3 * Generic Bluetooth USB driver
5 * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include <linux/module.h>
25 #include <linux/usb.h>
26 #include <linux/firmware.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
33 static bool disable_scofix;
34 static bool force_scofix;
36 static bool reset = 1;
38 static struct usb_driver btusb_driver;
40 #define BTUSB_IGNORE 0x01
41 #define BTUSB_DIGIANSWER 0x02
42 #define BTUSB_CSR 0x04
43 #define BTUSB_SNIFFER 0x08
44 #define BTUSB_BCM92035 0x10
45 #define BTUSB_BROKEN_ISOC 0x20
46 #define BTUSB_WRONG_SCO_MTU 0x40
47 #define BTUSB_ATH3012 0x80
48 #define BTUSB_INTEL 0x100
49 #define BTUSB_INTEL_BOOT 0x200
50 #define BTUSB_BCM_PATCHRAM 0x400
52 static const struct usb_device_id btusb_table[] = {
53 /* Generic Bluetooth USB device */
54 { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
56 /* Apple-specific (Broadcom) devices */
57 { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) },
59 /* MediaTek MT76x0E */
60 { USB_DEVICE(0x0e8d, 0x763f) },
62 /* Broadcom SoftSailing reporting vendor specific */
63 { USB_DEVICE(0x0a5c, 0x21e1) },
65 /* Apple MacBookPro 7,1 */
66 { USB_DEVICE(0x05ac, 0x8213) },
69 { USB_DEVICE(0x05ac, 0x8215) },
71 /* Apple MacBookPro6,2 */
72 { USB_DEVICE(0x05ac, 0x8218) },
74 /* Apple MacBookAir3,1, MacBookAir3,2 */
75 { USB_DEVICE(0x05ac, 0x821b) },
77 /* Apple MacBookAir4,1 */
78 { USB_DEVICE(0x05ac, 0x821f) },
80 /* Apple MacBookPro8,2 */
81 { USB_DEVICE(0x05ac, 0x821a) },
83 /* Apple MacMini5,1 */
84 { USB_DEVICE(0x05ac, 0x8281) },
86 /* AVM BlueFRITZ! USB v2.0 */
87 { USB_DEVICE(0x057c, 0x3800) },
89 /* Bluetooth Ultraport Module from IBM */
90 { USB_DEVICE(0x04bf, 0x030a) },
92 /* ALPS Modules with non-standard id */
93 { USB_DEVICE(0x044e, 0x3001) },
94 { USB_DEVICE(0x044e, 0x3002) },
96 /* Ericsson with non-standard id */
97 { USB_DEVICE(0x0bdb, 0x1002) },
99 /* Canyon CN-BTU1 with HID interfaces */
100 { USB_DEVICE(0x0c10, 0x0000) },
102 /* Broadcom BCM20702A0 */
103 { USB_DEVICE(0x0489, 0xe042) },
104 { USB_DEVICE(0x04ca, 0x2003) },
105 { USB_DEVICE(0x0b05, 0x17b5) },
106 { USB_DEVICE(0x0b05, 0x17cb) },
107 { USB_DEVICE(0x413c, 0x8197) },
109 /* Foxconn - Hon Hai */
110 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
112 /* Broadcom devices with vendor specific id */
113 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
114 .driver_info = BTUSB_BCM_PATCHRAM },
116 /* Belkin F8065bf - Broadcom based */
117 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
119 /* IMC Networks - Broadcom based */
120 { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
122 /* Intel Bluetooth USB Bootloader (RAM module) */
123 { USB_DEVICE(0x8087, 0x0a5a),
124 .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
126 { } /* Terminating entry */
129 MODULE_DEVICE_TABLE(usb, btusb_table);
131 static const struct usb_device_id blacklist_table[] = {
132 /* CSR BlueCore devices */
133 { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
135 /* Broadcom BCM2033 without firmware */
136 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
138 /* Atheros 3011 with sflash firmware */
139 { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
140 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
141 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
142 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
143 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
144 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
146 /* Atheros AR9285 Malbec with sflash firmware */
147 { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
149 /* Atheros 3012 with sflash firmware */
150 { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
151 { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
152 { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
153 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
154 { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
155 { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
156 { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
157 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
158 { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
159 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
160 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
161 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
162 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
163 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
164 { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
165 { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
166 { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
167 { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
168 { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
169 { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
170 { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
171 { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
172 { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
173 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
174 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
175 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
176 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
177 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
178 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
179 { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
181 /* Atheros AR5BBU12 with sflash firmware */
182 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
184 /* Atheros AR5BBU12 with sflash firmware */
185 { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
186 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
