]>
Commit | Line | Data |
---|---|---|
5e23b923 MH |
1 | /* |
2 | * | |
3 | * Generic Bluetooth USB driver | |
4 | * | |
9bfa35fe | 5 | * Copyright (C) 2005-2008 Marcel Holtmann <marcel@holtmann.org> |
5e23b923 MH |
6 | * |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation; either version 2 of the License, or | |
11 | * (at your option) any later version. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
21 | * | |
22 | */ | |
23 | ||
5e23b923 | 24 | #include <linux/module.h> |
5e23b923 | 25 | #include <linux/usb.h> |
dffd30ee | 26 | #include <linux/firmware.h> |
5e23b923 MH |
27 | |
28 | #include <net/bluetooth/bluetooth.h> | |
29 | #include <net/bluetooth/hci_core.h> | |
30 | ||
cda0dd78 | 31 | #define VERSION "0.7" |
cfeb4145 | 32 | |
90ab5ee9 RR |
33 | static bool disable_scofix; |
34 | static bool force_scofix; | |
7a9d4020 | 35 | |
90ab5ee9 | 36 | static bool reset = 1; |
cfeb4145 MH |
37 | |
38 | static struct usb_driver btusb_driver; | |
39 | ||
40 | #define BTUSB_IGNORE 0x01 | |
7a9d4020 MH |
41 | #define BTUSB_DIGIANSWER 0x02 |
42 | #define BTUSB_CSR 0x04 | |
43 | #define BTUSB_SNIFFER 0x08 | |
44 | #define BTUSB_BCM92035 0x10 | |
45 | #define BTUSB_BROKEN_ISOC 0x20 | |
46 | #define BTUSB_WRONG_SCO_MTU 0x40 | |
2d25f8b4 | 47 | #define BTUSB_ATH3012 0x80 |
dffd30ee | 48 | #define BTUSB_INTEL 0x100 |
40df783d MH |
49 | #define BTUSB_INTEL_BOOT 0x200 |
50 | #define BTUSB_BCM_PATCHRAM 0x400 | |
ae8df494 | 51 | #define BTUSB_MARVELL 0x800 |
4fcef8ed | 52 | #define BTUSB_SWAVE 0x1000 |
cda0dd78 | 53 | #define BTUSB_INTEL_NEW 0x2000 |
893ba544 | 54 | #define BTUSB_AMP 0x4000 |
3267c884 | 55 | #define BTUSB_QCA_ROME 0x8000 |
5e23b923 | 56 | |
54265202 | 57 | static const struct usb_device_id btusb_table[] = { |
5e23b923 MH |
58 | /* Generic Bluetooth USB device */ |
59 | { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, | |
60 | ||
893ba544 MH |
61 | /* Generic Bluetooth AMP device */ |
62 | { USB_DEVICE_INFO(0xe0, 0x01, 0x04), .driver_info = BTUSB_AMP }, | |
63 | ||
1fa6535f HR |
64 | /* Apple-specific (Broadcom) devices */ |
65 | { USB_VENDOR_AND_INTERFACE_INFO(0x05ac, 0xff, 0x01, 0x01) }, | |
66 | ||
178c059e CYC |
67 | /* MediaTek MT76x0E */ |
68 | { USB_DEVICE(0x0e8d, 0x763f) }, | |
69 | ||
c510eae3 | 70 | /* Broadcom SoftSailing reporting vendor specific */ |
2e8b5063 | 71 | { USB_DEVICE(0x0a5c, 0x21e1) }, |
c510eae3 | 72 | |
3cd01976 NI |
73 | /* Apple MacBookPro 7,1 */ |
74 | { USB_DEVICE(0x05ac, 0x8213) }, | |
75 | ||
0a79f674 CL |
76 | /* Apple iMac11,1 */ |
77 | { USB_DEVICE(0x05ac, 0x8215) }, | |
78 | ||
9c047157 NI |
79 | /* Apple MacBookPro6,2 */ |
80 | { USB_DEVICE(0x05ac, 0x8218) }, | |
81 | ||
3e3ede7d EH |
82 | /* Apple MacBookAir3,1, MacBookAir3,2 */ |
83 | { USB_DEVICE(0x05ac, 0x821b) }, | |
84 | ||
a63b723d PAVM |
85 | /* Apple MacBookAir4,1 */ |
86 | { USB_DEVICE(0x05ac, 0x821f) }, | |
87 | ||
88d377b6 MAP |
88 | /* Apple MacBookPro8,2 */ |
89 | { USB_DEVICE(0x05ac, 0x821a) }, | |
90 | ||
f78b6826 JK |
91 | /* Apple MacMini5,1 */ |
92 | { USB_DEVICE(0x05ac, 0x8281) }, | |
93 | ||
cfeb4145 | 94 | /* AVM BlueFRITZ! USB v2.0 */ |
4fcef8ed | 95 | { USB_DEVICE(0x057c, 0x3800), .driver_info = BTUSB_SWAVE }, |
cfeb4145 MH |
96 | |
97 | /* Bluetooth Ultraport Module from IBM */ | |
98 | { USB_DEVICE(0x04bf, 0x030a) }, | |
99 | ||
100 | /* ALPS Modules with non-standard id */ | |
101 | { USB_DEVICE(0x044e, 0x3001) }, | |
102 | { USB_DEVICE(0x044e, 0x3002) }, | |
103 | ||
104 | /* Ericsson with non-standard id */ | |
105 | { USB_DEVICE(0x0bdb, 0x1002) }, | |
106 | ||
107 | /* Canyon CN-BTU1 with HID interfaces */ | |
7a9d4020 | 108 | { USB_DEVICE(0x0c10, 0x0000) }, |
cfeb4145 | 109 | |
d13431ca | 110 | /* Broadcom BCM20702A0 */ |
0b880062 AS |
111 | { USB_DEVICE(0x0489, 0xe042) }, |
112 | { USB_DEVICE(0x04ca, 0x2003) }, | |
1ee3ff61 | 113 | { USB_DEVICE(0x0b05, 0x17b5) }, |
38a172be | 114 | { USB_DEVICE(0x0b05, 0x17cb) }, |
d13431ca | 115 | { USB_DEVICE(0x413c, 0x8197) }, |
a86c02ea F |
116 | { USB_DEVICE(0x13d3, 0x3404), |
117 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
d13431ca | 118 | |
d049f4e5 MH |
119 | /* Broadcom BCM20702B0 (Dynex/Insignia) */ |
120 | { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, | |
121 | ||
98514036 | 122 | /* Foxconn - Hon Hai */ |
6029ddc2 HS |
123 | { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01), |
124 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
98514036 | 125 | |
8f0c304c MD |
126 | /* Lite-On Technology - Broadcom based */ |
127 | { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), | |
128 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
129 | ||
0b880062 | 130 | /* Broadcom devices with vendor specific id */ |
10d4c673 PG |
131 | { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), |
132 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
92c385f4 | 133 | |
c2aef6e8 | 134 | /* ASUSTek Computer - Broadcom based */ |
9a5abdaa RD |
135 | { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), |
136 | .driver_info = BTUSB_BCM_PATCHRAM }, | |
c2aef6e8 | 137 | |
5bcecf32 KB |
138 | /* Belkin F8065bf - Broadcom based */ |
139 | { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, | |
140 | ||
9113bfd8 JK |
141 | /* IMC Networks - Broadcom based */ |
142 | { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, | |
143 | ||
40df783d | 144 | /* Intel Bluetooth USB Bootloader (RAM module) */ |
d92f2df0 MH |
145 | { USB_DEVICE(0x8087, 0x0a5a), |
146 | .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, | |
40df783d | 147 | |
5e23b923 MH |
148 | { } /* Terminating entry */ |
149 | }; | |
150 | ||
151 | MODULE_DEVICE_TABLE(usb, btusb_table); | |
152 | ||
54265202 | 153 | static const struct usb_device_id blacklist_table[] = { |
cfeb4145 MH |
154 | /* CSR BlueCore devices */ |
155 | { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR }, | |
156 | ||
157 | /* Broadcom BCM2033 without firmware */ | |
158 | { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, | |
159 | ||
be93112a | 160 | /* Atheros 3011 with sflash firmware */ |
0b880062 AS |
161 | { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, |
162 | { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, | |
2eeff0b4 | 163 | { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE }, |
0b880062 | 164 | { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, |
be93112a | 165 | { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, |
6eda541d | 166 | { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, |
2a7bcccc | 167 | { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, |
be93112a | 168 | |
509e7861 CYC |
169 | /* Atheros AR9285 Malbec with sflash firmware */ |
170 | { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, | |
171 | ||
d9f51b51 | 172 | /* Atheros 3012 with sflash firmware */ |
0b880062 AS |
173 | { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, |
174 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, | |
175 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, | |
176 | { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, | |
177 | { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, | |
4b552bc9 | 178 | { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
179 | { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
180 | { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, | |
181 | { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, | |
182 | { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, | |
1fb4e09a | 183 | { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
184 | { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, |
185 | { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, | |
134d3b35 | 186 | { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
187 | { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
188 | { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, | |
89d2975f | 189 | { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, |
a735f9e2 | 190 | { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, |
d66629c1 | 191 | { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, |
2d25f8b4 | 192 | { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, |
94a32d10 | 193 | { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, |
07c0ea87 | 194 | { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, |
b131237c | 195 | { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, |
1e56f1eb | 196 | { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 197 | { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, |
ebaf5795 | 198 | { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 199 | { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, |
ac71311e | 200 | { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
0a3658cc | 201 | { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
0b880062 AS |
202 | { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, |
203 | { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, | |
eed307e2 | 204 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
5b77a1f3 | 205 | { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, |
3bb30a7c | 206 | { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
033efa92 | 207 | { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, |
fa2f1394 | 208 | { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
d9f51b51 | 209 | |
e9036e33 CYC |
210 | /* Atheros AR5BBU12 with sflash firmware */ |
211 | { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, | |
212 | ||
85d59726 | 213 | /* Atheros AR5BBU12 with sflash firmware */ |
bc21fde2 | 214 | { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, |
0b880062 | 215 | { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, |
85d59726 | 216 | |
3267c884 KBYT |
217 | /* QCA ROME chipset */ |
218 | { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME}, | |
219 | { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME}, | |
220 | ||
cfeb4145 | 221 | /* Broadcom BCM2035 */ |
7a9d4020 | 222 | { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, |
0b880062 AS |
223 | { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, |
224 | { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 MH |
225 | |
226 | /* Broadcom BCM2045 */ | |
7a9d4020 MH |
227 | { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, |
228 | { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
bdbef3d6 | 229 | |
cfeb4145 | 230 | /* IBM/Lenovo ThinkPad with Broadcom chip */ |
7a9d4020 MH |
231 | { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU }, |
232 | { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 MH |
233 | |
234 | /* HP laptop with Broadcom chip */ | |
7a9d4020 | 235 | { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 MH |
236 | |
237 | /* Dell laptop with Broadcom chip */ | |
7a9d4020 | 238 | { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 | 239 | |
5ddd4a60 | 240 | /* Dell Wireless 370 and 410 devices */ |
7a9d4020 | 241 | { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU }, |
5ddd4a60 | 242 | { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU }, |
cfeb4145 | 243 | |
7a9d4020 MH |
244 | /* Belkin F8T012 and F8T013 devices */ |
245 | { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
246 | { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
cfeb4145 | 247 | |
5ddd4a60 MH |
248 | /* Asus WL-BTD202 device */ |
249 | { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
250 | ||
251 | /* Kensington Bluetooth USB adapter */ | |
252 | { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU }, | |
253 | ||
cfeb4145 MH |
254 | /* RTX Telecom based adapters with buggy SCO support */ |
255 | { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC }, | |
256 | { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC }, | |
257 | ||
258 | /* CONWISE Technology based adapters with buggy SCO support */ | |
259 | { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC }, | |
260 | ||
4fcef8ed MH |
261 | /* Roper Class 1 Bluetooth Dongle (Silicon Wave based) */ |
262 | { USB_DEVICE(0x1300, 0x0001), .driver_info = BTUSB_SWAVE }, | |
263 | ||
cfeb4145 MH |
264 | /* Digianswer devices */ |
265 | { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER }, | |
266 | { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE }, | |
267 | ||
268 | /* CSR BlueCore Bluetooth Sniffer */ | |
4f64fa80 MH |
269 | { USB_DEVICE(0x0a12, 0x0002), |
270 | .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, | |
cfeb4145 MH |
271 | |
272 | /* Frontline ComProbe Bluetooth Sniffer */ | |
4f64fa80 MH |
273 | { USB_DEVICE(0x16d3, 0x0002), |
274 | .driver_info = BTUSB_SNIFFER | BTUSB_BROKEN_ISOC }, | |
cfeb4145 | 275 | |
cb1ee89f MH |
276 | /* Marvell Bluetooth devices */ |
277 | { USB_DEVICE(0x1286, 0x2044), .driver_info = BTUSB_MARVELL }, | |
278 | { USB_DEVICE(0x1286, 0x2046), .driver_info = BTUSB_MARVELL }, | |
279 | ||
d0ac9eb7 | 280 | /* Intel Bluetooth devices */ |
dffd30ee | 281 | { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL }, |
ef4e5e4a | 282 | { USB_DEVICE(0x8087, 0x0a2a), .driver_info = BTUSB_INTEL }, |
cda0dd78 | 283 | { USB_DEVICE(0x8087, 0x0a2b), .driver_info = BTUSB_INTEL_NEW }, |
dffd30ee | 284 | |
d0ac9eb7 MH |
285 | /* Other Intel Bluetooth devices */ |
286 | { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), | |
287 | .driver_info = BTUSB_IGNORE }, | |
ae8df494 | 288 | |
5e23b923 MH |
289 | { } /* Terminating entry */ |
290 | }; | |
291 | ||
9bfa35fe MH |
292 | #define BTUSB_MAX_ISOC_FRAMES 10 |
293 | ||
5e23b923 MH |
294 | #define BTUSB_INTR_RUNNING 0 |
295 | #define BTUSB_BULK_RUNNING 1 | |
9bfa35fe | 296 | #define BTUSB_ISOC_RUNNING 2 |
7bee549e | 297 | #define BTUSB_SUSPENDING 3 |
08b8b6c4 | 298 | #define BTUSB_DID_ISO_RESUME 4 |
cda0dd78 MH |
299 | #define BTUSB_BOOTLOADER 5 |
300 | #define BTUSB_DOWNLOADING 6 | |
ce6bb929 | 301 | #define BTUSB_FIRMWARE_LOADED 7 |
cda0dd78 | 302 | #define BTUSB_FIRMWARE_FAILED 8 |
ce6bb929 | 303 | #define BTUSB_BOOTING 9 |
5e23b923 MH |
304 | |
305 | struct btusb_data { | |
306 | struct hci_dev *hdev; | |
307 | struct usb_device *udev; | |
5fbcd260 | 308 | struct usb_interface *intf; |
9bfa35fe | 309 | struct usb_interface *isoc; |
5e23b923 | 310 | |
5e23b923 MH |
311 | unsigned long flags; |
312 | ||
313 | struct work_struct work; | |
7bee549e | 314 | struct work_struct waker; |
5e23b923 | 315 | |
803b5836 | 316 | struct usb_anchor deferred; |
5e23b923 | 317 | struct usb_anchor tx_anchor; |
803b5836 MH |
318 | int tx_in_flight; |
319 | spinlock_t txlock; | |
320 | ||
5e23b923 MH |
321 | struct usb_anchor intr_anchor; |
322 | struct usb_anchor bulk_anchor; | |
9bfa35fe | 323 | struct usb_anchor isoc_anchor; |
803b5836 MH |
324 | spinlock_t rxlock; |
325 | ||
326 | struct sk_buff *evt_skb; | |
327 | struct sk_buff *acl_skb; | |
328 | struct sk_buff *sco_skb; | |
5e23b923 MH |
329 | |
330 | struct usb_endpoint_descriptor *intr_ep; | |
331 | struct usb_endpoint_descriptor *bulk_tx_ep; | |
332 | struct usb_endpoint_descriptor *bulk_rx_ep; | |
