drivers/bluetooth/hci_usb.c

   1 /*
   2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   5
   6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License version 2 as
  10    published by the Free Software Foundation;
  11
  12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  20
  21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  23    SOFTWARE IS DISCLAIMED.
  24 */
  25
  26 /*
  27  * Bluetooth HCI USB driver.
  28  * Based on original USB Bluetooth driver for Linux kernel
  29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
  30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
  31  *
  32  */
  33
  34 #include <linux/module.h>
  35
  36 #include <linux/kernel.h>
  37 #include <linux/init.h>
  38 #include <linux/unistd.h>
  39 #include <linux/types.h>
  40 #include <linux/interrupt.h>
  41 #include <linux/moduleparam.h>
  42
  43 #include <linux/slab.h>
  44 #include <linux/errno.h>
  45 #include <linux/string.h>
  46 #include <linux/skbuff.h>
  47
  48 #include <linux/usb.h>
  49
  50 #include <net/bluetooth/bluetooth.h>
  51 #include <net/bluetooth/hci_core.h>
  52
  53 #include "hci_usb.h"
  54
  55 #ifndef CONFIG_BT_HCIUSB_DEBUG
  56 #undef  BT_DBG
  57 #define BT_DBG(D...)
  58 #endif
  59
  60 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
  61 #undef  URB_ZERO_PACKET
  62 #define URB_ZERO_PACKET 0
  63 #endif
  64
  65 static int ignore = 0;
  66 static int ignore_dga = 0;
  67 static int ignore_csr = 0;
  68 static int ignore_sniffer = 0;
  69 static int disable_scofix = 0;
  70 static int force_scofix = 0;
  71 static int reset = 0;
  72
  73 #ifdef CONFIG_BT_HCIUSB_SCO
  74 static int isoc = 2;
  75 #endif
  76
  77 #define VERSION "2.9"
  78
  79 static struct usb_driver hci_usb_driver;
  80
  81 static struct usb_device_id bluetooth_ids[] = {
  82         /* Generic Bluetooth USB device */
  83         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
  84
  85         /* AVM BlueFRITZ! USB v2.0 */
  86         { USB_DEVICE(0x057c, 0x3800) },
  87
  88         /* Bluetooth Ultraport Module from IBM */
  89         { USB_DEVICE(0x04bf, 0x030a) },
  90
  91         /* ALPS Modules with non-standard id */
  92         { USB_DEVICE(0x044e, 0x3001) },
  93         { USB_DEVICE(0x044e, 0x3002) },
  94
  95         /* Ericsson with non-standard id */
  96         { USB_DEVICE(0x0bdb, 0x1002) },
  97
  98         /* Canyon CN-BTU1 with HID interfaces */
  99         { USB_DEVICE(0x0c10, 0x0000), .driver_info = HCI_RESET },
 100
 101         { }     /* Terminating entry */
 102 };
 103
 104 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
 105
 106 static struct usb_device_id blacklist_ids[] = {
 107         /* CSR BlueCore devices */
 108         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
 109
 110         /* Broadcom BCM2033 without firmware */
 111         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
 112
 113         /* Broadcom BCM2035 */
 114         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 115         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
 116
 117         /* Broadcom BCM2045 */
 118         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 119
 120         /* IBM/Lenovo ThinkPad with Broadcom chip */
 121         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 122         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 123
 124         /* Targus ACB10US */
 125         { USB_DEVICE(0x0a5c, 0x2100), .driver_info = HCI_RESET },
 126
 127         /* ANYCOM Bluetooth USB-200 and USB-250 */
 128         { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
 129
 130         /* HP laptop with Broadcom chip */
 131         { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 132
 133         /* Dell laptop with Broadcom chip */
 134         { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 135
 136         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
 137         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
 138
 139         /* Kensington Bluetooth USB adapter */
 140         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
 141         { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 142
 143         /* ISSC Bluetooth Adapter v3.1 */
 144         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
 145
 146         /* RTX Telecom based adapters with buggy SCO support */
 147         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
 148         { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC },
 149
 150         /* Belkin F8T012 and F8T013 devices */
 151         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 152         { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU },
 153
 154         /* Digianswer devices */
 155         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
 156         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
 157
