Bluetooth: Add firmware support for Atheros 3012
[linux-2.6.git] / drivers / bluetooth / btusb.c
1 /*
2  *
3  *  Generic Bluetooth USB driver
4  *
5  *  Copyright (C) 2005-2008  Marcel Holtmann <marcel@holtmann.org>
6  *
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 2 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, write to the Free Software
20  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/sched.h>
30 #include <linux/errno.h>
31 #include <linux/skbuff.h>
32
33 #include <linux/usb.h>
34
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37
38 #define VERSION "0.6"
39
40 static int ignore_dga;
41 static int ignore_csr;
42 static int ignore_sniffer;
43 static int disable_scofix;
44 static int force_scofix;
45
46 static int reset = 1;
47
48 static struct usb_driver btusb_driver;
49
50 #define BTUSB_IGNORE            0x01
51 #define BTUSB_DIGIANSWER        0x02
52 #define BTUSB_CSR               0x04
53 #define BTUSB_SNIFFER           0x08
54 #define BTUSB_BCM92035          0x10
55 #define BTUSB_BROKEN_ISOC       0x20
56 #define BTUSB_WRONG_SCO_MTU     0x40
57
58 static struct usb_device_id btusb_table[] = {
59         /* Generic Bluetooth USB device */
60         { USB_DEVICE_INFO(0xe0, 0x01, 0x01) },
61
62         /* Apple MacBookPro 7,1 */
63         { USB_DEVICE(0x05ac, 0x8213) },
64
65         /* Apple iMac11,1 */
66         { USB_DEVICE(0x05ac, 0x8215) },
67
68         /* Apple MacBookPro6,2 */
69         { USB_DEVICE(0x05ac, 0x8218) },
70
71         /* Apple MacBookAir3,1, MacBookAir3,2 */
72         { USB_DEVICE(0x05ac, 0x821b) },
73
74         /* AVM BlueFRITZ! USB v2.0 */
75         { USB_DEVICE(0x057c, 0x3800) },
76
77         /* Bluetooth Ultraport Module from IBM */
78         { USB_DEVICE(0x04bf, 0x030a) },
79
80         /* ALPS Modules with non-standard id */
81         { USB_DEVICE(0x044e, 0x3001) },
82         { USB_DEVICE(0x044e, 0x3002) },
83
84         /* Ericsson with non-standard id */
85         { USB_DEVICE(0x0bdb, 0x1002) },
86
87         /* Canyon CN-BTU1 with HID interfaces */
88         { USB_DEVICE(0x0c10, 0x0000) },
89
90         { }     /* Terminating entry */
91 };
92
93 MODULE_DEVICE_TABLE(usb, btusb_table);
94
95 static struct usb_device_id blacklist_table[] = {
96         /* CSR BlueCore devices */
97         { USB_DEVICE(0x0a12, 0x0001), .driver_info = BTUSB_CSR },
98
99         /* Broadcom BCM2033 without firmware */
100         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
101
102         /* Atheros 3011 with sflash firmware */
103         { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
104
105         /* Atheros AR9285 Malbec with sflash firmware */
106         { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
107
108         /* Atheros 3012 with sflash firmware */
109         { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_IGNORE },
110
111         /* Broadcom BCM2035 */
112         { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
113         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
114         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
115
116         /* Broadcom BCM2045 */
117         { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
118         { USB_DEVICE(0x0a5c, 0x2101), .driver_info = BTUSB_WRONG_SCO_MTU },
119
120         /* IBM/Lenovo ThinkPad with Broadcom chip */
121         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = BTUSB_WRONG_SCO_MTU },
122         { USB_DEVICE(0x0a5c, 0x2110), .driver_info = BTUSB_WRONG_SCO_MTU },
123
124         /* HP laptop with Broadcom chip */
125         { USB_DEVICE(0x03f0, 0x171d), .driver_info = BTUSB_WRONG_SCO_MTU },
126
127         /* Dell laptop with Broadcom chip */
128         { USB_DEVICE(0x413c, 0x8126), .driver_info = BTUSB_WRONG_SCO_MTU },
129
130         /* Dell Wireless 370 and 410 devices */
131         { USB_DEVICE(0x413c, 0x8152), .driver_info = BTUSB_WRONG_SCO_MTU },
132         { USB_DEVICE(0x413c, 0x8156), .driver_info = BTUSB_WRONG_SCO_MTU },
133
134         /* Belkin F8T012 and F8T013 devices */
135         { USB_DEVICE(0x050d, 0x0012), .driver_info = BTUSB_WRONG_SCO_MTU },
136         { USB_DEVICE(0x050d, 0x0013), .driver_info = BTUSB_WRONG_SCO_MTU },
137
138         /* Asus WL-BTD202 device */
139         { USB_DEVICE(0x0b05, 0x1715), .driver_info = BTUSB_WRONG_SCO_MTU },
140
141         /* Kensington Bluetooth USB adapter */
142         { USB_DEVICE(0x047d, 0x105e), .driver_info = BTUSB_WRONG_SCO_MTU },
143
144         /* RTX Telecom based adapters with buggy SCO support */
145         { USB_DEVICE(0x0400, 0x0807), .driver_info = BTUSB_BROKEN_ISOC },
146         { USB_DEVICE(0x0400, 0x080a), .driver_info = BTUSB_BROKEN_ISOC },
147
148         /* CONWISE Technology based adapters with buggy SCO support */
149         { USB_DEVICE(0x0e5e, 0x6622), .driver_info = BTUSB_BROKEN_ISOC },
150
151         /* Digianswer devices */
152         { USB_DEVICE(0x08fd, 0x0001), .driver_info = BTUSB_DIGIANSWER },
153         { USB_DEVICE(0x08fd, 0x0002), .driver_info = BTUSB_IGNORE },
154
155         /* CSR BlueCore Bluetooth Sniffer */
156         { USB_DEVICE(0x0a12, 0x0002), .driver_info = BTUSB_SNIFFER },
157