9bfa35fe MH |
333 | struct usb_endpoint_descriptor *isoc_tx_ep; |
334 | struct usb_endpoint_descriptor *isoc_rx_ep; | |
335 | ||
7a9d4020 | 336 | __u8 cmdreq_type; |
893ba544 | 337 | __u8 cmdreq; |
7a9d4020 | 338 | |
43c2e57f | 339 | unsigned int sco_num; |
9bfa35fe | 340 | int isoc_altsetting; |
6a88adf2 | 341 | int suspend_count; |
2cbd3f5c | 342 | |
97307f51 | 343 | int (*recv_event)(struct hci_dev *hdev, struct sk_buff *skb); |
2cbd3f5c | 344 | int (*recv_bulk)(struct btusb_data *data, void *buffer, int count); |
ace31982 KBYT |
345 | |
346 | int (*setup_on_usb)(struct hci_dev *hdev); | |
5e23b923 MH |
347 | }; |
348 | ||
803b5836 MH |
349 | static inline void btusb_free_frags(struct btusb_data *data) |
350 | { | |
351 | unsigned long flags; | |
352 | ||
353 | spin_lock_irqsave(&data->rxlock, flags); | |
354 | ||
355 | kfree_skb(data->evt_skb); | |
356 | data->evt_skb = NULL; | |
357 | ||
358 | kfree_skb(data->acl_skb); | |
359 | data->acl_skb = NULL; | |
360 | ||
361 | kfree_skb(data->sco_skb); | |
362 | data->sco_skb = NULL; | |
363 | ||
364 | spin_unlock_irqrestore(&data->rxlock, flags); | |
365 | } | |
366 | ||
1ffa4ad0 MH |
367 | static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) |
368 | { | |
803b5836 MH |
369 | struct sk_buff *skb; |
370 | int err = 0; | |
371 | ||
372 | spin_lock(&data->rxlock); | |
373 | skb = data->evt_skb; | |
374 | ||
375 | while (count) { | |
376 | int len; | |
377 | ||
378 | if (!skb) { | |
379 | skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE, GFP_ATOMIC); | |
380 | if (!skb) { | |
381 | err = -ENOMEM; | |
382 | break; | |
383 | } | |
384 | ||
385 | bt_cb(skb)->pkt_type = HCI_EVENT_PKT; | |
386 | bt_cb(skb)->expect = HCI_EVENT_HDR_SIZE; | |
387 | } | |
388 | ||
389 | len = min_t(uint, bt_cb(skb)->expect, count); | |
390 | memcpy(skb_put(skb, len), buffer, len); | |
391 | ||
392 | count -= len; | |
393 | buffer += len; | |
394 | bt_cb(skb)->expect -= len; | |
395 | ||
396 | if (skb->len == HCI_EVENT_HDR_SIZE) { | |
397 | /* Complete event header */ | |
398 | bt_cb(skb)->expect = hci_event_hdr(skb)->plen; | |
399 | ||
400 | if (skb_tailroom(skb) < bt_cb(skb)->expect) { | |
401 | kfree_skb(skb); | |
402 | skb = NULL; | |
403 | ||
404 | err = -EILSEQ; | |
405 | break; | |
406 | } | |
407 | } | |
408 | ||
409 | if (bt_cb(skb)->expect == 0) { | |
410 | /* Complete frame */ | |
97307f51 | 411 | data->recv_event(data->hdev, skb); |
803b5836 MH |
412 | skb = NULL; |
413 | } | |
414 | } | |
415 | ||
416 | data->evt_skb = skb; | |
417 | spin_unlock(&data->rxlock); | |
418 | ||
419 | return err; | |
1ffa4ad0 MH |
420 | } |
421 | ||
422 | static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) | |
423 | { | |
803b5836 MH |
424 | struct sk_buff *skb; |
425 | int err = 0; | |
426 | ||
427 | spin_lock(&data->rxlock); | |
428 | skb = data->acl_skb; | |
429 | ||
430 | while (count) { | |
431 | int len; | |
432 | ||
433 | if (!skb) { | |
434 | skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); | |
435 | if (!skb) { | |
436 | err = -ENOMEM; | |
437 | break; | |
438 | } | |
439 | ||
440 | bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; | |
441 | bt_cb(skb)->expect = HCI_ACL_HDR_SIZE; | |
442 | } | |
443 | ||
444 | len = min_t(uint, bt_cb(skb)->expect, count); | |
445 | memcpy(skb_put(skb, len), buffer, len); | |
446 | ||
447 | count -= len; | |
448 | buffer += len; | |
449 | bt_cb(skb)->expect -= len; | |
450 | ||
451 | if (skb->len == HCI_ACL_HDR_SIZE) { | |
452 | __le16 dlen = hci_acl_hdr(skb)->dlen; | |
453 | ||
454 | /* Complete ACL header */ | |
455 | bt_cb(skb)->expect = __le16_to_cpu(dlen); | |
456 | ||
457 | if (skb_tailroom(skb) < bt_cb(skb)->expect) { | |
458 | kfree_skb(skb); | |
459 | skb = NULL; | |
460 | ||
461 | err = -EILSEQ; | |
462 | break; | |
463 | } | |
464 | } | |
465 | ||
466 | if (bt_cb(skb)->expect == 0) { | |
467 | /* Complete frame */ | |
468 | hci_recv_frame(data->hdev, skb); | |
469 | skb = NULL; | |
470 | } | |
471 | } | |
472 | ||
473 | data->acl_skb = skb; | |
474 | spin_unlock(&data->rxlock); | |
475 | ||
476 | return err; | |
1ffa4ad0 MH |
477 | } |
478 | ||
479 | static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) | |
480 | { | |
803b5836 MH |
481 | struct sk_buff *skb; |
482 | int err = 0; | |
483 | ||
484 | spin_lock(&data->rxlock); | |
485 | skb = data->sco_skb; | |
486 | ||
487 | while (count) { | |
488 | int len; | |
489 | ||
490 | if (!skb) { | |
491 | skb = bt_skb_alloc(HCI_MAX_SCO_SIZE, GFP_ATOMIC); | |
492 | if (!skb) { | |
493 | err = -ENOMEM; | |
494 | break; | |
495 | } | |
496 | ||
497 | bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; | |
498 | bt_cb(skb)->expect = HCI_SCO_HDR_SIZE; | |
499 | } | |
500 | ||
501 | len = min_t(uint, bt_cb(skb)->expect, count); | |
502 | memcpy(skb_put(skb, len), buffer, len); | |
503 | ||
504 | count -= len; | |
505 | buffer += len; | |
506 | bt_cb(skb)->expect -= len; | |
507 | ||
508 | if (skb->len == HCI_SCO_HDR_SIZE) { | |
509 | /* Complete SCO header */ | |
510 | bt_cb(skb)->expect = hci_sco_hdr(skb)->dlen; | |
511 | ||
512 | if (skb_tailroom(skb) < bt_cb(skb)->expect) { | |
513 | kfree_skb(skb); | |
514 | skb = NULL; | |
515 | ||
516 | err = -EILSEQ; | |
517 | break; | |
518 | } | |
519 | } | |
520 | ||
521 | if (bt_cb(skb)->expect == 0) { | |
522 | /* Complete frame */ | |
523 | hci_recv_frame(data->hdev, skb); | |
524 | skb = NULL; | |
525 | } | |
526 | } | |
527 | ||
528 | data->sco_skb = skb; | |
529 | spin_unlock(&data->rxlock); | |
530 | ||
531 | return err; | |
1ffa4ad0 MH |
532 | } |
533 | ||
5e23b923 MH |
534 | static void btusb_intr_complete(struct urb *urb) |
535 | { | |
536 | struct hci_dev *hdev = urb->context; | |
155961e8 | 537 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
538 | int err; |
539 | ||
89e7533d MH |
540 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
541 | urb->actual_length); | |
5e23b923 MH |
542 | |
543 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
544 | return; | |
545 | ||
546 | if (urb->status == 0) { | |
9bfa35fe MH |
547 | hdev->stat.byte_rx += urb->actual_length; |
548 | ||
1ffa4ad0 MH |
549 | if (btusb_recv_intr(data, urb->transfer_buffer, |
550 | urb->actual_length) < 0) { | |
5e23b923 MH |
551 | BT_ERR("%s corrupted event packet", hdev->name); |
552 | hdev->stat.err_rx++; | |
553 | } | |
85560c4a CC |
554 | } else if (urb->status == -ENOENT) { |
555 | /* Avoid suspend failed when usb_kill_urb */ | |
556 | return; | |
5e23b923 MH |
557 | } |
558 | ||
559 | if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) | |
560 | return; | |
561 | ||
7bee549e | 562 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
563 | usb_anchor_urb(urb, &data->intr_anchor); |
564 | ||
565 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
566 | if (err < 0) { | |
4935f1c1 PB |
567 | /* -EPERM: urb is being killed; |
568 | * -ENODEV: device got disconnected */ | |
569 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 570 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 571 | hdev->name, urb, -err); |
5e23b923 MH |
572 | usb_unanchor_urb(urb); |
573 | } | |
574 | } | |
575 | ||
2eda66f4 | 576 | static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags) |
5e23b923 | 577 | { |
155961e8 | 578 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
579 | struct urb *urb; |
580 | unsigned char *buf; | |
581 | unsigned int pipe; | |
582 | int err, size; | |
583 | ||
584 | BT_DBG("%s", hdev->name); | |
585 | ||
9bfa35fe MH |
586 | if (!data->intr_ep) |
587 | return -ENODEV; | |
588 | ||
2eda66f4 | 589 | urb = usb_alloc_urb(0, mem_flags); |
5e23b923 MH |
590 | if (!urb) |
591 | return -ENOMEM; | |
592 | ||
593 | size = le16_to_cpu(data->intr_ep->wMaxPacketSize); | |
594 | ||
2eda66f4 | 595 | buf = kmalloc(size, mem_flags); |
5e23b923 MH |
596 | if (!buf) { |
597 | usb_free_urb(urb); | |
598 | return -ENOMEM; | |
599 | } | |
600 | ||
601 | pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress); | |
602 | ||
603 | usb_fill_int_urb(urb, data->udev, pipe, buf, size, | |
89e7533d | 604 | btusb_intr_complete, hdev, data->intr_ep->bInterval); |
5e23b923 MH |
605 | |
606 | urb->transfer_flags |= URB_FREE_BUFFER; | |
607 | ||
608 | usb_anchor_urb(urb, &data->intr_anchor); | |
609 | ||
2eda66f4 | 610 | err = usb_submit_urb(urb, mem_flags); |
5e23b923 | 611 | if (err < 0) { |
d4b8d1c9 PB |
612 | if (err != -EPERM && err != -ENODEV) |
613 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 614 | hdev->name, urb, -err); |
5e23b923 | 615 | usb_unanchor_urb(urb); |
5e23b923 MH |
616 | } |
617 | ||
618 | usb_free_urb(urb); | |
619 | ||
620 | return err; | |
621 | } | |
622 | ||
623 | static void btusb_bulk_complete(struct urb *urb) | |
624 | { | |
625 | struct hci_dev *hdev = urb->context; | |
155961e8 | 626 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
627 | int err; |
628 | ||
89e7533d MH |
629 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
630 | urb->actual_length); | |
5e23b923 MH |
631 | |
632 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
633 | return; | |
634 | ||
635 | if (urb->status == 0) { | |
9bfa35fe MH |
636 | hdev->stat.byte_rx += urb->actual_length; |
637 | ||
2cbd3f5c | 638 | if (data->recv_bulk(data, urb->transfer_buffer, |
1ffa4ad0 | 639 | urb->actual_length) < 0) { |
5e23b923 MH |
640 | BT_ERR("%s corrupted ACL packet", hdev->name); |
641 | hdev->stat.err_rx++; | |
642 | } | |
85560c4a CC |
643 | } else if (urb->status == -ENOENT) { |
644 | /* Avoid suspend failed when usb_kill_urb */ | |
645 | return; | |
5e23b923 MH |
646 | } |
647 | ||
648 | if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) | |
649 | return; | |
650 | ||
651 | usb_anchor_urb(urb, &data->bulk_anchor); | |
652fd781 | 652 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
653 | |
654 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
655 | if (err < 0) { | |
4935f1c1 PB |
656 | /* -EPERM: urb is being killed; |
657 | * -ENODEV: device got disconnected */ | |
658 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 659 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 660 | hdev->name, urb, -err); |
5e23b923 MH |
661 | usb_unanchor_urb(urb); |
662 | } | |
663 | } | |
664 | ||
2eda66f4 | 665 | static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags) |
5e23b923 | 666 | { |
155961e8 | 667 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
668 | struct urb *urb; |
669 | unsigned char *buf; | |
670 | unsigned int pipe; | |
290ba200 | 671 | int err, size = HCI_MAX_FRAME_SIZE; |
5e23b923 MH |
672 | |
673 | BT_DBG("%s", hdev->name); | |
674 | ||
9bfa35fe MH |
675 | if (!data->bulk_rx_ep) |
676 | return -ENODEV; | |
677 | ||
2eda66f4 | 678 | urb = usb_alloc_urb(0, mem_flags); |
5e23b923 MH |
679 | if (!urb) |
680 | return -ENOMEM; | |
681 | ||
2eda66f4 | 682 | buf = kmalloc(size, mem_flags); |
5e23b923 MH |
683 | if (!buf) { |
684 | usb_free_urb(urb); | |
685 | return -ENOMEM; | |
686 | } | |
687 | ||
688 | pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress); | |
689 | ||
89e7533d MH |
690 | usb_fill_bulk_urb(urb, data->udev, pipe, buf, size, |
691 | btusb_bulk_complete, hdev); | |
5e23b923 MH |
692 | |
693 | urb->transfer_flags |= URB_FREE_BUFFER; | |
694 | ||
7bee549e | 695 | usb_mark_last_busy(data->udev); |
5e23b923 MH |
696 | usb_anchor_urb(urb, &data->bulk_anchor); |
697 | ||
2eda66f4 | 698 | err = usb_submit_urb(urb, mem_flags); |
5e23b923 | 699 | if (err < 0) { |
d4b8d1c9 PB |
700 | if (err != -EPERM && err != -ENODEV) |
701 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 702 | hdev->name, urb, -err); |
5e23b923 | 703 | usb_unanchor_urb(urb); |
5e23b923 MH |
704 | } |
705 | ||
706 | usb_free_urb(urb); | |
707 | ||
708 | return err; | |
709 | } | |
710 | ||
9bfa35fe MH |
711 | static void btusb_isoc_complete(struct urb *urb) |
712 | { | |
713 | struct hci_dev *hdev = urb->context; | |
155961e8 | 714 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
715 | int i, err; |
716 | ||
89e7533d MH |
717 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
718 | urb->actual_length); | |
9bfa35fe MH |
719 | |
720 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
721 | return; | |
722 | ||
723 | if (urb->status == 0) { | |
724 | for (i = 0; i < urb->number_of_packets; i++) { | |
725 | unsigned int offset = urb->iso_frame_desc[i].offset; | |
726 | unsigned int length = urb->iso_frame_desc[i].actual_length; | |
727 | ||
728 | if (urb->iso_frame_desc[i].status) | |
729 | continue; | |
730 | ||
731 | hdev->stat.byte_rx += length; | |
732 | ||
1ffa4ad0 MH |
733 | if (btusb_recv_isoc(data, urb->transfer_buffer + offset, |
734 | length) < 0) { | |
9bfa35fe MH |
735 | BT_ERR("%s corrupted SCO packet", hdev->name); |
736 | hdev->stat.err_rx++; | |
737 | } | |
738 | } | |
85560c4a CC |
739 | } else if (urb->status == -ENOENT) { |
740 | /* Avoid suspend failed when usb_kill_urb */ | |
741 | return; | |
9bfa35fe MH |
742 | } |
743 | ||
744 | if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) | |
745 | return; | |
746 | ||
747 | usb_anchor_urb(urb, &data->isoc_anchor); | |
748 | ||
749 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
750 | if (err < 0) { | |
4935f1c1 PB |
751 | /* -EPERM: urb is being killed; |
752 | * -ENODEV: device got disconnected */ | |
753 | if (err != -EPERM && err != -ENODEV) | |
61faddf6 | 754 | BT_ERR("%s urb %p failed to resubmit (%d)", |
89e7533d | 755 | hdev->name, urb, -err); |
9bfa35fe MH |
756 | usb_unanchor_urb(urb); |
757 | } | |
758 | } | |
759 | ||
42b16b3f | 760 | static inline void __fill_isoc_descriptor(struct urb *urb, int len, int mtu) |
9bfa35fe MH |
761 | { |
762 | int i, offset = 0; | |
763 | ||
764 | BT_DBG("len %d mtu %d", len, mtu); | |
765 | ||
766 | for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu; | |
767 | i++, offset += mtu, len -= mtu) { | |
768 | urb->iso_frame_desc[i].offset = offset; | |
769 | urb->iso_frame_desc[i].length = mtu; | |
770 | } | |
771 | ||
772 | if (len && i < BTUSB_MAX_ISOC_FRAMES) { | |
773 | urb->iso_frame_desc[i].offset = offset; | |
774 | urb->iso_frame_desc[i].length = len; | |
775 | i++; | |
776 | } | |
777 | ||
778 | urb->number_of_packets = i; | |
779 | } | |
780 | ||
2eda66f4 | 781 | static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags) |
9bfa35fe | 782 | { |
155961e8 | 783 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
784 | struct urb *urb; |
785 | unsigned char *buf; | |
786 | unsigned int pipe; | |
787 | int err, size; | |
788 | ||
789 | BT_DBG("%s", hdev->name); | |
790 | ||
791 | if (!data->isoc_rx_ep) | |
792 | return -ENODEV; | |
793 | ||
2eda66f4 | 794 | urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags); |
9bfa35fe MH |
795 | if (!urb) |
796 | return -ENOMEM; | |
797 | ||
798 | size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) * | |
799 | BTUSB_MAX_ISOC_FRAMES; | |
800 | ||
2eda66f4 | 801 | buf = kmalloc(size, mem_flags); |
9bfa35fe MH |
802 | if (!buf) { |
