[Bluetooth] Correct SCO buffer size on request
[linux-2.6.git] / drivers / bluetooth / hci_usb.c
1 /* 
2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
5
6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /*
27  * Bluetooth HCI USB driver.
28  * Based on original USB Bluetooth driver for Linux kernel
29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
31  *
32  */
33
34 #include <linux/module.h>
35
36 #include <linux/kernel.h>
37 #include <linux/init.h>
38 #include <linux/sched.h>
39 #include <linux/unistd.h>
40 #include <linux/types.h>
41 #include <linux/interrupt.h>
42 #include <linux/moduleparam.h>
43
44 #include <linux/slab.h>
45 #include <linux/errno.h>
46 #include <linux/string.h>
47 #include <linux/skbuff.h>
48
49 #include <linux/usb.h>
50
51 #include <net/bluetooth/bluetooth.h>
52 #include <net/bluetooth/hci_core.h>
53
54 #include "hci_usb.h"
55
56 #ifndef CONFIG_BT_HCIUSB_DEBUG
57 #undef  BT_DBG
58 #define BT_DBG(D...)
59 #endif
60
61 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
62 #undef  URB_ZERO_PACKET
63 #define URB_ZERO_PACKET 0
64 #endif
65
66 static int ignore = 0;
67 static int ignore_dga = 0;
68 static int ignore_csr = 0;
69 static int ignore_sniffer = 0;
70 static int reset = 0;
71
72 #ifdef CONFIG_BT_HCIUSB_SCO
73 static int isoc = 2;
74 #endif
75
76 #define VERSION "2.9"
77
78 static struct usb_driver hci_usb_driver; 
79
80 static struct usb_device_id bluetooth_ids[] = {
81         /* Generic Bluetooth USB device */
82         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
83
84         /* AVM BlueFRITZ! USB v2.0 */
85         { USB_DEVICE(0x057c, 0x3800) },
86
87         /* Bluetooth Ultraport Module from IBM */
88         { USB_DEVICE(0x04bf, 0x030a) },
89
90         /* ALPS Modules with non-standard id */
91         { USB_DEVICE(0x044e, 0x3001) },
92         { USB_DEVICE(0x044e, 0x3002) },
93
94         /* Ericsson with non-standard id */
95         { USB_DEVICE(0x0bdb, 0x1002) },
96
97         { }     /* Terminating entry */
98 };
99
100 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
101
102 static struct usb_device_id blacklist_ids[] = {
103         /* CSR BlueCore devices */
104         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
105
106         /* Broadcom BCM2033 without firmware */
107         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
108
109         /* Broadcom BCM2035 */
110         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
111         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
112
113         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
114         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
115
116         /* Kensington Bluetooth USB adapter */
117         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
118
119         /* ISSC Bluetooth Adapter v3.1 */
120         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
121
122         /* RTX Telecom based adapter with buggy SCO support */
123         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
124
125         /* Belkin F8T012 */
126         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
127
128         /* Digianswer devices */
129         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
130         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
131
132         /* CSR BlueCore Bluetooth Sniffer */
133         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
134
135         /* Frontline ComProbe Bluetooth Sniffer */
136         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
137
138         { }     /* Terminating entry */
139 };
140
141 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
142 {
143         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
144                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
145         if (_urb) {
146                 memset(_urb, 0, sizeof(*_urb));
147                 usb_init_urb(&_urb->urb);
148         }
149         return _urb;
150 }
151
152 static struct _urb *_urb_dequeue(struct _urb_queue *q)
153 {
154         struct _urb *_urb = NULL;
155         unsigned long flags;
156         spin_lock_irqsave(&q->lock, flags);
157         {
158                 struct list_head *head = &q->head;
159                 struct list_head *next = head->next;
160                 if (next != head) {
161                         _urb = list_entry(next, struct _urb, list);
162                         list_del(next); _urb->queue = NULL;
163                 }
164         }
165         spin_unlock_irqrestore(&q->lock, flags);
166         return _urb;
167 }
168
169 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
170 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
171
172 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
173 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
174 #define __completed_q(husb, type) (&husb->completed_q[type-1])
175 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
176 #define __reassembly(husb, type)  (husb->reassembly[type-1])
177
