3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
33 static bool disable_scofix;
34 static bool force_scofix;
36 static bool reset = 1;
38 static struct usb_driver btusb_driver;
40 #define BTUSB_IGNORE 0x01
41 #define BTUSB_DIGIANSWER 0x02
42 #define BTUSB_CSR 0x04
43 #define BTUSB_SNIFFER 0x08
44 #define BTUSB_BCM92035 0x10
45 #define BTUSB_BROKEN_ISOC 0x20
46 #define BTUSB_WRONG_SCO_MTU 0x40
47 #define BTUSB_ATH3012 0x80
48 #define BTUSB_INTEL 0x100
49 #define BTUSB_INTEL_BOOT 0x200
50 #define BTUSB_BCM_PATCHRAM 0x400
51 #define BTUSB_MARVELL 0x800
53 static const struct usb_device_id btusb_table[] = {
54 /* Generic Bluetooth USB device */
55 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
57 /* Apple-specific (Broadcom) devices */
58 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
60 /* MediaTek MT76x0E */
61 { USB_DEVICE(0x0e8d, 0x763f) },
63 /* Broadcom SoftSailing reporting vendor specific */
64 { USB_DEVICE(0x0a5c, 0x21e1) },
66 /* Apple MacBookPro 7,1 */
67 { USB_DEVICE(0x05ac, 0x8213) },
70 { USB_DEVICE(0x05ac, 0x8215) },
72 /* Apple MacBookPro6,2 */
73 { USB_DEVICE(0x05ac, 0x8218) },
75 /* Apple MacBookAir3,1, MacBookAir3,2 */
76 { USB_DEVICE(0x05ac, 0x821b) },
78 /* Apple MacBookAir4,1 */
79 { USB_DEVICE(0x05ac, 0x821f) },
81 /* Apple MacBookPro8,2 */
82 { USB_DEVICE(0x05ac, 0x821a) },
84 /* Apple MacMini5,1 */
85 { USB_DEVICE(0x05ac, 0x8281) },
87 /* AVM BlueFRITZ! USB v2.0 */
88 { USB_DEVICE(0x057c, 0x3800) },
90 /* Bluetooth Ultraport Module from IBM */
91 { USB_DEVICE(0x04bf, 0x030a) },
93 /* ALPS Modules with non-standard id */
94 { USB_DEVICE(0x044e, 0x3001) },
95 { USB_DEVICE(0x044e, 0x3002) },
97 /* Ericsson with non-standard id */
98 { USB_DEVICE(0x0bdb, 0x1002) },
100 /* Canyon CN-BTU1 with HID interfaces */
101 { USB_DEVICE(0x0c10, 0x0000) },
103 /* Broadcom BCM20702A0 */
104 { USB_DEVICE(0x0489, 0xe042) },
105 { USB_DEVICE(0x04ca, 0x2003) },
106 { USB_DEVICE(0x0b05, 0x17b5) },
107 { USB_DEVICE(0x0b05, 0x17cb) },
108 { USB_DEVICE(0x413c, 0x8197) },
110 /* Foxconn - Hon Hai */
111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
113 /* Broadcom devices with vendor specific id */
114 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
115 .driver_info = BTUSB_BCM_PATCHRAM },
117 /* Belkin F8065bf - Broadcom based */
118 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
120 /* IMC Networks - Broadcom based */
121 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
123 /* Intel Bluetooth USB Bootloader (RAM module) */
124 { USB_DEVICE(0x8087, 0x0a5a),
125 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
127 { } /* Terminating entry */
130 MODULE_DEVICE_TABLE(usb, btusb_table);
132 static const struct usb_device_id blacklist_table[] = {
133 /* CSR BlueCore devices */
134 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
136 /* Broadcom BCM2033 without firmware */
137 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
139 /* Atheros 3011 with sflash firmware */
140 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
141 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
142 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
143 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
144 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
145 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
147 /* Atheros AR9285 Malbec with sflash firmware */
148 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
150 /* Atheros 3012 with sflash firmware */
151 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
152 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
153 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
154 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
177 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
178 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
179 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
180 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
181 { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
183 /* Atheros AR5BBU12 with sflash firmware */
184 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
186 /* Atheros AR5BBU12 with sflash firmware */
187 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
188 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
190 /* Broadcom BCM2035 */
191 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
192 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
193 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
195 /* Broadcom BCM2045 */
196 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
197 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
199 /* IBM/Lenovo ThinkPad with Broadcom chip */
200 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
201 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
203 /* HP laptop with Broadcom chip */
204 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
206 /* Dell laptop with Broadcom chip */
207 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
209 /* Dell Wireless 370 and 410 devices */
210 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
211 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
213 /* Belkin F8T012 and F8T013 devices */
214 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
215 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
