drivers/bluetooth/hci_usb.c

   1 /*
   2    HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   5
   6    Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License version 2 as
  10    published by the Free Software Foundation;
  11
  12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  20
  21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  23    SOFTWARE IS DISCLAIMED.
  24 */
  25
  26 /*
  27  * Bluetooth HCI USB driver.
  28  * Based on original USB Bluetooth driver for Linux kernel
  29  *    Copyright (c) 2000 Greg Kroah-Hartman        <greg@kroah.com>
  30  *    Copyright (c) 2000 Mark Douglas Corner       <mcorner@umich.edu>
  31  *
  32  */
  33
  34 #include <linux/module.h>
  35
  36 #include <linux/kernel.h>
  37 #include <linux/init.h>
  38 #include <linux/sched.h>
  39 #include <linux/unistd.h>
  40 #include <linux/types.h>
  41 #include <linux/interrupt.h>
  42 #include <linux/moduleparam.h>
  43
  44 #include <linux/slab.h>
  45 #include <linux/errno.h>
  46 #include <linux/string.h>
  47 #include <linux/skbuff.h>
  48
  49 #include <linux/usb.h>
  50
  51 #include <net/bluetooth/bluetooth.h>
  52 #include <net/bluetooth/hci_core.h>
  53
  54 #include "hci_usb.h"
  55
  56 #ifndef CONFIG_BT_HCIUSB_DEBUG
  57 #undef  BT_DBG
  58 #define BT_DBG(D...)
  59 #endif
  60
  61 #ifndef CONFIG_BT_HCIUSB_ZERO_PACKET
  62 #undef  URB_ZERO_PACKET
  63 #define URB_ZERO_PACKET 0
  64 #endif
  65
  66 static int ignore = 0;
  67 static int ignore_dga = 0;
  68 static int ignore_csr = 0;
  69 static int ignore_sniffer = 0;
  70 static int disable_scofix = 0;
  71 static int force_scofix = 0;
  72 static int reset = 0;
  73
  74 #ifdef CONFIG_BT_HCIUSB_SCO
  75 static int isoc = 2;
  76 #endif
  77
  78 #define VERSION "2.9"
  79
  80 static struct usb_driver hci_usb_driver;
  81
  82 static struct usb_device_id bluetooth_ids[] = {
  83         /* Generic Bluetooth USB device */
  84         { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
  85
  86         /* AVM BlueFRITZ! USB v2.0 */
  87         { USB_DEVICE(0x057c, 0x3800) },
  88
  89         /* Bluetooth Ultraport Module from IBM */
  90         { USB_DEVICE(0x04bf, 0x030a) },
  91
  92         /* ALPS Modules with non-standard id */
  93         { USB_DEVICE(0x044e, 0x3001) },
  94         { USB_DEVICE(0x044e, 0x3002) },
  95
  96         /* Ericsson with non-standard id */
  97         { USB_DEVICE(0x0bdb, 0x1002) },
  98
  99         { }     /* Terminating entry */
 100 };
 101
 102 MODULE_DEVICE_TABLE (usb, bluetooth_ids);
 103
 104 static struct usb_device_id blacklist_ids[] = {
 105         /* CSR BlueCore devices */
 106         { USB_DEVICE(0x0a12, 0x0001), .driver_info = HCI_CSR },
 107
 108         /* Broadcom BCM2033 without firmware */
 109         { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE },
 110
 111         /* Broadcom BCM2035 */
 112         { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_BROKEN_ISOC },
 113         { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 },
 114
 115         /* IBM/Lenovo ThinkPad with Broadcom chip */
 116         { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
 117
 118         /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
 119         { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
 120
 121         /* Kensington Bluetooth USB adapter */
 122         { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET },
 123
 124         /* ISSC Bluetooth Adapter v3.1 */
 125         { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET },
 126
 127         /* RTX Telecom based adapter with buggy SCO support */
 128         { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC },
 129
 130         /* Belkin F8T012 */
 131         { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU },
 132
 133         /* Digianswer devices */
 134         { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER },
 135         { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE },
 136
 137         /* CSR BlueCore Bluetooth Sniffer */
 138         { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER },
 139
 140         /* Frontline ComProbe Bluetooth Sniffer */
 141         { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER },
 142
 143         { }     /* Terminating entry */
 144 };
 145
 146 static struct _urb *_urb_alloc(int isoc, gfp_t gfp)
 147 {
 148         struct _urb *_urb = kmalloc(sizeof(struct _urb) +
 149                                 sizeof(struct usb_iso_packet_descriptor) * isoc, gfp);
 150         if (_urb) {
 151                 memset(_urb, 0, sizeof(*_urb));
 152                 usb_init_urb(&_urb->urb);
 153         }
 154         return _urb;
 155 }
 156
 157 static struct _urb *_urb_dequeue(struct _urb_queue *q)
 158 {
 159         struct _urb *_urb = NULL;
 160         unsigned long flags;
 161         spin_lock_irqsave(&q->lock, flags);
 162         {
 163                 struct list_head *head = &q->head;
 164                 struct list_head *next = head->next;
 165                 if (next != head) {
 166                         _urb = list_entry(next, struct _urb, list);
 167                         list_del(next); _urb->queue = NULL;
 168                 }
 169         }
 170         spin_unlock_irqrestore(&q->lock, flags);
 171         return _urb;
 172 }
 173
