Bluetooth: fix crash with quirky dongles doing sound
[linux-2.6.git] / drivers / bluetooth / btusb.c
1 /*
2  *
3  *  Generic Bluetooth USB driver
4  *
5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32
33 #include <linux/usb.h>
34
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37
38 #define VERSION "0.6"
39
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45
46 static int reset = 1;
47
48 static struct usb_driver btusb_driver;
49
50 #define BTUSB_IGNORE            0x01
51 #define BTUSB_DIGIANSWER        0x02
52 #define BTUSB_CSR               0x04
53 #define BTUSB_SNIFFER           0x08
54 #define BTUSB_BCM92035          0x10
55 #define BTUSB_BROKEN_ISOC       0x20
56 #define BTUSB_WRONG_SCO_MTU     0x40
57
58 static struct usb_device_id btusb_table[] = {
59         /* Generic Bluetooth USB device */
60         { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
61
62         /* Apple MacBookPro 7,1 */
63         { USB_DEVICE(0x05ac, 0x8213) },
64
65         /* Apple iMac11,1 */
66         { USB_DEVICE(0x05ac, 0x8215) },
67
68         /* Apple MacBookPro6,2 */
69         { USB_DEVICE(0x05ac, 0x8218) },
70
71         /* Apple MacBookAir3,1, MacBookAir3,2 */
72         { USB_DEVICE(0x05ac, 0x821b) },
73
74         /* AVM BlueFRITZ! USB v2.0 */
75         { USB_DEVICE(0x057c, 0x3800) },
76
77         /* Bluetooth Ultraport Module from IBM */
78         { USB_DEVICE(0x04bf, 0x030a) },
79
80         /* ALPS Modules with non-standard id */
81         { USB_DEVICE(0x044e, 0x3001) },
82         { USB_DEVICE(0x044e, 0x3002) },
83
84         /* Ericsson with non-standard id */
85         { USB_DEVICE(0x0bdb, 0x1002) },
86
87         /* Canyon CN-BTU1 with HID interfaces */
88         { USB_DEVICE(0x0c10, 0x0000) },
89
90         { }     /* Terminating entry */
91 };
92
93 MODULE_DEVICE_TABLE(usb, btusb_table);
94
95 static struct usb_device_id blacklist_table[] = {
96         /* CSR BlueCore devices */
97         { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
98
99         /* Broadcom BCM2033 without firmware */
100         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
101
102         /* Atheros 3011 with sflash firmware */
103         { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
104
105         /* Atheros AR9285 Malbec with sflash firmware */
106         { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
107
108         /* Broadcom BCM2035 */
109         { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
110         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
111         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
112
113         /* Broadcom BCM2045 */
114         { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
115         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
116
117         /* IBM/Lenovo ThinkPad with Broadcom chip */
118         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
119         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
120
121         /* HP laptop with Broadcom chip */
122         { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
123
124         /* Dell laptop with Broadcom chip */
125         { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
126
127         /* Dell Wireless 370 and 410 devices */
128         { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
129         { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
130
131         /* Belkin F8T012 and F8T013 devices */
132         { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
133         { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
134
135         /* Asus WL-BTD202 device */
136         { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
137
138         /* Kensington Bluetooth USB adapter */
139         { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
140
141         /* RTX Telecom based adapters with buggy SCO support */
142         { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
143         { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
144
145         /* CONWISE Technology based adapters with buggy SCO support */
146         { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
147
148         /* Digianswer devices */
149         { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
150         { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
151
152         /* CSR BlueCore Bluetooth Sniffer */
153         { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
154
155         /* Frontline ComProbe Bluetooth Sniffer */
156         { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
157
158         { }     /* Terminating entry */
159 };
160
161 #define BTUSB_MAX_ISOC_FRAMES   10
162
163 #define BTUSB_INTR_RUNNING      0
164 #define BTUSB_BULK_RUNNING      1
165 #define BTUSB_ISOC_RUNNING      2
166 #define BTUSB_SUSPENDING        3
167 #define BTUSB_DID_ISO_RESUME    4
168
169 struct btusb_data {
170         struct hci_dev       *hdev;
171         struct usb_device    *udev;
172         struct usb_interface *intf;
173         struct usb_interface *isoc;
