1/* 2 HCI USB driver for Linux Bluetooth protocol stack (BlueZ) 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 5 6 Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24*/ 25 26/* 27 * Bluetooth HCI USB driver. 28 * Based on original USB Bluetooth driver for Linux kernel 29 * Copyright (c) 2000 Greg Kroah-Hartman <greg@kroah.com> 30 * Copyright (c) 2000 Mark Douglas Corner <mcorner@umich.edu> 31 * 32 */ 33 34#include <linux/module.h> 35 36#include <linux/kernel.h> 37#include <linux/init.h> 38#include <linux/unistd.h> 39#include <linux/types.h> 40#include <linux/interrupt.h> 41#include <linux/moduleparam.h> 42 43#include <linux/slab.h> 44#include <linux/errno.h> 45#include <linux/string.h> 46#include <linux/skbuff.h> 47 48#include <linux/usb.h> 49 50#include <net/bluetooth/bluetooth.h> 51#include <net/bluetooth/hci_core.h> 52 53#include "hci_usb.h" 54 55#ifndef CONFIG_BT_HCIUSB_DEBUG 56#undef BT_DBG 57#define BT_DBG(D...) 58#endif 59 60#ifndef CONFIG_BT_HCIUSB_ZERO_PACKET 61#undef URB_ZERO_PACKET 62#define URB_ZERO_PACKET 0 63#endif 64 65static int ignore = 0; 66static int ignore_dga = 0; 67static int ignore_csr = 0; 68static int ignore_sniffer = 0; 69static int disable_scofix = 0; 70static int force_scofix = 0; 71static int reset = 0; 72 73#ifdef CONFIG_BT_HCIUSB_SCO 74static int isoc = 2; 75#endif 76 77#define VERSION "2.9" 78 79static struct usb_driver hci_usb_driver; 80 81static struct usb_device_id bluetooth_ids[] = { 82 /* Generic Bluetooth USB device */ 83 { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) }, 84 85 /* AVM BlueFRITZ! USB v2.0 */ 86 { USB_DEVICE(0x057c, 0x3800) }, 87 88 /* Bluetooth Ultraport Module from IBM */ 89 { USB_DEVICE(0x04bf, 0x030a) }, 90 91 /* ALPS Modules with non-standard id */ 92 { USB_DEVICE(0x044e, 0x3001) }, 93 { USB_DEVICE(0x044e, 0x3002) }, 94 95 /* Ericsson with non-standard id */ 96 { USB_DEVICE(0x0bdb, 0x1002) }, 97 98 /* Canyon CN-BTU1 with HID interfaces */ 99 { USB_DEVICE(0x0c10, 0x0000), .driver_info = HCI_RESET }, 100 101 { } /* Terminating entry */ 102}; 103 104MODULE_DEVICE_TABLE (usb, bluetooth_ids); 105 106static struct usb_device_id blacklist_ids[] = { 107 /* CSR BlueCore devices */ 108 { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR }, 109 110 /* Broadcom BCM2033 without firmware */ 111 { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE }, 112 113 /* Broadcom BCM2035 */ 114 { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 115 { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 }, 116 117 /* Broadcom BCM2045 */ 118 { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 119 120 /* IBM/Lenovo ThinkPad with Broadcom chip */ 121 { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 122 { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 123 124 /* Targus ACB10US */ 125 { USB_DEVICE(0x0a5c, 0x2100), .driver_info = HCI_RESET }, 126 127 /* ANYCOM Bluetooth USB-200 and USB-250 */ 128 { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, 129 130 /* HP laptop with Broadcom chip */ 131 { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 132 133 /* Dell laptop with Broadcom chip */ 134 { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 135 136 /* Microsoft Wireless Transceiver for Bluetooth 2.0 */ 137 { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, 138 139 /* Kensington Bluetooth USB adapter */ 140 { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET }, 141 { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 142 143 /* ISSC Bluetooth Adapter v3.1 */ 144 { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET }, 145 146 /* RTX Telecom based adapters with buggy SCO support */ 147 { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC }, 148 { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC }, 149 150 /* Belkin F8T012 and F8T013 devices */ 151 { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 152 { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, 153 154 /* Digianswer devices */ 155 { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER }, 156 { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE }, 157 158 /* CSR BlueCore Bluetooth Sniffer */ 159 { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER }, 160 161 /* Frontline ComProbe Bluetooth Sniffer */ 162 { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER }, 163 164 { } /* Terminating entry */ 165}; 166 167static struct _urb *_urb_alloc(int isoc, gfp_t gfp) 168{ 169 struct _urb *_urb = kmalloc(sizeof(struct _urb) + 170 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp); 171 if (_urb) { 172 memset(_urb, 0, sizeof(*_urb)); 173 usb_init_urb(&_urb->urb); 174 } 175 return _urb; 176} 177 178static struct _urb *_urb_dequeue(struct _urb_queue *q) 179{ 180 struct _urb *_urb = NULL; 181 unsigned long flags; 182 spin_lock_irqsave(&q->lock, flags); 183 { 184 struct list_head *head = &q->head; 185 struct list_head *next = head->next; 186 if (next != head) { 187 _urb = list_entry(next, struct _urb, list); 188 list_del(next); _urb->queue = NULL; 189 } 190 } 191 spin_unlock_irqrestore(&q->lock, flags); 192 return _urb; 193} 194 195static void hci_usb_rx_complete(struct urb *urb); 196static void hci_usb_tx_complete(struct urb *urb); 197 198#define __pending_tx(husb, type) (&husb->pending_tx[type-1]) 199#define __pending_q(husb, type) (&husb->pending_q[type-1]) 200#define __completed_q(husb, type) (&husb->completed_q[type-1]) 201#define __transmit_q(husb, type) (&husb->transmit_q[type-1]) 202#define __reassembly(husb, type) (husb->reassembly[type-1]) 203 204static inline struct _urb *__get_completed(struct hci_usb *husb, int type) 205{ 206 return _urb_dequeue(__completed_q(husb, type)); 207} 208 209#ifdef CONFIG_BT_HCIUSB_SCO 210static void __fill_isoc_desc(struct urb *urb, int len, int mtu) 211{ 212 int offset = 0, i; 213 214 BT_DBG("len %d mtu %d", len, mtu); 215 216 for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) { 217 urb->iso_frame_desc[i].offset = offset; 218 urb->iso_frame_desc[i].length = mtu; 219 BT_DBG("desc %d offset %d len %d", i, offset, mtu); 220 } 221 if (len && i < HCI_MAX_ISOC_FRAMES) { 222 urb->iso_frame_desc[i].offset = offset; 223 urb->iso_frame_desc[i].length = len; 224 BT_DBG("desc %d offset %d len %d", i, offset, len); 225 i++; 226 } 227 urb->number_of_packets = i; 228} 229#endif 230 231static int hci_usb_intr_rx_submit(struct hci_usb *husb) 232{ 233 struct _urb *_urb; 234 struct urb *urb; 235 int err, pipe, interval, size; 236 void *buf; 237 238 BT_DBG("%s", husb->hdev->name); 239 240 size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize); 241 242 buf = kmalloc(size, GFP_ATOMIC); 243 if (!buf) 244 return -ENOMEM; 245 246 _urb = _urb_alloc(0, GFP_ATOMIC); 247 if (!_urb) { 248 kfree(buf); 249 return -ENOMEM; 250 } 251 _urb->type = HCI_EVENT_PKT; 252 _urb_queue_tail(__pending_q(husb, _urb->type), _urb); 253 254 urb = &_urb->urb; 255 pipe = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress); 256 interval = husb->intr_in_ep->desc.bInterval; 257 usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval); 258 259 err = usb_submit_urb(urb, GFP_ATOMIC); 260 if (err) { 261 BT_ERR("%s intr rx submit failed urb %p err %d", 262 husb->hdev->name, urb, err); 263 _urb_unlink(_urb); 264 _urb_free(_urb); 265 kfree(buf); 266 } 267 return err; 268} 269 270static int hci_usb_bulk_rx_submit(struct hci_usb *husb) 271{ 272 struct _urb *_urb; 273 struct urb *urb; 274 int err, pipe, size = HCI_MAX_FRAME_SIZE; 275 void *buf; 276 277 buf = kmalloc(size, GFP_ATOMIC); 278 if (!buf) 279 return -ENOMEM; 280 281 _urb = _urb_alloc(0, GFP_ATOMIC); 282 if (!