 158         /* CSR BlueCore Bluetooth Sniffer */
 159         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
 160
 161         /* Frontline ComProbe Bluetooth Sniffer */
 162         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
 163
 164         { }     /* Terminating entry */
 165 };
 166
 167 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
 168 {
 169         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
 170                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
 171         if (_urb) {
 172                 memset(_urb, 0, sizeof(*_urb));
 173                 usb_init_urb(&_urb->urb);
 174         }
 175         return _urb;
 176 }
 177
 178 static struct _urb *_urb_dequeue(struct _urb_queue *q)
 179 {
 180         struct _urb *_urb = NULL;
 181         unsigned long flags;
 182         spin_lock_irqsave(&q->lock, flags);
 183         {
 184                 struct list_head *head = &q->head;
 185                 struct list_head *next = head->next;
 186                 if (next != head) {
 187                         _urb = list_entry(next, struct _urb, list);
 188                         list_del(next); _urb->queue = NULL;
 189                 }
 190         }
 191         spin_unlock_irqrestore(&q->lock, flags);
 192         return _urb;
 193 }
 194
 195 static void hci_usb_rx_complete(struct urb *urb);
 196 static void hci_usb_tx_complete(struct urb *urb);
 197
 198 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
 199 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
 200 #define __completed_q(husb, type) (&husb->completed_q[type-1])
 201 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
 202
 203 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
 204 {
 205         return _urb_dequeue(__completed_q(husb, type));
 206 }
 207
 208 #ifdef CONFIG_BT_HCIUSB_SCO
 209 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
 210 {
 211         int offset = 0, i;
 212
 213         BT_DBG("len %d mtu %d", len, mtu);
 214
 215         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
 216                 urb->iso_frame_desc[i].offset = offset;
 217                 urb->iso_frame_desc[i].length = mtu;
 218                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
 219         }
 220         if (len && i < HCI_MAX_ISOC_FRAMES) {
 221                 urb->iso_frame_desc[i].offset = offset;
 222                 urb->iso_frame_desc[i].length = len;
 223                 BT_DBG("desc %d offset %d len %d", i, offset, len);
 224                 i++;
 225         }
 226         urb->number_of_packets = i;
 227 }
 228 #endif
 229
 230 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
 231 {
 232         struct _urb *_urb;
 233         struct urb *urb;
 234         int err, pipe, interval, size;
 235         void *buf;
 236
 237         BT_DBG("%s", husb->hdev->name);
 238
 239         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
 240
 241         buf = kmalloc(size, GFP_ATOMIC);
 242         if (!buf)
 243                 return -ENOMEM;
 244
 245         _urb = _urb_alloc(0, GFP_ATOMIC);
 246         if (!_urb) {
 247                 kfree(buf);
 248                 return -ENOMEM;
 249         }
 250         _urb->type = HCI_EVENT_PKT;
 251         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 252
 253         urb = &_urb->urb;
 254         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
 255         interval = husb->intr_in_ep->desc.bInterval;
 256         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
 257
 258         err = usb_submit_urb(urb, GFP_ATOMIC);
 259         if (err) {
 260                 BT_ERR("%s intr rx submit failed urb %p err %d",
 261                                 husb->hdev->name, urb, err);
 262                 _urb_unlink(_urb);
 263                 _urb_free(_urb);
 264                 kfree(buf);
 265         }
 266         return err;
 267 }
 268
 269 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
 270 {
 271         struct _urb *_urb;
 272         struct urb *urb;
 273         int err, pipe, size = HCI_MAX_FRAME_SIZE;
 274         void *buf;
 275
 276         buf = kmalloc(size, GFP_ATOMIC);
 277         if (!buf)
 278                 return -ENOMEM;
 279
 280         _urb = _urb_alloc(0, GFP_ATOMIC);
 281         if (!_urb) {
 282                 kfree(buf);
 283                 return -ENOMEM;
 284         }
 285         _urb->type = HCI_ACLDATA_PKT;
 286         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 287
 288         urb  = &_urb->urb;
 289         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
 290         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
 291         urb->transfer_flags = 0;
 292
 293         BT_DBG("%s urb %p", husb->hdev->name, urb);
 294
 295         err = usb_submit_urb(urb, GFP_ATOMIC);
 296         if (err) {
 297                 BT_ERR("%s bulk rx submit failed urb %p err %d",
