drivers/bluetooth/btusb.c

   1 /*
   2  *
   3  *  Generic Bluetooth USB driver
   4  *
   5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
   6  *
   7  *
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU General Public License as published by
  10  *  the Free Software Foundation; either version 2 of the License, or
  11  *  (at your option) any later version.
  12  *
  13  *  This program is distributed in the hope that it will be useful,
  14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *  GNU General Public License for more details.
  17  *
  18  *  You should have received a copy of the GNU General Public License
  19  *  along with this program; if not, write to the Free Software
  20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  *
  22  */
  23
  24 #include <linux/kernel.h>
  25 #include <linux/module.h>
  26 #include <linux/init.h>
  27 #include <linux/slab.h>
  28 #include <linux/types.h>
  29 #include <linux/sched.h>
  30 #include <linux/errno.h>
  31 #include <linux/skbuff.h>
  32
  33 #include <linux/usb.h>
  34
  35 #include <net/bluetooth/bluetooth.h>
  36 #include <net/bluetooth/hci_core.h>
  37
  38 #define VERSION "0.6"
  39
  40 static int ignore_dga;
  41 static int ignore_csr;
  42 static int ignore_sniffer;
  43 static int disable_scofix;
  44 static int force_scofix;
  45
  46 static int reset = 1;
  47
  48 static struct usb_driver btusb_driver;
  49
  50 #define BTUSB_IGNORE            0x01
  51 #define BTUSB_DIGIANSWER        0x02
  52 #define BTUSB_CSR               0x04
  53 #define BTUSB_SNIFFER           0x08
  54 #define BTUSB_BCM92035          0x10
  55 #define BTUSB_BROKEN_ISOC       0x20
  56 #define BTUSB_WRONG_SCO_MTU     0x40
  57
  58 static struct usb_device_id btusb_table[] = {
  59         /* Generic Bluetooth USB device */
  60         { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
  61
  62         /* Apple MacBookPro 7,1 */
  63         { USB_DEVICE(0x05ac, 0x8213) },
  64
  65         /* Apple iMac11,1 */
  66         { USB_DEVICE(0x05ac, 0x8215) },
  67
  68         /* Apple MacBookPro6,2 */
  69         { USB_DEVICE(0x05ac, 0x8218) },
  70
  71         /* Apple MacBookAir3,1, MacBookAir3,2 */
  72         { USB_DEVICE(0x05ac, 0x821b) },
  73
  74         /* AVM BlueFRITZ! USB v2.0 */
  75         { USB_DEVICE(0x057c, 0x3800) },
  76
  77         /* Bluetooth Ultraport Module from IBM */
  78         { USB_DEVICE(0x04bf, 0x030a) },
  79
  80         /* ALPS Modules with non-standard id */
  81         { USB_DEVICE(0x044e, 0x3001) },
  82         { USB_DEVICE(0x044e, 0x3002) },
  83
  84         /* Ericsson with non-standard id */
  85         { USB_DEVICE(0x0bdb, 0x1002) },
  86
  87         /* Canyon CN-BTU1 with HID interfaces */
  88         { USB_DEVICE(0x0c10, 0x0000) },
  89
  90         { }     /* Terminating entry */
  91 };
  92
  93 MODULE_DEVICE_TABLE(usb, btusb_table);
  94
  95 static struct usb_device_id blacklist_table[] = {
  96         /* CSR BlueCore devices */
  97         { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
  98
  99         /* Broadcom BCM2033 without firmware */
 100         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
 101
 102         /* Atheros 3011 with sflash firmware */
 103         { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
 104
 105         /* Atheros AR9285 Malbec with sflash firmware */
 106         { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
 107
 108         /* Atheros 3012 with sflash firmware */
 109         { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_IGNORE },
 110
 111         /* Broadcom BCM2035 */
 112         { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
 113         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
 114         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
 115
 116         /* Broadcom BCM2045 */
 117         { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
 118         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
 119
 120         /* IBM/Lenovo ThinkPad with Broadcom chip */
 121         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
 122         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
 123
 124         /* HP laptop with Broadcom chip */
 125         { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
 126
 127         /* Dell laptop with Broadcom chip */
 128         { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
 129
 130         /* Dell Wireless 370 and 410 devices */
 131         { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
 132         { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
 133
 134         /* Belkin F8T012 and F8T013 devices */
 135         { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
 136         { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
 137
 138         /* Asus WL-BTD202 device */
 139         { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
 140
 141         /* Kensington Bluetooth USB adapter */
 142         { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
 143
 144         /* RTX Telecom based adapters with buggy SCO support */
 145         { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
 146         { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
 147