_urb) { 283 kfree(buf); 284 return -ENOMEM; 285 } 286 _urb->type = HCI_ACLDATA_PKT; 287 _urb_queue_tail(__pending_q(husb, _urb->type), _urb); 288 289 urb = &_urb->urb; 290 pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress); 291 usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb); 292 urb->transfer_flags = 0; 293 294 BT_DBG("%s urb %p", husb->hdev->name, urb); 295 296 err = usb_submit_urb(urb, GFP_ATOMIC); 297 if (err) { 298 BT_ERR("%s bulk rx submit failed urb %p err %d", 299 husb->hdev->name, urb, err); 300 _urb_unlink(_urb); 301 _urb_free(_urb); 302 kfree(buf); 303 } 304 return err; 305} 306 307#ifdef CONFIG_BT_HCIUSB_SCO 308static int hci_usb_isoc_rx_submit(struct hci_usb *husb) 309{ 310 struct _urb *_urb; 311 struct urb *urb; 312 int err, mtu, size; 313 void *buf; 314 315 mtu = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize); 316 size = mtu * HCI_MAX_ISOC_FRAMES; 317 318 buf = kmalloc(size, GFP_ATOMIC); 319 if (!buf) 320 return -ENOMEM; 321 322 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC); 323 if (!_urb) { 324 kfree(buf); 325 return -ENOMEM; 326 } 327 _urb->type = HCI_SCODATA_PKT; 328 _urb_queue_tail(__pending_q(husb, _urb->type), _urb); 329 330 urb = &_urb->urb; 331 332 urb->context = husb; 333 urb->dev = husb->udev; 334 urb->pipe = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress); 335 urb->complete = hci_usb_rx_complete; 336 337 urb->interval = husb->isoc_in_ep->desc.bInterval; 338 339 urb->transfer_buffer_length = size; 340 urb->transfer_buffer = buf; 341 urb->transfer_flags = URB_ISO_ASAP; 342 343 __fill_isoc_desc(urb, size, mtu); 344 345 BT_DBG("%s urb %p", husb->hdev->name, urb); 346 347 err = usb_submit_urb(urb, GFP_ATOMIC); 348 if (err) { 349 BT_ERR("%s isoc rx submit failed urb %p err %d", 350 husb->hdev->name, urb, err); 351 _urb_unlink(_urb); 352 _urb_free(_urb); 353 kfree(buf); 354 } 355 return err; 356} 357#endif 358 359/* Initialize device */ 360static int hci_usb_open(struct hci_dev *hdev) 361{ 362 struct hci_usb *husb = (struct hci_usb *) hdev->driver_data; 363 int i, err; 364 unsigned long flags; 365 366 BT_DBG("%s", hdev->name); 367 368 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 369 return 0; 370 371 write_lock_irqsave(&husb->completion_lock, flags); 372 373 err = hci_usb_intr_rx_submit(husb); 374 if (!err) { 375 for (i = 0; i < HCI_MAX_BULK_RX; i++) 376 hci_usb_bulk_rx_submit(husb); 377 378#ifdef CONFIG_BT_HCIUSB_SCO 379 if (husb->isoc_iface) 380 for (i = 0; i < HCI_MAX_ISOC_RX; i++) 381 hci_usb_isoc_rx_submit(husb); 382#endif 383 } else { 384 clear_bit(HCI_RUNNING, &hdev->flags); 385 } 386 387 write_unlock_irqrestore(&husb->completion_lock, flags); 388 return err; 389} 390 391/* Reset device */ 392static int hci_usb_flush(struct hci_dev *hdev) 393{ 394 struct hci_usb *husb = (struct hci_usb *) hdev->driver_data; 395 int i; 396 397 BT_DBG("%s", hdev->name); 398 399 for (i = 0; i < 4; i++) 400 skb_queue_purge(&husb->transmit_q[i]); 401 return 0; 402} 403 404static void hci_usb_unlink_urbs(struct hci_usb *husb) 405{ 406 int i; 407 408 BT_DBG("%s", husb->hdev->name); 409 410 for (i = 0; i < 4; i++) { 411 struct _urb *_urb; 412 struct urb *urb; 413 414 /* Kill pending requests */ 415 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) { 416 urb = &_urb->urb; 417 BT_DBG("%s unlinking _urb %p type %d urb %p", 418 husb->hdev->name, _urb, _urb->type, urb); 419 usb_kill_urb(urb); 420 _urb_queue_tail(__completed_q(husb, _urb->type), _urb); 421 } 422 423 /* Release completed requests */ 424 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) { 425 urb = &_urb->urb; 426 BT_DBG("%s freeing _urb %p type %d urb %p", 427 husb->hdev->name, _urb, _urb->type, urb); 428 kfree(urb->setup_packet); 429 kfree(urb->transfer_buffer); 430 _urb_free(_urb); 431 } 432 433 /* Release reassembly buffers */ 434 if (husb->reassembly[i]) { 435 kfree_skb(husb->reassembly[i]); 436 husb->reassembly[i] = NULL; 437 } 438 } 439} 440 441/* Close device */ 442static int hci_usb_close(struct hci_dev *hdev) 443{ 444 struct hci_usb *husb = (struct hci_usb *) hdev->driver_data; 445 unsigned long flags; 446 447 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags)) 448 return 0; 449 450 BT_DBG("%s", hdev->name); 451 452 /* Synchronize with completion handlers */ 453 