803 | usb_free_urb(urb); | |
804 | return -ENOMEM; | |
805 | } | |
806 | ||
807 | pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress); | |
808 | ||
fa0fb93f | 809 | usb_fill_int_urb(urb, data->udev, pipe, buf, size, btusb_isoc_complete, |
89e7533d | 810 | hdev, data->isoc_rx_ep->bInterval); |
9bfa35fe | 811 | |
89e7533d | 812 | urb->transfer_flags = URB_FREE_BUFFER | URB_ISO_ASAP; |
9bfa35fe MH |
813 | |
814 | __fill_isoc_descriptor(urb, size, | |
89e7533d | 815 | le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize)); |
9bfa35fe MH |
816 | |
817 | usb_anchor_urb(urb, &data->isoc_anchor); | |
818 | ||
2eda66f4 | 819 | err = usb_submit_urb(urb, mem_flags); |
9bfa35fe | 820 | if (err < 0) { |
d4b8d1c9 PB |
821 | if (err != -EPERM && err != -ENODEV) |
822 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 823 | hdev->name, urb, -err); |
9bfa35fe | 824 | usb_unanchor_urb(urb); |
9bfa35fe MH |
825 | } |
826 | ||
827 | usb_free_urb(urb); | |
828 | ||
829 | return err; | |
830 | } | |
831 | ||
5e23b923 | 832 | static void btusb_tx_complete(struct urb *urb) |
7bee549e ON |
833 | { |
834 | struct sk_buff *skb = urb->context; | |
89e7533d | 835 | struct hci_dev *hdev = (struct hci_dev *)skb->dev; |
155961e8 | 836 | struct btusb_data *data = hci_get_drvdata(hdev); |
7bee549e | 837 | |
89e7533d MH |
838 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
839 | urb->actual_length); | |
7bee549e ON |
840 | |
841 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
842 | goto done; | |
843 | ||
844 | if (!urb->status) | |
845 | hdev->stat.byte_tx += urb->transfer_buffer_length; | |
846 | else | |
847 | hdev->stat.err_tx++; | |
848 | ||
849 | done: | |
850 | spin_lock(&data->txlock); | |
851 | data->tx_in_flight--; | |
852 | spin_unlock(&data->txlock); | |
853 | ||
854 | kfree(urb->setup_packet); | |
855 | ||
856 | kfree_skb(skb); | |
857 | } | |
858 | ||
859 | static void btusb_isoc_tx_complete(struct urb *urb) | |
5e23b923 MH |
860 | { |
861 | struct sk_buff *skb = urb->context; | |
89e7533d | 862 | struct hci_dev *hdev = (struct hci_dev *)skb->dev; |
5e23b923 | 863 | |
89e7533d MH |
864 | BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, |
865 | urb->actual_length); | |
5e23b923 MH |
866 | |
867 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
868 | goto done; | |
869 | ||
870 | if (!urb->status) | |
871 | hdev->stat.byte_tx += urb->transfer_buffer_length; | |
872 | else | |
873 | hdev->stat.err_tx++; | |
874 | ||
875 | done: | |
876 | kfree(urb->setup_packet); | |
877 | ||
878 | kfree_skb(skb); | |
879 | } | |
880 | ||
881 | static int btusb_open(struct hci_dev *hdev) | |
882 | { | |
155961e8 | 883 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
884 | int err; |
885 | ||
886 | BT_DBG("%s", hdev->name); | |
887 | ||
ace31982 KBYT |
888 | /* Patching USB firmware files prior to starting any URBs of HCI path |
889 | * It is more safe to use USB bulk channel for downloading USB patch | |
890 | */ | |
891 | if (data->setup_on_usb) { | |
892 | err = data->setup_on_usb(hdev); | |
893 | if (err <0) | |
894 | return err; | |
895 | } | |
896 | ||
7bee549e ON |
897 | err = usb_autopm_get_interface(data->intf); |
898 | if (err < 0) | |
899 | return err; | |
900 | ||
901 | data->intf->needs_remote_wakeup = 1; | |
902 | ||
5e23b923 | 903 | if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) |
7bee549e | 904 | goto done; |
5e23b923 MH |
905 | |
906 | if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) | |
7bee549e | 907 | goto done; |
5e23b923 | 908 | |
2eda66f4 | 909 | err = btusb_submit_intr_urb(hdev, GFP_KERNEL); |
43c2e57f MH |
910 | if (err < 0) |
911 | goto failed; | |
912 | ||
913 | err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); | |
5e23b923 | 914 | if (err < 0) { |
43c2e57f MH |
915 | usb_kill_anchored_urbs(&data->intr_anchor); |
916 | goto failed; | |
5e23b923 MH |
917 | } |
918 | ||
43c2e57f MH |
919 | set_bit(BTUSB_BULK_RUNNING, &data->flags); |
920 | btusb_submit_bulk_urb(hdev, GFP_KERNEL); | |
921 | ||
7bee549e ON |
922 | done: |
923 | usb_autopm_put_interface(data->intf); | |
43c2e57f MH |
924 | return 0; |
925 | ||
926 | failed: | |
927 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | |
928 | clear_bit(HCI_RUNNING, &hdev->flags); | |
7bee549e | 929 | usb_autopm_put_interface(data->intf); |
5e23b923 MH |
930 | return err; |
931 | } | |
932 | ||
7bee549e ON |
933 | static void btusb_stop_traffic(struct btusb_data *data) |
934 | { | |
935 | usb_kill_anchored_urbs(&data->intr_anchor); | |
936 | usb_kill_anchored_urbs(&data->bulk_anchor); | |
937 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
938 | } | |
939 | ||
5e23b923 MH |
940 | static int btusb_close(struct hci_dev *hdev) |
941 | { | |
155961e8 | 942 | struct btusb_data *data = hci_get_drvdata(hdev); |
7bee549e | 943 | int err; |
5e23b923 MH |
944 | |
945 | BT_DBG("%s", hdev->name); | |
946 | ||
947 | if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) | |
948 | return 0; | |
949 | ||
e8c3c3d2 | 950 | cancel_work_sync(&data->work); |
404291ac | 951 | cancel_work_sync(&data->waker); |
e8c3c3d2 | 952 | |
9bfa35fe | 953 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
5e23b923 | 954 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); |
5e23b923 | 955 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); |
7bee549e ON |
956 | |
957 | btusb_stop_traffic(data); | |
803b5836 MH |
958 | btusb_free_frags(data); |
959 | ||
7bee549e ON |
960 | err = usb_autopm_get_interface(data->intf); |
961 | if (err < 0) | |
7b8e2c1d | 962 | goto failed; |
7bee549e ON |
963 | |
964 | data->intf->needs_remote_wakeup = 0; | |
965 | usb_autopm_put_interface(data->intf); | |
5e23b923 | 966 | |
7b8e2c1d ON |
967 | failed: |
968 | usb_scuttle_anchored_urbs(&data->deferred); | |
5e23b923 MH |
969 | return 0; |
970 | } | |
971 | ||
972 | static int btusb_flush(struct hci_dev *hdev) | |
973 | { | |
155961e8 | 974 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
975 | |
976 | BT_DBG("%s", hdev->name); | |
977 | ||
978 | usb_kill_anchored_urbs(&data->tx_anchor); | |
803b5836 | 979 | btusb_free_frags(data); |
5e23b923 MH |
980 | |
981 | return 0; | |
982 | } | |
983 | ||
047b2ec8 | 984 | static struct urb *alloc_ctrl_urb(struct hci_dev *hdev, struct sk_buff *skb) |
5e23b923 | 985 | { |
155961e8 | 986 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
987 | struct usb_ctrlrequest *dr; |
988 | struct urb *urb; | |
989 | unsigned int pipe; | |
5e23b923 | 990 | |
047b2ec8 MH |
991 | urb = usb_alloc_urb(0, GFP_KERNEL); |
992 | if (!urb) | |
993 | return ERR_PTR(-ENOMEM); | |
5e23b923 | 994 | |
047b2ec8 MH |
995 | dr = kmalloc(sizeof(*dr), GFP_KERNEL); |
996 | if (!dr) { | |
997 | usb_free_urb(urb); | |
998 | return ERR_PTR(-ENOMEM); | |
999 | } | |
5e23b923 | 1000 | |
047b2ec8 | 1001 | dr->bRequestType = data->cmdreq_type; |
893ba544 | 1002 | dr->bRequest = data->cmdreq; |
047b2ec8 MH |
1003 | dr->wIndex = 0; |
1004 | dr->wValue = 0; | |
1005 | dr->wLength = __cpu_to_le16(skb->len); | |
7bd8f09f | 1006 | |
047b2ec8 | 1007 | pipe = usb_sndctrlpipe(data->udev, 0x00); |
5e23b923 | 1008 | |
89e7533d | 1009 | usb_fill_control_urb(urb, data->udev, pipe, (void *)dr, |
047b2ec8 | 1010 | skb->data, skb->len, btusb_tx_complete, skb); |
5e23b923 | 1011 | |
89e7533d | 1012 | skb->dev = (void *)hdev; |
5e23b923 | 1013 | |
047b2ec8 MH |
1014 | return urb; |
1015 | } | |
5e23b923 | 1016 | |
047b2ec8 MH |
1017 | static struct urb *alloc_bulk_urb(struct hci_dev *hdev, struct sk_buff *skb) |
1018 | { | |
1019 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1020 | struct urb *urb; | |
1021 | unsigned int pipe; | |
5e23b923 | 1022 | |
047b2ec8 MH |
1023 | if (!data->bulk_tx_ep) |
1024 | return ERR_PTR(-ENODEV); | |
9bfa35fe | 1025 | |
047b2ec8 MH |
1026 | urb = usb_alloc_urb(0, GFP_KERNEL); |
1027 | if (!urb) | |
1028 | return ERR_PTR(-ENOMEM); | |
5e23b923 | 1029 | |
047b2ec8 | 1030 | pipe = usb_sndbulkpipe(data->udev, data->bulk_tx_ep->bEndpointAddress); |
5e23b923 | 1031 | |
047b2ec8 MH |
1032 | usb_fill_bulk_urb(urb, data->udev, pipe, |
1033 | skb->data, skb->len, btusb_tx_complete, skb); | |
5e23b923 | 1034 | |
89e7533d | 1035 | skb->dev = (void *)hdev; |
5e23b923 | 1036 | |
047b2ec8 MH |
1037 | return urb; |
1038 | } | |
9bfa35fe | 1039 | |
047b2ec8 MH |
1040 | static struct urb *alloc_isoc_urb(struct hci_dev *hdev, struct sk_buff *skb) |
1041 | { | |
1042 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1043 | struct urb *urb; | |
1044 | unsigned int pipe; | |
9bfa35fe | 1045 | |
047b2ec8 MH |
1046 | if (!data->isoc_tx_ep) |
1047 | return ERR_PTR(-ENODEV); | |
9bfa35fe | 1048 | |
047b2ec8 MH |
1049 | urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_KERNEL); |
1050 | if (!urb) | |
1051 | return ERR_PTR(-ENOMEM); | |
9bfa35fe | 1052 | |
047b2ec8 | 1053 | pipe = usb_sndisocpipe(data->udev, data->isoc_tx_ep->bEndpointAddress); |
9bfa35fe | 1054 | |
047b2ec8 MH |
1055 | usb_fill_int_urb(urb, data->udev, pipe, |
1056 | skb->data, skb->len, btusb_isoc_tx_complete, | |
1057 | skb, data->isoc_tx_ep->bInterval); | |
9bfa35fe | 1058 | |
047b2ec8 | 1059 | urb->transfer_flags = URB_ISO_ASAP; |
5e23b923 | 1060 | |
047b2ec8 MH |
1061 | __fill_isoc_descriptor(urb, skb->len, |
1062 | le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); | |
5e23b923 | 1063 | |
89e7533d | 1064 | skb->dev = (void *)hdev; |
047b2ec8 MH |
1065 | |
1066 | return urb; | |
1067 | } | |
1068 | ||
1069 | static int submit_tx_urb(struct hci_dev *hdev, struct urb *urb) | |
1070 | { | |
1071 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1072 | int err; | |
7bee549e | 1073 | |
5e23b923 MH |
1074 | usb_anchor_urb(urb, &data->tx_anchor); |
1075 | ||
e9753eff | 1076 | err = usb_submit_urb(urb, GFP_KERNEL); |
5e23b923 | 1077 | if (err < 0) { |
5a9b80e2 PB |
1078 | if (err != -EPERM && err != -ENODEV) |
1079 | BT_ERR("%s urb %p submission failed (%d)", | |
89e7533d | 1080 | hdev->name, urb, -err); |
5e23b923 MH |
1081 | kfree(urb->setup_packet); |
1082 | usb_unanchor_urb(urb); | |
7bee549e ON |
1083 | } else { |
1084 | usb_mark_last_busy(data->udev); | |
5e23b923 MH |
1085 | } |
1086 | ||
54a8a79c | 1087 | usb_free_urb(urb); |
5e23b923 MH |
1088 | return err; |
1089 | } | |
1090 | ||
047b2ec8 MH |
1091 | static int submit_or_queue_tx_urb(struct hci_dev *hdev, struct urb *urb) |
1092 | { | |
1093 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1094 | unsigned long flags; | |
1095 | bool suspending; | |
1096 | ||
1097 | spin_lock_irqsave(&data->txlock, flags); | |
1098 | suspending = test_bit(BTUSB_SUSPENDING, &data->flags); | |
1099 | if (!suspending) | |
1100 | data->tx_in_flight++; | |
1101 | spin_unlock_irqrestore(&data->txlock, flags); | |
1102 | ||
1103 | if (!suspending) | |
1104 | return submit_tx_urb(hdev, urb); | |
1105 | ||
1106 | usb_anchor_urb(urb, &data->deferred); | |
1107 | schedule_work(&data->waker); | |
1108 | ||
1109 | usb_free_urb(urb); | |
1110 | return 0; | |
1111 | } | |
1112 | ||
1113 | static int btusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb) | |
1114 | { | |
1115 | struct urb *urb; | |
1116 | ||
1117 | BT_DBG("%s", hdev->name); | |
1118 | ||
1119 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
1120 | return -EBUSY; | |
1121 | ||
1122 | switch (bt_cb(skb)->pkt_type) { | |
1123 | case HCI_COMMAND_PKT: | |
1124 | urb = alloc_ctrl_urb(hdev, skb); | |
1125 | if (IS_ERR(urb)) | |
1126 | return PTR_ERR(urb); | |
1127 | ||
1128 | hdev->stat.cmd_tx++; | |
1129 | return submit_or_queue_tx_urb(hdev, urb); | |
1130 | ||
1131 | case HCI_ACLDATA_PKT: | |
1132 | urb = alloc_bulk_urb(hdev, skb); | |
1133 | if (IS_ERR(urb)) | |
1134 | return PTR_ERR(urb); | |
1135 | ||
1136 | hdev->stat.acl_tx++; | |
1137 | return submit_or_queue_tx_urb(hdev, urb); | |
1138 | ||
1139 | case HCI_SCODATA_PKT: | |
1140 | if (hci_conn_num(hdev, SCO_LINK) < 1) | |
1141 | return -ENODEV; | |
1142 | ||
1143 | urb = alloc_isoc_urb(hdev, skb); | |
1144 | if (IS_ERR(urb)) | |
1145 | return PTR_ERR(urb); | |
1146 | ||
1147 | hdev->stat.sco_tx++; | |
1148 | return submit_tx_urb(hdev, urb); | |
1149 | } | |
1150 | ||
1151 | return -EILSEQ; | |
1152 | } | |
1153 | ||
5e23b923 MH |
1154 | static void btusb_notify(struct hci_dev *hdev, unsigned int evt) |
1155 | { | |
155961e8 | 1156 | struct btusb_data *data = hci_get_drvdata(hdev); |
5e23b923 MH |
1157 | |
1158 | BT_DBG("%s evt %d", hdev->name, evt); | |
1159 | ||
014f7bc7 MH |
1160 | if (hci_conn_num(hdev, SCO_LINK) != data->sco_num) { |
1161 | data->sco_num = hci_conn_num(hdev, SCO_LINK); | |
43c2e57f | 1162 | schedule_work(&data->work); |
a780efa8 | 1163 | } |
5e23b923 MH |
1164 | } |
1165 | ||
42b16b3f | 1166 | static inline int __set_isoc_interface(struct hci_dev *hdev, int altsetting) |
9bfa35fe | 1167 | { |
155961e8 | 1168 | struct btusb_data *data = hci_get_drvdata(hdev); |
9bfa35fe MH |
1169 | struct usb_interface *intf = data->isoc; |
1170 | struct usb_endpoint_descriptor *ep_desc; | |
1171 | int i, err; | |
1172 | ||
1173 | if (!data->isoc) | |
1174 | return -ENODEV; | |
1175 | ||
1176 | err = usb_set_interface(data->udev, 1, altsetting); | |
1177 | if (err < 0) { | |
1178 | BT_ERR("%s setting interface failed (%d)", hdev->name, -err); | |
1179 | return err; | |
1180 | } | |
1181 | ||
1182 | data->isoc_altsetting = altsetting; | |
1183 | ||
1184 | data->isoc_tx_ep = NULL; | |
1185 | data->isoc_rx_ep = NULL; | |
1186 | ||
1187 | for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { | |
1188 | ep_desc = &intf->cur_altsetting->endpoint[i].desc; | |
1189 | ||
1190 | if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) { | |
1191 | data->isoc_tx_ep = ep_desc; | |
1192 | continue; | |
1193 | } | |
1194 | ||
1195 | if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) { | |
1196 | data->isoc_rx_ep = ep_desc; | |
1197 | continue; | |
1198 | } | |
1199 | } | |
1200 | ||
1201 | if (!data->isoc_tx_ep || !data->isoc_rx_ep) { | |
1202 | BT_ERR("%s invalid SCO descriptors", hdev->name); | |
1203 | return -ENODEV; | |
1204 | } | |
1205 | ||
1206 | return 0; | |
1207 | } | |
1208 | ||
5e23b923 MH |
1209 | static void btusb_work(struct work_struct *work) |
1210 | { | |
1211 | struct btusb_data *data = container_of(work, struct btusb_data, work); | |
1212 | struct hci_dev *hdev = data->hdev; | |
f4001d28 | 1213 | int new_alts; |
7bee549e | 1214 | int err; |
5e23b923 | 1215 | |
014f7bc7 | 1216 | if (data->sco_num > 0) { |
08b8b6c4 | 1217 | if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) { |
8efdd0cd | 1218 | err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf); |
7bee549e ON |
1219 | if (err < 0) { |
1220 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
1221 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1222 | return; | |
1223 | } | |
1224 | ||
08b8b6c4 | 1225 | set_bit(BTUSB_DID_ISO_RESUME, &data->flags); |
7bee549e | 1226 | } |
f4001d28 MA |
1227 | |
1228 | if (hdev->voice_setting & 0x0020) { | |
1229 | static const int alts[3] = { 2, 4, 5 }; | |
