drivers/bluetooth/hci_usb.c

   1 /*
   2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   5
   6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License version 2 as
  10    published by the Free Software Foundation;
  11
  12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  20
  21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  23    SOFTWARE IS DISCLAIMED.
  24 */
  25
  26 /*
  27  * Bluetooth HCI USB driver.
  28  * Based on original USB Bluetooth driver for Linux kernel
  29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
  30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
  31  *
  32  */
  33
  34 #include <linux/module.h>
  35
  36 #include <linux/kernel.h>
  37 #include <linux/init.h>
  38 #include <linux/sched.h>
  39 #include <linux/unistd.h>
  40 #include <linux/types.h>
  41 #include <linux/interrupt.h>
  42 #include <linux/moduleparam.h>
  43
  44 #include <linux/slab.h>
  45 #include <linux/errno.h>
  46 #include <linux/string.h>
  47 #include <linux/skbuff.h>
  48
  49 #include <linux/usb.h>
  50
  51 #include <net/bluetooth/bluetooth.h>
  52 #include <net/bluetooth/hci_core.h>
  53
  54 #include "hci_usb.h"
  55
  56 #ifndef CONFIG_BT_HCIUSB_DEBUG
  57 #undef  BT_DBG
  58 #define BT_DBG(D...)
  59 #endif
  60
  61 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
  62 #undef  URB_ZERO_PACKET
  63 #define URB_ZERO_PACKET 0
  64 #endif
  65
  66 static int ignore = 0;
  67 static int ignore_dga = 0;
  68 static int ignore_csr = 0;
  69 static int ignore_sniffer = 0;
  70 static int disable_scofix = 0;
  71 static int force_scofix = 0;
  72 static int reset = 0;
  73
  74 #ifdef CONFIG_BT_HCIUSB_SCO
  75 static int isoc = 2;
  76 #endif
  77
  78 #define VERSION "2.9"
  79
  80 static struct usb_driver hci_usb_driver;
  81
  82 static struct usb_device_id bluetooth_ids[] = {
  83         /* Generic Bluetooth USB device */
  84         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
  85
  86         /* AVM BlueFRITZ! USB v2.0 */
  87         { USB_DEVICE(0x057c, 0x3800) },
  88
  89         /* Bluetooth Ultraport Module from IBM */
  90         { USB_DEVICE(0x04bf, 0x030a) },
  91
  92         /* ALPS Modules with non-standard id */
  93         { USB_DEVICE(0x044e, 0x3001) },
  94         { USB_DEVICE(0x044e, 0x3002) },
  95
  96         /* Ericsson with non-standard id */
  97         { USB_DEVICE(0x0bdb, 0x1002) },
  98
  99         { }     /* Terminating entry */
 100 };
 101
 102 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
 103
 104 static struct usb_device_id blacklist_ids[] = {
 105         /* CSR BlueCore devices */
 106         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
 107
 108         /* Broadcom BCM2033 without firmware */
 109         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
 110
 111         /* Broadcom BCM2035 */
 112         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
 113         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
 114
 115         /* IBM/Lenovo ThinkPad with Broadcom chip */
 116         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
 117
 118         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
 119         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
 120
 121         /* Kensington Bluetooth USB adapter */
 122         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
 123
 124         /* ISSC Bluetooth Adapter v3.1 */
 125         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
 126
 127         /* RTX Telecom based adapter with buggy SCO support */
 128         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
 129
 130         /* Belkin F8T012 and F8T013 devices */
 131         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
 132         { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU },
 133
 134         /* Digianswer devices */
 135         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
 136         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
 137
 138         /* CSR BlueCore Bluetooth Sniffer */
 139         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
 140
 141         /* Frontline ComProbe Bluetooth Sniffer */
 142         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
 143
 144         { }     /* Terminating entry */
 145 };
 146
 147 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
 148 {
 149         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
 150                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
 151         if (_urb) {
 152                 memset(_urb, 0, sizeof(*_urb));
 153                 usb_init_urb(&_urb->urb);
 154         }
 155         return _urb;
 156 }
 157
 158 static struct _urb *_urb_dequeue(struct _urb_queue *q)
 159 {
 160         struct _urb *_urb = NULL;
 161         unsigned long flags;
 162         spin_lock_irqsave(&q->lock, flags);
 163         {
 164                 struct list_head *head = &q->head;
 165                 struct list_head *next = head->next;
 166                 if (next != head) {
 167                         _urb = list_entry(next, struct _urb, list);
 168                         list_del(next); _urb->queue = NULL;
 169                 }
 170         }