write_lock_irqsave(&husb->completion_lock, flags); 454 write_unlock_irqrestore(&husb->completion_lock, flags); 455 456 hci_usb_unlink_urbs(husb); 457 hci_usb_flush(hdev); 458 return 0; 459} 460 461static int __tx_submit(struct hci_usb *husb, struct _urb *_urb) 462{ 463 struct urb *urb = &_urb->urb; 464 int err; 465 466 BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type); 467 468 _urb_queue_tail(__pending_q(husb, _urb->type), _urb); 469 err = usb_submit_urb(urb, GFP_ATOMIC); 470 if (err) { 471 BT_ERR("%s tx submit failed urb %p type %d err %d", 472 husb->hdev->name, urb, _urb->type, err); 473 _urb_unlink(_urb); 474 _urb_queue_tail(__completed_q(husb, _urb->type), _urb); 475 } else 476 atomic_inc(__pending_tx(husb, _urb->type)); 477 478 return err; 479} 480 481static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb) 482{ 483 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type); 484 struct usb_ctrlrequest *dr; 485 struct urb *urb; 486 487 if (!_urb) { 488 _urb = _urb_alloc(0, GFP_ATOMIC); 489 if (!_urb) 490 return -ENOMEM; 491 _urb->type = bt_cb(skb)->pkt_type; 492 493 dr = kmalloc(sizeof(*dr), GFP_ATOMIC); 494 if (!dr) { 495 _urb_free(_urb); 496 return -ENOMEM; 497 } 498 } else 499 dr = (void *) _urb->urb.setup_packet; 500 501 dr->bRequestType = husb->ctrl_req; 502 dr->bRequest = 0; 503 dr->wIndex = 0; 504 dr->wValue = 0; 505 dr->wLength = __cpu_to_le16(skb->len); 506 507 urb = &_urb->urb; 508 usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0), 509 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb); 510 511 BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len); 512 513 _urb->priv = skb; 514 return __tx_submit(husb, _urb); 515} 516 517static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb) 518{ 519 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type); 520 struct urb *urb; 521 int pipe; 522 523 if (!_urb) { 524 _urb = _urb_alloc(0, GFP_ATOMIC); 525 if (!_urb) 526 return -ENOMEM; 527 _urb->type = bt_cb(skb)->pkt_type; 528 } 529 530 urb = &_urb->urb; 531 pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress); 532 usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 533 hci_usb_tx_complete, husb); 534 urb->transfer_flags = URB_ZERO_PACKET; 535 536 BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len); 537 538 _urb->priv = skb; 539 return __tx_submit(husb, _urb); 540} 541 542#ifdef CONFIG_BT_HCIUSB_SCO 543static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb) 544{ 545 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type); 546 struct urb *urb; 547 548 if (!_urb) { 549 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC); 550 if (!_urb) 551 return -ENOMEM; 552 _urb->type = bt_cb(skb)->pkt_type; 553 } 554 555 BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len); 556 557 urb = &_urb->urb; 558 559 urb->context = husb; 560 urb->dev = husb->udev; 561 urb->pipe = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress); 562 urb->complete = hci_usb_tx_complete; 563 urb->transfer_flags = URB_ISO_ASAP; 564 565 urb->interval = husb->isoc_out_ep->desc.bInterval; 566 567 urb->transfer_buffer = skb->data; 568 urb->transfer_buffer_length = skb->len; 569 570 __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize)); 571 572 _urb->priv = skb; 573 return __tx_submit(husb, _urb); 574} 575#endif 576 577static void hci_usb_tx_process(struct hci_usb *husb) 578{ 579 struct sk_buff_head *q; 580 struct sk_buff *skb; 581 582 BT_DBG("%s", husb->hdev->name); 583 584 do { 585 clear_bit(HCI_USB_TX_WAKEUP, &husb->state); 586 587 /* Process command queue */ 588 q = __transmit_q(husb, HCI_COMMAND_PKT); 589 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) && 590 (skb = skb_dequeue(q))) { 591 if (hci_usb_send_ctrl(husb, skb) < 0) 592 skb_queue_head(q, skb); 593 } 594 595#ifdef CONFIG_BT_HCIUSB_SCO 596 /* Process SCO queue */ 597 q = __transmit_q(husb, HCI_SCODATA_PKT); 598 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX && 599 (skb = skb_dequeue(q))) { 600 if (hci_usb_send_isoc(husb, skb) < 0) 601 skb_queue_head(q, skb); 602 } 603#endif 604 605 /* Process ACL queue */ 606 q = __transmit_q(husb, HCI_ACLDATA_PKT); 607 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX && 608 (skb = skb_dequeue(q))) { 609 if (hci_usb_send_bulk(husb, skb) < 0) { 610 skb_queue_head(q, skb); 611 break; 612 } 613 } 614 } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state)); 615} 616 617static inline void hci_usb_tx_wakeup(struct hci_usb *husb) 618{ 619 /* Serialize TX queue processing to avoid data reordering */ 620 if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) { 621 hci_usb_tx_process(husb); 622 clear_bit(HCI_USB_TX_PROCESS, &husb->state); 623 } else 624 set_bit(HCI_USB_TX_WAKEUP, &husb->state); 625} 626 627/* Send frames from HCI layer */ 628static int hci_usb_send_frame(struct sk_buff *skb) 629{ 630 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 631 struct hci_usb *husb; 632 633 if (!hdev) { 634 BT_ERR("frame for uknown device (hdev=NULL)"); 635 return -ENODEV; 636 } 637 638 if (!test_bit(HCI_RUNNING, &hdev->flags)) 639 return -EBUSY; 640 641 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 642 643 husb = (struct hci_usb *) hdev->driver_data; 644 645 switch (bt_cb(skb)->pkt_type) { 646 case HCI_COMMAND_PKT: 647 hdev->stat.cmd_tx++; 648 break; 649 650 case HCI_ACLDATA_PKT: 651 hdev->stat.acl_tx++; 652 break; 653 654#ifdef CONFIG_BT_HCIUSB_SCO 655 case HCI_SCODATA_PKT: 656 hdev->stat.sco_tx++; 657 break; 658#endif 659 660 default: 661 kfree_skb(skb); 662 return 0; 663 } 664 665 read_lock(&husb->completion_lock); 666 667 skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb); 668 hci_usb_tx_wakeup(husb); 669 670 read_unlock(&husb->completion_lock); 671 return 0; 672} 673 674static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count) 675{ 676 BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count); 677 678 husb->hdev->stat.byte_rx += count; 679 680 while (count) { 681 struct sk_buff *skb = __reassembly(husb, type); 682 struct { int expect; } *scb; 683 int len = 0; 684 685 if (!skb) { 686 /* Start of the frame */ 687 688 switch (type) { 689 case HCI_EVENT_PKT: 690 if (count >= HCI_EVENT_HDR_SIZE) { 691 struct hci_event_hdr *h = data; 692 len = HCI_EVENT_HDR_SIZE + h->plen; 693 } else 694 return -EILSEQ; 695 break; 696 697 case HCI_ACLDATA_PKT: 698 if (count >= HCI_ACL_HDR_SIZE) { 699 struct hci_acl_hdr *h = data; 700 len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen); 701 } else 702 return -EILSEQ; 703 break; 704#ifdef CONFIG_BT_HCIUSB_SCO 705 case HCI_SCODATA_PKT: 706 if (count >= HCI_SCO_HDR_SIZE) { 707 struct hci_sco_hdr *h = data; 708 len = HCI_SCO_HDR_SIZE + h->dlen; 709 } else 710 return -EILSEQ; 711 break; 712#endif 713 } 714 BT_DBG("new packet len %d", len); 715 716 skb = bt_skb_alloc(len, GFP_ATOMIC); 717 if (!skb) { 718 BT_ERR("%s no memory for the packet", husb->hdev->name); 719 return -ENOMEM; 720 } 721 skb->dev = (void *) husb->hdev; 722 bt_cb(skb)->pkt_type = type; 723 724 __reassembly(husb, type) = skb; 725 726 scb = (void *) skb->cb; 727 scb->expect = len; 728 } else { 729 /* Continuation */ 730 scb = (void *) skb->cb; 731 len = scb->expect; 732 } 733 734 len = min(len, count); 735 736 memcpy(skb_put(skb, len), data, len); 737 738 scb->expect -= len; 739 if (!scb->expect) { 740 /* Complete frame */ 741 __reassembly(husb, type) = NULL; 742 bt_cb(skb)->pkt_type = type; 743 hci_recv_frame(skb); 744 } 745 746 count -= len; data += len; 747 } 748 return 0; 749} 750 751static void hci_usb_rx_complete(struct urb *urb) 752{ 753 struct _urb *_urb = container_of(urb, struct _urb, urb); 754 struct hci_usb *husb = (void *) urb->context; 755 struct hci_dev *hdev = husb->hdev; 756 int err, count = urb->actual_length; 757 758 BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb, 759 _urb->type, urb->status, count, urb->transfer_flags); 760 761 read_lock(&husb->completion_lock); 762 763 if (!test_bit(HCI_RUNNING, &hdev->flags)) 