89e7533d | 1230 | |
014f7bc7 | 1231 | new_alts = alts[data->sco_num - 1]; |
f4001d28 | 1232 | } else { |
014f7bc7 | 1233 | new_alts = data->sco_num; |
f4001d28 MA |
1234 | } |
1235 | ||
1236 | if (data->isoc_altsetting != new_alts) { | |
9bfa35fe MH |
1237 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
1238 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1239 | ||
f4001d28 | 1240 | if (__set_isoc_interface(hdev, new_alts) < 0) |
9bfa35fe MH |
1241 | return; |
1242 | } | |
1243 | ||
1244 | if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) { | |
2eda66f4 | 1245 | if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0) |
9bfa35fe MH |
1246 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); |
1247 | else | |
2eda66f4 | 1248 | btusb_submit_isoc_urb(hdev, GFP_KERNEL); |
9bfa35fe MH |
1249 | } |
1250 | } else { | |
1251 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
1252 | usb_kill_anchored_urbs(&data->isoc_anchor); | |
1253 | ||
1254 | __set_isoc_interface(hdev, 0); | |
08b8b6c4 | 1255 | if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags)) |
8efdd0cd | 1256 | usb_autopm_put_interface(data->isoc ? data->isoc : data->intf); |
5e23b923 MH |
1257 | } |
1258 | } | |
1259 | ||
7bee549e ON |
1260 | static void btusb_waker(struct work_struct *work) |
1261 | { | |
1262 | struct btusb_data *data = container_of(work, struct btusb_data, waker); | |
1263 | int err; | |
1264 | ||
1265 | err = usb_autopm_get_interface(data->intf); | |
1266 | if (err < 0) | |
1267 | return; | |
1268 | ||
1269 | usb_autopm_put_interface(data->intf); | |
1270 | } | |
1271 | ||
9f8f962c MH |
1272 | static int btusb_setup_bcm92035(struct hci_dev *hdev) |
1273 | { | |
1274 | struct sk_buff *skb; | |
1275 | u8 val = 0x00; | |
1276 | ||
1277 | BT_DBG("%s", hdev->name); | |
1278 | ||
1279 | skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); | |
1280 | if (IS_ERR(skb)) | |
1281 | BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); | |
1282 | else | |
1283 | kfree_skb(skb); | |
1284 | ||
1285 | return 0; | |
1286 | } | |
1287 | ||
81cac64b MH |
1288 | static int btusb_setup_csr(struct hci_dev *hdev) |
1289 | { | |
1290 | struct hci_rp_read_local_version *rp; | |
1291 | struct sk_buff *skb; | |
1292 | int ret; | |
1293 | ||
1294 | BT_DBG("%s", hdev->name); | |
1295 | ||
1296 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, | |
1297 | HCI_INIT_TIMEOUT); | |
1298 | if (IS_ERR(skb)) { | |
1299 | BT_ERR("Reading local version failed (%ld)", -PTR_ERR(skb)); | |
1300 | return -PTR_ERR(skb); | |
1301 | } | |
1302 | ||
89e7533d | 1303 | rp = (struct hci_rp_read_local_version *)skb->data; |
81cac64b MH |
1304 | |
1305 | if (!rp->status) { | |
1306 | if (le16_to_cpu(rp->manufacturer) != 10) { | |
1307 | /* Clear the reset quirk since this is not an actual | |
1308 | * early Bluetooth 1.1 device from CSR. | |
1309 | */ | |
1310 | clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); | |
1311 | ||
1312 | /* These fake CSR controllers have all a broken | |
1313 | * stored link key handling and so just disable it. | |
1314 | */ | |
1315 | set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, | |
1316 | &hdev->quirks); | |
1317 | } | |
1318 | } | |
1319 | ||
1320 | ret = -bt_to_errno(rp->status); | |
1321 | ||
1322 | kfree_skb(skb); | |
1323 | ||
1324 | return ret; | |
1325 | } | |
1326 | ||
dffd30ee THJA |
1327 | struct intel_version { |
1328 | u8 status; | |
1329 | u8 hw_platform; | |
1330 | u8 hw_variant; | |
1331 | u8 hw_revision; | |
1332 | u8 fw_variant; | |
1333 | u8 fw_revision; | |
1334 | u8 fw_build_num; | |
1335 | u8 fw_build_ww; | |
1336 | u8 fw_build_yy; | |
1337 | u8 fw_patch_num; | |
1338 | } __packed; | |
1339 | ||
cda0dd78 MH |
1340 | struct intel_boot_params { |
1341 | __u8 status; | |
1342 | __u8 otp_format; | |
1343 | __u8 otp_content; | |
1344 | __u8 otp_patch; | |
1345 | __le16 dev_revid; | |
1346 | __u8 secure_boot; | |
1347 | __u8 key_from_hdr; | |
1348 | __u8 key_type; | |
1349 | __u8 otp_lock; | |
1350 | __u8 api_lock; | |
1351 | __u8 debug_lock; | |
1352 | bdaddr_t otp_bdaddr; | |
1353 | __u8 min_fw_build_nn; | |
1354 | __u8 min_fw_build_cw; | |
1355 | __u8 min_fw_build_yy; | |
1356 | __u8 limited_cce; | |
1357 | __u8 unlocked_state; | |
1358 | } __packed; | |
1359 | ||
dffd30ee | 1360 | static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev, |
89e7533d | 1361 | struct intel_version *ver) |
dffd30ee THJA |
1362 | { |
1363 | const struct firmware *fw; | |
1364 | char fwname[64]; | |
1365 | int ret; | |
1366 | ||
1367 | snprintf(fwname, sizeof(fwname), | |
1368 | "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", | |
1369 | ver->hw_platform, ver->hw_variant, ver->hw_revision, | |
1370 | ver->fw_variant, ver->fw_revision, ver->fw_build_num, | |
1371 | ver->fw_build_ww, ver->fw_build_yy); | |
1372 | ||
1373 | ret = request_firmware(&fw, fwname, &hdev->dev); | |
1374 | if (ret < 0) { | |
1375 | if (ret == -EINVAL) { | |
1376 | BT_ERR("%s Intel firmware file request failed (%d)", | |
1377 | hdev->name, ret); | |
1378 | return NULL; | |
1379 | } | |
1380 | ||
1381 | BT_ERR("%s failed to open Intel firmware file: %s(%d)", | |
1382 | hdev->name, fwname, ret); | |
1383 | ||
1384 | /* If the correct firmware patch file is not found, use the | |
1385 | * default firmware patch file instead | |
1386 | */ | |
1387 | snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", | |
1388 | ver->hw_platform, ver->hw_variant); | |
1389 | if (request_firmware(&fw, fwname, &hdev->dev) < 0) { | |
1390 | BT_ERR("%s failed to open default Intel fw file: %s", | |
1391 | hdev->name, fwname); | |
1392 | return NULL; | |
1393 | } | |
1394 | } | |
1395 | ||
1396 | BT_INFO("%s: Intel Bluetooth firmware file: %s", hdev->name, fwname); | |
1397 | ||
1398 | return fw; | |
1399 | } | |
1400 | ||
1401 | static int btusb_setup_intel_patching(struct hci_dev *hdev, | |
1402 | const struct firmware *fw, | |
1403 | const u8 **fw_ptr, int *disable_patch) | |
1404 | { | |
1405 | struct sk_buff *skb; | |
1406 | struct hci_command_hdr *cmd; | |
1407 | const u8 *cmd_param; | |
1408 | struct hci_event_hdr *evt = NULL; | |
1409 | const u8 *evt_param = NULL; | |
1410 | int remain = fw->size - (*fw_ptr - fw->data); | |
1411 | ||
1412 | /* The first byte indicates the types of the patch command or event. | |
1413 | * 0x01 means HCI command and 0x02 is HCI event. If the first bytes | |
1414 | * in the current firmware buffer doesn't start with 0x01 or | |
1415 | * the size of remain buffer is smaller than HCI command header, | |
1416 | * the firmware file is corrupted and it should stop the patching | |
1417 | * process. | |
1418 | */ | |
1419 | if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { | |
1420 | BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); | |
1421 | return -EINVAL; | |
1422 | } | |
1423 | (*fw_ptr)++; | |
1424 | remain--; | |
1425 | ||
1426 | cmd = (struct hci_command_hdr *)(*fw_ptr); | |
1427 | *fw_ptr += sizeof(*cmd); | |
1428 | remain -= sizeof(*cmd); | |
1429 | ||
1430 | /* Ensure that the remain firmware data is long enough than the length | |
1431 | * of command parameter. If not, the firmware file is corrupted. | |
1432 | */ | |
1433 | if (remain < cmd->plen) { | |
1434 | BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); | |
1435 | return -EFAULT; | |
1436 | } | |
1437 | ||
1438 | /* If there is a command that loads a patch in the firmware | |
1439 | * file, then enable the patch upon success, otherwise just | |
1440 | * disable the manufacturer mode, for example patch activation | |
1441 | * is not required when the default firmware patch file is used | |
1442 | * because there are no patch data to load. | |
1443 | */ | |
1444 | if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) | |
1445 | *disable_patch = 0; | |
1446 | ||
1447 | cmd_param = *fw_ptr; | |
1448 | *fw_ptr += cmd->plen; | |
1449 | remain -= cmd->plen; | |
1450 | ||
1451 | /* This reads the expected events when the above command is sent to the | |
1452 | * device. Some vendor commands expects more than one events, for | |
1453 | * example command status event followed by vendor specific event. | |
1454 | * For this case, it only keeps the last expected event. so the command | |
1455 | * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of | |
1456 | * last expected event. | |
1457 | */ | |
1458 | while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { | |
1459 | (*fw_ptr)++; | |
1460 | remain--; | |
1461 | ||
1462 | evt = (struct hci_event_hdr *)(*fw_ptr); | |
1463 | *fw_ptr += sizeof(*evt); | |
1464 | remain -= sizeof(*evt); | |
1465 | ||
1466 | if (remain < evt->plen) { | |
1467 | BT_ERR("%s Intel fw corrupted: invalid evt len", | |
1468 | hdev->name); | |
1469 | return -EFAULT; | |
1470 | } | |
1471 | ||
1472 | evt_param = *fw_ptr; | |
1473 | *fw_ptr += evt->plen; | |
1474 | remain -= evt->plen; | |
1475 | } | |
1476 | ||
1477 | /* Every HCI commands in the firmware file has its correspond event. | |
1478 | * If event is not found or remain is smaller than zero, the firmware | |
1479 | * file is corrupted. | |
1480 | */ | |
1481 | if (!evt || !evt_param || remain < 0) { | |
1482 | BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); | |
1483 | return -EFAULT; | |
1484 | } | |
1485 | ||
1486 | skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, | |
1487 | cmd_param, evt->evt, HCI_INIT_TIMEOUT); | |
1488 | if (IS_ERR(skb)) { | |
1489 | BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", | |
1490 | hdev->name, cmd->opcode, PTR_ERR(skb)); | |
d9c78e97 | 1491 | return PTR_ERR(skb); |
dffd30ee THJA |
1492 | } |
1493 | ||
1494 | /* It ensures that the returned event matches the event data read from | |
1495 | * the firmware file. At fist, it checks the length and then | |
1496 | * the contents of the event. | |
1497 | */ | |
1498 | if (skb->len != evt->plen) { | |
1499 | BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, | |
1500 | le16_to_cpu(cmd->opcode)); | |
1501 | kfree_skb(skb); | |
1502 | return -EFAULT; | |
1503 | } | |
1504 | ||
1505 | if (memcmp(skb->data, evt_param, evt->plen)) { | |
1506 | BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", | |
1507 | hdev->name, le16_to_cpu(cmd->opcode)); | |
1508 | kfree_skb(skb); | |
1509 | return -EFAULT; | |
1510 | } | |
1511 | kfree_skb(skb); | |
1512 | ||
1513 | return 0; | |
1514 | } | |
1515 | ||
40cb0984 MH |
1516 | #define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) |
1517 | ||
1518 | static int btusb_check_bdaddr_intel(struct hci_dev *hdev) | |
1519 | { | |
1520 | struct sk_buff *skb; | |
1521 | struct hci_rp_read_bd_addr *rp; | |
1522 | ||
1523 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, | |
1524 | HCI_INIT_TIMEOUT); | |
1525 | if (IS_ERR(skb)) { | |
1526 | BT_ERR("%s reading Intel device address failed (%ld)", | |
1527 | hdev->name, PTR_ERR(skb)); | |
1528 | return PTR_ERR(skb); | |
1529 | } | |
1530 | ||
1531 | if (skb->len != sizeof(*rp)) { | |
1532 | BT_ERR("%s Intel device address length mismatch", hdev->name); | |
1533 | kfree_skb(skb); | |
1534 | return -EIO; | |
1535 | } | |
1536 | ||
89e7533d | 1537 | rp = (struct hci_rp_read_bd_addr *)skb->data; |
40cb0984 MH |
1538 | if (rp->status) { |
1539 | BT_ERR("%s Intel device address result failed (%02x)", | |
1540 | hdev->name, rp->status); | |
1541 | kfree_skb(skb); | |
1542 | return -bt_to_errno(rp->status); | |
1543 | } | |
1544 | ||
1545 | /* For some Intel based controllers, the default Bluetooth device | |
1546 | * address 00:03:19:9E:8B:00 can be found. These controllers are | |
1547 | * fully operational, but have the danger of duplicate addresses | |
1548 | * and that in turn can cause problems with Bluetooth operation. | |
1549 | */ | |
4739b5b1 | 1550 | if (!bacmp(&rp->bdaddr, BDADDR_INTEL)) { |
40cb0984 MH |
1551 | BT_ERR("%s found Intel default device address (%pMR)", |
1552 | hdev->name, &rp->bdaddr); | |
4739b5b1 MH |
1553 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); |
1554 | } | |
40cb0984 MH |
1555 | |
1556 | kfree_skb(skb); | |
1557 | ||
1558 | return 0; | |
1559 | } | |
1560 | ||
dffd30ee THJA |
1561 | static int btusb_setup_intel(struct hci_dev *hdev) |
1562 | { | |
1563 | struct sk_buff *skb; | |
1564 | const struct firmware *fw; | |
1565 | const u8 *fw_ptr; | |
1566 | int disable_patch; | |
1567 | struct intel_version *ver; | |
1568 | ||
1569 | const u8 mfg_enable[] = { 0x01, 0x00 }; | |
1570 | const u8 mfg_disable[] = { 0x00, 0x00 }; | |
1571 | const u8 mfg_reset_deactivate[] = { 0x00, 0x01 }; | |
1572 | const u8 mfg_reset_activate[] = { 0x00, 0x02 }; | |
1573 | ||
1574 | BT_DBG("%s", hdev->name); | |
1575 | ||
1576 | /* The controller has a bug with the first HCI command sent to it | |
1577 | * returning number of completed commands as zero. This would stall the | |
1578 | * command processing in the Bluetooth core. | |
1579 | * | |
1580 | * As a workaround, send HCI Reset command first which will reset the | |
1581 | * number of completed commands and allow normal command processing | |
1582 | * from now on. | |
1583 | */ | |
1584 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
1585 | if (IS_ERR(skb)) { | |
1586 | BT_ERR("%s sending initial HCI reset command failed (%ld)", | |
1587 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1588 | return PTR_ERR(skb); |
dffd30ee THJA |
1589 | } |
1590 | kfree_skb(skb); | |
1591 | ||
1592 | /* Read Intel specific controller version first to allow selection of | |
1593 | * which firmware file to load. | |
1594 | * | |
1595 | * The returned information are hardware variant and revision plus | |
1596 | * firmware variant, revision and build number. | |
1597 | */ | |
1598 | skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); | |
1599 | if (IS_ERR(skb)) { | |
1600 | BT_ERR("%s reading Intel fw version command failed (%ld)", | |
1601 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1602 | return PTR_ERR(skb); |
dffd30ee THJA |
1603 | } |
1604 | ||
1605 | if (skb->len != sizeof(*ver)) { | |
1606 | BT_ERR("%s Intel version event length mismatch", hdev->name); | |
1607 | kfree_skb(skb); | |
1608 | return -EIO; | |
1609 | } | |
1610 | ||
1611 | ver = (struct intel_version *)skb->data; | |
1612 | if (ver->status) { | |
1613 | BT_ERR("%s Intel fw version event failed (%02x)", hdev->name, | |
1614 | ver->status); | |
1615 | kfree_skb(skb); | |
1616 | return -bt_to_errno(ver->status); | |
1617 | } | |
1618 | ||
1619 | BT_INFO("%s: read Intel version: %02x%02x%02x%02x%02x%02x%02x%02x%02x", | |
1620 | hdev->name, ver->hw_platform, ver->hw_variant, | |
1621 | ver->hw_revision, ver->fw_variant, ver->fw_revision, | |
1622 | ver->fw_build_num, ver->fw_build_ww, ver->fw_build_yy, | |
1623 | ver->fw_patch_num); | |
1624 | ||
1625 | /* fw_patch_num indicates the version of patch the device currently | |
1626 | * have. If there is no patch data in the device, it is always 0x00. | |
1627 | * So, if it is other than 0x00, no need to patch the deivce again. | |