 171         spin_unlock_irqrestore(&q->lock, flags);
 172         return _urb;
 173 }
 174
 175 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
 176 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
 177
 178 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
 179 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
 180 #define __completed_q(husb, type) (&husb->completed_q[type-1])
 181 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
 182 #define __reassembly(husb, type)  (husb->reassembly[type-1])
 183
 184 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
 185 {
 186         return _urb_dequeue(__completed_q(husb, type));
 187 }
 188
 189 #ifdef CONFIG_BT_HCIUSB_SCO
 190 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
 191 {
 192         int offset = 0, i;
 193
 194         BT_DBG("len %d mtu %d", len, mtu);
 195
 196         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
 197                 urb->iso_frame_desc[i].offset = offset;
 198                 urb->iso_frame_desc[i].length = mtu;
 199                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
 200         }
 201         if (len && i < HCI_MAX_ISOC_FRAMES) {
 202                 urb->iso_frame_desc[i].offset = offset;
 203                 urb->iso_frame_desc[i].length = len;
 204                 BT_DBG("desc %d offset %d len %d", i, offset, len);
 205                 i++;
 206         }
 207         urb->number_of_packets = i;
 208 }
 209 #endif
 210
 211 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
 212 {
 213         struct _urb *_urb;
 214         struct urb *urb;
 215         int err, pipe, interval, size;
 216         void *buf;
 217
 218         BT_DBG("%s", husb->hdev->name);
 219
 220         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
 221
 222         buf = kmalloc(size, GFP_ATOMIC);
 223         if (!buf)
 224                 return -ENOMEM;
 225
 226         _urb = _urb_alloc(0, GFP_ATOMIC);
 227         if (!_urb) {
 228                 kfree(buf);
 229                 return -ENOMEM;
 230         }
 231         _urb->type = HCI_EVENT_PKT;
 232         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 233
 234         urb = &_urb->urb;
 235         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
 236         interval = husb->intr_in_ep->desc.bInterval;
 237         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
 238
 239         err = usb_submit_urb(urb, GFP_ATOMIC);
 240         if (err) {
 241                 BT_ERR("%s intr rx submit failed urb %p err %d",
 242                                 husb->hdev->name, urb, err);
 243                 _urb_unlink(_urb);
 244                 _urb_free(_urb);
 245                 kfree(buf);
 246         }
 247         return err;
 248 }
 249
 250 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
 251 {
 252         struct _urb *_urb;
 253         struct urb *urb;
 254         int err, pipe, size = HCI_MAX_FRAME_SIZE;
 255         void *buf;
 256
 257         buf = kmalloc(size, GFP_ATOMIC);
 258         if (!buf)
 259                 return -ENOMEM;
 260
 261         _urb = _urb_alloc(0, GFP_ATOMIC);
 262         if (!_urb) {
 263                 kfree(buf);
 264                 return -ENOMEM;
 265         }
 266         _urb->type = HCI_ACLDATA_PKT;
 267         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 268
 269         urb  = &_urb->urb;
 270         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
 271         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
 272         urb->transfer_flags = 0;
 273
 274         BT_DBG("%s urb %p", husb->hdev->name, urb);
 275
 276         err = usb_submit_urb(urb, GFP_ATOMIC);
 277         if (err) {
 278                 BT_ERR("%s bulk rx submit failed urb %p err %d",
 279                                 husb->hdev->name, urb, err);
 280                 _urb_unlink(_urb);
 281                 _urb_free(_urb);
 282                 kfree(buf);
 283         }
 284         return err;
 285 }
 286
 287 #ifdef CONFIG_BT_HCIUSB_SCO
 288 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
 289 {
 290         struct _urb *_urb;
 291         struct urb *urb;
 292         int err, mtu, size;
 293         void *buf;
 294
 295         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
 296         size = mtu * HCI_MAX_ISOC_FRAMES;
 297
 298         buf = kmalloc(size, GFP_ATOMIC);
 299         if (!buf)
 300                 return -ENOMEM;
 301
 302         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 303         if (!_urb) {
 304                 kfree(buf);
 305                 return -ENOMEM;
 306         }
 307         _urb->type = HCI_SCODATA_PKT;
 308         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 309
 310         urb = &_urb->urb;
 311
 312         urb->context  = husb;
 313         urb->dev      = husb->udev;
 314         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
 315         urb->complete = hci_usb_rx_complete;
 316
 317         urb->interval = husb->isoc_in_ep->desc.bInterval;
 318
 319         urb->transfer_buffer_length = size;
 320         urb->transfer_buffer = buf;
 321         urb->transfer_flags  = URB_ISO_ASAP;
 322
 323         __fill_isoc_desc(urb, size, mtu);