 174 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs);
 175 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs);
 176
 177 #define __pending_tx(husb, type)  (&husb->pending_tx[type-1])
 178 #define __pending_q(husb, type)   (&husb->pending_q[type-1])
 179 #define __completed_q(husb, type) (&husb->completed_q[type-1])
 180 #define __transmit_q(husb, type)  (&husb->transmit_q[type-1])
 181 #define __reassembly(husb, type)  (husb->reassembly[type-1])
 182
 183 static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
 184 {
 185         return _urb_dequeue(__completed_q(husb, type));
 186 }
 187
 188 #ifdef CONFIG_BT_HCIUSB_SCO
 189 static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
 190 {
 191         int offset = 0, i;
 192
 193         BT_DBG("len %d mtu %d", len, mtu);
 194
 195         for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
 196                 urb->iso_frame_desc[i].offset = offset;
 197                 urb->iso_frame_desc[i].length = mtu;
 198                 BT_DBG("desc %d offset %d len %d", i, offset, mtu);
 199         }
 200         if (len && i < HCI_MAX_ISOC_FRAMES) {
 201                 urb->iso_frame_desc[i].offset = offset;
 202                 urb->iso_frame_desc[i].length = len;
 203                 BT_DBG("desc %d offset %d len %d", i, offset, len);
 204                 i++;
 205         }
 206         urb->number_of_packets = i;
 207 }
 208 #endif
 209
 210 static int hci_usb_intr_rx_submit(struct hci_usb *husb)
 211 {
 212         struct _urb *_urb;
 213         struct urb *urb;
 214         int err, pipe, interval, size;
 215         void *buf;
 216
 217         BT_DBG("%s", husb->hdev->name);
 218
 219         size = le16_to_cpu(husb->intr_in_ep->desc.wMaxPacketSize);
 220
 221         buf = kmalloc(size, GFP_ATOMIC);
 222         if (!buf)
 223                 return -ENOMEM;
 224
 225         _urb = _urb_alloc(0, GFP_ATOMIC);
 226         if (!_urb) {
 227                 kfree(buf);
 228                 return -ENOMEM;
 229         }
 230         _urb->type = HCI_EVENT_PKT;
 231         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 232
 233         urb = &_urb->urb;
 234         pipe     = usb_rcvintpipe(husb->udev, husb->intr_in_ep->desc.bEndpointAddress);
 235         interval = husb->intr_in_ep->desc.bInterval;
 236         usb_fill_int_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
 237
 238         err = usb_submit_urb(urb, GFP_ATOMIC);
 239         if (err) {
 240                 BT_ERR("%s intr rx submit failed urb %p err %d",
 241                                 husb->hdev->name, urb, err);
 242                 _urb_unlink(_urb);
 243                 _urb_free(_urb);
 244                 kfree(buf);
 245         }
 246         return err;
 247 }
 248
 249 static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
 250 {
 251         struct _urb *_urb;
 252         struct urb *urb;
 253         int err, pipe, size = HCI_MAX_FRAME_SIZE;
 254         void *buf;
 255
 256         buf = kmalloc(size, GFP_ATOMIC);
 257         if (!buf)
 258                 return -ENOMEM;
 259
 260         _urb = _urb_alloc(0, GFP_ATOMIC);
 261         if (!_urb) {
 262                 kfree(buf);
 263                 return -ENOMEM;
 264         }
 265         _urb->type = HCI_ACLDATA_PKT;
 266         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 267
 268         urb  = &_urb->urb;
 269         pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->desc.bEndpointAddress);
 270         usb_fill_bulk_urb(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
 271         urb->transfer_flags = 0;
 272
 273         BT_DBG("%s urb %p", husb->hdev->name, urb);
 274
 275         err = usb_submit_urb(urb, GFP_ATOMIC);
 276         if (err) {
 277                 BT_ERR("%s bulk rx submit failed urb %p err %d",
 278                                 husb->hdev->name, urb, err);
 279                 _urb_unlink(_urb);
 280                 _urb_free(_urb);
 281                 kfree(buf);
 282         }
 283         return err;
 284 }
 285
 286 #ifdef CONFIG_BT_HCIUSB_SCO
 287 static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
 288 {
 289         struct _urb *_urb;
 290         struct urb *urb;
 291         int err, mtu, size;
 292         void *buf;
 293
 294         mtu  = le16_to_cpu(husb->isoc_in_ep->desc.wMaxPacketSize);
 295         size = mtu * HCI_MAX_ISOC_FRAMES;
 296
 297         buf = kmalloc(size, GFP_ATOMIC);
 298         if (!buf)
 299                 return -ENOMEM;
 300
 301         _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 302         if (!_urb) {
 303                 kfree(buf);
 304                 return -ENOMEM;
 305         }
 306         _urb->type = HCI_SCODATA_PKT;
 307         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 308
 309         urb = &_urb->urb;
 310
 311         urb->context  = husb;
 312         urb->dev      = husb->udev;
 313         urb->pipe     = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->desc.bEndpointAddress);
 314         urb->complete = hci_usb_rx_complete;
 315
 316         urb->interval = husb->isoc_in_ep->desc.bInterval;
 317
 318         urb->transfer_buffer_length = size;
 319         urb->transfer_buffer = buf;
 320         urb->transfer_flags  = URB_ISO_ASAP;
 321
 322         __fill_isoc_desc(urb, size, mtu);
 323