178 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
179 {
180         return _urb_dequeue(__completed_q(husb, type)); 
181 }
182
183 #ifdef CONFIG_BT_HCIUSB_SCO
184 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
185 {
186         int offset = 0, i;
187
188         BT_DBG("len %d mtu %d", len, mtu);
189
190         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
191                 urb->iso_frame_desc[i].offset = offset;
192                 urb->iso_frame_desc[i].length = mtu;
193                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
194         }
195         if (len && i < HCI_MAX_ISOC_FRAMES) {
196                 urb->iso_frame_desc[i].offset = offset;
197                 urb->iso_frame_desc[i].length = len;
198                 BT_DBG("desc %d offset %d len %d", i, offset, len);
199                 i++;
200         }
201         urb->number_of_packets = i;
202 }
203 #endif
204
205 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
206 {
207         struct _urb *_urb;
208         struct urb *urb;
209         int err, pipe, interval, size;
210         void *buf;
211
212         BT_DBG("%s", husb->hdev->name);
213
214         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
215
216         buf = kmalloc(size, GFP_ATOMIC);
217         if (!buf)
218                 return -ENOMEM;
219
220         _urb = _urb_alloc(0, GFP_ATOMIC);
221         if (!_urb) {
222                 kfree(buf);
223                 return -ENOMEM;
224         }
225         _urb->type = HCI_EVENT_PKT;
226         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
227
228         urb = &_urb->urb;
229         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
230         interval = husb->intr_in_ep->desc.bInterval;
231         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
232         
233         err = usb_submit_urb(urb, GFP_ATOMIC);
234         if (err) {
235                 BT_ERR("%s intr rx submit failed urb %p err %d",
236                                 husb->hdev->name, urb, err);
237                 _urb_unlink(_urb);
238                 _urb_free(_urb);
239                 kfree(buf);
240         }
241         return err;
242 }
243
244 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
245 {
246         struct _urb *_urb;
247         struct urb *urb;
248         int err, pipe, size = HCI_MAX_FRAME_SIZE;
249         void *buf;
250
251         buf = kmalloc(size, GFP_ATOMIC);
252         if (!buf)
253                 return -ENOMEM;
254
255         _urb = _urb_alloc(0, GFP_ATOMIC);
256         if (!_urb) {
257                 kfree(buf);
258                 return -ENOMEM;
259         }
260         _urb->type = HCI_ACLDATA_PKT;
261         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
262
263         urb  = &_urb->urb;
264         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
265         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
266         urb->transfer_flags = 0;
267
268         BT_DBG("%s urb %p", husb->hdev->name, urb);
269
270         err = usb_submit_urb(urb, GFP_ATOMIC);
271         if (err) {
272                 BT_ERR("%s bulk rx submit failed urb %p err %d",
273                                 husb->hdev->name, urb, err);
274                 _urb_unlink(_urb);
275                 _urb_free(_urb);
276                 kfree(buf);
277         }
278         return err;
279 }
280
281 #ifdef CONFIG_BT_HCIUSB_SCO
282 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
283 {
284         struct _urb *_urb;
285         struct urb *urb;
286         int err, mtu, size;
287         void *buf;
288
289         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
290         size = mtu * HCI_MAX_ISOC_FRAMES;
291
292         buf = kmalloc(size, GFP_ATOMIC);
293         if (!buf)
294                 return -ENOMEM;
295
296         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
297         if (!_urb) {
298                 kfree(buf);
299                 return -ENOMEM;
300         }
301         _urb->type = HCI_SCODATA_PKT;
302         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
303
304         urb = &_urb->urb;
305
306         urb->context  = husb;
307         urb->dev      = husb->udev;
308         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
309         urb->complete = hci_usb_rx_complete;
310
311         urb->interval = husb->isoc_in_ep->desc.bInterval;
312
313         urb->transfer_buffer_length = size;
314         urb->transfer_buffer = buf;
315         urb->transfer_flags  = URB_ISO_ASAP;
316
317         __fill_isoc_desc(urb, size, mtu);
318
319         BT_DBG("%s urb %p", husb->hdev->name, urb);
320
321         err = usb_submit_urb(urb, GFP_ATOMIC);
322         if (err) {
323                 BT_ERR("%s isoc rx submit failed urb %p err %d",
324                                 husb->hdev->name, urb, err);
325                 _urb_unlink(_urb);
326                 _urb_free(_urb);
327                 kfree(buf);
328         }
329         return err;
330 }
331 #endif
332