764 goto unlock; 765 766 if (urb->status || !count) 767 goto resubmit; 768 769 if (_urb->type == HCI_SCODATA_PKT) { 770#ifdef CONFIG_BT_HCIUSB_SCO 771 int i; 772 for (i=0; i < urb->number_of_packets; i++) { 773 BT_DBG("desc %d status %d offset %d len %d", i, 774 urb->iso_frame_desc[i].status, 775 urb->iso_frame_desc[i].offset, 776 urb->iso_frame_desc[i].actual_length); 777 778 if (!urb->iso_frame_desc[i].status) 779 __recv_frame(husb, _urb->type, 780 urb->transfer_buffer + urb->iso_frame_desc[i].offset, 781 urb->iso_frame_desc[i].actual_length); 782 } 783#else 784 ; 785#endif 786 } else { 787 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count); 788 if (err < 0) { 789 BT_ERR("%s corrupted packet: type %d count %d", 790 husb->hdev->name, _urb->type, count); 791 hdev->stat.err_rx++; 792 } 793 } 794 795resubmit: 796 urb->dev = husb->udev; 797 err = usb_submit_urb(urb, GFP_ATOMIC); 798 BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb, 799 _urb->type, err); 800 801unlock: 802 read_unlock(&husb->completion_lock); 803} 804 805static void hci_usb_tx_complete(struct urb *urb) 806{ 807 struct _urb *_urb = container_of(urb, struct _urb, urb); 808 struct hci_usb *husb = (void *) urb->context; 809 struct hci_dev *hdev = husb->hdev; 810 811 BT_DBG("%s urb %p status %d flags %x", hdev->name, urb, 812 urb->status, urb->transfer_flags); 813 814 atomic_dec(__pending_tx(husb, _urb->type)); 815 816 urb->transfer_buffer = NULL; 817 kfree_skb((struct sk_buff *) _urb->priv); 818 819 if (!test_bit(HCI_RUNNING, &hdev->flags)) 820 return; 821 822 if (!urb->status) 823 hdev->stat.byte_tx += urb->transfer_buffer_length; 824 else 825 hdev->stat.err_tx++; 826 827 read_lock(&husb->completion_lock); 828 829 _urb_unlink(_urb); 830 _urb_queue_tail(__completed_q(husb, _urb->type), _urb); 831 832 hci_usb_tx_wakeup(husb); 833 834 read_unlock(&husb->completion_lock); 835} 836 837static void hci_usb_destruct(struct hci_dev *hdev) 838{ 839 struct hci_usb *husb = (struct hci_usb *) hdev->driver_data; 840 841 BT_DBG("%s", hdev->name); 842 843 kfree(husb); 844} 845 846static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt) 847{ 848 BT_DBG("%s evt %d", hdev->name, evt); 849} 850 851static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id) 852{ 853 struct usb_device *udev = interface_to_usbdev(intf); 854 struct usb_host_endpoint *bulk_out_ep = NULL; 855 struct usb_host_endpoint *bulk_in_ep = NULL; 856 struct usb_host_endpoint *intr_in_ep = NULL; 857 struct usb_host_endpoint *ep; 858 struct usb_host_interface *uif; 859 struct usb_interface *isoc_iface; 860 struct hci_usb *husb; 861 struct hci_dev *hdev; 862 int i, e, size, isoc_ifnum, isoc_alts; 863 864 BT_DBG("udev %p intf %p", udev, intf); 865 866 if (!id->driver_info) { 867 const struct usb_device_id *match; 868 match = usb_match_id(intf, blacklist_ids); 869 if (match) 870 id = match; 871 } 872 873 if (ignore || id->driver_info & HCI_IGNORE) 874 return -ENODEV; 875 876 if (ignore_dga && id->driver_info & HCI_DIGIANSWER) 877 return -ENODEV; 878 879 if (ignore_csr && id->driver_info & HCI_CSR) 880 return -ENODEV; 881 882 if (ignore_sniffer && id->driver_info & HCI_SNIFFER) 883 return -ENODEV; 884 885 if (intf->cur_altsetting->desc.bInterfaceNumber > 0) 886 return -ENODEV; 887 888 /* Find endpoints that we need */ 889 uif = intf->cur_altsetting; 890 for (e = 0; e < uif->desc.bNumEndpoints; e++) { 891 ep = &uif->endpoint[e]; 892 893 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) { 894 case USB_ENDPOINT_XFER_INT: 895 if (ep->desc.bEndpointAddress & USB_DIR_IN) 896 intr_in_ep = ep; 897 break; 898 899 case USB_ENDPOINT_XFER_BULK: 900 if (ep->desc.bEndpointAddress & USB_DIR_IN) 901 bulk_in_ep = ep; 902 else 903 bulk_out_ep = ep; 904 break; 905 } 906 } 907 908 if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) { 909 BT_DBG("Bulk endpoints not found"); 910 goto done; 911 } 912 913 if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) { 914 