158         /* Frontline ComProbe Bluetooth Sniffer */
159         { USB_DEVICE(0x16d3, 0x0002), .driver_info = BTUSB_SNIFFER },
160
161         { }     /* Terminating entry */
162 };
163
164 #define BTUSB_MAX_ISOC_FRAMES   10
165
166 #define BTUSB_INTR_RUNNING      0
167 #define BTUSB_BULK_RUNNING      1
168 #define BTUSB_ISOC_RUNNING      2
169 #define BTUSB_SUSPENDING        3
170 #define BTUSB_DID_ISO_RESUME    4
171
172 struct btusb_data {
173         struct hci_dev       *hdev;
174         struct usb_device    *udev;
175         struct usb_interface *intf;
176         struct usb_interface *isoc;
177
178         spinlock_t lock;
179
180         unsigned long flags;
181
182         struct work_struct work;
183         struct work_struct waker;
184
185         struct usb_anchor tx_anchor;
186         struct usb_anchor intr_anchor;
187         struct usb_anchor bulk_anchor;
188         struct usb_anchor isoc_anchor;
189         struct usb_anchor deferred;
190         int tx_in_flight;
191         spinlock_t txlock;
192
193         struct usb_endpoint_descriptor *intr_ep;
194         struct usb_endpoint_descriptor *bulk_tx_ep;
195         struct usb_endpoint_descriptor *bulk_rx_ep;
196         struct usb_endpoint_descriptor *isoc_tx_ep;
197         struct usb_endpoint_descriptor *isoc_rx_ep;
198
199         __u8 cmdreq_type;
200
201         unsigned int sco_num;
202         int isoc_altsetting;
203         int suspend_count;
204 };
205
206 static int inc_tx(struct btusb_data *data)
207 {
208         unsigned long flags;
209         int rv;
210
211         spin_lock_irqsave(&data->txlock, flags);
212         rv = test_bit(BTUSB_SUSPENDING, &data->flags);
213         if (!rv)
214                 data->tx_in_flight++;
215         spin_unlock_irqrestore(&data->txlock, flags);
216
217         return rv;
218 }
219
220 static void btusb_intr_complete(struct urb *urb)
221 {
222         struct hci_dev *hdev = urb->context;
223         struct btusb_data *data = hdev->driver_data;
224         int err;
225
226         BT_DBG("%s urb %p status %d count %d", hdev->name,
227                                         urb, urb->status, urb->actual_length);
228
229         if (!test_bit(HCI_RUNNING, &hdev->flags))
230                 return;
231
232         if (urb->status == 0) {
233                 hdev->stat.byte_rx += urb->actual_length;
234
235                 if (hci_recv_fragment(hdev, HCI_EVENT_PKT,
236                                                 urb->transfer_buffer,
237                                                 urb->actual_length) < 0) {
238                         BT_ERR("%s corrupted event packet", hdev->name);
239                         hdev->stat.err_rx++;
240                 }
241         }
242
243         if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
244                 return;
245
246         usb_mark_last_busy(data->udev);
247         usb_anchor_urb(urb, &data->intr_anchor);
248
249         err = usb_submit_urb(urb, GFP_ATOMIC);
250         if (err < 0) {
251                 if (err != -EPERM)
252                         BT_ERR("%s urb %p failed to resubmit (%d)",
253                                                 hdev->name, urb, -err);
254                 usb_unanchor_urb(urb);
255         }
256 }
257
258 static int btusb_submit_intr_urb(struct hci_dev *hdev, gfp_t mem_flags)
259 {
260         struct btusb_data *data = hdev->driver_data;
261         struct urb *urb;
262         unsigned char *buf;
263         unsigned int pipe;
264         int err, size;
265
266         BT_DBG("%s", hdev->name);
267
268         if (!data->intr_ep)
269                 return -ENODEV;
270
271         urb = usb_alloc_urb(0, mem_flags);
272         if (!urb)
273                 return -ENOMEM;
274
275         size = le16_to_cpu(data->intr_ep->wMaxPacketSize);
276
277         buf = kmalloc(size, mem_flags);
278         if (!buf) {
279                 usb_free_urb(urb);
280                 return -ENOMEM;
281         }
282
283         pipe = usb_rcvintpipe(data->udev, data->intr_ep->bEndpointAddress);
284
285         usb_fill_int_urb(urb, data->udev, pipe, buf, size,
286                                                 btusb_intr_complete, hdev,
287                                                 data->intr_ep->bInterval);
288
289         urb->transfer_flags |= URB_FREE_BUFFER;
290
291         usb_anchor_urb(urb, &data->intr_anchor);
292
293         err = usb_submit_urb(urb, mem_flags);
294         if (err < 0) {
295                 BT_ERR("%s urb %p submission failed (%d)",
296                                                 hdev->name, urb, -err);
297                 usb_unanchor_urb(urb);
298         }
299
300         usb_free_urb(urb);
301
302         return err;
303 }
304
305 static void btusb_bulk_complete(struct urb *urb)
306 {
307         struct hci_dev *hdev = urb->context;
308         struct btusb_data *data = hdev->driver_data;
309         int err;
310
311         BT_DBG("%s urb %p status %d count %d", hdev->name,
312                                         urb, urb->status, urb->actual_length);
313
314         if (!test_bit(HCI_RUNNING, &hdev->flags))
315                 return;
316