 148         /* CONWISE Technology based adapters with buggy SCO support */
 149         { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
 150
 151         /* Digianswer devices */
 152         { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
 153         { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
 154
 155         /* CSR BlueCore Bluetooth Sniffer */
 156         { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
 157
 158         /* Frontline ComProbe Bluetooth Sniffer */
 159         { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
 160
 161         { }     /* Terminating entry */
 162 };
 163
 164 #define BTUSB_MAX_ISOC_FRAMES   10
 165
 166 #define BTUSB_INTR_RUNNING      0
 167 #define BTUSB_BULK_RUNNING      1
 168 #define BTUSB_ISOC_RUNNING      2
 169 #define BTUSB_SUSPENDING        3
 170 #define BTUSB_DID_ISO_RESUME    4
 171
 172 struct btusb_data {
 173         struct hci_dev       *hdev;
 174         struct usb_device    *udev;
 175         struct usb_interface *intf;
 176         struct usb_interface *isoc;
 177
 178         spinlock_t lock;
 179
 180         unsigned long flags;
 181
 182         struct work_struct work;
 183         struct work_struct waker;
 184
 185         struct usb_anchor tx_anchor;
 186         struct usb_anchor intr_anchor;
 187         struct usb_anchor bulk_anchor;
 188         struct usb_anchor isoc_anchor;
 189         struct usb_anchor deferred;
 190         int tx_in_flight;
 191         spinlock_t txlock;
 192
 193         struct usb_endpoint_descriptor *intr_ep;
 194         struct usb_endpoint_descriptor *bulk_tx_ep;
 195         struct usb_endpoint_descriptor *bulk_rx_ep;
 196         struct usb_endpoint_descriptor *isoc_tx_ep;
 197         struct usb_endpoint_descriptor *isoc_rx_ep;
 198
 199         __u8 cmdreq_type;
 200
 201         unsigned int sco_num;
 202         int isoc_altsetting;
 203         int suspend_count;
 204 };
 205
 206 static int inc_tx(struct btusb_data *data)
 207 {
 208         unsigned long flags;
 209         int rv;
 210
 211         spin_lock_irqsave(&data->txlock, flags);
 212         rv = test_bit(BTUSB_SUSPENDING, &data->flags);
 213         if (!rv)
 214                 data->tx_in_flight++;
 215         spin_unlock_irqrestore(&data->txlock, flags);
 216
 217         return rv;
 218 }
 219
 220 static void btusb_intr_complete(struct urb *urb)
 221 {
 222         struct hci_dev *hdev = urb->context;
 223         struct btusb_data *data = hdev->driver_data;
 224         int err;
 225
 226         BT_DBG("%s urb %p status %d count %d", hdev->name,
 227                                         urb, urb->status, urb->actual_length);
 228
 229         if (!test_bit(HCI_RUNNING, &hdev->flags))
 230                 return;
 231
 232         if (urb->status == 0) {
 233                 hdev->stat.byte_rx += urb->actual_length;
 234
 235                 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
 236                                                 urb->transfer_buffer,
 237                                                 urb->actual_length) < 0) {
 238                         BT_ERR("%s corrupted event packet", hdev->name);
 239                         hdev->stat.err_rx++;
 240                 }
 241         }
 242
 243         if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
 244                 return;
 245
 246         usb_mark_last_busy(data->udev);
 247         usb_anchor_urb(urb, &data->intr_anchor);
 248
 249         err = usb_submit_urb(urb, GFP_ATOMIC);
 250         if (err < 0) {
 251                 if (err != -EPERM)
 252                         BT_ERR("%s urb %p failed to resubmit (%d)",
 253                                                 hdev->name, urb, -err);
 254                 usb_unanchor_urb(urb);
 255         }
 256 }
 257
 258 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
 259 {
 260         struct btusb_data *data = hdev->driver_data;
 261         struct urb *urb;
 262         unsigned char *buf;
 263         unsigned int pipe;
 264         int err, size;
 265
 266         BT_DBG("%s", hdev->name);
 267
 268         if (!data->intr_ep)
 269                 return -ENODEV;
 270
 271         urb = usb_alloc_urb(0, mem_flags);
 272         if (!urb)
 273                 return -ENOMEM;
 274
 275         size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
 276
 277         buf = kmalloc(size, mem_flags);
 278         if (!buf) {
 279                 usb_free_urb(urb);
 280                 return -ENOMEM;
 281         }
 282
 283         pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
 284
 285         usb_fill_int_urb(urb, data->udev, pipe, buf, size,
 286                                                 btusb_intr_complete, hdev,
 287                                                 data->intr_ep->bInterval);
 288
 289         urb->transfer_flags |= URB_FREE_BUFFER;
 290
 291         usb_anchor_urb(urb, &data->intr_anchor);
 292
 293         err = usb_submit_urb(urb, mem_flags);
 294         if (err < 0) {
 295                 BT_ERR("%s urb %p submission failed (%d)",
 296                                                 hdev->name, urb, -err);
 297                 usb_unanchor_urb(urb);
 298         }
 299
 300         usb_free_urb(urb);
 301
 302         return err;
 303 }
 304
