fix memory leak in fixed btusb_close
[linux-2.6.git] / drivers / bluetooth / btusb.c
1 /*
2  *
3  *  Generic Bluetooth USB driver
4  *
5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32
33 #include <linux/usb.h>
34
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37
38 #define VERSION "0.6"
39
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45
46 static int reset = 1;
47
48 static struct usb_driver btusb_driver;
49
50 #define BTUSB_IGNORE            0x01
51 #define BTUSB_DIGIANSWER        0x02
52 #define BTUSB_CSR               0x04
53 #define BTUSB_SNIFFER           0x08
54 #define BTUSB_BCM92035          0x10
55 #define BTUSB_BROKEN_ISOC       0x20
56 #define BTUSB_WRONG_SCO_MTU     0x40
57
58 static struct usb_device_id btusb_table[] = {
59         /* Generic Bluetooth USB device */
60         { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
61
62         /* AVM BlueFRITZ! USB v2.0 */
63         { USB_DEVICE(0x057c, 0x3800) },
64
65         /* Bluetooth Ultraport Module from IBM */
66         { USB_DEVICE(0x04bf, 0x030a) },
67
68         /* ALPS Modules with non-standard id */
69         { USB_DEVICE(0x044e, 0x3001) },
70         { USB_DEVICE(0x044e, 0x3002) },
71
72         /* Ericsson with non-standard id */
73         { USB_DEVICE(0x0bdb, 0x1002) },
74
75         /* Canyon CN-BTU1 with HID interfaces */
76         { USB_DEVICE(0x0c10, 0x0000) },
77
78         { }     /* Terminating entry */
79 };
80
81 MODULE_DEVICE_TABLE(usb, btusb_table);
82
83 static struct usb_device_id blacklist_table[] = {
84         /* CSR BlueCore devices */
85         { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
86
87         /* Broadcom BCM2033 without firmware */
88         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
89
90         /* Broadcom BCM2035 */
91         { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
92         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
93         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
94
95         /* Broadcom BCM2045 */
96         { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
97         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
98
99         /* IBM/Lenovo ThinkPad with Broadcom chip */
100         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
101         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
102
103         /* HP laptop with Broadcom chip */
104         { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
105
106         /* Dell laptop with Broadcom chip */
107         { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
108
109         /* Dell Wireless 370 and 410 devices */
110         { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
111         { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
112
113         /* Belkin F8T012 and F8T013 devices */
114         { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
115         { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
116
117         /* Asus WL-BTD202 device */
118         { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
119
120         /* Kensington Bluetooth USB adapter */
121         { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
122
123         /* RTX Telecom based adapters with buggy SCO support */
124         { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
125         { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
126
127         /* CONWISE Technology based adapters with buggy SCO support */
128         { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
129
130         /* Digianswer devices */
131         { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
132         { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
133
134         /* CSR BlueCore Bluetooth Sniffer */
135         { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
136
137         /* Frontline ComProbe Bluetooth Sniffer */
138         { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
139
140         { }     /* Terminating entry */
141 };
142
143 #define BTUSB_MAX_ISOC_FRAMES   10
144
145 #define BTUSB_INTR_RUNNING      0
146 #define BTUSB_BULK_RUNNING      1
147 #define BTUSB_ISOC_RUNNING      2
148 #define BTUSB_SUSPENDING        3
149
150 struct btusb_data {
151         struct hci_dev       *hdev;
152         struct usb_device    *udev;
153         struct usb_interface *intf;
154         struct usb_interface *isoc;
155
156         spinlock_t lock;
157
158         unsigned long flags;
159
160         struct work_struct work;
161         struct work_struct waker;
162
163         struct usb_anchor tx_anchor;
164         struct usb_anchor intr_anchor;
165         struct usb_anchor bulk_anchor;
166         struct usb_anchor isoc_anchor;
167         struct usb_anchor deferred;
168         int tx_in_flight;
169         spinlock_t txlock;
170
171         struct usb_endpoint_descriptor *intr_ep;
172         struct usb_endpoint_descriptor *bulk_tx_ep;