317         if (urb->status == 0) {
318                 hdev->stat.byte_rx += urb->actual_length;
319
320                 if (hci_recv_fragment(hdev, HCI_ACLDATA_PKT,
321                                                 urb->transfer_buffer,
322                                                 urb->actual_length) < 0) {
323                         BT_ERR("%s corrupted ACL packet", hdev->name);
324                         hdev->stat.err_rx++;
325                 }
326         }
327
328         if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
329                 return;
330
331         usb_anchor_urb(urb, &data->bulk_anchor);
332         usb_mark_last_busy(data->udev);
333
334         err = usb_submit_urb(urb, GFP_ATOMIC);
335         if (err < 0) {
336                 if (err != -EPERM)
337                         BT_ERR("%s urb %p failed to resubmit (%d)",
338                                                 hdev->name, urb, -err);
339                 usb_unanchor_urb(urb);
340         }
341 }
342
343 static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
344 {
345         struct btusb_data *data = hdev->driver_data;
346         struct urb *urb;
347         unsigned char *buf;
348         unsigned int pipe;
349         int err, size = HCI_MAX_FRAME_SIZE;
350
351         BT_DBG("%s", hdev->name);
352
353         if (!data->bulk_rx_ep)
354                 return -ENODEV;
355
356         urb = usb_alloc_urb(0, mem_flags);
357         if (!urb)
358                 return -ENOMEM;
359
360         buf = kmalloc(size, mem_flags);
361         if (!buf) {
362                 usb_free_urb(urb);
363                 return -ENOMEM;
364         }
365
366         pipe = usb_rcvbulkpipe(data->udev, data->bulk_rx_ep->bEndpointAddress);
367
368         usb_fill_bulk_urb(urb, data->udev, pipe,
369                                         buf, size, btusb_bulk_complete, hdev);
370
371         urb->transfer_flags |= URB_FREE_BUFFER;
372
373         usb_mark_last_busy(data->udev);
374         usb_anchor_urb(urb, &data->bulk_anchor);
375
376         err = usb_submit_urb(urb, mem_flags);
377         if (err < 0) {
378                 BT_ERR("%s urb %p submission failed (%d)",
379                                                 hdev->name, urb, -err);
380                 usb_unanchor_urb(urb);
381         }
382
383         usb_free_urb(urb);
384
385         return err;
386 }
387
388 static void btusb_isoc_complete(struct urb *urb)
389 {
390         struct hci_dev *hdev = urb->context;
391         struct btusb_data *data = hdev->driver_data;
392         int i, err;
393
394         BT_DBG("%s urb %p status %d count %d", hdev->name,
395                                         urb, urb->status, urb->actual_length);
396
397         if (!test_bit(HCI_RUNNING, &hdev->flags))
398                 return;
399
400         if (urb->status == 0) {
401                 for (i = 0; i < urb->number_of_packets; i++) {
402                         unsigned int offset = urb->iso_frame_desc[i].offset;
403                         unsigned int length = urb->iso_frame_desc[i].actual_length;
404
405                         if (urb->iso_frame_desc[i].status)
406                                 continue;
407
408                         hdev->stat.byte_rx += length;
409
410                         if (hci_recv_fragment(hdev, HCI_SCODATA_PKT,
411                                                 urb->transfer_buffer + offset,
412                                                                 length) < 0) {
413                                 BT_ERR("%s corrupted SCO packet", hdev->name);
414                                 hdev->stat.err_rx++;
415                         }
416                 }
417         }
418
419         if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
420                 return;
421
422         usb_anchor_urb(urb, &data->isoc_anchor);
423
424         err = usb_submit_urb(urb, GFP_ATOMIC);
425         if (err < 0) {
426                 if (err != -EPERM)
427                         BT_ERR("%s urb %p failed to resubmit (%d)",
428                                                 hdev->name, urb, -err);
429                 usb_unanchor_urb(urb);
430         }
431 }
432
433 static void inline __fill_isoc_descriptor(struct urb *urb, int len, int mtu)
434 {
435         int i, offset = 0;
436
437         BT_DBG("len %d mtu %d", len, mtu);
438
439         for (i = 0; i < BTUSB_MAX_ISOC_FRAMES && len >= mtu;
440                                         i++, offset += mtu, len -= mtu) {
441                 urb->iso_frame_desc[i].offset = offset;
442                 urb->iso_frame_desc[i].length = mtu;
443         }
444
445         if (len && i < BTUSB_MAX_ISOC_FRAMES) {
446                 urb->iso_frame_desc[i].offset = offset;
447                 urb->iso_frame_desc[i].length = len;
448                 i++;
449         }
450
451         urb->number_of_packets = i;
452 }
453
454 static int btusb_submit_isoc_urb(struct hci_dev *hdev, gfp_t mem_flags)
455 {
456         struct btusb_data *data = hdev->driver_data;
457         struct urb *urb;
458         unsigned char *buf;
459         unsigned int pipe;
460         int err, size;