BT_ERR("Can't allocate: control structure"); 915 goto done; 916 } 917 918 husb->udev = udev; 919 husb->bulk_out_ep = bulk_out_ep; 920 husb->bulk_in_ep = bulk_in_ep; 921 husb->intr_in_ep = intr_in_ep; 922 923 if (id->driver_info & HCI_DIGIANSWER) 924 husb->ctrl_req = USB_TYPE_VENDOR; 925 else 926 husb->ctrl_req = USB_TYPE_CLASS; 927 928 /* Find isochronous endpoints that we can use */ 929 size = 0; 930 isoc_iface = NULL; 931 isoc_alts = 0; 932 isoc_ifnum = 1; 933 934#ifdef CONFIG_BT_HCIUSB_SCO 935 if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER))) 936 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum); 937 938 if (isoc_iface) { 939 int a; 940 struct usb_host_endpoint *isoc_out_ep = NULL; 941 struct usb_host_endpoint *isoc_in_ep = NULL; 942 943 for (a = 0; a < isoc_iface->num_altsetting; a++) { 944 uif = &isoc_iface->altsetting[a]; 945 for (e = 0; e < uif->desc.bNumEndpoints; e++) { 946 ep = &uif->endpoint[e]; 947 948 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) { 949 case USB_ENDPOINT_XFER_ISOC: 950 if (le16_to_cpu(ep->desc.wMaxPacketSize) < size || 951 uif->desc.bAlternateSetting != isoc) 952 break; 953 size = le16_to_cpu(ep->desc.wMaxPacketSize); 954 955 isoc_alts = uif->desc.bAlternateSetting; 956 957 if (ep->desc.bEndpointAddress & USB_DIR_IN) 958 isoc_in_ep = ep; 959 else 960 isoc_out_ep = ep; 961 break; 962 } 963 } 964 } 965 966 if (!isoc_in_ep || !isoc_out_ep) 967 BT_DBG("Isoc endpoints not found"); 968 else { 969 BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts); 970 if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0) 971 BT_ERR("Can't claim isoc interface"); 972 else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) { 973 BT_ERR("Can't set isoc interface settings"); 974 husb->isoc_iface = isoc_iface; 975 usb_driver_release_interface(&hci_usb_driver, isoc_iface); 976 husb->isoc_iface = NULL; 977 } else { 978 husb->isoc_iface = isoc_iface; 979 husb->isoc_in_ep = isoc_in_ep; 980 husb->isoc_out_ep = isoc_out_ep; 981 } 982 } 983 } 984#endif 985 986 rwlock_init(&husb->completion_lock); 987 988 for (i = 0; i < 4; i++) { 989 skb_queue_head_init(&husb->transmit_q[i]); 990 _urb_queue_init(&husb->pending_q[i]); 991 _urb_queue_init(&husb->completed_q[i]); 992 } 993 994 /* Initialize and register HCI device */ 995 hdev = hci_alloc_dev(); 996 if (!hdev) { 997 BT_ERR("Can't allocate HCI device"); 998 goto probe_error; 999 } 1000 1001 husb->hdev = hdev; 1002 1003 hdev->type = HCI_USB; 1004 hdev->driver_data = husb; 1005 SET_HCIDEV_DEV(hdev, &intf->dev); 1006 1007 hdev->open = hci_usb_open; 1008 hdev->close = hci_usb_close; 1009 hdev->flush = hci_usb_flush; 1010 hdev->send = hci_usb_send_frame; 1011 hdev->destruct = hci_usb_destruct; 1012 hdev->notify = hci_usb_notify; 1013 1014 hdev->owner = THIS_MODULE; 1015 1016 if (reset || id->driver_info & HCI_RESET) 1017 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks); 1018 1019 if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) { 1020 if (!disable_scofix) 1021 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 1022 } 1023 1024 if (id->driver_info & HCI_SNIFFER) { 1025 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 1026 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); 1027 } 1028 1029 if (id->driver_info & HCI_BCM92035) { 1030 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 }; 1031 struct sk_buff *skb; 1032 1033 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); 1034 if (skb) { 1035 memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd)); 1036 skb_queue_tail(&hdev->driver_init, skb); 1037 } 1038 } 1039 1040 if (hci_register_dev(hdev) < 0) { 1041 BT_ERR("Can't register HCI device"); 1042 hci_free_dev(hdev); 1043 goto probe_error; 1044 } 1045 1046 usb_set_intfdata(intf, husb); 1047 return 0; 1048 1049probe_error: 1050 if (husb->isoc_iface) 1051 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface); 1052 kfree(husb); 1053 1054done: 1055 return -EIO; 1056} 1057 1058static