173         struct usb_endpoint_descriptor *bulk_rx_ep;
174         struct usb_endpoint_descriptor *isoc_tx_ep;
175         struct usb_endpoint_descriptor *isoc_rx_ep;
176
177         __u8 cmdreq_type;
178
179         unsigned int sco_num;
180         int isoc_altsetting;
181         int suspend_count;
182         int did_iso_resume:1;
183 };
184
185 static int inc_tx(struct btusb_data *data)
186 {
187         unsigned long flags;
188         int rv;
189
190         spin_lock_irqsave(&data->txlock, flags);
191         rv = test_bit(BTUSB_SUSPENDING, &data->flags);
192         if (!rv)
193                 data->tx_in_flight++;
194         spin_unlock_irqrestore(&data->txlock, flags);
195
196         return rv;
197 }
198
199 static void btusb_intr_complete(struct urb *urb)
200 {
201         struct hci_dev *hdev = urb->context;
202         struct btusb_data *data = hdev->driver_data;
203         int err;
204
205         BT_DBG("%s urb %p status %d count %d", hdev->name,
206                                         urb, urb->status, urb->actual_length);
207
208         if (!test_bit(HCI_RUNNING, &hdev->flags))
209                 return;
210
211         if (urb->status == 0) {
212                 hdev->stat.byte_rx += urb->actual_length;
213
214                 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
215                                                 urb->transfer_buffer,
216                                                 urb->actual_length) < 0) {
217                         BT_ERR("%s corrupted event packet", hdev->name);
218                         hdev->stat.err_rx++;
219                 }
220         }
221
222         if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
223                 return;
224
225         usb_mark_last_busy(data->udev);
226         usb_anchor_urb(urb, &data->intr_anchor);
227
228         err = usb_submit_urb(urb, GFP_ATOMIC);
229         if (err < 0) {
230                 BT_ERR("%s urb %p failed to resubmit (%d)",
231                                                 hdev->name, urb, -err);
232                 usb_unanchor_urb(urb);
233         }
234 }
235
236 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
237 {
238         struct btusb_data *data = hdev->driver_data;
239         struct urb *urb;
240         unsigned char *buf;
241         unsigned int pipe;
242         int err, size;
243
244         BT_DBG("%s", hdev->name);
245
246         if (!data->intr_ep)
247                 return -ENODEV;
248
249         urb = usb_alloc_urb(0, mem_flags);
250         if (!urb)
251                 return -ENOMEM;
252
253         size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
254
255         buf = kmalloc(size, mem_flags);
256         if (!buf) {
257                 usb_free_urb(urb);
258                 return -ENOMEM;
259         }
260
261         pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
262
263         usb_fill_int_urb(urb, data->udev, pipe, buf, size,
264                                                 btusb_intr_complete, hdev,
265                                                 data->intr_ep->bInterval);
266
267         urb->transfer_flags |= URB_FREE_BUFFER;
268
269         usb_anchor_urb(urb, &data->intr_anchor);
270
271         err = usb_submit_urb(urb, mem_flags);
272         if (err < 0) {
273                 BT_ERR("%s urb %p submission failed (%d)",
274                                                 hdev->name, urb, -err);
275                 usb_unanchor_urb(urb);
276         }
277
278         usb_free_urb(urb);
279
280         return err;
281 }
282
283 static void btusb_bulk_complete(struct urb *urb)
284 {
285         struct hci_dev *hdev = urb->context;
286         struct btusb_data *data = hdev->driver_data;
287         int err;
288
289         BT_DBG("%s urb %p status %d count %d", hdev->name,
290                                         urb, urb->status, urb->actual_length);
291
292         if (!test_bit(HCI_RUNNING, &hdev->flags))
293                 return;
294
295         if (urb->status == 0) {
296                 hdev->stat.byte_rx += urb->actual_length;
297
298                 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
299                                                 urb->transfer_buffer,
300                                                 urb->actual_length) < 0) {
301                         BT_ERR("%s corrupted ACL packet", hdev->name);
302                         hdev->stat.err_rx++;
303                 }
304         }
305
306         if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
307                 return;
308
309         usb_anchor_urb(urb, &data->bulk_anchor);
310
311         err = usb_submit_urb(urb, GFP_ATOMIC);
312         if (err < 0) {
313                 BT_ERR("%s urb %p failed to resubmit (%d)",
314                                                 hdev->name, urb, -err);
315                 usb_unanchor_urb(urb);
316         }
317 }
318