217 /* Asus WL-BTD202 device */
218 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
220 /* Kensington Bluetooth USB adapter */
221 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
223 /* RTX Telecom based adapters with buggy SCO support */
224 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
225 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
227 /* CONWISE Technology based adapters with buggy SCO support */
228 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
230 /* Digianswer devices */
231 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
232 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
234 /* CSR BlueCore Bluetooth Sniffer */
235 { USB_DEVICE(0x0a12, 0x0002),
236 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
238 /* Frontline ComProbe Bluetooth Sniffer */
239 { USB_DEVICE(0x16d3, 0x0002),
240 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
242 /* Intel Bluetooth device */
243 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
244 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
247 { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL },
248 { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL },
250 { } /* Terminating entry */
253 #define BTUSB_MAX_ISOC_FRAMES 10
255 #define BTUSB_INTR_RUNNING 0
256 #define BTUSB_BULK_RUNNING 1
257 #define BTUSB_ISOC_RUNNING 2
258 #define BTUSB_SUSPENDING 3
259 #define BTUSB_DID_ISO_RESUME 4
262 struct hci_dev *hdev;
263 struct usb_device *udev;
264 struct usb_interface *intf;
265 struct usb_interface *isoc;
271 struct work_struct work;
272 struct work_struct waker;
274 struct usb_anchor tx_anchor;
275 struct usb_anchor intr_anchor;
276 struct usb_anchor bulk_anchor;
277 struct usb_anchor isoc_anchor;
278 struct usb_anchor deferred;
282 struct usb_endpoint_descriptor *intr_ep;
283 struct usb_endpoint_descriptor *bulk_tx_ep;
284 struct usb_endpoint_descriptor *bulk_rx_ep;
285 struct usb_endpoint_descriptor *isoc_tx_ep;
286 struct usb_endpoint_descriptor *isoc_rx_ep;
290 unsigned int sco_num;
295 static int inc_tx(struct btusb_data *data)
300 spin_lock_irqsave(&data->txlock, flags);
301 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
303 data->tx_in_flight++;
304 spin_unlock_irqrestore(&data->txlock, flags);
309 static void btusb_intr_complete(struct urb *urb)
311 struct hci_dev *hdev = urb->context;
312 struct btusb_data *data = hci_get_drvdata(hdev);
315 BT_DBG("%s urb %p status %d count %d", hdev->name,
316 urb, urb->status, urb->actual_length);
318 if (!test_bit(HCI_RUNNING, &hdev->flags))
321 if (urb->status == 0) {
322 hdev->stat.byte_rx += urb->actual_length;
324 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
325 urb->transfer_buffer,
326 urb->actual_length) < 0) {
327 BT_ERR("%s corrupted event packet", hdev->name);
332 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
335 usb_mark_last_busy(data->udev);
336 usb_anchor_urb(urb, &data->intr_anchor);
338 err = usb_submit_urb(urb, GFP_ATOMIC);
340 /* -EPERM: urb is being killed;
341 * -ENODEV: device got disconnected */
342 if (err != -EPERM && err != -ENODEV)
343 BT_ERR("%s urb %p failed to resubmit (%d)",
344 hdev->name, urb, -err);
345 usb_unanchor_urb(urb);
349 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
351 struct btusb_data *data = hci_get_drvdata(hdev);
357 BT_DBG("%s", hdev->name);
362 urb = usb_alloc_urb(0, mem_flags);
366 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
368 buf = kmalloc(size, mem_flags);
374 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
376 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
377 btusb_intr_complete, hdev,
378 data->intr_ep->bInterval);
380 urb->transfer_flags |= URB_FREE_BUFFER;
382 usb_anchor_urb(urb, &data->intr_anchor);
384 err = usb_submit_urb(urb, mem_flags);
386 if (err != -EPERM && err != -ENODEV)
387 BT_ERR("%s urb %p submission failed (%d)",
388 hdev->name, urb, -err);
389 usb_unanchor_urb(urb);
397 static void btusb_bulk_complete(struct urb *urb)
399 struct hci_dev *hdev = urb->context;
400 struct btusb_data *data = hci_get_drvdata(hdev);
403 BT_DBG("%s urb %p status %d count %d", hdev->name,
404 urb, urb->status, urb->actual_length);
406 if (!test_bit(HCI_RUNNING, &hdev->flags))
409 if (urb->status == 0) {
410 hdev->stat.byte_rx += urb->actual_length;
412 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
413 urb->transfer_buffer,
414 urb->actual_length) < 0) {
415 BT_ERR("%s corrupted ACL packet", hdev->name);
420 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
423 usb_anchor_urb(urb, &data->bulk_anchor);
424 usb_mark_last_busy(data->udev);
426 err = usb_submit_urb(urb, GFP_ATOMIC);
428 /* -EPERM: urb is being killed;
429 * -ENODEV: device got disconnected */
430 if (err != -EPERM && err != -ENODEV)
431 BT_ERR("%s urb %p failed to resubmit (%d)",
432 hdev->name, urb, -err);
433 usb_unanchor_urb(urb);
437 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
439 struct btusb_data *data = hci_get_drvdata(hdev);
443 int err, size = HCI_MAX_FRAME_SIZE;
445 BT_DBG("%s", hdev->name);
447 if (!data->bulk_rx_ep)
450 urb = usb_alloc_urb(0, mem_flags);
454 buf = kmalloc(size, mem_flags);
460 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
462 usb_fill_bulk_urb(urb, data->udev, pipe,
463 buf, size, btusb_bulk_complete, hdev);