void hci_usb_disconnect(struct usb_interface *intf) 1059{ 1060 struct hci_usb *husb = usb_get_intfdata(intf); 1061 struct hci_dev *hdev; 1062 1063 if (!husb || intf == husb->isoc_iface) 1064 return; 1065 1066 usb_set_intfdata(intf, NULL); 1067 hdev = husb->hdev; 1068 1069 BT_DBG("%s", hdev->name); 1070 1071 hci_usb_close(hdev); 1072 1073 if (husb->isoc_iface) 1074 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface); 1075 1076 if (hci_unregister_dev(hdev) < 0) 1077 BT_ERR("Can't unregister HCI device %s", hdev->name); 1078 1079 hci_free_dev(hdev); 1080} 1081 1082static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message) 1083{ 1084 struct hci_usb *husb = usb_get_intfdata(intf); 1085 struct list_head killed; 1086 unsigned long flags; 1087 int i; 1088 1089 if (!husb || intf == husb->isoc_iface) 1090 return 0; 1091 1092 hci_suspend_dev(husb->hdev); 1093 1094 INIT_LIST_HEAD(&killed); 1095 1096 for (i = 0; i < 4; i++) { 1097 struct _urb_queue *q = &husb->pending_q[i]; 1098 struct _urb *_urb, *_tmp; 1099 1100 while ((_urb = _urb_dequeue(q))) { 1101 /* reset queue since _urb_dequeue sets it to NULL */ 1102 _urb->queue = q; 1103 usb_kill_urb(&_urb->urb); 1104 list_add(&_urb->list, &killed); 1105 } 1106 1107 spin_lock_irqsave(&q->lock, flags); 1108 1109 list_for_each_entry_safe(_urb, _tmp, &killed, list) { 1110 list_move_tail(&_urb->list, &q->head); 1111 } 1112 1113 spin_unlock_irqrestore(&q->lock, flags); 1114 } 1115 1116 return 0; 1117} 1118 1119static int hci_usb_resume(struct usb_interface *intf) 1120{ 1121 struct hci_usb *husb = usb_get_intfdata(intf); 1122 unsigned long flags; 1123 int i, err = 0; 1124 1125 if (!husb || intf == husb->isoc_iface) 1126 return 0; 1127 1128 for (i = 0; i < 4; i++) { 1129 struct _urb_queue *q = &husb->pending_q[i]; 1130 struct _urb *_urb; 1131 1132 spin_lock_irqsave(&q->lock, flags); 1133 1134 list_for_each_entry(_urb, &q->head, list) { 1135 err = usb_submit_urb(&_urb->urb, GFP_ATOMIC); 1136 if (err) 1137 break; 1138 } 1139 1140 spin_unlock_irqrestore(&q->lock, flags); 1141 1142 if (err) 1143 return -EIO; 1144 } 1145 1146 hci_resume_dev(husb->hdev); 1147 1148 return 0; 1149} 1150 1151static struct usb_driver hci_usb_driver = { 1152 .name = "hci_usb", 1153 .probe = hci_usb_probe, 1154 .disconnect = hci_usb_disconnect, 1155 .suspend = hci_usb_suspend, 1156 .resume = hci_usb_resume, 1157 .id_table = bluetooth_ids, 1158}; 1159 1160static int __init hci_usb_init(void) 1161{ 1162 int err; 1163 1164 BT_INFO("HCI USB driver ver %s", VERSION); 1165 1166 if ((err = usb_register(&hci_usb_driver)) < 0) 1167 BT_ERR("Failed to register HCI USB driver"); 1168 1169 return err; 1170} 1171 1172static void __exit hci_usb_exit(void) 1173{ 1174 usb_deregister(&hci_usb_driver); 1175} 1176 1177module_init(hci_usb_init); 1178module_exit(hci_usb_exit); 1179 1180module_param(ignore, bool, 0644); 1181MODULE_PARM_DESC(ignore, "Ignore devices from the matching table"); 1182 1183module_param(ignore_dga, bool, 0644); 1184MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001"); 1185 1186module_param(ignore_csr, bool, 0644); 1187MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001"); 1188 1189module_param(ignore_sniffer, bool, 0644); 1190MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002"); 1191 1192module_param(disable_scofix, bool, 0644); 1193MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size"); 1194 1195module_param(force_scofix, bool, 0644); 1196MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size"); 1197 1198module_param(reset, bool, 0644); 1199MODULE_PARM_DESC(reset, "Send HCI reset command on initialization"); 1200 1201#ifdef CONFIG_BT_HCIUSB_SCO 1202module_param(isoc, int, 0644); 1203MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support"); 1204#endif 1205 1206MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 1207MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION); 1208MODULE_VERSION(VERSION); 1209MODULE_LICENSE("GPL"); 1210