1628 | */ | |
1629 | if (ver->fw_patch_num) { | |
1630 | BT_INFO("%s: Intel device is already patched. patch num: %02x", | |
1631 | hdev->name, ver->fw_patch_num); | |
1632 | kfree_skb(skb); | |
40cb0984 | 1633 | btusb_check_bdaddr_intel(hdev); |
dffd30ee THJA |
1634 | return 0; |
1635 | } | |
1636 | ||
1637 | /* Opens the firmware patch file based on the firmware version read | |
1638 | * from the controller. If it fails to open the matching firmware | |
1639 | * patch file, it tries to open the default firmware patch file. | |
1640 | * If no patch file is found, allow the device to operate without | |
1641 | * a patch. | |
1642 | */ | |
1643 | fw = btusb_setup_intel_get_fw(hdev, ver); | |
1644 | if (!fw) { | |
1645 | kfree_skb(skb); | |
40cb0984 | 1646 | btusb_check_bdaddr_intel(hdev); |
dffd30ee THJA |
1647 | return 0; |
1648 | } | |
1649 | fw_ptr = fw->data; | |
1650 | ||
1651 | /* This Intel specific command enables the manufacturer mode of the | |
1652 | * controller. | |
1653 | * | |
1654 | * Only while this mode is enabled, the driver can download the | |
1655 | * firmware patch data and configuration parameters. | |
1656 | */ | |
1657 | skb = __hci_cmd_sync(hdev, 0xfc11, 2, mfg_enable, HCI_INIT_TIMEOUT); | |
1658 | if (IS_ERR(skb)) { | |
1659 | BT_ERR("%s entering Intel manufacturer mode failed (%ld)", | |
1660 | hdev->name, PTR_ERR(skb)); | |
1661 | release_firmware(fw); | |
d9c78e97 | 1662 | return PTR_ERR(skb); |
dffd30ee THJA |
1663 | } |
1664 | ||
1665 | if (skb->data[0]) { | |
1666 | u8 evt_status = skb->data[0]; | |
89e7533d | 1667 | |
dffd30ee THJA |
1668 | BT_ERR("%s enable Intel manufacturer mode event failed (%02x)", |
1669 | hdev->name, evt_status); | |
1670 | kfree_skb(skb); | |
1671 | release_firmware(fw); | |
1672 | return -bt_to_errno(evt_status); | |
1673 | } | |
1674 | kfree_skb(skb); | |
1675 | ||
1676 | disable_patch = 1; | |
1677 | ||
1678 | /* The firmware data file consists of list of Intel specific HCI | |
1679 | * commands and its expected events. The first byte indicates the | |
1680 | * type of the message, either HCI command or HCI event. | |
1681 | * | |
1682 | * It reads the command and its expected event from the firmware file, | |
1683 | * and send to the controller. Once __hci_cmd_sync_ev() returns, | |
1684 | * the returned event is compared with the event read from the firmware | |
1685 | * file and it will continue until all the messages are downloaded to | |
1686 | * the controller. | |
1687 | * | |
1688 | * Once the firmware patching is completed successfully, | |
1689 | * the manufacturer mode is disabled with reset and activating the | |
1690 | * downloaded patch. | |
1691 | * | |
1692 | * If the firmware patching fails, the manufacturer mode is | |
1693 | * disabled with reset and deactivating the patch. | |
1694 | * | |
1695 | * If the default patch file is used, no reset is done when disabling | |
1696 | * the manufacturer. | |
1697 | */ | |
1698 | while (fw->size > fw_ptr - fw->data) { | |
1699 | int ret; | |
1700 | ||
1701 | ret = btusb_setup_intel_patching(hdev, fw, &fw_ptr, | |
1702 | &disable_patch); | |
1703 | if (ret < 0) | |
1704 | goto exit_mfg_deactivate; | |
1705 | } | |
1706 | ||
1707 | release_firmware(fw); | |
1708 | ||
1709 | if (disable_patch) | |
1710 | goto exit_mfg_disable; | |
1711 | ||
1712 | /* Patching completed successfully and disable the manufacturer mode | |
1713 | * with reset and activate the downloaded firmware patches. | |
1714 | */ | |
1715 | skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_activate), | |
1716 | mfg_reset_activate, HCI_INIT_TIMEOUT); | |
1717 | if (IS_ERR(skb)) { | |
1718 | BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", | |
1719 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1720 | return PTR_ERR(skb); |
dffd30ee THJA |
1721 | } |
1722 | kfree_skb(skb); | |
1723 | ||
1724 | BT_INFO("%s: Intel Bluetooth firmware patch completed and activated", | |
1725 | hdev->name); | |
1726 | ||
40cb0984 | 1727 | btusb_check_bdaddr_intel(hdev); |
dffd30ee THJA |
1728 | return 0; |
1729 | ||
1730 | exit_mfg_disable: | |
1731 | /* Disable the manufacturer mode without reset */ | |
1732 | skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_disable), mfg_disable, | |
1733 | HCI_INIT_TIMEOUT); | |
1734 | if (IS_ERR(skb)) { | |
1735 | BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", | |
1736 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1737 | return PTR_ERR(skb); |
dffd30ee THJA |
1738 | } |
1739 | kfree_skb(skb); | |
1740 | ||
1741 | BT_INFO("%s: Intel Bluetooth firmware patch completed", hdev->name); | |
40cb0984 MH |
1742 | |
1743 | btusb_check_bdaddr_intel(hdev); | |
dffd30ee THJA |
1744 | return 0; |
1745 | ||
1746 | exit_mfg_deactivate: | |
1747 | release_firmware(fw); | |
1748 | ||
1749 | /* Patching failed. Disable the manufacturer mode with reset and | |
1750 | * deactivate the downloaded firmware patches. | |
1751 | */ | |
1752 | skb = __hci_cmd_sync(hdev, 0xfc11, sizeof(mfg_reset_deactivate), | |
1753 | mfg_reset_deactivate, HCI_INIT_TIMEOUT); | |
1754 | if (IS_ERR(skb)) { | |
1755 | BT_ERR("%s exiting Intel manufacturer mode failed (%ld)", | |
1756 | hdev->name, PTR_ERR(skb)); | |
d9c78e97 | 1757 | return PTR_ERR(skb); |
dffd30ee THJA |
1758 | } |
1759 | kfree_skb(skb); | |
1760 | ||
1761 | BT_INFO("%s: Intel Bluetooth firmware patch completed and deactivated", | |
1762 | hdev->name); | |
1763 | ||
40cb0984 | 1764 | btusb_check_bdaddr_intel(hdev); |
dffd30ee THJA |
1765 | return 0; |
1766 | } | |
1767 | ||
cda0dd78 MH |
1768 | static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode) |
1769 | { | |
1770 | struct sk_buff *skb; | |
1771 | struct hci_event_hdr *hdr; | |
1772 | struct hci_ev_cmd_complete *evt; | |
1773 | ||
1774 | skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); | |
1775 | if (!skb) | |
1776 | return -ENOMEM; | |
1777 | ||
1778 | hdr = (struct hci_event_hdr *)skb_put(skb, sizeof(*hdr)); | |
1779 | hdr->evt = HCI_EV_CMD_COMPLETE; | |
1780 | hdr->plen = sizeof(*evt) + 1; | |
1781 | ||
1782 | evt = (struct hci_ev_cmd_complete *)skb_put(skb, sizeof(*evt)); | |
1783 | evt->ncmd = 0x01; | |
1784 | evt->opcode = cpu_to_le16(opcode); | |
1785 | ||
1786 | *skb_put(skb, 1) = 0x00; | |
1787 | ||
1788 | bt_cb(skb)->pkt_type = HCI_EVENT_PKT; | |
1789 | ||
1790 | return hci_recv_frame(hdev, skb); | |
1791 | } | |
1792 | ||
1793 | static int btusb_recv_bulk_intel(struct btusb_data *data, void *buffer, | |
1794 | int count) | |
1795 | { | |
1796 | /* When the device is in bootloader mode, then it can send | |
1797 | * events via the bulk endpoint. These events are treated the | |
1798 | * same way as the ones received from the interrupt endpoint. | |
1799 | */ | |
1800 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) | |
1801 | return btusb_recv_intr(data, buffer, count); | |
1802 | ||
1803 | return btusb_recv_bulk(data, buffer, count); | |
1804 | } | |
1805 | ||
1806 | static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb) | |
1807 | { | |
1808 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1809 | ||
1810 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { | |
1811 | struct hci_event_hdr *hdr = (void *)skb->data; | |
1812 | ||
1813 | /* When the firmware loading completes the device sends | |
1814 | * out a vendor specific event indicating the result of | |
1815 | * the firmware loading. | |
1816 | */ | |
1817 | if (skb->len == 7 && hdr->evt == 0xff && hdr->plen == 0x05 && | |
1818 | skb->data[2] == 0x06) { | |
1819 | if (skb->data[3] != 0x00) | |
1820 | test_bit(BTUSB_FIRMWARE_FAILED, &data->flags); | |
1821 | ||
ce6bb929 MH |
1822 | if (test_and_clear_bit(BTUSB_DOWNLOADING, |
1823 | &data->flags) && | |
a087a98e JH |
1824 | test_bit(BTUSB_FIRMWARE_LOADED, &data->flags)) { |
1825 | smp_mb__after_atomic(); | |
1826 | wake_up_bit(&data->flags, BTUSB_DOWNLOADING); | |
1827 | } | |
cda0dd78 MH |
1828 | } |
1829 | ||
1830 | /* When switching to the operational firmware the device | |
1831 | * sends a vendor specific event indicating that the bootup | |
1832 | * completed. | |
1833 | */ | |
1834 | if (skb->len == 9 && hdr->evt == 0xff && hdr->plen == 0x07 && | |
1835 | skb->data[2] == 0x02) { | |
fad70972 JH |
1836 | if (test_and_clear_bit(BTUSB_BOOTING, &data->flags)) { |
1837 | smp_mb__after_atomic(); | |
1838 | wake_up_bit(&data->flags, BTUSB_BOOTING); | |
1839 | } | |
cda0dd78 MH |
1840 | } |
1841 | } | |
1842 | ||
1843 | return hci_recv_frame(hdev, skb); | |
1844 | } | |
1845 | ||
1846 | static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb) | |
1847 | { | |
1848 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1849 | struct urb *urb; | |
1850 | ||
1851 | BT_DBG("%s", hdev->name); | |
1852 | ||
1853 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
1854 | return -EBUSY; | |
1855 | ||
1856 | switch (bt_cb(skb)->pkt_type) { | |
1857 | case HCI_COMMAND_PKT: | |
1858 | if (test_bit(BTUSB_BOOTLOADER, &data->flags)) { | |
1859 | struct hci_command_hdr *cmd = (void *)skb->data; | |
1860 | __u16 opcode = le16_to_cpu(cmd->opcode); | |
1861 | ||
1862 | /* When in bootloader mode and the command 0xfc09 | |
1863 | * is received, it needs to be send down the | |
1864 | * bulk endpoint. So allocate a bulk URB instead. | |
1865 | */ | |
1866 | if (opcode == 0xfc09) | |
1867 | urb = alloc_bulk_urb(hdev, skb); | |
1868 | else | |
1869 | urb = alloc_ctrl_urb(hdev, skb); | |
1870 | ||
1871 | /* When the 0xfc01 command is issued to boot into | |
1872 | * the operational firmware, it will actually not | |
1873 | * send a command complete event. To keep the flow | |
1874 | * control working inject that event here. | |
1875 | */ | |
1876 | if (opcode == 0xfc01) | |
1877 | inject_cmd_complete(hdev, opcode); | |
1878 | } else { | |
1879 | urb = alloc_ctrl_urb(hdev, skb); | |
1880 | } | |
1881 | if (IS_ERR(urb)) | |
1882 | return PTR_ERR(urb); | |
1883 | ||
1884 | hdev->stat.cmd_tx++; | |
1885 | return submit_or_queue_tx_urb(hdev, urb); | |
1886 | ||
1887 | case HCI_ACLDATA_PKT: | |
1888 | urb = alloc_bulk_urb(hdev, skb); | |
1889 | if (IS_ERR(urb)) | |
1890 | return PTR_ERR(urb); | |
1891 | ||
1892 | hdev->stat.acl_tx++; | |
1893 | return submit_or_queue_tx_urb(hdev, urb); | |
1894 | ||
1895 | case HCI_SCODATA_PKT: | |
1896 | if (hci_conn_num(hdev, SCO_LINK) < 1) | |
1897 | return -ENODEV; | |
1898 | ||
1899 | urb = alloc_isoc_urb(hdev, skb); | |
1900 | if (IS_ERR(urb)) | |
1901 | return PTR_ERR(urb); | |
1902 | ||
1903 | hdev->stat.sco_tx++; | |
1904 | return submit_tx_urb(hdev, urb); | |
1905 | } | |
1906 | ||
1907 | return -EILSEQ; | |
1908 | } | |
1909 | ||
1910 | static int btusb_intel_secure_send(struct hci_dev *hdev, u8 fragment_type, | |
1911 | u32 plen, const void *param) | |
1912 | { | |
1913 | while (plen > 0) { | |
1914 | struct sk_buff *skb; | |
1915 | u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; | |
1916 | ||
1917 | cmd_param[0] = fragment_type; | |
1918 | memcpy(cmd_param + 1, param, fragment_len); | |
1919 | ||
1920 | skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, | |
1921 | cmd_param, HCI_INIT_TIMEOUT); | |
1922 | if (IS_ERR(skb)) | |
1923 | return PTR_ERR(skb); | |
1924 | ||
1925 | kfree_skb(skb); | |
1926 | ||
1927 | plen -= fragment_len; | |
1928 | param += fragment_len; | |
1929 | } | |
1930 | ||
1931 | return 0; | |
1932 | } | |
1933 | ||
1934 | static void btusb_intel_version_info(struct hci_dev *hdev, | |
1935 | struct intel_version *ver) | |
1936 | { | |
1937 | const char *variant; | |
1938 | ||
1939 | switch (ver->fw_variant) { | |
1940 | case 0x06: | |
1941 | variant = "Bootloader"; | |
1942 | break; | |
1943 | case 0x23: | |
1944 | variant = "Firmware"; | |
1945 | break; | |
1946 | default: | |
1947 | return; | |
1948 | } | |
1949 | ||
1950 | BT_INFO("%s: %s revision %u.%u build %u week %u %u", hdev->name, | |
1951 | variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, | |
1952 | ver->fw_build_num, ver->fw_build_ww, 2000 + ver->fw_build_yy); | |
1953 | } | |
1954 | ||
1955 | static int btusb_setup_intel_new(struct hci_dev *hdev) | |
1956 | { | |
1957 | static const u8 reset_param[] = { 0x00, 0x01, 0x00, 0x01, | |
1958 | 0x00, 0x08, 0x04, 0x00 }; | |
1959 | struct btusb_data *data = hci_get_drvdata(hdev); | |
1960 | struct sk_buff *skb; | |
1961 | struct intel_version *ver; | |
1962 | struct intel_boot_params *params; | |
1963 | const struct firmware *fw; | |
1964 | const u8 *fw_ptr; | |
1965 | char fwname[64]; | |
1966 | ktime_t calltime, delta, rettime; | |
1967 | unsigned long long duration; | |
1968 | int err; | |
1969 | ||
1970 | BT_DBG("%s", hdev->name); | |
1971 | ||
1972 | calltime = ktime_get(); | |
1973 | ||
1974 | /* Read the Intel version information to determine if the device | |
1975 | * is in bootloader mode or if it already has operational firmware | |
1976 | * loaded. | |
1977 | */ | |
1978 | skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_INIT_TIMEOUT); | |
1979 | if (IS_ERR(skb)) { | |
1980 | BT_ERR("%s: Reading Intel version information failed (%ld)", | |
1981 | hdev->name, PTR_ERR(skb)); | |
1982 | return PTR_ERR(skb); | |
1983 | } | |
1984 | ||
1985 | if (skb->len != sizeof(*ver)) { | |
1986 | BT_ERR("%s: Intel version event size mismatch", hdev->name); | |
1987 | kfree_skb(skb); | |
1988 | return -EILSEQ; | |
1989 | } | |
1990 | ||
1991 | ver = (struct intel_version *)skb->data; | |
1992 | if (ver->status) { | |
1993 | BT_ERR("%s: Intel version command failure (%02x)", | |
1994 | hdev->name, ver->status); | |
1995 | err = -bt_to_errno(ver->status); | |
1996 | kfree_skb(skb); | |
1997 | return err; | |
1998 | } | |
1999 | ||
2000 | /* The hardware platform number has a fixed value of 0x37 and | |
2001 | * for now only accept this single value. | |
2002 | */ | |
2003 | if (ver->hw_platform != 0x37) { | |
2004 | BT_ERR("%s: Unsupported Intel hardware platform (%u)", | |
2005 | hdev->name, ver->hw_platform); | |
2006 | kfree_skb(skb); | |
2007 | return -EINVAL; | |
2008 | } | |
2009 | ||
2010 | /* At the moment only the hardware variant iBT 3.0 (LnP/SfP) is | |
2011 | * supported by this firmware loading method. This check has been | |
2012 | * put in place to ensure correct forward compatibility options | |
2013 | * when newer hardware variants come along. | |
2014 | */ | |
2015 | if (ver->hw_variant != 0x0b) { | |
2016 | BT_ERR("%s: Unsupported Intel hardware variant (%u)", | |
2017 | hdev->name, ver->hw_variant); | |
2018 | kfree_skb(skb); | |
2019 | return -EINVAL; | |
2020 | } | |
2021 | ||
2022 | btusb_intel_version_info(hdev, ver); | |
2023 | ||
2024 | /* The firmware variant determines if the device is in bootloader | |
2025 | * mode or is running operational firmware. The value 0x06 identifies | |
2026 | * the bootloader and the value 0x23 identifies the operational | |
2027 | * firmware. | |
2028 | * | |
2029 | * When the operational firmware is already present, then only | |