 324
 325         BT_DBG("%s urb %p", husb->hdev->name, urb);
 326
 327         err = usb_submit_urb(urb, GFP_ATOMIC);
 328         if (err) {
 329                 BT_ERR("%s isoc rx submit failed urb %p err %d",
 330                                 husb->hdev->name, urb, err);
 331                 _urb_unlink(_urb);
 332                 _urb_free(_urb);
 333                 kfree(buf);
 334         }
 335         return err;
 336 }
 337 #endif
 338
 339 /* Initialize device */
 340 static int hci_usb_open(struct hci_dev *hdev)
 341 {
 342         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 343         int i, err;
 344         unsigned long flags;
 345
 346         BT_DBG("%s", hdev->name);
 347
 348         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
 349                 return 0;
 350
 351         write_lock_irqsave(&husb->completion_lock, flags);
 352
 353         err = hci_usb_intr_rx_submit(husb);
 354         if (!err) {
 355                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
 356                         hci_usb_bulk_rx_submit(husb);
 357
 358 #ifdef CONFIG_BT_HCIUSB_SCO
 359                 if (husb->isoc_iface)
 360                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
 361                                 hci_usb_isoc_rx_submit(husb);
 362 #endif
 363         } else {
 364                 clear_bit(HCI_RUNNING, &hdev->flags);
 365         }
 366
 367         write_unlock_irqrestore(&husb->completion_lock, flags);
 368         return err;
 369 }
 370
 371 /* Reset device */
 372 static int hci_usb_flush(struct hci_dev *hdev)
 373 {
 374         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 375         int i;
 376
 377         BT_DBG("%s", hdev->name);
 378
 379         for (i = 0; i < 4; i++)
 380                 skb_queue_purge(&husb->transmit_q[i]);
 381         return 0;
 382 }
 383
 384 static void hci_usb_unlink_urbs(struct hci_usb *husb)
 385 {
 386         int i;
 387
 388         BT_DBG("%s", husb->hdev->name);
 389
 390         for (i = 0; i < 4; i++) {
 391                 struct _urb *_urb;
 392                 struct urb *urb;
 393
 394                 /* Kill pending requests */
 395                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
 396                         urb = &_urb->urb;
 397                         BT_DBG("%s unlinking _urb %p type %d urb %p",
 398                                         husb->hdev->name, _urb, _urb->type, urb);
 399                         usb_kill_urb(urb);
 400                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 401                 }
 402
 403                 /* Release completed requests */
 404                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
 405                         urb = &_urb->urb;
 406                         BT_DBG("%s freeing _urb %p type %d urb %p",
 407                                         husb->hdev->name, _urb, _urb->type, urb);
 408                         kfree(urb->setup_packet);
 409                         kfree(urb->transfer_buffer);
 410                         _urb_free(_urb);
 411                 }
 412
 413                 /* Release reassembly buffers */
 414                 if (husb->reassembly[i]) {
 415                         kfree_skb(husb->reassembly[i]);
 416                         husb->reassembly[i] = NULL;
 417                 }
 418         }
 419 }
 420
 421 /* Close device */
 422 static int hci_usb_close(struct hci_dev *hdev)
 423 {
 424         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 425         unsigned long flags;
 426
 427         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
 428                 return 0;
 429
 430         BT_DBG("%s", hdev->name);
 431
 432         /* Synchronize with completion handlers */
 433         write_lock_irqsave(&husb->completion_lock, flags);
 434         write_unlock_irqrestore(&husb->completion_lock, flags);
 435
 436         hci_usb_unlink_urbs(husb);
 437         hci_usb_flush(hdev);
 438         return 0;
 439 }
 440
 441 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
 442 {
 443         struct urb *urb = &_urb->urb;
 444         int err;
 445
 446         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
 447
 448         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 449         err = usb_submit_urb(urb, GFP_ATOMIC);
 450         if (err) {
 451                 BT_ERR("%s tx submit failed urb %p type %d err %d",
 452                                 husb->hdev->name, urb, _urb->type, err);
 453                 _urb_unlink(_urb);
 454                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 455         } else
 456                 atomic_inc(__pending_tx(husb, _urb->type));
 457
 458         return err;
 459 }
 460
 461 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
 462 {
 463         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 464         struct usb_ctrlrequest *dr;
 465         struct urb *urb;
 466
 467         if (!_urb) {
 468                 _urb = _urb_alloc(0, GFP_ATOMIC);
 469                 if (!_urb)
 470                         return -ENOMEM;
 471                 _urb->type = bt_cb(skb)->pkt_type;
 472