188 /* Broadcom BCM2035 */
189 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
190 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
191 { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
193 /* Broadcom BCM2045 */
194 { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
195 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
197 /* IBM/Lenovo ThinkPad with Broadcom chip */
198 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
199 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
201 /* HP laptop with Broadcom chip */
202 { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
204 /* Dell laptop with Broadcom chip */
205 { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
207 /* Dell Wireless 370 and 410 devices */
208 { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
209 { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
211 /* Belkin F8T012 and F8T013 devices */
212 { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
213 { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
215 /* Asus WL-BTD202 device */
216 { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
218 /* Kensington Bluetooth USB adapter */
219 { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
221 /* RTX Telecom based adapters with buggy SCO support */
222 { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
223 { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
225 /* CONWISE Technology based adapters with buggy SCO support */
226 { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
228 /* Digianswer devices */
229 { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
230 { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
232 /* CSR BlueCore Bluetooth Sniffer */
233 { USB_DEVICE(0x0a12, 0x0002),
234 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
236 /* Frontline ComProbe Bluetooth Sniffer */
237 { USB_DEVICE(0x16d3, 0x0002),
238 .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC },
240 /* Intel Bluetooth device */
241 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL },
242 { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL },
244 { } /* Terminating entry */
247 #define BTUSB_MAX_ISOC_FRAMES 10
249 #define BTUSB_INTR_RUNNING 0
250 #define BTUSB_BULK_RUNNING 1
251 #define BTUSB_ISOC_RUNNING 2
252 #define BTUSB_SUSPENDING 3
253 #define BTUSB_DID_ISO_RESUME 4
256 struct hci_dev *hdev;
257 struct usb_device *udev;
258 struct usb_interface *intf;
259 struct usb_interface *isoc;
265 struct work_struct work;
266 struct work_struct waker;
268 struct usb_anchor tx_anchor;
269 struct usb_anchor intr_anchor;
270 struct usb_anchor bulk_anchor;
271 struct usb_anchor isoc_anchor;
272 struct usb_anchor deferred;
276 struct usb_endpoint_descriptor *intr_ep;
277 struct usb_endpoint_descriptor *bulk_tx_ep;
278 struct usb_endpoint_descriptor *bulk_rx_ep;
279 struct usb_endpoint_descriptor *isoc_tx_ep;
280 struct usb_endpoint_descriptor *isoc_rx_ep;
284 unsigned int sco_num;
289 static int inc_tx(struct btusb_data *data)
294 spin_lock_irqsave(&data->txlock, flags);
295 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
297 data->tx_in_flight++;
298 spin_unlock_irqrestore(&data->txlock, flags);
303 static void btusb_intr_complete(struct urb *urb)
305 struct hci_dev *hdev = urb->context;
306 struct btusb_data *data = hci_get_drvdata(hdev);
309 BT_DBG("%s urb %p status %d count %d", hdev->name,
310 urb, urb->status, urb->actual_length);
312 if (!test_bit(HCI_RUNNING, &hdev->flags))
315 if (urb->status == 0) {
316 hdev->stat.byte_rx += urb->actual_length;
318 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
319 urb->transfer_buffer,
320 urb->actual_length) < 0) {
321 BT_ERR("%s corrupted event packet", hdev->name);
326 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
329 usb_mark_last_busy(data->udev);
330 usb_anchor_urb(urb, &data->intr_anchor);
332 err = usb_submit_urb(urb, GFP_ATOMIC);
334 /* -EPERM: urb is being killed;
335 * -ENODEV: device got disconnected */
336 if (err != -EPERM && err != -ENODEV)
337 BT_ERR("%s urb %p failed to resubmit (%d)",
338 hdev->name, urb, -err);
339 usb_unanchor_urb(urb);
343 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
345 struct btusb_data *data = hci_get_drvdata(hdev);
351 BT_DBG("%s", hdev->name);
356 urb = usb_alloc_urb(0, mem_flags);
360 size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
362 buf = kmalloc(size, mem_flags);
368 pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
370 usb_fill_int_urb(urb, data->udev, pipe, buf, size,
371 btusb_intr_complete, hdev,
372 data->intr_ep->bInterval);
374 urb->transfer_flags |= URB_FREE_BUFFER;
376 usb_anchor_urb(urb, &data->intr_anchor);
378 err = usb_submit_urb(urb, mem_flags);
380 if (err != -EPERM && err != -ENODEV)
381 BT_ERR("%s urb %p submission failed (%d)",
382 hdev->name, urb, -err);
383 usb_unanchor_urb(urb);
391 static void btusb_bulk_complete(struct urb *urb)
393 struct hci_dev *hdev = urb->context;
394 struct btusb_data *data = hci_get_drvdata(hdev);
397 BT_DBG("%s urb %p status %d count %d", hdev->name,
398 urb, urb->status, urb->actual_length);
400 if (!test_bit(HCI_RUNNING, &hdev->flags))
403 if (urb->status == 0) {
404 hdev->stat.byte_rx += urb->actual_length;
406 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
407 urb->transfer_buffer,
408 urb->actual_length) < 0) {
409 BT_ERR("%s corrupted ACL packet", hdev->name);
414 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
417 usb_anchor_urb(urb, &data->bulk_anchor);
418 usb_mark_last_busy(data->udev);
420 err = usb_submit_urb(urb, GFP_ATOMIC);
422 /* -EPERM: urb is being killed;