461
462         BT_DBG("%s", hdev->name);
463
464         if (!data->isoc_rx_ep)
465                 return -ENODEV;
466
467         urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, mem_flags);
468         if (!urb)
469                 return -ENOMEM;
470
471         size = le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize) *
472                                                 BTUSB_MAX_ISOC_FRAMES;
473
474         buf = kmalloc(size, mem_flags);
475         if (!buf) {
476                 usb_free_urb(urb);
477                 return -ENOMEM;
478         }
479
480         pipe = usb_rcvisocpipe(data->udev, data->isoc_rx_ep->bEndpointAddress);
481
482         urb->dev      = data->udev;
483         urb->pipe     = pipe;
484         urb->context  = hdev;
485         urb->complete = btusb_isoc_complete;
486         urb->interval = data->isoc_rx_ep->bInterval;
487
488         urb->transfer_flags  = URB_FREE_BUFFER | URB_ISO_ASAP;
489         urb->transfer_buffer = buf;
490         urb->transfer_buffer_length = size;
491
492         __fill_isoc_descriptor(urb, size,
493                         le16_to_cpu(data->isoc_rx_ep->wMaxPacketSize));
494
495         usb_anchor_urb(urb, &data->isoc_anchor);
496
497         err = usb_submit_urb(urb, mem_flags);
498         if (err < 0) {
499                 BT_ERR("%s urb %p submission failed (%d)",
500                                                 hdev->name, urb, -err);
501                 usb_unanchor_urb(urb);
502         }
503
504         usb_free_urb(urb);
505
506         return err;
507 }
508
509 static void btusb_tx_complete(struct urb *urb)
510 {
511         struct sk_buff *skb = urb->context;
512         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
513         struct btusb_data *data = hdev->driver_data;
514
515         BT_DBG("%s urb %p status %d count %d", hdev->name,
516                                         urb, urb->status, urb->actual_length);
517
518         if (!test_bit(HCI_RUNNING, &hdev->flags))
519                 goto done;
520
521         if (!urb->status)
522                 hdev->stat.byte_tx += urb->transfer_buffer_length;
523         else
524                 hdev->stat.err_tx++;
525
526 done:
527         spin_lock(&data->txlock);
528         data->tx_in_flight--;
529         spin_unlock(&data->txlock);
530
531         kfree(urb->setup_packet);
532
533         kfree_skb(skb);
534 }
535
536 static void btusb_isoc_tx_complete(struct urb *urb)
537 {
538         struct sk_buff *skb = urb->context;
539         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
540
541         BT_DBG("%s urb %p status %d count %d", hdev->name,
542                                         urb, urb->status, urb->actual_length);
543
544         if (!test_bit(HCI_RUNNING, &hdev->flags))
545                 goto done;
546
547         if (!urb->status)
548                 hdev->stat.byte_tx += urb->transfer_buffer_length;
549         else
550                 hdev->stat.err_tx++;
551
552 done:
553         kfree(urb->setup_packet);
554
555         kfree_skb(skb);
556 }
557
558 static int btusb_open(struct hci_dev *hdev)
559 {
560         struct btusb_data *data = hdev->driver_data;
561         int err;
562
563         BT_DBG("%s", hdev->name);
564
565         err = usb_autopm_get_interface(data->intf);
566         if (err < 0)
567                 return err;
568
569         data->intf->needs_remote_wakeup = 1;
570
571         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
572                 goto done;
573
574         if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
575                 goto done;
576
577         err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
578         if (err < 0)
579                 goto failed;
580
581         err = btusb_submit_bulk_urb(hdev, GFP_KERNEL);
582         if (err < 0) {
583                 usb_kill_anchored_urbs(&data->intr_anchor);
584                 goto failed;
585         }
586
587         set_bit(BTUSB_BULK_RUNNING, &data->flags);
588         btusb_submit_bulk_urb(hdev, GFP_KERNEL);
589
590 done:
591         usb_autopm_put_interface(data->intf);
592         return 0;
593
594 failed:
595         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
596         clear_bit(HCI_RUNNING, &hdev->flags);
597         usb_autopm_put_interface(data->intf);
598         return err;
599 }
600
601 static void btusb_stop_traffic(struct btusb_data *data)
602 {
603         usb_kill_anchored_urbs(&data->intr_anchor);
604         usb_kill_anchored_urbs(&data->bulk_anchor);
605         usb_kill_anchored_urbs(&data->isoc_anchor);
606 }
607
608 static int btusb_close(struct hci_dev *hdev)
609 {
610         struct btusb_data *data = hdev->driver_data;
611         int err;
612
613         BT_DBG("%s", hdev->name);
614
615         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
616                 return 0;
617
618         cancel_work_sync(&data->work);
619         cancel_work_sync(&data->waker);
620
621         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
622         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
623         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