 473                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
 474                 if (!dr) {
 475                         _urb_free(_urb);
 476                         return -ENOMEM;
 477                 }
 478         } else
 479                 dr = (void *) _urb->urb.setup_packet;
 480
 481         dr->bRequestType = husb->ctrl_req;
 482         dr->bRequest = 0;
 483         dr->wIndex   = 0;
 484         dr->wValue   = 0;
 485         dr->wLength  = __cpu_to_le16(skb->len);
 486
 487         urb = &_urb->urb;
 488         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
 489                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
 490
 491         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 492
 493         _urb->priv = skb;
 494         return __tx_submit(husb, _urb);
 495 }
 496
 497 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
 498 {
 499         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 500         struct urb *urb;
 501         int pipe;
 502
 503         if (!_urb) {
 504                 _urb = _urb_alloc(0, GFP_ATOMIC);
 505                 if (!_urb)
 506                         return -ENOMEM;
 507                 _urb->type = bt_cb(skb)->pkt_type;
 508         }
 509
 510         urb  = &_urb->urb;
 511         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
 512         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len,
 513                         hci_usb_tx_complete, husb);
 514         urb->transfer_flags = URB_ZERO_PACKET;
 515
 516         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 517
 518         _urb->priv = skb;
 519         return __tx_submit(husb, _urb);
 520 }
 521
 522 #ifdef CONFIG_BT_HCIUSB_SCO
 523 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
 524 {
 525         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 526         struct urb *urb;
 527
 528         if (!_urb) {
 529                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 530                 if (!_urb)
 531                         return -ENOMEM;
 532                 _urb->type = bt_cb(skb)->pkt_type;
 533         }
 534
 535         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 536
 537         urb = &_urb->urb;
 538
 539         urb->context  = husb;
 540         urb->dev      = husb->udev;
 541         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
 542         urb->complete = hci_usb_tx_complete;
 543         urb->transfer_flags = URB_ISO_ASAP;
 544
 545         urb->interval = husb->isoc_out_ep->desc.bInterval;
 546
 547         urb->transfer_buffer = skb->data;
 548         urb->transfer_buffer_length = skb->len;
 549
 550         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
 551
 552         _urb->priv = skb;
 553         return __tx_submit(husb, _urb);
 554 }
 555 #endif
 556
 557 static void hci_usb_tx_process(struct hci_usb *husb)
 558 {
 559         struct sk_buff_head *q;
 560         struct sk_buff *skb;
 561
 562         BT_DBG("%s", husb->hdev->name);
 563
 564         do {
 565                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
 566
 567                 /* Process command queue */
 568                 q = __transmit_q(husb, HCI_COMMAND_PKT);
 569                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
 570                                 (skb = skb_dequeue(q))) {
 571                         if (hci_usb_send_ctrl(husb, skb) < 0)
 572                                 skb_queue_head(q, skb);
 573                 }
 574
 575 #ifdef CONFIG_BT_HCIUSB_SCO
 576                 /* Process SCO queue */
 577                 q = __transmit_q(husb, HCI_SCODATA_PKT);
 578                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
 579                                 (skb = skb_dequeue(q))) {
 580                         if (hci_usb_send_isoc(husb, skb) < 0)
 581                                 skb_queue_head(q, skb);
 582                 }
 583 #endif
 584
 585                 /* Process ACL queue */
 586                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
 587                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
 588                                 (skb = skb_dequeue(q))) {
 589                         if (hci_usb_send_bulk(husb, skb) < 0) {
 590                                 skb_queue_head(q, skb);
 591                                 break;
 592                         }
 593                 }
 594         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
 595 }
 596
 597 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
 598 {
 599         /* Serialize TX queue processing to avoid data reordering */
 600         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
 601                 hci_usb_tx_process(husb);
 602                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
 603         } else
 604                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
 605 }
 606
 607 /* Send frames from HCI layer */
 608 static int hci_usb_send_frame(struct sk_buff *skb)
 609 {
 610         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 611         struct hci_usb *husb;
 612
 613         if (!hdev) {
 614                 BT_ERR("frame for uknown device (hdev=NULL)");