423 * -ENODEV: device got disconnected */
424 if (err != -EPERM && err != -ENODEV)
425 BT_ERR("%s urb %p failed to resubmit (%d)",
426 hdev->name, urb, -err);
427 usb_unanchor_urb(urb);
431 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
433 struct btusb_data *data = hci_get_drvdata(hdev);
437 int err, size = HCI_MAX_FRAME_SIZE;
439 BT_DBG("%s", hdev->name);
441 if (!data->bulk_rx_ep)
444 urb = usb_alloc_urb(0, mem_flags);
448 buf = kmalloc(size, mem_flags);
454 pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
456 usb_fill_bulk_urb(urb, data->udev, pipe,
457 buf, size, btusb_bulk_complete, hdev);
459 urb->transfer_flags |= URB_FREE_BUFFER;
461 usb_mark_last_busy(data->udev);
462 usb_anchor_urb(urb, &data->bulk_anchor);
464 err = usb_submit_urb(urb, mem_flags);
466 if (err != -EPERM && err != -ENODEV)
467 BT_ERR("%s urb %p submission failed (%d)",
468 hdev->name, urb, -err);
469 usb_unanchor_urb(urb);
477 static void btusb_isoc_complete(struct urb *urb)
479 struct hci_dev *hdev = urb->context;
480 struct btusb_data *data = hci_get_drvdata(hdev);
483 BT_DBG("%s urb %p status %d count %d", hdev->name,
484 urb, urb->status, urb->actual_length);
486 if (!test_bit(HCI_RUNNING, &hdev->flags))
489 if (urb->status == 0) {
490 for (i = 0; i < urb->number_of_packets; i++) {
491 unsigned int offset = urb->iso_frame_desc[i].offset;
492 unsigned int length = urb->iso_frame_desc[i].actual_length;
494 if (urb->iso_frame_desc[i].status)
497 hdev->stat.byte_rx += length;
499 if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
500 urb->transfer_buffer + offset,
502 BT_ERR("%s corrupted SCO packet", hdev->name);
508 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
511 usb_anchor_urb(urb, &data->isoc_anchor);
513 err = usb_submit_urb(urb, GFP_ATOMIC);
515 /* -EPERM: urb is being killed;
516 * -ENODEV: device got disconnected */
517 if (err != -EPERM && err != -ENODEV)
518 BT_ERR("%s urb %p failed to resubmit (%d)",
519 hdev->name, urb, -err);
520 usb_unanchor_urb(urb);
524 static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
528 BT_DBG("len %d mtu %d", len, mtu);
530 for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
531 i++, offset += mtu, len -= mtu) {
532 urb->iso_frame_desc[i].offset = offset;
533 urb->iso_frame_desc[i].length = mtu;
536 if (len && i < BTUSB_MAX_ISOC_FRAMES) {
537 urb->iso_frame_desc[i].offset = offset;
538 urb->iso_frame_desc[i].length = len;
542 urb->number_of_packets = i;
545 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
547 struct btusb_data *data = hci_get_drvdata(hdev);
553 BT_DBG("%s", hdev->name);
555 if (!data->isoc_rx_ep)
558 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
562 size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
563 BTUSB_MAX_ISOC_FRAMES;
565 buf = kmalloc(size, mem_flags);
571 pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
573 usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete,
574 hdev, data->isoc_rx_ep->bInterval);
576 urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP;
578 __fill_isoc_descriptor(urb, size,
579 le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
581 usb_anchor_urb(urb, &data->isoc_anchor);
583 err = usb_submit_urb(urb, mem_flags);
585 if (err != -EPERM && err != -ENODEV)
586 BT_ERR("%s urb %p submission failed (%d)",
587 hdev->name, urb, -err);
588 usb_unanchor_urb(urb);
596 static void btusb_tx_complete(struct urb *urb)
598 struct sk_buff *skb = urb->context;
599 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
600 struct btusb_data *data = hci_get_drvdata(hdev);
602 BT_DBG("%s urb %p status %d count %d", hdev->name,
603 urb, urb->status, urb->actual_length);
605 if (!test_bit(HCI_RUNNING, &hdev->flags))
609 hdev->stat.byte_tx += urb->transfer_buffer_length;
614 spin_lock(&data->txlock);
615 data->tx_in_flight--;
616 spin_unlock(&data->txlock);
618 kfree(urb->setup_packet);
623 static void btusb_isoc_tx_complete(struct urb *urb)
625 struct sk_buff *skb = urb->context;
626 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
628 BT_DBG("%s urb %p status %d count %d", hdev->name,
629 urb, urb->status, urb->actual_length);
631 if (!test_bit(HCI_RUNNING, &hdev->flags))
635 hdev->stat.byte_tx += urb->transfer_buffer_length;
640 kfree(urb->setup_packet);
645 static int btusb_open(struct hci_dev *hdev)
647 struct btusb_data *data = hci_get_drvdata(hdev);
650 BT_DBG("%s", hdev->name);
652 err = usb_autopm_get_interface(data->intf);
656 data->intf->needs_remote_wakeup = 1;
658 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
661 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
664 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
668 err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
670 usb_kill_anchored_urbs(&data->intr_anchor);
674 set_bit(BTUSB_BULK_RUNNING, &data->flags);
675 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
678 usb_autopm_put_interface(data->intf);
682 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
683 clear_bit(HCI_RUNNING, &hdev->flags);
684 usb_autopm_put_interface(data->intf);
688 static void btusb_stop_traffic(struct btusb_data *data)
690 usb_kill_anchored_urbs(&data->intr_anchor);
691 usb_kill_anchored_urbs(&data->bulk_anchor);
692 usb_kill_anchored_urbs(&data->isoc_anchor);
695 static int btusb_close(struct hci_dev *hdev)
697 struct btusb_data *data = hci_get_drvdata(hdev);
700 BT_DBG("%s", hdev->name);
702 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
705 cancel_work_sync(&data->work);
706 cancel_work_sync(&data->waker);
708 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
709 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