624
625         btusb_stop_traffic(data);
626         err = usb_autopm_get_interface(data->intf);
627         if (err < 0)
628                 goto failed;
629
630         data->intf->needs_remote_wakeup = 0;
631         usb_autopm_put_interface(data->intf);
632
633 failed:
634         usb_scuttle_anchored_urbs(&data->deferred);
635         return 0;
636 }
637
638 static int btusb_flush(struct hci_dev *hdev)
639 {
640         struct btusb_data *data = hdev->driver_data;
641
642         BT_DBG("%s", hdev->name);
643
644         usb_kill_anchored_urbs(&data->tx_anchor);
645
646         return 0;
647 }
648
649 static int btusb_send_frame(struct sk_buff *skb)
650 {
651         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
652         struct btusb_data *data = hdev->driver_data;
653         struct usb_ctrlrequest *dr;
654         struct urb *urb;
655         unsigned int pipe;
656         int err;
657
658         BT_DBG("%s", hdev->name);
659
660         if (!test_bit(HCI_RUNNING, &hdev->flags))
661                 return -EBUSY;
662
663         switch (bt_cb(skb)->pkt_type) {
664         case HCI_COMMAND_PKT:
665                 urb = usb_alloc_urb(0, GFP_ATOMIC);
666                 if (!urb)
667                         return -ENOMEM;
668
669                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
670                 if (!dr) {
671                         usb_free_urb(urb);
672                         return -ENOMEM;
673                 }
674
675                 dr->bRequestType = data->cmdreq_type;
676                 dr->bRequest     = 0;
677                 dr->wIndex       = 0;
678                 dr->wValue       = 0;
679                 dr->wLength      = __cpu_to_le16(skb->len);
680
681                 pipe = usb_sndctrlpipe(data->udev, 0x00);
682
683                 usb_fill_control_urb(urb, data->udev, pipe, (void *) dr,
684                                 skb->data, skb->len, btusb_tx_complete, skb);
685
686                 hdev->stat.cmd_tx++;
687                 break;
688
689         case HCI_ACLDATA_PKT:
690                 if (!data->bulk_tx_ep || hdev->conn_hash.acl_num < 1)
691                         return -ENODEV;
692
693                 urb = usb_alloc_urb(0, GFP_ATOMIC);
694                 if (!urb)
695                         return -ENOMEM;
696
697                 pipe = usb_sndbulkpipe(data->udev,
698                                         data->bulk_tx_ep->bEndpointAddress);
699
700                 usb_fill_bulk_urb(urb, data->udev, pipe,
701                                 skb->data, skb->len, btusb_tx_complete, skb);
702
703                 hdev->stat.acl_tx++;
704                 break;
705
706         case HCI_SCODATA_PKT:
707                 if (!data->isoc_tx_ep || hdev->conn_hash.sco_num < 1)
708                         return -ENODEV;
709
710                 urb = usb_alloc_urb(BTUSB_MAX_ISOC_FRAMES, GFP_ATOMIC);
711                 if (!urb)
712                         return -ENOMEM;
713
714                 pipe = usb_sndisocpipe(data->udev,
715                                         data->isoc_tx_ep->bEndpointAddress);
716
717                 urb->dev      = data->udev;
718                 urb->pipe     = pipe;
719                 urb->context  = skb;
720                 urb->complete = btusb_isoc_tx_complete;
721                 urb->interval = data->isoc_tx_ep->bInterval;
722
723                 urb->transfer_flags  = URB_ISO_ASAP;
724                 urb->transfer_buffer = skb->data;
725                 urb->transfer_buffer_length = skb->len;
726
727                 __fill_isoc_descriptor(urb, skb->len,
728                                 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
729
730                 hdev->stat.sco_tx++;
731                 goto skip_waking;
732
733         default:
734                 return -EILSEQ;
735         }
736
737         err = inc_tx(data);
738         if (err) {
739                 usb_anchor_urb(urb, &data->deferred);
740                 schedule_work(&data->waker);
741                 err = 0;
742                 goto done;
743         }
744
745 skip_waking:
746         usb_anchor_urb(urb, &data->tx_anchor);
747
748         err = usb_submit_urb(urb, GFP_ATOMIC);
749         if (err < 0) {
750                 BT_ERR("%s urb %p submission failed", hdev->name, urb);
751                 kfree(urb->setup_packet);
752                 usb_unanchor_urb(urb);
753         } else {
754                 usb_mark_last_busy(data->udev);
755         }
756
757         usb_free_urb(urb);
758
759 done:
760         return err;
761 }
762
763 static void btusb_destruct(struct hci_dev *hdev)
764 {
765         struct btusb_data *data = hdev->driver_data;
766
767         BT_DBG("%s", hdev->name);
768
769         kfree(data);
770 }
771
772 static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
773 {
774         struct btusb_data *data = hdev->driver_data;
775
776         BT_DBG("%s evt %d", hdev->name, evt);
777
778         if (hdev->conn_hash.sco_num != data->sco_num) {
779                 data->sco_num = hdev->conn_hash.sco_num;
780                 schedule_work(&data->work);
781         }
782 }