174
175         spinlock_t lock;
176
177         unsigned long flags;
178
179         struct work_struct work;
180         struct work_struct waker;
181
182         struct usb_anchor tx_anchor;
183         struct usb_anchor intr_anchor;
184         struct usb_anchor bulk_anchor;
185         struct usb_anchor isoc_anchor;
186         struct usb_anchor deferred;
187         int tx_in_flight;
188         spinlock_t txlock;
189
190         struct usb_endpoint_descriptor *intr_ep;
191         struct usb_endpoint_descriptor *bulk_tx_ep;
192         struct usb_endpoint_descriptor *bulk_rx_ep;
193         struct usb_endpoint_descriptor *isoc_tx_ep;
194         struct usb_endpoint_descriptor *isoc_rx_ep;
195
196         __u8 cmdreq_type;
197
198         unsigned int sco_num;
199         int isoc_altsetting;
200         int suspend_count;
201 };
202
203 static int inc_tx(struct btusb_data *data)
204 {
205         unsigned long flags;
206         int rv;
207
208         spin_lock_irqsave(&data->txlock, flags);
209         rv = test_bit(BTUSB_SUSPENDING, &data->flags);
210         if (!rv)
211                 data->tx_in_flight++;
212         spin_unlock_irqrestore(&data->txlock, flags);
213
214         return rv;
215 }
216
217 static void btusb_intr_complete(struct urb *urb)
218 {
219         struct hci_dev *hdev = urb->context;
220         struct btusb_data *data = hdev->driver_data;
221         int err;
222
223         BT_DBG("%s urb %p status %d count %d", hdev->name,
224                                         urb, urb->status, urb->actual_length);
225
226         if (!test_bit(HCI_RUNNING, &hdev->flags))
227                 return;
228
229         if (urb->status == 0) {
230                 hdev->stat.byte_rx += urb->actual_length;
231
232                 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
233                                                 urb->transfer_buffer,
234                                                 urb->actual_length) < 0) {
235                         BT_ERR("%s corrupted event packet", hdev->name);
236                         hdev->stat.err_rx++;
237                 }
238         }
239
240         if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
241                 return;
242
243         usb_mark_last_busy(data->udev);
244         usb_anchor_urb(urb, &data->intr_anchor);
245
246         err = usb_submit_urb(urb, GFP_ATOMIC);
247         if (err < 0) {
248                 if (err != -EPERM)
249                         BT_ERR("%s urb %p failed to resubmit (%d)",
250                                                 hdev->name, urb, -err);
251                 usb_unanchor_urb(urb);
252         }
253 }
254
255 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
256 {
257         struct btusb_data *data = hdev->driver_data;
258         struct urb *urb;
259         unsigned char *buf;
260         unsigned int pipe;
261         int err, size;
262
263         BT_DBG("%s", hdev->name);
264
265         if (!data->intr_ep)
266                 return -ENODEV;
267
268         urb = usb_alloc_urb(0, mem_flags);
269         if (!urb)
270                 return -ENOMEM;
271
272         size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
273
274         buf = kmalloc(size, mem_flags);
275         if (!buf) {
276                 usb_free_urb(urb);
277                 return -ENOMEM;
278         }
279
280         pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
281
282         usb_fill_int_urb(urb, data->udev, pipe, buf, size,
283                                                 btusb_intr_complete, hdev,
284                                                 data->intr_ep->bInterval);
285
286         urb->transfer_flags |= URB_FREE_BUFFER;
287
288         usb_anchor_urb(urb, &data->intr_anchor);
289
290         err = usb_submit_urb(urb, mem_flags);
291         if (err < 0) {
292                 BT_ERR("%s urb %p submission failed (%d)",
293                                                 hdev->name, urb, -err);
294                 usb_unanchor_urb(urb);
295         }
296
297         usb_free_urb(urb);
298
299         return err;
300 }
301
302 static void btusb_bulk_complete(struct urb *urb)
303 {
304         struct hci_dev *hdev = urb->context;
305         struct btusb_data *data = hdev->driver_data;
306         int err;
307
308         BT_DBG("%s urb %p status %d count %d", hdev->name,
309                                         urb, urb->status, urb->actual_length);
310
311         if (!test_bit(HCI_RUNNING, &hdev->flags))
312                 return;
313
314         if (urb->status == 0) {
315                 hdev->stat.byte_rx += urb->actual_length;
316
317                 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
318                                                 urb->transfer_buffer,
319                                                 urb->actual_length) < 0) {
320                         BT_ERR("%s corrupted ACL packet", hdev->name);
321                         hdev->stat.err_rx++;
322                 }
323         }
324