 615                 return -ENODEV;
 616         }
 617
 618         if (!test_bit(HCI_RUNNING, &hdev->flags))
 619                 return -EBUSY;
 620
 621         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
 622
 623         husb = (struct hci_usb *) hdev->driver_data;
 624
 625         switch (bt_cb(skb)->pkt_type) {
 626         case HCI_COMMAND_PKT:
 627                 hdev->stat.cmd_tx++;
 628                 break;
 629
 630         case HCI_ACLDATA_PKT:
 631                 hdev->stat.acl_tx++;
 632                 break;
 633
 634 #ifdef CONFIG_BT_HCIUSB_SCO
 635         case HCI_SCODATA_PKT:
 636                 hdev->stat.sco_tx++;
 637                 break;
 638 #endif
 639
 640         default:
 641                 kfree_skb(skb);
 642                 return 0;
 643         }
 644
 645         read_lock(&husb->completion_lock);
 646
 647         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
 648         hci_usb_tx_wakeup(husb);
 649
 650         read_unlock(&husb->completion_lock);
 651         return 0;
 652 }
 653
 654 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
 655 {
 656         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
 657
 658         husb->hdev->stat.byte_rx += count;
 659
 660         while (count) {
 661                 struct sk_buff *skb = __reassembly(husb, type);
 662                 struct { int expect; } *scb;
 663                 int len = 0;
 664
 665                 if (!skb) {
 666                         /* Start of the frame */
 667
 668                         switch (type) {
 669                         case HCI_EVENT_PKT:
 670                                 if (count >= HCI_EVENT_HDR_SIZE) {
 671                                         struct hci_event_hdr *h = data;
 672                                         len = HCI_EVENT_HDR_SIZE + h->plen;
 673                                 } else
 674                                         return -EILSEQ;
 675                                 break;
 676
 677                         case HCI_ACLDATA_PKT:
 678                                 if (count >= HCI_ACL_HDR_SIZE) {
 679                                         struct hci_acl_hdr *h = data;
 680                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
 681                                 } else
 682                                         return -EILSEQ;
 683                                 break;
 684 #ifdef CONFIG_BT_HCIUSB_SCO
 685                         case HCI_SCODATA_PKT:
 686                                 if (count >= HCI_SCO_HDR_SIZE) {
 687                                         struct hci_sco_hdr *h = data;
 688                                         len = HCI_SCO_HDR_SIZE + h->dlen;
 689                                 } else
 690                                         return -EILSEQ;
 691                                 break;
 692 #endif
 693                         }
 694                         BT_DBG("new packet len %d", len);
 695
 696                         skb = bt_skb_alloc(len, GFP_ATOMIC);
 697                         if (!skb) {
 698                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
 699                                 return -ENOMEM;
 700                         }
 701                         skb->dev = (void *) husb->hdev;
 702                         bt_cb(skb)->pkt_type = type;
 703
 704                         __reassembly(husb, type) = skb;
 705
 706                         scb = (void *) skb->cb;
 707                         scb->expect = len;
 708                 } else {
 709                         /* Continuation */
 710                         scb = (void *) skb->cb;
 711                         len = scb->expect;
 712                 }
 713
 714                 len = min(len, count);
 715
 716                 memcpy(skb_put(skb, len), data, len);
 717
 718                 scb->expect -= len;
 719                 if (!scb->expect) {
 720                         /* Complete frame */
 721                         __reassembly(husb, type) = NULL;
 722                         bt_cb(skb)->pkt_type = type;
 723                         hci_recv_frame(skb);
 724                 }
 725
 726                 count -= len; data += len;
 727         }
 728         return 0;
 729 }
 730
 731 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
 732 {
 733         struct _urb *_urb = container_of(urb, struct _urb, urb);
 734         struct hci_usb *husb = (void *) urb->context;
 735         struct hci_dev *hdev = husb->hdev;
 736         int err, count = urb->actual_length;
 737
 738         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
 739                         _urb->type, urb->status, count, urb->transfer_flags);
 740
 741         read_lock(&husb->completion_lock);
 742
 743         if (!test_bit(HCI_RUNNING, &hdev->flags))
 744                 goto unlock;
 745
 746         if (urb->status || !count)
 747                 goto resubmit;
 748
 749         if (_urb->type == HCI_SCODATA_PKT) {
 750 #ifdef CONFIG_BT_HCIUSB_SCO
 751                 int i;
 752                 for (i=0; i < urb->number_of_packets; i++) {
 753                         BT_DBG("desc %d status %d offset %d len %d", i,