 324         BT_DBG("%s urb %p", husb->hdev->name, urb);
 325
 326         err = usb_submit_urb(urb, GFP_ATOMIC);
 327         if (err) {
 328                 BT_ERR("%s isoc rx submit failed urb %p err %d",
 329                                 husb->hdev->name, urb, err);
 330                 _urb_unlink(_urb);
 331                 _urb_free(_urb);
 332                 kfree(buf);
 333         }
 334         return err;
 335 }
 336 #endif
 337
 338 /* Initialize device */
 339 static int hci_usb_open(struct hci_dev *hdev)
 340 {
 341         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 342         int i, err;
 343         unsigned long flags;
 344
 345         BT_DBG("%s", hdev->name);
 346
 347         if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
 348                 return 0;
 349
 350         write_lock_irqsave(&husb->completion_lock, flags);
 351
 352         err = hci_usb_intr_rx_submit(husb);
 353         if (!err) {
 354                 for (i = 0; i < HCI_MAX_BULK_RX; i++)
 355                         hci_usb_bulk_rx_submit(husb);
 356
 357 #ifdef CONFIG_BT_HCIUSB_SCO
 358                 if (husb->isoc_iface)
 359                         for (i = 0; i < HCI_MAX_ISOC_RX; i++)
 360                                 hci_usb_isoc_rx_submit(husb);
 361 #endif
 362         } else {
 363                 clear_bit(HCI_RUNNING, &hdev->flags);
 364         }
 365
 366         write_unlock_irqrestore(&husb->completion_lock, flags);
 367         return err;
 368 }
 369
 370 /* Reset device */
 371 static int hci_usb_flush(struct hci_dev *hdev)
 372 {
 373         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 374         int i;
 375
 376         BT_DBG("%s", hdev->name);
 377
 378         for (i = 0; i < 4; i++)
 379                 skb_queue_purge(&husb->transmit_q[i]);
 380         return 0;
 381 }
 382
 383 static void hci_usb_unlink_urbs(struct hci_usb *husb)
 384 {
 385         int i;
 386
 387         BT_DBG("%s", husb->hdev->name);
 388
 389         for (i = 0; i < 4; i++) {
 390                 struct _urb *_urb;
 391                 struct urb *urb;
 392
 393                 /* Kill pending requests */
 394                 while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
 395                         urb = &_urb->urb;
 396                         BT_DBG("%s unlinking _urb %p type %d urb %p",
 397                                         husb->hdev->name, _urb, _urb->type, urb);
 398                         usb_kill_urb(urb);
 399                         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 400                 }
 401
 402                 /* Release completed requests */
 403                 while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
 404                         urb = &_urb->urb;
 405                         BT_DBG("%s freeing _urb %p type %d urb %p",
 406                                         husb->hdev->name, _urb, _urb->type, urb);
 407                         kfree(urb->setup_packet);
 408                         kfree(urb->transfer_buffer);
 409                         _urb_free(_urb);
 410                 }
 411
 412                 /* Release reassembly buffers */
 413                 if (husb->reassembly[i]) {
 414                         kfree_skb(husb->reassembly[i]);
 415                         husb->reassembly[i] = NULL;
 416                 }
 417         }
 418 }
 419
 420 /* Close device */
 421 static int hci_usb_close(struct hci_dev *hdev)
 422 {
 423         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 424         unsigned long flags;
 425
 426         if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
 427                 return 0;
 428
 429         BT_DBG("%s", hdev->name);
 430
 431         /* Synchronize with completion handlers */
 432         write_lock_irqsave(&husb->completion_lock, flags);
 433         write_unlock_irqrestore(&husb->completion_lock, flags);
 434
 435         hci_usb_unlink_urbs(husb);
 436         hci_usb_flush(hdev);
 437         return 0;
 438 }
 439
 440 static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
 441 {
 442         struct urb *urb = &_urb->urb;
 443         int err;
 444
 445         BT_DBG("%s urb %p type %d", husb->hdev->name, urb, _urb->type);
 446
 447         _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
 448         err = usb_submit_urb(urb, GFP_ATOMIC);
 449         if (err) {
 450                 BT_ERR("%s tx submit failed urb %p type %d err %d",
 451                                 husb->hdev->name, urb, _urb->type, err);
 452                 _urb_unlink(_urb);
 453                 _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 454         } else
 455                 atomic_inc(__pending_tx(husb, _urb->type));
 456
 457         return err;
 458 }
 459
 460 static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
 461 {
 462         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 463         struct usb_ctrlrequest *dr;
 464         struct urb *urb;
 465
 466         if (!_urb) {
 467                 _urb = _urb_alloc(0, GFP_ATOMIC);
 468                 if (!_urb)
 469                         return -ENOMEM;
 470                 _urb->type = bt_cb(skb)->pkt_type;
 471
 472                 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
 473                 if (!dr) {
 474                         _urb_free(_urb);