319 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
320 {
321         struct btusb_data *data = hdev->driver_data;
322         struct urb *urb;
323         unsigned char *buf;
324         unsigned int pipe;
325         int err, size = HCI_MAX_FRAME_SIZE;
326
327         BT_DBG("%s", hdev->name);
328
329         if (!data->bulk_rx_ep)
330                 return -ENODEV;
331
332         urb = usb_alloc_urb(0, mem_flags);
333         if (!urb)
334                 return -ENOMEM;
335
336         buf = kmalloc(size, mem_flags);
337         if (!buf) {
338                 usb_free_urb(urb);
339                 return -ENOMEM;
340         }
341
342         pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
343
344         usb_fill_bulk_urb(urb, data->udev, pipe,
345                                         buf, size, btusb_bulk_complete, hdev);
346
347         urb->transfer_flags |= URB_FREE_BUFFER;
348
349         usb_mark_last_busy(data->udev);
350         usb_anchor_urb(urb, &data->bulk_anchor);
351
352         err = usb_submit_urb(urb, mem_flags);
353         if (err < 0) {
354                 BT_ERR("%s urb %p submission failed (%d)",
355                                                 hdev->name, urb, -err);
356                 usb_unanchor_urb(urb);
357         }
358
359         usb_free_urb(urb);
360
361         return err;
362 }
363
364 static void btusb_isoc_complete(struct urb *urb)
365 {
366         struct hci_dev *hdev = urb->context;
367         struct btusb_data *data = hdev->driver_data;
368         int i, err;
369
370         BT_DBG("%s urb %p status %d count %d", hdev->name,
371                                         urb, urb->status, urb->actual_length);
372
373         if (!test_bit(HCI_RUNNING, &hdev->flags))
374                 return;
375
376         if (urb->status == 0) {
377                 for (i = 0; i < urb->number_of_packets; i++) {
378                         unsigned int offset = urb->iso_frame_desc[i].offset;
379                         unsigned int length = urb->iso_frame_desc[i].actual_length;
380
381                         if (urb->iso_frame_desc[i].status)
382                                 continue;
383
384                         hdev->stat.byte_rx += length;
385
386                         if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
387                                                 urb->transfer_buffer + offset,
388                                                                 length) < 0) {
389                                 BT_ERR("%s corrupted SCO packet", hdev->name);
390                                 hdev->stat.err_rx++;
391                         }
392                 }
393         }
394
395         if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
396                 return;
397
398         usb_anchor_urb(urb, &data->isoc_anchor);
399
400         err = usb_submit_urb(urb, GFP_ATOMIC);
401         if (err < 0) {
402                 BT_ERR("%s urb %p failed to resubmit (%d)",
403                                                 hdev->name, urb, -err);
404                 usb_unanchor_urb(urb);
405         }
406 }
407
408 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
409 {
410         int i, offset = 0;
411
412         BT_DBG("len %d mtu %d", len, mtu);
413
414         for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
415                                         i++, offset += mtu, len -= mtu) {
416                 urb->iso_frame_desc[i].offset = offset;
417                 urb->iso_frame_desc[i].length = mtu;
418         }
419
420         if (len && i < BTUSB_MAX_ISOC_FRAMES) {
421                 urb->iso_frame_desc[i].offset = offset;
422                 urb->iso_frame_desc[i].length = len;
423                 i++;
424         }
425
426         urb->number_of_packets = i;
427 }
428
429 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
430 {
431         struct btusb_data *data = hdev->driver_data;
432         struct urb *urb;
433         unsigned char *buf;
434         unsigned int pipe;
435         int err, size;
436
437         BT_DBG("%s", hdev->name);
438
439         if (!data->isoc_rx_ep)
440                 return -ENODEV;
441
442         urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
443         if (!urb)
444                 return -ENOMEM;
445
446         size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
447                                                 BTUSB_MAX_ISOC_FRAMES;
448
449         buf = kmalloc(size, mem_flags);
450         if (!buf) {
451                 usb_free_urb(urb);
452                 return -ENOMEM;
453         }
454
455         pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
456
457         urb->dev      = data->udev;
458         urb->pipe     = pipe;
459         urb->context  = hdev;
460         urb->complete = btusb_isoc_complete;
461         urb->interval = data->isoc_rx_ep->bInterval;
462
463         urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
