete(struct urb *urb) 1548{ 1549 struct hci_dev *hdev = urb->context; 1550 struct btusb_data *data = hci_get_drvdata(hdev); 1551 int err; 1552 1553 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1554 urb->actual_length); 1555 1556 if (urb->status == 0) { 1557 struct sk_buff *skb; 1558 1559 skb = bt_skb_alloc(urb->actual_length, GFP_ATOMIC); 1560 if (skb) { 1561 skb_put_data(skb, urb->transfer_buffer, 1562 urb->actual_length); 1563 hci_recv_diag(hdev, skb); 1564 } 1565 } else if (urb->status == -ENOENT) { 1566 /* Avoid suspend failed when usb_kill_urb */ 1567 return; 1568 } 1569 1570 if (!test_bit(BTUSB_DIAG_RUNNING, &data->flags)) 1571 return; 1572 1573 usb_anchor_urb(urb, &data->diag_anchor); 1574 usb_mark_last_busy(data->udev); 1575 1576 err = usb_submit_urb(urb, GFP_ATOMIC); 1577 if (err < 0) { 1578 /* -EPERM: urb is being killed; 1579 * -ENODEV: device got disconnected 1580 */ 1581 if (err != -EPERM && err != -ENODEV) 1582 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 1583 urb, -err); 1584 usb_unanchor_urb(urb); 1585 } 1586} 1587 1588static int btusb_submit_diag_urb(struct hci_dev *hdev, gfp_t mem_flags) 1589{ 1590 struct btusb_data *data = hci_get_drvdata(hdev); 1591 struct urb *urb; 1592 unsigned char *buf; 1593 unsigned int pipe; 1594 int err, size = HCI_MAX_FRAME_SIZE; 1595 1596 BT_DBG("%s", hdev->name); 1597 1598 if (!data->diag_rx_ep) 1599 return -ENODEV; 1600 1601 urb = usb_alloc_urb(0, mem_flags); 1602 if (!urb) 1603 return -ENOMEM; 1604 1605 buf = kmalloc(size, mem_flags); 1606 if (!buf) { 1607 usb_free_urb(urb); 1608 return -ENOMEM; 1609 } 1610 1611 pipe = usb_rcvbulkpipe(data->udev, data->diag_rx_ep->bEndpointAddress); 1612 1613 usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, 1614 btusb_diag_complete, hdev); 1615 1616 urb->transfer_flags |= URB_FREE_BUFFER; 1617 1618 usb_mark_last_busy(data->udev); 1619 usb_anchor_urb(urb, &data->diag_anchor); 1620 1621 err = usb_submit_urb(urb, mem_flags); 1622 if (err < 0) { 1623 if (err != -EPERM && err != -ENODEV) 1624 bt_dev_err(hdev, "urb %p submission failed (%d)", 1625 urb, -err); 1626 usb_unanchor_urb(urb); 1627 } 1628 1629 usb_free_urb(urb); 1630 1631 return err; 1632} 1633 1634static void btusb_tx_complete(struct urb *urb) 1635{ 1636 struct sk_buff *skb = urb->context; 1637 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1638 struct btusb_data *data = hci_get_drvdata(hdev); 1639 unsigned long flags; 1640 1641 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1642 urb->actual_length); 1643 1644 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1645 goto done; 1646 1647 if (!urb->status) { 1648 hdev->stat.byte_tx += urb->transfer_buffer_length; 1649 } else { 1650 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) 1651 hci_cmd_sync_cancel(hdev, -urb->status); 1652 hdev->stat.err_tx++; 1653 } 1654 1655done: 1656 spin_lock_irqsave(&data->txlock, flags); 1657 data->tx_in_flight--; 1658 spin_unlock_irqrestore(&data->txlock, flags); 1659 1660 kfree(urb->setup_packet); 1661 1662 kfree_skb(skb); 1663} 1664 1665static void btusb_isoc_tx_complete(struct urb *urb) 1666{ 1667 struct sk_buff *skb = urb->context; 1668 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1669 1670 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1671 urb->actual_length); 1672 1673 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1674 goto done; 1675 1676 if (!urb->status) 1677 hdev->stat.byte_tx += urb->transfer_buffer_length; 1678 else 1679 hdev->stat.err_tx++; 1680 1681done: 1682 kfree(urb->setup_packet); 1683 1684 kfree_skb(skb); 1685} 1686 1687static int btusb_open(struct hci_dev *hdev) 1688{ 1689 struct btusb_data *data = hci_get_drvdata(hdev); 1690 int err; 1691 1692 BT_DBG("%s", hdev->name); 1693 1694 err = usb_autopm_get_interface(data->intf); 1695 if (err < 0) 1696 return err; 1697 1698 /* Patching USB firmware files prior to starting any URBs of HCI path 1699 * It is more safe to use USB bulk channel for downloading USB patch 1700 */ 1701 if (data->setup_on_usb) { 1702 err = data->setup_on_usb(hdev); 1703 if (err < 0) 1704 goto setup_fail; 1705 } 1706 1707 data->intf->needs_remote_wakeup = 1; 1708 1709 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 1710 goto done; 1711 1712 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 1713 if (err < 0) 1714 goto failed; 1715 1716 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1717 if (err < 0) { 1718 usb_kill_anchored_urbs(&data->intr_anchor); 1719 goto failed; 1720 } 1721 1722 set_bit(BTUSB_BULK_RUNNING, &data->flags); 1723 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 1724 1725 if (data->diag) { 1726 if (!btusb_submit_diag_urb(hdev, GFP_KERNEL)) 1727 set_bit(BTUSB_DIAG_RUNNING, &data->flags); 1728 } 1729 1730done: 1731 usb_autopm_put_interface(data->intf); 1732 return 0; 1733 1734failed: 1735 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1736setup_fail: 1737 usb_autopm_put_interface(data->intf); 1738 return err; 1739} 1740 1741static void btusb_stop_traffic(struct btusb_data *data) 1742{ 1743 usb_kill_anchored_urbs(&data->intr_anchor); 1744 usb_kill_anchored_urbs(&data->bulk_anchor); 1745 usb_kill_anchored_urbs(&data->isoc_anchor); 1746 usb_kill_anchored_urbs(&data->diag_anchor); 1747 usb_kill_anchored_urbs(&data->ctrl_anchor); 1748} 1749 1750static int btusb_close(struct hci_dev *hdev) 1751{ 1752 struct btusb_data *data = hci_get_drvdata(hdev); 1753 int err; 1754 1755 BT_DBG("%s", hdev->name); 1756 1757 cancel_delayed_work(&data->rx_work); 1758 cancel_work_sync(&data->work); 1759 cancel_work_sync(&data->waker); 1760 1761 skb_queue_purge(&data->acl_q); 1762 1763 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 1764 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1765 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1766 clear_bit(BTUSB_DIAG_RUNNING, &data->flags); 1767 1768 btusb_stop_traffic(data); 1769 btusb_free_frags(data); 1770 1771 err = usb_autopm_get_interface(data->intf); 1772 if (err < 0) 1773 goto failed; 1774 1775 data->intf->needs_remote_wakeup = 0; 1776 1777 /* Enable remote wake up for auto-suspend */ 1778 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) 1779 data->intf->needs_remote_wakeup = 1; 1780 1781 usb_autopm_put_interface(data->intf); 1782 1783failed: 1784 usb_scuttle_anchored_urbs(&data->deferred); 1785 return 0; 1786} 1787 1788static int btusb_flush(struct hci_dev *hdev) 1789{ 1790 struct btusb_data *data = hci_get_drvdata(hdev); 1791 1792 BT_DBG("%s", hdev->name); 1793 1794 cancel_delayed_work(&data->rx_work); 1795 1796 skb_queue_purge(&data->acl_q); 1797 1798 usb_kill_anchored_urbs(&data->tx_anchor); 1799 btusb_free_frags(data); 1800 1801 return 0; 1802} 1803 1804static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) 1805{ 1806 struct btusb_data *data = hci_get_drvdata(hdev); 1807 struct usb_ctrlrequest *dr; 1808 struct urb *urb; 1809 unsigned int pipe; 1810 1811 urb = usb_alloc_urb(0, GFP_KERNEL); 1812 if (!urb) 1813 return ERR_PTR(-ENOMEM); 1814 1815 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 1816 if (!dr) { 1817 usb_free_urb(urb); 1818 return ERR_PTR(-ENOMEM); 1819 } 1820 1821 dr->bRequestType = data->cmdreq_type; 1822 dr->bRequest = data->cmdreq; 1823 dr->wIndex = 0; 1824 dr->wValue = 0; 1825 dr->wLength = __cpu_to_le16(skb->len); 1826 1827 pipe = usb_sndctrlpipe(data->udev, 0x00); 1828 1829 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 1830 skb->data, skb->len, btusb_tx_complete, skb); 1831 1832 skb->dev = (void *)hdev; 1833 1834 return urb; 1835} 1836 1837static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) 1838{ 1839 struct btusb_data *data = hci_get_drvdata(hdev); 1840 struct urb *urb; 1841 unsigned int pipe; 1842 1843 if (!data->bulk_tx_ep) 1844 return ERR_PTR(-ENODEV); 1845 1846 urb = usb_alloc_urb(0, GFP_KERNEL); 1847 if (!urb) 1848 return ERR_PTR(-ENOMEM); 1849 1850 pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); 1851 1852 usb_fill_bulk_urb(urb, data->udev, pipe, 1853 skb->data, skb->len, btusb_tx_complete, skb); 1854 1855 skb->dev = (void *)hdev; 1856 1857 return urb; 1858} 1859 1860static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) 1861{ 1862 struct btusb_data *data = hci_get_drvdata(hdev); 1863 struct urb *urb; 1864 unsigned int pipe; 1865 1866 if (!data->isoc_tx_ep) 1867 return ERR_PTR(-ENODEV); 1868 1869 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); 1870 if (!urb) 1871 return ERR_PTR(-ENOMEM); 1872 1873 pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); 1874 1875 usb_fill_int_urb(urb, data->udev, pipe, 1876 skb->data, skb->len, btusb_isoc_tx_complete, 1877 skb, data->isoc_tx_ep->bInterval); 1878 1879 urb->transfer_flags = URB_ISO_ASAP; 1880 1881 if (data->isoc_altsetting == 6) 1882 __fill_isoc_descriptor_msbc(urb, skb->len, 1883 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize), 1884 data); 1885 else 1886 __fill_isoc_descriptor(urb, skb->len, 1887 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 1888 skb->dev = (void *)hdev; 1889 1890 return urb; 1891} 1892 1893static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) 1894{ 1895 struct btusb_data *data = hci_get_drvdata(hdev); 1896 int err; 1897 1898 usb_anchor_urb(urb, &data->tx_anchor); 1899 1900 err = usb_submit_urb(urb, GFP_KERNEL); 1901 if (err < 0) { 1902 if (err != -EPERM && err != -ENODEV) 1903 bt_dev_err(hdev, "urb %p submission failed (%d)", 1904 urb, -err); 1905 kfree(urb->setup_packet); 1906 usb_unanchor_urb(urb); 1907 } else { 1908 usb_mark_last_busy(data->udev); 1909 } 1910 1911 usb_free_urb(urb); 1912 return err; 1913} 1914 1915static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) 1916{ 1917 struct btusb_data *data = hci_get_drvdata(hdev); 1918 unsigned long flags; 1919 bool suspending; 1920 1921 spin_lock_irqsave(&data->txlock, flags); 1922 suspending = test_bit(BTUSB_SUSPENDING, &data->flags); 1923 if (!suspending) 1924 data->tx_in_flight++; 1925 spin_unlock_irqrestore(&data->txlock, flags); 1926 1927 if (!suspending) 1928 return submit_tx_urb(hdev, urb); 1929 1930 usb_anchor_urb(urb, &data->deferred); 1931 schedule_work(&data->waker); 1932 1933 usb_free_urb(urb); 1934 return 0; 1935} 1936 1937static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) 1938{ 1939 struct urb *urb; 1940 1941 BT_DBG("%s", hdev->name); 1942 1943 switch (hci_skb_pkt_type(skb)) { 1944 case HCI_COMMAND_PKT: 1945 urb = alloc_ctrl_urb(hdev, skb); 1946 