465 urb->transfer_flags |= URB_FREE_BUFFER;
467 usb_mark_last_busy(data->udev);
468 usb_anchor_urb(urb, &data->bulk_anchor);
470 err = usb_submit_urb(urb, mem_flags);
472 if (err != -EPERM && err != -ENODEV)
473 BT_ERR("%s urb %p submission failed (%d)",
474 hdev->name, urb, -err);
475 usb_unanchor_urb(urb);
483 static void btusb_isoc_complete(struct urb *urb)
485 struct hci_dev *hdev = urb->context;
486 struct btusb_data *data = hci_get_drvdata(hdev);
489 BT_DBG("%s urb %p status %d count %d", hdev->name,
490 urb, urb->status, urb->actual_length);
492 if (!test_bit(HCI_RUNNING, &hdev->flags))
495 if (urb->status == 0) {
496 for (i = 0; i < urb->number_of_packets; i++) {
497 unsigned int offset = urb->iso_frame_desc[i].offset;
498 unsigned int length = urb->iso_frame_desc[i].actual_length;
500 if (urb->iso_frame_desc[i].status)
503 hdev->stat.byte_rx += length;
505 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
506 urb->transfer_buffer + offset,
508 BT_ERR("%s corrupted SCO packet", hdev->name);
514 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
517 usb_anchor_urb(urb, &data->isoc_anchor);
519 err = usb_submit_urb(urb, GFP_ATOMIC);
521 /* -EPERM: urb is being killed;
522 * -ENODEV: device got disconnected */
523 if (err != -EPERM && err != -ENODEV)
524 BT_ERR("%s urb %p failed to resubmit (%d)",
525 hdev->name, urb, -err);
526 usb_unanchor_urb(urb);
530 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
534 BT_DBG("len %d mtu %d", len, mtu);
536 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
537 i++, offset += mtu, len -= mtu) {
538 urb->iso_frame_desc[i].offset = offset;
539 urb->iso_frame_desc[i].length = mtu;
542 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
543 urb->iso_frame_desc[i].offset = offset;
544 urb->iso_frame_desc[i].length = len;
548 urb->number_of_packets = i;
551 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
553 struct btusb_data *data = hci_get_drvdata(hdev);
559 BT_DBG("%s", hdev->name);
561 if (!data->isoc_rx_ep)
564 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
568 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
569 BTUSB_MAX_ISOC_FRAMES;
571 buf = kmalloc(size, mem_flags);
577 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
579 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
580 hdev, data->isoc_rx_ep->bInterval);
582 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
584 __fill_isoc_descriptor(urb, size,
585 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
587 usb_anchor_urb(urb, &data->isoc_anchor);
589 err = usb_submit_urb(urb, mem_flags);
591 if (err != -EPERM && err != -ENODEV)
592 BT_ERR("%s urb %p submission failed (%d)",
593 hdev->name, urb, -err);
594 usb_unanchor_urb(urb);
602 static void btusb_tx_complete(struct urb *urb)
604 struct sk_buff *skb = urb->context;
605 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
606 struct btusb_data *data = hci_get_drvdata(hdev);
608 BT_DBG("%s urb %p status %d count %d", hdev->name,
609 urb, urb->status, urb->actual_length);
611 if (!test_bit(HCI_RUNNING, &hdev->flags))
615 hdev->stat.byte_tx += urb->transfer_buffer_length;
620 spin_lock(&data->txlock);
621 data->tx_in_flight--;
622 spin_unlock(&data->txlock);
624 kfree(urb->setup_packet);
629 static void btusb_isoc_tx_complete(struct urb *urb)
631 struct sk_buff *skb = urb->context;
632 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
634 BT_DBG("%s urb %p status %d count %d", hdev->name,
635 urb, urb->status, urb->actual_length);
637 if (!test_bit(HCI_RUNNING, &hdev->flags))
641 hdev->stat.byte_tx += urb->transfer_buffer_length;
646 kfree(urb->setup_packet);
651 static int btusb_open(struct hci_dev *hdev)
653 struct btusb_data *data = hci_get_drvdata(hdev);
656 BT_DBG("%s", hdev->name);
658 err = usb_autopm_get_interface(data->intf);
662 data->intf->needs_remote_wakeup = 1;
664 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
667 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
670 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
674 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
676 usb_kill_anchored_urbs(&data->intr_anchor);
680 set_bit(BTUSB_BULK_RUNNING, &data->flags);
681 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
684 usb_autopm_put_interface(data->intf);
688 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
689 clear_bit(HCI_RUNNING, &hdev->flags);
690 usb_autopm_put_interface(data->intf);
694 static void btusb_stop_traffic(struct btusb_data *data)
696 usb_kill_anchored_urbs(&data->intr_anchor);
697 usb_kill_anchored_urbs(&data->bulk_anchor);
698 usb_kill_anchored_urbs(&data->isoc_anchor);
701 static int btusb_close(struct hci_dev *hdev)
703 struct btusb_data *data = hci_get_drvdata(hdev);
706 BT_DBG("%s", hdev->name);
708 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
711 cancel_work_sync(&data->work);
712 cancel_work_sync(&data->waker);
714 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
715 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
716 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
718 btusb_stop_traffic(data);
719 err = usb_autopm_get_interface(data->intf);
723 data->intf->needs_remote_wakeup = 0;
724 usb_autopm_put_interface(data->intf);
727 usb_scuttle_anchored_urbs(&data->deferred);