783
784 static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
785 {
786         struct btusb_data *data = hdev->driver_data;
787         struct usb_interface *intf = data->isoc;
788         struct usb_endpoint_descriptor *ep_desc;
789         int i, err;
790
791         if (!data->isoc)
792                 return -ENODEV;
793
794         err = usb_set_interface(data->udev, 1, altsetting);
795         if (err < 0) {
796                 BT_ERR("%s setting interface failed (%d)", hdev->name, -err);
797                 return err;
798         }
799
800         data->isoc_altsetting = altsetting;
801
802         data->isoc_tx_ep = NULL;
803         data->isoc_rx_ep = NULL;
804
805         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
806                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
807
808                 if (!data->isoc_tx_ep && usb_endpoint_is_isoc_out(ep_desc)) {
809                         data->isoc_tx_ep = ep_desc;
810                         continue;
811                 }
812
813                 if (!data->isoc_rx_ep && usb_endpoint_is_isoc_in(ep_desc)) {
814                         data->isoc_rx_ep = ep_desc;
815                         continue;
816                 }
817         }
818
819         if (!data->isoc_tx_ep || !data->isoc_rx_ep) {
820                 BT_ERR("%s invalid SCO descriptors", hdev->name);
821                 return -ENODEV;
822         }
823
824         return 0;
825 }
826
827 static void btusb_work(struct work_struct *work)
828 {
829         struct btusb_data *data = container_of(work, struct btusb_data, work);
830         struct hci_dev *hdev = data->hdev;
831         int err;
832
833         if (hdev->conn_hash.sco_num > 0) {
834                 if (!test_bit(BTUSB_DID_ISO_RESUME, &data->flags)) {
835                         err = usb_autopm_get_interface(data->isoc);
836                         if (err < 0) {
837                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
838                                 usb_kill_anchored_urbs(&data->isoc_anchor);
839                                 return;
840                         }
841
842                         set_bit(BTUSB_DID_ISO_RESUME, &data->flags);
843                 }
844                 if (data->isoc_altsetting != 2) {
845                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
846                         usb_kill_anchored_urbs(&data->isoc_anchor);
847
848                         if (__set_isoc_interface(hdev, 2) < 0)
849                                 return;
850                 }
851
852                 if (!test_and_set_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
853                         if (btusb_submit_isoc_urb(hdev, GFP_KERNEL) < 0)
854                                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
855                         else
856                                 btusb_submit_isoc_urb(hdev, GFP_KERNEL);
857                 }
858         } else {
859                 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
860                 usb_kill_anchored_urbs(&data->isoc_anchor);
861
862                 __set_isoc_interface(hdev, 0);
863                 if (test_and_clear_bit(BTUSB_DID_ISO_RESUME, &data->flags))
864                         usb_autopm_put_interface(data->isoc);
865         }
866 }
867
868 static void btusb_waker(struct work_struct *work)
869 {
870         struct btusb_data *data = container_of(work, struct btusb_data, waker);
871         int err;
872
873         err = usb_autopm_get_interface(data->intf);
874         if (err < 0)
875                 return;
876
877         usb_autopm_put_interface(data->intf);
878 }
879
880 static int btusb_probe(struct usb_interface *intf,
881                                 const struct usb_device_id *id)
882 {
883         struct usb_endpoint_descriptor *ep_desc;
884         struct btusb_data *data;
885         struct hci_dev *hdev;
886         int i, err;
887
888         BT_DBG("intf %p id %p", intf, id);
889
890         /* interface numbers are hardcoded in the spec */
891         if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
892                 return -ENODEV;
893
894         if (!id->driver_info) {
895                 const struct usb_device_id *match;
896                 match = usb_match_id(intf, blacklist_table);
897                 if (match)
898                         id = match;
899         }
900
901         if (id->driver_info == BTUSB_IGNORE)
902                 return -ENODEV;
903
904         if (ignore_dga && id->driver_info & BTUSB_DIGIANSWER)
905                 return -ENODEV;
906
907         if (ignore_csr && id->driver_info & BTUSB_CSR)
908                 return -ENODEV;
909
910         if (ignore_sniffer && id->driver_info & BTUSB_SNIFFER)
911                 return -ENODEV;
912
913         data = kzalloc(sizeof(*data), GFP_KERNEL);
914         if (!data)
915                 return -ENOMEM;
916
917         for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
918                 ep_desc = &intf->cur_altsetting->endpoint[i].desc;
919
920                 if (!data->intr_ep && usb_endpoint_is_int_in(ep_desc)) {