333 /* Initialize device */
334 static int hci_usb_open(struct hci_dev *hdev)
335 {
336         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
337         int i, err;
338         unsigned long flags;
339
340         BT_DBG("%s", hdev->name);
341
342         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
343                 return 0;
344
345         write_lock_irqsave(&husb->completion_lock, flags);
346
347         err = hci_usb_intr_rx_submit(husb);
348         if (!err) {
349                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
350                         hci_usb_bulk_rx_submit(husb);
351
352 #ifdef CONFIG_BT_HCIUSB_SCO
353                 if (husb->isoc_iface)
354                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
355                                 hci_usb_isoc_rx_submit(husb);
356 #endif
357         } else {
358                 clear_bit(HCI_RUNNING, &hdev->flags);
359         }
360
361         write_unlock_irqrestore(&husb->completion_lock, flags);
362         return err;
363 }
364
365 /* Reset device */
366 static int hci_usb_flush(struct hci_dev *hdev)
367 {
368         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
369         int i;
370
371         BT_DBG("%s", hdev->name);
372
373         for (i = 0; i < 4; i++)
374                 skb_queue_purge(&husb->transmit_q[i]);
375         return 0;
376 }
377
378 static void hci_usb_unlink_urbs(struct hci_usb *husb)
379 {
380         int i;
381
382         BT_DBG("%s", husb->hdev->name);
383
384         for (i = 0; i < 4; i++) {
385                 struct _urb *_urb;
386                 struct urb *urb;
387
388                 /* Kill pending requests */
389                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
390                         urb = &_urb->urb;
391                         BT_DBG("%s unlinking _urb %p type %d urb %p", 
392                                         husb->hdev->name, _urb, _urb->type, urb);
393                         usb_kill_urb(urb);
394                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
395                 }
396
397                 /* Release completed requests */
398                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
399                         urb = &_urb->urb;
400                         BT_DBG("%s freeing _urb %p type %d urb %p",
401                                         husb->hdev->name, _urb, _urb->type, urb);
402                         kfree(urb->setup_packet);
403                         kfree(urb->transfer_buffer);
404                         _urb_free(_urb);
405                 }
406
407                 /* Release reassembly buffers */
408                 if (husb->reassembly[i]) {
409                         kfree_skb(husb->reassembly[i]);
410                         husb->reassembly[i] = NULL;
411                 }
412         }
413 }
414
415 /* Close device */
416 static int hci_usb_close(struct hci_dev *hdev)
417 {
418         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
419         unsigned long flags;
420
421         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
422                 return 0;
423
424         BT_DBG("%s", hdev->name);
425
426         /* Synchronize with completion handlers */
427         write_lock_irqsave(&husb->completion_lock, flags);
428         write_unlock_irqrestore(&husb->completion_lock, flags);
429
430         hci_usb_unlink_urbs(husb);
431         hci_usb_flush(hdev);
432         return 0;
433 }
434
435 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
436 {
437         struct urb *urb = &_urb->urb;
438         int err;
439
440         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
441
442         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
443         err = usb_submit_urb(urb, GFP_ATOMIC);
444         if (err) {
445                 BT_ERR("%s tx submit failed urb %p type %d err %d",
446                                 husb->hdev->name, urb, _urb->type, err);
447                 _urb_unlink(_urb);
448                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
449         } else
450                 atomic_inc(__pending_tx(husb, _urb->type));
451
452         return err;
453 }
454
455 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
456 {
457         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
458         struct usb_ctrlrequest *dr;
459         struct urb *urb;
460
461         if (!_urb) {
462                 _urb = _urb_alloc(0, GFP_ATOMIC);
463                 if (!_urb)
464                         return -ENOMEM;
465                 _urb->type = bt_cb(skb)->pkt_type;
466
467                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
468                 if (!dr) {
469                         _urb_free(_urb);
470                         return -ENOMEM;
471                 }
472         } else
473                 dr = (void *) _urb->urb.setup_packet;
474
475         dr->bRequestType = husb->ctrl_req;
476         dr->bRequest = 0;
477         dr->wIndex   = 0;