2030 | * the check for valid Bluetooth device address is needed. This | |
2031 | * determines if the device will be added as configured or | |
2032 | * unconfigured controller. | |
2033 | * | |
2034 | * It is not possible to use the Secure Boot Parameters in this | |
2035 | * case since that command is only available in bootloader mode. | |
2036 | */ | |
2037 | if (ver->fw_variant == 0x23) { | |
2038 | kfree_skb(skb); | |
2039 | clear_bit(BTUSB_BOOTLOADER, &data->flags); | |
2040 | btusb_check_bdaddr_intel(hdev); | |
2041 | return 0; | |
2042 | } | |
2043 | ||
2044 | /* If the device is not in bootloader mode, then the only possible | |
2045 | * choice is to return an error and abort the device initialization. | |
2046 | */ | |
2047 | if (ver->fw_variant != 0x06) { | |
2048 | BT_ERR("%s: Unsupported Intel firmware variant (%u)", | |
2049 | hdev->name, ver->fw_variant); | |
2050 | kfree_skb(skb); | |
2051 | return -ENODEV; | |
2052 | } | |
2053 | ||
2054 | kfree_skb(skb); | |
2055 | ||
2056 | /* Read the secure boot parameters to identify the operating | |
2057 | * details of the bootloader. | |
2058 | */ | |
2059 | skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); | |
2060 | if (IS_ERR(skb)) { | |
2061 | BT_ERR("%s: Reading Intel boot parameters failed (%ld)", | |
2062 | hdev->name, PTR_ERR(skb)); | |
2063 | return PTR_ERR(skb); | |
2064 | } | |
2065 | ||
2066 | if (skb->len != sizeof(*params)) { | |
2067 | BT_ERR("%s: Intel boot parameters size mismatch", hdev->name); | |
2068 | kfree_skb(skb); | |
2069 | return -EILSEQ; | |
2070 | } | |
2071 | ||
2072 | params = (struct intel_boot_params *)skb->data; | |
2073 | if (params->status) { | |
2074 | BT_ERR("%s: Intel boot parameters command failure (%02x)", | |
2075 | hdev->name, params->status); | |
2076 | err = -bt_to_errno(params->status); | |
2077 | kfree_skb(skb); | |
2078 | return err; | |
2079 | } | |
2080 | ||
2081 | BT_INFO("%s: Device revision is %u", hdev->name, | |
2082 | le16_to_cpu(params->dev_revid)); | |
2083 | ||
2084 | BT_INFO("%s: Secure boot is %s", hdev->name, | |
2085 | params->secure_boot ? "enabled" : "disabled"); | |
2086 | ||
2087 | BT_INFO("%s: Minimum firmware build %u week %u %u", hdev->name, | |
2088 | params->min_fw_build_nn, params->min_fw_build_cw, | |
2089 | 2000 + params->min_fw_build_yy); | |
2090 | ||
2091 | /* It is required that every single firmware fragment is acknowledged | |
2092 | * with a command complete event. If the boot parameters indicate | |
2093 | * that this bootloader does not send them, then abort the setup. | |
2094 | */ | |
2095 | if (params->limited_cce != 0x00) { | |
2096 | BT_ERR("%s: Unsupported Intel firmware loading method (%u)", | |
2097 | hdev->name, params->limited_cce); | |
2098 | kfree_skb(skb); | |
2099 | return -EINVAL; | |
2100 | } | |
2101 | ||
2102 | /* If the OTP has no valid Bluetooth device address, then there will | |
2103 | * also be no valid address for the operational firmware. | |
2104 | */ | |
2105 | if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { | |
2106 | BT_INFO("%s: No device address configured", hdev->name); | |
2107 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); | |
2108 | } | |
2109 | ||
2110 | /* With this Intel bootloader only the hardware variant and device | |
2111 | * revision information are used to select the right firmware. | |
2112 | * | |
2113 | * Currently this bootloader support is limited to hardware variant | |
2114 | * iBT 3.0 (LnP/SfP) which is identified by the value 11 (0x0b). | |
2115 | */ | |
2116 | snprintf(fwname, sizeof(fwname), "intel/ibt-11-%u.sfi", | |
2117 | le16_to_cpu(params->dev_revid)); | |
2118 | ||
2119 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2120 | if (err < 0) { | |
2121 | BT_ERR("%s: Failed to load Intel firmware file (%d)", | |
2122 | hdev->name, err); | |
2123 | kfree_skb(skb); | |
2124 | return err; | |
2125 | } | |
2126 | ||
2127 | BT_INFO("%s: Found device firmware: %s", hdev->name, fwname); | |
2128 | ||
2129 | kfree_skb(skb); | |
2130 | ||
2131 | if (fw->size < 644) { | |
2132 | BT_ERR("%s: Invalid size of firmware file (%zu)", | |
2133 | hdev->name, fw->size); | |
2134 | err = -EBADF; | |
2135 | goto done; | |
2136 | } | |
2137 | ||
2138 | set_bit(BTUSB_DOWNLOADING, &data->flags); | |
2139 | ||
2140 | /* Start the firmware download transaction with the Init fragment | |
2141 | * represented by the 128 bytes of CSS header. | |
2142 | */ | |
2143 | err = btusb_intel_secure_send(hdev, 0x00, 128, fw->data); | |
2144 | if (err < 0) { | |
2145 | BT_ERR("%s: Failed to send firmware header (%d)", | |
2146 | hdev->name, err); | |
2147 | goto done; | |
2148 | } | |
2149 | ||
2150 | /* Send the 256 bytes of public key information from the firmware | |
2151 | * as the PKey fragment. | |
2152 | */ | |
2153 | err = btusb_intel_secure_send(hdev, 0x03, 256, fw->data + 128); | |
2154 | if (err < 0) { | |
2155 | BT_ERR("%s: Failed to send firmware public key (%d)", | |
2156 | hdev->name, err); | |
2157 | goto done; | |
2158 | } | |
2159 | ||
2160 | /* Send the 256 bytes of signature information from the firmware | |
2161 | * as the Sign fragment. | |
2162 | */ | |
2163 | err = btusb_intel_secure_send(hdev, 0x02, 256, fw->data + 388); | |
2164 | if (err < 0) { | |
2165 | BT_ERR("%s: Failed to send firmware signature (%d)", | |
2166 | hdev->name, err); | |
2167 | goto done; | |
2168 | } | |
2169 | ||
2170 | fw_ptr = fw->data + 644; | |
2171 | ||
2172 | while (fw_ptr - fw->data < fw->size) { | |
2173 | struct hci_command_hdr *cmd = (void *)fw_ptr; | |
2174 | u8 cmd_len; | |
2175 | ||
2176 | cmd_len = sizeof(*cmd) + cmd->plen; | |
2177 | ||
2178 | /* Send each command from the firmware data buffer as | |
2179 | * a single Data fragment. | |
2180 | */ | |
2181 | err = btusb_intel_secure_send(hdev, 0x01, cmd_len, fw_ptr); | |
2182 | if (err < 0) { | |
2183 | BT_ERR("%s: Failed to send firmware data (%d)", | |
2184 | hdev->name, err); | |
2185 | goto done; | |
2186 | } | |
2187 | ||
2188 | fw_ptr += cmd_len; | |
2189 | } | |
2190 | ||
ce6bb929 MH |
2191 | set_bit(BTUSB_FIRMWARE_LOADED, &data->flags); |
2192 | ||
a087a98e JH |
2193 | BT_INFO("%s: Waiting for firmware download to complete", hdev->name); |
2194 | ||
cda0dd78 MH |
2195 | /* Before switching the device into operational mode and with that |
2196 | * booting the loaded firmware, wait for the bootloader notification | |
2197 | * that all fragments have been successfully received. | |
2198 | * | |
a087a98e JH |
2199 | * When the event processing receives the notification, then the |
2200 | * BTUSB_DOWNLOADING flag will be cleared. | |
2201 | * | |
2202 | * The firmware loading should not take longer than 5 seconds | |
2203 | * and thus just timeout if that happens and fail the setup | |
2204 | * of this device. | |
cda0dd78 | 2205 | */ |
129a7693 JH |
2206 | err = wait_on_bit_timeout(&data->flags, BTUSB_DOWNLOADING, |
2207 | TASK_INTERRUPTIBLE, | |
2208 | msecs_to_jiffies(5000)); | |
a087a98e JH |
2209 | if (err == 1) { |
2210 | BT_ERR("%s: Firmware loading interrupted", hdev->name); | |
2211 | err = -EINTR; | |
2212 | goto done; | |
2213 | } | |
cda0dd78 | 2214 | |
a087a98e JH |
2215 | if (err) { |
2216 | BT_ERR("%s: Firmware loading timeout", hdev->name); | |
2217 | err = -ETIMEDOUT; | |
2218 | goto done; | |
cda0dd78 MH |
2219 | } |
2220 | ||
2221 | if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { | |
2222 | BT_ERR("%s: Firmware loading failed", hdev->name); | |
2223 | err = -ENOEXEC; | |
2224 | goto done; | |
2225 | } | |
2226 | ||
2227 | rettime = ktime_get(); | |
2228 | delta = ktime_sub(rettime, calltime); | |
2229 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
2230 | ||
2231 | BT_INFO("%s: Firmware loaded in %llu usecs", hdev->name, duration); | |
2232 | ||
2233 | done: | |
2234 | release_firmware(fw); | |
2235 | ||
2236 | if (err < 0) | |
2237 | return err; | |
2238 | ||
2239 | calltime = ktime_get(); | |
2240 | ||
2241 | set_bit(BTUSB_BOOTING, &data->flags); | |
2242 | ||
2243 | skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(reset_param), reset_param, | |
2244 | HCI_INIT_TIMEOUT); | |
2245 | if (IS_ERR(skb)) | |
2246 | return PTR_ERR(skb); | |
2247 | ||
2248 | kfree_skb(skb); | |
2249 | ||
2250 | /* The bootloader will not indicate when the device is ready. This | |
2251 | * is done by the operational firmware sending bootup notification. | |
fad70972 JH |
2252 | * |
2253 | * Booting into operational firmware should not take longer than | |
2254 | * 1 second. However if that happens, then just fail the setup | |
2255 | * since something went wrong. | |
cda0dd78 | 2256 | */ |
fad70972 | 2257 | BT_INFO("%s: Waiting for device to boot", hdev->name); |
cda0dd78 | 2258 | |
129a7693 JH |
2259 | err = wait_on_bit_timeout(&data->flags, BTUSB_BOOTING, |
2260 | TASK_INTERRUPTIBLE, | |
2261 | msecs_to_jiffies(1000)); | |
cda0dd78 | 2262 | |
fad70972 JH |
2263 | if (err == 1) { |
2264 | BT_ERR("%s: Device boot interrupted", hdev->name); | |
2265 | return -EINTR; | |
2266 | } | |
cda0dd78 | 2267 | |
fad70972 JH |
2268 | if (err) { |
2269 | BT_ERR("%s: Device boot timeout", hdev->name); | |
2270 | return -ETIMEDOUT; | |
cda0dd78 MH |
2271 | } |
2272 | ||
2273 | rettime = ktime_get(); | |
2274 | delta = ktime_sub(rettime, calltime); | |
2275 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
2276 | ||
2277 | BT_INFO("%s: Device booted in %llu usecs", hdev->name, duration); | |
2278 | ||
2279 | clear_bit(BTUSB_BOOTLOADER, &data->flags); | |
2280 | ||
2281 | return 0; | |
2282 | } | |
2283 | ||
385a768c MH |
2284 | static void btusb_hw_error_intel(struct hci_dev *hdev, u8 code) |
2285 | { | |
2286 | struct sk_buff *skb; | |
2287 | u8 type = 0x00; | |
2288 | ||
2289 | BT_ERR("%s: Hardware error 0x%2.2x", hdev->name, code); | |
2290 | ||
2291 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
2292 | if (IS_ERR(skb)) { | |
2293 | BT_ERR("%s: Reset after hardware error failed (%ld)", | |
2294 | hdev->name, PTR_ERR(skb)); | |
2295 | return; | |
2296 | } | |
2297 | kfree_skb(skb); | |
2298 | ||
2299 | skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); | |
2300 | if (IS_ERR(skb)) { | |
2301 | BT_ERR("%s: Retrieving Intel exception info failed (%ld)", | |
2302 | hdev->name, PTR_ERR(skb)); | |
2303 | return; | |
2304 | } | |
2305 | ||
2306 | if (skb->len != 13) { | |
2307 | BT_ERR("%s: Exception info size mismatch", hdev->name); | |
2308 | kfree_skb(skb); | |
2309 | return; | |
2310 | } | |
2311 | ||
2312 | if (skb->data[0] != 0x00) { | |
2313 | BT_ERR("%s: Exception info command failure (%02x)", | |
2314 | hdev->name, skb->data[0]); | |
2315 | kfree_skb(skb); | |
2316 | return; | |
2317 | } | |
2318 | ||
2319 | BT_ERR("%s: Exception info %s", hdev->name, (char *)(skb->data + 1)); | |
2320 | ||
2321 | kfree_skb(skb); | |
2322 | } | |
2323 | ||
cb8d6597 MH |
2324 | static int btusb_set_bdaddr_intel(struct hci_dev *hdev, const bdaddr_t *bdaddr) |
2325 | { | |
2326 | struct sk_buff *skb; | |
2327 | long ret; | |
2328 | ||
2329 | skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); | |
2330 | if (IS_ERR(skb)) { | |
2331 | ret = PTR_ERR(skb); | |
2332 | BT_ERR("%s: changing Intel device address failed (%ld)", | |
89e7533d | 2333 | hdev->name, ret); |
cb8d6597 MH |
2334 | return ret; |
2335 | } | |
2336 | kfree_skb(skb); | |
2337 | ||
2338 | return 0; | |
2339 | } | |
2340 | ||
bfbd45e9 THJA |
2341 | static int btusb_shutdown_intel(struct hci_dev *hdev) |
2342 | { | |
2343 | struct sk_buff *skb; | |
2344 | long ret; | |
2345 | ||
2346 | /* Some platforms have an issue with BT LED when the interface is | |
2347 | * down or BT radio is turned off, which takes 5 seconds to BT LED | |
2348 | * goes off. This command turns off the BT LED immediately. | |
2349 | */ | |
2350 | skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); | |
2351 | if (IS_ERR(skb)) { | |
2352 | ret = PTR_ERR(skb); | |
2353 | BT_ERR("%s: turning off Intel device LED failed (%ld)", | |
2354 | hdev->name, ret); | |
2355 | return ret; | |
2356 | } | |
2357 | kfree_skb(skb); | |
2358 | ||
2359 | return 0; | |
2360 | } | |
2361 | ||
ae8df494 AK |
2362 | static int btusb_set_bdaddr_marvell(struct hci_dev *hdev, |
2363 | const bdaddr_t *bdaddr) | |
2364 | { | |
2365 | struct sk_buff *skb; | |
2366 | u8 buf[8]; | |
2367 | long ret; | |
2368 | ||
2369 | buf[0] = 0xfe; | |
2370 | buf[1] = sizeof(bdaddr_t); | |
2371 | memcpy(buf + 2, bdaddr, sizeof(bdaddr_t)); | |
2372 | ||
2373 | skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT); | |
2374 | if (IS_ERR(skb)) { | |
2375 | ret = PTR_ERR(skb); | |
2376 | BT_ERR("%s: changing Marvell device address failed (%ld)", | |
2377 | hdev->name, ret); | |
2378 | return ret; | |
2379 | } | |
2380 | kfree_skb(skb); | |
2381 | ||
2382 | return 0; | |
2383 | } | |
2384 | ||
18835dfa MH |
2385 | static const struct { |
2386 | u16 subver; | |
2387 | const char *name; | |
2388 | } bcm_subver_table[] = { | |
2389 | { 0x210b, "BCM43142A0" }, /* 001.001.011 */ | |
2390 | { 0x2112, "BCM4314A0" }, /* 001.001.018 */ | |
2391 | { 0x2118, "BCM20702A0" }, /* 001.001.024 */ | |
2392 | { 0x2126, "BCM4335A0" }, /* 001.001.038 */ | |
2393 | { 0x220e, "BCM20702A1" }, /* 001.002.014 */ | |
2394 | { 0x230f, "BCM4354A2" }, /* 001.003.015 */ | |
2395 | { 0x4106, "BCM4335B0" }, /* 002.001.006 */ | |
2396 | { 0x410e, "BCM20702B0" }, /* 002.001.014 */ | |
2397 | { 0x6109, "BCM4335C0" }, /* 003.001.009 */ | |
2398 | { 0x610c, "BCM4354" }, /* 003.001.012 */ | |
2399 | { } | |
2400 | }; | |
2401 | ||
c8abb73f MH |
2402 | #define BDADDR_BCM20702A0 (&(bdaddr_t) {{0x00, 0xa0, 0x02, 0x70, 0x20, 0x00}}) |
2403 | ||
10d4c673 PG |
2404 | static int btusb_setup_bcm_patchram(struct hci_dev *hdev) |
2405 | { | |
2406 | struct btusb_data *data = hci_get_drvdata(hdev); | |
2407 | struct usb_device *udev = data->udev; | |
2408 | char fw_name[64]; | |
2409 | const struct firmware *fw; | |
2410 | const u8 *fw_ptr; | |
2411 | size_t fw_size; | |
2412 | const struct hci_command_hdr *cmd; | |
2413 | const u8 *cmd_param; | |
18835dfa MH |
2414 | u16 opcode, subver, rev; |
2415 | const char *hw_name = NULL; | |
10d4c673 PG |
2416 | struct sk_buff *skb; |
2417 | struct hci_rp_read_local_version *ver; | |
c8abb73f | 2418 | struct hci_rp_read_bd_addr *bda; |
10d4c673 | 2419 | long ret; |
18835dfa | 2420 | int i; |
10d4c673 PG |
2421 | |
2422 | /* Reset */ | |
2423 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
2424 | if (IS_ERR(skb)) { | |
2425 | ret = PTR_ERR(skb); | |
2426 | BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); | |
18835dfa | 2427 | return ret; |
10d4c673 PG |
2428 | } |
2429 | kfree_skb(skb); | |
2430 | ||
2431 | /* Read Local Version Info */ | |
2432 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, | |
2433 | HCI_INIT_TIMEOUT); | |
2434 | if (IS_ERR(skb)) { | |
2435 | ret = PTR_ERR(skb); | |
2436 | BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", | |
89e7533d | 2437 | hdev->name, ret); |