921                         data->intr_ep = ep_desc;
922                         continue;
923                 }
924
925                 if (!data->bulk_tx_ep && usb_endpoint_is_bulk_out(ep_desc)) {
926                         data->bulk_tx_ep = ep_desc;
927                         continue;
928                 }
929
930                 if (!data->bulk_rx_ep && usb_endpoint_is_bulk_in(ep_desc)) {
931                         data->bulk_rx_ep = ep_desc;
932                         continue;
933                 }
934         }
935
936         if (!data->intr_ep || !data->bulk_tx_ep || !data->bulk_rx_ep) {
937                 kfree(data);
938                 return -ENODEV;
939         }
940
941         data->cmdreq_type = USB_TYPE_CLASS;
942
943         data->udev = interface_to_usbdev(intf);
944         data->intf = intf;
945
946         spin_lock_init(&data->lock);
947
948         INIT_WORK(&data->work, btusb_work);
949         INIT_WORK(&data->waker, btusb_waker);
950         spin_lock_init(&data->txlock);
951
952         init_usb_anchor(&data->tx_anchor);
953         init_usb_anchor(&data->intr_anchor);
954         init_usb_anchor(&data->bulk_anchor);
955         init_usb_anchor(&data->isoc_anchor);
956         init_usb_anchor(&data->deferred);
957
958         hdev = hci_alloc_dev();
959         if (!hdev) {
960                 kfree(data);
961                 return -ENOMEM;
962         }
963
964         hdev->bus = HCI_USB;
965         hdev->driver_data = data;
966
967         data->hdev = hdev;
968
969         SET_HCIDEV_DEV(hdev, &intf->dev);
970
971         hdev->open     = btusb_open;
972         hdev->close    = btusb_close;
973         hdev->flush    = btusb_flush;
974         hdev->send     = btusb_send_frame;
975         hdev->destruct = btusb_destruct;
976         hdev->notify   = btusb_notify;
977
978         hdev->owner = THIS_MODULE;
979
980         /* Interface numbers are hardcoded in the specification */
981         data->isoc = usb_ifnum_to_if(data->udev, 1);
982
983         if (!reset)
984                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
985
986         if (force_scofix || id->driver_info & BTUSB_WRONG_SCO_MTU) {
987                 if (!disable_scofix)
988                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
989         }
990
991         if (id->driver_info & BTUSB_BROKEN_ISOC)
992                 data->isoc = NULL;
993
994         if (id->driver_info & BTUSB_DIGIANSWER) {
995                 data->cmdreq_type = USB_TYPE_VENDOR;
996                 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
997         }
998
999         if (id->driver_info & BTUSB_CSR) {
1000                 struct usb_device *udev = data->udev;
1001
1002                 /* Old firmware would otherwise execute USB reset */
1003                 if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
1004                         set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
1005         }
1006
1007         if (id->driver_info & BTUSB_SNIFFER) {
1008                 struct usb_device *udev = data->udev;
1009
1010                 /* New sniffer firmware has crippled HCI interface */
1011                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1012                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1013
1014                 data->isoc = NULL;
1015         }
1016
1017         if (id->driver_info & BTUSB_BCM92035) {
1018                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1019                 struct sk_buff *skb;
1020
1021                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1022                 if (skb) {
1023                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1024                         skb_queue_tail(&hdev->driver_init, skb);
1025                 }
1026         }
1027
1028         if (data->isoc) {
1029                 err = usb_driver_claim_interface(&btusb_driver,
1030                                                         data->isoc, data);
1031                 if (err < 0) {
1032                         hci_free_dev(hdev);
1033                         kfree(data);
1034                         return err;
1035                 }
1036         }
1037
1038         err = hci_register_dev(hdev);
1039         if (err < 0) {
1040                 hci_free_dev(hdev);
1041                 kfree(data);
1042                 return err;
1043         }
1044
1045         usb_set_intfdata(intf, data);
1046
1047         usb_enable_autosuspend(interface_to_usbdev(intf));
1048
1049         return 0;
1050 }
1051
1052 static void btusb_disconnect(struct usb_interface *intf)
1053 {
1054         struct btusb_data *data = usb_get_intfdata(intf);
1055         struct hci_dev *hdev;
1056
1057         BT_DBG("intf %p", intf);
1058
1059         if (!data)
1060                 return;
1061
1062         hdev = data->hdev;
1063
1064         __hci_dev_hold(hdev);
1065
1066         usb_set_intfdata(data->intf, NULL);
1067
1068         if (data->isoc)
1069                 usb_set_intfdata(data->isoc, NULL);
1070
1071         hci_unregister_dev(hdev);
1072
1073         if (intf == data->isoc)