325         if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
326                 return;
327
328         usb_anchor_urb(urb, &data->bulk_anchor);
329         usb_mark_last_busy(data->udev);
330
331         err = usb_submit_urb(urb, GFP_ATOMIC);
332         if (err < 0) {
333                 if (err != -EPERM)
334                         BT_ERR("%s urb %p failed to resubmit (%d)",
335                                                 hdev->name, urb, -err);
336                 usb_unanchor_urb(urb);
337         }
338 }
339
340 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
341 {
342         struct btusb_data *data = hdev->driver_data;
343         struct urb *urb;
344         unsigned char *buf;
345         unsigned int pipe;
346         int err, size = HCI_MAX_FRAME_SIZE;
347
348         BT_DBG("%s", hdev->name);
349
350         if (!data->bulk_rx_ep)
351                 return -ENODEV;
352
353         urb = usb_alloc_urb(0, mem_flags);
354         if (!urb)
355                 return -ENOMEM;
356
357         buf = kmalloc(size, mem_flags);
358         if (!buf) {
359                 usb_free_urb(urb);
360                 return -ENOMEM;
361         }
362
363         pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
364
365         usb_fill_bulk_urb(urb, data->udev, pipe,
366                                         buf, size, btusb_bulk_complete, hdev);
367
368         urb->transfer_flags |= URB_FREE_BUFFER;
369
370         usb_mark_last_busy(data->udev);
371         usb_anchor_urb(urb, &data->bulk_anchor);
372
373         err = usb_submit_urb(urb, mem_flags);
374         if (err < 0) {
375                 BT_ERR("%s urb %p submission failed (%d)",
376                                                 hdev->name, urb, -err);
377                 usb_unanchor_urb(urb);
378         }
379
380         usb_free_urb(urb);
381
382         return err;
383 }
384
385 static void btusb_isoc_complete(struct urb *urb)
386 {
387         struct hci_dev *hdev = urb->context;
388         struct btusb_data *data = hdev->driver_data;
389         int i, err;
390
391         BT_DBG("%s urb %p status %d count %d", hdev->name,
392                                         urb, urb->status, urb->actual_length);
393
394         if (!test_bit(HCI_RUNNING, &hdev->flags))
395                 return;
396
397         if (urb->status == 0) {
398                 for (i = 0; i < urb->number_of_packets; i++) {
399                         unsigned int offset = urb->iso_frame_desc[i].offset;
400                         unsigned int length = urb->iso_frame_desc[i].actual_length;
401
402                         if (urb->iso_frame_desc[i].status)
403                                 continue;
404
405                         hdev->stat.byte_rx += length;
406
407                         if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
408                                                 urb->transfer_buffer + offset,
409                                                                 length) < 0) {
410                                 BT_ERR("%s corrupted SCO packet", hdev->name);
411                                 hdev->stat.err_rx++;
412                         }
413                 }
414         }
415
416         if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
417                 return;
418
419         usb_anchor_urb(urb, &data->isoc_anchor);
420
421         err = usb_submit_urb(urb, GFP_ATOMIC);
422         if (err < 0) {
423                 if (err != -EPERM)
424                         BT_ERR("%s urb %p failed to resubmit (%d)",
425                                                 hdev->name, urb, -err);
426                 usb_unanchor_urb(urb);
427         }
428 }
429
430 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
431 {
432         int i, offset = 0;
433
434         BT_DBG("len %d mtu %d", len, mtu);
435
436         for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
437                                         i++, offset += mtu, len -= mtu) {
438                 urb->iso_frame_desc[i].offset = offset;
439                 urb->iso_frame_desc[i].length = mtu;
440         }
441
442         if (len && i < BTUSB_MAX_ISOC_FRAMES) {
443                 urb->iso_frame_desc[i].offset = offset;
444                 urb->iso_frame_desc[i].length = len;
445                 i++;
446         }
447
448         urb->number_of_packets = i;
449 }
450
451 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
452 {
453         struct btusb_data *data = hdev->driver_data;
454         struct urb *urb;
455         unsigned char *buf;
456         unsigned int pipe;
457         int err, size;
458
459         BT_DBG("%s", hdev->name);
460
461         if (!data->isoc_rx_ep)
462                 return -ENODEV;
463
464         urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
465         if (!urb)
466                 return -ENOMEM;
467
468         size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
469                                                 BTUSB_MAX_ISOC_FRAMES;
470
471         buf = kmalloc(size, mem_flags);