 305 static void btusb_bulk_complete(struct urb *urb)
 306 {
 307         struct hci_dev *hdev = urb->context;
 308         struct btusb_data *data = hdev->driver_data;
 309         int err;
 310
 311         BT_DBG("%s urb %p status %d count %d", hdev->name,
 312                                         urb, urb->status, urb->actual_length);
 313
 314         if (!test_bit(HCI_RUNNING, &hdev->flags))
 315                 return;
 316
 317         if (urb->status == 0) {
 318                 hdev->stat.byte_rx += urb->actual_length;
 319
 320                 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
 321                                                 urb->transfer_buffer,
 322                                                 urb->actual_length) < 0) {
 323                         BT_ERR("%s corrupted ACL packet", hdev->name);
 324                         hdev->stat.err_rx++;
 325                 }
 326         }
 327
 328         if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
 329                 return;
 330
 331         usb_anchor_urb(urb, &data->bulk_anchor);
 332         usb_mark_last_busy(data->udev);
 333
 334         err = usb_submit_urb(urb, GFP_ATOMIC);
 335         if (err < 0) {
 336                 if (err != -EPERM)
 337                         BT_ERR("%s urb %p failed to resubmit (%d)",
 338                                                 hdev->name, urb, -err);
 339                 usb_unanchor_urb(urb);
 340         }
 341 }
 342
 343 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
 344 {
 345         struct btusb_data *data = hdev->driver_data;
 346         struct urb *urb;
 347         unsigned char *buf;
 348         unsigned int pipe;
 349         int err, size = HCI_MAX_FRAME_SIZE;
 350
 351         BT_DBG("%s", hdev->name);
 352
 353         if (!data->bulk_rx_ep)
 354                 return -ENODEV;
 355
 356         urb = usb_alloc_urb(0, mem_flags);
 357         if (!urb)
 358                 return -ENOMEM;
 359
 360         buf = kmalloc(size, mem_flags);
 361         if (!buf) {
 362                 usb_free_urb(urb);
 363                 return -ENOMEM;
 364         }
 365
 366         pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
 367
 368         usb_fill_bulk_urb(urb, data->udev, pipe,
 369                                         buf, size, btusb_bulk_complete, hdev);
 370
 371         urb->transfer_flags |= URB_FREE_BUFFER;
 372
 373         usb_mark_last_busy(data->udev);
 374         usb_anchor_urb(urb, &data->bulk_anchor);
 375
 376         err = usb_submit_urb(urb, mem_flags);
 377         if (err < 0) {
 378                 BT_ERR("%s urb %p submission failed (%d)",
 379                                                 hdev->name, urb, -err);
 380                 usb_unanchor_urb(urb);
 381         }
 382
 383         usb_free_urb(urb);
 384
 385         return err;
 386 }
 387
 388 static void btusb_isoc_complete(struct urb *urb)
 389 {
 390         struct hci_dev *hdev = urb->context;
 391         struct btusb_data *data = hdev->driver_data;
 392         int i, err;
 393
 394         BT_DBG("%s urb %p status %d count %d", hdev->name,
 395                                         urb, urb->status, urb->actual_length);
 396
 397         if (!test_bit(HCI_RUNNING, &hdev->flags))
 398                 return;
 399
 400         if (urb->status == 0) {
 401                 for (i = 0; i < urb->number_of_packets; i++) {
 402                         unsigned int offset = urb->iso_frame_desc[i].offset;
 403                         unsigned int length = urb->iso_frame_desc[i].actual_length;
 404
 405                         if (urb->iso_frame_desc[i].status)
 406                                 continue;
 407
 408                         hdev->stat.byte_rx += length;
 409
 410                         if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
 411                                                 urb->transfer_buffer + offset,
 412                                                                 length) < 0) {
 413                                 BT_ERR("%s corrupted SCO packet", hdev->name);
 414                                 hdev->stat.err_rx++;
 415                         }
 416                 }
 417         }
 418
 419         if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
 420                 return;
 421
 422         usb_anchor_urb(urb, &data->isoc_anchor);
 423
 424         err = usb_submit_urb(urb, GFP_ATOMIC);
 425         if (err < 0) {
 426                 if (err != -EPERM)
 427                         BT_ERR("%s urb %p failed to resubmit (%d)",
 428                                                 hdev->name, urb, -err);
 429                 usb_unanchor_urb(urb);
 430         }
 431 }
 432
 433 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
 434 {
 435         int i, offset = 0;
 436
 437         BT_DBG("len %d mtu %d", len, mtu);
 438
 439         for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
 440                                         i++, offset += mtu, len -= mtu) {
 441                 urb->iso_frame_desc[i].offset = offset;
 442                 urb->iso_frame_desc[i].length = mtu;
 443         }
 444
 445         if (len && i < BTUSB_MAX_ISOC_FRAMES) {
 446                 urb->iso_frame_desc[i].offset = offset;