 754                                         urb->iso_frame_desc[i].status,
 755                                         urb->iso_frame_desc[i].offset,
 756                                         urb->iso_frame_desc[i].actual_length);
 757
 758                         if (!urb->iso_frame_desc[i].status)
 759                                 __recv_frame(husb, _urb->type,
 760                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
 761                                         urb->iso_frame_desc[i].actual_length);
 762                 }
 763 #else
 764                 ;
 765 #endif
 766         } else {
 767                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
 768                 if (err < 0) {
 769                         BT_ERR("%s corrupted packet: type %d count %d",
 770                                         husb->hdev->name, _urb->type, count);
 771                         hdev->stat.err_rx++;
 772                 }
 773         }
 774
 775 resubmit:
 776         urb->dev = husb->udev;
 777         err = usb_submit_urb(urb, GFP_ATOMIC);
 778         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
 779                         _urb->type, err);
 780
 781 unlock:
 782         read_unlock(&husb->completion_lock);
 783 }
 784
 785 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
 786 {
 787         struct _urb *_urb = container_of(urb, struct _urb, urb);
 788         struct hci_usb *husb = (void *) urb->context;
 789         struct hci_dev *hdev = husb->hdev;
 790
 791         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
 792                         urb->status, urb->transfer_flags);
 793
 794         atomic_dec(__pending_tx(husb, _urb->type));
 795
 796         urb->transfer_buffer = NULL;
 797         kfree_skb((struct sk_buff *) _urb->priv);
 798
 799         if (!test_bit(HCI_RUNNING, &hdev->flags))
 800                 return;
 801
 802         if (!urb->status)
 803                 hdev->stat.byte_tx += urb->transfer_buffer_length;
 804         else
 805                 hdev->stat.err_tx++;
 806
 807         read_lock(&husb->completion_lock);
 808
 809         _urb_unlink(_urb);
 810         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 811
 812         hci_usb_tx_wakeup(husb);
 813
 814         read_unlock(&husb->completion_lock);
 815 }
 816
 817 static void hci_usb_destruct(struct hci_dev *hdev)
 818 {
 819         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 820
 821         BT_DBG("%s", hdev->name);
 822
 823         kfree(husb);
 824 }
 825
 826 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
 827 {
 828         BT_DBG("%s evt %d", hdev->name, evt);
 829 }
 830
 831 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
 832 {
 833         struct usb_device *udev = interface_to_usbdev(intf);
 834         struct usb_host_endpoint *bulk_out_ep = NULL;
 835         struct usb_host_endpoint *bulk_in_ep = NULL;
 836         struct usb_host_endpoint *intr_in_ep = NULL;
 837         struct usb_host_endpoint  *ep;
 838         struct usb_host_interface *uif;
 839         struct usb_interface *isoc_iface;
 840         struct hci_usb *husb;
 841         struct hci_dev *hdev;
 842         int i, e, size, isoc_ifnum, isoc_alts;
 843
 844         BT_DBG("udev %p intf %p", udev, intf);
 845
 846         if (!id->driver_info) {
 847                 const struct usb_device_id *match;
 848                 match = usb_match_id(intf, blacklist_ids);
 849                 if (match)
 850                         id = match;
 851         }
 852
 853         if (ignore || id->driver_info & HCI_IGNORE)
 854                 return -ENODEV;
 855
 856         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
 857                 return -ENODEV;
 858
 859         if (ignore_csr && id->driver_info & HCI_CSR)
 860                 return -ENODEV;
 861
 862         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
 863                 return -ENODEV;
 864
 865         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
 866                 return -ENODEV;
 867
 868         /* Find endpoints that we need */
 869         uif = intf->cur_altsetting;
 870         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 871                 ep = &uif->endpoint[e];
 872
 873                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 874                 case USB_ENDPOINT_XFER_INT:
 875                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 876                                 intr_in_ep = ep;
 877                         break;
 878
 879                 case USB_ENDPOINT_XFER_BULK:
 880                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 881                                 bulk_in_ep  = ep;
 882                         else
 883                                 bulk_out_ep = ep;
 884                         break;
 885                 }
 886         }
 887
 888         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
 889                 BT_DBG("Bulk endpoints not found");
 890                 goto done;
 891         }
 892
 893         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
 894                 BT_ERR("Can't allocate: control structure");
 895                 goto done;
 896         }