if (IS_ERR(urb)) 1947 return PTR_ERR(urb); 1948 1949 hdev->stat.cmd_tx++; 1950 return submit_or_queue_tx_urb(hdev, urb); 1951 1952 case HCI_ACLDATA_PKT: 1953 urb = alloc_bulk_urb(hdev, skb); 1954 if (IS_ERR(urb)) 1955 return PTR_ERR(urb); 1956 1957 hdev->stat.acl_tx++; 1958 return submit_or_queue_tx_urb(hdev, urb); 1959 1960 case HCI_SCODATA_PKT: 1961 if (hci_conn_num(hdev, SCO_LINK) < 1) 1962 return -ENODEV; 1963 1964 urb = alloc_isoc_urb(hdev, skb); 1965 if (IS_ERR(urb)) 1966 return PTR_ERR(urb); 1967 1968 hdev->stat.sco_tx++; 1969 return submit_tx_urb(hdev, urb); 1970 1971 case HCI_ISODATA_PKT: 1972 urb = alloc_bulk_urb(hdev, skb); 1973 if (IS_ERR(urb)) 1974 return PTR_ERR(urb); 1975 1976 return submit_or_queue_tx_urb(hdev, urb); 1977 } 1978 1979 return -EILSEQ; 1980} 1981 1982static void btusb_notify(struct hci_dev *hdev, unsigned int evt) 1983{ 1984 struct btusb_data *data = hci_get_drvdata(hdev); 1985 1986 BT_DBG("%s evt %d", hdev->name, evt); 1987 1988 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { 1989 data->sco_num = hci_conn_num(hdev, SCO_LINK); 1990 data->air_mode = evt; 1991 schedule_work(&data->work); 1992 } 1993} 1994 1995static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) 1996{ 1997 struct btusb_data *data = hci_get_drvdata(hdev); 1998 struct usb_interface *intf = data->isoc; 1999 struct usb_endpoint_descriptor *ep_desc; 2000 int i, err; 2001 2002 if (!data->isoc) 2003 return -ENODEV; 2004 2005 err = usb_set_interface(data->udev, data->isoc_ifnum, altsetting); 2006 if (err < 0) { 2007 bt_dev_err(hdev, "setting interface failed (%d)", -err); 2008 return err; 2009 } 2010 2011 data->isoc_altsetting = altsetting; 2012 2013 data->isoc_tx_ep = NULL; 2014 data->isoc_rx_ep = NULL; 2015 2016 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 2017 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 2018 2019 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { 2020 data->isoc_tx_ep = ep_desc; 2021 continue; 2022 } 2023 2024 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { 2025 data->isoc_rx_ep = ep_desc; 2026 continue; 2027 } 2028 } 2029 2030 if (!data->isoc_tx_ep || !data->isoc_rx_ep) { 2031 bt_dev_err(hdev, "invalid SCO descriptors"); 2032 return -ENODEV; 2033 } 2034 2035 return 0; 2036} 2037 2038static int btusb_switch_alt_setting(struct hci_dev *hdev, int new_alts) 2039{ 2040 struct btusb_data *data = hci_get_drvdata(hdev); 2041 int err; 2042 2043 if (data->isoc_altsetting != new_alts) { 2044 unsigned long flags; 2045 2046 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2047 usb_kill_anchored_urbs(&data->isoc_anchor); 2048 2049 /* When isochronous alternate setting needs to be 2050 * changed, because SCO connection has been added 2051 * or removed, a packet fragment may be left in the 2052 * reassembling state. This could lead to wrongly 2053 * assembled fragments. 2054 * 2055 * Clear outstanding fragment when selecting a new 2056 * alternate setting. 2057 */ 2058 spin_lock_irqsave(&data->rxlock, flags); 2059 kfree_skb(data->sco_skb); 2060 data->sco_skb = NULL; 2061 spin_unlock_irqrestore(&data->rxlock, flags); 2062 2063 err = __set_isoc_interface(hdev, new_alts); 2064 if (err < 0) 2065 return err; 2066 } 2067 2068 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 2069 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) 2070 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2071 else 2072 btusb_submit_isoc_urb(hdev, GFP_KERNEL); 2073 } 2074 2075 return 0; 2076} 2077 2078static struct usb_host_interface *btusb_find_altsetting(struct btusb_data *data, 2079 int alt) 2080{ 2081 struct usb_interface *intf = data->isoc; 2082 int i; 2083 2084 BT_DBG("Looking for Alt no :%d", alt); 2085 2086 if (!intf) 2087 return NULL; 2088 2089 for (i = 0; i < intf->num_altsetting; i++) { 2090 if (intf->altsetting[i].desc.bAlternateSetting == alt) 2091 return &intf->altsetting[i]; 2092 } 2093 2094 return NULL; 2095} 2096 2097static void btusb_work(struct work_struct *work) 2098{ 2099 struct btusb_data *data = container_of(work, struct btusb_data, work); 2100 struct hci_dev *hdev = data->hdev; 2101 int new_alts = 0; 2102 int err; 2103 2104 if (data->sco_num > 0) { 2105 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { 2106 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); 2107 if (err < 0) { 2108 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 2109 usb_kill_anchored_urbs(&data->isoc_anchor); 2110 return; 2111 } 2112 2113 set_bit(BTUSB_DID_ISO_RESUME, &data->flags); 2114 } 2115 2116 if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_CVSD) { 2117 if (hdev->voice_setting & 0x0020) { 2118 static const int alts[3] = { 2, 4, 5 }; 2119 2120 new_alts = alts[data->sco_num - 1]; 2121 } else { 2122 new_alts = data->sco_num; 2123 } 2124 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) { 2125 /* Bluetooth USB spec recommends alt 6 (63 bytes), but 2126 * many adapters do not support it. Alt 1 appears to 2127 * work for all adapters that do not have alt 6, and 2128 * which work with WBS at all. Some devices prefer 2129 * alt 3 (HCI payload >= 60 Bytes let air packet 2130 * data satisfy 60 bytes), requiring 2131 * MTU >= 3 (packets) * 25 (size) - 3 (headers) = 72 2132 * see also Core spec 5, vol 4, B 2.1.1 & Table 2.1. 2133 */ 2134 if (btusb_find_altsetting(data, 6)) 2135 new_alts = 6; 2136 else if (btusb_find_altsetting(data, 3) && 2137 hdev->sco_mtu >= 72 && 2138 test_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags)) 2139 new_alts = 3; 2140 else 2141 new_alts = 1; 2142 } 2143 2144 if (btusb_switch_alt_setting(hdev, new_alts) < 0) 2145 bt_dev_err(hdev, "set USB alt:(%d) failed!", new_alts); 2146 } else { 2147 usb_kill_anchored_urbs(&data->isoc_anchor); 2148 2149 if (test_and_clear_bit(BTUSB_ISOC_RUNNING, &data->flags)) 2150 __set_isoc_interface(hdev, 0); 2151 2152 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) 2153 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); 2154 } 2155} 2156 2157static void btusb_waker(struct work_struct *work) 2158{ 2159 struct btusb_data *data = container_of(work, struct btusb_data, waker); 2160 int err; 2161 2162 err = usb_autopm_get_interface(data->intf); 2163 if (err < 0) 2164 return; 2165 2166 usb_autopm_put_interface(data->intf); 2167} 2168 2169static void btusb_rx_work(struct work_struct *work) 2170{ 2171 struct btusb_data *data = container_of(work, struct btusb_data, 2172 rx_work.work); 2173 struct sk_buff *skb; 2174 2175 /* Dequeue ACL data received during the interval */ 2176 while ((skb = skb_dequeue(&data->acl_q))) 2177 data->recv_acl(data->hdev, skb); 2178} 2179 2180static int btusb_setup_bcm92035(struct hci_dev *hdev) 2181{ 2182 struct sk_buff *skb; 2183 u8 val = 0x00; 2184 2185 BT_DBG("%s", hdev->name); 2186 2187 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); 2188 if (IS_ERR(skb)) 2189 bt_dev_err(hdev, "BCM92035 command failed (%ld)", PTR_ERR(skb)); 2190 else 2191 kfree_skb(skb); 2192 2193 return 0; 2194} 2195 2196static int btusb_setup_csr(struct hci_dev *hdev) 2197{ 2198 struct btusb_data *data = hci_get_drvdata(hdev); 2199 u16 bcdDevice = le16_to_cpu(data->udev->descriptor.bcdDevice); 2200 struct hci_rp_read_local_version *rp; 2201 struct sk_buff *skb; 2202 bool is_fake = false; 2203 int ret; 2204 2205 BT_DBG("%s", hdev->name); 2206 2207 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 2208 HCI_INIT_TIMEOUT); 2209 if (IS_ERR(skb)) { 2210 int err = PTR_ERR(skb); 2211 bt_dev_err(hdev, "CSR: Local version failed (%d)", err); 2212 return err; 2213 } 2214 2215 rp = skb_pull_data(skb, sizeof(*rp)); 2216 if (!rp) { 2217 bt_dev_err(hdev, "CSR: Local version length mismatch"); 2218 kfree_skb(skb); 2219 return -EIO; 2220 } 2221 2222 bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x", 2223 rp->hci_ver, le16_to_cpu(rp->hci_rev)); 2224 2225 bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u", 2226 rp->lmp_ver, le16_to_cpu(rp->lmp_subver), 2227 le16_to_cpu(rp->manufacturer)); 2228 2229 /* Detect a wide host of Chinese controllers that aren't CSR. 2230 * 2231 * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 2232 * 2233 * The main thing they have in common is that these are really popular low-cost 2234 * options that support newer Bluetooth versions but rely on heavy VID/PID 2235 * squatting of this poor old Bluetooth 1.1 device. Even sold as such. 2236 * 2237 * We detect actual CSR devices by checking that the HCI manufacturer code 2238 * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and 2239 * HCI rev values always match. As they both store the firmware number. 2240 */ 2241 if (le16_to_cpu(rp->manufacturer) != 10 || 2242 le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) 2243 is_fake = true; 2244 2245 /* Known legit CSR firmware build numbers and their supported BT versions: 2246 * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e 2247 * - 1.2 (0x2) -> 0x04d9, 0x0529 2248 * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c 2249 * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) 2250 * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb 2251 * 2252 * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that 2253 * support BT 1.1 only; so it's a dead giveaway when some 2254 * third-party BT 4.0 dongle reuses it. 2255 */ 2256 else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && 2257 rp->hci_ver > BLUETOOTH_VER_1_1) 2258 is_fake = true; 2259 2260 else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && 2261 rp->hci_ver > BLUETOOTH_VER_1_2) 2262 is_fake = true; 2263 2264 else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && 2265 rp->hci_ver > BLUETOOTH_VER_2_0) 2266 is_fake = true; 2267 2268 else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && 2269 rp->hci_ver > BLUETOOTH_VER_2_1) 2270 is_fake = true; 2271 2272 else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && 2273 rp->hci_ver > BLUETOOTH_VER_4_0) 2274 is_fake = true; 2275 2276 /* Other clones which beat all the above checks */ 2277 else if (bcdDevice == 0x0134 && 2278 le16_to_cpu(rp->lmp_subver) == 0x0c5c && 2279 rp->hci_ver == BLUETOOTH_VER_2_0) 2280 is_fake = true; 2281 2282 if (is_fake) { 2283 bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds and force-suspending once..."); 2284 2285 /* Generally these clones have big discrepancies between 2286 * advertised features and what's actually supported. 