472         if (!buf) {
473                 usb_free_urb(urb);
474                 return -ENOMEM;
475         }
476
477         pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
478
479         urb->dev      = data->udev;
480         urb->pipe     = pipe;
481         urb->context  = hdev;
482         urb->complete = btusb_isoc_complete;
483         urb->interval = data->isoc_rx_ep->bInterval;
484
485         urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
486         urb->transfer_buffer = buf;
487         urb->transfer_buffer_length = size;
488
489         __fill_isoc_descriptor(urb, size,
490                         le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
491
492         usb_anchor_urb(urb, &data->isoc_anchor);
493
494         err = usb_submit_urb(urb, mem_flags);
495         if (err < 0) {
496                 BT_ERR("%s urb %p submission failed (%d)",
497                                                 hdev->name, urb, -err);
498                 usb_unanchor_urb(urb);
499         }
500
501         usb_free_urb(urb);
502
503         return err;
504 }
505
506 static void btusb_tx_complete(struct urb *urb)
507 {
508         struct sk_buff *skb = urb->context;
509         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
510         struct btusb_data *data = hdev->driver_data;
511
512         BT_DBG("%s urb %p status %d count %d", hdev->name,
513                                         urb, urb->status, urb->actual_length);
514
515         if (!test_bit(HCI_RUNNING, &hdev->flags))
516                 goto done;
517
518         if (!urb->status)
519                 hdev->stat.byte_tx += urb->transfer_buffer_length;
520         else
521                 hdev->stat.err_tx++;
522
523 done:
524         spin_lock(&data->txlock);
525         data->tx_in_flight--;
526         spin_unlock(&data->txlock);
527
528         kfree(urb->setup_packet);
529
530         kfree_skb(skb);
531 }
532
533 static void btusb_isoc_tx_complete(struct urb *urb)
534 {
535         struct sk_buff *skb = urb->context;
536         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
537
538         BT_DBG("%s urb %p status %d count %d", hdev->name,
539                                         urb, urb->status, urb->actual_length);
540
541         if (!test_bit(HCI_RUNNING, &hdev->flags))
542                 goto done;
543
544         if (!urb->status)
545                 hdev->stat.byte_tx += urb->transfer_buffer_length;
546         else
547                 hdev->stat.err_tx++;
548
549 done:
550         kfree(urb->setup_packet);
551
552         kfree_skb(skb);
553 }
554
555 static int btusb_open(struct hci_dev *hdev)
556 {
557         struct btusb_data *data = hdev->driver_data;
558         int err;
559
560         BT_DBG("%s", hdev->name);
561
562         err = usb_autopm_get_interface(data->intf);
563         if (err < 0)
564                 return err;
565
566         data->intf->needs_remote_wakeup = 1;
567
568         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
569                 goto done;
570
571         if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
572                 goto done;
573
574         err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
575         if (err < 0)
576                 goto failed;
577
578         err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
579         if (err < 0) {
580                 usb_kill_anchored_urbs(&data->intr_anchor);
581                 goto failed;
582         }
583
584         set_bit(BTUSB_BULK_RUNNING, &data->flags);
585         btusb_submit_bulk_urb(hdev, GFP_KERNEL);
586
587 done:
588         usb_autopm_put_interface(data->intf);
589         return 0;
590
591 failed:
592         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
593         clear_bit(HCI_RUNNING, &hdev->flags);
594         usb_autopm_put_interface(data->intf);
595         return err;
596 }
597
598 static void btusb_stop_traffic(struct btusb_data *data)
599 {
600         usb_kill_anchored_urbs(&data->intr_anchor);
601         usb_kill_anchored_urbs(&data->bulk_anchor);
602         usb_kill_anchored_urbs(&data->isoc_anchor);
603 }
604
605 static int btusb_close(struct hci_dev *hdev)
606 {
607         struct btusb_data *data = hdev->driver_data;
608         int err;
609
610         BT_DBG("%s", hdev->name);
611
612         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
613                 return 0;
614
615         cancel_work_sync(&data->work);
616         cancel_work_sync(&data->waker);
617
618         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
619         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
620         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
621
622         btusb_stop_traffic(data);
623         err = usb_autopm_get_interface(data->intf);
624         if (err < 0)
625                 goto failed;
626
627         data->intf->needs_remote_wakeup = 0;
628         usb_autopm_put_interface(data->intf);
629
630 failed:
631         usb_scuttle_anchored_urbs(&data->deferred);
632         return 0;
633 }