 897
 898         husb->udev = udev;
 899         husb->bulk_out_ep = bulk_out_ep;
 900         husb->bulk_in_ep  = bulk_in_ep;
 901         husb->intr_in_ep  = intr_in_ep;
 902
 903         if (id->driver_info & HCI_DIGIANSWER)
 904                 husb->ctrl_req = USB_TYPE_VENDOR;
 905         else
 906                 husb->ctrl_req = USB_TYPE_CLASS;
 907
 908         /* Find isochronous endpoints that we can use */
 909         size = 0;
 910         isoc_iface = NULL;
 911         isoc_alts  = 0;
 912         isoc_ifnum = 1;
 913
 914 #ifdef CONFIG_BT_HCIUSB_SCO
 915         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
 916                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
 917
 918         if (isoc_iface) {
 919                 int a;
 920                 struct usb_host_endpoint *isoc_out_ep = NULL;
 921                 struct usb_host_endpoint *isoc_in_ep = NULL;
 922
 923                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
 924                         uif = &isoc_iface->altsetting[a];
 925                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 926                                 ep = &uif->endpoint[e];
 927
 928                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 929                                 case USB_ENDPOINT_XFER_ISOC:
 930                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
 931                                                         uif->desc.bAlternateSetting != isoc)
 932                                                 break;
 933                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
 934
 935                                         isoc_alts = uif->desc.bAlternateSetting;
 936
 937                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 938                                                 isoc_in_ep  = ep;
 939                                         else
 940                                                 isoc_out_ep = ep;
 941                                         break;
 942                                 }
 943                         }
 944                 }
 945
 946                 if (!isoc_in_ep || !isoc_out_ep)
 947                         BT_DBG("Isoc endpoints not found");
 948                 else {
 949                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
 950                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
 951                                 BT_ERR("Can't claim isoc interface");
 952                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
 953                                 BT_ERR("Can't set isoc interface settings");
 954                                 husb->isoc_iface = isoc_iface;
 955                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
 956                                 husb->isoc_iface = NULL;
 957                         } else {
 958                                 husb->isoc_iface  = isoc_iface;
 959                                 husb->isoc_in_ep  = isoc_in_ep;
 960                                 husb->isoc_out_ep = isoc_out_ep;
 961                         }
 962                 }
 963         }
 964 #endif
 965
 966         rwlock_init(&husb->completion_lock);
 967
 968         for (i = 0; i < 4; i++) {
 969                 skb_queue_head_init(&husb->transmit_q[i]);
 970                 _urb_queue_init(&husb->pending_q[i]);
 971                 _urb_queue_init(&husb->completed_q[i]);
 972         }
 973
 974         /* Initialize and register HCI device */
 975         hdev = hci_alloc_dev();
 976         if (!hdev) {
 977                 BT_ERR("Can't allocate HCI device");
 978                 goto probe_error;
 979         }
 980
 981         husb->hdev = hdev;
 982
 983         hdev->type = HCI_USB;
 984         hdev->driver_data = husb;
 985         SET_HCIDEV_DEV(hdev, &intf->dev);
 986
 987         hdev->open     = hci_usb_open;
 988         hdev->close    = hci_usb_close;
 989         hdev->flush    = hci_usb_flush;
 990         hdev->send     = hci_usb_send_frame;
 991         hdev->destruct = hci_usb_destruct;
 992         hdev->notify   = hci_usb_notify;
 993
 994         hdev->owner = THIS_MODULE;
 995
 996         if (reset || id->driver_info & HCI_RESET)
 997                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
 998
 999         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
1000                 if (!disable_scofix)
1001                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1002         }
1003
1004         if (id->driver_info & HCI_SNIFFER) {
1005                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1006                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1007         }
1008
1009         if (id->driver_info & HCI_BCM92035) {
1010                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1011                 struct sk_buff *skb;
1012
1013                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1014                 if (skb) {
1015                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1016                         skb_queue_tail(&hdev->driver_init, skb);
1017                 }
1018         }
1019