 298                                 husb->hdev->name, urb, err);
 299                 _urb_unlink(_urb);
 300                 _urb_free(_urb);
 301                 kfree(buf);
 302         }
 303         return err;
 304 }
 305
 306 #ifdef CONFIG_BT_HCIUSB_SCO
 307 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
 308 {
 309         struct _urb *_urb;
 310         struct urb *urb;
 311         int err, mtu, size;
 312         void *buf;
 313
 314         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
 315         size = mtu * HCI_MAX_ISOC_FRAMES;
 316
 317         buf = kmalloc(size, GFP_ATOMIC);
 318         if (!buf)
 319                 return -ENOMEM;
 320
 321         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 322         if (!_urb) {
 323                 kfree(buf);
 324                 return -ENOMEM;
 325         }
 326         _urb->type = HCI_SCODATA_PKT;
 327         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 328
 329         urb = &_urb->urb;
 330
 331         urb->context  = husb;
 332         urb->dev      = husb->udev;
 333         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
 334         urb->complete = hci_usb_rx_complete;
 335
 336         urb->interval = husb->isoc_in_ep->desc.bInterval;
 337
 338         urb->transfer_buffer_length = size;
 339         urb->transfer_buffer = buf;
 340         urb->transfer_flags  = URB_ISO_ASAP;
 341
 342         __fill_isoc_desc(urb, size, mtu);
 343
 344         BT_DBG("%s urb %p", husb->hdev->name, urb);
 345
 346         err = usb_submit_urb(urb, GFP_ATOMIC);
 347         if (err) {
 348                 BT_ERR("%s isoc rx submit failed urb %p err %d",
 349                                 husb->hdev->name, urb, err);
 350                 _urb_unlink(_urb);
 351                 _urb_free(_urb);
 352                 kfree(buf);
 353         }
 354         return err;
 355 }
 356 #endif
 357
 358 /* Initialize device */
 359 static int hci_usb_open(struct hci_dev *hdev)
 360 {
 361         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 362         int i, err;
 363         unsigned long flags;
 364
 365         BT_DBG("%s", hdev->name);
 366
 367         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
 368                 return 0;
 369
 370         write_lock_irqsave(&husb->completion_lock, flags);
 371
 372         err = hci_usb_intr_rx_submit(husb);
 373         if (!err) {
 374                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
 375                         hci_usb_bulk_rx_submit(husb);
 376
 377 #ifdef CONFIG_BT_HCIUSB_SCO
 378                 if (husb->isoc_iface)
 379                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
 380                                 hci_usb_isoc_rx_submit(husb);
 381 #endif
 382         } else {
 383                 clear_bit(HCI_RUNNING, &hdev->flags);
 384         }
 385
 386         write_unlock_irqrestore(&husb->completion_lock, flags);
 387         return err;
 388 }
 389
 390 /* Reset device */
 391 static int hci_usb_flush(struct hci_dev *hdev)
 392 {
 393         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 394         int i;
 395
 396         BT_DBG("%s", hdev->name);
 397
 398         for (i = 0; i < 4; i++)
 399                 skb_queue_purge(&husb->transmit_q[i]);
 400         return 0;
 401 }
 402
 403 static void hci_usb_unlink_urbs(struct hci_usb *husb)
 404 {
 405         int i;
 406
 407         BT_DBG("%s", husb->hdev->name);
 408
 409         for (i = 0; i < 4; i++) {
 410                 struct _urb *_urb;
 411                 struct urb *urb;
 412
 413                 /* Kill pending requests */
 414                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
 415                         urb = &_urb->urb;
 416                         BT_DBG("%s unlinking _urb %p type %d urb %p",
 417                                         husb->hdev->name, _urb, _urb->type, urb);
 418                         usb_kill_urb(urb);
 419                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 420                 }
 421
 422                 /* Release completed requests */
 423                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
 424                         urb = &_urb->urb;
 425                         BT_DBG("%s freeing _urb %p type %d urb %p",
 426                                         husb->hdev->name, _urb, _urb->type, urb);
 427                         kfree(urb->setup_packet);
 428                         kfree(urb->transfer_buffer);
 429                         _urb_free(_urb);
 430                 }
 431         }
 432 }
 433
 434 /* Close device */
 435 static int hci_usb_close(struct hci_dev *hdev)
 436 {
 437         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 438         unsigned long flags;
 439
 440         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
 441                 return 0;