634
635 static int btusb_flush(struct hci_dev *hdev)
636 {
637         struct btusb_data *data = hdev->driver_data;
638
639         BT_DBG("%s", hdev->name);
640
641         usb_kill_anchored_urbs(&data->tx_anchor);
642
643         return 0;
644 }
645
646 static int btusb_send_frame(struct sk_buff *skb)
647 {
648         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
649         struct btusb_data *data = hdev->driver_data;
650         struct usb_ctrlrequest *dr;
651         struct urb *urb;
652         unsigned int pipe;
653         int err;
654
655         BT_DBG("%s", hdev->name);
656
657         if (!test_bit(HCI_RUNNING, &hdev->flags))
658                 return -EBUSY;
659
660         switch (bt_cb(skb)->pkt_type) {
661         case HCI_COMMAND_PKT:
662                 urb = usb_alloc_urb(0, GFP_ATOMIC);
663                 if (!urb)
664                         return -ENOMEM;
665
666                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
667                 if (!dr) {
668                         usb_free_urb(urb);
669                         return -ENOMEM;
670                 }
671
672                 dr->bRequestType = data->cmdreq_type;
673                 dr->bRequest     = 0;
674                 dr->wIndex       = 0;
675                 dr->wValue       = 0;
676                 dr->wLength      = __cpu_to_le16(skb->len);
677
678                 pipe = usb_sndctrlpipe(data->udev, 0x00);
679
680                 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
681                                 skb->data, skb->len, btusb_tx_complete, skb);
682
683                 hdev->stat.cmd_tx++;
684                 break;
685
686         case HCI_ACLDATA_PKT:
687                 if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
688                         return -ENODEV;
689
690                 urb = usb_alloc_urb(0, GFP_ATOMIC);
691                 if (!urb)
692                         return -ENOMEM;
693
694                 pipe = usb_sndbulkpipe(data->udev,
695                                         data->bulk_tx_ep->bEndpointAddress);
696
697                 usb_fill_bulk_urb(urb, data->udev, pipe,
698                                 skb->data, skb->len, btusb_tx_complete, skb);
699
700                 hdev->stat.acl_tx++;
701                 break;
702
703         case HCI_SCODATA_PKT:
704                 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
705                         return -ENODEV;
706
707                 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
708                 if (!urb)
709                         return -ENOMEM;
710
711                 pipe = usb_sndisocpipe(data->udev,
712                                         data->isoc_tx_ep->bEndpointAddress);
713
714                 urb->dev      = data->udev;
715                 urb->pipe     = pipe;
716                 urb->context  = skb;
717                 urb->complete = btusb_isoc_tx_complete;
718                 urb->interval = data->isoc_tx_ep->bInterval;
719
720                 urb->transfer_flags  = URB_ISO_ASAP;
721                 urb->transfer_buffer = skb->data;
722                 urb->transfer_buffer_length = skb->len;
723
724                 __fill_isoc_descriptor(urb, skb->len,
725                                 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
726
727                 hdev->stat.sco_tx++;
728                 goto skip_waking;
729
730         default:
731                 return -EILSEQ;
732         }
733
734         err = inc_tx(data);
735         if (err) {
736                 usb_anchor_urb(urb, &data->deferred);
737                 schedule_work(&data->waker);
738                 err = 0;
739                 goto done;
740         }
741
742 skip_waking:
743         usb_anchor_urb(urb, &data->tx_anchor);
744
745         err = usb_submit_urb(urb, GFP_ATOMIC);
746         if (err < 0) {
747                 BT_ERR("%s urb %p submission failed", hdev->name, urb);
748                 kfree(urb->setup_packet);
749                 usb_unanchor_urb(urb);
750         } else {
751                 usb_mark_last_busy(data->udev);
752         }
753
754         usb_free_urb(urb);
755
756 done:
757         return err;
758 }
759
760 static void btusb_destruct(struct hci_dev *hdev)
761 {
762         struct btusb_data *data = hdev->driver_data;
763
764         BT_DBG("%s", hdev->name);
765
766         kfree(data);
767 }
768
769 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
770 {
771         struct btusb_data *data = hdev->driver_data;
772
773         BT_DBG("%s evt %d", hdev->name, evt);
774
775         if (hdev->conn_hash.sco_num != data->sco_num) {
776                 data->sco_num = hdev->conn_hash.sco_num;
777                 schedule_work(&data->work);
778         }
779 }
780
781 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
782 {
783         struct btusb_data *data = hdev->driver_data;
784         struct usb_interface *intf = data->isoc;
785         struct usb_endpoint_descriptor *ep_desc;
786         int i, err;
787
788         if (!data->isoc)