 475                         return -ENOMEM;
 476                 }
 477         } else
 478                 dr = (void *) _urb->urb.setup_packet;
 479
 480         dr->bRequestType = husb->ctrl_req;
 481         dr->bRequest = 0;
 482         dr->wIndex   = 0;
 483         dr->wValue   = 0;
 484         dr->wLength  = __cpu_to_le16(skb->len);
 485
 486         urb = &_urb->urb;
 487         usb_fill_control_urb(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
 488                 (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
 489
 490         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 491
 492         _urb->priv = skb;
 493         return __tx_submit(husb, _urb);
 494 }
 495
 496 static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
 497 {
 498         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 499         struct urb *urb;
 500         int pipe;
 501
 502         if (!_urb) {
 503                 _urb = _urb_alloc(0, GFP_ATOMIC);
 504                 if (!_urb)
 505                         return -ENOMEM;
 506                 _urb->type = bt_cb(skb)->pkt_type;
 507         }
 508
 509         urb  = &_urb->urb;
 510         pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->desc.bEndpointAddress);
 511         usb_fill_bulk_urb(urb, husb->udev, pipe, skb->data, skb->len,
 512                         hci_usb_tx_complete, husb);
 513         urb->transfer_flags = URB_ZERO_PACKET;
 514
 515         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 516
 517         _urb->priv = skb;
 518         return __tx_submit(husb, _urb);
 519 }
 520
 521 #ifdef CONFIG_BT_HCIUSB_SCO
 522 static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
 523 {
 524         struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
 525         struct urb *urb;
 526
 527         if (!_urb) {
 528                 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
 529                 if (!_urb)
 530                         return -ENOMEM;
 531                 _urb->type = bt_cb(skb)->pkt_type;
 532         }
 533
 534         BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
 535
 536         urb = &_urb->urb;
 537
 538         urb->context  = husb;
 539         urb->dev      = husb->udev;
 540         urb->pipe     = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->desc.bEndpointAddress);
 541         urb->complete = hci_usb_tx_complete;
 542         urb->transfer_flags = URB_ISO_ASAP;
 543
 544         urb->interval = husb->isoc_out_ep->desc.bInterval;
 545
 546         urb->transfer_buffer = skb->data;
 547         urb->transfer_buffer_length = skb->len;
 548
 549         __fill_isoc_desc(urb, skb->len, le16_to_cpu(husb->isoc_out_ep->desc.wMaxPacketSize));
 550
 551         _urb->priv = skb;
 552         return __tx_submit(husb, _urb);
 553 }
 554 #endif
 555
 556 static void hci_usb_tx_process(struct hci_usb *husb)
 557 {
 558         struct sk_buff_head *q;
 559         struct sk_buff *skb;
 560
 561         BT_DBG("%s", husb->hdev->name);
 562
 563         do {
 564                 clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
 565
 566                 /* Process command queue */
 567                 q = __transmit_q(husb, HCI_COMMAND_PKT);
 568                 if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
 569                                 (skb = skb_dequeue(q))) {
 570                         if (hci_usb_send_ctrl(husb, skb) < 0)
 571                                 skb_queue_head(q, skb);
 572                 }
 573
 574 #ifdef CONFIG_BT_HCIUSB_SCO
 575                 /* Process SCO queue */
 576                 q = __transmit_q(husb, HCI_SCODATA_PKT);
 577                 if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
 578                                 (skb = skb_dequeue(q))) {
 579                         if (hci_usb_send_isoc(husb, skb) < 0)
 580                                 skb_queue_head(q, skb);
 581                 }
 582 #endif
 583
 584                 /* Process ACL queue */
 585                 q = __transmit_q(husb, HCI_ACLDATA_PKT);
 586                 while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
 587                                 (skb = skb_dequeue(q))) {
 588                         if (hci_usb_send_bulk(husb, skb) < 0) {
 589                                 skb_queue_head(q, skb);
 590                                 break;
 591                         }
 592                 }
 593         } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
 594 }
 595
 596 static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
 597 {
 598         /* Serialize TX queue processing to avoid data reordering */
 599         if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
 600                 hci_usb_tx_process(husb);
 601                 clear_bit(HCI_USB_TX_PROCESS, &husb->state);
 602         } else
 603                 set_bit(HCI_USB_TX_WAKEUP, &husb->state);
 604 }
 605
 606 /* Send frames from HCI layer */
 607 static int hci_usb_send_frame(struct sk_buff *skb)
 608 {
 609         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
 610         struct hci_usb *husb;
 611
 612         if (!hdev) {
 613                 BT_ERR("frame for uknown device (hdev=NULL)");
 614                 return -ENODEV;
 615         }
 616
 617         if (!test_bit(HCI_RUNNING, &hdev->flags))