 447                 urb->iso_frame_desc[i].length = len;
 448                 i++;
 449         }
 450
 451         urb->number_of_packets = i;
 452 }
 453
 454 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
 455 {
 456         struct btusb_data *data = hdev->driver_data;
 457         struct urb *urb;
 458         unsigned char *buf;
 459         unsigned int pipe;
 460         int err, size;
 461
 462         BT_DBG("%s", hdev->name);
 463
 464         if (!data->isoc_rx_ep)
 465                 return -ENODEV;
 466
 467         urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
 468         if (!urb)
 469                 return -ENOMEM;
 470
 471         size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
 472                                                 BTUSB_MAX_ISOC_FRAMES;
 473
 474         buf = kmalloc(size, mem_flags);
 475         if (!buf) {
 476                 usb_free_urb(urb);
 477                 return -ENOMEM;
 478         }
 479
 480         pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
 481
 482         urb->dev      = data->udev;
 483         urb->pipe     = pipe;
 484         urb->context  = hdev;
 485         urb->complete = btusb_isoc_complete;
 486         urb->interval = data->isoc_rx_ep->bInterval;
 487
 488         urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
 489         urb->transfer_buffer = buf;
 490         urb->transfer_buffer_length = size;
 491
 492         __fill_isoc_descriptor(urb, size,
 493                         le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
 494
 495         usb_anchor_urb(urb, &data->isoc_anchor);
 496
 497         err = usb_submit_urb(urb, mem_flags);
 498         if (err < 0) {
 499                 BT_ERR("%s urb %p submission failed (%d)",
 500                                                 hdev->name, urb, -err);
 501                 usb_unanchor_urb(urb);
 502         }
 503
 504         usb_free_urb(urb);
 505
 506         return err;
 507 }
 508
 509 static void btusb_tx_complete(struct urb *urb)
 510 {
 511         struct sk_buff *skb = urb->context;
 512         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 513         struct btusb_data *data = hdev->driver_data;
 514
 515         BT_DBG("%s urb %p status %d count %d", hdev->name,
 516                                         urb, urb->status, urb->actual_length);
 517
 518         if (!test_bit(HCI_RUNNING, &hdev->flags))
 519                 goto done;
 520
 521         if (!urb->status)
 522                 hdev->stat.byte_tx += urb->transfer_buffer_length;
 523         else
 524                 hdev->stat.err_tx++;
 525
 526 done:
 527         spin_lock(&data->txlock);
 528         data->tx_in_flight--;
 529         spin_unlock(&data->txlock);
 530
 531         kfree(urb->setup_packet);
 532
 533         kfree_skb(skb);
 534 }
 535
 536 static void btusb_isoc_tx_complete(struct urb *urb)
 537 {
 538         struct sk_buff *skb = urb->context;
 539         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 540
 541         BT_DBG("%s urb %p status %d count %d", hdev->name,
 542                                         urb, urb->status, urb->actual_length);
 543
 544         if (!test_bit(HCI_RUNNING, &hdev->flags))
 545                 goto done;
 546
 547         if (!urb->status)
 548                 hdev->stat.byte_tx += urb->transfer_buffer_length;
 549         else
 550                 hdev->stat.err_tx++;
 551
 552 done:
 553         kfree(urb->setup_packet);
 554
 555         kfree_skb(skb);
 556 }
 557
 558 static int btusb_open(struct hci_dev *hdev)
 559 {
 560         struct btusb_data *data = hdev->driver_data;
 561         int err;
 562
 563         BT_DBG("%s", hdev->name);
 564
 565         err = usb_autopm_get_interface(data->intf);
 566         if (err < 0)
 567                 return err;
 568
 569         data->intf->needs_remote_wakeup = 1;
 570
 571         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
 572                 goto done;
 573
 574         if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
 575                 goto done;
 576
 577         err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
 578         if (err < 0)
 579                 goto failed;
 580
 581         err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
 582         if (err < 0) {
 583                 usb_kill_anchored_urbs(&data->intr_anchor);
 584                 goto failed;
 585         }
 586
 587         set_bit(BTUSB_BULK_RUNNING, &data->flags);
 588         btusb_submit_bulk_urb(hdev, GFP_KERNEL);
 589
 590 done:
 591         usb_autopm_put_interface(data->intf);
 592         return 0;
 593
 594 failed:
 595         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
 596         clear_bit(HCI_RUNNING, &hdev->flags);
 597         usb_autopm_put_interface(data->intf);
 598         return err;
 599 }
 600
 601 static void btusb_stop_traffic(struct btusb_data *data)
 602 {
 603         usb_kill_anchored_urbs(&data->intr_anchor);
 604         usb_kill_anchored_urbs(&data->bulk_anchor);
 605         usb_kill_anchored_urbs(&data->isoc_anchor);
 606 }
 607
 608 static int btusb_close(struct hci_dev *hdev)
 609 {
 610         struct btusb_data *data = hdev->driver_data;
 611         int err;
 612