710 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
712 btusb_stop_traffic(data);
713 err = usb_autopm_get_interface(data->intf);
717 data->intf->needs_remote_wakeup = 0;
718 usb_autopm_put_interface(data->intf);
721 usb_scuttle_anchored_urbs(&data->deferred);
725 static int btusb_flush(struct hci_dev *hdev)
727 struct btusb_data *data = hci_get_drvdata(hdev);
729 BT_DBG("%s", hdev->name);
731 usb_kill_anchored_urbs(&data->tx_anchor);
736 static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
738 struct btusb_data *data = hci_get_drvdata(hdev);
739 struct usb_ctrlrequest *dr;
744 BT_DBG("%s", hdev->name);
746 if (!test_bit(HCI_RUNNING, &hdev->flags))
749 skb->dev = (void *) hdev;
751 switch (bt_cb(skb)->pkt_type) {
752 case HCI_COMMAND_PKT:
753 urb = usb_alloc_urb(0, GFP_ATOMIC);
757 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
763 dr->bRequestType = data->cmdreq_type;
767 dr->wLength = __cpu_to_le16(skb->len);
769 pipe = usb_sndctrlpipe(data->udev, 0x00);
771 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
772 skb->data, skb->len, btusb_tx_complete, skb);
777 case HCI_ACLDATA_PKT:
778 if (!data->bulk_tx_ep)
781 urb = usb_alloc_urb(0, GFP_ATOMIC);
785 pipe = usb_sndbulkpipe(data->udev,
786 data->bulk_tx_ep->bEndpointAddress);
788 usb_fill_bulk_urb(urb, data->udev, pipe,
789 skb->data, skb->len, btusb_tx_complete, skb);
794 case HCI_SCODATA_PKT:
795 if (!data->isoc_tx_ep || hci_conn_num(hdev, SCO_LINK) < 1)
798 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
802 pipe = usb_sndisocpipe(data->udev,
803 data->isoc_tx_ep->bEndpointAddress);
805 usb_fill_int_urb(urb, data->udev, pipe,
806 skb->data, skb->len, btusb_isoc_tx_complete,
807 skb, data->isoc_tx_ep->bInterval);
809 urb->transfer_flags = URB_ISO_ASAP;
811 __fill_isoc_descriptor(urb, skb->len,
812 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
823 usb_anchor_urb(urb, &data->deferred);
824 schedule_work(&data->waker);
830 usb_anchor_urb(urb, &data->tx_anchor);
832 err = usb_submit_urb(urb, GFP_ATOMIC);
834 if (err != -EPERM && err != -ENODEV)
835 BT_ERR("%s urb %p submission failed (%d)",
836 hdev->name, urb, -err);
837 kfree(urb->setup_packet);
838 usb_unanchor_urb(urb);
840 usb_mark_last_busy(data->udev);
848 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
850 struct btusb_data *data = hci_get_drvdata(hdev);
852 BT_DBG("%s evt %d", hdev->name, evt);
854 if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) {
855 data->sco_num = hci_conn_num(hdev, SCO_LINK);
856 schedule_work(&data->work);
860 static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting)
862 struct btusb_data *data = hci_get_drvdata(hdev);
863 struct usb_interface *intf = data->isoc;
864 struct usb_endpoint_descriptor *ep_desc;
870 err = usb_set_interface(data->udev, 1, altsetting);
872 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
876 data->isoc_altsetting = altsetting;
878 data->isoc_tx_ep = NULL;
879 data->isoc_rx_ep = NULL;
881 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
882 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
884 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
885 data->isoc_tx_ep = ep_desc;
889 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
890 data->isoc_rx_ep = ep_desc;
895 if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
896 BT_ERR("%s invalid SCO descriptors", hdev->name);
903 static void btusb_work(struct work_struct *work)
905 struct btusb_data *data = container_of(work, struct btusb_data, work);
906 struct hci_dev *hdev = data->hdev;
910 if (data->sco_num > 0) {
911 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
912 err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
914 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
915 usb_kill_anchored_urbs(&data->isoc_anchor);
919 set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
922 if (hdev->voice_setting & 0x0020) {
923 static const int alts[3] = { 2, 4, 5 };
924 new_alts = alts[data->sco_num - 1];
926 new_alts = data->sco_num;
929 if (data->isoc_altsetting != new_alts) {
930 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
931 usb_kill_anchored_urbs(&data->isoc_anchor);
933 if (__set_isoc_interface(hdev, new_alts) < 0)
937 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
938 if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
939 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
941 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
944 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
945 usb_kill_anchored_urbs(&data->isoc_anchor);
947 __set_isoc_interface(hdev, 0);
948 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
949 usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
953 static void btusb_waker(struct work_struct *work)
955 struct btusb_data *data = container_of(work, struct btusb_data, waker);
958 err = usb_autopm_get_interface(data->intf);
962 usb_autopm_put_interface(data->intf);
965 static int btusb_setup_bcm92035(struct hci_dev *hdev)
970 BT_DBG("%s", hdev->name);
972 skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT);
974 BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb));
981 static int btusb_setup_csr(struct hci_dev *hdev)
983 struct hci_rp_read_local_version *rp;
987 BT_DBG("%s", hdev->name);
989 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
992 BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb));
993 return -PTR_ERR(skb);
996 rp = (struct hci_rp_read_local_version *) skb->data;
999 if (le16_to_cpu(rp->manufacturer) != 10) {
1000 /* Clear the reset quirk since this is not an actual
1001 * early Bluetooth 1.1 device from CSR.