789                 return -ENODEV;
790
791         err = usb_set_interface(data->udev, 1, altsetting);
792         if (err < 0) {
793                 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
794                 return err;
795         }
796
797         data->isoc_altsetting = altsetting;
798
799         data->isoc_tx_ep = NULL;
800         data->isoc_rx_ep = NULL;
801
802         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
803                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
804
805                 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
806                         data->isoc_tx_ep = ep_desc;
807                         continue;
808                 }
809
810                 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
811                         data->isoc_rx_ep = ep_desc;
812                         continue;
813                 }
814         }
815
816         if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
817                 BT_ERR("%s invalid SCO descriptors", hdev->name);
818                 return -ENODEV;
819         }
820
821         return 0;
822 }
823
824 static void btusb_work(struct work_struct *work)
825 {
826         struct btusb_data *data = container_of(work, struct btusb_data, work);
827         struct hci_dev *hdev = data->hdev;
828         int err;
829
830         if (hdev->conn_hash.sco_num > 0) {
831                 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
832                         err = usb_autopm_get_interface(data->isoc ? data->isoc : data->intf);
833                         if (err < 0) {
834                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
835                                 usb_kill_anchored_urbs(&data->isoc_anchor);
836                                 return;
837                         }
838
839                         set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
840                 }
841                 if (data->isoc_altsetting != 2) {
842                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
843                         usb_kill_anchored_urbs(&data->isoc_anchor);
844
845                         if (__set_isoc_interface(hdev, 2) < 0)
846                                 return;
847                 }
848
849                 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
850                         if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
851                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
852                         else
853                                 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
854                 }
855         } else {
856                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
857                 usb_kill_anchored_urbs(&data->isoc_anchor);
858
859                 __set_isoc_interface(hdev, 0);
860                 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
861                         usb_autopm_put_interface(data->isoc ? data->isoc : data->intf);
862         }
863 }
864
865 static void btusb_waker(struct work_struct *work)
866 {
867         struct btusb_data *data = container_of(work, struct btusb_data, waker);
868         int err;
869
870         err = usb_autopm_get_interface(data->intf);
871         if (err < 0)
872                 return;
873
874         usb_autopm_put_interface(data->intf);
875 }
876
877 static int btusb_probe(struct usb_interface *intf,
878                                 const struct usb_device_id *id)
879 {
880         struct usb_endpoint_descriptor *ep_desc;
881         struct btusb_data *data;
882         struct hci_dev *hdev;
883         int i, err;
884
885         BT_DBG("intf %p id %p", intf, id);
886
887         /* interface numbers are hardcoded in the spec */
888         if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
889                 return -ENODEV;
890
891         if (!id->driver_info) {
892                 const struct usb_device_id *match;
893                 match = usb_match_id(intf, blacklist_table);
894                 if (match)
895                         id = match;
896         }
897
898         if (id->driver_info == BTUSB_IGNORE)
899                 return -ENODEV;
900
901         if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
902                 return -ENODEV;
903
904         if (ignore_csr && id->driver_info & BTUSB_CSR)
905                 return -ENODEV;
906
907         if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
908                 return -ENODEV;
909
910         data = kzalloc(sizeof(*data), GFP_KERNEL);
911         if (!data)
912                 return -ENOMEM;
913
914         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
915                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
916
917                 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
918                         data->intr_ep = ep_desc;
919                         continue;
920                 }
921
922                 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