464         urb->transfer_buffer = buf;
465         urb->transfer_buffer_length = size;
466
467         __fill_isoc_descriptor(urb, size,
468                         le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
469
470         usb_anchor_urb(urb, &data->isoc_anchor);
471
472         err = usb_submit_urb(urb, mem_flags);
473         if (err < 0) {
474                 BT_ERR("%s urb %p submission failed (%d)",
475                                                 hdev->name, urb, -err);
476                 usb_unanchor_urb(urb);
477         }
478
479         usb_free_urb(urb);
480
481         return err;
482 }
483
484 static void btusb_tx_complete(struct urb *urb)
485 {
486         struct sk_buff *skb = urb->context;
487         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
488         struct btusb_data *data = hdev->driver_data;
489
490         BT_DBG("%s urb %p status %d count %d", hdev->name,
491                                         urb, urb->status, urb->actual_length);
492
493         if (!test_bit(HCI_RUNNING, &hdev->flags))
494                 goto done;
495
496         if (!urb->status)
497                 hdev->stat.byte_tx += urb->transfer_buffer_length;
498         else
499                 hdev->stat.err_tx++;
500
501 done:
502         spin_lock(&data->txlock);
503         data->tx_in_flight--;
504         spin_unlock(&data->txlock);
505
506         kfree(urb->setup_packet);
507
508         kfree_skb(skb);
509 }
510
511 static void btusb_isoc_tx_complete(struct urb *urb)
512 {
513         struct sk_buff *skb = urb->context;
514         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
515
516         BT_DBG("%s urb %p status %d count %d", hdev->name,
517                                         urb, urb->status, urb->actual_length);
518
519         if (!test_bit(HCI_RUNNING, &hdev->flags))
520                 goto done;
521
522         if (!urb->status)
523                 hdev->stat.byte_tx += urb->transfer_buffer_length;
524         else
525                 hdev->stat.err_tx++;
526
527 done:
528         kfree(urb->setup_packet);
529
530         kfree_skb(skb);
531 }
532
533 static int btusb_open(struct hci_dev *hdev)
534 {
535         struct btusb_data *data = hdev->driver_data;
536         int err;
537
538         BT_DBG("%s", hdev->name);
539
540         err = usb_autopm_get_interface(data->intf);
541         if (err < 0)
542                 return err;
543
544         data->intf->needs_remote_wakeup = 1;
545
546         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
547                 goto done;
548
549         if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
550                 goto done;
551
552         err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
553         if (err < 0)
554                 goto failed;
555
556         err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
557         if (err < 0) {
558                 usb_kill_anchored_urbs(&data->intr_anchor);
559                 goto failed;
560         }
561
562         set_bit(BTUSB_BULK_RUNNING, &data->flags);
563         btusb_submit_bulk_urb(hdev, GFP_KERNEL);
564
565 done:
566         usb_autopm_put_interface(data->intf);
567         return 0;
568
569 failed:
570         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
571         clear_bit(HCI_RUNNING, &hdev->flags);
572         usb_autopm_put_interface(data->intf);
573         return err;
574 }
575
576 static void btusb_stop_traffic(struct btusb_data *data)
577 {
578         usb_kill_anchored_urbs(&data->intr_anchor);
579         usb_kill_anchored_urbs(&data->bulk_anchor);
580         usb_kill_anchored_urbs(&data->isoc_anchor);
581 }
582
583 static int btusb_close(struct hci_dev *hdev)
584 {
585         struct btusb_data *data = hdev->driver_data;
586         int err;
587
588         BT_DBG("%s", hdev->name);
589
590         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
591                 return 0;
592
593         cancel_work_sync(&data->work);
594         cancel_work_sync(&data->waker);
595
596         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
597         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
598         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
599
600         btusb_stop_traffic(data);
601         err = usb_autopm_get_interface(data->intf);
602         if (err < 0)
603                 goto failed;
604
605         data->intf->needs_remote_wakeup = 0;
606         usb_autopm_put_interface(data->intf);
607
608 failed:
609         usb_scuttle_anchored_urbs(&data->deferred);
610         return 0;
611 }
612
613 static int btusb_flush(struct hci_dev *hdev)
614 {
615         struct btusb_data *data = hdev->driver_data;
616
617         BT_DBG("%s", hdev->name);
618
619         usb_kill_anchored_urbs(&data->tx_anchor);
620
621         return 0;
622 }
623
624 static int btusb_send_frame(struct sk_buff *skb)
625 {