2287 * Probably will need to be expanded in the future; 2288 * without these the controller will lock up. 2289 */ 2290 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 2291 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); 2292 set_bit(HCI_QUIRK_BROKEN_FILTER_CLEAR_ALL, &hdev->quirks); 2293 set_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks); 2294 2295 /* Clear the reset quirk since this is not an actual 2296 * early Bluetooth 1.1 device from CSR. 2297 */ 2298 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 2299 clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2300 2301 /* 2302 * Special workaround for these BT 4.0 chip clones, and potentially more: 2303 * 2304 * - 0x0134: a Barrot 8041a02 (HCI rev: 0x0810 sub: 0x1012) 2305 * - 0x7558: IC markings FR3191AHAL 749H15143 (HCI rev/sub-version: 0x0709) 2306 * 2307 * These controllers are really messed-up. 2308 * 2309 * 1. Their bulk RX endpoint will never report any data unless 2310 * the device was suspended at least once (yes, really). 2311 * 2. They will not wakeup when autosuspended and receiving data 2312 * on their bulk RX endpoint from e.g. a keyboard or mouse 2313 * (IOW remote-wakeup support is broken for the bulk endpoint). 2314 * 2315 * To fix 1. enable runtime-suspend, force-suspend the 2316 * HCI and then wake-it up by disabling runtime-suspend. 2317 * 2318 * To fix 2. clear the HCI's can_wake flag, this way the HCI 2319 * will still be autosuspended when it is not open. 2320 * 2321 * -- 2322 * 2323 * Because these are widespread problems we prefer generic solutions; so 2324 * apply this initialization quirk to every controller that gets here, 2325 * it should be harmless. The alternative is to not work at all. 2326 */ 2327 pm_runtime_allow(&data->udev->dev); 2328 2329 ret = pm_runtime_suspend(&data->udev->dev); 2330 if (ret >= 0) 2331 msleep(200); 2332 else 2333 bt_dev_warn(hdev, "CSR: Couldn't suspend the device for our Barrot 8041a02 receive-issue workaround"); 2334 2335 pm_runtime_forbid(&data->udev->dev); 2336 2337 device_set_wakeup_capable(&data->udev->dev, false); 2338 2339 /* Re-enable autosuspend if this was requested */ 2340 if (enable_autosuspend) 2341 usb_enable_autosuspend(data->udev); 2342 } 2343 2344 kfree_skb(skb); 2345 2346 return 0; 2347} 2348 2349static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) 2350{ 2351 struct sk_buff *skb; 2352 struct hci_event_hdr *hdr; 2353 struct hci_ev_cmd_complete *evt; 2354 2355 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL); 2356 if (!skb) 2357 return -ENOMEM; 2358 2359 hdr = skb_put(skb, sizeof(*hdr)); 2360 hdr->evt = HCI_EV_CMD_COMPLETE; 2361 hdr->plen = sizeof(*evt) + 1; 2362 2363 evt = skb_put(skb, sizeof(*evt)); 2364 evt->ncmd = 0x01; 2365 evt->opcode = cpu_to_le16(opcode); 2366 2367 skb_put_u8(skb, 0x00); 2368 2369 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2370 2371 return hci_recv_frame(hdev, skb); 2372} 2373 2374static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, 2375 int count) 2376{ 2377 struct hci_dev *hdev = data->hdev; 2378 2379 /* When the device is in bootloader mode, then it can send 2380 * events via the bulk endpoint. These events are treated the 2381 * same way as the ones received from the interrupt endpoint. 2382 */ 2383 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) 2384 return btusb_recv_intr(data, buffer, count); 2385 2386 return btusb_recv_bulk(data, buffer, count); 2387} 2388 2389static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) 2390{ 2391 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2392 struct hci_event_hdr *hdr = (void *)skb->data; 2393 2394 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff && 2395 hdr->plen > 0) { 2396 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1; 2397 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1; 2398 2399 switch (skb->data[2]) { 2400 case 0x02: 2401 /* When switching to the operational firmware 2402 * the device sends a vendor specific event 2403 * indicating that the bootup completed. 2404 */ 2405 btintel_bootup(hdev, ptr, len); 2406 break; 2407 case 0x06: 2408 /* When the firmware loading completes the 2409 * device sends out a vendor specific event 2410 * indicating the result of the firmware 2411 * loading. 2412 */ 2413 btintel_secure_send_result(hdev, ptr, len); 2414 break; 2415 } 2416 } 2417 } 2418 2419 return hci_recv_frame(hdev, skb); 2420} 2421 2422static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) 2423{ 2424 struct urb *urb; 2425 2426 BT_DBG("%s", hdev->name); 2427 2428 switch (hci_skb_pkt_type(skb)) { 2429 case HCI_COMMAND_PKT: 2430 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2431 struct hci_command_hdr *cmd = (void *)skb->data; 2432 __u16 opcode = le16_to_cpu(cmd->opcode); 2433 2434 /* When in bootloader mode and the command 0xfc09 2435 * is received, it needs to be send down the 2436 * bulk endpoint. So allocate a bulk URB instead. 2437 */ 2438 if (opcode == 0xfc09) 2439 urb = alloc_bulk_urb(hdev, skb); 2440 else 2441 urb = alloc_ctrl_urb(hdev, skb); 2442 2443 /* When the 0xfc01 command is issued to boot into 2444 * the operational firmware, it will actually not 2445 * send a command complete event. To keep the flow 2446 * control working inject that event here. 2447 */ 2448 if (opcode == 0xfc01) 2449 inject_cmd_complete(hdev, opcode); 2450 } else { 2451 urb = alloc_ctrl_urb(hdev, skb); 2452 } 2453 if (IS_ERR(urb)) 2454 return PTR_ERR(urb); 2455 2456 hdev->stat.cmd_tx++; 2457 return submit_or_queue_tx_urb(hdev, urb); 2458 2459 case HCI_ACLDATA_PKT: 2460 urb = alloc_bulk_urb(hdev, skb); 2461 if (IS_ERR(urb)) 2462 return PTR_ERR(urb); 2463 2464 hdev->stat.acl_tx++; 2465 return submit_or_queue_tx_urb(hdev, urb); 2466 2467 case HCI_SCODATA_PKT: 2468 if (hci_conn_num(hdev, SCO_LINK) < 1) 2469 return -ENODEV; 2470 2471 urb = alloc_isoc_urb(hdev, skb); 2472 if (IS_ERR(urb)) 2473 return PTR_ERR(urb); 2474 2475 hdev->stat.sco_tx++; 2476 return submit_tx_urb(hdev, urb); 2477 2478 case HCI_ISODATA_PKT: 2479 urb = alloc_bulk_urb(hdev, skb); 2480 if (IS_ERR(urb)) 2481 return PTR_ERR(urb); 2482 2483 return submit_or_queue_tx_urb(hdev, urb); 2484 } 2485 2486 return -EILSEQ; 2487} 2488 2489static int btusb_setup_realtek(struct hci_dev *hdev) 2490{ 2491 struct btusb_data *data = hci_get_drvdata(hdev); 2492 int ret; 2493 2494 ret = btrtl_setup_realtek(hdev); 2495 2496 if (btrealtek_test_flag(data->hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP)) 2497 set_bit(BTUSB_ALT6_CONTINUOUS_TX, &data->flags); 2498 2499 return ret; 2500} 2501 2502/* UHW CR mapping */ 2503#define MTK_BT_MISC 0x70002510 2504#define MTK_BT_SUBSYS_RST 0x70002610 2505#define MTK_UDMA_INT_STA_BT 0x74000024 2506#define MTK_UDMA_INT_STA_BT1 0x74000308 2507#define MTK_BT_WDT_STATUS 0x740003A0 2508#define MTK_EP_RST_OPT 0x74011890 2509#define MTK_EP_RST_IN_OUT_OPT 0x00010001 2510#define MTK_BT_RST_DONE 0x00000100 2511#define MTK_BT_RESET_WAIT_MS 100 2512#define MTK_BT_RESET_NUM_TRIES 10 2513 2514static void btusb_mtk_wmt_recv(struct urb *urb) 2515{ 2516 struct hci_dev *hdev = urb->context; 2517 struct btusb_data *data = hci_get_drvdata(hdev); 2518 struct sk_buff *skb; 2519 int err; 2520 2521 if (urb->status == 0 && urb->actual_length > 0) { 2522 hdev->stat.byte_rx += urb->actual_length; 2523 2524 /* WMT event shouldn't be fragmented and the size should be 2525 * less than HCI_WMT_MAX_EVENT_SIZE. 2526 */ 2527 skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC); 2528 if (!skb) { 2529 hdev->stat.err_rx++; 2530 kfree(urb->setup_packet); 2531 return; 2532 } 2533 2534 hci_skb_pkt_type(skb) = HCI_EVENT_PKT; 2535 skb_put_data(skb, urb->transfer_buffer, urb->actual_length); 2536 2537 /* When someone waits for the WMT event, the skb is being cloned 2538 * and being processed the events from there then. 2539 */ 2540 if (test_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags)) { 2541 data->evt_skb = skb_clone(skb, GFP_ATOMIC); 2542 if (!data->evt_skb) { 2543 kfree_skb(skb); 2544 kfree(urb->setup_packet); 2545 return; 2546 } 2547 } 2548 2549 err = hci_recv_frame(hdev, skb); 2550 if (err < 0) { 2551 kfree_skb(data->evt_skb); 2552 data->evt_skb = NULL; 2553 kfree(urb->setup_packet); 2554 return; 2555 } 2556 2557 if (test_and_clear_bit(BTUSB_TX_WAIT_VND_EVT, 2558 &data->flags)) { 2559 /* Barrier to sync with other CPUs */ 2560 smp_mb__after_atomic(); 2561 wake_up_bit(&data->flags, 2562 BTUSB_TX_WAIT_VND_EVT); 2563 } 2564 kfree(urb->setup_packet); 2565 return; 2566 } else if (urb->status == -ENOENT) { 2567 /* Avoid suspend failed when usb_kill_urb */ 2568 return; 2569 } 2570 2571 usb_mark_last_busy(data->udev); 2572 2573 /* The URB complete handler is still called with urb->actual_length = 0 2574 * when the event is not available, so we should keep re-submitting 2575 * URB until WMT event returns, Also, It's necessary to wait some time 2576 * between the two consecutive control URBs to relax the target device 2577 * to generate the event. Otherwise, the WMT event cannot return from 2578 * the device successfully. 