1003 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1005 /* These fake CSR controllers have all a broken
1006 * stored link key handling and so just disable it.
1008 set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY,
1013 ret = -bt_to_errno(rp->status);
1020 struct intel_version {
1033 static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1034 struct intel_version *ver)
1036 const struct firmware *fw;
1040 snprintf(fwname, sizeof(fwname),
1041 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1042 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1043 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1044 ver->fw_build_ww, ver->fw_build_yy);
1046 ret = request_firmware(&fw, fwname, &hdev->dev);
1048 if (ret == -EINVAL) {
1049 BT_ERR("%s Intel firmware file request failed (%d)",
1054 BT_ERR("%s failed to open Intel firmware file: %s(%d)",
1055 hdev->name, fwname, ret);
1057 /* If the correct firmware patch file is not found, use the
1058 * default firmware patch file instead
1060 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1061 ver->hw_platform, ver->hw_variant);
1062 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1063 BT_ERR("%s failed to open default Intel fw file: %s",
1064 hdev->name, fwname);
1069 BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname);
1074 static int btusb_setup_intel_patching(struct hci_dev *hdev,
1075 const struct firmware *fw,
1076 const u8 **fw_ptr, int *disable_patch)
1078 struct sk_buff *skb;
1079 struct hci_command_hdr *cmd;
1080 const u8 *cmd_param;
1081 struct hci_event_hdr *evt = NULL;
1082 const u8 *evt_param = NULL;
1083 int remain = fw->size - (*fw_ptr - fw->data);
1085 /* The first byte indicates the types of the patch command or event.
1086 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1087 * in the current firmware buffer doesn't start with 0x01 or
1088 * the size of remain buffer is smaller than HCI command header,
1089 * the firmware file is corrupted and it should stop the patching
1092 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1093 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name);
1099 cmd = (struct hci_command_hdr *)(*fw_ptr);
1100 *fw_ptr += sizeof(*cmd);
1101 remain -= sizeof(*cmd);
1103 /* Ensure that the remain firmware data is long enough than the length
1104 * of command parameter. If not, the firmware file is corrupted.
1106 if (remain < cmd->plen) {
1107 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name);
1111 /* If there is a command that loads a patch in the firmware
1112 * file, then enable the patch upon success, otherwise just
1113 * disable the manufacturer mode, for example patch activation
1114 * is not required when the default firmware patch file is used
1115 * because there are no patch data to load.
1117 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1120 cmd_param = *fw_ptr;
1121 *fw_ptr += cmd->plen;
1122 remain -= cmd->plen;
1124 /* This reads the expected events when the above command is sent to the
1125 * device. Some vendor commands expects more than one events, for
1126 * example command status event followed by vendor specific event.
1127 * For this case, it only keeps the last expected event. so the command
1128 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1129 * last expected event.
1131 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1135 evt = (struct hci_event_hdr *)(*fw_ptr);
1136 *fw_ptr += sizeof(*evt);
1137 remain -= sizeof(*evt);
1139 if (remain < evt->plen) {
1140 BT_ERR("%s Intel fw corrupted: invalid evt len",
1145 evt_param = *fw_ptr;
1146 *fw_ptr += evt->plen;
1147 remain -= evt->plen;
1150 /* Every HCI commands in the firmware file has its correspond event.
1151 * If event is not found or remain is smaller than zero, the firmware
1152 * file is corrupted.
1154 if (!evt || !evt_param || remain < 0) {
1155 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name);
1159 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1160 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1162 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)",
1163 hdev->name, cmd->opcode, PTR_ERR(skb));
1164 return PTR_ERR(skb);
1167 /* It ensures that the returned event matches the event data read from
1168 * the firmware file. At fist, it checks the length and then
1169 * the contents of the event.
1171 if (skb->len != evt->plen) {
1172 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name,
1173 le16_to_cpu(cmd->opcode));
1178 if (memcmp(skb->data, evt_param, evt->plen)) {
1179 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)",
1180 hdev->name, le16_to_cpu(cmd->opcode));
1189 #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
1191 static int btusb_check_bdaddr_intel(struct hci_dev *hdev)
1193 struct sk_buff *skb;
1194 struct hci_rp_read_bd_addr *rp;
1196 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1199 BT_ERR("%s reading Intel device address failed (%ld)",
1200 hdev->name, PTR_ERR(skb));
1201 return PTR_ERR(skb);
1204 if (skb->len != sizeof(*rp)) {
1205 BT_ERR("%s Intel device address length mismatch", hdev->name);
1210 rp = (struct hci_rp_read_bd_addr *) skb->data;
1212 BT_ERR("%s Intel device address result failed (%02x)",
1213 hdev->name, rp->status);
1215 return -bt_to_errno(rp->status);
1218 /* For some Intel based controllers, the default Bluetooth device
1219 * address 00:03:19:9E:8B:00 can be found. These controllers are
1220 * fully operational, but have the danger of duplicate addresses
1221 * and that in turn can cause problems with Bluetooth operation.