478         dr->wValue   = 0;
479         dr->wLength  = __cpu_to_le16(skb->len);
480
481         urb = &_urb->urb;
482         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
483                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
484
485         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
486         
487         _urb->priv = skb;
488         return __tx_submit(husb, _urb);
489 }
490
491 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
492 {
493         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
494         struct urb *urb;
495         int pipe;
496
497         if (!_urb) {
498                 _urb = _urb_alloc(0, GFP_ATOMIC);
499                 if (!_urb)
500                         return -ENOMEM;
501                 _urb->type = bt_cb(skb)->pkt_type;
502         }
503
504         urb  = &_urb->urb;
505         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
506         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len, 
507                         hci_usb_tx_complete, husb);
508         urb->transfer_flags = URB_ZERO_PACKET;
509
510         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
511
512         _urb->priv = skb;
513         return __tx_submit(husb, _urb);
514 }
515
516 #ifdef CONFIG_BT_HCIUSB_SCO
517 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
518 {
519         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
520         struct urb *urb;
521
522         if (!_urb) {
523                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
524                 if (!_urb)
525                         return -ENOMEM;
526                 _urb->type = bt_cb(skb)->pkt_type;
527         }
528
529         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
530
531         urb = &_urb->urb;
532
533         urb->context  = husb;
534         urb->dev      = husb->udev;
535         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
536         urb->complete = hci_usb_tx_complete;
537         urb->transfer_flags = URB_ISO_ASAP;
538
539         urb->interval = husb->isoc_out_ep->desc.bInterval;
540
541         urb->transfer_buffer = skb->data;
542         urb->transfer_buffer_length = skb->len;
543
544         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
545
546         _urb->priv = skb;
547         return __tx_submit(husb, _urb);
548 }
549 #endif
550
551 static void hci_usb_tx_process(struct hci_usb *husb)
552 {
553         struct sk_buff_head *q;
554         struct sk_buff *skb;
555
556         BT_DBG("%s", husb->hdev->name);
557
558         do {
559                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
560
561                 /* Process command queue */
562                 q = __transmit_q(husb, HCI_COMMAND_PKT);
563                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
564                                 (skb = skb_dequeue(q))) {
565                         if (hci_usb_send_ctrl(husb, skb) < 0)
566                                 skb_queue_head(q, skb);
567                 }
568
569 #ifdef CONFIG_BT_HCIUSB_SCO
570                 /* Process SCO queue */
571                 q = __transmit_q(husb, HCI_SCODATA_PKT);
572                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
573                                 (skb = skb_dequeue(q))) {
574                         if (hci_usb_send_isoc(husb, skb) < 0)
575                                 skb_queue_head(q, skb);
576                 }
577 #endif
578
579                 /* Process ACL queue */
580                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
581                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
582                                 (skb = skb_dequeue(q))) {
583                         if (hci_usb_send_bulk(husb, skb) < 0) {
584                                 skb_queue_head(q, skb);
585                                 break;
586                         }
587                 }
588         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
589 }
590
591 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
592 {
593         /* Serialize TX queue processing to avoid data reordering */
594         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
595                 hci_usb_tx_process(husb);
596                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
597         } else
598                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
599 }
600
601 /* Send frames from HCI layer */
602 static int hci_usb_send_frame(struct sk_buff *skb)
603 {
604         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
605         struct hci_usb *husb;
606
607         if (!hdev) {
608                 BT_ERR("frame for uknown device (hdev=NULL)");
609                 return -ENODEV;
610         }
611
612         if (!test_bit(HCI_RUNNING, &hdev->flags))
613                 return -EBUSY;
614
615         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
616
617         husb = (struct hci_usb *) hdev->driver_data;
618