 442
 443         BT_DBG("%s", hdev->name);
 444
 445         /* Synchronize with completion handlers */
 446         write_lock_irqsave(&husb->completion_lock, flags);
 447         write_unlock_irqrestore(&husb->completion_lock, flags);
 448
 449         hci_usb_unlink_urbs(husb);
 450         hci_usb_flush(hdev);
 451         return 0;
 452 }
 453
 454 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
 455 {
 456         struct urb *urb = &_urb->urb;
 457         int err;
 458
 459         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
 460
 461         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 462         err = usb_submit_urb(urb, GFP_ATOMIC);
 463         if (err) {
 464                 BT_ERR("%s tx submit failed urb %p type %d err %d",
 465                                 husb->hdev->name, urb, _urb->type, err);
 466                 _urb_unlink(_urb);
 467                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 468         } else
 469                 atomic_inc(__pending_tx(husb, _urb->type));
 470
 471         return err;
 472 }
 473
 474 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
 475 {
 476         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 477         struct usb_ctrlrequest *dr;
 478         struct urb *urb;
 479
 480         if (!_urb) {
 481                 _urb = _urb_alloc(0, GFP_ATOMIC);
 482                 if (!_urb)
 483                         return -ENOMEM;
 484                 _urb->type = bt_cb(skb)->pkt_type;
 485
 486                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
 487                 if (!dr) {
 488                         _urb_free(_urb);
 489                         return -ENOMEM;
 490                 }
 491         } else
 492                 dr = (void *) _urb->urb.setup_packet;
 493
 494         dr->bRequestType = husb->ctrl_req;
 495         dr->bRequest = 0;
 496         dr->wIndex   = 0;
 497         dr->wValue   = 0;
 498         dr->wLength  = __cpu_to_le16(skb->len);
 499
 500         urb = &_urb->urb;
 501         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
 502                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
 503
 504         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 505
 506         _urb->priv = skb;
 507         return __tx_submit(husb, _urb);
 508 }
 509
 510 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
 511 {
 512         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 513         struct urb *urb;
 514         int pipe;
 515
 516         if (!_urb) {
 517                 _urb = _urb_alloc(0, GFP_ATOMIC);
 518                 if (!_urb)
 519                         return -ENOMEM;
 520                 _urb->type = bt_cb(skb)->pkt_type;
 521         }
 522
 523         urb  = &_urb->urb;
 524         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
 525         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len,
 526                         hci_usb_tx_complete, husb);
 527         urb->transfer_flags = URB_ZERO_PACKET;
 528
 529         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 530
 531         _urb->priv = skb;
 532         return __tx_submit(husb, _urb);
 533 }
 534
 535 #ifdef CONFIG_BT_HCIUSB_SCO
 536 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
 537 {
 538         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 539         struct urb *urb;
 540
 541         if (!_urb) {
 542                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 543                 if (!_urb)
 544                         return -ENOMEM;
 545                 _urb->type = bt_cb(skb)->pkt_type;
 546         }
 547
 548         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 549
 550         urb = &_urb->urb;
 551
 552         urb->context  = husb;
 553         urb->dev      = husb->udev;
 554         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
 555         urb->complete = hci_usb_tx_complete;
 556         urb->transfer_flags = URB_ISO_ASAP;
 557
 558         urb->interval = husb->isoc_out_ep->desc.bInterval;
 559
 560         urb->transfer_buffer = skb->data;
 561         urb->transfer_buffer_length = skb->len;
 562
 563         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
 564
 565         _urb->priv = skb;
 566         return __tx_submit(husb, _urb);
 567 }
 568 #endif
 569
 570 static void hci_usb_tx_process(struct hci_usb *husb)
 571 {
 572         struct sk_buff_head *q;
 573         struct sk_buff *skb;
 574
 575         BT_DBG("%s", husb->hdev->name);
 576
 577         do {
 578                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
 579
 580                 /* Process command queue */
 581                 q = __transmit_q(husb, HCI_COMMAND_PKT);
 582                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
 583                                 (skb = skb_dequeue(q))) {