731 static int btusb_flush(struct hci_dev *hdev)
733 struct btusb_data *data = hci_get_drvdata(hdev);
735 BT_DBG("%s", hdev->name);
737 usb_kill_anchored_urbs(&data->tx_anchor);
742 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
744 struct btusb_data *data = hci_get_drvdata(hdev);
745 struct usb_ctrlrequest *dr;
750 BT_DBG("%s", hdev->name);
752 if (!test_bit(HCI_RUNNING, &hdev->flags))
755 skb->dev = (void *) hdev;
757 switch (bt_cb(skb)->pkt_type) {
758 case HCI_COMMAND_PKT:
759 urb = usb_alloc_urb(0, GFP_ATOMIC);
763 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
769 dr->bRequestType = data->cmdreq_type;
773 dr->wLength = __cpu_to_le16(skb->len);
775 pipe = usb_sndctrlpipe(data->udev, 0x00);
777 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
778 skb->data, skb->len, btusb_tx_complete, skb);
783 case HCI_ACLDATA_PKT:
784 if (!data->bulk_tx_ep)
787 urb = usb_alloc_urb(0, GFP_ATOMIC);
791 pipe = usb_sndbulkpipe(data->udev,
792 data->bulk_tx_ep->bEndpointAddress);
794 usb_fill_bulk_urb(urb, data->udev, pipe,
795 skb->data, skb->len, btusb_tx_complete, skb);
800 case HCI_SCODATA_PKT:
801 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
804 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
808 pipe = usb_sndisocpipe(data->udev,
809 data->isoc_tx_ep->bEndpointAddress);
811 usb_fill_int_urb(urb, data->udev, pipe,
812 skb->data, skb->len, btusb_isoc_tx_complete,
813 skb, data->isoc_tx_ep->bInterval);
815 urb->transfer_flags = URB_ISO_ASAP;
817 __fill_isoc_descriptor(urb, skb->len,
818 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
829 usb_anchor_urb(urb, &data->deferred);
830 schedule_work(&data->waker);
836 usb_anchor_urb(urb, &data->tx_anchor);
838 err = usb_submit_urb(urb, GFP_ATOMIC);
840 if (err != -EPERM && err != -ENODEV)
841 BT_ERR("%s urb %p submission failed (%d)",
842 hdev->name, urb, -err);
843 kfree(urb->setup_packet);
844 usb_unanchor_urb(urb);
846 usb_mark_last_busy(data->udev);
854 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
856 struct btusb_data *data = hci_get_drvdata(hdev);
858 BT_DBG("%s evt %d", hdev->name, evt);
860 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
861 data->sco_num = hci_conn_num(hdev, SCO_LINK);
862 schedule_work(&data->work);
866 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
868 struct btusb_data *data = hci_get_drvdata(hdev);
869 struct usb_interface *intf = data->isoc;
870 struct usb_endpoint_descriptor *ep_desc;
876 err = usb_set_interface(data->udev, 1, altsetting);
878 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
882 data->isoc_altsetting = altsetting;
884 data->isoc_tx_ep = NULL;
885 data->isoc_rx_ep = NULL;
887 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
888 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
890 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
891 data->isoc_tx_ep = ep_desc;
895 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
896 data->isoc_rx_ep = ep_desc;
901 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
902 BT_ERR("%s invalid SCO descriptors", hdev->name);
909 static void btusb_work(struct work_struct *work)
911 struct btusb_data *data = container_of(work, struct btusb_data, work);
912 struct hci_dev *hdev = data->hdev;
916 if (data->sco_num > 0) {
917 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
918 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
920 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
921 usb_kill_anchored_urbs(&data->isoc_anchor);
925 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
928 if (hdev->voice_setting & 0x0020) {
929 static const int alts[3] = { 2, 4, 5 };
930 new_alts = alts[data->sco_num - 1];
932 new_alts = data->sco_num;
935 if (data->isoc_altsetting != new_alts) {
936 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
937 usb_kill_anchored_urbs(&data->isoc_anchor);
939 if (__set_isoc_interface(hdev, new_alts) < 0)
943 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
944 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
945 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
947 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
950 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
951 usb_kill_anchored_urbs(&data->isoc_anchor);
953 __set_isoc_interface(hdev, 0);
954 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
955 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
959 static void btusb_waker(struct work_struct *work)
961 struct btusb_data *data = container_of(work, struct btusb_data, waker);
964 err = usb_autopm_get_interface(data->intf);
968 usb_autopm_put_interface(data->intf);
971 static int btusb_setup_bcm92035(struct hci_dev *hdev)
976 BT_DBG("%s", hdev->name);
978 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
980 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
987 static int btusb_setup_csr(struct hci_dev *hdev)
989 struct hci_rp_read_local_version *rp;
993 BT_DBG("%s", hdev->name);
995 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
998 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
999 return -PTR_ERR(skb);
1002 rp = (struct hci_rp_read_local_version *) skb->data;
1005 if (le16_to_cpu(rp->manufacturer) != 10) {
1006 /* Clear the reset quirk since this is not an actual
1007 * early Bluetooth 1.1 device from CSR.