1223 if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) {
1224 BT_ERR("%s found Intel default device address (%pMR)",
1225 hdev->name, &rp->bdaddr);
1226 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1234 static int btusb_setup_intel(struct hci_dev *hdev)
1236 struct sk_buff *skb;
1237 const struct firmware *fw;
1240 struct intel_version *ver;
1242 const u8 mfg_enable[] = { 0x01, 0x00 };
1243 const u8 mfg_disable[] = { 0x00, 0x00 };
1244 const u8 mfg_reset_deactivate[] = { 0x00, 0x01 };
1245 const u8 mfg_reset_activate[] = { 0x00, 0x02 };
1247 BT_DBG("%s", hdev->name);
1249 /* The controller has a bug with the first HCI command sent to it
1250 * returning number of completed commands as zero. This would stall the
1251 * command processing in the Bluetooth core.
1253 * As a workaround, send HCI Reset command first which will reset the
1254 * number of completed commands and allow normal command processing
1257 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1259 BT_ERR("%s sending initial HCI reset command failed (%ld)",
1260 hdev->name, PTR_ERR(skb));
1261 return PTR_ERR(skb);
1265 /* Read Intel specific controller version first to allow selection of
1266 * which firmware file to load.
1268 * The returned information are hardware variant and revision plus
1269 * firmware variant, revision and build number.
1271 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT);
1273 BT_ERR("%s reading Intel fw version command failed (%ld)",
1274 hdev->name, PTR_ERR(skb));
1275 return PTR_ERR(skb);
1278 if (skb->len != sizeof(*ver)) {
1279 BT_ERR("%s Intel version event length mismatch", hdev->name);
1284 ver = (struct intel_version *)skb->data;
1286 BT_ERR("%s Intel fw version event failed (%02x)", hdev->name,
1289 return -bt_to_errno(ver->status);
1292 BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x",
1293 hdev->name, ver->hw_platform, ver->hw_variant,
1294 ver->hw_revision, ver->fw_variant, ver->fw_revision,
1295 ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy,
1298 /* fw_patch_num indicates the version of patch the device currently
1299 * have. If there is no patch data in the device, it is always 0x00.
1300 * So, if it is other than 0x00, no need to patch the deivce again.
1302 if (ver->fw_patch_num) {
1303 BT_INFO("%s: Intel device is already patched. patch num: %02x",
1304 hdev->name, ver->fw_patch_num);
1306 btusb_check_bdaddr_intel(hdev);
1310 /* Opens the firmware patch file based on the firmware version read
1311 * from the controller. If it fails to open the matching firmware
1312 * patch file, it tries to open the default firmware patch file.
1313 * If no patch file is found, allow the device to operate without
1316 fw = btusb_setup_intel_get_fw(hdev, ver);
1319 btusb_check_bdaddr_intel(hdev);
1324 /* This Intel specific command enables the manufacturer mode of the
1327 * Only while this mode is enabled, the driver can download the
1328 * firmware patch data and configuration parameters.
1330 skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT);
1332 BT_ERR("%s entering Intel manufacturer mode failed (%ld)",
1333 hdev->name, PTR_ERR(skb));
1334 release_firmware(fw);
1335 return PTR_ERR(skb);
1339 u8 evt_status = skb->data[0];
1340 BT_ERR("%s enable Intel manufacturer mode event failed (%02x)",
1341 hdev->name, evt_status);
1343 release_firmware(fw);
1344 return -bt_to_errno(evt_status);
1350 /* The firmware data file consists of list of Intel specific HCI
1351 * commands and its expected events. The first byte indicates the
1352 * type of the message, either HCI command or HCI event.
1354 * It reads the command and its expected event from the firmware file,
1355 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1356 * the returned event is compared with the event read from the firmware
1357 * file and it will continue until all the messages are downloaded to
1360 * Once the firmware patching is completed successfully,
1361 * the manufacturer mode is disabled with reset and activating the
1364 * If the firmware patching fails, the manufacturer mode is
1365 * disabled with reset and deactivating the patch.
1367 * If the default patch file is used, no reset is done when disabling
1370 while (fw->size > fw_ptr - fw->data) {
1373 ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr,
1376 goto exit_mfg_deactivate;
1379 release_firmware(fw);
1382 goto exit_mfg_disable;
1384 /* Patching completed successfully and disable the manufacturer mode
1385 * with reset and activate the downloaded firmware patches.
1387 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate),
1388 mfg_reset_activate, HCI_INIT_TIMEOUT);
1390 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1391 hdev->name, PTR_ERR(skb));
1392 return PTR_ERR(skb);
1396 BT_INFO("%s: Intel Bluetooth firmware patch completed and activated",
1399 btusb_check_bdaddr_intel(hdev);
1403 /* Disable the manufacturer mode without reset */
1404 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable,
1407 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1408 hdev->name, PTR_ERR(skb));
1409 return PTR_ERR(skb);
1413 BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name);
1415 btusb_check_bdaddr_intel(hdev);
1418 exit_mfg_deactivate:
1419 release_firmware(fw);
1421 /* Patching failed. Disable the manufacturer mode with reset and
1422 * deactivate the downloaded firmware patches.