 584                         if (hci_usb_send_ctrl(husb, skb) < 0)
 585                                 skb_queue_head(q, skb);
 586                 }
 587
 588 #ifdef CONFIG_BT_HCIUSB_SCO
 589                 /* Process SCO queue */
 590                 q = __transmit_q(husb, HCI_SCODATA_PKT);
 591                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
 592                                 (skb = skb_dequeue(q))) {
 593                         if (hci_usb_send_isoc(husb, skb) < 0)
 594                                 skb_queue_head(q, skb);
 595                 }
 596 #endif
 597
 598                 /* Process ACL queue */
 599                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
 600                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
 601                                 (skb = skb_dequeue(q))) {
 602                         if (hci_usb_send_bulk(husb, skb) < 0) {
 603                                 skb_queue_head(q, skb);
 604                                 break;
 605                         }
 606                 }
 607         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
 608 }
 609
 610 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
 611 {
 612         /* Serialize TX queue processing to avoid data reordering */
 613         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
 614                 hci_usb_tx_process(husb);
 615                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
 616         } else
 617                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
 618 }
 619
 620 /* Send frames from HCI layer */
 621 static int hci_usb_send_frame(struct sk_buff *skb)
 622 {
 623         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 624         struct hci_usb *husb;
 625
 626         if (!hdev) {
 627                 BT_ERR("frame for uknown device (hdev=NULL)");
 628                 return -ENODEV;
 629         }
 630
 631         if (!test_bit(HCI_RUNNING, &hdev->flags))
 632                 return -EBUSY;
 633
 634         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
 635
 636         husb = (struct hci_usb *) hdev->driver_data;
 637
 638         switch (bt_cb(skb)->pkt_type) {
 639         case HCI_COMMAND_PKT:
 640                 hdev->stat.cmd_tx++;
 641                 break;
 642
 643         case HCI_ACLDATA_PKT:
 644                 hdev->stat.acl_tx++;
 645                 break;
 646
 647 #ifdef CONFIG_BT_HCIUSB_SCO
 648         case HCI_SCODATA_PKT:
 649                 hdev->stat.sco_tx++;
 650                 break;
 651 #endif
 652
 653         default:
 654                 kfree_skb(skb);
 655                 return 0;
 656         }
 657
 658         read_lock(&husb->completion_lock);
 659
 660         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
 661         hci_usb_tx_wakeup(husb);
 662
 663         read_unlock(&husb->completion_lock);
 664         return 0;
 665 }
 666
 667 static void hci_usb_rx_complete(struct urb *urb)
 668 {
 669         struct _urb *_urb = container_of(urb, struct _urb, urb);
 670         struct hci_usb *husb = (void *) urb->context;
 671         struct hci_dev *hdev = husb->hdev;
 672         int err, count = urb->actual_length;
 673
 674         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
 675                         _urb->type, urb->status, count, urb->transfer_flags);
 676
 677         read_lock(&husb->completion_lock);
 678
 679         if (!test_bit(HCI_RUNNING, &hdev->flags))
 680                 goto unlock;
 681
 682         if (urb->status || !count)
 683                 goto resubmit;
 684
 685         if (_urb->type == HCI_SCODATA_PKT) {
 686 #ifdef CONFIG_BT_HCIUSB_SCO
 687                 int i;
 688                 for (i=0; i < urb->number_of_packets; i++) {
 689                         BT_DBG("desc %d status %d offset %d len %d", i,
 690                                         urb->iso_frame_desc[i].status,
 691                                         urb->iso_frame_desc[i].offset,
 692                                         urb->iso_frame_desc[i].actual_length);
 693
 694                         if (!urb->iso_frame_desc[i].status)
 695                                 hci_recv_fragment(husb->hdev, _urb->type,
 696                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
 697                                         urb->iso_frame_desc[i].actual_length);
 698                 }
 699 #else
 700                 ;
 701 #endif
 702         } else {
 703                 err = hci_recv_fragment(husb->hdev, _urb->type, urb->transfer_buffer, count);
 704                 if (err < 0) {
 705                         BT_ERR("%s corrupted packet: type %d count %d",
 706                                         husb->hdev->name, _urb->type, count);
 707                         hdev->stat.err_rx++;
 708                 }
 709         }
 710
 711 resubmit:
 712         urb->dev = husb->udev;