 613         BT_DBG("%s", hdev->name);
 614
 615         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
 616                 return 0;
 617
 618         cancel_work_sync(&data->work);
 619         cancel_work_sync(&data->waker);
 620
 621         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 622         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
 623         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
 624
 625         btusb_stop_traffic(data);
 626         err = usb_autopm_get_interface(data->intf);
 627         if (err < 0)
 628                 goto failed;
 629
 630         data->intf->needs_remote_wakeup = 0;
 631         usb_autopm_put_interface(data->intf);
 632
 633 failed:
 634         usb_scuttle_anchored_urbs(&data->deferred);
 635         return 0;
 636 }
 637
 638 static int btusb_flush(struct hci_dev *hdev)
 639 {
 640         struct btusb_data *data = hdev->driver_data;
 641
 642         BT_DBG("%s", hdev->name);
 643
 644         usb_kill_anchored_urbs(&data->tx_anchor);
 645
 646         return 0;
 647 }
 648
 649 static int btusb_send_frame(struct sk_buff *skb)
 650 {
 651         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 652         struct btusb_data *data = hdev->driver_data;
 653         struct usb_ctrlrequest *dr;
 654         struct urb *urb;
 655         unsigned int pipe;
 656         int err;
 657
 658         BT_DBG("%s", hdev->name);
 659
 660         if (!test_bit(HCI_RUNNING, &hdev->flags))
 661                 return -EBUSY;
 662
 663         switch (bt_cb(skb)->pkt_type) {
 664         case HCI_COMMAND_PKT:
 665                 urb = usb_alloc_urb(0, GFP_ATOMIC);
 666                 if (!urb)
 667                         return -ENOMEM;
 668
 669                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
 670                 if (!dr) {
 671                         usb_free_urb(urb);
 672                         return -ENOMEM;
 673                 }
 674
 675                 dr->bRequestType = data->cmdreq_type;
 676                 dr->bRequest     = 0;
 677                 dr->wIndex       = 0;
 678                 dr->wValue       = 0;
 679                 dr->wLength      = __cpu_to_le16(skb->len);
 680
 681                 pipe = usb_sndctrlpipe(data->udev, 0x00);
 682
 683                 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
 684                                 skb->data, skb->len, btusb_tx_complete, skb);
 685
 686                 hdev->stat.cmd_tx++;
 687                 break;
 688
 689         case HCI_ACLDATA_PKT:
 690                 if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
 691                         return -ENODEV;
 692
 693                 urb = usb_alloc_urb(0, GFP_ATOMIC);
 694                 if (!urb)
 695                         return -ENOMEM;
 696
 697                 pipe = usb_sndbulkpipe(data->udev,
 698                                         data->bulk_tx_ep->bEndpointAddress);
 699
 700                 usb_fill_bulk_urb(urb, data->udev, pipe,
 701                                 skb->data, skb->len, btusb_tx_complete, skb);
 702
 703                 hdev->stat.acl_tx++;
 704                 break;
 705
 706         case HCI_SCODATA_PKT:
 707                 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
 708                         return -ENODEV;
 709
 710                 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
 711                 if (!urb)
 712                         return -ENOMEM;
 713
 714                 pipe = usb_sndisocpipe(data->udev,
 715                                         data->isoc_tx_ep->bEndpointAddress);
 716
 717                 usb_fill_int_urb(urb, data->udev, pipe,
 718                                 skb->data, skb->len, btusb_isoc_tx_complete,
 719                                 skb, data->isoc_tx_ep->bInterval);
 720
 721                 urb->transfer_flags  = URB_ISO_ASAP;
 722
 723                 __fill_isoc_descriptor(urb, skb->len,
 724                                 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
 725
 726                 hdev->stat.sco_tx++;
 727                 goto skip_waking;
 728
 729         default:
 730                 return -EILSEQ;
 731         }
 732
 733         err = inc_tx(data);
 734         if (err) {
 735                 usb_anchor_urb(urb, &data->deferred);
 736                 schedule_work(&data->waker);
 737                 err = 0;
 738                 goto done;
 739         }
 740
 741 skip_waking:
 742         usb_anchor_urb(urb, &data->tx_anchor);
 743
 744         err = usb_submit_urb(urb, GFP_ATOMIC);
 745         if (err < 0) {
 746                 BT_ERR("%s urb %p submission failed", hdev->name, urb);
 747                 kfree(urb->setup_packet);
 748                 usb_unanchor_urb(urb);
 749         } else {
 750                 usb_mark_last_busy(data->udev);
 751         }
 752
 753         usb_free_urb(urb);
 754
 755 done:
 756         return err;
 757 }
 758
 759 static void btusb_destruct(struct hci_dev *hdev)
 760 {
 761         struct btusb_data *data = hdev->driver_data;
 762
 763         BT_DBG("%s", hdev->name);
 764
 765         kfree(data);
 766 }
 767
 768 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
 769 {
 770         struct btusb_data *data = hdev->driver_data;