 618                 return -EBUSY;
 619
 620         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
 621
 622         husb = (struct hci_usb *) hdev->driver_data;
 623
 624         switch (bt_cb(skb)->pkt_type) {
 625         case HCI_COMMAND_PKT:
 626                 hdev->stat.cmd_tx++;
 627                 break;
 628
 629         case HCI_ACLDATA_PKT:
 630                 hdev->stat.acl_tx++;
 631                 break;
 632
 633 #ifdef CONFIG_BT_HCIUSB_SCO
 634         case HCI_SCODATA_PKT:
 635                 hdev->stat.sco_tx++;
 636                 break;
 637 #endif
 638
 639         default:
 640                 kfree_skb(skb);
 641                 return 0;
 642         }
 643
 644         read_lock(&husb->completion_lock);
 645
 646         skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
 647         hci_usb_tx_wakeup(husb);
 648
 649         read_unlock(&husb->completion_lock);
 650         return 0;
 651 }
 652
 653 static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
 654 {
 655         BT_DBG("%s type %d data %p count %d", husb->hdev->name, type, data, count);
 656
 657         husb->hdev->stat.byte_rx += count;
 658
 659         while (count) {
 660                 struct sk_buff *skb = __reassembly(husb, type);
 661                 struct { int expect; } *scb;
 662                 int len = 0;
 663
 664                 if (!skb) {
 665                         /* Start of the frame */
 666
 667                         switch (type) {
 668                         case HCI_EVENT_PKT:
 669                                 if (count >= HCI_EVENT_HDR_SIZE) {
 670                                         struct hci_event_hdr *h = data;
 671                                         len = HCI_EVENT_HDR_SIZE + h->plen;
 672                                 } else
 673                                         return -EILSEQ;
 674                                 break;
 675
 676                         case HCI_ACLDATA_PKT:
 677                                 if (count >= HCI_ACL_HDR_SIZE) {
 678                                         struct hci_acl_hdr *h = data;
 679                                         len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
 680                                 } else
 681                                         return -EILSEQ;
 682                                 break;
 683 #ifdef CONFIG_BT_HCIUSB_SCO
 684                         case HCI_SCODATA_PKT:
 685                                 if (count >= HCI_SCO_HDR_SIZE) {
 686                                         struct hci_sco_hdr *h = data;
 687                                         len = HCI_SCO_HDR_SIZE + h->dlen;
 688                                 } else
 689                                         return -EILSEQ;
 690                                 break;
 691 #endif
 692                         }
 693                         BT_DBG("new packet len %d", len);
 694
 695                         skb = bt_skb_alloc(len, GFP_ATOMIC);
 696                         if (!skb) {
 697                                 BT_ERR("%s no memory for the packet", husb->hdev->name);
 698                                 return -ENOMEM;
 699                         }
 700                         skb->dev = (void *) husb->hdev;
 701                         bt_cb(skb)->pkt_type = type;
 702
 703                         __reassembly(husb, type) = skb;
 704
 705                         scb = (void *) skb->cb;
 706                         scb->expect = len;
 707                 } else {
 708                         /* Continuation */
 709                         scb = (void *) skb->cb;
 710                         len = scb->expect;
 711                 }
 712
 713                 len = min(len, count);
 714
 715                 memcpy(skb_put(skb, len), data, len);
 716
 717                 scb->expect -= len;
 718                 if (!scb->expect) {
 719                         /* Complete frame */
 720                         __reassembly(husb, type) = NULL;
 721                         bt_cb(skb)->pkt_type = type;
 722                         hci_recv_frame(skb);
 723                 }
 724
 725                 count -= len; data += len;
 726         }
 727         return 0;
 728 }
 729
 730 static void hci_usb_rx_complete(struct urb *urb, struct pt_regs *regs)
 731 {
 732         struct _urb *_urb = container_of(urb, struct _urb, urb);
 733         struct hci_usb *husb = (void *) urb->context;
 734         struct hci_dev *hdev = husb->hdev;
 735         int err, count = urb->actual_length;
 736
 737         BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
 738                         _urb->type, urb->status, count, urb->transfer_flags);
 739
 740         read_lock(&husb->completion_lock);
 741
 742         if (!test_bit(HCI_RUNNING, &hdev->flags))
 743                 goto unlock;
 744
 745         if (urb->status || !count)
 746                 goto resubmit;
 747
 748         if (_urb->type == HCI_SCODATA_PKT) {
 749 #ifdef CONFIG_BT_HCIUSB_SCO
 750                 int i;
 751                 for (i=0; i < urb->number_of_packets; i++) {
 752                         BT_DBG("desc %d status %d offset %d len %d", i,
 753                                         urb->iso_frame_desc[i].status,
 754                                         urb->iso_frame_desc[i].offset,