1074                 usb_driver_release_interface(&btusb_driver, data->intf);
1075         else if (data->isoc)
1076                 usb_driver_release_interface(&btusb_driver, data->isoc);
1077
1078         __hci_dev_put(hdev);
1079
1080         hci_free_dev(hdev);
1081 }
1082
1083 #ifdef CONFIG_PM
1084 static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
1085 {
1086         struct btusb_data *data = usb_get_intfdata(intf);
1087
1088         BT_DBG("intf %p", intf);
1089
1090         if (data->suspend_count++)
1091                 return 0;
1092
1093         spin_lock_irq(&data->txlock);
1094         if (!((message.event & PM_EVENT_AUTO) && data->tx_in_flight)) {
1095                 set_bit(BTUSB_SUSPENDING, &data->flags);
1096                 spin_unlock_irq(&data->txlock);
1097         } else {
1098                 spin_unlock_irq(&data->txlock);
1099                 data->suspend_count--;
1100                 return -EBUSY;
1101         }
1102
1103         cancel_work_sync(&data->work);
1104
1105         btusb_stop_traffic(data);
1106         usb_kill_anchored_urbs(&data->tx_anchor);
1107
1108         return 0;
1109 }
1110
1111 static void play_deferred(struct btusb_data *data)
1112 {
1113         struct urb *urb;
1114         int err;
1115
1116         while ((urb = usb_get_from_anchor(&data->deferred))) {
1117                 err = usb_submit_urb(urb, GFP_ATOMIC);
1118                 if (err < 0)
1119                         break;
1120
1121                 data->tx_in_flight++;
1122         }
1123         usb_scuttle_anchored_urbs(&data->deferred);
1124 }
1125
1126 static int btusb_resume(struct usb_interface *intf)
1127 {
1128         struct btusb_data *data = usb_get_intfdata(intf);
1129         struct hci_dev *hdev = data->hdev;
1130         int err = 0;
1131
1132         BT_DBG("intf %p", intf);
1133
1134         if (--data->suspend_count)
1135                 return 0;
1136
1137         if (!test_bit(HCI_RUNNING, &hdev->flags))
1138                 goto done;
1139
1140         if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
1141                 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
1142                 if (err < 0) {
1143                         clear_bit(BTUSB_INTR_RUNNING, &data->flags);
1144                         goto failed;
1145                 }
1146         }
1147
1148         if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) {
1149                 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
1150                 if (err < 0) {
1151                         clear_bit(BTUSB_BULK_RUNNING, &data->flags);
1152                         goto failed;
1153                 }
1154
1155                 btusb_submit_bulk_urb(hdev, GFP_NOIO);
1156         }
1157
1158         if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
1159                 if (btusb_submit_isoc_urb(hdev, GFP_NOIO) < 0)
1160                         clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
1161                 else
1162                         btusb_submit_isoc_urb(hdev, GFP_NOIO);
1163         }
1164
1165         spin_lock_irq(&data->txlock);
1166         play_deferred(data);
1167         clear_bit(BTUSB_SUSPENDING, &data->flags);
1168         spin_unlock_irq(&data->txlock);
1169         schedule_work(&data->work);
1170
1171         return 0;
1172
1173 failed:
1174         usb_scuttle_anchored_urbs(&data->deferred);
1175 done:
1176         spin_lock_irq(&data->txlock);
1177         clear_bit(BTUSB_SUSPENDING, &data->flags);
1178         spin_unlock_irq(&data->txlock);
1179
1180         return err;
1181 }
1182 #endif
1183
1184 static struct usb_driver btusb_driver = {
1185         .name           = "btusb",
1186         .probe          = btusb_probe,
1187         .disconnect     = btusb_disconnect,
1188 #ifdef CONFIG_PM
1189         .suspend        = btusb_suspend,
1190         .resume         = btusb_resume,
1191 #endif
1192         .id_table       = btusb_table,
1193         .supports_autosuspend = 1,
1194 };
1195
1196 static int __init btusb_init(void)
1197 {
1198         BT_INFO("Generic Bluetooth USB driver ver %s", VERSION);
1199
1200         return usb_register(&btusb_driver);
1201 }
1202
1203 static void __exit btusb_exit(void)
1204 {
1205         usb_deregister(&btusb_driver);
1206 }
1207
1208 module_init(btusb_init);
1209 module_exit(btusb_exit);
1210
1211 module_param(ignore_dga, bool, 0644);
1212 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1213
1214 module_param(ignore_csr, bool, 0644);
1215 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1216
1217 module_param(ignore_sniffer, bool, 0644);
1218 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1219
1220 module_param(disable_scofix, bool, 0644);
1221 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1222
1223 module_param(force_scofix, bool, 0644);
1224 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1225
1226 module_param(reset, bool, 0644);
1227 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1228
1229 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1230 MODULE_DESCRIPTION("Generic Bluetooth USB driver ver " VERSION);
1231 MODULE_VERSION(VERSION);
1232 MODULE_LICENSE("GPL");