 771
 772         BT_DBG("%s evt %d", hdev->name, evt);
 773
 774         if (hdev->conn_hash.sco_num != data->sco_num) {
 775                 data->sco_num = hdev->conn_hash.sco_num;
 776                 schedule_work(&data->work);
 777         }
 778 }
 779
 780 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
 781 {
 782         struct btusb_data *data = hdev->driver_data;
 783         struct usb_interface *intf = data->isoc;
 784         struct usb_endpoint_descriptor *ep_desc;
 785         int i, err;
 786
 787         if (!data->isoc)
 788                 return -ENODEV;
 789
 790         err = usb_set_interface(data->udev, 1, altsetting);
 791         if (err < 0) {
 792                 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
 793                 return err;
 794         }
 795
 796         data->isoc_altsetting = altsetting;
 797
 798         data->isoc_tx_ep = NULL;
 799         data->isoc_rx_ep = NULL;
 800
 801         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
 802                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
 803
 804                 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
 805                         data->isoc_tx_ep = ep_desc;
 806                         continue;
 807                 }
 808
 809                 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
 810                         data->isoc_rx_ep = ep_desc;
 811                         continue;
 812                 }
 813         }
 814
 815         if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
 816                 BT_ERR("%s invalid SCO descriptors", hdev->name);
 817                 return -ENODEV;
 818         }
 819
 820         return 0;
 821 }
 822
 823 static void btusb_work(struct work_struct *work)
 824 {
 825         struct btusb_data *data = container_of(work, struct btusb_data, work);
 826         struct hci_dev *hdev = data->hdev;
 827         int err;
 828
 829         if (hdev->conn_hash.sco_num > 0) {
 830                 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
 831                         err = usb_autopm_get_interface(data->isoc);
 832                         if (err < 0) {
 833                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 834                                 usb_kill_anchored_urbs(&data->isoc_anchor);
 835                                 return;
 836                         }
 837
 838                         set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
 839                 }
 840                 if (data->isoc_altsetting != 2) {
 841                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 842                         usb_kill_anchored_urbs(&data->isoc_anchor);
 843
 844                         if (__set_isoc_interface(hdev, 2) < 0)
 845                                 return;
 846                 }
 847
 848                 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
 849                         if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
 850                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 851                         else
 852                                 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
 853                 }
 854         } else {
 855                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
 856                 usb_kill_anchored_urbs(&data->isoc_anchor);
 857
 858                 __set_isoc_interface(hdev, 0);
 859                 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
 860                         usb_autopm_put_interface(data->isoc);
 861         }
 862 }
 863
 864 static void btusb_waker(struct work_struct *work)
 865 {
 866         struct btusb_data *data = container_of(work, struct btusb_data, waker);
 867         int err;
 868
 869         err = usb_autopm_get_interface(data->intf);
 870         if (err < 0)
 871                 return;
 872
 873         usb_autopm_put_interface(data->intf);
 874 }
 875
 876 static int btusb_probe(struct usb_interface *intf,
 877                                 const struct usb_device_id *id)
 878 {
 879         struct usb_endpoint_descriptor *ep_desc;
 880         struct btusb_data *data;
 881         struct hci_dev *hdev;
 882         int i, err;
 883
 884         BT_DBG("intf %p id %p", intf, id);
 885
 886         /* interface numbers are hardcoded in the spec */
 887         if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
 888                 return -ENODEV;
 889
 890         if (!id->driver_info) {
 891                 const struct usb_device_id *match;
 892                 match = usb_match_id(intf, blacklist_table);
 893                 if (match)
 894                         id = match;
 895         }
 896
 897         if (id->driver_info == BTUSB_IGNORE)
 898                 return -ENODEV;
 899
 900         if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
 901                 return -ENODEV;
 902
 903         if (ignore_csr && id->driver_info & BTUSB_CSR)
 904                 return -ENODEV;
 905
 906         if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
 907                 return -ENODEV;
 908
 909         data = kzalloc(sizeof(*data), GFP_KERNEL);
 910         if (!data)
 911                 return -ENOMEM;