619         switch (bt_cb(skb)->pkt_type) {
620         case HCI_COMMAND_PKT:
621                 hdev->stat.cmd_tx++;
622                 break;
623
624         case HCI_ACLDATA_PKT:
625                 hdev->stat.acl_tx++;
626                 break;
627
628 #ifdef CONFIG_BT_HCIUSB_SCO
629         case HCI_SCODATA_PKT:
630                 hdev->stat.sco_tx++;
631                 break;
632 #endif
633
634         default:
635                 kfree_skb(skb);
636                 return 0;
637         }
638
639         read_lock(&husb->completion_lock);
640
641         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
642         hci_usb_tx_wakeup(husb);
643
644         read_unlock(&husb->completion_lock);
645         return 0;
646 }
647
648 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
649 {
650         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
651
652         husb->hdev->stat.byte_rx += count;
653
654         while (count) {
655                 struct sk_buff *skb = __reassembly(husb, type);
656                 struct { int expect; } *scb;
657                 int len = 0;
658         
659                 if (!skb) {
660                         /* Start of the frame */
661
662                         switch (type) {
663                         case HCI_EVENT_PKT:
664                                 if (count >= HCI_EVENT_HDR_SIZE) {
665                                         struct hci_event_hdr *h = data;
666                                         len = HCI_EVENT_HDR_SIZE + h->plen;
667                                 } else
668                                         return -EILSEQ;
669                                 break;
670
671                         case HCI_ACLDATA_PKT:
672                                 if (count >= HCI_ACL_HDR_SIZE) {
673                                         struct hci_acl_hdr *h = data;
674                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
675                                 } else
676                                         return -EILSEQ;
677                                 break;
678 #ifdef CONFIG_BT_HCIUSB_SCO
679                         case HCI_SCODATA_PKT:
680                                 if (count >= HCI_SCO_HDR_SIZE) {
681                                         struct hci_sco_hdr *h = data;
682                                         len = HCI_SCO_HDR_SIZE + h->dlen;
683                                 } else
684                                         return -EILSEQ;
685                                 break;
686 #endif
687                         }
688                         BT_DBG("new packet len %d", len);
689
690                         skb = bt_skb_alloc(len, GFP_ATOMIC);
691                         if (!skb) {
692                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
693                                 return -ENOMEM;
694                         }
695                         skb->dev = (void *) husb->hdev;
696                         bt_cb(skb)->pkt_type = type;
697         
698                         __reassembly(husb, type) = skb;
699
700                         scb = (void *) skb->cb;
701                         scb->expect = len;
702                 } else {
703                         /* Continuation */
704                         scb = (void *) skb->cb;
705                         len = scb->expect;
706                 }
707
708                 len = min(len, count);
709                 
710                 memcpy(skb_put(skb, len), data, len);
711
712                 scb->expect -= len;
713                 if (!scb->expect) {
714                         /* Complete frame */
715                         __reassembly(husb, type) = NULL;
716                         bt_cb(skb)->pkt_type = type;
717                         hci_recv_frame(skb);
718                 }
719
720                 count -= len; data += len;
721         }
722         return 0;
723 }
724
725 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
726 {
727         struct _urb *_urb = container_of(urb, struct _urb, urb);
728         struct hci_usb *husb = (void *) urb->context;
729         struct hci_dev *hdev = husb->hdev;
730         int err, count = urb->actual_length;
731
732         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
733                         _urb->type, urb->status, count, urb->transfer_flags);
734
735         read_lock(&husb->completion_lock);
736
737         if (!test_bit(HCI_RUNNING, &hdev->flags))
738                 goto unlock;
739
740         if (urb->status || !count)
741                 goto resubmit;
742
743         if (_urb->type == HCI_SCODATA_PKT) {
744 #ifdef CONFIG_BT_HCIUSB_SCO
745                 int i;
746                 for (i=0; i < urb->number_of_packets; i++) {
747                         BT_DBG("desc %d status %d offset %d len %d", i,
748                                         urb->iso_frame_desc[i].status,
749                                         urb->iso_frame_desc[i].offset,