 713         err = usb_submit_urb(urb, GFP_ATOMIC);
 714         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
 715                         _urb->type, err);
 716
 717 unlock:
 718         read_unlock(&husb->completion_lock);
 719 }
 720
 721 static void hci_usb_tx_complete(struct urb *urb)
 722 {
 723         struct _urb *_urb = container_of(urb, struct _urb, urb);
 724         struct hci_usb *husb = (void *) urb->context;
 725         struct hci_dev *hdev = husb->hdev;
 726
 727         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
 728                         urb->status, urb->transfer_flags);
 729
 730         atomic_dec(__pending_tx(husb, _urb->type));
 731
 732         urb->transfer_buffer = NULL;
 733         kfree_skb((struct sk_buff *) _urb->priv);
 734
 735         if (!test_bit(HCI_RUNNING, &hdev->flags))
 736                 return;
 737
 738         if (!urb->status)
 739                 hdev->stat.byte_tx += urb->transfer_buffer_length;
 740         else
 741                 hdev->stat.err_tx++;
 742
 743         read_lock(&husb->completion_lock);
 744
 745         _urb_unlink(_urb);
 746         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 747
 748         hci_usb_tx_wakeup(husb);
 749
 750         read_unlock(&husb->completion_lock);
 751 }
 752
 753 static void hci_usb_destruct(struct hci_dev *hdev)
 754 {
 755         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 756
 757         BT_DBG("%s", hdev->name);
 758
 759         kfree(husb);
 760 }
 761
 762 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
 763 {
 764         BT_DBG("%s evt %d", hdev->name, evt);
 765 }
 766
 767 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
 768 {
 769         struct usb_device *udev = interface_to_usbdev(intf);
 770         struct usb_host_endpoint *bulk_out_ep = NULL;
 771         struct usb_host_endpoint *bulk_in_ep = NULL;
 772         struct usb_host_endpoint *intr_in_ep = NULL;
 773         struct usb_host_endpoint  *ep;
 774         struct usb_host_interface *uif;
 775         struct usb_interface *isoc_iface;
 776         struct hci_usb *husb;
 777         struct hci_dev *hdev;
 778         int i, e, size, isoc_ifnum, isoc_alts;
 779
 780         BT_DBG("udev %p intf %p", udev, intf);
 781
 782         if (!id->driver_info) {
 783                 const struct usb_device_id *match;
 784                 match = usb_match_id(intf, blacklist_ids);
 785                 if (match)
 786                         id = match;
 787         }
 788
 789         if (ignore || id->driver_info & HCI_IGNORE)
 790                 return -ENODEV;
 791
 792         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
 793                 return -ENODEV;
 794
 795         if (ignore_csr && id->driver_info & HCI_CSR)
 796                 return -ENODEV;
 797
 798         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
 799                 return -ENODEV;
 800
 801         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
 802                 return -ENODEV;
 803
 804         /* Find endpoints that we need */
 805         uif = intf->cur_altsetting;
 806         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 807                 ep = &uif->endpoint[e];
 808
 809                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 810                 case USB_ENDPOINT_XFER_INT:
 811                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 812                                 intr_in_ep = ep;
 813                         break;
 814
 815                 case USB_ENDPOINT_XFER_BULK:
 816                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 817                                 bulk_in_ep  = ep;
 818                         else
 819                                 bulk_out_ep = ep;
 820                         break;
 821                 }
 822         }
 823
 824         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
 825                 BT_DBG("Bulk endpoints not found");
 826                 goto done;
 827         }
 828
 829         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
 830                 BT_ERR("Can't allocate: control structure");
 831                 goto done;
 832         }
 833
 834         husb->udev = udev;
 835         husb->bulk_out_ep = bulk_out_ep;
 836         husb->bulk_in_ep  = bulk_in_ep;
 837         husb->intr_in_ep  = intr_in_ep;
 838
 839         if (id->driver_info & HCI_DIGIANSWER)
 840                 husb->ctrl_req = USB_TYPE_VENDOR;
 841         else
 842                 husb->ctrl_req = USB_TYPE_CLASS;
 843
 844         /* Find isochronous endpoints that we can use */
 845         size = 0;
 846         isoc_iface = NULL;
 847         isoc_alts  = 0;
 848         isoc_ifnum = 1;
 849
 850 #ifdef CONFIG_BT_HCIUSB_SCO
 851         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