 912
 913         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
 914                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
 915
 916                 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
 917                         data->intr_ep = ep_desc;
 918                         continue;
 919                 }
 920
 921                 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
 922                         data->bulk_tx_ep = ep_desc;
 923                         continue;
 924                 }
 925
 926                 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
 927                         data->bulk_rx_ep = ep_desc;
 928                         continue;
 929                 }
 930         }
 931
 932         if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
 933                 kfree(data);
 934                 return -ENODEV;
 935         }
 936
 937         data->cmdreq_type = USB_TYPE_CLASS;
 938
 939         data->udev = interface_to_usbdev(intf);
 940         data->intf = intf;
 941
 942         spin_lock_init(&data->lock);
 943
 944         INIT_WORK(&data->work, btusb_work);
 945         INIT_WORK(&data->waker, btusb_waker);
 946         spin_lock_init(&data->txlock);
 947
 948         init_usb_anchor(&data->tx_anchor);
 949         init_usb_anchor(&data->intr_anchor);
 950         init_usb_anchor(&data->bulk_anchor);
 951         init_usb_anchor(&data->isoc_anchor);
 952         init_usb_anchor(&data->deferred);
 953
 954         hdev = hci_alloc_dev();
 955         if (!hdev) {
 956                 kfree(data);
 957                 return -ENOMEM;
 958         }
 959
 960         hdev->bus = HCI_USB;
 961         hdev->driver_data = data;
 962
 963         data->hdev = hdev;
 964
 965         SET_HCIDEV_DEV(hdev, &intf->dev);
 966
 967         hdev->open     = btusb_open;
 968         hdev->close    = btusb_close;
 969         hdev->flush    = btusb_flush;
 970         hdev->send     = btusb_send_frame;
 971         hdev->destruct = btusb_destruct;
 972         hdev->notify   = btusb_notify;
 973
 974         hdev->owner = THIS_MODULE;
 975
 976         /* Interface numbers are hardcoded in the specification */
 977         data->isoc = usb_ifnum_to_if(data->udev, 1);
 978
 979         if (!reset)
 980                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
 981
 982         if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
 983                 if (!disable_scofix)
 984                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
 985         }
 986
 987         if (id->driver_info & BTUSB_BROKEN_ISOC)
 988                 data->isoc = NULL;
 989
 990         if (id->driver_info & BTUSB_DIGIANSWER) {
 991                 data->cmdreq_type = USB_TYPE_VENDOR;
 992                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
 993         }
 994
 995         if (id->driver_info & BTUSB_CSR) {
 996                 struct usb_device *udev = data->udev;
 997
 998                 /* Old firmware would otherwise execute USB reset */
 999                 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1000                         set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1001         }
1002
1003         if (id->driver_info & BTUSB_SNIFFER) {
1004                 struct usb_device *udev = data->udev;
1005
1006                 /* New sniffer firmware has crippled HCI interface */
1007                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1008                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1009
1010                 data->isoc = NULL;
1011         }
1012
1013         if (id->driver_info & BTUSB_BCM92035) {
1014                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1015                 struct sk_buff *skb;
1016
1017                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1018                 if (skb) {
1019                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1020                         skb_queue_tail(&hdev->driver_init, skb);
1021                 }
1022         }
1023
1024         if (data->isoc) {
1025                 err = usb_driver_claim_interface(&btusb_driver,
1026                                                         data->isoc, data);
1027                 if (err < 0) {
1028                         hci_free_dev(hdev);
1029                         kfree(data);
1030                         return err;
1031                 }
1032         }
1033
1034         err = hci_register_dev(hdev);
1035         if (err < 0) {
1036                 hci_free_dev(hdev);
1037                 kfree(data);
1038                 return err;
1039         }
1040
1041         usb_set_intfdata(intf, data);
1042
1043         usb_enable_autosuspend(interface_to_usbdev(intf));
1044
1045         return 0;
1046 }
1047
1048 static void btusb_disconnect(struct usb_interface *intf)
1049 {
1050         struct btusb_data *data = usb_get_intfdata(intf);
1051         struct hci_dev *hdev;
1052
1053         BT_DBG("intf %p", intf);
1054
1055         if (!data)
1056                 return;
1057
1058         hdev = data->hdev;
1059
1060         __hci_dev_hold(hdev);
1061
1062         usb_set_intfdata(data->intf, NULL);
1063
1064         if (data->isoc)