626         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
627         struct btusb_data *data = hdev->driver_data;
628         struct usb_ctrlrequest *dr;
629         struct urb *urb;
630         unsigned int pipe;
631         int err;
632
633         BT_DBG("%s", hdev->name);
634
635         if (!test_bit(HCI_RUNNING, &hdev->flags))
636                 return -EBUSY;
637
638         switch (bt_cb(skb)->pkt_type) {
639         case HCI_COMMAND_PKT:
640                 urb = usb_alloc_urb(0, GFP_ATOMIC);
641                 if (!urb)
642                         return -ENOMEM;
643
644                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
645                 if (!dr) {
646                         usb_free_urb(urb);
647                         return -ENOMEM;
648                 }
649
650                 dr->bRequestType = data->cmdreq_type;
651                 dr->bRequest     = 0;
652                 dr->wIndex       = 0;
653                 dr->wValue       = 0;
654                 dr->wLength      = __cpu_to_le16(skb->len);
655
656                 pipe = usb_sndctrlpipe(data->udev, 0x00);
657
658                 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
659                                 skb->data, skb->len, btusb_tx_complete, skb);
660
661                 hdev->stat.cmd_tx++;
662                 break;
663
664         case HCI_ACLDATA_PKT:
665                 if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
666                         return -ENODEV;
667
668                 urb = usb_alloc_urb(0, GFP_ATOMIC);
669                 if (!urb)
670                         return -ENOMEM;
671
672                 pipe = usb_sndbulkpipe(data->udev,
673                                         data->bulk_tx_ep->bEndpointAddress);
674
675                 usb_fill_bulk_urb(urb, data->udev, pipe,
676                                 skb->data, skb->len, btusb_tx_complete, skb);
677
678                 hdev->stat.acl_tx++;
679                 break;
680
681         case HCI_SCODATA_PKT:
682                 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
683                         return -ENODEV;
684
685                 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
686                 if (!urb)
687                         return -ENOMEM;
688
689                 pipe = usb_sndisocpipe(data->udev,
690                                         data->isoc_tx_ep->bEndpointAddress);
691
692                 urb->dev      = data->udev;
693                 urb->pipe     = pipe;
694                 urb->context  = skb;
695                 urb->complete = btusb_isoc_tx_complete;
696                 urb->interval = data->isoc_tx_ep->bInterval;
697
698                 urb->transfer_flags  = URB_ISO_ASAP;
699                 urb->transfer_buffer = skb->data;
700                 urb->transfer_buffer_length = skb->len;
701
702                 __fill_isoc_descriptor(urb, skb->len,
703                                 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
704
705                 hdev->stat.sco_tx++;
706                 goto skip_waking;
707
708         default:
709                 return -EILSEQ;
710         }
711
712         err = inc_tx(data);
713         if (err) {
714                 usb_anchor_urb(urb, &data->deferred);
715                 schedule_work(&data->waker);
716                 err = 0;
717                 goto done;
718         }
719
720 skip_waking:
721         usb_anchor_urb(urb, &data->tx_anchor);
722
723         err = usb_submit_urb(urb, GFP_ATOMIC);
724         if (err < 0) {
725                 BT_ERR("%s urb %p submission failed", hdev->name, urb);
726                 kfree(urb->setup_packet);
727                 usb_unanchor_urb(urb);
728         } else {
729                 usb_mark_last_busy(data->udev);
730         }
731
732         usb_free_urb(urb);
733
734 done:
735         return err;
736 }
737
738 static void btusb_destruct(struct hci_dev *hdev)
739 {
740         struct btusb_data *data = hdev->driver_data;
741
742         BT_DBG("%s", hdev->name);
743
744         kfree(data);
745 }
746
747 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
748 {
749         struct btusb_data *data = hdev->driver_data;
750
751         BT_DBG("%s evt %d", hdev->name, evt);
752
753         if (hdev->conn_hash.sco_num != data->sco_num) {
754                 data->sco_num = hdev->conn_hash.sco_num;
755                 schedule_work(&data->work);
756         }
757 }
758
759 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
760 {
761         struct btusb_data *data = hdev->driver_data;
762         struct usb_interface *intf = data->isoc;
763         struct usb_endpoint_descriptor *ep_desc;
764         int i, err;
765
766         if (!data->isoc)
767                 return -ENODEV;
768
769         err = usb_set_interface(data->udev, 1, altsetting);
770         if (err < 0) {
771                 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