 755                                         urb->iso_frame_desc[i].actual_length);
 756
 757                         if (!urb->iso_frame_desc[i].status)
 758                                 __recv_frame(husb, _urb->type,
 759                                         urb->transfer_buffer + urb->iso_frame_desc[i].offset,
 760                                         urb->iso_frame_desc[i].actual_length);
 761                 }
 762 #else
 763                 ;
 764 #endif
 765         } else {
 766                 err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
 767                 if (err < 0) {
 768                         BT_ERR("%s corrupted packet: type %d count %d",
 769                                         husb->hdev->name, _urb->type, count);
 770                         hdev->stat.err_rx++;
 771                 }
 772         }
 773
 774 resubmit:
 775         urb->dev = husb->udev;
 776         err = usb_submit_urb(urb, GFP_ATOMIC);
 777         BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
 778                         _urb->type, err);
 779
 780 unlock:
 781         read_unlock(&husb->completion_lock);
 782 }
 783
 784 static void hci_usb_tx_complete(struct urb *urb, struct pt_regs *regs)
 785 {
 786         struct _urb *_urb = container_of(urb, struct _urb, urb);
 787         struct hci_usb *husb = (void *) urb->context;
 788         struct hci_dev *hdev = husb->hdev;
 789
 790         BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
 791                         urb->status, urb->transfer_flags);
 792
 793         atomic_dec(__pending_tx(husb, _urb->type));
 794
 795         urb->transfer_buffer = NULL;
 796         kfree_skb((struct sk_buff *) _urb->priv);
 797
 798         if (!test_bit(HCI_RUNNING, &hdev->flags))
 799                 return;
 800
 801         if (!urb->status)
 802                 hdev->stat.byte_tx += urb->transfer_buffer_length;
 803         else
 804                 hdev->stat.err_tx++;
 805
 806         read_lock(&husb->completion_lock);
 807
 808         _urb_unlink(_urb);
 809         _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
 810
 811         hci_usb_tx_wakeup(husb);
 812
 813         read_unlock(&husb->completion_lock);
 814 }
 815
 816 static void hci_usb_destruct(struct hci_dev *hdev)
 817 {
 818         struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
 819
 820         BT_DBG("%s", hdev->name);
 821
 822         kfree(husb);
 823 }
 824
 825 static void hci_usb_notify(struct hci_dev *hdev, unsigned int evt)
 826 {
 827         BT_DBG("%s evt %d", hdev->name, evt);
 828 }
 829
 830 static int hci_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
 831 {
 832         struct usb_device *udev = interface_to_usbdev(intf);
 833         struct usb_host_endpoint *bulk_out_ep = NULL;
 834         struct usb_host_endpoint *bulk_in_ep = NULL;
 835         struct usb_host_endpoint *intr_in_ep = NULL;
 836         struct usb_host_endpoint  *ep;
 837         struct usb_host_interface *uif;
 838         struct usb_interface *isoc_iface;
 839         struct hci_usb *husb;
 840         struct hci_dev *hdev;
 841         int i, e, size, isoc_ifnum, isoc_alts;
 842
 843         BT_DBG("udev %p intf %p", udev, intf);
 844
 845         if (!id->driver_info) {
 846                 const struct usb_device_id *match;
 847                 match = usb_match_id(intf, blacklist_ids);
 848                 if (match)
 849                         id = match;
 850         }
 851
 852         if (ignore || id->driver_info & HCI_IGNORE)
 853                 return -ENODEV;
 854
 855         if (ignore_dga && id->driver_info & HCI_DIGIANSWER)
 856                 return -ENODEV;
 857
 858         if (ignore_csr && id->driver_info & HCI_CSR)
 859                 return -ENODEV;
 860
 861         if (ignore_sniffer && id->driver_info & HCI_SNIFFER)
 862                 return -ENODEV;
 863
 864         if (intf->cur_altsetting->desc.bInterfaceNumber > 0)
 865                 return -ENODEV;
 866
 867         /* Find endpoints that we need */
 868         uif = intf->cur_altsetting;
 869         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 870                 ep = &uif->endpoint[e];
 871
 872                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 873                 case USB_ENDPOINT_XFER_INT:
 874                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 875                                 intr_in_ep = ep;
 876                         break;
 877
 878                 case USB_ENDPOINT_XFER_BULK:
 879                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 880                                 bulk_in_ep  = ep;
 881                         else
 882                                 bulk_out_ep = ep;
 883                         break;
 884                 }
 885         }
 886
 887         if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
 888                 BT_DBG("Bulk endpoints not found");
 889                 goto done;
 890         }
 891
 892         if (!(husb = kzalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
 893                 BT_ERR("Can't allocate: control structure");
 894                 goto done;
 895         }
 896
 897         husb->udev = udev;
 898         husb->bulk_out_ep = bulk_out_ep;
 899         husb->bulk_in_ep  = bulk_in_ep;