1020         if (hci_register_dev(hdev) < 0) {
1021                 BT_ERR("Can't register HCI device");
1022                 hci_free_dev(hdev);
1023                 goto probe_error;
1024         }
1025
1026         usb_set_intfdata(intf, husb);
1027         return 0;
1028
1029 probe_error:
1030         if (husb->isoc_iface)
1031                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1032         kfree(husb);
1033
1034 done:
1035         return -EIO;
1036 }
1037
1038 static void hci_usb_disconnect(struct usb_interface *intf)
1039 {
1040         struct hci_usb *husb = usb_get_intfdata(intf);
1041         struct hci_dev *hdev;
1042
1043         if (!husb || intf == husb->isoc_iface)
1044                 return;
1045
1046         usb_set_intfdata(intf, NULL);
1047         hdev = husb->hdev;
1048
1049         BT_DBG("%s", hdev->name);
1050
1051         hci_usb_close(hdev);
1052
1053         if (husb->isoc_iface)
1054                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1055
1056         if (hci_unregister_dev(hdev) < 0)
1057                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1058
1059         hci_free_dev(hdev);
1060 }
1061
1062 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1063 {
1064         struct hci_usb *husb = usb_get_intfdata(intf);
1065         struct list_head killed;
1066         unsigned long flags;
1067         int i;
1068
1069         if (!husb || intf == husb->isoc_iface)
1070                 return 0;
1071
1072         hci_suspend_dev(husb->hdev);
1073
1074         INIT_LIST_HEAD(&killed);
1075
1076         for (i = 0; i < 4; i++) {
1077                 struct _urb_queue *q = &husb->pending_q[i];
1078                 struct _urb *_urb, *_tmp;
1079
1080                 while ((_urb = _urb_dequeue(q))) {
1081                         /* reset queue since _urb_dequeue sets it to NULL */
1082                         _urb->queue = q;
1083                         usb_kill_urb(&_urb->urb);
1084                         list_add(&_urb->list, &killed);
1085                 }
1086
1087                 spin_lock_irqsave(&q->lock, flags);
1088
1089                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1090                         list_move_tail(&_urb->list, &q->head);
1091                 }
1092
1093                 spin_unlock_irqrestore(&q->lock, flags);
1094         }
1095
1096         return 0;
1097 }
1098
1099 static int hci_usb_resume(struct usb_interface *intf)
1100 {
1101         struct hci_usb *husb = usb_get_intfdata(intf);
1102         unsigned long flags;
1103         int i, err = 0;
1104
1105         if (!husb || intf == husb->isoc_iface)
1106                 return 0;
1107
1108         for (i = 0; i < 4; i++) {
1109                 struct _urb_queue *q = &husb->pending_q[i];
1110                 struct _urb *_urb;
1111
1112                 spin_lock_irqsave(&q->lock, flags);
1113
1114                 list_for_each_entry(_urb, &q->head, list) {
1115                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1116                         if (err)
1117                                 break;
1118                 }
1119
1120                 spin_unlock_irqrestore(&q->lock, flags);
1121
1122                 if (err)
1123                         return -EIO;
1124         }
1125
1126         hci_resume_dev(husb->hdev);
1127
1128         return 0;
1129 }
1130
1131 static struct usb_driver hci_usb_driver = {
1132         .name           = "hci_usb",
1133         .probe          = hci_usb_probe,
1134         .disconnect     = hci_usb_disconnect,
1135         .suspend        = hci_usb_suspend,
1136         .resume         = hci_usb_resume,
1137         .id_table       = bluetooth_ids,
1138 };
1139
1140 static int __init hci_usb_init(void)
1141 {
1142         int err;
1143
1144         BT_INFO("HCI USB driver ver %s", VERSION);
1145
1146         if ((err = usb_register(&hci_usb_driver)) < 0)
1147                 BT_ERR("Failed to register HCI USB driver");
1148
1149         return err;
1150 }
1151
1152 static void __exit hci_usb_exit(void)
1153 {
1154         usb_deregister(&hci_usb_driver);
1155 }
1156
1157 module_init(hci_usb_init);
1158 module_exit(hci_usb_exit);
1159
1160 module_param(ignore, bool, 0644);
1161 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1162
1163 module_param(ignore_dga, bool, 0644);
1164 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1165
1166 module_param(ignore_csr, bool, 0644);
1167 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1168
1169 module_param(ignore_sniffer, bool, 0644);
1170 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1171
1172 module_param(disable_scofix, bool, 0644);
1173 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1174
1175 module_param(force_scofix, bool, 0644);
1176 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1177
1178 module_param(reset, bool, 0644);
1179 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1180
1181 #ifdef CONFIG_BT_HCIUSB_SCO
1182 module_param(isoc, int, 0644);
1183 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1184 #endif
1185
1186 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1187 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1188 MODULE_VERSION(VERSION);
1189 MODULE_LICENSE("GPL");