18835dfa | 2438 | return ret; |
10d4c673 PG |
2439 | } |
2440 | ||
2441 | if (skb->len != sizeof(*ver)) { | |
2442 | BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", | |
89e7533d | 2443 | hdev->name); |
10d4c673 | 2444 | kfree_skb(skb); |
18835dfa | 2445 | return -EIO; |
10d4c673 PG |
2446 | } |
2447 | ||
89e7533d | 2448 | ver = (struct hci_rp_read_local_version *)skb->data; |
18835dfa MH |
2449 | rev = le16_to_cpu(ver->hci_rev); |
2450 | subver = le16_to_cpu(ver->lmp_subver); | |
10d4c673 PG |
2451 | kfree_skb(skb); |
2452 | ||
18835dfa MH |
2453 | for (i = 0; bcm_subver_table[i].name; i++) { |
2454 | if (subver == bcm_subver_table[i].subver) { | |
2455 | hw_name = bcm_subver_table[i].name; | |
2456 | break; | |
2457 | } | |
2458 | } | |
2459 | ||
2460 | BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name, | |
2461 | hw_name ? : "BCM", (subver & 0x7000) >> 13, | |
2462 | (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff); | |
2463 | ||
2464 | snprintf(fw_name, sizeof(fw_name), "brcm/%s-%4.4x-%4.4x.hcd", | |
2465 | hw_name ? : "BCM", | |
2466 | le16_to_cpu(udev->descriptor.idVendor), | |
2467 | le16_to_cpu(udev->descriptor.idProduct)); | |
2468 | ||
2469 | ret = request_firmware(&fw, fw_name, &hdev->dev); | |
2470 | if (ret < 0) { | |
2471 | BT_INFO("%s: BCM: patch %s not found", hdev->name, fw_name); | |
2472 | return 0; | |
2473 | } | |
2474 | ||
10d4c673 PG |
2475 | /* Start Download */ |
2476 | skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); | |
2477 | if (IS_ERR(skb)) { | |
2478 | ret = PTR_ERR(skb); | |
2479 | BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", | |
89e7533d | 2480 | hdev->name, ret); |
10d4c673 PG |
2481 | goto reset_fw; |
2482 | } | |
2483 | kfree_skb(skb); | |
2484 | ||
2485 | /* 50 msec delay after Download Minidrv completes */ | |
2486 | msleep(50); | |
2487 | ||
2488 | fw_ptr = fw->data; | |
2489 | fw_size = fw->size; | |
2490 | ||
2491 | while (fw_size >= sizeof(*cmd)) { | |
89e7533d | 2492 | cmd = (struct hci_command_hdr *)fw_ptr; |
10d4c673 PG |
2493 | fw_ptr += sizeof(*cmd); |
2494 | fw_size -= sizeof(*cmd); | |
2495 | ||
2496 | if (fw_size < cmd->plen) { | |
2497 | BT_ERR("%s: BCM: patch %s is corrupted", | |
89e7533d | 2498 | hdev->name, fw_name); |
10d4c673 PG |
2499 | ret = -EINVAL; |
2500 | goto reset_fw; | |
2501 | } | |
2502 | ||
2503 | cmd_param = fw_ptr; | |
2504 | fw_ptr += cmd->plen; | |
2505 | fw_size -= cmd->plen; | |
2506 | ||
2507 | opcode = le16_to_cpu(cmd->opcode); | |
2508 | ||
2509 | skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, | |
2510 | HCI_INIT_TIMEOUT); | |
2511 | if (IS_ERR(skb)) { | |
2512 | ret = PTR_ERR(skb); | |
2513 | BT_ERR("%s: BCM: patch command %04x failed (%ld)", | |
89e7533d | 2514 | hdev->name, opcode, ret); |
10d4c673 PG |
2515 | goto reset_fw; |
2516 | } | |
2517 | kfree_skb(skb); | |
2518 | } | |
2519 | ||
2520 | /* 250 msec delay after Launch Ram completes */ | |
2521 | msleep(250); | |
2522 | ||
2523 | reset_fw: | |
2524 | /* Reset */ | |
2525 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
2526 | if (IS_ERR(skb)) { | |
2527 | ret = PTR_ERR(skb); | |
2528 | BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); | |
2529 | goto done; | |
2530 | } | |
2531 | kfree_skb(skb); | |
2532 | ||
2533 | /* Read Local Version Info */ | |
2534 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, | |
2535 | HCI_INIT_TIMEOUT); | |
2536 | if (IS_ERR(skb)) { | |
2537 | ret = PTR_ERR(skb); | |
2538 | BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", | |
89e7533d | 2539 | hdev->name, ret); |
10d4c673 PG |
2540 | goto done; |
2541 | } | |
2542 | ||
2543 | if (skb->len != sizeof(*ver)) { | |
2544 | BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", | |
89e7533d | 2545 | hdev->name); |
10d4c673 PG |
2546 | kfree_skb(skb); |
2547 | ret = -EIO; | |
2548 | goto done; | |
2549 | } | |
2550 | ||
89e7533d | 2551 | ver = (struct hci_rp_read_local_version *)skb->data; |
18835dfa MH |
2552 | rev = le16_to_cpu(ver->hci_rev); |
2553 | subver = le16_to_cpu(ver->lmp_subver); | |
10d4c673 PG |
2554 | kfree_skb(skb); |
2555 | ||
18835dfa MH |
2556 | BT_INFO("%s: %s (%3.3u.%3.3u.%3.3u) build %4.4u", hdev->name, |
2557 | hw_name ? : "BCM", (subver & 0x7000) >> 13, | |
2558 | (subver & 0x1f00) >> 8, (subver & 0x00ff), rev & 0x0fff); | |
2559 | ||
c8abb73f MH |
2560 | /* Read BD Address */ |
2561 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, | |
2562 | HCI_INIT_TIMEOUT); | |
2563 | if (IS_ERR(skb)) { | |
2564 | ret = PTR_ERR(skb); | |
2565 | BT_ERR("%s: HCI_OP_READ_BD_ADDR failed (%ld)", | |
89e7533d | 2566 | hdev->name, ret); |
c8abb73f MH |
2567 | goto done; |
2568 | } | |
2569 | ||
2570 | if (skb->len != sizeof(*bda)) { | |
2571 | BT_ERR("%s: HCI_OP_READ_BD_ADDR event length mismatch", | |
89e7533d | 2572 | hdev->name); |
c8abb73f MH |
2573 | kfree_skb(skb); |
2574 | ret = -EIO; | |
2575 | goto done; | |
2576 | } | |
2577 | ||
89e7533d | 2578 | bda = (struct hci_rp_read_bd_addr *)skb->data; |
c8abb73f MH |
2579 | if (bda->status) { |
2580 | BT_ERR("%s: HCI_OP_READ_BD_ADDR error status (%02x)", | |
2581 | hdev->name, bda->status); | |
2582 | kfree_skb(skb); | |
2583 | ret = -bt_to_errno(bda->status); | |
2584 | goto done; | |
2585 | } | |
2586 | ||
2587 | /* The address 00:20:70:02:A0:00 indicates a BCM20702A0 controller | |
2588 | * with no configured address. | |
2589 | */ | |
849e5086 | 2590 | if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0)) { |
c8abb73f MH |
2591 | BT_INFO("%s: BCM: using default device address (%pMR)", |
2592 | hdev->name, &bda->bdaddr); | |
849e5086 MH |
2593 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); |
2594 | } | |
c8abb73f MH |
2595 | |
2596 | kfree_skb(skb); | |
2597 | ||
10d4c673 PG |
2598 | done: |
2599 | release_firmware(fw); | |
2600 | ||
2601 | return ret; | |
2602 | } | |
2603 | ||
abbaf50e MH |
2604 | static int btusb_set_bdaddr_bcm(struct hci_dev *hdev, const bdaddr_t *bdaddr) |
2605 | { | |
2606 | struct sk_buff *skb; | |
2607 | long ret; | |
2608 | ||
2609 | skb = __hci_cmd_sync(hdev, 0xfc01, 6, bdaddr, HCI_INIT_TIMEOUT); | |
2610 | if (IS_ERR(skb)) { | |
2611 | ret = PTR_ERR(skb); | |
2612 | BT_ERR("%s: BCM: Change address command failed (%ld)", | |
89e7533d | 2613 | hdev->name, ret); |
abbaf50e MH |
2614 | return ret; |
2615 | } | |
2616 | kfree_skb(skb); | |
2617 | ||
2618 | return 0; | |
2619 | } | |
2620 | ||
5859223e TK |
2621 | static int btusb_set_bdaddr_ath3012(struct hci_dev *hdev, |
2622 | const bdaddr_t *bdaddr) | |
2623 | { | |
2624 | struct sk_buff *skb; | |
2625 | u8 buf[10]; | |
2626 | long ret; | |
2627 | ||
2628 | buf[0] = 0x01; | |
2629 | buf[1] = 0x01; | |
2630 | buf[2] = 0x00; | |
2631 | buf[3] = sizeof(bdaddr_t); | |
2632 | memcpy(buf + 4, bdaddr, sizeof(bdaddr_t)); | |
2633 | ||
2634 | skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT); | |
2635 | if (IS_ERR(skb)) { | |
2636 | ret = PTR_ERR(skb); | |
2637 | BT_ERR("%s: Change address command failed (%ld)", | |
2638 | hdev->name, ret); | |
2639 | return ret; | |
2640 | } | |
2641 | kfree_skb(skb); | |
2642 | ||
2643 | return 0; | |
2644 | } | |
2645 | ||
3267c884 KBYT |
2646 | #define QCA_DFU_PACKET_LEN 4096 |
2647 | ||
2648 | #define QCA_GET_TARGET_VERSION 0x09 | |
2649 | #define QCA_CHECK_STATUS 0x05 | |
2650 | #define QCA_DFU_DOWNLOAD 0x01 | |
2651 | ||
2652 | #define QCA_SYSCFG_UPDATED 0x40 | |
2653 | #define QCA_PATCH_UPDATED 0x80 | |
2654 | #define QCA_DFU_TIMEOUT 3000 | |
2655 | ||
2656 | struct qca_version { | |
2657 | __le32 rom_version; | |
2658 | __le32 patch_version; | |
2659 | __le32 ram_version; | |
2660 | __le32 ref_clock; | |
2661 | __u8 reserved[4]; | |
2662 | } __packed; | |
2663 | ||
2664 | struct qca_rampatch_version { | |
2665 | __le16 rom_version; | |
2666 | __le16 patch_version; | |
2667 | } __packed; | |
2668 | ||
2669 | struct qca_device_info { | |
2670 | __le32 rom_version; | |
2671 | __u8 rampatch_hdr; /* length of header in rampatch */ | |
2672 | __u8 nvm_hdr; /* length of header in NVM */ | |
2673 | __u8 ver_offset; /* offset of version structure in rampatch */ | |
2674 | }; | |
2675 | ||
2676 | static const struct qca_device_info qca_devices_table[] = { | |
2677 | { 0x00000100, 20, 4, 10 }, /* Rome 1.0 */ | |
2678 | { 0x00000101, 20, 4, 10 }, /* Rome 1.1 */ | |
2679 | { 0x00000201, 28, 4, 18 }, /* Rome 2.1 */ | |
2680 | { 0x00000300, 28, 4, 18 }, /* Rome 3.0 */ | |
2681 | { 0x00000302, 28, 4, 18 }, /* Rome 3.2 */ | |
2682 | }; | |
2683 | ||
2684 | static int btusb_qca_send_vendor_req(struct hci_dev *hdev, u8 request, | |
2685 | void *data, u16 size) | |
2686 | { | |
2687 | struct btusb_data *btdata = hci_get_drvdata(hdev); | |
2688 | struct usb_device *udev = btdata->udev; | |
2689 | int pipe, err; | |
2690 | u8 *buf; | |
2691 | ||
2692 | buf = kmalloc(size, GFP_KERNEL); | |
2693 | if (!buf) | |
2694 | return -ENOMEM; | |
2695 | ||
2696 | /* Found some of USB hosts have IOT issues with ours so that we should | |
2697 | * not wait until HCI layer is ready. | |
2698 | */ | |
2699 | pipe = usb_rcvctrlpipe(udev, 0); | |
2700 | err = usb_control_msg(udev, pipe, request, USB_TYPE_VENDOR | USB_DIR_IN, | |
2701 | 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); | |
2702 | if (err < 0) { | |
2703 | BT_ERR("%s: Failed to access otp area (%d)", hdev->name, err); | |
2704 | goto done; | |
2705 | } | |
2706 | ||
2707 | memcpy(data, buf, size); | |
2708 | ||
2709 | done: | |
2710 | kfree(buf); | |
2711 | ||
2712 | return err; | |
2713 | } | |
2714 | ||
2715 | static int btusb_setup_qca_download_fw(struct hci_dev *hdev, | |
2716 | const struct firmware *firmware, | |
2717 | size_t hdr_size) | |
2718 | { | |
2719 | struct btusb_data *btdata = hci_get_drvdata(hdev); | |
2720 | struct usb_device *udev = btdata->udev; | |
2721 | size_t count, size, sent = 0; | |
2722 | int pipe, len, err; | |
2723 | u8 *buf; | |
2724 | ||
2725 | buf = kmalloc(QCA_DFU_PACKET_LEN, GFP_KERNEL); | |
2726 | if (!buf) | |
2727 | return -ENOMEM; | |
2728 | ||
2729 | count = firmware->size; | |
2730 | ||
2731 | size = min_t(size_t, count, hdr_size); | |
2732 | memcpy(buf, firmware->data, size); | |
2733 | ||
2734 | /* USB patches should go down to controller through USB path | |
2735 | * because binary format fits to go down through USB channel. | |
2736 | * USB control path is for patching headers and USB bulk is for | |
2737 | * patch body. | |
2738 | */ | |
2739 | pipe = usb_sndctrlpipe(udev, 0); | |
2740 | err = usb_control_msg(udev, pipe, QCA_DFU_DOWNLOAD, USB_TYPE_VENDOR, | |
2741 | 0, 0, buf, size, USB_CTRL_SET_TIMEOUT); | |
2742 | if (err < 0) { | |
2743 | BT_ERR("%s: Failed to send headers (%d)", hdev->name, err); | |
2744 | goto done; | |
2745 | } | |
2746 | ||
2747 | sent += size; | |
2748 | count -= size; | |
2749 | ||
2750 | while (count) { | |
2751 | size = min_t(size_t, count, QCA_DFU_PACKET_LEN); | |
2752 | ||
2753 | memcpy(buf, firmware->data + sent, size); | |
2754 | ||
2755 | pipe = usb_sndbulkpipe(udev, 0x02); | |
2756 | err = usb_bulk_msg(udev, pipe, buf, size, &len, | |
2757 | QCA_DFU_TIMEOUT); | |
2758 | if (err < 0) { | |
2759 | BT_ERR("%s: Failed to send body at %zd of %zd (%d)", | |
2760 | hdev->name, sent, firmware->size, err); | |
2761 | break; | |
2762 | } | |
2763 | ||
2764 | if (size != len) { | |
2765 | BT_ERR("%s: Failed to get bulk buffer", hdev->name); | |
2766 | err = -EILSEQ; | |
2767 | break; | |
2768 | } | |
2769 | ||
2770 | sent += size; | |
2771 | count -= size; | |
2772 | } | |
2773 | ||
2774 | done: | |
2775 | kfree(buf); | |
2776 | return err; | |
2777 | } | |
2778 | ||
2779 | static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, | |
2780 | struct qca_version *ver, | |
2781 | const struct qca_device_info *info) | |
2782 | { | |
2783 | struct qca_rampatch_version *rver; | |
2784 | const struct firmware *fw; | |
2785 | char fwname[64]; | |
2786 | int err; | |
2787 | ||
2788 | snprintf(fwname, sizeof(fwname), "qca/rampatch_usb_%08x.bin", | |
2789 | le32_to_cpu(ver->rom_version)); | |
2790 | ||
2791 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2792 | if (err) { | |
2793 | BT_ERR("%s: failed to request rampatch file: %s (%d)", | |
2794 | hdev->name, fwname, err); | |
2795 | return err; | |
2796 | } | |
2797 | ||
2798 | BT_INFO("%s: using rampatch file: %s", hdev->name, fwname); | |
2799 | rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset); | |
2800 | BT_INFO("%s: QCA: patch rome 0x%x build 0x%x, firmware rome 0x%x " | |
2801 | "build 0x%x", hdev->name, le16_to_cpu(rver->rom_version), | |
2802 | le16_to_cpu(rver->patch_version), le32_to_cpu(ver->rom_version), | |
2803 | le32_to_cpu(ver->patch_version)); | |
2804 | ||
2805 | if (rver->rom_version != ver->rom_version || | |
2806 | rver->patch_version <= ver->patch_version) { | |
2807 | BT_ERR("%s: rampatch file version did not match with firmware", | |
2808 | hdev->name); | |
2809 | err = -EINVAL; | |
2810 | goto done; | |
2811 | } | |
2812 | ||
2813 | err = btusb_setup_qca_download_fw(hdev, fw, info->rampatch_hdr); | |
2814 | ||
2815 | done: | |
2816 | release_firmware(fw); | |
2817 | ||
2818 | return err; | |
2819 | } | |
2820 | ||
2821 | static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, | |
2822 | struct qca_version *ver, | |
2823 | const struct qca_device_info *info) | |
2824 | { | |
2825 | const struct firmware *fw; | |
2826 | char fwname[64]; | |
2827 | int err; | |
2828 | ||
2829 | snprintf(fwname, sizeof(fwname), "qca/nvm_usb_%08x.bin", | |
2830 | le32_to_cpu(ver->rom_version)); | |
2831 | ||
2832 | err = request_firmware(&fw, fwname, &hdev->dev); | |
2833 | if (err) { | |
2834 | BT_ERR("%s: failed to request NVM file: %s (%d)", | |
2835 | hdev->name, fwname, err); | |
2836 | return err; | |
2837 | } | |
2838 | ||
2839 | BT_INFO("%s: using NVM file: %s", hdev->name, fwname); | |
2840 | ||
2841 | err = btusb_setup_qca_download_fw(hdev, fw, info->nvm_hdr); | |
2842 | ||
2843 | release_firmware(fw); | |
2844 | ||
2845 | return err; | |
2846 | } | |
2847 | ||
2848 | static int btusb_setup_qca(struct hci_dev *hdev) | |
2849 | { | |
2850 | const struct qca_device_info *info = NULL; | |
2851 | struct qca_version ver; | |
2852 | u8 status; | |
2853 | int i, err; | |
2854 | ||
2855 | err = btusb_qca_send_vendor_req(hdev, QCA_GET_TARGET_VERSION, &ver, | |
2856 | sizeof(ver)); | |
2857 | if (err < 0) | |
2858 | return err; | |
2859 | ||
2860 | for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) { | |
2861 | if (ver.rom_version == qca_devices_table[i].rom_version) | |
2862 | info = &qca_devices_table[i]; | |
2863 | } | |
2864 | if (!info) { | |
2865 | BT_ERR("%s: don't support firmware rome 0x%x", hdev->name, | |
2866 | le32_to_cpu(ver.rom_version)); | |
2867 | return -ENODEV; | |
2868 | } | |
2869 | ||
2870 | err = btusb_qca_send_vendor_req(hdev, QCA_CHECK_STATUS, &status, | |
2871 | sizeof(status)); | |
2872 | if (err < 0) | |
2873 | return err; | |
2874 | ||
2875 | if (!(status & QCA_PATCH_UPDATED)) { | |