1009 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1011 /* These fake CSR controllers have all a broken
1012 * stored link key handling and so just disable it.
1014 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1019 ret = -bt_to_errno(rp->status);
1026 struct intel_version {
1039 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1040 struct intel_version *ver)
1042 const struct firmware *fw;
1046 snprintf(fwname, sizeof(fwname),
1047 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1048 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1049 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1050 ver->fw_build_ww, ver->fw_build_yy);
1052 ret = request_firmware(&fw, fwname, &hdev->dev);
1054 if (ret == -EINVAL) {
1055 BT_ERR("%s Intel firmware file request failed (%d)",
1060 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1061 hdev->name, fwname, ret);
1063 /* If the correct firmware patch file is not found, use the
1064 * default firmware patch file instead
1066 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1067 ver->hw_platform, ver->hw_variant);
1068 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1069 BT_ERR("%s failed to open default Intel fw file: %s",
1070 hdev->name, fwname);
1075 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1080 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1081 const struct firmware *fw,
1082 const u8 **fw_ptr, int *disable_patch)
1084 struct sk_buff *skb;
1085 struct hci_command_hdr *cmd;
1086 const u8 *cmd_param;
1087 struct hci_event_hdr *evt = NULL;
1088 const u8 *evt_param = NULL;
1089 int remain = fw->size - (*fw_ptr - fw->data);
1091 /* The first byte indicates the types of the patch command or event.
1092 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1093 * in the current firmware buffer doesn't start with 0x01 or
1094 * the size of remain buffer is smaller than HCI command header,
1095 * the firmware file is corrupted and it should stop the patching
1098 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1099 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1105 cmd = (struct hci_command_hdr *)(*fw_ptr);
1106 *fw_ptr += sizeof(*cmd);
1107 remain -= sizeof(*cmd);
1109 /* Ensure that the remain firmware data is long enough than the length
1110 * of command parameter. If not, the firmware file is corrupted.
1112 if (remain < cmd->plen) {
1113 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1117 /* If there is a command that loads a patch in the firmware
1118 * file, then enable the patch upon success, otherwise just
1119 * disable the manufacturer mode, for example patch activation
1120 * is not required when the default firmware patch file is used
1121 * because there are no patch data to load.
1123 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1126 cmd_param = *fw_ptr;
1127 *fw_ptr += cmd->plen;
1128 remain -= cmd->plen;
1130 /* This reads the expected events when the above command is sent to the
1131 * device. Some vendor commands expects more than one events, for
1132 * example command status event followed by vendor specific event.
1133 * For this case, it only keeps the last expected event. so the command
1134 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1135 * last expected event.
1137 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1141 evt = (struct hci_event_hdr *)(*fw_ptr);
1142 *fw_ptr += sizeof(*evt);
1143 remain -= sizeof(*evt);
1145 if (remain < evt->plen) {
1146 BT_ERR("%s Intel fw corrupted: invalid evt len",
1151 evt_param = *fw_ptr;
1152 *fw_ptr += evt->plen;
1153 remain -= evt->plen;
1156 /* Every HCI commands in the firmware file has its correspond event.
1157 * If event is not found or remain is smaller than zero, the firmware
1158 * file is corrupted.
1160 if (!evt || !evt_param || remain < 0) {
1161 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1165 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1166 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1168 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1169 hdev->name, cmd->opcode, PTR_ERR(skb));
1170 return PTR_ERR(skb);
1173 /* It ensures that the returned event matches the event data read from
1174 * the firmware file. At fist, it checks the length and then
1175 * the contents of the event.
1177 if (skb->len != evt->plen) {
1178 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1179 le16_to_cpu(cmd->opcode));
1184 if (memcmp(skb->data, evt_param, evt->plen)) {
1185 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1186 hdev->name, le16_to_cpu(cmd->opcode));
1195 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
1197 static int btusb_check_bdaddr_intel(struct hci_dev *hdev)
1199 struct sk_buff *skb;
1200 struct hci_rp_read_bd_addr *rp;
1202 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1205 BT_ERR("%s reading Intel device address failed (%ld)",
1206 hdev->name, PTR_ERR(skb));
1207 return PTR_ERR(skb);
1210 if (skb->len != sizeof(*rp)) {
1211 BT_ERR("%s Intel device address length mismatch", hdev->name);
1216 rp = (struct hci_rp_read_bd_addr *) skb->data;
1218 BT_ERR("%s Intel device address result failed (%02x)",
1219 hdev->name, rp->status);
1221 return -bt_to_errno(rp->status);
1224 /* For some Intel based controllers, the default Bluetooth device
1225 * address 00:03:19:9E:8B:00 can be found. These controllers are
1226 * fully operational, but have the danger of duplicate addresses
1227 * and that in turn can cause problems with Bluetooth operation.