772                 return err;
773         }
774
775         data->isoc_altsetting = altsetting;
776
777         data->isoc_tx_ep = NULL;
778         data->isoc_rx_ep = NULL;
779
780         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
781                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
782
783                 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
784                         data->isoc_tx_ep = ep_desc;
785                         continue;
786                 }
787
788                 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
789                         data->isoc_rx_ep = ep_desc;
790                         continue;
791                 }
792         }
793
794         if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
795                 BT_ERR("%s invalid SCO descriptors", hdev->name);
796                 return -ENODEV;
797         }
798
799         return 0;
800 }
801
802 static void btusb_work(struct work_struct *work)
803 {
804         struct btusb_data *data = container_of(work, struct btusb_data, work);
805         struct hci_dev *hdev = data->hdev;
806         int err;
807
808         if (hdev->conn_hash.sco_num > 0) {
809                 if (!data->did_iso_resume) {
810                         err = usb_autopm_get_interface(data->isoc);
811                         if (err < 0) {
812                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
813                                 usb_kill_anchored_urbs(&data->isoc_anchor);
814                                 return;
815                         }
816
817                         data->did_iso_resume = 1;
818                 }
819                 if (data->isoc_altsetting != 2) {
820                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
821                         usb_kill_anchored_urbs(&data->isoc_anchor);
822
823                         if (__set_isoc_interface(hdev, 2) < 0)
824                                 return;
825                 }
826
827                 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
828                         if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
829                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
830                         else
831                                 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
832                 }
833         } else {
834                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
835                 usb_kill_anchored_urbs(&data->isoc_anchor);
836
837                 __set_isoc_interface(hdev, 0);
838                 if (data->did_iso_resume) {
839                         data->did_iso_resume = 0;
840                         usb_autopm_put_interface(data->isoc);
841                 }
842         }
843 }
844
845 static void btusb_waker(struct work_struct *work)
846 {
847         struct btusb_data *data = container_of(work, struct btusb_data, waker);
848         int err;
849
850         err = usb_autopm_get_interface(data->intf);
851         if (err < 0)
852                 return;
853
854         usb_autopm_put_interface(data->intf);
855 }
856
857 static int btusb_probe(struct usb_interface *intf,
858                                 const struct usb_device_id *id)
859 {
860         struct usb_endpoint_descriptor *ep_desc;
861         struct btusb_data *data;
862         struct hci_dev *hdev;
863         int i, err;
864
865         BT_DBG("intf %p id %p", intf, id);
866
867         /* interface numbers are hardcoded in the spec */
868         if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
869                 return -ENODEV;
870
871         if (!id->driver_info) {
872                 const struct usb_device_id *match;
873                 match = usb_match_id(intf, blacklist_table);
874                 if (match)
875                         id = match;
876         }
877
878         if (id->driver_info == BTUSB_IGNORE)
879                 return -ENODEV;
880
881         if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
882                 return -ENODEV;
883
884         if (ignore_csr && id->driver_info & BTUSB_CSR)
885                 return -ENODEV;
886
887         if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
888                 return -ENODEV;
889
890         data = kzalloc(sizeof(*data), GFP_KERNEL);
891         if (!data)
892                 return -ENOMEM;
893
894         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
895                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
896
897                 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
898                         data->intr_ep = ep_desc;
899                         continue;
900                 }
901
902                 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
903                         data->bulk_tx_ep = ep_desc;
904                         continue;
905                 }
906