750                                         urb->iso_frame_desc[i].actual_length);
751         
752                         if (!urb->iso_frame_desc[i].status)
753                                 __recv_frame(husb, _urb->type, 
754                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
755                                         urb->iso_frame_desc[i].actual_length);
756                 }
757 #else
758                 ;
759 #endif
760         } else {
761                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
762                 if (err < 0) { 
763                         BT_ERR("%s corrupted packet: type %d count %d",
764                                         husb->hdev->name, _urb->type, count);
765                         hdev->stat.err_rx++;
766                 }
767         }
768
769 resubmit:
770         urb->dev = husb->udev;
771         err = usb_submit_urb(urb, GFP_ATOMIC);
772         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
773                         _urb->type, err);
774
775 unlock:
776         read_unlock(&husb->completion_lock);
777 }
778
779 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
780 {
781         struct _urb *_urb = container_of(urb, struct _urb, urb);
782         struct hci_usb *husb = (void *) urb->context;
783         struct hci_dev *hdev = husb->hdev;
784
785         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
786                         urb->status, urb->transfer_flags);
787
788         atomic_dec(__pending_tx(husb, _urb->type));
789
790         urb->transfer_buffer = NULL;
791         kfree_skb((struct sk_buff *) _urb->priv);
792
793         if (!test_bit(HCI_RUNNING, &hdev->flags))
794                 return;
795
796         if (!urb->status)
797                 hdev->stat.byte_tx += urb->transfer_buffer_length;
798         else
799                 hdev->stat.err_tx++;
800
801         read_lock(&husb->completion_lock);
802
803         _urb_unlink(_urb);
804         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
805
806         hci_usb_tx_wakeup(husb);
807
808         read_unlock(&husb->completion_lock);
809 }
810
811 static void hci_usb_destruct(struct hci_dev *hdev)
812 {
813         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
814
815         BT_DBG("%s", hdev->name);
816
817         kfree(husb);
818 }
819
820 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
821 {
822         BT_DBG("%s evt %d", hdev->name, evt);
823 }
824
825 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
826 {
827         struct usb_device *udev = interface_to_usbdev(intf);
828         struct usb_host_endpoint *bulk_out_ep = NULL;
829         struct usb_host_endpoint *bulk_in_ep = NULL;
830         struct usb_host_endpoint *intr_in_ep = NULL;
831         struct usb_host_endpoint  *ep;
832         struct usb_host_interface *uif;
833         struct usb_interface *isoc_iface;
834         struct hci_usb *husb;
835         struct hci_dev *hdev;
836         int i, e, size, isoc_ifnum, isoc_alts;
837
838         BT_DBG("udev %p intf %p", udev, intf);
839
840         if (!id->driver_info) {
841                 const struct usb_device_id *match;
842                 match = usb_match_id(intf, blacklist_ids);
843                 if (match)
844                         id = match;
845         }
846
847         if (ignore || id->driver_info & HCI_IGNORE)
848                 return -ENODEV;
849
850         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
851                 return -ENODEV;
852
853         if (ignore_csr && id->driver_info & HCI_CSR)
854                 return -ENODEV;
855
856         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
857                 return -ENODEV;
858
859         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
860                 return -ENODEV;
861
862         /* Find endpoints that we need */
863         uif = intf->cur_altsetting;
864         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
865                 ep = &uif->endpoint[e];
866
867                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
868                 case USB_ENDPOINT_XFER_INT:
869                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
870                                 intr_in_ep = ep;
871                         break;
872
873                 case USB_ENDPOINT_XFER_BULK:
874                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
875                                 bulk_in_ep  = ep;
876                         else
877                                 bulk_out_ep = ep;
878                         break;
879                 }
880         }
881
882         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
883                 BT_DBG("Bulk endpoints not found");
884                 goto done;
885         }
886
887         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
888                 BT_ERR("Can't allocate: control structure");
889                 goto done;
890         }
891
892         husb->udev = udev;
893         husb->bulk_out_ep = bulk_out_ep;