1229 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) {
1230 BT_ERR("%s found Intel default device address (%pMR)",
1231 hdev->name, &rp->bdaddr);
1232 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1240 static int btusb_setup_intel(struct hci_dev *hdev)
1242 struct sk_buff *skb;
1243 const struct firmware *fw;
1246 struct intel_version *ver;
1248 const u8 mfg_enable[] = { 0x01, 0x00 };
1249 const u8 mfg_disable[] = { 0x00, 0x00 };
1250 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1251 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1253 BT_DBG("%s", hdev->name);
1255 /* The controller has a bug with the first HCI command sent to it
1256 * returning number of completed commands as zero. This would stall the
1257 * command processing in the Bluetooth core.
1259 * As a workaround, send HCI Reset command first which will reset the
1260 * number of completed commands and allow normal command processing
1263 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1265 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1266 hdev->name, PTR_ERR(skb));
1267 return PTR_ERR(skb);
1271 /* Read Intel specific controller version first to allow selection of
1272 * which firmware file to load.
1274 * The returned information are hardware variant and revision plus
1275 * firmware variant, revision and build number.
1277 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1279 BT_ERR("%s reading Intel fw version command failed (%ld)",
1280 hdev->name, PTR_ERR(skb));
1281 return PTR_ERR(skb);
1284 if (skb->len != sizeof(*ver)) {
1285 BT_ERR("%s Intel version event length mismatch", hdev->name);
1290 ver = (struct intel_version *)skb->data;
1292 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1295 return -bt_to_errno(ver->status);
1298 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1299 hdev->name, ver->hw_platform, ver->hw_variant,
1300 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1301 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1304 /* fw_patch_num indicates the version of patch the device currently
1305 * have. If there is no patch data in the device, it is always 0x00.
1306 * So, if it is other than 0x00, no need to patch the deivce again.
1308 if (ver->fw_patch_num) {
1309 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1310 hdev->name, ver->fw_patch_num);
1312 btusb_check_bdaddr_intel(hdev);
1316 /* Opens the firmware patch file based on the firmware version read
1317 * from the controller. If it fails to open the matching firmware
1318 * patch file, it tries to open the default firmware patch file.
1319 * If no patch file is found, allow the device to operate without
1322 fw = btusb_setup_intel_get_fw(hdev, ver);
1325 btusb_check_bdaddr_intel(hdev);
1330 /* This Intel specific command enables the manufacturer mode of the
1333 * Only while this mode is enabled, the driver can download the
1334 * firmware patch data and configuration parameters.
1336 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1338 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1339 hdev->name, PTR_ERR(skb));
1340 release_firmware(fw);
1341 return PTR_ERR(skb);
1345 u8 evt_status = skb->data[0];
1346 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1347 hdev->name, evt_status);
1349 release_firmware(fw);
1350 return -bt_to_errno(evt_status);
1356 /* The firmware data file consists of list of Intel specific HCI
1357 * commands and its expected events. The first byte indicates the
1358 * type of the message, either HCI command or HCI event.
1360 * It reads the command and its expected event from the firmware file,
1361 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1362 * the returned event is compared with the event read from the firmware
1363 * file and it will continue until all the messages are downloaded to
1366 * Once the firmware patching is completed successfully,
1367 * the manufacturer mode is disabled with reset and activating the
1370 * If the firmware patching fails, the manufacturer mode is
1371 * disabled with reset and deactivating the patch.
1373 * If the default patch file is used, no reset is done when disabling
1376 while (fw->size > fw_ptr - fw->data) {
1379 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1382 goto exit_mfg_deactivate;
1385 release_firmware(fw);
1388 goto exit_mfg_disable;
1390 /* Patching completed successfully and disable the manufacturer mode
1391 * with reset and activate the downloaded firmware patches.
1393 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1394 mfg_reset_activate, HCI_INIT_TIMEOUT);
1396 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1397 hdev->name, PTR_ERR(skb));
1398 return PTR_ERR(skb);
1402 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1405 btusb_check_bdaddr_intel(hdev);
1409 /* Disable the manufacturer mode without reset */
1410 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1413 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1414 hdev->name, PTR_ERR(skb));
1415 return PTR_ERR(skb);
1419 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1421 btusb_check_bdaddr_intel(hdev);
1424 exit_mfg_deactivate:
1425 release_firmware(fw);
1427 /* Patching failed. Disable the manufacturer mode with reset and
1428 * deactivate the downloaded firmware patches.