1424 skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate),
1425 mfg_reset_deactivate, HCI_INIT_TIMEOUT);
1427 BT_ERR("%s exiting Intel manufacturer mode failed (%ld)",
1428 hdev->name, PTR_ERR(skb));
1429 return PTR_ERR(skb);
1433 BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated",
1436 btusb_check_bdaddr_intel(hdev);
1440 static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1442 struct sk_buff *skb;
1445 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
1448 BT_ERR("%s: changing Intel device address failed (%ld)",
1457 #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}})
1459 static int btusb_setup_bcm_patchram(struct hci_dev *hdev)
1461 struct btusb_data *data = hci_get_drvdata(hdev);
1462 struct usb_device *udev = data->udev;
1464 const struct firmware *fw;
1467 const struct hci_command_hdr *cmd;
1468 const u8 *cmd_param;
1470 struct sk_buff *skb;
1471 struct hci_rp_read_local_version *ver;
1472 struct hci_rp_read_bd_addr *bda;
1475 snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd",
1476 udev->product ? udev->product : "BCM",
1477 le16_to_cpu(udev->descriptor.idVendor),
1478 le16_to_cpu(udev->descriptor.idProduct));
1480 ret = request_firmware(&fw, fw_name, &hdev->dev);
1482 BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name);
1487 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1490 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1495 /* Read Local Version Info */
1496 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1500 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1505 if (skb->len != sizeof(*ver)) {
1506 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1513 ver = (struct hci_rp_read_local_version *) skb->data;
1514 BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1515 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1516 ver->lmp_ver, ver->lmp_subver);
1519 /* Start Download */
1520 skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
1523 BT_ERR("%s: BCM: Download Minidrv command failed (%ld)",
1529 /* 50 msec delay after Download Minidrv completes */
1535 while (fw_size >= sizeof(*cmd)) {
1536 cmd = (struct hci_command_hdr *) fw_ptr;
1537 fw_ptr += sizeof(*cmd);
1538 fw_size -= sizeof(*cmd);
1540 if (fw_size < cmd->plen) {
1541 BT_ERR("%s: BCM: patch %s is corrupted",
1542 hdev->name, fw_name);
1548 fw_ptr += cmd->plen;
1549 fw_size -= cmd->plen;
1551 opcode = le16_to_cpu(cmd->opcode);
1553 skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
1557 BT_ERR("%s: BCM: patch command %04x failed (%ld)",
1558 hdev->name, opcode, ret);
1564 /* 250 msec delay after Launch Ram completes */
1569 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1572 BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1577 /* Read Local Version Info */
1578 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1582 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1587 if (skb->len != sizeof(*ver)) {
1588 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1595 ver = (struct hci_rp_read_local_version *) skb->data;
1596 BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1597 "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1598 ver->lmp_ver, ver->lmp_subver);
1601 /* Read BD Address */
1602 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
1606 BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)",
1611 if (skb->len != sizeof(*bda)) {
1612 BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch",
1619 bda = (struct hci_rp_read_bd_addr *) skb->data;
1621 BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)",
1622 hdev->name, bda->status);
1624 ret = -bt_to_errno(bda->status);
1628 /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller
1629 * with no configured address.
1631 if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) {
1632 BT_INFO("%s: BCM: using default device address (%pMR)",
1633 hdev->name, &bda->bdaddr);
1634 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1640 release_firmware(fw);
1645 static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr)
1647 struct sk_buff *skb;
1650 skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT);
1653 BT_ERR("%s: BCM: Change address command failed (%ld)",
1662 static int btusb_probe(struct usb_interface *intf,
1663 const struct usb_device_id *id)
1665 struct usb_endpoint_descriptor *ep_desc;
1666 struct btusb_data *data;
1667 struct hci_dev *hdev;
1670 BT_DBG("intf %p id %p", intf, id);
1672 /* interface numbers are hardcoded in the spec */
1673 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
1676 if (!id->driver_info) {
1677 const struct usb_device_id *match;
1678 match = usb_match_id(intf, blacklist_table);
1683 if (id->driver_info == BTUSB_IGNORE)
1686 if (id->driver_info & BTUSB_ATH3012) {
1687 struct usb_device *udev = interface_to_usbdev(intf);
1689 /* Old firmware would otherwise let ath3k driver load
1690 * patch and sysconfig files */
1691 if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001)
1695 data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1699 for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
1700 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
1702 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
1703 data->intr_ep = ep_desc;
1707 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
1708 data->bulk_tx_ep = ep_desc;
1712 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
1713 data->bulk_rx_ep = ep_desc;
1718 if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep)
1721 data->cmdreq_type = USB_TYPE_CLASS;
1723 data->udev = interface_to_usbdev(intf);
1726 spin_lock_init(&data->lock);
1728 INIT_WORK(&data->work, btusb_work);
1729 INIT_WORK(&data->waker, btusb_waker);
1730 spin_lock_init(&data->txlock);
1732 init_usb_anchor(&data->tx_anchor);
1733 init_usb_anchor(&data->intr_anchor);