2876 | err = btusb_setup_qca_load_rampatch(hdev, &ver, info); | |
2877 | if (err < 0) | |
2878 | return err; | |
2879 | } | |
2880 | ||
2881 | if (!(status & QCA_SYSCFG_UPDATED)) { | |
2882 | err = btusb_setup_qca_load_nvm(hdev, &ver, info); | |
2883 | if (err < 0) | |
2884 | return err; | |
2885 | } | |
2886 | ||
2887 | return 0; | |
2888 | } | |
2889 | ||
5e23b923 | 2890 | static int btusb_probe(struct usb_interface *intf, |
89e7533d | 2891 | const struct usb_device_id *id) |
5e23b923 MH |
2892 | { |
2893 | struct usb_endpoint_descriptor *ep_desc; | |
2894 | struct btusb_data *data; | |
2895 | struct hci_dev *hdev; | |
2896 | int i, err; | |
2897 | ||
2898 | BT_DBG("intf %p id %p", intf, id); | |
2899 | ||
cfeb4145 | 2900 | /* interface numbers are hardcoded in the spec */ |
5e23b923 MH |
2901 | if (intf->cur_altsetting->desc.bInterfaceNumber != 0) |
2902 | return -ENODEV; | |
2903 | ||
2904 | if (!id->driver_info) { | |
2905 | const struct usb_device_id *match; | |
89e7533d | 2906 | |
5e23b923 MH |
2907 | match = usb_match_id(intf, blacklist_table); |
2908 | if (match) | |
2909 | id = match; | |
2910 | } | |
2911 | ||
cfeb4145 MH |
2912 | if (id->driver_info == BTUSB_IGNORE) |
2913 | return -ENODEV; | |
2914 | ||
2d25f8b4 SL |
2915 | if (id->driver_info & BTUSB_ATH3012) { |
2916 | struct usb_device *udev = interface_to_usbdev(intf); | |
2917 | ||
2918 | /* Old firmware would otherwise let ath3k driver load | |
2919 | * patch and sysconfig files */ | |
2920 | if (le16_to_cpu(udev->descriptor.bcdDevice) <= 0x0001) | |
2921 | return -ENODEV; | |
2922 | } | |
2923 | ||
98921dbd | 2924 | data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL); |
5e23b923 MH |
2925 | if (!data) |
2926 | return -ENOMEM; | |
2927 | ||
2928 | for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { | |
2929 | ep_desc = &intf->cur_altsetting->endpoint[i].desc; | |
2930 | ||
2931 | if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) { | |
2932 | data->intr_ep = ep_desc; | |
2933 | continue; | |
2934 | } | |
2935 | ||
2936 | if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) { | |
2937 | data->bulk_tx_ep = ep_desc; | |
2938 | continue; | |
2939 | } | |
2940 | ||
2941 | if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) { | |
2942 | data->bulk_rx_ep = ep_desc; | |
2943 | continue; | |
2944 | } | |
2945 | } | |
2946 | ||
98921dbd | 2947 | if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) |
5e23b923 | 2948 | return -ENODEV; |
5e23b923 | 2949 | |
893ba544 MH |
2950 | if (id->driver_info & BTUSB_AMP) { |
2951 | data->cmdreq_type = USB_TYPE_CLASS | 0x01; | |
2952 | data->cmdreq = 0x2b; | |
2953 | } else { | |
2954 | data->cmdreq_type = USB_TYPE_CLASS; | |
2955 | data->cmdreq = 0x00; | |
2956 | } | |
7a9d4020 | 2957 | |
5e23b923 | 2958 | data->udev = interface_to_usbdev(intf); |
5fbcd260 | 2959 | data->intf = intf; |
5e23b923 | 2960 | |
5e23b923 | 2961 | INIT_WORK(&data->work, btusb_work); |
7bee549e | 2962 | INIT_WORK(&data->waker, btusb_waker); |
803b5836 MH |
2963 | init_usb_anchor(&data->deferred); |
2964 | init_usb_anchor(&data->tx_anchor); | |
7bee549e | 2965 | spin_lock_init(&data->txlock); |
5e23b923 | 2966 | |
5e23b923 MH |
2967 | init_usb_anchor(&data->intr_anchor); |
2968 | init_usb_anchor(&data->bulk_anchor); | |
9bfa35fe | 2969 | init_usb_anchor(&data->isoc_anchor); |
803b5836 | 2970 | spin_lock_init(&data->rxlock); |
5e23b923 | 2971 | |
cda0dd78 MH |
2972 | if (id->driver_info & BTUSB_INTEL_NEW) { |
2973 | data->recv_event = btusb_recv_event_intel; | |
2974 | data->recv_bulk = btusb_recv_bulk_intel; | |
2975 | set_bit(BTUSB_BOOTLOADER, &data->flags); | |
2976 | } else { | |
2977 | data->recv_event = hci_recv_frame; | |
2978 | data->recv_bulk = btusb_recv_bulk; | |
2979 | } | |
2cbd3f5c | 2980 | |
5e23b923 | 2981 | hdev = hci_alloc_dev(); |
98921dbd | 2982 | if (!hdev) |
5e23b923 | 2983 | return -ENOMEM; |
5e23b923 | 2984 | |
c13854ce | 2985 | hdev->bus = HCI_USB; |
155961e8 | 2986 | hci_set_drvdata(hdev, data); |
5e23b923 | 2987 | |
893ba544 MH |
2988 | if (id->driver_info & BTUSB_AMP) |
2989 | hdev->dev_type = HCI_AMP; | |
2990 | else | |
2991 | hdev->dev_type = HCI_BREDR; | |
2992 | ||
5e23b923 MH |
2993 | data->hdev = hdev; |
2994 | ||
2995 | SET_HCIDEV_DEV(hdev, &intf->dev); | |
2996 | ||
9f8f962c MH |
2997 | hdev->open = btusb_open; |
2998 | hdev->close = btusb_close; | |
2999 | hdev->flush = btusb_flush; | |
3000 | hdev->send = btusb_send_frame; | |
3001 | hdev->notify = btusb_notify; | |
3002 | ||
3003 | if (id->driver_info & BTUSB_BCM92035) | |
3004 | hdev->setup = btusb_setup_bcm92035; | |
5e23b923 | 3005 | |
abbaf50e | 3006 | if (id->driver_info & BTUSB_BCM_PATCHRAM) { |
10d4c673 | 3007 | hdev->setup = btusb_setup_bcm_patchram; |
abbaf50e | 3008 | hdev->set_bdaddr = btusb_set_bdaddr_bcm; |
27c3fbe0 | 3009 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
abbaf50e | 3010 | } |
10d4c673 | 3011 | |
cb8d6597 | 3012 | if (id->driver_info & BTUSB_INTEL) { |
dffd30ee | 3013 | hdev->setup = btusb_setup_intel; |
bfbd45e9 | 3014 | hdev->shutdown = btusb_shutdown_intel; |
cb8d6597 | 3015 | hdev->set_bdaddr = btusb_set_bdaddr_intel; |
c33fb9b4 | 3016 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
cb8d6597 | 3017 | } |
dffd30ee | 3018 | |
cda0dd78 MH |
3019 | if (id->driver_info & BTUSB_INTEL_NEW) { |
3020 | hdev->send = btusb_send_frame_intel; | |
3021 | hdev->setup = btusb_setup_intel_new; | |
385a768c | 3022 | hdev->hw_error = btusb_hw_error_intel; |
cda0dd78 | 3023 | hdev->set_bdaddr = btusb_set_bdaddr_intel; |
b970c5ba | 3024 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
cda0dd78 MH |
3025 | } |
3026 | ||
ae8df494 AK |
3027 | if (id->driver_info & BTUSB_MARVELL) |
3028 | hdev->set_bdaddr = btusb_set_bdaddr_marvell; | |
3029 | ||
661cf88a MH |
3030 | if (id->driver_info & BTUSB_SWAVE) { |
3031 | set_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks); | |
d57dbe77 | 3032 | set_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks); |
661cf88a | 3033 | } |
d57dbe77 | 3034 | |
40df783d MH |
3035 | if (id->driver_info & BTUSB_INTEL_BOOT) |
3036 | set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); | |
3037 | ||
79f0c87d | 3038 | if (id->driver_info & BTUSB_ATH3012) { |
5859223e | 3039 | hdev->set_bdaddr = btusb_set_bdaddr_ath3012; |
79f0c87d JP |
3040 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); |
3041 | } | |
5859223e | 3042 | |
3267c884 KBYT |
3043 | if (id->driver_info & BTUSB_QCA_ROME) { |
3044 | data->setup_on_usb = btusb_setup_qca; | |
3045 | hdev->set_bdaddr = btusb_set_bdaddr_ath3012; | |
3046 | } | |
3047 | ||
893ba544 MH |
3048 | if (id->driver_info & BTUSB_AMP) { |
3049 | /* AMP controllers do not support SCO packets */ | |
3050 | data->isoc = NULL; | |
3051 | } else { | |
3052 | /* Interface numbers are hardcoded in the specification */ | |
3053 | data->isoc = usb_ifnum_to_if(data->udev, 1); | |
3054 | } | |
9bfa35fe | 3055 | |
7a9d4020 | 3056 | if (!reset) |
a6c511c6 | 3057 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
cfeb4145 MH |
3058 | |
3059 | if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) { | |
3060 | if (!disable_scofix) | |
3061 | set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); | |
3062 | } | |
3063 | ||
9bfa35fe MH |
3064 | if (id->driver_info & BTUSB_BROKEN_ISOC) |
3065 | data->isoc = NULL; | |
3066 | ||
7a9d4020 MH |
3067 | if (id->driver_info & BTUSB_DIGIANSWER) { |
3068 | data->cmdreq_type = USB_TYPE_VENDOR; | |
a6c511c6 | 3069 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
7a9d4020 MH |
3070 | } |
3071 | ||
3072 | if (id->driver_info & BTUSB_CSR) { | |
3073 | struct usb_device *udev = data->udev; | |
81cac64b | 3074 | u16 bcdDevice = le16_to_cpu(udev->descriptor.bcdDevice); |
7a9d4020 MH |
3075 | |
3076 | /* Old firmware would otherwise execute USB reset */ | |
81cac64b | 3077 | if (bcdDevice < 0x117) |
a6c511c6 | 3078 | set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); |
81cac64b MH |
3079 | |
3080 | /* Fake CSR devices with broken commands */ | |
3081 | if (bcdDevice <= 0x100) | |
3082 | hdev->setup = btusb_setup_csr; | |
7a9d4020 MH |
3083 | } |
3084 | ||
cfeb4145 | 3085 | if (id->driver_info & BTUSB_SNIFFER) { |
9bfa35fe | 3086 | struct usb_device *udev = data->udev; |
cfeb4145 | 3087 | |
7a9d4020 | 3088 | /* New sniffer firmware has crippled HCI interface */ |
cfeb4145 MH |
3089 | if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) |
3090 | set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); | |
3091 | } | |
3092 | ||
3a5ef20c MH |
3093 | if (id->driver_info & BTUSB_INTEL_BOOT) { |
3094 | /* A bug in the bootloader causes that interrupt interface is | |
3095 | * only enabled after receiving SetInterface(0, AltSetting=0). | |
3096 | */ | |
3097 | err = usb_set_interface(data->udev, 0, 0); | |
3098 | if (err < 0) { | |
3099 | BT_ERR("failed to set interface 0, alt 0 %d", err); | |
3100 | hci_free_dev(hdev); | |
3101 | return err; | |
3102 | } | |
3103 | } | |
3104 | ||
9bfa35fe MH |
3105 | if (data->isoc) { |
3106 | err = usb_driver_claim_interface(&btusb_driver, | |
89e7533d | 3107 | data->isoc, data); |
9bfa35fe MH |
3108 | if (err < 0) { |
3109 | hci_free_dev(hdev); | |
9bfa35fe MH |
3110 | return err; |
3111 | } | |
3112 | } | |
3113 | ||
5e23b923 MH |
3114 | err = hci_register_dev(hdev); |
3115 | if (err < 0) { | |
3116 | hci_free_dev(hdev); | |
5e23b923 MH |
3117 | return err; |
3118 | } | |
3119 | ||
3120 | usb_set_intfdata(intf, data); | |
3121 | ||
3122 | return 0; | |
3123 | } | |
3124 | ||
3125 | static void btusb_disconnect(struct usb_interface *intf) | |
3126 | { | |
3127 | struct btusb_data *data = usb_get_intfdata(intf); | |
3128 | struct hci_dev *hdev; | |
3129 | ||
3130 | BT_DBG("intf %p", intf); | |
3131 | ||
3132 | if (!data) | |
3133 | return; | |
3134 | ||
3135 | hdev = data->hdev; | |
5fbcd260 MH |
3136 | usb_set_intfdata(data->intf, NULL); |
3137 | ||
3138 | if (data->isoc) | |
3139 | usb_set_intfdata(data->isoc, NULL); | |
5e23b923 MH |
3140 | |
3141 | hci_unregister_dev(hdev); | |
3142 | ||
5fbcd260 MH |
3143 | if (intf == data->isoc) |
3144 | usb_driver_release_interface(&btusb_driver, data->intf); | |
3145 | else if (data->isoc) | |
3146 | usb_driver_release_interface(&btusb_driver, data->isoc); | |
3147 | ||
5e23b923 MH |
3148 | hci_free_dev(hdev); |
3149 | } | |
3150 | ||
7bee549e | 3151 | #ifdef CONFIG_PM |
6a88adf2 MH |
3152 | static int btusb_suspend(struct usb_interface *intf, pm_message_t message) |
3153 | { | |
3154 | struct btusb_data *data = usb_get_intfdata(intf); | |
3155 | ||
3156 | BT_DBG("intf %p", intf); | |
3157 | ||
3158 | if (data->suspend_count++) | |
3159 | return 0; | |
3160 | ||
7bee549e | 3161 | spin_lock_irq(&data->txlock); |
5b1b0b81 | 3162 | if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) { |
7bee549e ON |
3163 | set_bit(BTUSB_SUSPENDING, &data->flags); |
3164 | spin_unlock_irq(&data->txlock); | |
3165 | } else { | |
3166 | spin_unlock_irq(&data->txlock); | |
3167 | data->suspend_count--; | |
3168 | return -EBUSY; | |
3169 | } | |
3170 | ||
6a88adf2 MH |
3171 | cancel_work_sync(&data->work); |
3172 | ||
7bee549e | 3173 | btusb_stop_traffic(data); |
6a88adf2 MH |
3174 | usb_kill_anchored_urbs(&data->tx_anchor); |
3175 | ||
6a88adf2 MH |
3176 | return 0; |
3177 | } | |
3178 | ||
7bee549e ON |
3179 | static void play_deferred(struct btusb_data *data) |
3180 | { | |
3181 | struct urb *urb; | |
3182 | int err; | |
3183 | ||
3184 | while ((urb = usb_get_from_anchor(&data->deferred))) { | |
3185 | err = usb_submit_urb(urb, GFP_ATOMIC); | |
3186 | if (err < 0) | |
3187 | break; | |
3188 | ||
3189 | data->tx_in_flight++; | |
3190 | } | |
3191 | usb_scuttle_anchored_urbs(&data->deferred); | |
3192 | } | |
3193 | ||
6a88adf2 MH |
3194 | static int btusb_resume(struct usb_interface *intf) |
3195 | { | |
3196 | struct btusb_data *data = usb_get_intfdata(intf); | |
3197 | struct hci_dev *hdev = data->hdev; | |
7bee549e | 3198 | int err = 0; |
6a88adf2 MH |
3199 | |
3200 | BT_DBG("intf %p", intf); | |
3201 | ||
3202 | if (--data->suspend_count) | |
3203 | return 0; | |
3204 | ||
3205 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
7bee549e | 3206 | goto done; |
6a88adf2 MH |
3207 | |
3208 | if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { | |
3209 | err = btusb_submit_intr_urb(hdev, GFP_NOIO); | |
3210 | if (err < 0) { | |
3211 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | |
7bee549e | 3212 | goto failed; |
6a88adf2 MH |
3213 | } |
3214 | } | |
3215 | ||
3216 | if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { | |
43c2e57f MH |
3217 | err = btusb_submit_bulk_urb(hdev, GFP_NOIO); |
3218 | if (err < 0) { | |
6a88adf2 | 3219 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); |
7bee549e ON |
3220 | goto failed; |
3221 | } | |
3222 | ||
3223 | btusb_submit_bulk_urb(hdev, GFP_NOIO); | |
6a88adf2 MH |
3224 | } |
3225 | ||
3226 | if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { | |
3227 | if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0) | |
3228 | clear_bit(BTUSB_ISOC_RUNNING, &data->flags); | |
3229 | else | |
3230 | btusb_submit_isoc_urb(hdev, GFP_NOIO); | |
3231 | } | |
3232 | ||
7bee549e ON |
3233 | spin_lock_irq(&data->txlock); |
3234 | play_deferred(data); | |
3235 | clear_bit(BTUSB_SUSPENDING, &data->flags); | |
3236 | spin_unlock_irq(&data->txlock); | |
3237 | schedule_work(&data->work); | |
3238 | ||
6a88adf2 | 3239 | return 0; |
7bee549e ON |
3240 | |
3241 | failed: | |
3242 | usb_scuttle_anchored_urbs(&data->deferred); | |
3243 | done: | |
3244 | spin_lock_irq(&data->txlock); | |
3245 | clear_bit(BTUSB_SUSPENDING, &data->flags); | |
3246 | spin_unlock_irq(&data->txlock); | |
3247 | ||
3248 | return err; | |
6a88adf2 | 3249 | } |
7bee549e | 3250 | #endif |
6a88adf2 | 3251 | |
5e23b923 MH |
3252 | static struct usb_driver btusb_driver = { |
3253 | .name = "btusb", | |
3254 | .probe = btusb_probe, | |
3255 | .disconnect = btusb_disconnect, | |
7bee549e | 3256 | #ifdef CONFIG_PM |
6a88adf2 MH |
3257 | .suspend = btusb_suspend, |
3258 | .resume = btusb_resume, | |
7bee549e | 3259 | #endif |
5e23b923 | 3260 | .id_table = btusb_table, |
7bee549e | 3261 | .supports_autosuspend = 1, |
e1f12eb6 | 3262 | .disable_hub_initiated_lpm = 1, |
5e23b923 MH |
3263 | }; |
3264 | ||
93f1508c | 3265 | module_usb_driver(btusb_driver); |
5e23b923 | 3266 | |
cfeb4145 MH |
3267 | module_param(disable_scofix, bool, 0644); |
3268 | MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); | |
3269 | ||
3270 | module_param(force_scofix, bool, 0644); | |
3271 | MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); | |
3272 | ||
3273 | module_param(reset, bool, 0644); | |
3274 | MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); | |
3275 | ||
5e23b923 MH |
3276 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
3277 | MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION); | |
3278 | MODULE_VERSION(VERSION); | |
3279 | MODULE_LICENSE("GPL"); |