1430 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1431 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1433 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1434 hdev->name, PTR_ERR(skb));
1435 return PTR_ERR(skb);
1439 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1442 btusb_check_bdaddr_intel(hdev);
1446 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1448 struct sk_buff *skb;
1451 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
1454 BT_ERR("%s: changing Intel device address failed (%ld)",
1463 static int btusb_set_bdaddr_marvell(struct hci_dev *hdev,
1464 const bdaddr_t *bdaddr)
1466 struct sk_buff *skb;
1471 buf[1] = sizeof(bdaddr_t);
1472 memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
1474 skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
1477 BT_ERR("%s: changing Marvell device address failed (%ld)",
1486 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
1488 static int btusb_setup_bcm_patchram(struct hci_dev *hdev)
1490 struct btusb_data *data = hci_get_drvdata(hdev);
1491 struct usb_device *udev = data->udev;
1493 const struct firmware *fw;
1496 const struct hci_command_hdr *cmd;
1497 const u8 *cmd_param;
1499 struct sk_buff *skb;
1500 struct hci_rp_read_local_version *ver;
1501 struct hci_rp_read_bd_addr *bda;
1504 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd",
1505 udev->product ? udev->product : "BCM",
1506 le16_to_cpu(udev->descriptor.idVendor),
1507 le16_to_cpu(udev->descriptor.idProduct));
1509 ret = request_firmware(&fw, fw_name, &hdev->dev);
1511 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name);
1516 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1519 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1524 /* Read Local Version Info */
1525 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1529 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1534 if (skb->len != sizeof(*ver)) {
1535 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1542 ver = (struct hci_rp_read_local_version *) skb->data;
1543 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1544 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1545 ver->lmp_ver, ver->lmp_subver);
1548 /* Start Download */
1549 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
1552 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)",
1558 /* 50 msec delay after Download Minidrv completes */
1564 while (fw_size >= sizeof(*cmd)) {
1565 cmd = (struct hci_command_hdr *) fw_ptr;
1566 fw_ptr += sizeof(*cmd);
1567 fw_size -= sizeof(*cmd);
1569 if (fw_size < cmd->plen) {
1570 BT_ERR("%s: BCM: patch %s is corrupted",
1571 hdev->name, fw_name);
1577 fw_ptr += cmd->plen;
1578 fw_size -= cmd->plen;
1580 opcode = le16_to_cpu(cmd->opcode);
1582 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
1586 BT_ERR("%s: BCM: patch command %04x failed (%ld)",
1587 hdev->name, opcode, ret);
1593 /* 250 msec delay after Launch Ram completes */
1598 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1601 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1606 /* Read Local Version Info */
1607 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1611 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1616 if (skb->len != sizeof(*ver)) {
1617 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1624 ver = (struct hci_rp_read_local_version *) skb->data;
1625 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1626 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1627 ver->lmp_ver, ver->lmp_subver);
1630 /* Read BD Address */
1631 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1635 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)",
1640 if (skb->len != sizeof(*bda)) {
1641 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch",
1648 bda = (struct hci_rp_read_bd_addr *) skb->data;
1650 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)",
1651 hdev->name, bda->status);
1653 ret = -bt_to_errno(bda->status);
1657 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller
1658 * with no configured address.
1660 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) {
1661 BT_INFO("%s: BCM: using default device address (%pMR)",
1662 hdev->name, &bda->bdaddr);
1663 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1669 release_firmware(fw);
1674 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1676 struct sk_buff *skb;
1679 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
1682 BT_ERR("%s: BCM: Change address command failed (%ld)",
1691 static int btusb_probe(struct usb_interface *intf,
1692 const struct usb_device_id *id)
1694 struct usb_endpoint_descriptor *ep_desc;
1695 struct btusb_data *data;
1696 struct hci_dev *hdev;
1699 BT_DBG("intf %p id %p", intf, id);
1701 /* interface numbers are hardcoded in the spec */
1702 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1705 if (!id->driver_info) {
1706 const struct usb_device_id *match;
1707 match = usb_match_id(intf, blacklist_table);
1712 if (id->driver_info == BTUSB_IGNORE)
1715 if (id->driver_info & BTUSB_ATH3012) {
1716 struct usb_device *udev = interface_to_usbdev(intf);
1718 /* Old firmware would otherwise let ath3k driver load
1719 * patch and sysconfig files */
1720 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1724 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1728 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1729 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1731 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1732 data->intr_ep = ep_desc;
1736 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1737 data->bulk_tx_ep = ep_desc;
1741 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1742 data->bulk_rx_ep = ep_desc;
1747 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1750 data->cmdreq_type = USB_TYPE_CLASS;
1752 data->udev = interface_to_usbdev(intf);
1755 spin_lock_init(&data->lock);
1757 INIT_WORK(&data->work, btusb_work);
1758 INIT_WORK(&data->waker, btusb_waker);