1734 init_usb_anchor(&data->bulk_anchor);
1735 init_usb_anchor(&data->isoc_anchor);
1736 init_usb_anchor(&data->deferred);
1738 hdev = hci_alloc_dev();
1742 hdev->bus = HCI_USB;
1743 hci_set_drvdata(hdev, data);
1747 SET_HCIDEV_DEV(hdev, &intf->dev);
1749 hdev->open = btusb_open;
1750 hdev->close = btusb_close;
1751 hdev->flush = btusb_flush;
1752 hdev->send = btusb_send_frame;
1753 hdev->notify = btusb_notify;
1755 if (id->driver_info & BTUSB_BCM92035)
1756 hdev->setup = btusb_setup_bcm92035;
1758 if (id->driver_info & BTUSB_BCM_PATCHRAM) {
1759 hdev->setup = btusb_setup_bcm_patchram;
1760 hdev->set_bdaddr = btusb_set_bdaddr_bcm;
1763 if (id->driver_info & BTUSB_INTEL) {
1764 hdev->setup = btusb_setup_intel;
1765 hdev->set_bdaddr = btusb_set_bdaddr_intel;
1768 if (id->driver_info & BTUSB_INTEL_BOOT)
1769 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1771 /* Interface numbers are hardcoded in the specification */
1772 data->isoc = usb_ifnum_to_if(data->udev, 1);
1775 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1777 if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
1778 if (!disable_scofix)
1779 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1782 if (id->driver_info & BTUSB_BROKEN_ISOC)
1785 if (id->driver_info & BTUSB_DIGIANSWER) {
1786 data->cmdreq_type = USB_TYPE_VENDOR;
1787 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1790 if (id->driver_info & BTUSB_CSR) {
1791 struct usb_device *udev = data->udev;
1792 u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice);
1794 /* Old firmware would otherwise execute USB reset */
1795 if (bcdDevice < 0x117)
1796 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);
1798 /* Fake CSR devices with broken commands */
1799 if (bcdDevice <= 0x100)
1800 hdev->setup = btusb_setup_csr;
1803 if (id->driver_info & BTUSB_SNIFFER) {
1804 struct usb_device *udev = data->udev;
1806 /* New sniffer firmware has crippled HCI interface */
1807 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1808 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1811 if (id->driver_info & BTUSB_INTEL_BOOT) {
1812 /* A bug in the bootloader causes that interrupt interface is
1813 * only enabled after receiving SetInterface(0, AltSetting=0).
1815 err = usb_set_interface(data->udev, 0, 0);
1817 BT_ERR("failed to set interface 0, alt 0 %d", err);
1824 err = usb_driver_claim_interface(&btusb_driver,
1832 err = hci_register_dev(hdev);
1838 usb_set_intfdata(intf, data);
1843 static void btusb_disconnect(struct usb_interface *intf)
1845 struct btusb_data *data = usb_get_intfdata(intf);
1846 struct hci_dev *hdev;
1848 BT_DBG("intf %p", intf);
1854 usb_set_intfdata(data->intf, NULL);
1857 usb_set_intfdata(data->isoc, NULL);
1859 hci_unregister_dev(hdev);
1861 if (intf == data->isoc)
1862 usb_driver_release_interface(&btusb_driver, data->intf);
1863 else if (data->isoc)
1864 usb_driver_release_interface(&btusb_driver, data->isoc);
1870 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1872 struct btusb_data *data = usb_get_intfdata(intf);
1874 BT_DBG("intf %p", intf);
1876 if (data->suspend_count++)
1879 spin_lock_irq(&data->txlock);
1880 if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {
1881 set_bit(BTUSB_SUSPENDING, &data->flags);
1882 spin_unlock_irq(&data->txlock);
1884 spin_unlock_irq(&data->txlock);
1885 data->suspend_count--;
1889 cancel_work_sync(&data->work);
1891 btusb_stop_traffic(data);
1892 usb_kill_anchored_urbs(&data->tx_anchor);
1897 static void play_deferred(struct btusb_data *data)
1902 while ((urb = usb_get_from_anchor(&data->deferred))) {
1903 err = usb_submit_urb(urb, GFP_ATOMIC);
1907 data->tx_in_flight++;
1909 usb_scuttle_anchored_urbs(&data->deferred);
1912 static int btusb_resume(struct usb_interface *intf)
1914 struct btusb_data *data = usb_get_intfdata(intf);
1915 struct hci_dev *hdev = data->hdev;
1918 BT_DBG("intf %p", intf);
1920 if (--data->suspend_count)
1923 if (!test_bit(HCI_RUNNING, &hdev->flags))
1926 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1927 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1929 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1934 if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1935 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1937 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1941 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1944 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1945 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1946 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1948 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1951 spin_lock_irq(&data->txlock);
1952 play_deferred(data);
1953 clear_bit(BTUSB_SUSPENDING, &data->flags);
1954 spin_unlock_irq(&data->txlock);
1955 schedule_work(&data->work);
1960 usb_scuttle_anchored_urbs(&data->deferred);
1962 spin_lock_irq(&data->txlock);
1963 clear_bit(BTUSB_SUSPENDING, &data->flags);
1964 spin_unlock_irq(&data->txlock);
1970 static struct usb_driver btusb_driver = {
1972 .probe = btusb_probe,
1973 .disconnect = btusb_disconnect,
1975 .suspend = btusb_suspend,
1976 .resume = btusb_resume,
1978 .id_table = btusb_table,
1979 .supports_autosuspend = 1,
1980 .disable_hub_initiated_lpm = 1,
1983 module_usb_driver(btusb_driver);
1985 module_param(disable_scofix, bool, 0644);
1986 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1988 module_param(force_scofix, bool, 0644);
1989 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1991 module_param(reset, bool, 0644);
1992 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1994 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1995 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1996 MODULE_VERSION(VERSION);
1997 MODULE_LICENSE("GPL");
git.openpandora.org / pandora-kernel.git / blob