907                 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
908                         data->bulk_rx_ep = ep_desc;
909                         continue;
910                 }
911         }
912
913         if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
914                 kfree(data);
915                 return -ENODEV;
916         }
917
918         data->cmdreq_type = USB_TYPE_CLASS;
919
920         data->udev = interface_to_usbdev(intf);
921         data->intf = intf;
922
923         spin_lock_init(&data->lock);
924
925         INIT_WORK(&data->work, btusb_work);
926         INIT_WORK(&data->waker, btusb_waker);
927         spin_lock_init(&data->txlock);
928
929         init_usb_anchor(&data->tx_anchor);
930         init_usb_anchor(&data->intr_anchor);
931         init_usb_anchor(&data->bulk_anchor);
932         init_usb_anchor(&data->isoc_anchor);
933         init_usb_anchor(&data->deferred);
934
935         hdev = hci_alloc_dev();
936         if (!hdev) {
937                 kfree(data);
938                 return -ENOMEM;
939         }
940
941         hdev->type = HCI_USB;
942         hdev->driver_data = data;
943
944         data->hdev = hdev;
945
946         SET_HCIDEV_DEV(hdev, &intf->dev);
947
948         hdev->open     = btusb_open;
949         hdev->close    = btusb_close;
950         hdev->flush    = btusb_flush;
951         hdev->send     = btusb_send_frame;
952         hdev->destruct = btusb_destruct;
953         hdev->notify   = btusb_notify;
954
955         hdev->owner = THIS_MODULE;
956
957         /* Interface numbers are hardcoded in the specification */
958         data->isoc = usb_ifnum_to_if(data->udev, 1);
959
960         if (!reset)
961                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
962
963         if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
964                 if (!disable_scofix)
965                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
966         }
967
968         if (id->driver_info & BTUSB_BROKEN_ISOC)
969                 data->isoc = NULL;
970
971         if (id->driver_info & BTUSB_DIGIANSWER) {
972                 data->cmdreq_type = USB_TYPE_VENDOR;
973                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
974         }
975
976         if (id->driver_info & BTUSB_CSR) {
977                 struct usb_device *udev = data->udev;
978
979                 /* Old firmware would otherwise execute USB reset */
980                 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
981                         set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
982         }
983
984         if (id->driver_info & BTUSB_SNIFFER) {
985                 struct usb_device *udev = data->udev;
986
987                 /* New sniffer firmware has crippled HCI interface */
988                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
989                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
990
991                 data->isoc = NULL;
992         }
993
994         if (id->driver_info & BTUSB_BCM92035) {
995                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
996                 struct sk_buff *skb;
997
998                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
999                 if (skb) {
1000                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1001                         skb_queue_tail(&hdev->driver_init, skb);
1002                 }
1003         }
1004
1005         if (data->isoc) {
1006                 err = usb_driver_claim_interface(&btusb_driver,
1007                                                         data->isoc, data);
1008                 if (err < 0) {
1009                         hci_free_dev(hdev);
1010                         kfree(data);
1011                         return err;
1012                 }
1013         }
1014
1015         err = hci_register_dev(hdev);
1016         if (err < 0) {
1017                 hci_free_dev(hdev);
1018                 kfree(data);
1019                 return err;
1020         }
1021
1022         usb_set_intfdata(intf, data);
1023
1024         return 0;
1025 }
1026
1027 static void btusb_disconnect(struct usb_interface *intf)
1028 {
1029         struct btusb_data *data = usb_get_intfdata(intf);
1030         struct hci_dev *hdev;
1031
1032         BT_DBG("intf %p", intf);
1033
1034         if (!data)
1035                 return;
1036
1037         hdev = data->hdev;
1038
1039         __hci_dev_hold(hdev);
1040
1041         usb_set_intfdata(data->intf, NULL);
1042
1043         if (data->isoc)
1044                 usb_set_intfdata(data->isoc, NULL);
1045
1046         hci_unregister_dev(hdev);
1047
1048         if (intf == data->isoc)
1049                 usb_driver_release_interface(&btusb_driver, data->intf);
1050         else if (data->isoc)
1051                 usb_driver_release_interface(&btusb_driver, data->isoc);
1052
1053         __hci_dev_put(hdev);
1054