2579 */ 2580 udelay(500); 2581 2582 usb_anchor_urb(urb, &data->ctrl_anchor); 2583 err = usb_submit_urb(urb, GFP_ATOMIC); 2584 if (err < 0) { 2585 kfree(urb->setup_packet); 2586 /* -EPERM: urb is being killed; 2587 * -ENODEV: device got disconnected 2588 */ 2589 if (err != -EPERM && err != -ENODEV) 2590 bt_dev_err(hdev, "urb %p failed to resubmit (%d)", 2591 urb, -err); 2592 usb_unanchor_urb(urb); 2593 } 2594} 2595 2596static int btusb_mtk_submit_wmt_recv_urb(struct hci_dev *hdev) 2597{ 2598 struct btusb_data *data = hci_get_drvdata(hdev); 2599 struct usb_ctrlrequest *dr; 2600 unsigned char *buf; 2601 int err, size = 64; 2602 unsigned int pipe; 2603 struct urb *urb; 2604 2605 urb = usb_alloc_urb(0, GFP_KERNEL); 2606 if (!urb) 2607 return -ENOMEM; 2608 2609 dr = kmalloc(sizeof(*dr), GFP_KERNEL); 2610 if (!dr) { 2611 usb_free_urb(urb); 2612 return -ENOMEM; 2613 } 2614 2615 dr->bRequestType = USB_TYPE_VENDOR | USB_DIR_IN; 2616 dr->bRequest = 1; 2617 dr->wIndex = cpu_to_le16(0); 2618 dr->wValue = cpu_to_le16(48); 2619 dr->wLength = cpu_to_le16(size); 2620 2621 buf = kmalloc(size, GFP_KERNEL); 2622 if (!buf) { 2623 kfree(dr); 2624 usb_free_urb(urb); 2625 return -ENOMEM; 2626 } 2627 2628 pipe = usb_rcvctrlpipe(data->udev, 0); 2629 2630 usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, 2631 buf, size, btusb_mtk_wmt_recv, hdev); 2632 2633 urb->transfer_flags |= URB_FREE_BUFFER; 2634 2635 usb_anchor_urb(urb, &data->ctrl_anchor); 2636 err = usb_submit_urb(urb, GFP_KERNEL); 2637 if (err < 0) { 2638 if (err != -EPERM && err != -ENODEV) 2639 bt_dev_err(hdev, "urb %p submission failed (%d)", 2640 urb, -err); 2641 usb_unanchor_urb(urb); 2642 } 2643 2644 usb_free_urb(urb); 2645 2646 return err; 2647} 2648 2649static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev, 2650 struct btmtk_hci_wmt_params *wmt_params) 2651{ 2652 struct btusb_data *data = hci_get_drvdata(hdev); 2653 struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc; 2654 u32 hlen, status = BTMTK_WMT_INVALID; 2655 struct btmtk_hci_wmt_evt *wmt_evt; 2656 struct btmtk_hci_wmt_cmd *wc; 2657 struct btmtk_wmt_hdr *hdr; 2658 int err; 2659 2660 /* Send the WMT command and wait until the WMT event returns */ 2661 hlen = sizeof(*hdr) + wmt_params->dlen; 2662 if (hlen > 255) 2663 return -EINVAL; 2664 2665 wc = kzalloc(hlen, GFP_KERNEL); 2666 if (!wc) 2667 return -ENOMEM; 2668 2669 hdr = &wc->hdr; 2670 hdr->dir = 1; 2671 hdr->op = wmt_params->op; 2672 hdr->dlen = cpu_to_le16(wmt_params->dlen + 1); 2673 hdr->flag = wmt_params->flag; 2674 memcpy(wc->data, wmt_params->data, wmt_params->dlen); 2675 2676 set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2677 2678 /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling, 2679 * it needs constantly polling control pipe until the host received the 2680 * WMT event, thus, we should require to specifically acquire PM counter 2681 * on the USB to prevent the interface from entering auto suspended 2682 * while WMT cmd/event in progress. 2683 */ 2684 err = usb_autopm_get_interface(data->intf); 2685 if (err < 0) 2686 goto err_free_wc; 2687 2688 err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc); 2689 2690 if (err < 0) { 2691 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2692 usb_autopm_put_interface(data->intf); 2693 goto err_free_wc; 2694 } 2695 2696 /* Submit control IN URB on demand to process the WMT event */ 2697 err = btusb_mtk_submit_wmt_recv_urb(hdev); 2698 2699 usb_autopm_put_interface(data->intf); 2700 2701 if (err < 0) 2702 goto err_free_wc; 2703 2704 /* The vendor specific WMT commands are all answered by a vendor 2705 * specific event and will have the Command Status or Command 2706 * Complete as with usual HCI command flow control. 2707 * 2708 * After sending the command, wait for BTUSB_TX_WAIT_VND_EVT 2709 * state to be cleared. The driver specific event receive routine 2710 * will clear that state and with that indicate completion of the 2711 * WMT command. 2712 */ 2713 err = wait_on_bit_timeout(&data->flags, BTUSB_TX_WAIT_VND_EVT, 2714 TASK_INTERRUPTIBLE, HCI_INIT_TIMEOUT); 2715 if (err == -EINTR) { 2716 bt_dev_err(hdev, "Execution of wmt command interrupted"); 2717 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2718 goto err_free_wc; 2719 } 2720 2721 if (err) { 2722 bt_dev_err(hdev, "Execution of wmt command timed out"); 2723 clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags); 2724 err = -ETIMEDOUT; 2725 goto err_free_wc; 2726 } 2727 2728 /* Parse and handle the return WMT event */ 2729 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; 2730 if (wmt_evt->whdr.op != hdr->op) { 2731 bt_dev_err(hdev, "Wrong op received %d expected %d", 2732 wmt_evt->whdr.op, hdr->op); 2733 err = -EIO; 2734 goto err_free_skb; 2735 } 2736 2737 switch (wmt_evt->whdr.op) { 2738 case BTMTK_WMT_SEMAPHORE: 2739 if (wmt_evt->whdr.flag == 2) 2740 status = BTMTK_WMT_PATCH_UNDONE; 2741 else 2742 status = BTMTK_WMT_PATCH_DONE; 2743 break; 2744 case BTMTK_WMT_FUNC_CTRL: 2745 wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; 2746 if (be16_to_cpu(wmt_evt_funcc->status) == 0x404) 2747 status = BTMTK_WMT_ON_DONE; 2748 else if (be16_to_cpu(wmt_evt_funcc->status) == 0x420) 2749 status = BTMTK_WMT_ON_PROGRESS; 2750 else 2751 status = BTMTK_WMT_ON_UNDONE; 2752 break; 2753 case BTMTK_WMT_PATCH_DWNLD: 2754 if (wmt_evt->whdr.flag == 2) 2755 status = BTMTK_WMT_PATCH_DONE; 2756 else if (wmt_evt->whdr.flag == 1) 2757 status = BTMTK_WMT_PATCH_PROGRESS; 2758 else 2759 status = BTMTK_WMT_PATCH_UNDONE; 2760 break; 2761 } 2762 2763 if (wmt_params->status) 2764 *wmt_params->status = status; 2765 2766err_free_skb: 2767 kfree_skb(data->evt_skb); 2768 data->evt_skb = NULL; 2769err_free_wc: 2770 kfree(wc); 2771 return err; 2772} 2773 2774static int btusb_mtk_func_query(struct hci_dev *hdev) 2775{ 2776 struct btmtk_hci_wmt_params wmt_params; 2777 int status, err; 2778 u8 param = 0; 2779 2780 /* Query whether the function is enabled */ 2781 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2782 wmt_params.flag = 4; 2783 wmt_params.dlen = sizeof(param); 2784 wmt_params.data = &param; 2785 wmt_params.status = &status; 2786 2787 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2788 if (err < 0) { 2789 bt_dev_err(hdev, "Failed to query function status (%d)", err); 2790 return err; 2791 } 2792 2793 return status; 2794} 2795 2796static int btusb_mtk_uhw_reg_write(struct btusb_data *data, u32 reg, u32 val) 2797{ 2798 struct hci_dev *hdev = data->hdev; 2799 int pipe, err; 2800 void *buf; 2801 2802 buf = kzalloc(4, GFP_KERNEL); 2803 if (!buf) 2804 return -ENOMEM; 2805 2806 put_unaligned_le32(val, buf); 2807 2808 pipe = usb_sndctrlpipe(data->udev, 0); 2809 err = usb_control_msg(data->udev, pipe, 0x02, 2810 0x5E, 2811 reg >> 16, reg & 0xffff, 2812 buf, 4, USB_CTRL_SET_TIMEOUT); 2813 if (err < 0) { 2814 bt_dev_err(hdev, "Failed to write uhw reg(%d)", err); 2815 goto err_free_buf; 2816 } 2817 2818err_free_buf: 2819 kfree(buf); 2820 2821 return err; 2822} 2823 2824static int btusb_mtk_uhw_reg_read(struct btusb_data *data, u32 reg, u32 *val) 2825{ 2826 struct hci_dev *hdev = data->hdev; 2827 int pipe, err; 2828 void *buf; 2829 2830 buf = kzalloc(4, GFP_KERNEL); 2831 if (!buf) 2832 return -ENOMEM; 2833 2834 pipe = usb_rcvctrlpipe(data->udev, 0); 2835 err = usb_control_msg(data->udev, pipe, 0x01, 2836 0xDE, 2837 reg >> 16, reg & 0xffff, 2838 buf, 4, USB_CTRL_SET_TIMEOUT); 2839 if (err < 0) { 2840 bt_dev_err(hdev, "Failed to read uhw reg(%d)", err); 2841 goto err_free_buf; 2842 } 2843 2844 *val = get_unaligned_le32(buf); 2845 bt_dev_dbg(hdev, "reg=%x, value=0x%08x", reg, *val); 2846 2847err_free_buf: 2848 kfree(buf); 2849 2850 return err; 2851} 2852 2853static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val) 2854{ 2855 int pipe, err, size = sizeof(u32); 2856 void *buf; 2857 2858 buf = kzalloc(size, GFP_KERNEL); 2859 if (!buf) 2860 return -ENOMEM; 2861 2862 pipe = usb_rcvctrlpipe(data->udev, 0); 2863 err = usb_control_msg(data->udev, pipe, 0x63, 2864 USB_TYPE_VENDOR | USB_DIR_IN, 2865 reg >> 16, reg & 0xffff, 2866 buf, size, USB_CTRL_SET_TIMEOUT); 2867 if (err < 0) 2868 goto err_free_buf; 2869 2870 *val = get_unaligned_le32(buf); 2871 2872err_free_buf: 2873 kfree(buf); 2874 2875 return err; 2876} 2877 2878static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id) 2879{ 2880 return btusb_mtk_reg_read(data, reg, id); 2881} 2882 2883static int btusb_mtk_setup(struct hci_dev *hdev) 2884{ 2885 struct btusb_data *data = hci_get_drvdata(hdev); 2886 struct btmtk_hci_wmt_params wmt_params; 2887 ktime_t calltime, delta, rettime; 2888 struct btmtk_tci_sleep tci_sleep; 2889 unsigned long long duration; 2890 struct sk_buff *skb; 2891 const char *fwname; 2892 int err, status; 2893 u32 dev_id; 2894 char fw_bin_name[64]; 2895 u32 fw_version = 0; 2896 u8 param; 2897 2898 calltime = ktime_get(); 2899 2900 err = btusb_mtk_id_get(data, 0x80000008, &dev_id); 2901 if (err < 0) { 2902 bt_dev_err(hdev, "Failed to get device id (%d)", err); 2903 return err; 2904 } 2905 2906 if (!dev_id) { 2907 err = btusb_mtk_id_get(data, 0x70010200, &dev_id); 2908 if (err < 0) { 2909 bt_dev_err(hdev, "Failed to get device id (%d)", err); 2910 return err; 2911 } 2912 err = btusb_mtk_id_get(data, 0x80021004, &fw_version); 2913 if (err < 0) { 2914 bt_dev_err(hdev, "Failed to get fw version (%d)", err); 2915 return err; 2916 } 2917 } 2918 2919 switch (dev_id) { 2920 case 0x7663: 2921 fwname = FIRMWARE_MT7663; 2922 break; 2923 case 0x7668: 2924 fwname = FIRMWARE_MT7668; 2925 break; 2926 case 0x7922: 2927 case 0x7961: 2928 snprintf(fw_bin_name, sizeof(fw_bin_name), 2929 "mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin", 2930 dev_id & 0xffff, (fw_version & 0xff) + 1); 2931 err = btmtk_setup_firmware_79xx(hdev, fw_bin_name, 2932 btusb_mtk_hci_wmt_sync); 2933 if (err < 0) { 2934 bt_dev_err(hdev, "Failed to set up firmware (%d)", err); 2935 return err; 2936 } 2937 2938 /* It's Device EndPoint Reset Option Register */ 2939 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 2940 2941 /* Enable Bluetooth protocol */ 2942 param = 1; 2943 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2944 wmt_params.flag = 0; 2945 wmt_params.dlen = sizeof(param); 2946 wmt_params.data = &param; 2947 wmt_params.status = NULL; 2948 2949 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2950 if (err < 0) { 2951 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 2952 return err; 2953 } 2954 2955 hci_set_msft_opcode(hdev, 0xFD30); 2956 hci_set_aosp_capable(hdev); 2957 goto done; 2958 default: 2959 bt_dev_err(hdev, "Unsupported hardware variant (%08x)", 2960 dev_id); 2961 return -ENODEV; 2962 } 2963 2964 /* Query whether the firmware is already download */ 2965 wmt_params.op = BTMTK_WMT_SEMAPHORE; 2966 wmt_params.flag = 1; 2967 wmt_params.dlen = 0; 2968 wmt_params.data = NULL; 2969 wmt_params.status = &status; 2970 2971 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2972 if (err < 0) { 2973 bt_dev_err(hdev, "Failed to query firmware status (%d)", err); 2974 return err; 2975 } 2976 2977 if (status == BTMTK_WMT_PATCH_DONE) { 2978 bt_dev_info(hdev, "firmware already downloaded"); 2979 goto ignore_setup_fw; 2980 } 2981 2982 /* Setup a firmware which the device definitely requires */ 2983 err = btmtk_setup_firmware(hdev, fwname, 2984 btusb_mtk_hci_wmt_sync); 2985 if (err < 0) 2986 return err; 2987 2988ignore_setup_fw: 2989 err = readx_poll_timeout(btusb_mtk_func_query, hdev, status, 2990 status < 0 || status != BTMTK_WMT_ON_PROGRESS, 2991 2000, 5000000); 2992 /* -ETIMEDOUT happens */ 2993 if (err < 0) 2994 return err; 2995 2996 /* The other errors happen in btusb_mtk_func_query */ 2997 if (status < 0) 2998 return status; 2999 3000 if (status == BTMTK_WMT_ON_DONE) { 3001 bt_dev_info(hdev, "function already on"); 3002 goto ignore_func_on; 3003 } 3004 3005 /* Enable Bluetooth protocol */ 3006 param = 1; 3007 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 3008 wmt_params.flag = 0; 3009 wmt_params.dlen = sizeof(param); 3010 wmt_params.data = &param; 3011 wmt_params.status = NULL; 3012 3013 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 3014 if (err < 0) { 3015 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 3016 return err; 3017 } 3018 3019ignore_func_on: 3020 /* Apply the low power environment setup */ 3021 tci_sleep.mode = 0x5; 3022 tci_sleep.duration = cpu_to_le16(0x640); 3023 tci_sleep.host_duration = cpu_to_le16(0x640); 3024 tci_sleep.host_wakeup_pin = 0; 3025 tci_sleep.time_compensation = 0; 3026 3027 skb = __hci_cmd_sync(hdev, 0xfc7a, sizeof(tci_sleep), &tci_sleep, 3028 HCI_INIT_TIMEOUT); 3029 if (IS_ERR(skb)) { 3030 err = PTR_ERR(skb); 3031 bt_dev_err(hdev, "Failed to apply low power setting (%d)", err); 3032 return err; 3033 } 3034 kfree_skb(skb); 3035 3036done: 3037 rettime = ktime_get(); 3038 delta = ktime_sub(rettime, calltime); 3039 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 3040 3041 bt_dev_info(hdev, "Device setup in %llu usecs", duration); 3042 3043 return 0; 3044} 3045 3046static int btusb_mtk_shutdown(struct hci_dev *hdev) 3047{ 3048 struct btmtk_hci_wmt_params wmt_params; 3049 u8 param = 0; 3050 int err; 3051 3052 /* Disable the device */ 3053 wmt_params.op = BTMTK_WMT_FUNC_CTRL; 3054 wmt_params.flag = 0; 3055 wmt_params.dlen = sizeof(param); 3056 wmt_params.data = &param; 3057 wmt_params.status = NULL; 3058 3059 err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 3060 if (err < 0) { 3061 bt_dev_err(hdev, "Failed to send wmt func ctrl (%d)", err); 3062 return err; 3063 } 3064 3065 return 0; 3066} 3067 3068static void btusb_mtk_cmd_timeout(struct hci_dev *hdev) 3069{ 3070 struct btusb_data *data = hci_get_drvdata(hdev); 3071 u32 val; 3072 int err, retry = 0; 3073 3074 /* It's MediaTek specific bluetooth reset mechanism via USB */ 3075 if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) { 3076 bt_dev_err(hdev, "last reset failed? Not resetting again"); 3077 return; 3078 } 3079 3080 err = usb_autopm_get_interface(data->intf); 3081 if (err < 0) 3082 return; 3083 3084 btusb_stop_traffic(data); 3085 usb_kill_anchored_urbs(&data->tx_anchor); 3086 3087 /* It's Device EndPoint Reset Option Register */ 3088 bt_dev_dbg(hdev, "Initiating reset mechanism via uhw"); 3089 btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT); 3090 btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val); 3091 3092 /* Reset the bluetooth chip via USB interface. */ 3093 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1); 3094 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF); 3095 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val); 3096 btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF); 3097 btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val); 3098 /* MT7921 need to delay 20ms between toggle reset bit */ 3099 msleep(20); 3100 btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0); 3101 btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val); 3102 3103 /* Poll the register until reset is completed */ 3104 do { 3105 btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val); 3106 if (val & MTK_BT_RST_DONE) { 3107 bt_dev_dbg(hdev, "Bluetooth Reset Successfully"); 3108 break; 3109 } 3110 3111 bt_dev_dbg(hdev, "Polling Bluetooth Reset CR"); 3112 retry++; 3113 msleep(MTK_BT_RESET_WAIT_MS); 3114 } while (retry < MTK_BT_RESET_NUM_TRIES); 3115 3116 btusb_mtk_id_get(data, 0x70010200, &val); 3117 if (!val) 3118 bt_dev_err(hdev, "Can't get device id, subsys reset fail."); 3119 3120 usb_queue_reset_device(data->intf); 3121 3122 clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags); 3123} 3124 3125static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb) 3126{ 3127 struct btusb_data *data = hci_get_drvdata(hdev); 3128 u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle); 3129 3130 switch (handle) { 3131 case 0xfc6f: /* Firmware dump from device */ 3132 /* When the firmware hangs, the device can no longer 3133 * suspend and thus disable auto-suspend. 3134 */ 3135 usb_disable_autosuspend(data->udev); 3136 fallthrough; 3137 case 0x05ff: /* Firmware debug logging 1 */ 3138 case 0x05fe: /* Firmware debug logging 2 */ 3139 return hci_recv_diag(hdev, skb); 3140 } 3141 3142 return hci_recv_frame(hdev, skb); 3143} 3144 3145#ifdef CONFIG_PM 3146/* Configure an out-of-band gpio as wake-up pin, if specified in device tree */ 3147static int marvell_config_oob_wake(struct hci_dev *hdev) 3148{ 3149 struct sk_buff *skb; 3150 struct btusb_data *data = hci_get_drvdata(hdev); 3151 struct device *dev = &data->udev->dev; 3152 u16 pin, gap, opcode; 3153 int ret; 3154 u8 cmd[5]; 3155 3156 /* Move on if no wakeup pin specified */ 3157 if (of_property_read_u16(dev->of_node, "marvell,wakeup-pin", &pin) || 3158 of_property_read_u16(dev->of_node, "marvell,wakeup-gap-ms", &gap)) 3159 return 0; 3160 3161 /* Vendor specific command to configure a GPIO as wake-up pin */ 3162 opcode = hci_opcode_pack(0x3F, 0x59); 3163 cmd[0] = opcode & 0xFF; 3164 cmd[1] = opcode >> 8; 3165 cmd[2] = 2; /* length of parameters that follow */ 3166 cmd[3] = pin; 3167 cmd[4] = gap; /* time in ms, for which wakeup pin should be asserted */ 3168 3169 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 3170 if (!skb) { 3171 bt_dev_err(hdev, "%s: No memory", __func__); 3172 return -ENOMEM; 3173 } 3174 3175 skb_put_data(skb, cmd, sizeof(cmd)); 3176 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 3177 3178 ret = btusb_send_frame(hdev, skb); 3179 if (ret) { 3180 bt_dev_err(hdev, "%s: configuration failed", __func__); 3181 kfree_skb(skb); 3182 return ret; 3183 } 3184 3185 return 0; 3186} 3187#endif 3188 3189static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, 3190 const bdaddr_t *bdaddr) 3191{ 3192 struct sk_buff *skb; 3193 u8 buf[8]; 3194 long ret; 3195 3196 buf[0] = 0xfe; 3197 buf[1] = sizeof(bdaddr_t); 3198 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); 3199 3200 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3201 if (IS_ERR(skb)) { 3202 ret = PTR_ERR(skb); 3203 bt_dev_err(hdev, "changing Marvell device address failed (%ld)", 3204 ret); 3205 return ret; 3206 } 3207 kfree_skb(skb); 3208 3209 return 0; 3210} 3211 3212static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, 3213 const bdaddr_t *bdaddr) 3214{ 3215 struct sk_buff *skb; 3216 u8 buf[10]; 3217 long ret; 3218 3219 buf[0] = 0x01; 3220 buf[1] = 0x01; 3221 buf[2] = 0x00; 3222 buf[3] = sizeof(bdaddr_t); 3223 memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); 3224 3225 skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); 3226 if (IS_ERR(skb)) { 3227 ret = PTR_ERR(skb); 3228 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3229 return ret; 3230 } 3231 kfree_skb(skb); 3232 3233 return 0; 3234} 3235 3236static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev, 3237 const bdaddr_t *bdaddr) 3238{ 3239 struct sk_buff *skb; 3240 u8 buf[6]; 3241 long ret; 3242 3243 memcpy(buf, bdaddr, sizeof(bdaddr_t)); 3244 3245 skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf, 3246 HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 3247 if (IS_ERR(skb)) { 3248 ret = PTR_ERR(skb); 3249 bt_dev_err(hdev, "Change address command failed (%ld)", ret); 3250 return ret; 3251 } 3252 kfree_skb(skb); 3253 3254 return 0; 3255} 3256 3257#define QCA_DFU_PACKET_LEN 4096 3258 3259#define QCA_GET_TARGET_VERSION 0x09 3260#define QCA_CHECK_STATUS 0x05 3261#define QCA_DFU_DOWNLOAD 0x01 3262 3263#define QCA_SYSCFG_UPDATED 0x40 3264#define QCA_PATCH_UPDATED 0x80 3265#define QCA_DFU_TIMEOUT 3000 3266#define QCA_FLAG_MULTI_NVM 0x80 3267#define QCA_BT_RESET_WAIT_MS 100 3268 3269#define WCN6855_2_0_RAM_VERSION_GF 0x400c1200 3270#define WCN6855_2_1_RAM_VERSION_GF 0x400c1211 3271 3272struct qca_version { 3273 __le32 rom_version; 3274 __le32 patch_version; 3275 __le32 ram_version; 3276 __u8 chip_id; 3277 __u8 platform_id; 3278 __le16 flag; 3279 __u8 reserved[4]; 3280} __packed; 3281 3282struct qca_rampatch_version { 3283 __le16 rom_version_high; 3284 __le16 rom_version_low; 3285 __le16 patch_version; 3286} __packed; 3287 3288struct qca_device_info { 3289 u32 rom_version; 3290 u8 rampatch_hdr; /* length of header in rampatch */ 3291 u8 nvm_hdr; /* length of header in NVM */ 3292 u8 ver_offset; /* offset of version structure in rampatch */ 3293}; 3294 3295static const struct qca_device_info qca_devices_table[] = { 3296 { 0x00000100, 20, 4, 8 }, /* Rome 1.0 */ 3297 { 0x00000101, 20, 4, 8 }, /* Rome 1.1 */ 3298 { 0x00000200, 28, 4, 16 }, /* Rome 2.0 */ 3299 { 0x00000201, 28, 4, 16 }, /* Rome 2.1 */ 3300 { 0x00000300, 28, 4, 16 }, /* Rome 3.0 */ 3301 { 0x00000302, 28, 4, 16 }, /* Rome 3.2 */ 3302 { 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */ 3303 { 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */ 3304 { 0x00130201, 40, 4, 16 }, /* WCN6855 2.1 */ 3305 { 0x00190200, 40, 4, 16 }, /* WCN785x 2.0 */ 3306}; 3307 3308static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request, 3309 void *data, u16 size) 3310{ 3311 int pipe, err; 3312 u8 *buf; 3313 3314 buf = kmalloc(size, GFP_KERNEL); 3315 if (!buf) 3316 return -ENOMEM; 3317 3318 /* Found some of USB hosts have IOT issues with ours so that we should 3319 * not wait until HCI layer is ready. 3320 */ 3321 pipe = usb_rcvctrlpipe(udev, 0); 3322 err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, 3323 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3324 if (err < 0) { 3325 dev_err(&udev->dev, "Failed to access otp area (%d)", err); 3326 goto done; 3327 } 3328 3329 memcpy(data, buf, size); 3330 3331done: 3332 kfree(buf); 3333 3334 return err; 3335} 3336 3337static int btusb_setup_qca_download_fw(struct hci_dev *hdev, 3338 const struct firmware *firmware, 3339 size_t hdr_size) 3340{ 3341 struct btusb_data *btdata = hci_get_drvdata(hdev); 3342 struct usb_device *udev = btdata->udev; 3343 size_t count, size, sent = 0; 3344 int pipe, len, err; 3345 u8 *buf; 3346 3347 buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); 3348 if (!buf) 3349 return -ENOMEM; 3350 3351 count = firmware->size; 3352 3353 size = min_t(size_t, count, hdr_size); 3354 memcpy(buf, firmware->data, size); 3355 3356 /* USB patches should go down to controller through USB path 3357 * because binary format fits to go down through USB channel. 