894         husb->bulk_in_ep  = bulk_in_ep;
895         husb->intr_in_ep  = intr_in_ep;
896
897         if (id->driver_info & HCI_DIGIANSWER)
898                 husb->ctrl_req = USB_TYPE_VENDOR;
899         else
900                 husb->ctrl_req = USB_TYPE_CLASS;
901
902         /* Find isochronous endpoints that we can use */
903         size = 0; 
904         isoc_iface = NULL;
905         isoc_alts  = 0;
906         isoc_ifnum = 1;
907
908 #ifdef CONFIG_BT_HCIUSB_SCO
909         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
910                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
911
912         if (isoc_iface) {
913                 int a;
914                 struct usb_host_endpoint *isoc_out_ep = NULL;
915                 struct usb_host_endpoint *isoc_in_ep = NULL;
916
917                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
918                         uif = &isoc_iface->altsetting[a];
919                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
920                                 ep = &uif->endpoint[e];
921
922                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
923                                 case USB_ENDPOINT_XFER_ISOC:
924                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
925                                                         uif->desc.bAlternateSetting != isoc)
926                                                 break;
927                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
928
929                                         isoc_alts = uif->desc.bAlternateSetting;
930
931                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
932                                                 isoc_in_ep  = ep;
933                                         else
934                                                 isoc_out_ep = ep;
935                                         break;
936                                 }
937                         }
938                 }
939
940                 if (!isoc_in_ep || !isoc_out_ep)
941                         BT_DBG("Isoc endpoints not found");
942                 else {
943                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
944                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
945                                 BT_ERR("Can't claim isoc interface");
946                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
947                                 BT_ERR("Can't set isoc interface settings");
948                                 husb->isoc_iface = isoc_iface;
949                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
950                                 husb->isoc_iface = NULL;
951                         } else {
952                                 husb->isoc_iface  = isoc_iface;
953                                 husb->isoc_in_ep  = isoc_in_ep;
954                                 husb->isoc_out_ep = isoc_out_ep;
955                         }
956                 }
957         }
958 #endif
959
960         rwlock_init(&husb->completion_lock);
961
962         for (i = 0; i < 4; i++) {
963                 skb_queue_head_init(&husb->transmit_q[i]);
964                 _urb_queue_init(&husb->pending_q[i]);
965                 _urb_queue_init(&husb->completed_q[i]);
966         }
967
968         /* Initialize and register HCI device */
969         hdev = hci_alloc_dev();
970         if (!hdev) {
971                 BT_ERR("Can't allocate HCI device");
972                 goto probe_error;
973         }
974
975         husb->hdev = hdev;
976
977         hdev->type = HCI_USB;
978         hdev->driver_data = husb;
979         SET_HCIDEV_DEV(hdev, &intf->dev);
980
981         hdev->open     = hci_usb_open;
982         hdev->close    = hci_usb_close;
983         hdev->flush    = hci_usb_flush;
984         hdev->send     = hci_usb_send_frame;
985         hdev->destruct = hci_usb_destruct;
986         hdev->notify   = hci_usb_notify;
987
988         hdev->owner = THIS_MODULE;
989
990         if (reset || id->driver_info & HCI_RESET)
991                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
992
993         if (id->driver_info & HCI_WRONG_SCO_MTU)
994                 set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
995
996         if (id->driver_info & HCI_SNIFFER) {
997                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
998                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
999         }
1000
1001         if (id->driver_info & HCI_BCM92035) {
1002                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1003                 struct sk_buff *skb;
1004
1005                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1006                 if (skb) {
1007                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1008                         skb_queue_tail(&hdev->driver_init, skb);
1009                 }
1010         }
1011
1012         if (hci_register_dev(hdev) < 0) {