1055         hci_free_dev(hdev);
1056 }
1057
1058 #ifdef CONFIG_PM
1059 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1060 {
1061         struct btusb_data *data = usb_get_intfdata(intf);
1062
1063         BT_DBG("intf %p", intf);
1064
1065         if (data->suspend_count++)
1066                 return 0;
1067
1068         spin_lock_irq(&data->txlock);
1069         if (!(interface_to_usbdev(intf)->auto_pm && data->tx_in_flight)) {
1070                 set_bit(BTUSB_SUSPENDING, &data->flags);
1071                 spin_unlock_irq(&data->txlock);
1072         } else {
1073                 spin_unlock_irq(&data->txlock);
1074                 data->suspend_count--;
1075                 return -EBUSY;
1076         }
1077
1078         cancel_work_sync(&data->work);
1079
1080         btusb_stop_traffic(data);
1081         usb_kill_anchored_urbs(&data->tx_anchor);
1082
1083         return 0;
1084 }
1085
1086 static void play_deferred(struct btusb_data *data)
1087 {
1088         struct urb *urb;
1089         int err;
1090
1091         while ((urb = usb_get_from_anchor(&data->deferred))) {
1092                 err = usb_submit_urb(urb, GFP_ATOMIC);
1093                 if (err < 0)
1094                         break;
1095
1096                 data->tx_in_flight++;
1097         }
1098         usb_scuttle_anchored_urbs(&data->deferred);
1099 }
1100
1101 static int btusb_resume(struct usb_interface *intf)
1102 {
1103         struct btusb_data *data = usb_get_intfdata(intf);
1104         struct hci_dev *hdev = data->hdev;
1105         int err = 0;
1106
1107         BT_DBG("intf %p", intf);
1108
1109         if (--data->suspend_count)
1110                 return 0;
1111
1112         if (!test_bit(HCI_RUNNING, &hdev->flags))
1113                 goto done;
1114
1115         if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1116                 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1117                 if (err < 0) {
1118                         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1119                         goto failed;
1120                 }
1121         }
1122
1123         if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1124                 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1125                 if (err < 0) {
1126                         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1127                         goto failed;
1128                 }
1129
1130                 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1131         }
1132
1133         if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1134                 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1135                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1136                 else
1137                         btusb_submit_isoc_urb(hdev, GFP_NOIO);
1138         }
1139
1140         spin_lock_irq(&data->txlock);
1141         play_deferred(data);
1142         clear_bit(BTUSB_SUSPENDING, &data->flags);
1143         spin_unlock_irq(&data->txlock);
1144         schedule_work(&data->work);
1145
1146         return 0;
1147
1148 failed:
1149         usb_scuttle_anchored_urbs(&data->deferred);
1150 done:
1151         spin_lock_irq(&data->txlock);
1152         clear_bit(BTUSB_SUSPENDING, &data->flags);
1153         spin_unlock_irq(&data->txlock);
1154
1155         return err;
1156 }
1157 #endif
1158
1159 static struct usb_driver btusb_driver = {
1160         .name           = "btusb",
1161         .probe          = btusb_probe,
1162         .disconnect     = btusb_disconnect,
1163 #ifdef CONFIG_PM
1164         .suspend        = btusb_suspend,
1165         .resume         = btusb_resume,
1166 #endif
1167         .id_table       = btusb_table,
1168         .supports_autosuspend = 1,
1169 };
1170
1171 static int __init btusb_init(void)
1172 {
1173         BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1174
1175         return usb_register(&btusb_driver);
1176 }
1177
1178 static void __exit btusb_exit(void)
1179 {
1180         usb_deregister(&btusb_driver);
1181 }
1182
1183 module_init(btusb_init);
1184 module_exit(btusb_exit);
1185
1186 module_param(ignore_dga, bool, 0644);
1187 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1188
1189 module_param(ignore_csr, bool, 0644);
1190 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1191
1192 module_param(ignore_sniffer, bool, 0644);
1193 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1194
1195 module_param(disable_scofix, bool, 0644);
1196 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1197
1198 module_param(force_scofix, bool, 0644);
1199 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1200
1201 module_param(reset, bool, 0644);
1202 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1203
1204 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1205 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1206 MODULE_VERSION(VERSION);
1207 MODULE_LICENSE("GPL");