 900         husb->intr_in_ep  = intr_in_ep;
 901
 902         if (id->driver_info & HCI_DIGIANSWER)
 903                 husb->ctrl_req = USB_TYPE_VENDOR;
 904         else
 905                 husb->ctrl_req = USB_TYPE_CLASS;
 906
 907         /* Find isochronous endpoints that we can use */
 908         size = 0;
 909         isoc_iface = NULL;
 910         isoc_alts  = 0;
 911         isoc_ifnum = 1;
 912
 913 #ifdef CONFIG_BT_HCIUSB_SCO
 914         if (isoc && !(id->driver_info & (HCI_BROKEN_ISOC | HCI_SNIFFER)))
 915                 isoc_iface = usb_ifnum_to_if(udev, isoc_ifnum);
 916
 917         if (isoc_iface) {
 918                 int a;
 919                 struct usb_host_endpoint *isoc_out_ep = NULL;
 920                 struct usb_host_endpoint *isoc_in_ep = NULL;
 921
 922                 for (a = 0; a < isoc_iface->num_altsetting; a++) {
 923                         uif = &isoc_iface->altsetting[a];
 924                         for (e = 0; e < uif->desc.bNumEndpoints; e++) {
 925                                 ep = &uif->endpoint[e];
 926
 927                                 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
 928                                 case USB_ENDPOINT_XFER_ISOC:
 929                                         if (le16_to_cpu(ep->desc.wMaxPacketSize) < size ||
 930                                                         uif->desc.bAlternateSetting != isoc)
 931                                                 break;
 932                                         size = le16_to_cpu(ep->desc.wMaxPacketSize);
 933
 934                                         isoc_alts = uif->desc.bAlternateSetting;
 935
 936                                         if (ep->desc.bEndpointAddress & USB_DIR_IN)
 937                                                 isoc_in_ep  = ep;
 938                                         else
 939                                                 isoc_out_ep = ep;
 940                                         break;
 941                                 }
 942                         }
 943                 }
 944
 945                 if (!isoc_in_ep || !isoc_out_ep)
 946                         BT_DBG("Isoc endpoints not found");
 947                 else {
 948                         BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
 949                         if (usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb) != 0)
 950                                 BT_ERR("Can't claim isoc interface");
 951                         else if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
 952                                 BT_ERR("Can't set isoc interface settings");
 953                                 husb->isoc_iface = isoc_iface;
 954                                 usb_driver_release_interface(&hci_usb_driver, isoc_iface);
 955                                 husb->isoc_iface = NULL;
 956                         } else {
 957                                 husb->isoc_iface  = isoc_iface;
 958                                 husb->isoc_in_ep  = isoc_in_ep;
 959                                 husb->isoc_out_ep = isoc_out_ep;
 960                         }
 961                 }
 962         }
 963 #endif
 964
 965         rwlock_init(&husb->completion_lock);
 966
 967         for (i = 0; i < 4; i++) {
 968                 skb_queue_head_init(&husb->transmit_q[i]);
 969                 _urb_queue_init(&husb->pending_q[i]);
 970                 _urb_queue_init(&husb->completed_q[i]);
 971         }
 972
 973         /* Initialize and register HCI device */
 974         hdev = hci_alloc_dev();
 975         if (!hdev) {
 976                 BT_ERR("Can't allocate HCI device");
 977                 goto probe_error;
 978         }
 979
 980         husb->hdev = hdev;
 981
 982         hdev->type = HCI_USB;
 983         hdev->driver_data = husb;
 984         SET_HCIDEV_DEV(hdev, &intf->dev);
 985
 986         hdev->open     = hci_usb_open;
 987         hdev->close    = hci_usb_close;
 988         hdev->flush    = hci_usb_flush;
 989         hdev->send     = hci_usb_send_frame;
 990         hdev->destruct = hci_usb_destruct;
 991         hdev->notify   = hci_usb_notify;
 992
 993         hdev->owner = THIS_MODULE;
 994
 995         if (reset || id->driver_info & HCI_RESET)
 996                 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks);
 997
 998         if (force_scofix || id->driver_info & HCI_WRONG_SCO_MTU) {
 999                 if (!disable_scofix)
1000                         set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks);
1001         }
1002
1003         if (id->driver_info & HCI_SNIFFER) {
1004                 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
1005                         set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
1006         }
1007
1008         if (id->driver_info & HCI_BCM92035) {
1009                 unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 };
1010                 struct sk_buff *skb;
1011
1012                 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1013                 if (skb) {
1014                         memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
1015                         skb_queue_tail(&hdev->driver_init, skb);
1016                 }
1017         }
1018
1019         if (hci_register_dev(hdev) < 0) {