1759 spin_lock_init(&data->txlock);
1761 init_usb_anchor(&data->tx_anchor);
1762 init_usb_anchor(&data->intr_anchor);
1763 init_usb_anchor(&data->bulk_anchor);
1764 init_usb_anchor(&data->isoc_anchor);
1765 init_usb_anchor(&data->deferred);
1767 hdev = hci_alloc_dev();
1771 hdev->bus = HCI_USB;
1772 hci_set_drvdata(hdev, data);
1776 SET_HCIDEV_DEV(hdev, &intf->dev);
1778 hdev->open = btusb_open;
1779 hdev->close = btusb_close;
1780 hdev->flush = btusb_flush;
1781 hdev->send = btusb_send_frame;
1782 hdev->notify = btusb_notify;
1784 if (id->driver_info & BTUSB_BCM92035)
1785 hdev->setup = btusb_setup_bcm92035;
1787 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
1788 hdev->setup = btusb_setup_bcm_patchram;
1789 hdev->set_bdaddr = btusb_set_bdaddr_bcm;
1792 if (id->driver_info & BTUSB_INTEL) {
1793 hdev->setup = btusb_setup_intel;
1794 hdev->set_bdaddr = btusb_set_bdaddr_intel;
1797 if (id->driver_info & BTUSB_MARVELL)
1798 hdev->set_bdaddr = btusb_set_bdaddr_marvell;
1800 if (id->driver_info & BTUSB_INTEL_BOOT)
1801 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1803 /* Interface numbers are hardcoded in the specification */
1804 data->isoc = usb_ifnum_to_if(data->udev, 1);
1807 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1809 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1810 if (!disable_scofix)
1811 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1814 if (id->driver_info & BTUSB_BROKEN_ISOC)
1817 if (id->driver_info & BTUSB_DIGIANSWER) {
1818 data->cmdreq_type = USB_TYPE_VENDOR;
1819 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1822 if (id->driver_info & BTUSB_CSR) {
1823 struct usb_device *udev = data->udev;
1824 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1826 /* Old firmware would otherwise execute USB reset */
1827 if (bcdDevice < 0x117)
1828 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1830 /* Fake CSR devices with broken commands */
1831 if (bcdDevice <= 0x100)
1832 hdev->setup = btusb_setup_csr;
1835 if (id->driver_info & BTUSB_SNIFFER) {
1836 struct usb_device *udev = data->udev;
1838 /* New sniffer firmware has crippled HCI interface */
1839 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1840 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1843 if (id->driver_info & BTUSB_INTEL_BOOT) {
1844 /* A bug in the bootloader causes that interrupt interface is
1845 * only enabled after receiving SetInterface(0, AltSetting=0).
1847 err = usb_set_interface(data->udev, 0, 0);
1849 BT_ERR("failed to set interface 0, alt 0 %d", err);
1856 err = usb_driver_claim_interface(&btusb_driver,
1864 err = hci_register_dev(hdev);
1870 usb_set_intfdata(intf, data);
1875 static void btusb_disconnect(struct usb_interface *intf)
1877 struct btusb_data *data = usb_get_intfdata(intf);
1878 struct hci_dev *hdev;
1880 BT_DBG("intf %p", intf);
1886 usb_set_intfdata(data->intf, NULL);
1889 usb_set_intfdata(data->isoc, NULL);
1891 hci_unregister_dev(hdev);
1893 if (intf == data->isoc)
1894 usb_driver_release_interface(&btusb_driver, data->intf);
1895 else if (data->isoc)
1896 usb_driver_release_interface(&btusb_driver, data->isoc);
1902 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1904 struct btusb_data *data = usb_get_intfdata(intf);
1906 BT_DBG("intf %p", intf);
1908 if (data->suspend_count++)
1911 spin_lock_irq(&data->txlock);
1912 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1913 set_bit(BTUSB_SUSPENDING, &data->flags);
1914 spin_unlock_irq(&data->txlock);
1916 spin_unlock_irq(&data->txlock);
1917 data->suspend_count--;
1921 cancel_work_sync(&data->work);
1923 btusb_stop_traffic(data);
1924 usb_kill_anchored_urbs(&data->tx_anchor);
1929 static void play_deferred(struct btusb_data *data)
1934 while ((urb = usb_get_from_anchor(&data->deferred))) {
1935 err = usb_submit_urb(urb, GFP_ATOMIC);
1939 data->tx_in_flight++;
1941 usb_scuttle_anchored_urbs(&data->deferred);
1944 static int btusb_resume(struct usb_interface *intf)
1946 struct btusb_data *data = usb_get_intfdata(intf);
1947 struct hci_dev *hdev = data->hdev;
1950 BT_DBG("intf %p", intf);
1952 if (--data->suspend_count)
1955 if (!test_bit(HCI_RUNNING, &hdev->flags))
1958 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1959 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1961 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1966 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1967 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1969 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1973 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1976 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1977 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1978 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1980 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1983 spin_lock_irq(&data->txlock);
1984 play_deferred(data);
1985 clear_bit(BTUSB_SUSPENDING, &data->flags);
1986 spin_unlock_irq(&data->txlock);
1987 schedule_work(&data->work);
1992 usb_scuttle_anchored_urbs(&data->deferred);
1994 spin_lock_irq(&data->txlock);
1995 clear_bit(BTUSB_SUSPENDING, &data->flags);
1996 spin_unlock_irq(&data->txlock);
2002 static struct usb_driver btusb_driver = {
2004 .probe = btusb_probe,
2005 .disconnect = btusb_disconnect,
2007 .suspend = btusb_suspend,
2008 .resume = btusb_resume,
2010 .id_table = btusb_table,
2011 .supports_autosuspend = 1,
2012 .disable_hub_initiated_lpm = 1,
2015 module_usb_driver(btusb_driver);
2017 module_param(disable_scofix, bool, 0644);
2018 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
2020 module_param(force_scofix, bool, 0644);
2021 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
2023 module_param(reset, bool, 0644);
2024 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
2026 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2027 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
2028 MODULE_VERSION(VERSION);
2029 MODULE_LICENSE("GPL");
git.openpandora.org / pandora-kernel.git / blob