1013                 BT_ERR("Can't register HCI device");
1014                 hci_free_dev(hdev);
1015                 goto probe_error;
1016         }
1017
1018         usb_set_intfdata(intf, husb);
1019         return 0;
1020
1021 probe_error:
1022         if (husb->isoc_iface)
1023                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1024         kfree(husb);
1025
1026 done:
1027         return -EIO;
1028 }
1029
1030 static void hci_usb_disconnect(struct usb_interface *intf)
1031 {
1032         struct hci_usb *husb = usb_get_intfdata(intf);
1033         struct hci_dev *hdev;
1034
1035         if (!husb || intf == husb->isoc_iface)
1036                 return;
1037
1038         usb_set_intfdata(intf, NULL);
1039         hdev = husb->hdev;
1040
1041         BT_DBG("%s", hdev->name);
1042
1043         hci_usb_close(hdev);
1044
1045         if (husb->isoc_iface)
1046                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1047
1048         if (hci_unregister_dev(hdev) < 0)
1049                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1050
1051         hci_free_dev(hdev);
1052 }
1053
1054 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1055 {
1056         struct hci_usb *husb = usb_get_intfdata(intf);
1057         struct list_head killed;
1058         unsigned long flags;
1059         int i;
1060
1061         if (!husb || intf == husb->isoc_iface)
1062                 return 0;
1063
1064         hci_suspend_dev(husb->hdev);
1065
1066         INIT_LIST_HEAD(&killed);
1067
1068         for (i = 0; i < 4; i++) {
1069                 struct _urb_queue *q = &husb->pending_q[i];
1070                 struct _urb *_urb, *_tmp;
1071
1072                 while ((_urb = _urb_dequeue(q))) {
1073                         /* reset queue since _urb_dequeue sets it to NULL */
1074                         _urb->queue = q;
1075                         usb_kill_urb(&_urb->urb);
1076                         list_add(&_urb->list, &killed);
1077                 }
1078
1079                 spin_lock_irqsave(&q->lock, flags);
1080
1081                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1082                         list_move_tail(&_urb->list, &q->head);
1083                 }
1084
1085                 spin_unlock_irqrestore(&q->lock, flags);
1086         }
1087
1088         return 0;
1089 }
1090
1091 static int hci_usb_resume(struct usb_interface *intf)
1092 {
1093         struct hci_usb *husb = usb_get_intfdata(intf);
1094         unsigned long flags;
1095         int i, err = 0;
1096
1097         if (!husb || intf == husb->isoc_iface)
1098                 return 0;
1099         
1100         for (i = 0; i < 4; i++) {
1101                 struct _urb_queue *q = &husb->pending_q[i];
1102                 struct _urb *_urb;
1103
1104                 spin_lock_irqsave(&q->lock, flags);
1105
1106                 list_for_each_entry(_urb, &q->head, list) {
1107                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1108                         if (err)
1109                                 break;
1110                 }
1111
1112                 spin_unlock_irqrestore(&q->lock, flags);
1113
1114                 if (err)
1115                         return -EIO;
1116         }
1117
1118         hci_resume_dev(husb->hdev);
1119
1120         return 0;
1121 }
1122
1123 static struct usb_driver hci_usb_driver = {
1124         .name           = "hci_usb",
1125         .probe          = hci_usb_probe,
1126         .disconnect     = hci_usb_disconnect,
1127         .suspend        = hci_usb_suspend,
1128         .resume         = hci_usb_resume,
1129         .id_table       = bluetooth_ids,
1130 };
1131
1132 static int __init hci_usb_init(void)
1133 {
1134         int err;
1135
1136         BT_INFO("HCI USB driver ver %s", VERSION);
1137
1138         if ((err = usb_register(&hci_usb_driver)) < 0)
1139                 BT_ERR("Failed to register HCI USB driver");
1140
1141         return err;
1142 }
1143
1144 static void __exit hci_usb_exit(void)
1145 {
1146         usb_deregister(&hci_usb_driver);
1147 }
1148
1149 module_init(hci_usb_init);
1150 module_exit(hci_usb_exit);
1151
1152 module_param(ignore, bool, 0644);
1153 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1154
1155 module_param(ignore_dga, bool, 0644);
1156 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1157
1158 module_param(ignore_csr, bool, 0644);
1159 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1160
1161 module_param(ignore_sniffer, bool, 0644);
1162 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1163
1164 module_param(reset, bool, 0644);
1165 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1166
1167 #ifdef CONFIG_BT_HCIUSB_SCO
1168 module_param(isoc, int, 0644);
1169 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1170 #endif
1171
1172 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1173 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1174 MODULE_VERSION(VERSION);
1175 MODULE_LICENSE("GPL");