3358 * USB control path is for patching headers and USB bulk is for 3359 * patch body. 3360 */ 3361 pipe = usb_sndctrlpipe(udev, 0); 3362 err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, 3363 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); 3364 if (err < 0) { 3365 bt_dev_err(hdev, "Failed to send headers (%d)", err); 3366 goto done; 3367 } 3368 3369 sent += size; 3370 count -= size; 3371 3372 /* ep2 need time to switch from function acl to function dfu, 3373 * so we add 20ms delay here. 3374 */ 3375 msleep(20); 3376 3377 while (count) { 3378 size = min_t(size_t, count, QCA_DFU_PACKET_LEN); 3379 3380 memcpy(buf, firmware->data + sent, size); 3381 3382 pipe = usb_sndbulkpipe(udev, 0x02); 3383 err = usb_bulk_msg(udev, pipe, buf, size, &len, 3384 QCA_DFU_TIMEOUT); 3385 if (err < 0) { 3386 bt_dev_err(hdev, "Failed to send body at %zd of %zd (%d)", 3387 sent, firmware->size, err); 3388 break; 3389 } 3390 3391 if (size != len) { 3392 bt_dev_err(hdev, "Failed to get bulk buffer"); 3393 err = -EILSEQ; 3394 break; 3395 } 3396 3397 sent += size; 3398 count -= size; 3399 } 3400 3401done: 3402 kfree(buf); 3403 return err; 3404} 3405 3406static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, 3407 struct qca_version *ver, 3408 const struct qca_device_info *info) 3409{ 3410 struct qca_rampatch_version *rver; 3411 const struct firmware *fw; 3412 u32 ver_rom, ver_patch, rver_rom; 3413 u16 rver_rom_low, rver_rom_high, rver_patch; 3414 char fwname[64]; 3415 int err; 3416 3417 ver_rom = le32_to_cpu(ver->rom_version); 3418 ver_patch = le32_to_cpu(ver->patch_version); 3419 3420 snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", ver_rom); 3421 3422 err = request_firmware(&fw, fwname, &hdev->dev); 3423 if (err) { 3424 bt_dev_err(hdev, "failed to request rampatch file: %s (%d)", 3425 fwname, err); 3426 return err; 3427 } 3428 3429 bt_dev_info(hdev, "using rampatch file: %s", fwname); 3430 3431 rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); 3432 rver_rom_low = le16_to_cpu(rver->rom_version_low); 3433 rver_patch = le16_to_cpu(rver->patch_version); 3434 3435 if (ver_rom & ~0xffffU) { 3436 rver_rom_high = le16_to_cpu(rver->rom_version_high); 3437 rver_rom = rver_rom_high << 16 | rver_rom_low; 3438 } else { 3439 rver_rom = rver_rom_low; 3440 } 3441 3442 bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, " 3443 "firmware rome 0x%x build 0x%x", 3444 rver_rom, rver_patch, ver_rom, ver_patch); 3445 3446 if (rver_rom != ver_rom || rver_patch <= ver_patch) { 3447 bt_dev_err(hdev, "rampatch file version did not match with firmware"); 3448 err = -EINVAL; 3449 goto done; 3450 } 3451 3452 err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); 3453 3454done: 3455 release_firmware(fw); 3456 3457 return err; 3458} 3459 3460static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, 3461 const struct qca_version *ver) 3462{ 3463 u32 rom_version = le32_to_cpu(ver->rom_version); 3464 u16 flag = le16_to_cpu(ver->flag); 3465 3466 if (((flag >> 8) & 0xff) == QCA_FLAG_MULTI_NVM) { 3467 /* The board_id should be split into two bytes 3468 * The 1st byte is chip ID, and the 2nd byte is platform ID 3469 * For example, board ID 0x010A, 0x01 is platform ID. 0x0A is chip ID 3470 * we have several platforms, and platform IDs are continuously added 3471 * Platform ID: 3472 * 0x00 is for Mobile 3473 * 0x01 is for X86 3474 * 0x02 is for Automotive 3475 * 0x03 is for Consumer electronic 3476 */ 3477 u16 board_id = (ver->chip_id << 8) + ver->platform_id; 3478 const char *variant; 3479 3480 switch (le32_to_cpu(ver->ram_version)) { 3481 case WCN6855_2_0_RAM_VERSION_GF: 3482 case WCN6855_2_1_RAM_VERSION_GF: 3483 variant = "_gf"; 3484 break; 3485 default: 3486 variant = ""; 3487 break; 3488 } 3489 3490 if (board_id == 0) { 3491 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s.bin", 3492 rom_version, variant); 3493 } else { 3494 snprintf(fwname, max_size, "qca/nvm_usb_%08x%s_%04x.bin", 3495 rom_version, variant, board_id); 3496 } 3497 } else { 3498 snprintf(fwname, max_size, "qca/nvm_usb_%08x.bin", 3499 rom_version); 3500 } 3501 3502} 3503 3504static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, 3505 struct qca_version *ver, 3506 const struct qca_device_info *info) 3507{ 3508 const struct firmware *fw; 3509 char fwname[64]; 3510 int err; 3511 3512 btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); 3513 3514 err = request_firmware(&fw, fwname, &hdev->dev); 3515 if (err) { 3516 bt_dev_err(hdev, "failed to request NVM file: %s (%d)", 3517 fwname, err); 3518 return err; 3519 } 3520 3521 bt_dev_info(hdev, "using NVM file: %s", fwname); 3522 3523 err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); 3524 3525 release_firmware(fw); 3526 3527 return err; 3528} 3529 3530/* identify the ROM version and check whether patches are needed */ 3531static bool btusb_qca_need_patch(struct usb_device *udev) 3532{ 3533 struct qca_version ver; 3534 3535 if (btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3536 sizeof(ver)) < 0) 3537 return false; 3538 /* only low ROM versions need patches */ 3539 return !(le32_to_cpu(ver.rom_version) & ~0xffffU); 3540} 3541 3542static int btusb_setup_qca(struct hci_dev *hdev) 3543{ 3544 struct btusb_data *btdata = hci_get_drvdata(hdev); 3545 struct usb_device *udev = btdata->udev; 3546 const struct qca_device_info *info = NULL; 3547 struct qca_version ver; 3548 u32 ver_rom; 3549 u8 status; 3550 int i, err; 3551 3552 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3553 sizeof(ver)); 3554 if (err < 0) 3555 return err; 3556 3557 ver_rom = le32_to_cpu(ver.rom_version); 3558 3559 for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { 3560 if (ver_rom == qca_devices_table[i].rom_version) 3561 info = &qca_devices_table[i]; 3562 } 3563 if (!info) { 3564 /* If the rom_version is not matched in the qca_devices_table 3565 * and the high ROM version is not zero, we assume this chip no 3566 * need to load the rampatch and nvm. 3567 */ 3568 if (ver_rom & ~0xffffU) 3569 return 0; 3570 3571 bt_dev_err(hdev, "don't support firmware rome 0x%x", ver_rom); 3572 return -ENODEV; 3573 } 3574 3575 err = btusb_qca_send_vendor_req(udev, QCA_CHECK_STATUS, &status, 3576 sizeof(status)); 3577 if (err < 0) 3578 return err; 3579 3580 if (!(status & QCA_PATCH_UPDATED)) { 3581 err = btusb_setup_qca_load_rampatch(hdev, &ver, info); 3582 if (err < 0) 3583 return err; 3584 } 3585 3586 err = btusb_qca_send_vendor_req(udev, QCA_GET_TARGET_VERSION, &ver, 3587 sizeof(ver)); 3588 if (err < 0) 3589 return err; 3590 3591 if (!(status & QCA_SYSCFG_UPDATED)) { 3592 err = btusb_setup_qca_load_nvm(hdev, &ver, info); 3593 if (err < 0) 3594 return err; 3595 3596 /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so 3597 * wait ~100ms for reset Done then go ahead, otherwise, it maybe 3598 * cause potential enable failure. 3599 */ 3600 if (info->rom_version >= 0x00130201) 3601 msleep(QCA_BT_RESET_WAIT_MS); 3602 } 3603 3604 /* Mark HCI_OP_ENHANCED_SETUP_SYNC_CONN as broken as it doesn't seem to 3605 * work with the likes of HSP/HFP mSBC. 3606 */ 3607 set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks); 3608 3609 return 0; 3610} 3611 3612static inline int __set_diag_interface(struct hci_dev *hdev) 3613{ 3614 struct btusb_data *data = hci_get_drvdata(hdev); 3615 struct usb_interface *intf = data->diag; 3616 int i; 3617 3618 if (!data->diag) 3619 return -ENODEV; 3620 3621 data->diag_tx_ep = NULL; 3622 data->diag_rx_ep = NULL; 3623 3624 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3625 struct usb_endpoint_descriptor *ep_desc; 3626 3627 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3628 3629 if (!data->diag_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3630 data->diag_tx_ep = ep_desc; 3631 continue; 3632 } 3633 3634 if (!data->diag_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3635 data->diag_rx_ep = ep_desc; 3636 continue; 3637 } 3638 } 3639 3640 if (!data->diag_tx_ep || !data->diag_rx_ep) { 3641 bt_dev_err(hdev, "invalid diagnostic descriptors"); 3642 return -ENODEV; 3643 } 3644 3645 return 0; 3646} 3647 3648static struct urb *alloc_diag_urb(struct hci_dev *hdev, bool enable) 3649{ 3650 struct btusb_data *data = hci_get_drvdata(hdev); 3651 struct sk_buff *skb; 3652 struct urb *urb; 3653 unsigned int pipe; 3654 3655 if (!data->diag_tx_ep) 3656 return ERR_PTR(-ENODEV); 3657 3658 urb = usb_alloc_urb(0, GFP_KERNEL); 3659 if (!urb) 3660 return ERR_PTR(-ENOMEM); 3661 3662 skb = bt_skb_alloc(2, GFP_KERNEL); 3663 if (!skb) { 3664 usb_free_urb(urb); 3665 return ERR_PTR(-ENOMEM); 3666 } 3667 3668 skb_put_u8(skb, 0xf0); 3669 skb_put_u8(skb, enable); 3670 3671 pipe = usb_sndbulkpipe(data->udev, data->diag_tx_ep->bEndpointAddress); 3672 3673 usb_fill_bulk_urb(urb, data->udev, pipe, 3674 skb->data, skb->len, btusb_tx_complete, skb); 3675 3676 skb->dev = (void *)hdev; 3677 3678 return urb; 3679} 3680 3681static int btusb_bcm_set_diag(struct hci_dev *hdev, bool enable) 3682{ 3683 struct btusb_data *data = hci_get_drvdata(hdev); 3684 struct urb *urb; 3685 3686 if (!data->diag) 3687 return -ENODEV; 3688 3689 if (!test_bit(HCI_RUNNING, &hdev->flags)) 3690 return -ENETDOWN; 3691 3692 urb = alloc_diag_urb(hdev, enable); 3693 if (IS_ERR(urb)) 3694 return PTR_ERR(urb); 3695 3696 return submit_or_queue_tx_urb(hdev, urb); 3697} 3698 3699#ifdef CONFIG_PM 3700static irqreturn_t btusb_oob_wake_handler(int irq, void *priv) 3701{ 3702 struct btusb_data *data = priv; 3703 3704 pm_wakeup_event(&data->udev->dev, 0); 3705 pm_system_wakeup(); 3706 3707 /* Disable only if not already disabled (keep it balanced) */ 3708 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 3709 disable_irq_nosync(irq); 3710 disable_irq_wake(irq); 3711 } 3712 return IRQ_HANDLED; 3713} 3714 3715static const struct of_device_id btusb_match_table[] = { 3716 { .compatible = "usb1286,204e" }, 3717 { .compatible = "usbcf3,e300" }, /* QCA6174A */ 3718 { .compatible = "usb4ca,301a" }, /* QCA6174A (Lite-On) */ 3719 { } 3720}; 3721MODULE_DEVICE_TABLE(of, btusb_match_table); 3722 3723/* Use an oob wakeup pin? */ 3724static int btusb_config_oob_wake(struct hci_dev *hdev) 3725{ 3726 struct btusb_data *data = hci_get_drvdata(hdev); 3727 struct device *dev = &data->udev->dev; 3728 int irq, ret; 3729 3730 clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 3731 3732 if (!of_match_device(btusb_match_table, dev)) 3733 