 852                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
 853
 854         if (isoc_iface) {
 855                 int a;
 856                 struct usb_host_endpoint *isoc_out_ep = NULL;
 857                 struct usb_host_endpoint *isoc_in_ep = NULL;
 858
 859                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
 860                         uif = &isoc_iface->altsetting[a];
 861                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 862                                 ep = &uif->endpoint[e];
 863
 864                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 865                                 case USB_ENDPOINT_XFER_ISOC:
 866                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
 867                                                         uif->desc.bAlternateSetting != isoc)
 868                                                 break;
 869                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
 870
 871                                         isoc_alts = uif->desc.bAlternateSetting;
 872
 873                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 874                                                 isoc_in_ep  = ep;
 875                                         else
 876                                                 isoc_out_ep = ep;
 877                                         break;
 878                                 }
 879                         }
 880                 }
 881
 882                 if (!isoc_in_ep || !isoc_out_ep)
 883                         BT_DBG("Isoc endpoints not found");
 884                 else {
 885                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
 886                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
 887                                 BT_ERR("Can't claim isoc interface");
 888                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
 889                                 BT_ERR("Can't set isoc interface settings");
 890                                 husb->isoc_iface = isoc_iface;
 891                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
 892                                 husb->isoc_iface = NULL;
 893                         } else {
 894                                 husb->isoc_iface  = isoc_iface;
 895                                 husb->isoc_in_ep  = isoc_in_ep;
 896                                 husb->isoc_out_ep = isoc_out_ep;
 897                         }
 898                 }
 899         }
 900 #endif
 901
 902         rwlock_init(&husb->completion_lock);
 903
 904         for (i = 0; i < 4; i++) {
 905                 skb_queue_head_init(&husb->transmit_q[i]);
 906                 _urb_queue_init(&husb->pending_q[i]);
 907                 _urb_queue_init(&husb->completed_q[i]);
 908         }
 909
 910         /* Initialize and register HCI device */
 911         hdev = hci_alloc_dev();
 912         if (!hdev) {
 913                 BT_ERR("Can't allocate HCI device");
 914                 goto probe_error;
 915         }
 916
 917         husb->hdev = hdev;
 918
 919         hdev->type = HCI_USB;
 920         hdev->driver_data = husb;
 921         SET_HCIDEV_DEV(hdev, &intf->dev);
 922
 923         hdev->open     = hci_usb_open;
 924         hdev->close    = hci_usb_close;
 925         hdev->flush    = hci_usb_flush;
 926         hdev->send     = hci_usb_send_frame;
 927         hdev->destruct = hci_usb_destruct;
 928         hdev->notify   = hci_usb_notify;
 929
 930         hdev->owner = THIS_MODULE;
 931
 932         if (reset || id->driver_info & HCI_RESET)
 933                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
 934
 935         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
 936                 if (!disable_scofix)
 937                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
 938         }
 939
 940         if (id->driver_info & HCI_SNIFFER) {
 941                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
 942                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
 943         }
 944
 945         if (id->driver_info & HCI_BCM92035) {
 946                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
 947                 struct sk_buff *skb;
 948
 949                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
 950                 if (skb) {
 951                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
 952                         skb_queue_tail(&hdev->driver_init, skb);
 953                 }
 954         }
 955
 956         if (hci_register_dev(hdev) < 0) {
 957                 BT_ERR("Can't register HCI device");
 958                 hci_free_dev(hdev);
 959                 goto probe_error;
 960         }
 961
 962         usb_set_intfdata(intf, husb);
 963         return 0;
 964
 965 probe_error:
 966         if (husb->isoc_iface)