1065                 usb_set_intfdata(data->isoc, NULL);
1066
1067         hci_unregister_dev(hdev);
1068
1069         if (intf == data->isoc)
1070                 usb_driver_release_interface(&btusb_driver, data->intf);
1071         else if (data->isoc)
1072                 usb_driver_release_interface(&btusb_driver, data->isoc);
1073
1074         __hci_dev_put(hdev);
1075
1076         hci_free_dev(hdev);
1077 }
1078
1079 #ifdef CONFIG_PM
1080 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1081 {
1082         struct btusb_data *data = usb_get_intfdata(intf);
1083
1084         BT_DBG("intf %p", intf);
1085
1086         if (data->suspend_count++)
1087                 return 0;
1088
1089         spin_lock_irq(&data->txlock);
1090         if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1091                 set_bit(BTUSB_SUSPENDING, &data->flags);
1092                 spin_unlock_irq(&data->txlock);
1093         } else {
1094                 spin_unlock_irq(&data->txlock);
1095                 data->suspend_count--;
1096                 return -EBUSY;
1097         }
1098
1099         cancel_work_sync(&data->work);
1100
1101         btusb_stop_traffic(data);
1102         usb_kill_anchored_urbs(&data->tx_anchor);
1103
1104         return 0;
1105 }
1106
1107 static void play_deferred(struct btusb_data *data)
1108 {
1109         struct urb *urb;
1110         int err;
1111
1112         while ((urb = usb_get_from_anchor(&data->deferred))) {
1113                 err = usb_submit_urb(urb, GFP_ATOMIC);
1114                 if (err < 0)
1115                         break;
1116
1117                 data->tx_in_flight++;
1118         }
1119         usb_scuttle_anchored_urbs(&data->deferred);
1120 }
1121
1122 static int btusb_resume(struct usb_interface *intf)
1123 {
1124         struct btusb_data *data = usb_get_intfdata(intf);
1125         struct hci_dev *hdev = data->hdev;
1126         int err = 0;
1127
1128         BT_DBG("intf %p", intf);
1129
1130         if (--data->suspend_count)
1131                 return 0;
1132
1133         if (!test_bit(HCI_RUNNING, &hdev->flags))
1134                 goto done;
1135
1136         if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1137                 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1138                 if (err < 0) {
1139                         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1140                         goto failed;
1141                 }
1142         }
1143
1144         if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1145                 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1146                 if (err < 0) {
1147                         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1148                         goto failed;
1149                 }
1150
1151                 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1152         }
1153
1154         if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1155                 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1156                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1157                 else
1158                         btusb_submit_isoc_urb(hdev, GFP_NOIO);
1159         }
1160
1161         spin_lock_irq(&data->txlock);
1162         play_deferred(data);
1163         clear_bit(BTUSB_SUSPENDING, &data->flags);
1164         spin_unlock_irq(&data->txlock);
1165         schedule_work(&data->work);
1166
1167         return 0;
1168
1169 failed:
1170         usb_scuttle_anchored_urbs(&data->deferred);
1171 done:
1172         spin_lock_irq(&data->txlock);
1173         clear_bit(BTUSB_SUSPENDING, &data->flags);
1174         spin_unlock_irq(&data->txlock);
1175
1176         return err;
1177 }
1178 #endif
1179
1180 static struct usb_driver btusb_driver = {
1181         .name           = "btusb",
1182         .probe          = btusb_probe,
1183         .disconnect     = btusb_disconnect,
1184 #ifdef CONFIG_PM
1185         .suspend        = btusb_suspend,
1186         .resume         = btusb_resume,
1187 #endif
1188         .id_table       = btusb_table,
1189         .supports_autosuspend = 1,
1190 };
1191
1192 static int __init btusb_init(void)
1193 {
1194         BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1195
1196         return usb_register(&btusb_driver);
1197 }
1198
1199 static void __exit btusb_exit(void)
1200 {
1201         usb_deregister(&btusb_driver);
1202 }
1203
1204 module_init(btusb_init);
1205 module_exit(btusb_exit);
1206
1207 module_param(ignore_dga, bool, 0644);
1208 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1209
1210 module_param(ignore_csr, bool, 0644);
1211 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1212
1213 module_param(ignore_sniffer, bool, 0644);
1214 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1215
1216 module_param(disable_scofix, bool, 0644);
1217 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1218
1219 module_param(force_scofix, bool, 0644);
1220 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1221
1222 module_param(reset, bool, 0644);
1223 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1224
1225 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1226 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1227 MODULE_VERSION(VERSION);
1228 MODULE_LICENSE("GPL");