return 0; 3734 3735 /* Move on if no IRQ specified */ 3736 irq = of_irq_get_byname(dev->of_node, "wakeup"); 3737 if (irq <= 0) { 3738 bt_dev_dbg(hdev, "%s: no OOB Wakeup IRQ in DT", __func__); 3739 return 0; 3740 } 3741 3742 irq_set_status_flags(irq, IRQ_NOAUTOEN); 3743 ret = devm_request_irq(&hdev->dev, irq, btusb_oob_wake_handler, 3744 0, "OOB Wake-on-BT", data); 3745 if (ret) { 3746 bt_dev_err(hdev, "%s: IRQ request failed", __func__); 3747 return ret; 3748 } 3749 3750 ret = device_init_wakeup(dev, true); 3751 if (ret) { 3752 bt_dev_err(hdev, "%s: failed to init_wakeup", __func__); 3753 return ret; 3754 } 3755 3756 data->oob_wake_irq = irq; 3757 bt_dev_info(hdev, "OOB Wake-on-BT configured at IRQ %u", irq); 3758 return 0; 3759} 3760#endif 3761 3762static void btusb_check_needs_reset_resume(struct usb_interface *intf) 3763{ 3764 if (dmi_check_system(btusb_needs_reset_resume_table)) 3765 interface_to_usbdev(intf)->quirks |= USB_QUIRK_RESET_RESUME; 3766} 3767 3768static bool btusb_wakeup(struct hci_dev *hdev) 3769{ 3770 struct btusb_data *data = hci_get_drvdata(hdev); 3771 3772 return device_may_wakeup(&data->udev->dev); 3773} 3774 3775static int btusb_shutdown_qca(struct hci_dev *hdev) 3776{ 3777 struct sk_buff *skb; 3778 3779 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 3780 if (IS_ERR(skb)) { 3781 bt_dev_err(hdev, "HCI reset during shutdown failed"); 3782 return PTR_ERR(skb); 3783 } 3784 kfree_skb(skb); 3785 3786 return 0; 3787} 3788 3789static ssize_t force_poll_sync_read(struct file *file, char __user *user_buf, 3790 size_t count, loff_t *ppos) 3791{ 3792 struct btusb_data *data = file->private_data; 3793 char buf[3]; 3794 3795 buf[0] = data->poll_sync ? 'Y' : 'N'; 3796 buf[1] = '\n'; 3797 buf[2] = '\0'; 3798 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 3799} 3800 3801static ssize_t force_poll_sync_write(struct file *file, 3802 const char __user *user_buf, 3803 size_t count, loff_t *ppos) 3804{ 3805 struct btusb_data *data = file->private_data; 3806 bool enable; 3807 int err; 3808 3809 err = kstrtobool_from_user(user_buf, count, &enable); 3810 if (err) 3811 return err; 3812 3813 /* Only allow changes while the adapter is down */ 3814 if (test_bit(HCI_UP, &data->hdev->flags)) 3815 return -EPERM; 3816 3817 if (data->poll_sync == enable) 3818 return -EALREADY; 3819 3820 data->poll_sync = enable; 3821 3822 return count; 3823} 3824 3825static const struct file_operations force_poll_sync_fops = { 3826 .open = simple_open, 3827 .read = force_poll_sync_read, 3828 .write = force_poll_sync_write, 3829 .llseek = default_llseek, 3830}; 3831 3832static int btusb_probe(struct usb_interface *intf, 3833 const struct usb_device_id *id) 3834{ 3835 struct usb_endpoint_descriptor *ep_desc; 3836 struct gpio_desc *reset_gpio; 3837 struct btusb_data *data; 3838 struct hci_dev *hdev; 3839 unsigned ifnum_base; 3840 int i, err, priv_size; 3841 3842 BT_DBG("intf %p id %p", intf, id); 3843 3844 /* interface numbers are hardcoded in the spec */ 3845 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) { 3846 if (!(id->driver_info & BTUSB_IFNUM_2)) 3847 return -ENODEV; 3848 if (intf->cur_altsetting->desc.bInterfaceNumber != 2) 3849 return -ENODEV; 3850 } 3851 3852 ifnum_base = intf->cur_altsetting->desc.bInterfaceNumber; 3853 3854 if (!id->driver_info) { 3855 const struct usb_device_id *match; 3856 3857 match = usb_match_id(intf, blacklist_table); 3858 if (match) 3859 id = match; 3860 } 3861 3862 if (id->driver_info == BTUSB_IGNORE) 3863 return -ENODEV; 3864 3865 if (id->driver_info & BTUSB_ATH3012) { 3866 struct usb_device *udev = interface_to_usbdev(intf); 3867 3868 /* Old firmware would otherwise let ath3k driver load 3869 * patch and sysconfig files 3870 */ 3871 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001 && 3872 !btusb_qca_need_patch(udev)) 3873 return -ENODEV; 3874 } 3875 3876 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); 3877 if (!data) 3878 return -ENOMEM; 3879 3880 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { 3881 ep_desc = &intf->cur_altsetting->endpoint[i].desc; 3882 3883 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { 3884 data->intr_ep = ep_desc; 3885 continue; 3886 } 3887 3888 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { 3889 data->bulk_tx_ep = ep_desc; 3890 continue; 3891 } 3892 3893 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { 3894 data->bulk_rx_ep = ep_desc; 3895 continue; 3896 } 3897 } 3898 3899 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) 3900 return -ENODEV; 3901 3902 if (id->driver_info & BTUSB_AMP) { 3903 data->cmdreq_type = USB_TYPE_CLASS | 0x01; 3904 data->cmdreq = 0x2b; 3905 } else { 3906 data->cmdreq_type = USB_TYPE_CLASS; 3907 data->cmdreq = 0x00; 3908 } 3909 3910 data->udev = interface_to_usbdev(intf); 3911 data->intf = intf; 3912 3913 INIT_WORK(&data->work, btusb_work); 3914 INIT_WORK(&data->waker, btusb_waker); 3915 INIT_DELAYED_WORK(&data->rx_work, btusb_rx_work); 3916 3917 skb_queue_head_init(&data->acl_q); 3918 3919 init_usb_anchor(&data->deferred); 3920 init_usb_anchor(&data->tx_anchor); 3921 spin_lock_init(&data->txlock); 3922 3923 init_usb_anchor(&data->intr_anchor); 3924 init_usb_anchor(&data->bulk_anchor); 3925 init_usb_anchor(&data->isoc_anchor); 3926 init_usb_anchor(&data->diag_anchor); 3927 init_usb_anchor(&data->ctrl_anchor); 3928 spin_lock_init(&data->rxlock); 3929 3930 priv_size = 0; 3931 3932 data->recv_event = hci_recv_frame; 3933 data->recv_bulk = btusb_recv_bulk; 3934 3935 if (id->driver_info & BTUSB_INTEL_COMBINED) { 3936 /* Allocate extra space for Intel device */ 3937 priv_size += sizeof(struct btintel_data); 3938 3939 /* Override the rx handlers */ 3940 data->recv_event = btusb_recv_event_intel; 3941 data->recv_bulk = btusb_recv_bulk_intel; 3942 } else if (id->driver_info & BTUSB_REALTEK) { 3943 /* Allocate extra space for Realtek device */ 3944 priv_size += sizeof(struct btrealtek_data); 3945 } 3946 3947 data->recv_acl = hci_recv_frame; 3948 3949 hdev = hci_alloc_dev_priv(priv_size); 3950 if (!hdev) 3951 return -ENOMEM; 3952 3953 hdev->bus = HCI_USB; 3954 hci_set_drvdata(hdev, data); 3955 3956 if (id->driver_info & BTUSB_AMP) 3957 hdev->dev_type = HCI_AMP; 3958 else 3959 hdev->dev_type = HCI_PRIMARY; 3960 3961 data->hdev = hdev; 3962 3963 SET_HCIDEV_DEV(hdev, &intf->dev); 3964 3965 reset_gpio = gpiod_get_optional(&data->udev->dev, "reset", 3966 GPIOD_OUT_LOW); 3967 if (IS_ERR(reset_gpio)) { 3968 err = PTR_ERR(reset_gpio); 3969 goto out_free_dev; 3970 } else if (reset_gpio) { 3971 data->reset_gpio = reset_gpio; 3972 } 3973 3974 hdev->open = btusb_open; 3975 hdev->close = btusb_close; 3976 hdev->flush = btusb_flush; 3977 hdev->send = btusb_send_frame; 3978 hdev->notify = btusb_notify; 3979 hdev->wakeup = btusb_wakeup; 3980 3981#ifdef CONFIG_PM 3982 err = btusb_config_oob_wake(hdev); 3983 if (err) 3984 goto out_free_dev; 3985 3986 /* Marvell devices may need a specific chip configuration */ 3987 if (id->driver_info & BTUSB_MARVELL && data->oob_wake_irq) { 3988 err = marvell_config_oob_wake(hdev); 3989 if (err) 3990 goto out_free_dev; 3991 } 3992#endif 3993 if (id->driver_info & BTUSB_CW6622) 3994 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3995 3996 if (id->driver_info & BTUSB_BCM2045) 3997 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 3998 3999 if (id->driver_info & BTUSB_BCM92035) 4000 hdev->setup = btusb_setup_bcm92035; 4001 4002 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4003 (id->driver_info & BTUSB_BCM_PATCHRAM)) { 4004 hdev->manufacturer = 15; 4005 hdev->setup = btbcm_setup_patchram; 4006 hdev->set_diag = btusb_bcm_set_diag; 4007 hdev->set_bdaddr = btbcm_set_bdaddr; 4008 4009 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4010 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4011 } 4012 4013 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && 4014 (id->driver_info & BTUSB_BCM_APPLE)) { 4015 hdev->manufacturer = 15; 4016 hdev->setup = btbcm_setup_apple; 4017 hdev->set_diag = btusb_bcm_set_diag; 4018 4019 /* Broadcom LM_DIAG Interface numbers are hardcoded */ 4020 data->diag = usb_ifnum_to_if(data->udev, ifnum_base + 2); 4021 } 4022 4023 /* Combined Intel Device setup to support multiple setup routine */ 4024 if (id->driver_info & BTUSB_INTEL_COMBINED) { 4025 err = btintel_configure_setup(hdev); 4026 if (err) 4027 goto out_free_dev; 4028 4029 /* Transport specific configuration */ 4030 hdev->send = btusb_send_frame_intel; 4031 hdev->cmd_timeout = btusb_intel_cmd_timeout; 4032 4033 if (id->driver_info & BTUSB_INTEL_NO_WBS_SUPPORT) 4034 btintel_set_flag(hdev, INTEL_ROM_LEGACY_NO_WBS_SUPPORT); 4035 4036 if (id->driver_info & BTUSB_INTEL_BROKEN_INITIAL_NCMD) 4037 btintel_set_flag(hdev, INTEL_BROKEN_INITIAL_NCMD); 4038 4039 if (id->driver_info & BTUSB_INTEL_BROKEN_SHUTDOWN_LED) 4040 btintel_set_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED); 4041 } 4042 4043 if (id->driver_info & BTUSB_MARVELL) 4044 hdev->set_bdaddr = btusb_set_bdaddr_marvell; 4045 4046 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_MTK) && 4047 (id->driver_info & BTUSB_MEDIATEK)) { 4048 hdev->setup = btusb_mtk_setup; 4049 hdev->shutdown = btusb_mtk_shutdown; 4050 hdev->manufacturer = 70; 4051 hdev->cmd_timeout = btusb_mtk_cmd_timeout; 4052 hdev->set_bdaddr = btmtk_set_bdaddr; 4053 set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks); 4054 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks); 4055 data->recv_acl = btusb_recv_acl_mtk; 4056 } 4057 4058 if (id->driver_info & BTUSB_SWAVE) { 4059 set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); 4060 set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); 4061 } 4062 4063 if (id->driver_info & BTUSB_INTEL_BOOT) { 4064 hdev->manufacturer = 2; 4065 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 4066 } 4067 4068 if (id->driver_info & BTUSB_ATH3012) { 4069 data->setup_on_usb = btusb_setup_qca; 4070 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4071 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4072 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 4073 } 4074 4075 if (id->driver_info & BTUSB_QCA_ROME) { 4076 data->setup_on_usb = btusb_setup_qca; 4077 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 4078 hdev->cmd_timeout = btusb_qca_cmd_timeout; 4079 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4080 btusb_check_needs_reset_resume(intf); 4081 } 4082 4083 if (id->driver_info & BTUSB_QCA_WCN6855) { 4084 data->setup_on_usb = btusb_setup_qca; 4085 hdev->shutdown = btusb_shutdown_qca; 4086 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855; 4087 hdev->cmd_timeout = btusb_qca_cmd_timeout; 4088 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4089 hci_set_msft_opcode(hdev, 0xFD70); 4090 } 4091 4092 if (id->driver_info & BTUSB_AMP) { 4093 /* AMP controllers do not support SCO packets */ 4094 data->isoc = NULL; 4095 } else { 4096 /* Interface orders are hardcoded in the specification */ 4097 data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 4098 data->isoc_ifnum = ifnum_base + 1; 4099 } 4100 4101 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && 4102 (id->driver_info & BTUSB_REALTEK)) { 4103 hdev->setup = btusb_setup_realtek; 4104 hdev->shutdown = btrtl_shutdown_realtek; 4105 hdev->cmd_timeout = btusb_rtl_cmd_timeout; 4106 4107 /* Realtek devices need to set remote wakeup on auto-suspend */ 4108 set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags); 4109 set_bit(BTUSB_USE_ALT3_FOR_WBS, &data->flags); 4110 } 4111 4112 if (id->driver_info & BTUSB_ACTIONS_SEMI) { 4113 /* Support is advertised, but not implemented */ 4114 set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); 4115 } 4116 4117 if (!reset) 4118 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 4119 4120 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { 4121 if (!disable_scofix) 4122 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 4123 } 4124 4125 if (id->driver_info & BTUSB_BROKEN_ISOC) 4126 data->isoc = NULL; 4127 4128 if (id->driver_info & BTUSB_WIDEBAND_SPEECH) 4129 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 4130 4131 if (id->driver_info & BTUSB_VALID_LE_STATES) 4132 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 4133 4134 if (id->driver_info & BTUSB_DIGIANSWER) { 4135 data->cmdreq_type = USB_TYPE_VENDOR; 4136 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 4137 } 4138 4139 if (id->driver_info & BTUSB_CSR) { 4140 struct usb_device *udev = data->udev; 4141 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); 4142 4143 /* Old firmware would otherwise execute USB reset */ 4144 if (bcdDevice < 0x117) 4145 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 4146 4147 /* This must be set first in case we disable it for fakes */ 4148 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4149 4150 /* Fake CSR devices with broken commands */ 4151 if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && 4152 le16_to_cpu(udev->descriptor.idProduct) == 0x0001) 4153 hdev->setup = btusb_setup_csr; 4154 } 4155 4156 if (id->driver_info & BTUSB_SNIFFER) { 4157 struct usb_device *udev = data->udev; 4158 4159 /* New sniffer firmware has crippled HCI interface */ 4160 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 4161 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 4162 } 4163 4164 if (id->driver_info & BTUSB_INTEL_BOOT) { 4165 /* A bug in the bootloader causes that interrupt interface is 4166 * only enabled after receiving SetInterface(0, AltSetting=0). 4167 */ 4168 err = usb_set_interface(data->udev, 0, 0); 4169 if (err < 0) { 4170 BT_ERR("failed to set interface 0, alt 0 %d", err); 4171 goto out_free_dev; 4172 } 4173 } 4174 4175 if (data->isoc) { 4176 err = usb_driver_claim_interface(&btusb_driver, 4177 data->isoc, data); 4178 if (err < 0) 4179 goto out_free_dev; 4180 } 4181 4182 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_BCM) && data->diag) { 4183 if (!usb_driver_claim_interface(&btusb_driver, 4184 data->diag, data)) 4185 __set_diag_interface(hdev); 4186 else 4187 data->diag = NULL; 4188 } 4189 4190 if (enable_autosuspend) 4191 usb_enable_autosuspend(data->udev); 4192 4193 data->poll_sync = enable_poll_sync; 4194 4195 err = hci_register_dev(hdev); 4196 if (err < 0) 4197 goto out_free_dev; 4198 4199 usb_set_intfdata(intf, data); 4200 4201 debugfs_create_file("force_poll_sync", 0644, hdev->debugfs, data, 4202 &force_poll_sync_fops); 4203 4204 return 0; 4205 4206out_free_dev: 4207 if (data->reset_gpio) 4208 gpiod_put(data->reset_gpio); 4209 hci_free_dev(hdev); 4210 return err; 4211} 4212 4213static void btusb_disconnect(struct usb_interface *intf) 4214{ 4215 struct btusb_data *data = usb_get_intfdata(intf); 4216 struct hci_dev *hdev; 4217 4218 BT_DBG("intf %p", intf); 4219 4220 if (!data) 4221 return; 4222 4223 hdev = data->hdev; 4224 usb_set_intfdata(data->intf, NULL); 4225 4226 if (data->isoc) 4227 usb_set_intfdata(data->isoc, NULL); 4228 4229 if (data->diag) 4230 usb_set_intfdata(data->diag, NULL); 4231 4232 hci_unregister_dev(hdev); 4233 4234 if (intf == data->intf) { 4235 if (data->isoc) 4236 usb_driver_release_interface(&btusb_driver, data->isoc); 4237 if (data->diag) 4238 usb_driver_release_interface(&btusb_driver, data->diag); 4239 } else if (intf == data->isoc) { 4240 if (data->diag) 4241 usb_driver_release_interface(&btusb_driver, data->diag); 4242 usb_driver_release_interface(&btusb_driver, data->intf); 4243 } else if (intf == data->diag) { 4244 usb_driver_release_interface(&btusb_driver, data->intf); 4245 if (data->isoc) 4246 usb_driver_release_interface(&btusb_driver, data->isoc); 4247 } 4248 4249 if (data->oob_wake_irq) 4250 device_init_wakeup(&data->udev->dev, false); 4251 4252 if (data->reset_gpio) 4253 gpiod_put(data->reset_gpio); 4254 4255 hci_free_dev(hdev); 4256} 4257 4258#ifdef CONFIG_PM 4259static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 4260{ 4261 struct btusb_data *data = usb_get_intfdata(intf); 4262 4263 BT_DBG("intf %p", intf); 4264 4265 if (data->suspend_count++) 4266 return 0; 4267 4268 spin_lock_irq(&data->txlock); 4269 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { 4270 set_bit(BTUSB_SUSPENDING, &data->flags); 4271 spin_unlock_irq(&data->txlock); 4272 } else { 4273 spin_unlock_irq(&data->txlock); 4274 data->suspend_count--; 4275 return -EBUSY; 4276 } 4277 4278 cancel_work_sync(&data->work); 4279 4280 btusb_stop_traffic(data); 4281 usb_kill_anchored_urbs(&data->tx_anchor); 4282 4283 if (data->oob_wake_irq && device_may_wakeup(&data->udev->dev)) { 4284 set_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags); 4285 enable_irq_wake(data->oob_wake_irq); 4286 enable_irq(data->oob_wake_irq); 4287 } 4288 4289 /* For global suspend, Realtek devices lose the loaded fw 4290 * in them. But for autosuspend, firmware should remain. 4291 * Actually, it depends on whether the usb host sends 4292 * set feature (enable wakeup) or not. 4293 */ 4294 if (test_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags)) { 4295 if (PMSG_IS_AUTO(message) && 4296 device_can_wakeup(&data->udev->dev)) 4297 data->udev->do_remote_wakeup = 1; 4298 else if (!PMSG_IS_AUTO(message) && 4299 !device_may_wakeup(&data->udev->dev)) { 4300 data->udev->do_remote_wakeup = 0; 4301 data->udev->reset_resume = 1; 4302 } 4303 } 4304 4305 return 0; 4306} 4307 4308static void play_deferred(struct btusb_data *data) 4309{ 4310 struct urb *urb; 4311 int err; 4312 4313 while ((urb = usb_get_from_anchor(&data->deferred))) { 4314 usb_anchor_urb(urb, &data->tx_anchor); 4315 4316 err = usb_submit_urb(urb, GFP_ATOMIC); 4317 if (err < 0) { 4318 if (err != -EPERM && err != -ENODEV) 4319 BT_ERR("%s urb %p submission failed (%d)", 4320 data->hdev->name, urb, -err); 4321 kfree(urb->setup_packet); 4322 usb_unanchor_urb(urb); 4323 usb_free_urb(urb); 4324 break; 4325 } 4326 4327 data->tx_in_flight++; 4328 usb_free_urb(urb); 4329 } 4330 4331 /* Cleanup the rest deferred urbs. */ 4332 while ((urb = usb_get_from_anchor(&data->deferred))) { 4333 kfree(urb->setup_packet); 4334 usb_free_urb(urb); 4335 } 4336} 4337 4338static int btusb_resume(struct usb_interface *intf) 4339{ 4340 struct btusb_data *data = usb_get_intfdata(intf); 4341 struct hci_dev *hdev = data->hdev; 4342 int err = 0; 4343 4344 BT_DBG("intf %p", intf); 4345 4346 if (--data->suspend_count) 4347 return 0; 4348 4349 /* Disable only if not already disabled (keep it balanced) */ 4350 if (test_and_clear_bit(BTUSB_OOB_WAKE_ENABLED, &data->flags)) { 4351 disable_irq(data->oob_wake_irq); 4352 disable_irq_wake(data->oob_wake_irq); 4353 } 4354 4355 if (!test_bit(HCI_RUNNING, &hdev->flags)) 4356 goto done; 4357 4358 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 4359 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 4360 if (err < 0) { 4361 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 4362 goto failed; 4363 } 4364 } 4365 4366 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { 4367 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 4368 if (err < 0) { 4369 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 4370 goto failed; 4371 } 4372 4373 btusb_submit_bulk_urb(hdev, GFP_NOIO); 4374 } 4375 4376 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 4377 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) 4378 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 4379 else 4380 btusb_submit_isoc_urb(hdev, GFP_NOIO); 4381 } 4382 4383 spin_lock_irq(&data->txlock); 4384 play_deferred(data); 4385 clear_bit(BTUSB_SUSPENDING, &data->flags); 4386 spin_unlock_irq(&data->txlock); 4387 schedule_work(&data->work); 4388 4389 return 0; 4390 4391failed: 4392 usb_scuttle_anchored_urbs(&data->deferred); 4393done: 4394 spin_lock_irq(&data->txlock); 4395 clear_bit(BTUSB_SUSPENDING, &data->flags); 4396 spin_unlock_irq(&data->txlock); 4397 4398 return err; 4399} 4400#endif 4401 4402static struct usb_driver btusb_driver = { 4403 .name = "btusb", 4404 .probe = btusb_probe, 4405 .disconnect = btusb_disconnect, 4406#ifdef CONFIG_PM 4407 .suspend = btusb_suspend, 4408 .resume = btusb_resume, 4409#endif 4410 .id_table = btusb_table, 4411 .supports_autosuspend = 1, 4412 .disable_hub_initiated_lpm = 1, 4413}; 4414 4415module_usb_driver(btusb_driver); 4416 4417module_param(disable_scofix, bool, 0644); 4418MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 4419 4420module_param(force_scofix, bool, 0644); 4421MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 4422 4423module_param(enable_autosuspend, bool, 0644); 4424MODULE_PARM_DESC(enable_autosuspend, "Enable USB autosuspend by default"); 4425 4426module_param(reset, bool, 0644); 4427MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 4428 4429MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4430MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); 4431MODULE_VERSION(VERSION); 4432MODULE_LICENSE("GPL");