 967                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
 968         kfree(husb);
 969
 970 done:
 971         return -EIO;
 972 }
 973
 974 static void hci_usb_disconnect(struct usb_interface *intf)
 975 {
 976         struct hci_usb *husb = usb_get_intfdata(intf);
 977         struct hci_dev *hdev;
 978
 979         if (!husb || intf == husb->isoc_iface)
 980                 return;
 981
 982         usb_set_intfdata(intf, NULL);
 983         hdev = husb->hdev;
 984
 985         BT_DBG("%s", hdev->name);
 986
 987         hci_usb_close(hdev);
 988
 989         if (husb->isoc_iface)
 990                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
 991
 992         if (hci_unregister_dev(hdev) < 0)
 993                 BT_ERR("Can't unregister HCI device %s", hdev->name);
 994
 995         hci_free_dev(hdev);
 996 }
 997
 998 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
 999 {
1000         struct hci_usb *husb = usb_get_intfdata(intf);
1001         struct list_head killed;
1002         unsigned long flags;
1003         int i;
1004
1005         if (!husb || intf == husb->isoc_iface)
1006                 return 0;
1007
1008         hci_suspend_dev(husb->hdev);
1009
1010         INIT_LIST_HEAD(&killed);
1011
1012         for (i = 0; i < 4; i++) {
1013                 struct _urb_queue *q = &husb->pending_q[i];
1014                 struct _urb *_urb, *_tmp;
1015
1016                 while ((_urb = _urb_dequeue(q))) {
1017                         /* reset queue since _urb_dequeue sets it to NULL */
1018                         _urb->queue = q;
1019                         usb_kill_urb(&_urb->urb);
1020                         list_add(&_urb->list, &killed);
1021                 }
1022
1023                 spin_lock_irqsave(&q->lock, flags);
1024
1025                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1026                         list_move_tail(&_urb->list, &q->head);
1027                 }
1028
1029                 spin_unlock_irqrestore(&q->lock, flags);
1030         }
1031
1032         return 0;
1033 }
1034
1035 static int hci_usb_resume(struct usb_interface *intf)
1036 {
1037         struct hci_usb *husb = usb_get_intfdata(intf);
1038         unsigned long flags;
1039         int i, err = 0;
1040
1041         if (!husb || intf == husb->isoc_iface)
1042                 return 0;
1043
1044         for (i = 0; i < 4; i++) {
1045                 struct _urb_queue *q = &husb->pending_q[i];
1046                 struct _urb *_urb;
1047
1048                 spin_lock_irqsave(&q->lock, flags);
1049
1050                 list_for_each_entry(_urb, &q->head, list) {
1051                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1052                         if (err)
1053                                 break;
1054                 }
1055
1056                 spin_unlock_irqrestore(&q->lock, flags);
1057
1058                 if (err)
1059                         return -EIO;
1060         }
1061
1062         hci_resume_dev(husb->hdev);
1063
1064         return 0;
1065 }
1066
1067 static struct usb_driver hci_usb_driver = {
1068         .name           = "hci_usb",
1069         .probe          = hci_usb_probe,
1070         .disconnect     = hci_usb_disconnect,
1071         .suspend        = hci_usb_suspend,
1072         .resume         = hci_usb_resume,
1073         .id_table       = bluetooth_ids,
1074 };
1075
1076 static int __init hci_usb_init(void)
1077 {
1078         int err;
1079
1080         BT_INFO("HCI USB driver ver %s", VERSION);
1081
1082         if ((err = usb_register(&hci_usb_driver)) < 0)
1083                 BT_ERR("Failed to register HCI USB driver");
1084
1085         return err;
1086 }
1087
1088 static void __exit hci_usb_exit(void)
1089 {
1090         usb_deregister(&hci_usb_driver);
1091 }
1092
1093 module_init(hci_usb_init);
1094 module_exit(hci_usb_exit);
1095
1096 module_param(ignore, bool, 0644);
1097 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1098
1099 module_param(ignore_dga, bool, 0644);
1100 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1101
1102 module_param(ignore_csr, bool, 0644);
1103 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1104
1105 module_param(ignore_sniffer, bool, 0644);
1106 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1107
1108 module_param(disable_scofix, bool, 0644);
1109 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1110
1111 module_param(force_scofix, bool, 0644);
1112 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1113
1114 module_param(reset, bool, 0644);
1115 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1116
1117 #ifdef CONFIG_BT_HCIUSB_SCO
1118 module_param(isoc, int, 0644);
1119 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1120 #endif
1121
1122 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1123 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1124 MODULE_VERSION(VERSION);
1125 MODULE_LICENSE("GPL");