923                         data->bulk_tx_ep = ep_desc;
924                         continue;
925                 }
926
927                 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
928                         data->bulk_rx_ep = ep_desc;
929                         continue;
930                 }
931         }
932
933         if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
934                 kfree(data);
935                 return -ENODEV;
936         }
937
938         data->cmdreq_type = USB_TYPE_CLASS;
939
940         data->udev = interface_to_usbdev(intf);
941         data->intf = intf;
942
943         spin_lock_init(&data->lock);
944
945         INIT_WORK(&data->work, btusb_work);
946         INIT_WORK(&data->waker, btusb_waker);
947         spin_lock_init(&data->txlock);
948
949         init_usb_anchor(&data->tx_anchor);
950         init_usb_anchor(&data->intr_anchor);
951         init_usb_anchor(&data->bulk_anchor);
952         init_usb_anchor(&data->isoc_anchor);
953         init_usb_anchor(&data->deferred);
954
955         hdev = hci_alloc_dev();
956         if (!hdev) {
957                 kfree(data);
958                 return -ENOMEM;
959         }
960
961         hdev->bus = HCI_USB;
962         hdev->driver_data = data;
963
964         data->hdev = hdev;
965
966         SET_HCIDEV_DEV(hdev, &intf->dev);
967
968         hdev->open     = btusb_open;
969         hdev->close    = btusb_close;
970         hdev->flush    = btusb_flush;
971         hdev->send     = btusb_send_frame;
972         hdev->destruct = btusb_destruct;
973         hdev->notify   = btusb_notify;
974
975         hdev->owner = THIS_MODULE;
976
977         /* Interface numbers are hardcoded in the specification */
978         data->isoc = usb_ifnum_to_if(data->udev, 1);
979
980         if (!reset)
981                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
982
983         if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
984                 if (!disable_scofix)
985                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
986         }
987
988         if (id->driver_info & BTUSB_BROKEN_ISOC)
989                 data->isoc = NULL;
990
991         if (id->driver_info & BTUSB_DIGIANSWER) {
992                 data->cmdreq_type = USB_TYPE_VENDOR;
993                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
994         }
995
996         if (id->driver_info & BTUSB_CSR) {
997                 struct usb_device *udev = data->udev;
998
999                 /* Old firmware would otherwise execute USB reset */
1000                 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1001                         set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1002         }
1003
1004         if (id->driver_info & BTUSB_SNIFFER) {
1005                 struct usb_device *udev = data->udev;
1006
1007                 /* New sniffer firmware has crippled HCI interface */
1008                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1009                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1010
1011                 data->isoc = NULL;
1012         }
1013
1014         if (id->driver_info & BTUSB_BCM92035) {
1015                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1016                 struct sk_buff *skb;
1017
1018                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1019                 if (skb) {
1020                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1021                         skb_queue_tail(&hdev->driver_init, skb);
1022                 }
1023         }
1024
1025         if (data->isoc) {
1026                 err = usb_driver_claim_interface(&btusb_driver,
1027                                                         data->isoc, data);
1028                 if (err < 0) {
1029                         hci_free_dev(hdev);
1030                         kfree(data);
1031                         return err;
1032                 }
1033         }
1034
1035         err = hci_register_dev(hdev);
1036         if (err < 0) {
1037                 hci_free_dev(hdev);
1038                 kfree(data);
1039                 return err;
1040         }
1041
1042         usb_set_intfdata(intf, data);
1043
1044         usb_enable_autosuspend(interface_to_usbdev(intf));
1045
1046         return 0;
1047 }
1048
1049 static void btusb_disconnect(struct usb_interface *intf)
1050 {
1051         struct btusb_data *data = usb_get_intfdata(intf);
1052         struct hci_dev *hdev;
1053
1054         BT_DBG("intf %p", intf);
1055
1056         if (!data)
1057                 return;
1058
1059         hdev = data->hdev;
1060
1061         __hci_dev_hold(hdev);
1062
1063         usb_set_intfdata(data->intf, NULL);
1064
1065         if (data->isoc)
1066                 usb_set_intfdata(data->isoc, NULL);
1067
1068         hci_unregister_dev(hdev);
1069
1070         if (intf == data->isoc)
1071                 usb_driver_release_interface(&btusb_driver, data->intf);
1072         else if (data->isoc)