1020                 BT_ERR("Can't register HCI device");
1021                 hci_free_dev(hdev);
1022                 goto probe_error;
1023         }
1024
1025         usb_set_intfdata(intf, husb);
1026         return 0;
1027
1028 probe_error:
1029         if (husb->isoc_iface)
1030                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1031         kfree(husb);
1032
1033 done:
1034         return -EIO;
1035 }
1036
1037 static void hci_usb_disconnect(struct usb_interface *intf)
1038 {
1039         struct hci_usb *husb = usb_get_intfdata(intf);
1040         struct hci_dev *hdev;
1041
1042         if (!husb || intf == husb->isoc_iface)
1043                 return;
1044
1045         usb_set_intfdata(intf, NULL);
1046         hdev = husb->hdev;
1047
1048         BT_DBG("%s", hdev->name);
1049
1050         hci_usb_close(hdev);
1051
1052         if (husb->isoc_iface)
1053                 usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
1054
1055         if (hci_unregister_dev(hdev) < 0)
1056                 BT_ERR("Can't unregister HCI device %s", hdev->name);
1057
1058         hci_free_dev(hdev);
1059 }
1060
1061 static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
1062 {
1063         struct hci_usb *husb = usb_get_intfdata(intf);
1064         struct list_head killed;
1065         unsigned long flags;
1066         int i;
1067
1068         if (!husb || intf == husb->isoc_iface)
1069                 return 0;
1070
1071         hci_suspend_dev(husb->hdev);
1072
1073         INIT_LIST_HEAD(&killed);
1074
1075         for (i = 0; i < 4; i++) {
1076                 struct _urb_queue *q = &husb->pending_q[i];
1077                 struct _urb *_urb, *_tmp;
1078
1079                 while ((_urb = _urb_dequeue(q))) {
1080                         /* reset queue since _urb_dequeue sets it to NULL */
1081                         _urb->queue = q;
1082                         usb_kill_urb(&_urb->urb);
1083                         list_add(&_urb->list, &killed);
1084                 }
1085
1086                 spin_lock_irqsave(&q->lock, flags);
1087
1088                 list_for_each_entry_safe(_urb, _tmp, &killed, list) {
1089                         list_move_tail(&_urb->list, &q->head);
1090                 }
1091
1092                 spin_unlock_irqrestore(&q->lock, flags);
1093         }
1094
1095         return 0;
1096 }
1097
1098 static int hci_usb_resume(struct usb_interface *intf)
1099 {
1100         struct hci_usb *husb = usb_get_intfdata(intf);
1101         unsigned long flags;
1102         int i, err = 0;
1103
1104         if (!husb || intf == husb->isoc_iface)
1105                 return 0;
1106
1107         for (i = 0; i < 4; i++) {
1108                 struct _urb_queue *q = &husb->pending_q[i];
1109                 struct _urb *_urb;
1110
1111                 spin_lock_irqsave(&q->lock, flags);
1112
1113                 list_for_each_entry(_urb, &q->head, list) {
1114                         err = usb_submit_urb(&_urb->urb, GFP_ATOMIC);
1115                         if (err)
1116                                 break;
1117                 }
1118
1119                 spin_unlock_irqrestore(&q->lock, flags);
1120
1121                 if (err)
1122                         return -EIO;
1123         }
1124
1125         hci_resume_dev(husb->hdev);
1126
1127         return 0;
1128 }
1129
1130 static struct usb_driver hci_usb_driver = {
1131         .name           = "hci_usb",
1132         .probe          = hci_usb_probe,
1133         .disconnect     = hci_usb_disconnect,
1134         .suspend        = hci_usb_suspend,
1135         .resume         = hci_usb_resume,
1136         .id_table       = bluetooth_ids,
1137 };
1138
1139 static int __init hci_usb_init(void)
1140 {
1141         int err;
1142
1143         BT_INFO("HCI USB driver ver %s", VERSION);
1144
1145         if ((err = usb_register(&hci_usb_driver)) < 0)
1146                 BT_ERR("Failed to register HCI USB driver");
1147
1148         return err;
1149 }
1150
1151 static void __exit hci_usb_exit(void)
1152 {
1153         usb_deregister(&hci_usb_driver);
1154 }
1155
1156 module_init(hci_usb_init);
1157 module_exit(hci_usb_exit);
1158
1159 module_param(ignore, bool, 0644);
1160 MODULE_PARM_DESC(ignore, "Ignore devices from the matching table");
1161
1162 module_param(ignore_dga, bool, 0644);
1163 MODULE_PARM_DESC(ignore_dga, "Ignore devices with id 08fd:0001");
1164
1165 module_param(ignore_csr, bool, 0644);
1166 MODULE_PARM_DESC(ignore_csr, "Ignore devices with id 0a12:0001");
1167
1168 module_param(ignore_sniffer, bool, 0644);
1169 MODULE_PARM_DESC(ignore_sniffer, "Ignore devices with id 0a12:0002");
1170
1171 module_param(disable_scofix, bool, 0644);
1172 MODULE_PARM_DESC(disable_scofix, "Disable fixup of wrong SCO buffer size");
1173
1174 module_param(force_scofix, bool, 0644);
1175 MODULE_PARM_DESC(force_scofix, "Force fixup of wrong SCO buffers size");
1176
1177 module_param(reset, bool, 0644);
1178 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
1179
1180 #ifdef CONFIG_BT_HCIUSB_SCO
1181 module_param(isoc, int, 0644);
1182 MODULE_PARM_DESC(isoc, "Set isochronous transfers for SCO over HCI support");
1183 #endif
1184
1185 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1186 MODULE_DESCRIPTION("Bluetooth HCI USB driver ver " VERSION);
1187 MODULE_VERSION(VERSION);
1188 MODULE_LICENSE("GPL");