1073                 usb_driver_release_interface(&btusb_driver, data->isoc);
1074
1075         __hci_dev_put(hdev);
1076
1077         hci_free_dev(hdev);
1078 }
1079
1080 #ifdef CONFIG_PM
1081 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1082 {
1083         struct btusb_data *data = usb_get_intfdata(intf);
1084
1085         BT_DBG("intf %p", intf);
1086
1087         if (data->suspend_count++)
1088                 return 0;
1089
1090         spin_lock_irq(&data->txlock);
1091         if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1092                 set_bit(BTUSB_SUSPENDING, &data->flags);
1093                 spin_unlock_irq(&data->txlock);
1094         } else {
1095                 spin_unlock_irq(&data->txlock);
1096                 data->suspend_count--;
1097                 return -EBUSY;
1098         }
1099
1100         cancel_work_sync(&data->work);
1101
1102         btusb_stop_traffic(data);
1103         usb_kill_anchored_urbs(&data->tx_anchor);
1104
1105         return 0;
1106 }
1107
1108 static void play_deferred(struct btusb_data *data)
1109 {
1110         struct urb *urb;
1111         int err;
1112
1113         while ((urb = usb_get_from_anchor(&data->deferred))) {
1114                 err = usb_submit_urb(urb, GFP_ATOMIC);
1115                 if (err < 0)
1116                         break;
1117
1118                 data->tx_in_flight++;
1119         }
1120         usb_scuttle_anchored_urbs(&data->deferred);
1121 }
1122
1123 static int btusb_resume(struct usb_interface *intf)
1124 {
1125         struct btusb_data *data = usb_get_intfdata(intf);
1126         struct hci_dev *hdev = data->hdev;
1127         int err = 0;
1128
1129         BT_DBG("intf %p", intf);
1130
1131         if (--data->suspend_count)
1132                 return 0;
1133
1134         if (!test_bit(HCI_RUNNING, &hdev->flags))
1135                 goto done;
1136
1137         if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1138                 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1139                 if (err < 0) {
1140                         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1141                         goto failed;
1142                 }
1143         }
1144
1145         if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1146                 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1147                 if (err < 0) {
1148                         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1149                         goto failed;
1150                 }
1151
1152                 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1153         }
1154
1155         if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1156                 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1157                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1158                 else
1159                         btusb_submit_isoc_urb(hdev, GFP_NOIO);
1160         }
1161
1162         spin_lock_irq(&data->txlock);
1163         play_deferred(data);
1164         clear_bit(BTUSB_SUSPENDING, &data->flags);
1165         spin_unlock_irq(&data->txlock);
1166         schedule_work(&data->work);
1167
1168         return 0;
1169
1170 failed:
1171         usb_scuttle_anchored_urbs(&data->deferred);
1172 done:
1173         spin_lock_irq(&data->txlock);
1174         clear_bit(BTUSB_SUSPENDING, &data->flags);
1175         spin_unlock_irq(&data->txlock);
1176
1177         return err;
1178 }
1179 #endif
1180
1181 static struct usb_driver btusb_driver = {
1182         .name           = "btusb",
1183         .probe          = btusb_probe,
1184         .disconnect     = btusb_disconnect,
1185 #ifdef CONFIG_PM
1186         .suspend        = btusb_suspend,
1187         .resume         = btusb_resume,
1188 #endif
1189         .id_table       = btusb_table,
1190         .supports_autosuspend = 1,
1191 };
1192
1193 static int __init btusb_init(void)
1194 {
1195         BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1196
1197         return usb_register(&btusb_driver);
1198 }
1199
1200 static void __exit btusb_exit(void)
1201 {
1202         usb_deregister(&btusb_driver);
1203 }
1204
1205 module_init(btusb_init);
1206 module_exit(btusb_exit);
1207
1208 module_param(ignore_dga, bool, 0644);
1209 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1210
1211 module_param(ignore_csr, bool, 0644);
1212 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1213
1214 module_param(ignore_sniffer, bool, 0644);
1215 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1216
1217 module_param(disable_scofix, bool, 0644);
1218 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1219
1220 module_param(force_scofix, bool, 0644);
1221 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1222
1223 module_param(reset, bool, 0644);
1224 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1225
1226 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1227 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1228 MODULE_VERSION(VERSION);
1229 MODULE_LICENSE("GPL");